jeltz/hostap
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

HS 2.0 server: Use noMOUpdate in client certificate subrem

Browse source 
There is no point in trying to update the Credential node with the
existing contents in case of subscription remediation using a client
certificate instead of a username/password credential, so use the
noMOUpdate in that case.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
This commit is contained in:
Jouni Malinen 2019-01-22 23:31:06 +02:00 committed by Jouni Malinen
parent 13a200a92a
commit d97cf2a117
1 changed files with 23 additions and 19 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

42
hs20/server/spp_server.c
View file

@ -799,30 +799,32 @@ static xml_node_t * build_sub_rem_resp(struct hs20_svc *ctx,
xml_node_t *spp_node, *cred; xml_node_t *spp_node, *cred;
char buf[400]; char buf[400];
char new_pw[33]; char new_pw[33];
char *real_user = NULL;
char *status; char *status;
char *cert; char *cert;
if (dmacc) {
real_user = db_get_val(ctx, user, realm, "identity", dmacc);
if (real_user == NULL) {
debug_print(ctx, 1, "Could not find user identity for "
"dmacc user '%s'", user);
return NULL;
}
}
cert = db_get_val(ctx, user, realm, "cert", dmacc); cert = db_get_val(ctx, user, realm, "cert", dmacc);
if (cert && cert[0] == '\0') { if (cert && cert[0] == '\0') {
os_free(cert); os_free(cert);
cert = NULL; cert = NULL;
} }
if (cert) { if (cert) {
cred = build_credential_cert(ctx, real_user ? real_user : user, /* No change needed in PPS MO */
realm, cert); cred = NULL;
} else { } else {
char *real_user = NULL;
char *pw; char *pw;
if (dmacc) {
real_user = db_get_val(ctx, user, realm, "identity",
dmacc);
if (!real_user) {
debug_print(ctx, 1,
"Could not find user identity for dmacc user '%s'",
user);
return NULL;
}
}
pw = db_get_session_val(ctx, user, realm, session_id, pw = db_get_session_val(ctx, user, realm, session_id,
"password"); "password");
if (pw && pw[0]) { if (pw && pw[0]) {
@ -838,12 +840,13 @@ static xml_node_t * build_sub_rem_resp(struct hs20_svc *ctx,
real_user ? real_user : user, real_user ? real_user : user,
realm, new_pw, sizeof(new_pw)); realm, new_pw, sizeof(new_pw));
} }
}
free(real_user); free(real_user);
if (!cred) { if (!cred) {
debug_print(ctx, 1, "Could not build credential"); debug_print(ctx, 1, "Could not build credential");
os_free(cert); os_free(cert);
return NULL; return NULL;
}
} }
status = "Remediation complete, request sppUpdateResponse"; status = "Remediation complete, request sppUpdateResponse";
@ -859,7 +862,8 @@ static xml_node_t * build_sub_rem_resp(struct hs20_svc *ctx,
"./Wi-Fi/%s/PerProviderSubscription/Cred01/Credential", "./Wi-Fi/%s/PerProviderSubscription/Cred01/Credential",
realm); realm);
if (add_update_node(ctx, spp_node, ns, buf, cred) < 0) { if ((cred && add_update_node(ctx, spp_node, ns, buf, cred) < 0) ||
(!cred && !xml_node_create(ctx->xml, spp_node, ns, "noMOUpdate"))) {
debug_print(ctx, 1, "Could not add update node"); debug_print(ctx, 1, "Could not add update node");
xml_node_free(ctx->xml, spp_node); xml_node_free(ctx->xml, spp_node);
os_free(cert); os_free(cert);