mirror of
https://github.com/vanhoefm/fragattacks.git
synced 2024-11-25 00:38:24 -05:00
HS 2.0 server: Clear remediation requirement for certificate credentials
Previous implementation updated user database only for username/password credentials. While client certificates do not need the updated password to be written, they do need the remediation requirement to be cleared, so fix that. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
This commit is contained in:
parent
34341b09b4
commit
2166651b0c
@ -41,6 +41,7 @@ enum hs20_session_operation {
|
||||
POLICY_REMEDIATION,
|
||||
POLICY_UPDATE,
|
||||
FREE_REMEDIATION,
|
||||
CLEAR_REMEDIATION,
|
||||
};
|
||||
|
||||
|
||||
@ -521,6 +522,27 @@ static int update_password(struct hs20_svc *ctx, const char *user,
|
||||
}
|
||||
|
||||
|
||||
static int clear_remediation(struct hs20_svc *ctx, const char *user,
|
||||
const char *realm, int dmacc)
|
||||
{
|
||||
char *cmd;
|
||||
|
||||
cmd = sqlite3_mprintf("UPDATE users SET remediation='' WHERE %s=%Q",
|
||||
dmacc ? "osu_user" : "identity",
|
||||
user);
|
||||
if (cmd == NULL)
|
||||
return -1;
|
||||
debug_print(ctx, 1, "DB: %s", cmd);
|
||||
if (sqlite3_exec(ctx->db, cmd, NULL, NULL, NULL) != SQLITE_OK) {
|
||||
debug_print(ctx, 1, "Failed to update database for user '%s'",
|
||||
user);
|
||||
}
|
||||
sqlite3_free(cmd);
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
|
||||
static int add_eap_ttls(struct hs20_svc *ctx, xml_node_t *parent)
|
||||
{
|
||||
xml_node_t *node;
|
||||
@ -780,8 +802,9 @@ static xml_node_t * build_sub_rem_resp(struct hs20_svc *ctx,
|
||||
xml_node_free(ctx->xml, cred);
|
||||
|
||||
if (cert) {
|
||||
debug_print(ctx, 1, "Certificate credential - no need for DB "
|
||||
"password update on success notification");
|
||||
debug_print(ctx, 1, "Request DB remediation clearing on success notification (certificate credential)");
|
||||
db_add_session(ctx, user, realm, session_id, NULL, NULL,
|
||||
CLEAR_REMEDIATION, NULL);
|
||||
} else {
|
||||
debug_print(ctx, 1, "Request DB password update on success "
|
||||
"notification");
|
||||
@ -2236,6 +2259,29 @@ static xml_node_t * hs20_spp_update_response(struct hs20_svc *ctx,
|
||||
session_id, "Updated user password "
|
||||
"in database", NULL);
|
||||
}
|
||||
if (oper == CLEAR_REMEDIATION) {
|
||||
debug_print(ctx, 1,
|
||||
"Clear remediation requirement for user '%s' in DB",
|
||||
user);
|
||||
if (clear_remediation(ctx, user, realm, dmacc) < 0) {
|
||||
debug_print(ctx, 1,
|
||||
"Failed to clear remediation requirement for user '%s' in DB",
|
||||
user);
|
||||
ret = build_spp_exchange_complete(
|
||||
ctx, session_id, "Error occurred",
|
||||
"Other");
|
||||
hs20_eventlog_node(ctx, user, realm,
|
||||
session_id,
|
||||
"Failed to update database",
|
||||
ret);
|
||||
db_remove_session(ctx, user, realm, session_id);
|
||||
return ret;
|
||||
}
|
||||
hs20_eventlog(ctx, user, realm,
|
||||
session_id,
|
||||
"Cleared remediation requirement in database",
|
||||
NULL);
|
||||
}
|
||||
if (oper == SUBSCRIPTION_REGISTRATION) {
|
||||
if (add_subscription(ctx, session_id) < 0) {
|
||||
debug_print(ctx, 1, "Failed to add "
|
||||
|
Loading…
Reference in New Issue
Block a user