mirror of
https://github.com/vanhoefm/fragattacks.git
synced 2024-11-28 18:28:23 -05:00
HS 2.0 server: Do not set phase2=1 for certificate-based users
These are not really using Phase 2, so use more appropriate configuration when going through online signup for client certificates. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
This commit is contained in:
parent
6ff4241797
commit
34341b09b4
@ -290,8 +290,7 @@ static void db_update_mo_str(struct hs20_svc *ctx, const char *user,
|
||||
char *sql;
|
||||
if (user == NULL || realm == NULL || name == NULL)
|
||||
return;
|
||||
sql = sqlite3_mprintf("UPDATE users SET %s=%Q "
|
||||
"WHERE identity=%Q AND realm=%Q AND phase2=1",
|
||||
sql = sqlite3_mprintf("UPDATE users SET %s=%Q WHERE identity=%Q AND realm=%Q AND (phase2=1 OR methods='TLS')",
|
||||
name, str, user, realm);
|
||||
if (sql == NULL)
|
||||
return;
|
||||
@ -413,8 +412,7 @@ static char * db_get_val(struct hs20_svc *ctx, const char *user,
|
||||
char *cmd;
|
||||
struct get_db_field_data data;
|
||||
|
||||
cmd = sqlite3_mprintf("SELECT %s FROM users WHERE "
|
||||
"%s=%Q AND realm=%Q AND phase2=1",
|
||||
cmd = sqlite3_mprintf("SELECT %s FROM users WHERE %s=%Q AND realm=%Q AND (phase2=1 OR methods='TLS')",
|
||||
field, dmacc ? "osu_user" : "identity",
|
||||
user, realm);
|
||||
if (cmd == NULL)
|
||||
@ -443,8 +441,7 @@ static int db_update_val(struct hs20_svc *ctx, const char *user,
|
||||
char *cmd;
|
||||
int ret;
|
||||
|
||||
cmd = sqlite3_mprintf("UPDATE users SET %s=%Q WHERE "
|
||||
"%s=%Q AND realm=%Q AND phase2=1",
|
||||
cmd = sqlite3_mprintf("UPDATE users SET %s=%Q WHERE %s=%Q AND realm=%Q AND (phase2=1 OR methods='TLS')",
|
||||
field, val, dmacc ? "osu_user" : "identity", user,
|
||||
realm);
|
||||
if (cmd == NULL)
|
||||
@ -2065,8 +2062,9 @@ static int add_subscription(struct hs20_svc *ctx, const char *session_id)
|
||||
|
||||
str = db_get_session_val(ctx, NULL, NULL, session_id, "mac_addr");
|
||||
|
||||
sql = sqlite3_mprintf("INSERT INTO users(identity,realm,phase2,methods,cert,cert_pem,machine_managed,mac_addr) VALUES (%Q,%Q,1,%Q,%Q,%Q,%d,%Q)",
|
||||
user, realm, cert ? "TLS" : "TTLS-MSCHAPV2",
|
||||
sql = sqlite3_mprintf("INSERT INTO users(identity,realm,phase2,methods,cert,cert_pem,machine_managed,mac_addr) VALUES (%Q,%Q,%d,%Q,%Q,%Q,%d,%Q)",
|
||||
user, realm, cert ? 0 : 1,
|
||||
cert ? "TLS" : "TTLS-MSCHAPV2",
|
||||
fingerprint ? fingerprint : "",
|
||||
cert_pem ? cert_pem : "",
|
||||
pw_mm && atoi(pw_mm) ? 1 : 0,
|
||||
@ -2088,8 +2086,7 @@ static int add_subscription(struct hs20_svc *ctx, const char *session_id)
|
||||
else
|
||||
ret = update_password(ctx, user, realm, pw, 0);
|
||||
if (ret < 0) {
|
||||
sql = sqlite3_mprintf("DELETE FROM users WHERE identity=%Q AND "
|
||||
"realm=%Q AND phase2=1",
|
||||
sql = sqlite3_mprintf("DELETE FROM users WHERE identity=%Q AND realm=%Q AND (phase2=1 OR methods='TLS')",
|
||||
user, realm);
|
||||
if (sql) {
|
||||
debug_print(ctx, 1, "DB: %s", sql);
|
||||
|
Loading…
Reference in New Issue
Block a user