mirror of
https://github.com/vanhoefm/fragattacks.git
synced 2024-11-25 00:38:24 -05:00
HS 2.0R2: Configure OSU client trust root more consistently
Some of the code paths could have ended up ignoring CA file name from command line due to overly complex way of setting ctx->ca_fname. Configure this more consistently in osu_client.c as soon as the CA file name has been determined. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This commit is contained in:
parent
4d65deda7f
commit
40bdceac88
@ -1,6 +1,6 @@
|
||||
/*
|
||||
* Hotspot 2.0 - OMA DM client
|
||||
* Copyright (c) 2013, Qualcomm Atheros, Inc.
|
||||
* Copyright (c) 2013-2014, Qualcomm Atheros, Inc.
|
||||
*
|
||||
* This software may be distributed under the terms of the BSD license.
|
||||
* See README for more details.
|
||||
@ -909,7 +909,7 @@ static int oma_dm_get_cmdid(struct hs20_osu_client *ctx, xml_node_t *node)
|
||||
|
||||
static xml_node_t * oma_dm_send_recv(struct hs20_osu_client *ctx,
|
||||
const char *url, xml_node_t *syncml,
|
||||
const char *ext_hdr, const char *ca_fname,
|
||||
const char *ext_hdr,
|
||||
const char *username, const char *password,
|
||||
const char *client_cert,
|
||||
const char *client_key)
|
||||
@ -928,7 +928,7 @@ static xml_node_t * oma_dm_send_recv(struct hs20_osu_client *ctx,
|
||||
os_free(ctx->server_url);
|
||||
ctx->server_url = os_strdup(url);
|
||||
res = http_post(ctx->http, url, str, "application/vnd.syncml.dm+xml",
|
||||
ext_hdr, ca_fname, username, password,
|
||||
ext_hdr, ctx->ca_fname, username, password,
|
||||
client_cert, client_key, NULL);
|
||||
os_free(str);
|
||||
os_free(resp_uri);
|
||||
@ -1123,8 +1123,7 @@ static xml_node_t * oma_dm_process(struct hs20_osu_client *ctx, const char *url,
|
||||
}
|
||||
|
||||
|
||||
int cmd_oma_dm_prov(struct hs20_osu_client *ctx, const char *url,
|
||||
const char *ca_fname)
|
||||
int cmd_oma_dm_prov(struct hs20_osu_client *ctx, const char *url)
|
||||
{
|
||||
xml_node_t *syncml, *resp;
|
||||
char *resp_uri = NULL;
|
||||
@ -1145,8 +1144,7 @@ int cmd_oma_dm_prov(struct hs20_osu_client *ctx, const char *url,
|
||||
|
||||
while (syncml) {
|
||||
resp = oma_dm_send_recv(ctx, resp_uri ? resp_uri : url,
|
||||
syncml, NULL, ca_fname, NULL, NULL,
|
||||
NULL, NULL);
|
||||
syncml, NULL, NULL, NULL, NULL, NULL);
|
||||
if (resp == NULL)
|
||||
return -1;
|
||||
|
||||
@ -1162,8 +1160,7 @@ int cmd_oma_dm_prov(struct hs20_osu_client *ctx, const char *url,
|
||||
}
|
||||
|
||||
|
||||
int cmd_oma_dm_sim_prov(struct hs20_osu_client *ctx, const char *url,
|
||||
const char *ca_fname)
|
||||
int cmd_oma_dm_sim_prov(struct hs20_osu_client *ctx, const char *url)
|
||||
{
|
||||
xml_node_t *syncml, *resp;
|
||||
char *resp_uri = NULL;
|
||||
@ -1192,8 +1189,7 @@ int cmd_oma_dm_sim_prov(struct hs20_osu_client *ctx, const char *url,
|
||||
|
||||
while (syncml) {
|
||||
resp = oma_dm_send_recv(ctx, resp_uri ? resp_uri : url,
|
||||
syncml, NULL, ca_fname, NULL, NULL,
|
||||
NULL, NULL);
|
||||
syncml, NULL, NULL, NULL, NULL, NULL);
|
||||
if (resp == NULL)
|
||||
return -1;
|
||||
|
||||
@ -1223,7 +1219,7 @@ int cmd_oma_dm_sim_prov(struct hs20_osu_client *ctx, const char *url,
|
||||
|
||||
|
||||
void oma_dm_pol_upd(struct hs20_osu_client *ctx, const char *address,
|
||||
const char *pps_fname, const char *ca_fname,
|
||||
const char *pps_fname,
|
||||
const char *client_cert, const char *client_key,
|
||||
const char *cred_username, const char *cred_password,
|
||||
xml_node_t *pps)
|
||||
@ -1242,7 +1238,7 @@ void oma_dm_pol_upd(struct hs20_osu_client *ctx, const char *address,
|
||||
|
||||
while (syncml) {
|
||||
resp = oma_dm_send_recv(ctx, resp_uri ? resp_uri : address,
|
||||
syncml, NULL, ca_fname, cred_username,
|
||||
syncml, NULL, cred_username,
|
||||
cred_password, client_cert, client_key);
|
||||
if (resp == NULL)
|
||||
return;
|
||||
@ -1270,7 +1266,7 @@ void oma_dm_pol_upd(struct hs20_osu_client *ctx, const char *address,
|
||||
|
||||
|
||||
void oma_dm_sub_rem(struct hs20_osu_client *ctx, const char *address,
|
||||
const char *pps_fname, const char *ca_fname,
|
||||
const char *pps_fname,
|
||||
const char *client_cert, const char *client_key,
|
||||
const char *cred_username, const char *cred_password,
|
||||
xml_node_t *pps)
|
||||
@ -1289,7 +1285,7 @@ void oma_dm_sub_rem(struct hs20_osu_client *ctx, const char *address,
|
||||
|
||||
while (syncml) {
|
||||
resp = oma_dm_send_recv(ctx, resp_uri ? resp_uri : address,
|
||||
syncml, NULL, ca_fname, cred_username,
|
||||
syncml, NULL, cred_username,
|
||||
cred_password, client_cert, client_key);
|
||||
if (resp == NULL)
|
||||
return;
|
||||
|
@ -1,6 +1,6 @@
|
||||
/*
|
||||
* Hotspot 2.0 OSU client
|
||||
* Copyright (c) 2012-2013, Qualcomm Atheros, Inc.
|
||||
* Copyright (c) 2012-2014, Qualcomm Atheros, Inc.
|
||||
*
|
||||
* This software may be distributed under the terms of the BSD license.
|
||||
* See README for more details.
|
||||
@ -1993,7 +1993,7 @@ static struct osu_data * parse_osu_providers(const char *fname, size_t *count)
|
||||
|
||||
|
||||
static int osu_connect(struct hs20_osu_client *ctx, const char *bssid,
|
||||
const char *ssid, const char *url, const char *ca_fname,
|
||||
const char *ssid, const char *url,
|
||||
unsigned int methods, int no_prod_assoc,
|
||||
const char *osu_nai)
|
||||
{
|
||||
@ -2068,9 +2068,9 @@ static int osu_connect(struct hs20_osu_client *ctx, const char *bssid,
|
||||
|
||||
ctx->no_reconnect = 1;
|
||||
if (methods & 0x02)
|
||||
res = cmd_prov(ctx, url, ca_fname);
|
||||
res = cmd_prov(ctx, url);
|
||||
else if (methods & 0x01)
|
||||
res = cmd_oma_dm_prov(ctx, url, ca_fname);
|
||||
res = cmd_oma_dm_prov(ctx, url);
|
||||
|
||||
wpa_printf(MSG_INFO, "Remove OSU network connection");
|
||||
write_summary(ctx, "Remove OSU network connection");
|
||||
@ -2093,7 +2093,7 @@ static int osu_connect(struct hs20_osu_client *ctx, const char *bssid,
|
||||
|
||||
|
||||
static int cmd_osu_select(struct hs20_osu_client *ctx, const char *dir,
|
||||
int connect, const char *ca_fname, int no_prod_assoc,
|
||||
int connect, int no_prod_assoc,
|
||||
const char *friendly_name)
|
||||
{
|
||||
char fname[255];
|
||||
@ -2264,14 +2264,14 @@ selected:
|
||||
|
||||
if (connect == 2) {
|
||||
if (last->methods & 0x02)
|
||||
ret = cmd_prov(ctx, last->url, ca_fname);
|
||||
ret = cmd_prov(ctx, last->url);
|
||||
else if (last->methods & 0x01)
|
||||
ret = cmd_oma_dm_prov(ctx, last->url, ca_fname);
|
||||
ret = cmd_oma_dm_prov(ctx, last->url);
|
||||
else
|
||||
ret = -1;
|
||||
} else if (connect)
|
||||
ret = osu_connect(ctx, last->bssid, last->osu_ssid,
|
||||
last->url, ca_fname, last->methods,
|
||||
last->url, last->methods,
|
||||
no_prod_assoc, last->osu_nai);
|
||||
} else
|
||||
ret = -1;
|
||||
@ -2282,8 +2282,8 @@ selected:
|
||||
}
|
||||
|
||||
|
||||
static int cmd_signup(struct hs20_osu_client *ctx, const char *ca_fname,
|
||||
int no_prod_assoc, const char *friendly_name)
|
||||
static int cmd_signup(struct hs20_osu_client *ctx, int no_prod_assoc,
|
||||
const char *friendly_name)
|
||||
{
|
||||
char dir[255];
|
||||
char fname[300], buf[400];
|
||||
@ -2334,8 +2334,7 @@ static int cmd_signup(struct hs20_osu_client *ctx, const char *ca_fname,
|
||||
}
|
||||
wpa_printf(MSG_INFO, "OSU provider fetch completed");
|
||||
|
||||
return cmd_osu_select(ctx, fname, 1, ca_fname, no_prod_assoc,
|
||||
friendly_name);
|
||||
return cmd_osu_select(ctx, fname, 1, no_prod_assoc, friendly_name);
|
||||
}
|
||||
|
||||
|
||||
@ -2354,8 +2353,6 @@ static void cmd_sub_rem(struct hs20_osu_client *ctx, const char *address,
|
||||
char *client_key = NULL;
|
||||
int spp;
|
||||
|
||||
ctx->ca_fname = ca_fname;
|
||||
|
||||
wpa_printf(MSG_INFO, "Subscription remediation requested with Server URL: %s",
|
||||
address);
|
||||
|
||||
@ -2399,6 +2396,7 @@ static void cmd_sub_rem(struct hs20_osu_client *ctx, const char *address,
|
||||
return;
|
||||
}
|
||||
wpa_printf(MSG_INFO, "Using server trust root: %s", ca_fname);
|
||||
ctx->ca_fname = ca_fname;
|
||||
|
||||
pps = node_from_file(ctx->xml, pps_fname);
|
||||
if (pps == NULL) {
|
||||
@ -2482,11 +2480,11 @@ static void cmd_sub_rem(struct hs20_osu_client *ctx, const char *address,
|
||||
}
|
||||
|
||||
if (spp)
|
||||
spp_sub_rem(ctx, address, pps_fname, ca_fname,
|
||||
spp_sub_rem(ctx, address, pps_fname,
|
||||
client_cert, client_key,
|
||||
cred_username, cred_password, pps);
|
||||
else
|
||||
oma_dm_sub_rem(ctx, address, pps_fname, ca_fname,
|
||||
oma_dm_sub_rem(ctx, address, pps_fname,
|
||||
client_cert, client_key,
|
||||
cred_username, cred_password, pps);
|
||||
|
||||
@ -2555,6 +2553,7 @@ static int cmd_pol_upd(struct hs20_osu_client *ctx, const char *address,
|
||||
return -1;
|
||||
}
|
||||
wpa_printf(MSG_INFO, "Using server trust root: %s", ca_fname);
|
||||
ctx->ca_fname = ca_fname;
|
||||
|
||||
pps = node_from_file(ctx->xml, pps_fname);
|
||||
if (pps == NULL) {
|
||||
@ -2628,11 +2627,11 @@ static int cmd_pol_upd(struct hs20_osu_client *ctx, const char *address,
|
||||
}
|
||||
|
||||
if (spp)
|
||||
spp_pol_upd(ctx, address, pps_fname, ca_fname,
|
||||
spp_pol_upd(ctx, address, pps_fname,
|
||||
client_cert, client_key,
|
||||
cred_username, cred_password, pps);
|
||||
else
|
||||
oma_dm_pol_upd(ctx, address, pps_fname, ca_fname,
|
||||
oma_dm_pol_upd(ctx, address, pps_fname,
|
||||
client_cert, client_key,
|
||||
cred_username, cred_password, pps);
|
||||
|
||||
@ -3077,13 +3076,15 @@ int main(int argc, char *argv[])
|
||||
usage();
|
||||
exit(0);
|
||||
}
|
||||
cmd_prov(&ctx, argv[optind + 1], argv[optind + 2]);
|
||||
ctx.ca_fname = argv[optind + 2];
|
||||
cmd_prov(&ctx, argv[optind + 1]);
|
||||
} else if (strcmp(argv[optind], "sim_prov") == 0) {
|
||||
if (argc - optind < 2) {
|
||||
usage();
|
||||
exit(0);
|
||||
}
|
||||
cmd_sim_prov(&ctx, argv[optind + 1], argv[optind + 2]);
|
||||
ctx.ca_fname = argv[optind + 2];
|
||||
cmd_sim_prov(&ctx, argv[optind + 1]);
|
||||
} else if (strcmp(argv[optind], "dl_osu_ca") == 0) {
|
||||
if (argc - optind < 2) {
|
||||
usage();
|
||||
@ -3107,13 +3108,11 @@ int main(int argc, char *argv[])
|
||||
usage();
|
||||
exit(0);
|
||||
}
|
||||
cmd_osu_select(&ctx, argv[optind + 1], 2,
|
||||
argc > optind + 2 ? argv[optind + 2] : NULL,
|
||||
1, NULL);
|
||||
ctx.ca_fname = argc > optind + 2 ? argv[optind + 2] : NULL;
|
||||
cmd_osu_select(&ctx, argv[optind + 1], 2, 1, NULL);
|
||||
} else if (strcmp(argv[optind], "signup") == 0) {
|
||||
ret = cmd_signup(&ctx,
|
||||
argc > optind + 1 ? argv[optind + 1] : NULL,
|
||||
no_prod_assoc, friendly_name);
|
||||
ctx.ca_fname = argc > optind + 1 ? argv[optind + 1] : NULL;
|
||||
ret = cmd_signup(&ctx, no_prod_assoc, friendly_name);
|
||||
} else if (strcmp(argv[optind], "set_pps") == 0) {
|
||||
if (argc - optind < 2) {
|
||||
usage();
|
||||
@ -3131,14 +3130,15 @@ int main(int argc, char *argv[])
|
||||
usage();
|
||||
exit(0);
|
||||
}
|
||||
cmd_oma_dm_prov(&ctx, argv[optind + 1], argv[optind + 2]);
|
||||
ctx.ca_fname = argv[optind + 2];
|
||||
cmd_oma_dm_prov(&ctx, argv[optind + 1]);
|
||||
} else if (strcmp(argv[optind], "oma_dm_sim_prov") == 0) {
|
||||
if (argc - optind < 2) {
|
||||
usage();
|
||||
exit(0);
|
||||
}
|
||||
if (cmd_oma_dm_sim_prov(&ctx, argv[optind + 1],
|
||||
argv[optind + 2]) < 0) {
|
||||
ctx.ca_fname = argv[optind + 2];
|
||||
if (cmd_oma_dm_sim_prov(&ctx, argv[optind + 1]) < 0) {
|
||||
write_summary(&ctx, "Failed to complete OMA DM SIM provisioning");
|
||||
return -1;
|
||||
}
|
||||
|
@ -1,6 +1,6 @@
|
||||
/*
|
||||
* Hotspot 2.0 - OSU client
|
||||
* Copyright (c) 2013, Qualcomm Atheros, Inc.
|
||||
* Copyright (c) 2013-2014, Qualcomm Atheros, Inc.
|
||||
*
|
||||
* This software may be distributed under the terms of the BSD license.
|
||||
* See README for more details.
|
||||
@ -73,39 +73,35 @@ void cmd_set_pps(struct hs20_osu_client *ctx, const char *pps_fname);
|
||||
/* spp_client.c */
|
||||
|
||||
void spp_sub_rem(struct hs20_osu_client *ctx, const char *address,
|
||||
const char *pps_fname, const char *ca_fname,
|
||||
const char *pps_fname,
|
||||
const char *client_cert, const char *client_key,
|
||||
const char *cred_username, const char *cred_password,
|
||||
xml_node_t *pps);
|
||||
void spp_pol_upd(struct hs20_osu_client *ctx, const char *address,
|
||||
const char *pps_fname, const char *ca_fname,
|
||||
const char *pps_fname,
|
||||
const char *client_cert, const char *client_key,
|
||||
const char *cred_username, const char *cred_password,
|
||||
xml_node_t *pps);
|
||||
int cmd_prov(struct hs20_osu_client *ctx, const char *url,
|
||||
const char *ca_fname);
|
||||
int cmd_sim_prov(struct hs20_osu_client *ctx, const char *url,
|
||||
const char *ca_fname);
|
||||
int cmd_prov(struct hs20_osu_client *ctx, const char *url);
|
||||
int cmd_sim_prov(struct hs20_osu_client *ctx, const char *url);
|
||||
|
||||
|
||||
/* oma_dm_client.c */
|
||||
|
||||
int cmd_oma_dm_prov(struct hs20_osu_client *ctx, const char *url,
|
||||
const char *ca_fname);
|
||||
int cmd_oma_dm_sim_prov(struct hs20_osu_client *ctx, const char *url,
|
||||
const char *ca_fname);
|
||||
int cmd_oma_dm_prov(struct hs20_osu_client *ctx, const char *url);
|
||||
int cmd_oma_dm_sim_prov(struct hs20_osu_client *ctx, const char *url);
|
||||
void oma_dm_sub_rem(struct hs20_osu_client *ctx, const char *address,
|
||||
const char *pps_fname, const char *ca_fname,
|
||||
const char *pps_fname,
|
||||
const char *client_cert, const char *client_key,
|
||||
const char *cred_username, const char *cred_password,
|
||||
xml_node_t *pps);
|
||||
void oma_dm_pol_upd(struct hs20_osu_client *ctx, const char *address,
|
||||
const char *pps_fname, const char *ca_fname,
|
||||
const char *pps_fname,
|
||||
const char *client_cert, const char *client_key,
|
||||
const char *cred_username, const char *cred_password,
|
||||
xml_node_t *pps);
|
||||
void cmd_oma_dm_sub_rem(struct hs20_osu_client *ctx, const char *address,
|
||||
const char *pps_fname, const char *ca_fname);
|
||||
const char *pps_fname);
|
||||
void cmd_oma_dm_add(struct hs20_osu_client *ctx, const char *pps_fname,
|
||||
const char *add_fname);
|
||||
void cmd_oma_dm_replace(struct hs20_osu_client *ctx, const char *pps_fname,
|
||||
|
@ -1,6 +1,6 @@
|
||||
/*
|
||||
* Hotspot 2.0 SPP client
|
||||
* Copyright (c) 2012-2013, Qualcomm Atheros, Inc.
|
||||
* Copyright (c) 2012-2014, Qualcomm Atheros, Inc.
|
||||
*
|
||||
* This software may be distributed under the terms of the BSD license.
|
||||
* See README for more details.
|
||||
@ -776,7 +776,7 @@ static int spp_post_dev_data(struct hs20_osu_client *ctx,
|
||||
|
||||
|
||||
void spp_sub_rem(struct hs20_osu_client *ctx, const char *address,
|
||||
const char *pps_fname, const char *ca_fname,
|
||||
const char *pps_fname,
|
||||
const char *client_cert, const char *client_key,
|
||||
const char *cred_username, const char *cred_password,
|
||||
xml_node_t *pps)
|
||||
@ -787,7 +787,7 @@ void spp_sub_rem(struct hs20_osu_client *ctx, const char *address,
|
||||
os_free(ctx->server_url);
|
||||
ctx->server_url = os_strdup(address);
|
||||
|
||||
if (soap_init_client(ctx->http, address, ca_fname,
|
||||
if (soap_init_client(ctx->http, address, ctx->ca_fname,
|
||||
cred_username, cred_password, client_cert,
|
||||
client_key) == 0) {
|
||||
spp_post_dev_data(ctx, SPP_SUBSCRIPTION_REMEDIATION,
|
||||
@ -923,7 +923,7 @@ static int hs20_spp_update_response(struct hs20_osu_client *ctx,
|
||||
|
||||
|
||||
void spp_pol_upd(struct hs20_osu_client *ctx, const char *address,
|
||||
const char *pps_fname, const char *ca_fname,
|
||||
const char *pps_fname,
|
||||
const char *client_cert, const char *client_key,
|
||||
const char *cred_username, const char *cred_password,
|
||||
xml_node_t *pps)
|
||||
@ -934,7 +934,7 @@ void spp_pol_upd(struct hs20_osu_client *ctx, const char *address,
|
||||
os_free(ctx->server_url);
|
||||
ctx->server_url = os_strdup(address);
|
||||
|
||||
if (soap_init_client(ctx->http, address, ca_fname, cred_username,
|
||||
if (soap_init_client(ctx->http, address, ctx->ca_fname, cred_username,
|
||||
cred_password, client_cert, client_key) == 0) {
|
||||
spp_post_dev_data(ctx, SPP_POLICY_UPDATE, "Policy update",
|
||||
pps_fname, pps);
|
||||
@ -942,14 +942,11 @@ void spp_pol_upd(struct hs20_osu_client *ctx, const char *address,
|
||||
}
|
||||
|
||||
|
||||
int cmd_prov(struct hs20_osu_client *ctx, const char *url,
|
||||
const char *ca_fname)
|
||||
int cmd_prov(struct hs20_osu_client *ctx, const char *url)
|
||||
{
|
||||
unlink("Cert/est_cert.der");
|
||||
unlink("Cert/est_cert.pem");
|
||||
|
||||
ctx->ca_fname = ca_fname;
|
||||
|
||||
if (url == NULL) {
|
||||
wpa_printf(MSG_INFO, "Invalid prov command (missing URL)");
|
||||
return -1;
|
||||
@ -960,8 +957,8 @@ int cmd_prov(struct hs20_osu_client *ctx, const char *url,
|
||||
os_free(ctx->server_url);
|
||||
ctx->server_url = os_strdup(url);
|
||||
|
||||
if (soap_init_client(ctx->http, url, ca_fname, NULL, NULL, NULL, NULL) <
|
||||
0)
|
||||
if (soap_init_client(ctx->http, url, ctx->ca_fname, NULL, NULL, NULL,
|
||||
NULL) < 0)
|
||||
return -1;
|
||||
spp_post_dev_data(ctx, SPP_SUBSCRIPTION_REGISTRATION,
|
||||
"Subscription registration", NULL, NULL);
|
||||
@ -970,11 +967,8 @@ int cmd_prov(struct hs20_osu_client *ctx, const char *url,
|
||||
}
|
||||
|
||||
|
||||
int cmd_sim_prov(struct hs20_osu_client *ctx, const char *url,
|
||||
const char *ca_fname)
|
||||
int cmd_sim_prov(struct hs20_osu_client *ctx, const char *url)
|
||||
{
|
||||
ctx->ca_fname = ca_fname;
|
||||
|
||||
if (url == NULL) {
|
||||
wpa_printf(MSG_INFO, "Invalid prov command (missing URL)");
|
||||
return -1;
|
||||
@ -991,8 +985,8 @@ int cmd_sim_prov(struct hs20_osu_client *ctx, const char *url,
|
||||
wpa_printf(MSG_INFO, "Could not get IP address for WLAN - try connection anyway");
|
||||
}
|
||||
|
||||
if (soap_init_client(ctx->http, url, ca_fname, NULL, NULL, NULL, NULL) <
|
||||
0)
|
||||
if (soap_init_client(ctx->http, url, ctx->ca_fname, NULL, NULL, NULL,
|
||||
NULL) < 0)
|
||||
return -1;
|
||||
spp_post_dev_data(ctx, SPP_SUBSCRIPTION_REGISTRATION,
|
||||
"Subscription provisioning", NULL, NULL);
|
||||
|
Loading…
Reference in New Issue
Block a user