mirror of
https://github.com/vanhoefm/fragattacks.git
synced 2024-11-25 00:38:24 -05:00
HS 2.0 server: Use noMOUpdate in client certificate subrem
There is no point in trying to update the Credential node with the existing contents in case of subscription remediation using a client certificate instead of a username/password credential, so use the noMOUpdate in that case. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
This commit is contained in:
parent
13a200a92a
commit
d97cf2a117
@ -799,30 +799,32 @@ static xml_node_t * build_sub_rem_resp(struct hs20_svc *ctx,
|
||||
xml_node_t *spp_node, *cred;
|
||||
char buf[400];
|
||||
char new_pw[33];
|
||||
char *real_user = NULL;
|
||||
char *status;
|
||||
char *cert;
|
||||
|
||||
if (dmacc) {
|
||||
real_user = db_get_val(ctx, user, realm, "identity", dmacc);
|
||||
if (real_user == NULL) {
|
||||
debug_print(ctx, 1, "Could not find user identity for "
|
||||
"dmacc user '%s'", user);
|
||||
return NULL;
|
||||
}
|
||||
}
|
||||
|
||||
cert = db_get_val(ctx, user, realm, "cert", dmacc);
|
||||
if (cert && cert[0] == '\0') {
|
||||
os_free(cert);
|
||||
cert = NULL;
|
||||
}
|
||||
if (cert) {
|
||||
cred = build_credential_cert(ctx, real_user ? real_user : user,
|
||||
realm, cert);
|
||||
/* No change needed in PPS MO */
|
||||
cred = NULL;
|
||||
} else {
|
||||
char *real_user = NULL;
|
||||
char *pw;
|
||||
|
||||
if (dmacc) {
|
||||
real_user = db_get_val(ctx, user, realm, "identity",
|
||||
dmacc);
|
||||
if (!real_user) {
|
||||
debug_print(ctx, 1,
|
||||
"Could not find user identity for dmacc user '%s'",
|
||||
user);
|
||||
return NULL;
|
||||
}
|
||||
}
|
||||
|
||||
pw = db_get_session_val(ctx, user, realm, session_id,
|
||||
"password");
|
||||
if (pw && pw[0]) {
|
||||
@ -838,12 +840,13 @@ static xml_node_t * build_sub_rem_resp(struct hs20_svc *ctx,
|
||||
real_user ? real_user : user,
|
||||
realm, new_pw, sizeof(new_pw));
|
||||
}
|
||||
}
|
||||
free(real_user);
|
||||
if (!cred) {
|
||||
debug_print(ctx, 1, "Could not build credential");
|
||||
os_free(cert);
|
||||
return NULL;
|
||||
|
||||
free(real_user);
|
||||
if (!cred) {
|
||||
debug_print(ctx, 1, "Could not build credential");
|
||||
os_free(cert);
|
||||
return NULL;
|
||||
}
|
||||
}
|
||||
|
||||
status = "Remediation complete, request sppUpdateResponse";
|
||||
@ -859,7 +862,8 @@ static xml_node_t * build_sub_rem_resp(struct hs20_svc *ctx,
|
||||
"./Wi-Fi/%s/PerProviderSubscription/Cred01/Credential",
|
||||
realm);
|
||||
|
||||
if (add_update_node(ctx, spp_node, ns, buf, cred) < 0) {
|
||||
if ((cred && add_update_node(ctx, spp_node, ns, buf, cred) < 0) ||
|
||||
(!cred && !xml_node_create(ctx->xml, spp_node, ns, "noMOUpdate"))) {
|
||||
debug_print(ctx, 1, "Could not add update node");
|
||||
xml_node_free(ctx->xml, spp_node);
|
||||
os_free(cert);
|
||||
|
Loading…
Reference in New Issue
Block a user