HS 2.0 server: Alternative subrem updateNode for certificate credentials
The new subrem field in the users database can now be used to issue an alternative subscription remediation updateNode for clients using certificate credentials. The data file for this case is similar to the policy update files, but it starts with the managementTreeURI value in the first line. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
This commit is contained in:
parent
d97cf2a117
commit
2d1762fa4a
2 changed files with 61 additions and 5 deletions
|
@ -790,6 +790,45 @@ static int add_update_node(struct hs20_svc *ctx, xml_node_t *spp_node,
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
static xml_node_t * read_subrem_file(struct hs20_svc *ctx,
|
||||||
|
const char *subrem_id,
|
||||||
|
char *uri, size_t uri_size)
|
||||||
|
{
|
||||||
|
char fname[200];
|
||||||
|
char *buf, *buf2, *pos;
|
||||||
|
size_t len;
|
||||||
|
xml_node_t *node;
|
||||||
|
|
||||||
|
os_snprintf(fname, sizeof(fname), "%s/spp/subrem/%s",
|
||||||
|
ctx->root_dir, subrem_id);
|
||||||
|
debug_print(ctx, 1, "Use subrem file %s", fname);
|
||||||
|
|
||||||
|
buf = os_readfile(fname, &len);
|
||||||
|
if (!buf)
|
||||||
|
return NULL;
|
||||||
|
buf2 = os_realloc(buf, len + 1);
|
||||||
|
if (!buf2) {
|
||||||
|
os_free(buf);
|
||||||
|
return NULL;
|
||||||
|
}
|
||||||
|
buf = buf2;
|
||||||
|
buf[len] = '\0';
|
||||||
|
|
||||||
|
pos = os_strchr(buf, '\n');
|
||||||
|
if (!pos) {
|
||||||
|
os_free(buf);
|
||||||
|
return NULL;
|
||||||
|
}
|
||||||
|
*pos++ = '\0';
|
||||||
|
os_strlcpy(uri, buf, uri_size);
|
||||||
|
|
||||||
|
node = xml_node_from_buf(ctx->xml, pos);
|
||||||
|
os_free(buf);
|
||||||
|
|
||||||
|
return node;
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
static xml_node_t * build_sub_rem_resp(struct hs20_svc *ctx,
|
static xml_node_t * build_sub_rem_resp(struct hs20_svc *ctx,
|
||||||
const char *user, const char *realm,
|
const char *user, const char *realm,
|
||||||
const char *session_id,
|
const char *session_id,
|
||||||
|
@ -808,8 +847,24 @@ static xml_node_t * build_sub_rem_resp(struct hs20_svc *ctx,
|
||||||
cert = NULL;
|
cert = NULL;
|
||||||
}
|
}
|
||||||
if (cert) {
|
if (cert) {
|
||||||
/* No change needed in PPS MO */
|
char *subrem;
|
||||||
|
|
||||||
|
/* No change needed in PPS MO unless specifically asked to */
|
||||||
cred = NULL;
|
cred = NULL;
|
||||||
|
buf[0] = '\0';
|
||||||
|
|
||||||
|
subrem = db_get_val(ctx, user, realm, "subrem", dmacc);
|
||||||
|
if (subrem && subrem[0]) {
|
||||||
|
cred = read_subrem_file(ctx, subrem, buf, sizeof(buf));
|
||||||
|
if (!cred) {
|
||||||
|
debug_print(ctx, 1,
|
||||||
|
"Could not create updateNode from subrem file");
|
||||||
|
os_free(subrem);
|
||||||
|
os_free(cert);
|
||||||
|
return NULL;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
os_free(subrem);
|
||||||
} else {
|
} else {
|
||||||
char *real_user = NULL;
|
char *real_user = NULL;
|
||||||
char *pw;
|
char *pw;
|
||||||
|
@ -847,6 +902,10 @@ static xml_node_t * build_sub_rem_resp(struct hs20_svc *ctx,
|
||||||
os_free(cert);
|
os_free(cert);
|
||||||
return NULL;
|
return NULL;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
snprintf(buf, sizeof(buf),
|
||||||
|
"./Wi-Fi/%s/PerProviderSubscription/Cred01/Credential",
|
||||||
|
realm);
|
||||||
}
|
}
|
||||||
|
|
||||||
status = "Remediation complete, request sppUpdateResponse";
|
status = "Remediation complete, request sppUpdateResponse";
|
||||||
|
@ -858,10 +917,6 @@ static xml_node_t * build_sub_rem_resp(struct hs20_svc *ctx,
|
||||||
return NULL;
|
return NULL;
|
||||||
}
|
}
|
||||||
|
|
||||||
snprintf(buf, sizeof(buf),
|
|
||||||
"./Wi-Fi/%s/PerProviderSubscription/Cred01/Credential",
|
|
||||||
realm);
|
|
||||||
|
|
||||||
if ((cred && add_update_node(ctx, spp_node, ns, buf, cred) < 0) ||
|
if ((cred && add_update_node(ctx, spp_node, ns, buf, cred) < 0) ||
|
||||||
(!cred && !xml_node_create(ctx->xml, spp_node, ns, "noMOUpdate"))) {
|
(!cred && !xml_node_create(ctx->xml, spp_node, ns, "noMOUpdate"))) {
|
||||||
debug_print(ctx, 1, "Could not add update node");
|
debug_print(ctx, 1, "Could not add update node");
|
||||||
|
|
|
@ -61,6 +61,7 @@ CREATE TABLE users(
|
||||||
mac_addr TEXT,
|
mac_addr TEXT,
|
||||||
last_msk TEXT,
|
last_msk TEXT,
|
||||||
polupd_done TEXT,
|
polupd_done TEXT,
|
||||||
|
subrem TEXT
|
||||||
);
|
);
|
||||||
|
|
||||||
CREATE TABLE wildcards(
|
CREATE TABLE wildcards(
|
||||||
|
|
Loading…
Reference in a new issue