Previous implementation updated user database only for username/password
credentials. While client certificates do not need the updated password
to be written, they do need the remediation requirement to be cleared,
so fix that.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
These are not really using Phase 2, so use more appropriate
configuration when going through online signup for client certificates.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
EAP-TLS users are not really using phase2, so do not require the
database to be set in a way that claim that inaccurately.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
This makes it a bit easier to use existing hardcoded PPS MO files for
testing purposes when the subscription remediation and policy update
operations target the same path.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
This node was modified long time ago to include "SPP-" prefix. Fix the
OSU server implementation to use the correct value.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Extend test=<value> special incorrect behavior testing capabilities in
the OSU server to include the fingerprint of the policy update trust
root: test=corrupt_polupd_hash.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Add a mechanism to allow special incorrect behavior to be requested from
OSU server by adding an optional parameter test=<value> to the initial
signup URL. This is for protocol testing purposes for the OSU client.
This commit adds two special behavior cases: corrupt_aaa_hash and
corrupt_subrem_hash. These can be used to generate PPS MO with invalid
CertSHA256Fingerprint values for AAAServerTrustRoot and
SubscriptionUpdate nodes.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Add support for user remediation to request a new password from the user
for username/password credentials that have been configured not use use
machine managed password.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Order the rows based on identity and use a bit smaller font for some of
the fields to make the table fit on the screen more easily.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Instead of defaulting to machine remediation, reject a request to do
subscription remediation if that has not been configured to be required.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
It was possible for the wait loop to exit early due to the $row[0] == 1
check returning false if the database value was not yet set. Fix this by
updated the $waiting default value only if the database actually has a
value for this field.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Use explode() instead of split() because split() has been removed from
PHP 7.0.0 and there is no need for using full regular expression here.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
This extends the terms.php implementation of Hotspot 2.0 Terms and
Conditions server to allow it to interact with hostapd(AS) to clear the
filtering rules from the AP. After requesting hostapd to send out the
CoA-Request, terms.php waits for up to 10 seconds to see whether the
current_sessions table gets an update to indicate that filtering has
been successfully disabled.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Add minimal Terms and Conditions server for testing purposes. This can
be used to test user interaction for Terms and Conditions acceptance.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
This gives more flexibility when generating keys so that users do not
have to edit files to generate their own specific keys.
Update HS 2.0 OSU server notes as well.
Signed-off-by: Ben Greear <greearb@candelatech.com>
Add password and machine_managed flag to database in case of machine
managed subscription to fix EAP-TTLS connection failure to production
AP. In case of user managed subscription, the entered password is added
to DB from the PHP script. However in machine managed subscription,
machine generated password is added only in SOAP messages and PPS MO. So
connection to production will fail as the generated password is not
present in the database used by AAA server.
Signed-off-by: Sreenath Sharma <sreenath.mailing.lists@gmail.com>
This is meant mainly for testing purposes and as a reference
implementation showing how OSU SPP server could be implemented. This is
not suitable for any real production use in its current form.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>