aboutsummaryrefslogtreecommitdiffstats
path: root/hs20/server
Commit message (Collapse)AuthorAgeFilesLines
* Fix VERSION_STR printf() calls in case the postfix strings include %Didier Raboud11 days1-1/+1
| | | | | | | Do not use VERSION_STR directly as the format string to printf() since it is possible for that string to contain '%'. Signed-off-by: Didier Raboud <odyx@debian.org>
* Clean up base64_{encode,decode} pointer typesJouni Malinen2019-11-281-3/+2
| | | | | | | | Allow any pointer to be used as source for encoding and use char * as the return value from encoding and input value for decoding to reduce number of type casts needed in the callers. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* HS 2.0 server: Add X-WFA-Hotspot20-Filtering header line to T&CJouni Malinen2019-02-141-12/+18
| | | | | | | | When filtering is successfully disabled at the end of the terms and conditions acceptance sequence, add the "X-WFA-Hotspot20-Filtering: remove" header line to the HTTP response. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* HS 2.0 server: Command line option to fetch the version informationJouni Malinen2019-01-232-1/+15
| | | | | | | This can be used to report automatically generated version strings from the SPP server. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* HS 2.0 server: Alternative subrem updateNode for certificate credentialsJouni Malinen2019-01-222-5/+61
| | | | | | | | | | The new subrem field in the users database can now be used to issue an alternative subscription remediation updateNode for clients using certificate credentials. The data file for this case is similar to the policy update files, but it starts with the managementTreeURI value in the first line. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* HS 2.0 server: Use noMOUpdate in client certificate subremJouni Malinen2019-01-221-19/+23
| | | | | | | | | There is no point in trying to update the Credential node with the existing contents in case of subscription remediation using a client certificate instead of a username/password credential, so use the noMOUpdate in that case. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* HS 2.0 server: Log new username in eventlog for cert reenrollJouni Malinen2019-01-091-0/+5
| | | | | | | | Make it easier to find the new username (and the new serial number from it) when a user entry is renamed at the conclusion of client certificate re-enrollment sequence. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* HS 2.0 server: Allow policy to be set for SIM provisioningJouni Malinen2018-12-161-24/+69
| | | | | | | A new osu_config field "sim_policy" can now be used to specify the policy template for SIM provisioning. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* HS 2.0 server: SIM provisioning exchangeJouni Malinen2018-12-155-6/+264
| | | | | | | | Support SIM provisioning exchange with SPP. This uses the hotspot2dot0-mobile-identifier-hash value from the AAA server to allow subscription registration through subscription remediation exchange. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* HS 2.0 server: RADIUS server support for SIM provisioningJouni Malinen2018-12-151-0/+8
| | | | | | | | | | | | | This adds support for hostapd-as-RADIUS-authentication-server to request subscription remediation for SIM-based credentials. The new hostapd.conf parameter hs20_sim_provisioning_url is used to set the URL prefix for the remediation server for SIM provisioning. The random hotspot2dot0-mobile-identifier-hash value will be added to the end of this URL prefix and the same value is stored in a new SQLite database table sim_provisioning for the subscription server implementation to use. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* HS 2.0 server: Fix couple of memory leaksJouni Malinen2018-12-041-1/+7
| | | | Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* HS 2.0 server: Client certificate reenrollmentJouni Malinen2018-12-043-16/+197
| | | | | | | This adds support for the SPP server to request certificate reenrollment and for the EST server to support the simplereenroll version. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* HS 2.0 server: Document client certificate related Apache configurationJouni Malinen2018-12-031-0/+5
| | | | Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* HS 2.0 server: Clear remediation requirement for certificate credentialsJouni Malinen2018-12-031-2/+48
| | | | | | | | | Previous implementation updated user database only for username/password credentials. While client certificates do not need the updated password to be written, they do need the remediation requirement to be cleared, so fix that. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* HS 2.0 server: Do not set phase2=1 for certificate-based usersJouni Malinen2018-12-031-10/+7
| | | | | | | These are not really using Phase 2, so use more appropriate configuration when going through online signup for client certificates. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* HS 2.0 server: Include phase2=0 users for TLS in the user listJouni Malinen2018-12-031-1/+1
| | | | | | | EAP-TLS users are not really using phase2, so do not require the database to be set in a way that claim that inaccurately. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* HS 2.0: Record policy update into users tableJouni Malinen2018-10-192-1/+5
| | | | | | | This makes it easier to track whether a policy update has been successfully completed. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* HS 2.0: Rename PPS/Credential1 node to Cred01Jouni Malinen2018-10-191-5/+5
| | | | | | | | This makes it a bit easier to use existing hardcoded PPS MO files for testing purposes when the subscription remediation and policy update operations target the same path. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* HS 2.0: Fix SubscriptionUpdate UpdateMethod value in OSU serverJouni Malinen2018-10-191-1/+1
| | | | | | | This node was modified long time ago to include "SPP-" prefix. Fix the OSU server implementation to use the correct value. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* HS 2.0: OSU server test functionality for incorrect behavior (policy)Jouni Malinen2018-10-191-1/+18
| | | | | | | | Extend test=<value> special incorrect behavior testing capabilities in the OSU server to include the fingerprint of the policy update trust root: test=corrupt_polupd_hash. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* HS 2.0: OSU server test functionality for incorrect behaviorJouni Malinen2018-10-176-12/+74
| | | | | | | | | | | | | Add a mechanism to allow special incorrect behavior to be requested from OSU server by adding an optional parameter test=<value> to the initial signup URL. This is for protocol testing purposes for the OSU client. This commit adds two special behavior cases: corrupt_aaa_hash and corrupt_subrem_hash. These can be used to generate PPS MO with invalid CertSHA256Fingerprint values for AAAServerTrustRoot and SubscriptionUpdate nodes. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* HS 2.0 server: Subscription remediation with user selected new passwordJouni Malinen2018-10-113-12/+107
| | | | | | | | Add support for user remediation to request a new password from the user for username/password credentials that have been configured not use use machine managed password. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* HS 2.0 server: Show whether credential is machine managedJouni Malinen2018-10-111-0/+3
| | | | Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* HS 2.0 server: Make user list more readableJouni Malinen2018-10-111-8/+8
| | | | | | | Order the rows based on identity and use a bit smaller font for some of the fields to make the table fit on the screen more easily. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* HS 2.0 server: Clarify signup page optionsJouni Malinen2018-10-111-0/+8
| | | | | | | Make it clearer that there are three different types of credentials that can be provisioned. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* HS 2.0 server: Do not perform subrem if not requested toJouni Malinen2018-10-111-1/+3
| | | | | | | Instead of defaulting to machine remediation, reject a request to do subscription remediation if that has not been configured to be required. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* HS 2.0 server: Add last_msk into users table setupJouni Malinen2018-10-071-1/+2
| | | | | | This field is used for debugging purposes. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* HS 2.0 server: Store device MAC address into databaseJouni Malinen2018-09-153-21/+93
| | | | | | This is needed for tracking status of certificate enrollment cases. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* HS 2.0: Fix T&C server database checkJouni Malinen2018-09-121-2/+4
| | | | | | | | | It was possible for the wait loop to exit early due to the $row[0] == 1 check returning false if the database value was not yet set. Fix this by updated the $waiting default value only if the database actually has a value for this field. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* HS 2.0 server: Replace deprecated PHP function split()Jouni Malinen2018-09-101-1/+1
| | | | | | | Use explode() instead of split() because split() has been removed from PHP 7.0.0 and there is no need for using full regular expression here. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* HS 2.0: CoA-Request from Terms and Conditions serverJouni Malinen2018-06-223-0/+41
| | | | | | | | | | | This extends the terms.php implementation of Hotspot 2.0 Terms and Conditions server to allow it to interact with hostapd(AS) to clear the filtering rules from the AP. After requesting hostapd to send out the CoA-Request, terms.php waits for up to 10 seconds to see whether the current_sessions table gets an update to indicate that filtering has been successfully disabled. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* HS 2.0: Terms and Conditions server and managementJouni Malinen2018-04-304-1/+70
| | | | | | | Add minimal Terms and Conditions server for testing purposes. This can be used to test user interaction for Terms and Conditions acceptance. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* HS 2.0: Update server SQL DB initialization to cover new fieldsJouni Malinen2018-04-301-1/+15
| | | | Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* HS 2.0: Update server instructions for Ubuntu 16.04Jouni Malinen2018-04-301-10/+4
| | | | | | Some of the Ubuntu package names have changed for PHP. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* OSU server: Remove invalid options from documentationMasashi Honma2017-02-111-2/+2
| | | | | | Remove -d and -I options which causes "Illegal option" error. Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
* HS 2.0 server: Remove redundant NULL checkManeesh Jain2016-10-281-4/+2
| | | | | | | Both devinfo and devdetail are non-NULL here due to the earlier check within the same function. Signed-off-by: Maneesh Jain <maneesh.jain@samsung.com>
* HS 2.0R2: No longer use HTTP_RAW_POST_DATACedric Izoard2016-06-191-1/+2
| | | | | | As HTTP_RAW_POST_DATA is deprecated, use php://input instead. Signed-off-by: Cedric Izoard <cedric.izoard@ceva-dsp.com>
* HS 2.0: Fix hs20_spp_server compile errorBen Greear2015-05-271-0/+1
| | | | | | Need to add a new -I path to get it to compile. Signed-off-by: Ben Greear <greearb@candelatech.com>
* HS 2.0R2 CA: Improve setup.sh and .conf for more flexibilityBen Greear2015-04-015-30/+178
| | | | | | | | | This gives more flexibility when generating keys so that users do not have to edit files to generate their own specific keys. Update HS 2.0 OSU server notes as well. Signed-off-by: Ben Greear <greearb@candelatech.com>
* OSU server: Improve logging for SPP schema validation failuresBen Greear2015-03-281-1/+3
| | | | Signed-off-by: Ben Greear <greearb@candelatech.com>
* OSU server: Print out signup ID if there is some problem with itBen Greear2015-03-281-1/+1
| | | | Signed-off-by: Ben Greear <greearb@candelatech.com>
* HS 2.0R2: Add password to DB in case of machine managed subscriptionSreenath S2015-02-011-0/+27
| | | | | | | | | | | | Add password and machine_managed flag to database in case of machine managed subscription to fix EAP-TTLS connection failure to production AP. In case of user managed subscription, the entered password is added to DB from the PHP script. However in machine managed subscription, machine generated password is added only in SOAP messages and PPS MO. So connection to production will fail as the generated password is not present in the database used by AAA server. Signed-off-by: Sreenath Sharma <sreenath.mailing.lists@gmail.com>
* HS 2.0 SPP server: Fix aaa_trust_root_cert_url example to use DERJouni Malinen2014-04-111-1/+1
| | | | | | The trust roots in the PPS MO point to a DER encoded X.509 certificate. Signed-off-by: Jouni Malinen <j@w1.fi>
* OSU server: Add example scripts for Hotspot 2.0 PKIJouni Malinen2014-03-3112-0/+515
| | | | | | | These can be used to generate certificates for developer testing of the OSU protocol. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* HS 2.0R2: Add example OSU SPP server implementationJouni Malinen2014-03-3119-0/+3760
This is meant mainly for testing purposes and as a reference implementation showing how OSU SPP server could be implemented. This is not suitable for any real production use in its current form. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>