Gitiles
Code Review Sign In
gerrit.omnirom.org / android_external_wpa_supplicant_8 / bf6e0baa89b80019dee7ebfbee1fc34581255a19^! / . / hs20 / server / www
commitbf6e0baa89b80019dee7ebfbee1fc34581255a19[log] [tgz]
authorHai Shalom <haishalom@google.com>Mon Feb 11 12:01:50 2019 -0800
committerPeiyong Lin <lpy@google.com>Mon Feb 11 22:30:04 2019 +0000
treefcd62236b41c2ce5b04923ba7a5a0213c8397ead
parent39bc25d3a79c1375de430a7918d949c1a86f70c6 [diff]
Revert "[wpa_supplicant] Cumulative patch from c4e90da6d"

This reverts commit 39bc25d3a79c1375de430a7918d949c1a86f70c6.

Test: Compilation
Change-Id: Iae7670429466958911b5296cb1359bceecc0b03e
Exempt-From-Owner-Approval: Revert since it's breaking the build

diff --git a/hs20/server/www/est.php b/hs20/server/www/est.php
index b7fb260..6983ec9 100644
--- a/hs20/server/www/est.php
+++ b/hs20/server/www/est.php

@@ -10,12 +10,6 @@
 unset($user);
 unset($rowid);
 
-$db = new PDO($osu_db);
-if (!$db) {
-  error_log("EST: Could not access database");
-  die("Could not access database");
-}
-
 if (!empty($_SERVER['PHP_AUTH_DIGEST'])) {
   $needed = array('nonce'=>1, 'nc'=>1, 'cnonce'=>1, 'qop'=>1, 'username'=>1,
 		  'uri'=>1, 'response'=>1);
@@ -37,6 +31,12 @@
     die('Authentication failed');
   }
 
+  $db = new PDO($osu_db);
+  if (!$db) {
+    error_log("EST: Could not access database");
+    die("Could not access database");
+  }
+
   $sql = "SELECT rowid,password,operation FROM sessions " .
     "WHERE user='$user' AND realm='$realm'";
   $q = $db->query($sql);
@@ -70,29 +70,6 @@
     error_log("EST: Incorrect authentication response for user=$user realm=$realm");
     die('Authentication failed');
   }
-} else if (isset($_SERVER["SSL_CLIENT_VERIFY"]) &&
-	   $_SERVER["SSL_CLIENT_VERIFY"] == "SUCCESS" &&
-	   isset($_SERVER["SSL_CLIENT_M_SERIAL"])) {
-  $user = "cert-" . $_SERVER["SSL_CLIENT_M_SERIAL"];
-  $sql = "SELECT rowid,password,operation FROM sessions " .
-    "WHERE user='$user' AND realm='$realm'";
-  $q = $db->query($sql);
-  if (!$q) {
-    error_log("EST: Session not found for user=$user realm=$realm");
-    die("Session not found");
-  }
-  $row = $q->fetch();
-  if (!$row) {
-    error_log("EST: Session fetch failed for user=$user realm=$realm");
-    die('Session not found');
-  }
-  $rowid = $row['rowid'];
-
-  $oper = $row['operation'];
-  if ($oper != '10') {
-    error_log("EST: Unexpected operation $oper for user=$user realm=$realm");
-    die("Session not found");
-  }
 }
 
 
@@ -115,24 +92,14 @@
   header("Content-Type: application/csrattrs");
   readfile("$osu_root/est/est-attrs.b64");
   error_log("EST: csrattrs");
-} else if ($method == "POST" &&
-           ($cmd == "simpleenroll" || $cmd == "simplereenroll")) {
-  $reenroll = $cmd == "simplereenroll";
-  if (!$reenroll && (!isset($user) || strlen($user) == 0)) {
+} else if ($method == "POST" && $cmd == "simpleenroll") {
+  if (!isset($user) || strlen($user) == 0) {
     header('HTTP/1.1 401 Unauthorized');
     header('WWW-Authenticate: Digest realm="'.$realm.
 	   '",qop="auth",nonce="'.uniqid().'",opaque="'.md5($realm).'"');
     error_log("EST: simpleenroll - require authentication");
     die('Authentication required');
   }
-  if ($reenroll &&
-      (!isset($user) ||
-       !isset($_SERVER["SSL_CLIENT_VERIFY"]) ||
-       $_SERVER["SSL_CLIENT_VERIFY"] != "SUCCESS")) {
-    header('HTTP/1.1 403 Forbidden');
-    error_log("EST: simplereenroll - require certificate authentication");
-    die('Authentication required');
-  }
   if (!isset($_SERVER["CONTENT_TYPE"])) {
     error_log("EST: simpleenroll without Content-Type");
     die("Missing Content-Type");
@@ -200,7 +167,6 @@
   }
   $der = file_get_contents($cert_der);
   $fingerprint = hash("sha256", $der);
-  error_log("EST: sha256(DER cert): $fingerprint");
 
   $pkcs7 = "$cadir/tmp/est-client.pkcs7";
   if (file_exists($pkcs7))

diff --git a/hs20/server/www/spp.php b/hs20/server/www/spp.php
index c56d3d6..f10e5ab 100644
--- a/hs20/server/www/spp.php
+++ b/hs20/server/www/spp.php

@@ -85,40 +85,6 @@
 	   isset($_SERVER["SSL_CLIENT_M_SERIAL"])) {
   $user = "cert-" . $_SERVER["SSL_CLIENT_M_SERIAL"];
   putenv("HS20CERT=yes");
-} else if (isset($_GET["hotspot2dot0-mobile-identifier-hash"])) {
-  $id_hash = $_GET["hotspot2dot0-mobile-identifier-hash"];
-  $id_hash = PREG_REPLACE("/[^0-9a-h]/i", '', $id_hash);
-
-  $db = new PDO($osu_db);
-  if (!$db) {
-    error_log("spp.php - Could not access database");
-    die("Could not access database");
-  }
-
-  $row = $db->query("SELECT * FROM sim_provisioning " .
-		    "WHERE mobile_identifier_hash='$id_hash'")->fetch();
-  if (!$row) {
-    error_log("spp.php - SIM provisioning failed - mobile_identifier_hash not found");
-    die('SIM provisioning failed - mobile_identifier_hash not found');
-  }
-
-  $imsi = $row['imsi'];
-  $mac_addr = $row['mac_addr'];
-  $eap_method = $row['eap_method'];
-
-  $row = $db->query("SELECT COUNT(*) FROM osu_config " .
-		    "WHERE realm='$realm'")->fetch();
-  if (!$row || intval($row[0]) < 1) {
-    error_log("spp.php - SIM provisioning failed - realm $realm not found");
-    die('SIM provisioning failed');
-  }
-
-  error_log("spp.php - SIM provisioning for IMSI $imsi");
-  putenv("HS20SIMPROV=yes");
-  putenv("HS20IMSI=$imsi");
-  putenv("HS20MACADDR=$mac_addr");
-  putenv("HS20EAPMETHOD=$eap_method");
-  putenv("HS20IDHASH=$id_hash");
 } else if (!isset($_SERVER["PATH_INFO"]) ||
 	   $_SERVER["PATH_INFO"] != "/signup") {
   header('HTTP/1.1 401 Unauthorized');

diff --git a/hs20/server/www/users.php b/hs20/server/www/users.php
index 2bd5552..f546de3 100644
--- a/hs20/server/www/users.php
+++ b/hs20/server/www/users.php

@@ -69,9 +69,6 @@
 if ($cmd == 'subrem-add-machine' && $id > 0) {
 	$db->exec("UPDATE users SET remediation='machine' WHERE rowid=$id");
 }
-if ($cmd == 'subrem-add-reenroll' && $id > 0) {
-	$db->exec("UPDATE users SET remediation='reenroll' WHERE rowid=$id");
-}
 if ($cmd == 'subrem-add-policy' && $id > 0) {
 	$db->exec("UPDATE users SET remediation='policy' WHERE rowid=$id");
 }
@@ -175,10 +172,6 @@
 		   $row['rowid'] . "\">add:user</a>]";
 	echo " [<a href=\"users.php?cmd=subrem-add-machine&id=" .
 		   $row['rowid'] . "\">add:machine</a>]";
-	if ($row['methods'] == 'TLS') {
-		echo " [<a href=\"users.php?cmd=subrem-add-reenroll&id=" .
-			   $row['rowid'] . "\">add:reenroll</a>]";
-	}
 	echo " [<a href=\"users.php?cmd=subrem-add-policy&id=" .
 		   $row['rowid'] . "\">add:policy</a>]";
 	echo " [<a href=\"users.php?cmd=subrem-add-free&id=" .
@@ -192,9 +185,6 @@
 } else if ($rem == "free") {
 	echo "Free [<a href=\"users.php?cmd=subrem-clear&id=" .
 		       $row['rowid'] . "\">clear</a>]";
-} else if ($rem == "reenroll") {
-	echo "Reenroll [<a href=\"users.php?cmd=subrem-clear&id=" .
-		       $row['rowid'] . "\">clear</a>]";
 } else  {
 	echo "Machine [<a href=\"users.php?cmd=subrem-clear&id=" .
 			  $row['rowid'] . "\">clear</a>]";
@@ -329,7 +319,7 @@
 echo "<table border=1 cellspacing=0 cellpadding=0>\n";
 echo "<tr><th>User<th>Realm<th><small>Remediation</small><th>Policy<th><small>Account type</small><th><small>Phase 2 method(s)</small><th>DevId<th>MAC Address<th>T&C\n";
 
-$res = $db->query('SELECT rowid,* FROM users WHERE (phase2=1 OR methods=\'TLS\') ORDER BY identity');
+$res = $db->query('SELECT rowid,* FROM users WHERE phase2=1 ORDER BY identity');
 foreach ($res as $row) {
 	echo "<tr><td><a href=\"users.php?id=" . $row['rowid'] . "\"> " .
 	    $row['identity'] . " </a>";
@@ -344,8 +334,6 @@
 		echo "Policy";
 	} else if ($rem == "free") {
 		echo "Free";
-	} else if ($rem == "reenroll") {
-		echo "Reenroll";
 	} else  {
 		echo "Machine";
 	}