Revert "[wpa_supplicant] Cumulative patch from c4e90da6d"
This reverts commit 39bc25d3a79c1375de430a7918d949c1a86f70c6.
Test: Compilation
Change-Id: Iae7670429466958911b5296cb1359bceecc0b03e
Exempt-From-Owner-Approval: Revert since it's breaking the build
diff --git a/hs20/server/www/est.php b/hs20/server/www/est.php
index b7fb260..6983ec9 100644
--- a/hs20/server/www/est.php
+++ b/hs20/server/www/est.php
@@ -10,12 +10,6 @@
unset($user);
unset($rowid);
-$db = new PDO($osu_db);
-if (!$db) {
- error_log("EST: Could not access database");
- die("Could not access database");
-}
-
if (!empty($_SERVER['PHP_AUTH_DIGEST'])) {
$needed = array('nonce'=>1, 'nc'=>1, 'cnonce'=>1, 'qop'=>1, 'username'=>1,
'uri'=>1, 'response'=>1);
@@ -37,6 +31,12 @@
die('Authentication failed');
}
+ $db = new PDO($osu_db);
+ if (!$db) {
+ error_log("EST: Could not access database");
+ die("Could not access database");
+ }
+
$sql = "SELECT rowid,password,operation FROM sessions " .
"WHERE user='$user' AND realm='$realm'";
$q = $db->query($sql);
@@ -70,29 +70,6 @@
error_log("EST: Incorrect authentication response for user=$user realm=$realm");
die('Authentication failed');
}
-} else if (isset($_SERVER["SSL_CLIENT_VERIFY"]) &&
- $_SERVER["SSL_CLIENT_VERIFY"] == "SUCCESS" &&
- isset($_SERVER["SSL_CLIENT_M_SERIAL"])) {
- $user = "cert-" . $_SERVER["SSL_CLIENT_M_SERIAL"];
- $sql = "SELECT rowid,password,operation FROM sessions " .
- "WHERE user='$user' AND realm='$realm'";
- $q = $db->query($sql);
- if (!$q) {
- error_log("EST: Session not found for user=$user realm=$realm");
- die("Session not found");
- }
- $row = $q->fetch();
- if (!$row) {
- error_log("EST: Session fetch failed for user=$user realm=$realm");
- die('Session not found');
- }
- $rowid = $row['rowid'];
-
- $oper = $row['operation'];
- if ($oper != '10') {
- error_log("EST: Unexpected operation $oper for user=$user realm=$realm");
- die("Session not found");
- }
}
@@ -115,24 +92,14 @@
header("Content-Type: application/csrattrs");
readfile("$osu_root/est/est-attrs.b64");
error_log("EST: csrattrs");
-} else if ($method == "POST" &&
- ($cmd == "simpleenroll" || $cmd == "simplereenroll")) {
- $reenroll = $cmd == "simplereenroll";
- if (!$reenroll && (!isset($user) || strlen($user) == 0)) {
+} else if ($method == "POST" && $cmd == "simpleenroll") {
+ if (!isset($user) || strlen($user) == 0) {
header('HTTP/1.1 401 Unauthorized');
header('WWW-Authenticate: Digest realm="'.$realm.
'",qop="auth",nonce="'.uniqid().'",opaque="'.md5($realm).'"');
error_log("EST: simpleenroll - require authentication");
die('Authentication required');
}
- if ($reenroll &&
- (!isset($user) ||
- !isset($_SERVER["SSL_CLIENT_VERIFY"]) ||
- $_SERVER["SSL_CLIENT_VERIFY"] != "SUCCESS")) {
- header('HTTP/1.1 403 Forbidden');
- error_log("EST: simplereenroll - require certificate authentication");
- die('Authentication required');
- }
if (!isset($_SERVER["CONTENT_TYPE"])) {
error_log("EST: simpleenroll without Content-Type");
die("Missing Content-Type");
@@ -200,7 +167,6 @@
}
$der = file_get_contents($cert_der);
$fingerprint = hash("sha256", $der);
- error_log("EST: sha256(DER cert): $fingerprint");
$pkcs7 = "$cadir/tmp/est-client.pkcs7";
if (file_exists($pkcs7))