HS 2.0 server: Use noMOUpdate in client certificate subrem

There is no point in trying to update the Credential node with the
existing contents in case of subscription remediation using a client
certificate instead of a username/password credential, so use the
noMOUpdate in that case.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>

diff --git a/hs20/server/spp_server.c b/hs20/server/spp_server.c
index bb833bff13952572af26e625547cba94184cef54..d848278fb55fc6e39b88bd497bf91b1ce84e2b32 100644 (file)
--- a/hs20/server/spp_server.c
+++ b/hs20/server/spp_server.c
@@ -799,30 +799,32 @@ static xml_node_t * build_sub_rem_resp(struct hs20_svc *ctx,
        xml_node_t *spp_node, *cred;
        char buf[400];
        char new_pw[33];
-       char *real_user = NULL;
        char *status;
        char *cert;
 
-       if (dmacc) {
-               real_user = db_get_val(ctx, user, realm, "identity", dmacc);
-               if (real_user == NULL) {
-                       debug_print(ctx, 1, "Could not find user identity for "
-                                   "dmacc user '%s'", user);
-                       return NULL;
-               }
-       }
-
        cert = db_get_val(ctx, user, realm, "cert", dmacc);
        if (cert && cert[0] == '\0') {
                os_free(cert);
                cert = NULL;
        }
        if (cert) {
-               cred = build_credential_cert(ctx, real_user ? real_user : user,
-                                            realm, cert);
+               /* No change needed in PPS MO */
+               cred = NULL;
        } else {
+               char *real_user = NULL;
                char *pw;
 
+               if (dmacc) {
+                       real_user = db_get_val(ctx, user, realm, "identity",
+                                              dmacc);
+                       if (!real_user) {
+                               debug_print(ctx, 1,
+                                           "Could not find user identity for dmacc user '%s'",
+                                           user);
+                               return NULL;
+                       }
+               }
+
                pw = db_get_session_val(ctx, user, realm, session_id,
                                        "password");
                if (pw && pw[0]) {
@@ -838,12 +840,13 @@ static xml_node_t * build_sub_rem_resp(struct hs20_svc *ctx,
                                                real_user ? real_user : user,
                                                realm, new_pw, sizeof(new_pw));
                }
-       }
-       free(real_user);
-       if (!cred) {
-               debug_print(ctx, 1, "Could not build credential");
-               os_free(cert);
-               return NULL;
+
+               free(real_user);
+               if (!cred) {
+                       debug_print(ctx, 1, "Could not build credential");
+                       os_free(cert);
+                       return NULL;
+               }
        }
 
        status = "Remediation complete, request sppUpdateResponse";
@@ -859,7 +862,8 @@ static xml_node_t * build_sub_rem_resp(struct hs20_svc *ctx,
                 "./Wi-Fi/%s/PerProviderSubscription/Cred01/Credential",
                 realm);
 
-       if (add_update_node(ctx, spp_node, ns, buf, cred) < 0) {
+       if ((cred && add_update_node(ctx, spp_node, ns, buf, cred) < 0) ||
+           (!cred && !xml_node_create(ctx->xml, spp_node, ns, "noMOUpdate"))) {
                debug_print(ctx, 1, "Could not add update node");
                xml_node_free(ctx->xml, spp_node);
                os_free(cert);