commit b8b7e7be1a86f2cb6c53a0d7cc445049419eb872
author Jouni Malinen <jouni@codeaurora.org> Wed Sep 26 13:39:42 2018 +0300
committer Jouni Malinen <jouni@codeaurora.org> Wed Sep 26 13:39:42 2018 +0300
tree 0343e023d7c6ae46be6e98fb226d6145267f245d
parent 78a3cbd117bcf682b21f3fb068de22e764ed4e20

server_set_parameter: Certificate reenrollment status updates

Add support for the CertReEnroll and SerialNo parameters to
enable/disable remediation requirement to perform certificate
reenrollment.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>

server.c

diff --git a/server.c b/server.c
index 7031fba..35aef0c 100644
--- a/server.c
+++ b/server.c
@@ -483,11 +483,52 @@
 }
 
 
+static int osu_set_cert_reenroll(struct sigma_dut *dut, const char *serial,
+				 int enable)
+{
+	sqlite3 *db;
+	char *sql;
+	char id[100];
+	int ret = -1;
+
+	if (sqlite3_open(SERVER_DB, &db)) {
+		sigma_dut_print(dut, DUT_MSG_ERROR,
+				"Failed to open SQLite database %s",
+				SERVER_DB);
+		return -1;
+	}
+
+	snprintf(id, sizeof(id), "cert-%s", serial);
+	sql = sqlite3_mprintf("UPDATE users SET remediation=%Q WHERE lower(identity)=lower(%Q)",
+			      enable ? "machine" : "", id);
+	if (!sql)
+		goto fail;
+	sigma_dut_print(dut, DUT_MSG_DEBUG, "SQL: %s", sql);
+	if (sqlite3_exec(db, sql, NULL, NULL, NULL) != SQLITE_OK) {
+		sigma_dut_print(dut, DUT_MSG_ERROR, "SQL operation failed: %s",
+				sqlite3_errmsg(db));
+		goto fail;
+	}
+
+	if (sqlite3_changes(db) < 1) {
+		sigma_dut_print(dut, DUT_MSG_ERROR, "No DB rows modified (specified serial number not found)");
+		goto fail;
+	}
+
+	ret = 0;
+fail:
+	sqlite3_close(db);
+
+	return ret;
+}
+
+
 static int cmd_server_set_parameter(struct sigma_dut *dut,
 				    struct sigma_conn *conn,
 				    struct sigma_cmd *cmd)
 {
 	const char *var, *root_ca, *inter_ca, *osu_cert, *issuing_arch, *name;
+	const char *reenroll, *serial;
 	int osu, timeout = -1;
 	enum sigma_program prog;
 
@@ -526,15 +567,34 @@
 		return 0;
 	}
 
+	reenroll = get_param(cmd, "CertReEnroll");
+	serial = get_param(cmd, "SerialNo");
+	if (reenroll && serial) {
+		int enable;
+
+		if (strcasecmp(reenroll, "Enable") == 0) {
+			enable = 1;
+		} else if (strcasecmp(reenroll, "Disable") == 0) {
+			enable = 0;
+		} else {
+			send_resp(dut, conn, SIGMA_ERROR,
+				  "errorCode,Invalid CertReEnroll value");
+			return 0;
+		}
+
+		if (osu_set_cert_reenroll(dut, serial, enable) < 0) {
+			send_resp(dut, conn, SIGMA_ERROR,
+				  "errorCode,Failed to update certificate reenrollment state");
+			return 0;
+		}
+	}
+
 	name = get_param(cmd, "Name");
 	root_ca = get_param(cmd, "TrustRootCACert");
 	inter_ca = get_param(cmd, "InterCACert");
 	osu_cert = get_param(cmd, "OSUServerCert");
 	issuing_arch = get_param(cmd, "Issuing_Arch");
 
-	/* TODO: CertReEnroll,{Enable|Disable} */
-	/* TODO: SerialNo,<hex> */
-
 	if (timeout > -1) {
 		/* TODO */
 	}