mirror of
https://github.com/vanhoefm/fragattacks.git
synced 2024-11-25 00:38:24 -05:00
WPS: Add a workaround for static WEP with Windows network probe
Windows XP and Vista clients can get confused about EAP-Identity/Request when they probe the network with EAPOL-Start. In such a case, they may assume the network is using IEEE 802.1X and prompt user for a certificate while the correct (non-WPS) behavior would be to ask for the static WEP key. As a workaround, use Microsoft Provisioning IE to advertise that legacy 802.1X is not supported. This seems to make Windows ask for a static WEP key when adding a new network, but at least Windows XP SP3 was still marking IEEE 802.1X enabled for the network. Anyway, this is better than just leaving the network configured with IEEE 802.1X and automatic WEP key distribution.
This commit is contained in:
parent
9e783041fa
commit
143a4bf632
@ -627,6 +627,8 @@ int hostapd_init_wps(struct hostapd_data *hapd,
|
||||
cfg.extra_cred_len = conf->extra_cred_len;
|
||||
cfg.disable_auto_conf = (hapd->conf->wps_cred_processing == 1) &&
|
||||
conf->skip_cred_build;
|
||||
if (conf->ssid.security_policy == SECURITY_STATIC_WEP)
|
||||
cfg.static_wep_only = 1;
|
||||
|
||||
wps->registrar = wps_registrar_init(wps, &cfg);
|
||||
if (wps->registrar == NULL) {
|
||||
|
@ -277,6 +277,11 @@ struct wps_registrar_config {
|
||||
* to be set with a suitable Credential and skip_cred_build being used.
|
||||
*/
|
||||
int disable_auto_conf;
|
||||
|
||||
/**
|
||||
* static_wep_only - Whether the BSS supports only static WEP
|
||||
*/
|
||||
int static_wep_only;
|
||||
};
|
||||
|
||||
|
||||
|
@ -99,6 +99,7 @@ struct wps_registrar {
|
||||
int disable_auto_conf;
|
||||
int sel_reg_dev_password_id_override;
|
||||
int sel_reg_config_methods_override;
|
||||
int static_wep_only;
|
||||
};
|
||||
|
||||
|
||||
@ -377,6 +378,7 @@ wps_registrar_init(struct wps_context *wps,
|
||||
reg->disable_auto_conf = cfg->disable_auto_conf;
|
||||
reg->sel_reg_dev_password_id_override = -1;
|
||||
reg->sel_reg_config_methods_override = -1;
|
||||
reg->static_wep_only = cfg->static_wep_only;
|
||||
|
||||
if (wps_set_ie(reg)) {
|
||||
wps_registrar_deinit(reg);
|
||||
@ -778,6 +780,28 @@ static int wps_set_ie(struct wps_registrar *reg)
|
||||
return -1;
|
||||
}
|
||||
|
||||
if (reg->static_wep_only) {
|
||||
/*
|
||||
* Windows XP and Vista clients can get confused about
|
||||
* EAP-Identity/Request when they probe the network with
|
||||
* EAPOL-Start. In such a case, they may assume the network is
|
||||
* using IEEE 802.1X and prompt user for a certificate while
|
||||
* the correct (non-WPS) behavior would be to ask for the
|
||||
* static WEP key. As a workaround, use Microsoft Provisioning
|
||||
* IE to advertise that legacy 802.1X is not supported.
|
||||
*/
|
||||
const u8 ms_wps[7] = {
|
||||
WLAN_EID_VENDOR_SPECIFIC, 5,
|
||||
/* Microsoft Provisioning IE (00:50:f2:5) */
|
||||
0x00, 0x50, 0xf2, 5,
|
||||
0x00 /* no legacy 802.1X or MS WPS */
|
||||
};
|
||||
wpa_printf(MSG_DEBUG, "WPS: Add Microsoft Provisioning IE "
|
||||
"into Beacon/Probe Response frames");
|
||||
wpabuf_put_data(beacon, ms_wps, sizeof(ms_wps));
|
||||
wpabuf_put_data(probe, ms_wps, sizeof(ms_wps));
|
||||
}
|
||||
|
||||
ret = wps_cb_set_ie(reg, beacon, probe);
|
||||
wpabuf_free(beacon);
|
||||
wpabuf_free(probe);
|
||||
|
Loading…
Reference in New Issue
Block a user