From 6195adda9b4306cda2b06b930c59c95832d026a9 Mon Sep 17 00:00:00 2001 From: Jouni Malinen Date: Mon, 26 Jul 2010 18:12:08 -0700 Subject: [PATCH] WPS: Allow AP to start in Enrollee mode without AP PIN for probing In theory, this should not really be needed, but Windows 7 uses Registrar mode to probe AP's WPS capabilities before trying to use Enrollee and fails if the AP does not allow that probing to happen. This allows the AP to start as an Enrollee and send M1, but refuse to continue beyond that (M3 will not be sent if AP PIN is not known). --- src/ap/ap_config.c | 6 +++--- src/ap/wps_hostapd.c | 2 +- src/eap_server/eap_server_wsc.c | 13 +++++++++---- src/wps/wps_upnp_web.c | 3 +++ 4 files changed, 16 insertions(+), 8 deletions(-) diff --git a/src/ap/ap_config.c b/src/ap/ap_config.c index 20be2d47e..fbedb6294 100644 --- a/src/ap/ap_config.c +++ b/src/ap/ap_config.c @@ -566,15 +566,15 @@ hostapd_get_eap_user(const struct hostapd_bss_config *conf, const u8 *identity, return &wsc_enrollee; } - if (conf->wps_state && conf->ap_pin && - identity_len == WSC_ID_REGISTRAR_LEN && + if (conf->wps_state && identity_len == WSC_ID_REGISTRAR_LEN && os_memcmp(identity, WSC_ID_REGISTRAR, WSC_ID_REGISTRAR_LEN) == 0) { static struct hostapd_eap_user wsc_registrar; os_memset(&wsc_registrar, 0, sizeof(wsc_registrar)); wsc_registrar.methods[0].method = eap_server_get_type( "WSC", &wsc_registrar.methods[0].vendor); wsc_registrar.password = (u8 *) conf->ap_pin; - wsc_registrar.password_len = os_strlen(conf->ap_pin); + wsc_registrar.password_len = conf->ap_pin ? + os_strlen(conf->ap_pin) : 0; return &wsc_registrar; } #endif /* CONFIG_WPS */ diff --git a/src/ap/wps_hostapd.c b/src/ap/wps_hostapd.c index 902a65aca..c63b7fc89 100644 --- a/src/ap/wps_hostapd.c +++ b/src/ap/wps_hostapd.c @@ -426,7 +426,7 @@ static void hostapd_pwd_auth_fail(struct hostapd_data *hapd, { FILE *f; - if (!data->enrollee) + if (!data->enrollee || hapd->conf->ap_pin == NULL) return; /* diff --git a/src/eap_server/eap_server_wsc.c b/src/eap_server/eap_server_wsc.c index 272a6195b..28d4f67dd 100644 --- a/src/eap_server/eap_server_wsc.c +++ b/src/eap_server/eap_server_wsc.c @@ -119,10 +119,15 @@ static void * eap_wsc_init(struct eap_sm *sm) } } else { if (sm->user == NULL || sm->user->password == NULL) { - wpa_printf(MSG_INFO, "EAP-WSC: No AP PIN (password) " - "configured for Enrollee functionality"); - os_free(data); - return NULL; + /* + * In theory, this should not really be needed, but + * Windows 7 uses Registrar mode to probe AP's WPS + * capabilities before trying to use Enrollee and fails + * if the AP does not allow that probing to happen.. + */ + wpa_printf(MSG_DEBUG, "EAP-WSC: No AP PIN (password) " + "configured for Enrollee functionality - " + "allow for probing capabilities (M1)"); } cfg.pin = sm->user->password; cfg.pin_len = sm->user->password_len; diff --git a/src/wps/wps_upnp_web.c b/src/wps/wps_upnp_web.c index 2e60607e8..9a6b36e02 100644 --- a/src/wps/wps_upnp_web.c +++ b/src/wps/wps_upnp_web.c @@ -412,6 +412,9 @@ web_process_get_device_info(struct upnp_wps_device_sm *sm, wpa_printf(MSG_DEBUG, "WPS UPnP: GetDeviceInfo"); + if (sm->ctx->ap_pin == NULL) + return HTTP_INTERNAL_SERVER_ERROR; + /* * Request for DeviceInfo, i.e., M1 TLVs. This is a start of WPS * registration over UPnP with the AP acting as an Enrollee. It should