DPP: Require conf=configurator to allow Configurator provisioning

Make Configurator provisioning require explicit conf parameter enabling
similarly to the previously used conf=ap-* and conf=sta-* cases.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>

diff --git a/src/common/dpp.c b/src/common/dpp.c
index 12a5a983be2bc2b207c87f9f2bdac651a006093e..9cdd926fff7805a6727d6fb0c989c25d85398881 100644 (file)
--- a/src/common/dpp.c
+++ b/src/common/dpp.c
@@ -4517,6 +4517,10 @@ static int dpp_configuration_parse_helper(struct dpp_authentication *auth,
                conf = conf_ap;
        }
 
+       pos = os_strstr(cmd, " conf=configurator");
+       if (pos)
+               auth->provision_configurator = 1;
+
        if (!conf)
                return 0;
 
@@ -5605,6 +5609,12 @@ static struct wpabuf * dpp_build_enveloped_data(struct dpp_authentication *auth)
                return NULL;
        }
 
+       if (!auth->provision_configurator) {
+               wpa_printf(MSG_DEBUG,
+                          "DPP: Configurator provisioning not allowed");
+               return NULL;
+       }
+
        wpa_printf(MSG_DEBUG, "DPP: Building DPPEnvelopedData");
 
        hash_len = auth->conf->curve->hash_len;

diff --git a/src/common/dpp.h b/src/common/dpp.h
index c47a9b87c7eb8a514140c8fc645e231d8f8c0bb8..ad1bcb0fa4c71a1566b11c7b3ca69dd702d6ec82 100644 (file)
--- a/src/common/dpp.h
+++ b/src/common/dpp.h
@@ -254,6 +254,7 @@ struct dpp_authentication {
        struct dpp_configuration *conf2_ap;
        struct dpp_configuration *conf_sta;
        struct dpp_configuration *conf2_sta;
+       int provision_configurator;
        struct dpp_configurator *conf;
        struct dpp_config_obj {
                char *connector; /* received signedConnector */