WPS: Use WSC_NACK if no device password is known on M2 RX

This can happen on the AP if the AP PIN is not configured and
the client tries to go through the protocol instead of just using
Registrar mode to receive M1 from the AP. It is cleaner to send
out the WSC_NACK instead of just stopping the protocol.

diff --git a/src/wps/wps_enrollee.c b/src/wps/wps_enrollee.c
index fbc41e5d276421a8a84ebfdc5339e219ca307144..68bc802b2f248dbe48262327fae0d89019ae7042 100644 (file)
--- a/src/wps/wps_enrollee.c
+++ b/src/wps/wps_enrollee.c
@@ -782,7 +782,8 @@ static enum wps_process_res wps_process_m2(struct wps_data *wps,
                return WPS_CONTINUE;
        }
 
-       if (wps->wps->ap && wps->wps->ap_setup_locked) {
+       if (wps->wps->ap &&
+           (wps->wps->ap_setup_locked || wps->dev_password == NULL)) {
                wpa_printf(MSG_DEBUG, "WPS: AP Setup is locked - refuse "
                           "registration of a new Registrar");
                wps->config_error = WPS_CFG_SETUP_LOCKED;