WPS 2.0: Add wildcard AuthorizedMACs if Enrollee address is not known

diff --git a/src/wps/wps_registrar.c b/src/wps/wps_registrar.c
index 96d0bfcf85aae349f4b70b7f655a7fab02298131..91f7080e38180efb79ac6e0ea028d8fe33ef7b90 100644 (file)
--- a/src/wps/wps_registrar.c
+++ b/src/wps/wps_registrar.c
@@ -634,6 +634,9 @@ int wps_registrar_add_pin(struct wps_registrar *reg, const u8 *addr,
        reg->pbc = 0;
        if (addr)
                wps_registrar_add_authorized_mac(reg, addr);
+       else
+               wps_registrar_add_authorized_mac(
+                       reg, (u8 *) "\xff\xff\xff\xff\xff\xff");
        wps_registrar_selected_registrar_changed(reg);
        eloop_cancel_timeout(wps_registrar_set_selected_timeout, reg, NULL);
        eloop_register_timeout(WPS_PBC_WALK_TIME, 0,
@@ -654,10 +657,16 @@ static void wps_registrar_expire_pins(struct wps_registrar *reg)
        {
                if ((pin->flags & PIN_EXPIRES) &&
                    os_time_before(&pin->expiration, &now)) {
+                       u8 *addr;
+                       u8 bcast[ETH_ALEN] =
+                               { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff };
                        wpa_hexdump(MSG_DEBUG, "WPS: Expired PIN for UUID",
                                    pin->uuid, WPS_UUID_LEN);
-                       wps_registrar_remove_authorized_mac(
-                               reg, pin->enrollee_addr);
+                       if (is_zero_ether_addr(pin->enrollee_addr))
+                               addr = bcast;
+                       else
+                               addr = pin->enrollee_addr;
+                       wps_registrar_remove_authorized_mac(reg, addr);
                        wps_remove_pin(pin);
                        wps_registrar_selected_registrar_changed(reg);
                }
@@ -678,10 +687,16 @@ int wps_registrar_invalidate_pin(struct wps_registrar *reg, const u8 *uuid)
        dl_list_for_each_safe(pin, prev, &reg->pins, struct wps_uuid_pin, list)
        {
                if (os_memcmp(pin->uuid, uuid, WPS_UUID_LEN) == 0) {
+                       u8 *addr;
+                       u8 bcast[ETH_ALEN] =
+                               { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff };
                        wpa_hexdump(MSG_DEBUG, "WPS: Invalidated PIN for UUID",
                                    pin->uuid, WPS_UUID_LEN);
-                       wps_registrar_remove_authorized_mac(
-                               reg, pin->enrollee_addr);
+                       if (is_zero_ether_addr(pin->enrollee_addr))
+                               addr = bcast;
+                       else
+                               addr = pin->enrollee_addr;
+                       wps_registrar_remove_authorized_mac(reg, addr);
                        wps_remove_pin(pin);
                        wps_registrar_selected_registrar_changed(reg);
                        return 0;

diff --git a/src/wps/wps_upnp_ap.c b/src/wps/wps_upnp_ap.c
index 501dacb054a2b1091ceca3e075b4b9824362e6a7..907a1ce1584dbd90e9065198fafbf4bb9aaf5fb2 100644 (file)
--- a/src/wps/wps_upnp_ap.c
+++ b/src/wps/wps_upnp_ap.c
@@ -63,6 +63,12 @@ int upnp_er_set_selected_registrar(struct wps_registrar *reg,
                                count = WPS_MAX_AUTHORIZED_MACS;
                        os_memcpy(s->authorized_macs, attr.authorized_macs,
                                  count * ETH_ALEN);
+               } else if (!attr.version2) {
+#ifdef CONFIG_WPS2
+                       wpa_printf(MSG_DEBUG, "WPS: Add broadcast "
+                                  "AuthorizedMACs for WPS 1.0 ER");
+                       os_memset(s->authorized_macs, 0xff, ETH_ALEN);
+#endif /* CONFIG_WPS2 */
                }
                eloop_register_timeout(WPS_PBC_WALK_TIME, 0,
                                       upnp_er_set_selected_timeout, s, NULL);