WPS: Allow AP to start in Enrollee mode without AP PIN for probing

In theory, this should not really be needed, but Windows 7 uses
Registrar mode to probe AP's WPS capabilities before trying to use
Enrollee and fails if the AP does not allow that probing to happen.
This allows the AP to start as an Enrollee and send M1, but refuse
to continue beyond that (M3 will not be sent if AP PIN is not known).

diff --git a/src/ap/ap_config.c b/src/ap/ap_config.c
index 20be2d47ea522c768c65e7d4c35c4d65e2c6cac2..fbedb6294b4b78ec9f02a2fc6de58e633a8bd6e5 100644 (file)
--- a/src/ap/ap_config.c
+++ b/src/ap/ap_config.c
@@ -566,15 +566,15 @@ hostapd_get_eap_user(const struct hostapd_bss_config *conf, const u8 *identity,
                return &wsc_enrollee;
        }
 
-       if (conf->wps_state && conf->ap_pin &&
-           identity_len == WSC_ID_REGISTRAR_LEN &&
+       if (conf->wps_state && identity_len == WSC_ID_REGISTRAR_LEN &&
            os_memcmp(identity, WSC_ID_REGISTRAR, WSC_ID_REGISTRAR_LEN) == 0) {
                static struct hostapd_eap_user wsc_registrar;
                os_memset(&wsc_registrar, 0, sizeof(wsc_registrar));
                wsc_registrar.methods[0].method = eap_server_get_type(
                        "WSC", &wsc_registrar.methods[0].vendor);
                wsc_registrar.password = (u8 *) conf->ap_pin;
-               wsc_registrar.password_len = os_strlen(conf->ap_pin);
+               wsc_registrar.password_len = conf->ap_pin ?
+                       os_strlen(conf->ap_pin) : 0;
                return &wsc_registrar;
        }
 #endif /* CONFIG_WPS */

diff --git a/src/ap/wps_hostapd.c b/src/ap/wps_hostapd.c
index 902a65acaa157978f6f9c8800687a3e29504bdb1..c63b7fc89ecb1a7a1dbc016ac8d376e41c4bdc7d 100644 (file)
--- a/src/ap/wps_hostapd.c
+++ b/src/ap/wps_hostapd.c
@@ -426,7 +426,7 @@ static void hostapd_pwd_auth_fail(struct hostapd_data *hapd,
 {
        FILE *f;
 
-       if (!data->enrollee)
+       if (!data->enrollee || hapd->conf->ap_pin == NULL)
                return;
 
        /*

diff --git a/src/eap_server/eap_server_wsc.c b/src/eap_server/eap_server_wsc.c
index 272a6195b14e97e47dd40452bd32eac3c8d88080..28d4f67ddad2ace0ed4dbeebad3b2502b21ad869 100644 (file)
--- a/src/eap_server/eap_server_wsc.c
+++ b/src/eap_server/eap_server_wsc.c
@@ -119,10 +119,15 @@ static void * eap_wsc_init(struct eap_sm *sm)
                }
        } else {
                if (sm->user == NULL || sm->user->password == NULL) {
-                       wpa_printf(MSG_INFO, "EAP-WSC: No AP PIN (password) "
-                                  "configured for Enrollee functionality");
-                       os_free(data);
-                       return NULL;
+                       /*
+                        * In theory, this should not really be needed, but
+                        * Windows 7 uses Registrar mode to probe AP's WPS
+                        * capabilities before trying to use Enrollee and fails
+                        * if the AP does not allow that probing to happen..
+                        */
+                       wpa_printf(MSG_DEBUG, "EAP-WSC: No AP PIN (password) "
+                                  "configured for Enrollee functionality - "
+                                  "allow for probing capabilities (M1)");
                }
                cfg.pin = sm->user->password;
                cfg.pin_len = sm->user->password_len;

diff --git a/src/wps/wps_upnp_web.c b/src/wps/wps_upnp_web.c
index 2e60607e88994661ee2f67a0500f962ef18b451c..9a6b36e021704d3bfccf812856e601ff294c87c6 100644 (file)
--- a/src/wps/wps_upnp_web.c
+++ b/src/wps/wps_upnp_web.c
@@ -412,6 +412,9 @@ web_process_get_device_info(struct upnp_wps_device_sm *sm,
 
        wpa_printf(MSG_DEBUG, "WPS UPnP: GetDeviceInfo");
 
+       if (sm->ctx->ap_pin == NULL)
+               return HTTP_INTERNAL_SERVER_ERROR;
+
        /*
         * Request for DeviceInfo, i.e., M1 TLVs. This is a start of WPS
         * registration over UPnP with the AP acting as an Enrollee. It should