WPS: Fix local configuration update after AP configuration

Update credential to only include a single authentication and
encryption type in case the AP configuration includes more than one
option. Without this, the credential would be rejected if the AP was
configured to allow more than one authentication type.

diff --git a/src/wps/wps_registrar.c b/src/wps/wps_registrar.c
index 89c4eab5f0b93368aa50e3b53abb423eadbd533f..9f9e0ac2dbcb50d3de5222d88b96a4739990f15a 100644 (file)
--- a/src/wps/wps_registrar.c
+++ b/src/wps/wps_registrar.c
@@ -2334,6 +2334,19 @@ static enum wps_process_res wps_process_wsc_done(struct wps_data *wps,
        }
 
        if (!wps->wps->ap) {
+               /*
+                * Update credential to only include a single authentication
+                * and encryption type in case the AP configuration includes
+                * more than one option.
+                */
+               if (wps->cred.auth_type & WPS_AUTH_WPA2PSK)
+                       wps->cred.auth_type = WPS_AUTH_WPA2PSK;
+               else if (wps->cred.auth_type & WPS_AUTH_WPAPSK)
+                       wps->cred.auth_type = WPS_AUTH_WPAPSK;
+               if (wps->cred.encr_type & WPS_ENCR_AES)
+                       wps->cred.encr_type = WPS_ENCR_AES;
+               else if (wps->cred.encr_type & WPS_ENCR_TKIP)
+                       wps->cred.encr_type = WPS_ENCR_TKIP;
                wpa_printf(MSG_DEBUG, "WPS: Update local configuration based "
                           "on the modified AP configuration");
                if (wps->wps->cred_cb)

diff --git a/wpa_supplicant/wps_supplicant.c b/wpa_supplicant/wps_supplicant.c
index b6c9bc9413b39d99d05698a4cdfb10c51c8921f1..a4efc6ec5a04c28d10c361a1f9fb9a441a5cdace 100644 (file)
--- a/wpa_supplicant/wps_supplicant.c
+++ b/wpa_supplicant/wps_supplicant.c
@@ -210,6 +210,16 @@ static int wpa_supplicant_wps_cred(void *ctx,
        if (wpa_s->conf->wps_cred_processing == 1)
                return 0;
 
+       wpa_hexdump_ascii(MSG_DEBUG, "WPS: SSID", cred->ssid, cred->ssid_len);
+       wpa_printf(MSG_DEBUG, "WPS: Authentication Type 0x%x",
+                  cred->auth_type);
+       wpa_printf(MSG_DEBUG, "WPS: Encryption Type 0x%x", cred->encr_type);
+       wpa_printf(MSG_DEBUG, "WPS: Network Key Index %d", cred->key_idx);
+       wpa_hexdump_key(MSG_DEBUG, "WPS: Network Key",
+                       cred->key, cred->key_len);
+       wpa_printf(MSG_DEBUG, "WPS: MAC Address " MACSTR,
+                  MAC2STR(cred->mac_addr));
+
        if (cred->auth_type != WPS_AUTH_OPEN &&
            cred->auth_type != WPS_AUTH_SHARED &&
            cred->auth_type != WPS_AUTH_WPAPSK &&