WPS: Allow AP to start in Enrollee mode without AP PIN for probing

In theory, this should not really be needed, but Windows 7 uses Registrar mode to probe AP's WPS capabilities before trying to use Enrollee and fails if the AP does not allow that probing to happen. This allows the AP to start as an Enrollee and send M1, but refuse to continue beyond that (M3 will not be sent if AP PIN is not known).
14 years ago · 6195adda9b
parent 67ccef7e6c
commit 6195adda9b
4 changed files with 16 additions and 8 deletions
--- a/src/ap/ap_config.c
+++ b/src/ap/ap_config.c
@ -566,15 +566,15 @@ hostapd_get_eap_user(const struct hostapd_bss_config *conf, const u8 *identity,
 		return &wsc_enrollee;
 	}

-	if (conf->wps_state && conf->ap_pin &&
-	    identity_len == WSC_ID_REGISTRAR_LEN &&
+	if (conf->wps_state && identity_len == WSC_ID_REGISTRAR_LEN &&
 	    os_memcmp(identity, WSC_ID_REGISTRAR, WSC_ID_REGISTRAR_LEN) == 0) {
 		static struct hostapd_eap_user wsc_registrar;
 		os_memset(&wsc_registrar, 0, sizeof(wsc_registrar));
 		wsc_registrar.methods[0].method = eap_server_get_type(
 			"WSC", &wsc_registrar.methods[0].vendor);
 		wsc_registrar.password = (u8 *) conf->ap_pin;
-		wsc_registrar.password_len = os_strlen(conf->ap_pin);
+		wsc_registrar.password_len = conf->ap_pin ?
+			os_strlen(conf->ap_pin) : 0;
 		return &wsc_registrar;
 	}
 #endif /* CONFIG_WPS */
--- a/src/ap/wps_hostapd.c
+++ b/src/ap/wps_hostapd.c
@ -426,7 +426,7 @@ static void hostapd_pwd_auth_fail(struct hostapd_data *hapd,
 {
 	FILE *f;

-	if (!data->enrollee)
+	if (!data->enrollee || hapd->conf->ap_pin == NULL)
 		return;

 	/*
--- a/src/eap_server/eap_server_wsc.c
+++ b/src/eap_server/eap_server_wsc.c
@ -119,10 +119,15 @@ static void * eap_wsc_init(struct eap_sm *sm)
 		}
 	} else {
 		if (sm->user == NULL || sm->user->password == NULL) {
-			wpa_printf(MSG_INFO, "EAP-WSC: No AP PIN (password) "
-				   "configured for Enrollee functionality");
-			os_free(data);
-			return NULL;
+			/*
+			 * In theory, this should not really be needed, but
+			 * Windows 7 uses Registrar mode to probe AP's WPS
+			 * capabilities before trying to use Enrollee and fails
+			 * if the AP does not allow that probing to happen..
+			 */
+			wpa_printf(MSG_DEBUG, "EAP-WSC: No AP PIN (password) "
+				   "configured for Enrollee functionality - "
+				   "allow for probing capabilities (M1)");
 		}
 		cfg.pin = sm->user->password;
 		cfg.pin_len = sm->user->password_len;
--- a/src/wps/wps_upnp_web.c
+++ b/src/wps/wps_upnp_web.c
@ -412,6 +412,9 @@ web_process_get_device_info(struct upnp_wps_device_sm *sm,

 	wpa_printf(MSG_DEBUG, "WPS UPnP: GetDeviceInfo");

+	if (sm->ctx->ap_pin == NULL)
+		return HTTP_INTERNAL_SERVER_ERROR;
+
 	/*
 	 * Request for DeviceInfo, i.e., M1 TLVs. This is a start of WPS
 	 * registration over UPnP with the AP acting as an Enrollee. It should