WPS: Add option to disable open networks by default
CONFIG_WPS_REG_DISABLE_OPEN=y can be used to configure wpa_supplicant to disable open networks by default when wps_reg command is used to learn the current AP settings. When this is enabled, there will be a WPS-OPEN-NETWORK ctrl_iface event and the user will need to explicitly enable the network (e.g., with "select_network <id>") to connect to the open network.
This commit is contained in:
parent
5dfca53fc0
commit
f981eabcf0
3 changed files with 28 additions and 0 deletions
|
@ -85,6 +85,8 @@ extern "C" {
|
||||||
|
|
||||||
#define WPS_EVENT_ENROLLEE_SEEN "WPS-ENROLLEE-SEEN "
|
#define WPS_EVENT_ENROLLEE_SEEN "WPS-ENROLLEE-SEEN "
|
||||||
|
|
||||||
|
#define WPS_EVENT_OPEN_NETWORK "WPS-OPEN-NETWORK "
|
||||||
|
|
||||||
/* WPS ER events */
|
/* WPS ER events */
|
||||||
#define WPS_EVENT_ER_AP_ADD "WPS-ER-AP-ADD "
|
#define WPS_EVENT_ER_AP_ADD "WPS-ER-AP-ADD "
|
||||||
#define WPS_EVENT_ER_AP_REMOVE "WPS-ER-AP-REMOVE "
|
#define WPS_EVENT_ER_AP_REMOVE "WPS-ER-AP-REMOVE "
|
||||||
|
|
|
@ -564,6 +564,10 @@ ifdef CONFIG_WPS_TESTING
|
||||||
CFLAGS += -DCONFIG_WPS_TESTING
|
CFLAGS += -DCONFIG_WPS_TESTING
|
||||||
endif
|
endif
|
||||||
|
|
||||||
|
ifdef CONFIG_WPS_REG_DISABLE_OPEN
|
||||||
|
CFLAGS += -DCONFIG_WPS_REG_DISABLE_OPEN
|
||||||
|
endif
|
||||||
|
|
||||||
endif
|
endif
|
||||||
|
|
||||||
ifdef CONFIG_EAP_IKEV2
|
ifdef CONFIG_EAP_IKEV2
|
||||||
|
|
|
@ -73,10 +73,16 @@ int wpas_wps_eapol_cb(struct wpa_supplicant *wpa_s)
|
||||||
|
|
||||||
if (wpa_s->key_mgmt == WPA_KEY_MGMT_WPS && wpa_s->current_ssid &&
|
if (wpa_s->key_mgmt == WPA_KEY_MGMT_WPS && wpa_s->current_ssid &&
|
||||||
!(wpa_s->current_ssid->key_mgmt & WPA_KEY_MGMT_WPS)) {
|
!(wpa_s->current_ssid->key_mgmt & WPA_KEY_MGMT_WPS)) {
|
||||||
|
int disabled = wpa_s->current_ssid->disabled;
|
||||||
wpa_printf(MSG_DEBUG, "WPS: Network configuration replaced - "
|
wpa_printf(MSG_DEBUG, "WPS: Network configuration replaced - "
|
||||||
"try to associate with the received credential");
|
"try to associate with the received credential");
|
||||||
wpa_supplicant_deauthenticate(wpa_s,
|
wpa_supplicant_deauthenticate(wpa_s,
|
||||||
WLAN_REASON_DEAUTH_LEAVING);
|
WLAN_REASON_DEAUTH_LEAVING);
|
||||||
|
if (disabled) {
|
||||||
|
wpa_printf(MSG_DEBUG, "WPS: Current network is "
|
||||||
|
"disabled - wait for user to enable");
|
||||||
|
return 1;
|
||||||
|
}
|
||||||
wpa_s->after_wps = 5;
|
wpa_s->after_wps = 5;
|
||||||
wpa_s->wps_freq = wpa_s->assoc_freq;
|
wpa_s->wps_freq = wpa_s->assoc_freq;
|
||||||
wpa_s->reassociate = 1;
|
wpa_s->reassociate = 1;
|
||||||
|
@ -183,6 +189,7 @@ static int wpa_supplicant_wps_cred(void *ctx,
|
||||||
struct wpa_ssid *ssid = wpa_s->current_ssid;
|
struct wpa_ssid *ssid = wpa_s->current_ssid;
|
||||||
u8 key_idx = 0;
|
u8 key_idx = 0;
|
||||||
u16 auth_type;
|
u16 auth_type;
|
||||||
|
int registrar = 0;
|
||||||
|
|
||||||
if ((wpa_s->conf->wps_cred_processing == 1 ||
|
if ((wpa_s->conf->wps_cred_processing == 1 ||
|
||||||
wpa_s->conf->wps_cred_processing == 2) && cred->cred_attr) {
|
wpa_s->conf->wps_cred_processing == 2) && cred->cred_attr) {
|
||||||
|
@ -236,6 +243,11 @@ static int wpa_supplicant_wps_cred(void *ctx,
|
||||||
if (ssid && (ssid->key_mgmt & WPA_KEY_MGMT_WPS)) {
|
if (ssid && (ssid->key_mgmt & WPA_KEY_MGMT_WPS)) {
|
||||||
wpa_printf(MSG_DEBUG, "WPS: Replace WPS network block based "
|
wpa_printf(MSG_DEBUG, "WPS: Replace WPS network block based "
|
||||||
"on the received credential");
|
"on the received credential");
|
||||||
|
if (ssid->eap.identity &&
|
||||||
|
ssid->eap.identity_len == WSC_ID_REGISTRAR_LEN &&
|
||||||
|
os_memcmp(ssid->eap.identity, WSC_ID_REGISTRAR,
|
||||||
|
WSC_ID_REGISTRAR_LEN) == 0)
|
||||||
|
registrar = 1;
|
||||||
os_free(ssid->eap.identity);
|
os_free(ssid->eap.identity);
|
||||||
ssid->eap.identity = NULL;
|
ssid->eap.identity = NULL;
|
||||||
ssid->eap.identity_len = 0;
|
ssid->eap.identity_len = 0;
|
||||||
|
@ -311,6 +323,16 @@ static int wpa_supplicant_wps_cred(void *ctx,
|
||||||
ssid->auth_alg = WPA_AUTH_ALG_OPEN;
|
ssid->auth_alg = WPA_AUTH_ALG_OPEN;
|
||||||
ssid->key_mgmt = WPA_KEY_MGMT_NONE;
|
ssid->key_mgmt = WPA_KEY_MGMT_NONE;
|
||||||
ssid->proto = 0;
|
ssid->proto = 0;
|
||||||
|
#ifdef CONFIG_WPS_REG_DISABLE_OPEN
|
||||||
|
if (registrar) {
|
||||||
|
wpa_msg(wpa_s, MSG_INFO, WPS_EVENT_OPEN_NETWORK
|
||||||
|
"id=%d - Credentials for an open "
|
||||||
|
"network disabled by default - use "
|
||||||
|
"'select_network %d' to enable",
|
||||||
|
ssid->id, ssid->id);
|
||||||
|
ssid->disabled = 1;
|
||||||
|
}
|
||||||
|
#endif /* CONFIG_WPS_REG_DISABLE_OPEN */
|
||||||
break;
|
break;
|
||||||
case WPS_AUTH_SHARED:
|
case WPS_AUTH_SHARED:
|
||||||
ssid->auth_alg = WPA_AUTH_ALG_SHARED;
|
ssid->auth_alg = WPA_AUTH_ALG_SHARED;
|
||||||
|
|
Loading…
Reference in a new issue