Home Explore Help
Register Sign In
wareck
/
krackattacks
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

WPS: Add option to disable open networks by default

CONFIG_WPS_REG_DISABLE_OPEN=y can be used to configure wpa_supplicant
to disable open networks by default when wps_reg command is used to
learn the current AP settings. When this is enabled, there will be a
WPS-OPEN-NETWORK ctrl_iface event and the user will need to explicitly
enable the network (e.g., with "select_network <id>") to connect to
the open network.
Jouni Malinen 14 years ago
parent
5dfca53fc0
commit
f981eabcf0
3 changed files with 28 additions and 0 deletions
Split View Show Diff Stats
  1. 2 0
      src/common/wpa_ctrl.h
  2. 4 0
      wpa_supplicant/Makefile
  3. 22 0
      wpa_supplicant/wps_supplicant.c

+ 2 - 0
src/common/wpa_ctrl.h
View File 

@@ -85,6 +85,8 @@ extern "C" {
 
 
 #define WPS_EVENT_ENROLLEE_SEEN "WPS-ENROLLEE-SEEN "
 
 
+#define WPS_EVENT_OPEN_NETWORK "WPS-OPEN-NETWORK "
 
+
 
 /* WPS ER events */
 
 #define WPS_EVENT_ER_AP_ADD "WPS-ER-AP-ADD "
 
 #define WPS_EVENT_ER_AP_REMOVE "WPS-ER-AP-REMOVE "

+ 4 - 0
wpa_supplicant/Makefile
View File 

@@ -564,6 +564,10 @@ ifdef CONFIG_WPS_TESTING
 
 CFLAGS += -DCONFIG_WPS_TESTING
 
 endif
 
 
+ifdef CONFIG_WPS_REG_DISABLE_OPEN
 
+CFLAGS += -DCONFIG_WPS_REG_DISABLE_OPEN
 
+endif
 
+
 
 endif
 
 
 ifdef CONFIG_EAP_IKEV2

+ 22 - 0
wpa_supplicant/wps_supplicant.c
View File 

@@ -73,10 +73,16 @@ int wpas_wps_eapol_cb(struct wpa_supplicant *wpa_s)
 
 
 	if (wpa_s->key_mgmt == WPA_KEY_MGMT_WPS && wpa_s->current_ssid &&
 
 	    !(wpa_s->current_ssid->key_mgmt & WPA_KEY_MGMT_WPS)) {
 
+		int disabled = wpa_s->current_ssid->disabled;
 
 		wpa_printf(MSG_DEBUG, "WPS: Network configuration replaced - "
 
 			   "try to associate with the received credential");
 
 		wpa_supplicant_deauthenticate(wpa_s,
 
 					      WLAN_REASON_DEAUTH_LEAVING);
 
+		if (disabled) {
 
+			wpa_printf(MSG_DEBUG, "WPS: Current network is "
 
+				   "disabled - wait for user to enable");
 
+			return 1;
 
+		}
 
 		wpa_s->after_wps = 5;
 
 		wpa_s->wps_freq = wpa_s->assoc_freq;
 
 		wpa_s->reassociate = 1;
 
@@ -183,6 +189,7 @@ static int wpa_supplicant_wps_cred(void *ctx,
 
 	struct wpa_ssid *ssid = wpa_s->current_ssid;
 
 	u8 key_idx = 0;
 
 	u16 auth_type;
 
+	int registrar = 0;
 
 
 	if ((wpa_s->conf->wps_cred_processing == 1 ||
 
 	     wpa_s->conf->wps_cred_processing == 2) && cred->cred_attr) {
 
@@ -236,6 +243,11 @@ static int wpa_supplicant_wps_cred(void *ctx,
 
 	if (ssid && (ssid->key_mgmt & WPA_KEY_MGMT_WPS)) {
 
 		wpa_printf(MSG_DEBUG, "WPS: Replace WPS network block based "
 
 			   "on the received credential");
 
+		if (ssid->eap.identity &&
 
+		    ssid->eap.identity_len == WSC_ID_REGISTRAR_LEN &&
 
+		    os_memcmp(ssid->eap.identity, WSC_ID_REGISTRAR,
 
+			      WSC_ID_REGISTRAR_LEN) == 0)
 
+			registrar = 1;
 
 		os_free(ssid->eap.identity);
 
 		ssid->eap.identity = NULL;
 
 		ssid->eap.identity_len = 0;
 
@@ -311,6 +323,16 @@ static int wpa_supplicant_wps_cred(void *ctx,
 
 		ssid->auth_alg = WPA_AUTH_ALG_OPEN;
 
 		ssid->key_mgmt = WPA_KEY_MGMT_NONE;
 
 		ssid->proto = 0;
 
+#ifdef CONFIG_WPS_REG_DISABLE_OPEN
 
+		if (registrar) {
 
+			wpa_msg(wpa_s, MSG_INFO, WPS_EVENT_OPEN_NETWORK
 
+				"id=%d - Credentials for an open "
 
+				"network disabled by default - use "
 
+				"'select_network %d' to enable",
 
+				ssid->id, ssid->id);
 
+			ssid->disabled = 1;
 
+		}
 
+#endif /* CONFIG_WPS_REG_DISABLE_OPEN */
 
 		break;
 
 	case WPS_AUTH_SHARED:
 
 		ssid->auth_alg = WPA_AUTH_ALG_SHARED;