aboutsummaryrefslogtreecommitdiffstats
path: root/hostapd
diff options
context:
space:
mode:
authorJouni Malinen <j@w1.fi>2009-12-12 14:40:10 (GMT)
committerJouni Malinen <j@w1.fi>2010-09-09 13:07:47 (GMT)
commit31fcea931d916fd3dec2522822f87a7148b45a99 (patch)
treeefe4ecda6d02fa176ed82da68871ae186dc7261e /hostapd
parentf439079e93dfff93d184df727bb8bedef4a9fcb2 (diff)
downloadhostap-31fcea931d916fd3dec2522822f87a7148b45a99.zip
hostap-31fcea931d916fd3dec2522822f87a7148b45a99.tar.gz
hostap-31fcea931d916fd3dec2522822f87a7148b45a99.tar.bz2
WPS 2.0: Add support for AuthorizedMACs attribute
Advertize list of authorized enrollee MAC addresses in Beacon and Probe Response frames and use these when selecting the AP. In order to provide the list, the enrollee MAC address should be specified whenever adding a new PIN. In addition, add UUID-R into SetSelectedRegistrar action to make it potentially easier for an AP to figure out which ER sent the action should there be multiple ERs using the same IP address.
Diffstat (limited to 'hostapd')
-rw-r--r--hostapd/README-WPS9
-rw-r--r--hostapd/ctrl_iface.c10
-rw-r--r--hostapd/hostapd_cli.c9
3 files changed, 23 insertions, 5 deletions
diff --git a/hostapd/README-WPS b/hostapd/README-WPS
index 74f2113..3bfde61 100644
--- a/hostapd/README-WPS
+++ b/hostapd/README-WPS
@@ -171,10 +171,17 @@ hostapd_cli wps_pin any 12345670
To reduce likelihood of PIN being used with other devices or of
forgetting an active PIN available for potential attackers, expiration
-time can be set for the new PIN:
+time in seconds can be set for the new PIN (value 0 indicates no
+expiration):
hostapd_cli wps_pin any 12345670 300
+If the MAC address of the enrollee is known, it should be configured
+to allow the AP to advertise list of authorized enrollees:
+
+hostapd_cli wps_pin 53b63a98-d29e-4457-a2ed-094d7e6a669c \
+ 12345670 300 00:11:22:33:44:55
+
After this, the Enrollee can connect to the AP again and complete WPS
negotiation. At that point, a new, random WPA PSK is generated for the
diff --git a/hostapd/ctrl_iface.c b/hostapd/ctrl_iface.c
index 9c47ba8..e03e66f 100644
--- a/hostapd/ctrl_iface.c
+++ b/hostapd/ctrl_iface.c
@@ -275,6 +275,8 @@ static int hostapd_ctrl_iface_wps_pin(struct hostapd_data *hapd, char *txt)
char *pin = os_strchr(txt, ' ');
char *timeout_txt;
int timeout;
+ u8 addr_buf[ETH_ALEN], *addr = NULL;
+ char *pos;
if (pin == NULL)
return -1;
@@ -284,10 +286,16 @@ static int hostapd_ctrl_iface_wps_pin(struct hostapd_data *hapd, char *txt)
if (timeout_txt) {
*timeout_txt++ = '\0';
timeout = atoi(timeout_txt);
+ pos = os_strchr(timeout_txt, ' ');
+ if (pos) {
+ *pos++ = '\0';
+ if (hwaddr_aton(pos, addr_buf) == 0)
+ addr = addr_buf;
+ }
} else
timeout = 0;
- return hostapd_wps_add_pin(hapd, txt, pin, timeout);
+ return hostapd_wps_add_pin(hapd, addr, txt, pin, timeout);
}
diff --git a/hostapd/hostapd_cli.c b/hostapd/hostapd_cli.c
index 589530e..4f22e85 100644
--- a/hostapd/hostapd_cli.c
+++ b/hostapd/hostapd_cli.c
@@ -89,7 +89,7 @@ static const char *commands_help =
" sa_query <addr> send SA Query to a station\n"
#endif /* CONFIG_IEEE80211W */
#ifdef CONFIG_WPS
-" wps_pin <uuid> <pin> [timeout] add WPS Enrollee PIN (Device Password)\n"
+" wps_pin <uuid> <pin> [timeout] [addr] add WPS Enrollee PIN\n"
" wps_pbc indicate button pushed to initiate PBC\n"
#ifdef CONFIG_WPS_OOB
" wps_oob <type> <path> <method> use WPS with out-of-band (UFD)\n"
@@ -352,13 +352,16 @@ static int hostapd_cli_cmd_sa_query(struct wpa_ctrl *ctrl, int argc,
static int hostapd_cli_cmd_wps_pin(struct wpa_ctrl *ctrl, int argc,
char *argv[])
{
- char buf[64];
+ char buf[256];
if (argc < 2) {
printf("Invalid 'wps_pin' command - at least two arguments, "
"UUID and PIN, are required.\n");
return -1;
}
- if (argc > 2)
+ if (argc > 3)
+ snprintf(buf, sizeof(buf), "WPS_PIN %s %s %s %s",
+ argv[0], argv[1], argv[2], argv[3]);
+ else if (argc > 2)
snprintf(buf, sizeof(buf), "WPS_PIN %s %s %s",
argv[0], argv[1], argv[2]);
else