static void hostapd_wps_reenable_ap_pin(void *eloop_data, void *user_ctx) { struct hostapd_data *hapd = eloop_data; if (hapd->conf->ap_setup_locked) return; wpa_printf(MSG_DEBUG, "WPS: Re-enable AP PIN"); wpa_msg(hapd->msg_ctx, MSG_INFO, WPS_EVENT_AP_SETUP_UNLOCKED); hapd->wps->ap_setup_locked = 0; wps_registrar_update_ie(hapd->wps->registrar); }
static int wps_pwd_auth_fail(struct hostapd_data *hapd, void *ctx) { struct wps_event_pwd_auth_fail *data = ctx; if (!data->enrollee || hapd->conf->ap_pin == NULL || hapd->wps == NULL) return 0; /* * Registrar failed to prove its knowledge of the AP PIN. Lock AP setup * for some time if this happens multiple times to slow down brute * force attacks. */ hapd->ap_pin_failures++; hapd->ap_pin_failures_consecutive++; wpa_printf(MSG_DEBUG, "WPS: AP PIN authentication failure number %u " "(%u consecutive)", hapd->ap_pin_failures, hapd->ap_pin_failures_consecutive); if (hapd->ap_pin_failures < 3) return 0; wpa_msg(hapd->msg_ctx, MSG_INFO, WPS_EVENT_AP_SETUP_LOCKED); hapd->wps->ap_setup_locked = 1; wps_registrar_update_ie(hapd->wps->registrar); if (!hapd->conf->ap_setup_locked && hapd->ap_pin_failures_consecutive >= 10) { /* * In indefinite lockdown - disable automatic AP PIN * reenablement. */ eloop_cancel_timeout(hostapd_wps_reenable_ap_pin, hapd, NULL); wpa_printf(MSG_DEBUG, "WPS: AP PIN disabled indefinitely"); } else if (!hapd->conf->ap_setup_locked) { if (hapd->ap_pin_lockout_time == 0) hapd->ap_pin_lockout_time = 60; else if (hapd->ap_pin_lockout_time < 365 * 24 * 60 * 60 && (hapd->ap_pin_failures % 3) == 0) hapd->ap_pin_lockout_time *= 2; wpa_printf(MSG_DEBUG, "WPS: Disable AP PIN for %u seconds", hapd->ap_pin_lockout_time); eloop_cancel_timeout(hostapd_wps_reenable_ap_pin, hapd, NULL); eloop_register_timeout(hapd->ap_pin_lockout_time, 0, hostapd_wps_reenable_ap_pin, hapd, NULL); } return 0; }
static void hostapd_wps_ap_pin_enable(struct hostapd_data *hapd, int timeout) { wpa_printf(MSG_DEBUG, "WPS: Enabling AP PIN (timeout=%d)", timeout); hapd->ap_pin_failures = 0; hapd->conf->ap_setup_locked = 0; if (hapd->wps->ap_setup_locked) { wpa_msg(hapd->msg_ctx, MSG_INFO, WPS_EVENT_AP_SETUP_UNLOCKED); hapd->wps->ap_setup_locked = 0; wps_registrar_update_ie(hapd->wps->registrar); } eloop_cancel_timeout(hostapd_wps_ap_pin_timeout, hapd, NULL); if (timeout > 0) eloop_register_timeout(timeout, 0, hostapd_wps_ap_pin_timeout, hapd, NULL); }
void hostapd_update_wps(struct hostapd_data *hapd) { if (hapd->wps == NULL) return; #ifdef CONFIG_WPS_UPNP hapd->wps->friendly_name = hapd->conf->friendly_name; hapd->wps->manufacturer_url = hapd->conf->manufacturer_url; hapd->wps->model_description = hapd->conf->model_description; hapd->wps->model_url = hapd->conf->model_url; hapd->wps->upc = hapd->conf->upc; #endif /* CONFIG_WPS_UPNP */ if (hapd->conf->wps_state) wps_registrar_update_ie(hapd->wps->registrar); else hostapd_deinit_wps(hapd); }
static void hostapd_pwd_auth_fail(struct hostapd_data *hapd, struct wps_event_pwd_auth_fail *data) { FILE *f; if (!data->enrollee) return; /* * Registrar failed to prove its knowledge of the AP PIN. Lock AP setup * if this happens multiple times. */ hapd->ap_pin_failures++; if (hapd->ap_pin_failures < 4) return; wpa_msg(hapd, MSG_INFO, WPS_EVENT_AP_SETUP_LOCKED); hapd->wps->ap_setup_locked = 1; wps_registrar_update_ie(hapd->wps->registrar); if (hapd->conf->wps_cred_processing == 1) return; f = fopen(hapd->iface->config_fname, "a"); if (f == NULL) { wpa_printf(MSG_WARNING, "WPS: Could not append to the current " "configuration file"); return; } fprintf(f, "# WPS AP Setup Locked based on possible attack\n"); fprintf(f, "ap_setup_locked=1\n"); fclose(f); /* TODO: dualband AP may need to update multiple configuration files */ wpa_printf(MSG_DEBUG, "WPS: AP configuration updated"); }
static int wps_update_ie(struct hostapd_data *hapd, void *ctx) { if (hapd->wps) wps_registrar_update_ie(hapd->wps->registrar); return 0; }