WPS: Fix local configuration update after AP configuration

Update credential to only include a single authentication and
encryption type in case the AP configuration includes more than one
option. Without this, the credential would be rejected if the AP was
configured to allow more than one authentication type.

diff --git a/src/wps/wps_registrar.c b/src/wps/wps_registrar.c
index 89c4eab..9f9e0ac 100644 (file)
--- a/src/wps/wps_registrar.c
+++ b/src/wps/wps_registrar.c
@@ -2334,6 +2334,19 @@ static enum wps_process_res wps_process_wsc_done(struct wps_data *wps,
        }
 
        if (!wps->wps->ap) {
+               /*
+                * Update credential to only include a single authentication
+                * and encryption type in case the AP configuration includes
+                * more than one option.
+                */
+               if (wps->cred.auth_type & WPS_AUTH_WPA2PSK)
+                       wps->cred.auth_type = WPS_AUTH_WPA2PSK;
+               else if (wps->cred.auth_type & WPS_AUTH_WPAPSK)
+                       wps->cred.auth_type = WPS_AUTH_WPAPSK;
+               if (wps->cred.encr_type & WPS_ENCR_AES)
+                       wps->cred.encr_type = WPS_ENCR_AES;
+               else if (wps->cred.encr_type & WPS_ENCR_TKIP)
+                       wps->cred.encr_type = WPS_ENCR_TKIP;
                wpa_printf(MSG_DEBUG, "WPS: Update local configuration based "
                           "on the modified AP configuration");
                if (wps->wps->cred_cb)

diff --git a/wpa_supplicant/wps_supplicant.c b/wpa_supplicant/wps_supplicant.c
index b6c9bc9..a4efc6e 100644 (file)
--- a/wpa_supplicant/wps_supplicant.c
+++ b/wpa_supplicant/wps_supplicant.c
@@ -210,6 +210,16 @@ static int wpa_supplicant_wps_cred(void *ctx,
        if (wpa_s->conf->wps_cred_processing == 1)
                return 0;
 
+       wpa_hexdump_ascii(MSG_DEBUG, "WPS: SSID", cred->ssid, cred->ssid_len);
+       wpa_printf(MSG_DEBUG, "WPS: Authentication Type 0x%x",
+                  cred->auth_type);
+       wpa_printf(MSG_DEBUG, "WPS: Encryption Type 0x%x", cred->encr_type);
+       wpa_printf(MSG_DEBUG, "WPS: Network Key Index %d", cred->key_idx);
+       wpa_hexdump_key(MSG_DEBUG, "WPS: Network Key",
+                       cred->key, cred->key_len);
+       wpa_printf(MSG_DEBUG, "WPS: MAC Address " MACSTR,
+                  MAC2STR(cred->mac_addr));
+
        if (cred->auth_type != WPS_AUTH_OPEN &&
            cred->auth_type != WPS_AUTH_SHARED &&
            cred->auth_type != WPS_AUTH_WPAPSK &&