]> git.ipfire.org Git - thirdparty/hostap.git/blame - wpa_supplicant/wpa_supplicant.c
projects / thirdparty / hostap.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
P2P: Check Action frame payload match before accepted TX status
[thirdparty/hostap.git] / wpa_supplicant / wpa_supplicant.c
CommitLineData
6fc6879b
JM		 1/*
2 * WPA Supplicant
d93dfbd5 3 * Copyright (c) 2003-2012, Jouni Malinen <j@w1.fi>
6fc6879b 4 *
0f3d578e
JM		 5 * This software may be distributed under the terms of the BSD license.
6 * See README for more details.
6fc6879b
JM		 7 *
8 * This file implements functions for registering and unregistering
9 * %wpa_supplicant interfaces. In addition, this file contains number of
10 * functions for managing network connections.
11 */
12
13#include "includes.h"
14
15#include "common.h"
d47fa330 16#include "crypto/random.h"
7d232e23 17#include "crypto/sha1.h"
6fc6879b
JM		 18#include "eapol_supp/eapol_supp_sm.h"
19#include "eap_peer/eap.h"
ec7b97ab 20#include "eap_peer/eap_proxy.h"
3ec97afe 21#include "eap_server/eap_methods.h"
3acb5005 22#include "rsn_supp/wpa.h"
6fc6879b 23#include "eloop.h"
6fc6879b 24#include "config.h"
306ae225 25#include "utils/ext_password.h"
6fc6879b
JM		 26#include "l2_packet/l2_packet.h"
27#include "wpa_supplicant_i.h"
2d5b792d 28#include "driver_i.h"
6fc6879b 29#include "ctrl_iface.h"
6fc6879b 30#include "pcsc_funcs.h"
90973fb2 31#include "common/version.h"
3acb5005
JM		 32#include "rsn_supp/preauth.h"
33#include "rsn_supp/pmksa_cache.h"
90973fb2 34#include "common/wpa_ctrl.h"
90973fb2 35#include "common/ieee802_11_defs.h"
72044390 36#include "p2p/p2p.h"
6fc6879b
JM		 37#include "blacklist.h"
38#include "wpas_glue.h"
116654ce 39#include "wps_supplicant.h"
11ef8d35 40#include "ibss_rsn.h"
c2a04078 41#include "sme.h"
04ea7b79 42#include "gas_query.h"
1f1b62a0 43#include "ap.h"
b22128ef 44#include "p2p_supplicant.h"
9675ce35 45#include "wifi_display.h"
8bac466b 46#include "notify.h"
60b94c98 47#include "bgscan.h"
7c865c68 48#include "autoscan.h"
83922c2d 49#include "bss.h"
9ba9fa07 50#include "scan.h"
24f6497c 51#include "offchannel.h"
cb418324 52#include "hs20_supplicant.h"
e27d20bb 53#include "wnm_sta.h"
6fc6879b
JM		 54
55const char *wpa_supplicant_version =
56"wpa_supplicant v" VERSION_STR "\n"
e056f93e 57"Copyright (c) 2003-2013, Jouni Malinen <j@w1.fi> and contributors";
6fc6879b
JM		 58
59const char *wpa_supplicant_license =
331f89ff
JM		 60"This software may be distributed under the terms of the BSD license.\n"
61"See README for more details.\n"
6fc6879b
JM		 62#ifdef EAP_TLS_OPENSSL
63"\nThis product includes software developed by the OpenSSL Project\n"
64"for use in the OpenSSL Toolkit (http://www.openssl.org/)\n"
65#endif /* EAP_TLS_OPENSSL */
66;
67
68#ifndef CONFIG_NO_STDOUT_DEBUG
69/* Long text divided into parts in order to fit in C89 strings size limits. */
70const char *wpa_supplicant_full_license1 =
331f89ff 71"";
6fc6879b 72const char *wpa_supplicant_full_license2 =
331f89ff 73"This software may be distributed under the terms of the BSD license.\n"
6fc6879b
JM		 74"\n"
75"Redistribution and use in source and binary forms, with or without\n"
76"modification, are permitted provided that the following conditions are\n"
77"met:\n"
78"\n";
79const char *wpa_supplicant_full_license3 =
80"1. Redistributions of source code must retain the above copyright\n"
81" notice, this list of conditions and the following disclaimer.\n"
82"\n"
83"2. Redistributions in binary form must reproduce the above copyright\n"
84" notice, this list of conditions and the following disclaimer in the\n"
85" documentation and/or other materials provided with the distribution.\n"
86"\n";
87const char *wpa_supplicant_full_license4 =
88"3. Neither the name(s) of the above-listed copyright holder(s) nor the\n"
89" names of its contributors may be used to endorse or promote products\n"
90" derived from this software without specific prior written permission.\n"
91"\n"
92"THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS\n"
93"\"AS IS\" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT\n"
94"LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR\n"
95"A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT\n";
96const char *wpa_supplicant_full_license5 =
97"OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,\n"
98"SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT\n"
99"LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,\n"
100"DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY\n"
101"THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT\n"
102"(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE\n"
103"OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n"
104"\n";
105#endif /* CONFIG_NO_STDOUT_DEBUG */
106
6fc6879b
JM		 107extern int wpa_debug_level;
108extern int wpa_debug_show_keys;
109extern int wpa_debug_timestamp;
c5121837 110extern struct wpa_driver_ops *wpa_drivers[];
6fc6879b
JM		 111
112/* Configure default/group WEP keys for static WEP */
0194fedb 113int wpa_set_wep_keys(struct wpa_supplicant *wpa_s, struct wpa_ssid *ssid)
6fc6879b
JM		 114{
115 int i, set = 0;
116
117 for (i = 0; i < NUM_WEP_KEYS; i++) {
118 if (ssid->wep_key_len[i] == 0)
119 continue;
120
121 set = 1;
0382097e 122 wpa_drv_set_key(wpa_s, WPA_ALG_WEP, NULL,
da64c266 123 i, i == ssid->wep_tx_keyidx, NULL, 0,
6fc6879b
JM		 124 ssid->wep_key[i], ssid->wep_key_len[i]);
125 }
126
127 return set;
128}
129
130
6ea1f413
JM		 131int wpa_supplicant_set_wpa_none_key(struct wpa_supplicant *wpa_s,
132 struct wpa_ssid *ssid)
6fc6879b
JM		 133{
134 u8 key[32];
135 size_t keylen;
71934751 136 enum wpa_alg alg;
6fc6879b
JM		 137 u8 seq[6] = { 0 };
138
139 /* IBSS/WPA-None uses only one key (Group) for both receiving and
140 * sending unicast and multicast packets. */
141
d7dcba70 142 if (ssid->mode != WPAS_MODE_IBSS) {
f049052b
BG		 143 wpa_msg(wpa_s, MSG_INFO, "WPA: Invalid mode %d (not "
144 "IBSS/ad-hoc) for WPA-None", ssid->mode);
6fc6879b
JM		 145 return -1;
146 }
147
148 if (!ssid->psk_set) {
f049052b
BG		 149 wpa_msg(wpa_s, MSG_INFO, "WPA: No PSK configured for "
150 "WPA-None");
6fc6879b
JM		 151 return -1;
152 }
153
154 switch (wpa_s->group_cipher) {
155 case WPA_CIPHER_CCMP:
156 os_memcpy(key, ssid->psk, 16);
157 keylen = 16;
158 alg = WPA_ALG_CCMP;
159 break;
eb7719ff
JM		 160 case WPA_CIPHER_GCMP:
161 os_memcpy(key, ssid->psk, 16);
162 keylen = 16;
163 alg = WPA_ALG_GCMP;
164 break;
6fc6879b
JM		 165 case WPA_CIPHER_TKIP:
166 /* WPA-None uses the same Michael MIC key for both TX and RX */
167 os_memcpy(key, ssid->psk, 16 + 8);
168 os_memcpy(key + 16 + 8, ssid->psk + 16, 8);
169 keylen = 32;
170 alg = WPA_ALG_TKIP;
171 break;
172 default:
f049052b
BG		 173 wpa_msg(wpa_s, MSG_INFO, "WPA: Invalid group cipher %d for "
174 "WPA-None", wpa_s->group_cipher);
6fc6879b
JM		 175 return -1;
176 }
177
178 /* TODO: should actually remember the previously used seq#, both for TX
179 * and RX from each STA.. */
180
0382097e 181 return wpa_drv_set_key(wpa_s, alg, NULL, 0, 1, seq, 6, key, keylen);
6fc6879b
JM		 182}
183
184
185static void wpa_supplicant_timeout(void *eloop_ctx, void *timeout_ctx)
186{
187 struct wpa_supplicant *wpa_s = eloop_ctx;
188 const u8 *bssid = wpa_s->bssid;
a8e16edc 189 if (is_zero_ether_addr(bssid))
6fc6879b
JM		 190 bssid = wpa_s->pending_bssid;
191 wpa_msg(wpa_s, MSG_INFO, "Authentication with " MACSTR " timed out.",
192 MAC2STR(bssid));
193 wpa_blacklist_add(wpa_s, bssid);
194 wpa_sm_notify_disassoc(wpa_s->wpa);
07783eaa 195 wpa_supplicant_deauthenticate(wpa_s, WLAN_REASON_DEAUTH_LEAVING);
6fc6879b 196 wpa_s->reassociate = 1;
48b84f18
BG		 197
198 /*
199 * If we timed out, the AP or the local radio may be busy.
200 * So, wait a second until scanning again.
201 */
202 wpa_supplicant_req_scan(wpa_s, 1, 0);
99fcd404 203
f85f545e 204 wpas_p2p_continue_after_scan(wpa_s);
6fc6879b
JM		 205}
206
207
208/**
209 * wpa_supplicant_req_auth_timeout - Schedule a timeout for authentication
210 * @wpa_s: Pointer to wpa_supplicant data
211 * @sec: Number of seconds after which to time out authentication
212 * @usec: Number of microseconds after which to time out authentication
213 *
214 * This function is used to schedule a timeout for the current authentication
215 * attempt.
216 */
217void wpa_supplicant_req_auth_timeout(struct wpa_supplicant *wpa_s,
218 int sec, int usec)
219{
c2a04078
JM		 220 if (wpa_s->conf && wpa_s->conf->ap_scan == 0 &&
221 (wpa_s->drv_flags & WPA_DRIVER_FLAGS_WIRED))
6fc6879b
JM		 222 return;
223
f049052b 224 wpa_dbg(wpa_s, MSG_DEBUG, "Setting authentication timeout: %d sec "
6fc6879b
JM		 225 "%d usec", sec, usec);
226 eloop_cancel_timeout(wpa_supplicant_timeout, wpa_s, NULL);
227 eloop_register_timeout(sec, usec, wpa_supplicant_timeout, wpa_s, NULL);
228}
229
230
231/**
232 * wpa_supplicant_cancel_auth_timeout - Cancel authentication timeout
233 * @wpa_s: Pointer to wpa_supplicant data
234 *
235 * This function is used to cancel authentication timeout scheduled with
236 * wpa_supplicant_req_auth_timeout() and it is called when authentication has
237 * been completed.
238 */
239void wpa_supplicant_cancel_auth_timeout(struct wpa_supplicant *wpa_s)
240{
f049052b 241 wpa_dbg(wpa_s, MSG_DEBUG, "Cancelling authentication timeout");
6fc6879b
JM		 242 eloop_cancel_timeout(wpa_supplicant_timeout, wpa_s, NULL);
243 wpa_blacklist_del(wpa_s, wpa_s->bssid);
244}
245
246
247/**
248 * wpa_supplicant_initiate_eapol - Configure EAPOL state machine
249 * @wpa_s: Pointer to wpa_supplicant data
250 *
251 * This function is used to configure EAPOL state machine based on the selected
252 * authentication mode.
253 */
254void wpa_supplicant_initiate_eapol(struct wpa_supplicant *wpa_s)
255{
256#ifdef IEEE8021X_EAPOL
257 struct eapol_config eapol_conf;
258 struct wpa_ssid *ssid = wpa_s->current_ssid;
259
53895c3b 260#ifdef CONFIG_IBSS_RSN
d7dcba70 261 if (ssid->mode == WPAS_MODE_IBSS &&
53895c3b
JM		 262 wpa_s->key_mgmt != WPA_KEY_MGMT_NONE &&
263 wpa_s->key_mgmt != WPA_KEY_MGMT_WPA_NONE) {
264 /*
265 * RSN IBSS authentication is per-STA and we can disable the
266 * per-BSSID EAPOL authentication.
267 */
268 eapol_sm_notify_portControl(wpa_s->eapol, ForceAuthorized);
269 eapol_sm_notify_eap_success(wpa_s->eapol, TRUE);
270 eapol_sm_notify_eap_fail(wpa_s->eapol, FALSE);
271 return;
272 }
273#endif /* CONFIG_IBSS_RSN */
274
0a40ec6a
JM		 275 eapol_sm_notify_eap_success(wpa_s->eapol, FALSE);
276 eapol_sm_notify_eap_fail(wpa_s->eapol, FALSE);
277
6fc6879b
JM		 278 if (wpa_s->key_mgmt == WPA_KEY_MGMT_NONE ||
279 wpa_s->key_mgmt == WPA_KEY_MGMT_WPA_NONE)
280 eapol_sm_notify_portControl(wpa_s->eapol, ForceAuthorized);
281 else
282 eapol_sm_notify_portControl(wpa_s->eapol, Auto);
283
284 os_memset(&eapol_conf, 0, sizeof(eapol_conf));
285 if (wpa_s->key_mgmt == WPA_KEY_MGMT_IEEE8021X_NO_WPA) {
286 eapol_conf.accept_802_1x_keys = 1;
287 eapol_conf.required_keys = 0;
288 if (ssid->eapol_flags & EAPOL_FLAG_REQUIRE_KEY_UNICAST) {
289 eapol_conf.required_keys |= EAPOL_REQUIRE_KEY_UNICAST;
290 }
291 if (ssid->eapol_flags & EAPOL_FLAG_REQUIRE_KEY_BROADCAST) {
292 eapol_conf.required_keys |=
293 EAPOL_REQUIRE_KEY_BROADCAST;
294 }
295
c2a04078 296 if (wpa_s->conf && (wpa_s->drv_flags & WPA_DRIVER_FLAGS_WIRED))
6fc6879b 297 eapol_conf.required_keys = 0;
6fc6879b
JM		 298 }
299 if (wpa_s->conf)
300 eapol_conf.fast_reauth = wpa_s->conf->fast_reauth;
301 eapol_conf.workaround = ssid->eap_workaround;
56586197
JM		 302 eapol_conf.eap_disabled =
303 !wpa_key_mgmt_wpa_ieee8021x(wpa_s->key_mgmt) &&
ad08c363
JM		 304 wpa_s->key_mgmt != WPA_KEY_MGMT_IEEE8021X_NO_WPA &&
305 wpa_s->key_mgmt != WPA_KEY_MGMT_WPS;
a5d44ac0 306 eapol_conf.external_sim = wpa_s->conf->external_sim;
6fc6879b
JM		 307 eapol_sm_notify_config(wpa_s->eapol, &ssid->eap, &eapol_conf);
308#endif /* IEEE8021X_EAPOL */
309}
310
311
312/**
313 * wpa_supplicant_set_non_wpa_policy - Set WPA parameters to non-WPA mode
314 * @wpa_s: Pointer to wpa_supplicant data
315 * @ssid: Configuration data for the network
316 *
317 * This function is used to configure WPA state machine and related parameters
318 * to a mode where WPA is not enabled. This is called as part of the
319 * authentication configuration when the selected network does not use WPA.
320 */
321void wpa_supplicant_set_non_wpa_policy(struct wpa_supplicant *wpa_s,
322 struct wpa_ssid *ssid)
323{
324 int i;
325
ad08c363
JM		 326 if (ssid->key_mgmt & WPA_KEY_MGMT_WPS)
327 wpa_s->key_mgmt = WPA_KEY_MGMT_WPS;
328 else if (ssid->key_mgmt & WPA_KEY_MGMT_IEEE8021X_NO_WPA)
6fc6879b
JM		 329 wpa_s->key_mgmt = WPA_KEY_MGMT_IEEE8021X_NO_WPA;
330 else
331 wpa_s->key_mgmt = WPA_KEY_MGMT_NONE;
332 wpa_sm_set_ap_wpa_ie(wpa_s->wpa, NULL, 0);
333 wpa_sm_set_ap_rsn_ie(wpa_s->wpa, NULL, 0);
334 wpa_sm_set_assoc_wpa_ie(wpa_s->wpa, NULL, 0);
335 wpa_s->pairwise_cipher = WPA_CIPHER_NONE;
336 wpa_s->group_cipher = WPA_CIPHER_NONE;
337 wpa_s->mgmt_group_cipher = 0;
338
339 for (i = 0; i < NUM_WEP_KEYS; i++) {
340 if (ssid->wep_key_len[i] > 5) {
341 wpa_s->pairwise_cipher = WPA_CIPHER_WEP104;
342 wpa_s->group_cipher = WPA_CIPHER_WEP104;
343 break;
344 } else if (ssid->wep_key_len[i] > 0) {
345 wpa_s->pairwise_cipher = WPA_CIPHER_WEP40;
346 wpa_s->group_cipher = WPA_CIPHER_WEP40;
347 break;
348 }
349 }
350
351 wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_RSN_ENABLED, 0);
352 wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_KEY_MGMT, wpa_s->key_mgmt);
353 wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_PAIRWISE,
354 wpa_s->pairwise_cipher);
355 wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_GROUP, wpa_s->group_cipher);
356#ifdef CONFIG_IEEE80211W
357 wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_MGMT_GROUP,
358 wpa_s->mgmt_group_cipher);
359#endif /* CONFIG_IEEE80211W */
360
361 pmksa_cache_clear_current(wpa_s->wpa);
362}
363
364
6979582c 365void free_hw_features(struct wpa_supplicant *wpa_s)
6bf731e8
CL		 366{
367 int i;
368 if (wpa_s->hw.modes == NULL)
369 return;
370
371 for (i = 0; i < wpa_s->hw.num_modes; i++) {
372 os_free(wpa_s->hw.modes[i].channels);
373 os_free(wpa_s->hw.modes[i].rates);
374 }
375
376 os_free(wpa_s->hw.modes);
377 wpa_s->hw.modes = NULL;
378}
379
380
6fc6879b
JM		 381static void wpa_supplicant_cleanup(struct wpa_supplicant *wpa_s)
382{
60b94c98 383 bgscan_deinit(wpa_s);
7c865c68 384 autoscan_deinit(wpa_s);
6fc6879b
JM		 385 scard_deinit(wpa_s->scard);
386 wpa_s->scard = NULL;
387 wpa_sm_set_scard_ctx(wpa_s->wpa, NULL);
388 eapol_sm_register_scard_ctx(wpa_s->eapol, NULL);
389 l2_packet_deinit(wpa_s->l2);
390 wpa_s->l2 = NULL;
391 if (wpa_s->l2_br) {
392 l2_packet_deinit(wpa_s->l2_br);
393 wpa_s->l2_br = NULL;
394 }
395
6fc6879b 396 if (wpa_s->conf != NULL) {
8e56d189
JM		 397 struct wpa_ssid *ssid;
398 for (ssid = wpa_s->conf->ssid; ssid; ssid = ssid->next)
399 wpas_notify_network_removed(wpa_s, ssid);
6fc6879b
JM		 400 }
401
402 os_free(wpa_s->confname);
403 wpa_s->confname = NULL;
404
e6304cad
DS		 405 os_free(wpa_s->confanother);
406 wpa_s->confanother = NULL;
407
6fc6879b
JM		 408 wpa_sm_set_eapol(wpa_s->wpa, NULL);
409 eapol_sm_deinit(wpa_s->eapol);
410 wpa_s->eapol = NULL;
411
412 rsn_preauth_deinit(wpa_s->wpa);
413
281ff0aa
GP		 414#ifdef CONFIG_TDLS
415 wpa_tdls_deinit(wpa_s->wpa);
416#endif /* CONFIG_TDLS */
417
6fc6879b
JM		 418 pmksa_candidate_free(wpa_s->wpa);
419 wpa_sm_deinit(wpa_s->wpa);
420 wpa_s->wpa = NULL;
421 wpa_blacklist_clear(wpa_s);
422
83922c2d 423 wpa_bss_deinit(wpa_s);
6fc6879b 424
831770bf 425 wpa_supplicant_cancel_delayed_sched_scan(wpa_s);
6fc6879b
JM		 426 wpa_supplicant_cancel_scan(wpa_s);
427 wpa_supplicant_cancel_auth_timeout(wpa_s);
01a17491
JM		 428 eloop_cancel_timeout(wpa_supplicant_stop_countermeasures, wpa_s, NULL);
429#ifdef CONFIG_DELAYED_MIC_ERROR_REPORT
430 eloop_cancel_timeout(wpa_supplicant_delayed_mic_error_report,
431 wpa_s, NULL);
432#endif /* CONFIG_DELAYED_MIC_ERROR_REPORT */
6fc6879b 433
116654ce 434 wpas_wps_deinit(wpa_s);
11ef8d35 435
1ff73338
JM		 436 wpabuf_free(wpa_s->pending_eapol_rx);
437 wpa_s->pending_eapol_rx = NULL;
438
11ef8d35
JM		 439#ifdef CONFIG_IBSS_RSN
440 ibss_rsn_deinit(wpa_s->ibss_rsn);
441 wpa_s->ibss_rsn = NULL;
442#endif /* CONFIG_IBSS_RSN */
c2a04078 443
e29853bb 444 sme_deinit(wpa_s);
2d5b792d
JM		 445
446#ifdef CONFIG_AP
447 wpa_supplicant_ap_deinit(wpa_s);
448#endif /* CONFIG_AP */
b22128ef
JM		 449
450#ifdef CONFIG_P2P
451 wpas_p2p_deinit(wpa_s);
452#endif /* CONFIG_P2P */
f47d639d 453
24f6497c
JM		 454#ifdef CONFIG_OFFCHANNEL
455 offchannel_deinit(wpa_s);
456#endif /* CONFIG_OFFCHANNEL */
457
a4cba8f1
LC		 458 wpa_supplicant_cancel_sched_scan(wpa_s);
459
f47d639d
JM		 460 os_free(wpa_s->next_scan_freqs);
461 wpa_s->next_scan_freqs = NULL;
04ea7b79
JM		 462
463 gas_query_deinit(wpa_s->gas);
464 wpa_s->gas = NULL;
6bf731e8
CL		 465
466 free_hw_features(wpa_s);
d445a5cd
JM		 467
468 os_free(wpa_s->bssid_filter);
469 wpa_s->bssid_filter = NULL;
b6668734 470
6407f413
JM		 471 os_free(wpa_s->disallow_aps_bssid);
472 wpa_s->disallow_aps_bssid = NULL;
473 os_free(wpa_s->disallow_aps_ssid);
474 wpa_s->disallow_aps_ssid = NULL;
475
b6668734 476 wnm_bss_keep_alive_deinit(wpa_s);
e27d20bb
VK		 477#ifdef CONFIG_WNM
478 wnm_deallocate_memory(wpa_s);
479#endif /* CONFIG_WNM */
306ae225
JM		 480
481 ext_password_deinit(wpa_s->ext_pw);
482 wpa_s->ext_pw = NULL;
b1f12296
JM		 483
484 wpabuf_free(wpa_s->last_gas_resp);
a297201d
JM		 485
486 os_free(wpa_s->last_scan_res);
487 wpa_s->last_scan_res = NULL;
6fc6879b
JM		 488}
489
490
491/**
492 * wpa_clear_keys - Clear keys configured for the driver
493 * @wpa_s: Pointer to wpa_supplicant data
494 * @addr: Previously used BSSID or %NULL if not available
495 *
496 * This function clears the encryption keys that has been previously configured
497 * for the driver.
498 */
499void wpa_clear_keys(struct wpa_supplicant *wpa_s, const u8 *addr)
500{
6fc6879b
JM		 501 if (wpa_s->keys_cleared) {
502 /* Some drivers (e.g., ndiswrapper & NDIS drivers) seem to have
503 * timing issues with keys being cleared just before new keys
504 * are set or just after association or something similar. This
505 * shows up in group key handshake failing often because of the
506 * client not receiving the first encrypted packets correctly.
507 * Skipping some of the extra key clearing steps seems to help
508 * in completing group key handshake more reliably. */
f049052b
BG		 509 wpa_dbg(wpa_s, MSG_DEBUG, "No keys have been configured - "
510 "skip key clearing");
6fc6879b
JM		 511 return;
512 }
513
514 /* MLME-DELETEKEYS.request */
0382097e
JM		 515 wpa_drv_set_key(wpa_s, WPA_ALG_NONE, NULL, 0, 0, NULL, 0, NULL, 0);
516 wpa_drv_set_key(wpa_s, WPA_ALG_NONE, NULL, 1, 0, NULL, 0, NULL, 0);
517 wpa_drv_set_key(wpa_s, WPA_ALG_NONE, NULL, 2, 0, NULL, 0, NULL, 0);
518 wpa_drv_set_key(wpa_s, WPA_ALG_NONE, NULL, 3, 0, NULL, 0, NULL, 0);
0e27f655 519#ifdef CONFIG_IEEE80211W
0382097e
JM		 520 wpa_drv_set_key(wpa_s, WPA_ALG_NONE, NULL, 4, 0, NULL, 0, NULL, 0);
521 wpa_drv_set_key(wpa_s, WPA_ALG_NONE, NULL, 5, 0, NULL, 0, NULL, 0);
0e27f655 522#endif /* CONFIG_IEEE80211W */
6fc6879b
JM		 523 if (addr) {
524 wpa_drv_set_key(wpa_s, WPA_ALG_NONE, addr, 0, 0, NULL, 0, NULL,
525 0);
526 /* MLME-SETPROTECTION.request(None) */
527 wpa_drv_mlme_setprotection(
528 wpa_s, addr,
529 MLME_SETPROTECTION_PROTECT_TYPE_NONE,
530 MLME_SETPROTECTION_KEY_TYPE_PAIRWISE);
531 }
532 wpa_s->keys_cleared = 1;
533}
534
535
536/**
537 * wpa_supplicant_state_txt - Get the connection state name as a text string
538 * @state: State (wpa_state; WPA_*)
539 * Returns: The state name as a printable text string
540 */
71934751 541const char * wpa_supplicant_state_txt(enum wpa_states state)
6fc6879b
JM		 542{
543 switch (state) {
544 case WPA_DISCONNECTED:
545 return "DISCONNECTED";
546 case WPA_INACTIVE:
547 return "INACTIVE";
8401a6b0
JM		 548 case WPA_INTERFACE_DISABLED:
549 return "INTERFACE_DISABLED";
6fc6879b
JM		 550 case WPA_SCANNING:
551 return "SCANNING";
c2a04078
JM		 552 case WPA_AUTHENTICATING:
553 return "AUTHENTICATING";
6fc6879b
JM		 554 case WPA_ASSOCIATING:
555 return "ASSOCIATING";
556 case WPA_ASSOCIATED:
557 return "ASSOCIATED";
558 case WPA_4WAY_HANDSHAKE:
559 return "4WAY_HANDSHAKE";
560 case WPA_GROUP_HANDSHAKE:
561 return "GROUP_HANDSHAKE";
562 case WPA_COMPLETED:
563 return "COMPLETED";
564 default:
565 return "UNKNOWN";
566 }
567}
568
569
cfe53c9a
PS		 570#ifdef CONFIG_BGSCAN
571
572static void wpa_supplicant_start_bgscan(struct wpa_supplicant *wpa_s)
573{
0096c427
JM		 574 if (wpas_driver_bss_selection(wpa_s))
575 return;
cfe53c9a
PS		 576 if (wpa_s->current_ssid == wpa_s->bgscan_ssid)
577 return;
578
579 bgscan_deinit(wpa_s);
580 if (wpa_s->current_ssid && wpa_s->current_ssid->bgscan) {
581 if (bgscan_init(wpa_s, wpa_s->current_ssid)) {
582 wpa_dbg(wpa_s, MSG_DEBUG, "Failed to initialize "
583 "bgscan");
584 /*
585 * Live without bgscan; it is only used as a roaming
586 * optimization, so the initial connection is not
587 * affected.
588 */
6409b7a7
YD		 589 } else {
590 struct wpa_scan_results *scan_res;
cfe53c9a 591 wpa_s->bgscan_ssid = wpa_s->current_ssid;
6409b7a7
YD		 592 scan_res = wpa_supplicant_get_scan_results(wpa_s, NULL,
593 0);
594 if (scan_res) {
595 bgscan_notify_scan(wpa_s, scan_res);
596 wpa_scan_results_free(scan_res);
597 }
598 }
cfe53c9a
PS		 599 } else
600 wpa_s->bgscan_ssid = NULL;
601}
602
603
604static void wpa_supplicant_stop_bgscan(struct wpa_supplicant *wpa_s)
605{
606 if (wpa_s->bgscan_ssid != NULL) {
607 bgscan_deinit(wpa_s);
608 wpa_s->bgscan_ssid = NULL;
609 }
610}
611
612#endif /* CONFIG_BGSCAN */
613
614
7c865c68
TB		 615static void wpa_supplicant_start_autoscan(struct wpa_supplicant *wpa_s)
616{
99218999 617 if (autoscan_init(wpa_s, 0))
7c865c68
TB		 618 wpa_dbg(wpa_s, MSG_DEBUG, "Failed to initialize autoscan");
619}
620
621
622static void wpa_supplicant_stop_autoscan(struct wpa_supplicant *wpa_s)
623{
624 autoscan_deinit(wpa_s);
625}
626
627
c3d12238
JM		 628void wpa_supplicant_reinit_autoscan(struct wpa_supplicant *wpa_s)
629{
630 if (wpa_s->wpa_state == WPA_DISCONNECTED ||
631 wpa_s->wpa_state == WPA_SCANNING) {
632 autoscan_deinit(wpa_s);
633 wpa_supplicant_start_autoscan(wpa_s);
634 }
635}
636
637
6fc6879b
JM		 638/**
639 * wpa_supplicant_set_state - Set current connection state
640 * @wpa_s: Pointer to wpa_supplicant data
641 * @state: The new connection state
642 *
643 * This function is called whenever the connection state changes, e.g.,
644 * association is completed for WPA/WPA2 4-Way Handshake is started.
645 */
71934751
JM		 646void wpa_supplicant_set_state(struct wpa_supplicant *wpa_s,
647 enum wpa_states state)
6fc6879b 648{
27f43d8d
MH		 649 enum wpa_states old_state = wpa_s->wpa_state;
650
f049052b
BG		 651 wpa_dbg(wpa_s, MSG_DEBUG, "State: %s -> %s",
652 wpa_supplicant_state_txt(wpa_s->wpa_state),
653 wpa_supplicant_state_txt(state));
6fc6879b 654
cb8564b1
DW		 655 if (state != WPA_SCANNING)
656 wpa_supplicant_notify_scanning(wpa_s, 0);
657
6fc6879b 658 if (state == WPA_COMPLETED && wpa_s->new_connection) {
6fc6879b 659 struct wpa_ssid *ssid = wpa_s->current_ssid;
7d37a357 660#if defined(CONFIG_CTRL_IFACE) || !defined(CONFIG_NO_STDOUT_DEBUG)
6fc6879b 661 wpa_msg(wpa_s, MSG_INFO, WPA_EVENT_CONNECTED "- Connection to "
1cfc6787
JM		 662 MACSTR " completed [id=%d id_str=%s]",
663 MAC2STR(wpa_s->bssid),
6fc6879b
JM		 664 ssid ? ssid->id : -1,
665 ssid && ssid->id_str ? ssid->id_str : "");
666#endif /* CONFIG_CTRL_IFACE || !CONFIG_NO_STDOUT_DEBUG */
00e5e3d5 667 wpas_clear_temp_disabled(wpa_s, ssid, 1);
f1a52633 668 wpa_s->extra_blacklist_count = 0;
6fc6879b 669 wpa_s->new_connection = 0;
6fc6879b 670 wpa_drv_set_operstate(wpa_s, 1);
99ac2913
FF		 671#ifndef IEEE8021X_EAPOL
672 wpa_drv_set_supp_port(wpa_s, 1);
673#endif /* IEEE8021X_EAPOL */
17a4734d 674 wpa_s->after_wps = 0;
b22128ef
JM		 675#ifdef CONFIG_P2P
676 wpas_p2p_completed(wpa_s);
677#endif /* CONFIG_P2P */
c3701c66
RM		 678
679 sme_sched_obss_scan(wpa_s, 1);
6fc6879b
JM		 680 } else if (state == WPA_DISCONNECTED || state == WPA_ASSOCIATING ||
681 state == WPA_ASSOCIATED) {
682 wpa_s->new_connection = 1;
683 wpa_drv_set_operstate(wpa_s, 0);
99ac2913
FF		 684#ifndef IEEE8021X_EAPOL
685 wpa_drv_set_supp_port(wpa_s, 0);
686#endif /* IEEE8021X_EAPOL */
c3701c66 687 sme_sched_obss_scan(wpa_s, 0);
6fc6879b
JM		 688 }
689 wpa_s->wpa_state = state;
27f43d8d 690
cfe53c9a
PS		 691#ifdef CONFIG_BGSCAN
692 if (state == WPA_COMPLETED)
693 wpa_supplicant_start_bgscan(wpa_s);
694 else
695 wpa_supplicant_stop_bgscan(wpa_s);
696#endif /* CONFIG_BGSCAN */
697
7c865c68
TB		 698 if (state == WPA_AUTHENTICATING)
699 wpa_supplicant_stop_autoscan(wpa_s);
700
701 if (state == WPA_DISCONNECTED || state == WPA_INACTIVE)
702 wpa_supplicant_start_autoscan(wpa_s);
703
5bbf9f10 704 if (wpa_s->wpa_state != old_state) {
27f43d8d 705 wpas_notify_state_changed(wpa_s, wpa_s->wpa_state, old_state);
5bbf9f10
PS		 706
707 if (wpa_s->wpa_state == WPA_COMPLETED ||
708 old_state == WPA_COMPLETED)
709 wpas_notify_auth_changed(wpa_s);
710 }
6fc6879b
JM		 711}
712
713
1a1bf008
JM		 714void wpa_supplicant_terminate_proc(struct wpa_global *global)
715{
716 int pending = 0;
717#ifdef CONFIG_WPS
718 struct wpa_supplicant *wpa_s = global->ifaces;
719 while (wpa_s) {
20625e97
JM		 720#ifdef CONFIG_P2P
721 if (wpa_s->p2p_group_interface != NOT_P2P_GROUP_INTERFACE ||
722 (wpa_s->current_ssid && wpa_s->current_ssid->p2p_group))
723 wpas_p2p_disconnect(wpa_s);
724#endif /* CONFIG_P2P */
1a1bf008
JM		 725 if (wpas_wps_terminate_pending(wpa_s) == 1)
726 pending = 1;
727 wpa_s = wpa_s->next;
728 }
729#endif /* CONFIG_WPS */
730 if (pending)
731 return;
732 eloop_terminate();
733}
734
735
0456ea16 736static void wpa_supplicant_terminate(int sig, void *signal_ctx)
6fc6879b 737{
0456ea16 738 struct wpa_global *global = signal_ctx;
1a1bf008 739 wpa_supplicant_terminate_proc(global);
6fc6879b
JM		 740}
741
742
b22128ef 743void wpa_supplicant_clear_status(struct wpa_supplicant *wpa_s)
6fc6879b 744{
71934751 745 enum wpa_states old_state = wpa_s->wpa_state;
27f43d8d 746
6fc6879b
JM		 747 wpa_s->pairwise_cipher = 0;
748 wpa_s->group_cipher = 0;
749 wpa_s->mgmt_group_cipher = 0;
750 wpa_s->key_mgmt = 0;
8401a6b0 751 if (wpa_s->wpa_state != WPA_INTERFACE_DISABLED)
99218999 752 wpa_supplicant_set_state(wpa_s, WPA_DISCONNECTED);
27f43d8d
MH		 753
754 if (wpa_s->wpa_state != old_state)
755 wpas_notify_state_changed(wpa_s, wpa_s->wpa_state, old_state);
6fc6879b
JM		 756}
757
758
759/**
760 * wpa_supplicant_reload_configuration - Reload configuration data
761 * @wpa_s: Pointer to wpa_supplicant data
762 * Returns: 0 on success or -1 if configuration parsing failed
763 *
764 * This function can be used to request that the configuration data is reloaded
765 * (e.g., after configuration file change). This function is reloading
766 * configuration only for one interface, so this may need to be called multiple
767 * times if %wpa_supplicant is controlling multiple interfaces and all
768 * interfaces need reconfiguration.
769 */
770int wpa_supplicant_reload_configuration(struct wpa_supplicant *wpa_s)
771{
772 struct wpa_config *conf;
773 int reconf_ctrl;
8bac466b
JM		 774 int old_ap_scan;
775
6fc6879b
JM		 776 if (wpa_s->confname == NULL)
777 return -1;
e6304cad 778 conf = wpa_config_read(wpa_s->confname, NULL);
6fc6879b
JM		 779 if (conf == NULL) {
780 wpa_msg(wpa_s, MSG_ERROR, "Failed to parse the configuration "
781 "file '%s' - exiting", wpa_s->confname);
782 return -1;
783 }
e6304cad
DS		 784 wpa_config_read(wpa_s->confanother, conf);
785
611aea7d 786 conf->changed_parameters = (unsigned int) -1;
6fc6879b
JM		 787
788 reconf_ctrl = !!conf->ctrl_interface != !!wpa_s->conf->ctrl_interface
789 || (conf->ctrl_interface && wpa_s->conf->ctrl_interface &&
790 os_strcmp(conf->ctrl_interface,
791 wpa_s->conf->ctrl_interface) != 0);
792
793 if (reconf_ctrl && wpa_s->ctrl_iface) {
794 wpa_supplicant_ctrl_iface_deinit(wpa_s->ctrl_iface);
795 wpa_s->ctrl_iface = NULL;
796 }
797
798 eapol_sm_invalidate_cached_session(wpa_s->eapol);
7b7ce8aa
JM		 799 if (wpa_s->current_ssid) {
800 wpa_supplicant_deauthenticate(wpa_s,
801 WLAN_REASON_DEAUTH_LEAVING);
802 }
8bac466b 803
6fc6879b
JM		 804 /*
805 * TODO: should notify EAPOL SM about changes in opensc_engine_path,
806 * pkcs11_engine_path, pkcs11_module_path.
807 */
56586197 808 if (wpa_key_mgmt_wpa_psk(wpa_s->key_mgmt)) {
6fc6879b
JM		 809 /*
810 * Clear forced success to clear EAP state for next
811 * authentication.
812 */
813 eapol_sm_notify_eap_success(wpa_s->eapol, FALSE);
814 }
815 eapol_sm_notify_config(wpa_s->eapol, NULL, NULL);
816 wpa_sm_set_config(wpa_s->wpa, NULL);
d8a790b9 817 wpa_sm_pmksa_cache_flush(wpa_s->wpa, NULL);
6fc6879b
JM		 818 wpa_sm_set_fast_reauth(wpa_s->wpa, wpa_s->conf->fast_reauth);
819 rsn_preauth_deinit(wpa_s->wpa);
8bac466b
JM		 820
821 old_ap_scan = wpa_s->conf->ap_scan;
6fc6879b
JM		 822 wpa_config_free(wpa_s->conf);
823 wpa_s->conf = conf;
8bac466b
JM		 824 if (old_ap_scan != wpa_s->conf->ap_scan)
825 wpas_notify_ap_scan_changed(wpa_s);
826
6fc6879b
JM		 827 if (reconf_ctrl)
828 wpa_s->ctrl_iface = wpa_supplicant_ctrl_iface_init(wpa_s);
829
611aea7d
JM		 830 wpa_supplicant_update_config(wpa_s);
831
6fc6879b 832 wpa_supplicant_clear_status(wpa_s);
349493bd 833 if (wpa_supplicant_enabled_networks(wpa_s)) {
43a38635
JM		 834 wpa_s->reassociate = 1;
835 wpa_supplicant_req_scan(wpa_s, 0, 0);
836 }
f049052b 837 wpa_dbg(wpa_s, MSG_DEBUG, "Reconfiguration completed");
6fc6879b
JM		 838 return 0;
839}
840
841
0456ea16 842static void wpa_supplicant_reconfig(int sig, void *signal_ctx)
6fc6879b 843{
0456ea16 844 struct wpa_global *global = signal_ctx;
6fc6879b 845 struct wpa_supplicant *wpa_s;
6fc6879b 846 for (wpa_s = global->ifaces; wpa_s; wpa_s = wpa_s->next) {
f049052b
BG		 847 wpa_dbg(wpa_s, MSG_DEBUG, "Signal %d received - reconfiguring",
848 sig);
6fc6879b 849 if (wpa_supplicant_reload_configuration(wpa_s) < 0) {
1a1bf008 850 wpa_supplicant_terminate_proc(global);
6fc6879b
JM		 851 }
852 }
853}
854
855
508545f3 856enum wpa_key_mgmt key_mgmt2driver(int key_mgmt)
6fc6879b
JM		 857{
858 switch (key_mgmt) {
859 case WPA_KEY_MGMT_NONE:
860 return KEY_MGMT_NONE;
861 case WPA_KEY_MGMT_IEEE8021X_NO_WPA:
862 return KEY_MGMT_802_1X_NO_WPA;
863 case WPA_KEY_MGMT_IEEE8021X:
864 return KEY_MGMT_802_1X;
865 case WPA_KEY_MGMT_WPA_NONE:
866 return KEY_MGMT_WPA_NONE;
867 case WPA_KEY_MGMT_FT_IEEE8021X:
868 return KEY_MGMT_FT_802_1X;
869 case WPA_KEY_MGMT_FT_PSK:
870 return KEY_MGMT_FT_PSK;
56586197
JM		 871 case WPA_KEY_MGMT_IEEE8021X_SHA256:
872 return KEY_MGMT_802_1X_SHA256;
873 case WPA_KEY_MGMT_PSK_SHA256:
874 return KEY_MGMT_PSK_SHA256;
ad08c363
JM		 875 case WPA_KEY_MGMT_WPS:
876 return KEY_MGMT_WPS;
6fc6879b
JM		 877 case WPA_KEY_MGMT_PSK:
878 default:
879 return KEY_MGMT_PSK;
880 }
881}
882
883
884static int wpa_supplicant_suites_from_ai(struct wpa_supplicant *wpa_s,
885 struct wpa_ssid *ssid,
886 struct wpa_ie_data *ie)
887{
888 int ret = wpa_sm_parse_own_wpa_ie(wpa_s->wpa, ie);
889 if (ret) {
890 if (ret == -2) {
891 wpa_msg(wpa_s, MSG_INFO, "WPA: Failed to parse WPA IE "
892 "from association info");
893 }
894 return -1;
895 }
896
f049052b
BG		 897 wpa_dbg(wpa_s, MSG_DEBUG, "WPA: Using WPA IE from AssocReq to set "
898 "cipher suites");
6fc6879b
JM		 899 if (!(ie->group_cipher & ssid->group_cipher)) {
900 wpa_msg(wpa_s, MSG_INFO, "WPA: Driver used disabled group "
901 "cipher 0x%x (mask 0x%x) - reject",
902 ie->group_cipher, ssid->group_cipher);
903 return -1;
904 }
905 if (!(ie->pairwise_cipher & ssid->pairwise_cipher)) {
906 wpa_msg(wpa_s, MSG_INFO, "WPA: Driver used disabled pairwise "
907 "cipher 0x%x (mask 0x%x) - reject",
908 ie->pairwise_cipher, ssid->pairwise_cipher);
909 return -1;
910 }
911 if (!(ie->key_mgmt & ssid->key_mgmt)) {
912 wpa_msg(wpa_s, MSG_INFO, "WPA: Driver used disabled key "
913 "management 0x%x (mask 0x%x) - reject",
914 ie->key_mgmt, ssid->key_mgmt);
915 return -1;
916 }
917
918#ifdef CONFIG_IEEE80211W
0b60b0aa 919 if (!(ie->capabilities & WPA_CAPABILITY_MFPC) &&
62d49803
JM		 920 (ssid->ieee80211w == MGMT_FRAME_PROTECTION_DEFAULT ?
921 wpa_s->conf->pmf : ssid->ieee80211w) ==
922 MGMT_FRAME_PROTECTION_REQUIRED) {
6fc6879b
JM		 923 wpa_msg(wpa_s, MSG_INFO, "WPA: Driver associated with an AP "
924 "that does not support management frame protection - "
925 "reject");
926 return -1;
927 }
928#endif /* CONFIG_IEEE80211W */
929
930 return 0;
931}
932
933
934/**
935 * wpa_supplicant_set_suites - Set authentication and encryption parameters
936 * @wpa_s: Pointer to wpa_supplicant data
937 * @bss: Scan results for the selected BSS, or %NULL if not available
938 * @ssid: Configuration data for the selected network
939 * @wpa_ie: Buffer for the WPA/RSN IE
940 * @wpa_ie_len: Maximum wpa_ie buffer size on input. This is changed to be the
941 * used buffer length in case the functions returns success.
942 * Returns: 0 on success or -1 on failure
943 *
944 * This function is used to configure authentication and encryption parameters
945 * based on the network configuration and scan result for the selected BSS (if
946 * available).
947 */
948int wpa_supplicant_set_suites(struct wpa_supplicant *wpa_s,
6fa81a3b 949 struct wpa_bss *bss, struct wpa_ssid *ssid,
6fc6879b
JM		 950 u8 *wpa_ie, size_t *wpa_ie_len)
951{
952 struct wpa_ie_data ie;
953 int sel, proto;
954 const u8 *bss_wpa, *bss_rsn;
955
956 if (bss) {
6fa81a3b
JM		 957 bss_wpa = wpa_bss_get_vendor_ie(bss, WPA_IE_VENDOR_TYPE);
958 bss_rsn = wpa_bss_get_ie(bss, WLAN_EID_RSN);
6fc6879b
JM		 959 } else
960 bss_wpa = bss_rsn = NULL;
961
962 if (bss_rsn && (ssid->proto & WPA_PROTO_RSN) &&
963 wpa_parse_wpa_ie(bss_rsn, 2 + bss_rsn[1], &ie) == 0 &&
964 (ie.group_cipher & ssid->group_cipher) &&
965 (ie.pairwise_cipher & ssid->pairwise_cipher) &&
966 (ie.key_mgmt & ssid->key_mgmt)) {
f049052b 967 wpa_dbg(wpa_s, MSG_DEBUG, "RSN: using IEEE 802.11i/D9.0");
6fc6879b
JM		 968 proto = WPA_PROTO_RSN;
969 } else if (bss_wpa && (ssid->proto & WPA_PROTO_WPA) &&
970 wpa_parse_wpa_ie(bss_wpa, 2 +bss_wpa[1], &ie) == 0 &&
971 (ie.group_cipher & ssid->group_cipher) &&
972 (ie.pairwise_cipher & ssid->pairwise_cipher) &&
973 (ie.key_mgmt & ssid->key_mgmt)) {
f049052b 974 wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using IEEE 802.11i/D3.0");
6fc6879b
JM		 975 proto = WPA_PROTO_WPA;
976 } else if (bss) {
977 wpa_msg(wpa_s, MSG_WARNING, "WPA: Failed to select WPA/RSN");
978 return -1;
979 } else {
980 if (ssid->proto & WPA_PROTO_RSN)
981 proto = WPA_PROTO_RSN;
982 else
983 proto = WPA_PROTO_WPA;
984 if (wpa_supplicant_suites_from_ai(wpa_s, ssid, &ie) < 0) {
985 os_memset(&ie, 0, sizeof(ie));
986 ie.group_cipher = ssid->group_cipher;
987 ie.pairwise_cipher = ssid->pairwise_cipher;
988 ie.key_mgmt = ssid->key_mgmt;
989#ifdef CONFIG_IEEE80211W
990 ie.mgmt_group_cipher =
70f8cc8e 991 ssid->ieee80211w != NO_MGMT_FRAME_PROTECTION ?
6fc6879b
JM		 992 WPA_CIPHER_AES_128_CMAC : 0;
993#endif /* CONFIG_IEEE80211W */
f049052b
BG		 994 wpa_dbg(wpa_s, MSG_DEBUG, "WPA: Set cipher suites "
995 "based on configuration");
6fc6879b
JM		 996 } else
997 proto = ie.proto;
998 }
999
f049052b
BG		 1000 wpa_dbg(wpa_s, MSG_DEBUG, "WPA: Selected cipher suites: group %d "
1001 "pairwise %d key_mgmt %d proto %d",
1002 ie.group_cipher, ie.pairwise_cipher, ie.key_mgmt, proto);
6fc6879b
JM		 1003#ifdef CONFIG_IEEE80211W
1004 if (ssid->ieee80211w) {
f049052b
BG		 1005 wpa_dbg(wpa_s, MSG_DEBUG, "WPA: Selected mgmt group cipher %d",
1006 ie.mgmt_group_cipher);
6fc6879b
JM		 1007 }
1008#endif /* CONFIG_IEEE80211W */
1009
64fa840a 1010 wpa_s->wpa_proto = proto;
6fc6879b
JM		 1011 wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_PROTO, proto);
1012 wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_RSN_ENABLED,
1013 !!(ssid->proto & WPA_PROTO_RSN));
1014
1015 if (bss || !wpa_s->ap_ies_from_associnfo) {
1016 if (wpa_sm_set_ap_wpa_ie(wpa_s->wpa, bss_wpa,
1017 bss_wpa ? 2 + bss_wpa[1] : 0) ||
1018 wpa_sm_set_ap_rsn_ie(wpa_s->wpa, bss_rsn,
1019 bss_rsn ? 2 + bss_rsn[1] : 0))
1020 return -1;
1021 }
1022
1023 sel = ie.group_cipher & ssid->group_cipher;
edbd2a19
JM		 1024 wpa_s->group_cipher = wpa_pick_group_cipher(sel);
1025 if (wpa_s->group_cipher < 0) {
f049052b
BG		 1026 wpa_msg(wpa_s, MSG_WARNING, "WPA: Failed to select group "
1027 "cipher");
6fc6879b
JM		 1028 return -1;
1029 }
edbd2a19
JM		 1030 wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using GTK %s",
1031 wpa_cipher_txt(wpa_s->group_cipher));
6fc6879b
JM		 1032
1033 sel = ie.pairwise_cipher & ssid->pairwise_cipher;
edbd2a19
JM		 1034 wpa_s->pairwise_cipher = wpa_pick_pairwise_cipher(sel, 1);
1035 if (wpa_s->pairwise_cipher < 0) {
f049052b
BG		 1036 wpa_msg(wpa_s, MSG_WARNING, "WPA: Failed to select pairwise "
1037 "cipher");
6fc6879b
JM		 1038 return -1;
1039 }
edbd2a19
JM		 1040 wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using PTK %s",
1041 wpa_cipher_txt(wpa_s->pairwise_cipher));
6fc6879b
JM		 1042
1043 sel = ie.key_mgmt & ssid->key_mgmt;
c10347f2
JM		 1044#ifdef CONFIG_SAE
1045 if (!(wpa_s->drv_flags & WPA_DRIVER_FLAGS_SAE))
1046 sel &= ~(WPA_KEY_MGMT_SAE | WPA_KEY_MGMT_FT_SAE);
1047#endif /* CONFIG_SAE */
6fc6879b
JM		 1048 if (0) {
1049#ifdef CONFIG_IEEE80211R
1050 } else if (sel & WPA_KEY_MGMT_FT_IEEE8021X) {
1051 wpa_s->key_mgmt = WPA_KEY_MGMT_FT_IEEE8021X;
f049052b 1052 wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using KEY_MGMT FT/802.1X");
6fc6879b
JM		 1053 } else if (sel & WPA_KEY_MGMT_FT_PSK) {
1054 wpa_s->key_mgmt = WPA_KEY_MGMT_FT_PSK;
f049052b 1055 wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using KEY_MGMT FT/PSK");
6fc6879b 1056#endif /* CONFIG_IEEE80211R */
c10347f2
JM		 1057#ifdef CONFIG_SAE
1058 } else if (sel & WPA_KEY_MGMT_SAE) {
1059 wpa_s->key_mgmt = WPA_KEY_MGMT_SAE;
1060 wpa_dbg(wpa_s, MSG_DEBUG, "RSN: using KEY_MGMT SAE");
1061 } else if (sel & WPA_KEY_MGMT_FT_SAE) {
1062 wpa_s->key_mgmt = WPA_KEY_MGMT_FT_SAE;
1063 wpa_dbg(wpa_s, MSG_DEBUG, "RSN: using KEY_MGMT FT/SAE");
1064#endif /* CONFIG_SAE */
56586197
JM		 1065#ifdef CONFIG_IEEE80211W
1066 } else if (sel & WPA_KEY_MGMT_IEEE8021X_SHA256) {
1067 wpa_s->key_mgmt = WPA_KEY_MGMT_IEEE8021X_SHA256;
f049052b 1068 wpa_dbg(wpa_s, MSG_DEBUG,
56586197
JM		 1069 "WPA: using KEY_MGMT 802.1X with SHA256");
1070 } else if (sel & WPA_KEY_MGMT_PSK_SHA256) {
1071 wpa_s->key_mgmt = WPA_KEY_MGMT_PSK_SHA256;
f049052b 1072 wpa_dbg(wpa_s, MSG_DEBUG,
56586197
JM		 1073 "WPA: using KEY_MGMT PSK with SHA256");
1074#endif /* CONFIG_IEEE80211W */
6fc6879b
JM		 1075 } else if (sel & WPA_KEY_MGMT_IEEE8021X) {
1076 wpa_s->key_mgmt = WPA_KEY_MGMT_IEEE8021X;
f049052b 1077 wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using KEY_MGMT 802.1X");
6fc6879b
JM		 1078 } else if (sel & WPA_KEY_MGMT_PSK) {
1079 wpa_s->key_mgmt = WPA_KEY_MGMT_PSK;
f049052b 1080 wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using KEY_MGMT WPA-PSK");
6fc6879b
JM		 1081 } else if (sel & WPA_KEY_MGMT_WPA_NONE) {
1082 wpa_s->key_mgmt = WPA_KEY_MGMT_WPA_NONE;
f049052b 1083 wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using KEY_MGMT WPA-NONE");
6fc6879b 1084 } else {
f049052b
BG		 1085 wpa_msg(wpa_s, MSG_WARNING, "WPA: Failed to select "
1086 "authenticated key management type");
6fc6879b
JM		 1087 return -1;
1088 }
1089
1090 wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_KEY_MGMT, wpa_s->key_mgmt);
1091 wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_PAIRWISE,
1092 wpa_s->pairwise_cipher);
1093 wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_GROUP, wpa_s->group_cipher);
1094
1095#ifdef CONFIG_IEEE80211W
1096 sel = ie.mgmt_group_cipher;
62d49803
JM		 1097 if ((ssid->ieee80211w == MGMT_FRAME_PROTECTION_DEFAULT ?
1098 wpa_s->conf->pmf : ssid->ieee80211w) == NO_MGMT_FRAME_PROTECTION ||
0b60b0aa 1099 !(ie.capabilities & WPA_CAPABILITY_MFPC))
6fc6879b
JM		 1100 sel = 0;
1101 if (sel & WPA_CIPHER_AES_128_CMAC) {
1102 wpa_s->mgmt_group_cipher = WPA_CIPHER_AES_128_CMAC;
f049052b 1103 wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using MGMT group cipher "
6fc6879b
JM		 1104 "AES-128-CMAC");
1105 } else {
1106 wpa_s->mgmt_group_cipher = 0;
f049052b 1107 wpa_dbg(wpa_s, MSG_DEBUG, "WPA: not using MGMT group cipher");
6fc6879b
JM		 1108 }
1109 wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_MGMT_GROUP,
1110 wpa_s->mgmt_group_cipher);
62d49803
JM		 1111 wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_MFP,
1112 (ssid->ieee80211w == MGMT_FRAME_PROTECTION_DEFAULT ?
1113 wpa_s->conf->pmf : ssid->ieee80211w));
6fc6879b
JM		 1114#endif /* CONFIG_IEEE80211W */
1115
1116 if (wpa_sm_set_assoc_wpa_ie_default(wpa_s->wpa, wpa_ie, wpa_ie_len)) {
f049052b 1117 wpa_msg(wpa_s, MSG_WARNING, "WPA: Failed to generate WPA IE");
6fc6879b
JM		 1118 return -1;
1119 }
1120
0bf927a0 1121 if (wpa_key_mgmt_wpa_psk(ssid->key_mgmt)) {
6fc6879b 1122 wpa_sm_set_pmk(wpa_s->wpa, ssid->psk, PMK_LEN);
7d232e23
ZC		 1123#ifndef CONFIG_NO_PBKDF2
1124 if (bss && ssid->bssid_set && ssid->ssid_len == 0 &&
1125 ssid->passphrase) {
1126 u8 psk[PMK_LEN];
986de33d
JM		 1127 pbkdf2_sha1(ssid->passphrase, bss->ssid, bss->ssid_len,
1128 4096, psk, PMK_LEN);
7d232e23
ZC		 1129 wpa_hexdump_key(MSG_MSGDUMP, "PSK (from passphrase)",
1130 psk, PMK_LEN);
1131 wpa_sm_set_pmk(wpa_s->wpa, psk, PMK_LEN);
1132 }
1133#endif /* CONFIG_NO_PBKDF2 */
9173b16f
JM		 1134#ifdef CONFIG_EXT_PASSWORD
1135 if (ssid->ext_psk) {
1136 struct wpabuf *pw = ext_password_get(wpa_s->ext_pw,
1137 ssid->ext_psk);
1138 char pw_str[64 + 1];
1139 u8 psk[PMK_LEN];
1140
1141 if (pw == NULL) {
1142 wpa_msg(wpa_s, MSG_INFO, "EXT PW: No PSK "
1143 "found from external storage");
1144 return -1;
1145 }
1146
1147 if (wpabuf_len(pw) < 8 || wpabuf_len(pw) > 64) {
1148 wpa_msg(wpa_s, MSG_INFO, "EXT PW: Unexpected "
1149 "PSK length %d in external storage",
1150 (int) wpabuf_len(pw));
1151 ext_password_free(pw);
1152 return -1;
1153 }
1154
1155 os_memcpy(pw_str, wpabuf_head(pw), wpabuf_len(pw));
1156 pw_str[wpabuf_len(pw)] = '\0';
1157
1158#ifndef CONFIG_NO_PBKDF2
1159 if (wpabuf_len(pw) >= 8 && wpabuf_len(pw) < 64 && bss)
1160 {
986de33d
JM		 1161 pbkdf2_sha1(pw_str, bss->ssid, bss->ssid_len,
1162 4096, psk, PMK_LEN);
9173b16f
JM		 1163 os_memset(pw_str, 0, sizeof(pw_str));
1164 wpa_hexdump_key(MSG_MSGDUMP, "PSK (from "
1165 "external passphrase)",
1166 psk, PMK_LEN);
1167 wpa_sm_set_pmk(wpa_s->wpa, psk, PMK_LEN);
1168 } else
1169#endif /* CONFIG_NO_PBKDF2 */
1170 if (wpabuf_len(pw) == 2 * PMK_LEN) {
1171 if (hexstr2bin(pw_str, psk, PMK_LEN) < 0) {
1172 wpa_msg(wpa_s, MSG_INFO, "EXT PW: "
1173 "Invalid PSK hex string");
1174 os_memset(pw_str, 0, sizeof(pw_str));
1175 ext_password_free(pw);
1176 return -1;
1177 }
1178 wpa_sm_set_pmk(wpa_s->wpa, psk, PMK_LEN);
1179 } else {
1180 wpa_msg(wpa_s, MSG_INFO, "EXT PW: No suitable "
1181 "PSK available");
1182 os_memset(pw_str, 0, sizeof(pw_str));
1183 ext_password_free(pw);
1184 return -1;
1185 }
1186
1187 os_memset(pw_str, 0, sizeof(pw_str));
1188 ext_password_free(pw);
1189 }
1190#endif /* CONFIG_EXT_PASSWORD */
7d232e23 1191 } else
6fc6879b
JM		 1192 wpa_sm_set_pmk_from_pmksa(wpa_s->wpa);
1193
1194 return 0;
1195}
1196
1197
8cd6b7bc 1198static void wpas_ext_capab_byte(struct wpa_supplicant *wpa_s, u8 *pos, int idx)
03e47c9c 1199{
8cd6b7bc 1200 *pos = 0x00;
03e47c9c 1201
8cd6b7bc
JB		 1202 switch (idx) {
1203 case 0: /* Bits 0-7 */
1204 break;
1205 case 1: /* Bits 8-15 */
1206 break;
1207 case 2: /* Bits 16-23 */
1208#ifdef CONFIG_WNM
1209 *pos |= 0x02; /* Bit 17 - WNM-Sleep Mode */
1210 *pos |= 0x08; /* Bit 19 - BSS Transition */
1211#endif /* CONFIG_WNM */
1212 break;
1213 case 3: /* Bits 24-31 */
1214#ifdef CONFIG_WNM
1215 *pos |= 0x02; /* Bit 25 - SSID List */
1216#endif /* CONFIG_WNM */
03e47c9c 1217#ifdef CONFIG_INTERWORKING
8cd6b7bc
JB		 1218 if (wpa_s->conf->interworking)
1219 *pos |= 0x80; /* Bit 31 - Interworking */
03e47c9c 1220#endif /* CONFIG_INTERWORKING */
8cd6b7bc
JB		 1221 break;
1222 case 4: /* Bits 32-39 */
56f5af48
JM		 1223#ifdef CONFIG_INTERWORKING
1224 *pos |= 0x01; /* Bit 32 - QoS Map */
1225#endif /* CONFIG_INTERWORKING */
8cd6b7bc
JB		 1226 break;
1227 case 5: /* Bits 40-47 */
1228 break;
1229 case 6: /* Bits 48-55 */
1230 break;
1231 }
1232}
03e47c9c 1233
03e47c9c 1234
8cd6b7bc
JB		 1235int wpas_build_ext_capab(struct wpa_supplicant *wpa_s, u8 *buf)
1236{
1237 u8 *pos = buf;
1238 u8 len = 4, i;
1239
1240 if (len < wpa_s->extended_capa_len)
1241 len = wpa_s->extended_capa_len;
03e47c9c
JM		 1242
1243 *pos++ = WLAN_EID_EXT_CAPAB;
8cd6b7bc
JB		 1244 *pos++ = len;
1245 for (i = 0; i < len; i++, pos++) {
1246 wpas_ext_capab_byte(wpa_s, pos, i);
1247
1248 if (i < wpa_s->extended_capa_len) {
1249 *pos &= ~wpa_s->extended_capa_mask[i];
1250 *pos |= wpa_s->extended_capa[i];
1251 }
1252 }
03e47c9c 1253
3db5439a
JM		 1254 while (len > 0 && buf[1 + len] == 0) {
1255 len--;
1256 buf[1] = len;
1257 }
1258 if (len == 0)
1259 return 0;
1260
1261 return 2 + len;
03e47c9c
JM		 1262}
1263
1264
6fc6879b
JM		 1265/**
1266 * wpa_supplicant_associate - Request association
1267 * @wpa_s: Pointer to wpa_supplicant data
1268 * @bss: Scan results for the selected BSS, or %NULL if not available
1269 * @ssid: Configuration data for the selected network
1270 *
1271 * This function is used to request %wpa_supplicant to associate with a BSS.
1272 */
1273void wpa_supplicant_associate(struct wpa_supplicant *wpa_s,
6fa81a3b 1274 struct wpa_bss *bss, struct wpa_ssid *ssid)
6fc6879b 1275{
5f3a6aa0 1276 u8 wpa_ie[200];
6fc6879b 1277 size_t wpa_ie_len;
8bac466b 1278 int use_crypt, ret, i, bssid_changed;
abd9fafa 1279 int algs = WPA_AUTH_ALG_OPEN;
71934751 1280 enum wpa_cipher cipher_pairwise, cipher_group;
6fc6879b
JM		 1281 struct wpa_driver_associate_params params;
1282 int wep_keys_set = 0;
6fc6879b 1283 int assoc_failed = 0;
8bac466b 1284 struct wpa_ssid *old_ssid;
80e8a5ee
BG		 1285#ifdef CONFIG_HT_OVERRIDES
1286 struct ieee80211_ht_capabilities htcaps;
1287 struct ieee80211_ht_capabilities htcaps_mask;
1288#endif /* CONFIG_HT_OVERRIDES */
6fc6879b 1289
78177a00
JM		 1290#ifdef CONFIG_IBSS_RSN
1291 ibss_rsn_deinit(wpa_s->ibss_rsn);
1292 wpa_s->ibss_rsn = NULL;
1293#endif /* CONFIG_IBSS_RSN */
1294
2c5d725c
JM		 1295 if (ssid->mode == WPAS_MODE_AP || ssid->mode == WPAS_MODE_P2P_GO ||
1296 ssid->mode == WPAS_MODE_P2P_GROUP_FORMATION) {
1581b38b
JM		 1297#ifdef CONFIG_AP
1298 if (!(wpa_s->drv_flags & WPA_DRIVER_FLAGS_AP)) {
f049052b
BG		 1299 wpa_msg(wpa_s, MSG_INFO, "Driver does not support AP "
1300 "mode");
1581b38b
JM		 1301 return;
1302 }
8c981d17
DW		 1303 if (wpa_supplicant_create_ap(wpa_s, ssid) < 0) {
1304 wpa_supplicant_set_state(wpa_s, WPA_DISCONNECTED);
b2b688d1
VKE		 1305 if (ssid->mode == WPAS_MODE_P2P_GROUP_FORMATION)
1306 wpas_p2p_ap_setup_failed(wpa_s);
8c981d17
DW		 1307 return;
1308 }
8f770587 1309 wpa_s->current_bss = bss;
1581b38b 1310#else /* CONFIG_AP */
f049052b
BG		 1311 wpa_msg(wpa_s, MSG_ERROR, "AP mode support not included in "
1312 "the build");
1581b38b
JM		 1313#endif /* CONFIG_AP */
1314 return;
1315 }
1316
52c9e6f3 1317#ifdef CONFIG_TDLS
95cb2d88
JM		 1318 if (bss)
1319 wpa_tdls_ap_ies(wpa_s->wpa, (const u8 *) (bss + 1),
1320 bss->ie_len);
52c9e6f3
JM		 1321#endif /* CONFIG_TDLS */
1322
5cc4d64b
JM		 1323 if ((wpa_s->drv_flags & WPA_DRIVER_FLAGS_SME) &&
1324 ssid->mode == IEEE80211_MODE_INFRA) {
c2a04078
JM		 1325 sme_authenticate(wpa_s, bss, ssid);
1326 return;
1327 }
1328
0c80427d 1329 os_memset(&params, 0, sizeof(params));
6fc6879b 1330 wpa_s->reassociate = 0;
22628eca 1331 if (bss && !wpas_driver_bss_selection(wpa_s)) {
6fc6879b 1332#ifdef CONFIG_IEEE80211R
6fa81a3b 1333 const u8 *ie, *md = NULL;
6fc6879b 1334#endif /* CONFIG_IEEE80211R */
6fc6879b
JM		 1335 wpa_msg(wpa_s, MSG_INFO, "Trying to associate with " MACSTR
1336 " (SSID='%s' freq=%d MHz)", MAC2STR(bss->bssid),
6fa81a3b 1337 wpa_ssid_txt(bss->ssid, bss->ssid_len), bss->freq);
8bac466b 1338 bssid_changed = !is_zero_ether_addr(wpa_s->bssid);
6fc6879b
JM		 1339 os_memset(wpa_s->bssid, 0, ETH_ALEN);
1340 os_memcpy(wpa_s->pending_bssid, bss->bssid, ETH_ALEN);
8bac466b
JM		 1341 if (bssid_changed)
1342 wpas_notify_bssid_changed(wpa_s);
6fc6879b 1343#ifdef CONFIG_IEEE80211R
6fa81a3b 1344 ie = wpa_bss_get_ie(bss, WLAN_EID_MOBILITY_DOMAIN);
6fc6879b
JM		 1345 if (ie && ie[1] >= MOBILITY_DOMAIN_ID_LEN)
1346 md = ie + 2;
e7846b68 1347 wpa_sm_set_ft_params(wpa_s->wpa, ie, ie ? 2 + ie[1] : 0);
91a05482
JM		 1348 if (md) {
1349 /* Prepare for the next transition */
76b7981d 1350 wpa_ft_prepare_auth_request(wpa_s->wpa, ie);
91a05482 1351 }
6fc6879b 1352#endif /* CONFIG_IEEE80211R */
24c23d1b
JM		 1353#ifdef CONFIG_WPS
1354 } else if ((ssid->ssid == NULL || ssid->ssid_len == 0) &&
1355 wpa_s->conf->ap_scan == 2 &&
1356 (ssid->key_mgmt & WPA_KEY_MGMT_WPS)) {
1357 /* Use ap_scan==1 style network selection to find the network
1358 */
4115303b 1359 wpa_s->scan_req = MANUAL_SCAN_REQ;
24c23d1b
JM		 1360 wpa_s->reassociate = 1;
1361 wpa_supplicant_req_scan(wpa_s, 0, 0);
1362 return;
1363#endif /* CONFIG_WPS */
6fc6879b
JM		 1364 } else {
1365 wpa_msg(wpa_s, MSG_INFO, "Trying to associate with SSID '%s'",
1366 wpa_ssid_txt(ssid->ssid, ssid->ssid_len));
1367 os_memset(wpa_s->pending_bssid, 0, ETH_ALEN);
1368 }
a4cba8f1 1369 wpa_supplicant_cancel_sched_scan(wpa_s);
6fc6879b
JM		 1370 wpa_supplicant_cancel_scan(wpa_s);
1371
1372 /* Starting new association, so clear the possibly used WPA IE from the
1373 * previous association. */
1374 wpa_sm_set_assoc_wpa_ie(wpa_s->wpa, NULL, 0);
1375
1376#ifdef IEEE8021X_EAPOL
1377 if (ssid->key_mgmt & WPA_KEY_MGMT_IEEE8021X_NO_WPA) {
1378 if (ssid->leap) {
1379 if (ssid->non_leap == 0)
abd9fafa 1380 algs = WPA_AUTH_ALG_LEAP;
6fc6879b 1381 else
abd9fafa 1382 algs |= WPA_AUTH_ALG_LEAP;
6fc6879b
JM		 1383 }
1384 }
1385#endif /* IEEE8021X_EAPOL */
f049052b 1386 wpa_dbg(wpa_s, MSG_DEBUG, "Automatic auth_alg selection: 0x%x", algs);
6fc6879b 1387 if (ssid->auth_alg) {
abd9fafa 1388 algs = ssid->auth_alg;
f049052b
BG		 1389 wpa_dbg(wpa_s, MSG_DEBUG, "Overriding auth_alg selection: "
1390 "0x%x", algs);
6fc6879b 1391 }
6fc6879b 1392
6fa81a3b
JM		 1393 if (bss && (wpa_bss_get_vendor_ie(bss, WPA_IE_VENDOR_TYPE) ||
1394 wpa_bss_get_ie(bss, WLAN_EID_RSN)) &&
0bf927a0 1395 wpa_key_mgmt_wpa(ssid->key_mgmt)) {
6fc6879b 1396 int try_opportunistic;
6e202021
JM		 1397 try_opportunistic = (ssid->proactive_key_caching < 0 ?
1398 wpa_s->conf->okc :
1399 ssid->proactive_key_caching) &&
6fc6879b
JM		 1400 (ssid->proto & WPA_PROTO_RSN);
1401 if (pmksa_cache_set_current(wpa_s->wpa, NULL, bss->bssid,
b2a12c4f 1402 ssid, try_opportunistic) == 0)
6fc6879b
JM		 1403 eapol_sm_notify_pmkid_attempt(wpa_s->eapol, 1);
1404 wpa_ie_len = sizeof(wpa_ie);
1405 if (wpa_supplicant_set_suites(wpa_s, bss, ssid,
1406 wpa_ie, &wpa_ie_len)) {
f049052b
BG		 1407 wpa_msg(wpa_s, MSG_WARNING, "WPA: Failed to set WPA "
1408 "key management and encryption suites");
6fc6879b
JM		 1409 return;
1410 }
a3f7e518
JM		 1411 } else if ((ssid->key_mgmt & WPA_KEY_MGMT_IEEE8021X_NO_WPA) && bss &&
1412 wpa_key_mgmt_wpa_ieee8021x(ssid->key_mgmt)) {
1413 /*
1414 * Both WPA and non-WPA IEEE 802.1X enabled in configuration -
1415 * use non-WPA since the scan results did not indicate that the
1416 * AP is using WPA or WPA2.
1417 */
1418 wpa_supplicant_set_non_wpa_policy(wpa_s, ssid);
1419 wpa_ie_len = 0;
1420 wpa_s->wpa_proto = 0;
0bf927a0 1421 } else if (wpa_key_mgmt_wpa_any(ssid->key_mgmt)) {
6fc6879b
JM		 1422 wpa_ie_len = sizeof(wpa_ie);
1423 if (wpa_supplicant_set_suites(wpa_s, NULL, ssid,
1424 wpa_ie, &wpa_ie_len)) {
f049052b
BG		 1425 wpa_msg(wpa_s, MSG_WARNING, "WPA: Failed to set WPA "
1426 "key management and encryption suites (no "
1427 "scan results)");
6fc6879b
JM		 1428 return;
1429 }
ad08c363
JM		 1430#ifdef CONFIG_WPS
1431 } else if (ssid->key_mgmt & WPA_KEY_MGMT_WPS) {
b01c18a8
JM		 1432 struct wpabuf *wps_ie;
1433 wps_ie = wps_build_assoc_req_ie(wpas_wps_get_req_type(ssid));
ad08c363
JM		 1434 if (wps_ie && wpabuf_len(wps_ie) <= sizeof(wpa_ie)) {
1435 wpa_ie_len = wpabuf_len(wps_ie);
1436 os_memcpy(wpa_ie, wpabuf_head(wps_ie), wpa_ie_len);
24386985
JM		 1437 } else
1438 wpa_ie_len = 0;
ad08c363
JM		 1439 wpabuf_free(wps_ie);
1440 wpa_supplicant_set_non_wpa_policy(wpa_s, ssid);
0c80427d
JM		 1441 if (!bss || (bss->caps & IEEE80211_CAP_PRIVACY))
1442 params.wps = WPS_MODE_PRIVACY;
1443 else
1444 params.wps = WPS_MODE_OPEN;
cf546f1a 1445 wpa_s->wpa_proto = 0;
ad08c363 1446#endif /* CONFIG_WPS */
6fc6879b
JM		 1447 } else {
1448 wpa_supplicant_set_non_wpa_policy(wpa_s, ssid);
1449 wpa_ie_len = 0;
cf546f1a 1450 wpa_s->wpa_proto = 0;
6fc6879b
JM		 1451 }
1452
5f3a6aa0
JM		 1453#ifdef CONFIG_P2P
1454 if (wpa_s->global->p2p) {
1455 u8 *pos;
1456 size_t len;
1457 int res;
5f3a6aa0
JM		 1458 pos = wpa_ie + wpa_ie_len;
1459 len = sizeof(wpa_ie) - wpa_ie_len;
b8a8d677
JM		 1460 res = wpas_p2p_assoc_req_ie(wpa_s, bss, pos, len,
1461 ssid->p2p_group);
5f3a6aa0
JM		 1462 if (res >= 0)
1463 wpa_ie_len += res;
1464 }
72044390
JM		 1465
1466 wpa_s->cross_connect_disallowed = 0;
1467 if (bss) {
1468 struct wpabuf *p2p;
1469 p2p = wpa_bss_get_vendor_ie_multi(bss, P2P_IE_VENDOR_TYPE);
1470 if (p2p) {
1471 wpa_s->cross_connect_disallowed =
1472 p2p_get_cross_connect_disallowed(p2p);
1473 wpabuf_free(p2p);
f049052b
BG		 1474 wpa_dbg(wpa_s, MSG_DEBUG, "P2P: WLAN AP %s cross "
1475 "connection",
1476 wpa_s->cross_connect_disallowed ?
1477 "disallows" : "allows");
72044390
JM		 1478 }
1479 }
5f3a6aa0
JM		 1480#endif /* CONFIG_P2P */
1481
cb418324 1482#ifdef CONFIG_HS20
55a2df43 1483 if (is_hs20_network(wpa_s, ssid, bss)) {
cb418324
JM		 1484 struct wpabuf *hs20;
1485 hs20 = wpabuf_alloc(20);
1486 if (hs20) {
1487 wpas_hs20_add_indication(hs20);
1488 os_memcpy(wpa_ie + wpa_ie_len, wpabuf_head(hs20),
1489 wpabuf_len(hs20));
1490 wpa_ie_len += wpabuf_len(hs20);
1491 wpabuf_free(hs20);
1492 }
1493 }
1494#endif /* CONFIG_HS20 */
1495
8b3b803a
AH		 1496 /*
1497 * Workaround: Add Extended Capabilities element only if the AP
1498 * included this element in Beacon/Probe Response frames. Some older
1499 * APs seem to have interoperability issues if this element is
1500 * included, so while the standard may require us to include the
1501 * element in all cases, it is justifiable to skip it to avoid
1502 * interoperability issues.
1503 */
1504 if (!bss || wpa_bss_get_ie(bss, WLAN_EID_EXT_CAPAB)) {
1505 u8 ext_capab[10];
1506 int ext_capab_len;
1507 ext_capab_len = wpas_build_ext_capab(wpa_s, ext_capab);
1508 if (ext_capab_len > 0) {
1509 u8 *pos = wpa_ie;
1510 if (wpa_ie_len > 0 && pos[0] == WLAN_EID_RSN)
1511 pos += 2 + pos[1];
1512 os_memmove(pos + ext_capab_len, pos,
1513 wpa_ie_len - (pos - wpa_ie));
1514 wpa_ie_len += ext_capab_len;
1515 os_memcpy(pos, ext_capab, ext_capab_len);
1516 }
92cbcf91 1517 }
92cbcf91 1518
6fc6879b
JM		 1519 wpa_clear_keys(wpa_s, bss ? bss->bssid : NULL);
1520 use_crypt = 1;
62769a88
JM		 1521 cipher_pairwise = wpa_cipher_to_suite_driver(wpa_s->pairwise_cipher);
1522 cipher_group = wpa_cipher_to_suite_driver(wpa_s->group_cipher);
6fc6879b
JM		 1523 if (wpa_s->key_mgmt == WPA_KEY_MGMT_NONE ||
1524 wpa_s->key_mgmt == WPA_KEY_MGMT_IEEE8021X_NO_WPA) {
1525 if (wpa_s->key_mgmt == WPA_KEY_MGMT_NONE)
1526 use_crypt = 0;
1527 if (wpa_set_wep_keys(wpa_s, ssid)) {
1528 use_crypt = 1;
1529 wep_keys_set = 1;
1530 }
1531 }
ad08c363
JM		 1532 if (wpa_s->key_mgmt == WPA_KEY_MGMT_WPS)
1533 use_crypt = 0;
6fc6879b
JM		 1534
1535#ifdef IEEE8021X_EAPOL
1536 if (wpa_s->key_mgmt == WPA_KEY_MGMT_IEEE8021X_NO_WPA) {
1537 if ((ssid->eapol_flags &
1538 (EAPOL_FLAG_REQUIRE_KEY_UNICAST |
1539 EAPOL_FLAG_REQUIRE_KEY_BROADCAST)) == 0 &&
1540 !wep_keys_set) {
1541 use_crypt = 0;
1542 } else {
1543 /* Assume that dynamic WEP-104 keys will be used and
1544 * set cipher suites in order for drivers to expect
1545 * encryption. */
1546 cipher_pairwise = cipher_group = CIPHER_WEP104;
1547 }
1548 }
1549#endif /* IEEE8021X_EAPOL */
1550
1551 if (wpa_s->key_mgmt == WPA_KEY_MGMT_WPA_NONE) {
1552 /* Set the key before (and later after) association */
1553 wpa_supplicant_set_wpa_none_key(wpa_s, ssid);
1554 }
1555
6fc6879b 1556 wpa_supplicant_set_state(wpa_s, WPA_ASSOCIATING);
6fc6879b 1557 if (bss) {
6fa81a3b
JM		 1558 params.ssid = bss->ssid;
1559 params.ssid_len = bss->ssid_len;
f15854d1
JM		 1560 if (!wpas_driver_bss_selection(wpa_s) || ssid->bssid_set) {
1561 wpa_printf(MSG_DEBUG, "Limit connection to BSSID "
1562 MACSTR " freq=%u MHz based on scan results "
1563 "(bssid_set=%d)",
1564 MAC2STR(bss->bssid), bss->freq,
1565 ssid->bssid_set);
22628eca
JM		 1566 params.bssid = bss->bssid;
1567 params.freq = bss->freq;
1568 }
6fc6879b
JM		 1569 } else {
1570 params.ssid = ssid->ssid;
1571 params.ssid_len = ssid->ssid_len;
1572 }
9e2af29f
NC		 1573
1574 if (ssid->mode == WPAS_MODE_IBSS && ssid->bssid_set &&
1575 wpa_s->conf->ap_scan == 2) {
1576 params.bssid = ssid->bssid;
1577 params.fixed_bssid = 1;
1578 }
1579
d7dcba70
JM		 1580 if (ssid->mode == WPAS_MODE_IBSS && ssid->frequency > 0 &&
1581 params.freq == 0)
6fc6879b
JM		 1582 params.freq = ssid->frequency; /* Initial channel for IBSS */
1583 params.wpa_ie = wpa_ie;
1584 params.wpa_ie_len = wpa_ie_len;
1585 params.pairwise_suite = cipher_pairwise;
1586 params.group_suite = cipher_group;
1587 params.key_mgmt_suite = key_mgmt2driver(wpa_s->key_mgmt);
64fa840a 1588 params.wpa_proto = wpa_s->wpa_proto;
6fc6879b
JM		 1589 params.auth_alg = algs;
1590 params.mode = ssid->mode;
1f6c0ab8 1591 params.bg_scan_period = ssid->bg_scan_period;
6fc6879b
JM		 1592 for (i = 0; i < NUM_WEP_KEYS; i++) {
1593 if (ssid->wep_key_len[i])
1594 params.wep_key[i] = ssid->wep_key[i];
1595 params.wep_key_len[i] = ssid->wep_key_len[i];
1596 }
1597 params.wep_tx_keyidx = ssid->wep_tx_keyidx;
1598
c2a04078 1599 if ((wpa_s->drv_flags & WPA_DRIVER_FLAGS_4WAY_HANDSHAKE) &&
6fc6879b
JM		 1600 (params.key_mgmt_suite == KEY_MGMT_PSK ||
1601 params.key_mgmt_suite == KEY_MGMT_FT_PSK)) {
1602 params.passphrase = ssid->passphrase;
1603 if (ssid->psk_set)
1604 params.psk = ssid->psk;
1605 }
1606
36b15723
JM		 1607 params.drop_unencrypted = use_crypt;
1608
6fc6879b 1609#ifdef CONFIG_IEEE80211W
62d49803
JM		 1610 params.mgmt_frame_protection =
1611 ssid->ieee80211w == MGMT_FRAME_PROTECTION_DEFAULT ?
1612 wpa_s->conf->pmf : ssid->ieee80211w;
1613 if (params.mgmt_frame_protection != NO_MGMT_FRAME_PROTECTION && bss) {
6fa81a3b 1614 const u8 *rsn = wpa_bss_get_ie(bss, WLAN_EID_RSN);
97d3497e
JM		 1615 struct wpa_ie_data ie;
1616 if (rsn && wpa_parse_wpa_ie(rsn, 2 + rsn[1], &ie) == 0 &&
1617 ie.capabilities &
1618 (WPA_CAPABILITY_MFPC | WPA_CAPABILITY_MFPR)) {
f049052b
BG		 1619 wpa_dbg(wpa_s, MSG_DEBUG, "WPA: Selected AP supports "
1620 "MFP: require MFP");
97d3497e
JM		 1621 params.mgmt_frame_protection =
1622 MGMT_FRAME_PROTECTION_REQUIRED;
1623 }
1624 }
6fc6879b
JM		 1625#endif /* CONFIG_IEEE80211W */
1626
ffad8858 1627 params.p2p = ssid->p2p_group;
6e3f4b89 1628
eea2fd9e
JM		 1629 if (wpa_s->parent->set_sta_uapsd)
1630 params.uapsd = wpa_s->parent->sta_uapsd;
1631 else
1632 params.uapsd = -1;
1633
80e8a5ee
BG		 1634#ifdef CONFIG_HT_OVERRIDES
1635 os_memset(&htcaps, 0, sizeof(htcaps));
1636 os_memset(&htcaps_mask, 0, sizeof(htcaps_mask));
1637 params.htcaps = (u8 *) &htcaps;
1638 params.htcaps_mask = (u8 *) &htcaps_mask;
1639 wpa_supplicant_apply_ht_overrides(wpa_s, ssid, &params);
1640#endif /* CONFIG_HT_OVERRIDES */
1641
17fbb751 1642 ret = wpa_drv_associate(wpa_s, &params);
6fc6879b
JM		 1643 if (ret < 0) {
1644 wpa_msg(wpa_s, MSG_INFO, "Association request to the driver "
1645 "failed");
871f4dd0
JM		 1646 if (wpa_s->drv_flags & WPA_DRIVER_FLAGS_SANE_ERROR_CODES) {
1647 /*
1648 * The driver is known to mean what is saying, so we
1649 * can stop right here; the association will not
1650 * succeed.
1651 */
1652 wpas_connection_failed(wpa_s, wpa_s->pending_bssid);
c1c02342 1653 wpa_supplicant_set_state(wpa_s, WPA_DISCONNECTED);
871f4dd0
JM		 1654 os_memset(wpa_s->pending_bssid, 0, ETH_ALEN);
1655 return;
1656 }
6fc6879b
JM		 1657 /* try to continue anyway; new association will be tried again
1658 * after timeout */
1659 assoc_failed = 1;
1660 }
1661
1662 if (wpa_s->key_mgmt == WPA_KEY_MGMT_WPA_NONE) {
1663 /* Set the key after the association just in case association
1664 * cleared the previously configured key. */
1665 wpa_supplicant_set_wpa_none_key(wpa_s, ssid);
1666 /* No need to timeout authentication since there is no key
1667 * management. */
1668 wpa_supplicant_cancel_auth_timeout(wpa_s);
1669 wpa_supplicant_set_state(wpa_s, WPA_COMPLETED);
53895c3b 1670#ifdef CONFIG_IBSS_RSN
d7dcba70 1671 } else if (ssid->mode == WPAS_MODE_IBSS &&
53895c3b
JM		 1672 wpa_s->key_mgmt != WPA_KEY_MGMT_NONE &&
1673 wpa_s->key_mgmt != WPA_KEY_MGMT_WPA_NONE) {
1674 /*
1675 * RSN IBSS authentication is per-STA and we can disable the
1676 * per-BSSID authentication.
1677 */
1678 wpa_supplicant_cancel_auth_timeout(wpa_s);
53895c3b 1679#endif /* CONFIG_IBSS_RSN */
6fc6879b
JM		 1680 } else {
1681 /* Timeout for IEEE 802.11 authentication and association */
1d3c75b3
DW		 1682 int timeout = 60;
1683
1684 if (assoc_failed) {
1685 /* give IBSS a bit more time */
d7dcba70 1686 timeout = ssid->mode == WPAS_MODE_IBSS ? 10 : 5;
1d3c75b3
DW		 1687 } else if (wpa_s->conf->ap_scan == 1) {
1688 /* give IBSS a bit more time */
d7dcba70 1689 timeout = ssid->mode == WPAS_MODE_IBSS ? 20 : 10;
1d3c75b3 1690 }
6fc6879b
JM		 1691 wpa_supplicant_req_auth_timeout(wpa_s, timeout, 0);
1692 }
1693
66562e9c
JM		 1694 if (wep_keys_set &&
1695 (wpa_s->drv_flags & WPA_DRIVER_FLAGS_SET_KEYS_AFTER_ASSOC)) {
6fc6879b
JM		 1696 /* Set static WEP keys again */
1697 wpa_set_wep_keys(wpa_s, ssid);
1698 }
1699
1700 if (wpa_s->current_ssid && wpa_s->current_ssid != ssid) {
1701 /*
1702 * Do not allow EAP session resumption between different
1703 * network configurations.
1704 */
1705 eapol_sm_invalidate_cached_session(wpa_s->eapol);
1706 }
8bac466b 1707 old_ssid = wpa_s->current_ssid;
6fc6879b 1708 wpa_s->current_ssid = ssid;
8f770587 1709 wpa_s->current_bss = bss;
6fc6879b
JM		 1710 wpa_supplicant_rsn_supp_set_config(wpa_s, wpa_s->current_ssid);
1711 wpa_supplicant_initiate_eapol(wpa_s);
8bac466b
JM		 1712 if (old_ssid != wpa_s->current_ssid)
1713 wpas_notify_network_changed(wpa_s);
6fc6879b
JM		 1714}
1715
1716
09f58c09
JM		 1717static void wpa_supplicant_clear_connection(struct wpa_supplicant *wpa_s,
1718 const u8 *addr)
1719{
1720 struct wpa_ssid *old_ssid;
1721
1722 wpa_clear_keys(wpa_s, addr);
09f58c09 1723 old_ssid = wpa_s->current_ssid;
0d30cc24 1724 wpa_supplicant_mark_disassoc(wpa_s);
09f58c09
JM		 1725 wpa_sm_set_config(wpa_s->wpa, NULL);
1726 eapol_sm_notify_config(wpa_s->eapol, NULL, NULL);
1727 if (old_ssid != wpa_s->current_ssid)
1728 wpas_notify_network_changed(wpa_s);
1729 eloop_cancel_timeout(wpa_supplicant_timeout, wpa_s, NULL);
1730}
1731
1732
6fc6879b
JM		 1733/**
1734 * wpa_supplicant_deauthenticate - Deauthenticate the current connection
1735 * @wpa_s: Pointer to wpa_supplicant data
1736 * @reason_code: IEEE 802.11 reason code for the deauthenticate frame
1737 *
073ab58f 1738 * This function is used to request %wpa_supplicant to deauthenticate from the
6fc6879b
JM		 1739 * current AP.
1740 */
1741void wpa_supplicant_deauthenticate(struct wpa_supplicant *wpa_s,
1742 int reason_code)
1743{
1744 u8 *addr = NULL;
ef48ff94 1745 union wpa_event_data event;
42d23547 1746 int zero_addr = 0;
8bac466b 1747
42d23547
JM		 1748 wpa_dbg(wpa_s, MSG_DEBUG, "Request to deauthenticate - bssid=" MACSTR
1749 " pending_bssid=" MACSTR " reason=%d state=%s",
1750 MAC2STR(wpa_s->bssid), MAC2STR(wpa_s->pending_bssid),
1751 reason_code, wpa_supplicant_state_txt(wpa_s->wpa_state));
1752
1753 if (!is_zero_ether_addr(wpa_s->bssid))
1754 addr = wpa_s->bssid;
1755 else if (!is_zero_ether_addr(wpa_s->pending_bssid) &&
1756 (wpa_s->wpa_state == WPA_AUTHENTICATING ||
1757 wpa_s->wpa_state == WPA_ASSOCIATING))
1758 addr = wpa_s->pending_bssid;
1759 else if (wpa_s->wpa_state == WPA_ASSOCIATING) {
1760 /*
1761 * When using driver-based BSS selection, we may not know the
1762 * BSSID with which we are currently trying to associate. We
1763 * need to notify the driver of this disconnection even in such
1764 * a case, so use the all zeros address here.
1765 */
6fc6879b 1766 addr = wpa_s->bssid;
42d23547
JM		 1767 zero_addr = 1;
1768 }
1769
7b44ff2c
SD		 1770#ifdef CONFIG_TDLS
1771 wpa_tdls_teardown_peers(wpa_s->wpa);
1772#endif /* CONFIG_TDLS */
1773
42d23547
JM		 1774 if (addr) {
1775 wpa_drv_deauthenticate(wpa_s, addr, reason_code);
ef48ff94
JM		 1776 os_memset(&event, 0, sizeof(event));
1777 event.deauth_info.reason_code = (u16) reason_code;
1778 event.deauth_info.locally_generated = 1;
1779 wpa_supplicant_event(wpa_s, EVENT_DEAUTH, &event);
42d23547
JM		 1780 if (zero_addr)
1781 addr = NULL;
6fc6879b 1782 }
09f58c09
JM		 1783
1784 wpa_supplicant_clear_connection(wpa_s, addr);
6fc6879b
JM		 1785}
1786
dca1a511
DS		 1787static void wpa_supplicant_enable_one_network(struct wpa_supplicant *wpa_s,
1788 struct wpa_ssid *ssid)
1789{
1790 if (!ssid || !ssid->disabled || ssid->disabled == 2)
1791 return;
1792
1793 ssid->disabled = 0;
1794 wpas_clear_temp_disabled(wpa_s, ssid, 1);
1795 wpas_notify_network_enabled_changed(wpa_s, ssid);
1796
1797 /*
1798 * Try to reassociate since there is no current configuration and a new
1799 * network was made available.
1800 */
d2592497 1801 if (!wpa_s->current_ssid && !wpa_s->disconnected)
dca1a511
DS		 1802 wpa_s->reassociate = 1;
1803}
1804
6fc6879b 1805
86b89452
WS		 1806/**
1807 * wpa_supplicant_enable_network - Mark a configured network as enabled
1808 * @wpa_s: wpa_supplicant structure for a network interface
1809 * @ssid: wpa_ssid structure for a configured network or %NULL
1810 *
1811 * Enables the specified network or all networks if no network specified.
1812 */
1813void wpa_supplicant_enable_network(struct wpa_supplicant *wpa_s,
1814 struct wpa_ssid *ssid)
1815{
86b89452 1816 if (ssid == NULL) {
14f79078
JM		 1817 for (ssid = wpa_s->conf->ssid; ssid; ssid = ssid->next)
1818 wpa_supplicant_enable_one_network(wpa_s, ssid);
dca1a511
DS		 1819 } else
1820 wpa_supplicant_enable_one_network(wpa_s, ssid);
86b89452 1821
d2592497 1822 if (wpa_s->reassociate && !wpa_s->disconnected) {
dca1a511
DS		 1823 if (wpa_s->sched_scanning) {
1824 wpa_printf(MSG_DEBUG, "Stop ongoing sched_scan to add "
1825 "new network to scan filters");
1826 wpa_supplicant_cancel_sched_scan(wpa_s);
1827 }
86b89452 1828
dad153d1
JM		 1829 if (wpa_supplicant_fast_associate(wpa_s) != 1)
1830 wpa_supplicant_req_scan(wpa_s, 0, 0);
86b89452
WS		 1831 }
1832}
1833
1834
1835/**
1836 * wpa_supplicant_disable_network - Mark a configured network as disabled
1837 * @wpa_s: wpa_supplicant structure for a network interface
1838 * @ssid: wpa_ssid structure for a configured network or %NULL
1839 *
1840 * Disables the specified network or all networks if no network specified.
1841 */
1842void wpa_supplicant_disable_network(struct wpa_supplicant *wpa_s,
1843 struct wpa_ssid *ssid)
1844{
1845 struct wpa_ssid *other_ssid;
1846 int was_disabled;
1847
1848 if (ssid == NULL) {
725fc39e
DS		 1849 if (wpa_s->sched_scanning)
1850 wpa_supplicant_cancel_sched_scan(wpa_s);
1851
4dac0245
JM		 1852 for (other_ssid = wpa_s->conf->ssid; other_ssid;
1853 other_ssid = other_ssid->next) {
86b89452 1854 was_disabled = other_ssid->disabled;
4dac0245
JM		 1855 if (was_disabled == 2)
1856 continue; /* do not change persistent P2P group
1857 * data */
86b89452
WS		 1858
1859 other_ssid->disabled = 1;
1860
1861 if (was_disabled != other_ssid->disabled)
1862 wpas_notify_network_enabled_changed(
1863 wpa_s, other_ssid);
86b89452
WS		 1864 }
1865 if (wpa_s->current_ssid)
07783eaa 1866 wpa_supplicant_deauthenticate(
86b89452 1867 wpa_s, WLAN_REASON_DEAUTH_LEAVING);
4dac0245 1868 } else if (ssid->disabled != 2) {
86b89452 1869 if (ssid == wpa_s->current_ssid)
07783eaa 1870 wpa_supplicant_deauthenticate(
86b89452
WS		 1871 wpa_s, WLAN_REASON_DEAUTH_LEAVING);
1872
1873 was_disabled = ssid->disabled;
1874
1875 ssid->disabled = 1;
1876
725fc39e 1877 if (was_disabled != ssid->disabled) {
86b89452 1878 wpas_notify_network_enabled_changed(wpa_s, ssid);
725fc39e
DS		 1879 if (wpa_s->sched_scanning) {
1880 wpa_printf(MSG_DEBUG, "Stop ongoing sched_scan "
1881 "to remove network from filters");
1882 wpa_supplicant_cancel_sched_scan(wpa_s);
1883 wpa_supplicant_req_scan(wpa_s, 0, 0);
1884 }
1885 }
86b89452
WS		 1886 }
1887}
1888
1889
1890/**
1891 * wpa_supplicant_select_network - Attempt association with a network
1892 * @wpa_s: wpa_supplicant structure for a network interface
1893 * @ssid: wpa_ssid structure for a configured network or %NULL for any network
1894 */
1895void wpa_supplicant_select_network(struct wpa_supplicant *wpa_s,
1896 struct wpa_ssid *ssid)
1897{
1898
1899 struct wpa_ssid *other_ssid;
d93dfbd5 1900 int disconnected = 0;
86b89452 1901
d93dfbd5 1902 if (ssid && ssid != wpa_s->current_ssid && wpa_s->current_ssid) {
07783eaa 1903 wpa_supplicant_deauthenticate(
86b89452 1904 wpa_s, WLAN_REASON_DEAUTH_LEAVING);
d93dfbd5
JM		 1905 disconnected = 1;
1906 }
86b89452 1907
00e5e3d5
JM		 1908 if (ssid)
1909 wpas_clear_temp_disabled(wpa_s, ssid, 1);
1910
86b89452
WS		 1911 /*
1912 * Mark all other networks disabled or mark all networks enabled if no
1913 * network specified.
1914 */
4dac0245
JM		 1915 for (other_ssid = wpa_s->conf->ssid; other_ssid;
1916 other_ssid = other_ssid->next) {
86b89452 1917 int was_disabled = other_ssid->disabled;
4dac0245
JM		 1918 if (was_disabled == 2)
1919 continue; /* do not change persistent P2P group data */
86b89452
WS		 1920
1921 other_ssid->disabled = ssid ? (ssid->id != other_ssid->id) : 0;
00e5e3d5
JM		 1922 if (was_disabled && !other_ssid->disabled)
1923 wpas_clear_temp_disabled(wpa_s, other_ssid, 0);
86b89452
WS		 1924
1925 if (was_disabled != other_ssid->disabled)
1926 wpas_notify_network_enabled_changed(wpa_s, other_ssid);
86b89452 1927 }
2a6f78fb
JJ		 1928
1929 if (ssid && ssid == wpa_s->current_ssid && wpa_s->current_ssid) {
1930 /* We are already associated with the selected network */
1931 wpa_printf(MSG_DEBUG, "Already associated with the "
1932 "selected network - do nothing");
1933 return;
1934 }
1935
25a8f9e3 1936 if (ssid) {
96efeeb6 1937 wpa_s->current_ssid = ssid;
25a8f9e3
JM		 1938 eapol_sm_notify_config(wpa_s->eapol, NULL, NULL);
1939 }
7dcdcfd6 1940 wpa_s->connect_without_scan = NULL;
86b89452
WS		 1941 wpa_s->disconnected = 0;
1942 wpa_s->reassociate = 1;
cecdddc1
PS		 1943
1944 if (wpa_supplicant_fast_associate(wpa_s) != 1)
1945 wpa_supplicant_req_scan(wpa_s, 0, disconnected ? 100000 : 0);
86b89452 1946
a1641d26
JM		 1947 if (ssid)
1948 wpas_notify_network_selected(wpa_s, ssid);
86b89452
WS		 1949}
1950
1951
1952/**
1953 * wpa_supplicant_set_ap_scan - Set AP scan mode for interface
1954 * @wpa_s: wpa_supplicant structure for a network interface
1955 * @ap_scan: AP scan mode
1956 * Returns: 0 if succeed or -1 if ap_scan has an invalid value
1957 *
1958 */
1959int wpa_supplicant_set_ap_scan(struct wpa_supplicant *wpa_s, int ap_scan)
1960{
1961
1962 int old_ap_scan;
1963
1964 if (ap_scan < 0 || ap_scan > 2)
1965 return -1;
1966
48f8e036
DS		 1967#ifdef ANDROID
1968 if (ap_scan == 2 && ap_scan != wpa_s->conf->ap_scan &&
1969 wpa_s->wpa_state >= WPA_ASSOCIATING &&
1970 wpa_s->wpa_state < WPA_COMPLETED) {
1971 wpa_printf(MSG_ERROR, "ap_scan = %d (%d) rejected while "
1972 "associating", wpa_s->conf->ap_scan, ap_scan);
1973 return 0;
1974 }
1975#endif /* ANDROID */
1976
86b89452
WS		 1977 old_ap_scan = wpa_s->conf->ap_scan;
1978 wpa_s->conf->ap_scan = ap_scan;
1979
1980 if (old_ap_scan != wpa_s->conf->ap_scan)
1981 wpas_notify_ap_scan_changed(wpa_s);
1982
1983 return 0;
1984}
1985
1986
78633c37
SL		 1987/**
1988 * wpa_supplicant_set_bss_expiration_age - Set BSS entry expiration age
1989 * @wpa_s: wpa_supplicant structure for a network interface
1990 * @expire_age: Expiration age in seconds
1991 * Returns: 0 if succeed or -1 if expire_age has an invalid value
1992 *
1993 */
1994int wpa_supplicant_set_bss_expiration_age(struct wpa_supplicant *wpa_s,
1995 unsigned int bss_expire_age)
1996{
1997 if (bss_expire_age < 10) {
1998 wpa_msg(wpa_s, MSG_ERROR, "Invalid bss expiration age %u",
1999 bss_expire_age);
2000 return -1;
2001 }
2002 wpa_msg(wpa_s, MSG_DEBUG, "Setting bss expiration age: %d sec",
2003 bss_expire_age);
2004 wpa_s->conf->bss_expiration_age = bss_expire_age;
2005
2006 return 0;
2007}
2008
2009
2010/**
2011 * wpa_supplicant_set_bss_expiration_count - Set BSS entry expiration scan count
2012 * @wpa_s: wpa_supplicant structure for a network interface
2013 * @expire_count: number of scans after which an unseen BSS is reclaimed
2014 * Returns: 0 if succeed or -1 if expire_count has an invalid value
2015 *
2016 */
2017int wpa_supplicant_set_bss_expiration_count(struct wpa_supplicant *wpa_s,
2018 unsigned int bss_expire_count)
2019{
2020 if (bss_expire_count < 1) {
2021 wpa_msg(wpa_s, MSG_ERROR, "Invalid bss expiration count %u",
2022 bss_expire_count);
2023 return -1;
2024 }
2025 wpa_msg(wpa_s, MSG_DEBUG, "Setting bss expiration scan count: %u",
2026 bss_expire_count);
2027 wpa_s->conf->bss_expiration_scan_count = bss_expire_count;
2028
2029 return 0;
2030}
2031
2032
c6e86b63
MA		 2033/**
2034 * wpa_supplicant_set_scan_interval - Set scan interval
2035 * @wpa_s: wpa_supplicant structure for a network interface
2036 * @scan_interval: scan interval in seconds
2037 * Returns: 0 if succeed or -1 if scan_interval has an invalid value
2038 *
2039 */
2040int wpa_supplicant_set_scan_interval(struct wpa_supplicant *wpa_s,
2041 int scan_interval)
2042{
2043 if (scan_interval < 0) {
2044 wpa_msg(wpa_s, MSG_ERROR, "Invalid scan interval %d",
2045 scan_interval);
2046 return -1;
2047 }
2048 wpa_msg(wpa_s, MSG_DEBUG, "Setting scan interval: %d sec",
2049 scan_interval);
9e737f08 2050 wpa_supplicant_update_scan_int(wpa_s, scan_interval);
c6e86b63
MA		 2051
2052 return 0;
2053}
2054
2055
86b89452
WS		 2056/**
2057 * wpa_supplicant_set_debug_params - Set global debug params
2058 * @global: wpa_global structure
2059 * @debug_level: debug level
2060 * @debug_timestamp: determines if show timestamp in debug data
2061 * @debug_show_keys: determines if show keys in debug data
2062 * Returns: 0 if succeed or -1 if debug_level has wrong value
2063 */
2064int wpa_supplicant_set_debug_params(struct wpa_global *global, int debug_level,
2065 int debug_timestamp, int debug_show_keys)
2066{
2067
2068 int old_level, old_timestamp, old_show_keys;
2069
2070 /* check for allowed debuglevels */
14dc0011
PS		 2071 if (debug_level != MSG_EXCESSIVE &&
2072 debug_level != MSG_MSGDUMP &&
86b89452
WS		 2073 debug_level != MSG_DEBUG &&
2074 debug_level != MSG_INFO &&
2075 debug_level != MSG_WARNING &&
2076 debug_level != MSG_ERROR)
2077 return -1;
2078
2079 old_level = wpa_debug_level;
2080 old_timestamp = wpa_debug_timestamp;
2081 old_show_keys = wpa_debug_show_keys;
2082
2083 wpa_debug_level = debug_level;
2084 wpa_debug_timestamp = debug_timestamp ? 1 : 0;
2085 wpa_debug_show_keys = debug_show_keys ? 1 : 0;
2086
db9133ac
WS		 2087 if (wpa_debug_level != old_level)
2088 wpas_notify_debug_level_changed(global);
2089 if (wpa_debug_timestamp != old_timestamp)
2090 wpas_notify_debug_timestamp_changed(global);
2091 if (wpa_debug_show_keys != old_show_keys)
2092 wpas_notify_debug_show_keys_changed(global);
86b89452
WS		 2093
2094 return 0;
2095}
2096
2097
6fc6879b
JM		 2098/**
2099 * wpa_supplicant_get_ssid - Get a pointer to the current network structure
2100 * @wpa_s: Pointer to wpa_supplicant data
2101 * Returns: A pointer to the current network structure or %NULL on failure
2102 */
2103struct wpa_ssid * wpa_supplicant_get_ssid(struct wpa_supplicant *wpa_s)
2104{
2105 struct wpa_ssid *entry;
2106 u8 ssid[MAX_SSID_LEN];
2107 int res;
2108 size_t ssid_len;
2109 u8 bssid[ETH_ALEN];
2110 int wired;
2111
17fbb751
JM		 2112 res = wpa_drv_get_ssid(wpa_s, ssid);
2113 if (res < 0) {
2114 wpa_msg(wpa_s, MSG_WARNING, "Could not read SSID from "
2115 "driver");
2116 return NULL;
6fc6879b 2117 }
17fbb751 2118 ssid_len = res;
6fc6879b 2119
17fbb751 2120 if (wpa_drv_get_bssid(wpa_s, bssid) < 0) {
f049052b
BG		 2121 wpa_msg(wpa_s, MSG_WARNING, "Could not read BSSID from "
2122 "driver");
6fc6879b
JM		 2123 return NULL;
2124 }
2125
c2a04078
JM		 2126 wired = wpa_s->conf->ap_scan == 0 &&
2127 (wpa_s->drv_flags & WPA_DRIVER_FLAGS_WIRED);
6fc6879b
JM		 2128
2129 entry = wpa_s->conf->ssid;
2130 while (entry) {
349493bd 2131 if (!wpas_network_disabled(wpa_s, entry) &&
6fc6879b
JM		 2132 ((ssid_len == entry->ssid_len &&
2133 os_memcmp(ssid, entry->ssid, ssid_len) == 0) || wired) &&
2134 (!entry->bssid_set ||
2135 os_memcmp(bssid, entry->bssid, ETH_ALEN) == 0))
2136 return entry;
24c23d1b 2137#ifdef CONFIG_WPS
349493bd 2138 if (!wpas_network_disabled(wpa_s, entry) &&
24c23d1b
JM		 2139 (entry->key_mgmt & WPA_KEY_MGMT_WPS) &&
2140 (entry->ssid == NULL || entry->ssid_len == 0) &&
2141 (!entry->bssid_set ||
2142 os_memcmp(bssid, entry->bssid, ETH_ALEN) == 0))
2143 return entry;
2144#endif /* CONFIG_WPS */
7d232e23 2145
349493bd 2146 if (!wpas_network_disabled(wpa_s, entry) && entry->bssid_set &&
7d232e23
ZC		 2147 entry->ssid_len == 0 &&
2148 os_memcmp(bssid, entry->bssid, ETH_ALEN) == 0)
2149 return entry;
2150
6fc6879b
JM		 2151 entry = entry->next;
2152 }
2153
2154 return NULL;
2155}
2156
2157
7756114f
JM		 2158static int select_driver(struct wpa_supplicant *wpa_s, int i)
2159{
2160 struct wpa_global *global = wpa_s->global;
2161
2162 if (wpa_drivers[i]->global_init && global->drv_priv[i] == NULL) {
2163 global->drv_priv[i] = wpa_drivers[i]->global_init();
2164 if (global->drv_priv[i] == NULL) {
2165 wpa_printf(MSG_ERROR, "Failed to initialize driver "
2166 "'%s'", wpa_drivers[i]->name);
2167 return -1;
2168 }
2169 }
2170
2171 wpa_s->driver = wpa_drivers[i];
2172 wpa_s->global_drv_priv = global->drv_priv[i];
2173
2174 return 0;
2175}
2176
2177
6fc6879b
JM		 2178static int wpa_supplicant_set_driver(struct wpa_supplicant *wpa_s,
2179 const char *name)
2180{
2181 int i;
362f781e 2182 size_t len;
74b1c84a 2183 const char *pos, *driver = name;
6fc6879b
JM		 2184
2185 if (wpa_s == NULL)
2186 return -1;
2187
c5121837 2188 if (wpa_drivers[0] == NULL) {
f049052b
BG		 2189 wpa_msg(wpa_s, MSG_ERROR, "No driver interfaces build into "
2190 "wpa_supplicant");
6fc6879b
JM		 2191 return -1;
2192 }
2193
2194 if (name == NULL) {
2195 /* default to first driver in the list */
7756114f 2196 return select_driver(wpa_s, 0);
6fc6879b
JM		 2197 }
2198
74b1c84a
SO		 2199 do {
2200 pos = os_strchr(driver, ',');
2201 if (pos)
2202 len = pos - driver;
2203 else
2204 len = os_strlen(driver);
2205
2206 for (i = 0; wpa_drivers[i]; i++) {
2207 if (os_strlen(wpa_drivers[i]->name) == len &&
2208 os_strncmp(driver, wpa_drivers[i]->name, len) ==
0f4668ce
DW		 2209 0) {
2210 /* First driver that succeeds wins */
2211 if (select_driver(wpa_s, i) == 0)
2212 return 0;
2213 }
6fc6879b 2214 }
74b1c84a
SO		 2215
2216 driver = pos + 1;
2217 } while (pos);
6fc6879b 2218
f049052b 2219 wpa_msg(wpa_s, MSG_ERROR, "Unsupported driver '%s'", name);
6fc6879b
JM		 2220 return -1;
2221}
2222
2223
a8e0505b
JM		 2224/**
2225 * wpa_supplicant_rx_eapol - Deliver a received EAPOL frame to wpa_supplicant
2226 * @ctx: Context pointer (wpa_s); this is the ctx variable registered
2227 * with struct wpa_driver_ops::init()
2228 * @src_addr: Source address of the EAPOL frame
2229 * @buf: EAPOL data starting from the EAPOL header (i.e., no Ethernet header)
2230 * @len: Length of the EAPOL data
2231 *
2232 * This function is called for each received EAPOL frame. Most driver
2233 * interfaces rely on more generic OS mechanism for receiving frames through
2234 * l2_packet, but if such a mechanism is not available, the driver wrapper may
2235 * take care of received EAPOL frames and deliver them to the core supplicant
2236 * code by calling this function.
2237 */
6fc6879b
JM		 2238void wpa_supplicant_rx_eapol(void *ctx, const u8 *src_addr,
2239 const u8 *buf, size_t len)
2240{
2241 struct wpa_supplicant *wpa_s = ctx;
2242
f049052b 2243 wpa_dbg(wpa_s, MSG_DEBUG, "RX EAPOL from " MACSTR, MAC2STR(src_addr));
6fc6879b
JM		 2244 wpa_hexdump(MSG_MSGDUMP, "RX EAPOL", buf, len);
2245
3ab35a66
JM		 2246 if (wpa_s->wpa_state < WPA_ASSOCIATED ||
2247 (wpa_s->last_eapol_matches_bssid &&
2248#ifdef CONFIG_AP
2249 !wpa_s->ap_iface &&
2250#endif /* CONFIG_AP */
2251 os_memcmp(src_addr, wpa_s->bssid, ETH_ALEN) != 0)) {
1ff73338
JM		 2252 /*
2253 * There is possible race condition between receiving the
2254 * association event and the EAPOL frame since they are coming
2255 * through different paths from the driver. In order to avoid
2256 * issues in trying to process the EAPOL frame before receiving
2257 * association information, lets queue it for processing until
3ab35a66
JM		 2258 * the association event is received. This may also be needed in
2259 * driver-based roaming case, so also use src_addr != BSSID as a
2260 * trigger if we have previously confirmed that the
2261 * Authenticator uses BSSID as the src_addr (which is not the
2262 * case with wired IEEE 802.1X).
1ff73338 2263 */
f049052b 2264 wpa_dbg(wpa_s, MSG_DEBUG, "Not associated - Delay processing "
3ab35a66
JM		 2265 "of received EAPOL frame (state=%s bssid=" MACSTR ")",
2266 wpa_supplicant_state_txt(wpa_s->wpa_state),
2267 MAC2STR(wpa_s->bssid));
1ff73338
JM		 2268 wpabuf_free(wpa_s->pending_eapol_rx);
2269 wpa_s->pending_eapol_rx = wpabuf_alloc_copy(buf, len);
2270 if (wpa_s->pending_eapol_rx) {
2271 os_get_time(&wpa_s->pending_eapol_rx_time);
2272 os_memcpy(wpa_s->pending_eapol_rx_src, src_addr,
2273 ETH_ALEN);
2274 }
2275 return;
2276 }
2277
3ab35a66
JM		 2278 wpa_s->last_eapol_matches_bssid =
2279 os_memcmp(src_addr, wpa_s->bssid, ETH_ALEN) == 0;
2280
db149ac9
JM		 2281#ifdef CONFIG_AP
2282 if (wpa_s->ap_iface) {
2283 wpa_supplicant_ap_rx_eapol(wpa_s, src_addr, buf, len);
2284 return;
2285 }
2286#endif /* CONFIG_AP */
2287
6fc6879b 2288 if (wpa_s->key_mgmt == WPA_KEY_MGMT_NONE) {
f049052b
BG		 2289 wpa_dbg(wpa_s, MSG_DEBUG, "Ignored received EAPOL frame since "
2290 "no key management is configured");
6fc6879b
JM		 2291 return;
2292 }
2293
2294 if (wpa_s->eapol_received == 0 &&
c2a04078 2295 (!(wpa_s->drv_flags & WPA_DRIVER_FLAGS_4WAY_HANDSHAKE) ||
56586197 2296 !wpa_key_mgmt_wpa_psk(wpa_s->key_mgmt) ||
9c972abb
JM		 2297 wpa_s->wpa_state != WPA_COMPLETED) &&
2298 (wpa_s->current_ssid == NULL ||
2299 wpa_s->current_ssid->mode != IEEE80211_MODE_IBSS)) {
6fc6879b
JM		 2300 /* Timeout for completing IEEE 802.1X and WPA authentication */
2301 wpa_supplicant_req_auth_timeout(
2302 wpa_s,
56586197 2303 (wpa_key_mgmt_wpa_ieee8021x(wpa_s->key_mgmt) ||
a6f06dab
AT		 2304 wpa_s->key_mgmt == WPA_KEY_MGMT_IEEE8021X_NO_WPA ||
2305 wpa_s->key_mgmt == WPA_KEY_MGMT_WPS) ?
6fc6879b
JM		 2306 70 : 10, 0);
2307 }
2308 wpa_s->eapol_received++;
2309
2310 if (wpa_s->countermeasures) {
f049052b
BG		 2311 wpa_msg(wpa_s, MSG_INFO, "WPA: Countermeasures - dropped "
2312 "EAPOL packet");
6fc6879b
JM		 2313 return;
2314 }
2315
8be18440
JM		 2316#ifdef CONFIG_IBSS_RSN
2317 if (wpa_s->current_ssid &&
d7dcba70 2318 wpa_s->current_ssid->mode == WPAS_MODE_IBSS) {
8be18440
JM		 2319 ibss_rsn_rx_eapol(wpa_s->ibss_rsn, src_addr, buf, len);
2320 return;
2321 }
2322#endif /* CONFIG_IBSS_RSN */
2323
6fc6879b
JM		 2324 /* Source address of the incoming EAPOL frame could be compared to the
2325 * current BSSID. However, it is possible that a centralized
2326 * Authenticator could be using another MAC address than the BSSID of
2327 * an AP, so just allow any address to be used for now. The replies are
2328 * still sent to the current BSSID (if available), though. */
2329
2330 os_memcpy(wpa_s->last_eapol_src, src_addr, ETH_ALEN);
56586197 2331 if (!wpa_key_mgmt_wpa_psk(wpa_s->key_mgmt) &&
6fc6879b
JM		 2332 eapol_sm_rx_eapol(wpa_s->eapol, src_addr, buf, len) > 0)
2333 return;
2334 wpa_drv_poll(wpa_s);
c2a04078 2335 if (!(wpa_s->drv_flags & WPA_DRIVER_FLAGS_4WAY_HANDSHAKE))
6fc6879b 2336 wpa_sm_rx_eapol(wpa_s->wpa, src_addr, buf, len);
56586197 2337 else if (wpa_key_mgmt_wpa_ieee8021x(wpa_s->key_mgmt)) {
6fc6879b
JM		 2338 /*
2339 * Set portValid = TRUE here since we are going to skip 4-way
2340 * handshake processing which would normally set portValid. We
2341 * need this to allow the EAPOL state machines to be completed
2342 * without going through EAPOL-Key handshake.
2343 */
2344 eapol_sm_notify_portValid(wpa_s->eapol, TRUE);
2345 }
2346}
2347
2348
bfba8deb 2349int wpa_supplicant_update_mac_addr(struct wpa_supplicant *wpa_s)
6fc6879b 2350{
6fc6879b
JM		 2351 if (wpa_s->driver->send_eapol) {
2352 const u8 *addr = wpa_drv_get_mac_addr(wpa_s);
2353 if (addr)
2354 os_memcpy(wpa_s->own_addr, addr, ETH_ALEN);
1c42b42f
JM		 2355 } else if ((!wpa_s->p2p_mgmt ||
2356 !(wpa_s->drv_flags &
2357 WPA_DRIVER_FLAGS_DEDICATED_P2P_DEVICE)) &&
c68f6200 2358 !(wpa_s->drv_flags &
fdadd5fe 2359 WPA_DRIVER_FLAGS_P2P_DEDICATED_INTERFACE)) {
bfba8deb 2360 l2_packet_deinit(wpa_s->l2);
6fc6879b
JM		 2361 wpa_s->l2 = l2_packet_init(wpa_s->ifname,
2362 wpa_drv_get_mac_addr(wpa_s),
2363 ETH_P_EAPOL,
2364 wpa_supplicant_rx_eapol, wpa_s, 0);
2365 if (wpa_s->l2 == NULL)
2366 return -1;
fdadd5fe
JM		 2367 } else {
2368 const u8 *addr = wpa_drv_get_mac_addr(wpa_s);
2369 if (addr)
2370 os_memcpy(wpa_s->own_addr, addr, ETH_ALEN);
6fc6879b
JM		 2371 }
2372
2373 if (wpa_s->l2 && l2_packet_get_own_addr(wpa_s->l2, wpa_s->own_addr)) {
f049052b 2374 wpa_msg(wpa_s, MSG_ERROR, "Failed to get own L2 address");
6fc6879b
JM		 2375 return -1;
2376 }
2377
bfba8deb
JM		 2378 return 0;
2379}
2380
2381
25f839c6
JM		 2382static void wpa_supplicant_rx_eapol_bridge(void *ctx, const u8 *src_addr,
2383 const u8 *buf, size_t len)
2384{
2385 struct wpa_supplicant *wpa_s = ctx;
2386 const struct l2_ethhdr *eth;
2387
2388 if (len < sizeof(*eth))
2389 return;
2390 eth = (const struct l2_ethhdr *) buf;
2391
2392 if (os_memcmp(eth->h_dest, wpa_s->own_addr, ETH_ALEN) != 0 &&
2393 !(eth->h_dest[0] & 0x01)) {
2394 wpa_dbg(wpa_s, MSG_DEBUG, "RX EAPOL from " MACSTR " to " MACSTR
2395 " (bridge - not for this interface - ignore)",
2396 MAC2STR(src_addr), MAC2STR(eth->h_dest));
2397 return;
2398 }
2399
2400 wpa_dbg(wpa_s, MSG_DEBUG, "RX EAPOL from " MACSTR " to " MACSTR
2401 " (bridge)", MAC2STR(src_addr), MAC2STR(eth->h_dest));
2402 wpa_supplicant_rx_eapol(wpa_s, src_addr, buf + sizeof(*eth),
2403 len - sizeof(*eth));
2404}
2405
2406
bfba8deb
JM		 2407/**
2408 * wpa_supplicant_driver_init - Initialize driver interface parameters
2409 * @wpa_s: Pointer to wpa_supplicant data
2410 * Returns: 0 on success, -1 on failure
2411 *
2412 * This function is called to initialize driver interface parameters.
2413 * wpa_drv_init() must have been called before this function to initialize the
2414 * driver interface.
2415 */
2416int wpa_supplicant_driver_init(struct wpa_supplicant *wpa_s)
2417{
2418 static int interface_count = 0;
2419
2420 if (wpa_supplicant_update_mac_addr(wpa_s) < 0)
2421 return -1;
2422
c68f6200
AS		 2423 wpa_dbg(wpa_s, MSG_DEBUG, "Own MAC address: " MACSTR,
2424 MAC2STR(wpa_s->own_addr));
2425 wpa_sm_set_own_addr(wpa_s->wpa, wpa_s->own_addr);
2426
6fc6879b 2427 if (wpa_s->bridge_ifname[0]) {
f049052b
BG		 2428 wpa_dbg(wpa_s, MSG_DEBUG, "Receiving packets from bridge "
2429 "interface '%s'", wpa_s->bridge_ifname);
6fc6879b
JM		 2430 wpa_s->l2_br = l2_packet_init(wpa_s->bridge_ifname,
2431 wpa_s->own_addr,
2432 ETH_P_EAPOL,
25f839c6
JM		 2433 wpa_supplicant_rx_eapol_bridge,
2434 wpa_s, 1);
6fc6879b 2435 if (wpa_s->l2_br == NULL) {
f049052b
BG		 2436 wpa_msg(wpa_s, MSG_ERROR, "Failed to open l2_packet "
2437 "connection for the bridge interface '%s'",
2438 wpa_s->bridge_ifname);
6fc6879b
JM		 2439 return -1;
2440 }
2441 }
2442
6fc6879b
JM		 2443 wpa_clear_keys(wpa_s, NULL);
2444
2445 /* Make sure that TKIP countermeasures are not left enabled (could
2446 * happen if wpa_supplicant is killed during countermeasures. */
2447 wpa_drv_set_countermeasures(wpa_s, 0);
2448
f049052b 2449 wpa_dbg(wpa_s, MSG_DEBUG, "RSN: flushing PMKID list in the driver");
6fc6879b
JM		 2450 wpa_drv_flush_pmkid(wpa_s);
2451
ba2a573c 2452 wpa_s->prev_scan_ssid = WILDCARD_SSID_SCAN;
b3aa456b
ES		 2453 wpa_s->prev_scan_wildcard = 0;
2454
349493bd 2455 if (wpa_supplicant_enabled_networks(wpa_s)) {
6a90053c
LC		 2456 if (wpa_supplicant_delayed_sched_scan(wpa_s, interface_count,
2457 100000))
a4cba8f1
LC		 2458 wpa_supplicant_req_scan(wpa_s, interface_count,
2459 100000);
74e259ec
JM		 2460 interface_count++;
2461 } else
2462 wpa_supplicant_set_state(wpa_s, WPA_INACTIVE);
6fc6879b
JM		 2463
2464 return 0;
2465}
2466
2467
2468static int wpa_supplicant_daemon(const char *pid_file)
2469{
2470 wpa_printf(MSG_DEBUG, "Daemonize..");
2471 return os_daemonize(pid_file);
2472}
2473
2474
2475static struct wpa_supplicant * wpa_supplicant_alloc(void)
2476{
2477 struct wpa_supplicant *wpa_s;
2478
2479 wpa_s = os_zalloc(sizeof(*wpa_s));
2480 if (wpa_s == NULL)
2481 return NULL;
4115303b 2482 wpa_s->scan_req = INITIAL_SCAN_REQ;
67b9bd08 2483 wpa_s->scan_interval = 5;
c302f207 2484 wpa_s->new_connection = 1;
b22128ef 2485 wpa_s->parent = wpa_s;
cbdf3507 2486 wpa_s->sched_scanning = 0;
6fc6879b
JM		 2487
2488 return wpa_s;
2489}
2490
2491
80e8a5ee
BG		 2492#ifdef CONFIG_HT_OVERRIDES
2493
2494static int wpa_set_htcap_mcs(struct wpa_supplicant *wpa_s,
2495 struct ieee80211_ht_capabilities *htcaps,
2496 struct ieee80211_ht_capabilities *htcaps_mask,
2497 const char *ht_mcs)
2498{
2499 /* parse ht_mcs into hex array */
2500 int i;
2501 const char *tmp = ht_mcs;
2502 char *end = NULL;
2503
2504 /* If ht_mcs is null, do not set anything */
2505 if (!ht_mcs)
2506 return 0;
2507
2508 /* This is what we are setting in the kernel */
2509 os_memset(&htcaps->supported_mcs_set, 0, IEEE80211_HT_MCS_MASK_LEN);
2510
2511 wpa_msg(wpa_s, MSG_DEBUG, "set_htcap, ht_mcs -:%s:-", ht_mcs);
2512
2513 for (i = 0; i < IEEE80211_HT_MCS_MASK_LEN; i++) {
2514 errno = 0;
2515 long v = strtol(tmp, &end, 16);
2516 if (errno == 0) {
2517 wpa_msg(wpa_s, MSG_DEBUG,
2518 "htcap value[%i]: %ld end: %p tmp: %p",
2519 i, v, end, tmp);
2520 if (end == tmp)
2521 break;
2522
2523 htcaps->supported_mcs_set[i] = v;
2524 tmp = end;
2525 } else {
2526 wpa_msg(wpa_s, MSG_ERROR,
2527 "Failed to parse ht-mcs: %s, error: %s\n",
2528 ht_mcs, strerror(errno));
2529 return -1;
2530 }
2531 }
2532
2533 /*
2534 * If we were able to parse any values, then set mask for the MCS set.
2535 */
2536 if (i) {
2537 os_memset(&htcaps_mask->supported_mcs_set, 0xff,
2538 IEEE80211_HT_MCS_MASK_LEN - 1);
2539 /* skip the 3 reserved bits */
2540 htcaps_mask->supported_mcs_set[IEEE80211_HT_MCS_MASK_LEN - 1] =
2541 0x1f;
2542 }
2543
2544 return 0;
2545}
2546
2547
2548static int wpa_disable_max_amsdu(struct wpa_supplicant *wpa_s,
2549 struct ieee80211_ht_capabilities *htcaps,
2550 struct ieee80211_ht_capabilities *htcaps_mask,
2551 int disabled)
2552{
2553 u16 msk;
2554
2555 wpa_msg(wpa_s, MSG_DEBUG, "set_disable_max_amsdu: %d", disabled);
2556
2557 if (disabled == -1)
2558 return 0;
2559
2560 msk = host_to_le16(HT_CAP_INFO_MAX_AMSDU_SIZE);
2561 htcaps_mask->ht_capabilities_info |= msk;
2562 if (disabled)
2563 htcaps->ht_capabilities_info &= msk;
2564 else
2565 htcaps->ht_capabilities_info |= msk;
2566
2567 return 0;
2568}
2569
2570
2571static int wpa_set_ampdu_factor(struct wpa_supplicant *wpa_s,
2572 struct ieee80211_ht_capabilities *htcaps,
2573 struct ieee80211_ht_capabilities *htcaps_mask,
2574 int factor)
2575{
2576 wpa_msg(wpa_s, MSG_DEBUG, "set_ampdu_factor: %d", factor);
2577
2578 if (factor == -1)
2579 return 0;
2580
2581 if (factor < 0 || factor > 3) {
2582 wpa_msg(wpa_s, MSG_ERROR, "ampdu_factor: %d out of range. "
2583 "Must be 0-3 or -1", factor);
2584 return -EINVAL;
2585 }
2586
2587 htcaps_mask->a_mpdu_params |= 0x3; /* 2 bits for factor */
2588 htcaps->a_mpdu_params &= ~0x3;
2589 htcaps->a_mpdu_params |= factor & 0x3;
2590
2591 return 0;
2592}
2593
2594
2595static int wpa_set_ampdu_density(struct wpa_supplicant *wpa_s,
2596 struct ieee80211_ht_capabilities *htcaps,
2597 struct ieee80211_ht_capabilities *htcaps_mask,
2598 int density)
2599{
2600 wpa_msg(wpa_s, MSG_DEBUG, "set_ampdu_density: %d", density);
2601
2602 if (density == -1)
2603 return 0;
2604
2605 if (density < 0 || density > 7) {
2606 wpa_msg(wpa_s, MSG_ERROR,
2607 "ampdu_density: %d out of range. Must be 0-7 or -1.",
2608 density);
2609 return -EINVAL;
2610 }
2611
2612 htcaps_mask->a_mpdu_params |= 0x1C;
2613 htcaps->a_mpdu_params &= ~(0x1C);
2614 htcaps->a_mpdu_params |= (density << 2) & 0x1C;
2615
2616 return 0;
2617}
2618
2619
2620static int wpa_set_disable_ht40(struct wpa_supplicant *wpa_s,
2621 struct ieee80211_ht_capabilities *htcaps,
2622 struct ieee80211_ht_capabilities *htcaps_mask,
2623 int disabled)
2624{
2625 /* Masking these out disables HT40 */
2626 u16 msk = host_to_le16(HT_CAP_INFO_SUPP_CHANNEL_WIDTH_SET |
2627 HT_CAP_INFO_SHORT_GI40MHZ);
2628
2629 wpa_msg(wpa_s, MSG_DEBUG, "set_disable_ht40: %d", disabled);
2630
2631 if (disabled)
2632 htcaps->ht_capabilities_info &= ~msk;
2633 else
2634 htcaps->ht_capabilities_info |= msk;
2635
2636 htcaps_mask->ht_capabilities_info |= msk;
2637
2638 return 0;
2639}
2640
2641
a90497f8
BG		 2642static int wpa_set_disable_sgi(struct wpa_supplicant *wpa_s,
2643 struct ieee80211_ht_capabilities *htcaps,
2644 struct ieee80211_ht_capabilities *htcaps_mask,
2645 int disabled)
2646{
2647 /* Masking these out disables SGI */
2648 u16 msk = host_to_le16(HT_CAP_INFO_SHORT_GI20MHZ |
2649 HT_CAP_INFO_SHORT_GI40MHZ);
2650
2651 wpa_msg(wpa_s, MSG_DEBUG, "set_disable_sgi: %d", disabled);
2652
2653 if (disabled)
2654 htcaps->ht_capabilities_info &= ~msk;
2655 else
2656 htcaps->ht_capabilities_info |= msk;
2657
2658 htcaps_mask->ht_capabilities_info |= msk;
2659
2660 return 0;
2661}
2662
2663
80e8a5ee
BG		 2664void wpa_supplicant_apply_ht_overrides(
2665 struct wpa_supplicant *wpa_s, struct wpa_ssid *ssid,
2666 struct wpa_driver_associate_params *params)
2667{
2668 struct ieee80211_ht_capabilities *htcaps;
2669 struct ieee80211_ht_capabilities *htcaps_mask;
2670
2671 if (!ssid)
2672 return;
2673
2674 params->disable_ht = ssid->disable_ht;
2675 if (!params->htcaps || !params->htcaps_mask)
2676 return;
2677
2678 htcaps = (struct ieee80211_ht_capabilities *) params->htcaps;
2679 htcaps_mask = (struct ieee80211_ht_capabilities *) params->htcaps_mask;
2680 wpa_set_htcap_mcs(wpa_s, htcaps, htcaps_mask, ssid->ht_mcs);
2681 wpa_disable_max_amsdu(wpa_s, htcaps, htcaps_mask,
2682 ssid->disable_max_amsdu);
2683 wpa_set_ampdu_factor(wpa_s, htcaps, htcaps_mask, ssid->ampdu_factor);
2684 wpa_set_ampdu_density(wpa_s, htcaps, htcaps_mask, ssid->ampdu_density);
2685 wpa_set_disable_ht40(wpa_s, htcaps, htcaps_mask, ssid->disable_ht40);
a90497f8 2686 wpa_set_disable_sgi(wpa_s, htcaps, htcaps_mask, ssid->disable_sgi);
80e8a5ee
BG		 2687}
2688
2689#endif /* CONFIG_HT_OVERRIDES */
2690
2691
e9ee8dc3
JB		 2692#ifdef CONFIG_VHT_OVERRIDES
2693void wpa_supplicant_apply_vht_overrides(
2694 struct wpa_supplicant *wpa_s, struct wpa_ssid *ssid,
2695 struct wpa_driver_associate_params *params)
2696{
2697 struct ieee80211_vht_capabilities *vhtcaps;
2698 struct ieee80211_vht_capabilities *vhtcaps_mask;
2699
2700 if (!ssid)
2701 return;
2702
2703 params->disable_vht = ssid->disable_vht;
2704
2705 vhtcaps = (void *) params->vhtcaps;
2706 vhtcaps_mask = (void *) params->vhtcaps_mask;
2707
2708 if (!vhtcaps || !vhtcaps_mask)
2709 return;
2710
2711 vhtcaps->vht_capabilities_info = ssid->vht_capa;
2712 vhtcaps_mask->vht_capabilities_info = ssid->vht_capa_mask;
2713
2714#define OVERRIDE_MCS(i) \
2715 if (ssid->vht_tx_mcs_nss_ ##i >= 0) { \
2716 vhtcaps_mask->vht_supported_mcs_set.tx_map |= \
2717 3 << 2 * (i - 1); \
2718 vhtcaps->vht_supported_mcs_set.tx_map |= \
2719 ssid->vht_tx_mcs_nss_ ##i << 2 * (i - 1); \
2720 } \
2721 if (ssid->vht_rx_mcs_nss_ ##i >= 0) { \
2722 vhtcaps_mask->vht_supported_mcs_set.rx_map |= \
2723 3 << 2 * (i - 1); \
2724 vhtcaps->vht_supported_mcs_set.rx_map |= \
2725 ssid->vht_rx_mcs_nss_ ##i << 2 * (i - 1); \
2726 }
2727
2728 OVERRIDE_MCS(1);
2729 OVERRIDE_MCS(2);
2730 OVERRIDE_MCS(3);
2731 OVERRIDE_MCS(4);
2732 OVERRIDE_MCS(5);
2733 OVERRIDE_MCS(6);
2734 OVERRIDE_MCS(7);
2735 OVERRIDE_MCS(8);
2736}
2737#endif /* CONFIG_VHT_OVERRIDES */
2738
2739
f64adcd7
JM		 2740static int pcsc_reader_init(struct wpa_supplicant *wpa_s)
2741{
2742#ifdef PCSC_FUNCS
2743 size_t len;
2744
2745 if (!wpa_s->conf->pcsc_reader)
2746 return 0;
2747
2748 wpa_s->scard = scard_init(SCARD_TRY_BOTH, wpa_s->conf->pcsc_reader);
2749 if (!wpa_s->scard)
2750 return 1;
2751
2752 if (wpa_s->conf->pcsc_pin &&
2753 scard_set_pin(wpa_s->scard, wpa_s->conf->pcsc_pin) < 0) {
2754 scard_deinit(wpa_s->scard);
2755 wpa_s->scard = NULL;
2756 wpa_msg(wpa_s, MSG_ERROR, "PC/SC PIN validation failed");
2757 return -1;
2758 }
2759
2760 len = sizeof(wpa_s->imsi) - 1;
2761 if (scard_get_imsi(wpa_s->scard, wpa_s->imsi, &len)) {
2762 scard_deinit(wpa_s->scard);
2763 wpa_s->scard = NULL;
2764 wpa_msg(wpa_s, MSG_ERROR, "Could not read IMSI");
2765 return -1;
2766 }
2767 wpa_s->imsi[len] = '\0';
2768
2769 wpa_s->mnc_len = scard_get_mnc_len(wpa_s->scard);
2770
2771 wpa_printf(MSG_DEBUG, "SCARD: IMSI %s (MNC length %d)",
2772 wpa_s->imsi, wpa_s->mnc_len);
2773
2774 wpa_sm_set_scard_ctx(wpa_s->wpa, wpa_s->scard);
2775 eapol_sm_register_scard_ctx(wpa_s->eapol, wpa_s->scard);
2776#endif /* PCSC_FUNCS */
2777
2778 return 0;
2779}
2780
2781
306ae225
JM		 2782int wpas_init_ext_pw(struct wpa_supplicant *wpa_s)
2783{
2784 char *val, *pos;
2785
2786 ext_password_deinit(wpa_s->ext_pw);
2787 wpa_s->ext_pw = NULL;
2788 eapol_sm_set_ext_pw_ctx(wpa_s->eapol, NULL);
2789
2790 if (!wpa_s->conf->ext_password_backend)
2791 return 0;
2792
2793 val = os_strdup(wpa_s->conf->ext_password_backend);
2794 if (val == NULL)
2795 return -1;
2796 pos = os_strchr(val, ':');
2797 if (pos)
2798 *pos++ = '\0';
2799
2800 wpa_printf(MSG_DEBUG, "EXT PW: Initialize backend '%s'", val);
2801
2802 wpa_s->ext_pw = ext_password_init(val, pos);
2803 os_free(val);
2804 if (wpa_s->ext_pw == NULL) {
2805 wpa_printf(MSG_DEBUG, "EXT PW: Failed to initialize backend");
2806 return -1;
2807 }
2808 eapol_sm_set_ext_pw_ctx(wpa_s->eapol, wpa_s->ext_pw);
2809
2810 return 0;
2811}
2812
2813
6fc6879b
JM		 2814static int wpa_supplicant_init_iface(struct wpa_supplicant *wpa_s,
2815 struct wpa_interface *iface)
2816{
362f781e
JM		 2817 const char *ifname, *driver;
2818 struct wpa_driver_capa capa;
2819
6fc6879b
JM		 2820 wpa_printf(MSG_DEBUG, "Initializing interface '%s' conf '%s' driver "
2821 "'%s' ctrl_interface '%s' bridge '%s'", iface->ifname,
2822 iface->confname ? iface->confname : "N/A",
2823 iface->driver ? iface->driver : "default",
2824 iface->ctrl_interface ? iface->ctrl_interface : "N/A",
2825 iface->bridge_ifname ? iface->bridge_ifname : "N/A");
2826
6fc6879b
JM		 2827 if (iface->confname) {
2828#ifdef CONFIG_BACKEND_FILE
2829 wpa_s->confname = os_rel2abs_path(iface->confname);
2830 if (wpa_s->confname == NULL) {
2831 wpa_printf(MSG_ERROR, "Failed to get absolute path "
2832 "for configuration file '%s'.",
2833 iface->confname);
2834 return -1;
2835 }
2836 wpa_printf(MSG_DEBUG, "Configuration file '%s' -> '%s'",
2837 iface->confname, wpa_s->confname);
2838#else /* CONFIG_BACKEND_FILE */
2839 wpa_s->confname = os_strdup(iface->confname);
2840#endif /* CONFIG_BACKEND_FILE */
e6304cad 2841 wpa_s->conf = wpa_config_read(wpa_s->confname, NULL);
6fc6879b
JM		 2842 if (wpa_s->conf == NULL) {
2843 wpa_printf(MSG_ERROR, "Failed to read or parse "
2844 "configuration '%s'.", wpa_s->confname);
2845 return -1;
2846 }
e6304cad
DS		 2847 wpa_s->confanother = os_rel2abs_path(iface->confanother);
2848 wpa_config_read(wpa_s->confanother, wpa_s->conf);
6fc6879b
JM		 2849
2850 /*
2851 * Override ctrl_interface and driver_param if set on command
2852 * line.
2853 */
2854 if (iface->ctrl_interface) {
2855 os_free(wpa_s->conf->ctrl_interface);
2856 wpa_s->conf->ctrl_interface =
2857 os_strdup(iface->ctrl_interface);
2858 }
2859
2860 if (iface->driver_param) {
2861 os_free(wpa_s->conf->driver_param);
2862 wpa_s->conf->driver_param =
2863 os_strdup(iface->driver_param);
2864 }
78f79fe5
JM		 2865
2866 if (iface->p2p_mgmt && !iface->ctrl_interface) {
2867 os_free(wpa_s->conf->ctrl_interface);
2868 wpa_s->conf->ctrl_interface = NULL;
2869 }
6fc6879b
JM		 2870 } else
2871 wpa_s->conf = wpa_config_alloc_empty(iface->ctrl_interface,
2872 iface->driver_param);
2873
2874 if (wpa_s->conf == NULL) {
2875 wpa_printf(MSG_ERROR, "\nNo configuration found.");
2876 return -1;
2877 }
2878
2879 if (iface->ifname == NULL) {
2880 wpa_printf(MSG_ERROR, "\nInterface name is required.");
2881 return -1;
2882 }
2883 if (os_strlen(iface->ifname) >= sizeof(wpa_s->ifname)) {
2884 wpa_printf(MSG_ERROR, "\nToo long interface name '%s'.",
2885 iface->ifname);
2886 return -1;
2887 }
2888 os_strlcpy(wpa_s->ifname, iface->ifname, sizeof(wpa_s->ifname));
2889
2890 if (iface->bridge_ifname) {
2891 if (os_strlen(iface->bridge_ifname) >=
2892 sizeof(wpa_s->bridge_ifname)) {
2893 wpa_printf(MSG_ERROR, "\nToo long bridge interface "
2894 "name '%s'.", iface->bridge_ifname);
2895 return -1;
2896 }
2897 os_strlcpy(wpa_s->bridge_ifname, iface->bridge_ifname,
2898 sizeof(wpa_s->bridge_ifname));
2899 }
2900
6fc6879b
JM		 2901 /* RSNA Supplicant Key Management - INITIALIZE */
2902 eapol_sm_notify_portEnabled(wpa_s->eapol, FALSE);
2903 eapol_sm_notify_portValid(wpa_s->eapol, FALSE);
2904
2905 /* Initialize driver interface and register driver event handler before
2906 * L2 receive handler so that association events are processed before
2907 * EAPOL-Key packets if both become available for the same select()
2908 * call. */
362f781e
JM		 2909 driver = iface->driver;
2910next_driver:
2911 if (wpa_supplicant_set_driver(wpa_s, driver) < 0)
2912 return -1;
2913
6fc6879b
JM		 2914 wpa_s->drv_priv = wpa_drv_init(wpa_s, wpa_s->ifname);
2915 if (wpa_s->drv_priv == NULL) {
362f781e 2916 const char *pos;
a5b9337f 2917 pos = driver ? os_strchr(driver, ',') : NULL;
362f781e 2918 if (pos) {
f049052b
BG		 2919 wpa_dbg(wpa_s, MSG_DEBUG, "Failed to initialize "
2920 "driver interface - try next driver wrapper");
362f781e
JM		 2921 driver = pos + 1;
2922 goto next_driver;
2923 }
f049052b
BG		 2924 wpa_msg(wpa_s, MSG_ERROR, "Failed to initialize driver "
2925 "interface");
6fc6879b
JM		 2926 return -1;
2927 }
2928 if (wpa_drv_set_param(wpa_s, wpa_s->conf->driver_param) < 0) {
f049052b
BG		 2929 wpa_msg(wpa_s, MSG_ERROR, "Driver interface rejected "
2930 "driver_param '%s'", wpa_s->conf->driver_param);
6fc6879b
JM		 2931 return -1;
2932 }
2933
2934 ifname = wpa_drv_get_ifname(wpa_s);
2935 if (ifname && os_strcmp(ifname, wpa_s->ifname) != 0) {
f049052b
BG		 2936 wpa_dbg(wpa_s, MSG_DEBUG, "Driver interface replaced "
2937 "interface name with '%s'", ifname);
6fc6879b
JM		 2938 os_strlcpy(wpa_s->ifname, ifname, sizeof(wpa_s->ifname));
2939 }
2940
2941 if (wpa_supplicant_init_wpa(wpa_s) < 0)
2942 return -1;
2943
2944 wpa_sm_set_ifname(wpa_s->wpa, wpa_s->ifname,
2945 wpa_s->bridge_ifname[0] ? wpa_s->bridge_ifname :
2946 NULL);
2947 wpa_sm_set_fast_reauth(wpa_s->wpa, wpa_s->conf->fast_reauth);
2948
2949 if (wpa_s->conf->dot11RSNAConfigPMKLifetime &&
2950 wpa_sm_set_param(wpa_s->wpa, RSNA_PMK_LIFETIME,
2951 wpa_s->conf->dot11RSNAConfigPMKLifetime)) {
f049052b
BG		 2952 wpa_msg(wpa_s, MSG_ERROR, "Invalid WPA parameter value for "
2953 "dot11RSNAConfigPMKLifetime");
6fc6879b
JM		 2954 return -1;
2955 }
2956
2957 if (wpa_s->conf->dot11RSNAConfigPMKReauthThreshold &&
2958 wpa_sm_set_param(wpa_s->wpa, RSNA_PMK_REAUTH_THRESHOLD,
2959 wpa_s->conf->dot11RSNAConfigPMKReauthThreshold)) {
f049052b 2960 wpa_msg(wpa_s, MSG_ERROR, "Invalid WPA parameter value for "
6fc6879b
JM		 2961 "dot11RSNAConfigPMKReauthThreshold");
2962 return -1;
2963 }
2964
2965 if (wpa_s->conf->dot11RSNAConfigSATimeout &&
2966 wpa_sm_set_param(wpa_s->wpa, RSNA_SA_TIMEOUT,
2967 wpa_s->conf->dot11RSNAConfigSATimeout)) {
f049052b
BG		 2968 wpa_msg(wpa_s, MSG_ERROR, "Invalid WPA parameter value for "
2969 "dot11RSNAConfigSATimeout");
6fc6879b
JM		 2970 return -1;
2971 }
2972
6bf731e8
CL		 2973 wpa_s->hw.modes = wpa_drv_get_hw_feature_data(wpa_s,
2974 &wpa_s->hw.num_modes,
2975 &wpa_s->hw.flags);
2976
814782b9 2977 if (wpa_drv_get_capa(wpa_s, &capa) == 0) {
c58ab8f2 2978 wpa_s->drv_capa_known = 1;
814782b9 2979 wpa_s->drv_flags = capa.flags;
349493bd 2980 wpa_s->drv_enc = capa.enc;
4f73d88a 2981 wpa_s->probe_resp_offloads = capa.probe_resp_offloads;
814782b9 2982 wpa_s->max_scan_ssids = capa.max_scan_ssids;
cbdf3507
LC		 2983 wpa_s->max_sched_scan_ssids = capa.max_sched_scan_ssids;
2984 wpa_s->sched_scan_supported = capa.sched_scan_supported;
b59e6f26 2985 wpa_s->max_match_sets = capa.max_match_sets;
814782b9 2986 wpa_s->max_remain_on_chan = capa.max_remain_on_chan;
c4ea4c5c 2987 wpa_s->max_stations = capa.max_stations;
8cd6b7bc
JB		 2988 wpa_s->extended_capa = capa.extended_capa;
2989 wpa_s->extended_capa_mask = capa.extended_capa_mask;
2990 wpa_s->extended_capa_len = capa.extended_capa_len;
4752147d
IP		 2991 wpa_s->num_multichan_concurrent =
2992 capa.num_multichan_concurrent;
814782b9
JM		 2993 }
2994 if (wpa_s->max_remain_on_chan == 0)
2995 wpa_s->max_remain_on_chan = 1000;
2996
c68f6200
AS		 2997 /*
2998 * Only take p2p_mgmt parameters when P2P Device is supported.
2999 * Doing it here as it determines whether l2_packet_init() will be done
3000 * during wpa_supplicant_driver_init().
3001 */
3002 if (wpa_s->drv_flags & WPA_DRIVER_FLAGS_DEDICATED_P2P_DEVICE)
3003 wpa_s->p2p_mgmt = iface->p2p_mgmt;
3004 else
3005 iface->p2p_mgmt = 1;
3006
4752147d
IP		 3007 if (wpa_s->num_multichan_concurrent == 0)
3008 wpa_s->num_multichan_concurrent = 1;
3009
6fc6879b
JM		 3010 if (wpa_supplicant_driver_init(wpa_s) < 0)
3011 return -1;
3012
281ff0aa 3013#ifdef CONFIG_TDLS
1c42b42f
JM		 3014 if ((!iface->p2p_mgmt ||
3015 !(wpa_s->drv_flags &
3016 WPA_DRIVER_FLAGS_DEDICATED_P2P_DEVICE)) &&
3017 wpa_tdls_init(wpa_s->wpa))
281ff0aa
GP		 3018 return -1;
3019#endif /* CONFIG_TDLS */
3020
315ce40a
JM		 3021 if (wpa_s->conf->country[0] && wpa_s->conf->country[1] &&
3022 wpa_drv_set_country(wpa_s, wpa_s->conf->country)) {
f049052b 3023 wpa_dbg(wpa_s, MSG_DEBUG, "Failed to set country");
6d158490
LR		 3024 return -1;
3025 }
3026
116654ce
JM		 3027 if (wpas_wps_init(wpa_s))
3028 return -1;
3029
6fc6879b
JM		 3030 if (wpa_supplicant_init_eapol(wpa_s) < 0)
3031 return -1;
3032 wpa_sm_set_eapol(wpa_s->wpa, wpa_s->eapol);
3033
3034 wpa_s->ctrl_iface = wpa_supplicant_ctrl_iface_init(wpa_s);
3035 if (wpa_s->ctrl_iface == NULL) {
3036 wpa_printf(MSG_ERROR,
3037 "Failed to initialize control interface '%s'.\n"
3038 "You may have another wpa_supplicant process "
3039 "already running or the file was\n"
3040 "left by an unclean termination of wpa_supplicant "
3041 "in which case you will need\n"
3042 "to manually remove this file before starting "
3043 "wpa_supplicant again.\n",
3044 wpa_s->conf->ctrl_interface);
3045 return -1;
3046 }
3047
04ea7b79
JM		 3048 wpa_s->gas = gas_query_init(wpa_s);
3049 if (wpa_s->gas == NULL) {
3050 wpa_printf(MSG_ERROR, "Failed to initialize GAS query");
3051 return -1;
3052 }
3053
b22128ef 3054#ifdef CONFIG_P2P
c68f6200 3055 if (iface->p2p_mgmt && wpas_p2p_init(wpa_s->global, wpa_s) < 0) {
f049052b 3056 wpa_msg(wpa_s, MSG_ERROR, "Failed to init P2P");
b22128ef
JM		 3057 return -1;
3058 }
3059#endif /* CONFIG_P2P */
3060
83922c2d
JM		 3061 if (wpa_bss_init(wpa_s) < 0)
3062 return -1;
83922c2d 3063
ec7b97ab
JM		 3064#ifdef CONFIG_EAP_PROXY
3065{
3066 size_t len;
3067 wpa_s->mnc_len = eap_proxy_get_imsi(wpa_s->imsi, &len);
3068 if (wpa_s->mnc_len > 0) {
3069 wpa_s->imsi[len] = '\0';
3070 wpa_printf(MSG_DEBUG, "eap_proxy: IMSI %s (MNC length %d)",
3071 wpa_s->imsi, wpa_s->mnc_len);
3072 } else {
3073 wpa_printf(MSG_DEBUG, "eap_proxy: IMSI not available");
3074 }
3075}
3076#endif /* CONFIG_EAP_PROXY */
3077
f64adcd7
JM		 3078 if (pcsc_reader_init(wpa_s) < 0)
3079 return -1;
3080
306ae225
JM		 3081 if (wpas_init_ext_pw(wpa_s) < 0)
3082 return -1;
3083
6fc6879b
JM		 3084 return 0;
3085}
3086
3087
2ee055b3 3088static void wpa_supplicant_deinit_iface(struct wpa_supplicant *wpa_s,
df509539 3089 int notify, int terminate)
6fc6879b 3090{
e679f140 3091 wpa_s->disconnected = 1;
6fc6879b
JM		 3092 if (wpa_s->drv_priv) {
3093 wpa_supplicant_deauthenticate(wpa_s,
3094 WLAN_REASON_DEAUTH_LEAVING);
3095
6fc6879b
JM		 3096 wpa_drv_set_countermeasures(wpa_s, 0);
3097 wpa_clear_keys(wpa_s, NULL);
3098 }
3099
8e56d189
JM		 3100 wpa_supplicant_cleanup(wpa_s);
3101
ab28911d
JM		 3102#ifdef CONFIG_P2P
3103 if (wpa_s == wpa_s->global->p2p_init_wpa_s && wpa_s->global->p2p) {
3104 wpa_dbg(wpa_s, MSG_DEBUG, "P2P: Disable P2P since removing "
3105 "the management interface is being removed");
3106 wpas_p2p_deinit_global(wpa_s->global);
3107 }
3108#endif /* CONFIG_P2P */
3109
6fc6879b
JM		 3110 if (wpa_s->drv_priv)
3111 wpa_drv_deinit(wpa_s);
2523ff6e
DS		 3112
3113 if (notify)
3114 wpas_notify_iface_removed(wpa_s);
f0811516
DS		 3115
3116 if (terminate)
3117 wpa_msg(wpa_s, MSG_INFO, WPA_EVENT_TERMINATING);
3118
3119 if (wpa_s->ctrl_iface) {
3120 wpa_supplicant_ctrl_iface_deinit(wpa_s->ctrl_iface);
3121 wpa_s->ctrl_iface = NULL;
3122 }
3123
3124 if (wpa_s->conf != NULL) {
3125 wpa_config_free(wpa_s->conf);
3126 wpa_s->conf = NULL;
3127 }
18e00b5e
JM		 3128
3129 os_free(wpa_s);
6fc6879b
JM		 3130}
3131
3132
3133/**
3134 * wpa_supplicant_add_iface - Add a new network interface
3135 * @global: Pointer to global data from wpa_supplicant_init()
3136 * @iface: Interface configuration options
3137 * Returns: Pointer to the created interface or %NULL on failure
3138 *
3139 * This function is used to add new network interfaces for %wpa_supplicant.
3140 * This can be called before wpa_supplicant_run() to add interfaces before the
3141 * main event loop has been started. In addition, new interfaces can be added
3142 * dynamically while %wpa_supplicant is already running. This could happen,
3143 * e.g., when a hotplug network adapter is inserted.
3144 */
3145struct wpa_supplicant * wpa_supplicant_add_iface(struct wpa_global *global,
3146 struct wpa_interface *iface)
3147{
3148 struct wpa_supplicant *wpa_s;
d27df100 3149 struct wpa_interface t_iface;
8e56d189 3150 struct wpa_ssid *ssid;
6fc6879b
JM		 3151
3152 if (global == NULL || iface == NULL)
3153 return NULL;
3154
3155 wpa_s = wpa_supplicant_alloc();
3156 if (wpa_s == NULL)
3157 return NULL;
3158
d8222ae3
JM		 3159 wpa_s->global = global;
3160
d27df100
JM		 3161 t_iface = *iface;
3162 if (global->params.override_driver) {
3163 wpa_printf(MSG_DEBUG, "Override interface parameter: driver "
3164 "('%s' -> '%s')",
3165 iface->driver, global->params.override_driver);
3166 t_iface.driver = global->params.override_driver;
3167 }
3168 if (global->params.override_ctrl_interface) {
3169 wpa_printf(MSG_DEBUG, "Override interface parameter: "
3170 "ctrl_interface ('%s' -> '%s')",
3171 iface->ctrl_interface,
3172 global->params.override_ctrl_interface);
3173 t_iface.ctrl_interface =
3174 global->params.override_ctrl_interface;
3175 }
3176 if (wpa_supplicant_init_iface(wpa_s, &t_iface)) {
6fc6879b
JM		 3177 wpa_printf(MSG_DEBUG, "Failed to add interface %s",
3178 iface->ifname);
df509539 3179 wpa_supplicant_deinit_iface(wpa_s, 0, 0);
6fc6879b
JM		 3180 return NULL;
3181 }
3182
dc461de4
WS		 3183 /* Notify the control interfaces about new iface */
3184 if (wpas_notify_iface_added(wpa_s)) {
df509539 3185 wpa_supplicant_deinit_iface(wpa_s, 1, 0);
6fc6879b
JM		 3186 return NULL;
3187 }
1bd3f426 3188
8e56d189
JM		 3189 for (ssid = wpa_s->conf->ssid; ssid; ssid = ssid->next)
3190 wpas_notify_network_added(wpa_s, ssid);
3191
6fc6879b
JM		 3192 wpa_s->next = global->ifaces;
3193 global->ifaces = wpa_s;
3194
f049052b 3195 wpa_dbg(wpa_s, MSG_DEBUG, "Added interface %s", wpa_s->ifname);
99218999 3196 wpa_supplicant_set_state(wpa_s, WPA_DISCONNECTED);
6fc6879b
JM		 3197
3198 return wpa_s;
3199}
3200
3201
3202/**
3203 * wpa_supplicant_remove_iface - Remove a network interface
3204 * @global: Pointer to global data from wpa_supplicant_init()
3205 * @wpa_s: Pointer to the network interface to be removed
3206 * Returns: 0 if interface was removed, -1 if interface was not found
3207 *
3208 * This function can be used to dynamically remove network interfaces from
3209 * %wpa_supplicant, e.g., when a hotplug network adapter is ejected. In
3210 * addition, this function is used to remove all remaining interfaces when
3211 * %wpa_supplicant is terminated.
3212 */
3213int wpa_supplicant_remove_iface(struct wpa_global *global,
df509539
DS		 3214 struct wpa_supplicant *wpa_s,
3215 int terminate)
6fc6879b
JM		 3216{
3217 struct wpa_supplicant *prev;
3218
3219 /* Remove interface from the global list of interfaces */
3220 prev = global->ifaces;
3221 if (prev == wpa_s) {
3222 global->ifaces = wpa_s->next;
3223 } else {
3224 while (prev && prev->next != wpa_s)
3225 prev = prev->next;
3226 if (prev == NULL)
3227 return -1;
3228 prev->next = wpa_s->next;
3229 }
3230
f049052b 3231 wpa_dbg(wpa_s, MSG_DEBUG, "Removing interface %s", wpa_s->ifname);
6fc6879b 3232
b22128ef
JM		 3233 if (global->p2p_group_formation == wpa_s)
3234 global->p2p_group_formation = NULL;
dbca75f8
JM		 3235 if (global->p2p_invite_group == wpa_s)
3236 global->p2p_invite_group = NULL;
df509539 3237 wpa_supplicant_deinit_iface(wpa_s, 1, terminate);
6fc6879b
JM		 3238
3239 return 0;
3240}
3241
3242
cf83fb0b
PS		 3243/**
3244 * wpa_supplicant_get_eap_mode - Get the current EAP mode
3245 * @wpa_s: Pointer to the network interface
3246 * Returns: Pointer to the eap mode or the string "UNKNOWN" if not found
3247 */
3248const char * wpa_supplicant_get_eap_mode(struct wpa_supplicant *wpa_s)
3249{
3250 const char *eapol_method;
3251
3252 if (wpa_key_mgmt_wpa_ieee8021x(wpa_s->key_mgmt) == 0 &&
3253 wpa_s->key_mgmt != WPA_KEY_MGMT_IEEE8021X_NO_WPA) {
3254 return "NO-EAP";
3255 }
3256
3257 eapol_method = eapol_sm_get_method_name(wpa_s->eapol);
3258 if (eapol_method == NULL)
3259 return "UNKNOWN-EAP";
3260
3261 return eapol_method;
3262}
3263
3264
6fc6879b
JM		 3265/**
3266 * wpa_supplicant_get_iface - Get a new network interface
3267 * @global: Pointer to global data from wpa_supplicant_init()
3268 * @ifname: Interface name
3269 * Returns: Pointer to the interface or %NULL if not found
3270 */
3271struct wpa_supplicant * wpa_supplicant_get_iface(struct wpa_global *global,
3272 const char *ifname)
3273{
3274 struct wpa_supplicant *wpa_s;
3275
3276 for (wpa_s = global->ifaces; wpa_s; wpa_s = wpa_s->next) {
3277 if (os_strcmp(wpa_s->ifname, ifname) == 0)
3278 return wpa_s;
3279 }
3280 return NULL;
3281}
3282
3283
50b16da1 3284#ifndef CONFIG_NO_WPA_MSG
4f1495ae
BG		 3285static const char * wpa_supplicant_msg_ifname_cb(void *ctx)
3286{
3287 struct wpa_supplicant *wpa_s = ctx;
3288 if (wpa_s == NULL)
3289 return NULL;
3290 return wpa_s->ifname;
3291}
50b16da1 3292#endif /* CONFIG_NO_WPA_MSG */
4f1495ae
BG		 3293
3294
6fc6879b
JM		 3295/**
3296 * wpa_supplicant_init - Initialize %wpa_supplicant
3297 * @params: Parameters for %wpa_supplicant
3298 * Returns: Pointer to global %wpa_supplicant data, or %NULL on failure
3299 *
3300 * This function is used to initialize %wpa_supplicant. After successful
3301 * initialization, the returned data pointer can be used to add and remove
3302 * network interfaces, and eventually, to deinitialize %wpa_supplicant.
3303 */
3304struct wpa_global * wpa_supplicant_init(struct wpa_params *params)
3305{
3306 struct wpa_global *global;
ac305589 3307 int ret, i;
6fc6879b
JM		 3308
3309 if (params == NULL)
3310 return NULL;
3311
39e7d718
JM		 3312#ifdef CONFIG_DRIVER_NDIS
3313 {
3314 void driver_ndis_init_ops(void);
3315 driver_ndis_init_ops();
3316 }
3317#endif /* CONFIG_DRIVER_NDIS */
3318
50b16da1 3319#ifndef CONFIG_NO_WPA_MSG
4f1495ae 3320 wpa_msg_register_ifname_cb(wpa_supplicant_msg_ifname_cb);
50b16da1 3321#endif /* CONFIG_NO_WPA_MSG */
4f1495ae 3322
6fc6879b 3323 wpa_debug_open_file(params->wpa_debug_file_path);
daa70d49
SL		 3324 if (params->wpa_debug_syslog)
3325 wpa_debug_open_syslog();
4f68895e
JB		 3326 if (params->wpa_debug_tracing) {
3327 ret = wpa_debug_open_linux_tracing();
3328 if (ret) {
3329 wpa_printf(MSG_ERROR,
3330 "Failed to enable trace logging");
3331 return NULL;
3332 }
3333 }
6fc6879b 3334
12760815 3335 ret = eap_register_methods();
6fc6879b
JM		 3336 if (ret) {
3337 wpa_printf(MSG_ERROR, "Failed to register EAP methods");
3338 if (ret == -2)
3339 wpa_printf(MSG_ERROR, "Two or more EAP methods used "
3340 "the same EAP type.");
3341 return NULL;
3342 }
3343
3344 global = os_zalloc(sizeof(*global));
3345 if (global == NULL)
3346 return NULL;
b22128ef
JM		 3347 dl_list_init(&global->p2p_srv_bonjour);
3348 dl_list_init(&global->p2p_srv_upnp);
6fc6879b
JM		 3349 global->params.daemonize = params->daemonize;
3350 global->params.wait_for_monitor = params->wait_for_monitor;
3351 global->params.dbus_ctrl_interface = params->dbus_ctrl_interface;
3352 if (params->pid_file)
3353 global->params.pid_file = os_strdup(params->pid_file);
3354 if (params->ctrl_interface)
3355 global->params.ctrl_interface =
3356 os_strdup(params->ctrl_interface);
29257565
JM		 3357 if (params->ctrl_interface_group)
3358 global->params.ctrl_interface_group =
3359 os_strdup(params->ctrl_interface_group);
d27df100
JM		 3360 if (params->override_driver)
3361 global->params.override_driver =
3362 os_strdup(params->override_driver);
3363 if (params->override_ctrl_interface)
3364 global->params.override_ctrl_interface =
3365 os_strdup(params->override_ctrl_interface);
6fc6879b
JM		 3366 wpa_debug_level = global->params.wpa_debug_level =
3367 params->wpa_debug_level;
3368 wpa_debug_show_keys = global->params.wpa_debug_show_keys =
3369 params->wpa_debug_show_keys;
3370 wpa_debug_timestamp = global->params.wpa_debug_timestamp =
3371 params->wpa_debug_timestamp;
3372
f19858f5
JM		 3373 wpa_printf(MSG_DEBUG, "wpa_supplicant v" VERSION_STR);
3374
0456ea16 3375 if (eloop_init()) {
6fc6879b
JM		 3376 wpa_printf(MSG_ERROR, "Failed to initialize event loop");
3377 wpa_supplicant_deinit(global);
3378 return NULL;
3379 }
3380
38e24575 3381 random_init(params->entropy_file);
d47fa330 3382
6fc6879b
JM		 3383 global->ctrl_iface = wpa_supplicant_global_ctrl_iface_init(global);
3384 if (global->ctrl_iface == NULL) {
3385 wpa_supplicant_deinit(global);
3386 return NULL;
3387 }
3388
dc461de4
WS		 3389 if (wpas_notify_supplicant_initialized(global)) {
3390 wpa_supplicant_deinit(global);
3391 return NULL;
6fc6879b
JM		 3392 }
3393
c5121837 3394 for (i = 0; wpa_drivers[i]; i++)
ac305589
JM		 3395 global->drv_count++;
3396 if (global->drv_count == 0) {
3397 wpa_printf(MSG_ERROR, "No drivers enabled");
3398 wpa_supplicant_deinit(global);
3399 return NULL;
3400 }
3401 global->drv_priv = os_zalloc(global->drv_count * sizeof(void *));
3402 if (global->drv_priv == NULL) {
3403 wpa_supplicant_deinit(global);
3404 return NULL;
3405 }
ac305589 3406
9675ce35
JM		 3407#ifdef CONFIG_WIFI_DISPLAY
3408 if (wifi_display_init(global) < 0) {
3409 wpa_printf(MSG_ERROR, "Failed to initialize Wi-Fi Display");
3410 wpa_supplicant_deinit(global);
3411 return NULL;
3412 }
3413#endif /* CONFIG_WIFI_DISPLAY */
3414
6fc6879b
JM		 3415 return global;
3416}
3417
3418
3419/**
3420 * wpa_supplicant_run - Run the %wpa_supplicant main event loop
3421 * @global: Pointer to global data from wpa_supplicant_init()
3422 * Returns: 0 after successful event loop run, -1 on failure
3423 *
3424 * This function starts the main event loop and continues running as long as
3425 * there are any remaining events. In most cases, this function is running as
3426 * long as the %wpa_supplicant process in still in use.
3427 */
3428int wpa_supplicant_run(struct wpa_global *global)
3429{
3430 struct wpa_supplicant *wpa_s;
3431
3432 if (global->params.daemonize &&
3433 wpa_supplicant_daemon(global->params.pid_file))
3434 return -1;
3435
3436 if (global->params.wait_for_monitor) {
3437 for (wpa_s = global->ifaces; wpa_s; wpa_s = wpa_s->next)
3438 if (wpa_s->ctrl_iface)
3439 wpa_supplicant_ctrl_iface_wait(
3440 wpa_s->ctrl_iface);
3441 }
3442
0456ea16
JM		 3443 eloop_register_signal_terminate(wpa_supplicant_terminate, global);
3444 eloop_register_signal_reconfig(wpa_supplicant_reconfig, global);
6fc6879b
JM		 3445
3446 eloop_run();
3447
3448 return 0;
3449}
3450
3451
3452/**
3453 * wpa_supplicant_deinit - Deinitialize %wpa_supplicant
3454 * @global: Pointer to global data from wpa_supplicant_init()
3455 *
3456 * This function is called to deinitialize %wpa_supplicant and to free all
3457 * allocated resources. Remaining network interfaces will also be removed.
3458 */
3459void wpa_supplicant_deinit(struct wpa_global *global)
3460{
ac305589
JM		 3461 int i;
3462
6fc6879b
JM		 3463 if (global == NULL)
3464 return;
3465
9675ce35
JM		 3466#ifdef CONFIG_WIFI_DISPLAY
3467 wifi_display_deinit(global);
3468#endif /* CONFIG_WIFI_DISPLAY */
b22128ef 3469
6fc6879b 3470 while (global->ifaces)
df509539 3471 wpa_supplicant_remove_iface(global, global->ifaces, 1);
6fc6879b
JM		 3472
3473 if (global->ctrl_iface)
3474 wpa_supplicant_global_ctrl_iface_deinit(global->ctrl_iface);
dc461de4
WS		 3475
3476 wpas_notify_supplicant_deinitialized(global);
6fc6879b
JM		 3477
3478 eap_peer_unregister_methods();
3ec97afe
JM		 3479#ifdef CONFIG_AP
3480 eap_server_unregister_methods();
3481#endif /* CONFIG_AP */
6fc6879b 3482
c5121837 3483 for (i = 0; wpa_drivers[i] && global->drv_priv; i++) {
ac305589
JM		 3484 if (!global->drv_priv[i])
3485 continue;
c5121837 3486 wpa_drivers[i]->global_deinit(global->drv_priv[i]);
ac305589
JM		 3487 }
3488 os_free(global->drv_priv);
3489
d47fa330
JM		 3490 random_deinit();
3491
6fc6879b
JM		 3492 eloop_destroy();
3493
3494 if (global->params.pid_file) {
3495 os_daemonize_terminate(global->params.pid_file);
3496 os_free(global->params.pid_file);
3497 }
3498 os_free(global->params.ctrl_interface);
29257565 3499 os_free(global->params.ctrl_interface_group);
d27df100
JM		 3500 os_free(global->params.override_driver);
3501 os_free(global->params.override_ctrl_interface);
6fc6879b 3502
af8a827b 3503 os_free(global->p2p_disallow_freq.range);
01a57fe4 3504 os_free(global->add_psk);
6f3bc72b 3505
6fc6879b 3506 os_free(global);
daa70d49 3507 wpa_debug_close_syslog();
6fc6879b 3508 wpa_debug_close_file();
4f68895e 3509 wpa_debug_close_linux_tracing();
6fc6879b 3510}
611aea7d
JM		 3511
3512
3513void wpa_supplicant_update_config(struct wpa_supplicant *wpa_s)
3514{
849b5dc7
JM		 3515 if ((wpa_s->conf->changed_parameters & CFG_CHANGED_COUNTRY) &&
3516 wpa_s->conf->country[0] && wpa_s->conf->country[1]) {
3517 char country[3];
3518 country[0] = wpa_s->conf->country[0];
3519 country[1] = wpa_s->conf->country[1];
3520 country[2] = '\0';
3521 if (wpa_drv_set_country(wpa_s, country) < 0) {
3522 wpa_printf(MSG_ERROR, "Failed to set country code "
3523 "'%s'", country);
3524 }
3525 }
3526
306ae225
JM		 3527 if (wpa_s->conf->changed_parameters & CFG_CHANGED_EXT_PW_BACKEND)
3528 wpas_init_ext_pw(wpa_s);
3529
611aea7d
JM		 3530#ifdef CONFIG_WPS
3531 wpas_wps_update_config(wpa_s);
3532#endif /* CONFIG_WPS */
3533
b22128ef
JM		 3534#ifdef CONFIG_P2P
3535 wpas_p2p_update_config(wpa_s);
3536#endif /* CONFIG_P2P */
3537
611aea7d
JM		 3538 wpa_s->conf->changed_parameters = 0;
3539}
2f9c6aa6
JM		 3540
3541
0fb337c1
JM		 3542static void add_freq(int *freqs, int *num_freqs, int freq)
3543{
3544 int i;
3545
3546 for (i = 0; i < *num_freqs; i++) {
3547 if (freqs[i] == freq)
3548 return;
3549 }
3550
3551 freqs[*num_freqs] = freq;
3552 (*num_freqs)++;
3553}
3554
3555
3556static int * get_bss_freqs_in_ess(struct wpa_supplicant *wpa_s)
3557{
3558 struct wpa_bss *bss, *cbss;
3559 const int max_freqs = 10;
3560 int *freqs;
3561 int num_freqs = 0;
3562
3563 freqs = os_zalloc(sizeof(int) * (max_freqs + 1));
3564 if (freqs == NULL)
3565 return NULL;
3566
3567 cbss = wpa_s->current_bss;
3568
3569 dl_list_for_each(bss, &wpa_s->bss, struct wpa_bss, list) {
3570 if (bss == cbss)
3571 continue;
3572 if (bss->ssid_len == cbss->ssid_len &&
3573 os_memcmp(bss->ssid, cbss->ssid, bss->ssid_len) == 0 &&
3574 wpa_blacklist_get(wpa_s, bss->bssid) == NULL) {
3575 add_freq(freqs, &num_freqs, bss->freq);
3576 if (num_freqs == max_freqs)
3577 break;
3578 }
3579 }
3580
3581 if (num_freqs == 0) {
3582 os_free(freqs);
3583 freqs = NULL;
3584 }
3585
3586 return freqs;
3587}
3588
3589
3590void wpas_connection_failed(struct wpa_supplicant *wpa_s, const u8 *bssid)
3591{
3592 int timeout;
3593 int count;
3594 int *freqs = NULL;
3595
5fd9fb27
JM		 3596 /*
3597 * Remove possible authentication timeout since the connection failed.
3598 */
3599 eloop_cancel_timeout(wpa_supplicant_timeout, wpa_s, NULL);
3600
0cdb93fe
JM		 3601 if (wpa_s->disconnected) {
3602 /*
3603 * There is no point in blacklisting the AP if this event is
3604 * generated based on local request to disconnect.
3605 */
3606 wpa_dbg(wpa_s, MSG_DEBUG, "Ignore connection failure "
3607 "indication since interface has been put into "
3608 "disconnected state");
3609 return;
3610 }
3611
0fb337c1
JM		 3612 /*
3613 * Add the failed BSSID into the blacklist and speed up next scan
3614 * attempt if there could be other APs that could accept association.
3615 * The current blacklist count indicates how many times we have tried
3616 * connecting to this AP and multiple attempts mean that other APs are
3617 * either not available or has already been tried, so that we can start
3618 * increasing the delay here to avoid constant scanning.
3619 */
3620 count = wpa_blacklist_add(wpa_s, bssid);
3621 if (count == 1 && wpa_s->current_bss) {
3622 /*
3623 * This BSS was not in the blacklist before. If there is
3624 * another BSS available for the same ESS, we should try that
3625 * next. Otherwise, we may as well try this one once more
3626 * before allowing other, likely worse, ESSes to be considered.
3627 */
3628 freqs = get_bss_freqs_in_ess(wpa_s);
3629 if (freqs) {
f049052b
BG		 3630 wpa_dbg(wpa_s, MSG_DEBUG, "Another BSS in this ESS "
3631 "has been seen; try it next");
0fb337c1
JM		 3632 wpa_blacklist_add(wpa_s, bssid);
3633 /*
3634 * On the next scan, go through only the known channels
3635 * used in this ESS based on previous scans to speed up
3636 * common load balancing use case.
3637 */
3638 os_free(wpa_s->next_scan_freqs);
3639 wpa_s->next_scan_freqs = freqs;
3640 }
3641 }
3642
f1a52633
JM		 3643 /*
3644 * Add previous failure count in case the temporary blacklist was
3645 * cleared due to no other BSSes being available.
3646 */
3647 count += wpa_s->extra_blacklist_count;
3648
dd579704
JM		 3649 if (count > 3 && wpa_s->current_ssid) {
3650 wpa_printf(MSG_DEBUG, "Continuous association failures - "
3651 "consider temporary network disabling");
3652 wpas_auth_failed(wpa_s);
3653 }
3654
0fb337c1
JM		 3655 switch (count) {
3656 case 1:
3657 timeout = 100;
3658 break;
3659 case 2:
3660 timeout = 500;
3661 break;
3662 case 3:
3663 timeout = 1000;
3664 break;
f1a52633 3665 case 4:
0fb337c1 3666 timeout = 5000;
f1a52633
JM		 3667 break;
3668 default:
3669 timeout = 10000;
3670 break;
0fb337c1
JM		 3671 }
3672
f1a52633
JM		 3673 wpa_dbg(wpa_s, MSG_DEBUG, "Blacklist count %d --> request scan in %d "
3674 "ms", count, timeout);
3675
0fb337c1
JM		 3676 /*
3677 * TODO: if more than one possible AP is available in scan results,
3678 * could try the other ones before requesting a new scan.
3679 */
3680 wpa_supplicant_req_scan(wpa_s, timeout / 1000,
3681 1000 * (timeout % 1000));
99fcd404 3682
f85f545e 3683 wpas_p2p_continue_after_scan(wpa_s);
0fb337c1 3684}
22628eca
JM		 3685
3686
3687int wpas_driver_bss_selection(struct wpa_supplicant *wpa_s)
3688{
3689 return wpa_s->conf->ap_scan == 2 ||
3690 (wpa_s->drv_flags & WPA_DRIVER_FLAGS_BSS_SELECTION);
3691}
d2118814
JM		 3692
3693
3694#if defined(CONFIG_CTRL_IFACE) || defined(CONFIG_CTRL_IFACE_DBUS_NEW)
3695int wpa_supplicant_ctrl_iface_ctrl_rsp_handle(struct wpa_supplicant *wpa_s,
3696 struct wpa_ssid *ssid,
3697 const char *field,
3698 const char *value)
3699{
3700#ifdef IEEE8021X_EAPOL
3701 struct eap_peer_config *eap = &ssid->eap;
3702
3703 wpa_printf(MSG_DEBUG, "CTRL_IFACE: response handle field=%s", field);
3704 wpa_hexdump_ascii_key(MSG_DEBUG, "CTRL_IFACE: response value",
3705 (const u8 *) value, os_strlen(value));
3706
3707 switch (wpa_supplicant_ctrl_req_from_string(field)) {
3708 case WPA_CTRL_REQ_EAP_IDENTITY:
3709 os_free(eap->identity);
3710 eap->identity = (u8 *) os_strdup(value);
3711 eap->identity_len = os_strlen(value);
3712 eap->pending_req_identity = 0;
3713 if (ssid == wpa_s->current_ssid)
3714 wpa_s->reassociate = 1;
3715 break;
3716 case WPA_CTRL_REQ_EAP_PASSWORD:
3717 os_free(eap->password);
3718 eap->password = (u8 *) os_strdup(value);
3719 eap->password_len = os_strlen(value);
3720 eap->pending_req_password = 0;
3721 if (ssid == wpa_s->current_ssid)
3722 wpa_s->reassociate = 1;
3723 break;
3724 case WPA_CTRL_REQ_EAP_NEW_PASSWORD:
3725 os_free(eap->new_password);
3726 eap->new_password = (u8 *) os_strdup(value);
3727 eap->new_password_len = os_strlen(value);
3728 eap->pending_req_new_password = 0;
3729 if (ssid == wpa_s->current_ssid)
3730 wpa_s->reassociate = 1;
3731 break;
3732 case WPA_CTRL_REQ_EAP_PIN:
3733 os_free(eap->pin);
3734 eap->pin = os_strdup(value);
3735 eap->pending_req_pin = 0;
3736 if (ssid == wpa_s->current_ssid)
3737 wpa_s->reassociate = 1;
3738 break;
3739 case WPA_CTRL_REQ_EAP_OTP:
3740 os_free(eap->otp);
3741 eap->otp = (u8 *) os_strdup(value);
3742 eap->otp_len = os_strlen(value);
3743 os_free(eap->pending_req_otp);
3744 eap->pending_req_otp = NULL;
3745 eap->pending_req_otp_len = 0;
3746 break;
3747 case WPA_CTRL_REQ_EAP_PASSPHRASE:
3748 os_free(eap->private_key_passwd);
3749 eap->private_key_passwd = (u8 *) os_strdup(value);
3750 eap->pending_req_passphrase = 0;
3751 if (ssid == wpa_s->current_ssid)
3752 wpa_s->reassociate = 1;
3753 break;
a5d44ac0
JM		 3754 case WPA_CTRL_REQ_SIM:
3755 os_free(eap->external_sim_resp);
3756 eap->external_sim_resp = os_strdup(value);
3757 break;
d2118814
JM		 3758 default:
3759 wpa_printf(MSG_DEBUG, "CTRL_IFACE: Unknown field '%s'", field);
3760 return -1;
3761 }
3762
3763 return 0;
3764#else /* IEEE8021X_EAPOL */
3765 wpa_printf(MSG_DEBUG, "CTRL_IFACE: IEEE 802.1X not included");
3766 return -1;
3767#endif /* IEEE8021X_EAPOL */
3768}
3769#endif /* CONFIG_CTRL_IFACE || CONFIG_CTRL_IFACE_DBUS_NEW */
349493bd
JM		 3770
3771
3772int wpas_network_disabled(struct wpa_supplicant *wpa_s, struct wpa_ssid *ssid)
3773{
3774 int i;
3775 unsigned int drv_enc;
3776
3777 if (ssid == NULL)
3778 return 1;
3779
3780 if (ssid->disabled)
3781 return 1;
3782
3783 if (wpa_s && wpa_s->drv_capa_known)
3784 drv_enc = wpa_s->drv_enc;
3785 else
3786 drv_enc = (unsigned int) -1;
3787
3788 for (i = 0; i < NUM_WEP_KEYS; i++) {
3789 size_t len = ssid->wep_key_len[i];
3790 if (len == 0)
3791 continue;
3792 if (len == 5 && (drv_enc & WPA_DRIVER_CAPA_ENC_WEP40))
3793 continue;
3794 if (len == 13 && (drv_enc & WPA_DRIVER_CAPA_ENC_WEP104))
3795 continue;
3796 if (len == 16 && (drv_enc & WPA_DRIVER_CAPA_ENC_WEP128))
3797 continue;
3798 return 1; /* invalid WEP key */
3799 }
3800
9173b16f
JM		 3801 if (wpa_key_mgmt_wpa_psk(ssid->key_mgmt) && !ssid->psk_set &&
3802 !ssid->ext_psk)
2518aad3
JM		 3803 return 1;
3804
349493bd
JM		 3805 return 0;
3806}
b9cfc09a
JJ		 3807
3808
3809int wpas_is_p2p_prioritized(struct wpa_supplicant *wpa_s)
3810{
3811 if (wpa_s->global->conc_pref == WPA_CONC_PREF_P2P)
3812 return 1;
3813 if (wpa_s->global->conc_pref == WPA_CONC_PREF_STA)
3814 return 0;
3815 return -1;
3816}
00e5e3d5
JM		 3817
3818
3819void wpas_auth_failed(struct wpa_supplicant *wpa_s)
3820{
3821 struct wpa_ssid *ssid = wpa_s->current_ssid;
3822 int dur;
3823 struct os_time now;
3824
3825 if (ssid == NULL) {
3826 wpa_printf(MSG_DEBUG, "Authentication failure but no known "
3827 "SSID block");
3828 return;
3829 }
3830
3831 if (ssid->key_mgmt == WPA_KEY_MGMT_WPS)
3832 return;
3833
3834 ssid->auth_failures++;
cbf41ca7
SL		 3835
3836#ifdef CONFIG_P2P
3837 if (ssid->p2p_group &&
3838 (wpa_s->p2p_in_provisioning || wpa_s->show_group_started)) {
3839 /*
3840 * Skip the wait time since there is a short timeout on the
3841 * connection to a P2P group.
3842 */
3843 return;
3844 }
3845#endif /* CONFIG_P2P */
3846
00e5e3d5
JM		 3847 if (ssid->auth_failures > 50)
3848 dur = 300;
3849 else if (ssid->auth_failures > 20)
3850 dur = 120;
3851 else if (ssid->auth_failures > 10)
3852 dur = 60;
3853 else if (ssid->auth_failures > 5)
3854 dur = 30;
3855 else if (ssid->auth_failures > 1)
3856 dur = 20;
3857 else
3858 dur = 10;
3859
3860 os_get_time(&now);
3861 if (now.sec + dur <= ssid->disabled_until.sec)
3862 return;
3863
3864 ssid->disabled_until.sec = now.sec + dur;
3865
3866 wpa_msg(wpa_s, MSG_INFO, WPA_EVENT_TEMP_DISABLED
3867 "id=%d ssid=\"%s\" auth_failures=%u duration=%d",
3868 ssid->id, wpa_ssid_txt(ssid->ssid, ssid->ssid_len),
3869 ssid->auth_failures, dur);
3870}
3871
3872
3873void wpas_clear_temp_disabled(struct wpa_supplicant *wpa_s,
3874 struct wpa_ssid *ssid, int clear_failures)
3875{
3876 if (ssid == NULL)
3877 return;
3878
3879 if (ssid->disabled_until.sec) {
3880 wpa_msg(wpa_s, MSG_INFO, WPA_EVENT_REENABLED
3881 "id=%d ssid=\"%s\"",
3882 ssid->id, wpa_ssid_txt(ssid->ssid, ssid->ssid_len));
3883 }
3884 ssid->disabled_until.sec = 0;
3885 ssid->disabled_until.usec = 0;
3886 if (clear_failures)
3887 ssid->auth_failures = 0;
3888}
6407f413
JM		 3889
3890
3891int disallowed_bssid(struct wpa_supplicant *wpa_s, const u8 *bssid)
3892{
3893 size_t i;
3894
3895 if (wpa_s->disallow_aps_bssid == NULL)
3896 return 0;
3897
3898 for (i = 0; i < wpa_s->disallow_aps_bssid_count; i++) {
3899 if (os_memcmp(wpa_s->disallow_aps_bssid + i * ETH_ALEN,
3900 bssid, ETH_ALEN) == 0)
3901 return 1;
3902 }
3903
3904 return 0;
3905}
3906
3907
3908int disallowed_ssid(struct wpa_supplicant *wpa_s, const u8 *ssid,
3909 size_t ssid_len)
3910{
3911 size_t i;
3912
3913 if (wpa_s->disallow_aps_ssid == NULL || ssid == NULL)
3914 return 0;
3915
3916 for (i = 0; i < wpa_s->disallow_aps_ssid_count; i++) {
3917 struct wpa_ssid_value *s = &wpa_s->disallow_aps_ssid[i];
3918 if (ssid_len == s->ssid_len &&
3919 os_memcmp(ssid, s->ssid, ssid_len) == 0)
3920 return 1;
3921 }
3922
3923 return 0;
3924}
9796a86c
JM		 3925
3926
3927/**
3928 * wpas_request_connection - Request a new connection
3929 * @wpa_s: Pointer to the network interface
3930 *
3931 * This function is used to request a new connection to be found. It will mark
3932 * the interface to allow reassociation and request a new scan to find a
3933 * suitable network to connect to.
3934 */
3935void wpas_request_connection(struct wpa_supplicant *wpa_s)
3936{
3937 wpa_s->normal_scans = 0;
3938 wpa_supplicant_reinit_autoscan(wpa_s);
3939 wpa_s->extra_blacklist_count = 0;
3940 wpa_s->disconnected = 0;
3941 wpa_s->reassociate = 1;
5e24beae
MH		 3942
3943 if (wpa_supplicant_fast_associate(wpa_s) != 1)
3944 wpa_supplicant_req_scan(wpa_s, 0, 0);
9796a86c 3945}
36b9883d
DG		 3946
3947
c3775143
KP		 3948static int wpas_conn_in_progress(struct wpa_supplicant *wpa_s)
3949{
3950 return wpa_s->wpa_state >= WPA_AUTHENTICATING &&
3951 wpa_s->wpa_state != WPA_COMPLETED;
3952}
3953
3954
36b9883d
DG		 3955/**
3956 * wpas_wpa_is_in_progress - Check whether a connection is in progress
3957 * @wpa_s: Pointer to wpa_supplicant data
c3775143 3958 * @include_current: Whether to consider specified interface
36b9883d
DG		 3959 *
3960 * This function is to check if the wpa state is in beginning of the connection
3961 * during 4-way handshake or group key handshake with WPA on any shared
3962 * interface.
3963 */
c3775143 3964int wpas_wpa_is_in_progress(struct wpa_supplicant *wpa_s, int include_current)
36b9883d
DG		 3965{
3966 const char *rn, *rn2;
3967 struct wpa_supplicant *ifs;
3968
c3775143
KP		 3969 if (!wpa_s->driver->get_radio_name) {
3970 if (include_current && wpas_conn_in_progress(wpa_s)) {
3971 wpa_dbg(wpa_s, MSG_DEBUG, "Connection is in progress on interface %s - defer",
3972 wpa_s->ifname);
3973 return 1;
3974 }
3975
36b9883d 3976 return 0;
c3775143 3977 }
36b9883d
DG		 3978
3979 rn = wpa_s->driver->get_radio_name(wpa_s->drv_priv);
3980 if (rn == NULL || rn[0] == '\0')
3981 return 0;
3982
3983 for (ifs = wpa_s->global->ifaces; ifs; ifs = ifs->next) {
c3775143
KP		 3984 if (!include_current && ifs == wpa_s)
3985 continue;
3986 if (!ifs->driver->get_radio_name)
36b9883d
DG		 3987 continue;
3988
3989 rn2 = ifs->driver->get_radio_name(ifs->drv_priv);
3990 if (!rn2 || os_strcmp(rn, rn2) != 0)
3991 continue;
c3775143 3992 if (wpas_conn_in_progress(ifs)) {
36b9883d 3993 wpa_dbg(wpa_s, MSG_DEBUG, "Connection is in progress "
c3775143 3994 "on interface %s - defer", ifs->ifname);
36b9883d
DG		 3995 return 1;
3996 }
3997 }
3998
3999 return 0;
4000}
53c5dfc2
IP		 4001
4002
4003/*
4004 * Find the operating frequencies of any of the virtual interfaces that
4005 * are using the same radio as the current interface.
4006 */
4007int get_shared_radio_freqs(struct wpa_supplicant *wpa_s,
4008 int *freq_array, unsigned int len)
4009{
4010 const char *rn, *rn2;
4011 struct wpa_supplicant *ifs;
4012 u8 bssid[ETH_ALEN];
4013 int freq;
4014 unsigned int idx = 0, i;
4015
4016 os_memset(freq_array, 0, sizeof(int) * len);
4017
4018 /* First add the frequency of the local interface */
4019 if (wpa_s->current_ssid != NULL && wpa_s->assoc_freq != 0) {
4020 if (wpa_s->current_ssid->mode == WPAS_MODE_AP ||
4021 wpa_s->current_ssid->mode == WPAS_MODE_P2P_GO)
4022 freq_array[idx++] = wpa_s->current_ssid->frequency;
4023 else if (wpa_drv_get_bssid(wpa_s, bssid) == 0)
4024 freq_array[idx++] = wpa_s->assoc_freq;
4025 }
4026
4027 /* If get_radio_name is not supported, use only the local freq */
a21816a9
JM		 4028 if (!wpa_s->driver->get_radio_name) {
4029 freq = wpa_drv_shared_freq(wpa_s);
4030 if (freq > 0 && idx < len &&
4031 (idx == 0 || freq_array[0] != freq))
4032 freq_array[idx++] = freq;
53c5dfc2 4033 return idx;
a21816a9 4034 }
53c5dfc2
IP		 4035
4036 rn = wpa_s->driver->get_radio_name(wpa_s->drv_priv);
4037 if (rn == NULL || rn[0] == '\0')
4038 return idx;
4039
4040 for (ifs = wpa_s->global->ifaces, idx = 0; ifs && idx < len;
4041 ifs = ifs->next) {
4042 if (wpa_s == ifs || !ifs->driver->get_radio_name)
4043 continue;
4044
4045 rn2 = ifs->driver->get_radio_name(ifs->drv_priv);
4046 if (!rn2 || os_strcmp(rn, rn2) != 0)
4047 continue;
4048
4049 if (ifs->current_ssid == NULL || ifs->assoc_freq == 0)
4050 continue;
4051
4052 if (ifs->current_ssid->mode == WPAS_MODE_AP ||
4053 ifs->current_ssid->mode == WPAS_MODE_P2P_GO)
4054 freq = ifs->current_ssid->frequency;
4055 else if (wpa_drv_get_bssid(ifs, bssid) == 0)
4056 freq = ifs->assoc_freq;
4057 else
4058 continue;
4059
4060 /* Hold only distinct freqs */
4061 for (i = 0; i < idx; i++)
4062 if (freq_array[i] == freq)
4063 break;
4064
4065 if (i == idx)
4066 freq_array[idx++] = freq;
4067 }
4068 return idx;
4069}
Unnamed repository; edit this file 'description' to name the repository.