]> git.ipfire.org Git - thirdparty/hostap.git/blob - wpa_supplicant/wpa_supplicant.c
projects / thirdparty / hostap.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
DPP2: PFS for PTK derivation
[thirdparty/hostap.git] / wpa_supplicant / wpa_supplicant.c
1 /*
2 * WPA Supplicant
3 * Copyright (c) 2003-2019, Jouni Malinen <j@w1.fi>
4 *
5 * This software may be distributed under the terms of the BSD license.
6 * See README for more details.
7 *
8 * This file implements functions for registering and unregistering
9 * %wpa_supplicant interfaces. In addition, this file contains number of
10 * functions for managing network connections.
11 */
12
13 #include "includes.h"
14 #ifdef CONFIG_MATCH_IFACE
15 #include <net/if.h>
16 #include <fnmatch.h>
17 #endif /* CONFIG_MATCH_IFACE */
18
19 #include "common.h"
20 #include "crypto/random.h"
21 #include "crypto/sha1.h"
22 #include "eapol_supp/eapol_supp_sm.h"
23 #include "eap_peer/eap.h"
24 #include "eap_peer/eap_proxy.h"
25 #include "eap_server/eap_methods.h"
26 #include "rsn_supp/wpa.h"
27 #include "eloop.h"
28 #include "config.h"
29 #include "utils/ext_password.h"
30 #include "l2_packet/l2_packet.h"
31 #include "wpa_supplicant_i.h"
32 #include "driver_i.h"
33 #include "ctrl_iface.h"
34 #include "pcsc_funcs.h"
35 #include "common/version.h"
36 #include "rsn_supp/preauth.h"
37 #include "rsn_supp/pmksa_cache.h"
38 #include "common/wpa_ctrl.h"
39 #include "common/ieee802_11_defs.h"
40 #include "common/hw_features_common.h"
41 #include "common/gas_server.h"
42 #include "common/dpp.h"
43 #include "p2p/p2p.h"
44 #include "fst/fst.h"
45 #include "blacklist.h"
46 #include "wpas_glue.h"
47 #include "wps_supplicant.h"
48 #include "ibss_rsn.h"
49 #include "sme.h"
50 #include "gas_query.h"
51 #include "ap.h"
52 #include "p2p_supplicant.h"
53 #include "wifi_display.h"
54 #include "notify.h"
55 #include "bgscan.h"
56 #include "autoscan.h"
57 #include "bss.h"
58 #include "scan.h"
59 #include "offchannel.h"
60 #include "hs20_supplicant.h"
61 #include "wnm_sta.h"
62 #include "wpas_kay.h"
63 #include "mesh.h"
64 #include "dpp_supplicant.h"
65 #ifdef CONFIG_MESH
66 #include "ap/ap_config.h"
67 #include "ap/hostapd.h"
68 #endif /* CONFIG_MESH */
69
70 const char *const wpa_supplicant_version =
71 "wpa_supplicant v" VERSION_STR "\n"
72 "Copyright (c) 2003-2019, Jouni Malinen <j@w1.fi> and contributors";
73
74 const char *const wpa_supplicant_license =
75 "This software may be distributed under the terms of the BSD license.\n"
76 "See README for more details.\n"
77 #ifdef EAP_TLS_OPENSSL
78 "\nThis product includes software developed by the OpenSSL Project\n"
79 "for use in the OpenSSL Toolkit (http://www.openssl.org/)\n"
80 #endif /* EAP_TLS_OPENSSL */
81 ;
82
83 #ifndef CONFIG_NO_STDOUT_DEBUG
84 /* Long text divided into parts in order to fit in C89 strings size limits. */
85 const char *const wpa_supplicant_full_license1 =
86 "";
87 const char *const wpa_supplicant_full_license2 =
88 "This software may be distributed under the terms of the BSD license.\n"
89 "\n"
90 "Redistribution and use in source and binary forms, with or without\n"
91 "modification, are permitted provided that the following conditions are\n"
92 "met:\n"
93 "\n";
94 const char *const wpa_supplicant_full_license3 =
95 "1. Redistributions of source code must retain the above copyright\n"
96 " notice, this list of conditions and the following disclaimer.\n"
97 "\n"
98 "2. Redistributions in binary form must reproduce the above copyright\n"
99 " notice, this list of conditions and the following disclaimer in the\n"
100 " documentation and/or other materials provided with the distribution.\n"
101 "\n";
102 const char *const wpa_supplicant_full_license4 =
103 "3. Neither the name(s) of the above-listed copyright holder(s) nor the\n"
104 " names of its contributors may be used to endorse or promote products\n"
105 " derived from this software without specific prior written permission.\n"
106 "\n"
107 "THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS\n"
108 "\"AS IS\" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT\n"
109 "LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR\n"
110 "A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT\n";
111 const char *const wpa_supplicant_full_license5 =
112 "OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,\n"
113 "SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT\n"
114 "LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,\n"
115 "DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY\n"
116 "THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT\n"
117 "(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE\n"
118 "OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n"
119 "\n";
120 #endif /* CONFIG_NO_STDOUT_DEBUG */
121
122
123 static void wpa_bss_tmp_disallow_timeout(void *eloop_ctx, void *timeout_ctx);
124 #if defined(CONFIG_FILS) && defined(IEEE8021X_EAPOL)
125 static void wpas_update_fils_connect_params(struct wpa_supplicant *wpa_s);
126 #endif /* CONFIG_FILS && IEEE8021X_EAPOL */
127
128
129 /* Configure default/group WEP keys for static WEP */
130 int wpa_set_wep_keys(struct wpa_supplicant *wpa_s, struct wpa_ssid *ssid)
131 {
132 int i, set = 0;
133
134 for (i = 0; i < NUM_WEP_KEYS; i++) {
135 if (ssid->wep_key_len[i] == 0)
136 continue;
137
138 set = 1;
139 wpa_drv_set_key(wpa_s, WPA_ALG_WEP, NULL,
140 i, i == ssid->wep_tx_keyidx, NULL, 0,
141 ssid->wep_key[i], ssid->wep_key_len[i]);
142 }
143
144 return set;
145 }
146
147
148 int wpa_supplicant_set_wpa_none_key(struct wpa_supplicant *wpa_s,
149 struct wpa_ssid *ssid)
150 {
151 u8 key[32];
152 size_t keylen;
153 enum wpa_alg alg;
154 u8 seq[6] = { 0 };
155 int ret;
156
157 /* IBSS/WPA-None uses only one key (Group) for both receiving and
158 * sending unicast and multicast packets. */
159
160 if (ssid->mode != WPAS_MODE_IBSS) {
161 wpa_msg(wpa_s, MSG_INFO, "WPA: Invalid mode %d (not "
162 "IBSS/ad-hoc) for WPA-None", ssid->mode);
163 return -1;
164 }
165
166 if (!ssid->psk_set) {
167 wpa_msg(wpa_s, MSG_INFO, "WPA: No PSK configured for "
168 "WPA-None");
169 return -1;
170 }
171
172 switch (wpa_s->group_cipher) {
173 case WPA_CIPHER_CCMP:
174 os_memcpy(key, ssid->psk, 16);
175 keylen = 16;
176 alg = WPA_ALG_CCMP;
177 break;
178 case WPA_CIPHER_GCMP:
179 os_memcpy(key, ssid->psk, 16);
180 keylen = 16;
181 alg = WPA_ALG_GCMP;
182 break;
183 case WPA_CIPHER_TKIP:
184 /* WPA-None uses the same Michael MIC key for both TX and RX */
185 os_memcpy(key, ssid->psk, 16 + 8);
186 os_memcpy(key + 16 + 8, ssid->psk + 16, 8);
187 keylen = 32;
188 alg = WPA_ALG_TKIP;
189 break;
190 default:
191 wpa_msg(wpa_s, MSG_INFO, "WPA: Invalid group cipher %d for "
192 "WPA-None", wpa_s->group_cipher);
193 return -1;
194 }
195
196 /* TODO: should actually remember the previously used seq#, both for TX
197 * and RX from each STA.. */
198
199 ret = wpa_drv_set_key(wpa_s, alg, NULL, 0, 1, seq, 6, key, keylen);
200 os_memset(key, 0, sizeof(key));
201 return ret;
202 }
203
204
205 static void wpa_supplicant_timeout(void *eloop_ctx, void *timeout_ctx)
206 {
207 struct wpa_supplicant *wpa_s = eloop_ctx;
208 const u8 *bssid = wpa_s->bssid;
209 if (!is_zero_ether_addr(wpa_s->pending_bssid) &&
210 (wpa_s->wpa_state == WPA_AUTHENTICATING ||
211 wpa_s->wpa_state == WPA_ASSOCIATING))
212 bssid = wpa_s->pending_bssid;
213 wpa_msg(wpa_s, MSG_INFO, "Authentication with " MACSTR " timed out.",
214 MAC2STR(bssid));
215 wpa_blacklist_add(wpa_s, bssid);
216 wpa_sm_notify_disassoc(wpa_s->wpa);
217 wpa_supplicant_deauthenticate(wpa_s, WLAN_REASON_DEAUTH_LEAVING);
218 wpa_s->reassociate = 1;
219
220 /*
221 * If we timed out, the AP or the local radio may be busy.
222 * So, wait a second until scanning again.
223 */
224 wpa_supplicant_req_scan(wpa_s, 1, 0);
225 }
226
227
228 /**
229 * wpa_supplicant_req_auth_timeout - Schedule a timeout for authentication
230 * @wpa_s: Pointer to wpa_supplicant data
231 * @sec: Number of seconds after which to time out authentication
232 * @usec: Number of microseconds after which to time out authentication
233 *
234 * This function is used to schedule a timeout for the current authentication
235 * attempt.
236 */
237 void wpa_supplicant_req_auth_timeout(struct wpa_supplicant *wpa_s,
238 int sec, int usec)
239 {
240 if (wpa_s->conf->ap_scan == 0 &&
241 (wpa_s->drv_flags & WPA_DRIVER_FLAGS_WIRED))
242 return;
243
244 wpa_dbg(wpa_s, MSG_DEBUG, "Setting authentication timeout: %d sec "
245 "%d usec", sec, usec);
246 eloop_cancel_timeout(wpa_supplicant_timeout, wpa_s, NULL);
247 wpa_s->last_auth_timeout_sec = sec;
248 eloop_register_timeout(sec, usec, wpa_supplicant_timeout, wpa_s, NULL);
249 }
250
251
252 /*
253 * wpas_auth_timeout_restart - Restart and change timeout for authentication
254 * @wpa_s: Pointer to wpa_supplicant data
255 * @sec_diff: difference in seconds applied to original timeout value
256 */
257 void wpas_auth_timeout_restart(struct wpa_supplicant *wpa_s, int sec_diff)
258 {
259 int new_sec = wpa_s->last_auth_timeout_sec + sec_diff;
260
261 if (eloop_is_timeout_registered(wpa_supplicant_timeout, wpa_s, NULL)) {
262 wpa_dbg(wpa_s, MSG_DEBUG,
263 "Authentication timeout restart: %d sec", new_sec);
264 eloop_cancel_timeout(wpa_supplicant_timeout, wpa_s, NULL);
265 eloop_register_timeout(new_sec, 0, wpa_supplicant_timeout,
266 wpa_s, NULL);
267 }
268 }
269
270
271 /**
272 * wpa_supplicant_cancel_auth_timeout - Cancel authentication timeout
273 * @wpa_s: Pointer to wpa_supplicant data
274 *
275 * This function is used to cancel authentication timeout scheduled with
276 * wpa_supplicant_req_auth_timeout() and it is called when authentication has
277 * been completed.
278 */
279 void wpa_supplicant_cancel_auth_timeout(struct wpa_supplicant *wpa_s)
280 {
281 wpa_dbg(wpa_s, MSG_DEBUG, "Cancelling authentication timeout");
282 eloop_cancel_timeout(wpa_supplicant_timeout, wpa_s, NULL);
283 wpa_blacklist_del(wpa_s, wpa_s->bssid);
284 os_free(wpa_s->last_con_fail_realm);
285 wpa_s->last_con_fail_realm = NULL;
286 wpa_s->last_con_fail_realm_len = 0;
287 }
288
289
290 /**
291 * wpa_supplicant_initiate_eapol - Configure EAPOL state machine
292 * @wpa_s: Pointer to wpa_supplicant data
293 *
294 * This function is used to configure EAPOL state machine based on the selected
295 * authentication mode.
296 */
297 void wpa_supplicant_initiate_eapol(struct wpa_supplicant *wpa_s)
298 {
299 #ifdef IEEE8021X_EAPOL
300 struct eapol_config eapol_conf;
301 struct wpa_ssid *ssid = wpa_s->current_ssid;
302
303 #ifdef CONFIG_IBSS_RSN
304 if (ssid->mode == WPAS_MODE_IBSS &&
305 wpa_s->key_mgmt != WPA_KEY_MGMT_NONE &&
306 wpa_s->key_mgmt != WPA_KEY_MGMT_WPA_NONE) {
307 /*
308 * RSN IBSS authentication is per-STA and we can disable the
309 * per-BSSID EAPOL authentication.
310 */
311 eapol_sm_notify_portControl(wpa_s->eapol, ForceAuthorized);
312 eapol_sm_notify_eap_success(wpa_s->eapol, TRUE);
313 eapol_sm_notify_eap_fail(wpa_s->eapol, FALSE);
314 return;
315 }
316 #endif /* CONFIG_IBSS_RSN */
317
318 eapol_sm_notify_eap_success(wpa_s->eapol, FALSE);
319 eapol_sm_notify_eap_fail(wpa_s->eapol, FALSE);
320
321 if (wpa_s->key_mgmt == WPA_KEY_MGMT_NONE ||
322 wpa_s->key_mgmt == WPA_KEY_MGMT_WPA_NONE)
323 eapol_sm_notify_portControl(wpa_s->eapol, ForceAuthorized);
324 else
325 eapol_sm_notify_portControl(wpa_s->eapol, Auto);
326
327 os_memset(&eapol_conf, 0, sizeof(eapol_conf));
328 if (wpa_s->key_mgmt == WPA_KEY_MGMT_IEEE8021X_NO_WPA) {
329 eapol_conf.accept_802_1x_keys = 1;
330 eapol_conf.required_keys = 0;
331 if (ssid->eapol_flags & EAPOL_FLAG_REQUIRE_KEY_UNICAST) {
332 eapol_conf.required_keys |= EAPOL_REQUIRE_KEY_UNICAST;
333 }
334 if (ssid->eapol_flags & EAPOL_FLAG_REQUIRE_KEY_BROADCAST) {
335 eapol_conf.required_keys |=
336 EAPOL_REQUIRE_KEY_BROADCAST;
337 }
338
339 if (wpa_s->drv_flags & WPA_DRIVER_FLAGS_WIRED)
340 eapol_conf.required_keys = 0;
341 }
342 eapol_conf.fast_reauth = wpa_s->conf->fast_reauth;
343 eapol_conf.workaround = ssid->eap_workaround;
344 eapol_conf.eap_disabled =
345 !wpa_key_mgmt_wpa_ieee8021x(wpa_s->key_mgmt) &&
346 wpa_s->key_mgmt != WPA_KEY_MGMT_IEEE8021X_NO_WPA &&
347 wpa_s->key_mgmt != WPA_KEY_MGMT_WPS;
348 eapol_conf.external_sim = wpa_s->conf->external_sim;
349
350 #ifdef CONFIG_WPS
351 if (wpa_s->key_mgmt == WPA_KEY_MGMT_WPS) {
352 eapol_conf.wps |= EAPOL_LOCAL_WPS_IN_USE;
353 if (wpa_s->current_bss) {
354 struct wpabuf *ie;
355 ie = wpa_bss_get_vendor_ie_multi(wpa_s->current_bss,
356 WPS_IE_VENDOR_TYPE);
357 if (ie) {
358 if (wps_is_20(ie))
359 eapol_conf.wps |=
360 EAPOL_PEER_IS_WPS20_AP;
361 wpabuf_free(ie);
362 }
363 }
364 }
365 #endif /* CONFIG_WPS */
366
367 eapol_sm_notify_config(wpa_s->eapol, &ssid->eap, &eapol_conf);
368
369 #ifdef CONFIG_MACSEC
370 if (wpa_s->key_mgmt == WPA_KEY_MGMT_NONE && ssid->mka_psk_set)
371 ieee802_1x_create_preshared_mka(wpa_s, ssid);
372 else
373 ieee802_1x_alloc_kay_sm(wpa_s, ssid);
374 #endif /* CONFIG_MACSEC */
375 #endif /* IEEE8021X_EAPOL */
376 }
377
378
379 /**
380 * wpa_supplicant_set_non_wpa_policy - Set WPA parameters to non-WPA mode
381 * @wpa_s: Pointer to wpa_supplicant data
382 * @ssid: Configuration data for the network
383 *
384 * This function is used to configure WPA state machine and related parameters
385 * to a mode where WPA is not enabled. This is called as part of the
386 * authentication configuration when the selected network does not use WPA.
387 */
388 void wpa_supplicant_set_non_wpa_policy(struct wpa_supplicant *wpa_s,
389 struct wpa_ssid *ssid)
390 {
391 int i;
392
393 if (ssid->key_mgmt & WPA_KEY_MGMT_WPS)
394 wpa_s->key_mgmt = WPA_KEY_MGMT_WPS;
395 else if (ssid->key_mgmt & WPA_KEY_MGMT_IEEE8021X_NO_WPA)
396 wpa_s->key_mgmt = WPA_KEY_MGMT_IEEE8021X_NO_WPA;
397 else
398 wpa_s->key_mgmt = WPA_KEY_MGMT_NONE;
399 wpa_sm_set_ap_wpa_ie(wpa_s->wpa, NULL, 0);
400 wpa_sm_set_ap_rsn_ie(wpa_s->wpa, NULL, 0);
401 wpa_sm_set_assoc_wpa_ie(wpa_s->wpa, NULL, 0);
402 wpa_s->pairwise_cipher = WPA_CIPHER_NONE;
403 wpa_s->group_cipher = WPA_CIPHER_NONE;
404 wpa_s->mgmt_group_cipher = 0;
405
406 for (i = 0; i < NUM_WEP_KEYS; i++) {
407 if (ssid->wep_key_len[i] > 5) {
408 wpa_s->pairwise_cipher = WPA_CIPHER_WEP104;
409 wpa_s->group_cipher = WPA_CIPHER_WEP104;
410 break;
411 } else if (ssid->wep_key_len[i] > 0) {
412 wpa_s->pairwise_cipher = WPA_CIPHER_WEP40;
413 wpa_s->group_cipher = WPA_CIPHER_WEP40;
414 break;
415 }
416 }
417
418 wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_RSN_ENABLED, 0);
419 wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_KEY_MGMT, wpa_s->key_mgmt);
420 wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_PAIRWISE,
421 wpa_s->pairwise_cipher);
422 wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_GROUP, wpa_s->group_cipher);
423 #ifdef CONFIG_IEEE80211W
424 wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_MGMT_GROUP,
425 wpa_s->mgmt_group_cipher);
426 #endif /* CONFIG_IEEE80211W */
427
428 pmksa_cache_clear_current(wpa_s->wpa);
429 }
430
431
432 void free_hw_features(struct wpa_supplicant *wpa_s)
433 {
434 int i;
435 if (wpa_s->hw.modes == NULL)
436 return;
437
438 for (i = 0; i < wpa_s->hw.num_modes; i++) {
439 os_free(wpa_s->hw.modes[i].channels);
440 os_free(wpa_s->hw.modes[i].rates);
441 }
442
443 os_free(wpa_s->hw.modes);
444 wpa_s->hw.modes = NULL;
445 }
446
447
448 void free_bss_tmp_disallowed(struct wpa_supplicant *wpa_s)
449 {
450 struct wpa_bss_tmp_disallowed *bss, *prev;
451
452 dl_list_for_each_safe(bss, prev, &wpa_s->bss_tmp_disallowed,
453 struct wpa_bss_tmp_disallowed, list) {
454 eloop_cancel_timeout(wpa_bss_tmp_disallow_timeout, wpa_s, bss);
455 dl_list_del(&bss->list);
456 os_free(bss);
457 }
458 }
459
460
461 void wpas_flush_fils_hlp_req(struct wpa_supplicant *wpa_s)
462 {
463 struct fils_hlp_req *req;
464
465 while ((req = dl_list_first(&wpa_s->fils_hlp_req, struct fils_hlp_req,
466 list)) != NULL) {
467 dl_list_del(&req->list);
468 wpabuf_free(req->pkt);
469 os_free(req);
470 }
471 }
472
473
474 static void wpa_supplicant_cleanup(struct wpa_supplicant *wpa_s)
475 {
476 int i;
477
478 bgscan_deinit(wpa_s);
479 autoscan_deinit(wpa_s);
480 scard_deinit(wpa_s->scard);
481 wpa_s->scard = NULL;
482 wpa_sm_set_scard_ctx(wpa_s->wpa, NULL);
483 eapol_sm_register_scard_ctx(wpa_s->eapol, NULL);
484 l2_packet_deinit(wpa_s->l2);
485 wpa_s->l2 = NULL;
486 if (wpa_s->l2_br) {
487 l2_packet_deinit(wpa_s->l2_br);
488 wpa_s->l2_br = NULL;
489 }
490 #ifdef CONFIG_TESTING_OPTIONS
491 l2_packet_deinit(wpa_s->l2_test);
492 wpa_s->l2_test = NULL;
493 os_free(wpa_s->get_pref_freq_list_override);
494 wpa_s->get_pref_freq_list_override = NULL;
495 wpabuf_free(wpa_s->last_assoc_req_wpa_ie);
496 wpa_s->last_assoc_req_wpa_ie = NULL;
497 #endif /* CONFIG_TESTING_OPTIONS */
498
499 if (wpa_s->conf != NULL) {
500 struct wpa_ssid *ssid;
501 for (ssid = wpa_s->conf->ssid; ssid; ssid = ssid->next)
502 wpas_notify_network_removed(wpa_s, ssid);
503 }
504
505 os_free(wpa_s->confname);
506 wpa_s->confname = NULL;
507
508 os_free(wpa_s->confanother);
509 wpa_s->confanother = NULL;
510
511 os_free(wpa_s->last_con_fail_realm);
512 wpa_s->last_con_fail_realm = NULL;
513 wpa_s->last_con_fail_realm_len = 0;
514
515 wpa_sm_set_eapol(wpa_s->wpa, NULL);
516 eapol_sm_deinit(wpa_s->eapol);
517 wpa_s->eapol = NULL;
518
519 rsn_preauth_deinit(wpa_s->wpa);
520
521 #ifdef CONFIG_TDLS
522 wpa_tdls_deinit(wpa_s->wpa);
523 #endif /* CONFIG_TDLS */
524
525 wmm_ac_clear_saved_tspecs(wpa_s);
526 pmksa_candidate_free(wpa_s->wpa);
527 wpa_sm_deinit(wpa_s->wpa);
528 wpa_s->wpa = NULL;
529 wpa_blacklist_clear(wpa_s);
530
531 wpa_bss_deinit(wpa_s);
532
533 wpa_supplicant_cancel_delayed_sched_scan(wpa_s);
534 wpa_supplicant_cancel_scan(wpa_s);
535 wpa_supplicant_cancel_auth_timeout(wpa_s);
536 eloop_cancel_timeout(wpa_supplicant_stop_countermeasures, wpa_s, NULL);
537 #ifdef CONFIG_DELAYED_MIC_ERROR_REPORT
538 eloop_cancel_timeout(wpa_supplicant_delayed_mic_error_report,
539 wpa_s, NULL);
540 #endif /* CONFIG_DELAYED_MIC_ERROR_REPORT */
541
542 eloop_cancel_timeout(wpas_network_reenabled, wpa_s, NULL);
543
544 wpas_wps_deinit(wpa_s);
545
546 wpabuf_free(wpa_s->pending_eapol_rx);
547 wpa_s->pending_eapol_rx = NULL;
548
549 #ifdef CONFIG_IBSS_RSN
550 ibss_rsn_deinit(wpa_s->ibss_rsn);
551 wpa_s->ibss_rsn = NULL;
552 #endif /* CONFIG_IBSS_RSN */
553
554 sme_deinit(wpa_s);
555
556 #ifdef CONFIG_AP
557 wpa_supplicant_ap_deinit(wpa_s);
558 #endif /* CONFIG_AP */
559
560 wpas_p2p_deinit(wpa_s);
561
562 #ifdef CONFIG_OFFCHANNEL
563 offchannel_deinit(wpa_s);
564 #endif /* CONFIG_OFFCHANNEL */
565
566 wpa_supplicant_cancel_sched_scan(wpa_s);
567
568 os_free(wpa_s->next_scan_freqs);
569 wpa_s->next_scan_freqs = NULL;
570
571 os_free(wpa_s->manual_scan_freqs);
572 wpa_s->manual_scan_freqs = NULL;
573 os_free(wpa_s->select_network_scan_freqs);
574 wpa_s->select_network_scan_freqs = NULL;
575
576 os_free(wpa_s->manual_sched_scan_freqs);
577 wpa_s->manual_sched_scan_freqs = NULL;
578
579 wpas_mac_addr_rand_scan_clear(wpa_s, MAC_ADDR_RAND_ALL);
580
581 /*
582 * Need to remove any pending gas-query radio work before the
583 * gas_query_deinit() call because gas_query::work has not yet been set
584 * for works that have not been started. gas_query_free() will be unable
585 * to cancel such pending radio works and once the pending gas-query
586 * radio work eventually gets removed, the deinit notification call to
587 * gas_query_start_cb() would result in dereferencing freed memory.
588 */
589 if (wpa_s->radio)
590 radio_remove_works(wpa_s, "gas-query", 0);
591 gas_query_deinit(wpa_s->gas);
592 wpa_s->gas = NULL;
593 gas_server_deinit(wpa_s->gas_server);
594 wpa_s->gas_server = NULL;
595
596 free_hw_features(wpa_s);
597
598 ieee802_1x_dealloc_kay_sm(wpa_s);
599
600 os_free(wpa_s->bssid_filter);
601 wpa_s->bssid_filter = NULL;
602
603 os_free(wpa_s->disallow_aps_bssid);
604 wpa_s->disallow_aps_bssid = NULL;
605 os_free(wpa_s->disallow_aps_ssid);
606 wpa_s->disallow_aps_ssid = NULL;
607
608 wnm_bss_keep_alive_deinit(wpa_s);
609 #ifdef CONFIG_WNM
610 wnm_deallocate_memory(wpa_s);
611 #endif /* CONFIG_WNM */
612
613 ext_password_deinit(wpa_s->ext_pw);
614 wpa_s->ext_pw = NULL;
615
616 wpabuf_free(wpa_s->last_gas_resp);
617 wpa_s->last_gas_resp = NULL;
618 wpabuf_free(wpa_s->prev_gas_resp);
619 wpa_s->prev_gas_resp = NULL;
620
621 os_free(wpa_s->last_scan_res);
622 wpa_s->last_scan_res = NULL;
623
624 #ifdef CONFIG_HS20
625 if (wpa_s->drv_priv)
626 wpa_drv_configure_frame_filters(wpa_s, 0);
627 hs20_deinit(wpa_s);
628 #endif /* CONFIG_HS20 */
629
630 for (i = 0; i < NUM_VENDOR_ELEM_FRAMES; i++) {
631 wpabuf_free(wpa_s->vendor_elem[i]);
632 wpa_s->vendor_elem[i] = NULL;
633 }
634
635 wmm_ac_notify_disassoc(wpa_s);
636
637 wpa_s->sched_scan_plans_num = 0;
638 os_free(wpa_s->sched_scan_plans);
639 wpa_s->sched_scan_plans = NULL;
640
641 #ifdef CONFIG_MBO
642 wpa_s->non_pref_chan_num = 0;
643 os_free(wpa_s->non_pref_chan);
644 wpa_s->non_pref_chan = NULL;
645 #endif /* CONFIG_MBO */
646
647 free_bss_tmp_disallowed(wpa_s);
648
649 wpabuf_free(wpa_s->lci);
650 wpa_s->lci = NULL;
651 wpas_clear_beacon_rep_data(wpa_s);
652
653 #ifdef CONFIG_PMKSA_CACHE_EXTERNAL
654 #ifdef CONFIG_MESH
655 {
656 struct external_pmksa_cache *entry;
657
658 while ((entry = dl_list_last(&wpa_s->mesh_external_pmksa_cache,
659 struct external_pmksa_cache,
660 list)) != NULL) {
661 dl_list_del(&entry->list);
662 os_free(entry->pmksa_cache);
663 os_free(entry);
664 }
665 }
666 #endif /* CONFIG_MESH */
667 #endif /* CONFIG_PMKSA_CACHE_EXTERNAL */
668
669 wpas_flush_fils_hlp_req(wpa_s);
670
671 wpabuf_free(wpa_s->ric_ies);
672 wpa_s->ric_ies = NULL;
673
674 #ifdef CONFIG_DPP
675 wpas_dpp_deinit(wpa_s);
676 #endif /* CONFIG_DPP */
677 }
678
679
680 /**
681 * wpa_clear_keys - Clear keys configured for the driver
682 * @wpa_s: Pointer to wpa_supplicant data
683 * @addr: Previously used BSSID or %NULL if not available
684 *
685 * This function clears the encryption keys that has been previously configured
686 * for the driver.
687 */
688 void wpa_clear_keys(struct wpa_supplicant *wpa_s, const u8 *addr)
689 {
690 int i, max;
691
692 #ifdef CONFIG_IEEE80211W
693 max = 6;
694 #else /* CONFIG_IEEE80211W */
695 max = 4;
696 #endif /* CONFIG_IEEE80211W */
697
698 /* MLME-DELETEKEYS.request */
699 for (i = 0; i < max; i++) {
700 if (wpa_s->keys_cleared & BIT(i))
701 continue;
702 wpa_drv_set_key(wpa_s, WPA_ALG_NONE, NULL, i, 0, NULL, 0,
703 NULL, 0);
704 }
705 if (!(wpa_s->keys_cleared & BIT(0)) && addr &&
706 !is_zero_ether_addr(addr)) {
707 wpa_drv_set_key(wpa_s, WPA_ALG_NONE, addr, 0, 0, NULL, 0, NULL,
708 0);
709 /* MLME-SETPROTECTION.request(None) */
710 wpa_drv_mlme_setprotection(
711 wpa_s, addr,
712 MLME_SETPROTECTION_PROTECT_TYPE_NONE,
713 MLME_SETPROTECTION_KEY_TYPE_PAIRWISE);
714 }
715 wpa_s->keys_cleared = (u32) -1;
716 }
717
718
719 /**
720 * wpa_supplicant_state_txt - Get the connection state name as a text string
721 * @state: State (wpa_state; WPA_*)
722 * Returns: The state name as a printable text string
723 */
724 const char * wpa_supplicant_state_txt(enum wpa_states state)
725 {
726 switch (state) {
727 case WPA_DISCONNECTED:
728 return "DISCONNECTED";
729 case WPA_INACTIVE:
730 return "INACTIVE";
731 case WPA_INTERFACE_DISABLED:
732 return "INTERFACE_DISABLED";
733 case WPA_SCANNING:
734 return "SCANNING";
735 case WPA_AUTHENTICATING:
736 return "AUTHENTICATING";
737 case WPA_ASSOCIATING:
738 return "ASSOCIATING";
739 case WPA_ASSOCIATED:
740 return "ASSOCIATED";
741 case WPA_4WAY_HANDSHAKE:
742 return "4WAY_HANDSHAKE";
743 case WPA_GROUP_HANDSHAKE:
744 return "GROUP_HANDSHAKE";
745 case WPA_COMPLETED:
746 return "COMPLETED";
747 default:
748 return "UNKNOWN";
749 }
750 }
751
752
753 #ifdef CONFIG_BGSCAN
754
755 static void wpa_supplicant_start_bgscan(struct wpa_supplicant *wpa_s)
756 {
757 const char *name;
758
759 if (wpa_s->current_ssid && wpa_s->current_ssid->bgscan)
760 name = wpa_s->current_ssid->bgscan;
761 else
762 name = wpa_s->conf->bgscan;
763 if (name == NULL || name[0] == '\0')
764 return;
765 if (wpas_driver_bss_selection(wpa_s))
766 return;
767 if (wpa_s->current_ssid == wpa_s->bgscan_ssid)
768 return;
769 #ifdef CONFIG_P2P
770 if (wpa_s->p2p_group_interface != NOT_P2P_GROUP_INTERFACE)
771 return;
772 #endif /* CONFIG_P2P */
773
774 bgscan_deinit(wpa_s);
775 if (wpa_s->current_ssid) {
776 if (bgscan_init(wpa_s, wpa_s->current_ssid, name)) {
777 wpa_dbg(wpa_s, MSG_DEBUG, "Failed to initialize "
778 "bgscan");
779 /*
780 * Live without bgscan; it is only used as a roaming
781 * optimization, so the initial connection is not
782 * affected.
783 */
784 } else {
785 struct wpa_scan_results *scan_res;
786 wpa_s->bgscan_ssid = wpa_s->current_ssid;
787 scan_res = wpa_supplicant_get_scan_results(wpa_s, NULL,
788 0);
789 if (scan_res) {
790 bgscan_notify_scan(wpa_s, scan_res);
791 wpa_scan_results_free(scan_res);
792 }
793 }
794 } else
795 wpa_s->bgscan_ssid = NULL;
796 }
797
798
799 static void wpa_supplicant_stop_bgscan(struct wpa_supplicant *wpa_s)
800 {
801 if (wpa_s->bgscan_ssid != NULL) {
802 bgscan_deinit(wpa_s);
803 wpa_s->bgscan_ssid = NULL;
804 }
805 }
806
807 #endif /* CONFIG_BGSCAN */
808
809
810 static void wpa_supplicant_start_autoscan(struct wpa_supplicant *wpa_s)
811 {
812 if (autoscan_init(wpa_s, 0))
813 wpa_dbg(wpa_s, MSG_DEBUG, "Failed to initialize autoscan");
814 }
815
816
817 static void wpa_supplicant_stop_autoscan(struct wpa_supplicant *wpa_s)
818 {
819 autoscan_deinit(wpa_s);
820 }
821
822
823 void wpa_supplicant_reinit_autoscan(struct wpa_supplicant *wpa_s)
824 {
825 if (wpa_s->wpa_state == WPA_DISCONNECTED ||
826 wpa_s->wpa_state == WPA_SCANNING) {
827 autoscan_deinit(wpa_s);
828 wpa_supplicant_start_autoscan(wpa_s);
829 }
830 }
831
832
833 /**
834 * wpa_supplicant_set_state - Set current connection state
835 * @wpa_s: Pointer to wpa_supplicant data
836 * @state: The new connection state
837 *
838 * This function is called whenever the connection state changes, e.g.,
839 * association is completed for WPA/WPA2 4-Way Handshake is started.
840 */
841 void wpa_supplicant_set_state(struct wpa_supplicant *wpa_s,
842 enum wpa_states state)
843 {
844 enum wpa_states old_state = wpa_s->wpa_state;
845
846 wpa_dbg(wpa_s, MSG_DEBUG, "State: %s -> %s",
847 wpa_supplicant_state_txt(wpa_s->wpa_state),
848 wpa_supplicant_state_txt(state));
849
850 if (state == WPA_COMPLETED &&
851 os_reltime_initialized(&wpa_s->roam_start)) {
852 os_reltime_age(&wpa_s->roam_start, &wpa_s->roam_time);
853 wpa_s->roam_start.sec = 0;
854 wpa_s->roam_start.usec = 0;
855 wpas_notify_auth_changed(wpa_s);
856 wpas_notify_roam_time(wpa_s);
857 wpas_notify_roam_complete(wpa_s);
858 } else if (state == WPA_DISCONNECTED &&
859 os_reltime_initialized(&wpa_s->roam_start)) {
860 wpa_s->roam_start.sec = 0;
861 wpa_s->roam_start.usec = 0;
862 wpa_s->roam_time.sec = 0;
863 wpa_s->roam_time.usec = 0;
864 wpas_notify_roam_complete(wpa_s);
865 }
866
867 if (state == WPA_INTERFACE_DISABLED) {
868 /* Assure normal scan when interface is restored */
869 wpa_s->normal_scans = 0;
870 }
871
872 if (state == WPA_COMPLETED) {
873 wpas_connect_work_done(wpa_s);
874 /* Reinitialize normal_scan counter */
875 wpa_s->normal_scans = 0;
876 }
877
878 #ifdef CONFIG_P2P
879 /*
880 * P2PS client has to reply to Probe Request frames received on the
881 * group operating channel. Enable Probe Request frame reporting for
882 * P2P connected client in case p2p_cli_probe configuration property is
883 * set to 1.
884 */
885 if (wpa_s->conf->p2p_cli_probe && wpa_s->current_ssid &&
886 wpa_s->current_ssid->mode == WPAS_MODE_INFRA &&
887 wpa_s->current_ssid->p2p_group) {
888 if (state == WPA_COMPLETED && !wpa_s->p2p_cli_probe) {
889 wpa_dbg(wpa_s, MSG_DEBUG,
890 "P2P: Enable CLI Probe Request RX reporting");
891 wpa_s->p2p_cli_probe =
892 wpa_drv_probe_req_report(wpa_s, 1) >= 0;
893 } else if (state != WPA_COMPLETED && wpa_s->p2p_cli_probe) {
894 wpa_dbg(wpa_s, MSG_DEBUG,
895 "P2P: Disable CLI Probe Request RX reporting");
896 wpa_s->p2p_cli_probe = 0;
897 wpa_drv_probe_req_report(wpa_s, 0);
898 }
899 }
900 #endif /* CONFIG_P2P */
901
902 if (state != WPA_SCANNING)
903 wpa_supplicant_notify_scanning(wpa_s, 0);
904
905 if (state == WPA_COMPLETED && wpa_s->new_connection) {
906 struct wpa_ssid *ssid = wpa_s->current_ssid;
907 int fils_hlp_sent = 0;
908
909 #ifdef CONFIG_SME
910 if ((wpa_s->drv_flags & WPA_DRIVER_FLAGS_SME) &&
911 wpa_auth_alg_fils(wpa_s->sme.auth_alg))
912 fils_hlp_sent = 1;
913 #endif /* CONFIG_SME */
914 if (!(wpa_s->drv_flags & WPA_DRIVER_FLAGS_SME) &&
915 wpa_auth_alg_fils(wpa_s->auth_alg))
916 fils_hlp_sent = 1;
917
918 #if defined(CONFIG_CTRL_IFACE) || !defined(CONFIG_NO_STDOUT_DEBUG)
919 wpa_msg(wpa_s, MSG_INFO, WPA_EVENT_CONNECTED "- Connection to "
920 MACSTR " completed [id=%d id_str=%s%s]",
921 MAC2STR(wpa_s->bssid),
922 ssid ? ssid->id : -1,
923 ssid && ssid->id_str ? ssid->id_str : "",
924 fils_hlp_sent ? " FILS_HLP_SENT" : "");
925 #endif /* CONFIG_CTRL_IFACE || !CONFIG_NO_STDOUT_DEBUG */
926 wpas_clear_temp_disabled(wpa_s, ssid, 1);
927 wpa_blacklist_clear(wpa_s);
928 wpa_s->extra_blacklist_count = 0;
929 wpa_s->new_connection = 0;
930 wpa_drv_set_operstate(wpa_s, 1);
931 #ifndef IEEE8021X_EAPOL
932 wpa_drv_set_supp_port(wpa_s, 1);
933 #endif /* IEEE8021X_EAPOL */
934 wpa_s->after_wps = 0;
935 wpa_s->known_wps_freq = 0;
936 wpas_p2p_completed(wpa_s);
937
938 sme_sched_obss_scan(wpa_s, 1);
939
940 #if defined(CONFIG_FILS) && defined(IEEE8021X_EAPOL)
941 if (!fils_hlp_sent && ssid && ssid->eap.erp)
942 wpas_update_fils_connect_params(wpa_s);
943 #endif /* CONFIG_FILS && IEEE8021X_EAPOL */
944 } else if (state == WPA_DISCONNECTED || state == WPA_ASSOCIATING ||
945 state == WPA_ASSOCIATED) {
946 wpa_s->new_connection = 1;
947 wpa_drv_set_operstate(wpa_s, 0);
948 #ifndef IEEE8021X_EAPOL
949 wpa_drv_set_supp_port(wpa_s, 0);
950 #endif /* IEEE8021X_EAPOL */
951 sme_sched_obss_scan(wpa_s, 0);
952 }
953 wpa_s->wpa_state = state;
954
955 #ifdef CONFIG_BGSCAN
956 if (state == WPA_COMPLETED)
957 wpa_supplicant_start_bgscan(wpa_s);
958 else if (state < WPA_ASSOCIATED)
959 wpa_supplicant_stop_bgscan(wpa_s);
960 #endif /* CONFIG_BGSCAN */
961
962 if (state == WPA_AUTHENTICATING)
963 wpa_supplicant_stop_autoscan(wpa_s);
964
965 if (state == WPA_DISCONNECTED || state == WPA_INACTIVE)
966 wpa_supplicant_start_autoscan(wpa_s);
967
968 if (old_state >= WPA_ASSOCIATED && wpa_s->wpa_state < WPA_ASSOCIATED)
969 wmm_ac_notify_disassoc(wpa_s);
970
971 if (wpa_s->wpa_state != old_state) {
972 wpas_notify_state_changed(wpa_s, wpa_s->wpa_state, old_state);
973
974 /*
975 * Notify the P2P Device interface about a state change in one
976 * of the interfaces.
977 */
978 wpas_p2p_indicate_state_change(wpa_s);
979
980 if (wpa_s->wpa_state == WPA_COMPLETED ||
981 old_state == WPA_COMPLETED)
982 wpas_notify_auth_changed(wpa_s);
983 }
984 }
985
986
987 void wpa_supplicant_terminate_proc(struct wpa_global *global)
988 {
989 int pending = 0;
990 #ifdef CONFIG_WPS
991 struct wpa_supplicant *wpa_s = global->ifaces;
992 while (wpa_s) {
993 struct wpa_supplicant *next = wpa_s->next;
994 if (wpas_wps_terminate_pending(wpa_s) == 1)
995 pending = 1;
996 #ifdef CONFIG_P2P
997 if (wpa_s->p2p_group_interface != NOT_P2P_GROUP_INTERFACE ||
998 (wpa_s->current_ssid && wpa_s->current_ssid->p2p_group))
999 wpas_p2p_disconnect(wpa_s);
1000 #endif /* CONFIG_P2P */
1001 wpa_s = next;
1002 }
1003 #endif /* CONFIG_WPS */
1004 if (pending)
1005 return;
1006 eloop_terminate();
1007 }
1008
1009
1010 static void wpa_supplicant_terminate(int sig, void *signal_ctx)
1011 {
1012 struct wpa_global *global = signal_ctx;
1013 wpa_supplicant_terminate_proc(global);
1014 }
1015
1016
1017 void wpa_supplicant_clear_status(struct wpa_supplicant *wpa_s)
1018 {
1019 enum wpa_states old_state = wpa_s->wpa_state;
1020
1021 wpa_s->pairwise_cipher = 0;
1022 wpa_s->group_cipher = 0;
1023 wpa_s->mgmt_group_cipher = 0;
1024 wpa_s->key_mgmt = 0;
1025 if (wpa_s->wpa_state != WPA_INTERFACE_DISABLED)
1026 wpa_supplicant_set_state(wpa_s, WPA_DISCONNECTED);
1027
1028 if (wpa_s->wpa_state != old_state)
1029 wpas_notify_state_changed(wpa_s, wpa_s->wpa_state, old_state);
1030 }
1031
1032
1033 /**
1034 * wpa_supplicant_reload_configuration - Reload configuration data
1035 * @wpa_s: Pointer to wpa_supplicant data
1036 * Returns: 0 on success or -1 if configuration parsing failed
1037 *
1038 * This function can be used to request that the configuration data is reloaded
1039 * (e.g., after configuration file change). This function is reloading
1040 * configuration only for one interface, so this may need to be called multiple
1041 * times if %wpa_supplicant is controlling multiple interfaces and all
1042 * interfaces need reconfiguration.
1043 */
1044 int wpa_supplicant_reload_configuration(struct wpa_supplicant *wpa_s)
1045 {
1046 struct wpa_config *conf;
1047 int reconf_ctrl;
1048 int old_ap_scan;
1049
1050 if (wpa_s->confname == NULL)
1051 return -1;
1052 conf = wpa_config_read(wpa_s->confname, NULL);
1053 if (conf == NULL) {
1054 wpa_msg(wpa_s, MSG_ERROR, "Failed to parse the configuration "
1055 "file '%s' - exiting", wpa_s->confname);
1056 return -1;
1057 }
1058 if (wpa_s->confanother &&
1059 !wpa_config_read(wpa_s->confanother, conf)) {
1060 wpa_msg(wpa_s, MSG_ERROR,
1061 "Failed to parse the configuration file '%s' - exiting",
1062 wpa_s->confanother);
1063 return -1;
1064 }
1065
1066 conf->changed_parameters = (unsigned int) -1;
1067
1068 reconf_ctrl = !!conf->ctrl_interface != !!wpa_s->conf->ctrl_interface
1069 || (conf->ctrl_interface && wpa_s->conf->ctrl_interface &&
1070 os_strcmp(conf->ctrl_interface,
1071 wpa_s->conf->ctrl_interface) != 0);
1072
1073 if (reconf_ctrl && wpa_s->ctrl_iface) {
1074 wpa_supplicant_ctrl_iface_deinit(wpa_s->ctrl_iface);
1075 wpa_s->ctrl_iface = NULL;
1076 }
1077
1078 eapol_sm_invalidate_cached_session(wpa_s->eapol);
1079 if (wpa_s->current_ssid) {
1080 if (wpa_s->wpa_state >= WPA_AUTHENTICATING)
1081 wpa_s->own_disconnect_req = 1;
1082 wpa_supplicant_deauthenticate(wpa_s,
1083 WLAN_REASON_DEAUTH_LEAVING);
1084 }
1085
1086 /*
1087 * TODO: should notify EAPOL SM about changes in opensc_engine_path,
1088 * pkcs11_engine_path, pkcs11_module_path, openssl_ciphers.
1089 */
1090 if (wpa_key_mgmt_wpa_psk(wpa_s->key_mgmt) ||
1091 wpa_s->key_mgmt == WPA_KEY_MGMT_OWE ||
1092 wpa_s->key_mgmt == WPA_KEY_MGMT_DPP) {
1093 /*
1094 * Clear forced success to clear EAP state for next
1095 * authentication.
1096 */
1097 eapol_sm_notify_eap_success(wpa_s->eapol, FALSE);
1098 }
1099 eapol_sm_notify_config(wpa_s->eapol, NULL, NULL);
1100 wpa_sm_set_config(wpa_s->wpa, NULL);
1101 wpa_sm_pmksa_cache_flush(wpa_s->wpa, NULL);
1102 wpa_sm_set_fast_reauth(wpa_s->wpa, wpa_s->conf->fast_reauth);
1103 rsn_preauth_deinit(wpa_s->wpa);
1104
1105 old_ap_scan = wpa_s->conf->ap_scan;
1106 wpa_config_free(wpa_s->conf);
1107 wpa_s->conf = conf;
1108 if (old_ap_scan != wpa_s->conf->ap_scan)
1109 wpas_notify_ap_scan_changed(wpa_s);
1110
1111 if (reconf_ctrl)
1112 wpa_s->ctrl_iface = wpa_supplicant_ctrl_iface_init(wpa_s);
1113
1114 wpa_supplicant_update_config(wpa_s);
1115
1116 wpa_supplicant_clear_status(wpa_s);
1117 if (wpa_supplicant_enabled_networks(wpa_s)) {
1118 wpa_s->reassociate = 1;
1119 wpa_supplicant_req_scan(wpa_s, 0, 0);
1120 }
1121 wpa_dbg(wpa_s, MSG_DEBUG, "Reconfiguration completed");
1122 return 0;
1123 }
1124
1125
1126 static void wpa_supplicant_reconfig(int sig, void *signal_ctx)
1127 {
1128 struct wpa_global *global = signal_ctx;
1129 struct wpa_supplicant *wpa_s;
1130 for (wpa_s = global->ifaces; wpa_s; wpa_s = wpa_s->next) {
1131 wpa_dbg(wpa_s, MSG_DEBUG, "Signal %d received - reconfiguring",
1132 sig);
1133 if (wpa_supplicant_reload_configuration(wpa_s) < 0) {
1134 wpa_supplicant_terminate_proc(global);
1135 }
1136 }
1137
1138 if (wpa_debug_reopen_file() < 0) {
1139 /* Ignore errors since we cannot really do much to fix this */
1140 wpa_printf(MSG_DEBUG, "Could not reopen debug log file");
1141 }
1142 }
1143
1144
1145 static int wpa_supplicant_suites_from_ai(struct wpa_supplicant *wpa_s,
1146 struct wpa_ssid *ssid,
1147 struct wpa_ie_data *ie)
1148 {
1149 int ret = wpa_sm_parse_own_wpa_ie(wpa_s->wpa, ie);
1150 if (ret) {
1151 if (ret == -2) {
1152 wpa_msg(wpa_s, MSG_INFO, "WPA: Failed to parse WPA IE "
1153 "from association info");
1154 }
1155 return -1;
1156 }
1157
1158 wpa_dbg(wpa_s, MSG_DEBUG, "WPA: Using WPA IE from AssocReq to set "
1159 "cipher suites");
1160 if (!(ie->group_cipher & ssid->group_cipher)) {
1161 wpa_msg(wpa_s, MSG_INFO, "WPA: Driver used disabled group "
1162 "cipher 0x%x (mask 0x%x) - reject",
1163 ie->group_cipher, ssid->group_cipher);
1164 return -1;
1165 }
1166 if (!(ie->pairwise_cipher & ssid->pairwise_cipher)) {
1167 wpa_msg(wpa_s, MSG_INFO, "WPA: Driver used disabled pairwise "
1168 "cipher 0x%x (mask 0x%x) - reject",
1169 ie->pairwise_cipher, ssid->pairwise_cipher);
1170 return -1;
1171 }
1172 if (!(ie->key_mgmt & ssid->key_mgmt)) {
1173 wpa_msg(wpa_s, MSG_INFO, "WPA: Driver used disabled key "
1174 "management 0x%x (mask 0x%x) - reject",
1175 ie->key_mgmt, ssid->key_mgmt);
1176 return -1;
1177 }
1178
1179 #ifdef CONFIG_IEEE80211W
1180 if (!(ie->capabilities & WPA_CAPABILITY_MFPC) &&
1181 wpas_get_ssid_pmf(wpa_s, ssid) == MGMT_FRAME_PROTECTION_REQUIRED) {
1182 wpa_msg(wpa_s, MSG_INFO, "WPA: Driver associated with an AP "
1183 "that does not support management frame protection - "
1184 "reject");
1185 return -1;
1186 }
1187 #endif /* CONFIG_IEEE80211W */
1188
1189 return 0;
1190 }
1191
1192
1193 static int matching_ciphers(struct wpa_ssid *ssid, struct wpa_ie_data *ie,
1194 int freq)
1195 {
1196 if (!ie->has_group)
1197 ie->group_cipher = wpa_default_rsn_cipher(freq);
1198 if (!ie->has_pairwise)
1199 ie->pairwise_cipher = wpa_default_rsn_cipher(freq);
1200 return (ie->group_cipher & ssid->group_cipher) &&
1201 (ie->pairwise_cipher & ssid->pairwise_cipher);
1202 }
1203
1204
1205 /**
1206 * wpa_supplicant_set_suites - Set authentication and encryption parameters
1207 * @wpa_s: Pointer to wpa_supplicant data
1208 * @bss: Scan results for the selected BSS, or %NULL if not available
1209 * @ssid: Configuration data for the selected network
1210 * @wpa_ie: Buffer for the WPA/RSN IE
1211 * @wpa_ie_len: Maximum wpa_ie buffer size on input. This is changed to be the
1212 * used buffer length in case the functions returns success.
1213 * Returns: 0 on success or -1 on failure
1214 *
1215 * This function is used to configure authentication and encryption parameters
1216 * based on the network configuration and scan result for the selected BSS (if
1217 * available).
1218 */
1219 int wpa_supplicant_set_suites(struct wpa_supplicant *wpa_s,
1220 struct wpa_bss *bss, struct wpa_ssid *ssid,
1221 u8 *wpa_ie, size_t *wpa_ie_len)
1222 {
1223 struct wpa_ie_data ie;
1224 int sel, proto;
1225 const u8 *bss_wpa, *bss_rsn, *bss_osen;
1226
1227 if (bss) {
1228 bss_wpa = wpa_bss_get_vendor_ie(bss, WPA_IE_VENDOR_TYPE);
1229 bss_rsn = wpa_bss_get_ie(bss, WLAN_EID_RSN);
1230 bss_osen = wpa_bss_get_vendor_ie(bss, OSEN_IE_VENDOR_TYPE);
1231 } else
1232 bss_wpa = bss_rsn = bss_osen = NULL;
1233
1234 if (bss_rsn && (ssid->proto & WPA_PROTO_RSN) &&
1235 wpa_parse_wpa_ie(bss_rsn, 2 + bss_rsn[1], &ie) == 0 &&
1236 matching_ciphers(ssid, &ie, bss->freq) &&
1237 (ie.key_mgmt & ssid->key_mgmt)) {
1238 wpa_dbg(wpa_s, MSG_DEBUG, "RSN: using IEEE 802.11i/D9.0");
1239 proto = WPA_PROTO_RSN;
1240 } else if (bss_wpa && (ssid->proto & WPA_PROTO_WPA) &&
1241 wpa_parse_wpa_ie(bss_wpa, 2 + bss_wpa[1], &ie) == 0 &&
1242 (ie.group_cipher & ssid->group_cipher) &&
1243 (ie.pairwise_cipher & ssid->pairwise_cipher) &&
1244 (ie.key_mgmt & ssid->key_mgmt)) {
1245 wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using IEEE 802.11i/D3.0");
1246 proto = WPA_PROTO_WPA;
1247 #ifdef CONFIG_HS20
1248 } else if (bss_osen && (ssid->proto & WPA_PROTO_OSEN) &&
1249 wpa_parse_wpa_ie(bss_osen, 2 + bss_osen[1], &ie) == 0 &&
1250 (ie.group_cipher & ssid->group_cipher) &&
1251 (ie.pairwise_cipher & ssid->pairwise_cipher) &&
1252 (ie.key_mgmt & ssid->key_mgmt)) {
1253 wpa_dbg(wpa_s, MSG_DEBUG, "HS 2.0: using OSEN");
1254 proto = WPA_PROTO_OSEN;
1255 } else if (bss_rsn && (ssid->proto & WPA_PROTO_OSEN) &&
1256 wpa_parse_wpa_ie(bss_rsn, 2 + bss_rsn[1], &ie) == 0 &&
1257 (ie.group_cipher & ssid->group_cipher) &&
1258 (ie.pairwise_cipher & ssid->pairwise_cipher) &&
1259 (ie.key_mgmt & ssid->key_mgmt)) {
1260 wpa_dbg(wpa_s, MSG_DEBUG, "RSN: using OSEN (within RSN)");
1261 proto = WPA_PROTO_RSN;
1262 #endif /* CONFIG_HS20 */
1263 } else if (bss) {
1264 wpa_msg(wpa_s, MSG_WARNING, "WPA: Failed to select WPA/RSN");
1265 wpa_dbg(wpa_s, MSG_DEBUG,
1266 "WPA: ssid proto=0x%x pairwise_cipher=0x%x group_cipher=0x%x key_mgmt=0x%x",
1267 ssid->proto, ssid->pairwise_cipher, ssid->group_cipher,
1268 ssid->key_mgmt);
1269 wpa_dbg(wpa_s, MSG_DEBUG, "WPA: BSS " MACSTR " ssid='%s'%s%s%s",
1270 MAC2STR(bss->bssid),
1271 wpa_ssid_txt(bss->ssid, bss->ssid_len),
1272 bss_wpa ? " WPA" : "",
1273 bss_rsn ? " RSN" : "",
1274 bss_osen ? " OSEN" : "");
1275 if (bss_rsn) {
1276 wpa_hexdump(MSG_DEBUG, "RSN", bss_rsn, 2 + bss_rsn[1]);
1277 if (wpa_parse_wpa_ie(bss_rsn, 2 + bss_rsn[1], &ie)) {
1278 wpa_dbg(wpa_s, MSG_DEBUG,
1279 "Could not parse RSN element");
1280 } else {
1281 wpa_dbg(wpa_s, MSG_DEBUG,
1282 "RSN: pairwise_cipher=0x%x group_cipher=0x%x key_mgmt=0x%x",
1283 ie.pairwise_cipher, ie.group_cipher,
1284 ie.key_mgmt);
1285 }
1286 }
1287 if (bss_wpa) {
1288 wpa_hexdump(MSG_DEBUG, "WPA", bss_wpa, 2 + bss_wpa[1]);
1289 if (wpa_parse_wpa_ie(bss_wpa, 2 + bss_wpa[1], &ie)) {
1290 wpa_dbg(wpa_s, MSG_DEBUG,
1291 "Could not parse WPA element");
1292 } else {
1293 wpa_dbg(wpa_s, MSG_DEBUG,
1294 "WPA: pairwise_cipher=0x%x group_cipher=0x%x key_mgmt=0x%x",
1295 ie.pairwise_cipher, ie.group_cipher,
1296 ie.key_mgmt);
1297 }
1298 }
1299 return -1;
1300 } else {
1301 if (ssid->proto & WPA_PROTO_OSEN)
1302 proto = WPA_PROTO_OSEN;
1303 else if (ssid->proto & WPA_PROTO_RSN)
1304 proto = WPA_PROTO_RSN;
1305 else
1306 proto = WPA_PROTO_WPA;
1307 if (wpa_supplicant_suites_from_ai(wpa_s, ssid, &ie) < 0) {
1308 os_memset(&ie, 0, sizeof(ie));
1309 ie.group_cipher = ssid->group_cipher;
1310 ie.pairwise_cipher = ssid->pairwise_cipher;
1311 ie.key_mgmt = ssid->key_mgmt;
1312 #ifdef CONFIG_IEEE80211W
1313 ie.mgmt_group_cipher = 0;
1314 if (ssid->ieee80211w != NO_MGMT_FRAME_PROTECTION) {
1315 if (ssid->group_mgmt_cipher &
1316 WPA_CIPHER_BIP_GMAC_256)
1317 ie.mgmt_group_cipher =
1318 WPA_CIPHER_BIP_GMAC_256;
1319 else if (ssid->group_mgmt_cipher &
1320 WPA_CIPHER_BIP_CMAC_256)
1321 ie.mgmt_group_cipher =
1322 WPA_CIPHER_BIP_CMAC_256;
1323 else if (ssid->group_mgmt_cipher &
1324 WPA_CIPHER_BIP_GMAC_128)
1325 ie.mgmt_group_cipher =
1326 WPA_CIPHER_BIP_GMAC_128;
1327 else
1328 ie.mgmt_group_cipher =
1329 WPA_CIPHER_AES_128_CMAC;
1330 }
1331 #endif /* CONFIG_IEEE80211W */
1332 #ifdef CONFIG_OWE
1333 if ((ssid->key_mgmt & WPA_KEY_MGMT_OWE) &&
1334 !ssid->owe_only &&
1335 !bss_wpa && !bss_rsn && !bss_osen) {
1336 wpa_supplicant_set_non_wpa_policy(wpa_s, ssid);
1337 wpa_s->wpa_proto = 0;
1338 *wpa_ie_len = 0;
1339 return 0;
1340 }
1341 #endif /* CONFIG_OWE */
1342 wpa_dbg(wpa_s, MSG_DEBUG, "WPA: Set cipher suites "
1343 "based on configuration");
1344 } else
1345 proto = ie.proto;
1346 }
1347
1348 wpa_dbg(wpa_s, MSG_DEBUG, "WPA: Selected cipher suites: group %d "
1349 "pairwise %d key_mgmt %d proto %d",
1350 ie.group_cipher, ie.pairwise_cipher, ie.key_mgmt, proto);
1351 #ifdef CONFIG_IEEE80211W
1352 if (ssid->ieee80211w) {
1353 wpa_dbg(wpa_s, MSG_DEBUG, "WPA: Selected mgmt group cipher %d",
1354 ie.mgmt_group_cipher);
1355 }
1356 #endif /* CONFIG_IEEE80211W */
1357
1358 wpa_s->wpa_proto = proto;
1359 wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_PROTO, proto);
1360 wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_RSN_ENABLED,
1361 !!(ssid->proto & (WPA_PROTO_RSN | WPA_PROTO_OSEN)));
1362
1363 if (bss || !wpa_s->ap_ies_from_associnfo) {
1364 if (wpa_sm_set_ap_wpa_ie(wpa_s->wpa, bss_wpa,
1365 bss_wpa ? 2 + bss_wpa[1] : 0) ||
1366 wpa_sm_set_ap_rsn_ie(wpa_s->wpa, bss_rsn,
1367 bss_rsn ? 2 + bss_rsn[1] : 0))
1368 return -1;
1369 }
1370
1371 #ifdef CONFIG_NO_WPA
1372 wpa_s->group_cipher = WPA_CIPHER_NONE;
1373 wpa_s->pairwise_cipher = WPA_CIPHER_NONE;
1374 #else /* CONFIG_NO_WPA */
1375 sel = ie.group_cipher & ssid->group_cipher;
1376 wpa_s->group_cipher = wpa_pick_group_cipher(sel);
1377 if (wpa_s->group_cipher < 0) {
1378 wpa_msg(wpa_s, MSG_WARNING, "WPA: Failed to select group "
1379 "cipher");
1380 return -1;
1381 }
1382 wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using GTK %s",
1383 wpa_cipher_txt(wpa_s->group_cipher));
1384
1385 sel = ie.pairwise_cipher & ssid->pairwise_cipher;
1386 wpa_s->pairwise_cipher = wpa_pick_pairwise_cipher(sel, 1);
1387 if (wpa_s->pairwise_cipher < 0) {
1388 wpa_msg(wpa_s, MSG_WARNING, "WPA: Failed to select pairwise "
1389 "cipher");
1390 return -1;
1391 }
1392 wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using PTK %s",
1393 wpa_cipher_txt(wpa_s->pairwise_cipher));
1394 #endif /* CONFIG_NO_WPA */
1395
1396 sel = ie.key_mgmt & ssid->key_mgmt;
1397 #ifdef CONFIG_SAE
1398 if (!(wpa_s->drv_flags & WPA_DRIVER_FLAGS_SAE))
1399 sel &= ~(WPA_KEY_MGMT_SAE | WPA_KEY_MGMT_FT_SAE);
1400 #endif /* CONFIG_SAE */
1401 if (0) {
1402 #ifdef CONFIG_SUITEB192
1403 } else if (sel & WPA_KEY_MGMT_IEEE8021X_SUITE_B_192) {
1404 wpa_s->key_mgmt = WPA_KEY_MGMT_IEEE8021X_SUITE_B_192;
1405 wpa_dbg(wpa_s, MSG_DEBUG,
1406 "WPA: using KEY_MGMT 802.1X with Suite B (192-bit)");
1407 #endif /* CONFIG_SUITEB192 */
1408 #ifdef CONFIG_SUITEB
1409 } else if (sel & WPA_KEY_MGMT_IEEE8021X_SUITE_B) {
1410 wpa_s->key_mgmt = WPA_KEY_MGMT_IEEE8021X_SUITE_B;
1411 wpa_dbg(wpa_s, MSG_DEBUG,
1412 "WPA: using KEY_MGMT 802.1X with Suite B");
1413 #endif /* CONFIG_SUITEB */
1414 #ifdef CONFIG_FILS
1415 #ifdef CONFIG_IEEE80211R
1416 } else if (sel & WPA_KEY_MGMT_FT_FILS_SHA384) {
1417 wpa_s->key_mgmt = WPA_KEY_MGMT_FT_FILS_SHA384;
1418 wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using KEY_MGMT FT-FILS-SHA384");
1419 } else if (sel & WPA_KEY_MGMT_FT_FILS_SHA256) {
1420 wpa_s->key_mgmt = WPA_KEY_MGMT_FT_FILS_SHA256;
1421 wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using KEY_MGMT FT-FILS-SHA256");
1422 #endif /* CONFIG_IEEE80211R */
1423 } else if (sel & WPA_KEY_MGMT_FILS_SHA384) {
1424 wpa_s->key_mgmt = WPA_KEY_MGMT_FILS_SHA384;
1425 wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using KEY_MGMT FILS-SHA384");
1426 } else if (sel & WPA_KEY_MGMT_FILS_SHA256) {
1427 wpa_s->key_mgmt = WPA_KEY_MGMT_FILS_SHA256;
1428 wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using KEY_MGMT FILS-SHA256");
1429 #endif /* CONFIG_FILS */
1430 #ifdef CONFIG_IEEE80211R
1431 #ifdef CONFIG_SHA384
1432 } else if (sel & WPA_KEY_MGMT_FT_IEEE8021X_SHA384) {
1433 wpa_s->key_mgmt = WPA_KEY_MGMT_FT_IEEE8021X_SHA384;
1434 wpa_dbg(wpa_s, MSG_DEBUG,
1435 "WPA: using KEY_MGMT FT/802.1X-SHA384");
1436 if (pmksa_cache_get_current(wpa_s->wpa)) {
1437 /* PMKSA caching with FT is not fully functional, so
1438 * disable the case for now. */
1439 wpa_dbg(wpa_s, MSG_DEBUG,
1440 "WPA: Disable PMKSA caching for FT/802.1X connection");
1441 pmksa_cache_clear_current(wpa_s->wpa);
1442 }
1443 #endif /* CONFIG_SHA384 */
1444 } else if (sel & WPA_KEY_MGMT_FT_IEEE8021X) {
1445 wpa_s->key_mgmt = WPA_KEY_MGMT_FT_IEEE8021X;
1446 wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using KEY_MGMT FT/802.1X");
1447 if (pmksa_cache_get_current(wpa_s->wpa)) {
1448 /* PMKSA caching with FT is not fully functional, so
1449 * disable the case for now. */
1450 wpa_dbg(wpa_s, MSG_DEBUG,
1451 "WPA: Disable PMKSA caching for FT/802.1X connection");
1452 pmksa_cache_clear_current(wpa_s->wpa);
1453 }
1454 } else if (sel & WPA_KEY_MGMT_FT_PSK) {
1455 wpa_s->key_mgmt = WPA_KEY_MGMT_FT_PSK;
1456 wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using KEY_MGMT FT/PSK");
1457 #endif /* CONFIG_IEEE80211R */
1458 #ifdef CONFIG_DPP
1459 } else if (sel & WPA_KEY_MGMT_DPP) {
1460 wpa_s->key_mgmt = WPA_KEY_MGMT_DPP;
1461 wpa_dbg(wpa_s, MSG_DEBUG, "RSN: using KEY_MGMT DPP");
1462 #endif /* CONFIG_DPP */
1463 #ifdef CONFIG_SAE
1464 } else if (sel & WPA_KEY_MGMT_SAE) {
1465 wpa_s->key_mgmt = WPA_KEY_MGMT_SAE;
1466 wpa_dbg(wpa_s, MSG_DEBUG, "RSN: using KEY_MGMT SAE");
1467 } else if (sel & WPA_KEY_MGMT_FT_SAE) {
1468 wpa_s->key_mgmt = WPA_KEY_MGMT_FT_SAE;
1469 wpa_dbg(wpa_s, MSG_DEBUG, "RSN: using KEY_MGMT FT/SAE");
1470 #endif /* CONFIG_SAE */
1471 #ifdef CONFIG_IEEE80211W
1472 } else if (sel & WPA_KEY_MGMT_IEEE8021X_SHA256) {
1473 wpa_s->key_mgmt = WPA_KEY_MGMT_IEEE8021X_SHA256;
1474 wpa_dbg(wpa_s, MSG_DEBUG,
1475 "WPA: using KEY_MGMT 802.1X with SHA256");
1476 } else if (sel & WPA_KEY_MGMT_PSK_SHA256) {
1477 wpa_s->key_mgmt = WPA_KEY_MGMT_PSK_SHA256;
1478 wpa_dbg(wpa_s, MSG_DEBUG,
1479 "WPA: using KEY_MGMT PSK with SHA256");
1480 #endif /* CONFIG_IEEE80211W */
1481 } else if (sel & WPA_KEY_MGMT_IEEE8021X) {
1482 wpa_s->key_mgmt = WPA_KEY_MGMT_IEEE8021X;
1483 wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using KEY_MGMT 802.1X");
1484 } else if (sel & WPA_KEY_MGMT_PSK) {
1485 wpa_s->key_mgmt = WPA_KEY_MGMT_PSK;
1486 wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using KEY_MGMT WPA-PSK");
1487 } else if (sel & WPA_KEY_MGMT_WPA_NONE) {
1488 wpa_s->key_mgmt = WPA_KEY_MGMT_WPA_NONE;
1489 wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using KEY_MGMT WPA-NONE");
1490 #ifdef CONFIG_HS20
1491 } else if (sel & WPA_KEY_MGMT_OSEN) {
1492 wpa_s->key_mgmt = WPA_KEY_MGMT_OSEN;
1493 wpa_dbg(wpa_s, MSG_DEBUG, "HS 2.0: using KEY_MGMT OSEN");
1494 #endif /* CONFIG_HS20 */
1495 #ifdef CONFIG_OWE
1496 } else if (sel & WPA_KEY_MGMT_OWE) {
1497 wpa_s->key_mgmt = WPA_KEY_MGMT_OWE;
1498 wpa_dbg(wpa_s, MSG_DEBUG, "RSN: using KEY_MGMT OWE");
1499 #endif /* CONFIG_OWE */
1500 } else {
1501 wpa_msg(wpa_s, MSG_WARNING, "WPA: Failed to select "
1502 "authenticated key management type");
1503 return -1;
1504 }
1505
1506 wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_KEY_MGMT, wpa_s->key_mgmt);
1507 wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_PAIRWISE,
1508 wpa_s->pairwise_cipher);
1509 wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_GROUP, wpa_s->group_cipher);
1510
1511 #ifdef CONFIG_IEEE80211W
1512 sel = ie.mgmt_group_cipher;
1513 if (ssid->group_mgmt_cipher)
1514 sel &= ssid->group_mgmt_cipher;
1515 if (wpas_get_ssid_pmf(wpa_s, ssid) == NO_MGMT_FRAME_PROTECTION ||
1516 !(ie.capabilities & WPA_CAPABILITY_MFPC))
1517 sel = 0;
1518 if (sel & WPA_CIPHER_AES_128_CMAC) {
1519 wpa_s->mgmt_group_cipher = WPA_CIPHER_AES_128_CMAC;
1520 wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using MGMT group cipher "
1521 "AES-128-CMAC");
1522 } else if (sel & WPA_CIPHER_BIP_GMAC_128) {
1523 wpa_s->mgmt_group_cipher = WPA_CIPHER_BIP_GMAC_128;
1524 wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using MGMT group cipher "
1525 "BIP-GMAC-128");
1526 } else if (sel & WPA_CIPHER_BIP_GMAC_256) {
1527 wpa_s->mgmt_group_cipher = WPA_CIPHER_BIP_GMAC_256;
1528 wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using MGMT group cipher "
1529 "BIP-GMAC-256");
1530 } else if (sel & WPA_CIPHER_BIP_CMAC_256) {
1531 wpa_s->mgmt_group_cipher = WPA_CIPHER_BIP_CMAC_256;
1532 wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using MGMT group cipher "
1533 "BIP-CMAC-256");
1534 } else {
1535 wpa_s->mgmt_group_cipher = 0;
1536 wpa_dbg(wpa_s, MSG_DEBUG, "WPA: not using MGMT group cipher");
1537 }
1538 wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_MGMT_GROUP,
1539 wpa_s->mgmt_group_cipher);
1540 wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_MFP,
1541 wpas_get_ssid_pmf(wpa_s, ssid));
1542 #endif /* CONFIG_IEEE80211W */
1543 #ifdef CONFIG_OCV
1544 wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_OCV, ssid->ocv);
1545 #endif /* CONFIG_OCV */
1546
1547 if (wpa_sm_set_assoc_wpa_ie_default(wpa_s->wpa, wpa_ie, wpa_ie_len)) {
1548 wpa_msg(wpa_s, MSG_WARNING, "WPA: Failed to generate WPA IE");
1549 return -1;
1550 }
1551
1552 if (0) {
1553 #ifdef CONFIG_DPP
1554 } else if (wpa_s->key_mgmt == WPA_KEY_MGMT_DPP) {
1555 /* Use PMK from DPP network introduction (PMKSA entry) */
1556 wpa_sm_set_pmk_from_pmksa(wpa_s->wpa);
1557 #endif /* CONFIG_DPP */
1558 } else if (wpa_key_mgmt_wpa_psk(ssid->key_mgmt)) {
1559 int psk_set = 0;
1560 int sae_only;
1561
1562 sae_only = (ssid->key_mgmt & (WPA_KEY_MGMT_PSK |
1563 WPA_KEY_MGMT_FT_PSK |
1564 WPA_KEY_MGMT_PSK_SHA256)) == 0;
1565
1566 if (ssid->psk_set && !sae_only) {
1567 wpa_hexdump_key(MSG_MSGDUMP, "PSK (set in config)",
1568 ssid->psk, PMK_LEN);
1569 wpa_sm_set_pmk(wpa_s->wpa, ssid->psk, PMK_LEN, NULL,
1570 NULL);
1571 psk_set = 1;
1572 }
1573
1574 if (wpa_key_mgmt_sae(ssid->key_mgmt) &&
1575 (ssid->sae_password || ssid->passphrase))
1576 psk_set = 1;
1577
1578 #ifndef CONFIG_NO_PBKDF2
1579 if (bss && ssid->bssid_set && ssid->ssid_len == 0 &&
1580 ssid->passphrase && !sae_only) {
1581 u8 psk[PMK_LEN];
1582 pbkdf2_sha1(ssid->passphrase, bss->ssid, bss->ssid_len,
1583 4096, psk, PMK_LEN);
1584 wpa_hexdump_key(MSG_MSGDUMP, "PSK (from passphrase)",
1585 psk, PMK_LEN);
1586 wpa_sm_set_pmk(wpa_s->wpa, psk, PMK_LEN, NULL, NULL);
1587 psk_set = 1;
1588 os_memset(psk, 0, sizeof(psk));
1589 }
1590 #endif /* CONFIG_NO_PBKDF2 */
1591 #ifdef CONFIG_EXT_PASSWORD
1592 if (ssid->ext_psk && !sae_only) {
1593 struct wpabuf *pw = ext_password_get(wpa_s->ext_pw,
1594 ssid->ext_psk);
1595 char pw_str[64 + 1];
1596 u8 psk[PMK_LEN];
1597
1598 if (pw == NULL) {
1599 wpa_msg(wpa_s, MSG_INFO, "EXT PW: No PSK "
1600 "found from external storage");
1601 return -1;
1602 }
1603
1604 if (wpabuf_len(pw) < 8 || wpabuf_len(pw) > 64) {
1605 wpa_msg(wpa_s, MSG_INFO, "EXT PW: Unexpected "
1606 "PSK length %d in external storage",
1607 (int) wpabuf_len(pw));
1608 ext_password_free(pw);
1609 return -1;
1610 }
1611
1612 os_memcpy(pw_str, wpabuf_head(pw), wpabuf_len(pw));
1613 pw_str[wpabuf_len(pw)] = '\0';
1614
1615 #ifndef CONFIG_NO_PBKDF2
1616 if (wpabuf_len(pw) >= 8 && wpabuf_len(pw) < 64 && bss)
1617 {
1618 pbkdf2_sha1(pw_str, bss->ssid, bss->ssid_len,
1619 4096, psk, PMK_LEN);
1620 os_memset(pw_str, 0, sizeof(pw_str));
1621 wpa_hexdump_key(MSG_MSGDUMP, "PSK (from "
1622 "external passphrase)",
1623 psk, PMK_LEN);
1624 wpa_sm_set_pmk(wpa_s->wpa, psk, PMK_LEN, NULL,
1625 NULL);
1626 psk_set = 1;
1627 os_memset(psk, 0, sizeof(psk));
1628 } else
1629 #endif /* CONFIG_NO_PBKDF2 */
1630 if (wpabuf_len(pw) == 2 * PMK_LEN) {
1631 if (hexstr2bin(pw_str, psk, PMK_LEN) < 0) {
1632 wpa_msg(wpa_s, MSG_INFO, "EXT PW: "
1633 "Invalid PSK hex string");
1634 os_memset(pw_str, 0, sizeof(pw_str));
1635 ext_password_free(pw);
1636 return -1;
1637 }
1638 wpa_hexdump_key(MSG_MSGDUMP,
1639 "PSK (from external PSK)",
1640 psk, PMK_LEN);
1641 wpa_sm_set_pmk(wpa_s->wpa, psk, PMK_LEN, NULL,
1642 NULL);
1643 psk_set = 1;
1644 os_memset(psk, 0, sizeof(psk));
1645 } else {
1646 wpa_msg(wpa_s, MSG_INFO, "EXT PW: No suitable "
1647 "PSK available");
1648 os_memset(pw_str, 0, sizeof(pw_str));
1649 ext_password_free(pw);
1650 return -1;
1651 }
1652
1653 os_memset(pw_str, 0, sizeof(pw_str));
1654 ext_password_free(pw);
1655 }
1656 #endif /* CONFIG_EXT_PASSWORD */
1657
1658 if (!psk_set) {
1659 wpa_msg(wpa_s, MSG_INFO,
1660 "No PSK available for association");
1661 wpas_auth_failed(wpa_s, "NO_PSK_AVAILABLE");
1662 return -1;
1663 }
1664 #ifdef CONFIG_OWE
1665 } else if (wpa_s->key_mgmt == WPA_KEY_MGMT_OWE) {
1666 /* OWE Diffie-Hellman exchange in (Re)Association
1667 * Request/Response frames set the PMK, so do not override it
1668 * here. */
1669 #endif /* CONFIG_OWE */
1670 } else
1671 wpa_sm_set_pmk_from_pmksa(wpa_s->wpa);
1672
1673 return 0;
1674 }
1675
1676
1677 static void wpas_ext_capab_byte(struct wpa_supplicant *wpa_s, u8 *pos, int idx)
1678 {
1679 *pos = 0x00;
1680
1681 switch (idx) {
1682 case 0: /* Bits 0-7 */
1683 break;
1684 case 1: /* Bits 8-15 */
1685 if (wpa_s->conf->coloc_intf_reporting) {
1686 /* Bit 13 - Collocated Interference Reporting */
1687 *pos |= 0x20;
1688 }
1689 break;
1690 case 2: /* Bits 16-23 */
1691 #ifdef CONFIG_WNM
1692 *pos |= 0x02; /* Bit 17 - WNM-Sleep Mode */
1693 *pos |= 0x08; /* Bit 19 - BSS Transition */
1694 #endif /* CONFIG_WNM */
1695 break;
1696 case 3: /* Bits 24-31 */
1697 #ifdef CONFIG_WNM
1698 *pos |= 0x02; /* Bit 25 - SSID List */
1699 #endif /* CONFIG_WNM */
1700 #ifdef CONFIG_INTERWORKING
1701 if (wpa_s->conf->interworking)
1702 *pos |= 0x80; /* Bit 31 - Interworking */
1703 #endif /* CONFIG_INTERWORKING */
1704 break;
1705 case 4: /* Bits 32-39 */
1706 #ifdef CONFIG_INTERWORKING
1707 if (wpa_s->drv_flags & WPA_DRIVER_FLAGS_QOS_MAPPING)
1708 *pos |= 0x01; /* Bit 32 - QoS Map */
1709 #endif /* CONFIG_INTERWORKING */
1710 break;
1711 case 5: /* Bits 40-47 */
1712 #ifdef CONFIG_HS20
1713 if (wpa_s->conf->hs20)
1714 *pos |= 0x40; /* Bit 46 - WNM-Notification */
1715 #endif /* CONFIG_HS20 */
1716 #ifdef CONFIG_MBO
1717 *pos |= 0x40; /* Bit 46 - WNM-Notification */
1718 #endif /* CONFIG_MBO */
1719 break;
1720 case 6: /* Bits 48-55 */
1721 break;
1722 case 7: /* Bits 56-63 */
1723 break;
1724 case 8: /* Bits 64-71 */
1725 if (wpa_s->conf->ftm_responder)
1726 *pos |= 0x40; /* Bit 70 - FTM responder */
1727 if (wpa_s->conf->ftm_initiator)
1728 *pos |= 0x80; /* Bit 71 - FTM initiator */
1729 break;
1730 case 9: /* Bits 72-79 */
1731 #ifdef CONFIG_FILS
1732 if (!wpa_s->disable_fils)
1733 *pos |= 0x01;
1734 #endif /* CONFIG_FILS */
1735 break;
1736 }
1737 }
1738
1739
1740 int wpas_build_ext_capab(struct wpa_supplicant *wpa_s, u8 *buf, size_t buflen)
1741 {
1742 u8 *pos = buf;
1743 u8 len = 10, i;
1744
1745 if (len < wpa_s->extended_capa_len)
1746 len = wpa_s->extended_capa_len;
1747 if (buflen < (size_t) len + 2) {
1748 wpa_printf(MSG_INFO,
1749 "Not enough room for building extended capabilities element");
1750 return -1;
1751 }
1752
1753 *pos++ = WLAN_EID_EXT_CAPAB;
1754 *pos++ = len;
1755 for (i = 0; i < len; i++, pos++) {
1756 wpas_ext_capab_byte(wpa_s, pos, i);
1757
1758 if (i < wpa_s->extended_capa_len) {
1759 *pos &= ~wpa_s->extended_capa_mask[i];
1760 *pos |= wpa_s->extended_capa[i];
1761 }
1762 }
1763
1764 while (len > 0 && buf[1 + len] == 0) {
1765 len--;
1766 buf[1] = len;
1767 }
1768 if (len == 0)
1769 return 0;
1770
1771 return 2 + len;
1772 }
1773
1774
1775 static int wpas_valid_bss(struct wpa_supplicant *wpa_s,
1776 struct wpa_bss *test_bss)
1777 {
1778 struct wpa_bss *bss;
1779
1780 dl_list_for_each(bss, &wpa_s->bss, struct wpa_bss, list) {
1781 if (bss == test_bss)
1782 return 1;
1783 }
1784
1785 return 0;
1786 }
1787
1788
1789 static int wpas_valid_ssid(struct wpa_supplicant *wpa_s,
1790 struct wpa_ssid *test_ssid)
1791 {
1792 struct wpa_ssid *ssid;
1793
1794 for (ssid = wpa_s->conf->ssid; ssid; ssid = ssid->next) {
1795 if (ssid == test_ssid)
1796 return 1;
1797 }
1798
1799 return 0;
1800 }
1801
1802
1803 int wpas_valid_bss_ssid(struct wpa_supplicant *wpa_s, struct wpa_bss *test_bss,
1804 struct wpa_ssid *test_ssid)
1805 {
1806 if (test_bss && !wpas_valid_bss(wpa_s, test_bss))
1807 return 0;
1808
1809 return test_ssid == NULL || wpas_valid_ssid(wpa_s, test_ssid);
1810 }
1811
1812
1813 void wpas_connect_work_free(struct wpa_connect_work *cwork)
1814 {
1815 if (cwork == NULL)
1816 return;
1817 os_free(cwork);
1818 }
1819
1820
1821 void wpas_connect_work_done(struct wpa_supplicant *wpa_s)
1822 {
1823 struct wpa_connect_work *cwork;
1824 struct wpa_radio_work *work = wpa_s->connect_work;
1825
1826 if (!work)
1827 return;
1828
1829 wpa_s->connect_work = NULL;
1830 cwork = work->ctx;
1831 work->ctx = NULL;
1832 wpas_connect_work_free(cwork);
1833 radio_work_done(work);
1834 }
1835
1836
1837 int wpas_update_random_addr(struct wpa_supplicant *wpa_s, int style)
1838 {
1839 struct os_reltime now;
1840 u8 addr[ETH_ALEN];
1841
1842 os_get_reltime(&now);
1843 if (wpa_s->last_mac_addr_style == style &&
1844 wpa_s->last_mac_addr_change.sec != 0 &&
1845 !os_reltime_expired(&now, &wpa_s->last_mac_addr_change,
1846 wpa_s->conf->rand_addr_lifetime)) {
1847 wpa_msg(wpa_s, MSG_DEBUG,
1848 "Previously selected random MAC address has not yet expired");
1849 return 0;
1850 }
1851
1852 switch (style) {
1853 case 1:
1854 if (random_mac_addr(addr) < 0)
1855 return -1;
1856 break;
1857 case 2:
1858 os_memcpy(addr, wpa_s->perm_addr, ETH_ALEN);
1859 if (random_mac_addr_keep_oui(addr) < 0)
1860 return -1;
1861 break;
1862 default:
1863 return -1;
1864 }
1865
1866 if (wpa_drv_set_mac_addr(wpa_s, addr) < 0) {
1867 wpa_msg(wpa_s, MSG_INFO,
1868 "Failed to set random MAC address");
1869 return -1;
1870 }
1871
1872 os_get_reltime(&wpa_s->last_mac_addr_change);
1873 wpa_s->mac_addr_changed = 1;
1874 wpa_s->last_mac_addr_style = style;
1875
1876 if (wpa_supplicant_update_mac_addr(wpa_s) < 0) {
1877 wpa_msg(wpa_s, MSG_INFO,
1878 "Could not update MAC address information");
1879 return -1;
1880 }
1881
1882 wpa_msg(wpa_s, MSG_DEBUG, "Using random MAC address " MACSTR,
1883 MAC2STR(addr));
1884
1885 return 0;
1886 }
1887
1888
1889 int wpas_update_random_addr_disassoc(struct wpa_supplicant *wpa_s)
1890 {
1891 if (wpa_s->wpa_state >= WPA_AUTHENTICATING ||
1892 !wpa_s->conf->preassoc_mac_addr)
1893 return 0;
1894
1895 return wpas_update_random_addr(wpa_s, wpa_s->conf->preassoc_mac_addr);
1896 }
1897
1898
1899 static void wpas_start_assoc_cb(struct wpa_radio_work *work, int deinit);
1900
1901 /**
1902 * wpa_supplicant_associate - Request association
1903 * @wpa_s: Pointer to wpa_supplicant data
1904 * @bss: Scan results for the selected BSS, or %NULL if not available
1905 * @ssid: Configuration data for the selected network
1906 *
1907 * This function is used to request %wpa_supplicant to associate with a BSS.
1908 */
1909 void wpa_supplicant_associate(struct wpa_supplicant *wpa_s,
1910 struct wpa_bss *bss, struct wpa_ssid *ssid)
1911 {
1912 struct wpa_connect_work *cwork;
1913 int rand_style;
1914
1915 wpa_s->own_disconnect_req = 0;
1916
1917 /*
1918 * If we are starting a new connection, any previously pending EAPOL
1919 * RX cannot be valid anymore.
1920 */
1921 wpabuf_free(wpa_s->pending_eapol_rx);
1922 wpa_s->pending_eapol_rx = NULL;
1923
1924 if (ssid->mac_addr == -1)
1925 rand_style = wpa_s->conf->mac_addr;
1926 else
1927 rand_style = ssid->mac_addr;
1928
1929 wmm_ac_clear_saved_tspecs(wpa_s);
1930 wpa_s->reassoc_same_bss = 0;
1931 wpa_s->reassoc_same_ess = 0;
1932 #ifdef CONFIG_TESTING_OPTIONS
1933 wpa_s->testing_resend_assoc = 0;
1934 #endif /* CONFIG_TESTING_OPTIONS */
1935
1936 if (wpa_s->last_ssid == ssid) {
1937 wpa_dbg(wpa_s, MSG_DEBUG, "Re-association to the same ESS");
1938 wpa_s->reassoc_same_ess = 1;
1939 if (wpa_s->current_bss && wpa_s->current_bss == bss) {
1940 wmm_ac_save_tspecs(wpa_s);
1941 wpa_s->reassoc_same_bss = 1;
1942 } else if (wpa_s->current_bss && wpa_s->current_bss != bss) {
1943 os_get_reltime(&wpa_s->roam_start);
1944 }
1945 }
1946
1947 if (rand_style > 0 && !wpa_s->reassoc_same_ess) {
1948 if (wpas_update_random_addr(wpa_s, rand_style) < 0)
1949 return;
1950 wpa_sm_pmksa_cache_flush(wpa_s->wpa, ssid);
1951 } else if (rand_style == 0 && wpa_s->mac_addr_changed) {
1952 if (wpa_drv_set_mac_addr(wpa_s, NULL) < 0) {
1953 wpa_msg(wpa_s, MSG_INFO,
1954 "Could not restore permanent MAC address");
1955 return;
1956 }
1957 wpa_s->mac_addr_changed = 0;
1958 if (wpa_supplicant_update_mac_addr(wpa_s) < 0) {
1959 wpa_msg(wpa_s, MSG_INFO,
1960 "Could not update MAC address information");
1961 return;
1962 }
1963 wpa_msg(wpa_s, MSG_DEBUG, "Using permanent MAC address");
1964 }
1965 wpa_s->last_ssid = ssid;
1966
1967 #ifdef CONFIG_IBSS_RSN
1968 ibss_rsn_deinit(wpa_s->ibss_rsn);
1969 wpa_s->ibss_rsn = NULL;
1970 #else /* CONFIG_IBSS_RSN */
1971 if (ssid->mode == WPAS_MODE_IBSS &&
1972 !(ssid->key_mgmt & (WPA_KEY_MGMT_NONE | WPA_KEY_MGMT_WPA_NONE))) {
1973 wpa_msg(wpa_s, MSG_INFO,
1974 "IBSS RSN not supported in the build");
1975 return;
1976 }
1977 #endif /* CONFIG_IBSS_RSN */
1978
1979 if (ssid->mode == WPAS_MODE_AP || ssid->mode == WPAS_MODE_P2P_GO ||
1980 ssid->mode == WPAS_MODE_P2P_GROUP_FORMATION) {
1981 #ifdef CONFIG_AP
1982 if (!(wpa_s->drv_flags & WPA_DRIVER_FLAGS_AP)) {
1983 wpa_msg(wpa_s, MSG_INFO, "Driver does not support AP "
1984 "mode");
1985 return;
1986 }
1987 if (wpa_supplicant_create_ap(wpa_s, ssid) < 0) {
1988 wpa_supplicant_set_state(wpa_s, WPA_DISCONNECTED);
1989 if (ssid->mode == WPAS_MODE_P2P_GROUP_FORMATION)
1990 wpas_p2p_ap_setup_failed(wpa_s);
1991 return;
1992 }
1993 wpa_s->current_bss = bss;
1994 #else /* CONFIG_AP */
1995 wpa_msg(wpa_s, MSG_ERROR, "AP mode support not included in "
1996 "the build");
1997 #endif /* CONFIG_AP */
1998 return;
1999 }
2000
2001 if (ssid->mode == WPAS_MODE_MESH) {
2002 #ifdef CONFIG_MESH
2003 if (!(wpa_s->drv_flags & WPA_DRIVER_FLAGS_MESH)) {
2004 wpa_msg(wpa_s, MSG_INFO,
2005 "Driver does not support mesh mode");
2006 return;
2007 }
2008 if (bss)
2009 ssid->frequency = bss->freq;
2010 if (wpa_supplicant_join_mesh(wpa_s, ssid) < 0) {
2011 wpa_msg(wpa_s, MSG_ERROR, "Could not join mesh");
2012 return;
2013 }
2014 wpa_s->current_bss = bss;
2015 wpa_msg(wpa_s, MSG_INFO, MESH_GROUP_STARTED "ssid=\"%s\" id=%d",
2016 wpa_ssid_txt(ssid->ssid, ssid->ssid_len),
2017 ssid->id);
2018 wpas_notify_mesh_group_started(wpa_s, ssid);
2019 #else /* CONFIG_MESH */
2020 wpa_msg(wpa_s, MSG_ERROR,
2021 "mesh mode support not included in the build");
2022 #endif /* CONFIG_MESH */
2023 return;
2024 }
2025
2026 /*
2027 * Set WPA state machine configuration to match the selected network now
2028 * so that the information is available before wpas_start_assoc_cb()
2029 * gets called. This is needed at least for RSN pre-authentication where
2030 * candidate APs are added to a list based on scan result processing
2031 * before completion of the first association.
2032 */
2033 wpa_supplicant_rsn_supp_set_config(wpa_s, ssid);
2034
2035 #ifdef CONFIG_DPP
2036 if (wpas_dpp_check_connect(wpa_s, ssid, bss) != 0)
2037 return;
2038 #endif /* CONFIG_DPP */
2039
2040 #ifdef CONFIG_TDLS
2041 if (bss)
2042 wpa_tdls_ap_ies(wpa_s->wpa, (const u8 *) (bss + 1),
2043 bss->ie_len);
2044 #endif /* CONFIG_TDLS */
2045
2046 if ((wpa_s->drv_flags & WPA_DRIVER_FLAGS_SME) &&
2047 ssid->mode == IEEE80211_MODE_INFRA) {
2048 sme_authenticate(wpa_s, bss, ssid);
2049 return;
2050 }
2051
2052 if (wpa_s->connect_work) {
2053 wpa_dbg(wpa_s, MSG_DEBUG, "Reject wpa_supplicant_associate() call since connect_work exist");
2054 return;
2055 }
2056
2057 if (radio_work_pending(wpa_s, "connect")) {
2058 wpa_dbg(wpa_s, MSG_DEBUG, "Reject wpa_supplicant_associate() call since pending work exist");
2059 return;
2060 }
2061
2062 #ifdef CONFIG_SME
2063 if (ssid->mode == WPAS_MODE_IBSS || ssid->mode == WPAS_MODE_MESH) {
2064 /* Clear possibly set auth_alg, if any, from last attempt. */
2065 wpa_s->sme.auth_alg = WPA_AUTH_ALG_OPEN;
2066 }
2067 #endif /* CONFIG_SME */
2068
2069 wpas_abort_ongoing_scan(wpa_s);
2070
2071 cwork = os_zalloc(sizeof(*cwork));
2072 if (cwork == NULL)
2073 return;
2074
2075 cwork->bss = bss;
2076 cwork->ssid = ssid;
2077
2078 if (radio_add_work(wpa_s, bss ? bss->freq : 0, "connect", 1,
2079 wpas_start_assoc_cb, cwork) < 0) {
2080 os_free(cwork);
2081 }
2082 }
2083
2084
2085 static int bss_is_ibss(struct wpa_bss *bss)
2086 {
2087 return (bss->caps & (IEEE80211_CAP_ESS | IEEE80211_CAP_IBSS)) ==
2088 IEEE80211_CAP_IBSS;
2089 }
2090
2091
2092 static int drv_supports_vht(struct wpa_supplicant *wpa_s,
2093 const struct wpa_ssid *ssid)
2094 {
2095 enum hostapd_hw_mode hw_mode;
2096 struct hostapd_hw_modes *mode = NULL;
2097 u8 channel;
2098 int i;
2099
2100 hw_mode = ieee80211_freq_to_chan(ssid->frequency, &channel);
2101 if (hw_mode == NUM_HOSTAPD_MODES)
2102 return 0;
2103 for (i = 0; wpa_s->hw.modes && i < wpa_s->hw.num_modes; i++) {
2104 if (wpa_s->hw.modes[i].mode == hw_mode) {
2105 mode = &wpa_s->hw.modes[i];
2106 break;
2107 }
2108 }
2109
2110 if (!mode)
2111 return 0;
2112
2113 return mode->vht_capab != 0;
2114 }
2115
2116
2117 void ibss_mesh_setup_freq(struct wpa_supplicant *wpa_s,
2118 const struct wpa_ssid *ssid,
2119 struct hostapd_freq_params *freq)
2120 {
2121 enum hostapd_hw_mode hw_mode;
2122 struct hostapd_hw_modes *mode = NULL;
2123 int ht40plus[] = { 36, 44, 52, 60, 100, 108, 116, 124, 132, 149, 157,
2124 184, 192 };
2125 int vht80[] = { 36, 52, 100, 116, 132, 149 };
2126 struct hostapd_channel_data *pri_chan = NULL, *sec_chan = NULL;
2127 u8 channel;
2128 int i, chan_idx, ht40 = -1, res, obss_scan = 1;
2129 unsigned int j, k;
2130 struct hostapd_freq_params vht_freq;
2131 int chwidth, seg0, seg1;
2132 u32 vht_caps = 0;
2133
2134 freq->freq = ssid->frequency;
2135
2136 for (j = 0; j < wpa_s->last_scan_res_used; j++) {
2137 struct wpa_bss *bss = wpa_s->last_scan_res[j];
2138
2139 if (ssid->mode != WPAS_MODE_IBSS)
2140 break;
2141
2142 /* Don't adjust control freq in case of fixed_freq */
2143 if (ssid->fixed_freq)
2144 break;
2145
2146 if (!bss_is_ibss(bss))
2147 continue;
2148
2149 if (ssid->ssid_len == bss->ssid_len &&
2150 os_memcmp(ssid->ssid, bss->ssid, bss->ssid_len) == 0) {
2151 wpa_printf(MSG_DEBUG,
2152 "IBSS already found in scan results, adjust control freq: %d",
2153 bss->freq);
2154 freq->freq = bss->freq;
2155 obss_scan = 0;
2156 break;
2157 }
2158 }
2159
2160 /* For IBSS check HT_IBSS flag */
2161 if (ssid->mode == WPAS_MODE_IBSS &&
2162 !(wpa_s->drv_flags & WPA_DRIVER_FLAGS_HT_IBSS))
2163 return;
2164
2165 if (wpa_s->group_cipher == WPA_CIPHER_WEP40 ||
2166 wpa_s->group_cipher == WPA_CIPHER_WEP104 ||
2167 wpa_s->pairwise_cipher == WPA_CIPHER_TKIP) {
2168 wpa_printf(MSG_DEBUG,
2169 "IBSS: WEP/TKIP detected, do not try to enable HT");
2170 return;
2171 }
2172
2173 hw_mode = ieee80211_freq_to_chan(freq->freq, &channel);
2174 for (i = 0; wpa_s->hw.modes && i < wpa_s->hw.num_modes; i++) {
2175 if (wpa_s->hw.modes[i].mode == hw_mode) {
2176 mode = &wpa_s->hw.modes[i];
2177 break;
2178 }
2179 }
2180
2181 if (!mode)
2182 return;
2183
2184 #ifdef CONFIG_HT_OVERRIDES
2185 if (ssid->disable_ht) {
2186 freq->ht_enabled = 0;
2187 return;
2188 }
2189 #endif /* CONFIG_HT_OVERRIDES */
2190
2191 freq->ht_enabled = ht_supported(mode);
2192 if (!freq->ht_enabled)
2193 return;
2194
2195 /* Setup higher BW only for 5 GHz */
2196 if (mode->mode != HOSTAPD_MODE_IEEE80211A)
2197 return;
2198
2199 for (chan_idx = 0; chan_idx < mode->num_channels; chan_idx++) {
2200 pri_chan = &mode->channels[chan_idx];
2201 if (pri_chan->chan == channel)
2202 break;
2203 pri_chan = NULL;
2204 }
2205 if (!pri_chan)
2206 return;
2207
2208 /* Check primary channel flags */
2209 if (pri_chan->flag & (HOSTAPD_CHAN_DISABLED | HOSTAPD_CHAN_NO_IR))
2210 return;
2211
2212 freq->channel = pri_chan->chan;
2213
2214 #ifdef CONFIG_HT_OVERRIDES
2215 if (ssid->disable_ht40) {
2216 if (ssid->disable_vht)
2217 return;
2218 goto skip_ht40;
2219 }
2220 #endif /* CONFIG_HT_OVERRIDES */
2221
2222 /* Check/setup HT40+/HT40- */
2223 for (j = 0; j < ARRAY_SIZE(ht40plus); j++) {
2224 if (ht40plus[j] == channel) {
2225 ht40 = 1;
2226 break;
2227 }
2228 }
2229
2230 /* Find secondary channel */
2231 for (i = 0; i < mode->num_channels; i++) {
2232 sec_chan = &mode->channels[i];
2233 if (sec_chan->chan == channel + ht40 * 4)
2234 break;
2235 sec_chan = NULL;
2236 }
2237 if (!sec_chan)
2238 return;
2239
2240 /* Check secondary channel flags */
2241 if (sec_chan->flag & (HOSTAPD_CHAN_DISABLED | HOSTAPD_CHAN_NO_IR))
2242 return;
2243
2244 if (ht40 == -1) {
2245 if (!(pri_chan->flag & HOSTAPD_CHAN_HT40MINUS))
2246 return;
2247 } else {
2248 if (!(pri_chan->flag & HOSTAPD_CHAN_HT40PLUS))
2249 return;
2250 }
2251 freq->sec_channel_offset = ht40;
2252
2253 if (obss_scan) {
2254 struct wpa_scan_results *scan_res;
2255
2256 scan_res = wpa_supplicant_get_scan_results(wpa_s, NULL, 0);
2257 if (scan_res == NULL) {
2258 /* Back to HT20 */
2259 freq->sec_channel_offset = 0;
2260 return;
2261 }
2262
2263 res = check_40mhz_5g(mode, scan_res, pri_chan->chan,
2264 sec_chan->chan);
2265 switch (res) {
2266 case 0:
2267 /* Back to HT20 */
2268 freq->sec_channel_offset = 0;
2269 break;
2270 case 1:
2271 /* Configuration allowed */
2272 break;
2273 case 2:
2274 /* Switch pri/sec channels */
2275 freq->freq = hw_get_freq(mode, sec_chan->chan);
2276 freq->sec_channel_offset = -freq->sec_channel_offset;
2277 freq->channel = sec_chan->chan;
2278 break;
2279 default:
2280 freq->sec_channel_offset = 0;
2281 break;
2282 }
2283
2284 wpa_scan_results_free(scan_res);
2285 }
2286
2287 #ifdef CONFIG_HT_OVERRIDES
2288 skip_ht40:
2289 #endif /* CONFIG_HT_OVERRIDES */
2290 wpa_printf(MSG_DEBUG,
2291 "IBSS/mesh: setup freq channel %d, sec_channel_offset %d",
2292 freq->channel, freq->sec_channel_offset);
2293
2294 if (!drv_supports_vht(wpa_s, ssid))
2295 return;
2296
2297 /* For IBSS check VHT_IBSS flag */
2298 if (ssid->mode == WPAS_MODE_IBSS &&
2299 !(wpa_s->drv_flags & WPA_DRIVER_FLAGS_VHT_IBSS))
2300 return;
2301
2302 vht_freq = *freq;
2303
2304 #ifdef CONFIG_VHT_OVERRIDES
2305 if (ssid->disable_vht) {
2306 freq->vht_enabled = 0;
2307 return;
2308 }
2309 #endif /* CONFIG_VHT_OVERRIDES */
2310
2311 vht_freq.vht_enabled = vht_supported(mode);
2312 if (!vht_freq.vht_enabled)
2313 return;
2314
2315 /* setup center_freq1, bandwidth */
2316 for (j = 0; j < ARRAY_SIZE(vht80); j++) {
2317 if (freq->channel >= vht80[j] &&
2318 freq->channel < vht80[j] + 16)
2319 break;
2320 }
2321
2322 if (j == ARRAY_SIZE(vht80))
2323 return;
2324
2325 for (i = vht80[j]; i < vht80[j] + 16; i += 4) {
2326 struct hostapd_channel_data *chan;
2327
2328 chan = hw_get_channel_chan(mode, i, NULL);
2329 if (!chan)
2330 return;
2331
2332 /* Back to HT configuration if channel not usable */
2333 if (chan->flag & (HOSTAPD_CHAN_DISABLED | HOSTAPD_CHAN_NO_IR))
2334 return;
2335 }
2336
2337 chwidth = VHT_CHANWIDTH_80MHZ;
2338 seg0 = vht80[j] + 6;
2339 seg1 = 0;
2340
2341 if (ssid->max_oper_chwidth == VHT_CHANWIDTH_80P80MHZ) {
2342 /* setup center_freq2, bandwidth */
2343 for (k = 0; k < ARRAY_SIZE(vht80); k++) {
2344 /* Only accept 80 MHz segments separated by a gap */
2345 if (j == k || abs(vht80[j] - vht80[k]) == 16)
2346 continue;
2347 for (i = vht80[k]; i < vht80[k] + 16; i += 4) {
2348 struct hostapd_channel_data *chan;
2349
2350 chan = hw_get_channel_chan(mode, i, NULL);
2351 if (!chan)
2352 continue;
2353
2354 if (chan->flag & (HOSTAPD_CHAN_DISABLED |
2355 HOSTAPD_CHAN_NO_IR |
2356 HOSTAPD_CHAN_RADAR))
2357 continue;
2358
2359 /* Found a suitable second segment for 80+80 */
2360 chwidth = VHT_CHANWIDTH_80P80MHZ;
2361 vht_caps |=
2362 VHT_CAP_SUPP_CHAN_WIDTH_160_80PLUS80MHZ;
2363 seg1 = vht80[k] + 6;
2364 }
2365
2366 if (chwidth == VHT_CHANWIDTH_80P80MHZ)
2367 break;
2368 }
2369 } else if (ssid->max_oper_chwidth == VHT_CHANWIDTH_160MHZ) {
2370 if (freq->freq == 5180) {
2371 chwidth = VHT_CHANWIDTH_160MHZ;
2372 vht_caps |= VHT_CAP_SUPP_CHAN_WIDTH_160MHZ;
2373 seg0 = 50;
2374 } else if (freq->freq == 5520) {
2375 chwidth = VHT_CHANWIDTH_160MHZ;
2376 vht_caps |= VHT_CAP_SUPP_CHAN_WIDTH_160MHZ;
2377 seg0 = 114;
2378 }
2379 } else if (ssid->max_oper_chwidth == VHT_CHANWIDTH_USE_HT) {
2380 chwidth = VHT_CHANWIDTH_USE_HT;
2381 seg0 = vht80[j] + 2;
2382 #ifdef CONFIG_HT_OVERRIDES
2383 if (ssid->disable_ht40)
2384 seg0 = 0;
2385 #endif /* CONFIG_HT_OVERRIDES */
2386 }
2387
2388 if (hostapd_set_freq_params(&vht_freq, mode->mode, freq->freq,
2389 freq->channel, freq->ht_enabled,
2390 vht_freq.vht_enabled,
2391 freq->sec_channel_offset,
2392 chwidth, seg0, seg1, vht_caps) != 0)
2393 return;
2394
2395 *freq = vht_freq;
2396
2397 wpa_printf(MSG_DEBUG, "IBSS: VHT setup freq cf1 %d, cf2 %d, bw %d",
2398 freq->center_freq1, freq->center_freq2, freq->bandwidth);
2399 }
2400
2401
2402 #ifdef CONFIG_FILS
2403 static size_t wpas_add_fils_hlp_req(struct wpa_supplicant *wpa_s, u8 *ie_buf,
2404 size_t ie_buf_len)
2405 {
2406 struct fils_hlp_req *req;
2407 size_t rem_len, hdr_len, hlp_len, len, ie_len = 0;
2408 const u8 *pos;
2409 u8 *buf = ie_buf;
2410
2411 dl_list_for_each(req, &wpa_s->fils_hlp_req, struct fils_hlp_req,
2412 list) {
2413 rem_len = ie_buf_len - ie_len;
2414 pos = wpabuf_head(req->pkt);
2415 hdr_len = 1 + 2 * ETH_ALEN + 6;
2416 hlp_len = wpabuf_len(req->pkt);
2417
2418 if (rem_len < 2 + hdr_len + hlp_len) {
2419 wpa_printf(MSG_ERROR,
2420 "FILS: Cannot fit HLP - rem_len=%lu to_fill=%lu",
2421 (unsigned long) rem_len,
2422 (unsigned long) (2 + hdr_len + hlp_len));
2423 break;
2424 }
2425
2426 len = (hdr_len + hlp_len) > 255 ? 255 : hdr_len + hlp_len;
2427 /* Element ID */
2428 *buf++ = WLAN_EID_EXTENSION;
2429 /* Length */
2430 *buf++ = len;
2431 /* Element ID Extension */
2432 *buf++ = WLAN_EID_EXT_FILS_HLP_CONTAINER;
2433 /* Destination MAC address */
2434 os_memcpy(buf, req->dst, ETH_ALEN);
2435 buf += ETH_ALEN;
2436 /* Source MAC address */
2437 os_memcpy(buf, wpa_s->own_addr, ETH_ALEN);
2438 buf += ETH_ALEN;
2439 /* LLC/SNAP Header */
2440 os_memcpy(buf, "\xaa\xaa\x03\x00\x00\x00", 6);
2441 buf += 6;
2442 /* HLP Packet */
2443 os_memcpy(buf, pos, len - hdr_len);
2444 buf += len - hdr_len;
2445 pos += len - hdr_len;
2446
2447 hlp_len -= len - hdr_len;
2448 ie_len += 2 + len;
2449 rem_len -= 2 + len;
2450
2451 while (hlp_len) {
2452 len = (hlp_len > 255) ? 255 : hlp_len;
2453 if (rem_len < 2 + len)
2454 break;
2455 *buf++ = WLAN_EID_FRAGMENT;
2456 *buf++ = len;
2457 os_memcpy(buf, pos, len);
2458 buf += len;
2459 pos += len;
2460
2461 hlp_len -= len;
2462 ie_len += 2 + len;
2463 rem_len -= 2 + len;
2464 }
2465 }
2466
2467 return ie_len;
2468 }
2469
2470
2471 int wpa_is_fils_supported(struct wpa_supplicant *wpa_s)
2472 {
2473 return (((wpa_s->drv_flags & WPA_DRIVER_FLAGS_SME) &&
2474 (wpa_s->drv_flags & WPA_DRIVER_FLAGS_SUPPORT_FILS)) ||
2475 (!(wpa_s->drv_flags & WPA_DRIVER_FLAGS_SME) &&
2476 (wpa_s->drv_flags & WPA_DRIVER_FLAGS_FILS_SK_OFFLOAD)));
2477 }
2478
2479
2480 int wpa_is_fils_sk_pfs_supported(struct wpa_supplicant *wpa_s)
2481 {
2482 #ifdef CONFIG_FILS_SK_PFS
2483 return (wpa_s->drv_flags & WPA_DRIVER_FLAGS_SME) &&
2484 (wpa_s->drv_flags & WPA_DRIVER_FLAGS_SUPPORT_FILS);
2485 #else /* CONFIG_FILS_SK_PFS */
2486 return 0;
2487 #endif /* CONFIG_FILS_SK_PFS */
2488 }
2489
2490 #endif /* CONFIG_FILS */
2491
2492
2493 static u8 * wpas_populate_assoc_ies(
2494 struct wpa_supplicant *wpa_s,
2495 struct wpa_bss *bss, struct wpa_ssid *ssid,
2496 struct wpa_driver_associate_params *params,
2497 enum wpa_drv_update_connect_params_mask *mask)
2498 {
2499 u8 *wpa_ie;
2500 size_t max_wpa_ie_len = 500;
2501 size_t wpa_ie_len;
2502 int algs = WPA_AUTH_ALG_OPEN;
2503 #ifdef CONFIG_MBO
2504 const u8 *mbo_ie;
2505 #endif
2506 #ifdef CONFIG_FILS
2507 const u8 *realm, *username, *rrk;
2508 size_t realm_len, username_len, rrk_len;
2509 u16 next_seq_num;
2510 struct fils_hlp_req *req;
2511
2512 dl_list_for_each(req, &wpa_s->fils_hlp_req, struct fils_hlp_req,
2513 list) {
2514 max_wpa_ie_len += 3 + 2 * ETH_ALEN + 6 + wpabuf_len(req->pkt) +
2515 2 + 2 * wpabuf_len(req->pkt) / 255;
2516 }
2517 #endif /* CONFIG_FILS */
2518
2519 wpa_ie = os_malloc(max_wpa_ie_len);
2520 if (!wpa_ie) {
2521 wpa_printf(MSG_ERROR,
2522 "Failed to allocate connect IE buffer for %lu bytes",
2523 (unsigned long) max_wpa_ie_len);
2524 return NULL;
2525 }
2526
2527 if (bss && (wpa_bss_get_vendor_ie(bss, WPA_IE_VENDOR_TYPE) ||
2528 wpa_bss_get_ie(bss, WLAN_EID_RSN)) &&
2529 wpa_key_mgmt_wpa(ssid->key_mgmt)) {
2530 int try_opportunistic;
2531 const u8 *cache_id = NULL;
2532
2533 try_opportunistic = (ssid->proactive_key_caching < 0 ?
2534 wpa_s->conf->okc :
2535 ssid->proactive_key_caching) &&
2536 (ssid->proto & WPA_PROTO_RSN);
2537 #ifdef CONFIG_FILS
2538 if (wpa_key_mgmt_fils(ssid->key_mgmt))
2539 cache_id = wpa_bss_get_fils_cache_id(bss);
2540 #endif /* CONFIG_FILS */
2541 if (pmksa_cache_set_current(wpa_s->wpa, NULL, bss->bssid,
2542 ssid, try_opportunistic,
2543 cache_id, 0) == 0)
2544 eapol_sm_notify_pmkid_attempt(wpa_s->eapol);
2545 wpa_ie_len = max_wpa_ie_len;
2546 if (wpa_supplicant_set_suites(wpa_s, bss, ssid,
2547 wpa_ie, &wpa_ie_len)) {
2548 wpa_msg(wpa_s, MSG_WARNING, "WPA: Failed to set WPA "
2549 "key management and encryption suites");
2550 os_free(wpa_ie);
2551 return NULL;
2552 }
2553 #ifdef CONFIG_HS20
2554 } else if (bss && wpa_bss_get_vendor_ie(bss, OSEN_IE_VENDOR_TYPE) &&
2555 (ssid->key_mgmt & WPA_KEY_MGMT_OSEN)) {
2556 /* No PMKSA caching, but otherwise similar to RSN/WPA */
2557 wpa_ie_len = max_wpa_ie_len;
2558 if (wpa_supplicant_set_suites(wpa_s, bss, ssid,
2559 wpa_ie, &wpa_ie_len)) {
2560 wpa_msg(wpa_s, MSG_WARNING, "WPA: Failed to set WPA "
2561 "key management and encryption suites");
2562 os_free(wpa_ie);
2563 return NULL;
2564 }
2565 #endif /* CONFIG_HS20 */
2566 } else if ((ssid->key_mgmt & WPA_KEY_MGMT_IEEE8021X_NO_WPA) && bss &&
2567 wpa_key_mgmt_wpa_ieee8021x(ssid->key_mgmt)) {
2568 /*
2569 * Both WPA and non-WPA IEEE 802.1X enabled in configuration -
2570 * use non-WPA since the scan results did not indicate that the
2571 * AP is using WPA or WPA2.
2572 */
2573 wpa_supplicant_set_non_wpa_policy(wpa_s, ssid);
2574 wpa_ie_len = 0;
2575 wpa_s->wpa_proto = 0;
2576 } else if (wpa_key_mgmt_wpa_any(ssid->key_mgmt)) {
2577 wpa_ie_len = max_wpa_ie_len;
2578 if (wpa_supplicant_set_suites(wpa_s, NULL, ssid,
2579 wpa_ie, &wpa_ie_len)) {
2580 wpa_msg(wpa_s, MSG_WARNING, "WPA: Failed to set WPA "
2581 "key management and encryption suites (no "
2582 "scan results)");
2583 os_free(wpa_ie);
2584 return NULL;
2585 }
2586 #ifdef CONFIG_WPS
2587 } else if (ssid->key_mgmt & WPA_KEY_MGMT_WPS) {
2588 struct wpabuf *wps_ie;
2589 wps_ie = wps_build_assoc_req_ie(wpas_wps_get_req_type(ssid));
2590 if (wps_ie && wpabuf_len(wps_ie) <= max_wpa_ie_len) {
2591 wpa_ie_len = wpabuf_len(wps_ie);
2592 os_memcpy(wpa_ie, wpabuf_head(wps_ie), wpa_ie_len);
2593 } else
2594 wpa_ie_len = 0;
2595 wpabuf_free(wps_ie);
2596 wpa_supplicant_set_non_wpa_policy(wpa_s, ssid);
2597 if (!bss || (bss->caps & IEEE80211_CAP_PRIVACY))
2598 params->wps = WPS_MODE_PRIVACY;
2599 else
2600 params->wps = WPS_MODE_OPEN;
2601 wpa_s->wpa_proto = 0;
2602 #endif /* CONFIG_WPS */
2603 } else {
2604 wpa_supplicant_set_non_wpa_policy(wpa_s, ssid);
2605 wpa_ie_len = 0;
2606 wpa_s->wpa_proto = 0;
2607 }
2608
2609 #ifdef IEEE8021X_EAPOL
2610 if (ssid->key_mgmt & WPA_KEY_MGMT_IEEE8021X_NO_WPA) {
2611 if (ssid->leap) {
2612 if (ssid->non_leap == 0)
2613 algs = WPA_AUTH_ALG_LEAP;
2614 else
2615 algs |= WPA_AUTH_ALG_LEAP;
2616 }
2617 }
2618
2619 #ifdef CONFIG_FILS
2620 /* Clear FILS association */
2621 wpa_sm_set_reset_fils_completed(wpa_s->wpa, 0);
2622
2623 if ((wpa_s->drv_flags & WPA_DRIVER_FLAGS_FILS_SK_OFFLOAD) &&
2624 ssid->eap.erp && wpa_key_mgmt_fils(wpa_s->key_mgmt) &&
2625 eapol_sm_get_erp_info(wpa_s->eapol, &ssid->eap, &username,
2626 &username_len, &realm, &realm_len,
2627 &next_seq_num, &rrk, &rrk_len) == 0 &&
2628 (!wpa_s->last_con_fail_realm ||
2629 wpa_s->last_con_fail_realm_len != realm_len ||
2630 os_memcmp(wpa_s->last_con_fail_realm, realm, realm_len) != 0)) {
2631 algs = WPA_AUTH_ALG_FILS;
2632 params->fils_erp_username = username;
2633 params->fils_erp_username_len = username_len;
2634 params->fils_erp_realm = realm;
2635 params->fils_erp_realm_len = realm_len;
2636 params->fils_erp_next_seq_num = next_seq_num;
2637 params->fils_erp_rrk = rrk;
2638 params->fils_erp_rrk_len = rrk_len;
2639
2640 if (mask)
2641 *mask |= WPA_DRV_UPDATE_FILS_ERP_INFO;
2642 }
2643 #endif /* CONFIG_FILS */
2644 #endif /* IEEE8021X_EAPOL */
2645 #ifdef CONFIG_SAE
2646 if (wpa_s->key_mgmt & (WPA_KEY_MGMT_SAE | WPA_KEY_MGMT_FT_SAE))
2647 algs = WPA_AUTH_ALG_SAE;
2648 #endif /* CONFIG_SAE */
2649
2650 wpa_dbg(wpa_s, MSG_DEBUG, "Automatic auth_alg selection: 0x%x", algs);
2651 if (ssid->auth_alg) {
2652 algs = ssid->auth_alg;
2653 wpa_dbg(wpa_s, MSG_DEBUG,
2654 "Overriding auth_alg selection: 0x%x", algs);
2655 }
2656
2657 #ifdef CONFIG_P2P
2658 if (wpa_s->global->p2p) {
2659 u8 *pos;
2660 size_t len;
2661 int res;
2662 pos = wpa_ie + wpa_ie_len;
2663 len = max_wpa_ie_len - wpa_ie_len;
2664 res = wpas_p2p_assoc_req_ie(wpa_s, bss, pos, len,
2665 ssid->p2p_group);
2666 if (res >= 0)
2667 wpa_ie_len += res;
2668 }
2669
2670 wpa_s->cross_connect_disallowed = 0;
2671 if (bss) {
2672 struct wpabuf *p2p;
2673 p2p = wpa_bss_get_vendor_ie_multi(bss, P2P_IE_VENDOR_TYPE);
2674 if (p2p) {
2675 wpa_s->cross_connect_disallowed =
2676 p2p_get_cross_connect_disallowed(p2p);
2677 wpabuf_free(p2p);
2678 wpa_dbg(wpa_s, MSG_DEBUG, "P2P: WLAN AP %s cross "
2679 "connection",
2680 wpa_s->cross_connect_disallowed ?
2681 "disallows" : "allows");
2682 }
2683 }
2684
2685 os_memset(wpa_s->p2p_ip_addr_info, 0, sizeof(wpa_s->p2p_ip_addr_info));
2686 #endif /* CONFIG_P2P */
2687
2688 if (bss) {
2689 wpa_ie_len += wpas_supp_op_class_ie(wpa_s, ssid, bss->freq,
2690 wpa_ie + wpa_ie_len,
2691 max_wpa_ie_len -
2692 wpa_ie_len);
2693 }
2694
2695 /*
2696 * Workaround: Add Extended Capabilities element only if the AP
2697 * included this element in Beacon/Probe Response frames. Some older
2698 * APs seem to have interoperability issues if this element is
2699 * included, so while the standard may require us to include the
2700 * element in all cases, it is justifiable to skip it to avoid
2701 * interoperability issues.
2702 */
2703 if (ssid->p2p_group)
2704 wpa_drv_get_ext_capa(wpa_s, WPA_IF_P2P_CLIENT);
2705 else
2706 wpa_drv_get_ext_capa(wpa_s, WPA_IF_STATION);
2707
2708 if (!bss || wpa_bss_get_ie(bss, WLAN_EID_EXT_CAPAB)) {
2709 u8 ext_capab[18];
2710 int ext_capab_len;
2711 ext_capab_len = wpas_build_ext_capab(wpa_s, ext_capab,
2712 sizeof(ext_capab));
2713 if (ext_capab_len > 0 &&
2714 wpa_ie_len + ext_capab_len <= max_wpa_ie_len) {
2715 u8 *pos = wpa_ie;
2716 if (wpa_ie_len > 0 && pos[0] == WLAN_EID_RSN)
2717 pos += 2 + pos[1];
2718 os_memmove(pos + ext_capab_len, pos,
2719 wpa_ie_len - (pos - wpa_ie));
2720 wpa_ie_len += ext_capab_len;
2721 os_memcpy(pos, ext_capab, ext_capab_len);
2722 }
2723 }
2724
2725 #ifdef CONFIG_HS20
2726 if (is_hs20_network(wpa_s, ssid, bss)) {
2727 struct wpabuf *hs20;
2728
2729 hs20 = wpabuf_alloc(20 + MAX_ROAMING_CONS_OI_LEN);
2730 if (hs20) {
2731 int pps_mo_id = hs20_get_pps_mo_id(wpa_s, ssid);
2732 size_t len;
2733
2734 wpas_hs20_add_indication(hs20, pps_mo_id,
2735 get_hs20_version(bss));
2736 wpas_hs20_add_roam_cons_sel(hs20, ssid);
2737 len = max_wpa_ie_len - wpa_ie_len;
2738 if (wpabuf_len(hs20) <= len) {
2739 os_memcpy(wpa_ie + wpa_ie_len,
2740 wpabuf_head(hs20), wpabuf_len(hs20));
2741 wpa_ie_len += wpabuf_len(hs20);
2742 }
2743 wpabuf_free(hs20);
2744
2745 hs20_configure_frame_filters(wpa_s);
2746 }
2747 }
2748 #endif /* CONFIG_HS20 */
2749
2750 if (wpa_s->vendor_elem[VENDOR_ELEM_ASSOC_REQ]) {
2751 struct wpabuf *buf = wpa_s->vendor_elem[VENDOR_ELEM_ASSOC_REQ];
2752 size_t len;
2753
2754 len = max_wpa_ie_len - wpa_ie_len;
2755 if (wpabuf_len(buf) <= len) {
2756 os_memcpy(wpa_ie + wpa_ie_len,
2757 wpabuf_head(buf), wpabuf_len(buf));
2758 wpa_ie_len += wpabuf_len(buf);
2759 }
2760 }
2761
2762 #ifdef CONFIG_FST
2763 if (wpa_s->fst_ies) {
2764 int fst_ies_len = wpabuf_len(wpa_s->fst_ies);
2765
2766 if (wpa_ie_len + fst_ies_len <= max_wpa_ie_len) {
2767 os_memcpy(wpa_ie + wpa_ie_len,
2768 wpabuf_head(wpa_s->fst_ies), fst_ies_len);
2769 wpa_ie_len += fst_ies_len;
2770 }
2771 }
2772 #endif /* CONFIG_FST */
2773
2774 #ifdef CONFIG_MBO
2775 mbo_ie = bss ? wpa_bss_get_vendor_ie(bss, MBO_IE_VENDOR_TYPE) : NULL;
2776 if (mbo_ie) {
2777 int len;
2778
2779 len = wpas_mbo_ie(wpa_s, wpa_ie + wpa_ie_len,
2780 max_wpa_ie_len - wpa_ie_len,
2781 !!mbo_attr_from_mbo_ie(mbo_ie,
2782 OCE_ATTR_ID_CAPA_IND));
2783 if (len >= 0)
2784 wpa_ie_len += len;
2785 }
2786 #endif /* CONFIG_MBO */
2787
2788 #ifdef CONFIG_FILS
2789 if (algs == WPA_AUTH_ALG_FILS) {
2790 size_t len;
2791
2792 len = wpas_add_fils_hlp_req(wpa_s, wpa_ie + wpa_ie_len,
2793 max_wpa_ie_len - wpa_ie_len);
2794 wpa_ie_len += len;
2795 }
2796 #endif /* CONFIG_FILS */
2797
2798 #ifdef CONFIG_OWE
2799 #ifdef CONFIG_TESTING_OPTIONS
2800 if (get_ie_ext(wpa_ie, wpa_ie_len, WLAN_EID_EXT_OWE_DH_PARAM)) {
2801 wpa_printf(MSG_INFO, "TESTING: Override OWE DH element");
2802 } else
2803 #endif /* CONFIG_TESTING_OPTIONS */
2804 if (algs == WPA_AUTH_ALG_OPEN &&
2805 ssid->key_mgmt == WPA_KEY_MGMT_OWE) {
2806 struct wpabuf *owe_ie;
2807 u16 group;
2808
2809 if (ssid->owe_group) {
2810 group = ssid->owe_group;
2811 } else if (wpa_s->assoc_status_code ==
2812 WLAN_STATUS_FINITE_CYCLIC_GROUP_NOT_SUPPORTED) {
2813 if (wpa_s->last_owe_group == 19)
2814 group = 20;
2815 else if (wpa_s->last_owe_group == 20)
2816 group = 21;
2817 else
2818 group = OWE_DH_GROUP;
2819 } else {
2820 group = OWE_DH_GROUP;
2821 }
2822
2823 wpa_s->last_owe_group = group;
2824 wpa_printf(MSG_DEBUG, "OWE: Try to use group %u", group);
2825 owe_ie = owe_build_assoc_req(wpa_s->wpa, group);
2826 if (owe_ie &&
2827 wpabuf_len(owe_ie) <= max_wpa_ie_len - wpa_ie_len) {
2828 os_memcpy(wpa_ie + wpa_ie_len,
2829 wpabuf_head(owe_ie), wpabuf_len(owe_ie));
2830 wpa_ie_len += wpabuf_len(owe_ie);
2831 wpabuf_free(owe_ie);
2832 }
2833 }
2834 #endif /* CONFIG_OWE */
2835
2836 #ifdef CONFIG_DPP2
2837 if (wpa_sm_get_key_mgmt(wpa_s->wpa) == WPA_KEY_MGMT_DPP &&
2838 ssid->dpp_netaccesskey) {
2839 dpp_pfs_free(wpa_s->dpp_pfs);
2840 wpa_s->dpp_pfs = dpp_pfs_init(ssid->dpp_netaccesskey,
2841 ssid->dpp_netaccesskey_len);
2842 if (!wpa_s->dpp_pfs) {
2843 wpa_printf(MSG_DEBUG, "DPP: Could not initialize PFS");
2844 /* Try to continue without PFS */
2845 goto pfs_fail;
2846 }
2847 if (wpabuf_len(wpa_s->dpp_pfs->ie) <=
2848 max_wpa_ie_len - wpa_ie_len) {
2849 os_memcpy(wpa_ie + wpa_ie_len,
2850 wpabuf_head(wpa_s->dpp_pfs->ie),
2851 wpabuf_len(wpa_s->dpp_pfs->ie));
2852 wpa_ie_len += wpabuf_len(wpa_s->dpp_pfs->ie);
2853 }
2854 }
2855 pfs_fail:
2856 #endif /* CONFIG_DPP2 */
2857
2858 #ifdef CONFIG_IEEE80211R
2859 /*
2860 * Add MDIE under these conditions: the network profile allows FT,
2861 * the AP supports FT, and the mobility domain ID matches.
2862 */
2863 if (bss && wpa_key_mgmt_ft(wpa_sm_get_key_mgmt(wpa_s->wpa))) {
2864 const u8 *mdie = wpa_bss_get_ie(bss, WLAN_EID_MOBILITY_DOMAIN);
2865
2866 if (mdie && mdie[1] >= MOBILITY_DOMAIN_ID_LEN) {
2867 size_t len = 0;
2868 const u8 *md = mdie + 2;
2869 const u8 *wpa_md = wpa_sm_get_ft_md(wpa_s->wpa);
2870
2871 if (os_memcmp(md, wpa_md,
2872 MOBILITY_DOMAIN_ID_LEN) == 0) {
2873 /* Add mobility domain IE */
2874 len = wpa_ft_add_mdie(
2875 wpa_s->wpa, wpa_ie + wpa_ie_len,
2876 max_wpa_ie_len - wpa_ie_len, mdie);
2877 wpa_ie_len += len;
2878 }
2879 #ifdef CONFIG_SME
2880 if (len > 0 && wpa_s->sme.ft_used &&
2881 wpa_sm_has_ptk(wpa_s->wpa)) {
2882 wpa_dbg(wpa_s, MSG_DEBUG,
2883 "SME: Trying to use FT over-the-air");
2884 algs |= WPA_AUTH_ALG_FT;
2885 }
2886 #endif /* CONFIG_SME */
2887 }
2888 }
2889 #endif /* CONFIG_IEEE80211R */
2890
2891 if (ssid->multi_ap_backhaul_sta) {
2892 size_t multi_ap_ie_len;
2893
2894 multi_ap_ie_len = add_multi_ap_ie(wpa_ie + wpa_ie_len,
2895 max_wpa_ie_len - wpa_ie_len,
2896 MULTI_AP_BACKHAUL_STA);
2897 if (multi_ap_ie_len == 0) {
2898 wpa_printf(MSG_ERROR,
2899 "Multi-AP: Failed to build Multi-AP IE");
2900 os_free(wpa_ie);
2901 return NULL;
2902 }
2903 wpa_ie_len += multi_ap_ie_len;
2904 }
2905
2906 params->wpa_ie = wpa_ie;
2907 params->wpa_ie_len = wpa_ie_len;
2908 params->auth_alg = algs;
2909 if (mask)
2910 *mask |= WPA_DRV_UPDATE_ASSOC_IES | WPA_DRV_UPDATE_AUTH_TYPE;
2911
2912 return wpa_ie;
2913 }
2914
2915
2916 #if defined(CONFIG_FILS) && defined(IEEE8021X_EAPOL)
2917 static void wpas_update_fils_connect_params(struct wpa_supplicant *wpa_s)
2918 {
2919 struct wpa_driver_associate_params params;
2920 enum wpa_drv_update_connect_params_mask mask = 0;
2921 u8 *wpa_ie;
2922
2923 if (wpa_s->auth_alg != WPA_AUTH_ALG_OPEN)
2924 return; /* nothing to do */
2925
2926 os_memset(&params, 0, sizeof(params));
2927 wpa_ie = wpas_populate_assoc_ies(wpa_s, wpa_s->current_bss,
2928 wpa_s->current_ssid, &params, &mask);
2929 if (!wpa_ie)
2930 return;
2931
2932 if (params.auth_alg != WPA_AUTH_ALG_FILS) {
2933 os_free(wpa_ie);
2934 return;
2935 }
2936
2937 wpa_s->auth_alg = params.auth_alg;
2938 wpa_drv_update_connect_params(wpa_s, &params, mask);
2939 os_free(wpa_ie);
2940 }
2941 #endif /* CONFIG_FILS && IEEE8021X_EAPOL */
2942
2943
2944 static void wpas_start_assoc_cb(struct wpa_radio_work *work, int deinit)
2945 {
2946 struct wpa_connect_work *cwork = work->ctx;
2947 struct wpa_bss *bss = cwork->bss;
2948 struct wpa_ssid *ssid = cwork->ssid;
2949 struct wpa_supplicant *wpa_s = work->wpa_s;
2950 u8 *wpa_ie;
2951 int use_crypt, ret, i, bssid_changed;
2952 unsigned int cipher_pairwise, cipher_group, cipher_group_mgmt;
2953 struct wpa_driver_associate_params params;
2954 int wep_keys_set = 0;
2955 int assoc_failed = 0;
2956 struct wpa_ssid *old_ssid;
2957 u8 prev_bssid[ETH_ALEN];
2958 #ifdef CONFIG_HT_OVERRIDES
2959 struct ieee80211_ht_capabilities htcaps;
2960 struct ieee80211_ht_capabilities htcaps_mask;
2961 #endif /* CONFIG_HT_OVERRIDES */
2962 #ifdef CONFIG_VHT_OVERRIDES
2963 struct ieee80211_vht_capabilities vhtcaps;
2964 struct ieee80211_vht_capabilities vhtcaps_mask;
2965 #endif /* CONFIG_VHT_OVERRIDES */
2966
2967 if (deinit) {
2968 if (work->started) {
2969 wpa_s->connect_work = NULL;
2970
2971 /* cancel possible auth. timeout */
2972 eloop_cancel_timeout(wpa_supplicant_timeout, wpa_s,
2973 NULL);
2974 }
2975 wpas_connect_work_free(cwork);
2976 return;
2977 }
2978
2979 wpa_s->connect_work = work;
2980
2981 if (cwork->bss_removed || !wpas_valid_bss_ssid(wpa_s, bss, ssid) ||
2982 wpas_network_disabled(wpa_s, ssid)) {
2983 wpa_dbg(wpa_s, MSG_DEBUG, "BSS/SSID entry for association not valid anymore - drop connection attempt");
2984 wpas_connect_work_done(wpa_s);
2985 return;
2986 }
2987
2988 os_memcpy(prev_bssid, wpa_s->bssid, ETH_ALEN);
2989 os_memset(&params, 0, sizeof(params));
2990 wpa_s->reassociate = 0;
2991 wpa_s->eap_expected_failure = 0;
2992 if (bss &&
2993 (!wpas_driver_bss_selection(wpa_s) || wpas_wps_searching(wpa_s))) {
2994 #ifdef CONFIG_IEEE80211R
2995 const u8 *ie, *md = NULL;
2996 #endif /* CONFIG_IEEE80211R */
2997 wpa_msg(wpa_s, MSG_INFO, "Trying to associate with " MACSTR
2998 " (SSID='%s' freq=%d MHz)", MAC2STR(bss->bssid),
2999 wpa_ssid_txt(bss->ssid, bss->ssid_len), bss->freq);
3000 bssid_changed = !is_zero_ether_addr(wpa_s->bssid);
3001 os_memset(wpa_s->bssid, 0, ETH_ALEN);
3002 os_memcpy(wpa_s->pending_bssid, bss->bssid, ETH_ALEN);
3003 if (bssid_changed)
3004 wpas_notify_bssid_changed(wpa_s);
3005 #ifdef CONFIG_IEEE80211R
3006 ie = wpa_bss_get_ie(bss, WLAN_EID_MOBILITY_DOMAIN);
3007 if (ie && ie[1] >= MOBILITY_DOMAIN_ID_LEN)
3008 md = ie + 2;
3009 wpa_sm_set_ft_params(wpa_s->wpa, ie, ie ? 2 + ie[1] : 0);
3010 if (md) {
3011 /* Prepare for the next transition */
3012 wpa_ft_prepare_auth_request(wpa_s->wpa, ie);
3013 }
3014 #endif /* CONFIG_IEEE80211R */
3015 #ifdef CONFIG_WPS
3016 } else if ((ssid->ssid == NULL || ssid->ssid_len == 0) &&
3017 wpa_s->conf->ap_scan == 2 &&
3018 (ssid->key_mgmt & WPA_KEY_MGMT_WPS)) {
3019 /* Use ap_scan==1 style network selection to find the network
3020 */
3021 wpas_connect_work_done(wpa_s);
3022 wpa_s->scan_req = MANUAL_SCAN_REQ;
3023 wpa_s->reassociate = 1;
3024 wpa_supplicant_req_scan(wpa_s, 0, 0);
3025 return;
3026 #endif /* CONFIG_WPS */
3027 } else {
3028 wpa_msg(wpa_s, MSG_INFO, "Trying to associate with SSID '%s'",
3029 wpa_ssid_txt(ssid->ssid, ssid->ssid_len));
3030 if (bss)
3031 os_memcpy(wpa_s->pending_bssid, bss->bssid, ETH_ALEN);
3032 else
3033 os_memset(wpa_s->pending_bssid, 0, ETH_ALEN);
3034 }
3035 if (!wpa_s->pno)
3036 wpa_supplicant_cancel_sched_scan(wpa_s);
3037
3038 wpa_supplicant_cancel_scan(wpa_s);
3039
3040 /* Starting new association, so clear the possibly used WPA IE from the
3041 * previous association. */
3042 wpa_sm_set_assoc_wpa_ie(wpa_s->wpa, NULL, 0);
3043
3044 wpa_ie = wpas_populate_assoc_ies(wpa_s, bss, ssid, &params, NULL);
3045 if (!wpa_ie) {
3046 wpas_connect_work_done(wpa_s);
3047 return;
3048 }
3049
3050 wpa_clear_keys(wpa_s, bss ? bss->bssid : NULL);
3051 use_crypt = 1;
3052 cipher_pairwise = wpa_s->pairwise_cipher;
3053 cipher_group = wpa_s->group_cipher;
3054 cipher_group_mgmt = wpa_s->mgmt_group_cipher;
3055 if (wpa_s->key_mgmt == WPA_KEY_MGMT_NONE ||
3056 wpa_s->key_mgmt == WPA_KEY_MGMT_IEEE8021X_NO_WPA) {
3057 if (wpa_s->key_mgmt == WPA_KEY_MGMT_NONE)
3058 use_crypt = 0;
3059 if (wpa_set_wep_keys(wpa_s, ssid)) {
3060 use_crypt = 1;
3061 wep_keys_set = 1;
3062 }
3063 }
3064 if (wpa_s->key_mgmt == WPA_KEY_MGMT_WPS)
3065 use_crypt = 0;
3066
3067 #ifdef IEEE8021X_EAPOL
3068 if (wpa_s->key_mgmt == WPA_KEY_MGMT_IEEE8021X_NO_WPA) {
3069 if ((ssid->eapol_flags &
3070 (EAPOL_FLAG_REQUIRE_KEY_UNICAST |
3071 EAPOL_FLAG_REQUIRE_KEY_BROADCAST)) == 0 &&
3072 !wep_keys_set) {
3073 use_crypt = 0;
3074 } else {
3075 /* Assume that dynamic WEP-104 keys will be used and
3076 * set cipher suites in order for drivers to expect
3077 * encryption. */
3078 cipher_pairwise = cipher_group = WPA_CIPHER_WEP104;
3079 }
3080 }
3081 #endif /* IEEE8021X_EAPOL */
3082
3083 if (wpa_s->key_mgmt == WPA_KEY_MGMT_WPA_NONE) {
3084 /* Set the key before (and later after) association */
3085 wpa_supplicant_set_wpa_none_key(wpa_s, ssid);
3086 }
3087
3088 wpa_supplicant_set_state(wpa_s, WPA_ASSOCIATING);
3089 if (bss) {
3090 params.ssid = bss->ssid;
3091 params.ssid_len = bss->ssid_len;
3092 if (!wpas_driver_bss_selection(wpa_s) || ssid->bssid_set ||
3093 wpa_s->key_mgmt == WPA_KEY_MGMT_WPS) {
3094 wpa_printf(MSG_DEBUG, "Limit connection to BSSID "
3095 MACSTR " freq=%u MHz based on scan results "
3096 "(bssid_set=%d wps=%d)",
3097 MAC2STR(bss->bssid), bss->freq,
3098 ssid->bssid_set,
3099 wpa_s->key_mgmt == WPA_KEY_MGMT_WPS);
3100 params.bssid = bss->bssid;
3101 params.freq.freq = bss->freq;
3102 }
3103 params.bssid_hint = bss->bssid;
3104 params.freq_hint = bss->freq;
3105 params.pbss = bss_is_pbss(bss);
3106 } else {
3107 if (ssid->bssid_hint_set)
3108 params.bssid_hint = ssid->bssid_hint;
3109
3110 params.ssid = ssid->ssid;
3111 params.ssid_len = ssid->ssid_len;
3112 params.pbss = (ssid->pbss != 2) ? ssid->pbss : 0;
3113 }
3114
3115 if (ssid->mode == WPAS_MODE_IBSS && ssid->bssid_set &&
3116 wpa_s->conf->ap_scan == 2) {
3117 params.bssid = ssid->bssid;
3118 params.fixed_bssid = 1;
3119 }
3120
3121 /* Initial frequency for IBSS/mesh */
3122 if ((ssid->mode == WPAS_MODE_IBSS || ssid->mode == WPAS_MODE_MESH) &&
3123 ssid->frequency > 0 && params.freq.freq == 0)
3124 ibss_mesh_setup_freq(wpa_s, ssid, &params.freq);
3125
3126 if (ssid->mode == WPAS_MODE_IBSS) {
3127 params.fixed_freq = ssid->fixed_freq;
3128 if (ssid->beacon_int)
3129 params.beacon_int = ssid->beacon_int;
3130 else
3131 params.beacon_int = wpa_s->conf->beacon_int;
3132 }
3133
3134 params.pairwise_suite = cipher_pairwise;
3135 params.group_suite = cipher_group;
3136 params.mgmt_group_suite = cipher_group_mgmt;
3137 params.key_mgmt_suite = wpa_s->key_mgmt;
3138 params.wpa_proto = wpa_s->wpa_proto;
3139 wpa_s->auth_alg = params.auth_alg;
3140 params.mode = ssid->mode;
3141 params.bg_scan_period = ssid->bg_scan_period;
3142 for (i = 0; i < NUM_WEP_KEYS; i++) {
3143 if (ssid->wep_key_len[i])
3144 params.wep_key[i] = ssid->wep_key[i];
3145 params.wep_key_len[i] = ssid->wep_key_len[i];
3146 }
3147 params.wep_tx_keyidx = ssid->wep_tx_keyidx;
3148
3149 if ((wpa_s->drv_flags & WPA_DRIVER_FLAGS_4WAY_HANDSHAKE_PSK) &&
3150 (params.key_mgmt_suite == WPA_KEY_MGMT_PSK ||
3151 params.key_mgmt_suite == WPA_KEY_MGMT_FT_PSK)) {
3152 params.passphrase = ssid->passphrase;
3153 if (ssid->psk_set)
3154 params.psk = ssid->psk;
3155 }
3156
3157 if ((wpa_s->drv_flags & WPA_DRIVER_FLAGS_4WAY_HANDSHAKE_8021X) &&
3158 (params.key_mgmt_suite == WPA_KEY_MGMT_IEEE8021X ||
3159 params.key_mgmt_suite == WPA_KEY_MGMT_IEEE8021X_SHA256 ||
3160 params.key_mgmt_suite == WPA_KEY_MGMT_IEEE8021X_SUITE_B ||
3161 params.key_mgmt_suite == WPA_KEY_MGMT_IEEE8021X_SUITE_B_192))
3162 params.req_key_mgmt_offload = 1;
3163
3164 if (wpa_s->conf->key_mgmt_offload) {
3165 if (params.key_mgmt_suite == WPA_KEY_MGMT_IEEE8021X ||
3166 params.key_mgmt_suite == WPA_KEY_MGMT_IEEE8021X_SHA256 ||
3167 params.key_mgmt_suite == WPA_KEY_MGMT_IEEE8021X_SUITE_B ||
3168 params.key_mgmt_suite == WPA_KEY_MGMT_IEEE8021X_SUITE_B_192)
3169 params.req_key_mgmt_offload =
3170 ssid->proactive_key_caching < 0 ?
3171 wpa_s->conf->okc : ssid->proactive_key_caching;
3172 else
3173 params.req_key_mgmt_offload = 1;
3174
3175 if ((params.key_mgmt_suite == WPA_KEY_MGMT_PSK ||
3176 params.key_mgmt_suite == WPA_KEY_MGMT_PSK_SHA256 ||
3177 params.key_mgmt_suite == WPA_KEY_MGMT_FT_PSK) &&
3178 ssid->psk_set)
3179 params.psk = ssid->psk;
3180 }
3181
3182 params.drop_unencrypted = use_crypt;
3183
3184 #ifdef CONFIG_IEEE80211W
3185 params.mgmt_frame_protection = wpas_get_ssid_pmf(wpa_s, ssid);
3186 if (params.mgmt_frame_protection != NO_MGMT_FRAME_PROTECTION && bss) {
3187 const u8 *rsn = wpa_bss_get_ie(bss, WLAN_EID_RSN);
3188 struct wpa_ie_data ie;
3189 if (rsn && wpa_parse_wpa_ie(rsn, 2 + rsn[1], &ie) == 0 &&
3190 ie.capabilities &
3191 (WPA_CAPABILITY_MFPC | WPA_CAPABILITY_MFPR)) {
3192 wpa_dbg(wpa_s, MSG_DEBUG, "WPA: Selected AP supports "
3193 "MFP: require MFP");
3194 params.mgmt_frame_protection =
3195 MGMT_FRAME_PROTECTION_REQUIRED;
3196 #ifdef CONFIG_OWE
3197 } else if (!rsn && (ssid->key_mgmt & WPA_KEY_MGMT_OWE) &&
3198 !ssid->owe_only) {
3199 params.mgmt_frame_protection = NO_MGMT_FRAME_PROTECTION;
3200 #endif /* CONFIG_OWE */
3201 }
3202 }
3203 #endif /* CONFIG_IEEE80211W */
3204
3205 params.p2p = ssid->p2p_group;
3206
3207 if (wpa_s->p2pdev->set_sta_uapsd)
3208 params.uapsd = wpa_s->p2pdev->sta_uapsd;
3209 else
3210 params.uapsd = -1;
3211
3212 #ifdef CONFIG_HT_OVERRIDES
3213 os_memset(&htcaps, 0, sizeof(htcaps));
3214 os_memset(&htcaps_mask, 0, sizeof(htcaps_mask));
3215 params.htcaps = (u8 *) &htcaps;
3216 params.htcaps_mask = (u8 *) &htcaps_mask;
3217 wpa_supplicant_apply_ht_overrides(wpa_s, ssid, &params);
3218 #endif /* CONFIG_HT_OVERRIDES */
3219 #ifdef CONFIG_VHT_OVERRIDES
3220 os_memset(&vhtcaps, 0, sizeof(vhtcaps));
3221 os_memset(&vhtcaps_mask, 0, sizeof(vhtcaps_mask));
3222 params.vhtcaps = &vhtcaps;
3223 params.vhtcaps_mask = &vhtcaps_mask;
3224 wpa_supplicant_apply_vht_overrides(wpa_s, ssid, &params);
3225 #endif /* CONFIG_VHT_OVERRIDES */
3226
3227 #ifdef CONFIG_P2P
3228 /*
3229 * If multi-channel concurrency is not supported, check for any
3230 * frequency conflict. In case of any frequency conflict, remove the
3231 * least prioritized connection.
3232 */
3233 if (wpa_s->num_multichan_concurrent < 2) {
3234 int freq, num;
3235 num = get_shared_radio_freqs(wpa_s, &freq, 1);
3236 if (num > 0 && freq > 0 && freq != params.freq.freq) {
3237 wpa_printf(MSG_DEBUG,
3238 "Assoc conflicting freq found (%d != %d)",
3239 freq, params.freq.freq);
3240 if (wpas_p2p_handle_frequency_conflicts(
3241 wpa_s, params.freq.freq, ssid) < 0) {
3242 wpas_connect_work_done(wpa_s);
3243 os_free(wpa_ie);
3244 return;
3245 }
3246 }
3247 }
3248 #endif /* CONFIG_P2P */
3249
3250 if (wpa_s->reassoc_same_ess && !is_zero_ether_addr(prev_bssid) &&
3251 wpa_s->current_ssid)
3252 params.prev_bssid = prev_bssid;
3253
3254 ret = wpa_drv_associate(wpa_s, &params);
3255 os_free(wpa_ie);
3256 if (ret < 0) {
3257 wpa_msg(wpa_s, MSG_INFO, "Association request to the driver "
3258 "failed");
3259 if (wpa_s->drv_flags & WPA_DRIVER_FLAGS_SANE_ERROR_CODES) {
3260 /*
3261 * The driver is known to mean what is saying, so we
3262 * can stop right here; the association will not
3263 * succeed.
3264 */
3265 wpas_connection_failed(wpa_s, wpa_s->pending_bssid);
3266 wpa_supplicant_set_state(wpa_s, WPA_DISCONNECTED);
3267 os_memset(wpa_s->pending_bssid, 0, ETH_ALEN);
3268 return;
3269 }
3270 /* try to continue anyway; new association will be tried again
3271 * after timeout */
3272 assoc_failed = 1;
3273 }
3274
3275 if (wpa_s->key_mgmt == WPA_KEY_MGMT_WPA_NONE) {
3276 /* Set the key after the association just in case association
3277 * cleared the previously configured key. */
3278 wpa_supplicant_set_wpa_none_key(wpa_s, ssid);
3279 /* No need to timeout authentication since there is no key
3280 * management. */
3281 wpa_supplicant_cancel_auth_timeout(wpa_s);
3282 wpa_supplicant_set_state(wpa_s, WPA_COMPLETED);
3283 #ifdef CONFIG_IBSS_RSN
3284 } else if (ssid->mode == WPAS_MODE_IBSS &&
3285 wpa_s->key_mgmt != WPA_KEY_MGMT_NONE &&
3286 wpa_s->key_mgmt != WPA_KEY_MGMT_WPA_NONE) {
3287 /*
3288 * RSN IBSS authentication is per-STA and we can disable the
3289 * per-BSSID authentication.
3290 */
3291 wpa_supplicant_cancel_auth_timeout(wpa_s);
3292 #endif /* CONFIG_IBSS_RSN */
3293 } else {
3294 /* Timeout for IEEE 802.11 authentication and association */
3295 int timeout = 60;
3296
3297 if (assoc_failed) {
3298 /* give IBSS a bit more time */
3299 timeout = ssid->mode == WPAS_MODE_IBSS ? 10 : 5;
3300 } else if (wpa_s->conf->ap_scan == 1) {
3301 /* give IBSS a bit more time */
3302 timeout = ssid->mode == WPAS_MODE_IBSS ? 20 : 10;
3303 }
3304 wpa_supplicant_req_auth_timeout(wpa_s, timeout, 0);
3305 }
3306
3307 if (wep_keys_set &&
3308 (wpa_s->drv_flags & WPA_DRIVER_FLAGS_SET_KEYS_AFTER_ASSOC)) {
3309 /* Set static WEP keys again */
3310 wpa_set_wep_keys(wpa_s, ssid);
3311 }
3312
3313 if (wpa_s->current_ssid && wpa_s->current_ssid != ssid) {
3314 /*
3315 * Do not allow EAP session resumption between different
3316 * network configurations.
3317 */
3318 eapol_sm_invalidate_cached_session(wpa_s->eapol);
3319 }
3320 old_ssid = wpa_s->current_ssid;
3321 wpa_s->current_ssid = ssid;
3322
3323 if (!wpas_driver_bss_selection(wpa_s) || ssid->bssid_set) {
3324 wpa_s->current_bss = bss;
3325 #ifdef CONFIG_HS20
3326 hs20_configure_frame_filters(wpa_s);
3327 #endif /* CONFIG_HS20 */
3328 }
3329
3330 wpa_supplicant_rsn_supp_set_config(wpa_s, wpa_s->current_ssid);
3331 wpa_supplicant_initiate_eapol(wpa_s);
3332 if (old_ssid != wpa_s->current_ssid)
3333 wpas_notify_network_changed(wpa_s);
3334 }
3335
3336
3337 static void wpa_supplicant_clear_connection(struct wpa_supplicant *wpa_s,
3338 const u8 *addr)
3339 {
3340 struct wpa_ssid *old_ssid;
3341
3342 wpas_connect_work_done(wpa_s);
3343 wpa_clear_keys(wpa_s, addr);
3344 old_ssid = wpa_s->current_ssid;
3345 wpa_supplicant_mark_disassoc(wpa_s);
3346 wpa_sm_set_config(wpa_s->wpa, NULL);
3347 eapol_sm_notify_config(wpa_s->eapol, NULL, NULL);
3348 if (old_ssid != wpa_s->current_ssid)
3349 wpas_notify_network_changed(wpa_s);
3350 eloop_cancel_timeout(wpa_supplicant_timeout, wpa_s, NULL);
3351 }
3352
3353
3354 /**
3355 * wpa_supplicant_deauthenticate - Deauthenticate the current connection
3356 * @wpa_s: Pointer to wpa_supplicant data
3357 * @reason_code: IEEE 802.11 reason code for the deauthenticate frame
3358 *
3359 * This function is used to request %wpa_supplicant to deauthenticate from the
3360 * current AP.
3361 */
3362 void wpa_supplicant_deauthenticate(struct wpa_supplicant *wpa_s,
3363 int reason_code)
3364 {
3365 u8 *addr = NULL;
3366 union wpa_event_data event;
3367 int zero_addr = 0;
3368
3369 wpa_dbg(wpa_s, MSG_DEBUG, "Request to deauthenticate - bssid=" MACSTR
3370 " pending_bssid=" MACSTR " reason=%d state=%s",
3371 MAC2STR(wpa_s->bssid), MAC2STR(wpa_s->pending_bssid),
3372 reason_code, wpa_supplicant_state_txt(wpa_s->wpa_state));
3373
3374 if (!is_zero_ether_addr(wpa_s->pending_bssid) &&
3375 (wpa_s->wpa_state == WPA_AUTHENTICATING ||
3376 wpa_s->wpa_state == WPA_ASSOCIATING))
3377 addr = wpa_s->pending_bssid;
3378 else if (!is_zero_ether_addr(wpa_s->bssid))
3379 addr = wpa_s->bssid;
3380 else if (wpa_s->wpa_state == WPA_ASSOCIATING) {
3381 /*
3382 * When using driver-based BSS selection, we may not know the
3383 * BSSID with which we are currently trying to associate. We
3384 * need to notify the driver of this disconnection even in such
3385 * a case, so use the all zeros address here.
3386 */
3387 addr = wpa_s->bssid;
3388 zero_addr = 1;
3389 }
3390
3391 if (wpa_s->enabled_4addr_mode && wpa_drv_set_4addr_mode(wpa_s, 0) == 0)
3392 wpa_s->enabled_4addr_mode = 0;
3393
3394 #ifdef CONFIG_TDLS
3395 wpa_tdls_teardown_peers(wpa_s->wpa);
3396 #endif /* CONFIG_TDLS */
3397
3398 #ifdef CONFIG_MESH
3399 if (wpa_s->ifmsh) {
3400 struct mesh_conf *mconf;
3401
3402 mconf = wpa_s->ifmsh->mconf;
3403 wpa_msg(wpa_s, MSG_INFO, MESH_GROUP_REMOVED "%s",
3404 wpa_s->ifname);
3405 wpas_notify_mesh_group_removed(wpa_s, mconf->meshid,
3406 mconf->meshid_len, reason_code);
3407 wpa_supplicant_leave_mesh(wpa_s);
3408 }
3409 #endif /* CONFIG_MESH */
3410
3411 if (addr) {
3412 wpa_drv_deauthenticate(wpa_s, addr, reason_code);
3413 os_memset(&event, 0, sizeof(event));
3414 event.deauth_info.reason_code = (u16) reason_code;
3415 event.deauth_info.locally_generated = 1;
3416 wpa_supplicant_event(wpa_s, EVENT_DEAUTH, &event);
3417 if (zero_addr)
3418 addr = NULL;
3419 }
3420
3421 wpa_supplicant_clear_connection(wpa_s, addr);
3422 }
3423
3424 static void wpa_supplicant_enable_one_network(struct wpa_supplicant *wpa_s,
3425 struct wpa_ssid *ssid)
3426 {
3427 if (!ssid || !ssid->disabled || ssid->disabled == 2)
3428 return;
3429
3430 ssid->disabled = 0;
3431 ssid->owe_transition_bss_select_count = 0;
3432 wpas_clear_temp_disabled(wpa_s, ssid, 1);
3433 wpas_notify_network_enabled_changed(wpa_s, ssid);
3434
3435 /*
3436 * Try to reassociate since there is no current configuration and a new
3437 * network was made available.
3438 */
3439 if (!wpa_s->current_ssid && !wpa_s->disconnected)
3440 wpa_s->reassociate = 1;
3441 }
3442
3443
3444 /**
3445 * wpa_supplicant_add_network - Add a new network
3446 * @wpa_s: wpa_supplicant structure for a network interface
3447 * Returns: The new network configuration or %NULL if operation failed
3448 *
3449 * This function performs the following operations:
3450 * 1. Adds a new network.
3451 * 2. Send network addition notification.
3452 * 3. Marks the network disabled.
3453 * 4. Set network default parameters.
3454 */
3455 struct wpa_ssid * wpa_supplicant_add_network(struct wpa_supplicant *wpa_s)
3456 {
3457 struct wpa_ssid *ssid;
3458
3459 ssid = wpa_config_add_network(wpa_s->conf);
3460 if (!ssid)
3461 return NULL;
3462 wpas_notify_network_added(wpa_s, ssid);
3463 ssid->disabled = 1;
3464 wpa_config_set_network_defaults(ssid);
3465
3466 return ssid;
3467 }
3468
3469
3470 /**
3471 * wpa_supplicant_remove_network - Remove a configured network based on id
3472 * @wpa_s: wpa_supplicant structure for a network interface
3473 * @id: Unique network id to search for
3474 * Returns: 0 on success, or -1 if the network was not found, -2 if the network
3475 * could not be removed
3476 *
3477 * This function performs the following operations:
3478 * 1. Removes the network.
3479 * 2. Send network removal notification.
3480 * 3. Update internal state machines.
3481 * 4. Stop any running sched scans.
3482 */
3483 int wpa_supplicant_remove_network(struct wpa_supplicant *wpa_s, int id)
3484 {
3485 struct wpa_ssid *ssid;
3486 int was_disabled;
3487
3488 ssid = wpa_config_get_network(wpa_s->conf, id);
3489 if (!ssid)
3490 return -1;
3491 wpas_notify_network_removed(wpa_s, ssid);
3492
3493 if (wpa_s->last_ssid == ssid)
3494 wpa_s->last_ssid = NULL;
3495
3496 if (ssid == wpa_s->current_ssid || !wpa_s->current_ssid) {
3497 #ifdef CONFIG_SME
3498 wpa_s->sme.prev_bssid_set = 0;
3499 #endif /* CONFIG_SME */
3500 /*
3501 * Invalidate the EAP session cache if the current or
3502 * previously used network is removed.
3503 */
3504 eapol_sm_invalidate_cached_session(wpa_s->eapol);
3505 }
3506
3507 if (ssid == wpa_s->current_ssid) {
3508 wpa_sm_set_config(wpa_s->wpa, NULL);
3509 eapol_sm_notify_config(wpa_s->eapol, NULL, NULL);
3510
3511 if (wpa_s->wpa_state >= WPA_AUTHENTICATING)
3512 wpa_s->own_disconnect_req = 1;
3513 wpa_supplicant_deauthenticate(wpa_s,
3514 WLAN_REASON_DEAUTH_LEAVING);
3515 }
3516
3517 was_disabled = ssid->disabled;
3518
3519 if (wpa_config_remove_network(wpa_s->conf, id) < 0)
3520 return -2;
3521
3522 if (!was_disabled && wpa_s->sched_scanning) {
3523 wpa_printf(MSG_DEBUG,
3524 "Stop ongoing sched_scan to remove network from filters");
3525 wpa_supplicant_cancel_sched_scan(wpa_s);
3526 wpa_supplicant_req_scan(wpa_s, 0, 0);
3527 }
3528
3529 return 0;
3530 }
3531
3532
3533 /**
3534 * wpa_supplicant_enable_network - Mark a configured network as enabled
3535 * @wpa_s: wpa_supplicant structure for a network interface
3536 * @ssid: wpa_ssid structure for a configured network or %NULL
3537 *
3538 * Enables the specified network or all networks if no network specified.
3539 */
3540 void wpa_supplicant_enable_network(struct wpa_supplicant *wpa_s,
3541 struct wpa_ssid *ssid)
3542 {
3543 if (ssid == NULL) {
3544 for (ssid = wpa_s->conf->ssid; ssid; ssid = ssid->next)
3545 wpa_supplicant_enable_one_network(wpa_s, ssid);
3546 } else
3547 wpa_supplicant_enable_one_network(wpa_s, ssid);
3548
3549 if (wpa_s->reassociate && !wpa_s->disconnected &&
3550 (!wpa_s->current_ssid ||
3551 wpa_s->wpa_state == WPA_DISCONNECTED ||
3552 wpa_s->wpa_state == WPA_SCANNING)) {
3553 if (wpa_s->sched_scanning) {
3554 wpa_printf(MSG_DEBUG, "Stop ongoing sched_scan to add "
3555 "new network to scan filters");
3556 wpa_supplicant_cancel_sched_scan(wpa_s);
3557 }
3558
3559 if (wpa_supplicant_fast_associate(wpa_s) != 1) {
3560 wpa_s->scan_req = NORMAL_SCAN_REQ;
3561 wpa_supplicant_req_scan(wpa_s, 0, 0);
3562 }
3563 }
3564 }
3565
3566
3567 /**
3568 * wpa_supplicant_disable_network - Mark a configured network as disabled
3569 * @wpa_s: wpa_supplicant structure for a network interface
3570 * @ssid: wpa_ssid structure for a configured network or %NULL
3571 *
3572 * Disables the specified network or all networks if no network specified.
3573 */
3574 void wpa_supplicant_disable_network(struct wpa_supplicant *wpa_s,
3575 struct wpa_ssid *ssid)
3576 {
3577 struct wpa_ssid *other_ssid;
3578 int was_disabled;
3579
3580 if (ssid == NULL) {
3581 if (wpa_s->sched_scanning)
3582 wpa_supplicant_cancel_sched_scan(wpa_s);
3583
3584 for (other_ssid = wpa_s->conf->ssid; other_ssid;
3585 other_ssid = other_ssid->next) {
3586 was_disabled = other_ssid->disabled;
3587 if (was_disabled == 2)
3588 continue; /* do not change persistent P2P group
3589 * data */
3590
3591 other_ssid->disabled = 1;
3592
3593 if (was_disabled != other_ssid->disabled)
3594 wpas_notify_network_enabled_changed(
3595 wpa_s, other_ssid);
3596 }
3597 if (wpa_s->current_ssid) {
3598 if (wpa_s->wpa_state >= WPA_AUTHENTICATING)
3599 wpa_s->own_disconnect_req = 1;
3600 wpa_supplicant_deauthenticate(
3601 wpa_s, WLAN_REASON_DEAUTH_LEAVING);
3602 }
3603 } else if (ssid->disabled != 2) {
3604 if (ssid == wpa_s->current_ssid) {
3605 if (wpa_s->wpa_state >= WPA_AUTHENTICATING)
3606 wpa_s->own_disconnect_req = 1;
3607 wpa_supplicant_deauthenticate(
3608 wpa_s, WLAN_REASON_DEAUTH_LEAVING);
3609 }
3610
3611 was_disabled = ssid->disabled;
3612
3613 ssid->disabled = 1;
3614
3615 if (was_disabled != ssid->disabled) {
3616 wpas_notify_network_enabled_changed(wpa_s, ssid);
3617 if (wpa_s->sched_scanning) {
3618 wpa_printf(MSG_DEBUG, "Stop ongoing sched_scan "
3619 "to remove network from filters");
3620 wpa_supplicant_cancel_sched_scan(wpa_s);
3621 wpa_supplicant_req_scan(wpa_s, 0, 0);
3622 }
3623 }
3624 }
3625 }
3626
3627
3628 /**
3629 * wpa_supplicant_select_network - Attempt association with a network
3630 * @wpa_s: wpa_supplicant structure for a network interface
3631 * @ssid: wpa_ssid structure for a configured network or %NULL for any network
3632 */
3633 void wpa_supplicant_select_network(struct wpa_supplicant *wpa_s,
3634 struct wpa_ssid *ssid)
3635 {
3636
3637 struct wpa_ssid *other_ssid;
3638 int disconnected = 0;
3639
3640 if (ssid && ssid != wpa_s->current_ssid && wpa_s->current_ssid) {
3641 if (wpa_s->wpa_state >= WPA_AUTHENTICATING)
3642 wpa_s->own_disconnect_req = 1;
3643 wpa_supplicant_deauthenticate(
3644 wpa_s, WLAN_REASON_DEAUTH_LEAVING);
3645 disconnected = 1;
3646 }
3647
3648 if (ssid)
3649 wpas_clear_temp_disabled(wpa_s, ssid, 1);
3650
3651 /*
3652 * Mark all other networks disabled or mark all networks enabled if no
3653 * network specified.
3654 */
3655 for (other_ssid = wpa_s->conf->ssid; other_ssid;
3656 other_ssid = other_ssid->next) {
3657 int was_disabled = other_ssid->disabled;
3658 if (was_disabled == 2)
3659 continue; /* do not change persistent P2P group data */
3660
3661 other_ssid->disabled = ssid ? (ssid->id != other_ssid->id) : 0;
3662 if (was_disabled && !other_ssid->disabled)
3663 wpas_clear_temp_disabled(wpa_s, other_ssid, 0);
3664
3665 if (was_disabled != other_ssid->disabled)
3666 wpas_notify_network_enabled_changed(wpa_s, other_ssid);
3667 }
3668
3669 if (ssid && ssid == wpa_s->current_ssid && wpa_s->current_ssid &&
3670 wpa_s->wpa_state >= WPA_AUTHENTICATING) {
3671 /* We are already associated with the selected network */
3672 wpa_printf(MSG_DEBUG, "Already associated with the "
3673 "selected network - do nothing");
3674 return;
3675 }
3676
3677 if (ssid) {
3678 wpa_s->current_ssid = ssid;
3679 eapol_sm_notify_config(wpa_s->eapol, NULL, NULL);
3680 wpa_s->connect_without_scan =
3681 (ssid->mode == WPAS_MODE_MESH) ? ssid : NULL;
3682
3683 /*
3684 * Don't optimize next scan freqs since a new ESS has been
3685 * selected.
3686 */
3687 os_free(wpa_s->next_scan_freqs);
3688 wpa_s->next_scan_freqs = NULL;
3689 } else {
3690 wpa_s->connect_without_scan = NULL;
3691 }
3692
3693 wpa_s->disconnected = 0;
3694 wpa_s->reassociate = 1;
3695 wpa_s->last_owe_group = 0;
3696 if (ssid)
3697 ssid->owe_transition_bss_select_count = 0;
3698
3699 if (wpa_s->connect_without_scan ||
3700 wpa_supplicant_fast_associate(wpa_s) != 1) {
3701 wpa_s->scan_req = NORMAL_SCAN_REQ;
3702 wpas_scan_reset_sched_scan(wpa_s);
3703 wpa_supplicant_req_scan(wpa_s, 0, disconnected ? 100000 : 0);
3704 }
3705
3706 if (ssid)
3707 wpas_notify_network_selected(wpa_s, ssid);
3708 }
3709
3710
3711 /**
3712 * wpas_set_pkcs11_engine_and_module_path - Set PKCS #11 engine and module path
3713 * @wpa_s: wpa_supplicant structure for a network interface
3714 * @pkcs11_engine_path: PKCS #11 engine path or NULL
3715 * @pkcs11_module_path: PKCS #11 module path or NULL
3716 * Returns: 0 on success; -1 on failure
3717 *
3718 * Sets the PKCS #11 engine and module path. Both have to be NULL or a valid
3719 * path. If resetting the EAPOL state machine with the new PKCS #11 engine and
3720 * module path fails the paths will be reset to the default value (NULL).
3721 */
3722 int wpas_set_pkcs11_engine_and_module_path(struct wpa_supplicant *wpa_s,
3723 const char *pkcs11_engine_path,
3724 const char *pkcs11_module_path)
3725 {
3726 char *pkcs11_engine_path_copy = NULL;
3727 char *pkcs11_module_path_copy = NULL;
3728
3729 if (pkcs11_engine_path != NULL) {
3730 pkcs11_engine_path_copy = os_strdup(pkcs11_engine_path);
3731 if (pkcs11_engine_path_copy == NULL)
3732 return -1;
3733 }
3734 if (pkcs11_module_path != NULL) {
3735 pkcs11_module_path_copy = os_strdup(pkcs11_module_path);
3736 if (pkcs11_module_path_copy == NULL) {
3737 os_free(pkcs11_engine_path_copy);
3738 return -1;
3739 }
3740 }
3741
3742 os_free(wpa_s->conf->pkcs11_engine_path);
3743 os_free(wpa_s->conf->pkcs11_module_path);
3744 wpa_s->conf->pkcs11_engine_path = pkcs11_engine_path_copy;
3745 wpa_s->conf->pkcs11_module_path = pkcs11_module_path_copy;
3746
3747 wpa_sm_set_eapol(wpa_s->wpa, NULL);
3748 eapol_sm_deinit(wpa_s->eapol);
3749 wpa_s->eapol = NULL;
3750 if (wpa_supplicant_init_eapol(wpa_s)) {
3751 /* Error -> Reset paths to the default value (NULL) once. */
3752 if (pkcs11_engine_path != NULL && pkcs11_module_path != NULL)
3753 wpas_set_pkcs11_engine_and_module_path(wpa_s, NULL,
3754 NULL);
3755
3756 return -1;
3757 }
3758 wpa_sm_set_eapol(wpa_s->wpa, wpa_s->eapol);
3759
3760 return 0;
3761 }
3762
3763
3764 /**
3765 * wpa_supplicant_set_ap_scan - Set AP scan mode for interface
3766 * @wpa_s: wpa_supplicant structure for a network interface
3767 * @ap_scan: AP scan mode
3768 * Returns: 0 if succeed or -1 if ap_scan has an invalid value
3769 *
3770 */
3771 int wpa_supplicant_set_ap_scan(struct wpa_supplicant *wpa_s, int ap_scan)
3772 {
3773
3774 int old_ap_scan;
3775
3776 if (ap_scan < 0 || ap_scan > 2)
3777 return -1;
3778
3779 if (ap_scan == 2 && os_strcmp(wpa_s->driver->name, "nl80211") == 0) {
3780 wpa_printf(MSG_INFO,
3781 "Note: nl80211 driver interface is not designed to be used with ap_scan=2; this can result in connection failures");
3782 }
3783
3784 #ifdef ANDROID
3785 if (ap_scan == 2 && ap_scan != wpa_s->conf->ap_scan &&
3786 wpa_s->wpa_state >= WPA_ASSOCIATING &&
3787 wpa_s->wpa_state < WPA_COMPLETED) {
3788 wpa_printf(MSG_ERROR, "ap_scan = %d (%d) rejected while "
3789 "associating", wpa_s->conf->ap_scan, ap_scan);
3790 return 0;
3791 }
3792 #endif /* ANDROID */
3793
3794 old_ap_scan = wpa_s->conf->ap_scan;
3795 wpa_s->conf->ap_scan = ap_scan;
3796
3797 if (old_ap_scan != wpa_s->conf->ap_scan)
3798 wpas_notify_ap_scan_changed(wpa_s);
3799
3800 return 0;
3801 }
3802
3803
3804 /**
3805 * wpa_supplicant_set_bss_expiration_age - Set BSS entry expiration age
3806 * @wpa_s: wpa_supplicant structure for a network interface
3807 * @expire_age: Expiration age in seconds
3808 * Returns: 0 if succeed or -1 if expire_age has an invalid value
3809 *
3810 */
3811 int wpa_supplicant_set_bss_expiration_age(struct wpa_supplicant *wpa_s,
3812 unsigned int bss_expire_age)
3813 {
3814 if (bss_expire_age < 10) {
3815 wpa_msg(wpa_s, MSG_ERROR, "Invalid bss expiration age %u",
3816 bss_expire_age);
3817 return -1;
3818 }
3819 wpa_msg(wpa_s, MSG_DEBUG, "Setting bss expiration age: %d sec",
3820 bss_expire_age);
3821 wpa_s->conf->bss_expiration_age = bss_expire_age;
3822
3823 return 0;
3824 }
3825
3826
3827 /**
3828 * wpa_supplicant_set_bss_expiration_count - Set BSS entry expiration scan count
3829 * @wpa_s: wpa_supplicant structure for a network interface
3830 * @expire_count: number of scans after which an unseen BSS is reclaimed
3831 * Returns: 0 if succeed or -1 if expire_count has an invalid value
3832 *
3833 */
3834 int wpa_supplicant_set_bss_expiration_count(struct wpa_supplicant *wpa_s,
3835 unsigned int bss_expire_count)
3836 {
3837 if (bss_expire_count < 1) {
3838 wpa_msg(wpa_s, MSG_ERROR, "Invalid bss expiration count %u",
3839 bss_expire_count);
3840 return -1;
3841 }
3842 wpa_msg(wpa_s, MSG_DEBUG, "Setting bss expiration scan count: %u",
3843 bss_expire_count);
3844 wpa_s->conf->bss_expiration_scan_count = bss_expire_count;
3845
3846 return 0;
3847 }
3848
3849
3850 /**
3851 * wpa_supplicant_set_scan_interval - Set scan interval
3852 * @wpa_s: wpa_supplicant structure for a network interface
3853 * @scan_interval: scan interval in seconds
3854 * Returns: 0 if succeed or -1 if scan_interval has an invalid value
3855 *
3856 */
3857 int wpa_supplicant_set_scan_interval(struct wpa_supplicant *wpa_s,
3858 int scan_interval)
3859 {
3860 if (scan_interval < 0) {
3861 wpa_msg(wpa_s, MSG_ERROR, "Invalid scan interval %d",
3862 scan_interval);
3863 return -1;
3864 }
3865 wpa_msg(wpa_s, MSG_DEBUG, "Setting scan interval: %d sec",
3866 scan_interval);
3867 wpa_supplicant_update_scan_int(wpa_s, scan_interval);
3868
3869 return 0;
3870 }
3871
3872
3873 /**
3874 * wpa_supplicant_set_debug_params - Set global debug params
3875 * @global: wpa_global structure
3876 * @debug_level: debug level
3877 * @debug_timestamp: determines if show timestamp in debug data
3878 * @debug_show_keys: determines if show keys in debug data
3879 * Returns: 0 if succeed or -1 if debug_level has wrong value
3880 */
3881 int wpa_supplicant_set_debug_params(struct wpa_global *global, int debug_level,
3882 int debug_timestamp, int debug_show_keys)
3883 {
3884
3885 int old_level, old_timestamp, old_show_keys;
3886
3887 /* check for allowed debuglevels */
3888 if (debug_level != MSG_EXCESSIVE &&
3889 debug_level != MSG_MSGDUMP &&
3890 debug_level != MSG_DEBUG &&
3891 debug_level != MSG_INFO &&
3892 debug_level != MSG_WARNING &&
3893 debug_level != MSG_ERROR)
3894 return -1;
3895
3896 old_level = wpa_debug_level;
3897 old_timestamp = wpa_debug_timestamp;
3898 old_show_keys = wpa_debug_show_keys;
3899
3900 wpa_debug_level = debug_level;
3901 wpa_debug_timestamp = debug_timestamp ? 1 : 0;
3902 wpa_debug_show_keys = debug_show_keys ? 1 : 0;
3903
3904 if (wpa_debug_level != old_level)
3905 wpas_notify_debug_level_changed(global);
3906 if (wpa_debug_timestamp != old_timestamp)
3907 wpas_notify_debug_timestamp_changed(global);
3908 if (wpa_debug_show_keys != old_show_keys)
3909 wpas_notify_debug_show_keys_changed(global);
3910
3911 return 0;
3912 }
3913
3914
3915 #ifdef CONFIG_OWE
3916 static int owe_trans_ssid_match(struct wpa_supplicant *wpa_s, const u8 *bssid,
3917 const u8 *entry_ssid, size_t entry_ssid_len)
3918 {
3919 const u8 *owe, *pos, *end;
3920 u8 ssid_len;
3921 struct wpa_bss *bss;
3922
3923 /* Check network profile SSID aganst the SSID in the
3924 * OWE Transition Mode element. */
3925
3926 bss = wpa_bss_get_bssid_latest(wpa_s, bssid);
3927 if (!bss)
3928 return 0;
3929
3930 owe = wpa_bss_get_vendor_ie(bss, OWE_IE_VENDOR_TYPE);
3931 if (!owe)
3932 return 0;
3933
3934 pos = owe + 6;
3935 end = owe + 2 + owe[1];
3936
3937 if (end - pos < ETH_ALEN + 1)
3938 return 0;
3939 pos += ETH_ALEN;
3940 ssid_len = *pos++;
3941 if (end - pos < ssid_len || ssid_len > SSID_MAX_LEN)
3942 return 0;
3943
3944 return entry_ssid_len == ssid_len &&
3945 os_memcmp(pos, entry_ssid, ssid_len) == 0;
3946 }
3947 #endif /* CONFIG_OWE */
3948
3949
3950 /**
3951 * wpa_supplicant_get_ssid - Get a pointer to the current network structure
3952 * @wpa_s: Pointer to wpa_supplicant data
3953 * Returns: A pointer to the current network structure or %NULL on failure
3954 */
3955 struct wpa_ssid * wpa_supplicant_get_ssid(struct wpa_supplicant *wpa_s)
3956 {
3957 struct wpa_ssid *entry;
3958 u8 ssid[SSID_MAX_LEN];
3959 int res;
3960 size_t ssid_len;
3961 u8 bssid[ETH_ALEN];
3962 int wired;
3963
3964 res = wpa_drv_get_ssid(wpa_s, ssid);
3965 if (res < 0) {
3966 wpa_msg(wpa_s, MSG_WARNING, "Could not read SSID from "
3967 "driver");
3968 return NULL;
3969 }
3970 ssid_len = res;
3971
3972 if (wpa_drv_get_bssid(wpa_s, bssid) < 0) {
3973 wpa_msg(wpa_s, MSG_WARNING, "Could not read BSSID from "
3974 "driver");
3975 return NULL;
3976 }
3977
3978 wired = wpa_s->conf->ap_scan == 0 &&
3979 (wpa_s->drv_flags & WPA_DRIVER_FLAGS_WIRED);
3980
3981 entry = wpa_s->conf->ssid;
3982 while (entry) {
3983 if (!wpas_network_disabled(wpa_s, entry) &&
3984 ((ssid_len == entry->ssid_len &&
3985 (!entry->ssid ||
3986 os_memcmp(ssid, entry->ssid, ssid_len) == 0)) ||
3987 wired) &&
3988 (!entry->bssid_set ||
3989 os_memcmp(bssid, entry->bssid, ETH_ALEN) == 0))
3990 return entry;
3991 #ifdef CONFIG_WPS
3992 if (!wpas_network_disabled(wpa_s, entry) &&
3993 (entry->key_mgmt & WPA_KEY_MGMT_WPS) &&
3994 (entry->ssid == NULL || entry->ssid_len == 0) &&
3995 (!entry->bssid_set ||
3996 os_memcmp(bssid, entry->bssid, ETH_ALEN) == 0))
3997 return entry;
3998 #endif /* CONFIG_WPS */
3999
4000 #ifdef CONFIG_OWE
4001 if (!wpas_network_disabled(wpa_s, entry) &&
4002 owe_trans_ssid_match(wpa_s, bssid, entry->ssid,
4003 entry->ssid_len) &&
4004 (!entry->bssid_set ||
4005 os_memcmp(bssid, entry->bssid, ETH_ALEN) == 0))
4006 return entry;
4007 #endif /* CONFIG_OWE */
4008
4009 if (!wpas_network_disabled(wpa_s, entry) && entry->bssid_set &&
4010 entry->ssid_len == 0 &&
4011 os_memcmp(bssid, entry->bssid, ETH_ALEN) == 0)
4012 return entry;
4013
4014 entry = entry->next;
4015 }
4016
4017 return NULL;
4018 }
4019
4020
4021 static int select_driver(struct wpa_supplicant *wpa_s, int i)
4022 {
4023 struct wpa_global *global = wpa_s->global;
4024
4025 if (wpa_drivers[i]->global_init && global->drv_priv[i] == NULL) {
4026 global->drv_priv[i] = wpa_drivers[i]->global_init(global);
4027 if (global->drv_priv[i] == NULL) {
4028 wpa_printf(MSG_ERROR, "Failed to initialize driver "
4029 "'%s'", wpa_drivers[i]->name);
4030 return -1;
4031 }
4032 }
4033
4034 wpa_s->driver = wpa_drivers[i];
4035 wpa_s->global_drv_priv = global->drv_priv[i];
4036
4037 return 0;
4038 }
4039
4040
4041 static int wpa_supplicant_set_driver(struct wpa_supplicant *wpa_s,
4042 const char *name)
4043 {
4044 int i;
4045 size_t len;
4046 const char *pos, *driver = name;
4047
4048 if (wpa_s == NULL)
4049 return -1;
4050
4051 if (wpa_drivers[0] == NULL) {
4052 wpa_msg(wpa_s, MSG_ERROR, "No driver interfaces build into "
4053 "wpa_supplicant");
4054 return -1;
4055 }
4056
4057 if (name == NULL) {
4058 /* default to first driver in the list */
4059 return select_driver(wpa_s, 0);
4060 }
4061
4062 do {
4063 pos = os_strchr(driver, ',');
4064 if (pos)
4065 len = pos - driver;
4066 else
4067 len = os_strlen(driver);
4068
4069 for (i = 0; wpa_drivers[i]; i++) {
4070 if (os_strlen(wpa_drivers[i]->name) == len &&
4071 os_strncmp(driver, wpa_drivers[i]->name, len) ==
4072 0) {
4073 /* First driver that succeeds wins */
4074 if (select_driver(wpa_s, i) == 0)
4075 return 0;
4076 }
4077 }
4078
4079 driver = pos + 1;
4080 } while (pos);
4081
4082 wpa_msg(wpa_s, MSG_ERROR, "Unsupported driver '%s'", name);
4083 return -1;
4084 }
4085
4086
4087 /**
4088 * wpa_supplicant_rx_eapol - Deliver a received EAPOL frame to wpa_supplicant
4089 * @ctx: Context pointer (wpa_s); this is the ctx variable registered
4090 * with struct wpa_driver_ops::init()
4091 * @src_addr: Source address of the EAPOL frame
4092 * @buf: EAPOL data starting from the EAPOL header (i.e., no Ethernet header)
4093 * @len: Length of the EAPOL data
4094 *
4095 * This function is called for each received EAPOL frame. Most driver
4096 * interfaces rely on more generic OS mechanism for receiving frames through
4097 * l2_packet, but if such a mechanism is not available, the driver wrapper may
4098 * take care of received EAPOL frames and deliver them to the core supplicant
4099 * code by calling this function.
4100 */
4101 void wpa_supplicant_rx_eapol(void *ctx, const u8 *src_addr,
4102 const u8 *buf, size_t len)
4103 {
4104 struct wpa_supplicant *wpa_s = ctx;
4105
4106 wpa_dbg(wpa_s, MSG_DEBUG, "RX EAPOL from " MACSTR, MAC2STR(src_addr));
4107 wpa_hexdump(MSG_MSGDUMP, "RX EAPOL", buf, len);
4108
4109 #ifdef CONFIG_TESTING_OPTIONS
4110 if (wpa_s->ignore_auth_resp) {
4111 wpa_printf(MSG_INFO, "RX EAPOL - ignore_auth_resp active!");
4112 return;
4113 }
4114 #endif /* CONFIG_TESTING_OPTIONS */
4115
4116 if (wpa_s->wpa_state < WPA_ASSOCIATED ||
4117 (wpa_s->last_eapol_matches_bssid &&
4118 #ifdef CONFIG_AP
4119 !wpa_s->ap_iface &&
4120 #endif /* CONFIG_AP */
4121 os_memcmp(src_addr, wpa_s->bssid, ETH_ALEN) != 0)) {
4122 /*
4123 * There is possible race condition between receiving the
4124 * association event and the EAPOL frame since they are coming
4125 * through different paths from the driver. In order to avoid
4126 * issues in trying to process the EAPOL frame before receiving
4127 * association information, lets queue it for processing until
4128 * the association event is received. This may also be needed in
4129 * driver-based roaming case, so also use src_addr != BSSID as a
4130 * trigger if we have previously confirmed that the
4131 * Authenticator uses BSSID as the src_addr (which is not the
4132 * case with wired IEEE 802.1X).
4133 */
4134 wpa_dbg(wpa_s, MSG_DEBUG, "Not associated - Delay processing "
4135 "of received EAPOL frame (state=%s bssid=" MACSTR ")",
4136 wpa_supplicant_state_txt(wpa_s->wpa_state),
4137 MAC2STR(wpa_s->bssid));
4138 wpabuf_free(wpa_s->pending_eapol_rx);
4139 wpa_s->pending_eapol_rx = wpabuf_alloc_copy(buf, len);
4140 if (wpa_s->pending_eapol_rx) {
4141 os_get_reltime(&wpa_s->pending_eapol_rx_time);
4142 os_memcpy(wpa_s->pending_eapol_rx_src, src_addr,
4143 ETH_ALEN);
4144 }
4145 return;
4146 }
4147
4148 wpa_s->last_eapol_matches_bssid =
4149 os_memcmp(src_addr, wpa_s->bssid, ETH_ALEN) == 0;
4150
4151 #ifdef CONFIG_AP
4152 if (wpa_s->ap_iface) {
4153 wpa_supplicant_ap_rx_eapol(wpa_s, src_addr, buf, len);
4154 return;
4155 }
4156 #endif /* CONFIG_AP */
4157
4158 if (wpa_s->key_mgmt == WPA_KEY_MGMT_NONE) {
4159 wpa_dbg(wpa_s, MSG_DEBUG, "Ignored received EAPOL frame since "
4160 "no key management is configured");
4161 return;
4162 }
4163
4164 if (wpa_s->eapol_received == 0 &&
4165 (!(wpa_s->drv_flags & WPA_DRIVER_FLAGS_4WAY_HANDSHAKE_PSK) ||
4166 !wpa_key_mgmt_wpa_psk(wpa_s->key_mgmt) ||
4167 wpa_s->wpa_state != WPA_COMPLETED) &&
4168 (wpa_s->current_ssid == NULL ||
4169 wpa_s->current_ssid->mode != IEEE80211_MODE_IBSS)) {
4170 /* Timeout for completing IEEE 802.1X and WPA authentication */
4171 int timeout = 10;
4172
4173 if (wpa_key_mgmt_wpa_ieee8021x(wpa_s->key_mgmt) ||
4174 wpa_s->key_mgmt == WPA_KEY_MGMT_IEEE8021X_NO_WPA ||
4175 wpa_s->key_mgmt == WPA_KEY_MGMT_WPS) {
4176 /* Use longer timeout for IEEE 802.1X/EAP */
4177 timeout = 70;
4178 }
4179
4180 #ifdef CONFIG_WPS
4181 if (wpa_s->current_ssid && wpa_s->current_bss &&
4182 (wpa_s->current_ssid->key_mgmt & WPA_KEY_MGMT_WPS) &&
4183 eap_is_wps_pin_enrollee(&wpa_s->current_ssid->eap)) {
4184 /*
4185 * Use shorter timeout if going through WPS AP iteration
4186 * for PIN config method with an AP that does not
4187 * advertise Selected Registrar.
4188 */
4189 struct wpabuf *wps_ie;
4190
4191 wps_ie = wpa_bss_get_vendor_ie_multi(
4192 wpa_s->current_bss, WPS_IE_VENDOR_TYPE);
4193 if (wps_ie &&
4194 !wps_is_addr_authorized(wps_ie, wpa_s->own_addr, 1))
4195 timeout = 10;
4196 wpabuf_free(wps_ie);
4197 }
4198 #endif /* CONFIG_WPS */
4199
4200 wpa_supplicant_req_auth_timeout(wpa_s, timeout, 0);
4201 }
4202 wpa_s->eapol_received++;
4203
4204 if (wpa_s->countermeasures) {
4205 wpa_msg(wpa_s, MSG_INFO, "WPA: Countermeasures - dropped "
4206 "EAPOL packet");
4207 return;
4208 }
4209
4210 #ifdef CONFIG_IBSS_RSN
4211 if (wpa_s->current_ssid &&
4212 wpa_s->current_ssid->mode == WPAS_MODE_IBSS) {
4213 ibss_rsn_rx_eapol(wpa_s->ibss_rsn, src_addr, buf, len);
4214 return;
4215 }
4216 #endif /* CONFIG_IBSS_RSN */
4217
4218 /* Source address of the incoming EAPOL frame could be compared to the
4219 * current BSSID. However, it is possible that a centralized
4220 * Authenticator could be using another MAC address than the BSSID of
4221 * an AP, so just allow any address to be used for now. The replies are
4222 * still sent to the current BSSID (if available), though. */
4223
4224 os_memcpy(wpa_s->last_eapol_src, src_addr, ETH_ALEN);
4225 if (!wpa_key_mgmt_wpa_psk(wpa_s->key_mgmt) &&
4226 wpa_s->key_mgmt != WPA_KEY_MGMT_OWE &&
4227 wpa_s->key_mgmt != WPA_KEY_MGMT_DPP &&
4228 eapol_sm_rx_eapol(wpa_s->eapol, src_addr, buf, len) > 0)
4229 return;
4230 wpa_drv_poll(wpa_s);
4231 if (!(wpa_s->drv_flags & WPA_DRIVER_FLAGS_4WAY_HANDSHAKE_PSK))
4232 wpa_sm_rx_eapol(wpa_s->wpa, src_addr, buf, len);
4233 else if (wpa_key_mgmt_wpa_ieee8021x(wpa_s->key_mgmt)) {
4234 /*
4235 * Set portValid = TRUE here since we are going to skip 4-way
4236 * handshake processing which would normally set portValid. We
4237 * need this to allow the EAPOL state machines to be completed
4238 * without going through EAPOL-Key handshake.
4239 */
4240 eapol_sm_notify_portValid(wpa_s->eapol, TRUE);
4241 }
4242 }
4243
4244
4245 int wpa_supplicant_update_mac_addr(struct wpa_supplicant *wpa_s)
4246 {
4247 if ((!wpa_s->p2p_mgmt ||
4248 !(wpa_s->drv_flags & WPA_DRIVER_FLAGS_DEDICATED_P2P_DEVICE)) &&
4249 !(wpa_s->drv_flags & WPA_DRIVER_FLAGS_P2P_DEDICATED_INTERFACE)) {
4250 l2_packet_deinit(wpa_s->l2);
4251 wpa_s->l2 = l2_packet_init(wpa_s->ifname,
4252 wpa_drv_get_mac_addr(wpa_s),
4253 ETH_P_EAPOL,
4254 wpa_supplicant_rx_eapol, wpa_s, 0);
4255 if (wpa_s->l2 == NULL)
4256 return -1;
4257
4258 if (l2_packet_set_packet_filter(wpa_s->l2,
4259 L2_PACKET_FILTER_PKTTYPE))
4260 wpa_dbg(wpa_s, MSG_DEBUG,
4261 "Failed to attach pkt_type filter");
4262 } else {
4263 const u8 *addr = wpa_drv_get_mac_addr(wpa_s);
4264 if (addr)
4265 os_memcpy(wpa_s->own_addr, addr, ETH_ALEN);
4266 }
4267
4268 if (wpa_s->l2 && l2_packet_get_own_addr(wpa_s->l2, wpa_s->own_addr)) {
4269 wpa_msg(wpa_s, MSG_ERROR, "Failed to get own L2 address");
4270 return -1;
4271 }
4272
4273 wpa_sm_set_own_addr(wpa_s->wpa, wpa_s->own_addr);
4274
4275 return 0;
4276 }
4277
4278
4279 static void wpa_supplicant_rx_eapol_bridge(void *ctx, const u8 *src_addr,
4280 const u8 *buf, size_t len)
4281 {
4282 struct wpa_supplicant *wpa_s = ctx;
4283 const struct l2_ethhdr *eth;
4284
4285 if (len < sizeof(*eth))
4286 return;
4287 eth = (const struct l2_ethhdr *) buf;
4288
4289 if (os_memcmp(eth->h_dest, wpa_s->own_addr, ETH_ALEN) != 0 &&
4290 !(eth->h_dest[0] & 0x01)) {
4291 wpa_dbg(wpa_s, MSG_DEBUG, "RX EAPOL from " MACSTR " to " MACSTR
4292 " (bridge - not for this interface - ignore)",
4293 MAC2STR(src_addr), MAC2STR(eth->h_dest));
4294 return;
4295 }
4296
4297 wpa_dbg(wpa_s, MSG_DEBUG, "RX EAPOL from " MACSTR " to " MACSTR
4298 " (bridge)", MAC2STR(src_addr), MAC2STR(eth->h_dest));
4299 wpa_supplicant_rx_eapol(wpa_s, src_addr, buf + sizeof(*eth),
4300 len - sizeof(*eth));
4301 }
4302
4303
4304 /**
4305 * wpa_supplicant_driver_init - Initialize driver interface parameters
4306 * @wpa_s: Pointer to wpa_supplicant data
4307 * Returns: 0 on success, -1 on failure
4308 *
4309 * This function is called to initialize driver interface parameters.
4310 * wpa_drv_init() must have been called before this function to initialize the
4311 * driver interface.
4312 */
4313 int wpa_supplicant_driver_init(struct wpa_supplicant *wpa_s)
4314 {
4315 static int interface_count = 0;
4316
4317 if (wpa_supplicant_update_mac_addr(wpa_s) < 0)
4318 return -1;
4319
4320 wpa_dbg(wpa_s, MSG_DEBUG, "Own MAC address: " MACSTR,
4321 MAC2STR(wpa_s->own_addr));
4322 os_memcpy(wpa_s->perm_addr, wpa_s->own_addr, ETH_ALEN);
4323 wpa_sm_set_own_addr(wpa_s->wpa, wpa_s->own_addr);
4324
4325 if (wpa_s->bridge_ifname[0]) {
4326 wpa_dbg(wpa_s, MSG_DEBUG, "Receiving packets from bridge "
4327 "interface '%s'", wpa_s->bridge_ifname);
4328 wpa_s->l2_br = l2_packet_init_bridge(
4329 wpa_s->bridge_ifname, wpa_s->ifname, wpa_s->own_addr,
4330 ETH_P_EAPOL, wpa_supplicant_rx_eapol_bridge, wpa_s, 1);
4331 if (wpa_s->l2_br == NULL) {
4332 wpa_msg(wpa_s, MSG_ERROR, "Failed to open l2_packet "
4333 "connection for the bridge interface '%s'",
4334 wpa_s->bridge_ifname);
4335 return -1;
4336 }
4337 }
4338
4339 if (wpa_s->conf->ap_scan == 2 &&
4340 os_strcmp(wpa_s->driver->name, "nl80211") == 0) {
4341 wpa_printf(MSG_INFO,
4342 "Note: nl80211 driver interface is not designed to be used with ap_scan=2; this can result in connection failures");
4343 }
4344
4345 wpa_clear_keys(wpa_s, NULL);
4346
4347 /* Make sure that TKIP countermeasures are not left enabled (could
4348 * happen if wpa_supplicant is killed during countermeasures. */
4349 wpa_drv_set_countermeasures(wpa_s, 0);
4350
4351 wpa_dbg(wpa_s, MSG_DEBUG, "RSN: flushing PMKID list in the driver");
4352 wpa_drv_flush_pmkid(wpa_s);
4353
4354 wpa_s->prev_scan_ssid = WILDCARD_SSID_SCAN;
4355 wpa_s->prev_scan_wildcard = 0;
4356
4357 if (wpa_supplicant_enabled_networks(wpa_s)) {
4358 if (wpa_s->wpa_state == WPA_INTERFACE_DISABLED) {
4359 wpa_supplicant_set_state(wpa_s, WPA_DISCONNECTED);
4360 interface_count = 0;
4361 }
4362 #ifndef ANDROID
4363 if (!wpa_s->p2p_mgmt &&
4364 wpa_supplicant_delayed_sched_scan(wpa_s,
4365 interface_count % 3,
4366 100000))
4367 wpa_supplicant_req_scan(wpa_s, interface_count % 3,
4368 100000);
4369 #endif /* ANDROID */
4370 interface_count++;
4371 } else
4372 wpa_supplicant_set_state(wpa_s, WPA_INACTIVE);
4373
4374 return 0;
4375 }
4376
4377
4378 static int wpa_supplicant_daemon(const char *pid_file)
4379 {
4380 wpa_printf(MSG_DEBUG, "Daemonize..");
4381 return os_daemonize(pid_file);
4382 }
4383
4384
4385 static struct wpa_supplicant *
4386 wpa_supplicant_alloc(struct wpa_supplicant *parent)
4387 {
4388 struct wpa_supplicant *wpa_s;
4389
4390 wpa_s = os_zalloc(sizeof(*wpa_s));
4391 if (wpa_s == NULL)
4392 return NULL;
4393 wpa_s->scan_req = INITIAL_SCAN_REQ;
4394 wpa_s->scan_interval = 5;
4395 wpa_s->new_connection = 1;
4396 wpa_s->parent = parent ? parent : wpa_s;
4397 wpa_s->p2pdev = wpa_s->parent;
4398 wpa_s->sched_scanning = 0;
4399
4400 dl_list_init(&wpa_s->bss_tmp_disallowed);
4401 dl_list_init(&wpa_s->fils_hlp_req);
4402
4403 return wpa_s;
4404 }
4405
4406
4407 #ifdef CONFIG_HT_OVERRIDES
4408
4409 static int wpa_set_htcap_mcs(struct wpa_supplicant *wpa_s,
4410 struct ieee80211_ht_capabilities *htcaps,
4411 struct ieee80211_ht_capabilities *htcaps_mask,
4412 const char *ht_mcs)
4413 {
4414 /* parse ht_mcs into hex array */
4415 int i;
4416 const char *tmp = ht_mcs;
4417 char *end = NULL;
4418
4419 /* If ht_mcs is null, do not set anything */
4420 if (!ht_mcs)
4421 return 0;
4422
4423 /* This is what we are setting in the kernel */
4424 os_memset(&htcaps->supported_mcs_set, 0, IEEE80211_HT_MCS_MASK_LEN);
4425
4426 wpa_msg(wpa_s, MSG_DEBUG, "set_htcap, ht_mcs -:%s:-", ht_mcs);
4427
4428 for (i = 0; i < IEEE80211_HT_MCS_MASK_LEN; i++) {
4429 long v;
4430
4431 errno = 0;
4432 v = strtol(tmp, &end, 16);
4433
4434 if (errno == 0) {
4435 wpa_msg(wpa_s, MSG_DEBUG,
4436 "htcap value[%i]: %ld end: %p tmp: %p",
4437 i, v, end, tmp);
4438 if (end == tmp)
4439 break;
4440
4441 htcaps->supported_mcs_set[i] = v;
4442 tmp = end;
4443 } else {
4444 wpa_msg(wpa_s, MSG_ERROR,
4445 "Failed to parse ht-mcs: %s, error: %s\n",
4446 ht_mcs, strerror(errno));
4447 return -1;
4448 }
4449 }
4450
4451 /*
4452 * If we were able to parse any values, then set mask for the MCS set.
4453 */
4454 if (i) {
4455 os_memset(&htcaps_mask->supported_mcs_set, 0xff,
4456 IEEE80211_HT_MCS_MASK_LEN - 1);
4457 /* skip the 3 reserved bits */
4458 htcaps_mask->supported_mcs_set[IEEE80211_HT_MCS_MASK_LEN - 1] =
4459 0x1f;
4460 }
4461
4462 return 0;
4463 }
4464
4465
4466 static int wpa_disable_max_amsdu(struct wpa_supplicant *wpa_s,
4467 struct ieee80211_ht_capabilities *htcaps,
4468 struct ieee80211_ht_capabilities *htcaps_mask,
4469 int disabled)
4470 {
4471 le16 msk;
4472
4473 if (disabled == -1)
4474 return 0;
4475
4476 wpa_msg(wpa_s, MSG_DEBUG, "set_disable_max_amsdu: %d", disabled);
4477
4478 msk = host_to_le16(HT_CAP_INFO_MAX_AMSDU_SIZE);
4479 htcaps_mask->ht_capabilities_info |= msk;
4480 if (disabled)
4481 htcaps->ht_capabilities_info &= msk;
4482 else
4483 htcaps->ht_capabilities_info |= msk;
4484
4485 return 0;
4486 }
4487
4488
4489 static int wpa_set_ampdu_factor(struct wpa_supplicant *wpa_s,
4490 struct ieee80211_ht_capabilities *htcaps,
4491 struct ieee80211_ht_capabilities *htcaps_mask,
4492 int factor)
4493 {
4494 if (factor == -1)
4495 return 0;
4496
4497 wpa_msg(wpa_s, MSG_DEBUG, "set_ampdu_factor: %d", factor);
4498
4499 if (factor < 0 || factor > 3) {
4500 wpa_msg(wpa_s, MSG_ERROR, "ampdu_factor: %d out of range. "
4501 "Must be 0-3 or -1", factor);
4502 return -EINVAL;
4503 }
4504
4505 htcaps_mask->a_mpdu_params |= 0x3; /* 2 bits for factor */
4506 htcaps->a_mpdu_params &= ~0x3;
4507 htcaps->a_mpdu_params |= factor & 0x3;
4508
4509 return 0;
4510 }
4511
4512
4513 static int wpa_set_ampdu_density(struct wpa_supplicant *wpa_s,
4514 struct ieee80211_ht_capabilities *htcaps,
4515 struct ieee80211_ht_capabilities *htcaps_mask,
4516 int density)
4517 {
4518 if (density == -1)
4519 return 0;
4520
4521 wpa_msg(wpa_s, MSG_DEBUG, "set_ampdu_density: %d", density);
4522
4523 if (density < 0 || density > 7) {
4524 wpa_msg(wpa_s, MSG_ERROR,
4525 "ampdu_density: %d out of range. Must be 0-7 or -1.",
4526 density);
4527 return -EINVAL;
4528 }
4529
4530 htcaps_mask->a_mpdu_params |= 0x1C;
4531 htcaps->a_mpdu_params &= ~(0x1C);
4532 htcaps->a_mpdu_params |= (density << 2) & 0x1C;
4533
4534 return 0;
4535 }
4536
4537
4538 static int wpa_set_disable_ht40(struct wpa_supplicant *wpa_s,
4539 struct ieee80211_ht_capabilities *htcaps,
4540 struct ieee80211_ht_capabilities *htcaps_mask,
4541 int disabled)
4542 {
4543 if (disabled)
4544 wpa_msg(wpa_s, MSG_DEBUG, "set_disable_ht40: %d", disabled);
4545
4546 set_disable_ht40(htcaps, disabled);
4547 set_disable_ht40(htcaps_mask, 0);
4548
4549 return 0;
4550 }
4551
4552
4553 static int wpa_set_disable_sgi(struct wpa_supplicant *wpa_s,
4554 struct ieee80211_ht_capabilities *htcaps,
4555 struct ieee80211_ht_capabilities *htcaps_mask,
4556 int disabled)
4557 {
4558 /* Masking these out disables SGI */
4559 le16 msk = host_to_le16(HT_CAP_INFO_SHORT_GI20MHZ |
4560 HT_CAP_INFO_SHORT_GI40MHZ);
4561
4562 if (disabled)
4563 wpa_msg(wpa_s, MSG_DEBUG, "set_disable_sgi: %d", disabled);
4564
4565 if (disabled)
4566 htcaps->ht_capabilities_info &= ~msk;
4567 else
4568 htcaps->ht_capabilities_info |= msk;
4569
4570 htcaps_mask->ht_capabilities_info |= msk;
4571
4572 return 0;
4573 }
4574
4575
4576 static int wpa_set_disable_ldpc(struct wpa_supplicant *wpa_s,
4577 struct ieee80211_ht_capabilities *htcaps,
4578 struct ieee80211_ht_capabilities *htcaps_mask,
4579 int disabled)
4580 {
4581 /* Masking these out disables LDPC */
4582 le16 msk = host_to_le16(HT_CAP_INFO_LDPC_CODING_CAP);
4583
4584 if (disabled)
4585 wpa_msg(wpa_s, MSG_DEBUG, "set_disable_ldpc: %d", disabled);
4586
4587 if (disabled)
4588 htcaps->ht_capabilities_info &= ~msk;
4589 else
4590 htcaps->ht_capabilities_info |= msk;
4591
4592 htcaps_mask->ht_capabilities_info |= msk;
4593
4594 return 0;
4595 }
4596
4597
4598 static int wpa_set_tx_stbc(struct wpa_supplicant *wpa_s,
4599 struct ieee80211_ht_capabilities *htcaps,
4600 struct ieee80211_ht_capabilities *htcaps_mask,
4601 int tx_stbc)
4602 {
4603 le16 msk = host_to_le16(HT_CAP_INFO_TX_STBC);
4604
4605 if (tx_stbc == -1)
4606 return 0;
4607
4608 wpa_msg(wpa_s, MSG_DEBUG, "set_tx_stbc: %d", tx_stbc);
4609
4610 if (tx_stbc < 0 || tx_stbc > 1) {
4611 wpa_msg(wpa_s, MSG_ERROR,
4612 "tx_stbc: %d out of range. Must be 0-1 or -1", tx_stbc);
4613 return -EINVAL;
4614 }
4615
4616 htcaps_mask->ht_capabilities_info |= msk;
4617 htcaps->ht_capabilities_info &= ~msk;
4618 htcaps->ht_capabilities_info |= (tx_stbc << 7) & msk;
4619
4620 return 0;
4621 }
4622
4623
4624 static int wpa_set_rx_stbc(struct wpa_supplicant *wpa_s,
4625 struct ieee80211_ht_capabilities *htcaps,
4626 struct ieee80211_ht_capabilities *htcaps_mask,
4627 int rx_stbc)
4628 {
4629 le16 msk = host_to_le16(HT_CAP_INFO_RX_STBC_MASK);
4630
4631 if (rx_stbc == -1)
4632 return 0;
4633
4634 wpa_msg(wpa_s, MSG_DEBUG, "set_rx_stbc: %d", rx_stbc);
4635
4636 if (rx_stbc < 0 || rx_stbc > 3) {
4637 wpa_msg(wpa_s, MSG_ERROR,
4638 "rx_stbc: %d out of range. Must be 0-3 or -1", rx_stbc);
4639 return -EINVAL;
4640 }
4641
4642 htcaps_mask->ht_capabilities_info |= msk;
4643 htcaps->ht_capabilities_info &= ~msk;
4644 htcaps->ht_capabilities_info |= (rx_stbc << 8) & msk;
4645
4646 return 0;
4647 }
4648
4649
4650 void wpa_supplicant_apply_ht_overrides(
4651 struct wpa_supplicant *wpa_s, struct wpa_ssid *ssid,
4652 struct wpa_driver_associate_params *params)
4653 {
4654 struct ieee80211_ht_capabilities *htcaps;
4655 struct ieee80211_ht_capabilities *htcaps_mask;
4656
4657 if (!ssid)
4658 return;
4659
4660 params->disable_ht = ssid->disable_ht;
4661 if (!params->htcaps || !params->htcaps_mask)
4662 return;
4663
4664 htcaps = (struct ieee80211_ht_capabilities *) params->htcaps;
4665 htcaps_mask = (struct ieee80211_ht_capabilities *) params->htcaps_mask;
4666 wpa_set_htcap_mcs(wpa_s, htcaps, htcaps_mask, ssid->ht_mcs);
4667 wpa_disable_max_amsdu(wpa_s, htcaps, htcaps_mask,
4668 ssid->disable_max_amsdu);
4669 wpa_set_ampdu_factor(wpa_s, htcaps, htcaps_mask, ssid->ampdu_factor);
4670 wpa_set_ampdu_density(wpa_s, htcaps, htcaps_mask, ssid->ampdu_density);
4671 wpa_set_disable_ht40(wpa_s, htcaps, htcaps_mask, ssid->disable_ht40);
4672 wpa_set_disable_sgi(wpa_s, htcaps, htcaps_mask, ssid->disable_sgi);
4673 wpa_set_disable_ldpc(wpa_s, htcaps, htcaps_mask, ssid->disable_ldpc);
4674 wpa_set_rx_stbc(wpa_s, htcaps, htcaps_mask, ssid->rx_stbc);
4675 wpa_set_tx_stbc(wpa_s, htcaps, htcaps_mask, ssid->tx_stbc);
4676
4677 if (ssid->ht40_intolerant) {
4678 le16 bit = host_to_le16(HT_CAP_INFO_40MHZ_INTOLERANT);
4679 htcaps->ht_capabilities_info |= bit;
4680 htcaps_mask->ht_capabilities_info |= bit;
4681 }
4682 }
4683
4684 #endif /* CONFIG_HT_OVERRIDES */
4685
4686
4687 #ifdef CONFIG_VHT_OVERRIDES
4688 void wpa_supplicant_apply_vht_overrides(
4689 struct wpa_supplicant *wpa_s, struct wpa_ssid *ssid,
4690 struct wpa_driver_associate_params *params)
4691 {
4692 struct ieee80211_vht_capabilities *vhtcaps;
4693 struct ieee80211_vht_capabilities *vhtcaps_mask;
4694
4695 if (!ssid)
4696 return;
4697
4698 params->disable_vht = ssid->disable_vht;
4699
4700 vhtcaps = (void *) params->vhtcaps;
4701 vhtcaps_mask = (void *) params->vhtcaps_mask;
4702
4703 if (!vhtcaps || !vhtcaps_mask)
4704 return;
4705
4706 vhtcaps->vht_capabilities_info = host_to_le32(ssid->vht_capa);
4707 vhtcaps_mask->vht_capabilities_info = host_to_le32(ssid->vht_capa_mask);
4708
4709 #ifdef CONFIG_HT_OVERRIDES
4710 if (ssid->disable_sgi) {
4711 vhtcaps_mask->vht_capabilities_info |= (VHT_CAP_SHORT_GI_80 |
4712 VHT_CAP_SHORT_GI_160);
4713 vhtcaps->vht_capabilities_info &= ~(VHT_CAP_SHORT_GI_80 |
4714 VHT_CAP_SHORT_GI_160);
4715 wpa_msg(wpa_s, MSG_DEBUG,
4716 "disable-sgi override specified, vht-caps: 0x%x",
4717 vhtcaps->vht_capabilities_info);
4718 }
4719
4720 /* if max ampdu is <= 3, we have to make the HT cap the same */
4721 if (ssid->vht_capa_mask & VHT_CAP_MAX_A_MPDU_LENGTH_EXPONENT_MAX) {
4722 int max_ampdu;
4723
4724 max_ampdu = (ssid->vht_capa &
4725 VHT_CAP_MAX_A_MPDU_LENGTH_EXPONENT_MAX) >>
4726 VHT_CAP_MAX_A_MPDU_LENGTH_EXPONENT_MAX_SHIFT;
4727
4728 max_ampdu = max_ampdu < 3 ? max_ampdu : 3;
4729 wpa_set_ampdu_factor(wpa_s,
4730 (void *) params->htcaps,
4731 (void *) params->htcaps_mask,
4732 max_ampdu);
4733 }
4734 #endif /* CONFIG_HT_OVERRIDES */
4735
4736 #define OVERRIDE_MCS(i) \
4737 if (ssid->vht_tx_mcs_nss_ ##i >= 0) { \
4738 vhtcaps_mask->vht_supported_mcs_set.tx_map |= \
4739 host_to_le16(3 << 2 * (i - 1)); \
4740 vhtcaps->vht_supported_mcs_set.tx_map |= \
4741 host_to_le16(ssid->vht_tx_mcs_nss_ ##i << \
4742 2 * (i - 1)); \
4743 } \
4744 if (ssid->vht_rx_mcs_nss_ ##i >= 0) { \
4745 vhtcaps_mask->vht_supported_mcs_set.rx_map |= \
4746 host_to_le16(3 << 2 * (i - 1)); \
4747 vhtcaps->vht_supported_mcs_set.rx_map |= \
4748 host_to_le16(ssid->vht_rx_mcs_nss_ ##i << \
4749 2 * (i - 1)); \
4750 }
4751
4752 OVERRIDE_MCS(1);
4753 OVERRIDE_MCS(2);
4754 OVERRIDE_MCS(3);
4755 OVERRIDE_MCS(4);
4756 OVERRIDE_MCS(5);
4757 OVERRIDE_MCS(6);
4758 OVERRIDE_MCS(7);
4759 OVERRIDE_MCS(8);
4760 }
4761 #endif /* CONFIG_VHT_OVERRIDES */
4762
4763
4764 static int pcsc_reader_init(struct wpa_supplicant *wpa_s)
4765 {
4766 #ifdef PCSC_FUNCS
4767 size_t len;
4768
4769 if (!wpa_s->conf->pcsc_reader)
4770 return 0;
4771
4772 wpa_s->scard = scard_init(wpa_s->conf->pcsc_reader);
4773 if (!wpa_s->scard)
4774 return 1;
4775
4776 if (wpa_s->conf->pcsc_pin &&
4777 scard_set_pin(wpa_s->scard, wpa_s->conf->pcsc_pin) < 0) {
4778 scard_deinit(wpa_s->scard);
4779 wpa_s->scard = NULL;
4780 wpa_msg(wpa_s, MSG_ERROR, "PC/SC PIN validation failed");
4781 return -1;
4782 }
4783
4784 len = sizeof(wpa_s->imsi) - 1;
4785 if (scard_get_imsi(wpa_s->scard, wpa_s->imsi, &len)) {
4786 scard_deinit(wpa_s->scard);
4787 wpa_s->scard = NULL;
4788 wpa_msg(wpa_s, MSG_ERROR, "Could not read IMSI");
4789 return -1;
4790 }
4791 wpa_s->imsi[len] = '\0';
4792
4793 wpa_s->mnc_len = scard_get_mnc_len(wpa_s->scard);
4794
4795 wpa_printf(MSG_DEBUG, "SCARD: IMSI %s (MNC length %d)",
4796 wpa_s->imsi, wpa_s->mnc_len);
4797
4798 wpa_sm_set_scard_ctx(wpa_s->wpa, wpa_s->scard);
4799 eapol_sm_register_scard_ctx(wpa_s->eapol, wpa_s->scard);
4800 #endif /* PCSC_FUNCS */
4801
4802 return 0;
4803 }
4804
4805
4806 int wpas_init_ext_pw(struct wpa_supplicant *wpa_s)
4807 {
4808 char *val, *pos;
4809
4810 ext_password_deinit(wpa_s->ext_pw);
4811 wpa_s->ext_pw = NULL;
4812 eapol_sm_set_ext_pw_ctx(wpa_s->eapol, NULL);
4813
4814 if (!wpa_s->conf->ext_password_backend)
4815 return 0;
4816
4817 val = os_strdup(wpa_s->conf->ext_password_backend);
4818 if (val == NULL)
4819 return -1;
4820 pos = os_strchr(val, ':');
4821 if (pos)
4822 *pos++ = '\0';
4823
4824 wpa_printf(MSG_DEBUG, "EXT PW: Initialize backend '%s'", val);
4825
4826 wpa_s->ext_pw = ext_password_init(val, pos);
4827 os_free(val);
4828 if (wpa_s->ext_pw == NULL) {
4829 wpa_printf(MSG_DEBUG, "EXT PW: Failed to initialize backend");
4830 return -1;
4831 }
4832 eapol_sm_set_ext_pw_ctx(wpa_s->eapol, wpa_s->ext_pw);
4833
4834 return 0;
4835 }
4836
4837
4838 #ifdef CONFIG_FST
4839
4840 static const u8 * wpas_fst_get_bssid_cb(void *ctx)
4841 {
4842 struct wpa_supplicant *wpa_s = ctx;
4843
4844 return (is_zero_ether_addr(wpa_s->bssid) ||
4845 wpa_s->wpa_state != WPA_COMPLETED) ? NULL : wpa_s->bssid;
4846 }
4847
4848
4849 static void wpas_fst_get_channel_info_cb(void *ctx,
4850 enum hostapd_hw_mode *hw_mode,
4851 u8 *channel)
4852 {
4853 struct wpa_supplicant *wpa_s = ctx;
4854
4855 if (wpa_s->current_bss) {
4856 *hw_mode = ieee80211_freq_to_chan(wpa_s->current_bss->freq,
4857 channel);
4858 } else if (wpa_s->hw.num_modes) {
4859 *hw_mode = wpa_s->hw.modes[0].mode;
4860 } else {
4861 WPA_ASSERT(0);
4862 *hw_mode = 0;
4863 }
4864 }
4865
4866
4867 static int wpas_fst_get_hw_modes(void *ctx, struct hostapd_hw_modes **modes)
4868 {
4869 struct wpa_supplicant *wpa_s = ctx;
4870
4871 *modes = wpa_s->hw.modes;
4872 return wpa_s->hw.num_modes;
4873 }
4874
4875
4876 static void wpas_fst_set_ies_cb(void *ctx, const struct wpabuf *fst_ies)
4877 {
4878 struct wpa_supplicant *wpa_s = ctx;
4879
4880 wpa_hexdump_buf(MSG_DEBUG, "FST: Set IEs", fst_ies);
4881 wpa_s->fst_ies = fst_ies;
4882 }
4883
4884
4885 static int wpas_fst_send_action_cb(void *ctx, const u8 *da, struct wpabuf *data)
4886 {
4887 struct wpa_supplicant *wpa_s = ctx;
4888
4889 if (os_memcmp(wpa_s->bssid, da, ETH_ALEN) != 0) {
4890 wpa_printf(MSG_INFO, "FST:%s:bssid=" MACSTR " != da=" MACSTR,
4891 __func__, MAC2STR(wpa_s->bssid), MAC2STR(da));
4892 return -1;
4893 }
4894 return wpa_drv_send_action(wpa_s, wpa_s->assoc_freq, 0, wpa_s->bssid,
4895 wpa_s->own_addr, wpa_s->bssid,
4896 wpabuf_head(data), wpabuf_len(data),
4897 0);
4898 }
4899
4900
4901 static const struct wpabuf * wpas_fst_get_mb_ie_cb(void *ctx, const u8 *addr)
4902 {
4903 struct wpa_supplicant *wpa_s = ctx;
4904
4905 WPA_ASSERT(os_memcmp(wpa_s->bssid, addr, ETH_ALEN) == 0);
4906 return wpa_s->received_mb_ies;
4907 }
4908
4909
4910 static void wpas_fst_update_mb_ie_cb(void *ctx, const u8 *addr,
4911 const u8 *buf, size_t size)
4912 {
4913 struct wpa_supplicant *wpa_s = ctx;
4914 struct mb_ies_info info;
4915
4916 WPA_ASSERT(os_memcmp(wpa_s->bssid, addr, ETH_ALEN) == 0);
4917
4918 if (!mb_ies_info_by_ies(&info, buf, size)) {
4919 wpabuf_free(wpa_s->received_mb_ies);
4920 wpa_s->received_mb_ies = mb_ies_by_info(&info);
4921 }
4922 }
4923
4924
4925 static const u8 * wpas_fst_get_peer_first(void *ctx,
4926 struct fst_get_peer_ctx **get_ctx,
4927 Boolean mb_only)
4928 {
4929 struct wpa_supplicant *wpa_s = ctx;
4930
4931 *get_ctx = NULL;
4932 if (!is_zero_ether_addr(wpa_s->bssid))
4933 return (wpa_s->received_mb_ies || !mb_only) ?
4934 wpa_s->bssid : NULL;
4935 return NULL;
4936 }
4937
4938
4939 static const u8 * wpas_fst_get_peer_next(void *ctx,
4940 struct fst_get_peer_ctx **get_ctx,
4941 Boolean mb_only)
4942 {
4943 return NULL;
4944 }
4945
4946 void fst_wpa_supplicant_fill_iface_obj(struct wpa_supplicant *wpa_s,
4947 struct fst_wpa_obj *iface_obj)
4948 {
4949 iface_obj->ctx = wpa_s;
4950 iface_obj->get_bssid = wpas_fst_get_bssid_cb;
4951 iface_obj->get_channel_info = wpas_fst_get_channel_info_cb;
4952 iface_obj->get_hw_modes = wpas_fst_get_hw_modes;
4953 iface_obj->set_ies = wpas_fst_set_ies_cb;
4954 iface_obj->send_action = wpas_fst_send_action_cb;
4955 iface_obj->get_mb_ie = wpas_fst_get_mb_ie_cb;
4956 iface_obj->update_mb_ie = wpas_fst_update_mb_ie_cb;
4957 iface_obj->get_peer_first = wpas_fst_get_peer_first;
4958 iface_obj->get_peer_next = wpas_fst_get_peer_next;
4959 }
4960 #endif /* CONFIG_FST */
4961
4962 static int wpas_set_wowlan_triggers(struct wpa_supplicant *wpa_s,
4963 const struct wpa_driver_capa *capa)
4964 {
4965 struct wowlan_triggers *triggers;
4966 int ret = 0;
4967
4968 if (!wpa_s->conf->wowlan_triggers)
4969 return 0;
4970
4971 triggers = wpa_get_wowlan_triggers(wpa_s->conf->wowlan_triggers, capa);
4972 if (triggers) {
4973 ret = wpa_drv_wowlan(wpa_s, triggers);
4974 os_free(triggers);
4975 }
4976 return ret;
4977 }
4978
4979
4980 enum wpa_radio_work_band wpas_freq_to_band(int freq)
4981 {
4982 if (freq < 3000)
4983 return BAND_2_4_GHZ;
4984 if (freq > 50000)
4985 return BAND_60_GHZ;
4986 return BAND_5_GHZ;
4987 }
4988
4989
4990 unsigned int wpas_get_bands(struct wpa_supplicant *wpa_s, const int *freqs)
4991 {
4992 int i;
4993 unsigned int band = 0;
4994
4995 if (freqs) {
4996 /* freqs are specified for the radio work */
4997 for (i = 0; freqs[i]; i++)
4998 band |= wpas_freq_to_band(freqs[i]);
4999 } else {
5000 /*
5001 * freqs are not specified, implies all
5002 * the supported freqs by HW
5003 */
5004 for (i = 0; i < wpa_s->hw.num_modes; i++) {
5005 if (wpa_s->hw.modes[i].num_channels != 0) {
5006 if (wpa_s->hw.modes[i].mode ==
5007 HOSTAPD_MODE_IEEE80211B ||
5008 wpa_s->hw.modes[i].mode ==
5009 HOSTAPD_MODE_IEEE80211G)
5010 band |= BAND_2_4_GHZ;
5011 else if (wpa_s->hw.modes[i].mode ==
5012 HOSTAPD_MODE_IEEE80211A)
5013 band |= BAND_5_GHZ;
5014 else if (wpa_s->hw.modes[i].mode ==
5015 HOSTAPD_MODE_IEEE80211AD)
5016 band |= BAND_60_GHZ;
5017 else if (wpa_s->hw.modes[i].mode ==
5018 HOSTAPD_MODE_IEEE80211ANY)
5019 band = BAND_2_4_GHZ | BAND_5_GHZ |
5020 BAND_60_GHZ;
5021 }
5022 }
5023 }
5024
5025 return band;
5026 }
5027
5028
5029 static struct wpa_radio * radio_add_interface(struct wpa_supplicant *wpa_s,
5030 const char *rn)
5031 {
5032 struct wpa_supplicant *iface = wpa_s->global->ifaces;
5033 struct wpa_radio *radio;
5034
5035 while (rn && iface) {
5036 radio = iface->radio;
5037 if (radio && os_strcmp(rn, radio->name) == 0) {
5038 wpa_printf(MSG_DEBUG, "Add interface %s to existing radio %s",
5039 wpa_s->ifname, rn);
5040 dl_list_add(&radio->ifaces, &wpa_s->radio_list);
5041 return radio;
5042 }
5043
5044 iface = iface->next;
5045 }
5046
5047 wpa_printf(MSG_DEBUG, "Add interface %s to a new radio %s",
5048 wpa_s->ifname, rn ? rn : "N/A");
5049 radio = os_zalloc(sizeof(*radio));
5050 if (radio == NULL)
5051 return NULL;
5052
5053 if (rn)
5054 os_strlcpy(radio->name, rn, sizeof(radio->name));
5055 dl_list_init(&radio->ifaces);
5056 dl_list_init(&radio->work);
5057 dl_list_add(&radio->ifaces, &wpa_s->radio_list);
5058
5059 return radio;
5060 }
5061
5062
5063 static void radio_work_free(struct wpa_radio_work *work)
5064 {
5065 if (work->wpa_s->scan_work == work) {
5066 /* This should not really happen. */
5067 wpa_dbg(work->wpa_s, MSG_INFO, "Freeing radio work '%s'@%p (started=%d) that is marked as scan_work",
5068 work->type, work, work->started);
5069 work->wpa_s->scan_work = NULL;
5070 }
5071
5072 #ifdef CONFIG_P2P
5073 if (work->wpa_s->p2p_scan_work == work) {
5074 /* This should not really happen. */
5075 wpa_dbg(work->wpa_s, MSG_INFO, "Freeing radio work '%s'@%p (started=%d) that is marked as p2p_scan_work",
5076 work->type, work, work->started);
5077 work->wpa_s->p2p_scan_work = NULL;
5078 }
5079 #endif /* CONFIG_P2P */
5080
5081 if (work->started) {
5082 work->wpa_s->radio->num_active_works--;
5083 wpa_dbg(work->wpa_s, MSG_DEBUG,
5084 "radio_work_free('%s'@%p): num_active_works --> %u",
5085 work->type, work,
5086 work->wpa_s->radio->num_active_works);
5087 }
5088
5089 dl_list_del(&work->list);
5090 os_free(work);
5091 }
5092
5093
5094 static int radio_work_is_connect(struct wpa_radio_work *work)
5095 {
5096 return os_strcmp(work->type, "sme-connect") == 0 ||
5097 os_strcmp(work->type, "connect") == 0;
5098 }
5099
5100
5101 static int radio_work_is_scan(struct wpa_radio_work *work)
5102 {
5103 return os_strcmp(work->type, "scan") == 0 ||
5104 os_strcmp(work->type, "p2p-scan") == 0;
5105 }
5106
5107
5108 static struct wpa_radio_work * radio_work_get_next_work(struct wpa_radio *radio)
5109 {
5110 struct wpa_radio_work *active_work = NULL;
5111 struct wpa_radio_work *tmp;
5112
5113 /* Get the active work to know the type and band. */
5114 dl_list_for_each(tmp, &radio->work, struct wpa_radio_work, list) {
5115 if (tmp->started) {
5116 active_work = tmp;
5117 break;
5118 }
5119 }
5120
5121 if (!active_work) {
5122 /* No active work, start one */
5123 radio->num_active_works = 0;
5124 dl_list_for_each(tmp, &radio->work, struct wpa_radio_work,
5125 list) {
5126 if (os_strcmp(tmp->type, "scan") == 0 &&
5127 radio->external_scan_running &&
5128 (((struct wpa_driver_scan_params *)
5129 tmp->ctx)->only_new_results ||
5130 tmp->wpa_s->clear_driver_scan_cache))
5131 continue;
5132 return tmp;
5133 }
5134 return NULL;
5135 }
5136
5137 if (radio_work_is_connect(active_work)) {
5138 /*
5139 * If the active work is either connect or sme-connect,
5140 * do not parallelize them with other radio works.
5141 */
5142 wpa_dbg(active_work->wpa_s, MSG_DEBUG,
5143 "Do not parallelize radio work with %s",
5144 active_work->type);
5145 return NULL;
5146 }
5147
5148 dl_list_for_each(tmp, &radio->work, struct wpa_radio_work, list) {
5149 if (tmp->started)
5150 continue;
5151
5152 /*
5153 * If connect or sme-connect are enqueued, parallelize only
5154 * those operations ahead of them in the queue.
5155 */
5156 if (radio_work_is_connect(tmp))
5157 break;
5158
5159 /* Serialize parallel scan and p2p_scan operations on the same
5160 * interface since the driver_nl80211 mechanism for tracking
5161 * scan cookies does not yet have support for this. */
5162 if (active_work->wpa_s == tmp->wpa_s &&
5163 radio_work_is_scan(active_work) &&
5164 radio_work_is_scan(tmp)) {
5165 wpa_dbg(active_work->wpa_s, MSG_DEBUG,
5166 "Do not start work '%s' when another work '%s' is already scheduled",
5167 tmp->type, active_work->type);
5168 continue;
5169 }
5170 /*
5171 * Check that the radio works are distinct and
5172 * on different bands.
5173 */
5174 if (os_strcmp(active_work->type, tmp->type) != 0 &&
5175 (active_work->bands != tmp->bands)) {
5176 /*
5177 * If a scan has to be scheduled through nl80211 scan
5178 * interface and if an external scan is already running,
5179 * do not schedule the scan since it is likely to get
5180 * rejected by kernel.
5181 */
5182 if (os_strcmp(tmp->type, "scan") == 0 &&
5183 radio->external_scan_running &&
5184 (((struct wpa_driver_scan_params *)
5185 tmp->ctx)->only_new_results ||
5186 tmp->wpa_s->clear_driver_scan_cache))
5187 continue;
5188
5189 wpa_dbg(active_work->wpa_s, MSG_DEBUG,
5190 "active_work:%s new_work:%s",
5191 active_work->type, tmp->type);
5192 return tmp;
5193 }
5194 }
5195
5196 /* Did not find a radio work to schedule in parallel. */
5197 return NULL;
5198 }
5199
5200
5201 static void radio_start_next_work(void *eloop_ctx, void *timeout_ctx)
5202 {
5203 struct wpa_radio *radio = eloop_ctx;
5204 struct wpa_radio_work *work;
5205 struct os_reltime now, diff;
5206 struct wpa_supplicant *wpa_s;
5207
5208 work = dl_list_first(&radio->work, struct wpa_radio_work, list);
5209 if (work == NULL) {
5210 radio->num_active_works = 0;
5211 return;
5212 }
5213
5214 wpa_s = dl_list_first(&radio->ifaces, struct wpa_supplicant,
5215 radio_list);
5216
5217 if (!(wpa_s &&
5218 wpa_s->drv_flags & WPA_DRIVER_FLAGS_OFFCHANNEL_SIMULTANEOUS)) {
5219 if (work->started)
5220 return; /* already started and still in progress */
5221
5222 if (wpa_s && wpa_s->radio->external_scan_running) {
5223 wpa_printf(MSG_DEBUG, "Delay radio work start until externally triggered scan completes");
5224 return;
5225 }
5226 } else {
5227 work = NULL;
5228 if (radio->num_active_works < MAX_ACTIVE_WORKS) {
5229 /* get the work to schedule next */
5230 work = radio_work_get_next_work(radio);
5231 }
5232 if (!work)
5233 return;
5234 }
5235
5236 wpa_s = work->wpa_s;
5237 os_get_reltime(&now);
5238 os_reltime_sub(&now, &work->time, &diff);
5239 wpa_dbg(wpa_s, MSG_DEBUG,
5240 "Starting radio work '%s'@%p after %ld.%06ld second wait",
5241 work->type, work, diff.sec, diff.usec);
5242 work->started = 1;
5243 work->time = now;
5244 radio->num_active_works++;
5245
5246 work->cb(work, 0);
5247
5248 if ((wpa_s->drv_flags & WPA_DRIVER_FLAGS_OFFCHANNEL_SIMULTANEOUS) &&
5249 radio->num_active_works < MAX_ACTIVE_WORKS)
5250 radio_work_check_next(wpa_s);
5251 }
5252
5253
5254 /*
5255 * This function removes both started and pending radio works running on
5256 * the provided interface's radio.
5257 * Prior to the removal of the radio work, its callback (cb) is called with
5258 * deinit set to be 1. Each work's callback is responsible for clearing its
5259 * internal data and restoring to a correct state.
5260 * @wpa_s: wpa_supplicant data
5261 * @type: type of works to be removed
5262 * @remove_all: 1 to remove all the works on this radio, 0 to remove only
5263 * this interface's works.
5264 */
5265 void radio_remove_works(struct wpa_supplicant *wpa_s,
5266 const char *type, int remove_all)
5267 {
5268 struct wpa_radio_work *work, *tmp;
5269 struct wpa_radio *radio = wpa_s->radio;
5270
5271 dl_list_for_each_safe(work, tmp, &radio->work, struct wpa_radio_work,
5272 list) {
5273 if (type && os_strcmp(type, work->type) != 0)
5274 continue;
5275
5276 /* skip other ifaces' works */
5277 if (!remove_all && work->wpa_s != wpa_s)
5278 continue;
5279
5280 wpa_dbg(wpa_s, MSG_DEBUG, "Remove radio work '%s'@%p%s",
5281 work->type, work, work->started ? " (started)" : "");
5282 work->cb(work, 1);
5283 radio_work_free(work);
5284 }
5285
5286 /* in case we removed the started work */
5287 radio_work_check_next(wpa_s);
5288 }
5289
5290
5291 void radio_remove_pending_work(struct wpa_supplicant *wpa_s, void *ctx)
5292 {
5293 struct wpa_radio_work *work;
5294 struct wpa_radio *radio = wpa_s->radio;
5295
5296 dl_list_for_each(work, &radio->work, struct wpa_radio_work, list) {
5297 if (work->ctx != ctx)
5298 continue;
5299 wpa_dbg(wpa_s, MSG_DEBUG, "Free pending radio work '%s'@%p%s",
5300 work->type, work, work->started ? " (started)" : "");
5301 radio_work_free(work);
5302 break;
5303 }
5304 }
5305
5306
5307 static void radio_remove_interface(struct wpa_supplicant *wpa_s)
5308 {
5309 struct wpa_radio *radio = wpa_s->radio;
5310
5311 if (!radio)
5312 return;
5313
5314 wpa_printf(MSG_DEBUG, "Remove interface %s from radio %s",
5315 wpa_s->ifname, radio->name);
5316 dl_list_del(&wpa_s->radio_list);
5317 radio_remove_works(wpa_s, NULL, 0);
5318 wpa_s->radio = NULL;
5319 if (!dl_list_empty(&radio->ifaces))
5320 return; /* Interfaces remain for this radio */
5321
5322 wpa_printf(MSG_DEBUG, "Remove radio %s", radio->name);
5323 eloop_cancel_timeout(radio_start_next_work, radio, NULL);
5324 os_free(radio);
5325 }
5326
5327
5328 void radio_work_check_next(struct wpa_supplicant *wpa_s)
5329 {
5330 struct wpa_radio *radio = wpa_s->radio;
5331
5332 if (dl_list_empty(&radio->work))
5333 return;
5334 if (wpa_s->ext_work_in_progress) {
5335 wpa_printf(MSG_DEBUG,
5336 "External radio work in progress - delay start of pending item");
5337 return;
5338 }
5339 eloop_cancel_timeout(radio_start_next_work, radio, NULL);
5340 eloop_register_timeout(0, 0, radio_start_next_work, radio, NULL);
5341 }
5342
5343
5344 /**
5345 * radio_add_work - Add a radio work item
5346 * @wpa_s: Pointer to wpa_supplicant data
5347 * @freq: Frequency of the offchannel operation in MHz or 0
5348 * @type: Unique identifier for each type of work
5349 * @next: Force as the next work to be executed
5350 * @cb: Callback function for indicating when radio is available
5351 * @ctx: Context pointer for the work (work->ctx in cb())
5352 * Returns: 0 on success, -1 on failure
5353 *
5354 * This function is used to request time for an operation that requires
5355 * exclusive radio control. Once the radio is available, the registered callback
5356 * function will be called. radio_work_done() must be called once the exclusive
5357 * radio operation has been completed, so that the radio is freed for other
5358 * operations. The special case of deinit=1 is used to free the context data
5359 * during interface removal. That does not allow the callback function to start
5360 * the radio operation, i.e., it must free any resources allocated for the radio
5361 * work and return.
5362 *
5363 * The @freq parameter can be used to indicate a single channel on which the
5364 * offchannel operation will occur. This may allow multiple radio work
5365 * operations to be performed in parallel if they apply for the same channel.
5366 * Setting this to 0 indicates that the work item may use multiple channels or
5367 * requires exclusive control of the radio.
5368 */
5369 int radio_add_work(struct wpa_supplicant *wpa_s, unsigned int freq,
5370 const char *type, int next,
5371 void (*cb)(struct wpa_radio_work *work, int deinit),
5372 void *ctx)
5373 {
5374 struct wpa_radio *radio = wpa_s->radio;
5375 struct wpa_radio_work *work;
5376 int was_empty;
5377
5378 work = os_zalloc(sizeof(*work));
5379 if (work == NULL)
5380 return -1;
5381 wpa_dbg(wpa_s, MSG_DEBUG, "Add radio work '%s'@%p", type, work);
5382 os_get_reltime(&work->time);
5383 work->freq = freq;
5384 work->type = type;
5385 work->wpa_s = wpa_s;
5386 work->cb = cb;
5387 work->ctx = ctx;
5388
5389 if (freq)
5390 work->bands = wpas_freq_to_band(freq);
5391 else if (os_strcmp(type, "scan") == 0 ||
5392 os_strcmp(type, "p2p-scan") == 0)
5393 work->bands = wpas_get_bands(wpa_s,
5394 ((struct wpa_driver_scan_params *)
5395 ctx)->freqs);
5396 else
5397 work->bands = wpas_get_bands(wpa_s, NULL);
5398
5399 was_empty = dl_list_empty(&wpa_s->radio->work);
5400 if (next)
5401 dl_list_add(&wpa_s->radio->work, &work->list);
5402 else
5403 dl_list_add_tail(&wpa_s->radio->work, &work->list);
5404 if (was_empty) {
5405 wpa_dbg(wpa_s, MSG_DEBUG, "First radio work item in the queue - schedule start immediately");
5406 radio_work_check_next(wpa_s);
5407 } else if ((wpa_s->drv_flags & WPA_DRIVER_FLAGS_OFFCHANNEL_SIMULTANEOUS)
5408 && radio->num_active_works < MAX_ACTIVE_WORKS) {
5409 wpa_dbg(wpa_s, MSG_DEBUG,
5410 "Try to schedule a radio work (num_active_works=%u)",
5411 radio->num_active_works);
5412 radio_work_check_next(wpa_s);
5413 }
5414
5415 return 0;
5416 }
5417
5418
5419 /**
5420 * radio_work_done - Indicate that a radio work item has been completed
5421 * @work: Completed work
5422 *
5423 * This function is called once the callback function registered with
5424 * radio_add_work() has completed its work.
5425 */
5426 void radio_work_done(struct wpa_radio_work *work)
5427 {
5428 struct wpa_supplicant *wpa_s = work->wpa_s;
5429 struct os_reltime now, diff;
5430 unsigned int started = work->started;
5431
5432 os_get_reltime(&now);
5433 os_reltime_sub(&now, &work->time, &diff);
5434 wpa_dbg(wpa_s, MSG_DEBUG, "Radio work '%s'@%p %s in %ld.%06ld seconds",
5435 work->type, work, started ? "done" : "canceled",
5436 diff.sec, diff.usec);
5437 radio_work_free(work);
5438 if (started)
5439 radio_work_check_next(wpa_s);
5440 }
5441
5442
5443 struct wpa_radio_work *
5444 radio_work_pending(struct wpa_supplicant *wpa_s, const char *type)
5445 {
5446 struct wpa_radio_work *work;
5447 struct wpa_radio *radio = wpa_s->radio;
5448
5449 dl_list_for_each(work, &radio->work, struct wpa_radio_work, list) {
5450 if (work->wpa_s == wpa_s && os_strcmp(work->type, type) == 0)
5451 return work;
5452 }
5453
5454 return NULL;
5455 }
5456
5457
5458 static int wpas_init_driver(struct wpa_supplicant *wpa_s,
5459 const struct wpa_interface *iface)
5460 {
5461 const char *ifname, *driver, *rn;
5462
5463 driver = iface->driver;
5464 next_driver:
5465 if (wpa_supplicant_set_driver(wpa_s, driver) < 0)
5466 return -1;
5467
5468 wpa_s->drv_priv = wpa_drv_init(wpa_s, wpa_s->ifname);
5469 if (wpa_s->drv_priv == NULL) {
5470 const char *pos;
5471 pos = driver ? os_strchr(driver, ',') : NULL;
5472 if (pos) {
5473 wpa_dbg(wpa_s, MSG_DEBUG, "Failed to initialize "
5474 "driver interface - try next driver wrapper");
5475 driver = pos + 1;
5476 goto next_driver;
5477 }
5478 wpa_msg(wpa_s, MSG_ERROR, "Failed to initialize driver "
5479 "interface");
5480 return -1;
5481 }
5482 if (wpa_drv_set_param(wpa_s, wpa_s->conf->driver_param) < 0) {
5483 wpa_msg(wpa_s, MSG_ERROR, "Driver interface rejected "
5484 "driver_param '%s'", wpa_s->conf->driver_param);
5485 return -1;
5486 }
5487
5488 ifname = wpa_drv_get_ifname(wpa_s);
5489 if (ifname && os_strcmp(ifname, wpa_s->ifname) != 0) {
5490 wpa_dbg(wpa_s, MSG_DEBUG, "Driver interface replaced "
5491 "interface name with '%s'", ifname);
5492 os_strlcpy(wpa_s->ifname, ifname, sizeof(wpa_s->ifname));
5493 }
5494
5495 rn = wpa_driver_get_radio_name(wpa_s);
5496 if (rn && rn[0] == '\0')
5497 rn = NULL;
5498
5499 wpa_s->radio = radio_add_interface(wpa_s, rn);
5500 if (wpa_s->radio == NULL)
5501 return -1;
5502
5503 return 0;
5504 }
5505
5506
5507 #ifdef CONFIG_GAS_SERVER
5508
5509 static void wpas_gas_server_tx_status(struct wpa_supplicant *wpa_s,
5510 unsigned int freq, const u8 *dst,
5511 const u8 *src, const u8 *bssid,
5512 const u8 *data, size_t data_len,
5513 enum offchannel_send_action_result result)
5514 {
5515 wpa_printf(MSG_DEBUG, "GAS: TX status: freq=%u dst=" MACSTR
5516 " result=%s",
5517 freq, MAC2STR(dst),
5518 result == OFFCHANNEL_SEND_ACTION_SUCCESS ? "SUCCESS" :
5519 (result == OFFCHANNEL_SEND_ACTION_NO_ACK ? "no-ACK" :
5520 "FAILED"));
5521 gas_server_tx_status(wpa_s->gas_server, dst, data, data_len,
5522 result == OFFCHANNEL_SEND_ACTION_SUCCESS);
5523 }
5524
5525
5526 static void wpas_gas_server_tx(void *ctx, int freq, const u8 *da,
5527 struct wpabuf *buf, unsigned int wait_time)
5528 {
5529 struct wpa_supplicant *wpa_s = ctx;
5530 const u8 broadcast[ETH_ALEN] = { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff };
5531
5532 if (wait_time > wpa_s->max_remain_on_chan)
5533 wait_time = wpa_s->max_remain_on_chan;
5534
5535 offchannel_send_action(wpa_s, freq, da, wpa_s->own_addr, broadcast,
5536 wpabuf_head(buf), wpabuf_len(buf),
5537 wait_time, wpas_gas_server_tx_status, 0);
5538 }
5539
5540 #endif /* CONFIG_GAS_SERVER */
5541
5542 static int wpa_supplicant_init_iface(struct wpa_supplicant *wpa_s,
5543 const struct wpa_interface *iface)
5544 {
5545 struct wpa_driver_capa capa;
5546 int capa_res;
5547 u8 dfs_domain;
5548
5549 wpa_printf(MSG_DEBUG, "Initializing interface '%s' conf '%s' driver "
5550 "'%s' ctrl_interface '%s' bridge '%s'", iface->ifname,
5551 iface->confname ? iface->confname : "N/A",
5552 iface->driver ? iface->driver : "default",
5553 iface->ctrl_interface ? iface->ctrl_interface : "N/A",
5554 iface->bridge_ifname ? iface->bridge_ifname : "N/A");
5555
5556 if (iface->confname) {
5557 #ifdef CONFIG_BACKEND_FILE
5558 wpa_s->confname = os_rel2abs_path(iface->confname);
5559 if (wpa_s->confname == NULL) {
5560 wpa_printf(MSG_ERROR, "Failed to get absolute path "
5561 "for configuration file '%s'.",
5562 iface->confname);
5563 return -1;
5564 }
5565 wpa_printf(MSG_DEBUG, "Configuration file '%s' -> '%s'",
5566 iface->confname, wpa_s->confname);
5567 #else /* CONFIG_BACKEND_FILE */
5568 wpa_s->confname = os_strdup(iface->confname);
5569 #endif /* CONFIG_BACKEND_FILE */
5570 wpa_s->conf = wpa_config_read(wpa_s->confname, NULL);
5571 if (wpa_s->conf == NULL) {
5572 wpa_printf(MSG_ERROR, "Failed to read or parse "
5573 "configuration '%s'.", wpa_s->confname);
5574 return -1;
5575 }
5576 wpa_s->confanother = os_rel2abs_path(iface->confanother);
5577 if (wpa_s->confanother &&
5578 !wpa_config_read(wpa_s->confanother, wpa_s->conf)) {
5579 wpa_printf(MSG_ERROR,
5580 "Failed to read or parse configuration '%s'.",
5581 wpa_s->confanother);
5582 return -1;
5583 }
5584
5585 /*
5586 * Override ctrl_interface and driver_param if set on command
5587 * line.
5588 */
5589 if (iface->ctrl_interface) {
5590 os_free(wpa_s->conf->ctrl_interface);
5591 wpa_s->conf->ctrl_interface =
5592 os_strdup(iface->ctrl_interface);
5593 }
5594
5595 if (iface->driver_param) {
5596 os_free(wpa_s->conf->driver_param);
5597 wpa_s->conf->driver_param =
5598 os_strdup(iface->driver_param);
5599 }
5600
5601 if (iface->p2p_mgmt && !iface->ctrl_interface) {
5602 os_free(wpa_s->conf->ctrl_interface);
5603 wpa_s->conf->ctrl_interface = NULL;
5604 }
5605 } else
5606 wpa_s->conf = wpa_config_alloc_empty(iface->ctrl_interface,
5607 iface->driver_param);
5608
5609 if (wpa_s->conf == NULL) {
5610 wpa_printf(MSG_ERROR, "\nNo configuration found.");
5611 return -1;
5612 }
5613
5614 if (iface->ifname == NULL) {
5615 wpa_printf(MSG_ERROR, "\nInterface name is required.");
5616 return -1;
5617 }
5618 if (os_strlen(iface->ifname) >= sizeof(wpa_s->ifname)) {
5619 wpa_printf(MSG_ERROR, "\nToo long interface name '%s'.",
5620 iface->ifname);
5621 return -1;
5622 }
5623 os_strlcpy(wpa_s->ifname, iface->ifname, sizeof(wpa_s->ifname));
5624
5625 if (iface->bridge_ifname) {
5626 if (os_strlen(iface->bridge_ifname) >=
5627 sizeof(wpa_s->bridge_ifname)) {
5628 wpa_printf(MSG_ERROR, "\nToo long bridge interface "
5629 "name '%s'.", iface->bridge_ifname);
5630 return -1;
5631 }
5632 os_strlcpy(wpa_s->bridge_ifname, iface->bridge_ifname,
5633 sizeof(wpa_s->bridge_ifname));
5634 }
5635
5636 /* RSNA Supplicant Key Management - INITIALIZE */
5637 eapol_sm_notify_portEnabled(wpa_s->eapol, FALSE);
5638 eapol_sm_notify_portValid(wpa_s->eapol, FALSE);
5639
5640 /* Initialize driver interface and register driver event handler before
5641 * L2 receive handler so that association events are processed before
5642 * EAPOL-Key packets if both become available for the same select()
5643 * call. */
5644 if (wpas_init_driver(wpa_s, iface) < 0)
5645 return -1;
5646
5647 if (wpa_supplicant_init_wpa(wpa_s) < 0)
5648 return -1;
5649
5650 wpa_sm_set_ifname(wpa_s->wpa, wpa_s->ifname,
5651 wpa_s->bridge_ifname[0] ? wpa_s->bridge_ifname :
5652 NULL);
5653 wpa_sm_set_fast_reauth(wpa_s->wpa, wpa_s->conf->fast_reauth);
5654
5655 if (wpa_s->conf->dot11RSNAConfigPMKLifetime &&
5656 wpa_sm_set_param(wpa_s->wpa, RSNA_PMK_LIFETIME,
5657 wpa_s->conf->dot11RSNAConfigPMKLifetime)) {
5658 wpa_msg(wpa_s, MSG_ERROR, "Invalid WPA parameter value for "
5659 "dot11RSNAConfigPMKLifetime");
5660 return -1;
5661 }
5662
5663 if (wpa_s->conf->dot11RSNAConfigPMKReauthThreshold &&
5664 wpa_sm_set_param(wpa_s->wpa, RSNA_PMK_REAUTH_THRESHOLD,
5665 wpa_s->conf->dot11RSNAConfigPMKReauthThreshold)) {
5666 wpa_msg(wpa_s, MSG_ERROR, "Invalid WPA parameter value for "
5667 "dot11RSNAConfigPMKReauthThreshold");
5668 return -1;
5669 }
5670
5671 if (wpa_s->conf->dot11RSNAConfigSATimeout &&
5672 wpa_sm_set_param(wpa_s->wpa, RSNA_SA_TIMEOUT,
5673 wpa_s->conf->dot11RSNAConfigSATimeout)) {
5674 wpa_msg(wpa_s, MSG_ERROR, "Invalid WPA parameter value for "
5675 "dot11RSNAConfigSATimeout");
5676 return -1;
5677 }
5678
5679 wpa_s->hw.modes = wpa_drv_get_hw_feature_data(wpa_s,
5680 &wpa_s->hw.num_modes,
5681 &wpa_s->hw.flags,
5682 &dfs_domain);
5683 if (wpa_s->hw.modes) {
5684 u16 i;
5685
5686 for (i = 0; i < wpa_s->hw.num_modes; i++) {
5687 if (wpa_s->hw.modes[i].vht_capab) {
5688 wpa_s->hw_capab = CAPAB_VHT;
5689 break;
5690 }
5691
5692 if (wpa_s->hw.modes[i].ht_capab &
5693 HT_CAP_INFO_SUPP_CHANNEL_WIDTH_SET)
5694 wpa_s->hw_capab = CAPAB_HT40;
5695 else if (wpa_s->hw.modes[i].ht_capab &&
5696 wpa_s->hw_capab == CAPAB_NO_HT_VHT)
5697 wpa_s->hw_capab = CAPAB_HT;
5698 }
5699 }
5700
5701 capa_res = wpa_drv_get_capa(wpa_s, &capa);
5702 if (capa_res == 0) {
5703 wpa_s->drv_capa_known = 1;
5704 wpa_s->drv_flags = capa.flags;
5705 wpa_s->drv_enc = capa.enc;
5706 wpa_s->drv_smps_modes = capa.smps_modes;
5707 wpa_s->drv_rrm_flags = capa.rrm_flags;
5708 wpa_s->probe_resp_offloads = capa.probe_resp_offloads;
5709 wpa_s->max_scan_ssids = capa.max_scan_ssids;
5710 wpa_s->max_sched_scan_ssids = capa.max_sched_scan_ssids;
5711 wpa_s->max_sched_scan_plans = capa.max_sched_scan_plans;
5712 wpa_s->max_sched_scan_plan_interval =
5713 capa.max_sched_scan_plan_interval;
5714 wpa_s->max_sched_scan_plan_iterations =
5715 capa.max_sched_scan_plan_iterations;
5716 wpa_s->sched_scan_supported = capa.sched_scan_supported;
5717 wpa_s->max_match_sets = capa.max_match_sets;
5718 wpa_s->max_remain_on_chan = capa.max_remain_on_chan;
5719 wpa_s->max_stations = capa.max_stations;
5720 wpa_s->extended_capa = capa.extended_capa;
5721 wpa_s->extended_capa_mask = capa.extended_capa_mask;
5722 wpa_s->extended_capa_len = capa.extended_capa_len;
5723 wpa_s->num_multichan_concurrent =
5724 capa.num_multichan_concurrent;
5725 wpa_s->wmm_ac_supported = capa.wmm_ac_supported;
5726
5727 if (capa.mac_addr_rand_scan_supported)
5728 wpa_s->mac_addr_rand_supported |= MAC_ADDR_RAND_SCAN;
5729 if (wpa_s->sched_scan_supported &&
5730 capa.mac_addr_rand_sched_scan_supported)
5731 wpa_s->mac_addr_rand_supported |=
5732 (MAC_ADDR_RAND_SCHED_SCAN | MAC_ADDR_RAND_PNO);
5733
5734 wpa_drv_get_ext_capa(wpa_s, WPA_IF_STATION);
5735 if (wpa_s->extended_capa &&
5736 wpa_s->extended_capa_len >= 3 &&
5737 wpa_s->extended_capa[2] & 0x40)
5738 wpa_s->multi_bss_support = 1;
5739 }
5740 if (wpa_s->max_remain_on_chan == 0)
5741 wpa_s->max_remain_on_chan = 1000;
5742
5743 /*
5744 * Only take p2p_mgmt parameters when P2P Device is supported.
5745 * Doing it here as it determines whether l2_packet_init() will be done
5746 * during wpa_supplicant_driver_init().
5747 */
5748 if (wpa_s->drv_flags & WPA_DRIVER_FLAGS_DEDICATED_P2P_DEVICE)
5749 wpa_s->p2p_mgmt = iface->p2p_mgmt;
5750
5751 if (wpa_s->num_multichan_concurrent == 0)
5752 wpa_s->num_multichan_concurrent = 1;
5753
5754 if (wpa_supplicant_driver_init(wpa_s) < 0)
5755 return -1;
5756
5757 #ifdef CONFIG_TDLS
5758 if (!iface->p2p_mgmt && wpa_tdls_init(wpa_s->wpa))
5759 return -1;
5760 #endif /* CONFIG_TDLS */
5761
5762 if (wpa_s->conf->country[0] && wpa_s->conf->country[1] &&
5763 wpa_drv_set_country(wpa_s, wpa_s->conf->country)) {
5764 wpa_dbg(wpa_s, MSG_DEBUG, "Failed to set country");
5765 return -1;
5766 }
5767
5768 #ifdef CONFIG_FST
5769 if (wpa_s->conf->fst_group_id) {
5770 struct fst_iface_cfg cfg;
5771 struct fst_wpa_obj iface_obj;
5772
5773 fst_wpa_supplicant_fill_iface_obj(wpa_s, &iface_obj);
5774 os_strlcpy(cfg.group_id, wpa_s->conf->fst_group_id,
5775 sizeof(cfg.group_id));
5776 cfg.priority = wpa_s->conf->fst_priority;
5777 cfg.llt = wpa_s->conf->fst_llt;
5778
5779 wpa_s->fst = fst_attach(wpa_s->ifname, wpa_s->own_addr,
5780 &iface_obj, &cfg);
5781 if (!wpa_s->fst) {
5782 wpa_msg(wpa_s, MSG_ERROR,
5783 "FST: Cannot attach iface %s to group %s",
5784 wpa_s->ifname, cfg.group_id);
5785 return -1;
5786 }
5787 }
5788 #endif /* CONFIG_FST */
5789
5790 if (wpas_wps_init(wpa_s))
5791 return -1;
5792
5793 #ifdef CONFIG_GAS_SERVER
5794 wpa_s->gas_server = gas_server_init(wpa_s, wpas_gas_server_tx);
5795 if (!wpa_s->gas_server) {
5796 wpa_printf(MSG_ERROR, "Failed to initialize GAS server");
5797 return -1;
5798 }
5799 #endif /* CONFIG_GAS_SERVER */
5800
5801 #ifdef CONFIG_DPP
5802 if (wpas_dpp_init(wpa_s) < 0)
5803 return -1;
5804 #endif /* CONFIG_DPP */
5805
5806 if (wpa_supplicant_init_eapol(wpa_s) < 0)
5807 return -1;
5808 wpa_sm_set_eapol(wpa_s->wpa, wpa_s->eapol);
5809
5810 wpa_s->ctrl_iface = wpa_supplicant_ctrl_iface_init(wpa_s);
5811 if (wpa_s->ctrl_iface == NULL) {
5812 wpa_printf(MSG_ERROR,
5813 "Failed to initialize control interface '%s'.\n"
5814 "You may have another wpa_supplicant process "
5815 "already running or the file was\n"
5816 "left by an unclean termination of wpa_supplicant "
5817 "in which case you will need\n"
5818 "to manually remove this file before starting "
5819 "wpa_supplicant again.\n",
5820 wpa_s->conf->ctrl_interface);
5821 return -1;
5822 }
5823
5824 wpa_s->gas = gas_query_init(wpa_s);
5825 if (wpa_s->gas == NULL) {
5826 wpa_printf(MSG_ERROR, "Failed to initialize GAS query");
5827 return -1;
5828 }
5829
5830 if ((!(wpa_s->drv_flags & WPA_DRIVER_FLAGS_DEDICATED_P2P_DEVICE) ||
5831 wpa_s->p2p_mgmt) &&
5832 wpas_p2p_init(wpa_s->global, wpa_s) < 0) {
5833 wpa_msg(wpa_s, MSG_ERROR, "Failed to init P2P");
5834 return -1;
5835 }
5836
5837 if (wpa_bss_init(wpa_s) < 0)
5838 return -1;
5839
5840 #ifdef CONFIG_PMKSA_CACHE_EXTERNAL
5841 #ifdef CONFIG_MESH
5842 dl_list_init(&wpa_s->mesh_external_pmksa_cache);
5843 #endif /* CONFIG_MESH */
5844 #endif /* CONFIG_PMKSA_CACHE_EXTERNAL */
5845
5846 /*
5847 * Set Wake-on-WLAN triggers, if configured.
5848 * Note: We don't restore/remove the triggers on shutdown (it doesn't
5849 * have effect anyway when the interface is down).
5850 */
5851 if (capa_res == 0 && wpas_set_wowlan_triggers(wpa_s, &capa) < 0)
5852 return -1;
5853
5854 #ifdef CONFIG_EAP_PROXY
5855 {
5856 size_t len;
5857 wpa_s->mnc_len = eapol_sm_get_eap_proxy_imsi(wpa_s->eapol, -1,
5858 wpa_s->imsi, &len);
5859 if (wpa_s->mnc_len > 0) {
5860 wpa_s->imsi[len] = '\0';
5861 wpa_printf(MSG_DEBUG, "eap_proxy: IMSI %s (MNC length %d)",
5862 wpa_s->imsi, wpa_s->mnc_len);
5863 } else {
5864 wpa_printf(MSG_DEBUG, "eap_proxy: IMSI not available");
5865 }
5866 }
5867 #endif /* CONFIG_EAP_PROXY */
5868
5869 if (pcsc_reader_init(wpa_s) < 0)
5870 return -1;
5871
5872 if (wpas_init_ext_pw(wpa_s) < 0)
5873 return -1;
5874
5875 wpas_rrm_reset(wpa_s);
5876
5877 wpas_sched_scan_plans_set(wpa_s, wpa_s->conf->sched_scan_plans);
5878
5879 #ifdef CONFIG_HS20
5880 hs20_init(wpa_s);
5881 #endif /* CONFIG_HS20 */
5882 #ifdef CONFIG_MBO
5883 if (wpa_s->conf->oce) {
5884 if ((wpa_s->conf->oce & OCE_STA) &&
5885 (wpa_s->drv_flags & WPA_DRIVER_FLAGS_OCE_STA))
5886 wpa_s->enable_oce = OCE_STA;
5887 if ((wpa_s->conf->oce & OCE_STA_CFON) &&
5888 (wpa_s->drv_flags & WPA_DRIVER_FLAGS_OCE_STA_CFON)) {
5889 /* TODO: Need to add STA-CFON support */
5890 wpa_printf(MSG_ERROR,
5891 "OCE STA-CFON feature is not yet supported");
5892 }
5893 }
5894 wpas_mbo_update_non_pref_chan(wpa_s, wpa_s->conf->non_pref_chan);
5895 #endif /* CONFIG_MBO */
5896
5897 wpa_supplicant_set_default_scan_ies(wpa_s);
5898
5899 return 0;
5900 }
5901
5902
5903 static void wpa_supplicant_deinit_iface(struct wpa_supplicant *wpa_s,
5904 int notify, int terminate)
5905 {
5906 struct wpa_global *global = wpa_s->global;
5907 struct wpa_supplicant *iface, *prev;
5908
5909 if (wpa_s == wpa_s->parent)
5910 wpas_p2p_group_remove(wpa_s, "*");
5911
5912 iface = global->ifaces;
5913 while (iface) {
5914 if (iface->p2pdev == wpa_s)
5915 iface->p2pdev = iface->parent;
5916 if (iface == wpa_s || iface->parent != wpa_s) {
5917 iface = iface->next;
5918 continue;
5919 }
5920 wpa_printf(MSG_DEBUG,
5921 "Remove remaining child interface %s from parent %s",
5922 iface->ifname, wpa_s->ifname);
5923 prev = iface;
5924 iface = iface->next;
5925 wpa_supplicant_remove_iface(global, prev, terminate);
5926 }
5927
5928 wpa_s->disconnected = 1;
5929 if (wpa_s->drv_priv) {
5930 wpa_supplicant_deauthenticate(wpa_s,
5931 WLAN_REASON_DEAUTH_LEAVING);
5932
5933 wpa_drv_set_countermeasures(wpa_s, 0);
5934 wpa_clear_keys(wpa_s, NULL);
5935 }
5936
5937 wpa_supplicant_cleanup(wpa_s);
5938 wpas_p2p_deinit_iface(wpa_s);
5939
5940 wpas_ctrl_radio_work_flush(wpa_s);
5941 radio_remove_interface(wpa_s);
5942
5943 #ifdef CONFIG_FST
5944 if (wpa_s->fst) {
5945 fst_detach(wpa_s->fst);
5946 wpa_s->fst = NULL;
5947 }
5948 if (wpa_s->received_mb_ies) {
5949 wpabuf_free(wpa_s->received_mb_ies);
5950 wpa_s->received_mb_ies = NULL;
5951 }
5952 #endif /* CONFIG_FST */
5953
5954 if (wpa_s->drv_priv)
5955 wpa_drv_deinit(wpa_s);
5956
5957 if (notify)
5958 wpas_notify_iface_removed(wpa_s);
5959
5960 if (terminate)
5961 wpa_msg(wpa_s, MSG_INFO, WPA_EVENT_TERMINATING);
5962
5963 if (wpa_s->ctrl_iface) {
5964 wpa_supplicant_ctrl_iface_deinit(wpa_s->ctrl_iface);
5965 wpa_s->ctrl_iface = NULL;
5966 }
5967
5968 #ifdef CONFIG_MESH
5969 if (wpa_s->ifmsh) {
5970 wpa_supplicant_mesh_iface_deinit(wpa_s, wpa_s->ifmsh);
5971 wpa_s->ifmsh = NULL;
5972 }
5973 #endif /* CONFIG_MESH */
5974
5975 if (wpa_s->conf != NULL) {
5976 wpa_config_free(wpa_s->conf);
5977 wpa_s->conf = NULL;
5978 }
5979
5980 os_free(wpa_s->ssids_from_scan_req);
5981
5982 os_free(wpa_s);
5983 }
5984
5985
5986 #ifdef CONFIG_MATCH_IFACE
5987
5988 /**
5989 * wpa_supplicant_match_iface - Match an interface description to a name
5990 * @global: Pointer to global data from wpa_supplicant_init()
5991 * @ifname: Name of the interface to match
5992 * Returns: Pointer to the created interface description or %NULL on failure
5993 */
5994 struct wpa_interface * wpa_supplicant_match_iface(struct wpa_global *global,
5995 const char *ifname)
5996 {
5997 int i;
5998 struct wpa_interface *iface, *miface;
5999
6000 for (i = 0; i < global->params.match_iface_count; i++) {
6001 miface = &global->params.match_ifaces[i];
6002 if (!miface->ifname ||
6003 fnmatch(miface->ifname, ifname, 0) == 0) {
6004 iface = os_zalloc(sizeof(*iface));
6005 if (!iface)
6006 return NULL;
6007 *iface = *miface;
6008 iface->ifname = ifname;
6009 return iface;
6010 }
6011 }
6012
6013 return NULL;
6014 }
6015
6016
6017 /**
6018 * wpa_supplicant_match_existing - Match existing interfaces
6019 * @global: Pointer to global data from wpa_supplicant_init()
6020 * Returns: 0 on success, -1 on failure
6021 */
6022 static int wpa_supplicant_match_existing(struct wpa_global *global)
6023 {
6024 struct if_nameindex *ifi, *ifp;
6025 struct wpa_supplicant *wpa_s;
6026 struct wpa_interface *iface;
6027
6028 ifp = if_nameindex();
6029 if (!ifp) {
6030 wpa_printf(MSG_ERROR, "if_nameindex: %s", strerror(errno));
6031 return -1;
6032 }
6033
6034 for (ifi = ifp; ifi->if_name; ifi++) {
6035 wpa_s = wpa_supplicant_get_iface(global, ifi->if_name);
6036 if (wpa_s)
6037 continue;
6038 iface = wpa_supplicant_match_iface(global, ifi->if_name);
6039 if (iface) {
6040 wpa_s = wpa_supplicant_add_iface(global, iface, NULL);
6041 os_free(iface);
6042 if (wpa_s)
6043 wpa_s->matched = 1;
6044 }
6045 }
6046
6047 if_freenameindex(ifp);
6048 return 0;
6049 }
6050
6051 #endif /* CONFIG_MATCH_IFACE */
6052
6053
6054 /**
6055 * wpa_supplicant_add_iface - Add a new network interface
6056 * @global: Pointer to global data from wpa_supplicant_init()
6057 * @iface: Interface configuration options
6058 * @parent: Parent interface or %NULL to assign new interface as parent
6059 * Returns: Pointer to the created interface or %NULL on failure
6060 *
6061 * This function is used to add new network interfaces for %wpa_supplicant.
6062 * This can be called before wpa_supplicant_run() to add interfaces before the
6063 * main event loop has been started. In addition, new interfaces can be added
6064 * dynamically while %wpa_supplicant is already running. This could happen,
6065 * e.g., when a hotplug network adapter is inserted.
6066 */
6067 struct wpa_supplicant * wpa_supplicant_add_iface(struct wpa_global *global,
6068 struct wpa_interface *iface,
6069 struct wpa_supplicant *parent)
6070 {
6071 struct wpa_supplicant *wpa_s;
6072 struct wpa_interface t_iface;
6073 struct wpa_ssid *ssid;
6074
6075 if (global == NULL || iface == NULL)
6076 return NULL;
6077
6078 wpa_s = wpa_supplicant_alloc(parent);
6079 if (wpa_s == NULL)
6080 return NULL;
6081
6082 wpa_s->global = global;
6083
6084 t_iface = *iface;
6085 if (global->params.override_driver) {
6086 wpa_printf(MSG_DEBUG, "Override interface parameter: driver "
6087 "('%s' -> '%s')",
6088 iface->driver, global->params.override_driver);
6089 t_iface.driver = global->params.override_driver;
6090 }
6091 if (global->params.override_ctrl_interface) {
6092 wpa_printf(MSG_DEBUG, "Override interface parameter: "
6093 "ctrl_interface ('%s' -> '%s')",
6094 iface->ctrl_interface,
6095 global->params.override_ctrl_interface);
6096 t_iface.ctrl_interface =
6097 global->params.override_ctrl_interface;
6098 }
6099 if (wpa_supplicant_init_iface(wpa_s, &t_iface)) {
6100 wpa_printf(MSG_DEBUG, "Failed to add interface %s",
6101 iface->ifname);
6102 wpa_supplicant_deinit_iface(wpa_s, 0, 0);
6103 return NULL;
6104 }
6105
6106 if (iface->p2p_mgmt == 0) {
6107 /* Notify the control interfaces about new iface */
6108 if (wpas_notify_iface_added(wpa_s)) {
6109 wpa_supplicant_deinit_iface(wpa_s, 1, 0);
6110 return NULL;
6111 }
6112
6113 for (ssid = wpa_s->conf->ssid; ssid; ssid = ssid->next)
6114 wpas_notify_network_added(wpa_s, ssid);
6115 }
6116
6117 wpa_s->next = global->ifaces;
6118 global->ifaces = wpa_s;
6119
6120 wpa_dbg(wpa_s, MSG_DEBUG, "Added interface %s", wpa_s->ifname);
6121 wpa_supplicant_set_state(wpa_s, WPA_DISCONNECTED);
6122
6123 #ifdef CONFIG_P2P
6124 if (wpa_s->global->p2p == NULL &&
6125 !wpa_s->global->p2p_disabled && !wpa_s->conf->p2p_disabled &&
6126 (wpa_s->drv_flags & WPA_DRIVER_FLAGS_DEDICATED_P2P_DEVICE) &&
6127 wpas_p2p_add_p2pdev_interface(
6128 wpa_s, wpa_s->global->params.conf_p2p_dev) < 0) {
6129 wpa_printf(MSG_INFO,
6130 "P2P: Failed to enable P2P Device interface");
6131 /* Try to continue without. P2P will be disabled. */
6132 }
6133 #endif /* CONFIG_P2P */
6134
6135 return wpa_s;
6136 }
6137
6138
6139 /**
6140 * wpa_supplicant_remove_iface - Remove a network interface
6141 * @global: Pointer to global data from wpa_supplicant_init()
6142 * @wpa_s: Pointer to the network interface to be removed
6143 * Returns: 0 if interface was removed, -1 if interface was not found
6144 *
6145 * This function can be used to dynamically remove network interfaces from
6146 * %wpa_supplicant, e.g., when a hotplug network adapter is ejected. In
6147 * addition, this function is used to remove all remaining interfaces when
6148 * %wpa_supplicant is terminated.
6149 */
6150 int wpa_supplicant_remove_iface(struct wpa_global *global,
6151 struct wpa_supplicant *wpa_s,
6152 int terminate)
6153 {
6154 struct wpa_supplicant *prev;
6155 #ifdef CONFIG_MESH
6156 unsigned int mesh_if_created = wpa_s->mesh_if_created;
6157 char *ifname = NULL;
6158 struct wpa_supplicant *parent = wpa_s->parent;
6159 #endif /* CONFIG_MESH */
6160
6161 /* Remove interface from the global list of interfaces */
6162 prev = global->ifaces;
6163 if (prev == wpa_s) {
6164 global->ifaces = wpa_s->next;
6165 } else {
6166 while (prev && prev->next != wpa_s)
6167 prev = prev->next;
6168 if (prev == NULL)
6169 return -1;
6170 prev->next = wpa_s->next;
6171 }
6172
6173 wpa_dbg(wpa_s, MSG_DEBUG, "Removing interface %s", wpa_s->ifname);
6174
6175 #ifdef CONFIG_MESH
6176 if (mesh_if_created) {
6177 ifname = os_strdup(wpa_s->ifname);
6178 if (ifname == NULL) {
6179 wpa_dbg(wpa_s, MSG_ERROR,
6180 "mesh: Failed to malloc ifname");
6181 return -1;
6182 }
6183 }
6184 #endif /* CONFIG_MESH */
6185
6186 if (global->p2p_group_formation == wpa_s)
6187 global->p2p_group_formation = NULL;
6188 if (global->p2p_invite_group == wpa_s)
6189 global->p2p_invite_group = NULL;
6190 wpa_supplicant_deinit_iface(wpa_s, 1, terminate);
6191
6192 #ifdef CONFIG_MESH
6193 if (mesh_if_created) {
6194 wpa_drv_if_remove(parent, WPA_IF_MESH, ifname);
6195 os_free(ifname);
6196 }
6197 #endif /* CONFIG_MESH */
6198
6199 return 0;
6200 }
6201
6202
6203 /**
6204 * wpa_supplicant_get_eap_mode - Get the current EAP mode
6205 * @wpa_s: Pointer to the network interface
6206 * Returns: Pointer to the eap mode or the string "UNKNOWN" if not found
6207 */
6208 const char * wpa_supplicant_get_eap_mode(struct wpa_supplicant *wpa_s)
6209 {
6210 const char *eapol_method;
6211
6212 if (wpa_key_mgmt_wpa_ieee8021x(wpa_s->key_mgmt) == 0 &&
6213 wpa_s->key_mgmt != WPA_KEY_MGMT_IEEE8021X_NO_WPA) {
6214 return "NO-EAP";
6215 }
6216
6217 eapol_method = eapol_sm_get_method_name(wpa_s->eapol);
6218 if (eapol_method == NULL)
6219 return "UNKNOWN-EAP";
6220
6221 return eapol_method;
6222 }
6223
6224
6225 /**
6226 * wpa_supplicant_get_iface - Get a new network interface
6227 * @global: Pointer to global data from wpa_supplicant_init()
6228 * @ifname: Interface name
6229 * Returns: Pointer to the interface or %NULL if not found
6230 */
6231 struct wpa_supplicant * wpa_supplicant_get_iface(struct wpa_global *global,
6232 const char *ifname)
6233 {
6234 struct wpa_supplicant *wpa_s;
6235
6236 for (wpa_s = global->ifaces; wpa_s; wpa_s = wpa_s->next) {
6237 if (os_strcmp(wpa_s->ifname, ifname) == 0)
6238 return wpa_s;
6239 }
6240 return NULL;
6241 }
6242
6243
6244 #ifndef CONFIG_NO_WPA_MSG
6245 static const char * wpa_supplicant_msg_ifname_cb(void *ctx)
6246 {
6247 struct wpa_supplicant *wpa_s = ctx;
6248 if (wpa_s == NULL)
6249 return NULL;
6250 return wpa_s->ifname;
6251 }
6252 #endif /* CONFIG_NO_WPA_MSG */
6253
6254
6255 #ifndef WPA_SUPPLICANT_CLEANUP_INTERVAL
6256 #define WPA_SUPPLICANT_CLEANUP_INTERVAL 10
6257 #endif /* WPA_SUPPLICANT_CLEANUP_INTERVAL */
6258
6259 /* Periodic cleanup tasks */
6260 static void wpas_periodic(void *eloop_ctx, void *timeout_ctx)
6261 {
6262 struct wpa_global *global = eloop_ctx;
6263 struct wpa_supplicant *wpa_s;
6264
6265 eloop_register_timeout(WPA_SUPPLICANT_CLEANUP_INTERVAL, 0,
6266 wpas_periodic, global, NULL);
6267
6268 #ifdef CONFIG_P2P
6269 if (global->p2p)
6270 p2p_expire_peers(global->p2p);
6271 #endif /* CONFIG_P2P */
6272
6273 for (wpa_s = global->ifaces; wpa_s; wpa_s = wpa_s->next) {
6274 wpa_bss_flush_by_age(wpa_s, wpa_s->conf->bss_expiration_age);
6275 #ifdef CONFIG_AP
6276 ap_periodic(wpa_s);
6277 #endif /* CONFIG_AP */
6278 }
6279 }
6280
6281
6282 /**
6283 * wpa_supplicant_init - Initialize %wpa_supplicant
6284 * @params: Parameters for %wpa_supplicant
6285 * Returns: Pointer to global %wpa_supplicant data, or %NULL on failure
6286 *
6287 * This function is used to initialize %wpa_supplicant. After successful
6288 * initialization, the returned data pointer can be used to add and remove
6289 * network interfaces, and eventually, to deinitialize %wpa_supplicant.
6290 */
6291 struct wpa_global * wpa_supplicant_init(struct wpa_params *params)
6292 {
6293 struct wpa_global *global;
6294 int ret, i;
6295
6296 if (params == NULL)
6297 return NULL;
6298
6299 #ifdef CONFIG_DRIVER_NDIS
6300 {
6301 void driver_ndis_init_ops(void);
6302 driver_ndis_init_ops();
6303 }
6304 #endif /* CONFIG_DRIVER_NDIS */
6305
6306 #ifndef CONFIG_NO_WPA_MSG
6307 wpa_msg_register_ifname_cb(wpa_supplicant_msg_ifname_cb);
6308 #endif /* CONFIG_NO_WPA_MSG */
6309
6310 if (params->wpa_debug_file_path)
6311 wpa_debug_open_file(params->wpa_debug_file_path);
6312 else
6313 wpa_debug_setup_stdout();
6314 if (params->wpa_debug_syslog)
6315 wpa_debug_open_syslog();
6316 if (params->wpa_debug_tracing) {
6317 ret = wpa_debug_open_linux_tracing();
6318 if (ret) {
6319 wpa_printf(MSG_ERROR,
6320 "Failed to enable trace logging");
6321 return NULL;
6322 }
6323 }
6324
6325 ret = eap_register_methods();
6326 if (ret) {
6327 wpa_printf(MSG_ERROR, "Failed to register EAP methods");
6328 if (ret == -2)
6329 wpa_printf(MSG_ERROR, "Two or more EAP methods used "
6330 "the same EAP type.");
6331 return NULL;
6332 }
6333
6334 global = os_zalloc(sizeof(*global));
6335 if (global == NULL)
6336 return NULL;
6337 dl_list_init(&global->p2p_srv_bonjour);
6338 dl_list_init(&global->p2p_srv_upnp);
6339 global->params.daemonize = params->daemonize;
6340 global->params.wait_for_monitor = params->wait_for_monitor;
6341 global->params.dbus_ctrl_interface = params->dbus_ctrl_interface;
6342 if (params->pid_file)
6343 global->params.pid_file = os_strdup(params->pid_file);
6344 if (params->ctrl_interface)
6345 global->params.ctrl_interface =
6346 os_strdup(params->ctrl_interface);
6347 if (params->ctrl_interface_group)
6348 global->params.ctrl_interface_group =
6349 os_strdup(params->ctrl_interface_group);
6350 if (params->override_driver)
6351 global->params.override_driver =
6352 os_strdup(params->override_driver);
6353 if (params->override_ctrl_interface)
6354 global->params.override_ctrl_interface =
6355 os_strdup(params->override_ctrl_interface);
6356 #ifdef CONFIG_MATCH_IFACE
6357 global->params.match_iface_count = params->match_iface_count;
6358 if (params->match_iface_count) {
6359 global->params.match_ifaces =
6360 os_calloc(params->match_iface_count,
6361 sizeof(struct wpa_interface));
6362 os_memcpy(global->params.match_ifaces,
6363 params->match_ifaces,
6364 params->match_iface_count *
6365 sizeof(struct wpa_interface));
6366 }
6367 #endif /* CONFIG_MATCH_IFACE */
6368 #ifdef CONFIG_P2P
6369 if (params->conf_p2p_dev)
6370 global->params.conf_p2p_dev =
6371 os_strdup(params->conf_p2p_dev);
6372 #endif /* CONFIG_P2P */
6373 wpa_debug_level = global->params.wpa_debug_level =
6374 params->wpa_debug_level;
6375 wpa_debug_show_keys = global->params.wpa_debug_show_keys =
6376 params->wpa_debug_show_keys;
6377 wpa_debug_timestamp = global->params.wpa_debug_timestamp =
6378 params->wpa_debug_timestamp;
6379
6380 wpa_printf(MSG_DEBUG, "wpa_supplicant v" VERSION_STR);
6381
6382 if (eloop_init()) {
6383 wpa_printf(MSG_ERROR, "Failed to initialize event loop");
6384 wpa_supplicant_deinit(global);
6385 return NULL;
6386 }
6387
6388 random_init(params->entropy_file);
6389
6390 global->ctrl_iface = wpa_supplicant_global_ctrl_iface_init(global);
6391 if (global->ctrl_iface == NULL) {
6392 wpa_supplicant_deinit(global);
6393 return NULL;
6394 }
6395
6396 if (wpas_notify_supplicant_initialized(global)) {
6397 wpa_supplicant_deinit(global);
6398 return NULL;
6399 }
6400
6401 for (i = 0; wpa_drivers[i]; i++)
6402 global->drv_count++;
6403 if (global->drv_count == 0) {
6404 wpa_printf(MSG_ERROR, "No drivers enabled");
6405 wpa_supplicant_deinit(global);
6406 return NULL;
6407 }
6408 global->drv_priv = os_calloc(global->drv_count, sizeof(void *));
6409 if (global->drv_priv == NULL) {
6410 wpa_supplicant_deinit(global);
6411 return NULL;
6412 }
6413
6414 #ifdef CONFIG_WIFI_DISPLAY
6415 if (wifi_display_init(global) < 0) {
6416 wpa_printf(MSG_ERROR, "Failed to initialize Wi-Fi Display");
6417 wpa_supplicant_deinit(global);
6418 return NULL;
6419 }
6420 #endif /* CONFIG_WIFI_DISPLAY */
6421
6422 eloop_register_timeout(WPA_SUPPLICANT_CLEANUP_INTERVAL, 0,
6423 wpas_periodic, global, NULL);
6424
6425 return global;
6426 }
6427
6428
6429 /**
6430 * wpa_supplicant_run - Run the %wpa_supplicant main event loop
6431 * @global: Pointer to global data from wpa_supplicant_init()
6432 * Returns: 0 after successful event loop run, -1 on failure
6433 *
6434 * This function starts the main event loop and continues running as long as
6435 * there are any remaining events. In most cases, this function is running as
6436 * long as the %wpa_supplicant process in still in use.
6437 */
6438 int wpa_supplicant_run(struct wpa_global *global)
6439 {
6440 struct wpa_supplicant *wpa_s;
6441
6442 if (global->params.daemonize &&
6443 (wpa_supplicant_daemon(global->params.pid_file) ||
6444 eloop_sock_requeue()))
6445 return -1;
6446
6447 #ifdef CONFIG_MATCH_IFACE
6448 if (wpa_supplicant_match_existing(global))
6449 return -1;
6450 #endif
6451
6452 if (global->params.wait_for_monitor) {
6453 for (wpa_s = global->ifaces; wpa_s; wpa_s = wpa_s->next)
6454 if (wpa_s->ctrl_iface && !wpa_s->p2p_mgmt)
6455 wpa_supplicant_ctrl_iface_wait(
6456 wpa_s->ctrl_iface);
6457 }
6458
6459 eloop_register_signal_terminate(wpa_supplicant_terminate, global);
6460 eloop_register_signal_reconfig(wpa_supplicant_reconfig, global);
6461
6462 eloop_run();
6463
6464 return 0;
6465 }
6466
6467
6468 /**
6469 * wpa_supplicant_deinit - Deinitialize %wpa_supplicant
6470 * @global: Pointer to global data from wpa_supplicant_init()
6471 *
6472 * This function is called to deinitialize %wpa_supplicant and to free all
6473 * allocated resources. Remaining network interfaces will also be removed.
6474 */
6475 void wpa_supplicant_deinit(struct wpa_global *global)
6476 {
6477 int i;
6478
6479 if (global == NULL)
6480 return;
6481
6482 eloop_cancel_timeout(wpas_periodic, global, NULL);
6483
6484 #ifdef CONFIG_WIFI_DISPLAY
6485 wifi_display_deinit(global);
6486 #endif /* CONFIG_WIFI_DISPLAY */
6487
6488 while (global->ifaces)
6489 wpa_supplicant_remove_iface(global, global->ifaces, 1);
6490
6491 if (global->ctrl_iface)
6492 wpa_supplicant_global_ctrl_iface_deinit(global->ctrl_iface);
6493
6494 wpas_notify_supplicant_deinitialized(global);
6495
6496 eap_peer_unregister_methods();
6497 #ifdef CONFIG_AP
6498 eap_server_unregister_methods();
6499 #endif /* CONFIG_AP */
6500
6501 for (i = 0; wpa_drivers[i] && global->drv_priv; i++) {
6502 if (!global->drv_priv[i])
6503 continue;
6504 wpa_drivers[i]->global_deinit(global->drv_priv[i]);
6505 }
6506 os_free(global->drv_priv);
6507
6508 random_deinit();
6509
6510 eloop_destroy();
6511
6512 if (global->params.pid_file) {
6513 os_daemonize_terminate(global->params.pid_file);
6514 os_free(global->params.pid_file);
6515 }
6516 os_free(global->params.ctrl_interface);
6517 os_free(global->params.ctrl_interface_group);
6518 os_free(global->params.override_driver);
6519 os_free(global->params.override_ctrl_interface);
6520 #ifdef CONFIG_MATCH_IFACE
6521 os_free(global->params.match_ifaces);
6522 #endif /* CONFIG_MATCH_IFACE */
6523 #ifdef CONFIG_P2P
6524 os_free(global->params.conf_p2p_dev);
6525 #endif /* CONFIG_P2P */
6526
6527 os_free(global->p2p_disallow_freq.range);
6528 os_free(global->p2p_go_avoid_freq.range);
6529 os_free(global->add_psk);
6530
6531 os_free(global);
6532 wpa_debug_close_syslog();
6533 wpa_debug_close_file();
6534 wpa_debug_close_linux_tracing();
6535 }
6536
6537
6538 void wpa_supplicant_update_config(struct wpa_supplicant *wpa_s)
6539 {
6540 if ((wpa_s->conf->changed_parameters & CFG_CHANGED_COUNTRY) &&
6541 wpa_s->conf->country[0] && wpa_s->conf->country[1]) {
6542 char country[3];
6543 country[0] = wpa_s->conf->country[0];
6544 country[1] = wpa_s->conf->country[1];
6545 country[2] = '\0';
6546 if (wpa_drv_set_country(wpa_s, country) < 0) {
6547 wpa_printf(MSG_ERROR, "Failed to set country code "
6548 "'%s'", country);
6549 }
6550 }
6551
6552 if (wpa_s->conf->changed_parameters & CFG_CHANGED_EXT_PW_BACKEND)
6553 wpas_init_ext_pw(wpa_s);
6554
6555 if (wpa_s->conf->changed_parameters & CFG_CHANGED_SCHED_SCAN_PLANS)
6556 wpas_sched_scan_plans_set(wpa_s, wpa_s->conf->sched_scan_plans);
6557
6558 if (wpa_s->conf->changed_parameters & CFG_CHANGED_WOWLAN_TRIGGERS) {
6559 struct wpa_driver_capa capa;
6560 int res = wpa_drv_get_capa(wpa_s, &capa);
6561
6562 if (res == 0 && wpas_set_wowlan_triggers(wpa_s, &capa) < 0)
6563 wpa_printf(MSG_ERROR,
6564 "Failed to update wowlan_triggers to '%s'",
6565 wpa_s->conf->wowlan_triggers);
6566 }
6567
6568 #ifdef CONFIG_WPS
6569 wpas_wps_update_config(wpa_s);
6570 #endif /* CONFIG_WPS */
6571 wpas_p2p_update_config(wpa_s);
6572 wpa_s->conf->changed_parameters = 0;
6573 }
6574
6575
6576 void add_freq(int *freqs, int *num_freqs, int freq)
6577 {
6578 int i;
6579
6580 for (i = 0; i < *num_freqs; i++) {
6581 if (freqs[i] == freq)
6582 return;
6583 }
6584
6585 freqs[*num_freqs] = freq;
6586 (*num_freqs)++;
6587 }
6588
6589
6590 static int * get_bss_freqs_in_ess(struct wpa_supplicant *wpa_s)
6591 {
6592 struct wpa_bss *bss, *cbss;
6593 const int max_freqs = 10;
6594 int *freqs;
6595 int num_freqs = 0;
6596
6597 freqs = os_calloc(max_freqs + 1, sizeof(int));
6598 if (freqs == NULL)
6599 return NULL;
6600
6601 cbss = wpa_s->current_bss;
6602
6603 dl_list_for_each(bss, &wpa_s->bss, struct wpa_bss, list) {
6604 if (bss == cbss)
6605 continue;
6606 if (bss->ssid_len == cbss->ssid_len &&
6607 os_memcmp(bss->ssid, cbss->ssid, bss->ssid_len) == 0 &&
6608 wpa_blacklist_get(wpa_s, bss->bssid) == NULL) {
6609 add_freq(freqs, &num_freqs, bss->freq);
6610 if (num_freqs == max_freqs)
6611 break;
6612 }
6613 }
6614
6615 if (num_freqs == 0) {
6616 os_free(freqs);
6617 freqs = NULL;
6618 }
6619
6620 return freqs;
6621 }
6622
6623
6624 void wpas_connection_failed(struct wpa_supplicant *wpa_s, const u8 *bssid)
6625 {
6626 int timeout;
6627 int count;
6628 int *freqs = NULL;
6629
6630 wpas_connect_work_done(wpa_s);
6631
6632 /*
6633 * Remove possible authentication timeout since the connection failed.
6634 */
6635 eloop_cancel_timeout(wpa_supplicant_timeout, wpa_s, NULL);
6636
6637 /*
6638 * There is no point in blacklisting the AP if this event is
6639 * generated based on local request to disconnect.
6640 */
6641 if (wpa_s->own_disconnect_req) {
6642 wpa_s->own_disconnect_req = 0;
6643 wpa_dbg(wpa_s, MSG_DEBUG,
6644 "Ignore connection failure due to local request to disconnect");
6645 return;
6646 }
6647 if (wpa_s->disconnected) {
6648 wpa_dbg(wpa_s, MSG_DEBUG, "Ignore connection failure "
6649 "indication since interface has been put into "
6650 "disconnected state");
6651 return;
6652 }
6653
6654 /*
6655 * Add the failed BSSID into the blacklist and speed up next scan
6656 * attempt if there could be other APs that could accept association.
6657 * The current blacklist count indicates how many times we have tried
6658 * connecting to this AP and multiple attempts mean that other APs are
6659 * either not available or has already been tried, so that we can start
6660 * increasing the delay here to avoid constant scanning.
6661 */
6662 count = wpa_blacklist_add(wpa_s, bssid);
6663 if (count == 1 && wpa_s->current_bss) {
6664 /*
6665 * This BSS was not in the blacklist before. If there is
6666 * another BSS available for the same ESS, we should try that
6667 * next. Otherwise, we may as well try this one once more
6668 * before allowing other, likely worse, ESSes to be considered.
6669 */
6670 freqs = get_bss_freqs_in_ess(wpa_s);
6671 if (freqs) {
6672 wpa_dbg(wpa_s, MSG_DEBUG, "Another BSS in this ESS "
6673 "has been seen; try it next");
6674 wpa_blacklist_add(wpa_s, bssid);
6675 /*
6676 * On the next scan, go through only the known channels
6677 * used in this ESS based on previous scans to speed up
6678 * common load balancing use case.
6679 */
6680 os_free(wpa_s->next_scan_freqs);
6681 wpa_s->next_scan_freqs = freqs;
6682 }
6683 }
6684
6685 /*
6686 * Add previous failure count in case the temporary blacklist was
6687 * cleared due to no other BSSes being available.
6688 */
6689 count += wpa_s->extra_blacklist_count;
6690
6691 if (count > 3 && wpa_s->current_ssid) {
6692 wpa_printf(MSG_DEBUG, "Continuous association failures - "
6693 "consider temporary network disabling");
6694 wpas_auth_failed(wpa_s, "CONN_FAILED");
6695 }
6696
6697 switch (count) {
6698 case 1:
6699 timeout = 100;
6700 break;
6701 case 2:
6702 timeout = 500;
6703 break;
6704 case 3:
6705 timeout = 1000;
6706 break;
6707 case 4:
6708 timeout = 5000;
6709 break;
6710 default:
6711 timeout = 10000;
6712 break;
6713 }
6714
6715 wpa_dbg(wpa_s, MSG_DEBUG, "Blacklist count %d --> request scan in %d "
6716 "ms", count, timeout);
6717
6718 /*
6719 * TODO: if more than one possible AP is available in scan results,
6720 * could try the other ones before requesting a new scan.
6721 */
6722 wpa_supplicant_req_scan(wpa_s, timeout / 1000,
6723 1000 * (timeout % 1000));
6724 }
6725
6726
6727 #ifdef CONFIG_FILS
6728 void fils_connection_failure(struct wpa_supplicant *wpa_s)
6729 {
6730 struct wpa_ssid *ssid = wpa_s->current_ssid;
6731 const u8 *realm, *username, *rrk;
6732 size_t realm_len, username_len, rrk_len;
6733 u16 next_seq_num;
6734
6735 if (!ssid || !ssid->eap.erp || !wpa_key_mgmt_fils(ssid->key_mgmt) ||
6736 eapol_sm_get_erp_info(wpa_s->eapol, &ssid->eap,
6737 &username, &username_len,
6738 &realm, &realm_len, &next_seq_num,
6739 &rrk, &rrk_len) != 0 ||
6740 !realm)
6741 return;
6742
6743 wpa_hexdump_ascii(MSG_DEBUG,
6744 "FILS: Store last connection failure realm",
6745 realm, realm_len);
6746 os_free(wpa_s->last_con_fail_realm);
6747 wpa_s->last_con_fail_realm = os_malloc(realm_len);
6748 if (wpa_s->last_con_fail_realm) {
6749 wpa_s->last_con_fail_realm_len = realm_len;
6750 os_memcpy(wpa_s->last_con_fail_realm, realm, realm_len);
6751 }
6752 }
6753 #endif /* CONFIG_FILS */
6754
6755
6756 int wpas_driver_bss_selection(struct wpa_supplicant *wpa_s)
6757 {
6758 return wpa_s->conf->ap_scan == 2 ||
6759 (wpa_s->drv_flags & WPA_DRIVER_FLAGS_BSS_SELECTION);
6760 }
6761
6762
6763 #if defined(CONFIG_CTRL_IFACE) || defined(CONFIG_CTRL_IFACE_DBUS_NEW)
6764 int wpa_supplicant_ctrl_iface_ctrl_rsp_handle(struct wpa_supplicant *wpa_s,
6765 struct wpa_ssid *ssid,
6766 const char *field,
6767 const char *value)
6768 {
6769 #ifdef IEEE8021X_EAPOL
6770 struct eap_peer_config *eap = &ssid->eap;
6771
6772 wpa_printf(MSG_DEBUG, "CTRL_IFACE: response handle field=%s", field);
6773 wpa_hexdump_ascii_key(MSG_DEBUG, "CTRL_IFACE: response value",
6774 (const u8 *) value, os_strlen(value));
6775
6776 switch (wpa_supplicant_ctrl_req_from_string(field)) {
6777 case WPA_CTRL_REQ_EAP_IDENTITY:
6778 os_free(eap->identity);
6779 eap->identity = (u8 *) os_strdup(value);
6780 eap->identity_len = os_strlen(value);
6781 eap->pending_req_identity = 0;
6782 if (ssid == wpa_s->current_ssid)
6783 wpa_s->reassociate = 1;
6784 break;
6785 case WPA_CTRL_REQ_EAP_PASSWORD:
6786 bin_clear_free(eap->password, eap->password_len);
6787 eap->password = (u8 *) os_strdup(value);
6788 eap->password_len = os_strlen(value);
6789 eap->pending_req_password = 0;
6790 if (ssid == wpa_s->current_ssid)
6791 wpa_s->reassociate = 1;
6792 break;
6793 case WPA_CTRL_REQ_EAP_NEW_PASSWORD:
6794 bin_clear_free(eap->new_password, eap->new_password_len);
6795 eap->new_password = (u8 *) os_strdup(value);
6796 eap->new_password_len = os_strlen(value);
6797 eap->pending_req_new_password = 0;
6798 if (ssid == wpa_s->current_ssid)
6799 wpa_s->reassociate = 1;
6800 break;
6801 case WPA_CTRL_REQ_EAP_PIN:
6802 str_clear_free(eap->pin);
6803 eap->pin = os_strdup(value);
6804 eap->pending_req_pin = 0;
6805 if (ssid == wpa_s->current_ssid)
6806 wpa_s->reassociate = 1;
6807 break;
6808 case WPA_CTRL_REQ_EAP_OTP:
6809 bin_clear_free(eap->otp, eap->otp_len);
6810 eap->otp = (u8 *) os_strdup(value);
6811 eap->otp_len = os_strlen(value);
6812 os_free(eap->pending_req_otp);
6813 eap->pending_req_otp = NULL;
6814 eap->pending_req_otp_len = 0;
6815 break;
6816 case WPA_CTRL_REQ_EAP_PASSPHRASE:
6817 str_clear_free(eap->private_key_passwd);
6818 eap->private_key_passwd = os_strdup(value);
6819 eap->pending_req_passphrase = 0;
6820 if (ssid == wpa_s->current_ssid)
6821 wpa_s->reassociate = 1;
6822 break;
6823 case WPA_CTRL_REQ_SIM:
6824 str_clear_free(eap->external_sim_resp);
6825 eap->external_sim_resp = os_strdup(value);
6826 eap->pending_req_sim = 0;
6827 break;
6828 case WPA_CTRL_REQ_PSK_PASSPHRASE:
6829 if (wpa_config_set(ssid, "psk", value, 0) < 0)
6830 return -1;
6831 ssid->mem_only_psk = 1;
6832 if (ssid->passphrase)
6833 wpa_config_update_psk(ssid);
6834 if (wpa_s->wpa_state == WPA_SCANNING && !wpa_s->scanning)
6835 wpa_supplicant_req_scan(wpa_s, 0, 0);
6836 break;
6837 case WPA_CTRL_REQ_EXT_CERT_CHECK:
6838 if (eap->pending_ext_cert_check != PENDING_CHECK)
6839 return -1;
6840 if (os_strcmp(value, "good") == 0)
6841 eap->pending_ext_cert_check = EXT_CERT_CHECK_GOOD;
6842 else if (os_strcmp(value, "bad") == 0)
6843 eap->pending_ext_cert_check = EXT_CERT_CHECK_BAD;
6844 else
6845 return -1;
6846 break;
6847 default:
6848 wpa_printf(MSG_DEBUG, "CTRL_IFACE: Unknown field '%s'", field);
6849 return -1;
6850 }
6851
6852 return 0;
6853 #else /* IEEE8021X_EAPOL */
6854 wpa_printf(MSG_DEBUG, "CTRL_IFACE: IEEE 802.1X not included");
6855 return -1;
6856 #endif /* IEEE8021X_EAPOL */
6857 }
6858 #endif /* CONFIG_CTRL_IFACE || CONFIG_CTRL_IFACE_DBUS_NEW */
6859
6860
6861 int wpas_network_disabled(struct wpa_supplicant *wpa_s, struct wpa_ssid *ssid)
6862 {
6863 int i;
6864 unsigned int drv_enc;
6865
6866 if (wpa_s->p2p_mgmt)
6867 return 1; /* no normal network profiles on p2p_mgmt interface */
6868
6869 if (ssid == NULL)
6870 return 1;
6871
6872 if (ssid->disabled)
6873 return 1;
6874
6875 if (wpa_s->drv_capa_known)
6876 drv_enc = wpa_s->drv_enc;
6877 else
6878 drv_enc = (unsigned int) -1;
6879
6880 for (i = 0; i < NUM_WEP_KEYS; i++) {
6881 size_t len = ssid->wep_key_len[i];
6882 if (len == 0)
6883 continue;
6884 if (len == 5 && (drv_enc & WPA_DRIVER_CAPA_ENC_WEP40))
6885 continue;
6886 if (len == 13 && (drv_enc & WPA_DRIVER_CAPA_ENC_WEP104))
6887 continue;
6888 if (len == 16 && (drv_enc & WPA_DRIVER_CAPA_ENC_WEP128))
6889 continue;
6890 return 1; /* invalid WEP key */
6891 }
6892
6893 if (wpa_key_mgmt_wpa_psk(ssid->key_mgmt) && !ssid->psk_set &&
6894 (!ssid->passphrase || ssid->ssid_len != 0) && !ssid->ext_psk &&
6895 !(wpa_key_mgmt_sae(ssid->key_mgmt) && ssid->sae_password) &&
6896 !ssid->mem_only_psk)
6897 return 1;
6898
6899 return 0;
6900 }
6901
6902
6903 int wpas_get_ssid_pmf(struct wpa_supplicant *wpa_s, struct wpa_ssid *ssid)
6904 {
6905 #ifdef CONFIG_IEEE80211W
6906 if (ssid == NULL || ssid->ieee80211w == MGMT_FRAME_PROTECTION_DEFAULT) {
6907 if (wpa_s->conf->pmf == MGMT_FRAME_PROTECTION_OPTIONAL &&
6908 !(wpa_s->drv_enc & WPA_DRIVER_CAPA_ENC_BIP)) {
6909 /*
6910 * Driver does not support BIP -- ignore pmf=1 default
6911 * since the connection with PMF would fail and the
6912 * configuration does not require PMF to be enabled.
6913 */
6914 return NO_MGMT_FRAME_PROTECTION;
6915 }
6916
6917 if (ssid &&
6918 (ssid->key_mgmt &
6919 ~(WPA_KEY_MGMT_NONE | WPA_KEY_MGMT_WPS |
6920 WPA_KEY_MGMT_IEEE8021X_NO_WPA)) == 0) {
6921 /*
6922 * Do not use the default PMF value for non-RSN networks
6923 * since PMF is available only with RSN and pmf=2
6924 * configuration would otherwise prevent connections to
6925 * all open networks.
6926 */
6927 return NO_MGMT_FRAME_PROTECTION;
6928 }
6929
6930 return wpa_s->conf->pmf;
6931 }
6932
6933 return ssid->ieee80211w;
6934 #else /* CONFIG_IEEE80211W */
6935 return NO_MGMT_FRAME_PROTECTION;
6936 #endif /* CONFIG_IEEE80211W */
6937 }
6938
6939
6940 int wpas_is_p2p_prioritized(struct wpa_supplicant *wpa_s)
6941 {
6942 if (wpa_s->global->conc_pref == WPA_CONC_PREF_P2P)
6943 return 1;
6944 if (wpa_s->global->conc_pref == WPA_CONC_PREF_STA)
6945 return 0;
6946 return -1;
6947 }
6948
6949
6950 void wpas_auth_failed(struct wpa_supplicant *wpa_s, char *reason)
6951 {
6952 struct wpa_ssid *ssid = wpa_s->current_ssid;
6953 int dur;
6954 struct os_reltime now;
6955
6956 if (ssid == NULL) {
6957 wpa_printf(MSG_DEBUG, "Authentication failure but no known "
6958 "SSID block");
6959 return;
6960 }
6961
6962 if (ssid->key_mgmt == WPA_KEY_MGMT_WPS)
6963 return;
6964
6965 ssid->auth_failures++;
6966
6967 #ifdef CONFIG_P2P
6968 if (ssid->p2p_group &&
6969 (wpa_s->p2p_in_provisioning || wpa_s->show_group_started)) {
6970 /*
6971 * Skip the wait time since there is a short timeout on the
6972 * connection to a P2P group.
6973 */
6974 return;
6975 }
6976 #endif /* CONFIG_P2P */
6977
6978 if (ssid->auth_failures > 50)
6979 dur = 300;
6980 else if (ssid->auth_failures > 10)
6981 dur = 120;
6982 else if (ssid->auth_failures > 5)
6983 dur = 90;
6984 else if (ssid->auth_failures > 3)
6985 dur = 60;
6986 else if (ssid->auth_failures > 2)
6987 dur = 30;
6988 else if (ssid->auth_failures > 1)
6989 dur = 20;
6990 else
6991 dur = 10;
6992
6993 if (ssid->auth_failures > 1 &&
6994 wpa_key_mgmt_wpa_ieee8021x(ssid->key_mgmt))
6995 dur += os_random() % (ssid->auth_failures * 10);
6996
6997 os_get_reltime(&now);
6998 if (now.sec + dur <= ssid->disabled_until.sec)
6999 return;
7000
7001 ssid->disabled_until.sec = now.sec + dur;
7002
7003 wpa_msg(wpa_s, MSG_INFO, WPA_EVENT_TEMP_DISABLED
7004 "id=%d ssid=\"%s\" auth_failures=%u duration=%d reason=%s",
7005 ssid->id, wpa_ssid_txt(ssid->ssid, ssid->ssid_len),
7006 ssid->auth_failures, dur, reason);
7007 }
7008
7009
7010 void wpas_clear_temp_disabled(struct wpa_supplicant *wpa_s,
7011 struct wpa_ssid *ssid, int clear_failures)
7012 {
7013 if (ssid == NULL)
7014 return;
7015
7016 if (ssid->disabled_until.sec) {
7017 wpa_msg(wpa_s, MSG_INFO, WPA_EVENT_REENABLED
7018 "id=%d ssid=\"%s\"",
7019 ssid->id, wpa_ssid_txt(ssid->ssid, ssid->ssid_len));
7020 }
7021 ssid->disabled_until.sec = 0;
7022 ssid->disabled_until.usec = 0;
7023 if (clear_failures)
7024 ssid->auth_failures = 0;
7025 }
7026
7027
7028 int disallowed_bssid(struct wpa_supplicant *wpa_s, const u8 *bssid)
7029 {
7030 size_t i;
7031
7032 if (wpa_s->disallow_aps_bssid == NULL)
7033 return 0;
7034
7035 for (i = 0; i < wpa_s->disallow_aps_bssid_count; i++) {
7036 if (os_memcmp(wpa_s->disallow_aps_bssid + i * ETH_ALEN,
7037 bssid, ETH_ALEN) == 0)
7038 return 1;
7039 }
7040
7041 return 0;
7042 }
7043
7044
7045 int disallowed_ssid(struct wpa_supplicant *wpa_s, const u8 *ssid,
7046 size_t ssid_len)
7047 {
7048 size_t i;
7049
7050 if (wpa_s->disallow_aps_ssid == NULL || ssid == NULL)
7051 return 0;
7052
7053 for (i = 0; i < wpa_s->disallow_aps_ssid_count; i++) {
7054 struct wpa_ssid_value *s = &wpa_s->disallow_aps_ssid[i];
7055 if (ssid_len == s->ssid_len &&
7056 os_memcmp(ssid, s->ssid, ssid_len) == 0)
7057 return 1;
7058 }
7059
7060 return 0;
7061 }
7062
7063
7064 /**
7065 * wpas_request_connection - Request a new connection
7066 * @wpa_s: Pointer to the network interface
7067 *
7068 * This function is used to request a new connection to be found. It will mark
7069 * the interface to allow reassociation and request a new scan to find a
7070 * suitable network to connect to.
7071 */
7072 void wpas_request_connection(struct wpa_supplicant *wpa_s)
7073 {
7074 wpa_s->normal_scans = 0;
7075 wpa_s->scan_req = NORMAL_SCAN_REQ;
7076 wpa_supplicant_reinit_autoscan(wpa_s);
7077 wpa_s->extra_blacklist_count = 0;
7078 wpa_s->disconnected = 0;
7079 wpa_s->reassociate = 1;
7080 wpa_s->last_owe_group = 0;
7081
7082 if (wpa_supplicant_fast_associate(wpa_s) != 1)
7083 wpa_supplicant_req_scan(wpa_s, 0, 0);
7084 else
7085 wpa_s->reattach = 0;
7086 }
7087
7088
7089 /**
7090 * wpas_request_disconnection - Request disconnection
7091 * @wpa_s: Pointer to the network interface
7092 *
7093 * This function is used to request disconnection from the currently connected
7094 * network. This will stop any ongoing scans and initiate deauthentication.
7095 */
7096 void wpas_request_disconnection(struct wpa_supplicant *wpa_s)
7097 {
7098 #ifdef CONFIG_SME
7099 wpa_s->sme.prev_bssid_set = 0;
7100 #endif /* CONFIG_SME */
7101 wpa_s->reassociate = 0;
7102 wpa_s->disconnected = 1;
7103 wpa_supplicant_cancel_sched_scan(wpa_s);
7104 wpa_supplicant_cancel_scan(wpa_s);
7105 wpa_supplicant_deauthenticate(wpa_s, WLAN_REASON_DEAUTH_LEAVING);
7106 eloop_cancel_timeout(wpas_network_reenabled, wpa_s, NULL);
7107 radio_remove_works(wpa_s, "connect", 0);
7108 radio_remove_works(wpa_s, "sme-connect", 0);
7109 }
7110
7111
7112 void dump_freq_data(struct wpa_supplicant *wpa_s, const char *title,
7113 struct wpa_used_freq_data *freqs_data,
7114 unsigned int len)
7115 {
7116 unsigned int i;
7117
7118 wpa_dbg(wpa_s, MSG_DEBUG, "Shared frequencies (len=%u): %s",
7119 len, title);
7120 for (i = 0; i < len; i++) {
7121 struct wpa_used_freq_data *cur = &freqs_data[i];
7122 wpa_dbg(wpa_s, MSG_DEBUG, "freq[%u]: %d, flags=0x%X",
7123 i, cur->freq, cur->flags);
7124 }
7125 }
7126
7127
7128 /*
7129 * Find the operating frequencies of any of the virtual interfaces that
7130 * are using the same radio as the current interface, and in addition, get
7131 * information about the interface types that are using the frequency.
7132 */
7133 int get_shared_radio_freqs_data(struct wpa_supplicant *wpa_s,
7134 struct wpa_used_freq_data *freqs_data,
7135 unsigned int len)
7136 {
7137 struct wpa_supplicant *ifs;
7138 u8 bssid[ETH_ALEN];
7139 int freq;
7140 unsigned int idx = 0, i;
7141
7142 wpa_dbg(wpa_s, MSG_DEBUG,
7143 "Determining shared radio frequencies (max len %u)", len);
7144 os_memset(freqs_data, 0, sizeof(struct wpa_used_freq_data) * len);
7145
7146 dl_list_for_each(ifs, &wpa_s->radio->ifaces, struct wpa_supplicant,
7147 radio_list) {
7148 if (idx == len)
7149 break;
7150
7151 if (ifs->current_ssid == NULL || ifs->assoc_freq == 0)
7152 continue;
7153
7154 if (ifs->current_ssid->mode == WPAS_MODE_AP ||
7155 ifs->current_ssid->mode == WPAS_MODE_P2P_GO ||
7156 ifs->current_ssid->mode == WPAS_MODE_MESH)
7157 freq = ifs->current_ssid->frequency;
7158 else if (wpa_drv_get_bssid(ifs, bssid) == 0)
7159 freq = ifs->assoc_freq;
7160 else
7161 continue;
7162
7163 /* Hold only distinct freqs */
7164 for (i = 0; i < idx; i++)
7165 if (freqs_data[i].freq == freq)
7166 break;
7167
7168 if (i == idx)
7169 freqs_data[idx++].freq = freq;
7170
7171 if (ifs->current_ssid->mode == WPAS_MODE_INFRA) {
7172 freqs_data[i].flags |= ifs->current_ssid->p2p_group ?
7173 WPA_FREQ_USED_BY_P2P_CLIENT :
7174 WPA_FREQ_USED_BY_INFRA_STATION;
7175 }
7176 }
7177
7178 dump_freq_data(wpa_s, "completed iteration", freqs_data, idx);
7179 return idx;
7180 }
7181
7182
7183 /*
7184 * Find the operating frequencies of any of the virtual interfaces that
7185 * are using the same radio as the current interface.
7186 */
7187 int get_shared_radio_freqs(struct wpa_supplicant *wpa_s,
7188 int *freq_array, unsigned int len)
7189 {
7190 struct wpa_used_freq_data *freqs_data;
7191 int num, i;
7192
7193 os_memset(freq_array, 0, sizeof(int) * len);
7194
7195 freqs_data = os_calloc(len, sizeof(struct wpa_used_freq_data));
7196 if (!freqs_data)
7197 return -1;
7198
7199 num = get_shared_radio_freqs_data(wpa_s, freqs_data, len);
7200 for (i = 0; i < num; i++)
7201 freq_array[i] = freqs_data[i].freq;
7202
7203 os_free(freqs_data);
7204
7205 return num;
7206 }
7207
7208
7209 struct wpa_supplicant *
7210 wpas_vendor_elem(struct wpa_supplicant *wpa_s, enum wpa_vendor_elem_frame frame)
7211 {
7212 switch (frame) {
7213 #ifdef CONFIG_P2P
7214 case VENDOR_ELEM_PROBE_REQ_P2P:
7215 case VENDOR_ELEM_PROBE_RESP_P2P:
7216 case VENDOR_ELEM_PROBE_RESP_P2P_GO:
7217 case VENDOR_ELEM_BEACON_P2P_GO:
7218 case VENDOR_ELEM_P2P_PD_REQ:
7219 case VENDOR_ELEM_P2P_PD_RESP:
7220 case VENDOR_ELEM_P2P_GO_NEG_REQ:
7221 case VENDOR_ELEM_P2P_GO_NEG_RESP:
7222 case VENDOR_ELEM_P2P_GO_NEG_CONF:
7223 case VENDOR_ELEM_P2P_INV_REQ:
7224 case VENDOR_ELEM_P2P_INV_RESP:
7225 case VENDOR_ELEM_P2P_ASSOC_REQ:
7226 case VENDOR_ELEM_P2P_ASSOC_RESP:
7227 return wpa_s->p2pdev;
7228 #endif /* CONFIG_P2P */
7229 default:
7230 return wpa_s;
7231 }
7232 }
7233
7234
7235 void wpas_vendor_elem_update(struct wpa_supplicant *wpa_s)
7236 {
7237 unsigned int i;
7238 char buf[30];
7239
7240 wpa_printf(MSG_DEBUG, "Update vendor elements");
7241
7242 for (i = 0; i < NUM_VENDOR_ELEM_FRAMES; i++) {
7243 if (wpa_s->vendor_elem[i]) {
7244 int res;
7245
7246 res = os_snprintf(buf, sizeof(buf), "frame[%u]", i);
7247 if (!os_snprintf_error(sizeof(buf), res)) {
7248 wpa_hexdump_buf(MSG_DEBUG, buf,
7249 wpa_s->vendor_elem[i]);
7250 }
7251 }
7252 }
7253
7254 #ifdef CONFIG_P2P
7255 if (wpa_s->parent == wpa_s &&
7256 wpa_s->global->p2p &&
7257 !wpa_s->global->p2p_disabled)
7258 p2p_set_vendor_elems(wpa_s->global->p2p, wpa_s->vendor_elem);
7259 #endif /* CONFIG_P2P */
7260 }
7261
7262
7263 int wpas_vendor_elem_remove(struct wpa_supplicant *wpa_s, int frame,
7264 const u8 *elem, size_t len)
7265 {
7266 u8 *ie, *end;
7267
7268 ie = wpabuf_mhead_u8(wpa_s->vendor_elem[frame]);
7269 end = ie + wpabuf_len(wpa_s->vendor_elem[frame]);
7270
7271 for (; ie + 1 < end; ie += 2 + ie[1]) {
7272 if (ie + len > end)
7273 break;
7274 if (os_memcmp(ie, elem, len) != 0)
7275 continue;
7276
7277 if (wpabuf_len(wpa_s->vendor_elem[frame]) == len) {
7278 wpabuf_free(wpa_s->vendor_elem[frame]);
7279 wpa_s->vendor_elem[frame] = NULL;
7280 } else {
7281 os_memmove(ie, ie + len, end - (ie + len));
7282 wpa_s->vendor_elem[frame]->used -= len;
7283 }
7284 wpas_vendor_elem_update(wpa_s);
7285 return 0;
7286 }
7287
7288 return -1;
7289 }
7290
7291
7292 struct hostapd_hw_modes * get_mode(struct hostapd_hw_modes *modes,
7293 u16 num_modes, enum hostapd_hw_mode mode)
7294 {
7295 u16 i;
7296
7297 for (i = 0; i < num_modes; i++) {
7298 if (modes[i].mode == mode)
7299 return &modes[i];
7300 }
7301
7302 return NULL;
7303 }
7304
7305
7306 static struct
7307 wpa_bss_tmp_disallowed * wpas_get_disallowed_bss(struct wpa_supplicant *wpa_s,
7308 const u8 *bssid)
7309 {
7310 struct wpa_bss_tmp_disallowed *bss;
7311
7312 dl_list_for_each(bss, &wpa_s->bss_tmp_disallowed,
7313 struct wpa_bss_tmp_disallowed, list) {
7314 if (os_memcmp(bssid, bss->bssid, ETH_ALEN) == 0)
7315 return bss;
7316 }
7317
7318 return NULL;
7319 }
7320
7321
7322 static int wpa_set_driver_tmp_disallow_list(struct wpa_supplicant *wpa_s)
7323 {
7324 struct wpa_bss_tmp_disallowed *tmp;
7325 unsigned int num_bssid = 0;
7326 u8 *bssids;
7327 int ret;
7328
7329 bssids = os_malloc(dl_list_len(&wpa_s->bss_tmp_disallowed) * ETH_ALEN);
7330 if (!bssids)
7331 return -1;
7332 dl_list_for_each(tmp, &wpa_s->bss_tmp_disallowed,
7333 struct wpa_bss_tmp_disallowed, list) {
7334 os_memcpy(&bssids[num_bssid * ETH_ALEN], tmp->bssid,
7335 ETH_ALEN);
7336 num_bssid++;
7337 }
7338 ret = wpa_drv_set_bssid_blacklist(wpa_s, num_bssid, bssids);
7339 os_free(bssids);
7340 return ret;
7341 }
7342
7343
7344 static void wpa_bss_tmp_disallow_timeout(void *eloop_ctx, void *timeout_ctx)
7345 {
7346 struct wpa_supplicant *wpa_s = eloop_ctx;
7347 struct wpa_bss_tmp_disallowed *tmp, *bss = timeout_ctx;
7348
7349 /* Make sure the bss is not already freed */
7350 dl_list_for_each(tmp, &wpa_s->bss_tmp_disallowed,
7351 struct wpa_bss_tmp_disallowed, list) {
7352 if (bss == tmp) {
7353 dl_list_del(&tmp->list);
7354 os_free(tmp);
7355 wpa_set_driver_tmp_disallow_list(wpa_s);
7356 break;
7357 }
7358 }
7359 }
7360
7361
7362 void wpa_bss_tmp_disallow(struct wpa_supplicant *wpa_s, const u8 *bssid,
7363 unsigned int sec, int rssi_threshold)
7364 {
7365 struct wpa_bss_tmp_disallowed *bss;
7366
7367 bss = wpas_get_disallowed_bss(wpa_s, bssid);
7368 if (bss) {
7369 eloop_cancel_timeout(wpa_bss_tmp_disallow_timeout, wpa_s, bss);
7370 goto finish;
7371 }
7372
7373 bss = os_malloc(sizeof(*bss));
7374 if (!bss) {
7375 wpa_printf(MSG_DEBUG,
7376 "Failed to allocate memory for temp disallow BSS");
7377 return;
7378 }
7379
7380 os_memcpy(bss->bssid, bssid, ETH_ALEN);
7381 dl_list_add(&wpa_s->bss_tmp_disallowed, &bss->list);
7382 wpa_set_driver_tmp_disallow_list(wpa_s);
7383
7384 finish:
7385 bss->rssi_threshold = rssi_threshold;
7386 eloop_register_timeout(sec, 0, wpa_bss_tmp_disallow_timeout,
7387 wpa_s, bss);
7388 }
7389
7390
7391 int wpa_is_bss_tmp_disallowed(struct wpa_supplicant *wpa_s,
7392 struct wpa_bss *bss)
7393 {
7394 struct wpa_bss_tmp_disallowed *disallowed = NULL, *tmp, *prev;
7395
7396 dl_list_for_each_safe(tmp, prev, &wpa_s->bss_tmp_disallowed,
7397 struct wpa_bss_tmp_disallowed, list) {
7398 if (os_memcmp(bss->bssid, tmp->bssid, ETH_ALEN) == 0) {
7399 disallowed = tmp;
7400 break;
7401 }
7402 }
7403 if (!disallowed)
7404 return 0;
7405
7406 if (disallowed->rssi_threshold != 0 &&
7407 bss->level > disallowed->rssi_threshold)
7408 return 0;
7409
7410 return 1;
7411 }
Unnamed repository; edit this file 'description' to name the repository.