]> git.ipfire.org Git - thirdparty/hostap.git/blob - wpa_supplicant/wpa_supplicant.c
projects / thirdparty / hostap.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
wpa_supplicant: Add option -I for additional config file
[thirdparty/hostap.git] / wpa_supplicant / wpa_supplicant.c
1 /*
2 * WPA Supplicant
3 * Copyright (c) 2003-2012, Jouni Malinen <j@w1.fi>
4 *
5 * This software may be distributed under the terms of the BSD license.
6 * See README for more details.
7 *
8 * This file implements functions for registering and unregistering
9 * %wpa_supplicant interfaces. In addition, this file contains number of
10 * functions for managing network connections.
11 */
12
13 #include "includes.h"
14
15 #include "common.h"
16 #include "crypto/random.h"
17 #include "crypto/sha1.h"
18 #include "eapol_supp/eapol_supp_sm.h"
19 #include "eap_peer/eap.h"
20 #include "eap_server/eap_methods.h"
21 #include "rsn_supp/wpa.h"
22 #include "eloop.h"
23 #include "config.h"
24 #include "utils/ext_password.h"
25 #include "l2_packet/l2_packet.h"
26 #include "wpa_supplicant_i.h"
27 #include "driver_i.h"
28 #include "ctrl_iface.h"
29 #include "pcsc_funcs.h"
30 #include "common/version.h"
31 #include "rsn_supp/preauth.h"
32 #include "rsn_supp/pmksa_cache.h"
33 #include "common/wpa_ctrl.h"
34 #include "common/ieee802_11_defs.h"
35 #include "p2p/p2p.h"
36 #include "blacklist.h"
37 #include "wpas_glue.h"
38 #include "wps_supplicant.h"
39 #include "ibss_rsn.h"
40 #include "sme.h"
41 #include "gas_query.h"
42 #include "ap.h"
43 #include "p2p_supplicant.h"
44 #include "wifi_display.h"
45 #include "notify.h"
46 #include "bgscan.h"
47 #include "autoscan.h"
48 #include "bss.h"
49 #include "scan.h"
50 #include "offchannel.h"
51 #include "hs20_supplicant.h"
52
53 const char *wpa_supplicant_version =
54 "wpa_supplicant v" VERSION_STR "\n"
55 "Copyright (c) 2003-2013, Jouni Malinen <j@w1.fi> and contributors";
56
57 const char *wpa_supplicant_license =
58 "This software may be distributed under the terms of the BSD license.\n"
59 "See README for more details.\n"
60 #ifdef EAP_TLS_OPENSSL
61 "\nThis product includes software developed by the OpenSSL Project\n"
62 "for use in the OpenSSL Toolkit (http://www.openssl.org/)\n"
63 #endif /* EAP_TLS_OPENSSL */
64 ;
65
66 #ifndef CONFIG_NO_STDOUT_DEBUG
67 /* Long text divided into parts in order to fit in C89 strings size limits. */
68 const char *wpa_supplicant_full_license1 =
69 "";
70 const char *wpa_supplicant_full_license2 =
71 "This software may be distributed under the terms of the BSD license.\n"
72 "\n"
73 "Redistribution and use in source and binary forms, with or without\n"
74 "modification, are permitted provided that the following conditions are\n"
75 "met:\n"
76 "\n";
77 const char *wpa_supplicant_full_license3 =
78 "1. Redistributions of source code must retain the above copyright\n"
79 " notice, this list of conditions and the following disclaimer.\n"
80 "\n"
81 "2. Redistributions in binary form must reproduce the above copyright\n"
82 " notice, this list of conditions and the following disclaimer in the\n"
83 " documentation and/or other materials provided with the distribution.\n"
84 "\n";
85 const char *wpa_supplicant_full_license4 =
86 "3. Neither the name(s) of the above-listed copyright holder(s) nor the\n"
87 " names of its contributors may be used to endorse or promote products\n"
88 " derived from this software without specific prior written permission.\n"
89 "\n"
90 "THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS\n"
91 "\"AS IS\" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT\n"
92 "LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR\n"
93 "A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT\n";
94 const char *wpa_supplicant_full_license5 =
95 "OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,\n"
96 "SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT\n"
97 "LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,\n"
98 "DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY\n"
99 "THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT\n"
100 "(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE\n"
101 "OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n"
102 "\n";
103 #endif /* CONFIG_NO_STDOUT_DEBUG */
104
105 extern int wpa_debug_level;
106 extern int wpa_debug_show_keys;
107 extern int wpa_debug_timestamp;
108 extern struct wpa_driver_ops *wpa_drivers[];
109
110 /* Configure default/group WEP keys for static WEP */
111 int wpa_set_wep_keys(struct wpa_supplicant *wpa_s, struct wpa_ssid *ssid)
112 {
113 int i, set = 0;
114
115 for (i = 0; i < NUM_WEP_KEYS; i++) {
116 if (ssid->wep_key_len[i] == 0)
117 continue;
118
119 set = 1;
120 wpa_drv_set_key(wpa_s, WPA_ALG_WEP, NULL,
121 i, i == ssid->wep_tx_keyidx, NULL, 0,
122 ssid->wep_key[i], ssid->wep_key_len[i]);
123 }
124
125 return set;
126 }
127
128
129 static int wpa_supplicant_set_wpa_none_key(struct wpa_supplicant *wpa_s,
130 struct wpa_ssid *ssid)
131 {
132 u8 key[32];
133 size_t keylen;
134 enum wpa_alg alg;
135 u8 seq[6] = { 0 };
136
137 /* IBSS/WPA-None uses only one key (Group) for both receiving and
138 * sending unicast and multicast packets. */
139
140 if (ssid->mode != WPAS_MODE_IBSS) {
141 wpa_msg(wpa_s, MSG_INFO, "WPA: Invalid mode %d (not "
142 "IBSS/ad-hoc) for WPA-None", ssid->mode);
143 return -1;
144 }
145
146 if (!ssid->psk_set) {
147 wpa_msg(wpa_s, MSG_INFO, "WPA: No PSK configured for "
148 "WPA-None");
149 return -1;
150 }
151
152 switch (wpa_s->group_cipher) {
153 case WPA_CIPHER_CCMP:
154 os_memcpy(key, ssid->psk, 16);
155 keylen = 16;
156 alg = WPA_ALG_CCMP;
157 break;
158 case WPA_CIPHER_GCMP:
159 os_memcpy(key, ssid->psk, 16);
160 keylen = 16;
161 alg = WPA_ALG_GCMP;
162 break;
163 case WPA_CIPHER_TKIP:
164 /* WPA-None uses the same Michael MIC key for both TX and RX */
165 os_memcpy(key, ssid->psk, 16 + 8);
166 os_memcpy(key + 16 + 8, ssid->psk + 16, 8);
167 keylen = 32;
168 alg = WPA_ALG_TKIP;
169 break;
170 default:
171 wpa_msg(wpa_s, MSG_INFO, "WPA: Invalid group cipher %d for "
172 "WPA-None", wpa_s->group_cipher);
173 return -1;
174 }
175
176 /* TODO: should actually remember the previously used seq#, both for TX
177 * and RX from each STA.. */
178
179 return wpa_drv_set_key(wpa_s, alg, NULL, 0, 1, seq, 6, key, keylen);
180 }
181
182
183 static void wpa_supplicant_timeout(void *eloop_ctx, void *timeout_ctx)
184 {
185 struct wpa_supplicant *wpa_s = eloop_ctx;
186 const u8 *bssid = wpa_s->bssid;
187 if (is_zero_ether_addr(bssid))
188 bssid = wpa_s->pending_bssid;
189 wpa_msg(wpa_s, MSG_INFO, "Authentication with " MACSTR " timed out.",
190 MAC2STR(bssid));
191 wpa_blacklist_add(wpa_s, bssid);
192 wpa_sm_notify_disassoc(wpa_s->wpa);
193 wpa_supplicant_deauthenticate(wpa_s, WLAN_REASON_DEAUTH_LEAVING);
194 wpa_s->reassociate = 1;
195
196 /*
197 * If we timed out, the AP or the local radio may be busy.
198 * So, wait a second until scanning again.
199 */
200 wpa_supplicant_req_scan(wpa_s, 1, 0);
201
202 wpas_p2p_continue_after_scan(wpa_s);
203 }
204
205
206 /**
207 * wpa_supplicant_req_auth_timeout - Schedule a timeout for authentication
208 * @wpa_s: Pointer to wpa_supplicant data
209 * @sec: Number of seconds after which to time out authentication
210 * @usec: Number of microseconds after which to time out authentication
211 *
212 * This function is used to schedule a timeout for the current authentication
213 * attempt.
214 */
215 void wpa_supplicant_req_auth_timeout(struct wpa_supplicant *wpa_s,
216 int sec, int usec)
217 {
218 if (wpa_s->conf && wpa_s->conf->ap_scan == 0 &&
219 (wpa_s->drv_flags & WPA_DRIVER_FLAGS_WIRED))
220 return;
221
222 wpa_dbg(wpa_s, MSG_DEBUG, "Setting authentication timeout: %d sec "
223 "%d usec", sec, usec);
224 eloop_cancel_timeout(wpa_supplicant_timeout, wpa_s, NULL);
225 eloop_register_timeout(sec, usec, wpa_supplicant_timeout, wpa_s, NULL);
226 }
227
228
229 /**
230 * wpa_supplicant_cancel_auth_timeout - Cancel authentication timeout
231 * @wpa_s: Pointer to wpa_supplicant data
232 *
233 * This function is used to cancel authentication timeout scheduled with
234 * wpa_supplicant_req_auth_timeout() and it is called when authentication has
235 * been completed.
236 */
237 void wpa_supplicant_cancel_auth_timeout(struct wpa_supplicant *wpa_s)
238 {
239 wpa_dbg(wpa_s, MSG_DEBUG, "Cancelling authentication timeout");
240 eloop_cancel_timeout(wpa_supplicant_timeout, wpa_s, NULL);
241 wpa_blacklist_del(wpa_s, wpa_s->bssid);
242 }
243
244
245 /**
246 * wpa_supplicant_initiate_eapol - Configure EAPOL state machine
247 * @wpa_s: Pointer to wpa_supplicant data
248 *
249 * This function is used to configure EAPOL state machine based on the selected
250 * authentication mode.
251 */
252 void wpa_supplicant_initiate_eapol(struct wpa_supplicant *wpa_s)
253 {
254 #ifdef IEEE8021X_EAPOL
255 struct eapol_config eapol_conf;
256 struct wpa_ssid *ssid = wpa_s->current_ssid;
257
258 #ifdef CONFIG_IBSS_RSN
259 if (ssid->mode == WPAS_MODE_IBSS &&
260 wpa_s->key_mgmt != WPA_KEY_MGMT_NONE &&
261 wpa_s->key_mgmt != WPA_KEY_MGMT_WPA_NONE) {
262 /*
263 * RSN IBSS authentication is per-STA and we can disable the
264 * per-BSSID EAPOL authentication.
265 */
266 eapol_sm_notify_portControl(wpa_s->eapol, ForceAuthorized);
267 eapol_sm_notify_eap_success(wpa_s->eapol, TRUE);
268 eapol_sm_notify_eap_fail(wpa_s->eapol, FALSE);
269 return;
270 }
271 #endif /* CONFIG_IBSS_RSN */
272
273 eapol_sm_notify_eap_success(wpa_s->eapol, FALSE);
274 eapol_sm_notify_eap_fail(wpa_s->eapol, FALSE);
275
276 if (wpa_s->key_mgmt == WPA_KEY_MGMT_NONE ||
277 wpa_s->key_mgmt == WPA_KEY_MGMT_WPA_NONE)
278 eapol_sm_notify_portControl(wpa_s->eapol, ForceAuthorized);
279 else
280 eapol_sm_notify_portControl(wpa_s->eapol, Auto);
281
282 os_memset(&eapol_conf, 0, sizeof(eapol_conf));
283 if (wpa_s->key_mgmt == WPA_KEY_MGMT_IEEE8021X_NO_WPA) {
284 eapol_conf.accept_802_1x_keys = 1;
285 eapol_conf.required_keys = 0;
286 if (ssid->eapol_flags & EAPOL_FLAG_REQUIRE_KEY_UNICAST) {
287 eapol_conf.required_keys |= EAPOL_REQUIRE_KEY_UNICAST;
288 }
289 if (ssid->eapol_flags & EAPOL_FLAG_REQUIRE_KEY_BROADCAST) {
290 eapol_conf.required_keys |=
291 EAPOL_REQUIRE_KEY_BROADCAST;
292 }
293
294 if (wpa_s->conf && (wpa_s->drv_flags & WPA_DRIVER_FLAGS_WIRED))
295 eapol_conf.required_keys = 0;
296 }
297 if (wpa_s->conf)
298 eapol_conf.fast_reauth = wpa_s->conf->fast_reauth;
299 eapol_conf.workaround = ssid->eap_workaround;
300 eapol_conf.eap_disabled =
301 !wpa_key_mgmt_wpa_ieee8021x(wpa_s->key_mgmt) &&
302 wpa_s->key_mgmt != WPA_KEY_MGMT_IEEE8021X_NO_WPA &&
303 wpa_s->key_mgmt != WPA_KEY_MGMT_WPS;
304 eapol_sm_notify_config(wpa_s->eapol, &ssid->eap, &eapol_conf);
305 #endif /* IEEE8021X_EAPOL */
306 }
307
308
309 /**
310 * wpa_supplicant_set_non_wpa_policy - Set WPA parameters to non-WPA mode
311 * @wpa_s: Pointer to wpa_supplicant data
312 * @ssid: Configuration data for the network
313 *
314 * This function is used to configure WPA state machine and related parameters
315 * to a mode where WPA is not enabled. This is called as part of the
316 * authentication configuration when the selected network does not use WPA.
317 */
318 void wpa_supplicant_set_non_wpa_policy(struct wpa_supplicant *wpa_s,
319 struct wpa_ssid *ssid)
320 {
321 int i;
322
323 if (ssid->key_mgmt & WPA_KEY_MGMT_WPS)
324 wpa_s->key_mgmt = WPA_KEY_MGMT_WPS;
325 else if (ssid->key_mgmt & WPA_KEY_MGMT_IEEE8021X_NO_WPA)
326 wpa_s->key_mgmt = WPA_KEY_MGMT_IEEE8021X_NO_WPA;
327 else
328 wpa_s->key_mgmt = WPA_KEY_MGMT_NONE;
329 wpa_sm_set_ap_wpa_ie(wpa_s->wpa, NULL, 0);
330 wpa_sm_set_ap_rsn_ie(wpa_s->wpa, NULL, 0);
331 wpa_sm_set_assoc_wpa_ie(wpa_s->wpa, NULL, 0);
332 wpa_s->pairwise_cipher = WPA_CIPHER_NONE;
333 wpa_s->group_cipher = WPA_CIPHER_NONE;
334 wpa_s->mgmt_group_cipher = 0;
335
336 for (i = 0; i < NUM_WEP_KEYS; i++) {
337 if (ssid->wep_key_len[i] > 5) {
338 wpa_s->pairwise_cipher = WPA_CIPHER_WEP104;
339 wpa_s->group_cipher = WPA_CIPHER_WEP104;
340 break;
341 } else if (ssid->wep_key_len[i] > 0) {
342 wpa_s->pairwise_cipher = WPA_CIPHER_WEP40;
343 wpa_s->group_cipher = WPA_CIPHER_WEP40;
344 break;
345 }
346 }
347
348 wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_RSN_ENABLED, 0);
349 wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_KEY_MGMT, wpa_s->key_mgmt);
350 wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_PAIRWISE,
351 wpa_s->pairwise_cipher);
352 wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_GROUP, wpa_s->group_cipher);
353 #ifdef CONFIG_IEEE80211W
354 wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_MGMT_GROUP,
355 wpa_s->mgmt_group_cipher);
356 #endif /* CONFIG_IEEE80211W */
357
358 pmksa_cache_clear_current(wpa_s->wpa);
359 }
360
361
362 void free_hw_features(struct wpa_supplicant *wpa_s)
363 {
364 int i;
365 if (wpa_s->hw.modes == NULL)
366 return;
367
368 for (i = 0; i < wpa_s->hw.num_modes; i++) {
369 os_free(wpa_s->hw.modes[i].channels);
370 os_free(wpa_s->hw.modes[i].rates);
371 }
372
373 os_free(wpa_s->hw.modes);
374 wpa_s->hw.modes = NULL;
375 }
376
377
378 static void wpa_supplicant_cleanup(struct wpa_supplicant *wpa_s)
379 {
380 bgscan_deinit(wpa_s);
381 autoscan_deinit(wpa_s);
382 scard_deinit(wpa_s->scard);
383 wpa_s->scard = NULL;
384 wpa_sm_set_scard_ctx(wpa_s->wpa, NULL);
385 eapol_sm_register_scard_ctx(wpa_s->eapol, NULL);
386 l2_packet_deinit(wpa_s->l2);
387 wpa_s->l2 = NULL;
388 if (wpa_s->l2_br) {
389 l2_packet_deinit(wpa_s->l2_br);
390 wpa_s->l2_br = NULL;
391 }
392
393 if (wpa_s->conf != NULL) {
394 struct wpa_ssid *ssid;
395 for (ssid = wpa_s->conf->ssid; ssid; ssid = ssid->next)
396 wpas_notify_network_removed(wpa_s, ssid);
397 }
398
399 os_free(wpa_s->confname);
400 wpa_s->confname = NULL;
401
402 os_free(wpa_s->confanother);
403 wpa_s->confanother = NULL;
404
405 wpa_sm_set_eapol(wpa_s->wpa, NULL);
406 eapol_sm_deinit(wpa_s->eapol);
407 wpa_s->eapol = NULL;
408
409 rsn_preauth_deinit(wpa_s->wpa);
410
411 #ifdef CONFIG_TDLS
412 wpa_tdls_deinit(wpa_s->wpa);
413 #endif /* CONFIG_TDLS */
414
415 pmksa_candidate_free(wpa_s->wpa);
416 wpa_sm_deinit(wpa_s->wpa);
417 wpa_s->wpa = NULL;
418 wpa_blacklist_clear(wpa_s);
419
420 wpa_bss_deinit(wpa_s);
421
422 wpa_supplicant_cancel_scan(wpa_s);
423 wpa_supplicant_cancel_auth_timeout(wpa_s);
424 eloop_cancel_timeout(wpa_supplicant_stop_countermeasures, wpa_s, NULL);
425 #ifdef CONFIG_DELAYED_MIC_ERROR_REPORT
426 eloop_cancel_timeout(wpa_supplicant_delayed_mic_error_report,
427 wpa_s, NULL);
428 #endif /* CONFIG_DELAYED_MIC_ERROR_REPORT */
429
430 wpas_wps_deinit(wpa_s);
431
432 wpabuf_free(wpa_s->pending_eapol_rx);
433 wpa_s->pending_eapol_rx = NULL;
434
435 #ifdef CONFIG_IBSS_RSN
436 ibss_rsn_deinit(wpa_s->ibss_rsn);
437 wpa_s->ibss_rsn = NULL;
438 #endif /* CONFIG_IBSS_RSN */
439
440 sme_deinit(wpa_s);
441
442 #ifdef CONFIG_AP
443 wpa_supplicant_ap_deinit(wpa_s);
444 #endif /* CONFIG_AP */
445
446 #ifdef CONFIG_P2P
447 wpas_p2p_deinit(wpa_s);
448 #endif /* CONFIG_P2P */
449
450 #ifdef CONFIG_OFFCHANNEL
451 offchannel_deinit(wpa_s);
452 #endif /* CONFIG_OFFCHANNEL */
453
454 wpa_supplicant_cancel_sched_scan(wpa_s);
455
456 os_free(wpa_s->next_scan_freqs);
457 wpa_s->next_scan_freqs = NULL;
458
459 gas_query_deinit(wpa_s->gas);
460 wpa_s->gas = NULL;
461
462 free_hw_features(wpa_s);
463
464 os_free(wpa_s->bssid_filter);
465 wpa_s->bssid_filter = NULL;
466
467 os_free(wpa_s->disallow_aps_bssid);
468 wpa_s->disallow_aps_bssid = NULL;
469 os_free(wpa_s->disallow_aps_ssid);
470 wpa_s->disallow_aps_ssid = NULL;
471
472 wnm_bss_keep_alive_deinit(wpa_s);
473
474 ext_password_deinit(wpa_s->ext_pw);
475 wpa_s->ext_pw = NULL;
476
477 wpabuf_free(wpa_s->last_gas_resp);
478
479 os_free(wpa_s->last_scan_res);
480 wpa_s->last_scan_res = NULL;
481 }
482
483
484 /**
485 * wpa_clear_keys - Clear keys configured for the driver
486 * @wpa_s: Pointer to wpa_supplicant data
487 * @addr: Previously used BSSID or %NULL if not available
488 *
489 * This function clears the encryption keys that has been previously configured
490 * for the driver.
491 */
492 void wpa_clear_keys(struct wpa_supplicant *wpa_s, const u8 *addr)
493 {
494 if (wpa_s->keys_cleared) {
495 /* Some drivers (e.g., ndiswrapper & NDIS drivers) seem to have
496 * timing issues with keys being cleared just before new keys
497 * are set or just after association or something similar. This
498 * shows up in group key handshake failing often because of the
499 * client not receiving the first encrypted packets correctly.
500 * Skipping some of the extra key clearing steps seems to help
501 * in completing group key handshake more reliably. */
502 wpa_dbg(wpa_s, MSG_DEBUG, "No keys have been configured - "
503 "skip key clearing");
504 return;
505 }
506
507 /* MLME-DELETEKEYS.request */
508 wpa_drv_set_key(wpa_s, WPA_ALG_NONE, NULL, 0, 0, NULL, 0, NULL, 0);
509 wpa_drv_set_key(wpa_s, WPA_ALG_NONE, NULL, 1, 0, NULL, 0, NULL, 0);
510 wpa_drv_set_key(wpa_s, WPA_ALG_NONE, NULL, 2, 0, NULL, 0, NULL, 0);
511 wpa_drv_set_key(wpa_s, WPA_ALG_NONE, NULL, 3, 0, NULL, 0, NULL, 0);
512 #ifdef CONFIG_IEEE80211W
513 wpa_drv_set_key(wpa_s, WPA_ALG_NONE, NULL, 4, 0, NULL, 0, NULL, 0);
514 wpa_drv_set_key(wpa_s, WPA_ALG_NONE, NULL, 5, 0, NULL, 0, NULL, 0);
515 #endif /* CONFIG_IEEE80211W */
516 if (addr) {
517 wpa_drv_set_key(wpa_s, WPA_ALG_NONE, addr, 0, 0, NULL, 0, NULL,
518 0);
519 /* MLME-SETPROTECTION.request(None) */
520 wpa_drv_mlme_setprotection(
521 wpa_s, addr,
522 MLME_SETPROTECTION_PROTECT_TYPE_NONE,
523 MLME_SETPROTECTION_KEY_TYPE_PAIRWISE);
524 }
525 wpa_s->keys_cleared = 1;
526 }
527
528
529 /**
530 * wpa_supplicant_state_txt - Get the connection state name as a text string
531 * @state: State (wpa_state; WPA_*)
532 * Returns: The state name as a printable text string
533 */
534 const char * wpa_supplicant_state_txt(enum wpa_states state)
535 {
536 switch (state) {
537 case WPA_DISCONNECTED:
538 return "DISCONNECTED";
539 case WPA_INACTIVE:
540 return "INACTIVE";
541 case WPA_INTERFACE_DISABLED:
542 return "INTERFACE_DISABLED";
543 case WPA_SCANNING:
544 return "SCANNING";
545 case WPA_AUTHENTICATING:
546 return "AUTHENTICATING";
547 case WPA_ASSOCIATING:
548 return "ASSOCIATING";
549 case WPA_ASSOCIATED:
550 return "ASSOCIATED";
551 case WPA_4WAY_HANDSHAKE:
552 return "4WAY_HANDSHAKE";
553 case WPA_GROUP_HANDSHAKE:
554 return "GROUP_HANDSHAKE";
555 case WPA_COMPLETED:
556 return "COMPLETED";
557 default:
558 return "UNKNOWN";
559 }
560 }
561
562
563 #ifdef CONFIG_BGSCAN
564
565 static void wpa_supplicant_start_bgscan(struct wpa_supplicant *wpa_s)
566 {
567 if (wpas_driver_bss_selection(wpa_s))
568 return;
569 if (wpa_s->current_ssid == wpa_s->bgscan_ssid)
570 return;
571
572 bgscan_deinit(wpa_s);
573 if (wpa_s->current_ssid && wpa_s->current_ssid->bgscan) {
574 if (bgscan_init(wpa_s, wpa_s->current_ssid)) {
575 wpa_dbg(wpa_s, MSG_DEBUG, "Failed to initialize "
576 "bgscan");
577 /*
578 * Live without bgscan; it is only used as a roaming
579 * optimization, so the initial connection is not
580 * affected.
581 */
582 } else {
583 struct wpa_scan_results *scan_res;
584 wpa_s->bgscan_ssid = wpa_s->current_ssid;
585 scan_res = wpa_supplicant_get_scan_results(wpa_s, NULL,
586 0);
587 if (scan_res) {
588 bgscan_notify_scan(wpa_s, scan_res);
589 wpa_scan_results_free(scan_res);
590 }
591 }
592 } else
593 wpa_s->bgscan_ssid = NULL;
594 }
595
596
597 static void wpa_supplicant_stop_bgscan(struct wpa_supplicant *wpa_s)
598 {
599 if (wpa_s->bgscan_ssid != NULL) {
600 bgscan_deinit(wpa_s);
601 wpa_s->bgscan_ssid = NULL;
602 }
603 }
604
605 #endif /* CONFIG_BGSCAN */
606
607
608 static void wpa_supplicant_start_autoscan(struct wpa_supplicant *wpa_s)
609 {
610 if (autoscan_init(wpa_s, 0))
611 wpa_dbg(wpa_s, MSG_DEBUG, "Failed to initialize autoscan");
612 }
613
614
615 static void wpa_supplicant_stop_autoscan(struct wpa_supplicant *wpa_s)
616 {
617 autoscan_deinit(wpa_s);
618 }
619
620
621 void wpa_supplicant_reinit_autoscan(struct wpa_supplicant *wpa_s)
622 {
623 if (wpa_s->wpa_state == WPA_DISCONNECTED ||
624 wpa_s->wpa_state == WPA_SCANNING) {
625 autoscan_deinit(wpa_s);
626 wpa_supplicant_start_autoscan(wpa_s);
627 }
628 }
629
630
631 /**
632 * wpa_supplicant_set_state - Set current connection state
633 * @wpa_s: Pointer to wpa_supplicant data
634 * @state: The new connection state
635 *
636 * This function is called whenever the connection state changes, e.g.,
637 * association is completed for WPA/WPA2 4-Way Handshake is started.
638 */
639 void wpa_supplicant_set_state(struct wpa_supplicant *wpa_s,
640 enum wpa_states state)
641 {
642 enum wpa_states old_state = wpa_s->wpa_state;
643
644 wpa_dbg(wpa_s, MSG_DEBUG, "State: %s -> %s",
645 wpa_supplicant_state_txt(wpa_s->wpa_state),
646 wpa_supplicant_state_txt(state));
647
648 if (state != WPA_SCANNING)
649 wpa_supplicant_notify_scanning(wpa_s, 0);
650
651 if (state == WPA_COMPLETED && wpa_s->new_connection) {
652 struct wpa_ssid *ssid = wpa_s->current_ssid;
653 #if defined(CONFIG_CTRL_IFACE) || !defined(CONFIG_NO_STDOUT_DEBUG)
654 wpa_msg(wpa_s, MSG_INFO, WPA_EVENT_CONNECTED "- Connection to "
655 MACSTR " completed [id=%d id_str=%s]",
656 MAC2STR(wpa_s->bssid),
657 ssid ? ssid->id : -1,
658 ssid && ssid->id_str ? ssid->id_str : "");
659 #endif /* CONFIG_CTRL_IFACE || !CONFIG_NO_STDOUT_DEBUG */
660 wpas_clear_temp_disabled(wpa_s, ssid, 1);
661 wpa_s->extra_blacklist_count = 0;
662 wpa_s->new_connection = 0;
663 wpa_drv_set_operstate(wpa_s, 1);
664 #ifndef IEEE8021X_EAPOL
665 wpa_drv_set_supp_port(wpa_s, 1);
666 #endif /* IEEE8021X_EAPOL */
667 wpa_s->after_wps = 0;
668 #ifdef CONFIG_P2P
669 wpas_p2p_completed(wpa_s);
670 #endif /* CONFIG_P2P */
671
672 sme_sched_obss_scan(wpa_s, 1);
673 } else if (state == WPA_DISCONNECTED || state == WPA_ASSOCIATING ||
674 state == WPA_ASSOCIATED) {
675 wpa_s->new_connection = 1;
676 wpa_drv_set_operstate(wpa_s, 0);
677 #ifndef IEEE8021X_EAPOL
678 wpa_drv_set_supp_port(wpa_s, 0);
679 #endif /* IEEE8021X_EAPOL */
680 sme_sched_obss_scan(wpa_s, 0);
681 }
682 wpa_s->wpa_state = state;
683
684 #ifdef CONFIG_BGSCAN
685 if (state == WPA_COMPLETED)
686 wpa_supplicant_start_bgscan(wpa_s);
687 else
688 wpa_supplicant_stop_bgscan(wpa_s);
689 #endif /* CONFIG_BGSCAN */
690
691 if (state == WPA_AUTHENTICATING)
692 wpa_supplicant_stop_autoscan(wpa_s);
693
694 if (state == WPA_DISCONNECTED || state == WPA_INACTIVE)
695 wpa_supplicant_start_autoscan(wpa_s);
696
697 if (wpa_s->wpa_state != old_state) {
698 wpas_notify_state_changed(wpa_s, wpa_s->wpa_state, old_state);
699
700 if (wpa_s->wpa_state == WPA_COMPLETED ||
701 old_state == WPA_COMPLETED)
702 wpas_notify_auth_changed(wpa_s);
703 }
704 }
705
706
707 void wpa_supplicant_terminate_proc(struct wpa_global *global)
708 {
709 int pending = 0;
710 #ifdef CONFIG_WPS
711 struct wpa_supplicant *wpa_s = global->ifaces;
712 while (wpa_s) {
713 if (wpas_wps_terminate_pending(wpa_s) == 1)
714 pending = 1;
715 wpa_s = wpa_s->next;
716 }
717 #endif /* CONFIG_WPS */
718 if (pending)
719 return;
720 eloop_terminate();
721 }
722
723
724 static void wpa_supplicant_terminate(int sig, void *signal_ctx)
725 {
726 struct wpa_global *global = signal_ctx;
727 wpa_supplicant_terminate_proc(global);
728 }
729
730
731 void wpa_supplicant_clear_status(struct wpa_supplicant *wpa_s)
732 {
733 enum wpa_states old_state = wpa_s->wpa_state;
734
735 wpa_s->pairwise_cipher = 0;
736 wpa_s->group_cipher = 0;
737 wpa_s->mgmt_group_cipher = 0;
738 wpa_s->key_mgmt = 0;
739 if (wpa_s->wpa_state != WPA_INTERFACE_DISABLED)
740 wpa_supplicant_set_state(wpa_s, WPA_DISCONNECTED);
741
742 if (wpa_s->wpa_state != old_state)
743 wpas_notify_state_changed(wpa_s, wpa_s->wpa_state, old_state);
744 }
745
746
747 /**
748 * wpa_supplicant_reload_configuration - Reload configuration data
749 * @wpa_s: Pointer to wpa_supplicant data
750 * Returns: 0 on success or -1 if configuration parsing failed
751 *
752 * This function can be used to request that the configuration data is reloaded
753 * (e.g., after configuration file change). This function is reloading
754 * configuration only for one interface, so this may need to be called multiple
755 * times if %wpa_supplicant is controlling multiple interfaces and all
756 * interfaces need reconfiguration.
757 */
758 int wpa_supplicant_reload_configuration(struct wpa_supplicant *wpa_s)
759 {
760 struct wpa_config *conf;
761 int reconf_ctrl;
762 int old_ap_scan;
763
764 if (wpa_s->confname == NULL)
765 return -1;
766 conf = wpa_config_read(wpa_s->confname, NULL);
767 if (conf == NULL) {
768 wpa_msg(wpa_s, MSG_ERROR, "Failed to parse the configuration "
769 "file '%s' - exiting", wpa_s->confname);
770 return -1;
771 }
772 wpa_config_read(wpa_s->confanother, conf);
773
774 conf->changed_parameters = (unsigned int) -1;
775
776 reconf_ctrl = !!conf->ctrl_interface != !!wpa_s->conf->ctrl_interface
777 || (conf->ctrl_interface && wpa_s->conf->ctrl_interface &&
778 os_strcmp(conf->ctrl_interface,
779 wpa_s->conf->ctrl_interface) != 0);
780
781 if (reconf_ctrl && wpa_s->ctrl_iface) {
782 wpa_supplicant_ctrl_iface_deinit(wpa_s->ctrl_iface);
783 wpa_s->ctrl_iface = NULL;
784 }
785
786 eapol_sm_invalidate_cached_session(wpa_s->eapol);
787 if (wpa_s->current_ssid) {
788 wpa_supplicant_deauthenticate(wpa_s,
789 WLAN_REASON_DEAUTH_LEAVING);
790 }
791
792 /*
793 * TODO: should notify EAPOL SM about changes in opensc_engine_path,
794 * pkcs11_engine_path, pkcs11_module_path.
795 */
796 if (wpa_key_mgmt_wpa_psk(wpa_s->key_mgmt)) {
797 /*
798 * Clear forced success to clear EAP state for next
799 * authentication.
800 */
801 eapol_sm_notify_eap_success(wpa_s->eapol, FALSE);
802 }
803 eapol_sm_notify_config(wpa_s->eapol, NULL, NULL);
804 wpa_sm_set_config(wpa_s->wpa, NULL);
805 wpa_sm_pmksa_cache_flush(wpa_s->wpa, NULL);
806 wpa_sm_set_fast_reauth(wpa_s->wpa, wpa_s->conf->fast_reauth);
807 rsn_preauth_deinit(wpa_s->wpa);
808
809 old_ap_scan = wpa_s->conf->ap_scan;
810 wpa_config_free(wpa_s->conf);
811 wpa_s->conf = conf;
812 if (old_ap_scan != wpa_s->conf->ap_scan)
813 wpas_notify_ap_scan_changed(wpa_s);
814
815 if (reconf_ctrl)
816 wpa_s->ctrl_iface = wpa_supplicant_ctrl_iface_init(wpa_s);
817
818 wpa_supplicant_update_config(wpa_s);
819
820 wpa_supplicant_clear_status(wpa_s);
821 if (wpa_supplicant_enabled_networks(wpa_s)) {
822 wpa_s->reassociate = 1;
823 wpa_supplicant_req_scan(wpa_s, 0, 0);
824 }
825 wpa_dbg(wpa_s, MSG_DEBUG, "Reconfiguration completed");
826 return 0;
827 }
828
829
830 static void wpa_supplicant_reconfig(int sig, void *signal_ctx)
831 {
832 struct wpa_global *global = signal_ctx;
833 struct wpa_supplicant *wpa_s;
834 for (wpa_s = global->ifaces; wpa_s; wpa_s = wpa_s->next) {
835 wpa_dbg(wpa_s, MSG_DEBUG, "Signal %d received - reconfiguring",
836 sig);
837 if (wpa_supplicant_reload_configuration(wpa_s) < 0) {
838 wpa_supplicant_terminate_proc(global);
839 }
840 }
841 }
842
843
844 enum wpa_key_mgmt key_mgmt2driver(int key_mgmt)
845 {
846 switch (key_mgmt) {
847 case WPA_KEY_MGMT_NONE:
848 return KEY_MGMT_NONE;
849 case WPA_KEY_MGMT_IEEE8021X_NO_WPA:
850 return KEY_MGMT_802_1X_NO_WPA;
851 case WPA_KEY_MGMT_IEEE8021X:
852 return KEY_MGMT_802_1X;
853 case WPA_KEY_MGMT_WPA_NONE:
854 return KEY_MGMT_WPA_NONE;
855 case WPA_KEY_MGMT_FT_IEEE8021X:
856 return KEY_MGMT_FT_802_1X;
857 case WPA_KEY_MGMT_FT_PSK:
858 return KEY_MGMT_FT_PSK;
859 case WPA_KEY_MGMT_IEEE8021X_SHA256:
860 return KEY_MGMT_802_1X_SHA256;
861 case WPA_KEY_MGMT_PSK_SHA256:
862 return KEY_MGMT_PSK_SHA256;
863 case WPA_KEY_MGMT_WPS:
864 return KEY_MGMT_WPS;
865 case WPA_KEY_MGMT_PSK:
866 default:
867 return KEY_MGMT_PSK;
868 }
869 }
870
871
872 static int wpa_supplicant_suites_from_ai(struct wpa_supplicant *wpa_s,
873 struct wpa_ssid *ssid,
874 struct wpa_ie_data *ie)
875 {
876 int ret = wpa_sm_parse_own_wpa_ie(wpa_s->wpa, ie);
877 if (ret) {
878 if (ret == -2) {
879 wpa_msg(wpa_s, MSG_INFO, "WPA: Failed to parse WPA IE "
880 "from association info");
881 }
882 return -1;
883 }
884
885 wpa_dbg(wpa_s, MSG_DEBUG, "WPA: Using WPA IE from AssocReq to set "
886 "cipher suites");
887 if (!(ie->group_cipher & ssid->group_cipher)) {
888 wpa_msg(wpa_s, MSG_INFO, "WPA: Driver used disabled group "
889 "cipher 0x%x (mask 0x%x) - reject",
890 ie->group_cipher, ssid->group_cipher);
891 return -1;
892 }
893 if (!(ie->pairwise_cipher & ssid->pairwise_cipher)) {
894 wpa_msg(wpa_s, MSG_INFO, "WPA: Driver used disabled pairwise "
895 "cipher 0x%x (mask 0x%x) - reject",
896 ie->pairwise_cipher, ssid->pairwise_cipher);
897 return -1;
898 }
899 if (!(ie->key_mgmt & ssid->key_mgmt)) {
900 wpa_msg(wpa_s, MSG_INFO, "WPA: Driver used disabled key "
901 "management 0x%x (mask 0x%x) - reject",
902 ie->key_mgmt, ssid->key_mgmt);
903 return -1;
904 }
905
906 #ifdef CONFIG_IEEE80211W
907 if (!(ie->capabilities & WPA_CAPABILITY_MFPC) &&
908 (ssid->ieee80211w == MGMT_FRAME_PROTECTION_DEFAULT ?
909 wpa_s->conf->pmf : ssid->ieee80211w) ==
910 MGMT_FRAME_PROTECTION_REQUIRED) {
911 wpa_msg(wpa_s, MSG_INFO, "WPA: Driver associated with an AP "
912 "that does not support management frame protection - "
913 "reject");
914 return -1;
915 }
916 #endif /* CONFIG_IEEE80211W */
917
918 return 0;
919 }
920
921
922 /**
923 * wpa_supplicant_set_suites - Set authentication and encryption parameters
924 * @wpa_s: Pointer to wpa_supplicant data
925 * @bss: Scan results for the selected BSS, or %NULL if not available
926 * @ssid: Configuration data for the selected network
927 * @wpa_ie: Buffer for the WPA/RSN IE
928 * @wpa_ie_len: Maximum wpa_ie buffer size on input. This is changed to be the
929 * used buffer length in case the functions returns success.
930 * Returns: 0 on success or -1 on failure
931 *
932 * This function is used to configure authentication and encryption parameters
933 * based on the network configuration and scan result for the selected BSS (if
934 * available).
935 */
936 int wpa_supplicant_set_suites(struct wpa_supplicant *wpa_s,
937 struct wpa_bss *bss, struct wpa_ssid *ssid,
938 u8 *wpa_ie, size_t *wpa_ie_len)
939 {
940 struct wpa_ie_data ie;
941 int sel, proto;
942 const u8 *bss_wpa, *bss_rsn;
943
944 if (bss) {
945 bss_wpa = wpa_bss_get_vendor_ie(bss, WPA_IE_VENDOR_TYPE);
946 bss_rsn = wpa_bss_get_ie(bss, WLAN_EID_RSN);
947 } else
948 bss_wpa = bss_rsn = NULL;
949
950 if (bss_rsn && (ssid->proto & WPA_PROTO_RSN) &&
951 wpa_parse_wpa_ie(bss_rsn, 2 + bss_rsn[1], &ie) == 0 &&
952 (ie.group_cipher & ssid->group_cipher) &&
953 (ie.pairwise_cipher & ssid->pairwise_cipher) &&
954 (ie.key_mgmt & ssid->key_mgmt)) {
955 wpa_dbg(wpa_s, MSG_DEBUG, "RSN: using IEEE 802.11i/D9.0");
956 proto = WPA_PROTO_RSN;
957 } else if (bss_wpa && (ssid->proto & WPA_PROTO_WPA) &&
958 wpa_parse_wpa_ie(bss_wpa, 2 +bss_wpa[1], &ie) == 0 &&
959 (ie.group_cipher & ssid->group_cipher) &&
960 (ie.pairwise_cipher & ssid->pairwise_cipher) &&
961 (ie.key_mgmt & ssid->key_mgmt)) {
962 wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using IEEE 802.11i/D3.0");
963 proto = WPA_PROTO_WPA;
964 } else if (bss) {
965 wpa_msg(wpa_s, MSG_WARNING, "WPA: Failed to select WPA/RSN");
966 return -1;
967 } else {
968 if (ssid->proto & WPA_PROTO_RSN)
969 proto = WPA_PROTO_RSN;
970 else
971 proto = WPA_PROTO_WPA;
972 if (wpa_supplicant_suites_from_ai(wpa_s, ssid, &ie) < 0) {
973 os_memset(&ie, 0, sizeof(ie));
974 ie.group_cipher = ssid->group_cipher;
975 ie.pairwise_cipher = ssid->pairwise_cipher;
976 ie.key_mgmt = ssid->key_mgmt;
977 #ifdef CONFIG_IEEE80211W
978 ie.mgmt_group_cipher =
979 ssid->ieee80211w != NO_MGMT_FRAME_PROTECTION ?
980 WPA_CIPHER_AES_128_CMAC : 0;
981 #endif /* CONFIG_IEEE80211W */
982 wpa_dbg(wpa_s, MSG_DEBUG, "WPA: Set cipher suites "
983 "based on configuration");
984 } else
985 proto = ie.proto;
986 }
987
988 wpa_dbg(wpa_s, MSG_DEBUG, "WPA: Selected cipher suites: group %d "
989 "pairwise %d key_mgmt %d proto %d",
990 ie.group_cipher, ie.pairwise_cipher, ie.key_mgmt, proto);
991 #ifdef CONFIG_IEEE80211W
992 if (ssid->ieee80211w) {
993 wpa_dbg(wpa_s, MSG_DEBUG, "WPA: Selected mgmt group cipher %d",
994 ie.mgmt_group_cipher);
995 }
996 #endif /* CONFIG_IEEE80211W */
997
998 wpa_s->wpa_proto = proto;
999 wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_PROTO, proto);
1000 wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_RSN_ENABLED,
1001 !!(ssid->proto & WPA_PROTO_RSN));
1002
1003 if (bss || !wpa_s->ap_ies_from_associnfo) {
1004 if (wpa_sm_set_ap_wpa_ie(wpa_s->wpa, bss_wpa,
1005 bss_wpa ? 2 + bss_wpa[1] : 0) ||
1006 wpa_sm_set_ap_rsn_ie(wpa_s->wpa, bss_rsn,
1007 bss_rsn ? 2 + bss_rsn[1] : 0))
1008 return -1;
1009 }
1010
1011 sel = ie.group_cipher & ssid->group_cipher;
1012 wpa_s->group_cipher = wpa_pick_group_cipher(sel);
1013 if (wpa_s->group_cipher < 0) {
1014 wpa_msg(wpa_s, MSG_WARNING, "WPA: Failed to select group "
1015 "cipher");
1016 return -1;
1017 }
1018 wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using GTK %s",
1019 wpa_cipher_txt(wpa_s->group_cipher));
1020
1021 sel = ie.pairwise_cipher & ssid->pairwise_cipher;
1022 wpa_s->pairwise_cipher = wpa_pick_pairwise_cipher(sel, 1);
1023 if (wpa_s->pairwise_cipher < 0) {
1024 wpa_msg(wpa_s, MSG_WARNING, "WPA: Failed to select pairwise "
1025 "cipher");
1026 return -1;
1027 }
1028 wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using PTK %s",
1029 wpa_cipher_txt(wpa_s->pairwise_cipher));
1030
1031 sel = ie.key_mgmt & ssid->key_mgmt;
1032 #ifdef CONFIG_SAE
1033 if (!(wpa_s->drv_flags & WPA_DRIVER_FLAGS_SAE))
1034 sel &= ~(WPA_KEY_MGMT_SAE | WPA_KEY_MGMT_FT_SAE);
1035 #endif /* CONFIG_SAE */
1036 if (0) {
1037 #ifdef CONFIG_IEEE80211R
1038 } else if (sel & WPA_KEY_MGMT_FT_IEEE8021X) {
1039 wpa_s->key_mgmt = WPA_KEY_MGMT_FT_IEEE8021X;
1040 wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using KEY_MGMT FT/802.1X");
1041 } else if (sel & WPA_KEY_MGMT_FT_PSK) {
1042 wpa_s->key_mgmt = WPA_KEY_MGMT_FT_PSK;
1043 wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using KEY_MGMT FT/PSK");
1044 #endif /* CONFIG_IEEE80211R */
1045 #ifdef CONFIG_SAE
1046 } else if (sel & WPA_KEY_MGMT_SAE) {
1047 wpa_s->key_mgmt = WPA_KEY_MGMT_SAE;
1048 wpa_dbg(wpa_s, MSG_DEBUG, "RSN: using KEY_MGMT SAE");
1049 } else if (sel & WPA_KEY_MGMT_FT_SAE) {
1050 wpa_s->key_mgmt = WPA_KEY_MGMT_FT_SAE;
1051 wpa_dbg(wpa_s, MSG_DEBUG, "RSN: using KEY_MGMT FT/SAE");
1052 #endif /* CONFIG_SAE */
1053 #ifdef CONFIG_IEEE80211W
1054 } else if (sel & WPA_KEY_MGMT_IEEE8021X_SHA256) {
1055 wpa_s->key_mgmt = WPA_KEY_MGMT_IEEE8021X_SHA256;
1056 wpa_dbg(wpa_s, MSG_DEBUG,
1057 "WPA: using KEY_MGMT 802.1X with SHA256");
1058 } else if (sel & WPA_KEY_MGMT_PSK_SHA256) {
1059 wpa_s->key_mgmt = WPA_KEY_MGMT_PSK_SHA256;
1060 wpa_dbg(wpa_s, MSG_DEBUG,
1061 "WPA: using KEY_MGMT PSK with SHA256");
1062 #endif /* CONFIG_IEEE80211W */
1063 } else if (sel & WPA_KEY_MGMT_IEEE8021X) {
1064 wpa_s->key_mgmt = WPA_KEY_MGMT_IEEE8021X;
1065 wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using KEY_MGMT 802.1X");
1066 } else if (sel & WPA_KEY_MGMT_PSK) {
1067 wpa_s->key_mgmt = WPA_KEY_MGMT_PSK;
1068 wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using KEY_MGMT WPA-PSK");
1069 } else if (sel & WPA_KEY_MGMT_WPA_NONE) {
1070 wpa_s->key_mgmt = WPA_KEY_MGMT_WPA_NONE;
1071 wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using KEY_MGMT WPA-NONE");
1072 } else {
1073 wpa_msg(wpa_s, MSG_WARNING, "WPA: Failed to select "
1074 "authenticated key management type");
1075 return -1;
1076 }
1077
1078 wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_KEY_MGMT, wpa_s->key_mgmt);
1079 wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_PAIRWISE,
1080 wpa_s->pairwise_cipher);
1081 wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_GROUP, wpa_s->group_cipher);
1082
1083 #ifdef CONFIG_IEEE80211W
1084 sel = ie.mgmt_group_cipher;
1085 if ((ssid->ieee80211w == MGMT_FRAME_PROTECTION_DEFAULT ?
1086 wpa_s->conf->pmf : ssid->ieee80211w) == NO_MGMT_FRAME_PROTECTION ||
1087 !(ie.capabilities & WPA_CAPABILITY_MFPC))
1088 sel = 0;
1089 if (sel & WPA_CIPHER_AES_128_CMAC) {
1090 wpa_s->mgmt_group_cipher = WPA_CIPHER_AES_128_CMAC;
1091 wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using MGMT group cipher "
1092 "AES-128-CMAC");
1093 } else {
1094 wpa_s->mgmt_group_cipher = 0;
1095 wpa_dbg(wpa_s, MSG_DEBUG, "WPA: not using MGMT group cipher");
1096 }
1097 wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_MGMT_GROUP,
1098 wpa_s->mgmt_group_cipher);
1099 wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_MFP,
1100 (ssid->ieee80211w == MGMT_FRAME_PROTECTION_DEFAULT ?
1101 wpa_s->conf->pmf : ssid->ieee80211w));
1102 #endif /* CONFIG_IEEE80211W */
1103
1104 if (wpa_sm_set_assoc_wpa_ie_default(wpa_s->wpa, wpa_ie, wpa_ie_len)) {
1105 wpa_msg(wpa_s, MSG_WARNING, "WPA: Failed to generate WPA IE");
1106 return -1;
1107 }
1108
1109 if (wpa_key_mgmt_wpa_psk(ssid->key_mgmt)) {
1110 wpa_sm_set_pmk(wpa_s->wpa, ssid->psk, PMK_LEN);
1111 #ifndef CONFIG_NO_PBKDF2
1112 if (bss && ssid->bssid_set && ssid->ssid_len == 0 &&
1113 ssid->passphrase) {
1114 u8 psk[PMK_LEN];
1115 pbkdf2_sha1(ssid->passphrase, bss->ssid, bss->ssid_len,
1116 4096, psk, PMK_LEN);
1117 wpa_hexdump_key(MSG_MSGDUMP, "PSK (from passphrase)",
1118 psk, PMK_LEN);
1119 wpa_sm_set_pmk(wpa_s->wpa, psk, PMK_LEN);
1120 }
1121 #endif /* CONFIG_NO_PBKDF2 */
1122 #ifdef CONFIG_EXT_PASSWORD
1123 if (ssid->ext_psk) {
1124 struct wpabuf *pw = ext_password_get(wpa_s->ext_pw,
1125 ssid->ext_psk);
1126 char pw_str[64 + 1];
1127 u8 psk[PMK_LEN];
1128
1129 if (pw == NULL) {
1130 wpa_msg(wpa_s, MSG_INFO, "EXT PW: No PSK "
1131 "found from external storage");
1132 return -1;
1133 }
1134
1135 if (wpabuf_len(pw) < 8 || wpabuf_len(pw) > 64) {
1136 wpa_msg(wpa_s, MSG_INFO, "EXT PW: Unexpected "
1137 "PSK length %d in external storage",
1138 (int) wpabuf_len(pw));
1139 ext_password_free(pw);
1140 return -1;
1141 }
1142
1143 os_memcpy(pw_str, wpabuf_head(pw), wpabuf_len(pw));
1144 pw_str[wpabuf_len(pw)] = '\0';
1145
1146 #ifndef CONFIG_NO_PBKDF2
1147 if (wpabuf_len(pw) >= 8 && wpabuf_len(pw) < 64 && bss)
1148 {
1149 pbkdf2_sha1(pw_str, bss->ssid, bss->ssid_len,
1150 4096, psk, PMK_LEN);
1151 os_memset(pw_str, 0, sizeof(pw_str));
1152 wpa_hexdump_key(MSG_MSGDUMP, "PSK (from "
1153 "external passphrase)",
1154 psk, PMK_LEN);
1155 wpa_sm_set_pmk(wpa_s->wpa, psk, PMK_LEN);
1156 } else
1157 #endif /* CONFIG_NO_PBKDF2 */
1158 if (wpabuf_len(pw) == 2 * PMK_LEN) {
1159 if (hexstr2bin(pw_str, psk, PMK_LEN) < 0) {
1160 wpa_msg(wpa_s, MSG_INFO, "EXT PW: "
1161 "Invalid PSK hex string");
1162 os_memset(pw_str, 0, sizeof(pw_str));
1163 ext_password_free(pw);
1164 return -1;
1165 }
1166 wpa_sm_set_pmk(wpa_s->wpa, psk, PMK_LEN);
1167 } else {
1168 wpa_msg(wpa_s, MSG_INFO, "EXT PW: No suitable "
1169 "PSK available");
1170 os_memset(pw_str, 0, sizeof(pw_str));
1171 ext_password_free(pw);
1172 return -1;
1173 }
1174
1175 os_memset(pw_str, 0, sizeof(pw_str));
1176 ext_password_free(pw);
1177 }
1178 #endif /* CONFIG_EXT_PASSWORD */
1179 } else
1180 wpa_sm_set_pmk_from_pmksa(wpa_s->wpa);
1181
1182 return 0;
1183 }
1184
1185
1186 static void wpas_ext_capab_byte(struct wpa_supplicant *wpa_s, u8 *pos, int idx)
1187 {
1188 *pos = 0x00;
1189
1190 switch (idx) {
1191 case 0: /* Bits 0-7 */
1192 break;
1193 case 1: /* Bits 8-15 */
1194 break;
1195 case 2: /* Bits 16-23 */
1196 #ifdef CONFIG_WNM
1197 *pos |= 0x02; /* Bit 17 - WNM-Sleep Mode */
1198 *pos |= 0x08; /* Bit 19 - BSS Transition */
1199 #endif /* CONFIG_WNM */
1200 break;
1201 case 3: /* Bits 24-31 */
1202 #ifdef CONFIG_WNM
1203 *pos |= 0x02; /* Bit 25 - SSID List */
1204 #endif /* CONFIG_WNM */
1205 #ifdef CONFIG_INTERWORKING
1206 if (wpa_s->conf->interworking)
1207 *pos |= 0x80; /* Bit 31 - Interworking */
1208 #endif /* CONFIG_INTERWORKING */
1209 break;
1210 case 4: /* Bits 32-39 */
1211 break;
1212 case 5: /* Bits 40-47 */
1213 break;
1214 case 6: /* Bits 48-55 */
1215 break;
1216 }
1217 }
1218
1219
1220 int wpas_build_ext_capab(struct wpa_supplicant *wpa_s, u8 *buf)
1221 {
1222 u8 *pos = buf;
1223 u8 len = 4, i;
1224
1225 if (len < wpa_s->extended_capa_len)
1226 len = wpa_s->extended_capa_len;
1227
1228 *pos++ = WLAN_EID_EXT_CAPAB;
1229 *pos++ = len;
1230 for (i = 0; i < len; i++, pos++) {
1231 wpas_ext_capab_byte(wpa_s, pos, i);
1232
1233 if (i < wpa_s->extended_capa_len) {
1234 *pos &= ~wpa_s->extended_capa_mask[i];
1235 *pos |= wpa_s->extended_capa[i];
1236 }
1237 }
1238
1239 while (len > 0 && buf[1 + len] == 0) {
1240 len--;
1241 buf[1] = len;
1242 }
1243 if (len == 0)
1244 return 0;
1245
1246 return 2 + len;
1247 }
1248
1249
1250 /**
1251 * wpa_supplicant_associate - Request association
1252 * @wpa_s: Pointer to wpa_supplicant data
1253 * @bss: Scan results for the selected BSS, or %NULL if not available
1254 * @ssid: Configuration data for the selected network
1255 *
1256 * This function is used to request %wpa_supplicant to associate with a BSS.
1257 */
1258 void wpa_supplicant_associate(struct wpa_supplicant *wpa_s,
1259 struct wpa_bss *bss, struct wpa_ssid *ssid)
1260 {
1261 u8 wpa_ie[200];
1262 size_t wpa_ie_len;
1263 int use_crypt, ret, i, bssid_changed;
1264 int algs = WPA_AUTH_ALG_OPEN;
1265 enum wpa_cipher cipher_pairwise, cipher_group;
1266 struct wpa_driver_associate_params params;
1267 int wep_keys_set = 0;
1268 struct wpa_driver_capa capa;
1269 int assoc_failed = 0;
1270 struct wpa_ssid *old_ssid;
1271 u8 ext_capab[10];
1272 int ext_capab_len;
1273 #ifdef CONFIG_HT_OVERRIDES
1274 struct ieee80211_ht_capabilities htcaps;
1275 struct ieee80211_ht_capabilities htcaps_mask;
1276 #endif /* CONFIG_HT_OVERRIDES */
1277
1278 #ifdef CONFIG_IBSS_RSN
1279 ibss_rsn_deinit(wpa_s->ibss_rsn);
1280 wpa_s->ibss_rsn = NULL;
1281 #endif /* CONFIG_IBSS_RSN */
1282
1283 if (ssid->mode == WPAS_MODE_AP || ssid->mode == WPAS_MODE_P2P_GO ||
1284 ssid->mode == WPAS_MODE_P2P_GROUP_FORMATION) {
1285 #ifdef CONFIG_AP
1286 if (!(wpa_s->drv_flags & WPA_DRIVER_FLAGS_AP)) {
1287 wpa_msg(wpa_s, MSG_INFO, "Driver does not support AP "
1288 "mode");
1289 return;
1290 }
1291 if (wpa_supplicant_create_ap(wpa_s, ssid) < 0) {
1292 wpa_supplicant_set_state(wpa_s, WPA_DISCONNECTED);
1293 return;
1294 }
1295 wpa_s->current_bss = bss;
1296 #else /* CONFIG_AP */
1297 wpa_msg(wpa_s, MSG_ERROR, "AP mode support not included in "
1298 "the build");
1299 #endif /* CONFIG_AP */
1300 return;
1301 }
1302
1303 #ifdef CONFIG_TDLS
1304 if (bss)
1305 wpa_tdls_ap_ies(wpa_s->wpa, (const u8 *) (bss + 1),
1306 bss->ie_len);
1307 #endif /* CONFIG_TDLS */
1308
1309 if ((wpa_s->drv_flags & WPA_DRIVER_FLAGS_SME) &&
1310 ssid->mode == IEEE80211_MODE_INFRA) {
1311 sme_authenticate(wpa_s, bss, ssid);
1312 return;
1313 }
1314
1315 os_memset(&params, 0, sizeof(params));
1316 wpa_s->reassociate = 0;
1317 if (bss && !wpas_driver_bss_selection(wpa_s)) {
1318 #ifdef CONFIG_IEEE80211R
1319 const u8 *ie, *md = NULL;
1320 #endif /* CONFIG_IEEE80211R */
1321 wpa_msg(wpa_s, MSG_INFO, "Trying to associate with " MACSTR
1322 " (SSID='%s' freq=%d MHz)", MAC2STR(bss->bssid),
1323 wpa_ssid_txt(bss->ssid, bss->ssid_len), bss->freq);
1324 bssid_changed = !is_zero_ether_addr(wpa_s->bssid);
1325 os_memset(wpa_s->bssid, 0, ETH_ALEN);
1326 os_memcpy(wpa_s->pending_bssid, bss->bssid, ETH_ALEN);
1327 if (bssid_changed)
1328 wpas_notify_bssid_changed(wpa_s);
1329 #ifdef CONFIG_IEEE80211R
1330 ie = wpa_bss_get_ie(bss, WLAN_EID_MOBILITY_DOMAIN);
1331 if (ie && ie[1] >= MOBILITY_DOMAIN_ID_LEN)
1332 md = ie + 2;
1333 wpa_sm_set_ft_params(wpa_s->wpa, ie, ie ? 2 + ie[1] : 0);
1334 if (md) {
1335 /* Prepare for the next transition */
1336 wpa_ft_prepare_auth_request(wpa_s->wpa, ie);
1337 }
1338 #endif /* CONFIG_IEEE80211R */
1339 #ifdef CONFIG_WPS
1340 } else if ((ssid->ssid == NULL || ssid->ssid_len == 0) &&
1341 wpa_s->conf->ap_scan == 2 &&
1342 (ssid->key_mgmt & WPA_KEY_MGMT_WPS)) {
1343 /* Use ap_scan==1 style network selection to find the network
1344 */
1345 wpa_s->scan_req = MANUAL_SCAN_REQ;
1346 wpa_s->reassociate = 1;
1347 wpa_supplicant_req_scan(wpa_s, 0, 0);
1348 return;
1349 #endif /* CONFIG_WPS */
1350 } else {
1351 wpa_msg(wpa_s, MSG_INFO, "Trying to associate with SSID '%s'",
1352 wpa_ssid_txt(ssid->ssid, ssid->ssid_len));
1353 os_memset(wpa_s->pending_bssid, 0, ETH_ALEN);
1354 }
1355 wpa_supplicant_cancel_sched_scan(wpa_s);
1356 wpa_supplicant_cancel_scan(wpa_s);
1357
1358 /* Starting new association, so clear the possibly used WPA IE from the
1359 * previous association. */
1360 wpa_sm_set_assoc_wpa_ie(wpa_s->wpa, NULL, 0);
1361
1362 #ifdef IEEE8021X_EAPOL
1363 if (ssid->key_mgmt & WPA_KEY_MGMT_IEEE8021X_NO_WPA) {
1364 if (ssid->leap) {
1365 if (ssid->non_leap == 0)
1366 algs = WPA_AUTH_ALG_LEAP;
1367 else
1368 algs |= WPA_AUTH_ALG_LEAP;
1369 }
1370 }
1371 #endif /* IEEE8021X_EAPOL */
1372 wpa_dbg(wpa_s, MSG_DEBUG, "Automatic auth_alg selection: 0x%x", algs);
1373 if (ssid->auth_alg) {
1374 algs = ssid->auth_alg;
1375 wpa_dbg(wpa_s, MSG_DEBUG, "Overriding auth_alg selection: "
1376 "0x%x", algs);
1377 }
1378
1379 if (bss && (wpa_bss_get_vendor_ie(bss, WPA_IE_VENDOR_TYPE) ||
1380 wpa_bss_get_ie(bss, WLAN_EID_RSN)) &&
1381 wpa_key_mgmt_wpa(ssid->key_mgmt)) {
1382 int try_opportunistic;
1383 try_opportunistic = (ssid->proactive_key_caching < 0 ?
1384 wpa_s->conf->okc :
1385 ssid->proactive_key_caching) &&
1386 (ssid->proto & WPA_PROTO_RSN);
1387 if (pmksa_cache_set_current(wpa_s->wpa, NULL, bss->bssid,
1388 ssid, try_opportunistic) == 0)
1389 eapol_sm_notify_pmkid_attempt(wpa_s->eapol, 1);
1390 wpa_ie_len = sizeof(wpa_ie);
1391 if (wpa_supplicant_set_suites(wpa_s, bss, ssid,
1392 wpa_ie, &wpa_ie_len)) {
1393 wpa_msg(wpa_s, MSG_WARNING, "WPA: Failed to set WPA "
1394 "key management and encryption suites");
1395 return;
1396 }
1397 } else if ((ssid->key_mgmt & WPA_KEY_MGMT_IEEE8021X_NO_WPA) && bss &&
1398 wpa_key_mgmt_wpa_ieee8021x(ssid->key_mgmt)) {
1399 /*
1400 * Both WPA and non-WPA IEEE 802.1X enabled in configuration -
1401 * use non-WPA since the scan results did not indicate that the
1402 * AP is using WPA or WPA2.
1403 */
1404 wpa_supplicant_set_non_wpa_policy(wpa_s, ssid);
1405 wpa_ie_len = 0;
1406 wpa_s->wpa_proto = 0;
1407 } else if (wpa_key_mgmt_wpa_any(ssid->key_mgmt)) {
1408 wpa_ie_len = sizeof(wpa_ie);
1409 if (wpa_supplicant_set_suites(wpa_s, NULL, ssid,
1410 wpa_ie, &wpa_ie_len)) {
1411 wpa_msg(wpa_s, MSG_WARNING, "WPA: Failed to set WPA "
1412 "key management and encryption suites (no "
1413 "scan results)");
1414 return;
1415 }
1416 #ifdef CONFIG_WPS
1417 } else if (ssid->key_mgmt & WPA_KEY_MGMT_WPS) {
1418 struct wpabuf *wps_ie;
1419 wps_ie = wps_build_assoc_req_ie(wpas_wps_get_req_type(ssid));
1420 if (wps_ie && wpabuf_len(wps_ie) <= sizeof(wpa_ie)) {
1421 wpa_ie_len = wpabuf_len(wps_ie);
1422 os_memcpy(wpa_ie, wpabuf_head(wps_ie), wpa_ie_len);
1423 } else
1424 wpa_ie_len = 0;
1425 wpabuf_free(wps_ie);
1426 wpa_supplicant_set_non_wpa_policy(wpa_s, ssid);
1427 if (!bss || (bss->caps & IEEE80211_CAP_PRIVACY))
1428 params.wps = WPS_MODE_PRIVACY;
1429 else
1430 params.wps = WPS_MODE_OPEN;
1431 wpa_s->wpa_proto = 0;
1432 #endif /* CONFIG_WPS */
1433 } else {
1434 wpa_supplicant_set_non_wpa_policy(wpa_s, ssid);
1435 wpa_ie_len = 0;
1436 wpa_s->wpa_proto = 0;
1437 }
1438
1439 #ifdef CONFIG_P2P
1440 if (wpa_s->global->p2p) {
1441 u8 *pos;
1442 size_t len;
1443 int res;
1444 pos = wpa_ie + wpa_ie_len;
1445 len = sizeof(wpa_ie) - wpa_ie_len;
1446 res = wpas_p2p_assoc_req_ie(wpa_s, bss, pos, len,
1447 ssid->p2p_group);
1448 if (res >= 0)
1449 wpa_ie_len += res;
1450 }
1451
1452 wpa_s->cross_connect_disallowed = 0;
1453 if (bss) {
1454 struct wpabuf *p2p;
1455 p2p = wpa_bss_get_vendor_ie_multi(bss, P2P_IE_VENDOR_TYPE);
1456 if (p2p) {
1457 wpa_s->cross_connect_disallowed =
1458 p2p_get_cross_connect_disallowed(p2p);
1459 wpabuf_free(p2p);
1460 wpa_dbg(wpa_s, MSG_DEBUG, "P2P: WLAN AP %s cross "
1461 "connection",
1462 wpa_s->cross_connect_disallowed ?
1463 "disallows" : "allows");
1464 }
1465 }
1466 #endif /* CONFIG_P2P */
1467
1468 #ifdef CONFIG_HS20
1469 if (wpa_s->conf->hs20) {
1470 struct wpabuf *hs20;
1471 hs20 = wpabuf_alloc(20);
1472 if (hs20) {
1473 wpas_hs20_add_indication(hs20);
1474 os_memcpy(wpa_ie + wpa_ie_len, wpabuf_head(hs20),
1475 wpabuf_len(hs20));
1476 wpa_ie_len += wpabuf_len(hs20);
1477 wpabuf_free(hs20);
1478 }
1479 }
1480 #endif /* CONFIG_HS20 */
1481
1482 ext_capab_len = wpas_build_ext_capab(wpa_s, ext_capab);
1483 if (ext_capab_len > 0) {
1484 u8 *pos = wpa_ie;
1485 if (wpa_ie_len > 0 && pos[0] == WLAN_EID_RSN)
1486 pos += 2 + pos[1];
1487 os_memmove(pos + ext_capab_len, pos,
1488 wpa_ie_len - (pos - wpa_ie));
1489 wpa_ie_len += ext_capab_len;
1490 os_memcpy(pos, ext_capab, ext_capab_len);
1491 }
1492
1493 wpa_clear_keys(wpa_s, bss ? bss->bssid : NULL);
1494 use_crypt = 1;
1495 cipher_pairwise = wpa_cipher_to_suite_driver(wpa_s->pairwise_cipher);
1496 cipher_group = wpa_cipher_to_suite_driver(wpa_s->group_cipher);
1497 if (wpa_s->key_mgmt == WPA_KEY_MGMT_NONE ||
1498 wpa_s->key_mgmt == WPA_KEY_MGMT_IEEE8021X_NO_WPA) {
1499 if (wpa_s->key_mgmt == WPA_KEY_MGMT_NONE)
1500 use_crypt = 0;
1501 if (wpa_set_wep_keys(wpa_s, ssid)) {
1502 use_crypt = 1;
1503 wep_keys_set = 1;
1504 }
1505 }
1506 if (wpa_s->key_mgmt == WPA_KEY_MGMT_WPS)
1507 use_crypt = 0;
1508
1509 #ifdef IEEE8021X_EAPOL
1510 if (wpa_s->key_mgmt == WPA_KEY_MGMT_IEEE8021X_NO_WPA) {
1511 if ((ssid->eapol_flags &
1512 (EAPOL_FLAG_REQUIRE_KEY_UNICAST |
1513 EAPOL_FLAG_REQUIRE_KEY_BROADCAST)) == 0 &&
1514 !wep_keys_set) {
1515 use_crypt = 0;
1516 } else {
1517 /* Assume that dynamic WEP-104 keys will be used and
1518 * set cipher suites in order for drivers to expect
1519 * encryption. */
1520 cipher_pairwise = cipher_group = CIPHER_WEP104;
1521 }
1522 }
1523 #endif /* IEEE8021X_EAPOL */
1524
1525 if (wpa_s->key_mgmt == WPA_KEY_MGMT_WPA_NONE) {
1526 /* Set the key before (and later after) association */
1527 wpa_supplicant_set_wpa_none_key(wpa_s, ssid);
1528 }
1529
1530 wpa_supplicant_set_state(wpa_s, WPA_ASSOCIATING);
1531 if (bss) {
1532 params.ssid = bss->ssid;
1533 params.ssid_len = bss->ssid_len;
1534 if (!wpas_driver_bss_selection(wpa_s) || ssid->bssid_set) {
1535 wpa_printf(MSG_DEBUG, "Limit connection to BSSID "
1536 MACSTR " freq=%u MHz based on scan results "
1537 "(bssid_set=%d)",
1538 MAC2STR(bss->bssid), bss->freq,
1539 ssid->bssid_set);
1540 params.bssid = bss->bssid;
1541 params.freq = bss->freq;
1542 }
1543 } else {
1544 params.ssid = ssid->ssid;
1545 params.ssid_len = ssid->ssid_len;
1546 }
1547
1548 if (ssid->mode == WPAS_MODE_IBSS && ssid->bssid_set &&
1549 wpa_s->conf->ap_scan == 2) {
1550 params.bssid = ssid->bssid;
1551 params.fixed_bssid = 1;
1552 }
1553
1554 if (ssid->mode == WPAS_MODE_IBSS && ssid->frequency > 0 &&
1555 params.freq == 0)
1556 params.freq = ssid->frequency; /* Initial channel for IBSS */
1557 params.wpa_ie = wpa_ie;
1558 params.wpa_ie_len = wpa_ie_len;
1559 params.pairwise_suite = cipher_pairwise;
1560 params.group_suite = cipher_group;
1561 params.key_mgmt_suite = key_mgmt2driver(wpa_s->key_mgmt);
1562 params.wpa_proto = wpa_s->wpa_proto;
1563 params.auth_alg = algs;
1564 params.mode = ssid->mode;
1565 params.bg_scan_period = ssid->bg_scan_period;
1566 for (i = 0; i < NUM_WEP_KEYS; i++) {
1567 if (ssid->wep_key_len[i])
1568 params.wep_key[i] = ssid->wep_key[i];
1569 params.wep_key_len[i] = ssid->wep_key_len[i];
1570 }
1571 params.wep_tx_keyidx = ssid->wep_tx_keyidx;
1572
1573 if ((wpa_s->drv_flags & WPA_DRIVER_FLAGS_4WAY_HANDSHAKE) &&
1574 (params.key_mgmt_suite == KEY_MGMT_PSK ||
1575 params.key_mgmt_suite == KEY_MGMT_FT_PSK)) {
1576 params.passphrase = ssid->passphrase;
1577 if (ssid->psk_set)
1578 params.psk = ssid->psk;
1579 }
1580
1581 params.drop_unencrypted = use_crypt;
1582
1583 #ifdef CONFIG_IEEE80211W
1584 params.mgmt_frame_protection =
1585 ssid->ieee80211w == MGMT_FRAME_PROTECTION_DEFAULT ?
1586 wpa_s->conf->pmf : ssid->ieee80211w;
1587 if (params.mgmt_frame_protection != NO_MGMT_FRAME_PROTECTION && bss) {
1588 const u8 *rsn = wpa_bss_get_ie(bss, WLAN_EID_RSN);
1589 struct wpa_ie_data ie;
1590 if (rsn && wpa_parse_wpa_ie(rsn, 2 + rsn[1], &ie) == 0 &&
1591 ie.capabilities &
1592 (WPA_CAPABILITY_MFPC | WPA_CAPABILITY_MFPR)) {
1593 wpa_dbg(wpa_s, MSG_DEBUG, "WPA: Selected AP supports "
1594 "MFP: require MFP");
1595 params.mgmt_frame_protection =
1596 MGMT_FRAME_PROTECTION_REQUIRED;
1597 }
1598 }
1599 #endif /* CONFIG_IEEE80211W */
1600
1601 params.p2p = ssid->p2p_group;
1602
1603 if (wpa_s->parent->set_sta_uapsd)
1604 params.uapsd = wpa_s->parent->sta_uapsd;
1605 else
1606 params.uapsd = -1;
1607
1608 #ifdef CONFIG_HT_OVERRIDES
1609 os_memset(&htcaps, 0, sizeof(htcaps));
1610 os_memset(&htcaps_mask, 0, sizeof(htcaps_mask));
1611 params.htcaps = (u8 *) &htcaps;
1612 params.htcaps_mask = (u8 *) &htcaps_mask;
1613 wpa_supplicant_apply_ht_overrides(wpa_s, ssid, &params);
1614 #endif /* CONFIG_HT_OVERRIDES */
1615
1616 ret = wpa_drv_associate(wpa_s, &params);
1617 if (ret < 0) {
1618 wpa_msg(wpa_s, MSG_INFO, "Association request to the driver "
1619 "failed");
1620 if (wpa_s->drv_flags & WPA_DRIVER_FLAGS_SANE_ERROR_CODES) {
1621 /*
1622 * The driver is known to mean what is saying, so we
1623 * can stop right here; the association will not
1624 * succeed.
1625 */
1626 wpas_connection_failed(wpa_s, wpa_s->pending_bssid);
1627 wpa_supplicant_set_state(wpa_s, WPA_DISCONNECTED);
1628 os_memset(wpa_s->pending_bssid, 0, ETH_ALEN);
1629 return;
1630 }
1631 /* try to continue anyway; new association will be tried again
1632 * after timeout */
1633 assoc_failed = 1;
1634 }
1635
1636 if (wpa_s->key_mgmt == WPA_KEY_MGMT_WPA_NONE) {
1637 /* Set the key after the association just in case association
1638 * cleared the previously configured key. */
1639 wpa_supplicant_set_wpa_none_key(wpa_s, ssid);
1640 /* No need to timeout authentication since there is no key
1641 * management. */
1642 wpa_supplicant_cancel_auth_timeout(wpa_s);
1643 wpa_supplicant_set_state(wpa_s, WPA_COMPLETED);
1644 #ifdef CONFIG_IBSS_RSN
1645 } else if (ssid->mode == WPAS_MODE_IBSS &&
1646 wpa_s->key_mgmt != WPA_KEY_MGMT_NONE &&
1647 wpa_s->key_mgmt != WPA_KEY_MGMT_WPA_NONE) {
1648 /*
1649 * RSN IBSS authentication is per-STA and we can disable the
1650 * per-BSSID authentication.
1651 */
1652 wpa_supplicant_cancel_auth_timeout(wpa_s);
1653 #endif /* CONFIG_IBSS_RSN */
1654 } else {
1655 /* Timeout for IEEE 802.11 authentication and association */
1656 int timeout = 60;
1657
1658 if (assoc_failed) {
1659 /* give IBSS a bit more time */
1660 timeout = ssid->mode == WPAS_MODE_IBSS ? 10 : 5;
1661 } else if (wpa_s->conf->ap_scan == 1) {
1662 /* give IBSS a bit more time */
1663 timeout = ssid->mode == WPAS_MODE_IBSS ? 20 : 10;
1664 }
1665 wpa_supplicant_req_auth_timeout(wpa_s, timeout, 0);
1666 }
1667
1668 if (wep_keys_set && wpa_drv_get_capa(wpa_s, &capa) == 0 &&
1669 capa.flags & WPA_DRIVER_FLAGS_SET_KEYS_AFTER_ASSOC) {
1670 /* Set static WEP keys again */
1671 wpa_set_wep_keys(wpa_s, ssid);
1672 }
1673
1674 if (wpa_s->current_ssid && wpa_s->current_ssid != ssid) {
1675 /*
1676 * Do not allow EAP session resumption between different
1677 * network configurations.
1678 */
1679 eapol_sm_invalidate_cached_session(wpa_s->eapol);
1680 }
1681 old_ssid = wpa_s->current_ssid;
1682 wpa_s->current_ssid = ssid;
1683 wpa_s->current_bss = bss;
1684 wpa_supplicant_rsn_supp_set_config(wpa_s, wpa_s->current_ssid);
1685 wpa_supplicant_initiate_eapol(wpa_s);
1686 if (old_ssid != wpa_s->current_ssid)
1687 wpas_notify_network_changed(wpa_s);
1688 }
1689
1690
1691 static void wpa_supplicant_clear_connection(struct wpa_supplicant *wpa_s,
1692 const u8 *addr)
1693 {
1694 struct wpa_ssid *old_ssid;
1695
1696 wpa_clear_keys(wpa_s, addr);
1697 old_ssid = wpa_s->current_ssid;
1698 wpa_supplicant_mark_disassoc(wpa_s);
1699 wpa_sm_set_config(wpa_s->wpa, NULL);
1700 eapol_sm_notify_config(wpa_s->eapol, NULL, NULL);
1701 if (old_ssid != wpa_s->current_ssid)
1702 wpas_notify_network_changed(wpa_s);
1703 eloop_cancel_timeout(wpa_supplicant_timeout, wpa_s, NULL);
1704 }
1705
1706
1707 /**
1708 * wpa_supplicant_deauthenticate - Deauthenticate the current connection
1709 * @wpa_s: Pointer to wpa_supplicant data
1710 * @reason_code: IEEE 802.11 reason code for the deauthenticate frame
1711 *
1712 * This function is used to request %wpa_supplicant to deauthenticate from the
1713 * current AP.
1714 */
1715 void wpa_supplicant_deauthenticate(struct wpa_supplicant *wpa_s,
1716 int reason_code)
1717 {
1718 u8 *addr = NULL;
1719 union wpa_event_data event;
1720 int zero_addr = 0;
1721
1722 wpa_dbg(wpa_s, MSG_DEBUG, "Request to deauthenticate - bssid=" MACSTR
1723 " pending_bssid=" MACSTR " reason=%d state=%s",
1724 MAC2STR(wpa_s->bssid), MAC2STR(wpa_s->pending_bssid),
1725 reason_code, wpa_supplicant_state_txt(wpa_s->wpa_state));
1726
1727 if (!is_zero_ether_addr(wpa_s->bssid))
1728 addr = wpa_s->bssid;
1729 else if (!is_zero_ether_addr(wpa_s->pending_bssid) &&
1730 (wpa_s->wpa_state == WPA_AUTHENTICATING ||
1731 wpa_s->wpa_state == WPA_ASSOCIATING))
1732 addr = wpa_s->pending_bssid;
1733 else if (wpa_s->wpa_state == WPA_ASSOCIATING) {
1734 /*
1735 * When using driver-based BSS selection, we may not know the
1736 * BSSID with which we are currently trying to associate. We
1737 * need to notify the driver of this disconnection even in such
1738 * a case, so use the all zeros address here.
1739 */
1740 addr = wpa_s->bssid;
1741 zero_addr = 1;
1742 }
1743
1744 #ifdef CONFIG_TDLS
1745 wpa_tdls_teardown_peers(wpa_s->wpa);
1746 #endif /* CONFIG_TDLS */
1747
1748 if (addr) {
1749 wpa_drv_deauthenticate(wpa_s, addr, reason_code);
1750 os_memset(&event, 0, sizeof(event));
1751 event.deauth_info.reason_code = (u16) reason_code;
1752 event.deauth_info.locally_generated = 1;
1753 wpa_supplicant_event(wpa_s, EVENT_DEAUTH, &event);
1754 if (zero_addr)
1755 addr = NULL;
1756 }
1757
1758 wpa_supplicant_clear_connection(wpa_s, addr);
1759 }
1760
1761 static void wpa_supplicant_enable_one_network(struct wpa_supplicant *wpa_s,
1762 struct wpa_ssid *ssid)
1763 {
1764 if (!ssid || !ssid->disabled || ssid->disabled == 2)
1765 return;
1766
1767 ssid->disabled = 0;
1768 wpas_clear_temp_disabled(wpa_s, ssid, 1);
1769 wpas_notify_network_enabled_changed(wpa_s, ssid);
1770
1771 /*
1772 * Try to reassociate since there is no current configuration and a new
1773 * network was made available.
1774 */
1775 if (!wpa_s->current_ssid)
1776 wpa_s->reassociate = 1;
1777 }
1778
1779
1780 /**
1781 * wpa_supplicant_enable_network - Mark a configured network as enabled
1782 * @wpa_s: wpa_supplicant structure for a network interface
1783 * @ssid: wpa_ssid structure for a configured network or %NULL
1784 *
1785 * Enables the specified network or all networks if no network specified.
1786 */
1787 void wpa_supplicant_enable_network(struct wpa_supplicant *wpa_s,
1788 struct wpa_ssid *ssid)
1789 {
1790 if (ssid == NULL) {
1791 for (ssid = wpa_s->conf->ssid; ssid; ssid = ssid->next)
1792 wpa_supplicant_enable_one_network(wpa_s, ssid);
1793 } else
1794 wpa_supplicant_enable_one_network(wpa_s, ssid);
1795
1796 if (wpa_s->reassociate) {
1797 if (wpa_s->sched_scanning) {
1798 wpa_printf(MSG_DEBUG, "Stop ongoing sched_scan to add "
1799 "new network to scan filters");
1800 wpa_supplicant_cancel_sched_scan(wpa_s);
1801 }
1802
1803 wpa_supplicant_req_scan(wpa_s, 0, 0);
1804 }
1805 }
1806
1807
1808 /**
1809 * wpa_supplicant_disable_network - Mark a configured network as disabled
1810 * @wpa_s: wpa_supplicant structure for a network interface
1811 * @ssid: wpa_ssid structure for a configured network or %NULL
1812 *
1813 * Disables the specified network or all networks if no network specified.
1814 */
1815 void wpa_supplicant_disable_network(struct wpa_supplicant *wpa_s,
1816 struct wpa_ssid *ssid)
1817 {
1818 struct wpa_ssid *other_ssid;
1819 int was_disabled;
1820
1821 if (ssid == NULL) {
1822 if (wpa_s->sched_scanning)
1823 wpa_supplicant_cancel_sched_scan(wpa_s);
1824
1825 for (other_ssid = wpa_s->conf->ssid; other_ssid;
1826 other_ssid = other_ssid->next) {
1827 was_disabled = other_ssid->disabled;
1828 if (was_disabled == 2)
1829 continue; /* do not change persistent P2P group
1830 * data */
1831
1832 other_ssid->disabled = 1;
1833
1834 if (was_disabled != other_ssid->disabled)
1835 wpas_notify_network_enabled_changed(
1836 wpa_s, other_ssid);
1837 }
1838 if (wpa_s->current_ssid)
1839 wpa_supplicant_deauthenticate(
1840 wpa_s, WLAN_REASON_DEAUTH_LEAVING);
1841 } else if (ssid->disabled != 2) {
1842 if (ssid == wpa_s->current_ssid)
1843 wpa_supplicant_deauthenticate(
1844 wpa_s, WLAN_REASON_DEAUTH_LEAVING);
1845
1846 was_disabled = ssid->disabled;
1847
1848 ssid->disabled = 1;
1849
1850 if (was_disabled != ssid->disabled) {
1851 wpas_notify_network_enabled_changed(wpa_s, ssid);
1852 if (wpa_s->sched_scanning) {
1853 wpa_printf(MSG_DEBUG, "Stop ongoing sched_scan "
1854 "to remove network from filters");
1855 wpa_supplicant_cancel_sched_scan(wpa_s);
1856 wpa_supplicant_req_scan(wpa_s, 0, 0);
1857 }
1858 }
1859 }
1860 }
1861
1862
1863 /**
1864 * wpa_supplicant_select_network - Attempt association with a network
1865 * @wpa_s: wpa_supplicant structure for a network interface
1866 * @ssid: wpa_ssid structure for a configured network or %NULL for any network
1867 */
1868 void wpa_supplicant_select_network(struct wpa_supplicant *wpa_s,
1869 struct wpa_ssid *ssid)
1870 {
1871
1872 struct wpa_ssid *other_ssid;
1873 int disconnected = 0;
1874
1875 if (ssid && ssid != wpa_s->current_ssid && wpa_s->current_ssid) {
1876 wpa_supplicant_deauthenticate(
1877 wpa_s, WLAN_REASON_DEAUTH_LEAVING);
1878 disconnected = 1;
1879 }
1880
1881 if (ssid)
1882 wpas_clear_temp_disabled(wpa_s, ssid, 1);
1883
1884 /*
1885 * Mark all other networks disabled or mark all networks enabled if no
1886 * network specified.
1887 */
1888 for (other_ssid = wpa_s->conf->ssid; other_ssid;
1889 other_ssid = other_ssid->next) {
1890 int was_disabled = other_ssid->disabled;
1891 if (was_disabled == 2)
1892 continue; /* do not change persistent P2P group data */
1893
1894 other_ssid->disabled = ssid ? (ssid->id != other_ssid->id) : 0;
1895 if (was_disabled && !other_ssid->disabled)
1896 wpas_clear_temp_disabled(wpa_s, other_ssid, 0);
1897
1898 if (was_disabled != other_ssid->disabled)
1899 wpas_notify_network_enabled_changed(wpa_s, other_ssid);
1900 }
1901
1902 if (ssid && ssid == wpa_s->current_ssid && wpa_s->current_ssid) {
1903 /* We are already associated with the selected network */
1904 wpa_printf(MSG_DEBUG, "Already associated with the "
1905 "selected network - do nothing");
1906 return;
1907 }
1908
1909 if (ssid)
1910 wpa_s->current_ssid = ssid;
1911 wpa_s->connect_without_scan = NULL;
1912 wpa_s->disconnected = 0;
1913 wpa_s->reassociate = 1;
1914
1915 if (wpa_supplicant_fast_associate(wpa_s) != 1)
1916 wpa_supplicant_req_scan(wpa_s, 0, disconnected ? 100000 : 0);
1917
1918 if (ssid)
1919 wpas_notify_network_selected(wpa_s, ssid);
1920 }
1921
1922
1923 /**
1924 * wpa_supplicant_set_ap_scan - Set AP scan mode for interface
1925 * @wpa_s: wpa_supplicant structure for a network interface
1926 * @ap_scan: AP scan mode
1927 * Returns: 0 if succeed or -1 if ap_scan has an invalid value
1928 *
1929 */
1930 int wpa_supplicant_set_ap_scan(struct wpa_supplicant *wpa_s, int ap_scan)
1931 {
1932
1933 int old_ap_scan;
1934
1935 if (ap_scan < 0 || ap_scan > 2)
1936 return -1;
1937
1938 #ifdef ANDROID
1939 if (ap_scan == 2 && ap_scan != wpa_s->conf->ap_scan &&
1940 wpa_s->wpa_state >= WPA_ASSOCIATING &&
1941 wpa_s->wpa_state < WPA_COMPLETED) {
1942 wpa_printf(MSG_ERROR, "ap_scan = %d (%d) rejected while "
1943 "associating", wpa_s->conf->ap_scan, ap_scan);
1944 return 0;
1945 }
1946 #endif /* ANDROID */
1947
1948 old_ap_scan = wpa_s->conf->ap_scan;
1949 wpa_s->conf->ap_scan = ap_scan;
1950
1951 if (old_ap_scan != wpa_s->conf->ap_scan)
1952 wpas_notify_ap_scan_changed(wpa_s);
1953
1954 return 0;
1955 }
1956
1957
1958 /**
1959 * wpa_supplicant_set_bss_expiration_age - Set BSS entry expiration age
1960 * @wpa_s: wpa_supplicant structure for a network interface
1961 * @expire_age: Expiration age in seconds
1962 * Returns: 0 if succeed or -1 if expire_age has an invalid value
1963 *
1964 */
1965 int wpa_supplicant_set_bss_expiration_age(struct wpa_supplicant *wpa_s,
1966 unsigned int bss_expire_age)
1967 {
1968 if (bss_expire_age < 10) {
1969 wpa_msg(wpa_s, MSG_ERROR, "Invalid bss expiration age %u",
1970 bss_expire_age);
1971 return -1;
1972 }
1973 wpa_msg(wpa_s, MSG_DEBUG, "Setting bss expiration age: %d sec",
1974 bss_expire_age);
1975 wpa_s->conf->bss_expiration_age = bss_expire_age;
1976
1977 return 0;
1978 }
1979
1980
1981 /**
1982 * wpa_supplicant_set_bss_expiration_count - Set BSS entry expiration scan count
1983 * @wpa_s: wpa_supplicant structure for a network interface
1984 * @expire_count: number of scans after which an unseen BSS is reclaimed
1985 * Returns: 0 if succeed or -1 if expire_count has an invalid value
1986 *
1987 */
1988 int wpa_supplicant_set_bss_expiration_count(struct wpa_supplicant *wpa_s,
1989 unsigned int bss_expire_count)
1990 {
1991 if (bss_expire_count < 1) {
1992 wpa_msg(wpa_s, MSG_ERROR, "Invalid bss expiration count %u",
1993 bss_expire_count);
1994 return -1;
1995 }
1996 wpa_msg(wpa_s, MSG_DEBUG, "Setting bss expiration scan count: %u",
1997 bss_expire_count);
1998 wpa_s->conf->bss_expiration_scan_count = bss_expire_count;
1999
2000 return 0;
2001 }
2002
2003
2004 /**
2005 * wpa_supplicant_set_scan_interval - Set scan interval
2006 * @wpa_s: wpa_supplicant structure for a network interface
2007 * @scan_interval: scan interval in seconds
2008 * Returns: 0 if succeed or -1 if scan_interval has an invalid value
2009 *
2010 */
2011 int wpa_supplicant_set_scan_interval(struct wpa_supplicant *wpa_s,
2012 int scan_interval)
2013 {
2014 if (scan_interval < 0) {
2015 wpa_msg(wpa_s, MSG_ERROR, "Invalid scan interval %d",
2016 scan_interval);
2017 return -1;
2018 }
2019 wpa_msg(wpa_s, MSG_DEBUG, "Setting scan interval: %d sec",
2020 scan_interval);
2021 wpa_supplicant_update_scan_int(wpa_s, scan_interval);
2022
2023 return 0;
2024 }
2025
2026
2027 /**
2028 * wpa_supplicant_set_debug_params - Set global debug params
2029 * @global: wpa_global structure
2030 * @debug_level: debug level
2031 * @debug_timestamp: determines if show timestamp in debug data
2032 * @debug_show_keys: determines if show keys in debug data
2033 * Returns: 0 if succeed or -1 if debug_level has wrong value
2034 */
2035 int wpa_supplicant_set_debug_params(struct wpa_global *global, int debug_level,
2036 int debug_timestamp, int debug_show_keys)
2037 {
2038
2039 int old_level, old_timestamp, old_show_keys;
2040
2041 /* check for allowed debuglevels */
2042 if (debug_level != MSG_EXCESSIVE &&
2043 debug_level != MSG_MSGDUMP &&
2044 debug_level != MSG_DEBUG &&
2045 debug_level != MSG_INFO &&
2046 debug_level != MSG_WARNING &&
2047 debug_level != MSG_ERROR)
2048 return -1;
2049
2050 old_level = wpa_debug_level;
2051 old_timestamp = wpa_debug_timestamp;
2052 old_show_keys = wpa_debug_show_keys;
2053
2054 wpa_debug_level = debug_level;
2055 wpa_debug_timestamp = debug_timestamp ? 1 : 0;
2056 wpa_debug_show_keys = debug_show_keys ? 1 : 0;
2057
2058 if (wpa_debug_level != old_level)
2059 wpas_notify_debug_level_changed(global);
2060 if (wpa_debug_timestamp != old_timestamp)
2061 wpas_notify_debug_timestamp_changed(global);
2062 if (wpa_debug_show_keys != old_show_keys)
2063 wpas_notify_debug_show_keys_changed(global);
2064
2065 return 0;
2066 }
2067
2068
2069 /**
2070 * wpa_supplicant_get_ssid - Get a pointer to the current network structure
2071 * @wpa_s: Pointer to wpa_supplicant data
2072 * Returns: A pointer to the current network structure or %NULL on failure
2073 */
2074 struct wpa_ssid * wpa_supplicant_get_ssid(struct wpa_supplicant *wpa_s)
2075 {
2076 struct wpa_ssid *entry;
2077 u8 ssid[MAX_SSID_LEN];
2078 int res;
2079 size_t ssid_len;
2080 u8 bssid[ETH_ALEN];
2081 int wired;
2082
2083 res = wpa_drv_get_ssid(wpa_s, ssid);
2084 if (res < 0) {
2085 wpa_msg(wpa_s, MSG_WARNING, "Could not read SSID from "
2086 "driver");
2087 return NULL;
2088 }
2089 ssid_len = res;
2090
2091 if (wpa_drv_get_bssid(wpa_s, bssid) < 0) {
2092 wpa_msg(wpa_s, MSG_WARNING, "Could not read BSSID from "
2093 "driver");
2094 return NULL;
2095 }
2096
2097 wired = wpa_s->conf->ap_scan == 0 &&
2098 (wpa_s->drv_flags & WPA_DRIVER_FLAGS_WIRED);
2099
2100 entry = wpa_s->conf->ssid;
2101 while (entry) {
2102 if (!wpas_network_disabled(wpa_s, entry) &&
2103 ((ssid_len == entry->ssid_len &&
2104 os_memcmp(ssid, entry->ssid, ssid_len) == 0) || wired) &&
2105 (!entry->bssid_set ||
2106 os_memcmp(bssid, entry->bssid, ETH_ALEN) == 0))
2107 return entry;
2108 #ifdef CONFIG_WPS
2109 if (!wpas_network_disabled(wpa_s, entry) &&
2110 (entry->key_mgmt & WPA_KEY_MGMT_WPS) &&
2111 (entry->ssid == NULL || entry->ssid_len == 0) &&
2112 (!entry->bssid_set ||
2113 os_memcmp(bssid, entry->bssid, ETH_ALEN) == 0))
2114 return entry;
2115 #endif /* CONFIG_WPS */
2116
2117 if (!wpas_network_disabled(wpa_s, entry) && entry->bssid_set &&
2118 entry->ssid_len == 0 &&
2119 os_memcmp(bssid, entry->bssid, ETH_ALEN) == 0)
2120 return entry;
2121
2122 entry = entry->next;
2123 }
2124
2125 return NULL;
2126 }
2127
2128
2129 static int select_driver(struct wpa_supplicant *wpa_s, int i)
2130 {
2131 struct wpa_global *global = wpa_s->global;
2132
2133 if (wpa_drivers[i]->global_init && global->drv_priv[i] == NULL) {
2134 global->drv_priv[i] = wpa_drivers[i]->global_init();
2135 if (global->drv_priv[i] == NULL) {
2136 wpa_printf(MSG_ERROR, "Failed to initialize driver "
2137 "'%s'", wpa_drivers[i]->name);
2138 return -1;
2139 }
2140 }
2141
2142 wpa_s->driver = wpa_drivers[i];
2143 wpa_s->global_drv_priv = global->drv_priv[i];
2144
2145 return 0;
2146 }
2147
2148
2149 static int wpa_supplicant_set_driver(struct wpa_supplicant *wpa_s,
2150 const char *name)
2151 {
2152 int i;
2153 size_t len;
2154 const char *pos, *driver = name;
2155
2156 if (wpa_s == NULL)
2157 return -1;
2158
2159 if (wpa_drivers[0] == NULL) {
2160 wpa_msg(wpa_s, MSG_ERROR, "No driver interfaces build into "
2161 "wpa_supplicant");
2162 return -1;
2163 }
2164
2165 if (name == NULL) {
2166 /* default to first driver in the list */
2167 return select_driver(wpa_s, 0);
2168 }
2169
2170 do {
2171 pos = os_strchr(driver, ',');
2172 if (pos)
2173 len = pos - driver;
2174 else
2175 len = os_strlen(driver);
2176
2177 for (i = 0; wpa_drivers[i]; i++) {
2178 if (os_strlen(wpa_drivers[i]->name) == len &&
2179 os_strncmp(driver, wpa_drivers[i]->name, len) ==
2180 0) {
2181 /* First driver that succeeds wins */
2182 if (select_driver(wpa_s, i) == 0)
2183 return 0;
2184 }
2185 }
2186
2187 driver = pos + 1;
2188 } while (pos);
2189
2190 wpa_msg(wpa_s, MSG_ERROR, "Unsupported driver '%s'", name);
2191 return -1;
2192 }
2193
2194
2195 /**
2196 * wpa_supplicant_rx_eapol - Deliver a received EAPOL frame to wpa_supplicant
2197 * @ctx: Context pointer (wpa_s); this is the ctx variable registered
2198 * with struct wpa_driver_ops::init()
2199 * @src_addr: Source address of the EAPOL frame
2200 * @buf: EAPOL data starting from the EAPOL header (i.e., no Ethernet header)
2201 * @len: Length of the EAPOL data
2202 *
2203 * This function is called for each received EAPOL frame. Most driver
2204 * interfaces rely on more generic OS mechanism for receiving frames through
2205 * l2_packet, but if such a mechanism is not available, the driver wrapper may
2206 * take care of received EAPOL frames and deliver them to the core supplicant
2207 * code by calling this function.
2208 */
2209 void wpa_supplicant_rx_eapol(void *ctx, const u8 *src_addr,
2210 const u8 *buf, size_t len)
2211 {
2212 struct wpa_supplicant *wpa_s = ctx;
2213
2214 wpa_dbg(wpa_s, MSG_DEBUG, "RX EAPOL from " MACSTR, MAC2STR(src_addr));
2215 wpa_hexdump(MSG_MSGDUMP, "RX EAPOL", buf, len);
2216
2217 if (wpa_s->wpa_state < WPA_ASSOCIATED ||
2218 (wpa_s->last_eapol_matches_bssid &&
2219 #ifdef CONFIG_AP
2220 !wpa_s->ap_iface &&
2221 #endif /* CONFIG_AP */
2222 os_memcmp(src_addr, wpa_s->bssid, ETH_ALEN) != 0)) {
2223 /*
2224 * There is possible race condition between receiving the
2225 * association event and the EAPOL frame since they are coming
2226 * through different paths from the driver. In order to avoid
2227 * issues in trying to process the EAPOL frame before receiving
2228 * association information, lets queue it for processing until
2229 * the association event is received. This may also be needed in
2230 * driver-based roaming case, so also use src_addr != BSSID as a
2231 * trigger if we have previously confirmed that the
2232 * Authenticator uses BSSID as the src_addr (which is not the
2233 * case with wired IEEE 802.1X).
2234 */
2235 wpa_dbg(wpa_s, MSG_DEBUG, "Not associated - Delay processing "
2236 "of received EAPOL frame (state=%s bssid=" MACSTR ")",
2237 wpa_supplicant_state_txt(wpa_s->wpa_state),
2238 MAC2STR(wpa_s->bssid));
2239 wpabuf_free(wpa_s->pending_eapol_rx);
2240 wpa_s->pending_eapol_rx = wpabuf_alloc_copy(buf, len);
2241 if (wpa_s->pending_eapol_rx) {
2242 os_get_time(&wpa_s->pending_eapol_rx_time);
2243 os_memcpy(wpa_s->pending_eapol_rx_src, src_addr,
2244 ETH_ALEN);
2245 }
2246 return;
2247 }
2248
2249 wpa_s->last_eapol_matches_bssid =
2250 os_memcmp(src_addr, wpa_s->bssid, ETH_ALEN) == 0;
2251
2252 #ifdef CONFIG_AP
2253 if (wpa_s->ap_iface) {
2254 wpa_supplicant_ap_rx_eapol(wpa_s, src_addr, buf, len);
2255 return;
2256 }
2257 #endif /* CONFIG_AP */
2258
2259 if (wpa_s->key_mgmt == WPA_KEY_MGMT_NONE) {
2260 wpa_dbg(wpa_s, MSG_DEBUG, "Ignored received EAPOL frame since "
2261 "no key management is configured");
2262 return;
2263 }
2264
2265 if (wpa_s->eapol_received == 0 &&
2266 (!(wpa_s->drv_flags & WPA_DRIVER_FLAGS_4WAY_HANDSHAKE) ||
2267 !wpa_key_mgmt_wpa_psk(wpa_s->key_mgmt) ||
2268 wpa_s->wpa_state != WPA_COMPLETED) &&
2269 (wpa_s->current_ssid == NULL ||
2270 wpa_s->current_ssid->mode != IEEE80211_MODE_IBSS)) {
2271 /* Timeout for completing IEEE 802.1X and WPA authentication */
2272 wpa_supplicant_req_auth_timeout(
2273 wpa_s,
2274 (wpa_key_mgmt_wpa_ieee8021x(wpa_s->key_mgmt) ||
2275 wpa_s->key_mgmt == WPA_KEY_MGMT_IEEE8021X_NO_WPA ||
2276 wpa_s->key_mgmt == WPA_KEY_MGMT_WPS) ?
2277 70 : 10, 0);
2278 }
2279 wpa_s->eapol_received++;
2280
2281 if (wpa_s->countermeasures) {
2282 wpa_msg(wpa_s, MSG_INFO, "WPA: Countermeasures - dropped "
2283 "EAPOL packet");
2284 return;
2285 }
2286
2287 #ifdef CONFIG_IBSS_RSN
2288 if (wpa_s->current_ssid &&
2289 wpa_s->current_ssid->mode == WPAS_MODE_IBSS) {
2290 ibss_rsn_rx_eapol(wpa_s->ibss_rsn, src_addr, buf, len);
2291 return;
2292 }
2293 #endif /* CONFIG_IBSS_RSN */
2294
2295 /* Source address of the incoming EAPOL frame could be compared to the
2296 * current BSSID. However, it is possible that a centralized
2297 * Authenticator could be using another MAC address than the BSSID of
2298 * an AP, so just allow any address to be used for now. The replies are
2299 * still sent to the current BSSID (if available), though. */
2300
2301 os_memcpy(wpa_s->last_eapol_src, src_addr, ETH_ALEN);
2302 if (!wpa_key_mgmt_wpa_psk(wpa_s->key_mgmt) &&
2303 eapol_sm_rx_eapol(wpa_s->eapol, src_addr, buf, len) > 0)
2304 return;
2305 wpa_drv_poll(wpa_s);
2306 if (!(wpa_s->drv_flags & WPA_DRIVER_FLAGS_4WAY_HANDSHAKE))
2307 wpa_sm_rx_eapol(wpa_s->wpa, src_addr, buf, len);
2308 else if (wpa_key_mgmt_wpa_ieee8021x(wpa_s->key_mgmt)) {
2309 /*
2310 * Set portValid = TRUE here since we are going to skip 4-way
2311 * handshake processing which would normally set portValid. We
2312 * need this to allow the EAPOL state machines to be completed
2313 * without going through EAPOL-Key handshake.
2314 */
2315 eapol_sm_notify_portValid(wpa_s->eapol, TRUE);
2316 }
2317 }
2318
2319
2320 int wpa_supplicant_update_mac_addr(struct wpa_supplicant *wpa_s)
2321 {
2322 if (wpa_s->driver->send_eapol) {
2323 const u8 *addr = wpa_drv_get_mac_addr(wpa_s);
2324 if (addr)
2325 os_memcpy(wpa_s->own_addr, addr, ETH_ALEN);
2326 } else if (!(wpa_s->drv_flags &
2327 WPA_DRIVER_FLAGS_P2P_DEDICATED_INTERFACE)) {
2328 l2_packet_deinit(wpa_s->l2);
2329 wpa_s->l2 = l2_packet_init(wpa_s->ifname,
2330 wpa_drv_get_mac_addr(wpa_s),
2331 ETH_P_EAPOL,
2332 wpa_supplicant_rx_eapol, wpa_s, 0);
2333 if (wpa_s->l2 == NULL)
2334 return -1;
2335 } else {
2336 const u8 *addr = wpa_drv_get_mac_addr(wpa_s);
2337 if (addr)
2338 os_memcpy(wpa_s->own_addr, addr, ETH_ALEN);
2339 }
2340
2341 if (wpa_s->l2 && l2_packet_get_own_addr(wpa_s->l2, wpa_s->own_addr)) {
2342 wpa_msg(wpa_s, MSG_ERROR, "Failed to get own L2 address");
2343 return -1;
2344 }
2345
2346 wpa_dbg(wpa_s, MSG_DEBUG, "Own MAC address: " MACSTR,
2347 MAC2STR(wpa_s->own_addr));
2348 wpa_sm_set_own_addr(wpa_s->wpa, wpa_s->own_addr);
2349
2350 return 0;
2351 }
2352
2353
2354 static void wpa_supplicant_rx_eapol_bridge(void *ctx, const u8 *src_addr,
2355 const u8 *buf, size_t len)
2356 {
2357 struct wpa_supplicant *wpa_s = ctx;
2358 const struct l2_ethhdr *eth;
2359
2360 if (len < sizeof(*eth))
2361 return;
2362 eth = (const struct l2_ethhdr *) buf;
2363
2364 if (os_memcmp(eth->h_dest, wpa_s->own_addr, ETH_ALEN) != 0 &&
2365 !(eth->h_dest[0] & 0x01)) {
2366 wpa_dbg(wpa_s, MSG_DEBUG, "RX EAPOL from " MACSTR " to " MACSTR
2367 " (bridge - not for this interface - ignore)",
2368 MAC2STR(src_addr), MAC2STR(eth->h_dest));
2369 return;
2370 }
2371
2372 wpa_dbg(wpa_s, MSG_DEBUG, "RX EAPOL from " MACSTR " to " MACSTR
2373 " (bridge)", MAC2STR(src_addr), MAC2STR(eth->h_dest));
2374 wpa_supplicant_rx_eapol(wpa_s, src_addr, buf + sizeof(*eth),
2375 len - sizeof(*eth));
2376 }
2377
2378
2379 /**
2380 * wpa_supplicant_driver_init - Initialize driver interface parameters
2381 * @wpa_s: Pointer to wpa_supplicant data
2382 * Returns: 0 on success, -1 on failure
2383 *
2384 * This function is called to initialize driver interface parameters.
2385 * wpa_drv_init() must have been called before this function to initialize the
2386 * driver interface.
2387 */
2388 int wpa_supplicant_driver_init(struct wpa_supplicant *wpa_s)
2389 {
2390 static int interface_count = 0;
2391
2392 if (wpa_supplicant_update_mac_addr(wpa_s) < 0)
2393 return -1;
2394
2395 if (wpa_s->bridge_ifname[0]) {
2396 wpa_dbg(wpa_s, MSG_DEBUG, "Receiving packets from bridge "
2397 "interface '%s'", wpa_s->bridge_ifname);
2398 wpa_s->l2_br = l2_packet_init(wpa_s->bridge_ifname,
2399 wpa_s->own_addr,
2400 ETH_P_EAPOL,
2401 wpa_supplicant_rx_eapol_bridge,
2402 wpa_s, 1);
2403 if (wpa_s->l2_br == NULL) {
2404 wpa_msg(wpa_s, MSG_ERROR, "Failed to open l2_packet "
2405 "connection for the bridge interface '%s'",
2406 wpa_s->bridge_ifname);
2407 return -1;
2408 }
2409 }
2410
2411 wpa_clear_keys(wpa_s, NULL);
2412
2413 /* Make sure that TKIP countermeasures are not left enabled (could
2414 * happen if wpa_supplicant is killed during countermeasures. */
2415 wpa_drv_set_countermeasures(wpa_s, 0);
2416
2417 wpa_dbg(wpa_s, MSG_DEBUG, "RSN: flushing PMKID list in the driver");
2418 wpa_drv_flush_pmkid(wpa_s);
2419
2420 wpa_s->prev_scan_ssid = WILDCARD_SSID_SCAN;
2421 wpa_s->prev_scan_wildcard = 0;
2422
2423 if (wpa_supplicant_enabled_networks(wpa_s)) {
2424 if (wpa_supplicant_delayed_sched_scan(wpa_s, interface_count,
2425 100000))
2426 wpa_supplicant_req_scan(wpa_s, interface_count,
2427 100000);
2428 interface_count++;
2429 } else
2430 wpa_supplicant_set_state(wpa_s, WPA_INACTIVE);
2431
2432 return 0;
2433 }
2434
2435
2436 static int wpa_supplicant_daemon(const char *pid_file)
2437 {
2438 wpa_printf(MSG_DEBUG, "Daemonize..");
2439 return os_daemonize(pid_file);
2440 }
2441
2442
2443 static struct wpa_supplicant * wpa_supplicant_alloc(void)
2444 {
2445 struct wpa_supplicant *wpa_s;
2446
2447 wpa_s = os_zalloc(sizeof(*wpa_s));
2448 if (wpa_s == NULL)
2449 return NULL;
2450 wpa_s->scan_req = INITIAL_SCAN_REQ;
2451 wpa_s->scan_interval = 5;
2452 wpa_s->new_connection = 1;
2453 wpa_s->parent = wpa_s;
2454 wpa_s->sched_scanning = 0;
2455
2456 return wpa_s;
2457 }
2458
2459
2460 #ifdef CONFIG_HT_OVERRIDES
2461
2462 static int wpa_set_htcap_mcs(struct wpa_supplicant *wpa_s,
2463 struct ieee80211_ht_capabilities *htcaps,
2464 struct ieee80211_ht_capabilities *htcaps_mask,
2465 const char *ht_mcs)
2466 {
2467 /* parse ht_mcs into hex array */
2468 int i;
2469 const char *tmp = ht_mcs;
2470 char *end = NULL;
2471
2472 /* If ht_mcs is null, do not set anything */
2473 if (!ht_mcs)
2474 return 0;
2475
2476 /* This is what we are setting in the kernel */
2477 os_memset(&htcaps->supported_mcs_set, 0, IEEE80211_HT_MCS_MASK_LEN);
2478
2479 wpa_msg(wpa_s, MSG_DEBUG, "set_htcap, ht_mcs -:%s:-", ht_mcs);
2480
2481 for (i = 0; i < IEEE80211_HT_MCS_MASK_LEN; i++) {
2482 errno = 0;
2483 long v = strtol(tmp, &end, 16);
2484 if (errno == 0) {
2485 wpa_msg(wpa_s, MSG_DEBUG,
2486 "htcap value[%i]: %ld end: %p tmp: %p",
2487 i, v, end, tmp);
2488 if (end == tmp)
2489 break;
2490
2491 htcaps->supported_mcs_set[i] = v;
2492 tmp = end;
2493 } else {
2494 wpa_msg(wpa_s, MSG_ERROR,
2495 "Failed to parse ht-mcs: %s, error: %s\n",
2496 ht_mcs, strerror(errno));
2497 return -1;
2498 }
2499 }
2500
2501 /*
2502 * If we were able to parse any values, then set mask for the MCS set.
2503 */
2504 if (i) {
2505 os_memset(&htcaps_mask->supported_mcs_set, 0xff,
2506 IEEE80211_HT_MCS_MASK_LEN - 1);
2507 /* skip the 3 reserved bits */
2508 htcaps_mask->supported_mcs_set[IEEE80211_HT_MCS_MASK_LEN - 1] =
2509 0x1f;
2510 }
2511
2512 return 0;
2513 }
2514
2515
2516 static int wpa_disable_max_amsdu(struct wpa_supplicant *wpa_s,
2517 struct ieee80211_ht_capabilities *htcaps,
2518 struct ieee80211_ht_capabilities *htcaps_mask,
2519 int disabled)
2520 {
2521 u16 msk;
2522
2523 wpa_msg(wpa_s, MSG_DEBUG, "set_disable_max_amsdu: %d", disabled);
2524
2525 if (disabled == -1)
2526 return 0;
2527
2528 msk = host_to_le16(HT_CAP_INFO_MAX_AMSDU_SIZE);
2529 htcaps_mask->ht_capabilities_info |= msk;
2530 if (disabled)
2531 htcaps->ht_capabilities_info &= msk;
2532 else
2533 htcaps->ht_capabilities_info |= msk;
2534
2535 return 0;
2536 }
2537
2538
2539 static int wpa_set_ampdu_factor(struct wpa_supplicant *wpa_s,
2540 struct ieee80211_ht_capabilities *htcaps,
2541 struct ieee80211_ht_capabilities *htcaps_mask,
2542 int factor)
2543 {
2544 wpa_msg(wpa_s, MSG_DEBUG, "set_ampdu_factor: %d", factor);
2545
2546 if (factor == -1)
2547 return 0;
2548
2549 if (factor < 0 || factor > 3) {
2550 wpa_msg(wpa_s, MSG_ERROR, "ampdu_factor: %d out of range. "
2551 "Must be 0-3 or -1", factor);
2552 return -EINVAL;
2553 }
2554
2555 htcaps_mask->a_mpdu_params |= 0x3; /* 2 bits for factor */
2556 htcaps->a_mpdu_params &= ~0x3;
2557 htcaps->a_mpdu_params |= factor & 0x3;
2558
2559 return 0;
2560 }
2561
2562
2563 static int wpa_set_ampdu_density(struct wpa_supplicant *wpa_s,
2564 struct ieee80211_ht_capabilities *htcaps,
2565 struct ieee80211_ht_capabilities *htcaps_mask,
2566 int density)
2567 {
2568 wpa_msg(wpa_s, MSG_DEBUG, "set_ampdu_density: %d", density);
2569
2570 if (density == -1)
2571 return 0;
2572
2573 if (density < 0 || density > 7) {
2574 wpa_msg(wpa_s, MSG_ERROR,
2575 "ampdu_density: %d out of range. Must be 0-7 or -1.",
2576 density);
2577 return -EINVAL;
2578 }
2579
2580 htcaps_mask->a_mpdu_params |= 0x1C;
2581 htcaps->a_mpdu_params &= ~(0x1C);
2582 htcaps->a_mpdu_params |= (density << 2) & 0x1C;
2583
2584 return 0;
2585 }
2586
2587
2588 static int wpa_set_disable_ht40(struct wpa_supplicant *wpa_s,
2589 struct ieee80211_ht_capabilities *htcaps,
2590 struct ieee80211_ht_capabilities *htcaps_mask,
2591 int disabled)
2592 {
2593 /* Masking these out disables HT40 */
2594 u16 msk = host_to_le16(HT_CAP_INFO_SUPP_CHANNEL_WIDTH_SET |
2595 HT_CAP_INFO_SHORT_GI40MHZ);
2596
2597 wpa_msg(wpa_s, MSG_DEBUG, "set_disable_ht40: %d", disabled);
2598
2599 if (disabled)
2600 htcaps->ht_capabilities_info &= ~msk;
2601 else
2602 htcaps->ht_capabilities_info |= msk;
2603
2604 htcaps_mask->ht_capabilities_info |= msk;
2605
2606 return 0;
2607 }
2608
2609
2610 static int wpa_set_disable_sgi(struct wpa_supplicant *wpa_s,
2611 struct ieee80211_ht_capabilities *htcaps,
2612 struct ieee80211_ht_capabilities *htcaps_mask,
2613 int disabled)
2614 {
2615 /* Masking these out disables SGI */
2616 u16 msk = host_to_le16(HT_CAP_INFO_SHORT_GI20MHZ |
2617 HT_CAP_INFO_SHORT_GI40MHZ);
2618
2619 wpa_msg(wpa_s, MSG_DEBUG, "set_disable_sgi: %d", disabled);
2620
2621 if (disabled)
2622 htcaps->ht_capabilities_info &= ~msk;
2623 else
2624 htcaps->ht_capabilities_info |= msk;
2625
2626 htcaps_mask->ht_capabilities_info |= msk;
2627
2628 return 0;
2629 }
2630
2631
2632 void wpa_supplicant_apply_ht_overrides(
2633 struct wpa_supplicant *wpa_s, struct wpa_ssid *ssid,
2634 struct wpa_driver_associate_params *params)
2635 {
2636 struct ieee80211_ht_capabilities *htcaps;
2637 struct ieee80211_ht_capabilities *htcaps_mask;
2638
2639 if (!ssid)
2640 return;
2641
2642 params->disable_ht = ssid->disable_ht;
2643 if (!params->htcaps || !params->htcaps_mask)
2644 return;
2645
2646 htcaps = (struct ieee80211_ht_capabilities *) params->htcaps;
2647 htcaps_mask = (struct ieee80211_ht_capabilities *) params->htcaps_mask;
2648 wpa_set_htcap_mcs(wpa_s, htcaps, htcaps_mask, ssid->ht_mcs);
2649 wpa_disable_max_amsdu(wpa_s, htcaps, htcaps_mask,
2650 ssid->disable_max_amsdu);
2651 wpa_set_ampdu_factor(wpa_s, htcaps, htcaps_mask, ssid->ampdu_factor);
2652 wpa_set_ampdu_density(wpa_s, htcaps, htcaps_mask, ssid->ampdu_density);
2653 wpa_set_disable_ht40(wpa_s, htcaps, htcaps_mask, ssid->disable_ht40);
2654 wpa_set_disable_sgi(wpa_s, htcaps, htcaps_mask, ssid->disable_sgi);
2655 }
2656
2657 #endif /* CONFIG_HT_OVERRIDES */
2658
2659
2660 #ifdef CONFIG_VHT_OVERRIDES
2661 void wpa_supplicant_apply_vht_overrides(
2662 struct wpa_supplicant *wpa_s, struct wpa_ssid *ssid,
2663 struct wpa_driver_associate_params *params)
2664 {
2665 struct ieee80211_vht_capabilities *vhtcaps;
2666 struct ieee80211_vht_capabilities *vhtcaps_mask;
2667
2668 if (!ssid)
2669 return;
2670
2671 params->disable_vht = ssid->disable_vht;
2672
2673 vhtcaps = (void *) params->vhtcaps;
2674 vhtcaps_mask = (void *) params->vhtcaps_mask;
2675
2676 if (!vhtcaps || !vhtcaps_mask)
2677 return;
2678
2679 vhtcaps->vht_capabilities_info = ssid->vht_capa;
2680 vhtcaps_mask->vht_capabilities_info = ssid->vht_capa_mask;
2681
2682 #define OVERRIDE_MCS(i) \
2683 if (ssid->vht_tx_mcs_nss_ ##i >= 0) { \
2684 vhtcaps_mask->vht_supported_mcs_set.tx_map |= \
2685 3 << 2 * (i - 1); \
2686 vhtcaps->vht_supported_mcs_set.tx_map |= \
2687 ssid->vht_tx_mcs_nss_ ##i << 2 * (i - 1); \
2688 } \
2689 if (ssid->vht_rx_mcs_nss_ ##i >= 0) { \
2690 vhtcaps_mask->vht_supported_mcs_set.rx_map |= \
2691 3 << 2 * (i - 1); \
2692 vhtcaps->vht_supported_mcs_set.rx_map |= \
2693 ssid->vht_rx_mcs_nss_ ##i << 2 * (i - 1); \
2694 }
2695
2696 OVERRIDE_MCS(1);
2697 OVERRIDE_MCS(2);
2698 OVERRIDE_MCS(3);
2699 OVERRIDE_MCS(4);
2700 OVERRIDE_MCS(5);
2701 OVERRIDE_MCS(6);
2702 OVERRIDE_MCS(7);
2703 OVERRIDE_MCS(8);
2704 }
2705 #endif /* CONFIG_VHT_OVERRIDES */
2706
2707
2708 static int pcsc_reader_init(struct wpa_supplicant *wpa_s)
2709 {
2710 #ifdef PCSC_FUNCS
2711 size_t len;
2712
2713 if (!wpa_s->conf->pcsc_reader)
2714 return 0;
2715
2716 wpa_s->scard = scard_init(SCARD_TRY_BOTH, wpa_s->conf->pcsc_reader);
2717 if (!wpa_s->scard)
2718 return 1;
2719
2720 if (wpa_s->conf->pcsc_pin &&
2721 scard_set_pin(wpa_s->scard, wpa_s->conf->pcsc_pin) < 0) {
2722 scard_deinit(wpa_s->scard);
2723 wpa_s->scard = NULL;
2724 wpa_msg(wpa_s, MSG_ERROR, "PC/SC PIN validation failed");
2725 return -1;
2726 }
2727
2728 len = sizeof(wpa_s->imsi) - 1;
2729 if (scard_get_imsi(wpa_s->scard, wpa_s->imsi, &len)) {
2730 scard_deinit(wpa_s->scard);
2731 wpa_s->scard = NULL;
2732 wpa_msg(wpa_s, MSG_ERROR, "Could not read IMSI");
2733 return -1;
2734 }
2735 wpa_s->imsi[len] = '\0';
2736
2737 wpa_s->mnc_len = scard_get_mnc_len(wpa_s->scard);
2738
2739 wpa_printf(MSG_DEBUG, "SCARD: IMSI %s (MNC length %d)",
2740 wpa_s->imsi, wpa_s->mnc_len);
2741
2742 wpa_sm_set_scard_ctx(wpa_s->wpa, wpa_s->scard);
2743 eapol_sm_register_scard_ctx(wpa_s->eapol, wpa_s->scard);
2744 #endif /* PCSC_FUNCS */
2745
2746 return 0;
2747 }
2748
2749
2750 int wpas_init_ext_pw(struct wpa_supplicant *wpa_s)
2751 {
2752 char *val, *pos;
2753
2754 ext_password_deinit(wpa_s->ext_pw);
2755 wpa_s->ext_pw = NULL;
2756 eapol_sm_set_ext_pw_ctx(wpa_s->eapol, NULL);
2757
2758 if (!wpa_s->conf->ext_password_backend)
2759 return 0;
2760
2761 val = os_strdup(wpa_s->conf->ext_password_backend);
2762 if (val == NULL)
2763 return -1;
2764 pos = os_strchr(val, ':');
2765 if (pos)
2766 *pos++ = '\0';
2767
2768 wpa_printf(MSG_DEBUG, "EXT PW: Initialize backend '%s'", val);
2769
2770 wpa_s->ext_pw = ext_password_init(val, pos);
2771 os_free(val);
2772 if (wpa_s->ext_pw == NULL) {
2773 wpa_printf(MSG_DEBUG, "EXT PW: Failed to initialize backend");
2774 return -1;
2775 }
2776 eapol_sm_set_ext_pw_ctx(wpa_s->eapol, wpa_s->ext_pw);
2777
2778 return 0;
2779 }
2780
2781
2782 static int wpa_supplicant_init_iface(struct wpa_supplicant *wpa_s,
2783 struct wpa_interface *iface)
2784 {
2785 const char *ifname, *driver;
2786 struct wpa_driver_capa capa;
2787
2788 wpa_printf(MSG_DEBUG, "Initializing interface '%s' conf '%s' driver "
2789 "'%s' ctrl_interface '%s' bridge '%s'", iface->ifname,
2790 iface->confname ? iface->confname : "N/A",
2791 iface->driver ? iface->driver : "default",
2792 iface->ctrl_interface ? iface->ctrl_interface : "N/A",
2793 iface->bridge_ifname ? iface->bridge_ifname : "N/A");
2794
2795 if (iface->confname) {
2796 #ifdef CONFIG_BACKEND_FILE
2797 wpa_s->confname = os_rel2abs_path(iface->confname);
2798 if (wpa_s->confname == NULL) {
2799 wpa_printf(MSG_ERROR, "Failed to get absolute path "
2800 "for configuration file '%s'.",
2801 iface->confname);
2802 return -1;
2803 }
2804 wpa_printf(MSG_DEBUG, "Configuration file '%s' -> '%s'",
2805 iface->confname, wpa_s->confname);
2806 #else /* CONFIG_BACKEND_FILE */
2807 wpa_s->confname = os_strdup(iface->confname);
2808 #endif /* CONFIG_BACKEND_FILE */
2809 wpa_s->conf = wpa_config_read(wpa_s->confname, NULL);
2810 if (wpa_s->conf == NULL) {
2811 wpa_printf(MSG_ERROR, "Failed to read or parse "
2812 "configuration '%s'.", wpa_s->confname);
2813 return -1;
2814 }
2815 wpa_s->confanother = os_rel2abs_path(iface->confanother);
2816 wpa_config_read(wpa_s->confanother, wpa_s->conf);
2817
2818 /*
2819 * Override ctrl_interface and driver_param if set on command
2820 * line.
2821 */
2822 if (iface->ctrl_interface) {
2823 os_free(wpa_s->conf->ctrl_interface);
2824 wpa_s->conf->ctrl_interface =
2825 os_strdup(iface->ctrl_interface);
2826 }
2827
2828 if (iface->driver_param) {
2829 os_free(wpa_s->conf->driver_param);
2830 wpa_s->conf->driver_param =
2831 os_strdup(iface->driver_param);
2832 }
2833 } else
2834 wpa_s->conf = wpa_config_alloc_empty(iface->ctrl_interface,
2835 iface->driver_param);
2836
2837 if (wpa_s->conf == NULL) {
2838 wpa_printf(MSG_ERROR, "\nNo configuration found.");
2839 return -1;
2840 }
2841
2842 if (iface->ifname == NULL) {
2843 wpa_printf(MSG_ERROR, "\nInterface name is required.");
2844 return -1;
2845 }
2846 if (os_strlen(iface->ifname) >= sizeof(wpa_s->ifname)) {
2847 wpa_printf(MSG_ERROR, "\nToo long interface name '%s'.",
2848 iface->ifname);
2849 return -1;
2850 }
2851 os_strlcpy(wpa_s->ifname, iface->ifname, sizeof(wpa_s->ifname));
2852
2853 if (iface->bridge_ifname) {
2854 if (os_strlen(iface->bridge_ifname) >=
2855 sizeof(wpa_s->bridge_ifname)) {
2856 wpa_printf(MSG_ERROR, "\nToo long bridge interface "
2857 "name '%s'.", iface->bridge_ifname);
2858 return -1;
2859 }
2860 os_strlcpy(wpa_s->bridge_ifname, iface->bridge_ifname,
2861 sizeof(wpa_s->bridge_ifname));
2862 }
2863
2864 /* RSNA Supplicant Key Management - INITIALIZE */
2865 eapol_sm_notify_portEnabled(wpa_s->eapol, FALSE);
2866 eapol_sm_notify_portValid(wpa_s->eapol, FALSE);
2867
2868 /* Initialize driver interface and register driver event handler before
2869 * L2 receive handler so that association events are processed before
2870 * EAPOL-Key packets if both become available for the same select()
2871 * call. */
2872 driver = iface->driver;
2873 next_driver:
2874 if (wpa_supplicant_set_driver(wpa_s, driver) < 0)
2875 return -1;
2876
2877 wpa_s->drv_priv = wpa_drv_init(wpa_s, wpa_s->ifname);
2878 if (wpa_s->drv_priv == NULL) {
2879 const char *pos;
2880 pos = driver ? os_strchr(driver, ',') : NULL;
2881 if (pos) {
2882 wpa_dbg(wpa_s, MSG_DEBUG, "Failed to initialize "
2883 "driver interface - try next driver wrapper");
2884 driver = pos + 1;
2885 goto next_driver;
2886 }
2887 wpa_msg(wpa_s, MSG_ERROR, "Failed to initialize driver "
2888 "interface");
2889 return -1;
2890 }
2891 if (wpa_drv_set_param(wpa_s, wpa_s->conf->driver_param) < 0) {
2892 wpa_msg(wpa_s, MSG_ERROR, "Driver interface rejected "
2893 "driver_param '%s'", wpa_s->conf->driver_param);
2894 return -1;
2895 }
2896
2897 ifname = wpa_drv_get_ifname(wpa_s);
2898 if (ifname && os_strcmp(ifname, wpa_s->ifname) != 0) {
2899 wpa_dbg(wpa_s, MSG_DEBUG, "Driver interface replaced "
2900 "interface name with '%s'", ifname);
2901 os_strlcpy(wpa_s->ifname, ifname, sizeof(wpa_s->ifname));
2902 }
2903
2904 if (wpa_supplicant_init_wpa(wpa_s) < 0)
2905 return -1;
2906
2907 wpa_sm_set_ifname(wpa_s->wpa, wpa_s->ifname,
2908 wpa_s->bridge_ifname[0] ? wpa_s->bridge_ifname :
2909 NULL);
2910 wpa_sm_set_fast_reauth(wpa_s->wpa, wpa_s->conf->fast_reauth);
2911
2912 if (wpa_s->conf->dot11RSNAConfigPMKLifetime &&
2913 wpa_sm_set_param(wpa_s->wpa, RSNA_PMK_LIFETIME,
2914 wpa_s->conf->dot11RSNAConfigPMKLifetime)) {
2915 wpa_msg(wpa_s, MSG_ERROR, "Invalid WPA parameter value for "
2916 "dot11RSNAConfigPMKLifetime");
2917 return -1;
2918 }
2919
2920 if (wpa_s->conf->dot11RSNAConfigPMKReauthThreshold &&
2921 wpa_sm_set_param(wpa_s->wpa, RSNA_PMK_REAUTH_THRESHOLD,
2922 wpa_s->conf->dot11RSNAConfigPMKReauthThreshold)) {
2923 wpa_msg(wpa_s, MSG_ERROR, "Invalid WPA parameter value for "
2924 "dot11RSNAConfigPMKReauthThreshold");
2925 return -1;
2926 }
2927
2928 if (wpa_s->conf->dot11RSNAConfigSATimeout &&
2929 wpa_sm_set_param(wpa_s->wpa, RSNA_SA_TIMEOUT,
2930 wpa_s->conf->dot11RSNAConfigSATimeout)) {
2931 wpa_msg(wpa_s, MSG_ERROR, "Invalid WPA parameter value for "
2932 "dot11RSNAConfigSATimeout");
2933 return -1;
2934 }
2935
2936 wpa_s->hw.modes = wpa_drv_get_hw_feature_data(wpa_s,
2937 &wpa_s->hw.num_modes,
2938 &wpa_s->hw.flags);
2939
2940 if (wpa_drv_get_capa(wpa_s, &capa) == 0) {
2941 wpa_s->drv_capa_known = 1;
2942 wpa_s->drv_flags = capa.flags;
2943 wpa_s->drv_enc = capa.enc;
2944 wpa_s->probe_resp_offloads = capa.probe_resp_offloads;
2945 wpa_s->max_scan_ssids = capa.max_scan_ssids;
2946 wpa_s->max_sched_scan_ssids = capa.max_sched_scan_ssids;
2947 wpa_s->sched_scan_supported = capa.sched_scan_supported;
2948 wpa_s->max_match_sets = capa.max_match_sets;
2949 wpa_s->max_remain_on_chan = capa.max_remain_on_chan;
2950 wpa_s->max_stations = capa.max_stations;
2951 wpa_s->extended_capa = capa.extended_capa;
2952 wpa_s->extended_capa_mask = capa.extended_capa_mask;
2953 wpa_s->extended_capa_len = capa.extended_capa_len;
2954 }
2955 if (wpa_s->max_remain_on_chan == 0)
2956 wpa_s->max_remain_on_chan = 1000;
2957
2958 if (wpa_supplicant_driver_init(wpa_s) < 0)
2959 return -1;
2960
2961 #ifdef CONFIG_TDLS
2962 if (wpa_tdls_init(wpa_s->wpa))
2963 return -1;
2964 #endif /* CONFIG_TDLS */
2965
2966 if (wpa_s->conf->country[0] && wpa_s->conf->country[1] &&
2967 wpa_drv_set_country(wpa_s, wpa_s->conf->country)) {
2968 wpa_dbg(wpa_s, MSG_DEBUG, "Failed to set country");
2969 return -1;
2970 }
2971
2972 if (wpas_wps_init(wpa_s))
2973 return -1;
2974
2975 if (wpa_supplicant_init_eapol(wpa_s) < 0)
2976 return -1;
2977 wpa_sm_set_eapol(wpa_s->wpa, wpa_s->eapol);
2978
2979 wpa_s->ctrl_iface = wpa_supplicant_ctrl_iface_init(wpa_s);
2980 if (wpa_s->ctrl_iface == NULL) {
2981 wpa_printf(MSG_ERROR,
2982 "Failed to initialize control interface '%s'.\n"
2983 "You may have another wpa_supplicant process "
2984 "already running or the file was\n"
2985 "left by an unclean termination of wpa_supplicant "
2986 "in which case you will need\n"
2987 "to manually remove this file before starting "
2988 "wpa_supplicant again.\n",
2989 wpa_s->conf->ctrl_interface);
2990 return -1;
2991 }
2992
2993 wpa_s->gas = gas_query_init(wpa_s);
2994 if (wpa_s->gas == NULL) {
2995 wpa_printf(MSG_ERROR, "Failed to initialize GAS query");
2996 return -1;
2997 }
2998
2999 #ifdef CONFIG_P2P
3000 if (wpas_p2p_init(wpa_s->global, wpa_s) < 0) {
3001 wpa_msg(wpa_s, MSG_ERROR, "Failed to init P2P");
3002 return -1;
3003 }
3004 #endif /* CONFIG_P2P */
3005
3006 if (wpa_bss_init(wpa_s) < 0)
3007 return -1;
3008
3009 if (pcsc_reader_init(wpa_s) < 0)
3010 return -1;
3011
3012 if (wpas_init_ext_pw(wpa_s) < 0)
3013 return -1;
3014
3015 return 0;
3016 }
3017
3018
3019 static void wpa_supplicant_deinit_iface(struct wpa_supplicant *wpa_s,
3020 int notify, int terminate)
3021 {
3022 if (wpa_s->drv_priv) {
3023 wpa_supplicant_deauthenticate(wpa_s,
3024 WLAN_REASON_DEAUTH_LEAVING);
3025
3026 wpa_drv_set_countermeasures(wpa_s, 0);
3027 wpa_clear_keys(wpa_s, NULL);
3028 }
3029
3030 wpa_supplicant_cleanup(wpa_s);
3031
3032 #ifdef CONFIG_P2P
3033 if (wpa_s == wpa_s->global->p2p_init_wpa_s && wpa_s->global->p2p) {
3034 wpa_dbg(wpa_s, MSG_DEBUG, "P2P: Disable P2P since removing "
3035 "the management interface is being removed");
3036 wpas_p2p_deinit_global(wpa_s->global);
3037 }
3038 #endif /* CONFIG_P2P */
3039
3040 if (wpa_s->drv_priv)
3041 wpa_drv_deinit(wpa_s);
3042
3043 if (notify)
3044 wpas_notify_iface_removed(wpa_s);
3045
3046 if (terminate)
3047 wpa_msg(wpa_s, MSG_INFO, WPA_EVENT_TERMINATING);
3048
3049 if (wpa_s->ctrl_iface) {
3050 wpa_supplicant_ctrl_iface_deinit(wpa_s->ctrl_iface);
3051 wpa_s->ctrl_iface = NULL;
3052 }
3053
3054 if (wpa_s->conf != NULL) {
3055 wpa_config_free(wpa_s->conf);
3056 wpa_s->conf = NULL;
3057 }
3058 }
3059
3060
3061 /**
3062 * wpa_supplicant_add_iface - Add a new network interface
3063 * @global: Pointer to global data from wpa_supplicant_init()
3064 * @iface: Interface configuration options
3065 * Returns: Pointer to the created interface or %NULL on failure
3066 *
3067 * This function is used to add new network interfaces for %wpa_supplicant.
3068 * This can be called before wpa_supplicant_run() to add interfaces before the
3069 * main event loop has been started. In addition, new interfaces can be added
3070 * dynamically while %wpa_supplicant is already running. This could happen,
3071 * e.g., when a hotplug network adapter is inserted.
3072 */
3073 struct wpa_supplicant * wpa_supplicant_add_iface(struct wpa_global *global,
3074 struct wpa_interface *iface)
3075 {
3076 struct wpa_supplicant *wpa_s;
3077 struct wpa_interface t_iface;
3078 struct wpa_ssid *ssid;
3079
3080 if (global == NULL || iface == NULL)
3081 return NULL;
3082
3083 wpa_s = wpa_supplicant_alloc();
3084 if (wpa_s == NULL)
3085 return NULL;
3086
3087 wpa_s->global = global;
3088
3089 t_iface = *iface;
3090 if (global->params.override_driver) {
3091 wpa_printf(MSG_DEBUG, "Override interface parameter: driver "
3092 "('%s' -> '%s')",
3093 iface->driver, global->params.override_driver);
3094 t_iface.driver = global->params.override_driver;
3095 }
3096 if (global->params.override_ctrl_interface) {
3097 wpa_printf(MSG_DEBUG, "Override interface parameter: "
3098 "ctrl_interface ('%s' -> '%s')",
3099 iface->ctrl_interface,
3100 global->params.override_ctrl_interface);
3101 t_iface.ctrl_interface =
3102 global->params.override_ctrl_interface;
3103 }
3104 if (wpa_supplicant_init_iface(wpa_s, &t_iface)) {
3105 wpa_printf(MSG_DEBUG, "Failed to add interface %s",
3106 iface->ifname);
3107 wpa_supplicant_deinit_iface(wpa_s, 0, 0);
3108 os_free(wpa_s);
3109 return NULL;
3110 }
3111
3112 /* Notify the control interfaces about new iface */
3113 if (wpas_notify_iface_added(wpa_s)) {
3114 wpa_supplicant_deinit_iface(wpa_s, 1, 0);
3115 os_free(wpa_s);
3116 return NULL;
3117 }
3118
3119 for (ssid = wpa_s->conf->ssid; ssid; ssid = ssid->next)
3120 wpas_notify_network_added(wpa_s, ssid);
3121
3122 wpa_s->next = global->ifaces;
3123 global->ifaces = wpa_s;
3124
3125 wpa_dbg(wpa_s, MSG_DEBUG, "Added interface %s", wpa_s->ifname);
3126 wpa_supplicant_set_state(wpa_s, WPA_DISCONNECTED);
3127
3128 return wpa_s;
3129 }
3130
3131
3132 /**
3133 * wpa_supplicant_remove_iface - Remove a network interface
3134 * @global: Pointer to global data from wpa_supplicant_init()
3135 * @wpa_s: Pointer to the network interface to be removed
3136 * Returns: 0 if interface was removed, -1 if interface was not found
3137 *
3138 * This function can be used to dynamically remove network interfaces from
3139 * %wpa_supplicant, e.g., when a hotplug network adapter is ejected. In
3140 * addition, this function is used to remove all remaining interfaces when
3141 * %wpa_supplicant is terminated.
3142 */
3143 int wpa_supplicant_remove_iface(struct wpa_global *global,
3144 struct wpa_supplicant *wpa_s,
3145 int terminate)
3146 {
3147 struct wpa_supplicant *prev;
3148
3149 /* Remove interface from the global list of interfaces */
3150 prev = global->ifaces;
3151 if (prev == wpa_s) {
3152 global->ifaces = wpa_s->next;
3153 } else {
3154 while (prev && prev->next != wpa_s)
3155 prev = prev->next;
3156 if (prev == NULL)
3157 return -1;
3158 prev->next = wpa_s->next;
3159 }
3160
3161 wpa_dbg(wpa_s, MSG_DEBUG, "Removing interface %s", wpa_s->ifname);
3162
3163 if (global->p2p_group_formation == wpa_s)
3164 global->p2p_group_formation = NULL;
3165 if (global->p2p_invite_group == wpa_s)
3166 global->p2p_invite_group = NULL;
3167 wpa_supplicant_deinit_iface(wpa_s, 1, terminate);
3168 os_free(wpa_s);
3169
3170 return 0;
3171 }
3172
3173
3174 /**
3175 * wpa_supplicant_get_eap_mode - Get the current EAP mode
3176 * @wpa_s: Pointer to the network interface
3177 * Returns: Pointer to the eap mode or the string "UNKNOWN" if not found
3178 */
3179 const char * wpa_supplicant_get_eap_mode(struct wpa_supplicant *wpa_s)
3180 {
3181 const char *eapol_method;
3182
3183 if (wpa_key_mgmt_wpa_ieee8021x(wpa_s->key_mgmt) == 0 &&
3184 wpa_s->key_mgmt != WPA_KEY_MGMT_IEEE8021X_NO_WPA) {
3185 return "NO-EAP";
3186 }
3187
3188 eapol_method = eapol_sm_get_method_name(wpa_s->eapol);
3189 if (eapol_method == NULL)
3190 return "UNKNOWN-EAP";
3191
3192 return eapol_method;
3193 }
3194
3195
3196 /**
3197 * wpa_supplicant_get_iface - Get a new network interface
3198 * @global: Pointer to global data from wpa_supplicant_init()
3199 * @ifname: Interface name
3200 * Returns: Pointer to the interface or %NULL if not found
3201 */
3202 struct wpa_supplicant * wpa_supplicant_get_iface(struct wpa_global *global,
3203 const char *ifname)
3204 {
3205 struct wpa_supplicant *wpa_s;
3206
3207 for (wpa_s = global->ifaces; wpa_s; wpa_s = wpa_s->next) {
3208 if (os_strcmp(wpa_s->ifname, ifname) == 0)
3209 return wpa_s;
3210 }
3211 return NULL;
3212 }
3213
3214
3215 #ifndef CONFIG_NO_WPA_MSG
3216 static const char * wpa_supplicant_msg_ifname_cb(void *ctx)
3217 {
3218 struct wpa_supplicant *wpa_s = ctx;
3219 if (wpa_s == NULL)
3220 return NULL;
3221 return wpa_s->ifname;
3222 }
3223 #endif /* CONFIG_NO_WPA_MSG */
3224
3225
3226 /**
3227 * wpa_supplicant_init - Initialize %wpa_supplicant
3228 * @params: Parameters for %wpa_supplicant
3229 * Returns: Pointer to global %wpa_supplicant data, or %NULL on failure
3230 *
3231 * This function is used to initialize %wpa_supplicant. After successful
3232 * initialization, the returned data pointer can be used to add and remove
3233 * network interfaces, and eventually, to deinitialize %wpa_supplicant.
3234 */
3235 struct wpa_global * wpa_supplicant_init(struct wpa_params *params)
3236 {
3237 struct wpa_global *global;
3238 int ret, i;
3239
3240 if (params == NULL)
3241 return NULL;
3242
3243 #ifdef CONFIG_DRIVER_NDIS
3244 {
3245 void driver_ndis_init_ops(void);
3246 driver_ndis_init_ops();
3247 }
3248 #endif /* CONFIG_DRIVER_NDIS */
3249
3250 #ifndef CONFIG_NO_WPA_MSG
3251 wpa_msg_register_ifname_cb(wpa_supplicant_msg_ifname_cb);
3252 #endif /* CONFIG_NO_WPA_MSG */
3253
3254 wpa_debug_open_file(params->wpa_debug_file_path);
3255 if (params->wpa_debug_syslog)
3256 wpa_debug_open_syslog();
3257 if (params->wpa_debug_tracing) {
3258 ret = wpa_debug_open_linux_tracing();
3259 if (ret) {
3260 wpa_printf(MSG_ERROR,
3261 "Failed to enable trace logging");
3262 return NULL;
3263 }
3264 }
3265
3266 ret = eap_register_methods();
3267 if (ret) {
3268 wpa_printf(MSG_ERROR, "Failed to register EAP methods");
3269 if (ret == -2)
3270 wpa_printf(MSG_ERROR, "Two or more EAP methods used "
3271 "the same EAP type.");
3272 return NULL;
3273 }
3274
3275 global = os_zalloc(sizeof(*global));
3276 if (global == NULL)
3277 return NULL;
3278 dl_list_init(&global->p2p_srv_bonjour);
3279 dl_list_init(&global->p2p_srv_upnp);
3280 global->params.daemonize = params->daemonize;
3281 global->params.wait_for_monitor = params->wait_for_monitor;
3282 global->params.dbus_ctrl_interface = params->dbus_ctrl_interface;
3283 if (params->pid_file)
3284 global->params.pid_file = os_strdup(params->pid_file);
3285 if (params->ctrl_interface)
3286 global->params.ctrl_interface =
3287 os_strdup(params->ctrl_interface);
3288 if (params->override_driver)
3289 global->params.override_driver =
3290 os_strdup(params->override_driver);
3291 if (params->override_ctrl_interface)
3292 global->params.override_ctrl_interface =
3293 os_strdup(params->override_ctrl_interface);
3294 wpa_debug_level = global->params.wpa_debug_level =
3295 params->wpa_debug_level;
3296 wpa_debug_show_keys = global->params.wpa_debug_show_keys =
3297 params->wpa_debug_show_keys;
3298 wpa_debug_timestamp = global->params.wpa_debug_timestamp =
3299 params->wpa_debug_timestamp;
3300
3301 wpa_printf(MSG_DEBUG, "wpa_supplicant v" VERSION_STR);
3302
3303 if (eloop_init()) {
3304 wpa_printf(MSG_ERROR, "Failed to initialize event loop");
3305 wpa_supplicant_deinit(global);
3306 return NULL;
3307 }
3308
3309 random_init(params->entropy_file);
3310
3311 global->ctrl_iface = wpa_supplicant_global_ctrl_iface_init(global);
3312 if (global->ctrl_iface == NULL) {
3313 wpa_supplicant_deinit(global);
3314 return NULL;
3315 }
3316
3317 if (wpas_notify_supplicant_initialized(global)) {
3318 wpa_supplicant_deinit(global);
3319 return NULL;
3320 }
3321
3322 for (i = 0; wpa_drivers[i]; i++)
3323 global->drv_count++;
3324 if (global->drv_count == 0) {
3325 wpa_printf(MSG_ERROR, "No drivers enabled");
3326 wpa_supplicant_deinit(global);
3327 return NULL;
3328 }
3329 global->drv_priv = os_zalloc(global->drv_count * sizeof(void *));
3330 if (global->drv_priv == NULL) {
3331 wpa_supplicant_deinit(global);
3332 return NULL;
3333 }
3334
3335 #ifdef CONFIG_WIFI_DISPLAY
3336 if (wifi_display_init(global) < 0) {
3337 wpa_printf(MSG_ERROR, "Failed to initialize Wi-Fi Display");
3338 wpa_supplicant_deinit(global);
3339 return NULL;
3340 }
3341 #endif /* CONFIG_WIFI_DISPLAY */
3342
3343 return global;
3344 }
3345
3346
3347 /**
3348 * wpa_supplicant_run - Run the %wpa_supplicant main event loop
3349 * @global: Pointer to global data from wpa_supplicant_init()
3350 * Returns: 0 after successful event loop run, -1 on failure
3351 *
3352 * This function starts the main event loop and continues running as long as
3353 * there are any remaining events. In most cases, this function is running as
3354 * long as the %wpa_supplicant process in still in use.
3355 */
3356 int wpa_supplicant_run(struct wpa_global *global)
3357 {
3358 struct wpa_supplicant *wpa_s;
3359
3360 if (global->params.daemonize &&
3361 wpa_supplicant_daemon(global->params.pid_file))
3362 return -1;
3363
3364 if (global->params.wait_for_monitor) {
3365 for (wpa_s = global->ifaces; wpa_s; wpa_s = wpa_s->next)
3366 if (wpa_s->ctrl_iface)
3367 wpa_supplicant_ctrl_iface_wait(
3368 wpa_s->ctrl_iface);
3369 }
3370
3371 eloop_register_signal_terminate(wpa_supplicant_terminate, global);
3372 eloop_register_signal_reconfig(wpa_supplicant_reconfig, global);
3373
3374 eloop_run();
3375
3376 return 0;
3377 }
3378
3379
3380 /**
3381 * wpa_supplicant_deinit - Deinitialize %wpa_supplicant
3382 * @global: Pointer to global data from wpa_supplicant_init()
3383 *
3384 * This function is called to deinitialize %wpa_supplicant and to free all
3385 * allocated resources. Remaining network interfaces will also be removed.
3386 */
3387 void wpa_supplicant_deinit(struct wpa_global *global)
3388 {
3389 int i;
3390
3391 if (global == NULL)
3392 return;
3393
3394 #ifdef CONFIG_WIFI_DISPLAY
3395 wifi_display_deinit(global);
3396 #endif /* CONFIG_WIFI_DISPLAY */
3397 #ifdef CONFIG_P2P
3398 wpas_p2p_deinit_global(global);
3399 #endif /* CONFIG_P2P */
3400
3401 while (global->ifaces)
3402 wpa_supplicant_remove_iface(global, global->ifaces, 1);
3403
3404 if (global->ctrl_iface)
3405 wpa_supplicant_global_ctrl_iface_deinit(global->ctrl_iface);
3406
3407 wpas_notify_supplicant_deinitialized(global);
3408
3409 eap_peer_unregister_methods();
3410 #ifdef CONFIG_AP
3411 eap_server_unregister_methods();
3412 #endif /* CONFIG_AP */
3413
3414 for (i = 0; wpa_drivers[i] && global->drv_priv; i++) {
3415 if (!global->drv_priv[i])
3416 continue;
3417 wpa_drivers[i]->global_deinit(global->drv_priv[i]);
3418 }
3419 os_free(global->drv_priv);
3420
3421 random_deinit();
3422
3423 eloop_destroy();
3424
3425 if (global->params.pid_file) {
3426 os_daemonize_terminate(global->params.pid_file);
3427 os_free(global->params.pid_file);
3428 }
3429 os_free(global->params.ctrl_interface);
3430 os_free(global->params.override_driver);
3431 os_free(global->params.override_ctrl_interface);
3432
3433 os_free(global->p2p_disallow_freq);
3434
3435 os_free(global);
3436 wpa_debug_close_syslog();
3437 wpa_debug_close_file();
3438 wpa_debug_close_linux_tracing();
3439 }
3440
3441
3442 void wpa_supplicant_update_config(struct wpa_supplicant *wpa_s)
3443 {
3444 if ((wpa_s->conf->changed_parameters & CFG_CHANGED_COUNTRY) &&
3445 wpa_s->conf->country[0] && wpa_s->conf->country[1]) {
3446 char country[3];
3447 country[0] = wpa_s->conf->country[0];
3448 country[1] = wpa_s->conf->country[1];
3449 country[2] = '\0';
3450 if (wpa_drv_set_country(wpa_s, country) < 0) {
3451 wpa_printf(MSG_ERROR, "Failed to set country code "
3452 "'%s'", country);
3453 }
3454 }
3455
3456 if (wpa_s->conf->changed_parameters & CFG_CHANGED_EXT_PW_BACKEND)
3457 wpas_init_ext_pw(wpa_s);
3458
3459 #ifdef CONFIG_WPS
3460 wpas_wps_update_config(wpa_s);
3461 #endif /* CONFIG_WPS */
3462
3463 #ifdef CONFIG_P2P
3464 wpas_p2p_update_config(wpa_s);
3465 #endif /* CONFIG_P2P */
3466
3467 wpa_s->conf->changed_parameters = 0;
3468 }
3469
3470
3471 static void add_freq(int *freqs, int *num_freqs, int freq)
3472 {
3473 int i;
3474
3475 for (i = 0; i < *num_freqs; i++) {
3476 if (freqs[i] == freq)
3477 return;
3478 }
3479
3480 freqs[*num_freqs] = freq;
3481 (*num_freqs)++;
3482 }
3483
3484
3485 static int * get_bss_freqs_in_ess(struct wpa_supplicant *wpa_s)
3486 {
3487 struct wpa_bss *bss, *cbss;
3488 const int max_freqs = 10;
3489 int *freqs;
3490 int num_freqs = 0;
3491
3492 freqs = os_zalloc(sizeof(int) * (max_freqs + 1));
3493 if (freqs == NULL)
3494 return NULL;
3495
3496 cbss = wpa_s->current_bss;
3497
3498 dl_list_for_each(bss, &wpa_s->bss, struct wpa_bss, list) {
3499 if (bss == cbss)
3500 continue;
3501 if (bss->ssid_len == cbss->ssid_len &&
3502 os_memcmp(bss->ssid, cbss->ssid, bss->ssid_len) == 0 &&
3503 wpa_blacklist_get(wpa_s, bss->bssid) == NULL) {
3504 add_freq(freqs, &num_freqs, bss->freq);
3505 if (num_freqs == max_freqs)
3506 break;
3507 }
3508 }
3509
3510 if (num_freqs == 0) {
3511 os_free(freqs);
3512 freqs = NULL;
3513 }
3514
3515 return freqs;
3516 }
3517
3518
3519 void wpas_connection_failed(struct wpa_supplicant *wpa_s, const u8 *bssid)
3520 {
3521 int timeout;
3522 int count;
3523 int *freqs = NULL;
3524
3525 /*
3526 * Remove possible authentication timeout since the connection failed.
3527 */
3528 eloop_cancel_timeout(wpa_supplicant_timeout, wpa_s, NULL);
3529
3530 /*
3531 * Add the failed BSSID into the blacklist and speed up next scan
3532 * attempt if there could be other APs that could accept association.
3533 * The current blacklist count indicates how many times we have tried
3534 * connecting to this AP and multiple attempts mean that other APs are
3535 * either not available or has already been tried, so that we can start
3536 * increasing the delay here to avoid constant scanning.
3537 */
3538 count = wpa_blacklist_add(wpa_s, bssid);
3539 if (count == 1 && wpa_s->current_bss) {
3540 /*
3541 * This BSS was not in the blacklist before. If there is
3542 * another BSS available for the same ESS, we should try that
3543 * next. Otherwise, we may as well try this one once more
3544 * before allowing other, likely worse, ESSes to be considered.
3545 */
3546 freqs = get_bss_freqs_in_ess(wpa_s);
3547 if (freqs) {
3548 wpa_dbg(wpa_s, MSG_DEBUG, "Another BSS in this ESS "
3549 "has been seen; try it next");
3550 wpa_blacklist_add(wpa_s, bssid);
3551 /*
3552 * On the next scan, go through only the known channels
3553 * used in this ESS based on previous scans to speed up
3554 * common load balancing use case.
3555 */
3556 os_free(wpa_s->next_scan_freqs);
3557 wpa_s->next_scan_freqs = freqs;
3558 }
3559 }
3560
3561 /*
3562 * Add previous failure count in case the temporary blacklist was
3563 * cleared due to no other BSSes being available.
3564 */
3565 count += wpa_s->extra_blacklist_count;
3566
3567 switch (count) {
3568 case 1:
3569 timeout = 100;
3570 break;
3571 case 2:
3572 timeout = 500;
3573 break;
3574 case 3:
3575 timeout = 1000;
3576 break;
3577 case 4:
3578 timeout = 5000;
3579 break;
3580 default:
3581 timeout = 10000;
3582 break;
3583 }
3584
3585 wpa_dbg(wpa_s, MSG_DEBUG, "Blacklist count %d --> request scan in %d "
3586 "ms", count, timeout);
3587
3588 /*
3589 * TODO: if more than one possible AP is available in scan results,
3590 * could try the other ones before requesting a new scan.
3591 */
3592 wpa_supplicant_req_scan(wpa_s, timeout / 1000,
3593 1000 * (timeout % 1000));
3594
3595 wpas_p2p_continue_after_scan(wpa_s);
3596 }
3597
3598
3599 int wpas_driver_bss_selection(struct wpa_supplicant *wpa_s)
3600 {
3601 return wpa_s->conf->ap_scan == 2 ||
3602 (wpa_s->drv_flags & WPA_DRIVER_FLAGS_BSS_SELECTION);
3603 }
3604
3605
3606 #if defined(CONFIG_CTRL_IFACE) || defined(CONFIG_CTRL_IFACE_DBUS_NEW)
3607 int wpa_supplicant_ctrl_iface_ctrl_rsp_handle(struct wpa_supplicant *wpa_s,
3608 struct wpa_ssid *ssid,
3609 const char *field,
3610 const char *value)
3611 {
3612 #ifdef IEEE8021X_EAPOL
3613 struct eap_peer_config *eap = &ssid->eap;
3614
3615 wpa_printf(MSG_DEBUG, "CTRL_IFACE: response handle field=%s", field);
3616 wpa_hexdump_ascii_key(MSG_DEBUG, "CTRL_IFACE: response value",
3617 (const u8 *) value, os_strlen(value));
3618
3619 switch (wpa_supplicant_ctrl_req_from_string(field)) {
3620 case WPA_CTRL_REQ_EAP_IDENTITY:
3621 os_free(eap->identity);
3622 eap->identity = (u8 *) os_strdup(value);
3623 eap->identity_len = os_strlen(value);
3624 eap->pending_req_identity = 0;
3625 if (ssid == wpa_s->current_ssid)
3626 wpa_s->reassociate = 1;
3627 break;
3628 case WPA_CTRL_REQ_EAP_PASSWORD:
3629 os_free(eap->password);
3630 eap->password = (u8 *) os_strdup(value);
3631 eap->password_len = os_strlen(value);
3632 eap->pending_req_password = 0;
3633 if (ssid == wpa_s->current_ssid)
3634 wpa_s->reassociate = 1;
3635 break;
3636 case WPA_CTRL_REQ_EAP_NEW_PASSWORD:
3637 os_free(eap->new_password);
3638 eap->new_password = (u8 *) os_strdup(value);
3639 eap->new_password_len = os_strlen(value);
3640 eap->pending_req_new_password = 0;
3641 if (ssid == wpa_s->current_ssid)
3642 wpa_s->reassociate = 1;
3643 break;
3644 case WPA_CTRL_REQ_EAP_PIN:
3645 os_free(eap->pin);
3646 eap->pin = os_strdup(value);
3647 eap->pending_req_pin = 0;
3648 if (ssid == wpa_s->current_ssid)
3649 wpa_s->reassociate = 1;
3650 break;
3651 case WPA_CTRL_REQ_EAP_OTP:
3652 os_free(eap->otp);
3653 eap->otp = (u8 *) os_strdup(value);
3654 eap->otp_len = os_strlen(value);
3655 os_free(eap->pending_req_otp);
3656 eap->pending_req_otp = NULL;
3657 eap->pending_req_otp_len = 0;
3658 break;
3659 case WPA_CTRL_REQ_EAP_PASSPHRASE:
3660 os_free(eap->private_key_passwd);
3661 eap->private_key_passwd = (u8 *) os_strdup(value);
3662 eap->pending_req_passphrase = 0;
3663 if (ssid == wpa_s->current_ssid)
3664 wpa_s->reassociate = 1;
3665 break;
3666 default:
3667 wpa_printf(MSG_DEBUG, "CTRL_IFACE: Unknown field '%s'", field);
3668 return -1;
3669 }
3670
3671 return 0;
3672 #else /* IEEE8021X_EAPOL */
3673 wpa_printf(MSG_DEBUG, "CTRL_IFACE: IEEE 802.1X not included");
3674 return -1;
3675 #endif /* IEEE8021X_EAPOL */
3676 }
3677 #endif /* CONFIG_CTRL_IFACE || CONFIG_CTRL_IFACE_DBUS_NEW */
3678
3679
3680 int wpas_network_disabled(struct wpa_supplicant *wpa_s, struct wpa_ssid *ssid)
3681 {
3682 int i;
3683 unsigned int drv_enc;
3684
3685 if (ssid == NULL)
3686 return 1;
3687
3688 if (ssid->disabled)
3689 return 1;
3690
3691 if (wpa_s && wpa_s->drv_capa_known)
3692 drv_enc = wpa_s->drv_enc;
3693 else
3694 drv_enc = (unsigned int) -1;
3695
3696 for (i = 0; i < NUM_WEP_KEYS; i++) {
3697 size_t len = ssid->wep_key_len[i];
3698 if (len == 0)
3699 continue;
3700 if (len == 5 && (drv_enc & WPA_DRIVER_CAPA_ENC_WEP40))
3701 continue;
3702 if (len == 13 && (drv_enc & WPA_DRIVER_CAPA_ENC_WEP104))
3703 continue;
3704 if (len == 16 && (drv_enc & WPA_DRIVER_CAPA_ENC_WEP128))
3705 continue;
3706 return 1; /* invalid WEP key */
3707 }
3708
3709 if (wpa_key_mgmt_wpa_psk(ssid->key_mgmt) && !ssid->psk_set &&
3710 !ssid->ext_psk)
3711 return 1;
3712
3713 return 0;
3714 }
3715
3716
3717 int wpas_is_p2p_prioritized(struct wpa_supplicant *wpa_s)
3718 {
3719 if (wpa_s->global->conc_pref == WPA_CONC_PREF_P2P)
3720 return 1;
3721 if (wpa_s->global->conc_pref == WPA_CONC_PREF_STA)
3722 return 0;
3723 return -1;
3724 }
3725
3726
3727 void wpas_auth_failed(struct wpa_supplicant *wpa_s)
3728 {
3729 struct wpa_ssid *ssid = wpa_s->current_ssid;
3730 int dur;
3731 struct os_time now;
3732
3733 if (ssid == NULL) {
3734 wpa_printf(MSG_DEBUG, "Authentication failure but no known "
3735 "SSID block");
3736 return;
3737 }
3738
3739 if (ssid->key_mgmt == WPA_KEY_MGMT_WPS)
3740 return;
3741
3742 ssid->auth_failures++;
3743 if (ssid->auth_failures > 50)
3744 dur = 300;
3745 else if (ssid->auth_failures > 20)
3746 dur = 120;
3747 else if (ssid->auth_failures > 10)
3748 dur = 60;
3749 else if (ssid->auth_failures > 5)
3750 dur = 30;
3751 else if (ssid->auth_failures > 1)
3752 dur = 20;
3753 else
3754 dur = 10;
3755
3756 os_get_time(&now);
3757 if (now.sec + dur <= ssid->disabled_until.sec)
3758 return;
3759
3760 ssid->disabled_until.sec = now.sec + dur;
3761
3762 wpa_msg(wpa_s, MSG_INFO, WPA_EVENT_TEMP_DISABLED
3763 "id=%d ssid=\"%s\" auth_failures=%u duration=%d",
3764 ssid->id, wpa_ssid_txt(ssid->ssid, ssid->ssid_len),
3765 ssid->auth_failures, dur);
3766 }
3767
3768
3769 void wpas_clear_temp_disabled(struct wpa_supplicant *wpa_s,
3770 struct wpa_ssid *ssid, int clear_failures)
3771 {
3772 if (ssid == NULL)
3773 return;
3774
3775 if (ssid->disabled_until.sec) {
3776 wpa_msg(wpa_s, MSG_INFO, WPA_EVENT_REENABLED
3777 "id=%d ssid=\"%s\"",
3778 ssid->id, wpa_ssid_txt(ssid->ssid, ssid->ssid_len));
3779 }
3780 ssid->disabled_until.sec = 0;
3781 ssid->disabled_until.usec = 0;
3782 if (clear_failures)
3783 ssid->auth_failures = 0;
3784 }
3785
3786
3787 int disallowed_bssid(struct wpa_supplicant *wpa_s, const u8 *bssid)
3788 {
3789 size_t i;
3790
3791 if (wpa_s->disallow_aps_bssid == NULL)
3792 return 0;
3793
3794 for (i = 0; i < wpa_s->disallow_aps_bssid_count; i++) {
3795 if (os_memcmp(wpa_s->disallow_aps_bssid + i * ETH_ALEN,
3796 bssid, ETH_ALEN) == 0)
3797 return 1;
3798 }
3799
3800 return 0;
3801 }
3802
3803
3804 int disallowed_ssid(struct wpa_supplicant *wpa_s, const u8 *ssid,
3805 size_t ssid_len)
3806 {
3807 size_t i;
3808
3809 if (wpa_s->disallow_aps_ssid == NULL || ssid == NULL)
3810 return 0;
3811
3812 for (i = 0; i < wpa_s->disallow_aps_ssid_count; i++) {
3813 struct wpa_ssid_value *s = &wpa_s->disallow_aps_ssid[i];
3814 if (ssid_len == s->ssid_len &&
3815 os_memcmp(ssid, s->ssid, ssid_len) == 0)
3816 return 1;
3817 }
3818
3819 return 0;
3820 }
3821
3822
3823 /**
3824 * wpas_request_connection - Request a new connection
3825 * @wpa_s: Pointer to the network interface
3826 *
3827 * This function is used to request a new connection to be found. It will mark
3828 * the interface to allow reassociation and request a new scan to find a
3829 * suitable network to connect to.
3830 */
3831 void wpas_request_connection(struct wpa_supplicant *wpa_s)
3832 {
3833 wpa_s->normal_scans = 0;
3834 wpa_supplicant_reinit_autoscan(wpa_s);
3835 wpa_s->extra_blacklist_count = 0;
3836 wpa_s->disconnected = 0;
3837 wpa_s->reassociate = 1;
3838
3839 if (wpa_supplicant_fast_associate(wpa_s) != 1)
3840 wpa_supplicant_req_scan(wpa_s, 0, 0);
3841 }
Unnamed repository; edit this file 'description' to name the repository.