]> git.ipfire.org Git - thirdparty/hostap.git/blob - wpa_supplicant/wpa_supplicant.c
projects / thirdparty / hostap.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Allow RSNE in EAPOL-Key msg 2/4 to be overridden for testing purposes
[thirdparty/hostap.git] / wpa_supplicant / wpa_supplicant.c
1 /*
2 * WPA Supplicant
3 * Copyright (c) 2003-2019, Jouni Malinen <j@w1.fi>
4 *
5 * This software may be distributed under the terms of the BSD license.
6 * See README for more details.
7 *
8 * This file implements functions for registering and unregistering
9 * %wpa_supplicant interfaces. In addition, this file contains number of
10 * functions for managing network connections.
11 */
12
13 #include "includes.h"
14 #ifdef CONFIG_MATCH_IFACE
15 #include <net/if.h>
16 #include <fnmatch.h>
17 #endif /* CONFIG_MATCH_IFACE */
18
19 #include "common.h"
20 #include "crypto/random.h"
21 #include "crypto/sha1.h"
22 #include "eapol_supp/eapol_supp_sm.h"
23 #include "eap_peer/eap.h"
24 #include "eap_peer/eap_proxy.h"
25 #include "eap_server/eap_methods.h"
26 #include "rsn_supp/wpa.h"
27 #include "eloop.h"
28 #include "config.h"
29 #include "utils/ext_password.h"
30 #include "l2_packet/l2_packet.h"
31 #include "wpa_supplicant_i.h"
32 #include "driver_i.h"
33 #include "ctrl_iface.h"
34 #include "pcsc_funcs.h"
35 #include "common/version.h"
36 #include "rsn_supp/preauth.h"
37 #include "rsn_supp/pmksa_cache.h"
38 #include "common/wpa_ctrl.h"
39 #include "common/ieee802_11_common.h"
40 #include "common/ieee802_11_defs.h"
41 #include "common/hw_features_common.h"
42 #include "common/gas_server.h"
43 #include "common/dpp.h"
44 #include "p2p/p2p.h"
45 #include "fst/fst.h"
46 #include "blacklist.h"
47 #include "wpas_glue.h"
48 #include "wps_supplicant.h"
49 #include "ibss_rsn.h"
50 #include "sme.h"
51 #include "gas_query.h"
52 #include "ap.h"
53 #include "p2p_supplicant.h"
54 #include "wifi_display.h"
55 #include "notify.h"
56 #include "bgscan.h"
57 #include "autoscan.h"
58 #include "bss.h"
59 #include "scan.h"
60 #include "offchannel.h"
61 #include "hs20_supplicant.h"
62 #include "wnm_sta.h"
63 #include "wpas_kay.h"
64 #include "mesh.h"
65 #include "dpp_supplicant.h"
66 #ifdef CONFIG_MESH
67 #include "ap/ap_config.h"
68 #include "ap/hostapd.h"
69 #endif /* CONFIG_MESH */
70
71 const char *const wpa_supplicant_version =
72 "wpa_supplicant v" VERSION_STR "\n"
73 "Copyright (c) 2003-2019, Jouni Malinen <j@w1.fi> and contributors";
74
75 const char *const wpa_supplicant_license =
76 "This software may be distributed under the terms of the BSD license.\n"
77 "See README for more details.\n"
78 #ifdef EAP_TLS_OPENSSL
79 "\nThis product includes software developed by the OpenSSL Project\n"
80 "for use in the OpenSSL Toolkit (http://www.openssl.org/)\n"
81 #endif /* EAP_TLS_OPENSSL */
82 ;
83
84 #ifndef CONFIG_NO_STDOUT_DEBUG
85 /* Long text divided into parts in order to fit in C89 strings size limits. */
86 const char *const wpa_supplicant_full_license1 =
87 "";
88 const char *const wpa_supplicant_full_license2 =
89 "This software may be distributed under the terms of the BSD license.\n"
90 "\n"
91 "Redistribution and use in source and binary forms, with or without\n"
92 "modification, are permitted provided that the following conditions are\n"
93 "met:\n"
94 "\n";
95 const char *const wpa_supplicant_full_license3 =
96 "1. Redistributions of source code must retain the above copyright\n"
97 " notice, this list of conditions and the following disclaimer.\n"
98 "\n"
99 "2. Redistributions in binary form must reproduce the above copyright\n"
100 " notice, this list of conditions and the following disclaimer in the\n"
101 " documentation and/or other materials provided with the distribution.\n"
102 "\n";
103 const char *const wpa_supplicant_full_license4 =
104 "3. Neither the name(s) of the above-listed copyright holder(s) nor the\n"
105 " names of its contributors may be used to endorse or promote products\n"
106 " derived from this software without specific prior written permission.\n"
107 "\n"
108 "THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS\n"
109 "\"AS IS\" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT\n"
110 "LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR\n"
111 "A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT\n";
112 const char *const wpa_supplicant_full_license5 =
113 "OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,\n"
114 "SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT\n"
115 "LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,\n"
116 "DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY\n"
117 "THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT\n"
118 "(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE\n"
119 "OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n"
120 "\n";
121 #endif /* CONFIG_NO_STDOUT_DEBUG */
122
123
124 static void wpa_bss_tmp_disallow_timeout(void *eloop_ctx, void *timeout_ctx);
125 #if defined(CONFIG_FILS) && defined(IEEE8021X_EAPOL)
126 static void wpas_update_fils_connect_params(struct wpa_supplicant *wpa_s);
127 #endif /* CONFIG_FILS && IEEE8021X_EAPOL */
128 #ifdef CONFIG_OWE
129 static void wpas_update_owe_connect_params(struct wpa_supplicant *wpa_s);
130 #endif /* CONFIG_OWE */
131
132
133 #ifdef CONFIG_WEP
134 /* Configure default/group WEP keys for static WEP */
135 int wpa_set_wep_keys(struct wpa_supplicant *wpa_s, struct wpa_ssid *ssid)
136 {
137 int i, set = 0;
138
139 for (i = 0; i < NUM_WEP_KEYS; i++) {
140 if (ssid->wep_key_len[i] == 0)
141 continue;
142
143 set = 1;
144 wpa_drv_set_key(wpa_s, WPA_ALG_WEP, NULL,
145 i, i == ssid->wep_tx_keyidx, NULL, 0,
146 ssid->wep_key[i], ssid->wep_key_len[i],
147 i == ssid->wep_tx_keyidx ?
148 KEY_FLAG_GROUP_RX_TX_DEFAULT :
149 KEY_FLAG_GROUP_RX_TX);
150 }
151
152 return set;
153 }
154 #endif /* CONFIG_WEP */
155
156
157 int wpa_supplicant_set_wpa_none_key(struct wpa_supplicant *wpa_s,
158 struct wpa_ssid *ssid)
159 {
160 u8 key[32];
161 size_t keylen;
162 enum wpa_alg alg;
163 u8 seq[6] = { 0 };
164 int ret;
165
166 /* IBSS/WPA-None uses only one key (Group) for both receiving and
167 * sending unicast and multicast packets. */
168
169 if (ssid->mode != WPAS_MODE_IBSS) {
170 wpa_msg(wpa_s, MSG_INFO, "WPA: Invalid mode %d (not "
171 "IBSS/ad-hoc) for WPA-None", ssid->mode);
172 return -1;
173 }
174
175 if (!ssid->psk_set) {
176 wpa_msg(wpa_s, MSG_INFO, "WPA: No PSK configured for "
177 "WPA-None");
178 return -1;
179 }
180
181 switch (wpa_s->group_cipher) {
182 case WPA_CIPHER_CCMP:
183 os_memcpy(key, ssid->psk, 16);
184 keylen = 16;
185 alg = WPA_ALG_CCMP;
186 break;
187 case WPA_CIPHER_GCMP:
188 os_memcpy(key, ssid->psk, 16);
189 keylen = 16;
190 alg = WPA_ALG_GCMP;
191 break;
192 case WPA_CIPHER_TKIP:
193 /* WPA-None uses the same Michael MIC key for both TX and RX */
194 os_memcpy(key, ssid->psk, 16 + 8);
195 os_memcpy(key + 16 + 8, ssid->psk + 16, 8);
196 keylen = 32;
197 alg = WPA_ALG_TKIP;
198 break;
199 default:
200 wpa_msg(wpa_s, MSG_INFO, "WPA: Invalid group cipher %d for "
201 "WPA-None", wpa_s->group_cipher);
202 return -1;
203 }
204
205 /* TODO: should actually remember the previously used seq#, both for TX
206 * and RX from each STA.. */
207
208 ret = wpa_drv_set_key(wpa_s, alg, NULL, 0, 1, seq, 6, key, keylen,
209 KEY_FLAG_GROUP_RX_TX_DEFAULT);
210 os_memset(key, 0, sizeof(key));
211 return ret;
212 }
213
214
215 static void wpa_supplicant_timeout(void *eloop_ctx, void *timeout_ctx)
216 {
217 struct wpa_supplicant *wpa_s = eloop_ctx;
218 const u8 *bssid = wpa_s->bssid;
219 if (!is_zero_ether_addr(wpa_s->pending_bssid) &&
220 (wpa_s->wpa_state == WPA_AUTHENTICATING ||
221 wpa_s->wpa_state == WPA_ASSOCIATING))
222 bssid = wpa_s->pending_bssid;
223 wpa_msg(wpa_s, MSG_INFO, "Authentication with " MACSTR " timed out.",
224 MAC2STR(bssid));
225 wpa_blacklist_add(wpa_s, bssid);
226 wpa_sm_notify_disassoc(wpa_s->wpa);
227 wpa_supplicant_deauthenticate(wpa_s, WLAN_REASON_DEAUTH_LEAVING);
228 wpa_s->reassociate = 1;
229
230 /*
231 * If we timed out, the AP or the local radio may be busy.
232 * So, wait a second until scanning again.
233 */
234 wpa_supplicant_req_scan(wpa_s, 1, 0);
235 }
236
237
238 /**
239 * wpa_supplicant_req_auth_timeout - Schedule a timeout for authentication
240 * @wpa_s: Pointer to wpa_supplicant data
241 * @sec: Number of seconds after which to time out authentication
242 * @usec: Number of microseconds after which to time out authentication
243 *
244 * This function is used to schedule a timeout for the current authentication
245 * attempt.
246 */
247 void wpa_supplicant_req_auth_timeout(struct wpa_supplicant *wpa_s,
248 int sec, int usec)
249 {
250 if (wpa_s->conf->ap_scan == 0 &&
251 (wpa_s->drv_flags & WPA_DRIVER_FLAGS_WIRED))
252 return;
253
254 wpa_dbg(wpa_s, MSG_DEBUG, "Setting authentication timeout: %d sec "
255 "%d usec", sec, usec);
256 eloop_cancel_timeout(wpa_supplicant_timeout, wpa_s, NULL);
257 wpa_s->last_auth_timeout_sec = sec;
258 eloop_register_timeout(sec, usec, wpa_supplicant_timeout, wpa_s, NULL);
259 }
260
261
262 /*
263 * wpas_auth_timeout_restart - Restart and change timeout for authentication
264 * @wpa_s: Pointer to wpa_supplicant data
265 * @sec_diff: difference in seconds applied to original timeout value
266 */
267 void wpas_auth_timeout_restart(struct wpa_supplicant *wpa_s, int sec_diff)
268 {
269 int new_sec = wpa_s->last_auth_timeout_sec + sec_diff;
270
271 if (eloop_is_timeout_registered(wpa_supplicant_timeout, wpa_s, NULL)) {
272 wpa_dbg(wpa_s, MSG_DEBUG,
273 "Authentication timeout restart: %d sec", new_sec);
274 eloop_cancel_timeout(wpa_supplicant_timeout, wpa_s, NULL);
275 eloop_register_timeout(new_sec, 0, wpa_supplicant_timeout,
276 wpa_s, NULL);
277 }
278 }
279
280
281 /**
282 * wpa_supplicant_cancel_auth_timeout - Cancel authentication timeout
283 * @wpa_s: Pointer to wpa_supplicant data
284 *
285 * This function is used to cancel authentication timeout scheduled with
286 * wpa_supplicant_req_auth_timeout() and it is called when authentication has
287 * been completed.
288 */
289 void wpa_supplicant_cancel_auth_timeout(struct wpa_supplicant *wpa_s)
290 {
291 wpa_dbg(wpa_s, MSG_DEBUG, "Cancelling authentication timeout");
292 eloop_cancel_timeout(wpa_supplicant_timeout, wpa_s, NULL);
293 wpa_blacklist_del(wpa_s, wpa_s->bssid);
294 os_free(wpa_s->last_con_fail_realm);
295 wpa_s->last_con_fail_realm = NULL;
296 wpa_s->last_con_fail_realm_len = 0;
297 }
298
299
300 /**
301 * wpa_supplicant_initiate_eapol - Configure EAPOL state machine
302 * @wpa_s: Pointer to wpa_supplicant data
303 *
304 * This function is used to configure EAPOL state machine based on the selected
305 * authentication mode.
306 */
307 void wpa_supplicant_initiate_eapol(struct wpa_supplicant *wpa_s)
308 {
309 #ifdef IEEE8021X_EAPOL
310 struct eapol_config eapol_conf;
311 struct wpa_ssid *ssid = wpa_s->current_ssid;
312
313 #ifdef CONFIG_IBSS_RSN
314 if (ssid->mode == WPAS_MODE_IBSS &&
315 wpa_s->key_mgmt != WPA_KEY_MGMT_NONE &&
316 wpa_s->key_mgmt != WPA_KEY_MGMT_WPA_NONE) {
317 /*
318 * RSN IBSS authentication is per-STA and we can disable the
319 * per-BSSID EAPOL authentication.
320 */
321 eapol_sm_notify_portControl(wpa_s->eapol, ForceAuthorized);
322 eapol_sm_notify_eap_success(wpa_s->eapol, TRUE);
323 eapol_sm_notify_eap_fail(wpa_s->eapol, FALSE);
324 return;
325 }
326 #endif /* CONFIG_IBSS_RSN */
327
328 eapol_sm_notify_eap_success(wpa_s->eapol, FALSE);
329 eapol_sm_notify_eap_fail(wpa_s->eapol, FALSE);
330
331 if (wpa_s->key_mgmt == WPA_KEY_MGMT_NONE ||
332 wpa_s->key_mgmt == WPA_KEY_MGMT_WPA_NONE)
333 eapol_sm_notify_portControl(wpa_s->eapol, ForceAuthorized);
334 else
335 eapol_sm_notify_portControl(wpa_s->eapol, Auto);
336
337 os_memset(&eapol_conf, 0, sizeof(eapol_conf));
338 if (wpa_s->key_mgmt == WPA_KEY_MGMT_IEEE8021X_NO_WPA) {
339 eapol_conf.accept_802_1x_keys = 1;
340 eapol_conf.required_keys = 0;
341 if (ssid->eapol_flags & EAPOL_FLAG_REQUIRE_KEY_UNICAST) {
342 eapol_conf.required_keys |= EAPOL_REQUIRE_KEY_UNICAST;
343 }
344 if (ssid->eapol_flags & EAPOL_FLAG_REQUIRE_KEY_BROADCAST) {
345 eapol_conf.required_keys |=
346 EAPOL_REQUIRE_KEY_BROADCAST;
347 }
348
349 if (wpa_s->drv_flags & WPA_DRIVER_FLAGS_WIRED)
350 eapol_conf.required_keys = 0;
351 }
352 eapol_conf.fast_reauth = wpa_s->conf->fast_reauth;
353 eapol_conf.workaround = ssid->eap_workaround;
354 eapol_conf.eap_disabled =
355 !wpa_key_mgmt_wpa_ieee8021x(wpa_s->key_mgmt) &&
356 wpa_s->key_mgmt != WPA_KEY_MGMT_IEEE8021X_NO_WPA &&
357 wpa_s->key_mgmt != WPA_KEY_MGMT_WPS;
358 eapol_conf.external_sim = wpa_s->conf->external_sim;
359
360 #ifdef CONFIG_WPS
361 if (wpa_s->key_mgmt == WPA_KEY_MGMT_WPS) {
362 eapol_conf.wps |= EAPOL_LOCAL_WPS_IN_USE;
363 if (wpa_s->current_bss) {
364 struct wpabuf *ie;
365 ie = wpa_bss_get_vendor_ie_multi(wpa_s->current_bss,
366 WPS_IE_VENDOR_TYPE);
367 if (ie) {
368 if (wps_is_20(ie))
369 eapol_conf.wps |=
370 EAPOL_PEER_IS_WPS20_AP;
371 wpabuf_free(ie);
372 }
373 }
374 }
375 #endif /* CONFIG_WPS */
376
377 eapol_sm_notify_config(wpa_s->eapol, &ssid->eap, &eapol_conf);
378
379 #ifdef CONFIG_MACSEC
380 if (wpa_s->key_mgmt == WPA_KEY_MGMT_NONE && ssid->mka_psk_set)
381 ieee802_1x_create_preshared_mka(wpa_s, ssid);
382 else
383 ieee802_1x_alloc_kay_sm(wpa_s, ssid);
384 #endif /* CONFIG_MACSEC */
385 #endif /* IEEE8021X_EAPOL */
386 }
387
388
389 /**
390 * wpa_supplicant_set_non_wpa_policy - Set WPA parameters to non-WPA mode
391 * @wpa_s: Pointer to wpa_supplicant data
392 * @ssid: Configuration data for the network
393 *
394 * This function is used to configure WPA state machine and related parameters
395 * to a mode where WPA is not enabled. This is called as part of the
396 * authentication configuration when the selected network does not use WPA.
397 */
398 void wpa_supplicant_set_non_wpa_policy(struct wpa_supplicant *wpa_s,
399 struct wpa_ssid *ssid)
400 {
401 #ifdef CONFIG_WEP
402 int i;
403 #endif /* CONFIG_WEP */
404
405 if (ssid->key_mgmt & WPA_KEY_MGMT_WPS)
406 wpa_s->key_mgmt = WPA_KEY_MGMT_WPS;
407 else if (ssid->key_mgmt & WPA_KEY_MGMT_IEEE8021X_NO_WPA)
408 wpa_s->key_mgmt = WPA_KEY_MGMT_IEEE8021X_NO_WPA;
409 else
410 wpa_s->key_mgmt = WPA_KEY_MGMT_NONE;
411 wpa_sm_set_ap_wpa_ie(wpa_s->wpa, NULL, 0);
412 wpa_sm_set_ap_rsn_ie(wpa_s->wpa, NULL, 0);
413 wpa_sm_set_ap_rsnxe(wpa_s->wpa, NULL, 0);
414 wpa_sm_set_assoc_wpa_ie(wpa_s->wpa, NULL, 0);
415 wpa_sm_set_assoc_rsnxe(wpa_s->wpa, NULL, 0);
416 wpa_s->rsnxe_len = 0;
417 wpa_s->pairwise_cipher = WPA_CIPHER_NONE;
418 wpa_s->group_cipher = WPA_CIPHER_NONE;
419 wpa_s->mgmt_group_cipher = 0;
420
421 #ifdef CONFIG_WEP
422 for (i = 0; i < NUM_WEP_KEYS; i++) {
423 if (ssid->wep_key_len[i] > 5) {
424 wpa_s->pairwise_cipher = WPA_CIPHER_WEP104;
425 wpa_s->group_cipher = WPA_CIPHER_WEP104;
426 break;
427 } else if (ssid->wep_key_len[i] > 0) {
428 wpa_s->pairwise_cipher = WPA_CIPHER_WEP40;
429 wpa_s->group_cipher = WPA_CIPHER_WEP40;
430 break;
431 }
432 }
433 #endif /* CONFIG_WEP */
434
435 wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_RSN_ENABLED, 0);
436 wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_KEY_MGMT, wpa_s->key_mgmt);
437 wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_PAIRWISE,
438 wpa_s->pairwise_cipher);
439 wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_GROUP, wpa_s->group_cipher);
440 wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_MGMT_GROUP,
441 wpa_s->mgmt_group_cipher);
442
443 pmksa_cache_clear_current(wpa_s->wpa);
444 }
445
446
447 void free_hw_features(struct wpa_supplicant *wpa_s)
448 {
449 int i;
450 if (wpa_s->hw.modes == NULL)
451 return;
452
453 for (i = 0; i < wpa_s->hw.num_modes; i++) {
454 os_free(wpa_s->hw.modes[i].channels);
455 os_free(wpa_s->hw.modes[i].rates);
456 }
457
458 os_free(wpa_s->hw.modes);
459 wpa_s->hw.modes = NULL;
460 }
461
462
463 void free_bss_tmp_disallowed(struct wpa_supplicant *wpa_s)
464 {
465 struct wpa_bss_tmp_disallowed *bss, *prev;
466
467 dl_list_for_each_safe(bss, prev, &wpa_s->bss_tmp_disallowed,
468 struct wpa_bss_tmp_disallowed, list) {
469 eloop_cancel_timeout(wpa_bss_tmp_disallow_timeout, wpa_s, bss);
470 dl_list_del(&bss->list);
471 os_free(bss);
472 }
473 }
474
475
476 void wpas_flush_fils_hlp_req(struct wpa_supplicant *wpa_s)
477 {
478 struct fils_hlp_req *req;
479
480 while ((req = dl_list_first(&wpa_s->fils_hlp_req, struct fils_hlp_req,
481 list)) != NULL) {
482 dl_list_del(&req->list);
483 wpabuf_free(req->pkt);
484 os_free(req);
485 }
486 }
487
488
489 void wpas_clear_disabled_interface(void *eloop_ctx, void *timeout_ctx)
490 {
491 struct wpa_supplicant *wpa_s = eloop_ctx;
492
493 if (wpa_s->wpa_state != WPA_INTERFACE_DISABLED)
494 return;
495 wpa_dbg(wpa_s, MSG_DEBUG, "Clear cached state on disabled interface");
496 wpa_bss_flush(wpa_s);
497 }
498
499
500 #ifdef CONFIG_TESTING_OPTIONS
501 void wpas_clear_driver_signal_override(struct wpa_supplicant *wpa_s)
502 {
503 struct driver_signal_override *dso;
504
505 while ((dso = dl_list_first(&wpa_s->drv_signal_override,
506 struct driver_signal_override, list))) {
507 dl_list_del(&dso->list);
508 os_free(dso);
509 }
510 }
511 #endif /* CONFIG_TESTING_OPTIONS */
512
513
514 static void wpa_supplicant_cleanup(struct wpa_supplicant *wpa_s)
515 {
516 int i;
517
518 bgscan_deinit(wpa_s);
519 autoscan_deinit(wpa_s);
520 scard_deinit(wpa_s->scard);
521 wpa_s->scard = NULL;
522 wpa_sm_set_scard_ctx(wpa_s->wpa, NULL);
523 eapol_sm_register_scard_ctx(wpa_s->eapol, NULL);
524 l2_packet_deinit(wpa_s->l2);
525 wpa_s->l2 = NULL;
526 if (wpa_s->l2_br) {
527 l2_packet_deinit(wpa_s->l2_br);
528 wpa_s->l2_br = NULL;
529 }
530 #ifdef CONFIG_TESTING_OPTIONS
531 l2_packet_deinit(wpa_s->l2_test);
532 wpa_s->l2_test = NULL;
533 os_free(wpa_s->get_pref_freq_list_override);
534 wpa_s->get_pref_freq_list_override = NULL;
535 wpabuf_free(wpa_s->last_assoc_req_wpa_ie);
536 wpa_s->last_assoc_req_wpa_ie = NULL;
537 os_free(wpa_s->extra_sae_rejected_groups);
538 wpa_s->extra_sae_rejected_groups = NULL;
539 wpabuf_free(wpa_s->rsne_override_eapol);
540 wpa_s->rsne_override_eapol = NULL;
541 wpabuf_free(wpa_s->rsnxe_override_assoc);
542 wpa_s->rsnxe_override_assoc = NULL;
543 wpabuf_free(wpa_s->rsnxe_override_eapol);
544 wpa_s->rsnxe_override_eapol = NULL;
545 wpas_clear_driver_signal_override(wpa_s);
546 #endif /* CONFIG_TESTING_OPTIONS */
547
548 if (wpa_s->conf != NULL) {
549 struct wpa_ssid *ssid;
550 for (ssid = wpa_s->conf->ssid; ssid; ssid = ssid->next)
551 wpas_notify_network_removed(wpa_s, ssid);
552 }
553
554 os_free(wpa_s->confname);
555 wpa_s->confname = NULL;
556
557 os_free(wpa_s->confanother);
558 wpa_s->confanother = NULL;
559
560 os_free(wpa_s->last_con_fail_realm);
561 wpa_s->last_con_fail_realm = NULL;
562 wpa_s->last_con_fail_realm_len = 0;
563
564 wpa_sm_set_eapol(wpa_s->wpa, NULL);
565 eapol_sm_deinit(wpa_s->eapol);
566 wpa_s->eapol = NULL;
567
568 rsn_preauth_deinit(wpa_s->wpa);
569
570 #ifdef CONFIG_TDLS
571 wpa_tdls_deinit(wpa_s->wpa);
572 #endif /* CONFIG_TDLS */
573
574 wmm_ac_clear_saved_tspecs(wpa_s);
575 pmksa_candidate_free(wpa_s->wpa);
576 wpa_sm_deinit(wpa_s->wpa);
577 wpa_s->wpa = NULL;
578 wpa_blacklist_clear(wpa_s);
579
580 wpa_bss_deinit(wpa_s);
581
582 wpa_supplicant_cancel_delayed_sched_scan(wpa_s);
583 wpa_supplicant_cancel_scan(wpa_s);
584 wpa_supplicant_cancel_auth_timeout(wpa_s);
585 eloop_cancel_timeout(wpa_supplicant_stop_countermeasures, wpa_s, NULL);
586 #ifdef CONFIG_DELAYED_MIC_ERROR_REPORT
587 eloop_cancel_timeout(wpa_supplicant_delayed_mic_error_report,
588 wpa_s, NULL);
589 #endif /* CONFIG_DELAYED_MIC_ERROR_REPORT */
590
591 eloop_cancel_timeout(wpas_network_reenabled, wpa_s, NULL);
592 eloop_cancel_timeout(wpas_clear_disabled_interface, wpa_s, NULL);
593
594 wpas_wps_deinit(wpa_s);
595
596 wpabuf_free(wpa_s->pending_eapol_rx);
597 wpa_s->pending_eapol_rx = NULL;
598
599 #ifdef CONFIG_IBSS_RSN
600 ibss_rsn_deinit(wpa_s->ibss_rsn);
601 wpa_s->ibss_rsn = NULL;
602 #endif /* CONFIG_IBSS_RSN */
603
604 sme_deinit(wpa_s);
605
606 #ifdef CONFIG_AP
607 wpa_supplicant_ap_deinit(wpa_s);
608 #endif /* CONFIG_AP */
609
610 wpas_p2p_deinit(wpa_s);
611
612 #ifdef CONFIG_OFFCHANNEL
613 offchannel_deinit(wpa_s);
614 #endif /* CONFIG_OFFCHANNEL */
615
616 wpa_supplicant_cancel_sched_scan(wpa_s);
617
618 os_free(wpa_s->next_scan_freqs);
619 wpa_s->next_scan_freqs = NULL;
620
621 os_free(wpa_s->manual_scan_freqs);
622 wpa_s->manual_scan_freqs = NULL;
623 os_free(wpa_s->select_network_scan_freqs);
624 wpa_s->select_network_scan_freqs = NULL;
625
626 os_free(wpa_s->manual_sched_scan_freqs);
627 wpa_s->manual_sched_scan_freqs = NULL;
628
629 wpas_mac_addr_rand_scan_clear(wpa_s, MAC_ADDR_RAND_ALL);
630
631 /*
632 * Need to remove any pending gas-query radio work before the
633 * gas_query_deinit() call because gas_query::work has not yet been set
634 * for works that have not been started. gas_query_free() will be unable
635 * to cancel such pending radio works and once the pending gas-query
636 * radio work eventually gets removed, the deinit notification call to
637 * gas_query_start_cb() would result in dereferencing freed memory.
638 */
639 if (wpa_s->radio)
640 radio_remove_works(wpa_s, "gas-query", 0);
641 gas_query_deinit(wpa_s->gas);
642 wpa_s->gas = NULL;
643 gas_server_deinit(wpa_s->gas_server);
644 wpa_s->gas_server = NULL;
645
646 free_hw_features(wpa_s);
647
648 ieee802_1x_dealloc_kay_sm(wpa_s);
649
650 os_free(wpa_s->bssid_filter);
651 wpa_s->bssid_filter = NULL;
652
653 os_free(wpa_s->disallow_aps_bssid);
654 wpa_s->disallow_aps_bssid = NULL;
655 os_free(wpa_s->disallow_aps_ssid);
656 wpa_s->disallow_aps_ssid = NULL;
657
658 wnm_bss_keep_alive_deinit(wpa_s);
659 #ifdef CONFIG_WNM
660 wnm_deallocate_memory(wpa_s);
661 #endif /* CONFIG_WNM */
662
663 ext_password_deinit(wpa_s->ext_pw);
664 wpa_s->ext_pw = NULL;
665
666 wpabuf_free(wpa_s->last_gas_resp);
667 wpa_s->last_gas_resp = NULL;
668 wpabuf_free(wpa_s->prev_gas_resp);
669 wpa_s->prev_gas_resp = NULL;
670
671 os_free(wpa_s->last_scan_res);
672 wpa_s->last_scan_res = NULL;
673
674 #ifdef CONFIG_HS20
675 if (wpa_s->drv_priv)
676 wpa_drv_configure_frame_filters(wpa_s, 0);
677 hs20_deinit(wpa_s);
678 #endif /* CONFIG_HS20 */
679
680 for (i = 0; i < NUM_VENDOR_ELEM_FRAMES; i++) {
681 wpabuf_free(wpa_s->vendor_elem[i]);
682 wpa_s->vendor_elem[i] = NULL;
683 }
684
685 wmm_ac_notify_disassoc(wpa_s);
686
687 wpa_s->sched_scan_plans_num = 0;
688 os_free(wpa_s->sched_scan_plans);
689 wpa_s->sched_scan_plans = NULL;
690
691 #ifdef CONFIG_MBO
692 wpa_s->non_pref_chan_num = 0;
693 os_free(wpa_s->non_pref_chan);
694 wpa_s->non_pref_chan = NULL;
695 #endif /* CONFIG_MBO */
696
697 free_bss_tmp_disallowed(wpa_s);
698
699 wpabuf_free(wpa_s->lci);
700 wpa_s->lci = NULL;
701 wpas_clear_beacon_rep_data(wpa_s);
702
703 #ifdef CONFIG_PMKSA_CACHE_EXTERNAL
704 #ifdef CONFIG_MESH
705 {
706 struct external_pmksa_cache *entry;
707
708 while ((entry = dl_list_last(&wpa_s->mesh_external_pmksa_cache,
709 struct external_pmksa_cache,
710 list)) != NULL) {
711 dl_list_del(&entry->list);
712 os_free(entry->pmksa_cache);
713 os_free(entry);
714 }
715 }
716 #endif /* CONFIG_MESH */
717 #endif /* CONFIG_PMKSA_CACHE_EXTERNAL */
718
719 wpas_flush_fils_hlp_req(wpa_s);
720
721 wpabuf_free(wpa_s->ric_ies);
722 wpa_s->ric_ies = NULL;
723
724 #ifdef CONFIG_DPP
725 wpas_dpp_deinit(wpa_s);
726 dpp_global_deinit(wpa_s->dpp);
727 wpa_s->dpp = NULL;
728 #endif /* CONFIG_DPP */
729 }
730
731
732 /**
733 * wpa_clear_keys - Clear keys configured for the driver
734 * @wpa_s: Pointer to wpa_supplicant data
735 * @addr: Previously used BSSID or %NULL if not available
736 *
737 * This function clears the encryption keys that has been previously configured
738 * for the driver.
739 */
740 void wpa_clear_keys(struct wpa_supplicant *wpa_s, const u8 *addr)
741 {
742 int i, max = 6;
743
744 /* MLME-DELETEKEYS.request */
745 for (i = 0; i < max; i++) {
746 if (wpa_s->keys_cleared & BIT(i))
747 continue;
748 wpa_drv_set_key(wpa_s, WPA_ALG_NONE, NULL, i, 0, NULL, 0,
749 NULL, 0, KEY_FLAG_GROUP);
750 }
751 if (!(wpa_s->keys_cleared & BIT(0)) && addr &&
752 !is_zero_ether_addr(addr)) {
753 wpa_drv_set_key(wpa_s, WPA_ALG_NONE, addr, 0, 0, NULL, 0, NULL,
754 0, KEY_FLAG_PAIRWISE);
755 /* MLME-SETPROTECTION.request(None) */
756 wpa_drv_mlme_setprotection(
757 wpa_s, addr,
758 MLME_SETPROTECTION_PROTECT_TYPE_NONE,
759 MLME_SETPROTECTION_KEY_TYPE_PAIRWISE);
760 }
761 wpa_s->keys_cleared = (u32) -1;
762 }
763
764
765 /**
766 * wpa_supplicant_state_txt - Get the connection state name as a text string
767 * @state: State (wpa_state; WPA_*)
768 * Returns: The state name as a printable text string
769 */
770 const char * wpa_supplicant_state_txt(enum wpa_states state)
771 {
772 switch (state) {
773 case WPA_DISCONNECTED:
774 return "DISCONNECTED";
775 case WPA_INACTIVE:
776 return "INACTIVE";
777 case WPA_INTERFACE_DISABLED:
778 return "INTERFACE_DISABLED";
779 case WPA_SCANNING:
780 return "SCANNING";
781 case WPA_AUTHENTICATING:
782 return "AUTHENTICATING";
783 case WPA_ASSOCIATING:
784 return "ASSOCIATING";
785 case WPA_ASSOCIATED:
786 return "ASSOCIATED";
787 case WPA_4WAY_HANDSHAKE:
788 return "4WAY_HANDSHAKE";
789 case WPA_GROUP_HANDSHAKE:
790 return "GROUP_HANDSHAKE";
791 case WPA_COMPLETED:
792 return "COMPLETED";
793 default:
794 return "UNKNOWN";
795 }
796 }
797
798
799 #ifdef CONFIG_BGSCAN
800
801 static void wpa_supplicant_start_bgscan(struct wpa_supplicant *wpa_s)
802 {
803 const char *name;
804
805 if (wpa_s->current_ssid && wpa_s->current_ssid->bgscan)
806 name = wpa_s->current_ssid->bgscan;
807 else
808 name = wpa_s->conf->bgscan;
809 if (name == NULL || name[0] == '\0')
810 return;
811 if (wpas_driver_bss_selection(wpa_s))
812 return;
813 if (wpa_s->current_ssid == wpa_s->bgscan_ssid)
814 return;
815 #ifdef CONFIG_P2P
816 if (wpa_s->p2p_group_interface != NOT_P2P_GROUP_INTERFACE)
817 return;
818 #endif /* CONFIG_P2P */
819
820 bgscan_deinit(wpa_s);
821 if (wpa_s->current_ssid) {
822 if (bgscan_init(wpa_s, wpa_s->current_ssid, name)) {
823 wpa_dbg(wpa_s, MSG_DEBUG, "Failed to initialize "
824 "bgscan");
825 /*
826 * Live without bgscan; it is only used as a roaming
827 * optimization, so the initial connection is not
828 * affected.
829 */
830 } else {
831 struct wpa_scan_results *scan_res;
832 wpa_s->bgscan_ssid = wpa_s->current_ssid;
833 scan_res = wpa_supplicant_get_scan_results(wpa_s, NULL,
834 0);
835 if (scan_res) {
836 bgscan_notify_scan(wpa_s, scan_res);
837 wpa_scan_results_free(scan_res);
838 }
839 }
840 } else
841 wpa_s->bgscan_ssid = NULL;
842 }
843
844
845 static void wpa_supplicant_stop_bgscan(struct wpa_supplicant *wpa_s)
846 {
847 if (wpa_s->bgscan_ssid != NULL) {
848 bgscan_deinit(wpa_s);
849 wpa_s->bgscan_ssid = NULL;
850 }
851 }
852
853 #endif /* CONFIG_BGSCAN */
854
855
856 static void wpa_supplicant_start_autoscan(struct wpa_supplicant *wpa_s)
857 {
858 if (autoscan_init(wpa_s, 0))
859 wpa_dbg(wpa_s, MSG_DEBUG, "Failed to initialize autoscan");
860 }
861
862
863 static void wpa_supplicant_stop_autoscan(struct wpa_supplicant *wpa_s)
864 {
865 autoscan_deinit(wpa_s);
866 }
867
868
869 void wpa_supplicant_reinit_autoscan(struct wpa_supplicant *wpa_s)
870 {
871 if (wpa_s->wpa_state == WPA_DISCONNECTED ||
872 wpa_s->wpa_state == WPA_SCANNING) {
873 autoscan_deinit(wpa_s);
874 wpa_supplicant_start_autoscan(wpa_s);
875 }
876 }
877
878
879 /**
880 * wpa_supplicant_set_state - Set current connection state
881 * @wpa_s: Pointer to wpa_supplicant data
882 * @state: The new connection state
883 *
884 * This function is called whenever the connection state changes, e.g.,
885 * association is completed for WPA/WPA2 4-Way Handshake is started.
886 */
887 void wpa_supplicant_set_state(struct wpa_supplicant *wpa_s,
888 enum wpa_states state)
889 {
890 enum wpa_states old_state = wpa_s->wpa_state;
891 #if defined(CONFIG_FILS) && defined(IEEE8021X_EAPOL)
892 Boolean update_fils_connect_params = FALSE;
893 #endif /* CONFIG_FILS && IEEE8021X_EAPOL */
894
895 wpa_dbg(wpa_s, MSG_DEBUG, "State: %s -> %s",
896 wpa_supplicant_state_txt(wpa_s->wpa_state),
897 wpa_supplicant_state_txt(state));
898
899 if (state == WPA_COMPLETED &&
900 os_reltime_initialized(&wpa_s->roam_start)) {
901 os_reltime_age(&wpa_s->roam_start, &wpa_s->roam_time);
902 wpa_s->roam_start.sec = 0;
903 wpa_s->roam_start.usec = 0;
904 wpas_notify_auth_changed(wpa_s);
905 wpas_notify_roam_time(wpa_s);
906 wpas_notify_roam_complete(wpa_s);
907 } else if (state == WPA_DISCONNECTED &&
908 os_reltime_initialized(&wpa_s->roam_start)) {
909 wpa_s->roam_start.sec = 0;
910 wpa_s->roam_start.usec = 0;
911 wpa_s->roam_time.sec = 0;
912 wpa_s->roam_time.usec = 0;
913 wpas_notify_roam_complete(wpa_s);
914 }
915
916 if (state == WPA_INTERFACE_DISABLED) {
917 /* Assure normal scan when interface is restored */
918 wpa_s->normal_scans = 0;
919 }
920
921 if (state == WPA_COMPLETED) {
922 wpas_connect_work_done(wpa_s);
923 /* Reinitialize normal_scan counter */
924 wpa_s->normal_scans = 0;
925 }
926
927 #ifdef CONFIG_P2P
928 /*
929 * P2PS client has to reply to Probe Request frames received on the
930 * group operating channel. Enable Probe Request frame reporting for
931 * P2P connected client in case p2p_cli_probe configuration property is
932 * set to 1.
933 */
934 if (wpa_s->conf->p2p_cli_probe && wpa_s->current_ssid &&
935 wpa_s->current_ssid->mode == WPAS_MODE_INFRA &&
936 wpa_s->current_ssid->p2p_group) {
937 if (state == WPA_COMPLETED && !wpa_s->p2p_cli_probe) {
938 wpa_dbg(wpa_s, MSG_DEBUG,
939 "P2P: Enable CLI Probe Request RX reporting");
940 wpa_s->p2p_cli_probe =
941 wpa_drv_probe_req_report(wpa_s, 1) >= 0;
942 } else if (state != WPA_COMPLETED && wpa_s->p2p_cli_probe) {
943 wpa_dbg(wpa_s, MSG_DEBUG,
944 "P2P: Disable CLI Probe Request RX reporting");
945 wpa_s->p2p_cli_probe = 0;
946 wpa_drv_probe_req_report(wpa_s, 0);
947 }
948 }
949 #endif /* CONFIG_P2P */
950
951 if (state != WPA_SCANNING)
952 wpa_supplicant_notify_scanning(wpa_s, 0);
953
954 if (state == WPA_COMPLETED && wpa_s->new_connection) {
955 struct wpa_ssid *ssid = wpa_s->current_ssid;
956 int fils_hlp_sent = 0;
957
958 #ifdef CONFIG_SME
959 if ((wpa_s->drv_flags & WPA_DRIVER_FLAGS_SME) &&
960 wpa_auth_alg_fils(wpa_s->sme.auth_alg))
961 fils_hlp_sent = 1;
962 #endif /* CONFIG_SME */
963 if (!(wpa_s->drv_flags & WPA_DRIVER_FLAGS_SME) &&
964 wpa_auth_alg_fils(wpa_s->auth_alg))
965 fils_hlp_sent = 1;
966
967 #if defined(CONFIG_CTRL_IFACE) || !defined(CONFIG_NO_STDOUT_DEBUG)
968 wpa_msg(wpa_s, MSG_INFO, WPA_EVENT_CONNECTED "- Connection to "
969 MACSTR " completed [id=%d id_str=%s%s]",
970 MAC2STR(wpa_s->bssid),
971 ssid ? ssid->id : -1,
972 ssid && ssid->id_str ? ssid->id_str : "",
973 fils_hlp_sent ? " FILS_HLP_SENT" : "");
974 #endif /* CONFIG_CTRL_IFACE || !CONFIG_NO_STDOUT_DEBUG */
975 wpas_clear_temp_disabled(wpa_s, ssid, 1);
976 wpa_blacklist_clear(wpa_s);
977 wpa_s->extra_blacklist_count = 0;
978 wpa_s->new_connection = 0;
979 wpa_drv_set_operstate(wpa_s, 1);
980 #ifndef IEEE8021X_EAPOL
981 wpa_drv_set_supp_port(wpa_s, 1);
982 #endif /* IEEE8021X_EAPOL */
983 wpa_s->after_wps = 0;
984 wpa_s->known_wps_freq = 0;
985 wpas_p2p_completed(wpa_s);
986
987 sme_sched_obss_scan(wpa_s, 1);
988
989 #if defined(CONFIG_FILS) && defined(IEEE8021X_EAPOL)
990 if (!fils_hlp_sent && ssid && ssid->eap.erp)
991 update_fils_connect_params = TRUE;
992 #endif /* CONFIG_FILS && IEEE8021X_EAPOL */
993 #ifdef CONFIG_OWE
994 if (ssid && (ssid->key_mgmt & WPA_KEY_MGMT_OWE))
995 wpas_update_owe_connect_params(wpa_s);
996 #endif /* CONFIG_OWE */
997 } else if (state == WPA_DISCONNECTED || state == WPA_ASSOCIATING ||
998 state == WPA_ASSOCIATED) {
999 wpa_s->new_connection = 1;
1000 wpa_drv_set_operstate(wpa_s, 0);
1001 #ifndef IEEE8021X_EAPOL
1002 wpa_drv_set_supp_port(wpa_s, 0);
1003 #endif /* IEEE8021X_EAPOL */
1004 sme_sched_obss_scan(wpa_s, 0);
1005 }
1006 wpa_s->wpa_state = state;
1007
1008 #ifdef CONFIG_BGSCAN
1009 if (state == WPA_COMPLETED)
1010 wpa_supplicant_start_bgscan(wpa_s);
1011 else if (state < WPA_ASSOCIATED)
1012 wpa_supplicant_stop_bgscan(wpa_s);
1013 #endif /* CONFIG_BGSCAN */
1014
1015 if (state > WPA_SCANNING)
1016 wpa_supplicant_stop_autoscan(wpa_s);
1017
1018 if (state == WPA_DISCONNECTED || state == WPA_INACTIVE)
1019 wpa_supplicant_start_autoscan(wpa_s);
1020
1021 if (old_state >= WPA_ASSOCIATED && wpa_s->wpa_state < WPA_ASSOCIATED)
1022 wmm_ac_notify_disassoc(wpa_s);
1023
1024 if (wpa_s->wpa_state != old_state) {
1025 wpas_notify_state_changed(wpa_s, wpa_s->wpa_state, old_state);
1026
1027 /*
1028 * Notify the P2P Device interface about a state change in one
1029 * of the interfaces.
1030 */
1031 wpas_p2p_indicate_state_change(wpa_s);
1032
1033 if (wpa_s->wpa_state == WPA_COMPLETED ||
1034 old_state == WPA_COMPLETED)
1035 wpas_notify_auth_changed(wpa_s);
1036 #ifdef CONFIG_DPP2
1037 if (wpa_s->wpa_state == WPA_COMPLETED)
1038 wpas_dpp_connected(wpa_s);
1039 #endif /* CONFIG_DPP2 */
1040 }
1041 #if defined(CONFIG_FILS) && defined(IEEE8021X_EAPOL)
1042 if (update_fils_connect_params)
1043 wpas_update_fils_connect_params(wpa_s);
1044 #endif /* CONFIG_FILS && IEEE8021X_EAPOL */
1045 }
1046
1047
1048 void wpa_supplicant_terminate_proc(struct wpa_global *global)
1049 {
1050 int pending = 0;
1051 #ifdef CONFIG_WPS
1052 struct wpa_supplicant *wpa_s = global->ifaces;
1053 while (wpa_s) {
1054 struct wpa_supplicant *next = wpa_s->next;
1055 if (wpas_wps_terminate_pending(wpa_s) == 1)
1056 pending = 1;
1057 #ifdef CONFIG_P2P
1058 if (wpa_s->p2p_group_interface != NOT_P2P_GROUP_INTERFACE ||
1059 (wpa_s->current_ssid && wpa_s->current_ssid->p2p_group))
1060 wpas_p2p_disconnect(wpa_s);
1061 #endif /* CONFIG_P2P */
1062 wpa_s = next;
1063 }
1064 #endif /* CONFIG_WPS */
1065 if (pending)
1066 return;
1067 eloop_terminate();
1068 }
1069
1070
1071 static void wpa_supplicant_terminate(int sig, void *signal_ctx)
1072 {
1073 struct wpa_global *global = signal_ctx;
1074 wpa_supplicant_terminate_proc(global);
1075 }
1076
1077
1078 void wpa_supplicant_clear_status(struct wpa_supplicant *wpa_s)
1079 {
1080 enum wpa_states old_state = wpa_s->wpa_state;
1081
1082 wpa_s->pairwise_cipher = 0;
1083 wpa_s->group_cipher = 0;
1084 wpa_s->mgmt_group_cipher = 0;
1085 wpa_s->key_mgmt = 0;
1086 if (wpa_s->wpa_state != WPA_INTERFACE_DISABLED)
1087 wpa_supplicant_set_state(wpa_s, WPA_DISCONNECTED);
1088
1089 if (wpa_s->wpa_state != old_state)
1090 wpas_notify_state_changed(wpa_s, wpa_s->wpa_state, old_state);
1091 }
1092
1093
1094 /**
1095 * wpa_supplicant_reload_configuration - Reload configuration data
1096 * @wpa_s: Pointer to wpa_supplicant data
1097 * Returns: 0 on success or -1 if configuration parsing failed
1098 *
1099 * This function can be used to request that the configuration data is reloaded
1100 * (e.g., after configuration file change). This function is reloading
1101 * configuration only for one interface, so this may need to be called multiple
1102 * times if %wpa_supplicant is controlling multiple interfaces and all
1103 * interfaces need reconfiguration.
1104 */
1105 int wpa_supplicant_reload_configuration(struct wpa_supplicant *wpa_s)
1106 {
1107 struct wpa_config *conf;
1108 int reconf_ctrl;
1109 int old_ap_scan;
1110
1111 if (wpa_s->confname == NULL)
1112 return -1;
1113 conf = wpa_config_read(wpa_s->confname, NULL);
1114 if (conf == NULL) {
1115 wpa_msg(wpa_s, MSG_ERROR, "Failed to parse the configuration "
1116 "file '%s' - exiting", wpa_s->confname);
1117 return -1;
1118 }
1119 if (wpa_s->confanother &&
1120 !wpa_config_read(wpa_s->confanother, conf)) {
1121 wpa_msg(wpa_s, MSG_ERROR,
1122 "Failed to parse the configuration file '%s' - exiting",
1123 wpa_s->confanother);
1124 return -1;
1125 }
1126
1127 conf->changed_parameters = (unsigned int) -1;
1128
1129 reconf_ctrl = !!conf->ctrl_interface != !!wpa_s->conf->ctrl_interface
1130 || (conf->ctrl_interface && wpa_s->conf->ctrl_interface &&
1131 os_strcmp(conf->ctrl_interface,
1132 wpa_s->conf->ctrl_interface) != 0);
1133
1134 if (reconf_ctrl && wpa_s->ctrl_iface) {
1135 wpa_supplicant_ctrl_iface_deinit(wpa_s->ctrl_iface);
1136 wpa_s->ctrl_iface = NULL;
1137 }
1138
1139 eapol_sm_invalidate_cached_session(wpa_s->eapol);
1140 if (wpa_s->current_ssid) {
1141 if (wpa_s->wpa_state >= WPA_AUTHENTICATING)
1142 wpa_s->own_disconnect_req = 1;
1143 wpa_supplicant_deauthenticate(wpa_s,
1144 WLAN_REASON_DEAUTH_LEAVING);
1145 }
1146
1147 /*
1148 * TODO: should notify EAPOL SM about changes in opensc_engine_path,
1149 * pkcs11_engine_path, pkcs11_module_path, openssl_ciphers.
1150 */
1151 if (wpa_key_mgmt_wpa_psk(wpa_s->key_mgmt) ||
1152 wpa_s->key_mgmt == WPA_KEY_MGMT_OWE ||
1153 wpa_s->key_mgmt == WPA_KEY_MGMT_DPP) {
1154 /*
1155 * Clear forced success to clear EAP state for next
1156 * authentication.
1157 */
1158 eapol_sm_notify_eap_success(wpa_s->eapol, FALSE);
1159 }
1160 eapol_sm_notify_config(wpa_s->eapol, NULL, NULL);
1161 wpa_sm_set_config(wpa_s->wpa, NULL);
1162 wpa_sm_pmksa_cache_flush(wpa_s->wpa, NULL);
1163 wpa_sm_set_fast_reauth(wpa_s->wpa, wpa_s->conf->fast_reauth);
1164 rsn_preauth_deinit(wpa_s->wpa);
1165
1166 old_ap_scan = wpa_s->conf->ap_scan;
1167 wpa_config_free(wpa_s->conf);
1168 wpa_s->conf = conf;
1169 if (old_ap_scan != wpa_s->conf->ap_scan)
1170 wpas_notify_ap_scan_changed(wpa_s);
1171
1172 if (reconf_ctrl)
1173 wpa_s->ctrl_iface = wpa_supplicant_ctrl_iface_init(wpa_s);
1174
1175 wpa_supplicant_update_config(wpa_s);
1176
1177 wpa_supplicant_clear_status(wpa_s);
1178 if (wpa_supplicant_enabled_networks(wpa_s)) {
1179 wpa_s->reassociate = 1;
1180 wpa_supplicant_req_scan(wpa_s, 0, 0);
1181 }
1182 wpa_dbg(wpa_s, MSG_DEBUG, "Reconfiguration completed");
1183 return 0;
1184 }
1185
1186
1187 static void wpa_supplicant_reconfig(int sig, void *signal_ctx)
1188 {
1189 struct wpa_global *global = signal_ctx;
1190 struct wpa_supplicant *wpa_s;
1191 for (wpa_s = global->ifaces; wpa_s; wpa_s = wpa_s->next) {
1192 wpa_dbg(wpa_s, MSG_DEBUG, "Signal %d received - reconfiguring",
1193 sig);
1194 if (wpa_supplicant_reload_configuration(wpa_s) < 0) {
1195 wpa_supplicant_terminate_proc(global);
1196 }
1197 }
1198
1199 if (wpa_debug_reopen_file() < 0) {
1200 /* Ignore errors since we cannot really do much to fix this */
1201 wpa_printf(MSG_DEBUG, "Could not reopen debug log file");
1202 }
1203 }
1204
1205
1206 static int wpa_supplicant_suites_from_ai(struct wpa_supplicant *wpa_s,
1207 struct wpa_ssid *ssid,
1208 struct wpa_ie_data *ie)
1209 {
1210 int ret = wpa_sm_parse_own_wpa_ie(wpa_s->wpa, ie);
1211 if (ret) {
1212 if (ret == -2) {
1213 wpa_msg(wpa_s, MSG_INFO, "WPA: Failed to parse WPA IE "
1214 "from association info");
1215 }
1216 return -1;
1217 }
1218
1219 wpa_dbg(wpa_s, MSG_DEBUG, "WPA: Using WPA IE from AssocReq to set "
1220 "cipher suites");
1221 if (!(ie->group_cipher & ssid->group_cipher)) {
1222 wpa_msg(wpa_s, MSG_INFO, "WPA: Driver used disabled group "
1223 "cipher 0x%x (mask 0x%x) - reject",
1224 ie->group_cipher, ssid->group_cipher);
1225 return -1;
1226 }
1227 if (!(ie->pairwise_cipher & ssid->pairwise_cipher)) {
1228 wpa_msg(wpa_s, MSG_INFO, "WPA: Driver used disabled pairwise "
1229 "cipher 0x%x (mask 0x%x) - reject",
1230 ie->pairwise_cipher, ssid->pairwise_cipher);
1231 return -1;
1232 }
1233 if (!(ie->key_mgmt & ssid->key_mgmt)) {
1234 wpa_msg(wpa_s, MSG_INFO, "WPA: Driver used disabled key "
1235 "management 0x%x (mask 0x%x) - reject",
1236 ie->key_mgmt, ssid->key_mgmt);
1237 return -1;
1238 }
1239
1240 if (!(ie->capabilities & WPA_CAPABILITY_MFPC) &&
1241 wpas_get_ssid_pmf(wpa_s, ssid) == MGMT_FRAME_PROTECTION_REQUIRED) {
1242 wpa_msg(wpa_s, MSG_INFO, "WPA: Driver associated with an AP "
1243 "that does not support management frame protection - "
1244 "reject");
1245 return -1;
1246 }
1247
1248 return 0;
1249 }
1250
1251
1252 static int matching_ciphers(struct wpa_ssid *ssid, struct wpa_ie_data *ie,
1253 int freq)
1254 {
1255 if (!ie->has_group)
1256 ie->group_cipher = wpa_default_rsn_cipher(freq);
1257 if (!ie->has_pairwise)
1258 ie->pairwise_cipher = wpa_default_rsn_cipher(freq);
1259 return (ie->group_cipher & ssid->group_cipher) &&
1260 (ie->pairwise_cipher & ssid->pairwise_cipher);
1261 }
1262
1263
1264 /**
1265 * wpa_supplicant_set_suites - Set authentication and encryption parameters
1266 * @wpa_s: Pointer to wpa_supplicant data
1267 * @bss: Scan results for the selected BSS, or %NULL if not available
1268 * @ssid: Configuration data for the selected network
1269 * @wpa_ie: Buffer for the WPA/RSN IE
1270 * @wpa_ie_len: Maximum wpa_ie buffer size on input. This is changed to be the
1271 * used buffer length in case the functions returns success.
1272 * Returns: 0 on success or -1 on failure
1273 *
1274 * This function is used to configure authentication and encryption parameters
1275 * based on the network configuration and scan result for the selected BSS (if
1276 * available).
1277 */
1278 int wpa_supplicant_set_suites(struct wpa_supplicant *wpa_s,
1279 struct wpa_bss *bss, struct wpa_ssid *ssid,
1280 u8 *wpa_ie, size_t *wpa_ie_len)
1281 {
1282 struct wpa_ie_data ie;
1283 int sel, proto, sae_pwe;
1284 const u8 *bss_wpa, *bss_rsn, *bss_rsnx, *bss_osen;
1285
1286 if (bss) {
1287 bss_wpa = wpa_bss_get_vendor_ie(bss, WPA_IE_VENDOR_TYPE);
1288 bss_rsn = wpa_bss_get_ie(bss, WLAN_EID_RSN);
1289 bss_rsnx = wpa_bss_get_ie(bss, WLAN_EID_RSNX);
1290 bss_osen = wpa_bss_get_vendor_ie(bss, OSEN_IE_VENDOR_TYPE);
1291 } else {
1292 bss_wpa = bss_rsn = bss_rsnx = bss_osen = NULL;
1293 }
1294
1295 if (bss_rsn && (ssid->proto & WPA_PROTO_RSN) &&
1296 wpa_parse_wpa_ie(bss_rsn, 2 + bss_rsn[1], &ie) == 0 &&
1297 matching_ciphers(ssid, &ie, bss->freq) &&
1298 (ie.key_mgmt & ssid->key_mgmt)) {
1299 wpa_dbg(wpa_s, MSG_DEBUG, "RSN: using IEEE 802.11i/D9.0");
1300 proto = WPA_PROTO_RSN;
1301 } else if (bss_wpa && (ssid->proto & WPA_PROTO_WPA) &&
1302 wpa_parse_wpa_ie(bss_wpa, 2 + bss_wpa[1], &ie) == 0 &&
1303 (ie.group_cipher & ssid->group_cipher) &&
1304 (ie.pairwise_cipher & ssid->pairwise_cipher) &&
1305 (ie.key_mgmt & ssid->key_mgmt)) {
1306 wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using IEEE 802.11i/D3.0");
1307 proto = WPA_PROTO_WPA;
1308 #ifdef CONFIG_HS20
1309 } else if (bss_osen && (ssid->proto & WPA_PROTO_OSEN) &&
1310 wpa_parse_wpa_ie(bss_osen, 2 + bss_osen[1], &ie) == 0 &&
1311 (ie.group_cipher & ssid->group_cipher) &&
1312 (ie.pairwise_cipher & ssid->pairwise_cipher) &&
1313 (ie.key_mgmt & ssid->key_mgmt)) {
1314 wpa_dbg(wpa_s, MSG_DEBUG, "HS 2.0: using OSEN");
1315 proto = WPA_PROTO_OSEN;
1316 } else if (bss_rsn && (ssid->proto & WPA_PROTO_OSEN) &&
1317 wpa_parse_wpa_ie(bss_rsn, 2 + bss_rsn[1], &ie) == 0 &&
1318 (ie.group_cipher & ssid->group_cipher) &&
1319 (ie.pairwise_cipher & ssid->pairwise_cipher) &&
1320 (ie.key_mgmt & ssid->key_mgmt)) {
1321 wpa_dbg(wpa_s, MSG_DEBUG, "RSN: using OSEN (within RSN)");
1322 proto = WPA_PROTO_RSN;
1323 #endif /* CONFIG_HS20 */
1324 } else if (bss) {
1325 wpa_msg(wpa_s, MSG_WARNING, "WPA: Failed to select WPA/RSN");
1326 wpa_dbg(wpa_s, MSG_DEBUG,
1327 "WPA: ssid proto=0x%x pairwise_cipher=0x%x group_cipher=0x%x key_mgmt=0x%x",
1328 ssid->proto, ssid->pairwise_cipher, ssid->group_cipher,
1329 ssid->key_mgmt);
1330 wpa_dbg(wpa_s, MSG_DEBUG, "WPA: BSS " MACSTR " ssid='%s'%s%s%s",
1331 MAC2STR(bss->bssid),
1332 wpa_ssid_txt(bss->ssid, bss->ssid_len),
1333 bss_wpa ? " WPA" : "",
1334 bss_rsn ? " RSN" : "",
1335 bss_osen ? " OSEN" : "");
1336 if (bss_rsn) {
1337 wpa_hexdump(MSG_DEBUG, "RSN", bss_rsn, 2 + bss_rsn[1]);
1338 if (wpa_parse_wpa_ie(bss_rsn, 2 + bss_rsn[1], &ie)) {
1339 wpa_dbg(wpa_s, MSG_DEBUG,
1340 "Could not parse RSN element");
1341 } else {
1342 wpa_dbg(wpa_s, MSG_DEBUG,
1343 "RSN: pairwise_cipher=0x%x group_cipher=0x%x key_mgmt=0x%x",
1344 ie.pairwise_cipher, ie.group_cipher,
1345 ie.key_mgmt);
1346 }
1347 }
1348 if (bss_wpa) {
1349 wpa_hexdump(MSG_DEBUG, "WPA", bss_wpa, 2 + bss_wpa[1]);
1350 if (wpa_parse_wpa_ie(bss_wpa, 2 + bss_wpa[1], &ie)) {
1351 wpa_dbg(wpa_s, MSG_DEBUG,
1352 "Could not parse WPA element");
1353 } else {
1354 wpa_dbg(wpa_s, MSG_DEBUG,
1355 "WPA: pairwise_cipher=0x%x group_cipher=0x%x key_mgmt=0x%x",
1356 ie.pairwise_cipher, ie.group_cipher,
1357 ie.key_mgmt);
1358 }
1359 }
1360 return -1;
1361 } else {
1362 if (ssid->proto & WPA_PROTO_OSEN)
1363 proto = WPA_PROTO_OSEN;
1364 else if (ssid->proto & WPA_PROTO_RSN)
1365 proto = WPA_PROTO_RSN;
1366 else
1367 proto = WPA_PROTO_WPA;
1368 if (wpa_supplicant_suites_from_ai(wpa_s, ssid, &ie) < 0) {
1369 os_memset(&ie, 0, sizeof(ie));
1370 ie.group_cipher = ssid->group_cipher;
1371 ie.pairwise_cipher = ssid->pairwise_cipher;
1372 ie.key_mgmt = ssid->key_mgmt;
1373 ie.mgmt_group_cipher = 0;
1374 if (ssid->ieee80211w != NO_MGMT_FRAME_PROTECTION) {
1375 if (ssid->group_mgmt_cipher &
1376 WPA_CIPHER_BIP_GMAC_256)
1377 ie.mgmt_group_cipher =
1378 WPA_CIPHER_BIP_GMAC_256;
1379 else if (ssid->group_mgmt_cipher &
1380 WPA_CIPHER_BIP_CMAC_256)
1381 ie.mgmt_group_cipher =
1382 WPA_CIPHER_BIP_CMAC_256;
1383 else if (ssid->group_mgmt_cipher &
1384 WPA_CIPHER_BIP_GMAC_128)
1385 ie.mgmt_group_cipher =
1386 WPA_CIPHER_BIP_GMAC_128;
1387 else
1388 ie.mgmt_group_cipher =
1389 WPA_CIPHER_AES_128_CMAC;
1390 }
1391 #ifdef CONFIG_OWE
1392 if ((ssid->key_mgmt & WPA_KEY_MGMT_OWE) &&
1393 !ssid->owe_only &&
1394 !bss_wpa && !bss_rsn && !bss_osen) {
1395 wpa_supplicant_set_non_wpa_policy(wpa_s, ssid);
1396 wpa_s->wpa_proto = 0;
1397 *wpa_ie_len = 0;
1398 return 0;
1399 }
1400 #endif /* CONFIG_OWE */
1401 wpa_dbg(wpa_s, MSG_DEBUG, "WPA: Set cipher suites "
1402 "based on configuration");
1403 } else
1404 proto = ie.proto;
1405 }
1406
1407 wpa_dbg(wpa_s, MSG_DEBUG, "WPA: Selected cipher suites: group %d "
1408 "pairwise %d key_mgmt %d proto %d",
1409 ie.group_cipher, ie.pairwise_cipher, ie.key_mgmt, proto);
1410 if (ssid->ieee80211w) {
1411 wpa_dbg(wpa_s, MSG_DEBUG, "WPA: Selected mgmt group cipher %d",
1412 ie.mgmt_group_cipher);
1413 }
1414
1415 wpa_s->wpa_proto = proto;
1416 wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_PROTO, proto);
1417 wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_RSN_ENABLED,
1418 !!(ssid->proto & (WPA_PROTO_RSN | WPA_PROTO_OSEN)));
1419
1420 if (bss || !wpa_s->ap_ies_from_associnfo) {
1421 if (wpa_sm_set_ap_wpa_ie(wpa_s->wpa, bss_wpa,
1422 bss_wpa ? 2 + bss_wpa[1] : 0) ||
1423 wpa_sm_set_ap_rsn_ie(wpa_s->wpa, bss_rsn,
1424 bss_rsn ? 2 + bss_rsn[1] : 0) ||
1425 wpa_sm_set_ap_rsnxe(wpa_s->wpa, bss_rsnx,
1426 bss_rsnx ? 2 + bss_rsnx[1] : 0))
1427 return -1;
1428 }
1429
1430 #ifdef CONFIG_NO_WPA
1431 wpa_s->group_cipher = WPA_CIPHER_NONE;
1432 wpa_s->pairwise_cipher = WPA_CIPHER_NONE;
1433 #else /* CONFIG_NO_WPA */
1434 sel = ie.group_cipher & ssid->group_cipher;
1435 wpa_dbg(wpa_s, MSG_DEBUG,
1436 "WPA: AP group 0x%x network profile group 0x%x; available group 0x%x",
1437 ie.group_cipher, ssid->group_cipher, sel);
1438 wpa_s->group_cipher = wpa_pick_group_cipher(sel);
1439 if (wpa_s->group_cipher < 0) {
1440 wpa_msg(wpa_s, MSG_WARNING, "WPA: Failed to select group "
1441 "cipher");
1442 return -1;
1443 }
1444 wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using GTK %s",
1445 wpa_cipher_txt(wpa_s->group_cipher));
1446
1447 sel = ie.pairwise_cipher & ssid->pairwise_cipher;
1448 wpa_dbg(wpa_s, MSG_DEBUG,
1449 "WPA: AP pairwise 0x%x network profile pairwise 0x%x; available pairwise 0x%x",
1450 ie.pairwise_cipher, ssid->pairwise_cipher, sel);
1451 wpa_s->pairwise_cipher = wpa_pick_pairwise_cipher(sel, 1);
1452 if (wpa_s->pairwise_cipher < 0) {
1453 wpa_msg(wpa_s, MSG_WARNING, "WPA: Failed to select pairwise "
1454 "cipher");
1455 return -1;
1456 }
1457 wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using PTK %s",
1458 wpa_cipher_txt(wpa_s->pairwise_cipher));
1459 #endif /* CONFIG_NO_WPA */
1460
1461 sel = ie.key_mgmt & ssid->key_mgmt;
1462 #ifdef CONFIG_SAE
1463 if (!(wpa_s->drv_flags & WPA_DRIVER_FLAGS_SAE))
1464 sel &= ~(WPA_KEY_MGMT_SAE | WPA_KEY_MGMT_FT_SAE);
1465 #endif /* CONFIG_SAE */
1466 #ifdef CONFIG_IEEE80211R
1467 if (!(wpa_s->drv_flags & (WPA_DRIVER_FLAGS_SME |
1468 WPA_DRIVER_FLAGS_UPDATE_FT_IES)))
1469 sel &= ~WPA_KEY_MGMT_FT;
1470 #endif /* CONFIG_IEEE80211R */
1471 wpa_dbg(wpa_s, MSG_DEBUG,
1472 "WPA: AP key_mgmt 0x%x network profile key_mgmt 0x%x; available key_mgmt 0x%x",
1473 ie.key_mgmt, ssid->key_mgmt, sel);
1474 if (0) {
1475 #ifdef CONFIG_IEEE80211R
1476 #ifdef CONFIG_SHA384
1477 } else if ((sel & WPA_KEY_MGMT_FT_IEEE8021X_SHA384) &&
1478 os_strcmp(wpa_supplicant_get_eap_mode(wpa_s), "LEAP") != 0) {
1479 wpa_s->key_mgmt = WPA_KEY_MGMT_FT_IEEE8021X_SHA384;
1480 wpa_dbg(wpa_s, MSG_DEBUG,
1481 "WPA: using KEY_MGMT FT/802.1X-SHA384");
1482 if (!ssid->ft_eap_pmksa_caching &&
1483 pmksa_cache_get_current(wpa_s->wpa)) {
1484 /* PMKSA caching with FT may have interoperability
1485 * issues, so disable that case by default for now. */
1486 wpa_dbg(wpa_s, MSG_DEBUG,
1487 "WPA: Disable PMKSA caching for FT/802.1X connection");
1488 pmksa_cache_clear_current(wpa_s->wpa);
1489 }
1490 #endif /* CONFIG_SHA384 */
1491 #endif /* CONFIG_IEEE80211R */
1492 #ifdef CONFIG_SUITEB192
1493 } else if (sel & WPA_KEY_MGMT_IEEE8021X_SUITE_B_192) {
1494 wpa_s->key_mgmt = WPA_KEY_MGMT_IEEE8021X_SUITE_B_192;
1495 wpa_dbg(wpa_s, MSG_DEBUG,
1496 "WPA: using KEY_MGMT 802.1X with Suite B (192-bit)");
1497 #endif /* CONFIG_SUITEB192 */
1498 #ifdef CONFIG_SUITEB
1499 } else if (sel & WPA_KEY_MGMT_IEEE8021X_SUITE_B) {
1500 wpa_s->key_mgmt = WPA_KEY_MGMT_IEEE8021X_SUITE_B;
1501 wpa_dbg(wpa_s, MSG_DEBUG,
1502 "WPA: using KEY_MGMT 802.1X with Suite B");
1503 #endif /* CONFIG_SUITEB */
1504 #ifdef CONFIG_FILS
1505 #ifdef CONFIG_IEEE80211R
1506 } else if (sel & WPA_KEY_MGMT_FT_FILS_SHA384) {
1507 wpa_s->key_mgmt = WPA_KEY_MGMT_FT_FILS_SHA384;
1508 wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using KEY_MGMT FT-FILS-SHA384");
1509 } else if (sel & WPA_KEY_MGMT_FT_FILS_SHA256) {
1510 wpa_s->key_mgmt = WPA_KEY_MGMT_FT_FILS_SHA256;
1511 wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using KEY_MGMT FT-FILS-SHA256");
1512 #endif /* CONFIG_IEEE80211R */
1513 } else if (sel & WPA_KEY_MGMT_FILS_SHA384) {
1514 wpa_s->key_mgmt = WPA_KEY_MGMT_FILS_SHA384;
1515 wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using KEY_MGMT FILS-SHA384");
1516 } else if (sel & WPA_KEY_MGMT_FILS_SHA256) {
1517 wpa_s->key_mgmt = WPA_KEY_MGMT_FILS_SHA256;
1518 wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using KEY_MGMT FILS-SHA256");
1519 #endif /* CONFIG_FILS */
1520 #ifdef CONFIG_IEEE80211R
1521 } else if ((sel & WPA_KEY_MGMT_FT_IEEE8021X) &&
1522 os_strcmp(wpa_supplicant_get_eap_mode(wpa_s), "LEAP") != 0) {
1523 wpa_s->key_mgmt = WPA_KEY_MGMT_FT_IEEE8021X;
1524 wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using KEY_MGMT FT/802.1X");
1525 if (!ssid->ft_eap_pmksa_caching &&
1526 pmksa_cache_get_current(wpa_s->wpa)) {
1527 /* PMKSA caching with FT may have interoperability
1528 * issues, so disable that case by default for now. */
1529 wpa_dbg(wpa_s, MSG_DEBUG,
1530 "WPA: Disable PMKSA caching for FT/802.1X connection");
1531 pmksa_cache_clear_current(wpa_s->wpa);
1532 }
1533 #endif /* CONFIG_IEEE80211R */
1534 #ifdef CONFIG_DPP
1535 } else if (sel & WPA_KEY_MGMT_DPP) {
1536 wpa_s->key_mgmt = WPA_KEY_MGMT_DPP;
1537 wpa_dbg(wpa_s, MSG_DEBUG, "RSN: using KEY_MGMT DPP");
1538 #endif /* CONFIG_DPP */
1539 #ifdef CONFIG_SAE
1540 } else if (sel & WPA_KEY_MGMT_FT_SAE) {
1541 wpa_s->key_mgmt = WPA_KEY_MGMT_FT_SAE;
1542 wpa_dbg(wpa_s, MSG_DEBUG, "RSN: using KEY_MGMT FT/SAE");
1543 } else if (sel & WPA_KEY_MGMT_SAE) {
1544 wpa_s->key_mgmt = WPA_KEY_MGMT_SAE;
1545 wpa_dbg(wpa_s, MSG_DEBUG, "RSN: using KEY_MGMT SAE");
1546 #endif /* CONFIG_SAE */
1547 #ifdef CONFIG_IEEE80211R
1548 } else if (sel & WPA_KEY_MGMT_FT_PSK) {
1549 wpa_s->key_mgmt = WPA_KEY_MGMT_FT_PSK;
1550 wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using KEY_MGMT FT/PSK");
1551 #endif /* CONFIG_IEEE80211R */
1552 } else if (sel & WPA_KEY_MGMT_IEEE8021X_SHA256) {
1553 wpa_s->key_mgmt = WPA_KEY_MGMT_IEEE8021X_SHA256;
1554 wpa_dbg(wpa_s, MSG_DEBUG,
1555 "WPA: using KEY_MGMT 802.1X with SHA256");
1556 } else if (sel & WPA_KEY_MGMT_PSK_SHA256) {
1557 wpa_s->key_mgmt = WPA_KEY_MGMT_PSK_SHA256;
1558 wpa_dbg(wpa_s, MSG_DEBUG,
1559 "WPA: using KEY_MGMT PSK with SHA256");
1560 } else if (sel & WPA_KEY_MGMT_IEEE8021X) {
1561 wpa_s->key_mgmt = WPA_KEY_MGMT_IEEE8021X;
1562 wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using KEY_MGMT 802.1X");
1563 } else if (sel & WPA_KEY_MGMT_PSK) {
1564 wpa_s->key_mgmt = WPA_KEY_MGMT_PSK;
1565 wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using KEY_MGMT WPA-PSK");
1566 } else if (sel & WPA_KEY_MGMT_WPA_NONE) {
1567 wpa_s->key_mgmt = WPA_KEY_MGMT_WPA_NONE;
1568 wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using KEY_MGMT WPA-NONE");
1569 #ifdef CONFIG_HS20
1570 } else if (sel & WPA_KEY_MGMT_OSEN) {
1571 wpa_s->key_mgmt = WPA_KEY_MGMT_OSEN;
1572 wpa_dbg(wpa_s, MSG_DEBUG, "HS 2.0: using KEY_MGMT OSEN");
1573 #endif /* CONFIG_HS20 */
1574 #ifdef CONFIG_OWE
1575 } else if (sel & WPA_KEY_MGMT_OWE) {
1576 wpa_s->key_mgmt = WPA_KEY_MGMT_OWE;
1577 wpa_dbg(wpa_s, MSG_DEBUG, "RSN: using KEY_MGMT OWE");
1578 #endif /* CONFIG_OWE */
1579 } else {
1580 wpa_msg(wpa_s, MSG_WARNING, "WPA: Failed to select "
1581 "authenticated key management type");
1582 return -1;
1583 }
1584
1585 wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_KEY_MGMT, wpa_s->key_mgmt);
1586 wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_PAIRWISE,
1587 wpa_s->pairwise_cipher);
1588 wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_GROUP, wpa_s->group_cipher);
1589
1590 if (!(ie.capabilities & WPA_CAPABILITY_MFPC) &&
1591 wpas_get_ssid_pmf(wpa_s, ssid) == MGMT_FRAME_PROTECTION_REQUIRED) {
1592 wpa_msg(wpa_s, MSG_INFO,
1593 "RSN: Management frame protection required but the selected AP does not enable it");
1594 return -1;
1595 }
1596
1597 sel = ie.mgmt_group_cipher;
1598 if (ssid->group_mgmt_cipher)
1599 sel &= ssid->group_mgmt_cipher;
1600 if (wpas_get_ssid_pmf(wpa_s, ssid) == NO_MGMT_FRAME_PROTECTION ||
1601 !(ie.capabilities & WPA_CAPABILITY_MFPC))
1602 sel = 0;
1603 wpa_dbg(wpa_s, MSG_DEBUG,
1604 "WPA: AP mgmt_group_cipher 0x%x network profile mgmt_group_cipher 0x%x; available mgmt_group_cipher 0x%x",
1605 ie.mgmt_group_cipher, ssid->group_mgmt_cipher, sel);
1606 if (sel & WPA_CIPHER_AES_128_CMAC) {
1607 wpa_s->mgmt_group_cipher = WPA_CIPHER_AES_128_CMAC;
1608 wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using MGMT group cipher "
1609 "AES-128-CMAC");
1610 } else if (sel & WPA_CIPHER_BIP_GMAC_128) {
1611 wpa_s->mgmt_group_cipher = WPA_CIPHER_BIP_GMAC_128;
1612 wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using MGMT group cipher "
1613 "BIP-GMAC-128");
1614 } else if (sel & WPA_CIPHER_BIP_GMAC_256) {
1615 wpa_s->mgmt_group_cipher = WPA_CIPHER_BIP_GMAC_256;
1616 wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using MGMT group cipher "
1617 "BIP-GMAC-256");
1618 } else if (sel & WPA_CIPHER_BIP_CMAC_256) {
1619 wpa_s->mgmt_group_cipher = WPA_CIPHER_BIP_CMAC_256;
1620 wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using MGMT group cipher "
1621 "BIP-CMAC-256");
1622 } else {
1623 wpa_s->mgmt_group_cipher = 0;
1624 wpa_dbg(wpa_s, MSG_DEBUG, "WPA: not using MGMT group cipher");
1625 }
1626 wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_MGMT_GROUP,
1627 wpa_s->mgmt_group_cipher);
1628 wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_MFP,
1629 wpas_get_ssid_pmf(wpa_s, ssid));
1630 #ifdef CONFIG_OCV
1631 wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_OCV, ssid->ocv);
1632 #endif /* CONFIG_OCV */
1633 sae_pwe = wpa_s->conf->sae_pwe;
1634 if (ssid->sae_password_id && sae_pwe != 3)
1635 sae_pwe = 1;
1636 wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_SAE_PWE, sae_pwe);
1637
1638 if (wpa_sm_set_assoc_wpa_ie_default(wpa_s->wpa, wpa_ie, wpa_ie_len)) {
1639 wpa_msg(wpa_s, MSG_WARNING, "WPA: Failed to generate WPA IE");
1640 return -1;
1641 }
1642
1643 wpa_s->rsnxe_len = sizeof(wpa_s->rsnxe);
1644 if (wpa_sm_set_assoc_rsnxe_default(wpa_s->wpa, wpa_s->rsnxe,
1645 &wpa_s->rsnxe_len)) {
1646 wpa_msg(wpa_s, MSG_WARNING, "RSN: Failed to generate RSNXE");
1647 return -1;
1648 }
1649
1650 if (0) {
1651 #ifdef CONFIG_DPP
1652 } else if (wpa_s->key_mgmt == WPA_KEY_MGMT_DPP) {
1653 /* Use PMK from DPP network introduction (PMKSA entry) */
1654 wpa_sm_set_pmk_from_pmksa(wpa_s->wpa);
1655 #endif /* CONFIG_DPP */
1656 } else if (wpa_key_mgmt_wpa_psk(ssid->key_mgmt)) {
1657 int psk_set = 0;
1658 int sae_only;
1659
1660 sae_only = (ssid->key_mgmt & (WPA_KEY_MGMT_PSK |
1661 WPA_KEY_MGMT_FT_PSK |
1662 WPA_KEY_MGMT_PSK_SHA256)) == 0;
1663
1664 if (ssid->psk_set && !sae_only) {
1665 wpa_hexdump_key(MSG_MSGDUMP, "PSK (set in config)",
1666 ssid->psk, PMK_LEN);
1667 wpa_sm_set_pmk(wpa_s->wpa, ssid->psk, PMK_LEN, NULL,
1668 NULL);
1669 psk_set = 1;
1670 }
1671
1672 if (wpa_key_mgmt_sae(ssid->key_mgmt) &&
1673 (ssid->sae_password || ssid->passphrase))
1674 psk_set = 1;
1675
1676 #ifndef CONFIG_NO_PBKDF2
1677 if (bss && ssid->bssid_set && ssid->ssid_len == 0 &&
1678 ssid->passphrase && !sae_only) {
1679 u8 psk[PMK_LEN];
1680 pbkdf2_sha1(ssid->passphrase, bss->ssid, bss->ssid_len,
1681 4096, psk, PMK_LEN);
1682 wpa_hexdump_key(MSG_MSGDUMP, "PSK (from passphrase)",
1683 psk, PMK_LEN);
1684 wpa_sm_set_pmk(wpa_s->wpa, psk, PMK_LEN, NULL, NULL);
1685 psk_set = 1;
1686 os_memset(psk, 0, sizeof(psk));
1687 }
1688 #endif /* CONFIG_NO_PBKDF2 */
1689 #ifdef CONFIG_EXT_PASSWORD
1690 if (ssid->ext_psk && !sae_only) {
1691 struct wpabuf *pw = ext_password_get(wpa_s->ext_pw,
1692 ssid->ext_psk);
1693 char pw_str[64 + 1];
1694 u8 psk[PMK_LEN];
1695
1696 if (pw == NULL) {
1697 wpa_msg(wpa_s, MSG_INFO, "EXT PW: No PSK "
1698 "found from external storage");
1699 return -1;
1700 }
1701
1702 if (wpabuf_len(pw) < 8 || wpabuf_len(pw) > 64) {
1703 wpa_msg(wpa_s, MSG_INFO, "EXT PW: Unexpected "
1704 "PSK length %d in external storage",
1705 (int) wpabuf_len(pw));
1706 ext_password_free(pw);
1707 return -1;
1708 }
1709
1710 os_memcpy(pw_str, wpabuf_head(pw), wpabuf_len(pw));
1711 pw_str[wpabuf_len(pw)] = '\0';
1712
1713 #ifndef CONFIG_NO_PBKDF2
1714 if (wpabuf_len(pw) >= 8 && wpabuf_len(pw) < 64 && bss)
1715 {
1716 pbkdf2_sha1(pw_str, bss->ssid, bss->ssid_len,
1717 4096, psk, PMK_LEN);
1718 os_memset(pw_str, 0, sizeof(pw_str));
1719 wpa_hexdump_key(MSG_MSGDUMP, "PSK (from "
1720 "external passphrase)",
1721 psk, PMK_LEN);
1722 wpa_sm_set_pmk(wpa_s->wpa, psk, PMK_LEN, NULL,
1723 NULL);
1724 psk_set = 1;
1725 os_memset(psk, 0, sizeof(psk));
1726 } else
1727 #endif /* CONFIG_NO_PBKDF2 */
1728 if (wpabuf_len(pw) == 2 * PMK_LEN) {
1729 if (hexstr2bin(pw_str, psk, PMK_LEN) < 0) {
1730 wpa_msg(wpa_s, MSG_INFO, "EXT PW: "
1731 "Invalid PSK hex string");
1732 os_memset(pw_str, 0, sizeof(pw_str));
1733 ext_password_free(pw);
1734 return -1;
1735 }
1736 wpa_hexdump_key(MSG_MSGDUMP,
1737 "PSK (from external PSK)",
1738 psk, PMK_LEN);
1739 wpa_sm_set_pmk(wpa_s->wpa, psk, PMK_LEN, NULL,
1740 NULL);
1741 psk_set = 1;
1742 os_memset(psk, 0, sizeof(psk));
1743 } else {
1744 wpa_msg(wpa_s, MSG_INFO, "EXT PW: No suitable "
1745 "PSK available");
1746 os_memset(pw_str, 0, sizeof(pw_str));
1747 ext_password_free(pw);
1748 return -1;
1749 }
1750
1751 os_memset(pw_str, 0, sizeof(pw_str));
1752 ext_password_free(pw);
1753 }
1754 #endif /* CONFIG_EXT_PASSWORD */
1755
1756 if (!psk_set) {
1757 wpa_msg(wpa_s, MSG_INFO,
1758 "No PSK available for association");
1759 wpas_auth_failed(wpa_s, "NO_PSK_AVAILABLE");
1760 return -1;
1761 }
1762 #ifdef CONFIG_OWE
1763 } else if (wpa_s->key_mgmt == WPA_KEY_MGMT_OWE) {
1764 /* OWE Diffie-Hellman exchange in (Re)Association
1765 * Request/Response frames set the PMK, so do not override it
1766 * here. */
1767 #endif /* CONFIG_OWE */
1768 } else
1769 wpa_sm_set_pmk_from_pmksa(wpa_s->wpa);
1770
1771 if (ssid->mode != WPAS_MODE_IBSS &&
1772 !(wpa_s->drv_flags & WPA_DRIVER_FLAGS_WIRED) &&
1773 (ssid->wpa_deny_ptk0_rekey == PTK0_REKEY_ALLOW_NEVER ||
1774 (ssid->wpa_deny_ptk0_rekey == PTK0_REKEY_ALLOW_LOCAL_OK &&
1775 !(wpa_s->drv_flags & WPA_DRIVER_FLAGS_SAFE_PTK0_REKEYS)))) {
1776 wpa_msg(wpa_s, MSG_INFO,
1777 "Disable PTK0 rekey support - replaced with reconnect");
1778 wpa_s->deny_ptk0_rekey = 1;
1779 wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_DENY_PTK0_REKEY, 1);
1780 } else {
1781 wpa_s->deny_ptk0_rekey = 0;
1782 wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_DENY_PTK0_REKEY, 0);
1783 }
1784
1785 return 0;
1786 }
1787
1788
1789 static void wpas_ext_capab_byte(struct wpa_supplicant *wpa_s, u8 *pos, int idx)
1790 {
1791 *pos = 0x00;
1792
1793 switch (idx) {
1794 case 0: /* Bits 0-7 */
1795 break;
1796 case 1: /* Bits 8-15 */
1797 if (wpa_s->conf->coloc_intf_reporting) {
1798 /* Bit 13 - Collocated Interference Reporting */
1799 *pos |= 0x20;
1800 }
1801 break;
1802 case 2: /* Bits 16-23 */
1803 #ifdef CONFIG_WNM
1804 *pos |= 0x02; /* Bit 17 - WNM-Sleep Mode */
1805 if (!wpa_s->disable_mbo_oce && !wpa_s->conf->disable_btm)
1806 *pos |= 0x08; /* Bit 19 - BSS Transition */
1807 #endif /* CONFIG_WNM */
1808 break;
1809 case 3: /* Bits 24-31 */
1810 #ifdef CONFIG_WNM
1811 *pos |= 0x02; /* Bit 25 - SSID List */
1812 #endif /* CONFIG_WNM */
1813 #ifdef CONFIG_INTERWORKING
1814 if (wpa_s->conf->interworking)
1815 *pos |= 0x80; /* Bit 31 - Interworking */
1816 #endif /* CONFIG_INTERWORKING */
1817 break;
1818 case 4: /* Bits 32-39 */
1819 #ifdef CONFIG_INTERWORKING
1820 if (wpa_s->drv_flags & WPA_DRIVER_FLAGS_QOS_MAPPING)
1821 *pos |= 0x01; /* Bit 32 - QoS Map */
1822 #endif /* CONFIG_INTERWORKING */
1823 break;
1824 case 5: /* Bits 40-47 */
1825 #ifdef CONFIG_HS20
1826 if (wpa_s->conf->hs20)
1827 *pos |= 0x40; /* Bit 46 - WNM-Notification */
1828 #endif /* CONFIG_HS20 */
1829 #ifdef CONFIG_MBO
1830 *pos |= 0x40; /* Bit 46 - WNM-Notification */
1831 #endif /* CONFIG_MBO */
1832 break;
1833 case 6: /* Bits 48-55 */
1834 break;
1835 case 7: /* Bits 56-63 */
1836 break;
1837 case 8: /* Bits 64-71 */
1838 if (wpa_s->conf->ftm_responder)
1839 *pos |= 0x40; /* Bit 70 - FTM responder */
1840 if (wpa_s->conf->ftm_initiator)
1841 *pos |= 0x80; /* Bit 71 - FTM initiator */
1842 break;
1843 case 9: /* Bits 72-79 */
1844 #ifdef CONFIG_FILS
1845 if (!wpa_s->disable_fils)
1846 *pos |= 0x01;
1847 #endif /* CONFIG_FILS */
1848 break;
1849 }
1850 }
1851
1852
1853 int wpas_build_ext_capab(struct wpa_supplicant *wpa_s, u8 *buf, size_t buflen)
1854 {
1855 u8 *pos = buf;
1856 u8 len = 10, i;
1857
1858 if (len < wpa_s->extended_capa_len)
1859 len = wpa_s->extended_capa_len;
1860 if (buflen < (size_t) len + 2) {
1861 wpa_printf(MSG_INFO,
1862 "Not enough room for building extended capabilities element");
1863 return -1;
1864 }
1865
1866 *pos++ = WLAN_EID_EXT_CAPAB;
1867 *pos++ = len;
1868 for (i = 0; i < len; i++, pos++) {
1869 wpas_ext_capab_byte(wpa_s, pos, i);
1870
1871 if (i < wpa_s->extended_capa_len) {
1872 *pos &= ~wpa_s->extended_capa_mask[i];
1873 *pos |= wpa_s->extended_capa[i];
1874 }
1875 }
1876
1877 while (len > 0 && buf[1 + len] == 0) {
1878 len--;
1879 buf[1] = len;
1880 }
1881 if (len == 0)
1882 return 0;
1883
1884 return 2 + len;
1885 }
1886
1887
1888 static int wpas_valid_bss(struct wpa_supplicant *wpa_s,
1889 struct wpa_bss *test_bss)
1890 {
1891 struct wpa_bss *bss;
1892
1893 dl_list_for_each(bss, &wpa_s->bss, struct wpa_bss, list) {
1894 if (bss == test_bss)
1895 return 1;
1896 }
1897
1898 return 0;
1899 }
1900
1901
1902 static int wpas_valid_ssid(struct wpa_supplicant *wpa_s,
1903 struct wpa_ssid *test_ssid)
1904 {
1905 struct wpa_ssid *ssid;
1906
1907 for (ssid = wpa_s->conf->ssid; ssid; ssid = ssid->next) {
1908 if (ssid == test_ssid)
1909 return 1;
1910 }
1911
1912 return 0;
1913 }
1914
1915
1916 int wpas_valid_bss_ssid(struct wpa_supplicant *wpa_s, struct wpa_bss *test_bss,
1917 struct wpa_ssid *test_ssid)
1918 {
1919 if (test_bss && !wpas_valid_bss(wpa_s, test_bss))
1920 return 0;
1921
1922 return test_ssid == NULL || wpas_valid_ssid(wpa_s, test_ssid);
1923 }
1924
1925
1926 void wpas_connect_work_free(struct wpa_connect_work *cwork)
1927 {
1928 if (cwork == NULL)
1929 return;
1930 os_free(cwork);
1931 }
1932
1933
1934 void wpas_connect_work_done(struct wpa_supplicant *wpa_s)
1935 {
1936 struct wpa_connect_work *cwork;
1937 struct wpa_radio_work *work = wpa_s->connect_work;
1938
1939 if (!work)
1940 return;
1941
1942 wpa_s->connect_work = NULL;
1943 cwork = work->ctx;
1944 work->ctx = NULL;
1945 wpas_connect_work_free(cwork);
1946 radio_work_done(work);
1947 }
1948
1949
1950 int wpas_update_random_addr(struct wpa_supplicant *wpa_s, int style)
1951 {
1952 struct os_reltime now;
1953 u8 addr[ETH_ALEN];
1954
1955 os_get_reltime(&now);
1956 if (wpa_s->last_mac_addr_style == style &&
1957 wpa_s->last_mac_addr_change.sec != 0 &&
1958 !os_reltime_expired(&now, &wpa_s->last_mac_addr_change,
1959 wpa_s->conf->rand_addr_lifetime)) {
1960 wpa_msg(wpa_s, MSG_DEBUG,
1961 "Previously selected random MAC address has not yet expired");
1962 return 0;
1963 }
1964
1965 switch (style) {
1966 case 1:
1967 if (random_mac_addr(addr) < 0)
1968 return -1;
1969 break;
1970 case 2:
1971 os_memcpy(addr, wpa_s->perm_addr, ETH_ALEN);
1972 if (random_mac_addr_keep_oui(addr) < 0)
1973 return -1;
1974 break;
1975 default:
1976 return -1;
1977 }
1978
1979 if (wpa_drv_set_mac_addr(wpa_s, addr) < 0) {
1980 wpa_msg(wpa_s, MSG_INFO,
1981 "Failed to set random MAC address");
1982 return -1;
1983 }
1984
1985 os_get_reltime(&wpa_s->last_mac_addr_change);
1986 wpa_s->mac_addr_changed = 1;
1987 wpa_s->last_mac_addr_style = style;
1988
1989 if (wpa_supplicant_update_mac_addr(wpa_s) < 0) {
1990 wpa_msg(wpa_s, MSG_INFO,
1991 "Could not update MAC address information");
1992 return -1;
1993 }
1994
1995 wpa_msg(wpa_s, MSG_DEBUG, "Using random MAC address " MACSTR,
1996 MAC2STR(addr));
1997
1998 return 0;
1999 }
2000
2001
2002 int wpas_update_random_addr_disassoc(struct wpa_supplicant *wpa_s)
2003 {
2004 if (wpa_s->wpa_state >= WPA_AUTHENTICATING ||
2005 !wpa_s->conf->preassoc_mac_addr)
2006 return 0;
2007
2008 return wpas_update_random_addr(wpa_s, wpa_s->conf->preassoc_mac_addr);
2009 }
2010
2011
2012 static void wpa_s_setup_sae_pt(struct wpa_config *conf, struct wpa_ssid *ssid)
2013 {
2014 #ifdef CONFIG_SAE
2015 int *groups = conf->sae_groups;
2016 int default_groups[] = { 19, 20, 21, 0 };
2017 const char *password;
2018
2019 if (!groups || groups[0] <= 0)
2020 groups = default_groups;
2021
2022 password = ssid->sae_password;
2023 if (!password)
2024 password = ssid->passphrase;
2025
2026 if ((conf->sae_pwe == 0 && !ssid->sae_password_id) || !password ||
2027 conf->sae_pwe == 3) {
2028 /* PT derivation not needed */
2029 sae_deinit_pt(ssid->pt);
2030 ssid->pt = NULL;
2031 return;
2032 }
2033
2034 if (ssid->pt)
2035 return; /* PT already derived */
2036 ssid->pt = sae_derive_pt(groups, ssid->ssid, ssid->ssid_len,
2037 (const u8 *) password, os_strlen(password),
2038 ssid->sae_password_id);
2039 #endif /* CONFIG_SAE */
2040 }
2041
2042
2043 static void wpa_s_clear_sae_rejected(struct wpa_supplicant *wpa_s)
2044 {
2045 #if defined(CONFIG_SAE) && defined(CONFIG_SME)
2046 os_free(wpa_s->sme.sae_rejected_groups);
2047 wpa_s->sme.sae_rejected_groups = NULL;
2048 #ifdef CONFIG_TESTING_OPTIONS
2049 if (wpa_s->extra_sae_rejected_groups) {
2050 int i, *groups = wpa_s->extra_sae_rejected_groups;
2051
2052 for (i = 0; groups[i]; i++) {
2053 wpa_printf(MSG_DEBUG,
2054 "TESTING: Indicate rejection of an extra SAE group %d",
2055 groups[i]);
2056 int_array_add_unique(&wpa_s->sme.sae_rejected_groups,
2057 groups[i]);
2058 }
2059 }
2060 #endif /* CONFIG_TESTING_OPTIONS */
2061 #endif /* CONFIG_SAE && CONFIG_SME */
2062 }
2063
2064
2065 static void wpas_start_assoc_cb(struct wpa_radio_work *work, int deinit);
2066
2067 /**
2068 * wpa_supplicant_associate - Request association
2069 * @wpa_s: Pointer to wpa_supplicant data
2070 * @bss: Scan results for the selected BSS, or %NULL if not available
2071 * @ssid: Configuration data for the selected network
2072 *
2073 * This function is used to request %wpa_supplicant to associate with a BSS.
2074 */
2075 void wpa_supplicant_associate(struct wpa_supplicant *wpa_s,
2076 struct wpa_bss *bss, struct wpa_ssid *ssid)
2077 {
2078 struct wpa_connect_work *cwork;
2079 int rand_style;
2080
2081 wpa_s->own_disconnect_req = 0;
2082 wpa_s->own_reconnect_req = 0;
2083
2084 /*
2085 * If we are starting a new connection, any previously pending EAPOL
2086 * RX cannot be valid anymore.
2087 */
2088 wpabuf_free(wpa_s->pending_eapol_rx);
2089 wpa_s->pending_eapol_rx = NULL;
2090
2091 if (ssid->mac_addr == -1)
2092 rand_style = wpa_s->conf->mac_addr;
2093 else
2094 rand_style = ssid->mac_addr;
2095
2096 wpa_s->multi_ap_ie = 0;
2097 wmm_ac_clear_saved_tspecs(wpa_s);
2098 wpa_s->reassoc_same_bss = 0;
2099 wpa_s->reassoc_same_ess = 0;
2100 #ifdef CONFIG_TESTING_OPTIONS
2101 wpa_s->testing_resend_assoc = 0;
2102 #endif /* CONFIG_TESTING_OPTIONS */
2103
2104 if (wpa_s->last_ssid == ssid) {
2105 wpa_dbg(wpa_s, MSG_DEBUG, "Re-association to the same ESS");
2106 wpa_s->reassoc_same_ess = 1;
2107 if (wpa_s->current_bss && wpa_s->current_bss == bss) {
2108 wmm_ac_save_tspecs(wpa_s);
2109 wpa_s->reassoc_same_bss = 1;
2110 } else if (wpa_s->current_bss && wpa_s->current_bss != bss) {
2111 os_get_reltime(&wpa_s->roam_start);
2112 }
2113 } else {
2114 #ifdef CONFIG_SAE
2115 wpa_s_clear_sae_rejected(wpa_s);
2116 wpa_s_setup_sae_pt(wpa_s->conf, ssid);
2117 #endif /* CONFIG_SAE */
2118 }
2119
2120 if (rand_style > 0 && !wpa_s->reassoc_same_ess) {
2121 if (wpas_update_random_addr(wpa_s, rand_style) < 0)
2122 return;
2123 wpa_sm_pmksa_cache_flush(wpa_s->wpa, ssid);
2124 } else if (rand_style == 0 && wpa_s->mac_addr_changed) {
2125 if (wpa_drv_set_mac_addr(wpa_s, NULL) < 0) {
2126 wpa_msg(wpa_s, MSG_INFO,
2127 "Could not restore permanent MAC address");
2128 return;
2129 }
2130 wpa_s->mac_addr_changed = 0;
2131 if (wpa_supplicant_update_mac_addr(wpa_s) < 0) {
2132 wpa_msg(wpa_s, MSG_INFO,
2133 "Could not update MAC address information");
2134 return;
2135 }
2136 wpa_msg(wpa_s, MSG_DEBUG, "Using permanent MAC address");
2137 }
2138 wpa_s->last_ssid = ssid;
2139
2140 #ifdef CONFIG_IBSS_RSN
2141 ibss_rsn_deinit(wpa_s->ibss_rsn);
2142 wpa_s->ibss_rsn = NULL;
2143 #else /* CONFIG_IBSS_RSN */
2144 if (ssid->mode == WPAS_MODE_IBSS &&
2145 !(ssid->key_mgmt & (WPA_KEY_MGMT_NONE | WPA_KEY_MGMT_WPA_NONE))) {
2146 wpa_msg(wpa_s, MSG_INFO,
2147 "IBSS RSN not supported in the build");
2148 return;
2149 }
2150 #endif /* CONFIG_IBSS_RSN */
2151
2152 if (ssid->mode == WPAS_MODE_AP || ssid->mode == WPAS_MODE_P2P_GO ||
2153 ssid->mode == WPAS_MODE_P2P_GROUP_FORMATION) {
2154 #ifdef CONFIG_AP
2155 if (!(wpa_s->drv_flags & WPA_DRIVER_FLAGS_AP)) {
2156 wpa_msg(wpa_s, MSG_INFO, "Driver does not support AP "
2157 "mode");
2158 return;
2159 }
2160 if (wpa_supplicant_create_ap(wpa_s, ssid) < 0) {
2161 wpa_supplicant_set_state(wpa_s, WPA_DISCONNECTED);
2162 if (ssid->mode == WPAS_MODE_P2P_GROUP_FORMATION)
2163 wpas_p2p_ap_setup_failed(wpa_s);
2164 return;
2165 }
2166 wpa_s->current_bss = bss;
2167 #else /* CONFIG_AP */
2168 wpa_msg(wpa_s, MSG_ERROR, "AP mode support not included in "
2169 "the build");
2170 #endif /* CONFIG_AP */
2171 return;
2172 }
2173
2174 if (ssid->mode == WPAS_MODE_MESH) {
2175 #ifdef CONFIG_MESH
2176 if (!(wpa_s->drv_flags & WPA_DRIVER_FLAGS_MESH)) {
2177 wpa_msg(wpa_s, MSG_INFO,
2178 "Driver does not support mesh mode");
2179 return;
2180 }
2181 if (bss)
2182 ssid->frequency = bss->freq;
2183 if (wpa_supplicant_join_mesh(wpa_s, ssid) < 0) {
2184 wpa_msg(wpa_s, MSG_ERROR, "Could not join mesh");
2185 return;
2186 }
2187 wpa_s->current_bss = bss;
2188 wpa_msg(wpa_s, MSG_INFO, MESH_GROUP_STARTED "ssid=\"%s\" id=%d",
2189 wpa_ssid_txt(ssid->ssid, ssid->ssid_len),
2190 ssid->id);
2191 wpas_notify_mesh_group_started(wpa_s, ssid);
2192 #else /* CONFIG_MESH */
2193 wpa_msg(wpa_s, MSG_ERROR,
2194 "mesh mode support not included in the build");
2195 #endif /* CONFIG_MESH */
2196 return;
2197 }
2198
2199 /*
2200 * Set WPA state machine configuration to match the selected network now
2201 * so that the information is available before wpas_start_assoc_cb()
2202 * gets called. This is needed at least for RSN pre-authentication where
2203 * candidate APs are added to a list based on scan result processing
2204 * before completion of the first association.
2205 */
2206 wpa_supplicant_rsn_supp_set_config(wpa_s, ssid);
2207
2208 #ifdef CONFIG_DPP
2209 if (wpas_dpp_check_connect(wpa_s, ssid, bss) != 0)
2210 return;
2211 #endif /* CONFIG_DPP */
2212
2213 #ifdef CONFIG_TDLS
2214 if (bss)
2215 wpa_tdls_ap_ies(wpa_s->wpa, (const u8 *) (bss + 1),
2216 bss->ie_len);
2217 #endif /* CONFIG_TDLS */
2218
2219 #ifdef CONFIG_MBO
2220 wpas_mbo_check_pmf(wpa_s, bss, ssid);
2221 #endif /* CONFIG_MBO */
2222
2223 if ((wpa_s->drv_flags & WPA_DRIVER_FLAGS_SME) &&
2224 ssid->mode == WPAS_MODE_INFRA) {
2225 sme_authenticate(wpa_s, bss, ssid);
2226 return;
2227 }
2228
2229 if (wpa_s->connect_work) {
2230 wpa_dbg(wpa_s, MSG_DEBUG, "Reject wpa_supplicant_associate() call since connect_work exist");
2231 return;
2232 }
2233
2234 if (radio_work_pending(wpa_s, "connect")) {
2235 wpa_dbg(wpa_s, MSG_DEBUG, "Reject wpa_supplicant_associate() call since pending work exist");
2236 return;
2237 }
2238
2239 #ifdef CONFIG_SME
2240 if (ssid->mode == WPAS_MODE_IBSS || ssid->mode == WPAS_MODE_MESH) {
2241 /* Clear possibly set auth_alg, if any, from last attempt. */
2242 wpa_s->sme.auth_alg = WPA_AUTH_ALG_OPEN;
2243 }
2244 #endif /* CONFIG_SME */
2245
2246 wpas_abort_ongoing_scan(wpa_s);
2247
2248 cwork = os_zalloc(sizeof(*cwork));
2249 if (cwork == NULL)
2250 return;
2251
2252 cwork->bss = bss;
2253 cwork->ssid = ssid;
2254
2255 if (radio_add_work(wpa_s, bss ? bss->freq : 0, "connect", 1,
2256 wpas_start_assoc_cb, cwork) < 0) {
2257 os_free(cwork);
2258 }
2259 }
2260
2261
2262 static int bss_is_ibss(struct wpa_bss *bss)
2263 {
2264 return (bss->caps & (IEEE80211_CAP_ESS | IEEE80211_CAP_IBSS)) ==
2265 IEEE80211_CAP_IBSS;
2266 }
2267
2268
2269 static int drv_supports_vht(struct wpa_supplicant *wpa_s,
2270 const struct wpa_ssid *ssid)
2271 {
2272 enum hostapd_hw_mode hw_mode;
2273 struct hostapd_hw_modes *mode = NULL;
2274 u8 channel;
2275 int i;
2276
2277 hw_mode = ieee80211_freq_to_chan(ssid->frequency, &channel);
2278 if (hw_mode == NUM_HOSTAPD_MODES)
2279 return 0;
2280 for (i = 0; wpa_s->hw.modes && i < wpa_s->hw.num_modes; i++) {
2281 if (wpa_s->hw.modes[i].mode == hw_mode) {
2282 mode = &wpa_s->hw.modes[i];
2283 break;
2284 }
2285 }
2286
2287 if (!mode)
2288 return 0;
2289
2290 return mode->vht_capab != 0;
2291 }
2292
2293
2294 void ibss_mesh_setup_freq(struct wpa_supplicant *wpa_s,
2295 const struct wpa_ssid *ssid,
2296 struct hostapd_freq_params *freq)
2297 {
2298 int ieee80211_mode = wpas_mode_to_ieee80211_mode(ssid->mode);
2299 enum hostapd_hw_mode hw_mode;
2300 struct hostapd_hw_modes *mode = NULL;
2301 int ht40plus[] = { 36, 44, 52, 60, 100, 108, 116, 124, 132, 149, 157,
2302 184, 192 };
2303 int vht80[] = { 36, 52, 100, 116, 132, 149 };
2304 struct hostapd_channel_data *pri_chan = NULL, *sec_chan = NULL;
2305 u8 channel;
2306 int i, chan_idx, ht40 = -1, res, obss_scan = 1;
2307 unsigned int j, k;
2308 struct hostapd_freq_params vht_freq;
2309 int chwidth, seg0, seg1;
2310 u32 vht_caps = 0;
2311 int is_24ghz;
2312
2313 freq->freq = ssid->frequency;
2314
2315 for (j = 0; j < wpa_s->last_scan_res_used; j++) {
2316 struct wpa_bss *bss = wpa_s->last_scan_res[j];
2317
2318 if (ssid->mode != WPAS_MODE_IBSS)
2319 break;
2320
2321 /* Don't adjust control freq in case of fixed_freq */
2322 if (ssid->fixed_freq)
2323 break;
2324
2325 if (!bss_is_ibss(bss))
2326 continue;
2327
2328 if (ssid->ssid_len == bss->ssid_len &&
2329 os_memcmp(ssid->ssid, bss->ssid, bss->ssid_len) == 0) {
2330 wpa_printf(MSG_DEBUG,
2331 "IBSS already found in scan results, adjust control freq: %d",
2332 bss->freq);
2333 freq->freq = bss->freq;
2334 obss_scan = 0;
2335 break;
2336 }
2337 }
2338
2339 /* For IBSS check HT_IBSS flag */
2340 if (ssid->mode == WPAS_MODE_IBSS &&
2341 !(wpa_s->drv_flags & WPA_DRIVER_FLAGS_HT_IBSS))
2342 return;
2343
2344 if (wpa_s->group_cipher == WPA_CIPHER_WEP40 ||
2345 wpa_s->group_cipher == WPA_CIPHER_WEP104 ||
2346 wpa_s->pairwise_cipher == WPA_CIPHER_TKIP) {
2347 wpa_printf(MSG_DEBUG,
2348 "IBSS: WEP/TKIP detected, do not try to enable HT");
2349 return;
2350 }
2351
2352 hw_mode = ieee80211_freq_to_chan(freq->freq, &channel);
2353 for (i = 0; wpa_s->hw.modes && i < wpa_s->hw.num_modes; i++) {
2354 if (wpa_s->hw.modes[i].mode == hw_mode) {
2355 mode = &wpa_s->hw.modes[i];
2356 break;
2357 }
2358 }
2359
2360 if (!mode)
2361 return;
2362
2363 is_24ghz = hw_mode == HOSTAPD_MODE_IEEE80211G ||
2364 hw_mode == HOSTAPD_MODE_IEEE80211B;
2365
2366 #ifdef CONFIG_HT_OVERRIDES
2367 if (ssid->disable_ht) {
2368 freq->ht_enabled = 0;
2369 return;
2370 }
2371 #endif /* CONFIG_HT_OVERRIDES */
2372
2373 freq->ht_enabled = ht_supported(mode);
2374 if (!freq->ht_enabled)
2375 return;
2376
2377 /* Allow HE on 2.4 GHz without VHT: see nl80211_put_freq_params() */
2378 if (is_24ghz)
2379 freq->he_enabled = mode->he_capab[ieee80211_mode].he_supported;
2380
2381 /* Setup higher BW only for 5 GHz */
2382 if (mode->mode != HOSTAPD_MODE_IEEE80211A)
2383 return;
2384
2385 for (chan_idx = 0; chan_idx < mode->num_channels; chan_idx++) {
2386 pri_chan = &mode->channels[chan_idx];
2387 if (pri_chan->chan == channel)
2388 break;
2389 pri_chan = NULL;
2390 }
2391 if (!pri_chan)
2392 return;
2393
2394 /* Check primary channel flags */
2395 if (pri_chan->flag & (HOSTAPD_CHAN_DISABLED | HOSTAPD_CHAN_NO_IR))
2396 return;
2397
2398 freq->channel = pri_chan->chan;
2399
2400 #ifdef CONFIG_HT_OVERRIDES
2401 if (ssid->disable_ht40) {
2402 #ifdef CONFIG_VHT_OVERRIDES
2403 if (ssid->disable_vht)
2404 return;
2405 #endif /* CONFIG_VHT_OVERRIDES */
2406 goto skip_ht40;
2407 }
2408 #endif /* CONFIG_HT_OVERRIDES */
2409
2410 /* Check/setup HT40+/HT40- */
2411 for (j = 0; j < ARRAY_SIZE(ht40plus); j++) {
2412 if (ht40plus[j] == channel) {
2413 ht40 = 1;
2414 break;
2415 }
2416 }
2417
2418 /* Find secondary channel */
2419 for (i = 0; i < mode->num_channels; i++) {
2420 sec_chan = &mode->channels[i];
2421 if (sec_chan->chan == channel + ht40 * 4)
2422 break;
2423 sec_chan = NULL;
2424 }
2425 if (!sec_chan)
2426 return;
2427
2428 /* Check secondary channel flags */
2429 if (sec_chan->flag & (HOSTAPD_CHAN_DISABLED | HOSTAPD_CHAN_NO_IR))
2430 return;
2431
2432 if (ht40 == -1) {
2433 if (!(pri_chan->flag & HOSTAPD_CHAN_HT40MINUS))
2434 return;
2435 } else {
2436 if (!(pri_chan->flag & HOSTAPD_CHAN_HT40PLUS))
2437 return;
2438 }
2439 freq->sec_channel_offset = ht40;
2440
2441 if (obss_scan) {
2442 struct wpa_scan_results *scan_res;
2443
2444 scan_res = wpa_supplicant_get_scan_results(wpa_s, NULL, 0);
2445 if (scan_res == NULL) {
2446 /* Back to HT20 */
2447 freq->sec_channel_offset = 0;
2448 return;
2449 }
2450
2451 res = check_40mhz_5g(scan_res, pri_chan, sec_chan);
2452 switch (res) {
2453 case 0:
2454 /* Back to HT20 */
2455 freq->sec_channel_offset = 0;
2456 break;
2457 case 1:
2458 /* Configuration allowed */
2459 break;
2460 case 2:
2461 /* Switch pri/sec channels */
2462 freq->freq = hw_get_freq(mode, sec_chan->chan);
2463 freq->sec_channel_offset = -freq->sec_channel_offset;
2464 freq->channel = sec_chan->chan;
2465 break;
2466 default:
2467 freq->sec_channel_offset = 0;
2468 break;
2469 }
2470
2471 wpa_scan_results_free(scan_res);
2472 }
2473
2474 #ifdef CONFIG_HT_OVERRIDES
2475 skip_ht40:
2476 #endif /* CONFIG_HT_OVERRIDES */
2477 wpa_printf(MSG_DEBUG,
2478 "IBSS/mesh: setup freq channel %d, sec_channel_offset %d",
2479 freq->channel, freq->sec_channel_offset);
2480
2481 if (!drv_supports_vht(wpa_s, ssid))
2482 return;
2483
2484 /* For IBSS check VHT_IBSS flag */
2485 if (ssid->mode == WPAS_MODE_IBSS &&
2486 !(wpa_s->drv_flags & WPA_DRIVER_FLAGS_VHT_IBSS))
2487 return;
2488
2489 vht_freq = *freq;
2490
2491 #ifdef CONFIG_VHT_OVERRIDES
2492 if (ssid->disable_vht) {
2493 freq->vht_enabled = 0;
2494 return;
2495 }
2496 #endif /* CONFIG_VHT_OVERRIDES */
2497
2498 vht_freq.vht_enabled = vht_supported(mode);
2499 if (!vht_freq.vht_enabled)
2500 return;
2501
2502 /* Enable HE with VHT for 5 GHz */
2503 freq->he_enabled = mode->he_capab[ieee80211_mode].he_supported;
2504
2505 /* setup center_freq1, bandwidth */
2506 for (j = 0; j < ARRAY_SIZE(vht80); j++) {
2507 if (freq->channel >= vht80[j] &&
2508 freq->channel < vht80[j] + 16)
2509 break;
2510 }
2511
2512 if (j == ARRAY_SIZE(vht80))
2513 return;
2514
2515 for (i = vht80[j]; i < vht80[j] + 16; i += 4) {
2516 struct hostapd_channel_data *chan;
2517
2518 chan = hw_get_channel_chan(mode, i, NULL);
2519 if (!chan)
2520 return;
2521
2522 /* Back to HT configuration if channel not usable */
2523 if (chan->flag & (HOSTAPD_CHAN_DISABLED | HOSTAPD_CHAN_NO_IR))
2524 return;
2525 }
2526
2527 chwidth = CHANWIDTH_80MHZ;
2528 seg0 = vht80[j] + 6;
2529 seg1 = 0;
2530
2531 if (ssid->max_oper_chwidth == CHANWIDTH_80P80MHZ) {
2532 /* setup center_freq2, bandwidth */
2533 for (k = 0; k < ARRAY_SIZE(vht80); k++) {
2534 /* Only accept 80 MHz segments separated by a gap */
2535 if (j == k || abs(vht80[j] - vht80[k]) == 16)
2536 continue;
2537 for (i = vht80[k]; i < vht80[k] + 16; i += 4) {
2538 struct hostapd_channel_data *chan;
2539
2540 chan = hw_get_channel_chan(mode, i, NULL);
2541 if (!chan)
2542 continue;
2543
2544 if (chan->flag & (HOSTAPD_CHAN_DISABLED |
2545 HOSTAPD_CHAN_NO_IR |
2546 HOSTAPD_CHAN_RADAR))
2547 continue;
2548
2549 /* Found a suitable second segment for 80+80 */
2550 chwidth = CHANWIDTH_80P80MHZ;
2551 vht_caps |=
2552 VHT_CAP_SUPP_CHAN_WIDTH_160_80PLUS80MHZ;
2553 seg1 = vht80[k] + 6;
2554 }
2555
2556 if (chwidth == CHANWIDTH_80P80MHZ)
2557 break;
2558 }
2559 } else if (ssid->max_oper_chwidth == CHANWIDTH_160MHZ) {
2560 if (freq->freq == 5180) {
2561 chwidth = CHANWIDTH_160MHZ;
2562 vht_caps |= VHT_CAP_SUPP_CHAN_WIDTH_160MHZ;
2563 seg0 = 50;
2564 } else if (freq->freq == 5520) {
2565 chwidth = CHANWIDTH_160MHZ;
2566 vht_caps |= VHT_CAP_SUPP_CHAN_WIDTH_160MHZ;
2567 seg0 = 114;
2568 }
2569 } else if (ssid->max_oper_chwidth == CHANWIDTH_USE_HT) {
2570 chwidth = CHANWIDTH_USE_HT;
2571 seg0 = vht80[j] + 2;
2572 #ifdef CONFIG_HT_OVERRIDES
2573 if (ssid->disable_ht40)
2574 seg0 = 0;
2575 #endif /* CONFIG_HT_OVERRIDES */
2576 }
2577
2578 if (hostapd_set_freq_params(&vht_freq, mode->mode, freq->freq,
2579 freq->channel, ssid->enable_edmg,
2580 ssid->edmg_channel, freq->ht_enabled,
2581 vht_freq.vht_enabled, freq->he_enabled,
2582 freq->sec_channel_offset,
2583 chwidth, seg0, seg1, vht_caps,
2584 &mode->he_capab[ieee80211_mode]) != 0)
2585 return;
2586
2587 *freq = vht_freq;
2588
2589 wpa_printf(MSG_DEBUG, "IBSS: VHT setup freq cf1 %d, cf2 %d, bw %d",
2590 freq->center_freq1, freq->center_freq2, freq->bandwidth);
2591 }
2592
2593
2594 #ifdef CONFIG_FILS
2595 static size_t wpas_add_fils_hlp_req(struct wpa_supplicant *wpa_s, u8 *ie_buf,
2596 size_t ie_buf_len)
2597 {
2598 struct fils_hlp_req *req;
2599 size_t rem_len, hdr_len, hlp_len, len, ie_len = 0;
2600 const u8 *pos;
2601 u8 *buf = ie_buf;
2602
2603 dl_list_for_each(req, &wpa_s->fils_hlp_req, struct fils_hlp_req,
2604 list) {
2605 rem_len = ie_buf_len - ie_len;
2606 pos = wpabuf_head(req->pkt);
2607 hdr_len = 1 + 2 * ETH_ALEN + 6;
2608 hlp_len = wpabuf_len(req->pkt);
2609
2610 if (rem_len < 2 + hdr_len + hlp_len) {
2611 wpa_printf(MSG_ERROR,
2612 "FILS: Cannot fit HLP - rem_len=%lu to_fill=%lu",
2613 (unsigned long) rem_len,
2614 (unsigned long) (2 + hdr_len + hlp_len));
2615 break;
2616 }
2617
2618 len = (hdr_len + hlp_len) > 255 ? 255 : hdr_len + hlp_len;
2619 /* Element ID */
2620 *buf++ = WLAN_EID_EXTENSION;
2621 /* Length */
2622 *buf++ = len;
2623 /* Element ID Extension */
2624 *buf++ = WLAN_EID_EXT_FILS_HLP_CONTAINER;
2625 /* Destination MAC address */
2626 os_memcpy(buf, req->dst, ETH_ALEN);
2627 buf += ETH_ALEN;
2628 /* Source MAC address */
2629 os_memcpy(buf, wpa_s->own_addr, ETH_ALEN);
2630 buf += ETH_ALEN;
2631 /* LLC/SNAP Header */
2632 os_memcpy(buf, "\xaa\xaa\x03\x00\x00\x00", 6);
2633 buf += 6;
2634 /* HLP Packet */
2635 os_memcpy(buf, pos, len - hdr_len);
2636 buf += len - hdr_len;
2637 pos += len - hdr_len;
2638
2639 hlp_len -= len - hdr_len;
2640 ie_len += 2 + len;
2641 rem_len -= 2 + len;
2642
2643 while (hlp_len) {
2644 len = (hlp_len > 255) ? 255 : hlp_len;
2645 if (rem_len < 2 + len)
2646 break;
2647 *buf++ = WLAN_EID_FRAGMENT;
2648 *buf++ = len;
2649 os_memcpy(buf, pos, len);
2650 buf += len;
2651 pos += len;
2652
2653 hlp_len -= len;
2654 ie_len += 2 + len;
2655 rem_len -= 2 + len;
2656 }
2657 }
2658
2659 return ie_len;
2660 }
2661
2662
2663 int wpa_is_fils_supported(struct wpa_supplicant *wpa_s)
2664 {
2665 return (((wpa_s->drv_flags & WPA_DRIVER_FLAGS_SME) &&
2666 (wpa_s->drv_flags & WPA_DRIVER_FLAGS_SUPPORT_FILS)) ||
2667 (!(wpa_s->drv_flags & WPA_DRIVER_FLAGS_SME) &&
2668 (wpa_s->drv_flags & WPA_DRIVER_FLAGS_FILS_SK_OFFLOAD)));
2669 }
2670
2671
2672 int wpa_is_fils_sk_pfs_supported(struct wpa_supplicant *wpa_s)
2673 {
2674 #ifdef CONFIG_FILS_SK_PFS
2675 return (wpa_s->drv_flags & WPA_DRIVER_FLAGS_SME) &&
2676 (wpa_s->drv_flags & WPA_DRIVER_FLAGS_SUPPORT_FILS);
2677 #else /* CONFIG_FILS_SK_PFS */
2678 return 0;
2679 #endif /* CONFIG_FILS_SK_PFS */
2680 }
2681
2682 #endif /* CONFIG_FILS */
2683
2684
2685 static u8 * wpas_populate_assoc_ies(
2686 struct wpa_supplicant *wpa_s,
2687 struct wpa_bss *bss, struct wpa_ssid *ssid,
2688 struct wpa_driver_associate_params *params,
2689 enum wpa_drv_update_connect_params_mask *mask)
2690 {
2691 u8 *wpa_ie;
2692 size_t max_wpa_ie_len = 500;
2693 size_t wpa_ie_len;
2694 int algs = WPA_AUTH_ALG_OPEN;
2695 #ifdef CONFIG_MBO
2696 const u8 *mbo_ie;
2697 #endif
2698 #ifdef CONFIG_SAE
2699 int sae_pmksa_cached = 0;
2700 #endif /* CONFIG_SAE */
2701 #ifdef CONFIG_FILS
2702 const u8 *realm, *username, *rrk;
2703 size_t realm_len, username_len, rrk_len;
2704 u16 next_seq_num;
2705 struct fils_hlp_req *req;
2706
2707 dl_list_for_each(req, &wpa_s->fils_hlp_req, struct fils_hlp_req,
2708 list) {
2709 max_wpa_ie_len += 3 + 2 * ETH_ALEN + 6 + wpabuf_len(req->pkt) +
2710 2 + 2 * wpabuf_len(req->pkt) / 255;
2711 }
2712 #endif /* CONFIG_FILS */
2713
2714 wpa_ie = os_malloc(max_wpa_ie_len);
2715 if (!wpa_ie) {
2716 wpa_printf(MSG_ERROR,
2717 "Failed to allocate connect IE buffer for %lu bytes",
2718 (unsigned long) max_wpa_ie_len);
2719 return NULL;
2720 }
2721
2722 if (bss && (wpa_bss_get_vendor_ie(bss, WPA_IE_VENDOR_TYPE) ||
2723 wpa_bss_get_ie(bss, WLAN_EID_RSN)) &&
2724 wpa_key_mgmt_wpa(ssid->key_mgmt)) {
2725 int try_opportunistic;
2726 const u8 *cache_id = NULL;
2727
2728 try_opportunistic = (ssid->proactive_key_caching < 0 ?
2729 wpa_s->conf->okc :
2730 ssid->proactive_key_caching) &&
2731 (ssid->proto & WPA_PROTO_RSN);
2732 #ifdef CONFIG_FILS
2733 if (wpa_key_mgmt_fils(ssid->key_mgmt))
2734 cache_id = wpa_bss_get_fils_cache_id(bss);
2735 #endif /* CONFIG_FILS */
2736 if (pmksa_cache_set_current(wpa_s->wpa, NULL, bss->bssid,
2737 ssid, try_opportunistic,
2738 cache_id, 0) == 0) {
2739 eapol_sm_notify_pmkid_attempt(wpa_s->eapol);
2740 #ifdef CONFIG_SAE
2741 sae_pmksa_cached = 1;
2742 #endif /* CONFIG_SAE */
2743 }
2744 wpa_ie_len = max_wpa_ie_len;
2745 if (wpa_supplicant_set_suites(wpa_s, bss, ssid,
2746 wpa_ie, &wpa_ie_len)) {
2747 wpa_msg(wpa_s, MSG_WARNING, "WPA: Failed to set WPA "
2748 "key management and encryption suites");
2749 os_free(wpa_ie);
2750 return NULL;
2751 }
2752 #ifdef CONFIG_HS20
2753 } else if (bss && wpa_bss_get_vendor_ie(bss, OSEN_IE_VENDOR_TYPE) &&
2754 (ssid->key_mgmt & WPA_KEY_MGMT_OSEN)) {
2755 /* No PMKSA caching, but otherwise similar to RSN/WPA */
2756 wpa_ie_len = max_wpa_ie_len;
2757 if (wpa_supplicant_set_suites(wpa_s, bss, ssid,
2758 wpa_ie, &wpa_ie_len)) {
2759 wpa_msg(wpa_s, MSG_WARNING, "WPA: Failed to set WPA "
2760 "key management and encryption suites");
2761 os_free(wpa_ie);
2762 return NULL;
2763 }
2764 #endif /* CONFIG_HS20 */
2765 } else if ((ssid->key_mgmt & WPA_KEY_MGMT_IEEE8021X_NO_WPA) && bss &&
2766 wpa_key_mgmt_wpa_ieee8021x(ssid->key_mgmt)) {
2767 /*
2768 * Both WPA and non-WPA IEEE 802.1X enabled in configuration -
2769 * use non-WPA since the scan results did not indicate that the
2770 * AP is using WPA or WPA2.
2771 */
2772 wpa_supplicant_set_non_wpa_policy(wpa_s, ssid);
2773 wpa_ie_len = 0;
2774 wpa_s->wpa_proto = 0;
2775 } else if (wpa_key_mgmt_wpa_any(ssid->key_mgmt)) {
2776 wpa_ie_len = max_wpa_ie_len;
2777 if (wpa_supplicant_set_suites(wpa_s, NULL, ssid,
2778 wpa_ie, &wpa_ie_len)) {
2779 wpa_msg(wpa_s, MSG_WARNING, "WPA: Failed to set WPA "
2780 "key management and encryption suites (no "
2781 "scan results)");
2782 os_free(wpa_ie);
2783 return NULL;
2784 }
2785 #ifdef CONFIG_WPS
2786 } else if (ssid->key_mgmt & WPA_KEY_MGMT_WPS) {
2787 struct wpabuf *wps_ie;
2788 wps_ie = wps_build_assoc_req_ie(wpas_wps_get_req_type(ssid));
2789 if (wps_ie && wpabuf_len(wps_ie) <= max_wpa_ie_len) {
2790 wpa_ie_len = wpabuf_len(wps_ie);
2791 os_memcpy(wpa_ie, wpabuf_head(wps_ie), wpa_ie_len);
2792 } else
2793 wpa_ie_len = 0;
2794 wpabuf_free(wps_ie);
2795 wpa_supplicant_set_non_wpa_policy(wpa_s, ssid);
2796 if (!bss || (bss->caps & IEEE80211_CAP_PRIVACY))
2797 params->wps = WPS_MODE_PRIVACY;
2798 else
2799 params->wps = WPS_MODE_OPEN;
2800 wpa_s->wpa_proto = 0;
2801 #endif /* CONFIG_WPS */
2802 } else {
2803 wpa_supplicant_set_non_wpa_policy(wpa_s, ssid);
2804 wpa_ie_len = 0;
2805 wpa_s->wpa_proto = 0;
2806 }
2807
2808 #ifdef IEEE8021X_EAPOL
2809 if (ssid->key_mgmt & WPA_KEY_MGMT_IEEE8021X_NO_WPA) {
2810 if (ssid->leap) {
2811 if (ssid->non_leap == 0)
2812 algs = WPA_AUTH_ALG_LEAP;
2813 else
2814 algs |= WPA_AUTH_ALG_LEAP;
2815 }
2816 }
2817
2818 #ifdef CONFIG_FILS
2819 /* Clear FILS association */
2820 wpa_sm_set_reset_fils_completed(wpa_s->wpa, 0);
2821
2822 if ((wpa_s->drv_flags & WPA_DRIVER_FLAGS_FILS_SK_OFFLOAD) &&
2823 ssid->eap.erp && wpa_key_mgmt_fils(wpa_s->key_mgmt) &&
2824 eapol_sm_get_erp_info(wpa_s->eapol, &ssid->eap, &username,
2825 &username_len, &realm, &realm_len,
2826 &next_seq_num, &rrk, &rrk_len) == 0 &&
2827 (!wpa_s->last_con_fail_realm ||
2828 wpa_s->last_con_fail_realm_len != realm_len ||
2829 os_memcmp(wpa_s->last_con_fail_realm, realm, realm_len) != 0)) {
2830 algs = WPA_AUTH_ALG_FILS;
2831 params->fils_erp_username = username;
2832 params->fils_erp_username_len = username_len;
2833 params->fils_erp_realm = realm;
2834 params->fils_erp_realm_len = realm_len;
2835 params->fils_erp_next_seq_num = next_seq_num;
2836 params->fils_erp_rrk = rrk;
2837 params->fils_erp_rrk_len = rrk_len;
2838
2839 if (mask)
2840 *mask |= WPA_DRV_UPDATE_FILS_ERP_INFO;
2841 }
2842 #endif /* CONFIG_FILS */
2843 #endif /* IEEE8021X_EAPOL */
2844 #ifdef CONFIG_SAE
2845 if (wpa_s->key_mgmt & (WPA_KEY_MGMT_SAE | WPA_KEY_MGMT_FT_SAE))
2846 algs = WPA_AUTH_ALG_SAE;
2847 #endif /* CONFIG_SAE */
2848
2849 wpa_dbg(wpa_s, MSG_DEBUG, "Automatic auth_alg selection: 0x%x", algs);
2850 if (ssid->auth_alg) {
2851 algs = ssid->auth_alg;
2852 wpa_dbg(wpa_s, MSG_DEBUG,
2853 "Overriding auth_alg selection: 0x%x", algs);
2854 }
2855
2856 #ifdef CONFIG_SAE
2857 if (sae_pmksa_cached && algs == WPA_AUTH_ALG_SAE) {
2858 wpa_dbg(wpa_s, MSG_DEBUG,
2859 "SAE: Use WPA_AUTH_ALG_OPEN for PMKSA caching attempt");
2860 algs = WPA_AUTH_ALG_OPEN;
2861 }
2862 #endif /* CONFIG_SAE */
2863
2864 #ifdef CONFIG_P2P
2865 if (wpa_s->global->p2p) {
2866 u8 *pos;
2867 size_t len;
2868 int res;
2869 pos = wpa_ie + wpa_ie_len;
2870 len = max_wpa_ie_len - wpa_ie_len;
2871 res = wpas_p2p_assoc_req_ie(wpa_s, bss, pos, len,
2872 ssid->p2p_group);
2873 if (res >= 0)
2874 wpa_ie_len += res;
2875 }
2876
2877 wpa_s->cross_connect_disallowed = 0;
2878 if (bss) {
2879 struct wpabuf *p2p;
2880 p2p = wpa_bss_get_vendor_ie_multi(bss, P2P_IE_VENDOR_TYPE);
2881 if (p2p) {
2882 wpa_s->cross_connect_disallowed =
2883 p2p_get_cross_connect_disallowed(p2p);
2884 wpabuf_free(p2p);
2885 wpa_dbg(wpa_s, MSG_DEBUG, "P2P: WLAN AP %s cross "
2886 "connection",
2887 wpa_s->cross_connect_disallowed ?
2888 "disallows" : "allows");
2889 }
2890 }
2891
2892 os_memset(wpa_s->p2p_ip_addr_info, 0, sizeof(wpa_s->p2p_ip_addr_info));
2893 #endif /* CONFIG_P2P */
2894
2895 if (bss) {
2896 wpa_ie_len += wpas_supp_op_class_ie(wpa_s, ssid, bss,
2897 wpa_ie + wpa_ie_len,
2898 max_wpa_ie_len -
2899 wpa_ie_len);
2900 }
2901
2902 /*
2903 * Workaround: Add Extended Capabilities element only if the AP
2904 * included this element in Beacon/Probe Response frames. Some older
2905 * APs seem to have interoperability issues if this element is
2906 * included, so while the standard may require us to include the
2907 * element in all cases, it is justifiable to skip it to avoid
2908 * interoperability issues.
2909 */
2910 if (ssid->p2p_group)
2911 wpa_drv_get_ext_capa(wpa_s, WPA_IF_P2P_CLIENT);
2912 else
2913 wpa_drv_get_ext_capa(wpa_s, WPA_IF_STATION);
2914
2915 if (!bss || wpa_bss_get_ie(bss, WLAN_EID_EXT_CAPAB)) {
2916 u8 ext_capab[18];
2917 int ext_capab_len;
2918 ext_capab_len = wpas_build_ext_capab(wpa_s, ext_capab,
2919 sizeof(ext_capab));
2920 if (ext_capab_len > 0 &&
2921 wpa_ie_len + ext_capab_len <= max_wpa_ie_len) {
2922 u8 *pos = wpa_ie;
2923 if (wpa_ie_len > 0 && pos[0] == WLAN_EID_RSN)
2924 pos += 2 + pos[1];
2925 os_memmove(pos + ext_capab_len, pos,
2926 wpa_ie_len - (pos - wpa_ie));
2927 wpa_ie_len += ext_capab_len;
2928 os_memcpy(pos, ext_capab, ext_capab_len);
2929 }
2930 }
2931
2932 #ifdef CONFIG_HS20
2933 if (is_hs20_network(wpa_s, ssid, bss)) {
2934 struct wpabuf *hs20;
2935
2936 hs20 = wpabuf_alloc(20 + MAX_ROAMING_CONS_OI_LEN);
2937 if (hs20) {
2938 int pps_mo_id = hs20_get_pps_mo_id(wpa_s, ssid);
2939 size_t len;
2940
2941 wpas_hs20_add_indication(hs20, pps_mo_id,
2942 get_hs20_version(bss));
2943 wpas_hs20_add_roam_cons_sel(hs20, ssid);
2944 len = max_wpa_ie_len - wpa_ie_len;
2945 if (wpabuf_len(hs20) <= len) {
2946 os_memcpy(wpa_ie + wpa_ie_len,
2947 wpabuf_head(hs20), wpabuf_len(hs20));
2948 wpa_ie_len += wpabuf_len(hs20);
2949 }
2950 wpabuf_free(hs20);
2951
2952 hs20_configure_frame_filters(wpa_s);
2953 }
2954 }
2955 #endif /* CONFIG_HS20 */
2956
2957 if (wpa_s->vendor_elem[VENDOR_ELEM_ASSOC_REQ]) {
2958 struct wpabuf *buf = wpa_s->vendor_elem[VENDOR_ELEM_ASSOC_REQ];
2959 size_t len;
2960
2961 len = max_wpa_ie_len - wpa_ie_len;
2962 if (wpabuf_len(buf) <= len) {
2963 os_memcpy(wpa_ie + wpa_ie_len,
2964 wpabuf_head(buf), wpabuf_len(buf));
2965 wpa_ie_len += wpabuf_len(buf);
2966 }
2967 }
2968
2969 #ifdef CONFIG_FST
2970 if (wpa_s->fst_ies) {
2971 int fst_ies_len = wpabuf_len(wpa_s->fst_ies);
2972
2973 if (wpa_ie_len + fst_ies_len <= max_wpa_ie_len) {
2974 os_memcpy(wpa_ie + wpa_ie_len,
2975 wpabuf_head(wpa_s->fst_ies), fst_ies_len);
2976 wpa_ie_len += fst_ies_len;
2977 }
2978 }
2979 #endif /* CONFIG_FST */
2980
2981 #ifdef CONFIG_MBO
2982 mbo_ie = bss ? wpa_bss_get_vendor_ie(bss, MBO_IE_VENDOR_TYPE) : NULL;
2983 if (!wpa_s->disable_mbo_oce && mbo_ie) {
2984 int len;
2985
2986 len = wpas_mbo_ie(wpa_s, wpa_ie + wpa_ie_len,
2987 max_wpa_ie_len - wpa_ie_len,
2988 !!mbo_attr_from_mbo_ie(mbo_ie,
2989 OCE_ATTR_ID_CAPA_IND));
2990 if (len >= 0)
2991 wpa_ie_len += len;
2992 }
2993 #endif /* CONFIG_MBO */
2994
2995 #ifdef CONFIG_FILS
2996 if (algs == WPA_AUTH_ALG_FILS) {
2997 size_t len;
2998
2999 len = wpas_add_fils_hlp_req(wpa_s, wpa_ie + wpa_ie_len,
3000 max_wpa_ie_len - wpa_ie_len);
3001 wpa_ie_len += len;
3002 }
3003 #endif /* CONFIG_FILS */
3004
3005 #ifdef CONFIG_OWE
3006 #ifdef CONFIG_TESTING_OPTIONS
3007 if (get_ie_ext(wpa_ie, wpa_ie_len, WLAN_EID_EXT_OWE_DH_PARAM)) {
3008 wpa_printf(MSG_INFO, "TESTING: Override OWE DH element");
3009 } else
3010 #endif /* CONFIG_TESTING_OPTIONS */
3011 if (algs == WPA_AUTH_ALG_OPEN &&
3012 ssid->key_mgmt == WPA_KEY_MGMT_OWE) {
3013 struct wpabuf *owe_ie;
3014 u16 group;
3015
3016 if (ssid->owe_group) {
3017 group = ssid->owe_group;
3018 } else if (wpa_s->assoc_status_code ==
3019 WLAN_STATUS_FINITE_CYCLIC_GROUP_NOT_SUPPORTED) {
3020 if (wpa_s->last_owe_group == 19)
3021 group = 20;
3022 else if (wpa_s->last_owe_group == 20)
3023 group = 21;
3024 else
3025 group = OWE_DH_GROUP;
3026 } else {
3027 group = OWE_DH_GROUP;
3028 }
3029
3030 wpa_s->last_owe_group = group;
3031 wpa_printf(MSG_DEBUG, "OWE: Try to use group %u", group);
3032 owe_ie = owe_build_assoc_req(wpa_s->wpa, group);
3033 if (owe_ie &&
3034 wpabuf_len(owe_ie) <= max_wpa_ie_len - wpa_ie_len) {
3035 os_memcpy(wpa_ie + wpa_ie_len,
3036 wpabuf_head(owe_ie), wpabuf_len(owe_ie));
3037 wpa_ie_len += wpabuf_len(owe_ie);
3038 }
3039 wpabuf_free(owe_ie);
3040 }
3041 #endif /* CONFIG_OWE */
3042
3043 #ifdef CONFIG_DPP2
3044 if (wpa_sm_get_key_mgmt(wpa_s->wpa) == WPA_KEY_MGMT_DPP &&
3045 ssid->dpp_netaccesskey) {
3046 dpp_pfs_free(wpa_s->dpp_pfs);
3047 wpa_s->dpp_pfs = dpp_pfs_init(ssid->dpp_netaccesskey,
3048 ssid->dpp_netaccesskey_len);
3049 if (!wpa_s->dpp_pfs) {
3050 wpa_printf(MSG_DEBUG, "DPP: Could not initialize PFS");
3051 /* Try to continue without PFS */
3052 goto pfs_fail;
3053 }
3054 if (wpabuf_len(wpa_s->dpp_pfs->ie) <=
3055 max_wpa_ie_len - wpa_ie_len) {
3056 os_memcpy(wpa_ie + wpa_ie_len,
3057 wpabuf_head(wpa_s->dpp_pfs->ie),
3058 wpabuf_len(wpa_s->dpp_pfs->ie));
3059 wpa_ie_len += wpabuf_len(wpa_s->dpp_pfs->ie);
3060 }
3061 }
3062 pfs_fail:
3063 #endif /* CONFIG_DPP2 */
3064
3065 #ifdef CONFIG_IEEE80211R
3066 /*
3067 * Add MDIE under these conditions: the network profile allows FT,
3068 * the AP supports FT, and the mobility domain ID matches.
3069 */
3070 if (bss && wpa_key_mgmt_ft(wpa_sm_get_key_mgmt(wpa_s->wpa))) {
3071 const u8 *mdie = wpa_bss_get_ie(bss, WLAN_EID_MOBILITY_DOMAIN);
3072
3073 if (mdie && mdie[1] >= MOBILITY_DOMAIN_ID_LEN) {
3074 size_t len = 0;
3075 const u8 *md = mdie + 2;
3076 const u8 *wpa_md = wpa_sm_get_ft_md(wpa_s->wpa);
3077
3078 if (os_memcmp(md, wpa_md,
3079 MOBILITY_DOMAIN_ID_LEN) == 0) {
3080 /* Add mobility domain IE */
3081 len = wpa_ft_add_mdie(
3082 wpa_s->wpa, wpa_ie + wpa_ie_len,
3083 max_wpa_ie_len - wpa_ie_len, mdie);
3084 wpa_ie_len += len;
3085 }
3086 #ifdef CONFIG_SME
3087 if (len > 0 && wpa_s->sme.ft_used &&
3088 wpa_sm_has_ptk(wpa_s->wpa)) {
3089 wpa_dbg(wpa_s, MSG_DEBUG,
3090 "SME: Trying to use FT over-the-air");
3091 algs |= WPA_AUTH_ALG_FT;
3092 }
3093 #endif /* CONFIG_SME */
3094 }
3095 }
3096 #endif /* CONFIG_IEEE80211R */
3097
3098 #ifdef CONFIG_TESTING_OPTIONS
3099 if (wpa_s->rsnxe_override_assoc &&
3100 wpabuf_len(wpa_s->rsnxe_override_assoc) <=
3101 max_wpa_ie_len - wpa_ie_len) {
3102 wpa_printf(MSG_DEBUG, "TESTING: RSNXE AssocReq override");
3103 os_memcpy(wpa_ie + wpa_ie_len,
3104 wpabuf_head(wpa_s->rsnxe_override_assoc),
3105 wpabuf_len(wpa_s->rsnxe_override_assoc));
3106 wpa_ie_len += wpabuf_len(wpa_s->rsnxe_override_assoc);
3107 } else
3108 #endif /* CONFIG_TESTING_OPTIONS */
3109 if (wpa_s->rsnxe_len > 0 &&
3110 wpa_s->rsnxe_len <= max_wpa_ie_len - wpa_ie_len) {
3111 os_memcpy(wpa_ie + wpa_ie_len, wpa_s->rsnxe, wpa_s->rsnxe_len);
3112 wpa_ie_len += wpa_s->rsnxe_len;
3113 }
3114
3115 if (ssid->multi_ap_backhaul_sta) {
3116 size_t multi_ap_ie_len;
3117
3118 multi_ap_ie_len = add_multi_ap_ie(wpa_ie + wpa_ie_len,
3119 max_wpa_ie_len - wpa_ie_len,
3120 MULTI_AP_BACKHAUL_STA);
3121 if (multi_ap_ie_len == 0) {
3122 wpa_printf(MSG_ERROR,
3123 "Multi-AP: Failed to build Multi-AP IE");
3124 os_free(wpa_ie);
3125 return NULL;
3126 }
3127 wpa_ie_len += multi_ap_ie_len;
3128 }
3129
3130 params->wpa_ie = wpa_ie;
3131 params->wpa_ie_len = wpa_ie_len;
3132 params->auth_alg = algs;
3133 if (mask)
3134 *mask |= WPA_DRV_UPDATE_ASSOC_IES | WPA_DRV_UPDATE_AUTH_TYPE;
3135
3136 return wpa_ie;
3137 }
3138
3139
3140 #ifdef CONFIG_OWE
3141 static void wpas_update_owe_connect_params(struct wpa_supplicant *wpa_s)
3142 {
3143 struct wpa_driver_associate_params params;
3144 u8 *wpa_ie;
3145
3146 os_memset(&params, 0, sizeof(params));
3147 wpa_ie = wpas_populate_assoc_ies(wpa_s, wpa_s->current_bss,
3148 wpa_s->current_ssid, &params, NULL);
3149 if (!wpa_ie)
3150 return;
3151
3152 wpa_drv_update_connect_params(wpa_s, &params, WPA_DRV_UPDATE_ASSOC_IES);
3153 os_free(wpa_ie);
3154 }
3155 #endif /* CONFIG_OWE */
3156
3157
3158 #if defined(CONFIG_FILS) && defined(IEEE8021X_EAPOL)
3159 static void wpas_update_fils_connect_params(struct wpa_supplicant *wpa_s)
3160 {
3161 struct wpa_driver_associate_params params;
3162 enum wpa_drv_update_connect_params_mask mask = 0;
3163 u8 *wpa_ie;
3164
3165 if (wpa_s->auth_alg != WPA_AUTH_ALG_OPEN)
3166 return; /* nothing to do */
3167
3168 os_memset(&params, 0, sizeof(params));
3169 wpa_ie = wpas_populate_assoc_ies(wpa_s, wpa_s->current_bss,
3170 wpa_s->current_ssid, &params, &mask);
3171 if (!wpa_ie)
3172 return;
3173
3174 if (params.auth_alg != WPA_AUTH_ALG_FILS) {
3175 os_free(wpa_ie);
3176 return;
3177 }
3178
3179 wpa_s->auth_alg = params.auth_alg;
3180 wpa_drv_update_connect_params(wpa_s, &params, mask);
3181 os_free(wpa_ie);
3182 }
3183 #endif /* CONFIG_FILS && IEEE8021X_EAPOL */
3184
3185
3186 static u8 wpa_ie_get_edmg_oper_chans(const u8 *edmg_ie)
3187 {
3188 if (!edmg_ie || edmg_ie[1] < 6)
3189 return 0;
3190 return edmg_ie[EDMG_BSS_OPERATING_CHANNELS_OFFSET];
3191 }
3192
3193
3194 static u8 wpa_ie_get_edmg_oper_chan_width(const u8 *edmg_ie)
3195 {
3196 if (!edmg_ie || edmg_ie[1] < 6)
3197 return 0;
3198 return edmg_ie[EDMG_OPERATING_CHANNEL_WIDTH_OFFSET];
3199 }
3200
3201
3202 /* Returns the intersection of two EDMG configurations.
3203 * Note: The current implementation is limited to CB2 only (CB1 included),
3204 * i.e., the implementation supports up to 2 contiguous channels.
3205 * For supporting non-contiguous (aggregated) channels and for supporting
3206 * CB3 and above, this function will need to be extended.
3207 */
3208 static struct ieee80211_edmg_config
3209 get_edmg_intersection(struct ieee80211_edmg_config a,
3210 struct ieee80211_edmg_config b,
3211 u8 primary_channel)
3212 {
3213 struct ieee80211_edmg_config result;
3214 int i, contiguous = 0;
3215 int max_contiguous = 0;
3216
3217 result.channels = b.channels & a.channels;
3218 if (!result.channels) {
3219 wpa_printf(MSG_DEBUG,
3220 "EDMG not possible: cannot intersect channels 0x%x and 0x%x",
3221 a.channels, b.channels);
3222 goto fail;
3223 }
3224
3225 if (!(result.channels & BIT(primary_channel - 1))) {
3226 wpa_printf(MSG_DEBUG,
3227 "EDMG not possible: the primary channel %d is not one of the intersected channels 0x%x",
3228 primary_channel, result.channels);
3229 goto fail;
3230 }
3231
3232 /* Find max contiguous channels */
3233 for (i = 0; i < 6; i++) {
3234 if (result.channels & BIT(i))
3235 contiguous++;
3236 else
3237 contiguous = 0;
3238
3239 if (contiguous > max_contiguous)
3240 max_contiguous = contiguous;
3241 }
3242
3243 /* Assuming AP and STA supports ONLY contiguous channels,
3244 * bw configuration can have value between 4-7.
3245 */
3246 if ((b.bw_config < a.bw_config))
3247 result.bw_config = b.bw_config;
3248 else
3249 result.bw_config = a.bw_config;
3250
3251 if ((max_contiguous >= 2 && result.bw_config < EDMG_BW_CONFIG_5) ||
3252 (max_contiguous >= 1 && result.bw_config < EDMG_BW_CONFIG_4)) {
3253 wpa_printf(MSG_DEBUG,
3254 "EDMG not possible: not enough contiguous channels %d for supporting CB1 or CB2",
3255 max_contiguous);
3256 goto fail;
3257 }
3258
3259 return result;
3260
3261 fail:
3262 result.channels = 0;
3263 result.bw_config = 0;
3264 return result;
3265 }
3266
3267
3268 static struct ieee80211_edmg_config
3269 get_supported_edmg(struct wpa_supplicant *wpa_s,
3270 struct hostapd_freq_params *freq,
3271 struct ieee80211_edmg_config request_edmg)
3272 {
3273 enum hostapd_hw_mode hw_mode;
3274 struct hostapd_hw_modes *mode = NULL;
3275 u8 primary_channel;
3276
3277 if (!wpa_s->hw.modes)
3278 goto fail;
3279
3280 hw_mode = ieee80211_freq_to_chan(freq->freq, &primary_channel);
3281 if (hw_mode == NUM_HOSTAPD_MODES)
3282 goto fail;
3283
3284 mode = get_mode(wpa_s->hw.modes, wpa_s->hw.num_modes, hw_mode, 0);
3285 if (!mode)
3286 goto fail;
3287
3288 return get_edmg_intersection(mode->edmg, request_edmg, primary_channel);
3289
3290 fail:
3291 request_edmg.channels = 0;
3292 request_edmg.bw_config = 0;
3293 return request_edmg;
3294 }
3295
3296
3297 #ifdef CONFIG_MBO
3298 void wpas_update_mbo_connect_params(struct wpa_supplicant *wpa_s)
3299 {
3300 struct wpa_driver_associate_params params;
3301 u8 *wpa_ie;
3302
3303 /*
3304 * Update MBO connect params only in case of change of MBO attributes
3305 * when connected, if the AP support MBO.
3306 */
3307
3308 if (wpa_s->wpa_state != WPA_COMPLETED || !wpa_s->current_ssid ||
3309 !wpa_s->current_bss ||
3310 !wpa_bss_get_vendor_ie(wpa_s->current_bss, MBO_IE_VENDOR_TYPE))
3311 return;
3312
3313 os_memset(&params, 0, sizeof(params));
3314 wpa_ie = wpas_populate_assoc_ies(wpa_s, wpa_s->current_bss,
3315 wpa_s->current_ssid, &params, NULL);
3316 if (!wpa_ie)
3317 return;
3318
3319 wpa_drv_update_connect_params(wpa_s, &params, WPA_DRV_UPDATE_ASSOC_IES);
3320 os_free(wpa_ie);
3321 }
3322 #endif /* CONFIG_MBO */
3323
3324
3325 static void wpas_start_assoc_cb(struct wpa_radio_work *work, int deinit)
3326 {
3327 struct wpa_connect_work *cwork = work->ctx;
3328 struct wpa_bss *bss = cwork->bss;
3329 struct wpa_ssid *ssid = cwork->ssid;
3330 struct wpa_supplicant *wpa_s = work->wpa_s;
3331 u8 *wpa_ie;
3332 const u8 *edmg_ie_oper;
3333 int use_crypt, ret, bssid_changed;
3334 unsigned int cipher_pairwise, cipher_group, cipher_group_mgmt;
3335 struct wpa_driver_associate_params params;
3336 #if defined(CONFIG_WEP) || defined(IEEE8021X_EAPOL)
3337 int wep_keys_set = 0;
3338 #endif /* CONFIG_WEP || IEEE8021X_EAPOL */
3339 int assoc_failed = 0;
3340 struct wpa_ssid *old_ssid;
3341 u8 prev_bssid[ETH_ALEN];
3342 #ifdef CONFIG_HT_OVERRIDES
3343 struct ieee80211_ht_capabilities htcaps;
3344 struct ieee80211_ht_capabilities htcaps_mask;
3345 #endif /* CONFIG_HT_OVERRIDES */
3346 #ifdef CONFIG_VHT_OVERRIDES
3347 struct ieee80211_vht_capabilities vhtcaps;
3348 struct ieee80211_vht_capabilities vhtcaps_mask;
3349 #endif /* CONFIG_VHT_OVERRIDES */
3350
3351 if (deinit) {
3352 if (work->started) {
3353 wpa_s->connect_work = NULL;
3354
3355 /* cancel possible auth. timeout */
3356 eloop_cancel_timeout(wpa_supplicant_timeout, wpa_s,
3357 NULL);
3358 }
3359 wpas_connect_work_free(cwork);
3360 return;
3361 }
3362
3363 wpa_s->connect_work = work;
3364
3365 if (cwork->bss_removed || !wpas_valid_bss_ssid(wpa_s, bss, ssid) ||
3366 wpas_network_disabled(wpa_s, ssid)) {
3367 wpa_dbg(wpa_s, MSG_DEBUG, "BSS/SSID entry for association not valid anymore - drop connection attempt");
3368 wpas_connect_work_done(wpa_s);
3369 return;
3370 }
3371
3372 os_memcpy(prev_bssid, wpa_s->bssid, ETH_ALEN);
3373 os_memset(&params, 0, sizeof(params));
3374 wpa_s->reassociate = 0;
3375 wpa_s->eap_expected_failure = 0;
3376 if (bss &&
3377 (!wpas_driver_bss_selection(wpa_s) || wpas_wps_searching(wpa_s))) {
3378 #ifdef CONFIG_IEEE80211R
3379 const u8 *ie, *md = NULL;
3380 #endif /* CONFIG_IEEE80211R */
3381 wpa_msg(wpa_s, MSG_INFO, "Trying to associate with " MACSTR
3382 " (SSID='%s' freq=%d MHz)", MAC2STR(bss->bssid),
3383 wpa_ssid_txt(bss->ssid, bss->ssid_len), bss->freq);
3384 bssid_changed = !is_zero_ether_addr(wpa_s->bssid);
3385 os_memset(wpa_s->bssid, 0, ETH_ALEN);
3386 os_memcpy(wpa_s->pending_bssid, bss->bssid, ETH_ALEN);
3387 if (bssid_changed)
3388 wpas_notify_bssid_changed(wpa_s);
3389 #ifdef CONFIG_IEEE80211R
3390 ie = wpa_bss_get_ie(bss, WLAN_EID_MOBILITY_DOMAIN);
3391 if (ie && ie[1] >= MOBILITY_DOMAIN_ID_LEN)
3392 md = ie + 2;
3393 wpa_sm_set_ft_params(wpa_s->wpa, ie, ie ? 2 + ie[1] : 0);
3394 if (md) {
3395 /* Prepare for the next transition */
3396 wpa_ft_prepare_auth_request(wpa_s->wpa, ie);
3397 }
3398 #endif /* CONFIG_IEEE80211R */
3399 #ifdef CONFIG_WPS
3400 } else if ((ssid->ssid == NULL || ssid->ssid_len == 0) &&
3401 wpa_s->conf->ap_scan == 2 &&
3402 (ssid->key_mgmt & WPA_KEY_MGMT_WPS)) {
3403 /* Use ap_scan==1 style network selection to find the network
3404 */
3405 wpas_connect_work_done(wpa_s);
3406 wpa_s->scan_req = MANUAL_SCAN_REQ;
3407 wpa_s->reassociate = 1;
3408 wpa_supplicant_req_scan(wpa_s, 0, 0);
3409 return;
3410 #endif /* CONFIG_WPS */
3411 } else {
3412 wpa_msg(wpa_s, MSG_INFO, "Trying to associate with SSID '%s'",
3413 wpa_ssid_txt(ssid->ssid, ssid->ssid_len));
3414 if (bss)
3415 os_memcpy(wpa_s->pending_bssid, bss->bssid, ETH_ALEN);
3416 else
3417 os_memset(wpa_s->pending_bssid, 0, ETH_ALEN);
3418 }
3419 if (!wpa_s->pno)
3420 wpa_supplicant_cancel_sched_scan(wpa_s);
3421
3422 wpa_supplicant_cancel_scan(wpa_s);
3423
3424 /* Starting new association, so clear the possibly used WPA IE from the
3425 * previous association. */
3426 wpa_sm_set_assoc_wpa_ie(wpa_s->wpa, NULL, 0);
3427 wpa_sm_set_assoc_rsnxe(wpa_s->wpa, NULL, 0);
3428 wpa_s->rsnxe_len = 0;
3429
3430 wpa_ie = wpas_populate_assoc_ies(wpa_s, bss, ssid, &params, NULL);
3431 if (!wpa_ie) {
3432 wpas_connect_work_done(wpa_s);
3433 return;
3434 }
3435
3436 wpa_clear_keys(wpa_s, bss ? bss->bssid : NULL);
3437 use_crypt = 1;
3438 cipher_pairwise = wpa_s->pairwise_cipher;
3439 cipher_group = wpa_s->group_cipher;
3440 cipher_group_mgmt = wpa_s->mgmt_group_cipher;
3441 if (wpa_s->key_mgmt == WPA_KEY_MGMT_NONE ||
3442 wpa_s->key_mgmt == WPA_KEY_MGMT_IEEE8021X_NO_WPA) {
3443 if (wpa_s->key_mgmt == WPA_KEY_MGMT_NONE)
3444 use_crypt = 0;
3445 #ifdef CONFIG_WEP
3446 if (wpa_set_wep_keys(wpa_s, ssid)) {
3447 use_crypt = 1;
3448 wep_keys_set = 1;
3449 }
3450 #endif /* CONFIG_WEP */
3451 }
3452 if (wpa_s->key_mgmt == WPA_KEY_MGMT_WPS)
3453 use_crypt = 0;
3454
3455 #ifdef IEEE8021X_EAPOL
3456 if (wpa_s->key_mgmt == WPA_KEY_MGMT_IEEE8021X_NO_WPA) {
3457 if ((ssid->eapol_flags &
3458 (EAPOL_FLAG_REQUIRE_KEY_UNICAST |
3459 EAPOL_FLAG_REQUIRE_KEY_BROADCAST)) == 0 &&
3460 !wep_keys_set) {
3461 use_crypt = 0;
3462 } else {
3463 /* Assume that dynamic WEP-104 keys will be used and
3464 * set cipher suites in order for drivers to expect
3465 * encryption. */
3466 cipher_pairwise = cipher_group = WPA_CIPHER_WEP104;
3467 }
3468 }
3469 #endif /* IEEE8021X_EAPOL */
3470
3471 if (wpa_s->key_mgmt == WPA_KEY_MGMT_WPA_NONE) {
3472 /* Set the key before (and later after) association */
3473 wpa_supplicant_set_wpa_none_key(wpa_s, ssid);
3474 }
3475
3476 wpa_supplicant_set_state(wpa_s, WPA_ASSOCIATING);
3477 if (bss) {
3478 params.ssid = bss->ssid;
3479 params.ssid_len = bss->ssid_len;
3480 if (!wpas_driver_bss_selection(wpa_s) || ssid->bssid_set ||
3481 wpa_s->key_mgmt == WPA_KEY_MGMT_WPS) {
3482 wpa_printf(MSG_DEBUG, "Limit connection to BSSID "
3483 MACSTR " freq=%u MHz based on scan results "
3484 "(bssid_set=%d wps=%d)",
3485 MAC2STR(bss->bssid), bss->freq,
3486 ssid->bssid_set,
3487 wpa_s->key_mgmt == WPA_KEY_MGMT_WPS);
3488 params.bssid = bss->bssid;
3489 params.freq.freq = bss->freq;
3490 }
3491 params.bssid_hint = bss->bssid;
3492 params.freq_hint = bss->freq;
3493 params.pbss = bss_is_pbss(bss);
3494 } else {
3495 if (ssid->bssid_hint_set)
3496 params.bssid_hint = ssid->bssid_hint;
3497
3498 params.ssid = ssid->ssid;
3499 params.ssid_len = ssid->ssid_len;
3500 params.pbss = (ssid->pbss != 2) ? ssid->pbss : 0;
3501 }
3502
3503 if (ssid->mode == WPAS_MODE_IBSS && ssid->bssid_set &&
3504 wpa_s->conf->ap_scan == 2) {
3505 params.bssid = ssid->bssid;
3506 params.fixed_bssid = 1;
3507 }
3508
3509 /* Initial frequency for IBSS/mesh */
3510 if ((ssid->mode == WPAS_MODE_IBSS || ssid->mode == WPAS_MODE_MESH) &&
3511 ssid->frequency > 0 && params.freq.freq == 0)
3512 ibss_mesh_setup_freq(wpa_s, ssid, &params.freq);
3513
3514 if (ssid->mode == WPAS_MODE_IBSS) {
3515 params.fixed_freq = ssid->fixed_freq;
3516 if (ssid->beacon_int)
3517 params.beacon_int = ssid->beacon_int;
3518 else
3519 params.beacon_int = wpa_s->conf->beacon_int;
3520 }
3521
3522 if (bss && ssid->enable_edmg)
3523 edmg_ie_oper = get_ie_ext((const u8 *) (bss + 1), bss->ie_len,
3524 WLAN_EID_EXT_EDMG_OPERATION);
3525 else
3526 edmg_ie_oper = NULL;
3527
3528 if (edmg_ie_oper) {
3529 params.freq.edmg.channels =
3530 wpa_ie_get_edmg_oper_chans(edmg_ie_oper);
3531 params.freq.edmg.bw_config =
3532 wpa_ie_get_edmg_oper_chan_width(edmg_ie_oper);
3533 wpa_printf(MSG_DEBUG,
3534 "AP supports EDMG channels 0x%x, bw_config %d",
3535 params.freq.edmg.channels,
3536 params.freq.edmg.bw_config);
3537
3538 /* User may ask for specific EDMG channel for EDMG connection
3539 * (must be supported by AP)
3540 */
3541 if (ssid->edmg_channel) {
3542 struct ieee80211_edmg_config configured_edmg;
3543 enum hostapd_hw_mode hw_mode;
3544 u8 primary_channel;
3545
3546 hw_mode = ieee80211_freq_to_chan(bss->freq,
3547 &primary_channel);
3548 if (hw_mode == NUM_HOSTAPD_MODES)
3549 goto edmg_fail;
3550
3551 hostapd_encode_edmg_chan(ssid->enable_edmg,
3552 ssid->edmg_channel,
3553 primary_channel,
3554 &configured_edmg);
3555
3556 if (ieee802_edmg_is_allowed(params.freq.edmg,
3557 configured_edmg)) {
3558 params.freq.edmg = configured_edmg;
3559 wpa_printf(MSG_DEBUG,
3560 "Use EDMG channel %d for connection",
3561 ssid->edmg_channel);
3562 } else {
3563 edmg_fail:
3564 params.freq.edmg.channels = 0;
3565 params.freq.edmg.bw_config = 0;
3566 wpa_printf(MSG_WARNING,
3567 "EDMG channel %d not supported by AP, fallback to DMG",
3568 ssid->edmg_channel);
3569 }
3570 }
3571
3572 if (params.freq.edmg.channels) {
3573 wpa_printf(MSG_DEBUG,
3574 "EDMG before: channels 0x%x, bw_config %d",
3575 params.freq.edmg.channels,
3576 params.freq.edmg.bw_config);
3577 params.freq.edmg = get_supported_edmg(wpa_s,
3578 &params.freq,
3579 params.freq.edmg);
3580 wpa_printf(MSG_DEBUG,
3581 "EDMG after: channels 0x%x, bw_config %d",
3582 params.freq.edmg.channels,
3583 params.freq.edmg.bw_config);
3584 }
3585 }
3586
3587 params.pairwise_suite = cipher_pairwise;
3588 params.group_suite = cipher_group;
3589 params.mgmt_group_suite = cipher_group_mgmt;
3590 params.key_mgmt_suite = wpa_s->key_mgmt;
3591 params.wpa_proto = wpa_s->wpa_proto;
3592 wpa_s->auth_alg = params.auth_alg;
3593 params.mode = ssid->mode;
3594 params.bg_scan_period = ssid->bg_scan_period;
3595 #ifdef CONFIG_WEP
3596 {
3597 int i;
3598
3599 for (i = 0; i < NUM_WEP_KEYS; i++) {
3600 if (ssid->wep_key_len[i])
3601 params.wep_key[i] = ssid->wep_key[i];
3602 params.wep_key_len[i] = ssid->wep_key_len[i];
3603 }
3604 params.wep_tx_keyidx = ssid->wep_tx_keyidx;
3605 }
3606 #endif /* CONFIG_WEP */
3607
3608 if ((wpa_s->drv_flags & WPA_DRIVER_FLAGS_4WAY_HANDSHAKE_PSK) &&
3609 (params.key_mgmt_suite == WPA_KEY_MGMT_PSK ||
3610 params.key_mgmt_suite == WPA_KEY_MGMT_FT_PSK)) {
3611 params.passphrase = ssid->passphrase;
3612 if (ssid->psk_set)
3613 params.psk = ssid->psk;
3614 }
3615
3616 if ((wpa_s->drv_flags & WPA_DRIVER_FLAGS_4WAY_HANDSHAKE_8021X) &&
3617 (params.key_mgmt_suite == WPA_KEY_MGMT_IEEE8021X ||
3618 params.key_mgmt_suite == WPA_KEY_MGMT_IEEE8021X_SHA256 ||
3619 params.key_mgmt_suite == WPA_KEY_MGMT_IEEE8021X_SUITE_B ||
3620 params.key_mgmt_suite == WPA_KEY_MGMT_IEEE8021X_SUITE_B_192))
3621 params.req_handshake_offload = 1;
3622
3623 if (wpa_s->conf->key_mgmt_offload) {
3624 if (params.key_mgmt_suite == WPA_KEY_MGMT_IEEE8021X ||
3625 params.key_mgmt_suite == WPA_KEY_MGMT_IEEE8021X_SHA256 ||
3626 params.key_mgmt_suite == WPA_KEY_MGMT_IEEE8021X_SUITE_B ||
3627 params.key_mgmt_suite == WPA_KEY_MGMT_IEEE8021X_SUITE_B_192)
3628 params.req_key_mgmt_offload =
3629 ssid->proactive_key_caching < 0 ?
3630 wpa_s->conf->okc : ssid->proactive_key_caching;
3631 else
3632 params.req_key_mgmt_offload = 1;
3633
3634 if ((params.key_mgmt_suite == WPA_KEY_MGMT_PSK ||
3635 params.key_mgmt_suite == WPA_KEY_MGMT_PSK_SHA256 ||
3636 params.key_mgmt_suite == WPA_KEY_MGMT_FT_PSK) &&
3637 ssid->psk_set)
3638 params.psk = ssid->psk;
3639 }
3640
3641 params.drop_unencrypted = use_crypt;
3642
3643 params.mgmt_frame_protection = wpas_get_ssid_pmf(wpa_s, ssid);
3644 if (params.mgmt_frame_protection != NO_MGMT_FRAME_PROTECTION && bss) {
3645 const u8 *rsn = wpa_bss_get_ie(bss, WLAN_EID_RSN);
3646 struct wpa_ie_data ie;
3647 if (rsn && wpa_parse_wpa_ie(rsn, 2 + rsn[1], &ie) == 0 &&
3648 ie.capabilities &
3649 (WPA_CAPABILITY_MFPC | WPA_CAPABILITY_MFPR)) {
3650 wpa_dbg(wpa_s, MSG_DEBUG, "WPA: Selected AP supports "
3651 "MFP: require MFP");
3652 params.mgmt_frame_protection =
3653 MGMT_FRAME_PROTECTION_REQUIRED;
3654 #ifdef CONFIG_OWE
3655 } else if (!rsn && (ssid->key_mgmt & WPA_KEY_MGMT_OWE) &&
3656 !ssid->owe_only) {
3657 params.mgmt_frame_protection = NO_MGMT_FRAME_PROTECTION;
3658 #endif /* CONFIG_OWE */
3659 }
3660 }
3661
3662 params.p2p = ssid->p2p_group;
3663
3664 if (wpa_s->p2pdev->set_sta_uapsd)
3665 params.uapsd = wpa_s->p2pdev->sta_uapsd;
3666 else
3667 params.uapsd = -1;
3668
3669 #ifdef CONFIG_HT_OVERRIDES
3670 os_memset(&htcaps, 0, sizeof(htcaps));
3671 os_memset(&htcaps_mask, 0, sizeof(htcaps_mask));
3672 params.htcaps = (u8 *) &htcaps;
3673 params.htcaps_mask = (u8 *) &htcaps_mask;
3674 wpa_supplicant_apply_ht_overrides(wpa_s, ssid, &params);
3675 #endif /* CONFIG_HT_OVERRIDES */
3676 #ifdef CONFIG_VHT_OVERRIDES
3677 os_memset(&vhtcaps, 0, sizeof(vhtcaps));
3678 os_memset(&vhtcaps_mask, 0, sizeof(vhtcaps_mask));
3679 params.vhtcaps = &vhtcaps;
3680 params.vhtcaps_mask = &vhtcaps_mask;
3681 wpa_supplicant_apply_vht_overrides(wpa_s, ssid, &params);
3682 #endif /* CONFIG_VHT_OVERRIDES */
3683
3684 #ifdef CONFIG_P2P
3685 /*
3686 * If multi-channel concurrency is not supported, check for any
3687 * frequency conflict. In case of any frequency conflict, remove the
3688 * least prioritized connection.
3689 */
3690 if (wpa_s->num_multichan_concurrent < 2) {
3691 int freq, num;
3692 num = get_shared_radio_freqs(wpa_s, &freq, 1);
3693 if (num > 0 && freq > 0 && freq != params.freq.freq) {
3694 wpa_printf(MSG_DEBUG,
3695 "Assoc conflicting freq found (%d != %d)",
3696 freq, params.freq.freq);
3697 if (wpas_p2p_handle_frequency_conflicts(
3698 wpa_s, params.freq.freq, ssid) < 0) {
3699 wpas_connect_work_done(wpa_s);
3700 os_free(wpa_ie);
3701 return;
3702 }
3703 }
3704 }
3705 #endif /* CONFIG_P2P */
3706
3707 if (wpa_s->reassoc_same_ess && !is_zero_ether_addr(prev_bssid) &&
3708 wpa_s->current_ssid)
3709 params.prev_bssid = prev_bssid;
3710
3711 ret = wpa_drv_associate(wpa_s, &params);
3712 os_free(wpa_ie);
3713 if (ret < 0) {
3714 wpa_msg(wpa_s, MSG_INFO, "Association request to the driver "
3715 "failed");
3716 if (wpa_s->drv_flags & WPA_DRIVER_FLAGS_SANE_ERROR_CODES) {
3717 /*
3718 * The driver is known to mean what is saying, so we
3719 * can stop right here; the association will not
3720 * succeed.
3721 */
3722 wpas_connection_failed(wpa_s, wpa_s->pending_bssid);
3723 wpa_supplicant_set_state(wpa_s, WPA_DISCONNECTED);
3724 os_memset(wpa_s->pending_bssid, 0, ETH_ALEN);
3725 return;
3726 }
3727 /* try to continue anyway; new association will be tried again
3728 * after timeout */
3729 assoc_failed = 1;
3730 }
3731
3732 if (wpa_s->key_mgmt == WPA_KEY_MGMT_WPA_NONE) {
3733 /* Set the key after the association just in case association
3734 * cleared the previously configured key. */
3735 wpa_supplicant_set_wpa_none_key(wpa_s, ssid);
3736 /* No need to timeout authentication since there is no key
3737 * management. */
3738 wpa_supplicant_cancel_auth_timeout(wpa_s);
3739 wpa_supplicant_set_state(wpa_s, WPA_COMPLETED);
3740 #ifdef CONFIG_IBSS_RSN
3741 } else if (ssid->mode == WPAS_MODE_IBSS &&
3742 wpa_s->key_mgmt != WPA_KEY_MGMT_NONE &&
3743 wpa_s->key_mgmt != WPA_KEY_MGMT_WPA_NONE) {
3744 /*
3745 * RSN IBSS authentication is per-STA and we can disable the
3746 * per-BSSID authentication.
3747 */
3748 wpa_supplicant_cancel_auth_timeout(wpa_s);
3749 #endif /* CONFIG_IBSS_RSN */
3750 } else {
3751 /* Timeout for IEEE 802.11 authentication and association */
3752 int timeout = 60;
3753
3754 if (assoc_failed) {
3755 /* give IBSS a bit more time */
3756 timeout = ssid->mode == WPAS_MODE_IBSS ? 10 : 5;
3757 } else if (wpa_s->conf->ap_scan == 1) {
3758 /* give IBSS a bit more time */
3759 timeout = ssid->mode == WPAS_MODE_IBSS ? 20 : 10;
3760 }
3761 wpa_supplicant_req_auth_timeout(wpa_s, timeout, 0);
3762 }
3763
3764 #ifdef CONFIG_WEP
3765 if (wep_keys_set &&
3766 (wpa_s->drv_flags & WPA_DRIVER_FLAGS_SET_KEYS_AFTER_ASSOC)) {
3767 /* Set static WEP keys again */
3768 wpa_set_wep_keys(wpa_s, ssid);
3769 }
3770 #endif /* CONFIG_WEP */
3771
3772 if (wpa_s->current_ssid && wpa_s->current_ssid != ssid) {
3773 /*
3774 * Do not allow EAP session resumption between different
3775 * network configurations.
3776 */
3777 eapol_sm_invalidate_cached_session(wpa_s->eapol);
3778 }
3779 old_ssid = wpa_s->current_ssid;
3780 wpa_s->current_ssid = ssid;
3781
3782 if (!wpas_driver_bss_selection(wpa_s) || ssid->bssid_set) {
3783 wpa_s->current_bss = bss;
3784 #ifdef CONFIG_HS20
3785 hs20_configure_frame_filters(wpa_s);
3786 #endif /* CONFIG_HS20 */
3787 }
3788
3789 wpa_supplicant_rsn_supp_set_config(wpa_s, wpa_s->current_ssid);
3790 wpa_supplicant_initiate_eapol(wpa_s);
3791 if (old_ssid != wpa_s->current_ssid)
3792 wpas_notify_network_changed(wpa_s);
3793 }
3794
3795
3796 static void wpa_supplicant_clear_connection(struct wpa_supplicant *wpa_s,
3797 const u8 *addr)
3798 {
3799 struct wpa_ssid *old_ssid;
3800
3801 wpas_connect_work_done(wpa_s);
3802 wpa_clear_keys(wpa_s, addr);
3803 old_ssid = wpa_s->current_ssid;
3804 wpa_supplicant_mark_disassoc(wpa_s);
3805 wpa_sm_set_config(wpa_s->wpa, NULL);
3806 eapol_sm_notify_config(wpa_s->eapol, NULL, NULL);
3807 if (old_ssid != wpa_s->current_ssid)
3808 wpas_notify_network_changed(wpa_s);
3809 eloop_cancel_timeout(wpa_supplicant_timeout, wpa_s, NULL);
3810 }
3811
3812
3813 /**
3814 * wpa_supplicant_deauthenticate - Deauthenticate the current connection
3815 * @wpa_s: Pointer to wpa_supplicant data
3816 * @reason_code: IEEE 802.11 reason code for the deauthenticate frame
3817 *
3818 * This function is used to request %wpa_supplicant to deauthenticate from the
3819 * current AP.
3820 */
3821 void wpa_supplicant_deauthenticate(struct wpa_supplicant *wpa_s,
3822 u16 reason_code)
3823 {
3824 u8 *addr = NULL;
3825 union wpa_event_data event;
3826 int zero_addr = 0;
3827
3828 wpa_dbg(wpa_s, MSG_DEBUG, "Request to deauthenticate - bssid=" MACSTR
3829 " pending_bssid=" MACSTR " reason=%d (%s) state=%s",
3830 MAC2STR(wpa_s->bssid), MAC2STR(wpa_s->pending_bssid),
3831 reason_code, reason2str(reason_code),
3832 wpa_supplicant_state_txt(wpa_s->wpa_state));
3833
3834 if (!is_zero_ether_addr(wpa_s->pending_bssid) &&
3835 (wpa_s->wpa_state == WPA_AUTHENTICATING ||
3836 wpa_s->wpa_state == WPA_ASSOCIATING))
3837 addr = wpa_s->pending_bssid;
3838 else if (!is_zero_ether_addr(wpa_s->bssid))
3839 addr = wpa_s->bssid;
3840 else if (wpa_s->wpa_state == WPA_ASSOCIATING) {
3841 /*
3842 * When using driver-based BSS selection, we may not know the
3843 * BSSID with which we are currently trying to associate. We
3844 * need to notify the driver of this disconnection even in such
3845 * a case, so use the all zeros address here.
3846 */
3847 addr = wpa_s->bssid;
3848 zero_addr = 1;
3849 }
3850
3851 if (wpa_s->enabled_4addr_mode && wpa_drv_set_4addr_mode(wpa_s, 0) == 0)
3852 wpa_s->enabled_4addr_mode = 0;
3853
3854 #ifdef CONFIG_TDLS
3855 wpa_tdls_teardown_peers(wpa_s->wpa);
3856 #endif /* CONFIG_TDLS */
3857
3858 #ifdef CONFIG_MESH
3859 if (wpa_s->ifmsh) {
3860 struct mesh_conf *mconf;
3861
3862 mconf = wpa_s->ifmsh->mconf;
3863 wpa_msg(wpa_s, MSG_INFO, MESH_GROUP_REMOVED "%s",
3864 wpa_s->ifname);
3865 wpas_notify_mesh_group_removed(wpa_s, mconf->meshid,
3866 mconf->meshid_len, reason_code);
3867 wpa_supplicant_leave_mesh(wpa_s);
3868 }
3869 #endif /* CONFIG_MESH */
3870
3871 if (addr) {
3872 wpa_drv_deauthenticate(wpa_s, addr, reason_code);
3873 os_memset(&event, 0, sizeof(event));
3874 event.deauth_info.reason_code = reason_code;
3875 event.deauth_info.locally_generated = 1;
3876 wpa_supplicant_event(wpa_s, EVENT_DEAUTH, &event);
3877 if (zero_addr)
3878 addr = NULL;
3879 }
3880
3881 wpa_supplicant_clear_connection(wpa_s, addr);
3882 }
3883
3884
3885 void wpa_supplicant_reconnect(struct wpa_supplicant *wpa_s)
3886 {
3887 wpa_s->own_reconnect_req = 1;
3888 wpa_supplicant_deauthenticate(wpa_s, WLAN_REASON_UNSPECIFIED);
3889
3890 }
3891
3892
3893 static void wpa_supplicant_enable_one_network(struct wpa_supplicant *wpa_s,
3894 struct wpa_ssid *ssid)
3895 {
3896 if (!ssid || !ssid->disabled || ssid->disabled == 2)
3897 return;
3898
3899 ssid->disabled = 0;
3900 ssid->owe_transition_bss_select_count = 0;
3901 wpas_clear_temp_disabled(wpa_s, ssid, 1);
3902 wpas_notify_network_enabled_changed(wpa_s, ssid);
3903
3904 /*
3905 * Try to reassociate since there is no current configuration and a new
3906 * network was made available.
3907 */
3908 if (!wpa_s->current_ssid && !wpa_s->disconnected)
3909 wpa_s->reassociate = 1;
3910 }
3911
3912
3913 /**
3914 * wpa_supplicant_add_network - Add a new network
3915 * @wpa_s: wpa_supplicant structure for a network interface
3916 * Returns: The new network configuration or %NULL if operation failed
3917 *
3918 * This function performs the following operations:
3919 * 1. Adds a new network.
3920 * 2. Send network addition notification.
3921 * 3. Marks the network disabled.
3922 * 4. Set network default parameters.
3923 */
3924 struct wpa_ssid * wpa_supplicant_add_network(struct wpa_supplicant *wpa_s)
3925 {
3926 struct wpa_ssid *ssid;
3927
3928 ssid = wpa_config_add_network(wpa_s->conf);
3929 if (!ssid)
3930 return NULL;
3931 wpas_notify_network_added(wpa_s, ssid);
3932 ssid->disabled = 1;
3933 wpa_config_set_network_defaults(ssid);
3934
3935 return ssid;
3936 }
3937
3938
3939 /**
3940 * wpa_supplicant_remove_network - Remove a configured network based on id
3941 * @wpa_s: wpa_supplicant structure for a network interface
3942 * @id: Unique network id to search for
3943 * Returns: 0 on success, or -1 if the network was not found, -2 if the network
3944 * could not be removed
3945 *
3946 * This function performs the following operations:
3947 * 1. Removes the network.
3948 * 2. Send network removal notification.
3949 * 3. Update internal state machines.
3950 * 4. Stop any running sched scans.
3951 */
3952 int wpa_supplicant_remove_network(struct wpa_supplicant *wpa_s, int id)
3953 {
3954 struct wpa_ssid *ssid;
3955 int was_disabled;
3956
3957 ssid = wpa_config_get_network(wpa_s->conf, id);
3958 if (!ssid)
3959 return -1;
3960 wpas_notify_network_removed(wpa_s, ssid);
3961
3962 if (wpa_s->last_ssid == ssid)
3963 wpa_s->last_ssid = NULL;
3964
3965 if (ssid == wpa_s->current_ssid || !wpa_s->current_ssid) {
3966 #ifdef CONFIG_SME
3967 wpa_s->sme.prev_bssid_set = 0;
3968 #endif /* CONFIG_SME */
3969 /*
3970 * Invalidate the EAP session cache if the current or
3971 * previously used network is removed.
3972 */
3973 eapol_sm_invalidate_cached_session(wpa_s->eapol);
3974 }
3975
3976 if (ssid == wpa_s->current_ssid) {
3977 wpa_sm_set_config(wpa_s->wpa, NULL);
3978 eapol_sm_notify_config(wpa_s->eapol, NULL, NULL);
3979
3980 if (wpa_s->wpa_state >= WPA_AUTHENTICATING)
3981 wpa_s->own_disconnect_req = 1;
3982 wpa_supplicant_deauthenticate(wpa_s,
3983 WLAN_REASON_DEAUTH_LEAVING);
3984 }
3985
3986 was_disabled = ssid->disabled;
3987
3988 if (wpa_config_remove_network(wpa_s->conf, id) < 0)
3989 return -2;
3990
3991 if (!was_disabled && wpa_s->sched_scanning) {
3992 wpa_printf(MSG_DEBUG,
3993 "Stop ongoing sched_scan to remove network from filters");
3994 wpa_supplicant_cancel_sched_scan(wpa_s);
3995 wpa_supplicant_req_scan(wpa_s, 0, 0);
3996 }
3997
3998 return 0;
3999 }
4000
4001
4002 /**
4003 * wpa_supplicant_enable_network - Mark a configured network as enabled
4004 * @wpa_s: wpa_supplicant structure for a network interface
4005 * @ssid: wpa_ssid structure for a configured network or %NULL
4006 *
4007 * Enables the specified network or all networks if no network specified.
4008 */
4009 void wpa_supplicant_enable_network(struct wpa_supplicant *wpa_s,
4010 struct wpa_ssid *ssid)
4011 {
4012 if (ssid == NULL) {
4013 for (ssid = wpa_s->conf->ssid; ssid; ssid = ssid->next)
4014 wpa_supplicant_enable_one_network(wpa_s, ssid);
4015 } else
4016 wpa_supplicant_enable_one_network(wpa_s, ssid);
4017
4018 if (wpa_s->reassociate && !wpa_s->disconnected &&
4019 (!wpa_s->current_ssid ||
4020 wpa_s->wpa_state == WPA_DISCONNECTED ||
4021 wpa_s->wpa_state == WPA_SCANNING)) {
4022 if (wpa_s->sched_scanning) {
4023 wpa_printf(MSG_DEBUG, "Stop ongoing sched_scan to add "
4024 "new network to scan filters");
4025 wpa_supplicant_cancel_sched_scan(wpa_s);
4026 }
4027
4028 if (wpa_supplicant_fast_associate(wpa_s) != 1) {
4029 wpa_s->scan_req = NORMAL_SCAN_REQ;
4030 wpa_supplicant_req_scan(wpa_s, 0, 0);
4031 }
4032 }
4033 }
4034
4035
4036 /**
4037 * wpa_supplicant_disable_network - Mark a configured network as disabled
4038 * @wpa_s: wpa_supplicant structure for a network interface
4039 * @ssid: wpa_ssid structure for a configured network or %NULL
4040 *
4041 * Disables the specified network or all networks if no network specified.
4042 */
4043 void wpa_supplicant_disable_network(struct wpa_supplicant *wpa_s,
4044 struct wpa_ssid *ssid)
4045 {
4046 struct wpa_ssid *other_ssid;
4047 int was_disabled;
4048
4049 if (ssid == NULL) {
4050 if (wpa_s->sched_scanning)
4051 wpa_supplicant_cancel_sched_scan(wpa_s);
4052
4053 for (other_ssid = wpa_s->conf->ssid; other_ssid;
4054 other_ssid = other_ssid->next) {
4055 was_disabled = other_ssid->disabled;
4056 if (was_disabled == 2)
4057 continue; /* do not change persistent P2P group
4058 * data */
4059
4060 other_ssid->disabled = 1;
4061
4062 if (was_disabled != other_ssid->disabled)
4063 wpas_notify_network_enabled_changed(
4064 wpa_s, other_ssid);
4065 }
4066 if (wpa_s->current_ssid) {
4067 if (wpa_s->wpa_state >= WPA_AUTHENTICATING)
4068 wpa_s->own_disconnect_req = 1;
4069 wpa_supplicant_deauthenticate(
4070 wpa_s, WLAN_REASON_DEAUTH_LEAVING);
4071 }
4072 } else if (ssid->disabled != 2) {
4073 if (ssid == wpa_s->current_ssid) {
4074 if (wpa_s->wpa_state >= WPA_AUTHENTICATING)
4075 wpa_s->own_disconnect_req = 1;
4076 wpa_supplicant_deauthenticate(
4077 wpa_s, WLAN_REASON_DEAUTH_LEAVING);
4078 }
4079
4080 was_disabled = ssid->disabled;
4081
4082 ssid->disabled = 1;
4083
4084 if (was_disabled != ssid->disabled) {
4085 wpas_notify_network_enabled_changed(wpa_s, ssid);
4086 if (wpa_s->sched_scanning) {
4087 wpa_printf(MSG_DEBUG, "Stop ongoing sched_scan "
4088 "to remove network from filters");
4089 wpa_supplicant_cancel_sched_scan(wpa_s);
4090 wpa_supplicant_req_scan(wpa_s, 0, 0);
4091 }
4092 }
4093 }
4094 }
4095
4096
4097 /**
4098 * wpa_supplicant_select_network - Attempt association with a network
4099 * @wpa_s: wpa_supplicant structure for a network interface
4100 * @ssid: wpa_ssid structure for a configured network or %NULL for any network
4101 */
4102 void wpa_supplicant_select_network(struct wpa_supplicant *wpa_s,
4103 struct wpa_ssid *ssid)
4104 {
4105
4106 struct wpa_ssid *other_ssid;
4107 int disconnected = 0;
4108
4109 if (ssid && ssid != wpa_s->current_ssid && wpa_s->current_ssid) {
4110 if (wpa_s->wpa_state >= WPA_AUTHENTICATING)
4111 wpa_s->own_disconnect_req = 1;
4112 wpa_supplicant_deauthenticate(
4113 wpa_s, WLAN_REASON_DEAUTH_LEAVING);
4114 disconnected = 1;
4115 }
4116
4117 if (ssid)
4118 wpas_clear_temp_disabled(wpa_s, ssid, 1);
4119
4120 /*
4121 * Mark all other networks disabled or mark all networks enabled if no
4122 * network specified.
4123 */
4124 for (other_ssid = wpa_s->conf->ssid; other_ssid;
4125 other_ssid = other_ssid->next) {
4126 int was_disabled = other_ssid->disabled;
4127 if (was_disabled == 2)
4128 continue; /* do not change persistent P2P group data */
4129
4130 other_ssid->disabled = ssid ? (ssid->id != other_ssid->id) : 0;
4131 if (was_disabled && !other_ssid->disabled)
4132 wpas_clear_temp_disabled(wpa_s, other_ssid, 0);
4133
4134 if (was_disabled != other_ssid->disabled)
4135 wpas_notify_network_enabled_changed(wpa_s, other_ssid);
4136 }
4137
4138 if (ssid && ssid == wpa_s->current_ssid && wpa_s->current_ssid &&
4139 wpa_s->wpa_state >= WPA_AUTHENTICATING) {
4140 /* We are already associated with the selected network */
4141 wpa_printf(MSG_DEBUG, "Already associated with the "
4142 "selected network - do nothing");
4143 return;
4144 }
4145
4146 if (ssid) {
4147 wpa_s->current_ssid = ssid;
4148 eapol_sm_notify_config(wpa_s->eapol, NULL, NULL);
4149 wpa_s->connect_without_scan =
4150 (ssid->mode == WPAS_MODE_MESH) ? ssid : NULL;
4151
4152 /*
4153 * Don't optimize next scan freqs since a new ESS has been
4154 * selected.
4155 */
4156 os_free(wpa_s->next_scan_freqs);
4157 wpa_s->next_scan_freqs = NULL;
4158 } else {
4159 wpa_s->connect_without_scan = NULL;
4160 }
4161
4162 wpa_s->disconnected = 0;
4163 wpa_s->reassociate = 1;
4164 wpa_s_clear_sae_rejected(wpa_s);
4165 wpa_s->last_owe_group = 0;
4166 if (ssid) {
4167 ssid->owe_transition_bss_select_count = 0;
4168 wpa_s_setup_sae_pt(wpa_s->conf, ssid);
4169 }
4170
4171 if (wpa_s->connect_without_scan ||
4172 wpa_supplicant_fast_associate(wpa_s) != 1) {
4173 wpa_s->scan_req = NORMAL_SCAN_REQ;
4174 wpas_scan_reset_sched_scan(wpa_s);
4175 wpa_supplicant_req_scan(wpa_s, 0, disconnected ? 100000 : 0);
4176 }
4177
4178 if (ssid)
4179 wpas_notify_network_selected(wpa_s, ssid);
4180 }
4181
4182
4183 /**
4184 * wpas_set_pkcs11_engine_and_module_path - Set PKCS #11 engine and module path
4185 * @wpa_s: wpa_supplicant structure for a network interface
4186 * @pkcs11_engine_path: PKCS #11 engine path or NULL
4187 * @pkcs11_module_path: PKCS #11 module path or NULL
4188 * Returns: 0 on success; -1 on failure
4189 *
4190 * Sets the PKCS #11 engine and module path. Both have to be NULL or a valid
4191 * path. If resetting the EAPOL state machine with the new PKCS #11 engine and
4192 * module path fails the paths will be reset to the default value (NULL).
4193 */
4194 int wpas_set_pkcs11_engine_and_module_path(struct wpa_supplicant *wpa_s,
4195 const char *pkcs11_engine_path,
4196 const char *pkcs11_module_path)
4197 {
4198 char *pkcs11_engine_path_copy = NULL;
4199 char *pkcs11_module_path_copy = NULL;
4200
4201 if (pkcs11_engine_path != NULL) {
4202 pkcs11_engine_path_copy = os_strdup(pkcs11_engine_path);
4203 if (pkcs11_engine_path_copy == NULL)
4204 return -1;
4205 }
4206 if (pkcs11_module_path != NULL) {
4207 pkcs11_module_path_copy = os_strdup(pkcs11_module_path);
4208 if (pkcs11_module_path_copy == NULL) {
4209 os_free(pkcs11_engine_path_copy);
4210 return -1;
4211 }
4212 }
4213
4214 os_free(wpa_s->conf->pkcs11_engine_path);
4215 os_free(wpa_s->conf->pkcs11_module_path);
4216 wpa_s->conf->pkcs11_engine_path = pkcs11_engine_path_copy;
4217 wpa_s->conf->pkcs11_module_path = pkcs11_module_path_copy;
4218
4219 wpa_sm_set_eapol(wpa_s->wpa, NULL);
4220 eapol_sm_deinit(wpa_s->eapol);
4221 wpa_s->eapol = NULL;
4222 if (wpa_supplicant_init_eapol(wpa_s)) {
4223 /* Error -> Reset paths to the default value (NULL) once. */
4224 if (pkcs11_engine_path != NULL && pkcs11_module_path != NULL)
4225 wpas_set_pkcs11_engine_and_module_path(wpa_s, NULL,
4226 NULL);
4227
4228 return -1;
4229 }
4230 wpa_sm_set_eapol(wpa_s->wpa, wpa_s->eapol);
4231
4232 return 0;
4233 }
4234
4235
4236 /**
4237 * wpa_supplicant_set_ap_scan - Set AP scan mode for interface
4238 * @wpa_s: wpa_supplicant structure for a network interface
4239 * @ap_scan: AP scan mode
4240 * Returns: 0 if succeed or -1 if ap_scan has an invalid value
4241 *
4242 */
4243 int wpa_supplicant_set_ap_scan(struct wpa_supplicant *wpa_s, int ap_scan)
4244 {
4245
4246 int old_ap_scan;
4247
4248 if (ap_scan < 0 || ap_scan > 2)
4249 return -1;
4250
4251 if (ap_scan == 2 && os_strcmp(wpa_s->driver->name, "nl80211") == 0) {
4252 wpa_printf(MSG_INFO,
4253 "Note: nl80211 driver interface is not designed to be used with ap_scan=2; this can result in connection failures");
4254 }
4255
4256 #ifdef ANDROID
4257 if (ap_scan == 2 && ap_scan != wpa_s->conf->ap_scan &&
4258 wpa_s->wpa_state >= WPA_ASSOCIATING &&
4259 wpa_s->wpa_state < WPA_COMPLETED) {
4260 wpa_printf(MSG_ERROR, "ap_scan = %d (%d) rejected while "
4261 "associating", wpa_s->conf->ap_scan, ap_scan);
4262 return 0;
4263 }
4264 #endif /* ANDROID */
4265
4266 old_ap_scan = wpa_s->conf->ap_scan;
4267 wpa_s->conf->ap_scan = ap_scan;
4268
4269 if (old_ap_scan != wpa_s->conf->ap_scan)
4270 wpas_notify_ap_scan_changed(wpa_s);
4271
4272 return 0;
4273 }
4274
4275
4276 /**
4277 * wpa_supplicant_set_bss_expiration_age - Set BSS entry expiration age
4278 * @wpa_s: wpa_supplicant structure for a network interface
4279 * @expire_age: Expiration age in seconds
4280 * Returns: 0 if succeed or -1 if expire_age has an invalid value
4281 *
4282 */
4283 int wpa_supplicant_set_bss_expiration_age(struct wpa_supplicant *wpa_s,
4284 unsigned int bss_expire_age)
4285 {
4286 if (bss_expire_age < 10) {
4287 wpa_msg(wpa_s, MSG_ERROR, "Invalid bss expiration age %u",
4288 bss_expire_age);
4289 return -1;
4290 }
4291 wpa_msg(wpa_s, MSG_DEBUG, "Setting bss expiration age: %d sec",
4292 bss_expire_age);
4293 wpa_s->conf->bss_expiration_age = bss_expire_age;
4294
4295 return 0;
4296 }
4297
4298
4299 /**
4300 * wpa_supplicant_set_bss_expiration_count - Set BSS entry expiration scan count
4301 * @wpa_s: wpa_supplicant structure for a network interface
4302 * @expire_count: number of scans after which an unseen BSS is reclaimed
4303 * Returns: 0 if succeed or -1 if expire_count has an invalid value
4304 *
4305 */
4306 int wpa_supplicant_set_bss_expiration_count(struct wpa_supplicant *wpa_s,
4307 unsigned int bss_expire_count)
4308 {
4309 if (bss_expire_count < 1) {
4310 wpa_msg(wpa_s, MSG_ERROR, "Invalid bss expiration count %u",
4311 bss_expire_count);
4312 return -1;
4313 }
4314 wpa_msg(wpa_s, MSG_DEBUG, "Setting bss expiration scan count: %u",
4315 bss_expire_count);
4316 wpa_s->conf->bss_expiration_scan_count = bss_expire_count;
4317
4318 return 0;
4319 }
4320
4321
4322 /**
4323 * wpa_supplicant_set_scan_interval - Set scan interval
4324 * @wpa_s: wpa_supplicant structure for a network interface
4325 * @scan_interval: scan interval in seconds
4326 * Returns: 0 if succeed or -1 if scan_interval has an invalid value
4327 *
4328 */
4329 int wpa_supplicant_set_scan_interval(struct wpa_supplicant *wpa_s,
4330 int scan_interval)
4331 {
4332 if (scan_interval < 0) {
4333 wpa_msg(wpa_s, MSG_ERROR, "Invalid scan interval %d",
4334 scan_interval);
4335 return -1;
4336 }
4337 wpa_msg(wpa_s, MSG_DEBUG, "Setting scan interval: %d sec",
4338 scan_interval);
4339 wpa_supplicant_update_scan_int(wpa_s, scan_interval);
4340
4341 return 0;
4342 }
4343
4344
4345 /**
4346 * wpa_supplicant_set_debug_params - Set global debug params
4347 * @global: wpa_global structure
4348 * @debug_level: debug level
4349 * @debug_timestamp: determines if show timestamp in debug data
4350 * @debug_show_keys: determines if show keys in debug data
4351 * Returns: 0 if succeed or -1 if debug_level has wrong value
4352 */
4353 int wpa_supplicant_set_debug_params(struct wpa_global *global, int debug_level,
4354 int debug_timestamp, int debug_show_keys)
4355 {
4356
4357 int old_level, old_timestamp, old_show_keys;
4358
4359 /* check for allowed debuglevels */
4360 if (debug_level != MSG_EXCESSIVE &&
4361 debug_level != MSG_MSGDUMP &&
4362 debug_level != MSG_DEBUG &&
4363 debug_level != MSG_INFO &&
4364 debug_level != MSG_WARNING &&
4365 debug_level != MSG_ERROR)
4366 return -1;
4367
4368 old_level = wpa_debug_level;
4369 old_timestamp = wpa_debug_timestamp;
4370 old_show_keys = wpa_debug_show_keys;
4371
4372 wpa_debug_level = debug_level;
4373 wpa_debug_timestamp = debug_timestamp ? 1 : 0;
4374 wpa_debug_show_keys = debug_show_keys ? 1 : 0;
4375
4376 if (wpa_debug_level != old_level)
4377 wpas_notify_debug_level_changed(global);
4378 if (wpa_debug_timestamp != old_timestamp)
4379 wpas_notify_debug_timestamp_changed(global);
4380 if (wpa_debug_show_keys != old_show_keys)
4381 wpas_notify_debug_show_keys_changed(global);
4382
4383 return 0;
4384 }
4385
4386
4387 #ifdef CONFIG_OWE
4388 static int owe_trans_ssid_match(struct wpa_supplicant *wpa_s, const u8 *bssid,
4389 const u8 *entry_ssid, size_t entry_ssid_len)
4390 {
4391 const u8 *owe, *pos, *end;
4392 u8 ssid_len;
4393 struct wpa_bss *bss;
4394
4395 /* Check network profile SSID aganst the SSID in the
4396 * OWE Transition Mode element. */
4397
4398 bss = wpa_bss_get_bssid_latest(wpa_s, bssid);
4399 if (!bss)
4400 return 0;
4401
4402 owe = wpa_bss_get_vendor_ie(bss, OWE_IE_VENDOR_TYPE);
4403 if (!owe)
4404 return 0;
4405
4406 pos = owe + 6;
4407 end = owe + 2 + owe[1];
4408
4409 if (end - pos < ETH_ALEN + 1)
4410 return 0;
4411 pos += ETH_ALEN;
4412 ssid_len = *pos++;
4413 if (end - pos < ssid_len || ssid_len > SSID_MAX_LEN)
4414 return 0;
4415
4416 return entry_ssid_len == ssid_len &&
4417 os_memcmp(pos, entry_ssid, ssid_len) == 0;
4418 }
4419 #endif /* CONFIG_OWE */
4420
4421
4422 /**
4423 * wpa_supplicant_get_ssid - Get a pointer to the current network structure
4424 * @wpa_s: Pointer to wpa_supplicant data
4425 * Returns: A pointer to the current network structure or %NULL on failure
4426 */
4427 struct wpa_ssid * wpa_supplicant_get_ssid(struct wpa_supplicant *wpa_s)
4428 {
4429 struct wpa_ssid *entry;
4430 u8 ssid[SSID_MAX_LEN];
4431 int res;
4432 size_t ssid_len;
4433 u8 bssid[ETH_ALEN];
4434 int wired;
4435
4436 res = wpa_drv_get_ssid(wpa_s, ssid);
4437 if (res < 0) {
4438 wpa_msg(wpa_s, MSG_WARNING, "Could not read SSID from "
4439 "driver");
4440 return NULL;
4441 }
4442 ssid_len = res;
4443
4444 if (wpa_drv_get_bssid(wpa_s, bssid) < 0) {
4445 wpa_msg(wpa_s, MSG_WARNING, "Could not read BSSID from "
4446 "driver");
4447 return NULL;
4448 }
4449
4450 wired = wpa_s->conf->ap_scan == 0 &&
4451 (wpa_s->drv_flags & WPA_DRIVER_FLAGS_WIRED);
4452
4453 entry = wpa_s->conf->ssid;
4454 while (entry) {
4455 if (!wpas_network_disabled(wpa_s, entry) &&
4456 ((ssid_len == entry->ssid_len &&
4457 (!entry->ssid ||
4458 os_memcmp(ssid, entry->ssid, ssid_len) == 0)) ||
4459 wired) &&
4460 (!entry->bssid_set ||
4461 os_memcmp(bssid, entry->bssid, ETH_ALEN) == 0))
4462 return entry;
4463 #ifdef CONFIG_WPS
4464 if (!wpas_network_disabled(wpa_s, entry) &&
4465 (entry->key_mgmt & WPA_KEY_MGMT_WPS) &&
4466 (entry->ssid == NULL || entry->ssid_len == 0) &&
4467 (!entry->bssid_set ||
4468 os_memcmp(bssid, entry->bssid, ETH_ALEN) == 0))
4469 return entry;
4470 #endif /* CONFIG_WPS */
4471
4472 #ifdef CONFIG_OWE
4473 if (!wpas_network_disabled(wpa_s, entry) &&
4474 owe_trans_ssid_match(wpa_s, bssid, entry->ssid,
4475 entry->ssid_len) &&
4476 (!entry->bssid_set ||
4477 os_memcmp(bssid, entry->bssid, ETH_ALEN) == 0))
4478 return entry;
4479 #endif /* CONFIG_OWE */
4480
4481 if (!wpas_network_disabled(wpa_s, entry) && entry->bssid_set &&
4482 entry->ssid_len == 0 &&
4483 os_memcmp(bssid, entry->bssid, ETH_ALEN) == 0)
4484 return entry;
4485
4486 entry = entry->next;
4487 }
4488
4489 return NULL;
4490 }
4491
4492
4493 static int select_driver(struct wpa_supplicant *wpa_s, int i)
4494 {
4495 struct wpa_global *global = wpa_s->global;
4496
4497 if (wpa_drivers[i]->global_init && global->drv_priv[i] == NULL) {
4498 global->drv_priv[i] = wpa_drivers[i]->global_init(global);
4499 if (global->drv_priv[i] == NULL) {
4500 wpa_printf(MSG_ERROR, "Failed to initialize driver "
4501 "'%s'", wpa_drivers[i]->name);
4502 return -1;
4503 }
4504 }
4505
4506 wpa_s->driver = wpa_drivers[i];
4507 wpa_s->global_drv_priv = global->drv_priv[i];
4508
4509 return 0;
4510 }
4511
4512
4513 static int wpa_supplicant_set_driver(struct wpa_supplicant *wpa_s,
4514 const char *name)
4515 {
4516 int i;
4517 size_t len;
4518 const char *pos, *driver = name;
4519
4520 if (wpa_s == NULL)
4521 return -1;
4522
4523 if (wpa_drivers[0] == NULL) {
4524 wpa_msg(wpa_s, MSG_ERROR, "No driver interfaces build into "
4525 "wpa_supplicant");
4526 return -1;
4527 }
4528
4529 if (name == NULL) {
4530 /* default to first driver in the list */
4531 return select_driver(wpa_s, 0);
4532 }
4533
4534 do {
4535 pos = os_strchr(driver, ',');
4536 if (pos)
4537 len = pos - driver;
4538 else
4539 len = os_strlen(driver);
4540
4541 for (i = 0; wpa_drivers[i]; i++) {
4542 if (os_strlen(wpa_drivers[i]->name) == len &&
4543 os_strncmp(driver, wpa_drivers[i]->name, len) ==
4544 0) {
4545 /* First driver that succeeds wins */
4546 if (select_driver(wpa_s, i) == 0)
4547 return 0;
4548 }
4549 }
4550
4551 driver = pos + 1;
4552 } while (pos);
4553
4554 wpa_msg(wpa_s, MSG_ERROR, "Unsupported driver '%s'", name);
4555 return -1;
4556 }
4557
4558
4559 /**
4560 * wpa_supplicant_rx_eapol - Deliver a received EAPOL frame to wpa_supplicant
4561 * @ctx: Context pointer (wpa_s); this is the ctx variable registered
4562 * with struct wpa_driver_ops::init()
4563 * @src_addr: Source address of the EAPOL frame
4564 * @buf: EAPOL data starting from the EAPOL header (i.e., no Ethernet header)
4565 * @len: Length of the EAPOL data
4566 *
4567 * This function is called for each received EAPOL frame. Most driver
4568 * interfaces rely on more generic OS mechanism for receiving frames through
4569 * l2_packet, but if such a mechanism is not available, the driver wrapper may
4570 * take care of received EAPOL frames and deliver them to the core supplicant
4571 * code by calling this function.
4572 */
4573 void wpa_supplicant_rx_eapol(void *ctx, const u8 *src_addr,
4574 const u8 *buf, size_t len)
4575 {
4576 struct wpa_supplicant *wpa_s = ctx;
4577
4578 wpa_dbg(wpa_s, MSG_DEBUG, "RX EAPOL from " MACSTR, MAC2STR(src_addr));
4579 wpa_hexdump(MSG_MSGDUMP, "RX EAPOL", buf, len);
4580
4581 #ifdef CONFIG_TESTING_OPTIONS
4582 if (wpa_s->ignore_auth_resp) {
4583 wpa_printf(MSG_INFO, "RX EAPOL - ignore_auth_resp active!");
4584 return;
4585 }
4586 #endif /* CONFIG_TESTING_OPTIONS */
4587
4588 if (wpa_s->wpa_state < WPA_ASSOCIATED ||
4589 (wpa_s->last_eapol_matches_bssid &&
4590 #ifdef CONFIG_AP
4591 !wpa_s->ap_iface &&
4592 #endif /* CONFIG_AP */
4593 os_memcmp(src_addr, wpa_s->bssid, ETH_ALEN) != 0)) {
4594 /*
4595 * There is possible race condition between receiving the
4596 * association event and the EAPOL frame since they are coming
4597 * through different paths from the driver. In order to avoid
4598 * issues in trying to process the EAPOL frame before receiving
4599 * association information, lets queue it for processing until
4600 * the association event is received. This may also be needed in
4601 * driver-based roaming case, so also use src_addr != BSSID as a
4602 * trigger if we have previously confirmed that the
4603 * Authenticator uses BSSID as the src_addr (which is not the
4604 * case with wired IEEE 802.1X).
4605 */
4606 wpa_dbg(wpa_s, MSG_DEBUG, "Not associated - Delay processing "
4607 "of received EAPOL frame (state=%s bssid=" MACSTR ")",
4608 wpa_supplicant_state_txt(wpa_s->wpa_state),
4609 MAC2STR(wpa_s->bssid));
4610 wpabuf_free(wpa_s->pending_eapol_rx);
4611 wpa_s->pending_eapol_rx = wpabuf_alloc_copy(buf, len);
4612 if (wpa_s->pending_eapol_rx) {
4613 os_get_reltime(&wpa_s->pending_eapol_rx_time);
4614 os_memcpy(wpa_s->pending_eapol_rx_src, src_addr,
4615 ETH_ALEN);
4616 }
4617 return;
4618 }
4619
4620 wpa_s->last_eapol_matches_bssid =
4621 os_memcmp(src_addr, wpa_s->bssid, ETH_ALEN) == 0;
4622
4623 #ifdef CONFIG_AP
4624 if (wpa_s->ap_iface) {
4625 wpa_supplicant_ap_rx_eapol(wpa_s, src_addr, buf, len);
4626 return;
4627 }
4628 #endif /* CONFIG_AP */
4629
4630 if (wpa_s->key_mgmt == WPA_KEY_MGMT_NONE) {
4631 wpa_dbg(wpa_s, MSG_DEBUG, "Ignored received EAPOL frame since "
4632 "no key management is configured");
4633 return;
4634 }
4635
4636 if (wpa_s->eapol_received == 0 &&
4637 (!(wpa_s->drv_flags & WPA_DRIVER_FLAGS_4WAY_HANDSHAKE_PSK) ||
4638 !wpa_key_mgmt_wpa_psk(wpa_s->key_mgmt) ||
4639 wpa_s->wpa_state != WPA_COMPLETED) &&
4640 (wpa_s->current_ssid == NULL ||
4641 wpa_s->current_ssid->mode != WPAS_MODE_IBSS)) {
4642 /* Timeout for completing IEEE 802.1X and WPA authentication */
4643 int timeout = 10;
4644
4645 if (wpa_key_mgmt_wpa_ieee8021x(wpa_s->key_mgmt) ||
4646 wpa_s->key_mgmt == WPA_KEY_MGMT_IEEE8021X_NO_WPA ||
4647 wpa_s->key_mgmt == WPA_KEY_MGMT_WPS) {
4648 /* Use longer timeout for IEEE 802.1X/EAP */
4649 timeout = 70;
4650 }
4651
4652 #ifdef CONFIG_WPS
4653 if (wpa_s->current_ssid && wpa_s->current_bss &&
4654 (wpa_s->current_ssid->key_mgmt & WPA_KEY_MGMT_WPS) &&
4655 eap_is_wps_pin_enrollee(&wpa_s->current_ssid->eap)) {
4656 /*
4657 * Use shorter timeout if going through WPS AP iteration
4658 * for PIN config method with an AP that does not
4659 * advertise Selected Registrar.
4660 */
4661 struct wpabuf *wps_ie;
4662
4663 wps_ie = wpa_bss_get_vendor_ie_multi(
4664 wpa_s->current_bss, WPS_IE_VENDOR_TYPE);
4665 if (wps_ie &&
4666 !wps_is_addr_authorized(wps_ie, wpa_s->own_addr, 1))
4667 timeout = 10;
4668 wpabuf_free(wps_ie);
4669 }
4670 #endif /* CONFIG_WPS */
4671
4672 wpa_supplicant_req_auth_timeout(wpa_s, timeout, 0);
4673 }
4674 wpa_s->eapol_received++;
4675
4676 if (wpa_s->countermeasures) {
4677 wpa_msg(wpa_s, MSG_INFO, "WPA: Countermeasures - dropped "
4678 "EAPOL packet");
4679 return;
4680 }
4681
4682 #ifdef CONFIG_IBSS_RSN
4683 if (wpa_s->current_ssid &&
4684 wpa_s->current_ssid->mode == WPAS_MODE_IBSS) {
4685 ibss_rsn_rx_eapol(wpa_s->ibss_rsn, src_addr, buf, len);
4686 return;
4687 }
4688 #endif /* CONFIG_IBSS_RSN */
4689
4690 /* Source address of the incoming EAPOL frame could be compared to the
4691 * current BSSID. However, it is possible that a centralized
4692 * Authenticator could be using another MAC address than the BSSID of
4693 * an AP, so just allow any address to be used for now. The replies are
4694 * still sent to the current BSSID (if available), though. */
4695
4696 os_memcpy(wpa_s->last_eapol_src, src_addr, ETH_ALEN);
4697 if (!wpa_key_mgmt_wpa_psk(wpa_s->key_mgmt) &&
4698 wpa_s->key_mgmt != WPA_KEY_MGMT_OWE &&
4699 wpa_s->key_mgmt != WPA_KEY_MGMT_DPP &&
4700 eapol_sm_rx_eapol(wpa_s->eapol, src_addr, buf, len) > 0)
4701 return;
4702 wpa_drv_poll(wpa_s);
4703 if (!(wpa_s->drv_flags & WPA_DRIVER_FLAGS_4WAY_HANDSHAKE_PSK))
4704 wpa_sm_rx_eapol(wpa_s->wpa, src_addr, buf, len);
4705 else if (wpa_key_mgmt_wpa_ieee8021x(wpa_s->key_mgmt)) {
4706 /*
4707 * Set portValid = TRUE here since we are going to skip 4-way
4708 * handshake processing which would normally set portValid. We
4709 * need this to allow the EAPOL state machines to be completed
4710 * without going through EAPOL-Key handshake.
4711 */
4712 eapol_sm_notify_portValid(wpa_s->eapol, TRUE);
4713 }
4714 }
4715
4716
4717 int wpa_supplicant_update_mac_addr(struct wpa_supplicant *wpa_s)
4718 {
4719 if ((!wpa_s->p2p_mgmt ||
4720 !(wpa_s->drv_flags & WPA_DRIVER_FLAGS_DEDICATED_P2P_DEVICE)) &&
4721 !(wpa_s->drv_flags & WPA_DRIVER_FLAGS_P2P_DEDICATED_INTERFACE)) {
4722 l2_packet_deinit(wpa_s->l2);
4723 wpa_s->l2 = l2_packet_init(wpa_s->ifname,
4724 wpa_drv_get_mac_addr(wpa_s),
4725 ETH_P_EAPOL,
4726 wpa_supplicant_rx_eapol, wpa_s, 0);
4727 if (wpa_s->l2 == NULL)
4728 return -1;
4729
4730 if (l2_packet_set_packet_filter(wpa_s->l2,
4731 L2_PACKET_FILTER_PKTTYPE))
4732 wpa_dbg(wpa_s, MSG_DEBUG,
4733 "Failed to attach pkt_type filter");
4734 } else {
4735 const u8 *addr = wpa_drv_get_mac_addr(wpa_s);
4736 if (addr)
4737 os_memcpy(wpa_s->own_addr, addr, ETH_ALEN);
4738 }
4739
4740 if (wpa_s->l2 && l2_packet_get_own_addr(wpa_s->l2, wpa_s->own_addr)) {
4741 wpa_msg(wpa_s, MSG_ERROR, "Failed to get own L2 address");
4742 return -1;
4743 }
4744
4745 wpa_sm_set_own_addr(wpa_s->wpa, wpa_s->own_addr);
4746 wpas_wps_update_mac_addr(wpa_s);
4747
4748 #ifdef CONFIG_FST
4749 if (wpa_s->fst)
4750 fst_update_mac_addr(wpa_s->fst, wpa_s->own_addr);
4751 #endif /* CONFIG_FST */
4752
4753 return 0;
4754 }
4755
4756
4757 static void wpa_supplicant_rx_eapol_bridge(void *ctx, const u8 *src_addr,
4758 const u8 *buf, size_t len)
4759 {
4760 struct wpa_supplicant *wpa_s = ctx;
4761 const struct l2_ethhdr *eth;
4762
4763 if (len < sizeof(*eth))
4764 return;
4765 eth = (const struct l2_ethhdr *) buf;
4766
4767 if (os_memcmp(eth->h_dest, wpa_s->own_addr, ETH_ALEN) != 0 &&
4768 !(eth->h_dest[0] & 0x01)) {
4769 wpa_dbg(wpa_s, MSG_DEBUG, "RX EAPOL from " MACSTR " to " MACSTR
4770 " (bridge - not for this interface - ignore)",
4771 MAC2STR(src_addr), MAC2STR(eth->h_dest));
4772 return;
4773 }
4774
4775 wpa_dbg(wpa_s, MSG_DEBUG, "RX EAPOL from " MACSTR " to " MACSTR
4776 " (bridge)", MAC2STR(src_addr), MAC2STR(eth->h_dest));
4777 wpa_supplicant_rx_eapol(wpa_s, src_addr, buf + sizeof(*eth),
4778 len - sizeof(*eth));
4779 }
4780
4781
4782 /**
4783 * wpa_supplicant_driver_init - Initialize driver interface parameters
4784 * @wpa_s: Pointer to wpa_supplicant data
4785 * Returns: 0 on success, -1 on failure
4786 *
4787 * This function is called to initialize driver interface parameters.
4788 * wpa_drv_init() must have been called before this function to initialize the
4789 * driver interface.
4790 */
4791 int wpa_supplicant_driver_init(struct wpa_supplicant *wpa_s)
4792 {
4793 static int interface_count = 0;
4794
4795 if (wpa_supplicant_update_mac_addr(wpa_s) < 0)
4796 return -1;
4797
4798 wpa_dbg(wpa_s, MSG_DEBUG, "Own MAC address: " MACSTR,
4799 MAC2STR(wpa_s->own_addr));
4800 os_memcpy(wpa_s->perm_addr, wpa_s->own_addr, ETH_ALEN);
4801 wpa_sm_set_own_addr(wpa_s->wpa, wpa_s->own_addr);
4802
4803 if (wpa_s->bridge_ifname[0]) {
4804 wpa_dbg(wpa_s, MSG_DEBUG, "Receiving packets from bridge "
4805 "interface '%s'", wpa_s->bridge_ifname);
4806 wpa_s->l2_br = l2_packet_init_bridge(
4807 wpa_s->bridge_ifname, wpa_s->ifname, wpa_s->own_addr,
4808 ETH_P_EAPOL, wpa_supplicant_rx_eapol_bridge, wpa_s, 1);
4809 if (wpa_s->l2_br == NULL) {
4810 wpa_msg(wpa_s, MSG_ERROR, "Failed to open l2_packet "
4811 "connection for the bridge interface '%s'",
4812 wpa_s->bridge_ifname);
4813 return -1;
4814 }
4815 }
4816
4817 if (wpa_s->conf->ap_scan == 2 &&
4818 os_strcmp(wpa_s->driver->name, "nl80211") == 0) {
4819 wpa_printf(MSG_INFO,
4820 "Note: nl80211 driver interface is not designed to be used with ap_scan=2; this can result in connection failures");
4821 }
4822
4823 wpa_clear_keys(wpa_s, NULL);
4824
4825 /* Make sure that TKIP countermeasures are not left enabled (could
4826 * happen if wpa_supplicant is killed during countermeasures. */
4827 wpa_drv_set_countermeasures(wpa_s, 0);
4828
4829 wpa_dbg(wpa_s, MSG_DEBUG, "RSN: flushing PMKID list in the driver");
4830 wpa_drv_flush_pmkid(wpa_s);
4831
4832 wpa_s->prev_scan_ssid = WILDCARD_SSID_SCAN;
4833 wpa_s->prev_scan_wildcard = 0;
4834
4835 if (wpa_supplicant_enabled_networks(wpa_s)) {
4836 if (wpa_s->wpa_state == WPA_INTERFACE_DISABLED) {
4837 wpa_supplicant_set_state(wpa_s, WPA_DISCONNECTED);
4838 interface_count = 0;
4839 }
4840 #ifndef ANDROID
4841 if (!wpa_s->p2p_mgmt &&
4842 wpa_supplicant_delayed_sched_scan(wpa_s,
4843 interface_count % 3,
4844 100000))
4845 wpa_supplicant_req_scan(wpa_s, interface_count % 3,
4846 100000);
4847 #endif /* ANDROID */
4848 interface_count++;
4849 } else
4850 wpa_supplicant_set_state(wpa_s, WPA_INACTIVE);
4851
4852 return 0;
4853 }
4854
4855
4856 static int wpa_supplicant_daemon(const char *pid_file)
4857 {
4858 wpa_printf(MSG_DEBUG, "Daemonize..");
4859 return os_daemonize(pid_file);
4860 }
4861
4862
4863 static struct wpa_supplicant *
4864 wpa_supplicant_alloc(struct wpa_supplicant *parent)
4865 {
4866 struct wpa_supplicant *wpa_s;
4867
4868 wpa_s = os_zalloc(sizeof(*wpa_s));
4869 if (wpa_s == NULL)
4870 return NULL;
4871 wpa_s->scan_req = INITIAL_SCAN_REQ;
4872 wpa_s->scan_interval = 5;
4873 wpa_s->new_connection = 1;
4874 wpa_s->parent = parent ? parent : wpa_s;
4875 wpa_s->p2pdev = wpa_s->parent;
4876 wpa_s->sched_scanning = 0;
4877
4878 dl_list_init(&wpa_s->bss_tmp_disallowed);
4879 dl_list_init(&wpa_s->fils_hlp_req);
4880 #ifdef CONFIG_TESTING_OPTIONS
4881 dl_list_init(&wpa_s->drv_signal_override);
4882 #endif /* CONFIG_TESTING_OPTIONS */
4883
4884 return wpa_s;
4885 }
4886
4887
4888 #ifdef CONFIG_HT_OVERRIDES
4889
4890 static int wpa_set_htcap_mcs(struct wpa_supplicant *wpa_s,
4891 struct ieee80211_ht_capabilities *htcaps,
4892 struct ieee80211_ht_capabilities *htcaps_mask,
4893 const char *ht_mcs)
4894 {
4895 /* parse ht_mcs into hex array */
4896 int i;
4897 const char *tmp = ht_mcs;
4898 char *end = NULL;
4899
4900 /* If ht_mcs is null, do not set anything */
4901 if (!ht_mcs)
4902 return 0;
4903
4904 /* This is what we are setting in the kernel */
4905 os_memset(&htcaps->supported_mcs_set, 0, IEEE80211_HT_MCS_MASK_LEN);
4906
4907 wpa_msg(wpa_s, MSG_DEBUG, "set_htcap, ht_mcs -:%s:-", ht_mcs);
4908
4909 for (i = 0; i < IEEE80211_HT_MCS_MASK_LEN; i++) {
4910 long v;
4911
4912 errno = 0;
4913 v = strtol(tmp, &end, 16);
4914
4915 if (errno == 0) {
4916 wpa_msg(wpa_s, MSG_DEBUG,
4917 "htcap value[%i]: %ld end: %p tmp: %p",
4918 i, v, end, tmp);
4919 if (end == tmp)
4920 break;
4921
4922 htcaps->supported_mcs_set[i] = v;
4923 tmp = end;
4924 } else {
4925 wpa_msg(wpa_s, MSG_ERROR,
4926 "Failed to parse ht-mcs: %s, error: %s\n",
4927 ht_mcs, strerror(errno));
4928 return -1;
4929 }
4930 }
4931
4932 /*
4933 * If we were able to parse any values, then set mask for the MCS set.
4934 */
4935 if (i) {
4936 os_memset(&htcaps_mask->supported_mcs_set, 0xff,
4937 IEEE80211_HT_MCS_MASK_LEN - 1);
4938 /* skip the 3 reserved bits */
4939 htcaps_mask->supported_mcs_set[IEEE80211_HT_MCS_MASK_LEN - 1] =
4940 0x1f;
4941 }
4942
4943 return 0;
4944 }
4945
4946
4947 static int wpa_disable_max_amsdu(struct wpa_supplicant *wpa_s,
4948 struct ieee80211_ht_capabilities *htcaps,
4949 struct ieee80211_ht_capabilities *htcaps_mask,
4950 int disabled)
4951 {
4952 le16 msk;
4953
4954 if (disabled == -1)
4955 return 0;
4956
4957 wpa_msg(wpa_s, MSG_DEBUG, "set_disable_max_amsdu: %d", disabled);
4958
4959 msk = host_to_le16(HT_CAP_INFO_MAX_AMSDU_SIZE);
4960 htcaps_mask->ht_capabilities_info |= msk;
4961 if (disabled)
4962 htcaps->ht_capabilities_info &= msk;
4963 else
4964 htcaps->ht_capabilities_info |= msk;
4965
4966 return 0;
4967 }
4968
4969
4970 static int wpa_set_ampdu_factor(struct wpa_supplicant *wpa_s,
4971 struct ieee80211_ht_capabilities *htcaps,
4972 struct ieee80211_ht_capabilities *htcaps_mask,
4973 int factor)
4974 {
4975 if (factor == -1)
4976 return 0;
4977
4978 wpa_msg(wpa_s, MSG_DEBUG, "set_ampdu_factor: %d", factor);
4979
4980 if (factor < 0 || factor > 3) {
4981 wpa_msg(wpa_s, MSG_ERROR, "ampdu_factor: %d out of range. "
4982 "Must be 0-3 or -1", factor);
4983 return -EINVAL;
4984 }
4985
4986 htcaps_mask->a_mpdu_params |= 0x3; /* 2 bits for factor */
4987 htcaps->a_mpdu_params &= ~0x3;
4988 htcaps->a_mpdu_params |= factor & 0x3;
4989
4990 return 0;
4991 }
4992
4993
4994 static int wpa_set_ampdu_density(struct wpa_supplicant *wpa_s,
4995 struct ieee80211_ht_capabilities *htcaps,
4996 struct ieee80211_ht_capabilities *htcaps_mask,
4997 int density)
4998 {
4999 if (density == -1)
5000 return 0;
5001
5002 wpa_msg(wpa_s, MSG_DEBUG, "set_ampdu_density: %d", density);
5003
5004 if (density < 0 || density > 7) {
5005 wpa_msg(wpa_s, MSG_ERROR,
5006 "ampdu_density: %d out of range. Must be 0-7 or -1.",
5007 density);
5008 return -EINVAL;
5009 }
5010
5011 htcaps_mask->a_mpdu_params |= 0x1C;
5012 htcaps->a_mpdu_params &= ~(0x1C);
5013 htcaps->a_mpdu_params |= (density << 2) & 0x1C;
5014
5015 return 0;
5016 }
5017
5018
5019 static int wpa_set_disable_ht40(struct wpa_supplicant *wpa_s,
5020 struct ieee80211_ht_capabilities *htcaps,
5021 struct ieee80211_ht_capabilities *htcaps_mask,
5022 int disabled)
5023 {
5024 if (disabled)
5025 wpa_msg(wpa_s, MSG_DEBUG, "set_disable_ht40: %d", disabled);
5026
5027 set_disable_ht40(htcaps, disabled);
5028 set_disable_ht40(htcaps_mask, 0);
5029
5030 return 0;
5031 }
5032
5033
5034 static int wpa_set_disable_sgi(struct wpa_supplicant *wpa_s,
5035 struct ieee80211_ht_capabilities *htcaps,
5036 struct ieee80211_ht_capabilities *htcaps_mask,
5037 int disabled)
5038 {
5039 /* Masking these out disables SGI */
5040 le16 msk = host_to_le16(HT_CAP_INFO_SHORT_GI20MHZ |
5041 HT_CAP_INFO_SHORT_GI40MHZ);
5042
5043 if (disabled)
5044 wpa_msg(wpa_s, MSG_DEBUG, "set_disable_sgi: %d", disabled);
5045
5046 if (disabled)
5047 htcaps->ht_capabilities_info &= ~msk;
5048 else
5049 htcaps->ht_capabilities_info |= msk;
5050
5051 htcaps_mask->ht_capabilities_info |= msk;
5052
5053 return 0;
5054 }
5055
5056
5057 static int wpa_set_disable_ldpc(struct wpa_supplicant *wpa_s,
5058 struct ieee80211_ht_capabilities *htcaps,
5059 struct ieee80211_ht_capabilities *htcaps_mask,
5060 int disabled)
5061 {
5062 /* Masking these out disables LDPC */
5063 le16 msk = host_to_le16(HT_CAP_INFO_LDPC_CODING_CAP);
5064
5065 if (disabled)
5066 wpa_msg(wpa_s, MSG_DEBUG, "set_disable_ldpc: %d", disabled);
5067
5068 if (disabled)
5069 htcaps->ht_capabilities_info &= ~msk;
5070 else
5071 htcaps->ht_capabilities_info |= msk;
5072
5073 htcaps_mask->ht_capabilities_info |= msk;
5074
5075 return 0;
5076 }
5077
5078
5079 static int wpa_set_tx_stbc(struct wpa_supplicant *wpa_s,
5080 struct ieee80211_ht_capabilities *htcaps,
5081 struct ieee80211_ht_capabilities *htcaps_mask,
5082 int tx_stbc)
5083 {
5084 le16 msk = host_to_le16(HT_CAP_INFO_TX_STBC);
5085
5086 if (tx_stbc == -1)
5087 return 0;
5088
5089 wpa_msg(wpa_s, MSG_DEBUG, "set_tx_stbc: %d", tx_stbc);
5090
5091 if (tx_stbc < 0 || tx_stbc > 1) {
5092 wpa_msg(wpa_s, MSG_ERROR,
5093 "tx_stbc: %d out of range. Must be 0-1 or -1", tx_stbc);
5094 return -EINVAL;
5095 }
5096
5097 htcaps_mask->ht_capabilities_info |= msk;
5098 htcaps->ht_capabilities_info &= ~msk;
5099 htcaps->ht_capabilities_info |= (tx_stbc << 7) & msk;
5100
5101 return 0;
5102 }
5103
5104
5105 static int wpa_set_rx_stbc(struct wpa_supplicant *wpa_s,
5106 struct ieee80211_ht_capabilities *htcaps,
5107 struct ieee80211_ht_capabilities *htcaps_mask,
5108 int rx_stbc)
5109 {
5110 le16 msk = host_to_le16(HT_CAP_INFO_RX_STBC_MASK);
5111
5112 if (rx_stbc == -1)
5113 return 0;
5114
5115 wpa_msg(wpa_s, MSG_DEBUG, "set_rx_stbc: %d", rx_stbc);
5116
5117 if (rx_stbc < 0 || rx_stbc > 3) {
5118 wpa_msg(wpa_s, MSG_ERROR,
5119 "rx_stbc: %d out of range. Must be 0-3 or -1", rx_stbc);
5120 return -EINVAL;
5121 }
5122
5123 htcaps_mask->ht_capabilities_info |= msk;
5124 htcaps->ht_capabilities_info &= ~msk;
5125 htcaps->ht_capabilities_info |= (rx_stbc << 8) & msk;
5126
5127 return 0;
5128 }
5129
5130
5131 void wpa_supplicant_apply_ht_overrides(
5132 struct wpa_supplicant *wpa_s, struct wpa_ssid *ssid,
5133 struct wpa_driver_associate_params *params)
5134 {
5135 struct ieee80211_ht_capabilities *htcaps;
5136 struct ieee80211_ht_capabilities *htcaps_mask;
5137
5138 if (!ssid)
5139 return;
5140
5141 params->disable_ht = ssid->disable_ht;
5142 if (!params->htcaps || !params->htcaps_mask)
5143 return;
5144
5145 htcaps = (struct ieee80211_ht_capabilities *) params->htcaps;
5146 htcaps_mask = (struct ieee80211_ht_capabilities *) params->htcaps_mask;
5147 wpa_set_htcap_mcs(wpa_s, htcaps, htcaps_mask, ssid->ht_mcs);
5148 wpa_disable_max_amsdu(wpa_s, htcaps, htcaps_mask,
5149 ssid->disable_max_amsdu);
5150 wpa_set_ampdu_factor(wpa_s, htcaps, htcaps_mask, ssid->ampdu_factor);
5151 wpa_set_ampdu_density(wpa_s, htcaps, htcaps_mask, ssid->ampdu_density);
5152 wpa_set_disable_ht40(wpa_s, htcaps, htcaps_mask, ssid->disable_ht40);
5153 wpa_set_disable_sgi(wpa_s, htcaps, htcaps_mask, ssid->disable_sgi);
5154 wpa_set_disable_ldpc(wpa_s, htcaps, htcaps_mask, ssid->disable_ldpc);
5155 wpa_set_rx_stbc(wpa_s, htcaps, htcaps_mask, ssid->rx_stbc);
5156 wpa_set_tx_stbc(wpa_s, htcaps, htcaps_mask, ssid->tx_stbc);
5157
5158 if (ssid->ht40_intolerant) {
5159 le16 bit = host_to_le16(HT_CAP_INFO_40MHZ_INTOLERANT);
5160 htcaps->ht_capabilities_info |= bit;
5161 htcaps_mask->ht_capabilities_info |= bit;
5162 }
5163 }
5164
5165 #endif /* CONFIG_HT_OVERRIDES */
5166
5167
5168 #ifdef CONFIG_VHT_OVERRIDES
5169 void wpa_supplicant_apply_vht_overrides(
5170 struct wpa_supplicant *wpa_s, struct wpa_ssid *ssid,
5171 struct wpa_driver_associate_params *params)
5172 {
5173 struct ieee80211_vht_capabilities *vhtcaps;
5174 struct ieee80211_vht_capabilities *vhtcaps_mask;
5175
5176 if (!ssid)
5177 return;
5178
5179 params->disable_vht = ssid->disable_vht;
5180
5181 vhtcaps = (void *) params->vhtcaps;
5182 vhtcaps_mask = (void *) params->vhtcaps_mask;
5183
5184 if (!vhtcaps || !vhtcaps_mask)
5185 return;
5186
5187 vhtcaps->vht_capabilities_info = host_to_le32(ssid->vht_capa);
5188 vhtcaps_mask->vht_capabilities_info = host_to_le32(ssid->vht_capa_mask);
5189
5190 #ifdef CONFIG_HT_OVERRIDES
5191 if (ssid->disable_sgi) {
5192 vhtcaps_mask->vht_capabilities_info |= (VHT_CAP_SHORT_GI_80 |
5193 VHT_CAP_SHORT_GI_160);
5194 vhtcaps->vht_capabilities_info &= ~(VHT_CAP_SHORT_GI_80 |
5195 VHT_CAP_SHORT_GI_160);
5196 wpa_msg(wpa_s, MSG_DEBUG,
5197 "disable-sgi override specified, vht-caps: 0x%x",
5198 vhtcaps->vht_capabilities_info);
5199 }
5200
5201 /* if max ampdu is <= 3, we have to make the HT cap the same */
5202 if (ssid->vht_capa_mask & VHT_CAP_MAX_A_MPDU_LENGTH_EXPONENT_MAX) {
5203 int max_ampdu;
5204
5205 max_ampdu = (ssid->vht_capa &
5206 VHT_CAP_MAX_A_MPDU_LENGTH_EXPONENT_MAX) >>
5207 VHT_CAP_MAX_A_MPDU_LENGTH_EXPONENT_MAX_SHIFT;
5208
5209 max_ampdu = max_ampdu < 3 ? max_ampdu : 3;
5210 wpa_set_ampdu_factor(wpa_s,
5211 (void *) params->htcaps,
5212 (void *) params->htcaps_mask,
5213 max_ampdu);
5214 }
5215 #endif /* CONFIG_HT_OVERRIDES */
5216
5217 #define OVERRIDE_MCS(i) \
5218 if (ssid->vht_tx_mcs_nss_ ##i >= 0) { \
5219 vhtcaps_mask->vht_supported_mcs_set.tx_map |= \
5220 host_to_le16(3 << 2 * (i - 1)); \
5221 vhtcaps->vht_supported_mcs_set.tx_map |= \
5222 host_to_le16(ssid->vht_tx_mcs_nss_ ##i << \
5223 2 * (i - 1)); \
5224 } \
5225 if (ssid->vht_rx_mcs_nss_ ##i >= 0) { \
5226 vhtcaps_mask->vht_supported_mcs_set.rx_map |= \
5227 host_to_le16(3 << 2 * (i - 1)); \
5228 vhtcaps->vht_supported_mcs_set.rx_map |= \
5229 host_to_le16(ssid->vht_rx_mcs_nss_ ##i << \
5230 2 * (i - 1)); \
5231 }
5232
5233 OVERRIDE_MCS(1);
5234 OVERRIDE_MCS(2);
5235 OVERRIDE_MCS(3);
5236 OVERRIDE_MCS(4);
5237 OVERRIDE_MCS(5);
5238 OVERRIDE_MCS(6);
5239 OVERRIDE_MCS(7);
5240 OVERRIDE_MCS(8);
5241 }
5242 #endif /* CONFIG_VHT_OVERRIDES */
5243
5244
5245 static int pcsc_reader_init(struct wpa_supplicant *wpa_s)
5246 {
5247 #ifdef PCSC_FUNCS
5248 size_t len;
5249
5250 if (!wpa_s->conf->pcsc_reader)
5251 return 0;
5252
5253 wpa_s->scard = scard_init(wpa_s->conf->pcsc_reader);
5254 if (!wpa_s->scard)
5255 return 1;
5256
5257 if (wpa_s->conf->pcsc_pin &&
5258 scard_set_pin(wpa_s->scard, wpa_s->conf->pcsc_pin) < 0) {
5259 scard_deinit(wpa_s->scard);
5260 wpa_s->scard = NULL;
5261 wpa_msg(wpa_s, MSG_ERROR, "PC/SC PIN validation failed");
5262 return -1;
5263 }
5264
5265 len = sizeof(wpa_s->imsi) - 1;
5266 if (scard_get_imsi(wpa_s->scard, wpa_s->imsi, &len)) {
5267 scard_deinit(wpa_s->scard);
5268 wpa_s->scard = NULL;
5269 wpa_msg(wpa_s, MSG_ERROR, "Could not read IMSI");
5270 return -1;
5271 }
5272 wpa_s->imsi[len] = '\0';
5273
5274 wpa_s->mnc_len = scard_get_mnc_len(wpa_s->scard);
5275
5276 wpa_printf(MSG_DEBUG, "SCARD: IMSI %s (MNC length %d)",
5277 wpa_s->imsi, wpa_s->mnc_len);
5278
5279 wpa_sm_set_scard_ctx(wpa_s->wpa, wpa_s->scard);
5280 eapol_sm_register_scard_ctx(wpa_s->eapol, wpa_s->scard);
5281 #endif /* PCSC_FUNCS */
5282
5283 return 0;
5284 }
5285
5286
5287 int wpas_init_ext_pw(struct wpa_supplicant *wpa_s)
5288 {
5289 char *val, *pos;
5290
5291 ext_password_deinit(wpa_s->ext_pw);
5292 wpa_s->ext_pw = NULL;
5293 eapol_sm_set_ext_pw_ctx(wpa_s->eapol, NULL);
5294
5295 if (!wpa_s->conf->ext_password_backend)
5296 return 0;
5297
5298 val = os_strdup(wpa_s->conf->ext_password_backend);
5299 if (val == NULL)
5300 return -1;
5301 pos = os_strchr(val, ':');
5302 if (pos)
5303 *pos++ = '\0';
5304
5305 wpa_printf(MSG_DEBUG, "EXT PW: Initialize backend '%s'", val);
5306
5307 wpa_s->ext_pw = ext_password_init(val, pos);
5308 os_free(val);
5309 if (wpa_s->ext_pw == NULL) {
5310 wpa_printf(MSG_DEBUG, "EXT PW: Failed to initialize backend");
5311 return -1;
5312 }
5313 eapol_sm_set_ext_pw_ctx(wpa_s->eapol, wpa_s->ext_pw);
5314
5315 return 0;
5316 }
5317
5318
5319 #ifdef CONFIG_FST
5320
5321 static const u8 * wpas_fst_get_bssid_cb(void *ctx)
5322 {
5323 struct wpa_supplicant *wpa_s = ctx;
5324
5325 return (is_zero_ether_addr(wpa_s->bssid) ||
5326 wpa_s->wpa_state != WPA_COMPLETED) ? NULL : wpa_s->bssid;
5327 }
5328
5329
5330 static void wpas_fst_get_channel_info_cb(void *ctx,
5331 enum hostapd_hw_mode *hw_mode,
5332 u8 *channel)
5333 {
5334 struct wpa_supplicant *wpa_s = ctx;
5335
5336 if (wpa_s->current_bss) {
5337 *hw_mode = ieee80211_freq_to_chan(wpa_s->current_bss->freq,
5338 channel);
5339 } else if (wpa_s->hw.num_modes) {
5340 *hw_mode = wpa_s->hw.modes[0].mode;
5341 } else {
5342 WPA_ASSERT(0);
5343 *hw_mode = 0;
5344 }
5345 }
5346
5347
5348 static int wpas_fst_get_hw_modes(void *ctx, struct hostapd_hw_modes **modes)
5349 {
5350 struct wpa_supplicant *wpa_s = ctx;
5351
5352 *modes = wpa_s->hw.modes;
5353 return wpa_s->hw.num_modes;
5354 }
5355
5356
5357 static void wpas_fst_set_ies_cb(void *ctx, const struct wpabuf *fst_ies)
5358 {
5359 struct wpa_supplicant *wpa_s = ctx;
5360
5361 wpa_hexdump_buf(MSG_DEBUG, "FST: Set IEs", fst_ies);
5362 wpa_s->fst_ies = fst_ies;
5363 }
5364
5365
5366 static int wpas_fst_send_action_cb(void *ctx, const u8 *da, struct wpabuf *data)
5367 {
5368 struct wpa_supplicant *wpa_s = ctx;
5369
5370 if (os_memcmp(wpa_s->bssid, da, ETH_ALEN) != 0) {
5371 wpa_printf(MSG_INFO, "FST:%s:bssid=" MACSTR " != da=" MACSTR,
5372 __func__, MAC2STR(wpa_s->bssid), MAC2STR(da));
5373 return -1;
5374 }
5375 return wpa_drv_send_action(wpa_s, wpa_s->assoc_freq, 0, wpa_s->bssid,
5376 wpa_s->own_addr, wpa_s->bssid,
5377 wpabuf_head(data), wpabuf_len(data),
5378 0);
5379 }
5380
5381
5382 static const struct wpabuf * wpas_fst_get_mb_ie_cb(void *ctx, const u8 *addr)
5383 {
5384 struct wpa_supplicant *wpa_s = ctx;
5385
5386 WPA_ASSERT(os_memcmp(wpa_s->bssid, addr, ETH_ALEN) == 0);
5387 return wpa_s->received_mb_ies;
5388 }
5389
5390
5391 static void wpas_fst_update_mb_ie_cb(void *ctx, const u8 *addr,
5392 const u8 *buf, size_t size)
5393 {
5394 struct wpa_supplicant *wpa_s = ctx;
5395 struct mb_ies_info info;
5396
5397 WPA_ASSERT(os_memcmp(wpa_s->bssid, addr, ETH_ALEN) == 0);
5398
5399 if (!mb_ies_info_by_ies(&info, buf, size)) {
5400 wpabuf_free(wpa_s->received_mb_ies);
5401 wpa_s->received_mb_ies = mb_ies_by_info(&info);
5402 }
5403 }
5404
5405
5406 static const u8 * wpas_fst_get_peer_first(void *ctx,
5407 struct fst_get_peer_ctx **get_ctx,
5408 Boolean mb_only)
5409 {
5410 struct wpa_supplicant *wpa_s = ctx;
5411
5412 *get_ctx = NULL;
5413 if (!is_zero_ether_addr(wpa_s->bssid))
5414 return (wpa_s->received_mb_ies || !mb_only) ?
5415 wpa_s->bssid : NULL;
5416 return NULL;
5417 }
5418
5419
5420 static const u8 * wpas_fst_get_peer_next(void *ctx,
5421 struct fst_get_peer_ctx **get_ctx,
5422 Boolean mb_only)
5423 {
5424 return NULL;
5425 }
5426
5427 void fst_wpa_supplicant_fill_iface_obj(struct wpa_supplicant *wpa_s,
5428 struct fst_wpa_obj *iface_obj)
5429 {
5430 iface_obj->ctx = wpa_s;
5431 iface_obj->get_bssid = wpas_fst_get_bssid_cb;
5432 iface_obj->get_channel_info = wpas_fst_get_channel_info_cb;
5433 iface_obj->get_hw_modes = wpas_fst_get_hw_modes;
5434 iface_obj->set_ies = wpas_fst_set_ies_cb;
5435 iface_obj->send_action = wpas_fst_send_action_cb;
5436 iface_obj->get_mb_ie = wpas_fst_get_mb_ie_cb;
5437 iface_obj->update_mb_ie = wpas_fst_update_mb_ie_cb;
5438 iface_obj->get_peer_first = wpas_fst_get_peer_first;
5439 iface_obj->get_peer_next = wpas_fst_get_peer_next;
5440 }
5441 #endif /* CONFIG_FST */
5442
5443 static int wpas_set_wowlan_triggers(struct wpa_supplicant *wpa_s,
5444 const struct wpa_driver_capa *capa)
5445 {
5446 struct wowlan_triggers *triggers;
5447 int ret = 0;
5448
5449 if (!wpa_s->conf->wowlan_triggers)
5450 return 0;
5451
5452 triggers = wpa_get_wowlan_triggers(wpa_s->conf->wowlan_triggers, capa);
5453 if (triggers) {
5454 ret = wpa_drv_wowlan(wpa_s, triggers);
5455 os_free(triggers);
5456 }
5457 return ret;
5458 }
5459
5460
5461 enum wpa_radio_work_band wpas_freq_to_band(int freq)
5462 {
5463 if (freq < 3000)
5464 return BAND_2_4_GHZ;
5465 if (freq > 50000)
5466 return BAND_60_GHZ;
5467 return BAND_5_GHZ;
5468 }
5469
5470
5471 unsigned int wpas_get_bands(struct wpa_supplicant *wpa_s, const int *freqs)
5472 {
5473 int i;
5474 unsigned int band = 0;
5475
5476 if (freqs) {
5477 /* freqs are specified for the radio work */
5478 for (i = 0; freqs[i]; i++)
5479 band |= wpas_freq_to_band(freqs[i]);
5480 } else {
5481 /*
5482 * freqs are not specified, implies all
5483 * the supported freqs by HW
5484 */
5485 for (i = 0; i < wpa_s->hw.num_modes; i++) {
5486 if (wpa_s->hw.modes[i].num_channels != 0) {
5487 if (wpa_s->hw.modes[i].mode ==
5488 HOSTAPD_MODE_IEEE80211B ||
5489 wpa_s->hw.modes[i].mode ==
5490 HOSTAPD_MODE_IEEE80211G)
5491 band |= BAND_2_4_GHZ;
5492 else if (wpa_s->hw.modes[i].mode ==
5493 HOSTAPD_MODE_IEEE80211A)
5494 band |= BAND_5_GHZ;
5495 else if (wpa_s->hw.modes[i].mode ==
5496 HOSTAPD_MODE_IEEE80211AD)
5497 band |= BAND_60_GHZ;
5498 else if (wpa_s->hw.modes[i].mode ==
5499 HOSTAPD_MODE_IEEE80211ANY)
5500 band = BAND_2_4_GHZ | BAND_5_GHZ |
5501 BAND_60_GHZ;
5502 }
5503 }
5504 }
5505
5506 return band;
5507 }
5508
5509
5510 static struct wpa_radio * radio_add_interface(struct wpa_supplicant *wpa_s,
5511 const char *rn)
5512 {
5513 struct wpa_supplicant *iface = wpa_s->global->ifaces;
5514 struct wpa_radio *radio;
5515
5516 while (rn && iface) {
5517 radio = iface->radio;
5518 if (radio && os_strcmp(rn, radio->name) == 0) {
5519 wpa_printf(MSG_DEBUG, "Add interface %s to existing radio %s",
5520 wpa_s->ifname, rn);
5521 dl_list_add(&radio->ifaces, &wpa_s->radio_list);
5522 return radio;
5523 }
5524
5525 iface = iface->next;
5526 }
5527
5528 wpa_printf(MSG_DEBUG, "Add interface %s to a new radio %s",
5529 wpa_s->ifname, rn ? rn : "N/A");
5530 radio = os_zalloc(sizeof(*radio));
5531 if (radio == NULL)
5532 return NULL;
5533
5534 if (rn)
5535 os_strlcpy(radio->name, rn, sizeof(radio->name));
5536 dl_list_init(&radio->ifaces);
5537 dl_list_init(&radio->work);
5538 dl_list_add(&radio->ifaces, &wpa_s->radio_list);
5539
5540 return radio;
5541 }
5542
5543
5544 static void radio_work_free(struct wpa_radio_work *work)
5545 {
5546 if (work->wpa_s->scan_work == work) {
5547 /* This should not really happen. */
5548 wpa_dbg(work->wpa_s, MSG_INFO, "Freeing radio work '%s'@%p (started=%d) that is marked as scan_work",
5549 work->type, work, work->started);
5550 work->wpa_s->scan_work = NULL;
5551 }
5552
5553 #ifdef CONFIG_P2P
5554 if (work->wpa_s->p2p_scan_work == work) {
5555 /* This should not really happen. */
5556 wpa_dbg(work->wpa_s, MSG_INFO, "Freeing radio work '%s'@%p (started=%d) that is marked as p2p_scan_work",
5557 work->type, work, work->started);
5558 work->wpa_s->p2p_scan_work = NULL;
5559 }
5560 #endif /* CONFIG_P2P */
5561
5562 if (work->started) {
5563 work->wpa_s->radio->num_active_works--;
5564 wpa_dbg(work->wpa_s, MSG_DEBUG,
5565 "radio_work_free('%s'@%p): num_active_works --> %u",
5566 work->type, work,
5567 work->wpa_s->radio->num_active_works);
5568 }
5569
5570 dl_list_del(&work->list);
5571 os_free(work);
5572 }
5573
5574
5575 static int radio_work_is_connect(struct wpa_radio_work *work)
5576 {
5577 return os_strcmp(work->type, "sme-connect") == 0 ||
5578 os_strcmp(work->type, "connect") == 0;
5579 }
5580
5581
5582 static int radio_work_is_scan(struct wpa_radio_work *work)
5583 {
5584 return os_strcmp(work->type, "scan") == 0 ||
5585 os_strcmp(work->type, "p2p-scan") == 0;
5586 }
5587
5588
5589 static struct wpa_radio_work * radio_work_get_next_work(struct wpa_radio *radio)
5590 {
5591 struct wpa_radio_work *active_work = NULL;
5592 struct wpa_radio_work *tmp;
5593
5594 /* Get the active work to know the type and band. */
5595 dl_list_for_each(tmp, &radio->work, struct wpa_radio_work, list) {
5596 if (tmp->started) {
5597 active_work = tmp;
5598 break;
5599 }
5600 }
5601
5602 if (!active_work) {
5603 /* No active work, start one */
5604 radio->num_active_works = 0;
5605 dl_list_for_each(tmp, &radio->work, struct wpa_radio_work,
5606 list) {
5607 if (os_strcmp(tmp->type, "scan") == 0 &&
5608 radio->external_scan_running &&
5609 (((struct wpa_driver_scan_params *)
5610 tmp->ctx)->only_new_results ||
5611 tmp->wpa_s->clear_driver_scan_cache))
5612 continue;
5613 return tmp;
5614 }
5615 return NULL;
5616 }
5617
5618 if (radio_work_is_connect(active_work)) {
5619 /*
5620 * If the active work is either connect or sme-connect,
5621 * do not parallelize them with other radio works.
5622 */
5623 wpa_dbg(active_work->wpa_s, MSG_DEBUG,
5624 "Do not parallelize radio work with %s",
5625 active_work->type);
5626 return NULL;
5627 }
5628
5629 dl_list_for_each(tmp, &radio->work, struct wpa_radio_work, list) {
5630 if (tmp->started)
5631 continue;
5632
5633 /*
5634 * If connect or sme-connect are enqueued, parallelize only
5635 * those operations ahead of them in the queue.
5636 */
5637 if (radio_work_is_connect(tmp))
5638 break;
5639
5640 /* Serialize parallel scan and p2p_scan operations on the same
5641 * interface since the driver_nl80211 mechanism for tracking
5642 * scan cookies does not yet have support for this. */
5643 if (active_work->wpa_s == tmp->wpa_s &&
5644 radio_work_is_scan(active_work) &&
5645 radio_work_is_scan(tmp)) {
5646 wpa_dbg(active_work->wpa_s, MSG_DEBUG,
5647 "Do not start work '%s' when another work '%s' is already scheduled",
5648 tmp->type, active_work->type);
5649 continue;
5650 }
5651 /*
5652 * Check that the radio works are distinct and
5653 * on different bands.
5654 */
5655 if (os_strcmp(active_work->type, tmp->type) != 0 &&
5656 (active_work->bands != tmp->bands)) {
5657 /*
5658 * If a scan has to be scheduled through nl80211 scan
5659 * interface and if an external scan is already running,
5660 * do not schedule the scan since it is likely to get
5661 * rejected by kernel.
5662 */
5663 if (os_strcmp(tmp->type, "scan") == 0 &&
5664 radio->external_scan_running &&
5665 (((struct wpa_driver_scan_params *)
5666 tmp->ctx)->only_new_results ||
5667 tmp->wpa_s->clear_driver_scan_cache))
5668 continue;
5669
5670 wpa_dbg(active_work->wpa_s, MSG_DEBUG,
5671 "active_work:%s new_work:%s",
5672 active_work->type, tmp->type);
5673 return tmp;
5674 }
5675 }
5676
5677 /* Did not find a radio work to schedule in parallel. */
5678 return NULL;
5679 }
5680
5681
5682 static void radio_start_next_work(void *eloop_ctx, void *timeout_ctx)
5683 {
5684 struct wpa_radio *radio = eloop_ctx;
5685 struct wpa_radio_work *work;
5686 struct os_reltime now, diff;
5687 struct wpa_supplicant *wpa_s;
5688
5689 work = dl_list_first(&radio->work, struct wpa_radio_work, list);
5690 if (work == NULL) {
5691 radio->num_active_works = 0;
5692 return;
5693 }
5694
5695 wpa_s = dl_list_first(&radio->ifaces, struct wpa_supplicant,
5696 radio_list);
5697
5698 if (!(wpa_s &&
5699 wpa_s->drv_flags & WPA_DRIVER_FLAGS_OFFCHANNEL_SIMULTANEOUS)) {
5700 if (work->started)
5701 return; /* already started and still in progress */
5702
5703 if (wpa_s && wpa_s->radio->external_scan_running) {
5704 wpa_printf(MSG_DEBUG, "Delay radio work start until externally triggered scan completes");
5705 return;
5706 }
5707 } else {
5708 work = NULL;
5709 if (radio->num_active_works < MAX_ACTIVE_WORKS) {
5710 /* get the work to schedule next */
5711 work = radio_work_get_next_work(radio);
5712 }
5713 if (!work)
5714 return;
5715 }
5716
5717 wpa_s = work->wpa_s;
5718 os_get_reltime(&now);
5719 os_reltime_sub(&now, &work->time, &diff);
5720 wpa_dbg(wpa_s, MSG_DEBUG,
5721 "Starting radio work '%s'@%p after %ld.%06ld second wait",
5722 work->type, work, diff.sec, diff.usec);
5723 work->started = 1;
5724 work->time = now;
5725 radio->num_active_works++;
5726
5727 work->cb(work, 0);
5728
5729 if ((wpa_s->drv_flags & WPA_DRIVER_FLAGS_OFFCHANNEL_SIMULTANEOUS) &&
5730 radio->num_active_works < MAX_ACTIVE_WORKS)
5731 radio_work_check_next(wpa_s);
5732 }
5733
5734
5735 /*
5736 * This function removes both started and pending radio works running on
5737 * the provided interface's radio.
5738 * Prior to the removal of the radio work, its callback (cb) is called with
5739 * deinit set to be 1. Each work's callback is responsible for clearing its
5740 * internal data and restoring to a correct state.
5741 * @wpa_s: wpa_supplicant data
5742 * @type: type of works to be removed
5743 * @remove_all: 1 to remove all the works on this radio, 0 to remove only
5744 * this interface's works.
5745 */
5746 void radio_remove_works(struct wpa_supplicant *wpa_s,
5747 const char *type, int remove_all)
5748 {
5749 struct wpa_radio_work *work, *tmp;
5750 struct wpa_radio *radio = wpa_s->radio;
5751
5752 dl_list_for_each_safe(work, tmp, &radio->work, struct wpa_radio_work,
5753 list) {
5754 if (type && os_strcmp(type, work->type) != 0)
5755 continue;
5756
5757 /* skip other ifaces' works */
5758 if (!remove_all && work->wpa_s != wpa_s)
5759 continue;
5760
5761 wpa_dbg(wpa_s, MSG_DEBUG, "Remove radio work '%s'@%p%s",
5762 work->type, work, work->started ? " (started)" : "");
5763 work->cb(work, 1);
5764 radio_work_free(work);
5765 }
5766
5767 /* in case we removed the started work */
5768 radio_work_check_next(wpa_s);
5769 }
5770
5771
5772 void radio_remove_pending_work(struct wpa_supplicant *wpa_s, void *ctx)
5773 {
5774 struct wpa_radio_work *work;
5775 struct wpa_radio *radio = wpa_s->radio;
5776
5777 dl_list_for_each(work, &radio->work, struct wpa_radio_work, list) {
5778 if (work->ctx != ctx)
5779 continue;
5780 wpa_dbg(wpa_s, MSG_DEBUG, "Free pending radio work '%s'@%p%s",
5781 work->type, work, work->started ? " (started)" : "");
5782 radio_work_free(work);
5783 break;
5784 }
5785 }
5786
5787
5788 static void radio_remove_interface(struct wpa_supplicant *wpa_s)
5789 {
5790 struct wpa_radio *radio = wpa_s->radio;
5791
5792 if (!radio)
5793 return;
5794
5795 wpa_printf(MSG_DEBUG, "Remove interface %s from radio %s",
5796 wpa_s->ifname, radio->name);
5797 dl_list_del(&wpa_s->radio_list);
5798 radio_remove_works(wpa_s, NULL, 0);
5799 wpa_s->radio = NULL;
5800 if (!dl_list_empty(&radio->ifaces))
5801 return; /* Interfaces remain for this radio */
5802
5803 wpa_printf(MSG_DEBUG, "Remove radio %s", radio->name);
5804 eloop_cancel_timeout(radio_start_next_work, radio, NULL);
5805 os_free(radio);
5806 }
5807
5808
5809 void radio_work_check_next(struct wpa_supplicant *wpa_s)
5810 {
5811 struct wpa_radio *radio = wpa_s->radio;
5812
5813 if (dl_list_empty(&radio->work))
5814 return;
5815 if (wpa_s->ext_work_in_progress) {
5816 wpa_printf(MSG_DEBUG,
5817 "External radio work in progress - delay start of pending item");
5818 return;
5819 }
5820 eloop_cancel_timeout(radio_start_next_work, radio, NULL);
5821 eloop_register_timeout(0, 0, radio_start_next_work, radio, NULL);
5822 }
5823
5824
5825 /**
5826 * radio_add_work - Add a radio work item
5827 * @wpa_s: Pointer to wpa_supplicant data
5828 * @freq: Frequency of the offchannel operation in MHz or 0
5829 * @type: Unique identifier for each type of work
5830 * @next: Force as the next work to be executed
5831 * @cb: Callback function for indicating when radio is available
5832 * @ctx: Context pointer for the work (work->ctx in cb())
5833 * Returns: 0 on success, -1 on failure
5834 *
5835 * This function is used to request time for an operation that requires
5836 * exclusive radio control. Once the radio is available, the registered callback
5837 * function will be called. radio_work_done() must be called once the exclusive
5838 * radio operation has been completed, so that the radio is freed for other
5839 * operations. The special case of deinit=1 is used to free the context data
5840 * during interface removal. That does not allow the callback function to start
5841 * the radio operation, i.e., it must free any resources allocated for the radio
5842 * work and return.
5843 *
5844 * The @freq parameter can be used to indicate a single channel on which the
5845 * offchannel operation will occur. This may allow multiple radio work
5846 * operations to be performed in parallel if they apply for the same channel.
5847 * Setting this to 0 indicates that the work item may use multiple channels or
5848 * requires exclusive control of the radio.
5849 */
5850 int radio_add_work(struct wpa_supplicant *wpa_s, unsigned int freq,
5851 const char *type, int next,
5852 void (*cb)(struct wpa_radio_work *work, int deinit),
5853 void *ctx)
5854 {
5855 struct wpa_radio *radio = wpa_s->radio;
5856 struct wpa_radio_work *work;
5857 int was_empty;
5858
5859 work = os_zalloc(sizeof(*work));
5860 if (work == NULL)
5861 return -1;
5862 wpa_dbg(wpa_s, MSG_DEBUG, "Add radio work '%s'@%p", type, work);
5863 os_get_reltime(&work->time);
5864 work->freq = freq;
5865 work->type = type;
5866 work->wpa_s = wpa_s;
5867 work->cb = cb;
5868 work->ctx = ctx;
5869
5870 if (freq)
5871 work->bands = wpas_freq_to_band(freq);
5872 else if (os_strcmp(type, "scan") == 0 ||
5873 os_strcmp(type, "p2p-scan") == 0)
5874 work->bands = wpas_get_bands(wpa_s,
5875 ((struct wpa_driver_scan_params *)
5876 ctx)->freqs);
5877 else
5878 work->bands = wpas_get_bands(wpa_s, NULL);
5879
5880 was_empty = dl_list_empty(&wpa_s->radio->work);
5881 if (next)
5882 dl_list_add(&wpa_s->radio->work, &work->list);
5883 else
5884 dl_list_add_tail(&wpa_s->radio->work, &work->list);
5885 if (was_empty) {
5886 wpa_dbg(wpa_s, MSG_DEBUG, "First radio work item in the queue - schedule start immediately");
5887 radio_work_check_next(wpa_s);
5888 } else if ((wpa_s->drv_flags & WPA_DRIVER_FLAGS_OFFCHANNEL_SIMULTANEOUS)
5889 && radio->num_active_works < MAX_ACTIVE_WORKS) {
5890 wpa_dbg(wpa_s, MSG_DEBUG,
5891 "Try to schedule a radio work (num_active_works=%u)",
5892 radio->num_active_works);
5893 radio_work_check_next(wpa_s);
5894 }
5895
5896 return 0;
5897 }
5898
5899
5900 /**
5901 * radio_work_done - Indicate that a radio work item has been completed
5902 * @work: Completed work
5903 *
5904 * This function is called once the callback function registered with
5905 * radio_add_work() has completed its work.
5906 */
5907 void radio_work_done(struct wpa_radio_work *work)
5908 {
5909 struct wpa_supplicant *wpa_s = work->wpa_s;
5910 struct os_reltime now, diff;
5911 unsigned int started = work->started;
5912
5913 os_get_reltime(&now);
5914 os_reltime_sub(&now, &work->time, &diff);
5915 wpa_dbg(wpa_s, MSG_DEBUG, "Radio work '%s'@%p %s in %ld.%06ld seconds",
5916 work->type, work, started ? "done" : "canceled",
5917 diff.sec, diff.usec);
5918 radio_work_free(work);
5919 if (started)
5920 radio_work_check_next(wpa_s);
5921 }
5922
5923
5924 struct wpa_radio_work *
5925 radio_work_pending(struct wpa_supplicant *wpa_s, const char *type)
5926 {
5927 struct wpa_radio_work *work;
5928 struct wpa_radio *radio = wpa_s->radio;
5929
5930 dl_list_for_each(work, &radio->work, struct wpa_radio_work, list) {
5931 if (work->wpa_s == wpa_s && os_strcmp(work->type, type) == 0)
5932 return work;
5933 }
5934
5935 return NULL;
5936 }
5937
5938
5939 static int wpas_init_driver(struct wpa_supplicant *wpa_s,
5940 const struct wpa_interface *iface)
5941 {
5942 const char *ifname, *driver, *rn;
5943
5944 driver = iface->driver;
5945 next_driver:
5946 if (wpa_supplicant_set_driver(wpa_s, driver) < 0)
5947 return -1;
5948
5949 wpa_s->drv_priv = wpa_drv_init(wpa_s, wpa_s->ifname);
5950 if (wpa_s->drv_priv == NULL) {
5951 const char *pos;
5952 pos = driver ? os_strchr(driver, ',') : NULL;
5953 if (pos) {
5954 wpa_dbg(wpa_s, MSG_DEBUG, "Failed to initialize "
5955 "driver interface - try next driver wrapper");
5956 driver = pos + 1;
5957 goto next_driver;
5958 }
5959 wpa_msg(wpa_s, MSG_ERROR, "Failed to initialize driver "
5960 "interface");
5961 return -1;
5962 }
5963 if (wpa_drv_set_param(wpa_s, wpa_s->conf->driver_param) < 0) {
5964 wpa_msg(wpa_s, MSG_ERROR, "Driver interface rejected "
5965 "driver_param '%s'", wpa_s->conf->driver_param);
5966 return -1;
5967 }
5968
5969 ifname = wpa_drv_get_ifname(wpa_s);
5970 if (ifname && os_strcmp(ifname, wpa_s->ifname) != 0) {
5971 wpa_dbg(wpa_s, MSG_DEBUG, "Driver interface replaced "
5972 "interface name with '%s'", ifname);
5973 os_strlcpy(wpa_s->ifname, ifname, sizeof(wpa_s->ifname));
5974 }
5975
5976 rn = wpa_driver_get_radio_name(wpa_s);
5977 if (rn && rn[0] == '\0')
5978 rn = NULL;
5979
5980 wpa_s->radio = radio_add_interface(wpa_s, rn);
5981 if (wpa_s->radio == NULL)
5982 return -1;
5983
5984 return 0;
5985 }
5986
5987
5988 #ifdef CONFIG_GAS_SERVER
5989
5990 static void wpas_gas_server_tx_status(struct wpa_supplicant *wpa_s,
5991 unsigned int freq, const u8 *dst,
5992 const u8 *src, const u8 *bssid,
5993 const u8 *data, size_t data_len,
5994 enum offchannel_send_action_result result)
5995 {
5996 wpa_printf(MSG_DEBUG, "GAS: TX status: freq=%u dst=" MACSTR
5997 " result=%s",
5998 freq, MAC2STR(dst),
5999 result == OFFCHANNEL_SEND_ACTION_SUCCESS ? "SUCCESS" :
6000 (result == OFFCHANNEL_SEND_ACTION_NO_ACK ? "no-ACK" :
6001 "FAILED"));
6002 gas_server_tx_status(wpa_s->gas_server, dst, data, data_len,
6003 result == OFFCHANNEL_SEND_ACTION_SUCCESS);
6004 }
6005
6006
6007 static void wpas_gas_server_tx(void *ctx, int freq, const u8 *da,
6008 struct wpabuf *buf, unsigned int wait_time)
6009 {
6010 struct wpa_supplicant *wpa_s = ctx;
6011 const u8 broadcast[ETH_ALEN] = { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff };
6012
6013 if (wait_time > wpa_s->max_remain_on_chan)
6014 wait_time = wpa_s->max_remain_on_chan;
6015
6016 offchannel_send_action(wpa_s, freq, da, wpa_s->own_addr, broadcast,
6017 wpabuf_head(buf), wpabuf_len(buf),
6018 wait_time, wpas_gas_server_tx_status, 0);
6019 }
6020
6021 #endif /* CONFIG_GAS_SERVER */
6022
6023 static int wpa_supplicant_init_iface(struct wpa_supplicant *wpa_s,
6024 const struct wpa_interface *iface)
6025 {
6026 struct wpa_driver_capa capa;
6027 int capa_res;
6028 u8 dfs_domain;
6029
6030 wpa_printf(MSG_DEBUG, "Initializing interface '%s' conf '%s' driver "
6031 "'%s' ctrl_interface '%s' bridge '%s'", iface->ifname,
6032 iface->confname ? iface->confname : "N/A",
6033 iface->driver ? iface->driver : "default",
6034 iface->ctrl_interface ? iface->ctrl_interface : "N/A",
6035 iface->bridge_ifname ? iface->bridge_ifname : "N/A");
6036
6037 if (iface->confname) {
6038 #ifdef CONFIG_BACKEND_FILE
6039 wpa_s->confname = os_rel2abs_path(iface->confname);
6040 if (wpa_s->confname == NULL) {
6041 wpa_printf(MSG_ERROR, "Failed to get absolute path "
6042 "for configuration file '%s'.",
6043 iface->confname);
6044 return -1;
6045 }
6046 wpa_printf(MSG_DEBUG, "Configuration file '%s' -> '%s'",
6047 iface->confname, wpa_s->confname);
6048 #else /* CONFIG_BACKEND_FILE */
6049 wpa_s->confname = os_strdup(iface->confname);
6050 #endif /* CONFIG_BACKEND_FILE */
6051 wpa_s->conf = wpa_config_read(wpa_s->confname, NULL);
6052 if (wpa_s->conf == NULL) {
6053 wpa_printf(MSG_ERROR, "Failed to read or parse "
6054 "configuration '%s'.", wpa_s->confname);
6055 return -1;
6056 }
6057 wpa_s->confanother = os_rel2abs_path(iface->confanother);
6058 if (wpa_s->confanother &&
6059 !wpa_config_read(wpa_s->confanother, wpa_s->conf)) {
6060 wpa_printf(MSG_ERROR,
6061 "Failed to read or parse configuration '%s'.",
6062 wpa_s->confanother);
6063 return -1;
6064 }
6065
6066 /*
6067 * Override ctrl_interface and driver_param if set on command
6068 * line.
6069 */
6070 if (iface->ctrl_interface) {
6071 os_free(wpa_s->conf->ctrl_interface);
6072 wpa_s->conf->ctrl_interface =
6073 os_strdup(iface->ctrl_interface);
6074 }
6075
6076 if (iface->driver_param) {
6077 os_free(wpa_s->conf->driver_param);
6078 wpa_s->conf->driver_param =
6079 os_strdup(iface->driver_param);
6080 }
6081
6082 if (iface->p2p_mgmt && !iface->ctrl_interface) {
6083 os_free(wpa_s->conf->ctrl_interface);
6084 wpa_s->conf->ctrl_interface = NULL;
6085 }
6086 } else
6087 wpa_s->conf = wpa_config_alloc_empty(iface->ctrl_interface,
6088 iface->driver_param);
6089
6090 if (wpa_s->conf == NULL) {
6091 wpa_printf(MSG_ERROR, "\nNo configuration found.");
6092 return -1;
6093 }
6094
6095 if (iface->ifname == NULL) {
6096 wpa_printf(MSG_ERROR, "\nInterface name is required.");
6097 return -1;
6098 }
6099 if (os_strlen(iface->ifname) >= sizeof(wpa_s->ifname)) {
6100 wpa_printf(MSG_ERROR, "\nToo long interface name '%s'.",
6101 iface->ifname);
6102 return -1;
6103 }
6104 os_strlcpy(wpa_s->ifname, iface->ifname, sizeof(wpa_s->ifname));
6105
6106 if (iface->bridge_ifname) {
6107 if (os_strlen(iface->bridge_ifname) >=
6108 sizeof(wpa_s->bridge_ifname)) {
6109 wpa_printf(MSG_ERROR, "\nToo long bridge interface "
6110 "name '%s'.", iface->bridge_ifname);
6111 return -1;
6112 }
6113 os_strlcpy(wpa_s->bridge_ifname, iface->bridge_ifname,
6114 sizeof(wpa_s->bridge_ifname));
6115 }
6116
6117 /* RSNA Supplicant Key Management - INITIALIZE */
6118 eapol_sm_notify_portEnabled(wpa_s->eapol, FALSE);
6119 eapol_sm_notify_portValid(wpa_s->eapol, FALSE);
6120
6121 /* Initialize driver interface and register driver event handler before
6122 * L2 receive handler so that association events are processed before
6123 * EAPOL-Key packets if both become available for the same select()
6124 * call. */
6125 if (wpas_init_driver(wpa_s, iface) < 0)
6126 return -1;
6127
6128 if (wpa_supplicant_init_wpa(wpa_s) < 0)
6129 return -1;
6130
6131 wpa_sm_set_ifname(wpa_s->wpa, wpa_s->ifname,
6132 wpa_s->bridge_ifname[0] ? wpa_s->bridge_ifname :
6133 NULL);
6134 wpa_sm_set_fast_reauth(wpa_s->wpa, wpa_s->conf->fast_reauth);
6135
6136 if (wpa_s->conf->dot11RSNAConfigPMKLifetime &&
6137 wpa_sm_set_param(wpa_s->wpa, RSNA_PMK_LIFETIME,
6138 wpa_s->conf->dot11RSNAConfigPMKLifetime)) {
6139 wpa_msg(wpa_s, MSG_ERROR, "Invalid WPA parameter value for "
6140 "dot11RSNAConfigPMKLifetime");
6141 return -1;
6142 }
6143
6144 if (wpa_s->conf->dot11RSNAConfigPMKReauthThreshold &&
6145 wpa_sm_set_param(wpa_s->wpa, RSNA_PMK_REAUTH_THRESHOLD,
6146 wpa_s->conf->dot11RSNAConfigPMKReauthThreshold)) {
6147 wpa_msg(wpa_s, MSG_ERROR, "Invalid WPA parameter value for "
6148 "dot11RSNAConfigPMKReauthThreshold");
6149 return -1;
6150 }
6151
6152 if (wpa_s->conf->dot11RSNAConfigSATimeout &&
6153 wpa_sm_set_param(wpa_s->wpa, RSNA_SA_TIMEOUT,
6154 wpa_s->conf->dot11RSNAConfigSATimeout)) {
6155 wpa_msg(wpa_s, MSG_ERROR, "Invalid WPA parameter value for "
6156 "dot11RSNAConfigSATimeout");
6157 return -1;
6158 }
6159
6160 wpa_s->hw.modes = wpa_drv_get_hw_feature_data(wpa_s,
6161 &wpa_s->hw.num_modes,
6162 &wpa_s->hw.flags,
6163 &dfs_domain);
6164 if (wpa_s->hw.modes) {
6165 u16 i;
6166
6167 for (i = 0; i < wpa_s->hw.num_modes; i++) {
6168 if (wpa_s->hw.modes[i].vht_capab) {
6169 wpa_s->hw_capab = CAPAB_VHT;
6170 break;
6171 }
6172
6173 if (wpa_s->hw.modes[i].ht_capab &
6174 HT_CAP_INFO_SUPP_CHANNEL_WIDTH_SET)
6175 wpa_s->hw_capab = CAPAB_HT40;
6176 else if (wpa_s->hw.modes[i].ht_capab &&
6177 wpa_s->hw_capab == CAPAB_NO_HT_VHT)
6178 wpa_s->hw_capab = CAPAB_HT;
6179 }
6180 }
6181
6182 capa_res = wpa_drv_get_capa(wpa_s, &capa);
6183 if (capa_res == 0) {
6184 wpa_s->drv_capa_known = 1;
6185 wpa_s->drv_flags = capa.flags;
6186 wpa_s->drv_enc = capa.enc;
6187 wpa_s->drv_rrm_flags = capa.rrm_flags;
6188 wpa_s->probe_resp_offloads = capa.probe_resp_offloads;
6189 wpa_s->max_scan_ssids = capa.max_scan_ssids;
6190 wpa_s->max_sched_scan_ssids = capa.max_sched_scan_ssids;
6191 wpa_s->max_sched_scan_plans = capa.max_sched_scan_plans;
6192 wpa_s->max_sched_scan_plan_interval =
6193 capa.max_sched_scan_plan_interval;
6194 wpa_s->max_sched_scan_plan_iterations =
6195 capa.max_sched_scan_plan_iterations;
6196 wpa_s->sched_scan_supported = capa.sched_scan_supported;
6197 wpa_s->max_match_sets = capa.max_match_sets;
6198 wpa_s->max_remain_on_chan = capa.max_remain_on_chan;
6199 wpa_s->max_stations = capa.max_stations;
6200 wpa_s->extended_capa = capa.extended_capa;
6201 wpa_s->extended_capa_mask = capa.extended_capa_mask;
6202 wpa_s->extended_capa_len = capa.extended_capa_len;
6203 wpa_s->num_multichan_concurrent =
6204 capa.num_multichan_concurrent;
6205 wpa_s->wmm_ac_supported = capa.wmm_ac_supported;
6206
6207 if (capa.mac_addr_rand_scan_supported)
6208 wpa_s->mac_addr_rand_supported |= MAC_ADDR_RAND_SCAN;
6209 if (wpa_s->sched_scan_supported &&
6210 capa.mac_addr_rand_sched_scan_supported)
6211 wpa_s->mac_addr_rand_supported |=
6212 (MAC_ADDR_RAND_SCHED_SCAN | MAC_ADDR_RAND_PNO);
6213
6214 wpa_drv_get_ext_capa(wpa_s, WPA_IF_STATION);
6215 if (wpa_s->extended_capa &&
6216 wpa_s->extended_capa_len >= 3 &&
6217 wpa_s->extended_capa[2] & 0x40)
6218 wpa_s->multi_bss_support = 1;
6219 }
6220 if (wpa_s->max_remain_on_chan == 0)
6221 wpa_s->max_remain_on_chan = 1000;
6222
6223 /*
6224 * Only take p2p_mgmt parameters when P2P Device is supported.
6225 * Doing it here as it determines whether l2_packet_init() will be done
6226 * during wpa_supplicant_driver_init().
6227 */
6228 if (wpa_s->drv_flags & WPA_DRIVER_FLAGS_DEDICATED_P2P_DEVICE)
6229 wpa_s->p2p_mgmt = iface->p2p_mgmt;
6230
6231 if (wpa_s->num_multichan_concurrent == 0)
6232 wpa_s->num_multichan_concurrent = 1;
6233
6234 if (wpa_supplicant_driver_init(wpa_s) < 0)
6235 return -1;
6236
6237 #ifdef CONFIG_TDLS
6238 if (!iface->p2p_mgmt && wpa_tdls_init(wpa_s->wpa))
6239 return -1;
6240 #endif /* CONFIG_TDLS */
6241
6242 if (wpa_s->conf->country[0] && wpa_s->conf->country[1] &&
6243 wpa_drv_set_country(wpa_s, wpa_s->conf->country)) {
6244 wpa_dbg(wpa_s, MSG_DEBUG, "Failed to set country");
6245 return -1;
6246 }
6247
6248 #ifdef CONFIG_FST
6249 if (wpa_s->conf->fst_group_id) {
6250 struct fst_iface_cfg cfg;
6251 struct fst_wpa_obj iface_obj;
6252
6253 fst_wpa_supplicant_fill_iface_obj(wpa_s, &iface_obj);
6254 os_strlcpy(cfg.group_id, wpa_s->conf->fst_group_id,
6255 sizeof(cfg.group_id));
6256 cfg.priority = wpa_s->conf->fst_priority;
6257 cfg.llt = wpa_s->conf->fst_llt;
6258
6259 wpa_s->fst = fst_attach(wpa_s->ifname, wpa_s->own_addr,
6260 &iface_obj, &cfg);
6261 if (!wpa_s->fst) {
6262 wpa_msg(wpa_s, MSG_ERROR,
6263 "FST: Cannot attach iface %s to group %s",
6264 wpa_s->ifname, cfg.group_id);
6265 return -1;
6266 }
6267 }
6268 #endif /* CONFIG_FST */
6269
6270 if (wpas_wps_init(wpa_s))
6271 return -1;
6272
6273 #ifdef CONFIG_GAS_SERVER
6274 wpa_s->gas_server = gas_server_init(wpa_s, wpas_gas_server_tx);
6275 if (!wpa_s->gas_server) {
6276 wpa_printf(MSG_ERROR, "Failed to initialize GAS server");
6277 return -1;
6278 }
6279 #endif /* CONFIG_GAS_SERVER */
6280
6281 #ifdef CONFIG_DPP
6282 if (wpas_dpp_init(wpa_s) < 0)
6283 return -1;
6284 #endif /* CONFIG_DPP */
6285
6286 if (wpa_supplicant_init_eapol(wpa_s) < 0)
6287 return -1;
6288 wpa_sm_set_eapol(wpa_s->wpa, wpa_s->eapol);
6289
6290 wpa_s->ctrl_iface = wpa_supplicant_ctrl_iface_init(wpa_s);
6291 if (wpa_s->ctrl_iface == NULL) {
6292 wpa_printf(MSG_ERROR,
6293 "Failed to initialize control interface '%s'.\n"
6294 "You may have another wpa_supplicant process "
6295 "already running or the file was\n"
6296 "left by an unclean termination of wpa_supplicant "
6297 "in which case you will need\n"
6298 "to manually remove this file before starting "
6299 "wpa_supplicant again.\n",
6300 wpa_s->conf->ctrl_interface);
6301 return -1;
6302 }
6303
6304 wpa_s->gas = gas_query_init(wpa_s);
6305 if (wpa_s->gas == NULL) {
6306 wpa_printf(MSG_ERROR, "Failed to initialize GAS query");
6307 return -1;
6308 }
6309
6310 if ((!(wpa_s->drv_flags & WPA_DRIVER_FLAGS_DEDICATED_P2P_DEVICE) ||
6311 wpa_s->p2p_mgmt) &&
6312 wpas_p2p_init(wpa_s->global, wpa_s) < 0) {
6313 wpa_msg(wpa_s, MSG_ERROR, "Failed to init P2P");
6314 return -1;
6315 }
6316
6317 if (wpa_bss_init(wpa_s) < 0)
6318 return -1;
6319
6320 #ifdef CONFIG_PMKSA_CACHE_EXTERNAL
6321 #ifdef CONFIG_MESH
6322 dl_list_init(&wpa_s->mesh_external_pmksa_cache);
6323 #endif /* CONFIG_MESH */
6324 #endif /* CONFIG_PMKSA_CACHE_EXTERNAL */
6325
6326 /*
6327 * Set Wake-on-WLAN triggers, if configured.
6328 * Note: We don't restore/remove the triggers on shutdown (it doesn't
6329 * have effect anyway when the interface is down).
6330 */
6331 if (capa_res == 0 && wpas_set_wowlan_triggers(wpa_s, &capa) < 0)
6332 return -1;
6333
6334 #ifdef CONFIG_EAP_PROXY
6335 {
6336 size_t len;
6337 wpa_s->mnc_len = eapol_sm_get_eap_proxy_imsi(wpa_s->eapol, -1,
6338 wpa_s->imsi, &len);
6339 if (wpa_s->mnc_len > 0) {
6340 wpa_s->imsi[len] = '\0';
6341 wpa_printf(MSG_DEBUG, "eap_proxy: IMSI %s (MNC length %d)",
6342 wpa_s->imsi, wpa_s->mnc_len);
6343 } else {
6344 wpa_printf(MSG_DEBUG, "eap_proxy: IMSI not available");
6345 }
6346 }
6347 #endif /* CONFIG_EAP_PROXY */
6348
6349 if (pcsc_reader_init(wpa_s) < 0)
6350 return -1;
6351
6352 if (wpas_init_ext_pw(wpa_s) < 0)
6353 return -1;
6354
6355 wpas_rrm_reset(wpa_s);
6356
6357 wpas_sched_scan_plans_set(wpa_s, wpa_s->conf->sched_scan_plans);
6358
6359 #ifdef CONFIG_HS20
6360 hs20_init(wpa_s);
6361 #endif /* CONFIG_HS20 */
6362 #ifdef CONFIG_MBO
6363 if (!wpa_s->disable_mbo_oce && wpa_s->conf->oce) {
6364 if ((wpa_s->conf->oce & OCE_STA) &&
6365 (wpa_s->drv_flags & WPA_DRIVER_FLAGS_OCE_STA))
6366 wpa_s->enable_oce = OCE_STA;
6367 if ((wpa_s->conf->oce & OCE_STA_CFON) &&
6368 (wpa_s->drv_flags & WPA_DRIVER_FLAGS_OCE_STA_CFON)) {
6369 /* TODO: Need to add STA-CFON support */
6370 wpa_printf(MSG_ERROR,
6371 "OCE STA-CFON feature is not yet supported");
6372 }
6373 }
6374 wpas_mbo_update_non_pref_chan(wpa_s, wpa_s->conf->non_pref_chan);
6375 #endif /* CONFIG_MBO */
6376
6377 wpa_supplicant_set_default_scan_ies(wpa_s);
6378
6379 return 0;
6380 }
6381
6382
6383 static void wpa_supplicant_deinit_iface(struct wpa_supplicant *wpa_s,
6384 int notify, int terminate)
6385 {
6386 struct wpa_global *global = wpa_s->global;
6387 struct wpa_supplicant *iface, *prev;
6388
6389 if (wpa_s == wpa_s->parent)
6390 wpas_p2p_group_remove(wpa_s, "*");
6391
6392 iface = global->ifaces;
6393 while (iface) {
6394 if (iface->p2pdev == wpa_s)
6395 iface->p2pdev = iface->parent;
6396 if (iface == wpa_s || iface->parent != wpa_s) {
6397 iface = iface->next;
6398 continue;
6399 }
6400 wpa_printf(MSG_DEBUG,
6401 "Remove remaining child interface %s from parent %s",
6402 iface->ifname, wpa_s->ifname);
6403 prev = iface;
6404 iface = iface->next;
6405 wpa_supplicant_remove_iface(global, prev, terminate);
6406 }
6407
6408 wpa_s->disconnected = 1;
6409 if (wpa_s->drv_priv) {
6410 /* Don't deauthenticate if WoWLAN is enabled */
6411 if (!wpa_drv_get_wowlan(wpa_s)) {
6412 wpa_supplicant_deauthenticate(
6413 wpa_s, WLAN_REASON_DEAUTH_LEAVING);
6414
6415 wpa_drv_set_countermeasures(wpa_s, 0);
6416 wpa_clear_keys(wpa_s, NULL);
6417 } else {
6418 wpa_msg(wpa_s, MSG_INFO,
6419 "Do not deauthenticate as part of interface deinit since WoWLAN is enabled");
6420 }
6421 }
6422
6423 wpa_supplicant_cleanup(wpa_s);
6424 wpas_p2p_deinit_iface(wpa_s);
6425
6426 wpas_ctrl_radio_work_flush(wpa_s);
6427 radio_remove_interface(wpa_s);
6428
6429 #ifdef CONFIG_FST
6430 if (wpa_s->fst) {
6431 fst_detach(wpa_s->fst);
6432 wpa_s->fst = NULL;
6433 }
6434 if (wpa_s->received_mb_ies) {
6435 wpabuf_free(wpa_s->received_mb_ies);
6436 wpa_s->received_mb_ies = NULL;
6437 }
6438 #endif /* CONFIG_FST */
6439
6440 if (wpa_s->drv_priv)
6441 wpa_drv_deinit(wpa_s);
6442
6443 if (notify)
6444 wpas_notify_iface_removed(wpa_s);
6445
6446 if (terminate)
6447 wpa_msg(wpa_s, MSG_INFO, WPA_EVENT_TERMINATING);
6448
6449 if (wpa_s->ctrl_iface) {
6450 wpa_supplicant_ctrl_iface_deinit(wpa_s->ctrl_iface);
6451 wpa_s->ctrl_iface = NULL;
6452 }
6453
6454 #ifdef CONFIG_MESH
6455 if (wpa_s->ifmsh) {
6456 wpa_supplicant_mesh_iface_deinit(wpa_s, wpa_s->ifmsh);
6457 wpa_s->ifmsh = NULL;
6458 }
6459 #endif /* CONFIG_MESH */
6460
6461 if (wpa_s->conf != NULL) {
6462 wpa_config_free(wpa_s->conf);
6463 wpa_s->conf = NULL;
6464 }
6465
6466 os_free(wpa_s->ssids_from_scan_req);
6467 os_free(wpa_s->last_scan_freqs);
6468
6469 os_free(wpa_s);
6470 }
6471
6472
6473 #ifdef CONFIG_MATCH_IFACE
6474
6475 /**
6476 * wpa_supplicant_match_iface - Match an interface description to a name
6477 * @global: Pointer to global data from wpa_supplicant_init()
6478 * @ifname: Name of the interface to match
6479 * Returns: Pointer to the created interface description or %NULL on failure
6480 */
6481 struct wpa_interface * wpa_supplicant_match_iface(struct wpa_global *global,
6482 const char *ifname)
6483 {
6484 int i;
6485 struct wpa_interface *iface, *miface;
6486
6487 for (i = 0; i < global->params.match_iface_count; i++) {
6488 miface = &global->params.match_ifaces[i];
6489 if (!miface->ifname ||
6490 fnmatch(miface->ifname, ifname, 0) == 0) {
6491 iface = os_zalloc(sizeof(*iface));
6492 if (!iface)
6493 return NULL;
6494 *iface = *miface;
6495 iface->ifname = ifname;
6496 return iface;
6497 }
6498 }
6499
6500 return NULL;
6501 }
6502
6503
6504 /**
6505 * wpa_supplicant_match_existing - Match existing interfaces
6506 * @global: Pointer to global data from wpa_supplicant_init()
6507 * Returns: 0 on success, -1 on failure
6508 */
6509 static int wpa_supplicant_match_existing(struct wpa_global *global)
6510 {
6511 struct if_nameindex *ifi, *ifp;
6512 struct wpa_supplicant *wpa_s;
6513 struct wpa_interface *iface;
6514
6515 ifp = if_nameindex();
6516 if (!ifp) {
6517 wpa_printf(MSG_ERROR, "if_nameindex: %s", strerror(errno));
6518 return -1;
6519 }
6520
6521 for (ifi = ifp; ifi->if_name; ifi++) {
6522 wpa_s = wpa_supplicant_get_iface(global, ifi->if_name);
6523 if (wpa_s)
6524 continue;
6525 iface = wpa_supplicant_match_iface(global, ifi->if_name);
6526 if (iface) {
6527 wpa_s = wpa_supplicant_add_iface(global, iface, NULL);
6528 os_free(iface);
6529 if (wpa_s)
6530 wpa_s->matched = 1;
6531 }
6532 }
6533
6534 if_freenameindex(ifp);
6535 return 0;
6536 }
6537
6538 #endif /* CONFIG_MATCH_IFACE */
6539
6540
6541 /**
6542 * wpa_supplicant_add_iface - Add a new network interface
6543 * @global: Pointer to global data from wpa_supplicant_init()
6544 * @iface: Interface configuration options
6545 * @parent: Parent interface or %NULL to assign new interface as parent
6546 * Returns: Pointer to the created interface or %NULL on failure
6547 *
6548 * This function is used to add new network interfaces for %wpa_supplicant.
6549 * This can be called before wpa_supplicant_run() to add interfaces before the
6550 * main event loop has been started. In addition, new interfaces can be added
6551 * dynamically while %wpa_supplicant is already running. This could happen,
6552 * e.g., when a hotplug network adapter is inserted.
6553 */
6554 struct wpa_supplicant * wpa_supplicant_add_iface(struct wpa_global *global,
6555 struct wpa_interface *iface,
6556 struct wpa_supplicant *parent)
6557 {
6558 struct wpa_supplicant *wpa_s;
6559 struct wpa_interface t_iface;
6560 struct wpa_ssid *ssid;
6561
6562 if (global == NULL || iface == NULL)
6563 return NULL;
6564
6565 wpa_s = wpa_supplicant_alloc(parent);
6566 if (wpa_s == NULL)
6567 return NULL;
6568
6569 wpa_s->global = global;
6570
6571 t_iface = *iface;
6572 if (global->params.override_driver) {
6573 wpa_printf(MSG_DEBUG, "Override interface parameter: driver "
6574 "('%s' -> '%s')",
6575 iface->driver, global->params.override_driver);
6576 t_iface.driver = global->params.override_driver;
6577 }
6578 if (global->params.override_ctrl_interface) {
6579 wpa_printf(MSG_DEBUG, "Override interface parameter: "
6580 "ctrl_interface ('%s' -> '%s')",
6581 iface->ctrl_interface,
6582 global->params.override_ctrl_interface);
6583 t_iface.ctrl_interface =
6584 global->params.override_ctrl_interface;
6585 }
6586 if (wpa_supplicant_init_iface(wpa_s, &t_iface)) {
6587 wpa_printf(MSG_DEBUG, "Failed to add interface %s",
6588 iface->ifname);
6589 wpa_supplicant_deinit_iface(wpa_s, 0, 0);
6590 return NULL;
6591 }
6592
6593 if (iface->p2p_mgmt == 0) {
6594 /* Notify the control interfaces about new iface */
6595 if (wpas_notify_iface_added(wpa_s)) {
6596 wpa_supplicant_deinit_iface(wpa_s, 1, 0);
6597 return NULL;
6598 }
6599
6600 for (ssid = wpa_s->conf->ssid; ssid; ssid = ssid->next)
6601 wpas_notify_network_added(wpa_s, ssid);
6602 }
6603
6604 wpa_s->next = global->ifaces;
6605 global->ifaces = wpa_s;
6606
6607 wpa_dbg(wpa_s, MSG_DEBUG, "Added interface %s", wpa_s->ifname);
6608 wpa_supplicant_set_state(wpa_s, WPA_DISCONNECTED);
6609
6610 #ifdef CONFIG_P2P
6611 if (wpa_s->global->p2p == NULL &&
6612 !wpa_s->global->p2p_disabled && !wpa_s->conf->p2p_disabled &&
6613 (wpa_s->drv_flags & WPA_DRIVER_FLAGS_DEDICATED_P2P_DEVICE) &&
6614 wpas_p2p_add_p2pdev_interface(
6615 wpa_s, wpa_s->global->params.conf_p2p_dev) < 0) {
6616 wpa_printf(MSG_INFO,
6617 "P2P: Failed to enable P2P Device interface");
6618 /* Try to continue without. P2P will be disabled. */
6619 }
6620 #endif /* CONFIG_P2P */
6621
6622 return wpa_s;
6623 }
6624
6625
6626 /**
6627 * wpa_supplicant_remove_iface - Remove a network interface
6628 * @global: Pointer to global data from wpa_supplicant_init()
6629 * @wpa_s: Pointer to the network interface to be removed
6630 * Returns: 0 if interface was removed, -1 if interface was not found
6631 *
6632 * This function can be used to dynamically remove network interfaces from
6633 * %wpa_supplicant, e.g., when a hotplug network adapter is ejected. In
6634 * addition, this function is used to remove all remaining interfaces when
6635 * %wpa_supplicant is terminated.
6636 */
6637 int wpa_supplicant_remove_iface(struct wpa_global *global,
6638 struct wpa_supplicant *wpa_s,
6639 int terminate)
6640 {
6641 struct wpa_supplicant *prev;
6642 #ifdef CONFIG_MESH
6643 unsigned int mesh_if_created = wpa_s->mesh_if_created;
6644 char *ifname = NULL;
6645 struct wpa_supplicant *parent = wpa_s->parent;
6646 #endif /* CONFIG_MESH */
6647
6648 /* Remove interface from the global list of interfaces */
6649 prev = global->ifaces;
6650 if (prev == wpa_s) {
6651 global->ifaces = wpa_s->next;
6652 } else {
6653 while (prev && prev->next != wpa_s)
6654 prev = prev->next;
6655 if (prev == NULL)
6656 return -1;
6657 prev->next = wpa_s->next;
6658 }
6659
6660 wpa_dbg(wpa_s, MSG_DEBUG, "Removing interface %s", wpa_s->ifname);
6661
6662 #ifdef CONFIG_MESH
6663 if (mesh_if_created) {
6664 ifname = os_strdup(wpa_s->ifname);
6665 if (ifname == NULL) {
6666 wpa_dbg(wpa_s, MSG_ERROR,
6667 "mesh: Failed to malloc ifname");
6668 return -1;
6669 }
6670 }
6671 #endif /* CONFIG_MESH */
6672
6673 if (global->p2p_group_formation == wpa_s)
6674 global->p2p_group_formation = NULL;
6675 if (global->p2p_invite_group == wpa_s)
6676 global->p2p_invite_group = NULL;
6677 wpa_supplicant_deinit_iface(wpa_s, 1, terminate);
6678
6679 #ifdef CONFIG_MESH
6680 if (mesh_if_created) {
6681 wpa_drv_if_remove(parent, WPA_IF_MESH, ifname);
6682 os_free(ifname);
6683 }
6684 #endif /* CONFIG_MESH */
6685
6686 return 0;
6687 }
6688
6689
6690 /**
6691 * wpa_supplicant_get_eap_mode - Get the current EAP mode
6692 * @wpa_s: Pointer to the network interface
6693 * Returns: Pointer to the eap mode or the string "UNKNOWN" if not found
6694 */
6695 const char * wpa_supplicant_get_eap_mode(struct wpa_supplicant *wpa_s)
6696 {
6697 const char *eapol_method;
6698
6699 if (wpa_key_mgmt_wpa_ieee8021x(wpa_s->key_mgmt) == 0 &&
6700 wpa_s->key_mgmt != WPA_KEY_MGMT_IEEE8021X_NO_WPA) {
6701 return "NO-EAP";
6702 }
6703
6704 eapol_method = eapol_sm_get_method_name(wpa_s->eapol);
6705 if (eapol_method == NULL)
6706 return "UNKNOWN-EAP";
6707
6708 return eapol_method;
6709 }
6710
6711
6712 /**
6713 * wpa_supplicant_get_iface - Get a new network interface
6714 * @global: Pointer to global data from wpa_supplicant_init()
6715 * @ifname: Interface name
6716 * Returns: Pointer to the interface or %NULL if not found
6717 */
6718 struct wpa_supplicant * wpa_supplicant_get_iface(struct wpa_global *global,
6719 const char *ifname)
6720 {
6721 struct wpa_supplicant *wpa_s;
6722
6723 for (wpa_s = global->ifaces; wpa_s; wpa_s = wpa_s->next) {
6724 if (os_strcmp(wpa_s->ifname, ifname) == 0)
6725 return wpa_s;
6726 }
6727 return NULL;
6728 }
6729
6730
6731 #ifndef CONFIG_NO_WPA_MSG
6732 static const char * wpa_supplicant_msg_ifname_cb(void *ctx)
6733 {
6734 struct wpa_supplicant *wpa_s = ctx;
6735 if (wpa_s == NULL)
6736 return NULL;
6737 return wpa_s->ifname;
6738 }
6739 #endif /* CONFIG_NO_WPA_MSG */
6740
6741
6742 #ifndef WPA_SUPPLICANT_CLEANUP_INTERVAL
6743 #define WPA_SUPPLICANT_CLEANUP_INTERVAL 10
6744 #endif /* WPA_SUPPLICANT_CLEANUP_INTERVAL */
6745
6746 /* Periodic cleanup tasks */
6747 static void wpas_periodic(void *eloop_ctx, void *timeout_ctx)
6748 {
6749 struct wpa_global *global = eloop_ctx;
6750 struct wpa_supplicant *wpa_s;
6751
6752 eloop_register_timeout(WPA_SUPPLICANT_CLEANUP_INTERVAL, 0,
6753 wpas_periodic, global, NULL);
6754
6755 #ifdef CONFIG_P2P
6756 if (global->p2p)
6757 p2p_expire_peers(global->p2p);
6758 #endif /* CONFIG_P2P */
6759
6760 for (wpa_s = global->ifaces; wpa_s; wpa_s = wpa_s->next) {
6761 wpa_bss_flush_by_age(wpa_s, wpa_s->conf->bss_expiration_age);
6762 #ifdef CONFIG_AP
6763 ap_periodic(wpa_s);
6764 #endif /* CONFIG_AP */
6765 }
6766 }
6767
6768
6769 /**
6770 * wpa_supplicant_init - Initialize %wpa_supplicant
6771 * @params: Parameters for %wpa_supplicant
6772 * Returns: Pointer to global %wpa_supplicant data, or %NULL on failure
6773 *
6774 * This function is used to initialize %wpa_supplicant. After successful
6775 * initialization, the returned data pointer can be used to add and remove
6776 * network interfaces, and eventually, to deinitialize %wpa_supplicant.
6777 */
6778 struct wpa_global * wpa_supplicant_init(struct wpa_params *params)
6779 {
6780 struct wpa_global *global;
6781 int ret, i;
6782
6783 if (params == NULL)
6784 return NULL;
6785
6786 #ifdef CONFIG_DRIVER_NDIS
6787 {
6788 void driver_ndis_init_ops(void);
6789 driver_ndis_init_ops();
6790 }
6791 #endif /* CONFIG_DRIVER_NDIS */
6792
6793 #ifndef CONFIG_NO_WPA_MSG
6794 wpa_msg_register_ifname_cb(wpa_supplicant_msg_ifname_cb);
6795 #endif /* CONFIG_NO_WPA_MSG */
6796
6797 if (params->wpa_debug_file_path)
6798 wpa_debug_open_file(params->wpa_debug_file_path);
6799 if (!params->wpa_debug_file_path && !params->wpa_debug_syslog)
6800 wpa_debug_setup_stdout();
6801 if (params->wpa_debug_syslog)
6802 wpa_debug_open_syslog();
6803 if (params->wpa_debug_tracing) {
6804 ret = wpa_debug_open_linux_tracing();
6805 if (ret) {
6806 wpa_printf(MSG_ERROR,
6807 "Failed to enable trace logging");
6808 return NULL;
6809 }
6810 }
6811
6812 ret = eap_register_methods();
6813 if (ret) {
6814 wpa_printf(MSG_ERROR, "Failed to register EAP methods");
6815 if (ret == -2)
6816 wpa_printf(MSG_ERROR, "Two or more EAP methods used "
6817 "the same EAP type.");
6818 return NULL;
6819 }
6820
6821 global = os_zalloc(sizeof(*global));
6822 if (global == NULL)
6823 return NULL;
6824 dl_list_init(&global->p2p_srv_bonjour);
6825 dl_list_init(&global->p2p_srv_upnp);
6826 global->params.daemonize = params->daemonize;
6827 global->params.wait_for_monitor = params->wait_for_monitor;
6828 global->params.dbus_ctrl_interface = params->dbus_ctrl_interface;
6829 if (params->pid_file)
6830 global->params.pid_file = os_strdup(params->pid_file);
6831 if (params->ctrl_interface)
6832 global->params.ctrl_interface =
6833 os_strdup(params->ctrl_interface);
6834 if (params->ctrl_interface_group)
6835 global->params.ctrl_interface_group =
6836 os_strdup(params->ctrl_interface_group);
6837 if (params->override_driver)
6838 global->params.override_driver =
6839 os_strdup(params->override_driver);
6840 if (params->override_ctrl_interface)
6841 global->params.override_ctrl_interface =
6842 os_strdup(params->override_ctrl_interface);
6843 #ifdef CONFIG_MATCH_IFACE
6844 global->params.match_iface_count = params->match_iface_count;
6845 if (params->match_iface_count) {
6846 global->params.match_ifaces =
6847 os_calloc(params->match_iface_count,
6848 sizeof(struct wpa_interface));
6849 os_memcpy(global->params.match_ifaces,
6850 params->match_ifaces,
6851 params->match_iface_count *
6852 sizeof(struct wpa_interface));
6853 }
6854 #endif /* CONFIG_MATCH_IFACE */
6855 #ifdef CONFIG_P2P
6856 if (params->conf_p2p_dev)
6857 global->params.conf_p2p_dev =
6858 os_strdup(params->conf_p2p_dev);
6859 #endif /* CONFIG_P2P */
6860 wpa_debug_level = global->params.wpa_debug_level =
6861 params->wpa_debug_level;
6862 wpa_debug_show_keys = global->params.wpa_debug_show_keys =
6863 params->wpa_debug_show_keys;
6864 wpa_debug_timestamp = global->params.wpa_debug_timestamp =
6865 params->wpa_debug_timestamp;
6866
6867 wpa_printf(MSG_DEBUG, "wpa_supplicant v%s", VERSION_STR);
6868
6869 if (eloop_init()) {
6870 wpa_printf(MSG_ERROR, "Failed to initialize event loop");
6871 wpa_supplicant_deinit(global);
6872 return NULL;
6873 }
6874
6875 random_init(params->entropy_file);
6876
6877 global->ctrl_iface = wpa_supplicant_global_ctrl_iface_init(global);
6878 if (global->ctrl_iface == NULL) {
6879 wpa_supplicant_deinit(global);
6880 return NULL;
6881 }
6882
6883 if (wpas_notify_supplicant_initialized(global)) {
6884 wpa_supplicant_deinit(global);
6885 return NULL;
6886 }
6887
6888 for (i = 0; wpa_drivers[i]; i++)
6889 global->drv_count++;
6890 if (global->drv_count == 0) {
6891 wpa_printf(MSG_ERROR, "No drivers enabled");
6892 wpa_supplicant_deinit(global);
6893 return NULL;
6894 }
6895 global->drv_priv = os_calloc(global->drv_count, sizeof(void *));
6896 if (global->drv_priv == NULL) {
6897 wpa_supplicant_deinit(global);
6898 return NULL;
6899 }
6900
6901 #ifdef CONFIG_WIFI_DISPLAY
6902 if (wifi_display_init(global) < 0) {
6903 wpa_printf(MSG_ERROR, "Failed to initialize Wi-Fi Display");
6904 wpa_supplicant_deinit(global);
6905 return NULL;
6906 }
6907 #endif /* CONFIG_WIFI_DISPLAY */
6908
6909 eloop_register_timeout(WPA_SUPPLICANT_CLEANUP_INTERVAL, 0,
6910 wpas_periodic, global, NULL);
6911
6912 return global;
6913 }
6914
6915
6916 /**
6917 * wpa_supplicant_run - Run the %wpa_supplicant main event loop
6918 * @global: Pointer to global data from wpa_supplicant_init()
6919 * Returns: 0 after successful event loop run, -1 on failure
6920 *
6921 * This function starts the main event loop and continues running as long as
6922 * there are any remaining events. In most cases, this function is running as
6923 * long as the %wpa_supplicant process in still in use.
6924 */
6925 int wpa_supplicant_run(struct wpa_global *global)
6926 {
6927 struct wpa_supplicant *wpa_s;
6928
6929 if (global->params.daemonize &&
6930 (wpa_supplicant_daemon(global->params.pid_file) ||
6931 eloop_sock_requeue()))
6932 return -1;
6933
6934 #ifdef CONFIG_MATCH_IFACE
6935 if (wpa_supplicant_match_existing(global))
6936 return -1;
6937 #endif
6938
6939 if (global->params.wait_for_monitor) {
6940 for (wpa_s = global->ifaces; wpa_s; wpa_s = wpa_s->next)
6941 if (wpa_s->ctrl_iface && !wpa_s->p2p_mgmt)
6942 wpa_supplicant_ctrl_iface_wait(
6943 wpa_s->ctrl_iface);
6944 }
6945
6946 eloop_register_signal_terminate(wpa_supplicant_terminate, global);
6947 eloop_register_signal_reconfig(wpa_supplicant_reconfig, global);
6948
6949 eloop_run();
6950
6951 return 0;
6952 }
6953
6954
6955 /**
6956 * wpa_supplicant_deinit - Deinitialize %wpa_supplicant
6957 * @global: Pointer to global data from wpa_supplicant_init()
6958 *
6959 * This function is called to deinitialize %wpa_supplicant and to free all
6960 * allocated resources. Remaining network interfaces will also be removed.
6961 */
6962 void wpa_supplicant_deinit(struct wpa_global *global)
6963 {
6964 int i;
6965
6966 if (global == NULL)
6967 return;
6968
6969 eloop_cancel_timeout(wpas_periodic, global, NULL);
6970
6971 #ifdef CONFIG_WIFI_DISPLAY
6972 wifi_display_deinit(global);
6973 #endif /* CONFIG_WIFI_DISPLAY */
6974
6975 while (global->ifaces)
6976 wpa_supplicant_remove_iface(global, global->ifaces, 1);
6977
6978 if (global->ctrl_iface)
6979 wpa_supplicant_global_ctrl_iface_deinit(global->ctrl_iface);
6980
6981 wpas_notify_supplicant_deinitialized(global);
6982
6983 eap_peer_unregister_methods();
6984 #ifdef CONFIG_AP
6985 eap_server_unregister_methods();
6986 #endif /* CONFIG_AP */
6987
6988 for (i = 0; wpa_drivers[i] && global->drv_priv; i++) {
6989 if (!global->drv_priv[i])
6990 continue;
6991 wpa_drivers[i]->global_deinit(global->drv_priv[i]);
6992 }
6993 os_free(global->drv_priv);
6994
6995 random_deinit();
6996
6997 eloop_destroy();
6998
6999 if (global->params.pid_file) {
7000 os_daemonize_terminate(global->params.pid_file);
7001 os_free(global->params.pid_file);
7002 }
7003 os_free(global->params.ctrl_interface);
7004 os_free(global->params.ctrl_interface_group);
7005 os_free(global->params.override_driver);
7006 os_free(global->params.override_ctrl_interface);
7007 #ifdef CONFIG_MATCH_IFACE
7008 os_free(global->params.match_ifaces);
7009 #endif /* CONFIG_MATCH_IFACE */
7010 #ifdef CONFIG_P2P
7011 os_free(global->params.conf_p2p_dev);
7012 #endif /* CONFIG_P2P */
7013
7014 os_free(global->p2p_disallow_freq.range);
7015 os_free(global->p2p_go_avoid_freq.range);
7016 os_free(global->add_psk);
7017
7018 os_free(global);
7019 wpa_debug_close_syslog();
7020 wpa_debug_close_file();
7021 wpa_debug_close_linux_tracing();
7022 }
7023
7024
7025 void wpa_supplicant_update_config(struct wpa_supplicant *wpa_s)
7026 {
7027 if ((wpa_s->conf->changed_parameters & CFG_CHANGED_COUNTRY) &&
7028 wpa_s->conf->country[0] && wpa_s->conf->country[1]) {
7029 char country[3];
7030 country[0] = wpa_s->conf->country[0];
7031 country[1] = wpa_s->conf->country[1];
7032 country[2] = '\0';
7033 if (wpa_drv_set_country(wpa_s, country) < 0) {
7034 wpa_printf(MSG_ERROR, "Failed to set country code "
7035 "'%s'", country);
7036 }
7037 }
7038
7039 if (wpa_s->conf->changed_parameters & CFG_CHANGED_EXT_PW_BACKEND)
7040 wpas_init_ext_pw(wpa_s);
7041
7042 if (wpa_s->conf->changed_parameters & CFG_CHANGED_SCHED_SCAN_PLANS)
7043 wpas_sched_scan_plans_set(wpa_s, wpa_s->conf->sched_scan_plans);
7044
7045 if (wpa_s->conf->changed_parameters & CFG_CHANGED_WOWLAN_TRIGGERS) {
7046 struct wpa_driver_capa capa;
7047 int res = wpa_drv_get_capa(wpa_s, &capa);
7048
7049 if (res == 0 && wpas_set_wowlan_triggers(wpa_s, &capa) < 0)
7050 wpa_printf(MSG_ERROR,
7051 "Failed to update wowlan_triggers to '%s'",
7052 wpa_s->conf->wowlan_triggers);
7053 }
7054
7055 if (wpa_s->conf->changed_parameters & CFG_CHANGED_DISABLE_BTM)
7056 wpa_supplicant_set_default_scan_ies(wpa_s);
7057
7058 #ifdef CONFIG_WPS
7059 wpas_wps_update_config(wpa_s);
7060 #endif /* CONFIG_WPS */
7061 wpas_p2p_update_config(wpa_s);
7062 wpa_s->conf->changed_parameters = 0;
7063 }
7064
7065
7066 void add_freq(int *freqs, int *num_freqs, int freq)
7067 {
7068 int i;
7069
7070 for (i = 0; i < *num_freqs; i++) {
7071 if (freqs[i] == freq)
7072 return;
7073 }
7074
7075 freqs[*num_freqs] = freq;
7076 (*num_freqs)++;
7077 }
7078
7079
7080 static int * get_bss_freqs_in_ess(struct wpa_supplicant *wpa_s)
7081 {
7082 struct wpa_bss *bss, *cbss;
7083 const int max_freqs = 10;
7084 int *freqs;
7085 int num_freqs = 0;
7086
7087 freqs = os_calloc(max_freqs + 1, sizeof(int));
7088 if (freqs == NULL)
7089 return NULL;
7090
7091 cbss = wpa_s->current_bss;
7092
7093 dl_list_for_each(bss, &wpa_s->bss, struct wpa_bss, list) {
7094 if (bss == cbss)
7095 continue;
7096 if (bss->ssid_len == cbss->ssid_len &&
7097 os_memcmp(bss->ssid, cbss->ssid, bss->ssid_len) == 0 &&
7098 wpa_blacklist_get(wpa_s, bss->bssid) == NULL) {
7099 add_freq(freqs, &num_freqs, bss->freq);
7100 if (num_freqs == max_freqs)
7101 break;
7102 }
7103 }
7104
7105 if (num_freqs == 0) {
7106 os_free(freqs);
7107 freqs = NULL;
7108 }
7109
7110 return freqs;
7111 }
7112
7113
7114 void wpas_connection_failed(struct wpa_supplicant *wpa_s, const u8 *bssid)
7115 {
7116 int timeout;
7117 int count;
7118 int *freqs = NULL;
7119
7120 wpas_connect_work_done(wpa_s);
7121
7122 /*
7123 * Remove possible authentication timeout since the connection failed.
7124 */
7125 eloop_cancel_timeout(wpa_supplicant_timeout, wpa_s, NULL);
7126
7127 /*
7128 * There is no point in blacklisting the AP if this event is
7129 * generated based on local request to disconnect.
7130 */
7131 if (wpa_s->own_disconnect_req || wpa_s->own_reconnect_req) {
7132 wpa_s->own_disconnect_req = 0;
7133 wpa_dbg(wpa_s, MSG_DEBUG,
7134 "Ignore connection failure due to local request to disconnect");
7135 return;
7136 }
7137 if (wpa_s->disconnected) {
7138 wpa_dbg(wpa_s, MSG_DEBUG, "Ignore connection failure "
7139 "indication since interface has been put into "
7140 "disconnected state");
7141 return;
7142 }
7143
7144 /*
7145 * Add the failed BSSID into the blacklist and speed up next scan
7146 * attempt if there could be other APs that could accept association.
7147 * The current blacklist count indicates how many times we have tried
7148 * connecting to this AP and multiple attempts mean that other APs are
7149 * either not available or has already been tried, so that we can start
7150 * increasing the delay here to avoid constant scanning.
7151 */
7152 count = wpa_blacklist_add(wpa_s, bssid);
7153 if (count == 1 && wpa_s->current_bss) {
7154 /*
7155 * This BSS was not in the blacklist before. If there is
7156 * another BSS available for the same ESS, we should try that
7157 * next. Otherwise, we may as well try this one once more
7158 * before allowing other, likely worse, ESSes to be considered.
7159 */
7160 freqs = get_bss_freqs_in_ess(wpa_s);
7161 if (freqs) {
7162 wpa_dbg(wpa_s, MSG_DEBUG, "Another BSS in this ESS "
7163 "has been seen; try it next");
7164 wpa_blacklist_add(wpa_s, bssid);
7165 /*
7166 * On the next scan, go through only the known channels
7167 * used in this ESS based on previous scans to speed up
7168 * common load balancing use case.
7169 */
7170 os_free(wpa_s->next_scan_freqs);
7171 wpa_s->next_scan_freqs = freqs;
7172 }
7173 }
7174
7175 /*
7176 * Add previous failure count in case the temporary blacklist was
7177 * cleared due to no other BSSes being available.
7178 */
7179 count += wpa_s->extra_blacklist_count;
7180
7181 if (count > 3 && wpa_s->current_ssid) {
7182 wpa_printf(MSG_DEBUG, "Continuous association failures - "
7183 "consider temporary network disabling");
7184 wpas_auth_failed(wpa_s, "CONN_FAILED");
7185 }
7186
7187 switch (count) {
7188 case 1:
7189 timeout = 100;
7190 break;
7191 case 2:
7192 timeout = 500;
7193 break;
7194 case 3:
7195 timeout = 1000;
7196 break;
7197 case 4:
7198 timeout = 5000;
7199 break;
7200 default:
7201 timeout = 10000;
7202 break;
7203 }
7204
7205 wpa_dbg(wpa_s, MSG_DEBUG, "Blacklist count %d --> request scan in %d "
7206 "ms", count, timeout);
7207
7208 /*
7209 * TODO: if more than one possible AP is available in scan results,
7210 * could try the other ones before requesting a new scan.
7211 */
7212
7213 /* speed up the connection attempt with normal scan */
7214 wpa_s->normal_scans = 0;
7215 wpa_supplicant_req_scan(wpa_s, timeout / 1000,
7216 1000 * (timeout % 1000));
7217 }
7218
7219
7220 #ifdef CONFIG_FILS
7221 void fils_connection_failure(struct wpa_supplicant *wpa_s)
7222 {
7223 struct wpa_ssid *ssid = wpa_s->current_ssid;
7224 const u8 *realm, *username, *rrk;
7225 size_t realm_len, username_len, rrk_len;
7226 u16 next_seq_num;
7227
7228 if (!ssid || !ssid->eap.erp || !wpa_key_mgmt_fils(ssid->key_mgmt) ||
7229 eapol_sm_get_erp_info(wpa_s->eapol, &ssid->eap,
7230 &username, &username_len,
7231 &realm, &realm_len, &next_seq_num,
7232 &rrk, &rrk_len) != 0 ||
7233 !realm)
7234 return;
7235
7236 wpa_hexdump_ascii(MSG_DEBUG,
7237 "FILS: Store last connection failure realm",
7238 realm, realm_len);
7239 os_free(wpa_s->last_con_fail_realm);
7240 wpa_s->last_con_fail_realm = os_malloc(realm_len);
7241 if (wpa_s->last_con_fail_realm) {
7242 wpa_s->last_con_fail_realm_len = realm_len;
7243 os_memcpy(wpa_s->last_con_fail_realm, realm, realm_len);
7244 }
7245 }
7246 #endif /* CONFIG_FILS */
7247
7248
7249 int wpas_driver_bss_selection(struct wpa_supplicant *wpa_s)
7250 {
7251 return wpa_s->conf->ap_scan == 2 ||
7252 (wpa_s->drv_flags & WPA_DRIVER_FLAGS_BSS_SELECTION);
7253 }
7254
7255
7256 #if defined(CONFIG_CTRL_IFACE) || defined(CONFIG_CTRL_IFACE_DBUS_NEW)
7257 int wpa_supplicant_ctrl_iface_ctrl_rsp_handle(struct wpa_supplicant *wpa_s,
7258 struct wpa_ssid *ssid,
7259 const char *field,
7260 const char *value)
7261 {
7262 #ifdef IEEE8021X_EAPOL
7263 struct eap_peer_config *eap = &ssid->eap;
7264
7265 wpa_printf(MSG_DEBUG, "CTRL_IFACE: response handle field=%s", field);
7266 wpa_hexdump_ascii_key(MSG_DEBUG, "CTRL_IFACE: response value",
7267 (const u8 *) value, os_strlen(value));
7268
7269 switch (wpa_supplicant_ctrl_req_from_string(field)) {
7270 case WPA_CTRL_REQ_EAP_IDENTITY:
7271 os_free(eap->identity);
7272 eap->identity = (u8 *) os_strdup(value);
7273 eap->identity_len = os_strlen(value);
7274 eap->pending_req_identity = 0;
7275 if (ssid == wpa_s->current_ssid)
7276 wpa_s->reassociate = 1;
7277 break;
7278 case WPA_CTRL_REQ_EAP_PASSWORD:
7279 bin_clear_free(eap->password, eap->password_len);
7280 eap->password = (u8 *) os_strdup(value);
7281 eap->password_len = os_strlen(value);
7282 eap->pending_req_password = 0;
7283 if (ssid == wpa_s->current_ssid)
7284 wpa_s->reassociate = 1;
7285 break;
7286 case WPA_CTRL_REQ_EAP_NEW_PASSWORD:
7287 bin_clear_free(eap->new_password, eap->new_password_len);
7288 eap->new_password = (u8 *) os_strdup(value);
7289 eap->new_password_len = os_strlen(value);
7290 eap->pending_req_new_password = 0;
7291 if (ssid == wpa_s->current_ssid)
7292 wpa_s->reassociate = 1;
7293 break;
7294 case WPA_CTRL_REQ_EAP_PIN:
7295 str_clear_free(eap->cert.pin);
7296 eap->cert.pin = os_strdup(value);
7297 eap->pending_req_pin = 0;
7298 if (ssid == wpa_s->current_ssid)
7299 wpa_s->reassociate = 1;
7300 break;
7301 case WPA_CTRL_REQ_EAP_OTP:
7302 bin_clear_free(eap->otp, eap->otp_len);
7303 eap->otp = (u8 *) os_strdup(value);
7304 eap->otp_len = os_strlen(value);
7305 os_free(eap->pending_req_otp);
7306 eap->pending_req_otp = NULL;
7307 eap->pending_req_otp_len = 0;
7308 break;
7309 case WPA_CTRL_REQ_EAP_PASSPHRASE:
7310 str_clear_free(eap->cert.private_key_passwd);
7311 eap->cert.private_key_passwd = os_strdup(value);
7312 eap->pending_req_passphrase = 0;
7313 if (ssid == wpa_s->current_ssid)
7314 wpa_s->reassociate = 1;
7315 break;
7316 case WPA_CTRL_REQ_SIM:
7317 str_clear_free(eap->external_sim_resp);
7318 eap->external_sim_resp = os_strdup(value);
7319 eap->pending_req_sim = 0;
7320 break;
7321 case WPA_CTRL_REQ_PSK_PASSPHRASE:
7322 if (wpa_config_set(ssid, "psk", value, 0) < 0)
7323 return -1;
7324 ssid->mem_only_psk = 1;
7325 if (ssid->passphrase)
7326 wpa_config_update_psk(ssid);
7327 if (wpa_s->wpa_state == WPA_SCANNING && !wpa_s->scanning)
7328 wpa_supplicant_req_scan(wpa_s, 0, 0);
7329 break;
7330 case WPA_CTRL_REQ_EXT_CERT_CHECK:
7331 if (eap->pending_ext_cert_check != PENDING_CHECK)
7332 return -1;
7333 if (os_strcmp(value, "good") == 0)
7334 eap->pending_ext_cert_check = EXT_CERT_CHECK_GOOD;
7335 else if (os_strcmp(value, "bad") == 0)
7336 eap->pending_ext_cert_check = EXT_CERT_CHECK_BAD;
7337 else
7338 return -1;
7339 break;
7340 default:
7341 wpa_printf(MSG_DEBUG, "CTRL_IFACE: Unknown field '%s'", field);
7342 return -1;
7343 }
7344
7345 return 0;
7346 #else /* IEEE8021X_EAPOL */
7347 wpa_printf(MSG_DEBUG, "CTRL_IFACE: IEEE 802.1X not included");
7348 return -1;
7349 #endif /* IEEE8021X_EAPOL */
7350 }
7351 #endif /* CONFIG_CTRL_IFACE || CONFIG_CTRL_IFACE_DBUS_NEW */
7352
7353
7354 int wpas_network_disabled(struct wpa_supplicant *wpa_s, struct wpa_ssid *ssid)
7355 {
7356 #ifdef CONFIG_WEP
7357 int i;
7358 unsigned int drv_enc;
7359 #endif /* CONFIG_WEP */
7360
7361 if (wpa_s->p2p_mgmt)
7362 return 1; /* no normal network profiles on p2p_mgmt interface */
7363
7364 if (ssid == NULL)
7365 return 1;
7366
7367 if (ssid->disabled)
7368 return 1;
7369
7370 #ifdef CONFIG_WEP
7371 if (wpa_s->drv_capa_known)
7372 drv_enc = wpa_s->drv_enc;
7373 else
7374 drv_enc = (unsigned int) -1;
7375
7376 for (i = 0; i < NUM_WEP_KEYS; i++) {
7377 size_t len = ssid->wep_key_len[i];
7378 if (len == 0)
7379 continue;
7380 if (len == 5 && (drv_enc & WPA_DRIVER_CAPA_ENC_WEP40))
7381 continue;
7382 if (len == 13 && (drv_enc & WPA_DRIVER_CAPA_ENC_WEP104))
7383 continue;
7384 if (len == 16 && (drv_enc & WPA_DRIVER_CAPA_ENC_WEP128))
7385 continue;
7386 return 1; /* invalid WEP key */
7387 }
7388 #endif /* CONFIG_WEP */
7389
7390 if (wpa_key_mgmt_wpa_psk(ssid->key_mgmt) && !ssid->psk_set &&
7391 (!ssid->passphrase || ssid->ssid_len != 0) && !ssid->ext_psk &&
7392 !(wpa_key_mgmt_sae(ssid->key_mgmt) && ssid->sae_password) &&
7393 !ssid->mem_only_psk)
7394 return 1;
7395
7396 return 0;
7397 }
7398
7399
7400 int wpas_get_ssid_pmf(struct wpa_supplicant *wpa_s, struct wpa_ssid *ssid)
7401 {
7402 if (ssid == NULL || ssid->ieee80211w == MGMT_FRAME_PROTECTION_DEFAULT) {
7403 if (wpa_s->conf->pmf == MGMT_FRAME_PROTECTION_OPTIONAL &&
7404 !(wpa_s->drv_enc & WPA_DRIVER_CAPA_ENC_BIP)) {
7405 /*
7406 * Driver does not support BIP -- ignore pmf=1 default
7407 * since the connection with PMF would fail and the
7408 * configuration does not require PMF to be enabled.
7409 */
7410 return NO_MGMT_FRAME_PROTECTION;
7411 }
7412
7413 if (ssid &&
7414 (ssid->key_mgmt &
7415 ~(WPA_KEY_MGMT_NONE | WPA_KEY_MGMT_WPS |
7416 WPA_KEY_MGMT_IEEE8021X_NO_WPA)) == 0) {
7417 /*
7418 * Do not use the default PMF value for non-RSN networks
7419 * since PMF is available only with RSN and pmf=2
7420 * configuration would otherwise prevent connections to
7421 * all open networks.
7422 */
7423 return NO_MGMT_FRAME_PROTECTION;
7424 }
7425
7426 return wpa_s->conf->pmf;
7427 }
7428
7429 return ssid->ieee80211w;
7430 }
7431
7432
7433 int wpas_is_p2p_prioritized(struct wpa_supplicant *wpa_s)
7434 {
7435 if (wpa_s->global->conc_pref == WPA_CONC_PREF_P2P)
7436 return 1;
7437 if (wpa_s->global->conc_pref == WPA_CONC_PREF_STA)
7438 return 0;
7439 return -1;
7440 }
7441
7442
7443 void wpas_auth_failed(struct wpa_supplicant *wpa_s, char *reason)
7444 {
7445 struct wpa_ssid *ssid = wpa_s->current_ssid;
7446 int dur;
7447 struct os_reltime now;
7448
7449 if (ssid == NULL) {
7450 wpa_printf(MSG_DEBUG, "Authentication failure but no known "
7451 "SSID block");
7452 return;
7453 }
7454
7455 if (ssid->key_mgmt == WPA_KEY_MGMT_WPS)
7456 return;
7457
7458 ssid->auth_failures++;
7459
7460 #ifdef CONFIG_P2P
7461 if (ssid->p2p_group &&
7462 (wpa_s->p2p_in_provisioning || wpa_s->show_group_started)) {
7463 /*
7464 * Skip the wait time since there is a short timeout on the
7465 * connection to a P2P group.
7466 */
7467 return;
7468 }
7469 #endif /* CONFIG_P2P */
7470
7471 if (ssid->auth_failures > 50)
7472 dur = 300;
7473 else if (ssid->auth_failures > 10)
7474 dur = 120;
7475 else if (ssid->auth_failures > 5)
7476 dur = 90;
7477 else if (ssid->auth_failures > 3)
7478 dur = 60;
7479 else if (ssid->auth_failures > 2)
7480 dur = 30;
7481 else if (ssid->auth_failures > 1)
7482 dur = 20;
7483 else
7484 dur = 10;
7485
7486 if (ssid->auth_failures > 1 &&
7487 wpa_key_mgmt_wpa_ieee8021x(ssid->key_mgmt))
7488 dur += os_random() % (ssid->auth_failures * 10);
7489
7490 os_get_reltime(&now);
7491 if (now.sec + dur <= ssid->disabled_until.sec)
7492 return;
7493
7494 ssid->disabled_until.sec = now.sec + dur;
7495
7496 wpa_msg(wpa_s, MSG_INFO, WPA_EVENT_TEMP_DISABLED
7497 "id=%d ssid=\"%s\" auth_failures=%u duration=%d reason=%s",
7498 ssid->id, wpa_ssid_txt(ssid->ssid, ssid->ssid_len),
7499 ssid->auth_failures, dur, reason);
7500 }
7501
7502
7503 void wpas_clear_temp_disabled(struct wpa_supplicant *wpa_s,
7504 struct wpa_ssid *ssid, int clear_failures)
7505 {
7506 if (ssid == NULL)
7507 return;
7508
7509 if (ssid->disabled_until.sec) {
7510 wpa_msg(wpa_s, MSG_INFO, WPA_EVENT_REENABLED
7511 "id=%d ssid=\"%s\"",
7512 ssid->id, wpa_ssid_txt(ssid->ssid, ssid->ssid_len));
7513 }
7514 ssid->disabled_until.sec = 0;
7515 ssid->disabled_until.usec = 0;
7516 if (clear_failures)
7517 ssid->auth_failures = 0;
7518 }
7519
7520
7521 int disallowed_bssid(struct wpa_supplicant *wpa_s, const u8 *bssid)
7522 {
7523 size_t i;
7524
7525 if (wpa_s->disallow_aps_bssid == NULL)
7526 return 0;
7527
7528 for (i = 0; i < wpa_s->disallow_aps_bssid_count; i++) {
7529 if (os_memcmp(wpa_s->disallow_aps_bssid + i * ETH_ALEN,
7530 bssid, ETH_ALEN) == 0)
7531 return 1;
7532 }
7533
7534 return 0;
7535 }
7536
7537
7538 int disallowed_ssid(struct wpa_supplicant *wpa_s, const u8 *ssid,
7539 size_t ssid_len)
7540 {
7541 size_t i;
7542
7543 if (wpa_s->disallow_aps_ssid == NULL || ssid == NULL)
7544 return 0;
7545
7546 for (i = 0; i < wpa_s->disallow_aps_ssid_count; i++) {
7547 struct wpa_ssid_value *s = &wpa_s->disallow_aps_ssid[i];
7548 if (ssid_len == s->ssid_len &&
7549 os_memcmp(ssid, s->ssid, ssid_len) == 0)
7550 return 1;
7551 }
7552
7553 return 0;
7554 }
7555
7556
7557 /**
7558 * wpas_request_connection - Request a new connection
7559 * @wpa_s: Pointer to the network interface
7560 *
7561 * This function is used to request a new connection to be found. It will mark
7562 * the interface to allow reassociation and request a new scan to find a
7563 * suitable network to connect to.
7564 */
7565 void wpas_request_connection(struct wpa_supplicant *wpa_s)
7566 {
7567 wpa_s->normal_scans = 0;
7568 wpa_s->scan_req = NORMAL_SCAN_REQ;
7569 wpa_supplicant_reinit_autoscan(wpa_s);
7570 wpa_s->extra_blacklist_count = 0;
7571 wpa_s->disconnected = 0;
7572 wpa_s->reassociate = 1;
7573 wpa_s->last_owe_group = 0;
7574
7575 if (wpa_supplicant_fast_associate(wpa_s) != 1)
7576 wpa_supplicant_req_scan(wpa_s, 0, 0);
7577 else
7578 wpa_s->reattach = 0;
7579 }
7580
7581
7582 /**
7583 * wpas_request_disconnection - Request disconnection
7584 * @wpa_s: Pointer to the network interface
7585 *
7586 * This function is used to request disconnection from the currently connected
7587 * network. This will stop any ongoing scans and initiate deauthentication.
7588 */
7589 void wpas_request_disconnection(struct wpa_supplicant *wpa_s)
7590 {
7591 #ifdef CONFIG_SME
7592 wpa_s->sme.prev_bssid_set = 0;
7593 #endif /* CONFIG_SME */
7594 wpa_s->reassociate = 0;
7595 wpa_s->disconnected = 1;
7596 wpa_supplicant_cancel_sched_scan(wpa_s);
7597 wpa_supplicant_cancel_scan(wpa_s);
7598 wpa_supplicant_deauthenticate(wpa_s, WLAN_REASON_DEAUTH_LEAVING);
7599 eloop_cancel_timeout(wpas_network_reenabled, wpa_s, NULL);
7600 radio_remove_works(wpa_s, "connect", 0);
7601 radio_remove_works(wpa_s, "sme-connect", 0);
7602 }
7603
7604
7605 void dump_freq_data(struct wpa_supplicant *wpa_s, const char *title,
7606 struct wpa_used_freq_data *freqs_data,
7607 unsigned int len)
7608 {
7609 unsigned int i;
7610
7611 wpa_dbg(wpa_s, MSG_DEBUG, "Shared frequencies (len=%u): %s",
7612 len, title);
7613 for (i = 0; i < len; i++) {
7614 struct wpa_used_freq_data *cur = &freqs_data[i];
7615 wpa_dbg(wpa_s, MSG_DEBUG, "freq[%u]: %d, flags=0x%X",
7616 i, cur->freq, cur->flags);
7617 }
7618 }
7619
7620
7621 /*
7622 * Find the operating frequencies of any of the virtual interfaces that
7623 * are using the same radio as the current interface, and in addition, get
7624 * information about the interface types that are using the frequency.
7625 */
7626 int get_shared_radio_freqs_data(struct wpa_supplicant *wpa_s,
7627 struct wpa_used_freq_data *freqs_data,
7628 unsigned int len)
7629 {
7630 struct wpa_supplicant *ifs;
7631 u8 bssid[ETH_ALEN];
7632 int freq;
7633 unsigned int idx = 0, i;
7634
7635 wpa_dbg(wpa_s, MSG_DEBUG,
7636 "Determining shared radio frequencies (max len %u)", len);
7637 os_memset(freqs_data, 0, sizeof(struct wpa_used_freq_data) * len);
7638
7639 dl_list_for_each(ifs, &wpa_s->radio->ifaces, struct wpa_supplicant,
7640 radio_list) {
7641 if (idx == len)
7642 break;
7643
7644 if (ifs->current_ssid == NULL || ifs->assoc_freq == 0)
7645 continue;
7646
7647 if (ifs->current_ssid->mode == WPAS_MODE_AP ||
7648 ifs->current_ssid->mode == WPAS_MODE_P2P_GO ||
7649 ifs->current_ssid->mode == WPAS_MODE_MESH)
7650 freq = ifs->current_ssid->frequency;
7651 else if (wpa_drv_get_bssid(ifs, bssid) == 0)
7652 freq = ifs->assoc_freq;
7653 else
7654 continue;
7655
7656 /* Hold only distinct freqs */
7657 for (i = 0; i < idx; i++)
7658 if (freqs_data[i].freq == freq)
7659 break;
7660
7661 if (i == idx)
7662 freqs_data[idx++].freq = freq;
7663
7664 if (ifs->current_ssid->mode == WPAS_MODE_INFRA) {
7665 freqs_data[i].flags |= ifs->current_ssid->p2p_group ?
7666 WPA_FREQ_USED_BY_P2P_CLIENT :
7667 WPA_FREQ_USED_BY_INFRA_STATION;
7668 }
7669 }
7670
7671 dump_freq_data(wpa_s, "completed iteration", freqs_data, idx);
7672 return idx;
7673 }
7674
7675
7676 /*
7677 * Find the operating frequencies of any of the virtual interfaces that
7678 * are using the same radio as the current interface.
7679 */
7680 int get_shared_radio_freqs(struct wpa_supplicant *wpa_s,
7681 int *freq_array, unsigned int len)
7682 {
7683 struct wpa_used_freq_data *freqs_data;
7684 int num, i;
7685
7686 os_memset(freq_array, 0, sizeof(int) * len);
7687
7688 freqs_data = os_calloc(len, sizeof(struct wpa_used_freq_data));
7689 if (!freqs_data)
7690 return -1;
7691
7692 num = get_shared_radio_freqs_data(wpa_s, freqs_data, len);
7693 for (i = 0; i < num; i++)
7694 freq_array[i] = freqs_data[i].freq;
7695
7696 os_free(freqs_data);
7697
7698 return num;
7699 }
7700
7701
7702 struct wpa_supplicant *
7703 wpas_vendor_elem(struct wpa_supplicant *wpa_s, enum wpa_vendor_elem_frame frame)
7704 {
7705 switch (frame) {
7706 #ifdef CONFIG_P2P
7707 case VENDOR_ELEM_PROBE_REQ_P2P:
7708 case VENDOR_ELEM_PROBE_RESP_P2P:
7709 case VENDOR_ELEM_PROBE_RESP_P2P_GO:
7710 case VENDOR_ELEM_BEACON_P2P_GO:
7711 case VENDOR_ELEM_P2P_PD_REQ:
7712 case VENDOR_ELEM_P2P_PD_RESP:
7713 case VENDOR_ELEM_P2P_GO_NEG_REQ:
7714 case VENDOR_ELEM_P2P_GO_NEG_RESP:
7715 case VENDOR_ELEM_P2P_GO_NEG_CONF:
7716 case VENDOR_ELEM_P2P_INV_REQ:
7717 case VENDOR_ELEM_P2P_INV_RESP:
7718 case VENDOR_ELEM_P2P_ASSOC_REQ:
7719 case VENDOR_ELEM_P2P_ASSOC_RESP:
7720 return wpa_s->p2pdev;
7721 #endif /* CONFIG_P2P */
7722 default:
7723 return wpa_s;
7724 }
7725 }
7726
7727
7728 void wpas_vendor_elem_update(struct wpa_supplicant *wpa_s)
7729 {
7730 unsigned int i;
7731 char buf[30];
7732
7733 wpa_printf(MSG_DEBUG, "Update vendor elements");
7734
7735 for (i = 0; i < NUM_VENDOR_ELEM_FRAMES; i++) {
7736 if (wpa_s->vendor_elem[i]) {
7737 int res;
7738
7739 res = os_snprintf(buf, sizeof(buf), "frame[%u]", i);
7740 if (!os_snprintf_error(sizeof(buf), res)) {
7741 wpa_hexdump_buf(MSG_DEBUG, buf,
7742 wpa_s->vendor_elem[i]);
7743 }
7744 }
7745 }
7746
7747 #ifdef CONFIG_P2P
7748 if (wpa_s->parent == wpa_s &&
7749 wpa_s->global->p2p &&
7750 !wpa_s->global->p2p_disabled)
7751 p2p_set_vendor_elems(wpa_s->global->p2p, wpa_s->vendor_elem);
7752 #endif /* CONFIG_P2P */
7753 }
7754
7755
7756 int wpas_vendor_elem_remove(struct wpa_supplicant *wpa_s, int frame,
7757 const u8 *elem, size_t len)
7758 {
7759 u8 *ie, *end;
7760
7761 ie = wpabuf_mhead_u8(wpa_s->vendor_elem[frame]);
7762 end = ie + wpabuf_len(wpa_s->vendor_elem[frame]);
7763
7764 for (; ie + 1 < end; ie += 2 + ie[1]) {
7765 if (ie + len > end)
7766 break;
7767 if (os_memcmp(ie, elem, len) != 0)
7768 continue;
7769
7770 if (wpabuf_len(wpa_s->vendor_elem[frame]) == len) {
7771 wpabuf_free(wpa_s->vendor_elem[frame]);
7772 wpa_s->vendor_elem[frame] = NULL;
7773 } else {
7774 os_memmove(ie, ie + len, end - (ie + len));
7775 wpa_s->vendor_elem[frame]->used -= len;
7776 }
7777 wpas_vendor_elem_update(wpa_s);
7778 return 0;
7779 }
7780
7781 return -1;
7782 }
7783
7784
7785 struct hostapd_hw_modes * get_mode(struct hostapd_hw_modes *modes,
7786 u16 num_modes, enum hostapd_hw_mode mode,
7787 int is_6ghz)
7788 {
7789 u16 i;
7790
7791 for (i = 0; i < num_modes; i++) {
7792 if (modes[i].mode != mode ||
7793 !modes[i].num_channels || !modes[i].channels)
7794 continue;
7795 if ((!is_6ghz && !is_6ghz_freq(modes[i].channels[0].freq)) ||
7796 (is_6ghz && is_6ghz_freq(modes[i].channels[0].freq)))
7797 return &modes[i];
7798 }
7799
7800 return NULL;
7801 }
7802
7803
7804 static struct
7805 wpa_bss_tmp_disallowed * wpas_get_disallowed_bss(struct wpa_supplicant *wpa_s,
7806 const u8 *bssid)
7807 {
7808 struct wpa_bss_tmp_disallowed *bss;
7809
7810 dl_list_for_each(bss, &wpa_s->bss_tmp_disallowed,
7811 struct wpa_bss_tmp_disallowed, list) {
7812 if (os_memcmp(bssid, bss->bssid, ETH_ALEN) == 0)
7813 return bss;
7814 }
7815
7816 return NULL;
7817 }
7818
7819
7820 static int wpa_set_driver_tmp_disallow_list(struct wpa_supplicant *wpa_s)
7821 {
7822 struct wpa_bss_tmp_disallowed *tmp;
7823 unsigned int num_bssid = 0;
7824 u8 *bssids;
7825 int ret;
7826
7827 bssids = os_malloc(dl_list_len(&wpa_s->bss_tmp_disallowed) * ETH_ALEN);
7828 if (!bssids)
7829 return -1;
7830 dl_list_for_each(tmp, &wpa_s->bss_tmp_disallowed,
7831 struct wpa_bss_tmp_disallowed, list) {
7832 os_memcpy(&bssids[num_bssid * ETH_ALEN], tmp->bssid,
7833 ETH_ALEN);
7834 num_bssid++;
7835 }
7836 ret = wpa_drv_set_bssid_blacklist(wpa_s, num_bssid, bssids);
7837 os_free(bssids);
7838 return ret;
7839 }
7840
7841
7842 static void wpa_bss_tmp_disallow_timeout(void *eloop_ctx, void *timeout_ctx)
7843 {
7844 struct wpa_supplicant *wpa_s = eloop_ctx;
7845 struct wpa_bss_tmp_disallowed *tmp, *bss = timeout_ctx;
7846
7847 /* Make sure the bss is not already freed */
7848 dl_list_for_each(tmp, &wpa_s->bss_tmp_disallowed,
7849 struct wpa_bss_tmp_disallowed, list) {
7850 if (bss == tmp) {
7851 dl_list_del(&tmp->list);
7852 os_free(tmp);
7853 wpa_set_driver_tmp_disallow_list(wpa_s);
7854 break;
7855 }
7856 }
7857 }
7858
7859
7860 void wpa_bss_tmp_disallow(struct wpa_supplicant *wpa_s, const u8 *bssid,
7861 unsigned int sec, int rssi_threshold)
7862 {
7863 struct wpa_bss_tmp_disallowed *bss;
7864
7865 bss = wpas_get_disallowed_bss(wpa_s, bssid);
7866 if (bss) {
7867 eloop_cancel_timeout(wpa_bss_tmp_disallow_timeout, wpa_s, bss);
7868 goto finish;
7869 }
7870
7871 bss = os_malloc(sizeof(*bss));
7872 if (!bss) {
7873 wpa_printf(MSG_DEBUG,
7874 "Failed to allocate memory for temp disallow BSS");
7875 return;
7876 }
7877
7878 os_memcpy(bss->bssid, bssid, ETH_ALEN);
7879 dl_list_add(&wpa_s->bss_tmp_disallowed, &bss->list);
7880 wpa_set_driver_tmp_disallow_list(wpa_s);
7881
7882 finish:
7883 bss->rssi_threshold = rssi_threshold;
7884 eloop_register_timeout(sec, 0, wpa_bss_tmp_disallow_timeout,
7885 wpa_s, bss);
7886 }
7887
7888
7889 int wpa_is_bss_tmp_disallowed(struct wpa_supplicant *wpa_s,
7890 struct wpa_bss *bss)
7891 {
7892 struct wpa_bss_tmp_disallowed *disallowed = NULL, *tmp, *prev;
7893
7894 dl_list_for_each_safe(tmp, prev, &wpa_s->bss_tmp_disallowed,
7895 struct wpa_bss_tmp_disallowed, list) {
7896 if (os_memcmp(bss->bssid, tmp->bssid, ETH_ALEN) == 0) {
7897 disallowed = tmp;
7898 break;
7899 }
7900 }
7901 if (!disallowed)
7902 return 0;
7903
7904 if (disallowed->rssi_threshold != 0 &&
7905 bss->level > disallowed->rssi_threshold)
7906 return 0;
7907
7908 return 1;
7909 }
7910
7911
7912 int wpas_enable_mac_addr_randomization(struct wpa_supplicant *wpa_s,
7913 unsigned int type, const u8 *addr,
7914 const u8 *mask)
7915 {
7916 if ((addr && !mask) || (!addr && mask)) {
7917 wpa_printf(MSG_INFO,
7918 "MAC_ADDR_RAND_SCAN invalid addr/mask combination");
7919 return -1;
7920 }
7921
7922 if (addr && mask && (!(mask[0] & 0x01) || (addr[0] & 0x01))) {
7923 wpa_printf(MSG_INFO,
7924 "MAC_ADDR_RAND_SCAN cannot allow multicast address");
7925 return -1;
7926 }
7927
7928 if (type & MAC_ADDR_RAND_SCAN) {
7929 if (wpas_mac_addr_rand_scan_set(wpa_s, MAC_ADDR_RAND_SCAN,
7930 addr, mask))
7931 return -1;
7932 }
7933
7934 if (type & MAC_ADDR_RAND_SCHED_SCAN) {
7935 if (wpas_mac_addr_rand_scan_set(wpa_s, MAC_ADDR_RAND_SCHED_SCAN,
7936 addr, mask))
7937 return -1;
7938
7939 if (wpa_s->sched_scanning && !wpa_s->pno)
7940 wpas_scan_restart_sched_scan(wpa_s);
7941 }
7942
7943 if (type & MAC_ADDR_RAND_PNO) {
7944 if (wpas_mac_addr_rand_scan_set(wpa_s, MAC_ADDR_RAND_PNO,
7945 addr, mask))
7946 return -1;
7947
7948 if (wpa_s->pno) {
7949 wpas_stop_pno(wpa_s);
7950 wpas_start_pno(wpa_s);
7951 }
7952 }
7953
7954 return 0;
7955 }
7956
7957
7958 int wpas_disable_mac_addr_randomization(struct wpa_supplicant *wpa_s,
7959 unsigned int type)
7960 {
7961 wpas_mac_addr_rand_scan_clear(wpa_s, type);
7962 if (wpa_s->pno) {
7963 if (type & MAC_ADDR_RAND_PNO) {
7964 wpas_stop_pno(wpa_s);
7965 wpas_start_pno(wpa_s);
7966 }
7967 } else if (wpa_s->sched_scanning && (type & MAC_ADDR_RAND_SCHED_SCAN)) {
7968 wpas_scan_restart_sched_scan(wpa_s);
7969 }
7970
7971 return 0;
7972 }
7973
7974
7975 int wpa_drv_signal_poll(struct wpa_supplicant *wpa_s,
7976 struct wpa_signal_info *si)
7977 {
7978 int res;
7979
7980 if (!wpa_s->driver->signal_poll)
7981 return -1;
7982
7983 res = wpa_s->driver->signal_poll(wpa_s->drv_priv, si);
7984
7985 #ifdef CONFIG_TESTING_OPTIONS
7986 if (res == 0) {
7987 struct driver_signal_override *dso;
7988
7989 dl_list_for_each(dso, &wpa_s->drv_signal_override,
7990 struct driver_signal_override, list) {
7991 if (os_memcmp(wpa_s->bssid, dso->bssid,
7992 ETH_ALEN) != 0)
7993 continue;
7994 wpa_printf(MSG_DEBUG,
7995 "Override driver signal_poll information: current_signal: %d->%d avg_signal: %d->%d avg_beacon_signal: %d->%d current_noise: %d->%d",
7996 si->current_signal,
7997 dso->si_current_signal,
7998 si->avg_signal,
7999 dso->si_avg_signal,
8000 si->avg_beacon_signal,
8001 dso->si_avg_beacon_signal,
8002 si->current_noise,
8003 dso->si_current_noise);
8004 si->current_signal = dso->si_current_signal;
8005 si->avg_signal = dso->si_avg_signal;
8006 si->avg_beacon_signal = dso->si_avg_beacon_signal;
8007 si->current_noise = dso->si_current_noise;
8008 break;
8009 }
8010 }
8011 #endif /* CONFIG_TESTING_OPTIONS */
8012
8013 return res;
8014 }
8015
8016
8017 struct wpa_scan_results *
8018 wpa_drv_get_scan_results2(struct wpa_supplicant *wpa_s)
8019 {
8020 struct wpa_scan_results *scan_res;
8021 #ifdef CONFIG_TESTING_OPTIONS
8022 size_t idx;
8023 #endif /* CONFIG_TESTING_OPTIONS */
8024
8025 if (!wpa_s->driver->get_scan_results2)
8026 return NULL;
8027
8028 scan_res = wpa_s->driver->get_scan_results2(wpa_s->drv_priv);
8029
8030 #ifdef CONFIG_TESTING_OPTIONS
8031 for (idx = 0; scan_res && idx < scan_res->num; idx++) {
8032 struct driver_signal_override *dso;
8033 struct wpa_scan_res *res = scan_res->res[idx];
8034
8035 dl_list_for_each(dso, &wpa_s->drv_signal_override,
8036 struct driver_signal_override, list) {
8037 if (os_memcmp(res->bssid, dso->bssid, ETH_ALEN) != 0)
8038 continue;
8039 wpa_printf(MSG_DEBUG,
8040 "Override driver scan signal level %d->%d for "
8041 MACSTR,
8042 res->level, dso->scan_level,
8043 MAC2STR(res->bssid));
8044 res->flags |= WPA_SCAN_QUAL_INVALID;
8045 if (dso->scan_level < 0)
8046 res->flags |= WPA_SCAN_LEVEL_DBM;
8047 else
8048 res->flags &= ~WPA_SCAN_LEVEL_DBM;
8049 res->level = dso->scan_level;
8050 break;
8051 }
8052 }
8053 #endif /* CONFIG_TESTING_OPTIONS */
8054
8055 return scan_res;
8056 }
Unnamed repository; edit this file 'description' to name the repository.