]> git.ipfire.org Git - thirdparty/hostap.git/blame_incremental - wpa_supplicant/wpa_supplicant.c
projects / thirdparty / hostap.git / blame_incremental
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (non-incremental) | history | HEAD
OCE: Mandate PMF for WPA2 association with OCE AP
[thirdparty/hostap.git] / wpa_supplicant / wpa_supplicant.c
... / ...
CommitLineData
1/*
2 * WPA Supplicant
3 * Copyright (c) 2003-2019, Jouni Malinen <j@w1.fi>
4 *
5 * This software may be distributed under the terms of the BSD license.
6 * See README for more details.
7 *
8 * This file implements functions for registering and unregistering
9 * %wpa_supplicant interfaces. In addition, this file contains number of
10 * functions for managing network connections.
11 */
12
13#include "includes.h"
14#ifdef CONFIG_MATCH_IFACE
15#include <net/if.h>
16#include <fnmatch.h>
17#endif /* CONFIG_MATCH_IFACE */
18
19#include "common.h"
20#include "crypto/random.h"
21#include "crypto/sha1.h"
22#include "eapol_supp/eapol_supp_sm.h"
23#include "eap_peer/eap.h"
24#include "eap_peer/eap_proxy.h"
25#include "eap_server/eap_methods.h"
26#include "rsn_supp/wpa.h"
27#include "eloop.h"
28#include "config.h"
29#include "utils/ext_password.h"
30#include "l2_packet/l2_packet.h"
31#include "wpa_supplicant_i.h"
32#include "driver_i.h"
33#include "ctrl_iface.h"
34#include "pcsc_funcs.h"
35#include "common/version.h"
36#include "rsn_supp/preauth.h"
37#include "rsn_supp/pmksa_cache.h"
38#include "common/wpa_ctrl.h"
39#include "common/ieee802_11_common.h"
40#include "common/ieee802_11_defs.h"
41#include "common/hw_features_common.h"
42#include "common/gas_server.h"
43#include "common/dpp.h"
44#include "p2p/p2p.h"
45#include "fst/fst.h"
46#include "blacklist.h"
47#include "wpas_glue.h"
48#include "wps_supplicant.h"
49#include "ibss_rsn.h"
50#include "sme.h"
51#include "gas_query.h"
52#include "ap.h"
53#include "p2p_supplicant.h"
54#include "wifi_display.h"
55#include "notify.h"
56#include "bgscan.h"
57#include "autoscan.h"
58#include "bss.h"
59#include "scan.h"
60#include "offchannel.h"
61#include "hs20_supplicant.h"
62#include "wnm_sta.h"
63#include "wpas_kay.h"
64#include "mesh.h"
65#include "dpp_supplicant.h"
66#ifdef CONFIG_MESH
67#include "ap/ap_config.h"
68#include "ap/hostapd.h"
69#endif /* CONFIG_MESH */
70
71const char *const wpa_supplicant_version =
72"wpa_supplicant v" VERSION_STR "\n"
73"Copyright (c) 2003-2019, Jouni Malinen <j@w1.fi> and contributors";
74
75const char *const wpa_supplicant_license =
76"This software may be distributed under the terms of the BSD license.\n"
77"See README for more details.\n"
78#ifdef EAP_TLS_OPENSSL
79"\nThis product includes software developed by the OpenSSL Project\n"
80"for use in the OpenSSL Toolkit (http://www.openssl.org/)\n"
81#endif /* EAP_TLS_OPENSSL */
82;
83
84#ifndef CONFIG_NO_STDOUT_DEBUG
85/* Long text divided into parts in order to fit in C89 strings size limits. */
86const char *const wpa_supplicant_full_license1 =
87"";
88const char *const wpa_supplicant_full_license2 =
89"This software may be distributed under the terms of the BSD license.\n"
90"\n"
91"Redistribution and use in source and binary forms, with or without\n"
92"modification, are permitted provided that the following conditions are\n"
93"met:\n"
94"\n";
95const char *const wpa_supplicant_full_license3 =
96"1. Redistributions of source code must retain the above copyright\n"
97" notice, this list of conditions and the following disclaimer.\n"
98"\n"
99"2. Redistributions in binary form must reproduce the above copyright\n"
100" notice, this list of conditions and the following disclaimer in the\n"
101" documentation and/or other materials provided with the distribution.\n"
102"\n";
103const char *const wpa_supplicant_full_license4 =
104"3. Neither the name(s) of the above-listed copyright holder(s) nor the\n"
105" names of its contributors may be used to endorse or promote products\n"
106" derived from this software without specific prior written permission.\n"
107"\n"
108"THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS\n"
109"\"AS IS\" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT\n"
110"LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR\n"
111"A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT\n";
112const char *const wpa_supplicant_full_license5 =
113"OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,\n"
114"SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT\n"
115"LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,\n"
116"DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY\n"
117"THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT\n"
118"(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE\n"
119"OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n"
120"\n";
121#endif /* CONFIG_NO_STDOUT_DEBUG */
122
123
124static void wpa_bss_tmp_disallow_timeout(void *eloop_ctx, void *timeout_ctx);
125#if defined(CONFIG_FILS) && defined(IEEE8021X_EAPOL)
126static void wpas_update_fils_connect_params(struct wpa_supplicant *wpa_s);
127#endif /* CONFIG_FILS && IEEE8021X_EAPOL */
128
129
130/* Configure default/group WEP keys for static WEP */
131int wpa_set_wep_keys(struct wpa_supplicant *wpa_s, struct wpa_ssid *ssid)
132{
133 int i, set = 0;
134
135 for (i = 0; i < NUM_WEP_KEYS; i++) {
136 if (ssid->wep_key_len[i] == 0)
137 continue;
138
139 set = 1;
140 wpa_drv_set_key(wpa_s, WPA_ALG_WEP, NULL,
141 i, i == ssid->wep_tx_keyidx, NULL, 0,
142 ssid->wep_key[i], ssid->wep_key_len[i]);
143 }
144
145 return set;
146}
147
148
149int wpa_supplicant_set_wpa_none_key(struct wpa_supplicant *wpa_s,
150 struct wpa_ssid *ssid)
151{
152 u8 key[32];
153 size_t keylen;
154 enum wpa_alg alg;
155 u8 seq[6] = { 0 };
156 int ret;
157
158 /* IBSS/WPA-None uses only one key (Group) for both receiving and
159 * sending unicast and multicast packets. */
160
161 if (ssid->mode != WPAS_MODE_IBSS) {
162 wpa_msg(wpa_s, MSG_INFO, "WPA: Invalid mode %d (not "
163 "IBSS/ad-hoc) for WPA-None", ssid->mode);
164 return -1;
165 }
166
167 if (!ssid->psk_set) {
168 wpa_msg(wpa_s, MSG_INFO, "WPA: No PSK configured for "
169 "WPA-None");
170 return -1;
171 }
172
173 switch (wpa_s->group_cipher) {
174 case WPA_CIPHER_CCMP:
175 os_memcpy(key, ssid->psk, 16);
176 keylen = 16;
177 alg = WPA_ALG_CCMP;
178 break;
179 case WPA_CIPHER_GCMP:
180 os_memcpy(key, ssid->psk, 16);
181 keylen = 16;
182 alg = WPA_ALG_GCMP;
183 break;
184 case WPA_CIPHER_TKIP:
185 /* WPA-None uses the same Michael MIC key for both TX and RX */
186 os_memcpy(key, ssid->psk, 16 + 8);
187 os_memcpy(key + 16 + 8, ssid->psk + 16, 8);
188 keylen = 32;
189 alg = WPA_ALG_TKIP;
190 break;
191 default:
192 wpa_msg(wpa_s, MSG_INFO, "WPA: Invalid group cipher %d for "
193 "WPA-None", wpa_s->group_cipher);
194 return -1;
195 }
196
197 /* TODO: should actually remember the previously used seq#, both for TX
198 * and RX from each STA.. */
199
200 ret = wpa_drv_set_key(wpa_s, alg, NULL, 0, 1, seq, 6, key, keylen);
201 os_memset(key, 0, sizeof(key));
202 return ret;
203}
204
205
206static void wpa_supplicant_timeout(void *eloop_ctx, void *timeout_ctx)
207{
208 struct wpa_supplicant *wpa_s = eloop_ctx;
209 const u8 *bssid = wpa_s->bssid;
210 if (!is_zero_ether_addr(wpa_s->pending_bssid) &&
211 (wpa_s->wpa_state == WPA_AUTHENTICATING ||
212 wpa_s->wpa_state == WPA_ASSOCIATING))
213 bssid = wpa_s->pending_bssid;
214 wpa_msg(wpa_s, MSG_INFO, "Authentication with " MACSTR " timed out.",
215 MAC2STR(bssid));
216 wpa_blacklist_add(wpa_s, bssid);
217 wpa_sm_notify_disassoc(wpa_s->wpa);
218 wpa_supplicant_deauthenticate(wpa_s, WLAN_REASON_DEAUTH_LEAVING);
219 wpa_s->reassociate = 1;
220
221 /*
222 * If we timed out, the AP or the local radio may be busy.
223 * So, wait a second until scanning again.
224 */
225 wpa_supplicant_req_scan(wpa_s, 1, 0);
226}
227
228
229/**
230 * wpa_supplicant_req_auth_timeout - Schedule a timeout for authentication
231 * @wpa_s: Pointer to wpa_supplicant data
232 * @sec: Number of seconds after which to time out authentication
233 * @usec: Number of microseconds after which to time out authentication
234 *
235 * This function is used to schedule a timeout for the current authentication
236 * attempt.
237 */
238void wpa_supplicant_req_auth_timeout(struct wpa_supplicant *wpa_s,
239 int sec, int usec)
240{
241 if (wpa_s->conf->ap_scan == 0 &&
242 (wpa_s->drv_flags & WPA_DRIVER_FLAGS_WIRED))
243 return;
244
245 wpa_dbg(wpa_s, MSG_DEBUG, "Setting authentication timeout: %d sec "
246 "%d usec", sec, usec);
247 eloop_cancel_timeout(wpa_supplicant_timeout, wpa_s, NULL);
248 wpa_s->last_auth_timeout_sec = sec;
249 eloop_register_timeout(sec, usec, wpa_supplicant_timeout, wpa_s, NULL);
250}
251
252
253/*
254 * wpas_auth_timeout_restart - Restart and change timeout for authentication
255 * @wpa_s: Pointer to wpa_supplicant data
256 * @sec_diff: difference in seconds applied to original timeout value
257 */
258void wpas_auth_timeout_restart(struct wpa_supplicant *wpa_s, int sec_diff)
259{
260 int new_sec = wpa_s->last_auth_timeout_sec + sec_diff;
261
262 if (eloop_is_timeout_registered(wpa_supplicant_timeout, wpa_s, NULL)) {
263 wpa_dbg(wpa_s, MSG_DEBUG,
264 "Authentication timeout restart: %d sec", new_sec);
265 eloop_cancel_timeout(wpa_supplicant_timeout, wpa_s, NULL);
266 eloop_register_timeout(new_sec, 0, wpa_supplicant_timeout,
267 wpa_s, NULL);
268 }
269}
270
271
272/**
273 * wpa_supplicant_cancel_auth_timeout - Cancel authentication timeout
274 * @wpa_s: Pointer to wpa_supplicant data
275 *
276 * This function is used to cancel authentication timeout scheduled with
277 * wpa_supplicant_req_auth_timeout() and it is called when authentication has
278 * been completed.
279 */
280void wpa_supplicant_cancel_auth_timeout(struct wpa_supplicant *wpa_s)
281{
282 wpa_dbg(wpa_s, MSG_DEBUG, "Cancelling authentication timeout");
283 eloop_cancel_timeout(wpa_supplicant_timeout, wpa_s, NULL);
284 wpa_blacklist_del(wpa_s, wpa_s->bssid);
285 os_free(wpa_s->last_con_fail_realm);
286 wpa_s->last_con_fail_realm = NULL;
287 wpa_s->last_con_fail_realm_len = 0;
288}
289
290
291/**
292 * wpa_supplicant_initiate_eapol - Configure EAPOL state machine
293 * @wpa_s: Pointer to wpa_supplicant data
294 *
295 * This function is used to configure EAPOL state machine based on the selected
296 * authentication mode.
297 */
298void wpa_supplicant_initiate_eapol(struct wpa_supplicant *wpa_s)
299{
300#ifdef IEEE8021X_EAPOL
301 struct eapol_config eapol_conf;
302 struct wpa_ssid *ssid = wpa_s->current_ssid;
303
304#ifdef CONFIG_IBSS_RSN
305 if (ssid->mode == WPAS_MODE_IBSS &&
306 wpa_s->key_mgmt != WPA_KEY_MGMT_NONE &&
307 wpa_s->key_mgmt != WPA_KEY_MGMT_WPA_NONE) {
308 /*
309 * RSN IBSS authentication is per-STA and we can disable the
310 * per-BSSID EAPOL authentication.
311 */
312 eapol_sm_notify_portControl(wpa_s->eapol, ForceAuthorized);
313 eapol_sm_notify_eap_success(wpa_s->eapol, TRUE);
314 eapol_sm_notify_eap_fail(wpa_s->eapol, FALSE);
315 return;
316 }
317#endif /* CONFIG_IBSS_RSN */
318
319 eapol_sm_notify_eap_success(wpa_s->eapol, FALSE);
320 eapol_sm_notify_eap_fail(wpa_s->eapol, FALSE);
321
322 if (wpa_s->key_mgmt == WPA_KEY_MGMT_NONE ||
323 wpa_s->key_mgmt == WPA_KEY_MGMT_WPA_NONE)
324 eapol_sm_notify_portControl(wpa_s->eapol, ForceAuthorized);
325 else
326 eapol_sm_notify_portControl(wpa_s->eapol, Auto);
327
328 os_memset(&eapol_conf, 0, sizeof(eapol_conf));
329 if (wpa_s->key_mgmt == WPA_KEY_MGMT_IEEE8021X_NO_WPA) {
330 eapol_conf.accept_802_1x_keys = 1;
331 eapol_conf.required_keys = 0;
332 if (ssid->eapol_flags & EAPOL_FLAG_REQUIRE_KEY_UNICAST) {
333 eapol_conf.required_keys |= EAPOL_REQUIRE_KEY_UNICAST;
334 }
335 if (ssid->eapol_flags & EAPOL_FLAG_REQUIRE_KEY_BROADCAST) {
336 eapol_conf.required_keys |=
337 EAPOL_REQUIRE_KEY_BROADCAST;
338 }
339
340 if (wpa_s->drv_flags & WPA_DRIVER_FLAGS_WIRED)
341 eapol_conf.required_keys = 0;
342 }
343 eapol_conf.fast_reauth = wpa_s->conf->fast_reauth;
344 eapol_conf.workaround = ssid->eap_workaround;
345 eapol_conf.eap_disabled =
346 !wpa_key_mgmt_wpa_ieee8021x(wpa_s->key_mgmt) &&
347 wpa_s->key_mgmt != WPA_KEY_MGMT_IEEE8021X_NO_WPA &&
348 wpa_s->key_mgmt != WPA_KEY_MGMT_WPS;
349 eapol_conf.external_sim = wpa_s->conf->external_sim;
350
351#ifdef CONFIG_WPS
352 if (wpa_s->key_mgmt == WPA_KEY_MGMT_WPS) {
353 eapol_conf.wps |= EAPOL_LOCAL_WPS_IN_USE;
354 if (wpa_s->current_bss) {
355 struct wpabuf *ie;
356 ie = wpa_bss_get_vendor_ie_multi(wpa_s->current_bss,
357 WPS_IE_VENDOR_TYPE);
358 if (ie) {
359 if (wps_is_20(ie))
360 eapol_conf.wps |=
361 EAPOL_PEER_IS_WPS20_AP;
362 wpabuf_free(ie);
363 }
364 }
365 }
366#endif /* CONFIG_WPS */
367
368 eapol_sm_notify_config(wpa_s->eapol, &ssid->eap, &eapol_conf);
369
370#ifdef CONFIG_MACSEC
371 if (wpa_s->key_mgmt == WPA_KEY_MGMT_NONE && ssid->mka_psk_set)
372 ieee802_1x_create_preshared_mka(wpa_s, ssid);
373 else
374 ieee802_1x_alloc_kay_sm(wpa_s, ssid);
375#endif /* CONFIG_MACSEC */
376#endif /* IEEE8021X_EAPOL */
377}
378
379
380/**
381 * wpa_supplicant_set_non_wpa_policy - Set WPA parameters to non-WPA mode
382 * @wpa_s: Pointer to wpa_supplicant data
383 * @ssid: Configuration data for the network
384 *
385 * This function is used to configure WPA state machine and related parameters
386 * to a mode where WPA is not enabled. This is called as part of the
387 * authentication configuration when the selected network does not use WPA.
388 */
389void wpa_supplicant_set_non_wpa_policy(struct wpa_supplicant *wpa_s,
390 struct wpa_ssid *ssid)
391{
392 int i;
393
394 if (ssid->key_mgmt & WPA_KEY_MGMT_WPS)
395 wpa_s->key_mgmt = WPA_KEY_MGMT_WPS;
396 else if (ssid->key_mgmt & WPA_KEY_MGMT_IEEE8021X_NO_WPA)
397 wpa_s->key_mgmt = WPA_KEY_MGMT_IEEE8021X_NO_WPA;
398 else
399 wpa_s->key_mgmt = WPA_KEY_MGMT_NONE;
400 wpa_sm_set_ap_wpa_ie(wpa_s->wpa, NULL, 0);
401 wpa_sm_set_ap_rsn_ie(wpa_s->wpa, NULL, 0);
402 wpa_sm_set_assoc_wpa_ie(wpa_s->wpa, NULL, 0);
403 wpa_s->pairwise_cipher = WPA_CIPHER_NONE;
404 wpa_s->group_cipher = WPA_CIPHER_NONE;
405 wpa_s->mgmt_group_cipher = 0;
406
407 for (i = 0; i < NUM_WEP_KEYS; i++) {
408 if (ssid->wep_key_len[i] > 5) {
409 wpa_s->pairwise_cipher = WPA_CIPHER_WEP104;
410 wpa_s->group_cipher = WPA_CIPHER_WEP104;
411 break;
412 } else if (ssid->wep_key_len[i] > 0) {
413 wpa_s->pairwise_cipher = WPA_CIPHER_WEP40;
414 wpa_s->group_cipher = WPA_CIPHER_WEP40;
415 break;
416 }
417 }
418
419 wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_RSN_ENABLED, 0);
420 wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_KEY_MGMT, wpa_s->key_mgmt);
421 wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_PAIRWISE,
422 wpa_s->pairwise_cipher);
423 wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_GROUP, wpa_s->group_cipher);
424#ifdef CONFIG_IEEE80211W
425 wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_MGMT_GROUP,
426 wpa_s->mgmt_group_cipher);
427#endif /* CONFIG_IEEE80211W */
428
429 pmksa_cache_clear_current(wpa_s->wpa);
430}
431
432
433void free_hw_features(struct wpa_supplicant *wpa_s)
434{
435 int i;
436 if (wpa_s->hw.modes == NULL)
437 return;
438
439 for (i = 0; i < wpa_s->hw.num_modes; i++) {
440 os_free(wpa_s->hw.modes[i].channels);
441 os_free(wpa_s->hw.modes[i].rates);
442 }
443
444 os_free(wpa_s->hw.modes);
445 wpa_s->hw.modes = NULL;
446}
447
448
449void free_bss_tmp_disallowed(struct wpa_supplicant *wpa_s)
450{
451 struct wpa_bss_tmp_disallowed *bss, *prev;
452
453 dl_list_for_each_safe(bss, prev, &wpa_s->bss_tmp_disallowed,
454 struct wpa_bss_tmp_disallowed, list) {
455 eloop_cancel_timeout(wpa_bss_tmp_disallow_timeout, wpa_s, bss);
456 dl_list_del(&bss->list);
457 os_free(bss);
458 }
459}
460
461
462void wpas_flush_fils_hlp_req(struct wpa_supplicant *wpa_s)
463{
464 struct fils_hlp_req *req;
465
466 while ((req = dl_list_first(&wpa_s->fils_hlp_req, struct fils_hlp_req,
467 list)) != NULL) {
468 dl_list_del(&req->list);
469 wpabuf_free(req->pkt);
470 os_free(req);
471 }
472}
473
474
475static void wpa_supplicant_cleanup(struct wpa_supplicant *wpa_s)
476{
477 int i;
478
479 bgscan_deinit(wpa_s);
480 autoscan_deinit(wpa_s);
481 scard_deinit(wpa_s->scard);
482 wpa_s->scard = NULL;
483 wpa_sm_set_scard_ctx(wpa_s->wpa, NULL);
484 eapol_sm_register_scard_ctx(wpa_s->eapol, NULL);
485 l2_packet_deinit(wpa_s->l2);
486 wpa_s->l2 = NULL;
487 if (wpa_s->l2_br) {
488 l2_packet_deinit(wpa_s->l2_br);
489 wpa_s->l2_br = NULL;
490 }
491#ifdef CONFIG_TESTING_OPTIONS
492 l2_packet_deinit(wpa_s->l2_test);
493 wpa_s->l2_test = NULL;
494 os_free(wpa_s->get_pref_freq_list_override);
495 wpa_s->get_pref_freq_list_override = NULL;
496 wpabuf_free(wpa_s->last_assoc_req_wpa_ie);
497 wpa_s->last_assoc_req_wpa_ie = NULL;
498#endif /* CONFIG_TESTING_OPTIONS */
499
500 if (wpa_s->conf != NULL) {
501 struct wpa_ssid *ssid;
502 for (ssid = wpa_s->conf->ssid; ssid; ssid = ssid->next)
503 wpas_notify_network_removed(wpa_s, ssid);
504 }
505
506 os_free(wpa_s->confname);
507 wpa_s->confname = NULL;
508
509 os_free(wpa_s->confanother);
510 wpa_s->confanother = NULL;
511
512 os_free(wpa_s->last_con_fail_realm);
513 wpa_s->last_con_fail_realm = NULL;
514 wpa_s->last_con_fail_realm_len = 0;
515
516 wpa_sm_set_eapol(wpa_s->wpa, NULL);
517 eapol_sm_deinit(wpa_s->eapol);
518 wpa_s->eapol = NULL;
519
520 rsn_preauth_deinit(wpa_s->wpa);
521
522#ifdef CONFIG_TDLS
523 wpa_tdls_deinit(wpa_s->wpa);
524#endif /* CONFIG_TDLS */
525
526 wmm_ac_clear_saved_tspecs(wpa_s);
527 pmksa_candidate_free(wpa_s->wpa);
528 wpa_sm_deinit(wpa_s->wpa);
529 wpa_s->wpa = NULL;
530 wpa_blacklist_clear(wpa_s);
531
532 wpa_bss_deinit(wpa_s);
533
534 wpa_supplicant_cancel_delayed_sched_scan(wpa_s);
535 wpa_supplicant_cancel_scan(wpa_s);
536 wpa_supplicant_cancel_auth_timeout(wpa_s);
537 eloop_cancel_timeout(wpa_supplicant_stop_countermeasures, wpa_s, NULL);
538#ifdef CONFIG_DELAYED_MIC_ERROR_REPORT
539 eloop_cancel_timeout(wpa_supplicant_delayed_mic_error_report,
540 wpa_s, NULL);
541#endif /* CONFIG_DELAYED_MIC_ERROR_REPORT */
542
543 eloop_cancel_timeout(wpas_network_reenabled, wpa_s, NULL);
544
545 wpas_wps_deinit(wpa_s);
546
547 wpabuf_free(wpa_s->pending_eapol_rx);
548 wpa_s->pending_eapol_rx = NULL;
549
550#ifdef CONFIG_IBSS_RSN
551 ibss_rsn_deinit(wpa_s->ibss_rsn);
552 wpa_s->ibss_rsn = NULL;
553#endif /* CONFIG_IBSS_RSN */
554
555 sme_deinit(wpa_s);
556
557#ifdef CONFIG_AP
558 wpa_supplicant_ap_deinit(wpa_s);
559#endif /* CONFIG_AP */
560
561 wpas_p2p_deinit(wpa_s);
562
563#ifdef CONFIG_OFFCHANNEL
564 offchannel_deinit(wpa_s);
565#endif /* CONFIG_OFFCHANNEL */
566
567 wpa_supplicant_cancel_sched_scan(wpa_s);
568
569 os_free(wpa_s->next_scan_freqs);
570 wpa_s->next_scan_freqs = NULL;
571
572 os_free(wpa_s->manual_scan_freqs);
573 wpa_s->manual_scan_freqs = NULL;
574 os_free(wpa_s->select_network_scan_freqs);
575 wpa_s->select_network_scan_freqs = NULL;
576
577 os_free(wpa_s->manual_sched_scan_freqs);
578 wpa_s->manual_sched_scan_freqs = NULL;
579
580 wpas_mac_addr_rand_scan_clear(wpa_s, MAC_ADDR_RAND_ALL);
581
582 /*
583 * Need to remove any pending gas-query radio work before the
584 * gas_query_deinit() call because gas_query::work has not yet been set
585 * for works that have not been started. gas_query_free() will be unable
586 * to cancel such pending radio works and once the pending gas-query
587 * radio work eventually gets removed, the deinit notification call to
588 * gas_query_start_cb() would result in dereferencing freed memory.
589 */
590 if (wpa_s->radio)
591 radio_remove_works(wpa_s, "gas-query", 0);
592 gas_query_deinit(wpa_s->gas);
593 wpa_s->gas = NULL;
594 gas_server_deinit(wpa_s->gas_server);
595 wpa_s->gas_server = NULL;
596
597 free_hw_features(wpa_s);
598
599 ieee802_1x_dealloc_kay_sm(wpa_s);
600
601 os_free(wpa_s->bssid_filter);
602 wpa_s->bssid_filter = NULL;
603
604 os_free(wpa_s->disallow_aps_bssid);
605 wpa_s->disallow_aps_bssid = NULL;
606 os_free(wpa_s->disallow_aps_ssid);
607 wpa_s->disallow_aps_ssid = NULL;
608
609 wnm_bss_keep_alive_deinit(wpa_s);
610#ifdef CONFIG_WNM
611 wnm_deallocate_memory(wpa_s);
612#endif /* CONFIG_WNM */
613
614 ext_password_deinit(wpa_s->ext_pw);
615 wpa_s->ext_pw = NULL;
616
617 wpabuf_free(wpa_s->last_gas_resp);
618 wpa_s->last_gas_resp = NULL;
619 wpabuf_free(wpa_s->prev_gas_resp);
620 wpa_s->prev_gas_resp = NULL;
621
622 os_free(wpa_s->last_scan_res);
623 wpa_s->last_scan_res = NULL;
624
625#ifdef CONFIG_HS20
626 if (wpa_s->drv_priv)
627 wpa_drv_configure_frame_filters(wpa_s, 0);
628 hs20_deinit(wpa_s);
629#endif /* CONFIG_HS20 */
630
631 for (i = 0; i < NUM_VENDOR_ELEM_FRAMES; i++) {
632 wpabuf_free(wpa_s->vendor_elem[i]);
633 wpa_s->vendor_elem[i] = NULL;
634 }
635
636 wmm_ac_notify_disassoc(wpa_s);
637
638 wpa_s->sched_scan_plans_num = 0;
639 os_free(wpa_s->sched_scan_plans);
640 wpa_s->sched_scan_plans = NULL;
641
642#ifdef CONFIG_MBO
643 wpa_s->non_pref_chan_num = 0;
644 os_free(wpa_s->non_pref_chan);
645 wpa_s->non_pref_chan = NULL;
646#endif /* CONFIG_MBO */
647
648 free_bss_tmp_disallowed(wpa_s);
649
650 wpabuf_free(wpa_s->lci);
651 wpa_s->lci = NULL;
652 wpas_clear_beacon_rep_data(wpa_s);
653
654#ifdef CONFIG_PMKSA_CACHE_EXTERNAL
655#ifdef CONFIG_MESH
656 {
657 struct external_pmksa_cache *entry;
658
659 while ((entry = dl_list_last(&wpa_s->mesh_external_pmksa_cache,
660 struct external_pmksa_cache,
661 list)) != NULL) {
662 dl_list_del(&entry->list);
663 os_free(entry->pmksa_cache);
664 os_free(entry);
665 }
666 }
667#endif /* CONFIG_MESH */
668#endif /* CONFIG_PMKSA_CACHE_EXTERNAL */
669
670 wpas_flush_fils_hlp_req(wpa_s);
671
672 wpabuf_free(wpa_s->ric_ies);
673 wpa_s->ric_ies = NULL;
674
675#ifdef CONFIG_DPP
676 wpas_dpp_deinit(wpa_s);
677 dpp_global_deinit(wpa_s->dpp);
678 wpa_s->dpp = NULL;
679#endif /* CONFIG_DPP */
680}
681
682
683/**
684 * wpa_clear_keys - Clear keys configured for the driver
685 * @wpa_s: Pointer to wpa_supplicant data
686 * @addr: Previously used BSSID or %NULL if not available
687 *
688 * This function clears the encryption keys that has been previously configured
689 * for the driver.
690 */
691void wpa_clear_keys(struct wpa_supplicant *wpa_s, const u8 *addr)
692{
693 int i, max;
694
695#ifdef CONFIG_IEEE80211W
696 max = 6;
697#else /* CONFIG_IEEE80211W */
698 max = 4;
699#endif /* CONFIG_IEEE80211W */
700
701 /* MLME-DELETEKEYS.request */
702 for (i = 0; i < max; i++) {
703 if (wpa_s->keys_cleared & BIT(i))
704 continue;
705 wpa_drv_set_key(wpa_s, WPA_ALG_NONE, NULL, i, 0, NULL, 0,
706 NULL, 0);
707 }
708 if (!(wpa_s->keys_cleared & BIT(0)) && addr &&
709 !is_zero_ether_addr(addr)) {
710 wpa_drv_set_key(wpa_s, WPA_ALG_NONE, addr, 0, 0, NULL, 0, NULL,
711 0);
712 /* MLME-SETPROTECTION.request(None) */
713 wpa_drv_mlme_setprotection(
714 wpa_s, addr,
715 MLME_SETPROTECTION_PROTECT_TYPE_NONE,
716 MLME_SETPROTECTION_KEY_TYPE_PAIRWISE);
717 }
718 wpa_s->keys_cleared = (u32) -1;
719}
720
721
722/**
723 * wpa_supplicant_state_txt - Get the connection state name as a text string
724 * @state: State (wpa_state; WPA_*)
725 * Returns: The state name as a printable text string
726 */
727const char * wpa_supplicant_state_txt(enum wpa_states state)
728{
729 switch (state) {
730 case WPA_DISCONNECTED:
731 return "DISCONNECTED";
732 case WPA_INACTIVE:
733 return "INACTIVE";
734 case WPA_INTERFACE_DISABLED:
735 return "INTERFACE_DISABLED";
736 case WPA_SCANNING:
737 return "SCANNING";
738 case WPA_AUTHENTICATING:
739 return "AUTHENTICATING";
740 case WPA_ASSOCIATING:
741 return "ASSOCIATING";
742 case WPA_ASSOCIATED:
743 return "ASSOCIATED";
744 case WPA_4WAY_HANDSHAKE:
745 return "4WAY_HANDSHAKE";
746 case WPA_GROUP_HANDSHAKE:
747 return "GROUP_HANDSHAKE";
748 case WPA_COMPLETED:
749 return "COMPLETED";
750 default:
751 return "UNKNOWN";
752 }
753}
754
755
756#ifdef CONFIG_BGSCAN
757
758static void wpa_supplicant_start_bgscan(struct wpa_supplicant *wpa_s)
759{
760 const char *name;
761
762 if (wpa_s->current_ssid && wpa_s->current_ssid->bgscan)
763 name = wpa_s->current_ssid->bgscan;
764 else
765 name = wpa_s->conf->bgscan;
766 if (name == NULL || name[0] == '\0')
767 return;
768 if (wpas_driver_bss_selection(wpa_s))
769 return;
770 if (wpa_s->current_ssid == wpa_s->bgscan_ssid)
771 return;
772#ifdef CONFIG_P2P
773 if (wpa_s->p2p_group_interface != NOT_P2P_GROUP_INTERFACE)
774 return;
775#endif /* CONFIG_P2P */
776
777 bgscan_deinit(wpa_s);
778 if (wpa_s->current_ssid) {
779 if (bgscan_init(wpa_s, wpa_s->current_ssid, name)) {
780 wpa_dbg(wpa_s, MSG_DEBUG, "Failed to initialize "
781 "bgscan");
782 /*
783 * Live without bgscan; it is only used as a roaming
784 * optimization, so the initial connection is not
785 * affected.
786 */
787 } else {
788 struct wpa_scan_results *scan_res;
789 wpa_s->bgscan_ssid = wpa_s->current_ssid;
790 scan_res = wpa_supplicant_get_scan_results(wpa_s, NULL,
791 0);
792 if (scan_res) {
793 bgscan_notify_scan(wpa_s, scan_res);
794 wpa_scan_results_free(scan_res);
795 }
796 }
797 } else
798 wpa_s->bgscan_ssid = NULL;
799}
800
801
802static void wpa_supplicant_stop_bgscan(struct wpa_supplicant *wpa_s)
803{
804 if (wpa_s->bgscan_ssid != NULL) {
805 bgscan_deinit(wpa_s);
806 wpa_s->bgscan_ssid = NULL;
807 }
808}
809
810#endif /* CONFIG_BGSCAN */
811
812
813static void wpa_supplicant_start_autoscan(struct wpa_supplicant *wpa_s)
814{
815 if (autoscan_init(wpa_s, 0))
816 wpa_dbg(wpa_s, MSG_DEBUG, "Failed to initialize autoscan");
817}
818
819
820static void wpa_supplicant_stop_autoscan(struct wpa_supplicant *wpa_s)
821{
822 autoscan_deinit(wpa_s);
823}
824
825
826void wpa_supplicant_reinit_autoscan(struct wpa_supplicant *wpa_s)
827{
828 if (wpa_s->wpa_state == WPA_DISCONNECTED ||
829 wpa_s->wpa_state == WPA_SCANNING) {
830 autoscan_deinit(wpa_s);
831 wpa_supplicant_start_autoscan(wpa_s);
832 }
833}
834
835
836/**
837 * wpa_supplicant_set_state - Set current connection state
838 * @wpa_s: Pointer to wpa_supplicant data
839 * @state: The new connection state
840 *
841 * This function is called whenever the connection state changes, e.g.,
842 * association is completed for WPA/WPA2 4-Way Handshake is started.
843 */
844void wpa_supplicant_set_state(struct wpa_supplicant *wpa_s,
845 enum wpa_states state)
846{
847 enum wpa_states old_state = wpa_s->wpa_state;
848
849 wpa_dbg(wpa_s, MSG_DEBUG, "State: %s -> %s",
850 wpa_supplicant_state_txt(wpa_s->wpa_state),
851 wpa_supplicant_state_txt(state));
852
853 if (state == WPA_COMPLETED &&
854 os_reltime_initialized(&wpa_s->roam_start)) {
855 os_reltime_age(&wpa_s->roam_start, &wpa_s->roam_time);
856 wpa_s->roam_start.sec = 0;
857 wpa_s->roam_start.usec = 0;
858 wpas_notify_auth_changed(wpa_s);
859 wpas_notify_roam_time(wpa_s);
860 wpas_notify_roam_complete(wpa_s);
861 } else if (state == WPA_DISCONNECTED &&
862 os_reltime_initialized(&wpa_s->roam_start)) {
863 wpa_s->roam_start.sec = 0;
864 wpa_s->roam_start.usec = 0;
865 wpa_s->roam_time.sec = 0;
866 wpa_s->roam_time.usec = 0;
867 wpas_notify_roam_complete(wpa_s);
868 }
869
870 if (state == WPA_INTERFACE_DISABLED) {
871 /* Assure normal scan when interface is restored */
872 wpa_s->normal_scans = 0;
873 }
874
875 if (state == WPA_COMPLETED) {
876 wpas_connect_work_done(wpa_s);
877 /* Reinitialize normal_scan counter */
878 wpa_s->normal_scans = 0;
879 }
880
881#ifdef CONFIG_P2P
882 /*
883 * P2PS client has to reply to Probe Request frames received on the
884 * group operating channel. Enable Probe Request frame reporting for
885 * P2P connected client in case p2p_cli_probe configuration property is
886 * set to 1.
887 */
888 if (wpa_s->conf->p2p_cli_probe && wpa_s->current_ssid &&
889 wpa_s->current_ssid->mode == WPAS_MODE_INFRA &&
890 wpa_s->current_ssid->p2p_group) {
891 if (state == WPA_COMPLETED && !wpa_s->p2p_cli_probe) {
892 wpa_dbg(wpa_s, MSG_DEBUG,
893 "P2P: Enable CLI Probe Request RX reporting");
894 wpa_s->p2p_cli_probe =
895 wpa_drv_probe_req_report(wpa_s, 1) >= 0;
896 } else if (state != WPA_COMPLETED && wpa_s->p2p_cli_probe) {
897 wpa_dbg(wpa_s, MSG_DEBUG,
898 "P2P: Disable CLI Probe Request RX reporting");
899 wpa_s->p2p_cli_probe = 0;
900 wpa_drv_probe_req_report(wpa_s, 0);
901 }
902 }
903#endif /* CONFIG_P2P */
904
905 if (state != WPA_SCANNING)
906 wpa_supplicant_notify_scanning(wpa_s, 0);
907
908 if (state == WPA_COMPLETED && wpa_s->new_connection) {
909 struct wpa_ssid *ssid = wpa_s->current_ssid;
910 int fils_hlp_sent = 0;
911
912#ifdef CONFIG_SME
913 if ((wpa_s->drv_flags & WPA_DRIVER_FLAGS_SME) &&
914 wpa_auth_alg_fils(wpa_s->sme.auth_alg))
915 fils_hlp_sent = 1;
916#endif /* CONFIG_SME */
917 if (!(wpa_s->drv_flags & WPA_DRIVER_FLAGS_SME) &&
918 wpa_auth_alg_fils(wpa_s->auth_alg))
919 fils_hlp_sent = 1;
920
921#if defined(CONFIG_CTRL_IFACE) || !defined(CONFIG_NO_STDOUT_DEBUG)
922 wpa_msg(wpa_s, MSG_INFO, WPA_EVENT_CONNECTED "- Connection to "
923 MACSTR " completed [id=%d id_str=%s%s]",
924 MAC2STR(wpa_s->bssid),
925 ssid ? ssid->id : -1,
926 ssid && ssid->id_str ? ssid->id_str : "",
927 fils_hlp_sent ? " FILS_HLP_SENT" : "");
928#endif /* CONFIG_CTRL_IFACE || !CONFIG_NO_STDOUT_DEBUG */
929 wpas_clear_temp_disabled(wpa_s, ssid, 1);
930 wpa_blacklist_clear(wpa_s);
931 wpa_s->extra_blacklist_count = 0;
932 wpa_s->new_connection = 0;
933 wpa_drv_set_operstate(wpa_s, 1);
934#ifndef IEEE8021X_EAPOL
935 wpa_drv_set_supp_port(wpa_s, 1);
936#endif /* IEEE8021X_EAPOL */
937 wpa_s->after_wps = 0;
938 wpa_s->known_wps_freq = 0;
939 wpas_p2p_completed(wpa_s);
940
941 sme_sched_obss_scan(wpa_s, 1);
942
943#if defined(CONFIG_FILS) && defined(IEEE8021X_EAPOL)
944 if (!fils_hlp_sent && ssid && ssid->eap.erp)
945 wpas_update_fils_connect_params(wpa_s);
946#endif /* CONFIG_FILS && IEEE8021X_EAPOL */
947 } else if (state == WPA_DISCONNECTED || state == WPA_ASSOCIATING ||
948 state == WPA_ASSOCIATED) {
949 wpa_s->new_connection = 1;
950 wpa_drv_set_operstate(wpa_s, 0);
951#ifndef IEEE8021X_EAPOL
952 wpa_drv_set_supp_port(wpa_s, 0);
953#endif /* IEEE8021X_EAPOL */
954 sme_sched_obss_scan(wpa_s, 0);
955 }
956 wpa_s->wpa_state = state;
957
958#ifdef CONFIG_BGSCAN
959 if (state == WPA_COMPLETED)
960 wpa_supplicant_start_bgscan(wpa_s);
961 else if (state < WPA_ASSOCIATED)
962 wpa_supplicant_stop_bgscan(wpa_s);
963#endif /* CONFIG_BGSCAN */
964
965 if (state > WPA_SCANNING)
966 wpa_supplicant_stop_autoscan(wpa_s);
967
968 if (state == WPA_DISCONNECTED || state == WPA_INACTIVE)
969 wpa_supplicant_start_autoscan(wpa_s);
970
971 if (old_state >= WPA_ASSOCIATED && wpa_s->wpa_state < WPA_ASSOCIATED)
972 wmm_ac_notify_disassoc(wpa_s);
973
974 if (wpa_s->wpa_state != old_state) {
975 wpas_notify_state_changed(wpa_s, wpa_s->wpa_state, old_state);
976
977 /*
978 * Notify the P2P Device interface about a state change in one
979 * of the interfaces.
980 */
981 wpas_p2p_indicate_state_change(wpa_s);
982
983 if (wpa_s->wpa_state == WPA_COMPLETED ||
984 old_state == WPA_COMPLETED)
985 wpas_notify_auth_changed(wpa_s);
986 }
987}
988
989
990void wpa_supplicant_terminate_proc(struct wpa_global *global)
991{
992 int pending = 0;
993#ifdef CONFIG_WPS
994 struct wpa_supplicant *wpa_s = global->ifaces;
995 while (wpa_s) {
996 struct wpa_supplicant *next = wpa_s->next;
997 if (wpas_wps_terminate_pending(wpa_s) == 1)
998 pending = 1;
999#ifdef CONFIG_P2P
1000 if (wpa_s->p2p_group_interface != NOT_P2P_GROUP_INTERFACE ||
1001 (wpa_s->current_ssid && wpa_s->current_ssid->p2p_group))
1002 wpas_p2p_disconnect(wpa_s);
1003#endif /* CONFIG_P2P */
1004 wpa_s = next;
1005 }
1006#endif /* CONFIG_WPS */
1007 if (pending)
1008 return;
1009 eloop_terminate();
1010}
1011
1012
1013static void wpa_supplicant_terminate(int sig, void *signal_ctx)
1014{
1015 struct wpa_global *global = signal_ctx;
1016 wpa_supplicant_terminate_proc(global);
1017}
1018
1019
1020void wpa_supplicant_clear_status(struct wpa_supplicant *wpa_s)
1021{
1022 enum wpa_states old_state = wpa_s->wpa_state;
1023
1024 wpa_s->pairwise_cipher = 0;
1025 wpa_s->group_cipher = 0;
1026 wpa_s->mgmt_group_cipher = 0;
1027 wpa_s->key_mgmt = 0;
1028 if (wpa_s->wpa_state != WPA_INTERFACE_DISABLED)
1029 wpa_supplicant_set_state(wpa_s, WPA_DISCONNECTED);
1030
1031 if (wpa_s->wpa_state != old_state)
1032 wpas_notify_state_changed(wpa_s, wpa_s->wpa_state, old_state);
1033}
1034
1035
1036/**
1037 * wpa_supplicant_reload_configuration - Reload configuration data
1038 * @wpa_s: Pointer to wpa_supplicant data
1039 * Returns: 0 on success or -1 if configuration parsing failed
1040 *
1041 * This function can be used to request that the configuration data is reloaded
1042 * (e.g., after configuration file change). This function is reloading
1043 * configuration only for one interface, so this may need to be called multiple
1044 * times if %wpa_supplicant is controlling multiple interfaces and all
1045 * interfaces need reconfiguration.
1046 */
1047int wpa_supplicant_reload_configuration(struct wpa_supplicant *wpa_s)
1048{
1049 struct wpa_config *conf;
1050 int reconf_ctrl;
1051 int old_ap_scan;
1052
1053 if (wpa_s->confname == NULL)
1054 return -1;
1055 conf = wpa_config_read(wpa_s->confname, NULL);
1056 if (conf == NULL) {
1057 wpa_msg(wpa_s, MSG_ERROR, "Failed to parse the configuration "
1058 "file '%s' - exiting", wpa_s->confname);
1059 return -1;
1060 }
1061 if (wpa_s->confanother &&
1062 !wpa_config_read(wpa_s->confanother, conf)) {
1063 wpa_msg(wpa_s, MSG_ERROR,
1064 "Failed to parse the configuration file '%s' - exiting",
1065 wpa_s->confanother);
1066 return -1;
1067 }
1068
1069 conf->changed_parameters = (unsigned int) -1;
1070
1071 reconf_ctrl = !!conf->ctrl_interface != !!wpa_s->conf->ctrl_interface
1072 || (conf->ctrl_interface && wpa_s->conf->ctrl_interface &&
1073 os_strcmp(conf->ctrl_interface,
1074 wpa_s->conf->ctrl_interface) != 0);
1075
1076 if (reconf_ctrl && wpa_s->ctrl_iface) {
1077 wpa_supplicant_ctrl_iface_deinit(wpa_s->ctrl_iface);
1078 wpa_s->ctrl_iface = NULL;
1079 }
1080
1081 eapol_sm_invalidate_cached_session(wpa_s->eapol);
1082 if (wpa_s->current_ssid) {
1083 if (wpa_s->wpa_state >= WPA_AUTHENTICATING)
1084 wpa_s->own_disconnect_req = 1;
1085 wpa_supplicant_deauthenticate(wpa_s,
1086 WLAN_REASON_DEAUTH_LEAVING);
1087 }
1088
1089 /*
1090 * TODO: should notify EAPOL SM about changes in opensc_engine_path,
1091 * pkcs11_engine_path, pkcs11_module_path, openssl_ciphers.
1092 */
1093 if (wpa_key_mgmt_wpa_psk(wpa_s->key_mgmt) ||
1094 wpa_s->key_mgmt == WPA_KEY_MGMT_OWE ||
1095 wpa_s->key_mgmt == WPA_KEY_MGMT_DPP) {
1096 /*
1097 * Clear forced success to clear EAP state for next
1098 * authentication.
1099 */
1100 eapol_sm_notify_eap_success(wpa_s->eapol, FALSE);
1101 }
1102 eapol_sm_notify_config(wpa_s->eapol, NULL, NULL);
1103 wpa_sm_set_config(wpa_s->wpa, NULL);
1104 wpa_sm_pmksa_cache_flush(wpa_s->wpa, NULL);
1105 wpa_sm_set_fast_reauth(wpa_s->wpa, wpa_s->conf->fast_reauth);
1106 rsn_preauth_deinit(wpa_s->wpa);
1107
1108 old_ap_scan = wpa_s->conf->ap_scan;
1109 wpa_config_free(wpa_s->conf);
1110 wpa_s->conf = conf;
1111 if (old_ap_scan != wpa_s->conf->ap_scan)
1112 wpas_notify_ap_scan_changed(wpa_s);
1113
1114 if (reconf_ctrl)
1115 wpa_s->ctrl_iface = wpa_supplicant_ctrl_iface_init(wpa_s);
1116
1117 wpa_supplicant_update_config(wpa_s);
1118
1119 wpa_supplicant_clear_status(wpa_s);
1120 if (wpa_supplicant_enabled_networks(wpa_s)) {
1121 wpa_s->reassociate = 1;
1122 wpa_supplicant_req_scan(wpa_s, 0, 0);
1123 }
1124 wpa_dbg(wpa_s, MSG_DEBUG, "Reconfiguration completed");
1125 return 0;
1126}
1127
1128
1129static void wpa_supplicant_reconfig(int sig, void *signal_ctx)
1130{
1131 struct wpa_global *global = signal_ctx;
1132 struct wpa_supplicant *wpa_s;
1133 for (wpa_s = global->ifaces; wpa_s; wpa_s = wpa_s->next) {
1134 wpa_dbg(wpa_s, MSG_DEBUG, "Signal %d received - reconfiguring",
1135 sig);
1136 if (wpa_supplicant_reload_configuration(wpa_s) < 0) {
1137 wpa_supplicant_terminate_proc(global);
1138 }
1139 }
1140
1141 if (wpa_debug_reopen_file() < 0) {
1142 /* Ignore errors since we cannot really do much to fix this */
1143 wpa_printf(MSG_DEBUG, "Could not reopen debug log file");
1144 }
1145}
1146
1147
1148static int wpa_supplicant_suites_from_ai(struct wpa_supplicant *wpa_s,
1149 struct wpa_ssid *ssid,
1150 struct wpa_ie_data *ie)
1151{
1152 int ret = wpa_sm_parse_own_wpa_ie(wpa_s->wpa, ie);
1153 if (ret) {
1154 if (ret == -2) {
1155 wpa_msg(wpa_s, MSG_INFO, "WPA: Failed to parse WPA IE "
1156 "from association info");
1157 }
1158 return -1;
1159 }
1160
1161 wpa_dbg(wpa_s, MSG_DEBUG, "WPA: Using WPA IE from AssocReq to set "
1162 "cipher suites");
1163 if (!(ie->group_cipher & ssid->group_cipher)) {
1164 wpa_msg(wpa_s, MSG_INFO, "WPA: Driver used disabled group "
1165 "cipher 0x%x (mask 0x%x) - reject",
1166 ie->group_cipher, ssid->group_cipher);
1167 return -1;
1168 }
1169 if (!(ie->pairwise_cipher & ssid->pairwise_cipher)) {
1170 wpa_msg(wpa_s, MSG_INFO, "WPA: Driver used disabled pairwise "
1171 "cipher 0x%x (mask 0x%x) - reject",
1172 ie->pairwise_cipher, ssid->pairwise_cipher);
1173 return -1;
1174 }
1175 if (!(ie->key_mgmt & ssid->key_mgmt)) {
1176 wpa_msg(wpa_s, MSG_INFO, "WPA: Driver used disabled key "
1177 "management 0x%x (mask 0x%x) - reject",
1178 ie->key_mgmt, ssid->key_mgmt);
1179 return -1;
1180 }
1181
1182#ifdef CONFIG_IEEE80211W
1183 if (!(ie->capabilities & WPA_CAPABILITY_MFPC) &&
1184 wpas_get_ssid_pmf(wpa_s, ssid) == MGMT_FRAME_PROTECTION_REQUIRED) {
1185 wpa_msg(wpa_s, MSG_INFO, "WPA: Driver associated with an AP "
1186 "that does not support management frame protection - "
1187 "reject");
1188 return -1;
1189 }
1190#endif /* CONFIG_IEEE80211W */
1191
1192 return 0;
1193}
1194
1195
1196static int matching_ciphers(struct wpa_ssid *ssid, struct wpa_ie_data *ie,
1197 int freq)
1198{
1199 if (!ie->has_group)
1200 ie->group_cipher = wpa_default_rsn_cipher(freq);
1201 if (!ie->has_pairwise)
1202 ie->pairwise_cipher = wpa_default_rsn_cipher(freq);
1203 return (ie->group_cipher & ssid->group_cipher) &&
1204 (ie->pairwise_cipher & ssid->pairwise_cipher);
1205}
1206
1207
1208/**
1209 * wpa_supplicant_set_suites - Set authentication and encryption parameters
1210 * @wpa_s: Pointer to wpa_supplicant data
1211 * @bss: Scan results for the selected BSS, or %NULL if not available
1212 * @ssid: Configuration data for the selected network
1213 * @wpa_ie: Buffer for the WPA/RSN IE
1214 * @wpa_ie_len: Maximum wpa_ie buffer size on input. This is changed to be the
1215 * used buffer length in case the functions returns success.
1216 * Returns: 0 on success or -1 on failure
1217 *
1218 * This function is used to configure authentication and encryption parameters
1219 * based on the network configuration and scan result for the selected BSS (if
1220 * available).
1221 */
1222int wpa_supplicant_set_suites(struct wpa_supplicant *wpa_s,
1223 struct wpa_bss *bss, struct wpa_ssid *ssid,
1224 u8 *wpa_ie, size_t *wpa_ie_len)
1225{
1226 struct wpa_ie_data ie;
1227 int sel, proto;
1228 const u8 *bss_wpa, *bss_rsn, *bss_osen;
1229
1230 if (bss) {
1231 bss_wpa = wpa_bss_get_vendor_ie(bss, WPA_IE_VENDOR_TYPE);
1232 bss_rsn = wpa_bss_get_ie(bss, WLAN_EID_RSN);
1233 bss_osen = wpa_bss_get_vendor_ie(bss, OSEN_IE_VENDOR_TYPE);
1234 } else
1235 bss_wpa = bss_rsn = bss_osen = NULL;
1236
1237 if (bss_rsn && (ssid->proto & WPA_PROTO_RSN) &&
1238 wpa_parse_wpa_ie(bss_rsn, 2 + bss_rsn[1], &ie) == 0 &&
1239 matching_ciphers(ssid, &ie, bss->freq) &&
1240 (ie.key_mgmt & ssid->key_mgmt)) {
1241 wpa_dbg(wpa_s, MSG_DEBUG, "RSN: using IEEE 802.11i/D9.0");
1242 proto = WPA_PROTO_RSN;
1243 } else if (bss_wpa && (ssid->proto & WPA_PROTO_WPA) &&
1244 wpa_parse_wpa_ie(bss_wpa, 2 + bss_wpa[1], &ie) == 0 &&
1245 (ie.group_cipher & ssid->group_cipher) &&
1246 (ie.pairwise_cipher & ssid->pairwise_cipher) &&
1247 (ie.key_mgmt & ssid->key_mgmt)) {
1248 wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using IEEE 802.11i/D3.0");
1249 proto = WPA_PROTO_WPA;
1250#ifdef CONFIG_HS20
1251 } else if (bss_osen && (ssid->proto & WPA_PROTO_OSEN) &&
1252 wpa_parse_wpa_ie(bss_osen, 2 + bss_osen[1], &ie) == 0 &&
1253 (ie.group_cipher & ssid->group_cipher) &&
1254 (ie.pairwise_cipher & ssid->pairwise_cipher) &&
1255 (ie.key_mgmt & ssid->key_mgmt)) {
1256 wpa_dbg(wpa_s, MSG_DEBUG, "HS 2.0: using OSEN");
1257 proto = WPA_PROTO_OSEN;
1258 } else if (bss_rsn && (ssid->proto & WPA_PROTO_OSEN) &&
1259 wpa_parse_wpa_ie(bss_rsn, 2 + bss_rsn[1], &ie) == 0 &&
1260 (ie.group_cipher & ssid->group_cipher) &&
1261 (ie.pairwise_cipher & ssid->pairwise_cipher) &&
1262 (ie.key_mgmt & ssid->key_mgmt)) {
1263 wpa_dbg(wpa_s, MSG_DEBUG, "RSN: using OSEN (within RSN)");
1264 proto = WPA_PROTO_RSN;
1265#endif /* CONFIG_HS20 */
1266 } else if (bss) {
1267 wpa_msg(wpa_s, MSG_WARNING, "WPA: Failed to select WPA/RSN");
1268 wpa_dbg(wpa_s, MSG_DEBUG,
1269 "WPA: ssid proto=0x%x pairwise_cipher=0x%x group_cipher=0x%x key_mgmt=0x%x",
1270 ssid->proto, ssid->pairwise_cipher, ssid->group_cipher,
1271 ssid->key_mgmt);
1272 wpa_dbg(wpa_s, MSG_DEBUG, "WPA: BSS " MACSTR " ssid='%s'%s%s%s",
1273 MAC2STR(bss->bssid),
1274 wpa_ssid_txt(bss->ssid, bss->ssid_len),
1275 bss_wpa ? " WPA" : "",
1276 bss_rsn ? " RSN" : "",
1277 bss_osen ? " OSEN" : "");
1278 if (bss_rsn) {
1279 wpa_hexdump(MSG_DEBUG, "RSN", bss_rsn, 2 + bss_rsn[1]);
1280 if (wpa_parse_wpa_ie(bss_rsn, 2 + bss_rsn[1], &ie)) {
1281 wpa_dbg(wpa_s, MSG_DEBUG,
1282 "Could not parse RSN element");
1283 } else {
1284 wpa_dbg(wpa_s, MSG_DEBUG,
1285 "RSN: pairwise_cipher=0x%x group_cipher=0x%x key_mgmt=0x%x",
1286 ie.pairwise_cipher, ie.group_cipher,
1287 ie.key_mgmt);
1288 }
1289 }
1290 if (bss_wpa) {
1291 wpa_hexdump(MSG_DEBUG, "WPA", bss_wpa, 2 + bss_wpa[1]);
1292 if (wpa_parse_wpa_ie(bss_wpa, 2 + bss_wpa[1], &ie)) {
1293 wpa_dbg(wpa_s, MSG_DEBUG,
1294 "Could not parse WPA element");
1295 } else {
1296 wpa_dbg(wpa_s, MSG_DEBUG,
1297 "WPA: pairwise_cipher=0x%x group_cipher=0x%x key_mgmt=0x%x",
1298 ie.pairwise_cipher, ie.group_cipher,
1299 ie.key_mgmt);
1300 }
1301 }
1302 return -1;
1303 } else {
1304 if (ssid->proto & WPA_PROTO_OSEN)
1305 proto = WPA_PROTO_OSEN;
1306 else if (ssid->proto & WPA_PROTO_RSN)
1307 proto = WPA_PROTO_RSN;
1308 else
1309 proto = WPA_PROTO_WPA;
1310 if (wpa_supplicant_suites_from_ai(wpa_s, ssid, &ie) < 0) {
1311 os_memset(&ie, 0, sizeof(ie));
1312 ie.group_cipher = ssid->group_cipher;
1313 ie.pairwise_cipher = ssid->pairwise_cipher;
1314 ie.key_mgmt = ssid->key_mgmt;
1315#ifdef CONFIG_IEEE80211W
1316 ie.mgmt_group_cipher = 0;
1317 if (ssid->ieee80211w != NO_MGMT_FRAME_PROTECTION) {
1318 if (ssid->group_mgmt_cipher &
1319 WPA_CIPHER_BIP_GMAC_256)
1320 ie.mgmt_group_cipher =
1321 WPA_CIPHER_BIP_GMAC_256;
1322 else if (ssid->group_mgmt_cipher &
1323 WPA_CIPHER_BIP_CMAC_256)
1324 ie.mgmt_group_cipher =
1325 WPA_CIPHER_BIP_CMAC_256;
1326 else if (ssid->group_mgmt_cipher &
1327 WPA_CIPHER_BIP_GMAC_128)
1328 ie.mgmt_group_cipher =
1329 WPA_CIPHER_BIP_GMAC_128;
1330 else
1331 ie.mgmt_group_cipher =
1332 WPA_CIPHER_AES_128_CMAC;
1333 }
1334#endif /* CONFIG_IEEE80211W */
1335#ifdef CONFIG_OWE
1336 if ((ssid->key_mgmt & WPA_KEY_MGMT_OWE) &&
1337 !ssid->owe_only &&
1338 !bss_wpa && !bss_rsn && !bss_osen) {
1339 wpa_supplicant_set_non_wpa_policy(wpa_s, ssid);
1340 wpa_s->wpa_proto = 0;
1341 *wpa_ie_len = 0;
1342 return 0;
1343 }
1344#endif /* CONFIG_OWE */
1345 wpa_dbg(wpa_s, MSG_DEBUG, "WPA: Set cipher suites "
1346 "based on configuration");
1347 } else
1348 proto = ie.proto;
1349 }
1350
1351 wpa_dbg(wpa_s, MSG_DEBUG, "WPA: Selected cipher suites: group %d "
1352 "pairwise %d key_mgmt %d proto %d",
1353 ie.group_cipher, ie.pairwise_cipher, ie.key_mgmt, proto);
1354#ifdef CONFIG_IEEE80211W
1355 if (ssid->ieee80211w) {
1356 wpa_dbg(wpa_s, MSG_DEBUG, "WPA: Selected mgmt group cipher %d",
1357 ie.mgmt_group_cipher);
1358 }
1359#endif /* CONFIG_IEEE80211W */
1360
1361 wpa_s->wpa_proto = proto;
1362 wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_PROTO, proto);
1363 wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_RSN_ENABLED,
1364 !!(ssid->proto & (WPA_PROTO_RSN | WPA_PROTO_OSEN)));
1365
1366 if (bss || !wpa_s->ap_ies_from_associnfo) {
1367 if (wpa_sm_set_ap_wpa_ie(wpa_s->wpa, bss_wpa,
1368 bss_wpa ? 2 + bss_wpa[1] : 0) ||
1369 wpa_sm_set_ap_rsn_ie(wpa_s->wpa, bss_rsn,
1370 bss_rsn ? 2 + bss_rsn[1] : 0))
1371 return -1;
1372 }
1373
1374#ifdef CONFIG_NO_WPA
1375 wpa_s->group_cipher = WPA_CIPHER_NONE;
1376 wpa_s->pairwise_cipher = WPA_CIPHER_NONE;
1377#else /* CONFIG_NO_WPA */
1378 sel = ie.group_cipher & ssid->group_cipher;
1379 wpa_dbg(wpa_s, MSG_DEBUG,
1380 "WPA: AP group 0x%x network profile group 0x%x; available group 0x%x",
1381 ie.group_cipher, ssid->group_cipher, sel);
1382 wpa_s->group_cipher = wpa_pick_group_cipher(sel);
1383 if (wpa_s->group_cipher < 0) {
1384 wpa_msg(wpa_s, MSG_WARNING, "WPA: Failed to select group "
1385 "cipher");
1386 return -1;
1387 }
1388 wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using GTK %s",
1389 wpa_cipher_txt(wpa_s->group_cipher));
1390
1391 sel = ie.pairwise_cipher & ssid->pairwise_cipher;
1392 wpa_dbg(wpa_s, MSG_DEBUG,
1393 "WPA: AP pairwise 0x%x network profile pairwise 0x%x; available pairwise 0x%x",
1394 ie.pairwise_cipher, ssid->pairwise_cipher, sel);
1395 wpa_s->pairwise_cipher = wpa_pick_pairwise_cipher(sel, 1);
1396 if (wpa_s->pairwise_cipher < 0) {
1397 wpa_msg(wpa_s, MSG_WARNING, "WPA: Failed to select pairwise "
1398 "cipher");
1399 return -1;
1400 }
1401 wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using PTK %s",
1402 wpa_cipher_txt(wpa_s->pairwise_cipher));
1403#endif /* CONFIG_NO_WPA */
1404
1405 sel = ie.key_mgmt & ssid->key_mgmt;
1406 wpa_dbg(wpa_s, MSG_DEBUG,
1407 "WPA: AP key_mgmt 0x%x network profile key_mgmt 0x%x; available key_mgmt 0x%x",
1408 ie.key_mgmt, ssid->key_mgmt, sel);
1409#ifdef CONFIG_SAE
1410 if (!(wpa_s->drv_flags & WPA_DRIVER_FLAGS_SAE))
1411 sel &= ~(WPA_KEY_MGMT_SAE | WPA_KEY_MGMT_FT_SAE);
1412#endif /* CONFIG_SAE */
1413 if (0) {
1414#ifdef CONFIG_IEEE80211R
1415#ifdef CONFIG_SHA384
1416 } else if ((sel & WPA_KEY_MGMT_FT_IEEE8021X_SHA384) &&
1417 os_strcmp(wpa_supplicant_get_eap_mode(wpa_s), "LEAP") != 0) {
1418 wpa_s->key_mgmt = WPA_KEY_MGMT_FT_IEEE8021X_SHA384;
1419 wpa_dbg(wpa_s, MSG_DEBUG,
1420 "WPA: using KEY_MGMT FT/802.1X-SHA384");
1421 if (!ssid->ft_eap_pmksa_caching &&
1422 pmksa_cache_get_current(wpa_s->wpa)) {
1423 /* PMKSA caching with FT may have interoperability
1424 * issues, so disable that case by default for now. */
1425 wpa_dbg(wpa_s, MSG_DEBUG,
1426 "WPA: Disable PMKSA caching for FT/802.1X connection");
1427 pmksa_cache_clear_current(wpa_s->wpa);
1428 }
1429#endif /* CONFIG_SHA384 */
1430#endif /* CONFIG_IEEE80211R */
1431#ifdef CONFIG_SUITEB192
1432 } else if (sel & WPA_KEY_MGMT_IEEE8021X_SUITE_B_192) {
1433 wpa_s->key_mgmt = WPA_KEY_MGMT_IEEE8021X_SUITE_B_192;
1434 wpa_dbg(wpa_s, MSG_DEBUG,
1435 "WPA: using KEY_MGMT 802.1X with Suite B (192-bit)");
1436#endif /* CONFIG_SUITEB192 */
1437#ifdef CONFIG_SUITEB
1438 } else if (sel & WPA_KEY_MGMT_IEEE8021X_SUITE_B) {
1439 wpa_s->key_mgmt = WPA_KEY_MGMT_IEEE8021X_SUITE_B;
1440 wpa_dbg(wpa_s, MSG_DEBUG,
1441 "WPA: using KEY_MGMT 802.1X with Suite B");
1442#endif /* CONFIG_SUITEB */
1443#ifdef CONFIG_FILS
1444#ifdef CONFIG_IEEE80211R
1445 } else if (sel & WPA_KEY_MGMT_FT_FILS_SHA384) {
1446 wpa_s->key_mgmt = WPA_KEY_MGMT_FT_FILS_SHA384;
1447 wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using KEY_MGMT FT-FILS-SHA384");
1448 } else if (sel & WPA_KEY_MGMT_FT_FILS_SHA256) {
1449 wpa_s->key_mgmt = WPA_KEY_MGMT_FT_FILS_SHA256;
1450 wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using KEY_MGMT FT-FILS-SHA256");
1451#endif /* CONFIG_IEEE80211R */
1452 } else if (sel & WPA_KEY_MGMT_FILS_SHA384) {
1453 wpa_s->key_mgmt = WPA_KEY_MGMT_FILS_SHA384;
1454 wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using KEY_MGMT FILS-SHA384");
1455 } else if (sel & WPA_KEY_MGMT_FILS_SHA256) {
1456 wpa_s->key_mgmt = WPA_KEY_MGMT_FILS_SHA256;
1457 wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using KEY_MGMT FILS-SHA256");
1458#endif /* CONFIG_FILS */
1459#ifdef CONFIG_IEEE80211R
1460 } else if ((sel & WPA_KEY_MGMT_FT_IEEE8021X) &&
1461 os_strcmp(wpa_supplicant_get_eap_mode(wpa_s), "LEAP") != 0) {
1462 wpa_s->key_mgmt = WPA_KEY_MGMT_FT_IEEE8021X;
1463 wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using KEY_MGMT FT/802.1X");
1464 if (!ssid->ft_eap_pmksa_caching &&
1465 pmksa_cache_get_current(wpa_s->wpa)) {
1466 /* PMKSA caching with FT may have interoperability
1467 * issues, so disable that case by default for now. */
1468 wpa_dbg(wpa_s, MSG_DEBUG,
1469 "WPA: Disable PMKSA caching for FT/802.1X connection");
1470 pmksa_cache_clear_current(wpa_s->wpa);
1471 }
1472#endif /* CONFIG_IEEE80211R */
1473#ifdef CONFIG_DPP
1474 } else if (sel & WPA_KEY_MGMT_DPP) {
1475 wpa_s->key_mgmt = WPA_KEY_MGMT_DPP;
1476 wpa_dbg(wpa_s, MSG_DEBUG, "RSN: using KEY_MGMT DPP");
1477#endif /* CONFIG_DPP */
1478#ifdef CONFIG_SAE
1479 } else if (sel & WPA_KEY_MGMT_FT_SAE) {
1480 wpa_s->key_mgmt = WPA_KEY_MGMT_FT_SAE;
1481 wpa_dbg(wpa_s, MSG_DEBUG, "RSN: using KEY_MGMT FT/SAE");
1482 } else if (sel & WPA_KEY_MGMT_SAE) {
1483 wpa_s->key_mgmt = WPA_KEY_MGMT_SAE;
1484 wpa_dbg(wpa_s, MSG_DEBUG, "RSN: using KEY_MGMT SAE");
1485#endif /* CONFIG_SAE */
1486#ifdef CONFIG_IEEE80211R
1487 } else if (sel & WPA_KEY_MGMT_FT_PSK) {
1488 wpa_s->key_mgmt = WPA_KEY_MGMT_FT_PSK;
1489 wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using KEY_MGMT FT/PSK");
1490#endif /* CONFIG_IEEE80211R */
1491#ifdef CONFIG_IEEE80211W
1492 } else if (sel & WPA_KEY_MGMT_IEEE8021X_SHA256) {
1493 wpa_s->key_mgmt = WPA_KEY_MGMT_IEEE8021X_SHA256;
1494 wpa_dbg(wpa_s, MSG_DEBUG,
1495 "WPA: using KEY_MGMT 802.1X with SHA256");
1496 } else if (sel & WPA_KEY_MGMT_PSK_SHA256) {
1497 wpa_s->key_mgmt = WPA_KEY_MGMT_PSK_SHA256;
1498 wpa_dbg(wpa_s, MSG_DEBUG,
1499 "WPA: using KEY_MGMT PSK with SHA256");
1500#endif /* CONFIG_IEEE80211W */
1501 } else if (sel & WPA_KEY_MGMT_IEEE8021X) {
1502 wpa_s->key_mgmt = WPA_KEY_MGMT_IEEE8021X;
1503 wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using KEY_MGMT 802.1X");
1504 } else if (sel & WPA_KEY_MGMT_PSK) {
1505 wpa_s->key_mgmt = WPA_KEY_MGMT_PSK;
1506 wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using KEY_MGMT WPA-PSK");
1507 } else if (sel & WPA_KEY_MGMT_WPA_NONE) {
1508 wpa_s->key_mgmt = WPA_KEY_MGMT_WPA_NONE;
1509 wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using KEY_MGMT WPA-NONE");
1510#ifdef CONFIG_HS20
1511 } else if (sel & WPA_KEY_MGMT_OSEN) {
1512 wpa_s->key_mgmt = WPA_KEY_MGMT_OSEN;
1513 wpa_dbg(wpa_s, MSG_DEBUG, "HS 2.0: using KEY_MGMT OSEN");
1514#endif /* CONFIG_HS20 */
1515#ifdef CONFIG_OWE
1516 } else if (sel & WPA_KEY_MGMT_OWE) {
1517 wpa_s->key_mgmt = WPA_KEY_MGMT_OWE;
1518 wpa_dbg(wpa_s, MSG_DEBUG, "RSN: using KEY_MGMT OWE");
1519#endif /* CONFIG_OWE */
1520 } else {
1521 wpa_msg(wpa_s, MSG_WARNING, "WPA: Failed to select "
1522 "authenticated key management type");
1523 return -1;
1524 }
1525
1526 wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_KEY_MGMT, wpa_s->key_mgmt);
1527 wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_PAIRWISE,
1528 wpa_s->pairwise_cipher);
1529 wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_GROUP, wpa_s->group_cipher);
1530
1531#ifdef CONFIG_IEEE80211W
1532 sel = ie.mgmt_group_cipher;
1533 if (ssid->group_mgmt_cipher)
1534 sel &= ssid->group_mgmt_cipher;
1535 if (wpas_get_ssid_pmf(wpa_s, ssid) == NO_MGMT_FRAME_PROTECTION ||
1536 !(ie.capabilities & WPA_CAPABILITY_MFPC))
1537 sel = 0;
1538 wpa_dbg(wpa_s, MSG_DEBUG,
1539 "WPA: AP mgmt_group_cipher 0x%x network profile mgmt_group_cipher 0x%x; available mgmt_group_cipher 0x%x",
1540 ie.mgmt_group_cipher, ssid->group_mgmt_cipher, sel);
1541 if (sel & WPA_CIPHER_AES_128_CMAC) {
1542 wpa_s->mgmt_group_cipher = WPA_CIPHER_AES_128_CMAC;
1543 wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using MGMT group cipher "
1544 "AES-128-CMAC");
1545 } else if (sel & WPA_CIPHER_BIP_GMAC_128) {
1546 wpa_s->mgmt_group_cipher = WPA_CIPHER_BIP_GMAC_128;
1547 wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using MGMT group cipher "
1548 "BIP-GMAC-128");
1549 } else if (sel & WPA_CIPHER_BIP_GMAC_256) {
1550 wpa_s->mgmt_group_cipher = WPA_CIPHER_BIP_GMAC_256;
1551 wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using MGMT group cipher "
1552 "BIP-GMAC-256");
1553 } else if (sel & WPA_CIPHER_BIP_CMAC_256) {
1554 wpa_s->mgmt_group_cipher = WPA_CIPHER_BIP_CMAC_256;
1555 wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using MGMT group cipher "
1556 "BIP-CMAC-256");
1557 } else {
1558 wpa_s->mgmt_group_cipher = 0;
1559 wpa_dbg(wpa_s, MSG_DEBUG, "WPA: not using MGMT group cipher");
1560 }
1561 wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_MGMT_GROUP,
1562 wpa_s->mgmt_group_cipher);
1563 wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_MFP,
1564 wpas_get_ssid_pmf(wpa_s, ssid));
1565#endif /* CONFIG_IEEE80211W */
1566#ifdef CONFIG_OCV
1567 wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_OCV, ssid->ocv);
1568#endif /* CONFIG_OCV */
1569
1570 if (wpa_sm_set_assoc_wpa_ie_default(wpa_s->wpa, wpa_ie, wpa_ie_len)) {
1571 wpa_msg(wpa_s, MSG_WARNING, "WPA: Failed to generate WPA IE");
1572 return -1;
1573 }
1574
1575 if (0) {
1576#ifdef CONFIG_DPP
1577 } else if (wpa_s->key_mgmt == WPA_KEY_MGMT_DPP) {
1578 /* Use PMK from DPP network introduction (PMKSA entry) */
1579 wpa_sm_set_pmk_from_pmksa(wpa_s->wpa);
1580#endif /* CONFIG_DPP */
1581 } else if (wpa_key_mgmt_wpa_psk(ssid->key_mgmt)) {
1582 int psk_set = 0;
1583 int sae_only;
1584
1585 sae_only = (ssid->key_mgmt & (WPA_KEY_MGMT_PSK |
1586 WPA_KEY_MGMT_FT_PSK |
1587 WPA_KEY_MGMT_PSK_SHA256)) == 0;
1588
1589 if (ssid->psk_set && !sae_only) {
1590 wpa_hexdump_key(MSG_MSGDUMP, "PSK (set in config)",
1591 ssid->psk, PMK_LEN);
1592 wpa_sm_set_pmk(wpa_s->wpa, ssid->psk, PMK_LEN, NULL,
1593 NULL);
1594 psk_set = 1;
1595 }
1596
1597 if (wpa_key_mgmt_sae(ssid->key_mgmt) &&
1598 (ssid->sae_password || ssid->passphrase))
1599 psk_set = 1;
1600
1601#ifndef CONFIG_NO_PBKDF2
1602 if (bss && ssid->bssid_set && ssid->ssid_len == 0 &&
1603 ssid->passphrase && !sae_only) {
1604 u8 psk[PMK_LEN];
1605 pbkdf2_sha1(ssid->passphrase, bss->ssid, bss->ssid_len,
1606 4096, psk, PMK_LEN);
1607 wpa_hexdump_key(MSG_MSGDUMP, "PSK (from passphrase)",
1608 psk, PMK_LEN);
1609 wpa_sm_set_pmk(wpa_s->wpa, psk, PMK_LEN, NULL, NULL);
1610 psk_set = 1;
1611 os_memset(psk, 0, sizeof(psk));
1612 }
1613#endif /* CONFIG_NO_PBKDF2 */
1614#ifdef CONFIG_EXT_PASSWORD
1615 if (ssid->ext_psk && !sae_only) {
1616 struct wpabuf *pw = ext_password_get(wpa_s->ext_pw,
1617 ssid->ext_psk);
1618 char pw_str[64 + 1];
1619 u8 psk[PMK_LEN];
1620
1621 if (pw == NULL) {
1622 wpa_msg(wpa_s, MSG_INFO, "EXT PW: No PSK "
1623 "found from external storage");
1624 return -1;
1625 }
1626
1627 if (wpabuf_len(pw) < 8 || wpabuf_len(pw) > 64) {
1628 wpa_msg(wpa_s, MSG_INFO, "EXT PW: Unexpected "
1629 "PSK length %d in external storage",
1630 (int) wpabuf_len(pw));
1631 ext_password_free(pw);
1632 return -1;
1633 }
1634
1635 os_memcpy(pw_str, wpabuf_head(pw), wpabuf_len(pw));
1636 pw_str[wpabuf_len(pw)] = '\0';
1637
1638#ifndef CONFIG_NO_PBKDF2
1639 if (wpabuf_len(pw) >= 8 && wpabuf_len(pw) < 64 && bss)
1640 {
1641 pbkdf2_sha1(pw_str, bss->ssid, bss->ssid_len,
1642 4096, psk, PMK_LEN);
1643 os_memset(pw_str, 0, sizeof(pw_str));
1644 wpa_hexdump_key(MSG_MSGDUMP, "PSK (from "
1645 "external passphrase)",
1646 psk, PMK_LEN);
1647 wpa_sm_set_pmk(wpa_s->wpa, psk, PMK_LEN, NULL,
1648 NULL);
1649 psk_set = 1;
1650 os_memset(psk, 0, sizeof(psk));
1651 } else
1652#endif /* CONFIG_NO_PBKDF2 */
1653 if (wpabuf_len(pw) == 2 * PMK_LEN) {
1654 if (hexstr2bin(pw_str, psk, PMK_LEN) < 0) {
1655 wpa_msg(wpa_s, MSG_INFO, "EXT PW: "
1656 "Invalid PSK hex string");
1657 os_memset(pw_str, 0, sizeof(pw_str));
1658 ext_password_free(pw);
1659 return -1;
1660 }
1661 wpa_hexdump_key(MSG_MSGDUMP,
1662 "PSK (from external PSK)",
1663 psk, PMK_LEN);
1664 wpa_sm_set_pmk(wpa_s->wpa, psk, PMK_LEN, NULL,
1665 NULL);
1666 psk_set = 1;
1667 os_memset(psk, 0, sizeof(psk));
1668 } else {
1669 wpa_msg(wpa_s, MSG_INFO, "EXT PW: No suitable "
1670 "PSK available");
1671 os_memset(pw_str, 0, sizeof(pw_str));
1672 ext_password_free(pw);
1673 return -1;
1674 }
1675
1676 os_memset(pw_str, 0, sizeof(pw_str));
1677 ext_password_free(pw);
1678 }
1679#endif /* CONFIG_EXT_PASSWORD */
1680
1681 if (!psk_set) {
1682 wpa_msg(wpa_s, MSG_INFO,
1683 "No PSK available for association");
1684 wpas_auth_failed(wpa_s, "NO_PSK_AVAILABLE");
1685 return -1;
1686 }
1687#ifdef CONFIG_OWE
1688 } else if (wpa_s->key_mgmt == WPA_KEY_MGMT_OWE) {
1689 /* OWE Diffie-Hellman exchange in (Re)Association
1690 * Request/Response frames set the PMK, so do not override it
1691 * here. */
1692#endif /* CONFIG_OWE */
1693 } else
1694 wpa_sm_set_pmk_from_pmksa(wpa_s->wpa);
1695
1696 return 0;
1697}
1698
1699
1700static void wpas_ext_capab_byte(struct wpa_supplicant *wpa_s, u8 *pos, int idx)
1701{
1702 *pos = 0x00;
1703
1704 switch (idx) {
1705 case 0: /* Bits 0-7 */
1706 break;
1707 case 1: /* Bits 8-15 */
1708 if (wpa_s->conf->coloc_intf_reporting) {
1709 /* Bit 13 - Collocated Interference Reporting */
1710 *pos |= 0x20;
1711 }
1712 break;
1713 case 2: /* Bits 16-23 */
1714#ifdef CONFIG_WNM
1715 *pos |= 0x02; /* Bit 17 - WNM-Sleep Mode */
1716 if (!wpa_s->conf->disable_btm)
1717 *pos |= 0x08; /* Bit 19 - BSS Transition */
1718#endif /* CONFIG_WNM */
1719 break;
1720 case 3: /* Bits 24-31 */
1721#ifdef CONFIG_WNM
1722 *pos |= 0x02; /* Bit 25 - SSID List */
1723#endif /* CONFIG_WNM */
1724#ifdef CONFIG_INTERWORKING
1725 if (wpa_s->conf->interworking)
1726 *pos |= 0x80; /* Bit 31 - Interworking */
1727#endif /* CONFIG_INTERWORKING */
1728 break;
1729 case 4: /* Bits 32-39 */
1730#ifdef CONFIG_INTERWORKING
1731 if (wpa_s->drv_flags & WPA_DRIVER_FLAGS_QOS_MAPPING)
1732 *pos |= 0x01; /* Bit 32 - QoS Map */
1733#endif /* CONFIG_INTERWORKING */
1734 break;
1735 case 5: /* Bits 40-47 */
1736#ifdef CONFIG_HS20
1737 if (wpa_s->conf->hs20)
1738 *pos |= 0x40; /* Bit 46 - WNM-Notification */
1739#endif /* CONFIG_HS20 */
1740#ifdef CONFIG_MBO
1741 *pos |= 0x40; /* Bit 46 - WNM-Notification */
1742#endif /* CONFIG_MBO */
1743 break;
1744 case 6: /* Bits 48-55 */
1745 break;
1746 case 7: /* Bits 56-63 */
1747 break;
1748 case 8: /* Bits 64-71 */
1749 if (wpa_s->conf->ftm_responder)
1750 *pos |= 0x40; /* Bit 70 - FTM responder */
1751 if (wpa_s->conf->ftm_initiator)
1752 *pos |= 0x80; /* Bit 71 - FTM initiator */
1753 break;
1754 case 9: /* Bits 72-79 */
1755#ifdef CONFIG_FILS
1756 if (!wpa_s->disable_fils)
1757 *pos |= 0x01;
1758#endif /* CONFIG_FILS */
1759 break;
1760 }
1761}
1762
1763
1764int wpas_build_ext_capab(struct wpa_supplicant *wpa_s, u8 *buf, size_t buflen)
1765{
1766 u8 *pos = buf;
1767 u8 len = 10, i;
1768
1769 if (len < wpa_s->extended_capa_len)
1770 len = wpa_s->extended_capa_len;
1771 if (buflen < (size_t) len + 2) {
1772 wpa_printf(MSG_INFO,
1773 "Not enough room for building extended capabilities element");
1774 return -1;
1775 }
1776
1777 *pos++ = WLAN_EID_EXT_CAPAB;
1778 *pos++ = len;
1779 for (i = 0; i < len; i++, pos++) {
1780 wpas_ext_capab_byte(wpa_s, pos, i);
1781
1782 if (i < wpa_s->extended_capa_len) {
1783 *pos &= ~wpa_s->extended_capa_mask[i];
1784 *pos |= wpa_s->extended_capa[i];
1785 }
1786 }
1787
1788 while (len > 0 && buf[1 + len] == 0) {
1789 len--;
1790 buf[1] = len;
1791 }
1792 if (len == 0)
1793 return 0;
1794
1795 return 2 + len;
1796}
1797
1798
1799static int wpas_valid_bss(struct wpa_supplicant *wpa_s,
1800 struct wpa_bss *test_bss)
1801{
1802 struct wpa_bss *bss;
1803
1804 dl_list_for_each(bss, &wpa_s->bss, struct wpa_bss, list) {
1805 if (bss == test_bss)
1806 return 1;
1807 }
1808
1809 return 0;
1810}
1811
1812
1813static int wpas_valid_ssid(struct wpa_supplicant *wpa_s,
1814 struct wpa_ssid *test_ssid)
1815{
1816 struct wpa_ssid *ssid;
1817
1818 for (ssid = wpa_s->conf->ssid; ssid; ssid = ssid->next) {
1819 if (ssid == test_ssid)
1820 return 1;
1821 }
1822
1823 return 0;
1824}
1825
1826
1827int wpas_valid_bss_ssid(struct wpa_supplicant *wpa_s, struct wpa_bss *test_bss,
1828 struct wpa_ssid *test_ssid)
1829{
1830 if (test_bss && !wpas_valid_bss(wpa_s, test_bss))
1831 return 0;
1832
1833 return test_ssid == NULL || wpas_valid_ssid(wpa_s, test_ssid);
1834}
1835
1836
1837void wpas_connect_work_free(struct wpa_connect_work *cwork)
1838{
1839 if (cwork == NULL)
1840 return;
1841 os_free(cwork);
1842}
1843
1844
1845void wpas_connect_work_done(struct wpa_supplicant *wpa_s)
1846{
1847 struct wpa_connect_work *cwork;
1848 struct wpa_radio_work *work = wpa_s->connect_work;
1849
1850 if (!work)
1851 return;
1852
1853 wpa_s->connect_work = NULL;
1854 cwork = work->ctx;
1855 work->ctx = NULL;
1856 wpas_connect_work_free(cwork);
1857 radio_work_done(work);
1858}
1859
1860
1861int wpas_update_random_addr(struct wpa_supplicant *wpa_s, int style)
1862{
1863 struct os_reltime now;
1864 u8 addr[ETH_ALEN];
1865
1866 os_get_reltime(&now);
1867 if (wpa_s->last_mac_addr_style == style &&
1868 wpa_s->last_mac_addr_change.sec != 0 &&
1869 !os_reltime_expired(&now, &wpa_s->last_mac_addr_change,
1870 wpa_s->conf->rand_addr_lifetime)) {
1871 wpa_msg(wpa_s, MSG_DEBUG,
1872 "Previously selected random MAC address has not yet expired");
1873 return 0;
1874 }
1875
1876 switch (style) {
1877 case 1:
1878 if (random_mac_addr(addr) < 0)
1879 return -1;
1880 break;
1881 case 2:
1882 os_memcpy(addr, wpa_s->perm_addr, ETH_ALEN);
1883 if (random_mac_addr_keep_oui(addr) < 0)
1884 return -1;
1885 break;
1886 default:
1887 return -1;
1888 }
1889
1890 if (wpa_drv_set_mac_addr(wpa_s, addr) < 0) {
1891 wpa_msg(wpa_s, MSG_INFO,
1892 "Failed to set random MAC address");
1893 return -1;
1894 }
1895
1896 os_get_reltime(&wpa_s->last_mac_addr_change);
1897 wpa_s->mac_addr_changed = 1;
1898 wpa_s->last_mac_addr_style = style;
1899
1900 if (wpa_supplicant_update_mac_addr(wpa_s) < 0) {
1901 wpa_msg(wpa_s, MSG_INFO,
1902 "Could not update MAC address information");
1903 return -1;
1904 }
1905
1906 wpa_msg(wpa_s, MSG_DEBUG, "Using random MAC address " MACSTR,
1907 MAC2STR(addr));
1908
1909 return 0;
1910}
1911
1912
1913int wpas_update_random_addr_disassoc(struct wpa_supplicant *wpa_s)
1914{
1915 if (wpa_s->wpa_state >= WPA_AUTHENTICATING ||
1916 !wpa_s->conf->preassoc_mac_addr)
1917 return 0;
1918
1919 return wpas_update_random_addr(wpa_s, wpa_s->conf->preassoc_mac_addr);
1920}
1921
1922
1923static void wpas_start_assoc_cb(struct wpa_radio_work *work, int deinit);
1924
1925/**
1926 * wpa_supplicant_associate - Request association
1927 * @wpa_s: Pointer to wpa_supplicant data
1928 * @bss: Scan results for the selected BSS, or %NULL if not available
1929 * @ssid: Configuration data for the selected network
1930 *
1931 * This function is used to request %wpa_supplicant to associate with a BSS.
1932 */
1933void wpa_supplicant_associate(struct wpa_supplicant *wpa_s,
1934 struct wpa_bss *bss, struct wpa_ssid *ssid)
1935{
1936 struct wpa_connect_work *cwork;
1937 int rand_style;
1938
1939 wpa_s->own_disconnect_req = 0;
1940
1941 /*
1942 * If we are starting a new connection, any previously pending EAPOL
1943 * RX cannot be valid anymore.
1944 */
1945 wpabuf_free(wpa_s->pending_eapol_rx);
1946 wpa_s->pending_eapol_rx = NULL;
1947
1948 if (ssid->mac_addr == -1)
1949 rand_style = wpa_s->conf->mac_addr;
1950 else
1951 rand_style = ssid->mac_addr;
1952
1953 wmm_ac_clear_saved_tspecs(wpa_s);
1954 wpa_s->reassoc_same_bss = 0;
1955 wpa_s->reassoc_same_ess = 0;
1956#ifdef CONFIG_TESTING_OPTIONS
1957 wpa_s->testing_resend_assoc = 0;
1958#endif /* CONFIG_TESTING_OPTIONS */
1959
1960 if (wpa_s->last_ssid == ssid) {
1961 wpa_dbg(wpa_s, MSG_DEBUG, "Re-association to the same ESS");
1962 wpa_s->reassoc_same_ess = 1;
1963 if (wpa_s->current_bss && wpa_s->current_bss == bss) {
1964 wmm_ac_save_tspecs(wpa_s);
1965 wpa_s->reassoc_same_bss = 1;
1966 } else if (wpa_s->current_bss && wpa_s->current_bss != bss) {
1967 os_get_reltime(&wpa_s->roam_start);
1968 }
1969 }
1970
1971 if (rand_style > 0 && !wpa_s->reassoc_same_ess) {
1972 if (wpas_update_random_addr(wpa_s, rand_style) < 0)
1973 return;
1974 wpa_sm_pmksa_cache_flush(wpa_s->wpa, ssid);
1975 } else if (rand_style == 0 && wpa_s->mac_addr_changed) {
1976 if (wpa_drv_set_mac_addr(wpa_s, NULL) < 0) {
1977 wpa_msg(wpa_s, MSG_INFO,
1978 "Could not restore permanent MAC address");
1979 return;
1980 }
1981 wpa_s->mac_addr_changed = 0;
1982 if (wpa_supplicant_update_mac_addr(wpa_s) < 0) {
1983 wpa_msg(wpa_s, MSG_INFO,
1984 "Could not update MAC address information");
1985 return;
1986 }
1987 wpa_msg(wpa_s, MSG_DEBUG, "Using permanent MAC address");
1988 }
1989 wpa_s->last_ssid = ssid;
1990
1991#ifdef CONFIG_IBSS_RSN
1992 ibss_rsn_deinit(wpa_s->ibss_rsn);
1993 wpa_s->ibss_rsn = NULL;
1994#else /* CONFIG_IBSS_RSN */
1995 if (ssid->mode == WPAS_MODE_IBSS &&
1996 !(ssid->key_mgmt & (WPA_KEY_MGMT_NONE | WPA_KEY_MGMT_WPA_NONE))) {
1997 wpa_msg(wpa_s, MSG_INFO,
1998 "IBSS RSN not supported in the build");
1999 return;
2000 }
2001#endif /* CONFIG_IBSS_RSN */
2002
2003 if (ssid->mode == WPAS_MODE_AP || ssid->mode == WPAS_MODE_P2P_GO ||
2004 ssid->mode == WPAS_MODE_P2P_GROUP_FORMATION) {
2005#ifdef CONFIG_AP
2006 if (!(wpa_s->drv_flags & WPA_DRIVER_FLAGS_AP)) {
2007 wpa_msg(wpa_s, MSG_INFO, "Driver does not support AP "
2008 "mode");
2009 return;
2010 }
2011 if (wpa_supplicant_create_ap(wpa_s, ssid) < 0) {
2012 wpa_supplicant_set_state(wpa_s, WPA_DISCONNECTED);
2013 if (ssid->mode == WPAS_MODE_P2P_GROUP_FORMATION)
2014 wpas_p2p_ap_setup_failed(wpa_s);
2015 return;
2016 }
2017 wpa_s->current_bss = bss;
2018#else /* CONFIG_AP */
2019 wpa_msg(wpa_s, MSG_ERROR, "AP mode support not included in "
2020 "the build");
2021#endif /* CONFIG_AP */
2022 return;
2023 }
2024
2025 if (ssid->mode == WPAS_MODE_MESH) {
2026#ifdef CONFIG_MESH
2027 if (!(wpa_s->drv_flags & WPA_DRIVER_FLAGS_MESH)) {
2028 wpa_msg(wpa_s, MSG_INFO,
2029 "Driver does not support mesh mode");
2030 return;
2031 }
2032 if (bss)
2033 ssid->frequency = bss->freq;
2034 if (wpa_supplicant_join_mesh(wpa_s, ssid) < 0) {
2035 wpa_msg(wpa_s, MSG_ERROR, "Could not join mesh");
2036 return;
2037 }
2038 wpa_s->current_bss = bss;
2039 wpa_msg(wpa_s, MSG_INFO, MESH_GROUP_STARTED "ssid=\"%s\" id=%d",
2040 wpa_ssid_txt(ssid->ssid, ssid->ssid_len),
2041 ssid->id);
2042 wpas_notify_mesh_group_started(wpa_s, ssid);
2043#else /* CONFIG_MESH */
2044 wpa_msg(wpa_s, MSG_ERROR,
2045 "mesh mode support not included in the build");
2046#endif /* CONFIG_MESH */
2047 return;
2048 }
2049
2050 /*
2051 * Set WPA state machine configuration to match the selected network now
2052 * so that the information is available before wpas_start_assoc_cb()
2053 * gets called. This is needed at least for RSN pre-authentication where
2054 * candidate APs are added to a list based on scan result processing
2055 * before completion of the first association.
2056 */
2057 wpa_supplicant_rsn_supp_set_config(wpa_s, ssid);
2058
2059#ifdef CONFIG_DPP
2060 if (wpas_dpp_check_connect(wpa_s, ssid, bss) != 0)
2061 return;
2062#endif /* CONFIG_DPP */
2063
2064#ifdef CONFIG_TDLS
2065 if (bss)
2066 wpa_tdls_ap_ies(wpa_s->wpa, (const u8 *) (bss + 1),
2067 bss->ie_len);
2068#endif /* CONFIG_TDLS */
2069
2070 if ((wpa_s->drv_flags & WPA_DRIVER_FLAGS_SME) &&
2071 ssid->mode == WPAS_MODE_INFRA) {
2072 sme_authenticate(wpa_s, bss, ssid);
2073 return;
2074 }
2075
2076 if (wpa_s->connect_work) {
2077 wpa_dbg(wpa_s, MSG_DEBUG, "Reject wpa_supplicant_associate() call since connect_work exist");
2078 return;
2079 }
2080
2081 if (radio_work_pending(wpa_s, "connect")) {
2082 wpa_dbg(wpa_s, MSG_DEBUG, "Reject wpa_supplicant_associate() call since pending work exist");
2083 return;
2084 }
2085
2086#ifdef CONFIG_SME
2087 if (ssid->mode == WPAS_MODE_IBSS || ssid->mode == WPAS_MODE_MESH) {
2088 /* Clear possibly set auth_alg, if any, from last attempt. */
2089 wpa_s->sme.auth_alg = WPA_AUTH_ALG_OPEN;
2090 }
2091#endif /* CONFIG_SME */
2092
2093 wpas_abort_ongoing_scan(wpa_s);
2094
2095 cwork = os_zalloc(sizeof(*cwork));
2096 if (cwork == NULL)
2097 return;
2098
2099 cwork->bss = bss;
2100 cwork->ssid = ssid;
2101
2102 if (radio_add_work(wpa_s, bss ? bss->freq : 0, "connect", 1,
2103 wpas_start_assoc_cb, cwork) < 0) {
2104 os_free(cwork);
2105 }
2106}
2107
2108
2109static int bss_is_ibss(struct wpa_bss *bss)
2110{
2111 return (bss->caps & (IEEE80211_CAP_ESS | IEEE80211_CAP_IBSS)) ==
2112 IEEE80211_CAP_IBSS;
2113}
2114
2115
2116static int drv_supports_vht(struct wpa_supplicant *wpa_s,
2117 const struct wpa_ssid *ssid)
2118{
2119 enum hostapd_hw_mode hw_mode;
2120 struct hostapd_hw_modes *mode = NULL;
2121 u8 channel;
2122 int i;
2123
2124 hw_mode = ieee80211_freq_to_chan(ssid->frequency, &channel);
2125 if (hw_mode == NUM_HOSTAPD_MODES)
2126 return 0;
2127 for (i = 0; wpa_s->hw.modes && i < wpa_s->hw.num_modes; i++) {
2128 if (wpa_s->hw.modes[i].mode == hw_mode) {
2129 mode = &wpa_s->hw.modes[i];
2130 break;
2131 }
2132 }
2133
2134 if (!mode)
2135 return 0;
2136
2137 return mode->vht_capab != 0;
2138}
2139
2140
2141void ibss_mesh_setup_freq(struct wpa_supplicant *wpa_s,
2142 const struct wpa_ssid *ssid,
2143 struct hostapd_freq_params *freq)
2144{
2145 int ieee80211_mode = wpas_mode_to_ieee80211_mode(ssid->mode);
2146 enum hostapd_hw_mode hw_mode;
2147 struct hostapd_hw_modes *mode = NULL;
2148 int ht40plus[] = { 36, 44, 52, 60, 100, 108, 116, 124, 132, 149, 157,
2149 184, 192 };
2150 int vht80[] = { 36, 52, 100, 116, 132, 149 };
2151 struct hostapd_channel_data *pri_chan = NULL, *sec_chan = NULL;
2152 u8 channel;
2153 int i, chan_idx, ht40 = -1, res, obss_scan = 1;
2154 unsigned int j, k;
2155 struct hostapd_freq_params vht_freq;
2156 int chwidth, seg0, seg1;
2157 u32 vht_caps = 0;
2158
2159 freq->freq = ssid->frequency;
2160
2161 for (j = 0; j < wpa_s->last_scan_res_used; j++) {
2162 struct wpa_bss *bss = wpa_s->last_scan_res[j];
2163
2164 if (ssid->mode != WPAS_MODE_IBSS)
2165 break;
2166
2167 /* Don't adjust control freq in case of fixed_freq */
2168 if (ssid->fixed_freq)
2169 break;
2170
2171 if (!bss_is_ibss(bss))
2172 continue;
2173
2174 if (ssid->ssid_len == bss->ssid_len &&
2175 os_memcmp(ssid->ssid, bss->ssid, bss->ssid_len) == 0) {
2176 wpa_printf(MSG_DEBUG,
2177 "IBSS already found in scan results, adjust control freq: %d",
2178 bss->freq);
2179 freq->freq = bss->freq;
2180 obss_scan = 0;
2181 break;
2182 }
2183 }
2184
2185 /* For IBSS check HT_IBSS flag */
2186 if (ssid->mode == WPAS_MODE_IBSS &&
2187 !(wpa_s->drv_flags & WPA_DRIVER_FLAGS_HT_IBSS))
2188 return;
2189
2190 if (wpa_s->group_cipher == WPA_CIPHER_WEP40 ||
2191 wpa_s->group_cipher == WPA_CIPHER_WEP104 ||
2192 wpa_s->pairwise_cipher == WPA_CIPHER_TKIP) {
2193 wpa_printf(MSG_DEBUG,
2194 "IBSS: WEP/TKIP detected, do not try to enable HT");
2195 return;
2196 }
2197
2198 hw_mode = ieee80211_freq_to_chan(freq->freq, &channel);
2199 for (i = 0; wpa_s->hw.modes && i < wpa_s->hw.num_modes; i++) {
2200 if (wpa_s->hw.modes[i].mode == hw_mode) {
2201 mode = &wpa_s->hw.modes[i];
2202 break;
2203 }
2204 }
2205
2206 if (!mode)
2207 return;
2208
2209 /* HE can work without HT + VHT */
2210 freq->he_enabled = mode->he_capab[ieee80211_mode].he_supported;
2211
2212#ifdef CONFIG_HT_OVERRIDES
2213 if (ssid->disable_ht) {
2214 freq->ht_enabled = 0;
2215 return;
2216 }
2217#endif /* CONFIG_HT_OVERRIDES */
2218
2219 freq->ht_enabled = ht_supported(mode);
2220 if (!freq->ht_enabled)
2221 return;
2222
2223 /* Setup higher BW only for 5 GHz */
2224 if (mode->mode != HOSTAPD_MODE_IEEE80211A)
2225 return;
2226
2227 for (chan_idx = 0; chan_idx < mode->num_channels; chan_idx++) {
2228 pri_chan = &mode->channels[chan_idx];
2229 if (pri_chan->chan == channel)
2230 break;
2231 pri_chan = NULL;
2232 }
2233 if (!pri_chan)
2234 return;
2235
2236 /* Check primary channel flags */
2237 if (pri_chan->flag & (HOSTAPD_CHAN_DISABLED | HOSTAPD_CHAN_NO_IR))
2238 return;
2239
2240 freq->channel = pri_chan->chan;
2241
2242#ifdef CONFIG_HT_OVERRIDES
2243 if (ssid->disable_ht40) {
2244 if (ssid->disable_vht)
2245 return;
2246 goto skip_ht40;
2247 }
2248#endif /* CONFIG_HT_OVERRIDES */
2249
2250 /* Check/setup HT40+/HT40- */
2251 for (j = 0; j < ARRAY_SIZE(ht40plus); j++) {
2252 if (ht40plus[j] == channel) {
2253 ht40 = 1;
2254 break;
2255 }
2256 }
2257
2258 /* Find secondary channel */
2259 for (i = 0; i < mode->num_channels; i++) {
2260 sec_chan = &mode->channels[i];
2261 if (sec_chan->chan == channel + ht40 * 4)
2262 break;
2263 sec_chan = NULL;
2264 }
2265 if (!sec_chan)
2266 return;
2267
2268 /* Check secondary channel flags */
2269 if (sec_chan->flag & (HOSTAPD_CHAN_DISABLED | HOSTAPD_CHAN_NO_IR))
2270 return;
2271
2272 if (ht40 == -1) {
2273 if (!(pri_chan->flag & HOSTAPD_CHAN_HT40MINUS))
2274 return;
2275 } else {
2276 if (!(pri_chan->flag & HOSTAPD_CHAN_HT40PLUS))
2277 return;
2278 }
2279 freq->sec_channel_offset = ht40;
2280
2281 if (obss_scan) {
2282 struct wpa_scan_results *scan_res;
2283
2284 scan_res = wpa_supplicant_get_scan_results(wpa_s, NULL, 0);
2285 if (scan_res == NULL) {
2286 /* Back to HT20 */
2287 freq->sec_channel_offset = 0;
2288 return;
2289 }
2290
2291 res = check_40mhz_5g(mode, scan_res, pri_chan->chan,
2292 sec_chan->chan);
2293 switch (res) {
2294 case 0:
2295 /* Back to HT20 */
2296 freq->sec_channel_offset = 0;
2297 break;
2298 case 1:
2299 /* Configuration allowed */
2300 break;
2301 case 2:
2302 /* Switch pri/sec channels */
2303 freq->freq = hw_get_freq(mode, sec_chan->chan);
2304 freq->sec_channel_offset = -freq->sec_channel_offset;
2305 freq->channel = sec_chan->chan;
2306 break;
2307 default:
2308 freq->sec_channel_offset = 0;
2309 break;
2310 }
2311
2312 wpa_scan_results_free(scan_res);
2313 }
2314
2315#ifdef CONFIG_HT_OVERRIDES
2316skip_ht40:
2317#endif /* CONFIG_HT_OVERRIDES */
2318 wpa_printf(MSG_DEBUG,
2319 "IBSS/mesh: setup freq channel %d, sec_channel_offset %d",
2320 freq->channel, freq->sec_channel_offset);
2321
2322 if (!drv_supports_vht(wpa_s, ssid))
2323 return;
2324
2325 /* For IBSS check VHT_IBSS flag */
2326 if (ssid->mode == WPAS_MODE_IBSS &&
2327 !(wpa_s->drv_flags & WPA_DRIVER_FLAGS_VHT_IBSS))
2328 return;
2329
2330 vht_freq = *freq;
2331
2332#ifdef CONFIG_VHT_OVERRIDES
2333 if (ssid->disable_vht) {
2334 freq->vht_enabled = 0;
2335 return;
2336 }
2337#endif /* CONFIG_VHT_OVERRIDES */
2338
2339 vht_freq.vht_enabled = vht_supported(mode);
2340 if (!vht_freq.vht_enabled)
2341 return;
2342
2343 /* setup center_freq1, bandwidth */
2344 for (j = 0; j < ARRAY_SIZE(vht80); j++) {
2345 if (freq->channel >= vht80[j] &&
2346 freq->channel < vht80[j] + 16)
2347 break;
2348 }
2349
2350 if (j == ARRAY_SIZE(vht80))
2351 return;
2352
2353 for (i = vht80[j]; i < vht80[j] + 16; i += 4) {
2354 struct hostapd_channel_data *chan;
2355
2356 chan = hw_get_channel_chan(mode, i, NULL);
2357 if (!chan)
2358 return;
2359
2360 /* Back to HT configuration if channel not usable */
2361 if (chan->flag & (HOSTAPD_CHAN_DISABLED | HOSTAPD_CHAN_NO_IR))
2362 return;
2363 }
2364
2365 chwidth = CHANWIDTH_80MHZ;
2366 seg0 = vht80[j] + 6;
2367 seg1 = 0;
2368
2369 if (ssid->max_oper_chwidth == CHANWIDTH_80P80MHZ) {
2370 /* setup center_freq2, bandwidth */
2371 for (k = 0; k < ARRAY_SIZE(vht80); k++) {
2372 /* Only accept 80 MHz segments separated by a gap */
2373 if (j == k || abs(vht80[j] - vht80[k]) == 16)
2374 continue;
2375 for (i = vht80[k]; i < vht80[k] + 16; i += 4) {
2376 struct hostapd_channel_data *chan;
2377
2378 chan = hw_get_channel_chan(mode, i, NULL);
2379 if (!chan)
2380 continue;
2381
2382 if (chan->flag & (HOSTAPD_CHAN_DISABLED |
2383 HOSTAPD_CHAN_NO_IR |
2384 HOSTAPD_CHAN_RADAR))
2385 continue;
2386
2387 /* Found a suitable second segment for 80+80 */
2388 chwidth = CHANWIDTH_80P80MHZ;
2389 vht_caps |=
2390 VHT_CAP_SUPP_CHAN_WIDTH_160_80PLUS80MHZ;
2391 seg1 = vht80[k] + 6;
2392 }
2393
2394 if (chwidth == CHANWIDTH_80P80MHZ)
2395 break;
2396 }
2397 } else if (ssid->max_oper_chwidth == CHANWIDTH_160MHZ) {
2398 if (freq->freq == 5180) {
2399 chwidth = CHANWIDTH_160MHZ;
2400 vht_caps |= VHT_CAP_SUPP_CHAN_WIDTH_160MHZ;
2401 seg0 = 50;
2402 } else if (freq->freq == 5520) {
2403 chwidth = CHANWIDTH_160MHZ;
2404 vht_caps |= VHT_CAP_SUPP_CHAN_WIDTH_160MHZ;
2405 seg0 = 114;
2406 }
2407 } else if (ssid->max_oper_chwidth == CHANWIDTH_USE_HT) {
2408 chwidth = CHANWIDTH_USE_HT;
2409 seg0 = vht80[j] + 2;
2410#ifdef CONFIG_HT_OVERRIDES
2411 if (ssid->disable_ht40)
2412 seg0 = 0;
2413#endif /* CONFIG_HT_OVERRIDES */
2414 }
2415
2416 if (hostapd_set_freq_params(&vht_freq, mode->mode, freq->freq,
2417 freq->channel, freq->ht_enabled,
2418 vht_freq.vht_enabled, freq->he_enabled,
2419 freq->sec_channel_offset,
2420 chwidth, seg0, seg1, vht_caps,
2421 &mode->he_capab[ieee80211_mode]) != 0)
2422 return;
2423
2424 *freq = vht_freq;
2425
2426 wpa_printf(MSG_DEBUG, "IBSS: VHT setup freq cf1 %d, cf2 %d, bw %d",
2427 freq->center_freq1, freq->center_freq2, freq->bandwidth);
2428}
2429
2430
2431#ifdef CONFIG_FILS
2432static size_t wpas_add_fils_hlp_req(struct wpa_supplicant *wpa_s, u8 *ie_buf,
2433 size_t ie_buf_len)
2434{
2435 struct fils_hlp_req *req;
2436 size_t rem_len, hdr_len, hlp_len, len, ie_len = 0;
2437 const u8 *pos;
2438 u8 *buf = ie_buf;
2439
2440 dl_list_for_each(req, &wpa_s->fils_hlp_req, struct fils_hlp_req,
2441 list) {
2442 rem_len = ie_buf_len - ie_len;
2443 pos = wpabuf_head(req->pkt);
2444 hdr_len = 1 + 2 * ETH_ALEN + 6;
2445 hlp_len = wpabuf_len(req->pkt);
2446
2447 if (rem_len < 2 + hdr_len + hlp_len) {
2448 wpa_printf(MSG_ERROR,
2449 "FILS: Cannot fit HLP - rem_len=%lu to_fill=%lu",
2450 (unsigned long) rem_len,
2451 (unsigned long) (2 + hdr_len + hlp_len));
2452 break;
2453 }
2454
2455 len = (hdr_len + hlp_len) > 255 ? 255 : hdr_len + hlp_len;
2456 /* Element ID */
2457 *buf++ = WLAN_EID_EXTENSION;
2458 /* Length */
2459 *buf++ = len;
2460 /* Element ID Extension */
2461 *buf++ = WLAN_EID_EXT_FILS_HLP_CONTAINER;
2462 /* Destination MAC address */
2463 os_memcpy(buf, req->dst, ETH_ALEN);
2464 buf += ETH_ALEN;
2465 /* Source MAC address */
2466 os_memcpy(buf, wpa_s->own_addr, ETH_ALEN);
2467 buf += ETH_ALEN;
2468 /* LLC/SNAP Header */
2469 os_memcpy(buf, "\xaa\xaa\x03\x00\x00\x00", 6);
2470 buf += 6;
2471 /* HLP Packet */
2472 os_memcpy(buf, pos, len - hdr_len);
2473 buf += len - hdr_len;
2474 pos += len - hdr_len;
2475
2476 hlp_len -= len - hdr_len;
2477 ie_len += 2 + len;
2478 rem_len -= 2 + len;
2479
2480 while (hlp_len) {
2481 len = (hlp_len > 255) ? 255 : hlp_len;
2482 if (rem_len < 2 + len)
2483 break;
2484 *buf++ = WLAN_EID_FRAGMENT;
2485 *buf++ = len;
2486 os_memcpy(buf, pos, len);
2487 buf += len;
2488 pos += len;
2489
2490 hlp_len -= len;
2491 ie_len += 2 + len;
2492 rem_len -= 2 + len;
2493 }
2494 }
2495
2496 return ie_len;
2497}
2498
2499
2500int wpa_is_fils_supported(struct wpa_supplicant *wpa_s)
2501{
2502 return (((wpa_s->drv_flags & WPA_DRIVER_FLAGS_SME) &&
2503 (wpa_s->drv_flags & WPA_DRIVER_FLAGS_SUPPORT_FILS)) ||
2504 (!(wpa_s->drv_flags & WPA_DRIVER_FLAGS_SME) &&
2505 (wpa_s->drv_flags & WPA_DRIVER_FLAGS_FILS_SK_OFFLOAD)));
2506}
2507
2508
2509int wpa_is_fils_sk_pfs_supported(struct wpa_supplicant *wpa_s)
2510{
2511#ifdef CONFIG_FILS_SK_PFS
2512 return (wpa_s->drv_flags & WPA_DRIVER_FLAGS_SME) &&
2513 (wpa_s->drv_flags & WPA_DRIVER_FLAGS_SUPPORT_FILS);
2514#else /* CONFIG_FILS_SK_PFS */
2515 return 0;
2516#endif /* CONFIG_FILS_SK_PFS */
2517}
2518
2519#endif /* CONFIG_FILS */
2520
2521
2522static u8 * wpas_populate_assoc_ies(
2523 struct wpa_supplicant *wpa_s,
2524 struct wpa_bss *bss, struct wpa_ssid *ssid,
2525 struct wpa_driver_associate_params *params,
2526 enum wpa_drv_update_connect_params_mask *mask)
2527{
2528 u8 *wpa_ie;
2529 size_t max_wpa_ie_len = 500;
2530 size_t wpa_ie_len;
2531 int algs = WPA_AUTH_ALG_OPEN;
2532#ifdef CONFIG_MBO
2533 const u8 *mbo_ie;
2534#endif
2535#ifdef CONFIG_SAE
2536 int sae_pmksa_cached = 0;
2537#endif /* CONFIG_SAE */
2538#ifdef CONFIG_FILS
2539 const u8 *realm, *username, *rrk;
2540 size_t realm_len, username_len, rrk_len;
2541 u16 next_seq_num;
2542 struct fils_hlp_req *req;
2543
2544 dl_list_for_each(req, &wpa_s->fils_hlp_req, struct fils_hlp_req,
2545 list) {
2546 max_wpa_ie_len += 3 + 2 * ETH_ALEN + 6 + wpabuf_len(req->pkt) +
2547 2 + 2 * wpabuf_len(req->pkt) / 255;
2548 }
2549#endif /* CONFIG_FILS */
2550
2551 wpa_ie = os_malloc(max_wpa_ie_len);
2552 if (!wpa_ie) {
2553 wpa_printf(MSG_ERROR,
2554 "Failed to allocate connect IE buffer for %lu bytes",
2555 (unsigned long) max_wpa_ie_len);
2556 return NULL;
2557 }
2558
2559 if (bss && (wpa_bss_get_vendor_ie(bss, WPA_IE_VENDOR_TYPE) ||
2560 wpa_bss_get_ie(bss, WLAN_EID_RSN)) &&
2561 wpa_key_mgmt_wpa(ssid->key_mgmt)) {
2562 int try_opportunistic;
2563 const u8 *cache_id = NULL;
2564
2565 try_opportunistic = (ssid->proactive_key_caching < 0 ?
2566 wpa_s->conf->okc :
2567 ssid->proactive_key_caching) &&
2568 (ssid->proto & WPA_PROTO_RSN);
2569#ifdef CONFIG_FILS
2570 if (wpa_key_mgmt_fils(ssid->key_mgmt))
2571 cache_id = wpa_bss_get_fils_cache_id(bss);
2572#endif /* CONFIG_FILS */
2573 if (pmksa_cache_set_current(wpa_s->wpa, NULL, bss->bssid,
2574 ssid, try_opportunistic,
2575 cache_id, 0) == 0) {
2576 eapol_sm_notify_pmkid_attempt(wpa_s->eapol);
2577#ifdef CONFIG_SAE
2578 sae_pmksa_cached = 1;
2579#endif /* CONFIG_SAE */
2580 }
2581 wpa_ie_len = max_wpa_ie_len;
2582 if (wpa_supplicant_set_suites(wpa_s, bss, ssid,
2583 wpa_ie, &wpa_ie_len)) {
2584 wpa_msg(wpa_s, MSG_WARNING, "WPA: Failed to set WPA "
2585 "key management and encryption suites");
2586 os_free(wpa_ie);
2587 return NULL;
2588 }
2589#ifdef CONFIG_HS20
2590 } else if (bss && wpa_bss_get_vendor_ie(bss, OSEN_IE_VENDOR_TYPE) &&
2591 (ssid->key_mgmt & WPA_KEY_MGMT_OSEN)) {
2592 /* No PMKSA caching, but otherwise similar to RSN/WPA */
2593 wpa_ie_len = max_wpa_ie_len;
2594 if (wpa_supplicant_set_suites(wpa_s, bss, ssid,
2595 wpa_ie, &wpa_ie_len)) {
2596 wpa_msg(wpa_s, MSG_WARNING, "WPA: Failed to set WPA "
2597 "key management and encryption suites");
2598 os_free(wpa_ie);
2599 return NULL;
2600 }
2601#endif /* CONFIG_HS20 */
2602 } else if ((ssid->key_mgmt & WPA_KEY_MGMT_IEEE8021X_NO_WPA) && bss &&
2603 wpa_key_mgmt_wpa_ieee8021x(ssid->key_mgmt)) {
2604 /*
2605 * Both WPA and non-WPA IEEE 802.1X enabled in configuration -
2606 * use non-WPA since the scan results did not indicate that the
2607 * AP is using WPA or WPA2.
2608 */
2609 wpa_supplicant_set_non_wpa_policy(wpa_s, ssid);
2610 wpa_ie_len = 0;
2611 wpa_s->wpa_proto = 0;
2612 } else if (wpa_key_mgmt_wpa_any(ssid->key_mgmt)) {
2613 wpa_ie_len = max_wpa_ie_len;
2614 if (wpa_supplicant_set_suites(wpa_s, NULL, ssid,
2615 wpa_ie, &wpa_ie_len)) {
2616 wpa_msg(wpa_s, MSG_WARNING, "WPA: Failed to set WPA "
2617 "key management and encryption suites (no "
2618 "scan results)");
2619 os_free(wpa_ie);
2620 return NULL;
2621 }
2622#ifdef CONFIG_WPS
2623 } else if (ssid->key_mgmt & WPA_KEY_MGMT_WPS) {
2624 struct wpabuf *wps_ie;
2625 wps_ie = wps_build_assoc_req_ie(wpas_wps_get_req_type(ssid));
2626 if (wps_ie && wpabuf_len(wps_ie) <= max_wpa_ie_len) {
2627 wpa_ie_len = wpabuf_len(wps_ie);
2628 os_memcpy(wpa_ie, wpabuf_head(wps_ie), wpa_ie_len);
2629 } else
2630 wpa_ie_len = 0;
2631 wpabuf_free(wps_ie);
2632 wpa_supplicant_set_non_wpa_policy(wpa_s, ssid);
2633 if (!bss || (bss->caps & IEEE80211_CAP_PRIVACY))
2634 params->wps = WPS_MODE_PRIVACY;
2635 else
2636 params->wps = WPS_MODE_OPEN;
2637 wpa_s->wpa_proto = 0;
2638#endif /* CONFIG_WPS */
2639 } else {
2640 wpa_supplicant_set_non_wpa_policy(wpa_s, ssid);
2641 wpa_ie_len = 0;
2642 wpa_s->wpa_proto = 0;
2643 }
2644
2645#ifdef IEEE8021X_EAPOL
2646 if (ssid->key_mgmt & WPA_KEY_MGMT_IEEE8021X_NO_WPA) {
2647 if (ssid->leap) {
2648 if (ssid->non_leap == 0)
2649 algs = WPA_AUTH_ALG_LEAP;
2650 else
2651 algs |= WPA_AUTH_ALG_LEAP;
2652 }
2653 }
2654
2655#ifdef CONFIG_FILS
2656 /* Clear FILS association */
2657 wpa_sm_set_reset_fils_completed(wpa_s->wpa, 0);
2658
2659 if ((wpa_s->drv_flags & WPA_DRIVER_FLAGS_FILS_SK_OFFLOAD) &&
2660 ssid->eap.erp && wpa_key_mgmt_fils(wpa_s->key_mgmt) &&
2661 eapol_sm_get_erp_info(wpa_s->eapol, &ssid->eap, &username,
2662 &username_len, &realm, &realm_len,
2663 &next_seq_num, &rrk, &rrk_len) == 0 &&
2664 (!wpa_s->last_con_fail_realm ||
2665 wpa_s->last_con_fail_realm_len != realm_len ||
2666 os_memcmp(wpa_s->last_con_fail_realm, realm, realm_len) != 0)) {
2667 algs = WPA_AUTH_ALG_FILS;
2668 params->fils_erp_username = username;
2669 params->fils_erp_username_len = username_len;
2670 params->fils_erp_realm = realm;
2671 params->fils_erp_realm_len = realm_len;
2672 params->fils_erp_next_seq_num = next_seq_num;
2673 params->fils_erp_rrk = rrk;
2674 params->fils_erp_rrk_len = rrk_len;
2675
2676 if (mask)
2677 *mask |= WPA_DRV_UPDATE_FILS_ERP_INFO;
2678 }
2679#endif /* CONFIG_FILS */
2680#endif /* IEEE8021X_EAPOL */
2681#ifdef CONFIG_SAE
2682 if (wpa_s->key_mgmt & (WPA_KEY_MGMT_SAE | WPA_KEY_MGMT_FT_SAE))
2683 algs = WPA_AUTH_ALG_SAE;
2684#endif /* CONFIG_SAE */
2685
2686 wpa_dbg(wpa_s, MSG_DEBUG, "Automatic auth_alg selection: 0x%x", algs);
2687 if (ssid->auth_alg) {
2688 algs = ssid->auth_alg;
2689 wpa_dbg(wpa_s, MSG_DEBUG,
2690 "Overriding auth_alg selection: 0x%x", algs);
2691 }
2692
2693#ifdef CONFIG_SAE
2694 if (sae_pmksa_cached && algs == WPA_AUTH_ALG_SAE) {
2695 wpa_dbg(wpa_s, MSG_DEBUG,
2696 "SAE: Use WPA_AUTH_ALG_OPEN for PMKSA caching attempt");
2697 algs = WPA_AUTH_ALG_OPEN;
2698 }
2699#endif /* CONFIG_SAE */
2700
2701#ifdef CONFIG_P2P
2702 if (wpa_s->global->p2p) {
2703 u8 *pos;
2704 size_t len;
2705 int res;
2706 pos = wpa_ie + wpa_ie_len;
2707 len = max_wpa_ie_len - wpa_ie_len;
2708 res = wpas_p2p_assoc_req_ie(wpa_s, bss, pos, len,
2709 ssid->p2p_group);
2710 if (res >= 0)
2711 wpa_ie_len += res;
2712 }
2713
2714 wpa_s->cross_connect_disallowed = 0;
2715 if (bss) {
2716 struct wpabuf *p2p;
2717 p2p = wpa_bss_get_vendor_ie_multi(bss, P2P_IE_VENDOR_TYPE);
2718 if (p2p) {
2719 wpa_s->cross_connect_disallowed =
2720 p2p_get_cross_connect_disallowed(p2p);
2721 wpabuf_free(p2p);
2722 wpa_dbg(wpa_s, MSG_DEBUG, "P2P: WLAN AP %s cross "
2723 "connection",
2724 wpa_s->cross_connect_disallowed ?
2725 "disallows" : "allows");
2726 }
2727 }
2728
2729 os_memset(wpa_s->p2p_ip_addr_info, 0, sizeof(wpa_s->p2p_ip_addr_info));
2730#endif /* CONFIG_P2P */
2731
2732 if (bss) {
2733 wpa_ie_len += wpas_supp_op_class_ie(wpa_s, ssid, bss->freq,
2734 wpa_ie + wpa_ie_len,
2735 max_wpa_ie_len -
2736 wpa_ie_len);
2737 }
2738
2739 /*
2740 * Workaround: Add Extended Capabilities element only if the AP
2741 * included this element in Beacon/Probe Response frames. Some older
2742 * APs seem to have interoperability issues if this element is
2743 * included, so while the standard may require us to include the
2744 * element in all cases, it is justifiable to skip it to avoid
2745 * interoperability issues.
2746 */
2747 if (ssid->p2p_group)
2748 wpa_drv_get_ext_capa(wpa_s, WPA_IF_P2P_CLIENT);
2749 else
2750 wpa_drv_get_ext_capa(wpa_s, WPA_IF_STATION);
2751
2752 if (!bss || wpa_bss_get_ie(bss, WLAN_EID_EXT_CAPAB)) {
2753 u8 ext_capab[18];
2754 int ext_capab_len;
2755 ext_capab_len = wpas_build_ext_capab(wpa_s, ext_capab,
2756 sizeof(ext_capab));
2757 if (ext_capab_len > 0 &&
2758 wpa_ie_len + ext_capab_len <= max_wpa_ie_len) {
2759 u8 *pos = wpa_ie;
2760 if (wpa_ie_len > 0 && pos[0] == WLAN_EID_RSN)
2761 pos += 2 + pos[1];
2762 os_memmove(pos + ext_capab_len, pos,
2763 wpa_ie_len - (pos - wpa_ie));
2764 wpa_ie_len += ext_capab_len;
2765 os_memcpy(pos, ext_capab, ext_capab_len);
2766 }
2767 }
2768
2769#ifdef CONFIG_HS20
2770 if (is_hs20_network(wpa_s, ssid, bss)) {
2771 struct wpabuf *hs20;
2772
2773 hs20 = wpabuf_alloc(20 + MAX_ROAMING_CONS_OI_LEN);
2774 if (hs20) {
2775 int pps_mo_id = hs20_get_pps_mo_id(wpa_s, ssid);
2776 size_t len;
2777
2778 wpas_hs20_add_indication(hs20, pps_mo_id,
2779 get_hs20_version(bss));
2780 wpas_hs20_add_roam_cons_sel(hs20, ssid);
2781 len = max_wpa_ie_len - wpa_ie_len;
2782 if (wpabuf_len(hs20) <= len) {
2783 os_memcpy(wpa_ie + wpa_ie_len,
2784 wpabuf_head(hs20), wpabuf_len(hs20));
2785 wpa_ie_len += wpabuf_len(hs20);
2786 }
2787 wpabuf_free(hs20);
2788
2789 hs20_configure_frame_filters(wpa_s);
2790 }
2791 }
2792#endif /* CONFIG_HS20 */
2793
2794 if (wpa_s->vendor_elem[VENDOR_ELEM_ASSOC_REQ]) {
2795 struct wpabuf *buf = wpa_s->vendor_elem[VENDOR_ELEM_ASSOC_REQ];
2796 size_t len;
2797
2798 len = max_wpa_ie_len - wpa_ie_len;
2799 if (wpabuf_len(buf) <= len) {
2800 os_memcpy(wpa_ie + wpa_ie_len,
2801 wpabuf_head(buf), wpabuf_len(buf));
2802 wpa_ie_len += wpabuf_len(buf);
2803 }
2804 }
2805
2806#ifdef CONFIG_FST
2807 if (wpa_s->fst_ies) {
2808 int fst_ies_len = wpabuf_len(wpa_s->fst_ies);
2809
2810 if (wpa_ie_len + fst_ies_len <= max_wpa_ie_len) {
2811 os_memcpy(wpa_ie + wpa_ie_len,
2812 wpabuf_head(wpa_s->fst_ies), fst_ies_len);
2813 wpa_ie_len += fst_ies_len;
2814 }
2815 }
2816#endif /* CONFIG_FST */
2817
2818#ifdef CONFIG_MBO
2819 mbo_ie = bss ? wpa_bss_get_vendor_ie(bss, MBO_IE_VENDOR_TYPE) : NULL;
2820 if (mbo_ie) {
2821 int len;
2822
2823 len = wpas_mbo_ie(wpa_s, wpa_ie + wpa_ie_len,
2824 max_wpa_ie_len - wpa_ie_len,
2825 !!mbo_attr_from_mbo_ie(mbo_ie,
2826 OCE_ATTR_ID_CAPA_IND));
2827 if (len >= 0)
2828 wpa_ie_len += len;
2829 }
2830#endif /* CONFIG_MBO */
2831
2832#ifdef CONFIG_FILS
2833 if (algs == WPA_AUTH_ALG_FILS) {
2834 size_t len;
2835
2836 len = wpas_add_fils_hlp_req(wpa_s, wpa_ie + wpa_ie_len,
2837 max_wpa_ie_len - wpa_ie_len);
2838 wpa_ie_len += len;
2839 }
2840#endif /* CONFIG_FILS */
2841
2842#ifdef CONFIG_OWE
2843#ifdef CONFIG_TESTING_OPTIONS
2844 if (get_ie_ext(wpa_ie, wpa_ie_len, WLAN_EID_EXT_OWE_DH_PARAM)) {
2845 wpa_printf(MSG_INFO, "TESTING: Override OWE DH element");
2846 } else
2847#endif /* CONFIG_TESTING_OPTIONS */
2848 if (algs == WPA_AUTH_ALG_OPEN &&
2849 ssid->key_mgmt == WPA_KEY_MGMT_OWE) {
2850 struct wpabuf *owe_ie;
2851 u16 group;
2852
2853 if (ssid->owe_group) {
2854 group = ssid->owe_group;
2855 } else if (wpa_s->assoc_status_code ==
2856 WLAN_STATUS_FINITE_CYCLIC_GROUP_NOT_SUPPORTED) {
2857 if (wpa_s->last_owe_group == 19)
2858 group = 20;
2859 else if (wpa_s->last_owe_group == 20)
2860 group = 21;
2861 else
2862 group = OWE_DH_GROUP;
2863 } else {
2864 group = OWE_DH_GROUP;
2865 }
2866
2867 wpa_s->last_owe_group = group;
2868 wpa_printf(MSG_DEBUG, "OWE: Try to use group %u", group);
2869 owe_ie = owe_build_assoc_req(wpa_s->wpa, group);
2870 if (owe_ie &&
2871 wpabuf_len(owe_ie) <= max_wpa_ie_len - wpa_ie_len) {
2872 os_memcpy(wpa_ie + wpa_ie_len,
2873 wpabuf_head(owe_ie), wpabuf_len(owe_ie));
2874 wpa_ie_len += wpabuf_len(owe_ie);
2875 }
2876 wpabuf_free(owe_ie);
2877 }
2878#endif /* CONFIG_OWE */
2879
2880#ifdef CONFIG_DPP2
2881 if (wpa_sm_get_key_mgmt(wpa_s->wpa) == WPA_KEY_MGMT_DPP &&
2882 ssid->dpp_netaccesskey) {
2883 dpp_pfs_free(wpa_s->dpp_pfs);
2884 wpa_s->dpp_pfs = dpp_pfs_init(ssid->dpp_netaccesskey,
2885 ssid->dpp_netaccesskey_len);
2886 if (!wpa_s->dpp_pfs) {
2887 wpa_printf(MSG_DEBUG, "DPP: Could not initialize PFS");
2888 /* Try to continue without PFS */
2889 goto pfs_fail;
2890 }
2891 if (wpabuf_len(wpa_s->dpp_pfs->ie) <=
2892 max_wpa_ie_len - wpa_ie_len) {
2893 os_memcpy(wpa_ie + wpa_ie_len,
2894 wpabuf_head(wpa_s->dpp_pfs->ie),
2895 wpabuf_len(wpa_s->dpp_pfs->ie));
2896 wpa_ie_len += wpabuf_len(wpa_s->dpp_pfs->ie);
2897 }
2898 }
2899pfs_fail:
2900#endif /* CONFIG_DPP2 */
2901
2902#ifdef CONFIG_IEEE80211R
2903 /*
2904 * Add MDIE under these conditions: the network profile allows FT,
2905 * the AP supports FT, and the mobility domain ID matches.
2906 */
2907 if (bss && wpa_key_mgmt_ft(wpa_sm_get_key_mgmt(wpa_s->wpa))) {
2908 const u8 *mdie = wpa_bss_get_ie(bss, WLAN_EID_MOBILITY_DOMAIN);
2909
2910 if (mdie && mdie[1] >= MOBILITY_DOMAIN_ID_LEN) {
2911 size_t len = 0;
2912 const u8 *md = mdie + 2;
2913 const u8 *wpa_md = wpa_sm_get_ft_md(wpa_s->wpa);
2914
2915 if (os_memcmp(md, wpa_md,
2916 MOBILITY_DOMAIN_ID_LEN) == 0) {
2917 /* Add mobility domain IE */
2918 len = wpa_ft_add_mdie(
2919 wpa_s->wpa, wpa_ie + wpa_ie_len,
2920 max_wpa_ie_len - wpa_ie_len, mdie);
2921 wpa_ie_len += len;
2922 }
2923#ifdef CONFIG_SME
2924 if (len > 0 && wpa_s->sme.ft_used &&
2925 wpa_sm_has_ptk(wpa_s->wpa)) {
2926 wpa_dbg(wpa_s, MSG_DEBUG,
2927 "SME: Trying to use FT over-the-air");
2928 algs |= WPA_AUTH_ALG_FT;
2929 }
2930#endif /* CONFIG_SME */
2931 }
2932 }
2933#endif /* CONFIG_IEEE80211R */
2934
2935 if (ssid->multi_ap_backhaul_sta) {
2936 size_t multi_ap_ie_len;
2937
2938 multi_ap_ie_len = add_multi_ap_ie(wpa_ie + wpa_ie_len,
2939 max_wpa_ie_len - wpa_ie_len,
2940 MULTI_AP_BACKHAUL_STA);
2941 if (multi_ap_ie_len == 0) {
2942 wpa_printf(MSG_ERROR,
2943 "Multi-AP: Failed to build Multi-AP IE");
2944 os_free(wpa_ie);
2945 return NULL;
2946 }
2947 wpa_ie_len += multi_ap_ie_len;
2948 }
2949
2950 params->wpa_ie = wpa_ie;
2951 params->wpa_ie_len = wpa_ie_len;
2952 params->auth_alg = algs;
2953 if (mask)
2954 *mask |= WPA_DRV_UPDATE_ASSOC_IES | WPA_DRV_UPDATE_AUTH_TYPE;
2955
2956 return wpa_ie;
2957}
2958
2959
2960#if defined(CONFIG_FILS) && defined(IEEE8021X_EAPOL)
2961static void wpas_update_fils_connect_params(struct wpa_supplicant *wpa_s)
2962{
2963 struct wpa_driver_associate_params params;
2964 enum wpa_drv_update_connect_params_mask mask = 0;
2965 u8 *wpa_ie;
2966
2967 if (wpa_s->auth_alg != WPA_AUTH_ALG_OPEN)
2968 return; /* nothing to do */
2969
2970 os_memset(&params, 0, sizeof(params));
2971 wpa_ie = wpas_populate_assoc_ies(wpa_s, wpa_s->current_bss,
2972 wpa_s->current_ssid, &params, &mask);
2973 if (!wpa_ie)
2974 return;
2975
2976 if (params.auth_alg != WPA_AUTH_ALG_FILS) {
2977 os_free(wpa_ie);
2978 return;
2979 }
2980
2981 wpa_s->auth_alg = params.auth_alg;
2982 wpa_drv_update_connect_params(wpa_s, &params, mask);
2983 os_free(wpa_ie);
2984}
2985#endif /* CONFIG_FILS && IEEE8021X_EAPOL */
2986
2987
2988#ifdef CONFIG_MBO
2989void wpas_update_mbo_connect_params(struct wpa_supplicant *wpa_s)
2990{
2991 struct wpa_driver_associate_params params;
2992 u8 *wpa_ie;
2993
2994 /*
2995 * Update MBO connect params only in case of change of MBO attributes
2996 * when connected, if the AP support MBO.
2997 */
2998
2999 if (wpa_s->wpa_state != WPA_COMPLETED || !wpa_s->current_ssid ||
3000 !wpa_s->current_bss ||
3001 !wpa_bss_get_vendor_ie(wpa_s->current_bss, MBO_IE_VENDOR_TYPE))
3002 return;
3003
3004 os_memset(&params, 0, sizeof(params));
3005 wpa_ie = wpas_populate_assoc_ies(wpa_s, wpa_s->current_bss,
3006 wpa_s->current_ssid, &params, NULL);
3007 if (!wpa_ie)
3008 return;
3009
3010 wpa_drv_update_connect_params(wpa_s, &params, WPA_DRV_UPDATE_ASSOC_IES);
3011 os_free(wpa_ie);
3012}
3013#endif /* CONFIG_MBO */
3014
3015
3016static void wpas_start_assoc_cb(struct wpa_radio_work *work, int deinit)
3017{
3018 struct wpa_connect_work *cwork = work->ctx;
3019 struct wpa_bss *bss = cwork->bss;
3020 struct wpa_ssid *ssid = cwork->ssid;
3021 struct wpa_supplicant *wpa_s = work->wpa_s;
3022 u8 *wpa_ie;
3023 int use_crypt, ret, i, bssid_changed;
3024 unsigned int cipher_pairwise, cipher_group, cipher_group_mgmt;
3025 struct wpa_driver_associate_params params;
3026 int wep_keys_set = 0;
3027 int assoc_failed = 0;
3028 struct wpa_ssid *old_ssid;
3029 u8 prev_bssid[ETH_ALEN];
3030#ifdef CONFIG_HT_OVERRIDES
3031 struct ieee80211_ht_capabilities htcaps;
3032 struct ieee80211_ht_capabilities htcaps_mask;
3033#endif /* CONFIG_HT_OVERRIDES */
3034#ifdef CONFIG_VHT_OVERRIDES
3035 struct ieee80211_vht_capabilities vhtcaps;
3036 struct ieee80211_vht_capabilities vhtcaps_mask;
3037#endif /* CONFIG_VHT_OVERRIDES */
3038
3039 if (deinit) {
3040 if (work->started) {
3041 wpa_s->connect_work = NULL;
3042
3043 /* cancel possible auth. timeout */
3044 eloop_cancel_timeout(wpa_supplicant_timeout, wpa_s,
3045 NULL);
3046 }
3047 wpas_connect_work_free(cwork);
3048 return;
3049 }
3050
3051 wpa_s->connect_work = work;
3052
3053 if (cwork->bss_removed || !wpas_valid_bss_ssid(wpa_s, bss, ssid) ||
3054 wpas_network_disabled(wpa_s, ssid)) {
3055 wpa_dbg(wpa_s, MSG_DEBUG, "BSS/SSID entry for association not valid anymore - drop connection attempt");
3056 wpas_connect_work_done(wpa_s);
3057 return;
3058 }
3059
3060 os_memcpy(prev_bssid, wpa_s->bssid, ETH_ALEN);
3061 os_memset(&params, 0, sizeof(params));
3062 wpa_s->reassociate = 0;
3063 wpa_s->eap_expected_failure = 0;
3064 if (bss &&
3065 (!wpas_driver_bss_selection(wpa_s) || wpas_wps_searching(wpa_s))) {
3066#ifdef CONFIG_IEEE80211R
3067 const u8 *ie, *md = NULL;
3068#endif /* CONFIG_IEEE80211R */
3069 wpa_msg(wpa_s, MSG_INFO, "Trying to associate with " MACSTR
3070 " (SSID='%s' freq=%d MHz)", MAC2STR(bss->bssid),
3071 wpa_ssid_txt(bss->ssid, bss->ssid_len), bss->freq);
3072 bssid_changed = !is_zero_ether_addr(wpa_s->bssid);
3073 os_memset(wpa_s->bssid, 0, ETH_ALEN);
3074 os_memcpy(wpa_s->pending_bssid, bss->bssid, ETH_ALEN);
3075 if (bssid_changed)
3076 wpas_notify_bssid_changed(wpa_s);
3077#ifdef CONFIG_IEEE80211R
3078 ie = wpa_bss_get_ie(bss, WLAN_EID_MOBILITY_DOMAIN);
3079 if (ie && ie[1] >= MOBILITY_DOMAIN_ID_LEN)
3080 md = ie + 2;
3081 wpa_sm_set_ft_params(wpa_s->wpa, ie, ie ? 2 + ie[1] : 0);
3082 if (md) {
3083 /* Prepare for the next transition */
3084 wpa_ft_prepare_auth_request(wpa_s->wpa, ie);
3085 }
3086#endif /* CONFIG_IEEE80211R */
3087#ifdef CONFIG_WPS
3088 } else if ((ssid->ssid == NULL || ssid->ssid_len == 0) &&
3089 wpa_s->conf->ap_scan == 2 &&
3090 (ssid->key_mgmt & WPA_KEY_MGMT_WPS)) {
3091 /* Use ap_scan==1 style network selection to find the network
3092 */
3093 wpas_connect_work_done(wpa_s);
3094 wpa_s->scan_req = MANUAL_SCAN_REQ;
3095 wpa_s->reassociate = 1;
3096 wpa_supplicant_req_scan(wpa_s, 0, 0);
3097 return;
3098#endif /* CONFIG_WPS */
3099 } else {
3100 wpa_msg(wpa_s, MSG_INFO, "Trying to associate with SSID '%s'",
3101 wpa_ssid_txt(ssid->ssid, ssid->ssid_len));
3102 if (bss)
3103 os_memcpy(wpa_s->pending_bssid, bss->bssid, ETH_ALEN);
3104 else
3105 os_memset(wpa_s->pending_bssid, 0, ETH_ALEN);
3106 }
3107 if (!wpa_s->pno)
3108 wpa_supplicant_cancel_sched_scan(wpa_s);
3109
3110 wpa_supplicant_cancel_scan(wpa_s);
3111
3112 /* Starting new association, so clear the possibly used WPA IE from the
3113 * previous association. */
3114 wpa_sm_set_assoc_wpa_ie(wpa_s->wpa, NULL, 0);
3115
3116 wpa_ie = wpas_populate_assoc_ies(wpa_s, bss, ssid, &params, NULL);
3117 if (!wpa_ie) {
3118 wpas_connect_work_done(wpa_s);
3119 return;
3120 }
3121
3122 wpa_clear_keys(wpa_s, bss ? bss->bssid : NULL);
3123 use_crypt = 1;
3124 cipher_pairwise = wpa_s->pairwise_cipher;
3125 cipher_group = wpa_s->group_cipher;
3126 cipher_group_mgmt = wpa_s->mgmt_group_cipher;
3127 if (wpa_s->key_mgmt == WPA_KEY_MGMT_NONE ||
3128 wpa_s->key_mgmt == WPA_KEY_MGMT_IEEE8021X_NO_WPA) {
3129 if (wpa_s->key_mgmt == WPA_KEY_MGMT_NONE)
3130 use_crypt = 0;
3131 if (wpa_set_wep_keys(wpa_s, ssid)) {
3132 use_crypt = 1;
3133 wep_keys_set = 1;
3134 }
3135 }
3136 if (wpa_s->key_mgmt == WPA_KEY_MGMT_WPS)
3137 use_crypt = 0;
3138
3139#ifdef IEEE8021X_EAPOL
3140 if (wpa_s->key_mgmt == WPA_KEY_MGMT_IEEE8021X_NO_WPA) {
3141 if ((ssid->eapol_flags &
3142 (EAPOL_FLAG_REQUIRE_KEY_UNICAST |
3143 EAPOL_FLAG_REQUIRE_KEY_BROADCAST)) == 0 &&
3144 !wep_keys_set) {
3145 use_crypt = 0;
3146 } else {
3147 /* Assume that dynamic WEP-104 keys will be used and
3148 * set cipher suites in order for drivers to expect
3149 * encryption. */
3150 cipher_pairwise = cipher_group = WPA_CIPHER_WEP104;
3151 }
3152 }
3153#endif /* IEEE8021X_EAPOL */
3154
3155 if (wpa_s->key_mgmt == WPA_KEY_MGMT_WPA_NONE) {
3156 /* Set the key before (and later after) association */
3157 wpa_supplicant_set_wpa_none_key(wpa_s, ssid);
3158 }
3159
3160 wpa_supplicant_set_state(wpa_s, WPA_ASSOCIATING);
3161 if (bss) {
3162 params.ssid = bss->ssid;
3163 params.ssid_len = bss->ssid_len;
3164 if (!wpas_driver_bss_selection(wpa_s) || ssid->bssid_set ||
3165 wpa_s->key_mgmt == WPA_KEY_MGMT_WPS) {
3166 wpa_printf(MSG_DEBUG, "Limit connection to BSSID "
3167 MACSTR " freq=%u MHz based on scan results "
3168 "(bssid_set=%d wps=%d)",
3169 MAC2STR(bss->bssid), bss->freq,
3170 ssid->bssid_set,
3171 wpa_s->key_mgmt == WPA_KEY_MGMT_WPS);
3172 params.bssid = bss->bssid;
3173 params.freq.freq = bss->freq;
3174 }
3175 params.bssid_hint = bss->bssid;
3176 params.freq_hint = bss->freq;
3177 params.pbss = bss_is_pbss(bss);
3178 } else {
3179 if (ssid->bssid_hint_set)
3180 params.bssid_hint = ssid->bssid_hint;
3181
3182 params.ssid = ssid->ssid;
3183 params.ssid_len = ssid->ssid_len;
3184 params.pbss = (ssid->pbss != 2) ? ssid->pbss : 0;
3185 }
3186
3187 if (ssid->mode == WPAS_MODE_IBSS && ssid->bssid_set &&
3188 wpa_s->conf->ap_scan == 2) {
3189 params.bssid = ssid->bssid;
3190 params.fixed_bssid = 1;
3191 }
3192
3193 /* Initial frequency for IBSS/mesh */
3194 if ((ssid->mode == WPAS_MODE_IBSS || ssid->mode == WPAS_MODE_MESH) &&
3195 ssid->frequency > 0 && params.freq.freq == 0)
3196 ibss_mesh_setup_freq(wpa_s, ssid, &params.freq);
3197
3198 if (ssid->mode == WPAS_MODE_IBSS) {
3199 params.fixed_freq = ssid->fixed_freq;
3200 if (ssid->beacon_int)
3201 params.beacon_int = ssid->beacon_int;
3202 else
3203 params.beacon_int = wpa_s->conf->beacon_int;
3204 }
3205
3206 params.pairwise_suite = cipher_pairwise;
3207 params.group_suite = cipher_group;
3208 params.mgmt_group_suite = cipher_group_mgmt;
3209 params.key_mgmt_suite = wpa_s->key_mgmt;
3210 params.wpa_proto = wpa_s->wpa_proto;
3211 wpa_s->auth_alg = params.auth_alg;
3212 params.mode = ssid->mode;
3213 params.bg_scan_period = ssid->bg_scan_period;
3214 for (i = 0; i < NUM_WEP_KEYS; i++) {
3215 if (ssid->wep_key_len[i])
3216 params.wep_key[i] = ssid->wep_key[i];
3217 params.wep_key_len[i] = ssid->wep_key_len[i];
3218 }
3219 params.wep_tx_keyidx = ssid->wep_tx_keyidx;
3220
3221 if ((wpa_s->drv_flags & WPA_DRIVER_FLAGS_4WAY_HANDSHAKE_PSK) &&
3222 (params.key_mgmt_suite == WPA_KEY_MGMT_PSK ||
3223 params.key_mgmt_suite == WPA_KEY_MGMT_FT_PSK)) {
3224 params.passphrase = ssid->passphrase;
3225 if (ssid->psk_set)
3226 params.psk = ssid->psk;
3227 }
3228
3229 if ((wpa_s->drv_flags & WPA_DRIVER_FLAGS_4WAY_HANDSHAKE_8021X) &&
3230 (params.key_mgmt_suite == WPA_KEY_MGMT_IEEE8021X ||
3231 params.key_mgmt_suite == WPA_KEY_MGMT_IEEE8021X_SHA256 ||
3232 params.key_mgmt_suite == WPA_KEY_MGMT_IEEE8021X_SUITE_B ||
3233 params.key_mgmt_suite == WPA_KEY_MGMT_IEEE8021X_SUITE_B_192))
3234 params.req_handshake_offload = 1;
3235
3236 if (wpa_s->conf->key_mgmt_offload) {
3237 if (params.key_mgmt_suite == WPA_KEY_MGMT_IEEE8021X ||
3238 params.key_mgmt_suite == WPA_KEY_MGMT_IEEE8021X_SHA256 ||
3239 params.key_mgmt_suite == WPA_KEY_MGMT_IEEE8021X_SUITE_B ||
3240 params.key_mgmt_suite == WPA_KEY_MGMT_IEEE8021X_SUITE_B_192)
3241 params.req_key_mgmt_offload =
3242 ssid->proactive_key_caching < 0 ?
3243 wpa_s->conf->okc : ssid->proactive_key_caching;
3244 else
3245 params.req_key_mgmt_offload = 1;
3246
3247 if ((params.key_mgmt_suite == WPA_KEY_MGMT_PSK ||
3248 params.key_mgmt_suite == WPA_KEY_MGMT_PSK_SHA256 ||
3249 params.key_mgmt_suite == WPA_KEY_MGMT_FT_PSK) &&
3250 ssid->psk_set)
3251 params.psk = ssid->psk;
3252 }
3253
3254 params.drop_unencrypted = use_crypt;
3255
3256#ifdef CONFIG_IEEE80211W
3257 params.mgmt_frame_protection = wpas_get_ssid_pmf(wpa_s, ssid);
3258 if (params.mgmt_frame_protection != NO_MGMT_FRAME_PROTECTION && bss) {
3259 const u8 *rsn = wpa_bss_get_ie(bss, WLAN_EID_RSN);
3260 struct wpa_ie_data ie;
3261 if (rsn && wpa_parse_wpa_ie(rsn, 2 + rsn[1], &ie) == 0 &&
3262 ie.capabilities &
3263 (WPA_CAPABILITY_MFPC | WPA_CAPABILITY_MFPR)) {
3264 wpa_dbg(wpa_s, MSG_DEBUG, "WPA: Selected AP supports "
3265 "MFP: require MFP");
3266 params.mgmt_frame_protection =
3267 MGMT_FRAME_PROTECTION_REQUIRED;
3268#ifdef CONFIG_OWE
3269 } else if (!rsn && (ssid->key_mgmt & WPA_KEY_MGMT_OWE) &&
3270 !ssid->owe_only) {
3271 params.mgmt_frame_protection = NO_MGMT_FRAME_PROTECTION;
3272#endif /* CONFIG_OWE */
3273 }
3274 }
3275#endif /* CONFIG_IEEE80211W */
3276
3277 params.p2p = ssid->p2p_group;
3278
3279 if (wpa_s->p2pdev->set_sta_uapsd)
3280 params.uapsd = wpa_s->p2pdev->sta_uapsd;
3281 else
3282 params.uapsd = -1;
3283
3284#ifdef CONFIG_HT_OVERRIDES
3285 os_memset(&htcaps, 0, sizeof(htcaps));
3286 os_memset(&htcaps_mask, 0, sizeof(htcaps_mask));
3287 params.htcaps = (u8 *) &htcaps;
3288 params.htcaps_mask = (u8 *) &htcaps_mask;
3289 wpa_supplicant_apply_ht_overrides(wpa_s, ssid, &params);
3290#endif /* CONFIG_HT_OVERRIDES */
3291#ifdef CONFIG_VHT_OVERRIDES
3292 os_memset(&vhtcaps, 0, sizeof(vhtcaps));
3293 os_memset(&vhtcaps_mask, 0, sizeof(vhtcaps_mask));
3294 params.vhtcaps = &vhtcaps;
3295 params.vhtcaps_mask = &vhtcaps_mask;
3296 wpa_supplicant_apply_vht_overrides(wpa_s, ssid, &params);
3297#endif /* CONFIG_VHT_OVERRIDES */
3298
3299#ifdef CONFIG_P2P
3300 /*
3301 * If multi-channel concurrency is not supported, check for any
3302 * frequency conflict. In case of any frequency conflict, remove the
3303 * least prioritized connection.
3304 */
3305 if (wpa_s->num_multichan_concurrent < 2) {
3306 int freq, num;
3307 num = get_shared_radio_freqs(wpa_s, &freq, 1);
3308 if (num > 0 && freq > 0 && freq != params.freq.freq) {
3309 wpa_printf(MSG_DEBUG,
3310 "Assoc conflicting freq found (%d != %d)",
3311 freq, params.freq.freq);
3312 if (wpas_p2p_handle_frequency_conflicts(
3313 wpa_s, params.freq.freq, ssid) < 0) {
3314 wpas_connect_work_done(wpa_s);
3315 os_free(wpa_ie);
3316 return;
3317 }
3318 }
3319 }
3320#endif /* CONFIG_P2P */
3321
3322 if (wpa_s->reassoc_same_ess && !is_zero_ether_addr(prev_bssid) &&
3323 wpa_s->current_ssid)
3324 params.prev_bssid = prev_bssid;
3325
3326 ret = wpa_drv_associate(wpa_s, &params);
3327 os_free(wpa_ie);
3328 if (ret < 0) {
3329 wpa_msg(wpa_s, MSG_INFO, "Association request to the driver "
3330 "failed");
3331 if (wpa_s->drv_flags & WPA_DRIVER_FLAGS_SANE_ERROR_CODES) {
3332 /*
3333 * The driver is known to mean what is saying, so we
3334 * can stop right here; the association will not
3335 * succeed.
3336 */
3337 wpas_connection_failed(wpa_s, wpa_s->pending_bssid);
3338 wpa_supplicant_set_state(wpa_s, WPA_DISCONNECTED);
3339 os_memset(wpa_s->pending_bssid, 0, ETH_ALEN);
3340 return;
3341 }
3342 /* try to continue anyway; new association will be tried again
3343 * after timeout */
3344 assoc_failed = 1;
3345 }
3346
3347 if (wpa_s->key_mgmt == WPA_KEY_MGMT_WPA_NONE) {
3348 /* Set the key after the association just in case association
3349 * cleared the previously configured key. */
3350 wpa_supplicant_set_wpa_none_key(wpa_s, ssid);
3351 /* No need to timeout authentication since there is no key
3352 * management. */
3353 wpa_supplicant_cancel_auth_timeout(wpa_s);
3354 wpa_supplicant_set_state(wpa_s, WPA_COMPLETED);
3355#ifdef CONFIG_IBSS_RSN
3356 } else if (ssid->mode == WPAS_MODE_IBSS &&
3357 wpa_s->key_mgmt != WPA_KEY_MGMT_NONE &&
3358 wpa_s->key_mgmt != WPA_KEY_MGMT_WPA_NONE) {
3359 /*
3360 * RSN IBSS authentication is per-STA and we can disable the
3361 * per-BSSID authentication.
3362 */
3363 wpa_supplicant_cancel_auth_timeout(wpa_s);
3364#endif /* CONFIG_IBSS_RSN */
3365 } else {
3366 /* Timeout for IEEE 802.11 authentication and association */
3367 int timeout = 60;
3368
3369 if (assoc_failed) {
3370 /* give IBSS a bit more time */
3371 timeout = ssid->mode == WPAS_MODE_IBSS ? 10 : 5;
3372 } else if (wpa_s->conf->ap_scan == 1) {
3373 /* give IBSS a bit more time */
3374 timeout = ssid->mode == WPAS_MODE_IBSS ? 20 : 10;
3375 }
3376 wpa_supplicant_req_auth_timeout(wpa_s, timeout, 0);
3377 }
3378
3379 if (wep_keys_set &&
3380 (wpa_s->drv_flags & WPA_DRIVER_FLAGS_SET_KEYS_AFTER_ASSOC)) {
3381 /* Set static WEP keys again */
3382 wpa_set_wep_keys(wpa_s, ssid);
3383 }
3384
3385 if (wpa_s->current_ssid && wpa_s->current_ssid != ssid) {
3386 /*
3387 * Do not allow EAP session resumption between different
3388 * network configurations.
3389 */
3390 eapol_sm_invalidate_cached_session(wpa_s->eapol);
3391 }
3392 old_ssid = wpa_s->current_ssid;
3393 wpa_s->current_ssid = ssid;
3394
3395 if (!wpas_driver_bss_selection(wpa_s) || ssid->bssid_set) {
3396 wpa_s->current_bss = bss;
3397#ifdef CONFIG_HS20
3398 hs20_configure_frame_filters(wpa_s);
3399#endif /* CONFIG_HS20 */
3400 }
3401
3402 wpa_supplicant_rsn_supp_set_config(wpa_s, wpa_s->current_ssid);
3403 wpa_supplicant_initiate_eapol(wpa_s);
3404 if (old_ssid != wpa_s->current_ssid)
3405 wpas_notify_network_changed(wpa_s);
3406}
3407
3408
3409static void wpa_supplicant_clear_connection(struct wpa_supplicant *wpa_s,
3410 const u8 *addr)
3411{
3412 struct wpa_ssid *old_ssid;
3413
3414 wpas_connect_work_done(wpa_s);
3415 wpa_clear_keys(wpa_s, addr);
3416 old_ssid = wpa_s->current_ssid;
3417 wpa_supplicant_mark_disassoc(wpa_s);
3418 wpa_sm_set_config(wpa_s->wpa, NULL);
3419 eapol_sm_notify_config(wpa_s->eapol, NULL, NULL);
3420 if (old_ssid != wpa_s->current_ssid)
3421 wpas_notify_network_changed(wpa_s);
3422 eloop_cancel_timeout(wpa_supplicant_timeout, wpa_s, NULL);
3423}
3424
3425
3426/**
3427 * wpa_supplicant_deauthenticate - Deauthenticate the current connection
3428 * @wpa_s: Pointer to wpa_supplicant data
3429 * @reason_code: IEEE 802.11 reason code for the deauthenticate frame
3430 *
3431 * This function is used to request %wpa_supplicant to deauthenticate from the
3432 * current AP.
3433 */
3434void wpa_supplicant_deauthenticate(struct wpa_supplicant *wpa_s,
3435 u16 reason_code)
3436{
3437 u8 *addr = NULL;
3438 union wpa_event_data event;
3439 int zero_addr = 0;
3440
3441 wpa_dbg(wpa_s, MSG_DEBUG, "Request to deauthenticate - bssid=" MACSTR
3442 " pending_bssid=" MACSTR " reason=%d (%s) state=%s",
3443 MAC2STR(wpa_s->bssid), MAC2STR(wpa_s->pending_bssid),
3444 reason_code, reason2str(reason_code),
3445 wpa_supplicant_state_txt(wpa_s->wpa_state));
3446
3447 if (!is_zero_ether_addr(wpa_s->pending_bssid) &&
3448 (wpa_s->wpa_state == WPA_AUTHENTICATING ||
3449 wpa_s->wpa_state == WPA_ASSOCIATING))
3450 addr = wpa_s->pending_bssid;
3451 else if (!is_zero_ether_addr(wpa_s->bssid))
3452 addr = wpa_s->bssid;
3453 else if (wpa_s->wpa_state == WPA_ASSOCIATING) {
3454 /*
3455 * When using driver-based BSS selection, we may not know the
3456 * BSSID with which we are currently trying to associate. We
3457 * need to notify the driver of this disconnection even in such
3458 * a case, so use the all zeros address here.
3459 */
3460 addr = wpa_s->bssid;
3461 zero_addr = 1;
3462 }
3463
3464 if (wpa_s->enabled_4addr_mode && wpa_drv_set_4addr_mode(wpa_s, 0) == 0)
3465 wpa_s->enabled_4addr_mode = 0;
3466
3467#ifdef CONFIG_TDLS
3468 wpa_tdls_teardown_peers(wpa_s->wpa);
3469#endif /* CONFIG_TDLS */
3470
3471#ifdef CONFIG_MESH
3472 if (wpa_s->ifmsh) {
3473 struct mesh_conf *mconf;
3474
3475 mconf = wpa_s->ifmsh->mconf;
3476 wpa_msg(wpa_s, MSG_INFO, MESH_GROUP_REMOVED "%s",
3477 wpa_s->ifname);
3478 wpas_notify_mesh_group_removed(wpa_s, mconf->meshid,
3479 mconf->meshid_len, reason_code);
3480 wpa_supplicant_leave_mesh(wpa_s);
3481 }
3482#endif /* CONFIG_MESH */
3483
3484 if (addr) {
3485 wpa_drv_deauthenticate(wpa_s, addr, reason_code);
3486 os_memset(&event, 0, sizeof(event));
3487 event.deauth_info.reason_code = reason_code;
3488 event.deauth_info.locally_generated = 1;
3489 wpa_supplicant_event(wpa_s, EVENT_DEAUTH, &event);
3490 if (zero_addr)
3491 addr = NULL;
3492 }
3493
3494 wpa_supplicant_clear_connection(wpa_s, addr);
3495}
3496
3497static void wpa_supplicant_enable_one_network(struct wpa_supplicant *wpa_s,
3498 struct wpa_ssid *ssid)
3499{
3500 if (!ssid || !ssid->disabled || ssid->disabled == 2)
3501 return;
3502
3503 ssid->disabled = 0;
3504 ssid->owe_transition_bss_select_count = 0;
3505 wpas_clear_temp_disabled(wpa_s, ssid, 1);
3506 wpas_notify_network_enabled_changed(wpa_s, ssid);
3507
3508 /*
3509 * Try to reassociate since there is no current configuration and a new
3510 * network was made available.
3511 */
3512 if (!wpa_s->current_ssid && !wpa_s->disconnected)
3513 wpa_s->reassociate = 1;
3514}
3515
3516
3517/**
3518 * wpa_supplicant_add_network - Add a new network
3519 * @wpa_s: wpa_supplicant structure for a network interface
3520 * Returns: The new network configuration or %NULL if operation failed
3521 *
3522 * This function performs the following operations:
3523 * 1. Adds a new network.
3524 * 2. Send network addition notification.
3525 * 3. Marks the network disabled.
3526 * 4. Set network default parameters.
3527 */
3528struct wpa_ssid * wpa_supplicant_add_network(struct wpa_supplicant *wpa_s)
3529{
3530 struct wpa_ssid *ssid;
3531
3532 ssid = wpa_config_add_network(wpa_s->conf);
3533 if (!ssid)
3534 return NULL;
3535 wpas_notify_network_added(wpa_s, ssid);
3536 ssid->disabled = 1;
3537 wpa_config_set_network_defaults(ssid);
3538
3539 return ssid;
3540}
3541
3542
3543/**
3544 * wpa_supplicant_remove_network - Remove a configured network based on id
3545 * @wpa_s: wpa_supplicant structure for a network interface
3546 * @id: Unique network id to search for
3547 * Returns: 0 on success, or -1 if the network was not found, -2 if the network
3548 * could not be removed
3549 *
3550 * This function performs the following operations:
3551 * 1. Removes the network.
3552 * 2. Send network removal notification.
3553 * 3. Update internal state machines.
3554 * 4. Stop any running sched scans.
3555 */
3556int wpa_supplicant_remove_network(struct wpa_supplicant *wpa_s, int id)
3557{
3558 struct wpa_ssid *ssid;
3559 int was_disabled;
3560
3561 ssid = wpa_config_get_network(wpa_s->conf, id);
3562 if (!ssid)
3563 return -1;
3564 wpas_notify_network_removed(wpa_s, ssid);
3565
3566 if (wpa_s->last_ssid == ssid)
3567 wpa_s->last_ssid = NULL;
3568
3569 if (ssid == wpa_s->current_ssid || !wpa_s->current_ssid) {
3570#ifdef CONFIG_SME
3571 wpa_s->sme.prev_bssid_set = 0;
3572#endif /* CONFIG_SME */
3573 /*
3574 * Invalidate the EAP session cache if the current or
3575 * previously used network is removed.
3576 */
3577 eapol_sm_invalidate_cached_session(wpa_s->eapol);
3578 }
3579
3580 if (ssid == wpa_s->current_ssid) {
3581 wpa_sm_set_config(wpa_s->wpa, NULL);
3582 eapol_sm_notify_config(wpa_s->eapol, NULL, NULL);
3583
3584 if (wpa_s->wpa_state >= WPA_AUTHENTICATING)
3585 wpa_s->own_disconnect_req = 1;
3586 wpa_supplicant_deauthenticate(wpa_s,
3587 WLAN_REASON_DEAUTH_LEAVING);
3588 }
3589
3590 was_disabled = ssid->disabled;
3591
3592 if (wpa_config_remove_network(wpa_s->conf, id) < 0)
3593 return -2;
3594
3595 if (!was_disabled && wpa_s->sched_scanning) {
3596 wpa_printf(MSG_DEBUG,
3597 "Stop ongoing sched_scan to remove network from filters");
3598 wpa_supplicant_cancel_sched_scan(wpa_s);
3599 wpa_supplicant_req_scan(wpa_s, 0, 0);
3600 }
3601
3602 return 0;
3603}
3604
3605
3606/**
3607 * wpa_supplicant_enable_network - Mark a configured network as enabled
3608 * @wpa_s: wpa_supplicant structure for a network interface
3609 * @ssid: wpa_ssid structure for a configured network or %NULL
3610 *
3611 * Enables the specified network or all networks if no network specified.
3612 */
3613void wpa_supplicant_enable_network(struct wpa_supplicant *wpa_s,
3614 struct wpa_ssid *ssid)
3615{
3616 if (ssid == NULL) {
3617 for (ssid = wpa_s->conf->ssid; ssid; ssid = ssid->next)
3618 wpa_supplicant_enable_one_network(wpa_s, ssid);
3619 } else
3620 wpa_supplicant_enable_one_network(wpa_s, ssid);
3621
3622 if (wpa_s->reassociate && !wpa_s->disconnected &&
3623 (!wpa_s->current_ssid ||
3624 wpa_s->wpa_state == WPA_DISCONNECTED ||
3625 wpa_s->wpa_state == WPA_SCANNING)) {
3626 if (wpa_s->sched_scanning) {
3627 wpa_printf(MSG_DEBUG, "Stop ongoing sched_scan to add "
3628 "new network to scan filters");
3629 wpa_supplicant_cancel_sched_scan(wpa_s);
3630 }
3631
3632 if (wpa_supplicant_fast_associate(wpa_s) != 1) {
3633 wpa_s->scan_req = NORMAL_SCAN_REQ;
3634 wpa_supplicant_req_scan(wpa_s, 0, 0);
3635 }
3636 }
3637}
3638
3639
3640/**
3641 * wpa_supplicant_disable_network - Mark a configured network as disabled
3642 * @wpa_s: wpa_supplicant structure for a network interface
3643 * @ssid: wpa_ssid structure for a configured network or %NULL
3644 *
3645 * Disables the specified network or all networks if no network specified.
3646 */
3647void wpa_supplicant_disable_network(struct wpa_supplicant *wpa_s,
3648 struct wpa_ssid *ssid)
3649{
3650 struct wpa_ssid *other_ssid;
3651 int was_disabled;
3652
3653 if (ssid == NULL) {
3654 if (wpa_s->sched_scanning)
3655 wpa_supplicant_cancel_sched_scan(wpa_s);
3656
3657 for (other_ssid = wpa_s->conf->ssid; other_ssid;
3658 other_ssid = other_ssid->next) {
3659 was_disabled = other_ssid->disabled;
3660 if (was_disabled == 2)
3661 continue; /* do not change persistent P2P group
3662 * data */
3663
3664 other_ssid->disabled = 1;
3665
3666 if (was_disabled != other_ssid->disabled)
3667 wpas_notify_network_enabled_changed(
3668 wpa_s, other_ssid);
3669 }
3670 if (wpa_s->current_ssid) {
3671 if (wpa_s->wpa_state >= WPA_AUTHENTICATING)
3672 wpa_s->own_disconnect_req = 1;
3673 wpa_supplicant_deauthenticate(
3674 wpa_s, WLAN_REASON_DEAUTH_LEAVING);
3675 }
3676 } else if (ssid->disabled != 2) {
3677 if (ssid == wpa_s->current_ssid) {
3678 if (wpa_s->wpa_state >= WPA_AUTHENTICATING)
3679 wpa_s->own_disconnect_req = 1;
3680 wpa_supplicant_deauthenticate(
3681 wpa_s, WLAN_REASON_DEAUTH_LEAVING);
3682 }
3683
3684 was_disabled = ssid->disabled;
3685
3686 ssid->disabled = 1;
3687
3688 if (was_disabled != ssid->disabled) {
3689 wpas_notify_network_enabled_changed(wpa_s, ssid);
3690 if (wpa_s->sched_scanning) {
3691 wpa_printf(MSG_DEBUG, "Stop ongoing sched_scan "
3692 "to remove network from filters");
3693 wpa_supplicant_cancel_sched_scan(wpa_s);
3694 wpa_supplicant_req_scan(wpa_s, 0, 0);
3695 }
3696 }
3697 }
3698}
3699
3700
3701/**
3702 * wpa_supplicant_select_network - Attempt association with a network
3703 * @wpa_s: wpa_supplicant structure for a network interface
3704 * @ssid: wpa_ssid structure for a configured network or %NULL for any network
3705 */
3706void wpa_supplicant_select_network(struct wpa_supplicant *wpa_s,
3707 struct wpa_ssid *ssid)
3708{
3709
3710 struct wpa_ssid *other_ssid;
3711 int disconnected = 0;
3712
3713 if (ssid && ssid != wpa_s->current_ssid && wpa_s->current_ssid) {
3714 if (wpa_s->wpa_state >= WPA_AUTHENTICATING)
3715 wpa_s->own_disconnect_req = 1;
3716 wpa_supplicant_deauthenticate(
3717 wpa_s, WLAN_REASON_DEAUTH_LEAVING);
3718 disconnected = 1;
3719 }
3720
3721 if (ssid)
3722 wpas_clear_temp_disabled(wpa_s, ssid, 1);
3723
3724 /*
3725 * Mark all other networks disabled or mark all networks enabled if no
3726 * network specified.
3727 */
3728 for (other_ssid = wpa_s->conf->ssid; other_ssid;
3729 other_ssid = other_ssid->next) {
3730 int was_disabled = other_ssid->disabled;
3731 if (was_disabled == 2)
3732 continue; /* do not change persistent P2P group data */
3733
3734 other_ssid->disabled = ssid ? (ssid->id != other_ssid->id) : 0;
3735 if (was_disabled && !other_ssid->disabled)
3736 wpas_clear_temp_disabled(wpa_s, other_ssid, 0);
3737
3738 if (was_disabled != other_ssid->disabled)
3739 wpas_notify_network_enabled_changed(wpa_s, other_ssid);
3740 }
3741
3742 if (ssid && ssid == wpa_s->current_ssid && wpa_s->current_ssid &&
3743 wpa_s->wpa_state >= WPA_AUTHENTICATING) {
3744 /* We are already associated with the selected network */
3745 wpa_printf(MSG_DEBUG, "Already associated with the "
3746 "selected network - do nothing");
3747 return;
3748 }
3749
3750 if (ssid) {
3751 wpa_s->current_ssid = ssid;
3752 eapol_sm_notify_config(wpa_s->eapol, NULL, NULL);
3753 wpa_s->connect_without_scan =
3754 (ssid->mode == WPAS_MODE_MESH) ? ssid : NULL;
3755
3756 /*
3757 * Don't optimize next scan freqs since a new ESS has been
3758 * selected.
3759 */
3760 os_free(wpa_s->next_scan_freqs);
3761 wpa_s->next_scan_freqs = NULL;
3762 } else {
3763 wpa_s->connect_without_scan = NULL;
3764 }
3765
3766 wpa_s->disconnected = 0;
3767 wpa_s->reassociate = 1;
3768 wpa_s->last_owe_group = 0;
3769 if (ssid)
3770 ssid->owe_transition_bss_select_count = 0;
3771
3772 if (wpa_s->connect_without_scan ||
3773 wpa_supplicant_fast_associate(wpa_s) != 1) {
3774 wpa_s->scan_req = NORMAL_SCAN_REQ;
3775 wpas_scan_reset_sched_scan(wpa_s);
3776 wpa_supplicant_req_scan(wpa_s, 0, disconnected ? 100000 : 0);
3777 }
3778
3779 if (ssid)
3780 wpas_notify_network_selected(wpa_s, ssid);
3781}
3782
3783
3784/**
3785 * wpas_set_pkcs11_engine_and_module_path - Set PKCS #11 engine and module path
3786 * @wpa_s: wpa_supplicant structure for a network interface
3787 * @pkcs11_engine_path: PKCS #11 engine path or NULL
3788 * @pkcs11_module_path: PKCS #11 module path or NULL
3789 * Returns: 0 on success; -1 on failure
3790 *
3791 * Sets the PKCS #11 engine and module path. Both have to be NULL or a valid
3792 * path. If resetting the EAPOL state machine with the new PKCS #11 engine and
3793 * module path fails the paths will be reset to the default value (NULL).
3794 */
3795int wpas_set_pkcs11_engine_and_module_path(struct wpa_supplicant *wpa_s,
3796 const char *pkcs11_engine_path,
3797 const char *pkcs11_module_path)
3798{
3799 char *pkcs11_engine_path_copy = NULL;
3800 char *pkcs11_module_path_copy = NULL;
3801
3802 if (pkcs11_engine_path != NULL) {
3803 pkcs11_engine_path_copy = os_strdup(pkcs11_engine_path);
3804 if (pkcs11_engine_path_copy == NULL)
3805 return -1;
3806 }
3807 if (pkcs11_module_path != NULL) {
3808 pkcs11_module_path_copy = os_strdup(pkcs11_module_path);
3809 if (pkcs11_module_path_copy == NULL) {
3810 os_free(pkcs11_engine_path_copy);
3811 return -1;
3812 }
3813 }
3814
3815 os_free(wpa_s->conf->pkcs11_engine_path);
3816 os_free(wpa_s->conf->pkcs11_module_path);
3817 wpa_s->conf->pkcs11_engine_path = pkcs11_engine_path_copy;
3818 wpa_s->conf->pkcs11_module_path = pkcs11_module_path_copy;
3819
3820 wpa_sm_set_eapol(wpa_s->wpa, NULL);
3821 eapol_sm_deinit(wpa_s->eapol);
3822 wpa_s->eapol = NULL;
3823 if (wpa_supplicant_init_eapol(wpa_s)) {
3824 /* Error -> Reset paths to the default value (NULL) once. */
3825 if (pkcs11_engine_path != NULL && pkcs11_module_path != NULL)
3826 wpas_set_pkcs11_engine_and_module_path(wpa_s, NULL,
3827 NULL);
3828
3829 return -1;
3830 }
3831 wpa_sm_set_eapol(wpa_s->wpa, wpa_s->eapol);
3832
3833 return 0;
3834}
3835
3836
3837/**
3838 * wpa_supplicant_set_ap_scan - Set AP scan mode for interface
3839 * @wpa_s: wpa_supplicant structure for a network interface
3840 * @ap_scan: AP scan mode
3841 * Returns: 0 if succeed or -1 if ap_scan has an invalid value
3842 *
3843 */
3844int wpa_supplicant_set_ap_scan(struct wpa_supplicant *wpa_s, int ap_scan)
3845{
3846
3847 int old_ap_scan;
3848
3849 if (ap_scan < 0 || ap_scan > 2)
3850 return -1;
3851
3852 if (ap_scan == 2 && os_strcmp(wpa_s->driver->name, "nl80211") == 0) {
3853 wpa_printf(MSG_INFO,
3854 "Note: nl80211 driver interface is not designed to be used with ap_scan=2; this can result in connection failures");
3855 }
3856
3857#ifdef ANDROID
3858 if (ap_scan == 2 && ap_scan != wpa_s->conf->ap_scan &&
3859 wpa_s->wpa_state >= WPA_ASSOCIATING &&
3860 wpa_s->wpa_state < WPA_COMPLETED) {
3861 wpa_printf(MSG_ERROR, "ap_scan = %d (%d) rejected while "
3862 "associating", wpa_s->conf->ap_scan, ap_scan);
3863 return 0;
3864 }
3865#endif /* ANDROID */
3866
3867 old_ap_scan = wpa_s->conf->ap_scan;
3868 wpa_s->conf->ap_scan = ap_scan;
3869
3870 if (old_ap_scan != wpa_s->conf->ap_scan)
3871 wpas_notify_ap_scan_changed(wpa_s);
3872
3873 return 0;
3874}
3875
3876
3877/**
3878 * wpa_supplicant_set_bss_expiration_age - Set BSS entry expiration age
3879 * @wpa_s: wpa_supplicant structure for a network interface
3880 * @expire_age: Expiration age in seconds
3881 * Returns: 0 if succeed or -1 if expire_age has an invalid value
3882 *
3883 */
3884int wpa_supplicant_set_bss_expiration_age(struct wpa_supplicant *wpa_s,
3885 unsigned int bss_expire_age)
3886{
3887 if (bss_expire_age < 10) {
3888 wpa_msg(wpa_s, MSG_ERROR, "Invalid bss expiration age %u",
3889 bss_expire_age);
3890 return -1;
3891 }
3892 wpa_msg(wpa_s, MSG_DEBUG, "Setting bss expiration age: %d sec",
3893 bss_expire_age);
3894 wpa_s->conf->bss_expiration_age = bss_expire_age;
3895
3896 return 0;
3897}
3898
3899
3900/**
3901 * wpa_supplicant_set_bss_expiration_count - Set BSS entry expiration scan count
3902 * @wpa_s: wpa_supplicant structure for a network interface
3903 * @expire_count: number of scans after which an unseen BSS is reclaimed
3904 * Returns: 0 if succeed or -1 if expire_count has an invalid value
3905 *
3906 */
3907int wpa_supplicant_set_bss_expiration_count(struct wpa_supplicant *wpa_s,
3908 unsigned int bss_expire_count)
3909{
3910 if (bss_expire_count < 1) {
3911 wpa_msg(wpa_s, MSG_ERROR, "Invalid bss expiration count %u",
3912 bss_expire_count);
3913 return -1;
3914 }
3915 wpa_msg(wpa_s, MSG_DEBUG, "Setting bss expiration scan count: %u",
3916 bss_expire_count);
3917 wpa_s->conf->bss_expiration_scan_count = bss_expire_count;
3918
3919 return 0;
3920}
3921
3922
3923/**
3924 * wpa_supplicant_set_scan_interval - Set scan interval
3925 * @wpa_s: wpa_supplicant structure for a network interface
3926 * @scan_interval: scan interval in seconds
3927 * Returns: 0 if succeed or -1 if scan_interval has an invalid value
3928 *
3929 */
3930int wpa_supplicant_set_scan_interval(struct wpa_supplicant *wpa_s,
3931 int scan_interval)
3932{
3933 if (scan_interval < 0) {
3934 wpa_msg(wpa_s, MSG_ERROR, "Invalid scan interval %d",
3935 scan_interval);
3936 return -1;
3937 }
3938 wpa_msg(wpa_s, MSG_DEBUG, "Setting scan interval: %d sec",
3939 scan_interval);
3940 wpa_supplicant_update_scan_int(wpa_s, scan_interval);
3941
3942 return 0;
3943}
3944
3945
3946/**
3947 * wpa_supplicant_set_debug_params - Set global debug params
3948 * @global: wpa_global structure
3949 * @debug_level: debug level
3950 * @debug_timestamp: determines if show timestamp in debug data
3951 * @debug_show_keys: determines if show keys in debug data
3952 * Returns: 0 if succeed or -1 if debug_level has wrong value
3953 */
3954int wpa_supplicant_set_debug_params(struct wpa_global *global, int debug_level,
3955 int debug_timestamp, int debug_show_keys)
3956{
3957
3958 int old_level, old_timestamp, old_show_keys;
3959
3960 /* check for allowed debuglevels */
3961 if (debug_level != MSG_EXCESSIVE &&
3962 debug_level != MSG_MSGDUMP &&
3963 debug_level != MSG_DEBUG &&
3964 debug_level != MSG_INFO &&
3965 debug_level != MSG_WARNING &&
3966 debug_level != MSG_ERROR)
3967 return -1;
3968
3969 old_level = wpa_debug_level;
3970 old_timestamp = wpa_debug_timestamp;
3971 old_show_keys = wpa_debug_show_keys;
3972
3973 wpa_debug_level = debug_level;
3974 wpa_debug_timestamp = debug_timestamp ? 1 : 0;
3975 wpa_debug_show_keys = debug_show_keys ? 1 : 0;
3976
3977 if (wpa_debug_level != old_level)
3978 wpas_notify_debug_level_changed(global);
3979 if (wpa_debug_timestamp != old_timestamp)
3980 wpas_notify_debug_timestamp_changed(global);
3981 if (wpa_debug_show_keys != old_show_keys)
3982 wpas_notify_debug_show_keys_changed(global);
3983
3984 return 0;
3985}
3986
3987
3988#ifdef CONFIG_OWE
3989static int owe_trans_ssid_match(struct wpa_supplicant *wpa_s, const u8 *bssid,
3990 const u8 *entry_ssid, size_t entry_ssid_len)
3991{
3992 const u8 *owe, *pos, *end;
3993 u8 ssid_len;
3994 struct wpa_bss *bss;
3995
3996 /* Check network profile SSID aganst the SSID in the
3997 * OWE Transition Mode element. */
3998
3999 bss = wpa_bss_get_bssid_latest(wpa_s, bssid);
4000 if (!bss)
4001 return 0;
4002
4003 owe = wpa_bss_get_vendor_ie(bss, OWE_IE_VENDOR_TYPE);
4004 if (!owe)
4005 return 0;
4006
4007 pos = owe + 6;
4008 end = owe + 2 + owe[1];
4009
4010 if (end - pos < ETH_ALEN + 1)
4011 return 0;
4012 pos += ETH_ALEN;
4013 ssid_len = *pos++;
4014 if (end - pos < ssid_len || ssid_len > SSID_MAX_LEN)
4015 return 0;
4016
4017 return entry_ssid_len == ssid_len &&
4018 os_memcmp(pos, entry_ssid, ssid_len) == 0;
4019}
4020#endif /* CONFIG_OWE */
4021
4022
4023/**
4024 * wpa_supplicant_get_ssid - Get a pointer to the current network structure
4025 * @wpa_s: Pointer to wpa_supplicant data
4026 * Returns: A pointer to the current network structure or %NULL on failure
4027 */
4028struct wpa_ssid * wpa_supplicant_get_ssid(struct wpa_supplicant *wpa_s)
4029{
4030 struct wpa_ssid *entry;
4031 u8 ssid[SSID_MAX_LEN];
4032 int res;
4033 size_t ssid_len;
4034 u8 bssid[ETH_ALEN];
4035 int wired;
4036
4037 res = wpa_drv_get_ssid(wpa_s, ssid);
4038 if (res < 0) {
4039 wpa_msg(wpa_s, MSG_WARNING, "Could not read SSID from "
4040 "driver");
4041 return NULL;
4042 }
4043 ssid_len = res;
4044
4045 if (wpa_drv_get_bssid(wpa_s, bssid) < 0) {
4046 wpa_msg(wpa_s, MSG_WARNING, "Could not read BSSID from "
4047 "driver");
4048 return NULL;
4049 }
4050
4051 wired = wpa_s->conf->ap_scan == 0 &&
4052 (wpa_s->drv_flags & WPA_DRIVER_FLAGS_WIRED);
4053
4054 entry = wpa_s->conf->ssid;
4055 while (entry) {
4056 if (!wpas_network_disabled(wpa_s, entry) &&
4057 ((ssid_len == entry->ssid_len &&
4058 (!entry->ssid ||
4059 os_memcmp(ssid, entry->ssid, ssid_len) == 0)) ||
4060 wired) &&
4061 (!entry->bssid_set ||
4062 os_memcmp(bssid, entry->bssid, ETH_ALEN) == 0))
4063 return entry;
4064#ifdef CONFIG_WPS
4065 if (!wpas_network_disabled(wpa_s, entry) &&
4066 (entry->key_mgmt & WPA_KEY_MGMT_WPS) &&
4067 (entry->ssid == NULL || entry->ssid_len == 0) &&
4068 (!entry->bssid_set ||
4069 os_memcmp(bssid, entry->bssid, ETH_ALEN) == 0))
4070 return entry;
4071#endif /* CONFIG_WPS */
4072
4073#ifdef CONFIG_OWE
4074 if (!wpas_network_disabled(wpa_s, entry) &&
4075 owe_trans_ssid_match(wpa_s, bssid, entry->ssid,
4076 entry->ssid_len) &&
4077 (!entry->bssid_set ||
4078 os_memcmp(bssid, entry->bssid, ETH_ALEN) == 0))
4079 return entry;
4080#endif /* CONFIG_OWE */
4081
4082 if (!wpas_network_disabled(wpa_s, entry) && entry->bssid_set &&
4083 entry->ssid_len == 0 &&
4084 os_memcmp(bssid, entry->bssid, ETH_ALEN) == 0)
4085 return entry;
4086
4087 entry = entry->next;
4088 }
4089
4090 return NULL;
4091}
4092
4093
4094static int select_driver(struct wpa_supplicant *wpa_s, int i)
4095{
4096 struct wpa_global *global = wpa_s->global;
4097
4098 if (wpa_drivers[i]->global_init && global->drv_priv[i] == NULL) {
4099 global->drv_priv[i] = wpa_drivers[i]->global_init(global);
4100 if (global->drv_priv[i] == NULL) {
4101 wpa_printf(MSG_ERROR, "Failed to initialize driver "
4102 "'%s'", wpa_drivers[i]->name);
4103 return -1;
4104 }
4105 }
4106
4107 wpa_s->driver = wpa_drivers[i];
4108 wpa_s->global_drv_priv = global->drv_priv[i];
4109
4110 return 0;
4111}
4112
4113
4114static int wpa_supplicant_set_driver(struct wpa_supplicant *wpa_s,
4115 const char *name)
4116{
4117 int i;
4118 size_t len;
4119 const char *pos, *driver = name;
4120
4121 if (wpa_s == NULL)
4122 return -1;
4123
4124 if (wpa_drivers[0] == NULL) {
4125 wpa_msg(wpa_s, MSG_ERROR, "No driver interfaces build into "
4126 "wpa_supplicant");
4127 return -1;
4128 }
4129
4130 if (name == NULL) {
4131 /* default to first driver in the list */
4132 return select_driver(wpa_s, 0);
4133 }
4134
4135 do {
4136 pos = os_strchr(driver, ',');
4137 if (pos)
4138 len = pos - driver;
4139 else
4140 len = os_strlen(driver);
4141
4142 for (i = 0; wpa_drivers[i]; i++) {
4143 if (os_strlen(wpa_drivers[i]->name) == len &&
4144 os_strncmp(driver, wpa_drivers[i]->name, len) ==
4145 0) {
4146 /* First driver that succeeds wins */
4147 if (select_driver(wpa_s, i) == 0)
4148 return 0;
4149 }
4150 }
4151
4152 driver = pos + 1;
4153 } while (pos);
4154
4155 wpa_msg(wpa_s, MSG_ERROR, "Unsupported driver '%s'", name);
4156 return -1;
4157}
4158
4159
4160/**
4161 * wpa_supplicant_rx_eapol - Deliver a received EAPOL frame to wpa_supplicant
4162 * @ctx: Context pointer (wpa_s); this is the ctx variable registered
4163 * with struct wpa_driver_ops::init()
4164 * @src_addr: Source address of the EAPOL frame
4165 * @buf: EAPOL data starting from the EAPOL header (i.e., no Ethernet header)
4166 * @len: Length of the EAPOL data
4167 *
4168 * This function is called for each received EAPOL frame. Most driver
4169 * interfaces rely on more generic OS mechanism for receiving frames through
4170 * l2_packet, but if such a mechanism is not available, the driver wrapper may
4171 * take care of received EAPOL frames and deliver them to the core supplicant
4172 * code by calling this function.
4173 */
4174void wpa_supplicant_rx_eapol(void *ctx, const u8 *src_addr,
4175 const u8 *buf, size_t len)
4176{
4177 struct wpa_supplicant *wpa_s = ctx;
4178
4179 wpa_dbg(wpa_s, MSG_DEBUG, "RX EAPOL from " MACSTR, MAC2STR(src_addr));
4180 wpa_hexdump(MSG_MSGDUMP, "RX EAPOL", buf, len);
4181
4182#ifdef CONFIG_TESTING_OPTIONS
4183 if (wpa_s->ignore_auth_resp) {
4184 wpa_printf(MSG_INFO, "RX EAPOL - ignore_auth_resp active!");
4185 return;
4186 }
4187#endif /* CONFIG_TESTING_OPTIONS */
4188
4189 if (wpa_s->wpa_state < WPA_ASSOCIATED ||
4190 (wpa_s->last_eapol_matches_bssid &&
4191#ifdef CONFIG_AP
4192 !wpa_s->ap_iface &&
4193#endif /* CONFIG_AP */
4194 os_memcmp(src_addr, wpa_s->bssid, ETH_ALEN) != 0)) {
4195 /*
4196 * There is possible race condition between receiving the
4197 * association event and the EAPOL frame since they are coming
4198 * through different paths from the driver. In order to avoid
4199 * issues in trying to process the EAPOL frame before receiving
4200 * association information, lets queue it for processing until
4201 * the association event is received. This may also be needed in
4202 * driver-based roaming case, so also use src_addr != BSSID as a
4203 * trigger if we have previously confirmed that the
4204 * Authenticator uses BSSID as the src_addr (which is not the
4205 * case with wired IEEE 802.1X).
4206 */
4207 wpa_dbg(wpa_s, MSG_DEBUG, "Not associated - Delay processing "
4208 "of received EAPOL frame (state=%s bssid=" MACSTR ")",
4209 wpa_supplicant_state_txt(wpa_s->wpa_state),
4210 MAC2STR(wpa_s->bssid));
4211 wpabuf_free(wpa_s->pending_eapol_rx);
4212 wpa_s->pending_eapol_rx = wpabuf_alloc_copy(buf, len);
4213 if (wpa_s->pending_eapol_rx) {
4214 os_get_reltime(&wpa_s->pending_eapol_rx_time);
4215 os_memcpy(wpa_s->pending_eapol_rx_src, src_addr,
4216 ETH_ALEN);
4217 }
4218 return;
4219 }
4220
4221 wpa_s->last_eapol_matches_bssid =
4222 os_memcmp(src_addr, wpa_s->bssid, ETH_ALEN) == 0;
4223
4224#ifdef CONFIG_AP
4225 if (wpa_s->ap_iface) {
4226 wpa_supplicant_ap_rx_eapol(wpa_s, src_addr, buf, len);
4227 return;
4228 }
4229#endif /* CONFIG_AP */
4230
4231 if (wpa_s->key_mgmt == WPA_KEY_MGMT_NONE) {
4232 wpa_dbg(wpa_s, MSG_DEBUG, "Ignored received EAPOL frame since "
4233 "no key management is configured");
4234 return;
4235 }
4236
4237 if (wpa_s->eapol_received == 0 &&
4238 (!(wpa_s->drv_flags & WPA_DRIVER_FLAGS_4WAY_HANDSHAKE_PSK) ||
4239 !wpa_key_mgmt_wpa_psk(wpa_s->key_mgmt) ||
4240 wpa_s->wpa_state != WPA_COMPLETED) &&
4241 (wpa_s->current_ssid == NULL ||
4242 wpa_s->current_ssid->mode != WPAS_MODE_IBSS)) {
4243 /* Timeout for completing IEEE 802.1X and WPA authentication */
4244 int timeout = 10;
4245
4246 if (wpa_key_mgmt_wpa_ieee8021x(wpa_s->key_mgmt) ||
4247 wpa_s->key_mgmt == WPA_KEY_MGMT_IEEE8021X_NO_WPA ||
4248 wpa_s->key_mgmt == WPA_KEY_MGMT_WPS) {
4249 /* Use longer timeout for IEEE 802.1X/EAP */
4250 timeout = 70;
4251 }
4252
4253#ifdef CONFIG_WPS
4254 if (wpa_s->current_ssid && wpa_s->current_bss &&
4255 (wpa_s->current_ssid->key_mgmt & WPA_KEY_MGMT_WPS) &&
4256 eap_is_wps_pin_enrollee(&wpa_s->current_ssid->eap)) {
4257 /*
4258 * Use shorter timeout if going through WPS AP iteration
4259 * for PIN config method with an AP that does not
4260 * advertise Selected Registrar.
4261 */
4262 struct wpabuf *wps_ie;
4263
4264 wps_ie = wpa_bss_get_vendor_ie_multi(
4265 wpa_s->current_bss, WPS_IE_VENDOR_TYPE);
4266 if (wps_ie &&
4267 !wps_is_addr_authorized(wps_ie, wpa_s->own_addr, 1))
4268 timeout = 10;
4269 wpabuf_free(wps_ie);
4270 }
4271#endif /* CONFIG_WPS */
4272
4273 wpa_supplicant_req_auth_timeout(wpa_s, timeout, 0);
4274 }
4275 wpa_s->eapol_received++;
4276
4277 if (wpa_s->countermeasures) {
4278 wpa_msg(wpa_s, MSG_INFO, "WPA: Countermeasures - dropped "
4279 "EAPOL packet");
4280 return;
4281 }
4282
4283#ifdef CONFIG_IBSS_RSN
4284 if (wpa_s->current_ssid &&
4285 wpa_s->current_ssid->mode == WPAS_MODE_IBSS) {
4286 ibss_rsn_rx_eapol(wpa_s->ibss_rsn, src_addr, buf, len);
4287 return;
4288 }
4289#endif /* CONFIG_IBSS_RSN */
4290
4291 /* Source address of the incoming EAPOL frame could be compared to the
4292 * current BSSID. However, it is possible that a centralized
4293 * Authenticator could be using another MAC address than the BSSID of
4294 * an AP, so just allow any address to be used for now. The replies are
4295 * still sent to the current BSSID (if available), though. */
4296
4297 os_memcpy(wpa_s->last_eapol_src, src_addr, ETH_ALEN);
4298 if (!wpa_key_mgmt_wpa_psk(wpa_s->key_mgmt) &&
4299 wpa_s->key_mgmt != WPA_KEY_MGMT_OWE &&
4300 wpa_s->key_mgmt != WPA_KEY_MGMT_DPP &&
4301 eapol_sm_rx_eapol(wpa_s->eapol, src_addr, buf, len) > 0)
4302 return;
4303 wpa_drv_poll(wpa_s);
4304 if (!(wpa_s->drv_flags & WPA_DRIVER_FLAGS_4WAY_HANDSHAKE_PSK))
4305 wpa_sm_rx_eapol(wpa_s->wpa, src_addr, buf, len);
4306 else if (wpa_key_mgmt_wpa_ieee8021x(wpa_s->key_mgmt)) {
4307 /*
4308 * Set portValid = TRUE here since we are going to skip 4-way
4309 * handshake processing which would normally set portValid. We
4310 * need this to allow the EAPOL state machines to be completed
4311 * without going through EAPOL-Key handshake.
4312 */
4313 eapol_sm_notify_portValid(wpa_s->eapol, TRUE);
4314 }
4315}
4316
4317
4318int wpa_supplicant_update_mac_addr(struct wpa_supplicant *wpa_s)
4319{
4320 if ((!wpa_s->p2p_mgmt ||
4321 !(wpa_s->drv_flags & WPA_DRIVER_FLAGS_DEDICATED_P2P_DEVICE)) &&
4322 !(wpa_s->drv_flags & WPA_DRIVER_FLAGS_P2P_DEDICATED_INTERFACE)) {
4323 l2_packet_deinit(wpa_s->l2);
4324 wpa_s->l2 = l2_packet_init(wpa_s->ifname,
4325 wpa_drv_get_mac_addr(wpa_s),
4326 ETH_P_EAPOL,
4327 wpa_supplicant_rx_eapol, wpa_s, 0);
4328 if (wpa_s->l2 == NULL)
4329 return -1;
4330
4331 if (l2_packet_set_packet_filter(wpa_s->l2,
4332 L2_PACKET_FILTER_PKTTYPE))
4333 wpa_dbg(wpa_s, MSG_DEBUG,
4334 "Failed to attach pkt_type filter");
4335 } else {
4336 const u8 *addr = wpa_drv_get_mac_addr(wpa_s);
4337 if (addr)
4338 os_memcpy(wpa_s->own_addr, addr, ETH_ALEN);
4339 }
4340
4341 if (wpa_s->l2 && l2_packet_get_own_addr(wpa_s->l2, wpa_s->own_addr)) {
4342 wpa_msg(wpa_s, MSG_ERROR, "Failed to get own L2 address");
4343 return -1;
4344 }
4345
4346 wpa_sm_set_own_addr(wpa_s->wpa, wpa_s->own_addr);
4347
4348 return 0;
4349}
4350
4351
4352static void wpa_supplicant_rx_eapol_bridge(void *ctx, const u8 *src_addr,
4353 const u8 *buf, size_t len)
4354{
4355 struct wpa_supplicant *wpa_s = ctx;
4356 const struct l2_ethhdr *eth;
4357
4358 if (len < sizeof(*eth))
4359 return;
4360 eth = (const struct l2_ethhdr *) buf;
4361
4362 if (os_memcmp(eth->h_dest, wpa_s->own_addr, ETH_ALEN) != 0 &&
4363 !(eth->h_dest[0] & 0x01)) {
4364 wpa_dbg(wpa_s, MSG_DEBUG, "RX EAPOL from " MACSTR " to " MACSTR
4365 " (bridge - not for this interface - ignore)",
4366 MAC2STR(src_addr), MAC2STR(eth->h_dest));
4367 return;
4368 }
4369
4370 wpa_dbg(wpa_s, MSG_DEBUG, "RX EAPOL from " MACSTR " to " MACSTR
4371 " (bridge)", MAC2STR(src_addr), MAC2STR(eth->h_dest));
4372 wpa_supplicant_rx_eapol(wpa_s, src_addr, buf + sizeof(*eth),
4373 len - sizeof(*eth));
4374}
4375
4376
4377/**
4378 * wpa_supplicant_driver_init - Initialize driver interface parameters
4379 * @wpa_s: Pointer to wpa_supplicant data
4380 * Returns: 0 on success, -1 on failure
4381 *
4382 * This function is called to initialize driver interface parameters.
4383 * wpa_drv_init() must have been called before this function to initialize the
4384 * driver interface.
4385 */
4386int wpa_supplicant_driver_init(struct wpa_supplicant *wpa_s)
4387{
4388 static int interface_count = 0;
4389
4390 if (wpa_supplicant_update_mac_addr(wpa_s) < 0)
4391 return -1;
4392
4393 wpa_dbg(wpa_s, MSG_DEBUG, "Own MAC address: " MACSTR,
4394 MAC2STR(wpa_s->own_addr));
4395 os_memcpy(wpa_s->perm_addr, wpa_s->own_addr, ETH_ALEN);
4396 wpa_sm_set_own_addr(wpa_s->wpa, wpa_s->own_addr);
4397
4398 if (wpa_s->bridge_ifname[0]) {
4399 wpa_dbg(wpa_s, MSG_DEBUG, "Receiving packets from bridge "
4400 "interface '%s'", wpa_s->bridge_ifname);
4401 wpa_s->l2_br = l2_packet_init_bridge(
4402 wpa_s->bridge_ifname, wpa_s->ifname, wpa_s->own_addr,
4403 ETH_P_EAPOL, wpa_supplicant_rx_eapol_bridge, wpa_s, 1);
4404 if (wpa_s->l2_br == NULL) {
4405 wpa_msg(wpa_s, MSG_ERROR, "Failed to open l2_packet "
4406 "connection for the bridge interface '%s'",
4407 wpa_s->bridge_ifname);
4408 return -1;
4409 }
4410 }
4411
4412 if (wpa_s->conf->ap_scan == 2 &&
4413 os_strcmp(wpa_s->driver->name, "nl80211") == 0) {
4414 wpa_printf(MSG_INFO,
4415 "Note: nl80211 driver interface is not designed to be used with ap_scan=2; this can result in connection failures");
4416 }
4417
4418 wpa_clear_keys(wpa_s, NULL);
4419
4420 /* Make sure that TKIP countermeasures are not left enabled (could
4421 * happen if wpa_supplicant is killed during countermeasures. */
4422 wpa_drv_set_countermeasures(wpa_s, 0);
4423
4424 wpa_dbg(wpa_s, MSG_DEBUG, "RSN: flushing PMKID list in the driver");
4425 wpa_drv_flush_pmkid(wpa_s);
4426
4427 wpa_s->prev_scan_ssid = WILDCARD_SSID_SCAN;
4428 wpa_s->prev_scan_wildcard = 0;
4429
4430 if (wpa_supplicant_enabled_networks(wpa_s)) {
4431 if (wpa_s->wpa_state == WPA_INTERFACE_DISABLED) {
4432 wpa_supplicant_set_state(wpa_s, WPA_DISCONNECTED);
4433 interface_count = 0;
4434 }
4435#ifndef ANDROID
4436 if (!wpa_s->p2p_mgmt &&
4437 wpa_supplicant_delayed_sched_scan(wpa_s,
4438 interface_count % 3,
4439 100000))
4440 wpa_supplicant_req_scan(wpa_s, interface_count % 3,
4441 100000);
4442#endif /* ANDROID */
4443 interface_count++;
4444 } else
4445 wpa_supplicant_set_state(wpa_s, WPA_INACTIVE);
4446
4447 return 0;
4448}
4449
4450
4451static int wpa_supplicant_daemon(const char *pid_file)
4452{
4453 wpa_printf(MSG_DEBUG, "Daemonize..");
4454 return os_daemonize(pid_file);
4455}
4456
4457
4458static struct wpa_supplicant *
4459wpa_supplicant_alloc(struct wpa_supplicant *parent)
4460{
4461 struct wpa_supplicant *wpa_s;
4462
4463 wpa_s = os_zalloc(sizeof(*wpa_s));
4464 if (wpa_s == NULL)
4465 return NULL;
4466 wpa_s->scan_req = INITIAL_SCAN_REQ;
4467 wpa_s->scan_interval = 5;
4468 wpa_s->new_connection = 1;
4469 wpa_s->parent = parent ? parent : wpa_s;
4470 wpa_s->p2pdev = wpa_s->parent;
4471 wpa_s->sched_scanning = 0;
4472
4473 dl_list_init(&wpa_s->bss_tmp_disallowed);
4474 dl_list_init(&wpa_s->fils_hlp_req);
4475
4476 return wpa_s;
4477}
4478
4479
4480#ifdef CONFIG_HT_OVERRIDES
4481
4482static int wpa_set_htcap_mcs(struct wpa_supplicant *wpa_s,
4483 struct ieee80211_ht_capabilities *htcaps,
4484 struct ieee80211_ht_capabilities *htcaps_mask,
4485 const char *ht_mcs)
4486{
4487 /* parse ht_mcs into hex array */
4488 int i;
4489 const char *tmp = ht_mcs;
4490 char *end = NULL;
4491
4492 /* If ht_mcs is null, do not set anything */
4493 if (!ht_mcs)
4494 return 0;
4495
4496 /* This is what we are setting in the kernel */
4497 os_memset(&htcaps->supported_mcs_set, 0, IEEE80211_HT_MCS_MASK_LEN);
4498
4499 wpa_msg(wpa_s, MSG_DEBUG, "set_htcap, ht_mcs -:%s:-", ht_mcs);
4500
4501 for (i = 0; i < IEEE80211_HT_MCS_MASK_LEN; i++) {
4502 long v;
4503
4504 errno = 0;
4505 v = strtol(tmp, &end, 16);
4506
4507 if (errno == 0) {
4508 wpa_msg(wpa_s, MSG_DEBUG,
4509 "htcap value[%i]: %ld end: %p tmp: %p",
4510 i, v, end, tmp);
4511 if (end == tmp)
4512 break;
4513
4514 htcaps->supported_mcs_set[i] = v;
4515 tmp = end;
4516 } else {
4517 wpa_msg(wpa_s, MSG_ERROR,
4518 "Failed to parse ht-mcs: %s, error: %s\n",
4519 ht_mcs, strerror(errno));
4520 return -1;
4521 }
4522 }
4523
4524 /*
4525 * If we were able to parse any values, then set mask for the MCS set.
4526 */
4527 if (i) {
4528 os_memset(&htcaps_mask->supported_mcs_set, 0xff,
4529 IEEE80211_HT_MCS_MASK_LEN - 1);
4530 /* skip the 3 reserved bits */
4531 htcaps_mask->supported_mcs_set[IEEE80211_HT_MCS_MASK_LEN - 1] =
4532 0x1f;
4533 }
4534
4535 return 0;
4536}
4537
4538
4539static int wpa_disable_max_amsdu(struct wpa_supplicant *wpa_s,
4540 struct ieee80211_ht_capabilities *htcaps,
4541 struct ieee80211_ht_capabilities *htcaps_mask,
4542 int disabled)
4543{
4544 le16 msk;
4545
4546 if (disabled == -1)
4547 return 0;
4548
4549 wpa_msg(wpa_s, MSG_DEBUG, "set_disable_max_amsdu: %d", disabled);
4550
4551 msk = host_to_le16(HT_CAP_INFO_MAX_AMSDU_SIZE);
4552 htcaps_mask->ht_capabilities_info |= msk;
4553 if (disabled)
4554 htcaps->ht_capabilities_info &= msk;
4555 else
4556 htcaps->ht_capabilities_info |= msk;
4557
4558 return 0;
4559}
4560
4561
4562static int wpa_set_ampdu_factor(struct wpa_supplicant *wpa_s,
4563 struct ieee80211_ht_capabilities *htcaps,
4564 struct ieee80211_ht_capabilities *htcaps_mask,
4565 int factor)
4566{
4567 if (factor == -1)
4568 return 0;
4569
4570 wpa_msg(wpa_s, MSG_DEBUG, "set_ampdu_factor: %d", factor);
4571
4572 if (factor < 0 || factor > 3) {
4573 wpa_msg(wpa_s, MSG_ERROR, "ampdu_factor: %d out of range. "
4574 "Must be 0-3 or -1", factor);
4575 return -EINVAL;
4576 }
4577
4578 htcaps_mask->a_mpdu_params |= 0x3; /* 2 bits for factor */
4579 htcaps->a_mpdu_params &= ~0x3;
4580 htcaps->a_mpdu_params |= factor & 0x3;
4581
4582 return 0;
4583}
4584
4585
4586static int wpa_set_ampdu_density(struct wpa_supplicant *wpa_s,
4587 struct ieee80211_ht_capabilities *htcaps,
4588 struct ieee80211_ht_capabilities *htcaps_mask,
4589 int density)
4590{
4591 if (density == -1)
4592 return 0;
4593
4594 wpa_msg(wpa_s, MSG_DEBUG, "set_ampdu_density: %d", density);
4595
4596 if (density < 0 || density > 7) {
4597 wpa_msg(wpa_s, MSG_ERROR,
4598 "ampdu_density: %d out of range. Must be 0-7 or -1.",
4599 density);
4600 return -EINVAL;
4601 }
4602
4603 htcaps_mask->a_mpdu_params |= 0x1C;
4604 htcaps->a_mpdu_params &= ~(0x1C);
4605 htcaps->a_mpdu_params |= (density << 2) & 0x1C;
4606
4607 return 0;
4608}
4609
4610
4611static int wpa_set_disable_ht40(struct wpa_supplicant *wpa_s,
4612 struct ieee80211_ht_capabilities *htcaps,
4613 struct ieee80211_ht_capabilities *htcaps_mask,
4614 int disabled)
4615{
4616 if (disabled)
4617 wpa_msg(wpa_s, MSG_DEBUG, "set_disable_ht40: %d", disabled);
4618
4619 set_disable_ht40(htcaps, disabled);
4620 set_disable_ht40(htcaps_mask, 0);
4621
4622 return 0;
4623}
4624
4625
4626static int wpa_set_disable_sgi(struct wpa_supplicant *wpa_s,
4627 struct ieee80211_ht_capabilities *htcaps,
4628 struct ieee80211_ht_capabilities *htcaps_mask,
4629 int disabled)
4630{
4631 /* Masking these out disables SGI */
4632 le16 msk = host_to_le16(HT_CAP_INFO_SHORT_GI20MHZ |
4633 HT_CAP_INFO_SHORT_GI40MHZ);
4634
4635 if (disabled)
4636 wpa_msg(wpa_s, MSG_DEBUG, "set_disable_sgi: %d", disabled);
4637
4638 if (disabled)
4639 htcaps->ht_capabilities_info &= ~msk;
4640 else
4641 htcaps->ht_capabilities_info |= msk;
4642
4643 htcaps_mask->ht_capabilities_info |= msk;
4644
4645 return 0;
4646}
4647
4648
4649static int wpa_set_disable_ldpc(struct wpa_supplicant *wpa_s,
4650 struct ieee80211_ht_capabilities *htcaps,
4651 struct ieee80211_ht_capabilities *htcaps_mask,
4652 int disabled)
4653{
4654 /* Masking these out disables LDPC */
4655 le16 msk = host_to_le16(HT_CAP_INFO_LDPC_CODING_CAP);
4656
4657 if (disabled)
4658 wpa_msg(wpa_s, MSG_DEBUG, "set_disable_ldpc: %d", disabled);
4659
4660 if (disabled)
4661 htcaps->ht_capabilities_info &= ~msk;
4662 else
4663 htcaps->ht_capabilities_info |= msk;
4664
4665 htcaps_mask->ht_capabilities_info |= msk;
4666
4667 return 0;
4668}
4669
4670
4671static int wpa_set_tx_stbc(struct wpa_supplicant *wpa_s,
4672 struct ieee80211_ht_capabilities *htcaps,
4673 struct ieee80211_ht_capabilities *htcaps_mask,
4674 int tx_stbc)
4675{
4676 le16 msk = host_to_le16(HT_CAP_INFO_TX_STBC);
4677
4678 if (tx_stbc == -1)
4679 return 0;
4680
4681 wpa_msg(wpa_s, MSG_DEBUG, "set_tx_stbc: %d", tx_stbc);
4682
4683 if (tx_stbc < 0 || tx_stbc > 1) {
4684 wpa_msg(wpa_s, MSG_ERROR,
4685 "tx_stbc: %d out of range. Must be 0-1 or -1", tx_stbc);
4686 return -EINVAL;
4687 }
4688
4689 htcaps_mask->ht_capabilities_info |= msk;
4690 htcaps->ht_capabilities_info &= ~msk;
4691 htcaps->ht_capabilities_info |= (tx_stbc << 7) & msk;
4692
4693 return 0;
4694}
4695
4696
4697static int wpa_set_rx_stbc(struct wpa_supplicant *wpa_s,
4698 struct ieee80211_ht_capabilities *htcaps,
4699 struct ieee80211_ht_capabilities *htcaps_mask,
4700 int rx_stbc)
4701{
4702 le16 msk = host_to_le16(HT_CAP_INFO_RX_STBC_MASK);
4703
4704 if (rx_stbc == -1)
4705 return 0;
4706
4707 wpa_msg(wpa_s, MSG_DEBUG, "set_rx_stbc: %d", rx_stbc);
4708
4709 if (rx_stbc < 0 || rx_stbc > 3) {
4710 wpa_msg(wpa_s, MSG_ERROR,
4711 "rx_stbc: %d out of range. Must be 0-3 or -1", rx_stbc);
4712 return -EINVAL;
4713 }
4714
4715 htcaps_mask->ht_capabilities_info |= msk;
4716 htcaps->ht_capabilities_info &= ~msk;
4717 htcaps->ht_capabilities_info |= (rx_stbc << 8) & msk;
4718
4719 return 0;
4720}
4721
4722
4723void wpa_supplicant_apply_ht_overrides(
4724 struct wpa_supplicant *wpa_s, struct wpa_ssid *ssid,
4725 struct wpa_driver_associate_params *params)
4726{
4727 struct ieee80211_ht_capabilities *htcaps;
4728 struct ieee80211_ht_capabilities *htcaps_mask;
4729
4730 if (!ssid)
4731 return;
4732
4733 params->disable_ht = ssid->disable_ht;
4734 if (!params->htcaps || !params->htcaps_mask)
4735 return;
4736
4737 htcaps = (struct ieee80211_ht_capabilities *) params->htcaps;
4738 htcaps_mask = (struct ieee80211_ht_capabilities *) params->htcaps_mask;
4739 wpa_set_htcap_mcs(wpa_s, htcaps, htcaps_mask, ssid->ht_mcs);
4740 wpa_disable_max_amsdu(wpa_s, htcaps, htcaps_mask,
4741 ssid->disable_max_amsdu);
4742 wpa_set_ampdu_factor(wpa_s, htcaps, htcaps_mask, ssid->ampdu_factor);
4743 wpa_set_ampdu_density(wpa_s, htcaps, htcaps_mask, ssid->ampdu_density);
4744 wpa_set_disable_ht40(wpa_s, htcaps, htcaps_mask, ssid->disable_ht40);
4745 wpa_set_disable_sgi(wpa_s, htcaps, htcaps_mask, ssid->disable_sgi);
4746 wpa_set_disable_ldpc(wpa_s, htcaps, htcaps_mask, ssid->disable_ldpc);
4747 wpa_set_rx_stbc(wpa_s, htcaps, htcaps_mask, ssid->rx_stbc);
4748 wpa_set_tx_stbc(wpa_s, htcaps, htcaps_mask, ssid->tx_stbc);
4749
4750 if (ssid->ht40_intolerant) {
4751 le16 bit = host_to_le16(HT_CAP_INFO_40MHZ_INTOLERANT);
4752 htcaps->ht_capabilities_info |= bit;
4753 htcaps_mask->ht_capabilities_info |= bit;
4754 }
4755}
4756
4757#endif /* CONFIG_HT_OVERRIDES */
4758
4759
4760#ifdef CONFIG_VHT_OVERRIDES
4761void wpa_supplicant_apply_vht_overrides(
4762 struct wpa_supplicant *wpa_s, struct wpa_ssid *ssid,
4763 struct wpa_driver_associate_params *params)
4764{
4765 struct ieee80211_vht_capabilities *vhtcaps;
4766 struct ieee80211_vht_capabilities *vhtcaps_mask;
4767
4768 if (!ssid)
4769 return;
4770
4771 params->disable_vht = ssid->disable_vht;
4772
4773 vhtcaps = (void *) params->vhtcaps;
4774 vhtcaps_mask = (void *) params->vhtcaps_mask;
4775
4776 if (!vhtcaps || !vhtcaps_mask)
4777 return;
4778
4779 vhtcaps->vht_capabilities_info = host_to_le32(ssid->vht_capa);
4780 vhtcaps_mask->vht_capabilities_info = host_to_le32(ssid->vht_capa_mask);
4781
4782#ifdef CONFIG_HT_OVERRIDES
4783 if (ssid->disable_sgi) {
4784 vhtcaps_mask->vht_capabilities_info |= (VHT_CAP_SHORT_GI_80 |
4785 VHT_CAP_SHORT_GI_160);
4786 vhtcaps->vht_capabilities_info &= ~(VHT_CAP_SHORT_GI_80 |
4787 VHT_CAP_SHORT_GI_160);
4788 wpa_msg(wpa_s, MSG_DEBUG,
4789 "disable-sgi override specified, vht-caps: 0x%x",
4790 vhtcaps->vht_capabilities_info);
4791 }
4792
4793 /* if max ampdu is <= 3, we have to make the HT cap the same */
4794 if (ssid->vht_capa_mask & VHT_CAP_MAX_A_MPDU_LENGTH_EXPONENT_MAX) {
4795 int max_ampdu;
4796
4797 max_ampdu = (ssid->vht_capa &
4798 VHT_CAP_MAX_A_MPDU_LENGTH_EXPONENT_MAX) >>
4799 VHT_CAP_MAX_A_MPDU_LENGTH_EXPONENT_MAX_SHIFT;
4800
4801 max_ampdu = max_ampdu < 3 ? max_ampdu : 3;
4802 wpa_set_ampdu_factor(wpa_s,
4803 (void *) params->htcaps,
4804 (void *) params->htcaps_mask,
4805 max_ampdu);
4806 }
4807#endif /* CONFIG_HT_OVERRIDES */
4808
4809#define OVERRIDE_MCS(i) \
4810 if (ssid->vht_tx_mcs_nss_ ##i >= 0) { \
4811 vhtcaps_mask->vht_supported_mcs_set.tx_map |= \
4812 host_to_le16(3 << 2 * (i - 1)); \
4813 vhtcaps->vht_supported_mcs_set.tx_map |= \
4814 host_to_le16(ssid->vht_tx_mcs_nss_ ##i << \
4815 2 * (i - 1)); \
4816 } \
4817 if (ssid->vht_rx_mcs_nss_ ##i >= 0) { \
4818 vhtcaps_mask->vht_supported_mcs_set.rx_map |= \
4819 host_to_le16(3 << 2 * (i - 1)); \
4820 vhtcaps->vht_supported_mcs_set.rx_map |= \
4821 host_to_le16(ssid->vht_rx_mcs_nss_ ##i << \
4822 2 * (i - 1)); \
4823 }
4824
4825 OVERRIDE_MCS(1);
4826 OVERRIDE_MCS(2);
4827 OVERRIDE_MCS(3);
4828 OVERRIDE_MCS(4);
4829 OVERRIDE_MCS(5);
4830 OVERRIDE_MCS(6);
4831 OVERRIDE_MCS(7);
4832 OVERRIDE_MCS(8);
4833}
4834#endif /* CONFIG_VHT_OVERRIDES */
4835
4836
4837static int pcsc_reader_init(struct wpa_supplicant *wpa_s)
4838{
4839#ifdef PCSC_FUNCS
4840 size_t len;
4841
4842 if (!wpa_s->conf->pcsc_reader)
4843 return 0;
4844
4845 wpa_s->scard = scard_init(wpa_s->conf->pcsc_reader);
4846 if (!wpa_s->scard)
4847 return 1;
4848
4849 if (wpa_s->conf->pcsc_pin &&
4850 scard_set_pin(wpa_s->scard, wpa_s->conf->pcsc_pin) < 0) {
4851 scard_deinit(wpa_s->scard);
4852 wpa_s->scard = NULL;
4853 wpa_msg(wpa_s, MSG_ERROR, "PC/SC PIN validation failed");
4854 return -1;
4855 }
4856
4857 len = sizeof(wpa_s->imsi) - 1;
4858 if (scard_get_imsi(wpa_s->scard, wpa_s->imsi, &len)) {
4859 scard_deinit(wpa_s->scard);
4860 wpa_s->scard = NULL;
4861 wpa_msg(wpa_s, MSG_ERROR, "Could not read IMSI");
4862 return -1;
4863 }
4864 wpa_s->imsi[len] = '\0';
4865
4866 wpa_s->mnc_len = scard_get_mnc_len(wpa_s->scard);
4867
4868 wpa_printf(MSG_DEBUG, "SCARD: IMSI %s (MNC length %d)",
4869 wpa_s->imsi, wpa_s->mnc_len);
4870
4871 wpa_sm_set_scard_ctx(wpa_s->wpa, wpa_s->scard);
4872 eapol_sm_register_scard_ctx(wpa_s->eapol, wpa_s->scard);
4873#endif /* PCSC_FUNCS */
4874
4875 return 0;
4876}
4877
4878
4879int wpas_init_ext_pw(struct wpa_supplicant *wpa_s)
4880{
4881 char *val, *pos;
4882
4883 ext_password_deinit(wpa_s->ext_pw);
4884 wpa_s->ext_pw = NULL;
4885 eapol_sm_set_ext_pw_ctx(wpa_s->eapol, NULL);
4886
4887 if (!wpa_s->conf->ext_password_backend)
4888 return 0;
4889
4890 val = os_strdup(wpa_s->conf->ext_password_backend);
4891 if (val == NULL)
4892 return -1;
4893 pos = os_strchr(val, ':');
4894 if (pos)
4895 *pos++ = '\0';
4896
4897 wpa_printf(MSG_DEBUG, "EXT PW: Initialize backend '%s'", val);
4898
4899 wpa_s->ext_pw = ext_password_init(val, pos);
4900 os_free(val);
4901 if (wpa_s->ext_pw == NULL) {
4902 wpa_printf(MSG_DEBUG, "EXT PW: Failed to initialize backend");
4903 return -1;
4904 }
4905 eapol_sm_set_ext_pw_ctx(wpa_s->eapol, wpa_s->ext_pw);
4906
4907 return 0;
4908}
4909
4910
4911#ifdef CONFIG_FST
4912
4913static const u8 * wpas_fst_get_bssid_cb(void *ctx)
4914{
4915 struct wpa_supplicant *wpa_s = ctx;
4916
4917 return (is_zero_ether_addr(wpa_s->bssid) ||
4918 wpa_s->wpa_state != WPA_COMPLETED) ? NULL : wpa_s->bssid;
4919}
4920
4921
4922static void wpas_fst_get_channel_info_cb(void *ctx,
4923 enum hostapd_hw_mode *hw_mode,
4924 u8 *channel)
4925{
4926 struct wpa_supplicant *wpa_s = ctx;
4927
4928 if (wpa_s->current_bss) {
4929 *hw_mode = ieee80211_freq_to_chan(wpa_s->current_bss->freq,
4930 channel);
4931 } else if (wpa_s->hw.num_modes) {
4932 *hw_mode = wpa_s->hw.modes[0].mode;
4933 } else {
4934 WPA_ASSERT(0);
4935 *hw_mode = 0;
4936 }
4937}
4938
4939
4940static int wpas_fst_get_hw_modes(void *ctx, struct hostapd_hw_modes **modes)
4941{
4942 struct wpa_supplicant *wpa_s = ctx;
4943
4944 *modes = wpa_s->hw.modes;
4945 return wpa_s->hw.num_modes;
4946}
4947
4948
4949static void wpas_fst_set_ies_cb(void *ctx, const struct wpabuf *fst_ies)
4950{
4951 struct wpa_supplicant *wpa_s = ctx;
4952
4953 wpa_hexdump_buf(MSG_DEBUG, "FST: Set IEs", fst_ies);
4954 wpa_s->fst_ies = fst_ies;
4955}
4956
4957
4958static int wpas_fst_send_action_cb(void *ctx, const u8 *da, struct wpabuf *data)
4959{
4960 struct wpa_supplicant *wpa_s = ctx;
4961
4962 if (os_memcmp(wpa_s->bssid, da, ETH_ALEN) != 0) {
4963 wpa_printf(MSG_INFO, "FST:%s:bssid=" MACSTR " != da=" MACSTR,
4964 __func__, MAC2STR(wpa_s->bssid), MAC2STR(da));
4965 return -1;
4966 }
4967 return wpa_drv_send_action(wpa_s, wpa_s->assoc_freq, 0, wpa_s->bssid,
4968 wpa_s->own_addr, wpa_s->bssid,
4969 wpabuf_head(data), wpabuf_len(data),
4970 0);
4971}
4972
4973
4974static const struct wpabuf * wpas_fst_get_mb_ie_cb(void *ctx, const u8 *addr)
4975{
4976 struct wpa_supplicant *wpa_s = ctx;
4977
4978 WPA_ASSERT(os_memcmp(wpa_s->bssid, addr, ETH_ALEN) == 0);
4979 return wpa_s->received_mb_ies;
4980}
4981
4982
4983static void wpas_fst_update_mb_ie_cb(void *ctx, const u8 *addr,
4984 const u8 *buf, size_t size)
4985{
4986 struct wpa_supplicant *wpa_s = ctx;
4987 struct mb_ies_info info;
4988
4989 WPA_ASSERT(os_memcmp(wpa_s->bssid, addr, ETH_ALEN) == 0);
4990
4991 if (!mb_ies_info_by_ies(&info, buf, size)) {
4992 wpabuf_free(wpa_s->received_mb_ies);
4993 wpa_s->received_mb_ies = mb_ies_by_info(&info);
4994 }
4995}
4996
4997
4998static const u8 * wpas_fst_get_peer_first(void *ctx,
4999 struct fst_get_peer_ctx **get_ctx,
5000 Boolean mb_only)
5001{
5002 struct wpa_supplicant *wpa_s = ctx;
5003
5004 *get_ctx = NULL;
5005 if (!is_zero_ether_addr(wpa_s->bssid))
5006 return (wpa_s->received_mb_ies || !mb_only) ?
5007 wpa_s->bssid : NULL;
5008 return NULL;
5009}
5010
5011
5012static const u8 * wpas_fst_get_peer_next(void *ctx,
5013 struct fst_get_peer_ctx **get_ctx,
5014 Boolean mb_only)
5015{
5016 return NULL;
5017}
5018
5019void fst_wpa_supplicant_fill_iface_obj(struct wpa_supplicant *wpa_s,
5020 struct fst_wpa_obj *iface_obj)
5021{
5022 iface_obj->ctx = wpa_s;
5023 iface_obj->get_bssid = wpas_fst_get_bssid_cb;
5024 iface_obj->get_channel_info = wpas_fst_get_channel_info_cb;
5025 iface_obj->get_hw_modes = wpas_fst_get_hw_modes;
5026 iface_obj->set_ies = wpas_fst_set_ies_cb;
5027 iface_obj->send_action = wpas_fst_send_action_cb;
5028 iface_obj->get_mb_ie = wpas_fst_get_mb_ie_cb;
5029 iface_obj->update_mb_ie = wpas_fst_update_mb_ie_cb;
5030 iface_obj->get_peer_first = wpas_fst_get_peer_first;
5031 iface_obj->get_peer_next = wpas_fst_get_peer_next;
5032}
5033#endif /* CONFIG_FST */
5034
5035static int wpas_set_wowlan_triggers(struct wpa_supplicant *wpa_s,
5036 const struct wpa_driver_capa *capa)
5037{
5038 struct wowlan_triggers *triggers;
5039 int ret = 0;
5040
5041 if (!wpa_s->conf->wowlan_triggers)
5042 return 0;
5043
5044 triggers = wpa_get_wowlan_triggers(wpa_s->conf->wowlan_triggers, capa);
5045 if (triggers) {
5046 ret = wpa_drv_wowlan(wpa_s, triggers);
5047 os_free(triggers);
5048 }
5049 return ret;
5050}
5051
5052
5053enum wpa_radio_work_band wpas_freq_to_band(int freq)
5054{
5055 if (freq < 3000)
5056 return BAND_2_4_GHZ;
5057 if (freq > 50000)
5058 return BAND_60_GHZ;
5059 return BAND_5_GHZ;
5060}
5061
5062
5063unsigned int wpas_get_bands(struct wpa_supplicant *wpa_s, const int *freqs)
5064{
5065 int i;
5066 unsigned int band = 0;
5067
5068 if (freqs) {
5069 /* freqs are specified for the radio work */
5070 for (i = 0; freqs[i]; i++)
5071 band |= wpas_freq_to_band(freqs[i]);
5072 } else {
5073 /*
5074 * freqs are not specified, implies all
5075 * the supported freqs by HW
5076 */
5077 for (i = 0; i < wpa_s->hw.num_modes; i++) {
5078 if (wpa_s->hw.modes[i].num_channels != 0) {
5079 if (wpa_s->hw.modes[i].mode ==
5080 HOSTAPD_MODE_IEEE80211B ||
5081 wpa_s->hw.modes[i].mode ==
5082 HOSTAPD_MODE_IEEE80211G)
5083 band |= BAND_2_4_GHZ;
5084 else if (wpa_s->hw.modes[i].mode ==
5085 HOSTAPD_MODE_IEEE80211A)
5086 band |= BAND_5_GHZ;
5087 else if (wpa_s->hw.modes[i].mode ==
5088 HOSTAPD_MODE_IEEE80211AD)
5089 band |= BAND_60_GHZ;
5090 else if (wpa_s->hw.modes[i].mode ==
5091 HOSTAPD_MODE_IEEE80211ANY)
5092 band = BAND_2_4_GHZ | BAND_5_GHZ |
5093 BAND_60_GHZ;
5094 }
5095 }
5096 }
5097
5098 return band;
5099}
5100
5101
5102static struct wpa_radio * radio_add_interface(struct wpa_supplicant *wpa_s,
5103 const char *rn)
5104{
5105 struct wpa_supplicant *iface = wpa_s->global->ifaces;
5106 struct wpa_radio *radio;
5107
5108 while (rn && iface) {
5109 radio = iface->radio;
5110 if (radio && os_strcmp(rn, radio->name) == 0) {
5111 wpa_printf(MSG_DEBUG, "Add interface %s to existing radio %s",
5112 wpa_s->ifname, rn);
5113 dl_list_add(&radio->ifaces, &wpa_s->radio_list);
5114 return radio;
5115 }
5116
5117 iface = iface->next;
5118 }
5119
5120 wpa_printf(MSG_DEBUG, "Add interface %s to a new radio %s",
5121 wpa_s->ifname, rn ? rn : "N/A");
5122 radio = os_zalloc(sizeof(*radio));
5123 if (radio == NULL)
5124 return NULL;
5125
5126 if (rn)
5127 os_strlcpy(radio->name, rn, sizeof(radio->name));
5128 dl_list_init(&radio->ifaces);
5129 dl_list_init(&radio->work);
5130 dl_list_add(&radio->ifaces, &wpa_s->radio_list);
5131
5132 return radio;
5133}
5134
5135
5136static void radio_work_free(struct wpa_radio_work *work)
5137{
5138 if (work->wpa_s->scan_work == work) {
5139 /* This should not really happen. */
5140 wpa_dbg(work->wpa_s, MSG_INFO, "Freeing radio work '%s'@%p (started=%d) that is marked as scan_work",
5141 work->type, work, work->started);
5142 work->wpa_s->scan_work = NULL;
5143 }
5144
5145#ifdef CONFIG_P2P
5146 if (work->wpa_s->p2p_scan_work == work) {
5147 /* This should not really happen. */
5148 wpa_dbg(work->wpa_s, MSG_INFO, "Freeing radio work '%s'@%p (started=%d) that is marked as p2p_scan_work",
5149 work->type, work, work->started);
5150 work->wpa_s->p2p_scan_work = NULL;
5151 }
5152#endif /* CONFIG_P2P */
5153
5154 if (work->started) {
5155 work->wpa_s->radio->num_active_works--;
5156 wpa_dbg(work->wpa_s, MSG_DEBUG,
5157 "radio_work_free('%s'@%p): num_active_works --> %u",
5158 work->type, work,
5159 work->wpa_s->radio->num_active_works);
5160 }
5161
5162 dl_list_del(&work->list);
5163 os_free(work);
5164}
5165
5166
5167static int radio_work_is_connect(struct wpa_radio_work *work)
5168{
5169 return os_strcmp(work->type, "sme-connect") == 0 ||
5170 os_strcmp(work->type, "connect") == 0;
5171}
5172
5173
5174static int radio_work_is_scan(struct wpa_radio_work *work)
5175{
5176 return os_strcmp(work->type, "scan") == 0 ||
5177 os_strcmp(work->type, "p2p-scan") == 0;
5178}
5179
5180
5181static struct wpa_radio_work * radio_work_get_next_work(struct wpa_radio *radio)
5182{
5183 struct wpa_radio_work *active_work = NULL;
5184 struct wpa_radio_work *tmp;
5185
5186 /* Get the active work to know the type and band. */
5187 dl_list_for_each(tmp, &radio->work, struct wpa_radio_work, list) {
5188 if (tmp->started) {
5189 active_work = tmp;
5190 break;
5191 }
5192 }
5193
5194 if (!active_work) {
5195 /* No active work, start one */
5196 radio->num_active_works = 0;
5197 dl_list_for_each(tmp, &radio->work, struct wpa_radio_work,
5198 list) {
5199 if (os_strcmp(tmp->type, "scan") == 0 &&
5200 radio->external_scan_running &&
5201 (((struct wpa_driver_scan_params *)
5202 tmp->ctx)->only_new_results ||
5203 tmp->wpa_s->clear_driver_scan_cache))
5204 continue;
5205 return tmp;
5206 }
5207 return NULL;
5208 }
5209
5210 if (radio_work_is_connect(active_work)) {
5211 /*
5212 * If the active work is either connect or sme-connect,
5213 * do not parallelize them with other radio works.
5214 */
5215 wpa_dbg(active_work->wpa_s, MSG_DEBUG,
5216 "Do not parallelize radio work with %s",
5217 active_work->type);
5218 return NULL;
5219 }
5220
5221 dl_list_for_each(tmp, &radio->work, struct wpa_radio_work, list) {
5222 if (tmp->started)
5223 continue;
5224
5225 /*
5226 * If connect or sme-connect are enqueued, parallelize only
5227 * those operations ahead of them in the queue.
5228 */
5229 if (radio_work_is_connect(tmp))
5230 break;
5231
5232 /* Serialize parallel scan and p2p_scan operations on the same
5233 * interface since the driver_nl80211 mechanism for tracking
5234 * scan cookies does not yet have support for this. */
5235 if (active_work->wpa_s == tmp->wpa_s &&
5236 radio_work_is_scan(active_work) &&
5237 radio_work_is_scan(tmp)) {
5238 wpa_dbg(active_work->wpa_s, MSG_DEBUG,
5239 "Do not start work '%s' when another work '%s' is already scheduled",
5240 tmp->type, active_work->type);
5241 continue;
5242 }
5243 /*
5244 * Check that the radio works are distinct and
5245 * on different bands.
5246 */
5247 if (os_strcmp(active_work->type, tmp->type) != 0 &&
5248 (active_work->bands != tmp->bands)) {
5249 /*
5250 * If a scan has to be scheduled through nl80211 scan
5251 * interface and if an external scan is already running,
5252 * do not schedule the scan since it is likely to get
5253 * rejected by kernel.
5254 */
5255 if (os_strcmp(tmp->type, "scan") == 0 &&
5256 radio->external_scan_running &&
5257 (((struct wpa_driver_scan_params *)
5258 tmp->ctx)->only_new_results ||
5259 tmp->wpa_s->clear_driver_scan_cache))
5260 continue;
5261
5262 wpa_dbg(active_work->wpa_s, MSG_DEBUG,
5263 "active_work:%s new_work:%s",
5264 active_work->type, tmp->type);
5265 return tmp;
5266 }
5267 }
5268
5269 /* Did not find a radio work to schedule in parallel. */
5270 return NULL;
5271}
5272
5273
5274static void radio_start_next_work(void *eloop_ctx, void *timeout_ctx)
5275{
5276 struct wpa_radio *radio = eloop_ctx;
5277 struct wpa_radio_work *work;
5278 struct os_reltime now, diff;
5279 struct wpa_supplicant *wpa_s;
5280
5281 work = dl_list_first(&radio->work, struct wpa_radio_work, list);
5282 if (work == NULL) {
5283 radio->num_active_works = 0;
5284 return;
5285 }
5286
5287 wpa_s = dl_list_first(&radio->ifaces, struct wpa_supplicant,
5288 radio_list);
5289
5290 if (!(wpa_s &&
5291 wpa_s->drv_flags & WPA_DRIVER_FLAGS_OFFCHANNEL_SIMULTANEOUS)) {
5292 if (work->started)
5293 return; /* already started and still in progress */
5294
5295 if (wpa_s && wpa_s->radio->external_scan_running) {
5296 wpa_printf(MSG_DEBUG, "Delay radio work start until externally triggered scan completes");
5297 return;
5298 }
5299 } else {
5300 work = NULL;
5301 if (radio->num_active_works < MAX_ACTIVE_WORKS) {
5302 /* get the work to schedule next */
5303 work = radio_work_get_next_work(radio);
5304 }
5305 if (!work)
5306 return;
5307 }
5308
5309 wpa_s = work->wpa_s;
5310 os_get_reltime(&now);
5311 os_reltime_sub(&now, &work->time, &diff);
5312 wpa_dbg(wpa_s, MSG_DEBUG,
5313 "Starting radio work '%s'@%p after %ld.%06ld second wait",
5314 work->type, work, diff.sec, diff.usec);
5315 work->started = 1;
5316 work->time = now;
5317 radio->num_active_works++;
5318
5319 work->cb(work, 0);
5320
5321 if ((wpa_s->drv_flags & WPA_DRIVER_FLAGS_OFFCHANNEL_SIMULTANEOUS) &&
5322 radio->num_active_works < MAX_ACTIVE_WORKS)
5323 radio_work_check_next(wpa_s);
5324}
5325
5326
5327/*
5328 * This function removes both started and pending radio works running on
5329 * the provided interface's radio.
5330 * Prior to the removal of the radio work, its callback (cb) is called with
5331 * deinit set to be 1. Each work's callback is responsible for clearing its
5332 * internal data and restoring to a correct state.
5333 * @wpa_s: wpa_supplicant data
5334 * @type: type of works to be removed
5335 * @remove_all: 1 to remove all the works on this radio, 0 to remove only
5336 * this interface's works.
5337 */
5338void radio_remove_works(struct wpa_supplicant *wpa_s,
5339 const char *type, int remove_all)
5340{
5341 struct wpa_radio_work *work, *tmp;
5342 struct wpa_radio *radio = wpa_s->radio;
5343
5344 dl_list_for_each_safe(work, tmp, &radio->work, struct wpa_radio_work,
5345 list) {
5346 if (type && os_strcmp(type, work->type) != 0)
5347 continue;
5348
5349 /* skip other ifaces' works */
5350 if (!remove_all && work->wpa_s != wpa_s)
5351 continue;
5352
5353 wpa_dbg(wpa_s, MSG_DEBUG, "Remove radio work '%s'@%p%s",
5354 work->type, work, work->started ? " (started)" : "");
5355 work->cb(work, 1);
5356 radio_work_free(work);
5357 }
5358
5359 /* in case we removed the started work */
5360 radio_work_check_next(wpa_s);
5361}
5362
5363
5364void radio_remove_pending_work(struct wpa_supplicant *wpa_s, void *ctx)
5365{
5366 struct wpa_radio_work *work;
5367 struct wpa_radio *radio = wpa_s->radio;
5368
5369 dl_list_for_each(work, &radio->work, struct wpa_radio_work, list) {
5370 if (work->ctx != ctx)
5371 continue;
5372 wpa_dbg(wpa_s, MSG_DEBUG, "Free pending radio work '%s'@%p%s",
5373 work->type, work, work->started ? " (started)" : "");
5374 radio_work_free(work);
5375 break;
5376 }
5377}
5378
5379
5380static void radio_remove_interface(struct wpa_supplicant *wpa_s)
5381{
5382 struct wpa_radio *radio = wpa_s->radio;
5383
5384 if (!radio)
5385 return;
5386
5387 wpa_printf(MSG_DEBUG, "Remove interface %s from radio %s",
5388 wpa_s->ifname, radio->name);
5389 dl_list_del(&wpa_s->radio_list);
5390 radio_remove_works(wpa_s, NULL, 0);
5391 wpa_s->radio = NULL;
5392 if (!dl_list_empty(&radio->ifaces))
5393 return; /* Interfaces remain for this radio */
5394
5395 wpa_printf(MSG_DEBUG, "Remove radio %s", radio->name);
5396 eloop_cancel_timeout(radio_start_next_work, radio, NULL);
5397 os_free(radio);
5398}
5399
5400
5401void radio_work_check_next(struct wpa_supplicant *wpa_s)
5402{
5403 struct wpa_radio *radio = wpa_s->radio;
5404
5405 if (dl_list_empty(&radio->work))
5406 return;
5407 if (wpa_s->ext_work_in_progress) {
5408 wpa_printf(MSG_DEBUG,
5409 "External radio work in progress - delay start of pending item");
5410 return;
5411 }
5412 eloop_cancel_timeout(radio_start_next_work, radio, NULL);
5413 eloop_register_timeout(0, 0, radio_start_next_work, radio, NULL);
5414}
5415
5416
5417/**
5418 * radio_add_work - Add a radio work item
5419 * @wpa_s: Pointer to wpa_supplicant data
5420 * @freq: Frequency of the offchannel operation in MHz or 0
5421 * @type: Unique identifier for each type of work
5422 * @next: Force as the next work to be executed
5423 * @cb: Callback function for indicating when radio is available
5424 * @ctx: Context pointer for the work (work->ctx in cb())
5425 * Returns: 0 on success, -1 on failure
5426 *
5427 * This function is used to request time for an operation that requires
5428 * exclusive radio control. Once the radio is available, the registered callback
5429 * function will be called. radio_work_done() must be called once the exclusive
5430 * radio operation has been completed, so that the radio is freed for other
5431 * operations. The special case of deinit=1 is used to free the context data
5432 * during interface removal. That does not allow the callback function to start
5433 * the radio operation, i.e., it must free any resources allocated for the radio
5434 * work and return.
5435 *
5436 * The @freq parameter can be used to indicate a single channel on which the
5437 * offchannel operation will occur. This may allow multiple radio work
5438 * operations to be performed in parallel if they apply for the same channel.
5439 * Setting this to 0 indicates that the work item may use multiple channels or
5440 * requires exclusive control of the radio.
5441 */
5442int radio_add_work(struct wpa_supplicant *wpa_s, unsigned int freq,
5443 const char *type, int next,
5444 void (*cb)(struct wpa_radio_work *work, int deinit),
5445 void *ctx)
5446{
5447 struct wpa_radio *radio = wpa_s->radio;
5448 struct wpa_radio_work *work;
5449 int was_empty;
5450
5451 work = os_zalloc(sizeof(*work));
5452 if (work == NULL)
5453 return -1;
5454 wpa_dbg(wpa_s, MSG_DEBUG, "Add radio work '%s'@%p", type, work);
5455 os_get_reltime(&work->time);
5456 work->freq = freq;
5457 work->type = type;
5458 work->wpa_s = wpa_s;
5459 work->cb = cb;
5460 work->ctx = ctx;
5461
5462 if (freq)
5463 work->bands = wpas_freq_to_band(freq);
5464 else if (os_strcmp(type, "scan") == 0 ||
5465 os_strcmp(type, "p2p-scan") == 0)
5466 work->bands = wpas_get_bands(wpa_s,
5467 ((struct wpa_driver_scan_params *)
5468 ctx)->freqs);
5469 else
5470 work->bands = wpas_get_bands(wpa_s, NULL);
5471
5472 was_empty = dl_list_empty(&wpa_s->radio->work);
5473 if (next)
5474 dl_list_add(&wpa_s->radio->work, &work->list);
5475 else
5476 dl_list_add_tail(&wpa_s->radio->work, &work->list);
5477 if (was_empty) {
5478 wpa_dbg(wpa_s, MSG_DEBUG, "First radio work item in the queue - schedule start immediately");
5479 radio_work_check_next(wpa_s);
5480 } else if ((wpa_s->drv_flags & WPA_DRIVER_FLAGS_OFFCHANNEL_SIMULTANEOUS)
5481 && radio->num_active_works < MAX_ACTIVE_WORKS) {
5482 wpa_dbg(wpa_s, MSG_DEBUG,
5483 "Try to schedule a radio work (num_active_works=%u)",
5484 radio->num_active_works);
5485 radio_work_check_next(wpa_s);
5486 }
5487
5488 return 0;
5489}
5490
5491
5492/**
5493 * radio_work_done - Indicate that a radio work item has been completed
5494 * @work: Completed work
5495 *
5496 * This function is called once the callback function registered with
5497 * radio_add_work() has completed its work.
5498 */
5499void radio_work_done(struct wpa_radio_work *work)
5500{
5501 struct wpa_supplicant *wpa_s = work->wpa_s;
5502 struct os_reltime now, diff;
5503 unsigned int started = work->started;
5504
5505 os_get_reltime(&now);
5506 os_reltime_sub(&now, &work->time, &diff);
5507 wpa_dbg(wpa_s, MSG_DEBUG, "Radio work '%s'@%p %s in %ld.%06ld seconds",
5508 work->type, work, started ? "done" : "canceled",
5509 diff.sec, diff.usec);
5510 radio_work_free(work);
5511 if (started)
5512 radio_work_check_next(wpa_s);
5513}
5514
5515
5516struct wpa_radio_work *
5517radio_work_pending(struct wpa_supplicant *wpa_s, const char *type)
5518{
5519 struct wpa_radio_work *work;
5520 struct wpa_radio *radio = wpa_s->radio;
5521
5522 dl_list_for_each(work, &radio->work, struct wpa_radio_work, list) {
5523 if (work->wpa_s == wpa_s && os_strcmp(work->type, type) == 0)
5524 return work;
5525 }
5526
5527 return NULL;
5528}
5529
5530
5531static int wpas_init_driver(struct wpa_supplicant *wpa_s,
5532 const struct wpa_interface *iface)
5533{
5534 const char *ifname, *driver, *rn;
5535
5536 driver = iface->driver;
5537next_driver:
5538 if (wpa_supplicant_set_driver(wpa_s, driver) < 0)
5539 return -1;
5540
5541 wpa_s->drv_priv = wpa_drv_init(wpa_s, wpa_s->ifname);
5542 if (wpa_s->drv_priv == NULL) {
5543 const char *pos;
5544 pos = driver ? os_strchr(driver, ',') : NULL;
5545 if (pos) {
5546 wpa_dbg(wpa_s, MSG_DEBUG, "Failed to initialize "
5547 "driver interface - try next driver wrapper");
5548 driver = pos + 1;
5549 goto next_driver;
5550 }
5551 wpa_msg(wpa_s, MSG_ERROR, "Failed to initialize driver "
5552 "interface");
5553 return -1;
5554 }
5555 if (wpa_drv_set_param(wpa_s, wpa_s->conf->driver_param) < 0) {
5556 wpa_msg(wpa_s, MSG_ERROR, "Driver interface rejected "
5557 "driver_param '%s'", wpa_s->conf->driver_param);
5558 return -1;
5559 }
5560
5561 ifname = wpa_drv_get_ifname(wpa_s);
5562 if (ifname && os_strcmp(ifname, wpa_s->ifname) != 0) {
5563 wpa_dbg(wpa_s, MSG_DEBUG, "Driver interface replaced "
5564 "interface name with '%s'", ifname);
5565 os_strlcpy(wpa_s->ifname, ifname, sizeof(wpa_s->ifname));
5566 }
5567
5568 rn = wpa_driver_get_radio_name(wpa_s);
5569 if (rn && rn[0] == '\0')
5570 rn = NULL;
5571
5572 wpa_s->radio = radio_add_interface(wpa_s, rn);
5573 if (wpa_s->radio == NULL)
5574 return -1;
5575
5576 return 0;
5577}
5578
5579
5580#ifdef CONFIG_GAS_SERVER
5581
5582static void wpas_gas_server_tx_status(struct wpa_supplicant *wpa_s,
5583 unsigned int freq, const u8 *dst,
5584 const u8 *src, const u8 *bssid,
5585 const u8 *data, size_t data_len,
5586 enum offchannel_send_action_result result)
5587{
5588 wpa_printf(MSG_DEBUG, "GAS: TX status: freq=%u dst=" MACSTR
5589 " result=%s",
5590 freq, MAC2STR(dst),
5591 result == OFFCHANNEL_SEND_ACTION_SUCCESS ? "SUCCESS" :
5592 (result == OFFCHANNEL_SEND_ACTION_NO_ACK ? "no-ACK" :
5593 "FAILED"));
5594 gas_server_tx_status(wpa_s->gas_server, dst, data, data_len,
5595 result == OFFCHANNEL_SEND_ACTION_SUCCESS);
5596}
5597
5598
5599static void wpas_gas_server_tx(void *ctx, int freq, const u8 *da,
5600 struct wpabuf *buf, unsigned int wait_time)
5601{
5602 struct wpa_supplicant *wpa_s = ctx;
5603 const u8 broadcast[ETH_ALEN] = { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff };
5604
5605 if (wait_time > wpa_s->max_remain_on_chan)
5606 wait_time = wpa_s->max_remain_on_chan;
5607
5608 offchannel_send_action(wpa_s, freq, da, wpa_s->own_addr, broadcast,
5609 wpabuf_head(buf), wpabuf_len(buf),
5610 wait_time, wpas_gas_server_tx_status, 0);
5611}
5612
5613#endif /* CONFIG_GAS_SERVER */
5614
5615static int wpa_supplicant_init_iface(struct wpa_supplicant *wpa_s,
5616 const struct wpa_interface *iface)
5617{
5618 struct wpa_driver_capa capa;
5619 int capa_res;
5620 u8 dfs_domain;
5621
5622 wpa_printf(MSG_DEBUG, "Initializing interface '%s' conf '%s' driver "
5623 "'%s' ctrl_interface '%s' bridge '%s'", iface->ifname,
5624 iface->confname ? iface->confname : "N/A",
5625 iface->driver ? iface->driver : "default",
5626 iface->ctrl_interface ? iface->ctrl_interface : "N/A",
5627 iface->bridge_ifname ? iface->bridge_ifname : "N/A");
5628
5629 if (iface->confname) {
5630#ifdef CONFIG_BACKEND_FILE
5631 wpa_s->confname = os_rel2abs_path(iface->confname);
5632 if (wpa_s->confname == NULL) {
5633 wpa_printf(MSG_ERROR, "Failed to get absolute path "
5634 "for configuration file '%s'.",
5635 iface->confname);
5636 return -1;
5637 }
5638 wpa_printf(MSG_DEBUG, "Configuration file '%s' -> '%s'",
5639 iface->confname, wpa_s->confname);
5640#else /* CONFIG_BACKEND_FILE */
5641 wpa_s->confname = os_strdup(iface->confname);
5642#endif /* CONFIG_BACKEND_FILE */
5643 wpa_s->conf = wpa_config_read(wpa_s->confname, NULL);
5644 if (wpa_s->conf == NULL) {
5645 wpa_printf(MSG_ERROR, "Failed to read or parse "
5646 "configuration '%s'.", wpa_s->confname);
5647 return -1;
5648 }
5649 wpa_s->confanother = os_rel2abs_path(iface->confanother);
5650 if (wpa_s->confanother &&
5651 !wpa_config_read(wpa_s->confanother, wpa_s->conf)) {
5652 wpa_printf(MSG_ERROR,
5653 "Failed to read or parse configuration '%s'.",
5654 wpa_s->confanother);
5655 return -1;
5656 }
5657
5658 /*
5659 * Override ctrl_interface and driver_param if set on command
5660 * line.
5661 */
5662 if (iface->ctrl_interface) {
5663 os_free(wpa_s->conf->ctrl_interface);
5664 wpa_s->conf->ctrl_interface =
5665 os_strdup(iface->ctrl_interface);
5666 }
5667
5668 if (iface->driver_param) {
5669 os_free(wpa_s->conf->driver_param);
5670 wpa_s->conf->driver_param =
5671 os_strdup(iface->driver_param);
5672 }
5673
5674 if (iface->p2p_mgmt && !iface->ctrl_interface) {
5675 os_free(wpa_s->conf->ctrl_interface);
5676 wpa_s->conf->ctrl_interface = NULL;
5677 }
5678 } else
5679 wpa_s->conf = wpa_config_alloc_empty(iface->ctrl_interface,
5680 iface->driver_param);
5681
5682 if (wpa_s->conf == NULL) {
5683 wpa_printf(MSG_ERROR, "\nNo configuration found.");
5684 return -1;
5685 }
5686
5687 if (iface->ifname == NULL) {
5688 wpa_printf(MSG_ERROR, "\nInterface name is required.");
5689 return -1;
5690 }
5691 if (os_strlen(iface->ifname) >= sizeof(wpa_s->ifname)) {
5692 wpa_printf(MSG_ERROR, "\nToo long interface name '%s'.",
5693 iface->ifname);
5694 return -1;
5695 }
5696 os_strlcpy(wpa_s->ifname, iface->ifname, sizeof(wpa_s->ifname));
5697
5698 if (iface->bridge_ifname) {
5699 if (os_strlen(iface->bridge_ifname) >=
5700 sizeof(wpa_s->bridge_ifname)) {
5701 wpa_printf(MSG_ERROR, "\nToo long bridge interface "
5702 "name '%s'.", iface->bridge_ifname);
5703 return -1;
5704 }
5705 os_strlcpy(wpa_s->bridge_ifname, iface->bridge_ifname,
5706 sizeof(wpa_s->bridge_ifname));
5707 }
5708
5709 /* RSNA Supplicant Key Management - INITIALIZE */
5710 eapol_sm_notify_portEnabled(wpa_s->eapol, FALSE);
5711 eapol_sm_notify_portValid(wpa_s->eapol, FALSE);
5712
5713 /* Initialize driver interface and register driver event handler before
5714 * L2 receive handler so that association events are processed before
5715 * EAPOL-Key packets if both become available for the same select()
5716 * call. */
5717 if (wpas_init_driver(wpa_s, iface) < 0)
5718 return -1;
5719
5720 if (wpa_supplicant_init_wpa(wpa_s) < 0)
5721 return -1;
5722
5723 wpa_sm_set_ifname(wpa_s->wpa, wpa_s->ifname,
5724 wpa_s->bridge_ifname[0] ? wpa_s->bridge_ifname :
5725 NULL);
5726 wpa_sm_set_fast_reauth(wpa_s->wpa, wpa_s->conf->fast_reauth);
5727
5728 if (wpa_s->conf->dot11RSNAConfigPMKLifetime &&
5729 wpa_sm_set_param(wpa_s->wpa, RSNA_PMK_LIFETIME,
5730 wpa_s->conf->dot11RSNAConfigPMKLifetime)) {
5731 wpa_msg(wpa_s, MSG_ERROR, "Invalid WPA parameter value for "
5732 "dot11RSNAConfigPMKLifetime");
5733 return -1;
5734 }
5735
5736 if (wpa_s->conf->dot11RSNAConfigPMKReauthThreshold &&
5737 wpa_sm_set_param(wpa_s->wpa, RSNA_PMK_REAUTH_THRESHOLD,
5738 wpa_s->conf->dot11RSNAConfigPMKReauthThreshold)) {
5739 wpa_msg(wpa_s, MSG_ERROR, "Invalid WPA parameter value for "
5740 "dot11RSNAConfigPMKReauthThreshold");
5741 return -1;
5742 }
5743
5744 if (wpa_s->conf->dot11RSNAConfigSATimeout &&
5745 wpa_sm_set_param(wpa_s->wpa, RSNA_SA_TIMEOUT,
5746 wpa_s->conf->dot11RSNAConfigSATimeout)) {
5747 wpa_msg(wpa_s, MSG_ERROR, "Invalid WPA parameter value for "
5748 "dot11RSNAConfigSATimeout");
5749 return -1;
5750 }
5751
5752 wpa_s->hw.modes = wpa_drv_get_hw_feature_data(wpa_s,
5753 &wpa_s->hw.num_modes,
5754 &wpa_s->hw.flags,
5755 &dfs_domain);
5756 if (wpa_s->hw.modes) {
5757 u16 i;
5758
5759 for (i = 0; i < wpa_s->hw.num_modes; i++) {
5760 if (wpa_s->hw.modes[i].vht_capab) {
5761 wpa_s->hw_capab = CAPAB_VHT;
5762 break;
5763 }
5764
5765 if (wpa_s->hw.modes[i].ht_capab &
5766 HT_CAP_INFO_SUPP_CHANNEL_WIDTH_SET)
5767 wpa_s->hw_capab = CAPAB_HT40;
5768 else if (wpa_s->hw.modes[i].ht_capab &&
5769 wpa_s->hw_capab == CAPAB_NO_HT_VHT)
5770 wpa_s->hw_capab = CAPAB_HT;
5771 }
5772 }
5773
5774 capa_res = wpa_drv_get_capa(wpa_s, &capa);
5775 if (capa_res == 0) {
5776 wpa_s->drv_capa_known = 1;
5777 wpa_s->drv_flags = capa.flags;
5778 wpa_s->drv_enc = capa.enc;
5779 wpa_s->drv_smps_modes = capa.smps_modes;
5780 wpa_s->drv_rrm_flags = capa.rrm_flags;
5781 wpa_s->probe_resp_offloads = capa.probe_resp_offloads;
5782 wpa_s->max_scan_ssids = capa.max_scan_ssids;
5783 wpa_s->max_sched_scan_ssids = capa.max_sched_scan_ssids;
5784 wpa_s->max_sched_scan_plans = capa.max_sched_scan_plans;
5785 wpa_s->max_sched_scan_plan_interval =
5786 capa.max_sched_scan_plan_interval;
5787 wpa_s->max_sched_scan_plan_iterations =
5788 capa.max_sched_scan_plan_iterations;
5789 wpa_s->sched_scan_supported = capa.sched_scan_supported;
5790 wpa_s->max_match_sets = capa.max_match_sets;
5791 wpa_s->max_remain_on_chan = capa.max_remain_on_chan;
5792 wpa_s->max_stations = capa.max_stations;
5793 wpa_s->extended_capa = capa.extended_capa;
5794 wpa_s->extended_capa_mask = capa.extended_capa_mask;
5795 wpa_s->extended_capa_len = capa.extended_capa_len;
5796 wpa_s->num_multichan_concurrent =
5797 capa.num_multichan_concurrent;
5798 wpa_s->wmm_ac_supported = capa.wmm_ac_supported;
5799
5800 if (capa.mac_addr_rand_scan_supported)
5801 wpa_s->mac_addr_rand_supported |= MAC_ADDR_RAND_SCAN;
5802 if (wpa_s->sched_scan_supported &&
5803 capa.mac_addr_rand_sched_scan_supported)
5804 wpa_s->mac_addr_rand_supported |=
5805 (MAC_ADDR_RAND_SCHED_SCAN | MAC_ADDR_RAND_PNO);
5806
5807 wpa_drv_get_ext_capa(wpa_s, WPA_IF_STATION);
5808 if (wpa_s->extended_capa &&
5809 wpa_s->extended_capa_len >= 3 &&
5810 wpa_s->extended_capa[2] & 0x40)
5811 wpa_s->multi_bss_support = 1;
5812 }
5813 if (wpa_s->max_remain_on_chan == 0)
5814 wpa_s->max_remain_on_chan = 1000;
5815
5816 /*
5817 * Only take p2p_mgmt parameters when P2P Device is supported.
5818 * Doing it here as it determines whether l2_packet_init() will be done
5819 * during wpa_supplicant_driver_init().
5820 */
5821 if (wpa_s->drv_flags & WPA_DRIVER_FLAGS_DEDICATED_P2P_DEVICE)
5822 wpa_s->p2p_mgmt = iface->p2p_mgmt;
5823
5824 if (wpa_s->num_multichan_concurrent == 0)
5825 wpa_s->num_multichan_concurrent = 1;
5826
5827 if (wpa_supplicant_driver_init(wpa_s) < 0)
5828 return -1;
5829
5830#ifdef CONFIG_TDLS
5831 if (!iface->p2p_mgmt && wpa_tdls_init(wpa_s->wpa))
5832 return -1;
5833#endif /* CONFIG_TDLS */
5834
5835 if (wpa_s->conf->country[0] && wpa_s->conf->country[1] &&
5836 wpa_drv_set_country(wpa_s, wpa_s->conf->country)) {
5837 wpa_dbg(wpa_s, MSG_DEBUG, "Failed to set country");
5838 return -1;
5839 }
5840
5841#ifdef CONFIG_FST
5842 if (wpa_s->conf->fst_group_id) {
5843 struct fst_iface_cfg cfg;
5844 struct fst_wpa_obj iface_obj;
5845
5846 fst_wpa_supplicant_fill_iface_obj(wpa_s, &iface_obj);
5847 os_strlcpy(cfg.group_id, wpa_s->conf->fst_group_id,
5848 sizeof(cfg.group_id));
5849 cfg.priority = wpa_s->conf->fst_priority;
5850 cfg.llt = wpa_s->conf->fst_llt;
5851
5852 wpa_s->fst = fst_attach(wpa_s->ifname, wpa_s->own_addr,
5853 &iface_obj, &cfg);
5854 if (!wpa_s->fst) {
5855 wpa_msg(wpa_s, MSG_ERROR,
5856 "FST: Cannot attach iface %s to group %s",
5857 wpa_s->ifname, cfg.group_id);
5858 return -1;
5859 }
5860 }
5861#endif /* CONFIG_FST */
5862
5863 if (wpas_wps_init(wpa_s))
5864 return -1;
5865
5866#ifdef CONFIG_GAS_SERVER
5867 wpa_s->gas_server = gas_server_init(wpa_s, wpas_gas_server_tx);
5868 if (!wpa_s->gas_server) {
5869 wpa_printf(MSG_ERROR, "Failed to initialize GAS server");
5870 return -1;
5871 }
5872#endif /* CONFIG_GAS_SERVER */
5873
5874#ifdef CONFIG_DPP
5875 if (wpas_dpp_init(wpa_s) < 0)
5876 return -1;
5877#endif /* CONFIG_DPP */
5878
5879 if (wpa_supplicant_init_eapol(wpa_s) < 0)
5880 return -1;
5881 wpa_sm_set_eapol(wpa_s->wpa, wpa_s->eapol);
5882
5883 wpa_s->ctrl_iface = wpa_supplicant_ctrl_iface_init(wpa_s);
5884 if (wpa_s->ctrl_iface == NULL) {
5885 wpa_printf(MSG_ERROR,
5886 "Failed to initialize control interface '%s'.\n"
5887 "You may have another wpa_supplicant process "
5888 "already running or the file was\n"
5889 "left by an unclean termination of wpa_supplicant "
5890 "in which case you will need\n"
5891 "to manually remove this file before starting "
5892 "wpa_supplicant again.\n",
5893 wpa_s->conf->ctrl_interface);
5894 return -1;
5895 }
5896
5897 wpa_s->gas = gas_query_init(wpa_s);
5898 if (wpa_s->gas == NULL) {
5899 wpa_printf(MSG_ERROR, "Failed to initialize GAS query");
5900 return -1;
5901 }
5902
5903 if ((!(wpa_s->drv_flags & WPA_DRIVER_FLAGS_DEDICATED_P2P_DEVICE) ||
5904 wpa_s->p2p_mgmt) &&
5905 wpas_p2p_init(wpa_s->global, wpa_s) < 0) {
5906 wpa_msg(wpa_s, MSG_ERROR, "Failed to init P2P");
5907 return -1;
5908 }
5909
5910 if (wpa_bss_init(wpa_s) < 0)
5911 return -1;
5912
5913#ifdef CONFIG_PMKSA_CACHE_EXTERNAL
5914#ifdef CONFIG_MESH
5915 dl_list_init(&wpa_s->mesh_external_pmksa_cache);
5916#endif /* CONFIG_MESH */
5917#endif /* CONFIG_PMKSA_CACHE_EXTERNAL */
5918
5919 /*
5920 * Set Wake-on-WLAN triggers, if configured.
5921 * Note: We don't restore/remove the triggers on shutdown (it doesn't
5922 * have effect anyway when the interface is down).
5923 */
5924 if (capa_res == 0 && wpas_set_wowlan_triggers(wpa_s, &capa) < 0)
5925 return -1;
5926
5927#ifdef CONFIG_EAP_PROXY
5928{
5929 size_t len;
5930 wpa_s->mnc_len = eapol_sm_get_eap_proxy_imsi(wpa_s->eapol, -1,
5931 wpa_s->imsi, &len);
5932 if (wpa_s->mnc_len > 0) {
5933 wpa_s->imsi[len] = '\0';
5934 wpa_printf(MSG_DEBUG, "eap_proxy: IMSI %s (MNC length %d)",
5935 wpa_s->imsi, wpa_s->mnc_len);
5936 } else {
5937 wpa_printf(MSG_DEBUG, "eap_proxy: IMSI not available");
5938 }
5939}
5940#endif /* CONFIG_EAP_PROXY */
5941
5942 if (pcsc_reader_init(wpa_s) < 0)
5943 return -1;
5944
5945 if (wpas_init_ext_pw(wpa_s) < 0)
5946 return -1;
5947
5948 wpas_rrm_reset(wpa_s);
5949
5950 wpas_sched_scan_plans_set(wpa_s, wpa_s->conf->sched_scan_plans);
5951
5952#ifdef CONFIG_HS20
5953 hs20_init(wpa_s);
5954#endif /* CONFIG_HS20 */
5955#ifdef CONFIG_MBO
5956 if (wpa_s->conf->oce) {
5957 if ((wpa_s->conf->oce & OCE_STA) &&
5958 (wpa_s->drv_flags & WPA_DRIVER_FLAGS_OCE_STA))
5959 wpa_s->enable_oce = OCE_STA;
5960 if ((wpa_s->conf->oce & OCE_STA_CFON) &&
5961 (wpa_s->drv_flags & WPA_DRIVER_FLAGS_OCE_STA_CFON)) {
5962 /* TODO: Need to add STA-CFON support */
5963 wpa_printf(MSG_ERROR,
5964 "OCE STA-CFON feature is not yet supported");
5965 }
5966 }
5967 wpas_mbo_update_non_pref_chan(wpa_s, wpa_s->conf->non_pref_chan);
5968#endif /* CONFIG_MBO */
5969
5970 wpa_supplicant_set_default_scan_ies(wpa_s);
5971
5972 return 0;
5973}
5974
5975
5976static void wpa_supplicant_deinit_iface(struct wpa_supplicant *wpa_s,
5977 int notify, int terminate)
5978{
5979 struct wpa_global *global = wpa_s->global;
5980 struct wpa_supplicant *iface, *prev;
5981
5982 if (wpa_s == wpa_s->parent)
5983 wpas_p2p_group_remove(wpa_s, "*");
5984
5985 iface = global->ifaces;
5986 while (iface) {
5987 if (iface->p2pdev == wpa_s)
5988 iface->p2pdev = iface->parent;
5989 if (iface == wpa_s || iface->parent != wpa_s) {
5990 iface = iface->next;
5991 continue;
5992 }
5993 wpa_printf(MSG_DEBUG,
5994 "Remove remaining child interface %s from parent %s",
5995 iface->ifname, wpa_s->ifname);
5996 prev = iface;
5997 iface = iface->next;
5998 wpa_supplicant_remove_iface(global, prev, terminate);
5999 }
6000
6001 wpa_s->disconnected = 1;
6002 if (wpa_s->drv_priv) {
6003 wpa_supplicant_deauthenticate(wpa_s,
6004 WLAN_REASON_DEAUTH_LEAVING);
6005
6006 wpa_drv_set_countermeasures(wpa_s, 0);
6007 wpa_clear_keys(wpa_s, NULL);
6008 }
6009
6010 wpa_supplicant_cleanup(wpa_s);
6011 wpas_p2p_deinit_iface(wpa_s);
6012
6013 wpas_ctrl_radio_work_flush(wpa_s);
6014 radio_remove_interface(wpa_s);
6015
6016#ifdef CONFIG_FST
6017 if (wpa_s->fst) {
6018 fst_detach(wpa_s->fst);
6019 wpa_s->fst = NULL;
6020 }
6021 if (wpa_s->received_mb_ies) {
6022 wpabuf_free(wpa_s->received_mb_ies);
6023 wpa_s->received_mb_ies = NULL;
6024 }
6025#endif /* CONFIG_FST */
6026
6027 if (wpa_s->drv_priv)
6028 wpa_drv_deinit(wpa_s);
6029
6030 if (notify)
6031 wpas_notify_iface_removed(wpa_s);
6032
6033 if (terminate)
6034 wpa_msg(wpa_s, MSG_INFO, WPA_EVENT_TERMINATING);
6035
6036 if (wpa_s->ctrl_iface) {
6037 wpa_supplicant_ctrl_iface_deinit(wpa_s->ctrl_iface);
6038 wpa_s->ctrl_iface = NULL;
6039 }
6040
6041#ifdef CONFIG_MESH
6042 if (wpa_s->ifmsh) {
6043 wpa_supplicant_mesh_iface_deinit(wpa_s, wpa_s->ifmsh);
6044 wpa_s->ifmsh = NULL;
6045 }
6046#endif /* CONFIG_MESH */
6047
6048 if (wpa_s->conf != NULL) {
6049 wpa_config_free(wpa_s->conf);
6050 wpa_s->conf = NULL;
6051 }
6052
6053 os_free(wpa_s->ssids_from_scan_req);
6054
6055 os_free(wpa_s);
6056}
6057
6058
6059#ifdef CONFIG_MATCH_IFACE
6060
6061/**
6062 * wpa_supplicant_match_iface - Match an interface description to a name
6063 * @global: Pointer to global data from wpa_supplicant_init()
6064 * @ifname: Name of the interface to match
6065 * Returns: Pointer to the created interface description or %NULL on failure
6066 */
6067struct wpa_interface * wpa_supplicant_match_iface(struct wpa_global *global,
6068 const char *ifname)
6069{
6070 int i;
6071 struct wpa_interface *iface, *miface;
6072
6073 for (i = 0; i < global->params.match_iface_count; i++) {
6074 miface = &global->params.match_ifaces[i];
6075 if (!miface->ifname ||
6076 fnmatch(miface->ifname, ifname, 0) == 0) {
6077 iface = os_zalloc(sizeof(*iface));
6078 if (!iface)
6079 return NULL;
6080 *iface = *miface;
6081 iface->ifname = ifname;
6082 return iface;
6083 }
6084 }
6085
6086 return NULL;
6087}
6088
6089
6090/**
6091 * wpa_supplicant_match_existing - Match existing interfaces
6092 * @global: Pointer to global data from wpa_supplicant_init()
6093 * Returns: 0 on success, -1 on failure
6094 */
6095static int wpa_supplicant_match_existing(struct wpa_global *global)
6096{
6097 struct if_nameindex *ifi, *ifp;
6098 struct wpa_supplicant *wpa_s;
6099 struct wpa_interface *iface;
6100
6101 ifp = if_nameindex();
6102 if (!ifp) {
6103 wpa_printf(MSG_ERROR, "if_nameindex: %s", strerror(errno));
6104 return -1;
6105 }
6106
6107 for (ifi = ifp; ifi->if_name; ifi++) {
6108 wpa_s = wpa_supplicant_get_iface(global, ifi->if_name);
6109 if (wpa_s)
6110 continue;
6111 iface = wpa_supplicant_match_iface(global, ifi->if_name);
6112 if (iface) {
6113 wpa_s = wpa_supplicant_add_iface(global, iface, NULL);
6114 os_free(iface);
6115 if (wpa_s)
6116 wpa_s->matched = 1;
6117 }
6118 }
6119
6120 if_freenameindex(ifp);
6121 return 0;
6122}
6123
6124#endif /* CONFIG_MATCH_IFACE */
6125
6126
6127/**
6128 * wpa_supplicant_add_iface - Add a new network interface
6129 * @global: Pointer to global data from wpa_supplicant_init()
6130 * @iface: Interface configuration options
6131 * @parent: Parent interface or %NULL to assign new interface as parent
6132 * Returns: Pointer to the created interface or %NULL on failure
6133 *
6134 * This function is used to add new network interfaces for %wpa_supplicant.
6135 * This can be called before wpa_supplicant_run() to add interfaces before the
6136 * main event loop has been started. In addition, new interfaces can be added
6137 * dynamically while %wpa_supplicant is already running. This could happen,
6138 * e.g., when a hotplug network adapter is inserted.
6139 */
6140struct wpa_supplicant * wpa_supplicant_add_iface(struct wpa_global *global,
6141 struct wpa_interface *iface,
6142 struct wpa_supplicant *parent)
6143{
6144 struct wpa_supplicant *wpa_s;
6145 struct wpa_interface t_iface;
6146 struct wpa_ssid *ssid;
6147
6148 if (global == NULL || iface == NULL)
6149 return NULL;
6150
6151 wpa_s = wpa_supplicant_alloc(parent);
6152 if (wpa_s == NULL)
6153 return NULL;
6154
6155 wpa_s->global = global;
6156
6157 t_iface = *iface;
6158 if (global->params.override_driver) {
6159 wpa_printf(MSG_DEBUG, "Override interface parameter: driver "
6160 "('%s' -> '%s')",
6161 iface->driver, global->params.override_driver);
6162 t_iface.driver = global->params.override_driver;
6163 }
6164 if (global->params.override_ctrl_interface) {
6165 wpa_printf(MSG_DEBUG, "Override interface parameter: "
6166 "ctrl_interface ('%s' -> '%s')",
6167 iface->ctrl_interface,
6168 global->params.override_ctrl_interface);
6169 t_iface.ctrl_interface =
6170 global->params.override_ctrl_interface;
6171 }
6172 if (wpa_supplicant_init_iface(wpa_s, &t_iface)) {
6173 wpa_printf(MSG_DEBUG, "Failed to add interface %s",
6174 iface->ifname);
6175 wpa_supplicant_deinit_iface(wpa_s, 0, 0);
6176 return NULL;
6177 }
6178
6179 if (iface->p2p_mgmt == 0) {
6180 /* Notify the control interfaces about new iface */
6181 if (wpas_notify_iface_added(wpa_s)) {
6182 wpa_supplicant_deinit_iface(wpa_s, 1, 0);
6183 return NULL;
6184 }
6185
6186 for (ssid = wpa_s->conf->ssid; ssid; ssid = ssid->next)
6187 wpas_notify_network_added(wpa_s, ssid);
6188 }
6189
6190 wpa_s->next = global->ifaces;
6191 global->ifaces = wpa_s;
6192
6193 wpa_dbg(wpa_s, MSG_DEBUG, "Added interface %s", wpa_s->ifname);
6194 wpa_supplicant_set_state(wpa_s, WPA_DISCONNECTED);
6195
6196#ifdef CONFIG_P2P
6197 if (wpa_s->global->p2p == NULL &&
6198 !wpa_s->global->p2p_disabled && !wpa_s->conf->p2p_disabled &&
6199 (wpa_s->drv_flags & WPA_DRIVER_FLAGS_DEDICATED_P2P_DEVICE) &&
6200 wpas_p2p_add_p2pdev_interface(
6201 wpa_s, wpa_s->global->params.conf_p2p_dev) < 0) {
6202 wpa_printf(MSG_INFO,
6203 "P2P: Failed to enable P2P Device interface");
6204 /* Try to continue without. P2P will be disabled. */
6205 }
6206#endif /* CONFIG_P2P */
6207
6208 return wpa_s;
6209}
6210
6211
6212/**
6213 * wpa_supplicant_remove_iface - Remove a network interface
6214 * @global: Pointer to global data from wpa_supplicant_init()
6215 * @wpa_s: Pointer to the network interface to be removed
6216 * Returns: 0 if interface was removed, -1 if interface was not found
6217 *
6218 * This function can be used to dynamically remove network interfaces from
6219 * %wpa_supplicant, e.g., when a hotplug network adapter is ejected. In
6220 * addition, this function is used to remove all remaining interfaces when
6221 * %wpa_supplicant is terminated.
6222 */
6223int wpa_supplicant_remove_iface(struct wpa_global *global,
6224 struct wpa_supplicant *wpa_s,
6225 int terminate)
6226{
6227 struct wpa_supplicant *prev;
6228#ifdef CONFIG_MESH
6229 unsigned int mesh_if_created = wpa_s->mesh_if_created;
6230 char *ifname = NULL;
6231 struct wpa_supplicant *parent = wpa_s->parent;
6232#endif /* CONFIG_MESH */
6233
6234 /* Remove interface from the global list of interfaces */
6235 prev = global->ifaces;
6236 if (prev == wpa_s) {
6237 global->ifaces = wpa_s->next;
6238 } else {
6239 while (prev && prev->next != wpa_s)
6240 prev = prev->next;
6241 if (prev == NULL)
6242 return -1;
6243 prev->next = wpa_s->next;
6244 }
6245
6246 wpa_dbg(wpa_s, MSG_DEBUG, "Removing interface %s", wpa_s->ifname);
6247
6248#ifdef CONFIG_MESH
6249 if (mesh_if_created) {
6250 ifname = os_strdup(wpa_s->ifname);
6251 if (ifname == NULL) {
6252 wpa_dbg(wpa_s, MSG_ERROR,
6253 "mesh: Failed to malloc ifname");
6254 return -1;
6255 }
6256 }
6257#endif /* CONFIG_MESH */
6258
6259 if (global->p2p_group_formation == wpa_s)
6260 global->p2p_group_formation = NULL;
6261 if (global->p2p_invite_group == wpa_s)
6262 global->p2p_invite_group = NULL;
6263 wpa_supplicant_deinit_iface(wpa_s, 1, terminate);
6264
6265#ifdef CONFIG_MESH
6266 if (mesh_if_created) {
6267 wpa_drv_if_remove(parent, WPA_IF_MESH, ifname);
6268 os_free(ifname);
6269 }
6270#endif /* CONFIG_MESH */
6271
6272 return 0;
6273}
6274
6275
6276/**
6277 * wpa_supplicant_get_eap_mode - Get the current EAP mode
6278 * @wpa_s: Pointer to the network interface
6279 * Returns: Pointer to the eap mode or the string "UNKNOWN" if not found
6280 */
6281const char * wpa_supplicant_get_eap_mode(struct wpa_supplicant *wpa_s)
6282{
6283 const char *eapol_method;
6284
6285 if (wpa_key_mgmt_wpa_ieee8021x(wpa_s->key_mgmt) == 0 &&
6286 wpa_s->key_mgmt != WPA_KEY_MGMT_IEEE8021X_NO_WPA) {
6287 return "NO-EAP";
6288 }
6289
6290 eapol_method = eapol_sm_get_method_name(wpa_s->eapol);
6291 if (eapol_method == NULL)
6292 return "UNKNOWN-EAP";
6293
6294 return eapol_method;
6295}
6296
6297
6298/**
6299 * wpa_supplicant_get_iface - Get a new network interface
6300 * @global: Pointer to global data from wpa_supplicant_init()
6301 * @ifname: Interface name
6302 * Returns: Pointer to the interface or %NULL if not found
6303 */
6304struct wpa_supplicant * wpa_supplicant_get_iface(struct wpa_global *global,
6305 const char *ifname)
6306{
6307 struct wpa_supplicant *wpa_s;
6308
6309 for (wpa_s = global->ifaces; wpa_s; wpa_s = wpa_s->next) {
6310 if (os_strcmp(wpa_s->ifname, ifname) == 0)
6311 return wpa_s;
6312 }
6313 return NULL;
6314}
6315
6316
6317#ifndef CONFIG_NO_WPA_MSG
6318static const char * wpa_supplicant_msg_ifname_cb(void *ctx)
6319{
6320 struct wpa_supplicant *wpa_s = ctx;
6321 if (wpa_s == NULL)
6322 return NULL;
6323 return wpa_s->ifname;
6324}
6325#endif /* CONFIG_NO_WPA_MSG */
6326
6327
6328#ifndef WPA_SUPPLICANT_CLEANUP_INTERVAL
6329#define WPA_SUPPLICANT_CLEANUP_INTERVAL 10
6330#endif /* WPA_SUPPLICANT_CLEANUP_INTERVAL */
6331
6332/* Periodic cleanup tasks */
6333static void wpas_periodic(void *eloop_ctx, void *timeout_ctx)
6334{
6335 struct wpa_global *global = eloop_ctx;
6336 struct wpa_supplicant *wpa_s;
6337
6338 eloop_register_timeout(WPA_SUPPLICANT_CLEANUP_INTERVAL, 0,
6339 wpas_periodic, global, NULL);
6340
6341#ifdef CONFIG_P2P
6342 if (global->p2p)
6343 p2p_expire_peers(global->p2p);
6344#endif /* CONFIG_P2P */
6345
6346 for (wpa_s = global->ifaces; wpa_s; wpa_s = wpa_s->next) {
6347 wpa_bss_flush_by_age(wpa_s, wpa_s->conf->bss_expiration_age);
6348#ifdef CONFIG_AP
6349 ap_periodic(wpa_s);
6350#endif /* CONFIG_AP */
6351 }
6352}
6353
6354
6355/**
6356 * wpa_supplicant_init - Initialize %wpa_supplicant
6357 * @params: Parameters for %wpa_supplicant
6358 * Returns: Pointer to global %wpa_supplicant data, or %NULL on failure
6359 *
6360 * This function is used to initialize %wpa_supplicant. After successful
6361 * initialization, the returned data pointer can be used to add and remove
6362 * network interfaces, and eventually, to deinitialize %wpa_supplicant.
6363 */
6364struct wpa_global * wpa_supplicant_init(struct wpa_params *params)
6365{
6366 struct wpa_global *global;
6367 int ret, i;
6368
6369 if (params == NULL)
6370 return NULL;
6371
6372#ifdef CONFIG_DRIVER_NDIS
6373 {
6374 void driver_ndis_init_ops(void);
6375 driver_ndis_init_ops();
6376 }
6377#endif /* CONFIG_DRIVER_NDIS */
6378
6379#ifndef CONFIG_NO_WPA_MSG
6380 wpa_msg_register_ifname_cb(wpa_supplicant_msg_ifname_cb);
6381#endif /* CONFIG_NO_WPA_MSG */
6382
6383 if (params->wpa_debug_file_path)
6384 wpa_debug_open_file(params->wpa_debug_file_path);
6385 else
6386 wpa_debug_setup_stdout();
6387 if (params->wpa_debug_syslog)
6388 wpa_debug_open_syslog();
6389 if (params->wpa_debug_tracing) {
6390 ret = wpa_debug_open_linux_tracing();
6391 if (ret) {
6392 wpa_printf(MSG_ERROR,
6393 "Failed to enable trace logging");
6394 return NULL;
6395 }
6396 }
6397
6398 ret = eap_register_methods();
6399 if (ret) {
6400 wpa_printf(MSG_ERROR, "Failed to register EAP methods");
6401 if (ret == -2)
6402 wpa_printf(MSG_ERROR, "Two or more EAP methods used "
6403 "the same EAP type.");
6404 return NULL;
6405 }
6406
6407 global = os_zalloc(sizeof(*global));
6408 if (global == NULL)
6409 return NULL;
6410 dl_list_init(&global->p2p_srv_bonjour);
6411 dl_list_init(&global->p2p_srv_upnp);
6412 global->params.daemonize = params->daemonize;
6413 global->params.wait_for_monitor = params->wait_for_monitor;
6414 global->params.dbus_ctrl_interface = params->dbus_ctrl_interface;
6415 if (params->pid_file)
6416 global->params.pid_file = os_strdup(params->pid_file);
6417 if (params->ctrl_interface)
6418 global->params.ctrl_interface =
6419 os_strdup(params->ctrl_interface);
6420 if (params->ctrl_interface_group)
6421 global->params.ctrl_interface_group =
6422 os_strdup(params->ctrl_interface_group);
6423 if (params->override_driver)
6424 global->params.override_driver =
6425 os_strdup(params->override_driver);
6426 if (params->override_ctrl_interface)
6427 global->params.override_ctrl_interface =
6428 os_strdup(params->override_ctrl_interface);
6429#ifdef CONFIG_MATCH_IFACE
6430 global->params.match_iface_count = params->match_iface_count;
6431 if (params->match_iface_count) {
6432 global->params.match_ifaces =
6433 os_calloc(params->match_iface_count,
6434 sizeof(struct wpa_interface));
6435 os_memcpy(global->params.match_ifaces,
6436 params->match_ifaces,
6437 params->match_iface_count *
6438 sizeof(struct wpa_interface));
6439 }
6440#endif /* CONFIG_MATCH_IFACE */
6441#ifdef CONFIG_P2P
6442 if (params->conf_p2p_dev)
6443 global->params.conf_p2p_dev =
6444 os_strdup(params->conf_p2p_dev);
6445#endif /* CONFIG_P2P */
6446 wpa_debug_level = global->params.wpa_debug_level =
6447 params->wpa_debug_level;
6448 wpa_debug_show_keys = global->params.wpa_debug_show_keys =
6449 params->wpa_debug_show_keys;
6450 wpa_debug_timestamp = global->params.wpa_debug_timestamp =
6451 params->wpa_debug_timestamp;
6452
6453 wpa_printf(MSG_DEBUG, "wpa_supplicant v" VERSION_STR);
6454
6455 if (eloop_init()) {
6456 wpa_printf(MSG_ERROR, "Failed to initialize event loop");
6457 wpa_supplicant_deinit(global);
6458 return NULL;
6459 }
6460
6461 random_init(params->entropy_file);
6462
6463 global->ctrl_iface = wpa_supplicant_global_ctrl_iface_init(global);
6464 if (global->ctrl_iface == NULL) {
6465 wpa_supplicant_deinit(global);
6466 return NULL;
6467 }
6468
6469 if (wpas_notify_supplicant_initialized(global)) {
6470 wpa_supplicant_deinit(global);
6471 return NULL;
6472 }
6473
6474 for (i = 0; wpa_drivers[i]; i++)
6475 global->drv_count++;
6476 if (global->drv_count == 0) {
6477 wpa_printf(MSG_ERROR, "No drivers enabled");
6478 wpa_supplicant_deinit(global);
6479 return NULL;
6480 }
6481 global->drv_priv = os_calloc(global->drv_count, sizeof(void *));
6482 if (global->drv_priv == NULL) {
6483 wpa_supplicant_deinit(global);
6484 return NULL;
6485 }
6486
6487#ifdef CONFIG_WIFI_DISPLAY
6488 if (wifi_display_init(global) < 0) {
6489 wpa_printf(MSG_ERROR, "Failed to initialize Wi-Fi Display");
6490 wpa_supplicant_deinit(global);
6491 return NULL;
6492 }
6493#endif /* CONFIG_WIFI_DISPLAY */
6494
6495 eloop_register_timeout(WPA_SUPPLICANT_CLEANUP_INTERVAL, 0,
6496 wpas_periodic, global, NULL);
6497
6498 return global;
6499}
6500
6501
6502/**
6503 * wpa_supplicant_run - Run the %wpa_supplicant main event loop
6504 * @global: Pointer to global data from wpa_supplicant_init()
6505 * Returns: 0 after successful event loop run, -1 on failure
6506 *
6507 * This function starts the main event loop and continues running as long as
6508 * there are any remaining events. In most cases, this function is running as
6509 * long as the %wpa_supplicant process in still in use.
6510 */
6511int wpa_supplicant_run(struct wpa_global *global)
6512{
6513 struct wpa_supplicant *wpa_s;
6514
6515 if (global->params.daemonize &&
6516 (wpa_supplicant_daemon(global->params.pid_file) ||
6517 eloop_sock_requeue()))
6518 return -1;
6519
6520#ifdef CONFIG_MATCH_IFACE
6521 if (wpa_supplicant_match_existing(global))
6522 return -1;
6523#endif
6524
6525 if (global->params.wait_for_monitor) {
6526 for (wpa_s = global->ifaces; wpa_s; wpa_s = wpa_s->next)
6527 if (wpa_s->ctrl_iface && !wpa_s->p2p_mgmt)
6528 wpa_supplicant_ctrl_iface_wait(
6529 wpa_s->ctrl_iface);
6530 }
6531
6532 eloop_register_signal_terminate(wpa_supplicant_terminate, global);
6533 eloop_register_signal_reconfig(wpa_supplicant_reconfig, global);
6534
6535 eloop_run();
6536
6537 return 0;
6538}
6539
6540
6541/**
6542 * wpa_supplicant_deinit - Deinitialize %wpa_supplicant
6543 * @global: Pointer to global data from wpa_supplicant_init()
6544 *
6545 * This function is called to deinitialize %wpa_supplicant and to free all
6546 * allocated resources. Remaining network interfaces will also be removed.
6547 */
6548void wpa_supplicant_deinit(struct wpa_global *global)
6549{
6550 int i;
6551
6552 if (global == NULL)
6553 return;
6554
6555 eloop_cancel_timeout(wpas_periodic, global, NULL);
6556
6557#ifdef CONFIG_WIFI_DISPLAY
6558 wifi_display_deinit(global);
6559#endif /* CONFIG_WIFI_DISPLAY */
6560
6561 while (global->ifaces)
6562 wpa_supplicant_remove_iface(global, global->ifaces, 1);
6563
6564 if (global->ctrl_iface)
6565 wpa_supplicant_global_ctrl_iface_deinit(global->ctrl_iface);
6566
6567 wpas_notify_supplicant_deinitialized(global);
6568
6569 eap_peer_unregister_methods();
6570#ifdef CONFIG_AP
6571 eap_server_unregister_methods();
6572#endif /* CONFIG_AP */
6573
6574 for (i = 0; wpa_drivers[i] && global->drv_priv; i++) {
6575 if (!global->drv_priv[i])
6576 continue;
6577 wpa_drivers[i]->global_deinit(global->drv_priv[i]);
6578 }
6579 os_free(global->drv_priv);
6580
6581 random_deinit();
6582
6583 eloop_destroy();
6584
6585 if (global->params.pid_file) {
6586 os_daemonize_terminate(global->params.pid_file);
6587 os_free(global->params.pid_file);
6588 }
6589 os_free(global->params.ctrl_interface);
6590 os_free(global->params.ctrl_interface_group);
6591 os_free(global->params.override_driver);
6592 os_free(global->params.override_ctrl_interface);
6593#ifdef CONFIG_MATCH_IFACE
6594 os_free(global->params.match_ifaces);
6595#endif /* CONFIG_MATCH_IFACE */
6596#ifdef CONFIG_P2P
6597 os_free(global->params.conf_p2p_dev);
6598#endif /* CONFIG_P2P */
6599
6600 os_free(global->p2p_disallow_freq.range);
6601 os_free(global->p2p_go_avoid_freq.range);
6602 os_free(global->add_psk);
6603
6604 os_free(global);
6605 wpa_debug_close_syslog();
6606 wpa_debug_close_file();
6607 wpa_debug_close_linux_tracing();
6608}
6609
6610
6611void wpa_supplicant_update_config(struct wpa_supplicant *wpa_s)
6612{
6613 if ((wpa_s->conf->changed_parameters & CFG_CHANGED_COUNTRY) &&
6614 wpa_s->conf->country[0] && wpa_s->conf->country[1]) {
6615 char country[3];
6616 country[0] = wpa_s->conf->country[0];
6617 country[1] = wpa_s->conf->country[1];
6618 country[2] = '\0';
6619 if (wpa_drv_set_country(wpa_s, country) < 0) {
6620 wpa_printf(MSG_ERROR, "Failed to set country code "
6621 "'%s'", country);
6622 }
6623 }
6624
6625 if (wpa_s->conf->changed_parameters & CFG_CHANGED_EXT_PW_BACKEND)
6626 wpas_init_ext_pw(wpa_s);
6627
6628 if (wpa_s->conf->changed_parameters & CFG_CHANGED_SCHED_SCAN_PLANS)
6629 wpas_sched_scan_plans_set(wpa_s, wpa_s->conf->sched_scan_plans);
6630
6631 if (wpa_s->conf->changed_parameters & CFG_CHANGED_WOWLAN_TRIGGERS) {
6632 struct wpa_driver_capa capa;
6633 int res = wpa_drv_get_capa(wpa_s, &capa);
6634
6635 if (res == 0 && wpas_set_wowlan_triggers(wpa_s, &capa) < 0)
6636 wpa_printf(MSG_ERROR,
6637 "Failed to update wowlan_triggers to '%s'",
6638 wpa_s->conf->wowlan_triggers);
6639 }
6640
6641 if (wpa_s->conf->changed_parameters & CFG_CHANGED_DISABLE_BTM)
6642 wpa_supplicant_set_default_scan_ies(wpa_s);
6643
6644#ifdef CONFIG_WPS
6645 wpas_wps_update_config(wpa_s);
6646#endif /* CONFIG_WPS */
6647 wpas_p2p_update_config(wpa_s);
6648 wpa_s->conf->changed_parameters = 0;
6649}
6650
6651
6652void add_freq(int *freqs, int *num_freqs, int freq)
6653{
6654 int i;
6655
6656 for (i = 0; i < *num_freqs; i++) {
6657 if (freqs[i] == freq)
6658 return;
6659 }
6660
6661 freqs[*num_freqs] = freq;
6662 (*num_freqs)++;
6663}
6664
6665
6666static int * get_bss_freqs_in_ess(struct wpa_supplicant *wpa_s)
6667{
6668 struct wpa_bss *bss, *cbss;
6669 const int max_freqs = 10;
6670 int *freqs;
6671 int num_freqs = 0;
6672
6673 freqs = os_calloc(max_freqs + 1, sizeof(int));
6674 if (freqs == NULL)
6675 return NULL;
6676
6677 cbss = wpa_s->current_bss;
6678
6679 dl_list_for_each(bss, &wpa_s->bss, struct wpa_bss, list) {
6680 if (bss == cbss)
6681 continue;
6682 if (bss->ssid_len == cbss->ssid_len &&
6683 os_memcmp(bss->ssid, cbss->ssid, bss->ssid_len) == 0 &&
6684 wpa_blacklist_get(wpa_s, bss->bssid) == NULL) {
6685 add_freq(freqs, &num_freqs, bss->freq);
6686 if (num_freqs == max_freqs)
6687 break;
6688 }
6689 }
6690
6691 if (num_freqs == 0) {
6692 os_free(freqs);
6693 freqs = NULL;
6694 }
6695
6696 return freqs;
6697}
6698
6699
6700void wpas_connection_failed(struct wpa_supplicant *wpa_s, const u8 *bssid)
6701{
6702 int timeout;
6703 int count;
6704 int *freqs = NULL;
6705
6706 wpas_connect_work_done(wpa_s);
6707
6708 /*
6709 * Remove possible authentication timeout since the connection failed.
6710 */
6711 eloop_cancel_timeout(wpa_supplicant_timeout, wpa_s, NULL);
6712
6713 /*
6714 * There is no point in blacklisting the AP if this event is
6715 * generated based on local request to disconnect.
6716 */
6717 if (wpa_s->own_disconnect_req) {
6718 wpa_s->own_disconnect_req = 0;
6719 wpa_dbg(wpa_s, MSG_DEBUG,
6720 "Ignore connection failure due to local request to disconnect");
6721 return;
6722 }
6723 if (wpa_s->disconnected) {
6724 wpa_dbg(wpa_s, MSG_DEBUG, "Ignore connection failure "
6725 "indication since interface has been put into "
6726 "disconnected state");
6727 return;
6728 }
6729
6730 /*
6731 * Add the failed BSSID into the blacklist and speed up next scan
6732 * attempt if there could be other APs that could accept association.
6733 * The current blacklist count indicates how many times we have tried
6734 * connecting to this AP and multiple attempts mean that other APs are
6735 * either not available or has already been tried, so that we can start
6736 * increasing the delay here to avoid constant scanning.
6737 */
6738 count = wpa_blacklist_add(wpa_s, bssid);
6739 if (count == 1 && wpa_s->current_bss) {
6740 /*
6741 * This BSS was not in the blacklist before. If there is
6742 * another BSS available for the same ESS, we should try that
6743 * next. Otherwise, we may as well try this one once more
6744 * before allowing other, likely worse, ESSes to be considered.
6745 */
6746 freqs = get_bss_freqs_in_ess(wpa_s);
6747 if (freqs) {
6748 wpa_dbg(wpa_s, MSG_DEBUG, "Another BSS in this ESS "
6749 "has been seen; try it next");
6750 wpa_blacklist_add(wpa_s, bssid);
6751 /*
6752 * On the next scan, go through only the known channels
6753 * used in this ESS based on previous scans to speed up
6754 * common load balancing use case.
6755 */
6756 os_free(wpa_s->next_scan_freqs);
6757 wpa_s->next_scan_freqs = freqs;
6758 }
6759 }
6760
6761 /*
6762 * Add previous failure count in case the temporary blacklist was
6763 * cleared due to no other BSSes being available.
6764 */
6765 count += wpa_s->extra_blacklist_count;
6766
6767 if (count > 3 && wpa_s->current_ssid) {
6768 wpa_printf(MSG_DEBUG, "Continuous association failures - "
6769 "consider temporary network disabling");
6770 wpas_auth_failed(wpa_s, "CONN_FAILED");
6771 }
6772
6773 switch (count) {
6774 case 1:
6775 timeout = 100;
6776 break;
6777 case 2:
6778 timeout = 500;
6779 break;
6780 case 3:
6781 timeout = 1000;
6782 break;
6783 case 4:
6784 timeout = 5000;
6785 break;
6786 default:
6787 timeout = 10000;
6788 break;
6789 }
6790
6791 wpa_dbg(wpa_s, MSG_DEBUG, "Blacklist count %d --> request scan in %d "
6792 "ms", count, timeout);
6793
6794 /*
6795 * TODO: if more than one possible AP is available in scan results,
6796 * could try the other ones before requesting a new scan.
6797 */
6798
6799 /* speed up the connection attempt with normal scan */
6800 wpa_s->normal_scans = 0;
6801 wpa_supplicant_req_scan(wpa_s, timeout / 1000,
6802 1000 * (timeout % 1000));
6803}
6804
6805
6806#ifdef CONFIG_FILS
6807void fils_connection_failure(struct wpa_supplicant *wpa_s)
6808{
6809 struct wpa_ssid *ssid = wpa_s->current_ssid;
6810 const u8 *realm, *username, *rrk;
6811 size_t realm_len, username_len, rrk_len;
6812 u16 next_seq_num;
6813
6814 if (!ssid || !ssid->eap.erp || !wpa_key_mgmt_fils(ssid->key_mgmt) ||
6815 eapol_sm_get_erp_info(wpa_s->eapol, &ssid->eap,
6816 &username, &username_len,
6817 &realm, &realm_len, &next_seq_num,
6818 &rrk, &rrk_len) != 0 ||
6819 !realm)
6820 return;
6821
6822 wpa_hexdump_ascii(MSG_DEBUG,
6823 "FILS: Store last connection failure realm",
6824 realm, realm_len);
6825 os_free(wpa_s->last_con_fail_realm);
6826 wpa_s->last_con_fail_realm = os_malloc(realm_len);
6827 if (wpa_s->last_con_fail_realm) {
6828 wpa_s->last_con_fail_realm_len = realm_len;
6829 os_memcpy(wpa_s->last_con_fail_realm, realm, realm_len);
6830 }
6831}
6832#endif /* CONFIG_FILS */
6833
6834
6835int wpas_driver_bss_selection(struct wpa_supplicant *wpa_s)
6836{
6837 return wpa_s->conf->ap_scan == 2 ||
6838 (wpa_s->drv_flags & WPA_DRIVER_FLAGS_BSS_SELECTION);
6839}
6840
6841
6842#if defined(CONFIG_CTRL_IFACE) || defined(CONFIG_CTRL_IFACE_DBUS_NEW)
6843int wpa_supplicant_ctrl_iface_ctrl_rsp_handle(struct wpa_supplicant *wpa_s,
6844 struct wpa_ssid *ssid,
6845 const char *field,
6846 const char *value)
6847{
6848#ifdef IEEE8021X_EAPOL
6849 struct eap_peer_config *eap = &ssid->eap;
6850
6851 wpa_printf(MSG_DEBUG, "CTRL_IFACE: response handle field=%s", field);
6852 wpa_hexdump_ascii_key(MSG_DEBUG, "CTRL_IFACE: response value",
6853 (const u8 *) value, os_strlen(value));
6854
6855 switch (wpa_supplicant_ctrl_req_from_string(field)) {
6856 case WPA_CTRL_REQ_EAP_IDENTITY:
6857 os_free(eap->identity);
6858 eap->identity = (u8 *) os_strdup(value);
6859 eap->identity_len = os_strlen(value);
6860 eap->pending_req_identity = 0;
6861 if (ssid == wpa_s->current_ssid)
6862 wpa_s->reassociate = 1;
6863 break;
6864 case WPA_CTRL_REQ_EAP_PASSWORD:
6865 bin_clear_free(eap->password, eap->password_len);
6866 eap->password = (u8 *) os_strdup(value);
6867 eap->password_len = os_strlen(value);
6868 eap->pending_req_password = 0;
6869 if (ssid == wpa_s->current_ssid)
6870 wpa_s->reassociate = 1;
6871 break;
6872 case WPA_CTRL_REQ_EAP_NEW_PASSWORD:
6873 bin_clear_free(eap->new_password, eap->new_password_len);
6874 eap->new_password = (u8 *) os_strdup(value);
6875 eap->new_password_len = os_strlen(value);
6876 eap->pending_req_new_password = 0;
6877 if (ssid == wpa_s->current_ssid)
6878 wpa_s->reassociate = 1;
6879 break;
6880 case WPA_CTRL_REQ_EAP_PIN:
6881 str_clear_free(eap->pin);
6882 eap->pin = os_strdup(value);
6883 eap->pending_req_pin = 0;
6884 if (ssid == wpa_s->current_ssid)
6885 wpa_s->reassociate = 1;
6886 break;
6887 case WPA_CTRL_REQ_EAP_OTP:
6888 bin_clear_free(eap->otp, eap->otp_len);
6889 eap->otp = (u8 *) os_strdup(value);
6890 eap->otp_len = os_strlen(value);
6891 os_free(eap->pending_req_otp);
6892 eap->pending_req_otp = NULL;
6893 eap->pending_req_otp_len = 0;
6894 break;
6895 case WPA_CTRL_REQ_EAP_PASSPHRASE:
6896 str_clear_free(eap->private_key_passwd);
6897 eap->private_key_passwd = os_strdup(value);
6898 eap->pending_req_passphrase = 0;
6899 if (ssid == wpa_s->current_ssid)
6900 wpa_s->reassociate = 1;
6901 break;
6902 case WPA_CTRL_REQ_SIM:
6903 str_clear_free(eap->external_sim_resp);
6904 eap->external_sim_resp = os_strdup(value);
6905 eap->pending_req_sim = 0;
6906 break;
6907 case WPA_CTRL_REQ_PSK_PASSPHRASE:
6908 if (wpa_config_set(ssid, "psk", value, 0) < 0)
6909 return -1;
6910 ssid->mem_only_psk = 1;
6911 if (ssid->passphrase)
6912 wpa_config_update_psk(ssid);
6913 if (wpa_s->wpa_state == WPA_SCANNING && !wpa_s->scanning)
6914 wpa_supplicant_req_scan(wpa_s, 0, 0);
6915 break;
6916 case WPA_CTRL_REQ_EXT_CERT_CHECK:
6917 if (eap->pending_ext_cert_check != PENDING_CHECK)
6918 return -1;
6919 if (os_strcmp(value, "good") == 0)
6920 eap->pending_ext_cert_check = EXT_CERT_CHECK_GOOD;
6921 else if (os_strcmp(value, "bad") == 0)
6922 eap->pending_ext_cert_check = EXT_CERT_CHECK_BAD;
6923 else
6924 return -1;
6925 break;
6926 default:
6927 wpa_printf(MSG_DEBUG, "CTRL_IFACE: Unknown field '%s'", field);
6928 return -1;
6929 }
6930
6931 return 0;
6932#else /* IEEE8021X_EAPOL */
6933 wpa_printf(MSG_DEBUG, "CTRL_IFACE: IEEE 802.1X not included");
6934 return -1;
6935#endif /* IEEE8021X_EAPOL */
6936}
6937#endif /* CONFIG_CTRL_IFACE || CONFIG_CTRL_IFACE_DBUS_NEW */
6938
6939
6940int wpas_network_disabled(struct wpa_supplicant *wpa_s, struct wpa_ssid *ssid)
6941{
6942 int i;
6943 unsigned int drv_enc;
6944
6945 if (wpa_s->p2p_mgmt)
6946 return 1; /* no normal network profiles on p2p_mgmt interface */
6947
6948 if (ssid == NULL)
6949 return 1;
6950
6951 if (ssid->disabled)
6952 return 1;
6953
6954 if (wpa_s->drv_capa_known)
6955 drv_enc = wpa_s->drv_enc;
6956 else
6957 drv_enc = (unsigned int) -1;
6958
6959 for (i = 0; i < NUM_WEP_KEYS; i++) {
6960 size_t len = ssid->wep_key_len[i];
6961 if (len == 0)
6962 continue;
6963 if (len == 5 && (drv_enc & WPA_DRIVER_CAPA_ENC_WEP40))
6964 continue;
6965 if (len == 13 && (drv_enc & WPA_DRIVER_CAPA_ENC_WEP104))
6966 continue;
6967 if (len == 16 && (drv_enc & WPA_DRIVER_CAPA_ENC_WEP128))
6968 continue;
6969 return 1; /* invalid WEP key */
6970 }
6971
6972 if (wpa_key_mgmt_wpa_psk(ssid->key_mgmt) && !ssid->psk_set &&
6973 (!ssid->passphrase || ssid->ssid_len != 0) && !ssid->ext_psk &&
6974 !(wpa_key_mgmt_sae(ssid->key_mgmt) && ssid->sae_password) &&
6975 !ssid->mem_only_psk)
6976 return 1;
6977
6978 return 0;
6979}
6980
6981
6982int wpas_get_ssid_pmf(struct wpa_supplicant *wpa_s, struct wpa_ssid *ssid)
6983{
6984#ifdef CONFIG_IEEE80211W
6985 if (ssid == NULL || ssid->ieee80211w == MGMT_FRAME_PROTECTION_DEFAULT) {
6986 if (wpa_s->conf->pmf == MGMT_FRAME_PROTECTION_OPTIONAL &&
6987 !(wpa_s->drv_enc & WPA_DRIVER_CAPA_ENC_BIP)) {
6988 /*
6989 * Driver does not support BIP -- ignore pmf=1 default
6990 * since the connection with PMF would fail and the
6991 * configuration does not require PMF to be enabled.
6992 */
6993 return NO_MGMT_FRAME_PROTECTION;
6994 }
6995
6996 if (ssid &&
6997 (ssid->key_mgmt &
6998 ~(WPA_KEY_MGMT_NONE | WPA_KEY_MGMT_WPS |
6999 WPA_KEY_MGMT_IEEE8021X_NO_WPA)) == 0) {
7000 /*
7001 * Do not use the default PMF value for non-RSN networks
7002 * since PMF is available only with RSN and pmf=2
7003 * configuration would otherwise prevent connections to
7004 * all open networks.
7005 */
7006 return NO_MGMT_FRAME_PROTECTION;
7007 }
7008
7009 return wpa_s->conf->pmf;
7010 }
7011
7012 return ssid->ieee80211w;
7013#else /* CONFIG_IEEE80211W */
7014 return NO_MGMT_FRAME_PROTECTION;
7015#endif /* CONFIG_IEEE80211W */
7016}
7017
7018
7019int wpas_is_p2p_prioritized(struct wpa_supplicant *wpa_s)
7020{
7021 if (wpa_s->global->conc_pref == WPA_CONC_PREF_P2P)
7022 return 1;
7023 if (wpa_s->global->conc_pref == WPA_CONC_PREF_STA)
7024 return 0;
7025 return -1;
7026}
7027
7028
7029void wpas_auth_failed(struct wpa_supplicant *wpa_s, char *reason)
7030{
7031 struct wpa_ssid *ssid = wpa_s->current_ssid;
7032 int dur;
7033 struct os_reltime now;
7034
7035 if (ssid == NULL) {
7036 wpa_printf(MSG_DEBUG, "Authentication failure but no known "
7037 "SSID block");
7038 return;
7039 }
7040
7041 if (ssid->key_mgmt == WPA_KEY_MGMT_WPS)
7042 return;
7043
7044 ssid->auth_failures++;
7045
7046#ifdef CONFIG_P2P
7047 if (ssid->p2p_group &&
7048 (wpa_s->p2p_in_provisioning || wpa_s->show_group_started)) {
7049 /*
7050 * Skip the wait time since there is a short timeout on the
7051 * connection to a P2P group.
7052 */
7053 return;
7054 }
7055#endif /* CONFIG_P2P */
7056
7057 if (ssid->auth_failures > 50)
7058 dur = 300;
7059 else if (ssid->auth_failures > 10)
7060 dur = 120;
7061 else if (ssid->auth_failures > 5)
7062 dur = 90;
7063 else if (ssid->auth_failures > 3)
7064 dur = 60;
7065 else if (ssid->auth_failures > 2)
7066 dur = 30;
7067 else if (ssid->auth_failures > 1)
7068 dur = 20;
7069 else
7070 dur = 10;
7071
7072 if (ssid->auth_failures > 1 &&
7073 wpa_key_mgmt_wpa_ieee8021x(ssid->key_mgmt))
7074 dur += os_random() % (ssid->auth_failures * 10);
7075
7076 os_get_reltime(&now);
7077 if (now.sec + dur <= ssid->disabled_until.sec)
7078 return;
7079
7080 ssid->disabled_until.sec = now.sec + dur;
7081
7082 wpa_msg(wpa_s, MSG_INFO, WPA_EVENT_TEMP_DISABLED
7083 "id=%d ssid=\"%s\" auth_failures=%u duration=%d reason=%s",
7084 ssid->id, wpa_ssid_txt(ssid->ssid, ssid->ssid_len),
7085 ssid->auth_failures, dur, reason);
7086}
7087
7088
7089void wpas_clear_temp_disabled(struct wpa_supplicant *wpa_s,
7090 struct wpa_ssid *ssid, int clear_failures)
7091{
7092 if (ssid == NULL)
7093 return;
7094
7095 if (ssid->disabled_until.sec) {
7096 wpa_msg(wpa_s, MSG_INFO, WPA_EVENT_REENABLED
7097 "id=%d ssid=\"%s\"",
7098 ssid->id, wpa_ssid_txt(ssid->ssid, ssid->ssid_len));
7099 }
7100 ssid->disabled_until.sec = 0;
7101 ssid->disabled_until.usec = 0;
7102 if (clear_failures)
7103 ssid->auth_failures = 0;
7104}
7105
7106
7107int disallowed_bssid(struct wpa_supplicant *wpa_s, const u8 *bssid)
7108{
7109 size_t i;
7110
7111 if (wpa_s->disallow_aps_bssid == NULL)
7112 return 0;
7113
7114 for (i = 0; i < wpa_s->disallow_aps_bssid_count; i++) {
7115 if (os_memcmp(wpa_s->disallow_aps_bssid + i * ETH_ALEN,
7116 bssid, ETH_ALEN) == 0)
7117 return 1;
7118 }
7119
7120 return 0;
7121}
7122
7123
7124int disallowed_ssid(struct wpa_supplicant *wpa_s, const u8 *ssid,
7125 size_t ssid_len)
7126{
7127 size_t i;
7128
7129 if (wpa_s->disallow_aps_ssid == NULL || ssid == NULL)
7130 return 0;
7131
7132 for (i = 0; i < wpa_s->disallow_aps_ssid_count; i++) {
7133 struct wpa_ssid_value *s = &wpa_s->disallow_aps_ssid[i];
7134 if (ssid_len == s->ssid_len &&
7135 os_memcmp(ssid, s->ssid, ssid_len) == 0)
7136 return 1;
7137 }
7138
7139 return 0;
7140}
7141
7142
7143/**
7144 * wpas_request_connection - Request a new connection
7145 * @wpa_s: Pointer to the network interface
7146 *
7147 * This function is used to request a new connection to be found. It will mark
7148 * the interface to allow reassociation and request a new scan to find a
7149 * suitable network to connect to.
7150 */
7151void wpas_request_connection(struct wpa_supplicant *wpa_s)
7152{
7153 wpa_s->normal_scans = 0;
7154 wpa_s->scan_req = NORMAL_SCAN_REQ;
7155 wpa_supplicant_reinit_autoscan(wpa_s);
7156 wpa_s->extra_blacklist_count = 0;
7157 wpa_s->disconnected = 0;
7158 wpa_s->reassociate = 1;
7159 wpa_s->last_owe_group = 0;
7160
7161 if (wpa_supplicant_fast_associate(wpa_s) != 1)
7162 wpa_supplicant_req_scan(wpa_s, 0, 0);
7163 else
7164 wpa_s->reattach = 0;
7165}
7166
7167
7168/**
7169 * wpas_request_disconnection - Request disconnection
7170 * @wpa_s: Pointer to the network interface
7171 *
7172 * This function is used to request disconnection from the currently connected
7173 * network. This will stop any ongoing scans and initiate deauthentication.
7174 */
7175void wpas_request_disconnection(struct wpa_supplicant *wpa_s)
7176{
7177#ifdef CONFIG_SME
7178 wpa_s->sme.prev_bssid_set = 0;
7179#endif /* CONFIG_SME */
7180 wpa_s->reassociate = 0;
7181 wpa_s->disconnected = 1;
7182 wpa_supplicant_cancel_sched_scan(wpa_s);
7183 wpa_supplicant_cancel_scan(wpa_s);
7184 wpa_supplicant_deauthenticate(wpa_s, WLAN_REASON_DEAUTH_LEAVING);
7185 eloop_cancel_timeout(wpas_network_reenabled, wpa_s, NULL);
7186 radio_remove_works(wpa_s, "connect", 0);
7187 radio_remove_works(wpa_s, "sme-connect", 0);
7188}
7189
7190
7191void dump_freq_data(struct wpa_supplicant *wpa_s, const char *title,
7192 struct wpa_used_freq_data *freqs_data,
7193 unsigned int len)
7194{
7195 unsigned int i;
7196
7197 wpa_dbg(wpa_s, MSG_DEBUG, "Shared frequencies (len=%u): %s",
7198 len, title);
7199 for (i = 0; i < len; i++) {
7200 struct wpa_used_freq_data *cur = &freqs_data[i];
7201 wpa_dbg(wpa_s, MSG_DEBUG, "freq[%u]: %d, flags=0x%X",
7202 i, cur->freq, cur->flags);
7203 }
7204}
7205
7206
7207/*
7208 * Find the operating frequencies of any of the virtual interfaces that
7209 * are using the same radio as the current interface, and in addition, get
7210 * information about the interface types that are using the frequency.
7211 */
7212int get_shared_radio_freqs_data(struct wpa_supplicant *wpa_s,
7213 struct wpa_used_freq_data *freqs_data,
7214 unsigned int len)
7215{
7216 struct wpa_supplicant *ifs;
7217 u8 bssid[ETH_ALEN];
7218 int freq;
7219 unsigned int idx = 0, i;
7220
7221 wpa_dbg(wpa_s, MSG_DEBUG,
7222 "Determining shared radio frequencies (max len %u)", len);
7223 os_memset(freqs_data, 0, sizeof(struct wpa_used_freq_data) * len);
7224
7225 dl_list_for_each(ifs, &wpa_s->radio->ifaces, struct wpa_supplicant,
7226 radio_list) {
7227 if (idx == len)
7228 break;
7229
7230 if (ifs->current_ssid == NULL || ifs->assoc_freq == 0)
7231 continue;
7232
7233 if (ifs->current_ssid->mode == WPAS_MODE_AP ||
7234 ifs->current_ssid->mode == WPAS_MODE_P2P_GO ||
7235 ifs->current_ssid->mode == WPAS_MODE_MESH)
7236 freq = ifs->current_ssid->frequency;
7237 else if (wpa_drv_get_bssid(ifs, bssid) == 0)
7238 freq = ifs->assoc_freq;
7239 else
7240 continue;
7241
7242 /* Hold only distinct freqs */
7243 for (i = 0; i < idx; i++)
7244 if (freqs_data[i].freq == freq)
7245 break;
7246
7247 if (i == idx)
7248 freqs_data[idx++].freq = freq;
7249
7250 if (ifs->current_ssid->mode == WPAS_MODE_INFRA) {
7251 freqs_data[i].flags |= ifs->current_ssid->p2p_group ?
7252 WPA_FREQ_USED_BY_P2P_CLIENT :
7253 WPA_FREQ_USED_BY_INFRA_STATION;
7254 }
7255 }
7256
7257 dump_freq_data(wpa_s, "completed iteration", freqs_data, idx);
7258 return idx;
7259}
7260
7261
7262/*
7263 * Find the operating frequencies of any of the virtual interfaces that
7264 * are using the same radio as the current interface.
7265 */
7266int get_shared_radio_freqs(struct wpa_supplicant *wpa_s,
7267 int *freq_array, unsigned int len)
7268{
7269 struct wpa_used_freq_data *freqs_data;
7270 int num, i;
7271
7272 os_memset(freq_array, 0, sizeof(int) * len);
7273
7274 freqs_data = os_calloc(len, sizeof(struct wpa_used_freq_data));
7275 if (!freqs_data)
7276 return -1;
7277
7278 num = get_shared_radio_freqs_data(wpa_s, freqs_data, len);
7279 for (i = 0; i < num; i++)
7280 freq_array[i] = freqs_data[i].freq;
7281
7282 os_free(freqs_data);
7283
7284 return num;
7285}
7286
7287
7288struct wpa_supplicant *
7289wpas_vendor_elem(struct wpa_supplicant *wpa_s, enum wpa_vendor_elem_frame frame)
7290{
7291 switch (frame) {
7292#ifdef CONFIG_P2P
7293 case VENDOR_ELEM_PROBE_REQ_P2P:
7294 case VENDOR_ELEM_PROBE_RESP_P2P:
7295 case VENDOR_ELEM_PROBE_RESP_P2P_GO:
7296 case VENDOR_ELEM_BEACON_P2P_GO:
7297 case VENDOR_ELEM_P2P_PD_REQ:
7298 case VENDOR_ELEM_P2P_PD_RESP:
7299 case VENDOR_ELEM_P2P_GO_NEG_REQ:
7300 case VENDOR_ELEM_P2P_GO_NEG_RESP:
7301 case VENDOR_ELEM_P2P_GO_NEG_CONF:
7302 case VENDOR_ELEM_P2P_INV_REQ:
7303 case VENDOR_ELEM_P2P_INV_RESP:
7304 case VENDOR_ELEM_P2P_ASSOC_REQ:
7305 case VENDOR_ELEM_P2P_ASSOC_RESP:
7306 return wpa_s->p2pdev;
7307#endif /* CONFIG_P2P */
7308 default:
7309 return wpa_s;
7310 }
7311}
7312
7313
7314void wpas_vendor_elem_update(struct wpa_supplicant *wpa_s)
7315{
7316 unsigned int i;
7317 char buf[30];
7318
7319 wpa_printf(MSG_DEBUG, "Update vendor elements");
7320
7321 for (i = 0; i < NUM_VENDOR_ELEM_FRAMES; i++) {
7322 if (wpa_s->vendor_elem[i]) {
7323 int res;
7324
7325 res = os_snprintf(buf, sizeof(buf), "frame[%u]", i);
7326 if (!os_snprintf_error(sizeof(buf), res)) {
7327 wpa_hexdump_buf(MSG_DEBUG, buf,
7328 wpa_s->vendor_elem[i]);
7329 }
7330 }
7331 }
7332
7333#ifdef CONFIG_P2P
7334 if (wpa_s->parent == wpa_s &&
7335 wpa_s->global->p2p &&
7336 !wpa_s->global->p2p_disabled)
7337 p2p_set_vendor_elems(wpa_s->global->p2p, wpa_s->vendor_elem);
7338#endif /* CONFIG_P2P */
7339}
7340
7341
7342int wpas_vendor_elem_remove(struct wpa_supplicant *wpa_s, int frame,
7343 const u8 *elem, size_t len)
7344{
7345 u8 *ie, *end;
7346
7347 ie = wpabuf_mhead_u8(wpa_s->vendor_elem[frame]);
7348 end = ie + wpabuf_len(wpa_s->vendor_elem[frame]);
7349
7350 for (; ie + 1 < end; ie += 2 + ie[1]) {
7351 if (ie + len > end)
7352 break;
7353 if (os_memcmp(ie, elem, len) != 0)
7354 continue;
7355
7356 if (wpabuf_len(wpa_s->vendor_elem[frame]) == len) {
7357 wpabuf_free(wpa_s->vendor_elem[frame]);
7358 wpa_s->vendor_elem[frame] = NULL;
7359 } else {
7360 os_memmove(ie, ie + len, end - (ie + len));
7361 wpa_s->vendor_elem[frame]->used -= len;
7362 }
7363 wpas_vendor_elem_update(wpa_s);
7364 return 0;
7365 }
7366
7367 return -1;
7368}
7369
7370
7371struct hostapd_hw_modes * get_mode(struct hostapd_hw_modes *modes,
7372 u16 num_modes, enum hostapd_hw_mode mode)
7373{
7374 u16 i;
7375
7376 for (i = 0; i < num_modes; i++) {
7377 if (modes[i].mode == mode)
7378 return &modes[i];
7379 }
7380
7381 return NULL;
7382}
7383
7384
7385static struct
7386wpa_bss_tmp_disallowed * wpas_get_disallowed_bss(struct wpa_supplicant *wpa_s,
7387 const u8 *bssid)
7388{
7389 struct wpa_bss_tmp_disallowed *bss;
7390
7391 dl_list_for_each(bss, &wpa_s->bss_tmp_disallowed,
7392 struct wpa_bss_tmp_disallowed, list) {
7393 if (os_memcmp(bssid, bss->bssid, ETH_ALEN) == 0)
7394 return bss;
7395 }
7396
7397 return NULL;
7398}
7399
7400
7401static int wpa_set_driver_tmp_disallow_list(struct wpa_supplicant *wpa_s)
7402{
7403 struct wpa_bss_tmp_disallowed *tmp;
7404 unsigned int num_bssid = 0;
7405 u8 *bssids;
7406 int ret;
7407
7408 bssids = os_malloc(dl_list_len(&wpa_s->bss_tmp_disallowed) * ETH_ALEN);
7409 if (!bssids)
7410 return -1;
7411 dl_list_for_each(tmp, &wpa_s->bss_tmp_disallowed,
7412 struct wpa_bss_tmp_disallowed, list) {
7413 os_memcpy(&bssids[num_bssid * ETH_ALEN], tmp->bssid,
7414 ETH_ALEN);
7415 num_bssid++;
7416 }
7417 ret = wpa_drv_set_bssid_blacklist(wpa_s, num_bssid, bssids);
7418 os_free(bssids);
7419 return ret;
7420}
7421
7422
7423static void wpa_bss_tmp_disallow_timeout(void *eloop_ctx, void *timeout_ctx)
7424{
7425 struct wpa_supplicant *wpa_s = eloop_ctx;
7426 struct wpa_bss_tmp_disallowed *tmp, *bss = timeout_ctx;
7427
7428 /* Make sure the bss is not already freed */
7429 dl_list_for_each(tmp, &wpa_s->bss_tmp_disallowed,
7430 struct wpa_bss_tmp_disallowed, list) {
7431 if (bss == tmp) {
7432 dl_list_del(&tmp->list);
7433 os_free(tmp);
7434 wpa_set_driver_tmp_disallow_list(wpa_s);
7435 break;
7436 }
7437 }
7438}
7439
7440
7441void wpa_bss_tmp_disallow(struct wpa_supplicant *wpa_s, const u8 *bssid,
7442 unsigned int sec, int rssi_threshold)
7443{
7444 struct wpa_bss_tmp_disallowed *bss;
7445
7446 bss = wpas_get_disallowed_bss(wpa_s, bssid);
7447 if (bss) {
7448 eloop_cancel_timeout(wpa_bss_tmp_disallow_timeout, wpa_s, bss);
7449 goto finish;
7450 }
7451
7452 bss = os_malloc(sizeof(*bss));
7453 if (!bss) {
7454 wpa_printf(MSG_DEBUG,
7455 "Failed to allocate memory for temp disallow BSS");
7456 return;
7457 }
7458
7459 os_memcpy(bss->bssid, bssid, ETH_ALEN);
7460 dl_list_add(&wpa_s->bss_tmp_disallowed, &bss->list);
7461 wpa_set_driver_tmp_disallow_list(wpa_s);
7462
7463finish:
7464 bss->rssi_threshold = rssi_threshold;
7465 eloop_register_timeout(sec, 0, wpa_bss_tmp_disallow_timeout,
7466 wpa_s, bss);
7467}
7468
7469
7470int wpa_is_bss_tmp_disallowed(struct wpa_supplicant *wpa_s,
7471 struct wpa_bss *bss)
7472{
7473 struct wpa_bss_tmp_disallowed *disallowed = NULL, *tmp, *prev;
7474
7475 dl_list_for_each_safe(tmp, prev, &wpa_s->bss_tmp_disallowed,
7476 struct wpa_bss_tmp_disallowed, list) {
7477 if (os_memcmp(bss->bssid, tmp->bssid, ETH_ALEN) == 0) {
7478 disallowed = tmp;
7479 break;
7480 }
7481 }
7482 if (!disallowed)
7483 return 0;
7484
7485 if (disallowed->rssi_threshold != 0 &&
7486 bss->level > disallowed->rssi_threshold)
7487 return 0;
7488
7489 return 1;
7490}
7491
7492
7493int wpas_enable_mac_addr_randomization(struct wpa_supplicant *wpa_s,
7494 unsigned int type, const u8 *addr,
7495 const u8 *mask)
7496{
7497 if ((addr && !mask) || (!addr && mask)) {
7498 wpa_printf(MSG_INFO,
7499 "MAC_ADDR_RAND_SCAN invalid addr/mask combination");
7500 return -1;
7501 }
7502
7503 if (addr && mask && (!(mask[0] & 0x01) || (addr[0] & 0x01))) {
7504 wpa_printf(MSG_INFO,
7505 "MAC_ADDR_RAND_SCAN cannot allow multicast address");
7506 return -1;
7507 }
7508
7509 if (type & MAC_ADDR_RAND_SCAN) {
7510 if (wpas_mac_addr_rand_scan_set(wpa_s, MAC_ADDR_RAND_SCAN,
7511 addr, mask))
7512 return -1;
7513 }
7514
7515 if (type & MAC_ADDR_RAND_SCHED_SCAN) {
7516 if (wpas_mac_addr_rand_scan_set(wpa_s, MAC_ADDR_RAND_SCHED_SCAN,
7517 addr, mask))
7518 return -1;
7519
7520 if (wpa_s->sched_scanning && !wpa_s->pno)
7521 wpas_scan_restart_sched_scan(wpa_s);
7522 }
7523
7524 if (type & MAC_ADDR_RAND_PNO) {
7525 if (wpas_mac_addr_rand_scan_set(wpa_s, MAC_ADDR_RAND_PNO,
7526 addr, mask))
7527 return -1;
7528
7529 if (wpa_s->pno) {
7530 wpas_stop_pno(wpa_s);
7531 wpas_start_pno(wpa_s);
7532 }
7533 }
7534
7535 return 0;
7536}
7537
7538
7539int wpas_disable_mac_addr_randomization(struct wpa_supplicant *wpa_s,
7540 unsigned int type)
7541{
7542 wpas_mac_addr_rand_scan_clear(wpa_s, type);
7543 if (wpa_s->pno) {
7544 if (type & MAC_ADDR_RAND_PNO) {
7545 wpas_stop_pno(wpa_s);
7546 wpas_start_pno(wpa_s);
7547 }
7548 } else if (wpa_s->sched_scanning && (type & MAC_ADDR_RAND_SCHED_SCAN)) {
7549 wpas_scan_restart_sched_scan(wpa_s);
7550 }
7551
7552 return 0;
7553}
Unnamed repository; edit this file 'description' to name the repository.