]> git.ipfire.org Git - thirdparty/hostap.git/blob - wpa_supplicant/wpa_supplicant.c
projects / thirdparty / hostap.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
FT: Connection settings for SHA384-based AKM
[thirdparty/hostap.git] / wpa_supplicant / wpa_supplicant.c
1 /*
2 * WPA Supplicant
3 * Copyright (c) 2003-2018, Jouni Malinen <j@w1.fi>
4 *
5 * This software may be distributed under the terms of the BSD license.
6 * See README for more details.
7 *
8 * This file implements functions for registering and unregistering
9 * %wpa_supplicant interfaces. In addition, this file contains number of
10 * functions for managing network connections.
11 */
12
13 #include "includes.h"
14 #ifdef CONFIG_MATCH_IFACE
15 #include <net/if.h>
16 #include <fnmatch.h>
17 #endif /* CONFIG_MATCH_IFACE */
18
19 #include "common.h"
20 #include "crypto/random.h"
21 #include "crypto/sha1.h"
22 #include "eapol_supp/eapol_supp_sm.h"
23 #include "eap_peer/eap.h"
24 #include "eap_peer/eap_proxy.h"
25 #include "eap_server/eap_methods.h"
26 #include "rsn_supp/wpa.h"
27 #include "eloop.h"
28 #include "config.h"
29 #include "utils/ext_password.h"
30 #include "l2_packet/l2_packet.h"
31 #include "wpa_supplicant_i.h"
32 #include "driver_i.h"
33 #include "ctrl_iface.h"
34 #include "pcsc_funcs.h"
35 #include "common/version.h"
36 #include "rsn_supp/preauth.h"
37 #include "rsn_supp/pmksa_cache.h"
38 #include "common/wpa_ctrl.h"
39 #include "common/ieee802_11_defs.h"
40 #include "common/hw_features_common.h"
41 #include "common/gas_server.h"
42 #include "p2p/p2p.h"
43 #include "fst/fst.h"
44 #include "blacklist.h"
45 #include "wpas_glue.h"
46 #include "wps_supplicant.h"
47 #include "ibss_rsn.h"
48 #include "sme.h"
49 #include "gas_query.h"
50 #include "ap.h"
51 #include "p2p_supplicant.h"
52 #include "wifi_display.h"
53 #include "notify.h"
54 #include "bgscan.h"
55 #include "autoscan.h"
56 #include "bss.h"
57 #include "scan.h"
58 #include "offchannel.h"
59 #include "hs20_supplicant.h"
60 #include "wnm_sta.h"
61 #include "wpas_kay.h"
62 #include "mesh.h"
63 #include "dpp_supplicant.h"
64 #ifdef CONFIG_MESH
65 #include "ap/ap_config.h"
66 #include "ap/hostapd.h"
67 #endif /* CONFIG_MESH */
68
69 const char *const wpa_supplicant_version =
70 "wpa_supplicant v" VERSION_STR "\n"
71 "Copyright (c) 2003-2017, Jouni Malinen <j@w1.fi> and contributors";
72
73 const char *const wpa_supplicant_license =
74 "This software may be distributed under the terms of the BSD license.\n"
75 "See README for more details.\n"
76 #ifdef EAP_TLS_OPENSSL
77 "\nThis product includes software developed by the OpenSSL Project\n"
78 "for use in the OpenSSL Toolkit (http://www.openssl.org/)\n"
79 #endif /* EAP_TLS_OPENSSL */
80 ;
81
82 #ifndef CONFIG_NO_STDOUT_DEBUG
83 /* Long text divided into parts in order to fit in C89 strings size limits. */
84 const char *const wpa_supplicant_full_license1 =
85 "";
86 const char *const wpa_supplicant_full_license2 =
87 "This software may be distributed under the terms of the BSD license.\n"
88 "\n"
89 "Redistribution and use in source and binary forms, with or without\n"
90 "modification, are permitted provided that the following conditions are\n"
91 "met:\n"
92 "\n";
93 const char *const wpa_supplicant_full_license3 =
94 "1. Redistributions of source code must retain the above copyright\n"
95 " notice, this list of conditions and the following disclaimer.\n"
96 "\n"
97 "2. Redistributions in binary form must reproduce the above copyright\n"
98 " notice, this list of conditions and the following disclaimer in the\n"
99 " documentation and/or other materials provided with the distribution.\n"
100 "\n";
101 const char *const wpa_supplicant_full_license4 =
102 "3. Neither the name(s) of the above-listed copyright holder(s) nor the\n"
103 " names of its contributors may be used to endorse or promote products\n"
104 " derived from this software without specific prior written permission.\n"
105 "\n"
106 "THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS\n"
107 "\"AS IS\" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT\n"
108 "LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR\n"
109 "A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT\n";
110 const char *const wpa_supplicant_full_license5 =
111 "OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,\n"
112 "SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT\n"
113 "LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,\n"
114 "DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY\n"
115 "THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT\n"
116 "(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE\n"
117 "OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n"
118 "\n";
119 #endif /* CONFIG_NO_STDOUT_DEBUG */
120
121
122 static void wpa_bss_tmp_disallow_timeout(void *eloop_ctx, void *timeout_ctx);
123 #if defined(CONFIG_FILS) && defined(IEEE8021X_EAPOL)
124 static void wpas_update_fils_connect_params(struct wpa_supplicant *wpa_s);
125 #endif /* CONFIG_FILS && IEEE8021X_EAPOL */
126
127
128 /* Configure default/group WEP keys for static WEP */
129 int wpa_set_wep_keys(struct wpa_supplicant *wpa_s, struct wpa_ssid *ssid)
130 {
131 int i, set = 0;
132
133 for (i = 0; i < NUM_WEP_KEYS; i++) {
134 if (ssid->wep_key_len[i] == 0)
135 continue;
136
137 set = 1;
138 wpa_drv_set_key(wpa_s, WPA_ALG_WEP, NULL,
139 i, i == ssid->wep_tx_keyidx, NULL, 0,
140 ssid->wep_key[i], ssid->wep_key_len[i]);
141 }
142
143 return set;
144 }
145
146
147 int wpa_supplicant_set_wpa_none_key(struct wpa_supplicant *wpa_s,
148 struct wpa_ssid *ssid)
149 {
150 u8 key[32];
151 size_t keylen;
152 enum wpa_alg alg;
153 u8 seq[6] = { 0 };
154 int ret;
155
156 /* IBSS/WPA-None uses only one key (Group) for both receiving and
157 * sending unicast and multicast packets. */
158
159 if (ssid->mode != WPAS_MODE_IBSS) {
160 wpa_msg(wpa_s, MSG_INFO, "WPA: Invalid mode %d (not "
161 "IBSS/ad-hoc) for WPA-None", ssid->mode);
162 return -1;
163 }
164
165 if (!ssid->psk_set) {
166 wpa_msg(wpa_s, MSG_INFO, "WPA: No PSK configured for "
167 "WPA-None");
168 return -1;
169 }
170
171 switch (wpa_s->group_cipher) {
172 case WPA_CIPHER_CCMP:
173 os_memcpy(key, ssid->psk, 16);
174 keylen = 16;
175 alg = WPA_ALG_CCMP;
176 break;
177 case WPA_CIPHER_GCMP:
178 os_memcpy(key, ssid->psk, 16);
179 keylen = 16;
180 alg = WPA_ALG_GCMP;
181 break;
182 case WPA_CIPHER_TKIP:
183 /* WPA-None uses the same Michael MIC key for both TX and RX */
184 os_memcpy(key, ssid->psk, 16 + 8);
185 os_memcpy(key + 16 + 8, ssid->psk + 16, 8);
186 keylen = 32;
187 alg = WPA_ALG_TKIP;
188 break;
189 default:
190 wpa_msg(wpa_s, MSG_INFO, "WPA: Invalid group cipher %d for "
191 "WPA-None", wpa_s->group_cipher);
192 return -1;
193 }
194
195 /* TODO: should actually remember the previously used seq#, both for TX
196 * and RX from each STA.. */
197
198 ret = wpa_drv_set_key(wpa_s, alg, NULL, 0, 1, seq, 6, key, keylen);
199 os_memset(key, 0, sizeof(key));
200 return ret;
201 }
202
203
204 static void wpa_supplicant_timeout(void *eloop_ctx, void *timeout_ctx)
205 {
206 struct wpa_supplicant *wpa_s = eloop_ctx;
207 const u8 *bssid = wpa_s->bssid;
208 if (!is_zero_ether_addr(wpa_s->pending_bssid) &&
209 (wpa_s->wpa_state == WPA_AUTHENTICATING ||
210 wpa_s->wpa_state == WPA_ASSOCIATING))
211 bssid = wpa_s->pending_bssid;
212 wpa_msg(wpa_s, MSG_INFO, "Authentication with " MACSTR " timed out.",
213 MAC2STR(bssid));
214 wpa_blacklist_add(wpa_s, bssid);
215 wpa_sm_notify_disassoc(wpa_s->wpa);
216 wpa_supplicant_deauthenticate(wpa_s, WLAN_REASON_DEAUTH_LEAVING);
217 wpa_s->reassociate = 1;
218
219 /*
220 * If we timed out, the AP or the local radio may be busy.
221 * So, wait a second until scanning again.
222 */
223 wpa_supplicant_req_scan(wpa_s, 1, 0);
224 }
225
226
227 /**
228 * wpa_supplicant_req_auth_timeout - Schedule a timeout for authentication
229 * @wpa_s: Pointer to wpa_supplicant data
230 * @sec: Number of seconds after which to time out authentication
231 * @usec: Number of microseconds after which to time out authentication
232 *
233 * This function is used to schedule a timeout for the current authentication
234 * attempt.
235 */
236 void wpa_supplicant_req_auth_timeout(struct wpa_supplicant *wpa_s,
237 int sec, int usec)
238 {
239 if (wpa_s->conf->ap_scan == 0 &&
240 (wpa_s->drv_flags & WPA_DRIVER_FLAGS_WIRED))
241 return;
242
243 wpa_dbg(wpa_s, MSG_DEBUG, "Setting authentication timeout: %d sec "
244 "%d usec", sec, usec);
245 eloop_cancel_timeout(wpa_supplicant_timeout, wpa_s, NULL);
246 wpa_s->last_auth_timeout_sec = sec;
247 eloop_register_timeout(sec, usec, wpa_supplicant_timeout, wpa_s, NULL);
248 }
249
250
251 /*
252 * wpas_auth_timeout_restart - Restart and change timeout for authentication
253 * @wpa_s: Pointer to wpa_supplicant data
254 * @sec_diff: difference in seconds applied to original timeout value
255 */
256 void wpas_auth_timeout_restart(struct wpa_supplicant *wpa_s, int sec_diff)
257 {
258 int new_sec = wpa_s->last_auth_timeout_sec + sec_diff;
259
260 if (eloop_is_timeout_registered(wpa_supplicant_timeout, wpa_s, NULL)) {
261 wpa_dbg(wpa_s, MSG_DEBUG,
262 "Authentication timeout restart: %d sec", new_sec);
263 eloop_cancel_timeout(wpa_supplicant_timeout, wpa_s, NULL);
264 eloop_register_timeout(new_sec, 0, wpa_supplicant_timeout,
265 wpa_s, NULL);
266 }
267 }
268
269
270 /**
271 * wpa_supplicant_cancel_auth_timeout - Cancel authentication timeout
272 * @wpa_s: Pointer to wpa_supplicant data
273 *
274 * This function is used to cancel authentication timeout scheduled with
275 * wpa_supplicant_req_auth_timeout() and it is called when authentication has
276 * been completed.
277 */
278 void wpa_supplicant_cancel_auth_timeout(struct wpa_supplicant *wpa_s)
279 {
280 wpa_dbg(wpa_s, MSG_DEBUG, "Cancelling authentication timeout");
281 eloop_cancel_timeout(wpa_supplicant_timeout, wpa_s, NULL);
282 wpa_blacklist_del(wpa_s, wpa_s->bssid);
283 }
284
285
286 /**
287 * wpa_supplicant_initiate_eapol - Configure EAPOL state machine
288 * @wpa_s: Pointer to wpa_supplicant data
289 *
290 * This function is used to configure EAPOL state machine based on the selected
291 * authentication mode.
292 */
293 void wpa_supplicant_initiate_eapol(struct wpa_supplicant *wpa_s)
294 {
295 #ifdef IEEE8021X_EAPOL
296 struct eapol_config eapol_conf;
297 struct wpa_ssid *ssid = wpa_s->current_ssid;
298
299 #ifdef CONFIG_IBSS_RSN
300 if (ssid->mode == WPAS_MODE_IBSS &&
301 wpa_s->key_mgmt != WPA_KEY_MGMT_NONE &&
302 wpa_s->key_mgmt != WPA_KEY_MGMT_WPA_NONE) {
303 /*
304 * RSN IBSS authentication is per-STA and we can disable the
305 * per-BSSID EAPOL authentication.
306 */
307 eapol_sm_notify_portControl(wpa_s->eapol, ForceAuthorized);
308 eapol_sm_notify_eap_success(wpa_s->eapol, TRUE);
309 eapol_sm_notify_eap_fail(wpa_s->eapol, FALSE);
310 return;
311 }
312 #endif /* CONFIG_IBSS_RSN */
313
314 eapol_sm_notify_eap_success(wpa_s->eapol, FALSE);
315 eapol_sm_notify_eap_fail(wpa_s->eapol, FALSE);
316
317 if (wpa_s->key_mgmt == WPA_KEY_MGMT_NONE ||
318 wpa_s->key_mgmt == WPA_KEY_MGMT_WPA_NONE)
319 eapol_sm_notify_portControl(wpa_s->eapol, ForceAuthorized);
320 else
321 eapol_sm_notify_portControl(wpa_s->eapol, Auto);
322
323 os_memset(&eapol_conf, 0, sizeof(eapol_conf));
324 if (wpa_s->key_mgmt == WPA_KEY_MGMT_IEEE8021X_NO_WPA) {
325 eapol_conf.accept_802_1x_keys = 1;
326 eapol_conf.required_keys = 0;
327 if (ssid->eapol_flags & EAPOL_FLAG_REQUIRE_KEY_UNICAST) {
328 eapol_conf.required_keys |= EAPOL_REQUIRE_KEY_UNICAST;
329 }
330 if (ssid->eapol_flags & EAPOL_FLAG_REQUIRE_KEY_BROADCAST) {
331 eapol_conf.required_keys |=
332 EAPOL_REQUIRE_KEY_BROADCAST;
333 }
334
335 if (wpa_s->drv_flags & WPA_DRIVER_FLAGS_WIRED)
336 eapol_conf.required_keys = 0;
337 }
338 eapol_conf.fast_reauth = wpa_s->conf->fast_reauth;
339 eapol_conf.workaround = ssid->eap_workaround;
340 eapol_conf.eap_disabled =
341 !wpa_key_mgmt_wpa_ieee8021x(wpa_s->key_mgmt) &&
342 wpa_s->key_mgmt != WPA_KEY_MGMT_IEEE8021X_NO_WPA &&
343 wpa_s->key_mgmt != WPA_KEY_MGMT_WPS;
344 eapol_conf.external_sim = wpa_s->conf->external_sim;
345
346 #ifdef CONFIG_WPS
347 if (wpa_s->key_mgmt == WPA_KEY_MGMT_WPS) {
348 eapol_conf.wps |= EAPOL_LOCAL_WPS_IN_USE;
349 if (wpa_s->current_bss) {
350 struct wpabuf *ie;
351 ie = wpa_bss_get_vendor_ie_multi(wpa_s->current_bss,
352 WPS_IE_VENDOR_TYPE);
353 if (ie) {
354 if (wps_is_20(ie))
355 eapol_conf.wps |=
356 EAPOL_PEER_IS_WPS20_AP;
357 wpabuf_free(ie);
358 }
359 }
360 }
361 #endif /* CONFIG_WPS */
362
363 eapol_sm_notify_config(wpa_s->eapol, &ssid->eap, &eapol_conf);
364
365 #ifdef CONFIG_MACSEC
366 if (wpa_s->key_mgmt == WPA_KEY_MGMT_NONE && ssid->mka_psk_set)
367 ieee802_1x_create_preshared_mka(wpa_s, ssid);
368 else
369 ieee802_1x_alloc_kay_sm(wpa_s, ssid);
370 #endif /* CONFIG_MACSEC */
371 #endif /* IEEE8021X_EAPOL */
372 }
373
374
375 /**
376 * wpa_supplicant_set_non_wpa_policy - Set WPA parameters to non-WPA mode
377 * @wpa_s: Pointer to wpa_supplicant data
378 * @ssid: Configuration data for the network
379 *
380 * This function is used to configure WPA state machine and related parameters
381 * to a mode where WPA is not enabled. This is called as part of the
382 * authentication configuration when the selected network does not use WPA.
383 */
384 void wpa_supplicant_set_non_wpa_policy(struct wpa_supplicant *wpa_s,
385 struct wpa_ssid *ssid)
386 {
387 int i;
388
389 if (ssid->key_mgmt & WPA_KEY_MGMT_WPS)
390 wpa_s->key_mgmt = WPA_KEY_MGMT_WPS;
391 else if (ssid->key_mgmt & WPA_KEY_MGMT_IEEE8021X_NO_WPA)
392 wpa_s->key_mgmt = WPA_KEY_MGMT_IEEE8021X_NO_WPA;
393 else
394 wpa_s->key_mgmt = WPA_KEY_MGMT_NONE;
395 wpa_sm_set_ap_wpa_ie(wpa_s->wpa, NULL, 0);
396 wpa_sm_set_ap_rsn_ie(wpa_s->wpa, NULL, 0);
397 wpa_sm_set_assoc_wpa_ie(wpa_s->wpa, NULL, 0);
398 wpa_s->pairwise_cipher = WPA_CIPHER_NONE;
399 wpa_s->group_cipher = WPA_CIPHER_NONE;
400 wpa_s->mgmt_group_cipher = 0;
401
402 for (i = 0; i < NUM_WEP_KEYS; i++) {
403 if (ssid->wep_key_len[i] > 5) {
404 wpa_s->pairwise_cipher = WPA_CIPHER_WEP104;
405 wpa_s->group_cipher = WPA_CIPHER_WEP104;
406 break;
407 } else if (ssid->wep_key_len[i] > 0) {
408 wpa_s->pairwise_cipher = WPA_CIPHER_WEP40;
409 wpa_s->group_cipher = WPA_CIPHER_WEP40;
410 break;
411 }
412 }
413
414 wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_RSN_ENABLED, 0);
415 wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_KEY_MGMT, wpa_s->key_mgmt);
416 wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_PAIRWISE,
417 wpa_s->pairwise_cipher);
418 wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_GROUP, wpa_s->group_cipher);
419 #ifdef CONFIG_IEEE80211W
420 wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_MGMT_GROUP,
421 wpa_s->mgmt_group_cipher);
422 #endif /* CONFIG_IEEE80211W */
423
424 pmksa_cache_clear_current(wpa_s->wpa);
425 }
426
427
428 void free_hw_features(struct wpa_supplicant *wpa_s)
429 {
430 int i;
431 if (wpa_s->hw.modes == NULL)
432 return;
433
434 for (i = 0; i < wpa_s->hw.num_modes; i++) {
435 os_free(wpa_s->hw.modes[i].channels);
436 os_free(wpa_s->hw.modes[i].rates);
437 }
438
439 os_free(wpa_s->hw.modes);
440 wpa_s->hw.modes = NULL;
441 }
442
443
444 static void free_bss_tmp_disallowed(struct wpa_supplicant *wpa_s)
445 {
446 struct wpa_bss_tmp_disallowed *bss, *prev;
447
448 dl_list_for_each_safe(bss, prev, &wpa_s->bss_tmp_disallowed,
449 struct wpa_bss_tmp_disallowed, list) {
450 eloop_cancel_timeout(wpa_bss_tmp_disallow_timeout, wpa_s, bss);
451 dl_list_del(&bss->list);
452 os_free(bss);
453 }
454 }
455
456
457 void wpas_flush_fils_hlp_req(struct wpa_supplicant *wpa_s)
458 {
459 struct fils_hlp_req *req;
460
461 while ((req = dl_list_first(&wpa_s->fils_hlp_req, struct fils_hlp_req,
462 list)) != NULL) {
463 dl_list_del(&req->list);
464 wpabuf_free(req->pkt);
465 os_free(req);
466 }
467 }
468
469
470 static void wpa_supplicant_cleanup(struct wpa_supplicant *wpa_s)
471 {
472 int i;
473
474 bgscan_deinit(wpa_s);
475 autoscan_deinit(wpa_s);
476 scard_deinit(wpa_s->scard);
477 wpa_s->scard = NULL;
478 wpa_sm_set_scard_ctx(wpa_s->wpa, NULL);
479 eapol_sm_register_scard_ctx(wpa_s->eapol, NULL);
480 l2_packet_deinit(wpa_s->l2);
481 wpa_s->l2 = NULL;
482 if (wpa_s->l2_br) {
483 l2_packet_deinit(wpa_s->l2_br);
484 wpa_s->l2_br = NULL;
485 }
486 #ifdef CONFIG_TESTING_OPTIONS
487 l2_packet_deinit(wpa_s->l2_test);
488 wpa_s->l2_test = NULL;
489 os_free(wpa_s->get_pref_freq_list_override);
490 wpa_s->get_pref_freq_list_override = NULL;
491 wpabuf_free(wpa_s->last_assoc_req_wpa_ie);
492 wpa_s->last_assoc_req_wpa_ie = NULL;
493 #endif /* CONFIG_TESTING_OPTIONS */
494
495 if (wpa_s->conf != NULL) {
496 struct wpa_ssid *ssid;
497 for (ssid = wpa_s->conf->ssid; ssid; ssid = ssid->next)
498 wpas_notify_network_removed(wpa_s, ssid);
499 }
500
501 os_free(wpa_s->confname);
502 wpa_s->confname = NULL;
503
504 os_free(wpa_s->confanother);
505 wpa_s->confanother = NULL;
506
507 wpa_sm_set_eapol(wpa_s->wpa, NULL);
508 eapol_sm_deinit(wpa_s->eapol);
509 wpa_s->eapol = NULL;
510
511 rsn_preauth_deinit(wpa_s->wpa);
512
513 #ifdef CONFIG_TDLS
514 wpa_tdls_deinit(wpa_s->wpa);
515 #endif /* CONFIG_TDLS */
516
517 wmm_ac_clear_saved_tspecs(wpa_s);
518 pmksa_candidate_free(wpa_s->wpa);
519 wpa_sm_deinit(wpa_s->wpa);
520 wpa_s->wpa = NULL;
521 wpa_blacklist_clear(wpa_s);
522
523 wpa_bss_deinit(wpa_s);
524
525 wpa_supplicant_cancel_delayed_sched_scan(wpa_s);
526 wpa_supplicant_cancel_scan(wpa_s);
527 wpa_supplicant_cancel_auth_timeout(wpa_s);
528 eloop_cancel_timeout(wpa_supplicant_stop_countermeasures, wpa_s, NULL);
529 #ifdef CONFIG_DELAYED_MIC_ERROR_REPORT
530 eloop_cancel_timeout(wpa_supplicant_delayed_mic_error_report,
531 wpa_s, NULL);
532 #endif /* CONFIG_DELAYED_MIC_ERROR_REPORT */
533
534 eloop_cancel_timeout(wpas_network_reenabled, wpa_s, NULL);
535
536 wpas_wps_deinit(wpa_s);
537
538 wpabuf_free(wpa_s->pending_eapol_rx);
539 wpa_s->pending_eapol_rx = NULL;
540
541 #ifdef CONFIG_IBSS_RSN
542 ibss_rsn_deinit(wpa_s->ibss_rsn);
543 wpa_s->ibss_rsn = NULL;
544 #endif /* CONFIG_IBSS_RSN */
545
546 sme_deinit(wpa_s);
547
548 #ifdef CONFIG_AP
549 wpa_supplicant_ap_deinit(wpa_s);
550 #endif /* CONFIG_AP */
551
552 wpas_p2p_deinit(wpa_s);
553
554 #ifdef CONFIG_OFFCHANNEL
555 offchannel_deinit(wpa_s);
556 #endif /* CONFIG_OFFCHANNEL */
557
558 wpa_supplicant_cancel_sched_scan(wpa_s);
559
560 os_free(wpa_s->next_scan_freqs);
561 wpa_s->next_scan_freqs = NULL;
562
563 os_free(wpa_s->manual_scan_freqs);
564 wpa_s->manual_scan_freqs = NULL;
565 os_free(wpa_s->select_network_scan_freqs);
566 wpa_s->select_network_scan_freqs = NULL;
567
568 os_free(wpa_s->manual_sched_scan_freqs);
569 wpa_s->manual_sched_scan_freqs = NULL;
570
571 wpas_mac_addr_rand_scan_clear(wpa_s, MAC_ADDR_RAND_ALL);
572
573 /*
574 * Need to remove any pending gas-query radio work before the
575 * gas_query_deinit() call because gas_query::work has not yet been set
576 * for works that have not been started. gas_query_free() will be unable
577 * to cancel such pending radio works and once the pending gas-query
578 * radio work eventually gets removed, the deinit notification call to
579 * gas_query_start_cb() would result in dereferencing freed memory.
580 */
581 if (wpa_s->radio)
582 radio_remove_works(wpa_s, "gas-query", 0);
583 gas_query_deinit(wpa_s->gas);
584 wpa_s->gas = NULL;
585 gas_server_deinit(wpa_s->gas_server);
586 wpa_s->gas_server = NULL;
587
588 free_hw_features(wpa_s);
589
590 ieee802_1x_dealloc_kay_sm(wpa_s);
591
592 os_free(wpa_s->bssid_filter);
593 wpa_s->bssid_filter = NULL;
594
595 os_free(wpa_s->disallow_aps_bssid);
596 wpa_s->disallow_aps_bssid = NULL;
597 os_free(wpa_s->disallow_aps_ssid);
598 wpa_s->disallow_aps_ssid = NULL;
599
600 wnm_bss_keep_alive_deinit(wpa_s);
601 #ifdef CONFIG_WNM
602 wnm_deallocate_memory(wpa_s);
603 #endif /* CONFIG_WNM */
604
605 ext_password_deinit(wpa_s->ext_pw);
606 wpa_s->ext_pw = NULL;
607
608 wpabuf_free(wpa_s->last_gas_resp);
609 wpa_s->last_gas_resp = NULL;
610 wpabuf_free(wpa_s->prev_gas_resp);
611 wpa_s->prev_gas_resp = NULL;
612
613 os_free(wpa_s->last_scan_res);
614 wpa_s->last_scan_res = NULL;
615
616 #ifdef CONFIG_HS20
617 if (wpa_s->drv_priv)
618 wpa_drv_configure_frame_filters(wpa_s, 0);
619 hs20_deinit(wpa_s);
620 #endif /* CONFIG_HS20 */
621
622 for (i = 0; i < NUM_VENDOR_ELEM_FRAMES; i++) {
623 wpabuf_free(wpa_s->vendor_elem[i]);
624 wpa_s->vendor_elem[i] = NULL;
625 }
626
627 wmm_ac_notify_disassoc(wpa_s);
628
629 wpa_s->sched_scan_plans_num = 0;
630 os_free(wpa_s->sched_scan_plans);
631 wpa_s->sched_scan_plans = NULL;
632
633 #ifdef CONFIG_MBO
634 wpa_s->non_pref_chan_num = 0;
635 os_free(wpa_s->non_pref_chan);
636 wpa_s->non_pref_chan = NULL;
637 #endif /* CONFIG_MBO */
638
639 free_bss_tmp_disallowed(wpa_s);
640
641 wpabuf_free(wpa_s->lci);
642 wpa_s->lci = NULL;
643 wpas_clear_beacon_rep_data(wpa_s);
644
645 #ifdef CONFIG_PMKSA_CACHE_EXTERNAL
646 #ifdef CONFIG_MESH
647 {
648 struct external_pmksa_cache *entry;
649
650 while ((entry = dl_list_last(&wpa_s->mesh_external_pmksa_cache,
651 struct external_pmksa_cache,
652 list)) != NULL) {
653 dl_list_del(&entry->list);
654 os_free(entry->pmksa_cache);
655 os_free(entry);
656 }
657 }
658 #endif /* CONFIG_MESH */
659 #endif /* CONFIG_PMKSA_CACHE_EXTERNAL */
660
661 wpas_flush_fils_hlp_req(wpa_s);
662
663 wpabuf_free(wpa_s->ric_ies);
664 wpa_s->ric_ies = NULL;
665
666 #ifdef CONFIG_DPP
667 wpas_dpp_deinit(wpa_s);
668 #endif /* CONFIG_DPP */
669 }
670
671
672 /**
673 * wpa_clear_keys - Clear keys configured for the driver
674 * @wpa_s: Pointer to wpa_supplicant data
675 * @addr: Previously used BSSID or %NULL if not available
676 *
677 * This function clears the encryption keys that has been previously configured
678 * for the driver.
679 */
680 void wpa_clear_keys(struct wpa_supplicant *wpa_s, const u8 *addr)
681 {
682 int i, max;
683
684 #ifdef CONFIG_IEEE80211W
685 max = 6;
686 #else /* CONFIG_IEEE80211W */
687 max = 4;
688 #endif /* CONFIG_IEEE80211W */
689
690 /* MLME-DELETEKEYS.request */
691 for (i = 0; i < max; i++) {
692 if (wpa_s->keys_cleared & BIT(i))
693 continue;
694 wpa_drv_set_key(wpa_s, WPA_ALG_NONE, NULL, i, 0, NULL, 0,
695 NULL, 0);
696 }
697 if (!(wpa_s->keys_cleared & BIT(0)) && addr &&
698 !is_zero_ether_addr(addr)) {
699 wpa_drv_set_key(wpa_s, WPA_ALG_NONE, addr, 0, 0, NULL, 0, NULL,
700 0);
701 /* MLME-SETPROTECTION.request(None) */
702 wpa_drv_mlme_setprotection(
703 wpa_s, addr,
704 MLME_SETPROTECTION_PROTECT_TYPE_NONE,
705 MLME_SETPROTECTION_KEY_TYPE_PAIRWISE);
706 }
707 wpa_s->keys_cleared = (u32) -1;
708 }
709
710
711 /**
712 * wpa_supplicant_state_txt - Get the connection state name as a text string
713 * @state: State (wpa_state; WPA_*)
714 * Returns: The state name as a printable text string
715 */
716 const char * wpa_supplicant_state_txt(enum wpa_states state)
717 {
718 switch (state) {
719 case WPA_DISCONNECTED:
720 return "DISCONNECTED";
721 case WPA_INACTIVE:
722 return "INACTIVE";
723 case WPA_INTERFACE_DISABLED:
724 return "INTERFACE_DISABLED";
725 case WPA_SCANNING:
726 return "SCANNING";
727 case WPA_AUTHENTICATING:
728 return "AUTHENTICATING";
729 case WPA_ASSOCIATING:
730 return "ASSOCIATING";
731 case WPA_ASSOCIATED:
732 return "ASSOCIATED";
733 case WPA_4WAY_HANDSHAKE:
734 return "4WAY_HANDSHAKE";
735 case WPA_GROUP_HANDSHAKE:
736 return "GROUP_HANDSHAKE";
737 case WPA_COMPLETED:
738 return "COMPLETED";
739 default:
740 return "UNKNOWN";
741 }
742 }
743
744
745 #ifdef CONFIG_BGSCAN
746
747 static void wpa_supplicant_start_bgscan(struct wpa_supplicant *wpa_s)
748 {
749 const char *name;
750
751 if (wpa_s->current_ssid && wpa_s->current_ssid->bgscan)
752 name = wpa_s->current_ssid->bgscan;
753 else
754 name = wpa_s->conf->bgscan;
755 if (name == NULL || name[0] == '\0')
756 return;
757 if (wpas_driver_bss_selection(wpa_s))
758 return;
759 if (wpa_s->current_ssid == wpa_s->bgscan_ssid)
760 return;
761 #ifdef CONFIG_P2P
762 if (wpa_s->p2p_group_interface != NOT_P2P_GROUP_INTERFACE)
763 return;
764 #endif /* CONFIG_P2P */
765
766 bgscan_deinit(wpa_s);
767 if (wpa_s->current_ssid) {
768 if (bgscan_init(wpa_s, wpa_s->current_ssid, name)) {
769 wpa_dbg(wpa_s, MSG_DEBUG, "Failed to initialize "
770 "bgscan");
771 /*
772 * Live without bgscan; it is only used as a roaming
773 * optimization, so the initial connection is not
774 * affected.
775 */
776 } else {
777 struct wpa_scan_results *scan_res;
778 wpa_s->bgscan_ssid = wpa_s->current_ssid;
779 scan_res = wpa_supplicant_get_scan_results(wpa_s, NULL,
780 0);
781 if (scan_res) {
782 bgscan_notify_scan(wpa_s, scan_res);
783 wpa_scan_results_free(scan_res);
784 }
785 }
786 } else
787 wpa_s->bgscan_ssid = NULL;
788 }
789
790
791 static void wpa_supplicant_stop_bgscan(struct wpa_supplicant *wpa_s)
792 {
793 if (wpa_s->bgscan_ssid != NULL) {
794 bgscan_deinit(wpa_s);
795 wpa_s->bgscan_ssid = NULL;
796 }
797 }
798
799 #endif /* CONFIG_BGSCAN */
800
801
802 static void wpa_supplicant_start_autoscan(struct wpa_supplicant *wpa_s)
803 {
804 if (autoscan_init(wpa_s, 0))
805 wpa_dbg(wpa_s, MSG_DEBUG, "Failed to initialize autoscan");
806 }
807
808
809 static void wpa_supplicant_stop_autoscan(struct wpa_supplicant *wpa_s)
810 {
811 autoscan_deinit(wpa_s);
812 }
813
814
815 void wpa_supplicant_reinit_autoscan(struct wpa_supplicant *wpa_s)
816 {
817 if (wpa_s->wpa_state == WPA_DISCONNECTED ||
818 wpa_s->wpa_state == WPA_SCANNING) {
819 autoscan_deinit(wpa_s);
820 wpa_supplicant_start_autoscan(wpa_s);
821 }
822 }
823
824
825 /**
826 * wpa_supplicant_set_state - Set current connection state
827 * @wpa_s: Pointer to wpa_supplicant data
828 * @state: The new connection state
829 *
830 * This function is called whenever the connection state changes, e.g.,
831 * association is completed for WPA/WPA2 4-Way Handshake is started.
832 */
833 void wpa_supplicant_set_state(struct wpa_supplicant *wpa_s,
834 enum wpa_states state)
835 {
836 enum wpa_states old_state = wpa_s->wpa_state;
837
838 wpa_dbg(wpa_s, MSG_DEBUG, "State: %s -> %s",
839 wpa_supplicant_state_txt(wpa_s->wpa_state),
840 wpa_supplicant_state_txt(state));
841
842 if (state == WPA_INTERFACE_DISABLED) {
843 /* Assure normal scan when interface is restored */
844 wpa_s->normal_scans = 0;
845 }
846
847 if (state == WPA_COMPLETED) {
848 wpas_connect_work_done(wpa_s);
849 /* Reinitialize normal_scan counter */
850 wpa_s->normal_scans = 0;
851 }
852
853 #ifdef CONFIG_P2P
854 /*
855 * P2PS client has to reply to Probe Request frames received on the
856 * group operating channel. Enable Probe Request frame reporting for
857 * P2P connected client in case p2p_cli_probe configuration property is
858 * set to 1.
859 */
860 if (wpa_s->conf->p2p_cli_probe && wpa_s->current_ssid &&
861 wpa_s->current_ssid->mode == WPAS_MODE_INFRA &&
862 wpa_s->current_ssid->p2p_group) {
863 if (state == WPA_COMPLETED && !wpa_s->p2p_cli_probe) {
864 wpa_dbg(wpa_s, MSG_DEBUG,
865 "P2P: Enable CLI Probe Request RX reporting");
866 wpa_s->p2p_cli_probe =
867 wpa_drv_probe_req_report(wpa_s, 1) >= 0;
868 } else if (state != WPA_COMPLETED && wpa_s->p2p_cli_probe) {
869 wpa_dbg(wpa_s, MSG_DEBUG,
870 "P2P: Disable CLI Probe Request RX reporting");
871 wpa_s->p2p_cli_probe = 0;
872 wpa_drv_probe_req_report(wpa_s, 0);
873 }
874 }
875 #endif /* CONFIG_P2P */
876
877 if (state != WPA_SCANNING)
878 wpa_supplicant_notify_scanning(wpa_s, 0);
879
880 if (state == WPA_COMPLETED && wpa_s->new_connection) {
881 struct wpa_ssid *ssid = wpa_s->current_ssid;
882 int fils_hlp_sent = 0;
883
884 #ifdef CONFIG_SME
885 if ((wpa_s->drv_flags & WPA_DRIVER_FLAGS_SME) &&
886 wpa_auth_alg_fils(wpa_s->sme.auth_alg))
887 fils_hlp_sent = 1;
888 #endif /* CONFIG_SME */
889 if (!(wpa_s->drv_flags & WPA_DRIVER_FLAGS_SME) &&
890 wpa_auth_alg_fils(wpa_s->auth_alg))
891 fils_hlp_sent = 1;
892
893 #if defined(CONFIG_CTRL_IFACE) || !defined(CONFIG_NO_STDOUT_DEBUG)
894 wpa_msg(wpa_s, MSG_INFO, WPA_EVENT_CONNECTED "- Connection to "
895 MACSTR " completed [id=%d id_str=%s%s]",
896 MAC2STR(wpa_s->bssid),
897 ssid ? ssid->id : -1,
898 ssid && ssid->id_str ? ssid->id_str : "",
899 fils_hlp_sent ? " FILS_HLP_SENT" : "");
900 #endif /* CONFIG_CTRL_IFACE || !CONFIG_NO_STDOUT_DEBUG */
901 wpas_clear_temp_disabled(wpa_s, ssid, 1);
902 wpa_blacklist_clear(wpa_s);
903 wpa_s->extra_blacklist_count = 0;
904 wpa_s->new_connection = 0;
905 wpa_drv_set_operstate(wpa_s, 1);
906 #ifndef IEEE8021X_EAPOL
907 wpa_drv_set_supp_port(wpa_s, 1);
908 #endif /* IEEE8021X_EAPOL */
909 wpa_s->after_wps = 0;
910 wpa_s->known_wps_freq = 0;
911 wpas_p2p_completed(wpa_s);
912
913 sme_sched_obss_scan(wpa_s, 1);
914
915 #if defined(CONFIG_FILS) && defined(IEEE8021X_EAPOL)
916 if (!fils_hlp_sent && ssid && ssid->eap.erp)
917 wpas_update_fils_connect_params(wpa_s);
918 #endif /* CONFIG_FILS && IEEE8021X_EAPOL */
919 } else if (state == WPA_DISCONNECTED || state == WPA_ASSOCIATING ||
920 state == WPA_ASSOCIATED) {
921 wpa_s->new_connection = 1;
922 wpa_drv_set_operstate(wpa_s, 0);
923 #ifndef IEEE8021X_EAPOL
924 wpa_drv_set_supp_port(wpa_s, 0);
925 #endif /* IEEE8021X_EAPOL */
926 sme_sched_obss_scan(wpa_s, 0);
927 }
928 wpa_s->wpa_state = state;
929
930 #ifdef CONFIG_BGSCAN
931 if (state == WPA_COMPLETED)
932 wpa_supplicant_start_bgscan(wpa_s);
933 else if (state < WPA_ASSOCIATED)
934 wpa_supplicant_stop_bgscan(wpa_s);
935 #endif /* CONFIG_BGSCAN */
936
937 if (state == WPA_AUTHENTICATING)
938 wpa_supplicant_stop_autoscan(wpa_s);
939
940 if (state == WPA_DISCONNECTED || state == WPA_INACTIVE)
941 wpa_supplicant_start_autoscan(wpa_s);
942
943 if (old_state >= WPA_ASSOCIATED && wpa_s->wpa_state < WPA_ASSOCIATED)
944 wmm_ac_notify_disassoc(wpa_s);
945
946 if (wpa_s->wpa_state != old_state) {
947 wpas_notify_state_changed(wpa_s, wpa_s->wpa_state, old_state);
948
949 /*
950 * Notify the P2P Device interface about a state change in one
951 * of the interfaces.
952 */
953 wpas_p2p_indicate_state_change(wpa_s);
954
955 if (wpa_s->wpa_state == WPA_COMPLETED ||
956 old_state == WPA_COMPLETED)
957 wpas_notify_auth_changed(wpa_s);
958 }
959 }
960
961
962 void wpa_supplicant_terminate_proc(struct wpa_global *global)
963 {
964 int pending = 0;
965 #ifdef CONFIG_WPS
966 struct wpa_supplicant *wpa_s = global->ifaces;
967 while (wpa_s) {
968 struct wpa_supplicant *next = wpa_s->next;
969 if (wpas_wps_terminate_pending(wpa_s) == 1)
970 pending = 1;
971 #ifdef CONFIG_P2P
972 if (wpa_s->p2p_group_interface != NOT_P2P_GROUP_INTERFACE ||
973 (wpa_s->current_ssid && wpa_s->current_ssid->p2p_group))
974 wpas_p2p_disconnect(wpa_s);
975 #endif /* CONFIG_P2P */
976 wpa_s = next;
977 }
978 #endif /* CONFIG_WPS */
979 if (pending)
980 return;
981 eloop_terminate();
982 }
983
984
985 static void wpa_supplicant_terminate(int sig, void *signal_ctx)
986 {
987 struct wpa_global *global = signal_ctx;
988 wpa_supplicant_terminate_proc(global);
989 }
990
991
992 void wpa_supplicant_clear_status(struct wpa_supplicant *wpa_s)
993 {
994 enum wpa_states old_state = wpa_s->wpa_state;
995
996 wpa_s->pairwise_cipher = 0;
997 wpa_s->group_cipher = 0;
998 wpa_s->mgmt_group_cipher = 0;
999 wpa_s->key_mgmt = 0;
1000 if (wpa_s->wpa_state != WPA_INTERFACE_DISABLED)
1001 wpa_supplicant_set_state(wpa_s, WPA_DISCONNECTED);
1002
1003 if (wpa_s->wpa_state != old_state)
1004 wpas_notify_state_changed(wpa_s, wpa_s->wpa_state, old_state);
1005 }
1006
1007
1008 /**
1009 * wpa_supplicant_reload_configuration - Reload configuration data
1010 * @wpa_s: Pointer to wpa_supplicant data
1011 * Returns: 0 on success or -1 if configuration parsing failed
1012 *
1013 * This function can be used to request that the configuration data is reloaded
1014 * (e.g., after configuration file change). This function is reloading
1015 * configuration only for one interface, so this may need to be called multiple
1016 * times if %wpa_supplicant is controlling multiple interfaces and all
1017 * interfaces need reconfiguration.
1018 */
1019 int wpa_supplicant_reload_configuration(struct wpa_supplicant *wpa_s)
1020 {
1021 struct wpa_config *conf;
1022 int reconf_ctrl;
1023 int old_ap_scan;
1024
1025 if (wpa_s->confname == NULL)
1026 return -1;
1027 conf = wpa_config_read(wpa_s->confname, NULL);
1028 if (conf == NULL) {
1029 wpa_msg(wpa_s, MSG_ERROR, "Failed to parse the configuration "
1030 "file '%s' - exiting", wpa_s->confname);
1031 return -1;
1032 }
1033 if (wpa_s->confanother &&
1034 !wpa_config_read(wpa_s->confanother, conf)) {
1035 wpa_msg(wpa_s, MSG_ERROR,
1036 "Failed to parse the configuration file '%s' - exiting",
1037 wpa_s->confanother);
1038 return -1;
1039 }
1040
1041 conf->changed_parameters = (unsigned int) -1;
1042
1043 reconf_ctrl = !!conf->ctrl_interface != !!wpa_s->conf->ctrl_interface
1044 || (conf->ctrl_interface && wpa_s->conf->ctrl_interface &&
1045 os_strcmp(conf->ctrl_interface,
1046 wpa_s->conf->ctrl_interface) != 0);
1047
1048 if (reconf_ctrl && wpa_s->ctrl_iface) {
1049 wpa_supplicant_ctrl_iface_deinit(wpa_s->ctrl_iface);
1050 wpa_s->ctrl_iface = NULL;
1051 }
1052
1053 eapol_sm_invalidate_cached_session(wpa_s->eapol);
1054 if (wpa_s->current_ssid) {
1055 if (wpa_s->wpa_state >= WPA_AUTHENTICATING)
1056 wpa_s->own_disconnect_req = 1;
1057 wpa_supplicant_deauthenticate(wpa_s,
1058 WLAN_REASON_DEAUTH_LEAVING);
1059 }
1060
1061 /*
1062 * TODO: should notify EAPOL SM about changes in opensc_engine_path,
1063 * pkcs11_engine_path, pkcs11_module_path, openssl_ciphers.
1064 */
1065 if (wpa_key_mgmt_wpa_psk(wpa_s->key_mgmt) ||
1066 wpa_s->key_mgmt == WPA_KEY_MGMT_OWE ||
1067 wpa_s->key_mgmt == WPA_KEY_MGMT_DPP) {
1068 /*
1069 * Clear forced success to clear EAP state for next
1070 * authentication.
1071 */
1072 eapol_sm_notify_eap_success(wpa_s->eapol, FALSE);
1073 }
1074 eapol_sm_notify_config(wpa_s->eapol, NULL, NULL);
1075 wpa_sm_set_config(wpa_s->wpa, NULL);
1076 wpa_sm_pmksa_cache_flush(wpa_s->wpa, NULL);
1077 wpa_sm_set_fast_reauth(wpa_s->wpa, wpa_s->conf->fast_reauth);
1078 rsn_preauth_deinit(wpa_s->wpa);
1079
1080 old_ap_scan = wpa_s->conf->ap_scan;
1081 wpa_config_free(wpa_s->conf);
1082 wpa_s->conf = conf;
1083 if (old_ap_scan != wpa_s->conf->ap_scan)
1084 wpas_notify_ap_scan_changed(wpa_s);
1085
1086 if (reconf_ctrl)
1087 wpa_s->ctrl_iface = wpa_supplicant_ctrl_iface_init(wpa_s);
1088
1089 wpa_supplicant_update_config(wpa_s);
1090
1091 wpa_supplicant_clear_status(wpa_s);
1092 if (wpa_supplicant_enabled_networks(wpa_s)) {
1093 wpa_s->reassociate = 1;
1094 wpa_supplicant_req_scan(wpa_s, 0, 0);
1095 }
1096 wpa_dbg(wpa_s, MSG_DEBUG, "Reconfiguration completed");
1097 return 0;
1098 }
1099
1100
1101 static void wpa_supplicant_reconfig(int sig, void *signal_ctx)
1102 {
1103 struct wpa_global *global = signal_ctx;
1104 struct wpa_supplicant *wpa_s;
1105 for (wpa_s = global->ifaces; wpa_s; wpa_s = wpa_s->next) {
1106 wpa_dbg(wpa_s, MSG_DEBUG, "Signal %d received - reconfiguring",
1107 sig);
1108 if (wpa_supplicant_reload_configuration(wpa_s) < 0) {
1109 wpa_supplicant_terminate_proc(global);
1110 }
1111 }
1112
1113 if (wpa_debug_reopen_file() < 0) {
1114 /* Ignore errors since we cannot really do much to fix this */
1115 wpa_printf(MSG_DEBUG, "Could not reopen debug log file");
1116 }
1117 }
1118
1119
1120 static int wpa_supplicant_suites_from_ai(struct wpa_supplicant *wpa_s,
1121 struct wpa_ssid *ssid,
1122 struct wpa_ie_data *ie)
1123 {
1124 int ret = wpa_sm_parse_own_wpa_ie(wpa_s->wpa, ie);
1125 if (ret) {
1126 if (ret == -2) {
1127 wpa_msg(wpa_s, MSG_INFO, "WPA: Failed to parse WPA IE "
1128 "from association info");
1129 }
1130 return -1;
1131 }
1132
1133 wpa_dbg(wpa_s, MSG_DEBUG, "WPA: Using WPA IE from AssocReq to set "
1134 "cipher suites");
1135 if (!(ie->group_cipher & ssid->group_cipher)) {
1136 wpa_msg(wpa_s, MSG_INFO, "WPA: Driver used disabled group "
1137 "cipher 0x%x (mask 0x%x) - reject",
1138 ie->group_cipher, ssid->group_cipher);
1139 return -1;
1140 }
1141 if (!(ie->pairwise_cipher & ssid->pairwise_cipher)) {
1142 wpa_msg(wpa_s, MSG_INFO, "WPA: Driver used disabled pairwise "
1143 "cipher 0x%x (mask 0x%x) - reject",
1144 ie->pairwise_cipher, ssid->pairwise_cipher);
1145 return -1;
1146 }
1147 if (!(ie->key_mgmt & ssid->key_mgmt)) {
1148 wpa_msg(wpa_s, MSG_INFO, "WPA: Driver used disabled key "
1149 "management 0x%x (mask 0x%x) - reject",
1150 ie->key_mgmt, ssid->key_mgmt);
1151 return -1;
1152 }
1153
1154 #ifdef CONFIG_IEEE80211W
1155 if (!(ie->capabilities & WPA_CAPABILITY_MFPC) &&
1156 wpas_get_ssid_pmf(wpa_s, ssid) == MGMT_FRAME_PROTECTION_REQUIRED) {
1157 wpa_msg(wpa_s, MSG_INFO, "WPA: Driver associated with an AP "
1158 "that does not support management frame protection - "
1159 "reject");
1160 return -1;
1161 }
1162 #endif /* CONFIG_IEEE80211W */
1163
1164 return 0;
1165 }
1166
1167
1168 /**
1169 * wpa_supplicant_set_suites - Set authentication and encryption parameters
1170 * @wpa_s: Pointer to wpa_supplicant data
1171 * @bss: Scan results for the selected BSS, or %NULL if not available
1172 * @ssid: Configuration data for the selected network
1173 * @wpa_ie: Buffer for the WPA/RSN IE
1174 * @wpa_ie_len: Maximum wpa_ie buffer size on input. This is changed to be the
1175 * used buffer length in case the functions returns success.
1176 * Returns: 0 on success or -1 on failure
1177 *
1178 * This function is used to configure authentication and encryption parameters
1179 * based on the network configuration and scan result for the selected BSS (if
1180 * available).
1181 */
1182 int wpa_supplicant_set_suites(struct wpa_supplicant *wpa_s,
1183 struct wpa_bss *bss, struct wpa_ssid *ssid,
1184 u8 *wpa_ie, size_t *wpa_ie_len)
1185 {
1186 struct wpa_ie_data ie;
1187 int sel, proto;
1188 const u8 *bss_wpa, *bss_rsn, *bss_osen;
1189
1190 if (bss) {
1191 bss_wpa = wpa_bss_get_vendor_ie(bss, WPA_IE_VENDOR_TYPE);
1192 bss_rsn = wpa_bss_get_ie(bss, WLAN_EID_RSN);
1193 bss_osen = wpa_bss_get_vendor_ie(bss, OSEN_IE_VENDOR_TYPE);
1194 } else
1195 bss_wpa = bss_rsn = bss_osen = NULL;
1196
1197 if (bss_rsn && (ssid->proto & WPA_PROTO_RSN) &&
1198 wpa_parse_wpa_ie(bss_rsn, 2 + bss_rsn[1], &ie) == 0 &&
1199 (ie.group_cipher & ssid->group_cipher) &&
1200 (ie.pairwise_cipher & ssid->pairwise_cipher) &&
1201 (ie.key_mgmt & ssid->key_mgmt)) {
1202 wpa_dbg(wpa_s, MSG_DEBUG, "RSN: using IEEE 802.11i/D9.0");
1203 proto = WPA_PROTO_RSN;
1204 } else if (bss_wpa && (ssid->proto & WPA_PROTO_WPA) &&
1205 wpa_parse_wpa_ie(bss_wpa, 2 + bss_wpa[1], &ie) == 0 &&
1206 (ie.group_cipher & ssid->group_cipher) &&
1207 (ie.pairwise_cipher & ssid->pairwise_cipher) &&
1208 (ie.key_mgmt & ssid->key_mgmt)) {
1209 wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using IEEE 802.11i/D3.0");
1210 proto = WPA_PROTO_WPA;
1211 #ifdef CONFIG_HS20
1212 } else if (bss_osen && (ssid->proto & WPA_PROTO_OSEN)) {
1213 wpa_dbg(wpa_s, MSG_DEBUG, "HS 2.0: using OSEN");
1214 /* TODO: parse OSEN element */
1215 os_memset(&ie, 0, sizeof(ie));
1216 ie.group_cipher = WPA_CIPHER_CCMP;
1217 ie.pairwise_cipher = WPA_CIPHER_CCMP;
1218 ie.key_mgmt = WPA_KEY_MGMT_OSEN;
1219 proto = WPA_PROTO_OSEN;
1220 } else if (bss_rsn && (ssid->proto & WPA_PROTO_OSEN) &&
1221 wpa_parse_wpa_ie(bss_rsn, 2 + bss_rsn[1], &ie) == 0 &&
1222 (ie.group_cipher & ssid->group_cipher) &&
1223 (ie.pairwise_cipher & ssid->pairwise_cipher) &&
1224 (ie.key_mgmt & ssid->key_mgmt)) {
1225 wpa_dbg(wpa_s, MSG_DEBUG, "RSN: using OSEN (within RSN)");
1226 proto = WPA_PROTO_RSN;
1227 #endif /* CONFIG_HS20 */
1228 } else if (bss) {
1229 wpa_msg(wpa_s, MSG_WARNING, "WPA: Failed to select WPA/RSN");
1230 wpa_dbg(wpa_s, MSG_DEBUG,
1231 "WPA: ssid proto=0x%x pairwise_cipher=0x%x group_cipher=0x%x key_mgmt=0x%x",
1232 ssid->proto, ssid->pairwise_cipher, ssid->group_cipher,
1233 ssid->key_mgmt);
1234 wpa_dbg(wpa_s, MSG_DEBUG, "WPA: BSS " MACSTR " ssid='%s'%s%s%s",
1235 MAC2STR(bss->bssid),
1236 wpa_ssid_txt(bss->ssid, bss->ssid_len),
1237 bss_wpa ? " WPA" : "",
1238 bss_rsn ? " RSN" : "",
1239 bss_osen ? " OSEN" : "");
1240 if (bss_rsn) {
1241 wpa_hexdump(MSG_DEBUG, "RSN", bss_rsn, 2 + bss_rsn[1]);
1242 if (wpa_parse_wpa_ie(bss_rsn, 2 + bss_rsn[1], &ie)) {
1243 wpa_dbg(wpa_s, MSG_DEBUG,
1244 "Could not parse RSN element");
1245 } else {
1246 wpa_dbg(wpa_s, MSG_DEBUG,
1247 "RSN: pairwise_cipher=0x%x group_cipher=0x%x key_mgmt=0x%x",
1248 ie.pairwise_cipher, ie.group_cipher,
1249 ie.key_mgmt);
1250 }
1251 }
1252 if (bss_wpa) {
1253 wpa_hexdump(MSG_DEBUG, "WPA", bss_wpa, 2 + bss_wpa[1]);
1254 if (wpa_parse_wpa_ie(bss_wpa, 2 + bss_wpa[1], &ie)) {
1255 wpa_dbg(wpa_s, MSG_DEBUG,
1256 "Could not parse WPA element");
1257 } else {
1258 wpa_dbg(wpa_s, MSG_DEBUG,
1259 "WPA: pairwise_cipher=0x%x group_cipher=0x%x key_mgmt=0x%x",
1260 ie.pairwise_cipher, ie.group_cipher,
1261 ie.key_mgmt);
1262 }
1263 }
1264 return -1;
1265 } else {
1266 if (ssid->proto & WPA_PROTO_OSEN)
1267 proto = WPA_PROTO_OSEN;
1268 else if (ssid->proto & WPA_PROTO_RSN)
1269 proto = WPA_PROTO_RSN;
1270 else
1271 proto = WPA_PROTO_WPA;
1272 if (wpa_supplicant_suites_from_ai(wpa_s, ssid, &ie) < 0) {
1273 os_memset(&ie, 0, sizeof(ie));
1274 ie.group_cipher = ssid->group_cipher;
1275 ie.pairwise_cipher = ssid->pairwise_cipher;
1276 ie.key_mgmt = ssid->key_mgmt;
1277 #ifdef CONFIG_IEEE80211W
1278 ie.mgmt_group_cipher = 0;
1279 if (ssid->ieee80211w != NO_MGMT_FRAME_PROTECTION) {
1280 if (ssid->group_mgmt_cipher &
1281 WPA_CIPHER_BIP_GMAC_256)
1282 ie.mgmt_group_cipher =
1283 WPA_CIPHER_BIP_GMAC_256;
1284 else if (ssid->group_mgmt_cipher &
1285 WPA_CIPHER_BIP_CMAC_256)
1286 ie.mgmt_group_cipher =
1287 WPA_CIPHER_BIP_CMAC_256;
1288 else if (ssid->group_mgmt_cipher &
1289 WPA_CIPHER_BIP_GMAC_128)
1290 ie.mgmt_group_cipher =
1291 WPA_CIPHER_BIP_GMAC_128;
1292 else
1293 ie.mgmt_group_cipher =
1294 WPA_CIPHER_AES_128_CMAC;
1295 }
1296 #endif /* CONFIG_IEEE80211W */
1297 #ifdef CONFIG_OWE
1298 if ((ssid->key_mgmt & WPA_KEY_MGMT_OWE) &&
1299 !ssid->owe_only &&
1300 !bss_wpa && !bss_rsn && !bss_osen) {
1301 wpa_supplicant_set_non_wpa_policy(wpa_s, ssid);
1302 wpa_s->wpa_proto = 0;
1303 *wpa_ie_len = 0;
1304 return 0;
1305 }
1306 #endif /* CONFIG_OWE */
1307 wpa_dbg(wpa_s, MSG_DEBUG, "WPA: Set cipher suites "
1308 "based on configuration");
1309 } else
1310 proto = ie.proto;
1311 }
1312
1313 wpa_dbg(wpa_s, MSG_DEBUG, "WPA: Selected cipher suites: group %d "
1314 "pairwise %d key_mgmt %d proto %d",
1315 ie.group_cipher, ie.pairwise_cipher, ie.key_mgmt, proto);
1316 #ifdef CONFIG_IEEE80211W
1317 if (ssid->ieee80211w) {
1318 wpa_dbg(wpa_s, MSG_DEBUG, "WPA: Selected mgmt group cipher %d",
1319 ie.mgmt_group_cipher);
1320 }
1321 #endif /* CONFIG_IEEE80211W */
1322
1323 wpa_s->wpa_proto = proto;
1324 wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_PROTO, proto);
1325 wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_RSN_ENABLED,
1326 !!(ssid->proto & (WPA_PROTO_RSN | WPA_PROTO_OSEN)));
1327
1328 if (bss || !wpa_s->ap_ies_from_associnfo) {
1329 if (wpa_sm_set_ap_wpa_ie(wpa_s->wpa, bss_wpa,
1330 bss_wpa ? 2 + bss_wpa[1] : 0) ||
1331 wpa_sm_set_ap_rsn_ie(wpa_s->wpa, bss_rsn,
1332 bss_rsn ? 2 + bss_rsn[1] : 0))
1333 return -1;
1334 }
1335
1336 #ifdef CONFIG_NO_WPA
1337 wpa_s->group_cipher = WPA_CIPHER_NONE;
1338 wpa_s->pairwise_cipher = WPA_CIPHER_NONE;
1339 #else /* CONFIG_NO_WPA */
1340 sel = ie.group_cipher & ssid->group_cipher;
1341 wpa_s->group_cipher = wpa_pick_group_cipher(sel);
1342 if (wpa_s->group_cipher < 0) {
1343 wpa_msg(wpa_s, MSG_WARNING, "WPA: Failed to select group "
1344 "cipher");
1345 return -1;
1346 }
1347 wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using GTK %s",
1348 wpa_cipher_txt(wpa_s->group_cipher));
1349
1350 sel = ie.pairwise_cipher & ssid->pairwise_cipher;
1351 wpa_s->pairwise_cipher = wpa_pick_pairwise_cipher(sel, 1);
1352 if (wpa_s->pairwise_cipher < 0) {
1353 wpa_msg(wpa_s, MSG_WARNING, "WPA: Failed to select pairwise "
1354 "cipher");
1355 return -1;
1356 }
1357 wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using PTK %s",
1358 wpa_cipher_txt(wpa_s->pairwise_cipher));
1359 #endif /* CONFIG_NO_WPA */
1360
1361 sel = ie.key_mgmt & ssid->key_mgmt;
1362 #ifdef CONFIG_SAE
1363 if (!(wpa_s->drv_flags & WPA_DRIVER_FLAGS_SAE))
1364 sel &= ~(WPA_KEY_MGMT_SAE | WPA_KEY_MGMT_FT_SAE);
1365 #endif /* CONFIG_SAE */
1366 if (0) {
1367 #ifdef CONFIG_SUITEB192
1368 } else if (sel & WPA_KEY_MGMT_IEEE8021X_SUITE_B_192) {
1369 wpa_s->key_mgmt = WPA_KEY_MGMT_IEEE8021X_SUITE_B_192;
1370 wpa_dbg(wpa_s, MSG_DEBUG,
1371 "WPA: using KEY_MGMT 802.1X with Suite B (192-bit)");
1372 #endif /* CONFIG_SUITEB192 */
1373 #ifdef CONFIG_SUITEB
1374 } else if (sel & WPA_KEY_MGMT_IEEE8021X_SUITE_B) {
1375 wpa_s->key_mgmt = WPA_KEY_MGMT_IEEE8021X_SUITE_B;
1376 wpa_dbg(wpa_s, MSG_DEBUG,
1377 "WPA: using KEY_MGMT 802.1X with Suite B");
1378 #endif /* CONFIG_SUITEB */
1379 #ifdef CONFIG_FILS
1380 #ifdef CONFIG_IEEE80211R
1381 } else if (sel & WPA_KEY_MGMT_FT_FILS_SHA384) {
1382 wpa_s->key_mgmt = WPA_KEY_MGMT_FT_FILS_SHA384;
1383 wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using KEY_MGMT FT-FILS-SHA384");
1384 } else if (sel & WPA_KEY_MGMT_FT_FILS_SHA256) {
1385 wpa_s->key_mgmt = WPA_KEY_MGMT_FT_FILS_SHA256;
1386 wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using KEY_MGMT FT-FILS-SHA256");
1387 #endif /* CONFIG_IEEE80211R */
1388 } else if (sel & WPA_KEY_MGMT_FILS_SHA384) {
1389 wpa_s->key_mgmt = WPA_KEY_MGMT_FILS_SHA384;
1390 wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using KEY_MGMT FILS-SHA384");
1391 } else if (sel & WPA_KEY_MGMT_FILS_SHA256) {
1392 wpa_s->key_mgmt = WPA_KEY_MGMT_FILS_SHA256;
1393 wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using KEY_MGMT FILS-SHA256");
1394 #endif /* CONFIG_FILS */
1395 #ifdef CONFIG_IEEE80211R
1396 #ifdef CONFIG_SHA384
1397 } else if (sel & WPA_KEY_MGMT_FT_IEEE8021X_SHA384) {
1398 wpa_s->key_mgmt = WPA_KEY_MGMT_FT_IEEE8021X_SHA384;
1399 wpa_dbg(wpa_s, MSG_DEBUG,
1400 "WPA: using KEY_MGMT FT/802.1X-SHA384");
1401 if (pmksa_cache_get_current(wpa_s->wpa)) {
1402 /* PMKSA caching with FT is not fully functional, so
1403 * disable the case for now. */
1404 wpa_dbg(wpa_s, MSG_DEBUG,
1405 "WPA: Disable PMKSA caching for FT/802.1X connection");
1406 pmksa_cache_clear_current(wpa_s->wpa);
1407 }
1408 #endif /* CONFIG_SHA384 */
1409 } else if (sel & WPA_KEY_MGMT_FT_IEEE8021X) {
1410 wpa_s->key_mgmt = WPA_KEY_MGMT_FT_IEEE8021X;
1411 wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using KEY_MGMT FT/802.1X");
1412 if (pmksa_cache_get_current(wpa_s->wpa)) {
1413 /* PMKSA caching with FT is not fully functional, so
1414 * disable the case for now. */
1415 wpa_dbg(wpa_s, MSG_DEBUG,
1416 "WPA: Disable PMKSA caching for FT/802.1X connection");
1417 pmksa_cache_clear_current(wpa_s->wpa);
1418 }
1419 } else if (sel & WPA_KEY_MGMT_FT_PSK) {
1420 wpa_s->key_mgmt = WPA_KEY_MGMT_FT_PSK;
1421 wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using KEY_MGMT FT/PSK");
1422 #endif /* CONFIG_IEEE80211R */
1423 #ifdef CONFIG_SAE
1424 } else if (sel & WPA_KEY_MGMT_SAE) {
1425 wpa_s->key_mgmt = WPA_KEY_MGMT_SAE;
1426 wpa_dbg(wpa_s, MSG_DEBUG, "RSN: using KEY_MGMT SAE");
1427 } else if (sel & WPA_KEY_MGMT_FT_SAE) {
1428 wpa_s->key_mgmt = WPA_KEY_MGMT_FT_SAE;
1429 wpa_dbg(wpa_s, MSG_DEBUG, "RSN: using KEY_MGMT FT/SAE");
1430 #endif /* CONFIG_SAE */
1431 #ifdef CONFIG_IEEE80211W
1432 } else if (sel & WPA_KEY_MGMT_IEEE8021X_SHA256) {
1433 wpa_s->key_mgmt = WPA_KEY_MGMT_IEEE8021X_SHA256;
1434 wpa_dbg(wpa_s, MSG_DEBUG,
1435 "WPA: using KEY_MGMT 802.1X with SHA256");
1436 } else if (sel & WPA_KEY_MGMT_PSK_SHA256) {
1437 wpa_s->key_mgmt = WPA_KEY_MGMT_PSK_SHA256;
1438 wpa_dbg(wpa_s, MSG_DEBUG,
1439 "WPA: using KEY_MGMT PSK with SHA256");
1440 #endif /* CONFIG_IEEE80211W */
1441 } else if (sel & WPA_KEY_MGMT_IEEE8021X) {
1442 wpa_s->key_mgmt = WPA_KEY_MGMT_IEEE8021X;
1443 wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using KEY_MGMT 802.1X");
1444 } else if (sel & WPA_KEY_MGMT_PSK) {
1445 wpa_s->key_mgmt = WPA_KEY_MGMT_PSK;
1446 wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using KEY_MGMT WPA-PSK");
1447 } else if (sel & WPA_KEY_MGMT_WPA_NONE) {
1448 wpa_s->key_mgmt = WPA_KEY_MGMT_WPA_NONE;
1449 wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using KEY_MGMT WPA-NONE");
1450 #ifdef CONFIG_HS20
1451 } else if (sel & WPA_KEY_MGMT_OSEN) {
1452 wpa_s->key_mgmt = WPA_KEY_MGMT_OSEN;
1453 wpa_dbg(wpa_s, MSG_DEBUG, "HS 2.0: using KEY_MGMT OSEN");
1454 #endif /* CONFIG_HS20 */
1455 #ifdef CONFIG_OWE
1456 } else if (sel & WPA_KEY_MGMT_OWE) {
1457 wpa_s->key_mgmt = WPA_KEY_MGMT_OWE;
1458 wpa_dbg(wpa_s, MSG_DEBUG, "RSN: using KEY_MGMT OWE");
1459 #endif /* CONFIG_OWE */
1460 #ifdef CONFIG_DPP
1461 } else if (sel & WPA_KEY_MGMT_DPP) {
1462 wpa_s->key_mgmt = WPA_KEY_MGMT_DPP;
1463 wpa_dbg(wpa_s, MSG_DEBUG, "RSN: using KEY_MGMT DPP");
1464 #endif /* CONFIG_DPP */
1465 } else {
1466 wpa_msg(wpa_s, MSG_WARNING, "WPA: Failed to select "
1467 "authenticated key management type");
1468 return -1;
1469 }
1470
1471 wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_KEY_MGMT, wpa_s->key_mgmt);
1472 wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_PAIRWISE,
1473 wpa_s->pairwise_cipher);
1474 wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_GROUP, wpa_s->group_cipher);
1475
1476 #ifdef CONFIG_IEEE80211W
1477 sel = ie.mgmt_group_cipher;
1478 if (ssid->group_mgmt_cipher)
1479 sel &= ssid->group_mgmt_cipher;
1480 if (wpas_get_ssid_pmf(wpa_s, ssid) == NO_MGMT_FRAME_PROTECTION ||
1481 !(ie.capabilities & WPA_CAPABILITY_MFPC))
1482 sel = 0;
1483 if (sel & WPA_CIPHER_AES_128_CMAC) {
1484 wpa_s->mgmt_group_cipher = WPA_CIPHER_AES_128_CMAC;
1485 wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using MGMT group cipher "
1486 "AES-128-CMAC");
1487 } else if (sel & WPA_CIPHER_BIP_GMAC_128) {
1488 wpa_s->mgmt_group_cipher = WPA_CIPHER_BIP_GMAC_128;
1489 wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using MGMT group cipher "
1490 "BIP-GMAC-128");
1491 } else if (sel & WPA_CIPHER_BIP_GMAC_256) {
1492 wpa_s->mgmt_group_cipher = WPA_CIPHER_BIP_GMAC_256;
1493 wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using MGMT group cipher "
1494 "BIP-GMAC-256");
1495 } else if (sel & WPA_CIPHER_BIP_CMAC_256) {
1496 wpa_s->mgmt_group_cipher = WPA_CIPHER_BIP_CMAC_256;
1497 wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using MGMT group cipher "
1498 "BIP-CMAC-256");
1499 } else {
1500 wpa_s->mgmt_group_cipher = 0;
1501 wpa_dbg(wpa_s, MSG_DEBUG, "WPA: not using MGMT group cipher");
1502 }
1503 wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_MGMT_GROUP,
1504 wpa_s->mgmt_group_cipher);
1505 wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_MFP,
1506 wpas_get_ssid_pmf(wpa_s, ssid));
1507 #endif /* CONFIG_IEEE80211W */
1508
1509 if (wpa_sm_set_assoc_wpa_ie_default(wpa_s->wpa, wpa_ie, wpa_ie_len)) {
1510 wpa_msg(wpa_s, MSG_WARNING, "WPA: Failed to generate WPA IE");
1511 return -1;
1512 }
1513
1514 if (wpa_key_mgmt_wpa_psk(ssid->key_mgmt)) {
1515 int psk_set = 0;
1516 int sae_only;
1517
1518 sae_only = (ssid->key_mgmt & (WPA_KEY_MGMT_PSK |
1519 WPA_KEY_MGMT_FT_PSK |
1520 WPA_KEY_MGMT_PSK_SHA256)) == 0;
1521
1522 if (ssid->psk_set && !sae_only) {
1523 wpa_hexdump_key(MSG_MSGDUMP, "PSK (set in config)",
1524 ssid->psk, PMK_LEN);
1525 wpa_sm_set_pmk(wpa_s->wpa, ssid->psk, PMK_LEN, NULL,
1526 NULL);
1527 psk_set = 1;
1528 }
1529
1530 if (wpa_key_mgmt_sae(ssid->key_mgmt) &&
1531 (ssid->sae_password || ssid->passphrase))
1532 psk_set = 1;
1533
1534 #ifndef CONFIG_NO_PBKDF2
1535 if (bss && ssid->bssid_set && ssid->ssid_len == 0 &&
1536 ssid->passphrase && !sae_only) {
1537 u8 psk[PMK_LEN];
1538 pbkdf2_sha1(ssid->passphrase, bss->ssid, bss->ssid_len,
1539 4096, psk, PMK_LEN);
1540 wpa_hexdump_key(MSG_MSGDUMP, "PSK (from passphrase)",
1541 psk, PMK_LEN);
1542 wpa_sm_set_pmk(wpa_s->wpa, psk, PMK_LEN, NULL, NULL);
1543 psk_set = 1;
1544 os_memset(psk, 0, sizeof(psk));
1545 }
1546 #endif /* CONFIG_NO_PBKDF2 */
1547 #ifdef CONFIG_EXT_PASSWORD
1548 if (ssid->ext_psk && !sae_only) {
1549 struct wpabuf *pw = ext_password_get(wpa_s->ext_pw,
1550 ssid->ext_psk);
1551 char pw_str[64 + 1];
1552 u8 psk[PMK_LEN];
1553
1554 if (pw == NULL) {
1555 wpa_msg(wpa_s, MSG_INFO, "EXT PW: No PSK "
1556 "found from external storage");
1557 return -1;
1558 }
1559
1560 if (wpabuf_len(pw) < 8 || wpabuf_len(pw) > 64) {
1561 wpa_msg(wpa_s, MSG_INFO, "EXT PW: Unexpected "
1562 "PSK length %d in external storage",
1563 (int) wpabuf_len(pw));
1564 ext_password_free(pw);
1565 return -1;
1566 }
1567
1568 os_memcpy(pw_str, wpabuf_head(pw), wpabuf_len(pw));
1569 pw_str[wpabuf_len(pw)] = '\0';
1570
1571 #ifndef CONFIG_NO_PBKDF2
1572 if (wpabuf_len(pw) >= 8 && wpabuf_len(pw) < 64 && bss)
1573 {
1574 pbkdf2_sha1(pw_str, bss->ssid, bss->ssid_len,
1575 4096, psk, PMK_LEN);
1576 os_memset(pw_str, 0, sizeof(pw_str));
1577 wpa_hexdump_key(MSG_MSGDUMP, "PSK (from "
1578 "external passphrase)",
1579 psk, PMK_LEN);
1580 wpa_sm_set_pmk(wpa_s->wpa, psk, PMK_LEN, NULL,
1581 NULL);
1582 psk_set = 1;
1583 os_memset(psk, 0, sizeof(psk));
1584 } else
1585 #endif /* CONFIG_NO_PBKDF2 */
1586 if (wpabuf_len(pw) == 2 * PMK_LEN) {
1587 if (hexstr2bin(pw_str, psk, PMK_LEN) < 0) {
1588 wpa_msg(wpa_s, MSG_INFO, "EXT PW: "
1589 "Invalid PSK hex string");
1590 os_memset(pw_str, 0, sizeof(pw_str));
1591 ext_password_free(pw);
1592 return -1;
1593 }
1594 wpa_hexdump_key(MSG_MSGDUMP,
1595 "PSK (from external PSK)",
1596 psk, PMK_LEN);
1597 wpa_sm_set_pmk(wpa_s->wpa, psk, PMK_LEN, NULL,
1598 NULL);
1599 psk_set = 1;
1600 os_memset(psk, 0, sizeof(psk));
1601 } else {
1602 wpa_msg(wpa_s, MSG_INFO, "EXT PW: No suitable "
1603 "PSK available");
1604 os_memset(pw_str, 0, sizeof(pw_str));
1605 ext_password_free(pw);
1606 return -1;
1607 }
1608
1609 os_memset(pw_str, 0, sizeof(pw_str));
1610 ext_password_free(pw);
1611 }
1612 #endif /* CONFIG_EXT_PASSWORD */
1613
1614 if (!psk_set) {
1615 wpa_msg(wpa_s, MSG_INFO,
1616 "No PSK available for association");
1617 wpas_auth_failed(wpa_s, "NO_PSK_AVAILABLE");
1618 return -1;
1619 }
1620 #ifdef CONFIG_OWE
1621 } else if (wpa_s->key_mgmt == WPA_KEY_MGMT_OWE) {
1622 /* OWE Diffie-Hellman exchange in (Re)Association
1623 * Request/Response frames set the PMK, so do not override it
1624 * here. */
1625 #endif /* CONFIG_OWE */
1626 } else
1627 wpa_sm_set_pmk_from_pmksa(wpa_s->wpa);
1628
1629 return 0;
1630 }
1631
1632
1633 static void wpas_ext_capab_byte(struct wpa_supplicant *wpa_s, u8 *pos, int idx)
1634 {
1635 *pos = 0x00;
1636
1637 switch (idx) {
1638 case 0: /* Bits 0-7 */
1639 break;
1640 case 1: /* Bits 8-15 */
1641 break;
1642 case 2: /* Bits 16-23 */
1643 #ifdef CONFIG_WNM
1644 *pos |= 0x02; /* Bit 17 - WNM-Sleep Mode */
1645 *pos |= 0x08; /* Bit 19 - BSS Transition */
1646 #endif /* CONFIG_WNM */
1647 break;
1648 case 3: /* Bits 24-31 */
1649 #ifdef CONFIG_WNM
1650 *pos |= 0x02; /* Bit 25 - SSID List */
1651 #endif /* CONFIG_WNM */
1652 #ifdef CONFIG_INTERWORKING
1653 if (wpa_s->conf->interworking)
1654 *pos |= 0x80; /* Bit 31 - Interworking */
1655 #endif /* CONFIG_INTERWORKING */
1656 break;
1657 case 4: /* Bits 32-39 */
1658 #ifdef CONFIG_INTERWORKING
1659 if (wpa_s->drv_flags / WPA_DRIVER_FLAGS_QOS_MAPPING)
1660 *pos |= 0x01; /* Bit 32 - QoS Map */
1661 #endif /* CONFIG_INTERWORKING */
1662 break;
1663 case 5: /* Bits 40-47 */
1664 #ifdef CONFIG_HS20
1665 if (wpa_s->conf->hs20)
1666 *pos |= 0x40; /* Bit 46 - WNM-Notification */
1667 #endif /* CONFIG_HS20 */
1668 #ifdef CONFIG_MBO
1669 *pos |= 0x40; /* Bit 46 - WNM-Notification */
1670 #endif /* CONFIG_MBO */
1671 break;
1672 case 6: /* Bits 48-55 */
1673 break;
1674 case 7: /* Bits 56-63 */
1675 break;
1676 case 8: /* Bits 64-71 */
1677 if (wpa_s->conf->ftm_responder)
1678 *pos |= 0x40; /* Bit 70 - FTM responder */
1679 if (wpa_s->conf->ftm_initiator)
1680 *pos |= 0x80; /* Bit 71 - FTM initiator */
1681 break;
1682 case 9: /* Bits 72-79 */
1683 #ifdef CONFIG_FILS
1684 if (!wpa_s->disable_fils)
1685 *pos |= 0x01;
1686 #endif /* CONFIG_FILS */
1687 break;
1688 }
1689 }
1690
1691
1692 int wpas_build_ext_capab(struct wpa_supplicant *wpa_s, u8 *buf, size_t buflen)
1693 {
1694 u8 *pos = buf;
1695 u8 len = 10, i;
1696
1697 if (len < wpa_s->extended_capa_len)
1698 len = wpa_s->extended_capa_len;
1699 if (buflen < (size_t) len + 2) {
1700 wpa_printf(MSG_INFO,
1701 "Not enough room for building extended capabilities element");
1702 return -1;
1703 }
1704
1705 *pos++ = WLAN_EID_EXT_CAPAB;
1706 *pos++ = len;
1707 for (i = 0; i < len; i++, pos++) {
1708 wpas_ext_capab_byte(wpa_s, pos, i);
1709
1710 if (i < wpa_s->extended_capa_len) {
1711 *pos &= ~wpa_s->extended_capa_mask[i];
1712 *pos |= wpa_s->extended_capa[i];
1713 }
1714 }
1715
1716 while (len > 0 && buf[1 + len] == 0) {
1717 len--;
1718 buf[1] = len;
1719 }
1720 if (len == 0)
1721 return 0;
1722
1723 return 2 + len;
1724 }
1725
1726
1727 static int wpas_valid_bss(struct wpa_supplicant *wpa_s,
1728 struct wpa_bss *test_bss)
1729 {
1730 struct wpa_bss *bss;
1731
1732 dl_list_for_each(bss, &wpa_s->bss, struct wpa_bss, list) {
1733 if (bss == test_bss)
1734 return 1;
1735 }
1736
1737 return 0;
1738 }
1739
1740
1741 static int wpas_valid_ssid(struct wpa_supplicant *wpa_s,
1742 struct wpa_ssid *test_ssid)
1743 {
1744 struct wpa_ssid *ssid;
1745
1746 for (ssid = wpa_s->conf->ssid; ssid; ssid = ssid->next) {
1747 if (ssid == test_ssid)
1748 return 1;
1749 }
1750
1751 return 0;
1752 }
1753
1754
1755 int wpas_valid_bss_ssid(struct wpa_supplicant *wpa_s, struct wpa_bss *test_bss,
1756 struct wpa_ssid *test_ssid)
1757 {
1758 if (test_bss && !wpas_valid_bss(wpa_s, test_bss))
1759 return 0;
1760
1761 return test_ssid == NULL || wpas_valid_ssid(wpa_s, test_ssid);
1762 }
1763
1764
1765 void wpas_connect_work_free(struct wpa_connect_work *cwork)
1766 {
1767 if (cwork == NULL)
1768 return;
1769 os_free(cwork);
1770 }
1771
1772
1773 void wpas_connect_work_done(struct wpa_supplicant *wpa_s)
1774 {
1775 struct wpa_connect_work *cwork;
1776 struct wpa_radio_work *work = wpa_s->connect_work;
1777
1778 if (!work)
1779 return;
1780
1781 wpa_s->connect_work = NULL;
1782 cwork = work->ctx;
1783 work->ctx = NULL;
1784 wpas_connect_work_free(cwork);
1785 radio_work_done(work);
1786 }
1787
1788
1789 int wpas_update_random_addr(struct wpa_supplicant *wpa_s, int style)
1790 {
1791 struct os_reltime now;
1792 u8 addr[ETH_ALEN];
1793
1794 os_get_reltime(&now);
1795 if (wpa_s->last_mac_addr_style == style &&
1796 wpa_s->last_mac_addr_change.sec != 0 &&
1797 !os_reltime_expired(&now, &wpa_s->last_mac_addr_change,
1798 wpa_s->conf->rand_addr_lifetime)) {
1799 wpa_msg(wpa_s, MSG_DEBUG,
1800 "Previously selected random MAC address has not yet expired");
1801 return 0;
1802 }
1803
1804 switch (style) {
1805 case 1:
1806 if (random_mac_addr(addr) < 0)
1807 return -1;
1808 break;
1809 case 2:
1810 os_memcpy(addr, wpa_s->perm_addr, ETH_ALEN);
1811 if (random_mac_addr_keep_oui(addr) < 0)
1812 return -1;
1813 break;
1814 default:
1815 return -1;
1816 }
1817
1818 if (wpa_drv_set_mac_addr(wpa_s, addr) < 0) {
1819 wpa_msg(wpa_s, MSG_INFO,
1820 "Failed to set random MAC address");
1821 return -1;
1822 }
1823
1824 os_get_reltime(&wpa_s->last_mac_addr_change);
1825 wpa_s->mac_addr_changed = 1;
1826 wpa_s->last_mac_addr_style = style;
1827
1828 if (wpa_supplicant_update_mac_addr(wpa_s) < 0) {
1829 wpa_msg(wpa_s, MSG_INFO,
1830 "Could not update MAC address information");
1831 return -1;
1832 }
1833
1834 wpa_msg(wpa_s, MSG_DEBUG, "Using random MAC address " MACSTR,
1835 MAC2STR(addr));
1836
1837 return 0;
1838 }
1839
1840
1841 int wpas_update_random_addr_disassoc(struct wpa_supplicant *wpa_s)
1842 {
1843 if (wpa_s->wpa_state >= WPA_AUTHENTICATING ||
1844 !wpa_s->conf->preassoc_mac_addr)
1845 return 0;
1846
1847 return wpas_update_random_addr(wpa_s, wpa_s->conf->preassoc_mac_addr);
1848 }
1849
1850
1851 static void wpas_start_assoc_cb(struct wpa_radio_work *work, int deinit);
1852
1853 /**
1854 * wpa_supplicant_associate - Request association
1855 * @wpa_s: Pointer to wpa_supplicant data
1856 * @bss: Scan results for the selected BSS, or %NULL if not available
1857 * @ssid: Configuration data for the selected network
1858 *
1859 * This function is used to request %wpa_supplicant to associate with a BSS.
1860 */
1861 void wpa_supplicant_associate(struct wpa_supplicant *wpa_s,
1862 struct wpa_bss *bss, struct wpa_ssid *ssid)
1863 {
1864 struct wpa_connect_work *cwork;
1865 int rand_style;
1866
1867 wpa_s->own_disconnect_req = 0;
1868
1869 /*
1870 * If we are starting a new connection, any previously pending EAPOL
1871 * RX cannot be valid anymore.
1872 */
1873 wpabuf_free(wpa_s->pending_eapol_rx);
1874 wpa_s->pending_eapol_rx = NULL;
1875
1876 if (ssid->mac_addr == -1)
1877 rand_style = wpa_s->conf->mac_addr;
1878 else
1879 rand_style = ssid->mac_addr;
1880
1881 wmm_ac_clear_saved_tspecs(wpa_s);
1882 wpa_s->reassoc_same_bss = 0;
1883 wpa_s->reassoc_same_ess = 0;
1884 #ifdef CONFIG_TESTING_OPTIONS
1885 wpa_s->testing_resend_assoc = 0;
1886 #endif /* CONFIG_TESTING_OPTIONS */
1887
1888 if (wpa_s->last_ssid == ssid) {
1889 wpa_dbg(wpa_s, MSG_DEBUG, "Re-association to the same ESS");
1890 wpa_s->reassoc_same_ess = 1;
1891 if (wpa_s->current_bss && wpa_s->current_bss == bss) {
1892 wmm_ac_save_tspecs(wpa_s);
1893 wpa_s->reassoc_same_bss = 1;
1894 }
1895 }
1896
1897 if (rand_style > 0 && !wpa_s->reassoc_same_ess) {
1898 if (wpas_update_random_addr(wpa_s, rand_style) < 0)
1899 return;
1900 wpa_sm_pmksa_cache_flush(wpa_s->wpa, ssid);
1901 } else if (rand_style == 0 && wpa_s->mac_addr_changed) {
1902 if (wpa_drv_set_mac_addr(wpa_s, NULL) < 0) {
1903 wpa_msg(wpa_s, MSG_INFO,
1904 "Could not restore permanent MAC address");
1905 return;
1906 }
1907 wpa_s->mac_addr_changed = 0;
1908 if (wpa_supplicant_update_mac_addr(wpa_s) < 0) {
1909 wpa_msg(wpa_s, MSG_INFO,
1910 "Could not update MAC address information");
1911 return;
1912 }
1913 wpa_msg(wpa_s, MSG_DEBUG, "Using permanent MAC address");
1914 }
1915 wpa_s->last_ssid = ssid;
1916
1917 #ifdef CONFIG_IBSS_RSN
1918 ibss_rsn_deinit(wpa_s->ibss_rsn);
1919 wpa_s->ibss_rsn = NULL;
1920 #else /* CONFIG_IBSS_RSN */
1921 if (ssid->mode == WPAS_MODE_IBSS &&
1922 !(ssid->key_mgmt & (WPA_KEY_MGMT_NONE | WPA_KEY_MGMT_WPA_NONE))) {
1923 wpa_msg(wpa_s, MSG_INFO,
1924 "IBSS RSN not supported in the build");
1925 return;
1926 }
1927 #endif /* CONFIG_IBSS_RSN */
1928
1929 if (ssid->mode == WPAS_MODE_AP || ssid->mode == WPAS_MODE_P2P_GO ||
1930 ssid->mode == WPAS_MODE_P2P_GROUP_FORMATION) {
1931 #ifdef CONFIG_AP
1932 if (!(wpa_s->drv_flags & WPA_DRIVER_FLAGS_AP)) {
1933 wpa_msg(wpa_s, MSG_INFO, "Driver does not support AP "
1934 "mode");
1935 return;
1936 }
1937 if (wpa_supplicant_create_ap(wpa_s, ssid) < 0) {
1938 wpa_supplicant_set_state(wpa_s, WPA_DISCONNECTED);
1939 if (ssid->mode == WPAS_MODE_P2P_GROUP_FORMATION)
1940 wpas_p2p_ap_setup_failed(wpa_s);
1941 return;
1942 }
1943 wpa_s->current_bss = bss;
1944 #else /* CONFIG_AP */
1945 wpa_msg(wpa_s, MSG_ERROR, "AP mode support not included in "
1946 "the build");
1947 #endif /* CONFIG_AP */
1948 return;
1949 }
1950
1951 if (ssid->mode == WPAS_MODE_MESH) {
1952 #ifdef CONFIG_MESH
1953 if (!(wpa_s->drv_flags & WPA_DRIVER_FLAGS_MESH)) {
1954 wpa_msg(wpa_s, MSG_INFO,
1955 "Driver does not support mesh mode");
1956 return;
1957 }
1958 if (bss)
1959 ssid->frequency = bss->freq;
1960 if (wpa_supplicant_join_mesh(wpa_s, ssid) < 0) {
1961 wpa_msg(wpa_s, MSG_ERROR, "Could not join mesh");
1962 return;
1963 }
1964 wpa_s->current_bss = bss;
1965 wpa_msg(wpa_s, MSG_INFO, MESH_GROUP_STARTED "ssid=\"%s\" id=%d",
1966 wpa_ssid_txt(ssid->ssid, ssid->ssid_len),
1967 ssid->id);
1968 wpas_notify_mesh_group_started(wpa_s, ssid);
1969 #else /* CONFIG_MESH */
1970 wpa_msg(wpa_s, MSG_ERROR,
1971 "mesh mode support not included in the build");
1972 #endif /* CONFIG_MESH */
1973 return;
1974 }
1975
1976 /*
1977 * Set WPA state machine configuration to match the selected network now
1978 * so that the information is available before wpas_start_assoc_cb()
1979 * gets called. This is needed at least for RSN pre-authentication where
1980 * candidate APs are added to a list based on scan result processing
1981 * before completion of the first association.
1982 */
1983 wpa_supplicant_rsn_supp_set_config(wpa_s, ssid);
1984
1985 #ifdef CONFIG_DPP
1986 if (wpas_dpp_check_connect(wpa_s, ssid, bss) != 0)
1987 return;
1988 #endif /* CONFIG_DPP */
1989
1990 #ifdef CONFIG_TDLS
1991 if (bss)
1992 wpa_tdls_ap_ies(wpa_s->wpa, (const u8 *) (bss + 1),
1993 bss->ie_len);
1994 #endif /* CONFIG_TDLS */
1995
1996 if ((wpa_s->drv_flags & WPA_DRIVER_FLAGS_SME) &&
1997 ssid->mode == IEEE80211_MODE_INFRA) {
1998 sme_authenticate(wpa_s, bss, ssid);
1999 return;
2000 }
2001
2002 if (wpa_s->connect_work) {
2003 wpa_dbg(wpa_s, MSG_DEBUG, "Reject wpa_supplicant_associate() call since connect_work exist");
2004 return;
2005 }
2006
2007 if (radio_work_pending(wpa_s, "connect")) {
2008 wpa_dbg(wpa_s, MSG_DEBUG, "Reject wpa_supplicant_associate() call since pending work exist");
2009 return;
2010 }
2011
2012 #ifdef CONFIG_SME
2013 if (ssid->mode == WPAS_MODE_IBSS || ssid->mode == WPAS_MODE_MESH) {
2014 /* Clear possibly set auth_alg, if any, from last attempt. */
2015 wpa_s->sme.auth_alg = WPA_AUTH_ALG_OPEN;
2016 }
2017 #endif /* CONFIG_SME */
2018
2019 wpas_abort_ongoing_scan(wpa_s);
2020
2021 cwork = os_zalloc(sizeof(*cwork));
2022 if (cwork == NULL)
2023 return;
2024
2025 cwork->bss = bss;
2026 cwork->ssid = ssid;
2027
2028 if (radio_add_work(wpa_s, bss ? bss->freq : 0, "connect", 1,
2029 wpas_start_assoc_cb, cwork) < 0) {
2030 os_free(cwork);
2031 }
2032 }
2033
2034
2035 static int bss_is_ibss(struct wpa_bss *bss)
2036 {
2037 return (bss->caps & (IEEE80211_CAP_ESS | IEEE80211_CAP_IBSS)) ==
2038 IEEE80211_CAP_IBSS;
2039 }
2040
2041
2042 static int drv_supports_vht(struct wpa_supplicant *wpa_s,
2043 const struct wpa_ssid *ssid)
2044 {
2045 enum hostapd_hw_mode hw_mode;
2046 struct hostapd_hw_modes *mode = NULL;
2047 u8 channel;
2048 int i;
2049
2050 hw_mode = ieee80211_freq_to_chan(ssid->frequency, &channel);
2051 if (hw_mode == NUM_HOSTAPD_MODES)
2052 return 0;
2053 for (i = 0; wpa_s->hw.modes && i < wpa_s->hw.num_modes; i++) {
2054 if (wpa_s->hw.modes[i].mode == hw_mode) {
2055 mode = &wpa_s->hw.modes[i];
2056 break;
2057 }
2058 }
2059
2060 if (!mode)
2061 return 0;
2062
2063 return mode->vht_capab != 0;
2064 }
2065
2066
2067 void ibss_mesh_setup_freq(struct wpa_supplicant *wpa_s,
2068 const struct wpa_ssid *ssid,
2069 struct hostapd_freq_params *freq)
2070 {
2071 enum hostapd_hw_mode hw_mode;
2072 struct hostapd_hw_modes *mode = NULL;
2073 int ht40plus[] = { 36, 44, 52, 60, 100, 108, 116, 124, 132, 149, 157,
2074 184, 192 };
2075 int vht80[] = { 36, 52, 100, 116, 132, 149 };
2076 struct hostapd_channel_data *pri_chan = NULL, *sec_chan = NULL;
2077 u8 channel;
2078 int i, chan_idx, ht40 = -1, res, obss_scan = 1;
2079 unsigned int j, k;
2080 struct hostapd_freq_params vht_freq;
2081 int chwidth, seg0, seg1;
2082 u32 vht_caps = 0;
2083
2084 freq->freq = ssid->frequency;
2085
2086 for (j = 0; j < wpa_s->last_scan_res_used; j++) {
2087 struct wpa_bss *bss = wpa_s->last_scan_res[j];
2088
2089 if (ssid->mode != WPAS_MODE_IBSS)
2090 break;
2091
2092 /* Don't adjust control freq in case of fixed_freq */
2093 if (ssid->fixed_freq)
2094 break;
2095
2096 if (!bss_is_ibss(bss))
2097 continue;
2098
2099 if (ssid->ssid_len == bss->ssid_len &&
2100 os_memcmp(ssid->ssid, bss->ssid, bss->ssid_len) == 0) {
2101 wpa_printf(MSG_DEBUG,
2102 "IBSS already found in scan results, adjust control freq: %d",
2103 bss->freq);
2104 freq->freq = bss->freq;
2105 obss_scan = 0;
2106 break;
2107 }
2108 }
2109
2110 /* For IBSS check HT_IBSS flag */
2111 if (ssid->mode == WPAS_MODE_IBSS &&
2112 !(wpa_s->drv_flags & WPA_DRIVER_FLAGS_HT_IBSS))
2113 return;
2114
2115 if (wpa_s->group_cipher == WPA_CIPHER_WEP40 ||
2116 wpa_s->group_cipher == WPA_CIPHER_WEP104 ||
2117 wpa_s->pairwise_cipher == WPA_CIPHER_TKIP) {
2118 wpa_printf(MSG_DEBUG,
2119 "IBSS: WEP/TKIP detected, do not try to enable HT");
2120 return;
2121 }
2122
2123 hw_mode = ieee80211_freq_to_chan(freq->freq, &channel);
2124 for (i = 0; wpa_s->hw.modes && i < wpa_s->hw.num_modes; i++) {
2125 if (wpa_s->hw.modes[i].mode == hw_mode) {
2126 mode = &wpa_s->hw.modes[i];
2127 break;
2128 }
2129 }
2130
2131 if (!mode)
2132 return;
2133
2134 #ifdef CONFIG_HT_OVERRIDES
2135 if (ssid->disable_ht) {
2136 freq->ht_enabled = 0;
2137 return;
2138 }
2139 #endif /* CONFIG_HT_OVERRIDES */
2140
2141 freq->ht_enabled = ht_supported(mode);
2142 if (!freq->ht_enabled)
2143 return;
2144
2145 /* Setup higher BW only for 5 GHz */
2146 if (mode->mode != HOSTAPD_MODE_IEEE80211A)
2147 return;
2148
2149 for (chan_idx = 0; chan_idx < mode->num_channels; chan_idx++) {
2150 pri_chan = &mode->channels[chan_idx];
2151 if (pri_chan->chan == channel)
2152 break;
2153 pri_chan = NULL;
2154 }
2155 if (!pri_chan)
2156 return;
2157
2158 /* Check primary channel flags */
2159 if (pri_chan->flag & (HOSTAPD_CHAN_DISABLED | HOSTAPD_CHAN_NO_IR))
2160 return;
2161
2162 #ifdef CONFIG_HT_OVERRIDES
2163 if (ssid->disable_ht40)
2164 return;
2165 #endif /* CONFIG_HT_OVERRIDES */
2166
2167 /* Check/setup HT40+/HT40- */
2168 for (j = 0; j < ARRAY_SIZE(ht40plus); j++) {
2169 if (ht40plus[j] == channel) {
2170 ht40 = 1;
2171 break;
2172 }
2173 }
2174
2175 /* Find secondary channel */
2176 for (i = 0; i < mode->num_channels; i++) {
2177 sec_chan = &mode->channels[i];
2178 if (sec_chan->chan == channel + ht40 * 4)
2179 break;
2180 sec_chan = NULL;
2181 }
2182 if (!sec_chan)
2183 return;
2184
2185 /* Check secondary channel flags */
2186 if (sec_chan->flag & (HOSTAPD_CHAN_DISABLED | HOSTAPD_CHAN_NO_IR))
2187 return;
2188
2189 freq->channel = pri_chan->chan;
2190
2191 if (ht40 == -1) {
2192 if (!(pri_chan->flag & HOSTAPD_CHAN_HT40MINUS))
2193 return;
2194 } else {
2195 if (!(pri_chan->flag & HOSTAPD_CHAN_HT40PLUS))
2196 return;
2197 }
2198 freq->sec_channel_offset = ht40;
2199
2200 if (obss_scan) {
2201 struct wpa_scan_results *scan_res;
2202
2203 scan_res = wpa_supplicant_get_scan_results(wpa_s, NULL, 0);
2204 if (scan_res == NULL) {
2205 /* Back to HT20 */
2206 freq->sec_channel_offset = 0;
2207 return;
2208 }
2209
2210 res = check_40mhz_5g(mode, scan_res, pri_chan->chan,
2211 sec_chan->chan);
2212 switch (res) {
2213 case 0:
2214 /* Back to HT20 */
2215 freq->sec_channel_offset = 0;
2216 break;
2217 case 1:
2218 /* Configuration allowed */
2219 break;
2220 case 2:
2221 /* Switch pri/sec channels */
2222 freq->freq = hw_get_freq(mode, sec_chan->chan);
2223 freq->sec_channel_offset = -freq->sec_channel_offset;
2224 freq->channel = sec_chan->chan;
2225 break;
2226 default:
2227 freq->sec_channel_offset = 0;
2228 break;
2229 }
2230
2231 wpa_scan_results_free(scan_res);
2232 }
2233
2234 wpa_printf(MSG_DEBUG,
2235 "IBSS/mesh: setup freq channel %d, sec_channel_offset %d",
2236 freq->channel, freq->sec_channel_offset);
2237
2238 if (!drv_supports_vht(wpa_s, ssid))
2239 return;
2240
2241 /* For IBSS check VHT_IBSS flag */
2242 if (ssid->mode == WPAS_MODE_IBSS &&
2243 !(wpa_s->drv_flags & WPA_DRIVER_FLAGS_VHT_IBSS))
2244 return;
2245
2246 vht_freq = *freq;
2247
2248 #ifdef CONFIG_VHT_OVERRIDES
2249 if (ssid->disable_vht) {
2250 freq->vht_enabled = 0;
2251 return;
2252 }
2253 #endif /* CONFIG_VHT_OVERRIDES */
2254
2255 vht_freq.vht_enabled = vht_supported(mode);
2256 if (!vht_freq.vht_enabled)
2257 return;
2258
2259 /* setup center_freq1, bandwidth */
2260 for (j = 0; j < ARRAY_SIZE(vht80); j++) {
2261 if (freq->channel >= vht80[j] &&
2262 freq->channel < vht80[j] + 16)
2263 break;
2264 }
2265
2266 if (j == ARRAY_SIZE(vht80))
2267 return;
2268
2269 for (i = vht80[j]; i < vht80[j] + 16; i += 4) {
2270 struct hostapd_channel_data *chan;
2271
2272 chan = hw_get_channel_chan(mode, i, NULL);
2273 if (!chan)
2274 return;
2275
2276 /* Back to HT configuration if channel not usable */
2277 if (chan->flag & (HOSTAPD_CHAN_DISABLED | HOSTAPD_CHAN_NO_IR))
2278 return;
2279 }
2280
2281 chwidth = VHT_CHANWIDTH_80MHZ;
2282 seg0 = vht80[j] + 6;
2283 seg1 = 0;
2284
2285 if (ssid->max_oper_chwidth == VHT_CHANWIDTH_80P80MHZ) {
2286 /* setup center_freq2, bandwidth */
2287 for (k = 0; k < ARRAY_SIZE(vht80); k++) {
2288 /* Only accept 80 MHz segments separated by a gap */
2289 if (j == k || abs(vht80[j] - vht80[k]) == 16)
2290 continue;
2291 for (i = vht80[k]; i < vht80[k] + 16; i += 4) {
2292 struct hostapd_channel_data *chan;
2293
2294 chan = hw_get_channel_chan(mode, i, NULL);
2295 if (!chan)
2296 continue;
2297
2298 if (chan->flag & (HOSTAPD_CHAN_DISABLED |
2299 HOSTAPD_CHAN_NO_IR |
2300 HOSTAPD_CHAN_RADAR))
2301 continue;
2302
2303 /* Found a suitable second segment for 80+80 */
2304 chwidth = VHT_CHANWIDTH_80P80MHZ;
2305 vht_caps |=
2306 VHT_CAP_SUPP_CHAN_WIDTH_160_80PLUS80MHZ;
2307 seg1 = vht80[k] + 6;
2308 }
2309
2310 if (chwidth == VHT_CHANWIDTH_80P80MHZ)
2311 break;
2312 }
2313 } else if (ssid->max_oper_chwidth == VHT_CHANWIDTH_160MHZ) {
2314 if (freq->freq == 5180) {
2315 chwidth = VHT_CHANWIDTH_160MHZ;
2316 vht_caps |= VHT_CAP_SUPP_CHAN_WIDTH_160MHZ;
2317 seg0 = 50;
2318 } else if (freq->freq == 5520) {
2319 chwidth = VHT_CHANWIDTH_160MHZ;
2320 vht_caps |= VHT_CAP_SUPP_CHAN_WIDTH_160MHZ;
2321 seg0 = 114;
2322 }
2323 }
2324
2325 if (hostapd_set_freq_params(&vht_freq, mode->mode, freq->freq,
2326 freq->channel, freq->ht_enabled,
2327 vht_freq.vht_enabled,
2328 freq->sec_channel_offset,
2329 chwidth, seg0, seg1, vht_caps) != 0)
2330 return;
2331
2332 *freq = vht_freq;
2333
2334 wpa_printf(MSG_DEBUG, "IBSS: VHT setup freq cf1 %d, cf2 %d, bw %d",
2335 freq->center_freq1, freq->center_freq2, freq->bandwidth);
2336 }
2337
2338
2339 #ifdef CONFIG_FILS
2340 static size_t wpas_add_fils_hlp_req(struct wpa_supplicant *wpa_s, u8 *ie_buf,
2341 size_t ie_buf_len)
2342 {
2343 struct fils_hlp_req *req;
2344 size_t rem_len, hdr_len, hlp_len, len, ie_len = 0;
2345 const u8 *pos;
2346 u8 *buf = ie_buf;
2347
2348 dl_list_for_each(req, &wpa_s->fils_hlp_req, struct fils_hlp_req,
2349 list) {
2350 rem_len = ie_buf_len - ie_len;
2351 pos = wpabuf_head(req->pkt);
2352 hdr_len = 1 + 2 * ETH_ALEN + 6;
2353 hlp_len = wpabuf_len(req->pkt);
2354
2355 if (rem_len < 2 + hdr_len + hlp_len) {
2356 wpa_printf(MSG_ERROR,
2357 "FILS: Cannot fit HLP - rem_len=%lu to_fill=%lu",
2358 (unsigned long) rem_len,
2359 (unsigned long) (2 + hdr_len + hlp_len));
2360 break;
2361 }
2362
2363 len = (hdr_len + hlp_len) > 255 ? 255 : hdr_len + hlp_len;
2364 /* Element ID */
2365 *buf++ = WLAN_EID_EXTENSION;
2366 /* Length */
2367 *buf++ = len;
2368 /* Element ID Extension */
2369 *buf++ = WLAN_EID_EXT_FILS_HLP_CONTAINER;
2370 /* Destination MAC address */
2371 os_memcpy(buf, req->dst, ETH_ALEN);
2372 buf += ETH_ALEN;
2373 /* Source MAC address */
2374 os_memcpy(buf, wpa_s->own_addr, ETH_ALEN);
2375 buf += ETH_ALEN;
2376 /* LLC/SNAP Header */
2377 os_memcpy(buf, "\xaa\xaa\x03\x00\x00\x00", 6);
2378 buf += 6;
2379 /* HLP Packet */
2380 os_memcpy(buf, pos, len - hdr_len);
2381 buf += len - hdr_len;
2382 pos += len - hdr_len;
2383
2384 hlp_len -= len - hdr_len;
2385 ie_len += 2 + len;
2386 rem_len -= 2 + len;
2387
2388 while (hlp_len) {
2389 len = (hlp_len > 255) ? 255 : hlp_len;
2390 if (rem_len < 2 + len)
2391 break;
2392 *buf++ = WLAN_EID_FRAGMENT;
2393 *buf++ = len;
2394 os_memcpy(buf, pos, len);
2395 buf += len;
2396 pos += len;
2397
2398 hlp_len -= len;
2399 ie_len += 2 + len;
2400 rem_len -= 2 + len;
2401 }
2402 }
2403
2404 return ie_len;
2405 }
2406
2407
2408 int wpa_is_fils_supported(struct wpa_supplicant *wpa_s)
2409 {
2410 return (((wpa_s->drv_flags & WPA_DRIVER_FLAGS_SME) &&
2411 (wpa_s->drv_flags & WPA_DRIVER_FLAGS_SUPPORT_FILS)) ||
2412 (!(wpa_s->drv_flags & WPA_DRIVER_FLAGS_SME) &&
2413 (wpa_s->drv_flags & WPA_DRIVER_FLAGS_FILS_SK_OFFLOAD)));
2414 }
2415
2416
2417 int wpa_is_fils_sk_pfs_supported(struct wpa_supplicant *wpa_s)
2418 {
2419 #ifdef CONFIG_FILS_SK_PFS
2420 return (wpa_s->drv_flags & WPA_DRIVER_FLAGS_SME) &&
2421 (wpa_s->drv_flags & WPA_DRIVER_FLAGS_SUPPORT_FILS);
2422 #else /* CONFIG_FILS_SK_PFS */
2423 return 0;
2424 #endif /* CONFIG_FILS_SK_PFS */
2425 }
2426
2427 #endif /* CONFIG_FILS */
2428
2429
2430 static u8 * wpas_populate_assoc_ies(
2431 struct wpa_supplicant *wpa_s,
2432 struct wpa_bss *bss, struct wpa_ssid *ssid,
2433 struct wpa_driver_associate_params *params,
2434 enum wpa_drv_update_connect_params_mask *mask)
2435 {
2436 u8 *wpa_ie;
2437 size_t max_wpa_ie_len = 500;
2438 size_t wpa_ie_len;
2439 int algs = WPA_AUTH_ALG_OPEN;
2440 #ifdef CONFIG_FILS
2441 const u8 *realm, *username, *rrk;
2442 size_t realm_len, username_len, rrk_len;
2443 u16 next_seq_num;
2444 struct fils_hlp_req *req;
2445
2446 dl_list_for_each(req, &wpa_s->fils_hlp_req, struct fils_hlp_req,
2447 list) {
2448 max_wpa_ie_len += 3 + 2 * ETH_ALEN + 6 + wpabuf_len(req->pkt) +
2449 2 + 2 * wpabuf_len(req->pkt) / 255;
2450 }
2451 #endif /* CONFIG_FILS */
2452
2453 wpa_ie = os_malloc(max_wpa_ie_len);
2454 if (!wpa_ie) {
2455 wpa_printf(MSG_ERROR,
2456 "Failed to allocate connect IE buffer for %lu bytes",
2457 (unsigned long) max_wpa_ie_len);
2458 return NULL;
2459 }
2460
2461 if (bss && (wpa_bss_get_vendor_ie(bss, WPA_IE_VENDOR_TYPE) ||
2462 wpa_bss_get_ie(bss, WLAN_EID_RSN)) &&
2463 wpa_key_mgmt_wpa(ssid->key_mgmt)) {
2464 int try_opportunistic;
2465 const u8 *cache_id = NULL;
2466
2467 try_opportunistic = (ssid->proactive_key_caching < 0 ?
2468 wpa_s->conf->okc :
2469 ssid->proactive_key_caching) &&
2470 (ssid->proto & WPA_PROTO_RSN);
2471 #ifdef CONFIG_FILS
2472 if (wpa_key_mgmt_fils(ssid->key_mgmt))
2473 cache_id = wpa_bss_get_fils_cache_id(bss);
2474 #endif /* CONFIG_FILS */
2475 if (pmksa_cache_set_current(wpa_s->wpa, NULL, bss->bssid,
2476 ssid, try_opportunistic,
2477 cache_id, 0) == 0)
2478 eapol_sm_notify_pmkid_attempt(wpa_s->eapol);
2479 wpa_ie_len = max_wpa_ie_len;
2480 if (wpa_supplicant_set_suites(wpa_s, bss, ssid,
2481 wpa_ie, &wpa_ie_len)) {
2482 wpa_msg(wpa_s, MSG_WARNING, "WPA: Failed to set WPA "
2483 "key management and encryption suites");
2484 os_free(wpa_ie);
2485 return NULL;
2486 }
2487 } else if ((ssid->key_mgmt & WPA_KEY_MGMT_IEEE8021X_NO_WPA) && bss &&
2488 wpa_key_mgmt_wpa_ieee8021x(ssid->key_mgmt)) {
2489 /*
2490 * Both WPA and non-WPA IEEE 802.1X enabled in configuration -
2491 * use non-WPA since the scan results did not indicate that the
2492 * AP is using WPA or WPA2.
2493 */
2494 wpa_supplicant_set_non_wpa_policy(wpa_s, ssid);
2495 wpa_ie_len = 0;
2496 wpa_s->wpa_proto = 0;
2497 } else if (wpa_key_mgmt_wpa_any(ssid->key_mgmt)) {
2498 wpa_ie_len = max_wpa_ie_len;
2499 if (wpa_supplicant_set_suites(wpa_s, NULL, ssid,
2500 wpa_ie, &wpa_ie_len)) {
2501 wpa_msg(wpa_s, MSG_WARNING, "WPA: Failed to set WPA "
2502 "key management and encryption suites (no "
2503 "scan results)");
2504 os_free(wpa_ie);
2505 return NULL;
2506 }
2507 #ifdef CONFIG_WPS
2508 } else if (ssid->key_mgmt & WPA_KEY_MGMT_WPS) {
2509 struct wpabuf *wps_ie;
2510 wps_ie = wps_build_assoc_req_ie(wpas_wps_get_req_type(ssid));
2511 if (wps_ie && wpabuf_len(wps_ie) <= max_wpa_ie_len) {
2512 wpa_ie_len = wpabuf_len(wps_ie);
2513 os_memcpy(wpa_ie, wpabuf_head(wps_ie), wpa_ie_len);
2514 } else
2515 wpa_ie_len = 0;
2516 wpabuf_free(wps_ie);
2517 wpa_supplicant_set_non_wpa_policy(wpa_s, ssid);
2518 if (!bss || (bss->caps & IEEE80211_CAP_PRIVACY))
2519 params->wps = WPS_MODE_PRIVACY;
2520 else
2521 params->wps = WPS_MODE_OPEN;
2522 wpa_s->wpa_proto = 0;
2523 #endif /* CONFIG_WPS */
2524 } else {
2525 wpa_supplicant_set_non_wpa_policy(wpa_s, ssid);
2526 wpa_ie_len = 0;
2527 wpa_s->wpa_proto = 0;
2528 }
2529
2530 #ifdef IEEE8021X_EAPOL
2531 if (ssid->key_mgmt & WPA_KEY_MGMT_IEEE8021X_NO_WPA) {
2532 if (ssid->leap) {
2533 if (ssid->non_leap == 0)
2534 algs = WPA_AUTH_ALG_LEAP;
2535 else
2536 algs |= WPA_AUTH_ALG_LEAP;
2537 }
2538 }
2539
2540 #ifdef CONFIG_FILS
2541 /* Clear FILS association */
2542 wpa_sm_set_reset_fils_completed(wpa_s->wpa, 0);
2543
2544 if ((wpa_s->drv_flags & WPA_DRIVER_FLAGS_FILS_SK_OFFLOAD) &&
2545 ssid->eap.erp && wpa_key_mgmt_fils(wpa_s->key_mgmt) &&
2546 eapol_sm_get_erp_info(wpa_s->eapol, &ssid->eap, &username,
2547 &username_len, &realm, &realm_len,
2548 &next_seq_num, &rrk, &rrk_len) == 0) {
2549 algs = WPA_AUTH_ALG_FILS;
2550 params->fils_erp_username = username;
2551 params->fils_erp_username_len = username_len;
2552 params->fils_erp_realm = realm;
2553 params->fils_erp_realm_len = realm_len;
2554 params->fils_erp_next_seq_num = next_seq_num;
2555 params->fils_erp_rrk = rrk;
2556 params->fils_erp_rrk_len = rrk_len;
2557
2558 if (mask)
2559 *mask |= WPA_DRV_UPDATE_FILS_ERP_INFO;
2560 }
2561 #endif /* CONFIG_FILS */
2562 #endif /* IEEE8021X_EAPOL */
2563 #ifdef CONFIG_SAE
2564 if (wpa_s->key_mgmt & (WPA_KEY_MGMT_SAE | WPA_KEY_MGMT_FT_SAE))
2565 algs = WPA_AUTH_ALG_SAE;
2566 #endif /* CONFIG_SAE */
2567
2568 wpa_dbg(wpa_s, MSG_DEBUG, "Automatic auth_alg selection: 0x%x", algs);
2569 if (ssid->auth_alg) {
2570 algs = ssid->auth_alg;
2571 wpa_dbg(wpa_s, MSG_DEBUG,
2572 "Overriding auth_alg selection: 0x%x", algs);
2573 }
2574
2575 #ifdef CONFIG_P2P
2576 if (wpa_s->global->p2p) {
2577 u8 *pos;
2578 size_t len;
2579 int res;
2580 pos = wpa_ie + wpa_ie_len;
2581 len = max_wpa_ie_len - wpa_ie_len;
2582 res = wpas_p2p_assoc_req_ie(wpa_s, bss, pos, len,
2583 ssid->p2p_group);
2584 if (res >= 0)
2585 wpa_ie_len += res;
2586 }
2587
2588 wpa_s->cross_connect_disallowed = 0;
2589 if (bss) {
2590 struct wpabuf *p2p;
2591 p2p = wpa_bss_get_vendor_ie_multi(bss, P2P_IE_VENDOR_TYPE);
2592 if (p2p) {
2593 wpa_s->cross_connect_disallowed =
2594 p2p_get_cross_connect_disallowed(p2p);
2595 wpabuf_free(p2p);
2596 wpa_dbg(wpa_s, MSG_DEBUG, "P2P: WLAN AP %s cross "
2597 "connection",
2598 wpa_s->cross_connect_disallowed ?
2599 "disallows" : "allows");
2600 }
2601 }
2602
2603 os_memset(wpa_s->p2p_ip_addr_info, 0, sizeof(wpa_s->p2p_ip_addr_info));
2604 #endif /* CONFIG_P2P */
2605
2606 if (bss) {
2607 wpa_ie_len += wpas_supp_op_class_ie(wpa_s, bss->freq,
2608 wpa_ie + wpa_ie_len,
2609 max_wpa_ie_len -
2610 wpa_ie_len);
2611 }
2612
2613 /*
2614 * Workaround: Add Extended Capabilities element only if the AP
2615 * included this element in Beacon/Probe Response frames. Some older
2616 * APs seem to have interoperability issues if this element is
2617 * included, so while the standard may require us to include the
2618 * element in all cases, it is justifiable to skip it to avoid
2619 * interoperability issues.
2620 */
2621 if (ssid->p2p_group)
2622 wpa_drv_get_ext_capa(wpa_s, WPA_IF_P2P_CLIENT);
2623 else
2624 wpa_drv_get_ext_capa(wpa_s, WPA_IF_STATION);
2625
2626 if (!bss || wpa_bss_get_ie(bss, WLAN_EID_EXT_CAPAB)) {
2627 u8 ext_capab[18];
2628 int ext_capab_len;
2629 ext_capab_len = wpas_build_ext_capab(wpa_s, ext_capab,
2630 sizeof(ext_capab));
2631 if (ext_capab_len > 0 &&
2632 wpa_ie_len + ext_capab_len <= max_wpa_ie_len) {
2633 u8 *pos = wpa_ie;
2634 if (wpa_ie_len > 0 && pos[0] == WLAN_EID_RSN)
2635 pos += 2 + pos[1];
2636 os_memmove(pos + ext_capab_len, pos,
2637 wpa_ie_len - (pos - wpa_ie));
2638 wpa_ie_len += ext_capab_len;
2639 os_memcpy(pos, ext_capab, ext_capab_len);
2640 }
2641 }
2642
2643 #ifdef CONFIG_HS20
2644 if (is_hs20_network(wpa_s, ssid, bss)) {
2645 struct wpabuf *hs20;
2646
2647 hs20 = wpabuf_alloc(20 + MAX_ROAMING_CONS_OI_LEN);
2648 if (hs20) {
2649 int pps_mo_id = hs20_get_pps_mo_id(wpa_s, ssid);
2650 size_t len;
2651
2652 wpas_hs20_add_indication(hs20, pps_mo_id);
2653 wpas_hs20_add_roam_cons_sel(hs20, ssid);
2654 len = max_wpa_ie_len - wpa_ie_len;
2655 if (wpabuf_len(hs20) <= len) {
2656 os_memcpy(wpa_ie + wpa_ie_len,
2657 wpabuf_head(hs20), wpabuf_len(hs20));
2658 wpa_ie_len += wpabuf_len(hs20);
2659 }
2660 wpabuf_free(hs20);
2661
2662 hs20_configure_frame_filters(wpa_s);
2663 }
2664 }
2665 #endif /* CONFIG_HS20 */
2666
2667 if (wpa_s->vendor_elem[VENDOR_ELEM_ASSOC_REQ]) {
2668 struct wpabuf *buf = wpa_s->vendor_elem[VENDOR_ELEM_ASSOC_REQ];
2669 size_t len;
2670
2671 len = max_wpa_ie_len - wpa_ie_len;
2672 if (wpabuf_len(buf) <= len) {
2673 os_memcpy(wpa_ie + wpa_ie_len,
2674 wpabuf_head(buf), wpabuf_len(buf));
2675 wpa_ie_len += wpabuf_len(buf);
2676 }
2677 }
2678
2679 #ifdef CONFIG_FST
2680 if (wpa_s->fst_ies) {
2681 int fst_ies_len = wpabuf_len(wpa_s->fst_ies);
2682
2683 if (wpa_ie_len + fst_ies_len <= max_wpa_ie_len) {
2684 os_memcpy(wpa_ie + wpa_ie_len,
2685 wpabuf_head(wpa_s->fst_ies), fst_ies_len);
2686 wpa_ie_len += fst_ies_len;
2687 }
2688 }
2689 #endif /* CONFIG_FST */
2690
2691 #ifdef CONFIG_MBO
2692 if (bss && wpa_bss_get_vendor_ie(bss, MBO_IE_VENDOR_TYPE)) {
2693 int len;
2694
2695 len = wpas_mbo_ie(wpa_s, wpa_ie + wpa_ie_len,
2696 max_wpa_ie_len - wpa_ie_len);
2697 if (len >= 0)
2698 wpa_ie_len += len;
2699 }
2700 #endif /* CONFIG_MBO */
2701
2702 #ifdef CONFIG_FILS
2703 if (algs == WPA_AUTH_ALG_FILS) {
2704 size_t len;
2705
2706 len = wpas_add_fils_hlp_req(wpa_s, wpa_ie + wpa_ie_len,
2707 max_wpa_ie_len - wpa_ie_len);
2708 wpa_ie_len += len;
2709 }
2710 #endif /* CONFIG_FILS */
2711
2712 #ifdef CONFIG_OWE
2713 #ifdef CONFIG_TESTING_OPTIONS
2714 if (get_ie_ext(wpa_ie, wpa_ie_len, WLAN_EID_EXT_OWE_DH_PARAM)) {
2715 wpa_printf(MSG_INFO, "TESTING: Override OWE DH element");
2716 } else
2717 #endif /* CONFIG_TESTING_OPTIONS */
2718 if (algs == WPA_AUTH_ALG_OPEN &&
2719 ssid->key_mgmt == WPA_KEY_MGMT_OWE) {
2720 struct wpabuf *owe_ie;
2721 u16 group;
2722
2723 if (ssid->owe_group) {
2724 group = ssid->owe_group;
2725 } else {
2726 if (wpa_s->last_owe_group == 19)
2727 group = 20;
2728 else if (wpa_s->last_owe_group == 20)
2729 group = 21;
2730 else
2731 group = OWE_DH_GROUP;
2732 }
2733 wpa_s->last_owe_group = group;
2734 wpa_printf(MSG_DEBUG, "OWE: Try to use group %u", group);
2735 owe_ie = owe_build_assoc_req(wpa_s->wpa, group);
2736 if (owe_ie &&
2737 wpabuf_len(owe_ie) <= max_wpa_ie_len - wpa_ie_len) {
2738 os_memcpy(wpa_ie + wpa_ie_len,
2739 wpabuf_head(owe_ie), wpabuf_len(owe_ie));
2740 wpa_ie_len += wpabuf_len(owe_ie);
2741 wpabuf_free(owe_ie);
2742 }
2743 }
2744 #endif /* CONFIG_OWE */
2745
2746 #ifdef CONFIG_IEEE80211R
2747 /*
2748 * Add MDIE under these conditions: the network profile allows FT,
2749 * the AP supports FT, and the mobility domain ID matches.
2750 */
2751 if (wpa_key_mgmt_ft(wpa_sm_get_key_mgmt(wpa_s->wpa))) {
2752 const u8 *mdie = wpa_bss_get_ie(bss, WLAN_EID_MOBILITY_DOMAIN);
2753
2754 if (mdie && mdie[1] >= MOBILITY_DOMAIN_ID_LEN) {
2755 size_t len = 0;
2756 const u8 *md = mdie + 2;
2757 const u8 *wpa_md = wpa_sm_get_ft_md(wpa_s->wpa);
2758
2759 if (os_memcmp(md, wpa_md,
2760 MOBILITY_DOMAIN_ID_LEN) == 0) {
2761 /* Add mobility domain IE */
2762 len = wpa_ft_add_mdie(
2763 wpa_s->wpa, wpa_ie + wpa_ie_len,
2764 max_wpa_ie_len - wpa_ie_len, mdie);
2765 wpa_ie_len += len;
2766 }
2767 #ifdef CONFIG_SME
2768 if (len > 0 && wpa_s->sme.ft_used &&
2769 wpa_sm_has_ptk(wpa_s->wpa)) {
2770 wpa_dbg(wpa_s, MSG_DEBUG,
2771 "SME: Trying to use FT over-the-air");
2772 algs |= WPA_AUTH_ALG_FT;
2773 }
2774 #endif /* CONFIG_SME */
2775 }
2776 }
2777 #endif /* CONFIG_IEEE80211R */
2778
2779 params->wpa_ie = wpa_ie;
2780 params->wpa_ie_len = wpa_ie_len;
2781 params->auth_alg = algs;
2782 if (mask)
2783 *mask |= WPA_DRV_UPDATE_ASSOC_IES | WPA_DRV_UPDATE_AUTH_TYPE;
2784
2785 return wpa_ie;
2786 }
2787
2788
2789 #if defined(CONFIG_FILS) && defined(IEEE8021X_EAPOL)
2790 static void wpas_update_fils_connect_params(struct wpa_supplicant *wpa_s)
2791 {
2792 struct wpa_driver_associate_params params;
2793 enum wpa_drv_update_connect_params_mask mask = 0;
2794 u8 *wpa_ie;
2795
2796 if (wpa_s->auth_alg != WPA_AUTH_ALG_OPEN)
2797 return; /* nothing to do */
2798
2799 os_memset(&params, 0, sizeof(params));
2800 wpa_ie = wpas_populate_assoc_ies(wpa_s, wpa_s->current_bss,
2801 wpa_s->current_ssid, &params, &mask);
2802 if (!wpa_ie)
2803 return;
2804
2805 if (params.auth_alg != WPA_AUTH_ALG_FILS) {
2806 os_free(wpa_ie);
2807 return;
2808 }
2809
2810 wpa_s->auth_alg = params.auth_alg;
2811 wpa_drv_update_connect_params(wpa_s, &params, mask);
2812 os_free(wpa_ie);
2813 }
2814 #endif /* CONFIG_FILS && IEEE8021X_EAPOL */
2815
2816
2817 static void wpas_start_assoc_cb(struct wpa_radio_work *work, int deinit)
2818 {
2819 struct wpa_connect_work *cwork = work->ctx;
2820 struct wpa_bss *bss = cwork->bss;
2821 struct wpa_ssid *ssid = cwork->ssid;
2822 struct wpa_supplicant *wpa_s = work->wpa_s;
2823 u8 *wpa_ie;
2824 int use_crypt, ret, i, bssid_changed;
2825 unsigned int cipher_pairwise, cipher_group, cipher_group_mgmt;
2826 struct wpa_driver_associate_params params;
2827 int wep_keys_set = 0;
2828 int assoc_failed = 0;
2829 struct wpa_ssid *old_ssid;
2830 u8 prev_bssid[ETH_ALEN];
2831 #ifdef CONFIG_HT_OVERRIDES
2832 struct ieee80211_ht_capabilities htcaps;
2833 struct ieee80211_ht_capabilities htcaps_mask;
2834 #endif /* CONFIG_HT_OVERRIDES */
2835 #ifdef CONFIG_VHT_OVERRIDES
2836 struct ieee80211_vht_capabilities vhtcaps;
2837 struct ieee80211_vht_capabilities vhtcaps_mask;
2838 #endif /* CONFIG_VHT_OVERRIDES */
2839
2840 if (deinit) {
2841 if (work->started) {
2842 wpa_s->connect_work = NULL;
2843
2844 /* cancel possible auth. timeout */
2845 eloop_cancel_timeout(wpa_supplicant_timeout, wpa_s,
2846 NULL);
2847 }
2848 wpas_connect_work_free(cwork);
2849 return;
2850 }
2851
2852 wpa_s->connect_work = work;
2853
2854 if (cwork->bss_removed || !wpas_valid_bss_ssid(wpa_s, bss, ssid) ||
2855 wpas_network_disabled(wpa_s, ssid)) {
2856 wpa_dbg(wpa_s, MSG_DEBUG, "BSS/SSID entry for association not valid anymore - drop connection attempt");
2857 wpas_connect_work_done(wpa_s);
2858 return;
2859 }
2860
2861 os_memcpy(prev_bssid, wpa_s->bssid, ETH_ALEN);
2862 os_memset(&params, 0, sizeof(params));
2863 wpa_s->reassociate = 0;
2864 wpa_s->eap_expected_failure = 0;
2865 if (bss &&
2866 (!wpas_driver_bss_selection(wpa_s) || wpas_wps_searching(wpa_s))) {
2867 #ifdef CONFIG_IEEE80211R
2868 const u8 *ie, *md = NULL;
2869 #endif /* CONFIG_IEEE80211R */
2870 wpa_msg(wpa_s, MSG_INFO, "Trying to associate with " MACSTR
2871 " (SSID='%s' freq=%d MHz)", MAC2STR(bss->bssid),
2872 wpa_ssid_txt(bss->ssid, bss->ssid_len), bss->freq);
2873 bssid_changed = !is_zero_ether_addr(wpa_s->bssid);
2874 os_memset(wpa_s->bssid, 0, ETH_ALEN);
2875 os_memcpy(wpa_s->pending_bssid, bss->bssid, ETH_ALEN);
2876 if (bssid_changed)
2877 wpas_notify_bssid_changed(wpa_s);
2878 #ifdef CONFIG_IEEE80211R
2879 ie = wpa_bss_get_ie(bss, WLAN_EID_MOBILITY_DOMAIN);
2880 if (ie && ie[1] >= MOBILITY_DOMAIN_ID_LEN)
2881 md = ie + 2;
2882 wpa_sm_set_ft_params(wpa_s->wpa, ie, ie ? 2 + ie[1] : 0);
2883 if (md) {
2884 /* Prepare for the next transition */
2885 wpa_ft_prepare_auth_request(wpa_s->wpa, ie);
2886 }
2887 #endif /* CONFIG_IEEE80211R */
2888 #ifdef CONFIG_WPS
2889 } else if ((ssid->ssid == NULL || ssid->ssid_len == 0) &&
2890 wpa_s->conf->ap_scan == 2 &&
2891 (ssid->key_mgmt & WPA_KEY_MGMT_WPS)) {
2892 /* Use ap_scan==1 style network selection to find the network
2893 */
2894 wpas_connect_work_done(wpa_s);
2895 wpa_s->scan_req = MANUAL_SCAN_REQ;
2896 wpa_s->reassociate = 1;
2897 wpa_supplicant_req_scan(wpa_s, 0, 0);
2898 return;
2899 #endif /* CONFIG_WPS */
2900 } else {
2901 wpa_msg(wpa_s, MSG_INFO, "Trying to associate with SSID '%s'",
2902 wpa_ssid_txt(ssid->ssid, ssid->ssid_len));
2903 if (bss)
2904 os_memcpy(wpa_s->pending_bssid, bss->bssid, ETH_ALEN);
2905 else
2906 os_memset(wpa_s->pending_bssid, 0, ETH_ALEN);
2907 }
2908 if (!wpa_s->pno)
2909 wpa_supplicant_cancel_sched_scan(wpa_s);
2910
2911 wpa_supplicant_cancel_scan(wpa_s);
2912
2913 /* Starting new association, so clear the possibly used WPA IE from the
2914 * previous association. */
2915 wpa_sm_set_assoc_wpa_ie(wpa_s->wpa, NULL, 0);
2916
2917 wpa_ie = wpas_populate_assoc_ies(wpa_s, bss, ssid, &params, NULL);
2918 if (!wpa_ie) {
2919 wpas_connect_work_done(wpa_s);
2920 return;
2921 }
2922
2923 wpa_clear_keys(wpa_s, bss ? bss->bssid : NULL);
2924 use_crypt = 1;
2925 cipher_pairwise = wpa_s->pairwise_cipher;
2926 cipher_group = wpa_s->group_cipher;
2927 cipher_group_mgmt = wpa_s->mgmt_group_cipher;
2928 if (wpa_s->key_mgmt == WPA_KEY_MGMT_NONE ||
2929 wpa_s->key_mgmt == WPA_KEY_MGMT_IEEE8021X_NO_WPA) {
2930 if (wpa_s->key_mgmt == WPA_KEY_MGMT_NONE)
2931 use_crypt = 0;
2932 if (wpa_set_wep_keys(wpa_s, ssid)) {
2933 use_crypt = 1;
2934 wep_keys_set = 1;
2935 }
2936 }
2937 if (wpa_s->key_mgmt == WPA_KEY_MGMT_WPS)
2938 use_crypt = 0;
2939
2940 #ifdef IEEE8021X_EAPOL
2941 if (wpa_s->key_mgmt == WPA_KEY_MGMT_IEEE8021X_NO_WPA) {
2942 if ((ssid->eapol_flags &
2943 (EAPOL_FLAG_REQUIRE_KEY_UNICAST |
2944 EAPOL_FLAG_REQUIRE_KEY_BROADCAST)) == 0 &&
2945 !wep_keys_set) {
2946 use_crypt = 0;
2947 } else {
2948 /* Assume that dynamic WEP-104 keys will be used and
2949 * set cipher suites in order for drivers to expect
2950 * encryption. */
2951 cipher_pairwise = cipher_group = WPA_CIPHER_WEP104;
2952 }
2953 }
2954 #endif /* IEEE8021X_EAPOL */
2955
2956 if (wpa_s->key_mgmt == WPA_KEY_MGMT_WPA_NONE) {
2957 /* Set the key before (and later after) association */
2958 wpa_supplicant_set_wpa_none_key(wpa_s, ssid);
2959 }
2960
2961 wpa_supplicant_set_state(wpa_s, WPA_ASSOCIATING);
2962 if (bss) {
2963 params.ssid = bss->ssid;
2964 params.ssid_len = bss->ssid_len;
2965 if (!wpas_driver_bss_selection(wpa_s) || ssid->bssid_set ||
2966 wpa_s->key_mgmt == WPA_KEY_MGMT_WPS) {
2967 wpa_printf(MSG_DEBUG, "Limit connection to BSSID "
2968 MACSTR " freq=%u MHz based on scan results "
2969 "(bssid_set=%d wps=%d)",
2970 MAC2STR(bss->bssid), bss->freq,
2971 ssid->bssid_set,
2972 wpa_s->key_mgmt == WPA_KEY_MGMT_WPS);
2973 params.bssid = bss->bssid;
2974 params.freq.freq = bss->freq;
2975 }
2976 params.bssid_hint = bss->bssid;
2977 params.freq_hint = bss->freq;
2978 params.pbss = bss_is_pbss(bss);
2979 } else {
2980 if (ssid->bssid_hint_set)
2981 params.bssid_hint = ssid->bssid_hint;
2982
2983 params.ssid = ssid->ssid;
2984 params.ssid_len = ssid->ssid_len;
2985 params.pbss = (ssid->pbss != 2) ? ssid->pbss : 0;
2986 }
2987
2988 if (ssid->mode == WPAS_MODE_IBSS && ssid->bssid_set &&
2989 wpa_s->conf->ap_scan == 2) {
2990 params.bssid = ssid->bssid;
2991 params.fixed_bssid = 1;
2992 }
2993
2994 /* Initial frequency for IBSS/mesh */
2995 if ((ssid->mode == WPAS_MODE_IBSS || ssid->mode == WPAS_MODE_MESH) &&
2996 ssid->frequency > 0 && params.freq.freq == 0)
2997 ibss_mesh_setup_freq(wpa_s, ssid, &params.freq);
2998
2999 if (ssid->mode == WPAS_MODE_IBSS) {
3000 params.fixed_freq = ssid->fixed_freq;
3001 if (ssid->beacon_int)
3002 params.beacon_int = ssid->beacon_int;
3003 else
3004 params.beacon_int = wpa_s->conf->beacon_int;
3005 }
3006
3007 params.pairwise_suite = cipher_pairwise;
3008 params.group_suite = cipher_group;
3009 params.mgmt_group_suite = cipher_group_mgmt;
3010 params.key_mgmt_suite = wpa_s->key_mgmt;
3011 params.wpa_proto = wpa_s->wpa_proto;
3012 wpa_s->auth_alg = params.auth_alg;
3013 params.mode = ssid->mode;
3014 params.bg_scan_period = ssid->bg_scan_period;
3015 for (i = 0; i < NUM_WEP_KEYS; i++) {
3016 if (ssid->wep_key_len[i])
3017 params.wep_key[i] = ssid->wep_key[i];
3018 params.wep_key_len[i] = ssid->wep_key_len[i];
3019 }
3020 params.wep_tx_keyidx = ssid->wep_tx_keyidx;
3021
3022 if ((wpa_s->drv_flags & WPA_DRIVER_FLAGS_4WAY_HANDSHAKE) &&
3023 (params.key_mgmt_suite == WPA_KEY_MGMT_PSK ||
3024 params.key_mgmt_suite == WPA_KEY_MGMT_FT_PSK)) {
3025 params.passphrase = ssid->passphrase;
3026 if (ssid->psk_set)
3027 params.psk = ssid->psk;
3028 }
3029
3030 if (wpa_s->conf->key_mgmt_offload) {
3031 if (params.key_mgmt_suite == WPA_KEY_MGMT_IEEE8021X ||
3032 params.key_mgmt_suite == WPA_KEY_MGMT_IEEE8021X_SHA256 ||
3033 params.key_mgmt_suite == WPA_KEY_MGMT_IEEE8021X_SUITE_B ||
3034 params.key_mgmt_suite == WPA_KEY_MGMT_IEEE8021X_SUITE_B_192)
3035 params.req_key_mgmt_offload =
3036 ssid->proactive_key_caching < 0 ?
3037 wpa_s->conf->okc : ssid->proactive_key_caching;
3038 else
3039 params.req_key_mgmt_offload = 1;
3040
3041 if ((params.key_mgmt_suite == WPA_KEY_MGMT_PSK ||
3042 params.key_mgmt_suite == WPA_KEY_MGMT_PSK_SHA256 ||
3043 params.key_mgmt_suite == WPA_KEY_MGMT_FT_PSK) &&
3044 ssid->psk_set)
3045 params.psk = ssid->psk;
3046 }
3047
3048 params.drop_unencrypted = use_crypt;
3049
3050 #ifdef CONFIG_IEEE80211W
3051 params.mgmt_frame_protection = wpas_get_ssid_pmf(wpa_s, ssid);
3052 if (params.mgmt_frame_protection != NO_MGMT_FRAME_PROTECTION && bss) {
3053 const u8 *rsn = wpa_bss_get_ie(bss, WLAN_EID_RSN);
3054 struct wpa_ie_data ie;
3055 if (rsn && wpa_parse_wpa_ie(rsn, 2 + rsn[1], &ie) == 0 &&
3056 ie.capabilities &
3057 (WPA_CAPABILITY_MFPC | WPA_CAPABILITY_MFPR)) {
3058 wpa_dbg(wpa_s, MSG_DEBUG, "WPA: Selected AP supports "
3059 "MFP: require MFP");
3060 params.mgmt_frame_protection =
3061 MGMT_FRAME_PROTECTION_REQUIRED;
3062 }
3063 }
3064 #endif /* CONFIG_IEEE80211W */
3065
3066 params.p2p = ssid->p2p_group;
3067
3068 if (wpa_s->p2pdev->set_sta_uapsd)
3069 params.uapsd = wpa_s->p2pdev->sta_uapsd;
3070 else
3071 params.uapsd = -1;
3072
3073 #ifdef CONFIG_HT_OVERRIDES
3074 os_memset(&htcaps, 0, sizeof(htcaps));
3075 os_memset(&htcaps_mask, 0, sizeof(htcaps_mask));
3076 params.htcaps = (u8 *) &htcaps;
3077 params.htcaps_mask = (u8 *) &htcaps_mask;
3078 wpa_supplicant_apply_ht_overrides(wpa_s, ssid, &params);
3079 #endif /* CONFIG_HT_OVERRIDES */
3080 #ifdef CONFIG_VHT_OVERRIDES
3081 os_memset(&vhtcaps, 0, sizeof(vhtcaps));
3082 os_memset(&vhtcaps_mask, 0, sizeof(vhtcaps_mask));
3083 params.vhtcaps = &vhtcaps;
3084 params.vhtcaps_mask = &vhtcaps_mask;
3085 wpa_supplicant_apply_vht_overrides(wpa_s, ssid, &params);
3086 #endif /* CONFIG_VHT_OVERRIDES */
3087
3088 #ifdef CONFIG_P2P
3089 /*
3090 * If multi-channel concurrency is not supported, check for any
3091 * frequency conflict. In case of any frequency conflict, remove the
3092 * least prioritized connection.
3093 */
3094 if (wpa_s->num_multichan_concurrent < 2) {
3095 int freq, num;
3096 num = get_shared_radio_freqs(wpa_s, &freq, 1);
3097 if (num > 0 && freq > 0 && freq != params.freq.freq) {
3098 wpa_printf(MSG_DEBUG,
3099 "Assoc conflicting freq found (%d != %d)",
3100 freq, params.freq.freq);
3101 if (wpas_p2p_handle_frequency_conflicts(
3102 wpa_s, params.freq.freq, ssid) < 0) {
3103 wpas_connect_work_done(wpa_s);
3104 os_free(wpa_ie);
3105 return;
3106 }
3107 }
3108 }
3109 #endif /* CONFIG_P2P */
3110
3111 if (wpa_s->reassoc_same_ess && !is_zero_ether_addr(prev_bssid) &&
3112 wpa_s->current_ssid)
3113 params.prev_bssid = prev_bssid;
3114
3115 ret = wpa_drv_associate(wpa_s, &params);
3116 os_free(wpa_ie);
3117 if (ret < 0) {
3118 wpa_msg(wpa_s, MSG_INFO, "Association request to the driver "
3119 "failed");
3120 if (wpa_s->drv_flags & WPA_DRIVER_FLAGS_SANE_ERROR_CODES) {
3121 /*
3122 * The driver is known to mean what is saying, so we
3123 * can stop right here; the association will not
3124 * succeed.
3125 */
3126 wpas_connection_failed(wpa_s, wpa_s->pending_bssid);
3127 wpa_supplicant_set_state(wpa_s, WPA_DISCONNECTED);
3128 os_memset(wpa_s->pending_bssid, 0, ETH_ALEN);
3129 return;
3130 }
3131 /* try to continue anyway; new association will be tried again
3132 * after timeout */
3133 assoc_failed = 1;
3134 }
3135
3136 if (wpa_s->key_mgmt == WPA_KEY_MGMT_WPA_NONE) {
3137 /* Set the key after the association just in case association
3138 * cleared the previously configured key. */
3139 wpa_supplicant_set_wpa_none_key(wpa_s, ssid);
3140 /* No need to timeout authentication since there is no key
3141 * management. */
3142 wpa_supplicant_cancel_auth_timeout(wpa_s);
3143 wpa_supplicant_set_state(wpa_s, WPA_COMPLETED);
3144 #ifdef CONFIG_IBSS_RSN
3145 } else if (ssid->mode == WPAS_MODE_IBSS &&
3146 wpa_s->key_mgmt != WPA_KEY_MGMT_NONE &&
3147 wpa_s->key_mgmt != WPA_KEY_MGMT_WPA_NONE) {
3148 /*
3149 * RSN IBSS authentication is per-STA and we can disable the
3150 * per-BSSID authentication.
3151 */
3152 wpa_supplicant_cancel_auth_timeout(wpa_s);
3153 #endif /* CONFIG_IBSS_RSN */
3154 } else {
3155 /* Timeout for IEEE 802.11 authentication and association */
3156 int timeout = 60;
3157
3158 if (assoc_failed) {
3159 /* give IBSS a bit more time */
3160 timeout = ssid->mode == WPAS_MODE_IBSS ? 10 : 5;
3161 } else if (wpa_s->conf->ap_scan == 1) {
3162 /* give IBSS a bit more time */
3163 timeout = ssid->mode == WPAS_MODE_IBSS ? 20 : 10;
3164 }
3165 wpa_supplicant_req_auth_timeout(wpa_s, timeout, 0);
3166 }
3167
3168 if (wep_keys_set &&
3169 (wpa_s->drv_flags & WPA_DRIVER_FLAGS_SET_KEYS_AFTER_ASSOC)) {
3170 /* Set static WEP keys again */
3171 wpa_set_wep_keys(wpa_s, ssid);
3172 }
3173
3174 if (wpa_s->current_ssid && wpa_s->current_ssid != ssid) {
3175 /*
3176 * Do not allow EAP session resumption between different
3177 * network configurations.
3178 */
3179 eapol_sm_invalidate_cached_session(wpa_s->eapol);
3180 }
3181 old_ssid = wpa_s->current_ssid;
3182 wpa_s->current_ssid = ssid;
3183
3184 if (!wpas_driver_bss_selection(wpa_s) || ssid->bssid_set) {
3185 wpa_s->current_bss = bss;
3186 #ifdef CONFIG_HS20
3187 hs20_configure_frame_filters(wpa_s);
3188 #endif /* CONFIG_HS20 */
3189 }
3190
3191 wpa_supplicant_rsn_supp_set_config(wpa_s, wpa_s->current_ssid);
3192 wpa_supplicant_initiate_eapol(wpa_s);
3193 if (old_ssid != wpa_s->current_ssid)
3194 wpas_notify_network_changed(wpa_s);
3195 }
3196
3197
3198 static void wpa_supplicant_clear_connection(struct wpa_supplicant *wpa_s,
3199 const u8 *addr)
3200 {
3201 struct wpa_ssid *old_ssid;
3202
3203 wpas_connect_work_done(wpa_s);
3204 wpa_clear_keys(wpa_s, addr);
3205 old_ssid = wpa_s->current_ssid;
3206 wpa_supplicant_mark_disassoc(wpa_s);
3207 wpa_sm_set_config(wpa_s->wpa, NULL);
3208 eapol_sm_notify_config(wpa_s->eapol, NULL, NULL);
3209 if (old_ssid != wpa_s->current_ssid)
3210 wpas_notify_network_changed(wpa_s);
3211 eloop_cancel_timeout(wpa_supplicant_timeout, wpa_s, NULL);
3212 }
3213
3214
3215 /**
3216 * wpa_supplicant_deauthenticate - Deauthenticate the current connection
3217 * @wpa_s: Pointer to wpa_supplicant data
3218 * @reason_code: IEEE 802.11 reason code for the deauthenticate frame
3219 *
3220 * This function is used to request %wpa_supplicant to deauthenticate from the
3221 * current AP.
3222 */
3223 void wpa_supplicant_deauthenticate(struct wpa_supplicant *wpa_s,
3224 int reason_code)
3225 {
3226 u8 *addr = NULL;
3227 union wpa_event_data event;
3228 int zero_addr = 0;
3229
3230 wpa_dbg(wpa_s, MSG_DEBUG, "Request to deauthenticate - bssid=" MACSTR
3231 " pending_bssid=" MACSTR " reason=%d state=%s",
3232 MAC2STR(wpa_s->bssid), MAC2STR(wpa_s->pending_bssid),
3233 reason_code, wpa_supplicant_state_txt(wpa_s->wpa_state));
3234
3235 if (!is_zero_ether_addr(wpa_s->pending_bssid) &&
3236 (wpa_s->wpa_state == WPA_AUTHENTICATING ||
3237 wpa_s->wpa_state == WPA_ASSOCIATING))
3238 addr = wpa_s->pending_bssid;
3239 else if (!is_zero_ether_addr(wpa_s->bssid))
3240 addr = wpa_s->bssid;
3241 else if (wpa_s->wpa_state == WPA_ASSOCIATING) {
3242 /*
3243 * When using driver-based BSS selection, we may not know the
3244 * BSSID with which we are currently trying to associate. We
3245 * need to notify the driver of this disconnection even in such
3246 * a case, so use the all zeros address here.
3247 */
3248 addr = wpa_s->bssid;
3249 zero_addr = 1;
3250 }
3251
3252 #ifdef CONFIG_TDLS
3253 wpa_tdls_teardown_peers(wpa_s->wpa);
3254 #endif /* CONFIG_TDLS */
3255
3256 #ifdef CONFIG_MESH
3257 if (wpa_s->ifmsh) {
3258 struct mesh_conf *mconf;
3259
3260 mconf = wpa_s->ifmsh->mconf;
3261 wpa_msg(wpa_s, MSG_INFO, MESH_GROUP_REMOVED "%s",
3262 wpa_s->ifname);
3263 wpas_notify_mesh_group_removed(wpa_s, mconf->meshid,
3264 mconf->meshid_len, reason_code);
3265 wpa_supplicant_leave_mesh(wpa_s);
3266 }
3267 #endif /* CONFIG_MESH */
3268
3269 if (addr) {
3270 wpa_drv_deauthenticate(wpa_s, addr, reason_code);
3271 os_memset(&event, 0, sizeof(event));
3272 event.deauth_info.reason_code = (u16) reason_code;
3273 event.deauth_info.locally_generated = 1;
3274 wpa_supplicant_event(wpa_s, EVENT_DEAUTH, &event);
3275 if (zero_addr)
3276 addr = NULL;
3277 }
3278
3279 wpa_supplicant_clear_connection(wpa_s, addr);
3280 }
3281
3282 static void wpa_supplicant_enable_one_network(struct wpa_supplicant *wpa_s,
3283 struct wpa_ssid *ssid)
3284 {
3285 if (!ssid || !ssid->disabled || ssid->disabled == 2)
3286 return;
3287
3288 ssid->disabled = 0;
3289 wpas_clear_temp_disabled(wpa_s, ssid, 1);
3290 wpas_notify_network_enabled_changed(wpa_s, ssid);
3291
3292 /*
3293 * Try to reassociate since there is no current configuration and a new
3294 * network was made available.
3295 */
3296 if (!wpa_s->current_ssid && !wpa_s->disconnected)
3297 wpa_s->reassociate = 1;
3298 }
3299
3300
3301 /**
3302 * wpa_supplicant_add_network - Add a new network
3303 * @wpa_s: wpa_supplicant structure for a network interface
3304 * Returns: The new network configuration or %NULL if operation failed
3305 *
3306 * This function performs the following operations:
3307 * 1. Adds a new network.
3308 * 2. Send network addition notification.
3309 * 3. Marks the network disabled.
3310 * 4. Set network default parameters.
3311 */
3312 struct wpa_ssid * wpa_supplicant_add_network(struct wpa_supplicant *wpa_s)
3313 {
3314 struct wpa_ssid *ssid;
3315
3316 ssid = wpa_config_add_network(wpa_s->conf);
3317 if (!ssid)
3318 return NULL;
3319 wpas_notify_network_added(wpa_s, ssid);
3320 ssid->disabled = 1;
3321 wpa_config_set_network_defaults(ssid);
3322
3323 return ssid;
3324 }
3325
3326
3327 /**
3328 * wpa_supplicant_remove_network - Remove a configured network based on id
3329 * @wpa_s: wpa_supplicant structure for a network interface
3330 * @id: Unique network id to search for
3331 * Returns: 0 on success, or -1 if the network was not found, -2 if the network
3332 * could not be removed
3333 *
3334 * This function performs the following operations:
3335 * 1. Removes the network.
3336 * 2. Send network removal notification.
3337 * 3. Update internal state machines.
3338 * 4. Stop any running sched scans.
3339 */
3340 int wpa_supplicant_remove_network(struct wpa_supplicant *wpa_s, int id)
3341 {
3342 struct wpa_ssid *ssid;
3343 int was_disabled;
3344
3345 ssid = wpa_config_get_network(wpa_s->conf, id);
3346 if (!ssid)
3347 return -1;
3348 wpas_notify_network_removed(wpa_s, ssid);
3349
3350 if (wpa_s->last_ssid == ssid)
3351 wpa_s->last_ssid = NULL;
3352
3353 if (ssid == wpa_s->current_ssid || !wpa_s->current_ssid) {
3354 #ifdef CONFIG_SME
3355 wpa_s->sme.prev_bssid_set = 0;
3356 #endif /* CONFIG_SME */
3357 /*
3358 * Invalidate the EAP session cache if the current or
3359 * previously used network is removed.
3360 */
3361 eapol_sm_invalidate_cached_session(wpa_s->eapol);
3362 }
3363
3364 if (ssid == wpa_s->current_ssid) {
3365 wpa_sm_set_config(wpa_s->wpa, NULL);
3366 eapol_sm_notify_config(wpa_s->eapol, NULL, NULL);
3367
3368 if (wpa_s->wpa_state >= WPA_AUTHENTICATING)
3369 wpa_s->own_disconnect_req = 1;
3370 wpa_supplicant_deauthenticate(wpa_s,
3371 WLAN_REASON_DEAUTH_LEAVING);
3372 }
3373
3374 was_disabled = ssid->disabled;
3375
3376 if (wpa_config_remove_network(wpa_s->conf, id) < 0)
3377 return -2;
3378
3379 if (!was_disabled && wpa_s->sched_scanning) {
3380 wpa_printf(MSG_DEBUG,
3381 "Stop ongoing sched_scan to remove network from filters");
3382 wpa_supplicant_cancel_sched_scan(wpa_s);
3383 wpa_supplicant_req_scan(wpa_s, 0, 0);
3384 }
3385
3386 return 0;
3387 }
3388
3389
3390 /**
3391 * wpa_supplicant_enable_network - Mark a configured network as enabled
3392 * @wpa_s: wpa_supplicant structure for a network interface
3393 * @ssid: wpa_ssid structure for a configured network or %NULL
3394 *
3395 * Enables the specified network or all networks if no network specified.
3396 */
3397 void wpa_supplicant_enable_network(struct wpa_supplicant *wpa_s,
3398 struct wpa_ssid *ssid)
3399 {
3400 if (ssid == NULL) {
3401 for (ssid = wpa_s->conf->ssid; ssid; ssid = ssid->next)
3402 wpa_supplicant_enable_one_network(wpa_s, ssid);
3403 } else
3404 wpa_supplicant_enable_one_network(wpa_s, ssid);
3405
3406 if (wpa_s->reassociate && !wpa_s->disconnected &&
3407 (!wpa_s->current_ssid ||
3408 wpa_s->wpa_state == WPA_DISCONNECTED ||
3409 wpa_s->wpa_state == WPA_SCANNING)) {
3410 if (wpa_s->sched_scanning) {
3411 wpa_printf(MSG_DEBUG, "Stop ongoing sched_scan to add "
3412 "new network to scan filters");
3413 wpa_supplicant_cancel_sched_scan(wpa_s);
3414 }
3415
3416 if (wpa_supplicant_fast_associate(wpa_s) != 1) {
3417 wpa_s->scan_req = NORMAL_SCAN_REQ;
3418 wpa_supplicant_req_scan(wpa_s, 0, 0);
3419 }
3420 }
3421 }
3422
3423
3424 /**
3425 * wpa_supplicant_disable_network - Mark a configured network as disabled
3426 * @wpa_s: wpa_supplicant structure for a network interface
3427 * @ssid: wpa_ssid structure for a configured network or %NULL
3428 *
3429 * Disables the specified network or all networks if no network specified.
3430 */
3431 void wpa_supplicant_disable_network(struct wpa_supplicant *wpa_s,
3432 struct wpa_ssid *ssid)
3433 {
3434 struct wpa_ssid *other_ssid;
3435 int was_disabled;
3436
3437 if (ssid == NULL) {
3438 if (wpa_s->sched_scanning)
3439 wpa_supplicant_cancel_sched_scan(wpa_s);
3440
3441 for (other_ssid = wpa_s->conf->ssid; other_ssid;
3442 other_ssid = other_ssid->next) {
3443 was_disabled = other_ssid->disabled;
3444 if (was_disabled == 2)
3445 continue; /* do not change persistent P2P group
3446 * data */
3447
3448 other_ssid->disabled = 1;
3449
3450 if (was_disabled != other_ssid->disabled)
3451 wpas_notify_network_enabled_changed(
3452 wpa_s, other_ssid);
3453 }
3454 if (wpa_s->current_ssid) {
3455 if (wpa_s->wpa_state >= WPA_AUTHENTICATING)
3456 wpa_s->own_disconnect_req = 1;
3457 wpa_supplicant_deauthenticate(
3458 wpa_s, WLAN_REASON_DEAUTH_LEAVING);
3459 }
3460 } else if (ssid->disabled != 2) {
3461 if (ssid == wpa_s->current_ssid) {
3462 if (wpa_s->wpa_state >= WPA_AUTHENTICATING)
3463 wpa_s->own_disconnect_req = 1;
3464 wpa_supplicant_deauthenticate(
3465 wpa_s, WLAN_REASON_DEAUTH_LEAVING);
3466 }
3467
3468 was_disabled = ssid->disabled;
3469
3470 ssid->disabled = 1;
3471
3472 if (was_disabled != ssid->disabled) {
3473 wpas_notify_network_enabled_changed(wpa_s, ssid);
3474 if (wpa_s->sched_scanning) {
3475 wpa_printf(MSG_DEBUG, "Stop ongoing sched_scan "
3476 "to remove network from filters");
3477 wpa_supplicant_cancel_sched_scan(wpa_s);
3478 wpa_supplicant_req_scan(wpa_s, 0, 0);
3479 }
3480 }
3481 }
3482 }
3483
3484
3485 /**
3486 * wpa_supplicant_select_network - Attempt association with a network
3487 * @wpa_s: wpa_supplicant structure for a network interface
3488 * @ssid: wpa_ssid structure for a configured network or %NULL for any network
3489 */
3490 void wpa_supplicant_select_network(struct wpa_supplicant *wpa_s,
3491 struct wpa_ssid *ssid)
3492 {
3493
3494 struct wpa_ssid *other_ssid;
3495 int disconnected = 0;
3496
3497 if (ssid && ssid != wpa_s->current_ssid && wpa_s->current_ssid) {
3498 if (wpa_s->wpa_state >= WPA_AUTHENTICATING)
3499 wpa_s->own_disconnect_req = 1;
3500 wpa_supplicant_deauthenticate(
3501 wpa_s, WLAN_REASON_DEAUTH_LEAVING);
3502 disconnected = 1;
3503 }
3504
3505 if (ssid)
3506 wpas_clear_temp_disabled(wpa_s, ssid, 1);
3507
3508 /*
3509 * Mark all other networks disabled or mark all networks enabled if no
3510 * network specified.
3511 */
3512 for (other_ssid = wpa_s->conf->ssid; other_ssid;
3513 other_ssid = other_ssid->next) {
3514 int was_disabled = other_ssid->disabled;
3515 if (was_disabled == 2)
3516 continue; /* do not change persistent P2P group data */
3517
3518 other_ssid->disabled = ssid ? (ssid->id != other_ssid->id) : 0;
3519 if (was_disabled && !other_ssid->disabled)
3520 wpas_clear_temp_disabled(wpa_s, other_ssid, 0);
3521
3522 if (was_disabled != other_ssid->disabled)
3523 wpas_notify_network_enabled_changed(wpa_s, other_ssid);
3524 }
3525
3526 if (ssid && ssid == wpa_s->current_ssid && wpa_s->current_ssid &&
3527 wpa_s->wpa_state >= WPA_AUTHENTICATING) {
3528 /* We are already associated with the selected network */
3529 wpa_printf(MSG_DEBUG, "Already associated with the "
3530 "selected network - do nothing");
3531 return;
3532 }
3533
3534 if (ssid) {
3535 wpa_s->current_ssid = ssid;
3536 eapol_sm_notify_config(wpa_s->eapol, NULL, NULL);
3537 wpa_s->connect_without_scan =
3538 (ssid->mode == WPAS_MODE_MESH) ? ssid : NULL;
3539
3540 /*
3541 * Don't optimize next scan freqs since a new ESS has been
3542 * selected.
3543 */
3544 os_free(wpa_s->next_scan_freqs);
3545 wpa_s->next_scan_freqs = NULL;
3546 } else {
3547 wpa_s->connect_without_scan = NULL;
3548 }
3549
3550 wpa_s->disconnected = 0;
3551 wpa_s->reassociate = 1;
3552 wpa_s->last_owe_group = 0;
3553
3554 if (wpa_s->connect_without_scan ||
3555 wpa_supplicant_fast_associate(wpa_s) != 1) {
3556 wpa_s->scan_req = NORMAL_SCAN_REQ;
3557 wpas_scan_reset_sched_scan(wpa_s);
3558 wpa_supplicant_req_scan(wpa_s, 0, disconnected ? 100000 : 0);
3559 }
3560
3561 if (ssid)
3562 wpas_notify_network_selected(wpa_s, ssid);
3563 }
3564
3565
3566 /**
3567 * wpas_set_pkcs11_engine_and_module_path - Set PKCS #11 engine and module path
3568 * @wpa_s: wpa_supplicant structure for a network interface
3569 * @pkcs11_engine_path: PKCS #11 engine path or NULL
3570 * @pkcs11_module_path: PKCS #11 module path or NULL
3571 * Returns: 0 on success; -1 on failure
3572 *
3573 * Sets the PKCS #11 engine and module path. Both have to be NULL or a valid
3574 * path. If resetting the EAPOL state machine with the new PKCS #11 engine and
3575 * module path fails the paths will be reset to the default value (NULL).
3576 */
3577 int wpas_set_pkcs11_engine_and_module_path(struct wpa_supplicant *wpa_s,
3578 const char *pkcs11_engine_path,
3579 const char *pkcs11_module_path)
3580 {
3581 char *pkcs11_engine_path_copy = NULL;
3582 char *pkcs11_module_path_copy = NULL;
3583
3584 if (pkcs11_engine_path != NULL) {
3585 pkcs11_engine_path_copy = os_strdup(pkcs11_engine_path);
3586 if (pkcs11_engine_path_copy == NULL)
3587 return -1;
3588 }
3589 if (pkcs11_module_path != NULL) {
3590 pkcs11_module_path_copy = os_strdup(pkcs11_module_path);
3591 if (pkcs11_module_path_copy == NULL) {
3592 os_free(pkcs11_engine_path_copy);
3593 return -1;
3594 }
3595 }
3596
3597 os_free(wpa_s->conf->pkcs11_engine_path);
3598 os_free(wpa_s->conf->pkcs11_module_path);
3599 wpa_s->conf->pkcs11_engine_path = pkcs11_engine_path_copy;
3600 wpa_s->conf->pkcs11_module_path = pkcs11_module_path_copy;
3601
3602 wpa_sm_set_eapol(wpa_s->wpa, NULL);
3603 eapol_sm_deinit(wpa_s->eapol);
3604 wpa_s->eapol = NULL;
3605 if (wpa_supplicant_init_eapol(wpa_s)) {
3606 /* Error -> Reset paths to the default value (NULL) once. */
3607 if (pkcs11_engine_path != NULL && pkcs11_module_path != NULL)
3608 wpas_set_pkcs11_engine_and_module_path(wpa_s, NULL,
3609 NULL);
3610
3611 return -1;
3612 }
3613 wpa_sm_set_eapol(wpa_s->wpa, wpa_s->eapol);
3614
3615 return 0;
3616 }
3617
3618
3619 /**
3620 * wpa_supplicant_set_ap_scan - Set AP scan mode for interface
3621 * @wpa_s: wpa_supplicant structure for a network interface
3622 * @ap_scan: AP scan mode
3623 * Returns: 0 if succeed or -1 if ap_scan has an invalid value
3624 *
3625 */
3626 int wpa_supplicant_set_ap_scan(struct wpa_supplicant *wpa_s, int ap_scan)
3627 {
3628
3629 int old_ap_scan;
3630
3631 if (ap_scan < 0 || ap_scan > 2)
3632 return -1;
3633
3634 if (ap_scan == 2 && os_strcmp(wpa_s->driver->name, "nl80211") == 0) {
3635 wpa_printf(MSG_INFO,
3636 "Note: nl80211 driver interface is not designed to be used with ap_scan=2; this can result in connection failures");
3637 }
3638
3639 #ifdef ANDROID
3640 if (ap_scan == 2 && ap_scan != wpa_s->conf->ap_scan &&
3641 wpa_s->wpa_state >= WPA_ASSOCIATING &&
3642 wpa_s->wpa_state < WPA_COMPLETED) {
3643 wpa_printf(MSG_ERROR, "ap_scan = %d (%d) rejected while "
3644 "associating", wpa_s->conf->ap_scan, ap_scan);
3645 return 0;
3646 }
3647 #endif /* ANDROID */
3648
3649 old_ap_scan = wpa_s->conf->ap_scan;
3650 wpa_s->conf->ap_scan = ap_scan;
3651
3652 if (old_ap_scan != wpa_s->conf->ap_scan)
3653 wpas_notify_ap_scan_changed(wpa_s);
3654
3655 return 0;
3656 }
3657
3658
3659 /**
3660 * wpa_supplicant_set_bss_expiration_age - Set BSS entry expiration age
3661 * @wpa_s: wpa_supplicant structure for a network interface
3662 * @expire_age: Expiration age in seconds
3663 * Returns: 0 if succeed or -1 if expire_age has an invalid value
3664 *
3665 */
3666 int wpa_supplicant_set_bss_expiration_age(struct wpa_supplicant *wpa_s,
3667 unsigned int bss_expire_age)
3668 {
3669 if (bss_expire_age < 10) {
3670 wpa_msg(wpa_s, MSG_ERROR, "Invalid bss expiration age %u",
3671 bss_expire_age);
3672 return -1;
3673 }
3674 wpa_msg(wpa_s, MSG_DEBUG, "Setting bss expiration age: %d sec",
3675 bss_expire_age);
3676 wpa_s->conf->bss_expiration_age = bss_expire_age;
3677
3678 return 0;
3679 }
3680
3681
3682 /**
3683 * wpa_supplicant_set_bss_expiration_count - Set BSS entry expiration scan count
3684 * @wpa_s: wpa_supplicant structure for a network interface
3685 * @expire_count: number of scans after which an unseen BSS is reclaimed
3686 * Returns: 0 if succeed or -1 if expire_count has an invalid value
3687 *
3688 */
3689 int wpa_supplicant_set_bss_expiration_count(struct wpa_supplicant *wpa_s,
3690 unsigned int bss_expire_count)
3691 {
3692 if (bss_expire_count < 1) {
3693 wpa_msg(wpa_s, MSG_ERROR, "Invalid bss expiration count %u",
3694 bss_expire_count);
3695 return -1;
3696 }
3697 wpa_msg(wpa_s, MSG_DEBUG, "Setting bss expiration scan count: %u",
3698 bss_expire_count);
3699 wpa_s->conf->bss_expiration_scan_count = bss_expire_count;
3700
3701 return 0;
3702 }
3703
3704
3705 /**
3706 * wpa_supplicant_set_scan_interval - Set scan interval
3707 * @wpa_s: wpa_supplicant structure for a network interface
3708 * @scan_interval: scan interval in seconds
3709 * Returns: 0 if succeed or -1 if scan_interval has an invalid value
3710 *
3711 */
3712 int wpa_supplicant_set_scan_interval(struct wpa_supplicant *wpa_s,
3713 int scan_interval)
3714 {
3715 if (scan_interval < 0) {
3716 wpa_msg(wpa_s, MSG_ERROR, "Invalid scan interval %d",
3717 scan_interval);
3718 return -1;
3719 }
3720 wpa_msg(wpa_s, MSG_DEBUG, "Setting scan interval: %d sec",
3721 scan_interval);
3722 wpa_supplicant_update_scan_int(wpa_s, scan_interval);
3723
3724 return 0;
3725 }
3726
3727
3728 /**
3729 * wpa_supplicant_set_debug_params - Set global debug params
3730 * @global: wpa_global structure
3731 * @debug_level: debug level
3732 * @debug_timestamp: determines if show timestamp in debug data
3733 * @debug_show_keys: determines if show keys in debug data
3734 * Returns: 0 if succeed or -1 if debug_level has wrong value
3735 */
3736 int wpa_supplicant_set_debug_params(struct wpa_global *global, int debug_level,
3737 int debug_timestamp, int debug_show_keys)
3738 {
3739
3740 int old_level, old_timestamp, old_show_keys;
3741
3742 /* check for allowed debuglevels */
3743 if (debug_level != MSG_EXCESSIVE &&
3744 debug_level != MSG_MSGDUMP &&
3745 debug_level != MSG_DEBUG &&
3746 debug_level != MSG_INFO &&
3747 debug_level != MSG_WARNING &&
3748 debug_level != MSG_ERROR)
3749 return -1;
3750
3751 old_level = wpa_debug_level;
3752 old_timestamp = wpa_debug_timestamp;
3753 old_show_keys = wpa_debug_show_keys;
3754
3755 wpa_debug_level = debug_level;
3756 wpa_debug_timestamp = debug_timestamp ? 1 : 0;
3757 wpa_debug_show_keys = debug_show_keys ? 1 : 0;
3758
3759 if (wpa_debug_level != old_level)
3760 wpas_notify_debug_level_changed(global);
3761 if (wpa_debug_timestamp != old_timestamp)
3762 wpas_notify_debug_timestamp_changed(global);
3763 if (wpa_debug_show_keys != old_show_keys)
3764 wpas_notify_debug_show_keys_changed(global);
3765
3766 return 0;
3767 }
3768
3769
3770 #ifdef CONFIG_OWE
3771 static int owe_trans_ssid_match(struct wpa_supplicant *wpa_s, const u8 *bssid,
3772 const u8 *entry_ssid, size_t entry_ssid_len)
3773 {
3774 const u8 *owe, *pos, *end;
3775 u8 ssid_len;
3776 struct wpa_bss *bss;
3777
3778 /* Check network profile SSID aganst the SSID in the
3779 * OWE Transition Mode element. */
3780
3781 bss = wpa_bss_get_bssid_latest(wpa_s, bssid);
3782 if (!bss)
3783 return 0;
3784
3785 owe = wpa_bss_get_vendor_ie(bss, OWE_IE_VENDOR_TYPE);
3786 if (!owe)
3787 return 0;
3788
3789 pos = owe + 6;
3790 end = owe + 2 + owe[1];
3791
3792 if (end - pos < ETH_ALEN + 1)
3793 return 0;
3794 pos += ETH_ALEN;
3795 ssid_len = *pos++;
3796 if (end - pos < ssid_len || ssid_len > SSID_MAX_LEN)
3797 return 0;
3798
3799 return entry_ssid_len == ssid_len &&
3800 os_memcmp(pos, entry_ssid, ssid_len) == 0;
3801 }
3802 #endif /* CONFIG_OWE */
3803
3804
3805 /**
3806 * wpa_supplicant_get_ssid - Get a pointer to the current network structure
3807 * @wpa_s: Pointer to wpa_supplicant data
3808 * Returns: A pointer to the current network structure or %NULL on failure
3809 */
3810 struct wpa_ssid * wpa_supplicant_get_ssid(struct wpa_supplicant *wpa_s)
3811 {
3812 struct wpa_ssid *entry;
3813 u8 ssid[SSID_MAX_LEN];
3814 int res;
3815 size_t ssid_len;
3816 u8 bssid[ETH_ALEN];
3817 int wired;
3818
3819 res = wpa_drv_get_ssid(wpa_s, ssid);
3820 if (res < 0) {
3821 wpa_msg(wpa_s, MSG_WARNING, "Could not read SSID from "
3822 "driver");
3823 return NULL;
3824 }
3825 ssid_len = res;
3826
3827 if (wpa_drv_get_bssid(wpa_s, bssid) < 0) {
3828 wpa_msg(wpa_s, MSG_WARNING, "Could not read BSSID from "
3829 "driver");
3830 return NULL;
3831 }
3832
3833 wired = wpa_s->conf->ap_scan == 0 &&
3834 (wpa_s->drv_flags & WPA_DRIVER_FLAGS_WIRED);
3835
3836 entry = wpa_s->conf->ssid;
3837 while (entry) {
3838 if (!wpas_network_disabled(wpa_s, entry) &&
3839 ((ssid_len == entry->ssid_len &&
3840 os_memcmp(ssid, entry->ssid, ssid_len) == 0) || wired) &&
3841 (!entry->bssid_set ||
3842 os_memcmp(bssid, entry->bssid, ETH_ALEN) == 0))
3843 return entry;
3844 #ifdef CONFIG_WPS
3845 if (!wpas_network_disabled(wpa_s, entry) &&
3846 (entry->key_mgmt & WPA_KEY_MGMT_WPS) &&
3847 (entry->ssid == NULL || entry->ssid_len == 0) &&
3848 (!entry->bssid_set ||
3849 os_memcmp(bssid, entry->bssid, ETH_ALEN) == 0))
3850 return entry;
3851 #endif /* CONFIG_WPS */
3852
3853 #ifdef CONFIG_OWE
3854 if (!wpas_network_disabled(wpa_s, entry) &&
3855 owe_trans_ssid_match(wpa_s, bssid, entry->ssid,
3856 entry->ssid_len) &&
3857 (!entry->bssid_set ||
3858 os_memcmp(bssid, entry->bssid, ETH_ALEN) == 0))
3859 return entry;
3860 #endif /* CONFIG_OWE */
3861
3862 if (!wpas_network_disabled(wpa_s, entry) && entry->bssid_set &&
3863 entry->ssid_len == 0 &&
3864 os_memcmp(bssid, entry->bssid, ETH_ALEN) == 0)
3865 return entry;
3866
3867 entry = entry->next;
3868 }
3869
3870 return NULL;
3871 }
3872
3873
3874 static int select_driver(struct wpa_supplicant *wpa_s, int i)
3875 {
3876 struct wpa_global *global = wpa_s->global;
3877
3878 if (wpa_drivers[i]->global_init && global->drv_priv[i] == NULL) {
3879 global->drv_priv[i] = wpa_drivers[i]->global_init(global);
3880 if (global->drv_priv[i] == NULL) {
3881 wpa_printf(MSG_ERROR, "Failed to initialize driver "
3882 "'%s'", wpa_drivers[i]->name);
3883 return -1;
3884 }
3885 }
3886
3887 wpa_s->driver = wpa_drivers[i];
3888 wpa_s->global_drv_priv = global->drv_priv[i];
3889
3890 return 0;
3891 }
3892
3893
3894 static int wpa_supplicant_set_driver(struct wpa_supplicant *wpa_s,
3895 const char *name)
3896 {
3897 int i;
3898 size_t len;
3899 const char *pos, *driver = name;
3900
3901 if (wpa_s == NULL)
3902 return -1;
3903
3904 if (wpa_drivers[0] == NULL) {
3905 wpa_msg(wpa_s, MSG_ERROR, "No driver interfaces build into "
3906 "wpa_supplicant");
3907 return -1;
3908 }
3909
3910 if (name == NULL) {
3911 /* default to first driver in the list */
3912 return select_driver(wpa_s, 0);
3913 }
3914
3915 do {
3916 pos = os_strchr(driver, ',');
3917 if (pos)
3918 len = pos - driver;
3919 else
3920 len = os_strlen(driver);
3921
3922 for (i = 0; wpa_drivers[i]; i++) {
3923 if (os_strlen(wpa_drivers[i]->name) == len &&
3924 os_strncmp(driver, wpa_drivers[i]->name, len) ==
3925 0) {
3926 /* First driver that succeeds wins */
3927 if (select_driver(wpa_s, i) == 0)
3928 return 0;
3929 }
3930 }
3931
3932 driver = pos + 1;
3933 } while (pos);
3934
3935 wpa_msg(wpa_s, MSG_ERROR, "Unsupported driver '%s'", name);
3936 return -1;
3937 }
3938
3939
3940 /**
3941 * wpa_supplicant_rx_eapol - Deliver a received EAPOL frame to wpa_supplicant
3942 * @ctx: Context pointer (wpa_s); this is the ctx variable registered
3943 * with struct wpa_driver_ops::init()
3944 * @src_addr: Source address of the EAPOL frame
3945 * @buf: EAPOL data starting from the EAPOL header (i.e., no Ethernet header)
3946 * @len: Length of the EAPOL data
3947 *
3948 * This function is called for each received EAPOL frame. Most driver
3949 * interfaces rely on more generic OS mechanism for receiving frames through
3950 * l2_packet, but if such a mechanism is not available, the driver wrapper may
3951 * take care of received EAPOL frames and deliver them to the core supplicant
3952 * code by calling this function.
3953 */
3954 void wpa_supplicant_rx_eapol(void *ctx, const u8 *src_addr,
3955 const u8 *buf, size_t len)
3956 {
3957 struct wpa_supplicant *wpa_s = ctx;
3958
3959 wpa_dbg(wpa_s, MSG_DEBUG, "RX EAPOL from " MACSTR, MAC2STR(src_addr));
3960 wpa_hexdump(MSG_MSGDUMP, "RX EAPOL", buf, len);
3961
3962 #ifdef CONFIG_TESTING_OPTIONS
3963 if (wpa_s->ignore_auth_resp) {
3964 wpa_printf(MSG_INFO, "RX EAPOL - ignore_auth_resp active!");
3965 return;
3966 }
3967 #endif /* CONFIG_TESTING_OPTIONS */
3968
3969 if (wpa_s->wpa_state < WPA_ASSOCIATED ||
3970 (wpa_s->last_eapol_matches_bssid &&
3971 #ifdef CONFIG_AP
3972 !wpa_s->ap_iface &&
3973 #endif /* CONFIG_AP */
3974 os_memcmp(src_addr, wpa_s->bssid, ETH_ALEN) != 0)) {
3975 /*
3976 * There is possible race condition between receiving the
3977 * association event and the EAPOL frame since they are coming
3978 * through different paths from the driver. In order to avoid
3979 * issues in trying to process the EAPOL frame before receiving
3980 * association information, lets queue it for processing until
3981 * the association event is received. This may also be needed in
3982 * driver-based roaming case, so also use src_addr != BSSID as a
3983 * trigger if we have previously confirmed that the
3984 * Authenticator uses BSSID as the src_addr (which is not the
3985 * case with wired IEEE 802.1X).
3986 */
3987 wpa_dbg(wpa_s, MSG_DEBUG, "Not associated - Delay processing "
3988 "of received EAPOL frame (state=%s bssid=" MACSTR ")",
3989 wpa_supplicant_state_txt(wpa_s->wpa_state),
3990 MAC2STR(wpa_s->bssid));
3991 wpabuf_free(wpa_s->pending_eapol_rx);
3992 wpa_s->pending_eapol_rx = wpabuf_alloc_copy(buf, len);
3993 if (wpa_s->pending_eapol_rx) {
3994 os_get_reltime(&wpa_s->pending_eapol_rx_time);
3995 os_memcpy(wpa_s->pending_eapol_rx_src, src_addr,
3996 ETH_ALEN);
3997 }
3998 return;
3999 }
4000
4001 wpa_s->last_eapol_matches_bssid =
4002 os_memcmp(src_addr, wpa_s->bssid, ETH_ALEN) == 0;
4003
4004 #ifdef CONFIG_AP
4005 if (wpa_s->ap_iface) {
4006 wpa_supplicant_ap_rx_eapol(wpa_s, src_addr, buf, len);
4007 return;
4008 }
4009 #endif /* CONFIG_AP */
4010
4011 if (wpa_s->key_mgmt == WPA_KEY_MGMT_NONE) {
4012 wpa_dbg(wpa_s, MSG_DEBUG, "Ignored received EAPOL frame since "
4013 "no key management is configured");
4014 return;
4015 }
4016
4017 if (wpa_s->eapol_received == 0 &&
4018 (!(wpa_s->drv_flags & WPA_DRIVER_FLAGS_4WAY_HANDSHAKE) ||
4019 !wpa_key_mgmt_wpa_psk(wpa_s->key_mgmt) ||
4020 wpa_s->wpa_state != WPA_COMPLETED) &&
4021 (wpa_s->current_ssid == NULL ||
4022 wpa_s->current_ssid->mode != IEEE80211_MODE_IBSS)) {
4023 /* Timeout for completing IEEE 802.1X and WPA authentication */
4024 int timeout = 10;
4025
4026 if (wpa_key_mgmt_wpa_ieee8021x(wpa_s->key_mgmt) ||
4027 wpa_s->key_mgmt == WPA_KEY_MGMT_IEEE8021X_NO_WPA ||
4028 wpa_s->key_mgmt == WPA_KEY_MGMT_WPS) {
4029 /* Use longer timeout for IEEE 802.1X/EAP */
4030 timeout = 70;
4031 }
4032
4033 #ifdef CONFIG_WPS
4034 if (wpa_s->current_ssid && wpa_s->current_bss &&
4035 (wpa_s->current_ssid->key_mgmt & WPA_KEY_MGMT_WPS) &&
4036 eap_is_wps_pin_enrollee(&wpa_s->current_ssid->eap)) {
4037 /*
4038 * Use shorter timeout if going through WPS AP iteration
4039 * for PIN config method with an AP that does not
4040 * advertise Selected Registrar.
4041 */
4042 struct wpabuf *wps_ie;
4043
4044 wps_ie = wpa_bss_get_vendor_ie_multi(
4045 wpa_s->current_bss, WPS_IE_VENDOR_TYPE);
4046 if (wps_ie &&
4047 !wps_is_addr_authorized(wps_ie, wpa_s->own_addr, 1))
4048 timeout = 10;
4049 wpabuf_free(wps_ie);
4050 }
4051 #endif /* CONFIG_WPS */
4052
4053 wpa_supplicant_req_auth_timeout(wpa_s, timeout, 0);
4054 }
4055 wpa_s->eapol_received++;
4056
4057 if (wpa_s->countermeasures) {
4058 wpa_msg(wpa_s, MSG_INFO, "WPA: Countermeasures - dropped "
4059 "EAPOL packet");
4060 return;
4061 }
4062
4063 #ifdef CONFIG_IBSS_RSN
4064 if (wpa_s->current_ssid &&
4065 wpa_s->current_ssid->mode == WPAS_MODE_IBSS) {
4066 ibss_rsn_rx_eapol(wpa_s->ibss_rsn, src_addr, buf, len);
4067 return;
4068 }
4069 #endif /* CONFIG_IBSS_RSN */
4070
4071 /* Source address of the incoming EAPOL frame could be compared to the
4072 * current BSSID. However, it is possible that a centralized
4073 * Authenticator could be using another MAC address than the BSSID of
4074 * an AP, so just allow any address to be used for now. The replies are
4075 * still sent to the current BSSID (if available), though. */
4076
4077 os_memcpy(wpa_s->last_eapol_src, src_addr, ETH_ALEN);
4078 if (!wpa_key_mgmt_wpa_psk(wpa_s->key_mgmt) &&
4079 wpa_s->key_mgmt != WPA_KEY_MGMT_OWE &&
4080 wpa_s->key_mgmt != WPA_KEY_MGMT_DPP &&
4081 eapol_sm_rx_eapol(wpa_s->eapol, src_addr, buf, len) > 0)
4082 return;
4083 wpa_drv_poll(wpa_s);
4084 if (!(wpa_s->drv_flags & WPA_DRIVER_FLAGS_4WAY_HANDSHAKE))
4085 wpa_sm_rx_eapol(wpa_s->wpa, src_addr, buf, len);
4086 else if (wpa_key_mgmt_wpa_ieee8021x(wpa_s->key_mgmt)) {
4087 /*
4088 * Set portValid = TRUE here since we are going to skip 4-way
4089 * handshake processing which would normally set portValid. We
4090 * need this to allow the EAPOL state machines to be completed
4091 * without going through EAPOL-Key handshake.
4092 */
4093 eapol_sm_notify_portValid(wpa_s->eapol, TRUE);
4094 }
4095 }
4096
4097
4098 int wpa_supplicant_update_mac_addr(struct wpa_supplicant *wpa_s)
4099 {
4100 if ((!wpa_s->p2p_mgmt ||
4101 !(wpa_s->drv_flags & WPA_DRIVER_FLAGS_DEDICATED_P2P_DEVICE)) &&
4102 !(wpa_s->drv_flags & WPA_DRIVER_FLAGS_P2P_DEDICATED_INTERFACE)) {
4103 l2_packet_deinit(wpa_s->l2);
4104 wpa_s->l2 = l2_packet_init(wpa_s->ifname,
4105 wpa_drv_get_mac_addr(wpa_s),
4106 ETH_P_EAPOL,
4107 wpa_supplicant_rx_eapol, wpa_s, 0);
4108 if (wpa_s->l2 == NULL)
4109 return -1;
4110
4111 if (l2_packet_set_packet_filter(wpa_s->l2,
4112 L2_PACKET_FILTER_PKTTYPE))
4113 wpa_dbg(wpa_s, MSG_DEBUG,
4114 "Failed to attach pkt_type filter");
4115 } else {
4116 const u8 *addr = wpa_drv_get_mac_addr(wpa_s);
4117 if (addr)
4118 os_memcpy(wpa_s->own_addr, addr, ETH_ALEN);
4119 }
4120
4121 if (wpa_s->l2 && l2_packet_get_own_addr(wpa_s->l2, wpa_s->own_addr)) {
4122 wpa_msg(wpa_s, MSG_ERROR, "Failed to get own L2 address");
4123 return -1;
4124 }
4125
4126 wpa_sm_set_own_addr(wpa_s->wpa, wpa_s->own_addr);
4127
4128 return 0;
4129 }
4130
4131
4132 static void wpa_supplicant_rx_eapol_bridge(void *ctx, const u8 *src_addr,
4133 const u8 *buf, size_t len)
4134 {
4135 struct wpa_supplicant *wpa_s = ctx;
4136 const struct l2_ethhdr *eth;
4137
4138 if (len < sizeof(*eth))
4139 return;
4140 eth = (const struct l2_ethhdr *) buf;
4141
4142 if (os_memcmp(eth->h_dest, wpa_s->own_addr, ETH_ALEN) != 0 &&
4143 !(eth->h_dest[0] & 0x01)) {
4144 wpa_dbg(wpa_s, MSG_DEBUG, "RX EAPOL from " MACSTR " to " MACSTR
4145 " (bridge - not for this interface - ignore)",
4146 MAC2STR(src_addr), MAC2STR(eth->h_dest));
4147 return;
4148 }
4149
4150 wpa_dbg(wpa_s, MSG_DEBUG, "RX EAPOL from " MACSTR " to " MACSTR
4151 " (bridge)", MAC2STR(src_addr), MAC2STR(eth->h_dest));
4152 wpa_supplicant_rx_eapol(wpa_s, src_addr, buf + sizeof(*eth),
4153 len - sizeof(*eth));
4154 }
4155
4156
4157 /**
4158 * wpa_supplicant_driver_init - Initialize driver interface parameters
4159 * @wpa_s: Pointer to wpa_supplicant data
4160 * Returns: 0 on success, -1 on failure
4161 *
4162 * This function is called to initialize driver interface parameters.
4163 * wpa_drv_init() must have been called before this function to initialize the
4164 * driver interface.
4165 */
4166 int wpa_supplicant_driver_init(struct wpa_supplicant *wpa_s)
4167 {
4168 static int interface_count = 0;
4169
4170 if (wpa_supplicant_update_mac_addr(wpa_s) < 0)
4171 return -1;
4172
4173 wpa_dbg(wpa_s, MSG_DEBUG, "Own MAC address: " MACSTR,
4174 MAC2STR(wpa_s->own_addr));
4175 os_memcpy(wpa_s->perm_addr, wpa_s->own_addr, ETH_ALEN);
4176 wpa_sm_set_own_addr(wpa_s->wpa, wpa_s->own_addr);
4177
4178 if (wpa_s->bridge_ifname[0]) {
4179 wpa_dbg(wpa_s, MSG_DEBUG, "Receiving packets from bridge "
4180 "interface '%s'", wpa_s->bridge_ifname);
4181 wpa_s->l2_br = l2_packet_init_bridge(
4182 wpa_s->bridge_ifname, wpa_s->ifname, wpa_s->own_addr,
4183 ETH_P_EAPOL, wpa_supplicant_rx_eapol_bridge, wpa_s, 1);
4184 if (wpa_s->l2_br == NULL) {
4185 wpa_msg(wpa_s, MSG_ERROR, "Failed to open l2_packet "
4186 "connection for the bridge interface '%s'",
4187 wpa_s->bridge_ifname);
4188 return -1;
4189 }
4190 }
4191
4192 if (wpa_s->conf->ap_scan == 2 &&
4193 os_strcmp(wpa_s->driver->name, "nl80211") == 0) {
4194 wpa_printf(MSG_INFO,
4195 "Note: nl80211 driver interface is not designed to be used with ap_scan=2; this can result in connection failures");
4196 }
4197
4198 wpa_clear_keys(wpa_s, NULL);
4199
4200 /* Make sure that TKIP countermeasures are not left enabled (could
4201 * happen if wpa_supplicant is killed during countermeasures. */
4202 wpa_drv_set_countermeasures(wpa_s, 0);
4203
4204 wpa_dbg(wpa_s, MSG_DEBUG, "RSN: flushing PMKID list in the driver");
4205 wpa_drv_flush_pmkid(wpa_s);
4206
4207 wpa_s->prev_scan_ssid = WILDCARD_SSID_SCAN;
4208 wpa_s->prev_scan_wildcard = 0;
4209
4210 if (wpa_supplicant_enabled_networks(wpa_s)) {
4211 if (wpa_s->wpa_state == WPA_INTERFACE_DISABLED) {
4212 wpa_supplicant_set_state(wpa_s, WPA_DISCONNECTED);
4213 interface_count = 0;
4214 }
4215 #ifndef ANDROID
4216 if (!wpa_s->p2p_mgmt &&
4217 wpa_supplicant_delayed_sched_scan(wpa_s,
4218 interface_count % 3,
4219 100000))
4220 wpa_supplicant_req_scan(wpa_s, interface_count % 3,
4221 100000);
4222 #endif /* ANDROID */
4223 interface_count++;
4224 } else
4225 wpa_supplicant_set_state(wpa_s, WPA_INACTIVE);
4226
4227 return 0;
4228 }
4229
4230
4231 static int wpa_supplicant_daemon(const char *pid_file)
4232 {
4233 wpa_printf(MSG_DEBUG, "Daemonize..");
4234 return os_daemonize(pid_file);
4235 }
4236
4237
4238 static struct wpa_supplicant *
4239 wpa_supplicant_alloc(struct wpa_supplicant *parent)
4240 {
4241 struct wpa_supplicant *wpa_s;
4242
4243 wpa_s = os_zalloc(sizeof(*wpa_s));
4244 if (wpa_s == NULL)
4245 return NULL;
4246 wpa_s->scan_req = INITIAL_SCAN_REQ;
4247 wpa_s->scan_interval = 5;
4248 wpa_s->new_connection = 1;
4249 wpa_s->parent = parent ? parent : wpa_s;
4250 wpa_s->p2pdev = wpa_s->parent;
4251 wpa_s->sched_scanning = 0;
4252
4253 dl_list_init(&wpa_s->bss_tmp_disallowed);
4254 dl_list_init(&wpa_s->fils_hlp_req);
4255
4256 return wpa_s;
4257 }
4258
4259
4260 #ifdef CONFIG_HT_OVERRIDES
4261
4262 static int wpa_set_htcap_mcs(struct wpa_supplicant *wpa_s,
4263 struct ieee80211_ht_capabilities *htcaps,
4264 struct ieee80211_ht_capabilities *htcaps_mask,
4265 const char *ht_mcs)
4266 {
4267 /* parse ht_mcs into hex array */
4268 int i;
4269 const char *tmp = ht_mcs;
4270 char *end = NULL;
4271
4272 /* If ht_mcs is null, do not set anything */
4273 if (!ht_mcs)
4274 return 0;
4275
4276 /* This is what we are setting in the kernel */
4277 os_memset(&htcaps->supported_mcs_set, 0, IEEE80211_HT_MCS_MASK_LEN);
4278
4279 wpa_msg(wpa_s, MSG_DEBUG, "set_htcap, ht_mcs -:%s:-", ht_mcs);
4280
4281 for (i = 0; i < IEEE80211_HT_MCS_MASK_LEN; i++) {
4282 long v;
4283
4284 errno = 0;
4285 v = strtol(tmp, &end, 16);
4286
4287 if (errno == 0) {
4288 wpa_msg(wpa_s, MSG_DEBUG,
4289 "htcap value[%i]: %ld end: %p tmp: %p",
4290 i, v, end, tmp);
4291 if (end == tmp)
4292 break;
4293
4294 htcaps->supported_mcs_set[i] = v;
4295 tmp = end;
4296 } else {
4297 wpa_msg(wpa_s, MSG_ERROR,
4298 "Failed to parse ht-mcs: %s, error: %s\n",
4299 ht_mcs, strerror(errno));
4300 return -1;
4301 }
4302 }
4303
4304 /*
4305 * If we were able to parse any values, then set mask for the MCS set.
4306 */
4307 if (i) {
4308 os_memset(&htcaps_mask->supported_mcs_set, 0xff,
4309 IEEE80211_HT_MCS_MASK_LEN - 1);
4310 /* skip the 3 reserved bits */
4311 htcaps_mask->supported_mcs_set[IEEE80211_HT_MCS_MASK_LEN - 1] =
4312 0x1f;
4313 }
4314
4315 return 0;
4316 }
4317
4318
4319 static int wpa_disable_max_amsdu(struct wpa_supplicant *wpa_s,
4320 struct ieee80211_ht_capabilities *htcaps,
4321 struct ieee80211_ht_capabilities *htcaps_mask,
4322 int disabled)
4323 {
4324 le16 msk;
4325
4326 wpa_msg(wpa_s, MSG_DEBUG, "set_disable_max_amsdu: %d", disabled);
4327
4328 if (disabled == -1)
4329 return 0;
4330
4331 msk = host_to_le16(HT_CAP_INFO_MAX_AMSDU_SIZE);
4332 htcaps_mask->ht_capabilities_info |= msk;
4333 if (disabled)
4334 htcaps->ht_capabilities_info &= msk;
4335 else
4336 htcaps->ht_capabilities_info |= msk;
4337
4338 return 0;
4339 }
4340
4341
4342 static int wpa_set_ampdu_factor(struct wpa_supplicant *wpa_s,
4343 struct ieee80211_ht_capabilities *htcaps,
4344 struct ieee80211_ht_capabilities *htcaps_mask,
4345 int factor)
4346 {
4347 wpa_msg(wpa_s, MSG_DEBUG, "set_ampdu_factor: %d", factor);
4348
4349 if (factor == -1)
4350 return 0;
4351
4352 if (factor < 0 || factor > 3) {
4353 wpa_msg(wpa_s, MSG_ERROR, "ampdu_factor: %d out of range. "
4354 "Must be 0-3 or -1", factor);
4355 return -EINVAL;
4356 }
4357
4358 htcaps_mask->a_mpdu_params |= 0x3; /* 2 bits for factor */
4359 htcaps->a_mpdu_params &= ~0x3;
4360 htcaps->a_mpdu_params |= factor & 0x3;
4361
4362 return 0;
4363 }
4364
4365
4366 static int wpa_set_ampdu_density(struct wpa_supplicant *wpa_s,
4367 struct ieee80211_ht_capabilities *htcaps,
4368 struct ieee80211_ht_capabilities *htcaps_mask,
4369 int density)
4370 {
4371 wpa_msg(wpa_s, MSG_DEBUG, "set_ampdu_density: %d", density);
4372
4373 if (density == -1)
4374 return 0;
4375
4376 if (density < 0 || density > 7) {
4377 wpa_msg(wpa_s, MSG_ERROR,
4378 "ampdu_density: %d out of range. Must be 0-7 or -1.",
4379 density);
4380 return -EINVAL;
4381 }
4382
4383 htcaps_mask->a_mpdu_params |= 0x1C;
4384 htcaps->a_mpdu_params &= ~(0x1C);
4385 htcaps->a_mpdu_params |= (density << 2) & 0x1C;
4386
4387 return 0;
4388 }
4389
4390
4391 static int wpa_set_disable_ht40(struct wpa_supplicant *wpa_s,
4392 struct ieee80211_ht_capabilities *htcaps,
4393 struct ieee80211_ht_capabilities *htcaps_mask,
4394 int disabled)
4395 {
4396 wpa_msg(wpa_s, MSG_DEBUG, "set_disable_ht40: %d", disabled);
4397
4398 set_disable_ht40(htcaps, disabled);
4399 set_disable_ht40(htcaps_mask, 0);
4400
4401 return 0;
4402 }
4403
4404
4405 static int wpa_set_disable_sgi(struct wpa_supplicant *wpa_s,
4406 struct ieee80211_ht_capabilities *htcaps,
4407 struct ieee80211_ht_capabilities *htcaps_mask,
4408 int disabled)
4409 {
4410 /* Masking these out disables SGI */
4411 le16 msk = host_to_le16(HT_CAP_INFO_SHORT_GI20MHZ |
4412 HT_CAP_INFO_SHORT_GI40MHZ);
4413
4414 wpa_msg(wpa_s, MSG_DEBUG, "set_disable_sgi: %d", disabled);
4415
4416 if (disabled)
4417 htcaps->ht_capabilities_info &= ~msk;
4418 else
4419 htcaps->ht_capabilities_info |= msk;
4420
4421 htcaps_mask->ht_capabilities_info |= msk;
4422
4423 return 0;
4424 }
4425
4426
4427 static int wpa_set_disable_ldpc(struct wpa_supplicant *wpa_s,
4428 struct ieee80211_ht_capabilities *htcaps,
4429 struct ieee80211_ht_capabilities *htcaps_mask,
4430 int disabled)
4431 {
4432 /* Masking these out disables LDPC */
4433 le16 msk = host_to_le16(HT_CAP_INFO_LDPC_CODING_CAP);
4434
4435 wpa_msg(wpa_s, MSG_DEBUG, "set_disable_ldpc: %d", disabled);
4436
4437 if (disabled)
4438 htcaps->ht_capabilities_info &= ~msk;
4439 else
4440 htcaps->ht_capabilities_info |= msk;
4441
4442 htcaps_mask->ht_capabilities_info |= msk;
4443
4444 return 0;
4445 }
4446
4447
4448 void wpa_supplicant_apply_ht_overrides(
4449 struct wpa_supplicant *wpa_s, struct wpa_ssid *ssid,
4450 struct wpa_driver_associate_params *params)
4451 {
4452 struct ieee80211_ht_capabilities *htcaps;
4453 struct ieee80211_ht_capabilities *htcaps_mask;
4454
4455 if (!ssid)
4456 return;
4457
4458 params->disable_ht = ssid->disable_ht;
4459 if (!params->htcaps || !params->htcaps_mask)
4460 return;
4461
4462 htcaps = (struct ieee80211_ht_capabilities *) params->htcaps;
4463 htcaps_mask = (struct ieee80211_ht_capabilities *) params->htcaps_mask;
4464 wpa_set_htcap_mcs(wpa_s, htcaps, htcaps_mask, ssid->ht_mcs);
4465 wpa_disable_max_amsdu(wpa_s, htcaps, htcaps_mask,
4466 ssid->disable_max_amsdu);
4467 wpa_set_ampdu_factor(wpa_s, htcaps, htcaps_mask, ssid->ampdu_factor);
4468 wpa_set_ampdu_density(wpa_s, htcaps, htcaps_mask, ssid->ampdu_density);
4469 wpa_set_disable_ht40(wpa_s, htcaps, htcaps_mask, ssid->disable_ht40);
4470 wpa_set_disable_sgi(wpa_s, htcaps, htcaps_mask, ssid->disable_sgi);
4471 wpa_set_disable_ldpc(wpa_s, htcaps, htcaps_mask, ssid->disable_ldpc);
4472
4473 if (ssid->ht40_intolerant) {
4474 le16 bit = host_to_le16(HT_CAP_INFO_40MHZ_INTOLERANT);
4475 htcaps->ht_capabilities_info |= bit;
4476 htcaps_mask->ht_capabilities_info |= bit;
4477 }
4478 }
4479
4480 #endif /* CONFIG_HT_OVERRIDES */
4481
4482
4483 #ifdef CONFIG_VHT_OVERRIDES
4484 void wpa_supplicant_apply_vht_overrides(
4485 struct wpa_supplicant *wpa_s, struct wpa_ssid *ssid,
4486 struct wpa_driver_associate_params *params)
4487 {
4488 struct ieee80211_vht_capabilities *vhtcaps;
4489 struct ieee80211_vht_capabilities *vhtcaps_mask;
4490
4491 if (!ssid)
4492 return;
4493
4494 params->disable_vht = ssid->disable_vht;
4495
4496 vhtcaps = (void *) params->vhtcaps;
4497 vhtcaps_mask = (void *) params->vhtcaps_mask;
4498
4499 if (!vhtcaps || !vhtcaps_mask)
4500 return;
4501
4502 vhtcaps->vht_capabilities_info = host_to_le32(ssid->vht_capa);
4503 vhtcaps_mask->vht_capabilities_info = host_to_le32(ssid->vht_capa_mask);
4504
4505 #ifdef CONFIG_HT_OVERRIDES
4506 /* if max ampdu is <= 3, we have to make the HT cap the same */
4507 if (ssid->vht_capa_mask & VHT_CAP_MAX_A_MPDU_LENGTH_EXPONENT_MAX) {
4508 int max_ampdu;
4509
4510 max_ampdu = (ssid->vht_capa &
4511 VHT_CAP_MAX_A_MPDU_LENGTH_EXPONENT_MAX) >>
4512 VHT_CAP_MAX_A_MPDU_LENGTH_EXPONENT_MAX_SHIFT;
4513
4514 max_ampdu = max_ampdu < 3 ? max_ampdu : 3;
4515 wpa_set_ampdu_factor(wpa_s,
4516 (void *) params->htcaps,
4517 (void *) params->htcaps_mask,
4518 max_ampdu);
4519 }
4520 #endif /* CONFIG_HT_OVERRIDES */
4521
4522 #define OVERRIDE_MCS(i) \
4523 if (ssid->vht_tx_mcs_nss_ ##i >= 0) { \
4524 vhtcaps_mask->vht_supported_mcs_set.tx_map |= \
4525 host_to_le16(3 << 2 * (i - 1)); \
4526 vhtcaps->vht_supported_mcs_set.tx_map |= \
4527 host_to_le16(ssid->vht_tx_mcs_nss_ ##i << \
4528 2 * (i - 1)); \
4529 } \
4530 if (ssid->vht_rx_mcs_nss_ ##i >= 0) { \
4531 vhtcaps_mask->vht_supported_mcs_set.rx_map |= \
4532 host_to_le16(3 << 2 * (i - 1)); \
4533 vhtcaps->vht_supported_mcs_set.rx_map |= \
4534 host_to_le16(ssid->vht_rx_mcs_nss_ ##i << \
4535 2 * (i - 1)); \
4536 }
4537
4538 OVERRIDE_MCS(1);
4539 OVERRIDE_MCS(2);
4540 OVERRIDE_MCS(3);
4541 OVERRIDE_MCS(4);
4542 OVERRIDE_MCS(5);
4543 OVERRIDE_MCS(6);
4544 OVERRIDE_MCS(7);
4545 OVERRIDE_MCS(8);
4546 }
4547 #endif /* CONFIG_VHT_OVERRIDES */
4548
4549
4550 static int pcsc_reader_init(struct wpa_supplicant *wpa_s)
4551 {
4552 #ifdef PCSC_FUNCS
4553 size_t len;
4554
4555 if (!wpa_s->conf->pcsc_reader)
4556 return 0;
4557
4558 wpa_s->scard = scard_init(wpa_s->conf->pcsc_reader);
4559 if (!wpa_s->scard)
4560 return 1;
4561
4562 if (wpa_s->conf->pcsc_pin &&
4563 scard_set_pin(wpa_s->scard, wpa_s->conf->pcsc_pin) < 0) {
4564 scard_deinit(wpa_s->scard);
4565 wpa_s->scard = NULL;
4566 wpa_msg(wpa_s, MSG_ERROR, "PC/SC PIN validation failed");
4567 return -1;
4568 }
4569
4570 len = sizeof(wpa_s->imsi) - 1;
4571 if (scard_get_imsi(wpa_s->scard, wpa_s->imsi, &len)) {
4572 scard_deinit(wpa_s->scard);
4573 wpa_s->scard = NULL;
4574 wpa_msg(wpa_s, MSG_ERROR, "Could not read IMSI");
4575 return -1;
4576 }
4577 wpa_s->imsi[len] = '\0';
4578
4579 wpa_s->mnc_len = scard_get_mnc_len(wpa_s->scard);
4580
4581 wpa_printf(MSG_DEBUG, "SCARD: IMSI %s (MNC length %d)",
4582 wpa_s->imsi, wpa_s->mnc_len);
4583
4584 wpa_sm_set_scard_ctx(wpa_s->wpa, wpa_s->scard);
4585 eapol_sm_register_scard_ctx(wpa_s->eapol, wpa_s->scard);
4586 #endif /* PCSC_FUNCS */
4587
4588 return 0;
4589 }
4590
4591
4592 int wpas_init_ext_pw(struct wpa_supplicant *wpa_s)
4593 {
4594 char *val, *pos;
4595
4596 ext_password_deinit(wpa_s->ext_pw);
4597 wpa_s->ext_pw = NULL;
4598 eapol_sm_set_ext_pw_ctx(wpa_s->eapol, NULL);
4599
4600 if (!wpa_s->conf->ext_password_backend)
4601 return 0;
4602
4603 val = os_strdup(wpa_s->conf->ext_password_backend);
4604 if (val == NULL)
4605 return -1;
4606 pos = os_strchr(val, ':');
4607 if (pos)
4608 *pos++ = '\0';
4609
4610 wpa_printf(MSG_DEBUG, "EXT PW: Initialize backend '%s'", val);
4611
4612 wpa_s->ext_pw = ext_password_init(val, pos);
4613 os_free(val);
4614 if (wpa_s->ext_pw == NULL) {
4615 wpa_printf(MSG_DEBUG, "EXT PW: Failed to initialize backend");
4616 return -1;
4617 }
4618 eapol_sm_set_ext_pw_ctx(wpa_s->eapol, wpa_s->ext_pw);
4619
4620 return 0;
4621 }
4622
4623
4624 #ifdef CONFIG_FST
4625
4626 static const u8 * wpas_fst_get_bssid_cb(void *ctx)
4627 {
4628 struct wpa_supplicant *wpa_s = ctx;
4629
4630 return (is_zero_ether_addr(wpa_s->bssid) ||
4631 wpa_s->wpa_state != WPA_COMPLETED) ? NULL : wpa_s->bssid;
4632 }
4633
4634
4635 static void wpas_fst_get_channel_info_cb(void *ctx,
4636 enum hostapd_hw_mode *hw_mode,
4637 u8 *channel)
4638 {
4639 struct wpa_supplicant *wpa_s = ctx;
4640
4641 if (wpa_s->current_bss) {
4642 *hw_mode = ieee80211_freq_to_chan(wpa_s->current_bss->freq,
4643 channel);
4644 } else if (wpa_s->hw.num_modes) {
4645 *hw_mode = wpa_s->hw.modes[0].mode;
4646 } else {
4647 WPA_ASSERT(0);
4648 *hw_mode = 0;
4649 }
4650 }
4651
4652
4653 static int wpas_fst_get_hw_modes(void *ctx, struct hostapd_hw_modes **modes)
4654 {
4655 struct wpa_supplicant *wpa_s = ctx;
4656
4657 *modes = wpa_s->hw.modes;
4658 return wpa_s->hw.num_modes;
4659 }
4660
4661
4662 static void wpas_fst_set_ies_cb(void *ctx, const struct wpabuf *fst_ies)
4663 {
4664 struct wpa_supplicant *wpa_s = ctx;
4665
4666 wpa_hexdump_buf(MSG_DEBUG, "FST: Set IEs", fst_ies);
4667 wpa_s->fst_ies = fst_ies;
4668 }
4669
4670
4671 static int wpas_fst_send_action_cb(void *ctx, const u8 *da, struct wpabuf *data)
4672 {
4673 struct wpa_supplicant *wpa_s = ctx;
4674
4675 if (os_memcmp(wpa_s->bssid, da, ETH_ALEN) != 0) {
4676 wpa_printf(MSG_INFO, "FST:%s:bssid=" MACSTR " != da=" MACSTR,
4677 __func__, MAC2STR(wpa_s->bssid), MAC2STR(da));
4678 return -1;
4679 }
4680 return wpa_drv_send_action(wpa_s, wpa_s->assoc_freq, 0, wpa_s->bssid,
4681 wpa_s->own_addr, wpa_s->bssid,
4682 wpabuf_head(data), wpabuf_len(data),
4683 0);
4684 }
4685
4686
4687 static const struct wpabuf * wpas_fst_get_mb_ie_cb(void *ctx, const u8 *addr)
4688 {
4689 struct wpa_supplicant *wpa_s = ctx;
4690
4691 WPA_ASSERT(os_memcmp(wpa_s->bssid, addr, ETH_ALEN) == 0);
4692 return wpa_s->received_mb_ies;
4693 }
4694
4695
4696 static void wpas_fst_update_mb_ie_cb(void *ctx, const u8 *addr,
4697 const u8 *buf, size_t size)
4698 {
4699 struct wpa_supplicant *wpa_s = ctx;
4700 struct mb_ies_info info;
4701
4702 WPA_ASSERT(os_memcmp(wpa_s->bssid, addr, ETH_ALEN) == 0);
4703
4704 if (!mb_ies_info_by_ies(&info, buf, size)) {
4705 wpabuf_free(wpa_s->received_mb_ies);
4706 wpa_s->received_mb_ies = mb_ies_by_info(&info);
4707 }
4708 }
4709
4710
4711 static const u8 * wpas_fst_get_peer_first(void *ctx,
4712 struct fst_get_peer_ctx **get_ctx,
4713 Boolean mb_only)
4714 {
4715 struct wpa_supplicant *wpa_s = ctx;
4716
4717 *get_ctx = NULL;
4718 if (!is_zero_ether_addr(wpa_s->bssid))
4719 return (wpa_s->received_mb_ies || !mb_only) ?
4720 wpa_s->bssid : NULL;
4721 return NULL;
4722 }
4723
4724
4725 static const u8 * wpas_fst_get_peer_next(void *ctx,
4726 struct fst_get_peer_ctx **get_ctx,
4727 Boolean mb_only)
4728 {
4729 return NULL;
4730 }
4731
4732 void fst_wpa_supplicant_fill_iface_obj(struct wpa_supplicant *wpa_s,
4733 struct fst_wpa_obj *iface_obj)
4734 {
4735 iface_obj->ctx = wpa_s;
4736 iface_obj->get_bssid = wpas_fst_get_bssid_cb;
4737 iface_obj->get_channel_info = wpas_fst_get_channel_info_cb;
4738 iface_obj->get_hw_modes = wpas_fst_get_hw_modes;
4739 iface_obj->set_ies = wpas_fst_set_ies_cb;
4740 iface_obj->send_action = wpas_fst_send_action_cb;
4741 iface_obj->get_mb_ie = wpas_fst_get_mb_ie_cb;
4742 iface_obj->update_mb_ie = wpas_fst_update_mb_ie_cb;
4743 iface_obj->get_peer_first = wpas_fst_get_peer_first;
4744 iface_obj->get_peer_next = wpas_fst_get_peer_next;
4745 }
4746 #endif /* CONFIG_FST */
4747
4748 static int wpas_set_wowlan_triggers(struct wpa_supplicant *wpa_s,
4749 const struct wpa_driver_capa *capa)
4750 {
4751 struct wowlan_triggers *triggers;
4752 int ret = 0;
4753
4754 if (!wpa_s->conf->wowlan_triggers)
4755 return 0;
4756
4757 triggers = wpa_get_wowlan_triggers(wpa_s->conf->wowlan_triggers, capa);
4758 if (triggers) {
4759 ret = wpa_drv_wowlan(wpa_s, triggers);
4760 os_free(triggers);
4761 }
4762 return ret;
4763 }
4764
4765
4766 enum wpa_radio_work_band wpas_freq_to_band(int freq)
4767 {
4768 if (freq < 3000)
4769 return BAND_2_4_GHZ;
4770 if (freq > 50000)
4771 return BAND_60_GHZ;
4772 return BAND_5_GHZ;
4773 }
4774
4775
4776 unsigned int wpas_get_bands(struct wpa_supplicant *wpa_s, const int *freqs)
4777 {
4778 int i;
4779 unsigned int band = 0;
4780
4781 if (freqs) {
4782 /* freqs are specified for the radio work */
4783 for (i = 0; freqs[i]; i++)
4784 band |= wpas_freq_to_band(freqs[i]);
4785 } else {
4786 /*
4787 * freqs are not specified, implies all
4788 * the supported freqs by HW
4789 */
4790 for (i = 0; i < wpa_s->hw.num_modes; i++) {
4791 if (wpa_s->hw.modes[i].num_channels != 0) {
4792 if (wpa_s->hw.modes[i].mode ==
4793 HOSTAPD_MODE_IEEE80211B ||
4794 wpa_s->hw.modes[i].mode ==
4795 HOSTAPD_MODE_IEEE80211G)
4796 band |= BAND_2_4_GHZ;
4797 else if (wpa_s->hw.modes[i].mode ==
4798 HOSTAPD_MODE_IEEE80211A)
4799 band |= BAND_5_GHZ;
4800 else if (wpa_s->hw.modes[i].mode ==
4801 HOSTAPD_MODE_IEEE80211AD)
4802 band |= BAND_60_GHZ;
4803 else if (wpa_s->hw.modes[i].mode ==
4804 HOSTAPD_MODE_IEEE80211ANY)
4805 band = BAND_2_4_GHZ | BAND_5_GHZ |
4806 BAND_60_GHZ;
4807 }
4808 }
4809 }
4810
4811 return band;
4812 }
4813
4814
4815 static struct wpa_radio * radio_add_interface(struct wpa_supplicant *wpa_s,
4816 const char *rn)
4817 {
4818 struct wpa_supplicant *iface = wpa_s->global->ifaces;
4819 struct wpa_radio *radio;
4820
4821 while (rn && iface) {
4822 radio = iface->radio;
4823 if (radio && os_strcmp(rn, radio->name) == 0) {
4824 wpa_printf(MSG_DEBUG, "Add interface %s to existing radio %s",
4825 wpa_s->ifname, rn);
4826 dl_list_add(&radio->ifaces, &wpa_s->radio_list);
4827 return radio;
4828 }
4829
4830 iface = iface->next;
4831 }
4832
4833 wpa_printf(MSG_DEBUG, "Add interface %s to a new radio %s",
4834 wpa_s->ifname, rn ? rn : "N/A");
4835 radio = os_zalloc(sizeof(*radio));
4836 if (radio == NULL)
4837 return NULL;
4838
4839 if (rn)
4840 os_strlcpy(radio->name, rn, sizeof(radio->name));
4841 dl_list_init(&radio->ifaces);
4842 dl_list_init(&radio->work);
4843 dl_list_add(&radio->ifaces, &wpa_s->radio_list);
4844
4845 return radio;
4846 }
4847
4848
4849 static void radio_work_free(struct wpa_radio_work *work)
4850 {
4851 if (work->wpa_s->scan_work == work) {
4852 /* This should not really happen. */
4853 wpa_dbg(work->wpa_s, MSG_INFO, "Freeing radio work '%s'@%p (started=%d) that is marked as scan_work",
4854 work->type, work, work->started);
4855 work->wpa_s->scan_work = NULL;
4856 }
4857
4858 #ifdef CONFIG_P2P
4859 if (work->wpa_s->p2p_scan_work == work) {
4860 /* This should not really happen. */
4861 wpa_dbg(work->wpa_s, MSG_INFO, "Freeing radio work '%s'@%p (started=%d) that is marked as p2p_scan_work",
4862 work->type, work, work->started);
4863 work->wpa_s->p2p_scan_work = NULL;
4864 }
4865 #endif /* CONFIG_P2P */
4866
4867 if (work->started) {
4868 work->wpa_s->radio->num_active_works--;
4869 wpa_dbg(work->wpa_s, MSG_DEBUG,
4870 "radio_work_free('%s'@%p): num_active_works --> %u",
4871 work->type, work,
4872 work->wpa_s->radio->num_active_works);
4873 }
4874
4875 dl_list_del(&work->list);
4876 os_free(work);
4877 }
4878
4879
4880 static int radio_work_is_connect(struct wpa_radio_work *work)
4881 {
4882 return os_strcmp(work->type, "sme-connect") == 0 ||
4883 os_strcmp(work->type, "connect") == 0;
4884 }
4885
4886
4887 static int radio_work_is_scan(struct wpa_radio_work *work)
4888 {
4889 return os_strcmp(work->type, "scan") == 0 ||
4890 os_strcmp(work->type, "p2p-scan") == 0;
4891 }
4892
4893
4894 static struct wpa_radio_work * radio_work_get_next_work(struct wpa_radio *radio)
4895 {
4896 struct wpa_radio_work *active_work = NULL;
4897 struct wpa_radio_work *tmp;
4898
4899 /* Get the active work to know the type and band. */
4900 dl_list_for_each(tmp, &radio->work, struct wpa_radio_work, list) {
4901 if (tmp->started) {
4902 active_work = tmp;
4903 break;
4904 }
4905 }
4906
4907 if (!active_work) {
4908 /* No active work, start one */
4909 radio->num_active_works = 0;
4910 dl_list_for_each(tmp, &radio->work, struct wpa_radio_work,
4911 list) {
4912 if (os_strcmp(tmp->type, "scan") == 0 &&
4913 radio->external_scan_running &&
4914 (((struct wpa_driver_scan_params *)
4915 tmp->ctx)->only_new_results ||
4916 tmp->wpa_s->clear_driver_scan_cache))
4917 continue;
4918 return tmp;
4919 }
4920 return NULL;
4921 }
4922
4923 if (radio_work_is_connect(active_work)) {
4924 /*
4925 * If the active work is either connect or sme-connect,
4926 * do not parallelize them with other radio works.
4927 */
4928 wpa_dbg(active_work->wpa_s, MSG_DEBUG,
4929 "Do not parallelize radio work with %s",
4930 active_work->type);
4931 return NULL;
4932 }
4933
4934 dl_list_for_each(tmp, &radio->work, struct wpa_radio_work, list) {
4935 if (tmp->started)
4936 continue;
4937
4938 /*
4939 * If connect or sme-connect are enqueued, parallelize only
4940 * those operations ahead of them in the queue.
4941 */
4942 if (radio_work_is_connect(tmp))
4943 break;
4944
4945 /* Serialize parallel scan and p2p_scan operations on the same
4946 * interface since the driver_nl80211 mechanism for tracking
4947 * scan cookies does not yet have support for this. */
4948 if (active_work->wpa_s == tmp->wpa_s &&
4949 radio_work_is_scan(active_work) &&
4950 radio_work_is_scan(tmp)) {
4951 wpa_dbg(active_work->wpa_s, MSG_DEBUG,
4952 "Do not start work '%s' when another work '%s' is already scheduled",
4953 tmp->type, active_work->type);
4954 continue;
4955 }
4956 /*
4957 * Check that the radio works are distinct and
4958 * on different bands.
4959 */
4960 if (os_strcmp(active_work->type, tmp->type) != 0 &&
4961 (active_work->bands != tmp->bands)) {
4962 /*
4963 * If a scan has to be scheduled through nl80211 scan
4964 * interface and if an external scan is already running,
4965 * do not schedule the scan since it is likely to get
4966 * rejected by kernel.
4967 */
4968 if (os_strcmp(tmp->type, "scan") == 0 &&
4969 radio->external_scan_running &&
4970 (((struct wpa_driver_scan_params *)
4971 tmp->ctx)->only_new_results ||
4972 tmp->wpa_s->clear_driver_scan_cache))
4973 continue;
4974
4975 wpa_dbg(active_work->wpa_s, MSG_DEBUG,
4976 "active_work:%s new_work:%s",
4977 active_work->type, tmp->type);
4978 return tmp;
4979 }
4980 }
4981
4982 /* Did not find a radio work to schedule in parallel. */
4983 return NULL;
4984 }
4985
4986
4987 static void radio_start_next_work(void *eloop_ctx, void *timeout_ctx)
4988 {
4989 struct wpa_radio *radio = eloop_ctx;
4990 struct wpa_radio_work *work;
4991 struct os_reltime now, diff;
4992 struct wpa_supplicant *wpa_s;
4993
4994 work = dl_list_first(&radio->work, struct wpa_radio_work, list);
4995 if (work == NULL) {
4996 radio->num_active_works = 0;
4997 return;
4998 }
4999
5000 wpa_s = dl_list_first(&radio->ifaces, struct wpa_supplicant,
5001 radio_list);
5002
5003 if (!(wpa_s &&
5004 wpa_s->drv_flags & WPA_DRIVER_FLAGS_OFFCHANNEL_SIMULTANEOUS)) {
5005 if (work->started)
5006 return; /* already started and still in progress */
5007
5008 if (wpa_s && wpa_s->radio->external_scan_running) {
5009 wpa_printf(MSG_DEBUG, "Delay radio work start until externally triggered scan completes");
5010 return;
5011 }
5012 } else {
5013 work = NULL;
5014 if (radio->num_active_works < MAX_ACTIVE_WORKS) {
5015 /* get the work to schedule next */
5016 work = radio_work_get_next_work(radio);
5017 }
5018 if (!work)
5019 return;
5020 }
5021
5022 wpa_s = work->wpa_s;
5023 os_get_reltime(&now);
5024 os_reltime_sub(&now, &work->time, &diff);
5025 wpa_dbg(wpa_s, MSG_DEBUG,
5026 "Starting radio work '%s'@%p after %ld.%06ld second wait",
5027 work->type, work, diff.sec, diff.usec);
5028 work->started = 1;
5029 work->time = now;
5030 radio->num_active_works++;
5031
5032 work->cb(work, 0);
5033
5034 if ((wpa_s->drv_flags & WPA_DRIVER_FLAGS_OFFCHANNEL_SIMULTANEOUS) &&
5035 radio->num_active_works < MAX_ACTIVE_WORKS)
5036 radio_work_check_next(wpa_s);
5037 }
5038
5039
5040 /*
5041 * This function removes both started and pending radio works running on
5042 * the provided interface's radio.
5043 * Prior to the removal of the radio work, its callback (cb) is called with
5044 * deinit set to be 1. Each work's callback is responsible for clearing its
5045 * internal data and restoring to a correct state.
5046 * @wpa_s: wpa_supplicant data
5047 * @type: type of works to be removed
5048 * @remove_all: 1 to remove all the works on this radio, 0 to remove only
5049 * this interface's works.
5050 */
5051 void radio_remove_works(struct wpa_supplicant *wpa_s,
5052 const char *type, int remove_all)
5053 {
5054 struct wpa_radio_work *work, *tmp;
5055 struct wpa_radio *radio = wpa_s->radio;
5056
5057 dl_list_for_each_safe(work, tmp, &radio->work, struct wpa_radio_work,
5058 list) {
5059 if (type && os_strcmp(type, work->type) != 0)
5060 continue;
5061
5062 /* skip other ifaces' works */
5063 if (!remove_all && work->wpa_s != wpa_s)
5064 continue;
5065
5066 wpa_dbg(wpa_s, MSG_DEBUG, "Remove radio work '%s'@%p%s",
5067 work->type, work, work->started ? " (started)" : "");
5068 work->cb(work, 1);
5069 radio_work_free(work);
5070 }
5071
5072 /* in case we removed the started work */
5073 radio_work_check_next(wpa_s);
5074 }
5075
5076
5077 void radio_remove_pending_work(struct wpa_supplicant *wpa_s, void *ctx)
5078 {
5079 struct wpa_radio_work *work;
5080 struct wpa_radio *radio = wpa_s->radio;
5081
5082 dl_list_for_each(work, &radio->work, struct wpa_radio_work, list) {
5083 if (work->ctx != ctx)
5084 continue;
5085 wpa_dbg(wpa_s, MSG_DEBUG, "Free pending radio work '%s'@%p%s",
5086 work->type, work, work->started ? " (started)" : "");
5087 radio_work_free(work);
5088 break;
5089 }
5090 }
5091
5092
5093 static void radio_remove_interface(struct wpa_supplicant *wpa_s)
5094 {
5095 struct wpa_radio *radio = wpa_s->radio;
5096
5097 if (!radio)
5098 return;
5099
5100 wpa_printf(MSG_DEBUG, "Remove interface %s from radio %s",
5101 wpa_s->ifname, radio->name);
5102 dl_list_del(&wpa_s->radio_list);
5103 radio_remove_works(wpa_s, NULL, 0);
5104 wpa_s->radio = NULL;
5105 if (!dl_list_empty(&radio->ifaces))
5106 return; /* Interfaces remain for this radio */
5107
5108 wpa_printf(MSG_DEBUG, "Remove radio %s", radio->name);
5109 eloop_cancel_timeout(radio_start_next_work, radio, NULL);
5110 os_free(radio);
5111 }
5112
5113
5114 void radio_work_check_next(struct wpa_supplicant *wpa_s)
5115 {
5116 struct wpa_radio *radio = wpa_s->radio;
5117
5118 if (dl_list_empty(&radio->work))
5119 return;
5120 if (wpa_s->ext_work_in_progress) {
5121 wpa_printf(MSG_DEBUG,
5122 "External radio work in progress - delay start of pending item");
5123 return;
5124 }
5125 eloop_cancel_timeout(radio_start_next_work, radio, NULL);
5126 eloop_register_timeout(0, 0, radio_start_next_work, radio, NULL);
5127 }
5128
5129
5130 /**
5131 * radio_add_work - Add a radio work item
5132 * @wpa_s: Pointer to wpa_supplicant data
5133 * @freq: Frequency of the offchannel operation in MHz or 0
5134 * @type: Unique identifier for each type of work
5135 * @next: Force as the next work to be executed
5136 * @cb: Callback function for indicating when radio is available
5137 * @ctx: Context pointer for the work (work->ctx in cb())
5138 * Returns: 0 on success, -1 on failure
5139 *
5140 * This function is used to request time for an operation that requires
5141 * exclusive radio control. Once the radio is available, the registered callback
5142 * function will be called. radio_work_done() must be called once the exclusive
5143 * radio operation has been completed, so that the radio is freed for other
5144 * operations. The special case of deinit=1 is used to free the context data
5145 * during interface removal. That does not allow the callback function to start
5146 * the radio operation, i.e., it must free any resources allocated for the radio
5147 * work and return.
5148 *
5149 * The @freq parameter can be used to indicate a single channel on which the
5150 * offchannel operation will occur. This may allow multiple radio work
5151 * operations to be performed in parallel if they apply for the same channel.
5152 * Setting this to 0 indicates that the work item may use multiple channels or
5153 * requires exclusive control of the radio.
5154 */
5155 int radio_add_work(struct wpa_supplicant *wpa_s, unsigned int freq,
5156 const char *type, int next,
5157 void (*cb)(struct wpa_radio_work *work, int deinit),
5158 void *ctx)
5159 {
5160 struct wpa_radio *radio = wpa_s->radio;
5161 struct wpa_radio_work *work;
5162 int was_empty;
5163
5164 work = os_zalloc(sizeof(*work));
5165 if (work == NULL)
5166 return -1;
5167 wpa_dbg(wpa_s, MSG_DEBUG, "Add radio work '%s'@%p", type, work);
5168 os_get_reltime(&work->time);
5169 work->freq = freq;
5170 work->type = type;
5171 work->wpa_s = wpa_s;
5172 work->cb = cb;
5173 work->ctx = ctx;
5174
5175 if (freq)
5176 work->bands = wpas_freq_to_band(freq);
5177 else if (os_strcmp(type, "scan") == 0 ||
5178 os_strcmp(type, "p2p-scan") == 0)
5179 work->bands = wpas_get_bands(wpa_s,
5180 ((struct wpa_driver_scan_params *)
5181 ctx)->freqs);
5182 else
5183 work->bands = wpas_get_bands(wpa_s, NULL);
5184
5185 was_empty = dl_list_empty(&wpa_s->radio->work);
5186 if (next)
5187 dl_list_add(&wpa_s->radio->work, &work->list);
5188 else
5189 dl_list_add_tail(&wpa_s->radio->work, &work->list);
5190 if (was_empty) {
5191 wpa_dbg(wpa_s, MSG_DEBUG, "First radio work item in the queue - schedule start immediately");
5192 radio_work_check_next(wpa_s);
5193 } else if ((wpa_s->drv_flags & WPA_DRIVER_FLAGS_OFFCHANNEL_SIMULTANEOUS)
5194 && radio->num_active_works < MAX_ACTIVE_WORKS) {
5195 wpa_dbg(wpa_s, MSG_DEBUG,
5196 "Try to schedule a radio work (num_active_works=%u)",
5197 radio->num_active_works);
5198 radio_work_check_next(wpa_s);
5199 }
5200
5201 return 0;
5202 }
5203
5204
5205 /**
5206 * radio_work_done - Indicate that a radio work item has been completed
5207 * @work: Completed work
5208 *
5209 * This function is called once the callback function registered with
5210 * radio_add_work() has completed its work.
5211 */
5212 void radio_work_done(struct wpa_radio_work *work)
5213 {
5214 struct wpa_supplicant *wpa_s = work->wpa_s;
5215 struct os_reltime now, diff;
5216 unsigned int started = work->started;
5217
5218 os_get_reltime(&now);
5219 os_reltime_sub(&now, &work->time, &diff);
5220 wpa_dbg(wpa_s, MSG_DEBUG, "Radio work '%s'@%p %s in %ld.%06ld seconds",
5221 work->type, work, started ? "done" : "canceled",
5222 diff.sec, diff.usec);
5223 radio_work_free(work);
5224 if (started)
5225 radio_work_check_next(wpa_s);
5226 }
5227
5228
5229 struct wpa_radio_work *
5230 radio_work_pending(struct wpa_supplicant *wpa_s, const char *type)
5231 {
5232 struct wpa_radio_work *work;
5233 struct wpa_radio *radio = wpa_s->radio;
5234
5235 dl_list_for_each(work, &radio->work, struct wpa_radio_work, list) {
5236 if (work->wpa_s == wpa_s && os_strcmp(work->type, type) == 0)
5237 return work;
5238 }
5239
5240 return NULL;
5241 }
5242
5243
5244 static int wpas_init_driver(struct wpa_supplicant *wpa_s,
5245 const struct wpa_interface *iface)
5246 {
5247 const char *ifname, *driver, *rn;
5248
5249 driver = iface->driver;
5250 next_driver:
5251 if (wpa_supplicant_set_driver(wpa_s, driver) < 0)
5252 return -1;
5253
5254 wpa_s->drv_priv = wpa_drv_init(wpa_s, wpa_s->ifname);
5255 if (wpa_s->drv_priv == NULL) {
5256 const char *pos;
5257 pos = driver ? os_strchr(driver, ',') : NULL;
5258 if (pos) {
5259 wpa_dbg(wpa_s, MSG_DEBUG, "Failed to initialize "
5260 "driver interface - try next driver wrapper");
5261 driver = pos + 1;
5262 goto next_driver;
5263 }
5264 wpa_msg(wpa_s, MSG_ERROR, "Failed to initialize driver "
5265 "interface");
5266 return -1;
5267 }
5268 if (wpa_drv_set_param(wpa_s, wpa_s->conf->driver_param) < 0) {
5269 wpa_msg(wpa_s, MSG_ERROR, "Driver interface rejected "
5270 "driver_param '%s'", wpa_s->conf->driver_param);
5271 return -1;
5272 }
5273
5274 ifname = wpa_drv_get_ifname(wpa_s);
5275 if (ifname && os_strcmp(ifname, wpa_s->ifname) != 0) {
5276 wpa_dbg(wpa_s, MSG_DEBUG, "Driver interface replaced "
5277 "interface name with '%s'", ifname);
5278 os_strlcpy(wpa_s->ifname, ifname, sizeof(wpa_s->ifname));
5279 }
5280
5281 rn = wpa_driver_get_radio_name(wpa_s);
5282 if (rn && rn[0] == '\0')
5283 rn = NULL;
5284
5285 wpa_s->radio = radio_add_interface(wpa_s, rn);
5286 if (wpa_s->radio == NULL)
5287 return -1;
5288
5289 return 0;
5290 }
5291
5292
5293 #ifdef CONFIG_GAS_SERVER
5294
5295 static void wpas_gas_server_tx_status(struct wpa_supplicant *wpa_s,
5296 unsigned int freq, const u8 *dst,
5297 const u8 *src, const u8 *bssid,
5298 const u8 *data, size_t data_len,
5299 enum offchannel_send_action_result result)
5300 {
5301 wpa_printf(MSG_DEBUG, "GAS: TX status: freq=%u dst=" MACSTR
5302 " result=%s",
5303 freq, MAC2STR(dst),
5304 result == OFFCHANNEL_SEND_ACTION_SUCCESS ? "SUCCESS" :
5305 (result == OFFCHANNEL_SEND_ACTION_NO_ACK ? "no-ACK" :
5306 "FAILED"));
5307 gas_server_tx_status(wpa_s->gas_server, dst, data, data_len,
5308 result == OFFCHANNEL_SEND_ACTION_SUCCESS);
5309 }
5310
5311
5312 static void wpas_gas_server_tx(void *ctx, int freq, const u8 *da,
5313 struct wpabuf *buf, unsigned int wait_time)
5314 {
5315 struct wpa_supplicant *wpa_s = ctx;
5316 const u8 broadcast[ETH_ALEN] = { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff };
5317
5318 if (wait_time > wpa_s->max_remain_on_chan)
5319 wait_time = wpa_s->max_remain_on_chan;
5320
5321 offchannel_send_action(wpa_s, freq, da, wpa_s->own_addr, broadcast,
5322 wpabuf_head(buf), wpabuf_len(buf),
5323 wait_time, wpas_gas_server_tx_status, 0);
5324 }
5325
5326 #endif /* CONFIG_GAS_SERVER */
5327
5328 static int wpa_supplicant_init_iface(struct wpa_supplicant *wpa_s,
5329 const struct wpa_interface *iface)
5330 {
5331 struct wpa_driver_capa capa;
5332 int capa_res;
5333 u8 dfs_domain;
5334
5335 wpa_printf(MSG_DEBUG, "Initializing interface '%s' conf '%s' driver "
5336 "'%s' ctrl_interface '%s' bridge '%s'", iface->ifname,
5337 iface->confname ? iface->confname : "N/A",
5338 iface->driver ? iface->driver : "default",
5339 iface->ctrl_interface ? iface->ctrl_interface : "N/A",
5340 iface->bridge_ifname ? iface->bridge_ifname : "N/A");
5341
5342 if (iface->confname) {
5343 #ifdef CONFIG_BACKEND_FILE
5344 wpa_s->confname = os_rel2abs_path(iface->confname);
5345 if (wpa_s->confname == NULL) {
5346 wpa_printf(MSG_ERROR, "Failed to get absolute path "
5347 "for configuration file '%s'.",
5348 iface->confname);
5349 return -1;
5350 }
5351 wpa_printf(MSG_DEBUG, "Configuration file '%s' -> '%s'",
5352 iface->confname, wpa_s->confname);
5353 #else /* CONFIG_BACKEND_FILE */
5354 wpa_s->confname = os_strdup(iface->confname);
5355 #endif /* CONFIG_BACKEND_FILE */
5356 wpa_s->conf = wpa_config_read(wpa_s->confname, NULL);
5357 if (wpa_s->conf == NULL) {
5358 wpa_printf(MSG_ERROR, "Failed to read or parse "
5359 "configuration '%s'.", wpa_s->confname);
5360 return -1;
5361 }
5362 wpa_s->confanother = os_rel2abs_path(iface->confanother);
5363 if (wpa_s->confanother &&
5364 !wpa_config_read(wpa_s->confanother, wpa_s->conf)) {
5365 wpa_printf(MSG_ERROR,
5366 "Failed to read or parse configuration '%s'.",
5367 wpa_s->confanother);
5368 return -1;
5369 }
5370
5371 /*
5372 * Override ctrl_interface and driver_param if set on command
5373 * line.
5374 */
5375 if (iface->ctrl_interface) {
5376 os_free(wpa_s->conf->ctrl_interface);
5377 wpa_s->conf->ctrl_interface =
5378 os_strdup(iface->ctrl_interface);
5379 }
5380
5381 if (iface->driver_param) {
5382 os_free(wpa_s->conf->driver_param);
5383 wpa_s->conf->driver_param =
5384 os_strdup(iface->driver_param);
5385 }
5386
5387 if (iface->p2p_mgmt && !iface->ctrl_interface) {
5388 os_free(wpa_s->conf->ctrl_interface);
5389 wpa_s->conf->ctrl_interface = NULL;
5390 }
5391 } else
5392 wpa_s->conf = wpa_config_alloc_empty(iface->ctrl_interface,
5393 iface->driver_param);
5394
5395 if (wpa_s->conf == NULL) {
5396 wpa_printf(MSG_ERROR, "\nNo configuration found.");
5397 return -1;
5398 }
5399
5400 if (iface->ifname == NULL) {
5401 wpa_printf(MSG_ERROR, "\nInterface name is required.");
5402 return -1;
5403 }
5404 if (os_strlen(iface->ifname) >= sizeof(wpa_s->ifname)) {
5405 wpa_printf(MSG_ERROR, "\nToo long interface name '%s'.",
5406 iface->ifname);
5407 return -1;
5408 }
5409 os_strlcpy(wpa_s->ifname, iface->ifname, sizeof(wpa_s->ifname));
5410
5411 if (iface->bridge_ifname) {
5412 if (os_strlen(iface->bridge_ifname) >=
5413 sizeof(wpa_s->bridge_ifname)) {
5414 wpa_printf(MSG_ERROR, "\nToo long bridge interface "
5415 "name '%s'.", iface->bridge_ifname);
5416 return -1;
5417 }
5418 os_strlcpy(wpa_s->bridge_ifname, iface->bridge_ifname,
5419 sizeof(wpa_s->bridge_ifname));
5420 }
5421
5422 /* RSNA Supplicant Key Management - INITIALIZE */
5423 eapol_sm_notify_portEnabled(wpa_s->eapol, FALSE);
5424 eapol_sm_notify_portValid(wpa_s->eapol, FALSE);
5425
5426 /* Initialize driver interface and register driver event handler before
5427 * L2 receive handler so that association events are processed before
5428 * EAPOL-Key packets if both become available for the same select()
5429 * call. */
5430 if (wpas_init_driver(wpa_s, iface) < 0)
5431 return -1;
5432
5433 if (wpa_supplicant_init_wpa(wpa_s) < 0)
5434 return -1;
5435
5436 wpa_sm_set_ifname(wpa_s->wpa, wpa_s->ifname,
5437 wpa_s->bridge_ifname[0] ? wpa_s->bridge_ifname :
5438 NULL);
5439 wpa_sm_set_fast_reauth(wpa_s->wpa, wpa_s->conf->fast_reauth);
5440
5441 if (wpa_s->conf->dot11RSNAConfigPMKLifetime &&
5442 wpa_sm_set_param(wpa_s->wpa, RSNA_PMK_LIFETIME,
5443 wpa_s->conf->dot11RSNAConfigPMKLifetime)) {
5444 wpa_msg(wpa_s, MSG_ERROR, "Invalid WPA parameter value for "
5445 "dot11RSNAConfigPMKLifetime");
5446 return -1;
5447 }
5448
5449 if (wpa_s->conf->dot11RSNAConfigPMKReauthThreshold &&
5450 wpa_sm_set_param(wpa_s->wpa, RSNA_PMK_REAUTH_THRESHOLD,
5451 wpa_s->conf->dot11RSNAConfigPMKReauthThreshold)) {
5452 wpa_msg(wpa_s, MSG_ERROR, "Invalid WPA parameter value for "
5453 "dot11RSNAConfigPMKReauthThreshold");
5454 return -1;
5455 }
5456
5457 if (wpa_s->conf->dot11RSNAConfigSATimeout &&
5458 wpa_sm_set_param(wpa_s->wpa, RSNA_SA_TIMEOUT,
5459 wpa_s->conf->dot11RSNAConfigSATimeout)) {
5460 wpa_msg(wpa_s, MSG_ERROR, "Invalid WPA parameter value for "
5461 "dot11RSNAConfigSATimeout");
5462 return -1;
5463 }
5464
5465 wpa_s->hw.modes = wpa_drv_get_hw_feature_data(wpa_s,
5466 &wpa_s->hw.num_modes,
5467 &wpa_s->hw.flags,
5468 &dfs_domain);
5469 if (wpa_s->hw.modes) {
5470 u16 i;
5471
5472 for (i = 0; i < wpa_s->hw.num_modes; i++) {
5473 if (wpa_s->hw.modes[i].vht_capab) {
5474 wpa_s->hw_capab = CAPAB_VHT;
5475 break;
5476 }
5477
5478 if (wpa_s->hw.modes[i].ht_capab &
5479 HT_CAP_INFO_SUPP_CHANNEL_WIDTH_SET)
5480 wpa_s->hw_capab = CAPAB_HT40;
5481 else if (wpa_s->hw.modes[i].ht_capab &&
5482 wpa_s->hw_capab == CAPAB_NO_HT_VHT)
5483 wpa_s->hw_capab = CAPAB_HT;
5484 }
5485 }
5486
5487 capa_res = wpa_drv_get_capa(wpa_s, &capa);
5488 if (capa_res == 0) {
5489 wpa_s->drv_capa_known = 1;
5490 wpa_s->drv_flags = capa.flags;
5491 wpa_s->drv_enc = capa.enc;
5492 wpa_s->drv_smps_modes = capa.smps_modes;
5493 wpa_s->drv_rrm_flags = capa.rrm_flags;
5494 wpa_s->probe_resp_offloads = capa.probe_resp_offloads;
5495 wpa_s->max_scan_ssids = capa.max_scan_ssids;
5496 wpa_s->max_sched_scan_ssids = capa.max_sched_scan_ssids;
5497 wpa_s->max_sched_scan_plans = capa.max_sched_scan_plans;
5498 wpa_s->max_sched_scan_plan_interval =
5499 capa.max_sched_scan_plan_interval;
5500 wpa_s->max_sched_scan_plan_iterations =
5501 capa.max_sched_scan_plan_iterations;
5502 wpa_s->sched_scan_supported = capa.sched_scan_supported;
5503 wpa_s->max_match_sets = capa.max_match_sets;
5504 wpa_s->max_remain_on_chan = capa.max_remain_on_chan;
5505 wpa_s->max_stations = capa.max_stations;
5506 wpa_s->extended_capa = capa.extended_capa;
5507 wpa_s->extended_capa_mask = capa.extended_capa_mask;
5508 wpa_s->extended_capa_len = capa.extended_capa_len;
5509 wpa_s->num_multichan_concurrent =
5510 capa.num_multichan_concurrent;
5511 wpa_s->wmm_ac_supported = capa.wmm_ac_supported;
5512
5513 if (capa.mac_addr_rand_scan_supported)
5514 wpa_s->mac_addr_rand_supported |= MAC_ADDR_RAND_SCAN;
5515 if (wpa_s->sched_scan_supported &&
5516 capa.mac_addr_rand_sched_scan_supported)
5517 wpa_s->mac_addr_rand_supported |=
5518 (MAC_ADDR_RAND_SCHED_SCAN | MAC_ADDR_RAND_PNO);
5519 }
5520 if (wpa_s->max_remain_on_chan == 0)
5521 wpa_s->max_remain_on_chan = 1000;
5522
5523 /*
5524 * Only take p2p_mgmt parameters when P2P Device is supported.
5525 * Doing it here as it determines whether l2_packet_init() will be done
5526 * during wpa_supplicant_driver_init().
5527 */
5528 if (wpa_s->drv_flags & WPA_DRIVER_FLAGS_DEDICATED_P2P_DEVICE)
5529 wpa_s->p2p_mgmt = iface->p2p_mgmt;
5530
5531 if (wpa_s->num_multichan_concurrent == 0)
5532 wpa_s->num_multichan_concurrent = 1;
5533
5534 if (wpa_supplicant_driver_init(wpa_s) < 0)
5535 return -1;
5536
5537 #ifdef CONFIG_TDLS
5538 if (!iface->p2p_mgmt && wpa_tdls_init(wpa_s->wpa))
5539 return -1;
5540 #endif /* CONFIG_TDLS */
5541
5542 if (wpa_s->conf->country[0] && wpa_s->conf->country[1] &&
5543 wpa_drv_set_country(wpa_s, wpa_s->conf->country)) {
5544 wpa_dbg(wpa_s, MSG_DEBUG, "Failed to set country");
5545 return -1;
5546 }
5547
5548 #ifdef CONFIG_FST
5549 if (wpa_s->conf->fst_group_id) {
5550 struct fst_iface_cfg cfg;
5551 struct fst_wpa_obj iface_obj;
5552
5553 fst_wpa_supplicant_fill_iface_obj(wpa_s, &iface_obj);
5554 os_strlcpy(cfg.group_id, wpa_s->conf->fst_group_id,
5555 sizeof(cfg.group_id));
5556 cfg.priority = wpa_s->conf->fst_priority;
5557 cfg.llt = wpa_s->conf->fst_llt;
5558
5559 wpa_s->fst = fst_attach(wpa_s->ifname, wpa_s->own_addr,
5560 &iface_obj, &cfg);
5561 if (!wpa_s->fst) {
5562 wpa_msg(wpa_s, MSG_ERROR,
5563 "FST: Cannot attach iface %s to group %s",
5564 wpa_s->ifname, cfg.group_id);
5565 return -1;
5566 }
5567 }
5568 #endif /* CONFIG_FST */
5569
5570 if (wpas_wps_init(wpa_s))
5571 return -1;
5572
5573 #ifdef CONFIG_GAS_SERVER
5574 wpa_s->gas_server = gas_server_init(wpa_s, wpas_gas_server_tx);
5575 if (!wpa_s->gas_server) {
5576 wpa_printf(MSG_ERROR, "Failed to initialize GAS server");
5577 return -1;
5578 }
5579 #endif /* CONFIG_GAS_SERVER */
5580
5581 #ifdef CONFIG_DPP
5582 if (wpas_dpp_init(wpa_s) < 0)
5583 return -1;
5584 #endif /* CONFIG_DPP */
5585
5586 if (wpa_supplicant_init_eapol(wpa_s) < 0)
5587 return -1;
5588 wpa_sm_set_eapol(wpa_s->wpa, wpa_s->eapol);
5589
5590 wpa_s->ctrl_iface = wpa_supplicant_ctrl_iface_init(wpa_s);
5591 if (wpa_s->ctrl_iface == NULL) {
5592 wpa_printf(MSG_ERROR,
5593 "Failed to initialize control interface '%s'.\n"
5594 "You may have another wpa_supplicant process "
5595 "already running or the file was\n"
5596 "left by an unclean termination of wpa_supplicant "
5597 "in which case you will need\n"
5598 "to manually remove this file before starting "
5599 "wpa_supplicant again.\n",
5600 wpa_s->conf->ctrl_interface);
5601 return -1;
5602 }
5603
5604 wpa_s->gas = gas_query_init(wpa_s);
5605 if (wpa_s->gas == NULL) {
5606 wpa_printf(MSG_ERROR, "Failed to initialize GAS query");
5607 return -1;
5608 }
5609
5610 if ((!(wpa_s->drv_flags & WPA_DRIVER_FLAGS_DEDICATED_P2P_DEVICE) ||
5611 wpa_s->p2p_mgmt) &&
5612 wpas_p2p_init(wpa_s->global, wpa_s) < 0) {
5613 wpa_msg(wpa_s, MSG_ERROR, "Failed to init P2P");
5614 return -1;
5615 }
5616
5617 if (wpa_bss_init(wpa_s) < 0)
5618 return -1;
5619
5620 #ifdef CONFIG_PMKSA_CACHE_EXTERNAL
5621 #ifdef CONFIG_MESH
5622 dl_list_init(&wpa_s->mesh_external_pmksa_cache);
5623 #endif /* CONFIG_MESH */
5624 #endif /* CONFIG_PMKSA_CACHE_EXTERNAL */
5625
5626 /*
5627 * Set Wake-on-WLAN triggers, if configured.
5628 * Note: We don't restore/remove the triggers on shutdown (it doesn't
5629 * have effect anyway when the interface is down).
5630 */
5631 if (capa_res == 0 && wpas_set_wowlan_triggers(wpa_s, &capa) < 0)
5632 return -1;
5633
5634 #ifdef CONFIG_EAP_PROXY
5635 {
5636 size_t len;
5637 wpa_s->mnc_len = eapol_sm_get_eap_proxy_imsi(wpa_s->eapol, -1,
5638 wpa_s->imsi, &len);
5639 if (wpa_s->mnc_len > 0) {
5640 wpa_s->imsi[len] = '\0';
5641 wpa_printf(MSG_DEBUG, "eap_proxy: IMSI %s (MNC length %d)",
5642 wpa_s->imsi, wpa_s->mnc_len);
5643 } else {
5644 wpa_printf(MSG_DEBUG, "eap_proxy: IMSI not available");
5645 }
5646 }
5647 #endif /* CONFIG_EAP_PROXY */
5648
5649 if (pcsc_reader_init(wpa_s) < 0)
5650 return -1;
5651
5652 if (wpas_init_ext_pw(wpa_s) < 0)
5653 return -1;
5654
5655 wpas_rrm_reset(wpa_s);
5656
5657 wpas_sched_scan_plans_set(wpa_s, wpa_s->conf->sched_scan_plans);
5658
5659 #ifdef CONFIG_HS20
5660 hs20_init(wpa_s);
5661 #endif /* CONFIG_HS20 */
5662 #ifdef CONFIG_MBO
5663 if (wpa_s->conf->oce) {
5664 if ((wpa_s->conf->oce & OCE_STA) &&
5665 (wpa_s->drv_flags & WPA_DRIVER_FLAGS_OCE_STA))
5666 wpa_s->enable_oce = OCE_STA;
5667 if ((wpa_s->conf->oce & OCE_STA_CFON) &&
5668 (wpa_s->drv_flags & WPA_DRIVER_FLAGS_OCE_STA_CFON)) {
5669 /* TODO: Need to add STA-CFON support */
5670 wpa_printf(MSG_ERROR,
5671 "OCE STA-CFON feature is not yet supported");
5672 }
5673 }
5674 wpas_mbo_update_non_pref_chan(wpa_s, wpa_s->conf->non_pref_chan);
5675 #endif /* CONFIG_MBO */
5676
5677 wpa_supplicant_set_default_scan_ies(wpa_s);
5678
5679 return 0;
5680 }
5681
5682
5683 static void wpa_supplicant_deinit_iface(struct wpa_supplicant *wpa_s,
5684 int notify, int terminate)
5685 {
5686 struct wpa_global *global = wpa_s->global;
5687 struct wpa_supplicant *iface, *prev;
5688
5689 if (wpa_s == wpa_s->parent)
5690 wpas_p2p_group_remove(wpa_s, "*");
5691
5692 iface = global->ifaces;
5693 while (iface) {
5694 if (iface->p2pdev == wpa_s)
5695 iface->p2pdev = iface->parent;
5696 if (iface == wpa_s || iface->parent != wpa_s) {
5697 iface = iface->next;
5698 continue;
5699 }
5700 wpa_printf(MSG_DEBUG,
5701 "Remove remaining child interface %s from parent %s",
5702 iface->ifname, wpa_s->ifname);
5703 prev = iface;
5704 iface = iface->next;
5705 wpa_supplicant_remove_iface(global, prev, terminate);
5706 }
5707
5708 wpa_s->disconnected = 1;
5709 if (wpa_s->drv_priv) {
5710 wpa_supplicant_deauthenticate(wpa_s,
5711 WLAN_REASON_DEAUTH_LEAVING);
5712
5713 wpa_drv_set_countermeasures(wpa_s, 0);
5714 wpa_clear_keys(wpa_s, NULL);
5715 }
5716
5717 wpa_supplicant_cleanup(wpa_s);
5718 wpas_p2p_deinit_iface(wpa_s);
5719
5720 wpas_ctrl_radio_work_flush(wpa_s);
5721 radio_remove_interface(wpa_s);
5722
5723 #ifdef CONFIG_FST
5724 if (wpa_s->fst) {
5725 fst_detach(wpa_s->fst);
5726 wpa_s->fst = NULL;
5727 }
5728 if (wpa_s->received_mb_ies) {
5729 wpabuf_free(wpa_s->received_mb_ies);
5730 wpa_s->received_mb_ies = NULL;
5731 }
5732 #endif /* CONFIG_FST */
5733
5734 if (wpa_s->drv_priv)
5735 wpa_drv_deinit(wpa_s);
5736
5737 if (notify)
5738 wpas_notify_iface_removed(wpa_s);
5739
5740 if (terminate)
5741 wpa_msg(wpa_s, MSG_INFO, WPA_EVENT_TERMINATING);
5742
5743 if (wpa_s->ctrl_iface) {
5744 wpa_supplicant_ctrl_iface_deinit(wpa_s->ctrl_iface);
5745 wpa_s->ctrl_iface = NULL;
5746 }
5747
5748 #ifdef CONFIG_MESH
5749 if (wpa_s->ifmsh) {
5750 wpa_supplicant_mesh_iface_deinit(wpa_s, wpa_s->ifmsh);
5751 wpa_s->ifmsh = NULL;
5752 }
5753 #endif /* CONFIG_MESH */
5754
5755 if (wpa_s->conf != NULL) {
5756 wpa_config_free(wpa_s->conf);
5757 wpa_s->conf = NULL;
5758 }
5759
5760 os_free(wpa_s->ssids_from_scan_req);
5761
5762 os_free(wpa_s);
5763 }
5764
5765
5766 #ifdef CONFIG_MATCH_IFACE
5767
5768 /**
5769 * wpa_supplicant_match_iface - Match an interface description to a name
5770 * @global: Pointer to global data from wpa_supplicant_init()
5771 * @ifname: Name of the interface to match
5772 * Returns: Pointer to the created interface description or %NULL on failure
5773 */
5774 struct wpa_interface * wpa_supplicant_match_iface(struct wpa_global *global,
5775 const char *ifname)
5776 {
5777 int i;
5778 struct wpa_interface *iface, *miface;
5779
5780 for (i = 0; i < global->params.match_iface_count; i++) {
5781 miface = &global->params.match_ifaces[i];
5782 if (!miface->ifname ||
5783 fnmatch(miface->ifname, ifname, 0) == 0) {
5784 iface = os_zalloc(sizeof(*iface));
5785 if (!iface)
5786 return NULL;
5787 *iface = *miface;
5788 iface->ifname = ifname;
5789 return iface;
5790 }
5791 }
5792
5793 return NULL;
5794 }
5795
5796
5797 /**
5798 * wpa_supplicant_match_existing - Match existing interfaces
5799 * @global: Pointer to global data from wpa_supplicant_init()
5800 * Returns: 0 on success, -1 on failure
5801 */
5802 static int wpa_supplicant_match_existing(struct wpa_global *global)
5803 {
5804 struct if_nameindex *ifi, *ifp;
5805 struct wpa_supplicant *wpa_s;
5806 struct wpa_interface *iface;
5807
5808 ifp = if_nameindex();
5809 if (!ifp) {
5810 wpa_printf(MSG_ERROR, "if_nameindex: %s", strerror(errno));
5811 return -1;
5812 }
5813
5814 for (ifi = ifp; ifi->if_name; ifi++) {
5815 wpa_s = wpa_supplicant_get_iface(global, ifi->if_name);
5816 if (wpa_s)
5817 continue;
5818 iface = wpa_supplicant_match_iface(global, ifi->if_name);
5819 if (iface) {
5820 wpa_s = wpa_supplicant_add_iface(global, iface, NULL);
5821 os_free(iface);
5822 if (wpa_s)
5823 wpa_s->matched = 1;
5824 }
5825 }
5826
5827 if_freenameindex(ifp);
5828 return 0;
5829 }
5830
5831 #endif /* CONFIG_MATCH_IFACE */
5832
5833
5834 /**
5835 * wpa_supplicant_add_iface - Add a new network interface
5836 * @global: Pointer to global data from wpa_supplicant_init()
5837 * @iface: Interface configuration options
5838 * @parent: Parent interface or %NULL to assign new interface as parent
5839 * Returns: Pointer to the created interface or %NULL on failure
5840 *
5841 * This function is used to add new network interfaces for %wpa_supplicant.
5842 * This can be called before wpa_supplicant_run() to add interfaces before the
5843 * main event loop has been started. In addition, new interfaces can be added
5844 * dynamically while %wpa_supplicant is already running. This could happen,
5845 * e.g., when a hotplug network adapter is inserted.
5846 */
5847 struct wpa_supplicant * wpa_supplicant_add_iface(struct wpa_global *global,
5848 struct wpa_interface *iface,
5849 struct wpa_supplicant *parent)
5850 {
5851 struct wpa_supplicant *wpa_s;
5852 struct wpa_interface t_iface;
5853 struct wpa_ssid *ssid;
5854
5855 if (global == NULL || iface == NULL)
5856 return NULL;
5857
5858 wpa_s = wpa_supplicant_alloc(parent);
5859 if (wpa_s == NULL)
5860 return NULL;
5861
5862 wpa_s->global = global;
5863
5864 t_iface = *iface;
5865 if (global->params.override_driver) {
5866 wpa_printf(MSG_DEBUG, "Override interface parameter: driver "
5867 "('%s' -> '%s')",
5868 iface->driver, global->params.override_driver);
5869 t_iface.driver = global->params.override_driver;
5870 }
5871 if (global->params.override_ctrl_interface) {
5872 wpa_printf(MSG_DEBUG, "Override interface parameter: "
5873 "ctrl_interface ('%s' -> '%s')",
5874 iface->ctrl_interface,
5875 global->params.override_ctrl_interface);
5876 t_iface.ctrl_interface =
5877 global->params.override_ctrl_interface;
5878 }
5879 if (wpa_supplicant_init_iface(wpa_s, &t_iface)) {
5880 wpa_printf(MSG_DEBUG, "Failed to add interface %s",
5881 iface->ifname);
5882 wpa_supplicant_deinit_iface(wpa_s, 0, 0);
5883 return NULL;
5884 }
5885
5886 if (iface->p2p_mgmt == 0) {
5887 /* Notify the control interfaces about new iface */
5888 if (wpas_notify_iface_added(wpa_s)) {
5889 wpa_supplicant_deinit_iface(wpa_s, 1, 0);
5890 return NULL;
5891 }
5892
5893 for (ssid = wpa_s->conf->ssid; ssid; ssid = ssid->next)
5894 wpas_notify_network_added(wpa_s, ssid);
5895 }
5896
5897 wpa_s->next = global->ifaces;
5898 global->ifaces = wpa_s;
5899
5900 wpa_dbg(wpa_s, MSG_DEBUG, "Added interface %s", wpa_s->ifname);
5901 wpa_supplicant_set_state(wpa_s, WPA_DISCONNECTED);
5902
5903 #ifdef CONFIG_P2P
5904 if (wpa_s->global->p2p == NULL &&
5905 !wpa_s->global->p2p_disabled && !wpa_s->conf->p2p_disabled &&
5906 (wpa_s->drv_flags & WPA_DRIVER_FLAGS_DEDICATED_P2P_DEVICE) &&
5907 wpas_p2p_add_p2pdev_interface(
5908 wpa_s, wpa_s->global->params.conf_p2p_dev) < 0) {
5909 wpa_printf(MSG_INFO,
5910 "P2P: Failed to enable P2P Device interface");
5911 /* Try to continue without. P2P will be disabled. */
5912 }
5913 #endif /* CONFIG_P2P */
5914
5915 return wpa_s;
5916 }
5917
5918
5919 /**
5920 * wpa_supplicant_remove_iface - Remove a network interface
5921 * @global: Pointer to global data from wpa_supplicant_init()
5922 * @wpa_s: Pointer to the network interface to be removed
5923 * Returns: 0 if interface was removed, -1 if interface was not found
5924 *
5925 * This function can be used to dynamically remove network interfaces from
5926 * %wpa_supplicant, e.g., when a hotplug network adapter is ejected. In
5927 * addition, this function is used to remove all remaining interfaces when
5928 * %wpa_supplicant is terminated.
5929 */
5930 int wpa_supplicant_remove_iface(struct wpa_global *global,
5931 struct wpa_supplicant *wpa_s,
5932 int terminate)
5933 {
5934 struct wpa_supplicant *prev;
5935 #ifdef CONFIG_MESH
5936 unsigned int mesh_if_created = wpa_s->mesh_if_created;
5937 char *ifname = NULL;
5938 struct wpa_supplicant *parent = wpa_s->parent;
5939 #endif /* CONFIG_MESH */
5940
5941 /* Remove interface from the global list of interfaces */
5942 prev = global->ifaces;
5943 if (prev == wpa_s) {
5944 global->ifaces = wpa_s->next;
5945 } else {
5946 while (prev && prev->next != wpa_s)
5947 prev = prev->next;
5948 if (prev == NULL)
5949 return -1;
5950 prev->next = wpa_s->next;
5951 }
5952
5953 wpa_dbg(wpa_s, MSG_DEBUG, "Removing interface %s", wpa_s->ifname);
5954
5955 #ifdef CONFIG_MESH
5956 if (mesh_if_created) {
5957 ifname = os_strdup(wpa_s->ifname);
5958 if (ifname == NULL) {
5959 wpa_dbg(wpa_s, MSG_ERROR,
5960 "mesh: Failed to malloc ifname");
5961 return -1;
5962 }
5963 }
5964 #endif /* CONFIG_MESH */
5965
5966 if (global->p2p_group_formation == wpa_s)
5967 global->p2p_group_formation = NULL;
5968 if (global->p2p_invite_group == wpa_s)
5969 global->p2p_invite_group = NULL;
5970 wpa_supplicant_deinit_iface(wpa_s, 1, terminate);
5971
5972 #ifdef CONFIG_MESH
5973 if (mesh_if_created) {
5974 wpa_drv_if_remove(parent, WPA_IF_MESH, ifname);
5975 os_free(ifname);
5976 }
5977 #endif /* CONFIG_MESH */
5978
5979 return 0;
5980 }
5981
5982
5983 /**
5984 * wpa_supplicant_get_eap_mode - Get the current EAP mode
5985 * @wpa_s: Pointer to the network interface
5986 * Returns: Pointer to the eap mode or the string "UNKNOWN" if not found
5987 */
5988 const char * wpa_supplicant_get_eap_mode(struct wpa_supplicant *wpa_s)
5989 {
5990 const char *eapol_method;
5991
5992 if (wpa_key_mgmt_wpa_ieee8021x(wpa_s->key_mgmt) == 0 &&
5993 wpa_s->key_mgmt != WPA_KEY_MGMT_IEEE8021X_NO_WPA) {
5994 return "NO-EAP";
5995 }
5996
5997 eapol_method = eapol_sm_get_method_name(wpa_s->eapol);
5998 if (eapol_method == NULL)
5999 return "UNKNOWN-EAP";
6000
6001 return eapol_method;
6002 }
6003
6004
6005 /**
6006 * wpa_supplicant_get_iface - Get a new network interface
6007 * @global: Pointer to global data from wpa_supplicant_init()
6008 * @ifname: Interface name
6009 * Returns: Pointer to the interface or %NULL if not found
6010 */
6011 struct wpa_supplicant * wpa_supplicant_get_iface(struct wpa_global *global,
6012 const char *ifname)
6013 {
6014 struct wpa_supplicant *wpa_s;
6015
6016 for (wpa_s = global->ifaces; wpa_s; wpa_s = wpa_s->next) {
6017 if (os_strcmp(wpa_s->ifname, ifname) == 0)
6018 return wpa_s;
6019 }
6020 return NULL;
6021 }
6022
6023
6024 #ifndef CONFIG_NO_WPA_MSG
6025 static const char * wpa_supplicant_msg_ifname_cb(void *ctx)
6026 {
6027 struct wpa_supplicant *wpa_s = ctx;
6028 if (wpa_s == NULL)
6029 return NULL;
6030 return wpa_s->ifname;
6031 }
6032 #endif /* CONFIG_NO_WPA_MSG */
6033
6034
6035 #ifndef WPA_SUPPLICANT_CLEANUP_INTERVAL
6036 #define WPA_SUPPLICANT_CLEANUP_INTERVAL 10
6037 #endif /* WPA_SUPPLICANT_CLEANUP_INTERVAL */
6038
6039 /* Periodic cleanup tasks */
6040 static void wpas_periodic(void *eloop_ctx, void *timeout_ctx)
6041 {
6042 struct wpa_global *global = eloop_ctx;
6043 struct wpa_supplicant *wpa_s;
6044
6045 eloop_register_timeout(WPA_SUPPLICANT_CLEANUP_INTERVAL, 0,
6046 wpas_periodic, global, NULL);
6047
6048 #ifdef CONFIG_P2P
6049 if (global->p2p)
6050 p2p_expire_peers(global->p2p);
6051 #endif /* CONFIG_P2P */
6052
6053 for (wpa_s = global->ifaces; wpa_s; wpa_s = wpa_s->next) {
6054 wpa_bss_flush_by_age(wpa_s, wpa_s->conf->bss_expiration_age);
6055 #ifdef CONFIG_AP
6056 ap_periodic(wpa_s);
6057 #endif /* CONFIG_AP */
6058 }
6059 }
6060
6061
6062 /**
6063 * wpa_supplicant_init - Initialize %wpa_supplicant
6064 * @params: Parameters for %wpa_supplicant
6065 * Returns: Pointer to global %wpa_supplicant data, or %NULL on failure
6066 *
6067 * This function is used to initialize %wpa_supplicant. After successful
6068 * initialization, the returned data pointer can be used to add and remove
6069 * network interfaces, and eventually, to deinitialize %wpa_supplicant.
6070 */
6071 struct wpa_global * wpa_supplicant_init(struct wpa_params *params)
6072 {
6073 struct wpa_global *global;
6074 int ret, i;
6075
6076 if (params == NULL)
6077 return NULL;
6078
6079 #ifdef CONFIG_DRIVER_NDIS
6080 {
6081 void driver_ndis_init_ops(void);
6082 driver_ndis_init_ops();
6083 }
6084 #endif /* CONFIG_DRIVER_NDIS */
6085
6086 #ifndef CONFIG_NO_WPA_MSG
6087 wpa_msg_register_ifname_cb(wpa_supplicant_msg_ifname_cb);
6088 #endif /* CONFIG_NO_WPA_MSG */
6089
6090 if (params->wpa_debug_file_path)
6091 wpa_debug_open_file(params->wpa_debug_file_path);
6092 else
6093 wpa_debug_setup_stdout();
6094 if (params->wpa_debug_syslog)
6095 wpa_debug_open_syslog();
6096 if (params->wpa_debug_tracing) {
6097 ret = wpa_debug_open_linux_tracing();
6098 if (ret) {
6099 wpa_printf(MSG_ERROR,
6100 "Failed to enable trace logging");
6101 return NULL;
6102 }
6103 }
6104
6105 ret = eap_register_methods();
6106 if (ret) {
6107 wpa_printf(MSG_ERROR, "Failed to register EAP methods");
6108 if (ret == -2)
6109 wpa_printf(MSG_ERROR, "Two or more EAP methods used "
6110 "the same EAP type.");
6111 return NULL;
6112 }
6113
6114 global = os_zalloc(sizeof(*global));
6115 if (global == NULL)
6116 return NULL;
6117 dl_list_init(&global->p2p_srv_bonjour);
6118 dl_list_init(&global->p2p_srv_upnp);
6119 global->params.daemonize = params->daemonize;
6120 global->params.wait_for_monitor = params->wait_for_monitor;
6121 global->params.dbus_ctrl_interface = params->dbus_ctrl_interface;
6122 if (params->pid_file)
6123 global->params.pid_file = os_strdup(params->pid_file);
6124 if (params->ctrl_interface)
6125 global->params.ctrl_interface =
6126 os_strdup(params->ctrl_interface);
6127 if (params->ctrl_interface_group)
6128 global->params.ctrl_interface_group =
6129 os_strdup(params->ctrl_interface_group);
6130 if (params->override_driver)
6131 global->params.override_driver =
6132 os_strdup(params->override_driver);
6133 if (params->override_ctrl_interface)
6134 global->params.override_ctrl_interface =
6135 os_strdup(params->override_ctrl_interface);
6136 #ifdef CONFIG_MATCH_IFACE
6137 global->params.match_iface_count = params->match_iface_count;
6138 if (params->match_iface_count) {
6139 global->params.match_ifaces =
6140 os_calloc(params->match_iface_count,
6141 sizeof(struct wpa_interface));
6142 os_memcpy(global->params.match_ifaces,
6143 params->match_ifaces,
6144 params->match_iface_count *
6145 sizeof(struct wpa_interface));
6146 }
6147 #endif /* CONFIG_MATCH_IFACE */
6148 #ifdef CONFIG_P2P
6149 if (params->conf_p2p_dev)
6150 global->params.conf_p2p_dev =
6151 os_strdup(params->conf_p2p_dev);
6152 #endif /* CONFIG_P2P */
6153 wpa_debug_level = global->params.wpa_debug_level =
6154 params->wpa_debug_level;
6155 wpa_debug_show_keys = global->params.wpa_debug_show_keys =
6156 params->wpa_debug_show_keys;
6157 wpa_debug_timestamp = global->params.wpa_debug_timestamp =
6158 params->wpa_debug_timestamp;
6159
6160 wpa_printf(MSG_DEBUG, "wpa_supplicant v" VERSION_STR);
6161
6162 if (eloop_init()) {
6163 wpa_printf(MSG_ERROR, "Failed to initialize event loop");
6164 wpa_supplicant_deinit(global);
6165 return NULL;
6166 }
6167
6168 random_init(params->entropy_file);
6169
6170 global->ctrl_iface = wpa_supplicant_global_ctrl_iface_init(global);
6171 if (global->ctrl_iface == NULL) {
6172 wpa_supplicant_deinit(global);
6173 return NULL;
6174 }
6175
6176 if (wpas_notify_supplicant_initialized(global)) {
6177 wpa_supplicant_deinit(global);
6178 return NULL;
6179 }
6180
6181 for (i = 0; wpa_drivers[i]; i++)
6182 global->drv_count++;
6183 if (global->drv_count == 0) {
6184 wpa_printf(MSG_ERROR, "No drivers enabled");
6185 wpa_supplicant_deinit(global);
6186 return NULL;
6187 }
6188 global->drv_priv = os_calloc(global->drv_count, sizeof(void *));
6189 if (global->drv_priv == NULL) {
6190 wpa_supplicant_deinit(global);
6191 return NULL;
6192 }
6193
6194 #ifdef CONFIG_WIFI_DISPLAY
6195 if (wifi_display_init(global) < 0) {
6196 wpa_printf(MSG_ERROR, "Failed to initialize Wi-Fi Display");
6197 wpa_supplicant_deinit(global);
6198 return NULL;
6199 }
6200 #endif /* CONFIG_WIFI_DISPLAY */
6201
6202 eloop_register_timeout(WPA_SUPPLICANT_CLEANUP_INTERVAL, 0,
6203 wpas_periodic, global, NULL);
6204
6205 return global;
6206 }
6207
6208
6209 /**
6210 * wpa_supplicant_run - Run the %wpa_supplicant main event loop
6211 * @global: Pointer to global data from wpa_supplicant_init()
6212 * Returns: 0 after successful event loop run, -1 on failure
6213 *
6214 * This function starts the main event loop and continues running as long as
6215 * there are any remaining events. In most cases, this function is running as
6216 * long as the %wpa_supplicant process in still in use.
6217 */
6218 int wpa_supplicant_run(struct wpa_global *global)
6219 {
6220 struct wpa_supplicant *wpa_s;
6221
6222 if (global->params.daemonize &&
6223 (wpa_supplicant_daemon(global->params.pid_file) ||
6224 eloop_sock_requeue()))
6225 return -1;
6226
6227 #ifdef CONFIG_MATCH_IFACE
6228 if (wpa_supplicant_match_existing(global))
6229 return -1;
6230 #endif
6231
6232 if (global->params.wait_for_monitor) {
6233 for (wpa_s = global->ifaces; wpa_s; wpa_s = wpa_s->next)
6234 if (wpa_s->ctrl_iface && !wpa_s->p2p_mgmt)
6235 wpa_supplicant_ctrl_iface_wait(
6236 wpa_s->ctrl_iface);
6237 }
6238
6239 eloop_register_signal_terminate(wpa_supplicant_terminate, global);
6240 eloop_register_signal_reconfig(wpa_supplicant_reconfig, global);
6241
6242 eloop_run();
6243
6244 return 0;
6245 }
6246
6247
6248 /**
6249 * wpa_supplicant_deinit - Deinitialize %wpa_supplicant
6250 * @global: Pointer to global data from wpa_supplicant_init()
6251 *
6252 * This function is called to deinitialize %wpa_supplicant and to free all
6253 * allocated resources. Remaining network interfaces will also be removed.
6254 */
6255 void wpa_supplicant_deinit(struct wpa_global *global)
6256 {
6257 int i;
6258
6259 if (global == NULL)
6260 return;
6261
6262 eloop_cancel_timeout(wpas_periodic, global, NULL);
6263
6264 #ifdef CONFIG_WIFI_DISPLAY
6265 wifi_display_deinit(global);
6266 #endif /* CONFIG_WIFI_DISPLAY */
6267
6268 while (global->ifaces)
6269 wpa_supplicant_remove_iface(global, global->ifaces, 1);
6270
6271 if (global->ctrl_iface)
6272 wpa_supplicant_global_ctrl_iface_deinit(global->ctrl_iface);
6273
6274 wpas_notify_supplicant_deinitialized(global);
6275
6276 eap_peer_unregister_methods();
6277 #ifdef CONFIG_AP
6278 eap_server_unregister_methods();
6279 #endif /* CONFIG_AP */
6280
6281 for (i = 0; wpa_drivers[i] && global->drv_priv; i++) {
6282 if (!global->drv_priv[i])
6283 continue;
6284 wpa_drivers[i]->global_deinit(global->drv_priv[i]);
6285 }
6286 os_free(global->drv_priv);
6287
6288 random_deinit();
6289
6290 eloop_destroy();
6291
6292 if (global->params.pid_file) {
6293 os_daemonize_terminate(global->params.pid_file);
6294 os_free(global->params.pid_file);
6295 }
6296 os_free(global->params.ctrl_interface);
6297 os_free(global->params.ctrl_interface_group);
6298 os_free(global->params.override_driver);
6299 os_free(global->params.override_ctrl_interface);
6300 #ifdef CONFIG_MATCH_IFACE
6301 os_free(global->params.match_ifaces);
6302 #endif /* CONFIG_MATCH_IFACE */
6303 #ifdef CONFIG_P2P
6304 os_free(global->params.conf_p2p_dev);
6305 #endif /* CONFIG_P2P */
6306
6307 os_free(global->p2p_disallow_freq.range);
6308 os_free(global->p2p_go_avoid_freq.range);
6309 os_free(global->add_psk);
6310
6311 os_free(global);
6312 wpa_debug_close_syslog();
6313 wpa_debug_close_file();
6314 wpa_debug_close_linux_tracing();
6315 }
6316
6317
6318 void wpa_supplicant_update_config(struct wpa_supplicant *wpa_s)
6319 {
6320 if ((wpa_s->conf->changed_parameters & CFG_CHANGED_COUNTRY) &&
6321 wpa_s->conf->country[0] && wpa_s->conf->country[1]) {
6322 char country[3];
6323 country[0] = wpa_s->conf->country[0];
6324 country[1] = wpa_s->conf->country[1];
6325 country[2] = '\0';
6326 if (wpa_drv_set_country(wpa_s, country) < 0) {
6327 wpa_printf(MSG_ERROR, "Failed to set country code "
6328 "'%s'", country);
6329 }
6330 }
6331
6332 if (wpa_s->conf->changed_parameters & CFG_CHANGED_EXT_PW_BACKEND)
6333 wpas_init_ext_pw(wpa_s);
6334
6335 if (wpa_s->conf->changed_parameters & CFG_CHANGED_SCHED_SCAN_PLANS)
6336 wpas_sched_scan_plans_set(wpa_s, wpa_s->conf->sched_scan_plans);
6337
6338 if (wpa_s->conf->changed_parameters & CFG_CHANGED_WOWLAN_TRIGGERS) {
6339 struct wpa_driver_capa capa;
6340 int res = wpa_drv_get_capa(wpa_s, &capa);
6341
6342 if (res == 0 && wpas_set_wowlan_triggers(wpa_s, &capa) < 0)
6343 wpa_printf(MSG_ERROR,
6344 "Failed to update wowlan_triggers to '%s'",
6345 wpa_s->conf->wowlan_triggers);
6346 }
6347
6348 #ifdef CONFIG_WPS
6349 wpas_wps_update_config(wpa_s);
6350 #endif /* CONFIG_WPS */
6351 wpas_p2p_update_config(wpa_s);
6352 wpa_s->conf->changed_parameters = 0;
6353 }
6354
6355
6356 void add_freq(int *freqs, int *num_freqs, int freq)
6357 {
6358 int i;
6359
6360 for (i = 0; i < *num_freqs; i++) {
6361 if (freqs[i] == freq)
6362 return;
6363 }
6364
6365 freqs[*num_freqs] = freq;
6366 (*num_freqs)++;
6367 }
6368
6369
6370 static int * get_bss_freqs_in_ess(struct wpa_supplicant *wpa_s)
6371 {
6372 struct wpa_bss *bss, *cbss;
6373 const int max_freqs = 10;
6374 int *freqs;
6375 int num_freqs = 0;
6376
6377 freqs = os_calloc(max_freqs + 1, sizeof(int));
6378 if (freqs == NULL)
6379 return NULL;
6380
6381 cbss = wpa_s->current_bss;
6382
6383 dl_list_for_each(bss, &wpa_s->bss, struct wpa_bss, list) {
6384 if (bss == cbss)
6385 continue;
6386 if (bss->ssid_len == cbss->ssid_len &&
6387 os_memcmp(bss->ssid, cbss->ssid, bss->ssid_len) == 0 &&
6388 wpa_blacklist_get(wpa_s, bss->bssid) == NULL) {
6389 add_freq(freqs, &num_freqs, bss->freq);
6390 if (num_freqs == max_freqs)
6391 break;
6392 }
6393 }
6394
6395 if (num_freqs == 0) {
6396 os_free(freqs);
6397 freqs = NULL;
6398 }
6399
6400 return freqs;
6401 }
6402
6403
6404 void wpas_connection_failed(struct wpa_supplicant *wpa_s, const u8 *bssid)
6405 {
6406 int timeout;
6407 int count;
6408 int *freqs = NULL;
6409
6410 wpas_connect_work_done(wpa_s);
6411
6412 /*
6413 * Remove possible authentication timeout since the connection failed.
6414 */
6415 eloop_cancel_timeout(wpa_supplicant_timeout, wpa_s, NULL);
6416
6417 /*
6418 * There is no point in blacklisting the AP if this event is
6419 * generated based on local request to disconnect.
6420 */
6421 if (wpa_s->own_disconnect_req) {
6422 wpa_s->own_disconnect_req = 0;
6423 wpa_dbg(wpa_s, MSG_DEBUG,
6424 "Ignore connection failure due to local request to disconnect");
6425 return;
6426 }
6427 if (wpa_s->disconnected) {
6428 wpa_dbg(wpa_s, MSG_DEBUG, "Ignore connection failure "
6429 "indication since interface has been put into "
6430 "disconnected state");
6431 return;
6432 }
6433
6434 /*
6435 * Add the failed BSSID into the blacklist and speed up next scan
6436 * attempt if there could be other APs that could accept association.
6437 * The current blacklist count indicates how many times we have tried
6438 * connecting to this AP and multiple attempts mean that other APs are
6439 * either not available or has already been tried, so that we can start
6440 * increasing the delay here to avoid constant scanning.
6441 */
6442 count = wpa_blacklist_add(wpa_s, bssid);
6443 if (count == 1 && wpa_s->current_bss) {
6444 /*
6445 * This BSS was not in the blacklist before. If there is
6446 * another BSS available for the same ESS, we should try that
6447 * next. Otherwise, we may as well try this one once more
6448 * before allowing other, likely worse, ESSes to be considered.
6449 */
6450 freqs = get_bss_freqs_in_ess(wpa_s);
6451 if (freqs) {
6452 wpa_dbg(wpa_s, MSG_DEBUG, "Another BSS in this ESS "
6453 "has been seen; try it next");
6454 wpa_blacklist_add(wpa_s, bssid);
6455 /*
6456 * On the next scan, go through only the known channels
6457 * used in this ESS based on previous scans to speed up
6458 * common load balancing use case.
6459 */
6460 os_free(wpa_s->next_scan_freqs);
6461 wpa_s->next_scan_freqs = freqs;
6462 }
6463 }
6464
6465 /*
6466 * Add previous failure count in case the temporary blacklist was
6467 * cleared due to no other BSSes being available.
6468 */
6469 count += wpa_s->extra_blacklist_count;
6470
6471 if (count > 3 && wpa_s->current_ssid) {
6472 wpa_printf(MSG_DEBUG, "Continuous association failures - "
6473 "consider temporary network disabling");
6474 wpas_auth_failed(wpa_s, "CONN_FAILED");
6475 }
6476
6477 switch (count) {
6478 case 1:
6479 timeout = 100;
6480 break;
6481 case 2:
6482 timeout = 500;
6483 break;
6484 case 3:
6485 timeout = 1000;
6486 break;
6487 case 4:
6488 timeout = 5000;
6489 break;
6490 default:
6491 timeout = 10000;
6492 break;
6493 }
6494
6495 wpa_dbg(wpa_s, MSG_DEBUG, "Blacklist count %d --> request scan in %d "
6496 "ms", count, timeout);
6497
6498 /*
6499 * TODO: if more than one possible AP is available in scan results,
6500 * could try the other ones before requesting a new scan.
6501 */
6502 wpa_supplicant_req_scan(wpa_s, timeout / 1000,
6503 1000 * (timeout % 1000));
6504 }
6505
6506
6507 int wpas_driver_bss_selection(struct wpa_supplicant *wpa_s)
6508 {
6509 return wpa_s->conf->ap_scan == 2 ||
6510 (wpa_s->drv_flags & WPA_DRIVER_FLAGS_BSS_SELECTION);
6511 }
6512
6513
6514 #if defined(CONFIG_CTRL_IFACE) || defined(CONFIG_CTRL_IFACE_DBUS_NEW)
6515 int wpa_supplicant_ctrl_iface_ctrl_rsp_handle(struct wpa_supplicant *wpa_s,
6516 struct wpa_ssid *ssid,
6517 const char *field,
6518 const char *value)
6519 {
6520 #ifdef IEEE8021X_EAPOL
6521 struct eap_peer_config *eap = &ssid->eap;
6522
6523 wpa_printf(MSG_DEBUG, "CTRL_IFACE: response handle field=%s", field);
6524 wpa_hexdump_ascii_key(MSG_DEBUG, "CTRL_IFACE: response value",
6525 (const u8 *) value, os_strlen(value));
6526
6527 switch (wpa_supplicant_ctrl_req_from_string(field)) {
6528 case WPA_CTRL_REQ_EAP_IDENTITY:
6529 os_free(eap->identity);
6530 eap->identity = (u8 *) os_strdup(value);
6531 eap->identity_len = os_strlen(value);
6532 eap->pending_req_identity = 0;
6533 if (ssid == wpa_s->current_ssid)
6534 wpa_s->reassociate = 1;
6535 break;
6536 case WPA_CTRL_REQ_EAP_PASSWORD:
6537 bin_clear_free(eap->password, eap->password_len);
6538 eap->password = (u8 *) os_strdup(value);
6539 eap->password_len = os_strlen(value);
6540 eap->pending_req_password = 0;
6541 if (ssid == wpa_s->current_ssid)
6542 wpa_s->reassociate = 1;
6543 break;
6544 case WPA_CTRL_REQ_EAP_NEW_PASSWORD:
6545 bin_clear_free(eap->new_password, eap->new_password_len);
6546 eap->new_password = (u8 *) os_strdup(value);
6547 eap->new_password_len = os_strlen(value);
6548 eap->pending_req_new_password = 0;
6549 if (ssid == wpa_s->current_ssid)
6550 wpa_s->reassociate = 1;
6551 break;
6552 case WPA_CTRL_REQ_EAP_PIN:
6553 str_clear_free(eap->pin);
6554 eap->pin = os_strdup(value);
6555 eap->pending_req_pin = 0;
6556 if (ssid == wpa_s->current_ssid)
6557 wpa_s->reassociate = 1;
6558 break;
6559 case WPA_CTRL_REQ_EAP_OTP:
6560 bin_clear_free(eap->otp, eap->otp_len);
6561 eap->otp = (u8 *) os_strdup(value);
6562 eap->otp_len = os_strlen(value);
6563 os_free(eap->pending_req_otp);
6564 eap->pending_req_otp = NULL;
6565 eap->pending_req_otp_len = 0;
6566 break;
6567 case WPA_CTRL_REQ_EAP_PASSPHRASE:
6568 str_clear_free(eap->private_key_passwd);
6569 eap->private_key_passwd = os_strdup(value);
6570 eap->pending_req_passphrase = 0;
6571 if (ssid == wpa_s->current_ssid)
6572 wpa_s->reassociate = 1;
6573 break;
6574 case WPA_CTRL_REQ_SIM:
6575 str_clear_free(eap->external_sim_resp);
6576 eap->external_sim_resp = os_strdup(value);
6577 eap->pending_req_sim = 0;
6578 break;
6579 case WPA_CTRL_REQ_PSK_PASSPHRASE:
6580 if (wpa_config_set(ssid, "psk", value, 0) < 0)
6581 return -1;
6582 ssid->mem_only_psk = 1;
6583 if (ssid->passphrase)
6584 wpa_config_update_psk(ssid);
6585 if (wpa_s->wpa_state == WPA_SCANNING && !wpa_s->scanning)
6586 wpa_supplicant_req_scan(wpa_s, 0, 0);
6587 break;
6588 case WPA_CTRL_REQ_EXT_CERT_CHECK:
6589 if (eap->pending_ext_cert_check != PENDING_CHECK)
6590 return -1;
6591 if (os_strcmp(value, "good") == 0)
6592 eap->pending_ext_cert_check = EXT_CERT_CHECK_GOOD;
6593 else if (os_strcmp(value, "bad") == 0)
6594 eap->pending_ext_cert_check = EXT_CERT_CHECK_BAD;
6595 else
6596 return -1;
6597 break;
6598 default:
6599 wpa_printf(MSG_DEBUG, "CTRL_IFACE: Unknown field '%s'", field);
6600 return -1;
6601 }
6602
6603 return 0;
6604 #else /* IEEE8021X_EAPOL */
6605 wpa_printf(MSG_DEBUG, "CTRL_IFACE: IEEE 802.1X not included");
6606 return -1;
6607 #endif /* IEEE8021X_EAPOL */
6608 }
6609 #endif /* CONFIG_CTRL_IFACE || CONFIG_CTRL_IFACE_DBUS_NEW */
6610
6611
6612 int wpas_network_disabled(struct wpa_supplicant *wpa_s, struct wpa_ssid *ssid)
6613 {
6614 int i;
6615 unsigned int drv_enc;
6616
6617 if (wpa_s->p2p_mgmt)
6618 return 1; /* no normal network profiles on p2p_mgmt interface */
6619
6620 if (ssid == NULL)
6621 return 1;
6622
6623 if (ssid->disabled)
6624 return 1;
6625
6626 if (wpa_s->drv_capa_known)
6627 drv_enc = wpa_s->drv_enc;
6628 else
6629 drv_enc = (unsigned int) -1;
6630
6631 for (i = 0; i < NUM_WEP_KEYS; i++) {
6632 size_t len = ssid->wep_key_len[i];
6633 if (len == 0)
6634 continue;
6635 if (len == 5 && (drv_enc & WPA_DRIVER_CAPA_ENC_WEP40))
6636 continue;
6637 if (len == 13 && (drv_enc & WPA_DRIVER_CAPA_ENC_WEP104))
6638 continue;
6639 if (len == 16 && (drv_enc & WPA_DRIVER_CAPA_ENC_WEP128))
6640 continue;
6641 return 1; /* invalid WEP key */
6642 }
6643
6644 if (wpa_key_mgmt_wpa_psk(ssid->key_mgmt) && !ssid->psk_set &&
6645 (!ssid->passphrase || ssid->ssid_len != 0) && !ssid->ext_psk &&
6646 !(wpa_key_mgmt_sae(ssid->key_mgmt) && ssid->sae_password) &&
6647 !ssid->mem_only_psk)
6648 return 1;
6649
6650 return 0;
6651 }
6652
6653
6654 int wpas_get_ssid_pmf(struct wpa_supplicant *wpa_s, struct wpa_ssid *ssid)
6655 {
6656 #ifdef CONFIG_IEEE80211W
6657 if (ssid == NULL || ssid->ieee80211w == MGMT_FRAME_PROTECTION_DEFAULT) {
6658 if (wpa_s->conf->pmf == MGMT_FRAME_PROTECTION_OPTIONAL &&
6659 !(wpa_s->drv_enc & WPA_DRIVER_CAPA_ENC_BIP)) {
6660 /*
6661 * Driver does not support BIP -- ignore pmf=1 default
6662 * since the connection with PMF would fail and the
6663 * configuration does not require PMF to be enabled.
6664 */
6665 return NO_MGMT_FRAME_PROTECTION;
6666 }
6667
6668 if (ssid &&
6669 (ssid->key_mgmt &
6670 ~(WPA_KEY_MGMT_NONE | WPA_KEY_MGMT_WPS |
6671 WPA_KEY_MGMT_IEEE8021X_NO_WPA)) == 0) {
6672 /*
6673 * Do not use the default PMF value for non-RSN networks
6674 * since PMF is available only with RSN and pmf=2
6675 * configuration would otherwise prevent connections to
6676 * all open networks.
6677 */
6678 return NO_MGMT_FRAME_PROTECTION;
6679 }
6680
6681 return wpa_s->conf->pmf;
6682 }
6683
6684 return ssid->ieee80211w;
6685 #else /* CONFIG_IEEE80211W */
6686 return NO_MGMT_FRAME_PROTECTION;
6687 #endif /* CONFIG_IEEE80211W */
6688 }
6689
6690
6691 int wpas_is_p2p_prioritized(struct wpa_supplicant *wpa_s)
6692 {
6693 if (wpa_s->global->conc_pref == WPA_CONC_PREF_P2P)
6694 return 1;
6695 if (wpa_s->global->conc_pref == WPA_CONC_PREF_STA)
6696 return 0;
6697 return -1;
6698 }
6699
6700
6701 void wpas_auth_failed(struct wpa_supplicant *wpa_s, char *reason)
6702 {
6703 struct wpa_ssid *ssid = wpa_s->current_ssid;
6704 int dur;
6705 struct os_reltime now;
6706
6707 if (ssid == NULL) {
6708 wpa_printf(MSG_DEBUG, "Authentication failure but no known "
6709 "SSID block");
6710 return;
6711 }
6712
6713 if (ssid->key_mgmt == WPA_KEY_MGMT_WPS)
6714 return;
6715
6716 ssid->auth_failures++;
6717
6718 #ifdef CONFIG_P2P
6719 if (ssid->p2p_group &&
6720 (wpa_s->p2p_in_provisioning || wpa_s->show_group_started)) {
6721 /*
6722 * Skip the wait time since there is a short timeout on the
6723 * connection to a P2P group.
6724 */
6725 return;
6726 }
6727 #endif /* CONFIG_P2P */
6728
6729 if (ssid->auth_failures > 50)
6730 dur = 300;
6731 else if (ssid->auth_failures > 10)
6732 dur = 120;
6733 else if (ssid->auth_failures > 5)
6734 dur = 90;
6735 else if (ssid->auth_failures > 3)
6736 dur = 60;
6737 else if (ssid->auth_failures > 2)
6738 dur = 30;
6739 else if (ssid->auth_failures > 1)
6740 dur = 20;
6741 else
6742 dur = 10;
6743
6744 if (ssid->auth_failures > 1 &&
6745 wpa_key_mgmt_wpa_ieee8021x(ssid->key_mgmt))
6746 dur += os_random() % (ssid->auth_failures * 10);
6747
6748 os_get_reltime(&now);
6749 if (now.sec + dur <= ssid->disabled_until.sec)
6750 return;
6751
6752 ssid->disabled_until.sec = now.sec + dur;
6753
6754 wpa_msg(wpa_s, MSG_INFO, WPA_EVENT_TEMP_DISABLED
6755 "id=%d ssid=\"%s\" auth_failures=%u duration=%d reason=%s",
6756 ssid->id, wpa_ssid_txt(ssid->ssid, ssid->ssid_len),
6757 ssid->auth_failures, dur, reason);
6758 }
6759
6760
6761 void wpas_clear_temp_disabled(struct wpa_supplicant *wpa_s,
6762 struct wpa_ssid *ssid, int clear_failures)
6763 {
6764 if (ssid == NULL)
6765 return;
6766
6767 if (ssid->disabled_until.sec) {
6768 wpa_msg(wpa_s, MSG_INFO, WPA_EVENT_REENABLED
6769 "id=%d ssid=\"%s\"",
6770 ssid->id, wpa_ssid_txt(ssid->ssid, ssid->ssid_len));
6771 }
6772 ssid->disabled_until.sec = 0;
6773 ssid->disabled_until.usec = 0;
6774 if (clear_failures)
6775 ssid->auth_failures = 0;
6776 }
6777
6778
6779 int disallowed_bssid(struct wpa_supplicant *wpa_s, const u8 *bssid)
6780 {
6781 size_t i;
6782
6783 if (wpa_s->disallow_aps_bssid == NULL)
6784 return 0;
6785
6786 for (i = 0; i < wpa_s->disallow_aps_bssid_count; i++) {
6787 if (os_memcmp(wpa_s->disallow_aps_bssid + i * ETH_ALEN,
6788 bssid, ETH_ALEN) == 0)
6789 return 1;
6790 }
6791
6792 return 0;
6793 }
6794
6795
6796 int disallowed_ssid(struct wpa_supplicant *wpa_s, const u8 *ssid,
6797 size_t ssid_len)
6798 {
6799 size_t i;
6800
6801 if (wpa_s->disallow_aps_ssid == NULL || ssid == NULL)
6802 return 0;
6803
6804 for (i = 0; i < wpa_s->disallow_aps_ssid_count; i++) {
6805 struct wpa_ssid_value *s = &wpa_s->disallow_aps_ssid[i];
6806 if (ssid_len == s->ssid_len &&
6807 os_memcmp(ssid, s->ssid, ssid_len) == 0)
6808 return 1;
6809 }
6810
6811 return 0;
6812 }
6813
6814
6815 /**
6816 * wpas_request_connection - Request a new connection
6817 * @wpa_s: Pointer to the network interface
6818 *
6819 * This function is used to request a new connection to be found. It will mark
6820 * the interface to allow reassociation and request a new scan to find a
6821 * suitable network to connect to.
6822 */
6823 void wpas_request_connection(struct wpa_supplicant *wpa_s)
6824 {
6825 wpa_s->normal_scans = 0;
6826 wpa_s->scan_req = NORMAL_SCAN_REQ;
6827 wpa_supplicant_reinit_autoscan(wpa_s);
6828 wpa_s->extra_blacklist_count = 0;
6829 wpa_s->disconnected = 0;
6830 wpa_s->reassociate = 1;
6831 wpa_s->last_owe_group = 0;
6832
6833 if (wpa_supplicant_fast_associate(wpa_s) != 1)
6834 wpa_supplicant_req_scan(wpa_s, 0, 0);
6835 else
6836 wpa_s->reattach = 0;
6837 }
6838
6839
6840 /**
6841 * wpas_request_disconnection - Request disconnection
6842 * @wpa_s: Pointer to the network interface
6843 *
6844 * This function is used to request disconnection from the currently connected
6845 * network. This will stop any ongoing scans and initiate deauthentication.
6846 */
6847 void wpas_request_disconnection(struct wpa_supplicant *wpa_s)
6848 {
6849 #ifdef CONFIG_SME
6850 wpa_s->sme.prev_bssid_set = 0;
6851 #endif /* CONFIG_SME */
6852 wpa_s->reassociate = 0;
6853 wpa_s->disconnected = 1;
6854 wpa_supplicant_cancel_sched_scan(wpa_s);
6855 wpa_supplicant_cancel_scan(wpa_s);
6856 wpa_supplicant_deauthenticate(wpa_s, WLAN_REASON_DEAUTH_LEAVING);
6857 eloop_cancel_timeout(wpas_network_reenabled, wpa_s, NULL);
6858 }
6859
6860
6861 void dump_freq_data(struct wpa_supplicant *wpa_s, const char *title,
6862 struct wpa_used_freq_data *freqs_data,
6863 unsigned int len)
6864 {
6865 unsigned int i;
6866
6867 wpa_dbg(wpa_s, MSG_DEBUG, "Shared frequencies (len=%u): %s",
6868 len, title);
6869 for (i = 0; i < len; i++) {
6870 struct wpa_used_freq_data *cur = &freqs_data[i];
6871 wpa_dbg(wpa_s, MSG_DEBUG, "freq[%u]: %d, flags=0x%X",
6872 i, cur->freq, cur->flags);
6873 }
6874 }
6875
6876
6877 /*
6878 * Find the operating frequencies of any of the virtual interfaces that
6879 * are using the same radio as the current interface, and in addition, get
6880 * information about the interface types that are using the frequency.
6881 */
6882 int get_shared_radio_freqs_data(struct wpa_supplicant *wpa_s,
6883 struct wpa_used_freq_data *freqs_data,
6884 unsigned int len)
6885 {
6886 struct wpa_supplicant *ifs;
6887 u8 bssid[ETH_ALEN];
6888 int freq;
6889 unsigned int idx = 0, i;
6890
6891 wpa_dbg(wpa_s, MSG_DEBUG,
6892 "Determining shared radio frequencies (max len %u)", len);
6893 os_memset(freqs_data, 0, sizeof(struct wpa_used_freq_data) * len);
6894
6895 dl_list_for_each(ifs, &wpa_s->radio->ifaces, struct wpa_supplicant,
6896 radio_list) {
6897 if (idx == len)
6898 break;
6899
6900 if (ifs->current_ssid == NULL || ifs->assoc_freq == 0)
6901 continue;
6902
6903 if (ifs->current_ssid->mode == WPAS_MODE_AP ||
6904 ifs->current_ssid->mode == WPAS_MODE_P2P_GO ||
6905 ifs->current_ssid->mode == WPAS_MODE_MESH)
6906 freq = ifs->current_ssid->frequency;
6907 else if (wpa_drv_get_bssid(ifs, bssid) == 0)
6908 freq = ifs->assoc_freq;
6909 else
6910 continue;
6911
6912 /* Hold only distinct freqs */
6913 for (i = 0; i < idx; i++)
6914 if (freqs_data[i].freq == freq)
6915 break;
6916
6917 if (i == idx)
6918 freqs_data[idx++].freq = freq;
6919
6920 if (ifs->current_ssid->mode == WPAS_MODE_INFRA) {
6921 freqs_data[i].flags |= ifs->current_ssid->p2p_group ?
6922 WPA_FREQ_USED_BY_P2P_CLIENT :
6923 WPA_FREQ_USED_BY_INFRA_STATION;
6924 }
6925 }
6926
6927 dump_freq_data(wpa_s, "completed iteration", freqs_data, idx);
6928 return idx;
6929 }
6930
6931
6932 /*
6933 * Find the operating frequencies of any of the virtual interfaces that
6934 * are using the same radio as the current interface.
6935 */
6936 int get_shared_radio_freqs(struct wpa_supplicant *wpa_s,
6937 int *freq_array, unsigned int len)
6938 {
6939 struct wpa_used_freq_data *freqs_data;
6940 int num, i;
6941
6942 os_memset(freq_array, 0, sizeof(int) * len);
6943
6944 freqs_data = os_calloc(len, sizeof(struct wpa_used_freq_data));
6945 if (!freqs_data)
6946 return -1;
6947
6948 num = get_shared_radio_freqs_data(wpa_s, freqs_data, len);
6949 for (i = 0; i < num; i++)
6950 freq_array[i] = freqs_data[i].freq;
6951
6952 os_free(freqs_data);
6953
6954 return num;
6955 }
6956
6957
6958 struct wpa_supplicant *
6959 wpas_vendor_elem(struct wpa_supplicant *wpa_s, enum wpa_vendor_elem_frame frame)
6960 {
6961 switch (frame) {
6962 #ifdef CONFIG_P2P
6963 case VENDOR_ELEM_PROBE_REQ_P2P:
6964 case VENDOR_ELEM_PROBE_RESP_P2P:
6965 case VENDOR_ELEM_PROBE_RESP_P2P_GO:
6966 case VENDOR_ELEM_BEACON_P2P_GO:
6967 case VENDOR_ELEM_P2P_PD_REQ:
6968 case VENDOR_ELEM_P2P_PD_RESP:
6969 case VENDOR_ELEM_P2P_GO_NEG_REQ:
6970 case VENDOR_ELEM_P2P_GO_NEG_RESP:
6971 case VENDOR_ELEM_P2P_GO_NEG_CONF:
6972 case VENDOR_ELEM_P2P_INV_REQ:
6973 case VENDOR_ELEM_P2P_INV_RESP:
6974 case VENDOR_ELEM_P2P_ASSOC_REQ:
6975 case VENDOR_ELEM_P2P_ASSOC_RESP:
6976 return wpa_s->p2pdev;
6977 #endif /* CONFIG_P2P */
6978 default:
6979 return wpa_s;
6980 }
6981 }
6982
6983
6984 void wpas_vendor_elem_update(struct wpa_supplicant *wpa_s)
6985 {
6986 unsigned int i;
6987 char buf[30];
6988
6989 wpa_printf(MSG_DEBUG, "Update vendor elements");
6990
6991 for (i = 0; i < NUM_VENDOR_ELEM_FRAMES; i++) {
6992 if (wpa_s->vendor_elem[i]) {
6993 int res;
6994
6995 res = os_snprintf(buf, sizeof(buf), "frame[%u]", i);
6996 if (!os_snprintf_error(sizeof(buf), res)) {
6997 wpa_hexdump_buf(MSG_DEBUG, buf,
6998 wpa_s->vendor_elem[i]);
6999 }
7000 }
7001 }
7002
7003 #ifdef CONFIG_P2P
7004 if (wpa_s->parent == wpa_s &&
7005 wpa_s->global->p2p &&
7006 !wpa_s->global->p2p_disabled)
7007 p2p_set_vendor_elems(wpa_s->global->p2p, wpa_s->vendor_elem);
7008 #endif /* CONFIG_P2P */
7009 }
7010
7011
7012 int wpas_vendor_elem_remove(struct wpa_supplicant *wpa_s, int frame,
7013 const u8 *elem, size_t len)
7014 {
7015 u8 *ie, *end;
7016
7017 ie = wpabuf_mhead_u8(wpa_s->vendor_elem[frame]);
7018 end = ie + wpabuf_len(wpa_s->vendor_elem[frame]);
7019
7020 for (; ie + 1 < end; ie += 2 + ie[1]) {
7021 if (ie + len > end)
7022 break;
7023 if (os_memcmp(ie, elem, len) != 0)
7024 continue;
7025
7026 if (wpabuf_len(wpa_s->vendor_elem[frame]) == len) {
7027 wpabuf_free(wpa_s->vendor_elem[frame]);
7028 wpa_s->vendor_elem[frame] = NULL;
7029 } else {
7030 os_memmove(ie, ie + len, end - (ie + len));
7031 wpa_s->vendor_elem[frame]->used -= len;
7032 }
7033 wpas_vendor_elem_update(wpa_s);
7034 return 0;
7035 }
7036
7037 return -1;
7038 }
7039
7040
7041 struct hostapd_hw_modes * get_mode(struct hostapd_hw_modes *modes,
7042 u16 num_modes, enum hostapd_hw_mode mode)
7043 {
7044 u16 i;
7045
7046 for (i = 0; i < num_modes; i++) {
7047 if (modes[i].mode == mode)
7048 return &modes[i];
7049 }
7050
7051 return NULL;
7052 }
7053
7054
7055 static struct
7056 wpa_bss_tmp_disallowed * wpas_get_disallowed_bss(struct wpa_supplicant *wpa_s,
7057 const u8 *bssid)
7058 {
7059 struct wpa_bss_tmp_disallowed *bss;
7060
7061 dl_list_for_each(bss, &wpa_s->bss_tmp_disallowed,
7062 struct wpa_bss_tmp_disallowed, list) {
7063 if (os_memcmp(bssid, bss->bssid, ETH_ALEN) == 0)
7064 return bss;
7065 }
7066
7067 return NULL;
7068 }
7069
7070
7071 static int wpa_set_driver_tmp_disallow_list(struct wpa_supplicant *wpa_s)
7072 {
7073 struct wpa_bss_tmp_disallowed *tmp;
7074 unsigned int num_bssid = 0;
7075 u8 *bssids;
7076 int ret;
7077
7078 bssids = os_malloc(dl_list_len(&wpa_s->bss_tmp_disallowed) * ETH_ALEN);
7079 if (!bssids)
7080 return -1;
7081 dl_list_for_each(tmp, &wpa_s->bss_tmp_disallowed,
7082 struct wpa_bss_tmp_disallowed, list) {
7083 os_memcpy(&bssids[num_bssid * ETH_ALEN], tmp->bssid,
7084 ETH_ALEN);
7085 num_bssid++;
7086 }
7087 ret = wpa_drv_set_bssid_blacklist(wpa_s, num_bssid, bssids);
7088 os_free(bssids);
7089 return ret;
7090 }
7091
7092
7093 static void wpa_bss_tmp_disallow_timeout(void *eloop_ctx, void *timeout_ctx)
7094 {
7095 struct wpa_supplicant *wpa_s = eloop_ctx;
7096 struct wpa_bss_tmp_disallowed *tmp, *bss = timeout_ctx;
7097
7098 /* Make sure the bss is not already freed */
7099 dl_list_for_each(tmp, &wpa_s->bss_tmp_disallowed,
7100 struct wpa_bss_tmp_disallowed, list) {
7101 if (bss == tmp) {
7102 dl_list_del(&tmp->list);
7103 os_free(tmp);
7104 wpa_set_driver_tmp_disallow_list(wpa_s);
7105 break;
7106 }
7107 }
7108 }
7109
7110
7111 void wpa_bss_tmp_disallow(struct wpa_supplicant *wpa_s, const u8 *bssid,
7112 unsigned int sec)
7113 {
7114 struct wpa_bss_tmp_disallowed *bss;
7115
7116 bss = wpas_get_disallowed_bss(wpa_s, bssid);
7117 if (bss) {
7118 eloop_cancel_timeout(wpa_bss_tmp_disallow_timeout, wpa_s, bss);
7119 eloop_register_timeout(sec, 0, wpa_bss_tmp_disallow_timeout,
7120 wpa_s, bss);
7121 return;
7122 }
7123
7124 bss = os_malloc(sizeof(*bss));
7125 if (!bss) {
7126 wpa_printf(MSG_DEBUG,
7127 "Failed to allocate memory for temp disallow BSS");
7128 return;
7129 }
7130
7131 os_memcpy(bss->bssid, bssid, ETH_ALEN);
7132 dl_list_add(&wpa_s->bss_tmp_disallowed, &bss->list);
7133 wpa_set_driver_tmp_disallow_list(wpa_s);
7134 eloop_register_timeout(sec, 0, wpa_bss_tmp_disallow_timeout,
7135 wpa_s, bss);
7136 }
7137
7138
7139 int wpa_is_bss_tmp_disallowed(struct wpa_supplicant *wpa_s, const u8 *bssid)
7140 {
7141 struct wpa_bss_tmp_disallowed *bss = NULL, *tmp, *prev;
7142
7143 dl_list_for_each_safe(tmp, prev, &wpa_s->bss_tmp_disallowed,
7144 struct wpa_bss_tmp_disallowed, list) {
7145 if (os_memcmp(bssid, tmp->bssid, ETH_ALEN) == 0) {
7146 bss = tmp;
7147 break;
7148 }
7149 }
7150 if (!bss)
7151 return 0;
7152
7153 return 1;
7154 }
Unnamed repository; edit this file 'description' to name the repository.