wpa_supplicant.c revision a54fa5fb807eaeff45464139b5a7759f060cec68
1/* 2 * WPA Supplicant 3 * Copyright (c) 2003-2012, Jouni Malinen <j@w1.fi> 4 * 5 * This software may be distributed under the terms of the BSD license. 6 * See README for more details. 7 * 8 * This file implements functions for registering and unregistering 9 * %wpa_supplicant interfaces. In addition, this file contains number of 10 * functions for managing network connections. 11 */ 12 13#include "includes.h" 14 15#include "common.h" 16#include "crypto/random.h" 17#include "crypto/sha1.h" 18#include "eapol_supp/eapol_supp_sm.h" 19#include "eap_peer/eap.h" 20#include "eap_server/eap_methods.h" 21#include "rsn_supp/wpa.h" 22#include "eloop.h" 23#include "config.h" 24#include "utils/ext_password.h" 25#include "l2_packet/l2_packet.h" 26#include "wpa_supplicant_i.h" 27#include "driver_i.h" 28#include "ctrl_iface.h" 29#include "pcsc_funcs.h" 30#include "common/version.h" 31#include "rsn_supp/preauth.h" 32#include "rsn_supp/pmksa_cache.h" 33#include "common/wpa_ctrl.h" 34#include "common/ieee802_11_defs.h" 35#include "p2p/p2p.h" 36#include "blacklist.h" 37#include "wpas_glue.h" 38#include "wps_supplicant.h" 39#include "ibss_rsn.h" 40#include "sme.h" 41#include "gas_query.h" 42#include "ap.h" 43#include "p2p_supplicant.h" 44#include "wifi_display.h" 45#include "notify.h" 46#include "bgscan.h" 47#include "autoscan.h" 48#include "bss.h" 49#include "scan.h" 50#include "offchannel.h" 51#include "hs20_supplicant.h" 52 53const char *wpa_supplicant_version = 54"wpa_supplicant v" VERSION_STR "\n" 55"Copyright (c) 2003-2013, Jouni Malinen <j@w1.fi> and contributors"; 56 57const char *wpa_supplicant_license = 58"This software may be distributed under the terms of the BSD license.\n" 59"See README for more details.\n" 60#ifdef EAP_TLS_OPENSSL 61"\nThis product includes software developed by the OpenSSL Project\n" 62"for use in the OpenSSL Toolkit (http://www.openssl.org/)\n" 63#endif /* EAP_TLS_OPENSSL */ 64; 65 66#ifndef CONFIG_NO_STDOUT_DEBUG 67/* Long text divided into parts in order to fit in C89 strings size limits. */ 68const char *wpa_supplicant_full_license1 = 69""; 70const char *wpa_supplicant_full_license2 = 71"This software may be distributed under the terms of the BSD license.\n" 72"\n" 73"Redistribution and use in source and binary forms, with or without\n" 74"modification, are permitted provided that the following conditions are\n" 75"met:\n" 76"\n"; 77const char *wpa_supplicant_full_license3 = 78"1. Redistributions of source code must retain the above copyright\n" 79" notice, this list of conditions and the following disclaimer.\n" 80"\n" 81"2. Redistributions in binary form must reproduce the above copyright\n" 82" notice, this list of conditions and the following disclaimer in the\n" 83" documentation and/or other materials provided with the distribution.\n" 84"\n"; 85const char *wpa_supplicant_full_license4 = 86"3. Neither the name(s) of the above-listed copyright holder(s) nor the\n" 87" names of its contributors may be used to endorse or promote products\n" 88" derived from this software without specific prior written permission.\n" 89"\n" 90"THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS\n" 91"\"AS IS\" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT\n" 92"LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR\n" 93"A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT\n"; 94const char *wpa_supplicant_full_license5 = 95"OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,\n" 96"SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT\n" 97"LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,\n" 98"DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY\n" 99"THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT\n" 100"(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE\n" 101"OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n" 102"\n"; 103#endif /* CONFIG_NO_STDOUT_DEBUG */ 104 105extern int wpa_debug_level; 106extern int wpa_debug_show_keys; 107extern int wpa_debug_timestamp; 108extern struct wpa_driver_ops *wpa_drivers[]; 109 110/* Configure default/group WEP keys for static WEP */ 111int wpa_set_wep_keys(struct wpa_supplicant *wpa_s, struct wpa_ssid *ssid) 112{ 113 int i, set = 0; 114 115 for (i = 0; i < NUM_WEP_KEYS; i++) { 116 if (ssid->wep_key_len[i] == 0) 117 continue; 118 119 set = 1; 120 wpa_drv_set_key(wpa_s, WPA_ALG_WEP, NULL, 121 i, i == ssid->wep_tx_keyidx, NULL, 0, 122 ssid->wep_key[i], ssid->wep_key_len[i]); 123 } 124 125 return set; 126} 127 128 129static int wpa_supplicant_set_wpa_none_key(struct wpa_supplicant *wpa_s, 130 struct wpa_ssid *ssid) 131{ 132 u8 key[32]; 133 size_t keylen; 134 enum wpa_alg alg; 135 u8 seq[6] = { 0 }; 136 137 /* IBSS/WPA-None uses only one key (Group) for both receiving and 138 * sending unicast and multicast packets. */ 139 140 if (ssid->mode != WPAS_MODE_IBSS) { 141 wpa_msg(wpa_s, MSG_INFO, "WPA: Invalid mode %d (not " 142 "IBSS/ad-hoc) for WPA-None", ssid->mode); 143 return -1; 144 } 145 146 if (!ssid->psk_set) { 147 wpa_msg(wpa_s, MSG_INFO, "WPA: No PSK configured for " 148 "WPA-None"); 149 return -1; 150 } 151 152 switch (wpa_s->group_cipher) { 153 case WPA_CIPHER_CCMP: 154 os_memcpy(key, ssid->psk, 16); 155 keylen = 16; 156 alg = WPA_ALG_CCMP; 157 break; 158 case WPA_CIPHER_GCMP: 159 os_memcpy(key, ssid->psk, 16); 160 keylen = 16; 161 alg = WPA_ALG_GCMP; 162 break; 163 case WPA_CIPHER_TKIP: 164 /* WPA-None uses the same Michael MIC key for both TX and RX */ 165 os_memcpy(key, ssid->psk, 16 + 8); 166 os_memcpy(key + 16 + 8, ssid->psk + 16, 8); 167 keylen = 32; 168 alg = WPA_ALG_TKIP; 169 break; 170 default: 171 wpa_msg(wpa_s, MSG_INFO, "WPA: Invalid group cipher %d for " 172 "WPA-None", wpa_s->group_cipher); 173 return -1; 174 } 175 176 /* TODO: should actually remember the previously used seq#, both for TX 177 * and RX from each STA.. */ 178 179 return wpa_drv_set_key(wpa_s, alg, NULL, 0, 1, seq, 6, key, keylen); 180} 181 182 183static void wpa_supplicant_timeout(void *eloop_ctx, void *timeout_ctx) 184{ 185 struct wpa_supplicant *wpa_s = eloop_ctx; 186 const u8 *bssid = wpa_s->bssid; 187 if (is_zero_ether_addr(bssid)) 188 bssid = wpa_s->pending_bssid; 189 wpa_msg(wpa_s, MSG_INFO, "Authentication with " MACSTR " timed out.", 190 MAC2STR(bssid)); 191 wpa_blacklist_add(wpa_s, bssid); 192 wpa_sm_notify_disassoc(wpa_s->wpa); 193 wpa_supplicant_deauthenticate(wpa_s, WLAN_REASON_DEAUTH_LEAVING); 194 wpa_s->reassociate = 1; 195 196 /* 197 * If we timed out, the AP or the local radio may be busy. 198 * So, wait a second until scanning again. 199 */ 200 wpa_supplicant_req_scan(wpa_s, 1, 0); 201 202#ifdef CONFIG_P2P 203 if (wpa_s->global->p2p_cb_on_scan_complete && !wpa_s->global->p2p_disabled && 204 wpa_s->global->p2p != NULL) { 205 wpa_s->global->p2p_cb_on_scan_complete = 0; 206 if (p2p_other_scan_completed(wpa_s->global->p2p) == 1) { 207 wpa_dbg(wpa_s, MSG_DEBUG, "P2P: Pending P2P operation " 208 "continued after timed out authentication"); 209 } 210 } 211#endif /* CONFIG_P2P */ 212} 213 214 215/** 216 * wpa_supplicant_req_auth_timeout - Schedule a timeout for authentication 217 * @wpa_s: Pointer to wpa_supplicant data 218 * @sec: Number of seconds after which to time out authentication 219 * @usec: Number of microseconds after which to time out authentication 220 * 221 * This function is used to schedule a timeout for the current authentication 222 * attempt. 223 */ 224void wpa_supplicant_req_auth_timeout(struct wpa_supplicant *wpa_s, 225 int sec, int usec) 226{ 227 if (wpa_s->conf && wpa_s->conf->ap_scan == 0 && 228 (wpa_s->drv_flags & WPA_DRIVER_FLAGS_WIRED)) 229 return; 230 231 wpa_dbg(wpa_s, MSG_DEBUG, "Setting authentication timeout: %d sec " 232 "%d usec", sec, usec); 233 eloop_cancel_timeout(wpa_supplicant_timeout, wpa_s, NULL); 234 eloop_register_timeout(sec, usec, wpa_supplicant_timeout, wpa_s, NULL); 235} 236 237 238/** 239 * wpa_supplicant_cancel_auth_timeout - Cancel authentication timeout 240 * @wpa_s: Pointer to wpa_supplicant data 241 * 242 * This function is used to cancel authentication timeout scheduled with 243 * wpa_supplicant_req_auth_timeout() and it is called when authentication has 244 * been completed. 245 */ 246void wpa_supplicant_cancel_auth_timeout(struct wpa_supplicant *wpa_s) 247{ 248 wpa_dbg(wpa_s, MSG_DEBUG, "Cancelling authentication timeout"); 249 eloop_cancel_timeout(wpa_supplicant_timeout, wpa_s, NULL); 250 wpa_blacklist_del(wpa_s, wpa_s->bssid); 251} 252 253 254/** 255 * wpa_supplicant_initiate_eapol - Configure EAPOL state machine 256 * @wpa_s: Pointer to wpa_supplicant data 257 * 258 * This function is used to configure EAPOL state machine based on the selected 259 * authentication mode. 260 */ 261void wpa_supplicant_initiate_eapol(struct wpa_supplicant *wpa_s) 262{ 263#ifdef IEEE8021X_EAPOL 264 struct eapol_config eapol_conf; 265 struct wpa_ssid *ssid = wpa_s->current_ssid; 266 267#ifdef CONFIG_IBSS_RSN 268 if (ssid->mode == WPAS_MODE_IBSS && 269 wpa_s->key_mgmt != WPA_KEY_MGMT_NONE && 270 wpa_s->key_mgmt != WPA_KEY_MGMT_WPA_NONE) { 271 /* 272 * RSN IBSS authentication is per-STA and we can disable the 273 * per-BSSID EAPOL authentication. 274 */ 275 eapol_sm_notify_portControl(wpa_s->eapol, ForceAuthorized); 276 eapol_sm_notify_eap_success(wpa_s->eapol, TRUE); 277 eapol_sm_notify_eap_fail(wpa_s->eapol, FALSE); 278 return; 279 } 280#endif /* CONFIG_IBSS_RSN */ 281 282 eapol_sm_notify_eap_success(wpa_s->eapol, FALSE); 283 eapol_sm_notify_eap_fail(wpa_s->eapol, FALSE); 284 285 if (wpa_s->key_mgmt == WPA_KEY_MGMT_NONE || 286 wpa_s->key_mgmt == WPA_KEY_MGMT_WPA_NONE) 287 eapol_sm_notify_portControl(wpa_s->eapol, ForceAuthorized); 288 else 289 eapol_sm_notify_portControl(wpa_s->eapol, Auto); 290 291 os_memset(&eapol_conf, 0, sizeof(eapol_conf)); 292 if (wpa_s->key_mgmt == WPA_KEY_MGMT_IEEE8021X_NO_WPA) { 293 eapol_conf.accept_802_1x_keys = 1; 294 eapol_conf.required_keys = 0; 295 if (ssid->eapol_flags & EAPOL_FLAG_REQUIRE_KEY_UNICAST) { 296 eapol_conf.required_keys |= EAPOL_REQUIRE_KEY_UNICAST; 297 } 298 if (ssid->eapol_flags & EAPOL_FLAG_REQUIRE_KEY_BROADCAST) { 299 eapol_conf.required_keys |= 300 EAPOL_REQUIRE_KEY_BROADCAST; 301 } 302 303 if (wpa_s->conf && (wpa_s->drv_flags & WPA_DRIVER_FLAGS_WIRED)) 304 eapol_conf.required_keys = 0; 305 } 306 if (wpa_s->conf) 307 eapol_conf.fast_reauth = wpa_s->conf->fast_reauth; 308 eapol_conf.workaround = ssid->eap_workaround; 309 eapol_conf.eap_disabled = 310 !wpa_key_mgmt_wpa_ieee8021x(wpa_s->key_mgmt) && 311 wpa_s->key_mgmt != WPA_KEY_MGMT_IEEE8021X_NO_WPA && 312 wpa_s->key_mgmt != WPA_KEY_MGMT_WPS; 313 eapol_sm_notify_config(wpa_s->eapol, &ssid->eap, &eapol_conf); 314#endif /* IEEE8021X_EAPOL */ 315} 316 317 318/** 319 * wpa_supplicant_set_non_wpa_policy - Set WPA parameters to non-WPA mode 320 * @wpa_s: Pointer to wpa_supplicant data 321 * @ssid: Configuration data for the network 322 * 323 * This function is used to configure WPA state machine and related parameters 324 * to a mode where WPA is not enabled. This is called as part of the 325 * authentication configuration when the selected network does not use WPA. 326 */ 327void wpa_supplicant_set_non_wpa_policy(struct wpa_supplicant *wpa_s, 328 struct wpa_ssid *ssid) 329{ 330 int i; 331 332 if (ssid->key_mgmt & WPA_KEY_MGMT_WPS) 333 wpa_s->key_mgmt = WPA_KEY_MGMT_WPS; 334 else if (ssid->key_mgmt & WPA_KEY_MGMT_IEEE8021X_NO_WPA) 335 wpa_s->key_mgmt = WPA_KEY_MGMT_IEEE8021X_NO_WPA; 336 else 337 wpa_s->key_mgmt = WPA_KEY_MGMT_NONE; 338 wpa_sm_set_ap_wpa_ie(wpa_s->wpa, NULL, 0); 339 wpa_sm_set_ap_rsn_ie(wpa_s->wpa, NULL, 0); 340 wpa_sm_set_assoc_wpa_ie(wpa_s->wpa, NULL, 0); 341 wpa_s->pairwise_cipher = WPA_CIPHER_NONE; 342 wpa_s->group_cipher = WPA_CIPHER_NONE; 343 wpa_s->mgmt_group_cipher = 0; 344 345 for (i = 0; i < NUM_WEP_KEYS; i++) { 346 if (ssid->wep_key_len[i] > 5) { 347 wpa_s->pairwise_cipher = WPA_CIPHER_WEP104; 348 wpa_s->group_cipher = WPA_CIPHER_WEP104; 349 break; 350 } else if (ssid->wep_key_len[i] > 0) { 351 wpa_s->pairwise_cipher = WPA_CIPHER_WEP40; 352 wpa_s->group_cipher = WPA_CIPHER_WEP40; 353 break; 354 } 355 } 356 357 wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_RSN_ENABLED, 0); 358 wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_KEY_MGMT, wpa_s->key_mgmt); 359 wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_PAIRWISE, 360 wpa_s->pairwise_cipher); 361 wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_GROUP, wpa_s->group_cipher); 362#ifdef CONFIG_IEEE80211W 363 wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_MGMT_GROUP, 364 wpa_s->mgmt_group_cipher); 365#endif /* CONFIG_IEEE80211W */ 366 367 pmksa_cache_clear_current(wpa_s->wpa); 368} 369 370 371void free_hw_features(struct wpa_supplicant *wpa_s) 372{ 373 int i; 374 if (wpa_s->hw.modes == NULL) 375 return; 376 377 for (i = 0; i < wpa_s->hw.num_modes; i++) { 378 os_free(wpa_s->hw.modes[i].channels); 379 os_free(wpa_s->hw.modes[i].rates); 380 } 381 382 os_free(wpa_s->hw.modes); 383 wpa_s->hw.modes = NULL; 384} 385 386 387static void wpa_supplicant_cleanup(struct wpa_supplicant *wpa_s) 388{ 389 bgscan_deinit(wpa_s); 390 autoscan_deinit(wpa_s); 391 scard_deinit(wpa_s->scard); 392 wpa_s->scard = NULL; 393 wpa_sm_set_scard_ctx(wpa_s->wpa, NULL); 394 eapol_sm_register_scard_ctx(wpa_s->eapol, NULL); 395 l2_packet_deinit(wpa_s->l2); 396 wpa_s->l2 = NULL; 397 if (wpa_s->l2_br) { 398 l2_packet_deinit(wpa_s->l2_br); 399 wpa_s->l2_br = NULL; 400 } 401 402 if (wpa_s->conf != NULL) { 403 struct wpa_ssid *ssid; 404 for (ssid = wpa_s->conf->ssid; ssid; ssid = ssid->next) 405 wpas_notify_network_removed(wpa_s, ssid); 406 } 407 408 os_free(wpa_s->confname); 409 wpa_s->confname = NULL; 410 411 wpa_sm_set_eapol(wpa_s->wpa, NULL); 412 eapol_sm_deinit(wpa_s->eapol); 413 wpa_s->eapol = NULL; 414 415 rsn_preauth_deinit(wpa_s->wpa); 416 417#ifdef CONFIG_TDLS 418 wpa_tdls_deinit(wpa_s->wpa); 419#endif /* CONFIG_TDLS */ 420 421 pmksa_candidate_free(wpa_s->wpa); 422 wpa_sm_deinit(wpa_s->wpa); 423 wpa_s->wpa = NULL; 424 wpa_blacklist_clear(wpa_s); 425 426 wpa_bss_deinit(wpa_s); 427 428 wpa_supplicant_cancel_scan(wpa_s); 429 wpa_supplicant_cancel_auth_timeout(wpa_s); 430 eloop_cancel_timeout(wpa_supplicant_stop_countermeasures, wpa_s, NULL); 431#ifdef CONFIG_DELAYED_MIC_ERROR_REPORT 432 eloop_cancel_timeout(wpa_supplicant_delayed_mic_error_report, 433 wpa_s, NULL); 434#endif /* CONFIG_DELAYED_MIC_ERROR_REPORT */ 435 436 wpas_wps_deinit(wpa_s); 437 438 wpabuf_free(wpa_s->pending_eapol_rx); 439 wpa_s->pending_eapol_rx = NULL; 440 441#ifdef CONFIG_IBSS_RSN 442 ibss_rsn_deinit(wpa_s->ibss_rsn); 443 wpa_s->ibss_rsn = NULL; 444#endif /* CONFIG_IBSS_RSN */ 445 446 sme_deinit(wpa_s); 447 448#ifdef CONFIG_AP 449 wpa_supplicant_ap_deinit(wpa_s); 450#endif /* CONFIG_AP */ 451 452#ifdef CONFIG_P2P 453 wpas_p2p_deinit(wpa_s); 454#endif /* CONFIG_P2P */ 455 456#ifdef CONFIG_OFFCHANNEL 457 offchannel_deinit(wpa_s); 458#endif /* CONFIG_OFFCHANNEL */ 459 460 wpa_supplicant_cancel_sched_scan(wpa_s); 461 462 os_free(wpa_s->next_scan_freqs); 463 wpa_s->next_scan_freqs = NULL; 464 465 gas_query_deinit(wpa_s->gas); 466 wpa_s->gas = NULL; 467 468 free_hw_features(wpa_s); 469 470 os_free(wpa_s->bssid_filter); 471 wpa_s->bssid_filter = NULL; 472 473 os_free(wpa_s->disallow_aps_bssid); 474 wpa_s->disallow_aps_bssid = NULL; 475 os_free(wpa_s->disallow_aps_ssid); 476 wpa_s->disallow_aps_ssid = NULL; 477 478 wnm_bss_keep_alive_deinit(wpa_s); 479 480 ext_password_deinit(wpa_s->ext_pw); 481 wpa_s->ext_pw = NULL; 482 483 wpabuf_free(wpa_s->last_gas_resp); 484 485 os_free(wpa_s->last_scan_res); 486 wpa_s->last_scan_res = NULL; 487} 488 489 490/** 491 * wpa_clear_keys - Clear keys configured for the driver 492 * @wpa_s: Pointer to wpa_supplicant data 493 * @addr: Previously used BSSID or %NULL if not available 494 * 495 * This function clears the encryption keys that has been previously configured 496 * for the driver. 497 */ 498void wpa_clear_keys(struct wpa_supplicant *wpa_s, const u8 *addr) 499{ 500 if (wpa_s->keys_cleared) { 501 /* Some drivers (e.g., ndiswrapper & NDIS drivers) seem to have 502 * timing issues with keys being cleared just before new keys 503 * are set or just after association or something similar. This 504 * shows up in group key handshake failing often because of the 505 * client not receiving the first encrypted packets correctly. 506 * Skipping some of the extra key clearing steps seems to help 507 * in completing group key handshake more reliably. */ 508 wpa_dbg(wpa_s, MSG_DEBUG, "No keys have been configured - " 509 "skip key clearing"); 510 return; 511 } 512 513 /* MLME-DELETEKEYS.request */ 514 wpa_drv_set_key(wpa_s, WPA_ALG_NONE, NULL, 0, 0, NULL, 0, NULL, 0); 515 wpa_drv_set_key(wpa_s, WPA_ALG_NONE, NULL, 1, 0, NULL, 0, NULL, 0); 516 wpa_drv_set_key(wpa_s, WPA_ALG_NONE, NULL, 2, 0, NULL, 0, NULL, 0); 517 wpa_drv_set_key(wpa_s, WPA_ALG_NONE, NULL, 3, 0, NULL, 0, NULL, 0); 518#ifdef CONFIG_IEEE80211W 519 wpa_drv_set_key(wpa_s, WPA_ALG_NONE, NULL, 4, 0, NULL, 0, NULL, 0); 520 wpa_drv_set_key(wpa_s, WPA_ALG_NONE, NULL, 5, 0, NULL, 0, NULL, 0); 521#endif /* CONFIG_IEEE80211W */ 522 if (addr) { 523 wpa_drv_set_key(wpa_s, WPA_ALG_NONE, addr, 0, 0, NULL, 0, NULL, 524 0); 525 /* MLME-SETPROTECTION.request(None) */ 526 wpa_drv_mlme_setprotection( 527 wpa_s, addr, 528 MLME_SETPROTECTION_PROTECT_TYPE_NONE, 529 MLME_SETPROTECTION_KEY_TYPE_PAIRWISE); 530 } 531 wpa_s->keys_cleared = 1; 532} 533 534 535/** 536 * wpa_supplicant_state_txt - Get the connection state name as a text string 537 * @state: State (wpa_state; WPA_*) 538 * Returns: The state name as a printable text string 539 */ 540const char * wpa_supplicant_state_txt(enum wpa_states state) 541{ 542 switch (state) { 543 case WPA_DISCONNECTED: 544 return "DISCONNECTED"; 545 case WPA_INACTIVE: 546 return "INACTIVE"; 547 case WPA_INTERFACE_DISABLED: 548 return "INTERFACE_DISABLED"; 549 case WPA_SCANNING: 550 return "SCANNING"; 551 case WPA_AUTHENTICATING: 552 return "AUTHENTICATING"; 553 case WPA_ASSOCIATING: 554 return "ASSOCIATING"; 555 case WPA_ASSOCIATED: 556 return "ASSOCIATED"; 557 case WPA_4WAY_HANDSHAKE: 558 return "4WAY_HANDSHAKE"; 559 case WPA_GROUP_HANDSHAKE: 560 return "GROUP_HANDSHAKE"; 561 case WPA_COMPLETED: 562 return "COMPLETED"; 563 default: 564 return "UNKNOWN"; 565 } 566} 567 568 569#ifdef CONFIG_BGSCAN 570 571static void wpa_supplicant_start_bgscan(struct wpa_supplicant *wpa_s) 572{ 573 if (wpas_driver_bss_selection(wpa_s)) 574 return; 575 if (wpa_s->current_ssid == wpa_s->bgscan_ssid) 576 return; 577 578 bgscan_deinit(wpa_s); 579 if (wpa_s->current_ssid && wpa_s->current_ssid->bgscan) { 580 if (bgscan_init(wpa_s, wpa_s->current_ssid)) { 581 wpa_dbg(wpa_s, MSG_DEBUG, "Failed to initialize " 582 "bgscan"); 583 /* 584 * Live without bgscan; it is only used as a roaming 585 * optimization, so the initial connection is not 586 * affected. 587 */ 588 } else { 589 struct wpa_scan_results *scan_res; 590 wpa_s->bgscan_ssid = wpa_s->current_ssid; 591 scan_res = wpa_supplicant_get_scan_results(wpa_s, NULL, 592 0); 593 if (scan_res) { 594 bgscan_notify_scan(wpa_s, scan_res); 595 wpa_scan_results_free(scan_res); 596 } 597 } 598 } else 599 wpa_s->bgscan_ssid = NULL; 600} 601 602 603static void wpa_supplicant_stop_bgscan(struct wpa_supplicant *wpa_s) 604{ 605 if (wpa_s->bgscan_ssid != NULL) { 606 bgscan_deinit(wpa_s); 607 wpa_s->bgscan_ssid = NULL; 608 } 609} 610 611#endif /* CONFIG_BGSCAN */ 612 613 614static void wpa_supplicant_start_autoscan(struct wpa_supplicant *wpa_s) 615{ 616 if (autoscan_init(wpa_s, 0)) 617 wpa_dbg(wpa_s, MSG_DEBUG, "Failed to initialize autoscan"); 618} 619 620 621static void wpa_supplicant_stop_autoscan(struct wpa_supplicant *wpa_s) 622{ 623 autoscan_deinit(wpa_s); 624} 625 626 627void wpa_supplicant_reinit_autoscan(struct wpa_supplicant *wpa_s) 628{ 629 if (wpa_s->wpa_state == WPA_DISCONNECTED || 630 wpa_s->wpa_state == WPA_SCANNING) { 631 autoscan_deinit(wpa_s); 632 wpa_supplicant_start_autoscan(wpa_s); 633 } 634} 635 636 637/** 638 * wpa_supplicant_set_state - Set current connection state 639 * @wpa_s: Pointer to wpa_supplicant data 640 * @state: The new connection state 641 * 642 * This function is called whenever the connection state changes, e.g., 643 * association is completed for WPA/WPA2 4-Way Handshake is started. 644 */ 645void wpa_supplicant_set_state(struct wpa_supplicant *wpa_s, 646 enum wpa_states state) 647{ 648 enum wpa_states old_state = wpa_s->wpa_state; 649 650 wpa_dbg(wpa_s, MSG_DEBUG, "State: %s -> %s", 651 wpa_supplicant_state_txt(wpa_s->wpa_state), 652 wpa_supplicant_state_txt(state)); 653 654#ifdef ANDROID_P2P 655 if(state == WPA_ASSOCIATED && wpa_s->current_ssid) { 656 wpa_s->current_ssid->assoc_retry = 0; 657 } 658#endif /* ANDROID_P2P */ 659 660 if (state != WPA_SCANNING) 661 wpa_supplicant_notify_scanning(wpa_s, 0); 662 663 if (state == WPA_COMPLETED && wpa_s->new_connection) { 664#if defined(CONFIG_CTRL_IFACE) || !defined(CONFIG_NO_STDOUT_DEBUG) 665 struct wpa_ssid *ssid = wpa_s->current_ssid; 666 wpa_msg(wpa_s, MSG_INFO, WPA_EVENT_CONNECTED "- Connection to " 667 MACSTR " completed %s [id=%d id_str=%s]", 668 MAC2STR(wpa_s->bssid), "(auth)", 669 ssid ? ssid->id : -1, 670 ssid && ssid->id_str ? ssid->id_str : ""); 671#endif /* CONFIG_CTRL_IFACE || !CONFIG_NO_STDOUT_DEBUG */ 672 wpas_clear_temp_disabled(wpa_s, ssid, 1); 673 wpa_s->extra_blacklist_count = 0; 674 wpa_s->new_connection = 0; 675 wpa_drv_set_operstate(wpa_s, 1); 676#ifndef IEEE8021X_EAPOL 677 wpa_drv_set_supp_port(wpa_s, 1); 678#endif /* IEEE8021X_EAPOL */ 679 wpa_s->after_wps = 0; 680#ifdef CONFIG_P2P 681 wpas_p2p_completed(wpa_s); 682#endif /* CONFIG_P2P */ 683 684 sme_sched_obss_scan(wpa_s, 1); 685 } else if (state == WPA_DISCONNECTED || state == WPA_ASSOCIATING || 686 state == WPA_ASSOCIATED) { 687 wpa_s->new_connection = 1; 688 wpa_drv_set_operstate(wpa_s, 0); 689#ifndef IEEE8021X_EAPOL 690 wpa_drv_set_supp_port(wpa_s, 0); 691#endif /* IEEE8021X_EAPOL */ 692 sme_sched_obss_scan(wpa_s, 0); 693 } 694 wpa_s->wpa_state = state; 695 696#ifdef CONFIG_BGSCAN 697 if (state == WPA_COMPLETED) 698 wpa_supplicant_start_bgscan(wpa_s); 699 else 700 wpa_supplicant_stop_bgscan(wpa_s); 701#endif /* CONFIG_BGSCAN */ 702 703 if (state == WPA_AUTHENTICATING) 704 wpa_supplicant_stop_autoscan(wpa_s); 705 706 if (state == WPA_DISCONNECTED || state == WPA_INACTIVE) 707 wpa_supplicant_start_autoscan(wpa_s); 708 709 if (wpa_s->wpa_state != old_state) { 710 wpas_notify_state_changed(wpa_s, wpa_s->wpa_state, old_state); 711 712 if (wpa_s->wpa_state == WPA_COMPLETED || 713 old_state == WPA_COMPLETED) 714 wpas_notify_auth_changed(wpa_s); 715 } 716} 717 718 719void wpa_supplicant_terminate_proc(struct wpa_global *global) 720{ 721 int pending = 0; 722#ifdef CONFIG_WPS 723 struct wpa_supplicant *wpa_s = global->ifaces; 724 while (wpa_s) { 725 if (wpas_wps_terminate_pending(wpa_s) == 1) 726 pending = 1; 727 wpa_s = wpa_s->next; 728 } 729#endif /* CONFIG_WPS */ 730 if (pending) 731 return; 732 eloop_terminate(); 733} 734 735 736static void wpa_supplicant_terminate(int sig, void *signal_ctx) 737{ 738 struct wpa_global *global = signal_ctx; 739 wpa_supplicant_terminate_proc(global); 740} 741 742 743void wpa_supplicant_clear_status(struct wpa_supplicant *wpa_s) 744{ 745 enum wpa_states old_state = wpa_s->wpa_state; 746 747 wpa_s->pairwise_cipher = 0; 748 wpa_s->group_cipher = 0; 749 wpa_s->mgmt_group_cipher = 0; 750 wpa_s->key_mgmt = 0; 751 if (wpa_s->wpa_state != WPA_INTERFACE_DISABLED) 752 wpa_supplicant_set_state(wpa_s, WPA_DISCONNECTED); 753 754 if (wpa_s->wpa_state != old_state) 755 wpas_notify_state_changed(wpa_s, wpa_s->wpa_state, old_state); 756} 757 758 759/** 760 * wpa_supplicant_reload_configuration - Reload configuration data 761 * @wpa_s: Pointer to wpa_supplicant data 762 * Returns: 0 on success or -1 if configuration parsing failed 763 * 764 * This function can be used to request that the configuration data is reloaded 765 * (e.g., after configuration file change). This function is reloading 766 * configuration only for one interface, so this may need to be called multiple 767 * times if %wpa_supplicant is controlling multiple interfaces and all 768 * interfaces need reconfiguration. 769 */ 770int wpa_supplicant_reload_configuration(struct wpa_supplicant *wpa_s) 771{ 772 struct wpa_config *conf; 773 int reconf_ctrl; 774 int old_ap_scan; 775 776 if (wpa_s->confname == NULL) 777 return -1; 778 conf = wpa_config_read(wpa_s->confname); 779 if (conf == NULL) { 780 wpa_msg(wpa_s, MSG_ERROR, "Failed to parse the configuration " 781 "file '%s' - exiting", wpa_s->confname); 782 return -1; 783 } 784 conf->changed_parameters = (unsigned int) -1; 785 786 reconf_ctrl = !!conf->ctrl_interface != !!wpa_s->conf->ctrl_interface 787 || (conf->ctrl_interface && wpa_s->conf->ctrl_interface && 788 os_strcmp(conf->ctrl_interface, 789 wpa_s->conf->ctrl_interface) != 0); 790 791 if (reconf_ctrl && wpa_s->ctrl_iface) { 792 wpa_supplicant_ctrl_iface_deinit(wpa_s->ctrl_iface); 793 wpa_s->ctrl_iface = NULL; 794 } 795 796 eapol_sm_invalidate_cached_session(wpa_s->eapol); 797 if (wpa_s->current_ssid) { 798 wpa_supplicant_deauthenticate(wpa_s, 799 WLAN_REASON_DEAUTH_LEAVING); 800 } 801 802 /* 803 * TODO: should notify EAPOL SM about changes in opensc_engine_path, 804 * pkcs11_engine_path, pkcs11_module_path. 805 */ 806 if (wpa_key_mgmt_wpa_psk(wpa_s->key_mgmt)) { 807 /* 808 * Clear forced success to clear EAP state for next 809 * authentication. 810 */ 811 eapol_sm_notify_eap_success(wpa_s->eapol, FALSE); 812 } 813 eapol_sm_notify_config(wpa_s->eapol, NULL, NULL); 814 wpa_sm_set_config(wpa_s->wpa, NULL); 815 wpa_sm_pmksa_cache_flush(wpa_s->wpa, NULL); 816 wpa_sm_set_fast_reauth(wpa_s->wpa, wpa_s->conf->fast_reauth); 817 rsn_preauth_deinit(wpa_s->wpa); 818 819 old_ap_scan = wpa_s->conf->ap_scan; 820 wpa_config_free(wpa_s->conf); 821 wpa_s->conf = conf; 822 if (old_ap_scan != wpa_s->conf->ap_scan) 823 wpas_notify_ap_scan_changed(wpa_s); 824 825 if (reconf_ctrl) 826 wpa_s->ctrl_iface = wpa_supplicant_ctrl_iface_init(wpa_s); 827 828 wpa_supplicant_update_config(wpa_s); 829 830 wpa_supplicant_clear_status(wpa_s); 831 if (wpa_supplicant_enabled_networks(wpa_s)) { 832 wpa_s->reassociate = 1; 833 wpa_supplicant_req_scan(wpa_s, 0, 0); 834 } 835 wpa_dbg(wpa_s, MSG_DEBUG, "Reconfiguration completed"); 836 return 0; 837} 838 839 840static void wpa_supplicant_reconfig(int sig, void *signal_ctx) 841{ 842 struct wpa_global *global = signal_ctx; 843 struct wpa_supplicant *wpa_s; 844 for (wpa_s = global->ifaces; wpa_s; wpa_s = wpa_s->next) { 845 wpa_dbg(wpa_s, MSG_DEBUG, "Signal %d received - reconfiguring", 846 sig); 847 if (wpa_supplicant_reload_configuration(wpa_s) < 0) { 848 wpa_supplicant_terminate_proc(global); 849 } 850 } 851} 852 853 854enum wpa_key_mgmt key_mgmt2driver(int key_mgmt) 855{ 856 switch (key_mgmt) { 857 case WPA_KEY_MGMT_NONE: 858 return KEY_MGMT_NONE; 859 case WPA_KEY_MGMT_IEEE8021X_NO_WPA: 860 return KEY_MGMT_802_1X_NO_WPA; 861 case WPA_KEY_MGMT_IEEE8021X: 862 return KEY_MGMT_802_1X; 863 case WPA_KEY_MGMT_WPA_NONE: 864 return KEY_MGMT_WPA_NONE; 865 case WPA_KEY_MGMT_FT_IEEE8021X: 866 return KEY_MGMT_FT_802_1X; 867 case WPA_KEY_MGMT_FT_PSK: 868 return KEY_MGMT_FT_PSK; 869 case WPA_KEY_MGMT_IEEE8021X_SHA256: 870 return KEY_MGMT_802_1X_SHA256; 871 case WPA_KEY_MGMT_PSK_SHA256: 872 return KEY_MGMT_PSK_SHA256; 873 case WPA_KEY_MGMT_WPS: 874 return KEY_MGMT_WPS; 875 case WPA_KEY_MGMT_PSK: 876 default: 877 return KEY_MGMT_PSK; 878 } 879} 880 881 882static int wpa_supplicant_suites_from_ai(struct wpa_supplicant *wpa_s, 883 struct wpa_ssid *ssid, 884 struct wpa_ie_data *ie) 885{ 886 int ret = wpa_sm_parse_own_wpa_ie(wpa_s->wpa, ie); 887 if (ret) { 888 if (ret == -2) { 889 wpa_msg(wpa_s, MSG_INFO, "WPA: Failed to parse WPA IE " 890 "from association info"); 891 } 892 return -1; 893 } 894 895 wpa_dbg(wpa_s, MSG_DEBUG, "WPA: Using WPA IE from AssocReq to set " 896 "cipher suites"); 897 if (!(ie->group_cipher & ssid->group_cipher)) { 898 wpa_msg(wpa_s, MSG_INFO, "WPA: Driver used disabled group " 899 "cipher 0x%x (mask 0x%x) - reject", 900 ie->group_cipher, ssid->group_cipher); 901 return -1; 902 } 903 if (!(ie->pairwise_cipher & ssid->pairwise_cipher)) { 904 wpa_msg(wpa_s, MSG_INFO, "WPA: Driver used disabled pairwise " 905 "cipher 0x%x (mask 0x%x) - reject", 906 ie->pairwise_cipher, ssid->pairwise_cipher); 907 return -1; 908 } 909 if (!(ie->key_mgmt & ssid->key_mgmt)) { 910 wpa_msg(wpa_s, MSG_INFO, "WPA: Driver used disabled key " 911 "management 0x%x (mask 0x%x) - reject", 912 ie->key_mgmt, ssid->key_mgmt); 913 return -1; 914 } 915 916#ifdef CONFIG_IEEE80211W 917 if (!(ie->capabilities & WPA_CAPABILITY_MFPC) && 918 (ssid->ieee80211w == MGMT_FRAME_PROTECTION_DEFAULT ? 919 wpa_s->conf->pmf : ssid->ieee80211w) == 920 MGMT_FRAME_PROTECTION_REQUIRED) { 921 wpa_msg(wpa_s, MSG_INFO, "WPA: Driver associated with an AP " 922 "that does not support management frame protection - " 923 "reject"); 924 return -1; 925 } 926#endif /* CONFIG_IEEE80211W */ 927 928 return 0; 929} 930 931 932/** 933 * wpa_supplicant_set_suites - Set authentication and encryption parameters 934 * @wpa_s: Pointer to wpa_supplicant data 935 * @bss: Scan results for the selected BSS, or %NULL if not available 936 * @ssid: Configuration data for the selected network 937 * @wpa_ie: Buffer for the WPA/RSN IE 938 * @wpa_ie_len: Maximum wpa_ie buffer size on input. This is changed to be the 939 * used buffer length in case the functions returns success. 940 * Returns: 0 on success or -1 on failure 941 * 942 * This function is used to configure authentication and encryption parameters 943 * based on the network configuration and scan result for the selected BSS (if 944 * available). 945 */ 946int wpa_supplicant_set_suites(struct wpa_supplicant *wpa_s, 947 struct wpa_bss *bss, struct wpa_ssid *ssid, 948 u8 *wpa_ie, size_t *wpa_ie_len) 949{ 950 struct wpa_ie_data ie; 951 int sel, proto; 952 const u8 *bss_wpa, *bss_rsn; 953 954 if (bss) { 955 bss_wpa = wpa_bss_get_vendor_ie(bss, WPA_IE_VENDOR_TYPE); 956 bss_rsn = wpa_bss_get_ie(bss, WLAN_EID_RSN); 957 } else 958 bss_wpa = bss_rsn = NULL; 959 960 if (bss_rsn && (ssid->proto & WPA_PROTO_RSN) && 961 wpa_parse_wpa_ie(bss_rsn, 2 + bss_rsn[1], &ie) == 0 && 962 (ie.group_cipher & ssid->group_cipher) && 963 (ie.pairwise_cipher & ssid->pairwise_cipher) && 964 (ie.key_mgmt & ssid->key_mgmt)) { 965 wpa_dbg(wpa_s, MSG_DEBUG, "RSN: using IEEE 802.11i/D9.0"); 966 proto = WPA_PROTO_RSN; 967 } else if (bss_wpa && (ssid->proto & WPA_PROTO_WPA) && 968 wpa_parse_wpa_ie(bss_wpa, 2 +bss_wpa[1], &ie) == 0 && 969 (ie.group_cipher & ssid->group_cipher) && 970 (ie.pairwise_cipher & ssid->pairwise_cipher) && 971 (ie.key_mgmt & ssid->key_mgmt)) { 972 wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using IEEE 802.11i/D3.0"); 973 proto = WPA_PROTO_WPA; 974 } else if (bss) { 975 wpa_msg(wpa_s, MSG_WARNING, "WPA: Failed to select WPA/RSN"); 976 return -1; 977 } else { 978 if (ssid->proto & WPA_PROTO_RSN) 979 proto = WPA_PROTO_RSN; 980 else 981 proto = WPA_PROTO_WPA; 982 if (wpa_supplicant_suites_from_ai(wpa_s, ssid, &ie) < 0) { 983 os_memset(&ie, 0, sizeof(ie)); 984 ie.group_cipher = ssid->group_cipher; 985 ie.pairwise_cipher = ssid->pairwise_cipher; 986 ie.key_mgmt = ssid->key_mgmt; 987#ifdef CONFIG_IEEE80211W 988 ie.mgmt_group_cipher = 989 ssid->ieee80211w != NO_MGMT_FRAME_PROTECTION ? 990 WPA_CIPHER_AES_128_CMAC : 0; 991#endif /* CONFIG_IEEE80211W */ 992 wpa_dbg(wpa_s, MSG_DEBUG, "WPA: Set cipher suites " 993 "based on configuration"); 994 } else 995 proto = ie.proto; 996 } 997 998 wpa_dbg(wpa_s, MSG_DEBUG, "WPA: Selected cipher suites: group %d " 999 "pairwise %d key_mgmt %d proto %d", 1000 ie.group_cipher, ie.pairwise_cipher, ie.key_mgmt, proto); 1001#ifdef CONFIG_IEEE80211W 1002 if (ssid->ieee80211w) { 1003 wpa_dbg(wpa_s, MSG_DEBUG, "WPA: Selected mgmt group cipher %d", 1004 ie.mgmt_group_cipher); 1005 } 1006#endif /* CONFIG_IEEE80211W */ 1007 1008 wpa_s->wpa_proto = proto; 1009 wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_PROTO, proto); 1010 wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_RSN_ENABLED, 1011 !!(ssid->proto & WPA_PROTO_RSN)); 1012 1013 if (bss || !wpa_s->ap_ies_from_associnfo) { 1014 if (wpa_sm_set_ap_wpa_ie(wpa_s->wpa, bss_wpa, 1015 bss_wpa ? 2 + bss_wpa[1] : 0) || 1016 wpa_sm_set_ap_rsn_ie(wpa_s->wpa, bss_rsn, 1017 bss_rsn ? 2 + bss_rsn[1] : 0)) 1018 return -1; 1019 } 1020 1021 sel = ie.group_cipher & ssid->group_cipher; 1022 wpa_s->group_cipher = wpa_pick_group_cipher(sel); 1023 if (wpa_s->group_cipher < 0) { 1024 wpa_msg(wpa_s, MSG_WARNING, "WPA: Failed to select group " 1025 "cipher"); 1026 return -1; 1027 } 1028 wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using GTK %s", 1029 wpa_cipher_txt(wpa_s->group_cipher)); 1030 1031 sel = ie.pairwise_cipher & ssid->pairwise_cipher; 1032 wpa_s->pairwise_cipher = wpa_pick_pairwise_cipher(sel, 1); 1033 if (wpa_s->pairwise_cipher < 0) { 1034 wpa_msg(wpa_s, MSG_WARNING, "WPA: Failed to select pairwise " 1035 "cipher"); 1036 return -1; 1037 } 1038 wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using PTK %s", 1039 wpa_cipher_txt(wpa_s->pairwise_cipher)); 1040 1041 sel = ie.key_mgmt & ssid->key_mgmt; 1042#ifdef CONFIG_SAE 1043 if (!(wpa_s->drv_flags & WPA_DRIVER_FLAGS_SAE)) 1044 sel &= ~(WPA_KEY_MGMT_SAE | WPA_KEY_MGMT_FT_SAE); 1045#endif /* CONFIG_SAE */ 1046 if (0) { 1047#ifdef CONFIG_IEEE80211R 1048 } else if (sel & WPA_KEY_MGMT_FT_IEEE8021X) { 1049 wpa_s->key_mgmt = WPA_KEY_MGMT_FT_IEEE8021X; 1050 wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using KEY_MGMT FT/802.1X"); 1051 } else if (sel & WPA_KEY_MGMT_FT_PSK) { 1052 wpa_s->key_mgmt = WPA_KEY_MGMT_FT_PSK; 1053 wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using KEY_MGMT FT/PSK"); 1054#endif /* CONFIG_IEEE80211R */ 1055#ifdef CONFIG_SAE 1056 } else if (sel & WPA_KEY_MGMT_SAE) { 1057 wpa_s->key_mgmt = WPA_KEY_MGMT_SAE; 1058 wpa_dbg(wpa_s, MSG_DEBUG, "RSN: using KEY_MGMT SAE"); 1059 } else if (sel & WPA_KEY_MGMT_FT_SAE) { 1060 wpa_s->key_mgmt = WPA_KEY_MGMT_FT_SAE; 1061 wpa_dbg(wpa_s, MSG_DEBUG, "RSN: using KEY_MGMT FT/SAE"); 1062#endif /* CONFIG_SAE */ 1063#ifdef CONFIG_IEEE80211W 1064 } else if (sel & WPA_KEY_MGMT_IEEE8021X_SHA256) { 1065 wpa_s->key_mgmt = WPA_KEY_MGMT_IEEE8021X_SHA256; 1066 wpa_dbg(wpa_s, MSG_DEBUG, 1067 "WPA: using KEY_MGMT 802.1X with SHA256"); 1068 } else if (sel & WPA_KEY_MGMT_PSK_SHA256) { 1069 wpa_s->key_mgmt = WPA_KEY_MGMT_PSK_SHA256; 1070 wpa_dbg(wpa_s, MSG_DEBUG, 1071 "WPA: using KEY_MGMT PSK with SHA256"); 1072#endif /* CONFIG_IEEE80211W */ 1073 } else if (sel & WPA_KEY_MGMT_IEEE8021X) { 1074 wpa_s->key_mgmt = WPA_KEY_MGMT_IEEE8021X; 1075 wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using KEY_MGMT 802.1X"); 1076 } else if (sel & WPA_KEY_MGMT_PSK) { 1077 wpa_s->key_mgmt = WPA_KEY_MGMT_PSK; 1078 wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using KEY_MGMT WPA-PSK"); 1079 } else if (sel & WPA_KEY_MGMT_WPA_NONE) { 1080 wpa_s->key_mgmt = WPA_KEY_MGMT_WPA_NONE; 1081 wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using KEY_MGMT WPA-NONE"); 1082 } else { 1083 wpa_msg(wpa_s, MSG_WARNING, "WPA: Failed to select " 1084 "authenticated key management type"); 1085 return -1; 1086 } 1087 1088 wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_KEY_MGMT, wpa_s->key_mgmt); 1089 wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_PAIRWISE, 1090 wpa_s->pairwise_cipher); 1091 wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_GROUP, wpa_s->group_cipher); 1092 1093#ifdef CONFIG_IEEE80211W 1094 sel = ie.mgmt_group_cipher; 1095 if ((ssid->ieee80211w == MGMT_FRAME_PROTECTION_DEFAULT ? 1096 wpa_s->conf->pmf : ssid->ieee80211w) == NO_MGMT_FRAME_PROTECTION || 1097 !(ie.capabilities & WPA_CAPABILITY_MFPC)) 1098 sel = 0; 1099 if (sel & WPA_CIPHER_AES_128_CMAC) { 1100 wpa_s->mgmt_group_cipher = WPA_CIPHER_AES_128_CMAC; 1101 wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using MGMT group cipher " 1102 "AES-128-CMAC"); 1103 } else { 1104 wpa_s->mgmt_group_cipher = 0; 1105 wpa_dbg(wpa_s, MSG_DEBUG, "WPA: not using MGMT group cipher"); 1106 } 1107 wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_MGMT_GROUP, 1108 wpa_s->mgmt_group_cipher); 1109 wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_MFP, 1110 (ssid->ieee80211w == MGMT_FRAME_PROTECTION_DEFAULT ? 1111 wpa_s->conf->pmf : ssid->ieee80211w)); 1112#endif /* CONFIG_IEEE80211W */ 1113 1114 if (wpa_sm_set_assoc_wpa_ie_default(wpa_s->wpa, wpa_ie, wpa_ie_len)) { 1115 wpa_msg(wpa_s, MSG_WARNING, "WPA: Failed to generate WPA IE"); 1116 return -1; 1117 } 1118 1119 if (wpa_key_mgmt_wpa_psk(ssid->key_mgmt)) { 1120 wpa_sm_set_pmk(wpa_s->wpa, ssid->psk, PMK_LEN); 1121#ifndef CONFIG_NO_PBKDF2 1122 if (bss && ssid->bssid_set && ssid->ssid_len == 0 && 1123 ssid->passphrase) { 1124 u8 psk[PMK_LEN]; 1125 pbkdf2_sha1(ssid->passphrase, bss->ssid, bss->ssid_len, 1126 4096, psk, PMK_LEN); 1127 wpa_hexdump_key(MSG_MSGDUMP, "PSK (from passphrase)", 1128 psk, PMK_LEN); 1129 wpa_sm_set_pmk(wpa_s->wpa, psk, PMK_LEN); 1130 } 1131#endif /* CONFIG_NO_PBKDF2 */ 1132#ifdef CONFIG_EXT_PASSWORD 1133 if (ssid->ext_psk) { 1134 struct wpabuf *pw = ext_password_get(wpa_s->ext_pw, 1135 ssid->ext_psk); 1136 char pw_str[64 + 1]; 1137 u8 psk[PMK_LEN]; 1138 1139 if (pw == NULL) { 1140 wpa_msg(wpa_s, MSG_INFO, "EXT PW: No PSK " 1141 "found from external storage"); 1142 return -1; 1143 } 1144 1145 if (wpabuf_len(pw) < 8 || wpabuf_len(pw) > 64) { 1146 wpa_msg(wpa_s, MSG_INFO, "EXT PW: Unexpected " 1147 "PSK length %d in external storage", 1148 (int) wpabuf_len(pw)); 1149 ext_password_free(pw); 1150 return -1; 1151 } 1152 1153 os_memcpy(pw_str, wpabuf_head(pw), wpabuf_len(pw)); 1154 pw_str[wpabuf_len(pw)] = '\0'; 1155 1156#ifndef CONFIG_NO_PBKDF2 1157 if (wpabuf_len(pw) >= 8 && wpabuf_len(pw) < 64 && bss) 1158 { 1159 pbkdf2_sha1(pw_str, bss->ssid, bss->ssid_len, 1160 4096, psk, PMK_LEN); 1161 os_memset(pw_str, 0, sizeof(pw_str)); 1162 wpa_hexdump_key(MSG_MSGDUMP, "PSK (from " 1163 "external passphrase)", 1164 psk, PMK_LEN); 1165 wpa_sm_set_pmk(wpa_s->wpa, psk, PMK_LEN); 1166 } else 1167#endif /* CONFIG_NO_PBKDF2 */ 1168 if (wpabuf_len(pw) == 2 * PMK_LEN) { 1169 if (hexstr2bin(pw_str, psk, PMK_LEN) < 0) { 1170 wpa_msg(wpa_s, MSG_INFO, "EXT PW: " 1171 "Invalid PSK hex string"); 1172 os_memset(pw_str, 0, sizeof(pw_str)); 1173 ext_password_free(pw); 1174 return -1; 1175 } 1176 wpa_sm_set_pmk(wpa_s->wpa, psk, PMK_LEN); 1177 } else { 1178 wpa_msg(wpa_s, MSG_INFO, "EXT PW: No suitable " 1179 "PSK available"); 1180 os_memset(pw_str, 0, sizeof(pw_str)); 1181 ext_password_free(pw); 1182 return -1; 1183 } 1184 1185 os_memset(pw_str, 0, sizeof(pw_str)); 1186 ext_password_free(pw); 1187 } 1188#endif /* CONFIG_EXT_PASSWORD */ 1189 } else 1190 wpa_sm_set_pmk_from_pmksa(wpa_s->wpa); 1191 1192 return 0; 1193} 1194 1195 1196int wpas_build_ext_capab(struct wpa_supplicant *wpa_s, u8 *buf) 1197{ 1198 u32 ext_capab = 0; 1199 u8 *pos = buf; 1200 1201#ifdef CONFIG_INTERWORKING 1202 if (wpa_s->conf->interworking) 1203 ext_capab |= BIT(31); /* Interworking */ 1204#endif /* CONFIG_INTERWORKING */ 1205 1206#ifdef CONFIG_WNM 1207 ext_capab |= BIT(17); /* WNM-Sleep Mode */ 1208 ext_capab |= BIT(19); /* BSS Transition */ 1209#endif /* CONFIG_WNM */ 1210 1211 if (!ext_capab) 1212 return 0; 1213 1214 *pos++ = WLAN_EID_EXT_CAPAB; 1215 *pos++ = 4; 1216 WPA_PUT_LE32(pos, ext_capab); 1217 pos += 4; 1218 1219 return pos - buf; 1220} 1221 1222 1223/** 1224 * wpa_supplicant_associate - Request association 1225 * @wpa_s: Pointer to wpa_supplicant data 1226 * @bss: Scan results for the selected BSS, or %NULL if not available 1227 * @ssid: Configuration data for the selected network 1228 * 1229 * This function is used to request %wpa_supplicant to associate with a BSS. 1230 */ 1231void wpa_supplicant_associate(struct wpa_supplicant *wpa_s, 1232 struct wpa_bss *bss, struct wpa_ssid *ssid) 1233{ 1234 u8 wpa_ie[200]; 1235 size_t wpa_ie_len; 1236 int use_crypt, ret, i, bssid_changed; 1237 int algs = WPA_AUTH_ALG_OPEN; 1238 enum wpa_cipher cipher_pairwise, cipher_group; 1239 struct wpa_driver_associate_params params; 1240 int wep_keys_set = 0; 1241 struct wpa_driver_capa capa; 1242 int assoc_failed = 0; 1243 struct wpa_ssid *old_ssid; 1244 u8 ext_capab[10]; 1245 int ext_capab_len; 1246#ifdef CONFIG_HT_OVERRIDES 1247 struct ieee80211_ht_capabilities htcaps; 1248 struct ieee80211_ht_capabilities htcaps_mask; 1249#endif /* CONFIG_HT_OVERRIDES */ 1250 1251#ifdef CONFIG_IBSS_RSN 1252 ibss_rsn_deinit(wpa_s->ibss_rsn); 1253 wpa_s->ibss_rsn = NULL; 1254#endif /* CONFIG_IBSS_RSN */ 1255#ifdef ANDROID_P2P 1256 int freq = 0; 1257#endif 1258 1259 if (ssid->mode == WPAS_MODE_AP || ssid->mode == WPAS_MODE_P2P_GO || 1260 ssid->mode == WPAS_MODE_P2P_GROUP_FORMATION) { 1261#ifdef CONFIG_AP 1262 if (!(wpa_s->drv_flags & WPA_DRIVER_FLAGS_AP)) { 1263 wpa_msg(wpa_s, MSG_INFO, "Driver does not support AP " 1264 "mode"); 1265 return; 1266 } 1267 if (wpa_supplicant_create_ap(wpa_s, ssid) < 0) { 1268 wpa_supplicant_set_state(wpa_s, WPA_DISCONNECTED); 1269 return; 1270 } 1271 wpa_s->current_bss = bss; 1272#else /* CONFIG_AP */ 1273 wpa_msg(wpa_s, MSG_ERROR, "AP mode support not included in " 1274 "the build"); 1275#endif /* CONFIG_AP */ 1276 return; 1277 } 1278 1279#ifdef CONFIG_TDLS 1280 if (bss) 1281 wpa_tdls_ap_ies(wpa_s->wpa, (const u8 *) (bss + 1), 1282 bss->ie_len); 1283#endif /* CONFIG_TDLS */ 1284 1285 if ((wpa_s->drv_flags & WPA_DRIVER_FLAGS_SME) && 1286 ssid->mode == IEEE80211_MODE_INFRA) { 1287 sme_authenticate(wpa_s, bss, ssid); 1288 return; 1289 } 1290 1291 os_memset(¶ms, 0, sizeof(params)); 1292 wpa_s->reassociate = 0; 1293 if (bss && !wpas_driver_bss_selection(wpa_s)) { 1294#ifdef CONFIG_IEEE80211R 1295 const u8 *ie, *md = NULL; 1296#endif /* CONFIG_IEEE80211R */ 1297 wpa_msg(wpa_s, MSG_INFO, "Trying to associate with " MACSTR 1298 " (SSID='%s' freq=%d MHz)", MAC2STR(bss->bssid), 1299 wpa_ssid_txt(bss->ssid, bss->ssid_len), bss->freq); 1300 bssid_changed = !is_zero_ether_addr(wpa_s->bssid); 1301 os_memset(wpa_s->bssid, 0, ETH_ALEN); 1302 os_memcpy(wpa_s->pending_bssid, bss->bssid, ETH_ALEN); 1303 if (bssid_changed) 1304 wpas_notify_bssid_changed(wpa_s); 1305#ifdef CONFIG_IEEE80211R 1306 ie = wpa_bss_get_ie(bss, WLAN_EID_MOBILITY_DOMAIN); 1307 if (ie && ie[1] >= MOBILITY_DOMAIN_ID_LEN) 1308 md = ie + 2; 1309 wpa_sm_set_ft_params(wpa_s->wpa, ie, ie ? 2 + ie[1] : 0); 1310 if (md) { 1311 /* Prepare for the next transition */ 1312 wpa_ft_prepare_auth_request(wpa_s->wpa, ie); 1313 } 1314#endif /* CONFIG_IEEE80211R */ 1315#ifdef CONFIG_WPS 1316 } else if ((ssid->ssid == NULL || ssid->ssid_len == 0) && 1317 wpa_s->conf->ap_scan == 2 && 1318 (ssid->key_mgmt & WPA_KEY_MGMT_WPS)) { 1319 /* Use ap_scan==1 style network selection to find the network 1320 */ 1321 wpa_s->scan_req = MANUAL_SCAN_REQ; 1322 wpa_s->reassociate = 1; 1323 wpa_supplicant_req_scan(wpa_s, 0, 0); 1324 return; 1325#endif /* CONFIG_WPS */ 1326 } else { 1327 wpa_msg(wpa_s, MSG_INFO, "Trying to associate with SSID '%s'", 1328 wpa_ssid_txt(ssid->ssid, ssid->ssid_len)); 1329 os_memset(wpa_s->pending_bssid, 0, ETH_ALEN); 1330 } 1331 wpa_supplicant_cancel_sched_scan(wpa_s); 1332 wpa_supplicant_cancel_scan(wpa_s); 1333 1334 /* Starting new association, so clear the possibly used WPA IE from the 1335 * previous association. */ 1336 wpa_sm_set_assoc_wpa_ie(wpa_s->wpa, NULL, 0); 1337 1338#ifdef IEEE8021X_EAPOL 1339 if (ssid->key_mgmt & WPA_KEY_MGMT_IEEE8021X_NO_WPA) { 1340 if (ssid->leap) { 1341 if (ssid->non_leap == 0) 1342 algs = WPA_AUTH_ALG_LEAP; 1343 else 1344 algs |= WPA_AUTH_ALG_LEAP; 1345 } 1346 } 1347#endif /* IEEE8021X_EAPOL */ 1348 wpa_dbg(wpa_s, MSG_DEBUG, "Automatic auth_alg selection: 0x%x", algs); 1349 if (ssid->auth_alg) { 1350 algs = ssid->auth_alg; 1351 wpa_dbg(wpa_s, MSG_DEBUG, "Overriding auth_alg selection: " 1352 "0x%x", algs); 1353 } 1354 1355 if (bss && (wpa_bss_get_vendor_ie(bss, WPA_IE_VENDOR_TYPE) || 1356 wpa_bss_get_ie(bss, WLAN_EID_RSN)) && 1357 wpa_key_mgmt_wpa(ssid->key_mgmt)) { 1358 int try_opportunistic; 1359 try_opportunistic = (ssid->proactive_key_caching < 0 ? 1360 wpa_s->conf->okc : 1361 ssid->proactive_key_caching) && 1362 (ssid->proto & WPA_PROTO_RSN); 1363 if (pmksa_cache_set_current(wpa_s->wpa, NULL, bss->bssid, 1364 wpa_s->current_ssid, 1365 try_opportunistic) == 0) 1366 eapol_sm_notify_pmkid_attempt(wpa_s->eapol, 1); 1367 wpa_ie_len = sizeof(wpa_ie); 1368 if (wpa_supplicant_set_suites(wpa_s, bss, ssid, 1369 wpa_ie, &wpa_ie_len)) { 1370 wpa_msg(wpa_s, MSG_WARNING, "WPA: Failed to set WPA " 1371 "key management and encryption suites"); 1372 return; 1373 } 1374 } else if ((ssid->key_mgmt & WPA_KEY_MGMT_IEEE8021X_NO_WPA) && bss && 1375 wpa_key_mgmt_wpa_ieee8021x(ssid->key_mgmt)) { 1376 /* 1377 * Both WPA and non-WPA IEEE 802.1X enabled in configuration - 1378 * use non-WPA since the scan results did not indicate that the 1379 * AP is using WPA or WPA2. 1380 */ 1381 wpa_supplicant_set_non_wpa_policy(wpa_s, ssid); 1382 wpa_ie_len = 0; 1383 wpa_s->wpa_proto = 0; 1384 } else if (wpa_key_mgmt_wpa_any(ssid->key_mgmt)) { 1385 wpa_ie_len = sizeof(wpa_ie); 1386 if (wpa_supplicant_set_suites(wpa_s, NULL, ssid, 1387 wpa_ie, &wpa_ie_len)) { 1388 wpa_msg(wpa_s, MSG_WARNING, "WPA: Failed to set WPA " 1389 "key management and encryption suites (no " 1390 "scan results)"); 1391 return; 1392 } 1393#ifdef CONFIG_WPS 1394 } else if (ssid->key_mgmt & WPA_KEY_MGMT_WPS) { 1395 struct wpabuf *wps_ie; 1396 wps_ie = wps_build_assoc_req_ie(wpas_wps_get_req_type(ssid)); 1397 if (wps_ie && wpabuf_len(wps_ie) <= sizeof(wpa_ie)) { 1398 wpa_ie_len = wpabuf_len(wps_ie); 1399 os_memcpy(wpa_ie, wpabuf_head(wps_ie), wpa_ie_len); 1400 } else 1401 wpa_ie_len = 0; 1402 wpabuf_free(wps_ie); 1403 wpa_supplicant_set_non_wpa_policy(wpa_s, ssid); 1404 if (!bss || (bss->caps & IEEE80211_CAP_PRIVACY)) 1405 params.wps = WPS_MODE_PRIVACY; 1406 else 1407 params.wps = WPS_MODE_OPEN; 1408 wpa_s->wpa_proto = 0; 1409#endif /* CONFIG_WPS */ 1410 } else { 1411 wpa_supplicant_set_non_wpa_policy(wpa_s, ssid); 1412 wpa_ie_len = 0; 1413 wpa_s->wpa_proto = 0; 1414 } 1415 1416#ifdef CONFIG_P2P 1417 if (wpa_s->global->p2p) { 1418 u8 *pos; 1419 size_t len; 1420 int res; 1421 pos = wpa_ie + wpa_ie_len; 1422 len = sizeof(wpa_ie) - wpa_ie_len; 1423 res = wpas_p2p_assoc_req_ie(wpa_s, bss, pos, len, 1424 ssid->p2p_group); 1425 if (res >= 0) 1426 wpa_ie_len += res; 1427 } 1428 1429 wpa_s->cross_connect_disallowed = 0; 1430 if (bss) { 1431 struct wpabuf *p2p; 1432 p2p = wpa_bss_get_vendor_ie_multi(bss, P2P_IE_VENDOR_TYPE); 1433 if (p2p) { 1434 wpa_s->cross_connect_disallowed = 1435 p2p_get_cross_connect_disallowed(p2p); 1436 wpabuf_free(p2p); 1437 wpa_dbg(wpa_s, MSG_DEBUG, "P2P: WLAN AP %s cross " 1438 "connection", 1439 wpa_s->cross_connect_disallowed ? 1440 "disallows" : "allows"); 1441 } 1442 } 1443#endif /* CONFIG_P2P */ 1444 1445#ifdef CONFIG_HS20 1446 if (wpa_s->conf->hs20) { 1447 struct wpabuf *hs20; 1448 hs20 = wpabuf_alloc(20); 1449 if (hs20) { 1450 wpas_hs20_add_indication(hs20); 1451 os_memcpy(wpa_ie + wpa_ie_len, wpabuf_head(hs20), 1452 wpabuf_len(hs20)); 1453 wpa_ie_len += wpabuf_len(hs20); 1454 wpabuf_free(hs20); 1455 } 1456 } 1457#endif /* CONFIG_HS20 */ 1458 1459 ext_capab_len = wpas_build_ext_capab(wpa_s, ext_capab); 1460 if (ext_capab_len > 0) { 1461 u8 *pos = wpa_ie; 1462 if (wpa_ie_len > 0 && pos[0] == WLAN_EID_RSN) 1463 pos += 2 + pos[1]; 1464 os_memmove(pos + ext_capab_len, pos, 1465 wpa_ie_len - (pos - wpa_ie)); 1466 wpa_ie_len += ext_capab_len; 1467 os_memcpy(pos, ext_capab, ext_capab_len); 1468 } 1469 1470 wpa_clear_keys(wpa_s, bss ? bss->bssid : NULL); 1471 use_crypt = 1; 1472 cipher_pairwise = wpa_cipher_to_suite_driver(wpa_s->pairwise_cipher); 1473 cipher_group = wpa_cipher_to_suite_driver(wpa_s->group_cipher); 1474 if (wpa_s->key_mgmt == WPA_KEY_MGMT_NONE || 1475 wpa_s->key_mgmt == WPA_KEY_MGMT_IEEE8021X_NO_WPA) { 1476 if (wpa_s->key_mgmt == WPA_KEY_MGMT_NONE) 1477 use_crypt = 0; 1478 if (wpa_set_wep_keys(wpa_s, ssid)) { 1479 use_crypt = 1; 1480 wep_keys_set = 1; 1481 } 1482 } 1483 if (wpa_s->key_mgmt == WPA_KEY_MGMT_WPS) 1484 use_crypt = 0; 1485 1486#ifdef IEEE8021X_EAPOL 1487 if (wpa_s->key_mgmt == WPA_KEY_MGMT_IEEE8021X_NO_WPA) { 1488 if ((ssid->eapol_flags & 1489 (EAPOL_FLAG_REQUIRE_KEY_UNICAST | 1490 EAPOL_FLAG_REQUIRE_KEY_BROADCAST)) == 0 && 1491 !wep_keys_set) { 1492 use_crypt = 0; 1493 } else { 1494 /* Assume that dynamic WEP-104 keys will be used and 1495 * set cipher suites in order for drivers to expect 1496 * encryption. */ 1497 cipher_pairwise = cipher_group = CIPHER_WEP104; 1498 } 1499 } 1500#endif /* IEEE8021X_EAPOL */ 1501 1502 if (wpa_s->key_mgmt == WPA_KEY_MGMT_WPA_NONE) { 1503 /* Set the key before (and later after) association */ 1504 wpa_supplicant_set_wpa_none_key(wpa_s, ssid); 1505 } 1506 1507 wpa_supplicant_set_state(wpa_s, WPA_ASSOCIATING); 1508 if (bss) { 1509 params.ssid = bss->ssid; 1510 params.ssid_len = bss->ssid_len; 1511 if (!wpas_driver_bss_selection(wpa_s) || ssid->bssid_set) { 1512 wpa_printf(MSG_DEBUG, "Limit connection to BSSID " 1513 MACSTR " freq=%u MHz based on scan results " 1514 "(bssid_set=%d)", 1515 MAC2STR(bss->bssid), bss->freq, 1516 ssid->bssid_set); 1517 params.bssid = bss->bssid; 1518 params.freq = bss->freq; 1519 } 1520 } else { 1521 params.ssid = ssid->ssid; 1522 params.ssid_len = ssid->ssid_len; 1523 } 1524 1525 if (ssid->mode == WPAS_MODE_IBSS && ssid->bssid_set && 1526 wpa_s->conf->ap_scan == 2) { 1527 params.bssid = ssid->bssid; 1528 params.fixed_bssid = 1; 1529 } 1530 1531 if (ssid->mode == WPAS_MODE_IBSS && ssid->frequency > 0 && 1532 params.freq == 0) 1533 params.freq = ssid->frequency; /* Initial channel for IBSS */ 1534 params.wpa_ie = wpa_ie; 1535 params.wpa_ie_len = wpa_ie_len; 1536 params.pairwise_suite = cipher_pairwise; 1537 params.group_suite = cipher_group; 1538 params.key_mgmt_suite = key_mgmt2driver(wpa_s->key_mgmt); 1539 params.wpa_proto = wpa_s->wpa_proto; 1540 params.auth_alg = algs; 1541 params.mode = ssid->mode; 1542 params.bg_scan_period = ssid->bg_scan_period; 1543 for (i = 0; i < NUM_WEP_KEYS; i++) { 1544 if (ssid->wep_key_len[i]) 1545 params.wep_key[i] = ssid->wep_key[i]; 1546 params.wep_key_len[i] = ssid->wep_key_len[i]; 1547 } 1548 params.wep_tx_keyidx = ssid->wep_tx_keyidx; 1549 1550 if ((wpa_s->drv_flags & WPA_DRIVER_FLAGS_4WAY_HANDSHAKE) && 1551 (params.key_mgmt_suite == KEY_MGMT_PSK || 1552 params.key_mgmt_suite == KEY_MGMT_FT_PSK)) { 1553 params.passphrase = ssid->passphrase; 1554 if (ssid->psk_set) 1555 params.psk = ssid->psk; 1556 } 1557 1558 params.drop_unencrypted = use_crypt; 1559 1560#ifdef CONFIG_IEEE80211W 1561 params.mgmt_frame_protection = 1562 ssid->ieee80211w == MGMT_FRAME_PROTECTION_DEFAULT ? 1563 wpa_s->conf->pmf : ssid->ieee80211w; 1564 if (params.mgmt_frame_protection != NO_MGMT_FRAME_PROTECTION && bss) { 1565 const u8 *rsn = wpa_bss_get_ie(bss, WLAN_EID_RSN); 1566 struct wpa_ie_data ie; 1567 if (rsn && wpa_parse_wpa_ie(rsn, 2 + rsn[1], &ie) == 0 && 1568 ie.capabilities & 1569 (WPA_CAPABILITY_MFPC | WPA_CAPABILITY_MFPR)) { 1570 wpa_dbg(wpa_s, MSG_DEBUG, "WPA: Selected AP supports " 1571 "MFP: require MFP"); 1572 params.mgmt_frame_protection = 1573 MGMT_FRAME_PROTECTION_REQUIRED; 1574 } 1575 } 1576#endif /* CONFIG_IEEE80211W */ 1577 1578 params.p2p = ssid->p2p_group; 1579 1580 if (wpa_s->parent->set_sta_uapsd) 1581 params.uapsd = wpa_s->parent->sta_uapsd; 1582 else 1583 params.uapsd = -1; 1584 1585#ifdef CONFIG_HT_OVERRIDES 1586 os_memset(&htcaps, 0, sizeof(htcaps)); 1587 os_memset(&htcaps_mask, 0, sizeof(htcaps_mask)); 1588 params.htcaps = (u8 *) &htcaps; 1589 params.htcaps_mask = (u8 *) &htcaps_mask; 1590 wpa_supplicant_apply_ht_overrides(wpa_s, ssid, ¶ms); 1591#endif /* CONFIG_HT_OVERRIDES */ 1592 1593#ifdef ANDROID_P2P 1594 /* If multichannel concurrency is not supported, check for any frequency 1595 * conflict and take appropriate action. 1596 */ 1597 if (!(wpa_s->drv_flags & WPA_DRIVER_FLAGS_MULTI_CHANNEL_CONCURRENT) && 1598 ((freq = wpa_drv_shared_freq(wpa_s)) > 0) && (freq != params.freq)) { 1599 wpa_printf(MSG_DEBUG, "Shared interface with conflicting frequency found (%d != %d)" 1600 , freq, params.freq); 1601 if (wpas_p2p_handle_frequency_conflicts(wpa_s, params.freq, ssid) < 0) 1602 return; 1603 } 1604#endif 1605 ret = wpa_drv_associate(wpa_s, ¶ms); 1606 if (ret < 0) { 1607 wpa_msg(wpa_s, MSG_INFO, "Association request to the driver " 1608 "failed"); 1609 if (wpa_s->drv_flags & WPA_DRIVER_FLAGS_SANE_ERROR_CODES) { 1610 /* 1611 * The driver is known to mean what is saying, so we 1612 * can stop right here; the association will not 1613 * succeed. 1614 */ 1615 wpas_connection_failed(wpa_s, wpa_s->pending_bssid); 1616 wpa_supplicant_set_state(wpa_s, WPA_DISCONNECTED); 1617 os_memset(wpa_s->pending_bssid, 0, ETH_ALEN); 1618 return; 1619 } 1620 /* try to continue anyway; new association will be tried again 1621 * after timeout */ 1622 assoc_failed = 1; 1623 } 1624 1625 if (wpa_s->key_mgmt == WPA_KEY_MGMT_WPA_NONE) { 1626 /* Set the key after the association just in case association 1627 * cleared the previously configured key. */ 1628 wpa_supplicant_set_wpa_none_key(wpa_s, ssid); 1629 /* No need to timeout authentication since there is no key 1630 * management. */ 1631 wpa_supplicant_cancel_auth_timeout(wpa_s); 1632 wpa_supplicant_set_state(wpa_s, WPA_COMPLETED); 1633#ifdef CONFIG_IBSS_RSN 1634 } else if (ssid->mode == WPAS_MODE_IBSS && 1635 wpa_s->key_mgmt != WPA_KEY_MGMT_NONE && 1636 wpa_s->key_mgmt != WPA_KEY_MGMT_WPA_NONE) { 1637 /* 1638 * RSN IBSS authentication is per-STA and we can disable the 1639 * per-BSSID authentication. 1640 */ 1641 wpa_supplicant_cancel_auth_timeout(wpa_s); 1642#endif /* CONFIG_IBSS_RSN */ 1643 } else { 1644 /* Timeout for IEEE 802.11 authentication and association */ 1645 int timeout = 60; 1646 1647 if (assoc_failed) { 1648 /* give IBSS a bit more time */ 1649 timeout = ssid->mode == WPAS_MODE_IBSS ? 10 : 5; 1650 } else if (wpa_s->conf->ap_scan == 1) { 1651 /* give IBSS a bit more time */ 1652 timeout = ssid->mode == WPAS_MODE_IBSS ? 20 : 10; 1653 } 1654 wpa_supplicant_req_auth_timeout(wpa_s, timeout, 0); 1655 } 1656 1657 if (wep_keys_set && wpa_drv_get_capa(wpa_s, &capa) == 0 && 1658 capa.flags & WPA_DRIVER_FLAGS_SET_KEYS_AFTER_ASSOC) { 1659 /* Set static WEP keys again */ 1660 wpa_set_wep_keys(wpa_s, ssid); 1661 } 1662 1663 if (wpa_s->current_ssid && wpa_s->current_ssid != ssid) { 1664 /* 1665 * Do not allow EAP session resumption between different 1666 * network configurations. 1667 */ 1668 eapol_sm_invalidate_cached_session(wpa_s->eapol); 1669 } 1670 old_ssid = wpa_s->current_ssid; 1671 wpa_s->current_ssid = ssid; 1672 wpa_s->current_bss = bss; 1673 wpa_supplicant_rsn_supp_set_config(wpa_s, wpa_s->current_ssid); 1674 wpa_supplicant_initiate_eapol(wpa_s); 1675 if (old_ssid != wpa_s->current_ssid) 1676 wpas_notify_network_changed(wpa_s); 1677} 1678 1679 1680static void wpa_supplicant_clear_connection(struct wpa_supplicant *wpa_s, 1681 const u8 *addr) 1682{ 1683 struct wpa_ssid *old_ssid; 1684 1685 wpa_clear_keys(wpa_s, addr); 1686 old_ssid = wpa_s->current_ssid; 1687 wpa_supplicant_mark_disassoc(wpa_s); 1688 wpa_sm_set_config(wpa_s->wpa, NULL); 1689 eapol_sm_notify_config(wpa_s->eapol, NULL, NULL); 1690 if (old_ssid != wpa_s->current_ssid) 1691 wpas_notify_network_changed(wpa_s); 1692 eloop_cancel_timeout(wpa_supplicant_timeout, wpa_s, NULL); 1693} 1694 1695 1696/** 1697 * wpa_supplicant_deauthenticate - Deauthenticate the current connection 1698 * @wpa_s: Pointer to wpa_supplicant data 1699 * @reason_code: IEEE 802.11 reason code for the deauthenticate frame 1700 * 1701 * This function is used to request %wpa_supplicant to deauthenticate from the 1702 * current AP. 1703 */ 1704void wpa_supplicant_deauthenticate(struct wpa_supplicant *wpa_s, 1705 int reason_code) 1706{ 1707 u8 *addr = NULL; 1708 union wpa_event_data event; 1709 int zero_addr = 0; 1710 1711 wpa_dbg(wpa_s, MSG_DEBUG, "Request to deauthenticate - bssid=" MACSTR 1712 " pending_bssid=" MACSTR " reason=%d state=%s", 1713 MAC2STR(wpa_s->bssid), MAC2STR(wpa_s->pending_bssid), 1714 reason_code, wpa_supplicant_state_txt(wpa_s->wpa_state)); 1715 1716 if (!is_zero_ether_addr(wpa_s->bssid)) 1717 addr = wpa_s->bssid; 1718 else if (!is_zero_ether_addr(wpa_s->pending_bssid) && 1719 (wpa_s->wpa_state == WPA_AUTHENTICATING || 1720 wpa_s->wpa_state == WPA_ASSOCIATING)) 1721 addr = wpa_s->pending_bssid; 1722 else if (wpa_s->wpa_state == WPA_ASSOCIATING) { 1723 /* 1724 * When using driver-based BSS selection, we may not know the 1725 * BSSID with which we are currently trying to associate. We 1726 * need to notify the driver of this disconnection even in such 1727 * a case, so use the all zeros address here. 1728 */ 1729 addr = wpa_s->bssid; 1730 zero_addr = 1; 1731 } 1732 1733 if (addr) { 1734 wpa_drv_deauthenticate(wpa_s, addr, reason_code); 1735 os_memset(&event, 0, sizeof(event)); 1736 event.deauth_info.reason_code = (u16) reason_code; 1737 event.deauth_info.locally_generated = 1; 1738 wpa_supplicant_event(wpa_s, EVENT_DEAUTH, &event); 1739 if (zero_addr) 1740 addr = NULL; 1741 } 1742 1743 wpa_supplicant_clear_connection(wpa_s, addr); 1744} 1745 1746 1747/** 1748 * wpa_supplicant_enable_network - Mark a configured network as enabled 1749 * @wpa_s: wpa_supplicant structure for a network interface 1750 * @ssid: wpa_ssid structure for a configured network or %NULL 1751 * 1752 * Enables the specified network or all networks if no network specified. 1753 */ 1754void wpa_supplicant_enable_network(struct wpa_supplicant *wpa_s, 1755 struct wpa_ssid *ssid) 1756{ 1757 struct wpa_ssid *other_ssid; 1758 int was_disabled; 1759 1760 if (ssid == NULL) { 1761 for (other_ssid = wpa_s->conf->ssid; other_ssid; 1762 other_ssid = other_ssid->next) { 1763 if (other_ssid->disabled == 2) 1764 continue; /* do not change persistent P2P group 1765 * data */ 1766 if (other_ssid == wpa_s->current_ssid && 1767 other_ssid->disabled) 1768 wpa_s->reassociate = 1; 1769 1770 was_disabled = other_ssid->disabled; 1771 1772 other_ssid->disabled = 0; 1773 if (was_disabled) 1774 wpas_clear_temp_disabled(wpa_s, other_ssid, 0); 1775 1776 if (was_disabled != other_ssid->disabled) 1777 wpas_notify_network_enabled_changed( 1778 wpa_s, other_ssid); 1779 } 1780 if (wpa_s->reassociate) 1781 wpa_supplicant_req_scan(wpa_s, 0, 0); 1782 } else if (ssid->disabled && ssid->disabled != 2) { 1783 if (wpa_s->current_ssid == NULL) { 1784 /* 1785 * Try to reassociate since there is no current 1786 * configuration and a new network was made available. 1787 */ 1788 wpa_s->reassociate = 1; 1789 wpa_supplicant_req_scan(wpa_s, 0, 0); 1790 } 1791 1792 was_disabled = ssid->disabled; 1793 1794 ssid->disabled = 0; 1795 wpas_clear_temp_disabled(wpa_s, ssid, 1); 1796 1797 if (was_disabled != ssid->disabled) 1798 wpas_notify_network_enabled_changed(wpa_s, ssid); 1799 } 1800} 1801 1802 1803/** 1804 * wpa_supplicant_disable_network - Mark a configured network as disabled 1805 * @wpa_s: wpa_supplicant structure for a network interface 1806 * @ssid: wpa_ssid structure for a configured network or %NULL 1807 * 1808 * Disables the specified network or all networks if no network specified. 1809 */ 1810void wpa_supplicant_disable_network(struct wpa_supplicant *wpa_s, 1811 struct wpa_ssid *ssid) 1812{ 1813 struct wpa_ssid *other_ssid; 1814 int was_disabled; 1815 1816 if (ssid == NULL) { 1817 for (other_ssid = wpa_s->conf->ssid; other_ssid; 1818 other_ssid = other_ssid->next) { 1819 was_disabled = other_ssid->disabled; 1820 if (was_disabled == 2) 1821 continue; /* do not change persistent P2P group 1822 * data */ 1823 1824 other_ssid->disabled = 1; 1825 1826 if (was_disabled != other_ssid->disabled) 1827 wpas_notify_network_enabled_changed( 1828 wpa_s, other_ssid); 1829 } 1830 if (wpa_s->current_ssid) 1831 wpa_supplicant_deauthenticate( 1832 wpa_s, WLAN_REASON_DEAUTH_LEAVING); 1833 } else if (ssid->disabled != 2) { 1834 if (ssid == wpa_s->current_ssid) 1835 wpa_supplicant_deauthenticate( 1836 wpa_s, WLAN_REASON_DEAUTH_LEAVING); 1837 1838 was_disabled = ssid->disabled; 1839 1840 ssid->disabled = 1; 1841 1842 if (was_disabled != ssid->disabled) 1843 wpas_notify_network_enabled_changed(wpa_s, ssid); 1844 } 1845} 1846 1847 1848/** 1849 * wpa_supplicant_select_network - Attempt association with a network 1850 * @wpa_s: wpa_supplicant structure for a network interface 1851 * @ssid: wpa_ssid structure for a configured network or %NULL for any network 1852 */ 1853void wpa_supplicant_select_network(struct wpa_supplicant *wpa_s, 1854 struct wpa_ssid *ssid) 1855{ 1856 1857 struct wpa_ssid *other_ssid; 1858 int disconnected = 0; 1859 1860 if (ssid && ssid != wpa_s->current_ssid && wpa_s->current_ssid) { 1861 wpa_supplicant_deauthenticate( 1862 wpa_s, WLAN_REASON_DEAUTH_LEAVING); 1863 disconnected = 1; 1864 } 1865 1866 if (ssid) 1867 wpas_clear_temp_disabled(wpa_s, ssid, 1); 1868 1869 /* 1870 * Mark all other networks disabled or mark all networks enabled if no 1871 * network specified. 1872 */ 1873 for (other_ssid = wpa_s->conf->ssid; other_ssid; 1874 other_ssid = other_ssid->next) { 1875 int was_disabled = other_ssid->disabled; 1876 if (was_disabled == 2) 1877 continue; /* do not change persistent P2P group data */ 1878 1879 other_ssid->disabled = ssid ? (ssid->id != other_ssid->id) : 0; 1880 if (was_disabled && !other_ssid->disabled) 1881 wpas_clear_temp_disabled(wpa_s, other_ssid, 0); 1882 1883 if (was_disabled != other_ssid->disabled) 1884 wpas_notify_network_enabled_changed(wpa_s, other_ssid); 1885 } 1886 1887 if (ssid && ssid == wpa_s->current_ssid && wpa_s->current_ssid) { 1888 /* We are already associated with the selected network */ 1889 wpa_printf(MSG_DEBUG, "Already associated with the " 1890 "selected network - do nothing"); 1891 return; 1892 } 1893 1894 if (ssid) 1895 wpa_s->current_ssid = ssid; 1896 wpa_s->connect_without_scan = NULL; 1897 wpa_s->disconnected = 0; 1898 wpa_s->reassociate = 1; 1899 wpa_supplicant_req_scan(wpa_s, 0, disconnected ? 100000 : 0); 1900 1901 if (ssid) 1902 wpas_notify_network_selected(wpa_s, ssid); 1903} 1904 1905 1906/** 1907 * wpa_supplicant_set_ap_scan - Set AP scan mode for interface 1908 * @wpa_s: wpa_supplicant structure for a network interface 1909 * @ap_scan: AP scan mode 1910 * Returns: 0 if succeed or -1 if ap_scan has an invalid value 1911 * 1912 */ 1913int wpa_supplicant_set_ap_scan(struct wpa_supplicant *wpa_s, int ap_scan) 1914{ 1915 1916 int old_ap_scan; 1917 1918 if (ap_scan < 0 || ap_scan > 2) 1919 return -1; 1920 1921#ifdef ANDROID 1922 if (ap_scan == 2 && ap_scan != wpa_s->conf->ap_scan && 1923 wpa_s->wpa_state >= WPA_ASSOCIATING && 1924 wpa_s->wpa_state < WPA_COMPLETED) { 1925 wpa_printf(MSG_ERROR, "ap_scan = %d (%d) rejected while " 1926 "associating", wpa_s->conf->ap_scan, ap_scan); 1927 return 0; 1928 } 1929#endif /* ANDROID */ 1930 1931 old_ap_scan = wpa_s->conf->ap_scan; 1932 wpa_s->conf->ap_scan = ap_scan; 1933 1934 if (old_ap_scan != wpa_s->conf->ap_scan) 1935 wpas_notify_ap_scan_changed(wpa_s); 1936 1937 return 0; 1938} 1939 1940 1941/** 1942 * wpa_supplicant_set_bss_expiration_age - Set BSS entry expiration age 1943 * @wpa_s: wpa_supplicant structure for a network interface 1944 * @expire_age: Expiration age in seconds 1945 * Returns: 0 if succeed or -1 if expire_age has an invalid value 1946 * 1947 */ 1948int wpa_supplicant_set_bss_expiration_age(struct wpa_supplicant *wpa_s, 1949 unsigned int bss_expire_age) 1950{ 1951 if (bss_expire_age < 10) { 1952 wpa_msg(wpa_s, MSG_ERROR, "Invalid bss expiration age %u", 1953 bss_expire_age); 1954 return -1; 1955 } 1956 wpa_msg(wpa_s, MSG_DEBUG, "Setting bss expiration age: %d sec", 1957 bss_expire_age); 1958 wpa_s->conf->bss_expiration_age = bss_expire_age; 1959 1960 return 0; 1961} 1962 1963 1964/** 1965 * wpa_supplicant_set_bss_expiration_count - Set BSS entry expiration scan count 1966 * @wpa_s: wpa_supplicant structure for a network interface 1967 * @expire_count: number of scans after which an unseen BSS is reclaimed 1968 * Returns: 0 if succeed or -1 if expire_count has an invalid value 1969 * 1970 */ 1971int wpa_supplicant_set_bss_expiration_count(struct wpa_supplicant *wpa_s, 1972 unsigned int bss_expire_count) 1973{ 1974 if (bss_expire_count < 1) { 1975 wpa_msg(wpa_s, MSG_ERROR, "Invalid bss expiration count %u", 1976 bss_expire_count); 1977 return -1; 1978 } 1979 wpa_msg(wpa_s, MSG_DEBUG, "Setting bss expiration scan count: %u", 1980 bss_expire_count); 1981 wpa_s->conf->bss_expiration_scan_count = bss_expire_count; 1982 1983 return 0; 1984} 1985 1986 1987/** 1988 * wpa_supplicant_set_scan_interval - Set scan interval 1989 * @wpa_s: wpa_supplicant structure for a network interface 1990 * @scan_interval: scan interval in seconds 1991 * Returns: 0 if succeed or -1 if scan_interval has an invalid value 1992 * 1993 */ 1994int wpa_supplicant_set_scan_interval(struct wpa_supplicant *wpa_s, 1995 int scan_interval) 1996{ 1997 if (scan_interval < 0) { 1998 wpa_msg(wpa_s, MSG_ERROR, "Invalid scan interval %d", 1999 scan_interval); 2000 return -1; 2001 } 2002 wpa_msg(wpa_s, MSG_DEBUG, "Setting scan interval: %d sec", 2003 scan_interval); 2004 wpa_s->scan_interval = scan_interval; 2005 2006 return 0; 2007} 2008 2009 2010/** 2011 * wpa_supplicant_set_debug_params - Set global debug params 2012 * @global: wpa_global structure 2013 * @debug_level: debug level 2014 * @debug_timestamp: determines if show timestamp in debug data 2015 * @debug_show_keys: determines if show keys in debug data 2016 * Returns: 0 if succeed or -1 if debug_level has wrong value 2017 */ 2018int wpa_supplicant_set_debug_params(struct wpa_global *global, int debug_level, 2019 int debug_timestamp, int debug_show_keys) 2020{ 2021 2022 int old_level, old_timestamp, old_show_keys; 2023 2024 /* check for allowed debuglevels */ 2025 if (debug_level != MSG_EXCESSIVE && 2026 debug_level != MSG_MSGDUMP && 2027 debug_level != MSG_DEBUG && 2028 debug_level != MSG_INFO && 2029 debug_level != MSG_WARNING && 2030 debug_level != MSG_ERROR) 2031 return -1; 2032 2033 old_level = wpa_debug_level; 2034 old_timestamp = wpa_debug_timestamp; 2035 old_show_keys = wpa_debug_show_keys; 2036 2037 wpa_debug_level = debug_level; 2038 wpa_debug_timestamp = debug_timestamp ? 1 : 0; 2039 wpa_debug_show_keys = debug_show_keys ? 1 : 0; 2040 2041 if (wpa_debug_level != old_level) 2042 wpas_notify_debug_level_changed(global); 2043 if (wpa_debug_timestamp != old_timestamp) 2044 wpas_notify_debug_timestamp_changed(global); 2045 if (wpa_debug_show_keys != old_show_keys) 2046 wpas_notify_debug_show_keys_changed(global); 2047 2048 return 0; 2049} 2050 2051 2052/** 2053 * wpa_supplicant_get_ssid - Get a pointer to the current network structure 2054 * @wpa_s: Pointer to wpa_supplicant data 2055 * Returns: A pointer to the current network structure or %NULL on failure 2056 */ 2057struct wpa_ssid * wpa_supplicant_get_ssid(struct wpa_supplicant *wpa_s) 2058{ 2059 struct wpa_ssid *entry; 2060 u8 ssid[MAX_SSID_LEN]; 2061 int res; 2062 size_t ssid_len; 2063 u8 bssid[ETH_ALEN]; 2064 int wired; 2065 2066 res = wpa_drv_get_ssid(wpa_s, ssid); 2067 if (res < 0) { 2068 wpa_msg(wpa_s, MSG_WARNING, "Could not read SSID from " 2069 "driver"); 2070 return NULL; 2071 } 2072 ssid_len = res; 2073 2074 if (wpa_drv_get_bssid(wpa_s, bssid) < 0) { 2075 wpa_msg(wpa_s, MSG_WARNING, "Could not read BSSID from " 2076 "driver"); 2077 return NULL; 2078 } 2079 2080 wired = wpa_s->conf->ap_scan == 0 && 2081 (wpa_s->drv_flags & WPA_DRIVER_FLAGS_WIRED); 2082 2083 entry = wpa_s->conf->ssid; 2084 while (entry) { 2085 if (!wpas_network_disabled(wpa_s, entry) && 2086 ((ssid_len == entry->ssid_len && 2087 os_memcmp(ssid, entry->ssid, ssid_len) == 0) || wired) && 2088 (!entry->bssid_set || 2089 os_memcmp(bssid, entry->bssid, ETH_ALEN) == 0)) 2090 return entry; 2091#ifdef CONFIG_WPS 2092 if (!wpas_network_disabled(wpa_s, entry) && 2093 (entry->key_mgmt & WPA_KEY_MGMT_WPS) && 2094 (entry->ssid == NULL || entry->ssid_len == 0) && 2095 (!entry->bssid_set || 2096 os_memcmp(bssid, entry->bssid, ETH_ALEN) == 0)) 2097 return entry; 2098#endif /* CONFIG_WPS */ 2099 2100 if (!wpas_network_disabled(wpa_s, entry) && entry->bssid_set && 2101 entry->ssid_len == 0 && 2102 os_memcmp(bssid, entry->bssid, ETH_ALEN) == 0) 2103 return entry; 2104 2105 entry = entry->next; 2106 } 2107 2108 return NULL; 2109} 2110 2111 2112static int select_driver(struct wpa_supplicant *wpa_s, int i) 2113{ 2114 struct wpa_global *global = wpa_s->global; 2115 2116 if (wpa_drivers[i]->global_init && global->drv_priv[i] == NULL) { 2117 global->drv_priv[i] = wpa_drivers[i]->global_init(); 2118 if (global->drv_priv[i] == NULL) { 2119 wpa_printf(MSG_ERROR, "Failed to initialize driver " 2120 "'%s'", wpa_drivers[i]->name); 2121 return -1; 2122 } 2123 } 2124 2125 wpa_s->driver = wpa_drivers[i]; 2126 wpa_s->global_drv_priv = global->drv_priv[i]; 2127 2128 return 0; 2129} 2130 2131 2132static int wpa_supplicant_set_driver(struct wpa_supplicant *wpa_s, 2133 const char *name) 2134{ 2135 int i; 2136 size_t len; 2137 const char *pos, *driver = name; 2138 2139 if (wpa_s == NULL) 2140 return -1; 2141 2142 if (wpa_drivers[0] == NULL) { 2143 wpa_msg(wpa_s, MSG_ERROR, "No driver interfaces build into " 2144 "wpa_supplicant"); 2145 return -1; 2146 } 2147 2148 if (name == NULL) { 2149 /* default to first driver in the list */ 2150 return select_driver(wpa_s, 0); 2151 } 2152 2153 do { 2154 pos = os_strchr(driver, ','); 2155 if (pos) 2156 len = pos - driver; 2157 else 2158 len = os_strlen(driver); 2159 2160 for (i = 0; wpa_drivers[i]; i++) { 2161 if (os_strlen(wpa_drivers[i]->name) == len && 2162 os_strncmp(driver, wpa_drivers[i]->name, len) == 2163 0) { 2164 /* First driver that succeeds wins */ 2165 if (select_driver(wpa_s, i) == 0) 2166 return 0; 2167 } 2168 } 2169 2170 driver = pos + 1; 2171 } while (pos); 2172 2173 wpa_msg(wpa_s, MSG_ERROR, "Unsupported driver '%s'", name); 2174 return -1; 2175} 2176 2177 2178/** 2179 * wpa_supplicant_rx_eapol - Deliver a received EAPOL frame to wpa_supplicant 2180 * @ctx: Context pointer (wpa_s); this is the ctx variable registered 2181 * with struct wpa_driver_ops::init() 2182 * @src_addr: Source address of the EAPOL frame 2183 * @buf: EAPOL data starting from the EAPOL header (i.e., no Ethernet header) 2184 * @len: Length of the EAPOL data 2185 * 2186 * This function is called for each received EAPOL frame. Most driver 2187 * interfaces rely on more generic OS mechanism for receiving frames through 2188 * l2_packet, but if such a mechanism is not available, the driver wrapper may 2189 * take care of received EAPOL frames and deliver them to the core supplicant 2190 * code by calling this function. 2191 */ 2192void wpa_supplicant_rx_eapol(void *ctx, const u8 *src_addr, 2193 const u8 *buf, size_t len) 2194{ 2195 struct wpa_supplicant *wpa_s = ctx; 2196 2197 wpa_dbg(wpa_s, MSG_DEBUG, "RX EAPOL from " MACSTR, MAC2STR(src_addr)); 2198 wpa_hexdump(MSG_MSGDUMP, "RX EAPOL", buf, len); 2199 2200 if (wpa_s->wpa_state < WPA_ASSOCIATED || 2201 (wpa_s->last_eapol_matches_bssid && 2202#ifdef CONFIG_AP 2203 !wpa_s->ap_iface && 2204#endif /* CONFIG_AP */ 2205 os_memcmp(src_addr, wpa_s->bssid, ETH_ALEN) != 0)) { 2206 /* 2207 * There is possible race condition between receiving the 2208 * association event and the EAPOL frame since they are coming 2209 * through different paths from the driver. In order to avoid 2210 * issues in trying to process the EAPOL frame before receiving 2211 * association information, lets queue it for processing until 2212 * the association event is received. This may also be needed in 2213 * driver-based roaming case, so also use src_addr != BSSID as a 2214 * trigger if we have previously confirmed that the 2215 * Authenticator uses BSSID as the src_addr (which is not the 2216 * case with wired IEEE 802.1X). 2217 */ 2218 wpa_dbg(wpa_s, MSG_DEBUG, "Not associated - Delay processing " 2219 "of received EAPOL frame (state=%s bssid=" MACSTR ")", 2220 wpa_supplicant_state_txt(wpa_s->wpa_state), 2221 MAC2STR(wpa_s->bssid)); 2222 wpabuf_free(wpa_s->pending_eapol_rx); 2223 wpa_s->pending_eapol_rx = wpabuf_alloc_copy(buf, len); 2224 if (wpa_s->pending_eapol_rx) { 2225 os_get_time(&wpa_s->pending_eapol_rx_time); 2226 os_memcpy(wpa_s->pending_eapol_rx_src, src_addr, 2227 ETH_ALEN); 2228 } 2229 return; 2230 } 2231 2232 wpa_s->last_eapol_matches_bssid = 2233 os_memcmp(src_addr, wpa_s->bssid, ETH_ALEN) == 0; 2234 2235#ifdef CONFIG_AP 2236 if (wpa_s->ap_iface) { 2237 wpa_supplicant_ap_rx_eapol(wpa_s, src_addr, buf, len); 2238 return; 2239 } 2240#endif /* CONFIG_AP */ 2241 2242 if (wpa_s->key_mgmt == WPA_KEY_MGMT_NONE) { 2243 wpa_dbg(wpa_s, MSG_DEBUG, "Ignored received EAPOL frame since " 2244 "no key management is configured"); 2245 return; 2246 } 2247 2248 if (wpa_s->eapol_received == 0 && 2249 (!(wpa_s->drv_flags & WPA_DRIVER_FLAGS_4WAY_HANDSHAKE) || 2250 !wpa_key_mgmt_wpa_psk(wpa_s->key_mgmt) || 2251 wpa_s->wpa_state != WPA_COMPLETED) && 2252 (wpa_s->current_ssid == NULL || 2253 wpa_s->current_ssid->mode != IEEE80211_MODE_IBSS)) { 2254 /* Timeout for completing IEEE 802.1X and WPA authentication */ 2255 wpa_supplicant_req_auth_timeout( 2256 wpa_s, 2257 (wpa_key_mgmt_wpa_ieee8021x(wpa_s->key_mgmt) || 2258 wpa_s->key_mgmt == WPA_KEY_MGMT_IEEE8021X_NO_WPA || 2259 wpa_s->key_mgmt == WPA_KEY_MGMT_WPS) ? 2260 70 : 10, 0); 2261 } 2262 wpa_s->eapol_received++; 2263 2264 if (wpa_s->countermeasures) { 2265 wpa_msg(wpa_s, MSG_INFO, "WPA: Countermeasures - dropped " 2266 "EAPOL packet"); 2267 return; 2268 } 2269 2270#ifdef CONFIG_IBSS_RSN 2271 if (wpa_s->current_ssid && 2272 wpa_s->current_ssid->mode == WPAS_MODE_IBSS) { 2273 ibss_rsn_rx_eapol(wpa_s->ibss_rsn, src_addr, buf, len); 2274 return; 2275 } 2276#endif /* CONFIG_IBSS_RSN */ 2277 2278 /* Source address of the incoming EAPOL frame could be compared to the 2279 * current BSSID. However, it is possible that a centralized 2280 * Authenticator could be using another MAC address than the BSSID of 2281 * an AP, so just allow any address to be used for now. The replies are 2282 * still sent to the current BSSID (if available), though. */ 2283 2284 os_memcpy(wpa_s->last_eapol_src, src_addr, ETH_ALEN); 2285 if (!wpa_key_mgmt_wpa_psk(wpa_s->key_mgmt) && 2286 eapol_sm_rx_eapol(wpa_s->eapol, src_addr, buf, len) > 0) 2287 return; 2288 wpa_drv_poll(wpa_s); 2289 if (!(wpa_s->drv_flags & WPA_DRIVER_FLAGS_4WAY_HANDSHAKE)) 2290 wpa_sm_rx_eapol(wpa_s->wpa, src_addr, buf, len); 2291 else if (wpa_key_mgmt_wpa_ieee8021x(wpa_s->key_mgmt)) { 2292 /* 2293 * Set portValid = TRUE here since we are going to skip 4-way 2294 * handshake processing which would normally set portValid. We 2295 * need this to allow the EAPOL state machines to be completed 2296 * without going through EAPOL-Key handshake. 2297 */ 2298 eapol_sm_notify_portValid(wpa_s->eapol, TRUE); 2299 } 2300} 2301 2302 2303int wpa_supplicant_update_mac_addr(struct wpa_supplicant *wpa_s) 2304{ 2305 if (wpa_s->driver->send_eapol) { 2306 const u8 *addr = wpa_drv_get_mac_addr(wpa_s); 2307 if (addr) 2308 os_memcpy(wpa_s->own_addr, addr, ETH_ALEN); 2309 } else if (!(wpa_s->drv_flags & 2310 WPA_DRIVER_FLAGS_P2P_DEDICATED_INTERFACE)) { 2311 l2_packet_deinit(wpa_s->l2); 2312 wpa_s->l2 = l2_packet_init(wpa_s->ifname, 2313 wpa_drv_get_mac_addr(wpa_s), 2314 ETH_P_EAPOL, 2315 wpa_supplicant_rx_eapol, wpa_s, 0); 2316 if (wpa_s->l2 == NULL) 2317 return -1; 2318 } else { 2319 const u8 *addr = wpa_drv_get_mac_addr(wpa_s); 2320 if (addr) 2321 os_memcpy(wpa_s->own_addr, addr, ETH_ALEN); 2322 } 2323 2324 if (wpa_s->l2 && l2_packet_get_own_addr(wpa_s->l2, wpa_s->own_addr)) { 2325 wpa_msg(wpa_s, MSG_ERROR, "Failed to get own L2 address"); 2326 return -1; 2327 } 2328 2329 wpa_dbg(wpa_s, MSG_DEBUG, "Own MAC address: " MACSTR, 2330 MAC2STR(wpa_s->own_addr)); 2331 wpa_sm_set_own_addr(wpa_s->wpa, wpa_s->own_addr); 2332 2333 return 0; 2334} 2335 2336 2337static void wpa_supplicant_rx_eapol_bridge(void *ctx, const u8 *src_addr, 2338 const u8 *buf, size_t len) 2339{ 2340 struct wpa_supplicant *wpa_s = ctx; 2341 const struct l2_ethhdr *eth; 2342 2343 if (len < sizeof(*eth)) 2344 return; 2345 eth = (const struct l2_ethhdr *) buf; 2346 2347 if (os_memcmp(eth->h_dest, wpa_s->own_addr, ETH_ALEN) != 0 && 2348 !(eth->h_dest[0] & 0x01)) { 2349 wpa_dbg(wpa_s, MSG_DEBUG, "RX EAPOL from " MACSTR " to " MACSTR 2350 " (bridge - not for this interface - ignore)", 2351 MAC2STR(src_addr), MAC2STR(eth->h_dest)); 2352 return; 2353 } 2354 2355 wpa_dbg(wpa_s, MSG_DEBUG, "RX EAPOL from " MACSTR " to " MACSTR 2356 " (bridge)", MAC2STR(src_addr), MAC2STR(eth->h_dest)); 2357 wpa_supplicant_rx_eapol(wpa_s, src_addr, buf + sizeof(*eth), 2358 len - sizeof(*eth)); 2359} 2360 2361 2362/** 2363 * wpa_supplicant_driver_init - Initialize driver interface parameters 2364 * @wpa_s: Pointer to wpa_supplicant data 2365 * Returns: 0 on success, -1 on failure 2366 * 2367 * This function is called to initialize driver interface parameters. 2368 * wpa_drv_init() must have been called before this function to initialize the 2369 * driver interface. 2370 */ 2371int wpa_supplicant_driver_init(struct wpa_supplicant *wpa_s) 2372{ 2373 static int interface_count = 0; 2374 2375 if (wpa_supplicant_update_mac_addr(wpa_s) < 0) 2376 return -1; 2377 2378 if (wpa_s->bridge_ifname[0]) { 2379 wpa_dbg(wpa_s, MSG_DEBUG, "Receiving packets from bridge " 2380 "interface '%s'", wpa_s->bridge_ifname); 2381 wpa_s->l2_br = l2_packet_init(wpa_s->bridge_ifname, 2382 wpa_s->own_addr, 2383 ETH_P_EAPOL, 2384 wpa_supplicant_rx_eapol_bridge, 2385 wpa_s, 1); 2386 if (wpa_s->l2_br == NULL) { 2387 wpa_msg(wpa_s, MSG_ERROR, "Failed to open l2_packet " 2388 "connection for the bridge interface '%s'", 2389 wpa_s->bridge_ifname); 2390 return -1; 2391 } 2392 } 2393 2394 wpa_clear_keys(wpa_s, NULL); 2395 2396 /* Make sure that TKIP countermeasures are not left enabled (could 2397 * happen if wpa_supplicant is killed during countermeasures. */ 2398 wpa_drv_set_countermeasures(wpa_s, 0); 2399 2400 wpa_dbg(wpa_s, MSG_DEBUG, "RSN: flushing PMKID list in the driver"); 2401 wpa_drv_flush_pmkid(wpa_s); 2402 2403 wpa_s->prev_scan_ssid = WILDCARD_SSID_SCAN; 2404 wpa_s->prev_scan_wildcard = 0; 2405 2406 if (wpa_supplicant_enabled_networks(wpa_s)) { 2407 if (wpa_supplicant_delayed_sched_scan(wpa_s, interface_count, 2408 100000)) 2409 wpa_supplicant_req_scan(wpa_s, interface_count, 2410 100000); 2411 interface_count++; 2412 } else 2413 wpa_supplicant_set_state(wpa_s, WPA_INACTIVE); 2414 2415 return 0; 2416} 2417 2418 2419static int wpa_supplicant_daemon(const char *pid_file) 2420{ 2421 wpa_printf(MSG_DEBUG, "Daemonize.."); 2422 return os_daemonize(pid_file); 2423} 2424 2425 2426static struct wpa_supplicant * wpa_supplicant_alloc(void) 2427{ 2428 struct wpa_supplicant *wpa_s; 2429 2430 wpa_s = os_zalloc(sizeof(*wpa_s)); 2431 if (wpa_s == NULL) 2432 return NULL; 2433 wpa_s->scan_req = INITIAL_SCAN_REQ; 2434 wpa_s->scan_interval = 5; 2435 wpa_s->new_connection = 1; 2436 wpa_s->parent = wpa_s; 2437 wpa_s->sched_scanning = 0; 2438 2439 return wpa_s; 2440} 2441 2442 2443#ifdef CONFIG_HT_OVERRIDES 2444 2445static int wpa_set_htcap_mcs(struct wpa_supplicant *wpa_s, 2446 struct ieee80211_ht_capabilities *htcaps, 2447 struct ieee80211_ht_capabilities *htcaps_mask, 2448 const char *ht_mcs) 2449{ 2450 /* parse ht_mcs into hex array */ 2451 int i; 2452 const char *tmp = ht_mcs; 2453 char *end = NULL; 2454 2455 /* If ht_mcs is null, do not set anything */ 2456 if (!ht_mcs) 2457 return 0; 2458 2459 /* This is what we are setting in the kernel */ 2460 os_memset(&htcaps->supported_mcs_set, 0, IEEE80211_HT_MCS_MASK_LEN); 2461 2462 wpa_msg(wpa_s, MSG_DEBUG, "set_htcap, ht_mcs -:%s:-", ht_mcs); 2463 2464 for (i = 0; i < IEEE80211_HT_MCS_MASK_LEN; i++) { 2465 errno = 0; 2466 long v = strtol(tmp, &end, 16); 2467 if (errno == 0) { 2468 wpa_msg(wpa_s, MSG_DEBUG, 2469 "htcap value[%i]: %ld end: %p tmp: %p", 2470 i, v, end, tmp); 2471 if (end == tmp) 2472 break; 2473 2474 htcaps->supported_mcs_set[i] = v; 2475 tmp = end; 2476 } else { 2477 wpa_msg(wpa_s, MSG_ERROR, 2478 "Failed to parse ht-mcs: %s, error: %s\n", 2479 ht_mcs, strerror(errno)); 2480 return -1; 2481 } 2482 } 2483 2484 /* 2485 * If we were able to parse any values, then set mask for the MCS set. 2486 */ 2487 if (i) { 2488 os_memset(&htcaps_mask->supported_mcs_set, 0xff, 2489 IEEE80211_HT_MCS_MASK_LEN - 1); 2490 /* skip the 3 reserved bits */ 2491 htcaps_mask->supported_mcs_set[IEEE80211_HT_MCS_MASK_LEN - 1] = 2492 0x1f; 2493 } 2494 2495 return 0; 2496} 2497 2498 2499static int wpa_disable_max_amsdu(struct wpa_supplicant *wpa_s, 2500 struct ieee80211_ht_capabilities *htcaps, 2501 struct ieee80211_ht_capabilities *htcaps_mask, 2502 int disabled) 2503{ 2504 u16 msk; 2505 2506 wpa_msg(wpa_s, MSG_DEBUG, "set_disable_max_amsdu: %d", disabled); 2507 2508 if (disabled == -1) 2509 return 0; 2510 2511 msk = host_to_le16(HT_CAP_INFO_MAX_AMSDU_SIZE); 2512 htcaps_mask->ht_capabilities_info |= msk; 2513 if (disabled) 2514 htcaps->ht_capabilities_info &= msk; 2515 else 2516 htcaps->ht_capabilities_info |= msk; 2517 2518 return 0; 2519} 2520 2521 2522static int wpa_set_ampdu_factor(struct wpa_supplicant *wpa_s, 2523 struct ieee80211_ht_capabilities *htcaps, 2524 struct ieee80211_ht_capabilities *htcaps_mask, 2525 int factor) 2526{ 2527 wpa_msg(wpa_s, MSG_DEBUG, "set_ampdu_factor: %d", factor); 2528 2529 if (factor == -1) 2530 return 0; 2531 2532 if (factor < 0 || factor > 3) { 2533 wpa_msg(wpa_s, MSG_ERROR, "ampdu_factor: %d out of range. " 2534 "Must be 0-3 or -1", factor); 2535 return -EINVAL; 2536 } 2537 2538 htcaps_mask->a_mpdu_params |= 0x3; /* 2 bits for factor */ 2539 htcaps->a_mpdu_params &= ~0x3; 2540 htcaps->a_mpdu_params |= factor & 0x3; 2541 2542 return 0; 2543} 2544 2545 2546static int wpa_set_ampdu_density(struct wpa_supplicant *wpa_s, 2547 struct ieee80211_ht_capabilities *htcaps, 2548 struct ieee80211_ht_capabilities *htcaps_mask, 2549 int density) 2550{ 2551 wpa_msg(wpa_s, MSG_DEBUG, "set_ampdu_density: %d", density); 2552 2553 if (density == -1) 2554 return 0; 2555 2556 if (density < 0 || density > 7) { 2557 wpa_msg(wpa_s, MSG_ERROR, 2558 "ampdu_density: %d out of range. Must be 0-7 or -1.", 2559 density); 2560 return -EINVAL; 2561 } 2562 2563 htcaps_mask->a_mpdu_params |= 0x1C; 2564 htcaps->a_mpdu_params &= ~(0x1C); 2565 htcaps->a_mpdu_params |= (density << 2) & 0x1C; 2566 2567 return 0; 2568} 2569 2570 2571static int wpa_set_disable_ht40(struct wpa_supplicant *wpa_s, 2572 struct ieee80211_ht_capabilities *htcaps, 2573 struct ieee80211_ht_capabilities *htcaps_mask, 2574 int disabled) 2575{ 2576 /* Masking these out disables HT40 */ 2577 u16 msk = host_to_le16(HT_CAP_INFO_SUPP_CHANNEL_WIDTH_SET | 2578 HT_CAP_INFO_SHORT_GI40MHZ); 2579 2580 wpa_msg(wpa_s, MSG_DEBUG, "set_disable_ht40: %d", disabled); 2581 2582 if (disabled) 2583 htcaps->ht_capabilities_info &= ~msk; 2584 else 2585 htcaps->ht_capabilities_info |= msk; 2586 2587 htcaps_mask->ht_capabilities_info |= msk; 2588 2589 return 0; 2590} 2591 2592 2593static int wpa_set_disable_sgi(struct wpa_supplicant *wpa_s, 2594 struct ieee80211_ht_capabilities *htcaps, 2595 struct ieee80211_ht_capabilities *htcaps_mask, 2596 int disabled) 2597{ 2598 /* Masking these out disables SGI */ 2599 u16 msk = host_to_le16(HT_CAP_INFO_SHORT_GI20MHZ | 2600 HT_CAP_INFO_SHORT_GI40MHZ); 2601 2602 wpa_msg(wpa_s, MSG_DEBUG, "set_disable_sgi: %d", disabled); 2603 2604 if (disabled) 2605 htcaps->ht_capabilities_info &= ~msk; 2606 else 2607 htcaps->ht_capabilities_info |= msk; 2608 2609 htcaps_mask->ht_capabilities_info |= msk; 2610 2611 return 0; 2612} 2613 2614 2615void wpa_supplicant_apply_ht_overrides( 2616 struct wpa_supplicant *wpa_s, struct wpa_ssid *ssid, 2617 struct wpa_driver_associate_params *params) 2618{ 2619 struct ieee80211_ht_capabilities *htcaps; 2620 struct ieee80211_ht_capabilities *htcaps_mask; 2621 2622 if (!ssid) 2623 return; 2624 2625 params->disable_ht = ssid->disable_ht; 2626 if (!params->htcaps || !params->htcaps_mask) 2627 return; 2628 2629 htcaps = (struct ieee80211_ht_capabilities *) params->htcaps; 2630 htcaps_mask = (struct ieee80211_ht_capabilities *) params->htcaps_mask; 2631 wpa_set_htcap_mcs(wpa_s, htcaps, htcaps_mask, ssid->ht_mcs); 2632 wpa_disable_max_amsdu(wpa_s, htcaps, htcaps_mask, 2633 ssid->disable_max_amsdu); 2634 wpa_set_ampdu_factor(wpa_s, htcaps, htcaps_mask, ssid->ampdu_factor); 2635 wpa_set_ampdu_density(wpa_s, htcaps, htcaps_mask, ssid->ampdu_density); 2636 wpa_set_disable_ht40(wpa_s, htcaps, htcaps_mask, ssid->disable_ht40); 2637 wpa_set_disable_sgi(wpa_s, htcaps, htcaps_mask, ssid->disable_sgi); 2638} 2639 2640#endif /* CONFIG_HT_OVERRIDES */ 2641 2642 2643static int pcsc_reader_init(struct wpa_supplicant *wpa_s) 2644{ 2645#ifdef PCSC_FUNCS 2646 size_t len; 2647 2648 if (!wpa_s->conf->pcsc_reader) 2649 return 0; 2650 2651 wpa_s->scard = scard_init(SCARD_TRY_BOTH, wpa_s->conf->pcsc_reader); 2652 if (!wpa_s->scard) 2653 return 1; 2654 2655 if (wpa_s->conf->pcsc_pin && 2656 scard_set_pin(wpa_s->scard, wpa_s->conf->pcsc_pin) < 0) { 2657 scard_deinit(wpa_s->scard); 2658 wpa_s->scard = NULL; 2659 wpa_msg(wpa_s, MSG_ERROR, "PC/SC PIN validation failed"); 2660 return -1; 2661 } 2662 2663 len = sizeof(wpa_s->imsi) - 1; 2664 if (scard_get_imsi(wpa_s->scard, wpa_s->imsi, &len)) { 2665 scard_deinit(wpa_s->scard); 2666 wpa_s->scard = NULL; 2667 wpa_msg(wpa_s, MSG_ERROR, "Could not read IMSI"); 2668 return -1; 2669 } 2670 wpa_s->imsi[len] = '\0'; 2671 2672 wpa_s->mnc_len = scard_get_mnc_len(wpa_s->scard); 2673 2674 wpa_printf(MSG_DEBUG, "SCARD: IMSI %s (MNC length %d)", 2675 wpa_s->imsi, wpa_s->mnc_len); 2676 2677 wpa_sm_set_scard_ctx(wpa_s->wpa, wpa_s->scard); 2678 eapol_sm_register_scard_ctx(wpa_s->eapol, wpa_s->scard); 2679#endif /* PCSC_FUNCS */ 2680 2681 return 0; 2682} 2683 2684 2685int wpas_init_ext_pw(struct wpa_supplicant *wpa_s) 2686{ 2687 char *val, *pos; 2688 2689 ext_password_deinit(wpa_s->ext_pw); 2690 wpa_s->ext_pw = NULL; 2691 eapol_sm_set_ext_pw_ctx(wpa_s->eapol, NULL); 2692 2693 if (!wpa_s->conf->ext_password_backend) 2694 return 0; 2695 2696 val = os_strdup(wpa_s->conf->ext_password_backend); 2697 if (val == NULL) 2698 return -1; 2699 pos = os_strchr(val, ':'); 2700 if (pos) 2701 *pos++ = '\0'; 2702 2703 wpa_printf(MSG_DEBUG, "EXT PW: Initialize backend '%s'", val); 2704 2705 wpa_s->ext_pw = ext_password_init(val, pos); 2706 os_free(val); 2707 if (wpa_s->ext_pw == NULL) { 2708 wpa_printf(MSG_DEBUG, "EXT PW: Failed to initialize backend"); 2709 return -1; 2710 } 2711 eapol_sm_set_ext_pw_ctx(wpa_s->eapol, wpa_s->ext_pw); 2712 2713 return 0; 2714} 2715 2716 2717static int wpa_supplicant_init_iface(struct wpa_supplicant *wpa_s, 2718 struct wpa_interface *iface) 2719{ 2720 const char *ifname, *driver; 2721 struct wpa_driver_capa capa; 2722 2723 wpa_printf(MSG_DEBUG, "Initializing interface '%s' conf '%s' driver " 2724 "'%s' ctrl_interface '%s' bridge '%s'", iface->ifname, 2725 iface->confname ? iface->confname : "N/A", 2726 iface->driver ? iface->driver : "default", 2727 iface->ctrl_interface ? iface->ctrl_interface : "N/A", 2728 iface->bridge_ifname ? iface->bridge_ifname : "N/A"); 2729 2730 if (iface->confname) { 2731#ifdef CONFIG_BACKEND_FILE 2732 wpa_s->confname = os_rel2abs_path(iface->confname); 2733 if (wpa_s->confname == NULL) { 2734 wpa_printf(MSG_ERROR, "Failed to get absolute path " 2735 "for configuration file '%s'.", 2736 iface->confname); 2737 return -1; 2738 } 2739 wpa_printf(MSG_DEBUG, "Configuration file '%s' -> '%s'", 2740 iface->confname, wpa_s->confname); 2741#else /* CONFIG_BACKEND_FILE */ 2742 wpa_s->confname = os_strdup(iface->confname); 2743#endif /* CONFIG_BACKEND_FILE */ 2744 wpa_s->conf = wpa_config_read(wpa_s->confname); 2745 if (wpa_s->conf == NULL) { 2746 wpa_printf(MSG_ERROR, "Failed to read or parse " 2747 "configuration '%s'.", wpa_s->confname); 2748 return -1; 2749 } 2750 2751 /* 2752 * Override ctrl_interface and driver_param if set on command 2753 * line. 2754 */ 2755 if (iface->ctrl_interface) { 2756 os_free(wpa_s->conf->ctrl_interface); 2757 wpa_s->conf->ctrl_interface = 2758 os_strdup(iface->ctrl_interface); 2759 } 2760 2761 if (iface->driver_param) { 2762 os_free(wpa_s->conf->driver_param); 2763 wpa_s->conf->driver_param = 2764 os_strdup(iface->driver_param); 2765 } 2766 } else 2767 wpa_s->conf = wpa_config_alloc_empty(iface->ctrl_interface, 2768 iface->driver_param); 2769 2770 if (wpa_s->conf == NULL) { 2771 wpa_printf(MSG_ERROR, "\nNo configuration found."); 2772 return -1; 2773 } 2774 2775 if (iface->ifname == NULL) { 2776 wpa_printf(MSG_ERROR, "\nInterface name is required."); 2777 return -1; 2778 } 2779 if (os_strlen(iface->ifname) >= sizeof(wpa_s->ifname)) { 2780 wpa_printf(MSG_ERROR, "\nToo long interface name '%s'.", 2781 iface->ifname); 2782 return -1; 2783 } 2784 os_strlcpy(wpa_s->ifname, iface->ifname, sizeof(wpa_s->ifname)); 2785 2786 if (iface->bridge_ifname) { 2787 if (os_strlen(iface->bridge_ifname) >= 2788 sizeof(wpa_s->bridge_ifname)) { 2789 wpa_printf(MSG_ERROR, "\nToo long bridge interface " 2790 "name '%s'.", iface->bridge_ifname); 2791 return -1; 2792 } 2793 os_strlcpy(wpa_s->bridge_ifname, iface->bridge_ifname, 2794 sizeof(wpa_s->bridge_ifname)); 2795 } 2796 2797 /* RSNA Supplicant Key Management - INITIALIZE */ 2798 eapol_sm_notify_portEnabled(wpa_s->eapol, FALSE); 2799 eapol_sm_notify_portValid(wpa_s->eapol, FALSE); 2800 2801 /* Initialize driver interface and register driver event handler before 2802 * L2 receive handler so that association events are processed before 2803 * EAPOL-Key packets if both become available for the same select() 2804 * call. */ 2805 driver = iface->driver; 2806next_driver: 2807 if (wpa_supplicant_set_driver(wpa_s, driver) < 0) 2808 return -1; 2809 2810 wpa_s->drv_priv = wpa_drv_init(wpa_s, wpa_s->ifname); 2811 if (wpa_s->drv_priv == NULL) { 2812 const char *pos; 2813 pos = driver ? os_strchr(driver, ',') : NULL; 2814 if (pos) { 2815 wpa_dbg(wpa_s, MSG_DEBUG, "Failed to initialize " 2816 "driver interface - try next driver wrapper"); 2817 driver = pos + 1; 2818 goto next_driver; 2819 } 2820 wpa_msg(wpa_s, MSG_ERROR, "Failed to initialize driver " 2821 "interface"); 2822 return -1; 2823 } 2824 if (wpa_drv_set_param(wpa_s, wpa_s->conf->driver_param) < 0) { 2825 wpa_msg(wpa_s, MSG_ERROR, "Driver interface rejected " 2826 "driver_param '%s'", wpa_s->conf->driver_param); 2827 return -1; 2828 } 2829 2830 ifname = wpa_drv_get_ifname(wpa_s); 2831 if (ifname && os_strcmp(ifname, wpa_s->ifname) != 0) { 2832 wpa_dbg(wpa_s, MSG_DEBUG, "Driver interface replaced " 2833 "interface name with '%s'", ifname); 2834 os_strlcpy(wpa_s->ifname, ifname, sizeof(wpa_s->ifname)); 2835 } 2836 2837 if (wpa_supplicant_init_wpa(wpa_s) < 0) 2838 return -1; 2839 2840 wpa_sm_set_ifname(wpa_s->wpa, wpa_s->ifname, 2841 wpa_s->bridge_ifname[0] ? wpa_s->bridge_ifname : 2842 NULL); 2843 wpa_sm_set_fast_reauth(wpa_s->wpa, wpa_s->conf->fast_reauth); 2844 2845 if (wpa_s->conf->dot11RSNAConfigPMKLifetime && 2846 wpa_sm_set_param(wpa_s->wpa, RSNA_PMK_LIFETIME, 2847 wpa_s->conf->dot11RSNAConfigPMKLifetime)) { 2848 wpa_msg(wpa_s, MSG_ERROR, "Invalid WPA parameter value for " 2849 "dot11RSNAConfigPMKLifetime"); 2850 return -1; 2851 } 2852 2853 if (wpa_s->conf->dot11RSNAConfigPMKReauthThreshold && 2854 wpa_sm_set_param(wpa_s->wpa, RSNA_PMK_REAUTH_THRESHOLD, 2855 wpa_s->conf->dot11RSNAConfigPMKReauthThreshold)) { 2856 wpa_msg(wpa_s, MSG_ERROR, "Invalid WPA parameter value for " 2857 "dot11RSNAConfigPMKReauthThreshold"); 2858 return -1; 2859 } 2860 2861 if (wpa_s->conf->dot11RSNAConfigSATimeout && 2862 wpa_sm_set_param(wpa_s->wpa, RSNA_SA_TIMEOUT, 2863 wpa_s->conf->dot11RSNAConfigSATimeout)) { 2864 wpa_msg(wpa_s, MSG_ERROR, "Invalid WPA parameter value for " 2865 "dot11RSNAConfigSATimeout"); 2866 return -1; 2867 } 2868 2869 wpa_s->hw.modes = wpa_drv_get_hw_feature_data(wpa_s, 2870 &wpa_s->hw.num_modes, 2871 &wpa_s->hw.flags); 2872 2873 if (wpa_drv_get_capa(wpa_s, &capa) == 0) { 2874 wpa_s->drv_capa_known = 1; 2875 wpa_s->drv_flags = capa.flags; 2876 wpa_s->drv_enc = capa.enc; 2877 wpa_s->probe_resp_offloads = capa.probe_resp_offloads; 2878 wpa_s->max_scan_ssids = capa.max_scan_ssids; 2879 wpa_s->max_sched_scan_ssids = capa.max_sched_scan_ssids; 2880 wpa_s->sched_scan_supported = capa.sched_scan_supported; 2881 wpa_s->max_match_sets = capa.max_match_sets; 2882 wpa_s->max_remain_on_chan = capa.max_remain_on_chan; 2883 wpa_s->max_stations = capa.max_stations; 2884 } 2885 if (wpa_s->max_remain_on_chan == 0) 2886 wpa_s->max_remain_on_chan = 1000; 2887 2888 if (wpa_supplicant_driver_init(wpa_s) < 0) 2889 return -1; 2890 2891#ifdef CONFIG_TDLS 2892 if (wpa_tdls_init(wpa_s->wpa)) 2893 return -1; 2894#endif /* CONFIG_TDLS */ 2895 2896 if (wpa_s->conf->country[0] && wpa_s->conf->country[1] && 2897 wpa_drv_set_country(wpa_s, wpa_s->conf->country)) { 2898 wpa_dbg(wpa_s, MSG_DEBUG, "Failed to set country"); 2899 return -1; 2900 } 2901 2902 if (wpas_wps_init(wpa_s)) 2903 return -1; 2904 2905 if (wpa_supplicant_init_eapol(wpa_s) < 0) 2906 return -1; 2907 wpa_sm_set_eapol(wpa_s->wpa, wpa_s->eapol); 2908 2909 wpa_s->ctrl_iface = wpa_supplicant_ctrl_iface_init(wpa_s); 2910 if (wpa_s->ctrl_iface == NULL) { 2911 wpa_printf(MSG_ERROR, 2912 "Failed to initialize control interface '%s'.\n" 2913 "You may have another wpa_supplicant process " 2914 "already running or the file was\n" 2915 "left by an unclean termination of wpa_supplicant " 2916 "in which case you will need\n" 2917 "to manually remove this file before starting " 2918 "wpa_supplicant again.\n", 2919 wpa_s->conf->ctrl_interface); 2920 return -1; 2921 } 2922 2923 wpa_s->gas = gas_query_init(wpa_s); 2924 if (wpa_s->gas == NULL) { 2925 wpa_printf(MSG_ERROR, "Failed to initialize GAS query"); 2926 return -1; 2927 } 2928 2929#ifdef CONFIG_P2P 2930 if (wpas_p2p_init(wpa_s->global, wpa_s) < 0) { 2931 wpa_msg(wpa_s, MSG_ERROR, "Failed to init P2P"); 2932 return -1; 2933 } 2934#endif /* CONFIG_P2P */ 2935 2936 if (wpa_bss_init(wpa_s) < 0) 2937 return -1; 2938 2939 if (pcsc_reader_init(wpa_s) < 0) 2940 return -1; 2941 2942 if (wpas_init_ext_pw(wpa_s) < 0) 2943 return -1; 2944 2945 return 0; 2946} 2947 2948 2949static void wpa_supplicant_deinit_iface(struct wpa_supplicant *wpa_s, 2950 int notify, int terminate) 2951{ 2952 if (wpa_s->drv_priv) { 2953 wpa_supplicant_deauthenticate(wpa_s, 2954 WLAN_REASON_DEAUTH_LEAVING); 2955 2956 wpa_drv_set_countermeasures(wpa_s, 0); 2957 wpa_clear_keys(wpa_s, NULL); 2958 } 2959 2960 wpa_supplicant_cleanup(wpa_s); 2961 2962#ifdef CONFIG_P2P 2963 if (wpa_s == wpa_s->global->p2p_init_wpa_s && wpa_s->global->p2p) { 2964 wpa_dbg(wpa_s, MSG_DEBUG, "P2P: Disable P2P since removing " 2965 "the management interface is being removed"); 2966 wpas_p2p_deinit_global(wpa_s->global); 2967 } 2968#endif /* CONFIG_P2P */ 2969 2970 if (wpa_s->drv_priv) 2971 wpa_drv_deinit(wpa_s); 2972 2973 if (notify) 2974 wpas_notify_iface_removed(wpa_s); 2975 2976 if (terminate) 2977 wpa_msg(wpa_s, MSG_INFO, WPA_EVENT_TERMINATING); 2978 2979 if (wpa_s->ctrl_iface) { 2980 wpa_supplicant_ctrl_iface_deinit(wpa_s->ctrl_iface); 2981 wpa_s->ctrl_iface = NULL; 2982 } 2983 2984 if (wpa_s->conf != NULL) { 2985 wpa_config_free(wpa_s->conf); 2986 wpa_s->conf = NULL; 2987 } 2988} 2989 2990 2991/** 2992 * wpa_supplicant_add_iface - Add a new network interface 2993 * @global: Pointer to global data from wpa_supplicant_init() 2994 * @iface: Interface configuration options 2995 * Returns: Pointer to the created interface or %NULL on failure 2996 * 2997 * This function is used to add new network interfaces for %wpa_supplicant. 2998 * This can be called before wpa_supplicant_run() to add interfaces before the 2999 * main event loop has been started. In addition, new interfaces can be added 3000 * dynamically while %wpa_supplicant is already running. This could happen, 3001 * e.g., when a hotplug network adapter is inserted. 3002 */ 3003struct wpa_supplicant * wpa_supplicant_add_iface(struct wpa_global *global, 3004 struct wpa_interface *iface) 3005{ 3006 struct wpa_supplicant *wpa_s; 3007 struct wpa_interface t_iface; 3008 struct wpa_ssid *ssid; 3009 3010 if (global == NULL || iface == NULL) 3011 return NULL; 3012 3013 wpa_s = wpa_supplicant_alloc(); 3014 if (wpa_s == NULL) 3015 return NULL; 3016 3017 wpa_s->global = global; 3018 3019 t_iface = *iface; 3020 if (global->params.override_driver) { 3021 wpa_printf(MSG_DEBUG, "Override interface parameter: driver " 3022 "('%s' -> '%s')", 3023 iface->driver, global->params.override_driver); 3024 t_iface.driver = global->params.override_driver; 3025 } 3026 if (global->params.override_ctrl_interface) { 3027 wpa_printf(MSG_DEBUG, "Override interface parameter: " 3028 "ctrl_interface ('%s' -> '%s')", 3029 iface->ctrl_interface, 3030 global->params.override_ctrl_interface); 3031 t_iface.ctrl_interface = 3032 global->params.override_ctrl_interface; 3033 } 3034 if (wpa_supplicant_init_iface(wpa_s, &t_iface)) { 3035 wpa_printf(MSG_DEBUG, "Failed to add interface %s", 3036 iface->ifname); 3037 wpa_supplicant_deinit_iface(wpa_s, 0, 0); 3038 os_free(wpa_s); 3039 return NULL; 3040 } 3041 3042 /* Notify the control interfaces about new iface */ 3043 if (wpas_notify_iface_added(wpa_s)) { 3044 wpa_supplicant_deinit_iface(wpa_s, 1, 0); 3045 os_free(wpa_s); 3046 return NULL; 3047 } 3048 3049 for (ssid = wpa_s->conf->ssid; ssid; ssid = ssid->next) 3050 wpas_notify_network_added(wpa_s, ssid); 3051 3052 wpa_s->next = global->ifaces; 3053 global->ifaces = wpa_s; 3054 3055 wpa_dbg(wpa_s, MSG_DEBUG, "Added interface %s", wpa_s->ifname); 3056 wpa_supplicant_set_state(wpa_s, WPA_DISCONNECTED); 3057 3058 return wpa_s; 3059} 3060 3061 3062/** 3063 * wpa_supplicant_remove_iface - Remove a network interface 3064 * @global: Pointer to global data from wpa_supplicant_init() 3065 * @wpa_s: Pointer to the network interface to be removed 3066 * Returns: 0 if interface was removed, -1 if interface was not found 3067 * 3068 * This function can be used to dynamically remove network interfaces from 3069 * %wpa_supplicant, e.g., when a hotplug network adapter is ejected. In 3070 * addition, this function is used to remove all remaining interfaces when 3071 * %wpa_supplicant is terminated. 3072 */ 3073int wpa_supplicant_remove_iface(struct wpa_global *global, 3074 struct wpa_supplicant *wpa_s, 3075 int terminate) 3076{ 3077 struct wpa_supplicant *prev; 3078 3079 /* Remove interface from the global list of interfaces */ 3080 prev = global->ifaces; 3081 if (prev == wpa_s) { 3082 global->ifaces = wpa_s->next; 3083 } else { 3084 while (prev && prev->next != wpa_s) 3085 prev = prev->next; 3086 if (prev == NULL) 3087 return -1; 3088 prev->next = wpa_s->next; 3089 } 3090 3091 wpa_dbg(wpa_s, MSG_DEBUG, "Removing interface %s", wpa_s->ifname); 3092 3093 if (global->p2p_group_formation == wpa_s) 3094 global->p2p_group_formation = NULL; 3095 wpa_supplicant_deinit_iface(wpa_s, 1, terminate); 3096 os_free(wpa_s); 3097 3098 return 0; 3099} 3100 3101 3102/** 3103 * wpa_supplicant_get_eap_mode - Get the current EAP mode 3104 * @wpa_s: Pointer to the network interface 3105 * Returns: Pointer to the eap mode or the string "UNKNOWN" if not found 3106 */ 3107const char * wpa_supplicant_get_eap_mode(struct wpa_supplicant *wpa_s) 3108{ 3109 const char *eapol_method; 3110 3111 if (wpa_key_mgmt_wpa_ieee8021x(wpa_s->key_mgmt) == 0 && 3112 wpa_s->key_mgmt != WPA_KEY_MGMT_IEEE8021X_NO_WPA) { 3113 return "NO-EAP"; 3114 } 3115 3116 eapol_method = eapol_sm_get_method_name(wpa_s->eapol); 3117 if (eapol_method == NULL) 3118 return "UNKNOWN-EAP"; 3119 3120 return eapol_method; 3121} 3122 3123 3124/** 3125 * wpa_supplicant_get_iface - Get a new network interface 3126 * @global: Pointer to global data from wpa_supplicant_init() 3127 * @ifname: Interface name 3128 * Returns: Pointer to the interface or %NULL if not found 3129 */ 3130struct wpa_supplicant * wpa_supplicant_get_iface(struct wpa_global *global, 3131 const char *ifname) 3132{ 3133 struct wpa_supplicant *wpa_s; 3134 3135 for (wpa_s = global->ifaces; wpa_s; wpa_s = wpa_s->next) { 3136 if (os_strcmp(wpa_s->ifname, ifname) == 0) 3137 return wpa_s; 3138 } 3139 return NULL; 3140} 3141 3142 3143#ifndef CONFIG_NO_WPA_MSG 3144static const char * wpa_supplicant_msg_ifname_cb(void *ctx) 3145{ 3146 struct wpa_supplicant *wpa_s = ctx; 3147 if (wpa_s == NULL) 3148 return NULL; 3149 return wpa_s->ifname; 3150} 3151#endif /* CONFIG_NO_WPA_MSG */ 3152 3153 3154/** 3155 * wpa_supplicant_init - Initialize %wpa_supplicant 3156 * @params: Parameters for %wpa_supplicant 3157 * Returns: Pointer to global %wpa_supplicant data, or %NULL on failure 3158 * 3159 * This function is used to initialize %wpa_supplicant. After successful 3160 * initialization, the returned data pointer can be used to add and remove 3161 * network interfaces, and eventually, to deinitialize %wpa_supplicant. 3162 */ 3163struct wpa_global * wpa_supplicant_init(struct wpa_params *params) 3164{ 3165 struct wpa_global *global; 3166 int ret, i; 3167 3168 if (params == NULL) 3169 return NULL; 3170 3171#ifdef CONFIG_DRIVER_NDIS 3172 { 3173 void driver_ndis_init_ops(void); 3174 driver_ndis_init_ops(); 3175 } 3176#endif /* CONFIG_DRIVER_NDIS */ 3177 3178#ifndef CONFIG_NO_WPA_MSG 3179 wpa_msg_register_ifname_cb(wpa_supplicant_msg_ifname_cb); 3180#endif /* CONFIG_NO_WPA_MSG */ 3181 3182 wpa_debug_open_file(params->wpa_debug_file_path); 3183 if (params->wpa_debug_syslog) 3184 wpa_debug_open_syslog(); 3185 if (params->wpa_debug_tracing) { 3186 ret = wpa_debug_open_linux_tracing(); 3187 if (ret) { 3188 wpa_printf(MSG_ERROR, 3189 "Failed to enable trace logging"); 3190 return NULL; 3191 } 3192 } 3193 3194 ret = eap_register_methods(); 3195 if (ret) { 3196 wpa_printf(MSG_ERROR, "Failed to register EAP methods"); 3197 if (ret == -2) 3198 wpa_printf(MSG_ERROR, "Two or more EAP methods used " 3199 "the same EAP type."); 3200 return NULL; 3201 } 3202 3203 global = os_zalloc(sizeof(*global)); 3204 if (global == NULL) 3205 return NULL; 3206 dl_list_init(&global->p2p_srv_bonjour); 3207 dl_list_init(&global->p2p_srv_upnp); 3208 global->params.daemonize = params->daemonize; 3209 global->params.wait_for_monitor = params->wait_for_monitor; 3210 global->params.dbus_ctrl_interface = params->dbus_ctrl_interface; 3211 if (params->pid_file) 3212 global->params.pid_file = os_strdup(params->pid_file); 3213 if (params->ctrl_interface) 3214 global->params.ctrl_interface = 3215 os_strdup(params->ctrl_interface); 3216 if (params->override_driver) 3217 global->params.override_driver = 3218 os_strdup(params->override_driver); 3219 if (params->override_ctrl_interface) 3220 global->params.override_ctrl_interface = 3221 os_strdup(params->override_ctrl_interface); 3222 wpa_debug_level = global->params.wpa_debug_level = 3223 params->wpa_debug_level; 3224 wpa_debug_show_keys = global->params.wpa_debug_show_keys = 3225 params->wpa_debug_show_keys; 3226 wpa_debug_timestamp = global->params.wpa_debug_timestamp = 3227 params->wpa_debug_timestamp; 3228 3229 wpa_printf(MSG_DEBUG, "wpa_supplicant v" VERSION_STR); 3230 3231 if (eloop_init()) { 3232 wpa_printf(MSG_ERROR, "Failed to initialize event loop"); 3233 wpa_supplicant_deinit(global); 3234 return NULL; 3235 } 3236 3237 random_init(params->entropy_file); 3238 3239 global->ctrl_iface = wpa_supplicant_global_ctrl_iface_init(global); 3240 if (global->ctrl_iface == NULL) { 3241 wpa_supplicant_deinit(global); 3242 return NULL; 3243 } 3244 3245 if (wpas_notify_supplicant_initialized(global)) { 3246 wpa_supplicant_deinit(global); 3247 return NULL; 3248 } 3249 3250 for (i = 0; wpa_drivers[i]; i++) 3251 global->drv_count++; 3252 if (global->drv_count == 0) { 3253 wpa_printf(MSG_ERROR, "No drivers enabled"); 3254 wpa_supplicant_deinit(global); 3255 return NULL; 3256 } 3257 global->drv_priv = os_zalloc(global->drv_count * sizeof(void *)); 3258 if (global->drv_priv == NULL) { 3259 wpa_supplicant_deinit(global); 3260 return NULL; 3261 } 3262 3263#ifdef CONFIG_WIFI_DISPLAY 3264 if (wifi_display_init(global) < 0) { 3265 wpa_printf(MSG_ERROR, "Failed to initialize Wi-Fi Display"); 3266 wpa_supplicant_deinit(global); 3267 return NULL; 3268 } 3269#endif /* CONFIG_WIFI_DISPLAY */ 3270 3271 return global; 3272} 3273 3274 3275/** 3276 * wpa_supplicant_run - Run the %wpa_supplicant main event loop 3277 * @global: Pointer to global data from wpa_supplicant_init() 3278 * Returns: 0 after successful event loop run, -1 on failure 3279 * 3280 * This function starts the main event loop and continues running as long as 3281 * there are any remaining events. In most cases, this function is running as 3282 * long as the %wpa_supplicant process in still in use. 3283 */ 3284int wpa_supplicant_run(struct wpa_global *global) 3285{ 3286 struct wpa_supplicant *wpa_s; 3287 3288 if (global->params.daemonize && 3289 wpa_supplicant_daemon(global->params.pid_file)) 3290 return -1; 3291 3292 if (global->params.wait_for_monitor) { 3293 for (wpa_s = global->ifaces; wpa_s; wpa_s = wpa_s->next) 3294 if (wpa_s->ctrl_iface) 3295 wpa_supplicant_ctrl_iface_wait( 3296 wpa_s->ctrl_iface); 3297 } 3298 3299 eloop_register_signal_terminate(wpa_supplicant_terminate, global); 3300 eloop_register_signal_reconfig(wpa_supplicant_reconfig, global); 3301 3302 eloop_run(); 3303 3304 return 0; 3305} 3306 3307 3308/** 3309 * wpa_supplicant_deinit - Deinitialize %wpa_supplicant 3310 * @global: Pointer to global data from wpa_supplicant_init() 3311 * 3312 * This function is called to deinitialize %wpa_supplicant and to free all 3313 * allocated resources. Remaining network interfaces will also be removed. 3314 */ 3315void wpa_supplicant_deinit(struct wpa_global *global) 3316{ 3317 int i; 3318 3319 if (global == NULL) 3320 return; 3321 3322#ifdef CONFIG_WIFI_DISPLAY 3323 wifi_display_deinit(global); 3324#endif /* CONFIG_WIFI_DISPLAY */ 3325#ifdef CONFIG_P2P 3326 wpas_p2p_deinit_global(global); 3327#endif /* CONFIG_P2P */ 3328 3329 while (global->ifaces) 3330 wpa_supplicant_remove_iface(global, global->ifaces, 1); 3331 3332 if (global->ctrl_iface) 3333 wpa_supplicant_global_ctrl_iface_deinit(global->ctrl_iface); 3334 3335 wpas_notify_supplicant_deinitialized(global); 3336 3337 eap_peer_unregister_methods(); 3338#ifdef CONFIG_AP 3339 eap_server_unregister_methods(); 3340#endif /* CONFIG_AP */ 3341 3342 for (i = 0; wpa_drivers[i] && global->drv_priv; i++) { 3343 if (!global->drv_priv[i]) 3344 continue; 3345 wpa_drivers[i]->global_deinit(global->drv_priv[i]); 3346 } 3347 os_free(global->drv_priv); 3348 3349 random_deinit(); 3350 3351 eloop_destroy(); 3352 3353 if (global->params.pid_file) { 3354 os_daemonize_terminate(global->params.pid_file); 3355 os_free(global->params.pid_file); 3356 } 3357 os_free(global->params.ctrl_interface); 3358 os_free(global->params.override_driver); 3359 os_free(global->params.override_ctrl_interface); 3360 3361 os_free(global->p2p_disallow_freq); 3362 3363 os_free(global); 3364 wpa_debug_close_syslog(); 3365 wpa_debug_close_file(); 3366 wpa_debug_close_linux_tracing(); 3367} 3368 3369 3370void wpa_supplicant_update_config(struct wpa_supplicant *wpa_s) 3371{ 3372 if ((wpa_s->conf->changed_parameters & CFG_CHANGED_COUNTRY) && 3373 wpa_s->conf->country[0] && wpa_s->conf->country[1]) { 3374 char country[3]; 3375 country[0] = wpa_s->conf->country[0]; 3376 country[1] = wpa_s->conf->country[1]; 3377 country[2] = '\0'; 3378 if (wpa_drv_set_country(wpa_s, country) < 0) { 3379 wpa_printf(MSG_ERROR, "Failed to set country code " 3380 "'%s'", country); 3381 } 3382 } 3383 3384 if (wpa_s->conf->changed_parameters & CFG_CHANGED_EXT_PW_BACKEND) 3385 wpas_init_ext_pw(wpa_s); 3386 3387#ifdef CONFIG_WPS 3388 wpas_wps_update_config(wpa_s); 3389#endif /* CONFIG_WPS */ 3390 3391#ifdef CONFIG_P2P 3392 wpas_p2p_update_config(wpa_s); 3393#endif /* CONFIG_P2P */ 3394 3395 wpa_s->conf->changed_parameters = 0; 3396} 3397 3398 3399static void add_freq(int *freqs, int *num_freqs, int freq) 3400{ 3401 int i; 3402 3403 for (i = 0; i < *num_freqs; i++) { 3404 if (freqs[i] == freq) 3405 return; 3406 } 3407 3408 freqs[*num_freqs] = freq; 3409 (*num_freqs)++; 3410} 3411 3412 3413static int * get_bss_freqs_in_ess(struct wpa_supplicant *wpa_s) 3414{ 3415 struct wpa_bss *bss, *cbss; 3416 const int max_freqs = 10; 3417 int *freqs; 3418 int num_freqs = 0; 3419 3420 freqs = os_zalloc(sizeof(int) * (max_freqs + 1)); 3421 if (freqs == NULL) 3422 return NULL; 3423 3424 cbss = wpa_s->current_bss; 3425 3426 dl_list_for_each(bss, &wpa_s->bss, struct wpa_bss, list) { 3427 if (bss == cbss) 3428 continue; 3429 if (bss->ssid_len == cbss->ssid_len && 3430 os_memcmp(bss->ssid, cbss->ssid, bss->ssid_len) == 0 && 3431 wpa_blacklist_get(wpa_s, bss->bssid) == NULL) { 3432 add_freq(freqs, &num_freqs, bss->freq); 3433 if (num_freqs == max_freqs) 3434 break; 3435 } 3436 } 3437 3438 if (num_freqs == 0) { 3439 os_free(freqs); 3440 freqs = NULL; 3441 } 3442 3443 return freqs; 3444} 3445 3446 3447void wpas_connection_failed(struct wpa_supplicant *wpa_s, const u8 *bssid) 3448{ 3449 int timeout; 3450 int count; 3451 int *freqs = NULL; 3452 3453 /* 3454 * Remove possible authentication timeout since the connection failed. 3455 */ 3456 eloop_cancel_timeout(wpa_supplicant_timeout, wpa_s, NULL); 3457 3458 /* 3459 * Add the failed BSSID into the blacklist and speed up next scan 3460 * attempt if there could be other APs that could accept association. 3461 * The current blacklist count indicates how many times we have tried 3462 * connecting to this AP and multiple attempts mean that other APs are 3463 * either not available or has already been tried, so that we can start 3464 * increasing the delay here to avoid constant scanning. 3465 */ 3466 count = wpa_blacklist_add(wpa_s, bssid); 3467 if (count == 1 && wpa_s->current_bss) { 3468 /* 3469 * This BSS was not in the blacklist before. If there is 3470 * another BSS available for the same ESS, we should try that 3471 * next. Otherwise, we may as well try this one once more 3472 * before allowing other, likely worse, ESSes to be considered. 3473 */ 3474 freqs = get_bss_freqs_in_ess(wpa_s); 3475 if (freqs) { 3476 wpa_dbg(wpa_s, MSG_DEBUG, "Another BSS in this ESS " 3477 "has been seen; try it next"); 3478 wpa_blacklist_add(wpa_s, bssid); 3479 /* 3480 * On the next scan, go through only the known channels 3481 * used in this ESS based on previous scans to speed up 3482 * common load balancing use case. 3483 */ 3484 os_free(wpa_s->next_scan_freqs); 3485 wpa_s->next_scan_freqs = freqs; 3486 } 3487 } 3488 3489 /* 3490 * Add previous failure count in case the temporary blacklist was 3491 * cleared due to no other BSSes being available. 3492 */ 3493 count += wpa_s->extra_blacklist_count; 3494 3495 switch (count) { 3496 case 1: 3497 timeout = 100; 3498 break; 3499 case 2: 3500 timeout = 500; 3501 break; 3502 case 3: 3503 timeout = 1000; 3504 break; 3505 case 4: 3506 timeout = 5000; 3507 break; 3508 default: 3509 timeout = 10000; 3510 break; 3511 } 3512 3513 wpa_dbg(wpa_s, MSG_DEBUG, "Blacklist count %d --> request scan in %d " 3514 "ms", count, timeout); 3515 3516 /* 3517 * TODO: if more than one possible AP is available in scan results, 3518 * could try the other ones before requesting a new scan. 3519 */ 3520 wpa_supplicant_req_scan(wpa_s, timeout / 1000, 3521 1000 * (timeout % 1000)); 3522 3523#ifdef CONFIG_P2P 3524 if (wpa_s->global->p2p_cb_on_scan_complete && !wpa_s->global->p2p_disabled && 3525 wpa_s->global->p2p != NULL) { 3526 wpa_s->global->p2p_cb_on_scan_complete = 0; 3527 if (p2p_other_scan_completed(wpa_s->global->p2p) == 1) { 3528 wpa_dbg(wpa_s, MSG_DEBUG, "P2P: Pending P2P operation " 3529 "continued after failed association"); 3530 } 3531 } 3532#endif /* CONFIG_P2P */ 3533} 3534 3535 3536int wpas_driver_bss_selection(struct wpa_supplicant *wpa_s) 3537{ 3538 return wpa_s->conf->ap_scan == 2 || 3539 (wpa_s->drv_flags & WPA_DRIVER_FLAGS_BSS_SELECTION); 3540} 3541 3542 3543#if defined(CONFIG_CTRL_IFACE) || defined(CONFIG_CTRL_IFACE_DBUS_NEW) 3544int wpa_supplicant_ctrl_iface_ctrl_rsp_handle(struct wpa_supplicant *wpa_s, 3545 struct wpa_ssid *ssid, 3546 const char *field, 3547 const char *value) 3548{ 3549#ifdef IEEE8021X_EAPOL 3550 struct eap_peer_config *eap = &ssid->eap; 3551 3552 wpa_printf(MSG_DEBUG, "CTRL_IFACE: response handle field=%s", field); 3553 wpa_hexdump_ascii_key(MSG_DEBUG, "CTRL_IFACE: response value", 3554 (const u8 *) value, os_strlen(value)); 3555 3556 switch (wpa_supplicant_ctrl_req_from_string(field)) { 3557 case WPA_CTRL_REQ_EAP_IDENTITY: 3558 os_free(eap->identity); 3559 eap->identity = (u8 *) os_strdup(value); 3560 eap->identity_len = os_strlen(value); 3561 eap->pending_req_identity = 0; 3562 if (ssid == wpa_s->current_ssid) 3563 wpa_s->reassociate = 1; 3564 break; 3565 case WPA_CTRL_REQ_EAP_PASSWORD: 3566 os_free(eap->password); 3567 eap->password = (u8 *) os_strdup(value); 3568 eap->password_len = os_strlen(value); 3569 eap->pending_req_password = 0; 3570 if (ssid == wpa_s->current_ssid) 3571 wpa_s->reassociate = 1; 3572 break; 3573 case WPA_CTRL_REQ_EAP_NEW_PASSWORD: 3574 os_free(eap->new_password); 3575 eap->new_password = (u8 *) os_strdup(value); 3576 eap->new_password_len = os_strlen(value); 3577 eap->pending_req_new_password = 0; 3578 if (ssid == wpa_s->current_ssid) 3579 wpa_s->reassociate = 1; 3580 break; 3581 case WPA_CTRL_REQ_EAP_PIN: 3582 os_free(eap->pin); 3583 eap->pin = os_strdup(value); 3584 eap->pending_req_pin = 0; 3585 if (ssid == wpa_s->current_ssid) 3586 wpa_s->reassociate = 1; 3587 break; 3588 case WPA_CTRL_REQ_EAP_OTP: 3589 os_free(eap->otp); 3590 eap->otp = (u8 *) os_strdup(value); 3591 eap->otp_len = os_strlen(value); 3592 os_free(eap->pending_req_otp); 3593 eap->pending_req_otp = NULL; 3594 eap->pending_req_otp_len = 0; 3595 break; 3596 case WPA_CTRL_REQ_EAP_PASSPHRASE: 3597 os_free(eap->private_key_passwd); 3598 eap->private_key_passwd = (u8 *) os_strdup(value); 3599 eap->pending_req_passphrase = 0; 3600 if (ssid == wpa_s->current_ssid) 3601 wpa_s->reassociate = 1; 3602 break; 3603 default: 3604 wpa_printf(MSG_DEBUG, "CTRL_IFACE: Unknown field '%s'", field); 3605 return -1; 3606 } 3607 3608 return 0; 3609#else /* IEEE8021X_EAPOL */ 3610 wpa_printf(MSG_DEBUG, "CTRL_IFACE: IEEE 802.1X not included"); 3611 return -1; 3612#endif /* IEEE8021X_EAPOL */ 3613} 3614#endif /* CONFIG_CTRL_IFACE || CONFIG_CTRL_IFACE_DBUS_NEW */ 3615 3616 3617int wpas_network_disabled(struct wpa_supplicant *wpa_s, struct wpa_ssid *ssid) 3618{ 3619 int i; 3620 unsigned int drv_enc; 3621 3622 if (ssid == NULL) 3623 return 1; 3624 3625 if (ssid->disabled) 3626 return 1; 3627 3628 if (wpa_s && wpa_s->drv_capa_known) 3629 drv_enc = wpa_s->drv_enc; 3630 else 3631 drv_enc = (unsigned int) -1; 3632 3633 for (i = 0; i < NUM_WEP_KEYS; i++) { 3634 size_t len = ssid->wep_key_len[i]; 3635 if (len == 0) 3636 continue; 3637 if (len == 5 && (drv_enc & WPA_DRIVER_CAPA_ENC_WEP40)) 3638 continue; 3639 if (len == 13 && (drv_enc & WPA_DRIVER_CAPA_ENC_WEP104)) 3640 continue; 3641 if (len == 16 && (drv_enc & WPA_DRIVER_CAPA_ENC_WEP128)) 3642 continue; 3643 return 1; /* invalid WEP key */ 3644 } 3645 3646 if (wpa_key_mgmt_wpa_psk(ssid->key_mgmt) && !ssid->psk_set && 3647 !ssid->ext_psk) 3648 return 1; 3649 3650 return 0; 3651} 3652 3653 3654int wpas_is_p2p_prioritized(struct wpa_supplicant *wpa_s) 3655{ 3656 if (wpa_s->global->conc_pref == WPA_CONC_PREF_P2P) 3657 return 1; 3658 if (wpa_s->global->conc_pref == WPA_CONC_PREF_STA) 3659 return 0; 3660 return -1; 3661} 3662 3663 3664void wpas_auth_failed(struct wpa_supplicant *wpa_s) 3665{ 3666 struct wpa_ssid *ssid = wpa_s->current_ssid; 3667 int dur; 3668 struct os_time now; 3669 3670 if (ssid == NULL) { 3671 wpa_printf(MSG_DEBUG, "Authentication failure but no known " 3672 "SSID block"); 3673 return; 3674 } 3675 3676 if (ssid->key_mgmt == WPA_KEY_MGMT_WPS) 3677 return; 3678 3679 ssid->auth_failures++; 3680 if (ssid->auth_failures > 50) 3681 dur = 300; 3682 else if (ssid->auth_failures > 20) 3683 dur = 120; 3684 else if (ssid->auth_failures > 10) 3685 dur = 60; 3686 else if (ssid->auth_failures > 5) 3687 dur = 30; 3688 else if (ssid->auth_failures > 1) 3689 dur = 20; 3690 else 3691 dur = 10; 3692 3693 os_get_time(&now); 3694 if (now.sec + dur <= ssid->disabled_until.sec) 3695 return; 3696 3697 ssid->disabled_until.sec = now.sec + dur; 3698 3699 wpa_msg(wpa_s, MSG_INFO, WPA_EVENT_TEMP_DISABLED 3700 "id=%d ssid=\"%s\" auth_failures=%u duration=%d", 3701 ssid->id, wpa_ssid_txt(ssid->ssid, ssid->ssid_len), 3702 ssid->auth_failures, dur); 3703} 3704 3705 3706void wpas_clear_temp_disabled(struct wpa_supplicant *wpa_s, 3707 struct wpa_ssid *ssid, int clear_failures) 3708{ 3709 if (ssid == NULL) 3710 return; 3711 3712 if (ssid->disabled_until.sec) { 3713 wpa_msg(wpa_s, MSG_INFO, WPA_EVENT_REENABLED 3714 "id=%d ssid=\"%s\"", 3715 ssid->id, wpa_ssid_txt(ssid->ssid, ssid->ssid_len)); 3716 } 3717 ssid->disabled_until.sec = 0; 3718 ssid->disabled_until.usec = 0; 3719 if (clear_failures) 3720 ssid->auth_failures = 0; 3721} 3722 3723 3724int disallowed_bssid(struct wpa_supplicant *wpa_s, const u8 *bssid) 3725{ 3726 size_t i; 3727 3728 if (wpa_s->disallow_aps_bssid == NULL) 3729 return 0; 3730 3731 for (i = 0; i < wpa_s->disallow_aps_bssid_count; i++) { 3732 if (os_memcmp(wpa_s->disallow_aps_bssid + i * ETH_ALEN, 3733 bssid, ETH_ALEN) == 0) 3734 return 1; 3735 } 3736 3737 return 0; 3738} 3739 3740 3741int disallowed_ssid(struct wpa_supplicant *wpa_s, const u8 *ssid, 3742 size_t ssid_len) 3743{ 3744 size_t i; 3745 3746 if (wpa_s->disallow_aps_ssid == NULL || ssid == NULL) 3747 return 0; 3748 3749 for (i = 0; i < wpa_s->disallow_aps_ssid_count; i++) { 3750 struct wpa_ssid_value *s = &wpa_s->disallow_aps_ssid[i]; 3751 if (ssid_len == s->ssid_len && 3752 os_memcmp(ssid, s->ssid, ssid_len) == 0) 3753 return 1; 3754 } 3755 3756 return 0; 3757} 3758 3759 3760/** 3761 * wpas_request_connection - Request a new connection 3762 * @wpa_s: Pointer to the network interface 3763 * 3764 * This function is used to request a new connection to be found. It will mark 3765 * the interface to allow reassociation and request a new scan to find a 3766 * suitable network to connect to. 3767 */ 3768void wpas_request_connection(struct wpa_supplicant *wpa_s) 3769{ 3770 wpa_s->normal_scans = 0; 3771 wpa_supplicant_reinit_autoscan(wpa_s); 3772 wpa_s->extra_blacklist_count = 0; 3773 wpa_s->disconnected = 0; 3774 wpa_s->reassociate = 1; 3775 wpa_supplicant_req_scan(wpa_s, 0, 0); 3776} 3777