wpa_supplicant.c revision 4b9d52f502481b258fec743c03a5e957e5605afc
1/* 2 * WPA Supplicant 3 * Copyright (c) 2003-2012, Jouni Malinen <j@w1.fi> 4 * 5 * This software may be distributed under the terms of the BSD license. 6 * See README for more details. 7 * 8 * This file implements functions for registering and unregistering 9 * %wpa_supplicant interfaces. In addition, this file contains number of 10 * functions for managing network connections. 11 */ 12 13#include "includes.h" 14 15#include "common.h" 16#include "crypto/random.h" 17#include "crypto/sha1.h" 18#include "eapol_supp/eapol_supp_sm.h" 19#include "eap_peer/eap.h" 20#include "eap_server/eap_methods.h" 21#include "rsn_supp/wpa.h" 22#include "eloop.h" 23#include "config.h" 24#include "utils/ext_password.h" 25#include "l2_packet/l2_packet.h" 26#include "wpa_supplicant_i.h" 27#include "driver_i.h" 28#include "ctrl_iface.h" 29#include "pcsc_funcs.h" 30#include "common/version.h" 31#include "rsn_supp/preauth.h" 32#include "rsn_supp/pmksa_cache.h" 33#include "common/wpa_ctrl.h" 34#include "common/ieee802_11_defs.h" 35#include "p2p/p2p.h" 36#include "blacklist.h" 37#include "wpas_glue.h" 38#include "wps_supplicant.h" 39#include "ibss_rsn.h" 40#include "sme.h" 41#include "gas_query.h" 42#include "ap.h" 43#include "p2p_supplicant.h" 44#include "wifi_display.h" 45#include "notify.h" 46#include "bgscan.h" 47#include "autoscan.h" 48#include "bss.h" 49#include "scan.h" 50#include "offchannel.h" 51#include "hs20_supplicant.h" 52 53const char *wpa_supplicant_version = 54"wpa_supplicant v" VERSION_STR "\n" 55"Copyright (c) 2003-2013, Jouni Malinen <j@w1.fi> and contributors"; 56 57const char *wpa_supplicant_license = 58"This software may be distributed under the terms of the BSD license.\n" 59"See README for more details.\n" 60#ifdef EAP_TLS_OPENSSL 61"\nThis product includes software developed by the OpenSSL Project\n" 62"for use in the OpenSSL Toolkit (http://www.openssl.org/)\n" 63#endif /* EAP_TLS_OPENSSL */ 64; 65 66#ifndef CONFIG_NO_STDOUT_DEBUG 67/* Long text divided into parts in order to fit in C89 strings size limits. */ 68const char *wpa_supplicant_full_license1 = 69""; 70const char *wpa_supplicant_full_license2 = 71"This software may be distributed under the terms of the BSD license.\n" 72"\n" 73"Redistribution and use in source and binary forms, with or without\n" 74"modification, are permitted provided that the following conditions are\n" 75"met:\n" 76"\n"; 77const char *wpa_supplicant_full_license3 = 78"1. Redistributions of source code must retain the above copyright\n" 79" notice, this list of conditions and the following disclaimer.\n" 80"\n" 81"2. Redistributions in binary form must reproduce the above copyright\n" 82" notice, this list of conditions and the following disclaimer in the\n" 83" documentation and/or other materials provided with the distribution.\n" 84"\n"; 85const char *wpa_supplicant_full_license4 = 86"3. Neither the name(s) of the above-listed copyright holder(s) nor the\n" 87" names of its contributors may be used to endorse or promote products\n" 88" derived from this software without specific prior written permission.\n" 89"\n" 90"THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS\n" 91"\"AS IS\" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT\n" 92"LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR\n" 93"A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT\n"; 94const char *wpa_supplicant_full_license5 = 95"OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,\n" 96"SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT\n" 97"LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,\n" 98"DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY\n" 99"THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT\n" 100"(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE\n" 101"OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n" 102"\n"; 103#endif /* CONFIG_NO_STDOUT_DEBUG */ 104 105extern int wpa_debug_level; 106extern int wpa_debug_show_keys; 107extern int wpa_debug_timestamp; 108extern struct wpa_driver_ops *wpa_drivers[]; 109 110/* Configure default/group WEP keys for static WEP */ 111int wpa_set_wep_keys(struct wpa_supplicant *wpa_s, struct wpa_ssid *ssid) 112{ 113 int i, set = 0; 114 115 for (i = 0; i < NUM_WEP_KEYS; i++) { 116 if (ssid->wep_key_len[i] == 0) 117 continue; 118 119 set = 1; 120 wpa_drv_set_key(wpa_s, WPA_ALG_WEP, NULL, 121 i, i == ssid->wep_tx_keyidx, NULL, 0, 122 ssid->wep_key[i], ssid->wep_key_len[i]); 123 } 124 125 return set; 126} 127 128 129static int wpa_supplicant_set_wpa_none_key(struct wpa_supplicant *wpa_s, 130 struct wpa_ssid *ssid) 131{ 132 u8 key[32]; 133 size_t keylen; 134 enum wpa_alg alg; 135 u8 seq[6] = { 0 }; 136 137 /* IBSS/WPA-None uses only one key (Group) for both receiving and 138 * sending unicast and multicast packets. */ 139 140 if (ssid->mode != WPAS_MODE_IBSS) { 141 wpa_msg(wpa_s, MSG_INFO, "WPA: Invalid mode %d (not " 142 "IBSS/ad-hoc) for WPA-None", ssid->mode); 143 return -1; 144 } 145 146 if (!ssid->psk_set) { 147 wpa_msg(wpa_s, MSG_INFO, "WPA: No PSK configured for " 148 "WPA-None"); 149 return -1; 150 } 151 152 switch (wpa_s->group_cipher) { 153 case WPA_CIPHER_CCMP: 154 os_memcpy(key, ssid->psk, 16); 155 keylen = 16; 156 alg = WPA_ALG_CCMP; 157 break; 158 case WPA_CIPHER_GCMP: 159 os_memcpy(key, ssid->psk, 16); 160 keylen = 16; 161 alg = WPA_ALG_GCMP; 162 break; 163 case WPA_CIPHER_TKIP: 164 /* WPA-None uses the same Michael MIC key for both TX and RX */ 165 os_memcpy(key, ssid->psk, 16 + 8); 166 os_memcpy(key + 16 + 8, ssid->psk + 16, 8); 167 keylen = 32; 168 alg = WPA_ALG_TKIP; 169 break; 170 default: 171 wpa_msg(wpa_s, MSG_INFO, "WPA: Invalid group cipher %d for " 172 "WPA-None", wpa_s->group_cipher); 173 return -1; 174 } 175 176 /* TODO: should actually remember the previously used seq#, both for TX 177 * and RX from each STA.. */ 178 179 return wpa_drv_set_key(wpa_s, alg, NULL, 0, 1, seq, 6, key, keylen); 180} 181 182 183static void wpa_supplicant_timeout(void *eloop_ctx, void *timeout_ctx) 184{ 185 struct wpa_supplicant *wpa_s = eloop_ctx; 186 const u8 *bssid = wpa_s->bssid; 187 if (is_zero_ether_addr(bssid)) 188 bssid = wpa_s->pending_bssid; 189 wpa_msg(wpa_s, MSG_INFO, "Authentication with " MACSTR " timed out.", 190 MAC2STR(bssid)); 191 wpa_blacklist_add(wpa_s, bssid); 192 wpa_sm_notify_disassoc(wpa_s->wpa); 193 wpa_supplicant_deauthenticate(wpa_s, WLAN_REASON_DEAUTH_LEAVING); 194 wpa_s->reassociate = 1; 195 196 /* 197 * If we timed out, the AP or the local radio may be busy. 198 * So, wait a second until scanning again. 199 */ 200 wpa_supplicant_req_scan(wpa_s, 1, 0); 201 202#ifdef CONFIG_P2P 203 if (wpa_s->global->p2p_cb_on_scan_complete && !wpa_s->global->p2p_disabled && 204 wpa_s->global->p2p != NULL) { 205 wpa_s->global->p2p_cb_on_scan_complete = 0; 206 if (p2p_other_scan_completed(wpa_s->global->p2p) == 1) { 207 wpa_dbg(wpa_s, MSG_DEBUG, "P2P: Pending P2P operation " 208 "continued after timed out authentication"); 209 } 210 } 211#endif /* CONFIG_P2P */ 212} 213 214 215/** 216 * wpa_supplicant_req_auth_timeout - Schedule a timeout for authentication 217 * @wpa_s: Pointer to wpa_supplicant data 218 * @sec: Number of seconds after which to time out authentication 219 * @usec: Number of microseconds after which to time out authentication 220 * 221 * This function is used to schedule a timeout for the current authentication 222 * attempt. 223 */ 224void wpa_supplicant_req_auth_timeout(struct wpa_supplicant *wpa_s, 225 int sec, int usec) 226{ 227 if (wpa_s->conf && wpa_s->conf->ap_scan == 0 && 228 (wpa_s->drv_flags & WPA_DRIVER_FLAGS_WIRED)) 229 return; 230 231 wpa_dbg(wpa_s, MSG_DEBUG, "Setting authentication timeout: %d sec " 232 "%d usec", sec, usec); 233 eloop_cancel_timeout(wpa_supplicant_timeout, wpa_s, NULL); 234 eloop_register_timeout(sec, usec, wpa_supplicant_timeout, wpa_s, NULL); 235} 236 237 238/** 239 * wpa_supplicant_cancel_auth_timeout - Cancel authentication timeout 240 * @wpa_s: Pointer to wpa_supplicant data 241 * 242 * This function is used to cancel authentication timeout scheduled with 243 * wpa_supplicant_req_auth_timeout() and it is called when authentication has 244 * been completed. 245 */ 246void wpa_supplicant_cancel_auth_timeout(struct wpa_supplicant *wpa_s) 247{ 248 wpa_dbg(wpa_s, MSG_DEBUG, "Cancelling authentication timeout"); 249 eloop_cancel_timeout(wpa_supplicant_timeout, wpa_s, NULL); 250 wpa_blacklist_del(wpa_s, wpa_s->bssid); 251} 252 253 254/** 255 * wpa_supplicant_initiate_eapol - Configure EAPOL state machine 256 * @wpa_s: Pointer to wpa_supplicant data 257 * 258 * This function is used to configure EAPOL state machine based on the selected 259 * authentication mode. 260 */ 261void wpa_supplicant_initiate_eapol(struct wpa_supplicant *wpa_s) 262{ 263#ifdef IEEE8021X_EAPOL 264 struct eapol_config eapol_conf; 265 struct wpa_ssid *ssid = wpa_s->current_ssid; 266 267#ifdef CONFIG_IBSS_RSN 268 if (ssid->mode == WPAS_MODE_IBSS && 269 wpa_s->key_mgmt != WPA_KEY_MGMT_NONE && 270 wpa_s->key_mgmt != WPA_KEY_MGMT_WPA_NONE) { 271 /* 272 * RSN IBSS authentication is per-STA and we can disable the 273 * per-BSSID EAPOL authentication. 274 */ 275 eapol_sm_notify_portControl(wpa_s->eapol, ForceAuthorized); 276 eapol_sm_notify_eap_success(wpa_s->eapol, TRUE); 277 eapol_sm_notify_eap_fail(wpa_s->eapol, FALSE); 278 return; 279 } 280#endif /* CONFIG_IBSS_RSN */ 281 282 eapol_sm_notify_eap_success(wpa_s->eapol, FALSE); 283 eapol_sm_notify_eap_fail(wpa_s->eapol, FALSE); 284 285 if (wpa_s->key_mgmt == WPA_KEY_MGMT_NONE || 286 wpa_s->key_mgmt == WPA_KEY_MGMT_WPA_NONE) 287 eapol_sm_notify_portControl(wpa_s->eapol, ForceAuthorized); 288 else 289 eapol_sm_notify_portControl(wpa_s->eapol, Auto); 290 291 os_memset(&eapol_conf, 0, sizeof(eapol_conf)); 292 if (wpa_s->key_mgmt == WPA_KEY_MGMT_IEEE8021X_NO_WPA) { 293 eapol_conf.accept_802_1x_keys = 1; 294 eapol_conf.required_keys = 0; 295 if (ssid->eapol_flags & EAPOL_FLAG_REQUIRE_KEY_UNICAST) { 296 eapol_conf.required_keys |= EAPOL_REQUIRE_KEY_UNICAST; 297 } 298 if (ssid->eapol_flags & EAPOL_FLAG_REQUIRE_KEY_BROADCAST) { 299 eapol_conf.required_keys |= 300 EAPOL_REQUIRE_KEY_BROADCAST; 301 } 302 303 if (wpa_s->conf && (wpa_s->drv_flags & WPA_DRIVER_FLAGS_WIRED)) 304 eapol_conf.required_keys = 0; 305 } 306 if (wpa_s->conf) 307 eapol_conf.fast_reauth = wpa_s->conf->fast_reauth; 308 eapol_conf.workaround = ssid->eap_workaround; 309 eapol_conf.eap_disabled = 310 !wpa_key_mgmt_wpa_ieee8021x(wpa_s->key_mgmt) && 311 wpa_s->key_mgmt != WPA_KEY_MGMT_IEEE8021X_NO_WPA && 312 wpa_s->key_mgmt != WPA_KEY_MGMT_WPS; 313 eapol_sm_notify_config(wpa_s->eapol, &ssid->eap, &eapol_conf); 314#endif /* IEEE8021X_EAPOL */ 315} 316 317 318/** 319 * wpa_supplicant_set_non_wpa_policy - Set WPA parameters to non-WPA mode 320 * @wpa_s: Pointer to wpa_supplicant data 321 * @ssid: Configuration data for the network 322 * 323 * This function is used to configure WPA state machine and related parameters 324 * to a mode where WPA is not enabled. This is called as part of the 325 * authentication configuration when the selected network does not use WPA. 326 */ 327void wpa_supplicant_set_non_wpa_policy(struct wpa_supplicant *wpa_s, 328 struct wpa_ssid *ssid) 329{ 330 int i; 331 332 if (ssid->key_mgmt & WPA_KEY_MGMT_WPS) 333 wpa_s->key_mgmt = WPA_KEY_MGMT_WPS; 334 else if (ssid->key_mgmt & WPA_KEY_MGMT_IEEE8021X_NO_WPA) 335 wpa_s->key_mgmt = WPA_KEY_MGMT_IEEE8021X_NO_WPA; 336 else 337 wpa_s->key_mgmt = WPA_KEY_MGMT_NONE; 338 wpa_sm_set_ap_wpa_ie(wpa_s->wpa, NULL, 0); 339 wpa_sm_set_ap_rsn_ie(wpa_s->wpa, NULL, 0); 340 wpa_sm_set_assoc_wpa_ie(wpa_s->wpa, NULL, 0); 341 wpa_s->pairwise_cipher = WPA_CIPHER_NONE; 342 wpa_s->group_cipher = WPA_CIPHER_NONE; 343 wpa_s->mgmt_group_cipher = 0; 344 345 for (i = 0; i < NUM_WEP_KEYS; i++) { 346 if (ssid->wep_key_len[i] > 5) { 347 wpa_s->pairwise_cipher = WPA_CIPHER_WEP104; 348 wpa_s->group_cipher = WPA_CIPHER_WEP104; 349 break; 350 } else if (ssid->wep_key_len[i] > 0) { 351 wpa_s->pairwise_cipher = WPA_CIPHER_WEP40; 352 wpa_s->group_cipher = WPA_CIPHER_WEP40; 353 break; 354 } 355 } 356 357 wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_RSN_ENABLED, 0); 358 wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_KEY_MGMT, wpa_s->key_mgmt); 359 wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_PAIRWISE, 360 wpa_s->pairwise_cipher); 361 wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_GROUP, wpa_s->group_cipher); 362#ifdef CONFIG_IEEE80211W 363 wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_MGMT_GROUP, 364 wpa_s->mgmt_group_cipher); 365#endif /* CONFIG_IEEE80211W */ 366 367 pmksa_cache_clear_current(wpa_s->wpa); 368} 369 370 371void free_hw_features(struct wpa_supplicant *wpa_s) 372{ 373 int i; 374 if (wpa_s->hw.modes == NULL) 375 return; 376 377 for (i = 0; i < wpa_s->hw.num_modes; i++) { 378 os_free(wpa_s->hw.modes[i].channels); 379 os_free(wpa_s->hw.modes[i].rates); 380 } 381 382 os_free(wpa_s->hw.modes); 383 wpa_s->hw.modes = NULL; 384} 385 386 387static void wpa_supplicant_cleanup(struct wpa_supplicant *wpa_s) 388{ 389 bgscan_deinit(wpa_s); 390 autoscan_deinit(wpa_s); 391 scard_deinit(wpa_s->scard); 392 wpa_s->scard = NULL; 393 wpa_sm_set_scard_ctx(wpa_s->wpa, NULL); 394 eapol_sm_register_scard_ctx(wpa_s->eapol, NULL); 395 l2_packet_deinit(wpa_s->l2); 396 wpa_s->l2 = NULL; 397 if (wpa_s->l2_br) { 398 l2_packet_deinit(wpa_s->l2_br); 399 wpa_s->l2_br = NULL; 400 } 401 402 if (wpa_s->conf != NULL) { 403 struct wpa_ssid *ssid; 404 for (ssid = wpa_s->conf->ssid; ssid; ssid = ssid->next) 405 wpas_notify_network_removed(wpa_s, ssid); 406 } 407 408 os_free(wpa_s->confname); 409 wpa_s->confname = NULL; 410 411 wpa_sm_set_eapol(wpa_s->wpa, NULL); 412 eapol_sm_deinit(wpa_s->eapol); 413 wpa_s->eapol = NULL; 414 415 rsn_preauth_deinit(wpa_s->wpa); 416 417#ifdef CONFIG_TDLS 418 wpa_tdls_deinit(wpa_s->wpa); 419#endif /* CONFIG_TDLS */ 420 421 pmksa_candidate_free(wpa_s->wpa); 422 wpa_sm_deinit(wpa_s->wpa); 423 wpa_s->wpa = NULL; 424 wpa_blacklist_clear(wpa_s); 425 426 wpa_bss_deinit(wpa_s); 427 428 wpa_supplicant_cancel_scan(wpa_s); 429 wpa_supplicant_cancel_auth_timeout(wpa_s); 430 eloop_cancel_timeout(wpa_supplicant_stop_countermeasures, wpa_s, NULL); 431#ifdef CONFIG_DELAYED_MIC_ERROR_REPORT 432 eloop_cancel_timeout(wpa_supplicant_delayed_mic_error_report, 433 wpa_s, NULL); 434#endif /* CONFIG_DELAYED_MIC_ERROR_REPORT */ 435 436 wpas_wps_deinit(wpa_s); 437 438 wpabuf_free(wpa_s->pending_eapol_rx); 439 wpa_s->pending_eapol_rx = NULL; 440 441#ifdef CONFIG_IBSS_RSN 442 ibss_rsn_deinit(wpa_s->ibss_rsn); 443 wpa_s->ibss_rsn = NULL; 444#endif /* CONFIG_IBSS_RSN */ 445 446 sme_deinit(wpa_s); 447 448#ifdef CONFIG_AP 449 wpa_supplicant_ap_deinit(wpa_s); 450#endif /* CONFIG_AP */ 451 452#ifdef CONFIG_P2P 453 wpas_p2p_deinit(wpa_s); 454#endif /* CONFIG_P2P */ 455 456#ifdef CONFIG_OFFCHANNEL 457 offchannel_deinit(wpa_s); 458#endif /* CONFIG_OFFCHANNEL */ 459 460 wpa_supplicant_cancel_sched_scan(wpa_s); 461 462 os_free(wpa_s->next_scan_freqs); 463 wpa_s->next_scan_freqs = NULL; 464 465 gas_query_deinit(wpa_s->gas); 466 wpa_s->gas = NULL; 467 468 free_hw_features(wpa_s); 469 470 os_free(wpa_s->bssid_filter); 471 wpa_s->bssid_filter = NULL; 472 473 os_free(wpa_s->disallow_aps_bssid); 474 wpa_s->disallow_aps_bssid = NULL; 475 os_free(wpa_s->disallow_aps_ssid); 476 wpa_s->disallow_aps_ssid = NULL; 477 478 wnm_bss_keep_alive_deinit(wpa_s); 479 480 ext_password_deinit(wpa_s->ext_pw); 481 wpa_s->ext_pw = NULL; 482 483 wpabuf_free(wpa_s->last_gas_resp); 484 485 os_free(wpa_s->last_scan_res); 486 wpa_s->last_scan_res = NULL; 487} 488 489 490/** 491 * wpa_clear_keys - Clear keys configured for the driver 492 * @wpa_s: Pointer to wpa_supplicant data 493 * @addr: Previously used BSSID or %NULL if not available 494 * 495 * This function clears the encryption keys that has been previously configured 496 * for the driver. 497 */ 498void wpa_clear_keys(struct wpa_supplicant *wpa_s, const u8 *addr) 499{ 500 if (wpa_s->keys_cleared) { 501 /* Some drivers (e.g., ndiswrapper & NDIS drivers) seem to have 502 * timing issues with keys being cleared just before new keys 503 * are set or just after association or something similar. This 504 * shows up in group key handshake failing often because of the 505 * client not receiving the first encrypted packets correctly. 506 * Skipping some of the extra key clearing steps seems to help 507 * in completing group key handshake more reliably. */ 508 wpa_dbg(wpa_s, MSG_DEBUG, "No keys have been configured - " 509 "skip key clearing"); 510 return; 511 } 512 513 /* MLME-DELETEKEYS.request */ 514 wpa_drv_set_key(wpa_s, WPA_ALG_NONE, NULL, 0, 0, NULL, 0, NULL, 0); 515 wpa_drv_set_key(wpa_s, WPA_ALG_NONE, NULL, 1, 0, NULL, 0, NULL, 0); 516 wpa_drv_set_key(wpa_s, WPA_ALG_NONE, NULL, 2, 0, NULL, 0, NULL, 0); 517 wpa_drv_set_key(wpa_s, WPA_ALG_NONE, NULL, 3, 0, NULL, 0, NULL, 0); 518#ifdef CONFIG_IEEE80211W 519 wpa_drv_set_key(wpa_s, WPA_ALG_NONE, NULL, 4, 0, NULL, 0, NULL, 0); 520 wpa_drv_set_key(wpa_s, WPA_ALG_NONE, NULL, 5, 0, NULL, 0, NULL, 0); 521#endif /* CONFIG_IEEE80211W */ 522 if (addr) { 523 wpa_drv_set_key(wpa_s, WPA_ALG_NONE, addr, 0, 0, NULL, 0, NULL, 524 0); 525 /* MLME-SETPROTECTION.request(None) */ 526 wpa_drv_mlme_setprotection( 527 wpa_s, addr, 528 MLME_SETPROTECTION_PROTECT_TYPE_NONE, 529 MLME_SETPROTECTION_KEY_TYPE_PAIRWISE); 530 } 531 wpa_s->keys_cleared = 1; 532} 533 534 535/** 536 * wpa_supplicant_state_txt - Get the connection state name as a text string 537 * @state: State (wpa_state; WPA_*) 538 * Returns: The state name as a printable text string 539 */ 540const char * wpa_supplicant_state_txt(enum wpa_states state) 541{ 542 switch (state) { 543 case WPA_DISCONNECTED: 544 return "DISCONNECTED"; 545 case WPA_INACTIVE: 546 return "INACTIVE"; 547 case WPA_INTERFACE_DISABLED: 548 return "INTERFACE_DISABLED"; 549 case WPA_SCANNING: 550 return "SCANNING"; 551 case WPA_AUTHENTICATING: 552 return "AUTHENTICATING"; 553 case WPA_ASSOCIATING: 554 return "ASSOCIATING"; 555 case WPA_ASSOCIATED: 556 return "ASSOCIATED"; 557 case WPA_4WAY_HANDSHAKE: 558 return "4WAY_HANDSHAKE"; 559 case WPA_GROUP_HANDSHAKE: 560 return "GROUP_HANDSHAKE"; 561 case WPA_COMPLETED: 562 return "COMPLETED"; 563 default: 564 return "UNKNOWN"; 565 } 566} 567 568 569#ifdef CONFIG_BGSCAN 570 571static void wpa_supplicant_start_bgscan(struct wpa_supplicant *wpa_s) 572{ 573 if (wpas_driver_bss_selection(wpa_s)) 574 return; 575 if (wpa_s->current_ssid == wpa_s->bgscan_ssid) 576 return; 577 578 bgscan_deinit(wpa_s); 579 if (wpa_s->current_ssid && wpa_s->current_ssid->bgscan) { 580 if (bgscan_init(wpa_s, wpa_s->current_ssid)) { 581 wpa_dbg(wpa_s, MSG_DEBUG, "Failed to initialize " 582 "bgscan"); 583 /* 584 * Live without bgscan; it is only used as a roaming 585 * optimization, so the initial connection is not 586 * affected. 587 */ 588 } else { 589 struct wpa_scan_results *scan_res; 590 wpa_s->bgscan_ssid = wpa_s->current_ssid; 591 scan_res = wpa_supplicant_get_scan_results(wpa_s, NULL, 592 0); 593 if (scan_res) { 594 bgscan_notify_scan(wpa_s, scan_res); 595 wpa_scan_results_free(scan_res); 596 } 597 } 598 } else 599 wpa_s->bgscan_ssid = NULL; 600} 601 602 603static void wpa_supplicant_stop_bgscan(struct wpa_supplicant *wpa_s) 604{ 605 if (wpa_s->bgscan_ssid != NULL) { 606 bgscan_deinit(wpa_s); 607 wpa_s->bgscan_ssid = NULL; 608 } 609} 610 611#endif /* CONFIG_BGSCAN */ 612 613 614static void wpa_supplicant_start_autoscan(struct wpa_supplicant *wpa_s) 615{ 616 if (autoscan_init(wpa_s, 0)) 617 wpa_dbg(wpa_s, MSG_DEBUG, "Failed to initialize autoscan"); 618} 619 620 621static void wpa_supplicant_stop_autoscan(struct wpa_supplicant *wpa_s) 622{ 623 autoscan_deinit(wpa_s); 624} 625 626 627void wpa_supplicant_reinit_autoscan(struct wpa_supplicant *wpa_s) 628{ 629 if (wpa_s->wpa_state == WPA_DISCONNECTED || 630 wpa_s->wpa_state == WPA_SCANNING) { 631 autoscan_deinit(wpa_s); 632 wpa_supplicant_start_autoscan(wpa_s); 633 } 634} 635 636 637/** 638 * wpa_supplicant_set_state - Set current connection state 639 * @wpa_s: Pointer to wpa_supplicant data 640 * @state: The new connection state 641 * 642 * This function is called whenever the connection state changes, e.g., 643 * association is completed for WPA/WPA2 4-Way Handshake is started. 644 */ 645void wpa_supplicant_set_state(struct wpa_supplicant *wpa_s, 646 enum wpa_states state) 647{ 648 enum wpa_states old_state = wpa_s->wpa_state; 649 650 wpa_dbg(wpa_s, MSG_DEBUG, "State: %s -> %s", 651 wpa_supplicant_state_txt(wpa_s->wpa_state), 652 wpa_supplicant_state_txt(state)); 653 654#ifdef ANDROID_P2P 655 if(state == WPA_ASSOCIATED && wpa_s->current_ssid) { 656 wpa_s->current_ssid->assoc_retry = 0; 657 } 658#endif /* ANDROID_P2P */ 659 660 if (state != WPA_SCANNING) 661 wpa_supplicant_notify_scanning(wpa_s, 0); 662 663 if (state == WPA_COMPLETED && wpa_s->new_connection) { 664#if defined(CONFIG_CTRL_IFACE) || !defined(CONFIG_NO_STDOUT_DEBUG) 665 struct wpa_ssid *ssid = wpa_s->current_ssid; 666 wpa_msg(wpa_s, MSG_INFO, WPA_EVENT_CONNECTED "- Connection to " 667 MACSTR " completed %s [id=%d id_str=%s]", 668 MAC2STR(wpa_s->bssid), "(auth)", 669 ssid ? ssid->id : -1, 670 ssid && ssid->id_str ? ssid->id_str : ""); 671#endif /* CONFIG_CTRL_IFACE || !CONFIG_NO_STDOUT_DEBUG */ 672 wpas_clear_temp_disabled(wpa_s, ssid, 1); 673 wpa_s->extra_blacklist_count = 0; 674 wpa_s->new_connection = 0; 675 wpa_drv_set_operstate(wpa_s, 1); 676#ifndef IEEE8021X_EAPOL 677 wpa_drv_set_supp_port(wpa_s, 1); 678#endif /* IEEE8021X_EAPOL */ 679 wpa_s->after_wps = 0; 680#ifdef CONFIG_P2P 681 wpas_p2p_completed(wpa_s); 682#endif /* CONFIG_P2P */ 683 684 sme_sched_obss_scan(wpa_s, 1); 685 } else if (state == WPA_DISCONNECTED || state == WPA_ASSOCIATING || 686 state == WPA_ASSOCIATED) { 687 wpa_s->new_connection = 1; 688 wpa_drv_set_operstate(wpa_s, 0); 689#ifndef IEEE8021X_EAPOL 690 wpa_drv_set_supp_port(wpa_s, 0); 691#endif /* IEEE8021X_EAPOL */ 692 sme_sched_obss_scan(wpa_s, 0); 693 } 694 wpa_s->wpa_state = state; 695 696#ifdef CONFIG_BGSCAN 697 if (state == WPA_COMPLETED) 698 wpa_supplicant_start_bgscan(wpa_s); 699 else 700 wpa_supplicant_stop_bgscan(wpa_s); 701#endif /* CONFIG_BGSCAN */ 702 703 if (state == WPA_AUTHENTICATING) 704 wpa_supplicant_stop_autoscan(wpa_s); 705 706 if (state == WPA_DISCONNECTED || state == WPA_INACTIVE) 707 wpa_supplicant_start_autoscan(wpa_s); 708 709 if (wpa_s->wpa_state != old_state) { 710 wpas_notify_state_changed(wpa_s, wpa_s->wpa_state, old_state); 711 712 if (wpa_s->wpa_state == WPA_COMPLETED || 713 old_state == WPA_COMPLETED) 714 wpas_notify_auth_changed(wpa_s); 715 } 716} 717 718 719void wpa_supplicant_terminate_proc(struct wpa_global *global) 720{ 721 int pending = 0; 722#ifdef CONFIG_WPS 723 struct wpa_supplicant *wpa_s = global->ifaces; 724 while (wpa_s) { 725 if (wpas_wps_terminate_pending(wpa_s) == 1) 726 pending = 1; 727 wpa_s = wpa_s->next; 728 } 729#endif /* CONFIG_WPS */ 730 if (pending) 731 return; 732 eloop_terminate(); 733} 734 735 736static void wpa_supplicant_terminate(int sig, void *signal_ctx) 737{ 738 struct wpa_global *global = signal_ctx; 739 wpa_supplicant_terminate_proc(global); 740} 741 742 743void wpa_supplicant_clear_status(struct wpa_supplicant *wpa_s) 744{ 745 enum wpa_states old_state = wpa_s->wpa_state; 746 747 wpa_s->pairwise_cipher = 0; 748 wpa_s->group_cipher = 0; 749 wpa_s->mgmt_group_cipher = 0; 750 wpa_s->key_mgmt = 0; 751 if (wpa_s->wpa_state != WPA_INTERFACE_DISABLED) 752 wpa_supplicant_set_state(wpa_s, WPA_DISCONNECTED); 753 754 if (wpa_s->wpa_state != old_state) 755 wpas_notify_state_changed(wpa_s, wpa_s->wpa_state, old_state); 756} 757 758 759/** 760 * wpa_supplicant_reload_configuration - Reload configuration data 761 * @wpa_s: Pointer to wpa_supplicant data 762 * Returns: 0 on success or -1 if configuration parsing failed 763 * 764 * This function can be used to request that the configuration data is reloaded 765 * (e.g., after configuration file change). This function is reloading 766 * configuration only for one interface, so this may need to be called multiple 767 * times if %wpa_supplicant is controlling multiple interfaces and all 768 * interfaces need reconfiguration. 769 */ 770int wpa_supplicant_reload_configuration(struct wpa_supplicant *wpa_s) 771{ 772 struct wpa_config *conf; 773 int reconf_ctrl; 774 int old_ap_scan; 775 776 if (wpa_s->confname == NULL) 777 return -1; 778 conf = wpa_config_read(wpa_s->confname); 779 if (conf == NULL) { 780 wpa_msg(wpa_s, MSG_ERROR, "Failed to parse the configuration " 781 "file '%s' - exiting", wpa_s->confname); 782 return -1; 783 } 784 conf->changed_parameters = (unsigned int) -1; 785 786 reconf_ctrl = !!conf->ctrl_interface != !!wpa_s->conf->ctrl_interface 787 || (conf->ctrl_interface && wpa_s->conf->ctrl_interface && 788 os_strcmp(conf->ctrl_interface, 789 wpa_s->conf->ctrl_interface) != 0); 790 791 if (reconf_ctrl && wpa_s->ctrl_iface) { 792 wpa_supplicant_ctrl_iface_deinit(wpa_s->ctrl_iface); 793 wpa_s->ctrl_iface = NULL; 794 } 795 796 eapol_sm_invalidate_cached_session(wpa_s->eapol); 797 if (wpa_s->current_ssid) { 798 wpa_supplicant_deauthenticate(wpa_s, 799 WLAN_REASON_DEAUTH_LEAVING); 800 } 801 802 /* 803 * TODO: should notify EAPOL SM about changes in opensc_engine_path, 804 * pkcs11_engine_path, pkcs11_module_path. 805 */ 806 if (wpa_key_mgmt_wpa_psk(wpa_s->key_mgmt)) { 807 /* 808 * Clear forced success to clear EAP state for next 809 * authentication. 810 */ 811 eapol_sm_notify_eap_success(wpa_s->eapol, FALSE); 812 } 813 eapol_sm_notify_config(wpa_s->eapol, NULL, NULL); 814 wpa_sm_set_config(wpa_s->wpa, NULL); 815 wpa_sm_pmksa_cache_flush(wpa_s->wpa, NULL); 816 wpa_sm_set_fast_reauth(wpa_s->wpa, wpa_s->conf->fast_reauth); 817 rsn_preauth_deinit(wpa_s->wpa); 818 819 old_ap_scan = wpa_s->conf->ap_scan; 820 wpa_config_free(wpa_s->conf); 821 wpa_s->conf = conf; 822 if (old_ap_scan != wpa_s->conf->ap_scan) 823 wpas_notify_ap_scan_changed(wpa_s); 824 825 if (reconf_ctrl) 826 wpa_s->ctrl_iface = wpa_supplicant_ctrl_iface_init(wpa_s); 827 828 wpa_supplicant_update_config(wpa_s); 829 830 wpa_supplicant_clear_status(wpa_s); 831 if (wpa_supplicant_enabled_networks(wpa_s)) { 832 wpa_s->reassociate = 1; 833 wpa_supplicant_req_scan(wpa_s, 0, 0); 834 } 835 wpa_dbg(wpa_s, MSG_DEBUG, "Reconfiguration completed"); 836 return 0; 837} 838 839 840static void wpa_supplicant_reconfig(int sig, void *signal_ctx) 841{ 842 struct wpa_global *global = signal_ctx; 843 struct wpa_supplicant *wpa_s; 844 for (wpa_s = global->ifaces; wpa_s; wpa_s = wpa_s->next) { 845 wpa_dbg(wpa_s, MSG_DEBUG, "Signal %d received - reconfiguring", 846 sig); 847 if (wpa_supplicant_reload_configuration(wpa_s) < 0) { 848 wpa_supplicant_terminate_proc(global); 849 } 850 } 851} 852 853 854enum wpa_key_mgmt key_mgmt2driver(int key_mgmt) 855{ 856 switch (key_mgmt) { 857 case WPA_KEY_MGMT_NONE: 858 return KEY_MGMT_NONE; 859 case WPA_KEY_MGMT_IEEE8021X_NO_WPA: 860 return KEY_MGMT_802_1X_NO_WPA; 861 case WPA_KEY_MGMT_IEEE8021X: 862 return KEY_MGMT_802_1X; 863 case WPA_KEY_MGMT_WPA_NONE: 864 return KEY_MGMT_WPA_NONE; 865 case WPA_KEY_MGMT_FT_IEEE8021X: 866 return KEY_MGMT_FT_802_1X; 867 case WPA_KEY_MGMT_FT_PSK: 868 return KEY_MGMT_FT_PSK; 869 case WPA_KEY_MGMT_IEEE8021X_SHA256: 870 return KEY_MGMT_802_1X_SHA256; 871 case WPA_KEY_MGMT_PSK_SHA256: 872 return KEY_MGMT_PSK_SHA256; 873 case WPA_KEY_MGMT_WPS: 874 return KEY_MGMT_WPS; 875 case WPA_KEY_MGMT_PSK: 876 default: 877 return KEY_MGMT_PSK; 878 } 879} 880 881 882static int wpa_supplicant_suites_from_ai(struct wpa_supplicant *wpa_s, 883 struct wpa_ssid *ssid, 884 struct wpa_ie_data *ie) 885{ 886 int ret = wpa_sm_parse_own_wpa_ie(wpa_s->wpa, ie); 887 if (ret) { 888 if (ret == -2) { 889 wpa_msg(wpa_s, MSG_INFO, "WPA: Failed to parse WPA IE " 890 "from association info"); 891 } 892 return -1; 893 } 894 895 wpa_dbg(wpa_s, MSG_DEBUG, "WPA: Using WPA IE from AssocReq to set " 896 "cipher suites"); 897 if (!(ie->group_cipher & ssid->group_cipher)) { 898 wpa_msg(wpa_s, MSG_INFO, "WPA: Driver used disabled group " 899 "cipher 0x%x (mask 0x%x) - reject", 900 ie->group_cipher, ssid->group_cipher); 901 return -1; 902 } 903 if (!(ie->pairwise_cipher & ssid->pairwise_cipher)) { 904 wpa_msg(wpa_s, MSG_INFO, "WPA: Driver used disabled pairwise " 905 "cipher 0x%x (mask 0x%x) - reject", 906 ie->pairwise_cipher, ssid->pairwise_cipher); 907 return -1; 908 } 909 if (!(ie->key_mgmt & ssid->key_mgmt)) { 910 wpa_msg(wpa_s, MSG_INFO, "WPA: Driver used disabled key " 911 "management 0x%x (mask 0x%x) - reject", 912 ie->key_mgmt, ssid->key_mgmt); 913 return -1; 914 } 915 916#ifdef CONFIG_IEEE80211W 917 if (!(ie->capabilities & WPA_CAPABILITY_MFPC) && 918 (ssid->ieee80211w == MGMT_FRAME_PROTECTION_DEFAULT ? 919 wpa_s->conf->pmf : ssid->ieee80211w) == 920 MGMT_FRAME_PROTECTION_REQUIRED) { 921 wpa_msg(wpa_s, MSG_INFO, "WPA: Driver associated with an AP " 922 "that does not support management frame protection - " 923 "reject"); 924 return -1; 925 } 926#endif /* CONFIG_IEEE80211W */ 927 928 return 0; 929} 930 931 932/** 933 * wpa_supplicant_set_suites - Set authentication and encryption parameters 934 * @wpa_s: Pointer to wpa_supplicant data 935 * @bss: Scan results for the selected BSS, or %NULL if not available 936 * @ssid: Configuration data for the selected network 937 * @wpa_ie: Buffer for the WPA/RSN IE 938 * @wpa_ie_len: Maximum wpa_ie buffer size on input. This is changed to be the 939 * used buffer length in case the functions returns success. 940 * Returns: 0 on success or -1 on failure 941 * 942 * This function is used to configure authentication and encryption parameters 943 * based on the network configuration and scan result for the selected BSS (if 944 * available). 945 */ 946int wpa_supplicant_set_suites(struct wpa_supplicant *wpa_s, 947 struct wpa_bss *bss, struct wpa_ssid *ssid, 948 u8 *wpa_ie, size_t *wpa_ie_len) 949{ 950 struct wpa_ie_data ie; 951 int sel, proto; 952 const u8 *bss_wpa, *bss_rsn; 953 954 if (bss) { 955 bss_wpa = wpa_bss_get_vendor_ie(bss, WPA_IE_VENDOR_TYPE); 956 bss_rsn = wpa_bss_get_ie(bss, WLAN_EID_RSN); 957 } else 958 bss_wpa = bss_rsn = NULL; 959 960 if (bss_rsn && (ssid->proto & WPA_PROTO_RSN) && 961 wpa_parse_wpa_ie(bss_rsn, 2 + bss_rsn[1], &ie) == 0 && 962 (ie.group_cipher & ssid->group_cipher) && 963 (ie.pairwise_cipher & ssid->pairwise_cipher) && 964 (ie.key_mgmt & ssid->key_mgmt)) { 965 wpa_dbg(wpa_s, MSG_DEBUG, "RSN: using IEEE 802.11i/D9.0"); 966 proto = WPA_PROTO_RSN; 967 } else if (bss_wpa && (ssid->proto & WPA_PROTO_WPA) && 968 wpa_parse_wpa_ie(bss_wpa, 2 +bss_wpa[1], &ie) == 0 && 969 (ie.group_cipher & ssid->group_cipher) && 970 (ie.pairwise_cipher & ssid->pairwise_cipher) && 971 (ie.key_mgmt & ssid->key_mgmt)) { 972 wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using IEEE 802.11i/D3.0"); 973 proto = WPA_PROTO_WPA; 974 } else if (bss) { 975 wpa_msg(wpa_s, MSG_WARNING, "WPA: Failed to select WPA/RSN"); 976 return -1; 977 } else { 978 if (ssid->proto & WPA_PROTO_RSN) 979 proto = WPA_PROTO_RSN; 980 else 981 proto = WPA_PROTO_WPA; 982 if (wpa_supplicant_suites_from_ai(wpa_s, ssid, &ie) < 0) { 983 os_memset(&ie, 0, sizeof(ie)); 984 ie.group_cipher = ssid->group_cipher; 985 ie.pairwise_cipher = ssid->pairwise_cipher; 986 ie.key_mgmt = ssid->key_mgmt; 987#ifdef CONFIG_IEEE80211W 988 ie.mgmt_group_cipher = 989 ssid->ieee80211w != NO_MGMT_FRAME_PROTECTION ? 990 WPA_CIPHER_AES_128_CMAC : 0; 991#endif /* CONFIG_IEEE80211W */ 992 wpa_dbg(wpa_s, MSG_DEBUG, "WPA: Set cipher suites " 993 "based on configuration"); 994 } else 995 proto = ie.proto; 996 } 997 998 wpa_dbg(wpa_s, MSG_DEBUG, "WPA: Selected cipher suites: group %d " 999 "pairwise %d key_mgmt %d proto %d", 1000 ie.group_cipher, ie.pairwise_cipher, ie.key_mgmt, proto); 1001#ifdef CONFIG_IEEE80211W 1002 if (ssid->ieee80211w) { 1003 wpa_dbg(wpa_s, MSG_DEBUG, "WPA: Selected mgmt group cipher %d", 1004 ie.mgmt_group_cipher); 1005 } 1006#endif /* CONFIG_IEEE80211W */ 1007 1008 wpa_s->wpa_proto = proto; 1009 wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_PROTO, proto); 1010 wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_RSN_ENABLED, 1011 !!(ssid->proto & WPA_PROTO_RSN)); 1012 1013 if (bss || !wpa_s->ap_ies_from_associnfo) { 1014 if (wpa_sm_set_ap_wpa_ie(wpa_s->wpa, bss_wpa, 1015 bss_wpa ? 2 + bss_wpa[1] : 0) || 1016 wpa_sm_set_ap_rsn_ie(wpa_s->wpa, bss_rsn, 1017 bss_rsn ? 2 + bss_rsn[1] : 0)) 1018 return -1; 1019 } 1020 1021 sel = ie.group_cipher & ssid->group_cipher; 1022 wpa_s->group_cipher = wpa_pick_group_cipher(sel); 1023 if (wpa_s->group_cipher < 0) { 1024 wpa_msg(wpa_s, MSG_WARNING, "WPA: Failed to select group " 1025 "cipher"); 1026 return -1; 1027 } 1028 wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using GTK %s", 1029 wpa_cipher_txt(wpa_s->group_cipher)); 1030 1031 sel = ie.pairwise_cipher & ssid->pairwise_cipher; 1032 wpa_s->pairwise_cipher = wpa_pick_pairwise_cipher(sel, 1); 1033 if (wpa_s->pairwise_cipher < 0) { 1034 wpa_msg(wpa_s, MSG_WARNING, "WPA: Failed to select pairwise " 1035 "cipher"); 1036 return -1; 1037 } 1038 wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using PTK %s", 1039 wpa_cipher_txt(wpa_s->pairwise_cipher)); 1040 1041 sel = ie.key_mgmt & ssid->key_mgmt; 1042#ifdef CONFIG_SAE 1043 if (!(wpa_s->drv_flags & WPA_DRIVER_FLAGS_SAE)) 1044 sel &= ~(WPA_KEY_MGMT_SAE | WPA_KEY_MGMT_FT_SAE); 1045#endif /* CONFIG_SAE */ 1046 if (0) { 1047#ifdef CONFIG_IEEE80211R 1048 } else if (sel & WPA_KEY_MGMT_FT_IEEE8021X) { 1049 wpa_s->key_mgmt = WPA_KEY_MGMT_FT_IEEE8021X; 1050 wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using KEY_MGMT FT/802.1X"); 1051 } else if (sel & WPA_KEY_MGMT_FT_PSK) { 1052 wpa_s->key_mgmt = WPA_KEY_MGMT_FT_PSK; 1053 wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using KEY_MGMT FT/PSK"); 1054#endif /* CONFIG_IEEE80211R */ 1055#ifdef CONFIG_SAE 1056 } else if (sel & WPA_KEY_MGMT_SAE) { 1057 wpa_s->key_mgmt = WPA_KEY_MGMT_SAE; 1058 wpa_dbg(wpa_s, MSG_DEBUG, "RSN: using KEY_MGMT SAE"); 1059 } else if (sel & WPA_KEY_MGMT_FT_SAE) { 1060 wpa_s->key_mgmt = WPA_KEY_MGMT_FT_SAE; 1061 wpa_dbg(wpa_s, MSG_DEBUG, "RSN: using KEY_MGMT FT/SAE"); 1062#endif /* CONFIG_SAE */ 1063#ifdef CONFIG_IEEE80211W 1064 } else if (sel & WPA_KEY_MGMT_IEEE8021X_SHA256) { 1065 wpa_s->key_mgmt = WPA_KEY_MGMT_IEEE8021X_SHA256; 1066 wpa_dbg(wpa_s, MSG_DEBUG, 1067 "WPA: using KEY_MGMT 802.1X with SHA256"); 1068 } else if (sel & WPA_KEY_MGMT_PSK_SHA256) { 1069 wpa_s->key_mgmt = WPA_KEY_MGMT_PSK_SHA256; 1070 wpa_dbg(wpa_s, MSG_DEBUG, 1071 "WPA: using KEY_MGMT PSK with SHA256"); 1072#endif /* CONFIG_IEEE80211W */ 1073 } else if (sel & WPA_KEY_MGMT_IEEE8021X) { 1074 wpa_s->key_mgmt = WPA_KEY_MGMT_IEEE8021X; 1075 wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using KEY_MGMT 802.1X"); 1076 } else if (sel & WPA_KEY_MGMT_PSK) { 1077 wpa_s->key_mgmt = WPA_KEY_MGMT_PSK; 1078 wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using KEY_MGMT WPA-PSK"); 1079 } else if (sel & WPA_KEY_MGMT_WPA_NONE) { 1080 wpa_s->key_mgmt = WPA_KEY_MGMT_WPA_NONE; 1081 wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using KEY_MGMT WPA-NONE"); 1082 } else { 1083 wpa_msg(wpa_s, MSG_WARNING, "WPA: Failed to select " 1084 "authenticated key management type"); 1085 return -1; 1086 } 1087 1088 wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_KEY_MGMT, wpa_s->key_mgmt); 1089 wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_PAIRWISE, 1090 wpa_s->pairwise_cipher); 1091 wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_GROUP, wpa_s->group_cipher); 1092 1093#ifdef CONFIG_IEEE80211W 1094 sel = ie.mgmt_group_cipher; 1095 if ((ssid->ieee80211w == MGMT_FRAME_PROTECTION_DEFAULT ? 1096 wpa_s->conf->pmf : ssid->ieee80211w) == NO_MGMT_FRAME_PROTECTION || 1097 !(ie.capabilities & WPA_CAPABILITY_MFPC)) 1098 sel = 0; 1099 if (sel & WPA_CIPHER_AES_128_CMAC) { 1100 wpa_s->mgmt_group_cipher = WPA_CIPHER_AES_128_CMAC; 1101 wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using MGMT group cipher " 1102 "AES-128-CMAC"); 1103 } else { 1104 wpa_s->mgmt_group_cipher = 0; 1105 wpa_dbg(wpa_s, MSG_DEBUG, "WPA: not using MGMT group cipher"); 1106 } 1107 wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_MGMT_GROUP, 1108 wpa_s->mgmt_group_cipher); 1109 wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_MFP, 1110 (ssid->ieee80211w == MGMT_FRAME_PROTECTION_DEFAULT ? 1111 wpa_s->conf->pmf : ssid->ieee80211w)); 1112#endif /* CONFIG_IEEE80211W */ 1113 1114 if (wpa_sm_set_assoc_wpa_ie_default(wpa_s->wpa, wpa_ie, wpa_ie_len)) { 1115 wpa_msg(wpa_s, MSG_WARNING, "WPA: Failed to generate WPA IE"); 1116 return -1; 1117 } 1118 1119 if (wpa_key_mgmt_wpa_psk(ssid->key_mgmt)) { 1120 wpa_sm_set_pmk(wpa_s->wpa, ssid->psk, PMK_LEN); 1121#ifndef CONFIG_NO_PBKDF2 1122 if (bss && ssid->bssid_set && ssid->ssid_len == 0 && 1123 ssid->passphrase) { 1124 u8 psk[PMK_LEN]; 1125 pbkdf2_sha1(ssid->passphrase, bss->ssid, bss->ssid_len, 1126 4096, psk, PMK_LEN); 1127 wpa_hexdump_key(MSG_MSGDUMP, "PSK (from passphrase)", 1128 psk, PMK_LEN); 1129 wpa_sm_set_pmk(wpa_s->wpa, psk, PMK_LEN); 1130 } 1131#endif /* CONFIG_NO_PBKDF2 */ 1132#ifdef CONFIG_EXT_PASSWORD 1133 if (ssid->ext_psk) { 1134 struct wpabuf *pw = ext_password_get(wpa_s->ext_pw, 1135 ssid->ext_psk); 1136 char pw_str[64 + 1]; 1137 u8 psk[PMK_LEN]; 1138 1139 if (pw == NULL) { 1140 wpa_msg(wpa_s, MSG_INFO, "EXT PW: No PSK " 1141 "found from external storage"); 1142 return -1; 1143 } 1144 1145 if (wpabuf_len(pw) < 8 || wpabuf_len(pw) > 64) { 1146 wpa_msg(wpa_s, MSG_INFO, "EXT PW: Unexpected " 1147 "PSK length %d in external storage", 1148 (int) wpabuf_len(pw)); 1149 ext_password_free(pw); 1150 return -1; 1151 } 1152 1153 os_memcpy(pw_str, wpabuf_head(pw), wpabuf_len(pw)); 1154 pw_str[wpabuf_len(pw)] = '\0'; 1155 1156#ifndef CONFIG_NO_PBKDF2 1157 if (wpabuf_len(pw) >= 8 && wpabuf_len(pw) < 64 && bss) 1158 { 1159 pbkdf2_sha1(pw_str, bss->ssid, bss->ssid_len, 1160 4096, psk, PMK_LEN); 1161 os_memset(pw_str, 0, sizeof(pw_str)); 1162 wpa_hexdump_key(MSG_MSGDUMP, "PSK (from " 1163 "external passphrase)", 1164 psk, PMK_LEN); 1165 wpa_sm_set_pmk(wpa_s->wpa, psk, PMK_LEN); 1166 } else 1167#endif /* CONFIG_NO_PBKDF2 */ 1168 if (wpabuf_len(pw) == 2 * PMK_LEN) { 1169 if (hexstr2bin(pw_str, psk, PMK_LEN) < 0) { 1170 wpa_msg(wpa_s, MSG_INFO, "EXT PW: " 1171 "Invalid PSK hex string"); 1172 os_memset(pw_str, 0, sizeof(pw_str)); 1173 ext_password_free(pw); 1174 return -1; 1175 } 1176 wpa_sm_set_pmk(wpa_s->wpa, psk, PMK_LEN); 1177 } else { 1178 wpa_msg(wpa_s, MSG_INFO, "EXT PW: No suitable " 1179 "PSK available"); 1180 os_memset(pw_str, 0, sizeof(pw_str)); 1181 ext_password_free(pw); 1182 return -1; 1183 } 1184 1185 os_memset(pw_str, 0, sizeof(pw_str)); 1186 ext_password_free(pw); 1187 } 1188#endif /* CONFIG_EXT_PASSWORD */ 1189 } else 1190 wpa_sm_set_pmk_from_pmksa(wpa_s->wpa); 1191 1192 return 0; 1193} 1194 1195 1196int wpas_build_ext_capab(struct wpa_supplicant *wpa_s, u8 *buf) 1197{ 1198 u32 ext_capab = 0; 1199 u8 *pos = buf; 1200 1201#ifdef CONFIG_INTERWORKING 1202 if (wpa_s->conf->interworking) 1203 ext_capab |= BIT(31); /* Interworking */ 1204#endif /* CONFIG_INTERWORKING */ 1205 1206#ifdef CONFIG_WNM 1207 ext_capab |= BIT(17); /* WNM-Sleep Mode */ 1208 ext_capab |= BIT(19); /* BSS Transition */ 1209#endif /* CONFIG_WNM */ 1210 1211 if (!ext_capab) 1212 return 0; 1213 1214 *pos++ = WLAN_EID_EXT_CAPAB; 1215 *pos++ = 4; 1216 WPA_PUT_LE32(pos, ext_capab); 1217 pos += 4; 1218 1219 return pos - buf; 1220} 1221 1222 1223/** 1224 * wpa_supplicant_associate - Request association 1225 * @wpa_s: Pointer to wpa_supplicant data 1226 * @bss: Scan results for the selected BSS, or %NULL if not available 1227 * @ssid: Configuration data for the selected network 1228 * 1229 * This function is used to request %wpa_supplicant to associate with a BSS. 1230 */ 1231void wpa_supplicant_associate(struct wpa_supplicant *wpa_s, 1232 struct wpa_bss *bss, struct wpa_ssid *ssid) 1233{ 1234 u8 wpa_ie[200]; 1235 size_t wpa_ie_len; 1236 int use_crypt, ret, i, bssid_changed; 1237 int algs = WPA_AUTH_ALG_OPEN; 1238 enum wpa_cipher cipher_pairwise, cipher_group; 1239 struct wpa_driver_associate_params params; 1240 int wep_keys_set = 0; 1241 struct wpa_driver_capa capa; 1242 int assoc_failed = 0; 1243 struct wpa_ssid *old_ssid; 1244 u8 ext_capab[10]; 1245 int ext_capab_len; 1246#ifdef CONFIG_HT_OVERRIDES 1247 struct ieee80211_ht_capabilities htcaps; 1248 struct ieee80211_ht_capabilities htcaps_mask; 1249#endif /* CONFIG_HT_OVERRIDES */ 1250 1251#ifdef CONFIG_IBSS_RSN 1252 ibss_rsn_deinit(wpa_s->ibss_rsn); 1253 wpa_s->ibss_rsn = NULL; 1254#endif /* CONFIG_IBSS_RSN */ 1255#ifdef ANDROID_P2P 1256 int freq = 0; 1257#endif 1258 1259 if (ssid->mode == WPAS_MODE_AP || ssid->mode == WPAS_MODE_P2P_GO || 1260 ssid->mode == WPAS_MODE_P2P_GROUP_FORMATION) { 1261#ifdef CONFIG_AP 1262 if (!(wpa_s->drv_flags & WPA_DRIVER_FLAGS_AP)) { 1263 wpa_msg(wpa_s, MSG_INFO, "Driver does not support AP " 1264 "mode"); 1265 return; 1266 } 1267 if (wpa_supplicant_create_ap(wpa_s, ssid) < 0) { 1268 wpa_supplicant_set_state(wpa_s, WPA_DISCONNECTED); 1269 return; 1270 } 1271 wpa_s->current_bss = bss; 1272#else /* CONFIG_AP */ 1273 wpa_msg(wpa_s, MSG_ERROR, "AP mode support not included in " 1274 "the build"); 1275#endif /* CONFIG_AP */ 1276 return; 1277 } 1278 1279#ifdef CONFIG_TDLS 1280 if (bss) 1281 wpa_tdls_ap_ies(wpa_s->wpa, (const u8 *) (bss + 1), 1282 bss->ie_len); 1283#endif /* CONFIG_TDLS */ 1284 1285 if ((wpa_s->drv_flags & WPA_DRIVER_FLAGS_SME) && 1286 ssid->mode == IEEE80211_MODE_INFRA) { 1287 sme_authenticate(wpa_s, bss, ssid); 1288 return; 1289 } 1290 1291 os_memset(¶ms, 0, sizeof(params)); 1292 wpa_s->reassociate = 0; 1293 if (bss && !wpas_driver_bss_selection(wpa_s)) { 1294#ifdef CONFIG_IEEE80211R 1295 const u8 *ie, *md = NULL; 1296#endif /* CONFIG_IEEE80211R */ 1297 wpa_msg(wpa_s, MSG_INFO, "Trying to associate with " MACSTR 1298 " (SSID='%s' freq=%d MHz)", MAC2STR(bss->bssid), 1299 wpa_ssid_txt(bss->ssid, bss->ssid_len), bss->freq); 1300 bssid_changed = !is_zero_ether_addr(wpa_s->bssid); 1301 os_memset(wpa_s->bssid, 0, ETH_ALEN); 1302 os_memcpy(wpa_s->pending_bssid, bss->bssid, ETH_ALEN); 1303 if (bssid_changed) 1304 wpas_notify_bssid_changed(wpa_s); 1305#ifdef CONFIG_IEEE80211R 1306 ie = wpa_bss_get_ie(bss, WLAN_EID_MOBILITY_DOMAIN); 1307 if (ie && ie[1] >= MOBILITY_DOMAIN_ID_LEN) 1308 md = ie + 2; 1309 wpa_sm_set_ft_params(wpa_s->wpa, ie, ie ? 2 + ie[1] : 0); 1310 if (md) { 1311 /* Prepare for the next transition */ 1312 wpa_ft_prepare_auth_request(wpa_s->wpa, ie); 1313 } 1314#endif /* CONFIG_IEEE80211R */ 1315#ifdef CONFIG_WPS 1316 } else if ((ssid->ssid == NULL || ssid->ssid_len == 0) && 1317 wpa_s->conf->ap_scan == 2 && 1318 (ssid->key_mgmt & WPA_KEY_MGMT_WPS)) { 1319 /* Use ap_scan==1 style network selection to find the network 1320 */ 1321 wpa_s->scan_req = MANUAL_SCAN_REQ; 1322 wpa_s->reassociate = 1; 1323 wpa_supplicant_req_scan(wpa_s, 0, 0); 1324 return; 1325#endif /* CONFIG_WPS */ 1326 } else { 1327 wpa_msg(wpa_s, MSG_INFO, "Trying to associate with SSID '%s'", 1328 wpa_ssid_txt(ssid->ssid, ssid->ssid_len)); 1329 os_memset(wpa_s->pending_bssid, 0, ETH_ALEN); 1330 } 1331 wpa_supplicant_cancel_sched_scan(wpa_s); 1332 wpa_supplicant_cancel_scan(wpa_s); 1333 1334 /* Starting new association, so clear the possibly used WPA IE from the 1335 * previous association. */ 1336 wpa_sm_set_assoc_wpa_ie(wpa_s->wpa, NULL, 0); 1337 1338#ifdef IEEE8021X_EAPOL 1339 if (ssid->key_mgmt & WPA_KEY_MGMT_IEEE8021X_NO_WPA) { 1340 if (ssid->leap) { 1341 if (ssid->non_leap == 0) 1342 algs = WPA_AUTH_ALG_LEAP; 1343 else 1344 algs |= WPA_AUTH_ALG_LEAP; 1345 } 1346 } 1347#endif /* IEEE8021X_EAPOL */ 1348 wpa_dbg(wpa_s, MSG_DEBUG, "Automatic auth_alg selection: 0x%x", algs); 1349 if (ssid->auth_alg) { 1350 algs = ssid->auth_alg; 1351 wpa_dbg(wpa_s, MSG_DEBUG, "Overriding auth_alg selection: " 1352 "0x%x", algs); 1353 } 1354 1355 if (bss && (wpa_bss_get_vendor_ie(bss, WPA_IE_VENDOR_TYPE) || 1356 wpa_bss_get_ie(bss, WLAN_EID_RSN)) && 1357 wpa_key_mgmt_wpa(ssid->key_mgmt)) { 1358 int try_opportunistic; 1359 try_opportunistic = (ssid->proactive_key_caching < 0 ? 1360 wpa_s->conf->okc : 1361 ssid->proactive_key_caching) && 1362 (ssid->proto & WPA_PROTO_RSN); 1363 if (pmksa_cache_set_current(wpa_s->wpa, NULL, bss->bssid, 1364 wpa_s->current_ssid, 1365 try_opportunistic) == 0) 1366 eapol_sm_notify_pmkid_attempt(wpa_s->eapol, 1); 1367 wpa_ie_len = sizeof(wpa_ie); 1368 if (wpa_supplicant_set_suites(wpa_s, bss, ssid, 1369 wpa_ie, &wpa_ie_len)) { 1370 wpa_msg(wpa_s, MSG_WARNING, "WPA: Failed to set WPA " 1371 "key management and encryption suites"); 1372 return; 1373 } 1374 } else if ((ssid->key_mgmt & WPA_KEY_MGMT_IEEE8021X_NO_WPA) && bss && 1375 wpa_key_mgmt_wpa_ieee8021x(ssid->key_mgmt)) { 1376 /* 1377 * Both WPA and non-WPA IEEE 802.1X enabled in configuration - 1378 * use non-WPA since the scan results did not indicate that the 1379 * AP is using WPA or WPA2. 1380 */ 1381 wpa_supplicant_set_non_wpa_policy(wpa_s, ssid); 1382 wpa_ie_len = 0; 1383 wpa_s->wpa_proto = 0; 1384 } else if (wpa_key_mgmt_wpa_any(ssid->key_mgmt)) { 1385 wpa_ie_len = sizeof(wpa_ie); 1386 if (wpa_supplicant_set_suites(wpa_s, NULL, ssid, 1387 wpa_ie, &wpa_ie_len)) { 1388 wpa_msg(wpa_s, MSG_WARNING, "WPA: Failed to set WPA " 1389 "key management and encryption suites (no " 1390 "scan results)"); 1391 return; 1392 } 1393#ifdef CONFIG_WPS 1394 } else if (ssid->key_mgmt & WPA_KEY_MGMT_WPS) { 1395 struct wpabuf *wps_ie; 1396 wps_ie = wps_build_assoc_req_ie(wpas_wps_get_req_type(ssid)); 1397 if (wps_ie && wpabuf_len(wps_ie) <= sizeof(wpa_ie)) { 1398 wpa_ie_len = wpabuf_len(wps_ie); 1399 os_memcpy(wpa_ie, wpabuf_head(wps_ie), wpa_ie_len); 1400 } else 1401 wpa_ie_len = 0; 1402 wpabuf_free(wps_ie); 1403 wpa_supplicant_set_non_wpa_policy(wpa_s, ssid); 1404 if (!bss || (bss->caps & IEEE80211_CAP_PRIVACY)) 1405 params.wps = WPS_MODE_PRIVACY; 1406 else 1407 params.wps = WPS_MODE_OPEN; 1408 wpa_s->wpa_proto = 0; 1409#endif /* CONFIG_WPS */ 1410 } else { 1411 wpa_supplicant_set_non_wpa_policy(wpa_s, ssid); 1412 wpa_ie_len = 0; 1413 wpa_s->wpa_proto = 0; 1414 } 1415 1416#ifdef CONFIG_P2P 1417 if (wpa_s->global->p2p) { 1418 u8 *pos; 1419 size_t len; 1420 int res; 1421 pos = wpa_ie + wpa_ie_len; 1422 len = sizeof(wpa_ie) - wpa_ie_len; 1423 res = wpas_p2p_assoc_req_ie(wpa_s, bss, pos, len, 1424 ssid->p2p_group); 1425 if (res >= 0) 1426 wpa_ie_len += res; 1427 } 1428 1429 wpa_s->cross_connect_disallowed = 0; 1430 if (bss) { 1431 struct wpabuf *p2p; 1432 p2p = wpa_bss_get_vendor_ie_multi(bss, P2P_IE_VENDOR_TYPE); 1433 if (p2p) { 1434 wpa_s->cross_connect_disallowed = 1435 p2p_get_cross_connect_disallowed(p2p); 1436 wpabuf_free(p2p); 1437 wpa_dbg(wpa_s, MSG_DEBUG, "P2P: WLAN AP %s cross " 1438 "connection", 1439 wpa_s->cross_connect_disallowed ? 1440 "disallows" : "allows"); 1441 } 1442 } 1443#endif /* CONFIG_P2P */ 1444 1445#ifdef CONFIG_HS20 1446 if (wpa_s->conf->hs20) { 1447 struct wpabuf *hs20; 1448 hs20 = wpabuf_alloc(20); 1449 if (hs20) { 1450 wpas_hs20_add_indication(hs20); 1451 os_memcpy(wpa_ie + wpa_ie_len, wpabuf_head(hs20), 1452 wpabuf_len(hs20)); 1453 wpa_ie_len += wpabuf_len(hs20); 1454 wpabuf_free(hs20); 1455 } 1456 } 1457#endif /* CONFIG_HS20 */ 1458 1459 ext_capab_len = wpas_build_ext_capab(wpa_s, ext_capab); 1460 if (ext_capab_len > 0) { 1461 u8 *pos = wpa_ie; 1462 if (wpa_ie_len > 0 && pos[0] == WLAN_EID_RSN) 1463 pos += 2 + pos[1]; 1464 os_memmove(pos + ext_capab_len, pos, 1465 wpa_ie_len - (pos - wpa_ie)); 1466 wpa_ie_len += ext_capab_len; 1467 os_memcpy(pos, ext_capab, ext_capab_len); 1468 } 1469 1470 wpa_clear_keys(wpa_s, bss ? bss->bssid : NULL); 1471 use_crypt = 1; 1472 cipher_pairwise = wpa_cipher_to_suite_driver(wpa_s->pairwise_cipher); 1473 cipher_group = wpa_cipher_to_suite_driver(wpa_s->group_cipher); 1474 if (wpa_s->key_mgmt == WPA_KEY_MGMT_NONE || 1475 wpa_s->key_mgmt == WPA_KEY_MGMT_IEEE8021X_NO_WPA) { 1476 if (wpa_s->key_mgmt == WPA_KEY_MGMT_NONE) 1477 use_crypt = 0; 1478 if (wpa_set_wep_keys(wpa_s, ssid)) { 1479 use_crypt = 1; 1480 wep_keys_set = 1; 1481 } 1482 } 1483 if (wpa_s->key_mgmt == WPA_KEY_MGMT_WPS) 1484 use_crypt = 0; 1485 1486#ifdef IEEE8021X_EAPOL 1487 if (wpa_s->key_mgmt == WPA_KEY_MGMT_IEEE8021X_NO_WPA) { 1488 if ((ssid->eapol_flags & 1489 (EAPOL_FLAG_REQUIRE_KEY_UNICAST | 1490 EAPOL_FLAG_REQUIRE_KEY_BROADCAST)) == 0 && 1491 !wep_keys_set) { 1492 use_crypt = 0; 1493 } else { 1494 /* Assume that dynamic WEP-104 keys will be used and 1495 * set cipher suites in order for drivers to expect 1496 * encryption. */ 1497 cipher_pairwise = cipher_group = CIPHER_WEP104; 1498 } 1499 } 1500#endif /* IEEE8021X_EAPOL */ 1501 1502 if (wpa_s->key_mgmt == WPA_KEY_MGMT_WPA_NONE) { 1503 /* Set the key before (and later after) association */ 1504 wpa_supplicant_set_wpa_none_key(wpa_s, ssid); 1505 } 1506 1507 wpa_supplicant_set_state(wpa_s, WPA_ASSOCIATING); 1508 if (bss) { 1509 params.ssid = bss->ssid; 1510 params.ssid_len = bss->ssid_len; 1511 if (!wpas_driver_bss_selection(wpa_s) || ssid->bssid_set) { 1512 wpa_printf(MSG_DEBUG, "Limit connection to BSSID " 1513 MACSTR " freq=%u MHz based on scan results " 1514 "(bssid_set=%d)", 1515 MAC2STR(bss->bssid), bss->freq, 1516 ssid->bssid_set); 1517 params.bssid = bss->bssid; 1518 params.freq = bss->freq; 1519 } 1520 } else { 1521 params.ssid = ssid->ssid; 1522 params.ssid_len = ssid->ssid_len; 1523 } 1524 1525 if (ssid->mode == WPAS_MODE_IBSS && ssid->bssid_set && 1526 wpa_s->conf->ap_scan == 2) { 1527 params.bssid = ssid->bssid; 1528 params.fixed_bssid = 1; 1529 } 1530 1531 if (ssid->mode == WPAS_MODE_IBSS && ssid->frequency > 0 && 1532 params.freq == 0) 1533 params.freq = ssid->frequency; /* Initial channel for IBSS */ 1534 params.wpa_ie = wpa_ie; 1535 params.wpa_ie_len = wpa_ie_len; 1536 params.pairwise_suite = cipher_pairwise; 1537 params.group_suite = cipher_group; 1538 params.key_mgmt_suite = key_mgmt2driver(wpa_s->key_mgmt); 1539 params.wpa_proto = wpa_s->wpa_proto; 1540 params.auth_alg = algs; 1541 params.mode = ssid->mode; 1542 params.bg_scan_period = ssid->bg_scan_period; 1543 for (i = 0; i < NUM_WEP_KEYS; i++) { 1544 if (ssid->wep_key_len[i]) 1545 params.wep_key[i] = ssid->wep_key[i]; 1546 params.wep_key_len[i] = ssid->wep_key_len[i]; 1547 } 1548 params.wep_tx_keyidx = ssid->wep_tx_keyidx; 1549 1550 if ((wpa_s->drv_flags & WPA_DRIVER_FLAGS_4WAY_HANDSHAKE) && 1551 (params.key_mgmt_suite == KEY_MGMT_PSK || 1552 params.key_mgmt_suite == KEY_MGMT_FT_PSK)) { 1553 params.passphrase = ssid->passphrase; 1554 if (ssid->psk_set) 1555 params.psk = ssid->psk; 1556 } 1557 1558 params.drop_unencrypted = use_crypt; 1559 1560#ifdef CONFIG_IEEE80211W 1561 params.mgmt_frame_protection = 1562 ssid->ieee80211w == MGMT_FRAME_PROTECTION_DEFAULT ? 1563 wpa_s->conf->pmf : ssid->ieee80211w; 1564 if (params.mgmt_frame_protection != NO_MGMT_FRAME_PROTECTION && bss) { 1565 const u8 *rsn = wpa_bss_get_ie(bss, WLAN_EID_RSN); 1566 struct wpa_ie_data ie; 1567 if (rsn && wpa_parse_wpa_ie(rsn, 2 + rsn[1], &ie) == 0 && 1568 ie.capabilities & 1569 (WPA_CAPABILITY_MFPC | WPA_CAPABILITY_MFPR)) { 1570 wpa_dbg(wpa_s, MSG_DEBUG, "WPA: Selected AP supports " 1571 "MFP: require MFP"); 1572 params.mgmt_frame_protection = 1573 MGMT_FRAME_PROTECTION_REQUIRED; 1574 } 1575 } 1576#endif /* CONFIG_IEEE80211W */ 1577 1578 params.p2p = ssid->p2p_group; 1579 1580 if (wpa_s->parent->set_sta_uapsd) 1581 params.uapsd = wpa_s->parent->sta_uapsd; 1582 else 1583 params.uapsd = -1; 1584 1585#ifdef CONFIG_HT_OVERRIDES 1586 os_memset(&htcaps, 0, sizeof(htcaps)); 1587 os_memset(&htcaps_mask, 0, sizeof(htcaps_mask)); 1588 params.htcaps = (u8 *) &htcaps; 1589 params.htcaps_mask = (u8 *) &htcaps_mask; 1590 wpa_supplicant_apply_ht_overrides(wpa_s, ssid, ¶ms); 1591#endif /* CONFIG_HT_OVERRIDES */ 1592 1593#ifdef ANDROID_P2P 1594 /* If multichannel concurrency is not supported, check for any frequency 1595 * conflict and take appropriate action. 1596 */ 1597 if (!(wpa_s->drv_flags & WPA_DRIVER_FLAGS_MULTI_CHANNEL_CONCURRENT) && 1598 ((freq = wpa_drv_shared_freq(wpa_s)) > 0) && (freq != params.freq)) { 1599 wpa_printf(MSG_DEBUG, "Shared interface with conflicting frequency found (%d != %d)" 1600 , freq, params.freq); 1601 if (wpas_p2p_handle_frequency_conflicts(wpa_s, params.freq, ssid) < 0) 1602 return; 1603 } 1604#endif 1605 ret = wpa_drv_associate(wpa_s, ¶ms); 1606 if (ret < 0) { 1607 wpa_msg(wpa_s, MSG_INFO, "Association request to the driver " 1608 "failed"); 1609 if (wpa_s->drv_flags & WPA_DRIVER_FLAGS_SANE_ERROR_CODES) { 1610 /* 1611 * The driver is known to mean what is saying, so we 1612 * can stop right here; the association will not 1613 * succeed. 1614 */ 1615 wpas_connection_failed(wpa_s, wpa_s->pending_bssid); 1616 wpa_supplicant_set_state(wpa_s, WPA_DISCONNECTED); 1617 os_memset(wpa_s->pending_bssid, 0, ETH_ALEN); 1618 return; 1619 } 1620 /* try to continue anyway; new association will be tried again 1621 * after timeout */ 1622 assoc_failed = 1; 1623 } 1624 1625 if (wpa_s->key_mgmt == WPA_KEY_MGMT_WPA_NONE) { 1626 /* Set the key after the association just in case association 1627 * cleared the previously configured key. */ 1628 wpa_supplicant_set_wpa_none_key(wpa_s, ssid); 1629 /* No need to timeout authentication since there is no key 1630 * management. */ 1631 wpa_supplicant_cancel_auth_timeout(wpa_s); 1632 wpa_supplicant_set_state(wpa_s, WPA_COMPLETED); 1633#ifdef CONFIG_IBSS_RSN 1634 } else if (ssid->mode == WPAS_MODE_IBSS && 1635 wpa_s->key_mgmt != WPA_KEY_MGMT_NONE && 1636 wpa_s->key_mgmt != WPA_KEY_MGMT_WPA_NONE) { 1637 /* 1638 * RSN IBSS authentication is per-STA and we can disable the 1639 * per-BSSID authentication. 1640 */ 1641 wpa_supplicant_cancel_auth_timeout(wpa_s); 1642#endif /* CONFIG_IBSS_RSN */ 1643 } else { 1644 /* Timeout for IEEE 802.11 authentication and association */ 1645 int timeout = 60; 1646 1647 if (assoc_failed) { 1648 /* give IBSS a bit more time */ 1649 timeout = ssid->mode == WPAS_MODE_IBSS ? 10 : 5; 1650 } else if (wpa_s->conf->ap_scan == 1) { 1651 /* give IBSS a bit more time */ 1652 timeout = ssid->mode == WPAS_MODE_IBSS ? 20 : 10; 1653 } 1654 wpa_supplicant_req_auth_timeout(wpa_s, timeout, 0); 1655 } 1656 1657 if (wep_keys_set && wpa_drv_get_capa(wpa_s, &capa) == 0 && 1658 capa.flags & WPA_DRIVER_FLAGS_SET_KEYS_AFTER_ASSOC) { 1659 /* Set static WEP keys again */ 1660 wpa_set_wep_keys(wpa_s, ssid); 1661 } 1662 1663 if (wpa_s->current_ssid && wpa_s->current_ssid != ssid) { 1664 /* 1665 * Do not allow EAP session resumption between different 1666 * network configurations. 1667 */ 1668 eapol_sm_invalidate_cached_session(wpa_s->eapol); 1669 } 1670 old_ssid = wpa_s->current_ssid; 1671 wpa_s->current_ssid = ssid; 1672 wpa_s->current_bss = bss; 1673 wpa_supplicant_rsn_supp_set_config(wpa_s, wpa_s->current_ssid); 1674 wpa_supplicant_initiate_eapol(wpa_s); 1675 if (old_ssid != wpa_s->current_ssid) 1676 wpas_notify_network_changed(wpa_s); 1677} 1678 1679 1680static void wpa_supplicant_clear_connection(struct wpa_supplicant *wpa_s, 1681 const u8 *addr) 1682{ 1683 struct wpa_ssid *old_ssid; 1684 1685 wpa_clear_keys(wpa_s, addr); 1686 old_ssid = wpa_s->current_ssid; 1687 wpa_supplicant_mark_disassoc(wpa_s); 1688 wpa_sm_set_config(wpa_s->wpa, NULL); 1689 eapol_sm_notify_config(wpa_s->eapol, NULL, NULL); 1690 if (old_ssid != wpa_s->current_ssid) 1691 wpas_notify_network_changed(wpa_s); 1692 eloop_cancel_timeout(wpa_supplicant_timeout, wpa_s, NULL); 1693} 1694 1695 1696/** 1697 * wpa_supplicant_deauthenticate - Deauthenticate the current connection 1698 * @wpa_s: Pointer to wpa_supplicant data 1699 * @reason_code: IEEE 802.11 reason code for the deauthenticate frame 1700 * 1701 * This function is used to request %wpa_supplicant to deauthenticate from the 1702 * current AP. 1703 */ 1704void wpa_supplicant_deauthenticate(struct wpa_supplicant *wpa_s, 1705 int reason_code) 1706{ 1707 u8 *addr = NULL; 1708 union wpa_event_data event; 1709 int zero_addr = 0; 1710 1711 wpa_dbg(wpa_s, MSG_DEBUG, "Request to deauthenticate - bssid=" MACSTR 1712 " pending_bssid=" MACSTR " reason=%d state=%s", 1713 MAC2STR(wpa_s->bssid), MAC2STR(wpa_s->pending_bssid), 1714 reason_code, wpa_supplicant_state_txt(wpa_s->wpa_state)); 1715 1716 if (!is_zero_ether_addr(wpa_s->bssid)) 1717 addr = wpa_s->bssid; 1718 else if (!is_zero_ether_addr(wpa_s->pending_bssid) && 1719 (wpa_s->wpa_state == WPA_AUTHENTICATING || 1720 wpa_s->wpa_state == WPA_ASSOCIATING)) 1721 addr = wpa_s->pending_bssid; 1722 else if (wpa_s->wpa_state == WPA_ASSOCIATING) { 1723 /* 1724 * When using driver-based BSS selection, we may not know the 1725 * BSSID with which we are currently trying to associate. We 1726 * need to notify the driver of this disconnection even in such 1727 * a case, so use the all zeros address here. 1728 */ 1729 addr = wpa_s->bssid; 1730 zero_addr = 1; 1731 } 1732 1733 if (addr) { 1734 wpa_drv_deauthenticate(wpa_s, addr, reason_code); 1735 os_memset(&event, 0, sizeof(event)); 1736 event.deauth_info.reason_code = (u16) reason_code; 1737 event.deauth_info.locally_generated = 1; 1738 wpa_supplicant_event(wpa_s, EVENT_DEAUTH, &event); 1739 if (zero_addr) 1740 addr = NULL; 1741 } 1742 1743 wpa_supplicant_clear_connection(wpa_s, addr); 1744} 1745 1746 1747/** 1748 * wpa_supplicant_enable_network - Mark a configured network as enabled 1749 * @wpa_s: wpa_supplicant structure for a network interface 1750 * @ssid: wpa_ssid structure for a configured network or %NULL 1751 * 1752 * Enables the specified network or all networks if no network specified. 1753 */ 1754void wpa_supplicant_enable_network(struct wpa_supplicant *wpa_s, 1755 struct wpa_ssid *ssid) 1756{ 1757 struct wpa_ssid *other_ssid; 1758 int was_disabled; 1759 1760 if (ssid == NULL) { 1761 for (other_ssid = wpa_s->conf->ssid; other_ssid; 1762 other_ssid = other_ssid->next) { 1763 if (other_ssid->disabled == 2) 1764 continue; /* do not change persistent P2P group 1765 * data */ 1766 if (other_ssid == wpa_s->current_ssid && 1767 other_ssid->disabled) 1768 wpa_s->reassociate = 1; 1769 1770 was_disabled = other_ssid->disabled; 1771 1772 other_ssid->disabled = 0; 1773 if (was_disabled) 1774 wpas_clear_temp_disabled(wpa_s, other_ssid, 0); 1775 1776 if (was_disabled != other_ssid->disabled) 1777 wpas_notify_network_enabled_changed( 1778 wpa_s, other_ssid); 1779 } 1780 if (wpa_s->reassociate) 1781 wpa_supplicant_req_scan(wpa_s, 0, 0); 1782 } else if (ssid->disabled && ssid->disabled != 2) { 1783 if (wpa_s->current_ssid == NULL) { 1784 /* 1785 * Try to reassociate since there is no current 1786 * configuration and a new network was made available. 1787 */ 1788 wpa_s->reassociate = 1; 1789 wpa_supplicant_req_scan(wpa_s, 0, 0); 1790 } 1791 1792 was_disabled = ssid->disabled; 1793 1794 ssid->disabled = 0; 1795 wpas_clear_temp_disabled(wpa_s, ssid, 1); 1796 1797 if (was_disabled != ssid->disabled) 1798 wpas_notify_network_enabled_changed(wpa_s, ssid); 1799 } 1800} 1801 1802 1803/** 1804 * wpa_supplicant_disable_network - Mark a configured network as disabled 1805 * @wpa_s: wpa_supplicant structure for a network interface 1806 * @ssid: wpa_ssid structure for a configured network or %NULL 1807 * 1808 * Disables the specified network or all networks if no network specified. 1809 */ 1810void wpa_supplicant_disable_network(struct wpa_supplicant *wpa_s, 1811 struct wpa_ssid *ssid) 1812{ 1813 struct wpa_ssid *other_ssid; 1814 int was_disabled; 1815 1816 if (ssid == NULL) { 1817 for (other_ssid = wpa_s->conf->ssid; other_ssid; 1818 other_ssid = other_ssid->next) { 1819 was_disabled = other_ssid->disabled; 1820 if (was_disabled == 2) 1821 continue; /* do not change persistent P2P group 1822 * data */ 1823 1824 other_ssid->disabled = 1; 1825 1826 if (was_disabled != other_ssid->disabled) 1827 wpas_notify_network_enabled_changed( 1828 wpa_s, other_ssid); 1829 } 1830 if (wpa_s->current_ssid) 1831 wpa_supplicant_deauthenticate( 1832 wpa_s, WLAN_REASON_DEAUTH_LEAVING); 1833 } else if (ssid->disabled != 2) { 1834 if (ssid == wpa_s->current_ssid) 1835 wpa_supplicant_deauthenticate( 1836 wpa_s, WLAN_REASON_DEAUTH_LEAVING); 1837 1838 was_disabled = ssid->disabled; 1839 1840 ssid->disabled = 1; 1841 1842 if (was_disabled != ssid->disabled) 1843 wpas_notify_network_enabled_changed(wpa_s, ssid); 1844 } 1845} 1846 1847 1848/** 1849 * wpa_supplicant_select_network - Attempt association with a network 1850 * @wpa_s: wpa_supplicant structure for a network interface 1851 * @ssid: wpa_ssid structure for a configured network or %NULL for any network 1852 */ 1853void wpa_supplicant_select_network(struct wpa_supplicant *wpa_s, 1854 struct wpa_ssid *ssid) 1855{ 1856 1857 struct wpa_ssid *other_ssid; 1858 int disconnected = 0; 1859 1860 if (ssid && ssid != wpa_s->current_ssid && wpa_s->current_ssid) { 1861 wpa_supplicant_deauthenticate( 1862 wpa_s, WLAN_REASON_DEAUTH_LEAVING); 1863 disconnected = 1; 1864 } 1865 1866 if (ssid) 1867 wpas_clear_temp_disabled(wpa_s, ssid, 1); 1868 1869 /* 1870 * Mark all other networks disabled or mark all networks enabled if no 1871 * network specified. 1872 */ 1873 for (other_ssid = wpa_s->conf->ssid; other_ssid; 1874 other_ssid = other_ssid->next) { 1875 int was_disabled = other_ssid->disabled; 1876 if (was_disabled == 2) 1877 continue; /* do not change persistent P2P group data */ 1878 1879 other_ssid->disabled = ssid ? (ssid->id != other_ssid->id) : 0; 1880 if (was_disabled && !other_ssid->disabled) 1881 wpas_clear_temp_disabled(wpa_s, other_ssid, 0); 1882 1883 if (was_disabled != other_ssid->disabled) 1884 wpas_notify_network_enabled_changed(wpa_s, other_ssid); 1885 } 1886 1887 if (ssid && ssid == wpa_s->current_ssid && wpa_s->current_ssid) { 1888 /* We are already associated with the selected network */ 1889 wpa_printf(MSG_DEBUG, "Already associated with the " 1890 "selected network - do nothing"); 1891 return; 1892 } 1893 1894 if (ssid) 1895 wpa_s->current_ssid = ssid; 1896 wpa_s->connect_without_scan = NULL; 1897 wpa_s->disconnected = 0; 1898 wpa_s->reassociate = 1; 1899 1900 if (wpa_supplicant_fast_associate(wpa_s) != 1) 1901 wpa_supplicant_req_scan(wpa_s, 0, disconnected ? 100000 : 0); 1902 1903 if (ssid) 1904 wpas_notify_network_selected(wpa_s, ssid); 1905} 1906 1907 1908/** 1909 * wpa_supplicant_set_ap_scan - Set AP scan mode for interface 1910 * @wpa_s: wpa_supplicant structure for a network interface 1911 * @ap_scan: AP scan mode 1912 * Returns: 0 if succeed or -1 if ap_scan has an invalid value 1913 * 1914 */ 1915int wpa_supplicant_set_ap_scan(struct wpa_supplicant *wpa_s, int ap_scan) 1916{ 1917 1918 int old_ap_scan; 1919 1920 if (ap_scan < 0 || ap_scan > 2) 1921 return -1; 1922 1923#ifdef ANDROID 1924 if (ap_scan == 2 && ap_scan != wpa_s->conf->ap_scan && 1925 wpa_s->wpa_state >= WPA_ASSOCIATING && 1926 wpa_s->wpa_state < WPA_COMPLETED) { 1927 wpa_printf(MSG_ERROR, "ap_scan = %d (%d) rejected while " 1928 "associating", wpa_s->conf->ap_scan, ap_scan); 1929 return 0; 1930 } 1931#endif /* ANDROID */ 1932 1933 old_ap_scan = wpa_s->conf->ap_scan; 1934 wpa_s->conf->ap_scan = ap_scan; 1935 1936 if (old_ap_scan != wpa_s->conf->ap_scan) 1937 wpas_notify_ap_scan_changed(wpa_s); 1938 1939 return 0; 1940} 1941 1942 1943/** 1944 * wpa_supplicant_set_bss_expiration_age - Set BSS entry expiration age 1945 * @wpa_s: wpa_supplicant structure for a network interface 1946 * @expire_age: Expiration age in seconds 1947 * Returns: 0 if succeed or -1 if expire_age has an invalid value 1948 * 1949 */ 1950int wpa_supplicant_set_bss_expiration_age(struct wpa_supplicant *wpa_s, 1951 unsigned int bss_expire_age) 1952{ 1953 if (bss_expire_age < 10) { 1954 wpa_msg(wpa_s, MSG_ERROR, "Invalid bss expiration age %u", 1955 bss_expire_age); 1956 return -1; 1957 } 1958 wpa_msg(wpa_s, MSG_DEBUG, "Setting bss expiration age: %d sec", 1959 bss_expire_age); 1960 wpa_s->conf->bss_expiration_age = bss_expire_age; 1961 1962 return 0; 1963} 1964 1965 1966/** 1967 * wpa_supplicant_set_bss_expiration_count - Set BSS entry expiration scan count 1968 * @wpa_s: wpa_supplicant structure for a network interface 1969 * @expire_count: number of scans after which an unseen BSS is reclaimed 1970 * Returns: 0 if succeed or -1 if expire_count has an invalid value 1971 * 1972 */ 1973int wpa_supplicant_set_bss_expiration_count(struct wpa_supplicant *wpa_s, 1974 unsigned int bss_expire_count) 1975{ 1976 if (bss_expire_count < 1) { 1977 wpa_msg(wpa_s, MSG_ERROR, "Invalid bss expiration count %u", 1978 bss_expire_count); 1979 return -1; 1980 } 1981 wpa_msg(wpa_s, MSG_DEBUG, "Setting bss expiration scan count: %u", 1982 bss_expire_count); 1983 wpa_s->conf->bss_expiration_scan_count = bss_expire_count; 1984 1985 return 0; 1986} 1987 1988 1989/** 1990 * wpa_supplicant_set_scan_interval - Set scan interval 1991 * @wpa_s: wpa_supplicant structure for a network interface 1992 * @scan_interval: scan interval in seconds 1993 * Returns: 0 if succeed or -1 if scan_interval has an invalid value 1994 * 1995 */ 1996int wpa_supplicant_set_scan_interval(struct wpa_supplicant *wpa_s, 1997 int scan_interval) 1998{ 1999 if (scan_interval < 0) { 2000 wpa_msg(wpa_s, MSG_ERROR, "Invalid scan interval %d", 2001 scan_interval); 2002 return -1; 2003 } 2004 wpa_msg(wpa_s, MSG_DEBUG, "Setting scan interval: %d sec", 2005 scan_interval); 2006 wpa_supplicant_update_scan_int(wpa_s, scan_interval); 2007 2008 return 0; 2009} 2010 2011 2012/** 2013 * wpa_supplicant_set_debug_params - Set global debug params 2014 * @global: wpa_global structure 2015 * @debug_level: debug level 2016 * @debug_timestamp: determines if show timestamp in debug data 2017 * @debug_show_keys: determines if show keys in debug data 2018 * Returns: 0 if succeed or -1 if debug_level has wrong value 2019 */ 2020int wpa_supplicant_set_debug_params(struct wpa_global *global, int debug_level, 2021 int debug_timestamp, int debug_show_keys) 2022{ 2023 2024 int old_level, old_timestamp, old_show_keys; 2025 2026 /* check for allowed debuglevels */ 2027 if (debug_level != MSG_EXCESSIVE && 2028 debug_level != MSG_MSGDUMP && 2029 debug_level != MSG_DEBUG && 2030 debug_level != MSG_INFO && 2031 debug_level != MSG_WARNING && 2032 debug_level != MSG_ERROR) 2033 return -1; 2034 2035 old_level = wpa_debug_level; 2036 old_timestamp = wpa_debug_timestamp; 2037 old_show_keys = wpa_debug_show_keys; 2038 2039 wpa_debug_level = debug_level; 2040 wpa_debug_timestamp = debug_timestamp ? 1 : 0; 2041 wpa_debug_show_keys = debug_show_keys ? 1 : 0; 2042 2043 if (wpa_debug_level != old_level) 2044 wpas_notify_debug_level_changed(global); 2045 if (wpa_debug_timestamp != old_timestamp) 2046 wpas_notify_debug_timestamp_changed(global); 2047 if (wpa_debug_show_keys != old_show_keys) 2048 wpas_notify_debug_show_keys_changed(global); 2049 2050 return 0; 2051} 2052 2053 2054/** 2055 * wpa_supplicant_get_ssid - Get a pointer to the current network structure 2056 * @wpa_s: Pointer to wpa_supplicant data 2057 * Returns: A pointer to the current network structure or %NULL on failure 2058 */ 2059struct wpa_ssid * wpa_supplicant_get_ssid(struct wpa_supplicant *wpa_s) 2060{ 2061 struct wpa_ssid *entry; 2062 u8 ssid[MAX_SSID_LEN]; 2063 int res; 2064 size_t ssid_len; 2065 u8 bssid[ETH_ALEN]; 2066 int wired; 2067 2068 res = wpa_drv_get_ssid(wpa_s, ssid); 2069 if (res < 0) { 2070 wpa_msg(wpa_s, MSG_WARNING, "Could not read SSID from " 2071 "driver"); 2072 return NULL; 2073 } 2074 ssid_len = res; 2075 2076 if (wpa_drv_get_bssid(wpa_s, bssid) < 0) { 2077 wpa_msg(wpa_s, MSG_WARNING, "Could not read BSSID from " 2078 "driver"); 2079 return NULL; 2080 } 2081 2082 wired = wpa_s->conf->ap_scan == 0 && 2083 (wpa_s->drv_flags & WPA_DRIVER_FLAGS_WIRED); 2084 2085 entry = wpa_s->conf->ssid; 2086 while (entry) { 2087 if (!wpas_network_disabled(wpa_s, entry) && 2088 ((ssid_len == entry->ssid_len && 2089 os_memcmp(ssid, entry->ssid, ssid_len) == 0) || wired) && 2090 (!entry->bssid_set || 2091 os_memcmp(bssid, entry->bssid, ETH_ALEN) == 0)) 2092 return entry; 2093#ifdef CONFIG_WPS 2094 if (!wpas_network_disabled(wpa_s, entry) && 2095 (entry->key_mgmt & WPA_KEY_MGMT_WPS) && 2096 (entry->ssid == NULL || entry->ssid_len == 0) && 2097 (!entry->bssid_set || 2098 os_memcmp(bssid, entry->bssid, ETH_ALEN) == 0)) 2099 return entry; 2100#endif /* CONFIG_WPS */ 2101 2102 if (!wpas_network_disabled(wpa_s, entry) && entry->bssid_set && 2103 entry->ssid_len == 0 && 2104 os_memcmp(bssid, entry->bssid, ETH_ALEN) == 0) 2105 return entry; 2106 2107 entry = entry->next; 2108 } 2109 2110 return NULL; 2111} 2112 2113 2114static int select_driver(struct wpa_supplicant *wpa_s, int i) 2115{ 2116 struct wpa_global *global = wpa_s->global; 2117 2118 if (wpa_drivers[i]->global_init && global->drv_priv[i] == NULL) { 2119 global->drv_priv[i] = wpa_drivers[i]->global_init(); 2120 if (global->drv_priv[i] == NULL) { 2121 wpa_printf(MSG_ERROR, "Failed to initialize driver " 2122 "'%s'", wpa_drivers[i]->name); 2123 return -1; 2124 } 2125 } 2126 2127 wpa_s->driver = wpa_drivers[i]; 2128 wpa_s->global_drv_priv = global->drv_priv[i]; 2129 2130 return 0; 2131} 2132 2133 2134static int wpa_supplicant_set_driver(struct wpa_supplicant *wpa_s, 2135 const char *name) 2136{ 2137 int i; 2138 size_t len; 2139 const char *pos, *driver = name; 2140 2141 if (wpa_s == NULL) 2142 return -1; 2143 2144 if (wpa_drivers[0] == NULL) { 2145 wpa_msg(wpa_s, MSG_ERROR, "No driver interfaces build into " 2146 "wpa_supplicant"); 2147 return -1; 2148 } 2149 2150 if (name == NULL) { 2151 /* default to first driver in the list */ 2152 return select_driver(wpa_s, 0); 2153 } 2154 2155 do { 2156 pos = os_strchr(driver, ','); 2157 if (pos) 2158 len = pos - driver; 2159 else 2160 len = os_strlen(driver); 2161 2162 for (i = 0; wpa_drivers[i]; i++) { 2163 if (os_strlen(wpa_drivers[i]->name) == len && 2164 os_strncmp(driver, wpa_drivers[i]->name, len) == 2165 0) { 2166 /* First driver that succeeds wins */ 2167 if (select_driver(wpa_s, i) == 0) 2168 return 0; 2169 } 2170 } 2171 2172 driver = pos + 1; 2173 } while (pos); 2174 2175 wpa_msg(wpa_s, MSG_ERROR, "Unsupported driver '%s'", name); 2176 return -1; 2177} 2178 2179 2180/** 2181 * wpa_supplicant_rx_eapol - Deliver a received EAPOL frame to wpa_supplicant 2182 * @ctx: Context pointer (wpa_s); this is the ctx variable registered 2183 * with struct wpa_driver_ops::init() 2184 * @src_addr: Source address of the EAPOL frame 2185 * @buf: EAPOL data starting from the EAPOL header (i.e., no Ethernet header) 2186 * @len: Length of the EAPOL data 2187 * 2188 * This function is called for each received EAPOL frame. Most driver 2189 * interfaces rely on more generic OS mechanism for receiving frames through 2190 * l2_packet, but if such a mechanism is not available, the driver wrapper may 2191 * take care of received EAPOL frames and deliver them to the core supplicant 2192 * code by calling this function. 2193 */ 2194void wpa_supplicant_rx_eapol(void *ctx, const u8 *src_addr, 2195 const u8 *buf, size_t len) 2196{ 2197 struct wpa_supplicant *wpa_s = ctx; 2198 2199 wpa_dbg(wpa_s, MSG_DEBUG, "RX EAPOL from " MACSTR, MAC2STR(src_addr)); 2200 wpa_hexdump(MSG_MSGDUMP, "RX EAPOL", buf, len); 2201 2202 if (wpa_s->wpa_state < WPA_ASSOCIATED || 2203 (wpa_s->last_eapol_matches_bssid && 2204#ifdef CONFIG_AP 2205 !wpa_s->ap_iface && 2206#endif /* CONFIG_AP */ 2207 os_memcmp(src_addr, wpa_s->bssid, ETH_ALEN) != 0)) { 2208 /* 2209 * There is possible race condition between receiving the 2210 * association event and the EAPOL frame since they are coming 2211 * through different paths from the driver. In order to avoid 2212 * issues in trying to process the EAPOL frame before receiving 2213 * association information, lets queue it for processing until 2214 * the association event is received. This may also be needed in 2215 * driver-based roaming case, so also use src_addr != BSSID as a 2216 * trigger if we have previously confirmed that the 2217 * Authenticator uses BSSID as the src_addr (which is not the 2218 * case with wired IEEE 802.1X). 2219 */ 2220 wpa_dbg(wpa_s, MSG_DEBUG, "Not associated - Delay processing " 2221 "of received EAPOL frame (state=%s bssid=" MACSTR ")", 2222 wpa_supplicant_state_txt(wpa_s->wpa_state), 2223 MAC2STR(wpa_s->bssid)); 2224 wpabuf_free(wpa_s->pending_eapol_rx); 2225 wpa_s->pending_eapol_rx = wpabuf_alloc_copy(buf, len); 2226 if (wpa_s->pending_eapol_rx) { 2227 os_get_time(&wpa_s->pending_eapol_rx_time); 2228 os_memcpy(wpa_s->pending_eapol_rx_src, src_addr, 2229 ETH_ALEN); 2230 } 2231 return; 2232 } 2233 2234 wpa_s->last_eapol_matches_bssid = 2235 os_memcmp(src_addr, wpa_s->bssid, ETH_ALEN) == 0; 2236 2237#ifdef CONFIG_AP 2238 if (wpa_s->ap_iface) { 2239 wpa_supplicant_ap_rx_eapol(wpa_s, src_addr, buf, len); 2240 return; 2241 } 2242#endif /* CONFIG_AP */ 2243 2244 if (wpa_s->key_mgmt == WPA_KEY_MGMT_NONE) { 2245 wpa_dbg(wpa_s, MSG_DEBUG, "Ignored received EAPOL frame since " 2246 "no key management is configured"); 2247 return; 2248 } 2249 2250 if (wpa_s->eapol_received == 0 && 2251 (!(wpa_s->drv_flags & WPA_DRIVER_FLAGS_4WAY_HANDSHAKE) || 2252 !wpa_key_mgmt_wpa_psk(wpa_s->key_mgmt) || 2253 wpa_s->wpa_state != WPA_COMPLETED) && 2254 (wpa_s->current_ssid == NULL || 2255 wpa_s->current_ssid->mode != IEEE80211_MODE_IBSS)) { 2256 /* Timeout for completing IEEE 802.1X and WPA authentication */ 2257 wpa_supplicant_req_auth_timeout( 2258 wpa_s, 2259 (wpa_key_mgmt_wpa_ieee8021x(wpa_s->key_mgmt) || 2260 wpa_s->key_mgmt == WPA_KEY_MGMT_IEEE8021X_NO_WPA || 2261 wpa_s->key_mgmt == WPA_KEY_MGMT_WPS) ? 2262 70 : 10, 0); 2263 } 2264 wpa_s->eapol_received++; 2265 2266 if (wpa_s->countermeasures) { 2267 wpa_msg(wpa_s, MSG_INFO, "WPA: Countermeasures - dropped " 2268 "EAPOL packet"); 2269 return; 2270 } 2271 2272#ifdef CONFIG_IBSS_RSN 2273 if (wpa_s->current_ssid && 2274 wpa_s->current_ssid->mode == WPAS_MODE_IBSS) { 2275 ibss_rsn_rx_eapol(wpa_s->ibss_rsn, src_addr, buf, len); 2276 return; 2277 } 2278#endif /* CONFIG_IBSS_RSN */ 2279 2280 /* Source address of the incoming EAPOL frame could be compared to the 2281 * current BSSID. However, it is possible that a centralized 2282 * Authenticator could be using another MAC address than the BSSID of 2283 * an AP, so just allow any address to be used for now. The replies are 2284 * still sent to the current BSSID (if available), though. */ 2285 2286 os_memcpy(wpa_s->last_eapol_src, src_addr, ETH_ALEN); 2287 if (!wpa_key_mgmt_wpa_psk(wpa_s->key_mgmt) && 2288 eapol_sm_rx_eapol(wpa_s->eapol, src_addr, buf, len) > 0) 2289 return; 2290 wpa_drv_poll(wpa_s); 2291 if (!(wpa_s->drv_flags & WPA_DRIVER_FLAGS_4WAY_HANDSHAKE)) 2292 wpa_sm_rx_eapol(wpa_s->wpa, src_addr, buf, len); 2293 else if (wpa_key_mgmt_wpa_ieee8021x(wpa_s->key_mgmt)) { 2294 /* 2295 * Set portValid = TRUE here since we are going to skip 4-way 2296 * handshake processing which would normally set portValid. We 2297 * need this to allow the EAPOL state machines to be completed 2298 * without going through EAPOL-Key handshake. 2299 */ 2300 eapol_sm_notify_portValid(wpa_s->eapol, TRUE); 2301 } 2302} 2303 2304 2305int wpa_supplicant_update_mac_addr(struct wpa_supplicant *wpa_s) 2306{ 2307 if (wpa_s->driver->send_eapol) { 2308 const u8 *addr = wpa_drv_get_mac_addr(wpa_s); 2309 if (addr) 2310 os_memcpy(wpa_s->own_addr, addr, ETH_ALEN); 2311 } else if (!(wpa_s->drv_flags & 2312 WPA_DRIVER_FLAGS_P2P_DEDICATED_INTERFACE)) { 2313 l2_packet_deinit(wpa_s->l2); 2314 wpa_s->l2 = l2_packet_init(wpa_s->ifname, 2315 wpa_drv_get_mac_addr(wpa_s), 2316 ETH_P_EAPOL, 2317 wpa_supplicant_rx_eapol, wpa_s, 0); 2318 if (wpa_s->l2 == NULL) 2319 return -1; 2320 } else { 2321 const u8 *addr = wpa_drv_get_mac_addr(wpa_s); 2322 if (addr) 2323 os_memcpy(wpa_s->own_addr, addr, ETH_ALEN); 2324 } 2325 2326 if (wpa_s->l2 && l2_packet_get_own_addr(wpa_s->l2, wpa_s->own_addr)) { 2327 wpa_msg(wpa_s, MSG_ERROR, "Failed to get own L2 address"); 2328 return -1; 2329 } 2330 2331 wpa_dbg(wpa_s, MSG_DEBUG, "Own MAC address: " MACSTR, 2332 MAC2STR(wpa_s->own_addr)); 2333 wpa_sm_set_own_addr(wpa_s->wpa, wpa_s->own_addr); 2334 2335 return 0; 2336} 2337 2338 2339static void wpa_supplicant_rx_eapol_bridge(void *ctx, const u8 *src_addr, 2340 const u8 *buf, size_t len) 2341{ 2342 struct wpa_supplicant *wpa_s = ctx; 2343 const struct l2_ethhdr *eth; 2344 2345 if (len < sizeof(*eth)) 2346 return; 2347 eth = (const struct l2_ethhdr *) buf; 2348 2349 if (os_memcmp(eth->h_dest, wpa_s->own_addr, ETH_ALEN) != 0 && 2350 !(eth->h_dest[0] & 0x01)) { 2351 wpa_dbg(wpa_s, MSG_DEBUG, "RX EAPOL from " MACSTR " to " MACSTR 2352 " (bridge - not for this interface - ignore)", 2353 MAC2STR(src_addr), MAC2STR(eth->h_dest)); 2354 return; 2355 } 2356 2357 wpa_dbg(wpa_s, MSG_DEBUG, "RX EAPOL from " MACSTR " to " MACSTR 2358 " (bridge)", MAC2STR(src_addr), MAC2STR(eth->h_dest)); 2359 wpa_supplicant_rx_eapol(wpa_s, src_addr, buf + sizeof(*eth), 2360 len - sizeof(*eth)); 2361} 2362 2363 2364/** 2365 * wpa_supplicant_driver_init - Initialize driver interface parameters 2366 * @wpa_s: Pointer to wpa_supplicant data 2367 * Returns: 0 on success, -1 on failure 2368 * 2369 * This function is called to initialize driver interface parameters. 2370 * wpa_drv_init() must have been called before this function to initialize the 2371 * driver interface. 2372 */ 2373int wpa_supplicant_driver_init(struct wpa_supplicant *wpa_s) 2374{ 2375 static int interface_count = 0; 2376 2377 if (wpa_supplicant_update_mac_addr(wpa_s) < 0) 2378 return -1; 2379 2380 if (wpa_s->bridge_ifname[0]) { 2381 wpa_dbg(wpa_s, MSG_DEBUG, "Receiving packets from bridge " 2382 "interface '%s'", wpa_s->bridge_ifname); 2383 wpa_s->l2_br = l2_packet_init(wpa_s->bridge_ifname, 2384 wpa_s->own_addr, 2385 ETH_P_EAPOL, 2386 wpa_supplicant_rx_eapol_bridge, 2387 wpa_s, 1); 2388 if (wpa_s->l2_br == NULL) { 2389 wpa_msg(wpa_s, MSG_ERROR, "Failed to open l2_packet " 2390 "connection for the bridge interface '%s'", 2391 wpa_s->bridge_ifname); 2392 return -1; 2393 } 2394 } 2395 2396 wpa_clear_keys(wpa_s, NULL); 2397 2398 /* Make sure that TKIP countermeasures are not left enabled (could 2399 * happen if wpa_supplicant is killed during countermeasures. */ 2400 wpa_drv_set_countermeasures(wpa_s, 0); 2401 2402 wpa_dbg(wpa_s, MSG_DEBUG, "RSN: flushing PMKID list in the driver"); 2403 wpa_drv_flush_pmkid(wpa_s); 2404 2405 wpa_s->prev_scan_ssid = WILDCARD_SSID_SCAN; 2406 wpa_s->prev_scan_wildcard = 0; 2407 2408 if (wpa_supplicant_enabled_networks(wpa_s)) { 2409 if (wpa_supplicant_delayed_sched_scan(wpa_s, interface_count, 2410 100000)) 2411 wpa_supplicant_req_scan(wpa_s, interface_count, 2412 100000); 2413 interface_count++; 2414 } else 2415 wpa_supplicant_set_state(wpa_s, WPA_INACTIVE); 2416 2417 return 0; 2418} 2419 2420 2421static int wpa_supplicant_daemon(const char *pid_file) 2422{ 2423 wpa_printf(MSG_DEBUG, "Daemonize.."); 2424 return os_daemonize(pid_file); 2425} 2426 2427 2428static struct wpa_supplicant * wpa_supplicant_alloc(void) 2429{ 2430 struct wpa_supplicant *wpa_s; 2431 2432 wpa_s = os_zalloc(sizeof(*wpa_s)); 2433 if (wpa_s == NULL) 2434 return NULL; 2435 wpa_s->scan_req = INITIAL_SCAN_REQ; 2436 wpa_s->scan_interval = 5; 2437 wpa_s->new_connection = 1; 2438 wpa_s->parent = wpa_s; 2439 wpa_s->sched_scanning = 0; 2440 2441 return wpa_s; 2442} 2443 2444 2445#ifdef CONFIG_HT_OVERRIDES 2446 2447static int wpa_set_htcap_mcs(struct wpa_supplicant *wpa_s, 2448 struct ieee80211_ht_capabilities *htcaps, 2449 struct ieee80211_ht_capabilities *htcaps_mask, 2450 const char *ht_mcs) 2451{ 2452 /* parse ht_mcs into hex array */ 2453 int i; 2454 const char *tmp = ht_mcs; 2455 char *end = NULL; 2456 2457 /* If ht_mcs is null, do not set anything */ 2458 if (!ht_mcs) 2459 return 0; 2460 2461 /* This is what we are setting in the kernel */ 2462 os_memset(&htcaps->supported_mcs_set, 0, IEEE80211_HT_MCS_MASK_LEN); 2463 2464 wpa_msg(wpa_s, MSG_DEBUG, "set_htcap, ht_mcs -:%s:-", ht_mcs); 2465 2466 for (i = 0; i < IEEE80211_HT_MCS_MASK_LEN; i++) { 2467 errno = 0; 2468 long v = strtol(tmp, &end, 16); 2469 if (errno == 0) { 2470 wpa_msg(wpa_s, MSG_DEBUG, 2471 "htcap value[%i]: %ld end: %p tmp: %p", 2472 i, v, end, tmp); 2473 if (end == tmp) 2474 break; 2475 2476 htcaps->supported_mcs_set[i] = v; 2477 tmp = end; 2478 } else { 2479 wpa_msg(wpa_s, MSG_ERROR, 2480 "Failed to parse ht-mcs: %s, error: %s\n", 2481 ht_mcs, strerror(errno)); 2482 return -1; 2483 } 2484 } 2485 2486 /* 2487 * If we were able to parse any values, then set mask for the MCS set. 2488 */ 2489 if (i) { 2490 os_memset(&htcaps_mask->supported_mcs_set, 0xff, 2491 IEEE80211_HT_MCS_MASK_LEN - 1); 2492 /* skip the 3 reserved bits */ 2493 htcaps_mask->supported_mcs_set[IEEE80211_HT_MCS_MASK_LEN - 1] = 2494 0x1f; 2495 } 2496 2497 return 0; 2498} 2499 2500 2501static int wpa_disable_max_amsdu(struct wpa_supplicant *wpa_s, 2502 struct ieee80211_ht_capabilities *htcaps, 2503 struct ieee80211_ht_capabilities *htcaps_mask, 2504 int disabled) 2505{ 2506 u16 msk; 2507 2508 wpa_msg(wpa_s, MSG_DEBUG, "set_disable_max_amsdu: %d", disabled); 2509 2510 if (disabled == -1) 2511 return 0; 2512 2513 msk = host_to_le16(HT_CAP_INFO_MAX_AMSDU_SIZE); 2514 htcaps_mask->ht_capabilities_info |= msk; 2515 if (disabled) 2516 htcaps->ht_capabilities_info &= msk; 2517 else 2518 htcaps->ht_capabilities_info |= msk; 2519 2520 return 0; 2521} 2522 2523 2524static int wpa_set_ampdu_factor(struct wpa_supplicant *wpa_s, 2525 struct ieee80211_ht_capabilities *htcaps, 2526 struct ieee80211_ht_capabilities *htcaps_mask, 2527 int factor) 2528{ 2529 wpa_msg(wpa_s, MSG_DEBUG, "set_ampdu_factor: %d", factor); 2530 2531 if (factor == -1) 2532 return 0; 2533 2534 if (factor < 0 || factor > 3) { 2535 wpa_msg(wpa_s, MSG_ERROR, "ampdu_factor: %d out of range. " 2536 "Must be 0-3 or -1", factor); 2537 return -EINVAL; 2538 } 2539 2540 htcaps_mask->a_mpdu_params |= 0x3; /* 2 bits for factor */ 2541 htcaps->a_mpdu_params &= ~0x3; 2542 htcaps->a_mpdu_params |= factor & 0x3; 2543 2544 return 0; 2545} 2546 2547 2548static int wpa_set_ampdu_density(struct wpa_supplicant *wpa_s, 2549 struct ieee80211_ht_capabilities *htcaps, 2550 struct ieee80211_ht_capabilities *htcaps_mask, 2551 int density) 2552{ 2553 wpa_msg(wpa_s, MSG_DEBUG, "set_ampdu_density: %d", density); 2554 2555 if (density == -1) 2556 return 0; 2557 2558 if (density < 0 || density > 7) { 2559 wpa_msg(wpa_s, MSG_ERROR, 2560 "ampdu_density: %d out of range. Must be 0-7 or -1.", 2561 density); 2562 return -EINVAL; 2563 } 2564 2565 htcaps_mask->a_mpdu_params |= 0x1C; 2566 htcaps->a_mpdu_params &= ~(0x1C); 2567 htcaps->a_mpdu_params |= (density << 2) & 0x1C; 2568 2569 return 0; 2570} 2571 2572 2573static int wpa_set_disable_ht40(struct wpa_supplicant *wpa_s, 2574 struct ieee80211_ht_capabilities *htcaps, 2575 struct ieee80211_ht_capabilities *htcaps_mask, 2576 int disabled) 2577{ 2578 /* Masking these out disables HT40 */ 2579 u16 msk = host_to_le16(HT_CAP_INFO_SUPP_CHANNEL_WIDTH_SET | 2580 HT_CAP_INFO_SHORT_GI40MHZ); 2581 2582 wpa_msg(wpa_s, MSG_DEBUG, "set_disable_ht40: %d", disabled); 2583 2584 if (disabled) 2585 htcaps->ht_capabilities_info &= ~msk; 2586 else 2587 htcaps->ht_capabilities_info |= msk; 2588 2589 htcaps_mask->ht_capabilities_info |= msk; 2590 2591 return 0; 2592} 2593 2594 2595static int wpa_set_disable_sgi(struct wpa_supplicant *wpa_s, 2596 struct ieee80211_ht_capabilities *htcaps, 2597 struct ieee80211_ht_capabilities *htcaps_mask, 2598 int disabled) 2599{ 2600 /* Masking these out disables SGI */ 2601 u16 msk = host_to_le16(HT_CAP_INFO_SHORT_GI20MHZ | 2602 HT_CAP_INFO_SHORT_GI40MHZ); 2603 2604 wpa_msg(wpa_s, MSG_DEBUG, "set_disable_sgi: %d", disabled); 2605 2606 if (disabled) 2607 htcaps->ht_capabilities_info &= ~msk; 2608 else 2609 htcaps->ht_capabilities_info |= msk; 2610 2611 htcaps_mask->ht_capabilities_info |= msk; 2612 2613 return 0; 2614} 2615 2616 2617void wpa_supplicant_apply_ht_overrides( 2618 struct wpa_supplicant *wpa_s, struct wpa_ssid *ssid, 2619 struct wpa_driver_associate_params *params) 2620{ 2621 struct ieee80211_ht_capabilities *htcaps; 2622 struct ieee80211_ht_capabilities *htcaps_mask; 2623 2624 if (!ssid) 2625 return; 2626 2627 params->disable_ht = ssid->disable_ht; 2628 if (!params->htcaps || !params->htcaps_mask) 2629 return; 2630 2631 htcaps = (struct ieee80211_ht_capabilities *) params->htcaps; 2632 htcaps_mask = (struct ieee80211_ht_capabilities *) params->htcaps_mask; 2633 wpa_set_htcap_mcs(wpa_s, htcaps, htcaps_mask, ssid->ht_mcs); 2634 wpa_disable_max_amsdu(wpa_s, htcaps, htcaps_mask, 2635 ssid->disable_max_amsdu); 2636 wpa_set_ampdu_factor(wpa_s, htcaps, htcaps_mask, ssid->ampdu_factor); 2637 wpa_set_ampdu_density(wpa_s, htcaps, htcaps_mask, ssid->ampdu_density); 2638 wpa_set_disable_ht40(wpa_s, htcaps, htcaps_mask, ssid->disable_ht40); 2639 wpa_set_disable_sgi(wpa_s, htcaps, htcaps_mask, ssid->disable_sgi); 2640} 2641 2642#endif /* CONFIG_HT_OVERRIDES */ 2643 2644 2645static int pcsc_reader_init(struct wpa_supplicant *wpa_s) 2646{ 2647#ifdef PCSC_FUNCS 2648 size_t len; 2649 2650 if (!wpa_s->conf->pcsc_reader) 2651 return 0; 2652 2653 wpa_s->scard = scard_init(SCARD_TRY_BOTH, wpa_s->conf->pcsc_reader); 2654 if (!wpa_s->scard) 2655 return 1; 2656 2657 if (wpa_s->conf->pcsc_pin && 2658 scard_set_pin(wpa_s->scard, wpa_s->conf->pcsc_pin) < 0) { 2659 scard_deinit(wpa_s->scard); 2660 wpa_s->scard = NULL; 2661 wpa_msg(wpa_s, MSG_ERROR, "PC/SC PIN validation failed"); 2662 return -1; 2663 } 2664 2665 len = sizeof(wpa_s->imsi) - 1; 2666 if (scard_get_imsi(wpa_s->scard, wpa_s->imsi, &len)) { 2667 scard_deinit(wpa_s->scard); 2668 wpa_s->scard = NULL; 2669 wpa_msg(wpa_s, MSG_ERROR, "Could not read IMSI"); 2670 return -1; 2671 } 2672 wpa_s->imsi[len] = '\0'; 2673 2674 wpa_s->mnc_len = scard_get_mnc_len(wpa_s->scard); 2675 2676 wpa_printf(MSG_DEBUG, "SCARD: IMSI %s (MNC length %d)", 2677 wpa_s->imsi, wpa_s->mnc_len); 2678 2679 wpa_sm_set_scard_ctx(wpa_s->wpa, wpa_s->scard); 2680 eapol_sm_register_scard_ctx(wpa_s->eapol, wpa_s->scard); 2681#endif /* PCSC_FUNCS */ 2682 2683 return 0; 2684} 2685 2686 2687int wpas_init_ext_pw(struct wpa_supplicant *wpa_s) 2688{ 2689 char *val, *pos; 2690 2691 ext_password_deinit(wpa_s->ext_pw); 2692 wpa_s->ext_pw = NULL; 2693 eapol_sm_set_ext_pw_ctx(wpa_s->eapol, NULL); 2694 2695 if (!wpa_s->conf->ext_password_backend) 2696 return 0; 2697 2698 val = os_strdup(wpa_s->conf->ext_password_backend); 2699 if (val == NULL) 2700 return -1; 2701 pos = os_strchr(val, ':'); 2702 if (pos) 2703 *pos++ = '\0'; 2704 2705 wpa_printf(MSG_DEBUG, "EXT PW: Initialize backend '%s'", val); 2706 2707 wpa_s->ext_pw = ext_password_init(val, pos); 2708 os_free(val); 2709 if (wpa_s->ext_pw == NULL) { 2710 wpa_printf(MSG_DEBUG, "EXT PW: Failed to initialize backend"); 2711 return -1; 2712 } 2713 eapol_sm_set_ext_pw_ctx(wpa_s->eapol, wpa_s->ext_pw); 2714 2715 return 0; 2716} 2717 2718 2719static int wpa_supplicant_init_iface(struct wpa_supplicant *wpa_s, 2720 struct wpa_interface *iface) 2721{ 2722 const char *ifname, *driver; 2723 struct wpa_driver_capa capa; 2724 2725 wpa_printf(MSG_DEBUG, "Initializing interface '%s' conf '%s' driver " 2726 "'%s' ctrl_interface '%s' bridge '%s'", iface->ifname, 2727 iface->confname ? iface->confname : "N/A", 2728 iface->driver ? iface->driver : "default", 2729 iface->ctrl_interface ? iface->ctrl_interface : "N/A", 2730 iface->bridge_ifname ? iface->bridge_ifname : "N/A"); 2731 2732 if (iface->confname) { 2733#ifdef CONFIG_BACKEND_FILE 2734 wpa_s->confname = os_rel2abs_path(iface->confname); 2735 if (wpa_s->confname == NULL) { 2736 wpa_printf(MSG_ERROR, "Failed to get absolute path " 2737 "for configuration file '%s'.", 2738 iface->confname); 2739 return -1; 2740 } 2741 wpa_printf(MSG_DEBUG, "Configuration file '%s' -> '%s'", 2742 iface->confname, wpa_s->confname); 2743#else /* CONFIG_BACKEND_FILE */ 2744 wpa_s->confname = os_strdup(iface->confname); 2745#endif /* CONFIG_BACKEND_FILE */ 2746 wpa_s->conf = wpa_config_read(wpa_s->confname); 2747 if (wpa_s->conf == NULL) { 2748 wpa_printf(MSG_ERROR, "Failed to read or parse " 2749 "configuration '%s'.", wpa_s->confname); 2750 return -1; 2751 } 2752 2753 /* 2754 * Override ctrl_interface and driver_param if set on command 2755 * line. 2756 */ 2757 if (iface->ctrl_interface) { 2758 os_free(wpa_s->conf->ctrl_interface); 2759 wpa_s->conf->ctrl_interface = 2760 os_strdup(iface->ctrl_interface); 2761 } 2762 2763 if (iface->driver_param) { 2764 os_free(wpa_s->conf->driver_param); 2765 wpa_s->conf->driver_param = 2766 os_strdup(iface->driver_param); 2767 } 2768 } else 2769 wpa_s->conf = wpa_config_alloc_empty(iface->ctrl_interface, 2770 iface->driver_param); 2771 2772 if (wpa_s->conf == NULL) { 2773 wpa_printf(MSG_ERROR, "\nNo configuration found."); 2774 return -1; 2775 } 2776 2777 if (iface->ifname == NULL) { 2778 wpa_printf(MSG_ERROR, "\nInterface name is required."); 2779 return -1; 2780 } 2781 if (os_strlen(iface->ifname) >= sizeof(wpa_s->ifname)) { 2782 wpa_printf(MSG_ERROR, "\nToo long interface name '%s'.", 2783 iface->ifname); 2784 return -1; 2785 } 2786 os_strlcpy(wpa_s->ifname, iface->ifname, sizeof(wpa_s->ifname)); 2787 2788 if (iface->bridge_ifname) { 2789 if (os_strlen(iface->bridge_ifname) >= 2790 sizeof(wpa_s->bridge_ifname)) { 2791 wpa_printf(MSG_ERROR, "\nToo long bridge interface " 2792 "name '%s'.", iface->bridge_ifname); 2793 return -1; 2794 } 2795 os_strlcpy(wpa_s->bridge_ifname, iface->bridge_ifname, 2796 sizeof(wpa_s->bridge_ifname)); 2797 } 2798 2799 /* RSNA Supplicant Key Management - INITIALIZE */ 2800 eapol_sm_notify_portEnabled(wpa_s->eapol, FALSE); 2801 eapol_sm_notify_portValid(wpa_s->eapol, FALSE); 2802 2803 /* Initialize driver interface and register driver event handler before 2804 * L2 receive handler so that association events are processed before 2805 * EAPOL-Key packets if both become available for the same select() 2806 * call. */ 2807 driver = iface->driver; 2808next_driver: 2809 if (wpa_supplicant_set_driver(wpa_s, driver) < 0) 2810 return -1; 2811 2812 wpa_s->drv_priv = wpa_drv_init(wpa_s, wpa_s->ifname); 2813 if (wpa_s->drv_priv == NULL) { 2814 const char *pos; 2815 pos = driver ? os_strchr(driver, ',') : NULL; 2816 if (pos) { 2817 wpa_dbg(wpa_s, MSG_DEBUG, "Failed to initialize " 2818 "driver interface - try next driver wrapper"); 2819 driver = pos + 1; 2820 goto next_driver; 2821 } 2822 wpa_msg(wpa_s, MSG_ERROR, "Failed to initialize driver " 2823 "interface"); 2824 return -1; 2825 } 2826 if (wpa_drv_set_param(wpa_s, wpa_s->conf->driver_param) < 0) { 2827 wpa_msg(wpa_s, MSG_ERROR, "Driver interface rejected " 2828 "driver_param '%s'", wpa_s->conf->driver_param); 2829 return -1; 2830 } 2831 2832 ifname = wpa_drv_get_ifname(wpa_s); 2833 if (ifname && os_strcmp(ifname, wpa_s->ifname) != 0) { 2834 wpa_dbg(wpa_s, MSG_DEBUG, "Driver interface replaced " 2835 "interface name with '%s'", ifname); 2836 os_strlcpy(wpa_s->ifname, ifname, sizeof(wpa_s->ifname)); 2837 } 2838 2839 if (wpa_supplicant_init_wpa(wpa_s) < 0) 2840 return -1; 2841 2842 wpa_sm_set_ifname(wpa_s->wpa, wpa_s->ifname, 2843 wpa_s->bridge_ifname[0] ? wpa_s->bridge_ifname : 2844 NULL); 2845 wpa_sm_set_fast_reauth(wpa_s->wpa, wpa_s->conf->fast_reauth); 2846 2847 if (wpa_s->conf->dot11RSNAConfigPMKLifetime && 2848 wpa_sm_set_param(wpa_s->wpa, RSNA_PMK_LIFETIME, 2849 wpa_s->conf->dot11RSNAConfigPMKLifetime)) { 2850 wpa_msg(wpa_s, MSG_ERROR, "Invalid WPA parameter value for " 2851 "dot11RSNAConfigPMKLifetime"); 2852 return -1; 2853 } 2854 2855 if (wpa_s->conf->dot11RSNAConfigPMKReauthThreshold && 2856 wpa_sm_set_param(wpa_s->wpa, RSNA_PMK_REAUTH_THRESHOLD, 2857 wpa_s->conf->dot11RSNAConfigPMKReauthThreshold)) { 2858 wpa_msg(wpa_s, MSG_ERROR, "Invalid WPA parameter value for " 2859 "dot11RSNAConfigPMKReauthThreshold"); 2860 return -1; 2861 } 2862 2863 if (wpa_s->conf->dot11RSNAConfigSATimeout && 2864 wpa_sm_set_param(wpa_s->wpa, RSNA_SA_TIMEOUT, 2865 wpa_s->conf->dot11RSNAConfigSATimeout)) { 2866 wpa_msg(wpa_s, MSG_ERROR, "Invalid WPA parameter value for " 2867 "dot11RSNAConfigSATimeout"); 2868 return -1; 2869 } 2870 2871 wpa_s->hw.modes = wpa_drv_get_hw_feature_data(wpa_s, 2872 &wpa_s->hw.num_modes, 2873 &wpa_s->hw.flags); 2874 2875 if (wpa_drv_get_capa(wpa_s, &capa) == 0) { 2876 wpa_s->drv_capa_known = 1; 2877 wpa_s->drv_flags = capa.flags; 2878 wpa_s->drv_enc = capa.enc; 2879 wpa_s->probe_resp_offloads = capa.probe_resp_offloads; 2880 wpa_s->max_scan_ssids = capa.max_scan_ssids; 2881 wpa_s->max_sched_scan_ssids = capa.max_sched_scan_ssids; 2882 wpa_s->sched_scan_supported = capa.sched_scan_supported; 2883 wpa_s->max_match_sets = capa.max_match_sets; 2884 wpa_s->max_remain_on_chan = capa.max_remain_on_chan; 2885 wpa_s->max_stations = capa.max_stations; 2886 } 2887 if (wpa_s->max_remain_on_chan == 0) 2888 wpa_s->max_remain_on_chan = 1000; 2889 2890 if (wpa_supplicant_driver_init(wpa_s) < 0) 2891 return -1; 2892 2893#ifdef CONFIG_TDLS 2894 if (wpa_tdls_init(wpa_s->wpa)) 2895 return -1; 2896#endif /* CONFIG_TDLS */ 2897 2898 if (wpa_s->conf->country[0] && wpa_s->conf->country[1] && 2899 wpa_drv_set_country(wpa_s, wpa_s->conf->country)) { 2900 wpa_dbg(wpa_s, MSG_DEBUG, "Failed to set country"); 2901 return -1; 2902 } 2903 2904 if (wpas_wps_init(wpa_s)) 2905 return -1; 2906 2907 if (wpa_supplicant_init_eapol(wpa_s) < 0) 2908 return -1; 2909 wpa_sm_set_eapol(wpa_s->wpa, wpa_s->eapol); 2910 2911 wpa_s->ctrl_iface = wpa_supplicant_ctrl_iface_init(wpa_s); 2912 if (wpa_s->ctrl_iface == NULL) { 2913 wpa_printf(MSG_ERROR, 2914 "Failed to initialize control interface '%s'.\n" 2915 "You may have another wpa_supplicant process " 2916 "already running or the file was\n" 2917 "left by an unclean termination of wpa_supplicant " 2918 "in which case you will need\n" 2919 "to manually remove this file before starting " 2920 "wpa_supplicant again.\n", 2921 wpa_s->conf->ctrl_interface); 2922 return -1; 2923 } 2924 2925 wpa_s->gas = gas_query_init(wpa_s); 2926 if (wpa_s->gas == NULL) { 2927 wpa_printf(MSG_ERROR, "Failed to initialize GAS query"); 2928 return -1; 2929 } 2930 2931#ifdef CONFIG_P2P 2932 if (wpas_p2p_init(wpa_s->global, wpa_s) < 0) { 2933 wpa_msg(wpa_s, MSG_ERROR, "Failed to init P2P"); 2934 return -1; 2935 } 2936#endif /* CONFIG_P2P */ 2937 2938 if (wpa_bss_init(wpa_s) < 0) 2939 return -1; 2940 2941 if (pcsc_reader_init(wpa_s) < 0) 2942 return -1; 2943 2944 if (wpas_init_ext_pw(wpa_s) < 0) 2945 return -1; 2946 2947 return 0; 2948} 2949 2950 2951static void wpa_supplicant_deinit_iface(struct wpa_supplicant *wpa_s, 2952 int notify, int terminate) 2953{ 2954 if (wpa_s->drv_priv) { 2955 wpa_supplicant_deauthenticate(wpa_s, 2956 WLAN_REASON_DEAUTH_LEAVING); 2957 2958 wpa_drv_set_countermeasures(wpa_s, 0); 2959 wpa_clear_keys(wpa_s, NULL); 2960 } 2961 2962 wpa_supplicant_cleanup(wpa_s); 2963 2964#ifdef CONFIG_P2P 2965 if (wpa_s == wpa_s->global->p2p_init_wpa_s && wpa_s->global->p2p) { 2966 wpa_dbg(wpa_s, MSG_DEBUG, "P2P: Disable P2P since removing " 2967 "the management interface is being removed"); 2968 wpas_p2p_deinit_global(wpa_s->global); 2969 } 2970#endif /* CONFIG_P2P */ 2971 2972 if (wpa_s->drv_priv) 2973 wpa_drv_deinit(wpa_s); 2974 2975 if (notify) 2976 wpas_notify_iface_removed(wpa_s); 2977 2978 if (terminate) 2979 wpa_msg(wpa_s, MSG_INFO, WPA_EVENT_TERMINATING); 2980 2981 if (wpa_s->ctrl_iface) { 2982 wpa_supplicant_ctrl_iface_deinit(wpa_s->ctrl_iface); 2983 wpa_s->ctrl_iface = NULL; 2984 } 2985 2986 if (wpa_s->conf != NULL) { 2987 wpa_config_free(wpa_s->conf); 2988 wpa_s->conf = NULL; 2989 } 2990} 2991 2992 2993/** 2994 * wpa_supplicant_add_iface - Add a new network interface 2995 * @global: Pointer to global data from wpa_supplicant_init() 2996 * @iface: Interface configuration options 2997 * Returns: Pointer to the created interface or %NULL on failure 2998 * 2999 * This function is used to add new network interfaces for %wpa_supplicant. 3000 * This can be called before wpa_supplicant_run() to add interfaces before the 3001 * main event loop has been started. In addition, new interfaces can be added 3002 * dynamically while %wpa_supplicant is already running. This could happen, 3003 * e.g., when a hotplug network adapter is inserted. 3004 */ 3005struct wpa_supplicant * wpa_supplicant_add_iface(struct wpa_global *global, 3006 struct wpa_interface *iface) 3007{ 3008 struct wpa_supplicant *wpa_s; 3009 struct wpa_interface t_iface; 3010 struct wpa_ssid *ssid; 3011 3012 if (global == NULL || iface == NULL) 3013 return NULL; 3014 3015 wpa_s = wpa_supplicant_alloc(); 3016 if (wpa_s == NULL) 3017 return NULL; 3018 3019 wpa_s->global = global; 3020 3021 t_iface = *iface; 3022 if (global->params.override_driver) { 3023 wpa_printf(MSG_DEBUG, "Override interface parameter: driver " 3024 "('%s' -> '%s')", 3025 iface->driver, global->params.override_driver); 3026 t_iface.driver = global->params.override_driver; 3027 } 3028 if (global->params.override_ctrl_interface) { 3029 wpa_printf(MSG_DEBUG, "Override interface parameter: " 3030 "ctrl_interface ('%s' -> '%s')", 3031 iface->ctrl_interface, 3032 global->params.override_ctrl_interface); 3033 t_iface.ctrl_interface = 3034 global->params.override_ctrl_interface; 3035 } 3036 if (wpa_supplicant_init_iface(wpa_s, &t_iface)) { 3037 wpa_printf(MSG_DEBUG, "Failed to add interface %s", 3038 iface->ifname); 3039 wpa_supplicant_deinit_iface(wpa_s, 0, 0); 3040 os_free(wpa_s); 3041 return NULL; 3042 } 3043 3044 /* Notify the control interfaces about new iface */ 3045 if (wpas_notify_iface_added(wpa_s)) { 3046 wpa_supplicant_deinit_iface(wpa_s, 1, 0); 3047 os_free(wpa_s); 3048 return NULL; 3049 } 3050 3051 for (ssid = wpa_s->conf->ssid; ssid; ssid = ssid->next) 3052 wpas_notify_network_added(wpa_s, ssid); 3053 3054 wpa_s->next = global->ifaces; 3055 global->ifaces = wpa_s; 3056 3057 wpa_dbg(wpa_s, MSG_DEBUG, "Added interface %s", wpa_s->ifname); 3058 wpa_supplicant_set_state(wpa_s, WPA_DISCONNECTED); 3059 3060 return wpa_s; 3061} 3062 3063 3064/** 3065 * wpa_supplicant_remove_iface - Remove a network interface 3066 * @global: Pointer to global data from wpa_supplicant_init() 3067 * @wpa_s: Pointer to the network interface to be removed 3068 * Returns: 0 if interface was removed, -1 if interface was not found 3069 * 3070 * This function can be used to dynamically remove network interfaces from 3071 * %wpa_supplicant, e.g., when a hotplug network adapter is ejected. In 3072 * addition, this function is used to remove all remaining interfaces when 3073 * %wpa_supplicant is terminated. 3074 */ 3075int wpa_supplicant_remove_iface(struct wpa_global *global, 3076 struct wpa_supplicant *wpa_s, 3077 int terminate) 3078{ 3079 struct wpa_supplicant *prev; 3080 3081 /* Remove interface from the global list of interfaces */ 3082 prev = global->ifaces; 3083 if (prev == wpa_s) { 3084 global->ifaces = wpa_s->next; 3085 } else { 3086 while (prev && prev->next != wpa_s) 3087 prev = prev->next; 3088 if (prev == NULL) 3089 return -1; 3090 prev->next = wpa_s->next; 3091 } 3092 3093 wpa_dbg(wpa_s, MSG_DEBUG, "Removing interface %s", wpa_s->ifname); 3094 3095 if (global->p2p_group_formation == wpa_s) 3096 global->p2p_group_formation = NULL; 3097 wpa_supplicant_deinit_iface(wpa_s, 1, terminate); 3098 os_free(wpa_s); 3099 3100 return 0; 3101} 3102 3103 3104/** 3105 * wpa_supplicant_get_eap_mode - Get the current EAP mode 3106 * @wpa_s: Pointer to the network interface 3107 * Returns: Pointer to the eap mode or the string "UNKNOWN" if not found 3108 */ 3109const char * wpa_supplicant_get_eap_mode(struct wpa_supplicant *wpa_s) 3110{ 3111 const char *eapol_method; 3112 3113 if (wpa_key_mgmt_wpa_ieee8021x(wpa_s->key_mgmt) == 0 && 3114 wpa_s->key_mgmt != WPA_KEY_MGMT_IEEE8021X_NO_WPA) { 3115 return "NO-EAP"; 3116 } 3117 3118 eapol_method = eapol_sm_get_method_name(wpa_s->eapol); 3119 if (eapol_method == NULL) 3120 return "UNKNOWN-EAP"; 3121 3122 return eapol_method; 3123} 3124 3125 3126/** 3127 * wpa_supplicant_get_iface - Get a new network interface 3128 * @global: Pointer to global data from wpa_supplicant_init() 3129 * @ifname: Interface name 3130 * Returns: Pointer to the interface or %NULL if not found 3131 */ 3132struct wpa_supplicant * wpa_supplicant_get_iface(struct wpa_global *global, 3133 const char *ifname) 3134{ 3135 struct wpa_supplicant *wpa_s; 3136 3137 for (wpa_s = global->ifaces; wpa_s; wpa_s = wpa_s->next) { 3138 if (os_strcmp(wpa_s->ifname, ifname) == 0) 3139 return wpa_s; 3140 } 3141 return NULL; 3142} 3143 3144 3145#ifndef CONFIG_NO_WPA_MSG 3146static const char * wpa_supplicant_msg_ifname_cb(void *ctx) 3147{ 3148 struct wpa_supplicant *wpa_s = ctx; 3149 if (wpa_s == NULL) 3150 return NULL; 3151 return wpa_s->ifname; 3152} 3153#endif /* CONFIG_NO_WPA_MSG */ 3154 3155 3156/** 3157 * wpa_supplicant_init - Initialize %wpa_supplicant 3158 * @params: Parameters for %wpa_supplicant 3159 * Returns: Pointer to global %wpa_supplicant data, or %NULL on failure 3160 * 3161 * This function is used to initialize %wpa_supplicant. After successful 3162 * initialization, the returned data pointer can be used to add and remove 3163 * network interfaces, and eventually, to deinitialize %wpa_supplicant. 3164 */ 3165struct wpa_global * wpa_supplicant_init(struct wpa_params *params) 3166{ 3167 struct wpa_global *global; 3168 int ret, i; 3169 3170 if (params == NULL) 3171 return NULL; 3172 3173#ifdef CONFIG_DRIVER_NDIS 3174 { 3175 void driver_ndis_init_ops(void); 3176 driver_ndis_init_ops(); 3177 } 3178#endif /* CONFIG_DRIVER_NDIS */ 3179 3180#ifndef CONFIG_NO_WPA_MSG 3181 wpa_msg_register_ifname_cb(wpa_supplicant_msg_ifname_cb); 3182#endif /* CONFIG_NO_WPA_MSG */ 3183 3184 wpa_debug_open_file(params->wpa_debug_file_path); 3185 if (params->wpa_debug_syslog) 3186 wpa_debug_open_syslog(); 3187 if (params->wpa_debug_tracing) { 3188 ret = wpa_debug_open_linux_tracing(); 3189 if (ret) { 3190 wpa_printf(MSG_ERROR, 3191 "Failed to enable trace logging"); 3192 return NULL; 3193 } 3194 } 3195 3196 ret = eap_register_methods(); 3197 if (ret) { 3198 wpa_printf(MSG_ERROR, "Failed to register EAP methods"); 3199 if (ret == -2) 3200 wpa_printf(MSG_ERROR, "Two or more EAP methods used " 3201 "the same EAP type."); 3202 return NULL; 3203 } 3204 3205 global = os_zalloc(sizeof(*global)); 3206 if (global == NULL) 3207 return NULL; 3208 dl_list_init(&global->p2p_srv_bonjour); 3209 dl_list_init(&global->p2p_srv_upnp); 3210 global->params.daemonize = params->daemonize; 3211 global->params.wait_for_monitor = params->wait_for_monitor; 3212 global->params.dbus_ctrl_interface = params->dbus_ctrl_interface; 3213 if (params->pid_file) 3214 global->params.pid_file = os_strdup(params->pid_file); 3215 if (params->ctrl_interface) 3216 global->params.ctrl_interface = 3217 os_strdup(params->ctrl_interface); 3218 if (params->override_driver) 3219 global->params.override_driver = 3220 os_strdup(params->override_driver); 3221 if (params->override_ctrl_interface) 3222 global->params.override_ctrl_interface = 3223 os_strdup(params->override_ctrl_interface); 3224 wpa_debug_level = global->params.wpa_debug_level = 3225 params->wpa_debug_level; 3226 wpa_debug_show_keys = global->params.wpa_debug_show_keys = 3227 params->wpa_debug_show_keys; 3228 wpa_debug_timestamp = global->params.wpa_debug_timestamp = 3229 params->wpa_debug_timestamp; 3230 3231 wpa_printf(MSG_DEBUG, "wpa_supplicant v" VERSION_STR); 3232 3233 if (eloop_init()) { 3234 wpa_printf(MSG_ERROR, "Failed to initialize event loop"); 3235 wpa_supplicant_deinit(global); 3236 return NULL; 3237 } 3238 3239 random_init(params->entropy_file); 3240 3241 global->ctrl_iface = wpa_supplicant_global_ctrl_iface_init(global); 3242 if (global->ctrl_iface == NULL) { 3243 wpa_supplicant_deinit(global); 3244 return NULL; 3245 } 3246 3247 if (wpas_notify_supplicant_initialized(global)) { 3248 wpa_supplicant_deinit(global); 3249 return NULL; 3250 } 3251 3252 for (i = 0; wpa_drivers[i]; i++) 3253 global->drv_count++; 3254 if (global->drv_count == 0) { 3255 wpa_printf(MSG_ERROR, "No drivers enabled"); 3256 wpa_supplicant_deinit(global); 3257 return NULL; 3258 } 3259 global->drv_priv = os_zalloc(global->drv_count * sizeof(void *)); 3260 if (global->drv_priv == NULL) { 3261 wpa_supplicant_deinit(global); 3262 return NULL; 3263 } 3264 3265#ifdef CONFIG_WIFI_DISPLAY 3266 if (wifi_display_init(global) < 0) { 3267 wpa_printf(MSG_ERROR, "Failed to initialize Wi-Fi Display"); 3268 wpa_supplicant_deinit(global); 3269 return NULL; 3270 } 3271#endif /* CONFIG_WIFI_DISPLAY */ 3272 3273 return global; 3274} 3275 3276 3277/** 3278 * wpa_supplicant_run - Run the %wpa_supplicant main event loop 3279 * @global: Pointer to global data from wpa_supplicant_init() 3280 * Returns: 0 after successful event loop run, -1 on failure 3281 * 3282 * This function starts the main event loop and continues running as long as 3283 * there are any remaining events. In most cases, this function is running as 3284 * long as the %wpa_supplicant process in still in use. 3285 */ 3286int wpa_supplicant_run(struct wpa_global *global) 3287{ 3288 struct wpa_supplicant *wpa_s; 3289 3290 if (global->params.daemonize && 3291 wpa_supplicant_daemon(global->params.pid_file)) 3292 return -1; 3293 3294 if (global->params.wait_for_monitor) { 3295 for (wpa_s = global->ifaces; wpa_s; wpa_s = wpa_s->next) 3296 if (wpa_s->ctrl_iface) 3297 wpa_supplicant_ctrl_iface_wait( 3298 wpa_s->ctrl_iface); 3299 } 3300 3301 eloop_register_signal_terminate(wpa_supplicant_terminate, global); 3302 eloop_register_signal_reconfig(wpa_supplicant_reconfig, global); 3303 3304 eloop_run(); 3305 3306 return 0; 3307} 3308 3309 3310/** 3311 * wpa_supplicant_deinit - Deinitialize %wpa_supplicant 3312 * @global: Pointer to global data from wpa_supplicant_init() 3313 * 3314 * This function is called to deinitialize %wpa_supplicant and to free all 3315 * allocated resources. Remaining network interfaces will also be removed. 3316 */ 3317void wpa_supplicant_deinit(struct wpa_global *global) 3318{ 3319 int i; 3320 3321 if (global == NULL) 3322 return; 3323 3324#ifdef CONFIG_WIFI_DISPLAY 3325 wifi_display_deinit(global); 3326#endif /* CONFIG_WIFI_DISPLAY */ 3327#ifdef CONFIG_P2P 3328 wpas_p2p_deinit_global(global); 3329#endif /* CONFIG_P2P */ 3330 3331 while (global->ifaces) 3332 wpa_supplicant_remove_iface(global, global->ifaces, 1); 3333 3334 if (global->ctrl_iface) 3335 wpa_supplicant_global_ctrl_iface_deinit(global->ctrl_iface); 3336 3337 wpas_notify_supplicant_deinitialized(global); 3338 3339 eap_peer_unregister_methods(); 3340#ifdef CONFIG_AP 3341 eap_server_unregister_methods(); 3342#endif /* CONFIG_AP */ 3343 3344 for (i = 0; wpa_drivers[i] && global->drv_priv; i++) { 3345 if (!global->drv_priv[i]) 3346 continue; 3347 wpa_drivers[i]->global_deinit(global->drv_priv[i]); 3348 } 3349 os_free(global->drv_priv); 3350 3351 random_deinit(); 3352 3353 eloop_destroy(); 3354 3355 if (global->params.pid_file) { 3356 os_daemonize_terminate(global->params.pid_file); 3357 os_free(global->params.pid_file); 3358 } 3359 os_free(global->params.ctrl_interface); 3360 os_free(global->params.override_driver); 3361 os_free(global->params.override_ctrl_interface); 3362 3363 os_free(global->p2p_disallow_freq); 3364 3365 os_free(global); 3366 wpa_debug_close_syslog(); 3367 wpa_debug_close_file(); 3368 wpa_debug_close_linux_tracing(); 3369} 3370 3371 3372void wpa_supplicant_update_config(struct wpa_supplicant *wpa_s) 3373{ 3374 if ((wpa_s->conf->changed_parameters & CFG_CHANGED_COUNTRY) && 3375 wpa_s->conf->country[0] && wpa_s->conf->country[1]) { 3376 char country[3]; 3377 country[0] = wpa_s->conf->country[0]; 3378 country[1] = wpa_s->conf->country[1]; 3379 country[2] = '\0'; 3380 if (wpa_drv_set_country(wpa_s, country) < 0) { 3381 wpa_printf(MSG_ERROR, "Failed to set country code " 3382 "'%s'", country); 3383 } 3384 } 3385 3386 if (wpa_s->conf->changed_parameters & CFG_CHANGED_EXT_PW_BACKEND) 3387 wpas_init_ext_pw(wpa_s); 3388 3389#ifdef CONFIG_WPS 3390 wpas_wps_update_config(wpa_s); 3391#endif /* CONFIG_WPS */ 3392 3393#ifdef CONFIG_P2P 3394 wpas_p2p_update_config(wpa_s); 3395#endif /* CONFIG_P2P */ 3396 3397 wpa_s->conf->changed_parameters = 0; 3398} 3399 3400 3401static void add_freq(int *freqs, int *num_freqs, int freq) 3402{ 3403 int i; 3404 3405 for (i = 0; i < *num_freqs; i++) { 3406 if (freqs[i] == freq) 3407 return; 3408 } 3409 3410 freqs[*num_freqs] = freq; 3411 (*num_freqs)++; 3412} 3413 3414 3415static int * get_bss_freqs_in_ess(struct wpa_supplicant *wpa_s) 3416{ 3417 struct wpa_bss *bss, *cbss; 3418 const int max_freqs = 10; 3419 int *freqs; 3420 int num_freqs = 0; 3421 3422 freqs = os_zalloc(sizeof(int) * (max_freqs + 1)); 3423 if (freqs == NULL) 3424 return NULL; 3425 3426 cbss = wpa_s->current_bss; 3427 3428 dl_list_for_each(bss, &wpa_s->bss, struct wpa_bss, list) { 3429 if (bss == cbss) 3430 continue; 3431 if (bss->ssid_len == cbss->ssid_len && 3432 os_memcmp(bss->ssid, cbss->ssid, bss->ssid_len) == 0 && 3433 wpa_blacklist_get(wpa_s, bss->bssid) == NULL) { 3434 add_freq(freqs, &num_freqs, bss->freq); 3435 if (num_freqs == max_freqs) 3436 break; 3437 } 3438 } 3439 3440 if (num_freqs == 0) { 3441 os_free(freqs); 3442 freqs = NULL; 3443 } 3444 3445 return freqs; 3446} 3447 3448 3449void wpas_connection_failed(struct wpa_supplicant *wpa_s, const u8 *bssid) 3450{ 3451 int timeout; 3452 int count; 3453 int *freqs = NULL; 3454 3455 /* 3456 * Remove possible authentication timeout since the connection failed. 3457 */ 3458 eloop_cancel_timeout(wpa_supplicant_timeout, wpa_s, NULL); 3459 3460 /* 3461 * Add the failed BSSID into the blacklist and speed up next scan 3462 * attempt if there could be other APs that could accept association. 3463 * The current blacklist count indicates how many times we have tried 3464 * connecting to this AP and multiple attempts mean that other APs are 3465 * either not available or has already been tried, so that we can start 3466 * increasing the delay here to avoid constant scanning. 3467 */ 3468 count = wpa_blacklist_add(wpa_s, bssid); 3469 if (count == 1 && wpa_s->current_bss) { 3470 /* 3471 * This BSS was not in the blacklist before. If there is 3472 * another BSS available for the same ESS, we should try that 3473 * next. Otherwise, we may as well try this one once more 3474 * before allowing other, likely worse, ESSes to be considered. 3475 */ 3476 freqs = get_bss_freqs_in_ess(wpa_s); 3477 if (freqs) { 3478 wpa_dbg(wpa_s, MSG_DEBUG, "Another BSS in this ESS " 3479 "has been seen; try it next"); 3480 wpa_blacklist_add(wpa_s, bssid); 3481 /* 3482 * On the next scan, go through only the known channels 3483 * used in this ESS based on previous scans to speed up 3484 * common load balancing use case. 3485 */ 3486 os_free(wpa_s->next_scan_freqs); 3487 wpa_s->next_scan_freqs = freqs; 3488 } 3489 } 3490 3491 /* 3492 * Add previous failure count in case the temporary blacklist was 3493 * cleared due to no other BSSes being available. 3494 */ 3495 count += wpa_s->extra_blacklist_count; 3496 3497 switch (count) { 3498 case 1: 3499 timeout = 100; 3500 break; 3501 case 2: 3502 timeout = 500; 3503 break; 3504 case 3: 3505 timeout = 1000; 3506 break; 3507 case 4: 3508 timeout = 5000; 3509 break; 3510 default: 3511 timeout = 10000; 3512 break; 3513 } 3514 3515 wpa_dbg(wpa_s, MSG_DEBUG, "Blacklist count %d --> request scan in %d " 3516 "ms", count, timeout); 3517 3518 /* 3519 * TODO: if more than one possible AP is available in scan results, 3520 * could try the other ones before requesting a new scan. 3521 */ 3522 wpa_supplicant_req_scan(wpa_s, timeout / 1000, 3523 1000 * (timeout % 1000)); 3524 3525#ifdef CONFIG_P2P 3526 if (wpa_s->global->p2p_cb_on_scan_complete && !wpa_s->global->p2p_disabled && 3527 wpa_s->global->p2p != NULL) { 3528 wpa_s->global->p2p_cb_on_scan_complete = 0; 3529 if (p2p_other_scan_completed(wpa_s->global->p2p) == 1) { 3530 wpa_dbg(wpa_s, MSG_DEBUG, "P2P: Pending P2P operation " 3531 "continued after failed association"); 3532 } 3533 } 3534#endif /* CONFIG_P2P */ 3535} 3536 3537 3538int wpas_driver_bss_selection(struct wpa_supplicant *wpa_s) 3539{ 3540 return wpa_s->conf->ap_scan == 2 || 3541 (wpa_s->drv_flags & WPA_DRIVER_FLAGS_BSS_SELECTION); 3542} 3543 3544 3545#if defined(CONFIG_CTRL_IFACE) || defined(CONFIG_CTRL_IFACE_DBUS_NEW) 3546int wpa_supplicant_ctrl_iface_ctrl_rsp_handle(struct wpa_supplicant *wpa_s, 3547 struct wpa_ssid *ssid, 3548 const char *field, 3549 const char *value) 3550{ 3551#ifdef IEEE8021X_EAPOL 3552 struct eap_peer_config *eap = &ssid->eap; 3553 3554 wpa_printf(MSG_DEBUG, "CTRL_IFACE: response handle field=%s", field); 3555 wpa_hexdump_ascii_key(MSG_DEBUG, "CTRL_IFACE: response value", 3556 (const u8 *) value, os_strlen(value)); 3557 3558 switch (wpa_supplicant_ctrl_req_from_string(field)) { 3559 case WPA_CTRL_REQ_EAP_IDENTITY: 3560 os_free(eap->identity); 3561 eap->identity = (u8 *) os_strdup(value); 3562 eap->identity_len = os_strlen(value); 3563 eap->pending_req_identity = 0; 3564 if (ssid == wpa_s->current_ssid) 3565 wpa_s->reassociate = 1; 3566 break; 3567 case WPA_CTRL_REQ_EAP_PASSWORD: 3568 os_free(eap->password); 3569 eap->password = (u8 *) os_strdup(value); 3570 eap->password_len = os_strlen(value); 3571 eap->pending_req_password = 0; 3572 if (ssid == wpa_s->current_ssid) 3573 wpa_s->reassociate = 1; 3574 break; 3575 case WPA_CTRL_REQ_EAP_NEW_PASSWORD: 3576 os_free(eap->new_password); 3577 eap->new_password = (u8 *) os_strdup(value); 3578 eap->new_password_len = os_strlen(value); 3579 eap->pending_req_new_password = 0; 3580 if (ssid == wpa_s->current_ssid) 3581 wpa_s->reassociate = 1; 3582 break; 3583 case WPA_CTRL_REQ_EAP_PIN: 3584 os_free(eap->pin); 3585 eap->pin = os_strdup(value); 3586 eap->pending_req_pin = 0; 3587 if (ssid == wpa_s->current_ssid) 3588 wpa_s->reassociate = 1; 3589 break; 3590 case WPA_CTRL_REQ_EAP_OTP: 3591 os_free(eap->otp); 3592 eap->otp = (u8 *) os_strdup(value); 3593 eap->otp_len = os_strlen(value); 3594 os_free(eap->pending_req_otp); 3595 eap->pending_req_otp = NULL; 3596 eap->pending_req_otp_len = 0; 3597 break; 3598 case WPA_CTRL_REQ_EAP_PASSPHRASE: 3599 os_free(eap->private_key_passwd); 3600 eap->private_key_passwd = (u8 *) os_strdup(value); 3601 eap->pending_req_passphrase = 0; 3602 if (ssid == wpa_s->current_ssid) 3603 wpa_s->reassociate = 1; 3604 break; 3605 default: 3606 wpa_printf(MSG_DEBUG, "CTRL_IFACE: Unknown field '%s'", field); 3607 return -1; 3608 } 3609 3610 return 0; 3611#else /* IEEE8021X_EAPOL */ 3612 wpa_printf(MSG_DEBUG, "CTRL_IFACE: IEEE 802.1X not included"); 3613 return -1; 3614#endif /* IEEE8021X_EAPOL */ 3615} 3616#endif /* CONFIG_CTRL_IFACE || CONFIG_CTRL_IFACE_DBUS_NEW */ 3617 3618 3619int wpas_network_disabled(struct wpa_supplicant *wpa_s, struct wpa_ssid *ssid) 3620{ 3621 int i; 3622 unsigned int drv_enc; 3623 3624 if (ssid == NULL) 3625 return 1; 3626 3627 if (ssid->disabled) 3628 return 1; 3629 3630 if (wpa_s && wpa_s->drv_capa_known) 3631 drv_enc = wpa_s->drv_enc; 3632 else 3633 drv_enc = (unsigned int) -1; 3634 3635 for (i = 0; i < NUM_WEP_KEYS; i++) { 3636 size_t len = ssid->wep_key_len[i]; 3637 if (len == 0) 3638 continue; 3639 if (len == 5 && (drv_enc & WPA_DRIVER_CAPA_ENC_WEP40)) 3640 continue; 3641 if (len == 13 && (drv_enc & WPA_DRIVER_CAPA_ENC_WEP104)) 3642 continue; 3643 if (len == 16 && (drv_enc & WPA_DRIVER_CAPA_ENC_WEP128)) 3644 continue; 3645 return 1; /* invalid WEP key */ 3646 } 3647 3648 if (wpa_key_mgmt_wpa_psk(ssid->key_mgmt) && !ssid->psk_set && 3649 !ssid->ext_psk) 3650 return 1; 3651 3652 return 0; 3653} 3654 3655 3656int wpas_is_p2p_prioritized(struct wpa_supplicant *wpa_s) 3657{ 3658 if (wpa_s->global->conc_pref == WPA_CONC_PREF_P2P) 3659 return 1; 3660 if (wpa_s->global->conc_pref == WPA_CONC_PREF_STA) 3661 return 0; 3662 return -1; 3663} 3664 3665 3666void wpas_auth_failed(struct wpa_supplicant *wpa_s) 3667{ 3668 struct wpa_ssid *ssid = wpa_s->current_ssid; 3669 int dur; 3670 struct os_time now; 3671 3672 if (ssid == NULL) { 3673 wpa_printf(MSG_DEBUG, "Authentication failure but no known " 3674 "SSID block"); 3675 return; 3676 } 3677 3678 if (ssid->key_mgmt == WPA_KEY_MGMT_WPS) 3679 return; 3680 3681 ssid->auth_failures++; 3682 if (ssid->auth_failures > 50) 3683 dur = 300; 3684 else if (ssid->auth_failures > 20) 3685 dur = 120; 3686 else if (ssid->auth_failures > 10) 3687 dur = 60; 3688 else if (ssid->auth_failures > 5) 3689 dur = 30; 3690 else if (ssid->auth_failures > 1) 3691 dur = 20; 3692 else 3693 dur = 10; 3694 3695 os_get_time(&now); 3696 if (now.sec + dur <= ssid->disabled_until.sec) 3697 return; 3698 3699 ssid->disabled_until.sec = now.sec + dur; 3700 3701 wpa_msg(wpa_s, MSG_INFO, WPA_EVENT_TEMP_DISABLED 3702 "id=%d ssid=\"%s\" auth_failures=%u duration=%d", 3703 ssid->id, wpa_ssid_txt(ssid->ssid, ssid->ssid_len), 3704 ssid->auth_failures, dur); 3705} 3706 3707 3708void wpas_clear_temp_disabled(struct wpa_supplicant *wpa_s, 3709 struct wpa_ssid *ssid, int clear_failures) 3710{ 3711 if (ssid == NULL) 3712 return; 3713 3714 if (ssid->disabled_until.sec) { 3715 wpa_msg(wpa_s, MSG_INFO, WPA_EVENT_REENABLED 3716 "id=%d ssid=\"%s\"", 3717 ssid->id, wpa_ssid_txt(ssid->ssid, ssid->ssid_len)); 3718 } 3719 ssid->disabled_until.sec = 0; 3720 ssid->disabled_until.usec = 0; 3721 if (clear_failures) 3722 ssid->auth_failures = 0; 3723} 3724 3725 3726int disallowed_bssid(struct wpa_supplicant *wpa_s, const u8 *bssid) 3727{ 3728 size_t i; 3729 3730 if (wpa_s->disallow_aps_bssid == NULL) 3731 return 0; 3732 3733 for (i = 0; i < wpa_s->disallow_aps_bssid_count; i++) { 3734 if (os_memcmp(wpa_s->disallow_aps_bssid + i * ETH_ALEN, 3735 bssid, ETH_ALEN) == 0) 3736 return 1; 3737 } 3738 3739 return 0; 3740} 3741 3742 3743int disallowed_ssid(struct wpa_supplicant *wpa_s, const u8 *ssid, 3744 size_t ssid_len) 3745{ 3746 size_t i; 3747 3748 if (wpa_s->disallow_aps_ssid == NULL || ssid == NULL) 3749 return 0; 3750 3751 for (i = 0; i < wpa_s->disallow_aps_ssid_count; i++) { 3752 struct wpa_ssid_value *s = &wpa_s->disallow_aps_ssid[i]; 3753 if (ssid_len == s->ssid_len && 3754 os_memcmp(ssid, s->ssid, ssid_len) == 0) 3755 return 1; 3756 } 3757 3758 return 0; 3759} 3760 3761 3762/** 3763 * wpas_request_connection - Request a new connection 3764 * @wpa_s: Pointer to the network interface 3765 * 3766 * This function is used to request a new connection to be found. It will mark 3767 * the interface to allow reassociation and request a new scan to find a 3768 * suitable network to connect to. 3769 */ 3770void wpas_request_connection(struct wpa_supplicant *wpa_s) 3771{ 3772 wpa_s->normal_scans = 0; 3773 wpa_supplicant_reinit_autoscan(wpa_s); 3774 wpa_s->extra_blacklist_count = 0; 3775 wpa_s->disconnected = 0; 3776 wpa_s->reassociate = 1; 3777 wpa_supplicant_req_scan(wpa_s, 0, 0); 3778} 3779