1 /*
2 * WPA Supplicant
3 * Copyright (c) 2003-2011, Jouni Malinen <j@w1.fi>
4 *
5 * This program is free software; you can redistribute it and/or modify
6 * it under the terms of the GNU General Public License version 2 as
7 * published by the Free Software Foundation.
8 *
9 * Alternatively, this software may be distributed under the terms of BSD
10 * license.
11 *
12 * See README and COPYING for more details.
13 *
14 * This file implements functions for registering and unregistering
15 * %wpa_supplicant interfaces. In addition, this file contains number of
16 * functions for managing network connections.
17 */
19 #include "includes.h"
21 #include "common.h"
22 #include "eapol_supp/eapol_supp_sm.h"
23 #include "eap_peer/eap.h"
24 #include "eap_server/eap_methods.h"
25 #include "rsn_supp/wpa.h"
26 #include "eloop.h"
27 #include "config.h"
28 #include "l2_packet/l2_packet.h"
29 #include "wpa_supplicant_i.h"
30 #include "driver_i.h"
31 #include "ctrl_iface.h"
32 #include "pcsc_funcs.h"
33 #include "common/version.h"
34 #include "rsn_supp/preauth.h"
35 #include "rsn_supp/pmksa_cache.h"
36 #include "common/wpa_ctrl.h"
37 #include "mlme.h"
38 #include "common/ieee802_11_defs.h"
39 #include "p2p/p2p.h"
40 #include "blacklist.h"
41 #include "wpas_glue.h"
42 #include "wps_supplicant.h"
43 #include "ibss_rsn.h"
44 #include "sme.h"
45 #include "ap.h"
46 #include "p2p_supplicant.h"
47 #include "notify.h"
48 #include "bgscan.h"
49 #include "bss.h"
50 #include "scan.h"
52 const char *wpa_supplicant_version =
53 "wpa_supplicant v" VERSION_STR "\n"
54 "Copyright (c) 2003-2011, Jouni Malinen <j@w1.fi> and contributors";
56 const char *wpa_supplicant_license =
57 "This program is free software. You can distribute it and/or modify it\n"
58 "under the terms of the GNU General Public License version 2.\n"
59 "\n"
60 "Alternatively, this software may be distributed under the terms of the\n"
61 "BSD license. See README and COPYING for more details.\n"
62 #ifdef EAP_TLS_OPENSSL
63 "\nThis product includes software developed by the OpenSSL Project\n"
64 "for use in the OpenSSL Toolkit (http://www.openssl.org/)\n"
65 #endif /* EAP_TLS_OPENSSL */
66 ;
68 #ifndef CONFIG_NO_STDOUT_DEBUG
69 /* Long text divided into parts in order to fit in C89 strings size limits. */
70 const char *wpa_supplicant_full_license1 =
71 "This program is free software; you can redistribute it and/or modify\n"
72 "it under the terms of the GNU General Public License version 2 as\n"
73 "published by the Free Software Foundation.\n"
74 "\n"
75 "This program is distributed in the hope that it will be useful,\n"
76 "but WITHOUT ANY WARRANTY; without even the implied warranty of\n"
77 "MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n"
78 "GNU General Public License for more details.\n"
79 "\n";
80 const char *wpa_supplicant_full_license2 =
81 "You should have received a copy of the GNU General Public License\n"
82 "along with this program; if not, write to the Free Software\n"
83 "Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA\n"
84 "\n"
85 "Alternatively, this software may be distributed under the terms of the\n"
86 "BSD license.\n"
87 "\n"
88 "Redistribution and use in source and binary forms, with or without\n"
89 "modification, are permitted provided that the following conditions are\n"
90 "met:\n"
91 "\n";
92 const char *wpa_supplicant_full_license3 =
93 "1. Redistributions of source code must retain the above copyright\n"
94 " notice, this list of conditions and the following disclaimer.\n"
95 "\n"
96 "2. Redistributions in binary form must reproduce the above copyright\n"
97 " notice, this list of conditions and the following disclaimer in the\n"
98 " documentation and/or other materials provided with the distribution.\n"
99 "\n";
100 const char *wpa_supplicant_full_license4 =
101 "3. Neither the name(s) of the above-listed copyright holder(s) nor the\n"
102 " names of its contributors may be used to endorse or promote products\n"
103 " derived from this software without specific prior written permission.\n"
104 "\n"
105 "THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS\n"
106 "\"AS IS\" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT\n"
107 "LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR\n"
108 "A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT\n";
109 const char *wpa_supplicant_full_license5 =
110 "OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,\n"
111 "SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT\n"
112 "LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,\n"
113 "DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY\n"
114 "THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT\n"
115 "(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE\n"
116 "OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n"
117 "\n";
118 #endif /* CONFIG_NO_STDOUT_DEBUG */
120 extern int wpa_debug_level;
121 extern int wpa_debug_show_keys;
122 extern int wpa_debug_timestamp;
123 extern struct wpa_driver_ops *wpa_drivers[];
125 /* Configure default/group WEP keys for static WEP */
126 int wpa_set_wep_keys(struct wpa_supplicant *wpa_s, struct wpa_ssid *ssid)
127 {
128 int i, set = 0;
130 for (i = 0; i < NUM_WEP_KEYS; i++) {
131 if (ssid->wep_key_len[i] == 0)
132 continue;
134 set = 1;
135 wpa_drv_set_key(wpa_s, WPA_ALG_WEP, NULL,
136 i, i == ssid->wep_tx_keyidx, NULL, 0,
137 ssid->wep_key[i], ssid->wep_key_len[i]);
138 }
140 return set;
141 }
144 static int wpa_supplicant_set_wpa_none_key(struct wpa_supplicant *wpa_s,
145 struct wpa_ssid *ssid)
146 {
147 u8 key[32];
148 size_t keylen;
149 enum wpa_alg alg;
150 u8 seq[6] = { 0 };
152 /* IBSS/WPA-None uses only one key (Group) for both receiving and
153 * sending unicast and multicast packets. */
155 if (ssid->mode != WPAS_MODE_IBSS) {
156 wpa_msg(wpa_s, MSG_INFO, "WPA: Invalid mode %d (not "
157 "IBSS/ad-hoc) for WPA-None", ssid->mode);
158 return -1;
159 }
161 if (!ssid->psk_set) {
162 wpa_msg(wpa_s, MSG_INFO, "WPA: No PSK configured for "
163 "WPA-None");
164 return -1;
165 }
167 switch (wpa_s->group_cipher) {
168 case WPA_CIPHER_CCMP:
169 os_memcpy(key, ssid->psk, 16);
170 keylen = 16;
171 alg = WPA_ALG_CCMP;
172 break;
173 case WPA_CIPHER_TKIP:
174 /* WPA-None uses the same Michael MIC key for both TX and RX */
175 os_memcpy(key, ssid->psk, 16 + 8);
176 os_memcpy(key + 16 + 8, ssid->psk + 16, 8);
177 keylen = 32;
178 alg = WPA_ALG_TKIP;
179 break;
180 default:
181 wpa_msg(wpa_s, MSG_INFO, "WPA: Invalid group cipher %d for "
182 "WPA-None", wpa_s->group_cipher);
183 return -1;
184 }
186 /* TODO: should actually remember the previously used seq#, both for TX
187 * and RX from each STA.. */
189 return wpa_drv_set_key(wpa_s, alg, NULL, 0, 1, seq, 6, key, keylen);
190 }
193 static void wpa_supplicant_timeout(void *eloop_ctx, void *timeout_ctx)
194 {
195 struct wpa_supplicant *wpa_s = eloop_ctx;
196 const u8 *bssid = wpa_s->bssid;
197 if (is_zero_ether_addr(bssid))
198 bssid = wpa_s->pending_bssid;
199 wpa_msg(wpa_s, MSG_INFO, "Authentication with " MACSTR " timed out.",
200 MAC2STR(bssid));
201 wpa_blacklist_add(wpa_s, bssid);
202 wpa_sm_notify_disassoc(wpa_s->wpa);
203 wpa_supplicant_disassociate(wpa_s, WLAN_REASON_DEAUTH_LEAVING);
204 wpa_s->reassociate = 1;
206 /*
207 * If we timed out, the AP or the local radio may be busy.
208 * So, wait a second until scanning again.
209 */
210 wpa_supplicant_req_scan(wpa_s, 1, 0);
211 }
214 /**
215 * wpa_supplicant_req_auth_timeout - Schedule a timeout for authentication
216 * @wpa_s: Pointer to wpa_supplicant data
217 * @sec: Number of seconds after which to time out authentication
218 * @usec: Number of microseconds after which to time out authentication
219 *
220 * This function is used to schedule a timeout for the current authentication
221 * attempt.
222 */
223 void wpa_supplicant_req_auth_timeout(struct wpa_supplicant *wpa_s,
224 int sec, int usec)
225 {
226 if (wpa_s->conf && wpa_s->conf->ap_scan == 0 &&
227 (wpa_s->drv_flags & WPA_DRIVER_FLAGS_WIRED))
228 return;
230 wpa_dbg(wpa_s, MSG_DEBUG, "Setting authentication timeout: %d sec "
231 "%d usec", sec, usec);
232 eloop_cancel_timeout(wpa_supplicant_timeout, wpa_s, NULL);
233 eloop_register_timeout(sec, usec, wpa_supplicant_timeout, wpa_s, NULL);
234 }
237 /**
238 * wpa_supplicant_cancel_auth_timeout - Cancel authentication timeout
239 * @wpa_s: Pointer to wpa_supplicant data
240 *
241 * This function is used to cancel authentication timeout scheduled with
242 * wpa_supplicant_req_auth_timeout() and it is called when authentication has
243 * been completed.
244 */
245 void wpa_supplicant_cancel_auth_timeout(struct wpa_supplicant *wpa_s)
246 {
247 wpa_dbg(wpa_s, MSG_DEBUG, "Cancelling authentication timeout");
248 eloop_cancel_timeout(wpa_supplicant_timeout, wpa_s, NULL);
249 wpa_blacklist_del(wpa_s, wpa_s->bssid);
250 }
253 /**
254 * wpa_supplicant_initiate_eapol - Configure EAPOL state machine
255 * @wpa_s: Pointer to wpa_supplicant data
256 *
257 * This function is used to configure EAPOL state machine based on the selected
258 * authentication mode.
259 */
260 void wpa_supplicant_initiate_eapol(struct wpa_supplicant *wpa_s)
261 {
262 #ifdef IEEE8021X_EAPOL
263 struct eapol_config eapol_conf;
264 struct wpa_ssid *ssid = wpa_s->current_ssid;
266 #ifdef CONFIG_IBSS_RSN
267 if (ssid->mode == WPAS_MODE_IBSS &&
268 wpa_s->key_mgmt != WPA_KEY_MGMT_NONE &&
269 wpa_s->key_mgmt != WPA_KEY_MGMT_WPA_NONE) {
270 /*
271 * RSN IBSS authentication is per-STA and we can disable the
272 * per-BSSID EAPOL authentication.
273 */
274 eapol_sm_notify_portControl(wpa_s->eapol, ForceAuthorized);
275 eapol_sm_notify_eap_success(wpa_s->eapol, TRUE);
276 eapol_sm_notify_eap_fail(wpa_s->eapol, FALSE);
277 return;
278 }
279 #endif /* CONFIG_IBSS_RSN */
281 eapol_sm_notify_eap_success(wpa_s->eapol, FALSE);
282 eapol_sm_notify_eap_fail(wpa_s->eapol, FALSE);
284 if (wpa_s->key_mgmt == WPA_KEY_MGMT_NONE ||
285 wpa_s->key_mgmt == WPA_KEY_MGMT_WPA_NONE)
286 eapol_sm_notify_portControl(wpa_s->eapol, ForceAuthorized);
287 else
288 eapol_sm_notify_portControl(wpa_s->eapol, Auto);
290 os_memset(&eapol_conf, 0, sizeof(eapol_conf));
291 if (wpa_s->key_mgmt == WPA_KEY_MGMT_IEEE8021X_NO_WPA) {
292 eapol_conf.accept_802_1x_keys = 1;
293 eapol_conf.required_keys = 0;
294 if (ssid->eapol_flags & EAPOL_FLAG_REQUIRE_KEY_UNICAST) {
295 eapol_conf.required_keys |= EAPOL_REQUIRE_KEY_UNICAST;
296 }
297 if (ssid->eapol_flags & EAPOL_FLAG_REQUIRE_KEY_BROADCAST) {
298 eapol_conf.required_keys |=
299 EAPOL_REQUIRE_KEY_BROADCAST;
300 }
302 if (wpa_s->conf && (wpa_s->drv_flags & WPA_DRIVER_FLAGS_WIRED))
303 eapol_conf.required_keys = 0;
304 }
305 if (wpa_s->conf)
306 eapol_conf.fast_reauth = wpa_s->conf->fast_reauth;
307 eapol_conf.workaround = ssid->eap_workaround;
308 eapol_conf.eap_disabled =
309 !wpa_key_mgmt_wpa_ieee8021x(wpa_s->key_mgmt) &&
310 wpa_s->key_mgmt != WPA_KEY_MGMT_IEEE8021X_NO_WPA &&
311 wpa_s->key_mgmt != WPA_KEY_MGMT_WPS;
312 eapol_sm_notify_config(wpa_s->eapol, &ssid->eap, &eapol_conf);
313 #endif /* IEEE8021X_EAPOL */
314 }
317 /**
318 * wpa_supplicant_set_non_wpa_policy - Set WPA parameters to non-WPA mode
319 * @wpa_s: Pointer to wpa_supplicant data
320 * @ssid: Configuration data for the network
321 *
322 * This function is used to configure WPA state machine and related parameters
323 * to a mode where WPA is not enabled. This is called as part of the
324 * authentication configuration when the selected network does not use WPA.
325 */
326 void wpa_supplicant_set_non_wpa_policy(struct wpa_supplicant *wpa_s,
327 struct wpa_ssid *ssid)
328 {
329 int i;
331 if (ssid->key_mgmt & WPA_KEY_MGMT_WPS)
332 wpa_s->key_mgmt = WPA_KEY_MGMT_WPS;
333 else if (ssid->key_mgmt & WPA_KEY_MGMT_IEEE8021X_NO_WPA)
334 wpa_s->key_mgmt = WPA_KEY_MGMT_IEEE8021X_NO_WPA;
335 else
336 wpa_s->key_mgmt = WPA_KEY_MGMT_NONE;
337 wpa_sm_set_ap_wpa_ie(wpa_s->wpa, NULL, 0);
338 wpa_sm_set_ap_rsn_ie(wpa_s->wpa, NULL, 0);
339 wpa_sm_set_assoc_wpa_ie(wpa_s->wpa, NULL, 0);
340 wpa_s->pairwise_cipher = WPA_CIPHER_NONE;
341 wpa_s->group_cipher = WPA_CIPHER_NONE;
342 wpa_s->mgmt_group_cipher = 0;
344 for (i = 0; i < NUM_WEP_KEYS; i++) {
345 if (ssid->wep_key_len[i] > 5) {
346 wpa_s->pairwise_cipher = WPA_CIPHER_WEP104;
347 wpa_s->group_cipher = WPA_CIPHER_WEP104;
348 break;
349 } else if (ssid->wep_key_len[i] > 0) {
350 wpa_s->pairwise_cipher = WPA_CIPHER_WEP40;
351 wpa_s->group_cipher = WPA_CIPHER_WEP40;
352 break;
353 }
354 }
356 wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_RSN_ENABLED, 0);
357 wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_KEY_MGMT, wpa_s->key_mgmt);
358 wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_PAIRWISE,
359 wpa_s->pairwise_cipher);
360 wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_GROUP, wpa_s->group_cipher);
361 #ifdef CONFIG_IEEE80211W
362 wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_MGMT_GROUP,
363 wpa_s->mgmt_group_cipher);
364 #endif /* CONFIG_IEEE80211W */
366 pmksa_cache_clear_current(wpa_s->wpa);
367 }
370 static void wpa_supplicant_cleanup(struct wpa_supplicant *wpa_s)
371 {
372 bgscan_deinit(wpa_s);
373 scard_deinit(wpa_s->scard);
374 wpa_s->scard = NULL;
375 wpa_sm_set_scard_ctx(wpa_s->wpa, NULL);
376 eapol_sm_register_scard_ctx(wpa_s->eapol, NULL);
377 l2_packet_deinit(wpa_s->l2);
378 wpa_s->l2 = NULL;
379 if (wpa_s->l2_br) {
380 l2_packet_deinit(wpa_s->l2_br);
381 wpa_s->l2_br = NULL;
382 }
384 if (wpa_s->ctrl_iface) {
385 wpa_supplicant_ctrl_iface_deinit(wpa_s->ctrl_iface);
386 wpa_s->ctrl_iface = NULL;
387 }
388 if (wpa_s->conf != NULL) {
389 struct wpa_ssid *ssid;
390 for (ssid = wpa_s->conf->ssid; ssid; ssid = ssid->next)
391 wpas_notify_network_removed(wpa_s, ssid);
392 wpa_config_free(wpa_s->conf);
393 wpa_s->conf = NULL;
394 }
396 os_free(wpa_s->confname);
397 wpa_s->confname = NULL;
399 wpa_sm_set_eapol(wpa_s->wpa, NULL);
400 eapol_sm_deinit(wpa_s->eapol);
401 wpa_s->eapol = NULL;
403 rsn_preauth_deinit(wpa_s->wpa);
405 #ifdef CONFIG_TDLS
406 wpa_tdls_deinit(wpa_s->wpa);
407 #endif /* CONFIG_TDLS */
409 pmksa_candidate_free(wpa_s->wpa);
410 wpa_sm_deinit(wpa_s->wpa);
411 wpa_s->wpa = NULL;
412 wpa_blacklist_clear(wpa_s);
414 wpa_bss_deinit(wpa_s);
416 wpa_supplicant_cancel_scan(wpa_s);
417 wpa_supplicant_cancel_auth_timeout(wpa_s);
419 ieee80211_sta_deinit(wpa_s);
421 wpas_wps_deinit(wpa_s);
423 wpabuf_free(wpa_s->pending_eapol_rx);
424 wpa_s->pending_eapol_rx = NULL;
426 #ifdef CONFIG_IBSS_RSN
427 ibss_rsn_deinit(wpa_s->ibss_rsn);
428 wpa_s->ibss_rsn = NULL;
429 #endif /* CONFIG_IBSS_RSN */
431 sme_deinit(wpa_s);
433 #ifdef CONFIG_AP
434 wpa_supplicant_ap_deinit(wpa_s);
435 #endif /* CONFIG_AP */
437 #ifdef CONFIG_P2P
438 wpas_p2p_deinit(wpa_s);
439 #endif /* CONFIG_P2P */
441 os_free(wpa_s->next_scan_freqs);
442 wpa_s->next_scan_freqs = NULL;
443 }
446 /**
447 * wpa_clear_keys - Clear keys configured for the driver
448 * @wpa_s: Pointer to wpa_supplicant data
449 * @addr: Previously used BSSID or %NULL if not available
450 *
451 * This function clears the encryption keys that has been previously configured
452 * for the driver.
453 */
454 void wpa_clear_keys(struct wpa_supplicant *wpa_s, const u8 *addr)
455 {
456 if (wpa_s->keys_cleared) {
457 /* Some drivers (e.g., ndiswrapper & NDIS drivers) seem to have
458 * timing issues with keys being cleared just before new keys
459 * are set or just after association or something similar. This
460 * shows up in group key handshake failing often because of the
461 * client not receiving the first encrypted packets correctly.
462 * Skipping some of the extra key clearing steps seems to help
463 * in completing group key handshake more reliably. */
464 wpa_dbg(wpa_s, MSG_DEBUG, "No keys have been configured - "
465 "skip key clearing");
466 return;
467 }
469 /* MLME-DELETEKEYS.request */
470 wpa_drv_set_key(wpa_s, WPA_ALG_NONE, NULL, 0, 0, NULL, 0, NULL, 0);
471 wpa_drv_set_key(wpa_s, WPA_ALG_NONE, NULL, 1, 0, NULL, 0, NULL, 0);
472 wpa_drv_set_key(wpa_s, WPA_ALG_NONE, NULL, 2, 0, NULL, 0, NULL, 0);
473 wpa_drv_set_key(wpa_s, WPA_ALG_NONE, NULL, 3, 0, NULL, 0, NULL, 0);
474 #ifdef CONFIG_IEEE80211W
475 wpa_drv_set_key(wpa_s, WPA_ALG_NONE, NULL, 4, 0, NULL, 0, NULL, 0);
476 wpa_drv_set_key(wpa_s, WPA_ALG_NONE, NULL, 5, 0, NULL, 0, NULL, 0);
477 #endif /* CONFIG_IEEE80211W */
478 if (addr) {
479 wpa_drv_set_key(wpa_s, WPA_ALG_NONE, addr, 0, 0, NULL, 0, NULL,
480 0);
481 /* MLME-SETPROTECTION.request(None) */
482 wpa_drv_mlme_setprotection(
483 wpa_s, addr,
484 MLME_SETPROTECTION_PROTECT_TYPE_NONE,
485 MLME_SETPROTECTION_KEY_TYPE_PAIRWISE);
486 }
487 wpa_s->keys_cleared = 1;
488 }
491 /**
492 * wpa_supplicant_state_txt - Get the connection state name as a text string
493 * @state: State (wpa_state; WPA_*)
494 * Returns: The state name as a printable text string
495 */
496 const char * wpa_supplicant_state_txt(enum wpa_states state)
497 {
498 switch (state) {
499 case WPA_DISCONNECTED:
500 return "DISCONNECTED";
501 case WPA_INACTIVE:
502 return "INACTIVE";
503 case WPA_INTERFACE_DISABLED:
504 return "INTERFACE_DISABLED";
505 case WPA_SCANNING:
506 return "SCANNING";
507 case WPA_AUTHENTICATING:
508 return "AUTHENTICATING";
509 case WPA_ASSOCIATING:
510 return "ASSOCIATING";
511 case WPA_ASSOCIATED:
512 return "ASSOCIATED";
513 case WPA_4WAY_HANDSHAKE:
514 return "4WAY_HANDSHAKE";
515 case WPA_GROUP_HANDSHAKE:
516 return "GROUP_HANDSHAKE";
517 case WPA_COMPLETED:
518 return "COMPLETED";
519 default:
520 return "UNKNOWN";
521 }
522 }
525 #ifdef CONFIG_BGSCAN
527 static void wpa_supplicant_start_bgscan(struct wpa_supplicant *wpa_s)
528 {
529 if (wpa_s->current_ssid == wpa_s->bgscan_ssid)
530 return;
532 bgscan_deinit(wpa_s);
533 if (wpa_s->current_ssid && wpa_s->current_ssid->bgscan) {
534 if (bgscan_init(wpa_s, wpa_s->current_ssid)) {
535 wpa_dbg(wpa_s, MSG_DEBUG, "Failed to initialize "
536 "bgscan");
537 /*
538 * Live without bgscan; it is only used as a roaming
539 * optimization, so the initial connection is not
540 * affected.
541 */
542 } else
543 wpa_s->bgscan_ssid = wpa_s->current_ssid;
544 } else
545 wpa_s->bgscan_ssid = NULL;
546 }
549 static void wpa_supplicant_stop_bgscan(struct wpa_supplicant *wpa_s)
550 {
551 if (wpa_s->bgscan_ssid != NULL) {
552 bgscan_deinit(wpa_s);
553 wpa_s->bgscan_ssid = NULL;
554 }
555 }
557 #endif /* CONFIG_BGSCAN */
560 /**
561 * wpa_supplicant_set_state - Set current connection state
562 * @wpa_s: Pointer to wpa_supplicant data
563 * @state: The new connection state
564 *
565 * This function is called whenever the connection state changes, e.g.,
566 * association is completed for WPA/WPA2 4-Way Handshake is started.
567 */
568 void wpa_supplicant_set_state(struct wpa_supplicant *wpa_s,
569 enum wpa_states state)
570 {
571 enum wpa_states old_state = wpa_s->wpa_state;
573 wpa_dbg(wpa_s, MSG_DEBUG, "State: %s -> %s",
574 wpa_supplicant_state_txt(wpa_s->wpa_state),
575 wpa_supplicant_state_txt(state));
577 if (state != WPA_SCANNING)
578 wpa_supplicant_notify_scanning(wpa_s, 0);
580 if (state == WPA_COMPLETED && wpa_s->new_connection) {
581 #if defined(CONFIG_CTRL_IFACE) || !defined(CONFIG_NO_STDOUT_DEBUG)
582 struct wpa_ssid *ssid = wpa_s->current_ssid;
583 wpa_msg(wpa_s, MSG_INFO, WPA_EVENT_CONNECTED "- Connection to "
584 MACSTR " completed %s [id=%d id_str=%s]",
585 MAC2STR(wpa_s->bssid), wpa_s->reassociated_connection ?
586 "(reauth)" : "(auth)",
587 ssid ? ssid->id : -1,
588 ssid && ssid->id_str ? ssid->id_str : "");
589 #endif /* CONFIG_CTRL_IFACE || !CONFIG_NO_STDOUT_DEBUG */
590 wpa_s->new_connection = 0;
591 wpa_s->reassociated_connection = 1;
592 wpa_drv_set_operstate(wpa_s, 1);
593 #ifndef IEEE8021X_EAPOL
594 wpa_drv_set_supp_port(wpa_s, 1);
595 #endif /* IEEE8021X_EAPOL */
596 wpa_s->after_wps = 0;
597 #ifdef CONFIG_P2P
598 wpas_p2p_completed(wpa_s);
599 #endif /* CONFIG_P2P */
600 } else if (state == WPA_DISCONNECTED || state == WPA_ASSOCIATING ||
601 state == WPA_ASSOCIATED) {
602 wpa_s->new_connection = 1;
603 wpa_drv_set_operstate(wpa_s, 0);
604 #ifndef IEEE8021X_EAPOL
605 wpa_drv_set_supp_port(wpa_s, 0);
606 #endif /* IEEE8021X_EAPOL */
607 }
608 wpa_s->wpa_state = state;
610 #ifdef CONFIG_BGSCAN
611 if (state == WPA_COMPLETED)
612 wpa_supplicant_start_bgscan(wpa_s);
613 else
614 wpa_supplicant_stop_bgscan(wpa_s);
615 #endif /* CONFIG_BGSCAN */
617 if (wpa_s->wpa_state != old_state) {
618 wpas_notify_state_changed(wpa_s, wpa_s->wpa_state, old_state);
620 if (wpa_s->wpa_state == WPA_COMPLETED ||
621 old_state == WPA_COMPLETED)
622 wpas_notify_auth_changed(wpa_s);
623 }
624 }
627 void wpa_supplicant_terminate_proc(struct wpa_global *global)
628 {
629 int pending = 0;
630 #ifdef CONFIG_WPS
631 struct wpa_supplicant *wpa_s = global->ifaces;
632 while (wpa_s) {
633 if (wpas_wps_terminate_pending(wpa_s) == 1)
634 pending = 1;
635 wpa_s = wpa_s->next;
636 }
637 #endif /* CONFIG_WPS */
638 if (pending)
639 return;
640 eloop_terminate();
641 }
644 static void wpa_supplicant_terminate(int sig, void *signal_ctx)
645 {
646 struct wpa_global *global = signal_ctx;
647 struct wpa_supplicant *wpa_s;
648 for (wpa_s = global->ifaces; wpa_s; wpa_s = wpa_s->next) {
649 wpa_msg(wpa_s, MSG_INFO, WPA_EVENT_TERMINATING "- signal %d "
650 "received", sig);
651 }
652 wpa_supplicant_terminate_proc(global);
653 }
656 void wpa_supplicant_clear_status(struct wpa_supplicant *wpa_s)
657 {
658 enum wpa_states old_state = wpa_s->wpa_state;
660 wpa_s->pairwise_cipher = 0;
661 wpa_s->group_cipher = 0;
662 wpa_s->mgmt_group_cipher = 0;
663 wpa_s->key_mgmt = 0;
664 if (wpa_s->wpa_state != WPA_INTERFACE_DISABLED)
665 wpa_s->wpa_state = WPA_DISCONNECTED;
667 if (wpa_s->wpa_state != old_state)
668 wpas_notify_state_changed(wpa_s, wpa_s->wpa_state, old_state);
669 }
672 /**
673 * wpa_supplicant_reload_configuration - Reload configuration data
674 * @wpa_s: Pointer to wpa_supplicant data
675 * Returns: 0 on success or -1 if configuration parsing failed
676 *
677 * This function can be used to request that the configuration data is reloaded
678 * (e.g., after configuration file change). This function is reloading
679 * configuration only for one interface, so this may need to be called multiple
680 * times if %wpa_supplicant is controlling multiple interfaces and all
681 * interfaces need reconfiguration.
682 */
683 int wpa_supplicant_reload_configuration(struct wpa_supplicant *wpa_s)
684 {
685 struct wpa_config *conf;
686 struct wpa_ssid *old_ssid;
687 int reconf_ctrl;
688 int old_ap_scan;
690 if (wpa_s->confname == NULL)
691 return -1;
692 conf = wpa_config_read(wpa_s->confname);
693 if (conf == NULL) {
694 wpa_msg(wpa_s, MSG_ERROR, "Failed to parse the configuration "
695 "file '%s' - exiting", wpa_s->confname);
696 return -1;
697 }
698 conf->changed_parameters = (unsigned int) -1;
700 reconf_ctrl = !!conf->ctrl_interface != !!wpa_s->conf->ctrl_interface
701 || (conf->ctrl_interface && wpa_s->conf->ctrl_interface &&
702 os_strcmp(conf->ctrl_interface,
703 wpa_s->conf->ctrl_interface) != 0);
705 if (reconf_ctrl && wpa_s->ctrl_iface) {
706 wpa_supplicant_ctrl_iface_deinit(wpa_s->ctrl_iface);
707 wpa_s->ctrl_iface = NULL;
708 }
710 eapol_sm_invalidate_cached_session(wpa_s->eapol);
711 old_ssid = wpa_s->current_ssid;
712 wpa_s->current_ssid = NULL;
713 if (old_ssid != wpa_s->current_ssid)
714 wpas_notify_network_changed(wpa_s);
716 /*
717 * TODO: should notify EAPOL SM about changes in opensc_engine_path,
718 * pkcs11_engine_path, pkcs11_module_path.
719 */
720 if (wpa_key_mgmt_wpa_psk(wpa_s->key_mgmt)) {
721 /*
722 * Clear forced success to clear EAP state for next
723 * authentication.
724 */
725 eapol_sm_notify_eap_success(wpa_s->eapol, FALSE);
726 }
727 eapol_sm_notify_config(wpa_s->eapol, NULL, NULL);
728 wpa_sm_set_config(wpa_s->wpa, NULL);
729 wpa_sm_set_fast_reauth(wpa_s->wpa, wpa_s->conf->fast_reauth);
730 rsn_preauth_deinit(wpa_s->wpa);
732 old_ap_scan = wpa_s->conf->ap_scan;
733 wpa_config_free(wpa_s->conf);
734 wpa_s->conf = conf;
735 if (old_ap_scan != wpa_s->conf->ap_scan)
736 wpas_notify_ap_scan_changed(wpa_s);
738 if (reconf_ctrl)
739 wpa_s->ctrl_iface = wpa_supplicant_ctrl_iface_init(wpa_s);
741 wpa_supplicant_update_config(wpa_s);
743 wpa_supplicant_clear_status(wpa_s);
744 if (wpa_supplicant_enabled_networks(wpa_s->conf)) {
745 wpa_s->reassociate = 1;
746 wpa_supplicant_req_scan(wpa_s, 0, 0);
747 }
748 wpa_dbg(wpa_s, MSG_DEBUG, "Reconfiguration completed");
749 return 0;
750 }
753 static void wpa_supplicant_reconfig(int sig, void *signal_ctx)
754 {
755 struct wpa_global *global = signal_ctx;
756 struct wpa_supplicant *wpa_s;
757 for (wpa_s = global->ifaces; wpa_s; wpa_s = wpa_s->next) {
758 wpa_dbg(wpa_s, MSG_DEBUG, "Signal %d received - reconfiguring",
759 sig);
760 if (wpa_supplicant_reload_configuration(wpa_s) < 0) {
761 wpa_supplicant_terminate_proc(global);
762 }
763 }
764 }
767 enum wpa_cipher cipher_suite2driver(int cipher)
768 {
769 switch (cipher) {
770 case WPA_CIPHER_NONE:
771 return CIPHER_NONE;
772 case WPA_CIPHER_WEP40:
773 return CIPHER_WEP40;
774 case WPA_CIPHER_WEP104:
775 return CIPHER_WEP104;
776 case WPA_CIPHER_CCMP:
777 return CIPHER_CCMP;
778 case WPA_CIPHER_TKIP:
779 default:
780 return CIPHER_TKIP;
781 }
782 }
785 enum wpa_key_mgmt key_mgmt2driver(int key_mgmt)
786 {
787 switch (key_mgmt) {
788 case WPA_KEY_MGMT_NONE:
789 return KEY_MGMT_NONE;
790 case WPA_KEY_MGMT_IEEE8021X_NO_WPA:
791 return KEY_MGMT_802_1X_NO_WPA;
792 case WPA_KEY_MGMT_IEEE8021X:
793 return KEY_MGMT_802_1X;
794 case WPA_KEY_MGMT_WPA_NONE:
795 return KEY_MGMT_WPA_NONE;
796 case WPA_KEY_MGMT_FT_IEEE8021X:
797 return KEY_MGMT_FT_802_1X;
798 case WPA_KEY_MGMT_FT_PSK:
799 return KEY_MGMT_FT_PSK;
800 case WPA_KEY_MGMT_IEEE8021X_SHA256:
801 return KEY_MGMT_802_1X_SHA256;
802 case WPA_KEY_MGMT_PSK_SHA256:
803 return KEY_MGMT_PSK_SHA256;
804 case WPA_KEY_MGMT_WPS:
805 return KEY_MGMT_WPS;
806 case WPA_KEY_MGMT_PSK:
807 default:
808 return KEY_MGMT_PSK;
809 }
810 }
813 static int wpa_supplicant_suites_from_ai(struct wpa_supplicant *wpa_s,
814 struct wpa_ssid *ssid,
815 struct wpa_ie_data *ie)
816 {
817 int ret = wpa_sm_parse_own_wpa_ie(wpa_s->wpa, ie);
818 if (ret) {
819 if (ret == -2) {
820 wpa_msg(wpa_s, MSG_INFO, "WPA: Failed to parse WPA IE "
821 "from association info");
822 }
823 return -1;
824 }
826 wpa_dbg(wpa_s, MSG_DEBUG, "WPA: Using WPA IE from AssocReq to set "
827 "cipher suites");
828 if (!(ie->group_cipher & ssid->group_cipher)) {
829 wpa_msg(wpa_s, MSG_INFO, "WPA: Driver used disabled group "
830 "cipher 0x%x (mask 0x%x) - reject",
831 ie->group_cipher, ssid->group_cipher);
832 return -1;
833 }
834 if (!(ie->pairwise_cipher & ssid->pairwise_cipher)) {
835 wpa_msg(wpa_s, MSG_INFO, "WPA: Driver used disabled pairwise "
836 "cipher 0x%x (mask 0x%x) - reject",
837 ie->pairwise_cipher, ssid->pairwise_cipher);
838 return -1;
839 }
840 if (!(ie->key_mgmt & ssid->key_mgmt)) {
841 wpa_msg(wpa_s, MSG_INFO, "WPA: Driver used disabled key "
842 "management 0x%x (mask 0x%x) - reject",
843 ie->key_mgmt, ssid->key_mgmt);
844 return -1;
845 }
847 #ifdef CONFIG_IEEE80211W
848 if (!(ie->capabilities & WPA_CAPABILITY_MFPC) &&
849 ssid->ieee80211w == MGMT_FRAME_PROTECTION_REQUIRED) {
850 wpa_msg(wpa_s, MSG_INFO, "WPA: Driver associated with an AP "
851 "that does not support management frame protection - "
852 "reject");
853 return -1;
854 }
855 #endif /* CONFIG_IEEE80211W */
857 return 0;
858 }
861 /**
862 * wpa_supplicant_set_suites - Set authentication and encryption parameters
863 * @wpa_s: Pointer to wpa_supplicant data
864 * @bss: Scan results for the selected BSS, or %NULL if not available
865 * @ssid: Configuration data for the selected network
866 * @wpa_ie: Buffer for the WPA/RSN IE
867 * @wpa_ie_len: Maximum wpa_ie buffer size on input. This is changed to be the
868 * used buffer length in case the functions returns success.
869 * Returns: 0 on success or -1 on failure
870 *
871 * This function is used to configure authentication and encryption parameters
872 * based on the network configuration and scan result for the selected BSS (if
873 * available).
874 */
875 int wpa_supplicant_set_suites(struct wpa_supplicant *wpa_s,
876 struct wpa_bss *bss, struct wpa_ssid *ssid,
877 u8 *wpa_ie, size_t *wpa_ie_len)
878 {
879 struct wpa_ie_data ie;
880 int sel, proto;
881 const u8 *bss_wpa, *bss_rsn;
883 if (bss) {
884 bss_wpa = wpa_bss_get_vendor_ie(bss, WPA_IE_VENDOR_TYPE);
885 bss_rsn = wpa_bss_get_ie(bss, WLAN_EID_RSN);
886 } else
887 bss_wpa = bss_rsn = NULL;
889 if (bss_rsn && (ssid->proto & WPA_PROTO_RSN) &&
890 wpa_parse_wpa_ie(bss_rsn, 2 + bss_rsn[1], &ie) == 0 &&
891 (ie.group_cipher & ssid->group_cipher) &&
892 (ie.pairwise_cipher & ssid->pairwise_cipher) &&
893 (ie.key_mgmt & ssid->key_mgmt)) {
894 wpa_dbg(wpa_s, MSG_DEBUG, "RSN: using IEEE 802.11i/D9.0");
895 proto = WPA_PROTO_RSN;
896 } else if (bss_wpa && (ssid->proto & WPA_PROTO_WPA) &&
897 wpa_parse_wpa_ie(bss_wpa, 2 +bss_wpa[1], &ie) == 0 &&
898 (ie.group_cipher & ssid->group_cipher) &&
899 (ie.pairwise_cipher & ssid->pairwise_cipher) &&
900 (ie.key_mgmt & ssid->key_mgmt)) {
901 wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using IEEE 802.11i/D3.0");
902 proto = WPA_PROTO_WPA;
903 } else if (bss) {
904 wpa_msg(wpa_s, MSG_WARNING, "WPA: Failed to select WPA/RSN");
905 return -1;
906 } else {
907 if (ssid->proto & WPA_PROTO_RSN)
908 proto = WPA_PROTO_RSN;
909 else
910 proto = WPA_PROTO_WPA;
911 if (wpa_supplicant_suites_from_ai(wpa_s, ssid, &ie) < 0) {
912 os_memset(&ie, 0, sizeof(ie));
913 ie.group_cipher = ssid->group_cipher;
914 ie.pairwise_cipher = ssid->pairwise_cipher;
915 ie.key_mgmt = ssid->key_mgmt;
916 #ifdef CONFIG_IEEE80211W
917 ie.mgmt_group_cipher =
918 ssid->ieee80211w != NO_MGMT_FRAME_PROTECTION ?
919 WPA_CIPHER_AES_128_CMAC : 0;
920 #endif /* CONFIG_IEEE80211W */
921 wpa_dbg(wpa_s, MSG_DEBUG, "WPA: Set cipher suites "
922 "based on configuration");
923 } else
924 proto = ie.proto;
925 }
927 wpa_dbg(wpa_s, MSG_DEBUG, "WPA: Selected cipher suites: group %d "
928 "pairwise %d key_mgmt %d proto %d",
929 ie.group_cipher, ie.pairwise_cipher, ie.key_mgmt, proto);
930 #ifdef CONFIG_IEEE80211W
931 if (ssid->ieee80211w) {
932 wpa_dbg(wpa_s, MSG_DEBUG, "WPA: Selected mgmt group cipher %d",
933 ie.mgmt_group_cipher);
934 }
935 #endif /* CONFIG_IEEE80211W */
937 wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_PROTO, proto);
938 wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_RSN_ENABLED,
939 !!(ssid->proto & WPA_PROTO_RSN));
941 if (bss || !wpa_s->ap_ies_from_associnfo) {
942 if (wpa_sm_set_ap_wpa_ie(wpa_s->wpa, bss_wpa,
943 bss_wpa ? 2 + bss_wpa[1] : 0) ||
944 wpa_sm_set_ap_rsn_ie(wpa_s->wpa, bss_rsn,
945 bss_rsn ? 2 + bss_rsn[1] : 0))
946 return -1;
947 }
949 sel = ie.group_cipher & ssid->group_cipher;
950 if (sel & WPA_CIPHER_CCMP) {
951 wpa_s->group_cipher = WPA_CIPHER_CCMP;
952 wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using GTK CCMP");
953 } else if (sel & WPA_CIPHER_TKIP) {
954 wpa_s->group_cipher = WPA_CIPHER_TKIP;
955 wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using GTK TKIP");
956 } else if (sel & WPA_CIPHER_WEP104) {
957 wpa_s->group_cipher = WPA_CIPHER_WEP104;
958 wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using GTK WEP104");
959 } else if (sel & WPA_CIPHER_WEP40) {
960 wpa_s->group_cipher = WPA_CIPHER_WEP40;
961 wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using GTK WEP40");
962 } else {
963 wpa_msg(wpa_s, MSG_WARNING, "WPA: Failed to select group "
964 "cipher");
965 return -1;
966 }
968 sel = ie.pairwise_cipher & ssid->pairwise_cipher;
969 if (sel & WPA_CIPHER_CCMP) {
970 wpa_s->pairwise_cipher = WPA_CIPHER_CCMP;
971 wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using PTK CCMP");
972 } else if (sel & WPA_CIPHER_TKIP) {
973 wpa_s->pairwise_cipher = WPA_CIPHER_TKIP;
974 wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using PTK TKIP");
975 } else if (sel & WPA_CIPHER_NONE) {
976 wpa_s->pairwise_cipher = WPA_CIPHER_NONE;
977 wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using PTK NONE");
978 } else {
979 wpa_msg(wpa_s, MSG_WARNING, "WPA: Failed to select pairwise "
980 "cipher");
981 return -1;
982 }
984 sel = ie.key_mgmt & ssid->key_mgmt;
985 if (0) {
986 #ifdef CONFIG_IEEE80211R
987 } else if (sel & WPA_KEY_MGMT_FT_IEEE8021X) {
988 wpa_s->key_mgmt = WPA_KEY_MGMT_FT_IEEE8021X;
989 wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using KEY_MGMT FT/802.1X");
990 } else if (sel & WPA_KEY_MGMT_FT_PSK) {
991 wpa_s->key_mgmt = WPA_KEY_MGMT_FT_PSK;
992 wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using KEY_MGMT FT/PSK");
993 #endif /* CONFIG_IEEE80211R */
994 #ifdef CONFIG_IEEE80211W
995 } else if (sel & WPA_KEY_MGMT_IEEE8021X_SHA256) {
996 wpa_s->key_mgmt = WPA_KEY_MGMT_IEEE8021X_SHA256;
997 wpa_dbg(wpa_s, MSG_DEBUG,
998 "WPA: using KEY_MGMT 802.1X with SHA256");
999 } else if (sel & WPA_KEY_MGMT_PSK_SHA256) {
1000 wpa_s->key_mgmt = WPA_KEY_MGMT_PSK_SHA256;
1001 wpa_dbg(wpa_s, MSG_DEBUG,
1002 "WPA: using KEY_MGMT PSK with SHA256");
1003 #endif /* CONFIG_IEEE80211W */
1004 } else if (sel & WPA_KEY_MGMT_IEEE8021X) {
1005 wpa_s->key_mgmt = WPA_KEY_MGMT_IEEE8021X;
1006 wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using KEY_MGMT 802.1X");
1007 } else if (sel & WPA_KEY_MGMT_PSK) {
1008 wpa_s->key_mgmt = WPA_KEY_MGMT_PSK;
1009 wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using KEY_MGMT WPA-PSK");
1010 } else if (sel & WPA_KEY_MGMT_WPA_NONE) {
1011 wpa_s->key_mgmt = WPA_KEY_MGMT_WPA_NONE;
1012 wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using KEY_MGMT WPA-NONE");
1013 } else {
1014 wpa_msg(wpa_s, MSG_WARNING, "WPA: Failed to select "
1015 "authenticated key management type");
1016 return -1;
1017 }
1019 wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_KEY_MGMT, wpa_s->key_mgmt);
1020 wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_PAIRWISE,
1021 wpa_s->pairwise_cipher);
1022 wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_GROUP, wpa_s->group_cipher);
1024 #ifdef CONFIG_IEEE80211W
1025 sel = ie.mgmt_group_cipher;
1026 if (ssid->ieee80211w == NO_MGMT_FRAME_PROTECTION ||
1027 !(ie.capabilities & WPA_CAPABILITY_MFPC))
1028 sel = 0;
1029 if (sel & WPA_CIPHER_AES_128_CMAC) {
1030 wpa_s->mgmt_group_cipher = WPA_CIPHER_AES_128_CMAC;
1031 wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using MGMT group cipher "
1032 "AES-128-CMAC");
1033 } else {
1034 wpa_s->mgmt_group_cipher = 0;
1035 wpa_dbg(wpa_s, MSG_DEBUG, "WPA: not using MGMT group cipher");
1036 }
1037 wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_MGMT_GROUP,
1038 wpa_s->mgmt_group_cipher);
1039 wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_MFP, ssid->ieee80211w);
1040 #endif /* CONFIG_IEEE80211W */
1042 if (wpa_sm_set_assoc_wpa_ie_default(wpa_s->wpa, wpa_ie, wpa_ie_len)) {
1043 wpa_msg(wpa_s, MSG_WARNING, "WPA: Failed to generate WPA IE");
1044 return -1;
1045 }
1047 if (ssid->key_mgmt &
1048 (WPA_KEY_MGMT_PSK | WPA_KEY_MGMT_FT_PSK | WPA_KEY_MGMT_PSK_SHA256))
1049 wpa_sm_set_pmk(wpa_s->wpa, ssid->psk, PMK_LEN);
1050 else
1051 wpa_sm_set_pmk_from_pmksa(wpa_s->wpa);
1053 return 0;
1054 }
1057 /**
1058 * wpa_supplicant_associate - Request association
1059 * @wpa_s: Pointer to wpa_supplicant data
1060 * @bss: Scan results for the selected BSS, or %NULL if not available
1061 * @ssid: Configuration data for the selected network
1062 *
1063 * This function is used to request %wpa_supplicant to associate with a BSS.
1064 */
1065 void wpa_supplicant_associate(struct wpa_supplicant *wpa_s,
1066 struct wpa_bss *bss, struct wpa_ssid *ssid)
1067 {
1068 u8 wpa_ie[200];
1069 size_t wpa_ie_len;
1070 int use_crypt, ret, i, bssid_changed;
1071 int algs = WPA_AUTH_ALG_OPEN;
1072 enum wpa_cipher cipher_pairwise, cipher_group;
1073 struct wpa_driver_associate_params params;
1074 int wep_keys_set = 0;
1075 struct wpa_driver_capa capa;
1076 int assoc_failed = 0;
1077 struct wpa_ssid *old_ssid;
1079 if (ssid->mode == WPAS_MODE_AP || ssid->mode == WPAS_MODE_P2P_GO ||
1080 ssid->mode == WPAS_MODE_P2P_GROUP_FORMATION) {
1081 #ifdef CONFIG_AP
1082 if (!(wpa_s->drv_flags & WPA_DRIVER_FLAGS_AP)) {
1083 wpa_msg(wpa_s, MSG_INFO, "Driver does not support AP "
1084 "mode");
1085 return;
1086 }
1087 wpa_supplicant_create_ap(wpa_s, ssid);
1088 wpa_s->current_bss = bss;
1089 #else /* CONFIG_AP */
1090 wpa_msg(wpa_s, MSG_ERROR, "AP mode support not included in "
1091 "the build");
1092 #endif /* CONFIG_AP */
1093 return;
1094 }
1096 #ifdef CONFIG_TDLS
1097 wpa_tdls_ap_ies(wpa_s->wpa, (const u8 *) (bss + 1), bss->ie_len);
1098 #endif /* CONFIG_TDLS */
1100 if ((wpa_s->drv_flags & WPA_DRIVER_FLAGS_SME) &&
1101 ssid->mode == IEEE80211_MODE_INFRA) {
1102 sme_authenticate(wpa_s, bss, ssid);
1103 return;
1104 }
1106 os_memset(¶ms, 0, sizeof(params));
1107 wpa_s->reassociate = 0;
1108 if (bss) {
1109 #ifdef CONFIG_IEEE80211R
1110 const u8 *ie, *md = NULL;
1111 #endif /* CONFIG_IEEE80211R */
1112 wpa_msg(wpa_s, MSG_INFO, "Trying to associate with " MACSTR
1113 " (SSID='%s' freq=%d MHz)", MAC2STR(bss->bssid),
1114 wpa_ssid_txt(bss->ssid, bss->ssid_len), bss->freq);
1115 bssid_changed = !is_zero_ether_addr(wpa_s->bssid);
1116 os_memset(wpa_s->bssid, 0, ETH_ALEN);
1117 os_memcpy(wpa_s->pending_bssid, bss->bssid, ETH_ALEN);
1118 if (bssid_changed)
1119 wpas_notify_bssid_changed(wpa_s);
1120 #ifdef CONFIG_IEEE80211R
1121 ie = wpa_bss_get_ie(bss, WLAN_EID_MOBILITY_DOMAIN);
1122 if (ie && ie[1] >= MOBILITY_DOMAIN_ID_LEN)
1123 md = ie + 2;
1124 wpa_sm_set_ft_params(wpa_s->wpa, ie, ie ? 2 + ie[1] : 0);
1125 if (md) {
1126 /* Prepare for the next transition */
1127 wpa_ft_prepare_auth_request(wpa_s->wpa, ie);
1128 }
1129 #endif /* CONFIG_IEEE80211R */
1130 #ifdef CONFIG_WPS
1131 } else if ((ssid->ssid == NULL || ssid->ssid_len == 0) &&
1132 wpa_s->conf->ap_scan == 2 &&
1133 (ssid->key_mgmt & WPA_KEY_MGMT_WPS)) {
1134 /* Use ap_scan==1 style network selection to find the network
1135 */
1136 wpa_s->scan_req = 2;
1137 wpa_s->reassociate = 1;
1138 wpa_supplicant_req_scan(wpa_s, 0, 0);
1139 return;
1140 #endif /* CONFIG_WPS */
1141 } else {
1142 wpa_msg(wpa_s, MSG_INFO, "Trying to associate with SSID '%s'",
1143 wpa_ssid_txt(ssid->ssid, ssid->ssid_len));
1144 os_memset(wpa_s->pending_bssid, 0, ETH_ALEN);
1145 }
1146 wpa_supplicant_cancel_scan(wpa_s);
1148 /* Starting new association, so clear the possibly used WPA IE from the
1149 * previous association. */
1150 wpa_sm_set_assoc_wpa_ie(wpa_s->wpa, NULL, 0);
1152 #ifdef IEEE8021X_EAPOL
1153 if (ssid->key_mgmt & WPA_KEY_MGMT_IEEE8021X_NO_WPA) {
1154 if (ssid->leap) {
1155 if (ssid->non_leap == 0)
1156 algs = WPA_AUTH_ALG_LEAP;
1157 else
1158 algs |= WPA_AUTH_ALG_LEAP;
1159 }
1160 }
1161 #endif /* IEEE8021X_EAPOL */
1162 wpa_dbg(wpa_s, MSG_DEBUG, "Automatic auth_alg selection: 0x%x", algs);
1163 if (ssid->auth_alg) {
1164 algs = ssid->auth_alg;
1165 wpa_dbg(wpa_s, MSG_DEBUG, "Overriding auth_alg selection: "
1166 "0x%x", algs);
1167 }
1169 if (bss && (wpa_bss_get_vendor_ie(bss, WPA_IE_VENDOR_TYPE) ||
1170 wpa_bss_get_ie(bss, WLAN_EID_RSN)) &&
1171 (ssid->key_mgmt & (WPA_KEY_MGMT_IEEE8021X | WPA_KEY_MGMT_PSK |
1172 WPA_KEY_MGMT_FT_IEEE8021X |
1173 WPA_KEY_MGMT_FT_PSK |
1174 WPA_KEY_MGMT_IEEE8021X_SHA256 |
1175 WPA_KEY_MGMT_PSK_SHA256))) {
1176 int try_opportunistic;
1177 try_opportunistic = ssid->proactive_key_caching &&
1178 (ssid->proto & WPA_PROTO_RSN);
1179 if (pmksa_cache_set_current(wpa_s->wpa, NULL, bss->bssid,
1180 wpa_s->current_ssid,
1181 try_opportunistic) == 0)
1182 eapol_sm_notify_pmkid_attempt(wpa_s->eapol, 1);
1183 wpa_ie_len = sizeof(wpa_ie);
1184 if (wpa_supplicant_set_suites(wpa_s, bss, ssid,
1185 wpa_ie, &wpa_ie_len)) {
1186 wpa_msg(wpa_s, MSG_WARNING, "WPA: Failed to set WPA "
1187 "key management and encryption suites");
1188 return;
1189 }
1190 } else if (ssid->key_mgmt &
1191 (WPA_KEY_MGMT_PSK | WPA_KEY_MGMT_IEEE8021X |
1192 WPA_KEY_MGMT_WPA_NONE | WPA_KEY_MGMT_FT_PSK |
1193 WPA_KEY_MGMT_FT_IEEE8021X | WPA_KEY_MGMT_PSK_SHA256 |
1194 WPA_KEY_MGMT_IEEE8021X_SHA256)) {
1195 wpa_ie_len = sizeof(wpa_ie);
1196 if (wpa_supplicant_set_suites(wpa_s, NULL, ssid,
1197 wpa_ie, &wpa_ie_len)) {
1198 wpa_msg(wpa_s, MSG_WARNING, "WPA: Failed to set WPA "
1199 "key management and encryption suites (no "
1200 "scan results)");
1201 return;
1202 }
1203 #ifdef CONFIG_WPS
1204 } else if (ssid->key_mgmt & WPA_KEY_MGMT_WPS) {
1205 struct wpabuf *wps_ie;
1206 wps_ie = wps_build_assoc_req_ie(wpas_wps_get_req_type(ssid));
1207 if (wps_ie && wpabuf_len(wps_ie) <= sizeof(wpa_ie)) {
1208 wpa_ie_len = wpabuf_len(wps_ie);
1209 os_memcpy(wpa_ie, wpabuf_head(wps_ie), wpa_ie_len);
1210 } else
1211 wpa_ie_len = 0;
1212 wpabuf_free(wps_ie);
1213 wpa_supplicant_set_non_wpa_policy(wpa_s, ssid);
1214 if (!bss || (bss->caps & IEEE80211_CAP_PRIVACY))
1215 params.wps = WPS_MODE_PRIVACY;
1216 else
1217 params.wps = WPS_MODE_OPEN;
1218 #endif /* CONFIG_WPS */
1219 } else {
1220 wpa_supplicant_set_non_wpa_policy(wpa_s, ssid);
1221 wpa_ie_len = 0;
1222 }
1224 #ifdef CONFIG_P2P
1225 if (wpa_s->global->p2p) {
1226 u8 *pos;
1227 size_t len;
1228 int res;
1229 int p2p_group;
1230 p2p_group = wpa_s->drv_flags & WPA_DRIVER_FLAGS_P2P_CAPABLE;
1231 pos = wpa_ie + wpa_ie_len;
1232 len = sizeof(wpa_ie) - wpa_ie_len;
1233 res = wpas_p2p_assoc_req_ie(wpa_s, bss, pos, len, p2p_group);
1234 if (res >= 0)
1235 wpa_ie_len += res;
1236 }
1238 wpa_s->cross_connect_disallowed = 0;
1239 if (bss) {
1240 struct wpabuf *p2p;
1241 p2p = wpa_bss_get_vendor_ie_multi(bss, P2P_IE_VENDOR_TYPE);
1242 if (p2p) {
1243 wpa_s->cross_connect_disallowed =
1244 p2p_get_cross_connect_disallowed(p2p);
1245 wpabuf_free(p2p);
1246 wpa_dbg(wpa_s, MSG_DEBUG, "P2P: WLAN AP %s cross "
1247 "connection",
1248 wpa_s->cross_connect_disallowed ?
1249 "disallows" : "allows");
1250 }
1251 }
1252 #endif /* CONFIG_P2P */
1254 wpa_clear_keys(wpa_s, bss ? bss->bssid : NULL);
1255 use_crypt = 1;
1256 cipher_pairwise = cipher_suite2driver(wpa_s->pairwise_cipher);
1257 cipher_group = cipher_suite2driver(wpa_s->group_cipher);
1258 if (wpa_s->key_mgmt == WPA_KEY_MGMT_NONE ||
1259 wpa_s->key_mgmt == WPA_KEY_MGMT_IEEE8021X_NO_WPA) {
1260 if (wpa_s->key_mgmt == WPA_KEY_MGMT_NONE)
1261 use_crypt = 0;
1262 if (wpa_set_wep_keys(wpa_s, ssid)) {
1263 use_crypt = 1;
1264 wep_keys_set = 1;
1265 }
1266 }
1267 if (wpa_s->key_mgmt == WPA_KEY_MGMT_WPS)
1268 use_crypt = 0;
1270 #ifdef IEEE8021X_EAPOL
1271 if (wpa_s->key_mgmt == WPA_KEY_MGMT_IEEE8021X_NO_WPA) {
1272 if ((ssid->eapol_flags &
1273 (EAPOL_FLAG_REQUIRE_KEY_UNICAST |
1274 EAPOL_FLAG_REQUIRE_KEY_BROADCAST)) == 0 &&
1275 !wep_keys_set) {
1276 use_crypt = 0;
1277 } else {
1278 /* Assume that dynamic WEP-104 keys will be used and
1279 * set cipher suites in order for drivers to expect
1280 * encryption. */
1281 cipher_pairwise = cipher_group = CIPHER_WEP104;
1282 }
1283 }
1284 #endif /* IEEE8021X_EAPOL */
1286 if (wpa_s->key_mgmt == WPA_KEY_MGMT_WPA_NONE) {
1287 /* Set the key before (and later after) association */
1288 wpa_supplicant_set_wpa_none_key(wpa_s, ssid);
1289 }
1291 wpa_supplicant_set_state(wpa_s, WPA_ASSOCIATING);
1292 if (bss) {
1293 params.bssid = bss->bssid;
1294 params.ssid = bss->ssid;
1295 params.ssid_len = bss->ssid_len;
1296 params.freq = bss->freq;
1297 } else {
1298 params.ssid = ssid->ssid;
1299 params.ssid_len = ssid->ssid_len;
1300 }
1301 if (ssid->mode == WPAS_MODE_IBSS && ssid->frequency > 0 &&
1302 params.freq == 0)
1303 params.freq = ssid->frequency; /* Initial channel for IBSS */
1304 params.wpa_ie = wpa_ie;
1305 params.wpa_ie_len = wpa_ie_len;
1306 params.pairwise_suite = cipher_pairwise;
1307 params.group_suite = cipher_group;
1308 params.key_mgmt_suite = key_mgmt2driver(wpa_s->key_mgmt);
1309 params.auth_alg = algs;
1310 params.mode = ssid->mode;
1311 for (i = 0; i < NUM_WEP_KEYS; i++) {
1312 if (ssid->wep_key_len[i])
1313 params.wep_key[i] = ssid->wep_key[i];
1314 params.wep_key_len[i] = ssid->wep_key_len[i];
1315 }
1316 params.wep_tx_keyidx = ssid->wep_tx_keyidx;
1318 if ((wpa_s->drv_flags & WPA_DRIVER_FLAGS_4WAY_HANDSHAKE) &&
1319 (params.key_mgmt_suite == KEY_MGMT_PSK ||
1320 params.key_mgmt_suite == KEY_MGMT_FT_PSK)) {
1321 params.passphrase = ssid->passphrase;
1322 if (ssid->psk_set)
1323 params.psk = ssid->psk;
1324 }
1326 params.drop_unencrypted = use_crypt;
1328 #ifdef CONFIG_IEEE80211W
1329 params.mgmt_frame_protection = ssid->ieee80211w;
1330 if (ssid->ieee80211w != NO_MGMT_FRAME_PROTECTION && bss) {
1331 const u8 *rsn = wpa_bss_get_ie(bss, WLAN_EID_RSN);
1332 struct wpa_ie_data ie;
1333 if (rsn && wpa_parse_wpa_ie(rsn, 2 + rsn[1], &ie) == 0 &&
1334 ie.capabilities &
1335 (WPA_CAPABILITY_MFPC | WPA_CAPABILITY_MFPR)) {
1336 wpa_dbg(wpa_s, MSG_DEBUG, "WPA: Selected AP supports "
1337 "MFP: require MFP");
1338 params.mgmt_frame_protection =
1339 MGMT_FRAME_PROTECTION_REQUIRED;
1340 }
1341 }
1342 #endif /* CONFIG_IEEE80211W */
1344 #ifdef CONFIG_P2P
1345 if (wpa_s->global->p2p &&
1346 (wpa_s->drv_flags & WPA_DRIVER_FLAGS_P2P_CAPABLE))
1347 params.p2p = 1;
1348 #endif /* CONFIG_P2P */
1350 if (wpa_s->parent->set_sta_uapsd)
1351 params.uapsd = wpa_s->parent->sta_uapsd;
1352 else
1353 params.uapsd = -1;
1355 if (wpa_s->drv_flags & WPA_DRIVER_FLAGS_USER_SPACE_MLME)
1356 ret = ieee80211_sta_associate(wpa_s, ¶ms);
1357 else
1358 ret = wpa_drv_associate(wpa_s, ¶ms);
1359 if (ret < 0) {
1360 wpa_msg(wpa_s, MSG_INFO, "Association request to the driver "
1361 "failed");
1362 if (wpa_s->drv_flags & WPA_DRIVER_FLAGS_SANE_ERROR_CODES) {
1363 /*
1364 * The driver is known to mean what is saying, so we
1365 * can stop right here; the association will not
1366 * succeed.
1367 */
1368 wpas_connection_failed(wpa_s, wpa_s->pending_bssid);
1369 os_memset(wpa_s->pending_bssid, 0, ETH_ALEN);
1370 return;
1371 }
1372 /* try to continue anyway; new association will be tried again
1373 * after timeout */
1374 assoc_failed = 1;
1375 }
1377 if (wpa_s->key_mgmt == WPA_KEY_MGMT_WPA_NONE) {
1378 /* Set the key after the association just in case association
1379 * cleared the previously configured key. */
1380 wpa_supplicant_set_wpa_none_key(wpa_s, ssid);
1381 /* No need to timeout authentication since there is no key
1382 * management. */
1383 wpa_supplicant_cancel_auth_timeout(wpa_s);
1384 wpa_supplicant_set_state(wpa_s, WPA_COMPLETED);
1385 #ifdef CONFIG_IBSS_RSN
1386 } else if (ssid->mode == WPAS_MODE_IBSS &&
1387 wpa_s->key_mgmt != WPA_KEY_MGMT_NONE &&
1388 wpa_s->key_mgmt != WPA_KEY_MGMT_WPA_NONE) {
1389 ibss_rsn_set_psk(wpa_s->ibss_rsn, ssid->psk);
1390 /*
1391 * RSN IBSS authentication is per-STA and we can disable the
1392 * per-BSSID authentication.
1393 */
1394 wpa_supplicant_cancel_auth_timeout(wpa_s);
1395 #endif /* CONFIG_IBSS_RSN */
1396 } else {
1397 /* Timeout for IEEE 802.11 authentication and association */
1398 int timeout = 60;
1400 if (assoc_failed) {
1401 /* give IBSS a bit more time */
1402 timeout = ssid->mode == WPAS_MODE_IBSS ? 10 : 5;
1403 } else if (wpa_s->conf->ap_scan == 1) {
1404 /* give IBSS a bit more time */
1405 timeout = ssid->mode == WPAS_MODE_IBSS ? 20 : 10;
1406 }
1407 wpa_supplicant_req_auth_timeout(wpa_s, timeout, 0);
1408 }
1410 if (wep_keys_set && wpa_drv_get_capa(wpa_s, &capa) == 0 &&
1411 capa.flags & WPA_DRIVER_FLAGS_SET_KEYS_AFTER_ASSOC) {
1412 /* Set static WEP keys again */
1413 wpa_set_wep_keys(wpa_s, ssid);
1414 }
1416 if (wpa_s->current_ssid && wpa_s->current_ssid != ssid) {
1417 /*
1418 * Do not allow EAP session resumption between different
1419 * network configurations.
1420 */
1421 eapol_sm_invalidate_cached_session(wpa_s->eapol);
1422 }
1423 old_ssid = wpa_s->current_ssid;
1424 wpa_s->current_ssid = ssid;
1425 wpa_s->current_bss = bss;
1426 wpa_supplicant_rsn_supp_set_config(wpa_s, wpa_s->current_ssid);
1427 wpa_supplicant_initiate_eapol(wpa_s);
1428 if (old_ssid != wpa_s->current_ssid)
1429 wpas_notify_network_changed(wpa_s);
1430 }
1433 static void wpa_supplicant_clear_connection(struct wpa_supplicant *wpa_s,
1434 const u8 *addr)
1435 {
1436 struct wpa_ssid *old_ssid;
1438 wpa_clear_keys(wpa_s, addr);
1439 wpa_supplicant_mark_disassoc(wpa_s);
1440 old_ssid = wpa_s->current_ssid;
1441 wpa_s->current_ssid = NULL;
1442 wpa_s->current_bss = NULL;
1443 wpa_sm_set_config(wpa_s->wpa, NULL);
1444 eapol_sm_notify_config(wpa_s->eapol, NULL, NULL);
1445 if (old_ssid != wpa_s->current_ssid)
1446 wpas_notify_network_changed(wpa_s);
1447 eloop_cancel_timeout(wpa_supplicant_timeout, wpa_s, NULL);
1448 }
1451 /**
1452 * wpa_supplicant_disassociate - Disassociate the current connection
1453 * @wpa_s: Pointer to wpa_supplicant data
1454 * @reason_code: IEEE 802.11 reason code for the disassociate frame
1455 *
1456 * This function is used to request %wpa_supplicant to disassociate with the
1457 * current AP.
1458 */
1459 void wpa_supplicant_disassociate(struct wpa_supplicant *wpa_s,
1460 int reason_code)
1461 {
1462 u8 *addr = NULL;
1464 if (!is_zero_ether_addr(wpa_s->bssid)) {
1465 if (wpa_s->drv_flags & WPA_DRIVER_FLAGS_USER_SPACE_MLME)
1466 ieee80211_sta_disassociate(wpa_s, reason_code);
1467 else
1468 wpa_drv_disassociate(wpa_s, wpa_s->bssid, reason_code);
1469 addr = wpa_s->bssid;
1470 }
1472 wpa_supplicant_clear_connection(wpa_s, addr);
1473 }
1476 /**
1477 * wpa_supplicant_deauthenticate - Deauthenticate the current connection
1478 * @wpa_s: Pointer to wpa_supplicant data
1479 * @reason_code: IEEE 802.11 reason code for the deauthenticate frame
1480 *
1481 * This function is used to request %wpa_supplicant to deauthenticate from the
1482 * current AP.
1483 */
1484 void wpa_supplicant_deauthenticate(struct wpa_supplicant *wpa_s,
1485 int reason_code)
1486 {
1487 u8 *addr = NULL;
1489 if (!is_zero_ether_addr(wpa_s->bssid)) {
1490 if (wpa_s->drv_flags & WPA_DRIVER_FLAGS_USER_SPACE_MLME)
1491 ieee80211_sta_deauthenticate(wpa_s, reason_code);
1492 else
1493 wpa_drv_deauthenticate(wpa_s, wpa_s->bssid,
1494 reason_code);
1495 addr = wpa_s->bssid;
1496 }
1498 wpa_supplicant_clear_connection(wpa_s, addr);
1499 }
1502 /**
1503 * wpa_supplicant_enable_network - Mark a configured network as enabled
1504 * @wpa_s: wpa_supplicant structure for a network interface
1505 * @ssid: wpa_ssid structure for a configured network or %NULL
1506 *
1507 * Enables the specified network or all networks if no network specified.
1508 */
1509 void wpa_supplicant_enable_network(struct wpa_supplicant *wpa_s,
1510 struct wpa_ssid *ssid)
1511 {
1512 struct wpa_ssid *other_ssid;
1513 int was_disabled;
1515 if (ssid == NULL) {
1516 for (other_ssid = wpa_s->conf->ssid; other_ssid;
1517 other_ssid = other_ssid->next) {
1518 if (other_ssid->disabled == 2)
1519 continue; /* do not change persistent P2P group
1520 * data */
1521 if (other_ssid == wpa_s->current_ssid &&
1522 other_ssid->disabled)
1523 wpa_s->reassociate = 1;
1525 was_disabled = other_ssid->disabled;
1527 other_ssid->disabled = 0;
1529 if (was_disabled != other_ssid->disabled)
1530 wpas_notify_network_enabled_changed(
1531 wpa_s, other_ssid);
1532 }
1533 if (wpa_s->reassociate)
1534 wpa_supplicant_req_scan(wpa_s, 0, 0);
1535 } else if (ssid->disabled && ssid->disabled != 2) {
1536 if (wpa_s->current_ssid == NULL) {
1537 /*
1538 * Try to reassociate since there is no current
1539 * configuration and a new network was made available.
1540 */
1541 wpa_s->reassociate = 1;
1542 wpa_supplicant_req_scan(wpa_s, 0, 0);
1543 }
1545 was_disabled = ssid->disabled;
1547 ssid->disabled = 0;
1549 if (was_disabled != ssid->disabled)
1550 wpas_notify_network_enabled_changed(wpa_s, ssid);
1551 }
1552 }
1555 /**
1556 * wpa_supplicant_disable_network - Mark a configured network as disabled
1557 * @wpa_s: wpa_supplicant structure for a network interface
1558 * @ssid: wpa_ssid structure for a configured network or %NULL
1559 *
1560 * Disables the specified network or all networks if no network specified.
1561 */
1562 void wpa_supplicant_disable_network(struct wpa_supplicant *wpa_s,
1563 struct wpa_ssid *ssid)
1564 {
1565 struct wpa_ssid *other_ssid;
1566 int was_disabled;
1568 if (ssid == NULL) {
1569 for (other_ssid = wpa_s->conf->ssid; other_ssid;
1570 other_ssid = other_ssid->next) {
1571 was_disabled = other_ssid->disabled;
1572 if (was_disabled == 2)
1573 continue; /* do not change persistent P2P group
1574 * data */
1576 other_ssid->disabled = 1;
1578 if (was_disabled != other_ssid->disabled)
1579 wpas_notify_network_enabled_changed(
1580 wpa_s, other_ssid);
1581 }
1582 if (wpa_s->current_ssid)
1583 wpa_supplicant_disassociate(
1584 wpa_s, WLAN_REASON_DEAUTH_LEAVING);
1585 } else if (ssid->disabled != 2) {
1586 if (ssid == wpa_s->current_ssid)
1587 wpa_supplicant_disassociate(
1588 wpa_s, WLAN_REASON_DEAUTH_LEAVING);
1590 was_disabled = ssid->disabled;
1592 ssid->disabled = 1;
1594 if (was_disabled != ssid->disabled)
1595 wpas_notify_network_enabled_changed(wpa_s, ssid);
1596 }
1597 }
1600 /**
1601 * wpa_supplicant_select_network - Attempt association with a network
1602 * @wpa_s: wpa_supplicant structure for a network interface
1603 * @ssid: wpa_ssid structure for a configured network or %NULL for any network
1604 */
1605 void wpa_supplicant_select_network(struct wpa_supplicant *wpa_s,
1606 struct wpa_ssid *ssid)
1607 {
1609 struct wpa_ssid *other_ssid;
1611 if (ssid && ssid != wpa_s->current_ssid && wpa_s->current_ssid)
1612 wpa_supplicant_disassociate(
1613 wpa_s, WLAN_REASON_DEAUTH_LEAVING);
1615 /*
1616 * Mark all other networks disabled or mark all networks enabled if no
1617 * network specified.
1618 */
1619 for (other_ssid = wpa_s->conf->ssid; other_ssid;
1620 other_ssid = other_ssid->next) {
1621 int was_disabled = other_ssid->disabled;
1622 if (was_disabled == 2)
1623 continue; /* do not change persistent P2P group data */
1625 other_ssid->disabled = ssid ? (ssid->id != other_ssid->id) : 0;
1627 if (was_disabled != other_ssid->disabled)
1628 wpas_notify_network_enabled_changed(wpa_s, other_ssid);
1629 }
1630 wpa_s->disconnected = 0;
1631 wpa_s->reassociate = 1;
1632 wpa_supplicant_req_scan(wpa_s, 0, 0);
1634 if (ssid)
1635 wpas_notify_network_selected(wpa_s, ssid);
1636 }
1639 /**
1640 * wpa_supplicant_set_ap_scan - Set AP scan mode for interface
1641 * @wpa_s: wpa_supplicant structure for a network interface
1642 * @ap_scan: AP scan mode
1643 * Returns: 0 if succeed or -1 if ap_scan has an invalid value
1644 *
1645 */
1646 int wpa_supplicant_set_ap_scan(struct wpa_supplicant *wpa_s, int ap_scan)
1647 {
1649 int old_ap_scan;
1651 if (ap_scan < 0 || ap_scan > 2)
1652 return -1;
1654 old_ap_scan = wpa_s->conf->ap_scan;
1655 wpa_s->conf->ap_scan = ap_scan;
1657 if (old_ap_scan != wpa_s->conf->ap_scan)
1658 wpas_notify_ap_scan_changed(wpa_s);
1660 return 0;
1661 }
1664 /**
1665 * wpa_supplicant_set_bss_expiration_age - Set BSS entry expiration age
1666 * @wpa_s: wpa_supplicant structure for a network interface
1667 * @expire_age: Expiration age in seconds
1668 * Returns: 0 if succeed or -1 if expire_age has an invalid value
1669 *
1670 */
1671 int wpa_supplicant_set_bss_expiration_age(struct wpa_supplicant *wpa_s,
1672 unsigned int bss_expire_age)
1673 {
1674 if (bss_expire_age < 10) {
1675 wpa_msg(wpa_s, MSG_ERROR, "Invalid bss expiration age %u",
1676 bss_expire_age);
1677 return -1;
1678 }
1679 wpa_msg(wpa_s, MSG_DEBUG, "Setting bss expiration age: %d sec",
1680 bss_expire_age);
1681 wpa_s->conf->bss_expiration_age = bss_expire_age;
1683 return 0;
1684 }
1687 /**
1688 * wpa_supplicant_set_bss_expiration_count - Set BSS entry expiration scan count
1689 * @wpa_s: wpa_supplicant structure for a network interface
1690 * @expire_count: number of scans after which an unseen BSS is reclaimed
1691 * Returns: 0 if succeed or -1 if expire_count has an invalid value
1692 *
1693 */
1694 int wpa_supplicant_set_bss_expiration_count(struct wpa_supplicant *wpa_s,
1695 unsigned int bss_expire_count)
1696 {
1697 if (bss_expire_count < 1) {
1698 wpa_msg(wpa_s, MSG_ERROR, "Invalid bss expiration count %u",
1699 bss_expire_count);
1700 return -1;
1701 }
1702 wpa_msg(wpa_s, MSG_DEBUG, "Setting bss expiration scan count: %u",
1703 bss_expire_count);
1704 wpa_s->conf->bss_expiration_scan_count = bss_expire_count;
1706 return 0;
1707 }
1710 /**
1711 * wpa_supplicant_set_debug_params - Set global debug params
1712 * @global: wpa_global structure
1713 * @debug_level: debug level
1714 * @debug_timestamp: determines if show timestamp in debug data
1715 * @debug_show_keys: determines if show keys in debug data
1716 * Returns: 0 if succeed or -1 if debug_level has wrong value
1717 */
1718 int wpa_supplicant_set_debug_params(struct wpa_global *global, int debug_level,
1719 int debug_timestamp, int debug_show_keys)
1720 {
1722 int old_level, old_timestamp, old_show_keys;
1724 /* check for allowed debuglevels */
1725 if (debug_level != MSG_MSGDUMP &&
1726 debug_level != MSG_DEBUG &&
1727 debug_level != MSG_INFO &&
1728 debug_level != MSG_WARNING &&
1729 debug_level != MSG_ERROR)
1730 return -1;
1732 old_level = wpa_debug_level;
1733 old_timestamp = wpa_debug_timestamp;
1734 old_show_keys = wpa_debug_show_keys;
1736 wpa_debug_level = debug_level;
1737 wpa_debug_timestamp = debug_timestamp ? 1 : 0;
1738 wpa_debug_show_keys = debug_show_keys ? 1 : 0;
1740 if (wpa_debug_level != old_level)
1741 wpas_notify_debug_level_changed(global);
1742 if (wpa_debug_timestamp != old_timestamp)
1743 wpas_notify_debug_timestamp_changed(global);
1744 if (wpa_debug_show_keys != old_show_keys)
1745 wpas_notify_debug_show_keys_changed(global);
1747 return 0;
1748 }
1751 /**
1752 * wpa_supplicant_get_ssid - Get a pointer to the current network structure
1753 * @wpa_s: Pointer to wpa_supplicant data
1754 * Returns: A pointer to the current network structure or %NULL on failure
1755 */
1756 struct wpa_ssid * wpa_supplicant_get_ssid(struct wpa_supplicant *wpa_s)
1757 {
1758 struct wpa_ssid *entry;
1759 u8 ssid[MAX_SSID_LEN];
1760 int res;
1761 size_t ssid_len;
1762 u8 bssid[ETH_ALEN];
1763 int wired;
1765 if (wpa_s->drv_flags & WPA_DRIVER_FLAGS_USER_SPACE_MLME) {
1766 if (ieee80211_sta_get_ssid(wpa_s, ssid, &ssid_len)) {
1767 wpa_msg(wpa_s, MSG_WARNING, "Could not read SSID from "
1768 "MLME");
1769 return NULL;
1770 }
1771 } else {
1772 res = wpa_drv_get_ssid(wpa_s, ssid);
1773 if (res < 0) {
1774 wpa_msg(wpa_s, MSG_WARNING, "Could not read SSID from "
1775 "driver");
1776 return NULL;
1777 }
1778 ssid_len = res;
1779 }
1781 if (wpa_s->drv_flags & WPA_DRIVER_FLAGS_USER_SPACE_MLME)
1782 os_memcpy(bssid, wpa_s->bssid, ETH_ALEN);
1783 else if (wpa_drv_get_bssid(wpa_s, bssid) < 0) {
1784 wpa_msg(wpa_s, MSG_WARNING, "Could not read BSSID from "
1785 "driver");
1786 return NULL;
1787 }
1789 wired = wpa_s->conf->ap_scan == 0 &&
1790 (wpa_s->drv_flags & WPA_DRIVER_FLAGS_WIRED);
1792 entry = wpa_s->conf->ssid;
1793 while (entry) {
1794 if (!entry->disabled &&
1795 ((ssid_len == entry->ssid_len &&
1796 os_memcmp(ssid, entry->ssid, ssid_len) == 0) || wired) &&
1797 (!entry->bssid_set ||
1798 os_memcmp(bssid, entry->bssid, ETH_ALEN) == 0))
1799 return entry;
1800 #ifdef CONFIG_WPS
1801 if (!entry->disabled &&
1802 (entry->key_mgmt & WPA_KEY_MGMT_WPS) &&
1803 (entry->ssid == NULL || entry->ssid_len == 0) &&
1804 (!entry->bssid_set ||
1805 os_memcmp(bssid, entry->bssid, ETH_ALEN) == 0))
1806 return entry;
1807 #endif /* CONFIG_WPS */
1808 entry = entry->next;
1809 }
1811 return NULL;
1812 }
1815 static int wpa_supplicant_set_driver(struct wpa_supplicant *wpa_s,
1816 const char *name)
1817 {
1818 int i;
1819 size_t len;
1820 const char *pos, *driver = name;
1822 if (wpa_s == NULL)
1823 return -1;
1825 if (wpa_drivers[0] == NULL) {
1826 wpa_msg(wpa_s, MSG_ERROR, "No driver interfaces build into "
1827 "wpa_supplicant");
1828 return -1;
1829 }
1831 if (name == NULL) {
1832 /* default to first driver in the list */
1833 wpa_s->driver = wpa_drivers[0];
1834 wpa_s->global_drv_priv = wpa_s->global->drv_priv[0];
1835 return 0;
1836 }
1838 do {
1839 pos = os_strchr(driver, ',');
1840 if (pos)
1841 len = pos - driver;
1842 else
1843 len = os_strlen(driver);
1845 for (i = 0; wpa_drivers[i]; i++) {
1846 if (os_strlen(wpa_drivers[i]->name) == len &&
1847 os_strncmp(driver, wpa_drivers[i]->name, len) ==
1848 0) {
1849 wpa_s->driver = wpa_drivers[i];
1850 wpa_s->global_drv_priv =
1851 wpa_s->global->drv_priv[i];
1852 return 0;
1853 }
1854 }
1856 driver = pos + 1;
1857 } while (pos);
1859 wpa_msg(wpa_s, MSG_ERROR, "Unsupported driver '%s'", name);
1860 return -1;
1861 }
1864 /**
1865 * wpa_supplicant_rx_eapol - Deliver a received EAPOL frame to wpa_supplicant
1866 * @ctx: Context pointer (wpa_s); this is the ctx variable registered
1867 * with struct wpa_driver_ops::init()
1868 * @src_addr: Source address of the EAPOL frame
1869 * @buf: EAPOL data starting from the EAPOL header (i.e., no Ethernet header)
1870 * @len: Length of the EAPOL data
1871 *
1872 * This function is called for each received EAPOL frame. Most driver
1873 * interfaces rely on more generic OS mechanism for receiving frames through
1874 * l2_packet, but if such a mechanism is not available, the driver wrapper may
1875 * take care of received EAPOL frames and deliver them to the core supplicant
1876 * code by calling this function.
1877 */
1878 void wpa_supplicant_rx_eapol(void *ctx, const u8 *src_addr,
1879 const u8 *buf, size_t len)
1880 {
1881 struct wpa_supplicant *wpa_s = ctx;
1883 wpa_dbg(wpa_s, MSG_DEBUG, "RX EAPOL from " MACSTR, MAC2STR(src_addr));
1884 wpa_hexdump(MSG_MSGDUMP, "RX EAPOL", buf, len);
1886 if (wpa_s->wpa_state < WPA_ASSOCIATED) {
1887 /*
1888 * There is possible race condition between receiving the
1889 * association event and the EAPOL frame since they are coming
1890 * through different paths from the driver. In order to avoid
1891 * issues in trying to process the EAPOL frame before receiving
1892 * association information, lets queue it for processing until
1893 * the association event is received.
1894 */
1895 wpa_dbg(wpa_s, MSG_DEBUG, "Not associated - Delay processing "
1896 "of received EAPOL frame");
1897 wpabuf_free(wpa_s->pending_eapol_rx);
1898 wpa_s->pending_eapol_rx = wpabuf_alloc_copy(buf, len);
1899 if (wpa_s->pending_eapol_rx) {
1900 os_get_time(&wpa_s->pending_eapol_rx_time);
1901 os_memcpy(wpa_s->pending_eapol_rx_src, src_addr,
1902 ETH_ALEN);
1903 }
1904 return;
1905 }
1907 #ifdef CONFIG_AP
1908 if (wpa_s->ap_iface) {
1909 wpa_supplicant_ap_rx_eapol(wpa_s, src_addr, buf, len);
1910 return;
1911 }
1912 #endif /* CONFIG_AP */
1914 if (wpa_s->key_mgmt == WPA_KEY_MGMT_NONE) {
1915 wpa_dbg(wpa_s, MSG_DEBUG, "Ignored received EAPOL frame since "
1916 "no key management is configured");
1917 return;
1918 }
1920 if (wpa_s->eapol_received == 0 &&
1921 (!(wpa_s->drv_flags & WPA_DRIVER_FLAGS_4WAY_HANDSHAKE) ||
1922 !wpa_key_mgmt_wpa_psk(wpa_s->key_mgmt) ||
1923 wpa_s->wpa_state != WPA_COMPLETED) &&
1924 (wpa_s->current_ssid == NULL ||
1925 wpa_s->current_ssid->mode != IEEE80211_MODE_IBSS)) {
1926 /* Timeout for completing IEEE 802.1X and WPA authentication */
1927 wpa_supplicant_req_auth_timeout(
1928 wpa_s,
1929 (wpa_key_mgmt_wpa_ieee8021x(wpa_s->key_mgmt) ||
1930 wpa_s->key_mgmt == WPA_KEY_MGMT_IEEE8021X_NO_WPA ||
1931 wpa_s->key_mgmt == WPA_KEY_MGMT_WPS) ?
1932 70 : 10, 0);
1933 }
1934 wpa_s->eapol_received++;
1936 if (wpa_s->countermeasures) {
1937 wpa_msg(wpa_s, MSG_INFO, "WPA: Countermeasures - dropped "
1938 "EAPOL packet");
1939 return;
1940 }
1942 #ifdef CONFIG_IBSS_RSN
1943 if (wpa_s->current_ssid &&
1944 wpa_s->current_ssid->mode == WPAS_MODE_IBSS) {
1945 ibss_rsn_rx_eapol(wpa_s->ibss_rsn, src_addr, buf, len);
1946 return;
1947 }
1948 #endif /* CONFIG_IBSS_RSN */
1950 /* Source address of the incoming EAPOL frame could be compared to the
1951 * current BSSID. However, it is possible that a centralized
1952 * Authenticator could be using another MAC address than the BSSID of
1953 * an AP, so just allow any address to be used for now. The replies are
1954 * still sent to the current BSSID (if available), though. */
1956 os_memcpy(wpa_s->last_eapol_src, src_addr, ETH_ALEN);
1957 if (!wpa_key_mgmt_wpa_psk(wpa_s->key_mgmt) &&
1958 eapol_sm_rx_eapol(wpa_s->eapol, src_addr, buf, len) > 0)
1959 return;
1960 wpa_drv_poll(wpa_s);
1961 if (!(wpa_s->drv_flags & WPA_DRIVER_FLAGS_4WAY_HANDSHAKE))
1962 wpa_sm_rx_eapol(wpa_s->wpa, src_addr, buf, len);
1963 else if (wpa_key_mgmt_wpa_ieee8021x(wpa_s->key_mgmt)) {
1964 /*
1965 * Set portValid = TRUE here since we are going to skip 4-way
1966 * handshake processing which would normally set portValid. We
1967 * need this to allow the EAPOL state machines to be completed
1968 * without going through EAPOL-Key handshake.
1969 */
1970 eapol_sm_notify_portValid(wpa_s->eapol, TRUE);
1971 }
1972 }
1975 /**
1976 * wpa_supplicant_driver_init - Initialize driver interface parameters
1977 * @wpa_s: Pointer to wpa_supplicant data
1978 * Returns: 0 on success, -1 on failure
1979 *
1980 * This function is called to initialize driver interface parameters.
1981 * wpa_drv_init() must have been called before this function to initialize the
1982 * driver interface.
1983 */
1984 int wpa_supplicant_driver_init(struct wpa_supplicant *wpa_s)
1985 {
1986 static int interface_count = 0;
1988 if (wpa_s->driver->send_eapol) {
1989 const u8 *addr = wpa_drv_get_mac_addr(wpa_s);
1990 if (addr)
1991 os_memcpy(wpa_s->own_addr, addr, ETH_ALEN);
1992 } else if (!(wpa_s->drv_flags &
1993 WPA_DRIVER_FLAGS_P2P_DEDICATED_INTERFACE)) {
1994 wpa_s->l2 = l2_packet_init(wpa_s->ifname,
1995 wpa_drv_get_mac_addr(wpa_s),
1996 ETH_P_EAPOL,
1997 wpa_supplicant_rx_eapol, wpa_s, 0);
1998 if (wpa_s->l2 == NULL)
1999 return -1;
2000 } else {
2001 const u8 *addr = wpa_drv_get_mac_addr(wpa_s);
2002 if (addr)
2003 os_memcpy(wpa_s->own_addr, addr, ETH_ALEN);
2004 }
2006 if (wpa_s->l2 && l2_packet_get_own_addr(wpa_s->l2, wpa_s->own_addr)) {
2007 wpa_msg(wpa_s, MSG_ERROR, "Failed to get own L2 address");
2008 return -1;
2009 }
2011 wpa_dbg(wpa_s, MSG_DEBUG, "Own MAC address: " MACSTR,
2012 MAC2STR(wpa_s->own_addr));
2014 if (wpa_s->bridge_ifname[0]) {
2015 wpa_dbg(wpa_s, MSG_DEBUG, "Receiving packets from bridge "
2016 "interface '%s'", wpa_s->bridge_ifname);
2017 wpa_s->l2_br = l2_packet_init(wpa_s->bridge_ifname,
2018 wpa_s->own_addr,
2019 ETH_P_EAPOL,
2020 wpa_supplicant_rx_eapol, wpa_s,
2021 0);
2022 if (wpa_s->l2_br == NULL) {
2023 wpa_msg(wpa_s, MSG_ERROR, "Failed to open l2_packet "
2024 "connection for the bridge interface '%s'",
2025 wpa_s->bridge_ifname);
2026 return -1;
2027 }
2028 }
2030 wpa_clear_keys(wpa_s, NULL);
2032 /* Make sure that TKIP countermeasures are not left enabled (could
2033 * happen if wpa_supplicant is killed during countermeasures. */
2034 wpa_drv_set_countermeasures(wpa_s, 0);
2036 wpa_dbg(wpa_s, MSG_DEBUG, "RSN: flushing PMKID list in the driver");
2037 wpa_drv_flush_pmkid(wpa_s);
2039 wpa_s->prev_scan_ssid = WILDCARD_SSID_SCAN;
2040 if (wpa_supplicant_enabled_networks(wpa_s->conf)) {
2041 wpa_supplicant_req_scan(wpa_s, interface_count, 100000);
2042 interface_count++;
2043 } else
2044 wpa_supplicant_set_state(wpa_s, WPA_INACTIVE);
2046 return 0;
2047 }
2050 static int wpa_supplicant_daemon(const char *pid_file)
2051 {
2052 wpa_printf(MSG_DEBUG, "Daemonize..");
2053 return os_daemonize(pid_file);
2054 }
2057 static struct wpa_supplicant * wpa_supplicant_alloc(void)
2058 {
2059 struct wpa_supplicant *wpa_s;
2061 wpa_s = os_zalloc(sizeof(*wpa_s));
2062 if (wpa_s == NULL)
2063 return NULL;
2064 wpa_s->scan_req = 1;
2065 wpa_s->new_connection = 1;
2066 wpa_s->parent = wpa_s;
2068 return wpa_s;
2069 }
2072 static int wpa_supplicant_init_iface(struct wpa_supplicant *wpa_s,
2073 struct wpa_interface *iface)
2074 {
2075 const char *ifname, *driver;
2076 struct wpa_driver_capa capa;
2078 wpa_printf(MSG_DEBUG, "Initializing interface '%s' conf '%s' driver "
2079 "'%s' ctrl_interface '%s' bridge '%s'", iface->ifname,
2080 iface->confname ? iface->confname : "N/A",
2081 iface->driver ? iface->driver : "default",
2082 iface->ctrl_interface ? iface->ctrl_interface : "N/A",
2083 iface->bridge_ifname ? iface->bridge_ifname : "N/A");
2085 if (iface->confname) {
2086 #ifdef CONFIG_BACKEND_FILE
2087 wpa_s->confname = os_rel2abs_path(iface->confname);
2088 if (wpa_s->confname == NULL) {
2089 wpa_printf(MSG_ERROR, "Failed to get absolute path "
2090 "for configuration file '%s'.",
2091 iface->confname);
2092 return -1;
2093 }
2094 wpa_printf(MSG_DEBUG, "Configuration file '%s' -> '%s'",
2095 iface->confname, wpa_s->confname);
2096 #else /* CONFIG_BACKEND_FILE */
2097 wpa_s->confname = os_strdup(iface->confname);
2098 #endif /* CONFIG_BACKEND_FILE */
2099 wpa_s->conf = wpa_config_read(wpa_s->confname);
2100 if (wpa_s->conf == NULL) {
2101 wpa_printf(MSG_ERROR, "Failed to read or parse "
2102 "configuration '%s'.", wpa_s->confname);
2103 return -1;
2104 }
2106 /*
2107 * Override ctrl_interface and driver_param if set on command
2108 * line.
2109 */
2110 if (iface->ctrl_interface) {
2111 os_free(wpa_s->conf->ctrl_interface);
2112 wpa_s->conf->ctrl_interface =
2113 os_strdup(iface->ctrl_interface);
2114 }
2116 if (iface->driver_param) {
2117 os_free(wpa_s->conf->driver_param);
2118 wpa_s->conf->driver_param =
2119 os_strdup(iface->driver_param);
2120 }
2121 } else
2122 wpa_s->conf = wpa_config_alloc_empty(iface->ctrl_interface,
2123 iface->driver_param);
2125 if (wpa_s->conf == NULL) {
2126 wpa_printf(MSG_ERROR, "\nNo configuration found.");
2127 return -1;
2128 }
2130 if (iface->ifname == NULL) {
2131 wpa_printf(MSG_ERROR, "\nInterface name is required.");
2132 return -1;
2133 }
2134 if (os_strlen(iface->ifname) >= sizeof(wpa_s->ifname)) {
2135 wpa_printf(MSG_ERROR, "\nToo long interface name '%s'.",
2136 iface->ifname);
2137 return -1;
2138 }
2139 os_strlcpy(wpa_s->ifname, iface->ifname, sizeof(wpa_s->ifname));
2141 if (iface->bridge_ifname) {
2142 if (os_strlen(iface->bridge_ifname) >=
2143 sizeof(wpa_s->bridge_ifname)) {
2144 wpa_printf(MSG_ERROR, "\nToo long bridge interface "
2145 "name '%s'.", iface->bridge_ifname);
2146 return -1;
2147 }
2148 os_strlcpy(wpa_s->bridge_ifname, iface->bridge_ifname,
2149 sizeof(wpa_s->bridge_ifname));
2150 }
2152 /* RSNA Supplicant Key Management - INITIALIZE */
2153 eapol_sm_notify_portEnabled(wpa_s->eapol, FALSE);
2154 eapol_sm_notify_portValid(wpa_s->eapol, FALSE);
2156 /* Initialize driver interface and register driver event handler before
2157 * L2 receive handler so that association events are processed before
2158 * EAPOL-Key packets if both become available for the same select()
2159 * call. */
2160 driver = iface->driver;
2161 next_driver:
2162 if (wpa_supplicant_set_driver(wpa_s, driver) < 0)
2163 return -1;
2165 wpa_s->drv_priv = wpa_drv_init(wpa_s, wpa_s->ifname);
2166 if (wpa_s->drv_priv == NULL) {
2167 const char *pos;
2168 pos = driver ? os_strchr(driver, ',') : NULL;
2169 if (pos) {
2170 wpa_dbg(wpa_s, MSG_DEBUG, "Failed to initialize "
2171 "driver interface - try next driver wrapper");
2172 driver = pos + 1;
2173 goto next_driver;
2174 }
2175 wpa_msg(wpa_s, MSG_ERROR, "Failed to initialize driver "
2176 "interface");
2177 return -1;
2178 }
2179 if (wpa_drv_set_param(wpa_s, wpa_s->conf->driver_param) < 0) {
2180 wpa_msg(wpa_s, MSG_ERROR, "Driver interface rejected "
2181 "driver_param '%s'", wpa_s->conf->driver_param);
2182 return -1;
2183 }
2185 ifname = wpa_drv_get_ifname(wpa_s);
2186 if (ifname && os_strcmp(ifname, wpa_s->ifname) != 0) {
2187 wpa_dbg(wpa_s, MSG_DEBUG, "Driver interface replaced "
2188 "interface name with '%s'", ifname);
2189 os_strlcpy(wpa_s->ifname, ifname, sizeof(wpa_s->ifname));
2190 }
2192 if (wpa_supplicant_init_wpa(wpa_s) < 0)
2193 return -1;
2195 wpa_sm_set_ifname(wpa_s->wpa, wpa_s->ifname,
2196 wpa_s->bridge_ifname[0] ? wpa_s->bridge_ifname :
2197 NULL);
2198 wpa_sm_set_fast_reauth(wpa_s->wpa, wpa_s->conf->fast_reauth);
2200 if (wpa_s->conf->dot11RSNAConfigPMKLifetime &&
2201 wpa_sm_set_param(wpa_s->wpa, RSNA_PMK_LIFETIME,
2202 wpa_s->conf->dot11RSNAConfigPMKLifetime)) {
2203 wpa_msg(wpa_s, MSG_ERROR, "Invalid WPA parameter value for "
2204 "dot11RSNAConfigPMKLifetime");
2205 return -1;
2206 }
2208 if (wpa_s->conf->dot11RSNAConfigPMKReauthThreshold &&
2209 wpa_sm_set_param(wpa_s->wpa, RSNA_PMK_REAUTH_THRESHOLD,
2210 wpa_s->conf->dot11RSNAConfigPMKReauthThreshold)) {
2211 wpa_msg(wpa_s, MSG_ERROR, "Invalid WPA parameter value for "
2212 "dot11RSNAConfigPMKReauthThreshold");
2213 return -1;
2214 }
2216 if (wpa_s->conf->dot11RSNAConfigSATimeout &&
2217 wpa_sm_set_param(wpa_s->wpa, RSNA_SA_TIMEOUT,
2218 wpa_s->conf->dot11RSNAConfigSATimeout)) {
2219 wpa_msg(wpa_s, MSG_ERROR, "Invalid WPA parameter value for "
2220 "dot11RSNAConfigSATimeout");
2221 return -1;
2222 }
2224 if (wpa_drv_get_capa(wpa_s, &capa) == 0) {
2225 wpa_s->drv_flags = capa.flags;
2226 if (capa.flags & WPA_DRIVER_FLAGS_USER_SPACE_MLME) {
2227 if (ieee80211_sta_init(wpa_s))
2228 return -1;
2229 }
2230 wpa_s->max_scan_ssids = capa.max_scan_ssids;
2231 wpa_s->max_remain_on_chan = capa.max_remain_on_chan;
2232 wpa_s->max_stations = capa.max_stations;
2233 }
2234 if (wpa_s->max_remain_on_chan == 0)
2235 wpa_s->max_remain_on_chan = 1000;
2237 if (wpa_supplicant_driver_init(wpa_s) < 0)
2238 return -1;
2240 #ifdef CONFIG_TDLS
2241 if (wpa_tdls_init(wpa_s->wpa))
2242 return -1;
2243 #endif /* CONFIG_TDLS */
2245 if (wpa_s->conf->country[0] && wpa_s->conf->country[1] &&
2246 wpa_drv_set_country(wpa_s, wpa_s->conf->country)) {
2247 wpa_dbg(wpa_s, MSG_DEBUG, "Failed to set country");
2248 return -1;
2249 }
2251 wpa_sm_set_own_addr(wpa_s->wpa, wpa_s->own_addr);
2253 if (wpas_wps_init(wpa_s))
2254 return -1;
2256 if (wpa_supplicant_init_eapol(wpa_s) < 0)
2257 return -1;
2258 wpa_sm_set_eapol(wpa_s->wpa, wpa_s->eapol);
2260 wpa_s->ctrl_iface = wpa_supplicant_ctrl_iface_init(wpa_s);
2261 if (wpa_s->ctrl_iface == NULL) {
2262 wpa_printf(MSG_ERROR,
2263 "Failed to initialize control interface '%s'.\n"
2264 "You may have another wpa_supplicant process "
2265 "already running or the file was\n"
2266 "left by an unclean termination of wpa_supplicant "
2267 "in which case you will need\n"
2268 "to manually remove this file before starting "
2269 "wpa_supplicant again.\n",
2270 wpa_s->conf->ctrl_interface);
2271 return -1;
2272 }
2274 #ifdef CONFIG_IBSS_RSN
2275 wpa_s->ibss_rsn = ibss_rsn_init(wpa_s);
2276 if (!wpa_s->ibss_rsn) {
2277 wpa_dbg(wpa_s, MSG_DEBUG, "Failed to init IBSS RSN");
2278 return -1;
2279 }
2280 #endif /* CONFIG_IBSS_RSN */
2282 #ifdef CONFIG_P2P
2283 if (wpas_p2p_init(wpa_s->global, wpa_s) < 0) {
2284 wpa_msg(wpa_s, MSG_ERROR, "Failed to init P2P");
2285 return -1;
2286 }
2287 #endif /* CONFIG_P2P */
2289 if (wpa_bss_init(wpa_s) < 0)
2290 return -1;
2292 return 0;
2293 }
2296 static void wpa_supplicant_deinit_iface(struct wpa_supplicant *wpa_s,
2297 int notify)
2298 {
2299 if (wpa_s->drv_priv) {
2300 wpa_supplicant_deauthenticate(wpa_s,
2301 WLAN_REASON_DEAUTH_LEAVING);
2303 wpa_drv_set_countermeasures(wpa_s, 0);
2304 wpa_clear_keys(wpa_s, NULL);
2305 }
2307 wpa_supplicant_cleanup(wpa_s);
2309 if (notify)
2310 wpas_notify_iface_removed(wpa_s);
2312 if (wpa_s->drv_priv)
2313 wpa_drv_deinit(wpa_s);
2314 }
2317 /**
2318 * wpa_supplicant_add_iface - Add a new network interface
2319 * @global: Pointer to global data from wpa_supplicant_init()
2320 * @iface: Interface configuration options
2321 * Returns: Pointer to the created interface or %NULL on failure
2322 *
2323 * This function is used to add new network interfaces for %wpa_supplicant.
2324 * This can be called before wpa_supplicant_run() to add interfaces before the
2325 * main event loop has been started. In addition, new interfaces can be added
2326 * dynamically while %wpa_supplicant is already running. This could happen,
2327 * e.g., when a hotplug network adapter is inserted.
2328 */
2329 struct wpa_supplicant * wpa_supplicant_add_iface(struct wpa_global *global,
2330 struct wpa_interface *iface)
2331 {
2332 struct wpa_supplicant *wpa_s;
2333 struct wpa_interface t_iface;
2334 struct wpa_ssid *ssid;
2336 if (global == NULL || iface == NULL)
2337 return NULL;
2339 wpa_s = wpa_supplicant_alloc();
2340 if (wpa_s == NULL)
2341 return NULL;
2343 wpa_s->global = global;
2345 t_iface = *iface;
2346 if (global->params.override_driver) {
2347 wpa_printf(MSG_DEBUG, "Override interface parameter: driver "
2348 "('%s' -> '%s')",
2349 iface->driver, global->params.override_driver);
2350 t_iface.driver = global->params.override_driver;
2351 }
2352 if (global->params.override_ctrl_interface) {
2353 wpa_printf(MSG_DEBUG, "Override interface parameter: "
2354 "ctrl_interface ('%s' -> '%s')",
2355 iface->ctrl_interface,
2356 global->params.override_ctrl_interface);
2357 t_iface.ctrl_interface =
2358 global->params.override_ctrl_interface;
2359 }
2360 if (wpa_supplicant_init_iface(wpa_s, &t_iface)) {
2361 wpa_printf(MSG_DEBUG, "Failed to add interface %s",
2362 iface->ifname);
2363 wpa_supplicant_deinit_iface(wpa_s, 0);
2364 os_free(wpa_s);
2365 return NULL;
2366 }
2368 /* Notify the control interfaces about new iface */
2369 if (wpas_notify_iface_added(wpa_s)) {
2370 wpa_supplicant_deinit_iface(wpa_s, 1);
2371 os_free(wpa_s);
2372 return NULL;
2373 }
2375 for (ssid = wpa_s->conf->ssid; ssid; ssid = ssid->next)
2376 wpas_notify_network_added(wpa_s, ssid);
2378 wpa_s->next = global->ifaces;
2379 global->ifaces = wpa_s;
2381 wpa_dbg(wpa_s, MSG_DEBUG, "Added interface %s", wpa_s->ifname);
2383 return wpa_s;
2384 }
2387 /**
2388 * wpa_supplicant_remove_iface - Remove a network interface
2389 * @global: Pointer to global data from wpa_supplicant_init()
2390 * @wpa_s: Pointer to the network interface to be removed
2391 * Returns: 0 if interface was removed, -1 if interface was not found
2392 *
2393 * This function can be used to dynamically remove network interfaces from
2394 * %wpa_supplicant, e.g., when a hotplug network adapter is ejected. In
2395 * addition, this function is used to remove all remaining interfaces when
2396 * %wpa_supplicant is terminated.
2397 */
2398 int wpa_supplicant_remove_iface(struct wpa_global *global,
2399 struct wpa_supplicant *wpa_s)
2400 {
2401 struct wpa_supplicant *prev;
2403 /* Remove interface from the global list of interfaces */
2404 prev = global->ifaces;
2405 if (prev == wpa_s) {
2406 global->ifaces = wpa_s->next;
2407 } else {
2408 while (prev && prev->next != wpa_s)
2409 prev = prev->next;
2410 if (prev == NULL)
2411 return -1;
2412 prev->next = wpa_s->next;
2413 }
2415 wpa_dbg(wpa_s, MSG_DEBUG, "Removing interface %s", wpa_s->ifname);
2417 if (global->p2p_group_formation == wpa_s)
2418 global->p2p_group_formation = NULL;
2419 wpa_supplicant_deinit_iface(wpa_s, 1);
2420 os_free(wpa_s);
2422 return 0;
2423 }
2426 /**
2427 * wpa_supplicant_get_eap_mode - Get the current EAP mode
2428 * @wpa_s: Pointer to the network interface
2429 * Returns: Pointer to the eap mode or the string "UNKNOWN" if not found
2430 */
2431 const char * wpa_supplicant_get_eap_mode(struct wpa_supplicant *wpa_s)
2432 {
2433 const char *eapol_method;
2435 if (wpa_key_mgmt_wpa_ieee8021x(wpa_s->key_mgmt) == 0 &&
2436 wpa_s->key_mgmt != WPA_KEY_MGMT_IEEE8021X_NO_WPA) {
2437 return "NO-EAP";
2438 }
2440 eapol_method = eapol_sm_get_method_name(wpa_s->eapol);
2441 if (eapol_method == NULL)
2442 return "UNKNOWN-EAP";
2444 return eapol_method;
2445 }
2448 /**
2449 * wpa_supplicant_get_iface - Get a new network interface
2450 * @global: Pointer to global data from wpa_supplicant_init()
2451 * @ifname: Interface name
2452 * Returns: Pointer to the interface or %NULL if not found
2453 */
2454 struct wpa_supplicant * wpa_supplicant_get_iface(struct wpa_global *global,
2455 const char *ifname)
2456 {
2457 struct wpa_supplicant *wpa_s;
2459 for (wpa_s = global->ifaces; wpa_s; wpa_s = wpa_s->next) {
2460 if (os_strcmp(wpa_s->ifname, ifname) == 0)
2461 return wpa_s;
2462 }
2463 return NULL;
2464 }
2467 #ifndef CONFIG_NO_WPA_MSG
2468 static const char * wpa_supplicant_msg_ifname_cb(void *ctx)
2469 {
2470 struct wpa_supplicant *wpa_s = ctx;
2471 if (wpa_s == NULL)
2472 return NULL;
2473 return wpa_s->ifname;
2474 }
2475 #endif /* CONFIG_NO_WPA_MSG */
2478 /**
2479 * wpa_supplicant_init - Initialize %wpa_supplicant
2480 * @params: Parameters for %wpa_supplicant
2481 * Returns: Pointer to global %wpa_supplicant data, or %NULL on failure
2482 *
2483 * This function is used to initialize %wpa_supplicant. After successful
2484 * initialization, the returned data pointer can be used to add and remove
2485 * network interfaces, and eventually, to deinitialize %wpa_supplicant.
2486 */
2487 struct wpa_global * wpa_supplicant_init(struct wpa_params *params)
2488 {
2489 struct wpa_global *global;
2490 int ret, i;
2492 if (params == NULL)
2493 return NULL;
2495 #ifndef CONFIG_NO_WPA_MSG
2496 wpa_msg_register_ifname_cb(wpa_supplicant_msg_ifname_cb);
2497 #endif /* CONFIG_NO_WPA_MSG */
2499 wpa_debug_open_file(params->wpa_debug_file_path);
2500 if (params->wpa_debug_syslog)
2501 wpa_debug_open_syslog();
2503 ret = eap_register_methods();
2504 if (ret) {
2505 wpa_printf(MSG_ERROR, "Failed to register EAP methods");
2506 if (ret == -2)
2507 wpa_printf(MSG_ERROR, "Two or more EAP methods used "
2508 "the same EAP type.");
2509 return NULL;
2510 }
2512 global = os_zalloc(sizeof(*global));
2513 if (global == NULL)
2514 return NULL;
2515 dl_list_init(&global->p2p_srv_bonjour);
2516 dl_list_init(&global->p2p_srv_upnp);
2517 global->params.daemonize = params->daemonize;
2518 global->params.wait_for_monitor = params->wait_for_monitor;
2519 global->params.dbus_ctrl_interface = params->dbus_ctrl_interface;
2520 if (params->pid_file)
2521 global->params.pid_file = os_strdup(params->pid_file);
2522 if (params->ctrl_interface)
2523 global->params.ctrl_interface =
2524 os_strdup(params->ctrl_interface);
2525 if (params->override_driver)
2526 global->params.override_driver =
2527 os_strdup(params->override_driver);
2528 if (params->override_ctrl_interface)
2529 global->params.override_ctrl_interface =
2530 os_strdup(params->override_ctrl_interface);
2531 wpa_debug_level = global->params.wpa_debug_level =
2532 params->wpa_debug_level;
2533 wpa_debug_show_keys = global->params.wpa_debug_show_keys =
2534 params->wpa_debug_show_keys;
2535 wpa_debug_timestamp = global->params.wpa_debug_timestamp =
2536 params->wpa_debug_timestamp;
2538 wpa_printf(MSG_DEBUG, "wpa_supplicant v" VERSION_STR);
2540 if (eloop_init()) {
2541 wpa_printf(MSG_ERROR, "Failed to initialize event loop");
2542 wpa_supplicant_deinit(global);
2543 return NULL;
2544 }
2546 global->ctrl_iface = wpa_supplicant_global_ctrl_iface_init(global);
2547 if (global->ctrl_iface == NULL) {
2548 wpa_supplicant_deinit(global);
2549 return NULL;
2550 }
2552 if (wpas_notify_supplicant_initialized(global)) {
2553 wpa_supplicant_deinit(global);
2554 return NULL;
2555 }
2557 for (i = 0; wpa_drivers[i]; i++)
2558 global->drv_count++;
2559 if (global->drv_count == 0) {
2560 wpa_printf(MSG_ERROR, "No drivers enabled");
2561 wpa_supplicant_deinit(global);
2562 return NULL;
2563 }
2564 global->drv_priv = os_zalloc(global->drv_count * sizeof(void *));
2565 if (global->drv_priv == NULL) {
2566 wpa_supplicant_deinit(global);
2567 return NULL;
2568 }
2569 for (i = 0; wpa_drivers[i]; i++) {
2570 if (!wpa_drivers[i]->global_init)
2571 continue;
2572 global->drv_priv[i] = wpa_drivers[i]->global_init();
2573 if (global->drv_priv[i] == NULL) {
2574 wpa_printf(MSG_ERROR, "Failed to initialize driver "
2575 "'%s'", wpa_drivers[i]->name);
2576 wpa_supplicant_deinit(global);
2577 return NULL;
2578 }
2579 }
2581 return global;
2582 }
2585 /**
2586 * wpa_supplicant_run - Run the %wpa_supplicant main event loop
2587 * @global: Pointer to global data from wpa_supplicant_init()
2588 * Returns: 0 after successful event loop run, -1 on failure
2589 *
2590 * This function starts the main event loop and continues running as long as
2591 * there are any remaining events. In most cases, this function is running as
2592 * long as the %wpa_supplicant process in still in use.
2593 */
2594 int wpa_supplicant_run(struct wpa_global *global)
2595 {
2596 struct wpa_supplicant *wpa_s;
2598 if (global->params.daemonize &&
2599 wpa_supplicant_daemon(global->params.pid_file))
2600 return -1;
2602 if (global->params.wait_for_monitor) {
2603 for (wpa_s = global->ifaces; wpa_s; wpa_s = wpa_s->next)
2604 if (wpa_s->ctrl_iface)
2605 wpa_supplicant_ctrl_iface_wait(
2606 wpa_s->ctrl_iface);
2607 }
2609 eloop_register_signal_terminate(wpa_supplicant_terminate, global);
2610 eloop_register_signal_reconfig(wpa_supplicant_reconfig, global);
2612 eloop_run();
2614 return 0;
2615 }
2618 /**
2619 * wpa_supplicant_deinit - Deinitialize %wpa_supplicant
2620 * @global: Pointer to global data from wpa_supplicant_init()
2621 *
2622 * This function is called to deinitialize %wpa_supplicant and to free all
2623 * allocated resources. Remaining network interfaces will also be removed.
2624 */
2625 void wpa_supplicant_deinit(struct wpa_global *global)
2626 {
2627 int i;
2629 if (global == NULL)
2630 return;
2632 #ifdef CONFIG_P2P
2633 wpas_p2p_deinit_global(global);
2634 #endif /* CONFIG_P2P */
2636 while (global->ifaces)
2637 wpa_supplicant_remove_iface(global, global->ifaces);
2639 if (global->ctrl_iface)
2640 wpa_supplicant_global_ctrl_iface_deinit(global->ctrl_iface);
2642 wpas_notify_supplicant_deinitialized(global);
2644 eap_peer_unregister_methods();
2645 #ifdef CONFIG_AP
2646 eap_server_unregister_methods();
2647 #endif /* CONFIG_AP */
2649 for (i = 0; wpa_drivers[i] && global->drv_priv; i++) {
2650 if (!global->drv_priv[i])
2651 continue;
2652 wpa_drivers[i]->global_deinit(global->drv_priv[i]);
2653 }
2654 os_free(global->drv_priv);
2656 eloop_destroy();
2658 if (global->params.pid_file) {
2659 os_daemonize_terminate(global->params.pid_file);
2660 os_free(global->params.pid_file);
2661 }
2662 os_free(global->params.ctrl_interface);
2663 os_free(global->params.override_driver);
2664 os_free(global->params.override_ctrl_interface);
2666 os_free(global);
2667 wpa_debug_close_syslog();
2668 wpa_debug_close_file();
2669 }
2672 void wpa_supplicant_update_config(struct wpa_supplicant *wpa_s)
2673 {
2674 #ifdef CONFIG_WPS
2675 wpas_wps_update_config(wpa_s);
2676 #endif /* CONFIG_WPS */
2678 #ifdef CONFIG_P2P
2679 wpas_p2p_update_config(wpa_s);
2680 #endif /* CONFIG_P2P */
2682 wpa_s->conf->changed_parameters = 0;
2683 }
2686 void ieee80211_sta_free_hw_features(struct hostapd_hw_modes *hw_features,
2687 size_t num_hw_features)
2688 {
2689 size_t i;
2691 if (hw_features == NULL)
2692 return;
2694 for (i = 0; i < num_hw_features; i++) {
2695 os_free(hw_features[i].channels);
2696 os_free(hw_features[i].rates);
2697 }
2699 os_free(hw_features);
2700 }
2703 static void add_freq(int *freqs, int *num_freqs, int freq)
2704 {
2705 int i;
2707 for (i = 0; i < *num_freqs; i++) {
2708 if (freqs[i] == freq)
2709 return;
2710 }
2712 freqs[*num_freqs] = freq;
2713 (*num_freqs)++;
2714 }
2717 static int * get_bss_freqs_in_ess(struct wpa_supplicant *wpa_s)
2718 {
2719 struct wpa_bss *bss, *cbss;
2720 const int max_freqs = 10;
2721 int *freqs;
2722 int num_freqs = 0;
2724 freqs = os_zalloc(sizeof(int) * (max_freqs + 1));
2725 if (freqs == NULL)
2726 return NULL;
2728 cbss = wpa_s->current_bss;
2730 dl_list_for_each(bss, &wpa_s->bss, struct wpa_bss, list) {
2731 if (bss == cbss)
2732 continue;
2733 if (bss->ssid_len == cbss->ssid_len &&
2734 os_memcmp(bss->ssid, cbss->ssid, bss->ssid_len) == 0 &&
2735 wpa_blacklist_get(wpa_s, bss->bssid) == NULL) {
2736 add_freq(freqs, &num_freqs, bss->freq);
2737 if (num_freqs == max_freqs)
2738 break;
2739 }
2740 }
2742 if (num_freqs == 0) {
2743 os_free(freqs);
2744 freqs = NULL;
2745 }
2747 return freqs;
2748 }
2751 void wpas_connection_failed(struct wpa_supplicant *wpa_s, const u8 *bssid)
2752 {
2753 int timeout;
2754 int count;
2755 int *freqs = NULL;
2757 /*
2758 * Add the failed BSSID into the blacklist and speed up next scan
2759 * attempt if there could be other APs that could accept association.
2760 * The current blacklist count indicates how many times we have tried
2761 * connecting to this AP and multiple attempts mean that other APs are
2762 * either not available or has already been tried, so that we can start
2763 * increasing the delay here to avoid constant scanning.
2764 */
2765 count = wpa_blacklist_add(wpa_s, bssid);
2766 if (count == 1 && wpa_s->current_bss) {
2767 /*
2768 * This BSS was not in the blacklist before. If there is
2769 * another BSS available for the same ESS, we should try that
2770 * next. Otherwise, we may as well try this one once more
2771 * before allowing other, likely worse, ESSes to be considered.
2772 */
2773 freqs = get_bss_freqs_in_ess(wpa_s);
2774 if (freqs) {
2775 wpa_dbg(wpa_s, MSG_DEBUG, "Another BSS in this ESS "
2776 "has been seen; try it next");
2777 wpa_blacklist_add(wpa_s, bssid);
2778 /*
2779 * On the next scan, go through only the known channels
2780 * used in this ESS based on previous scans to speed up
2781 * common load balancing use case.
2782 */
2783 os_free(wpa_s->next_scan_freqs);
2784 wpa_s->next_scan_freqs = freqs;
2785 }
2786 }
2788 switch (count) {
2789 case 1:
2790 timeout = 100;
2791 break;
2792 case 2:
2793 timeout = 500;
2794 break;
2795 case 3:
2796 timeout = 1000;
2797 break;
2798 default:
2799 timeout = 5000;
2800 }
2802 /*
2803 * TODO: if more than one possible AP is available in scan results,
2804 * could try the other ones before requesting a new scan.
2805 */
2806 wpa_supplicant_req_scan(wpa_s, timeout / 1000,
2807 1000 * (timeout % 1000));
2808 }