• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /*
2  * WPA Supplicant
3  * Copyright (c) 2003-2019, Jouni Malinen <j@w1.fi>
4  *
5  * This software may be distributed under the terms of the BSD license.
6  * See README for more details.
7  *
8  * This file implements functions for registering and unregistering
9  * %wpa_supplicant interfaces. In addition, this file contains number of
10  * functions for managing network connections.
11  */
12 
13 #include "includes.h"
14 #ifdef CONFIG_MATCH_IFACE
15 #include <net/if.h>
16 #include <fnmatch.h>
17 #endif /* CONFIG_MATCH_IFACE */
18 
19 #include "common.h"
20 #include "crypto/random.h"
21 #include "crypto/sha1.h"
22 #include "eapol_supp/eapol_supp_sm.h"
23 #include "eap_peer/eap.h"
24 #include "eap_peer/eap_proxy.h"
25 #include "eap_server/eap_methods.h"
26 #include "rsn_supp/wpa.h"
27 #include "eloop.h"
28 #include "config.h"
29 #include "utils/ext_password.h"
30 #include "l2_packet/l2_packet.h"
31 #include "wpa_supplicant_i.h"
32 #include "driver_i.h"
33 #include "ctrl_iface.h"
34 #include "pcsc_funcs.h"
35 #include "common/version.h"
36 #include "rsn_supp/preauth.h"
37 #include "rsn_supp/pmksa_cache.h"
38 #include "common/wpa_ctrl.h"
39 #include "common/ieee802_11_common.h"
40 #include "common/ieee802_11_defs.h"
41 #include "common/hw_features_common.h"
42 #include "common/gas_server.h"
43 #include "common/dpp.h"
44 #include "p2p/p2p.h"
45 #include "fst/fst.h"
46 #include "blacklist.h"
47 #include "wpas_glue.h"
48 #include "wps_supplicant.h"
49 #include "ibss_rsn.h"
50 #include "sme.h"
51 #include "gas_query.h"
52 #include "ap.h"
53 #include "p2p_supplicant.h"
54 #include "wifi_display.h"
55 #include "notify.h"
56 #include "bgscan.h"
57 #include "autoscan.h"
58 #include "bss.h"
59 #include "scan.h"
60 #include "offchannel.h"
61 #include "hs20_supplicant.h"
62 #include "wnm_sta.h"
63 #include "wpas_kay.h"
64 #include "mesh.h"
65 #include "dpp_supplicant.h"
66 #ifdef CONFIG_MESH
67 #include "ap/ap_config.h"
68 #include "ap/hostapd.h"
69 #endif /* CONFIG_MESH */
70 
71 const char *const wpa_supplicant_version =
72 "wpa_supplicant v" VERSION_STR "\n"
73 "Copyright (c) 2003-2019, Jouni Malinen <j@w1.fi> and contributors";
74 
75 const char *const wpa_supplicant_license =
76 "This software may be distributed under the terms of the BSD license.\n"
77 "See README for more details.\n"
78 #ifdef EAP_TLS_OPENSSL
79 "\nThis product includes software developed by the OpenSSL Project\n"
80 "for use in the OpenSSL Toolkit (http://www.openssl.org/)\n"
81 #endif /* EAP_TLS_OPENSSL */
82 ;
83 
84 #ifndef CONFIG_NO_STDOUT_DEBUG
85 /* Long text divided into parts in order to fit in C89 strings size limits. */
86 const char *const wpa_supplicant_full_license1 =
87 "";
88 const char *const wpa_supplicant_full_license2 =
89 "This software may be distributed under the terms of the BSD license.\n"
90 "\n"
91 "Redistribution and use in source and binary forms, with or without\n"
92 "modification, are permitted provided that the following conditions are\n"
93 "met:\n"
94 "\n";
95 const char *const wpa_supplicant_full_license3 =
96 "1. Redistributions of source code must retain the above copyright\n"
97 "   notice, this list of conditions and the following disclaimer.\n"
98 "\n"
99 "2. Redistributions in binary form must reproduce the above copyright\n"
100 "   notice, this list of conditions and the following disclaimer in the\n"
101 "   documentation and/or other materials provided with the distribution.\n"
102 "\n";
103 const char *const wpa_supplicant_full_license4 =
104 "3. Neither the name(s) of the above-listed copyright holder(s) nor the\n"
105 "   names of its contributors may be used to endorse or promote products\n"
106 "   derived from this software without specific prior written permission.\n"
107 "\n"
108 "THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS\n"
109 "\"AS IS\" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT\n"
110 "LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR\n"
111 "A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT\n";
112 const char *const wpa_supplicant_full_license5 =
113 "OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,\n"
114 "SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT\n"
115 "LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,\n"
116 "DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY\n"
117 "THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT\n"
118 "(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE\n"
119 "OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n"
120 "\n";
121 #endif /* CONFIG_NO_STDOUT_DEBUG */
122 
123 
124 static void wpa_bss_tmp_disallow_timeout(void *eloop_ctx, void *timeout_ctx);
125 #if defined(CONFIG_FILS) && defined(IEEE8021X_EAPOL)
126 static void wpas_update_fils_connect_params(struct wpa_supplicant *wpa_s);
127 #endif /* CONFIG_FILS && IEEE8021X_EAPOL */
128 #ifdef CONFIG_OWE
129 static void wpas_update_owe_connect_params(struct wpa_supplicant *wpa_s);
130 #endif /* CONFIG_OWE */
131 
132 
133 #ifdef CONFIG_WEP
134 /* Configure default/group WEP keys for static WEP */
wpa_set_wep_keys(struct wpa_supplicant * wpa_s,struct wpa_ssid * ssid)135 int wpa_set_wep_keys(struct wpa_supplicant *wpa_s, struct wpa_ssid *ssid)
136 {
137 	int i, set = 0;
138 
139 	for (i = 0; i < NUM_WEP_KEYS; i++) {
140 		if (ssid->wep_key_len[i] == 0)
141 			continue;
142 
143 		set = 1;
144 		wpa_drv_set_key(wpa_s, WPA_ALG_WEP, NULL,
145 				i, i == ssid->wep_tx_keyidx, NULL, 0,
146 				ssid->wep_key[i], ssid->wep_key_len[i],
147 				i == ssid->wep_tx_keyidx ?
148 				KEY_FLAG_GROUP_RX_TX_DEFAULT :
149 				KEY_FLAG_GROUP_RX_TX);
150 	}
151 
152 	return set;
153 }
154 #endif /* CONFIG_WEP */
155 
156 
wpa_supplicant_set_wpa_none_key(struct wpa_supplicant * wpa_s,struct wpa_ssid * ssid)157 int wpa_supplicant_set_wpa_none_key(struct wpa_supplicant *wpa_s,
158 				    struct wpa_ssid *ssid)
159 {
160 	u8 key[32];
161 	size_t keylen;
162 	enum wpa_alg alg;
163 	u8 seq[6] = { 0 };
164 	int ret;
165 
166 	/* IBSS/WPA-None uses only one key (Group) for both receiving and
167 	 * sending unicast and multicast packets. */
168 
169 	if (ssid->mode != WPAS_MODE_IBSS) {
170 		wpa_msg(wpa_s, MSG_INFO, "WPA: Invalid mode %d (not "
171 			"IBSS/ad-hoc) for WPA-None", ssid->mode);
172 		return -1;
173 	}
174 
175 	if (!ssid->psk_set) {
176 		wpa_msg(wpa_s, MSG_INFO, "WPA: No PSK configured for "
177 			"WPA-None");
178 		return -1;
179 	}
180 
181 	switch (wpa_s->group_cipher) {
182 	case WPA_CIPHER_CCMP:
183 		os_memcpy(key, ssid->psk, 16);
184 		keylen = 16;
185 		alg = WPA_ALG_CCMP;
186 		break;
187 	case WPA_CIPHER_GCMP:
188 		os_memcpy(key, ssid->psk, 16);
189 		keylen = 16;
190 		alg = WPA_ALG_GCMP;
191 		break;
192 	case WPA_CIPHER_TKIP:
193 		/* WPA-None uses the same Michael MIC key for both TX and RX */
194 		os_memcpy(key, ssid->psk, 16 + 8);
195 		os_memcpy(key + 16 + 8, ssid->psk + 16, 8);
196 		keylen = 32;
197 		alg = WPA_ALG_TKIP;
198 		break;
199 	default:
200 		wpa_msg(wpa_s, MSG_INFO, "WPA: Invalid group cipher %d for "
201 			"WPA-None", wpa_s->group_cipher);
202 		return -1;
203 	}
204 
205 	/* TODO: should actually remember the previously used seq#, both for TX
206 	 * and RX from each STA.. */
207 
208 	ret = wpa_drv_set_key(wpa_s, alg, NULL, 0, 1, seq, 6, key, keylen,
209 			      KEY_FLAG_GROUP_RX_TX_DEFAULT);
210 	os_memset(key, 0, sizeof(key));
211 	return ret;
212 }
213 
214 
wpa_supplicant_timeout(void * eloop_ctx,void * timeout_ctx)215 static void wpa_supplicant_timeout(void *eloop_ctx, void *timeout_ctx)
216 {
217 	struct wpa_supplicant *wpa_s = eloop_ctx;
218 	const u8 *bssid = wpa_s->bssid;
219 	if (!is_zero_ether_addr(wpa_s->pending_bssid) &&
220 	    (wpa_s->wpa_state == WPA_AUTHENTICATING ||
221 	     wpa_s->wpa_state == WPA_ASSOCIATING))
222 		bssid = wpa_s->pending_bssid;
223 	wpa_msg(wpa_s, MSG_INFO, "Authentication with " MACSTR " timed out.",
224 		MAC2STR(bssid));
225 	wpa_blacklist_add(wpa_s, bssid);
226 	wpas_notify_auth_timeout(wpa_s);
227 	wpa_sm_notify_disassoc(wpa_s->wpa);
228 	wpa_supplicant_deauthenticate(wpa_s, WLAN_REASON_DEAUTH_LEAVING);
229 	wpa_s->reassociate = 1;
230 
231 	/*
232 	 * If we timed out, the AP or the local radio may be busy.
233 	 * So, wait a second until scanning again.
234 	 */
235 	wpa_supplicant_req_scan(wpa_s, 1, 0);
236 }
237 
238 
239 /**
240  * wpa_supplicant_req_auth_timeout - Schedule a timeout for authentication
241  * @wpa_s: Pointer to wpa_supplicant data
242  * @sec: Number of seconds after which to time out authentication
243  * @usec: Number of microseconds after which to time out authentication
244  *
245  * This function is used to schedule a timeout for the current authentication
246  * attempt.
247  */
wpa_supplicant_req_auth_timeout(struct wpa_supplicant * wpa_s,int sec,int usec)248 void wpa_supplicant_req_auth_timeout(struct wpa_supplicant *wpa_s,
249 				     int sec, int usec)
250 {
251 	if (wpa_s->conf->ap_scan == 0 &&
252 	    (wpa_s->drv_flags & WPA_DRIVER_FLAGS_WIRED))
253 		return;
254 
255 	wpa_dbg(wpa_s, MSG_DEBUG, "Setting authentication timeout: %d sec "
256 		"%d usec", sec, usec);
257 	eloop_cancel_timeout(wpa_supplicant_timeout, wpa_s, NULL);
258 	wpa_s->last_auth_timeout_sec = sec;
259 	eloop_register_timeout(sec, usec, wpa_supplicant_timeout, wpa_s, NULL);
260 }
261 
262 
263 /*
264  * wpas_auth_timeout_restart - Restart and change timeout for authentication
265  * @wpa_s: Pointer to wpa_supplicant data
266  * @sec_diff: difference in seconds applied to original timeout value
267  */
wpas_auth_timeout_restart(struct wpa_supplicant * wpa_s,int sec_diff)268 void wpas_auth_timeout_restart(struct wpa_supplicant *wpa_s, int sec_diff)
269 {
270 	int new_sec = wpa_s->last_auth_timeout_sec + sec_diff;
271 
272 	if (eloop_is_timeout_registered(wpa_supplicant_timeout, wpa_s, NULL)) {
273 		wpa_dbg(wpa_s, MSG_DEBUG,
274 			"Authentication timeout restart: %d sec", new_sec);
275 		eloop_cancel_timeout(wpa_supplicant_timeout, wpa_s, NULL);
276 		eloop_register_timeout(new_sec, 0, wpa_supplicant_timeout,
277 				       wpa_s, NULL);
278 	}
279 }
280 
281 
282 /**
283  * wpa_supplicant_cancel_auth_timeout - Cancel authentication timeout
284  * @wpa_s: Pointer to wpa_supplicant data
285  *
286  * This function is used to cancel authentication timeout scheduled with
287  * wpa_supplicant_req_auth_timeout() and it is called when authentication has
288  * been completed.
289  */
wpa_supplicant_cancel_auth_timeout(struct wpa_supplicant * wpa_s)290 void wpa_supplicant_cancel_auth_timeout(struct wpa_supplicant *wpa_s)
291 {
292 	wpa_dbg(wpa_s, MSG_DEBUG, "Cancelling authentication timeout");
293 	eloop_cancel_timeout(wpa_supplicant_timeout, wpa_s, NULL);
294 	wpa_blacklist_del(wpa_s, wpa_s->bssid);
295 	os_free(wpa_s->last_con_fail_realm);
296 	wpa_s->last_con_fail_realm = NULL;
297 	wpa_s->last_con_fail_realm_len = 0;
298 }
299 
300 
301 /**
302  * wpa_supplicant_initiate_eapol - Configure EAPOL state machine
303  * @wpa_s: Pointer to wpa_supplicant data
304  *
305  * This function is used to configure EAPOL state machine based on the selected
306  * authentication mode.
307  */
wpa_supplicant_initiate_eapol(struct wpa_supplicant * wpa_s)308 void wpa_supplicant_initiate_eapol(struct wpa_supplicant *wpa_s)
309 {
310 #ifdef IEEE8021X_EAPOL
311 	struct eapol_config eapol_conf;
312 	struct wpa_ssid *ssid = wpa_s->current_ssid;
313 
314 #ifdef CONFIG_IBSS_RSN
315 	if (ssid->mode == WPAS_MODE_IBSS &&
316 	    wpa_s->key_mgmt != WPA_KEY_MGMT_NONE &&
317 	    wpa_s->key_mgmt != WPA_KEY_MGMT_WPA_NONE) {
318 		/*
319 		 * RSN IBSS authentication is per-STA and we can disable the
320 		 * per-BSSID EAPOL authentication.
321 		 */
322 		eapol_sm_notify_portControl(wpa_s->eapol, ForceAuthorized);
323 		eapol_sm_notify_eap_success(wpa_s->eapol, true);
324 		eapol_sm_notify_eap_fail(wpa_s->eapol, false);
325 		return;
326 	}
327 #endif /* CONFIG_IBSS_RSN */
328 
329 	eapol_sm_notify_eap_success(wpa_s->eapol, false);
330 	eapol_sm_notify_eap_fail(wpa_s->eapol, false);
331 
332 	if (wpa_s->key_mgmt == WPA_KEY_MGMT_NONE ||
333 	    wpa_s->key_mgmt == WPA_KEY_MGMT_WPA_NONE)
334 		eapol_sm_notify_portControl(wpa_s->eapol, ForceAuthorized);
335 	else
336 		eapol_sm_notify_portControl(wpa_s->eapol, Auto);
337 
338 	os_memset(&eapol_conf, 0, sizeof(eapol_conf));
339 	if (wpa_s->key_mgmt == WPA_KEY_MGMT_IEEE8021X_NO_WPA) {
340 		eapol_conf.accept_802_1x_keys = 1;
341 		eapol_conf.required_keys = 0;
342 		if (ssid->eapol_flags & EAPOL_FLAG_REQUIRE_KEY_UNICAST) {
343 			eapol_conf.required_keys |= EAPOL_REQUIRE_KEY_UNICAST;
344 		}
345 		if (ssid->eapol_flags & EAPOL_FLAG_REQUIRE_KEY_BROADCAST) {
346 			eapol_conf.required_keys |=
347 				EAPOL_REQUIRE_KEY_BROADCAST;
348 		}
349 
350 		if (wpa_s->drv_flags & WPA_DRIVER_FLAGS_WIRED)
351 			eapol_conf.required_keys = 0;
352 	}
353 	eapol_conf.fast_reauth = wpa_s->conf->fast_reauth;
354 	eapol_conf.workaround = ssid->eap_workaround;
355 	eapol_conf.eap_disabled =
356 		!wpa_key_mgmt_wpa_ieee8021x(wpa_s->key_mgmt) &&
357 		wpa_s->key_mgmt != WPA_KEY_MGMT_IEEE8021X_NO_WPA &&
358 		wpa_s->key_mgmt != WPA_KEY_MGMT_WPS;
359 	eapol_conf.external_sim = wpa_s->conf->external_sim;
360 
361 #ifdef CONFIG_WPS
362 	if (wpa_s->key_mgmt == WPA_KEY_MGMT_WPS) {
363 		eapol_conf.wps |= EAPOL_LOCAL_WPS_IN_USE;
364 		if (wpa_s->current_bss) {
365 			struct wpabuf *ie;
366 			ie = wpa_bss_get_vendor_ie_multi(wpa_s->current_bss,
367 							 WPS_IE_VENDOR_TYPE);
368 			if (ie) {
369 				if (wps_is_20(ie))
370 					eapol_conf.wps |=
371 						EAPOL_PEER_IS_WPS20_AP;
372 				wpabuf_free(ie);
373 			}
374 		}
375 	}
376 #endif /* CONFIG_WPS */
377 
378 	eapol_sm_notify_config(wpa_s->eapol, &ssid->eap, &eapol_conf);
379 
380 #ifdef CONFIG_MACSEC
381 	if (wpa_s->key_mgmt == WPA_KEY_MGMT_NONE && ssid->mka_psk_set)
382 		ieee802_1x_create_preshared_mka(wpa_s, ssid);
383 	else
384 		ieee802_1x_alloc_kay_sm(wpa_s, ssid);
385 #endif /* CONFIG_MACSEC */
386 #endif /* IEEE8021X_EAPOL */
387 }
388 
389 
390 /**
391  * wpa_supplicant_set_non_wpa_policy - Set WPA parameters to non-WPA mode
392  * @wpa_s: Pointer to wpa_supplicant data
393  * @ssid: Configuration data for the network
394  *
395  * This function is used to configure WPA state machine and related parameters
396  * to a mode where WPA is not enabled. This is called as part of the
397  * authentication configuration when the selected network does not use WPA.
398  */
wpa_supplicant_set_non_wpa_policy(struct wpa_supplicant * wpa_s,struct wpa_ssid * ssid)399 void wpa_supplicant_set_non_wpa_policy(struct wpa_supplicant *wpa_s,
400 				       struct wpa_ssid *ssid)
401 {
402 #ifdef CONFIG_WEP
403 	int i;
404 #endif /* CONFIG_WEP */
405 
406 	if (ssid->key_mgmt & WPA_KEY_MGMT_WPS)
407 		wpa_s->key_mgmt = WPA_KEY_MGMT_WPS;
408 	else if (ssid->key_mgmt & WPA_KEY_MGMT_IEEE8021X_NO_WPA)
409 		wpa_s->key_mgmt = WPA_KEY_MGMT_IEEE8021X_NO_WPA;
410 	else
411 		wpa_s->key_mgmt = WPA_KEY_MGMT_NONE;
412 	wpa_sm_set_ap_wpa_ie(wpa_s->wpa, NULL, 0);
413 	wpa_sm_set_ap_rsn_ie(wpa_s->wpa, NULL, 0);
414 	wpa_sm_set_ap_rsnxe(wpa_s->wpa, NULL, 0);
415 	wpa_sm_set_assoc_wpa_ie(wpa_s->wpa, NULL, 0);
416 	wpa_sm_set_assoc_rsnxe(wpa_s->wpa, NULL, 0);
417 	wpa_s->rsnxe_len = 0;
418 	wpa_s->pairwise_cipher = WPA_CIPHER_NONE;
419 	wpa_s->group_cipher = WPA_CIPHER_NONE;
420 	wpa_s->mgmt_group_cipher = 0;
421 
422 #ifdef CONFIG_WEP
423 	for (i = 0; i < NUM_WEP_KEYS; i++) {
424 		if (ssid->wep_key_len[i] > 5) {
425 			wpa_s->pairwise_cipher = WPA_CIPHER_WEP104;
426 			wpa_s->group_cipher = WPA_CIPHER_WEP104;
427 			break;
428 		} else if (ssid->wep_key_len[i] > 0) {
429 			wpa_s->pairwise_cipher = WPA_CIPHER_WEP40;
430 			wpa_s->group_cipher = WPA_CIPHER_WEP40;
431 			break;
432 		}
433 	}
434 #endif /* CONFIG_WEP */
435 
436 	wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_RSN_ENABLED, 0);
437 	wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_KEY_MGMT, wpa_s->key_mgmt);
438 	wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_PAIRWISE,
439 			 wpa_s->pairwise_cipher);
440 	wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_GROUP, wpa_s->group_cipher);
441 	wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_MGMT_GROUP,
442 			 wpa_s->mgmt_group_cipher);
443 
444 	pmksa_cache_clear_current(wpa_s->wpa);
445 }
446 
447 
free_hw_features(struct wpa_supplicant * wpa_s)448 void free_hw_features(struct wpa_supplicant *wpa_s)
449 {
450 	int i;
451 	if (wpa_s->hw.modes == NULL)
452 		return;
453 
454 	for (i = 0; i < wpa_s->hw.num_modes; i++) {
455 		os_free(wpa_s->hw.modes[i].channels);
456 		os_free(wpa_s->hw.modes[i].rates);
457 	}
458 
459 	os_free(wpa_s->hw.modes);
460 	wpa_s->hw.modes = NULL;
461 }
462 
463 
free_bss_tmp_disallowed(struct wpa_supplicant * wpa_s)464 void free_bss_tmp_disallowed(struct wpa_supplicant *wpa_s)
465 {
466 	struct wpa_bss_tmp_disallowed *bss, *prev;
467 
468 	dl_list_for_each_safe(bss, prev, &wpa_s->bss_tmp_disallowed,
469 			      struct wpa_bss_tmp_disallowed, list) {
470 		eloop_cancel_timeout(wpa_bss_tmp_disallow_timeout, wpa_s, bss);
471 		dl_list_del(&bss->list);
472 		os_free(bss);
473 	}
474 }
475 
476 
wpas_flush_fils_hlp_req(struct wpa_supplicant * wpa_s)477 void wpas_flush_fils_hlp_req(struct wpa_supplicant *wpa_s)
478 {
479 	struct fils_hlp_req *req;
480 
481 	while ((req = dl_list_first(&wpa_s->fils_hlp_req, struct fils_hlp_req,
482 				    list)) != NULL) {
483 		dl_list_del(&req->list);
484 		wpabuf_free(req->pkt);
485 		os_free(req);
486 	}
487 }
488 
489 
wpas_clear_disabled_interface(void * eloop_ctx,void * timeout_ctx)490 void wpas_clear_disabled_interface(void *eloop_ctx, void *timeout_ctx)
491 {
492 	struct wpa_supplicant *wpa_s = eloop_ctx;
493 
494 	if (wpa_s->wpa_state != WPA_INTERFACE_DISABLED)
495 		return;
496 	wpa_dbg(wpa_s, MSG_DEBUG, "Clear cached state on disabled interface");
497 	wpa_bss_flush(wpa_s);
498 }
499 
500 
501 #ifdef CONFIG_TESTING_OPTIONS
wpas_clear_driver_signal_override(struct wpa_supplicant * wpa_s)502 void wpas_clear_driver_signal_override(struct wpa_supplicant *wpa_s)
503 {
504 	struct driver_signal_override *dso;
505 
506 	while ((dso = dl_list_first(&wpa_s->drv_signal_override,
507 				    struct driver_signal_override, list))) {
508 		dl_list_del(&dso->list);
509 		os_free(dso);
510 	}
511 }
512 #endif /* CONFIG_TESTING_OPTIONS */
513 
514 
wpa_supplicant_cleanup(struct wpa_supplicant * wpa_s)515 static void wpa_supplicant_cleanup(struct wpa_supplicant *wpa_s)
516 {
517 	int i;
518 
519 	bgscan_deinit(wpa_s);
520 	autoscan_deinit(wpa_s);
521 	scard_deinit(wpa_s->scard);
522 	wpa_s->scard = NULL;
523 	wpa_sm_set_scard_ctx(wpa_s->wpa, NULL);
524 	eapol_sm_register_scard_ctx(wpa_s->eapol, NULL);
525 	l2_packet_deinit(wpa_s->l2);
526 	wpa_s->l2 = NULL;
527 	if (wpa_s->l2_br) {
528 		l2_packet_deinit(wpa_s->l2_br);
529 		wpa_s->l2_br = NULL;
530 	}
531 #ifdef CONFIG_TESTING_OPTIONS
532 	l2_packet_deinit(wpa_s->l2_test);
533 	wpa_s->l2_test = NULL;
534 	os_free(wpa_s->get_pref_freq_list_override);
535 	wpa_s->get_pref_freq_list_override = NULL;
536 	wpabuf_free(wpa_s->last_assoc_req_wpa_ie);
537 	wpa_s->last_assoc_req_wpa_ie = NULL;
538 	os_free(wpa_s->extra_sae_rejected_groups);
539 	wpa_s->extra_sae_rejected_groups = NULL;
540 	wpabuf_free(wpa_s->rsne_override_eapol);
541 	wpa_s->rsne_override_eapol = NULL;
542 	wpabuf_free(wpa_s->rsnxe_override_assoc);
543 	wpa_s->rsnxe_override_assoc = NULL;
544 	wpabuf_free(wpa_s->rsnxe_override_eapol);
545 	wpa_s->rsnxe_override_eapol = NULL;
546 	wpas_clear_driver_signal_override(wpa_s);
547 #endif /* CONFIG_TESTING_OPTIONS */
548 
549 	if (wpa_s->conf != NULL) {
550 		struct wpa_ssid *ssid;
551 		for (ssid = wpa_s->conf->ssid; ssid; ssid = ssid->next)
552 			wpas_notify_network_removed(wpa_s, ssid);
553 	}
554 
555 	os_free(wpa_s->confname);
556 	wpa_s->confname = NULL;
557 
558 	os_free(wpa_s->confanother);
559 	wpa_s->confanother = NULL;
560 
561 	os_free(wpa_s->last_con_fail_realm);
562 	wpa_s->last_con_fail_realm = NULL;
563 	wpa_s->last_con_fail_realm_len = 0;
564 
565 	wpa_sm_set_eapol(wpa_s->wpa, NULL);
566 	eapol_sm_deinit(wpa_s->eapol);
567 	wpa_s->eapol = NULL;
568 
569 	rsn_preauth_deinit(wpa_s->wpa);
570 
571 #ifdef CONFIG_TDLS
572 	wpa_tdls_deinit(wpa_s->wpa);
573 #endif /* CONFIG_TDLS */
574 
575 	wmm_ac_clear_saved_tspecs(wpa_s);
576 	pmksa_candidate_free(wpa_s->wpa);
577 	wpa_sm_deinit(wpa_s->wpa);
578 	wpa_s->wpa = NULL;
579 	wpa_blacklist_clear(wpa_s);
580 
581 	wpa_bss_deinit(wpa_s);
582 
583 	wpa_supplicant_cancel_delayed_sched_scan(wpa_s);
584 	wpa_supplicant_cancel_scan(wpa_s);
585 	wpa_supplicant_cancel_auth_timeout(wpa_s);
586 	eloop_cancel_timeout(wpa_supplicant_stop_countermeasures, wpa_s, NULL);
587 #ifdef CONFIG_DELAYED_MIC_ERROR_REPORT
588 	eloop_cancel_timeout(wpa_supplicant_delayed_mic_error_report,
589 			     wpa_s, NULL);
590 #endif /* CONFIG_DELAYED_MIC_ERROR_REPORT */
591 
592 	eloop_cancel_timeout(wpas_network_reenabled, wpa_s, NULL);
593 	eloop_cancel_timeout(wpas_clear_disabled_interface, wpa_s, NULL);
594 
595 	wpas_wps_deinit(wpa_s);
596 
597 	wpabuf_free(wpa_s->pending_eapol_rx);
598 	wpa_s->pending_eapol_rx = NULL;
599 
600 #ifdef CONFIG_IBSS_RSN
601 	ibss_rsn_deinit(wpa_s->ibss_rsn);
602 	wpa_s->ibss_rsn = NULL;
603 #endif /* CONFIG_IBSS_RSN */
604 
605 	sme_deinit(wpa_s);
606 
607 #ifdef CONFIG_AP
608 	wpa_supplicant_ap_deinit(wpa_s);
609 #endif /* CONFIG_AP */
610 
611 	wpas_p2p_deinit(wpa_s);
612 
613 #ifdef CONFIG_OFFCHANNEL
614 	offchannel_deinit(wpa_s);
615 #endif /* CONFIG_OFFCHANNEL */
616 
617 	wpa_supplicant_cancel_sched_scan(wpa_s);
618 
619 	os_free(wpa_s->next_scan_freqs);
620 	wpa_s->next_scan_freqs = NULL;
621 
622 	os_free(wpa_s->manual_scan_freqs);
623 	wpa_s->manual_scan_freqs = NULL;
624 	os_free(wpa_s->select_network_scan_freqs);
625 	wpa_s->select_network_scan_freqs = NULL;
626 
627 	os_free(wpa_s->manual_sched_scan_freqs);
628 	wpa_s->manual_sched_scan_freqs = NULL;
629 
630 	wpas_mac_addr_rand_scan_clear(wpa_s, MAC_ADDR_RAND_ALL);
631 
632 	/*
633 	 * Need to remove any pending gas-query radio work before the
634 	 * gas_query_deinit() call because gas_query::work has not yet been set
635 	 * for works that have not been started. gas_query_free() will be unable
636 	 * to cancel such pending radio works and once the pending gas-query
637 	 * radio work eventually gets removed, the deinit notification call to
638 	 * gas_query_start_cb() would result in dereferencing freed memory.
639 	 */
640 	if (wpa_s->radio)
641 		radio_remove_works(wpa_s, "gas-query", 0);
642 	gas_query_deinit(wpa_s->gas);
643 	wpa_s->gas = NULL;
644 	gas_server_deinit(wpa_s->gas_server);
645 	wpa_s->gas_server = NULL;
646 
647 	free_hw_features(wpa_s);
648 
649 	ieee802_1x_dealloc_kay_sm(wpa_s);
650 
651 	os_free(wpa_s->bssid_filter);
652 	wpa_s->bssid_filter = NULL;
653 
654 	os_free(wpa_s->disallow_aps_bssid);
655 	wpa_s->disallow_aps_bssid = NULL;
656 	os_free(wpa_s->disallow_aps_ssid);
657 	wpa_s->disallow_aps_ssid = NULL;
658 
659 	wnm_bss_keep_alive_deinit(wpa_s);
660 #ifdef CONFIG_WNM
661 	wnm_deallocate_memory(wpa_s);
662 #endif /* CONFIG_WNM */
663 
664 	ext_password_deinit(wpa_s->ext_pw);
665 	wpa_s->ext_pw = NULL;
666 
667 	wpabuf_free(wpa_s->last_gas_resp);
668 	wpa_s->last_gas_resp = NULL;
669 	wpabuf_free(wpa_s->prev_gas_resp);
670 	wpa_s->prev_gas_resp = NULL;
671 
672 	os_free(wpa_s->last_scan_res);
673 	wpa_s->last_scan_res = NULL;
674 
675 #ifdef CONFIG_HS20
676 	if (wpa_s->drv_priv)
677 		wpa_drv_configure_frame_filters(wpa_s, 0);
678 	hs20_deinit(wpa_s);
679 #endif /* CONFIG_HS20 */
680 
681 	for (i = 0; i < NUM_VENDOR_ELEM_FRAMES; i++) {
682 		wpabuf_free(wpa_s->vendor_elem[i]);
683 		wpa_s->vendor_elem[i] = NULL;
684 	}
685 
686 	wmm_ac_notify_disassoc(wpa_s);
687 
688 	wpa_s->sched_scan_plans_num = 0;
689 	os_free(wpa_s->sched_scan_plans);
690 	wpa_s->sched_scan_plans = NULL;
691 
692 #ifdef CONFIG_MBO
693 	wpa_s->non_pref_chan_num = 0;
694 	os_free(wpa_s->non_pref_chan);
695 	wpa_s->non_pref_chan = NULL;
696 #endif /* CONFIG_MBO */
697 
698 	free_bss_tmp_disallowed(wpa_s);
699 
700 	wpabuf_free(wpa_s->lci);
701 	wpa_s->lci = NULL;
702 	wpas_clear_beacon_rep_data(wpa_s);
703 
704 #ifdef CONFIG_PMKSA_CACHE_EXTERNAL
705 #ifdef CONFIG_MESH
706 	{
707 		struct external_pmksa_cache *entry;
708 
709 		while ((entry = dl_list_last(&wpa_s->mesh_external_pmksa_cache,
710 					     struct external_pmksa_cache,
711 					     list)) != NULL) {
712 			dl_list_del(&entry->list);
713 			os_free(entry->pmksa_cache);
714 			os_free(entry);
715 		}
716 	}
717 #endif /* CONFIG_MESH */
718 #endif /* CONFIG_PMKSA_CACHE_EXTERNAL */
719 
720 	wpas_flush_fils_hlp_req(wpa_s);
721 
722 	wpabuf_free(wpa_s->ric_ies);
723 	wpa_s->ric_ies = NULL;
724 
725 #ifdef CONFIG_DPP
726 	wpas_dpp_deinit(wpa_s);
727 	dpp_global_deinit(wpa_s->dpp);
728 	wpa_s->dpp = NULL;
729 #endif /* CONFIG_DPP */
730 }
731 
732 
733 /**
734  * wpa_clear_keys - Clear keys configured for the driver
735  * @wpa_s: Pointer to wpa_supplicant data
736  * @addr: Previously used BSSID or %NULL if not available
737  *
738  * This function clears the encryption keys that has been previously configured
739  * for the driver.
740  */
wpa_clear_keys(struct wpa_supplicant * wpa_s,const u8 * addr)741 void wpa_clear_keys(struct wpa_supplicant *wpa_s, const u8 *addr)
742 {
743 	int i, max = 6;
744 
745 	/* MLME-DELETEKEYS.request */
746 	for (i = 0; i < max; i++) {
747 		if (wpa_s->keys_cleared & BIT(i))
748 			continue;
749 		wpa_drv_set_key(wpa_s, WPA_ALG_NONE, NULL, i, 0, NULL, 0,
750 				NULL, 0, KEY_FLAG_GROUP);
751 	}
752 	/* Pairwise Key ID 1 for Extended Key ID is tracked in bit 15 */
753 	if (~wpa_s->keys_cleared & (BIT(0) | BIT(15)) && addr &&
754 	    !is_zero_ether_addr(addr)) {
755 		if (!(wpa_s->keys_cleared & BIT(0)))
756 			wpa_drv_set_key(wpa_s, WPA_ALG_NONE, addr, 0, 0, NULL,
757 					0, NULL, 0, KEY_FLAG_PAIRWISE);
758 		if (!(wpa_s->keys_cleared & BIT(15)))
759 			wpa_drv_set_key(wpa_s, WPA_ALG_NONE, addr, 1, 0, NULL,
760 					0, NULL, 0, KEY_FLAG_PAIRWISE);
761 		/* MLME-SETPROTECTION.request(None) */
762 		wpa_drv_mlme_setprotection(
763 			wpa_s, addr,
764 			MLME_SETPROTECTION_PROTECT_TYPE_NONE,
765 			MLME_SETPROTECTION_KEY_TYPE_PAIRWISE);
766 	}
767 	wpa_s->keys_cleared = (u32) -1;
768 }
769 
770 
771 /**
772  * wpa_supplicant_state_txt - Get the connection state name as a text string
773  * @state: State (wpa_state; WPA_*)
774  * Returns: The state name as a printable text string
775  */
wpa_supplicant_state_txt(enum wpa_states state)776 const char * wpa_supplicant_state_txt(enum wpa_states state)
777 {
778 	switch (state) {
779 	case WPA_DISCONNECTED:
780 		return "DISCONNECTED";
781 	case WPA_INACTIVE:
782 		return "INACTIVE";
783 	case WPA_INTERFACE_DISABLED:
784 		return "INTERFACE_DISABLED";
785 	case WPA_SCANNING:
786 		return "SCANNING";
787 	case WPA_AUTHENTICATING:
788 		return "AUTHENTICATING";
789 	case WPA_ASSOCIATING:
790 		return "ASSOCIATING";
791 	case WPA_ASSOCIATED:
792 		return "ASSOCIATED";
793 	case WPA_4WAY_HANDSHAKE:
794 		return "4WAY_HANDSHAKE";
795 	case WPA_GROUP_HANDSHAKE:
796 		return "GROUP_HANDSHAKE";
797 	case WPA_COMPLETED:
798 		return "COMPLETED";
799 	default:
800 		return "UNKNOWN";
801 	}
802 }
803 
804 
805 #ifdef CONFIG_BGSCAN
806 
wpa_supplicant_start_bgscan(struct wpa_supplicant * wpa_s)807 static void wpa_supplicant_start_bgscan(struct wpa_supplicant *wpa_s)
808 {
809 	const char *name;
810 
811 	if (wpa_s->current_ssid && wpa_s->current_ssid->bgscan)
812 		name = wpa_s->current_ssid->bgscan;
813 	else
814 		name = wpa_s->conf->bgscan;
815 	if (name == NULL || name[0] == '\0')
816 		return;
817 	if (wpas_driver_bss_selection(wpa_s))
818 		return;
819 	if (wpa_s->current_ssid == wpa_s->bgscan_ssid)
820 		return;
821 #ifdef CONFIG_P2P
822 	if (wpa_s->p2p_group_interface != NOT_P2P_GROUP_INTERFACE)
823 		return;
824 #endif /* CONFIG_P2P */
825 
826 	bgscan_deinit(wpa_s);
827 	if (wpa_s->current_ssid) {
828 		if (bgscan_init(wpa_s, wpa_s->current_ssid, name)) {
829 			wpa_dbg(wpa_s, MSG_DEBUG, "Failed to initialize "
830 				"bgscan");
831 			/*
832 			 * Live without bgscan; it is only used as a roaming
833 			 * optimization, so the initial connection is not
834 			 * affected.
835 			 */
836 		} else {
837 			struct wpa_scan_results *scan_res;
838 			wpa_s->bgscan_ssid = wpa_s->current_ssid;
839 			scan_res = wpa_supplicant_get_scan_results(wpa_s, NULL,
840 								   0);
841 			if (scan_res) {
842 				bgscan_notify_scan(wpa_s, scan_res);
843 				wpa_scan_results_free(scan_res);
844 			}
845 		}
846 	} else
847 		wpa_s->bgscan_ssid = NULL;
848 }
849 
850 
wpa_supplicant_stop_bgscan(struct wpa_supplicant * wpa_s)851 static void wpa_supplicant_stop_bgscan(struct wpa_supplicant *wpa_s)
852 {
853 	if (wpa_s->bgscan_ssid != NULL) {
854 		bgscan_deinit(wpa_s);
855 		wpa_s->bgscan_ssid = NULL;
856 	}
857 }
858 
859 #endif /* CONFIG_BGSCAN */
860 
861 
wpa_supplicant_start_autoscan(struct wpa_supplicant * wpa_s)862 static void wpa_supplicant_start_autoscan(struct wpa_supplicant *wpa_s)
863 {
864 	if (autoscan_init(wpa_s, 0))
865 		wpa_dbg(wpa_s, MSG_DEBUG, "Failed to initialize autoscan");
866 }
867 
868 
wpa_supplicant_stop_autoscan(struct wpa_supplicant * wpa_s)869 static void wpa_supplicant_stop_autoscan(struct wpa_supplicant *wpa_s)
870 {
871 	autoscan_deinit(wpa_s);
872 }
873 
874 
wpa_supplicant_reinit_autoscan(struct wpa_supplicant * wpa_s)875 void wpa_supplicant_reinit_autoscan(struct wpa_supplicant *wpa_s)
876 {
877 	if (wpa_s->wpa_state == WPA_DISCONNECTED ||
878 	    wpa_s->wpa_state == WPA_SCANNING) {
879 		autoscan_deinit(wpa_s);
880 		wpa_supplicant_start_autoscan(wpa_s);
881 	}
882 }
883 
884 
885 /**
886  * wpa_supplicant_set_state - Set current connection state
887  * @wpa_s: Pointer to wpa_supplicant data
888  * @state: The new connection state
889  *
890  * This function is called whenever the connection state changes, e.g.,
891  * association is completed for WPA/WPA2 4-Way Handshake is started.
892  */
wpa_supplicant_set_state(struct wpa_supplicant * wpa_s,enum wpa_states state)893 void wpa_supplicant_set_state(struct wpa_supplicant *wpa_s,
894 			      enum wpa_states state)
895 {
896 	enum wpa_states old_state = wpa_s->wpa_state;
897 #if defined(CONFIG_FILS) && defined(IEEE8021X_EAPOL)
898 	bool update_fils_connect_params = false;
899 #endif /* CONFIG_FILS && IEEE8021X_EAPOL */
900 
901 	wpa_dbg(wpa_s, MSG_DEBUG, "State: %s -> %s",
902 		wpa_supplicant_state_txt(wpa_s->wpa_state),
903 		wpa_supplicant_state_txt(state));
904 
905 	if (state == WPA_COMPLETED &&
906 	    os_reltime_initialized(&wpa_s->roam_start)) {
907 		os_reltime_age(&wpa_s->roam_start, &wpa_s->roam_time);
908 		wpa_s->roam_start.sec = 0;
909 		wpa_s->roam_start.usec = 0;
910 		wpas_notify_auth_changed(wpa_s);
911 		wpas_notify_roam_time(wpa_s);
912 		wpas_notify_roam_complete(wpa_s);
913 	} else if (state == WPA_DISCONNECTED &&
914 		   os_reltime_initialized(&wpa_s->roam_start)) {
915 		wpa_s->roam_start.sec = 0;
916 		wpa_s->roam_start.usec = 0;
917 		wpa_s->roam_time.sec = 0;
918 		wpa_s->roam_time.usec = 0;
919 		wpas_notify_roam_complete(wpa_s);
920 	}
921 
922 	if (state == WPA_INTERFACE_DISABLED) {
923 		/* Assure normal scan when interface is restored */
924 		wpa_s->normal_scans = 0;
925 	}
926 
927 	if (state == WPA_COMPLETED) {
928 		wpas_connect_work_done(wpa_s);
929 		/* Reinitialize normal_scan counter */
930 		wpa_s->normal_scans = 0;
931 	}
932 
933 #ifdef CONFIG_P2P
934 	/*
935 	 * P2PS client has to reply to Probe Request frames received on the
936 	 * group operating channel. Enable Probe Request frame reporting for
937 	 * P2P connected client in case p2p_cli_probe configuration property is
938 	 * set to 1.
939 	 */
940 	if (wpa_s->conf->p2p_cli_probe && wpa_s->current_ssid &&
941 	    wpa_s->current_ssid->mode == WPAS_MODE_INFRA &&
942 	    wpa_s->current_ssid->p2p_group) {
943 		if (state == WPA_COMPLETED && !wpa_s->p2p_cli_probe) {
944 			wpa_dbg(wpa_s, MSG_DEBUG,
945 				"P2P: Enable CLI Probe Request RX reporting");
946 			wpa_s->p2p_cli_probe =
947 				wpa_drv_probe_req_report(wpa_s, 1) >= 0;
948 		} else if (state != WPA_COMPLETED && wpa_s->p2p_cli_probe) {
949 			wpa_dbg(wpa_s, MSG_DEBUG,
950 				"P2P: Disable CLI Probe Request RX reporting");
951 			wpa_s->p2p_cli_probe = 0;
952 			wpa_drv_probe_req_report(wpa_s, 0);
953 		}
954 	}
955 #endif /* CONFIG_P2P */
956 
957 	if (state != WPA_SCANNING)
958 		wpa_supplicant_notify_scanning(wpa_s, 0);
959 
960 	if (state == WPA_COMPLETED && wpa_s->new_connection) {
961 		struct wpa_ssid *ssid = wpa_s->current_ssid;
962 		int fils_hlp_sent = 0;
963 
964 #ifdef CONFIG_SME
965 		if ((wpa_s->drv_flags & WPA_DRIVER_FLAGS_SME) &&
966 		    wpa_auth_alg_fils(wpa_s->sme.auth_alg))
967 			fils_hlp_sent = 1;
968 #endif /* CONFIG_SME */
969 		if (!(wpa_s->drv_flags & WPA_DRIVER_FLAGS_SME) &&
970 		    wpa_auth_alg_fils(wpa_s->auth_alg))
971 			fils_hlp_sent = 1;
972 
973 #if defined(CONFIG_CTRL_IFACE) || !defined(CONFIG_NO_STDOUT_DEBUG)
974 		wpa_msg(wpa_s, MSG_INFO, WPA_EVENT_CONNECTED "- Connection to "
975 			MACSTR " completed [id=%d id_str=%s%s]",
976 			MAC2STR(wpa_s->bssid),
977 			ssid ? ssid->id : -1,
978 			ssid && ssid->id_str ? ssid->id_str : "",
979 			fils_hlp_sent ? " FILS_HLP_SENT" : "");
980 #endif /* CONFIG_CTRL_IFACE || !CONFIG_NO_STDOUT_DEBUG */
981 		wpas_clear_temp_disabled(wpa_s, ssid, 1);
982 		wpa_blacklist_clear(wpa_s);
983 		wpa_s->extra_blacklist_count = 0;
984 		wpa_s->new_connection = 0;
985 		wpa_drv_set_operstate(wpa_s, 1);
986 #ifndef IEEE8021X_EAPOL
987 		wpa_drv_set_supp_port(wpa_s, 1);
988 #endif /* IEEE8021X_EAPOL */
989 		wpa_s->after_wps = 0;
990 		wpa_s->known_wps_freq = 0;
991 		wpas_p2p_completed(wpa_s);
992 
993 		sme_sched_obss_scan(wpa_s, 1);
994 
995 #if defined(CONFIG_FILS) && defined(IEEE8021X_EAPOL)
996 		if (!fils_hlp_sent && ssid && ssid->eap.erp)
997 			update_fils_connect_params = true;
998 #endif /* CONFIG_FILS && IEEE8021X_EAPOL */
999 #ifdef CONFIG_OWE
1000 		if (ssid && (ssid->key_mgmt & WPA_KEY_MGMT_OWE))
1001 			wpas_update_owe_connect_params(wpa_s);
1002 #endif /* CONFIG_OWE */
1003 	} else if (state == WPA_DISCONNECTED || state == WPA_ASSOCIATING ||
1004 		   state == WPA_ASSOCIATED) {
1005 		wpa_s->new_connection = 1;
1006 		wpa_drv_set_operstate(wpa_s, 0);
1007 #ifndef IEEE8021X_EAPOL
1008 		wpa_drv_set_supp_port(wpa_s, 0);
1009 #endif /* IEEE8021X_EAPOL */
1010 		sme_sched_obss_scan(wpa_s, 0);
1011 	}
1012 	wpa_s->wpa_state = state;
1013 
1014 #ifdef CONFIG_BGSCAN
1015 	if (state == WPA_COMPLETED)
1016 		wpa_supplicant_start_bgscan(wpa_s);
1017 	else if (state < WPA_ASSOCIATED)
1018 		wpa_supplicant_stop_bgscan(wpa_s);
1019 #endif /* CONFIG_BGSCAN */
1020 
1021 	if (state > WPA_SCANNING)
1022 		wpa_supplicant_stop_autoscan(wpa_s);
1023 
1024 	if (state == WPA_DISCONNECTED || state == WPA_INACTIVE)
1025 		wpa_supplicant_start_autoscan(wpa_s);
1026 
1027 	if (old_state >= WPA_ASSOCIATED && wpa_s->wpa_state < WPA_ASSOCIATED)
1028 		wmm_ac_notify_disassoc(wpa_s);
1029 
1030 	if (wpa_s->wpa_state != old_state) {
1031 		wpas_notify_state_changed(wpa_s, wpa_s->wpa_state, old_state);
1032 
1033 		/*
1034 		 * Notify the P2P Device interface about a state change in one
1035 		 * of the interfaces.
1036 		 */
1037 		wpas_p2p_indicate_state_change(wpa_s);
1038 
1039 		if (wpa_s->wpa_state == WPA_COMPLETED ||
1040 		    old_state == WPA_COMPLETED)
1041 			wpas_notify_auth_changed(wpa_s);
1042 #ifdef CONFIG_DPP2
1043 		if (wpa_s->wpa_state == WPA_COMPLETED)
1044 			wpas_dpp_connected(wpa_s);
1045 #endif /* CONFIG_DPP2 */
1046 	}
1047 #if defined(CONFIG_FILS) && defined(IEEE8021X_EAPOL)
1048 	if (update_fils_connect_params)
1049 		wpas_update_fils_connect_params(wpa_s);
1050 #endif /* CONFIG_FILS && IEEE8021X_EAPOL */
1051 }
1052 
1053 
wpa_supplicant_terminate_proc(struct wpa_global * global)1054 void wpa_supplicant_terminate_proc(struct wpa_global *global)
1055 {
1056 	int pending = 0;
1057 #ifdef CONFIG_WPS
1058 	struct wpa_supplicant *wpa_s = global->ifaces;
1059 	while (wpa_s) {
1060 		struct wpa_supplicant *next = wpa_s->next;
1061 		if (wpas_wps_terminate_pending(wpa_s) == 1)
1062 			pending = 1;
1063 #ifdef CONFIG_P2P
1064 		if (wpa_s->p2p_group_interface != NOT_P2P_GROUP_INTERFACE ||
1065 		    (wpa_s->current_ssid && wpa_s->current_ssid->p2p_group))
1066 			wpas_p2p_disconnect(wpa_s);
1067 #endif /* CONFIG_P2P */
1068 		wpa_s = next;
1069 	}
1070 #endif /* CONFIG_WPS */
1071 	if (pending)
1072 		return;
1073 	eloop_terminate();
1074 }
1075 
1076 
wpa_supplicant_terminate(int sig,void * signal_ctx)1077 static void wpa_supplicant_terminate(int sig, void *signal_ctx)
1078 {
1079 	struct wpa_global *global = signal_ctx;
1080 	wpa_supplicant_terminate_proc(global);
1081 }
1082 
1083 
wpa_supplicant_clear_status(struct wpa_supplicant * wpa_s)1084 void wpa_supplicant_clear_status(struct wpa_supplicant *wpa_s)
1085 {
1086 	enum wpa_states old_state = wpa_s->wpa_state;
1087 
1088 	wpa_s->pairwise_cipher = 0;
1089 	wpa_s->group_cipher = 0;
1090 	wpa_s->mgmt_group_cipher = 0;
1091 	wpa_s->key_mgmt = 0;
1092 	if (wpa_s->wpa_state != WPA_INTERFACE_DISABLED)
1093 		wpa_supplicant_set_state(wpa_s, WPA_DISCONNECTED);
1094 
1095 	if (wpa_s->wpa_state != old_state)
1096 		wpas_notify_state_changed(wpa_s, wpa_s->wpa_state, old_state);
1097 }
1098 
1099 
1100 /**
1101  * wpa_supplicant_reload_configuration - Reload configuration data
1102  * @wpa_s: Pointer to wpa_supplicant data
1103  * Returns: 0 on success or -1 if configuration parsing failed
1104  *
1105  * This function can be used to request that the configuration data is reloaded
1106  * (e.g., after configuration file change). This function is reloading
1107  * configuration only for one interface, so this may need to be called multiple
1108  * times if %wpa_supplicant is controlling multiple interfaces and all
1109  * interfaces need reconfiguration.
1110  */
wpa_supplicant_reload_configuration(struct wpa_supplicant * wpa_s)1111 int wpa_supplicant_reload_configuration(struct wpa_supplicant *wpa_s)
1112 {
1113 	struct wpa_config *conf;
1114 	int reconf_ctrl;
1115 	int old_ap_scan;
1116 
1117 	if (wpa_s->confname == NULL)
1118 		return -1;
1119 	conf = wpa_config_read(wpa_s->confname, NULL);
1120 	if (conf == NULL) {
1121 		wpa_msg(wpa_s, MSG_ERROR, "Failed to parse the configuration "
1122 			"file '%s' - exiting", wpa_s->confname);
1123 		return -1;
1124 	}
1125 	if (wpa_s->confanother &&
1126 	    !wpa_config_read(wpa_s->confanother, conf)) {
1127 		wpa_msg(wpa_s, MSG_ERROR,
1128 			"Failed to parse the configuration file '%s' - exiting",
1129 			wpa_s->confanother);
1130 		return -1;
1131 	}
1132 
1133 	conf->changed_parameters = (unsigned int) -1;
1134 
1135 	reconf_ctrl = !!conf->ctrl_interface != !!wpa_s->conf->ctrl_interface
1136 		|| (conf->ctrl_interface && wpa_s->conf->ctrl_interface &&
1137 		    os_strcmp(conf->ctrl_interface,
1138 			      wpa_s->conf->ctrl_interface) != 0);
1139 
1140 	if (reconf_ctrl) {
1141 		wpa_supplicant_ctrl_iface_deinit(wpa_s, wpa_s->ctrl_iface);
1142 		wpa_s->ctrl_iface = NULL;
1143 	}
1144 
1145 	eapol_sm_invalidate_cached_session(wpa_s->eapol);
1146 	if (wpa_s->current_ssid) {
1147 		if (wpa_s->wpa_state >= WPA_AUTHENTICATING)
1148 			wpa_s->own_disconnect_req = 1;
1149 		wpa_supplicant_deauthenticate(wpa_s,
1150 					      WLAN_REASON_DEAUTH_LEAVING);
1151 	}
1152 
1153 	/*
1154 	 * TODO: should notify EAPOL SM about changes in opensc_engine_path,
1155 	 * pkcs11_engine_path, pkcs11_module_path, openssl_ciphers.
1156 	 */
1157 	if (wpa_key_mgmt_wpa_psk(wpa_s->key_mgmt) ||
1158 	    wpa_s->key_mgmt == WPA_KEY_MGMT_OWE ||
1159 	    wpa_s->key_mgmt == WPA_KEY_MGMT_DPP) {
1160 		/*
1161 		 * Clear forced success to clear EAP state for next
1162 		 * authentication.
1163 		 */
1164 		eapol_sm_notify_eap_success(wpa_s->eapol, false);
1165 	}
1166 	eapol_sm_notify_config(wpa_s->eapol, NULL, NULL);
1167 	wpa_sm_set_config(wpa_s->wpa, NULL);
1168 	wpa_sm_pmksa_cache_flush(wpa_s->wpa, NULL);
1169 	wpa_sm_set_fast_reauth(wpa_s->wpa, wpa_s->conf->fast_reauth);
1170 	rsn_preauth_deinit(wpa_s->wpa);
1171 
1172 	old_ap_scan = wpa_s->conf->ap_scan;
1173 	wpa_config_free(wpa_s->conf);
1174 	wpa_s->conf = conf;
1175 	if (old_ap_scan != wpa_s->conf->ap_scan)
1176 		wpas_notify_ap_scan_changed(wpa_s);
1177 
1178 	if (reconf_ctrl)
1179 		wpa_s->ctrl_iface = wpa_supplicant_ctrl_iface_init(wpa_s);
1180 
1181 	wpa_supplicant_update_config(wpa_s);
1182 
1183 	wpa_supplicant_clear_status(wpa_s);
1184 	if (wpa_supplicant_enabled_networks(wpa_s)) {
1185 		wpa_s->reassociate = 1;
1186 		wpa_supplicant_req_scan(wpa_s, 0, 0);
1187 	}
1188 	wpa_dbg(wpa_s, MSG_DEBUG, "Reconfiguration completed");
1189 	return 0;
1190 }
1191 
1192 
wpa_supplicant_reconfig(int sig,void * signal_ctx)1193 static void wpa_supplicant_reconfig(int sig, void *signal_ctx)
1194 {
1195 	struct wpa_global *global = signal_ctx;
1196 	struct wpa_supplicant *wpa_s;
1197 	for (wpa_s = global->ifaces; wpa_s; wpa_s = wpa_s->next) {
1198 		wpa_dbg(wpa_s, MSG_DEBUG, "Signal %d received - reconfiguring",
1199 			sig);
1200 		if (wpa_supplicant_reload_configuration(wpa_s) < 0) {
1201 			wpa_supplicant_terminate_proc(global);
1202 		}
1203 	}
1204 
1205 	if (wpa_debug_reopen_file() < 0) {
1206 		/* Ignore errors since we cannot really do much to fix this */
1207 		wpa_printf(MSG_DEBUG, "Could not reopen debug log file");
1208 	}
1209 }
1210 
1211 
wpa_supplicant_suites_from_ai(struct wpa_supplicant * wpa_s,struct wpa_ssid * ssid,struct wpa_ie_data * ie)1212 static int wpa_supplicant_suites_from_ai(struct wpa_supplicant *wpa_s,
1213 					 struct wpa_ssid *ssid,
1214 					 struct wpa_ie_data *ie)
1215 {
1216 	int ret = wpa_sm_parse_own_wpa_ie(wpa_s->wpa, ie);
1217 	if (ret) {
1218 		if (ret == -2) {
1219 			wpa_msg(wpa_s, MSG_INFO, "WPA: Failed to parse WPA IE "
1220 				"from association info");
1221 		}
1222 		return -1;
1223 	}
1224 
1225 	wpa_dbg(wpa_s, MSG_DEBUG, "WPA: Using WPA IE from AssocReq to set "
1226 		"cipher suites");
1227 	if (!(ie->group_cipher & ssid->group_cipher)) {
1228 		wpa_msg(wpa_s, MSG_INFO, "WPA: Driver used disabled group "
1229 			"cipher 0x%x (mask 0x%x) - reject",
1230 			ie->group_cipher, ssid->group_cipher);
1231 		return -1;
1232 	}
1233 	if (!(ie->pairwise_cipher & ssid->pairwise_cipher)) {
1234 		wpa_msg(wpa_s, MSG_INFO, "WPA: Driver used disabled pairwise "
1235 			"cipher 0x%x (mask 0x%x) - reject",
1236 			ie->pairwise_cipher, ssid->pairwise_cipher);
1237 		return -1;
1238 	}
1239 	if (!(ie->key_mgmt & ssid->key_mgmt)) {
1240 		wpa_msg(wpa_s, MSG_INFO, "WPA: Driver used disabled key "
1241 			"management 0x%x (mask 0x%x) - reject",
1242 			ie->key_mgmt, ssid->key_mgmt);
1243 		return -1;
1244 	}
1245 
1246 	if (!(ie->capabilities & WPA_CAPABILITY_MFPC) &&
1247 	    wpas_get_ssid_pmf(wpa_s, ssid) == MGMT_FRAME_PROTECTION_REQUIRED) {
1248 		wpa_msg(wpa_s, MSG_INFO, "WPA: Driver associated with an AP "
1249 			"that does not support management frame protection - "
1250 			"reject");
1251 		return -1;
1252 	}
1253 
1254 	return 0;
1255 }
1256 
1257 
matching_ciphers(struct wpa_ssid * ssid,struct wpa_ie_data * ie,int freq)1258 static int matching_ciphers(struct wpa_ssid *ssid, struct wpa_ie_data *ie,
1259 			    int freq)
1260 {
1261 	if (!ie->has_group)
1262 		ie->group_cipher = wpa_default_rsn_cipher(freq);
1263 	if (!ie->has_pairwise)
1264 		ie->pairwise_cipher = wpa_default_rsn_cipher(freq);
1265 	return (ie->group_cipher & ssid->group_cipher) &&
1266 		(ie->pairwise_cipher & ssid->pairwise_cipher);
1267 }
1268 
1269 
1270 /**
1271  * wpa_supplicant_set_suites - Set authentication and encryption parameters
1272  * @wpa_s: Pointer to wpa_supplicant data
1273  * @bss: Scan results for the selected BSS, or %NULL if not available
1274  * @ssid: Configuration data for the selected network
1275  * @wpa_ie: Buffer for the WPA/RSN IE
1276  * @wpa_ie_len: Maximum wpa_ie buffer size on input. This is changed to be the
1277  * used buffer length in case the functions returns success.
1278  * Returns: 0 on success or -1 on failure
1279  *
1280  * This function is used to configure authentication and encryption parameters
1281  * based on the network configuration and scan result for the selected BSS (if
1282  * available).
1283  */
wpa_supplicant_set_suites(struct wpa_supplicant * wpa_s,struct wpa_bss * bss,struct wpa_ssid * ssid,u8 * wpa_ie,size_t * wpa_ie_len)1284 int wpa_supplicant_set_suites(struct wpa_supplicant *wpa_s,
1285 			      struct wpa_bss *bss, struct wpa_ssid *ssid,
1286 			      u8 *wpa_ie, size_t *wpa_ie_len)
1287 {
1288 	struct wpa_ie_data ie;
1289 	int sel, proto, sae_pwe;
1290 	const u8 *bss_wpa, *bss_rsn, *bss_rsnx, *bss_osen;
1291 
1292 	if (bss) {
1293 		bss_wpa = wpa_bss_get_vendor_ie(bss, WPA_IE_VENDOR_TYPE);
1294 		bss_rsn = wpa_bss_get_ie(bss, WLAN_EID_RSN);
1295 		bss_rsnx = wpa_bss_get_ie(bss, WLAN_EID_RSNX);
1296 		bss_osen = wpa_bss_get_vendor_ie(bss, OSEN_IE_VENDOR_TYPE);
1297 	} else {
1298 		bss_wpa = bss_rsn = bss_rsnx = bss_osen = NULL;
1299 	}
1300 
1301 	if (bss_rsn && (ssid->proto & WPA_PROTO_RSN) &&
1302 	    wpa_parse_wpa_ie(bss_rsn, 2 + bss_rsn[1], &ie) == 0 &&
1303 	    matching_ciphers(ssid, &ie, bss->freq) &&
1304 	    (ie.key_mgmt & ssid->key_mgmt)) {
1305 		wpa_dbg(wpa_s, MSG_DEBUG, "RSN: using IEEE 802.11i/D9.0");
1306 		proto = WPA_PROTO_RSN;
1307 	} else if (bss_wpa && (ssid->proto & WPA_PROTO_WPA) &&
1308 		   wpa_parse_wpa_ie(bss_wpa, 2 + bss_wpa[1], &ie) == 0 &&
1309 		   (ie.group_cipher & ssid->group_cipher) &&
1310 		   (ie.pairwise_cipher & ssid->pairwise_cipher) &&
1311 		   (ie.key_mgmt & ssid->key_mgmt)) {
1312 		wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using IEEE 802.11i/D3.0");
1313 		proto = WPA_PROTO_WPA;
1314 #ifdef CONFIG_HS20
1315 	} else if (bss_osen && (ssid->proto & WPA_PROTO_OSEN) &&
1316 		   wpa_parse_wpa_ie(bss_osen, 2 + bss_osen[1], &ie) == 0 &&
1317 		   (ie.group_cipher & ssid->group_cipher) &&
1318 		   (ie.pairwise_cipher & ssid->pairwise_cipher) &&
1319 		   (ie.key_mgmt & ssid->key_mgmt)) {
1320 		wpa_dbg(wpa_s, MSG_DEBUG, "HS 2.0: using OSEN");
1321 		proto = WPA_PROTO_OSEN;
1322 	} else if (bss_rsn && (ssid->proto & WPA_PROTO_OSEN) &&
1323 	    wpa_parse_wpa_ie(bss_rsn, 2 + bss_rsn[1], &ie) == 0 &&
1324 	    (ie.group_cipher & ssid->group_cipher) &&
1325 	    (ie.pairwise_cipher & ssid->pairwise_cipher) &&
1326 	    (ie.key_mgmt & ssid->key_mgmt)) {
1327 		wpa_dbg(wpa_s, MSG_DEBUG, "RSN: using OSEN (within RSN)");
1328 		proto = WPA_PROTO_RSN;
1329 #endif /* CONFIG_HS20 */
1330 	} else if (bss) {
1331 		wpa_msg(wpa_s, MSG_WARNING, "WPA: Failed to select WPA/RSN");
1332 		wpa_dbg(wpa_s, MSG_DEBUG,
1333 			"WPA: ssid proto=0x%x pairwise_cipher=0x%x group_cipher=0x%x key_mgmt=0x%x",
1334 			ssid->proto, ssid->pairwise_cipher, ssid->group_cipher,
1335 			ssid->key_mgmt);
1336 		wpa_dbg(wpa_s, MSG_DEBUG, "WPA: BSS " MACSTR " ssid='%s'%s%s%s",
1337 			MAC2STR(bss->bssid),
1338 			wpa_ssid_txt(bss->ssid, bss->ssid_len),
1339 			bss_wpa ? " WPA" : "",
1340 			bss_rsn ? " RSN" : "",
1341 			bss_osen ? " OSEN" : "");
1342 		if (bss_rsn) {
1343 			wpa_hexdump(MSG_DEBUG, "RSN", bss_rsn, 2 + bss_rsn[1]);
1344 			if (wpa_parse_wpa_ie(bss_rsn, 2 + bss_rsn[1], &ie)) {
1345 				wpa_dbg(wpa_s, MSG_DEBUG,
1346 					"Could not parse RSN element");
1347 			} else {
1348 				wpa_dbg(wpa_s, MSG_DEBUG,
1349 					"RSN: pairwise_cipher=0x%x group_cipher=0x%x key_mgmt=0x%x",
1350 					ie.pairwise_cipher, ie.group_cipher,
1351 					ie.key_mgmt);
1352 			}
1353 		}
1354 		if (bss_wpa) {
1355 			wpa_hexdump(MSG_DEBUG, "WPA", bss_wpa, 2 + bss_wpa[1]);
1356 			if (wpa_parse_wpa_ie(bss_wpa, 2 + bss_wpa[1], &ie)) {
1357 				wpa_dbg(wpa_s, MSG_DEBUG,
1358 					"Could not parse WPA element");
1359 			} else {
1360 				wpa_dbg(wpa_s, MSG_DEBUG,
1361 					"WPA: pairwise_cipher=0x%x group_cipher=0x%x key_mgmt=0x%x",
1362 					ie.pairwise_cipher, ie.group_cipher,
1363 					ie.key_mgmt);
1364 			}
1365 		}
1366 		return -1;
1367 	} else {
1368 		if (ssid->proto & WPA_PROTO_OSEN)
1369 			proto = WPA_PROTO_OSEN;
1370 		else if (ssid->proto & WPA_PROTO_RSN)
1371 			proto = WPA_PROTO_RSN;
1372 		else
1373 			proto = WPA_PROTO_WPA;
1374 		if (wpa_supplicant_suites_from_ai(wpa_s, ssid, &ie) < 0) {
1375 			os_memset(&ie, 0, sizeof(ie));
1376 			ie.group_cipher = ssid->group_cipher;
1377 			ie.pairwise_cipher = ssid->pairwise_cipher;
1378 			ie.key_mgmt = ssid->key_mgmt;
1379 			ie.mgmt_group_cipher = 0;
1380 			if (ssid->ieee80211w != NO_MGMT_FRAME_PROTECTION) {
1381 				if (ssid->group_mgmt_cipher &
1382 				    WPA_CIPHER_BIP_GMAC_256)
1383 					ie.mgmt_group_cipher =
1384 						WPA_CIPHER_BIP_GMAC_256;
1385 				else if (ssid->group_mgmt_cipher &
1386 					 WPA_CIPHER_BIP_CMAC_256)
1387 					ie.mgmt_group_cipher =
1388 						WPA_CIPHER_BIP_CMAC_256;
1389 				else if (ssid->group_mgmt_cipher &
1390 					 WPA_CIPHER_BIP_GMAC_128)
1391 					ie.mgmt_group_cipher =
1392 						WPA_CIPHER_BIP_GMAC_128;
1393 				else
1394 					ie.mgmt_group_cipher =
1395 						WPA_CIPHER_AES_128_CMAC;
1396 			}
1397 #ifdef CONFIG_OWE
1398 			if ((ssid->key_mgmt & WPA_KEY_MGMT_OWE) &&
1399 			    !ssid->owe_only &&
1400 			    !bss_wpa && !bss_rsn && !bss_osen) {
1401 				wpa_supplicant_set_non_wpa_policy(wpa_s, ssid);
1402 				wpa_s->wpa_proto = 0;
1403 				*wpa_ie_len = 0;
1404 				return 0;
1405 			}
1406 #endif /* CONFIG_OWE */
1407 			wpa_dbg(wpa_s, MSG_DEBUG, "WPA: Set cipher suites "
1408 				"based on configuration");
1409 		} else
1410 			proto = ie.proto;
1411 	}
1412 
1413 	wpa_dbg(wpa_s, MSG_DEBUG, "WPA: Selected cipher suites: group %d "
1414 		"pairwise %d key_mgmt %d proto %d",
1415 		ie.group_cipher, ie.pairwise_cipher, ie.key_mgmt, proto);
1416 	if (ssid->ieee80211w) {
1417 		wpa_dbg(wpa_s, MSG_DEBUG, "WPA: Selected mgmt group cipher %d",
1418 			ie.mgmt_group_cipher);
1419 	}
1420 
1421 	wpa_s->wpa_proto = proto;
1422 	wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_PROTO, proto);
1423 	wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_RSN_ENABLED,
1424 			 !!(ssid->proto & (WPA_PROTO_RSN | WPA_PROTO_OSEN)));
1425 
1426 	if (bss || !wpa_s->ap_ies_from_associnfo) {
1427 		if (wpa_sm_set_ap_wpa_ie(wpa_s->wpa, bss_wpa,
1428 					 bss_wpa ? 2 + bss_wpa[1] : 0) ||
1429 		    wpa_sm_set_ap_rsn_ie(wpa_s->wpa, bss_rsn,
1430 					 bss_rsn ? 2 + bss_rsn[1] : 0) ||
1431 		    wpa_sm_set_ap_rsnxe(wpa_s->wpa, bss_rsnx,
1432 					bss_rsnx ? 2 + bss_rsnx[1] : 0))
1433 			return -1;
1434 	}
1435 
1436 #ifdef CONFIG_NO_WPA
1437 	wpa_s->group_cipher = WPA_CIPHER_NONE;
1438 	wpa_s->pairwise_cipher = WPA_CIPHER_NONE;
1439 #else /* CONFIG_NO_WPA */
1440 	sel = ie.group_cipher & ssid->group_cipher;
1441 	wpa_dbg(wpa_s, MSG_DEBUG,
1442 		"WPA: AP group 0x%x network profile group 0x%x; available group 0x%x",
1443 		ie.group_cipher, ssid->group_cipher, sel);
1444 	wpa_s->group_cipher = wpa_pick_group_cipher(sel);
1445 	if (wpa_s->group_cipher < 0) {
1446 		wpa_msg(wpa_s, MSG_WARNING, "WPA: Failed to select group "
1447 			"cipher");
1448 		return -1;
1449 	}
1450 	wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using GTK %s",
1451 		wpa_cipher_txt(wpa_s->group_cipher));
1452 
1453 	sel = ie.pairwise_cipher & ssid->pairwise_cipher;
1454 	wpa_dbg(wpa_s, MSG_DEBUG,
1455 		"WPA: AP pairwise 0x%x network profile pairwise 0x%x; available pairwise 0x%x",
1456 		ie.pairwise_cipher, ssid->pairwise_cipher, sel);
1457 	wpa_s->pairwise_cipher = wpa_pick_pairwise_cipher(sel, 1);
1458 	if (wpa_s->pairwise_cipher < 0) {
1459 		wpa_msg(wpa_s, MSG_WARNING, "WPA: Failed to select pairwise "
1460 			"cipher");
1461 		return -1;
1462 	}
1463 	wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using PTK %s",
1464 		wpa_cipher_txt(wpa_s->pairwise_cipher));
1465 #endif /* CONFIG_NO_WPA */
1466 
1467 	sel = ie.key_mgmt & ssid->key_mgmt;
1468 #ifdef CONFIG_SAE
1469 	if (!(wpa_s->drv_flags & WPA_DRIVER_FLAGS_SAE))
1470 		sel &= ~(WPA_KEY_MGMT_SAE | WPA_KEY_MGMT_FT_SAE);
1471 #endif /* CONFIG_SAE */
1472 #ifdef CONFIG_IEEE80211R
1473 	if (!(wpa_s->drv_flags & (WPA_DRIVER_FLAGS_SME |
1474 				  WPA_DRIVER_FLAGS_UPDATE_FT_IES)))
1475 		sel &= ~WPA_KEY_MGMT_FT;
1476 #endif /* CONFIG_IEEE80211R */
1477 	wpa_dbg(wpa_s, MSG_DEBUG,
1478 		"WPA: AP key_mgmt 0x%x network profile key_mgmt 0x%x; available key_mgmt 0x%x",
1479 		ie.key_mgmt, ssid->key_mgmt, sel);
1480 	if (0) {
1481 #ifdef CONFIG_IEEE80211R
1482 #ifdef CONFIG_SHA384
1483 	} else if ((sel & WPA_KEY_MGMT_FT_IEEE8021X_SHA384) &&
1484 		   os_strcmp(wpa_supplicant_get_eap_mode(wpa_s), "LEAP") != 0) {
1485 		wpa_s->key_mgmt = WPA_KEY_MGMT_FT_IEEE8021X_SHA384;
1486 		wpa_dbg(wpa_s, MSG_DEBUG,
1487 			"WPA: using KEY_MGMT FT/802.1X-SHA384");
1488 		if (!ssid->ft_eap_pmksa_caching &&
1489 		    pmksa_cache_get_current(wpa_s->wpa)) {
1490 			/* PMKSA caching with FT may have interoperability
1491 			 * issues, so disable that case by default for now. */
1492 			wpa_dbg(wpa_s, MSG_DEBUG,
1493 				"WPA: Disable PMKSA caching for FT/802.1X connection");
1494 			pmksa_cache_clear_current(wpa_s->wpa);
1495 		}
1496 #endif /* CONFIG_SHA384 */
1497 #endif /* CONFIG_IEEE80211R */
1498 #ifdef CONFIG_SUITEB192
1499 	} else if (sel & WPA_KEY_MGMT_IEEE8021X_SUITE_B_192) {
1500 		wpa_s->key_mgmt = WPA_KEY_MGMT_IEEE8021X_SUITE_B_192;
1501 		wpa_dbg(wpa_s, MSG_DEBUG,
1502 			"WPA: using KEY_MGMT 802.1X with Suite B (192-bit)");
1503 #endif /* CONFIG_SUITEB192 */
1504 #ifdef CONFIG_SUITEB
1505 	} else if (sel & WPA_KEY_MGMT_IEEE8021X_SUITE_B) {
1506 		wpa_s->key_mgmt = WPA_KEY_MGMT_IEEE8021X_SUITE_B;
1507 		wpa_dbg(wpa_s, MSG_DEBUG,
1508 			"WPA: using KEY_MGMT 802.1X with Suite B");
1509 #endif /* CONFIG_SUITEB */
1510 #ifdef CONFIG_FILS
1511 #ifdef CONFIG_IEEE80211R
1512 	} else if (sel & WPA_KEY_MGMT_FT_FILS_SHA384) {
1513 		wpa_s->key_mgmt = WPA_KEY_MGMT_FT_FILS_SHA384;
1514 		wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using KEY_MGMT FT-FILS-SHA384");
1515 	} else if (sel & WPA_KEY_MGMT_FT_FILS_SHA256) {
1516 		wpa_s->key_mgmt = WPA_KEY_MGMT_FT_FILS_SHA256;
1517 		wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using KEY_MGMT FT-FILS-SHA256");
1518 #endif /* CONFIG_IEEE80211R */
1519 	} else if (sel & WPA_KEY_MGMT_FILS_SHA384) {
1520 		wpa_s->key_mgmt = WPA_KEY_MGMT_FILS_SHA384;
1521 		wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using KEY_MGMT FILS-SHA384");
1522 	} else if (sel & WPA_KEY_MGMT_FILS_SHA256) {
1523 		wpa_s->key_mgmt = WPA_KEY_MGMT_FILS_SHA256;
1524 		wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using KEY_MGMT FILS-SHA256");
1525 #endif /* CONFIG_FILS */
1526 #ifdef CONFIG_IEEE80211R
1527 	} else if ((sel & WPA_KEY_MGMT_FT_IEEE8021X) &&
1528 		   os_strcmp(wpa_supplicant_get_eap_mode(wpa_s), "LEAP") != 0) {
1529 		wpa_s->key_mgmt = WPA_KEY_MGMT_FT_IEEE8021X;
1530 		wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using KEY_MGMT FT/802.1X");
1531 		if (!ssid->ft_eap_pmksa_caching &&
1532 		    pmksa_cache_get_current(wpa_s->wpa)) {
1533 			/* PMKSA caching with FT may have interoperability
1534 			 * issues, so disable that case by default for now. */
1535 			wpa_dbg(wpa_s, MSG_DEBUG,
1536 				"WPA: Disable PMKSA caching for FT/802.1X connection");
1537 			pmksa_cache_clear_current(wpa_s->wpa);
1538 		}
1539 #endif /* CONFIG_IEEE80211R */
1540 #ifdef CONFIG_DPP
1541 	} else if (sel & WPA_KEY_MGMT_DPP) {
1542 		wpa_s->key_mgmt = WPA_KEY_MGMT_DPP;
1543 		wpa_dbg(wpa_s, MSG_DEBUG, "RSN: using KEY_MGMT DPP");
1544 #endif /* CONFIG_DPP */
1545 #ifdef CONFIG_SAE
1546 	} else if (sel & WPA_KEY_MGMT_FT_SAE) {
1547 		wpa_s->key_mgmt = WPA_KEY_MGMT_FT_SAE;
1548 		wpa_dbg(wpa_s, MSG_DEBUG, "RSN: using KEY_MGMT FT/SAE");
1549 	} else if (sel & WPA_KEY_MGMT_SAE) {
1550 		wpa_s->key_mgmt = WPA_KEY_MGMT_SAE;
1551 		wpa_dbg(wpa_s, MSG_DEBUG, "RSN: using KEY_MGMT SAE");
1552 #endif /* CONFIG_SAE */
1553 #ifdef CONFIG_IEEE80211R
1554 	} else if (sel & WPA_KEY_MGMT_FT_PSK) {
1555 		wpa_s->key_mgmt = WPA_KEY_MGMT_FT_PSK;
1556 		wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using KEY_MGMT FT/PSK");
1557 #endif /* CONFIG_IEEE80211R */
1558 	} else if (sel & WPA_KEY_MGMT_IEEE8021X_SHA256) {
1559 		wpa_s->key_mgmt = WPA_KEY_MGMT_IEEE8021X_SHA256;
1560 		wpa_dbg(wpa_s, MSG_DEBUG,
1561 			"WPA: using KEY_MGMT 802.1X with SHA256");
1562 	} else if (sel & WPA_KEY_MGMT_PSK_SHA256) {
1563 		wpa_s->key_mgmt = WPA_KEY_MGMT_PSK_SHA256;
1564 		wpa_dbg(wpa_s, MSG_DEBUG,
1565 			"WPA: using KEY_MGMT PSK with SHA256");
1566 	} else if (sel & WPA_KEY_MGMT_IEEE8021X) {
1567 		wpa_s->key_mgmt = WPA_KEY_MGMT_IEEE8021X;
1568 		wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using KEY_MGMT 802.1X");
1569 	} else if (sel & WPA_KEY_MGMT_PSK) {
1570 		wpa_s->key_mgmt = WPA_KEY_MGMT_PSK;
1571 		wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using KEY_MGMT WPA-PSK");
1572 	} else if (sel & WPA_KEY_MGMT_WPA_NONE) {
1573 		wpa_s->key_mgmt = WPA_KEY_MGMT_WPA_NONE;
1574 		wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using KEY_MGMT WPA-NONE");
1575 #ifdef CONFIG_HS20
1576 	} else if (sel & WPA_KEY_MGMT_OSEN) {
1577 		wpa_s->key_mgmt = WPA_KEY_MGMT_OSEN;
1578 		wpa_dbg(wpa_s, MSG_DEBUG, "HS 2.0: using KEY_MGMT OSEN");
1579 #endif /* CONFIG_HS20 */
1580 #ifdef CONFIG_OWE
1581 	} else if (sel & WPA_KEY_MGMT_OWE) {
1582 		wpa_s->key_mgmt = WPA_KEY_MGMT_OWE;
1583 		wpa_dbg(wpa_s, MSG_DEBUG, "RSN: using KEY_MGMT OWE");
1584 #endif /* CONFIG_OWE */
1585 	} else {
1586 		wpa_msg(wpa_s, MSG_WARNING, "WPA: Failed to select "
1587 			"authenticated key management type");
1588 		return -1;
1589 	}
1590 
1591 	wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_KEY_MGMT, wpa_s->key_mgmt);
1592 	wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_PAIRWISE,
1593 			 wpa_s->pairwise_cipher);
1594 	wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_GROUP, wpa_s->group_cipher);
1595 
1596 	if (!(ie.capabilities & WPA_CAPABILITY_MFPC) &&
1597 	    wpas_get_ssid_pmf(wpa_s, ssid) == MGMT_FRAME_PROTECTION_REQUIRED) {
1598 		wpa_msg(wpa_s, MSG_INFO,
1599 			"RSN: Management frame protection required but the selected AP does not enable it");
1600 		return -1;
1601 	}
1602 
1603 	sel = ie.mgmt_group_cipher;
1604 	if (ssid->group_mgmt_cipher)
1605 		sel &= ssid->group_mgmt_cipher;
1606 	if (wpas_get_ssid_pmf(wpa_s, ssid) == NO_MGMT_FRAME_PROTECTION ||
1607 	    !(ie.capabilities & WPA_CAPABILITY_MFPC))
1608 		sel = 0;
1609 	wpa_dbg(wpa_s, MSG_DEBUG,
1610 		"WPA: AP mgmt_group_cipher 0x%x network profile mgmt_group_cipher 0x%x; available mgmt_group_cipher 0x%x",
1611 		ie.mgmt_group_cipher, ssid->group_mgmt_cipher, sel);
1612 	if (sel & WPA_CIPHER_AES_128_CMAC) {
1613 		wpa_s->mgmt_group_cipher = WPA_CIPHER_AES_128_CMAC;
1614 		wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using MGMT group cipher "
1615 			"AES-128-CMAC");
1616 	} else if (sel & WPA_CIPHER_BIP_GMAC_128) {
1617 		wpa_s->mgmt_group_cipher = WPA_CIPHER_BIP_GMAC_128;
1618 		wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using MGMT group cipher "
1619 			"BIP-GMAC-128");
1620 	} else if (sel & WPA_CIPHER_BIP_GMAC_256) {
1621 		wpa_s->mgmt_group_cipher = WPA_CIPHER_BIP_GMAC_256;
1622 		wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using MGMT group cipher "
1623 			"BIP-GMAC-256");
1624 	} else if (sel & WPA_CIPHER_BIP_CMAC_256) {
1625 		wpa_s->mgmt_group_cipher = WPA_CIPHER_BIP_CMAC_256;
1626 		wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using MGMT group cipher "
1627 			"BIP-CMAC-256");
1628 	} else {
1629 		wpa_s->mgmt_group_cipher = 0;
1630 		wpa_dbg(wpa_s, MSG_DEBUG, "WPA: not using MGMT group cipher");
1631 	}
1632 	wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_MGMT_GROUP,
1633 			 wpa_s->mgmt_group_cipher);
1634 	wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_MFP,
1635 			 wpas_get_ssid_pmf(wpa_s, ssid));
1636 #ifdef CONFIG_OCV
1637 	wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_OCV, ssid->ocv);
1638 #endif /* CONFIG_OCV */
1639 	sae_pwe = wpa_s->conf->sae_pwe;
1640 	if (ssid->sae_password_id && sae_pwe != 3)
1641 		sae_pwe = 1;
1642 	wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_SAE_PWE, sae_pwe);
1643 #ifdef CONFIG_TESTING_OPTIONS
1644 	wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_FT_RSNXE_USED,
1645 			 wpa_s->ft_rsnxe_used);
1646 #endif /* CONFIG_TESTING_OPTIONS */
1647 
1648 	/* Extended Key ID is only supported in infrastructure BSS so far */
1649 	if (ssid->mode == WPAS_MODE_INFRA && wpa_s->conf->extended_key_id &&
1650 	    (ssid->proto & WPA_PROTO_RSN) &&
1651 	    ssid->pairwise_cipher & (WPA_CIPHER_CCMP | WPA_CIPHER_CCMP_256 |
1652 				     WPA_CIPHER_GCMP | WPA_CIPHER_GCMP_256) &&
1653 	    (wpa_s->drv_flags & WPA_DRIVER_FLAGS_EXTENDED_KEY_ID)) {
1654 		int use_ext_key_id = 0;
1655 
1656 		wpa_msg(wpa_s, MSG_DEBUG,
1657 			"WPA: Enable Extended Key ID support");
1658 		wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_EXT_KEY_ID,
1659 				 wpa_s->conf->extended_key_id);
1660 		if (bss_rsn &&
1661 		    wpa_s->conf->extended_key_id &&
1662 		    wpa_s->pairwise_cipher != WPA_CIPHER_TKIP &&
1663 		    (ie.capabilities & WPA_CAPABILITY_EXT_KEY_ID_FOR_UNICAST))
1664 			use_ext_key_id = 1;
1665 		wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_USE_EXT_KEY_ID,
1666 				 use_ext_key_id);
1667 	} else {
1668 		wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_EXT_KEY_ID, 0);
1669 		wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_USE_EXT_KEY_ID, 0);
1670 	}
1671 
1672 	if (wpa_sm_set_assoc_wpa_ie_default(wpa_s->wpa, wpa_ie, wpa_ie_len)) {
1673 		wpa_msg(wpa_s, MSG_WARNING, "WPA: Failed to generate WPA IE");
1674 		return -1;
1675 	}
1676 
1677 	wpa_s->rsnxe_len = sizeof(wpa_s->rsnxe);
1678 	if (wpa_sm_set_assoc_rsnxe_default(wpa_s->wpa, wpa_s->rsnxe,
1679 					   &wpa_s->rsnxe_len)) {
1680 		wpa_msg(wpa_s, MSG_WARNING, "RSN: Failed to generate RSNXE");
1681 		return -1;
1682 	}
1683 
1684 	if (0) {
1685 #ifdef CONFIG_DPP
1686 	} else if (wpa_s->key_mgmt == WPA_KEY_MGMT_DPP) {
1687 		/* Use PMK from DPP network introduction (PMKSA entry) */
1688 		wpa_sm_set_pmk_from_pmksa(wpa_s->wpa);
1689 #ifdef CONFIG_DPP2
1690 		wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_DPP_PFS, ssid->dpp_pfs);
1691 #endif /* CONFIG_DPP2 */
1692 #endif /* CONFIG_DPP */
1693 	} else if (wpa_key_mgmt_wpa_psk(ssid->key_mgmt)) {
1694 		int psk_set = 0;
1695 		int sae_only;
1696 
1697 		sae_only = (ssid->key_mgmt & (WPA_KEY_MGMT_PSK |
1698 					      WPA_KEY_MGMT_FT_PSK |
1699 					      WPA_KEY_MGMT_PSK_SHA256)) == 0;
1700 
1701 		if (ssid->psk_set && !sae_only) {
1702 			wpa_hexdump_key(MSG_MSGDUMP, "PSK (set in config)",
1703 					ssid->psk, PMK_LEN);
1704 			wpa_sm_set_pmk(wpa_s->wpa, ssid->psk, PMK_LEN, NULL,
1705 				       NULL);
1706 			psk_set = 1;
1707 		}
1708 
1709 		if (wpa_key_mgmt_sae(ssid->key_mgmt) &&
1710 		    (ssid->sae_password || ssid->passphrase))
1711 			psk_set = 1;
1712 
1713 #ifndef CONFIG_NO_PBKDF2
1714 		if (bss && ssid->bssid_set && ssid->ssid_len == 0 &&
1715 		    ssid->passphrase && !sae_only) {
1716 			u8 psk[PMK_LEN];
1717 		        pbkdf2_sha1(ssid->passphrase, bss->ssid, bss->ssid_len,
1718 				    4096, psk, PMK_LEN);
1719 		        wpa_hexdump_key(MSG_MSGDUMP, "PSK (from passphrase)",
1720 					psk, PMK_LEN);
1721 			wpa_sm_set_pmk(wpa_s->wpa, psk, PMK_LEN, NULL, NULL);
1722 			psk_set = 1;
1723 			os_memset(psk, 0, sizeof(psk));
1724 		}
1725 #endif /* CONFIG_NO_PBKDF2 */
1726 #ifdef CONFIG_EXT_PASSWORD
1727 		if (ssid->ext_psk && !sae_only) {
1728 			struct wpabuf *pw = ext_password_get(wpa_s->ext_pw,
1729 							     ssid->ext_psk);
1730 			char pw_str[64 + 1];
1731 			u8 psk[PMK_LEN];
1732 
1733 			if (pw == NULL) {
1734 				wpa_msg(wpa_s, MSG_INFO, "EXT PW: No PSK "
1735 					"found from external storage");
1736 				return -1;
1737 			}
1738 
1739 			if (wpabuf_len(pw) < 8 || wpabuf_len(pw) > 64) {
1740 				wpa_msg(wpa_s, MSG_INFO, "EXT PW: Unexpected "
1741 					"PSK length %d in external storage",
1742 					(int) wpabuf_len(pw));
1743 				ext_password_free(pw);
1744 				return -1;
1745 			}
1746 
1747 			os_memcpy(pw_str, wpabuf_head(pw), wpabuf_len(pw));
1748 			pw_str[wpabuf_len(pw)] = '\0';
1749 
1750 #ifndef CONFIG_NO_PBKDF2
1751 			if (wpabuf_len(pw) >= 8 && wpabuf_len(pw) < 64 && bss)
1752 			{
1753 				pbkdf2_sha1(pw_str, bss->ssid, bss->ssid_len,
1754 					    4096, psk, PMK_LEN);
1755 				os_memset(pw_str, 0, sizeof(pw_str));
1756 				wpa_hexdump_key(MSG_MSGDUMP, "PSK (from "
1757 						"external passphrase)",
1758 						psk, PMK_LEN);
1759 				wpa_sm_set_pmk(wpa_s->wpa, psk, PMK_LEN, NULL,
1760 					       NULL);
1761 				psk_set = 1;
1762 				os_memset(psk, 0, sizeof(psk));
1763 			} else
1764 #endif /* CONFIG_NO_PBKDF2 */
1765 			if (wpabuf_len(pw) == 2 * PMK_LEN) {
1766 				if (hexstr2bin(pw_str, psk, PMK_LEN) < 0) {
1767 					wpa_msg(wpa_s, MSG_INFO, "EXT PW: "
1768 						"Invalid PSK hex string");
1769 					os_memset(pw_str, 0, sizeof(pw_str));
1770 					ext_password_free(pw);
1771 					return -1;
1772 				}
1773 				wpa_hexdump_key(MSG_MSGDUMP,
1774 						"PSK (from external PSK)",
1775 						psk, PMK_LEN);
1776 				wpa_sm_set_pmk(wpa_s->wpa, psk, PMK_LEN, NULL,
1777 					       NULL);
1778 				psk_set = 1;
1779 				os_memset(psk, 0, sizeof(psk));
1780 			} else {
1781 				wpa_msg(wpa_s, MSG_INFO, "EXT PW: No suitable "
1782 					"PSK available");
1783 				os_memset(pw_str, 0, sizeof(pw_str));
1784 				ext_password_free(pw);
1785 				return -1;
1786 			}
1787 
1788 			os_memset(pw_str, 0, sizeof(pw_str));
1789 			ext_password_free(pw);
1790 		}
1791 #endif /* CONFIG_EXT_PASSWORD */
1792 
1793 		if (!psk_set) {
1794 			wpa_msg(wpa_s, MSG_INFO,
1795 				"No PSK available for association");
1796 			wpas_auth_failed(wpa_s, "NO_PSK_AVAILABLE");
1797 			return -1;
1798 		}
1799 #ifdef CONFIG_OWE
1800 	} else if (wpa_s->key_mgmt == WPA_KEY_MGMT_OWE) {
1801 		/* OWE Diffie-Hellman exchange in (Re)Association
1802 		 * Request/Response frames set the PMK, so do not override it
1803 		 * here. */
1804 #endif /* CONFIG_OWE */
1805 	} else
1806 		wpa_sm_set_pmk_from_pmksa(wpa_s->wpa);
1807 
1808 	if (ssid->mode != WPAS_MODE_IBSS &&
1809 	    !(wpa_s->drv_flags & WPA_DRIVER_FLAGS_WIRED) &&
1810 	    (ssid->wpa_deny_ptk0_rekey == PTK0_REKEY_ALLOW_NEVER ||
1811 	     (ssid->wpa_deny_ptk0_rekey == PTK0_REKEY_ALLOW_LOCAL_OK &&
1812 	      !(wpa_s->drv_flags & WPA_DRIVER_FLAGS_SAFE_PTK0_REKEYS)))) {
1813 		wpa_msg(wpa_s, MSG_INFO,
1814 			"Disable PTK0 rekey support - replaced with reconnect");
1815 		wpa_s->deny_ptk0_rekey = 1;
1816 		wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_DENY_PTK0_REKEY, 1);
1817 	} else {
1818 		wpa_s->deny_ptk0_rekey = 0;
1819 		wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_DENY_PTK0_REKEY, 0);
1820 	}
1821 
1822 	return 0;
1823 }
1824 
1825 
wpas_ext_capab_byte(struct wpa_supplicant * wpa_s,u8 * pos,int idx)1826 static void wpas_ext_capab_byte(struct wpa_supplicant *wpa_s, u8 *pos, int idx)
1827 {
1828 	*pos = 0x00;
1829 
1830 	switch (idx) {
1831 	case 0: /* Bits 0-7 */
1832 		break;
1833 	case 1: /* Bits 8-15 */
1834 		if (wpa_s->conf->coloc_intf_reporting) {
1835 			/* Bit 13 - Collocated Interference Reporting */
1836 			*pos |= 0x20;
1837 		}
1838 		break;
1839 	case 2: /* Bits 16-23 */
1840 #ifdef CONFIG_WNM
1841 		*pos |= 0x02; /* Bit 17 - WNM-Sleep Mode */
1842 		if (!wpa_s->disable_mbo_oce && !wpa_s->conf->disable_btm)
1843 			*pos |= 0x08; /* Bit 19 - BSS Transition */
1844 #endif /* CONFIG_WNM */
1845 		break;
1846 	case 3: /* Bits 24-31 */
1847 #ifdef CONFIG_WNM
1848 		*pos |= 0x02; /* Bit 25 - SSID List */
1849 #endif /* CONFIG_WNM */
1850 #ifdef CONFIG_INTERWORKING
1851 		if (wpa_s->conf->interworking)
1852 			*pos |= 0x80; /* Bit 31 - Interworking */
1853 #endif /* CONFIG_INTERWORKING */
1854 		break;
1855 	case 4: /* Bits 32-39 */
1856 #ifdef CONFIG_INTERWORKING
1857 		if (wpa_s->drv_flags & WPA_DRIVER_FLAGS_QOS_MAPPING)
1858 			*pos |= 0x01; /* Bit 32 - QoS Map */
1859 #endif /* CONFIG_INTERWORKING */
1860 		break;
1861 	case 5: /* Bits 40-47 */
1862 #ifdef CONFIG_HS20
1863 		if (wpa_s->conf->hs20)
1864 			*pos |= 0x40; /* Bit 46 - WNM-Notification */
1865 #endif /* CONFIG_HS20 */
1866 #ifdef CONFIG_MBO
1867 		*pos |= 0x40; /* Bit 46 - WNM-Notification */
1868 #endif /* CONFIG_MBO */
1869 		break;
1870 	case 6: /* Bits 48-55 */
1871 		break;
1872 	case 7: /* Bits 56-63 */
1873 		break;
1874 	case 8: /* Bits 64-71 */
1875 		if (wpa_s->conf->ftm_responder)
1876 			*pos |= 0x40; /* Bit 70 - FTM responder */
1877 		if (wpa_s->conf->ftm_initiator)
1878 			*pos |= 0x80; /* Bit 71 - FTM initiator */
1879 		break;
1880 	case 9: /* Bits 72-79 */
1881 #ifdef CONFIG_FILS
1882 		if (!wpa_s->disable_fils)
1883 			*pos |= 0x01;
1884 #endif /* CONFIG_FILS */
1885 		break;
1886 	}
1887 }
1888 
1889 
wpas_build_ext_capab(struct wpa_supplicant * wpa_s,u8 * buf,size_t buflen)1890 int wpas_build_ext_capab(struct wpa_supplicant *wpa_s, u8 *buf, size_t buflen)
1891 {
1892 	u8 *pos = buf;
1893 	u8 len = 10, i;
1894 
1895 	if (len < wpa_s->extended_capa_len)
1896 		len = wpa_s->extended_capa_len;
1897 	if (buflen < (size_t) len + 2) {
1898 		wpa_printf(MSG_INFO,
1899 			   "Not enough room for building extended capabilities element");
1900 		return -1;
1901 	}
1902 
1903 	*pos++ = WLAN_EID_EXT_CAPAB;
1904 	*pos++ = len;
1905 	for (i = 0; i < len; i++, pos++) {
1906 		wpas_ext_capab_byte(wpa_s, pos, i);
1907 
1908 		if (i < wpa_s->extended_capa_len) {
1909 			*pos &= ~wpa_s->extended_capa_mask[i];
1910 			*pos |= wpa_s->extended_capa[i];
1911 		}
1912 	}
1913 
1914 	while (len > 0 && buf[1 + len] == 0) {
1915 		len--;
1916 		buf[1] = len;
1917 	}
1918 	if (len == 0)
1919 		return 0;
1920 
1921 	return 2 + len;
1922 }
1923 
1924 
wpas_valid_bss(struct wpa_supplicant * wpa_s,struct wpa_bss * test_bss)1925 static int wpas_valid_bss(struct wpa_supplicant *wpa_s,
1926 			  struct wpa_bss *test_bss)
1927 {
1928 	struct wpa_bss *bss;
1929 
1930 	dl_list_for_each(bss, &wpa_s->bss, struct wpa_bss, list) {
1931 		if (bss == test_bss)
1932 			return 1;
1933 	}
1934 
1935 	return 0;
1936 }
1937 
1938 
wpas_valid_ssid(struct wpa_supplicant * wpa_s,struct wpa_ssid * test_ssid)1939 static int wpas_valid_ssid(struct wpa_supplicant *wpa_s,
1940 			   struct wpa_ssid *test_ssid)
1941 {
1942 	struct wpa_ssid *ssid;
1943 
1944 	for (ssid = wpa_s->conf->ssid; ssid; ssid = ssid->next) {
1945 		if (ssid == test_ssid)
1946 			return 1;
1947 	}
1948 
1949 	return 0;
1950 }
1951 
1952 
wpas_valid_bss_ssid(struct wpa_supplicant * wpa_s,struct wpa_bss * test_bss,struct wpa_ssid * test_ssid)1953 int wpas_valid_bss_ssid(struct wpa_supplicant *wpa_s, struct wpa_bss *test_bss,
1954 			struct wpa_ssid *test_ssid)
1955 {
1956 	if (test_bss && !wpas_valid_bss(wpa_s, test_bss))
1957 		return 0;
1958 
1959 	return test_ssid == NULL || wpas_valid_ssid(wpa_s, test_ssid);
1960 }
1961 
1962 
wpas_connect_work_free(struct wpa_connect_work * cwork)1963 void wpas_connect_work_free(struct wpa_connect_work *cwork)
1964 {
1965 	if (cwork == NULL)
1966 		return;
1967 	os_free(cwork);
1968 }
1969 
1970 
wpas_connect_work_done(struct wpa_supplicant * wpa_s)1971 void wpas_connect_work_done(struct wpa_supplicant *wpa_s)
1972 {
1973 	struct wpa_connect_work *cwork;
1974 	struct wpa_radio_work *work = wpa_s->connect_work;
1975 
1976 	if (!work)
1977 		return;
1978 
1979 	wpa_s->connect_work = NULL;
1980 	cwork = work->ctx;
1981 	work->ctx = NULL;
1982 	wpas_connect_work_free(cwork);
1983 	radio_work_done(work);
1984 }
1985 
1986 
wpas_update_random_addr(struct wpa_supplicant * wpa_s,int style)1987 int wpas_update_random_addr(struct wpa_supplicant *wpa_s, int style)
1988 {
1989 	struct os_reltime now;
1990 	u8 addr[ETH_ALEN];
1991 
1992 	os_get_reltime(&now);
1993 	if (wpa_s->last_mac_addr_style == style &&
1994 	    wpa_s->last_mac_addr_change.sec != 0 &&
1995 	    !os_reltime_expired(&now, &wpa_s->last_mac_addr_change,
1996 				wpa_s->conf->rand_addr_lifetime)) {
1997 		wpa_msg(wpa_s, MSG_DEBUG,
1998 			"Previously selected random MAC address has not yet expired");
1999 		return 0;
2000 	}
2001 
2002 	switch (style) {
2003 	case 1:
2004 		if (random_mac_addr(addr) < 0)
2005 			return -1;
2006 		break;
2007 	case 2:
2008 		os_memcpy(addr, wpa_s->perm_addr, ETH_ALEN);
2009 		if (random_mac_addr_keep_oui(addr) < 0)
2010 			return -1;
2011 		break;
2012 	default:
2013 		return -1;
2014 	}
2015 
2016 	if (wpa_drv_set_mac_addr(wpa_s, addr) < 0) {
2017 		wpa_msg(wpa_s, MSG_INFO,
2018 			"Failed to set random MAC address");
2019 		return -1;
2020 	}
2021 
2022 	os_get_reltime(&wpa_s->last_mac_addr_change);
2023 	wpa_s->mac_addr_changed = 1;
2024 	wpa_s->last_mac_addr_style = style;
2025 
2026 	if (wpa_supplicant_update_mac_addr(wpa_s) < 0) {
2027 		wpa_msg(wpa_s, MSG_INFO,
2028 			"Could not update MAC address information");
2029 		return -1;
2030 	}
2031 
2032 	wpa_msg(wpa_s, MSG_DEBUG, "Using random MAC address " MACSTR,
2033 		MAC2STR(addr));
2034 
2035 	return 0;
2036 }
2037 
2038 
wpas_update_random_addr_disassoc(struct wpa_supplicant * wpa_s)2039 int wpas_update_random_addr_disassoc(struct wpa_supplicant *wpa_s)
2040 {
2041 	if (wpa_s->wpa_state >= WPA_AUTHENTICATING ||
2042 	    !wpa_s->conf->preassoc_mac_addr)
2043 		return 0;
2044 
2045 	return wpas_update_random_addr(wpa_s, wpa_s->conf->preassoc_mac_addr);
2046 }
2047 
2048 
wpa_s_setup_sae_pt(struct wpa_config * conf,struct wpa_ssid * ssid)2049 static void wpa_s_setup_sae_pt(struct wpa_config *conf, struct wpa_ssid *ssid)
2050 {
2051 #ifdef CONFIG_SAE
2052 	int *groups = conf->sae_groups;
2053 	int default_groups[] = { 19, 20, 21, 0 };
2054 	const char *password;
2055 
2056 	if (!groups || groups[0] <= 0)
2057 		groups = default_groups;
2058 
2059 	password = ssid->sae_password;
2060 	if (!password)
2061 		password = ssid->passphrase;
2062 
2063 	if ((conf->sae_pwe == 0 && !ssid->sae_password_id) || !password ||
2064 	    conf->sae_pwe == 3) {
2065 		/* PT derivation not needed */
2066 		sae_deinit_pt(ssid->pt);
2067 		ssid->pt = NULL;
2068 		return;
2069 	}
2070 
2071 	if (ssid->pt)
2072 		return; /* PT already derived */
2073 	ssid->pt = sae_derive_pt(groups, ssid->ssid, ssid->ssid_len,
2074 				 (const u8 *) password, os_strlen(password),
2075 				 ssid->sae_password_id);
2076 #endif /* CONFIG_SAE */
2077 }
2078 
2079 
wpa_s_clear_sae_rejected(struct wpa_supplicant * wpa_s)2080 static void wpa_s_clear_sae_rejected(struct wpa_supplicant *wpa_s)
2081 {
2082 #if defined(CONFIG_SAE) && defined(CONFIG_SME)
2083 	os_free(wpa_s->sme.sae_rejected_groups);
2084 	wpa_s->sme.sae_rejected_groups = NULL;
2085 #ifdef CONFIG_TESTING_OPTIONS
2086 	if (wpa_s->extra_sae_rejected_groups) {
2087 		int i, *groups = wpa_s->extra_sae_rejected_groups;
2088 
2089 		for (i = 0; groups[i]; i++) {
2090 			wpa_printf(MSG_DEBUG,
2091 				   "TESTING: Indicate rejection of an extra SAE group %d",
2092 				   groups[i]);
2093 			int_array_add_unique(&wpa_s->sme.sae_rejected_groups,
2094 					     groups[i]);
2095 		}
2096 	}
2097 #endif /* CONFIG_TESTING_OPTIONS */
2098 #endif /* CONFIG_SAE && CONFIG_SME */
2099 }
2100 
2101 
2102 static void wpas_start_assoc_cb(struct wpa_radio_work *work, int deinit);
2103 
2104 /**
2105  * wpa_supplicant_associate - Request association
2106  * @wpa_s: Pointer to wpa_supplicant data
2107  * @bss: Scan results for the selected BSS, or %NULL if not available
2108  * @ssid: Configuration data for the selected network
2109  *
2110  * This function is used to request %wpa_supplicant to associate with a BSS.
2111  */
wpa_supplicant_associate(struct wpa_supplicant * wpa_s,struct wpa_bss * bss,struct wpa_ssid * ssid)2112 void wpa_supplicant_associate(struct wpa_supplicant *wpa_s,
2113 			      struct wpa_bss *bss, struct wpa_ssid *ssid)
2114 {
2115 	struct wpa_connect_work *cwork;
2116 	int rand_style;
2117 
2118 	wpa_s->own_disconnect_req = 0;
2119 	wpa_s->own_reconnect_req = 0;
2120 
2121 	/*
2122 	 * If we are starting a new connection, any previously pending EAPOL
2123 	 * RX cannot be valid anymore.
2124 	 */
2125 	wpabuf_free(wpa_s->pending_eapol_rx);
2126 	wpa_s->pending_eapol_rx = NULL;
2127 
2128 	if (ssid->mac_addr == -1)
2129 		rand_style = wpa_s->conf->mac_addr;
2130 	else
2131 		rand_style = ssid->mac_addr;
2132 
2133 	wpa_s->multi_ap_ie = 0;
2134 	wmm_ac_clear_saved_tspecs(wpa_s);
2135 	wpa_s->reassoc_same_bss = 0;
2136 	wpa_s->reassoc_same_ess = 0;
2137 #ifdef CONFIG_TESTING_OPTIONS
2138 	wpa_s->testing_resend_assoc = 0;
2139 #endif /* CONFIG_TESTING_OPTIONS */
2140 
2141 	if (wpa_s->last_ssid == ssid) {
2142 		wpa_dbg(wpa_s, MSG_DEBUG, "Re-association to the same ESS");
2143 		wpa_s->reassoc_same_ess = 1;
2144 		if (wpa_s->current_bss && wpa_s->current_bss == bss) {
2145 			wmm_ac_save_tspecs(wpa_s);
2146 			wpa_s->reassoc_same_bss = 1;
2147 		} else if (wpa_s->current_bss && wpa_s->current_bss != bss) {
2148 			os_get_reltime(&wpa_s->roam_start);
2149 		}
2150 	} else {
2151 #ifdef CONFIG_SAE
2152 		wpa_s_clear_sae_rejected(wpa_s);
2153 		wpa_s_setup_sae_pt(wpa_s->conf, ssid);
2154 #endif /* CONFIG_SAE */
2155 	}
2156 
2157 	if (rand_style > 0 && !wpa_s->reassoc_same_ess) {
2158 		if (wpas_update_random_addr(wpa_s, rand_style) < 0)
2159 			return;
2160 		wpa_sm_pmksa_cache_flush(wpa_s->wpa, ssid);
2161 	} else if (rand_style == 0 && wpa_s->mac_addr_changed) {
2162 		if (wpa_drv_set_mac_addr(wpa_s, NULL) < 0) {
2163 			wpa_msg(wpa_s, MSG_INFO,
2164 				"Could not restore permanent MAC address");
2165 			return;
2166 		}
2167 		wpa_s->mac_addr_changed = 0;
2168 		if (wpa_supplicant_update_mac_addr(wpa_s) < 0) {
2169 			wpa_msg(wpa_s, MSG_INFO,
2170 				"Could not update MAC address information");
2171 			return;
2172 		}
2173 		wpa_msg(wpa_s, MSG_DEBUG, "Using permanent MAC address");
2174 	}
2175 	wpa_s->last_ssid = ssid;
2176 
2177 #ifdef CONFIG_IBSS_RSN
2178 	ibss_rsn_deinit(wpa_s->ibss_rsn);
2179 	wpa_s->ibss_rsn = NULL;
2180 #else /* CONFIG_IBSS_RSN */
2181 	if (ssid->mode == WPAS_MODE_IBSS &&
2182 	    !(ssid->key_mgmt & (WPA_KEY_MGMT_NONE | WPA_KEY_MGMT_WPA_NONE))) {
2183 		wpa_msg(wpa_s, MSG_INFO,
2184 			"IBSS RSN not supported in the build");
2185 		return;
2186 	}
2187 #endif /* CONFIG_IBSS_RSN */
2188 
2189 	if (ssid->mode == WPAS_MODE_AP || ssid->mode == WPAS_MODE_P2P_GO ||
2190 	    ssid->mode == WPAS_MODE_P2P_GROUP_FORMATION) {
2191 #ifdef CONFIG_AP
2192 		if (!(wpa_s->drv_flags & WPA_DRIVER_FLAGS_AP)) {
2193 			wpa_msg(wpa_s, MSG_INFO, "Driver does not support AP "
2194 				"mode");
2195 			return;
2196 		}
2197 		if (wpa_supplicant_create_ap(wpa_s, ssid) < 0) {
2198 			wpa_supplicant_set_state(wpa_s, WPA_DISCONNECTED);
2199 			if (ssid->mode == WPAS_MODE_P2P_GROUP_FORMATION)
2200 				wpas_p2p_ap_setup_failed(wpa_s);
2201 			return;
2202 		}
2203 		wpa_s->current_bss = bss;
2204 #else /* CONFIG_AP */
2205 		wpa_msg(wpa_s, MSG_ERROR, "AP mode support not included in "
2206 			"the build");
2207 #endif /* CONFIG_AP */
2208 		return;
2209 	}
2210 
2211 	if (ssid->mode == WPAS_MODE_MESH) {
2212 #ifdef CONFIG_MESH
2213 		if (!(wpa_s->drv_flags & WPA_DRIVER_FLAGS_MESH)) {
2214 			wpa_msg(wpa_s, MSG_INFO,
2215 				"Driver does not support mesh mode");
2216 			return;
2217 		}
2218 		if (bss)
2219 			ssid->frequency = bss->freq;
2220 		if (wpa_supplicant_join_mesh(wpa_s, ssid) < 0) {
2221 			wpa_msg(wpa_s, MSG_ERROR, "Could not join mesh");
2222 			return;
2223 		}
2224 		wpa_s->current_bss = bss;
2225 		wpa_msg(wpa_s, MSG_INFO, MESH_GROUP_STARTED "ssid=\"%s\" id=%d",
2226 			wpa_ssid_txt(ssid->ssid, ssid->ssid_len),
2227 			ssid->id);
2228 		wpas_notify_mesh_group_started(wpa_s, ssid);
2229 #else /* CONFIG_MESH */
2230 		wpa_msg(wpa_s, MSG_ERROR,
2231 			"mesh mode support not included in the build");
2232 #endif /* CONFIG_MESH */
2233 		return;
2234 	}
2235 
2236 	/*
2237 	 * Set WPA state machine configuration to match the selected network now
2238 	 * so that the information is available before wpas_start_assoc_cb()
2239 	 * gets called. This is needed at least for RSN pre-authentication where
2240 	 * candidate APs are added to a list based on scan result processing
2241 	 * before completion of the first association.
2242 	 */
2243 	wpa_supplicant_rsn_supp_set_config(wpa_s, ssid);
2244 
2245 #ifdef CONFIG_DPP
2246 	if (wpas_dpp_check_connect(wpa_s, ssid, bss) != 0)
2247 		return;
2248 #endif /* CONFIG_DPP */
2249 
2250 #ifdef CONFIG_TDLS
2251 	if (bss)
2252 		wpa_tdls_ap_ies(wpa_s->wpa, (const u8 *) (bss + 1),
2253 				bss->ie_len);
2254 #endif /* CONFIG_TDLS */
2255 
2256 #ifdef CONFIG_MBO
2257 	wpas_mbo_check_pmf(wpa_s, bss, ssid);
2258 #endif /* CONFIG_MBO */
2259 
2260 	if ((wpa_s->drv_flags & WPA_DRIVER_FLAGS_SME) &&
2261 	    ssid->mode == WPAS_MODE_INFRA) {
2262 		sme_authenticate(wpa_s, bss, ssid);
2263 		return;
2264 	}
2265 
2266 	if (wpa_s->connect_work) {
2267 		wpa_dbg(wpa_s, MSG_DEBUG, "Reject wpa_supplicant_associate() call since connect_work exist");
2268 		return;
2269 	}
2270 
2271 	if (radio_work_pending(wpa_s, "connect")) {
2272 		wpa_dbg(wpa_s, MSG_DEBUG, "Reject wpa_supplicant_associate() call since pending work exist");
2273 		return;
2274 	}
2275 
2276 #ifdef CONFIG_SME
2277 	if (ssid->mode == WPAS_MODE_IBSS || ssid->mode == WPAS_MODE_MESH) {
2278 		/* Clear possibly set auth_alg, if any, from last attempt. */
2279 		wpa_s->sme.auth_alg = WPA_AUTH_ALG_OPEN;
2280 	}
2281 #endif /* CONFIG_SME */
2282 
2283 	wpas_abort_ongoing_scan(wpa_s);
2284 
2285 	cwork = os_zalloc(sizeof(*cwork));
2286 	if (cwork == NULL)
2287 		return;
2288 
2289 	cwork->bss = bss;
2290 	cwork->ssid = ssid;
2291 
2292 	if (radio_add_work(wpa_s, bss ? bss->freq : 0, "connect", 1,
2293 			   wpas_start_assoc_cb, cwork) < 0) {
2294 		os_free(cwork);
2295 	}
2296 }
2297 
2298 
bss_is_ibss(struct wpa_bss * bss)2299 static int bss_is_ibss(struct wpa_bss *bss)
2300 {
2301 	return (bss->caps & (IEEE80211_CAP_ESS | IEEE80211_CAP_IBSS)) ==
2302 		IEEE80211_CAP_IBSS;
2303 }
2304 
2305 
drv_supports_vht(struct wpa_supplicant * wpa_s,const struct wpa_ssid * ssid)2306 static int drv_supports_vht(struct wpa_supplicant *wpa_s,
2307 			    const struct wpa_ssid *ssid)
2308 {
2309 	enum hostapd_hw_mode hw_mode;
2310 	struct hostapd_hw_modes *mode = NULL;
2311 	u8 channel;
2312 	int i;
2313 
2314 	hw_mode = ieee80211_freq_to_chan(ssid->frequency, &channel);
2315 	if (hw_mode == NUM_HOSTAPD_MODES)
2316 		return 0;
2317 	for (i = 0; wpa_s->hw.modes && i < wpa_s->hw.num_modes; i++) {
2318 		if (wpa_s->hw.modes[i].mode == hw_mode) {
2319 			mode = &wpa_s->hw.modes[i];
2320 			break;
2321 		}
2322 	}
2323 
2324 	if (!mode)
2325 		return 0;
2326 
2327 	return mode->vht_capab != 0;
2328 }
2329 
2330 
ibss_mesh_setup_freq(struct wpa_supplicant * wpa_s,const struct wpa_ssid * ssid,struct hostapd_freq_params * freq)2331 void ibss_mesh_setup_freq(struct wpa_supplicant *wpa_s,
2332 			  const struct wpa_ssid *ssid,
2333 			  struct hostapd_freq_params *freq)
2334 {
2335 	int ieee80211_mode = wpas_mode_to_ieee80211_mode(ssid->mode);
2336 	enum hostapd_hw_mode hw_mode;
2337 	struct hostapd_hw_modes *mode = NULL;
2338 	int ht40plus[] = { 36, 44, 52, 60, 100, 108, 116, 124, 132, 149, 157,
2339 			   184, 192 };
2340 	int vht80[] = { 36, 52, 100, 116, 132, 149 };
2341 	struct hostapd_channel_data *pri_chan = NULL, *sec_chan = NULL;
2342 	u8 channel;
2343 	int i, chan_idx, ht40 = -1, res, obss_scan = 1;
2344 	unsigned int j, k;
2345 	struct hostapd_freq_params vht_freq;
2346 	int chwidth, seg0, seg1;
2347 	u32 vht_caps = 0;
2348 	int is_24ghz;
2349 
2350 	freq->freq = ssid->frequency;
2351 
2352 	for (j = 0; j < wpa_s->last_scan_res_used; j++) {
2353 		struct wpa_bss *bss = wpa_s->last_scan_res[j];
2354 
2355 		if (ssid->mode != WPAS_MODE_IBSS)
2356 			break;
2357 
2358 		/* Don't adjust control freq in case of fixed_freq */
2359 		if (ssid->fixed_freq)
2360 			break;
2361 
2362 		if (!bss_is_ibss(bss))
2363 			continue;
2364 
2365 		if (ssid->ssid_len == bss->ssid_len &&
2366 		    os_memcmp(ssid->ssid, bss->ssid, bss->ssid_len) == 0) {
2367 			wpa_printf(MSG_DEBUG,
2368 				   "IBSS already found in scan results, adjust control freq: %d",
2369 				   bss->freq);
2370 			freq->freq = bss->freq;
2371 			obss_scan = 0;
2372 			break;
2373 		}
2374 	}
2375 
2376 	/* For IBSS check HT_IBSS flag */
2377 	if (ssid->mode == WPAS_MODE_IBSS &&
2378 	    !(wpa_s->drv_flags & WPA_DRIVER_FLAGS_HT_IBSS))
2379 		return;
2380 
2381 	if (wpa_s->group_cipher == WPA_CIPHER_WEP40 ||
2382 	    wpa_s->group_cipher == WPA_CIPHER_WEP104 ||
2383 	    wpa_s->pairwise_cipher == WPA_CIPHER_TKIP) {
2384 		wpa_printf(MSG_DEBUG,
2385 			   "IBSS: WEP/TKIP detected, do not try to enable HT");
2386 		return;
2387 	}
2388 
2389 	hw_mode = ieee80211_freq_to_chan(freq->freq, &channel);
2390 	for (i = 0; wpa_s->hw.modes && i < wpa_s->hw.num_modes; i++) {
2391 		if (wpa_s->hw.modes[i].mode == hw_mode) {
2392 			mode = &wpa_s->hw.modes[i];
2393 			break;
2394 		}
2395 	}
2396 
2397 	if (!mode)
2398 		return;
2399 
2400 	is_24ghz = hw_mode == HOSTAPD_MODE_IEEE80211G ||
2401 		hw_mode == HOSTAPD_MODE_IEEE80211B;
2402 
2403 #ifdef CONFIG_HT_OVERRIDES
2404 	if (ssid->disable_ht) {
2405 		freq->ht_enabled = 0;
2406 		return;
2407 	}
2408 #endif /* CONFIG_HT_OVERRIDES */
2409 
2410 	freq->ht_enabled = ht_supported(mode);
2411 	if (!freq->ht_enabled)
2412 		return;
2413 
2414 	/* Allow HE on 2.4 GHz without VHT: see nl80211_put_freq_params() */
2415 	if (is_24ghz)
2416 		freq->he_enabled = mode->he_capab[ieee80211_mode].he_supported;
2417 #ifdef CONFIG_HE_OVERRIDES
2418 	if (is_24ghz && ssid->disable_he)
2419 		freq->he_enabled = 0;
2420 #endif /* CONFIG_HE_OVERRIDES */
2421 
2422 	/* Setup higher BW only for 5 GHz */
2423 	if (mode->mode != HOSTAPD_MODE_IEEE80211A)
2424 		return;
2425 
2426 	for (chan_idx = 0; chan_idx < mode->num_channels; chan_idx++) {
2427 		pri_chan = &mode->channels[chan_idx];
2428 		if (pri_chan->chan == channel)
2429 			break;
2430 		pri_chan = NULL;
2431 	}
2432 	if (!pri_chan)
2433 		return;
2434 
2435 	/* Check primary channel flags */
2436 	if (pri_chan->flag & (HOSTAPD_CHAN_DISABLED | HOSTAPD_CHAN_NO_IR))
2437 		return;
2438 
2439 	freq->channel = pri_chan->chan;
2440 
2441 #ifdef CONFIG_HT_OVERRIDES
2442 	if (ssid->disable_ht40) {
2443 #ifdef CONFIG_VHT_OVERRIDES
2444 		if (ssid->disable_vht)
2445 			return;
2446 #endif /* CONFIG_VHT_OVERRIDES */
2447 		goto skip_ht40;
2448 	}
2449 #endif /* CONFIG_HT_OVERRIDES */
2450 
2451 	/* Check/setup HT40+/HT40- */
2452 	for (j = 0; j < ARRAY_SIZE(ht40plus); j++) {
2453 		if (ht40plus[j] == channel) {
2454 			ht40 = 1;
2455 			break;
2456 		}
2457 	}
2458 
2459 	/* Find secondary channel */
2460 	for (i = 0; i < mode->num_channels; i++) {
2461 		sec_chan = &mode->channels[i];
2462 		if (sec_chan->chan == channel + ht40 * 4)
2463 			break;
2464 		sec_chan = NULL;
2465 	}
2466 	if (!sec_chan)
2467 		return;
2468 
2469 	/* Check secondary channel flags */
2470 	if (sec_chan->flag & (HOSTAPD_CHAN_DISABLED | HOSTAPD_CHAN_NO_IR))
2471 		return;
2472 
2473 	if (ht40 == -1) {
2474 		if (!(pri_chan->flag & HOSTAPD_CHAN_HT40MINUS))
2475 			return;
2476 	} else {
2477 		if (!(pri_chan->flag & HOSTAPD_CHAN_HT40PLUS))
2478 			return;
2479 	}
2480 	freq->sec_channel_offset = ht40;
2481 
2482 	if (obss_scan) {
2483 		struct wpa_scan_results *scan_res;
2484 
2485 		scan_res = wpa_supplicant_get_scan_results(wpa_s, NULL, 0);
2486 		if (scan_res == NULL) {
2487 			/* Back to HT20 */
2488 			freq->sec_channel_offset = 0;
2489 			return;
2490 		}
2491 
2492 		res = check_40mhz_5g(scan_res, pri_chan, sec_chan);
2493 		switch (res) {
2494 		case 0:
2495 			/* Back to HT20 */
2496 			freq->sec_channel_offset = 0;
2497 			break;
2498 		case 1:
2499 			/* Configuration allowed */
2500 			break;
2501 		case 2:
2502 			/* Switch pri/sec channels */
2503 			freq->freq = hw_get_freq(mode, sec_chan->chan);
2504 			freq->sec_channel_offset = -freq->sec_channel_offset;
2505 			freq->channel = sec_chan->chan;
2506 			break;
2507 		default:
2508 			freq->sec_channel_offset = 0;
2509 			break;
2510 		}
2511 
2512 		wpa_scan_results_free(scan_res);
2513 	}
2514 
2515 #ifdef CONFIG_HT_OVERRIDES
2516 skip_ht40:
2517 #endif /* CONFIG_HT_OVERRIDES */
2518 	wpa_printf(MSG_DEBUG,
2519 		   "IBSS/mesh: setup freq channel %d, sec_channel_offset %d",
2520 		   freq->channel, freq->sec_channel_offset);
2521 
2522 	if (!drv_supports_vht(wpa_s, ssid))
2523 		return;
2524 
2525 	/* For IBSS check VHT_IBSS flag */
2526 	if (ssid->mode == WPAS_MODE_IBSS &&
2527 	    !(wpa_s->drv_flags & WPA_DRIVER_FLAGS_VHT_IBSS))
2528 		return;
2529 
2530 	vht_freq = *freq;
2531 
2532 #ifdef CONFIG_VHT_OVERRIDES
2533 	if (ssid->disable_vht) {
2534 		freq->vht_enabled = 0;
2535 		return;
2536 	}
2537 #endif /* CONFIG_VHT_OVERRIDES */
2538 
2539 	vht_freq.vht_enabled = vht_supported(mode);
2540 	if (!vht_freq.vht_enabled)
2541 		return;
2542 
2543 	/* Enable HE with VHT for 5 GHz */
2544 	freq->he_enabled = mode->he_capab[ieee80211_mode].he_supported;
2545 
2546 	/* setup center_freq1, bandwidth */
2547 	for (j = 0; j < ARRAY_SIZE(vht80); j++) {
2548 		if (freq->channel >= vht80[j] &&
2549 		    freq->channel < vht80[j] + 16)
2550 			break;
2551 	}
2552 
2553 	if (j == ARRAY_SIZE(vht80))
2554 		return;
2555 
2556 	for (i = vht80[j]; i < vht80[j] + 16; i += 4) {
2557 		struct hostapd_channel_data *chan;
2558 
2559 		chan = hw_get_channel_chan(mode, i, NULL);
2560 		if (!chan)
2561 			return;
2562 
2563 		/* Back to HT configuration if channel not usable */
2564 		if (chan->flag & (HOSTAPD_CHAN_DISABLED | HOSTAPD_CHAN_NO_IR))
2565 			return;
2566 	}
2567 
2568 	chwidth = CHANWIDTH_80MHZ;
2569 	seg0 = vht80[j] + 6;
2570 	seg1 = 0;
2571 
2572 	if (ssid->max_oper_chwidth == CHANWIDTH_80P80MHZ) {
2573 		/* setup center_freq2, bandwidth */
2574 		for (k = 0; k < ARRAY_SIZE(vht80); k++) {
2575 			/* Only accept 80 MHz segments separated by a gap */
2576 			if (j == k || abs(vht80[j] - vht80[k]) == 16)
2577 				continue;
2578 			for (i = vht80[k]; i < vht80[k] + 16; i += 4) {
2579 				struct hostapd_channel_data *chan;
2580 
2581 				chan = hw_get_channel_chan(mode, i, NULL);
2582 				if (!chan)
2583 					continue;
2584 
2585 				if (chan->flag & (HOSTAPD_CHAN_DISABLED |
2586 						  HOSTAPD_CHAN_NO_IR |
2587 						  HOSTAPD_CHAN_RADAR))
2588 					continue;
2589 
2590 				/* Found a suitable second segment for 80+80 */
2591 				chwidth = CHANWIDTH_80P80MHZ;
2592 				vht_caps |=
2593 					VHT_CAP_SUPP_CHAN_WIDTH_160_80PLUS80MHZ;
2594 				seg1 = vht80[k] + 6;
2595 			}
2596 
2597 			if (chwidth == CHANWIDTH_80P80MHZ)
2598 				break;
2599 		}
2600 	} else if (ssid->max_oper_chwidth == CHANWIDTH_160MHZ) {
2601 		if (freq->freq == 5180) {
2602 			chwidth = CHANWIDTH_160MHZ;
2603 			vht_caps |= VHT_CAP_SUPP_CHAN_WIDTH_160MHZ;
2604 			seg0 = 50;
2605 		} else if (freq->freq == 5520) {
2606 			chwidth = CHANWIDTH_160MHZ;
2607 			vht_caps |= VHT_CAP_SUPP_CHAN_WIDTH_160MHZ;
2608 			seg0 = 114;
2609 		}
2610 	} else if (ssid->max_oper_chwidth == CHANWIDTH_USE_HT) {
2611 		chwidth = CHANWIDTH_USE_HT;
2612 		seg0 = vht80[j] + 2;
2613 #ifdef CONFIG_HT_OVERRIDES
2614 		if (ssid->disable_ht40)
2615 			seg0 = 0;
2616 #endif /* CONFIG_HT_OVERRIDES */
2617 	}
2618 
2619 #ifdef CONFIG_HE_OVERRIDES
2620 	if (ssid->disable_he) {
2621 		vht_freq.he_enabled = 0;
2622 		freq->he_enabled = 0;
2623 	}
2624 #endif /* CONFIG_HE_OVERRIDES */
2625 	if (hostapd_set_freq_params(&vht_freq, mode->mode, freq->freq,
2626 				    freq->channel, ssid->enable_edmg,
2627 				    ssid->edmg_channel, freq->ht_enabled,
2628 				    vht_freq.vht_enabled, freq->he_enabled,
2629 				    freq->sec_channel_offset,
2630 				    chwidth, seg0, seg1, vht_caps,
2631 				    &mode->he_capab[ieee80211_mode]) != 0)
2632 		return;
2633 
2634 	*freq = vht_freq;
2635 
2636 	wpa_printf(MSG_DEBUG, "IBSS: VHT setup freq cf1 %d, cf2 %d, bw %d",
2637 		   freq->center_freq1, freq->center_freq2, freq->bandwidth);
2638 }
2639 
2640 
2641 #ifdef CONFIG_FILS
wpas_add_fils_hlp_req(struct wpa_supplicant * wpa_s,u8 * ie_buf,size_t ie_buf_len)2642 static size_t wpas_add_fils_hlp_req(struct wpa_supplicant *wpa_s, u8 *ie_buf,
2643 				    size_t ie_buf_len)
2644 {
2645 	struct fils_hlp_req *req;
2646 	size_t rem_len, hdr_len, hlp_len, len, ie_len = 0;
2647 	const u8 *pos;
2648 	u8 *buf = ie_buf;
2649 
2650 	dl_list_for_each(req, &wpa_s->fils_hlp_req, struct fils_hlp_req,
2651 			 list) {
2652 		rem_len = ie_buf_len - ie_len;
2653 		pos = wpabuf_head(req->pkt);
2654 		hdr_len = 1 + 2 * ETH_ALEN + 6;
2655 		hlp_len = wpabuf_len(req->pkt);
2656 
2657 		if (rem_len < 2 + hdr_len + hlp_len) {
2658 			wpa_printf(MSG_ERROR,
2659 				   "FILS: Cannot fit HLP - rem_len=%lu to_fill=%lu",
2660 				   (unsigned long) rem_len,
2661 				   (unsigned long) (2 + hdr_len + hlp_len));
2662 			break;
2663 		}
2664 
2665 		len = (hdr_len + hlp_len) > 255 ? 255 : hdr_len + hlp_len;
2666 		/* Element ID */
2667 		*buf++ = WLAN_EID_EXTENSION;
2668 		/* Length */
2669 		*buf++ = len;
2670 		/* Element ID Extension */
2671 		*buf++ = WLAN_EID_EXT_FILS_HLP_CONTAINER;
2672 		/* Destination MAC address */
2673 		os_memcpy(buf, req->dst, ETH_ALEN);
2674 		buf += ETH_ALEN;
2675 		/* Source MAC address */
2676 		os_memcpy(buf, wpa_s->own_addr, ETH_ALEN);
2677 		buf += ETH_ALEN;
2678 		/* LLC/SNAP Header */
2679 		os_memcpy(buf, "\xaa\xaa\x03\x00\x00\x00", 6);
2680 		buf += 6;
2681 		/* HLP Packet */
2682 		os_memcpy(buf, pos, len - hdr_len);
2683 		buf += len - hdr_len;
2684 		pos += len - hdr_len;
2685 
2686 		hlp_len -= len - hdr_len;
2687 		ie_len += 2 + len;
2688 		rem_len -= 2 + len;
2689 
2690 		while (hlp_len) {
2691 			len = (hlp_len > 255) ? 255 : hlp_len;
2692 			if (rem_len < 2 + len)
2693 				break;
2694 			*buf++ = WLAN_EID_FRAGMENT;
2695 			*buf++ = len;
2696 			os_memcpy(buf, pos, len);
2697 			buf += len;
2698 			pos += len;
2699 
2700 			hlp_len -= len;
2701 			ie_len += 2 + len;
2702 			rem_len -= 2 + len;
2703 		}
2704 	}
2705 
2706 	return ie_len;
2707 }
2708 
2709 
wpa_is_fils_supported(struct wpa_supplicant * wpa_s)2710 int wpa_is_fils_supported(struct wpa_supplicant *wpa_s)
2711 {
2712 	return (((wpa_s->drv_flags & WPA_DRIVER_FLAGS_SME) &&
2713 		 (wpa_s->drv_flags & WPA_DRIVER_FLAGS_SUPPORT_FILS)) ||
2714 		(!(wpa_s->drv_flags & WPA_DRIVER_FLAGS_SME) &&
2715 		 (wpa_s->drv_flags & WPA_DRIVER_FLAGS_FILS_SK_OFFLOAD)));
2716 }
2717 
2718 
wpa_is_fils_sk_pfs_supported(struct wpa_supplicant * wpa_s)2719 int wpa_is_fils_sk_pfs_supported(struct wpa_supplicant *wpa_s)
2720 {
2721 #ifdef CONFIG_FILS_SK_PFS
2722 	return (wpa_s->drv_flags & WPA_DRIVER_FLAGS_SME) &&
2723 		(wpa_s->drv_flags & WPA_DRIVER_FLAGS_SUPPORT_FILS);
2724 #else /* CONFIG_FILS_SK_PFS */
2725 	return 0;
2726 #endif /* CONFIG_FILS_SK_PFS */
2727 }
2728 
2729 #endif /* CONFIG_FILS */
2730 
2731 
wpas_populate_assoc_ies(struct wpa_supplicant * wpa_s,struct wpa_bss * bss,struct wpa_ssid * ssid,struct wpa_driver_associate_params * params,enum wpa_drv_update_connect_params_mask * mask)2732 static u8 * wpas_populate_assoc_ies(
2733 	struct wpa_supplicant *wpa_s,
2734 	struct wpa_bss *bss, struct wpa_ssid *ssid,
2735 	struct wpa_driver_associate_params *params,
2736 	enum wpa_drv_update_connect_params_mask *mask)
2737 {
2738 	u8 *wpa_ie;
2739 	size_t max_wpa_ie_len = 500;
2740 	size_t wpa_ie_len;
2741 	int algs = WPA_AUTH_ALG_OPEN;
2742 #ifdef CONFIG_MBO
2743 	const u8 *mbo_ie;
2744 #endif
2745 #if defined(CONFIG_SAE) || defined(CONFIG_FILS)
2746 	int pmksa_cached = 0;
2747 #endif /* CONFIG_SAE || CONFIG_FILS */
2748 #ifdef CONFIG_FILS
2749 	const u8 *realm, *username, *rrk;
2750 	size_t realm_len, username_len, rrk_len;
2751 	u16 next_seq_num;
2752 	struct fils_hlp_req *req;
2753 
2754 	dl_list_for_each(req, &wpa_s->fils_hlp_req, struct fils_hlp_req,
2755 			 list) {
2756 		max_wpa_ie_len += 3 + 2 * ETH_ALEN + 6 + wpabuf_len(req->pkt) +
2757 				  2 + 2 * wpabuf_len(req->pkt) / 255;
2758 	}
2759 #endif /* CONFIG_FILS */
2760 
2761 	wpa_ie = os_malloc(max_wpa_ie_len);
2762 	if (!wpa_ie) {
2763 		wpa_printf(MSG_ERROR,
2764 			   "Failed to allocate connect IE buffer for %lu bytes",
2765 			   (unsigned long) max_wpa_ie_len);
2766 		return NULL;
2767 	}
2768 
2769 	if (bss && (wpa_bss_get_vendor_ie(bss, WPA_IE_VENDOR_TYPE) ||
2770 		    wpa_bss_get_ie(bss, WLAN_EID_RSN)) &&
2771 	    wpa_key_mgmt_wpa(ssid->key_mgmt)) {
2772 		int try_opportunistic;
2773 		const u8 *cache_id = NULL;
2774 
2775 		try_opportunistic = (ssid->proactive_key_caching < 0 ?
2776 				     wpa_s->conf->okc :
2777 				     ssid->proactive_key_caching) &&
2778 			(ssid->proto & WPA_PROTO_RSN);
2779 #ifdef CONFIG_FILS
2780 		if (wpa_key_mgmt_fils(ssid->key_mgmt))
2781 			cache_id = wpa_bss_get_fils_cache_id(bss);
2782 #endif /* CONFIG_FILS */
2783 		if (pmksa_cache_set_current(wpa_s->wpa, NULL, bss->bssid,
2784 					    ssid, try_opportunistic,
2785 					    cache_id, 0) == 0) {
2786 			eapol_sm_notify_pmkid_attempt(wpa_s->eapol);
2787 #if defined(CONFIG_SAE) || defined(CONFIG_FILS)
2788 			pmksa_cached = 1;
2789 #endif /* CONFIG_SAE || CONFIG_FILS */
2790 		}
2791 		wpa_ie_len = max_wpa_ie_len;
2792 		if (wpa_supplicant_set_suites(wpa_s, bss, ssid,
2793 					      wpa_ie, &wpa_ie_len)) {
2794 			wpa_msg(wpa_s, MSG_WARNING, "WPA: Failed to set WPA "
2795 				"key management and encryption suites");
2796 			os_free(wpa_ie);
2797 			return NULL;
2798 		}
2799 #ifdef CONFIG_HS20
2800 	} else if (bss && wpa_bss_get_vendor_ie(bss, OSEN_IE_VENDOR_TYPE) &&
2801 		   (ssid->key_mgmt & WPA_KEY_MGMT_OSEN)) {
2802 		/* No PMKSA caching, but otherwise similar to RSN/WPA */
2803 		wpa_ie_len = max_wpa_ie_len;
2804 		if (wpa_supplicant_set_suites(wpa_s, bss, ssid,
2805 					      wpa_ie, &wpa_ie_len)) {
2806 			wpa_msg(wpa_s, MSG_WARNING, "WPA: Failed to set WPA "
2807 				"key management and encryption suites");
2808 			os_free(wpa_ie);
2809 			return NULL;
2810 		}
2811 #endif /* CONFIG_HS20 */
2812 	} else if ((ssid->key_mgmt & WPA_KEY_MGMT_IEEE8021X_NO_WPA) && bss &&
2813 		   wpa_key_mgmt_wpa_ieee8021x(ssid->key_mgmt)) {
2814 		/*
2815 		 * Both WPA and non-WPA IEEE 802.1X enabled in configuration -
2816 		 * use non-WPA since the scan results did not indicate that the
2817 		 * AP is using WPA or WPA2.
2818 		 */
2819 		wpa_supplicant_set_non_wpa_policy(wpa_s, ssid);
2820 		wpa_ie_len = 0;
2821 		wpa_s->wpa_proto = 0;
2822 	} else if (wpa_key_mgmt_wpa_any(ssid->key_mgmt)) {
2823 		wpa_ie_len = max_wpa_ie_len;
2824 		if (wpa_supplicant_set_suites(wpa_s, NULL, ssid,
2825 					      wpa_ie, &wpa_ie_len)) {
2826 			wpa_msg(wpa_s, MSG_WARNING, "WPA: Failed to set WPA "
2827 				"key management and encryption suites (no "
2828 				"scan results)");
2829 			os_free(wpa_ie);
2830 			return NULL;
2831 		}
2832 #ifdef CONFIG_WPS
2833 	} else if (ssid->key_mgmt & WPA_KEY_MGMT_WPS) {
2834 		struct wpabuf *wps_ie;
2835 		wps_ie = wps_build_assoc_req_ie(wpas_wps_get_req_type(ssid));
2836 		if (wps_ie && wpabuf_len(wps_ie) <= max_wpa_ie_len) {
2837 			wpa_ie_len = wpabuf_len(wps_ie);
2838 			os_memcpy(wpa_ie, wpabuf_head(wps_ie), wpa_ie_len);
2839 		} else
2840 			wpa_ie_len = 0;
2841 		wpabuf_free(wps_ie);
2842 		wpa_supplicant_set_non_wpa_policy(wpa_s, ssid);
2843 		if (!bss || (bss->caps & IEEE80211_CAP_PRIVACY))
2844 			params->wps = WPS_MODE_PRIVACY;
2845 		else
2846 			params->wps = WPS_MODE_OPEN;
2847 		wpa_s->wpa_proto = 0;
2848 #endif /* CONFIG_WPS */
2849 	} else {
2850 		wpa_supplicant_set_non_wpa_policy(wpa_s, ssid);
2851 		wpa_ie_len = 0;
2852 		wpa_s->wpa_proto = 0;
2853 	}
2854 
2855 #ifdef IEEE8021X_EAPOL
2856 	if (ssid->key_mgmt & WPA_KEY_MGMT_IEEE8021X_NO_WPA) {
2857 		if (ssid->leap) {
2858 			if (ssid->non_leap == 0)
2859 				algs = WPA_AUTH_ALG_LEAP;
2860 			else
2861 				algs |= WPA_AUTH_ALG_LEAP;
2862 		}
2863 	}
2864 
2865 #ifdef CONFIG_FILS
2866 	/* Clear FILS association */
2867 	wpa_sm_set_reset_fils_completed(wpa_s->wpa, 0);
2868 
2869 	if ((wpa_s->drv_flags & WPA_DRIVER_FLAGS_FILS_SK_OFFLOAD) &&
2870 	    ssid->eap.erp && wpa_key_mgmt_fils(wpa_s->key_mgmt) &&
2871 	    eapol_sm_get_erp_info(wpa_s->eapol, &ssid->eap, &username,
2872 				  &username_len, &realm, &realm_len,
2873 				  &next_seq_num, &rrk, &rrk_len) == 0 &&
2874 	    (!wpa_s->last_con_fail_realm ||
2875 	     wpa_s->last_con_fail_realm_len != realm_len ||
2876 	     os_memcmp(wpa_s->last_con_fail_realm, realm, realm_len) != 0)) {
2877 		algs = WPA_AUTH_ALG_FILS;
2878 		params->fils_erp_username = username;
2879 		params->fils_erp_username_len = username_len;
2880 		params->fils_erp_realm = realm;
2881 		params->fils_erp_realm_len = realm_len;
2882 		params->fils_erp_next_seq_num = next_seq_num;
2883 		params->fils_erp_rrk = rrk;
2884 		params->fils_erp_rrk_len = rrk_len;
2885 
2886 		if (mask)
2887 			*mask |= WPA_DRV_UPDATE_FILS_ERP_INFO;
2888 	} else if ((wpa_s->drv_flags & WPA_DRIVER_FLAGS_FILS_SK_OFFLOAD) &&
2889 		   ssid->eap.erp && wpa_key_mgmt_fils(wpa_s->key_mgmt) &&
2890 		   pmksa_cached) {
2891 		algs = WPA_AUTH_ALG_FILS;
2892 	}
2893 #endif /* CONFIG_FILS */
2894 #endif /* IEEE8021X_EAPOL */
2895 #ifdef CONFIG_SAE
2896 	if (wpa_s->key_mgmt & (WPA_KEY_MGMT_SAE | WPA_KEY_MGMT_FT_SAE))
2897 		algs = WPA_AUTH_ALG_SAE;
2898 #endif /* CONFIG_SAE */
2899 
2900 	wpa_dbg(wpa_s, MSG_DEBUG, "Automatic auth_alg selection: 0x%x", algs);
2901 	if (ssid->auth_alg) {
2902 		algs = ssid->auth_alg;
2903 		wpa_dbg(wpa_s, MSG_DEBUG,
2904 			"Overriding auth_alg selection: 0x%x", algs);
2905 	}
2906 
2907 #ifdef CONFIG_SAE
2908 	if (pmksa_cached && algs == WPA_AUTH_ALG_SAE) {
2909 		wpa_dbg(wpa_s, MSG_DEBUG,
2910 			"SAE: Use WPA_AUTH_ALG_OPEN for PMKSA caching attempt");
2911 		algs = WPA_AUTH_ALG_OPEN;
2912 	}
2913 #endif /* CONFIG_SAE */
2914 
2915 #ifdef CONFIG_P2P
2916 	if (wpa_s->global->p2p) {
2917 		u8 *pos;
2918 		size_t len;
2919 		int res;
2920 		pos = wpa_ie + wpa_ie_len;
2921 		len = max_wpa_ie_len - wpa_ie_len;
2922 		res = wpas_p2p_assoc_req_ie(wpa_s, bss, pos, len,
2923 					    ssid->p2p_group);
2924 		if (res >= 0)
2925 			wpa_ie_len += res;
2926 	}
2927 
2928 	wpa_s->cross_connect_disallowed = 0;
2929 	if (bss) {
2930 		struct wpabuf *p2p;
2931 		p2p = wpa_bss_get_vendor_ie_multi(bss, P2P_IE_VENDOR_TYPE);
2932 		if (p2p) {
2933 			wpa_s->cross_connect_disallowed =
2934 				p2p_get_cross_connect_disallowed(p2p);
2935 			wpabuf_free(p2p);
2936 			wpa_dbg(wpa_s, MSG_DEBUG, "P2P: WLAN AP %s cross "
2937 				"connection",
2938 				wpa_s->cross_connect_disallowed ?
2939 				"disallows" : "allows");
2940 		}
2941 	}
2942 
2943 	os_memset(wpa_s->p2p_ip_addr_info, 0, sizeof(wpa_s->p2p_ip_addr_info));
2944 #endif /* CONFIG_P2P */
2945 
2946 	if (bss) {
2947 		wpa_ie_len += wpas_supp_op_class_ie(wpa_s, ssid, bss,
2948 						    wpa_ie + wpa_ie_len,
2949 						    max_wpa_ie_len -
2950 						    wpa_ie_len);
2951 	}
2952 
2953 	/*
2954 	 * Workaround: Add Extended Capabilities element only if the AP
2955 	 * included this element in Beacon/Probe Response frames. Some older
2956 	 * APs seem to have interoperability issues if this element is
2957 	 * included, so while the standard may require us to include the
2958 	 * element in all cases, it is justifiable to skip it to avoid
2959 	 * interoperability issues.
2960 	 */
2961 	if (ssid->p2p_group)
2962 		wpa_drv_get_ext_capa(wpa_s, WPA_IF_P2P_CLIENT);
2963 	else
2964 		wpa_drv_get_ext_capa(wpa_s, WPA_IF_STATION);
2965 
2966 	if (!bss || wpa_bss_get_ie(bss, WLAN_EID_EXT_CAPAB)) {
2967 		u8 ext_capab[18];
2968 		int ext_capab_len;
2969 		ext_capab_len = wpas_build_ext_capab(wpa_s, ext_capab,
2970 						     sizeof(ext_capab));
2971 		if (ext_capab_len > 0 &&
2972 		    wpa_ie_len + ext_capab_len <= max_wpa_ie_len) {
2973 			u8 *pos = wpa_ie;
2974 			if (wpa_ie_len > 0 && pos[0] == WLAN_EID_RSN)
2975 				pos += 2 + pos[1];
2976 			os_memmove(pos + ext_capab_len, pos,
2977 				   wpa_ie_len - (pos - wpa_ie));
2978 			wpa_ie_len += ext_capab_len;
2979 			os_memcpy(pos, ext_capab, ext_capab_len);
2980 		}
2981 	}
2982 
2983 #ifdef CONFIG_HS20
2984 	if (is_hs20_network(wpa_s, ssid, bss)) {
2985 		struct wpabuf *hs20;
2986 
2987 		hs20 = wpabuf_alloc(20 + MAX_ROAMING_CONS_OI_LEN);
2988 		if (hs20) {
2989 			int pps_mo_id = hs20_get_pps_mo_id(wpa_s, ssid);
2990 			size_t len;
2991 
2992 			wpas_hs20_add_indication(hs20, pps_mo_id,
2993 						 get_hs20_version(bss));
2994 			wpas_hs20_add_roam_cons_sel(hs20, ssid);
2995 			len = max_wpa_ie_len - wpa_ie_len;
2996 			if (wpabuf_len(hs20) <= len) {
2997 				os_memcpy(wpa_ie + wpa_ie_len,
2998 					  wpabuf_head(hs20), wpabuf_len(hs20));
2999 				wpa_ie_len += wpabuf_len(hs20);
3000 			}
3001 			wpabuf_free(hs20);
3002 
3003 			hs20_configure_frame_filters(wpa_s);
3004 		}
3005 	}
3006 #endif /* CONFIG_HS20 */
3007 
3008 	if (wpa_s->vendor_elem[VENDOR_ELEM_ASSOC_REQ]) {
3009 		struct wpabuf *buf = wpa_s->vendor_elem[VENDOR_ELEM_ASSOC_REQ];
3010 		size_t len;
3011 
3012 		len = max_wpa_ie_len - wpa_ie_len;
3013 		if (wpabuf_len(buf) <= len) {
3014 			os_memcpy(wpa_ie + wpa_ie_len,
3015 				  wpabuf_head(buf), wpabuf_len(buf));
3016 			wpa_ie_len += wpabuf_len(buf);
3017 		}
3018 	}
3019 
3020 #ifdef CONFIG_FST
3021 	if (wpa_s->fst_ies) {
3022 		int fst_ies_len = wpabuf_len(wpa_s->fst_ies);
3023 
3024 		if (wpa_ie_len + fst_ies_len <= max_wpa_ie_len) {
3025 			os_memcpy(wpa_ie + wpa_ie_len,
3026 				  wpabuf_head(wpa_s->fst_ies), fst_ies_len);
3027 			wpa_ie_len += fst_ies_len;
3028 		}
3029 	}
3030 #endif /* CONFIG_FST */
3031 
3032 #ifdef CONFIG_MBO
3033 	mbo_ie = bss ? wpa_bss_get_vendor_ie(bss, MBO_IE_VENDOR_TYPE) : NULL;
3034 	if (!wpa_s->disable_mbo_oce && mbo_ie) {
3035 		int len;
3036 
3037 		len = wpas_mbo_ie(wpa_s, wpa_ie + wpa_ie_len,
3038 				  max_wpa_ie_len - wpa_ie_len,
3039 				  !!mbo_attr_from_mbo_ie(mbo_ie,
3040 							 OCE_ATTR_ID_CAPA_IND));
3041 		if (len >= 0)
3042 			wpa_ie_len += len;
3043 	}
3044 #endif /* CONFIG_MBO */
3045 
3046 #ifdef CONFIG_FILS
3047 	if (algs == WPA_AUTH_ALG_FILS) {
3048 		size_t len;
3049 
3050 		len = wpas_add_fils_hlp_req(wpa_s, wpa_ie + wpa_ie_len,
3051 					    max_wpa_ie_len - wpa_ie_len);
3052 		wpa_ie_len += len;
3053 	}
3054 #endif /* CONFIG_FILS */
3055 
3056 #ifdef CONFIG_OWE
3057 #ifdef CONFIG_TESTING_OPTIONS
3058 	if (get_ie_ext(wpa_ie, wpa_ie_len, WLAN_EID_EXT_OWE_DH_PARAM)) {
3059 		wpa_printf(MSG_INFO, "TESTING: Override OWE DH element");
3060 	} else
3061 #endif /* CONFIG_TESTING_OPTIONS */
3062 	if (algs == WPA_AUTH_ALG_OPEN &&
3063 	    ssid->key_mgmt == WPA_KEY_MGMT_OWE) {
3064 		struct wpabuf *owe_ie;
3065 		u16 group;
3066 
3067 		if (ssid->owe_group) {
3068 			group = ssid->owe_group;
3069 		} else if (wpa_s->assoc_status_code ==
3070 			   WLAN_STATUS_FINITE_CYCLIC_GROUP_NOT_SUPPORTED) {
3071 			if (wpa_s->last_owe_group == 19)
3072 				group = 20;
3073 			else if (wpa_s->last_owe_group == 20)
3074 				group = 21;
3075 			else
3076 				group = OWE_DH_GROUP;
3077 		} else {
3078 			group = OWE_DH_GROUP;
3079 		}
3080 
3081 		wpa_s->last_owe_group = group;
3082 		wpa_printf(MSG_DEBUG, "OWE: Try to use group %u", group);
3083 		owe_ie = owe_build_assoc_req(wpa_s->wpa, group);
3084 		if (owe_ie &&
3085 		    wpabuf_len(owe_ie) <= max_wpa_ie_len - wpa_ie_len) {
3086 			os_memcpy(wpa_ie + wpa_ie_len,
3087 				  wpabuf_head(owe_ie), wpabuf_len(owe_ie));
3088 			wpa_ie_len += wpabuf_len(owe_ie);
3089 		}
3090 		wpabuf_free(owe_ie);
3091 	}
3092 #endif /* CONFIG_OWE */
3093 
3094 #ifdef CONFIG_DPP2
3095 	if (DPP_VERSION > 1 &&
3096 	    wpa_sm_get_key_mgmt(wpa_s->wpa) == WPA_KEY_MGMT_DPP &&
3097 	    ssid->dpp_netaccesskey &&
3098 	    ssid->dpp_pfs != 2 && !ssid->dpp_pfs_fallback) {
3099 		struct rsn_pmksa_cache_entry *pmksa;
3100 
3101 		pmksa = pmksa_cache_get_current(wpa_s->wpa);
3102 		if (!pmksa || !pmksa->dpp_pfs)
3103 			goto pfs_fail;
3104 
3105 		dpp_pfs_free(wpa_s->dpp_pfs);
3106 		wpa_s->dpp_pfs = dpp_pfs_init(ssid->dpp_netaccesskey,
3107 					      ssid->dpp_netaccesskey_len);
3108 		if (!wpa_s->dpp_pfs) {
3109 			wpa_printf(MSG_DEBUG, "DPP: Could not initialize PFS");
3110 			/* Try to continue without PFS */
3111 			goto pfs_fail;
3112 		}
3113 		if (wpabuf_len(wpa_s->dpp_pfs->ie) <=
3114 		    max_wpa_ie_len - wpa_ie_len) {
3115 			os_memcpy(wpa_ie + wpa_ie_len,
3116 				  wpabuf_head(wpa_s->dpp_pfs->ie),
3117 				  wpabuf_len(wpa_s->dpp_pfs->ie));
3118 			wpa_ie_len += wpabuf_len(wpa_s->dpp_pfs->ie);
3119 		}
3120 	}
3121 pfs_fail:
3122 #endif /* CONFIG_DPP2 */
3123 
3124 #ifdef CONFIG_IEEE80211R
3125 	/*
3126 	 * Add MDIE under these conditions: the network profile allows FT,
3127 	 * the AP supports FT, and the mobility domain ID matches.
3128 	 */
3129 	if (bss && wpa_key_mgmt_ft(wpa_sm_get_key_mgmt(wpa_s->wpa))) {
3130 		const u8 *mdie = wpa_bss_get_ie(bss, WLAN_EID_MOBILITY_DOMAIN);
3131 
3132 		if (mdie && mdie[1] >= MOBILITY_DOMAIN_ID_LEN) {
3133 			size_t len = 0;
3134 			const u8 *md = mdie + 2;
3135 			const u8 *wpa_md = wpa_sm_get_ft_md(wpa_s->wpa);
3136 
3137 			if (os_memcmp(md, wpa_md,
3138 				      MOBILITY_DOMAIN_ID_LEN) == 0) {
3139 				/* Add mobility domain IE */
3140 				len = wpa_ft_add_mdie(
3141 					wpa_s->wpa, wpa_ie + wpa_ie_len,
3142 					max_wpa_ie_len - wpa_ie_len, mdie);
3143 				wpa_ie_len += len;
3144 			}
3145 #ifdef CONFIG_SME
3146 			if (len > 0 && wpa_s->sme.ft_used &&
3147 			    wpa_sm_has_ptk(wpa_s->wpa)) {
3148 				wpa_dbg(wpa_s, MSG_DEBUG,
3149 					"SME: Trying to use FT over-the-air");
3150 				algs |= WPA_AUTH_ALG_FT;
3151 			}
3152 #endif /* CONFIG_SME */
3153 		}
3154 	}
3155 #endif /* CONFIG_IEEE80211R */
3156 
3157 #ifdef CONFIG_TESTING_OPTIONS
3158 	if (wpa_s->rsnxe_override_assoc &&
3159 	    wpabuf_len(wpa_s->rsnxe_override_assoc) <=
3160 	    max_wpa_ie_len - wpa_ie_len) {
3161 		wpa_printf(MSG_DEBUG, "TESTING: RSNXE AssocReq override");
3162 		os_memcpy(wpa_ie + wpa_ie_len,
3163 			  wpabuf_head(wpa_s->rsnxe_override_assoc),
3164 			  wpabuf_len(wpa_s->rsnxe_override_assoc));
3165 		wpa_ie_len += wpabuf_len(wpa_s->rsnxe_override_assoc);
3166 	} else
3167 #endif /* CONFIG_TESTING_OPTIONS */
3168 	if (wpa_s->rsnxe_len > 0 &&
3169 	    wpa_s->rsnxe_len <= max_wpa_ie_len - wpa_ie_len) {
3170 		os_memcpy(wpa_ie + wpa_ie_len, wpa_s->rsnxe, wpa_s->rsnxe_len);
3171 		wpa_ie_len += wpa_s->rsnxe_len;
3172 	}
3173 
3174 	if (ssid->multi_ap_backhaul_sta) {
3175 		size_t multi_ap_ie_len;
3176 
3177 		multi_ap_ie_len = add_multi_ap_ie(wpa_ie + wpa_ie_len,
3178 						  max_wpa_ie_len - wpa_ie_len,
3179 						  MULTI_AP_BACKHAUL_STA);
3180 		if (multi_ap_ie_len == 0) {
3181 			wpa_printf(MSG_ERROR,
3182 				   "Multi-AP: Failed to build Multi-AP IE");
3183 			os_free(wpa_ie);
3184 			return NULL;
3185 		}
3186 		wpa_ie_len += multi_ap_ie_len;
3187 	}
3188 
3189 	params->wpa_ie = wpa_ie;
3190 	params->wpa_ie_len = wpa_ie_len;
3191 	params->auth_alg = algs;
3192 	if (mask)
3193 		*mask |= WPA_DRV_UPDATE_ASSOC_IES | WPA_DRV_UPDATE_AUTH_TYPE;
3194 
3195 	return wpa_ie;
3196 }
3197 
3198 
3199 #ifdef CONFIG_OWE
wpas_update_owe_connect_params(struct wpa_supplicant * wpa_s)3200 static void wpas_update_owe_connect_params(struct wpa_supplicant *wpa_s)
3201 {
3202 	struct wpa_driver_associate_params params;
3203 	u8 *wpa_ie;
3204 
3205 	os_memset(&params, 0, sizeof(params));
3206 	wpa_ie = wpas_populate_assoc_ies(wpa_s, wpa_s->current_bss,
3207 					 wpa_s->current_ssid, &params, NULL);
3208 	if (!wpa_ie)
3209 		return;
3210 
3211 	wpa_drv_update_connect_params(wpa_s, &params, WPA_DRV_UPDATE_ASSOC_IES);
3212 	os_free(wpa_ie);
3213 }
3214 #endif /* CONFIG_OWE */
3215 
3216 
3217 #if defined(CONFIG_FILS) && defined(IEEE8021X_EAPOL)
wpas_update_fils_connect_params(struct wpa_supplicant * wpa_s)3218 static void wpas_update_fils_connect_params(struct wpa_supplicant *wpa_s)
3219 {
3220 	struct wpa_driver_associate_params params;
3221 	enum wpa_drv_update_connect_params_mask mask = 0;
3222 	u8 *wpa_ie;
3223 
3224 	if (wpa_s->auth_alg != WPA_AUTH_ALG_OPEN)
3225 		return; /* nothing to do */
3226 
3227 	os_memset(&params, 0, sizeof(params));
3228 	wpa_ie = wpas_populate_assoc_ies(wpa_s, wpa_s->current_bss,
3229 					 wpa_s->current_ssid, &params, &mask);
3230 	if (!wpa_ie)
3231 		return;
3232 
3233 	if (params.auth_alg != WPA_AUTH_ALG_FILS) {
3234 		os_free(wpa_ie);
3235 		return;
3236 	}
3237 
3238 	wpa_s->auth_alg = params.auth_alg;
3239 	wpa_drv_update_connect_params(wpa_s, &params, mask);
3240 	os_free(wpa_ie);
3241 }
3242 #endif /* CONFIG_FILS && IEEE8021X_EAPOL */
3243 
3244 
wpa_ie_get_edmg_oper_chans(const u8 * edmg_ie)3245 static u8 wpa_ie_get_edmg_oper_chans(const u8 *edmg_ie)
3246 {
3247 	if (!edmg_ie || edmg_ie[1] < 6)
3248 		return 0;
3249 	return edmg_ie[EDMG_BSS_OPERATING_CHANNELS_OFFSET];
3250 }
3251 
3252 
wpa_ie_get_edmg_oper_chan_width(const u8 * edmg_ie)3253 static u8 wpa_ie_get_edmg_oper_chan_width(const u8 *edmg_ie)
3254 {
3255 	if (!edmg_ie || edmg_ie[1] < 6)
3256 		return 0;
3257 	return edmg_ie[EDMG_OPERATING_CHANNEL_WIDTH_OFFSET];
3258 }
3259 
3260 
3261 /* Returns the intersection of two EDMG configurations.
3262  * Note: The current implementation is limited to CB2 only (CB1 included),
3263  * i.e., the implementation supports up to 2 contiguous channels.
3264  * For supporting non-contiguous (aggregated) channels and for supporting
3265  * CB3 and above, this function will need to be extended.
3266  */
3267 static struct ieee80211_edmg_config
get_edmg_intersection(struct ieee80211_edmg_config a,struct ieee80211_edmg_config b,u8 primary_channel)3268 get_edmg_intersection(struct ieee80211_edmg_config a,
3269 		      struct ieee80211_edmg_config b,
3270 		      u8 primary_channel)
3271 {
3272 	struct ieee80211_edmg_config result;
3273 	int i, contiguous = 0;
3274 	int max_contiguous = 0;
3275 
3276 	result.channels = b.channels & a.channels;
3277 	if (!result.channels) {
3278 		wpa_printf(MSG_DEBUG,
3279 			   "EDMG not possible: cannot intersect channels 0x%x and 0x%x",
3280 			   a.channels, b.channels);
3281 		goto fail;
3282 	}
3283 
3284 	if (!(result.channels & BIT(primary_channel - 1))) {
3285 		wpa_printf(MSG_DEBUG,
3286 			   "EDMG not possible: the primary channel %d is not one of the intersected channels 0x%x",
3287 			   primary_channel, result.channels);
3288 		goto fail;
3289 	}
3290 
3291 	/* Find max contiguous channels */
3292 	for (i = 0; i < 6; i++) {
3293 		if (result.channels & BIT(i))
3294 			contiguous++;
3295 		else
3296 			contiguous = 0;
3297 
3298 		if (contiguous > max_contiguous)
3299 			max_contiguous = contiguous;
3300 	}
3301 
3302 	/* Assuming AP and STA supports ONLY contiguous channels,
3303 	 * bw configuration can have value between 4-7.
3304 	 */
3305 	if ((b.bw_config < a.bw_config))
3306 		result.bw_config = b.bw_config;
3307 	else
3308 		result.bw_config = a.bw_config;
3309 
3310 	if ((max_contiguous >= 2 && result.bw_config < EDMG_BW_CONFIG_5) ||
3311 	    (max_contiguous >= 1 && result.bw_config < EDMG_BW_CONFIG_4)) {
3312 		wpa_printf(MSG_DEBUG,
3313 			   "EDMG not possible: not enough contiguous channels %d for supporting CB1 or CB2",
3314 			   max_contiguous);
3315 		goto fail;
3316 	}
3317 
3318 	return result;
3319 
3320 fail:
3321 	result.channels = 0;
3322 	result.bw_config = 0;
3323 	return result;
3324 }
3325 
3326 
3327 static struct ieee80211_edmg_config
get_supported_edmg(struct wpa_supplicant * wpa_s,struct hostapd_freq_params * freq,struct ieee80211_edmg_config request_edmg)3328 get_supported_edmg(struct wpa_supplicant *wpa_s,
3329 		   struct hostapd_freq_params *freq,
3330 		   struct ieee80211_edmg_config request_edmg)
3331 {
3332 	enum hostapd_hw_mode hw_mode;
3333 	struct hostapd_hw_modes *mode = NULL;
3334 	u8 primary_channel;
3335 
3336 	if (!wpa_s->hw.modes)
3337 		goto fail;
3338 
3339 	hw_mode = ieee80211_freq_to_chan(freq->freq, &primary_channel);
3340 	if (hw_mode == NUM_HOSTAPD_MODES)
3341 		goto fail;
3342 
3343 	mode = get_mode(wpa_s->hw.modes, wpa_s->hw.num_modes, hw_mode, 0);
3344 	if (!mode)
3345 		goto fail;
3346 
3347 	return get_edmg_intersection(mode->edmg, request_edmg, primary_channel);
3348 
3349 fail:
3350 	request_edmg.channels = 0;
3351 	request_edmg.bw_config = 0;
3352 	return request_edmg;
3353 }
3354 
3355 
3356 #ifdef CONFIG_MBO
wpas_update_mbo_connect_params(struct wpa_supplicant * wpa_s)3357 void wpas_update_mbo_connect_params(struct wpa_supplicant *wpa_s)
3358 {
3359 	struct wpa_driver_associate_params params;
3360 	u8 *wpa_ie;
3361 
3362 	/*
3363 	 * Update MBO connect params only in case of change of MBO attributes
3364 	 * when connected, if the AP support MBO.
3365 	 */
3366 
3367 	if (wpa_s->wpa_state != WPA_COMPLETED || !wpa_s->current_ssid ||
3368 	    !wpa_s->current_bss ||
3369 	    !wpa_bss_get_vendor_ie(wpa_s->current_bss, MBO_IE_VENDOR_TYPE))
3370 		return;
3371 
3372 	os_memset(&params, 0, sizeof(params));
3373 	wpa_ie = wpas_populate_assoc_ies(wpa_s, wpa_s->current_bss,
3374 					 wpa_s->current_ssid, &params, NULL);
3375 	if (!wpa_ie)
3376 		return;
3377 
3378 	wpa_drv_update_connect_params(wpa_s, &params, WPA_DRV_UPDATE_ASSOC_IES);
3379 	os_free(wpa_ie);
3380 }
3381 #endif /* CONFIG_MBO */
3382 
3383 
wpas_start_assoc_cb(struct wpa_radio_work * work,int deinit)3384 static void wpas_start_assoc_cb(struct wpa_radio_work *work, int deinit)
3385 {
3386 	struct wpa_connect_work *cwork = work->ctx;
3387 	struct wpa_bss *bss = cwork->bss;
3388 	struct wpa_ssid *ssid = cwork->ssid;
3389 	struct wpa_supplicant *wpa_s = work->wpa_s;
3390 	u8 *wpa_ie;
3391 	const u8 *edmg_ie_oper;
3392 	int use_crypt, ret, bssid_changed;
3393 	unsigned int cipher_pairwise, cipher_group, cipher_group_mgmt;
3394 	struct wpa_driver_associate_params params;
3395 #if defined(CONFIG_WEP) || defined(IEEE8021X_EAPOL)
3396 	int wep_keys_set = 0;
3397 #endif /* CONFIG_WEP || IEEE8021X_EAPOL */
3398 	int assoc_failed = 0;
3399 	struct wpa_ssid *old_ssid;
3400 	u8 prev_bssid[ETH_ALEN];
3401 #ifdef CONFIG_HT_OVERRIDES
3402 	struct ieee80211_ht_capabilities htcaps;
3403 	struct ieee80211_ht_capabilities htcaps_mask;
3404 #endif /* CONFIG_HT_OVERRIDES */
3405 #ifdef CONFIG_VHT_OVERRIDES
3406        struct ieee80211_vht_capabilities vhtcaps;
3407        struct ieee80211_vht_capabilities vhtcaps_mask;
3408 #endif /* CONFIG_VHT_OVERRIDES */
3409 
3410 	if (deinit) {
3411 		if (work->started) {
3412 			wpa_s->connect_work = NULL;
3413 
3414 			/* cancel possible auth. timeout */
3415 			eloop_cancel_timeout(wpa_supplicant_timeout, wpa_s,
3416 					     NULL);
3417 		}
3418 		wpas_connect_work_free(cwork);
3419 		return;
3420 	}
3421 
3422 	wpa_s->connect_work = work;
3423 
3424 	if (cwork->bss_removed || !wpas_valid_bss_ssid(wpa_s, bss, ssid) ||
3425 	    wpas_network_disabled(wpa_s, ssid)) {
3426 		wpa_dbg(wpa_s, MSG_DEBUG, "BSS/SSID entry for association not valid anymore - drop connection attempt");
3427 		wpas_connect_work_done(wpa_s);
3428 		return;
3429 	}
3430 
3431 	os_memcpy(prev_bssid, wpa_s->bssid, ETH_ALEN);
3432 	os_memset(&params, 0, sizeof(params));
3433 	wpa_s->reassociate = 0;
3434 	wpa_s->eap_expected_failure = 0;
3435 	if (bss &&
3436 	    (!wpas_driver_bss_selection(wpa_s) || wpas_wps_searching(wpa_s))) {
3437 #ifdef CONFIG_IEEE80211R
3438 		const u8 *ie, *md = NULL;
3439 #endif /* CONFIG_IEEE80211R */
3440 		wpa_msg(wpa_s, MSG_INFO, "Trying to associate with " MACSTR
3441 			" (SSID='%s' freq=%d MHz)", MAC2STR(bss->bssid),
3442 			wpa_ssid_txt(bss->ssid, bss->ssid_len), bss->freq);
3443 		bssid_changed = !is_zero_ether_addr(wpa_s->bssid);
3444 		os_memset(wpa_s->bssid, 0, ETH_ALEN);
3445 		os_memcpy(wpa_s->pending_bssid, bss->bssid, ETH_ALEN);
3446 		if (bssid_changed)
3447 			wpas_notify_bssid_changed(wpa_s);
3448 #ifdef CONFIG_IEEE80211R
3449 		ie = wpa_bss_get_ie(bss, WLAN_EID_MOBILITY_DOMAIN);
3450 		if (ie && ie[1] >= MOBILITY_DOMAIN_ID_LEN)
3451 			md = ie + 2;
3452 		wpa_sm_set_ft_params(wpa_s->wpa, ie, ie ? 2 + ie[1] : 0);
3453 		if (md) {
3454 			/* Prepare for the next transition */
3455 			wpa_ft_prepare_auth_request(wpa_s->wpa, ie);
3456 		}
3457 #endif /* CONFIG_IEEE80211R */
3458 #ifdef CONFIG_WPS
3459 	} else if ((ssid->ssid == NULL || ssid->ssid_len == 0) &&
3460 		   wpa_s->conf->ap_scan == 2 &&
3461 		   (ssid->key_mgmt & WPA_KEY_MGMT_WPS)) {
3462 		/* Use ap_scan==1 style network selection to find the network
3463 		 */
3464 		wpas_connect_work_done(wpa_s);
3465 		wpa_s->scan_req = MANUAL_SCAN_REQ;
3466 		wpa_s->reassociate = 1;
3467 		wpa_supplicant_req_scan(wpa_s, 0, 0);
3468 		return;
3469 #endif /* CONFIG_WPS */
3470 	} else {
3471 		wpa_msg(wpa_s, MSG_INFO, "Trying to associate with SSID '%s'",
3472 			wpa_ssid_txt(ssid->ssid, ssid->ssid_len));
3473 		if (bss)
3474 			os_memcpy(wpa_s->pending_bssid, bss->bssid, ETH_ALEN);
3475 		else
3476 			os_memset(wpa_s->pending_bssid, 0, ETH_ALEN);
3477 	}
3478 	if (!wpa_s->pno)
3479 		wpa_supplicant_cancel_sched_scan(wpa_s);
3480 
3481 	wpa_supplicant_cancel_scan(wpa_s);
3482 
3483 	/* Starting new association, so clear the possibly used WPA IE from the
3484 	 * previous association. */
3485 	wpa_sm_set_assoc_wpa_ie(wpa_s->wpa, NULL, 0);
3486 	wpa_sm_set_assoc_rsnxe(wpa_s->wpa, NULL, 0);
3487 	wpa_s->rsnxe_len = 0;
3488 
3489 	wpa_ie = wpas_populate_assoc_ies(wpa_s, bss, ssid, &params, NULL);
3490 	if (!wpa_ie) {
3491 		wpas_connect_work_done(wpa_s);
3492 		return;
3493 	}
3494 
3495 	wpa_clear_keys(wpa_s, bss ? bss->bssid : NULL);
3496 	use_crypt = 1;
3497 	cipher_pairwise = wpa_s->pairwise_cipher;
3498 	cipher_group = wpa_s->group_cipher;
3499 	cipher_group_mgmt = wpa_s->mgmt_group_cipher;
3500 	if (wpa_s->key_mgmt == WPA_KEY_MGMT_NONE ||
3501 	    wpa_s->key_mgmt == WPA_KEY_MGMT_IEEE8021X_NO_WPA) {
3502 		if (wpa_s->key_mgmt == WPA_KEY_MGMT_NONE)
3503 			use_crypt = 0;
3504 #ifdef CONFIG_WEP
3505 		if (wpa_set_wep_keys(wpa_s, ssid)) {
3506 			use_crypt = 1;
3507 			wep_keys_set = 1;
3508 		}
3509 #endif /* CONFIG_WEP */
3510 	}
3511 	if (wpa_s->key_mgmt == WPA_KEY_MGMT_WPS)
3512 		use_crypt = 0;
3513 
3514 #ifdef IEEE8021X_EAPOL
3515 	if (wpa_s->key_mgmt == WPA_KEY_MGMT_IEEE8021X_NO_WPA) {
3516 		if ((ssid->eapol_flags &
3517 		     (EAPOL_FLAG_REQUIRE_KEY_UNICAST |
3518 		      EAPOL_FLAG_REQUIRE_KEY_BROADCAST)) == 0 &&
3519 		    !wep_keys_set) {
3520 			use_crypt = 0;
3521 		} else {
3522 			/* Assume that dynamic WEP-104 keys will be used and
3523 			 * set cipher suites in order for drivers to expect
3524 			 * encryption. */
3525 			cipher_pairwise = cipher_group = WPA_CIPHER_WEP104;
3526 		}
3527 	}
3528 #endif /* IEEE8021X_EAPOL */
3529 
3530 	if (wpa_s->key_mgmt == WPA_KEY_MGMT_WPA_NONE) {
3531 		/* Set the key before (and later after) association */
3532 		wpa_supplicant_set_wpa_none_key(wpa_s, ssid);
3533 	}
3534 
3535 	wpa_supplicant_set_state(wpa_s, WPA_ASSOCIATING);
3536 	if (bss) {
3537 		params.ssid = bss->ssid;
3538 		params.ssid_len = bss->ssid_len;
3539 		if (!wpas_driver_bss_selection(wpa_s) || ssid->bssid_set ||
3540 		    wpa_s->key_mgmt == WPA_KEY_MGMT_WPS) {
3541 			wpa_printf(MSG_DEBUG, "Limit connection to BSSID "
3542 				   MACSTR " freq=%u MHz based on scan results "
3543 				   "(bssid_set=%d wps=%d)",
3544 				   MAC2STR(bss->bssid), bss->freq,
3545 				   ssid->bssid_set,
3546 				   wpa_s->key_mgmt == WPA_KEY_MGMT_WPS);
3547 			params.bssid = bss->bssid;
3548 			params.freq.freq = bss->freq;
3549 		}
3550 		params.bssid_hint = bss->bssid;
3551 		params.freq_hint = bss->freq;
3552 		params.pbss = bss_is_pbss(bss);
3553 	} else {
3554 		if (ssid->bssid_hint_set)
3555 			params.bssid_hint = ssid->bssid_hint;
3556 
3557 		params.ssid = ssid->ssid;
3558 		params.ssid_len = ssid->ssid_len;
3559 		params.pbss = (ssid->pbss != 2) ? ssid->pbss : 0;
3560 	}
3561 
3562 	if (ssid->mode == WPAS_MODE_IBSS && ssid->bssid_set &&
3563 	    wpa_s->conf->ap_scan == 2) {
3564 		params.bssid = ssid->bssid;
3565 		params.fixed_bssid = 1;
3566 	}
3567 
3568 	/* Initial frequency for IBSS/mesh */
3569 	if ((ssid->mode == WPAS_MODE_IBSS || ssid->mode == WPAS_MODE_MESH) &&
3570 	    ssid->frequency > 0 && params.freq.freq == 0)
3571 		ibss_mesh_setup_freq(wpa_s, ssid, &params.freq);
3572 
3573 	if (ssid->mode == WPAS_MODE_IBSS) {
3574 		params.fixed_freq = ssid->fixed_freq;
3575 		if (ssid->beacon_int)
3576 			params.beacon_int = ssid->beacon_int;
3577 		else
3578 			params.beacon_int = wpa_s->conf->beacon_int;
3579 	}
3580 
3581 	if (bss && ssid->enable_edmg)
3582 		edmg_ie_oper = get_ie_ext((const u8 *) (bss + 1), bss->ie_len,
3583 					  WLAN_EID_EXT_EDMG_OPERATION);
3584 	else
3585 		edmg_ie_oper = NULL;
3586 
3587 	if (edmg_ie_oper) {
3588 		params.freq.edmg.channels =
3589 			wpa_ie_get_edmg_oper_chans(edmg_ie_oper);
3590 		params.freq.edmg.bw_config =
3591 			wpa_ie_get_edmg_oper_chan_width(edmg_ie_oper);
3592 		wpa_printf(MSG_DEBUG,
3593 			   "AP supports EDMG channels 0x%x, bw_config %d",
3594 			   params.freq.edmg.channels,
3595 			   params.freq.edmg.bw_config);
3596 
3597 		/* User may ask for specific EDMG channel for EDMG connection
3598 		 * (must be supported by AP)
3599 		 */
3600 		if (ssid->edmg_channel) {
3601 			struct ieee80211_edmg_config configured_edmg;
3602 			enum hostapd_hw_mode hw_mode;
3603 			u8 primary_channel;
3604 
3605 			hw_mode = ieee80211_freq_to_chan(bss->freq,
3606 							 &primary_channel);
3607 			if (hw_mode == NUM_HOSTAPD_MODES)
3608 				goto edmg_fail;
3609 
3610 			hostapd_encode_edmg_chan(ssid->enable_edmg,
3611 						 ssid->edmg_channel,
3612 						 primary_channel,
3613 						 &configured_edmg);
3614 
3615 			if (ieee802_edmg_is_allowed(params.freq.edmg,
3616 						    configured_edmg)) {
3617 				params.freq.edmg = configured_edmg;
3618 				wpa_printf(MSG_DEBUG,
3619 					   "Use EDMG channel %d for connection",
3620 					   ssid->edmg_channel);
3621 			} else {
3622 			edmg_fail:
3623 				params.freq.edmg.channels = 0;
3624 				params.freq.edmg.bw_config = 0;
3625 				wpa_printf(MSG_WARNING,
3626 					   "EDMG channel %d not supported by AP, fallback to DMG",
3627 					   ssid->edmg_channel);
3628 			}
3629 		}
3630 
3631 		if (params.freq.edmg.channels) {
3632 			wpa_printf(MSG_DEBUG,
3633 				   "EDMG before: channels 0x%x, bw_config %d",
3634 				   params.freq.edmg.channels,
3635 				   params.freq.edmg.bw_config);
3636 			params.freq.edmg = get_supported_edmg(wpa_s,
3637 							      &params.freq,
3638 							      params.freq.edmg);
3639 			wpa_printf(MSG_DEBUG,
3640 				   "EDMG after: channels 0x%x, bw_config %d",
3641 				   params.freq.edmg.channels,
3642 				   params.freq.edmg.bw_config);
3643 		}
3644 	}
3645 
3646 	params.pairwise_suite = cipher_pairwise;
3647 	params.group_suite = cipher_group;
3648 	params.mgmt_group_suite = cipher_group_mgmt;
3649 	params.key_mgmt_suite = wpa_s->key_mgmt;
3650 	params.wpa_proto = wpa_s->wpa_proto;
3651 	wpa_s->auth_alg = params.auth_alg;
3652 	params.mode = ssid->mode;
3653 	params.bg_scan_period = ssid->bg_scan_period;
3654 #ifdef CONFIG_WEP
3655 	{
3656 		int i;
3657 
3658 		for (i = 0; i < NUM_WEP_KEYS; i++) {
3659 			if (ssid->wep_key_len[i])
3660 				params.wep_key[i] = ssid->wep_key[i];
3661 			params.wep_key_len[i] = ssid->wep_key_len[i];
3662 		}
3663 		params.wep_tx_keyidx = ssid->wep_tx_keyidx;
3664 	}
3665 #endif /* CONFIG_WEP */
3666 
3667 	if ((wpa_s->drv_flags & WPA_DRIVER_FLAGS_4WAY_HANDSHAKE_PSK) &&
3668 	    (params.key_mgmt_suite == WPA_KEY_MGMT_PSK ||
3669 	     params.key_mgmt_suite == WPA_KEY_MGMT_FT_PSK)) {
3670 		params.passphrase = ssid->passphrase;
3671 		if (ssid->psk_set)
3672 			params.psk = ssid->psk;
3673 	}
3674 
3675 	if ((wpa_s->drv_flags & WPA_DRIVER_FLAGS_4WAY_HANDSHAKE_8021X) &&
3676 	    (params.key_mgmt_suite == WPA_KEY_MGMT_IEEE8021X ||
3677 	     params.key_mgmt_suite == WPA_KEY_MGMT_IEEE8021X_SHA256 ||
3678 	     params.key_mgmt_suite == WPA_KEY_MGMT_IEEE8021X_SUITE_B ||
3679 	     params.key_mgmt_suite == WPA_KEY_MGMT_IEEE8021X_SUITE_B_192))
3680 		params.req_handshake_offload = 1;
3681 
3682 	if (wpa_s->conf->key_mgmt_offload) {
3683 		if (params.key_mgmt_suite == WPA_KEY_MGMT_IEEE8021X ||
3684 		    params.key_mgmt_suite == WPA_KEY_MGMT_IEEE8021X_SHA256 ||
3685 		    params.key_mgmt_suite == WPA_KEY_MGMT_IEEE8021X_SUITE_B ||
3686 		    params.key_mgmt_suite == WPA_KEY_MGMT_IEEE8021X_SUITE_B_192)
3687 			params.req_key_mgmt_offload =
3688 				ssid->proactive_key_caching < 0 ?
3689 				wpa_s->conf->okc : ssid->proactive_key_caching;
3690 		else
3691 			params.req_key_mgmt_offload = 1;
3692 
3693 		if ((params.key_mgmt_suite == WPA_KEY_MGMT_PSK ||
3694 		     params.key_mgmt_suite == WPA_KEY_MGMT_PSK_SHA256 ||
3695 		     params.key_mgmt_suite == WPA_KEY_MGMT_FT_PSK) &&
3696 		    ssid->psk_set)
3697 			params.psk = ssid->psk;
3698 	}
3699 
3700 	params.drop_unencrypted = use_crypt;
3701 
3702 	params.mgmt_frame_protection = wpas_get_ssid_pmf(wpa_s, ssid);
3703 	if (params.mgmt_frame_protection != NO_MGMT_FRAME_PROTECTION && bss) {
3704 		const u8 *rsn = wpa_bss_get_ie(bss, WLAN_EID_RSN);
3705 		struct wpa_ie_data ie;
3706 		if (rsn && wpa_parse_wpa_ie(rsn, 2 + rsn[1], &ie) == 0 &&
3707 		    ie.capabilities &
3708 		    (WPA_CAPABILITY_MFPC | WPA_CAPABILITY_MFPR)) {
3709 			wpa_dbg(wpa_s, MSG_DEBUG, "WPA: Selected AP supports "
3710 				"MFP: require MFP");
3711 			params.mgmt_frame_protection =
3712 				MGMT_FRAME_PROTECTION_REQUIRED;
3713 #ifdef CONFIG_OWE
3714 		} else if (!rsn && (ssid->key_mgmt & WPA_KEY_MGMT_OWE) &&
3715 			   !ssid->owe_only) {
3716 			params.mgmt_frame_protection = NO_MGMT_FRAME_PROTECTION;
3717 #endif /* CONFIG_OWE */
3718 		}
3719 	}
3720 
3721 	params.p2p = ssid->p2p_group;
3722 
3723 	if (wpa_s->p2pdev->set_sta_uapsd)
3724 		params.uapsd = wpa_s->p2pdev->sta_uapsd;
3725 	else
3726 		params.uapsd = -1;
3727 
3728 #ifdef CONFIG_HT_OVERRIDES
3729 	os_memset(&htcaps, 0, sizeof(htcaps));
3730 	os_memset(&htcaps_mask, 0, sizeof(htcaps_mask));
3731 	params.htcaps = (u8 *) &htcaps;
3732 	params.htcaps_mask = (u8 *) &htcaps_mask;
3733 	wpa_supplicant_apply_ht_overrides(wpa_s, ssid, &params);
3734 #endif /* CONFIG_HT_OVERRIDES */
3735 #ifdef CONFIG_VHT_OVERRIDES
3736 	os_memset(&vhtcaps, 0, sizeof(vhtcaps));
3737 	os_memset(&vhtcaps_mask, 0, sizeof(vhtcaps_mask));
3738 	params.vhtcaps = &vhtcaps;
3739 	params.vhtcaps_mask = &vhtcaps_mask;
3740 	wpa_supplicant_apply_vht_overrides(wpa_s, ssid, &params);
3741 #endif /* CONFIG_VHT_OVERRIDES */
3742 #ifdef CONFIG_HE_OVERRIDES
3743 	wpa_supplicant_apply_he_overrides(wpa_s, ssid, &params);
3744 #endif /* CONFIG_HE_OVERRIDES */
3745 
3746 #ifdef CONFIG_P2P
3747 	/*
3748 	 * If multi-channel concurrency is not supported, check for any
3749 	 * frequency conflict. In case of any frequency conflict, remove the
3750 	 * least prioritized connection.
3751 	 */
3752 	if (wpa_s->num_multichan_concurrent < 2) {
3753 		int freq, num;
3754 		num = get_shared_radio_freqs(wpa_s, &freq, 1);
3755 		if (num > 0 && freq > 0 && freq != params.freq.freq) {
3756 			wpa_printf(MSG_DEBUG,
3757 				   "Assoc conflicting freq found (%d != %d)",
3758 				   freq, params.freq.freq);
3759 			if (wpas_p2p_handle_frequency_conflicts(
3760 				    wpa_s, params.freq.freq, ssid) < 0) {
3761 				wpas_connect_work_done(wpa_s);
3762 				os_free(wpa_ie);
3763 				return;
3764 			}
3765 		}
3766 	}
3767 #endif /* CONFIG_P2P */
3768 
3769 	if (wpa_s->reassoc_same_ess && !is_zero_ether_addr(prev_bssid) &&
3770 	    wpa_s->current_ssid)
3771 		params.prev_bssid = prev_bssid;
3772 
3773 	ret = wpa_drv_associate(wpa_s, &params);
3774 	os_free(wpa_ie);
3775 	if (ret < 0) {
3776 		wpa_msg(wpa_s, MSG_INFO, "Association request to the driver "
3777 			"failed");
3778 		if (wpa_s->drv_flags & WPA_DRIVER_FLAGS_SANE_ERROR_CODES) {
3779 			/*
3780 			 * The driver is known to mean what is saying, so we
3781 			 * can stop right here; the association will not
3782 			 * succeed.
3783 			 */
3784 			wpas_connection_failed(wpa_s, wpa_s->pending_bssid);
3785 			wpa_supplicant_set_state(wpa_s, WPA_DISCONNECTED);
3786 			os_memset(wpa_s->pending_bssid, 0, ETH_ALEN);
3787 			return;
3788 		}
3789 		/* try to continue anyway; new association will be tried again
3790 		 * after timeout */
3791 		assoc_failed = 1;
3792 	}
3793 
3794 	if (wpa_s->key_mgmt == WPA_KEY_MGMT_WPA_NONE) {
3795 		/* Set the key after the association just in case association
3796 		 * cleared the previously configured key. */
3797 		wpa_supplicant_set_wpa_none_key(wpa_s, ssid);
3798 		/* No need to timeout authentication since there is no key
3799 		 * management. */
3800 		wpa_supplicant_cancel_auth_timeout(wpa_s);
3801 		wpa_supplicant_set_state(wpa_s, WPA_COMPLETED);
3802 #ifdef CONFIG_IBSS_RSN
3803 	} else if (ssid->mode == WPAS_MODE_IBSS &&
3804 		   wpa_s->key_mgmt != WPA_KEY_MGMT_NONE &&
3805 		   wpa_s->key_mgmt != WPA_KEY_MGMT_WPA_NONE) {
3806 		/*
3807 		 * RSN IBSS authentication is per-STA and we can disable the
3808 		 * per-BSSID authentication.
3809 		 */
3810 		wpa_supplicant_cancel_auth_timeout(wpa_s);
3811 #endif /* CONFIG_IBSS_RSN */
3812 	} else {
3813 		/* Timeout for IEEE 802.11 authentication and association */
3814 		int timeout = 60;
3815 
3816 		if (assoc_failed) {
3817 			/* give IBSS a bit more time */
3818 			timeout = ssid->mode == WPAS_MODE_IBSS ? 10 : 5;
3819 		} else if (wpa_s->conf->ap_scan == 1) {
3820 			/* give IBSS a bit more time */
3821 			timeout = ssid->mode == WPAS_MODE_IBSS ? 20 : 10;
3822 		}
3823 		wpa_supplicant_req_auth_timeout(wpa_s, timeout, 0);
3824 	}
3825 
3826 #ifdef CONFIG_WEP
3827 	if (wep_keys_set &&
3828 	    (wpa_s->drv_flags & WPA_DRIVER_FLAGS_SET_KEYS_AFTER_ASSOC)) {
3829 		/* Set static WEP keys again */
3830 		wpa_set_wep_keys(wpa_s, ssid);
3831 	}
3832 #endif /* CONFIG_WEP */
3833 
3834 	if (wpa_s->current_ssid && wpa_s->current_ssid != ssid) {
3835 		/*
3836 		 * Do not allow EAP session resumption between different
3837 		 * network configurations.
3838 		 */
3839 		eapol_sm_invalidate_cached_session(wpa_s->eapol);
3840 	}
3841 	old_ssid = wpa_s->current_ssid;
3842 	wpa_s->current_ssid = ssid;
3843 
3844 	if (!wpas_driver_bss_selection(wpa_s) || ssid->bssid_set) {
3845 		wpa_s->current_bss = bss;
3846 #ifdef CONFIG_HS20
3847 		hs20_configure_frame_filters(wpa_s);
3848 #endif /* CONFIG_HS20 */
3849 	}
3850 
3851 	wpa_supplicant_rsn_supp_set_config(wpa_s, wpa_s->current_ssid);
3852 	wpa_supplicant_initiate_eapol(wpa_s);
3853 	if (old_ssid != wpa_s->current_ssid)
3854 		wpas_notify_network_changed(wpa_s);
3855 }
3856 
3857 
wpa_supplicant_clear_connection(struct wpa_supplicant * wpa_s,const u8 * addr)3858 static void wpa_supplicant_clear_connection(struct wpa_supplicant *wpa_s,
3859 					    const u8 *addr)
3860 {
3861 	struct wpa_ssid *old_ssid;
3862 
3863 	wpas_connect_work_done(wpa_s);
3864 	wpa_clear_keys(wpa_s, addr);
3865 	old_ssid = wpa_s->current_ssid;
3866 	wpa_supplicant_mark_disassoc(wpa_s);
3867 	wpa_sm_set_config(wpa_s->wpa, NULL);
3868 	eapol_sm_notify_config(wpa_s->eapol, NULL, NULL);
3869 	if (old_ssid != wpa_s->current_ssid)
3870 		wpas_notify_network_changed(wpa_s);
3871 	eloop_cancel_timeout(wpa_supplicant_timeout, wpa_s, NULL);
3872 }
3873 
3874 
3875 /**
3876  * wpa_supplicant_deauthenticate - Deauthenticate the current connection
3877  * @wpa_s: Pointer to wpa_supplicant data
3878  * @reason_code: IEEE 802.11 reason code for the deauthenticate frame
3879  *
3880  * This function is used to request %wpa_supplicant to deauthenticate from the
3881  * current AP.
3882  */
wpa_supplicant_deauthenticate(struct wpa_supplicant * wpa_s,u16 reason_code)3883 void wpa_supplicant_deauthenticate(struct wpa_supplicant *wpa_s,
3884 				   u16 reason_code)
3885 {
3886 	u8 *addr = NULL;
3887 	union wpa_event_data event;
3888 	int zero_addr = 0;
3889 
3890 	wpa_dbg(wpa_s, MSG_DEBUG, "Request to deauthenticate - bssid=" MACSTR
3891 		" pending_bssid=" MACSTR " reason=%d (%s) state=%s",
3892 		MAC2STR(wpa_s->bssid), MAC2STR(wpa_s->pending_bssid),
3893 		reason_code, reason2str(reason_code),
3894 		wpa_supplicant_state_txt(wpa_s->wpa_state));
3895 
3896 	if (!is_zero_ether_addr(wpa_s->pending_bssid) &&
3897 	    (wpa_s->wpa_state == WPA_AUTHENTICATING ||
3898 	     wpa_s->wpa_state == WPA_ASSOCIATING))
3899 		addr = wpa_s->pending_bssid;
3900 	else if (!is_zero_ether_addr(wpa_s->bssid))
3901 		addr = wpa_s->bssid;
3902 	else if (wpa_s->wpa_state == WPA_ASSOCIATING) {
3903 		/*
3904 		 * When using driver-based BSS selection, we may not know the
3905 		 * BSSID with which we are currently trying to associate. We
3906 		 * need to notify the driver of this disconnection even in such
3907 		 * a case, so use the all zeros address here.
3908 		 */
3909 		addr = wpa_s->bssid;
3910 		zero_addr = 1;
3911 	}
3912 
3913 	if (wpa_s->enabled_4addr_mode && wpa_drv_set_4addr_mode(wpa_s, 0) == 0)
3914 		wpa_s->enabled_4addr_mode = 0;
3915 
3916 #ifdef CONFIG_TDLS
3917 	wpa_tdls_teardown_peers(wpa_s->wpa);
3918 #endif /* CONFIG_TDLS */
3919 
3920 #ifdef CONFIG_MESH
3921 	if (wpa_s->ifmsh) {
3922 		struct mesh_conf *mconf;
3923 
3924 		mconf = wpa_s->ifmsh->mconf;
3925 		wpa_msg(wpa_s, MSG_INFO, MESH_GROUP_REMOVED "%s",
3926 			wpa_s->ifname);
3927 		wpas_notify_mesh_group_removed(wpa_s, mconf->meshid,
3928 					       mconf->meshid_len, reason_code);
3929 		wpa_supplicant_leave_mesh(wpa_s);
3930 	}
3931 #endif /* CONFIG_MESH */
3932 
3933 	if (addr) {
3934 		wpa_drv_deauthenticate(wpa_s, addr, reason_code);
3935 		os_memset(&event, 0, sizeof(event));
3936 		event.deauth_info.reason_code = reason_code;
3937 		event.deauth_info.locally_generated = 1;
3938 		wpa_supplicant_event(wpa_s, EVENT_DEAUTH, &event);
3939 		if (zero_addr)
3940 			addr = NULL;
3941 	}
3942 
3943 	wpa_supplicant_clear_connection(wpa_s, addr);
3944 }
3945 
3946 
wpa_supplicant_reconnect(struct wpa_supplicant * wpa_s)3947 void wpa_supplicant_reconnect(struct wpa_supplicant *wpa_s)
3948 {
3949 	wpa_s->own_reconnect_req = 1;
3950 	wpa_supplicant_deauthenticate(wpa_s, WLAN_REASON_UNSPECIFIED);
3951 
3952 }
3953 
3954 
wpa_supplicant_enable_one_network(struct wpa_supplicant * wpa_s,struct wpa_ssid * ssid)3955 static void wpa_supplicant_enable_one_network(struct wpa_supplicant *wpa_s,
3956 					      struct wpa_ssid *ssid)
3957 {
3958 	if (!ssid || !ssid->disabled || ssid->disabled == 2)
3959 		return;
3960 
3961 	ssid->disabled = 0;
3962 	ssid->owe_transition_bss_select_count = 0;
3963 	wpas_clear_temp_disabled(wpa_s, ssid, 1);
3964 	wpas_notify_network_enabled_changed(wpa_s, ssid);
3965 
3966 	/*
3967 	 * Try to reassociate since there is no current configuration and a new
3968 	 * network was made available.
3969 	 */
3970 	if (!wpa_s->current_ssid && !wpa_s->disconnected)
3971 		wpa_s->reassociate = 1;
3972 }
3973 
3974 
3975 /**
3976  * wpa_supplicant_add_network - Add a new network
3977  * @wpa_s: wpa_supplicant structure for a network interface
3978  * Returns: The new network configuration or %NULL if operation failed
3979  *
3980  * This function performs the following operations:
3981  * 1. Adds a new network.
3982  * 2. Send network addition notification.
3983  * 3. Marks the network disabled.
3984  * 4. Set network default parameters.
3985  */
wpa_supplicant_add_network(struct wpa_supplicant * wpa_s)3986 struct wpa_ssid * wpa_supplicant_add_network(struct wpa_supplicant *wpa_s)
3987 {
3988 	struct wpa_ssid *ssid;
3989 
3990 	ssid = wpa_config_add_network(wpa_s->conf);
3991 	if (!ssid)
3992 		return NULL;
3993 	wpas_notify_network_added(wpa_s, ssid);
3994 	ssid->disabled = 1;
3995 	wpa_config_set_network_defaults(ssid);
3996 
3997 	return ssid;
3998 }
3999 
4000 
4001 /**
4002  * wpa_supplicant_remove_network - Remove a configured network based on id
4003  * @wpa_s: wpa_supplicant structure for a network interface
4004  * @id: Unique network id to search for
4005  * Returns: 0 on success, or -1 if the network was not found, -2 if the network
4006  * could not be removed
4007  *
4008  * This function performs the following operations:
4009  * 1. Removes the network.
4010  * 2. Send network removal notification.
4011  * 3. Update internal state machines.
4012  * 4. Stop any running sched scans.
4013  */
wpa_supplicant_remove_network(struct wpa_supplicant * wpa_s,int id)4014 int wpa_supplicant_remove_network(struct wpa_supplicant *wpa_s, int id)
4015 {
4016 	struct wpa_ssid *ssid;
4017 	int was_disabled;
4018 
4019 	ssid = wpa_config_get_network(wpa_s->conf, id);
4020 	if (!ssid)
4021 		return -1;
4022 	wpas_notify_network_removed(wpa_s, ssid);
4023 
4024 	if (wpa_s->last_ssid == ssid)
4025 		wpa_s->last_ssid = NULL;
4026 
4027 	if (ssid == wpa_s->current_ssid || !wpa_s->current_ssid) {
4028 #ifdef CONFIG_SME
4029 		wpa_s->sme.prev_bssid_set = 0;
4030 #endif /* CONFIG_SME */
4031 		/*
4032 		 * Invalidate the EAP session cache if the current or
4033 		 * previously used network is removed.
4034 		 */
4035 		eapol_sm_invalidate_cached_session(wpa_s->eapol);
4036 	}
4037 
4038 	if (ssid == wpa_s->current_ssid) {
4039 		wpa_sm_set_config(wpa_s->wpa, NULL);
4040 		eapol_sm_notify_config(wpa_s->eapol, NULL, NULL);
4041 
4042 		if (wpa_s->wpa_state >= WPA_AUTHENTICATING)
4043 			wpa_s->own_disconnect_req = 1;
4044 		wpa_supplicant_deauthenticate(wpa_s,
4045 					      WLAN_REASON_DEAUTH_LEAVING);
4046 	}
4047 
4048 	was_disabled = ssid->disabled;
4049 
4050 	if (wpa_config_remove_network(wpa_s->conf, id) < 0)
4051 		return -2;
4052 
4053 	if (!was_disabled && wpa_s->sched_scanning) {
4054 		wpa_printf(MSG_DEBUG,
4055 			   "Stop ongoing sched_scan to remove network from filters");
4056 		wpa_supplicant_cancel_sched_scan(wpa_s);
4057 		wpa_supplicant_req_scan(wpa_s, 0, 0);
4058 	}
4059 
4060 	return 0;
4061 }
4062 
4063 
4064 /**
4065  * wpa_supplicant_enable_network - Mark a configured network as enabled
4066  * @wpa_s: wpa_supplicant structure for a network interface
4067  * @ssid: wpa_ssid structure for a configured network or %NULL
4068  *
4069  * Enables the specified network or all networks if no network specified.
4070  */
wpa_supplicant_enable_network(struct wpa_supplicant * wpa_s,struct wpa_ssid * ssid)4071 void wpa_supplicant_enable_network(struct wpa_supplicant *wpa_s,
4072 				   struct wpa_ssid *ssid)
4073 {
4074 	if (ssid == NULL) {
4075 		for (ssid = wpa_s->conf->ssid; ssid; ssid = ssid->next)
4076 			wpa_supplicant_enable_one_network(wpa_s, ssid);
4077 	} else
4078 		wpa_supplicant_enable_one_network(wpa_s, ssid);
4079 
4080 	if (wpa_s->reassociate && !wpa_s->disconnected &&
4081 	    (!wpa_s->current_ssid ||
4082 	     wpa_s->wpa_state == WPA_DISCONNECTED ||
4083 	     wpa_s->wpa_state == WPA_SCANNING)) {
4084 		if (wpa_s->sched_scanning) {
4085 			wpa_printf(MSG_DEBUG, "Stop ongoing sched_scan to add "
4086 				   "new network to scan filters");
4087 			wpa_supplicant_cancel_sched_scan(wpa_s);
4088 		}
4089 
4090 		if (wpa_supplicant_fast_associate(wpa_s) != 1) {
4091 			wpa_s->scan_req = NORMAL_SCAN_REQ;
4092 			wpa_supplicant_req_scan(wpa_s, 0, 0);
4093 		}
4094 	}
4095 }
4096 
4097 
4098 /**
4099  * wpa_supplicant_disable_network - Mark a configured network as disabled
4100  * @wpa_s: wpa_supplicant structure for a network interface
4101  * @ssid: wpa_ssid structure for a configured network or %NULL
4102  *
4103  * Disables the specified network or all networks if no network specified.
4104  */
wpa_supplicant_disable_network(struct wpa_supplicant * wpa_s,struct wpa_ssid * ssid)4105 void wpa_supplicant_disable_network(struct wpa_supplicant *wpa_s,
4106 				    struct wpa_ssid *ssid)
4107 {
4108 	struct wpa_ssid *other_ssid;
4109 	int was_disabled;
4110 
4111 	if (ssid == NULL) {
4112 		if (wpa_s->sched_scanning)
4113 			wpa_supplicant_cancel_sched_scan(wpa_s);
4114 
4115 		for (other_ssid = wpa_s->conf->ssid; other_ssid;
4116 		     other_ssid = other_ssid->next) {
4117 			was_disabled = other_ssid->disabled;
4118 			if (was_disabled == 2)
4119 				continue; /* do not change persistent P2P group
4120 					   * data */
4121 
4122 			other_ssid->disabled = 1;
4123 
4124 			if (was_disabled != other_ssid->disabled)
4125 				wpas_notify_network_enabled_changed(
4126 					wpa_s, other_ssid);
4127 		}
4128 		if (wpa_s->current_ssid) {
4129 			if (wpa_s->wpa_state >= WPA_AUTHENTICATING)
4130 				wpa_s->own_disconnect_req = 1;
4131 			wpa_supplicant_deauthenticate(
4132 				wpa_s, WLAN_REASON_DEAUTH_LEAVING);
4133 		}
4134 	} else if (ssid->disabled != 2) {
4135 		if (ssid == wpa_s->current_ssid) {
4136 			if (wpa_s->wpa_state >= WPA_AUTHENTICATING)
4137 				wpa_s->own_disconnect_req = 1;
4138 			wpa_supplicant_deauthenticate(
4139 				wpa_s, WLAN_REASON_DEAUTH_LEAVING);
4140 		}
4141 
4142 		was_disabled = ssid->disabled;
4143 
4144 		ssid->disabled = 1;
4145 
4146 		if (was_disabled != ssid->disabled) {
4147 			wpas_notify_network_enabled_changed(wpa_s, ssid);
4148 			if (wpa_s->sched_scanning) {
4149 				wpa_printf(MSG_DEBUG, "Stop ongoing sched_scan "
4150 					   "to remove network from filters");
4151 				wpa_supplicant_cancel_sched_scan(wpa_s);
4152 				wpa_supplicant_req_scan(wpa_s, 0, 0);
4153 			}
4154 		}
4155 	}
4156 }
4157 
4158 
4159 /**
4160  * wpa_supplicant_select_network - Attempt association with a network
4161  * @wpa_s: wpa_supplicant structure for a network interface
4162  * @ssid: wpa_ssid structure for a configured network or %NULL for any network
4163  */
wpa_supplicant_select_network(struct wpa_supplicant * wpa_s,struct wpa_ssid * ssid)4164 void wpa_supplicant_select_network(struct wpa_supplicant *wpa_s,
4165 				   struct wpa_ssid *ssid)
4166 {
4167 
4168 	struct wpa_ssid *other_ssid;
4169 	int disconnected = 0;
4170 
4171 	if (ssid && ssid != wpa_s->current_ssid && wpa_s->current_ssid) {
4172 		if (wpa_s->wpa_state >= WPA_AUTHENTICATING)
4173 			wpa_s->own_disconnect_req = 1;
4174 		wpa_supplicant_deauthenticate(
4175 			wpa_s, WLAN_REASON_DEAUTH_LEAVING);
4176 		disconnected = 1;
4177 	}
4178 
4179 	if (ssid)
4180 		wpas_clear_temp_disabled(wpa_s, ssid, 1);
4181 
4182 	/*
4183 	 * Mark all other networks disabled or mark all networks enabled if no
4184 	 * network specified.
4185 	 */
4186 	for (other_ssid = wpa_s->conf->ssid; other_ssid;
4187 	     other_ssid = other_ssid->next) {
4188 		int was_disabled = other_ssid->disabled;
4189 		if (was_disabled == 2)
4190 			continue; /* do not change persistent P2P group data */
4191 
4192 		other_ssid->disabled = ssid ? (ssid->id != other_ssid->id) : 0;
4193 		if (was_disabled && !other_ssid->disabled)
4194 			wpas_clear_temp_disabled(wpa_s, other_ssid, 0);
4195 
4196 		if (was_disabled != other_ssid->disabled)
4197 			wpas_notify_network_enabled_changed(wpa_s, other_ssid);
4198 	}
4199 
4200 	if (ssid && ssid == wpa_s->current_ssid && wpa_s->current_ssid &&
4201 	    wpa_s->wpa_state >= WPA_AUTHENTICATING) {
4202 		/* We are already associated with the selected network */
4203 		wpa_printf(MSG_DEBUG, "Already associated with the "
4204 			   "selected network - do nothing");
4205 		return;
4206 	}
4207 
4208 	if (ssid) {
4209 		wpa_s->current_ssid = ssid;
4210 		eapol_sm_notify_config(wpa_s->eapol, NULL, NULL);
4211 		wpa_s->connect_without_scan =
4212 			(ssid->mode == WPAS_MODE_MESH) ? ssid : NULL;
4213 
4214 		/*
4215 		 * Don't optimize next scan freqs since a new ESS has been
4216 		 * selected.
4217 		 */
4218 		os_free(wpa_s->next_scan_freqs);
4219 		wpa_s->next_scan_freqs = NULL;
4220 	} else {
4221 		wpa_s->connect_without_scan = NULL;
4222 	}
4223 
4224 	wpa_s->disconnected = 0;
4225 	wpa_s->reassociate = 1;
4226 	wpa_s_clear_sae_rejected(wpa_s);
4227 	wpa_s->last_owe_group = 0;
4228 	if (ssid) {
4229 		ssid->owe_transition_bss_select_count = 0;
4230 		wpa_s_setup_sae_pt(wpa_s->conf, ssid);
4231 	}
4232 
4233 	if (wpa_s->connect_without_scan ||
4234 	    wpa_supplicant_fast_associate(wpa_s) != 1) {
4235 		wpa_s->scan_req = NORMAL_SCAN_REQ;
4236 		wpas_scan_reset_sched_scan(wpa_s);
4237 		wpa_supplicant_req_scan(wpa_s, 0, disconnected ? 100000 : 0);
4238 	}
4239 
4240 	if (ssid)
4241 		wpas_notify_network_selected(wpa_s, ssid);
4242 }
4243 
4244 
4245 /**
4246  * wpas_set_pkcs11_engine_and_module_path - Set PKCS #11 engine and module path
4247  * @wpa_s: wpa_supplicant structure for a network interface
4248  * @pkcs11_engine_path: PKCS #11 engine path or NULL
4249  * @pkcs11_module_path: PKCS #11 module path or NULL
4250  * Returns: 0 on success; -1 on failure
4251  *
4252  * Sets the PKCS #11 engine and module path. Both have to be NULL or a valid
4253  * path. If resetting the EAPOL state machine with the new PKCS #11 engine and
4254  * module path fails the paths will be reset to the default value (NULL).
4255  */
wpas_set_pkcs11_engine_and_module_path(struct wpa_supplicant * wpa_s,const char * pkcs11_engine_path,const char * pkcs11_module_path)4256 int wpas_set_pkcs11_engine_and_module_path(struct wpa_supplicant *wpa_s,
4257 					   const char *pkcs11_engine_path,
4258 					   const char *pkcs11_module_path)
4259 {
4260 	char *pkcs11_engine_path_copy = NULL;
4261 	char *pkcs11_module_path_copy = NULL;
4262 
4263 	if (pkcs11_engine_path != NULL) {
4264 		pkcs11_engine_path_copy = os_strdup(pkcs11_engine_path);
4265 		if (pkcs11_engine_path_copy == NULL)
4266 			return -1;
4267 	}
4268 	if (pkcs11_module_path != NULL) {
4269 		pkcs11_module_path_copy = os_strdup(pkcs11_module_path);
4270 		if (pkcs11_module_path_copy == NULL) {
4271 			os_free(pkcs11_engine_path_copy);
4272 			return -1;
4273 		}
4274 	}
4275 
4276 	os_free(wpa_s->conf->pkcs11_engine_path);
4277 	os_free(wpa_s->conf->pkcs11_module_path);
4278 	wpa_s->conf->pkcs11_engine_path = pkcs11_engine_path_copy;
4279 	wpa_s->conf->pkcs11_module_path = pkcs11_module_path_copy;
4280 
4281 	wpa_sm_set_eapol(wpa_s->wpa, NULL);
4282 	eapol_sm_deinit(wpa_s->eapol);
4283 	wpa_s->eapol = NULL;
4284 	if (wpa_supplicant_init_eapol(wpa_s)) {
4285 		/* Error -> Reset paths to the default value (NULL) once. */
4286 		if (pkcs11_engine_path != NULL && pkcs11_module_path != NULL)
4287 			wpas_set_pkcs11_engine_and_module_path(wpa_s, NULL,
4288 							       NULL);
4289 
4290 		return -1;
4291 	}
4292 	wpa_sm_set_eapol(wpa_s->wpa, wpa_s->eapol);
4293 
4294 	return 0;
4295 }
4296 
4297 
4298 /**
4299  * wpa_supplicant_set_ap_scan - Set AP scan mode for interface
4300  * @wpa_s: wpa_supplicant structure for a network interface
4301  * @ap_scan: AP scan mode
4302  * Returns: 0 if succeed or -1 if ap_scan has an invalid value
4303  *
4304  */
wpa_supplicant_set_ap_scan(struct wpa_supplicant * wpa_s,int ap_scan)4305 int wpa_supplicant_set_ap_scan(struct wpa_supplicant *wpa_s, int ap_scan)
4306 {
4307 
4308 	int old_ap_scan;
4309 
4310 	if (ap_scan < 0 || ap_scan > 2)
4311 		return -1;
4312 
4313 	if (ap_scan == 2 && os_strcmp(wpa_s->driver->name, "nl80211") == 0) {
4314 		wpa_printf(MSG_INFO,
4315 			   "Note: nl80211 driver interface is not designed to be used with ap_scan=2; this can result in connection failures");
4316 	}
4317 
4318 #ifdef ANDROID
4319 	if (ap_scan == 2 && ap_scan != wpa_s->conf->ap_scan &&
4320 	    wpa_s->wpa_state >= WPA_ASSOCIATING &&
4321 	    wpa_s->wpa_state < WPA_COMPLETED) {
4322 		wpa_printf(MSG_ERROR, "ap_scan = %d (%d) rejected while "
4323 			   "associating", wpa_s->conf->ap_scan, ap_scan);
4324 		return 0;
4325 	}
4326 #endif /* ANDROID */
4327 
4328 	old_ap_scan = wpa_s->conf->ap_scan;
4329 	wpa_s->conf->ap_scan = ap_scan;
4330 
4331 	if (old_ap_scan != wpa_s->conf->ap_scan)
4332 		wpas_notify_ap_scan_changed(wpa_s);
4333 
4334 	return 0;
4335 }
4336 
4337 
4338 /**
4339  * wpa_supplicant_set_bss_expiration_age - Set BSS entry expiration age
4340  * @wpa_s: wpa_supplicant structure for a network interface
4341  * @expire_age: Expiration age in seconds
4342  * Returns: 0 if succeed or -1 if expire_age has an invalid value
4343  *
4344  */
wpa_supplicant_set_bss_expiration_age(struct wpa_supplicant * wpa_s,unsigned int bss_expire_age)4345 int wpa_supplicant_set_bss_expiration_age(struct wpa_supplicant *wpa_s,
4346 					  unsigned int bss_expire_age)
4347 {
4348 	if (bss_expire_age < 10) {
4349 		wpa_msg(wpa_s, MSG_ERROR, "Invalid bss expiration age %u",
4350 			bss_expire_age);
4351 		return -1;
4352 	}
4353 	wpa_msg(wpa_s, MSG_DEBUG, "Setting bss expiration age: %d sec",
4354 		bss_expire_age);
4355 	wpa_s->conf->bss_expiration_age = bss_expire_age;
4356 
4357 	return 0;
4358 }
4359 
4360 
4361 /**
4362  * wpa_supplicant_set_bss_expiration_count - Set BSS entry expiration scan count
4363  * @wpa_s: wpa_supplicant structure for a network interface
4364  * @expire_count: number of scans after which an unseen BSS is reclaimed
4365  * Returns: 0 if succeed or -1 if expire_count has an invalid value
4366  *
4367  */
wpa_supplicant_set_bss_expiration_count(struct wpa_supplicant * wpa_s,unsigned int bss_expire_count)4368 int wpa_supplicant_set_bss_expiration_count(struct wpa_supplicant *wpa_s,
4369 					    unsigned int bss_expire_count)
4370 {
4371 	if (bss_expire_count < 1) {
4372 		wpa_msg(wpa_s, MSG_ERROR, "Invalid bss expiration count %u",
4373 			bss_expire_count);
4374 		return -1;
4375 	}
4376 	wpa_msg(wpa_s, MSG_DEBUG, "Setting bss expiration scan count: %u",
4377 		bss_expire_count);
4378 	wpa_s->conf->bss_expiration_scan_count = bss_expire_count;
4379 
4380 	return 0;
4381 }
4382 
4383 
4384 /**
4385  * wpa_supplicant_set_scan_interval - Set scan interval
4386  * @wpa_s: wpa_supplicant structure for a network interface
4387  * @scan_interval: scan interval in seconds
4388  * Returns: 0 if succeed or -1 if scan_interval has an invalid value
4389  *
4390  */
wpa_supplicant_set_scan_interval(struct wpa_supplicant * wpa_s,int scan_interval)4391 int wpa_supplicant_set_scan_interval(struct wpa_supplicant *wpa_s,
4392 				     int scan_interval)
4393 {
4394 	if (scan_interval < 0) {
4395 		wpa_msg(wpa_s, MSG_ERROR, "Invalid scan interval %d",
4396 			scan_interval);
4397 		return -1;
4398 	}
4399 	wpa_msg(wpa_s, MSG_DEBUG, "Setting scan interval: %d sec",
4400 		scan_interval);
4401 	wpa_supplicant_update_scan_int(wpa_s, scan_interval);
4402 
4403 	return 0;
4404 }
4405 
4406 
4407 /**
4408  * wpa_supplicant_set_debug_params - Set global debug params
4409  * @global: wpa_global structure
4410  * @debug_level: debug level
4411  * @debug_timestamp: determines if show timestamp in debug data
4412  * @debug_show_keys: determines if show keys in debug data
4413  * Returns: 0 if succeed or -1 if debug_level has wrong value
4414  */
wpa_supplicant_set_debug_params(struct wpa_global * global,int debug_level,int debug_timestamp,int debug_show_keys)4415 int wpa_supplicant_set_debug_params(struct wpa_global *global, int debug_level,
4416 				    int debug_timestamp, int debug_show_keys)
4417 {
4418 
4419 	int old_level, old_timestamp, old_show_keys;
4420 
4421 	/* check for allowed debuglevels */
4422 	if (debug_level != MSG_EXCESSIVE &&
4423 	    debug_level != MSG_MSGDUMP &&
4424 	    debug_level != MSG_DEBUG &&
4425 	    debug_level != MSG_INFO &&
4426 	    debug_level != MSG_WARNING &&
4427 	    debug_level != MSG_ERROR)
4428 		return -1;
4429 
4430 	old_level = wpa_debug_level;
4431 	old_timestamp = wpa_debug_timestamp;
4432 	old_show_keys = wpa_debug_show_keys;
4433 
4434 	wpa_debug_level = debug_level;
4435 	wpa_debug_timestamp = debug_timestamp ? 1 : 0;
4436 	wpa_debug_show_keys = debug_show_keys ? 1 : 0;
4437 
4438 	if (wpa_debug_level != old_level)
4439 		wpas_notify_debug_level_changed(global);
4440 	if (wpa_debug_timestamp != old_timestamp)
4441 		wpas_notify_debug_timestamp_changed(global);
4442 	if (wpa_debug_show_keys != old_show_keys)
4443 		wpas_notify_debug_show_keys_changed(global);
4444 
4445 	return 0;
4446 }
4447 
4448 
4449 #ifdef CONFIG_OWE
owe_trans_ssid_match(struct wpa_supplicant * wpa_s,const u8 * bssid,const u8 * entry_ssid,size_t entry_ssid_len)4450 static int owe_trans_ssid_match(struct wpa_supplicant *wpa_s, const u8 *bssid,
4451 				const u8 *entry_ssid, size_t entry_ssid_len)
4452 {
4453 	const u8 *owe, *pos, *end;
4454 	u8 ssid_len;
4455 	struct wpa_bss *bss;
4456 
4457 	/* Check network profile SSID aganst the SSID in the
4458 	 * OWE Transition Mode element. */
4459 
4460 	bss = wpa_bss_get_bssid_latest(wpa_s, bssid);
4461 	if (!bss)
4462 		return 0;
4463 
4464 	owe = wpa_bss_get_vendor_ie(bss, OWE_IE_VENDOR_TYPE);
4465 	if (!owe)
4466 		return 0;
4467 
4468 	pos = owe + 6;
4469 	end = owe + 2 + owe[1];
4470 
4471 	if (end - pos < ETH_ALEN + 1)
4472 		return 0;
4473 	pos += ETH_ALEN;
4474 	ssid_len = *pos++;
4475 	if (end - pos < ssid_len || ssid_len > SSID_MAX_LEN)
4476 		return 0;
4477 
4478 	return entry_ssid_len == ssid_len &&
4479 		os_memcmp(pos, entry_ssid, ssid_len) == 0;
4480 }
4481 #endif /* CONFIG_OWE */
4482 
4483 
4484 /**
4485  * wpa_supplicant_get_ssid - Get a pointer to the current network structure
4486  * @wpa_s: Pointer to wpa_supplicant data
4487  * Returns: A pointer to the current network structure or %NULL on failure
4488  */
wpa_supplicant_get_ssid(struct wpa_supplicant * wpa_s)4489 struct wpa_ssid * wpa_supplicant_get_ssid(struct wpa_supplicant *wpa_s)
4490 {
4491 	struct wpa_ssid *entry;
4492 	u8 ssid[SSID_MAX_LEN];
4493 	int res;
4494 	size_t ssid_len;
4495 	u8 bssid[ETH_ALEN];
4496 	int wired;
4497 
4498 	res = wpa_drv_get_ssid(wpa_s, ssid);
4499 	if (res < 0) {
4500 		wpa_msg(wpa_s, MSG_WARNING, "Could not read SSID from "
4501 			"driver");
4502 		return NULL;
4503 	}
4504 	ssid_len = res;
4505 
4506 	if (wpa_drv_get_bssid(wpa_s, bssid) < 0) {
4507 		wpa_msg(wpa_s, MSG_WARNING, "Could not read BSSID from "
4508 			"driver");
4509 		return NULL;
4510 	}
4511 
4512 	wired = wpa_s->conf->ap_scan == 0 &&
4513 		(wpa_s->drv_flags & WPA_DRIVER_FLAGS_WIRED);
4514 
4515 	entry = wpa_s->conf->ssid;
4516 	while (entry) {
4517 		if (!wpas_network_disabled(wpa_s, entry) &&
4518 		    ((ssid_len == entry->ssid_len &&
4519 		      (!entry->ssid ||
4520 		       os_memcmp(ssid, entry->ssid, ssid_len) == 0)) ||
4521 		     wired) &&
4522 		    (!entry->bssid_set ||
4523 		     os_memcmp(bssid, entry->bssid, ETH_ALEN) == 0))
4524 			return entry;
4525 #ifdef CONFIG_WPS
4526 		if (!wpas_network_disabled(wpa_s, entry) &&
4527 		    (entry->key_mgmt & WPA_KEY_MGMT_WPS) &&
4528 		    (entry->ssid == NULL || entry->ssid_len == 0) &&
4529 		    (!entry->bssid_set ||
4530 		     os_memcmp(bssid, entry->bssid, ETH_ALEN) == 0))
4531 			return entry;
4532 #endif /* CONFIG_WPS */
4533 
4534 #ifdef CONFIG_OWE
4535 		if (!wpas_network_disabled(wpa_s, entry) &&
4536 		    owe_trans_ssid_match(wpa_s, bssid, entry->ssid,
4537 		    entry->ssid_len) &&
4538 		    (!entry->bssid_set ||
4539 		     os_memcmp(bssid, entry->bssid, ETH_ALEN) == 0))
4540 			return entry;
4541 #endif /* CONFIG_OWE */
4542 
4543 		if (!wpas_network_disabled(wpa_s, entry) && entry->bssid_set &&
4544 		    entry->ssid_len == 0 &&
4545 		    os_memcmp(bssid, entry->bssid, ETH_ALEN) == 0)
4546 			return entry;
4547 
4548 		entry = entry->next;
4549 	}
4550 
4551 	return NULL;
4552 }
4553 
4554 
select_driver(struct wpa_supplicant * wpa_s,int i)4555 static int select_driver(struct wpa_supplicant *wpa_s, int i)
4556 {
4557 	struct wpa_global *global = wpa_s->global;
4558 
4559 	if (wpa_drivers[i]->global_init && global->drv_priv[i] == NULL) {
4560 		global->drv_priv[i] = wpa_drivers[i]->global_init(global);
4561 		if (global->drv_priv[i] == NULL) {
4562 			wpa_printf(MSG_ERROR, "Failed to initialize driver "
4563 				   "'%s'", wpa_drivers[i]->name);
4564 			return -1;
4565 		}
4566 	}
4567 
4568 	wpa_s->driver = wpa_drivers[i];
4569 	wpa_s->global_drv_priv = global->drv_priv[i];
4570 
4571 	return 0;
4572 }
4573 
4574 
wpa_supplicant_set_driver(struct wpa_supplicant * wpa_s,const char * name)4575 static int wpa_supplicant_set_driver(struct wpa_supplicant *wpa_s,
4576 				     const char *name)
4577 {
4578 	int i;
4579 	size_t len;
4580 	const char *pos, *driver = name;
4581 
4582 	if (wpa_s == NULL)
4583 		return -1;
4584 
4585 	if (wpa_drivers[0] == NULL) {
4586 		wpa_msg(wpa_s, MSG_ERROR, "No driver interfaces build into "
4587 			"wpa_supplicant");
4588 		return -1;
4589 	}
4590 
4591 	if (name == NULL) {
4592 		/* default to first driver in the list */
4593 		return select_driver(wpa_s, 0);
4594 	}
4595 
4596 	do {
4597 		pos = os_strchr(driver, ',');
4598 		if (pos)
4599 			len = pos - driver;
4600 		else
4601 			len = os_strlen(driver);
4602 
4603 		for (i = 0; wpa_drivers[i]; i++) {
4604 			if (os_strlen(wpa_drivers[i]->name) == len &&
4605 			    os_strncmp(driver, wpa_drivers[i]->name, len) ==
4606 			    0) {
4607 				/* First driver that succeeds wins */
4608 				if (select_driver(wpa_s, i) == 0)
4609 					return 0;
4610 			}
4611 		}
4612 
4613 		driver = pos + 1;
4614 	} while (pos);
4615 
4616 	wpa_msg(wpa_s, MSG_ERROR, "Unsupported driver '%s'", name);
4617 	return -1;
4618 }
4619 
4620 
4621 /**
4622  * wpa_supplicant_rx_eapol - Deliver a received EAPOL frame to wpa_supplicant
4623  * @ctx: Context pointer (wpa_s); this is the ctx variable registered
4624  *	with struct wpa_driver_ops::init()
4625  * @src_addr: Source address of the EAPOL frame
4626  * @buf: EAPOL data starting from the EAPOL header (i.e., no Ethernet header)
4627  * @len: Length of the EAPOL data
4628  *
4629  * This function is called for each received EAPOL frame. Most driver
4630  * interfaces rely on more generic OS mechanism for receiving frames through
4631  * l2_packet, but if such a mechanism is not available, the driver wrapper may
4632  * take care of received EAPOL frames and deliver them to the core supplicant
4633  * code by calling this function.
4634  */
wpa_supplicant_rx_eapol(void * ctx,const u8 * src_addr,const u8 * buf,size_t len)4635 void wpa_supplicant_rx_eapol(void *ctx, const u8 *src_addr,
4636 			     const u8 *buf, size_t len)
4637 {
4638 	struct wpa_supplicant *wpa_s = ctx;
4639 
4640 	wpa_dbg(wpa_s, MSG_DEBUG, "RX EAPOL from " MACSTR, MAC2STR(src_addr));
4641 	wpa_hexdump(MSG_MSGDUMP, "RX EAPOL", buf, len);
4642 
4643 #ifdef CONFIG_TESTING_OPTIONS
4644 	if (wpa_s->ignore_auth_resp) {
4645 		wpa_printf(MSG_INFO, "RX EAPOL - ignore_auth_resp active!");
4646 		return;
4647 	}
4648 #endif /* CONFIG_TESTING_OPTIONS */
4649 
4650 	if (wpa_s->wpa_state < WPA_ASSOCIATED ||
4651 	    (wpa_s->last_eapol_matches_bssid &&
4652 #ifdef CONFIG_AP
4653 	     !wpa_s->ap_iface &&
4654 #endif /* CONFIG_AP */
4655 	     os_memcmp(src_addr, wpa_s->bssid, ETH_ALEN) != 0)) {
4656 		/*
4657 		 * There is possible race condition between receiving the
4658 		 * association event and the EAPOL frame since they are coming
4659 		 * through different paths from the driver. In order to avoid
4660 		 * issues in trying to process the EAPOL frame before receiving
4661 		 * association information, lets queue it for processing until
4662 		 * the association event is received. This may also be needed in
4663 		 * driver-based roaming case, so also use src_addr != BSSID as a
4664 		 * trigger if we have previously confirmed that the
4665 		 * Authenticator uses BSSID as the src_addr (which is not the
4666 		 * case with wired IEEE 802.1X).
4667 		 */
4668 		wpa_dbg(wpa_s, MSG_DEBUG, "Not associated - Delay processing "
4669 			"of received EAPOL frame (state=%s bssid=" MACSTR ")",
4670 			wpa_supplicant_state_txt(wpa_s->wpa_state),
4671 			MAC2STR(wpa_s->bssid));
4672 		wpabuf_free(wpa_s->pending_eapol_rx);
4673 		wpa_s->pending_eapol_rx = wpabuf_alloc_copy(buf, len);
4674 		if (wpa_s->pending_eapol_rx) {
4675 			os_get_reltime(&wpa_s->pending_eapol_rx_time);
4676 			os_memcpy(wpa_s->pending_eapol_rx_src, src_addr,
4677 				  ETH_ALEN);
4678 		}
4679 		return;
4680 	}
4681 
4682 	wpa_s->last_eapol_matches_bssid =
4683 		os_memcmp(src_addr, wpa_s->bssid, ETH_ALEN) == 0;
4684 
4685 #ifdef CONFIG_AP
4686 	if (wpa_s->ap_iface) {
4687 		wpa_supplicant_ap_rx_eapol(wpa_s, src_addr, buf, len);
4688 		return;
4689 	}
4690 #endif /* CONFIG_AP */
4691 
4692 	if (wpa_s->key_mgmt == WPA_KEY_MGMT_NONE) {
4693 		wpa_dbg(wpa_s, MSG_DEBUG, "Ignored received EAPOL frame since "
4694 			"no key management is configured");
4695 		return;
4696 	}
4697 
4698 	if (wpa_s->eapol_received == 0 &&
4699 	    (!(wpa_s->drv_flags & WPA_DRIVER_FLAGS_4WAY_HANDSHAKE_PSK) ||
4700 	     !wpa_key_mgmt_wpa_psk(wpa_s->key_mgmt) ||
4701 	     wpa_s->wpa_state != WPA_COMPLETED) &&
4702 	    (wpa_s->current_ssid == NULL ||
4703 	     wpa_s->current_ssid->mode != WPAS_MODE_IBSS)) {
4704 		/* Timeout for completing IEEE 802.1X and WPA authentication */
4705 		int timeout = 10;
4706 
4707 		if (wpa_key_mgmt_wpa_ieee8021x(wpa_s->key_mgmt) ||
4708 		    wpa_s->key_mgmt == WPA_KEY_MGMT_IEEE8021X_NO_WPA ||
4709 		    wpa_s->key_mgmt == WPA_KEY_MGMT_WPS) {
4710 			/* Use longer timeout for IEEE 802.1X/EAP */
4711 			timeout = 70;
4712 		}
4713 
4714 #ifdef CONFIG_WPS
4715 		if (wpa_s->current_ssid && wpa_s->current_bss &&
4716 		    (wpa_s->current_ssid->key_mgmt & WPA_KEY_MGMT_WPS) &&
4717 		    eap_is_wps_pin_enrollee(&wpa_s->current_ssid->eap)) {
4718 			/*
4719 			 * Use shorter timeout if going through WPS AP iteration
4720 			 * for PIN config method with an AP that does not
4721 			 * advertise Selected Registrar.
4722 			 */
4723 			struct wpabuf *wps_ie;
4724 
4725 			wps_ie = wpa_bss_get_vendor_ie_multi(
4726 				wpa_s->current_bss, WPS_IE_VENDOR_TYPE);
4727 			if (wps_ie &&
4728 			    !wps_is_addr_authorized(wps_ie, wpa_s->own_addr, 1))
4729 				timeout = 10;
4730 			wpabuf_free(wps_ie);
4731 		}
4732 #endif /* CONFIG_WPS */
4733 
4734 		wpa_supplicant_req_auth_timeout(wpa_s, timeout, 0);
4735 	}
4736 	wpa_s->eapol_received++;
4737 
4738 	if (wpa_s->countermeasures) {
4739 		wpa_msg(wpa_s, MSG_INFO, "WPA: Countermeasures - dropped "
4740 			"EAPOL packet");
4741 		return;
4742 	}
4743 
4744 #ifdef CONFIG_IBSS_RSN
4745 	if (wpa_s->current_ssid &&
4746 	    wpa_s->current_ssid->mode == WPAS_MODE_IBSS) {
4747 		ibss_rsn_rx_eapol(wpa_s->ibss_rsn, src_addr, buf, len);
4748 		return;
4749 	}
4750 #endif /* CONFIG_IBSS_RSN */
4751 
4752 	/* Source address of the incoming EAPOL frame could be compared to the
4753 	 * current BSSID. However, it is possible that a centralized
4754 	 * Authenticator could be using another MAC address than the BSSID of
4755 	 * an AP, so just allow any address to be used for now. The replies are
4756 	 * still sent to the current BSSID (if available), though. */
4757 
4758 	os_memcpy(wpa_s->last_eapol_src, src_addr, ETH_ALEN);
4759 	if (!wpa_key_mgmt_wpa_psk(wpa_s->key_mgmt) &&
4760 	    wpa_s->key_mgmt != WPA_KEY_MGMT_OWE &&
4761 	    wpa_s->key_mgmt != WPA_KEY_MGMT_DPP &&
4762 	    eapol_sm_rx_eapol(wpa_s->eapol, src_addr, buf, len) > 0)
4763 		return;
4764 	wpa_drv_poll(wpa_s);
4765 	if (!(wpa_s->drv_flags & WPA_DRIVER_FLAGS_4WAY_HANDSHAKE_PSK))
4766 		wpa_sm_rx_eapol(wpa_s->wpa, src_addr, buf, len);
4767 	else if (wpa_key_mgmt_wpa_ieee8021x(wpa_s->key_mgmt)) {
4768 		/*
4769 		 * Set portValid = true here since we are going to skip 4-way
4770 		 * handshake processing which would normally set portValid. We
4771 		 * need this to allow the EAPOL state machines to be completed
4772 		 * without going through EAPOL-Key handshake.
4773 		 */
4774 		eapol_sm_notify_portValid(wpa_s->eapol, true);
4775 	}
4776 }
4777 
4778 
wpas_eapol_needs_l2_packet(struct wpa_supplicant * wpa_s)4779 static int wpas_eapol_needs_l2_packet(struct wpa_supplicant *wpa_s)
4780 {
4781 	return !(wpa_s->drv_flags & WPA_DRIVER_FLAGS_CONTROL_PORT) ||
4782 		!(wpa_s->drv_flags2 & WPA_DRIVER_FLAGS2_CONTROL_PORT_RX);
4783 }
4784 
4785 
wpa_supplicant_update_mac_addr(struct wpa_supplicant * wpa_s)4786 int wpa_supplicant_update_mac_addr(struct wpa_supplicant *wpa_s)
4787 {
4788 	if ((!wpa_s->p2p_mgmt ||
4789 	     !(wpa_s->drv_flags & WPA_DRIVER_FLAGS_DEDICATED_P2P_DEVICE)) &&
4790 	    !(wpa_s->drv_flags & WPA_DRIVER_FLAGS_P2P_DEDICATED_INTERFACE)) {
4791 		l2_packet_deinit(wpa_s->l2);
4792 		wpa_s->l2 = l2_packet_init(wpa_s->ifname,
4793 					   wpa_drv_get_mac_addr(wpa_s),
4794 					   ETH_P_EAPOL,
4795 					   wpas_eapol_needs_l2_packet(wpa_s) ?
4796 					   wpa_supplicant_rx_eapol : NULL,
4797 					   wpa_s, 0);
4798 		if (wpa_s->l2 == NULL)
4799 			return -1;
4800 
4801 		if (l2_packet_set_packet_filter(wpa_s->l2,
4802 						L2_PACKET_FILTER_PKTTYPE))
4803 			wpa_dbg(wpa_s, MSG_DEBUG,
4804 				"Failed to attach pkt_type filter");
4805 
4806 		if (l2_packet_get_own_addr(wpa_s->l2, wpa_s->own_addr)) {
4807 			wpa_msg(wpa_s, MSG_ERROR,
4808 				"Failed to get own L2 address");
4809 			return -1;
4810 		}
4811 	} else {
4812 		const u8 *addr = wpa_drv_get_mac_addr(wpa_s);
4813 		if (addr)
4814 			os_memcpy(wpa_s->own_addr, addr, ETH_ALEN);
4815 	}
4816 
4817 	wpa_sm_set_own_addr(wpa_s->wpa, wpa_s->own_addr);
4818 	wpas_wps_update_mac_addr(wpa_s);
4819 
4820 #ifdef CONFIG_FST
4821 	if (wpa_s->fst)
4822 		fst_update_mac_addr(wpa_s->fst, wpa_s->own_addr);
4823 #endif /* CONFIG_FST */
4824 
4825 	return 0;
4826 }
4827 
4828 
wpa_supplicant_rx_eapol_bridge(void * ctx,const u8 * src_addr,const u8 * buf,size_t len)4829 static void wpa_supplicant_rx_eapol_bridge(void *ctx, const u8 *src_addr,
4830 					   const u8 *buf, size_t len)
4831 {
4832 	struct wpa_supplicant *wpa_s = ctx;
4833 	const struct l2_ethhdr *eth;
4834 
4835 	if (len < sizeof(*eth))
4836 		return;
4837 	eth = (const struct l2_ethhdr *) buf;
4838 
4839 	if (os_memcmp(eth->h_dest, wpa_s->own_addr, ETH_ALEN) != 0 &&
4840 	    !(eth->h_dest[0] & 0x01)) {
4841 		wpa_dbg(wpa_s, MSG_DEBUG, "RX EAPOL from " MACSTR " to " MACSTR
4842 			" (bridge - not for this interface - ignore)",
4843 			MAC2STR(src_addr), MAC2STR(eth->h_dest));
4844 		return;
4845 	}
4846 
4847 	wpa_dbg(wpa_s, MSG_DEBUG, "RX EAPOL from " MACSTR " to " MACSTR
4848 		" (bridge)", MAC2STR(src_addr), MAC2STR(eth->h_dest));
4849 	wpa_supplicant_rx_eapol(wpa_s, src_addr, buf + sizeof(*eth),
4850 				len - sizeof(*eth));
4851 }
4852 
4853 
4854 /**
4855  * wpa_supplicant_driver_init - Initialize driver interface parameters
4856  * @wpa_s: Pointer to wpa_supplicant data
4857  * Returns: 0 on success, -1 on failure
4858  *
4859  * This function is called to initialize driver interface parameters.
4860  * wpa_drv_init() must have been called before this function to initialize the
4861  * driver interface.
4862  */
wpa_supplicant_driver_init(struct wpa_supplicant * wpa_s)4863 int wpa_supplicant_driver_init(struct wpa_supplicant *wpa_s)
4864 {
4865 	static int interface_count = 0;
4866 
4867 	if (wpa_supplicant_update_mac_addr(wpa_s) < 0)
4868 		return -1;
4869 
4870 	wpa_dbg(wpa_s, MSG_DEBUG, "Own MAC address: " MACSTR,
4871 		MAC2STR(wpa_s->own_addr));
4872 	os_memcpy(wpa_s->perm_addr, wpa_s->own_addr, ETH_ALEN);
4873 	wpa_sm_set_own_addr(wpa_s->wpa, wpa_s->own_addr);
4874 
4875 	if (wpa_s->bridge_ifname[0] && wpas_eapol_needs_l2_packet(wpa_s)) {
4876 		wpa_dbg(wpa_s, MSG_DEBUG, "Receiving packets from bridge "
4877 			"interface '%s'", wpa_s->bridge_ifname);
4878 		wpa_s->l2_br = l2_packet_init_bridge(
4879 			wpa_s->bridge_ifname, wpa_s->ifname, wpa_s->own_addr,
4880 			ETH_P_EAPOL, wpa_supplicant_rx_eapol_bridge, wpa_s, 1);
4881 		if (wpa_s->l2_br == NULL) {
4882 			wpa_msg(wpa_s, MSG_ERROR, "Failed to open l2_packet "
4883 				"connection for the bridge interface '%s'",
4884 				wpa_s->bridge_ifname);
4885 			return -1;
4886 		}
4887 	}
4888 
4889 	if (wpa_s->conf->ap_scan == 2 &&
4890 	    os_strcmp(wpa_s->driver->name, "nl80211") == 0) {
4891 		wpa_printf(MSG_INFO,
4892 			   "Note: nl80211 driver interface is not designed to be used with ap_scan=2; this can result in connection failures");
4893 	}
4894 
4895 	wpa_clear_keys(wpa_s, NULL);
4896 
4897 	/* Make sure that TKIP countermeasures are not left enabled (could
4898 	 * happen if wpa_supplicant is killed during countermeasures. */
4899 	wpa_drv_set_countermeasures(wpa_s, 0);
4900 
4901 	wpa_dbg(wpa_s, MSG_DEBUG, "RSN: flushing PMKID list in the driver");
4902 	wpa_drv_flush_pmkid(wpa_s);
4903 
4904 	wpa_s->prev_scan_ssid = WILDCARD_SSID_SCAN;
4905 	wpa_s->prev_scan_wildcard = 0;
4906 
4907 	if (wpa_supplicant_enabled_networks(wpa_s)) {
4908 		if (wpa_s->wpa_state == WPA_INTERFACE_DISABLED) {
4909 			wpa_supplicant_set_state(wpa_s, WPA_DISCONNECTED);
4910 			interface_count = 0;
4911 		}
4912 #ifndef ANDROID
4913 		if (!wpa_s->p2p_mgmt &&
4914 		    wpa_supplicant_delayed_sched_scan(wpa_s,
4915 						      interface_count % 3,
4916 						      100000))
4917 			wpa_supplicant_req_scan(wpa_s, interface_count % 3,
4918 						100000);
4919 #endif /* ANDROID */
4920 		interface_count++;
4921 	} else
4922 		wpa_supplicant_set_state(wpa_s, WPA_INACTIVE);
4923 
4924 	return 0;
4925 }
4926 
4927 
wpa_supplicant_daemon(const char * pid_file)4928 static int wpa_supplicant_daemon(const char *pid_file)
4929 {
4930 	wpa_printf(MSG_DEBUG, "Daemonize..");
4931 	return os_daemonize(pid_file);
4932 }
4933 
4934 
4935 static struct wpa_supplicant *
wpa_supplicant_alloc(struct wpa_supplicant * parent)4936 wpa_supplicant_alloc(struct wpa_supplicant *parent)
4937 {
4938 	struct wpa_supplicant *wpa_s;
4939 
4940 	wpa_s = os_zalloc(sizeof(*wpa_s));
4941 	if (wpa_s == NULL)
4942 		return NULL;
4943 	wpa_s->scan_req = INITIAL_SCAN_REQ;
4944 	wpa_s->scan_interval = 5;
4945 	wpa_s->new_connection = 1;
4946 	wpa_s->parent = parent ? parent : wpa_s;
4947 	wpa_s->p2pdev = wpa_s->parent;
4948 	wpa_s->sched_scanning = 0;
4949 
4950 	dl_list_init(&wpa_s->bss_tmp_disallowed);
4951 	dl_list_init(&wpa_s->fils_hlp_req);
4952 #ifdef CONFIG_TESTING_OPTIONS
4953 	dl_list_init(&wpa_s->drv_signal_override);
4954 #endif /* CONFIG_TESTING_OPTIONS */
4955 
4956 	return wpa_s;
4957 }
4958 
4959 
4960 #ifdef CONFIG_HT_OVERRIDES
4961 
wpa_set_htcap_mcs(struct wpa_supplicant * wpa_s,struct ieee80211_ht_capabilities * htcaps,struct ieee80211_ht_capabilities * htcaps_mask,const char * ht_mcs)4962 static int wpa_set_htcap_mcs(struct wpa_supplicant *wpa_s,
4963 			     struct ieee80211_ht_capabilities *htcaps,
4964 			     struct ieee80211_ht_capabilities *htcaps_mask,
4965 			     const char *ht_mcs)
4966 {
4967 	/* parse ht_mcs into hex array */
4968 	int i;
4969 	const char *tmp = ht_mcs;
4970 	char *end = NULL;
4971 
4972 	/* If ht_mcs is null, do not set anything */
4973 	if (!ht_mcs)
4974 		return 0;
4975 
4976 	/* This is what we are setting in the kernel */
4977 	os_memset(&htcaps->supported_mcs_set, 0, IEEE80211_HT_MCS_MASK_LEN);
4978 
4979 	wpa_msg(wpa_s, MSG_DEBUG, "set_htcap, ht_mcs -:%s:-", ht_mcs);
4980 
4981 	for (i = 0; i < IEEE80211_HT_MCS_MASK_LEN; i++) {
4982 		long v;
4983 
4984 		errno = 0;
4985 		v = strtol(tmp, &end, 16);
4986 
4987 		if (errno == 0) {
4988 			wpa_msg(wpa_s, MSG_DEBUG,
4989 				"htcap value[%i]: %ld end: %p  tmp: %p",
4990 				i, v, end, tmp);
4991 			if (end == tmp)
4992 				break;
4993 
4994 			htcaps->supported_mcs_set[i] = v;
4995 			tmp = end;
4996 		} else {
4997 			wpa_msg(wpa_s, MSG_ERROR,
4998 				"Failed to parse ht-mcs: %s, error: %s\n",
4999 				ht_mcs, strerror(errno));
5000 			return -1;
5001 		}
5002 	}
5003 
5004 	/*
5005 	 * If we were able to parse any values, then set mask for the MCS set.
5006 	 */
5007 	if (i) {
5008 		os_memset(&htcaps_mask->supported_mcs_set, 0xff,
5009 			  IEEE80211_HT_MCS_MASK_LEN - 1);
5010 		/* skip the 3 reserved bits */
5011 		htcaps_mask->supported_mcs_set[IEEE80211_HT_MCS_MASK_LEN - 1] =
5012 			0x1f;
5013 	}
5014 
5015 	return 0;
5016 }
5017 
5018 
wpa_disable_max_amsdu(struct wpa_supplicant * wpa_s,struct ieee80211_ht_capabilities * htcaps,struct ieee80211_ht_capabilities * htcaps_mask,int disabled)5019 static int wpa_disable_max_amsdu(struct wpa_supplicant *wpa_s,
5020 				 struct ieee80211_ht_capabilities *htcaps,
5021 				 struct ieee80211_ht_capabilities *htcaps_mask,
5022 				 int disabled)
5023 {
5024 	le16 msk;
5025 
5026 	if (disabled == -1)
5027 		return 0;
5028 
5029 	wpa_msg(wpa_s, MSG_DEBUG, "set_disable_max_amsdu: %d", disabled);
5030 
5031 	msk = host_to_le16(HT_CAP_INFO_MAX_AMSDU_SIZE);
5032 	htcaps_mask->ht_capabilities_info |= msk;
5033 	if (disabled)
5034 		htcaps->ht_capabilities_info &= msk;
5035 	else
5036 		htcaps->ht_capabilities_info |= msk;
5037 
5038 	return 0;
5039 }
5040 
5041 
wpa_set_ampdu_factor(struct wpa_supplicant * wpa_s,struct ieee80211_ht_capabilities * htcaps,struct ieee80211_ht_capabilities * htcaps_mask,int factor)5042 static int wpa_set_ampdu_factor(struct wpa_supplicant *wpa_s,
5043 				struct ieee80211_ht_capabilities *htcaps,
5044 				struct ieee80211_ht_capabilities *htcaps_mask,
5045 				int factor)
5046 {
5047 	if (factor == -1)
5048 		return 0;
5049 
5050 	wpa_msg(wpa_s, MSG_DEBUG, "set_ampdu_factor: %d", factor);
5051 
5052 	if (factor < 0 || factor > 3) {
5053 		wpa_msg(wpa_s, MSG_ERROR, "ampdu_factor: %d out of range. "
5054 			"Must be 0-3 or -1", factor);
5055 		return -EINVAL;
5056 	}
5057 
5058 	htcaps_mask->a_mpdu_params |= 0x3; /* 2 bits for factor */
5059 	htcaps->a_mpdu_params &= ~0x3;
5060 	htcaps->a_mpdu_params |= factor & 0x3;
5061 
5062 	return 0;
5063 }
5064 
5065 
wpa_set_ampdu_density(struct wpa_supplicant * wpa_s,struct ieee80211_ht_capabilities * htcaps,struct ieee80211_ht_capabilities * htcaps_mask,int density)5066 static int wpa_set_ampdu_density(struct wpa_supplicant *wpa_s,
5067 				 struct ieee80211_ht_capabilities *htcaps,
5068 				 struct ieee80211_ht_capabilities *htcaps_mask,
5069 				 int density)
5070 {
5071 	if (density == -1)
5072 		return 0;
5073 
5074 	wpa_msg(wpa_s, MSG_DEBUG, "set_ampdu_density: %d", density);
5075 
5076 	if (density < 0 || density > 7) {
5077 		wpa_msg(wpa_s, MSG_ERROR,
5078 			"ampdu_density: %d out of range. Must be 0-7 or -1.",
5079 			density);
5080 		return -EINVAL;
5081 	}
5082 
5083 	htcaps_mask->a_mpdu_params |= 0x1C;
5084 	htcaps->a_mpdu_params &= ~(0x1C);
5085 	htcaps->a_mpdu_params |= (density << 2) & 0x1C;
5086 
5087 	return 0;
5088 }
5089 
5090 
wpa_set_disable_ht40(struct wpa_supplicant * wpa_s,struct ieee80211_ht_capabilities * htcaps,struct ieee80211_ht_capabilities * htcaps_mask,int disabled)5091 static int wpa_set_disable_ht40(struct wpa_supplicant *wpa_s,
5092 				struct ieee80211_ht_capabilities *htcaps,
5093 				struct ieee80211_ht_capabilities *htcaps_mask,
5094 				int disabled)
5095 {
5096 	if (disabled)
5097 		wpa_msg(wpa_s, MSG_DEBUG, "set_disable_ht40: %d", disabled);
5098 
5099 	set_disable_ht40(htcaps, disabled);
5100 	set_disable_ht40(htcaps_mask, 0);
5101 
5102 	return 0;
5103 }
5104 
5105 
wpa_set_disable_sgi(struct wpa_supplicant * wpa_s,struct ieee80211_ht_capabilities * htcaps,struct ieee80211_ht_capabilities * htcaps_mask,int disabled)5106 static int wpa_set_disable_sgi(struct wpa_supplicant *wpa_s,
5107 			       struct ieee80211_ht_capabilities *htcaps,
5108 			       struct ieee80211_ht_capabilities *htcaps_mask,
5109 			       int disabled)
5110 {
5111 	/* Masking these out disables SGI */
5112 	le16 msk = host_to_le16(HT_CAP_INFO_SHORT_GI20MHZ |
5113 				HT_CAP_INFO_SHORT_GI40MHZ);
5114 
5115 	if (disabled)
5116 		wpa_msg(wpa_s, MSG_DEBUG, "set_disable_sgi: %d", disabled);
5117 
5118 	if (disabled)
5119 		htcaps->ht_capabilities_info &= ~msk;
5120 	else
5121 		htcaps->ht_capabilities_info |= msk;
5122 
5123 	htcaps_mask->ht_capabilities_info |= msk;
5124 
5125 	return 0;
5126 }
5127 
5128 
wpa_set_disable_ldpc(struct wpa_supplicant * wpa_s,struct ieee80211_ht_capabilities * htcaps,struct ieee80211_ht_capabilities * htcaps_mask,int disabled)5129 static int wpa_set_disable_ldpc(struct wpa_supplicant *wpa_s,
5130 			       struct ieee80211_ht_capabilities *htcaps,
5131 			       struct ieee80211_ht_capabilities *htcaps_mask,
5132 			       int disabled)
5133 {
5134 	/* Masking these out disables LDPC */
5135 	le16 msk = host_to_le16(HT_CAP_INFO_LDPC_CODING_CAP);
5136 
5137 	if (disabled)
5138 		wpa_msg(wpa_s, MSG_DEBUG, "set_disable_ldpc: %d", disabled);
5139 
5140 	if (disabled)
5141 		htcaps->ht_capabilities_info &= ~msk;
5142 	else
5143 		htcaps->ht_capabilities_info |= msk;
5144 
5145 	htcaps_mask->ht_capabilities_info |= msk;
5146 
5147 	return 0;
5148 }
5149 
5150 
wpa_set_tx_stbc(struct wpa_supplicant * wpa_s,struct ieee80211_ht_capabilities * htcaps,struct ieee80211_ht_capabilities * htcaps_mask,int tx_stbc)5151 static int wpa_set_tx_stbc(struct wpa_supplicant *wpa_s,
5152 			   struct ieee80211_ht_capabilities *htcaps,
5153 			   struct ieee80211_ht_capabilities *htcaps_mask,
5154 			   int tx_stbc)
5155 {
5156 	le16 msk = host_to_le16(HT_CAP_INFO_TX_STBC);
5157 
5158 	if (tx_stbc == -1)
5159 		return 0;
5160 
5161 	wpa_msg(wpa_s, MSG_DEBUG, "set_tx_stbc: %d", tx_stbc);
5162 
5163 	if (tx_stbc < 0 || tx_stbc > 1) {
5164 		wpa_msg(wpa_s, MSG_ERROR,
5165 			"tx_stbc: %d out of range. Must be 0-1 or -1", tx_stbc);
5166 		return -EINVAL;
5167 	}
5168 
5169 	htcaps_mask->ht_capabilities_info |= msk;
5170 	htcaps->ht_capabilities_info &= ~msk;
5171 	htcaps->ht_capabilities_info |= (tx_stbc << 7) & msk;
5172 
5173 	return 0;
5174 }
5175 
5176 
wpa_set_rx_stbc(struct wpa_supplicant * wpa_s,struct ieee80211_ht_capabilities * htcaps,struct ieee80211_ht_capabilities * htcaps_mask,int rx_stbc)5177 static int wpa_set_rx_stbc(struct wpa_supplicant *wpa_s,
5178 			   struct ieee80211_ht_capabilities *htcaps,
5179 			   struct ieee80211_ht_capabilities *htcaps_mask,
5180 			   int rx_stbc)
5181 {
5182 	le16 msk = host_to_le16(HT_CAP_INFO_RX_STBC_MASK);
5183 
5184 	if (rx_stbc == -1)
5185 		return 0;
5186 
5187 	wpa_msg(wpa_s, MSG_DEBUG, "set_rx_stbc: %d", rx_stbc);
5188 
5189 	if (rx_stbc < 0 || rx_stbc > 3) {
5190 		wpa_msg(wpa_s, MSG_ERROR,
5191 			"rx_stbc: %d out of range. Must be 0-3 or -1", rx_stbc);
5192 		return -EINVAL;
5193 	}
5194 
5195 	htcaps_mask->ht_capabilities_info |= msk;
5196 	htcaps->ht_capabilities_info &= ~msk;
5197 	htcaps->ht_capabilities_info |= (rx_stbc << 8) & msk;
5198 
5199 	return 0;
5200 }
5201 
5202 
wpa_supplicant_apply_ht_overrides(struct wpa_supplicant * wpa_s,struct wpa_ssid * ssid,struct wpa_driver_associate_params * params)5203 void wpa_supplicant_apply_ht_overrides(
5204 	struct wpa_supplicant *wpa_s, struct wpa_ssid *ssid,
5205 	struct wpa_driver_associate_params *params)
5206 {
5207 	struct ieee80211_ht_capabilities *htcaps;
5208 	struct ieee80211_ht_capabilities *htcaps_mask;
5209 
5210 	if (!ssid)
5211 		return;
5212 
5213 	params->disable_ht = ssid->disable_ht;
5214 	if (!params->htcaps || !params->htcaps_mask)
5215 		return;
5216 
5217 	htcaps = (struct ieee80211_ht_capabilities *) params->htcaps;
5218 	htcaps_mask = (struct ieee80211_ht_capabilities *) params->htcaps_mask;
5219 	wpa_set_htcap_mcs(wpa_s, htcaps, htcaps_mask, ssid->ht_mcs);
5220 	wpa_disable_max_amsdu(wpa_s, htcaps, htcaps_mask,
5221 			      ssid->disable_max_amsdu);
5222 	wpa_set_ampdu_factor(wpa_s, htcaps, htcaps_mask, ssid->ampdu_factor);
5223 	wpa_set_ampdu_density(wpa_s, htcaps, htcaps_mask, ssid->ampdu_density);
5224 	wpa_set_disable_ht40(wpa_s, htcaps, htcaps_mask, ssid->disable_ht40);
5225 	wpa_set_disable_sgi(wpa_s, htcaps, htcaps_mask, ssid->disable_sgi);
5226 	wpa_set_disable_ldpc(wpa_s, htcaps, htcaps_mask, ssid->disable_ldpc);
5227 	wpa_set_rx_stbc(wpa_s, htcaps, htcaps_mask, ssid->rx_stbc);
5228 	wpa_set_tx_stbc(wpa_s, htcaps, htcaps_mask, ssid->tx_stbc);
5229 
5230 	if (ssid->ht40_intolerant) {
5231 		le16 bit = host_to_le16(HT_CAP_INFO_40MHZ_INTOLERANT);
5232 		htcaps->ht_capabilities_info |= bit;
5233 		htcaps_mask->ht_capabilities_info |= bit;
5234 	}
5235 }
5236 
5237 #endif /* CONFIG_HT_OVERRIDES */
5238 
5239 
5240 #ifdef CONFIG_VHT_OVERRIDES
wpa_supplicant_apply_vht_overrides(struct wpa_supplicant * wpa_s,struct wpa_ssid * ssid,struct wpa_driver_associate_params * params)5241 void wpa_supplicant_apply_vht_overrides(
5242 	struct wpa_supplicant *wpa_s, struct wpa_ssid *ssid,
5243 	struct wpa_driver_associate_params *params)
5244 {
5245 	struct ieee80211_vht_capabilities *vhtcaps;
5246 	struct ieee80211_vht_capabilities *vhtcaps_mask;
5247 
5248 	if (!ssid)
5249 		return;
5250 
5251 	params->disable_vht = ssid->disable_vht;
5252 
5253 	vhtcaps = (void *) params->vhtcaps;
5254 	vhtcaps_mask = (void *) params->vhtcaps_mask;
5255 
5256 	if (!vhtcaps || !vhtcaps_mask)
5257 		return;
5258 
5259 	vhtcaps->vht_capabilities_info = host_to_le32(ssid->vht_capa);
5260 	vhtcaps_mask->vht_capabilities_info = host_to_le32(ssid->vht_capa_mask);
5261 
5262 #ifdef CONFIG_HT_OVERRIDES
5263 	if (ssid->disable_sgi) {
5264 		vhtcaps_mask->vht_capabilities_info |= (VHT_CAP_SHORT_GI_80 |
5265 							VHT_CAP_SHORT_GI_160);
5266 		vhtcaps->vht_capabilities_info &= ~(VHT_CAP_SHORT_GI_80 |
5267 						    VHT_CAP_SHORT_GI_160);
5268 		wpa_msg(wpa_s, MSG_DEBUG,
5269 			"disable-sgi override specified, vht-caps: 0x%x",
5270 			vhtcaps->vht_capabilities_info);
5271 	}
5272 
5273 	/* if max ampdu is <= 3, we have to make the HT cap the same */
5274 	if (ssid->vht_capa_mask & VHT_CAP_MAX_A_MPDU_LENGTH_EXPONENT_MAX) {
5275 		int max_ampdu;
5276 
5277 		max_ampdu = (ssid->vht_capa &
5278 			     VHT_CAP_MAX_A_MPDU_LENGTH_EXPONENT_MAX) >>
5279 			VHT_CAP_MAX_A_MPDU_LENGTH_EXPONENT_MAX_SHIFT;
5280 
5281 		max_ampdu = max_ampdu < 3 ? max_ampdu : 3;
5282 		wpa_set_ampdu_factor(wpa_s,
5283 				     (void *) params->htcaps,
5284 				     (void *) params->htcaps_mask,
5285 				     max_ampdu);
5286 	}
5287 #endif /* CONFIG_HT_OVERRIDES */
5288 
5289 #define OVERRIDE_MCS(i)							\
5290 	if (ssid->vht_tx_mcs_nss_ ##i >= 0) {				\
5291 		vhtcaps_mask->vht_supported_mcs_set.tx_map |=		\
5292 			host_to_le16(3 << 2 * (i - 1));			\
5293 		vhtcaps->vht_supported_mcs_set.tx_map |=		\
5294 			host_to_le16(ssid->vht_tx_mcs_nss_ ##i <<	\
5295 				     2 * (i - 1));			\
5296 	}								\
5297 	if (ssid->vht_rx_mcs_nss_ ##i >= 0) {				\
5298 		vhtcaps_mask->vht_supported_mcs_set.rx_map |=		\
5299 			host_to_le16(3 << 2 * (i - 1));			\
5300 		vhtcaps->vht_supported_mcs_set.rx_map |=		\
5301 			host_to_le16(ssid->vht_rx_mcs_nss_ ##i <<	\
5302 				     2 * (i - 1));			\
5303 	}
5304 
5305 	OVERRIDE_MCS(1);
5306 	OVERRIDE_MCS(2);
5307 	OVERRIDE_MCS(3);
5308 	OVERRIDE_MCS(4);
5309 	OVERRIDE_MCS(5);
5310 	OVERRIDE_MCS(6);
5311 	OVERRIDE_MCS(7);
5312 	OVERRIDE_MCS(8);
5313 }
5314 #endif /* CONFIG_VHT_OVERRIDES */
5315 
5316 
5317 #ifdef CONFIG_HE_OVERRIDES
wpa_supplicant_apply_he_overrides(struct wpa_supplicant * wpa_s,struct wpa_ssid * ssid,struct wpa_driver_associate_params * params)5318 void wpa_supplicant_apply_he_overrides(
5319 	struct wpa_supplicant *wpa_s, struct wpa_ssid *ssid,
5320 	struct wpa_driver_associate_params *params)
5321 {
5322 	if (!ssid)
5323 		return;
5324 
5325 	params->disable_he = ssid->disable_he;
5326 }
5327 #endif /* CONFIG_HE_OVERRIDES */
5328 
5329 
pcsc_reader_init(struct wpa_supplicant * wpa_s)5330 static int pcsc_reader_init(struct wpa_supplicant *wpa_s)
5331 {
5332 #ifdef PCSC_FUNCS
5333 	size_t len;
5334 
5335 	if (!wpa_s->conf->pcsc_reader)
5336 		return 0;
5337 
5338 	wpa_s->scard = scard_init(wpa_s->conf->pcsc_reader);
5339 	if (!wpa_s->scard)
5340 		return 1;
5341 
5342 	if (wpa_s->conf->pcsc_pin &&
5343 	    scard_set_pin(wpa_s->scard, wpa_s->conf->pcsc_pin) < 0) {
5344 		scard_deinit(wpa_s->scard);
5345 		wpa_s->scard = NULL;
5346 		wpa_msg(wpa_s, MSG_ERROR, "PC/SC PIN validation failed");
5347 		return -1;
5348 	}
5349 
5350 	len = sizeof(wpa_s->imsi) - 1;
5351 	if (scard_get_imsi(wpa_s->scard, wpa_s->imsi, &len)) {
5352 		scard_deinit(wpa_s->scard);
5353 		wpa_s->scard = NULL;
5354 		wpa_msg(wpa_s, MSG_ERROR, "Could not read IMSI");
5355 		return -1;
5356 	}
5357 	wpa_s->imsi[len] = '\0';
5358 
5359 	wpa_s->mnc_len = scard_get_mnc_len(wpa_s->scard);
5360 
5361 	wpa_printf(MSG_DEBUG, "SCARD: IMSI %s (MNC length %d)",
5362 		   wpa_s->imsi, wpa_s->mnc_len);
5363 
5364 	wpa_sm_set_scard_ctx(wpa_s->wpa, wpa_s->scard);
5365 	eapol_sm_register_scard_ctx(wpa_s->eapol, wpa_s->scard);
5366 #endif /* PCSC_FUNCS */
5367 
5368 	return 0;
5369 }
5370 
5371 
wpas_init_ext_pw(struct wpa_supplicant * wpa_s)5372 int wpas_init_ext_pw(struct wpa_supplicant *wpa_s)
5373 {
5374 	char *val, *pos;
5375 
5376 	ext_password_deinit(wpa_s->ext_pw);
5377 	wpa_s->ext_pw = NULL;
5378 	eapol_sm_set_ext_pw_ctx(wpa_s->eapol, NULL);
5379 
5380 	if (!wpa_s->conf->ext_password_backend)
5381 		return 0;
5382 
5383 	val = os_strdup(wpa_s->conf->ext_password_backend);
5384 	if (val == NULL)
5385 		return -1;
5386 	pos = os_strchr(val, ':');
5387 	if (pos)
5388 		*pos++ = '\0';
5389 
5390 	wpa_printf(MSG_DEBUG, "EXT PW: Initialize backend '%s'", val);
5391 
5392 	wpa_s->ext_pw = ext_password_init(val, pos);
5393 	os_free(val);
5394 	if (wpa_s->ext_pw == NULL) {
5395 		wpa_printf(MSG_DEBUG, "EXT PW: Failed to initialize backend");
5396 		return -1;
5397 	}
5398 	eapol_sm_set_ext_pw_ctx(wpa_s->eapol, wpa_s->ext_pw);
5399 
5400 	return 0;
5401 }
5402 
5403 
5404 #ifdef CONFIG_FST
5405 
wpas_fst_get_bssid_cb(void * ctx)5406 static const u8 * wpas_fst_get_bssid_cb(void *ctx)
5407 {
5408 	struct wpa_supplicant *wpa_s = ctx;
5409 
5410 	return (is_zero_ether_addr(wpa_s->bssid) ||
5411 		wpa_s->wpa_state != WPA_COMPLETED) ? NULL : wpa_s->bssid;
5412 }
5413 
5414 
wpas_fst_get_channel_info_cb(void * ctx,enum hostapd_hw_mode * hw_mode,u8 * channel)5415 static void wpas_fst_get_channel_info_cb(void *ctx,
5416 					 enum hostapd_hw_mode *hw_mode,
5417 					 u8 *channel)
5418 {
5419 	struct wpa_supplicant *wpa_s = ctx;
5420 
5421 	if (wpa_s->current_bss) {
5422 		*hw_mode = ieee80211_freq_to_chan(wpa_s->current_bss->freq,
5423 						  channel);
5424 	} else if (wpa_s->hw.num_modes) {
5425 		*hw_mode = wpa_s->hw.modes[0].mode;
5426 	} else {
5427 		WPA_ASSERT(0);
5428 		*hw_mode = 0;
5429 	}
5430 }
5431 
5432 
wpas_fst_get_hw_modes(void * ctx,struct hostapd_hw_modes ** modes)5433 static int wpas_fst_get_hw_modes(void *ctx, struct hostapd_hw_modes **modes)
5434 {
5435 	struct wpa_supplicant *wpa_s = ctx;
5436 
5437 	*modes = wpa_s->hw.modes;
5438 	return wpa_s->hw.num_modes;
5439 }
5440 
5441 
wpas_fst_set_ies_cb(void * ctx,const struct wpabuf * fst_ies)5442 static void wpas_fst_set_ies_cb(void *ctx, const struct wpabuf *fst_ies)
5443 {
5444 	struct wpa_supplicant *wpa_s = ctx;
5445 
5446 	wpa_hexdump_buf(MSG_DEBUG, "FST: Set IEs", fst_ies);
5447 	wpa_s->fst_ies = fst_ies;
5448 }
5449 
5450 
wpas_fst_send_action_cb(void * ctx,const u8 * da,struct wpabuf * data)5451 static int wpas_fst_send_action_cb(void *ctx, const u8 *da, struct wpabuf *data)
5452 {
5453 	struct wpa_supplicant *wpa_s = ctx;
5454 
5455 	if (os_memcmp(wpa_s->bssid, da, ETH_ALEN) != 0) {
5456 		wpa_printf(MSG_INFO, "FST:%s:bssid=" MACSTR " != da=" MACSTR,
5457 			   __func__, MAC2STR(wpa_s->bssid), MAC2STR(da));
5458 		return -1;
5459 	}
5460 	return wpa_drv_send_action(wpa_s, wpa_s->assoc_freq, 0, wpa_s->bssid,
5461 				   wpa_s->own_addr, wpa_s->bssid,
5462 				   wpabuf_head(data), wpabuf_len(data),
5463 				   0);
5464 }
5465 
5466 
wpas_fst_get_mb_ie_cb(void * ctx,const u8 * addr)5467 static const struct wpabuf * wpas_fst_get_mb_ie_cb(void *ctx, const u8 *addr)
5468 {
5469 	struct wpa_supplicant *wpa_s = ctx;
5470 
5471 	WPA_ASSERT(os_memcmp(wpa_s->bssid, addr, ETH_ALEN) == 0);
5472 	return wpa_s->received_mb_ies;
5473 }
5474 
5475 
wpas_fst_update_mb_ie_cb(void * ctx,const u8 * addr,const u8 * buf,size_t size)5476 static void wpas_fst_update_mb_ie_cb(void *ctx, const u8 *addr,
5477 				     const u8 *buf, size_t size)
5478 {
5479 	struct wpa_supplicant *wpa_s = ctx;
5480 	struct mb_ies_info info;
5481 
5482 	WPA_ASSERT(os_memcmp(wpa_s->bssid, addr, ETH_ALEN) == 0);
5483 
5484 	if (!mb_ies_info_by_ies(&info, buf, size)) {
5485 		wpabuf_free(wpa_s->received_mb_ies);
5486 		wpa_s->received_mb_ies = mb_ies_by_info(&info);
5487 	}
5488 }
5489 
5490 
wpas_fst_get_peer_first(void * ctx,struct fst_get_peer_ctx ** get_ctx,bool mb_only)5491 static const u8 * wpas_fst_get_peer_first(void *ctx,
5492 					  struct fst_get_peer_ctx **get_ctx,
5493 					  bool mb_only)
5494 {
5495 	struct wpa_supplicant *wpa_s = ctx;
5496 
5497 	*get_ctx = NULL;
5498 	if (!is_zero_ether_addr(wpa_s->bssid))
5499 		return (wpa_s->received_mb_ies || !mb_only) ?
5500 			wpa_s->bssid : NULL;
5501 	return NULL;
5502 }
5503 
5504 
wpas_fst_get_peer_next(void * ctx,struct fst_get_peer_ctx ** get_ctx,bool mb_only)5505 static const u8 * wpas_fst_get_peer_next(void *ctx,
5506 					 struct fst_get_peer_ctx **get_ctx,
5507 					 bool mb_only)
5508 {
5509 	return NULL;
5510 }
5511 
fst_wpa_supplicant_fill_iface_obj(struct wpa_supplicant * wpa_s,struct fst_wpa_obj * iface_obj)5512 void fst_wpa_supplicant_fill_iface_obj(struct wpa_supplicant *wpa_s,
5513 				       struct fst_wpa_obj *iface_obj)
5514 {
5515 	iface_obj->ctx              = wpa_s;
5516 	iface_obj->get_bssid        = wpas_fst_get_bssid_cb;
5517 	iface_obj->get_channel_info = wpas_fst_get_channel_info_cb;
5518 	iface_obj->get_hw_modes     = wpas_fst_get_hw_modes;
5519 	iface_obj->set_ies          = wpas_fst_set_ies_cb;
5520 	iface_obj->send_action      = wpas_fst_send_action_cb;
5521 	iface_obj->get_mb_ie        = wpas_fst_get_mb_ie_cb;
5522 	iface_obj->update_mb_ie     = wpas_fst_update_mb_ie_cb;
5523 	iface_obj->get_peer_first   = wpas_fst_get_peer_first;
5524 	iface_obj->get_peer_next    = wpas_fst_get_peer_next;
5525 }
5526 #endif /* CONFIG_FST */
5527 
wpas_set_wowlan_triggers(struct wpa_supplicant * wpa_s,const struct wpa_driver_capa * capa)5528 static int wpas_set_wowlan_triggers(struct wpa_supplicant *wpa_s,
5529 				    const struct wpa_driver_capa *capa)
5530 {
5531 	struct wowlan_triggers *triggers;
5532 	int ret = 0;
5533 
5534 	if (!wpa_s->conf->wowlan_triggers)
5535 		return 0;
5536 
5537 	triggers = wpa_get_wowlan_triggers(wpa_s->conf->wowlan_triggers, capa);
5538 	if (triggers) {
5539 		ret = wpa_drv_wowlan(wpa_s, triggers);
5540 		os_free(triggers);
5541 	}
5542 	return ret;
5543 }
5544 
5545 
wpas_freq_to_band(int freq)5546 enum wpa_radio_work_band wpas_freq_to_band(int freq)
5547 {
5548 	if (freq < 3000)
5549 		return BAND_2_4_GHZ;
5550 	if (freq > 50000)
5551 		return BAND_60_GHZ;
5552 	return BAND_5_GHZ;
5553 }
5554 
5555 
wpas_get_bands(struct wpa_supplicant * wpa_s,const int * freqs)5556 unsigned int wpas_get_bands(struct wpa_supplicant *wpa_s, const int *freqs)
5557 {
5558 	int i;
5559 	unsigned int band = 0;
5560 
5561 	if (freqs) {
5562 		/* freqs are specified for the radio work */
5563 		for (i = 0; freqs[i]; i++)
5564 			band |= wpas_freq_to_band(freqs[i]);
5565 	} else {
5566 		/*
5567 		 * freqs are not specified, implies all
5568 		 * the supported freqs by HW
5569 		 */
5570 		for (i = 0; i < wpa_s->hw.num_modes; i++) {
5571 			if (wpa_s->hw.modes[i].num_channels != 0) {
5572 				if (wpa_s->hw.modes[i].mode ==
5573 				    HOSTAPD_MODE_IEEE80211B ||
5574 				    wpa_s->hw.modes[i].mode ==
5575 				    HOSTAPD_MODE_IEEE80211G)
5576 					band |= BAND_2_4_GHZ;
5577 				else if (wpa_s->hw.modes[i].mode ==
5578 					 HOSTAPD_MODE_IEEE80211A)
5579 					band |= BAND_5_GHZ;
5580 				else if (wpa_s->hw.modes[i].mode ==
5581 					 HOSTAPD_MODE_IEEE80211AD)
5582 					band |= BAND_60_GHZ;
5583 				else if (wpa_s->hw.modes[i].mode ==
5584 					 HOSTAPD_MODE_IEEE80211ANY)
5585 					band = BAND_2_4_GHZ | BAND_5_GHZ |
5586 						BAND_60_GHZ;
5587 			}
5588 		}
5589 	}
5590 
5591 	return band;
5592 }
5593 
5594 
radio_add_interface(struct wpa_supplicant * wpa_s,const char * rn)5595 static struct wpa_radio * radio_add_interface(struct wpa_supplicant *wpa_s,
5596 					      const char *rn)
5597 {
5598 	struct wpa_supplicant *iface = wpa_s->global->ifaces;
5599 	struct wpa_radio *radio;
5600 
5601 	while (rn && iface) {
5602 		radio = iface->radio;
5603 		if (radio && os_strcmp(rn, radio->name) == 0) {
5604 			wpa_printf(MSG_DEBUG, "Add interface %s to existing radio %s",
5605 				   wpa_s->ifname, rn);
5606 			dl_list_add(&radio->ifaces, &wpa_s->radio_list);
5607 			return radio;
5608 		}
5609 
5610 		iface = iface->next;
5611 	}
5612 
5613 	wpa_printf(MSG_DEBUG, "Add interface %s to a new radio %s",
5614 		   wpa_s->ifname, rn ? rn : "N/A");
5615 	radio = os_zalloc(sizeof(*radio));
5616 	if (radio == NULL)
5617 		return NULL;
5618 
5619 	if (rn)
5620 		os_strlcpy(radio->name, rn, sizeof(radio->name));
5621 	dl_list_init(&radio->ifaces);
5622 	dl_list_init(&radio->work);
5623 	dl_list_add(&radio->ifaces, &wpa_s->radio_list);
5624 
5625 	return radio;
5626 }
5627 
5628 
radio_work_free(struct wpa_radio_work * work)5629 static void radio_work_free(struct wpa_radio_work *work)
5630 {
5631 	if (work->wpa_s->scan_work == work) {
5632 		/* This should not really happen. */
5633 		wpa_dbg(work->wpa_s, MSG_INFO, "Freeing radio work '%s'@%p (started=%d) that is marked as scan_work",
5634 			work->type, work, work->started);
5635 		work->wpa_s->scan_work = NULL;
5636 	}
5637 
5638 #ifdef CONFIG_P2P
5639 	if (work->wpa_s->p2p_scan_work == work) {
5640 		/* This should not really happen. */
5641 		wpa_dbg(work->wpa_s, MSG_INFO, "Freeing radio work '%s'@%p (started=%d) that is marked as p2p_scan_work",
5642 			work->type, work, work->started);
5643 		work->wpa_s->p2p_scan_work = NULL;
5644 	}
5645 #endif /* CONFIG_P2P */
5646 
5647 	if (work->started) {
5648 		work->wpa_s->radio->num_active_works--;
5649 		wpa_dbg(work->wpa_s, MSG_DEBUG,
5650 			"radio_work_free('%s'@%p): num_active_works --> %u",
5651 			work->type, work,
5652 			work->wpa_s->radio->num_active_works);
5653 	}
5654 
5655 	dl_list_del(&work->list);
5656 	os_free(work);
5657 }
5658 
5659 
radio_work_is_connect(struct wpa_radio_work * work)5660 static int radio_work_is_connect(struct wpa_radio_work *work)
5661 {
5662 	return os_strcmp(work->type, "sme-connect") == 0 ||
5663 		os_strcmp(work->type, "connect") == 0;
5664 }
5665 
5666 
radio_work_is_scan(struct wpa_radio_work * work)5667 static int radio_work_is_scan(struct wpa_radio_work *work)
5668 {
5669 	return os_strcmp(work->type, "scan") == 0 ||
5670 		os_strcmp(work->type, "p2p-scan") == 0;
5671 }
5672 
5673 
radio_work_get_next_work(struct wpa_radio * radio)5674 static struct wpa_radio_work * radio_work_get_next_work(struct wpa_radio *radio)
5675 {
5676 	struct wpa_radio_work *active_work = NULL;
5677 	struct wpa_radio_work *tmp;
5678 
5679 	/* Get the active work to know the type and band. */
5680 	dl_list_for_each(tmp, &radio->work, struct wpa_radio_work, list) {
5681 		if (tmp->started) {
5682 			active_work = tmp;
5683 			break;
5684 		}
5685 	}
5686 
5687 	if (!active_work) {
5688 		/* No active work, start one */
5689 		radio->num_active_works = 0;
5690 		dl_list_for_each(tmp, &radio->work, struct wpa_radio_work,
5691 				 list) {
5692 			if (os_strcmp(tmp->type, "scan") == 0 &&
5693 			    radio->external_scan_running &&
5694 			    (((struct wpa_driver_scan_params *)
5695 			      tmp->ctx)->only_new_results ||
5696 			     tmp->wpa_s->clear_driver_scan_cache))
5697 				continue;
5698 			return tmp;
5699 		}
5700 		return NULL;
5701 	}
5702 
5703 	if (radio_work_is_connect(active_work)) {
5704 		/*
5705 		 * If the active work is either connect or sme-connect,
5706 		 * do not parallelize them with other radio works.
5707 		 */
5708 		wpa_dbg(active_work->wpa_s, MSG_DEBUG,
5709 			"Do not parallelize radio work with %s",
5710 			active_work->type);
5711 		return NULL;
5712 	}
5713 
5714 	dl_list_for_each(tmp, &radio->work, struct wpa_radio_work, list) {
5715 		if (tmp->started)
5716 			continue;
5717 
5718 		/*
5719 		 * If connect or sme-connect are enqueued, parallelize only
5720 		 * those operations ahead of them in the queue.
5721 		 */
5722 		if (radio_work_is_connect(tmp))
5723 			break;
5724 
5725 		/* Serialize parallel scan and p2p_scan operations on the same
5726 		 * interface since the driver_nl80211 mechanism for tracking
5727 		 * scan cookies does not yet have support for this. */
5728 		if (active_work->wpa_s == tmp->wpa_s &&
5729 		    radio_work_is_scan(active_work) &&
5730 		    radio_work_is_scan(tmp)) {
5731 			wpa_dbg(active_work->wpa_s, MSG_DEBUG,
5732 				"Do not start work '%s' when another work '%s' is already scheduled",
5733 				tmp->type, active_work->type);
5734 			continue;
5735 		}
5736 		/*
5737 		 * Check that the radio works are distinct and
5738 		 * on different bands.
5739 		 */
5740 		if (os_strcmp(active_work->type, tmp->type) != 0 &&
5741 		    (active_work->bands != tmp->bands)) {
5742 			/*
5743 			 * If a scan has to be scheduled through nl80211 scan
5744 			 * interface and if an external scan is already running,
5745 			 * do not schedule the scan since it is likely to get
5746 			 * rejected by kernel.
5747 			 */
5748 			if (os_strcmp(tmp->type, "scan") == 0 &&
5749 			    radio->external_scan_running &&
5750 			    (((struct wpa_driver_scan_params *)
5751 			      tmp->ctx)->only_new_results ||
5752 			     tmp->wpa_s->clear_driver_scan_cache))
5753 				continue;
5754 
5755 			wpa_dbg(active_work->wpa_s, MSG_DEBUG,
5756 				"active_work:%s new_work:%s",
5757 				active_work->type, tmp->type);
5758 			return tmp;
5759 		}
5760 	}
5761 
5762 	/* Did not find a radio work to schedule in parallel. */
5763 	return NULL;
5764 }
5765 
5766 
radio_start_next_work(void * eloop_ctx,void * timeout_ctx)5767 static void radio_start_next_work(void *eloop_ctx, void *timeout_ctx)
5768 {
5769 	struct wpa_radio *radio = eloop_ctx;
5770 	struct wpa_radio_work *work;
5771 	struct os_reltime now, diff;
5772 	struct wpa_supplicant *wpa_s;
5773 
5774 	work = dl_list_first(&radio->work, struct wpa_radio_work, list);
5775 	if (work == NULL) {
5776 		radio->num_active_works = 0;
5777 		return;
5778 	}
5779 
5780 	wpa_s = dl_list_first(&radio->ifaces, struct wpa_supplicant,
5781 			      radio_list);
5782 
5783 	if (!(wpa_s &&
5784 	      wpa_s->drv_flags & WPA_DRIVER_FLAGS_OFFCHANNEL_SIMULTANEOUS)) {
5785 		if (work->started)
5786 			return; /* already started and still in progress */
5787 
5788 		if (wpa_s && wpa_s->radio->external_scan_running) {
5789 			wpa_printf(MSG_DEBUG, "Delay radio work start until externally triggered scan completes");
5790 			return;
5791 		}
5792 	} else {
5793 		work = NULL;
5794 		if (radio->num_active_works < MAX_ACTIVE_WORKS) {
5795 			/* get the work to schedule next */
5796 			work = radio_work_get_next_work(radio);
5797 		}
5798 		if (!work)
5799 			return;
5800 	}
5801 
5802 	wpa_s = work->wpa_s;
5803 	os_get_reltime(&now);
5804 	os_reltime_sub(&now, &work->time, &diff);
5805 	wpa_dbg(wpa_s, MSG_DEBUG,
5806 		"Starting radio work '%s'@%p after %ld.%06ld second wait",
5807 		work->type, work, diff.sec, diff.usec);
5808 	work->started = 1;
5809 	work->time = now;
5810 	radio->num_active_works++;
5811 
5812 	work->cb(work, 0);
5813 
5814 	if ((wpa_s->drv_flags & WPA_DRIVER_FLAGS_OFFCHANNEL_SIMULTANEOUS) &&
5815 	    radio->num_active_works < MAX_ACTIVE_WORKS)
5816 		radio_work_check_next(wpa_s);
5817 }
5818 
5819 
5820 /*
5821  * This function removes both started and pending radio works running on
5822  * the provided interface's radio.
5823  * Prior to the removal of the radio work, its callback (cb) is called with
5824  * deinit set to be 1. Each work's callback is responsible for clearing its
5825  * internal data and restoring to a correct state.
5826  * @wpa_s: wpa_supplicant data
5827  * @type: type of works to be removed
5828  * @remove_all: 1 to remove all the works on this radio, 0 to remove only
5829  * this interface's works.
5830  */
radio_remove_works(struct wpa_supplicant * wpa_s,const char * type,int remove_all)5831 void radio_remove_works(struct wpa_supplicant *wpa_s,
5832 			const char *type, int remove_all)
5833 {
5834 	struct wpa_radio_work *work, *tmp;
5835 	struct wpa_radio *radio = wpa_s->radio;
5836 
5837 	dl_list_for_each_safe(work, tmp, &radio->work, struct wpa_radio_work,
5838 			      list) {
5839 		if (type && os_strcmp(type, work->type) != 0)
5840 			continue;
5841 
5842 		/* skip other ifaces' works */
5843 		if (!remove_all && work->wpa_s != wpa_s)
5844 			continue;
5845 
5846 		wpa_dbg(wpa_s, MSG_DEBUG, "Remove radio work '%s'@%p%s",
5847 			work->type, work, work->started ? " (started)" : "");
5848 		work->cb(work, 1);
5849 		radio_work_free(work);
5850 	}
5851 
5852 	/* in case we removed the started work */
5853 	radio_work_check_next(wpa_s);
5854 }
5855 
5856 
radio_remove_pending_work(struct wpa_supplicant * wpa_s,void * ctx)5857 void radio_remove_pending_work(struct wpa_supplicant *wpa_s, void *ctx)
5858 {
5859 	struct wpa_radio_work *work;
5860 	struct wpa_radio *radio = wpa_s->radio;
5861 
5862 	dl_list_for_each(work, &radio->work, struct wpa_radio_work, list) {
5863 		if (work->ctx != ctx)
5864 			continue;
5865 		wpa_dbg(wpa_s, MSG_DEBUG, "Free pending radio work '%s'@%p%s",
5866 			work->type, work, work->started ? " (started)" : "");
5867 		radio_work_free(work);
5868 		break;
5869 	}
5870 }
5871 
5872 
radio_remove_interface(struct wpa_supplicant * wpa_s)5873 static void radio_remove_interface(struct wpa_supplicant *wpa_s)
5874 {
5875 	struct wpa_radio *radio = wpa_s->radio;
5876 
5877 	if (!radio)
5878 		return;
5879 
5880 	wpa_printf(MSG_DEBUG, "Remove interface %s from radio %s",
5881 		   wpa_s->ifname, radio->name);
5882 	dl_list_del(&wpa_s->radio_list);
5883 	radio_remove_works(wpa_s, NULL, 0);
5884 	wpa_s->radio = NULL;
5885 	if (!dl_list_empty(&radio->ifaces))
5886 		return; /* Interfaces remain for this radio */
5887 
5888 	wpa_printf(MSG_DEBUG, "Remove radio %s", radio->name);
5889 	eloop_cancel_timeout(radio_start_next_work, radio, NULL);
5890 	os_free(radio);
5891 }
5892 
5893 
radio_work_check_next(struct wpa_supplicant * wpa_s)5894 void radio_work_check_next(struct wpa_supplicant *wpa_s)
5895 {
5896 	struct wpa_radio *radio = wpa_s->radio;
5897 
5898 	if (dl_list_empty(&radio->work))
5899 		return;
5900 	if (wpa_s->ext_work_in_progress) {
5901 		wpa_printf(MSG_DEBUG,
5902 			   "External radio work in progress - delay start of pending item");
5903 		return;
5904 	}
5905 	eloop_cancel_timeout(radio_start_next_work, radio, NULL);
5906 	eloop_register_timeout(0, 0, radio_start_next_work, radio, NULL);
5907 }
5908 
5909 
5910 /**
5911  * radio_add_work - Add a radio work item
5912  * @wpa_s: Pointer to wpa_supplicant data
5913  * @freq: Frequency of the offchannel operation in MHz or 0
5914  * @type: Unique identifier for each type of work
5915  * @next: Force as the next work to be executed
5916  * @cb: Callback function for indicating when radio is available
5917  * @ctx: Context pointer for the work (work->ctx in cb())
5918  * Returns: 0 on success, -1 on failure
5919  *
5920  * This function is used to request time for an operation that requires
5921  * exclusive radio control. Once the radio is available, the registered callback
5922  * function will be called. radio_work_done() must be called once the exclusive
5923  * radio operation has been completed, so that the radio is freed for other
5924  * operations. The special case of deinit=1 is used to free the context data
5925  * during interface removal. That does not allow the callback function to start
5926  * the radio operation, i.e., it must free any resources allocated for the radio
5927  * work and return.
5928  *
5929  * The @freq parameter can be used to indicate a single channel on which the
5930  * offchannel operation will occur. This may allow multiple radio work
5931  * operations to be performed in parallel if they apply for the same channel.
5932  * Setting this to 0 indicates that the work item may use multiple channels or
5933  * requires exclusive control of the radio.
5934  */
radio_add_work(struct wpa_supplicant * wpa_s,unsigned int freq,const char * type,int next,void (* cb)(struct wpa_radio_work * work,int deinit),void * ctx)5935 int radio_add_work(struct wpa_supplicant *wpa_s, unsigned int freq,
5936 		   const char *type, int next,
5937 		   void (*cb)(struct wpa_radio_work *work, int deinit),
5938 		   void *ctx)
5939 {
5940 	struct wpa_radio *radio = wpa_s->radio;
5941 	struct wpa_radio_work *work;
5942 	int was_empty;
5943 
5944 	work = os_zalloc(sizeof(*work));
5945 	if (work == NULL)
5946 		return -1;
5947 	wpa_dbg(wpa_s, MSG_DEBUG, "Add radio work '%s'@%p", type, work);
5948 	os_get_reltime(&work->time);
5949 	work->freq = freq;
5950 	work->type = type;
5951 	work->wpa_s = wpa_s;
5952 	work->cb = cb;
5953 	work->ctx = ctx;
5954 
5955 	if (freq)
5956 		work->bands = wpas_freq_to_band(freq);
5957 	else if (os_strcmp(type, "scan") == 0 ||
5958 		 os_strcmp(type, "p2p-scan") == 0)
5959 		work->bands = wpas_get_bands(wpa_s,
5960 					     ((struct wpa_driver_scan_params *)
5961 					      ctx)->freqs);
5962 	else
5963 		work->bands = wpas_get_bands(wpa_s, NULL);
5964 
5965 	was_empty = dl_list_empty(&wpa_s->radio->work);
5966 	if (next)
5967 		dl_list_add(&wpa_s->radio->work, &work->list);
5968 	else
5969 		dl_list_add_tail(&wpa_s->radio->work, &work->list);
5970 	if (was_empty) {
5971 		wpa_dbg(wpa_s, MSG_DEBUG, "First radio work item in the queue - schedule start immediately");
5972 		radio_work_check_next(wpa_s);
5973 	} else if ((wpa_s->drv_flags & WPA_DRIVER_FLAGS_OFFCHANNEL_SIMULTANEOUS)
5974 		   && radio->num_active_works < MAX_ACTIVE_WORKS) {
5975 		wpa_dbg(wpa_s, MSG_DEBUG,
5976 			"Try to schedule a radio work (num_active_works=%u)",
5977 			radio->num_active_works);
5978 		radio_work_check_next(wpa_s);
5979 	}
5980 
5981 	return 0;
5982 }
5983 
5984 
5985 /**
5986  * radio_work_done - Indicate that a radio work item has been completed
5987  * @work: Completed work
5988  *
5989  * This function is called once the callback function registered with
5990  * radio_add_work() has completed its work.
5991  */
radio_work_done(struct wpa_radio_work * work)5992 void radio_work_done(struct wpa_radio_work *work)
5993 {
5994 	struct wpa_supplicant *wpa_s = work->wpa_s;
5995 	struct os_reltime now, diff;
5996 	unsigned int started = work->started;
5997 
5998 	os_get_reltime(&now);
5999 	os_reltime_sub(&now, &work->time, &diff);
6000 	wpa_dbg(wpa_s, MSG_DEBUG, "Radio work '%s'@%p %s in %ld.%06ld seconds",
6001 		work->type, work, started ? "done" : "canceled",
6002 		diff.sec, diff.usec);
6003 	radio_work_free(work);
6004 	if (started)
6005 		radio_work_check_next(wpa_s);
6006 }
6007 
6008 
6009 struct wpa_radio_work *
radio_work_pending(struct wpa_supplicant * wpa_s,const char * type)6010 radio_work_pending(struct wpa_supplicant *wpa_s, const char *type)
6011 {
6012 	struct wpa_radio_work *work;
6013 	struct wpa_radio *radio = wpa_s->radio;
6014 
6015 	dl_list_for_each(work, &radio->work, struct wpa_radio_work, list) {
6016 		if (work->wpa_s == wpa_s && os_strcmp(work->type, type) == 0)
6017 			return work;
6018 	}
6019 
6020 	return NULL;
6021 }
6022 
6023 
wpas_init_driver(struct wpa_supplicant * wpa_s,const struct wpa_interface * iface)6024 static int wpas_init_driver(struct wpa_supplicant *wpa_s,
6025 			    const struct wpa_interface *iface)
6026 {
6027 	const char *ifname, *driver, *rn;
6028 
6029 	driver = iface->driver;
6030 next_driver:
6031 	if (wpa_supplicant_set_driver(wpa_s, driver) < 0)
6032 		return -1;
6033 
6034 	wpa_s->drv_priv = wpa_drv_init(wpa_s, wpa_s->ifname);
6035 	if (wpa_s->drv_priv == NULL) {
6036 		const char *pos;
6037 		pos = driver ? os_strchr(driver, ',') : NULL;
6038 		if (pos) {
6039 			wpa_dbg(wpa_s, MSG_DEBUG, "Failed to initialize "
6040 				"driver interface - try next driver wrapper");
6041 			driver = pos + 1;
6042 			goto next_driver;
6043 		}
6044 		wpa_msg(wpa_s, MSG_ERROR, "Failed to initialize driver "
6045 			"interface");
6046 		return -1;
6047 	}
6048 	if (wpa_drv_set_param(wpa_s, wpa_s->conf->driver_param) < 0) {
6049 		wpa_msg(wpa_s, MSG_ERROR, "Driver interface rejected "
6050 			"driver_param '%s'", wpa_s->conf->driver_param);
6051 		return -1;
6052 	}
6053 
6054 	ifname = wpa_drv_get_ifname(wpa_s);
6055 	if (ifname && os_strcmp(ifname, wpa_s->ifname) != 0) {
6056 		wpa_dbg(wpa_s, MSG_DEBUG, "Driver interface replaced "
6057 			"interface name with '%s'", ifname);
6058 		os_strlcpy(wpa_s->ifname, ifname, sizeof(wpa_s->ifname));
6059 	}
6060 
6061 	rn = wpa_driver_get_radio_name(wpa_s);
6062 	if (rn && rn[0] == '\0')
6063 		rn = NULL;
6064 
6065 	wpa_s->radio = radio_add_interface(wpa_s, rn);
6066 	if (wpa_s->radio == NULL)
6067 		return -1;
6068 
6069 	return 0;
6070 }
6071 
6072 
6073 #ifdef CONFIG_GAS_SERVER
6074 
wpas_gas_server_tx_status(struct wpa_supplicant * wpa_s,unsigned int freq,const u8 * dst,const u8 * src,const u8 * bssid,const u8 * data,size_t data_len,enum offchannel_send_action_result result)6075 static void wpas_gas_server_tx_status(struct wpa_supplicant *wpa_s,
6076 				      unsigned int freq, const u8 *dst,
6077 				      const u8 *src, const u8 *bssid,
6078 				      const u8 *data, size_t data_len,
6079 				      enum offchannel_send_action_result result)
6080 {
6081 	wpa_printf(MSG_DEBUG, "GAS: TX status: freq=%u dst=" MACSTR
6082 		   " result=%s",
6083 		   freq, MAC2STR(dst),
6084 		   result == OFFCHANNEL_SEND_ACTION_SUCCESS ? "SUCCESS" :
6085 		   (result == OFFCHANNEL_SEND_ACTION_NO_ACK ? "no-ACK" :
6086 		    "FAILED"));
6087 	gas_server_tx_status(wpa_s->gas_server, dst, data, data_len,
6088 			     result == OFFCHANNEL_SEND_ACTION_SUCCESS);
6089 }
6090 
6091 
wpas_gas_server_tx(void * ctx,int freq,const u8 * da,struct wpabuf * buf,unsigned int wait_time)6092 static void wpas_gas_server_tx(void *ctx, int freq, const u8 *da,
6093 			       struct wpabuf *buf, unsigned int wait_time)
6094 {
6095 	struct wpa_supplicant *wpa_s = ctx;
6096 	const u8 broadcast[ETH_ALEN] = { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff };
6097 
6098 	if (wait_time > wpa_s->max_remain_on_chan)
6099 		wait_time = wpa_s->max_remain_on_chan;
6100 
6101 	offchannel_send_action(wpa_s, freq, da, wpa_s->own_addr, broadcast,
6102 			       wpabuf_head(buf), wpabuf_len(buf),
6103 			       wait_time, wpas_gas_server_tx_status, 0);
6104 }
6105 
6106 #endif /* CONFIG_GAS_SERVER */
6107 
wpa_supplicant_init_iface(struct wpa_supplicant * wpa_s,const struct wpa_interface * iface)6108 static int wpa_supplicant_init_iface(struct wpa_supplicant *wpa_s,
6109 				     const struct wpa_interface *iface)
6110 {
6111 	struct wpa_driver_capa capa;
6112 	int capa_res;
6113 	u8 dfs_domain;
6114 
6115 	wpa_printf(MSG_DEBUG, "Initializing interface '%s' conf '%s' driver "
6116 		   "'%s' ctrl_interface '%s' bridge '%s'", iface->ifname,
6117 		   iface->confname ? iface->confname : "N/A",
6118 		   iface->driver ? iface->driver : "default",
6119 		   iface->ctrl_interface ? iface->ctrl_interface : "N/A",
6120 		   iface->bridge_ifname ? iface->bridge_ifname : "N/A");
6121 
6122 	if (iface->confname) {
6123 #ifdef CONFIG_BACKEND_FILE
6124 		wpa_s->confname = os_rel2abs_path(iface->confname);
6125 		if (wpa_s->confname == NULL) {
6126 			wpa_printf(MSG_ERROR, "Failed to get absolute path "
6127 				   "for configuration file '%s'.",
6128 				   iface->confname);
6129 			return -1;
6130 		}
6131 		wpa_printf(MSG_DEBUG, "Configuration file '%s' -> '%s'",
6132 			   iface->confname, wpa_s->confname);
6133 #else /* CONFIG_BACKEND_FILE */
6134 		wpa_s->confname = os_strdup(iface->confname);
6135 #endif /* CONFIG_BACKEND_FILE */
6136 		wpa_s->conf = wpa_config_read(wpa_s->confname, NULL);
6137 		if (wpa_s->conf == NULL) {
6138 			wpa_printf(MSG_ERROR, "Failed to read or parse "
6139 				   "configuration '%s'.", wpa_s->confname);
6140 			return -1;
6141 		}
6142 		wpa_s->confanother = os_rel2abs_path(iface->confanother);
6143 		if (wpa_s->confanother &&
6144 		    !wpa_config_read(wpa_s->confanother, wpa_s->conf)) {
6145 			wpa_printf(MSG_ERROR,
6146 				   "Failed to read or parse configuration '%s'.",
6147 				   wpa_s->confanother);
6148 			return -1;
6149 		}
6150 
6151 		/*
6152 		 * Override ctrl_interface and driver_param if set on command
6153 		 * line.
6154 		 */
6155 		if (iface->ctrl_interface) {
6156 			os_free(wpa_s->conf->ctrl_interface);
6157 			wpa_s->conf->ctrl_interface =
6158 				os_strdup(iface->ctrl_interface);
6159 		}
6160 
6161 		if (iface->driver_param) {
6162 			os_free(wpa_s->conf->driver_param);
6163 			wpa_s->conf->driver_param =
6164 				os_strdup(iface->driver_param);
6165 		}
6166 
6167 		if (iface->p2p_mgmt && !iface->ctrl_interface) {
6168 			os_free(wpa_s->conf->ctrl_interface);
6169 			wpa_s->conf->ctrl_interface = NULL;
6170 		}
6171 	} else
6172 		wpa_s->conf = wpa_config_alloc_empty(iface->ctrl_interface,
6173 						     iface->driver_param);
6174 
6175 	if (wpa_s->conf == NULL) {
6176 		wpa_printf(MSG_ERROR, "\nNo configuration found.");
6177 		return -1;
6178 	}
6179 
6180 	if (iface->ifname == NULL) {
6181 		wpa_printf(MSG_ERROR, "\nInterface name is required.");
6182 		return -1;
6183 	}
6184 	if (os_strlen(iface->ifname) >= sizeof(wpa_s->ifname)) {
6185 		wpa_printf(MSG_ERROR, "\nToo long interface name '%s'.",
6186 			   iface->ifname);
6187 		return -1;
6188 	}
6189 	os_strlcpy(wpa_s->ifname, iface->ifname, sizeof(wpa_s->ifname));
6190 
6191 	if (iface->bridge_ifname) {
6192 		if (os_strlen(iface->bridge_ifname) >=
6193 		    sizeof(wpa_s->bridge_ifname)) {
6194 			wpa_printf(MSG_ERROR, "\nToo long bridge interface "
6195 				   "name '%s'.", iface->bridge_ifname);
6196 			return -1;
6197 		}
6198 		os_strlcpy(wpa_s->bridge_ifname, iface->bridge_ifname,
6199 			   sizeof(wpa_s->bridge_ifname));
6200 	}
6201 
6202 	/* RSNA Supplicant Key Management - INITIALIZE */
6203 	eapol_sm_notify_portEnabled(wpa_s->eapol, false);
6204 	eapol_sm_notify_portValid(wpa_s->eapol, false);
6205 
6206 	/* Initialize driver interface and register driver event handler before
6207 	 * L2 receive handler so that association events are processed before
6208 	 * EAPOL-Key packets if both become available for the same select()
6209 	 * call. */
6210 	if (wpas_init_driver(wpa_s, iface) < 0)
6211 		return -1;
6212 
6213 	if (wpa_supplicant_init_wpa(wpa_s) < 0)
6214 		return -1;
6215 
6216 	wpa_sm_set_ifname(wpa_s->wpa, wpa_s->ifname,
6217 			  wpa_s->bridge_ifname[0] ? wpa_s->bridge_ifname :
6218 			  NULL);
6219 	wpa_sm_set_fast_reauth(wpa_s->wpa, wpa_s->conf->fast_reauth);
6220 
6221 	if (wpa_s->conf->dot11RSNAConfigPMKLifetime &&
6222 	    wpa_sm_set_param(wpa_s->wpa, RSNA_PMK_LIFETIME,
6223 			     wpa_s->conf->dot11RSNAConfigPMKLifetime)) {
6224 		wpa_msg(wpa_s, MSG_ERROR, "Invalid WPA parameter value for "
6225 			"dot11RSNAConfigPMKLifetime");
6226 		return -1;
6227 	}
6228 
6229 	if (wpa_s->conf->dot11RSNAConfigPMKReauthThreshold &&
6230 	    wpa_sm_set_param(wpa_s->wpa, RSNA_PMK_REAUTH_THRESHOLD,
6231 			     wpa_s->conf->dot11RSNAConfigPMKReauthThreshold)) {
6232 		wpa_msg(wpa_s, MSG_ERROR, "Invalid WPA parameter value for "
6233 			"dot11RSNAConfigPMKReauthThreshold");
6234 		return -1;
6235 	}
6236 
6237 	if (wpa_s->conf->dot11RSNAConfigSATimeout &&
6238 	    wpa_sm_set_param(wpa_s->wpa, RSNA_SA_TIMEOUT,
6239 			     wpa_s->conf->dot11RSNAConfigSATimeout)) {
6240 		wpa_msg(wpa_s, MSG_ERROR, "Invalid WPA parameter value for "
6241 			"dot11RSNAConfigSATimeout");
6242 		return -1;
6243 	}
6244 
6245 	wpa_s->hw.modes = wpa_drv_get_hw_feature_data(wpa_s,
6246 						      &wpa_s->hw.num_modes,
6247 						      &wpa_s->hw.flags,
6248 						      &dfs_domain);
6249 	if (wpa_s->hw.modes) {
6250 		u16 i;
6251 
6252 		for (i = 0; i < wpa_s->hw.num_modes; i++) {
6253 			if (wpa_s->hw.modes[i].vht_capab) {
6254 				wpa_s->hw_capab = CAPAB_VHT;
6255 				break;
6256 			}
6257 
6258 			if (wpa_s->hw.modes[i].ht_capab &
6259 			    HT_CAP_INFO_SUPP_CHANNEL_WIDTH_SET)
6260 				wpa_s->hw_capab = CAPAB_HT40;
6261 			else if (wpa_s->hw.modes[i].ht_capab &&
6262 				 wpa_s->hw_capab == CAPAB_NO_HT_VHT)
6263 				wpa_s->hw_capab = CAPAB_HT;
6264 		}
6265 	}
6266 
6267 	capa_res = wpa_drv_get_capa(wpa_s, &capa);
6268 	if (capa_res == 0) {
6269 		wpa_s->drv_capa_known = 1;
6270 		wpa_s->drv_flags = capa.flags;
6271 		wpa_s->drv_flags2 = capa.flags2;
6272 		wpa_s->drv_enc = capa.enc;
6273 		wpa_s->drv_rrm_flags = capa.rrm_flags;
6274 		wpa_s->probe_resp_offloads = capa.probe_resp_offloads;
6275 		wpa_s->max_scan_ssids = capa.max_scan_ssids;
6276 		wpa_s->max_sched_scan_ssids = capa.max_sched_scan_ssids;
6277 		wpa_s->max_sched_scan_plans = capa.max_sched_scan_plans;
6278 		wpa_s->max_sched_scan_plan_interval =
6279 			capa.max_sched_scan_plan_interval;
6280 		wpa_s->max_sched_scan_plan_iterations =
6281 			capa.max_sched_scan_plan_iterations;
6282 		wpa_s->sched_scan_supported = capa.sched_scan_supported;
6283 		wpa_s->max_match_sets = capa.max_match_sets;
6284 		wpa_s->max_remain_on_chan = capa.max_remain_on_chan;
6285 		wpa_s->max_stations = capa.max_stations;
6286 		wpa_s->extended_capa = capa.extended_capa;
6287 		wpa_s->extended_capa_mask = capa.extended_capa_mask;
6288 		wpa_s->extended_capa_len = capa.extended_capa_len;
6289 		wpa_s->num_multichan_concurrent =
6290 			capa.num_multichan_concurrent;
6291 		wpa_s->wmm_ac_supported = capa.wmm_ac_supported;
6292 
6293 		if (capa.mac_addr_rand_scan_supported)
6294 			wpa_s->mac_addr_rand_supported |= MAC_ADDR_RAND_SCAN;
6295 		if (wpa_s->sched_scan_supported &&
6296 		    capa.mac_addr_rand_sched_scan_supported)
6297 			wpa_s->mac_addr_rand_supported |=
6298 				(MAC_ADDR_RAND_SCHED_SCAN | MAC_ADDR_RAND_PNO);
6299 
6300 		wpa_drv_get_ext_capa(wpa_s, WPA_IF_STATION);
6301 		if (wpa_s->extended_capa &&
6302 		    wpa_s->extended_capa_len >= 3 &&
6303 		    wpa_s->extended_capa[2] & 0x40)
6304 			wpa_s->multi_bss_support = 1;
6305 	}
6306 	if (wpa_s->max_remain_on_chan == 0)
6307 		wpa_s->max_remain_on_chan = 1000;
6308 
6309 	/*
6310 	 * Only take p2p_mgmt parameters when P2P Device is supported.
6311 	 * Doing it here as it determines whether l2_packet_init() will be done
6312 	 * during wpa_supplicant_driver_init().
6313 	 */
6314 	if (wpa_s->drv_flags & WPA_DRIVER_FLAGS_DEDICATED_P2P_DEVICE)
6315 		wpa_s->p2p_mgmt = iface->p2p_mgmt;
6316 
6317 	if (wpa_s->num_multichan_concurrent == 0)
6318 		wpa_s->num_multichan_concurrent = 1;
6319 
6320 	if (wpa_supplicant_driver_init(wpa_s) < 0)
6321 		return -1;
6322 
6323 #ifdef CONFIG_TDLS
6324 	if (!iface->p2p_mgmt && wpa_tdls_init(wpa_s->wpa))
6325 		return -1;
6326 #endif /* CONFIG_TDLS */
6327 
6328 	if (wpa_s->conf->country[0] && wpa_s->conf->country[1] &&
6329 	    wpa_drv_set_country(wpa_s, wpa_s->conf->country)) {
6330 		wpa_dbg(wpa_s, MSG_DEBUG, "Failed to set country");
6331 		return -1;
6332 	}
6333 
6334 #ifdef CONFIG_FST
6335 	if (wpa_s->conf->fst_group_id) {
6336 		struct fst_iface_cfg cfg;
6337 		struct fst_wpa_obj iface_obj;
6338 
6339 		fst_wpa_supplicant_fill_iface_obj(wpa_s, &iface_obj);
6340 		os_strlcpy(cfg.group_id, wpa_s->conf->fst_group_id,
6341 			   sizeof(cfg.group_id));
6342 		cfg.priority = wpa_s->conf->fst_priority;
6343 		cfg.llt = wpa_s->conf->fst_llt;
6344 
6345 		wpa_s->fst = fst_attach(wpa_s->ifname, wpa_s->own_addr,
6346 					&iface_obj, &cfg);
6347 		if (!wpa_s->fst) {
6348 			wpa_msg(wpa_s, MSG_ERROR,
6349 				"FST: Cannot attach iface %s to group %s",
6350 				wpa_s->ifname, cfg.group_id);
6351 			return -1;
6352 		}
6353 	}
6354 #endif /* CONFIG_FST */
6355 
6356 	if (wpas_wps_init(wpa_s))
6357 		return -1;
6358 
6359 #ifdef CONFIG_GAS_SERVER
6360 	wpa_s->gas_server = gas_server_init(wpa_s, wpas_gas_server_tx);
6361 	if (!wpa_s->gas_server) {
6362 		wpa_printf(MSG_ERROR, "Failed to initialize GAS server");
6363 		return -1;
6364 	}
6365 #endif /* CONFIG_GAS_SERVER */
6366 
6367 #ifdef CONFIG_DPP
6368 	if (wpas_dpp_init(wpa_s) < 0)
6369 		return -1;
6370 #endif /* CONFIG_DPP */
6371 
6372 	if (wpa_supplicant_init_eapol(wpa_s) < 0)
6373 		return -1;
6374 	wpa_sm_set_eapol(wpa_s->wpa, wpa_s->eapol);
6375 
6376 	wpa_s->ctrl_iface = wpa_supplicant_ctrl_iface_init(wpa_s);
6377 	if (wpa_s->ctrl_iface == NULL) {
6378 		wpa_printf(MSG_ERROR,
6379 			   "Failed to initialize control interface '%s'.\n"
6380 			   "You may have another wpa_supplicant process "
6381 			   "already running or the file was\n"
6382 			   "left by an unclean termination of wpa_supplicant "
6383 			   "in which case you will need\n"
6384 			   "to manually remove this file before starting "
6385 			   "wpa_supplicant again.\n",
6386 			   wpa_s->conf->ctrl_interface);
6387 		return -1;
6388 	}
6389 
6390 	wpa_s->gas = gas_query_init(wpa_s);
6391 	if (wpa_s->gas == NULL) {
6392 		wpa_printf(MSG_ERROR, "Failed to initialize GAS query");
6393 		return -1;
6394 	}
6395 
6396 	if ((!(wpa_s->drv_flags & WPA_DRIVER_FLAGS_DEDICATED_P2P_DEVICE) ||
6397 	     wpa_s->p2p_mgmt) &&
6398 	    wpas_p2p_init(wpa_s->global, wpa_s) < 0) {
6399 		wpa_msg(wpa_s, MSG_ERROR, "Failed to init P2P");
6400 		return -1;
6401 	}
6402 
6403 	if (wpa_bss_init(wpa_s) < 0)
6404 		return -1;
6405 
6406 #ifdef CONFIG_PMKSA_CACHE_EXTERNAL
6407 #ifdef CONFIG_MESH
6408 	dl_list_init(&wpa_s->mesh_external_pmksa_cache);
6409 #endif /* CONFIG_MESH */
6410 #endif /* CONFIG_PMKSA_CACHE_EXTERNAL */
6411 
6412 	/*
6413 	 * Set Wake-on-WLAN triggers, if configured.
6414 	 * Note: We don't restore/remove the triggers on shutdown (it doesn't
6415 	 * have effect anyway when the interface is down).
6416 	 */
6417 	if (capa_res == 0 && wpas_set_wowlan_triggers(wpa_s, &capa) < 0)
6418 		return -1;
6419 
6420 #ifdef CONFIG_EAP_PROXY
6421 {
6422 	size_t len;
6423 	wpa_s->mnc_len = eapol_sm_get_eap_proxy_imsi(wpa_s->eapol, -1,
6424 						     wpa_s->imsi, &len);
6425 	if (wpa_s->mnc_len > 0) {
6426 		wpa_s->imsi[len] = '\0';
6427 		wpa_printf(MSG_DEBUG, "eap_proxy: IMSI %s (MNC length %d)",
6428 			   wpa_s->imsi, wpa_s->mnc_len);
6429 	} else {
6430 		wpa_printf(MSG_DEBUG, "eap_proxy: IMSI not available");
6431 	}
6432 }
6433 #endif /* CONFIG_EAP_PROXY */
6434 
6435 	if (pcsc_reader_init(wpa_s) < 0)
6436 		return -1;
6437 
6438 	if (wpas_init_ext_pw(wpa_s) < 0)
6439 		return -1;
6440 
6441 	wpas_rrm_reset(wpa_s);
6442 
6443 	wpas_sched_scan_plans_set(wpa_s, wpa_s->conf->sched_scan_plans);
6444 
6445 #ifdef CONFIG_HS20
6446 	hs20_init(wpa_s);
6447 #endif /* CONFIG_HS20 */
6448 #ifdef CONFIG_MBO
6449 	if (!wpa_s->disable_mbo_oce && wpa_s->conf->oce) {
6450 		if ((wpa_s->conf->oce & OCE_STA) &&
6451 		    (wpa_s->drv_flags & WPA_DRIVER_FLAGS_OCE_STA))
6452 			wpa_s->enable_oce = OCE_STA;
6453 		if ((wpa_s->conf->oce & OCE_STA_CFON) &&
6454 		    (wpa_s->drv_flags & WPA_DRIVER_FLAGS_OCE_STA_CFON)) {
6455 			/* TODO: Need to add STA-CFON support */
6456 			wpa_printf(MSG_ERROR,
6457 				   "OCE STA-CFON feature is not yet supported");
6458 		}
6459 	}
6460 	wpas_mbo_update_non_pref_chan(wpa_s, wpa_s->conf->non_pref_chan);
6461 #endif /* CONFIG_MBO */
6462 
6463 	wpa_supplicant_set_default_scan_ies(wpa_s);
6464 
6465 	return 0;
6466 }
6467 
6468 
wpa_supplicant_deinit_iface(struct wpa_supplicant * wpa_s,int notify,int terminate)6469 static void wpa_supplicant_deinit_iface(struct wpa_supplicant *wpa_s,
6470 					int notify, int terminate)
6471 {
6472 	struct wpa_global *global = wpa_s->global;
6473 	struct wpa_supplicant *iface, *prev;
6474 
6475 	if (wpa_s == wpa_s->parent)
6476 		wpas_p2p_group_remove(wpa_s, "*");
6477 
6478 	iface = global->ifaces;
6479 	while (iface) {
6480 		if (iface->p2pdev == wpa_s)
6481 			iface->p2pdev = iface->parent;
6482 		if (iface == wpa_s || iface->parent != wpa_s) {
6483 			iface = iface->next;
6484 			continue;
6485 		}
6486 		wpa_printf(MSG_DEBUG,
6487 			   "Remove remaining child interface %s from parent %s",
6488 			   iface->ifname, wpa_s->ifname);
6489 		prev = iface;
6490 		iface = iface->next;
6491 		wpa_supplicant_remove_iface(global, prev, terminate);
6492 	}
6493 
6494 	wpa_s->disconnected = 1;
6495 	if (wpa_s->drv_priv) {
6496 		/*
6497 		 * Don't deauthenticate if WoWLAN is enabled and not explicitly
6498 		 * been configured to disconnect.
6499 		 */
6500 		if (!wpa_drv_get_wowlan(wpa_s) ||
6501 		    wpa_s->conf->wowlan_disconnect_on_deinit) {
6502 			wpa_supplicant_deauthenticate(
6503 				wpa_s, WLAN_REASON_DEAUTH_LEAVING);
6504 
6505 			wpa_drv_set_countermeasures(wpa_s, 0);
6506 			wpa_clear_keys(wpa_s, NULL);
6507 		} else {
6508 			wpa_msg(wpa_s, MSG_INFO,
6509 				"Do not deauthenticate as part of interface deinit since WoWLAN is enabled");
6510 		}
6511 	}
6512 
6513 	wpa_supplicant_cleanup(wpa_s);
6514 	wpas_p2p_deinit_iface(wpa_s);
6515 
6516 	wpas_ctrl_radio_work_flush(wpa_s);
6517 	radio_remove_interface(wpa_s);
6518 
6519 #ifdef CONFIG_FST
6520 	if (wpa_s->fst) {
6521 		fst_detach(wpa_s->fst);
6522 		wpa_s->fst = NULL;
6523 	}
6524 	if (wpa_s->received_mb_ies) {
6525 		wpabuf_free(wpa_s->received_mb_ies);
6526 		wpa_s->received_mb_ies = NULL;
6527 	}
6528 #endif /* CONFIG_FST */
6529 
6530 	if (wpa_s->drv_priv)
6531 		wpa_drv_deinit(wpa_s);
6532 
6533 	if (notify)
6534 		wpas_notify_iface_removed(wpa_s);
6535 
6536 	if (terminate)
6537 		wpa_msg(wpa_s, MSG_INFO, WPA_EVENT_TERMINATING);
6538 
6539 	wpa_supplicant_ctrl_iface_deinit(wpa_s, wpa_s->ctrl_iface);
6540 	wpa_s->ctrl_iface = NULL;
6541 
6542 #ifdef CONFIG_MESH
6543 	if (wpa_s->ifmsh) {
6544 		wpa_supplicant_mesh_iface_deinit(wpa_s, wpa_s->ifmsh);
6545 		wpa_s->ifmsh = NULL;
6546 	}
6547 #endif /* CONFIG_MESH */
6548 
6549 	if (wpa_s->conf != NULL) {
6550 		wpa_config_free(wpa_s->conf);
6551 		wpa_s->conf = NULL;
6552 	}
6553 
6554 	os_free(wpa_s->ssids_from_scan_req);
6555 	os_free(wpa_s->last_scan_freqs);
6556 
6557 	os_free(wpa_s);
6558 }
6559 
6560 
6561 #ifdef CONFIG_MATCH_IFACE
6562 
6563 /**
6564  * wpa_supplicant_match_iface - Match an interface description to a name
6565  * @global: Pointer to global data from wpa_supplicant_init()
6566  * @ifname: Name of the interface to match
6567  * Returns: Pointer to the created interface description or %NULL on failure
6568  */
wpa_supplicant_match_iface(struct wpa_global * global,const char * ifname)6569 struct wpa_interface * wpa_supplicant_match_iface(struct wpa_global *global,
6570 						  const char *ifname)
6571 {
6572 	int i;
6573 	struct wpa_interface *iface, *miface;
6574 
6575 	for (i = 0; i < global->params.match_iface_count; i++) {
6576 		miface = &global->params.match_ifaces[i];
6577 		if (!miface->ifname ||
6578 		    fnmatch(miface->ifname, ifname, 0) == 0) {
6579 			iface = os_zalloc(sizeof(*iface));
6580 			if (!iface)
6581 				return NULL;
6582 			*iface = *miface;
6583 			iface->ifname = ifname;
6584 			return iface;
6585 		}
6586 	}
6587 
6588 	return NULL;
6589 }
6590 
6591 
6592 /**
6593  * wpa_supplicant_match_existing - Match existing interfaces
6594  * @global: Pointer to global data from wpa_supplicant_init()
6595  * Returns: 0 on success, -1 on failure
6596  */
wpa_supplicant_match_existing(struct wpa_global * global)6597 static int wpa_supplicant_match_existing(struct wpa_global *global)
6598 {
6599 	struct if_nameindex *ifi, *ifp;
6600 	struct wpa_supplicant *wpa_s;
6601 	struct wpa_interface *iface;
6602 
6603 	ifp = if_nameindex();
6604 	if (!ifp) {
6605 		wpa_printf(MSG_ERROR, "if_nameindex: %s", strerror(errno));
6606 		return -1;
6607 	}
6608 
6609 	for (ifi = ifp; ifi->if_name; ifi++) {
6610 		wpa_s = wpa_supplicant_get_iface(global, ifi->if_name);
6611 		if (wpa_s)
6612 			continue;
6613 		iface = wpa_supplicant_match_iface(global, ifi->if_name);
6614 		if (iface) {
6615 			wpa_s = wpa_supplicant_add_iface(global, iface, NULL);
6616 			os_free(iface);
6617 			if (wpa_s)
6618 				wpa_s->matched = 1;
6619 		}
6620 	}
6621 
6622 	if_freenameindex(ifp);
6623 	return 0;
6624 }
6625 
6626 #endif /* CONFIG_MATCH_IFACE */
6627 
6628 
6629 /**
6630  * wpa_supplicant_add_iface - Add a new network interface
6631  * @global: Pointer to global data from wpa_supplicant_init()
6632  * @iface: Interface configuration options
6633  * @parent: Parent interface or %NULL to assign new interface as parent
6634  * Returns: Pointer to the created interface or %NULL on failure
6635  *
6636  * This function is used to add new network interfaces for %wpa_supplicant.
6637  * This can be called before wpa_supplicant_run() to add interfaces before the
6638  * main event loop has been started. In addition, new interfaces can be added
6639  * dynamically while %wpa_supplicant is already running. This could happen,
6640  * e.g., when a hotplug network adapter is inserted.
6641  */
wpa_supplicant_add_iface(struct wpa_global * global,struct wpa_interface * iface,struct wpa_supplicant * parent)6642 struct wpa_supplicant * wpa_supplicant_add_iface(struct wpa_global *global,
6643 						 struct wpa_interface *iface,
6644 						 struct wpa_supplicant *parent)
6645 {
6646 	struct wpa_supplicant *wpa_s;
6647 	struct wpa_interface t_iface;
6648 	struct wpa_ssid *ssid;
6649 
6650 	if (global == NULL || iface == NULL)
6651 		return NULL;
6652 
6653 	wpa_s = wpa_supplicant_alloc(parent);
6654 	if (wpa_s == NULL)
6655 		return NULL;
6656 
6657 	wpa_s->global = global;
6658 
6659 	t_iface = *iface;
6660 	if (global->params.override_driver) {
6661 		wpa_printf(MSG_DEBUG, "Override interface parameter: driver "
6662 			   "('%s' -> '%s')",
6663 			   iface->driver, global->params.override_driver);
6664 		t_iface.driver = global->params.override_driver;
6665 	}
6666 	if (global->params.override_ctrl_interface) {
6667 		wpa_printf(MSG_DEBUG, "Override interface parameter: "
6668 			   "ctrl_interface ('%s' -> '%s')",
6669 			   iface->ctrl_interface,
6670 			   global->params.override_ctrl_interface);
6671 		t_iface.ctrl_interface =
6672 			global->params.override_ctrl_interface;
6673 	}
6674 	if (wpa_supplicant_init_iface(wpa_s, &t_iface)) {
6675 		wpa_printf(MSG_DEBUG, "Failed to add interface %s",
6676 			   iface->ifname);
6677 		wpa_supplicant_deinit_iface(wpa_s, 0, 0);
6678 		return NULL;
6679 	}
6680 
6681 	/* Notify the control interfaces about new iface */
6682 	if (wpas_notify_iface_added(wpa_s)) {
6683 		wpa_supplicant_deinit_iface(wpa_s, 1, 0);
6684 		return NULL;
6685 	}
6686 
6687 	/* Notify the control interfaces about new networks for non p2p mgmt
6688 	 * ifaces. */
6689 	if (iface->p2p_mgmt == 0) {
6690 		for (ssid = wpa_s->conf->ssid; ssid; ssid = ssid->next)
6691 			wpas_notify_network_added(wpa_s, ssid);
6692 	}
6693 
6694 	wpa_s->next = global->ifaces;
6695 	global->ifaces = wpa_s;
6696 
6697 	wpa_dbg(wpa_s, MSG_DEBUG, "Added interface %s", wpa_s->ifname);
6698 	wpa_supplicant_set_state(wpa_s, WPA_DISCONNECTED);
6699 
6700 #ifdef CONFIG_P2P
6701 	if (wpa_s->global->p2p == NULL &&
6702 	    !wpa_s->global->p2p_disabled && !wpa_s->conf->p2p_disabled &&
6703 	    (wpa_s->drv_flags & WPA_DRIVER_FLAGS_DEDICATED_P2P_DEVICE) &&
6704 	    wpas_p2p_add_p2pdev_interface(
6705 		    wpa_s, wpa_s->global->params.conf_p2p_dev) < 0) {
6706 		wpa_printf(MSG_INFO,
6707 			   "P2P: Failed to enable P2P Device interface");
6708 		/* Try to continue without. P2P will be disabled. */
6709 	}
6710 #endif /* CONFIG_P2P */
6711 
6712 	return wpa_s;
6713 }
6714 
6715 
6716 /**
6717  * wpa_supplicant_remove_iface - Remove a network interface
6718  * @global: Pointer to global data from wpa_supplicant_init()
6719  * @wpa_s: Pointer to the network interface to be removed
6720  * Returns: 0 if interface was removed, -1 if interface was not found
6721  *
6722  * This function can be used to dynamically remove network interfaces from
6723  * %wpa_supplicant, e.g., when a hotplug network adapter is ejected. In
6724  * addition, this function is used to remove all remaining interfaces when
6725  * %wpa_supplicant is terminated.
6726  */
wpa_supplicant_remove_iface(struct wpa_global * global,struct wpa_supplicant * wpa_s,int terminate)6727 int wpa_supplicant_remove_iface(struct wpa_global *global,
6728 				struct wpa_supplicant *wpa_s,
6729 				int terminate)
6730 {
6731 	struct wpa_supplicant *prev;
6732 #ifdef CONFIG_MESH
6733 	unsigned int mesh_if_created = wpa_s->mesh_if_created;
6734 	char *ifname = NULL;
6735 	struct wpa_supplicant *parent = wpa_s->parent;
6736 #endif /* CONFIG_MESH */
6737 
6738 	/* Remove interface from the global list of interfaces */
6739 	prev = global->ifaces;
6740 	if (prev == wpa_s) {
6741 		global->ifaces = wpa_s->next;
6742 	} else {
6743 		while (prev && prev->next != wpa_s)
6744 			prev = prev->next;
6745 		if (prev == NULL)
6746 			return -1;
6747 		prev->next = wpa_s->next;
6748 	}
6749 
6750 	wpa_dbg(wpa_s, MSG_DEBUG, "Removing interface %s", wpa_s->ifname);
6751 
6752 #ifdef CONFIG_MESH
6753 	if (mesh_if_created) {
6754 		ifname = os_strdup(wpa_s->ifname);
6755 		if (ifname == NULL) {
6756 			wpa_dbg(wpa_s, MSG_ERROR,
6757 				"mesh: Failed to malloc ifname");
6758 			return -1;
6759 		}
6760 	}
6761 #endif /* CONFIG_MESH */
6762 
6763 	if (global->p2p_group_formation == wpa_s)
6764 		global->p2p_group_formation = NULL;
6765 	if (global->p2p_invite_group == wpa_s)
6766 		global->p2p_invite_group = NULL;
6767 	wpa_supplicant_deinit_iface(wpa_s, 1, terminate);
6768 
6769 #ifdef CONFIG_MESH
6770 	if (mesh_if_created) {
6771 		wpa_drv_if_remove(parent, WPA_IF_MESH, ifname);
6772 		os_free(ifname);
6773 	}
6774 #endif /* CONFIG_MESH */
6775 
6776 	return 0;
6777 }
6778 
6779 
6780 /**
6781  * wpa_supplicant_get_eap_mode - Get the current EAP mode
6782  * @wpa_s: Pointer to the network interface
6783  * Returns: Pointer to the eap mode or the string "UNKNOWN" if not found
6784  */
wpa_supplicant_get_eap_mode(struct wpa_supplicant * wpa_s)6785 const char * wpa_supplicant_get_eap_mode(struct wpa_supplicant *wpa_s)
6786 {
6787 	const char *eapol_method;
6788 
6789         if (wpa_key_mgmt_wpa_ieee8021x(wpa_s->key_mgmt) == 0 &&
6790             wpa_s->key_mgmt != WPA_KEY_MGMT_IEEE8021X_NO_WPA) {
6791 		return "NO-EAP";
6792 	}
6793 
6794 	eapol_method = eapol_sm_get_method_name(wpa_s->eapol);
6795 	if (eapol_method == NULL)
6796 		return "UNKNOWN-EAP";
6797 
6798 	return eapol_method;
6799 }
6800 
6801 
6802 /**
6803  * wpa_supplicant_get_iface - Get a new network interface
6804  * @global: Pointer to global data from wpa_supplicant_init()
6805  * @ifname: Interface name
6806  * Returns: Pointer to the interface or %NULL if not found
6807  */
wpa_supplicant_get_iface(struct wpa_global * global,const char * ifname)6808 struct wpa_supplicant * wpa_supplicant_get_iface(struct wpa_global *global,
6809 						 const char *ifname)
6810 {
6811 	struct wpa_supplicant *wpa_s;
6812 
6813 	for (wpa_s = global->ifaces; wpa_s; wpa_s = wpa_s->next) {
6814 		if (os_strcmp(wpa_s->ifname, ifname) == 0)
6815 			return wpa_s;
6816 	}
6817 	return NULL;
6818 }
6819 
6820 
6821 #ifndef CONFIG_NO_WPA_MSG
wpa_supplicant_msg_ifname_cb(void * ctx)6822 static const char * wpa_supplicant_msg_ifname_cb(void *ctx)
6823 {
6824 	struct wpa_supplicant *wpa_s = ctx;
6825 	if (wpa_s == NULL)
6826 		return NULL;
6827 	return wpa_s->ifname;
6828 }
6829 #endif /* CONFIG_NO_WPA_MSG */
6830 
6831 
6832 #ifndef WPA_SUPPLICANT_CLEANUP_INTERVAL
6833 #define WPA_SUPPLICANT_CLEANUP_INTERVAL 10
6834 #endif /* WPA_SUPPLICANT_CLEANUP_INTERVAL */
6835 
6836 /* Periodic cleanup tasks */
wpas_periodic(void * eloop_ctx,void * timeout_ctx)6837 static void wpas_periodic(void *eloop_ctx, void *timeout_ctx)
6838 {
6839 	struct wpa_global *global = eloop_ctx;
6840 	struct wpa_supplicant *wpa_s;
6841 
6842 	eloop_register_timeout(WPA_SUPPLICANT_CLEANUP_INTERVAL, 0,
6843 			       wpas_periodic, global, NULL);
6844 
6845 #ifdef CONFIG_P2P
6846 	if (global->p2p)
6847 		p2p_expire_peers(global->p2p);
6848 #endif /* CONFIG_P2P */
6849 
6850 	for (wpa_s = global->ifaces; wpa_s; wpa_s = wpa_s->next) {
6851 		wpa_bss_flush_by_age(wpa_s, wpa_s->conf->bss_expiration_age);
6852 #ifdef CONFIG_AP
6853 		ap_periodic(wpa_s);
6854 #endif /* CONFIG_AP */
6855 	}
6856 }
6857 
6858 
6859 /**
6860  * wpa_supplicant_init - Initialize %wpa_supplicant
6861  * @params: Parameters for %wpa_supplicant
6862  * Returns: Pointer to global %wpa_supplicant data, or %NULL on failure
6863  *
6864  * This function is used to initialize %wpa_supplicant. After successful
6865  * initialization, the returned data pointer can be used to add and remove
6866  * network interfaces, and eventually, to deinitialize %wpa_supplicant.
6867  */
wpa_supplicant_init(struct wpa_params * params)6868 struct wpa_global * wpa_supplicant_init(struct wpa_params *params)
6869 {
6870 	struct wpa_global *global;
6871 	int ret, i;
6872 
6873 	if (params == NULL)
6874 		return NULL;
6875 
6876 #ifdef CONFIG_DRIVER_NDIS
6877 	{
6878 		void driver_ndis_init_ops(void);
6879 		driver_ndis_init_ops();
6880 	}
6881 #endif /* CONFIG_DRIVER_NDIS */
6882 
6883 #ifndef CONFIG_NO_WPA_MSG
6884 	wpa_msg_register_ifname_cb(wpa_supplicant_msg_ifname_cb);
6885 #endif /* CONFIG_NO_WPA_MSG */
6886 
6887 	if (params->wpa_debug_file_path)
6888 		wpa_debug_open_file(params->wpa_debug_file_path);
6889 	if (!params->wpa_debug_file_path && !params->wpa_debug_syslog)
6890 		wpa_debug_setup_stdout();
6891 	if (params->wpa_debug_syslog)
6892 		wpa_debug_open_syslog();
6893 	if (params->wpa_debug_tracing) {
6894 		ret = wpa_debug_open_linux_tracing();
6895 		if (ret) {
6896 			wpa_printf(MSG_ERROR,
6897 				   "Failed to enable trace logging");
6898 			return NULL;
6899 		}
6900 	}
6901 
6902 	ret = eap_register_methods();
6903 	if (ret) {
6904 		wpa_printf(MSG_ERROR, "Failed to register EAP methods");
6905 		if (ret == -2)
6906 			wpa_printf(MSG_ERROR, "Two or more EAP methods used "
6907 				   "the same EAP type.");
6908 		return NULL;
6909 	}
6910 
6911 	global = os_zalloc(sizeof(*global));
6912 	if (global == NULL)
6913 		return NULL;
6914 	dl_list_init(&global->p2p_srv_bonjour);
6915 	dl_list_init(&global->p2p_srv_upnp);
6916 	global->params.daemonize = params->daemonize;
6917 	global->params.wait_for_monitor = params->wait_for_monitor;
6918 	global->params.dbus_ctrl_interface = params->dbus_ctrl_interface;
6919 	if (params->pid_file)
6920 		global->params.pid_file = os_strdup(params->pid_file);
6921 	if (params->ctrl_interface)
6922 		global->params.ctrl_interface =
6923 			os_strdup(params->ctrl_interface);
6924 	if (params->ctrl_interface_group)
6925 		global->params.ctrl_interface_group =
6926 			os_strdup(params->ctrl_interface_group);
6927 	if (params->override_driver)
6928 		global->params.override_driver =
6929 			os_strdup(params->override_driver);
6930 	if (params->override_ctrl_interface)
6931 		global->params.override_ctrl_interface =
6932 			os_strdup(params->override_ctrl_interface);
6933 #ifdef CONFIG_MATCH_IFACE
6934 	global->params.match_iface_count = params->match_iface_count;
6935 	if (params->match_iface_count) {
6936 		global->params.match_ifaces =
6937 			os_calloc(params->match_iface_count,
6938 				  sizeof(struct wpa_interface));
6939 		os_memcpy(global->params.match_ifaces,
6940 			  params->match_ifaces,
6941 			  params->match_iface_count *
6942 			  sizeof(struct wpa_interface));
6943 	}
6944 #endif /* CONFIG_MATCH_IFACE */
6945 #ifdef CONFIG_P2P
6946 	if (params->conf_p2p_dev)
6947 		global->params.conf_p2p_dev =
6948 			os_strdup(params->conf_p2p_dev);
6949 #endif /* CONFIG_P2P */
6950 	wpa_debug_level = global->params.wpa_debug_level =
6951 		params->wpa_debug_level;
6952 	wpa_debug_show_keys = global->params.wpa_debug_show_keys =
6953 		params->wpa_debug_show_keys;
6954 	wpa_debug_timestamp = global->params.wpa_debug_timestamp =
6955 		params->wpa_debug_timestamp;
6956 
6957 	wpa_printf(MSG_DEBUG, "wpa_supplicant v%s", VERSION_STR);
6958 
6959 	if (eloop_init()) {
6960 		wpa_printf(MSG_ERROR, "Failed to initialize event loop");
6961 		wpa_supplicant_deinit(global);
6962 		return NULL;
6963 	}
6964 
6965 	random_init(params->entropy_file);
6966 
6967 	global->ctrl_iface = wpa_supplicant_global_ctrl_iface_init(global);
6968 	if (global->ctrl_iface == NULL) {
6969 		wpa_supplicant_deinit(global);
6970 		return NULL;
6971 	}
6972 
6973 	if (wpas_notify_supplicant_initialized(global)) {
6974 		wpa_supplicant_deinit(global);
6975 		return NULL;
6976 	}
6977 
6978 	for (i = 0; wpa_drivers[i]; i++)
6979 		global->drv_count++;
6980 	if (global->drv_count == 0) {
6981 		wpa_printf(MSG_ERROR, "No drivers enabled");
6982 		wpa_supplicant_deinit(global);
6983 		return NULL;
6984 	}
6985 	global->drv_priv = os_calloc(global->drv_count, sizeof(void *));
6986 	if (global->drv_priv == NULL) {
6987 		wpa_supplicant_deinit(global);
6988 		return NULL;
6989 	}
6990 
6991 #ifdef CONFIG_WIFI_DISPLAY
6992 	if (wifi_display_init(global) < 0) {
6993 		wpa_printf(MSG_ERROR, "Failed to initialize Wi-Fi Display");
6994 		wpa_supplicant_deinit(global);
6995 		return NULL;
6996 	}
6997 #endif /* CONFIG_WIFI_DISPLAY */
6998 
6999 	eloop_register_timeout(WPA_SUPPLICANT_CLEANUP_INTERVAL, 0,
7000 			       wpas_periodic, global, NULL);
7001 
7002 	return global;
7003 }
7004 
7005 
7006 /**
7007  * wpa_supplicant_run - Run the %wpa_supplicant main event loop
7008  * @global: Pointer to global data from wpa_supplicant_init()
7009  * Returns: 0 after successful event loop run, -1 on failure
7010  *
7011  * This function starts the main event loop and continues running as long as
7012  * there are any remaining events. In most cases, this function is running as
7013  * long as the %wpa_supplicant process in still in use.
7014  */
wpa_supplicant_run(struct wpa_global * global)7015 int wpa_supplicant_run(struct wpa_global *global)
7016 {
7017 	struct wpa_supplicant *wpa_s;
7018 
7019 	if (global->params.daemonize &&
7020 	    (wpa_supplicant_daemon(global->params.pid_file) ||
7021 	     eloop_sock_requeue()))
7022 		return -1;
7023 
7024 #ifdef CONFIG_MATCH_IFACE
7025 	if (wpa_supplicant_match_existing(global))
7026 		return -1;
7027 #endif
7028 
7029 	if (global->params.wait_for_monitor) {
7030 		for (wpa_s = global->ifaces; wpa_s; wpa_s = wpa_s->next)
7031 			if (wpa_s->ctrl_iface && !wpa_s->p2p_mgmt)
7032 				wpa_supplicant_ctrl_iface_wait(
7033 					wpa_s->ctrl_iface);
7034 	}
7035 
7036 	eloop_register_signal_terminate(wpa_supplicant_terminate, global);
7037 	eloop_register_signal_reconfig(wpa_supplicant_reconfig, global);
7038 
7039 	eloop_run();
7040 
7041 	return 0;
7042 }
7043 
7044 
7045 /**
7046  * wpa_supplicant_deinit - Deinitialize %wpa_supplicant
7047  * @global: Pointer to global data from wpa_supplicant_init()
7048  *
7049  * This function is called to deinitialize %wpa_supplicant and to free all
7050  * allocated resources. Remaining network interfaces will also be removed.
7051  */
wpa_supplicant_deinit(struct wpa_global * global)7052 void wpa_supplicant_deinit(struct wpa_global *global)
7053 {
7054 	int i;
7055 
7056 	if (global == NULL)
7057 		return;
7058 
7059 	eloop_cancel_timeout(wpas_periodic, global, NULL);
7060 
7061 #ifdef CONFIG_WIFI_DISPLAY
7062 	wifi_display_deinit(global);
7063 #endif /* CONFIG_WIFI_DISPLAY */
7064 
7065 	while (global->ifaces)
7066 		wpa_supplicant_remove_iface(global, global->ifaces, 1);
7067 
7068 	if (global->ctrl_iface)
7069 		wpa_supplicant_global_ctrl_iface_deinit(global->ctrl_iface);
7070 
7071 	wpas_notify_supplicant_deinitialized(global);
7072 
7073 	eap_peer_unregister_methods();
7074 #ifdef CONFIG_AP
7075 	eap_server_unregister_methods();
7076 #endif /* CONFIG_AP */
7077 
7078 	for (i = 0; wpa_drivers[i] && global->drv_priv; i++) {
7079 		if (!global->drv_priv[i])
7080 			continue;
7081 		wpa_drivers[i]->global_deinit(global->drv_priv[i]);
7082 	}
7083 	os_free(global->drv_priv);
7084 
7085 	random_deinit();
7086 
7087 	eloop_destroy();
7088 
7089 	if (global->params.pid_file) {
7090 		os_daemonize_terminate(global->params.pid_file);
7091 		os_free(global->params.pid_file);
7092 	}
7093 	os_free(global->params.ctrl_interface);
7094 	os_free(global->params.ctrl_interface_group);
7095 	os_free(global->params.override_driver);
7096 	os_free(global->params.override_ctrl_interface);
7097 #ifdef CONFIG_MATCH_IFACE
7098 	os_free(global->params.match_ifaces);
7099 #endif /* CONFIG_MATCH_IFACE */
7100 #ifdef CONFIG_P2P
7101 	os_free(global->params.conf_p2p_dev);
7102 #endif /* CONFIG_P2P */
7103 
7104 	os_free(global->p2p_disallow_freq.range);
7105 	os_free(global->p2p_go_avoid_freq.range);
7106 	os_free(global->add_psk);
7107 
7108 	os_free(global);
7109 	wpa_debug_close_syslog();
7110 	wpa_debug_close_file();
7111 	wpa_debug_close_linux_tracing();
7112 }
7113 
7114 
wpa_supplicant_update_config(struct wpa_supplicant * wpa_s)7115 void wpa_supplicant_update_config(struct wpa_supplicant *wpa_s)
7116 {
7117 	if ((wpa_s->conf->changed_parameters & CFG_CHANGED_COUNTRY) &&
7118 	    wpa_s->conf->country[0] && wpa_s->conf->country[1]) {
7119 		char country[3];
7120 		country[0] = wpa_s->conf->country[0];
7121 		country[1] = wpa_s->conf->country[1];
7122 		country[2] = '\0';
7123 		if (wpa_drv_set_country(wpa_s, country) < 0) {
7124 			wpa_printf(MSG_ERROR, "Failed to set country code "
7125 				   "'%s'", country);
7126 		}
7127 	}
7128 
7129 	if (wpa_s->conf->changed_parameters & CFG_CHANGED_EXT_PW_BACKEND)
7130 		wpas_init_ext_pw(wpa_s);
7131 
7132 	if (wpa_s->conf->changed_parameters & CFG_CHANGED_SCHED_SCAN_PLANS)
7133 		wpas_sched_scan_plans_set(wpa_s, wpa_s->conf->sched_scan_plans);
7134 
7135 	if (wpa_s->conf->changed_parameters & CFG_CHANGED_WOWLAN_TRIGGERS) {
7136 		struct wpa_driver_capa capa;
7137 		int res = wpa_drv_get_capa(wpa_s, &capa);
7138 
7139 		if (res == 0 && wpas_set_wowlan_triggers(wpa_s, &capa) < 0)
7140 			wpa_printf(MSG_ERROR,
7141 				   "Failed to update wowlan_triggers to '%s'",
7142 				   wpa_s->conf->wowlan_triggers);
7143 	}
7144 
7145 	if (wpa_s->conf->changed_parameters & CFG_CHANGED_DISABLE_BTM)
7146 		wpa_supplicant_set_default_scan_ies(wpa_s);
7147 
7148 #ifdef CONFIG_WPS
7149 	wpas_wps_update_config(wpa_s);
7150 #endif /* CONFIG_WPS */
7151 	wpas_p2p_update_config(wpa_s);
7152 	wpa_s->conf->changed_parameters = 0;
7153 }
7154 
7155 
add_freq(int * freqs,int * num_freqs,int freq)7156 void add_freq(int *freqs, int *num_freqs, int freq)
7157 {
7158 	int i;
7159 
7160 	for (i = 0; i < *num_freqs; i++) {
7161 		if (freqs[i] == freq)
7162 			return;
7163 	}
7164 
7165 	freqs[*num_freqs] = freq;
7166 	(*num_freqs)++;
7167 }
7168 
7169 
get_bss_freqs_in_ess(struct wpa_supplicant * wpa_s)7170 static int * get_bss_freqs_in_ess(struct wpa_supplicant *wpa_s)
7171 {
7172 	struct wpa_bss *bss, *cbss;
7173 	const int max_freqs = 10;
7174 	int *freqs;
7175 	int num_freqs = 0;
7176 
7177 	freqs = os_calloc(max_freqs + 1, sizeof(int));
7178 	if (freqs == NULL)
7179 		return NULL;
7180 
7181 	cbss = wpa_s->current_bss;
7182 
7183 	dl_list_for_each(bss, &wpa_s->bss, struct wpa_bss, list) {
7184 		if (bss == cbss)
7185 			continue;
7186 		if (bss->ssid_len == cbss->ssid_len &&
7187 		    os_memcmp(bss->ssid, cbss->ssid, bss->ssid_len) == 0 &&
7188 		    wpa_blacklist_get(wpa_s, bss->bssid) == NULL) {
7189 			add_freq(freqs, &num_freqs, bss->freq);
7190 			if (num_freqs == max_freqs)
7191 				break;
7192 		}
7193 	}
7194 
7195 	if (num_freqs == 0) {
7196 		os_free(freqs);
7197 		freqs = NULL;
7198 	}
7199 
7200 	return freqs;
7201 }
7202 
7203 
wpas_connection_failed(struct wpa_supplicant * wpa_s,const u8 * bssid)7204 void wpas_connection_failed(struct wpa_supplicant *wpa_s, const u8 *bssid)
7205 {
7206 	int timeout;
7207 	int count;
7208 	int *freqs = NULL;
7209 
7210 	wpas_connect_work_done(wpa_s);
7211 
7212 	/*
7213 	 * Remove possible authentication timeout since the connection failed.
7214 	 */
7215 	eloop_cancel_timeout(wpa_supplicant_timeout, wpa_s, NULL);
7216 
7217 	/*
7218 	 * There is no point in blacklisting the AP if this event is
7219 	 * generated based on local request to disconnect.
7220 	 */
7221 	if (wpa_s->own_disconnect_req || wpa_s->own_reconnect_req) {
7222 		wpa_s->own_disconnect_req = 0;
7223 		wpa_dbg(wpa_s, MSG_DEBUG,
7224 			"Ignore connection failure due to local request to disconnect");
7225 		return;
7226 	}
7227 	if (wpa_s->disconnected) {
7228 		wpa_dbg(wpa_s, MSG_DEBUG, "Ignore connection failure "
7229 			"indication since interface has been put into "
7230 			"disconnected state");
7231 		return;
7232 	}
7233 	if (wpa_s->auto_reconnect_disabled) {
7234 		wpa_dbg(wpa_s, MSG_DEBUG, "Ignore connection failure "
7235 			"indication since auto connect is disabled");
7236 		return;
7237 	}
7238 
7239 	/*
7240 	 * Add the failed BSSID into the blacklist and speed up next scan
7241 	 * attempt if there could be other APs that could accept association.
7242 	 * The current blacklist count indicates how many times we have tried
7243 	 * connecting to this AP and multiple attempts mean that other APs are
7244 	 * either not available or has already been tried, so that we can start
7245 	 * increasing the delay here to avoid constant scanning.
7246 	 */
7247 	count = wpa_blacklist_add(wpa_s, bssid);
7248 	if (count == 1 && wpa_s->current_bss) {
7249 		/*
7250 		 * This BSS was not in the blacklist before. If there is
7251 		 * another BSS available for the same ESS, we should try that
7252 		 * next. Otherwise, we may as well try this one once more
7253 		 * before allowing other, likely worse, ESSes to be considered.
7254 		 */
7255 		freqs = get_bss_freqs_in_ess(wpa_s);
7256 		if (freqs) {
7257 			wpa_dbg(wpa_s, MSG_DEBUG, "Another BSS in this ESS "
7258 				"has been seen; try it next");
7259 			wpa_blacklist_add(wpa_s, bssid);
7260 			/*
7261 			 * On the next scan, go through only the known channels
7262 			 * used in this ESS based on previous scans to speed up
7263 			 * common load balancing use case.
7264 			 */
7265 			os_free(wpa_s->next_scan_freqs);
7266 			wpa_s->next_scan_freqs = freqs;
7267 		}
7268 	}
7269 
7270 	/*
7271 	 * Add previous failure count in case the temporary blacklist was
7272 	 * cleared due to no other BSSes being available.
7273 	 */
7274 	count += wpa_s->extra_blacklist_count;
7275 
7276 	if (count > 3 && wpa_s->current_ssid) {
7277 		wpa_printf(MSG_DEBUG, "Continuous association failures - "
7278 			   "consider temporary network disabling");
7279 		wpas_auth_failed(wpa_s, "CONN_FAILED");
7280 	}
7281 
7282 	switch (count) {
7283 	case 1:
7284 		timeout = 100;
7285 		break;
7286 	case 2:
7287 		timeout = 500;
7288 		break;
7289 	case 3:
7290 		timeout = 1000;
7291 		break;
7292 	case 4:
7293 		timeout = 5000;
7294 		break;
7295 	default:
7296 		timeout = 10000;
7297 		break;
7298 	}
7299 
7300 	wpa_dbg(wpa_s, MSG_DEBUG, "Blacklist count %d --> request scan in %d "
7301 		"ms", count, timeout);
7302 
7303 	/*
7304 	 * TODO: if more than one possible AP is available in scan results,
7305 	 * could try the other ones before requesting a new scan.
7306 	 */
7307 
7308 	/* speed up the connection attempt with normal scan */
7309 	wpa_s->normal_scans = 0;
7310 	wpa_supplicant_req_scan(wpa_s, timeout / 1000,
7311 				1000 * (timeout % 1000));
7312 }
7313 
7314 
7315 #ifdef CONFIG_FILS
fils_connection_failure(struct wpa_supplicant * wpa_s)7316 void fils_connection_failure(struct wpa_supplicant *wpa_s)
7317 {
7318 	struct wpa_ssid *ssid = wpa_s->current_ssid;
7319 	const u8 *realm, *username, *rrk;
7320 	size_t realm_len, username_len, rrk_len;
7321 	u16 next_seq_num;
7322 
7323 	if (!ssid || !ssid->eap.erp || !wpa_key_mgmt_fils(ssid->key_mgmt) ||
7324 	    eapol_sm_get_erp_info(wpa_s->eapol, &ssid->eap,
7325 				  &username, &username_len,
7326 				  &realm, &realm_len, &next_seq_num,
7327 				  &rrk, &rrk_len) != 0 ||
7328 	    !realm)
7329 		return;
7330 
7331 	wpa_hexdump_ascii(MSG_DEBUG,
7332 			  "FILS: Store last connection failure realm",
7333 			  realm, realm_len);
7334 	os_free(wpa_s->last_con_fail_realm);
7335 	wpa_s->last_con_fail_realm = os_malloc(realm_len);
7336 	if (wpa_s->last_con_fail_realm) {
7337 		wpa_s->last_con_fail_realm_len = realm_len;
7338 		os_memcpy(wpa_s->last_con_fail_realm, realm, realm_len);
7339 	}
7340 }
7341 #endif /* CONFIG_FILS */
7342 
7343 
wpas_driver_bss_selection(struct wpa_supplicant * wpa_s)7344 int wpas_driver_bss_selection(struct wpa_supplicant *wpa_s)
7345 {
7346 	return wpa_s->conf->ap_scan == 2 ||
7347 		(wpa_s->drv_flags & WPA_DRIVER_FLAGS_BSS_SELECTION);
7348 }
7349 
7350 
7351 #if defined(CONFIG_CTRL_IFACE) || defined(CONFIG_CTRL_IFACE_DBUS_NEW) || defined (CONFIG_CTRL_IFACE_HIDL)
wpa_supplicant_ctrl_iface_ctrl_rsp_handle(struct wpa_supplicant * wpa_s,struct wpa_ssid * ssid,const char * field,const char * value)7352 int wpa_supplicant_ctrl_iface_ctrl_rsp_handle(struct wpa_supplicant *wpa_s,
7353 					      struct wpa_ssid *ssid,
7354 					      const char *field,
7355 					      const char *value)
7356 {
7357 #ifdef IEEE8021X_EAPOL
7358 	enum wpa_ctrl_req_type rtype;
7359 
7360 	wpa_printf(MSG_DEBUG, "CTRL_IFACE: response handle field=%s", field);
7361 	wpa_hexdump_ascii_key(MSG_DEBUG, "CTRL_IFACE: response value",
7362 			      (const u8 *) value, os_strlen(value));
7363 
7364 	rtype = wpa_supplicant_ctrl_req_from_string(field);
7365 	return wpa_supplicant_ctrl_rsp_handle(wpa_s, ssid, rtype, value, strlen(value));
7366 #else /* IEEE8021X_EAPOL */
7367 	wpa_printf(MSG_DEBUG, "CTRL_IFACE: IEEE 802.1X not included");
7368 	return -1;
7369 #endif /* IEEE8021X_EAPOL */
7370 }
7371 
wpa_supplicant_ctrl_rsp_handle(struct wpa_supplicant * wpa_s,struct wpa_ssid * ssid,enum wpa_ctrl_req_type rtype,const char * value,int value_len)7372 int wpa_supplicant_ctrl_rsp_handle(struct wpa_supplicant *wpa_s,
7373 				   struct wpa_ssid *ssid,
7374 				   enum wpa_ctrl_req_type rtype,
7375 				   const char *value, int value_len)
7376 {
7377 #ifdef IEEE8021X_EAPOL
7378 	struct eap_peer_config *eap = &ssid->eap;
7379 	char *identity, *imsi_identity;
7380 
7381 	switch (rtype) {
7382 	case WPA_CTRL_REQ_EAP_IDENTITY:
7383 		os_free(eap->identity);
7384 		os_free(eap->imsi_identity);
7385 		if (value == NULL)
7386 			return -1;
7387 		identity = os_strchr(value, ':');
7388 		if (identity == NULL) {
7389 			/* plain identity */
7390 			eap->identity = (u8 *)os_strdup(value);
7391 			eap->identity_len = os_strlen(value);
7392 		} else {
7393 			/* have both plain identity and encrypted identity */
7394 			imsi_identity = value;
7395 			*identity++ = '\0';
7396 			/* plain identity */
7397 			eap->imsi_identity = (u8 *)dup_binstr(imsi_identity, strlen(imsi_identity));
7398 			eap->imsi_identity_len = strlen(imsi_identity);
7399 			/* encrypted identity */
7400 			eap->identity = (u8 *)dup_binstr(identity,
7401 							 value_len - strlen(imsi_identity) - 1);
7402 			eap->identity_len = value_len - strlen(imsi_identity) - 1;
7403 		}
7404 		eap->pending_req_identity = 0;
7405 		if (ssid == wpa_s->current_ssid)
7406 			wpa_s->reassociate = 1;
7407 		break;
7408 	case WPA_CTRL_REQ_EAP_PASSWORD:
7409 		bin_clear_free(eap->password, eap->password_len);
7410 		eap->password = (u8 *) os_strdup(value);
7411 		eap->password_len = value_len;
7412 		eap->pending_req_password = 0;
7413 		if (ssid == wpa_s->current_ssid)
7414 			wpa_s->reassociate = 1;
7415 		break;
7416 	case WPA_CTRL_REQ_EAP_NEW_PASSWORD:
7417 		bin_clear_free(eap->new_password, eap->new_password_len);
7418 		eap->new_password = (u8 *) os_strdup(value);
7419 		eap->new_password_len = value_len;
7420 		eap->pending_req_new_password = 0;
7421 		if (ssid == wpa_s->current_ssid)
7422 			wpa_s->reassociate = 1;
7423 		break;
7424 	case WPA_CTRL_REQ_EAP_PIN:
7425 		str_clear_free(eap->cert.pin);
7426 		eap->cert.pin = os_strdup(value);
7427 		eap->pending_req_pin = 0;
7428 		if (ssid == wpa_s->current_ssid)
7429 			wpa_s->reassociate = 1;
7430 		break;
7431 	case WPA_CTRL_REQ_EAP_OTP:
7432 		bin_clear_free(eap->otp, eap->otp_len);
7433 		eap->otp = (u8 *) os_strdup(value);
7434 		eap->otp_len = value_len;
7435 		os_free(eap->pending_req_otp);
7436 		eap->pending_req_otp = NULL;
7437 		eap->pending_req_otp_len = 0;
7438 		break;
7439 	case WPA_CTRL_REQ_EAP_PASSPHRASE:
7440 		str_clear_free(eap->cert.private_key_passwd);
7441 		eap->cert.private_key_passwd = os_strdup(value);
7442 		eap->pending_req_passphrase = 0;
7443 		if (ssid == wpa_s->current_ssid)
7444 			wpa_s->reassociate = 1;
7445 		break;
7446 	case WPA_CTRL_REQ_SIM:
7447 		str_clear_free(eap->external_sim_resp);
7448 		eap->external_sim_resp = os_strdup(value);
7449 		eap->pending_req_sim = 0;
7450 		break;
7451 	case WPA_CTRL_REQ_PSK_PASSPHRASE:
7452 		if (wpa_config_set(ssid, "psk", value, 0) < 0)
7453 			return -1;
7454 		ssid->mem_only_psk = 1;
7455 		if (ssid->passphrase)
7456 			wpa_config_update_psk(ssid);
7457 		if (wpa_s->wpa_state == WPA_SCANNING && !wpa_s->scanning)
7458 			wpa_supplicant_req_scan(wpa_s, 0, 0);
7459 		break;
7460 	case WPA_CTRL_REQ_EXT_CERT_CHECK:
7461 		if (eap->pending_ext_cert_check != PENDING_CHECK)
7462 			return -1;
7463 		if (os_strcmp(value, "good") == 0)
7464 			eap->pending_ext_cert_check = EXT_CERT_CHECK_GOOD;
7465 		else if (os_strcmp(value, "bad") == 0)
7466 			eap->pending_ext_cert_check = EXT_CERT_CHECK_BAD;
7467 		else
7468 			return -1;
7469 		break;
7470 	default:
7471 		wpa_printf(MSG_DEBUG, "CTRL_IFACE: Unknown type %d", rtype);
7472 		return -1;
7473 	}
7474 
7475 	return 0;
7476 #else /* IEEE8021X_EAPOL */
7477 	wpa_printf(MSG_DEBUG, "CTRL_IFACE: IEEE 802.1X not included");
7478 	return -1;
7479 #endif /* IEEE8021X_EAPOL */
7480 }
7481 #endif /* CONFIG_CTRL_IFACE || CONFIG_CTRL_IFACE_DBUS_NEW || CONFIG_CTRL_IFACE_HIDL */
7482 
7483 
wpas_network_disabled(struct wpa_supplicant * wpa_s,struct wpa_ssid * ssid)7484 int wpas_network_disabled(struct wpa_supplicant *wpa_s, struct wpa_ssid *ssid)
7485 {
7486 #ifdef CONFIG_WEP
7487 	int i;
7488 	unsigned int drv_enc;
7489 #endif /* CONFIG_WEP */
7490 
7491 	if (wpa_s->p2p_mgmt)
7492 		return 1; /* no normal network profiles on p2p_mgmt interface */
7493 
7494 	if (ssid == NULL)
7495 		return 1;
7496 
7497 	if (ssid->disabled)
7498 		return 1;
7499 
7500 #ifdef CONFIG_WEP
7501 	if (wpa_s->drv_capa_known)
7502 		drv_enc = wpa_s->drv_enc;
7503 	else
7504 		drv_enc = (unsigned int) -1;
7505 
7506 	for (i = 0; i < NUM_WEP_KEYS; i++) {
7507 		size_t len = ssid->wep_key_len[i];
7508 		if (len == 0)
7509 			continue;
7510 		if (len == 5 && (drv_enc & WPA_DRIVER_CAPA_ENC_WEP40))
7511 			continue;
7512 		if (len == 13 && (drv_enc & WPA_DRIVER_CAPA_ENC_WEP104))
7513 			continue;
7514 		if (len == 16 && (drv_enc & WPA_DRIVER_CAPA_ENC_WEP128))
7515 			continue;
7516 		return 1; /* invalid WEP key */
7517 	}
7518 #endif /* CONFIG_WEP */
7519 
7520 	if (wpa_key_mgmt_wpa_psk(ssid->key_mgmt) && !ssid->psk_set &&
7521 	    (!ssid->passphrase || ssid->ssid_len != 0) && !ssid->ext_psk &&
7522 	    !(wpa_key_mgmt_sae(ssid->key_mgmt) && ssid->sae_password) &&
7523 	    !ssid->mem_only_psk)
7524 		return 1;
7525 
7526 	return 0;
7527 }
7528 
7529 
wpas_get_ssid_pmf(struct wpa_supplicant * wpa_s,struct wpa_ssid * ssid)7530 int wpas_get_ssid_pmf(struct wpa_supplicant *wpa_s, struct wpa_ssid *ssid)
7531 {
7532 	if (ssid == NULL || ssid->ieee80211w == MGMT_FRAME_PROTECTION_DEFAULT) {
7533 		if (wpa_s->conf->pmf == MGMT_FRAME_PROTECTION_OPTIONAL &&
7534 		    !(wpa_s->drv_enc & WPA_DRIVER_CAPA_ENC_BIP)) {
7535 			/*
7536 			 * Driver does not support BIP -- ignore pmf=1 default
7537 			 * since the connection with PMF would fail and the
7538 			 * configuration does not require PMF to be enabled.
7539 			 */
7540 			return NO_MGMT_FRAME_PROTECTION;
7541 		}
7542 
7543 		if (ssid &&
7544 		    (ssid->key_mgmt &
7545 		     ~(WPA_KEY_MGMT_NONE | WPA_KEY_MGMT_WPS |
7546 		       WPA_KEY_MGMT_IEEE8021X_NO_WPA)) == 0) {
7547 			/*
7548 			 * Do not use the default PMF value for non-RSN networks
7549 			 * since PMF is available only with RSN and pmf=2
7550 			 * configuration would otherwise prevent connections to
7551 			 * all open networks.
7552 			 */
7553 			return NO_MGMT_FRAME_PROTECTION;
7554 		}
7555 
7556 		return wpa_s->conf->pmf;
7557 	}
7558 
7559 	return ssid->ieee80211w;
7560 }
7561 
7562 
wpas_is_p2p_prioritized(struct wpa_supplicant * wpa_s)7563 int wpas_is_p2p_prioritized(struct wpa_supplicant *wpa_s)
7564 {
7565 	if (wpa_s->global->conc_pref == WPA_CONC_PREF_P2P)
7566 		return 1;
7567 	if (wpa_s->global->conc_pref == WPA_CONC_PREF_STA)
7568 		return 0;
7569 	return -1;
7570 }
7571 
7572 
wpas_auth_failed(struct wpa_supplicant * wpa_s,char * reason)7573 void wpas_auth_failed(struct wpa_supplicant *wpa_s, char *reason)
7574 {
7575 	struct wpa_ssid *ssid = wpa_s->current_ssid;
7576 	int dur;
7577 	struct os_reltime now;
7578 
7579 	if (ssid == NULL) {
7580 		wpa_printf(MSG_DEBUG, "Authentication failure but no known "
7581 			   "SSID block");
7582 		return;
7583 	}
7584 
7585 	if (ssid->key_mgmt == WPA_KEY_MGMT_WPS)
7586 		return;
7587 
7588 	ssid->auth_failures++;
7589 
7590 #ifdef CONFIG_P2P
7591 	if (ssid->p2p_group &&
7592 	    (wpa_s->p2p_in_provisioning || wpa_s->show_group_started)) {
7593 		/*
7594 		 * Skip the wait time since there is a short timeout on the
7595 		 * connection to a P2P group.
7596 		 */
7597 		return;
7598 	}
7599 #endif /* CONFIG_P2P */
7600 
7601 	if (ssid->auth_failures > 50)
7602 		dur = 300;
7603 	else if (ssid->auth_failures > 10)
7604 		dur = 120;
7605 	else if (ssid->auth_failures > 5)
7606 		dur = 90;
7607 	else if (ssid->auth_failures > 3)
7608 		dur = 60;
7609 	else if (ssid->auth_failures > 2)
7610 		dur = 30;
7611 	else if (ssid->auth_failures > 1)
7612 		dur = 20;
7613 	else
7614 		dur = 10;
7615 
7616 	if (ssid->auth_failures > 1 &&
7617 	    wpa_key_mgmt_wpa_ieee8021x(ssid->key_mgmt))
7618 		dur += os_random() % (ssid->auth_failures * 10);
7619 
7620 	os_get_reltime(&now);
7621 	if (now.sec + dur <= ssid->disabled_until.sec)
7622 		return;
7623 
7624 	ssid->disabled_until.sec = now.sec + dur;
7625 
7626 	wpa_msg(wpa_s, MSG_INFO, WPA_EVENT_TEMP_DISABLED
7627 		"id=%d ssid=\"%s\" auth_failures=%u duration=%d reason=%s",
7628 		ssid->id, wpa_ssid_txt(ssid->ssid, ssid->ssid_len),
7629 		ssid->auth_failures, dur, reason);
7630 }
7631 
7632 
wpas_clear_temp_disabled(struct wpa_supplicant * wpa_s,struct wpa_ssid * ssid,int clear_failures)7633 void wpas_clear_temp_disabled(struct wpa_supplicant *wpa_s,
7634 			      struct wpa_ssid *ssid, int clear_failures)
7635 {
7636 	if (ssid == NULL)
7637 		return;
7638 
7639 	if (ssid->disabled_until.sec) {
7640 		wpa_msg(wpa_s, MSG_INFO, WPA_EVENT_REENABLED
7641 			"id=%d ssid=\"%s\"",
7642 			ssid->id, wpa_ssid_txt(ssid->ssid, ssid->ssid_len));
7643 	}
7644 	ssid->disabled_until.sec = 0;
7645 	ssid->disabled_until.usec = 0;
7646 	if (clear_failures)
7647 		ssid->auth_failures = 0;
7648 }
7649 
7650 
disallowed_bssid(struct wpa_supplicant * wpa_s,const u8 * bssid)7651 int disallowed_bssid(struct wpa_supplicant *wpa_s, const u8 *bssid)
7652 {
7653 	size_t i;
7654 
7655 	if (wpa_s->disallow_aps_bssid == NULL)
7656 		return 0;
7657 
7658 	for (i = 0; i < wpa_s->disallow_aps_bssid_count; i++) {
7659 		if (os_memcmp(wpa_s->disallow_aps_bssid + i * ETH_ALEN,
7660 			      bssid, ETH_ALEN) == 0)
7661 			return 1;
7662 	}
7663 
7664 	return 0;
7665 }
7666 
7667 
disallowed_ssid(struct wpa_supplicant * wpa_s,const u8 * ssid,size_t ssid_len)7668 int disallowed_ssid(struct wpa_supplicant *wpa_s, const u8 *ssid,
7669 		    size_t ssid_len)
7670 {
7671 	size_t i;
7672 
7673 	if (wpa_s->disallow_aps_ssid == NULL || ssid == NULL)
7674 		return 0;
7675 
7676 	for (i = 0; i < wpa_s->disallow_aps_ssid_count; i++) {
7677 		struct wpa_ssid_value *s = &wpa_s->disallow_aps_ssid[i];
7678 		if (ssid_len == s->ssid_len &&
7679 		    os_memcmp(ssid, s->ssid, ssid_len) == 0)
7680 			return 1;
7681 	}
7682 
7683 	return 0;
7684 }
7685 
7686 
7687 /**
7688  * wpas_request_connection - Request a new connection
7689  * @wpa_s: Pointer to the network interface
7690  *
7691  * This function is used to request a new connection to be found. It will mark
7692  * the interface to allow reassociation and request a new scan to find a
7693  * suitable network to connect to.
7694  */
wpas_request_connection(struct wpa_supplicant * wpa_s)7695 void wpas_request_connection(struct wpa_supplicant *wpa_s)
7696 {
7697 	wpa_s->normal_scans = 0;
7698 	wpa_s->scan_req = NORMAL_SCAN_REQ;
7699 	wpa_supplicant_reinit_autoscan(wpa_s);
7700 	wpa_s->extra_blacklist_count = 0;
7701 	wpa_s->disconnected = 0;
7702 	wpa_s->reassociate = 1;
7703 	wpa_s->last_owe_group = 0;
7704 
7705 	if (wpa_supplicant_fast_associate(wpa_s) != 1)
7706 		wpa_supplicant_req_scan(wpa_s, 0, 0);
7707 	else
7708 		wpa_s->reattach = 0;
7709 }
7710 
7711 
7712 /**
7713  * wpas_request_disconnection - Request disconnection
7714  * @wpa_s: Pointer to the network interface
7715  *
7716  * This function is used to request disconnection from the currently connected
7717  * network. This will stop any ongoing scans and initiate deauthentication.
7718  */
wpas_request_disconnection(struct wpa_supplicant * wpa_s)7719 void wpas_request_disconnection(struct wpa_supplicant *wpa_s)
7720 {
7721 #ifdef CONFIG_SME
7722 	wpa_s->sme.prev_bssid_set = 0;
7723 #endif /* CONFIG_SME */
7724 	wpa_s->reassociate = 0;
7725 	wpa_s->disconnected = 1;
7726 	wpa_supplicant_cancel_sched_scan(wpa_s);
7727 	wpa_supplicant_cancel_scan(wpa_s);
7728 	wpa_supplicant_deauthenticate(wpa_s, WLAN_REASON_DEAUTH_LEAVING);
7729 	eloop_cancel_timeout(wpas_network_reenabled, wpa_s, NULL);
7730 	radio_remove_works(wpa_s, "connect", 0);
7731 	radio_remove_works(wpa_s, "sme-connect", 0);
7732 }
7733 
7734 
dump_freq_data(struct wpa_supplicant * wpa_s,const char * title,struct wpa_used_freq_data * freqs_data,unsigned int len)7735 void dump_freq_data(struct wpa_supplicant *wpa_s, const char *title,
7736 		    struct wpa_used_freq_data *freqs_data,
7737 		    unsigned int len)
7738 {
7739 	unsigned int i;
7740 
7741 	wpa_dbg(wpa_s, MSG_DEBUG, "Shared frequencies (len=%u): %s",
7742 		len, title);
7743 	for (i = 0; i < len; i++) {
7744 		struct wpa_used_freq_data *cur = &freqs_data[i];
7745 		wpa_dbg(wpa_s, MSG_DEBUG, "freq[%u]: %d, flags=0x%X",
7746 			i, cur->freq, cur->flags);
7747 	}
7748 }
7749 
7750 
7751 /*
7752  * Find the operating frequencies of any of the virtual interfaces that
7753  * are using the same radio as the current interface, and in addition, get
7754  * information about the interface types that are using the frequency.
7755  */
get_shared_radio_freqs_data(struct wpa_supplicant * wpa_s,struct wpa_used_freq_data * freqs_data,unsigned int len)7756 int get_shared_radio_freqs_data(struct wpa_supplicant *wpa_s,
7757 				struct wpa_used_freq_data *freqs_data,
7758 				unsigned int len)
7759 {
7760 	struct wpa_supplicant *ifs;
7761 	u8 bssid[ETH_ALEN];
7762 	int freq;
7763 	unsigned int idx = 0, i;
7764 
7765 	wpa_dbg(wpa_s, MSG_DEBUG,
7766 		"Determining shared radio frequencies (max len %u)", len);
7767 	os_memset(freqs_data, 0, sizeof(struct wpa_used_freq_data) * len);
7768 
7769 	dl_list_for_each(ifs, &wpa_s->radio->ifaces, struct wpa_supplicant,
7770 			 radio_list) {
7771 		if (idx == len)
7772 			break;
7773 
7774 		if (ifs->current_ssid == NULL || ifs->assoc_freq == 0)
7775 			continue;
7776 
7777 		if (ifs->current_ssid->mode == WPAS_MODE_AP ||
7778 		    ifs->current_ssid->mode == WPAS_MODE_P2P_GO ||
7779 		    ifs->current_ssid->mode == WPAS_MODE_MESH)
7780 			freq = ifs->current_ssid->frequency;
7781 		else if (wpa_drv_get_bssid(ifs, bssid) == 0)
7782 			freq = ifs->assoc_freq;
7783 		else
7784 			continue;
7785 
7786 		/* Hold only distinct freqs */
7787 		for (i = 0; i < idx; i++)
7788 			if (freqs_data[i].freq == freq)
7789 				break;
7790 
7791 		if (i == idx)
7792 			freqs_data[idx++].freq = freq;
7793 
7794 		if (ifs->current_ssid->mode == WPAS_MODE_INFRA) {
7795 			freqs_data[i].flags |= ifs->current_ssid->p2p_group ?
7796 				WPA_FREQ_USED_BY_P2P_CLIENT :
7797 				WPA_FREQ_USED_BY_INFRA_STATION;
7798 		}
7799 	}
7800 
7801 	dump_freq_data(wpa_s, "completed iteration", freqs_data, idx);
7802 	return idx;
7803 }
7804 
7805 
7806 /*
7807  * Find the operating frequencies of any of the virtual interfaces that
7808  * are using the same radio as the current interface.
7809  */
get_shared_radio_freqs(struct wpa_supplicant * wpa_s,int * freq_array,unsigned int len)7810 int get_shared_radio_freqs(struct wpa_supplicant *wpa_s,
7811 			   int *freq_array, unsigned int len)
7812 {
7813 	struct wpa_used_freq_data *freqs_data;
7814 	int num, i;
7815 
7816 	os_memset(freq_array, 0, sizeof(int) * len);
7817 
7818 	freqs_data = os_calloc(len, sizeof(struct wpa_used_freq_data));
7819 	if (!freqs_data)
7820 		return -1;
7821 
7822 	num = get_shared_radio_freqs_data(wpa_s, freqs_data, len);
7823 	for (i = 0; i < num; i++)
7824 		freq_array[i] = freqs_data[i].freq;
7825 
7826 	os_free(freqs_data);
7827 
7828 	return num;
7829 }
7830 
7831 
7832 struct wpa_supplicant *
wpas_vendor_elem(struct wpa_supplicant * wpa_s,enum wpa_vendor_elem_frame frame)7833 wpas_vendor_elem(struct wpa_supplicant *wpa_s, enum wpa_vendor_elem_frame frame)
7834 {
7835 	switch (frame) {
7836 #ifdef CONFIG_P2P
7837 	case VENDOR_ELEM_PROBE_REQ_P2P:
7838 	case VENDOR_ELEM_PROBE_RESP_P2P:
7839 	case VENDOR_ELEM_PROBE_RESP_P2P_GO:
7840 	case VENDOR_ELEM_BEACON_P2P_GO:
7841 	case VENDOR_ELEM_P2P_PD_REQ:
7842 	case VENDOR_ELEM_P2P_PD_RESP:
7843 	case VENDOR_ELEM_P2P_GO_NEG_REQ:
7844 	case VENDOR_ELEM_P2P_GO_NEG_RESP:
7845 	case VENDOR_ELEM_P2P_GO_NEG_CONF:
7846 	case VENDOR_ELEM_P2P_INV_REQ:
7847 	case VENDOR_ELEM_P2P_INV_RESP:
7848 	case VENDOR_ELEM_P2P_ASSOC_REQ:
7849 	case VENDOR_ELEM_P2P_ASSOC_RESP:
7850 		return wpa_s->p2pdev;
7851 #endif /* CONFIG_P2P */
7852 	default:
7853 		return wpa_s;
7854 	}
7855 }
7856 
7857 
wpas_vendor_elem_update(struct wpa_supplicant * wpa_s)7858 void wpas_vendor_elem_update(struct wpa_supplicant *wpa_s)
7859 {
7860 	unsigned int i;
7861 	char buf[30];
7862 
7863 	wpa_printf(MSG_DEBUG, "Update vendor elements");
7864 
7865 	for (i = 0; i < NUM_VENDOR_ELEM_FRAMES; i++) {
7866 		if (wpa_s->vendor_elem[i]) {
7867 			int res;
7868 
7869 			res = os_snprintf(buf, sizeof(buf), "frame[%u]", i);
7870 			if (!os_snprintf_error(sizeof(buf), res)) {
7871 				wpa_hexdump_buf(MSG_DEBUG, buf,
7872 						wpa_s->vendor_elem[i]);
7873 			}
7874 		}
7875 	}
7876 
7877 #ifdef CONFIG_P2P
7878 	if (wpa_s->parent == wpa_s &&
7879 	    wpa_s->global->p2p &&
7880 	    !wpa_s->global->p2p_disabled)
7881 		p2p_set_vendor_elems(wpa_s->global->p2p, wpa_s->vendor_elem);
7882 #endif /* CONFIG_P2P */
7883 }
7884 
7885 
wpas_vendor_elem_remove(struct wpa_supplicant * wpa_s,int frame,const u8 * elem,size_t len)7886 int wpas_vendor_elem_remove(struct wpa_supplicant *wpa_s, int frame,
7887 			    const u8 *elem, size_t len)
7888 {
7889 	u8 *ie, *end;
7890 
7891 	ie = wpabuf_mhead_u8(wpa_s->vendor_elem[frame]);
7892 	end = ie + wpabuf_len(wpa_s->vendor_elem[frame]);
7893 
7894 	for (; ie + 1 < end; ie += 2 + ie[1]) {
7895 		if (ie + len > end)
7896 			break;
7897 		if (os_memcmp(ie, elem, len) != 0)
7898 			continue;
7899 
7900 		if (wpabuf_len(wpa_s->vendor_elem[frame]) == len) {
7901 			wpabuf_free(wpa_s->vendor_elem[frame]);
7902 			wpa_s->vendor_elem[frame] = NULL;
7903 		} else {
7904 			os_memmove(ie, ie + len, end - (ie + len));
7905 			wpa_s->vendor_elem[frame]->used -= len;
7906 		}
7907 		wpas_vendor_elem_update(wpa_s);
7908 		return 0;
7909 	}
7910 
7911 	return -1;
7912 }
7913 
7914 
get_mode(struct hostapd_hw_modes * modes,u16 num_modes,enum hostapd_hw_mode mode,int is_6ghz)7915 struct hostapd_hw_modes * get_mode(struct hostapd_hw_modes *modes,
7916 				   u16 num_modes, enum hostapd_hw_mode mode,
7917 				   int is_6ghz)
7918 {
7919 	u16 i;
7920 
7921 	for (i = 0; i < num_modes; i++) {
7922 		if (modes[i].mode != mode ||
7923 		    !modes[i].num_channels || !modes[i].channels)
7924 			continue;
7925 		if ((!is_6ghz && !is_6ghz_freq(modes[i].channels[0].freq)) ||
7926 		    (is_6ghz && is_6ghz_freq(modes[i].channels[0].freq)))
7927 			return &modes[i];
7928 	}
7929 
7930 	return NULL;
7931 }
7932 
7933 
7934 static struct
wpas_get_disallowed_bss(struct wpa_supplicant * wpa_s,const u8 * bssid)7935 wpa_bss_tmp_disallowed * wpas_get_disallowed_bss(struct wpa_supplicant *wpa_s,
7936 						 const u8 *bssid)
7937 {
7938 	struct wpa_bss_tmp_disallowed *bss;
7939 
7940 	dl_list_for_each(bss, &wpa_s->bss_tmp_disallowed,
7941 			 struct wpa_bss_tmp_disallowed, list) {
7942 		if (os_memcmp(bssid, bss->bssid, ETH_ALEN) == 0)
7943 			return bss;
7944 	}
7945 
7946 	return NULL;
7947 }
7948 
7949 
wpa_set_driver_tmp_disallow_list(struct wpa_supplicant * wpa_s)7950 static int wpa_set_driver_tmp_disallow_list(struct wpa_supplicant *wpa_s)
7951 {
7952 	struct wpa_bss_tmp_disallowed *tmp;
7953 	unsigned int num_bssid = 0;
7954 	u8 *bssids;
7955 	int ret;
7956 
7957 	bssids = os_malloc(dl_list_len(&wpa_s->bss_tmp_disallowed) * ETH_ALEN);
7958 	if (!bssids)
7959 		return -1;
7960 	dl_list_for_each(tmp, &wpa_s->bss_tmp_disallowed,
7961 			 struct wpa_bss_tmp_disallowed, list) {
7962 		os_memcpy(&bssids[num_bssid * ETH_ALEN], tmp->bssid,
7963 			  ETH_ALEN);
7964 		num_bssid++;
7965 	}
7966 	ret = wpa_drv_set_bssid_blacklist(wpa_s, num_bssid, bssids);
7967 	os_free(bssids);
7968 	return ret;
7969 }
7970 
7971 
wpa_bss_tmp_disallow_timeout(void * eloop_ctx,void * timeout_ctx)7972 static void wpa_bss_tmp_disallow_timeout(void *eloop_ctx, void *timeout_ctx)
7973 {
7974 	struct wpa_supplicant *wpa_s = eloop_ctx;
7975 	struct wpa_bss_tmp_disallowed *tmp, *bss = timeout_ctx;
7976 
7977 	/* Make sure the bss is not already freed */
7978 	dl_list_for_each(tmp, &wpa_s->bss_tmp_disallowed,
7979 			 struct wpa_bss_tmp_disallowed, list) {
7980 		if (bss == tmp) {
7981 			dl_list_del(&tmp->list);
7982 			os_free(tmp);
7983 			wpa_set_driver_tmp_disallow_list(wpa_s);
7984 			break;
7985 		}
7986 	}
7987 }
7988 
7989 
wpa_bss_tmp_disallow(struct wpa_supplicant * wpa_s,const u8 * bssid,unsigned int sec,int rssi_threshold)7990 void wpa_bss_tmp_disallow(struct wpa_supplicant *wpa_s, const u8 *bssid,
7991 			  unsigned int sec, int rssi_threshold)
7992 {
7993 	struct wpa_bss_tmp_disallowed *bss;
7994 
7995 	bss = wpas_get_disallowed_bss(wpa_s, bssid);
7996 	if (bss) {
7997 		eloop_cancel_timeout(wpa_bss_tmp_disallow_timeout, wpa_s, bss);
7998 		goto finish;
7999 	}
8000 
8001 	bss = os_malloc(sizeof(*bss));
8002 	if (!bss) {
8003 		wpa_printf(MSG_DEBUG,
8004 			   "Failed to allocate memory for temp disallow BSS");
8005 		return;
8006 	}
8007 
8008 	os_memcpy(bss->bssid, bssid, ETH_ALEN);
8009 	dl_list_add(&wpa_s->bss_tmp_disallowed, &bss->list);
8010 	wpa_set_driver_tmp_disallow_list(wpa_s);
8011 
8012 finish:
8013 	bss->rssi_threshold = rssi_threshold;
8014 	eloop_register_timeout(sec, 0, wpa_bss_tmp_disallow_timeout,
8015 			       wpa_s, bss);
8016 }
8017 
8018 
wpa_is_bss_tmp_disallowed(struct wpa_supplicant * wpa_s,struct wpa_bss * bss)8019 int wpa_is_bss_tmp_disallowed(struct wpa_supplicant *wpa_s,
8020 			      struct wpa_bss *bss)
8021 {
8022 	struct wpa_bss_tmp_disallowed *disallowed = NULL, *tmp, *prev;
8023 
8024 	dl_list_for_each_safe(tmp, prev, &wpa_s->bss_tmp_disallowed,
8025 			 struct wpa_bss_tmp_disallowed, list) {
8026 		if (os_memcmp(bss->bssid, tmp->bssid, ETH_ALEN) == 0) {
8027 			disallowed = tmp;
8028 			break;
8029 		}
8030 	}
8031 	if (!disallowed)
8032 		return 0;
8033 
8034 	if (disallowed->rssi_threshold != 0 &&
8035 	    bss->level > disallowed->rssi_threshold)
8036 		return 0;
8037 
8038 	return 1;
8039 }
8040 
8041 
wpas_enable_mac_addr_randomization(struct wpa_supplicant * wpa_s,unsigned int type,const u8 * addr,const u8 * mask)8042 int wpas_enable_mac_addr_randomization(struct wpa_supplicant *wpa_s,
8043 				       unsigned int type, const u8 *addr,
8044 				       const u8 *mask)
8045 {
8046 	if ((addr && !mask) || (!addr && mask)) {
8047 		wpa_printf(MSG_INFO,
8048 			   "MAC_ADDR_RAND_SCAN invalid addr/mask combination");
8049 		return -1;
8050 	}
8051 
8052 	if (addr && mask && (!(mask[0] & 0x01) || (addr[0] & 0x01))) {
8053 		wpa_printf(MSG_INFO,
8054 			   "MAC_ADDR_RAND_SCAN cannot allow multicast address");
8055 		return -1;
8056 	}
8057 
8058 	if (type & MAC_ADDR_RAND_SCAN) {
8059 		if (wpas_mac_addr_rand_scan_set(wpa_s, MAC_ADDR_RAND_SCAN,
8060 						addr, mask))
8061 			return -1;
8062 	}
8063 
8064 	if (type & MAC_ADDR_RAND_SCHED_SCAN) {
8065 		if (wpas_mac_addr_rand_scan_set(wpa_s, MAC_ADDR_RAND_SCHED_SCAN,
8066 						addr, mask))
8067 			return -1;
8068 
8069 		if (wpa_s->sched_scanning && !wpa_s->pno)
8070 			wpas_scan_restart_sched_scan(wpa_s);
8071 	}
8072 
8073 	if (type & MAC_ADDR_RAND_PNO) {
8074 		if (wpas_mac_addr_rand_scan_set(wpa_s, MAC_ADDR_RAND_PNO,
8075 						addr, mask))
8076 			return -1;
8077 
8078 		if (wpa_s->pno) {
8079 			wpas_stop_pno(wpa_s);
8080 			wpas_start_pno(wpa_s);
8081 		}
8082 	}
8083 
8084 	return 0;
8085 }
8086 
8087 
wpas_disable_mac_addr_randomization(struct wpa_supplicant * wpa_s,unsigned int type)8088 int wpas_disable_mac_addr_randomization(struct wpa_supplicant *wpa_s,
8089 					unsigned int type)
8090 {
8091 	wpas_mac_addr_rand_scan_clear(wpa_s, type);
8092 	if (wpa_s->pno) {
8093 		if (type & MAC_ADDR_RAND_PNO) {
8094 			wpas_stop_pno(wpa_s);
8095 			wpas_start_pno(wpa_s);
8096 		}
8097 	} else if (wpa_s->sched_scanning && (type & MAC_ADDR_RAND_SCHED_SCAN)) {
8098 		wpas_scan_restart_sched_scan(wpa_s);
8099 	}
8100 
8101 	return 0;
8102 }
8103 
8104 
wpa_drv_signal_poll(struct wpa_supplicant * wpa_s,struct wpa_signal_info * si)8105 int wpa_drv_signal_poll(struct wpa_supplicant *wpa_s,
8106 			struct wpa_signal_info *si)
8107 {
8108 	int res;
8109 
8110 	if (!wpa_s->driver->signal_poll)
8111 		return -1;
8112 
8113 	res = wpa_s->driver->signal_poll(wpa_s->drv_priv, si);
8114 
8115 #ifdef CONFIG_TESTING_OPTIONS
8116 	if (res == 0) {
8117 		struct driver_signal_override *dso;
8118 
8119 		dl_list_for_each(dso, &wpa_s->drv_signal_override,
8120 				 struct driver_signal_override, list) {
8121 			if (os_memcmp(wpa_s->bssid, dso->bssid,
8122 				      ETH_ALEN) != 0)
8123 				continue;
8124 			wpa_printf(MSG_DEBUG,
8125 				   "Override driver signal_poll information: current_signal: %d->%d avg_signal: %d->%d avg_beacon_signal: %d->%d current_noise: %d->%d",
8126 				   si->current_signal,
8127 				   dso->si_current_signal,
8128 				   si->avg_signal,
8129 				   dso->si_avg_signal,
8130 				   si->avg_beacon_signal,
8131 				   dso->si_avg_beacon_signal,
8132 				   si->current_noise,
8133 				   dso->si_current_noise);
8134 			si->current_signal = dso->si_current_signal;
8135 			si->avg_signal = dso->si_avg_signal;
8136 			si->avg_beacon_signal = dso->si_avg_beacon_signal;
8137 			si->current_noise = dso->si_current_noise;
8138 			break;
8139 		}
8140 	}
8141 #endif /* CONFIG_TESTING_OPTIONS */
8142 
8143 	return res;
8144 }
8145 
8146 
8147 struct wpa_scan_results *
wpa_drv_get_scan_results2(struct wpa_supplicant * wpa_s)8148 wpa_drv_get_scan_results2(struct wpa_supplicant *wpa_s)
8149 {
8150 	struct wpa_scan_results *scan_res;
8151 #ifdef CONFIG_TESTING_OPTIONS
8152 	size_t idx;
8153 #endif /* CONFIG_TESTING_OPTIONS */
8154 
8155 	if (!wpa_s->driver->get_scan_results2)
8156 		return NULL;
8157 
8158 	scan_res = wpa_s->driver->get_scan_results2(wpa_s->drv_priv);
8159 
8160 #ifdef CONFIG_TESTING_OPTIONS
8161 	for (idx = 0; scan_res && idx < scan_res->num; idx++) {
8162 		struct driver_signal_override *dso;
8163 		struct wpa_scan_res *res = scan_res->res[idx];
8164 
8165 		dl_list_for_each(dso, &wpa_s->drv_signal_override,
8166 				 struct driver_signal_override, list) {
8167 			if (os_memcmp(res->bssid, dso->bssid, ETH_ALEN) != 0)
8168 				continue;
8169 			wpa_printf(MSG_DEBUG,
8170 				   "Override driver scan signal level %d->%d for "
8171 				   MACSTR,
8172 				   res->level, dso->scan_level,
8173 				   MAC2STR(res->bssid));
8174 			res->flags |= WPA_SCAN_QUAL_INVALID;
8175 			if (dso->scan_level < 0)
8176 				res->flags |= WPA_SCAN_LEVEL_DBM;
8177 			else
8178 				res->flags &= ~WPA_SCAN_LEVEL_DBM;
8179 			res->level = dso->scan_level;
8180 			break;
8181 		}
8182 	}
8183 #endif /* CONFIG_TESTING_OPTIONS */
8184 
8185 	return scan_res;
8186 }
8187