1 /*
2 * WPA Supplicant
3 * Copyright (c) 2003-2012, Jouni Malinen <j@w1.fi>
4 *
5 * This software may be distributed under the terms of the BSD license.
6 * See README for more details.
7 *
8 * This file implements functions for registering and unregistering
9 * %wpa_supplicant interfaces. In addition, this file contains number of
10 * functions for managing network connections.
11 */
12
13 #include "includes.h"
14
15 #include "common.h"
16 #include "crypto/random.h"
17 #include "crypto/sha1.h"
18 #include "eapol_supp/eapol_supp_sm.h"
19 #include "eap_peer/eap.h"
20 #include "eap_peer/eap_proxy.h"
21 #include "eap_server/eap_methods.h"
22 #include "rsn_supp/wpa.h"
23 #include "eloop.h"
24 #include "config.h"
25 #include "utils/ext_password.h"
26 #include "l2_packet/l2_packet.h"
27 #include "wpa_supplicant_i.h"
28 #include "driver_i.h"
29 #include "ctrl_iface.h"
30 #include "pcsc_funcs.h"
31 #include "common/version.h"
32 #include "rsn_supp/preauth.h"
33 #include "rsn_supp/pmksa_cache.h"
34 #include "common/wpa_ctrl.h"
35 #include "common/ieee802_11_defs.h"
36 #include "p2p/p2p.h"
37 #include "blacklist.h"
38 #include "wpas_glue.h"
39 #include "wps_supplicant.h"
40 #include "ibss_rsn.h"
41 #include "sme.h"
42 #include "gas_query.h"
43 #include "ap.h"
44 #include "p2p_supplicant.h"
45 #include "wifi_display.h"
46 #include "notify.h"
47 #include "bgscan.h"
48 #include "autoscan.h"
49 #include "bss.h"
50 #include "scan.h"
51 #include "offchannel.h"
52 #include "hs20_supplicant.h"
53 #include "wnm_sta.h"
54
55 const char *wpa_supplicant_version =
56 "wpa_supplicant v" VERSION_STR "\n"
57 "Copyright (c) 2003-2013, Jouni Malinen <j@w1.fi> and contributors";
58
59 const char *wpa_supplicant_license =
60 "This software may be distributed under the terms of the BSD license.\n"
61 "See README for more details.\n"
62 #ifdef EAP_TLS_OPENSSL
63 "\nThis product includes software developed by the OpenSSL Project\n"
64 "for use in the OpenSSL Toolkit (http://www.openssl.org/)\n"
65 #endif /* EAP_TLS_OPENSSL */
66 ;
67
68 #ifndef CONFIG_NO_STDOUT_DEBUG
69 /* Long text divided into parts in order to fit in C89 strings size limits. */
70 const char *wpa_supplicant_full_license1 =
71 "";
72 const char *wpa_supplicant_full_license2 =
73 "This software may be distributed under the terms of the BSD license.\n"
74 "\n"
75 "Redistribution and use in source and binary forms, with or without\n"
76 "modification, are permitted provided that the following conditions are\n"
77 "met:\n"
78 "\n";
79 const char *wpa_supplicant_full_license3 =
80 "1. Redistributions of source code must retain the above copyright\n"
81 " notice, this list of conditions and the following disclaimer.\n"
82 "\n"
83 "2. Redistributions in binary form must reproduce the above copyright\n"
84 " notice, this list of conditions and the following disclaimer in the\n"
85 " documentation and/or other materials provided with the distribution.\n"
86 "\n";
87 const char *wpa_supplicant_full_license4 =
88 "3. Neither the name(s) of the above-listed copyright holder(s) nor the\n"
89 " names of its contributors may be used to endorse or promote products\n"
90 " derived from this software without specific prior written permission.\n"
91 "\n"
92 "THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS\n"
93 "\"AS IS\" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT\n"
94 "LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR\n"
95 "A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT\n";
96 const char *wpa_supplicant_full_license5 =
97 "OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,\n"
98 "SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT\n"
99 "LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,\n"
100 "DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY\n"
101 "THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT\n"
102 "(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE\n"
103 "OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n"
104 "\n";
105 #endif /* CONFIG_NO_STDOUT_DEBUG */
106
107 extern int wpa_debug_level;
108 extern int wpa_debug_show_keys;
109 extern int wpa_debug_timestamp;
110 extern struct wpa_driver_ops *wpa_drivers[];
111
112 /* Configure default/group WEP keys for static WEP */
wpa_set_wep_keys(struct wpa_supplicant * wpa_s,struct wpa_ssid * ssid)113 int wpa_set_wep_keys(struct wpa_supplicant *wpa_s, struct wpa_ssid *ssid)
114 {
115 int i, set = 0;
116
117 for (i = 0; i < NUM_WEP_KEYS; i++) {
118 if (ssid->wep_key_len[i] == 0)
119 continue;
120
121 set = 1;
122 wpa_drv_set_key(wpa_s, WPA_ALG_WEP, NULL,
123 i, i == ssid->wep_tx_keyidx, NULL, 0,
124 ssid->wep_key[i], ssid->wep_key_len[i]);
125 }
126
127 return set;
128 }
129
130
wpa_supplicant_set_wpa_none_key(struct wpa_supplicant * wpa_s,struct wpa_ssid * ssid)131 int wpa_supplicant_set_wpa_none_key(struct wpa_supplicant *wpa_s,
132 struct wpa_ssid *ssid)
133 {
134 u8 key[32];
135 size_t keylen;
136 enum wpa_alg alg;
137 u8 seq[6] = { 0 };
138
139 /* IBSS/WPA-None uses only one key (Group) for both receiving and
140 * sending unicast and multicast packets. */
141
142 if (ssid->mode != WPAS_MODE_IBSS) {
143 wpa_msg(wpa_s, MSG_INFO, "WPA: Invalid mode %d (not "
144 "IBSS/ad-hoc) for WPA-None", ssid->mode);
145 return -1;
146 }
147
148 if (!ssid->psk_set) {
149 wpa_msg(wpa_s, MSG_INFO, "WPA: No PSK configured for "
150 "WPA-None");
151 return -1;
152 }
153
154 switch (wpa_s->group_cipher) {
155 case WPA_CIPHER_CCMP:
156 os_memcpy(key, ssid->psk, 16);
157 keylen = 16;
158 alg = WPA_ALG_CCMP;
159 break;
160 case WPA_CIPHER_GCMP:
161 os_memcpy(key, ssid->psk, 16);
162 keylen = 16;
163 alg = WPA_ALG_GCMP;
164 break;
165 case WPA_CIPHER_TKIP:
166 /* WPA-None uses the same Michael MIC key for both TX and RX */
167 os_memcpy(key, ssid->psk, 16 + 8);
168 os_memcpy(key + 16 + 8, ssid->psk + 16, 8);
169 keylen = 32;
170 alg = WPA_ALG_TKIP;
171 break;
172 default:
173 wpa_msg(wpa_s, MSG_INFO, "WPA: Invalid group cipher %d for "
174 "WPA-None", wpa_s->group_cipher);
175 return -1;
176 }
177
178 /* TODO: should actually remember the previously used seq#, both for TX
179 * and RX from each STA.. */
180
181 return wpa_drv_set_key(wpa_s, alg, NULL, 0, 1, seq, 6, key, keylen);
182 }
183
184
wpa_supplicant_timeout(void * eloop_ctx,void * timeout_ctx)185 static void wpa_supplicant_timeout(void *eloop_ctx, void *timeout_ctx)
186 {
187 struct wpa_supplicant *wpa_s = eloop_ctx;
188 const u8 *bssid = wpa_s->bssid;
189 if (is_zero_ether_addr(bssid))
190 bssid = wpa_s->pending_bssid;
191 wpa_msg(wpa_s, MSG_INFO, "Authentication with " MACSTR " timed out.",
192 MAC2STR(bssid));
193 wpa_blacklist_add(wpa_s, bssid);
194 wpa_sm_notify_disassoc(wpa_s->wpa);
195 wpa_supplicant_deauthenticate(wpa_s, WLAN_REASON_DEAUTH_LEAVING);
196 wpa_s->reassociate = 1;
197
198 /*
199 * If we timed out, the AP or the local radio may be busy.
200 * So, wait a second until scanning again.
201 */
202 wpa_supplicant_req_scan(wpa_s, 1, 0);
203
204 wpas_p2p_continue_after_scan(wpa_s);
205 }
206
207
208 /**
209 * wpa_supplicant_req_auth_timeout - Schedule a timeout for authentication
210 * @wpa_s: Pointer to wpa_supplicant data
211 * @sec: Number of seconds after which to time out authentication
212 * @usec: Number of microseconds after which to time out authentication
213 *
214 * This function is used to schedule a timeout for the current authentication
215 * attempt.
216 */
wpa_supplicant_req_auth_timeout(struct wpa_supplicant * wpa_s,int sec,int usec)217 void wpa_supplicant_req_auth_timeout(struct wpa_supplicant *wpa_s,
218 int sec, int usec)
219 {
220 if (wpa_s->conf && wpa_s->conf->ap_scan == 0 &&
221 (wpa_s->drv_flags & WPA_DRIVER_FLAGS_WIRED))
222 return;
223
224 wpa_dbg(wpa_s, MSG_DEBUG, "Setting authentication timeout: %d sec "
225 "%d usec", sec, usec);
226 eloop_cancel_timeout(wpa_supplicant_timeout, wpa_s, NULL);
227 eloop_register_timeout(sec, usec, wpa_supplicant_timeout, wpa_s, NULL);
228 }
229
230
231 /**
232 * wpa_supplicant_cancel_auth_timeout - Cancel authentication timeout
233 * @wpa_s: Pointer to wpa_supplicant data
234 *
235 * This function is used to cancel authentication timeout scheduled with
236 * wpa_supplicant_req_auth_timeout() and it is called when authentication has
237 * been completed.
238 */
wpa_supplicant_cancel_auth_timeout(struct wpa_supplicant * wpa_s)239 void wpa_supplicant_cancel_auth_timeout(struct wpa_supplicant *wpa_s)
240 {
241 wpa_dbg(wpa_s, MSG_DEBUG, "Cancelling authentication timeout");
242 eloop_cancel_timeout(wpa_supplicant_timeout, wpa_s, NULL);
243 wpa_blacklist_del(wpa_s, wpa_s->bssid);
244 }
245
246
247 /**
248 * wpa_supplicant_initiate_eapol - Configure EAPOL state machine
249 * @wpa_s: Pointer to wpa_supplicant data
250 *
251 * This function is used to configure EAPOL state machine based on the selected
252 * authentication mode.
253 */
wpa_supplicant_initiate_eapol(struct wpa_supplicant * wpa_s)254 void wpa_supplicant_initiate_eapol(struct wpa_supplicant *wpa_s)
255 {
256 #ifdef IEEE8021X_EAPOL
257 struct eapol_config eapol_conf;
258 struct wpa_ssid *ssid = wpa_s->current_ssid;
259
260 #ifdef CONFIG_IBSS_RSN
261 if (ssid->mode == WPAS_MODE_IBSS &&
262 wpa_s->key_mgmt != WPA_KEY_MGMT_NONE &&
263 wpa_s->key_mgmt != WPA_KEY_MGMT_WPA_NONE) {
264 /*
265 * RSN IBSS authentication is per-STA and we can disable the
266 * per-BSSID EAPOL authentication.
267 */
268 eapol_sm_notify_portControl(wpa_s->eapol, ForceAuthorized);
269 eapol_sm_notify_eap_success(wpa_s->eapol, TRUE);
270 eapol_sm_notify_eap_fail(wpa_s->eapol, FALSE);
271 return;
272 }
273 #endif /* CONFIG_IBSS_RSN */
274
275 eapol_sm_notify_eap_success(wpa_s->eapol, FALSE);
276 eapol_sm_notify_eap_fail(wpa_s->eapol, FALSE);
277
278 if (wpa_s->key_mgmt == WPA_KEY_MGMT_NONE ||
279 wpa_s->key_mgmt == WPA_KEY_MGMT_WPA_NONE)
280 eapol_sm_notify_portControl(wpa_s->eapol, ForceAuthorized);
281 else
282 eapol_sm_notify_portControl(wpa_s->eapol, Auto);
283
284 os_memset(&eapol_conf, 0, sizeof(eapol_conf));
285 if (wpa_s->key_mgmt == WPA_KEY_MGMT_IEEE8021X_NO_WPA) {
286 eapol_conf.accept_802_1x_keys = 1;
287 eapol_conf.required_keys = 0;
288 if (ssid->eapol_flags & EAPOL_FLAG_REQUIRE_KEY_UNICAST) {
289 eapol_conf.required_keys |= EAPOL_REQUIRE_KEY_UNICAST;
290 }
291 if (ssid->eapol_flags & EAPOL_FLAG_REQUIRE_KEY_BROADCAST) {
292 eapol_conf.required_keys |=
293 EAPOL_REQUIRE_KEY_BROADCAST;
294 }
295
296 if (wpa_s->conf && (wpa_s->drv_flags & WPA_DRIVER_FLAGS_WIRED))
297 eapol_conf.required_keys = 0;
298 }
299 if (wpa_s->conf)
300 eapol_conf.fast_reauth = wpa_s->conf->fast_reauth;
301 eapol_conf.workaround = ssid->eap_workaround;
302 eapol_conf.eap_disabled =
303 !wpa_key_mgmt_wpa_ieee8021x(wpa_s->key_mgmt) &&
304 wpa_s->key_mgmt != WPA_KEY_MGMT_IEEE8021X_NO_WPA &&
305 wpa_s->key_mgmt != WPA_KEY_MGMT_WPS;
306 eapol_sm_notify_config(wpa_s->eapol, &ssid->eap, &eapol_conf);
307 #endif /* IEEE8021X_EAPOL */
308 }
309
310
311 /**
312 * wpa_supplicant_set_non_wpa_policy - Set WPA parameters to non-WPA mode
313 * @wpa_s: Pointer to wpa_supplicant data
314 * @ssid: Configuration data for the network
315 *
316 * This function is used to configure WPA state machine and related parameters
317 * to a mode where WPA is not enabled. This is called as part of the
318 * authentication configuration when the selected network does not use WPA.
319 */
wpa_supplicant_set_non_wpa_policy(struct wpa_supplicant * wpa_s,struct wpa_ssid * ssid)320 void wpa_supplicant_set_non_wpa_policy(struct wpa_supplicant *wpa_s,
321 struct wpa_ssid *ssid)
322 {
323 int i;
324
325 if (ssid->key_mgmt & WPA_KEY_MGMT_WPS)
326 wpa_s->key_mgmt = WPA_KEY_MGMT_WPS;
327 else if (ssid->key_mgmt & WPA_KEY_MGMT_IEEE8021X_NO_WPA)
328 wpa_s->key_mgmt = WPA_KEY_MGMT_IEEE8021X_NO_WPA;
329 else
330 wpa_s->key_mgmt = WPA_KEY_MGMT_NONE;
331 wpa_sm_set_ap_wpa_ie(wpa_s->wpa, NULL, 0);
332 wpa_sm_set_ap_rsn_ie(wpa_s->wpa, NULL, 0);
333 wpa_sm_set_assoc_wpa_ie(wpa_s->wpa, NULL, 0);
334 wpa_s->pairwise_cipher = WPA_CIPHER_NONE;
335 wpa_s->group_cipher = WPA_CIPHER_NONE;
336 wpa_s->mgmt_group_cipher = 0;
337
338 for (i = 0; i < NUM_WEP_KEYS; i++) {
339 if (ssid->wep_key_len[i] > 5) {
340 wpa_s->pairwise_cipher = WPA_CIPHER_WEP104;
341 wpa_s->group_cipher = WPA_CIPHER_WEP104;
342 break;
343 } else if (ssid->wep_key_len[i] > 0) {
344 wpa_s->pairwise_cipher = WPA_CIPHER_WEP40;
345 wpa_s->group_cipher = WPA_CIPHER_WEP40;
346 break;
347 }
348 }
349
350 wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_RSN_ENABLED, 0);
351 wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_KEY_MGMT, wpa_s->key_mgmt);
352 wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_PAIRWISE,
353 wpa_s->pairwise_cipher);
354 wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_GROUP, wpa_s->group_cipher);
355 #ifdef CONFIG_IEEE80211W
356 wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_MGMT_GROUP,
357 wpa_s->mgmt_group_cipher);
358 #endif /* CONFIG_IEEE80211W */
359
360 pmksa_cache_clear_current(wpa_s->wpa);
361 }
362
363
free_hw_features(struct wpa_supplicant * wpa_s)364 void free_hw_features(struct wpa_supplicant *wpa_s)
365 {
366 int i;
367 if (wpa_s->hw.modes == NULL)
368 return;
369
370 for (i = 0; i < wpa_s->hw.num_modes; i++) {
371 os_free(wpa_s->hw.modes[i].channels);
372 os_free(wpa_s->hw.modes[i].rates);
373 }
374
375 os_free(wpa_s->hw.modes);
376 wpa_s->hw.modes = NULL;
377 }
378
379
wpa_supplicant_cleanup(struct wpa_supplicant * wpa_s)380 static void wpa_supplicant_cleanup(struct wpa_supplicant *wpa_s)
381 {
382 bgscan_deinit(wpa_s);
383 autoscan_deinit(wpa_s);
384 scard_deinit(wpa_s->scard);
385 wpa_s->scard = NULL;
386 wpa_sm_set_scard_ctx(wpa_s->wpa, NULL);
387 eapol_sm_register_scard_ctx(wpa_s->eapol, NULL);
388 l2_packet_deinit(wpa_s->l2);
389 wpa_s->l2 = NULL;
390 if (wpa_s->l2_br) {
391 l2_packet_deinit(wpa_s->l2_br);
392 wpa_s->l2_br = NULL;
393 }
394
395 if (wpa_s->conf != NULL) {
396 struct wpa_ssid *ssid;
397 for (ssid = wpa_s->conf->ssid; ssid; ssid = ssid->next)
398 wpas_notify_network_removed(wpa_s, ssid);
399 }
400
401 os_free(wpa_s->confname);
402 wpa_s->confname = NULL;
403
404 os_free(wpa_s->confanother);
405 wpa_s->confanother = NULL;
406
407 wpa_sm_set_eapol(wpa_s->wpa, NULL);
408 eapol_sm_deinit(wpa_s->eapol);
409 wpa_s->eapol = NULL;
410
411 rsn_preauth_deinit(wpa_s->wpa);
412
413 #ifdef CONFIG_TDLS
414 wpa_tdls_deinit(wpa_s->wpa);
415 #endif /* CONFIG_TDLS */
416
417 pmksa_candidate_free(wpa_s->wpa);
418 wpa_sm_deinit(wpa_s->wpa);
419 wpa_s->wpa = NULL;
420 wpa_blacklist_clear(wpa_s);
421
422 wpa_bss_deinit(wpa_s);
423
424 wpa_supplicant_cancel_delayed_sched_scan(wpa_s);
425 wpa_supplicant_cancel_scan(wpa_s);
426 wpa_supplicant_cancel_auth_timeout(wpa_s);
427 eloop_cancel_timeout(wpa_supplicant_stop_countermeasures, wpa_s, NULL);
428 #ifdef CONFIG_DELAYED_MIC_ERROR_REPORT
429 eloop_cancel_timeout(wpa_supplicant_delayed_mic_error_report,
430 wpa_s, NULL);
431 #endif /* CONFIG_DELAYED_MIC_ERROR_REPORT */
432
433 wpas_wps_deinit(wpa_s);
434
435 wpabuf_free(wpa_s->pending_eapol_rx);
436 wpa_s->pending_eapol_rx = NULL;
437
438 #ifdef CONFIG_IBSS_RSN
439 ibss_rsn_deinit(wpa_s->ibss_rsn);
440 wpa_s->ibss_rsn = NULL;
441 #endif /* CONFIG_IBSS_RSN */
442
443 sme_deinit(wpa_s);
444
445 #ifdef CONFIG_AP
446 wpa_supplicant_ap_deinit(wpa_s);
447 #endif /* CONFIG_AP */
448
449 #ifdef CONFIG_P2P
450 wpas_p2p_deinit(wpa_s);
451 #endif /* CONFIG_P2P */
452
453 #ifdef CONFIG_OFFCHANNEL
454 offchannel_deinit(wpa_s);
455 #endif /* CONFIG_OFFCHANNEL */
456
457 wpa_supplicant_cancel_sched_scan(wpa_s);
458
459 os_free(wpa_s->next_scan_freqs);
460 wpa_s->next_scan_freqs = NULL;
461
462 gas_query_deinit(wpa_s->gas);
463 wpa_s->gas = NULL;
464
465 free_hw_features(wpa_s);
466
467 os_free(wpa_s->bssid_filter);
468 wpa_s->bssid_filter = NULL;
469
470 os_free(wpa_s->disallow_aps_bssid);
471 wpa_s->disallow_aps_bssid = NULL;
472 os_free(wpa_s->disallow_aps_ssid);
473 wpa_s->disallow_aps_ssid = NULL;
474
475 wnm_bss_keep_alive_deinit(wpa_s);
476 #ifdef CONFIG_WNM
477 wnm_deallocate_memory(wpa_s);
478 #endif /* CONFIG_WNM */
479
480 ext_password_deinit(wpa_s->ext_pw);
481 wpa_s->ext_pw = NULL;
482
483 wpabuf_free(wpa_s->last_gas_resp);
484
485 os_free(wpa_s->last_scan_res);
486 wpa_s->last_scan_res = NULL;
487 }
488
489
490 /**
491 * wpa_clear_keys - Clear keys configured for the driver
492 * @wpa_s: Pointer to wpa_supplicant data
493 * @addr: Previously used BSSID or %NULL if not available
494 *
495 * This function clears the encryption keys that has been previously configured
496 * for the driver.
497 */
wpa_clear_keys(struct wpa_supplicant * wpa_s,const u8 * addr)498 void wpa_clear_keys(struct wpa_supplicant *wpa_s, const u8 *addr)
499 {
500 if (wpa_s->keys_cleared) {
501 /* Some drivers (e.g., ndiswrapper & NDIS drivers) seem to have
502 * timing issues with keys being cleared just before new keys
503 * are set or just after association or something similar. This
504 * shows up in group key handshake failing often because of the
505 * client not receiving the first encrypted packets correctly.
506 * Skipping some of the extra key clearing steps seems to help
507 * in completing group key handshake more reliably. */
508 wpa_dbg(wpa_s, MSG_DEBUG, "No keys have been configured - "
509 "skip key clearing");
510 return;
511 }
512
513 /* MLME-DELETEKEYS.request */
514 wpa_drv_set_key(wpa_s, WPA_ALG_NONE, NULL, 0, 0, NULL, 0, NULL, 0);
515 wpa_drv_set_key(wpa_s, WPA_ALG_NONE, NULL, 1, 0, NULL, 0, NULL, 0);
516 wpa_drv_set_key(wpa_s, WPA_ALG_NONE, NULL, 2, 0, NULL, 0, NULL, 0);
517 wpa_drv_set_key(wpa_s, WPA_ALG_NONE, NULL, 3, 0, NULL, 0, NULL, 0);
518 #ifdef CONFIG_IEEE80211W
519 wpa_drv_set_key(wpa_s, WPA_ALG_NONE, NULL, 4, 0, NULL, 0, NULL, 0);
520 wpa_drv_set_key(wpa_s, WPA_ALG_NONE, NULL, 5, 0, NULL, 0, NULL, 0);
521 #endif /* CONFIG_IEEE80211W */
522 if (addr) {
523 wpa_drv_set_key(wpa_s, WPA_ALG_NONE, addr, 0, 0, NULL, 0, NULL,
524 0);
525 /* MLME-SETPROTECTION.request(None) */
526 wpa_drv_mlme_setprotection(
527 wpa_s, addr,
528 MLME_SETPROTECTION_PROTECT_TYPE_NONE,
529 MLME_SETPROTECTION_KEY_TYPE_PAIRWISE);
530 }
531 wpa_s->keys_cleared = 1;
532 }
533
534
535 /**
536 * wpa_supplicant_state_txt - Get the connection state name as a text string
537 * @state: State (wpa_state; WPA_*)
538 * Returns: The state name as a printable text string
539 */
wpa_supplicant_state_txt(enum wpa_states state)540 const char * wpa_supplicant_state_txt(enum wpa_states state)
541 {
542 switch (state) {
543 case WPA_DISCONNECTED:
544 return "DISCONNECTED";
545 case WPA_INACTIVE:
546 return "INACTIVE";
547 case WPA_INTERFACE_DISABLED:
548 return "INTERFACE_DISABLED";
549 case WPA_SCANNING:
550 return "SCANNING";
551 case WPA_AUTHENTICATING:
552 return "AUTHENTICATING";
553 case WPA_ASSOCIATING:
554 return "ASSOCIATING";
555 case WPA_ASSOCIATED:
556 return "ASSOCIATED";
557 case WPA_4WAY_HANDSHAKE:
558 return "4WAY_HANDSHAKE";
559 case WPA_GROUP_HANDSHAKE:
560 return "GROUP_HANDSHAKE";
561 case WPA_COMPLETED:
562 return "COMPLETED";
563 default:
564 return "UNKNOWN";
565 }
566 }
567
568
569 #ifdef CONFIG_BGSCAN
570
wpa_supplicant_start_bgscan(struct wpa_supplicant * wpa_s)571 static void wpa_supplicant_start_bgscan(struct wpa_supplicant *wpa_s)
572 {
573 if (wpas_driver_bss_selection(wpa_s))
574 return;
575 if (wpa_s->current_ssid == wpa_s->bgscan_ssid)
576 return;
577
578 bgscan_deinit(wpa_s);
579 if (wpa_s->current_ssid && wpa_s->current_ssid->bgscan) {
580 if (bgscan_init(wpa_s, wpa_s->current_ssid)) {
581 wpa_dbg(wpa_s, MSG_DEBUG, "Failed to initialize "
582 "bgscan");
583 /*
584 * Live without bgscan; it is only used as a roaming
585 * optimization, so the initial connection is not
586 * affected.
587 */
588 } else {
589 struct wpa_scan_results *scan_res;
590 wpa_s->bgscan_ssid = wpa_s->current_ssid;
591 scan_res = wpa_supplicant_get_scan_results(wpa_s, NULL,
592 0);
593 if (scan_res) {
594 bgscan_notify_scan(wpa_s, scan_res);
595 wpa_scan_results_free(scan_res);
596 }
597 }
598 } else
599 wpa_s->bgscan_ssid = NULL;
600 }
601
602
wpa_supplicant_stop_bgscan(struct wpa_supplicant * wpa_s)603 static void wpa_supplicant_stop_bgscan(struct wpa_supplicant *wpa_s)
604 {
605 if (wpa_s->bgscan_ssid != NULL) {
606 bgscan_deinit(wpa_s);
607 wpa_s->bgscan_ssid = NULL;
608 }
609 }
610
611 #endif /* CONFIG_BGSCAN */
612
613
wpa_supplicant_start_autoscan(struct wpa_supplicant * wpa_s)614 static void wpa_supplicant_start_autoscan(struct wpa_supplicant *wpa_s)
615 {
616 if (autoscan_init(wpa_s, 0))
617 wpa_dbg(wpa_s, MSG_DEBUG, "Failed to initialize autoscan");
618 }
619
620
wpa_supplicant_stop_autoscan(struct wpa_supplicant * wpa_s)621 static void wpa_supplicant_stop_autoscan(struct wpa_supplicant *wpa_s)
622 {
623 autoscan_deinit(wpa_s);
624 }
625
626
wpa_supplicant_reinit_autoscan(struct wpa_supplicant * wpa_s)627 void wpa_supplicant_reinit_autoscan(struct wpa_supplicant *wpa_s)
628 {
629 if (wpa_s->wpa_state == WPA_DISCONNECTED ||
630 wpa_s->wpa_state == WPA_SCANNING) {
631 autoscan_deinit(wpa_s);
632 wpa_supplicant_start_autoscan(wpa_s);
633 }
634 }
635
636
637 /**
638 * wpa_supplicant_set_state - Set current connection state
639 * @wpa_s: Pointer to wpa_supplicant data
640 * @state: The new connection state
641 *
642 * This function is called whenever the connection state changes, e.g.,
643 * association is completed for WPA/WPA2 4-Way Handshake is started.
644 */
wpa_supplicant_set_state(struct wpa_supplicant * wpa_s,enum wpa_states state)645 void wpa_supplicant_set_state(struct wpa_supplicant *wpa_s,
646 enum wpa_states state)
647 {
648 enum wpa_states old_state = wpa_s->wpa_state;
649
650 wpa_dbg(wpa_s, MSG_DEBUG, "State: %s -> %s",
651 wpa_supplicant_state_txt(wpa_s->wpa_state),
652 wpa_supplicant_state_txt(state));
653
654 #ifdef ANDROID_P2P
655 if(state == WPA_ASSOCIATED && wpa_s->current_ssid) {
656 wpa_s->current_ssid->assoc_retry = 0;
657 }
658 #endif /* ANDROID_P2P */
659
660 if (state != WPA_SCANNING)
661 wpa_supplicant_notify_scanning(wpa_s, 0);
662
663 if (state == WPA_COMPLETED && wpa_s->new_connection) {
664 struct wpa_ssid *ssid = wpa_s->current_ssid;
665 #if defined(CONFIG_CTRL_IFACE) || !defined(CONFIG_NO_STDOUT_DEBUG)
666 wpa_msg(wpa_s, MSG_INFO, WPA_EVENT_CONNECTED "- Connection to "
667 MACSTR " completed (auth) [id=%d id_str=%s]",
668 MAC2STR(wpa_s->bssid),
669 ssid ? ssid->id : -1,
670 ssid && ssid->id_str ? ssid->id_str : "");
671 #endif /* CONFIG_CTRL_IFACE || !CONFIG_NO_STDOUT_DEBUG */
672 wpas_clear_temp_disabled(wpa_s, ssid, 1);
673 wpa_s->extra_blacklist_count = 0;
674 wpa_s->new_connection = 0;
675 wpa_drv_set_operstate(wpa_s, 1);
676 #ifndef IEEE8021X_EAPOL
677 wpa_drv_set_supp_port(wpa_s, 1);
678 #endif /* IEEE8021X_EAPOL */
679 wpa_s->after_wps = 0;
680 #ifdef CONFIG_P2P
681 wpas_p2p_completed(wpa_s);
682 #endif /* CONFIG_P2P */
683
684 sme_sched_obss_scan(wpa_s, 1);
685 } else if (state == WPA_DISCONNECTED || state == WPA_ASSOCIATING ||
686 state == WPA_ASSOCIATED) {
687 wpa_s->new_connection = 1;
688 wpa_drv_set_operstate(wpa_s, 0);
689 #ifndef IEEE8021X_EAPOL
690 wpa_drv_set_supp_port(wpa_s, 0);
691 #endif /* IEEE8021X_EAPOL */
692 sme_sched_obss_scan(wpa_s, 0);
693 }
694 wpa_s->wpa_state = state;
695
696 #ifdef CONFIG_BGSCAN
697 if (state == WPA_COMPLETED)
698 wpa_supplicant_start_bgscan(wpa_s);
699 else
700 wpa_supplicant_stop_bgscan(wpa_s);
701 #endif /* CONFIG_BGSCAN */
702
703 if (state == WPA_AUTHENTICATING)
704 wpa_supplicant_stop_autoscan(wpa_s);
705
706 if (state == WPA_DISCONNECTED || state == WPA_INACTIVE)
707 wpa_supplicant_start_autoscan(wpa_s);
708
709 if (wpa_s->wpa_state != old_state) {
710 wpas_notify_state_changed(wpa_s, wpa_s->wpa_state, old_state);
711
712 if (wpa_s->wpa_state == WPA_COMPLETED ||
713 old_state == WPA_COMPLETED)
714 wpas_notify_auth_changed(wpa_s);
715 }
716 }
717
718
wpa_supplicant_terminate_proc(struct wpa_global * global)719 void wpa_supplicant_terminate_proc(struct wpa_global *global)
720 {
721 int pending = 0;
722 #ifdef CONFIG_WPS
723 struct wpa_supplicant *wpa_s = global->ifaces;
724 while (wpa_s) {
725 if (wpas_wps_terminate_pending(wpa_s) == 1)
726 pending = 1;
727 wpa_s = wpa_s->next;
728 }
729 #endif /* CONFIG_WPS */
730 if (pending)
731 return;
732 eloop_terminate();
733 }
734
735
wpa_supplicant_terminate(int sig,void * signal_ctx)736 static void wpa_supplicant_terminate(int sig, void *signal_ctx)
737 {
738 struct wpa_global *global = signal_ctx;
739 wpa_supplicant_terminate_proc(global);
740 }
741
742
wpa_supplicant_clear_status(struct wpa_supplicant * wpa_s)743 void wpa_supplicant_clear_status(struct wpa_supplicant *wpa_s)
744 {
745 enum wpa_states old_state = wpa_s->wpa_state;
746
747 wpa_s->pairwise_cipher = 0;
748 wpa_s->group_cipher = 0;
749 wpa_s->mgmt_group_cipher = 0;
750 wpa_s->key_mgmt = 0;
751 if (wpa_s->wpa_state != WPA_INTERFACE_DISABLED)
752 wpa_supplicant_set_state(wpa_s, WPA_DISCONNECTED);
753
754 if (wpa_s->wpa_state != old_state)
755 wpas_notify_state_changed(wpa_s, wpa_s->wpa_state, old_state);
756 }
757
758
759 /**
760 * wpa_supplicant_reload_configuration - Reload configuration data
761 * @wpa_s: Pointer to wpa_supplicant data
762 * Returns: 0 on success or -1 if configuration parsing failed
763 *
764 * This function can be used to request that the configuration data is reloaded
765 * (e.g., after configuration file change). This function is reloading
766 * configuration only for one interface, so this may need to be called multiple
767 * times if %wpa_supplicant is controlling multiple interfaces and all
768 * interfaces need reconfiguration.
769 */
wpa_supplicant_reload_configuration(struct wpa_supplicant * wpa_s)770 int wpa_supplicant_reload_configuration(struct wpa_supplicant *wpa_s)
771 {
772 struct wpa_config *conf;
773 int reconf_ctrl;
774 int old_ap_scan;
775
776 if (wpa_s->confname == NULL)
777 return -1;
778 conf = wpa_config_read(wpa_s->confname, NULL);
779 if (conf == NULL) {
780 wpa_msg(wpa_s, MSG_ERROR, "Failed to parse the configuration "
781 "file '%s' - exiting", wpa_s->confname);
782 return -1;
783 }
784 wpa_config_read(wpa_s->confanother, conf);
785
786 conf->changed_parameters = (unsigned int) -1;
787
788 reconf_ctrl = !!conf->ctrl_interface != !!wpa_s->conf->ctrl_interface
789 || (conf->ctrl_interface && wpa_s->conf->ctrl_interface &&
790 os_strcmp(conf->ctrl_interface,
791 wpa_s->conf->ctrl_interface) != 0);
792
793 if (reconf_ctrl && wpa_s->ctrl_iface) {
794 wpa_supplicant_ctrl_iface_deinit(wpa_s->ctrl_iface);
795 wpa_s->ctrl_iface = NULL;
796 }
797
798 eapol_sm_invalidate_cached_session(wpa_s->eapol);
799 if (wpa_s->current_ssid) {
800 wpa_supplicant_deauthenticate(wpa_s,
801 WLAN_REASON_DEAUTH_LEAVING);
802 }
803
804 /*
805 * TODO: should notify EAPOL SM about changes in opensc_engine_path,
806 * pkcs11_engine_path, pkcs11_module_path.
807 */
808 if (wpa_key_mgmt_wpa_psk(wpa_s->key_mgmt)) {
809 /*
810 * Clear forced success to clear EAP state for next
811 * authentication.
812 */
813 eapol_sm_notify_eap_success(wpa_s->eapol, FALSE);
814 }
815 eapol_sm_notify_config(wpa_s->eapol, NULL, NULL);
816 wpa_sm_set_config(wpa_s->wpa, NULL);
817 wpa_sm_pmksa_cache_flush(wpa_s->wpa, NULL);
818 wpa_sm_set_fast_reauth(wpa_s->wpa, wpa_s->conf->fast_reauth);
819 rsn_preauth_deinit(wpa_s->wpa);
820
821 old_ap_scan = wpa_s->conf->ap_scan;
822 wpa_config_free(wpa_s->conf);
823 wpa_s->conf = conf;
824 if (old_ap_scan != wpa_s->conf->ap_scan)
825 wpas_notify_ap_scan_changed(wpa_s);
826
827 if (reconf_ctrl)
828 wpa_s->ctrl_iface = wpa_supplicant_ctrl_iface_init(wpa_s);
829
830 wpa_supplicant_update_config(wpa_s);
831
832 wpa_supplicant_clear_status(wpa_s);
833 if (wpa_supplicant_enabled_networks(wpa_s)) {
834 wpa_s->reassociate = 1;
835 wpa_supplicant_req_scan(wpa_s, 0, 0);
836 }
837 wpa_dbg(wpa_s, MSG_DEBUG, "Reconfiguration completed");
838 return 0;
839 }
840
841
wpa_supplicant_reconfig(int sig,void * signal_ctx)842 static void wpa_supplicant_reconfig(int sig, void *signal_ctx)
843 {
844 struct wpa_global *global = signal_ctx;
845 struct wpa_supplicant *wpa_s;
846 for (wpa_s = global->ifaces; wpa_s; wpa_s = wpa_s->next) {
847 wpa_dbg(wpa_s, MSG_DEBUG, "Signal %d received - reconfiguring",
848 sig);
849 if (wpa_supplicant_reload_configuration(wpa_s) < 0) {
850 wpa_supplicant_terminate_proc(global);
851 }
852 }
853 }
854
855
key_mgmt2driver(int key_mgmt)856 enum wpa_key_mgmt key_mgmt2driver(int key_mgmt)
857 {
858 switch (key_mgmt) {
859 case WPA_KEY_MGMT_NONE:
860 return KEY_MGMT_NONE;
861 case WPA_KEY_MGMT_IEEE8021X_NO_WPA:
862 return KEY_MGMT_802_1X_NO_WPA;
863 case WPA_KEY_MGMT_IEEE8021X:
864 return KEY_MGMT_802_1X;
865 case WPA_KEY_MGMT_WPA_NONE:
866 return KEY_MGMT_WPA_NONE;
867 case WPA_KEY_MGMT_FT_IEEE8021X:
868 return KEY_MGMT_FT_802_1X;
869 case WPA_KEY_MGMT_FT_PSK:
870 return KEY_MGMT_FT_PSK;
871 case WPA_KEY_MGMT_IEEE8021X_SHA256:
872 return KEY_MGMT_802_1X_SHA256;
873 case WPA_KEY_MGMT_PSK_SHA256:
874 return KEY_MGMT_PSK_SHA256;
875 case WPA_KEY_MGMT_WPS:
876 return KEY_MGMT_WPS;
877 case WPA_KEY_MGMT_PSK:
878 default:
879 return KEY_MGMT_PSK;
880 }
881 }
882
883
wpa_supplicant_suites_from_ai(struct wpa_supplicant * wpa_s,struct wpa_ssid * ssid,struct wpa_ie_data * ie)884 static int wpa_supplicant_suites_from_ai(struct wpa_supplicant *wpa_s,
885 struct wpa_ssid *ssid,
886 struct wpa_ie_data *ie)
887 {
888 int ret = wpa_sm_parse_own_wpa_ie(wpa_s->wpa, ie);
889 if (ret) {
890 if (ret == -2) {
891 wpa_msg(wpa_s, MSG_INFO, "WPA: Failed to parse WPA IE "
892 "from association info");
893 }
894 return -1;
895 }
896
897 wpa_dbg(wpa_s, MSG_DEBUG, "WPA: Using WPA IE from AssocReq to set "
898 "cipher suites");
899 if (!(ie->group_cipher & ssid->group_cipher)) {
900 wpa_msg(wpa_s, MSG_INFO, "WPA: Driver used disabled group "
901 "cipher 0x%x (mask 0x%x) - reject",
902 ie->group_cipher, ssid->group_cipher);
903 return -1;
904 }
905 if (!(ie->pairwise_cipher & ssid->pairwise_cipher)) {
906 wpa_msg(wpa_s, MSG_INFO, "WPA: Driver used disabled pairwise "
907 "cipher 0x%x (mask 0x%x) - reject",
908 ie->pairwise_cipher, ssid->pairwise_cipher);
909 return -1;
910 }
911 if (!(ie->key_mgmt & ssid->key_mgmt)) {
912 wpa_msg(wpa_s, MSG_INFO, "WPA: Driver used disabled key "
913 "management 0x%x (mask 0x%x) - reject",
914 ie->key_mgmt, ssid->key_mgmt);
915 return -1;
916 }
917
918 #ifdef CONFIG_IEEE80211W
919 if (!(ie->capabilities & WPA_CAPABILITY_MFPC) &&
920 (ssid->ieee80211w == MGMT_FRAME_PROTECTION_DEFAULT ?
921 wpa_s->conf->pmf : ssid->ieee80211w) ==
922 MGMT_FRAME_PROTECTION_REQUIRED) {
923 wpa_msg(wpa_s, MSG_INFO, "WPA: Driver associated with an AP "
924 "that does not support management frame protection - "
925 "reject");
926 return -1;
927 }
928 #endif /* CONFIG_IEEE80211W */
929
930 return 0;
931 }
932
933
934 /**
935 * wpa_supplicant_set_suites - Set authentication and encryption parameters
936 * @wpa_s: Pointer to wpa_supplicant data
937 * @bss: Scan results for the selected BSS, or %NULL if not available
938 * @ssid: Configuration data for the selected network
939 * @wpa_ie: Buffer for the WPA/RSN IE
940 * @wpa_ie_len: Maximum wpa_ie buffer size on input. This is changed to be the
941 * used buffer length in case the functions returns success.
942 * Returns: 0 on success or -1 on failure
943 *
944 * This function is used to configure authentication and encryption parameters
945 * based on the network configuration and scan result for the selected BSS (if
946 * available).
947 */
wpa_supplicant_set_suites(struct wpa_supplicant * wpa_s,struct wpa_bss * bss,struct wpa_ssid * ssid,u8 * wpa_ie,size_t * wpa_ie_len)948 int wpa_supplicant_set_suites(struct wpa_supplicant *wpa_s,
949 struct wpa_bss *bss, struct wpa_ssid *ssid,
950 u8 *wpa_ie, size_t *wpa_ie_len)
951 {
952 struct wpa_ie_data ie;
953 int sel, proto;
954 const u8 *bss_wpa, *bss_rsn;
955
956 if (bss) {
957 bss_wpa = wpa_bss_get_vendor_ie(bss, WPA_IE_VENDOR_TYPE);
958 bss_rsn = wpa_bss_get_ie(bss, WLAN_EID_RSN);
959 } else
960 bss_wpa = bss_rsn = NULL;
961
962 if (bss_rsn && (ssid->proto & WPA_PROTO_RSN) &&
963 wpa_parse_wpa_ie(bss_rsn, 2 + bss_rsn[1], &ie) == 0 &&
964 (ie.group_cipher & ssid->group_cipher) &&
965 (ie.pairwise_cipher & ssid->pairwise_cipher) &&
966 (ie.key_mgmt & ssid->key_mgmt)) {
967 wpa_dbg(wpa_s, MSG_DEBUG, "RSN: using IEEE 802.11i/D9.0");
968 proto = WPA_PROTO_RSN;
969 } else if (bss_wpa && (ssid->proto & WPA_PROTO_WPA) &&
970 wpa_parse_wpa_ie(bss_wpa, 2 +bss_wpa[1], &ie) == 0 &&
971 (ie.group_cipher & ssid->group_cipher) &&
972 (ie.pairwise_cipher & ssid->pairwise_cipher) &&
973 (ie.key_mgmt & ssid->key_mgmt)) {
974 wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using IEEE 802.11i/D3.0");
975 proto = WPA_PROTO_WPA;
976 } else if (bss) {
977 wpa_msg(wpa_s, MSG_WARNING, "WPA: Failed to select WPA/RSN");
978 return -1;
979 } else {
980 if (ssid->proto & WPA_PROTO_RSN)
981 proto = WPA_PROTO_RSN;
982 else
983 proto = WPA_PROTO_WPA;
984 if (wpa_supplicant_suites_from_ai(wpa_s, ssid, &ie) < 0) {
985 os_memset(&ie, 0, sizeof(ie));
986 ie.group_cipher = ssid->group_cipher;
987 ie.pairwise_cipher = ssid->pairwise_cipher;
988 ie.key_mgmt = ssid->key_mgmt;
989 #ifdef CONFIG_IEEE80211W
990 ie.mgmt_group_cipher =
991 ssid->ieee80211w != NO_MGMT_FRAME_PROTECTION ?
992 WPA_CIPHER_AES_128_CMAC : 0;
993 #endif /* CONFIG_IEEE80211W */
994 wpa_dbg(wpa_s, MSG_DEBUG, "WPA: Set cipher suites "
995 "based on configuration");
996 } else
997 proto = ie.proto;
998 }
999
1000 wpa_dbg(wpa_s, MSG_DEBUG, "WPA: Selected cipher suites: group %d "
1001 "pairwise %d key_mgmt %d proto %d",
1002 ie.group_cipher, ie.pairwise_cipher, ie.key_mgmt, proto);
1003 #ifdef CONFIG_IEEE80211W
1004 if (ssid->ieee80211w) {
1005 wpa_dbg(wpa_s, MSG_DEBUG, "WPA: Selected mgmt group cipher %d",
1006 ie.mgmt_group_cipher);
1007 }
1008 #endif /* CONFIG_IEEE80211W */
1009
1010 wpa_s->wpa_proto = proto;
1011 wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_PROTO, proto);
1012 wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_RSN_ENABLED,
1013 !!(ssid->proto & WPA_PROTO_RSN));
1014
1015 if (bss || !wpa_s->ap_ies_from_associnfo) {
1016 if (wpa_sm_set_ap_wpa_ie(wpa_s->wpa, bss_wpa,
1017 bss_wpa ? 2 + bss_wpa[1] : 0) ||
1018 wpa_sm_set_ap_rsn_ie(wpa_s->wpa, bss_rsn,
1019 bss_rsn ? 2 + bss_rsn[1] : 0))
1020 return -1;
1021 }
1022
1023 sel = ie.group_cipher & ssid->group_cipher;
1024 wpa_s->group_cipher = wpa_pick_group_cipher(sel);
1025 if (wpa_s->group_cipher < 0) {
1026 wpa_msg(wpa_s, MSG_WARNING, "WPA: Failed to select group "
1027 "cipher");
1028 return -1;
1029 }
1030 wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using GTK %s",
1031 wpa_cipher_txt(wpa_s->group_cipher));
1032
1033 sel = ie.pairwise_cipher & ssid->pairwise_cipher;
1034 wpa_s->pairwise_cipher = wpa_pick_pairwise_cipher(sel, 1);
1035 if (wpa_s->pairwise_cipher < 0) {
1036 wpa_msg(wpa_s, MSG_WARNING, "WPA: Failed to select pairwise "
1037 "cipher");
1038 return -1;
1039 }
1040 wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using PTK %s",
1041 wpa_cipher_txt(wpa_s->pairwise_cipher));
1042
1043 sel = ie.key_mgmt & ssid->key_mgmt;
1044 #ifdef CONFIG_SAE
1045 if (!(wpa_s->drv_flags & WPA_DRIVER_FLAGS_SAE))
1046 sel &= ~(WPA_KEY_MGMT_SAE | WPA_KEY_MGMT_FT_SAE);
1047 #endif /* CONFIG_SAE */
1048 if (0) {
1049 #ifdef CONFIG_IEEE80211R
1050 } else if (sel & WPA_KEY_MGMT_FT_IEEE8021X) {
1051 wpa_s->key_mgmt = WPA_KEY_MGMT_FT_IEEE8021X;
1052 wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using KEY_MGMT FT/802.1X");
1053 } else if (sel & WPA_KEY_MGMT_FT_PSK) {
1054 wpa_s->key_mgmt = WPA_KEY_MGMT_FT_PSK;
1055 wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using KEY_MGMT FT/PSK");
1056 #endif /* CONFIG_IEEE80211R */
1057 #ifdef CONFIG_SAE
1058 } else if (sel & WPA_KEY_MGMT_SAE) {
1059 wpa_s->key_mgmt = WPA_KEY_MGMT_SAE;
1060 wpa_dbg(wpa_s, MSG_DEBUG, "RSN: using KEY_MGMT SAE");
1061 } else if (sel & WPA_KEY_MGMT_FT_SAE) {
1062 wpa_s->key_mgmt = WPA_KEY_MGMT_FT_SAE;
1063 wpa_dbg(wpa_s, MSG_DEBUG, "RSN: using KEY_MGMT FT/SAE");
1064 #endif /* CONFIG_SAE */
1065 #ifdef CONFIG_IEEE80211W
1066 } else if (sel & WPA_KEY_MGMT_IEEE8021X_SHA256) {
1067 wpa_s->key_mgmt = WPA_KEY_MGMT_IEEE8021X_SHA256;
1068 wpa_dbg(wpa_s, MSG_DEBUG,
1069 "WPA: using KEY_MGMT 802.1X with SHA256");
1070 } else if (sel & WPA_KEY_MGMT_PSK_SHA256) {
1071 wpa_s->key_mgmt = WPA_KEY_MGMT_PSK_SHA256;
1072 wpa_dbg(wpa_s, MSG_DEBUG,
1073 "WPA: using KEY_MGMT PSK with SHA256");
1074 #endif /* CONFIG_IEEE80211W */
1075 } else if (sel & WPA_KEY_MGMT_IEEE8021X) {
1076 wpa_s->key_mgmt = WPA_KEY_MGMT_IEEE8021X;
1077 wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using KEY_MGMT 802.1X");
1078 } else if (sel & WPA_KEY_MGMT_PSK) {
1079 wpa_s->key_mgmt = WPA_KEY_MGMT_PSK;
1080 wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using KEY_MGMT WPA-PSK");
1081 } else if (sel & WPA_KEY_MGMT_WPA_NONE) {
1082 wpa_s->key_mgmt = WPA_KEY_MGMT_WPA_NONE;
1083 wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using KEY_MGMT WPA-NONE");
1084 } else {
1085 wpa_msg(wpa_s, MSG_WARNING, "WPA: Failed to select "
1086 "authenticated key management type");
1087 return -1;
1088 }
1089
1090 wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_KEY_MGMT, wpa_s->key_mgmt);
1091 wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_PAIRWISE,
1092 wpa_s->pairwise_cipher);
1093 wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_GROUP, wpa_s->group_cipher);
1094
1095 #ifdef CONFIG_IEEE80211W
1096 sel = ie.mgmt_group_cipher;
1097 if ((ssid->ieee80211w == MGMT_FRAME_PROTECTION_DEFAULT ?
1098 wpa_s->conf->pmf : ssid->ieee80211w) == NO_MGMT_FRAME_PROTECTION ||
1099 !(ie.capabilities & WPA_CAPABILITY_MFPC))
1100 sel = 0;
1101 if (sel & WPA_CIPHER_AES_128_CMAC) {
1102 wpa_s->mgmt_group_cipher = WPA_CIPHER_AES_128_CMAC;
1103 wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using MGMT group cipher "
1104 "AES-128-CMAC");
1105 } else {
1106 wpa_s->mgmt_group_cipher = 0;
1107 wpa_dbg(wpa_s, MSG_DEBUG, "WPA: not using MGMT group cipher");
1108 }
1109 wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_MGMT_GROUP,
1110 wpa_s->mgmt_group_cipher);
1111 wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_MFP,
1112 (ssid->ieee80211w == MGMT_FRAME_PROTECTION_DEFAULT ?
1113 wpa_s->conf->pmf : ssid->ieee80211w));
1114 #endif /* CONFIG_IEEE80211W */
1115
1116 if (wpa_sm_set_assoc_wpa_ie_default(wpa_s->wpa, wpa_ie, wpa_ie_len)) {
1117 wpa_msg(wpa_s, MSG_WARNING, "WPA: Failed to generate WPA IE");
1118 return -1;
1119 }
1120
1121 if (wpa_key_mgmt_wpa_psk(ssid->key_mgmt)) {
1122 wpa_sm_set_pmk(wpa_s->wpa, ssid->psk, PMK_LEN);
1123 #ifndef CONFIG_NO_PBKDF2
1124 if (bss && ssid->bssid_set && ssid->ssid_len == 0 &&
1125 ssid->passphrase) {
1126 u8 psk[PMK_LEN];
1127 pbkdf2_sha1(ssid->passphrase, bss->ssid, bss->ssid_len,
1128 4096, psk, PMK_LEN);
1129 wpa_hexdump_key(MSG_MSGDUMP, "PSK (from passphrase)",
1130 psk, PMK_LEN);
1131 wpa_sm_set_pmk(wpa_s->wpa, psk, PMK_LEN);
1132 }
1133 #endif /* CONFIG_NO_PBKDF2 */
1134 #ifdef CONFIG_EXT_PASSWORD
1135 if (ssid->ext_psk) {
1136 struct wpabuf *pw = ext_password_get(wpa_s->ext_pw,
1137 ssid->ext_psk);
1138 char pw_str[64 + 1];
1139 u8 psk[PMK_LEN];
1140
1141 if (pw == NULL) {
1142 wpa_msg(wpa_s, MSG_INFO, "EXT PW: No PSK "
1143 "found from external storage");
1144 return -1;
1145 }
1146
1147 if (wpabuf_len(pw) < 8 || wpabuf_len(pw) > 64) {
1148 wpa_msg(wpa_s, MSG_INFO, "EXT PW: Unexpected "
1149 "PSK length %d in external storage",
1150 (int) wpabuf_len(pw));
1151 ext_password_free(pw);
1152 return -1;
1153 }
1154
1155 os_memcpy(pw_str, wpabuf_head(pw), wpabuf_len(pw));
1156 pw_str[wpabuf_len(pw)] = '\0';
1157
1158 #ifndef CONFIG_NO_PBKDF2
1159 if (wpabuf_len(pw) >= 8 && wpabuf_len(pw) < 64 && bss)
1160 {
1161 pbkdf2_sha1(pw_str, bss->ssid, bss->ssid_len,
1162 4096, psk, PMK_LEN);
1163 os_memset(pw_str, 0, sizeof(pw_str));
1164 wpa_hexdump_key(MSG_MSGDUMP, "PSK (from "
1165 "external passphrase)",
1166 psk, PMK_LEN);
1167 wpa_sm_set_pmk(wpa_s->wpa, psk, PMK_LEN);
1168 } else
1169 #endif /* CONFIG_NO_PBKDF2 */
1170 if (wpabuf_len(pw) == 2 * PMK_LEN) {
1171 if (hexstr2bin(pw_str, psk, PMK_LEN) < 0) {
1172 wpa_msg(wpa_s, MSG_INFO, "EXT PW: "
1173 "Invalid PSK hex string");
1174 os_memset(pw_str, 0, sizeof(pw_str));
1175 ext_password_free(pw);
1176 return -1;
1177 }
1178 wpa_sm_set_pmk(wpa_s->wpa, psk, PMK_LEN);
1179 } else {
1180 wpa_msg(wpa_s, MSG_INFO, "EXT PW: No suitable "
1181 "PSK available");
1182 os_memset(pw_str, 0, sizeof(pw_str));
1183 ext_password_free(pw);
1184 return -1;
1185 }
1186
1187 os_memset(pw_str, 0, sizeof(pw_str));
1188 ext_password_free(pw);
1189 }
1190 #endif /* CONFIG_EXT_PASSWORD */
1191 } else
1192 wpa_sm_set_pmk_from_pmksa(wpa_s->wpa);
1193
1194 return 0;
1195 }
1196
1197
wpas_ext_capab_byte(struct wpa_supplicant * wpa_s,u8 * pos,int idx)1198 static void wpas_ext_capab_byte(struct wpa_supplicant *wpa_s, u8 *pos, int idx)
1199 {
1200 *pos = 0x00;
1201
1202 switch (idx) {
1203 case 0: /* Bits 0-7 */
1204 break;
1205 case 1: /* Bits 8-15 */
1206 break;
1207 case 2: /* Bits 16-23 */
1208 #ifdef CONFIG_WNM
1209 *pos |= 0x02; /* Bit 17 - WNM-Sleep Mode */
1210 *pos |= 0x08; /* Bit 19 - BSS Transition */
1211 #endif /* CONFIG_WNM */
1212 break;
1213 case 3: /* Bits 24-31 */
1214 #ifdef CONFIG_WNM
1215 *pos |= 0x02; /* Bit 25 - SSID List */
1216 #endif /* CONFIG_WNM */
1217 #ifdef CONFIG_INTERWORKING
1218 if (wpa_s->conf->interworking)
1219 *pos |= 0x80; /* Bit 31 - Interworking */
1220 #endif /* CONFIG_INTERWORKING */
1221 break;
1222 case 4: /* Bits 32-39 */
1223 break;
1224 case 5: /* Bits 40-47 */
1225 break;
1226 case 6: /* Bits 48-55 */
1227 break;
1228 }
1229 }
1230
1231
wpas_build_ext_capab(struct wpa_supplicant * wpa_s,u8 * buf)1232 int wpas_build_ext_capab(struct wpa_supplicant *wpa_s, u8 *buf)
1233 {
1234 u8 *pos = buf;
1235 u8 len = 4, i;
1236
1237 if (len < wpa_s->extended_capa_len)
1238 len = wpa_s->extended_capa_len;
1239
1240 *pos++ = WLAN_EID_EXT_CAPAB;
1241 *pos++ = len;
1242 for (i = 0; i < len; i++, pos++) {
1243 wpas_ext_capab_byte(wpa_s, pos, i);
1244
1245 if (i < wpa_s->extended_capa_len) {
1246 *pos &= ~wpa_s->extended_capa_mask[i];
1247 *pos |= wpa_s->extended_capa[i];
1248 }
1249 }
1250
1251 while (len > 0 && buf[1 + len] == 0) {
1252 len--;
1253 buf[1] = len;
1254 }
1255 if (len == 0)
1256 return 0;
1257
1258 return 2 + len;
1259 }
1260
1261
1262 /**
1263 * wpa_supplicant_associate - Request association
1264 * @wpa_s: Pointer to wpa_supplicant data
1265 * @bss: Scan results for the selected BSS, or %NULL if not available
1266 * @ssid: Configuration data for the selected network
1267 *
1268 * This function is used to request %wpa_supplicant to associate with a BSS.
1269 */
wpa_supplicant_associate(struct wpa_supplicant * wpa_s,struct wpa_bss * bss,struct wpa_ssid * ssid)1270 void wpa_supplicant_associate(struct wpa_supplicant *wpa_s,
1271 struct wpa_bss *bss, struct wpa_ssid *ssid)
1272 {
1273 u8 wpa_ie[200];
1274 size_t wpa_ie_len;
1275 int use_crypt, ret, i, bssid_changed;
1276 int algs = WPA_AUTH_ALG_OPEN;
1277 enum wpa_cipher cipher_pairwise, cipher_group;
1278 struct wpa_driver_associate_params params;
1279 int wep_keys_set = 0;
1280 int assoc_failed = 0;
1281 struct wpa_ssid *old_ssid;
1282 u8 ext_capab[10];
1283 int ext_capab_len;
1284 #ifdef CONFIG_HT_OVERRIDES
1285 struct ieee80211_ht_capabilities htcaps;
1286 struct ieee80211_ht_capabilities htcaps_mask;
1287 #endif /* CONFIG_HT_OVERRIDES */
1288
1289 #ifdef CONFIG_IBSS_RSN
1290 ibss_rsn_deinit(wpa_s->ibss_rsn);
1291 wpa_s->ibss_rsn = NULL;
1292 #endif /* CONFIG_IBSS_RSN */
1293 #ifdef ANDROID_P2P
1294 int freq = 0;
1295 #endif
1296
1297 if (ssid->mode == WPAS_MODE_AP || ssid->mode == WPAS_MODE_P2P_GO ||
1298 ssid->mode == WPAS_MODE_P2P_GROUP_FORMATION) {
1299 #ifdef CONFIG_AP
1300 if (!(wpa_s->drv_flags & WPA_DRIVER_FLAGS_AP)) {
1301 wpa_msg(wpa_s, MSG_INFO, "Driver does not support AP "
1302 "mode");
1303 return;
1304 }
1305 if (wpa_supplicant_create_ap(wpa_s, ssid) < 0) {
1306 wpa_supplicant_set_state(wpa_s, WPA_DISCONNECTED);
1307 if (ssid->mode == WPAS_MODE_P2P_GROUP_FORMATION)
1308 wpas_p2p_ap_setup_failed(wpa_s);
1309 return;
1310 }
1311 wpa_s->current_bss = bss;
1312 #else /* CONFIG_AP */
1313 wpa_msg(wpa_s, MSG_ERROR, "AP mode support not included in "
1314 "the build");
1315 #endif /* CONFIG_AP */
1316 return;
1317 }
1318
1319 #ifdef CONFIG_TDLS
1320 if (bss)
1321 wpa_tdls_ap_ies(wpa_s->wpa, (const u8 *) (bss + 1),
1322 bss->ie_len);
1323 #endif /* CONFIG_TDLS */
1324
1325 if ((wpa_s->drv_flags & WPA_DRIVER_FLAGS_SME) &&
1326 ssid->mode == IEEE80211_MODE_INFRA) {
1327 sme_authenticate(wpa_s, bss, ssid);
1328 return;
1329 }
1330
1331 os_memset(¶ms, 0, sizeof(params));
1332 wpa_s->reassociate = 0;
1333 if (bss && !wpas_driver_bss_selection(wpa_s)) {
1334 #ifdef CONFIG_IEEE80211R
1335 const u8 *ie, *md = NULL;
1336 #endif /* CONFIG_IEEE80211R */
1337 wpa_msg(wpa_s, MSG_INFO, "Trying to associate with " MACSTR
1338 " (SSID='%s' freq=%d MHz)", MAC2STR(bss->bssid),
1339 wpa_ssid_txt(bss->ssid, bss->ssid_len), bss->freq);
1340 bssid_changed = !is_zero_ether_addr(wpa_s->bssid);
1341 os_memset(wpa_s->bssid, 0, ETH_ALEN);
1342 os_memcpy(wpa_s->pending_bssid, bss->bssid, ETH_ALEN);
1343 if (bssid_changed)
1344 wpas_notify_bssid_changed(wpa_s);
1345 #ifdef CONFIG_IEEE80211R
1346 ie = wpa_bss_get_ie(bss, WLAN_EID_MOBILITY_DOMAIN);
1347 if (ie && ie[1] >= MOBILITY_DOMAIN_ID_LEN)
1348 md = ie + 2;
1349 wpa_sm_set_ft_params(wpa_s->wpa, ie, ie ? 2 + ie[1] : 0);
1350 if (md) {
1351 /* Prepare for the next transition */
1352 wpa_ft_prepare_auth_request(wpa_s->wpa, ie);
1353 }
1354 #endif /* CONFIG_IEEE80211R */
1355 #ifdef CONFIG_WPS
1356 } else if ((ssid->ssid == NULL || ssid->ssid_len == 0) &&
1357 wpa_s->conf->ap_scan == 2 &&
1358 (ssid->key_mgmt & WPA_KEY_MGMT_WPS)) {
1359 /* Use ap_scan==1 style network selection to find the network
1360 */
1361 wpa_s->scan_req = MANUAL_SCAN_REQ;
1362 wpa_s->reassociate = 1;
1363 wpa_supplicant_req_scan(wpa_s, 0, 0);
1364 return;
1365 #endif /* CONFIG_WPS */
1366 } else {
1367 wpa_msg(wpa_s, MSG_INFO, "Trying to associate with SSID '%s'",
1368 wpa_ssid_txt(ssid->ssid, ssid->ssid_len));
1369 os_memset(wpa_s->pending_bssid, 0, ETH_ALEN);
1370 }
1371 wpa_supplicant_cancel_sched_scan(wpa_s);
1372 wpa_supplicant_cancel_scan(wpa_s);
1373
1374 /* Starting new association, so clear the possibly used WPA IE from the
1375 * previous association. */
1376 wpa_sm_set_assoc_wpa_ie(wpa_s->wpa, NULL, 0);
1377
1378 #ifdef IEEE8021X_EAPOL
1379 if (ssid->key_mgmt & WPA_KEY_MGMT_IEEE8021X_NO_WPA) {
1380 if (ssid->leap) {
1381 if (ssid->non_leap == 0)
1382 algs = WPA_AUTH_ALG_LEAP;
1383 else
1384 algs |= WPA_AUTH_ALG_LEAP;
1385 }
1386 }
1387 #endif /* IEEE8021X_EAPOL */
1388 wpa_dbg(wpa_s, MSG_DEBUG, "Automatic auth_alg selection: 0x%x", algs);
1389 if (ssid->auth_alg) {
1390 algs = ssid->auth_alg;
1391 wpa_dbg(wpa_s, MSG_DEBUG, "Overriding auth_alg selection: "
1392 "0x%x", algs);
1393 }
1394
1395 if (bss && (wpa_bss_get_vendor_ie(bss, WPA_IE_VENDOR_TYPE) ||
1396 wpa_bss_get_ie(bss, WLAN_EID_RSN)) &&
1397 wpa_key_mgmt_wpa(ssid->key_mgmt)) {
1398 int try_opportunistic;
1399 try_opportunistic = (ssid->proactive_key_caching < 0 ?
1400 wpa_s->conf->okc :
1401 ssid->proactive_key_caching) &&
1402 (ssid->proto & WPA_PROTO_RSN);
1403 if (pmksa_cache_set_current(wpa_s->wpa, NULL, bss->bssid,
1404 ssid, try_opportunistic) == 0)
1405 eapol_sm_notify_pmkid_attempt(wpa_s->eapol, 1);
1406 wpa_ie_len = sizeof(wpa_ie);
1407 if (wpa_supplicant_set_suites(wpa_s, bss, ssid,
1408 wpa_ie, &wpa_ie_len)) {
1409 wpa_msg(wpa_s, MSG_WARNING, "WPA: Failed to set WPA "
1410 "key management and encryption suites");
1411 return;
1412 }
1413 } else if ((ssid->key_mgmt & WPA_KEY_MGMT_IEEE8021X_NO_WPA) && bss &&
1414 wpa_key_mgmt_wpa_ieee8021x(ssid->key_mgmt)) {
1415 /*
1416 * Both WPA and non-WPA IEEE 802.1X enabled in configuration -
1417 * use non-WPA since the scan results did not indicate that the
1418 * AP is using WPA or WPA2.
1419 */
1420 wpa_supplicant_set_non_wpa_policy(wpa_s, ssid);
1421 wpa_ie_len = 0;
1422 wpa_s->wpa_proto = 0;
1423 } else if (wpa_key_mgmt_wpa_any(ssid->key_mgmt)) {
1424 wpa_ie_len = sizeof(wpa_ie);
1425 if (wpa_supplicant_set_suites(wpa_s, NULL, ssid,
1426 wpa_ie, &wpa_ie_len)) {
1427 wpa_msg(wpa_s, MSG_WARNING, "WPA: Failed to set WPA "
1428 "key management and encryption suites (no "
1429 "scan results)");
1430 return;
1431 }
1432 #ifdef CONFIG_WPS
1433 } else if (ssid->key_mgmt & WPA_KEY_MGMT_WPS) {
1434 struct wpabuf *wps_ie;
1435 wps_ie = wps_build_assoc_req_ie(wpas_wps_get_req_type(ssid));
1436 if (wps_ie && wpabuf_len(wps_ie) <= sizeof(wpa_ie)) {
1437 wpa_ie_len = wpabuf_len(wps_ie);
1438 os_memcpy(wpa_ie, wpabuf_head(wps_ie), wpa_ie_len);
1439 } else
1440 wpa_ie_len = 0;
1441 wpabuf_free(wps_ie);
1442 wpa_supplicant_set_non_wpa_policy(wpa_s, ssid);
1443 if (!bss || (bss->caps & IEEE80211_CAP_PRIVACY))
1444 params.wps = WPS_MODE_PRIVACY;
1445 else
1446 params.wps = WPS_MODE_OPEN;
1447 wpa_s->wpa_proto = 0;
1448 #endif /* CONFIG_WPS */
1449 } else {
1450 wpa_supplicant_set_non_wpa_policy(wpa_s, ssid);
1451 wpa_ie_len = 0;
1452 wpa_s->wpa_proto = 0;
1453 }
1454
1455 #ifdef CONFIG_P2P
1456 if (wpa_s->global->p2p) {
1457 u8 *pos;
1458 size_t len;
1459 int res;
1460 pos = wpa_ie + wpa_ie_len;
1461 len = sizeof(wpa_ie) - wpa_ie_len;
1462 res = wpas_p2p_assoc_req_ie(wpa_s, bss, pos, len,
1463 ssid->p2p_group);
1464 if (res >= 0)
1465 wpa_ie_len += res;
1466 }
1467
1468 wpa_s->cross_connect_disallowed = 0;
1469 if (bss) {
1470 struct wpabuf *p2p;
1471 p2p = wpa_bss_get_vendor_ie_multi(bss, P2P_IE_VENDOR_TYPE);
1472 if (p2p) {
1473 wpa_s->cross_connect_disallowed =
1474 p2p_get_cross_connect_disallowed(p2p);
1475 wpabuf_free(p2p);
1476 wpa_dbg(wpa_s, MSG_DEBUG, "P2P: WLAN AP %s cross "
1477 "connection",
1478 wpa_s->cross_connect_disallowed ?
1479 "disallows" : "allows");
1480 }
1481 }
1482 #endif /* CONFIG_P2P */
1483
1484 #ifdef CONFIG_HS20
1485 if (is_hs20_network(wpa_s, ssid, bss)) {
1486 struct wpabuf *hs20;
1487 hs20 = wpabuf_alloc(20);
1488 if (hs20) {
1489 wpas_hs20_add_indication(hs20);
1490 os_memcpy(wpa_ie + wpa_ie_len, wpabuf_head(hs20),
1491 wpabuf_len(hs20));
1492 wpa_ie_len += wpabuf_len(hs20);
1493 wpabuf_free(hs20);
1494 }
1495 }
1496 #endif /* CONFIG_HS20 */
1497
1498 ext_capab_len = wpas_build_ext_capab(wpa_s, ext_capab);
1499 if (ext_capab_len > 0) {
1500 u8 *pos = wpa_ie;
1501 if (wpa_ie_len > 0 && pos[0] == WLAN_EID_RSN)
1502 pos += 2 + pos[1];
1503 os_memmove(pos + ext_capab_len, pos,
1504 wpa_ie_len - (pos - wpa_ie));
1505 wpa_ie_len += ext_capab_len;
1506 os_memcpy(pos, ext_capab, ext_capab_len);
1507 }
1508
1509 wpa_clear_keys(wpa_s, bss ? bss->bssid : NULL);
1510 use_crypt = 1;
1511 cipher_pairwise = wpa_cipher_to_suite_driver(wpa_s->pairwise_cipher);
1512 cipher_group = wpa_cipher_to_suite_driver(wpa_s->group_cipher);
1513 if (wpa_s->key_mgmt == WPA_KEY_MGMT_NONE ||
1514 wpa_s->key_mgmt == WPA_KEY_MGMT_IEEE8021X_NO_WPA) {
1515 if (wpa_s->key_mgmt == WPA_KEY_MGMT_NONE)
1516 use_crypt = 0;
1517 if (wpa_set_wep_keys(wpa_s, ssid)) {
1518 use_crypt = 1;
1519 wep_keys_set = 1;
1520 }
1521 }
1522 if (wpa_s->key_mgmt == WPA_KEY_MGMT_WPS)
1523 use_crypt = 0;
1524
1525 #ifdef IEEE8021X_EAPOL
1526 if (wpa_s->key_mgmt == WPA_KEY_MGMT_IEEE8021X_NO_WPA) {
1527 if ((ssid->eapol_flags &
1528 (EAPOL_FLAG_REQUIRE_KEY_UNICAST |
1529 EAPOL_FLAG_REQUIRE_KEY_BROADCAST)) == 0 &&
1530 !wep_keys_set) {
1531 use_crypt = 0;
1532 } else {
1533 /* Assume that dynamic WEP-104 keys will be used and
1534 * set cipher suites in order for drivers to expect
1535 * encryption. */
1536 cipher_pairwise = cipher_group = CIPHER_WEP104;
1537 }
1538 }
1539 #endif /* IEEE8021X_EAPOL */
1540
1541 if (wpa_s->key_mgmt == WPA_KEY_MGMT_WPA_NONE) {
1542 /* Set the key before (and later after) association */
1543 wpa_supplicant_set_wpa_none_key(wpa_s, ssid);
1544 }
1545
1546 wpa_supplicant_set_state(wpa_s, WPA_ASSOCIATING);
1547 if (bss) {
1548 params.ssid = bss->ssid;
1549 params.ssid_len = bss->ssid_len;
1550 if (!wpas_driver_bss_selection(wpa_s) || ssid->bssid_set) {
1551 wpa_printf(MSG_DEBUG, "Limit connection to BSSID "
1552 MACSTR " freq=%u MHz based on scan results "
1553 "(bssid_set=%d)",
1554 MAC2STR(bss->bssid), bss->freq,
1555 ssid->bssid_set);
1556 params.bssid = bss->bssid;
1557 params.freq = bss->freq;
1558 }
1559 } else {
1560 params.ssid = ssid->ssid;
1561 params.ssid_len = ssid->ssid_len;
1562 }
1563
1564 if (ssid->mode == WPAS_MODE_IBSS && ssid->bssid_set &&
1565 wpa_s->conf->ap_scan == 2) {
1566 params.bssid = ssid->bssid;
1567 params.fixed_bssid = 1;
1568 }
1569
1570 if (ssid->mode == WPAS_MODE_IBSS && ssid->frequency > 0 &&
1571 params.freq == 0)
1572 params.freq = ssid->frequency; /* Initial channel for IBSS */
1573 params.wpa_ie = wpa_ie;
1574 params.wpa_ie_len = wpa_ie_len;
1575 params.pairwise_suite = cipher_pairwise;
1576 params.group_suite = cipher_group;
1577 params.key_mgmt_suite = key_mgmt2driver(wpa_s->key_mgmt);
1578 params.wpa_proto = wpa_s->wpa_proto;
1579 params.auth_alg = algs;
1580 params.mode = ssid->mode;
1581 params.bg_scan_period = ssid->bg_scan_period;
1582 for (i = 0; i < NUM_WEP_KEYS; i++) {
1583 if (ssid->wep_key_len[i])
1584 params.wep_key[i] = ssid->wep_key[i];
1585 params.wep_key_len[i] = ssid->wep_key_len[i];
1586 }
1587 params.wep_tx_keyidx = ssid->wep_tx_keyidx;
1588
1589 if ((wpa_s->drv_flags & WPA_DRIVER_FLAGS_4WAY_HANDSHAKE) &&
1590 (params.key_mgmt_suite == KEY_MGMT_PSK ||
1591 params.key_mgmt_suite == KEY_MGMT_FT_PSK)) {
1592 params.passphrase = ssid->passphrase;
1593 if (ssid->psk_set)
1594 params.psk = ssid->psk;
1595 }
1596
1597 params.drop_unencrypted = use_crypt;
1598
1599 #ifdef CONFIG_IEEE80211W
1600 params.mgmt_frame_protection =
1601 ssid->ieee80211w == MGMT_FRAME_PROTECTION_DEFAULT ?
1602 wpa_s->conf->pmf : ssid->ieee80211w;
1603 if (params.mgmt_frame_protection != NO_MGMT_FRAME_PROTECTION && bss) {
1604 const u8 *rsn = wpa_bss_get_ie(bss, WLAN_EID_RSN);
1605 struct wpa_ie_data ie;
1606 if (rsn && wpa_parse_wpa_ie(rsn, 2 + rsn[1], &ie) == 0 &&
1607 ie.capabilities &
1608 (WPA_CAPABILITY_MFPC | WPA_CAPABILITY_MFPR)) {
1609 wpa_dbg(wpa_s, MSG_DEBUG, "WPA: Selected AP supports "
1610 "MFP: require MFP");
1611 params.mgmt_frame_protection =
1612 MGMT_FRAME_PROTECTION_REQUIRED;
1613 }
1614 }
1615 #endif /* CONFIG_IEEE80211W */
1616
1617 params.p2p = ssid->p2p_group;
1618
1619 if (wpa_s->parent->set_sta_uapsd)
1620 params.uapsd = wpa_s->parent->sta_uapsd;
1621 else
1622 params.uapsd = -1;
1623
1624 #ifdef CONFIG_HT_OVERRIDES
1625 os_memset(&htcaps, 0, sizeof(htcaps));
1626 os_memset(&htcaps_mask, 0, sizeof(htcaps_mask));
1627 params.htcaps = (u8 *) &htcaps;
1628 params.htcaps_mask = (u8 *) &htcaps_mask;
1629 wpa_supplicant_apply_ht_overrides(wpa_s, ssid, ¶ms);
1630 #endif /* CONFIG_HT_OVERRIDES */
1631
1632 #ifdef ANDROID_P2P
1633 /* If multichannel concurrency is not supported, check for any frequency
1634 * conflict and take appropriate action.
1635 */
1636 if ((wpa_s->num_multichan_concurrent < 2) &&
1637 ((freq = wpa_drv_shared_freq(wpa_s)) > 0) && (freq != params.freq)) {
1638 wpa_printf(MSG_DEBUG, "Shared interface with conflicting frequency found (%d != %d)"
1639 , freq, params.freq);
1640 if (wpas_p2p_handle_frequency_conflicts(wpa_s, params.freq, ssid) < 0)
1641 return;
1642 }
1643 #endif
1644 ret = wpa_drv_associate(wpa_s, ¶ms);
1645 if (ret < 0) {
1646 wpa_msg(wpa_s, MSG_INFO, "Association request to the driver "
1647 "failed");
1648 if (wpa_s->drv_flags & WPA_DRIVER_FLAGS_SANE_ERROR_CODES) {
1649 /*
1650 * The driver is known to mean what is saying, so we
1651 * can stop right here; the association will not
1652 * succeed.
1653 */
1654 wpas_connection_failed(wpa_s, wpa_s->pending_bssid);
1655 wpa_supplicant_set_state(wpa_s, WPA_DISCONNECTED);
1656 os_memset(wpa_s->pending_bssid, 0, ETH_ALEN);
1657 return;
1658 }
1659 /* try to continue anyway; new association will be tried again
1660 * after timeout */
1661 assoc_failed = 1;
1662 }
1663
1664 if (wpa_s->key_mgmt == WPA_KEY_MGMT_WPA_NONE) {
1665 /* Set the key after the association just in case association
1666 * cleared the previously configured key. */
1667 wpa_supplicant_set_wpa_none_key(wpa_s, ssid);
1668 /* No need to timeout authentication since there is no key
1669 * management. */
1670 wpa_supplicant_cancel_auth_timeout(wpa_s);
1671 wpa_supplicant_set_state(wpa_s, WPA_COMPLETED);
1672 #ifdef CONFIG_IBSS_RSN
1673 } else if (ssid->mode == WPAS_MODE_IBSS &&
1674 wpa_s->key_mgmt != WPA_KEY_MGMT_NONE &&
1675 wpa_s->key_mgmt != WPA_KEY_MGMT_WPA_NONE) {
1676 /*
1677 * RSN IBSS authentication is per-STA and we can disable the
1678 * per-BSSID authentication.
1679 */
1680 wpa_supplicant_cancel_auth_timeout(wpa_s);
1681 #endif /* CONFIG_IBSS_RSN */
1682 } else {
1683 /* Timeout for IEEE 802.11 authentication and association */
1684 int timeout = 60;
1685
1686 if (assoc_failed) {
1687 /* give IBSS a bit more time */
1688 timeout = ssid->mode == WPAS_MODE_IBSS ? 10 : 5;
1689 } else if (wpa_s->conf->ap_scan == 1) {
1690 /* give IBSS a bit more time */
1691 timeout = ssid->mode == WPAS_MODE_IBSS ? 20 : 10;
1692 }
1693 wpa_supplicant_req_auth_timeout(wpa_s, timeout, 0);
1694 }
1695
1696 if (wep_keys_set &&
1697 (wpa_s->drv_flags & WPA_DRIVER_FLAGS_SET_KEYS_AFTER_ASSOC)) {
1698 /* Set static WEP keys again */
1699 wpa_set_wep_keys(wpa_s, ssid);
1700 }
1701
1702 if (wpa_s->current_ssid && wpa_s->current_ssid != ssid) {
1703 /*
1704 * Do not allow EAP session resumption between different
1705 * network configurations.
1706 */
1707 eapol_sm_invalidate_cached_session(wpa_s->eapol);
1708 }
1709 old_ssid = wpa_s->current_ssid;
1710 wpa_s->current_ssid = ssid;
1711 wpa_s->current_bss = bss;
1712 wpa_supplicant_rsn_supp_set_config(wpa_s, wpa_s->current_ssid);
1713 wpa_supplicant_initiate_eapol(wpa_s);
1714 if (old_ssid != wpa_s->current_ssid)
1715 wpas_notify_network_changed(wpa_s);
1716 }
1717
1718
wpa_supplicant_clear_connection(struct wpa_supplicant * wpa_s,const u8 * addr)1719 static void wpa_supplicant_clear_connection(struct wpa_supplicant *wpa_s,
1720 const u8 *addr)
1721 {
1722 struct wpa_ssid *old_ssid;
1723
1724 wpa_clear_keys(wpa_s, addr);
1725 old_ssid = wpa_s->current_ssid;
1726 wpa_supplicant_mark_disassoc(wpa_s);
1727 wpa_sm_set_config(wpa_s->wpa, NULL);
1728 eapol_sm_notify_config(wpa_s->eapol, NULL, NULL);
1729 if (old_ssid != wpa_s->current_ssid)
1730 wpas_notify_network_changed(wpa_s);
1731 eloop_cancel_timeout(wpa_supplicant_timeout, wpa_s, NULL);
1732 }
1733
1734
1735 /**
1736 * wpa_supplicant_deauthenticate - Deauthenticate the current connection
1737 * @wpa_s: Pointer to wpa_supplicant data
1738 * @reason_code: IEEE 802.11 reason code for the deauthenticate frame
1739 *
1740 * This function is used to request %wpa_supplicant to deauthenticate from the
1741 * current AP.
1742 */
wpa_supplicant_deauthenticate(struct wpa_supplicant * wpa_s,int reason_code)1743 void wpa_supplicant_deauthenticate(struct wpa_supplicant *wpa_s,
1744 int reason_code)
1745 {
1746 u8 *addr = NULL;
1747 union wpa_event_data event;
1748 int zero_addr = 0;
1749
1750 wpa_dbg(wpa_s, MSG_DEBUG, "Request to deauthenticate - bssid=" MACSTR
1751 " pending_bssid=" MACSTR " reason=%d state=%s",
1752 MAC2STR(wpa_s->bssid), MAC2STR(wpa_s->pending_bssid),
1753 reason_code, wpa_supplicant_state_txt(wpa_s->wpa_state));
1754
1755 if (!is_zero_ether_addr(wpa_s->bssid))
1756 addr = wpa_s->bssid;
1757 else if (!is_zero_ether_addr(wpa_s->pending_bssid) &&
1758 (wpa_s->wpa_state == WPA_AUTHENTICATING ||
1759 wpa_s->wpa_state == WPA_ASSOCIATING))
1760 addr = wpa_s->pending_bssid;
1761 else if (wpa_s->wpa_state == WPA_ASSOCIATING) {
1762 /*
1763 * When using driver-based BSS selection, we may not know the
1764 * BSSID with which we are currently trying to associate. We
1765 * need to notify the driver of this disconnection even in such
1766 * a case, so use the all zeros address here.
1767 */
1768 addr = wpa_s->bssid;
1769 zero_addr = 1;
1770 }
1771
1772 #ifdef CONFIG_TDLS
1773 wpa_tdls_teardown_peers(wpa_s->wpa);
1774 #endif /* CONFIG_TDLS */
1775
1776 if (addr) {
1777 wpa_drv_deauthenticate(wpa_s, addr, reason_code);
1778 os_memset(&event, 0, sizeof(event));
1779 event.deauth_info.reason_code = (u16) reason_code;
1780 event.deauth_info.locally_generated = 1;
1781 wpa_supplicant_event(wpa_s, EVENT_DEAUTH, &event);
1782 if (zero_addr)
1783 addr = NULL;
1784 }
1785
1786 wpa_supplicant_clear_connection(wpa_s, addr);
1787 }
1788
wpa_supplicant_enable_one_network(struct wpa_supplicant * wpa_s,struct wpa_ssid * ssid)1789 static void wpa_supplicant_enable_one_network(struct wpa_supplicant *wpa_s,
1790 struct wpa_ssid *ssid)
1791 {
1792 if (!ssid || !ssid->disabled || ssid->disabled == 2)
1793 return;
1794
1795 ssid->disabled = 0;
1796 wpas_clear_temp_disabled(wpa_s, ssid, 1);
1797 wpas_notify_network_enabled_changed(wpa_s, ssid);
1798
1799 /*
1800 * Try to reassociate since there is no current configuration and a new
1801 * network was made available.
1802 */
1803 if (!wpa_s->current_ssid && !wpa_s->disconnected)
1804 wpa_s->reassociate = 1;
1805 }
1806
1807
1808 /**
1809 * wpa_supplicant_enable_network - Mark a configured network as enabled
1810 * @wpa_s: wpa_supplicant structure for a network interface
1811 * @ssid: wpa_ssid structure for a configured network or %NULL
1812 *
1813 * Enables the specified network or all networks if no network specified.
1814 */
wpa_supplicant_enable_network(struct wpa_supplicant * wpa_s,struct wpa_ssid * ssid)1815 void wpa_supplicant_enable_network(struct wpa_supplicant *wpa_s,
1816 struct wpa_ssid *ssid)
1817 {
1818 if (ssid == NULL) {
1819 for (ssid = wpa_s->conf->ssid; ssid; ssid = ssid->next)
1820 wpa_supplicant_enable_one_network(wpa_s, ssid);
1821 } else
1822 wpa_supplicant_enable_one_network(wpa_s, ssid);
1823
1824 if (wpa_s->reassociate && !wpa_s->disconnected) {
1825 if (wpa_s->sched_scanning) {
1826 wpa_printf(MSG_DEBUG, "Stop ongoing sched_scan to add "
1827 "new network to scan filters");
1828 wpa_supplicant_cancel_sched_scan(wpa_s);
1829 }
1830
1831 if (wpa_supplicant_fast_associate(wpa_s) != 1)
1832 wpa_supplicant_req_scan(wpa_s, 0, 0);
1833 }
1834 }
1835
1836
1837 /**
1838 * wpa_supplicant_disable_network - Mark a configured network as disabled
1839 * @wpa_s: wpa_supplicant structure for a network interface
1840 * @ssid: wpa_ssid structure for a configured network or %NULL
1841 *
1842 * Disables the specified network or all networks if no network specified.
1843 */
wpa_supplicant_disable_network(struct wpa_supplicant * wpa_s,struct wpa_ssid * ssid)1844 void wpa_supplicant_disable_network(struct wpa_supplicant *wpa_s,
1845 struct wpa_ssid *ssid)
1846 {
1847 struct wpa_ssid *other_ssid;
1848 int was_disabled;
1849
1850 if (ssid == NULL) {
1851 if (wpa_s->sched_scanning)
1852 wpa_supplicant_cancel_sched_scan(wpa_s);
1853
1854 for (other_ssid = wpa_s->conf->ssid; other_ssid;
1855 other_ssid = other_ssid->next) {
1856 was_disabled = other_ssid->disabled;
1857 if (was_disabled == 2)
1858 continue; /* do not change persistent P2P group
1859 * data */
1860
1861 other_ssid->disabled = 1;
1862
1863 if (was_disabled != other_ssid->disabled)
1864 wpas_notify_network_enabled_changed(
1865 wpa_s, other_ssid);
1866 }
1867 if (wpa_s->current_ssid)
1868 wpa_supplicant_deauthenticate(
1869 wpa_s, WLAN_REASON_DEAUTH_LEAVING);
1870 } else if (ssid->disabled != 2) {
1871 if (ssid == wpa_s->current_ssid)
1872 wpa_supplicant_deauthenticate(
1873 wpa_s, WLAN_REASON_DEAUTH_LEAVING);
1874
1875 was_disabled = ssid->disabled;
1876
1877 ssid->disabled = 1;
1878
1879 if (was_disabled != ssid->disabled) {
1880 wpas_notify_network_enabled_changed(wpa_s, ssid);
1881 if (wpa_s->sched_scanning) {
1882 wpa_printf(MSG_DEBUG, "Stop ongoing sched_scan "
1883 "to remove network from filters");
1884 wpa_supplicant_cancel_sched_scan(wpa_s);
1885 wpa_supplicant_req_scan(wpa_s, 0, 0);
1886 }
1887 }
1888 }
1889 }
1890
1891
1892 /**
1893 * wpa_supplicant_select_network - Attempt association with a network
1894 * @wpa_s: wpa_supplicant structure for a network interface
1895 * @ssid: wpa_ssid structure for a configured network or %NULL for any network
1896 */
wpa_supplicant_select_network(struct wpa_supplicant * wpa_s,struct wpa_ssid * ssid)1897 void wpa_supplicant_select_network(struct wpa_supplicant *wpa_s,
1898 struct wpa_ssid *ssid)
1899 {
1900
1901 struct wpa_ssid *other_ssid;
1902 int disconnected = 0;
1903
1904 if (ssid && ssid != wpa_s->current_ssid && wpa_s->current_ssid) {
1905 wpa_supplicant_deauthenticate(
1906 wpa_s, WLAN_REASON_DEAUTH_LEAVING);
1907 disconnected = 1;
1908 }
1909
1910 if (ssid)
1911 wpas_clear_temp_disabled(wpa_s, ssid, 1);
1912
1913 /*
1914 * Mark all other networks disabled or mark all networks enabled if no
1915 * network specified.
1916 */
1917 for (other_ssid = wpa_s->conf->ssid; other_ssid;
1918 other_ssid = other_ssid->next) {
1919 int was_disabled = other_ssid->disabled;
1920 if (was_disabled == 2)
1921 continue; /* do not change persistent P2P group data */
1922
1923 other_ssid->disabled = ssid ? (ssid->id != other_ssid->id) : 0;
1924 if (was_disabled && !other_ssid->disabled)
1925 wpas_clear_temp_disabled(wpa_s, other_ssid, 0);
1926
1927 if (was_disabled != other_ssid->disabled)
1928 wpas_notify_network_enabled_changed(wpa_s, other_ssid);
1929 }
1930
1931 if (ssid && ssid == wpa_s->current_ssid && wpa_s->current_ssid) {
1932 /* We are already associated with the selected network */
1933 wpa_printf(MSG_DEBUG, "Already associated with the "
1934 "selected network - do nothing");
1935 return;
1936 }
1937
1938 if (ssid) {
1939 wpa_s->current_ssid = ssid;
1940 eapol_sm_notify_config(wpa_s->eapol, NULL, NULL);
1941 }
1942 wpa_s->connect_without_scan = NULL;
1943 wpa_s->disconnected = 0;
1944 wpa_s->reassociate = 1;
1945
1946 if (wpa_supplicant_fast_associate(wpa_s) != 1)
1947 wpa_supplicant_req_scan(wpa_s, 0, disconnected ? 100000 : 0);
1948
1949 if (ssid)
1950 wpas_notify_network_selected(wpa_s, ssid);
1951 }
1952
1953
1954 /**
1955 * wpa_supplicant_set_ap_scan - Set AP scan mode for interface
1956 * @wpa_s: wpa_supplicant structure for a network interface
1957 * @ap_scan: AP scan mode
1958 * Returns: 0 if succeed or -1 if ap_scan has an invalid value
1959 *
1960 */
wpa_supplicant_set_ap_scan(struct wpa_supplicant * wpa_s,int ap_scan)1961 int wpa_supplicant_set_ap_scan(struct wpa_supplicant *wpa_s, int ap_scan)
1962 {
1963
1964 int old_ap_scan;
1965
1966 if (ap_scan < 0 || ap_scan > 2)
1967 return -1;
1968
1969 #ifdef ANDROID
1970 if (ap_scan == 2 && ap_scan != wpa_s->conf->ap_scan &&
1971 wpa_s->wpa_state >= WPA_ASSOCIATING &&
1972 wpa_s->wpa_state < WPA_COMPLETED) {
1973 wpa_printf(MSG_ERROR, "ap_scan = %d (%d) rejected while "
1974 "associating", wpa_s->conf->ap_scan, ap_scan);
1975 return 0;
1976 }
1977 #endif /* ANDROID */
1978
1979 old_ap_scan = wpa_s->conf->ap_scan;
1980 wpa_s->conf->ap_scan = ap_scan;
1981
1982 if (old_ap_scan != wpa_s->conf->ap_scan)
1983 wpas_notify_ap_scan_changed(wpa_s);
1984
1985 return 0;
1986 }
1987
1988
1989 /**
1990 * wpa_supplicant_set_bss_expiration_age - Set BSS entry expiration age
1991 * @wpa_s: wpa_supplicant structure for a network interface
1992 * @expire_age: Expiration age in seconds
1993 * Returns: 0 if succeed or -1 if expire_age has an invalid value
1994 *
1995 */
wpa_supplicant_set_bss_expiration_age(struct wpa_supplicant * wpa_s,unsigned int bss_expire_age)1996 int wpa_supplicant_set_bss_expiration_age(struct wpa_supplicant *wpa_s,
1997 unsigned int bss_expire_age)
1998 {
1999 if (bss_expire_age < 10) {
2000 wpa_msg(wpa_s, MSG_ERROR, "Invalid bss expiration age %u",
2001 bss_expire_age);
2002 return -1;
2003 }
2004 wpa_msg(wpa_s, MSG_DEBUG, "Setting bss expiration age: %d sec",
2005 bss_expire_age);
2006 wpa_s->conf->bss_expiration_age = bss_expire_age;
2007
2008 return 0;
2009 }
2010
2011
2012 /**
2013 * wpa_supplicant_set_bss_expiration_count - Set BSS entry expiration scan count
2014 * @wpa_s: wpa_supplicant structure for a network interface
2015 * @expire_count: number of scans after which an unseen BSS is reclaimed
2016 * Returns: 0 if succeed or -1 if expire_count has an invalid value
2017 *
2018 */
wpa_supplicant_set_bss_expiration_count(struct wpa_supplicant * wpa_s,unsigned int bss_expire_count)2019 int wpa_supplicant_set_bss_expiration_count(struct wpa_supplicant *wpa_s,
2020 unsigned int bss_expire_count)
2021 {
2022 if (bss_expire_count < 1) {
2023 wpa_msg(wpa_s, MSG_ERROR, "Invalid bss expiration count %u",
2024 bss_expire_count);
2025 return -1;
2026 }
2027 wpa_msg(wpa_s, MSG_DEBUG, "Setting bss expiration scan count: %u",
2028 bss_expire_count);
2029 wpa_s->conf->bss_expiration_scan_count = bss_expire_count;
2030
2031 return 0;
2032 }
2033
2034
2035 /**
2036 * wpa_supplicant_set_scan_interval - Set scan interval
2037 * @wpa_s: wpa_supplicant structure for a network interface
2038 * @scan_interval: scan interval in seconds
2039 * Returns: 0 if succeed or -1 if scan_interval has an invalid value
2040 *
2041 */
wpa_supplicant_set_scan_interval(struct wpa_supplicant * wpa_s,int scan_interval)2042 int wpa_supplicant_set_scan_interval(struct wpa_supplicant *wpa_s,
2043 int scan_interval)
2044 {
2045 if (scan_interval < 0) {
2046 wpa_msg(wpa_s, MSG_ERROR, "Invalid scan interval %d",
2047 scan_interval);
2048 return -1;
2049 }
2050 wpa_msg(wpa_s, MSG_DEBUG, "Setting scan interval: %d sec",
2051 scan_interval);
2052 wpa_supplicant_update_scan_int(wpa_s, scan_interval);
2053
2054 return 0;
2055 }
2056
2057
2058 /**
2059 * wpa_supplicant_set_debug_params - Set global debug params
2060 * @global: wpa_global structure
2061 * @debug_level: debug level
2062 * @debug_timestamp: determines if show timestamp in debug data
2063 * @debug_show_keys: determines if show keys in debug data
2064 * Returns: 0 if succeed or -1 if debug_level has wrong value
2065 */
wpa_supplicant_set_debug_params(struct wpa_global * global,int debug_level,int debug_timestamp,int debug_show_keys)2066 int wpa_supplicant_set_debug_params(struct wpa_global *global, int debug_level,
2067 int debug_timestamp, int debug_show_keys)
2068 {
2069
2070 int old_level, old_timestamp, old_show_keys;
2071
2072 /* check for allowed debuglevels */
2073 if (debug_level != MSG_EXCESSIVE &&
2074 debug_level != MSG_MSGDUMP &&
2075 debug_level != MSG_DEBUG &&
2076 debug_level != MSG_INFO &&
2077 debug_level != MSG_WARNING &&
2078 debug_level != MSG_ERROR)
2079 return -1;
2080
2081 old_level = wpa_debug_level;
2082 old_timestamp = wpa_debug_timestamp;
2083 old_show_keys = wpa_debug_show_keys;
2084
2085 wpa_debug_level = debug_level;
2086 wpa_debug_timestamp = debug_timestamp ? 1 : 0;
2087 wpa_debug_show_keys = debug_show_keys ? 1 : 0;
2088
2089 if (wpa_debug_level != old_level)
2090 wpas_notify_debug_level_changed(global);
2091 if (wpa_debug_timestamp != old_timestamp)
2092 wpas_notify_debug_timestamp_changed(global);
2093 if (wpa_debug_show_keys != old_show_keys)
2094 wpas_notify_debug_show_keys_changed(global);
2095
2096 return 0;
2097 }
2098
2099
2100 /**
2101 * wpa_supplicant_get_ssid - Get a pointer to the current network structure
2102 * @wpa_s: Pointer to wpa_supplicant data
2103 * Returns: A pointer to the current network structure or %NULL on failure
2104 */
wpa_supplicant_get_ssid(struct wpa_supplicant * wpa_s)2105 struct wpa_ssid * wpa_supplicant_get_ssid(struct wpa_supplicant *wpa_s)
2106 {
2107 struct wpa_ssid *entry;
2108 u8 ssid[MAX_SSID_LEN];
2109 int res;
2110 size_t ssid_len;
2111 u8 bssid[ETH_ALEN];
2112 int wired;
2113
2114 res = wpa_drv_get_ssid(wpa_s, ssid);
2115 if (res < 0) {
2116 wpa_msg(wpa_s, MSG_WARNING, "Could not read SSID from "
2117 "driver");
2118 return NULL;
2119 }
2120 ssid_len = res;
2121
2122 if (wpa_drv_get_bssid(wpa_s, bssid) < 0) {
2123 wpa_msg(wpa_s, MSG_WARNING, "Could not read BSSID from "
2124 "driver");
2125 return NULL;
2126 }
2127
2128 wired = wpa_s->conf->ap_scan == 0 &&
2129 (wpa_s->drv_flags & WPA_DRIVER_FLAGS_WIRED);
2130
2131 entry = wpa_s->conf->ssid;
2132 while (entry) {
2133 if (!wpas_network_disabled(wpa_s, entry) &&
2134 ((ssid_len == entry->ssid_len &&
2135 os_memcmp(ssid, entry->ssid, ssid_len) == 0) || wired) &&
2136 (!entry->bssid_set ||
2137 os_memcmp(bssid, entry->bssid, ETH_ALEN) == 0))
2138 return entry;
2139 #ifdef CONFIG_WPS
2140 if (!wpas_network_disabled(wpa_s, entry) &&
2141 (entry->key_mgmt & WPA_KEY_MGMT_WPS) &&
2142 (entry->ssid == NULL || entry->ssid_len == 0) &&
2143 (!entry->bssid_set ||
2144 os_memcmp(bssid, entry->bssid, ETH_ALEN) == 0))
2145 return entry;
2146 #endif /* CONFIG_WPS */
2147
2148 if (!wpas_network_disabled(wpa_s, entry) && entry->bssid_set &&
2149 entry->ssid_len == 0 &&
2150 os_memcmp(bssid, entry->bssid, ETH_ALEN) == 0)
2151 return entry;
2152
2153 entry = entry->next;
2154 }
2155
2156 return NULL;
2157 }
2158
2159
select_driver(struct wpa_supplicant * wpa_s,int i)2160 static int select_driver(struct wpa_supplicant *wpa_s, int i)
2161 {
2162 struct wpa_global *global = wpa_s->global;
2163
2164 if (wpa_drivers[i]->global_init && global->drv_priv[i] == NULL) {
2165 global->drv_priv[i] = wpa_drivers[i]->global_init();
2166 if (global->drv_priv[i] == NULL) {
2167 wpa_printf(MSG_ERROR, "Failed to initialize driver "
2168 "'%s'", wpa_drivers[i]->name);
2169 return -1;
2170 }
2171 }
2172
2173 wpa_s->driver = wpa_drivers[i];
2174 wpa_s->global_drv_priv = global->drv_priv[i];
2175
2176 return 0;
2177 }
2178
2179
wpa_supplicant_set_driver(struct wpa_supplicant * wpa_s,const char * name)2180 static int wpa_supplicant_set_driver(struct wpa_supplicant *wpa_s,
2181 const char *name)
2182 {
2183 int i;
2184 size_t len;
2185 const char *pos, *driver = name;
2186
2187 if (wpa_s == NULL)
2188 return -1;
2189
2190 if (wpa_drivers[0] == NULL) {
2191 wpa_msg(wpa_s, MSG_ERROR, "No driver interfaces build into "
2192 "wpa_supplicant");
2193 return -1;
2194 }
2195
2196 if (name == NULL) {
2197 /* default to first driver in the list */
2198 return select_driver(wpa_s, 0);
2199 }
2200
2201 do {
2202 pos = os_strchr(driver, ',');
2203 if (pos)
2204 len = pos - driver;
2205 else
2206 len = os_strlen(driver);
2207
2208 for (i = 0; wpa_drivers[i]; i++) {
2209 if (os_strlen(wpa_drivers[i]->name) == len &&
2210 os_strncmp(driver, wpa_drivers[i]->name, len) ==
2211 0) {
2212 /* First driver that succeeds wins */
2213 if (select_driver(wpa_s, i) == 0)
2214 return 0;
2215 }
2216 }
2217
2218 driver = pos + 1;
2219 } while (pos);
2220
2221 wpa_msg(wpa_s, MSG_ERROR, "Unsupported driver '%s'", name);
2222 return -1;
2223 }
2224
2225
2226 /**
2227 * wpa_supplicant_rx_eapol - Deliver a received EAPOL frame to wpa_supplicant
2228 * @ctx: Context pointer (wpa_s); this is the ctx variable registered
2229 * with struct wpa_driver_ops::init()
2230 * @src_addr: Source address of the EAPOL frame
2231 * @buf: EAPOL data starting from the EAPOL header (i.e., no Ethernet header)
2232 * @len: Length of the EAPOL data
2233 *
2234 * This function is called for each received EAPOL frame. Most driver
2235 * interfaces rely on more generic OS mechanism for receiving frames through
2236 * l2_packet, but if such a mechanism is not available, the driver wrapper may
2237 * take care of received EAPOL frames and deliver them to the core supplicant
2238 * code by calling this function.
2239 */
wpa_supplicant_rx_eapol(void * ctx,const u8 * src_addr,const u8 * buf,size_t len)2240 void wpa_supplicant_rx_eapol(void *ctx, const u8 *src_addr,
2241 const u8 *buf, size_t len)
2242 {
2243 struct wpa_supplicant *wpa_s = ctx;
2244
2245 wpa_dbg(wpa_s, MSG_DEBUG, "RX EAPOL from " MACSTR, MAC2STR(src_addr));
2246 wpa_hexdump(MSG_MSGDUMP, "RX EAPOL", buf, len);
2247
2248 if (wpa_s->wpa_state < WPA_ASSOCIATED ||
2249 (wpa_s->last_eapol_matches_bssid &&
2250 #ifdef CONFIG_AP
2251 !wpa_s->ap_iface &&
2252 #endif /* CONFIG_AP */
2253 os_memcmp(src_addr, wpa_s->bssid, ETH_ALEN) != 0)) {
2254 /*
2255 * There is possible race condition between receiving the
2256 * association event and the EAPOL frame since they are coming
2257 * through different paths from the driver. In order to avoid
2258 * issues in trying to process the EAPOL frame before receiving
2259 * association information, lets queue it for processing until
2260 * the association event is received. This may also be needed in
2261 * driver-based roaming case, so also use src_addr != BSSID as a
2262 * trigger if we have previously confirmed that the
2263 * Authenticator uses BSSID as the src_addr (which is not the
2264 * case with wired IEEE 802.1X).
2265 */
2266 wpa_dbg(wpa_s, MSG_DEBUG, "Not associated - Delay processing "
2267 "of received EAPOL frame (state=%s bssid=" MACSTR ")",
2268 wpa_supplicant_state_txt(wpa_s->wpa_state),
2269 MAC2STR(wpa_s->bssid));
2270 wpabuf_free(wpa_s->pending_eapol_rx);
2271 wpa_s->pending_eapol_rx = wpabuf_alloc_copy(buf, len);
2272 if (wpa_s->pending_eapol_rx) {
2273 os_get_time(&wpa_s->pending_eapol_rx_time);
2274 os_memcpy(wpa_s->pending_eapol_rx_src, src_addr,
2275 ETH_ALEN);
2276 }
2277 return;
2278 }
2279
2280 wpa_s->last_eapol_matches_bssid =
2281 os_memcmp(src_addr, wpa_s->bssid, ETH_ALEN) == 0;
2282
2283 #ifdef CONFIG_AP
2284 if (wpa_s->ap_iface) {
2285 wpa_supplicant_ap_rx_eapol(wpa_s, src_addr, buf, len);
2286 return;
2287 }
2288 #endif /* CONFIG_AP */
2289
2290 if (wpa_s->key_mgmt == WPA_KEY_MGMT_NONE) {
2291 wpa_dbg(wpa_s, MSG_DEBUG, "Ignored received EAPOL frame since "
2292 "no key management is configured");
2293 return;
2294 }
2295
2296 if (wpa_s->eapol_received == 0 &&
2297 (!(wpa_s->drv_flags & WPA_DRIVER_FLAGS_4WAY_HANDSHAKE) ||
2298 !wpa_key_mgmt_wpa_psk(wpa_s->key_mgmt) ||
2299 wpa_s->wpa_state != WPA_COMPLETED) &&
2300 (wpa_s->current_ssid == NULL ||
2301 wpa_s->current_ssid->mode != IEEE80211_MODE_IBSS)) {
2302 /* Timeout for completing IEEE 802.1X and WPA authentication */
2303 wpa_supplicant_req_auth_timeout(
2304 wpa_s,
2305 (wpa_key_mgmt_wpa_ieee8021x(wpa_s->key_mgmt) ||
2306 wpa_s->key_mgmt == WPA_KEY_MGMT_IEEE8021X_NO_WPA ||
2307 wpa_s->key_mgmt == WPA_KEY_MGMT_WPS) ?
2308 70 : 10, 0);
2309 }
2310 wpa_s->eapol_received++;
2311
2312 if (wpa_s->countermeasures) {
2313 wpa_msg(wpa_s, MSG_INFO, "WPA: Countermeasures - dropped "
2314 "EAPOL packet");
2315 return;
2316 }
2317
2318 #ifdef CONFIG_IBSS_RSN
2319 if (wpa_s->current_ssid &&
2320 wpa_s->current_ssid->mode == WPAS_MODE_IBSS) {
2321 ibss_rsn_rx_eapol(wpa_s->ibss_rsn, src_addr, buf, len);
2322 return;
2323 }
2324 #endif /* CONFIG_IBSS_RSN */
2325
2326 /* Source address of the incoming EAPOL frame could be compared to the
2327 * current BSSID. However, it is possible that a centralized
2328 * Authenticator could be using another MAC address than the BSSID of
2329 * an AP, so just allow any address to be used for now. The replies are
2330 * still sent to the current BSSID (if available), though. */
2331
2332 os_memcpy(wpa_s->last_eapol_src, src_addr, ETH_ALEN);
2333 if (!wpa_key_mgmt_wpa_psk(wpa_s->key_mgmt) &&
2334 eapol_sm_rx_eapol(wpa_s->eapol, src_addr, buf, len) > 0)
2335 return;
2336 wpa_drv_poll(wpa_s);
2337 if (!(wpa_s->drv_flags & WPA_DRIVER_FLAGS_4WAY_HANDSHAKE))
2338 wpa_sm_rx_eapol(wpa_s->wpa, src_addr, buf, len);
2339 else if (wpa_key_mgmt_wpa_ieee8021x(wpa_s->key_mgmt)) {
2340 /*
2341 * Set portValid = TRUE here since we are going to skip 4-way
2342 * handshake processing which would normally set portValid. We
2343 * need this to allow the EAPOL state machines to be completed
2344 * without going through EAPOL-Key handshake.
2345 */
2346 eapol_sm_notify_portValid(wpa_s->eapol, TRUE);
2347 }
2348 }
2349
2350
wpa_supplicant_update_mac_addr(struct wpa_supplicant * wpa_s)2351 int wpa_supplicant_update_mac_addr(struct wpa_supplicant *wpa_s)
2352 {
2353 if (wpa_s->driver->send_eapol) {
2354 const u8 *addr = wpa_drv_get_mac_addr(wpa_s);
2355 if (addr)
2356 os_memcpy(wpa_s->own_addr, addr, ETH_ALEN);
2357 } else if ((!wpa_s->p2p_mgmt ||
2358 !(wpa_s->drv_flags &
2359 WPA_DRIVER_FLAGS_DEDICATED_P2P_DEVICE)) &&
2360 !(wpa_s->drv_flags &
2361 WPA_DRIVER_FLAGS_P2P_DEDICATED_INTERFACE)) {
2362 l2_packet_deinit(wpa_s->l2);
2363 wpa_s->l2 = l2_packet_init(wpa_s->ifname,
2364 wpa_drv_get_mac_addr(wpa_s),
2365 ETH_P_EAPOL,
2366 wpa_supplicant_rx_eapol, wpa_s, 0);
2367 if (wpa_s->l2 == NULL)
2368 return -1;
2369 } else {
2370 const u8 *addr = wpa_drv_get_mac_addr(wpa_s);
2371 if (addr)
2372 os_memcpy(wpa_s->own_addr, addr, ETH_ALEN);
2373 }
2374
2375 if (wpa_s->l2 && l2_packet_get_own_addr(wpa_s->l2, wpa_s->own_addr)) {
2376 wpa_msg(wpa_s, MSG_ERROR, "Failed to get own L2 address");
2377 return -1;
2378 }
2379
2380 return 0;
2381 }
2382
2383
wpa_supplicant_rx_eapol_bridge(void * ctx,const u8 * src_addr,const u8 * buf,size_t len)2384 static void wpa_supplicant_rx_eapol_bridge(void *ctx, const u8 *src_addr,
2385 const u8 *buf, size_t len)
2386 {
2387 struct wpa_supplicant *wpa_s = ctx;
2388 const struct l2_ethhdr *eth;
2389
2390 if (len < sizeof(*eth))
2391 return;
2392 eth = (const struct l2_ethhdr *) buf;
2393
2394 if (os_memcmp(eth->h_dest, wpa_s->own_addr, ETH_ALEN) != 0 &&
2395 !(eth->h_dest[0] & 0x01)) {
2396 wpa_dbg(wpa_s, MSG_DEBUG, "RX EAPOL from " MACSTR " to " MACSTR
2397 " (bridge - not for this interface - ignore)",
2398 MAC2STR(src_addr), MAC2STR(eth->h_dest));
2399 return;
2400 }
2401
2402 wpa_dbg(wpa_s, MSG_DEBUG, "RX EAPOL from " MACSTR " to " MACSTR
2403 " (bridge)", MAC2STR(src_addr), MAC2STR(eth->h_dest));
2404 wpa_supplicant_rx_eapol(wpa_s, src_addr, buf + sizeof(*eth),
2405 len - sizeof(*eth));
2406 }
2407
2408
2409 /**
2410 * wpa_supplicant_driver_init - Initialize driver interface parameters
2411 * @wpa_s: Pointer to wpa_supplicant data
2412 * Returns: 0 on success, -1 on failure
2413 *
2414 * This function is called to initialize driver interface parameters.
2415 * wpa_drv_init() must have been called before this function to initialize the
2416 * driver interface.
2417 */
wpa_supplicant_driver_init(struct wpa_supplicant * wpa_s)2418 int wpa_supplicant_driver_init(struct wpa_supplicant *wpa_s)
2419 {
2420 static int interface_count = 0;
2421
2422 if (wpa_supplicant_update_mac_addr(wpa_s) < 0)
2423 return -1;
2424
2425 wpa_dbg(wpa_s, MSG_DEBUG, "Own MAC address: " MACSTR,
2426 MAC2STR(wpa_s->own_addr));
2427 wpa_sm_set_own_addr(wpa_s->wpa, wpa_s->own_addr);
2428
2429 if (wpa_s->bridge_ifname[0]) {
2430 wpa_dbg(wpa_s, MSG_DEBUG, "Receiving packets from bridge "
2431 "interface '%s'", wpa_s->bridge_ifname);
2432 wpa_s->l2_br = l2_packet_init(wpa_s->bridge_ifname,
2433 wpa_s->own_addr,
2434 ETH_P_EAPOL,
2435 wpa_supplicant_rx_eapol_bridge,
2436 wpa_s, 1);
2437 if (wpa_s->l2_br == NULL) {
2438 wpa_msg(wpa_s, MSG_ERROR, "Failed to open l2_packet "
2439 "connection for the bridge interface '%s'",
2440 wpa_s->bridge_ifname);
2441 return -1;
2442 }
2443 }
2444
2445 wpa_clear_keys(wpa_s, NULL);
2446
2447 /* Make sure that TKIP countermeasures are not left enabled (could
2448 * happen if wpa_supplicant is killed during countermeasures. */
2449 wpa_drv_set_countermeasures(wpa_s, 0);
2450
2451 wpa_dbg(wpa_s, MSG_DEBUG, "RSN: flushing PMKID list in the driver");
2452 wpa_drv_flush_pmkid(wpa_s);
2453
2454 wpa_s->prev_scan_ssid = WILDCARD_SSID_SCAN;
2455 wpa_s->prev_scan_wildcard = 0;
2456
2457 if (wpa_supplicant_enabled_networks(wpa_s)) {
2458 if (wpa_supplicant_delayed_sched_scan(wpa_s, interface_count,
2459 100000))
2460 wpa_supplicant_req_scan(wpa_s, interface_count,
2461 100000);
2462 interface_count++;
2463 } else
2464 wpa_supplicant_set_state(wpa_s, WPA_INACTIVE);
2465
2466 return 0;
2467 }
2468
2469
wpa_supplicant_daemon(const char * pid_file)2470 static int wpa_supplicant_daemon(const char *pid_file)
2471 {
2472 wpa_printf(MSG_DEBUG, "Daemonize..");
2473 return os_daemonize(pid_file);
2474 }
2475
2476
wpa_supplicant_alloc(void)2477 static struct wpa_supplicant * wpa_supplicant_alloc(void)
2478 {
2479 struct wpa_supplicant *wpa_s;
2480
2481 wpa_s = os_zalloc(sizeof(*wpa_s));
2482 if (wpa_s == NULL)
2483 return NULL;
2484 wpa_s->scan_req = INITIAL_SCAN_REQ;
2485 wpa_s->scan_interval = 5;
2486 wpa_s->new_connection = 1;
2487 wpa_s->parent = wpa_s;
2488 wpa_s->sched_scanning = 0;
2489
2490 return wpa_s;
2491 }
2492
2493
2494 #ifdef CONFIG_HT_OVERRIDES
2495
wpa_set_htcap_mcs(struct wpa_supplicant * wpa_s,struct ieee80211_ht_capabilities * htcaps,struct ieee80211_ht_capabilities * htcaps_mask,const char * ht_mcs)2496 static int wpa_set_htcap_mcs(struct wpa_supplicant *wpa_s,
2497 struct ieee80211_ht_capabilities *htcaps,
2498 struct ieee80211_ht_capabilities *htcaps_mask,
2499 const char *ht_mcs)
2500 {
2501 /* parse ht_mcs into hex array */
2502 int i;
2503 const char *tmp = ht_mcs;
2504 char *end = NULL;
2505
2506 /* If ht_mcs is null, do not set anything */
2507 if (!ht_mcs)
2508 return 0;
2509
2510 /* This is what we are setting in the kernel */
2511 os_memset(&htcaps->supported_mcs_set, 0, IEEE80211_HT_MCS_MASK_LEN);
2512
2513 wpa_msg(wpa_s, MSG_DEBUG, "set_htcap, ht_mcs -:%s:-", ht_mcs);
2514
2515 for (i = 0; i < IEEE80211_HT_MCS_MASK_LEN; i++) {
2516 errno = 0;
2517 long v = strtol(tmp, &end, 16);
2518 if (errno == 0) {
2519 wpa_msg(wpa_s, MSG_DEBUG,
2520 "htcap value[%i]: %ld end: %p tmp: %p",
2521 i, v, end, tmp);
2522 if (end == tmp)
2523 break;
2524
2525 htcaps->supported_mcs_set[i] = v;
2526 tmp = end;
2527 } else {
2528 wpa_msg(wpa_s, MSG_ERROR,
2529 "Failed to parse ht-mcs: %s, error: %s\n",
2530 ht_mcs, strerror(errno));
2531 return -1;
2532 }
2533 }
2534
2535 /*
2536 * If we were able to parse any values, then set mask for the MCS set.
2537 */
2538 if (i) {
2539 os_memset(&htcaps_mask->supported_mcs_set, 0xff,
2540 IEEE80211_HT_MCS_MASK_LEN - 1);
2541 /* skip the 3 reserved bits */
2542 htcaps_mask->supported_mcs_set[IEEE80211_HT_MCS_MASK_LEN - 1] =
2543 0x1f;
2544 }
2545
2546 return 0;
2547 }
2548
2549
wpa_disable_max_amsdu(struct wpa_supplicant * wpa_s,struct ieee80211_ht_capabilities * htcaps,struct ieee80211_ht_capabilities * htcaps_mask,int disabled)2550 static int wpa_disable_max_amsdu(struct wpa_supplicant *wpa_s,
2551 struct ieee80211_ht_capabilities *htcaps,
2552 struct ieee80211_ht_capabilities *htcaps_mask,
2553 int disabled)
2554 {
2555 u16 msk;
2556
2557 wpa_msg(wpa_s, MSG_DEBUG, "set_disable_max_amsdu: %d", disabled);
2558
2559 if (disabled == -1)
2560 return 0;
2561
2562 msk = host_to_le16(HT_CAP_INFO_MAX_AMSDU_SIZE);
2563 htcaps_mask->ht_capabilities_info |= msk;
2564 if (disabled)
2565 htcaps->ht_capabilities_info &= msk;
2566 else
2567 htcaps->ht_capabilities_info |= msk;
2568
2569 return 0;
2570 }
2571
2572
wpa_set_ampdu_factor(struct wpa_supplicant * wpa_s,struct ieee80211_ht_capabilities * htcaps,struct ieee80211_ht_capabilities * htcaps_mask,int factor)2573 static int wpa_set_ampdu_factor(struct wpa_supplicant *wpa_s,
2574 struct ieee80211_ht_capabilities *htcaps,
2575 struct ieee80211_ht_capabilities *htcaps_mask,
2576 int factor)
2577 {
2578 wpa_msg(wpa_s, MSG_DEBUG, "set_ampdu_factor: %d", factor);
2579
2580 if (factor == -1)
2581 return 0;
2582
2583 if (factor < 0 || factor > 3) {
2584 wpa_msg(wpa_s, MSG_ERROR, "ampdu_factor: %d out of range. "
2585 "Must be 0-3 or -1", factor);
2586 return -EINVAL;
2587 }
2588
2589 htcaps_mask->a_mpdu_params |= 0x3; /* 2 bits for factor */
2590 htcaps->a_mpdu_params &= ~0x3;
2591 htcaps->a_mpdu_params |= factor & 0x3;
2592
2593 return 0;
2594 }
2595
2596
wpa_set_ampdu_density(struct wpa_supplicant * wpa_s,struct ieee80211_ht_capabilities * htcaps,struct ieee80211_ht_capabilities * htcaps_mask,int density)2597 static int wpa_set_ampdu_density(struct wpa_supplicant *wpa_s,
2598 struct ieee80211_ht_capabilities *htcaps,
2599 struct ieee80211_ht_capabilities *htcaps_mask,
2600 int density)
2601 {
2602 wpa_msg(wpa_s, MSG_DEBUG, "set_ampdu_density: %d", density);
2603
2604 if (density == -1)
2605 return 0;
2606
2607 if (density < 0 || density > 7) {
2608 wpa_msg(wpa_s, MSG_ERROR,
2609 "ampdu_density: %d out of range. Must be 0-7 or -1.",
2610 density);
2611 return -EINVAL;
2612 }
2613
2614 htcaps_mask->a_mpdu_params |= 0x1C;
2615 htcaps->a_mpdu_params &= ~(0x1C);
2616 htcaps->a_mpdu_params |= (density << 2) & 0x1C;
2617
2618 return 0;
2619 }
2620
2621
wpa_set_disable_ht40(struct wpa_supplicant * wpa_s,struct ieee80211_ht_capabilities * htcaps,struct ieee80211_ht_capabilities * htcaps_mask,int disabled)2622 static int wpa_set_disable_ht40(struct wpa_supplicant *wpa_s,
2623 struct ieee80211_ht_capabilities *htcaps,
2624 struct ieee80211_ht_capabilities *htcaps_mask,
2625 int disabled)
2626 {
2627 /* Masking these out disables HT40 */
2628 u16 msk = host_to_le16(HT_CAP_INFO_SUPP_CHANNEL_WIDTH_SET |
2629 HT_CAP_INFO_SHORT_GI40MHZ);
2630
2631 wpa_msg(wpa_s, MSG_DEBUG, "set_disable_ht40: %d", disabled);
2632
2633 if (disabled)
2634 htcaps->ht_capabilities_info &= ~msk;
2635 else
2636 htcaps->ht_capabilities_info |= msk;
2637
2638 htcaps_mask->ht_capabilities_info |= msk;
2639
2640 return 0;
2641 }
2642
2643
wpa_set_disable_sgi(struct wpa_supplicant * wpa_s,struct ieee80211_ht_capabilities * htcaps,struct ieee80211_ht_capabilities * htcaps_mask,int disabled)2644 static int wpa_set_disable_sgi(struct wpa_supplicant *wpa_s,
2645 struct ieee80211_ht_capabilities *htcaps,
2646 struct ieee80211_ht_capabilities *htcaps_mask,
2647 int disabled)
2648 {
2649 /* Masking these out disables SGI */
2650 u16 msk = host_to_le16(HT_CAP_INFO_SHORT_GI20MHZ |
2651 HT_CAP_INFO_SHORT_GI40MHZ);
2652
2653 wpa_msg(wpa_s, MSG_DEBUG, "set_disable_sgi: %d", disabled);
2654
2655 if (disabled)
2656 htcaps->ht_capabilities_info &= ~msk;
2657 else
2658 htcaps->ht_capabilities_info |= msk;
2659
2660 htcaps_mask->ht_capabilities_info |= msk;
2661
2662 return 0;
2663 }
2664
2665
wpa_supplicant_apply_ht_overrides(struct wpa_supplicant * wpa_s,struct wpa_ssid * ssid,struct wpa_driver_associate_params * params)2666 void wpa_supplicant_apply_ht_overrides(
2667 struct wpa_supplicant *wpa_s, struct wpa_ssid *ssid,
2668 struct wpa_driver_associate_params *params)
2669 {
2670 struct ieee80211_ht_capabilities *htcaps;
2671 struct ieee80211_ht_capabilities *htcaps_mask;
2672
2673 if (!ssid)
2674 return;
2675
2676 params->disable_ht = ssid->disable_ht;
2677 if (!params->htcaps || !params->htcaps_mask)
2678 return;
2679
2680 htcaps = (struct ieee80211_ht_capabilities *) params->htcaps;
2681 htcaps_mask = (struct ieee80211_ht_capabilities *) params->htcaps_mask;
2682 wpa_set_htcap_mcs(wpa_s, htcaps, htcaps_mask, ssid->ht_mcs);
2683 wpa_disable_max_amsdu(wpa_s, htcaps, htcaps_mask,
2684 ssid->disable_max_amsdu);
2685 wpa_set_ampdu_factor(wpa_s, htcaps, htcaps_mask, ssid->ampdu_factor);
2686 wpa_set_ampdu_density(wpa_s, htcaps, htcaps_mask, ssid->ampdu_density);
2687 wpa_set_disable_ht40(wpa_s, htcaps, htcaps_mask, ssid->disable_ht40);
2688 wpa_set_disable_sgi(wpa_s, htcaps, htcaps_mask, ssid->disable_sgi);
2689 }
2690
2691 #endif /* CONFIG_HT_OVERRIDES */
2692
2693
2694 #ifdef CONFIG_VHT_OVERRIDES
wpa_supplicant_apply_vht_overrides(struct wpa_supplicant * wpa_s,struct wpa_ssid * ssid,struct wpa_driver_associate_params * params)2695 void wpa_supplicant_apply_vht_overrides(
2696 struct wpa_supplicant *wpa_s, struct wpa_ssid *ssid,
2697 struct wpa_driver_associate_params *params)
2698 {
2699 struct ieee80211_vht_capabilities *vhtcaps;
2700 struct ieee80211_vht_capabilities *vhtcaps_mask;
2701
2702 if (!ssid)
2703 return;
2704
2705 params->disable_vht = ssid->disable_vht;
2706
2707 vhtcaps = (void *) params->vhtcaps;
2708 vhtcaps_mask = (void *) params->vhtcaps_mask;
2709
2710 if (!vhtcaps || !vhtcaps_mask)
2711 return;
2712
2713 vhtcaps->vht_capabilities_info = ssid->vht_capa;
2714 vhtcaps_mask->vht_capabilities_info = ssid->vht_capa_mask;
2715
2716 #define OVERRIDE_MCS(i) \
2717 if (ssid->vht_tx_mcs_nss_ ##i >= 0) { \
2718 vhtcaps_mask->vht_supported_mcs_set.tx_map |= \
2719 3 << 2 * (i - 1); \
2720 vhtcaps->vht_supported_mcs_set.tx_map |= \
2721 ssid->vht_tx_mcs_nss_ ##i << 2 * (i - 1); \
2722 } \
2723 if (ssid->vht_rx_mcs_nss_ ##i >= 0) { \
2724 vhtcaps_mask->vht_supported_mcs_set.rx_map |= \
2725 3 << 2 * (i - 1); \
2726 vhtcaps->vht_supported_mcs_set.rx_map |= \
2727 ssid->vht_rx_mcs_nss_ ##i << 2 * (i - 1); \
2728 }
2729
2730 OVERRIDE_MCS(1);
2731 OVERRIDE_MCS(2);
2732 OVERRIDE_MCS(3);
2733 OVERRIDE_MCS(4);
2734 OVERRIDE_MCS(5);
2735 OVERRIDE_MCS(6);
2736 OVERRIDE_MCS(7);
2737 OVERRIDE_MCS(8);
2738 }
2739 #endif /* CONFIG_VHT_OVERRIDES */
2740
2741
pcsc_reader_init(struct wpa_supplicant * wpa_s)2742 static int pcsc_reader_init(struct wpa_supplicant *wpa_s)
2743 {
2744 #ifdef PCSC_FUNCS
2745 size_t len;
2746
2747 if (!wpa_s->conf->pcsc_reader)
2748 return 0;
2749
2750 wpa_s->scard = scard_init(SCARD_TRY_BOTH, wpa_s->conf->pcsc_reader);
2751 if (!wpa_s->scard)
2752 return 1;
2753
2754 if (wpa_s->conf->pcsc_pin &&
2755 scard_set_pin(wpa_s->scard, wpa_s->conf->pcsc_pin) < 0) {
2756 scard_deinit(wpa_s->scard);
2757 wpa_s->scard = NULL;
2758 wpa_msg(wpa_s, MSG_ERROR, "PC/SC PIN validation failed");
2759 return -1;
2760 }
2761
2762 len = sizeof(wpa_s->imsi) - 1;
2763 if (scard_get_imsi(wpa_s->scard, wpa_s->imsi, &len)) {
2764 scard_deinit(wpa_s->scard);
2765 wpa_s->scard = NULL;
2766 wpa_msg(wpa_s, MSG_ERROR, "Could not read IMSI");
2767 return -1;
2768 }
2769 wpa_s->imsi[len] = '\0';
2770
2771 wpa_s->mnc_len = scard_get_mnc_len(wpa_s->scard);
2772
2773 wpa_printf(MSG_DEBUG, "SCARD: IMSI %s (MNC length %d)",
2774 wpa_s->imsi, wpa_s->mnc_len);
2775
2776 wpa_sm_set_scard_ctx(wpa_s->wpa, wpa_s->scard);
2777 eapol_sm_register_scard_ctx(wpa_s->eapol, wpa_s->scard);
2778 #endif /* PCSC_FUNCS */
2779
2780 return 0;
2781 }
2782
2783
wpas_init_ext_pw(struct wpa_supplicant * wpa_s)2784 int wpas_init_ext_pw(struct wpa_supplicant *wpa_s)
2785 {
2786 char *val, *pos;
2787
2788 ext_password_deinit(wpa_s->ext_pw);
2789 wpa_s->ext_pw = NULL;
2790 eapol_sm_set_ext_pw_ctx(wpa_s->eapol, NULL);
2791
2792 if (!wpa_s->conf->ext_password_backend)
2793 return 0;
2794
2795 val = os_strdup(wpa_s->conf->ext_password_backend);
2796 if (val == NULL)
2797 return -1;
2798 pos = os_strchr(val, ':');
2799 if (pos)
2800 *pos++ = '\0';
2801
2802 wpa_printf(MSG_DEBUG, "EXT PW: Initialize backend '%s'", val);
2803
2804 wpa_s->ext_pw = ext_password_init(val, pos);
2805 os_free(val);
2806 if (wpa_s->ext_pw == NULL) {
2807 wpa_printf(MSG_DEBUG, "EXT PW: Failed to initialize backend");
2808 return -1;
2809 }
2810 eapol_sm_set_ext_pw_ctx(wpa_s->eapol, wpa_s->ext_pw);
2811
2812 return 0;
2813 }
2814
2815
wpa_supplicant_init_iface(struct wpa_supplicant * wpa_s,struct wpa_interface * iface)2816 static int wpa_supplicant_init_iface(struct wpa_supplicant *wpa_s,
2817 struct wpa_interface *iface)
2818 {
2819 const char *ifname, *driver;
2820 struct wpa_driver_capa capa;
2821
2822 wpa_printf(MSG_DEBUG, "Initializing interface '%s' conf '%s' driver "
2823 "'%s' ctrl_interface '%s' bridge '%s'", iface->ifname,
2824 iface->confname ? iface->confname : "N/A",
2825 iface->driver ? iface->driver : "default",
2826 iface->ctrl_interface ? iface->ctrl_interface : "N/A",
2827 iface->bridge_ifname ? iface->bridge_ifname : "N/A");
2828
2829 if (iface->confname) {
2830 #ifdef CONFIG_BACKEND_FILE
2831 wpa_s->confname = os_rel2abs_path(iface->confname);
2832 if (wpa_s->confname == NULL) {
2833 wpa_printf(MSG_ERROR, "Failed to get absolute path "
2834 "for configuration file '%s'.",
2835 iface->confname);
2836 return -1;
2837 }
2838 wpa_printf(MSG_DEBUG, "Configuration file '%s' -> '%s'",
2839 iface->confname, wpa_s->confname);
2840 #else /* CONFIG_BACKEND_FILE */
2841 wpa_s->confname = os_strdup(iface->confname);
2842 #endif /* CONFIG_BACKEND_FILE */
2843 wpa_s->conf = wpa_config_read(wpa_s->confname, NULL);
2844 if (wpa_s->conf == NULL) {
2845 wpa_printf(MSG_ERROR, "Failed to read or parse "
2846 "configuration '%s'.", wpa_s->confname);
2847 return -1;
2848 }
2849 wpa_s->confanother = os_rel2abs_path(iface->confanother);
2850 wpa_config_read(wpa_s->confanother, wpa_s->conf);
2851
2852 /*
2853 * Override ctrl_interface and driver_param if set on command
2854 * line.
2855 */
2856 if (iface->ctrl_interface) {
2857 os_free(wpa_s->conf->ctrl_interface);
2858 wpa_s->conf->ctrl_interface =
2859 os_strdup(iface->ctrl_interface);
2860 }
2861
2862 if (iface->driver_param) {
2863 os_free(wpa_s->conf->driver_param);
2864 wpa_s->conf->driver_param =
2865 os_strdup(iface->driver_param);
2866 }
2867
2868 if (iface->p2p_mgmt && !iface->ctrl_interface) {
2869 os_free(wpa_s->conf->ctrl_interface);
2870 wpa_s->conf->ctrl_interface = NULL;
2871 }
2872 } else
2873 wpa_s->conf = wpa_config_alloc_empty(iface->ctrl_interface,
2874 iface->driver_param);
2875
2876 if (wpa_s->conf == NULL) {
2877 wpa_printf(MSG_ERROR, "\nNo configuration found.");
2878 return -1;
2879 }
2880
2881 if (iface->ifname == NULL) {
2882 wpa_printf(MSG_ERROR, "\nInterface name is required.");
2883 return -1;
2884 }
2885 if (os_strlen(iface->ifname) >= sizeof(wpa_s->ifname)) {
2886 wpa_printf(MSG_ERROR, "\nToo long interface name '%s'.",
2887 iface->ifname);
2888 return -1;
2889 }
2890 os_strlcpy(wpa_s->ifname, iface->ifname, sizeof(wpa_s->ifname));
2891
2892 if (iface->bridge_ifname) {
2893 if (os_strlen(iface->bridge_ifname) >=
2894 sizeof(wpa_s->bridge_ifname)) {
2895 wpa_printf(MSG_ERROR, "\nToo long bridge interface "
2896 "name '%s'.", iface->bridge_ifname);
2897 return -1;
2898 }
2899 os_strlcpy(wpa_s->bridge_ifname, iface->bridge_ifname,
2900 sizeof(wpa_s->bridge_ifname));
2901 }
2902
2903 /* RSNA Supplicant Key Management - INITIALIZE */
2904 eapol_sm_notify_portEnabled(wpa_s->eapol, FALSE);
2905 eapol_sm_notify_portValid(wpa_s->eapol, FALSE);
2906
2907 /* Initialize driver interface and register driver event handler before
2908 * L2 receive handler so that association events are processed before
2909 * EAPOL-Key packets if both become available for the same select()
2910 * call. */
2911 driver = iface->driver;
2912 next_driver:
2913 if (wpa_supplicant_set_driver(wpa_s, driver) < 0)
2914 return -1;
2915
2916 wpa_s->drv_priv = wpa_drv_init(wpa_s, wpa_s->ifname);
2917 if (wpa_s->drv_priv == NULL) {
2918 const char *pos;
2919 pos = driver ? os_strchr(driver, ',') : NULL;
2920 if (pos) {
2921 wpa_dbg(wpa_s, MSG_DEBUG, "Failed to initialize "
2922 "driver interface - try next driver wrapper");
2923 driver = pos + 1;
2924 goto next_driver;
2925 }
2926 wpa_msg(wpa_s, MSG_ERROR, "Failed to initialize driver "
2927 "interface");
2928 return -1;
2929 }
2930 if (wpa_drv_set_param(wpa_s, wpa_s->conf->driver_param) < 0) {
2931 wpa_msg(wpa_s, MSG_ERROR, "Driver interface rejected "
2932 "driver_param '%s'", wpa_s->conf->driver_param);
2933 return -1;
2934 }
2935
2936 ifname = wpa_drv_get_ifname(wpa_s);
2937 if (ifname && os_strcmp(ifname, wpa_s->ifname) != 0) {
2938 wpa_dbg(wpa_s, MSG_DEBUG, "Driver interface replaced "
2939 "interface name with '%s'", ifname);
2940 os_strlcpy(wpa_s->ifname, ifname, sizeof(wpa_s->ifname));
2941 }
2942
2943 if (wpa_supplicant_init_wpa(wpa_s) < 0)
2944 return -1;
2945
2946 wpa_sm_set_ifname(wpa_s->wpa, wpa_s->ifname,
2947 wpa_s->bridge_ifname[0] ? wpa_s->bridge_ifname :
2948 NULL);
2949 wpa_sm_set_fast_reauth(wpa_s->wpa, wpa_s->conf->fast_reauth);
2950
2951 if (wpa_s->conf->dot11RSNAConfigPMKLifetime &&
2952 wpa_sm_set_param(wpa_s->wpa, RSNA_PMK_LIFETIME,
2953 wpa_s->conf->dot11RSNAConfigPMKLifetime)) {
2954 wpa_msg(wpa_s, MSG_ERROR, "Invalid WPA parameter value for "
2955 "dot11RSNAConfigPMKLifetime");
2956 return -1;
2957 }
2958
2959 if (wpa_s->conf->dot11RSNAConfigPMKReauthThreshold &&
2960 wpa_sm_set_param(wpa_s->wpa, RSNA_PMK_REAUTH_THRESHOLD,
2961 wpa_s->conf->dot11RSNAConfigPMKReauthThreshold)) {
2962 wpa_msg(wpa_s, MSG_ERROR, "Invalid WPA parameter value for "
2963 "dot11RSNAConfigPMKReauthThreshold");
2964 return -1;
2965 }
2966
2967 if (wpa_s->conf->dot11RSNAConfigSATimeout &&
2968 wpa_sm_set_param(wpa_s->wpa, RSNA_SA_TIMEOUT,
2969 wpa_s->conf->dot11RSNAConfigSATimeout)) {
2970 wpa_msg(wpa_s, MSG_ERROR, "Invalid WPA parameter value for "
2971 "dot11RSNAConfigSATimeout");
2972 return -1;
2973 }
2974
2975 wpa_s->hw.modes = wpa_drv_get_hw_feature_data(wpa_s,
2976 &wpa_s->hw.num_modes,
2977 &wpa_s->hw.flags);
2978
2979 if (wpa_drv_get_capa(wpa_s, &capa) == 0) {
2980 wpa_s->drv_capa_known = 1;
2981 wpa_s->drv_flags = capa.flags;
2982 wpa_s->drv_enc = capa.enc;
2983 wpa_s->probe_resp_offloads = capa.probe_resp_offloads;
2984 wpa_s->max_scan_ssids = capa.max_scan_ssids;
2985 wpa_s->max_sched_scan_ssids = capa.max_sched_scan_ssids;
2986 wpa_s->sched_scan_supported = capa.sched_scan_supported;
2987 wpa_s->max_match_sets = capa.max_match_sets;
2988 wpa_s->max_remain_on_chan = capa.max_remain_on_chan;
2989 wpa_s->max_stations = capa.max_stations;
2990 wpa_s->extended_capa = capa.extended_capa;
2991 wpa_s->extended_capa_mask = capa.extended_capa_mask;
2992 wpa_s->extended_capa_len = capa.extended_capa_len;
2993 wpa_s->num_multichan_concurrent =
2994 capa.num_multichan_concurrent;
2995 }
2996 if (wpa_s->max_remain_on_chan == 0)
2997 wpa_s->max_remain_on_chan = 1000;
2998
2999 /*
3000 * Only take p2p_mgmt parameters when P2P Device is supported.
3001 * Doing it here as it determines whether l2_packet_init() will be done
3002 * during wpa_supplicant_driver_init().
3003 */
3004 if (wpa_s->drv_flags & WPA_DRIVER_FLAGS_DEDICATED_P2P_DEVICE)
3005 wpa_s->p2p_mgmt = iface->p2p_mgmt;
3006 else
3007 iface->p2p_mgmt = 1;
3008
3009 if (wpa_s->num_multichan_concurrent == 0)
3010 wpa_s->num_multichan_concurrent = 1;
3011
3012 if (wpa_supplicant_driver_init(wpa_s) < 0)
3013 return -1;
3014
3015 #ifdef CONFIG_TDLS
3016 if ((!iface->p2p_mgmt ||
3017 !(wpa_s->drv_flags &
3018 WPA_DRIVER_FLAGS_DEDICATED_P2P_DEVICE)) &&
3019 wpa_tdls_init(wpa_s->wpa))
3020 return -1;
3021 #endif /* CONFIG_TDLS */
3022
3023 if (wpa_s->conf->country[0] && wpa_s->conf->country[1] &&
3024 wpa_drv_set_country(wpa_s, wpa_s->conf->country)) {
3025 wpa_dbg(wpa_s, MSG_DEBUG, "Failed to set country");
3026 return -1;
3027 }
3028
3029 if (wpas_wps_init(wpa_s))
3030 return -1;
3031
3032 if (wpa_supplicant_init_eapol(wpa_s) < 0)
3033 return -1;
3034 wpa_sm_set_eapol(wpa_s->wpa, wpa_s->eapol);
3035
3036 wpa_s->ctrl_iface = wpa_supplicant_ctrl_iface_init(wpa_s);
3037 if (wpa_s->ctrl_iface == NULL) {
3038 wpa_printf(MSG_ERROR,
3039 "Failed to initialize control interface '%s'.\n"
3040 "You may have another wpa_supplicant process "
3041 "already running or the file was\n"
3042 "left by an unclean termination of wpa_supplicant "
3043 "in which case you will need\n"
3044 "to manually remove this file before starting "
3045 "wpa_supplicant again.\n",
3046 wpa_s->conf->ctrl_interface);
3047 return -1;
3048 }
3049
3050 wpa_s->gas = gas_query_init(wpa_s);
3051 if (wpa_s->gas == NULL) {
3052 wpa_printf(MSG_ERROR, "Failed to initialize GAS query");
3053 return -1;
3054 }
3055
3056 #ifdef CONFIG_P2P
3057 if (iface->p2p_mgmt && wpas_p2p_init(wpa_s->global, wpa_s) < 0) {
3058 wpa_msg(wpa_s, MSG_ERROR, "Failed to init P2P");
3059 return -1;
3060 }
3061 #endif /* CONFIG_P2P */
3062
3063 if (wpa_bss_init(wpa_s) < 0)
3064 return -1;
3065
3066 #ifdef CONFIG_EAP_PROXY
3067 {
3068 size_t len;
3069 wpa_s->mnc_len = eap_proxy_get_imsi(wpa_s->imsi, &len);
3070 if (wpa_s->mnc_len > 0) {
3071 wpa_s->imsi[len] = '\0';
3072 wpa_printf(MSG_DEBUG, "eap_proxy: IMSI %s (MNC length %d)",
3073 wpa_s->imsi, wpa_s->mnc_len);
3074 } else {
3075 wpa_printf(MSG_DEBUG, "eap_proxy: IMSI not available");
3076 }
3077 }
3078 #endif /* CONFIG_EAP_PROXY */
3079
3080 if (pcsc_reader_init(wpa_s) < 0)
3081 return -1;
3082
3083 if (wpas_init_ext_pw(wpa_s) < 0)
3084 return -1;
3085
3086 return 0;
3087 }
3088
3089
wpa_supplicant_deinit_iface(struct wpa_supplicant * wpa_s,int notify,int terminate)3090 static void wpa_supplicant_deinit_iface(struct wpa_supplicant *wpa_s,
3091 int notify, int terminate)
3092 {
3093 wpa_s->disconnected = 1;
3094 if (wpa_s->drv_priv) {
3095 wpa_supplicant_deauthenticate(wpa_s,
3096 WLAN_REASON_DEAUTH_LEAVING);
3097
3098 wpa_drv_set_countermeasures(wpa_s, 0);
3099 wpa_clear_keys(wpa_s, NULL);
3100 }
3101
3102 wpa_supplicant_cleanup(wpa_s);
3103
3104 #ifdef CONFIG_P2P
3105 if (wpa_s == wpa_s->global->p2p_init_wpa_s && wpa_s->global->p2p) {
3106 wpa_dbg(wpa_s, MSG_DEBUG, "P2P: Disable P2P since removing "
3107 "the management interface is being removed");
3108 wpas_p2p_deinit_global(wpa_s->global);
3109 }
3110 #endif /* CONFIG_P2P */
3111
3112 if (wpa_s->drv_priv)
3113 wpa_drv_deinit(wpa_s);
3114
3115 if (notify)
3116 wpas_notify_iface_removed(wpa_s);
3117
3118 if (terminate)
3119 wpa_msg(wpa_s, MSG_INFO, WPA_EVENT_TERMINATING);
3120
3121 if (wpa_s->ctrl_iface) {
3122 wpa_supplicant_ctrl_iface_deinit(wpa_s->ctrl_iface);
3123 wpa_s->ctrl_iface = NULL;
3124 }
3125
3126 if (wpa_s->conf != NULL) {
3127 wpa_config_free(wpa_s->conf);
3128 wpa_s->conf = NULL;
3129 }
3130
3131 os_free(wpa_s);
3132 }
3133
3134
3135 /**
3136 * wpa_supplicant_add_iface - Add a new network interface
3137 * @global: Pointer to global data from wpa_supplicant_init()
3138 * @iface: Interface configuration options
3139 * Returns: Pointer to the created interface or %NULL on failure
3140 *
3141 * This function is used to add new network interfaces for %wpa_supplicant.
3142 * This can be called before wpa_supplicant_run() to add interfaces before the
3143 * main event loop has been started. In addition, new interfaces can be added
3144 * dynamically while %wpa_supplicant is already running. This could happen,
3145 * e.g., when a hotplug network adapter is inserted.
3146 */
wpa_supplicant_add_iface(struct wpa_global * global,struct wpa_interface * iface)3147 struct wpa_supplicant * wpa_supplicant_add_iface(struct wpa_global *global,
3148 struct wpa_interface *iface)
3149 {
3150 struct wpa_supplicant *wpa_s;
3151 struct wpa_interface t_iface;
3152 struct wpa_ssid *ssid;
3153
3154 if (global == NULL || iface == NULL)
3155 return NULL;
3156
3157 wpa_s = wpa_supplicant_alloc();
3158 if (wpa_s == NULL)
3159 return NULL;
3160
3161 wpa_s->global = global;
3162
3163 t_iface = *iface;
3164 if (global->params.override_driver) {
3165 wpa_printf(MSG_DEBUG, "Override interface parameter: driver "
3166 "('%s' -> '%s')",
3167 iface->driver, global->params.override_driver);
3168 t_iface.driver = global->params.override_driver;
3169 }
3170 if (global->params.override_ctrl_interface) {
3171 wpa_printf(MSG_DEBUG, "Override interface parameter: "
3172 "ctrl_interface ('%s' -> '%s')",
3173 iface->ctrl_interface,
3174 global->params.override_ctrl_interface);
3175 t_iface.ctrl_interface =
3176 global->params.override_ctrl_interface;
3177 }
3178 if (wpa_supplicant_init_iface(wpa_s, &t_iface)) {
3179 wpa_printf(MSG_DEBUG, "Failed to add interface %s",
3180 iface->ifname);
3181 wpa_supplicant_deinit_iface(wpa_s, 0, 0);
3182 return NULL;
3183 }
3184
3185 /* Notify the control interfaces about new iface */
3186 if (wpas_notify_iface_added(wpa_s)) {
3187 wpa_supplicant_deinit_iface(wpa_s, 1, 0);
3188 return NULL;
3189 }
3190
3191 for (ssid = wpa_s->conf->ssid; ssid; ssid = ssid->next)
3192 wpas_notify_network_added(wpa_s, ssid);
3193
3194 wpa_s->next = global->ifaces;
3195 global->ifaces = wpa_s;
3196
3197 wpa_dbg(wpa_s, MSG_DEBUG, "Added interface %s", wpa_s->ifname);
3198 wpa_supplicant_set_state(wpa_s, WPA_DISCONNECTED);
3199
3200 return wpa_s;
3201 }
3202
3203
3204 /**
3205 * wpa_supplicant_remove_iface - Remove a network interface
3206 * @global: Pointer to global data from wpa_supplicant_init()
3207 * @wpa_s: Pointer to the network interface to be removed
3208 * Returns: 0 if interface was removed, -1 if interface was not found
3209 *
3210 * This function can be used to dynamically remove network interfaces from
3211 * %wpa_supplicant, e.g., when a hotplug network adapter is ejected. In
3212 * addition, this function is used to remove all remaining interfaces when
3213 * %wpa_supplicant is terminated.
3214 */
wpa_supplicant_remove_iface(struct wpa_global * global,struct wpa_supplicant * wpa_s,int terminate)3215 int wpa_supplicant_remove_iface(struct wpa_global *global,
3216 struct wpa_supplicant *wpa_s,
3217 int terminate)
3218 {
3219 struct wpa_supplicant *prev;
3220
3221 /* Remove interface from the global list of interfaces */
3222 prev = global->ifaces;
3223 if (prev == wpa_s) {
3224 global->ifaces = wpa_s->next;
3225 } else {
3226 while (prev && prev->next != wpa_s)
3227 prev = prev->next;
3228 if (prev == NULL)
3229 return -1;
3230 prev->next = wpa_s->next;
3231 }
3232
3233 wpa_dbg(wpa_s, MSG_DEBUG, "Removing interface %s", wpa_s->ifname);
3234
3235 if (global->p2p_group_formation == wpa_s)
3236 global->p2p_group_formation = NULL;
3237 if (global->p2p_invite_group == wpa_s)
3238 global->p2p_invite_group = NULL;
3239 wpa_supplicant_deinit_iface(wpa_s, 1, terminate);
3240
3241 return 0;
3242 }
3243
3244
3245 /**
3246 * wpa_supplicant_get_eap_mode - Get the current EAP mode
3247 * @wpa_s: Pointer to the network interface
3248 * Returns: Pointer to the eap mode or the string "UNKNOWN" if not found
3249 */
wpa_supplicant_get_eap_mode(struct wpa_supplicant * wpa_s)3250 const char * wpa_supplicant_get_eap_mode(struct wpa_supplicant *wpa_s)
3251 {
3252 const char *eapol_method;
3253
3254 if (wpa_key_mgmt_wpa_ieee8021x(wpa_s->key_mgmt) == 0 &&
3255 wpa_s->key_mgmt != WPA_KEY_MGMT_IEEE8021X_NO_WPA) {
3256 return "NO-EAP";
3257 }
3258
3259 eapol_method = eapol_sm_get_method_name(wpa_s->eapol);
3260 if (eapol_method == NULL)
3261 return "UNKNOWN-EAP";
3262
3263 return eapol_method;
3264 }
3265
3266
3267 /**
3268 * wpa_supplicant_get_iface - Get a new network interface
3269 * @global: Pointer to global data from wpa_supplicant_init()
3270 * @ifname: Interface name
3271 * Returns: Pointer to the interface or %NULL if not found
3272 */
wpa_supplicant_get_iface(struct wpa_global * global,const char * ifname)3273 struct wpa_supplicant * wpa_supplicant_get_iface(struct wpa_global *global,
3274 const char *ifname)
3275 {
3276 struct wpa_supplicant *wpa_s;
3277
3278 for (wpa_s = global->ifaces; wpa_s; wpa_s = wpa_s->next) {
3279 if (os_strcmp(wpa_s->ifname, ifname) == 0)
3280 return wpa_s;
3281 }
3282 return NULL;
3283 }
3284
3285
3286 #ifndef CONFIG_NO_WPA_MSG
wpa_supplicant_msg_ifname_cb(void * ctx)3287 static const char * wpa_supplicant_msg_ifname_cb(void *ctx)
3288 {
3289 struct wpa_supplicant *wpa_s = ctx;
3290 if (wpa_s == NULL)
3291 return NULL;
3292 return wpa_s->ifname;
3293 }
3294 #endif /* CONFIG_NO_WPA_MSG */
3295
3296
3297 /**
3298 * wpa_supplicant_init - Initialize %wpa_supplicant
3299 * @params: Parameters for %wpa_supplicant
3300 * Returns: Pointer to global %wpa_supplicant data, or %NULL on failure
3301 *
3302 * This function is used to initialize %wpa_supplicant. After successful
3303 * initialization, the returned data pointer can be used to add and remove
3304 * network interfaces, and eventually, to deinitialize %wpa_supplicant.
3305 */
wpa_supplicant_init(struct wpa_params * params)3306 struct wpa_global * wpa_supplicant_init(struct wpa_params *params)
3307 {
3308 struct wpa_global *global;
3309 int ret, i;
3310
3311 if (params == NULL)
3312 return NULL;
3313
3314 #ifdef CONFIG_DRIVER_NDIS
3315 {
3316 void driver_ndis_init_ops(void);
3317 driver_ndis_init_ops();
3318 }
3319 #endif /* CONFIG_DRIVER_NDIS */
3320
3321 #ifndef CONFIG_NO_WPA_MSG
3322 wpa_msg_register_ifname_cb(wpa_supplicant_msg_ifname_cb);
3323 #endif /* CONFIG_NO_WPA_MSG */
3324
3325 wpa_debug_open_file(params->wpa_debug_file_path);
3326 if (params->wpa_debug_syslog)
3327 wpa_debug_open_syslog();
3328 if (params->wpa_debug_tracing) {
3329 ret = wpa_debug_open_linux_tracing();
3330 if (ret) {
3331 wpa_printf(MSG_ERROR,
3332 "Failed to enable trace logging");
3333 return NULL;
3334 }
3335 }
3336
3337 ret = eap_register_methods();
3338 if (ret) {
3339 wpa_printf(MSG_ERROR, "Failed to register EAP methods");
3340 if (ret == -2)
3341 wpa_printf(MSG_ERROR, "Two or more EAP methods used "
3342 "the same EAP type.");
3343 return NULL;
3344 }
3345
3346 global = os_zalloc(sizeof(*global));
3347 if (global == NULL)
3348 return NULL;
3349 dl_list_init(&global->p2p_srv_bonjour);
3350 dl_list_init(&global->p2p_srv_upnp);
3351 global->params.daemonize = params->daemonize;
3352 global->params.wait_for_monitor = params->wait_for_monitor;
3353 global->params.dbus_ctrl_interface = params->dbus_ctrl_interface;
3354 if (params->pid_file)
3355 global->params.pid_file = os_strdup(params->pid_file);
3356 if (params->ctrl_interface)
3357 global->params.ctrl_interface =
3358 os_strdup(params->ctrl_interface);
3359 if (params->ctrl_interface_group)
3360 global->params.ctrl_interface_group =
3361 os_strdup(params->ctrl_interface_group);
3362 if (params->override_driver)
3363 global->params.override_driver =
3364 os_strdup(params->override_driver);
3365 if (params->override_ctrl_interface)
3366 global->params.override_ctrl_interface =
3367 os_strdup(params->override_ctrl_interface);
3368 wpa_debug_level = global->params.wpa_debug_level =
3369 params->wpa_debug_level;
3370 wpa_debug_show_keys = global->params.wpa_debug_show_keys =
3371 params->wpa_debug_show_keys;
3372 wpa_debug_timestamp = global->params.wpa_debug_timestamp =
3373 params->wpa_debug_timestamp;
3374
3375 wpa_printf(MSG_DEBUG, "wpa_supplicant v" VERSION_STR);
3376
3377 if (eloop_init()) {
3378 wpa_printf(MSG_ERROR, "Failed to initialize event loop");
3379 wpa_supplicant_deinit(global);
3380 return NULL;
3381 }
3382
3383 random_init(params->entropy_file);
3384
3385 global->ctrl_iface = wpa_supplicant_global_ctrl_iface_init(global);
3386 if (global->ctrl_iface == NULL) {
3387 wpa_supplicant_deinit(global);
3388 return NULL;
3389 }
3390
3391 if (wpas_notify_supplicant_initialized(global)) {
3392 wpa_supplicant_deinit(global);
3393 return NULL;
3394 }
3395
3396 for (i = 0; wpa_drivers[i]; i++)
3397 global->drv_count++;
3398 if (global->drv_count == 0) {
3399 wpa_printf(MSG_ERROR, "No drivers enabled");
3400 wpa_supplicant_deinit(global);
3401 return NULL;
3402 }
3403 global->drv_priv = os_zalloc(global->drv_count * sizeof(void *));
3404 if (global->drv_priv == NULL) {
3405 wpa_supplicant_deinit(global);
3406 return NULL;
3407 }
3408
3409 #ifdef CONFIG_WIFI_DISPLAY
3410 if (wifi_display_init(global) < 0) {
3411 wpa_printf(MSG_ERROR, "Failed to initialize Wi-Fi Display");
3412 wpa_supplicant_deinit(global);
3413 return NULL;
3414 }
3415 #endif /* CONFIG_WIFI_DISPLAY */
3416
3417 return global;
3418 }
3419
3420
3421 /**
3422 * wpa_supplicant_run - Run the %wpa_supplicant main event loop
3423 * @global: Pointer to global data from wpa_supplicant_init()
3424 * Returns: 0 after successful event loop run, -1 on failure
3425 *
3426 * This function starts the main event loop and continues running as long as
3427 * there are any remaining events. In most cases, this function is running as
3428 * long as the %wpa_supplicant process in still in use.
3429 */
wpa_supplicant_run(struct wpa_global * global)3430 int wpa_supplicant_run(struct wpa_global *global)
3431 {
3432 struct wpa_supplicant *wpa_s;
3433
3434 if (global->params.daemonize &&
3435 wpa_supplicant_daemon(global->params.pid_file))
3436 return -1;
3437
3438 if (global->params.wait_for_monitor) {
3439 for (wpa_s = global->ifaces; wpa_s; wpa_s = wpa_s->next)
3440 if (wpa_s->ctrl_iface)
3441 wpa_supplicant_ctrl_iface_wait(
3442 wpa_s->ctrl_iface);
3443 }
3444
3445 eloop_register_signal_terminate(wpa_supplicant_terminate, global);
3446 eloop_register_signal_reconfig(wpa_supplicant_reconfig, global);
3447
3448 eloop_run();
3449
3450 return 0;
3451 }
3452
3453
3454 /**
3455 * wpa_supplicant_deinit - Deinitialize %wpa_supplicant
3456 * @global: Pointer to global data from wpa_supplicant_init()
3457 *
3458 * This function is called to deinitialize %wpa_supplicant and to free all
3459 * allocated resources. Remaining network interfaces will also be removed.
3460 */
wpa_supplicant_deinit(struct wpa_global * global)3461 void wpa_supplicant_deinit(struct wpa_global *global)
3462 {
3463 int i;
3464
3465 if (global == NULL)
3466 return;
3467
3468 #ifdef CONFIG_WIFI_DISPLAY
3469 wifi_display_deinit(global);
3470 #endif /* CONFIG_WIFI_DISPLAY */
3471
3472 while (global->ifaces)
3473 wpa_supplicant_remove_iface(global, global->ifaces, 1);
3474
3475 if (global->ctrl_iface)
3476 wpa_supplicant_global_ctrl_iface_deinit(global->ctrl_iface);
3477
3478 wpas_notify_supplicant_deinitialized(global);
3479
3480 eap_peer_unregister_methods();
3481 #ifdef CONFIG_AP
3482 eap_server_unregister_methods();
3483 #endif /* CONFIG_AP */
3484
3485 for (i = 0; wpa_drivers[i] && global->drv_priv; i++) {
3486 if (!global->drv_priv[i])
3487 continue;
3488 wpa_drivers[i]->global_deinit(global->drv_priv[i]);
3489 }
3490 os_free(global->drv_priv);
3491
3492 random_deinit();
3493
3494 eloop_destroy();
3495
3496 if (global->params.pid_file) {
3497 os_daemonize_terminate(global->params.pid_file);
3498 os_free(global->params.pid_file);
3499 }
3500 os_free(global->params.ctrl_interface);
3501 os_free(global->params.ctrl_interface_group);
3502 os_free(global->params.override_driver);
3503 os_free(global->params.override_ctrl_interface);
3504
3505 os_free(global->p2p_disallow_freq);
3506 os_free(global->add_psk);
3507
3508 os_free(global);
3509 wpa_debug_close_syslog();
3510 wpa_debug_close_file();
3511 wpa_debug_close_linux_tracing();
3512 }
3513
3514
wpa_supplicant_update_config(struct wpa_supplicant * wpa_s)3515 void wpa_supplicant_update_config(struct wpa_supplicant *wpa_s)
3516 {
3517 if ((wpa_s->conf->changed_parameters & CFG_CHANGED_COUNTRY) &&
3518 wpa_s->conf->country[0] && wpa_s->conf->country[1]) {
3519 char country[3];
3520 country[0] = wpa_s->conf->country[0];
3521 country[1] = wpa_s->conf->country[1];
3522 country[2] = '\0';
3523 if (wpa_drv_set_country(wpa_s, country) < 0) {
3524 wpa_printf(MSG_ERROR, "Failed to set country code "
3525 "'%s'", country);
3526 }
3527 }
3528
3529 if (wpa_s->conf->changed_parameters & CFG_CHANGED_EXT_PW_BACKEND)
3530 wpas_init_ext_pw(wpa_s);
3531
3532 #ifdef CONFIG_WPS
3533 wpas_wps_update_config(wpa_s);
3534 #endif /* CONFIG_WPS */
3535
3536 #ifdef CONFIG_P2P
3537 wpas_p2p_update_config(wpa_s);
3538 #endif /* CONFIG_P2P */
3539
3540 wpa_s->conf->changed_parameters = 0;
3541 }
3542
3543
add_freq(int * freqs,int * num_freqs,int freq)3544 static void add_freq(int *freqs, int *num_freqs, int freq)
3545 {
3546 int i;
3547
3548 for (i = 0; i < *num_freqs; i++) {
3549 if (freqs[i] == freq)
3550 return;
3551 }
3552
3553 freqs[*num_freqs] = freq;
3554 (*num_freqs)++;
3555 }
3556
3557
get_bss_freqs_in_ess(struct wpa_supplicant * wpa_s)3558 static int * get_bss_freqs_in_ess(struct wpa_supplicant *wpa_s)
3559 {
3560 struct wpa_bss *bss, *cbss;
3561 const int max_freqs = 10;
3562 int *freqs;
3563 int num_freqs = 0;
3564
3565 freqs = os_zalloc(sizeof(int) * (max_freqs + 1));
3566 if (freqs == NULL)
3567 return NULL;
3568
3569 cbss = wpa_s->current_bss;
3570
3571 dl_list_for_each(bss, &wpa_s->bss, struct wpa_bss, list) {
3572 if (bss == cbss)
3573 continue;
3574 if (bss->ssid_len == cbss->ssid_len &&
3575 os_memcmp(bss->ssid, cbss->ssid, bss->ssid_len) == 0 &&
3576 wpa_blacklist_get(wpa_s, bss->bssid) == NULL) {
3577 add_freq(freqs, &num_freqs, bss->freq);
3578 if (num_freqs == max_freqs)
3579 break;
3580 }
3581 }
3582
3583 if (num_freqs == 0) {
3584 os_free(freqs);
3585 freqs = NULL;
3586 }
3587
3588 return freqs;
3589 }
3590
3591
wpas_connection_failed(struct wpa_supplicant * wpa_s,const u8 * bssid)3592 void wpas_connection_failed(struct wpa_supplicant *wpa_s, const u8 *bssid)
3593 {
3594 int timeout;
3595 int count;
3596 int *freqs = NULL;
3597
3598 /*
3599 * Remove possible authentication timeout since the connection failed.
3600 */
3601 eloop_cancel_timeout(wpa_supplicant_timeout, wpa_s, NULL);
3602
3603 if (wpa_s->disconnected) {
3604 /*
3605 * There is no point in blacklisting the AP if this event is
3606 * generated based on local request to disconnect.
3607 */
3608 wpa_dbg(wpa_s, MSG_DEBUG, "Ignore connection failure "
3609 "indication since interface has been put into "
3610 "disconnected state");
3611 return;
3612 }
3613
3614 /*
3615 * Add the failed BSSID into the blacklist and speed up next scan
3616 * attempt if there could be other APs that could accept association.
3617 * The current blacklist count indicates how many times we have tried
3618 * connecting to this AP and multiple attempts mean that other APs are
3619 * either not available or has already been tried, so that we can start
3620 * increasing the delay here to avoid constant scanning.
3621 */
3622 count = wpa_blacklist_add(wpa_s, bssid);
3623 if (count == 1 && wpa_s->current_bss) {
3624 /*
3625 * This BSS was not in the blacklist before. If there is
3626 * another BSS available for the same ESS, we should try that
3627 * next. Otherwise, we may as well try this one once more
3628 * before allowing other, likely worse, ESSes to be considered.
3629 */
3630 freqs = get_bss_freqs_in_ess(wpa_s);
3631 if (freqs) {
3632 wpa_dbg(wpa_s, MSG_DEBUG, "Another BSS in this ESS "
3633 "has been seen; try it next");
3634 wpa_blacklist_add(wpa_s, bssid);
3635 /*
3636 * On the next scan, go through only the known channels
3637 * used in this ESS based on previous scans to speed up
3638 * common load balancing use case.
3639 */
3640 os_free(wpa_s->next_scan_freqs);
3641 wpa_s->next_scan_freqs = freqs;
3642 }
3643 }
3644
3645 /*
3646 * Add previous failure count in case the temporary blacklist was
3647 * cleared due to no other BSSes being available.
3648 */
3649 count += wpa_s->extra_blacklist_count;
3650
3651 if (count > 3 && wpa_s->current_ssid) {
3652 wpa_printf(MSG_DEBUG, "Continuous association failures - "
3653 "consider temporary network disabling");
3654 wpas_auth_failed(wpa_s);
3655 }
3656
3657 switch (count) {
3658 case 1:
3659 timeout = 100;
3660 break;
3661 case 2:
3662 timeout = 500;
3663 break;
3664 case 3:
3665 timeout = 1000;
3666 break;
3667 case 4:
3668 timeout = 5000;
3669 break;
3670 default:
3671 timeout = 10000;
3672 break;
3673 }
3674
3675 wpa_dbg(wpa_s, MSG_DEBUG, "Blacklist count %d --> request scan in %d "
3676 "ms", count, timeout);
3677
3678 /*
3679 * TODO: if more than one possible AP is available in scan results,
3680 * could try the other ones before requesting a new scan.
3681 */
3682 wpa_supplicant_req_scan(wpa_s, timeout / 1000,
3683 1000 * (timeout % 1000));
3684
3685 wpas_p2p_continue_after_scan(wpa_s);
3686 }
3687
3688
wpas_driver_bss_selection(struct wpa_supplicant * wpa_s)3689 int wpas_driver_bss_selection(struct wpa_supplicant *wpa_s)
3690 {
3691 return wpa_s->conf->ap_scan == 2 ||
3692 (wpa_s->drv_flags & WPA_DRIVER_FLAGS_BSS_SELECTION);
3693 }
3694
3695
3696 #if defined(CONFIG_CTRL_IFACE) || defined(CONFIG_CTRL_IFACE_DBUS_NEW)
wpa_supplicant_ctrl_iface_ctrl_rsp_handle(struct wpa_supplicant * wpa_s,struct wpa_ssid * ssid,const char * field,const char * value)3697 int wpa_supplicant_ctrl_iface_ctrl_rsp_handle(struct wpa_supplicant *wpa_s,
3698 struct wpa_ssid *ssid,
3699 const char *field,
3700 const char *value)
3701 {
3702 #ifdef IEEE8021X_EAPOL
3703 struct eap_peer_config *eap = &ssid->eap;
3704
3705 wpa_printf(MSG_DEBUG, "CTRL_IFACE: response handle field=%s", field);
3706 wpa_hexdump_ascii_key(MSG_DEBUG, "CTRL_IFACE: response value",
3707 (const u8 *) value, os_strlen(value));
3708
3709 switch (wpa_supplicant_ctrl_req_from_string(field)) {
3710 case WPA_CTRL_REQ_EAP_IDENTITY:
3711 os_free(eap->identity);
3712 eap->identity = (u8 *) os_strdup(value);
3713 eap->identity_len = os_strlen(value);
3714 eap->pending_req_identity = 0;
3715 if (ssid == wpa_s->current_ssid)
3716 wpa_s->reassociate = 1;
3717 break;
3718 case WPA_CTRL_REQ_EAP_PASSWORD:
3719 os_free(eap->password);
3720 eap->password = (u8 *) os_strdup(value);
3721 eap->password_len = os_strlen(value);
3722 eap->pending_req_password = 0;
3723 if (ssid == wpa_s->current_ssid)
3724 wpa_s->reassociate = 1;
3725 break;
3726 case WPA_CTRL_REQ_EAP_NEW_PASSWORD:
3727 os_free(eap->new_password);
3728 eap->new_password = (u8 *) os_strdup(value);
3729 eap->new_password_len = os_strlen(value);
3730 eap->pending_req_new_password = 0;
3731 if (ssid == wpa_s->current_ssid)
3732 wpa_s->reassociate = 1;
3733 break;
3734 case WPA_CTRL_REQ_EAP_PIN:
3735 os_free(eap->pin);
3736 eap->pin = os_strdup(value);
3737 eap->pending_req_pin = 0;
3738 if (ssid == wpa_s->current_ssid)
3739 wpa_s->reassociate = 1;
3740 break;
3741 case WPA_CTRL_REQ_EAP_OTP:
3742 os_free(eap->otp);
3743 eap->otp = (u8 *) os_strdup(value);
3744 eap->otp_len = os_strlen(value);
3745 os_free(eap->pending_req_otp);
3746 eap->pending_req_otp = NULL;
3747 eap->pending_req_otp_len = 0;
3748 break;
3749 case WPA_CTRL_REQ_EAP_PASSPHRASE:
3750 os_free(eap->private_key_passwd);
3751 eap->private_key_passwd = (u8 *) os_strdup(value);
3752 eap->pending_req_passphrase = 0;
3753 if (ssid == wpa_s->current_ssid)
3754 wpa_s->reassociate = 1;
3755 break;
3756 default:
3757 wpa_printf(MSG_DEBUG, "CTRL_IFACE: Unknown field '%s'", field);
3758 return -1;
3759 }
3760
3761 return 0;
3762 #else /* IEEE8021X_EAPOL */
3763 wpa_printf(MSG_DEBUG, "CTRL_IFACE: IEEE 802.1X not included");
3764 return -1;
3765 #endif /* IEEE8021X_EAPOL */
3766 }
3767 #endif /* CONFIG_CTRL_IFACE || CONFIG_CTRL_IFACE_DBUS_NEW */
3768
3769
wpas_network_disabled(struct wpa_supplicant * wpa_s,struct wpa_ssid * ssid)3770 int wpas_network_disabled(struct wpa_supplicant *wpa_s, struct wpa_ssid *ssid)
3771 {
3772 int i;
3773 unsigned int drv_enc;
3774
3775 if (ssid == NULL)
3776 return 1;
3777
3778 if (ssid->disabled)
3779 return 1;
3780
3781 if (wpa_s && wpa_s->drv_capa_known)
3782 drv_enc = wpa_s->drv_enc;
3783 else
3784 drv_enc = (unsigned int) -1;
3785
3786 for (i = 0; i < NUM_WEP_KEYS; i++) {
3787 size_t len = ssid->wep_key_len[i];
3788 if (len == 0)
3789 continue;
3790 if (len == 5 && (drv_enc & WPA_DRIVER_CAPA_ENC_WEP40))
3791 continue;
3792 if (len == 13 && (drv_enc & WPA_DRIVER_CAPA_ENC_WEP104))
3793 continue;
3794 if (len == 16 && (drv_enc & WPA_DRIVER_CAPA_ENC_WEP128))
3795 continue;
3796 return 1; /* invalid WEP key */
3797 }
3798
3799 if (wpa_key_mgmt_wpa_psk(ssid->key_mgmt) && !ssid->psk_set &&
3800 !ssid->ext_psk)
3801 return 1;
3802
3803 return 0;
3804 }
3805
3806
wpas_is_p2p_prioritized(struct wpa_supplicant * wpa_s)3807 int wpas_is_p2p_prioritized(struct wpa_supplicant *wpa_s)
3808 {
3809 if (wpa_s->global->conc_pref == WPA_CONC_PREF_P2P)
3810 return 1;
3811 if (wpa_s->global->conc_pref == WPA_CONC_PREF_STA)
3812 return 0;
3813 return -1;
3814 }
3815
3816
wpas_auth_failed(struct wpa_supplicant * wpa_s)3817 void wpas_auth_failed(struct wpa_supplicant *wpa_s)
3818 {
3819 struct wpa_ssid *ssid = wpa_s->current_ssid;
3820 int dur;
3821 struct os_time now;
3822
3823 if (ssid == NULL) {
3824 wpa_printf(MSG_DEBUG, "Authentication failure but no known "
3825 "SSID block");
3826 return;
3827 }
3828
3829 if (ssid->key_mgmt == WPA_KEY_MGMT_WPS)
3830 return;
3831
3832 ssid->auth_failures++;
3833
3834 #ifdef CONFIG_P2P
3835 if (ssid->p2p_group &&
3836 (wpa_s->p2p_in_provisioning || wpa_s->show_group_started)) {
3837 /*
3838 * Skip the wait time since there is a short timeout on the
3839 * connection to a P2P group.
3840 */
3841 return;
3842 }
3843 #endif /* CONFIG_P2P */
3844
3845 if (ssid->auth_failures > 50)
3846 dur = 300;
3847 else if (ssid->auth_failures > 20)
3848 dur = 120;
3849 else if (ssid->auth_failures > 10)
3850 dur = 60;
3851 else if (ssid->auth_failures > 5)
3852 dur = 30;
3853 else if (ssid->auth_failures > 1)
3854 dur = 20;
3855 else
3856 dur = 10;
3857
3858 os_get_time(&now);
3859 if (now.sec + dur <= ssid->disabled_until.sec)
3860 return;
3861
3862 ssid->disabled_until.sec = now.sec + dur;
3863
3864 wpa_msg(wpa_s, MSG_INFO, WPA_EVENT_TEMP_DISABLED
3865 "id=%d ssid=\"%s\" auth_failures=%u duration=%d",
3866 ssid->id, wpa_ssid_txt(ssid->ssid, ssid->ssid_len),
3867 ssid->auth_failures, dur);
3868 }
3869
3870
wpas_clear_temp_disabled(struct wpa_supplicant * wpa_s,struct wpa_ssid * ssid,int clear_failures)3871 void wpas_clear_temp_disabled(struct wpa_supplicant *wpa_s,
3872 struct wpa_ssid *ssid, int clear_failures)
3873 {
3874 if (ssid == NULL)
3875 return;
3876
3877 if (ssid->disabled_until.sec) {
3878 wpa_msg(wpa_s, MSG_INFO, WPA_EVENT_REENABLED
3879 "id=%d ssid=\"%s\"",
3880 ssid->id, wpa_ssid_txt(ssid->ssid, ssid->ssid_len));
3881 }
3882 ssid->disabled_until.sec = 0;
3883 ssid->disabled_until.usec = 0;
3884 if (clear_failures)
3885 ssid->auth_failures = 0;
3886 }
3887
3888
disallowed_bssid(struct wpa_supplicant * wpa_s,const u8 * bssid)3889 int disallowed_bssid(struct wpa_supplicant *wpa_s, const u8 *bssid)
3890 {
3891 size_t i;
3892
3893 if (wpa_s->disallow_aps_bssid == NULL)
3894 return 0;
3895
3896 for (i = 0; i < wpa_s->disallow_aps_bssid_count; i++) {
3897 if (os_memcmp(wpa_s->disallow_aps_bssid + i * ETH_ALEN,
3898 bssid, ETH_ALEN) == 0)
3899 return 1;
3900 }
3901
3902 return 0;
3903 }
3904
3905
disallowed_ssid(struct wpa_supplicant * wpa_s,const u8 * ssid,size_t ssid_len)3906 int disallowed_ssid(struct wpa_supplicant *wpa_s, const u8 *ssid,
3907 size_t ssid_len)
3908 {
3909 size_t i;
3910
3911 if (wpa_s->disallow_aps_ssid == NULL || ssid == NULL)
3912 return 0;
3913
3914 for (i = 0; i < wpa_s->disallow_aps_ssid_count; i++) {
3915 struct wpa_ssid_value *s = &wpa_s->disallow_aps_ssid[i];
3916 if (ssid_len == s->ssid_len &&
3917 os_memcmp(ssid, s->ssid, ssid_len) == 0)
3918 return 1;
3919 }
3920
3921 return 0;
3922 }
3923
3924
3925 /**
3926 * wpas_request_connection - Request a new connection
3927 * @wpa_s: Pointer to the network interface
3928 *
3929 * This function is used to request a new connection to be found. It will mark
3930 * the interface to allow reassociation and request a new scan to find a
3931 * suitable network to connect to.
3932 */
wpas_request_connection(struct wpa_supplicant * wpa_s)3933 void wpas_request_connection(struct wpa_supplicant *wpa_s)
3934 {
3935 wpa_s->normal_scans = 0;
3936 wpa_supplicant_reinit_autoscan(wpa_s);
3937 wpa_s->extra_blacklist_count = 0;
3938 wpa_s->disconnected = 0;
3939 wpa_s->reassociate = 1;
3940
3941 if (wpa_supplicant_fast_associate(wpa_s) != 1)
3942 wpa_supplicant_req_scan(wpa_s, 0, 0);
3943 }
3944
3945
3946 /**
3947 * wpas_wpa_is_in_progress - Check whether a connection is in progress
3948 * @wpa_s: Pointer to wpa_supplicant data
3949 *
3950 * This function is to check if the wpa state is in beginning of the connection
3951 * during 4-way handshake or group key handshake with WPA on any shared
3952 * interface.
3953 */
wpas_wpa_is_in_progress(struct wpa_supplicant * wpa_s)3954 int wpas_wpa_is_in_progress(struct wpa_supplicant *wpa_s)
3955 {
3956 const char *rn, *rn2;
3957 struct wpa_supplicant *ifs;
3958
3959 if (!wpa_s->driver->get_radio_name)
3960 return 0;
3961
3962 rn = wpa_s->driver->get_radio_name(wpa_s->drv_priv);
3963 if (rn == NULL || rn[0] == '\0')
3964 return 0;
3965
3966 for (ifs = wpa_s->global->ifaces; ifs; ifs = ifs->next) {
3967 if (ifs == wpa_s || !ifs->driver->get_radio_name)
3968 continue;
3969
3970 rn2 = ifs->driver->get_radio_name(ifs->drv_priv);
3971 if (!rn2 || os_strcmp(rn, rn2) != 0)
3972 continue;
3973 if (ifs->wpa_state >= WPA_AUTHENTICATING &&
3974 ifs->wpa_state != WPA_COMPLETED) {
3975 wpa_dbg(wpa_s, MSG_DEBUG, "Connection is in progress "
3976 "on interface %s - defer scan", ifs->ifname);
3977 return 1;
3978 }
3979 }
3980
3981 return 0;
3982 }
3983
3984
3985 /*
3986 * Find the operating frequencies of any of the virtual interfaces that
3987 * are using the same radio as the current interface.
3988 */
get_shared_radio_freqs(struct wpa_supplicant * wpa_s,int * freq_array,unsigned int len)3989 int get_shared_radio_freqs(struct wpa_supplicant *wpa_s,
3990 int *freq_array, unsigned int len)
3991 {
3992 const char *rn, *rn2;
3993 struct wpa_supplicant *ifs;
3994 u8 bssid[ETH_ALEN];
3995 int freq;
3996 unsigned int idx = 0, i;
3997
3998 os_memset(freq_array, 0, sizeof(int) * len);
3999
4000 /* First add the frequency of the local interface */
4001 if (wpa_s->current_ssid != NULL && wpa_s->assoc_freq != 0) {
4002 if (wpa_s->current_ssid->mode == WPAS_MODE_AP ||
4003 wpa_s->current_ssid->mode == WPAS_MODE_P2P_GO)
4004 freq_array[idx++] = wpa_s->current_ssid->frequency;
4005 else if (wpa_drv_get_bssid(wpa_s, bssid) == 0)
4006 freq_array[idx++] = wpa_s->assoc_freq;
4007 }
4008
4009 /* If get_radio_name is not supported, use only the local freq */
4010 if (!wpa_s->driver->get_radio_name) {
4011 freq = wpa_drv_shared_freq(wpa_s);
4012 if (freq > 0 && idx < len &&
4013 (idx == 0 || freq_array[0] != freq))
4014 freq_array[idx++] = freq;
4015 return idx;
4016 }
4017
4018 rn = wpa_s->driver->get_radio_name(wpa_s->drv_priv);
4019 if (rn == NULL || rn[0] == '\0')
4020 return idx;
4021
4022 for (ifs = wpa_s->global->ifaces, idx = 0; ifs && idx < len;
4023 ifs = ifs->next) {
4024 if (wpa_s == ifs || !ifs->driver->get_radio_name)
4025 continue;
4026
4027 rn2 = ifs->driver->get_radio_name(ifs->drv_priv);
4028 if (!rn2 || os_strcmp(rn, rn2) != 0)
4029 continue;
4030
4031 if (ifs->current_ssid == NULL || ifs->assoc_freq == 0)
4032 continue;
4033
4034 if (ifs->current_ssid->mode == WPAS_MODE_AP ||
4035 ifs->current_ssid->mode == WPAS_MODE_P2P_GO)
4036 freq = ifs->current_ssid->frequency;
4037 else if (wpa_drv_get_bssid(ifs, bssid) == 0)
4038 freq = ifs->assoc_freq;
4039 else
4040 continue;
4041
4042 /* Hold only distinct freqs */
4043 for (i = 0; i < idx; i++)
4044 if (freq_array[i] == freq)
4045 break;
4046
4047 if (i == idx)
4048 freq_array[idx++] = freq;
4049 }
4050 return idx;
4051 }
4052