• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /*
2  * WPA Supplicant
3  * Copyright (c) 2003-2016, Jouni Malinen <j@w1.fi>
4  *
5  * This software may be distributed under the terms of the BSD license.
6  * See README for more details.
7  *
8  * This file implements functions for registering and unregistering
9  * %wpa_supplicant interfaces. In addition, this file contains number of
10  * functions for managing network connections.
11  */
12 
13 #include "includes.h"
14 #ifdef CONFIG_MATCH_IFACE
15 #include <net/if.h>
16 #include <fnmatch.h>
17 #endif /* CONFIG_MATCH_IFACE */
18 
19 #include "common.h"
20 #include "crypto/random.h"
21 #include "crypto/sha1.h"
22 #include "eapol_supp/eapol_supp_sm.h"
23 #include "eap_peer/eap.h"
24 #include "eap_peer/eap_proxy.h"
25 #include "eap_server/eap_methods.h"
26 #include "rsn_supp/wpa.h"
27 #include "eloop.h"
28 #include "config.h"
29 #include "utils/ext_password.h"
30 #include "l2_packet/l2_packet.h"
31 #include "wpa_supplicant_i.h"
32 #include "driver_i.h"
33 #include "ctrl_iface.h"
34 #include "pcsc_funcs.h"
35 #include "common/version.h"
36 #include "rsn_supp/preauth.h"
37 #include "rsn_supp/pmksa_cache.h"
38 #include "common/wpa_ctrl.h"
39 #include "common/ieee802_11_defs.h"
40 #include "common/hw_features_common.h"
41 #include "p2p/p2p.h"
42 #include "fst/fst.h"
43 #include "blacklist.h"
44 #include "wpas_glue.h"
45 #include "wps_supplicant.h"
46 #include "ibss_rsn.h"
47 #include "sme.h"
48 #include "gas_query.h"
49 #include "ap.h"
50 #include "p2p_supplicant.h"
51 #include "wifi_display.h"
52 #include "notify.h"
53 #include "bgscan.h"
54 #include "autoscan.h"
55 #include "bss.h"
56 #include "scan.h"
57 #include "offchannel.h"
58 #include "hs20_supplicant.h"
59 #include "wnm_sta.h"
60 #include "wpas_kay.h"
61 #include "mesh.h"
62 
63 const char *const wpa_supplicant_version =
64 "wpa_supplicant v" VERSION_STR "\n"
65 "Copyright (c) 2003-2016, Jouni Malinen <j@w1.fi> and contributors";
66 
67 const char *const wpa_supplicant_license =
68 "This software may be distributed under the terms of the BSD license.\n"
69 "See README for more details.\n"
70 #ifdef EAP_TLS_OPENSSL
71 "\nThis product includes software developed by the OpenSSL Project\n"
72 "for use in the OpenSSL Toolkit (http://www.openssl.org/)\n"
73 #endif /* EAP_TLS_OPENSSL */
74 ;
75 
76 #ifndef CONFIG_NO_STDOUT_DEBUG
77 /* Long text divided into parts in order to fit in C89 strings size limits. */
78 const char *const wpa_supplicant_full_license1 =
79 "";
80 const char *const wpa_supplicant_full_license2 =
81 "This software may be distributed under the terms of the BSD license.\n"
82 "\n"
83 "Redistribution and use in source and binary forms, with or without\n"
84 "modification, are permitted provided that the following conditions are\n"
85 "met:\n"
86 "\n";
87 const char *const wpa_supplicant_full_license3 =
88 "1. Redistributions of source code must retain the above copyright\n"
89 "   notice, this list of conditions and the following disclaimer.\n"
90 "\n"
91 "2. Redistributions in binary form must reproduce the above copyright\n"
92 "   notice, this list of conditions and the following disclaimer in the\n"
93 "   documentation and/or other materials provided with the distribution.\n"
94 "\n";
95 const char *const wpa_supplicant_full_license4 =
96 "3. Neither the name(s) of the above-listed copyright holder(s) nor the\n"
97 "   names of its contributors may be used to endorse or promote products\n"
98 "   derived from this software without specific prior written permission.\n"
99 "\n"
100 "THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS\n"
101 "\"AS IS\" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT\n"
102 "LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR\n"
103 "A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT\n";
104 const char *const wpa_supplicant_full_license5 =
105 "OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,\n"
106 "SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT\n"
107 "LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,\n"
108 "DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY\n"
109 "THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT\n"
110 "(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE\n"
111 "OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n"
112 "\n";
113 #endif /* CONFIG_NO_STDOUT_DEBUG */
114 
115 /* Configure default/group WEP keys for static WEP */
wpa_set_wep_keys(struct wpa_supplicant * wpa_s,struct wpa_ssid * ssid)116 int wpa_set_wep_keys(struct wpa_supplicant *wpa_s, struct wpa_ssid *ssid)
117 {
118 	int i, set = 0;
119 
120 	for (i = 0; i < NUM_WEP_KEYS; i++) {
121 		if (ssid->wep_key_len[i] == 0)
122 			continue;
123 
124 		set = 1;
125 		wpa_drv_set_key(wpa_s, WPA_ALG_WEP, NULL,
126 				i, i == ssid->wep_tx_keyidx, NULL, 0,
127 				ssid->wep_key[i], ssid->wep_key_len[i]);
128 	}
129 
130 	return set;
131 }
132 
133 
wpa_supplicant_set_wpa_none_key(struct wpa_supplicant * wpa_s,struct wpa_ssid * ssid)134 int wpa_supplicant_set_wpa_none_key(struct wpa_supplicant *wpa_s,
135 				    struct wpa_ssid *ssid)
136 {
137 	u8 key[32];
138 	size_t keylen;
139 	enum wpa_alg alg;
140 	u8 seq[6] = { 0 };
141 	int ret;
142 
143 	/* IBSS/WPA-None uses only one key (Group) for both receiving and
144 	 * sending unicast and multicast packets. */
145 
146 	if (ssid->mode != WPAS_MODE_IBSS) {
147 		wpa_msg(wpa_s, MSG_INFO, "WPA: Invalid mode %d (not "
148 			"IBSS/ad-hoc) for WPA-None", ssid->mode);
149 		return -1;
150 	}
151 
152 	if (!ssid->psk_set) {
153 		wpa_msg(wpa_s, MSG_INFO, "WPA: No PSK configured for "
154 			"WPA-None");
155 		return -1;
156 	}
157 
158 	switch (wpa_s->group_cipher) {
159 	case WPA_CIPHER_CCMP:
160 		os_memcpy(key, ssid->psk, 16);
161 		keylen = 16;
162 		alg = WPA_ALG_CCMP;
163 		break;
164 	case WPA_CIPHER_GCMP:
165 		os_memcpy(key, ssid->psk, 16);
166 		keylen = 16;
167 		alg = WPA_ALG_GCMP;
168 		break;
169 	case WPA_CIPHER_TKIP:
170 		/* WPA-None uses the same Michael MIC key for both TX and RX */
171 		os_memcpy(key, ssid->psk, 16 + 8);
172 		os_memcpy(key + 16 + 8, ssid->psk + 16, 8);
173 		keylen = 32;
174 		alg = WPA_ALG_TKIP;
175 		break;
176 	default:
177 		wpa_msg(wpa_s, MSG_INFO, "WPA: Invalid group cipher %d for "
178 			"WPA-None", wpa_s->group_cipher);
179 		return -1;
180 	}
181 
182 	/* TODO: should actually remember the previously used seq#, both for TX
183 	 * and RX from each STA.. */
184 
185 	ret = wpa_drv_set_key(wpa_s, alg, NULL, 0, 1, seq, 6, key, keylen);
186 	os_memset(key, 0, sizeof(key));
187 	return ret;
188 }
189 
190 
wpa_supplicant_timeout(void * eloop_ctx,void * timeout_ctx)191 static void wpa_supplicant_timeout(void *eloop_ctx, void *timeout_ctx)
192 {
193 	struct wpa_supplicant *wpa_s = eloop_ctx;
194 	const u8 *bssid = wpa_s->bssid;
195 	if (is_zero_ether_addr(bssid))
196 		bssid = wpa_s->pending_bssid;
197 	wpa_msg(wpa_s, MSG_INFO, "Authentication with " MACSTR " timed out.",
198 		MAC2STR(bssid));
199 	wpa_blacklist_add(wpa_s, bssid);
200 	wpa_sm_notify_disassoc(wpa_s->wpa);
201 	wpa_supplicant_deauthenticate(wpa_s, WLAN_REASON_DEAUTH_LEAVING);
202 	wpa_s->reassociate = 1;
203 
204 	/*
205 	 * If we timed out, the AP or the local radio may be busy.
206 	 * So, wait a second until scanning again.
207 	 */
208 	wpa_supplicant_req_scan(wpa_s, 1, 0);
209 }
210 
211 
212 /**
213  * wpa_supplicant_req_auth_timeout - Schedule a timeout for authentication
214  * @wpa_s: Pointer to wpa_supplicant data
215  * @sec: Number of seconds after which to time out authentication
216  * @usec: Number of microseconds after which to time out authentication
217  *
218  * This function is used to schedule a timeout for the current authentication
219  * attempt.
220  */
wpa_supplicant_req_auth_timeout(struct wpa_supplicant * wpa_s,int sec,int usec)221 void wpa_supplicant_req_auth_timeout(struct wpa_supplicant *wpa_s,
222 				     int sec, int usec)
223 {
224 	if (wpa_s->conf->ap_scan == 0 &&
225 	    (wpa_s->drv_flags & WPA_DRIVER_FLAGS_WIRED))
226 		return;
227 
228 	wpa_dbg(wpa_s, MSG_DEBUG, "Setting authentication timeout: %d sec "
229 		"%d usec", sec, usec);
230 	eloop_cancel_timeout(wpa_supplicant_timeout, wpa_s, NULL);
231 	eloop_register_timeout(sec, usec, wpa_supplicant_timeout, wpa_s, NULL);
232 }
233 
234 
235 /**
236  * wpa_supplicant_cancel_auth_timeout - Cancel authentication timeout
237  * @wpa_s: Pointer to wpa_supplicant data
238  *
239  * This function is used to cancel authentication timeout scheduled with
240  * wpa_supplicant_req_auth_timeout() and it is called when authentication has
241  * been completed.
242  */
wpa_supplicant_cancel_auth_timeout(struct wpa_supplicant * wpa_s)243 void wpa_supplicant_cancel_auth_timeout(struct wpa_supplicant *wpa_s)
244 {
245 	wpa_dbg(wpa_s, MSG_DEBUG, "Cancelling authentication timeout");
246 	eloop_cancel_timeout(wpa_supplicant_timeout, wpa_s, NULL);
247 	wpa_blacklist_del(wpa_s, wpa_s->bssid);
248 }
249 
250 
251 /**
252  * wpa_supplicant_initiate_eapol - Configure EAPOL state machine
253  * @wpa_s: Pointer to wpa_supplicant data
254  *
255  * This function is used to configure EAPOL state machine based on the selected
256  * authentication mode.
257  */
wpa_supplicant_initiate_eapol(struct wpa_supplicant * wpa_s)258 void wpa_supplicant_initiate_eapol(struct wpa_supplicant *wpa_s)
259 {
260 #ifdef IEEE8021X_EAPOL
261 	struct eapol_config eapol_conf;
262 	struct wpa_ssid *ssid = wpa_s->current_ssid;
263 
264 #ifdef CONFIG_IBSS_RSN
265 	if (ssid->mode == WPAS_MODE_IBSS &&
266 	    wpa_s->key_mgmt != WPA_KEY_MGMT_NONE &&
267 	    wpa_s->key_mgmt != WPA_KEY_MGMT_WPA_NONE) {
268 		/*
269 		 * RSN IBSS authentication is per-STA and we can disable the
270 		 * per-BSSID EAPOL authentication.
271 		 */
272 		eapol_sm_notify_portControl(wpa_s->eapol, ForceAuthorized);
273 		eapol_sm_notify_eap_success(wpa_s->eapol, TRUE);
274 		eapol_sm_notify_eap_fail(wpa_s->eapol, FALSE);
275 		return;
276 	}
277 #endif /* CONFIG_IBSS_RSN */
278 
279 	eapol_sm_notify_eap_success(wpa_s->eapol, FALSE);
280 	eapol_sm_notify_eap_fail(wpa_s->eapol, FALSE);
281 
282 	if (wpa_s->key_mgmt == WPA_KEY_MGMT_NONE ||
283 	    wpa_s->key_mgmt == WPA_KEY_MGMT_WPA_NONE)
284 		eapol_sm_notify_portControl(wpa_s->eapol, ForceAuthorized);
285 	else
286 		eapol_sm_notify_portControl(wpa_s->eapol, Auto);
287 
288 	os_memset(&eapol_conf, 0, sizeof(eapol_conf));
289 	if (wpa_s->key_mgmt == WPA_KEY_MGMT_IEEE8021X_NO_WPA) {
290 		eapol_conf.accept_802_1x_keys = 1;
291 		eapol_conf.required_keys = 0;
292 		if (ssid->eapol_flags & EAPOL_FLAG_REQUIRE_KEY_UNICAST) {
293 			eapol_conf.required_keys |= EAPOL_REQUIRE_KEY_UNICAST;
294 		}
295 		if (ssid->eapol_flags & EAPOL_FLAG_REQUIRE_KEY_BROADCAST) {
296 			eapol_conf.required_keys |=
297 				EAPOL_REQUIRE_KEY_BROADCAST;
298 		}
299 
300 		if (wpa_s->drv_flags & WPA_DRIVER_FLAGS_WIRED)
301 			eapol_conf.required_keys = 0;
302 	}
303 	eapol_conf.fast_reauth = wpa_s->conf->fast_reauth;
304 	eapol_conf.workaround = ssid->eap_workaround;
305 	eapol_conf.eap_disabled =
306 		!wpa_key_mgmt_wpa_ieee8021x(wpa_s->key_mgmt) &&
307 		wpa_s->key_mgmt != WPA_KEY_MGMT_IEEE8021X_NO_WPA &&
308 		wpa_s->key_mgmt != WPA_KEY_MGMT_WPS;
309 	eapol_conf.external_sim = wpa_s->conf->external_sim;
310 
311 #ifdef CONFIG_WPS
312 	if (wpa_s->key_mgmt == WPA_KEY_MGMT_WPS) {
313 		eapol_conf.wps |= EAPOL_LOCAL_WPS_IN_USE;
314 		if (wpa_s->current_bss) {
315 			struct wpabuf *ie;
316 			ie = wpa_bss_get_vendor_ie_multi(wpa_s->current_bss,
317 							 WPS_IE_VENDOR_TYPE);
318 			if (ie) {
319 				if (wps_is_20(ie))
320 					eapol_conf.wps |=
321 						EAPOL_PEER_IS_WPS20_AP;
322 				wpabuf_free(ie);
323 			}
324 		}
325 	}
326 #endif /* CONFIG_WPS */
327 
328 	eapol_sm_notify_config(wpa_s->eapol, &ssid->eap, &eapol_conf);
329 
330 	ieee802_1x_alloc_kay_sm(wpa_s, ssid);
331 #endif /* IEEE8021X_EAPOL */
332 }
333 
334 
335 /**
336  * wpa_supplicant_set_non_wpa_policy - Set WPA parameters to non-WPA mode
337  * @wpa_s: Pointer to wpa_supplicant data
338  * @ssid: Configuration data for the network
339  *
340  * This function is used to configure WPA state machine and related parameters
341  * to a mode where WPA is not enabled. This is called as part of the
342  * authentication configuration when the selected network does not use WPA.
343  */
wpa_supplicant_set_non_wpa_policy(struct wpa_supplicant * wpa_s,struct wpa_ssid * ssid)344 void wpa_supplicant_set_non_wpa_policy(struct wpa_supplicant *wpa_s,
345 				       struct wpa_ssid *ssid)
346 {
347 	int i;
348 
349 	if (ssid->key_mgmt & WPA_KEY_MGMT_WPS)
350 		wpa_s->key_mgmt = WPA_KEY_MGMT_WPS;
351 	else if (ssid->key_mgmt & WPA_KEY_MGMT_IEEE8021X_NO_WPA)
352 		wpa_s->key_mgmt = WPA_KEY_MGMT_IEEE8021X_NO_WPA;
353 	else
354 		wpa_s->key_mgmt = WPA_KEY_MGMT_NONE;
355 	wpa_sm_set_ap_wpa_ie(wpa_s->wpa, NULL, 0);
356 	wpa_sm_set_ap_rsn_ie(wpa_s->wpa, NULL, 0);
357 	wpa_sm_set_assoc_wpa_ie(wpa_s->wpa, NULL, 0);
358 	wpa_s->pairwise_cipher = WPA_CIPHER_NONE;
359 	wpa_s->group_cipher = WPA_CIPHER_NONE;
360 	wpa_s->mgmt_group_cipher = 0;
361 
362 	for (i = 0; i < NUM_WEP_KEYS; i++) {
363 		if (ssid->wep_key_len[i] > 5) {
364 			wpa_s->pairwise_cipher = WPA_CIPHER_WEP104;
365 			wpa_s->group_cipher = WPA_CIPHER_WEP104;
366 			break;
367 		} else if (ssid->wep_key_len[i] > 0) {
368 			wpa_s->pairwise_cipher = WPA_CIPHER_WEP40;
369 			wpa_s->group_cipher = WPA_CIPHER_WEP40;
370 			break;
371 		}
372 	}
373 
374 	wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_RSN_ENABLED, 0);
375 	wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_KEY_MGMT, wpa_s->key_mgmt);
376 	wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_PAIRWISE,
377 			 wpa_s->pairwise_cipher);
378 	wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_GROUP, wpa_s->group_cipher);
379 #ifdef CONFIG_IEEE80211W
380 	wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_MGMT_GROUP,
381 			 wpa_s->mgmt_group_cipher);
382 #endif /* CONFIG_IEEE80211W */
383 
384 	pmksa_cache_clear_current(wpa_s->wpa);
385 }
386 
387 
free_hw_features(struct wpa_supplicant * wpa_s)388 void free_hw_features(struct wpa_supplicant *wpa_s)
389 {
390 	int i;
391 	if (wpa_s->hw.modes == NULL)
392 		return;
393 
394 	for (i = 0; i < wpa_s->hw.num_modes; i++) {
395 		os_free(wpa_s->hw.modes[i].channels);
396 		os_free(wpa_s->hw.modes[i].rates);
397 	}
398 
399 	os_free(wpa_s->hw.modes);
400 	wpa_s->hw.modes = NULL;
401 }
402 
403 
free_bss_tmp_disallowed(struct wpa_supplicant * wpa_s)404 static void free_bss_tmp_disallowed(struct wpa_supplicant *wpa_s)
405 {
406 	struct wpa_bss_tmp_disallowed *bss, *prev;
407 
408 	dl_list_for_each_safe(bss, prev, &wpa_s->bss_tmp_disallowed,
409 			      struct wpa_bss_tmp_disallowed, list) {
410 		dl_list_del(&bss->list);
411 		os_free(bss);
412 	}
413 }
414 
415 
wpa_supplicant_cleanup(struct wpa_supplicant * wpa_s)416 static void wpa_supplicant_cleanup(struct wpa_supplicant *wpa_s)
417 {
418 	int i;
419 
420 	bgscan_deinit(wpa_s);
421 	autoscan_deinit(wpa_s);
422 	scard_deinit(wpa_s->scard);
423 	wpa_s->scard = NULL;
424 	wpa_sm_set_scard_ctx(wpa_s->wpa, NULL);
425 	eapol_sm_register_scard_ctx(wpa_s->eapol, NULL);
426 	l2_packet_deinit(wpa_s->l2);
427 	wpa_s->l2 = NULL;
428 	if (wpa_s->l2_br) {
429 		l2_packet_deinit(wpa_s->l2_br);
430 		wpa_s->l2_br = NULL;
431 	}
432 #ifdef CONFIG_TESTING_OPTIONS
433 	l2_packet_deinit(wpa_s->l2_test);
434 	wpa_s->l2_test = NULL;
435 #endif /* CONFIG_TESTING_OPTIONS */
436 
437 	if (wpa_s->conf != NULL) {
438 		struct wpa_ssid *ssid;
439 		for (ssid = wpa_s->conf->ssid; ssid; ssid = ssid->next)
440 			wpas_notify_network_removed(wpa_s, ssid);
441 	}
442 
443 	os_free(wpa_s->confname);
444 	wpa_s->confname = NULL;
445 
446 	os_free(wpa_s->confanother);
447 	wpa_s->confanother = NULL;
448 
449 	wpa_sm_set_eapol(wpa_s->wpa, NULL);
450 	eapol_sm_deinit(wpa_s->eapol);
451 	wpa_s->eapol = NULL;
452 
453 	rsn_preauth_deinit(wpa_s->wpa);
454 
455 #ifdef CONFIG_TDLS
456 	wpa_tdls_deinit(wpa_s->wpa);
457 #endif /* CONFIG_TDLS */
458 
459 	wmm_ac_clear_saved_tspecs(wpa_s);
460 	pmksa_candidate_free(wpa_s->wpa);
461 	wpa_sm_deinit(wpa_s->wpa);
462 	wpa_s->wpa = NULL;
463 	wpa_blacklist_clear(wpa_s);
464 
465 	wpa_bss_deinit(wpa_s);
466 
467 	wpa_supplicant_cancel_delayed_sched_scan(wpa_s);
468 	wpa_supplicant_cancel_scan(wpa_s);
469 	wpa_supplicant_cancel_auth_timeout(wpa_s);
470 	eloop_cancel_timeout(wpa_supplicant_stop_countermeasures, wpa_s, NULL);
471 #ifdef CONFIG_DELAYED_MIC_ERROR_REPORT
472 	eloop_cancel_timeout(wpa_supplicant_delayed_mic_error_report,
473 			     wpa_s, NULL);
474 #endif /* CONFIG_DELAYED_MIC_ERROR_REPORT */
475 
476 	eloop_cancel_timeout(wpas_network_reenabled, wpa_s, NULL);
477 
478 	wpas_wps_deinit(wpa_s);
479 
480 	wpabuf_free(wpa_s->pending_eapol_rx);
481 	wpa_s->pending_eapol_rx = NULL;
482 
483 #ifdef CONFIG_IBSS_RSN
484 	ibss_rsn_deinit(wpa_s->ibss_rsn);
485 	wpa_s->ibss_rsn = NULL;
486 #endif /* CONFIG_IBSS_RSN */
487 
488 	sme_deinit(wpa_s);
489 
490 #ifdef CONFIG_AP
491 	wpa_supplicant_ap_deinit(wpa_s);
492 #endif /* CONFIG_AP */
493 
494 	wpas_p2p_deinit(wpa_s);
495 
496 #ifdef CONFIG_OFFCHANNEL
497 	offchannel_deinit(wpa_s);
498 #endif /* CONFIG_OFFCHANNEL */
499 
500 	wpa_supplicant_cancel_sched_scan(wpa_s);
501 
502 	os_free(wpa_s->next_scan_freqs);
503 	wpa_s->next_scan_freqs = NULL;
504 
505 	os_free(wpa_s->manual_scan_freqs);
506 	wpa_s->manual_scan_freqs = NULL;
507 
508 	os_free(wpa_s->manual_sched_scan_freqs);
509 	wpa_s->manual_sched_scan_freqs = NULL;
510 
511 	wpas_mac_addr_rand_scan_clear(wpa_s, MAC_ADDR_RAND_ALL);
512 
513 	/*
514 	 * Need to remove any pending gas-query radio work before the
515 	 * gas_query_deinit() call because gas_query::work has not yet been set
516 	 * for works that have not been started. gas_query_free() will be unable
517 	 * to cancel such pending radio works and once the pending gas-query
518 	 * radio work eventually gets removed, the deinit notification call to
519 	 * gas_query_start_cb() would result in dereferencing freed memory.
520 	 */
521 	if (wpa_s->radio)
522 		radio_remove_works(wpa_s, "gas-query", 0);
523 	gas_query_deinit(wpa_s->gas);
524 	wpa_s->gas = NULL;
525 
526 	free_hw_features(wpa_s);
527 
528 	ieee802_1x_dealloc_kay_sm(wpa_s);
529 
530 	os_free(wpa_s->bssid_filter);
531 	wpa_s->bssid_filter = NULL;
532 
533 	os_free(wpa_s->disallow_aps_bssid);
534 	wpa_s->disallow_aps_bssid = NULL;
535 	os_free(wpa_s->disallow_aps_ssid);
536 	wpa_s->disallow_aps_ssid = NULL;
537 
538 	wnm_bss_keep_alive_deinit(wpa_s);
539 #ifdef CONFIG_WNM
540 	wnm_deallocate_memory(wpa_s);
541 #endif /* CONFIG_WNM */
542 
543 	ext_password_deinit(wpa_s->ext_pw);
544 	wpa_s->ext_pw = NULL;
545 
546 	wpabuf_free(wpa_s->last_gas_resp);
547 	wpa_s->last_gas_resp = NULL;
548 	wpabuf_free(wpa_s->prev_gas_resp);
549 	wpa_s->prev_gas_resp = NULL;
550 
551 	os_free(wpa_s->last_scan_res);
552 	wpa_s->last_scan_res = NULL;
553 
554 #ifdef CONFIG_HS20
555 	hs20_deinit(wpa_s);
556 #endif /* CONFIG_HS20 */
557 
558 	for (i = 0; i < NUM_VENDOR_ELEM_FRAMES; i++) {
559 		wpabuf_free(wpa_s->vendor_elem[i]);
560 		wpa_s->vendor_elem[i] = NULL;
561 	}
562 
563 	wmm_ac_notify_disassoc(wpa_s);
564 
565 	wpa_s->sched_scan_plans_num = 0;
566 	os_free(wpa_s->sched_scan_plans);
567 	wpa_s->sched_scan_plans = NULL;
568 
569 #ifdef CONFIG_MBO
570 	wpa_s->non_pref_chan_num = 0;
571 	os_free(wpa_s->non_pref_chan);
572 	wpa_s->non_pref_chan = NULL;
573 #endif /* CONFIG_MBO */
574 
575 	free_bss_tmp_disallowed(wpa_s);
576 }
577 
578 
579 /**
580  * wpa_clear_keys - Clear keys configured for the driver
581  * @wpa_s: Pointer to wpa_supplicant data
582  * @addr: Previously used BSSID or %NULL if not available
583  *
584  * This function clears the encryption keys that has been previously configured
585  * for the driver.
586  */
wpa_clear_keys(struct wpa_supplicant * wpa_s,const u8 * addr)587 void wpa_clear_keys(struct wpa_supplicant *wpa_s, const u8 *addr)
588 {
589 	int i, max;
590 
591 #ifdef CONFIG_IEEE80211W
592 	max = 6;
593 #else /* CONFIG_IEEE80211W */
594 	max = 4;
595 #endif /* CONFIG_IEEE80211W */
596 
597 	/* MLME-DELETEKEYS.request */
598 	for (i = 0; i < max; i++) {
599 		if (wpa_s->keys_cleared & BIT(i))
600 			continue;
601 		wpa_drv_set_key(wpa_s, WPA_ALG_NONE, NULL, i, 0, NULL, 0,
602 				NULL, 0);
603 	}
604 	if (!(wpa_s->keys_cleared & BIT(0)) && addr &&
605 	    !is_zero_ether_addr(addr)) {
606 		wpa_drv_set_key(wpa_s, WPA_ALG_NONE, addr, 0, 0, NULL, 0, NULL,
607 				0);
608 		/* MLME-SETPROTECTION.request(None) */
609 		wpa_drv_mlme_setprotection(
610 			wpa_s, addr,
611 			MLME_SETPROTECTION_PROTECT_TYPE_NONE,
612 			MLME_SETPROTECTION_KEY_TYPE_PAIRWISE);
613 	}
614 	wpa_s->keys_cleared = (u32) -1;
615 }
616 
617 
618 /**
619  * wpa_supplicant_state_txt - Get the connection state name as a text string
620  * @state: State (wpa_state; WPA_*)
621  * Returns: The state name as a printable text string
622  */
wpa_supplicant_state_txt(enum wpa_states state)623 const char * wpa_supplicant_state_txt(enum wpa_states state)
624 {
625 	switch (state) {
626 	case WPA_DISCONNECTED:
627 		return "DISCONNECTED";
628 	case WPA_INACTIVE:
629 		return "INACTIVE";
630 	case WPA_INTERFACE_DISABLED:
631 		return "INTERFACE_DISABLED";
632 	case WPA_SCANNING:
633 		return "SCANNING";
634 	case WPA_AUTHENTICATING:
635 		return "AUTHENTICATING";
636 	case WPA_ASSOCIATING:
637 		return "ASSOCIATING";
638 	case WPA_ASSOCIATED:
639 		return "ASSOCIATED";
640 	case WPA_4WAY_HANDSHAKE:
641 		return "4WAY_HANDSHAKE";
642 	case WPA_GROUP_HANDSHAKE:
643 		return "GROUP_HANDSHAKE";
644 	case WPA_COMPLETED:
645 		return "COMPLETED";
646 	default:
647 		return "UNKNOWN";
648 	}
649 }
650 
651 
652 #ifdef CONFIG_BGSCAN
653 
wpa_supplicant_start_bgscan(struct wpa_supplicant * wpa_s)654 static void wpa_supplicant_start_bgscan(struct wpa_supplicant *wpa_s)
655 {
656 	const char *name;
657 
658 	if (wpa_s->current_ssid && wpa_s->current_ssid->bgscan)
659 		name = wpa_s->current_ssid->bgscan;
660 	else
661 		name = wpa_s->conf->bgscan;
662 	if (name == NULL || name[0] == '\0')
663 		return;
664 	if (wpas_driver_bss_selection(wpa_s))
665 		return;
666 	if (wpa_s->current_ssid == wpa_s->bgscan_ssid)
667 		return;
668 #ifdef CONFIG_P2P
669 	if (wpa_s->p2p_group_interface != NOT_P2P_GROUP_INTERFACE)
670 		return;
671 #endif /* CONFIG_P2P */
672 
673 	bgscan_deinit(wpa_s);
674 	if (wpa_s->current_ssid) {
675 		if (bgscan_init(wpa_s, wpa_s->current_ssid, name)) {
676 			wpa_dbg(wpa_s, MSG_DEBUG, "Failed to initialize "
677 				"bgscan");
678 			/*
679 			 * Live without bgscan; it is only used as a roaming
680 			 * optimization, so the initial connection is not
681 			 * affected.
682 			 */
683 		} else {
684 			struct wpa_scan_results *scan_res;
685 			wpa_s->bgscan_ssid = wpa_s->current_ssid;
686 			scan_res = wpa_supplicant_get_scan_results(wpa_s, NULL,
687 								   0);
688 			if (scan_res) {
689 				bgscan_notify_scan(wpa_s, scan_res);
690 				wpa_scan_results_free(scan_res);
691 			}
692 		}
693 	} else
694 		wpa_s->bgscan_ssid = NULL;
695 }
696 
697 
wpa_supplicant_stop_bgscan(struct wpa_supplicant * wpa_s)698 static void wpa_supplicant_stop_bgscan(struct wpa_supplicant *wpa_s)
699 {
700 	if (wpa_s->bgscan_ssid != NULL) {
701 		bgscan_deinit(wpa_s);
702 		wpa_s->bgscan_ssid = NULL;
703 	}
704 }
705 
706 #endif /* CONFIG_BGSCAN */
707 
708 
wpa_supplicant_start_autoscan(struct wpa_supplicant * wpa_s)709 static void wpa_supplicant_start_autoscan(struct wpa_supplicant *wpa_s)
710 {
711 	if (autoscan_init(wpa_s, 0))
712 		wpa_dbg(wpa_s, MSG_DEBUG, "Failed to initialize autoscan");
713 }
714 
715 
wpa_supplicant_stop_autoscan(struct wpa_supplicant * wpa_s)716 static void wpa_supplicant_stop_autoscan(struct wpa_supplicant *wpa_s)
717 {
718 	autoscan_deinit(wpa_s);
719 }
720 
721 
wpa_supplicant_reinit_autoscan(struct wpa_supplicant * wpa_s)722 void wpa_supplicant_reinit_autoscan(struct wpa_supplicant *wpa_s)
723 {
724 	if (wpa_s->wpa_state == WPA_DISCONNECTED ||
725 	    wpa_s->wpa_state == WPA_SCANNING) {
726 		autoscan_deinit(wpa_s);
727 		wpa_supplicant_start_autoscan(wpa_s);
728 	}
729 }
730 
731 
732 /**
733  * wpa_supplicant_set_state - Set current connection state
734  * @wpa_s: Pointer to wpa_supplicant data
735  * @state: The new connection state
736  *
737  * This function is called whenever the connection state changes, e.g.,
738  * association is completed for WPA/WPA2 4-Way Handshake is started.
739  */
wpa_supplicant_set_state(struct wpa_supplicant * wpa_s,enum wpa_states state)740 void wpa_supplicant_set_state(struct wpa_supplicant *wpa_s,
741 			      enum wpa_states state)
742 {
743 	enum wpa_states old_state = wpa_s->wpa_state;
744 
745 	wpa_dbg(wpa_s, MSG_DEBUG, "State: %s -> %s",
746 		wpa_supplicant_state_txt(wpa_s->wpa_state),
747 		wpa_supplicant_state_txt(state));
748 
749 	if (state == WPA_INTERFACE_DISABLED) {
750 		/* Assure normal scan when interface is restored */
751 		wpa_s->normal_scans = 0;
752 	}
753 
754 	if (state == WPA_COMPLETED) {
755 		wpas_connect_work_done(wpa_s);
756 		/* Reinitialize normal_scan counter */
757 		wpa_s->normal_scans = 0;
758 	}
759 
760 #ifdef CONFIG_P2P
761 	/*
762 	 * P2PS client has to reply to Probe Request frames received on the
763 	 * group operating channel. Enable Probe Request frame reporting for
764 	 * P2P connected client in case p2p_cli_probe configuration property is
765 	 * set to 1.
766 	 */
767 	if (wpa_s->conf->p2p_cli_probe && wpa_s->current_ssid &&
768 	    wpa_s->current_ssid->mode == WPAS_MODE_INFRA &&
769 	    wpa_s->current_ssid->p2p_group) {
770 		if (state == WPA_COMPLETED && !wpa_s->p2p_cli_probe) {
771 			wpa_dbg(wpa_s, MSG_DEBUG,
772 				"P2P: Enable CLI Probe Request RX reporting");
773 			wpa_s->p2p_cli_probe =
774 				wpa_drv_probe_req_report(wpa_s, 1) >= 0;
775 		} else if (state != WPA_COMPLETED && wpa_s->p2p_cli_probe) {
776 			wpa_dbg(wpa_s, MSG_DEBUG,
777 				"P2P: Disable CLI Probe Request RX reporting");
778 			wpa_s->p2p_cli_probe = 0;
779 			wpa_drv_probe_req_report(wpa_s, 0);
780 		}
781 	}
782 #endif /* CONFIG_P2P */
783 
784 	if (state != WPA_SCANNING)
785 		wpa_supplicant_notify_scanning(wpa_s, 0);
786 
787 	if (state == WPA_COMPLETED && wpa_s->new_connection) {
788 		struct wpa_ssid *ssid = wpa_s->current_ssid;
789 #if defined(CONFIG_CTRL_IFACE) || !defined(CONFIG_NO_STDOUT_DEBUG)
790 		wpa_msg(wpa_s, MSG_INFO, WPA_EVENT_CONNECTED "- Connection to "
791 			MACSTR " completed [id=%d id_str=%s]",
792 			MAC2STR(wpa_s->bssid),
793 			ssid ? ssid->id : -1,
794 			ssid && ssid->id_str ? ssid->id_str : "");
795 #endif /* CONFIG_CTRL_IFACE || !CONFIG_NO_STDOUT_DEBUG */
796 		wpas_clear_temp_disabled(wpa_s, ssid, 1);
797 		wpa_blacklist_clear(wpa_s);
798 		wpa_s->extra_blacklist_count = 0;
799 		wpa_s->new_connection = 0;
800 		wpa_drv_set_operstate(wpa_s, 1);
801 #ifndef IEEE8021X_EAPOL
802 		wpa_drv_set_supp_port(wpa_s, 1);
803 #endif /* IEEE8021X_EAPOL */
804 		wpa_s->after_wps = 0;
805 		wpa_s->known_wps_freq = 0;
806 		wpas_p2p_completed(wpa_s);
807 
808 		sme_sched_obss_scan(wpa_s, 1);
809 	} else if (state == WPA_DISCONNECTED || state == WPA_ASSOCIATING ||
810 		   state == WPA_ASSOCIATED) {
811 		wpa_s->new_connection = 1;
812 		wpa_drv_set_operstate(wpa_s, 0);
813 #ifndef IEEE8021X_EAPOL
814 		wpa_drv_set_supp_port(wpa_s, 0);
815 #endif /* IEEE8021X_EAPOL */
816 		sme_sched_obss_scan(wpa_s, 0);
817 	}
818 	wpa_s->wpa_state = state;
819 
820 #ifdef CONFIG_BGSCAN
821 	if (state == WPA_COMPLETED)
822 		wpa_supplicant_start_bgscan(wpa_s);
823 	else if (state < WPA_ASSOCIATED)
824 		wpa_supplicant_stop_bgscan(wpa_s);
825 #endif /* CONFIG_BGSCAN */
826 
827 	if (state == WPA_AUTHENTICATING)
828 		wpa_supplicant_stop_autoscan(wpa_s);
829 
830 	if (state == WPA_DISCONNECTED || state == WPA_INACTIVE)
831 		wpa_supplicant_start_autoscan(wpa_s);
832 
833 	if (old_state >= WPA_ASSOCIATED && wpa_s->wpa_state < WPA_ASSOCIATED)
834 		wmm_ac_notify_disassoc(wpa_s);
835 
836 	if (wpa_s->wpa_state != old_state) {
837 		wpas_notify_state_changed(wpa_s, wpa_s->wpa_state, old_state);
838 
839 		/*
840 		 * Notify the P2P Device interface about a state change in one
841 		 * of the interfaces.
842 		 */
843 		wpas_p2p_indicate_state_change(wpa_s);
844 
845 		if (wpa_s->wpa_state == WPA_COMPLETED ||
846 		    old_state == WPA_COMPLETED)
847 			wpas_notify_auth_changed(wpa_s);
848 	}
849 }
850 
851 
wpa_supplicant_terminate_proc(struct wpa_global * global)852 void wpa_supplicant_terminate_proc(struct wpa_global *global)
853 {
854 	int pending = 0;
855 #ifdef CONFIG_WPS
856 	struct wpa_supplicant *wpa_s = global->ifaces;
857 	while (wpa_s) {
858 		struct wpa_supplicant *next = wpa_s->next;
859 		if (wpas_wps_terminate_pending(wpa_s) == 1)
860 			pending = 1;
861 #ifdef CONFIG_P2P
862 		if (wpa_s->p2p_group_interface != NOT_P2P_GROUP_INTERFACE ||
863 		    (wpa_s->current_ssid && wpa_s->current_ssid->p2p_group))
864 			wpas_p2p_disconnect(wpa_s);
865 #endif /* CONFIG_P2P */
866 		wpa_s = next;
867 	}
868 #endif /* CONFIG_WPS */
869 	if (pending)
870 		return;
871 	eloop_terminate();
872 }
873 
874 
wpa_supplicant_terminate(int sig,void * signal_ctx)875 static void wpa_supplicant_terminate(int sig, void *signal_ctx)
876 {
877 	struct wpa_global *global = signal_ctx;
878 	wpa_supplicant_terminate_proc(global);
879 }
880 
881 
wpa_supplicant_clear_status(struct wpa_supplicant * wpa_s)882 void wpa_supplicant_clear_status(struct wpa_supplicant *wpa_s)
883 {
884 	enum wpa_states old_state = wpa_s->wpa_state;
885 
886 	wpa_s->pairwise_cipher = 0;
887 	wpa_s->group_cipher = 0;
888 	wpa_s->mgmt_group_cipher = 0;
889 	wpa_s->key_mgmt = 0;
890 	if (wpa_s->wpa_state != WPA_INTERFACE_DISABLED)
891 		wpa_supplicant_set_state(wpa_s, WPA_DISCONNECTED);
892 
893 	if (wpa_s->wpa_state != old_state)
894 		wpas_notify_state_changed(wpa_s, wpa_s->wpa_state, old_state);
895 }
896 
897 
898 /**
899  * wpa_supplicant_reload_configuration - Reload configuration data
900  * @wpa_s: Pointer to wpa_supplicant data
901  * Returns: 0 on success or -1 if configuration parsing failed
902  *
903  * This function can be used to request that the configuration data is reloaded
904  * (e.g., after configuration file change). This function is reloading
905  * configuration only for one interface, so this may need to be called multiple
906  * times if %wpa_supplicant is controlling multiple interfaces and all
907  * interfaces need reconfiguration.
908  */
wpa_supplicant_reload_configuration(struct wpa_supplicant * wpa_s)909 int wpa_supplicant_reload_configuration(struct wpa_supplicant *wpa_s)
910 {
911 	struct wpa_config *conf;
912 	int reconf_ctrl;
913 	int old_ap_scan;
914 
915 	if (wpa_s->confname == NULL)
916 		return -1;
917 	conf = wpa_config_read(wpa_s->confname, NULL);
918 	if (conf == NULL) {
919 		wpa_msg(wpa_s, MSG_ERROR, "Failed to parse the configuration "
920 			"file '%s' - exiting", wpa_s->confname);
921 		return -1;
922 	}
923 	wpa_config_read(wpa_s->confanother, conf);
924 
925 	conf->changed_parameters = (unsigned int) -1;
926 
927 	reconf_ctrl = !!conf->ctrl_interface != !!wpa_s->conf->ctrl_interface
928 		|| (conf->ctrl_interface && wpa_s->conf->ctrl_interface &&
929 		    os_strcmp(conf->ctrl_interface,
930 			      wpa_s->conf->ctrl_interface) != 0);
931 
932 	if (reconf_ctrl && wpa_s->ctrl_iface) {
933 		wpa_supplicant_ctrl_iface_deinit(wpa_s->ctrl_iface);
934 		wpa_s->ctrl_iface = NULL;
935 	}
936 
937 	eapol_sm_invalidate_cached_session(wpa_s->eapol);
938 	if (wpa_s->current_ssid) {
939 		if (wpa_s->wpa_state >= WPA_AUTHENTICATING)
940 			wpa_s->own_disconnect_req = 1;
941 		wpa_supplicant_deauthenticate(wpa_s,
942 					      WLAN_REASON_DEAUTH_LEAVING);
943 	}
944 
945 	/*
946 	 * TODO: should notify EAPOL SM about changes in opensc_engine_path,
947 	 * pkcs11_engine_path, pkcs11_module_path, openssl_ciphers.
948 	 */
949 	if (wpa_key_mgmt_wpa_psk(wpa_s->key_mgmt)) {
950 		/*
951 		 * Clear forced success to clear EAP state for next
952 		 * authentication.
953 		 */
954 		eapol_sm_notify_eap_success(wpa_s->eapol, FALSE);
955 	}
956 	eapol_sm_notify_config(wpa_s->eapol, NULL, NULL);
957 	wpa_sm_set_config(wpa_s->wpa, NULL);
958 	wpa_sm_pmksa_cache_flush(wpa_s->wpa, NULL);
959 	wpa_sm_set_fast_reauth(wpa_s->wpa, wpa_s->conf->fast_reauth);
960 	rsn_preauth_deinit(wpa_s->wpa);
961 
962 	old_ap_scan = wpa_s->conf->ap_scan;
963 	wpa_config_free(wpa_s->conf);
964 	wpa_s->conf = conf;
965 	if (old_ap_scan != wpa_s->conf->ap_scan)
966 		wpas_notify_ap_scan_changed(wpa_s);
967 
968 	if (reconf_ctrl)
969 		wpa_s->ctrl_iface = wpa_supplicant_ctrl_iface_init(wpa_s);
970 
971 	wpa_supplicant_update_config(wpa_s);
972 
973 	wpa_supplicant_clear_status(wpa_s);
974 	if (wpa_supplicant_enabled_networks(wpa_s)) {
975 		wpa_s->reassociate = 1;
976 		wpa_supplicant_req_scan(wpa_s, 0, 0);
977 	}
978 	wpa_dbg(wpa_s, MSG_DEBUG, "Reconfiguration completed");
979 	return 0;
980 }
981 
982 
wpa_supplicant_reconfig(int sig,void * signal_ctx)983 static void wpa_supplicant_reconfig(int sig, void *signal_ctx)
984 {
985 	struct wpa_global *global = signal_ctx;
986 	struct wpa_supplicant *wpa_s;
987 	for (wpa_s = global->ifaces; wpa_s; wpa_s = wpa_s->next) {
988 		wpa_dbg(wpa_s, MSG_DEBUG, "Signal %d received - reconfiguring",
989 			sig);
990 		if (wpa_supplicant_reload_configuration(wpa_s) < 0) {
991 			wpa_supplicant_terminate_proc(global);
992 		}
993 	}
994 
995 	if (wpa_debug_reopen_file() < 0) {
996 		/* Ignore errors since we cannot really do much to fix this */
997 		wpa_printf(MSG_DEBUG, "Could not reopen debug log file");
998 	}
999 }
1000 
1001 
wpa_supplicant_suites_from_ai(struct wpa_supplicant * wpa_s,struct wpa_ssid * ssid,struct wpa_ie_data * ie)1002 static int wpa_supplicant_suites_from_ai(struct wpa_supplicant *wpa_s,
1003 					 struct wpa_ssid *ssid,
1004 					 struct wpa_ie_data *ie)
1005 {
1006 	int ret = wpa_sm_parse_own_wpa_ie(wpa_s->wpa, ie);
1007 	if (ret) {
1008 		if (ret == -2) {
1009 			wpa_msg(wpa_s, MSG_INFO, "WPA: Failed to parse WPA IE "
1010 				"from association info");
1011 		}
1012 		return -1;
1013 	}
1014 
1015 	wpa_dbg(wpa_s, MSG_DEBUG, "WPA: Using WPA IE from AssocReq to set "
1016 		"cipher suites");
1017 	if (!(ie->group_cipher & ssid->group_cipher)) {
1018 		wpa_msg(wpa_s, MSG_INFO, "WPA: Driver used disabled group "
1019 			"cipher 0x%x (mask 0x%x) - reject",
1020 			ie->group_cipher, ssid->group_cipher);
1021 		return -1;
1022 	}
1023 	if (!(ie->pairwise_cipher & ssid->pairwise_cipher)) {
1024 		wpa_msg(wpa_s, MSG_INFO, "WPA: Driver used disabled pairwise "
1025 			"cipher 0x%x (mask 0x%x) - reject",
1026 			ie->pairwise_cipher, ssid->pairwise_cipher);
1027 		return -1;
1028 	}
1029 	if (!(ie->key_mgmt & ssid->key_mgmt)) {
1030 		wpa_msg(wpa_s, MSG_INFO, "WPA: Driver used disabled key "
1031 			"management 0x%x (mask 0x%x) - reject",
1032 			ie->key_mgmt, ssid->key_mgmt);
1033 		return -1;
1034 	}
1035 
1036 #ifdef CONFIG_IEEE80211W
1037 	if (!(ie->capabilities & WPA_CAPABILITY_MFPC) &&
1038 	    wpas_get_ssid_pmf(wpa_s, ssid) == MGMT_FRAME_PROTECTION_REQUIRED) {
1039 		wpa_msg(wpa_s, MSG_INFO, "WPA: Driver associated with an AP "
1040 			"that does not support management frame protection - "
1041 			"reject");
1042 		return -1;
1043 	}
1044 #endif /* CONFIG_IEEE80211W */
1045 
1046 	return 0;
1047 }
1048 
1049 
1050 /**
1051  * wpa_supplicant_set_suites - Set authentication and encryption parameters
1052  * @wpa_s: Pointer to wpa_supplicant data
1053  * @bss: Scan results for the selected BSS, or %NULL if not available
1054  * @ssid: Configuration data for the selected network
1055  * @wpa_ie: Buffer for the WPA/RSN IE
1056  * @wpa_ie_len: Maximum wpa_ie buffer size on input. This is changed to be the
1057  * used buffer length in case the functions returns success.
1058  * Returns: 0 on success or -1 on failure
1059  *
1060  * This function is used to configure authentication and encryption parameters
1061  * based on the network configuration and scan result for the selected BSS (if
1062  * available).
1063  */
wpa_supplicant_set_suites(struct wpa_supplicant * wpa_s,struct wpa_bss * bss,struct wpa_ssid * ssid,u8 * wpa_ie,size_t * wpa_ie_len)1064 int wpa_supplicant_set_suites(struct wpa_supplicant *wpa_s,
1065 			      struct wpa_bss *bss, struct wpa_ssid *ssid,
1066 			      u8 *wpa_ie, size_t *wpa_ie_len)
1067 {
1068 	struct wpa_ie_data ie;
1069 	int sel, proto;
1070 	const u8 *bss_wpa, *bss_rsn, *bss_osen;
1071 
1072 	if (bss) {
1073 		bss_wpa = wpa_bss_get_vendor_ie(bss, WPA_IE_VENDOR_TYPE);
1074 		bss_rsn = wpa_bss_get_ie(bss, WLAN_EID_RSN);
1075 		bss_osen = wpa_bss_get_vendor_ie(bss, OSEN_IE_VENDOR_TYPE);
1076 	} else
1077 		bss_wpa = bss_rsn = bss_osen = NULL;
1078 
1079 	if (bss_rsn && (ssid->proto & WPA_PROTO_RSN) &&
1080 	    wpa_parse_wpa_ie(bss_rsn, 2 + bss_rsn[1], &ie) == 0 &&
1081 	    (ie.group_cipher & ssid->group_cipher) &&
1082 	    (ie.pairwise_cipher & ssid->pairwise_cipher) &&
1083 	    (ie.key_mgmt & ssid->key_mgmt)) {
1084 		wpa_dbg(wpa_s, MSG_DEBUG, "RSN: using IEEE 802.11i/D9.0");
1085 		proto = WPA_PROTO_RSN;
1086 	} else if (bss_wpa && (ssid->proto & WPA_PROTO_WPA) &&
1087 		   wpa_parse_wpa_ie(bss_wpa, 2 + bss_wpa[1], &ie) == 0 &&
1088 		   (ie.group_cipher & ssid->group_cipher) &&
1089 		   (ie.pairwise_cipher & ssid->pairwise_cipher) &&
1090 		   (ie.key_mgmt & ssid->key_mgmt)) {
1091 		wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using IEEE 802.11i/D3.0");
1092 		proto = WPA_PROTO_WPA;
1093 #ifdef CONFIG_HS20
1094 	} else if (bss_osen && (ssid->proto & WPA_PROTO_OSEN)) {
1095 		wpa_dbg(wpa_s, MSG_DEBUG, "HS 2.0: using OSEN");
1096 		/* TODO: parse OSEN element */
1097 		os_memset(&ie, 0, sizeof(ie));
1098 		ie.group_cipher = WPA_CIPHER_CCMP;
1099 		ie.pairwise_cipher = WPA_CIPHER_CCMP;
1100 		ie.key_mgmt = WPA_KEY_MGMT_OSEN;
1101 		proto = WPA_PROTO_OSEN;
1102 #endif /* CONFIG_HS20 */
1103 	} else if (bss) {
1104 		wpa_msg(wpa_s, MSG_WARNING, "WPA: Failed to select WPA/RSN");
1105 		wpa_dbg(wpa_s, MSG_DEBUG,
1106 			"WPA: ssid proto=0x%x pairwise_cipher=0x%x group_cipher=0x%x key_mgmt=0x%x",
1107 			ssid->proto, ssid->pairwise_cipher, ssid->group_cipher,
1108 			ssid->key_mgmt);
1109 		wpa_dbg(wpa_s, MSG_DEBUG, "WPA: BSS " MACSTR " ssid='%s'%s%s%s",
1110 			MAC2STR(bss->bssid),
1111 			wpa_ssid_txt(bss->ssid, bss->ssid_len),
1112 			bss_wpa ? " WPA" : "",
1113 			bss_rsn ? " RSN" : "",
1114 			bss_osen ? " OSEN" : "");
1115 		if (bss_rsn) {
1116 			wpa_hexdump(MSG_DEBUG, "RSN", bss_rsn, 2 + bss_rsn[1]);
1117 			if (wpa_parse_wpa_ie(bss_rsn, 2 + bss_rsn[1], &ie)) {
1118 				wpa_dbg(wpa_s, MSG_DEBUG,
1119 					"Could not parse RSN element");
1120 			} else {
1121 				wpa_dbg(wpa_s, MSG_DEBUG,
1122 					"RSN: pairwise_cipher=0x%x group_cipher=0x%x key_mgmt=0x%x",
1123 					ie.pairwise_cipher, ie.group_cipher,
1124 					ie.key_mgmt);
1125 			}
1126 		}
1127 		if (bss_wpa) {
1128 			wpa_hexdump(MSG_DEBUG, "WPA", bss_wpa, 2 + bss_wpa[1]);
1129 			if (wpa_parse_wpa_ie(bss_wpa, 2 + bss_wpa[1], &ie)) {
1130 				wpa_dbg(wpa_s, MSG_DEBUG,
1131 					"Could not parse WPA element");
1132 			} else {
1133 				wpa_dbg(wpa_s, MSG_DEBUG,
1134 					"WPA: pairwise_cipher=0x%x group_cipher=0x%x key_mgmt=0x%x",
1135 					ie.pairwise_cipher, ie.group_cipher,
1136 					ie.key_mgmt);
1137 			}
1138 		}
1139 		return -1;
1140 	} else {
1141 		if (ssid->proto & WPA_PROTO_OSEN)
1142 			proto = WPA_PROTO_OSEN;
1143 		else if (ssid->proto & WPA_PROTO_RSN)
1144 			proto = WPA_PROTO_RSN;
1145 		else
1146 			proto = WPA_PROTO_WPA;
1147 		if (wpa_supplicant_suites_from_ai(wpa_s, ssid, &ie) < 0) {
1148 			os_memset(&ie, 0, sizeof(ie));
1149 			ie.group_cipher = ssid->group_cipher;
1150 			ie.pairwise_cipher = ssid->pairwise_cipher;
1151 			ie.key_mgmt = ssid->key_mgmt;
1152 #ifdef CONFIG_IEEE80211W
1153 			ie.mgmt_group_cipher =
1154 				ssid->ieee80211w != NO_MGMT_FRAME_PROTECTION ?
1155 				WPA_CIPHER_AES_128_CMAC : 0;
1156 #endif /* CONFIG_IEEE80211W */
1157 			wpa_dbg(wpa_s, MSG_DEBUG, "WPA: Set cipher suites "
1158 				"based on configuration");
1159 		} else
1160 			proto = ie.proto;
1161 	}
1162 
1163 	wpa_dbg(wpa_s, MSG_DEBUG, "WPA: Selected cipher suites: group %d "
1164 		"pairwise %d key_mgmt %d proto %d",
1165 		ie.group_cipher, ie.pairwise_cipher, ie.key_mgmt, proto);
1166 #ifdef CONFIG_IEEE80211W
1167 	if (ssid->ieee80211w) {
1168 		wpa_dbg(wpa_s, MSG_DEBUG, "WPA: Selected mgmt group cipher %d",
1169 			ie.mgmt_group_cipher);
1170 	}
1171 #endif /* CONFIG_IEEE80211W */
1172 
1173 	wpa_s->wpa_proto = proto;
1174 	wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_PROTO, proto);
1175 	wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_RSN_ENABLED,
1176 			 !!(ssid->proto & (WPA_PROTO_RSN | WPA_PROTO_OSEN)));
1177 
1178 	if (bss || !wpa_s->ap_ies_from_associnfo) {
1179 		if (wpa_sm_set_ap_wpa_ie(wpa_s->wpa, bss_wpa,
1180 					 bss_wpa ? 2 + bss_wpa[1] : 0) ||
1181 		    wpa_sm_set_ap_rsn_ie(wpa_s->wpa, bss_rsn,
1182 					 bss_rsn ? 2 + bss_rsn[1] : 0))
1183 			return -1;
1184 	}
1185 
1186 #ifdef CONFIG_NO_WPA
1187 	wpa_s->group_cipher = WPA_CIPHER_NONE;
1188 	wpa_s->pairwise_cipher = WPA_CIPHER_NONE;
1189 #else /* CONFIG_NO_WPA */
1190 	sel = ie.group_cipher & ssid->group_cipher;
1191 	wpa_s->group_cipher = wpa_pick_group_cipher(sel);
1192 	if (wpa_s->group_cipher < 0) {
1193 		wpa_msg(wpa_s, MSG_WARNING, "WPA: Failed to select group "
1194 			"cipher");
1195 		return -1;
1196 	}
1197 	wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using GTK %s",
1198 		wpa_cipher_txt(wpa_s->group_cipher));
1199 
1200 	sel = ie.pairwise_cipher & ssid->pairwise_cipher;
1201 	wpa_s->pairwise_cipher = wpa_pick_pairwise_cipher(sel, 1);
1202 	if (wpa_s->pairwise_cipher < 0) {
1203 		wpa_msg(wpa_s, MSG_WARNING, "WPA: Failed to select pairwise "
1204 			"cipher");
1205 		return -1;
1206 	}
1207 	wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using PTK %s",
1208 		wpa_cipher_txt(wpa_s->pairwise_cipher));
1209 #endif /* CONFIG_NO_WPA */
1210 
1211 	sel = ie.key_mgmt & ssid->key_mgmt;
1212 #ifdef CONFIG_SAE
1213 	if (!(wpa_s->drv_flags & WPA_DRIVER_FLAGS_SAE))
1214 		sel &= ~(WPA_KEY_MGMT_SAE | WPA_KEY_MGMT_FT_SAE);
1215 #endif /* CONFIG_SAE */
1216 	if (0) {
1217 #ifdef CONFIG_SUITEB192
1218 	} else if (sel & WPA_KEY_MGMT_IEEE8021X_SUITE_B_192) {
1219 		wpa_s->key_mgmt = WPA_KEY_MGMT_IEEE8021X_SUITE_B_192;
1220 		wpa_dbg(wpa_s, MSG_DEBUG,
1221 			"WPA: using KEY_MGMT 802.1X with Suite B (192-bit)");
1222 #endif /* CONFIG_SUITEB192 */
1223 #ifdef CONFIG_SUITEB
1224 	} else if (sel & WPA_KEY_MGMT_IEEE8021X_SUITE_B) {
1225 		wpa_s->key_mgmt = WPA_KEY_MGMT_IEEE8021X_SUITE_B;
1226 		wpa_dbg(wpa_s, MSG_DEBUG,
1227 			"WPA: using KEY_MGMT 802.1X with Suite B");
1228 #endif /* CONFIG_SUITEB */
1229 #ifdef CONFIG_IEEE80211R
1230 	} else if (sel & WPA_KEY_MGMT_FT_IEEE8021X) {
1231 		wpa_s->key_mgmt = WPA_KEY_MGMT_FT_IEEE8021X;
1232 		wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using KEY_MGMT FT/802.1X");
1233 	} else if (sel & WPA_KEY_MGMT_FT_PSK) {
1234 		wpa_s->key_mgmt = WPA_KEY_MGMT_FT_PSK;
1235 		wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using KEY_MGMT FT/PSK");
1236 #endif /* CONFIG_IEEE80211R */
1237 #ifdef CONFIG_SAE
1238 	} else if (sel & WPA_KEY_MGMT_SAE) {
1239 		wpa_s->key_mgmt = WPA_KEY_MGMT_SAE;
1240 		wpa_dbg(wpa_s, MSG_DEBUG, "RSN: using KEY_MGMT SAE");
1241 	} else if (sel & WPA_KEY_MGMT_FT_SAE) {
1242 		wpa_s->key_mgmt = WPA_KEY_MGMT_FT_SAE;
1243 		wpa_dbg(wpa_s, MSG_DEBUG, "RSN: using KEY_MGMT FT/SAE");
1244 #endif /* CONFIG_SAE */
1245 #ifdef CONFIG_IEEE80211W
1246 	} else if (sel & WPA_KEY_MGMT_IEEE8021X_SHA256) {
1247 		wpa_s->key_mgmt = WPA_KEY_MGMT_IEEE8021X_SHA256;
1248 		wpa_dbg(wpa_s, MSG_DEBUG,
1249 			"WPA: using KEY_MGMT 802.1X with SHA256");
1250 	} else if (sel & WPA_KEY_MGMT_PSK_SHA256) {
1251 		wpa_s->key_mgmt = WPA_KEY_MGMT_PSK_SHA256;
1252 		wpa_dbg(wpa_s, MSG_DEBUG,
1253 			"WPA: using KEY_MGMT PSK with SHA256");
1254 #endif /* CONFIG_IEEE80211W */
1255 	} else if (sel & WPA_KEY_MGMT_IEEE8021X) {
1256 		wpa_s->key_mgmt = WPA_KEY_MGMT_IEEE8021X;
1257 		wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using KEY_MGMT 802.1X");
1258 	} else if (sel & WPA_KEY_MGMT_PSK) {
1259 		wpa_s->key_mgmt = WPA_KEY_MGMT_PSK;
1260 		wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using KEY_MGMT WPA-PSK");
1261 	} else if (sel & WPA_KEY_MGMT_WPA_NONE) {
1262 		wpa_s->key_mgmt = WPA_KEY_MGMT_WPA_NONE;
1263 		wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using KEY_MGMT WPA-NONE");
1264 #ifdef CONFIG_HS20
1265 	} else if (sel & WPA_KEY_MGMT_OSEN) {
1266 		wpa_s->key_mgmt = WPA_KEY_MGMT_OSEN;
1267 		wpa_dbg(wpa_s, MSG_DEBUG, "HS 2.0: using KEY_MGMT OSEN");
1268 #endif /* CONFIG_HS20 */
1269 	} else {
1270 		wpa_msg(wpa_s, MSG_WARNING, "WPA: Failed to select "
1271 			"authenticated key management type");
1272 		return -1;
1273 	}
1274 
1275 	wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_KEY_MGMT, wpa_s->key_mgmt);
1276 	wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_PAIRWISE,
1277 			 wpa_s->pairwise_cipher);
1278 	wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_GROUP, wpa_s->group_cipher);
1279 
1280 #ifdef CONFIG_IEEE80211W
1281 	sel = ie.mgmt_group_cipher;
1282 	if (wpas_get_ssid_pmf(wpa_s, ssid) == NO_MGMT_FRAME_PROTECTION ||
1283 	    !(ie.capabilities & WPA_CAPABILITY_MFPC))
1284 		sel = 0;
1285 	if (sel & WPA_CIPHER_AES_128_CMAC) {
1286 		wpa_s->mgmt_group_cipher = WPA_CIPHER_AES_128_CMAC;
1287 		wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using MGMT group cipher "
1288 			"AES-128-CMAC");
1289 	} else if (sel & WPA_CIPHER_BIP_GMAC_128) {
1290 		wpa_s->mgmt_group_cipher = WPA_CIPHER_BIP_GMAC_128;
1291 		wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using MGMT group cipher "
1292 			"BIP-GMAC-128");
1293 	} else if (sel & WPA_CIPHER_BIP_GMAC_256) {
1294 		wpa_s->mgmt_group_cipher = WPA_CIPHER_BIP_GMAC_256;
1295 		wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using MGMT group cipher "
1296 			"BIP-GMAC-256");
1297 	} else if (sel & WPA_CIPHER_BIP_CMAC_256) {
1298 		wpa_s->mgmt_group_cipher = WPA_CIPHER_BIP_CMAC_256;
1299 		wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using MGMT group cipher "
1300 			"BIP-CMAC-256");
1301 	} else {
1302 		wpa_s->mgmt_group_cipher = 0;
1303 		wpa_dbg(wpa_s, MSG_DEBUG, "WPA: not using MGMT group cipher");
1304 	}
1305 	wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_MGMT_GROUP,
1306 			 wpa_s->mgmt_group_cipher);
1307 	wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_MFP,
1308 			 wpas_get_ssid_pmf(wpa_s, ssid));
1309 #endif /* CONFIG_IEEE80211W */
1310 
1311 	if (wpa_sm_set_assoc_wpa_ie_default(wpa_s->wpa, wpa_ie, wpa_ie_len)) {
1312 		wpa_msg(wpa_s, MSG_WARNING, "WPA: Failed to generate WPA IE");
1313 		return -1;
1314 	}
1315 
1316 	if (wpa_key_mgmt_wpa_psk(ssid->key_mgmt)) {
1317 		int psk_set = 0;
1318 
1319 		if (ssid->psk_set) {
1320 			wpa_sm_set_pmk(wpa_s->wpa, ssid->psk, PMK_LEN, NULL,
1321 				       NULL);
1322 			psk_set = 1;
1323 		}
1324 #ifndef CONFIG_NO_PBKDF2
1325 		if (bss && ssid->bssid_set && ssid->ssid_len == 0 &&
1326 		    ssid->passphrase) {
1327 			u8 psk[PMK_LEN];
1328 		        pbkdf2_sha1(ssid->passphrase, bss->ssid, bss->ssid_len,
1329 				    4096, psk, PMK_LEN);
1330 		        wpa_hexdump_key(MSG_MSGDUMP, "PSK (from passphrase)",
1331 					psk, PMK_LEN);
1332 			wpa_sm_set_pmk(wpa_s->wpa, psk, PMK_LEN, NULL, NULL);
1333 			psk_set = 1;
1334 			os_memset(psk, 0, sizeof(psk));
1335 		}
1336 #endif /* CONFIG_NO_PBKDF2 */
1337 #ifdef CONFIG_EXT_PASSWORD
1338 		if (ssid->ext_psk) {
1339 			struct wpabuf *pw = ext_password_get(wpa_s->ext_pw,
1340 							     ssid->ext_psk);
1341 			char pw_str[64 + 1];
1342 			u8 psk[PMK_LEN];
1343 
1344 			if (pw == NULL) {
1345 				wpa_msg(wpa_s, MSG_INFO, "EXT PW: No PSK "
1346 					"found from external storage");
1347 				return -1;
1348 			}
1349 
1350 			if (wpabuf_len(pw) < 8 || wpabuf_len(pw) > 64) {
1351 				wpa_msg(wpa_s, MSG_INFO, "EXT PW: Unexpected "
1352 					"PSK length %d in external storage",
1353 					(int) wpabuf_len(pw));
1354 				ext_password_free(pw);
1355 				return -1;
1356 			}
1357 
1358 			os_memcpy(pw_str, wpabuf_head(pw), wpabuf_len(pw));
1359 			pw_str[wpabuf_len(pw)] = '\0';
1360 
1361 #ifndef CONFIG_NO_PBKDF2
1362 			if (wpabuf_len(pw) >= 8 && wpabuf_len(pw) < 64 && bss)
1363 			{
1364 				pbkdf2_sha1(pw_str, bss->ssid, bss->ssid_len,
1365 					    4096, psk, PMK_LEN);
1366 				os_memset(pw_str, 0, sizeof(pw_str));
1367 				wpa_hexdump_key(MSG_MSGDUMP, "PSK (from "
1368 						"external passphrase)",
1369 						psk, PMK_LEN);
1370 				wpa_sm_set_pmk(wpa_s->wpa, psk, PMK_LEN, NULL,
1371 					       NULL);
1372 				psk_set = 1;
1373 				os_memset(psk, 0, sizeof(psk));
1374 			} else
1375 #endif /* CONFIG_NO_PBKDF2 */
1376 			if (wpabuf_len(pw) == 2 * PMK_LEN) {
1377 				if (hexstr2bin(pw_str, psk, PMK_LEN) < 0) {
1378 					wpa_msg(wpa_s, MSG_INFO, "EXT PW: "
1379 						"Invalid PSK hex string");
1380 					os_memset(pw_str, 0, sizeof(pw_str));
1381 					ext_password_free(pw);
1382 					return -1;
1383 				}
1384 				wpa_sm_set_pmk(wpa_s->wpa, psk, PMK_LEN, NULL,
1385 					       NULL);
1386 				psk_set = 1;
1387 				os_memset(psk, 0, sizeof(psk));
1388 			} else {
1389 				wpa_msg(wpa_s, MSG_INFO, "EXT PW: No suitable "
1390 					"PSK available");
1391 				os_memset(pw_str, 0, sizeof(pw_str));
1392 				ext_password_free(pw);
1393 				return -1;
1394 			}
1395 
1396 			os_memset(pw_str, 0, sizeof(pw_str));
1397 			ext_password_free(pw);
1398 		}
1399 #endif /* CONFIG_EXT_PASSWORD */
1400 
1401 		if (!psk_set) {
1402 			wpa_msg(wpa_s, MSG_INFO,
1403 				"No PSK available for association");
1404 			return -1;
1405 		}
1406 	} else
1407 		wpa_sm_set_pmk_from_pmksa(wpa_s->wpa);
1408 
1409 	return 0;
1410 }
1411 
1412 
wpas_ext_capab_byte(struct wpa_supplicant * wpa_s,u8 * pos,int idx)1413 static void wpas_ext_capab_byte(struct wpa_supplicant *wpa_s, u8 *pos, int idx)
1414 {
1415 	*pos = 0x00;
1416 
1417 	switch (idx) {
1418 	case 0: /* Bits 0-7 */
1419 		break;
1420 	case 1: /* Bits 8-15 */
1421 		break;
1422 	case 2: /* Bits 16-23 */
1423 #ifdef CONFIG_WNM
1424 		*pos |= 0x02; /* Bit 17 - WNM-Sleep Mode */
1425 		*pos |= 0x08; /* Bit 19 - BSS Transition */
1426 #endif /* CONFIG_WNM */
1427 		break;
1428 	case 3: /* Bits 24-31 */
1429 #ifdef CONFIG_WNM
1430 		*pos |= 0x02; /* Bit 25 - SSID List */
1431 #endif /* CONFIG_WNM */
1432 #ifdef CONFIG_INTERWORKING
1433 		if (wpa_s->conf->interworking)
1434 			*pos |= 0x80; /* Bit 31 - Interworking */
1435 #endif /* CONFIG_INTERWORKING */
1436 		break;
1437 	case 4: /* Bits 32-39 */
1438 #ifdef CONFIG_INTERWORKING
1439 		if (wpa_s->drv_flags / WPA_DRIVER_FLAGS_QOS_MAPPING)
1440 			*pos |= 0x01; /* Bit 32 - QoS Map */
1441 #endif /* CONFIG_INTERWORKING */
1442 		break;
1443 	case 5: /* Bits 40-47 */
1444 #ifdef CONFIG_HS20
1445 		if (wpa_s->conf->hs20)
1446 			*pos |= 0x40; /* Bit 46 - WNM-Notification */
1447 #endif /* CONFIG_HS20 */
1448 #ifdef CONFIG_MBO
1449 		*pos |= 0x40; /* Bit 46 - WNM-Notification */
1450 #endif /* CONFIG_MBO */
1451 		break;
1452 	case 6: /* Bits 48-55 */
1453 		break;
1454 	}
1455 }
1456 
1457 
wpas_build_ext_capab(struct wpa_supplicant * wpa_s,u8 * buf,size_t buflen)1458 int wpas_build_ext_capab(struct wpa_supplicant *wpa_s, u8 *buf, size_t buflen)
1459 {
1460 	u8 *pos = buf;
1461 	u8 len = 6, i;
1462 
1463 	if (len < wpa_s->extended_capa_len)
1464 		len = wpa_s->extended_capa_len;
1465 	if (buflen < (size_t) len + 2) {
1466 		wpa_printf(MSG_INFO,
1467 			   "Not enough room for building extended capabilities element");
1468 		return -1;
1469 	}
1470 
1471 	*pos++ = WLAN_EID_EXT_CAPAB;
1472 	*pos++ = len;
1473 	for (i = 0; i < len; i++, pos++) {
1474 		wpas_ext_capab_byte(wpa_s, pos, i);
1475 
1476 		if (i < wpa_s->extended_capa_len) {
1477 			*pos &= ~wpa_s->extended_capa_mask[i];
1478 			*pos |= wpa_s->extended_capa[i];
1479 		}
1480 	}
1481 
1482 	while (len > 0 && buf[1 + len] == 0) {
1483 		len--;
1484 		buf[1] = len;
1485 	}
1486 	if (len == 0)
1487 		return 0;
1488 
1489 	return 2 + len;
1490 }
1491 
1492 
wpas_valid_bss(struct wpa_supplicant * wpa_s,struct wpa_bss * test_bss)1493 static int wpas_valid_bss(struct wpa_supplicant *wpa_s,
1494 			  struct wpa_bss *test_bss)
1495 {
1496 	struct wpa_bss *bss;
1497 
1498 	dl_list_for_each(bss, &wpa_s->bss, struct wpa_bss, list) {
1499 		if (bss == test_bss)
1500 			return 1;
1501 	}
1502 
1503 	return 0;
1504 }
1505 
1506 
wpas_valid_ssid(struct wpa_supplicant * wpa_s,struct wpa_ssid * test_ssid)1507 static int wpas_valid_ssid(struct wpa_supplicant *wpa_s,
1508 			   struct wpa_ssid *test_ssid)
1509 {
1510 	struct wpa_ssid *ssid;
1511 
1512 	for (ssid = wpa_s->conf->ssid; ssid; ssid = ssid->next) {
1513 		if (ssid == test_ssid)
1514 			return 1;
1515 	}
1516 
1517 	return 0;
1518 }
1519 
1520 
wpas_valid_bss_ssid(struct wpa_supplicant * wpa_s,struct wpa_bss * test_bss,struct wpa_ssid * test_ssid)1521 int wpas_valid_bss_ssid(struct wpa_supplicant *wpa_s, struct wpa_bss *test_bss,
1522 			struct wpa_ssid *test_ssid)
1523 {
1524 	if (test_bss && !wpas_valid_bss(wpa_s, test_bss))
1525 		return 0;
1526 
1527 	return test_ssid == NULL || wpas_valid_ssid(wpa_s, test_ssid);
1528 }
1529 
1530 
wpas_connect_work_free(struct wpa_connect_work * cwork)1531 void wpas_connect_work_free(struct wpa_connect_work *cwork)
1532 {
1533 	if (cwork == NULL)
1534 		return;
1535 	os_free(cwork);
1536 }
1537 
1538 
wpas_connect_work_done(struct wpa_supplicant * wpa_s)1539 void wpas_connect_work_done(struct wpa_supplicant *wpa_s)
1540 {
1541 	struct wpa_connect_work *cwork;
1542 	struct wpa_radio_work *work = wpa_s->connect_work;
1543 
1544 	if (!work)
1545 		return;
1546 
1547 	wpa_s->connect_work = NULL;
1548 	cwork = work->ctx;
1549 	work->ctx = NULL;
1550 	wpas_connect_work_free(cwork);
1551 	radio_work_done(work);
1552 }
1553 
1554 
wpas_update_random_addr(struct wpa_supplicant * wpa_s,int style)1555 int wpas_update_random_addr(struct wpa_supplicant *wpa_s, int style)
1556 {
1557 	struct os_reltime now;
1558 	u8 addr[ETH_ALEN];
1559 
1560 	os_get_reltime(&now);
1561 	if (wpa_s->last_mac_addr_style == style &&
1562 	    wpa_s->last_mac_addr_change.sec != 0 &&
1563 	    !os_reltime_expired(&now, &wpa_s->last_mac_addr_change,
1564 				wpa_s->conf->rand_addr_lifetime)) {
1565 		wpa_msg(wpa_s, MSG_DEBUG,
1566 			"Previously selected random MAC address has not yet expired");
1567 		return 0;
1568 	}
1569 
1570 	switch (style) {
1571 	case 1:
1572 		if (random_mac_addr(addr) < 0)
1573 			return -1;
1574 		break;
1575 	case 2:
1576 		os_memcpy(addr, wpa_s->perm_addr, ETH_ALEN);
1577 		if (random_mac_addr_keep_oui(addr) < 0)
1578 			return -1;
1579 		break;
1580 	default:
1581 		return -1;
1582 	}
1583 
1584 	if (wpa_drv_set_mac_addr(wpa_s, addr) < 0) {
1585 		wpa_msg(wpa_s, MSG_INFO,
1586 			"Failed to set random MAC address");
1587 		return -1;
1588 	}
1589 
1590 	os_get_reltime(&wpa_s->last_mac_addr_change);
1591 	wpa_s->mac_addr_changed = 1;
1592 	wpa_s->last_mac_addr_style = style;
1593 
1594 	if (wpa_supplicant_update_mac_addr(wpa_s) < 0) {
1595 		wpa_msg(wpa_s, MSG_INFO,
1596 			"Could not update MAC address information");
1597 		return -1;
1598 	}
1599 
1600 	wpa_msg(wpa_s, MSG_DEBUG, "Using random MAC address " MACSTR,
1601 		MAC2STR(addr));
1602 
1603 	return 0;
1604 }
1605 
1606 
wpas_update_random_addr_disassoc(struct wpa_supplicant * wpa_s)1607 int wpas_update_random_addr_disassoc(struct wpa_supplicant *wpa_s)
1608 {
1609 	if (wpa_s->wpa_state >= WPA_AUTHENTICATING ||
1610 	    !wpa_s->conf->preassoc_mac_addr)
1611 		return 0;
1612 
1613 	return wpas_update_random_addr(wpa_s, wpa_s->conf->preassoc_mac_addr);
1614 }
1615 
1616 
1617 static void wpas_start_assoc_cb(struct wpa_radio_work *work, int deinit);
1618 
1619 /**
1620  * wpa_supplicant_associate - Request association
1621  * @wpa_s: Pointer to wpa_supplicant data
1622  * @bss: Scan results for the selected BSS, or %NULL if not available
1623  * @ssid: Configuration data for the selected network
1624  *
1625  * This function is used to request %wpa_supplicant to associate with a BSS.
1626  */
wpa_supplicant_associate(struct wpa_supplicant * wpa_s,struct wpa_bss * bss,struct wpa_ssid * ssid)1627 void wpa_supplicant_associate(struct wpa_supplicant *wpa_s,
1628 			      struct wpa_bss *bss, struct wpa_ssid *ssid)
1629 {
1630 	struct wpa_connect_work *cwork;
1631 	int rand_style;
1632 
1633 	wpa_s->own_disconnect_req = 0;
1634 
1635 	/*
1636 	 * If we are starting a new connection, any previously pending EAPOL
1637 	 * RX cannot be valid anymore.
1638 	 */
1639 	wpabuf_free(wpa_s->pending_eapol_rx);
1640 	wpa_s->pending_eapol_rx = NULL;
1641 
1642 	if (ssid->mac_addr == -1)
1643 		rand_style = wpa_s->conf->mac_addr;
1644 	else
1645 		rand_style = ssid->mac_addr;
1646 
1647 	wmm_ac_clear_saved_tspecs(wpa_s);
1648 	wpa_s->reassoc_same_bss = 0;
1649 	wpa_s->reassoc_same_ess = 0;
1650 
1651 	if (wpa_s->last_ssid == ssid) {
1652 		wpa_dbg(wpa_s, MSG_DEBUG, "Re-association to the same ESS");
1653 		wpa_s->reassoc_same_ess = 1;
1654 		if (wpa_s->current_bss && wpa_s->current_bss == bss) {
1655 			wmm_ac_save_tspecs(wpa_s);
1656 			wpa_s->reassoc_same_bss = 1;
1657 		}
1658 	} else if (rand_style > 0) {
1659 		if (wpas_update_random_addr(wpa_s, rand_style) < 0)
1660 			return;
1661 		wpa_sm_pmksa_cache_flush(wpa_s->wpa, ssid);
1662 	} else if (wpa_s->mac_addr_changed) {
1663 		if (wpa_drv_set_mac_addr(wpa_s, NULL) < 0) {
1664 			wpa_msg(wpa_s, MSG_INFO,
1665 				"Could not restore permanent MAC address");
1666 			return;
1667 		}
1668 		wpa_s->mac_addr_changed = 0;
1669 		if (wpa_supplicant_update_mac_addr(wpa_s) < 0) {
1670 			wpa_msg(wpa_s, MSG_INFO,
1671 				"Could not update MAC address information");
1672 			return;
1673 		}
1674 		wpa_msg(wpa_s, MSG_DEBUG, "Using permanent MAC address");
1675 	}
1676 	wpa_s->last_ssid = ssid;
1677 
1678 #ifdef CONFIG_IBSS_RSN
1679 	ibss_rsn_deinit(wpa_s->ibss_rsn);
1680 	wpa_s->ibss_rsn = NULL;
1681 #endif /* CONFIG_IBSS_RSN */
1682 
1683 	if (ssid->mode == WPAS_MODE_AP || ssid->mode == WPAS_MODE_P2P_GO ||
1684 	    ssid->mode == WPAS_MODE_P2P_GROUP_FORMATION) {
1685 #ifdef CONFIG_AP
1686 		if (!(wpa_s->drv_flags & WPA_DRIVER_FLAGS_AP)) {
1687 			wpa_msg(wpa_s, MSG_INFO, "Driver does not support AP "
1688 				"mode");
1689 			return;
1690 		}
1691 		if (wpa_supplicant_create_ap(wpa_s, ssid) < 0) {
1692 			wpa_supplicant_set_state(wpa_s, WPA_DISCONNECTED);
1693 			if (ssid->mode == WPAS_MODE_P2P_GROUP_FORMATION)
1694 				wpas_p2p_ap_setup_failed(wpa_s);
1695 			return;
1696 		}
1697 		wpa_s->current_bss = bss;
1698 #else /* CONFIG_AP */
1699 		wpa_msg(wpa_s, MSG_ERROR, "AP mode support not included in "
1700 			"the build");
1701 #endif /* CONFIG_AP */
1702 		return;
1703 	}
1704 
1705 	if (ssid->mode == WPAS_MODE_MESH) {
1706 #ifdef CONFIG_MESH
1707 		if (!(wpa_s->drv_flags & WPA_DRIVER_FLAGS_MESH)) {
1708 			wpa_msg(wpa_s, MSG_INFO,
1709 				"Driver does not support mesh mode");
1710 			return;
1711 		}
1712 		if (bss)
1713 			ssid->frequency = bss->freq;
1714 		if (wpa_supplicant_join_mesh(wpa_s, ssid) < 0) {
1715 			wpa_msg(wpa_s, MSG_ERROR, "Could not join mesh");
1716 			return;
1717 		}
1718 		wpa_s->current_bss = bss;
1719 		wpa_msg(wpa_s, MSG_INFO, MESH_GROUP_STARTED "ssid=\"%s\" id=%d",
1720 			wpa_ssid_txt(ssid->ssid, ssid->ssid_len),
1721 			ssid->id);
1722 #else /* CONFIG_MESH */
1723 		wpa_msg(wpa_s, MSG_ERROR,
1724 			"mesh mode support not included in the build");
1725 #endif /* CONFIG_MESH */
1726 		return;
1727 	}
1728 
1729 #ifdef CONFIG_TDLS
1730 	if (bss)
1731 		wpa_tdls_ap_ies(wpa_s->wpa, (const u8 *) (bss + 1),
1732 				bss->ie_len);
1733 #endif /* CONFIG_TDLS */
1734 
1735 	if ((wpa_s->drv_flags & WPA_DRIVER_FLAGS_SME) &&
1736 	    ssid->mode == IEEE80211_MODE_INFRA) {
1737 		sme_authenticate(wpa_s, bss, ssid);
1738 		return;
1739 	}
1740 
1741 	if (wpa_s->connect_work) {
1742 		wpa_dbg(wpa_s, MSG_DEBUG, "Reject wpa_supplicant_associate() call since connect_work exist");
1743 		return;
1744 	}
1745 
1746 	if (radio_work_pending(wpa_s, "connect")) {
1747 		wpa_dbg(wpa_s, MSG_DEBUG, "Reject wpa_supplicant_associate() call since pending work exist");
1748 		return;
1749 	}
1750 
1751 	wpas_abort_ongoing_scan(wpa_s);
1752 
1753 	cwork = os_zalloc(sizeof(*cwork));
1754 	if (cwork == NULL)
1755 		return;
1756 
1757 	cwork->bss = bss;
1758 	cwork->ssid = ssid;
1759 
1760 	if (radio_add_work(wpa_s, bss ? bss->freq : 0, "connect", 1,
1761 			   wpas_start_assoc_cb, cwork) < 0) {
1762 		os_free(cwork);
1763 	}
1764 }
1765 
1766 
bss_is_ibss(struct wpa_bss * bss)1767 static int bss_is_ibss(struct wpa_bss *bss)
1768 {
1769 	return (bss->caps & (IEEE80211_CAP_ESS | IEEE80211_CAP_IBSS)) ==
1770 		IEEE80211_CAP_IBSS;
1771 }
1772 
1773 
drv_supports_vht(struct wpa_supplicant * wpa_s,const struct wpa_ssid * ssid)1774 static int drv_supports_vht(struct wpa_supplicant *wpa_s,
1775 			    const struct wpa_ssid *ssid)
1776 {
1777 	enum hostapd_hw_mode hw_mode;
1778 	struct hostapd_hw_modes *mode = NULL;
1779 	u8 channel;
1780 	int i;
1781 
1782 #ifdef CONFIG_HT_OVERRIDES
1783 	if (ssid->disable_ht)
1784 		return 0;
1785 #endif /* CONFIG_HT_OVERRIDES */
1786 
1787 	hw_mode = ieee80211_freq_to_chan(ssid->frequency, &channel);
1788 	if (hw_mode == NUM_HOSTAPD_MODES)
1789 		return 0;
1790 	for (i = 0; wpa_s->hw.modes && i < wpa_s->hw.num_modes; i++) {
1791 		if (wpa_s->hw.modes[i].mode == hw_mode) {
1792 			mode = &wpa_s->hw.modes[i];
1793 			break;
1794 		}
1795 	}
1796 
1797 	if (!mode)
1798 		return 0;
1799 
1800 	return mode->vht_capab != 0;
1801 }
1802 
1803 
ibss_mesh_setup_freq(struct wpa_supplicant * wpa_s,const struct wpa_ssid * ssid,struct hostapd_freq_params * freq)1804 void ibss_mesh_setup_freq(struct wpa_supplicant *wpa_s,
1805 			  const struct wpa_ssid *ssid,
1806 			  struct hostapd_freq_params *freq)
1807 {
1808 	enum hostapd_hw_mode hw_mode;
1809 	struct hostapd_hw_modes *mode = NULL;
1810 	int ht40plus[] = { 36, 44, 52, 60, 100, 108, 116, 124, 132, 149, 157,
1811 			   184, 192 };
1812 	int vht80[] = { 36, 52, 100, 116, 132, 149 };
1813 	struct hostapd_channel_data *pri_chan = NULL, *sec_chan = NULL;
1814 	u8 channel;
1815 	int i, chan_idx, ht40 = -1, res, obss_scan = 1;
1816 	unsigned int j, k;
1817 	struct hostapd_freq_params vht_freq;
1818 	int chwidth, seg0, seg1;
1819 	u32 vht_caps = 0;
1820 
1821 	freq->freq = ssid->frequency;
1822 
1823 	for (j = 0; j < wpa_s->last_scan_res_used; j++) {
1824 		struct wpa_bss *bss = wpa_s->last_scan_res[j];
1825 
1826 		if (ssid->mode != WPAS_MODE_IBSS)
1827 			break;
1828 
1829 		/* Don't adjust control freq in case of fixed_freq */
1830 		if (ssid->fixed_freq)
1831 			break;
1832 
1833 		if (!bss_is_ibss(bss))
1834 			continue;
1835 
1836 		if (ssid->ssid_len == bss->ssid_len &&
1837 		    os_memcmp(ssid->ssid, bss->ssid, bss->ssid_len) == 0) {
1838 			wpa_printf(MSG_DEBUG,
1839 				   "IBSS already found in scan results, adjust control freq: %d",
1840 				   bss->freq);
1841 			freq->freq = bss->freq;
1842 			obss_scan = 0;
1843 			break;
1844 		}
1845 	}
1846 
1847 	/* For IBSS check HT_IBSS flag */
1848 	if (ssid->mode == WPAS_MODE_IBSS &&
1849 	    !(wpa_s->drv_flags & WPA_DRIVER_FLAGS_HT_IBSS))
1850 		return;
1851 
1852 	if (wpa_s->group_cipher == WPA_CIPHER_WEP40 ||
1853 	    wpa_s->group_cipher == WPA_CIPHER_WEP104 ||
1854 	    wpa_s->pairwise_cipher == WPA_CIPHER_TKIP) {
1855 		wpa_printf(MSG_DEBUG,
1856 			   "IBSS: WEP/TKIP detected, do not try to enable HT");
1857 		return;
1858 	}
1859 
1860 	hw_mode = ieee80211_freq_to_chan(freq->freq, &channel);
1861 	for (i = 0; wpa_s->hw.modes && i < wpa_s->hw.num_modes; i++) {
1862 		if (wpa_s->hw.modes[i].mode == hw_mode) {
1863 			mode = &wpa_s->hw.modes[i];
1864 			break;
1865 		}
1866 	}
1867 
1868 	if (!mode)
1869 		return;
1870 
1871 	freq->ht_enabled = ht_supported(mode);
1872 	if (!freq->ht_enabled)
1873 		return;
1874 
1875 	/* Setup higher BW only for 5 GHz */
1876 	if (mode->mode != HOSTAPD_MODE_IEEE80211A)
1877 		return;
1878 
1879 	for (chan_idx = 0; chan_idx < mode->num_channels; chan_idx++) {
1880 		pri_chan = &mode->channels[chan_idx];
1881 		if (pri_chan->chan == channel)
1882 			break;
1883 		pri_chan = NULL;
1884 	}
1885 	if (!pri_chan)
1886 		return;
1887 
1888 	/* Check primary channel flags */
1889 	if (pri_chan->flag & (HOSTAPD_CHAN_DISABLED | HOSTAPD_CHAN_NO_IR))
1890 		return;
1891 
1892 	/* Check/setup HT40+/HT40- */
1893 	for (j = 0; j < ARRAY_SIZE(ht40plus); j++) {
1894 		if (ht40plus[j] == channel) {
1895 			ht40 = 1;
1896 			break;
1897 		}
1898 	}
1899 
1900 	/* Find secondary channel */
1901 	for (i = 0; i < mode->num_channels; i++) {
1902 		sec_chan = &mode->channels[i];
1903 		if (sec_chan->chan == channel + ht40 * 4)
1904 			break;
1905 		sec_chan = NULL;
1906 	}
1907 	if (!sec_chan)
1908 		return;
1909 
1910 	/* Check secondary channel flags */
1911 	if (sec_chan->flag & (HOSTAPD_CHAN_DISABLED | HOSTAPD_CHAN_NO_IR))
1912 		return;
1913 
1914 	freq->channel = pri_chan->chan;
1915 
1916 	switch (ht40) {
1917 	case -1:
1918 		if (!(pri_chan->flag & HOSTAPD_CHAN_HT40MINUS))
1919 			return;
1920 		freq->sec_channel_offset = -1;
1921 		break;
1922 	case 1:
1923 		if (!(pri_chan->flag & HOSTAPD_CHAN_HT40PLUS))
1924 			return;
1925 		freq->sec_channel_offset = 1;
1926 		break;
1927 	default:
1928 		break;
1929 	}
1930 
1931 	if (freq->sec_channel_offset && obss_scan) {
1932 		struct wpa_scan_results *scan_res;
1933 
1934 		scan_res = wpa_supplicant_get_scan_results(wpa_s, NULL, 0);
1935 		if (scan_res == NULL) {
1936 			/* Back to HT20 */
1937 			freq->sec_channel_offset = 0;
1938 			return;
1939 		}
1940 
1941 		res = check_40mhz_5g(mode, scan_res, pri_chan->chan,
1942 				     sec_chan->chan);
1943 		switch (res) {
1944 		case 0:
1945 			/* Back to HT20 */
1946 			freq->sec_channel_offset = 0;
1947 			break;
1948 		case 1:
1949 			/* Configuration allowed */
1950 			break;
1951 		case 2:
1952 			/* Switch pri/sec channels */
1953 			freq->freq = hw_get_freq(mode, sec_chan->chan);
1954 			freq->sec_channel_offset = -freq->sec_channel_offset;
1955 			freq->channel = sec_chan->chan;
1956 			break;
1957 		default:
1958 			freq->sec_channel_offset = 0;
1959 			break;
1960 		}
1961 
1962 		wpa_scan_results_free(scan_res);
1963 	}
1964 
1965 	wpa_printf(MSG_DEBUG,
1966 		   "IBSS/mesh: setup freq channel %d, sec_channel_offset %d",
1967 		   freq->channel, freq->sec_channel_offset);
1968 
1969 	if (!drv_supports_vht(wpa_s, ssid))
1970 		return;
1971 
1972 	/* For IBSS check VHT_IBSS flag */
1973 	if (ssid->mode == WPAS_MODE_IBSS &&
1974 	    !(wpa_s->drv_flags & WPA_DRIVER_FLAGS_VHT_IBSS))
1975 		return;
1976 
1977 	vht_freq = *freq;
1978 
1979 	vht_freq.vht_enabled = vht_supported(mode);
1980 	if (!vht_freq.vht_enabled)
1981 		return;
1982 
1983 	/* setup center_freq1, bandwidth */
1984 	for (j = 0; j < ARRAY_SIZE(vht80); j++) {
1985 		if (freq->channel >= vht80[j] &&
1986 		    freq->channel < vht80[j] + 16)
1987 			break;
1988 	}
1989 
1990 	if (j == ARRAY_SIZE(vht80))
1991 		return;
1992 
1993 	for (i = vht80[j]; i < vht80[j] + 16; i += 4) {
1994 		struct hostapd_channel_data *chan;
1995 
1996 		chan = hw_get_channel_chan(mode, i, NULL);
1997 		if (!chan)
1998 			return;
1999 
2000 		/* Back to HT configuration if channel not usable */
2001 		if (chan->flag & (HOSTAPD_CHAN_DISABLED | HOSTAPD_CHAN_NO_IR))
2002 			return;
2003 	}
2004 
2005 	chwidth = VHT_CHANWIDTH_80MHZ;
2006 	seg0 = vht80[j] + 6;
2007 	seg1 = 0;
2008 
2009 	if (ssid->max_oper_chwidth == VHT_CHANWIDTH_80P80MHZ) {
2010 		/* setup center_freq2, bandwidth */
2011 		for (k = 0; k < ARRAY_SIZE(vht80); k++) {
2012 			/* Only accept 80 MHz segments separated by a gap */
2013 			if (j == k || abs(vht80[j] - vht80[k]) == 16)
2014 				continue;
2015 			for (i = vht80[k]; i < vht80[k] + 16; i += 4) {
2016 				struct hostapd_channel_data *chan;
2017 
2018 				chan = hw_get_channel_chan(mode, i, NULL);
2019 				if (!chan)
2020 					continue;
2021 
2022 				if (chan->flag & (HOSTAPD_CHAN_DISABLED |
2023 						  HOSTAPD_CHAN_NO_IR |
2024 						  HOSTAPD_CHAN_RADAR))
2025 					continue;
2026 
2027 				/* Found a suitable second segment for 80+80 */
2028 				chwidth = VHT_CHANWIDTH_80P80MHZ;
2029 				vht_caps |=
2030 					VHT_CAP_SUPP_CHAN_WIDTH_160_80PLUS80MHZ;
2031 				seg1 = vht80[k] + 6;
2032 			}
2033 
2034 			if (chwidth == VHT_CHANWIDTH_80P80MHZ)
2035 				break;
2036 		}
2037 	}
2038 
2039 	if (hostapd_set_freq_params(&vht_freq, mode->mode, freq->freq,
2040 				    freq->channel, freq->ht_enabled,
2041 				    vht_freq.vht_enabled,
2042 				    freq->sec_channel_offset,
2043 				    chwidth, seg0, seg1, vht_caps) != 0)
2044 		return;
2045 
2046 	*freq = vht_freq;
2047 
2048 	wpa_printf(MSG_DEBUG, "IBSS: VHT setup freq cf1 %d, cf2 %d, bw %d",
2049 		   freq->center_freq1, freq->center_freq2, freq->bandwidth);
2050 }
2051 
2052 
wpas_start_assoc_cb(struct wpa_radio_work * work,int deinit)2053 static void wpas_start_assoc_cb(struct wpa_radio_work *work, int deinit)
2054 {
2055 	struct wpa_connect_work *cwork = work->ctx;
2056 	struct wpa_bss *bss = cwork->bss;
2057 	struct wpa_ssid *ssid = cwork->ssid;
2058 	struct wpa_supplicant *wpa_s = work->wpa_s;
2059 	u8 wpa_ie[200];
2060 	size_t wpa_ie_len;
2061 	int use_crypt, ret, i, bssid_changed;
2062 	int algs = WPA_AUTH_ALG_OPEN;
2063 	unsigned int cipher_pairwise, cipher_group;
2064 	struct wpa_driver_associate_params params;
2065 	int wep_keys_set = 0;
2066 	int assoc_failed = 0;
2067 	struct wpa_ssid *old_ssid;
2068 	u8 prev_bssid[ETH_ALEN];
2069 #ifdef CONFIG_HT_OVERRIDES
2070 	struct ieee80211_ht_capabilities htcaps;
2071 	struct ieee80211_ht_capabilities htcaps_mask;
2072 #endif /* CONFIG_HT_OVERRIDES */
2073 #ifdef CONFIG_VHT_OVERRIDES
2074        struct ieee80211_vht_capabilities vhtcaps;
2075        struct ieee80211_vht_capabilities vhtcaps_mask;
2076 #endif /* CONFIG_VHT_OVERRIDES */
2077 #ifdef CONFIG_MBO
2078 	const u8 *mbo = NULL;
2079 #endif /* CONFIG_MBO */
2080 
2081 	if (deinit) {
2082 		if (work->started) {
2083 			wpa_s->connect_work = NULL;
2084 
2085 			/* cancel possible auth. timeout */
2086 			eloop_cancel_timeout(wpa_supplicant_timeout, wpa_s,
2087 					     NULL);
2088 		}
2089 		wpas_connect_work_free(cwork);
2090 		return;
2091 	}
2092 
2093 	wpa_s->connect_work = work;
2094 
2095 	if (cwork->bss_removed || !wpas_valid_bss_ssid(wpa_s, bss, ssid) ||
2096 	    wpas_network_disabled(wpa_s, ssid)) {
2097 		wpa_dbg(wpa_s, MSG_DEBUG, "BSS/SSID entry for association not valid anymore - drop connection attempt");
2098 		wpas_connect_work_done(wpa_s);
2099 		return;
2100 	}
2101 
2102 	os_memcpy(prev_bssid, wpa_s->bssid, ETH_ALEN);
2103 	os_memset(&params, 0, sizeof(params));
2104 	wpa_s->reassociate = 0;
2105 	wpa_s->eap_expected_failure = 0;
2106 	if (bss &&
2107 	    (!wpas_driver_bss_selection(wpa_s) || wpas_wps_searching(wpa_s))) {
2108 #ifdef CONFIG_IEEE80211R
2109 		const u8 *ie, *md = NULL;
2110 #endif /* CONFIG_IEEE80211R */
2111 		wpa_msg(wpa_s, MSG_INFO, "Trying to associate with " MACSTR
2112 			" (SSID='%s' freq=%d MHz)", MAC2STR(bss->bssid),
2113 			wpa_ssid_txt(bss->ssid, bss->ssid_len), bss->freq);
2114 		bssid_changed = !is_zero_ether_addr(wpa_s->bssid);
2115 		os_memset(wpa_s->bssid, 0, ETH_ALEN);
2116 		os_memcpy(wpa_s->pending_bssid, bss->bssid, ETH_ALEN);
2117 		if (bssid_changed)
2118 			wpas_notify_bssid_changed(wpa_s);
2119 #ifdef CONFIG_IEEE80211R
2120 		ie = wpa_bss_get_ie(bss, WLAN_EID_MOBILITY_DOMAIN);
2121 		if (ie && ie[1] >= MOBILITY_DOMAIN_ID_LEN)
2122 			md = ie + 2;
2123 		wpa_sm_set_ft_params(wpa_s->wpa, ie, ie ? 2 + ie[1] : 0);
2124 		if (md) {
2125 			/* Prepare for the next transition */
2126 			wpa_ft_prepare_auth_request(wpa_s->wpa, ie);
2127 		}
2128 #endif /* CONFIG_IEEE80211R */
2129 #ifdef CONFIG_WPS
2130 	} else if ((ssid->ssid == NULL || ssid->ssid_len == 0) &&
2131 		   wpa_s->conf->ap_scan == 2 &&
2132 		   (ssid->key_mgmt & WPA_KEY_MGMT_WPS)) {
2133 		/* Use ap_scan==1 style network selection to find the network
2134 		 */
2135 		wpas_connect_work_done(wpa_s);
2136 		wpa_s->scan_req = MANUAL_SCAN_REQ;
2137 		wpa_s->reassociate = 1;
2138 		wpa_supplicant_req_scan(wpa_s, 0, 0);
2139 		return;
2140 #endif /* CONFIG_WPS */
2141 	} else {
2142 		wpa_msg(wpa_s, MSG_INFO, "Trying to associate with SSID '%s'",
2143 			wpa_ssid_txt(ssid->ssid, ssid->ssid_len));
2144 		os_memset(wpa_s->pending_bssid, 0, ETH_ALEN);
2145 	}
2146 	if (!wpa_s->pno)
2147 		wpa_supplicant_cancel_sched_scan(wpa_s);
2148 
2149 	wpa_supplicant_cancel_scan(wpa_s);
2150 
2151 	/* Starting new association, so clear the possibly used WPA IE from the
2152 	 * previous association. */
2153 	wpa_sm_set_assoc_wpa_ie(wpa_s->wpa, NULL, 0);
2154 
2155 #ifdef IEEE8021X_EAPOL
2156 	if (ssid->key_mgmt & WPA_KEY_MGMT_IEEE8021X_NO_WPA) {
2157 		if (ssid->leap) {
2158 			if (ssid->non_leap == 0)
2159 				algs = WPA_AUTH_ALG_LEAP;
2160 			else
2161 				algs |= WPA_AUTH_ALG_LEAP;
2162 		}
2163 	}
2164 #endif /* IEEE8021X_EAPOL */
2165 	wpa_dbg(wpa_s, MSG_DEBUG, "Automatic auth_alg selection: 0x%x", algs);
2166 	if (ssid->auth_alg) {
2167 		algs = ssid->auth_alg;
2168 		wpa_dbg(wpa_s, MSG_DEBUG, "Overriding auth_alg selection: "
2169 			"0x%x", algs);
2170 	}
2171 
2172 	if (bss && (wpa_bss_get_vendor_ie(bss, WPA_IE_VENDOR_TYPE) ||
2173 		    wpa_bss_get_ie(bss, WLAN_EID_RSN)) &&
2174 	    wpa_key_mgmt_wpa(ssid->key_mgmt)) {
2175 		int try_opportunistic;
2176 		try_opportunistic = (ssid->proactive_key_caching < 0 ?
2177 				     wpa_s->conf->okc :
2178 				     ssid->proactive_key_caching) &&
2179 			(ssid->proto & WPA_PROTO_RSN);
2180 		if (pmksa_cache_set_current(wpa_s->wpa, NULL, bss->bssid,
2181 					    ssid, try_opportunistic) == 0)
2182 			eapol_sm_notify_pmkid_attempt(wpa_s->eapol);
2183 		wpa_ie_len = sizeof(wpa_ie);
2184 		if (wpa_supplicant_set_suites(wpa_s, bss, ssid,
2185 					      wpa_ie, &wpa_ie_len)) {
2186 			wpa_msg(wpa_s, MSG_WARNING, "WPA: Failed to set WPA "
2187 				"key management and encryption suites");
2188 			wpas_connect_work_done(wpa_s);
2189 			return;
2190 		}
2191 	} else if ((ssid->key_mgmt & WPA_KEY_MGMT_IEEE8021X_NO_WPA) && bss &&
2192 		   wpa_key_mgmt_wpa_ieee8021x(ssid->key_mgmt)) {
2193 		/*
2194 		 * Both WPA and non-WPA IEEE 802.1X enabled in configuration -
2195 		 * use non-WPA since the scan results did not indicate that the
2196 		 * AP is using WPA or WPA2.
2197 		 */
2198 		wpa_supplicant_set_non_wpa_policy(wpa_s, ssid);
2199 		wpa_ie_len = 0;
2200 		wpa_s->wpa_proto = 0;
2201 	} else if (wpa_key_mgmt_wpa_any(ssid->key_mgmt)) {
2202 		wpa_ie_len = sizeof(wpa_ie);
2203 		if (wpa_supplicant_set_suites(wpa_s, NULL, ssid,
2204 					      wpa_ie, &wpa_ie_len)) {
2205 			wpa_msg(wpa_s, MSG_WARNING, "WPA: Failed to set WPA "
2206 				"key management and encryption suites (no "
2207 				"scan results)");
2208 			wpas_connect_work_done(wpa_s);
2209 			return;
2210 		}
2211 #ifdef CONFIG_WPS
2212 	} else if (ssid->key_mgmt & WPA_KEY_MGMT_WPS) {
2213 		struct wpabuf *wps_ie;
2214 		wps_ie = wps_build_assoc_req_ie(wpas_wps_get_req_type(ssid));
2215 		if (wps_ie && wpabuf_len(wps_ie) <= sizeof(wpa_ie)) {
2216 			wpa_ie_len = wpabuf_len(wps_ie);
2217 			os_memcpy(wpa_ie, wpabuf_head(wps_ie), wpa_ie_len);
2218 		} else
2219 			wpa_ie_len = 0;
2220 		wpabuf_free(wps_ie);
2221 		wpa_supplicant_set_non_wpa_policy(wpa_s, ssid);
2222 		if (!bss || (bss->caps & IEEE80211_CAP_PRIVACY))
2223 			params.wps = WPS_MODE_PRIVACY;
2224 		else
2225 			params.wps = WPS_MODE_OPEN;
2226 		wpa_s->wpa_proto = 0;
2227 #endif /* CONFIG_WPS */
2228 	} else {
2229 		wpa_supplicant_set_non_wpa_policy(wpa_s, ssid);
2230 		wpa_ie_len = 0;
2231 		wpa_s->wpa_proto = 0;
2232 	}
2233 
2234 #ifdef CONFIG_P2P
2235 	if (wpa_s->global->p2p) {
2236 		u8 *pos;
2237 		size_t len;
2238 		int res;
2239 		pos = wpa_ie + wpa_ie_len;
2240 		len = sizeof(wpa_ie) - wpa_ie_len;
2241 		res = wpas_p2p_assoc_req_ie(wpa_s, bss, pos, len,
2242 					    ssid->p2p_group);
2243 		if (res >= 0)
2244 			wpa_ie_len += res;
2245 	}
2246 
2247 	wpa_s->cross_connect_disallowed = 0;
2248 	if (bss) {
2249 		struct wpabuf *p2p;
2250 		p2p = wpa_bss_get_vendor_ie_multi(bss, P2P_IE_VENDOR_TYPE);
2251 		if (p2p) {
2252 			wpa_s->cross_connect_disallowed =
2253 				p2p_get_cross_connect_disallowed(p2p);
2254 			wpabuf_free(p2p);
2255 			wpa_dbg(wpa_s, MSG_DEBUG, "P2P: WLAN AP %s cross "
2256 				"connection",
2257 				wpa_s->cross_connect_disallowed ?
2258 				"disallows" : "allows");
2259 		}
2260 	}
2261 
2262 	os_memset(wpa_s->p2p_ip_addr_info, 0, sizeof(wpa_s->p2p_ip_addr_info));
2263 #endif /* CONFIG_P2P */
2264 
2265 #ifdef CONFIG_MBO
2266 	if (bss) {
2267 		mbo = wpa_bss_get_vendor_ie(bss, MBO_IE_VENDOR_TYPE);
2268 		if (mbo) {
2269 			int len;
2270 
2271 			len = wpas_mbo_supp_op_class_ie(wpa_s, bss->freq,
2272 							wpa_ie + wpa_ie_len,
2273 							sizeof(wpa_ie) -
2274 							wpa_ie_len);
2275 			if (len > 0)
2276 				wpa_ie_len += len;
2277 		}
2278 	}
2279 #endif /* CONFIG_MBO */
2280 
2281 	/*
2282 	 * Workaround: Add Extended Capabilities element only if the AP
2283 	 * included this element in Beacon/Probe Response frames. Some older
2284 	 * APs seem to have interoperability issues if this element is
2285 	 * included, so while the standard may require us to include the
2286 	 * element in all cases, it is justifiable to skip it to avoid
2287 	 * interoperability issues.
2288 	 */
2289 	if (!bss || wpa_bss_get_ie(bss, WLAN_EID_EXT_CAPAB)) {
2290 		u8 ext_capab[18];
2291 		int ext_capab_len;
2292 		ext_capab_len = wpas_build_ext_capab(wpa_s, ext_capab,
2293 						     sizeof(ext_capab));
2294 		if (ext_capab_len > 0) {
2295 			u8 *pos = wpa_ie;
2296 			if (wpa_ie_len > 0 && pos[0] == WLAN_EID_RSN)
2297 				pos += 2 + pos[1];
2298 			os_memmove(pos + ext_capab_len, pos,
2299 				   wpa_ie_len - (pos - wpa_ie));
2300 			wpa_ie_len += ext_capab_len;
2301 			os_memcpy(pos, ext_capab, ext_capab_len);
2302 		}
2303 	}
2304 
2305 #ifdef CONFIG_HS20
2306 	if (is_hs20_network(wpa_s, ssid, bss)) {
2307 		struct wpabuf *hs20;
2308 
2309 		hs20 = wpabuf_alloc(20);
2310 		if (hs20) {
2311 			int pps_mo_id = hs20_get_pps_mo_id(wpa_s, ssid);
2312 			size_t len;
2313 
2314 			wpas_hs20_add_indication(hs20, pps_mo_id);
2315 			len = sizeof(wpa_ie) - wpa_ie_len;
2316 			if (wpabuf_len(hs20) <= len) {
2317 				os_memcpy(wpa_ie + wpa_ie_len,
2318 					  wpabuf_head(hs20), wpabuf_len(hs20));
2319 				wpa_ie_len += wpabuf_len(hs20);
2320 			}
2321 			wpabuf_free(hs20);
2322 		}
2323 	}
2324 #endif /* CONFIG_HS20 */
2325 
2326 	if (wpa_s->vendor_elem[VENDOR_ELEM_ASSOC_REQ]) {
2327 		struct wpabuf *buf = wpa_s->vendor_elem[VENDOR_ELEM_ASSOC_REQ];
2328 		size_t len;
2329 
2330 		len = sizeof(wpa_ie) - wpa_ie_len;
2331 		if (wpabuf_len(buf) <= len) {
2332 			os_memcpy(wpa_ie + wpa_ie_len,
2333 				  wpabuf_head(buf), wpabuf_len(buf));
2334 			wpa_ie_len += wpabuf_len(buf);
2335 		}
2336 	}
2337 
2338 #ifdef CONFIG_FST
2339 	if (wpa_s->fst_ies) {
2340 		int fst_ies_len = wpabuf_len(wpa_s->fst_ies);
2341 
2342 		if (wpa_ie_len + fst_ies_len <= sizeof(wpa_ie)) {
2343 			os_memcpy(wpa_ie + wpa_ie_len,
2344 				  wpabuf_head(wpa_s->fst_ies), fst_ies_len);
2345 			wpa_ie_len += fst_ies_len;
2346 		}
2347 	}
2348 #endif /* CONFIG_FST */
2349 
2350 #ifdef CONFIG_MBO
2351 	if (mbo) {
2352 		int len;
2353 
2354 		len = wpas_mbo_ie(wpa_s, wpa_ie + wpa_ie_len,
2355 				  sizeof(wpa_ie) - wpa_ie_len);
2356 		if (len >= 0)
2357 			wpa_ie_len += len;
2358 	}
2359 #endif /* CONFIG_MBO */
2360 
2361 	wpa_clear_keys(wpa_s, bss ? bss->bssid : NULL);
2362 	use_crypt = 1;
2363 	cipher_pairwise = wpa_s->pairwise_cipher;
2364 	cipher_group = wpa_s->group_cipher;
2365 	if (wpa_s->key_mgmt == WPA_KEY_MGMT_NONE ||
2366 	    wpa_s->key_mgmt == WPA_KEY_MGMT_IEEE8021X_NO_WPA) {
2367 		if (wpa_s->key_mgmt == WPA_KEY_MGMT_NONE)
2368 			use_crypt = 0;
2369 		if (wpa_set_wep_keys(wpa_s, ssid)) {
2370 			use_crypt = 1;
2371 			wep_keys_set = 1;
2372 		}
2373 	}
2374 	if (wpa_s->key_mgmt == WPA_KEY_MGMT_WPS)
2375 		use_crypt = 0;
2376 
2377 #ifdef IEEE8021X_EAPOL
2378 	if (wpa_s->key_mgmt == WPA_KEY_MGMT_IEEE8021X_NO_WPA) {
2379 		if ((ssid->eapol_flags &
2380 		     (EAPOL_FLAG_REQUIRE_KEY_UNICAST |
2381 		      EAPOL_FLAG_REQUIRE_KEY_BROADCAST)) == 0 &&
2382 		    !wep_keys_set) {
2383 			use_crypt = 0;
2384 		} else {
2385 			/* Assume that dynamic WEP-104 keys will be used and
2386 			 * set cipher suites in order for drivers to expect
2387 			 * encryption. */
2388 			cipher_pairwise = cipher_group = WPA_CIPHER_WEP104;
2389 		}
2390 	}
2391 #endif /* IEEE8021X_EAPOL */
2392 
2393 	if (wpa_s->key_mgmt == WPA_KEY_MGMT_WPA_NONE) {
2394 		/* Set the key before (and later after) association */
2395 		wpa_supplicant_set_wpa_none_key(wpa_s, ssid);
2396 	}
2397 
2398 	wpa_supplicant_set_state(wpa_s, WPA_ASSOCIATING);
2399 	if (bss) {
2400 		params.ssid = bss->ssid;
2401 		params.ssid_len = bss->ssid_len;
2402 		if (!wpas_driver_bss_selection(wpa_s) || ssid->bssid_set) {
2403 			wpa_printf(MSG_DEBUG, "Limit connection to BSSID "
2404 				   MACSTR " freq=%u MHz based on scan results "
2405 				   "(bssid_set=%d)",
2406 				   MAC2STR(bss->bssid), bss->freq,
2407 				   ssid->bssid_set);
2408 			params.bssid = bss->bssid;
2409 			params.freq.freq = bss->freq;
2410 		}
2411 		params.bssid_hint = bss->bssid;
2412 		params.freq_hint = bss->freq;
2413 		params.pbss = bss_is_pbss(bss);
2414 	} else {
2415 		params.ssid = ssid->ssid;
2416 		params.ssid_len = ssid->ssid_len;
2417 		params.pbss = ssid->pbss;
2418 	}
2419 
2420 	if (ssid->mode == WPAS_MODE_IBSS && ssid->bssid_set &&
2421 	    wpa_s->conf->ap_scan == 2) {
2422 		params.bssid = ssid->bssid;
2423 		params.fixed_bssid = 1;
2424 	}
2425 
2426 	/* Initial frequency for IBSS/mesh */
2427 	if ((ssid->mode == WPAS_MODE_IBSS || ssid->mode == WPAS_MODE_MESH) &&
2428 	    ssid->frequency > 0 && params.freq.freq == 0)
2429 		ibss_mesh_setup_freq(wpa_s, ssid, &params.freq);
2430 
2431 	if (ssid->mode == WPAS_MODE_IBSS) {
2432 		params.fixed_freq = ssid->fixed_freq;
2433 		if (ssid->beacon_int)
2434 			params.beacon_int = ssid->beacon_int;
2435 		else
2436 			params.beacon_int = wpa_s->conf->beacon_int;
2437 	}
2438 
2439 	params.wpa_ie = wpa_ie;
2440 	params.wpa_ie_len = wpa_ie_len;
2441 	params.pairwise_suite = cipher_pairwise;
2442 	params.group_suite = cipher_group;
2443 	params.key_mgmt_suite = wpa_s->key_mgmt;
2444 	params.wpa_proto = wpa_s->wpa_proto;
2445 	params.auth_alg = algs;
2446 	params.mode = ssid->mode;
2447 	params.bg_scan_period = ssid->bg_scan_period;
2448 	for (i = 0; i < NUM_WEP_KEYS; i++) {
2449 		if (ssid->wep_key_len[i])
2450 			params.wep_key[i] = ssid->wep_key[i];
2451 		params.wep_key_len[i] = ssid->wep_key_len[i];
2452 	}
2453 	params.wep_tx_keyidx = ssid->wep_tx_keyidx;
2454 
2455 	if ((wpa_s->drv_flags & WPA_DRIVER_FLAGS_4WAY_HANDSHAKE) &&
2456 	    (params.key_mgmt_suite == WPA_KEY_MGMT_PSK ||
2457 	     params.key_mgmt_suite == WPA_KEY_MGMT_FT_PSK)) {
2458 		params.passphrase = ssid->passphrase;
2459 		if (ssid->psk_set)
2460 			params.psk = ssid->psk;
2461 	}
2462 
2463 	if (wpa_s->conf->key_mgmt_offload) {
2464 		if (params.key_mgmt_suite == WPA_KEY_MGMT_IEEE8021X ||
2465 		    params.key_mgmt_suite == WPA_KEY_MGMT_IEEE8021X_SHA256 ||
2466 		    params.key_mgmt_suite == WPA_KEY_MGMT_IEEE8021X_SUITE_B ||
2467 		    params.key_mgmt_suite == WPA_KEY_MGMT_IEEE8021X_SUITE_B_192)
2468 			params.req_key_mgmt_offload =
2469 				ssid->proactive_key_caching < 0 ?
2470 				wpa_s->conf->okc : ssid->proactive_key_caching;
2471 		else
2472 			params.req_key_mgmt_offload = 1;
2473 
2474 		if ((params.key_mgmt_suite == WPA_KEY_MGMT_PSK ||
2475 		     params.key_mgmt_suite == WPA_KEY_MGMT_PSK_SHA256 ||
2476 		     params.key_mgmt_suite == WPA_KEY_MGMT_FT_PSK) &&
2477 		    ssid->psk_set)
2478 			params.psk = ssid->psk;
2479 	}
2480 
2481 	params.drop_unencrypted = use_crypt;
2482 
2483 #ifdef CONFIG_IEEE80211W
2484 	params.mgmt_frame_protection = wpas_get_ssid_pmf(wpa_s, ssid);
2485 	if (params.mgmt_frame_protection != NO_MGMT_FRAME_PROTECTION && bss) {
2486 		const u8 *rsn = wpa_bss_get_ie(bss, WLAN_EID_RSN);
2487 		struct wpa_ie_data ie;
2488 		if (rsn && wpa_parse_wpa_ie(rsn, 2 + rsn[1], &ie) == 0 &&
2489 		    ie.capabilities &
2490 		    (WPA_CAPABILITY_MFPC | WPA_CAPABILITY_MFPR)) {
2491 			wpa_dbg(wpa_s, MSG_DEBUG, "WPA: Selected AP supports "
2492 				"MFP: require MFP");
2493 			params.mgmt_frame_protection =
2494 				MGMT_FRAME_PROTECTION_REQUIRED;
2495 		}
2496 	}
2497 #endif /* CONFIG_IEEE80211W */
2498 
2499 	params.p2p = ssid->p2p_group;
2500 
2501 	if (wpa_s->p2pdev->set_sta_uapsd)
2502 		params.uapsd = wpa_s->p2pdev->sta_uapsd;
2503 	else
2504 		params.uapsd = -1;
2505 
2506 #ifdef CONFIG_HT_OVERRIDES
2507 	os_memset(&htcaps, 0, sizeof(htcaps));
2508 	os_memset(&htcaps_mask, 0, sizeof(htcaps_mask));
2509 	params.htcaps = (u8 *) &htcaps;
2510 	params.htcaps_mask = (u8 *) &htcaps_mask;
2511 	wpa_supplicant_apply_ht_overrides(wpa_s, ssid, &params);
2512 #endif /* CONFIG_HT_OVERRIDES */
2513 #ifdef CONFIG_VHT_OVERRIDES
2514 	os_memset(&vhtcaps, 0, sizeof(vhtcaps));
2515 	os_memset(&vhtcaps_mask, 0, sizeof(vhtcaps_mask));
2516 	params.vhtcaps = &vhtcaps;
2517 	params.vhtcaps_mask = &vhtcaps_mask;
2518 	wpa_supplicant_apply_vht_overrides(wpa_s, ssid, &params);
2519 #endif /* CONFIG_VHT_OVERRIDES */
2520 
2521 #ifdef CONFIG_P2P
2522 	/*
2523 	 * If multi-channel concurrency is not supported, check for any
2524 	 * frequency conflict. In case of any frequency conflict, remove the
2525 	 * least prioritized connection.
2526 	 */
2527 	if (wpa_s->num_multichan_concurrent < 2) {
2528 		int freq, num;
2529 		num = get_shared_radio_freqs(wpa_s, &freq, 1);
2530 		if (num > 0 && freq > 0 && freq != params.freq.freq) {
2531 			wpa_printf(MSG_DEBUG,
2532 				   "Assoc conflicting freq found (%d != %d)",
2533 				   freq, params.freq.freq);
2534 			if (wpas_p2p_handle_frequency_conflicts(
2535 				    wpa_s, params.freq.freq, ssid) < 0) {
2536 				wpas_connect_work_done(wpa_s);
2537 				return;
2538 			}
2539 		}
2540 	}
2541 #endif /* CONFIG_P2P */
2542 
2543 	if (wpa_s->reassoc_same_ess && !is_zero_ether_addr(prev_bssid) &&
2544 	    wpa_s->current_ssid)
2545 		params.prev_bssid = prev_bssid;
2546 
2547 	ret = wpa_drv_associate(wpa_s, &params);
2548 	if (ret < 0) {
2549 		wpa_msg(wpa_s, MSG_INFO, "Association request to the driver "
2550 			"failed");
2551 		if (wpa_s->drv_flags & WPA_DRIVER_FLAGS_SANE_ERROR_CODES) {
2552 			/*
2553 			 * The driver is known to mean what is saying, so we
2554 			 * can stop right here; the association will not
2555 			 * succeed.
2556 			 */
2557 			wpas_connection_failed(wpa_s, wpa_s->pending_bssid);
2558 			wpa_supplicant_set_state(wpa_s, WPA_DISCONNECTED);
2559 			os_memset(wpa_s->pending_bssid, 0, ETH_ALEN);
2560 			return;
2561 		}
2562 		/* try to continue anyway; new association will be tried again
2563 		 * after timeout */
2564 		assoc_failed = 1;
2565 	}
2566 
2567 	if (wpa_s->key_mgmt == WPA_KEY_MGMT_WPA_NONE) {
2568 		/* Set the key after the association just in case association
2569 		 * cleared the previously configured key. */
2570 		wpa_supplicant_set_wpa_none_key(wpa_s, ssid);
2571 		/* No need to timeout authentication since there is no key
2572 		 * management. */
2573 		wpa_supplicant_cancel_auth_timeout(wpa_s);
2574 		wpa_supplicant_set_state(wpa_s, WPA_COMPLETED);
2575 #ifdef CONFIG_IBSS_RSN
2576 	} else if (ssid->mode == WPAS_MODE_IBSS &&
2577 		   wpa_s->key_mgmt != WPA_KEY_MGMT_NONE &&
2578 		   wpa_s->key_mgmt != WPA_KEY_MGMT_WPA_NONE) {
2579 		/*
2580 		 * RSN IBSS authentication is per-STA and we can disable the
2581 		 * per-BSSID authentication.
2582 		 */
2583 		wpa_supplicant_cancel_auth_timeout(wpa_s);
2584 #endif /* CONFIG_IBSS_RSN */
2585 	} else {
2586 		/* Timeout for IEEE 802.11 authentication and association */
2587 		int timeout = 60;
2588 
2589 		if (assoc_failed) {
2590 			/* give IBSS a bit more time */
2591 			timeout = ssid->mode == WPAS_MODE_IBSS ? 10 : 5;
2592 		} else if (wpa_s->conf->ap_scan == 1) {
2593 			/* give IBSS a bit more time */
2594 			timeout = ssid->mode == WPAS_MODE_IBSS ? 20 : 10;
2595 		}
2596 		wpa_supplicant_req_auth_timeout(wpa_s, timeout, 0);
2597 	}
2598 
2599 	if (wep_keys_set &&
2600 	    (wpa_s->drv_flags & WPA_DRIVER_FLAGS_SET_KEYS_AFTER_ASSOC)) {
2601 		/* Set static WEP keys again */
2602 		wpa_set_wep_keys(wpa_s, ssid);
2603 	}
2604 
2605 	if (wpa_s->current_ssid && wpa_s->current_ssid != ssid) {
2606 		/*
2607 		 * Do not allow EAP session resumption between different
2608 		 * network configurations.
2609 		 */
2610 		eapol_sm_invalidate_cached_session(wpa_s->eapol);
2611 	}
2612 	old_ssid = wpa_s->current_ssid;
2613 	wpa_s->current_ssid = ssid;
2614 	if (!wpas_driver_bss_selection(wpa_s) || ssid->bssid_set)
2615 		wpa_s->current_bss = bss;
2616 	wpa_supplicant_rsn_supp_set_config(wpa_s, wpa_s->current_ssid);
2617 	wpa_supplicant_initiate_eapol(wpa_s);
2618 	if (old_ssid != wpa_s->current_ssid)
2619 		wpas_notify_network_changed(wpa_s);
2620 }
2621 
2622 
wpa_supplicant_clear_connection(struct wpa_supplicant * wpa_s,const u8 * addr)2623 static void wpa_supplicant_clear_connection(struct wpa_supplicant *wpa_s,
2624 					    const u8 *addr)
2625 {
2626 	struct wpa_ssid *old_ssid;
2627 
2628 	wpas_connect_work_done(wpa_s);
2629 	wpa_clear_keys(wpa_s, addr);
2630 	old_ssid = wpa_s->current_ssid;
2631 	wpa_supplicant_mark_disassoc(wpa_s);
2632 	wpa_sm_set_config(wpa_s->wpa, NULL);
2633 	eapol_sm_notify_config(wpa_s->eapol, NULL, NULL);
2634 	if (old_ssid != wpa_s->current_ssid)
2635 		wpas_notify_network_changed(wpa_s);
2636 	eloop_cancel_timeout(wpa_supplicant_timeout, wpa_s, NULL);
2637 }
2638 
2639 
2640 /**
2641  * wpa_supplicant_deauthenticate - Deauthenticate the current connection
2642  * @wpa_s: Pointer to wpa_supplicant data
2643  * @reason_code: IEEE 802.11 reason code for the deauthenticate frame
2644  *
2645  * This function is used to request %wpa_supplicant to deauthenticate from the
2646  * current AP.
2647  */
wpa_supplicant_deauthenticate(struct wpa_supplicant * wpa_s,int reason_code)2648 void wpa_supplicant_deauthenticate(struct wpa_supplicant *wpa_s,
2649 				   int reason_code)
2650 {
2651 	u8 *addr = NULL;
2652 	union wpa_event_data event;
2653 	int zero_addr = 0;
2654 
2655 	wpa_dbg(wpa_s, MSG_DEBUG, "Request to deauthenticate - bssid=" MACSTR
2656 		" pending_bssid=" MACSTR " reason=%d state=%s",
2657 		MAC2STR(wpa_s->bssid), MAC2STR(wpa_s->pending_bssid),
2658 		reason_code, wpa_supplicant_state_txt(wpa_s->wpa_state));
2659 
2660 	if (!is_zero_ether_addr(wpa_s->bssid))
2661 		addr = wpa_s->bssid;
2662 	else if (!is_zero_ether_addr(wpa_s->pending_bssid) &&
2663 		 (wpa_s->wpa_state == WPA_AUTHENTICATING ||
2664 		  wpa_s->wpa_state == WPA_ASSOCIATING))
2665 		addr = wpa_s->pending_bssid;
2666 	else if (wpa_s->wpa_state == WPA_ASSOCIATING) {
2667 		/*
2668 		 * When using driver-based BSS selection, we may not know the
2669 		 * BSSID with which we are currently trying to associate. We
2670 		 * need to notify the driver of this disconnection even in such
2671 		 * a case, so use the all zeros address here.
2672 		 */
2673 		addr = wpa_s->bssid;
2674 		zero_addr = 1;
2675 	}
2676 
2677 #ifdef CONFIG_TDLS
2678 	wpa_tdls_teardown_peers(wpa_s->wpa);
2679 #endif /* CONFIG_TDLS */
2680 
2681 #ifdef CONFIG_MESH
2682 	if (wpa_s->ifmsh) {
2683 		wpa_msg(wpa_s, MSG_INFO, MESH_GROUP_REMOVED "%s",
2684 			wpa_s->ifname);
2685 		wpa_supplicant_leave_mesh(wpa_s);
2686 	}
2687 #endif /* CONFIG_MESH */
2688 
2689 	if (addr) {
2690 		wpa_drv_deauthenticate(wpa_s, addr, reason_code);
2691 		os_memset(&event, 0, sizeof(event));
2692 		event.deauth_info.reason_code = (u16) reason_code;
2693 		event.deauth_info.locally_generated = 1;
2694 		wpa_supplicant_event(wpa_s, EVENT_DEAUTH, &event);
2695 		if (zero_addr)
2696 			addr = NULL;
2697 	}
2698 
2699 	wpa_supplicant_clear_connection(wpa_s, addr);
2700 }
2701 
wpa_supplicant_enable_one_network(struct wpa_supplicant * wpa_s,struct wpa_ssid * ssid)2702 static void wpa_supplicant_enable_one_network(struct wpa_supplicant *wpa_s,
2703 					      struct wpa_ssid *ssid)
2704 {
2705 	if (!ssid || !ssid->disabled || ssid->disabled == 2)
2706 		return;
2707 
2708 	ssid->disabled = 0;
2709 	wpas_clear_temp_disabled(wpa_s, ssid, 1);
2710 	wpas_notify_network_enabled_changed(wpa_s, ssid);
2711 
2712 	/*
2713 	 * Try to reassociate since there is no current configuration and a new
2714 	 * network was made available.
2715 	 */
2716 	if (!wpa_s->current_ssid && !wpa_s->disconnected)
2717 		wpa_s->reassociate = 1;
2718 }
2719 
2720 
2721 /**
2722  * wpa_supplicant_enable_network - Mark a configured network as enabled
2723  * @wpa_s: wpa_supplicant structure for a network interface
2724  * @ssid: wpa_ssid structure for a configured network or %NULL
2725  *
2726  * Enables the specified network or all networks if no network specified.
2727  */
wpa_supplicant_enable_network(struct wpa_supplicant * wpa_s,struct wpa_ssid * ssid)2728 void wpa_supplicant_enable_network(struct wpa_supplicant *wpa_s,
2729 				   struct wpa_ssid *ssid)
2730 {
2731 	if (ssid == NULL) {
2732 		for (ssid = wpa_s->conf->ssid; ssid; ssid = ssid->next)
2733 			wpa_supplicant_enable_one_network(wpa_s, ssid);
2734 	} else
2735 		wpa_supplicant_enable_one_network(wpa_s, ssid);
2736 
2737 	if (wpa_s->reassociate && !wpa_s->disconnected &&
2738 	    (!wpa_s->current_ssid ||
2739 	     wpa_s->wpa_state == WPA_DISCONNECTED ||
2740 	     wpa_s->wpa_state == WPA_SCANNING)) {
2741 		if (wpa_s->sched_scanning) {
2742 			wpa_printf(MSG_DEBUG, "Stop ongoing sched_scan to add "
2743 				   "new network to scan filters");
2744 			wpa_supplicant_cancel_sched_scan(wpa_s);
2745 		}
2746 
2747 		if (wpa_supplicant_fast_associate(wpa_s) != 1) {
2748 			wpa_s->scan_req = NORMAL_SCAN_REQ;
2749 			wpa_supplicant_req_scan(wpa_s, 0, 0);
2750 		}
2751 	}
2752 }
2753 
2754 
2755 /**
2756  * wpa_supplicant_disable_network - Mark a configured network as disabled
2757  * @wpa_s: wpa_supplicant structure for a network interface
2758  * @ssid: wpa_ssid structure for a configured network or %NULL
2759  *
2760  * Disables the specified network or all networks if no network specified.
2761  */
wpa_supplicant_disable_network(struct wpa_supplicant * wpa_s,struct wpa_ssid * ssid)2762 void wpa_supplicant_disable_network(struct wpa_supplicant *wpa_s,
2763 				    struct wpa_ssid *ssid)
2764 {
2765 	struct wpa_ssid *other_ssid;
2766 	int was_disabled;
2767 
2768 	if (ssid == NULL) {
2769 		if (wpa_s->sched_scanning)
2770 			wpa_supplicant_cancel_sched_scan(wpa_s);
2771 
2772 		for (other_ssid = wpa_s->conf->ssid; other_ssid;
2773 		     other_ssid = other_ssid->next) {
2774 			was_disabled = other_ssid->disabled;
2775 			if (was_disabled == 2)
2776 				continue; /* do not change persistent P2P group
2777 					   * data */
2778 
2779 			other_ssid->disabled = 1;
2780 
2781 			if (was_disabled != other_ssid->disabled)
2782 				wpas_notify_network_enabled_changed(
2783 					wpa_s, other_ssid);
2784 		}
2785 		if (wpa_s->current_ssid)
2786 			wpa_supplicant_deauthenticate(
2787 				wpa_s, WLAN_REASON_DEAUTH_LEAVING);
2788 	} else if (ssid->disabled != 2) {
2789 		if (ssid == wpa_s->current_ssid)
2790 			wpa_supplicant_deauthenticate(
2791 				wpa_s, WLAN_REASON_DEAUTH_LEAVING);
2792 
2793 		was_disabled = ssid->disabled;
2794 
2795 		ssid->disabled = 1;
2796 
2797 		if (was_disabled != ssid->disabled) {
2798 			wpas_notify_network_enabled_changed(wpa_s, ssid);
2799 			if (wpa_s->sched_scanning) {
2800 				wpa_printf(MSG_DEBUG, "Stop ongoing sched_scan "
2801 					   "to remove network from filters");
2802 				wpa_supplicant_cancel_sched_scan(wpa_s);
2803 				wpa_supplicant_req_scan(wpa_s, 0, 0);
2804 			}
2805 		}
2806 	}
2807 }
2808 
2809 
2810 /**
2811  * wpa_supplicant_select_network - Attempt association with a network
2812  * @wpa_s: wpa_supplicant structure for a network interface
2813  * @ssid: wpa_ssid structure for a configured network or %NULL for any network
2814  */
wpa_supplicant_select_network(struct wpa_supplicant * wpa_s,struct wpa_ssid * ssid)2815 void wpa_supplicant_select_network(struct wpa_supplicant *wpa_s,
2816 				   struct wpa_ssid *ssid)
2817 {
2818 
2819 	struct wpa_ssid *other_ssid;
2820 	int disconnected = 0;
2821 
2822 	if (ssid && ssid != wpa_s->current_ssid && wpa_s->current_ssid) {
2823 		if (wpa_s->wpa_state >= WPA_AUTHENTICATING)
2824 			wpa_s->own_disconnect_req = 1;
2825 		wpa_supplicant_deauthenticate(
2826 			wpa_s, WLAN_REASON_DEAUTH_LEAVING);
2827 		disconnected = 1;
2828 	}
2829 
2830 	if (ssid)
2831 		wpas_clear_temp_disabled(wpa_s, ssid, 1);
2832 
2833 	/*
2834 	 * Mark all other networks disabled or mark all networks enabled if no
2835 	 * network specified.
2836 	 */
2837 	for (other_ssid = wpa_s->conf->ssid; other_ssid;
2838 	     other_ssid = other_ssid->next) {
2839 		int was_disabled = other_ssid->disabled;
2840 		if (was_disabled == 2)
2841 			continue; /* do not change persistent P2P group data */
2842 
2843 		other_ssid->disabled = ssid ? (ssid->id != other_ssid->id) : 0;
2844 		if (was_disabled && !other_ssid->disabled)
2845 			wpas_clear_temp_disabled(wpa_s, other_ssid, 0);
2846 
2847 		if (was_disabled != other_ssid->disabled)
2848 			wpas_notify_network_enabled_changed(wpa_s, other_ssid);
2849 	}
2850 
2851 	if (ssid && ssid == wpa_s->current_ssid && wpa_s->current_ssid &&
2852 	    wpa_s->wpa_state >= WPA_AUTHENTICATING) {
2853 		/* We are already associated with the selected network */
2854 		wpa_printf(MSG_DEBUG, "Already associated with the "
2855 			   "selected network - do nothing");
2856 		return;
2857 	}
2858 
2859 	if (ssid) {
2860 		wpa_s->current_ssid = ssid;
2861 		eapol_sm_notify_config(wpa_s->eapol, NULL, NULL);
2862 		wpa_s->connect_without_scan =
2863 			(ssid->mode == WPAS_MODE_MESH) ? ssid : NULL;
2864 
2865 		/*
2866 		 * Don't optimize next scan freqs since a new ESS has been
2867 		 * selected.
2868 		 */
2869 		os_free(wpa_s->next_scan_freqs);
2870 		wpa_s->next_scan_freqs = NULL;
2871 	} else {
2872 		wpa_s->connect_without_scan = NULL;
2873 	}
2874 
2875 	wpa_s->disconnected = 0;
2876 	wpa_s->reassociate = 1;
2877 
2878 	if (wpa_s->connect_without_scan ||
2879 	    wpa_supplicant_fast_associate(wpa_s) != 1) {
2880 		wpa_s->scan_req = NORMAL_SCAN_REQ;
2881 		wpa_supplicant_req_scan(wpa_s, 0, disconnected ? 100000 : 0);
2882 	}
2883 
2884 	if (ssid)
2885 		wpas_notify_network_selected(wpa_s, ssid);
2886 }
2887 
2888 
2889 /**
2890  * wpas_set_pkcs11_engine_and_module_path - Set PKCS #11 engine and module path
2891  * @wpa_s: wpa_supplicant structure for a network interface
2892  * @pkcs11_engine_path: PKCS #11 engine path or NULL
2893  * @pkcs11_module_path: PKCS #11 module path or NULL
2894  * Returns: 0 on success; -1 on failure
2895  *
2896  * Sets the PKCS #11 engine and module path. Both have to be NULL or a valid
2897  * path. If resetting the EAPOL state machine with the new PKCS #11 engine and
2898  * module path fails the paths will be reset to the default value (NULL).
2899  */
wpas_set_pkcs11_engine_and_module_path(struct wpa_supplicant * wpa_s,const char * pkcs11_engine_path,const char * pkcs11_module_path)2900 int wpas_set_pkcs11_engine_and_module_path(struct wpa_supplicant *wpa_s,
2901 					   const char *pkcs11_engine_path,
2902 					   const char *pkcs11_module_path)
2903 {
2904 	char *pkcs11_engine_path_copy = NULL;
2905 	char *pkcs11_module_path_copy = NULL;
2906 
2907 	if (pkcs11_engine_path != NULL) {
2908 		pkcs11_engine_path_copy = os_strdup(pkcs11_engine_path);
2909 		if (pkcs11_engine_path_copy == NULL)
2910 			return -1;
2911 	}
2912 	if (pkcs11_module_path != NULL) {
2913 		pkcs11_module_path_copy = os_strdup(pkcs11_module_path);
2914 		if (pkcs11_module_path_copy == NULL) {
2915 			os_free(pkcs11_engine_path_copy);
2916 			return -1;
2917 		}
2918 	}
2919 
2920 	os_free(wpa_s->conf->pkcs11_engine_path);
2921 	os_free(wpa_s->conf->pkcs11_module_path);
2922 	wpa_s->conf->pkcs11_engine_path = pkcs11_engine_path_copy;
2923 	wpa_s->conf->pkcs11_module_path = pkcs11_module_path_copy;
2924 
2925 	wpa_sm_set_eapol(wpa_s->wpa, NULL);
2926 	eapol_sm_deinit(wpa_s->eapol);
2927 	wpa_s->eapol = NULL;
2928 	if (wpa_supplicant_init_eapol(wpa_s)) {
2929 		/* Error -> Reset paths to the default value (NULL) once. */
2930 		if (pkcs11_engine_path != NULL && pkcs11_module_path != NULL)
2931 			wpas_set_pkcs11_engine_and_module_path(wpa_s, NULL,
2932 							       NULL);
2933 
2934 		return -1;
2935 	}
2936 	wpa_sm_set_eapol(wpa_s->wpa, wpa_s->eapol);
2937 
2938 	return 0;
2939 }
2940 
2941 
2942 /**
2943  * wpa_supplicant_set_ap_scan - Set AP scan mode for interface
2944  * @wpa_s: wpa_supplicant structure for a network interface
2945  * @ap_scan: AP scan mode
2946  * Returns: 0 if succeed or -1 if ap_scan has an invalid value
2947  *
2948  */
wpa_supplicant_set_ap_scan(struct wpa_supplicant * wpa_s,int ap_scan)2949 int wpa_supplicant_set_ap_scan(struct wpa_supplicant *wpa_s, int ap_scan)
2950 {
2951 
2952 	int old_ap_scan;
2953 
2954 	if (ap_scan < 0 || ap_scan > 2)
2955 		return -1;
2956 
2957 	if (ap_scan == 2 && os_strcmp(wpa_s->driver->name, "nl80211") == 0) {
2958 		wpa_printf(MSG_INFO,
2959 			   "Note: nl80211 driver interface is not designed to be used with ap_scan=2; this can result in connection failures");
2960 	}
2961 
2962 #ifdef ANDROID
2963 	if (ap_scan == 2 && ap_scan != wpa_s->conf->ap_scan &&
2964 	    wpa_s->wpa_state >= WPA_ASSOCIATING &&
2965 	    wpa_s->wpa_state < WPA_COMPLETED) {
2966 		wpa_printf(MSG_ERROR, "ap_scan = %d (%d) rejected while "
2967 			   "associating", wpa_s->conf->ap_scan, ap_scan);
2968 		return 0;
2969 	}
2970 #endif /* ANDROID */
2971 
2972 	old_ap_scan = wpa_s->conf->ap_scan;
2973 	wpa_s->conf->ap_scan = ap_scan;
2974 
2975 	if (old_ap_scan != wpa_s->conf->ap_scan)
2976 		wpas_notify_ap_scan_changed(wpa_s);
2977 
2978 	return 0;
2979 }
2980 
2981 
2982 /**
2983  * wpa_supplicant_set_bss_expiration_age - Set BSS entry expiration age
2984  * @wpa_s: wpa_supplicant structure for a network interface
2985  * @expire_age: Expiration age in seconds
2986  * Returns: 0 if succeed or -1 if expire_age has an invalid value
2987  *
2988  */
wpa_supplicant_set_bss_expiration_age(struct wpa_supplicant * wpa_s,unsigned int bss_expire_age)2989 int wpa_supplicant_set_bss_expiration_age(struct wpa_supplicant *wpa_s,
2990 					  unsigned int bss_expire_age)
2991 {
2992 	if (bss_expire_age < 10) {
2993 		wpa_msg(wpa_s, MSG_ERROR, "Invalid bss expiration age %u",
2994 			bss_expire_age);
2995 		return -1;
2996 	}
2997 	wpa_msg(wpa_s, MSG_DEBUG, "Setting bss expiration age: %d sec",
2998 		bss_expire_age);
2999 	wpa_s->conf->bss_expiration_age = bss_expire_age;
3000 
3001 	return 0;
3002 }
3003 
3004 
3005 /**
3006  * wpa_supplicant_set_bss_expiration_count - Set BSS entry expiration scan count
3007  * @wpa_s: wpa_supplicant structure for a network interface
3008  * @expire_count: number of scans after which an unseen BSS is reclaimed
3009  * Returns: 0 if succeed or -1 if expire_count has an invalid value
3010  *
3011  */
wpa_supplicant_set_bss_expiration_count(struct wpa_supplicant * wpa_s,unsigned int bss_expire_count)3012 int wpa_supplicant_set_bss_expiration_count(struct wpa_supplicant *wpa_s,
3013 					    unsigned int bss_expire_count)
3014 {
3015 	if (bss_expire_count < 1) {
3016 		wpa_msg(wpa_s, MSG_ERROR, "Invalid bss expiration count %u",
3017 			bss_expire_count);
3018 		return -1;
3019 	}
3020 	wpa_msg(wpa_s, MSG_DEBUG, "Setting bss expiration scan count: %u",
3021 		bss_expire_count);
3022 	wpa_s->conf->bss_expiration_scan_count = bss_expire_count;
3023 
3024 	return 0;
3025 }
3026 
3027 
3028 /**
3029  * wpa_supplicant_set_scan_interval - Set scan interval
3030  * @wpa_s: wpa_supplicant structure for a network interface
3031  * @scan_interval: scan interval in seconds
3032  * Returns: 0 if succeed or -1 if scan_interval has an invalid value
3033  *
3034  */
wpa_supplicant_set_scan_interval(struct wpa_supplicant * wpa_s,int scan_interval)3035 int wpa_supplicant_set_scan_interval(struct wpa_supplicant *wpa_s,
3036 				     int scan_interval)
3037 {
3038 	if (scan_interval < 0) {
3039 		wpa_msg(wpa_s, MSG_ERROR, "Invalid scan interval %d",
3040 			scan_interval);
3041 		return -1;
3042 	}
3043 	wpa_msg(wpa_s, MSG_DEBUG, "Setting scan interval: %d sec",
3044 		scan_interval);
3045 	wpa_supplicant_update_scan_int(wpa_s, scan_interval);
3046 
3047 	return 0;
3048 }
3049 
3050 
3051 /**
3052  * wpa_supplicant_set_debug_params - Set global debug params
3053  * @global: wpa_global structure
3054  * @debug_level: debug level
3055  * @debug_timestamp: determines if show timestamp in debug data
3056  * @debug_show_keys: determines if show keys in debug data
3057  * Returns: 0 if succeed or -1 if debug_level has wrong value
3058  */
wpa_supplicant_set_debug_params(struct wpa_global * global,int debug_level,int debug_timestamp,int debug_show_keys)3059 int wpa_supplicant_set_debug_params(struct wpa_global *global, int debug_level,
3060 				    int debug_timestamp, int debug_show_keys)
3061 {
3062 
3063 	int old_level, old_timestamp, old_show_keys;
3064 
3065 	/* check for allowed debuglevels */
3066 	if (debug_level != MSG_EXCESSIVE &&
3067 	    debug_level != MSG_MSGDUMP &&
3068 	    debug_level != MSG_DEBUG &&
3069 	    debug_level != MSG_INFO &&
3070 	    debug_level != MSG_WARNING &&
3071 	    debug_level != MSG_ERROR)
3072 		return -1;
3073 
3074 	old_level = wpa_debug_level;
3075 	old_timestamp = wpa_debug_timestamp;
3076 	old_show_keys = wpa_debug_show_keys;
3077 
3078 	wpa_debug_level = debug_level;
3079 	wpa_debug_timestamp = debug_timestamp ? 1 : 0;
3080 	wpa_debug_show_keys = debug_show_keys ? 1 : 0;
3081 
3082 	if (wpa_debug_level != old_level)
3083 		wpas_notify_debug_level_changed(global);
3084 	if (wpa_debug_timestamp != old_timestamp)
3085 		wpas_notify_debug_timestamp_changed(global);
3086 	if (wpa_debug_show_keys != old_show_keys)
3087 		wpas_notify_debug_show_keys_changed(global);
3088 
3089 	return 0;
3090 }
3091 
3092 
3093 /**
3094  * wpa_supplicant_get_ssid - Get a pointer to the current network structure
3095  * @wpa_s: Pointer to wpa_supplicant data
3096  * Returns: A pointer to the current network structure or %NULL on failure
3097  */
wpa_supplicant_get_ssid(struct wpa_supplicant * wpa_s)3098 struct wpa_ssid * wpa_supplicant_get_ssid(struct wpa_supplicant *wpa_s)
3099 {
3100 	struct wpa_ssid *entry;
3101 	u8 ssid[SSID_MAX_LEN];
3102 	int res;
3103 	size_t ssid_len;
3104 	u8 bssid[ETH_ALEN];
3105 	int wired;
3106 
3107 	res = wpa_drv_get_ssid(wpa_s, ssid);
3108 	if (res < 0) {
3109 		wpa_msg(wpa_s, MSG_WARNING, "Could not read SSID from "
3110 			"driver");
3111 		return NULL;
3112 	}
3113 	ssid_len = res;
3114 
3115 	if (wpa_drv_get_bssid(wpa_s, bssid) < 0) {
3116 		wpa_msg(wpa_s, MSG_WARNING, "Could not read BSSID from "
3117 			"driver");
3118 		return NULL;
3119 	}
3120 
3121 	wired = wpa_s->conf->ap_scan == 0 &&
3122 		(wpa_s->drv_flags & WPA_DRIVER_FLAGS_WIRED);
3123 
3124 	entry = wpa_s->conf->ssid;
3125 	while (entry) {
3126 		if (!wpas_network_disabled(wpa_s, entry) &&
3127 		    ((ssid_len == entry->ssid_len &&
3128 		      os_memcmp(ssid, entry->ssid, ssid_len) == 0) || wired) &&
3129 		    (!entry->bssid_set ||
3130 		     os_memcmp(bssid, entry->bssid, ETH_ALEN) == 0))
3131 			return entry;
3132 #ifdef CONFIG_WPS
3133 		if (!wpas_network_disabled(wpa_s, entry) &&
3134 		    (entry->key_mgmt & WPA_KEY_MGMT_WPS) &&
3135 		    (entry->ssid == NULL || entry->ssid_len == 0) &&
3136 		    (!entry->bssid_set ||
3137 		     os_memcmp(bssid, entry->bssid, ETH_ALEN) == 0))
3138 			return entry;
3139 #endif /* CONFIG_WPS */
3140 
3141 		if (!wpas_network_disabled(wpa_s, entry) && entry->bssid_set &&
3142 		    entry->ssid_len == 0 &&
3143 		    os_memcmp(bssid, entry->bssid, ETH_ALEN) == 0)
3144 			return entry;
3145 
3146 		entry = entry->next;
3147 	}
3148 
3149 	return NULL;
3150 }
3151 
3152 
select_driver(struct wpa_supplicant * wpa_s,int i)3153 static int select_driver(struct wpa_supplicant *wpa_s, int i)
3154 {
3155 	struct wpa_global *global = wpa_s->global;
3156 
3157 	if (wpa_drivers[i]->global_init && global->drv_priv[i] == NULL) {
3158 		global->drv_priv[i] = wpa_drivers[i]->global_init(global);
3159 		if (global->drv_priv[i] == NULL) {
3160 			wpa_printf(MSG_ERROR, "Failed to initialize driver "
3161 				   "'%s'", wpa_drivers[i]->name);
3162 			return -1;
3163 		}
3164 	}
3165 
3166 	wpa_s->driver = wpa_drivers[i];
3167 	wpa_s->global_drv_priv = global->drv_priv[i];
3168 
3169 	return 0;
3170 }
3171 
3172 
wpa_supplicant_set_driver(struct wpa_supplicant * wpa_s,const char * name)3173 static int wpa_supplicant_set_driver(struct wpa_supplicant *wpa_s,
3174 				     const char *name)
3175 {
3176 	int i;
3177 	size_t len;
3178 	const char *pos, *driver = name;
3179 
3180 	if (wpa_s == NULL)
3181 		return -1;
3182 
3183 	if (wpa_drivers[0] == NULL) {
3184 		wpa_msg(wpa_s, MSG_ERROR, "No driver interfaces build into "
3185 			"wpa_supplicant");
3186 		return -1;
3187 	}
3188 
3189 	if (name == NULL) {
3190 		/* default to first driver in the list */
3191 		return select_driver(wpa_s, 0);
3192 	}
3193 
3194 	do {
3195 		pos = os_strchr(driver, ',');
3196 		if (pos)
3197 			len = pos - driver;
3198 		else
3199 			len = os_strlen(driver);
3200 
3201 		for (i = 0; wpa_drivers[i]; i++) {
3202 			if (os_strlen(wpa_drivers[i]->name) == len &&
3203 			    os_strncmp(driver, wpa_drivers[i]->name, len) ==
3204 			    0) {
3205 				/* First driver that succeeds wins */
3206 				if (select_driver(wpa_s, i) == 0)
3207 					return 0;
3208 			}
3209 		}
3210 
3211 		driver = pos + 1;
3212 	} while (pos);
3213 
3214 	wpa_msg(wpa_s, MSG_ERROR, "Unsupported driver '%s'", name);
3215 	return -1;
3216 }
3217 
3218 
3219 /**
3220  * wpa_supplicant_rx_eapol - Deliver a received EAPOL frame to wpa_supplicant
3221  * @ctx: Context pointer (wpa_s); this is the ctx variable registered
3222  *	with struct wpa_driver_ops::init()
3223  * @src_addr: Source address of the EAPOL frame
3224  * @buf: EAPOL data starting from the EAPOL header (i.e., no Ethernet header)
3225  * @len: Length of the EAPOL data
3226  *
3227  * This function is called for each received EAPOL frame. Most driver
3228  * interfaces rely on more generic OS mechanism for receiving frames through
3229  * l2_packet, but if such a mechanism is not available, the driver wrapper may
3230  * take care of received EAPOL frames and deliver them to the core supplicant
3231  * code by calling this function.
3232  */
wpa_supplicant_rx_eapol(void * ctx,const u8 * src_addr,const u8 * buf,size_t len)3233 void wpa_supplicant_rx_eapol(void *ctx, const u8 *src_addr,
3234 			     const u8 *buf, size_t len)
3235 {
3236 	struct wpa_supplicant *wpa_s = ctx;
3237 
3238 	wpa_dbg(wpa_s, MSG_DEBUG, "RX EAPOL from " MACSTR, MAC2STR(src_addr));
3239 	wpa_hexdump(MSG_MSGDUMP, "RX EAPOL", buf, len);
3240 
3241 #ifdef CONFIG_PEERKEY
3242 	if (wpa_s->wpa_state > WPA_ASSOCIATED && wpa_s->current_ssid &&
3243 	    wpa_s->current_ssid->peerkey &&
3244 	    !(wpa_s->drv_flags & WPA_DRIVER_FLAGS_4WAY_HANDSHAKE) &&
3245 	    wpa_sm_rx_eapol_peerkey(wpa_s->wpa, src_addr, buf, len) == 1) {
3246 		wpa_dbg(wpa_s, MSG_DEBUG, "RSN: Processed PeerKey EAPOL-Key");
3247 		return;
3248 	}
3249 #endif /* CONFIG_PEERKEY */
3250 
3251 	if (wpa_s->wpa_state < WPA_ASSOCIATED ||
3252 	    (wpa_s->last_eapol_matches_bssid &&
3253 #ifdef CONFIG_AP
3254 	     !wpa_s->ap_iface &&
3255 #endif /* CONFIG_AP */
3256 	     os_memcmp(src_addr, wpa_s->bssid, ETH_ALEN) != 0)) {
3257 		/*
3258 		 * There is possible race condition between receiving the
3259 		 * association event and the EAPOL frame since they are coming
3260 		 * through different paths from the driver. In order to avoid
3261 		 * issues in trying to process the EAPOL frame before receiving
3262 		 * association information, lets queue it for processing until
3263 		 * the association event is received. This may also be needed in
3264 		 * driver-based roaming case, so also use src_addr != BSSID as a
3265 		 * trigger if we have previously confirmed that the
3266 		 * Authenticator uses BSSID as the src_addr (which is not the
3267 		 * case with wired IEEE 802.1X).
3268 		 */
3269 		wpa_dbg(wpa_s, MSG_DEBUG, "Not associated - Delay processing "
3270 			"of received EAPOL frame (state=%s bssid=" MACSTR ")",
3271 			wpa_supplicant_state_txt(wpa_s->wpa_state),
3272 			MAC2STR(wpa_s->bssid));
3273 		wpabuf_free(wpa_s->pending_eapol_rx);
3274 		wpa_s->pending_eapol_rx = wpabuf_alloc_copy(buf, len);
3275 		if (wpa_s->pending_eapol_rx) {
3276 			os_get_reltime(&wpa_s->pending_eapol_rx_time);
3277 			os_memcpy(wpa_s->pending_eapol_rx_src, src_addr,
3278 				  ETH_ALEN);
3279 		}
3280 		return;
3281 	}
3282 
3283 	wpa_s->last_eapol_matches_bssid =
3284 		os_memcmp(src_addr, wpa_s->bssid, ETH_ALEN) == 0;
3285 
3286 #ifdef CONFIG_AP
3287 	if (wpa_s->ap_iface) {
3288 		wpa_supplicant_ap_rx_eapol(wpa_s, src_addr, buf, len);
3289 		return;
3290 	}
3291 #endif /* CONFIG_AP */
3292 
3293 	if (wpa_s->key_mgmt == WPA_KEY_MGMT_NONE) {
3294 		wpa_dbg(wpa_s, MSG_DEBUG, "Ignored received EAPOL frame since "
3295 			"no key management is configured");
3296 		return;
3297 	}
3298 
3299 	if (wpa_s->eapol_received == 0 &&
3300 	    (!(wpa_s->drv_flags & WPA_DRIVER_FLAGS_4WAY_HANDSHAKE) ||
3301 	     !wpa_key_mgmt_wpa_psk(wpa_s->key_mgmt) ||
3302 	     wpa_s->wpa_state != WPA_COMPLETED) &&
3303 	    (wpa_s->current_ssid == NULL ||
3304 	     wpa_s->current_ssid->mode != IEEE80211_MODE_IBSS)) {
3305 		/* Timeout for completing IEEE 802.1X and WPA authentication */
3306 		int timeout = 10;
3307 
3308 		if (wpa_key_mgmt_wpa_ieee8021x(wpa_s->key_mgmt) ||
3309 		    wpa_s->key_mgmt == WPA_KEY_MGMT_IEEE8021X_NO_WPA ||
3310 		    wpa_s->key_mgmt == WPA_KEY_MGMT_WPS) {
3311 			/* Use longer timeout for IEEE 802.1X/EAP */
3312 			timeout = 70;
3313 		}
3314 
3315 #ifdef CONFIG_WPS
3316 		if (wpa_s->current_ssid && wpa_s->current_bss &&
3317 		    (wpa_s->current_ssid->key_mgmt & WPA_KEY_MGMT_WPS) &&
3318 		    eap_is_wps_pin_enrollee(&wpa_s->current_ssid->eap)) {
3319 			/*
3320 			 * Use shorter timeout if going through WPS AP iteration
3321 			 * for PIN config method with an AP that does not
3322 			 * advertise Selected Registrar.
3323 			 */
3324 			struct wpabuf *wps_ie;
3325 
3326 			wps_ie = wpa_bss_get_vendor_ie_multi(
3327 				wpa_s->current_bss, WPS_IE_VENDOR_TYPE);
3328 			if (wps_ie &&
3329 			    !wps_is_addr_authorized(wps_ie, wpa_s->own_addr, 1))
3330 				timeout = 10;
3331 			wpabuf_free(wps_ie);
3332 		}
3333 #endif /* CONFIG_WPS */
3334 
3335 		wpa_supplicant_req_auth_timeout(wpa_s, timeout, 0);
3336 	}
3337 	wpa_s->eapol_received++;
3338 
3339 	if (wpa_s->countermeasures) {
3340 		wpa_msg(wpa_s, MSG_INFO, "WPA: Countermeasures - dropped "
3341 			"EAPOL packet");
3342 		return;
3343 	}
3344 
3345 #ifdef CONFIG_IBSS_RSN
3346 	if (wpa_s->current_ssid &&
3347 	    wpa_s->current_ssid->mode == WPAS_MODE_IBSS) {
3348 		ibss_rsn_rx_eapol(wpa_s->ibss_rsn, src_addr, buf, len);
3349 		return;
3350 	}
3351 #endif /* CONFIG_IBSS_RSN */
3352 
3353 	/* Source address of the incoming EAPOL frame could be compared to the
3354 	 * current BSSID. However, it is possible that a centralized
3355 	 * Authenticator could be using another MAC address than the BSSID of
3356 	 * an AP, so just allow any address to be used for now. The replies are
3357 	 * still sent to the current BSSID (if available), though. */
3358 
3359 	os_memcpy(wpa_s->last_eapol_src, src_addr, ETH_ALEN);
3360 	if (!wpa_key_mgmt_wpa_psk(wpa_s->key_mgmt) &&
3361 	    eapol_sm_rx_eapol(wpa_s->eapol, src_addr, buf, len) > 0)
3362 		return;
3363 	wpa_drv_poll(wpa_s);
3364 	if (!(wpa_s->drv_flags & WPA_DRIVER_FLAGS_4WAY_HANDSHAKE))
3365 		wpa_sm_rx_eapol(wpa_s->wpa, src_addr, buf, len);
3366 	else if (wpa_key_mgmt_wpa_ieee8021x(wpa_s->key_mgmt)) {
3367 		/*
3368 		 * Set portValid = TRUE here since we are going to skip 4-way
3369 		 * handshake processing which would normally set portValid. We
3370 		 * need this to allow the EAPOL state machines to be completed
3371 		 * without going through EAPOL-Key handshake.
3372 		 */
3373 		eapol_sm_notify_portValid(wpa_s->eapol, TRUE);
3374 	}
3375 }
3376 
3377 
wpa_supplicant_update_mac_addr(struct wpa_supplicant * wpa_s)3378 int wpa_supplicant_update_mac_addr(struct wpa_supplicant *wpa_s)
3379 {
3380 	if ((!wpa_s->p2p_mgmt ||
3381 	     !(wpa_s->drv_flags & WPA_DRIVER_FLAGS_DEDICATED_P2P_DEVICE)) &&
3382 	    !(wpa_s->drv_flags & WPA_DRIVER_FLAGS_P2P_DEDICATED_INTERFACE)) {
3383 		l2_packet_deinit(wpa_s->l2);
3384 		wpa_s->l2 = l2_packet_init(wpa_s->ifname,
3385 					   wpa_drv_get_mac_addr(wpa_s),
3386 					   ETH_P_EAPOL,
3387 					   wpa_supplicant_rx_eapol, wpa_s, 0);
3388 		if (wpa_s->l2 == NULL)
3389 			return -1;
3390 	} else {
3391 		const u8 *addr = wpa_drv_get_mac_addr(wpa_s);
3392 		if (addr)
3393 			os_memcpy(wpa_s->own_addr, addr, ETH_ALEN);
3394 	}
3395 
3396 	if (wpa_s->l2 && l2_packet_get_own_addr(wpa_s->l2, wpa_s->own_addr)) {
3397 		wpa_msg(wpa_s, MSG_ERROR, "Failed to get own L2 address");
3398 		return -1;
3399 	}
3400 
3401 	wpa_sm_set_own_addr(wpa_s->wpa, wpa_s->own_addr);
3402 
3403 	return 0;
3404 }
3405 
3406 
wpa_supplicant_rx_eapol_bridge(void * ctx,const u8 * src_addr,const u8 * buf,size_t len)3407 static void wpa_supplicant_rx_eapol_bridge(void *ctx, const u8 *src_addr,
3408 					   const u8 *buf, size_t len)
3409 {
3410 	struct wpa_supplicant *wpa_s = ctx;
3411 	const struct l2_ethhdr *eth;
3412 
3413 	if (len < sizeof(*eth))
3414 		return;
3415 	eth = (const struct l2_ethhdr *) buf;
3416 
3417 	if (os_memcmp(eth->h_dest, wpa_s->own_addr, ETH_ALEN) != 0 &&
3418 	    !(eth->h_dest[0] & 0x01)) {
3419 		wpa_dbg(wpa_s, MSG_DEBUG, "RX EAPOL from " MACSTR " to " MACSTR
3420 			" (bridge - not for this interface - ignore)",
3421 			MAC2STR(src_addr), MAC2STR(eth->h_dest));
3422 		return;
3423 	}
3424 
3425 	wpa_dbg(wpa_s, MSG_DEBUG, "RX EAPOL from " MACSTR " to " MACSTR
3426 		" (bridge)", MAC2STR(src_addr), MAC2STR(eth->h_dest));
3427 	wpa_supplicant_rx_eapol(wpa_s, src_addr, buf + sizeof(*eth),
3428 				len - sizeof(*eth));
3429 }
3430 
3431 
3432 /**
3433  * wpa_supplicant_driver_init - Initialize driver interface parameters
3434  * @wpa_s: Pointer to wpa_supplicant data
3435  * Returns: 0 on success, -1 on failure
3436  *
3437  * This function is called to initialize driver interface parameters.
3438  * wpa_drv_init() must have been called before this function to initialize the
3439  * driver interface.
3440  */
wpa_supplicant_driver_init(struct wpa_supplicant * wpa_s)3441 int wpa_supplicant_driver_init(struct wpa_supplicant *wpa_s)
3442 {
3443 	static int interface_count = 0;
3444 
3445 	if (wpa_supplicant_update_mac_addr(wpa_s) < 0)
3446 		return -1;
3447 
3448 	wpa_dbg(wpa_s, MSG_DEBUG, "Own MAC address: " MACSTR,
3449 		MAC2STR(wpa_s->own_addr));
3450 	os_memcpy(wpa_s->perm_addr, wpa_s->own_addr, ETH_ALEN);
3451 	wpa_sm_set_own_addr(wpa_s->wpa, wpa_s->own_addr);
3452 
3453 	if (wpa_s->bridge_ifname[0]) {
3454 		wpa_dbg(wpa_s, MSG_DEBUG, "Receiving packets from bridge "
3455 			"interface '%s'", wpa_s->bridge_ifname);
3456 		wpa_s->l2_br = l2_packet_init_bridge(
3457 			wpa_s->bridge_ifname, wpa_s->ifname, wpa_s->own_addr,
3458 			ETH_P_EAPOL, wpa_supplicant_rx_eapol_bridge, wpa_s, 1);
3459 		if (wpa_s->l2_br == NULL) {
3460 			wpa_msg(wpa_s, MSG_ERROR, "Failed to open l2_packet "
3461 				"connection for the bridge interface '%s'",
3462 				wpa_s->bridge_ifname);
3463 			return -1;
3464 		}
3465 	}
3466 
3467 	if (wpa_s->conf->ap_scan == 2 &&
3468 	    os_strcmp(wpa_s->driver->name, "nl80211") == 0) {
3469 		wpa_printf(MSG_INFO,
3470 			   "Note: nl80211 driver interface is not designed to be used with ap_scan=2; this can result in connection failures");
3471 	}
3472 
3473 	wpa_clear_keys(wpa_s, NULL);
3474 
3475 	/* Make sure that TKIP countermeasures are not left enabled (could
3476 	 * happen if wpa_supplicant is killed during countermeasures. */
3477 	wpa_drv_set_countermeasures(wpa_s, 0);
3478 
3479 	wpa_dbg(wpa_s, MSG_DEBUG, "RSN: flushing PMKID list in the driver");
3480 	wpa_drv_flush_pmkid(wpa_s);
3481 
3482 	wpa_s->prev_scan_ssid = WILDCARD_SSID_SCAN;
3483 	wpa_s->prev_scan_wildcard = 0;
3484 
3485 	if (wpa_supplicant_enabled_networks(wpa_s)) {
3486 		if (wpa_s->wpa_state == WPA_INTERFACE_DISABLED) {
3487 			wpa_supplicant_set_state(wpa_s, WPA_DISCONNECTED);
3488 			interface_count = 0;
3489 		}
3490 #ifndef ANDROID
3491 		if (!wpa_s->p2p_mgmt &&
3492 		    wpa_supplicant_delayed_sched_scan(wpa_s,
3493 						      interface_count % 3,
3494 						      100000))
3495 			wpa_supplicant_req_scan(wpa_s, interface_count % 3,
3496 						100000);
3497 #endif /* ANDROID */
3498 		interface_count++;
3499 	} else
3500 		wpa_supplicant_set_state(wpa_s, WPA_INACTIVE);
3501 
3502 	return 0;
3503 }
3504 
3505 
wpa_supplicant_daemon(const char * pid_file)3506 static int wpa_supplicant_daemon(const char *pid_file)
3507 {
3508 	wpa_printf(MSG_DEBUG, "Daemonize..");
3509 	return os_daemonize(pid_file);
3510 }
3511 
3512 
3513 static struct wpa_supplicant *
wpa_supplicant_alloc(struct wpa_supplicant * parent)3514 wpa_supplicant_alloc(struct wpa_supplicant *parent)
3515 {
3516 	struct wpa_supplicant *wpa_s;
3517 
3518 	wpa_s = os_zalloc(sizeof(*wpa_s));
3519 	if (wpa_s == NULL)
3520 		return NULL;
3521 	wpa_s->scan_req = INITIAL_SCAN_REQ;
3522 	wpa_s->scan_interval = 5;
3523 	wpa_s->new_connection = 1;
3524 	wpa_s->parent = parent ? parent : wpa_s;
3525 	wpa_s->p2pdev = wpa_s->parent;
3526 	wpa_s->sched_scanning = 0;
3527 
3528 	dl_list_init(&wpa_s->bss_tmp_disallowed);
3529 
3530 	return wpa_s;
3531 }
3532 
3533 
3534 #ifdef CONFIG_HT_OVERRIDES
3535 
wpa_set_htcap_mcs(struct wpa_supplicant * wpa_s,struct ieee80211_ht_capabilities * htcaps,struct ieee80211_ht_capabilities * htcaps_mask,const char * ht_mcs)3536 static int wpa_set_htcap_mcs(struct wpa_supplicant *wpa_s,
3537 			     struct ieee80211_ht_capabilities *htcaps,
3538 			     struct ieee80211_ht_capabilities *htcaps_mask,
3539 			     const char *ht_mcs)
3540 {
3541 	/* parse ht_mcs into hex array */
3542 	int i;
3543 	const char *tmp = ht_mcs;
3544 	char *end = NULL;
3545 
3546 	/* If ht_mcs is null, do not set anything */
3547 	if (!ht_mcs)
3548 		return 0;
3549 
3550 	/* This is what we are setting in the kernel */
3551 	os_memset(&htcaps->supported_mcs_set, 0, IEEE80211_HT_MCS_MASK_LEN);
3552 
3553 	wpa_msg(wpa_s, MSG_DEBUG, "set_htcap, ht_mcs -:%s:-", ht_mcs);
3554 
3555 	for (i = 0; i < IEEE80211_HT_MCS_MASK_LEN; i++) {
3556 		errno = 0;
3557 		long v = strtol(tmp, &end, 16);
3558 		if (errno == 0) {
3559 			wpa_msg(wpa_s, MSG_DEBUG,
3560 				"htcap value[%i]: %ld end: %p  tmp: %p",
3561 				i, v, end, tmp);
3562 			if (end == tmp)
3563 				break;
3564 
3565 			htcaps->supported_mcs_set[i] = v;
3566 			tmp = end;
3567 		} else {
3568 			wpa_msg(wpa_s, MSG_ERROR,
3569 				"Failed to parse ht-mcs: %s, error: %s\n",
3570 				ht_mcs, strerror(errno));
3571 			return -1;
3572 		}
3573 	}
3574 
3575 	/*
3576 	 * If we were able to parse any values, then set mask for the MCS set.
3577 	 */
3578 	if (i) {
3579 		os_memset(&htcaps_mask->supported_mcs_set, 0xff,
3580 			  IEEE80211_HT_MCS_MASK_LEN - 1);
3581 		/* skip the 3 reserved bits */
3582 		htcaps_mask->supported_mcs_set[IEEE80211_HT_MCS_MASK_LEN - 1] =
3583 			0x1f;
3584 	}
3585 
3586 	return 0;
3587 }
3588 
3589 
wpa_disable_max_amsdu(struct wpa_supplicant * wpa_s,struct ieee80211_ht_capabilities * htcaps,struct ieee80211_ht_capabilities * htcaps_mask,int disabled)3590 static int wpa_disable_max_amsdu(struct wpa_supplicant *wpa_s,
3591 				 struct ieee80211_ht_capabilities *htcaps,
3592 				 struct ieee80211_ht_capabilities *htcaps_mask,
3593 				 int disabled)
3594 {
3595 	le16 msk;
3596 
3597 	wpa_msg(wpa_s, MSG_DEBUG, "set_disable_max_amsdu: %d", disabled);
3598 
3599 	if (disabled == -1)
3600 		return 0;
3601 
3602 	msk = host_to_le16(HT_CAP_INFO_MAX_AMSDU_SIZE);
3603 	htcaps_mask->ht_capabilities_info |= msk;
3604 	if (disabled)
3605 		htcaps->ht_capabilities_info &= msk;
3606 	else
3607 		htcaps->ht_capabilities_info |= msk;
3608 
3609 	return 0;
3610 }
3611 
3612 
wpa_set_ampdu_factor(struct wpa_supplicant * wpa_s,struct ieee80211_ht_capabilities * htcaps,struct ieee80211_ht_capabilities * htcaps_mask,int factor)3613 static int wpa_set_ampdu_factor(struct wpa_supplicant *wpa_s,
3614 				struct ieee80211_ht_capabilities *htcaps,
3615 				struct ieee80211_ht_capabilities *htcaps_mask,
3616 				int factor)
3617 {
3618 	wpa_msg(wpa_s, MSG_DEBUG, "set_ampdu_factor: %d", factor);
3619 
3620 	if (factor == -1)
3621 		return 0;
3622 
3623 	if (factor < 0 || factor > 3) {
3624 		wpa_msg(wpa_s, MSG_ERROR, "ampdu_factor: %d out of range. "
3625 			"Must be 0-3 or -1", factor);
3626 		return -EINVAL;
3627 	}
3628 
3629 	htcaps_mask->a_mpdu_params |= 0x3; /* 2 bits for factor */
3630 	htcaps->a_mpdu_params &= ~0x3;
3631 	htcaps->a_mpdu_params |= factor & 0x3;
3632 
3633 	return 0;
3634 }
3635 
3636 
wpa_set_ampdu_density(struct wpa_supplicant * wpa_s,struct ieee80211_ht_capabilities * htcaps,struct ieee80211_ht_capabilities * htcaps_mask,int density)3637 static int wpa_set_ampdu_density(struct wpa_supplicant *wpa_s,
3638 				 struct ieee80211_ht_capabilities *htcaps,
3639 				 struct ieee80211_ht_capabilities *htcaps_mask,
3640 				 int density)
3641 {
3642 	wpa_msg(wpa_s, MSG_DEBUG, "set_ampdu_density: %d", density);
3643 
3644 	if (density == -1)
3645 		return 0;
3646 
3647 	if (density < 0 || density > 7) {
3648 		wpa_msg(wpa_s, MSG_ERROR,
3649 			"ampdu_density: %d out of range. Must be 0-7 or -1.",
3650 			density);
3651 		return -EINVAL;
3652 	}
3653 
3654 	htcaps_mask->a_mpdu_params |= 0x1C;
3655 	htcaps->a_mpdu_params &= ~(0x1C);
3656 	htcaps->a_mpdu_params |= (density << 2) & 0x1C;
3657 
3658 	return 0;
3659 }
3660 
3661 
wpa_set_disable_ht40(struct wpa_supplicant * wpa_s,struct ieee80211_ht_capabilities * htcaps,struct ieee80211_ht_capabilities * htcaps_mask,int disabled)3662 static int wpa_set_disable_ht40(struct wpa_supplicant *wpa_s,
3663 				struct ieee80211_ht_capabilities *htcaps,
3664 				struct ieee80211_ht_capabilities *htcaps_mask,
3665 				int disabled)
3666 {
3667 	/* Masking these out disables HT40 */
3668 	le16 msk = host_to_le16(HT_CAP_INFO_SUPP_CHANNEL_WIDTH_SET |
3669 				HT_CAP_INFO_SHORT_GI40MHZ);
3670 
3671 	wpa_msg(wpa_s, MSG_DEBUG, "set_disable_ht40: %d", disabled);
3672 
3673 	if (disabled)
3674 		htcaps->ht_capabilities_info &= ~msk;
3675 	else
3676 		htcaps->ht_capabilities_info |= msk;
3677 
3678 	htcaps_mask->ht_capabilities_info |= msk;
3679 
3680 	return 0;
3681 }
3682 
3683 
wpa_set_disable_sgi(struct wpa_supplicant * wpa_s,struct ieee80211_ht_capabilities * htcaps,struct ieee80211_ht_capabilities * htcaps_mask,int disabled)3684 static int wpa_set_disable_sgi(struct wpa_supplicant *wpa_s,
3685 			       struct ieee80211_ht_capabilities *htcaps,
3686 			       struct ieee80211_ht_capabilities *htcaps_mask,
3687 			       int disabled)
3688 {
3689 	/* Masking these out disables SGI */
3690 	le16 msk = host_to_le16(HT_CAP_INFO_SHORT_GI20MHZ |
3691 				HT_CAP_INFO_SHORT_GI40MHZ);
3692 
3693 	wpa_msg(wpa_s, MSG_DEBUG, "set_disable_sgi: %d", disabled);
3694 
3695 	if (disabled)
3696 		htcaps->ht_capabilities_info &= ~msk;
3697 	else
3698 		htcaps->ht_capabilities_info |= msk;
3699 
3700 	htcaps_mask->ht_capabilities_info |= msk;
3701 
3702 	return 0;
3703 }
3704 
3705 
wpa_set_disable_ldpc(struct wpa_supplicant * wpa_s,struct ieee80211_ht_capabilities * htcaps,struct ieee80211_ht_capabilities * htcaps_mask,int disabled)3706 static int wpa_set_disable_ldpc(struct wpa_supplicant *wpa_s,
3707 			       struct ieee80211_ht_capabilities *htcaps,
3708 			       struct ieee80211_ht_capabilities *htcaps_mask,
3709 			       int disabled)
3710 {
3711 	/* Masking these out disables LDPC */
3712 	le16 msk = host_to_le16(HT_CAP_INFO_LDPC_CODING_CAP);
3713 
3714 	wpa_msg(wpa_s, MSG_DEBUG, "set_disable_ldpc: %d", disabled);
3715 
3716 	if (disabled)
3717 		htcaps->ht_capabilities_info &= ~msk;
3718 	else
3719 		htcaps->ht_capabilities_info |= msk;
3720 
3721 	htcaps_mask->ht_capabilities_info |= msk;
3722 
3723 	return 0;
3724 }
3725 
3726 
wpa_supplicant_apply_ht_overrides(struct wpa_supplicant * wpa_s,struct wpa_ssid * ssid,struct wpa_driver_associate_params * params)3727 void wpa_supplicant_apply_ht_overrides(
3728 	struct wpa_supplicant *wpa_s, struct wpa_ssid *ssid,
3729 	struct wpa_driver_associate_params *params)
3730 {
3731 	struct ieee80211_ht_capabilities *htcaps;
3732 	struct ieee80211_ht_capabilities *htcaps_mask;
3733 
3734 	if (!ssid)
3735 		return;
3736 
3737 	params->disable_ht = ssid->disable_ht;
3738 	if (!params->htcaps || !params->htcaps_mask)
3739 		return;
3740 
3741 	htcaps = (struct ieee80211_ht_capabilities *) params->htcaps;
3742 	htcaps_mask = (struct ieee80211_ht_capabilities *) params->htcaps_mask;
3743 	wpa_set_htcap_mcs(wpa_s, htcaps, htcaps_mask, ssid->ht_mcs);
3744 	wpa_disable_max_amsdu(wpa_s, htcaps, htcaps_mask,
3745 			      ssid->disable_max_amsdu);
3746 	wpa_set_ampdu_factor(wpa_s, htcaps, htcaps_mask, ssid->ampdu_factor);
3747 	wpa_set_ampdu_density(wpa_s, htcaps, htcaps_mask, ssid->ampdu_density);
3748 	wpa_set_disable_ht40(wpa_s, htcaps, htcaps_mask, ssid->disable_ht40);
3749 	wpa_set_disable_sgi(wpa_s, htcaps, htcaps_mask, ssid->disable_sgi);
3750 	wpa_set_disable_ldpc(wpa_s, htcaps, htcaps_mask, ssid->disable_ldpc);
3751 
3752 	if (ssid->ht40_intolerant) {
3753 		le16 bit = host_to_le16(HT_CAP_INFO_40MHZ_INTOLERANT);
3754 		htcaps->ht_capabilities_info |= bit;
3755 		htcaps_mask->ht_capabilities_info |= bit;
3756 	}
3757 }
3758 
3759 #endif /* CONFIG_HT_OVERRIDES */
3760 
3761 
3762 #ifdef CONFIG_VHT_OVERRIDES
wpa_supplicant_apply_vht_overrides(struct wpa_supplicant * wpa_s,struct wpa_ssid * ssid,struct wpa_driver_associate_params * params)3763 void wpa_supplicant_apply_vht_overrides(
3764 	struct wpa_supplicant *wpa_s, struct wpa_ssid *ssid,
3765 	struct wpa_driver_associate_params *params)
3766 {
3767 	struct ieee80211_vht_capabilities *vhtcaps;
3768 	struct ieee80211_vht_capabilities *vhtcaps_mask;
3769 
3770 	if (!ssid)
3771 		return;
3772 
3773 	params->disable_vht = ssid->disable_vht;
3774 
3775 	vhtcaps = (void *) params->vhtcaps;
3776 	vhtcaps_mask = (void *) params->vhtcaps_mask;
3777 
3778 	if (!vhtcaps || !vhtcaps_mask)
3779 		return;
3780 
3781 	vhtcaps->vht_capabilities_info = ssid->vht_capa;
3782 	vhtcaps_mask->vht_capabilities_info = ssid->vht_capa_mask;
3783 
3784 #ifdef CONFIG_HT_OVERRIDES
3785 	/* if max ampdu is <= 3, we have to make the HT cap the same */
3786 	if (ssid->vht_capa_mask & VHT_CAP_MAX_A_MPDU_LENGTH_EXPONENT_MAX) {
3787 		int max_ampdu;
3788 
3789 		max_ampdu = (ssid->vht_capa &
3790 			     VHT_CAP_MAX_A_MPDU_LENGTH_EXPONENT_MAX) >>
3791 			VHT_CAP_MAX_A_MPDU_LENGTH_EXPONENT_MAX_SHIFT;
3792 
3793 		max_ampdu = max_ampdu < 3 ? max_ampdu : 3;
3794 		wpa_set_ampdu_factor(wpa_s,
3795 				     (void *) params->htcaps,
3796 				     (void *) params->htcaps_mask,
3797 				     max_ampdu);
3798 	}
3799 #endif /* CONFIG_HT_OVERRIDES */
3800 
3801 #define OVERRIDE_MCS(i)							\
3802 	if (ssid->vht_tx_mcs_nss_ ##i >= 0) {				\
3803 		vhtcaps_mask->vht_supported_mcs_set.tx_map |=		\
3804 			3 << 2 * (i - 1);				\
3805 		vhtcaps->vht_supported_mcs_set.tx_map |=		\
3806 			ssid->vht_tx_mcs_nss_ ##i << 2 * (i - 1);	\
3807 	}								\
3808 	if (ssid->vht_rx_mcs_nss_ ##i >= 0) {				\
3809 		vhtcaps_mask->vht_supported_mcs_set.rx_map |=		\
3810 			3 << 2 * (i - 1);				\
3811 		vhtcaps->vht_supported_mcs_set.rx_map |=		\
3812 			ssid->vht_rx_mcs_nss_ ##i << 2 * (i - 1);	\
3813 	}
3814 
3815 	OVERRIDE_MCS(1);
3816 	OVERRIDE_MCS(2);
3817 	OVERRIDE_MCS(3);
3818 	OVERRIDE_MCS(4);
3819 	OVERRIDE_MCS(5);
3820 	OVERRIDE_MCS(6);
3821 	OVERRIDE_MCS(7);
3822 	OVERRIDE_MCS(8);
3823 }
3824 #endif /* CONFIG_VHT_OVERRIDES */
3825 
3826 
pcsc_reader_init(struct wpa_supplicant * wpa_s)3827 static int pcsc_reader_init(struct wpa_supplicant *wpa_s)
3828 {
3829 #ifdef PCSC_FUNCS
3830 	size_t len;
3831 
3832 	if (!wpa_s->conf->pcsc_reader)
3833 		return 0;
3834 
3835 	wpa_s->scard = scard_init(wpa_s->conf->pcsc_reader);
3836 	if (!wpa_s->scard)
3837 		return 1;
3838 
3839 	if (wpa_s->conf->pcsc_pin &&
3840 	    scard_set_pin(wpa_s->scard, wpa_s->conf->pcsc_pin) < 0) {
3841 		scard_deinit(wpa_s->scard);
3842 		wpa_s->scard = NULL;
3843 		wpa_msg(wpa_s, MSG_ERROR, "PC/SC PIN validation failed");
3844 		return -1;
3845 	}
3846 
3847 	len = sizeof(wpa_s->imsi) - 1;
3848 	if (scard_get_imsi(wpa_s->scard, wpa_s->imsi, &len)) {
3849 		scard_deinit(wpa_s->scard);
3850 		wpa_s->scard = NULL;
3851 		wpa_msg(wpa_s, MSG_ERROR, "Could not read IMSI");
3852 		return -1;
3853 	}
3854 	wpa_s->imsi[len] = '\0';
3855 
3856 	wpa_s->mnc_len = scard_get_mnc_len(wpa_s->scard);
3857 
3858 	wpa_printf(MSG_DEBUG, "SCARD: IMSI %s (MNC length %d)",
3859 		   wpa_s->imsi, wpa_s->mnc_len);
3860 
3861 	wpa_sm_set_scard_ctx(wpa_s->wpa, wpa_s->scard);
3862 	eapol_sm_register_scard_ctx(wpa_s->eapol, wpa_s->scard);
3863 #endif /* PCSC_FUNCS */
3864 
3865 	return 0;
3866 }
3867 
3868 
wpas_init_ext_pw(struct wpa_supplicant * wpa_s)3869 int wpas_init_ext_pw(struct wpa_supplicant *wpa_s)
3870 {
3871 	char *val, *pos;
3872 
3873 	ext_password_deinit(wpa_s->ext_pw);
3874 	wpa_s->ext_pw = NULL;
3875 	eapol_sm_set_ext_pw_ctx(wpa_s->eapol, NULL);
3876 
3877 	if (!wpa_s->conf->ext_password_backend)
3878 		return 0;
3879 
3880 	val = os_strdup(wpa_s->conf->ext_password_backend);
3881 	if (val == NULL)
3882 		return -1;
3883 	pos = os_strchr(val, ':');
3884 	if (pos)
3885 		*pos++ = '\0';
3886 
3887 	wpa_printf(MSG_DEBUG, "EXT PW: Initialize backend '%s'", val);
3888 
3889 	wpa_s->ext_pw = ext_password_init(val, pos);
3890 	os_free(val);
3891 	if (wpa_s->ext_pw == NULL) {
3892 		wpa_printf(MSG_DEBUG, "EXT PW: Failed to initialize backend");
3893 		return -1;
3894 	}
3895 	eapol_sm_set_ext_pw_ctx(wpa_s->eapol, wpa_s->ext_pw);
3896 
3897 	return 0;
3898 }
3899 
3900 
3901 #ifdef CONFIG_FST
3902 
wpas_fst_get_bssid_cb(void * ctx)3903 static const u8 * wpas_fst_get_bssid_cb(void *ctx)
3904 {
3905 	struct wpa_supplicant *wpa_s = ctx;
3906 
3907 	return (is_zero_ether_addr(wpa_s->bssid) ||
3908 		wpa_s->wpa_state != WPA_COMPLETED) ? NULL : wpa_s->bssid;
3909 }
3910 
3911 
wpas_fst_get_channel_info_cb(void * ctx,enum hostapd_hw_mode * hw_mode,u8 * channel)3912 static void wpas_fst_get_channel_info_cb(void *ctx,
3913 					 enum hostapd_hw_mode *hw_mode,
3914 					 u8 *channel)
3915 {
3916 	struct wpa_supplicant *wpa_s = ctx;
3917 
3918 	if (wpa_s->current_bss) {
3919 		*hw_mode = ieee80211_freq_to_chan(wpa_s->current_bss->freq,
3920 						  channel);
3921 	} else if (wpa_s->hw.num_modes) {
3922 		*hw_mode = wpa_s->hw.modes[0].mode;
3923 	} else {
3924 		WPA_ASSERT(0);
3925 		*hw_mode = 0;
3926 	}
3927 }
3928 
3929 
wpas_fst_get_hw_modes(void * ctx,struct hostapd_hw_modes ** modes)3930 static int wpas_fst_get_hw_modes(void *ctx, struct hostapd_hw_modes **modes)
3931 {
3932 	struct wpa_supplicant *wpa_s = ctx;
3933 
3934 	*modes = wpa_s->hw.modes;
3935 	return wpa_s->hw.num_modes;
3936 }
3937 
3938 
wpas_fst_set_ies_cb(void * ctx,const struct wpabuf * fst_ies)3939 static void wpas_fst_set_ies_cb(void *ctx, const struct wpabuf *fst_ies)
3940 {
3941 	struct wpa_supplicant *wpa_s = ctx;
3942 
3943 	wpa_hexdump_buf(MSG_DEBUG, "FST: Set IEs", fst_ies);
3944 	wpa_s->fst_ies = fst_ies;
3945 }
3946 
3947 
wpas_fst_send_action_cb(void * ctx,const u8 * da,struct wpabuf * data)3948 static int wpas_fst_send_action_cb(void *ctx, const u8 *da, struct wpabuf *data)
3949 {
3950 	struct wpa_supplicant *wpa_s = ctx;
3951 
3952 	WPA_ASSERT(os_memcmp(wpa_s->bssid, da, ETH_ALEN) == 0);
3953 	return wpa_drv_send_action(wpa_s, wpa_s->assoc_freq, 0, wpa_s->bssid,
3954 					  wpa_s->own_addr, wpa_s->bssid,
3955 					  wpabuf_head(data), wpabuf_len(data),
3956 				   0);
3957 }
3958 
3959 
wpas_fst_get_mb_ie_cb(void * ctx,const u8 * addr)3960 static const struct wpabuf * wpas_fst_get_mb_ie_cb(void *ctx, const u8 *addr)
3961 {
3962 	struct wpa_supplicant *wpa_s = ctx;
3963 
3964 	WPA_ASSERT(os_memcmp(wpa_s->bssid, addr, ETH_ALEN) == 0);
3965 	return wpa_s->received_mb_ies;
3966 }
3967 
3968 
wpas_fst_update_mb_ie_cb(void * ctx,const u8 * addr,const u8 * buf,size_t size)3969 static void wpas_fst_update_mb_ie_cb(void *ctx, const u8 *addr,
3970 				     const u8 *buf, size_t size)
3971 {
3972 	struct wpa_supplicant *wpa_s = ctx;
3973 	struct mb_ies_info info;
3974 
3975 	WPA_ASSERT(os_memcmp(wpa_s->bssid, addr, ETH_ALEN) == 0);
3976 
3977 	if (!mb_ies_info_by_ies(&info, buf, size)) {
3978 		wpabuf_free(wpa_s->received_mb_ies);
3979 		wpa_s->received_mb_ies = mb_ies_by_info(&info);
3980 	}
3981 }
3982 
3983 
wpas_fst_get_peer_first(void * ctx,struct fst_get_peer_ctx ** get_ctx,Boolean mb_only)3984 const u8 * wpas_fst_get_peer_first(void *ctx, struct fst_get_peer_ctx **get_ctx,
3985 				   Boolean mb_only)
3986 {
3987 	struct wpa_supplicant *wpa_s = ctx;
3988 
3989 	*get_ctx = NULL;
3990 	if (!is_zero_ether_addr(wpa_s->bssid))
3991 		return (wpa_s->received_mb_ies || !mb_only) ?
3992 			wpa_s->bssid : NULL;
3993 	return NULL;
3994 }
3995 
3996 
wpas_fst_get_peer_next(void * ctx,struct fst_get_peer_ctx ** get_ctx,Boolean mb_only)3997 const u8 * wpas_fst_get_peer_next(void *ctx, struct fst_get_peer_ctx **get_ctx,
3998 				  Boolean mb_only)
3999 {
4000 	return NULL;
4001 }
4002 
fst_wpa_supplicant_fill_iface_obj(struct wpa_supplicant * wpa_s,struct fst_wpa_obj * iface_obj)4003 void fst_wpa_supplicant_fill_iface_obj(struct wpa_supplicant *wpa_s,
4004 				       struct fst_wpa_obj *iface_obj)
4005 {
4006 	iface_obj->ctx              = wpa_s;
4007 	iface_obj->get_bssid        = wpas_fst_get_bssid_cb;
4008 	iface_obj->get_channel_info = wpas_fst_get_channel_info_cb;
4009 	iface_obj->get_hw_modes     = wpas_fst_get_hw_modes;
4010 	iface_obj->set_ies          = wpas_fst_set_ies_cb;
4011 	iface_obj->send_action      = wpas_fst_send_action_cb;
4012 	iface_obj->get_mb_ie        = wpas_fst_get_mb_ie_cb;
4013 	iface_obj->update_mb_ie     = wpas_fst_update_mb_ie_cb;
4014 	iface_obj->get_peer_first   = wpas_fst_get_peer_first;
4015 	iface_obj->get_peer_next    = wpas_fst_get_peer_next;
4016 }
4017 #endif /* CONFIG_FST */
4018 
wpas_set_wowlan_triggers(struct wpa_supplicant * wpa_s,const struct wpa_driver_capa * capa)4019 static int wpas_set_wowlan_triggers(struct wpa_supplicant *wpa_s,
4020 				    const struct wpa_driver_capa *capa)
4021 {
4022 	struct wowlan_triggers *triggers;
4023 	int ret = 0;
4024 
4025 	if (!wpa_s->conf->wowlan_triggers)
4026 		return 0;
4027 
4028 	triggers = wpa_get_wowlan_triggers(wpa_s->conf->wowlan_triggers, capa);
4029 	if (triggers) {
4030 		ret = wpa_drv_wowlan(wpa_s, triggers);
4031 		os_free(triggers);
4032 	}
4033 	return ret;
4034 }
4035 
4036 
wpas_freq_to_band(int freq)4037 enum wpa_radio_work_band wpas_freq_to_band(int freq)
4038 {
4039 	if (freq < 3000)
4040 		return BAND_2_4_GHZ;
4041 	if (freq > 50000)
4042 		return BAND_60_GHZ;
4043 	return BAND_5_GHZ;
4044 }
4045 
4046 
wpas_get_bands(struct wpa_supplicant * wpa_s,const int * freqs)4047 unsigned int wpas_get_bands(struct wpa_supplicant *wpa_s, const int *freqs)
4048 {
4049 	int i;
4050 	unsigned int band = 0;
4051 
4052 	if (freqs) {
4053 		/* freqs are specified for the radio work */
4054 		for (i = 0; freqs[i]; i++)
4055 			band |= wpas_freq_to_band(freqs[i]);
4056 	} else {
4057 		/*
4058 		 * freqs are not specified, implies all
4059 		 * the supported freqs by HW
4060 		 */
4061 		for (i = 0; i < wpa_s->hw.num_modes; i++) {
4062 			if (wpa_s->hw.modes[i].num_channels != 0) {
4063 				if (wpa_s->hw.modes[i].mode ==
4064 				    HOSTAPD_MODE_IEEE80211B ||
4065 				    wpa_s->hw.modes[i].mode ==
4066 				    HOSTAPD_MODE_IEEE80211G)
4067 					band |= BAND_2_4_GHZ;
4068 				else if (wpa_s->hw.modes[i].mode ==
4069 					 HOSTAPD_MODE_IEEE80211A)
4070 					band |= BAND_5_GHZ;
4071 				else if (wpa_s->hw.modes[i].mode ==
4072 					 HOSTAPD_MODE_IEEE80211AD)
4073 					band |= BAND_60_GHZ;
4074 				else if (wpa_s->hw.modes[i].mode ==
4075 					 HOSTAPD_MODE_IEEE80211ANY)
4076 					band = BAND_2_4_GHZ | BAND_5_GHZ |
4077 						BAND_60_GHZ;
4078 			}
4079 		}
4080 	}
4081 
4082 	return band;
4083 }
4084 
4085 
radio_add_interface(struct wpa_supplicant * wpa_s,const char * rn)4086 static struct wpa_radio * radio_add_interface(struct wpa_supplicant *wpa_s,
4087 					      const char *rn)
4088 {
4089 	struct wpa_supplicant *iface = wpa_s->global->ifaces;
4090 	struct wpa_radio *radio;
4091 
4092 	while (rn && iface) {
4093 		radio = iface->radio;
4094 		if (radio && os_strcmp(rn, radio->name) == 0) {
4095 			wpa_printf(MSG_DEBUG, "Add interface %s to existing radio %s",
4096 				   wpa_s->ifname, rn);
4097 			dl_list_add(&radio->ifaces, &wpa_s->radio_list);
4098 			return radio;
4099 		}
4100 
4101 		iface = iface->next;
4102 	}
4103 
4104 	wpa_printf(MSG_DEBUG, "Add interface %s to a new radio %s",
4105 		   wpa_s->ifname, rn ? rn : "N/A");
4106 	radio = os_zalloc(sizeof(*radio));
4107 	if (radio == NULL)
4108 		return NULL;
4109 
4110 	if (rn)
4111 		os_strlcpy(radio->name, rn, sizeof(radio->name));
4112 	dl_list_init(&radio->ifaces);
4113 	dl_list_init(&radio->work);
4114 	dl_list_add(&radio->ifaces, &wpa_s->radio_list);
4115 
4116 	return radio;
4117 }
4118 
4119 
radio_work_free(struct wpa_radio_work * work)4120 static void radio_work_free(struct wpa_radio_work *work)
4121 {
4122 	if (work->wpa_s->scan_work == work) {
4123 		/* This should not really happen. */
4124 		wpa_dbg(work->wpa_s, MSG_INFO, "Freeing radio work '%s'@%p (started=%d) that is marked as scan_work",
4125 			work->type, work, work->started);
4126 		work->wpa_s->scan_work = NULL;
4127 	}
4128 
4129 #ifdef CONFIG_P2P
4130 	if (work->wpa_s->p2p_scan_work == work) {
4131 		/* This should not really happen. */
4132 		wpa_dbg(work->wpa_s, MSG_INFO, "Freeing radio work '%s'@%p (started=%d) that is marked as p2p_scan_work",
4133 			work->type, work, work->started);
4134 		work->wpa_s->p2p_scan_work = NULL;
4135 	}
4136 #endif /* CONFIG_P2P */
4137 
4138 	if (work->started) {
4139 		work->wpa_s->radio->num_active_works--;
4140 		wpa_dbg(work->wpa_s, MSG_DEBUG,
4141 			"radio_work_free('%s'@%p: num_active_works --> %u",
4142 			work->type, work,
4143 			work->wpa_s->radio->num_active_works);
4144 	}
4145 
4146 	dl_list_del(&work->list);
4147 	os_free(work);
4148 }
4149 
4150 
radio_work_get_next_work(struct wpa_radio * radio)4151 static struct wpa_radio_work * radio_work_get_next_work(struct wpa_radio *radio)
4152 {
4153 	struct wpa_radio_work *active_work = NULL;
4154 	struct wpa_radio_work *tmp;
4155 
4156 	/* Get the active work to know the type and band. */
4157 	dl_list_for_each(tmp, &radio->work, struct wpa_radio_work, list) {
4158 		if (tmp->started) {
4159 			active_work = tmp;
4160 			break;
4161 		}
4162 	}
4163 
4164 	if (!active_work) {
4165 		/* No active work, start one */
4166 		radio->num_active_works = 0;
4167 		dl_list_for_each(tmp, &radio->work, struct wpa_radio_work,
4168 				 list) {
4169 			if (os_strcmp(tmp->type, "scan") == 0 &&
4170 			    radio->external_scan_running &&
4171 			    (((struct wpa_driver_scan_params *)
4172 			      tmp->ctx)->only_new_results ||
4173 			     tmp->wpa_s->clear_driver_scan_cache))
4174 				continue;
4175 			return tmp;
4176 		}
4177 		return NULL;
4178 	}
4179 
4180 	if (os_strcmp(active_work->type, "sme-connect") == 0 ||
4181 	    os_strcmp(active_work->type, "connect") == 0) {
4182 		/*
4183 		 * If the active work is either connect or sme-connect,
4184 		 * do not parallelize them with other radio works.
4185 		 */
4186 		wpa_dbg(active_work->wpa_s, MSG_DEBUG,
4187 			"Do not parallelize radio work with %s",
4188 			active_work->type);
4189 		return NULL;
4190 	}
4191 
4192 	dl_list_for_each(tmp, &radio->work, struct wpa_radio_work, list) {
4193 		if (tmp->started)
4194 			continue;
4195 
4196 		/*
4197 		 * If connect or sme-connect are enqueued, parallelize only
4198 		 * those operations ahead of them in the queue.
4199 		 */
4200 		if (os_strcmp(tmp->type, "connect") == 0 ||
4201 		    os_strcmp(tmp->type, "sme-connect") == 0)
4202 			break;
4203 
4204 		/*
4205 		 * Check that the radio works are distinct and
4206 		 * on different bands.
4207 		 */
4208 		if (os_strcmp(active_work->type, tmp->type) != 0 &&
4209 		    (active_work->bands != tmp->bands)) {
4210 			/*
4211 			 * If a scan has to be scheduled through nl80211 scan
4212 			 * interface and if an external scan is already running,
4213 			 * do not schedule the scan since it is likely to get
4214 			 * rejected by kernel.
4215 			 */
4216 			if (os_strcmp(tmp->type, "scan") == 0 &&
4217 			    radio->external_scan_running &&
4218 			    (((struct wpa_driver_scan_params *)
4219 			      tmp->ctx)->only_new_results ||
4220 			     tmp->wpa_s->clear_driver_scan_cache))
4221 				continue;
4222 
4223 			wpa_dbg(active_work->wpa_s, MSG_DEBUG,
4224 				"active_work:%s new_work:%s",
4225 				active_work->type, tmp->type);
4226 			return tmp;
4227 		}
4228 	}
4229 
4230 	/* Did not find a radio work to schedule in parallel. */
4231 	return NULL;
4232 }
4233 
4234 
radio_start_next_work(void * eloop_ctx,void * timeout_ctx)4235 static void radio_start_next_work(void *eloop_ctx, void *timeout_ctx)
4236 {
4237 	struct wpa_radio *radio = eloop_ctx;
4238 	struct wpa_radio_work *work;
4239 	struct os_reltime now, diff;
4240 	struct wpa_supplicant *wpa_s;
4241 
4242 	work = dl_list_first(&radio->work, struct wpa_radio_work, list);
4243 	if (work == NULL) {
4244 		radio->num_active_works = 0;
4245 		return;
4246 	}
4247 
4248 	wpa_s = dl_list_first(&radio->ifaces, struct wpa_supplicant,
4249 			      radio_list);
4250 
4251 	if (!(wpa_s &&
4252 	      wpa_s->drv_flags & WPA_DRIVER_FLAGS_OFFCHANNEL_SIMULTANEOUS)) {
4253 		if (work->started)
4254 			return; /* already started and still in progress */
4255 
4256 		if (wpa_s && wpa_s->radio->external_scan_running) {
4257 			wpa_printf(MSG_DEBUG, "Delay radio work start until externally triggered scan completes");
4258 			return;
4259 		}
4260 	} else {
4261 		work = NULL;
4262 		if (radio->num_active_works < MAX_ACTIVE_WORKS) {
4263 			/* get the work to schedule next */
4264 			work = radio_work_get_next_work(radio);
4265 		}
4266 		if (!work)
4267 			return;
4268 	}
4269 
4270 	wpa_s = work->wpa_s;
4271 	os_get_reltime(&now);
4272 	os_reltime_sub(&now, &work->time, &diff);
4273 	wpa_dbg(wpa_s, MSG_DEBUG,
4274 		"Starting radio work '%s'@%p after %ld.%06ld second wait",
4275 		work->type, work, diff.sec, diff.usec);
4276 	work->started = 1;
4277 	work->time = now;
4278 	radio->num_active_works++;
4279 
4280 	work->cb(work, 0);
4281 
4282 	if ((wpa_s->drv_flags & WPA_DRIVER_FLAGS_OFFCHANNEL_SIMULTANEOUS) &&
4283 	    radio->num_active_works < MAX_ACTIVE_WORKS)
4284 		radio_work_check_next(wpa_s);
4285 }
4286 
4287 
4288 /*
4289  * This function removes both started and pending radio works running on
4290  * the provided interface's radio.
4291  * Prior to the removal of the radio work, its callback (cb) is called with
4292  * deinit set to be 1. Each work's callback is responsible for clearing its
4293  * internal data and restoring to a correct state.
4294  * @wpa_s: wpa_supplicant data
4295  * @type: type of works to be removed
4296  * @remove_all: 1 to remove all the works on this radio, 0 to remove only
4297  * this interface's works.
4298  */
radio_remove_works(struct wpa_supplicant * wpa_s,const char * type,int remove_all)4299 void radio_remove_works(struct wpa_supplicant *wpa_s,
4300 			const char *type, int remove_all)
4301 {
4302 	struct wpa_radio_work *work, *tmp;
4303 	struct wpa_radio *radio = wpa_s->radio;
4304 
4305 	dl_list_for_each_safe(work, tmp, &radio->work, struct wpa_radio_work,
4306 			      list) {
4307 		if (type && os_strcmp(type, work->type) != 0)
4308 			continue;
4309 
4310 		/* skip other ifaces' works */
4311 		if (!remove_all && work->wpa_s != wpa_s)
4312 			continue;
4313 
4314 		wpa_dbg(wpa_s, MSG_DEBUG, "Remove radio work '%s'@%p%s",
4315 			work->type, work, work->started ? " (started)" : "");
4316 		work->cb(work, 1);
4317 		radio_work_free(work);
4318 	}
4319 
4320 	/* in case we removed the started work */
4321 	radio_work_check_next(wpa_s);
4322 }
4323 
4324 
radio_remove_interface(struct wpa_supplicant * wpa_s)4325 static void radio_remove_interface(struct wpa_supplicant *wpa_s)
4326 {
4327 	struct wpa_radio *radio = wpa_s->radio;
4328 
4329 	if (!radio)
4330 		return;
4331 
4332 	wpa_printf(MSG_DEBUG, "Remove interface %s from radio %s",
4333 		   wpa_s->ifname, radio->name);
4334 	dl_list_del(&wpa_s->radio_list);
4335 	radio_remove_works(wpa_s, NULL, 0);
4336 	wpa_s->radio = NULL;
4337 	if (!dl_list_empty(&radio->ifaces))
4338 		return; /* Interfaces remain for this radio */
4339 
4340 	wpa_printf(MSG_DEBUG, "Remove radio %s", radio->name);
4341 	eloop_cancel_timeout(radio_start_next_work, radio, NULL);
4342 	os_free(radio);
4343 }
4344 
4345 
radio_work_check_next(struct wpa_supplicant * wpa_s)4346 void radio_work_check_next(struct wpa_supplicant *wpa_s)
4347 {
4348 	struct wpa_radio *radio = wpa_s->radio;
4349 
4350 	if (dl_list_empty(&radio->work))
4351 		return;
4352 	if (wpa_s->ext_work_in_progress) {
4353 		wpa_printf(MSG_DEBUG,
4354 			   "External radio work in progress - delay start of pending item");
4355 		return;
4356 	}
4357 	eloop_cancel_timeout(radio_start_next_work, radio, NULL);
4358 	eloop_register_timeout(0, 0, radio_start_next_work, radio, NULL);
4359 }
4360 
4361 
4362 /**
4363  * radio_add_work - Add a radio work item
4364  * @wpa_s: Pointer to wpa_supplicant data
4365  * @freq: Frequency of the offchannel operation in MHz or 0
4366  * @type: Unique identifier for each type of work
4367  * @next: Force as the next work to be executed
4368  * @cb: Callback function for indicating when radio is available
4369  * @ctx: Context pointer for the work (work->ctx in cb())
4370  * Returns: 0 on success, -1 on failure
4371  *
4372  * This function is used to request time for an operation that requires
4373  * exclusive radio control. Once the radio is available, the registered callback
4374  * function will be called. radio_work_done() must be called once the exclusive
4375  * radio operation has been completed, so that the radio is freed for other
4376  * operations. The special case of deinit=1 is used to free the context data
4377  * during interface removal. That does not allow the callback function to start
4378  * the radio operation, i.e., it must free any resources allocated for the radio
4379  * work and return.
4380  *
4381  * The @freq parameter can be used to indicate a single channel on which the
4382  * offchannel operation will occur. This may allow multiple radio work
4383  * operations to be performed in parallel if they apply for the same channel.
4384  * Setting this to 0 indicates that the work item may use multiple channels or
4385  * requires exclusive control of the radio.
4386  */
radio_add_work(struct wpa_supplicant * wpa_s,unsigned int freq,const char * type,int next,void (* cb)(struct wpa_radio_work * work,int deinit),void * ctx)4387 int radio_add_work(struct wpa_supplicant *wpa_s, unsigned int freq,
4388 		   const char *type, int next,
4389 		   void (*cb)(struct wpa_radio_work *work, int deinit),
4390 		   void *ctx)
4391 {
4392 	struct wpa_radio *radio = wpa_s->radio;
4393 	struct wpa_radio_work *work;
4394 	int was_empty;
4395 
4396 	work = os_zalloc(sizeof(*work));
4397 	if (work == NULL)
4398 		return -1;
4399 	wpa_dbg(wpa_s, MSG_DEBUG, "Add radio work '%s'@%p", type, work);
4400 	os_get_reltime(&work->time);
4401 	work->freq = freq;
4402 	work->type = type;
4403 	work->wpa_s = wpa_s;
4404 	work->cb = cb;
4405 	work->ctx = ctx;
4406 
4407 	if (freq)
4408 		work->bands = wpas_freq_to_band(freq);
4409 	else if (os_strcmp(type, "scan") == 0 ||
4410 		 os_strcmp(type, "p2p-scan") == 0)
4411 		work->bands = wpas_get_bands(wpa_s,
4412 					     ((struct wpa_driver_scan_params *)
4413 					      ctx)->freqs);
4414 	else
4415 		work->bands = wpas_get_bands(wpa_s, NULL);
4416 
4417 	was_empty = dl_list_empty(&wpa_s->radio->work);
4418 	if (next)
4419 		dl_list_add(&wpa_s->radio->work, &work->list);
4420 	else
4421 		dl_list_add_tail(&wpa_s->radio->work, &work->list);
4422 	if (was_empty) {
4423 		wpa_dbg(wpa_s, MSG_DEBUG, "First radio work item in the queue - schedule start immediately");
4424 		radio_work_check_next(wpa_s);
4425 	} else if ((wpa_s->drv_flags & WPA_DRIVER_FLAGS_OFFCHANNEL_SIMULTANEOUS)
4426 		   && radio->num_active_works < MAX_ACTIVE_WORKS) {
4427 		wpa_dbg(wpa_s, MSG_DEBUG,
4428 			"Try to schedule a radio work (num_active_works=%u)",
4429 			radio->num_active_works);
4430 		radio_work_check_next(wpa_s);
4431 	}
4432 
4433 	return 0;
4434 }
4435 
4436 
4437 /**
4438  * radio_work_done - Indicate that a radio work item has been completed
4439  * @work: Completed work
4440  *
4441  * This function is called once the callback function registered with
4442  * radio_add_work() has completed its work.
4443  */
radio_work_done(struct wpa_radio_work * work)4444 void radio_work_done(struct wpa_radio_work *work)
4445 {
4446 	struct wpa_supplicant *wpa_s = work->wpa_s;
4447 	struct os_reltime now, diff;
4448 	unsigned int started = work->started;
4449 
4450 	os_get_reltime(&now);
4451 	os_reltime_sub(&now, &work->time, &diff);
4452 	wpa_dbg(wpa_s, MSG_DEBUG, "Radio work '%s'@%p %s in %ld.%06ld seconds",
4453 		work->type, work, started ? "done" : "canceled",
4454 		diff.sec, diff.usec);
4455 	radio_work_free(work);
4456 	if (started)
4457 		radio_work_check_next(wpa_s);
4458 }
4459 
4460 
4461 struct wpa_radio_work *
radio_work_pending(struct wpa_supplicant * wpa_s,const char * type)4462 radio_work_pending(struct wpa_supplicant *wpa_s, const char *type)
4463 {
4464 	struct wpa_radio_work *work;
4465 	struct wpa_radio *radio = wpa_s->radio;
4466 
4467 	dl_list_for_each(work, &radio->work, struct wpa_radio_work, list) {
4468 		if (work->wpa_s == wpa_s && os_strcmp(work->type, type) == 0)
4469 			return work;
4470 	}
4471 
4472 	return NULL;
4473 }
4474 
4475 
wpas_init_driver(struct wpa_supplicant * wpa_s,struct wpa_interface * iface)4476 static int wpas_init_driver(struct wpa_supplicant *wpa_s,
4477 			    struct wpa_interface *iface)
4478 {
4479 	const char *ifname, *driver, *rn;
4480 
4481 	driver = iface->driver;
4482 next_driver:
4483 	if (wpa_supplicant_set_driver(wpa_s, driver) < 0)
4484 		return -1;
4485 
4486 	wpa_s->drv_priv = wpa_drv_init(wpa_s, wpa_s->ifname);
4487 	if (wpa_s->drv_priv == NULL) {
4488 		const char *pos;
4489 		pos = driver ? os_strchr(driver, ',') : NULL;
4490 		if (pos) {
4491 			wpa_dbg(wpa_s, MSG_DEBUG, "Failed to initialize "
4492 				"driver interface - try next driver wrapper");
4493 			driver = pos + 1;
4494 			goto next_driver;
4495 		}
4496 		wpa_msg(wpa_s, MSG_ERROR, "Failed to initialize driver "
4497 			"interface");
4498 		return -1;
4499 	}
4500 	if (wpa_drv_set_param(wpa_s, wpa_s->conf->driver_param) < 0) {
4501 		wpa_msg(wpa_s, MSG_ERROR, "Driver interface rejected "
4502 			"driver_param '%s'", wpa_s->conf->driver_param);
4503 		return -1;
4504 	}
4505 
4506 	ifname = wpa_drv_get_ifname(wpa_s);
4507 	if (ifname && os_strcmp(ifname, wpa_s->ifname) != 0) {
4508 		wpa_dbg(wpa_s, MSG_DEBUG, "Driver interface replaced "
4509 			"interface name with '%s'", ifname);
4510 		os_strlcpy(wpa_s->ifname, ifname, sizeof(wpa_s->ifname));
4511 	}
4512 
4513 	rn = wpa_driver_get_radio_name(wpa_s);
4514 	if (rn && rn[0] == '\0')
4515 		rn = NULL;
4516 
4517 	wpa_s->radio = radio_add_interface(wpa_s, rn);
4518 	if (wpa_s->radio == NULL)
4519 		return -1;
4520 
4521 	return 0;
4522 }
4523 
4524 
wpa_supplicant_init_iface(struct wpa_supplicant * wpa_s,struct wpa_interface * iface)4525 static int wpa_supplicant_init_iface(struct wpa_supplicant *wpa_s,
4526 				     struct wpa_interface *iface)
4527 {
4528 	struct wpa_driver_capa capa;
4529 	int capa_res;
4530 
4531 	wpa_printf(MSG_DEBUG, "Initializing interface '%s' conf '%s' driver "
4532 		   "'%s' ctrl_interface '%s' bridge '%s'", iface->ifname,
4533 		   iface->confname ? iface->confname : "N/A",
4534 		   iface->driver ? iface->driver : "default",
4535 		   iface->ctrl_interface ? iface->ctrl_interface : "N/A",
4536 		   iface->bridge_ifname ? iface->bridge_ifname : "N/A");
4537 
4538 	if (iface->confname) {
4539 #ifdef CONFIG_BACKEND_FILE
4540 		wpa_s->confname = os_rel2abs_path(iface->confname);
4541 		if (wpa_s->confname == NULL) {
4542 			wpa_printf(MSG_ERROR, "Failed to get absolute path "
4543 				   "for configuration file '%s'.",
4544 				   iface->confname);
4545 			return -1;
4546 		}
4547 		wpa_printf(MSG_DEBUG, "Configuration file '%s' -> '%s'",
4548 			   iface->confname, wpa_s->confname);
4549 #else /* CONFIG_BACKEND_FILE */
4550 		wpa_s->confname = os_strdup(iface->confname);
4551 #endif /* CONFIG_BACKEND_FILE */
4552 		wpa_s->conf = wpa_config_read(wpa_s->confname, NULL);
4553 		if (wpa_s->conf == NULL) {
4554 			wpa_printf(MSG_ERROR, "Failed to read or parse "
4555 				   "configuration '%s'.", wpa_s->confname);
4556 			return -1;
4557 		}
4558 		wpa_s->confanother = os_rel2abs_path(iface->confanother);
4559 		wpa_config_read(wpa_s->confanother, wpa_s->conf);
4560 
4561 		/*
4562 		 * Override ctrl_interface and driver_param if set on command
4563 		 * line.
4564 		 */
4565 		if (iface->ctrl_interface) {
4566 			os_free(wpa_s->conf->ctrl_interface);
4567 			wpa_s->conf->ctrl_interface =
4568 				os_strdup(iface->ctrl_interface);
4569 		}
4570 
4571 		if (iface->driver_param) {
4572 			os_free(wpa_s->conf->driver_param);
4573 			wpa_s->conf->driver_param =
4574 				os_strdup(iface->driver_param);
4575 		}
4576 
4577 		if (iface->p2p_mgmt && !iface->ctrl_interface) {
4578 			os_free(wpa_s->conf->ctrl_interface);
4579 			wpa_s->conf->ctrl_interface = NULL;
4580 		}
4581 	} else
4582 		wpa_s->conf = wpa_config_alloc_empty(iface->ctrl_interface,
4583 						     iface->driver_param);
4584 
4585 	if (wpa_s->conf == NULL) {
4586 		wpa_printf(MSG_ERROR, "\nNo configuration found.");
4587 		return -1;
4588 	}
4589 
4590 	if (iface->ifname == NULL) {
4591 		wpa_printf(MSG_ERROR, "\nInterface name is required.");
4592 		return -1;
4593 	}
4594 	if (os_strlen(iface->ifname) >= sizeof(wpa_s->ifname)) {
4595 		wpa_printf(MSG_ERROR, "\nToo long interface name '%s'.",
4596 			   iface->ifname);
4597 		return -1;
4598 	}
4599 	os_strlcpy(wpa_s->ifname, iface->ifname, sizeof(wpa_s->ifname));
4600 
4601 	if (iface->bridge_ifname) {
4602 		if (os_strlen(iface->bridge_ifname) >=
4603 		    sizeof(wpa_s->bridge_ifname)) {
4604 			wpa_printf(MSG_ERROR, "\nToo long bridge interface "
4605 				   "name '%s'.", iface->bridge_ifname);
4606 			return -1;
4607 		}
4608 		os_strlcpy(wpa_s->bridge_ifname, iface->bridge_ifname,
4609 			   sizeof(wpa_s->bridge_ifname));
4610 	}
4611 
4612 	/* RSNA Supplicant Key Management - INITIALIZE */
4613 	eapol_sm_notify_portEnabled(wpa_s->eapol, FALSE);
4614 	eapol_sm_notify_portValid(wpa_s->eapol, FALSE);
4615 
4616 	/* Initialize driver interface and register driver event handler before
4617 	 * L2 receive handler so that association events are processed before
4618 	 * EAPOL-Key packets if both become available for the same select()
4619 	 * call. */
4620 	if (wpas_init_driver(wpa_s, iface) < 0)
4621 		return -1;
4622 
4623 	if (wpa_supplicant_init_wpa(wpa_s) < 0)
4624 		return -1;
4625 
4626 	wpa_sm_set_ifname(wpa_s->wpa, wpa_s->ifname,
4627 			  wpa_s->bridge_ifname[0] ? wpa_s->bridge_ifname :
4628 			  NULL);
4629 	wpa_sm_set_fast_reauth(wpa_s->wpa, wpa_s->conf->fast_reauth);
4630 
4631 	if (wpa_s->conf->dot11RSNAConfigPMKLifetime &&
4632 	    wpa_sm_set_param(wpa_s->wpa, RSNA_PMK_LIFETIME,
4633 			     wpa_s->conf->dot11RSNAConfigPMKLifetime)) {
4634 		wpa_msg(wpa_s, MSG_ERROR, "Invalid WPA parameter value for "
4635 			"dot11RSNAConfigPMKLifetime");
4636 		return -1;
4637 	}
4638 
4639 	if (wpa_s->conf->dot11RSNAConfigPMKReauthThreshold &&
4640 	    wpa_sm_set_param(wpa_s->wpa, RSNA_PMK_REAUTH_THRESHOLD,
4641 			     wpa_s->conf->dot11RSNAConfigPMKReauthThreshold)) {
4642 		wpa_msg(wpa_s, MSG_ERROR, "Invalid WPA parameter value for "
4643 			"dot11RSNAConfigPMKReauthThreshold");
4644 		return -1;
4645 	}
4646 
4647 	if (wpa_s->conf->dot11RSNAConfigSATimeout &&
4648 	    wpa_sm_set_param(wpa_s->wpa, RSNA_SA_TIMEOUT,
4649 			     wpa_s->conf->dot11RSNAConfigSATimeout)) {
4650 		wpa_msg(wpa_s, MSG_ERROR, "Invalid WPA parameter value for "
4651 			"dot11RSNAConfigSATimeout");
4652 		return -1;
4653 	}
4654 
4655 	wpa_s->hw.modes = wpa_drv_get_hw_feature_data(wpa_s,
4656 						      &wpa_s->hw.num_modes,
4657 						      &wpa_s->hw.flags);
4658 	if (wpa_s->hw.modes) {
4659 		u16 i;
4660 
4661 		for (i = 0; i < wpa_s->hw.num_modes; i++) {
4662 			if (wpa_s->hw.modes[i].vht_capab) {
4663 				wpa_s->hw_capab = CAPAB_VHT;
4664 				break;
4665 			}
4666 
4667 			if (wpa_s->hw.modes[i].ht_capab &
4668 			    HT_CAP_INFO_SUPP_CHANNEL_WIDTH_SET)
4669 				wpa_s->hw_capab = CAPAB_HT40;
4670 			else if (wpa_s->hw.modes[i].ht_capab &&
4671 				 wpa_s->hw_capab == CAPAB_NO_HT_VHT)
4672 				wpa_s->hw_capab = CAPAB_HT;
4673 		}
4674 	}
4675 
4676 	capa_res = wpa_drv_get_capa(wpa_s, &capa);
4677 	if (capa_res == 0) {
4678 		wpa_s->drv_capa_known = 1;
4679 		wpa_s->drv_flags = capa.flags;
4680 		wpa_s->drv_enc = capa.enc;
4681 		wpa_s->drv_smps_modes = capa.smps_modes;
4682 		wpa_s->drv_rrm_flags = capa.rrm_flags;
4683 		wpa_s->probe_resp_offloads = capa.probe_resp_offloads;
4684 		wpa_s->max_scan_ssids = capa.max_scan_ssids;
4685 		wpa_s->max_sched_scan_ssids = capa.max_sched_scan_ssids;
4686 		wpa_s->max_sched_scan_plans = capa.max_sched_scan_plans;
4687 		wpa_s->max_sched_scan_plan_interval =
4688 			capa.max_sched_scan_plan_interval;
4689 		wpa_s->max_sched_scan_plan_iterations =
4690 			capa.max_sched_scan_plan_iterations;
4691 		wpa_s->sched_scan_supported = capa.sched_scan_supported;
4692 		wpa_s->max_match_sets = capa.max_match_sets;
4693 		wpa_s->max_remain_on_chan = capa.max_remain_on_chan;
4694 		wpa_s->max_stations = capa.max_stations;
4695 		wpa_s->extended_capa = capa.extended_capa;
4696 		wpa_s->extended_capa_mask = capa.extended_capa_mask;
4697 		wpa_s->extended_capa_len = capa.extended_capa_len;
4698 		wpa_s->num_multichan_concurrent =
4699 			capa.num_multichan_concurrent;
4700 		wpa_s->wmm_ac_supported = capa.wmm_ac_supported;
4701 
4702 		if (capa.mac_addr_rand_scan_supported)
4703 			wpa_s->mac_addr_rand_supported |= MAC_ADDR_RAND_SCAN;
4704 		if (wpa_s->sched_scan_supported &&
4705 		    capa.mac_addr_rand_sched_scan_supported)
4706 			wpa_s->mac_addr_rand_supported |=
4707 				(MAC_ADDR_RAND_SCHED_SCAN | MAC_ADDR_RAND_PNO);
4708 	}
4709 	if (wpa_s->max_remain_on_chan == 0)
4710 		wpa_s->max_remain_on_chan = 1000;
4711 
4712 	/*
4713 	 * Only take p2p_mgmt parameters when P2P Device is supported.
4714 	 * Doing it here as it determines whether l2_packet_init() will be done
4715 	 * during wpa_supplicant_driver_init().
4716 	 */
4717 	if (wpa_s->drv_flags & WPA_DRIVER_FLAGS_DEDICATED_P2P_DEVICE)
4718 		wpa_s->p2p_mgmt = iface->p2p_mgmt;
4719 	else
4720 		iface->p2p_mgmt = 1;
4721 
4722 	if (wpa_s->num_multichan_concurrent == 0)
4723 		wpa_s->num_multichan_concurrent = 1;
4724 
4725 	if (wpa_supplicant_driver_init(wpa_s) < 0)
4726 		return -1;
4727 
4728 #ifdef CONFIG_TDLS
4729 	if ((!iface->p2p_mgmt ||
4730 	     !(wpa_s->drv_flags &
4731 	       WPA_DRIVER_FLAGS_DEDICATED_P2P_DEVICE)) &&
4732 	    wpa_tdls_init(wpa_s->wpa))
4733 		return -1;
4734 #endif /* CONFIG_TDLS */
4735 
4736 	if (wpa_s->conf->country[0] && wpa_s->conf->country[1] &&
4737 	    wpa_drv_set_country(wpa_s, wpa_s->conf->country)) {
4738 		wpa_dbg(wpa_s, MSG_DEBUG, "Failed to set country");
4739 		return -1;
4740 	}
4741 
4742 #ifdef CONFIG_FST
4743 	if (wpa_s->conf->fst_group_id) {
4744 		struct fst_iface_cfg cfg;
4745 		struct fst_wpa_obj iface_obj;
4746 
4747 		fst_wpa_supplicant_fill_iface_obj(wpa_s, &iface_obj);
4748 		os_strlcpy(cfg.group_id, wpa_s->conf->fst_group_id,
4749 			   sizeof(cfg.group_id));
4750 		cfg.priority = wpa_s->conf->fst_priority;
4751 		cfg.llt = wpa_s->conf->fst_llt;
4752 
4753 		wpa_s->fst = fst_attach(wpa_s->ifname, wpa_s->own_addr,
4754 					&iface_obj, &cfg);
4755 		if (!wpa_s->fst) {
4756 			wpa_msg(wpa_s, MSG_ERROR,
4757 				"FST: Cannot attach iface %s to group %s",
4758 				wpa_s->ifname, cfg.group_id);
4759 			return -1;
4760 		}
4761 	}
4762 #endif /* CONFIG_FST */
4763 
4764 	if (wpas_wps_init(wpa_s))
4765 		return -1;
4766 
4767 	if (wpa_supplicant_init_eapol(wpa_s) < 0)
4768 		return -1;
4769 	wpa_sm_set_eapol(wpa_s->wpa, wpa_s->eapol);
4770 
4771 	wpa_s->ctrl_iface = wpa_supplicant_ctrl_iface_init(wpa_s);
4772 	if (wpa_s->ctrl_iface == NULL) {
4773 		wpa_printf(MSG_ERROR,
4774 			   "Failed to initialize control interface '%s'.\n"
4775 			   "You may have another wpa_supplicant process "
4776 			   "already running or the file was\n"
4777 			   "left by an unclean termination of wpa_supplicant "
4778 			   "in which case you will need\n"
4779 			   "to manually remove this file before starting "
4780 			   "wpa_supplicant again.\n",
4781 			   wpa_s->conf->ctrl_interface);
4782 		return -1;
4783 	}
4784 
4785 	wpa_s->gas = gas_query_init(wpa_s);
4786 	if (wpa_s->gas == NULL) {
4787 		wpa_printf(MSG_ERROR, "Failed to initialize GAS query");
4788 		return -1;
4789 	}
4790 
4791 	if (iface->p2p_mgmt && wpas_p2p_init(wpa_s->global, wpa_s) < 0) {
4792 		wpa_msg(wpa_s, MSG_ERROR, "Failed to init P2P");
4793 		return -1;
4794 	}
4795 
4796 	if (wpa_bss_init(wpa_s) < 0)
4797 		return -1;
4798 
4799 	/*
4800 	 * Set Wake-on-WLAN triggers, if configured.
4801 	 * Note: We don't restore/remove the triggers on shutdown (it doesn't
4802 	 * have effect anyway when the interface is down).
4803 	 */
4804 	if (capa_res == 0 && wpas_set_wowlan_triggers(wpa_s, &capa) < 0)
4805 		return -1;
4806 
4807 #ifdef CONFIG_EAP_PROXY
4808 {
4809 	size_t len;
4810 	wpa_s->mnc_len = eapol_sm_get_eap_proxy_imsi(wpa_s->eapol, wpa_s->imsi,
4811 						     &len);
4812 	if (wpa_s->mnc_len > 0) {
4813 		wpa_s->imsi[len] = '\0';
4814 		wpa_printf(MSG_DEBUG, "eap_proxy: IMSI %s (MNC length %d)",
4815 			   wpa_s->imsi, wpa_s->mnc_len);
4816 	} else {
4817 		wpa_printf(MSG_DEBUG, "eap_proxy: IMSI not available");
4818 	}
4819 }
4820 #endif /* CONFIG_EAP_PROXY */
4821 
4822 	if (pcsc_reader_init(wpa_s) < 0)
4823 		return -1;
4824 
4825 	if (wpas_init_ext_pw(wpa_s) < 0)
4826 		return -1;
4827 
4828 	wpas_rrm_reset(wpa_s);
4829 
4830 	wpas_sched_scan_plans_set(wpa_s, wpa_s->conf->sched_scan_plans);
4831 
4832 #ifdef CONFIG_HS20
4833 	hs20_init(wpa_s);
4834 #endif /* CONFIG_HS20 */
4835 #ifdef CONFIG_MBO
4836 	wpas_mbo_update_non_pref_chan(wpa_s, wpa_s->conf->non_pref_chan);
4837 #endif /* CONFIG_MBO */
4838 
4839 	return 0;
4840 }
4841 
4842 
wpa_supplicant_deinit_iface(struct wpa_supplicant * wpa_s,int notify,int terminate)4843 static void wpa_supplicant_deinit_iface(struct wpa_supplicant *wpa_s,
4844 					int notify, int terminate)
4845 {
4846 	struct wpa_global *global = wpa_s->global;
4847 	struct wpa_supplicant *iface, *prev;
4848 
4849 	if (wpa_s == wpa_s->parent)
4850 		wpas_p2p_group_remove(wpa_s, "*");
4851 
4852 	iface = global->ifaces;
4853 	while (iface) {
4854 		if (iface->p2pdev == wpa_s)
4855 			iface->p2pdev = iface->parent;
4856 		if (iface == wpa_s || iface->parent != wpa_s) {
4857 			iface = iface->next;
4858 			continue;
4859 		}
4860 		wpa_printf(MSG_DEBUG,
4861 			   "Remove remaining child interface %s from parent %s",
4862 			   iface->ifname, wpa_s->ifname);
4863 		prev = iface;
4864 		iface = iface->next;
4865 		wpa_supplicant_remove_iface(global, prev, terminate);
4866 	}
4867 
4868 	wpa_s->disconnected = 1;
4869 	if (wpa_s->drv_priv) {
4870 		wpa_supplicant_deauthenticate(wpa_s,
4871 					      WLAN_REASON_DEAUTH_LEAVING);
4872 
4873 		wpa_drv_set_countermeasures(wpa_s, 0);
4874 		wpa_clear_keys(wpa_s, NULL);
4875 	}
4876 
4877 	wpa_supplicant_cleanup(wpa_s);
4878 	wpas_p2p_deinit_iface(wpa_s);
4879 
4880 	wpas_ctrl_radio_work_flush(wpa_s);
4881 	radio_remove_interface(wpa_s);
4882 
4883 #ifdef CONFIG_FST
4884 	if (wpa_s->fst) {
4885 		fst_detach(wpa_s->fst);
4886 		wpa_s->fst = NULL;
4887 	}
4888 	if (wpa_s->received_mb_ies) {
4889 		wpabuf_free(wpa_s->received_mb_ies);
4890 		wpa_s->received_mb_ies = NULL;
4891 	}
4892 #endif /* CONFIG_FST */
4893 
4894 	if (wpa_s->drv_priv)
4895 		wpa_drv_deinit(wpa_s);
4896 
4897 	if (notify)
4898 		wpas_notify_iface_removed(wpa_s);
4899 
4900 	if (terminate)
4901 		wpa_msg(wpa_s, MSG_INFO, WPA_EVENT_TERMINATING);
4902 
4903 	if (wpa_s->ctrl_iface) {
4904 		wpa_supplicant_ctrl_iface_deinit(wpa_s->ctrl_iface);
4905 		wpa_s->ctrl_iface = NULL;
4906 	}
4907 
4908 #ifdef CONFIG_MESH
4909 	if (wpa_s->ifmsh) {
4910 		wpa_supplicant_mesh_iface_deinit(wpa_s, wpa_s->ifmsh);
4911 		wpa_s->ifmsh = NULL;
4912 	}
4913 #endif /* CONFIG_MESH */
4914 
4915 	if (wpa_s->conf != NULL) {
4916 		wpa_config_free(wpa_s->conf);
4917 		wpa_s->conf = NULL;
4918 	}
4919 
4920 	os_free(wpa_s->ssids_from_scan_req);
4921 
4922 	os_free(wpa_s);
4923 }
4924 
4925 
4926 #ifdef CONFIG_MATCH_IFACE
4927 
4928 /**
4929  * wpa_supplicant_match_iface - Match an interface description to a name
4930  * @global: Pointer to global data from wpa_supplicant_init()
4931  * @ifname: Name of the interface to match
4932  * Returns: Pointer to the created interface description or %NULL on failure
4933  */
wpa_supplicant_match_iface(struct wpa_global * global,const char * ifname)4934 struct wpa_interface * wpa_supplicant_match_iface(struct wpa_global *global,
4935 						  const char *ifname)
4936 {
4937 	int i;
4938 	struct wpa_interface *iface, *miface;
4939 
4940 	for (i = 0; i < global->params.match_iface_count; i++) {
4941 		miface = &global->params.match_ifaces[i];
4942 		if (!miface->ifname ||
4943 		    fnmatch(miface->ifname, ifname, 0) == 0) {
4944 			iface = os_zalloc(sizeof(*iface));
4945 			if (!iface)
4946 				return NULL;
4947 			*iface = *miface;
4948 			iface->ifname = ifname;
4949 			return iface;
4950 		}
4951 	}
4952 
4953 	return NULL;
4954 }
4955 
4956 
4957 /**
4958  * wpa_supplicant_match_existing - Match existing interfaces
4959  * @global: Pointer to global data from wpa_supplicant_init()
4960  * Returns: 0 on success, -1 on failure
4961  */
wpa_supplicant_match_existing(struct wpa_global * global)4962 static int wpa_supplicant_match_existing(struct wpa_global *global)
4963 {
4964 	struct if_nameindex *ifi, *ifp;
4965 	struct wpa_supplicant *wpa_s;
4966 	struct wpa_interface *iface;
4967 
4968 	ifp = if_nameindex();
4969 	if (!ifp) {
4970 		wpa_printf(MSG_ERROR, "if_nameindex: %s", strerror(errno));
4971 		return -1;
4972 	}
4973 
4974 	for (ifi = ifp; ifi->if_name; ifi++) {
4975 		wpa_s = wpa_supplicant_get_iface(global, ifi->if_name);
4976 		if (wpa_s)
4977 			continue;
4978 		iface = wpa_supplicant_match_iface(global, ifi->if_name);
4979 		if (iface) {
4980 			wpa_s = wpa_supplicant_add_iface(global, iface, NULL);
4981 			os_free(iface);
4982 			if (wpa_s)
4983 				wpa_s->matched = 1;
4984 		}
4985 	}
4986 
4987 	if_freenameindex(ifp);
4988 	return 0;
4989 }
4990 
4991 #endif /* CONFIG_MATCH_IFACE */
4992 
4993 
4994 /**
4995  * wpa_supplicant_add_iface - Add a new network interface
4996  * @global: Pointer to global data from wpa_supplicant_init()
4997  * @iface: Interface configuration options
4998  * @parent: Parent interface or %NULL to assign new interface as parent
4999  * Returns: Pointer to the created interface or %NULL on failure
5000  *
5001  * This function is used to add new network interfaces for %wpa_supplicant.
5002  * This can be called before wpa_supplicant_run() to add interfaces before the
5003  * main event loop has been started. In addition, new interfaces can be added
5004  * dynamically while %wpa_supplicant is already running. This could happen,
5005  * e.g., when a hotplug network adapter is inserted.
5006  */
wpa_supplicant_add_iface(struct wpa_global * global,struct wpa_interface * iface,struct wpa_supplicant * parent)5007 struct wpa_supplicant * wpa_supplicant_add_iface(struct wpa_global *global,
5008 						 struct wpa_interface *iface,
5009 						 struct wpa_supplicant *parent)
5010 {
5011 	struct wpa_supplicant *wpa_s;
5012 	struct wpa_interface t_iface;
5013 	struct wpa_ssid *ssid;
5014 
5015 	if (global == NULL || iface == NULL)
5016 		return NULL;
5017 
5018 	wpa_s = wpa_supplicant_alloc(parent);
5019 	if (wpa_s == NULL)
5020 		return NULL;
5021 
5022 	wpa_s->global = global;
5023 
5024 	t_iface = *iface;
5025 	if (global->params.override_driver) {
5026 		wpa_printf(MSG_DEBUG, "Override interface parameter: driver "
5027 			   "('%s' -> '%s')",
5028 			   iface->driver, global->params.override_driver);
5029 		t_iface.driver = global->params.override_driver;
5030 	}
5031 	if (global->params.override_ctrl_interface) {
5032 		wpa_printf(MSG_DEBUG, "Override interface parameter: "
5033 			   "ctrl_interface ('%s' -> '%s')",
5034 			   iface->ctrl_interface,
5035 			   global->params.override_ctrl_interface);
5036 		t_iface.ctrl_interface =
5037 			global->params.override_ctrl_interface;
5038 	}
5039 	if (wpa_supplicant_init_iface(wpa_s, &t_iface)) {
5040 		wpa_printf(MSG_DEBUG, "Failed to add interface %s",
5041 			   iface->ifname);
5042 		wpa_supplicant_deinit_iface(wpa_s, 0, 0);
5043 		return NULL;
5044 	}
5045 
5046 	if (iface->p2p_mgmt == 0) {
5047 		/* Notify the control interfaces about new iface */
5048 		if (wpas_notify_iface_added(wpa_s)) {
5049 			wpa_supplicant_deinit_iface(wpa_s, 1, 0);
5050 			return NULL;
5051 		}
5052 
5053 		for (ssid = wpa_s->conf->ssid; ssid; ssid = ssid->next)
5054 			wpas_notify_network_added(wpa_s, ssid);
5055 	}
5056 
5057 	wpa_s->next = global->ifaces;
5058 	global->ifaces = wpa_s;
5059 
5060 	wpa_dbg(wpa_s, MSG_DEBUG, "Added interface %s", wpa_s->ifname);
5061 	wpa_supplicant_set_state(wpa_s, WPA_DISCONNECTED);
5062 
5063 #ifdef CONFIG_P2P
5064 	if (wpa_s->global->p2p == NULL &&
5065 	    !wpa_s->global->p2p_disabled && !wpa_s->conf->p2p_disabled &&
5066 	    (wpa_s->drv_flags & WPA_DRIVER_FLAGS_DEDICATED_P2P_DEVICE) &&
5067 	    wpas_p2p_add_p2pdev_interface(
5068 		    wpa_s, wpa_s->global->params.conf_p2p_dev) < 0) {
5069 		wpa_printf(MSG_INFO,
5070 			   "P2P: Failed to enable P2P Device interface");
5071 		/* Try to continue without. P2P will be disabled. */
5072 	}
5073 #endif /* CONFIG_P2P */
5074 
5075 	return wpa_s;
5076 }
5077 
5078 
5079 /**
5080  * wpa_supplicant_remove_iface - Remove a network interface
5081  * @global: Pointer to global data from wpa_supplicant_init()
5082  * @wpa_s: Pointer to the network interface to be removed
5083  * Returns: 0 if interface was removed, -1 if interface was not found
5084  *
5085  * This function can be used to dynamically remove network interfaces from
5086  * %wpa_supplicant, e.g., when a hotplug network adapter is ejected. In
5087  * addition, this function is used to remove all remaining interfaces when
5088  * %wpa_supplicant is terminated.
5089  */
wpa_supplicant_remove_iface(struct wpa_global * global,struct wpa_supplicant * wpa_s,int terminate)5090 int wpa_supplicant_remove_iface(struct wpa_global *global,
5091 				struct wpa_supplicant *wpa_s,
5092 				int terminate)
5093 {
5094 	struct wpa_supplicant *prev;
5095 #ifdef CONFIG_MESH
5096 	unsigned int mesh_if_created = wpa_s->mesh_if_created;
5097 	char *ifname = NULL;
5098 #endif /* CONFIG_MESH */
5099 
5100 	/* Remove interface from the global list of interfaces */
5101 	prev = global->ifaces;
5102 	if (prev == wpa_s) {
5103 		global->ifaces = wpa_s->next;
5104 	} else {
5105 		while (prev && prev->next != wpa_s)
5106 			prev = prev->next;
5107 		if (prev == NULL)
5108 			return -1;
5109 		prev->next = wpa_s->next;
5110 	}
5111 
5112 	wpa_dbg(wpa_s, MSG_DEBUG, "Removing interface %s", wpa_s->ifname);
5113 
5114 #ifdef CONFIG_MESH
5115 	if (mesh_if_created) {
5116 		ifname = os_strdup(wpa_s->ifname);
5117 		if (ifname == NULL) {
5118 			wpa_dbg(wpa_s, MSG_ERROR,
5119 				"mesh: Failed to malloc ifname");
5120 			return -1;
5121 		}
5122 	}
5123 #endif /* CONFIG_MESH */
5124 
5125 	if (global->p2p_group_formation == wpa_s)
5126 		global->p2p_group_formation = NULL;
5127 	if (global->p2p_invite_group == wpa_s)
5128 		global->p2p_invite_group = NULL;
5129 	wpa_supplicant_deinit_iface(wpa_s, 1, terminate);
5130 
5131 #ifdef CONFIG_MESH
5132 	if (mesh_if_created) {
5133 		wpa_drv_if_remove(global->ifaces, WPA_IF_MESH, ifname);
5134 		os_free(ifname);
5135 	}
5136 #endif /* CONFIG_MESH */
5137 
5138 	return 0;
5139 }
5140 
5141 
5142 /**
5143  * wpa_supplicant_get_eap_mode - Get the current EAP mode
5144  * @wpa_s: Pointer to the network interface
5145  * Returns: Pointer to the eap mode or the string "UNKNOWN" if not found
5146  */
wpa_supplicant_get_eap_mode(struct wpa_supplicant * wpa_s)5147 const char * wpa_supplicant_get_eap_mode(struct wpa_supplicant *wpa_s)
5148 {
5149 	const char *eapol_method;
5150 
5151         if (wpa_key_mgmt_wpa_ieee8021x(wpa_s->key_mgmt) == 0 &&
5152             wpa_s->key_mgmt != WPA_KEY_MGMT_IEEE8021X_NO_WPA) {
5153 		return "NO-EAP";
5154 	}
5155 
5156 	eapol_method = eapol_sm_get_method_name(wpa_s->eapol);
5157 	if (eapol_method == NULL)
5158 		return "UNKNOWN-EAP";
5159 
5160 	return eapol_method;
5161 }
5162 
5163 
5164 /**
5165  * wpa_supplicant_get_iface - Get a new network interface
5166  * @global: Pointer to global data from wpa_supplicant_init()
5167  * @ifname: Interface name
5168  * Returns: Pointer to the interface or %NULL if not found
5169  */
wpa_supplicant_get_iface(struct wpa_global * global,const char * ifname)5170 struct wpa_supplicant * wpa_supplicant_get_iface(struct wpa_global *global,
5171 						 const char *ifname)
5172 {
5173 	struct wpa_supplicant *wpa_s;
5174 
5175 	for (wpa_s = global->ifaces; wpa_s; wpa_s = wpa_s->next) {
5176 		if (os_strcmp(wpa_s->ifname, ifname) == 0)
5177 			return wpa_s;
5178 	}
5179 	return NULL;
5180 }
5181 
5182 
5183 #ifndef CONFIG_NO_WPA_MSG
wpa_supplicant_msg_ifname_cb(void * ctx)5184 static const char * wpa_supplicant_msg_ifname_cb(void *ctx)
5185 {
5186 	struct wpa_supplicant *wpa_s = ctx;
5187 	if (wpa_s == NULL)
5188 		return NULL;
5189 	return wpa_s->ifname;
5190 }
5191 #endif /* CONFIG_NO_WPA_MSG */
5192 
5193 
5194 #ifndef WPA_SUPPLICANT_CLEANUP_INTERVAL
5195 #define WPA_SUPPLICANT_CLEANUP_INTERVAL 10
5196 #endif /* WPA_SUPPLICANT_CLEANUP_INTERVAL */
5197 
5198 /* Periodic cleanup tasks */
wpas_periodic(void * eloop_ctx,void * timeout_ctx)5199 static void wpas_periodic(void *eloop_ctx, void *timeout_ctx)
5200 {
5201 	struct wpa_global *global = eloop_ctx;
5202 	struct wpa_supplicant *wpa_s;
5203 
5204 	eloop_register_timeout(WPA_SUPPLICANT_CLEANUP_INTERVAL, 0,
5205 			       wpas_periodic, global, NULL);
5206 
5207 #ifdef CONFIG_P2P
5208 	if (global->p2p)
5209 		p2p_expire_peers(global->p2p);
5210 #endif /* CONFIG_P2P */
5211 
5212 	for (wpa_s = global->ifaces; wpa_s; wpa_s = wpa_s->next) {
5213 		wpa_bss_flush_by_age(wpa_s, wpa_s->conf->bss_expiration_age);
5214 #ifdef CONFIG_AP
5215 		ap_periodic(wpa_s);
5216 #endif /* CONFIG_AP */
5217 	}
5218 }
5219 
5220 
5221 /**
5222  * wpa_supplicant_init - Initialize %wpa_supplicant
5223  * @params: Parameters for %wpa_supplicant
5224  * Returns: Pointer to global %wpa_supplicant data, or %NULL on failure
5225  *
5226  * This function is used to initialize %wpa_supplicant. After successful
5227  * initialization, the returned data pointer can be used to add and remove
5228  * network interfaces, and eventually, to deinitialize %wpa_supplicant.
5229  */
wpa_supplicant_init(struct wpa_params * params)5230 struct wpa_global * wpa_supplicant_init(struct wpa_params *params)
5231 {
5232 	struct wpa_global *global;
5233 	int ret, i;
5234 
5235 	if (params == NULL)
5236 		return NULL;
5237 
5238 #ifdef CONFIG_DRIVER_NDIS
5239 	{
5240 		void driver_ndis_init_ops(void);
5241 		driver_ndis_init_ops();
5242 	}
5243 #endif /* CONFIG_DRIVER_NDIS */
5244 
5245 #ifndef CONFIG_NO_WPA_MSG
5246 	wpa_msg_register_ifname_cb(wpa_supplicant_msg_ifname_cb);
5247 #endif /* CONFIG_NO_WPA_MSG */
5248 
5249 	if (params->wpa_debug_file_path)
5250 		wpa_debug_open_file(params->wpa_debug_file_path);
5251 	else
5252 		wpa_debug_setup_stdout();
5253 	if (params->wpa_debug_syslog)
5254 		wpa_debug_open_syslog();
5255 	if (params->wpa_debug_tracing) {
5256 		ret = wpa_debug_open_linux_tracing();
5257 		if (ret) {
5258 			wpa_printf(MSG_ERROR,
5259 				   "Failed to enable trace logging");
5260 			return NULL;
5261 		}
5262 	}
5263 
5264 	ret = eap_register_methods();
5265 	if (ret) {
5266 		wpa_printf(MSG_ERROR, "Failed to register EAP methods");
5267 		if (ret == -2)
5268 			wpa_printf(MSG_ERROR, "Two or more EAP methods used "
5269 				   "the same EAP type.");
5270 		return NULL;
5271 	}
5272 
5273 	global = os_zalloc(sizeof(*global));
5274 	if (global == NULL)
5275 		return NULL;
5276 	dl_list_init(&global->p2p_srv_bonjour);
5277 	dl_list_init(&global->p2p_srv_upnp);
5278 	global->params.daemonize = params->daemonize;
5279 	global->params.wait_for_monitor = params->wait_for_monitor;
5280 	global->params.dbus_ctrl_interface = params->dbus_ctrl_interface;
5281 	if (params->pid_file)
5282 		global->params.pid_file = os_strdup(params->pid_file);
5283 	if (params->ctrl_interface)
5284 		global->params.ctrl_interface =
5285 			os_strdup(params->ctrl_interface);
5286 	if (params->ctrl_interface_group)
5287 		global->params.ctrl_interface_group =
5288 			os_strdup(params->ctrl_interface_group);
5289 	if (params->override_driver)
5290 		global->params.override_driver =
5291 			os_strdup(params->override_driver);
5292 	if (params->override_ctrl_interface)
5293 		global->params.override_ctrl_interface =
5294 			os_strdup(params->override_ctrl_interface);
5295 #ifdef CONFIG_MATCH_IFACE
5296 	global->params.match_iface_count = params->match_iface_count;
5297 	if (params->match_iface_count) {
5298 		global->params.match_ifaces =
5299 			os_calloc(params->match_iface_count,
5300 				  sizeof(struct wpa_interface));
5301 		os_memcpy(global->params.match_ifaces,
5302 			  params->match_ifaces,
5303 			  params->match_iface_count *
5304 			  sizeof(struct wpa_interface));
5305 	}
5306 #endif /* CONFIG_MATCH_IFACE */
5307 #ifdef CONFIG_P2P
5308 	if (params->conf_p2p_dev)
5309 		global->params.conf_p2p_dev =
5310 			os_strdup(params->conf_p2p_dev);
5311 #endif /* CONFIG_P2P */
5312 	wpa_debug_level = global->params.wpa_debug_level =
5313 		params->wpa_debug_level;
5314 	wpa_debug_show_keys = global->params.wpa_debug_show_keys =
5315 		params->wpa_debug_show_keys;
5316 	wpa_debug_timestamp = global->params.wpa_debug_timestamp =
5317 		params->wpa_debug_timestamp;
5318 
5319 	wpa_printf(MSG_DEBUG, "wpa_supplicant v" VERSION_STR);
5320 
5321 	if (eloop_init()) {
5322 		wpa_printf(MSG_ERROR, "Failed to initialize event loop");
5323 		wpa_supplicant_deinit(global);
5324 		return NULL;
5325 	}
5326 
5327 	random_init(params->entropy_file);
5328 
5329 	global->ctrl_iface = wpa_supplicant_global_ctrl_iface_init(global);
5330 	if (global->ctrl_iface == NULL) {
5331 		wpa_supplicant_deinit(global);
5332 		return NULL;
5333 	}
5334 
5335 	if (wpas_notify_supplicant_initialized(global)) {
5336 		wpa_supplicant_deinit(global);
5337 		return NULL;
5338 	}
5339 
5340 	for (i = 0; wpa_drivers[i]; i++)
5341 		global->drv_count++;
5342 	if (global->drv_count == 0) {
5343 		wpa_printf(MSG_ERROR, "No drivers enabled");
5344 		wpa_supplicant_deinit(global);
5345 		return NULL;
5346 	}
5347 	global->drv_priv = os_calloc(global->drv_count, sizeof(void *));
5348 	if (global->drv_priv == NULL) {
5349 		wpa_supplicant_deinit(global);
5350 		return NULL;
5351 	}
5352 
5353 #ifdef CONFIG_WIFI_DISPLAY
5354 	if (wifi_display_init(global) < 0) {
5355 		wpa_printf(MSG_ERROR, "Failed to initialize Wi-Fi Display");
5356 		wpa_supplicant_deinit(global);
5357 		return NULL;
5358 	}
5359 #endif /* CONFIG_WIFI_DISPLAY */
5360 
5361 	eloop_register_timeout(WPA_SUPPLICANT_CLEANUP_INTERVAL, 0,
5362 			       wpas_periodic, global, NULL);
5363 
5364 	return global;
5365 }
5366 
5367 
5368 /**
5369  * wpa_supplicant_run - Run the %wpa_supplicant main event loop
5370  * @global: Pointer to global data from wpa_supplicant_init()
5371  * Returns: 0 after successful event loop run, -1 on failure
5372  *
5373  * This function starts the main event loop and continues running as long as
5374  * there are any remaining events. In most cases, this function is running as
5375  * long as the %wpa_supplicant process in still in use.
5376  */
wpa_supplicant_run(struct wpa_global * global)5377 int wpa_supplicant_run(struct wpa_global *global)
5378 {
5379 	struct wpa_supplicant *wpa_s;
5380 
5381 	if (global->params.daemonize &&
5382 	    (wpa_supplicant_daemon(global->params.pid_file) ||
5383 	     eloop_sock_requeue()))
5384 		return -1;
5385 
5386 #ifdef CONFIG_MATCH_IFACE
5387 	if (wpa_supplicant_match_existing(global))
5388 		return -1;
5389 #endif
5390 
5391 	if (global->params.wait_for_monitor) {
5392 		for (wpa_s = global->ifaces; wpa_s; wpa_s = wpa_s->next)
5393 			if (wpa_s->ctrl_iface && !wpa_s->p2p_mgmt)
5394 				wpa_supplicant_ctrl_iface_wait(
5395 					wpa_s->ctrl_iface);
5396 	}
5397 
5398 	eloop_register_signal_terminate(wpa_supplicant_terminate, global);
5399 	eloop_register_signal_reconfig(wpa_supplicant_reconfig, global);
5400 
5401 	eloop_run();
5402 
5403 	return 0;
5404 }
5405 
5406 
5407 /**
5408  * wpa_supplicant_deinit - Deinitialize %wpa_supplicant
5409  * @global: Pointer to global data from wpa_supplicant_init()
5410  *
5411  * This function is called to deinitialize %wpa_supplicant and to free all
5412  * allocated resources. Remaining network interfaces will also be removed.
5413  */
wpa_supplicant_deinit(struct wpa_global * global)5414 void wpa_supplicant_deinit(struct wpa_global *global)
5415 {
5416 	int i;
5417 
5418 	if (global == NULL)
5419 		return;
5420 
5421 	eloop_cancel_timeout(wpas_periodic, global, NULL);
5422 
5423 #ifdef CONFIG_WIFI_DISPLAY
5424 	wifi_display_deinit(global);
5425 #endif /* CONFIG_WIFI_DISPLAY */
5426 
5427 	while (global->ifaces)
5428 		wpa_supplicant_remove_iface(global, global->ifaces, 1);
5429 
5430 	if (global->ctrl_iface)
5431 		wpa_supplicant_global_ctrl_iface_deinit(global->ctrl_iface);
5432 
5433 	wpas_notify_supplicant_deinitialized(global);
5434 
5435 	eap_peer_unregister_methods();
5436 #ifdef CONFIG_AP
5437 	eap_server_unregister_methods();
5438 #endif /* CONFIG_AP */
5439 
5440 	for (i = 0; wpa_drivers[i] && global->drv_priv; i++) {
5441 		if (!global->drv_priv[i])
5442 			continue;
5443 		wpa_drivers[i]->global_deinit(global->drv_priv[i]);
5444 	}
5445 	os_free(global->drv_priv);
5446 
5447 	random_deinit();
5448 
5449 	eloop_destroy();
5450 
5451 	if (global->params.pid_file) {
5452 		os_daemonize_terminate(global->params.pid_file);
5453 		os_free(global->params.pid_file);
5454 	}
5455 	os_free(global->params.ctrl_interface);
5456 	os_free(global->params.ctrl_interface_group);
5457 	os_free(global->params.override_driver);
5458 	os_free(global->params.override_ctrl_interface);
5459 #ifdef CONFIG_MATCH_IFACE
5460 	os_free(global->params.match_ifaces);
5461 #endif /* CONFIG_MATCH_IFACE */
5462 #ifdef CONFIG_P2P
5463 	os_free(global->params.conf_p2p_dev);
5464 #endif /* CONFIG_P2P */
5465 
5466 	os_free(global->p2p_disallow_freq.range);
5467 	os_free(global->p2p_go_avoid_freq.range);
5468 	os_free(global->add_psk);
5469 
5470 	os_free(global);
5471 	wpa_debug_close_syslog();
5472 	wpa_debug_close_file();
5473 	wpa_debug_close_linux_tracing();
5474 }
5475 
5476 
wpa_supplicant_update_config(struct wpa_supplicant * wpa_s)5477 void wpa_supplicant_update_config(struct wpa_supplicant *wpa_s)
5478 {
5479 	if ((wpa_s->conf->changed_parameters & CFG_CHANGED_COUNTRY) &&
5480 	    wpa_s->conf->country[0] && wpa_s->conf->country[1]) {
5481 		char country[3];
5482 		country[0] = wpa_s->conf->country[0];
5483 		country[1] = wpa_s->conf->country[1];
5484 		country[2] = '\0';
5485 		if (wpa_drv_set_country(wpa_s, country) < 0) {
5486 			wpa_printf(MSG_ERROR, "Failed to set country code "
5487 				   "'%s'", country);
5488 		}
5489 	}
5490 
5491 	if (wpa_s->conf->changed_parameters & CFG_CHANGED_EXT_PW_BACKEND)
5492 		wpas_init_ext_pw(wpa_s);
5493 
5494 	if (wpa_s->conf->changed_parameters & CFG_CHANGED_SCHED_SCAN_PLANS)
5495 		wpas_sched_scan_plans_set(wpa_s, wpa_s->conf->sched_scan_plans);
5496 
5497 #ifdef CONFIG_WPS
5498 	wpas_wps_update_config(wpa_s);
5499 #endif /* CONFIG_WPS */
5500 	wpas_p2p_update_config(wpa_s);
5501 	wpa_s->conf->changed_parameters = 0;
5502 }
5503 
5504 
add_freq(int * freqs,int * num_freqs,int freq)5505 void add_freq(int *freqs, int *num_freqs, int freq)
5506 {
5507 	int i;
5508 
5509 	for (i = 0; i < *num_freqs; i++) {
5510 		if (freqs[i] == freq)
5511 			return;
5512 	}
5513 
5514 	freqs[*num_freqs] = freq;
5515 	(*num_freqs)++;
5516 }
5517 
5518 
get_bss_freqs_in_ess(struct wpa_supplicant * wpa_s)5519 static int * get_bss_freqs_in_ess(struct wpa_supplicant *wpa_s)
5520 {
5521 	struct wpa_bss *bss, *cbss;
5522 	const int max_freqs = 10;
5523 	int *freqs;
5524 	int num_freqs = 0;
5525 
5526 	freqs = os_calloc(max_freqs + 1, sizeof(int));
5527 	if (freqs == NULL)
5528 		return NULL;
5529 
5530 	cbss = wpa_s->current_bss;
5531 
5532 	dl_list_for_each(bss, &wpa_s->bss, struct wpa_bss, list) {
5533 		if (bss == cbss)
5534 			continue;
5535 		if (bss->ssid_len == cbss->ssid_len &&
5536 		    os_memcmp(bss->ssid, cbss->ssid, bss->ssid_len) == 0 &&
5537 		    wpa_blacklist_get(wpa_s, bss->bssid) == NULL) {
5538 			add_freq(freqs, &num_freqs, bss->freq);
5539 			if (num_freqs == max_freqs)
5540 				break;
5541 		}
5542 	}
5543 
5544 	if (num_freqs == 0) {
5545 		os_free(freqs);
5546 		freqs = NULL;
5547 	}
5548 
5549 	return freqs;
5550 }
5551 
5552 
wpas_connection_failed(struct wpa_supplicant * wpa_s,const u8 * bssid)5553 void wpas_connection_failed(struct wpa_supplicant *wpa_s, const u8 *bssid)
5554 {
5555 	int timeout;
5556 	int count;
5557 	int *freqs = NULL;
5558 
5559 	wpas_connect_work_done(wpa_s);
5560 
5561 	/*
5562 	 * Remove possible authentication timeout since the connection failed.
5563 	 */
5564 	eloop_cancel_timeout(wpa_supplicant_timeout, wpa_s, NULL);
5565 
5566 	/*
5567 	 * There is no point in blacklisting the AP if this event is
5568 	 * generated based on local request to disconnect.
5569 	 */
5570 	if (wpa_s->own_disconnect_req) {
5571 		wpa_s->own_disconnect_req = 0;
5572 		wpa_dbg(wpa_s, MSG_DEBUG,
5573 			"Ignore connection failure due to local request to disconnect");
5574 		return;
5575 	}
5576 	if (wpa_s->disconnected) {
5577 		wpa_dbg(wpa_s, MSG_DEBUG, "Ignore connection failure "
5578 			"indication since interface has been put into "
5579 			"disconnected state");
5580 		return;
5581 	}
5582 
5583 	/*
5584 	 * Add the failed BSSID into the blacklist and speed up next scan
5585 	 * attempt if there could be other APs that could accept association.
5586 	 * The current blacklist count indicates how many times we have tried
5587 	 * connecting to this AP and multiple attempts mean that other APs are
5588 	 * either not available or has already been tried, so that we can start
5589 	 * increasing the delay here to avoid constant scanning.
5590 	 */
5591 	count = wpa_blacklist_add(wpa_s, bssid);
5592 	if (count == 1 && wpa_s->current_bss) {
5593 		/*
5594 		 * This BSS was not in the blacklist before. If there is
5595 		 * another BSS available for the same ESS, we should try that
5596 		 * next. Otherwise, we may as well try this one once more
5597 		 * before allowing other, likely worse, ESSes to be considered.
5598 		 */
5599 		freqs = get_bss_freqs_in_ess(wpa_s);
5600 		if (freqs) {
5601 			wpa_dbg(wpa_s, MSG_DEBUG, "Another BSS in this ESS "
5602 				"has been seen; try it next");
5603 			wpa_blacklist_add(wpa_s, bssid);
5604 			/*
5605 			 * On the next scan, go through only the known channels
5606 			 * used in this ESS based on previous scans to speed up
5607 			 * common load balancing use case.
5608 			 */
5609 			os_free(wpa_s->next_scan_freqs);
5610 			wpa_s->next_scan_freqs = freqs;
5611 		}
5612 	}
5613 
5614 	/*
5615 	 * Add previous failure count in case the temporary blacklist was
5616 	 * cleared due to no other BSSes being available.
5617 	 */
5618 	count += wpa_s->extra_blacklist_count;
5619 
5620 	if (count > 3 && wpa_s->current_ssid) {
5621 		wpa_printf(MSG_DEBUG, "Continuous association failures - "
5622 			   "consider temporary network disabling");
5623 		wpas_auth_failed(wpa_s, "CONN_FAILED");
5624 	}
5625 
5626 	switch (count) {
5627 	case 1:
5628 		timeout = 100;
5629 		break;
5630 	case 2:
5631 		timeout = 500;
5632 		break;
5633 	case 3:
5634 		timeout = 1000;
5635 		break;
5636 	case 4:
5637 		timeout = 5000;
5638 		break;
5639 	default:
5640 		timeout = 10000;
5641 		break;
5642 	}
5643 
5644 	wpa_dbg(wpa_s, MSG_DEBUG, "Blacklist count %d --> request scan in %d "
5645 		"ms", count, timeout);
5646 
5647 	/*
5648 	 * TODO: if more than one possible AP is available in scan results,
5649 	 * could try the other ones before requesting a new scan.
5650 	 */
5651 	wpa_supplicant_req_scan(wpa_s, timeout / 1000,
5652 				1000 * (timeout % 1000));
5653 }
5654 
5655 
wpas_driver_bss_selection(struct wpa_supplicant * wpa_s)5656 int wpas_driver_bss_selection(struct wpa_supplicant *wpa_s)
5657 {
5658 	return wpa_s->conf->ap_scan == 2 ||
5659 		(wpa_s->drv_flags & WPA_DRIVER_FLAGS_BSS_SELECTION);
5660 }
5661 
5662 
5663 #if defined(CONFIG_CTRL_IFACE) || defined(CONFIG_CTRL_IFACE_DBUS_NEW)
wpa_supplicant_ctrl_iface_ctrl_rsp_handle(struct wpa_supplicant * wpa_s,struct wpa_ssid * ssid,const char * field,const char * value)5664 int wpa_supplicant_ctrl_iface_ctrl_rsp_handle(struct wpa_supplicant *wpa_s,
5665 					      struct wpa_ssid *ssid,
5666 					      const char *field,
5667 					      const char *value)
5668 {
5669 #ifdef IEEE8021X_EAPOL
5670 	struct eap_peer_config *eap = &ssid->eap;
5671 
5672 	wpa_printf(MSG_DEBUG, "CTRL_IFACE: response handle field=%s", field);
5673 	wpa_hexdump_ascii_key(MSG_DEBUG, "CTRL_IFACE: response value",
5674 			      (const u8 *) value, os_strlen(value));
5675 
5676 	switch (wpa_supplicant_ctrl_req_from_string(field)) {
5677 	case WPA_CTRL_REQ_EAP_IDENTITY:
5678 		os_free(eap->identity);
5679 		eap->identity = (u8 *) os_strdup(value);
5680 		eap->identity_len = os_strlen(value);
5681 		eap->pending_req_identity = 0;
5682 		if (ssid == wpa_s->current_ssid)
5683 			wpa_s->reassociate = 1;
5684 		break;
5685 	case WPA_CTRL_REQ_EAP_PASSWORD:
5686 		bin_clear_free(eap->password, eap->password_len);
5687 		eap->password = (u8 *) os_strdup(value);
5688 		eap->password_len = os_strlen(value);
5689 		eap->pending_req_password = 0;
5690 		if (ssid == wpa_s->current_ssid)
5691 			wpa_s->reassociate = 1;
5692 		break;
5693 	case WPA_CTRL_REQ_EAP_NEW_PASSWORD:
5694 		bin_clear_free(eap->new_password, eap->new_password_len);
5695 		eap->new_password = (u8 *) os_strdup(value);
5696 		eap->new_password_len = os_strlen(value);
5697 		eap->pending_req_new_password = 0;
5698 		if (ssid == wpa_s->current_ssid)
5699 			wpa_s->reassociate = 1;
5700 		break;
5701 	case WPA_CTRL_REQ_EAP_PIN:
5702 		str_clear_free(eap->pin);
5703 		eap->pin = os_strdup(value);
5704 		eap->pending_req_pin = 0;
5705 		if (ssid == wpa_s->current_ssid)
5706 			wpa_s->reassociate = 1;
5707 		break;
5708 	case WPA_CTRL_REQ_EAP_OTP:
5709 		bin_clear_free(eap->otp, eap->otp_len);
5710 		eap->otp = (u8 *) os_strdup(value);
5711 		eap->otp_len = os_strlen(value);
5712 		os_free(eap->pending_req_otp);
5713 		eap->pending_req_otp = NULL;
5714 		eap->pending_req_otp_len = 0;
5715 		break;
5716 	case WPA_CTRL_REQ_EAP_PASSPHRASE:
5717 		str_clear_free(eap->private_key_passwd);
5718 		eap->private_key_passwd = os_strdup(value);
5719 		eap->pending_req_passphrase = 0;
5720 		if (ssid == wpa_s->current_ssid)
5721 			wpa_s->reassociate = 1;
5722 		break;
5723 	case WPA_CTRL_REQ_SIM:
5724 		str_clear_free(eap->external_sim_resp);
5725 		eap->external_sim_resp = os_strdup(value);
5726 		break;
5727 	case WPA_CTRL_REQ_PSK_PASSPHRASE:
5728 		if (wpa_config_set(ssid, "psk", value, 0) < 0)
5729 			return -1;
5730 		ssid->mem_only_psk = 1;
5731 		if (ssid->passphrase)
5732 			wpa_config_update_psk(ssid);
5733 		if (wpa_s->wpa_state == WPA_SCANNING && !wpa_s->scanning)
5734 			wpa_supplicant_req_scan(wpa_s, 0, 0);
5735 		break;
5736 	case WPA_CTRL_REQ_EXT_CERT_CHECK:
5737 		if (eap->pending_ext_cert_check != PENDING_CHECK)
5738 			return -1;
5739 		if (os_strcmp(value, "good") == 0)
5740 			eap->pending_ext_cert_check = EXT_CERT_CHECK_GOOD;
5741 		else if (os_strcmp(value, "bad") == 0)
5742 			eap->pending_ext_cert_check = EXT_CERT_CHECK_BAD;
5743 		else
5744 			return -1;
5745 		break;
5746 	default:
5747 		wpa_printf(MSG_DEBUG, "CTRL_IFACE: Unknown field '%s'", field);
5748 		return -1;
5749 	}
5750 
5751 	return 0;
5752 #else /* IEEE8021X_EAPOL */
5753 	wpa_printf(MSG_DEBUG, "CTRL_IFACE: IEEE 802.1X not included");
5754 	return -1;
5755 #endif /* IEEE8021X_EAPOL */
5756 }
5757 #endif /* CONFIG_CTRL_IFACE || CONFIG_CTRL_IFACE_DBUS_NEW */
5758 
5759 
wpas_network_disabled(struct wpa_supplicant * wpa_s,struct wpa_ssid * ssid)5760 int wpas_network_disabled(struct wpa_supplicant *wpa_s, struct wpa_ssid *ssid)
5761 {
5762 	int i;
5763 	unsigned int drv_enc;
5764 
5765 	if (wpa_s->p2p_mgmt)
5766 		return 1; /* no normal network profiles on p2p_mgmt interface */
5767 
5768 	if (ssid == NULL)
5769 		return 1;
5770 
5771 	if (ssid->disabled)
5772 		return 1;
5773 
5774 	if (wpa_s->drv_capa_known)
5775 		drv_enc = wpa_s->drv_enc;
5776 	else
5777 		drv_enc = (unsigned int) -1;
5778 
5779 	for (i = 0; i < NUM_WEP_KEYS; i++) {
5780 		size_t len = ssid->wep_key_len[i];
5781 		if (len == 0)
5782 			continue;
5783 		if (len == 5 && (drv_enc & WPA_DRIVER_CAPA_ENC_WEP40))
5784 			continue;
5785 		if (len == 13 && (drv_enc & WPA_DRIVER_CAPA_ENC_WEP104))
5786 			continue;
5787 		if (len == 16 && (drv_enc & WPA_DRIVER_CAPA_ENC_WEP128))
5788 			continue;
5789 		return 1; /* invalid WEP key */
5790 	}
5791 
5792 	if (wpa_key_mgmt_wpa_psk(ssid->key_mgmt) && !ssid->psk_set &&
5793 	    (!ssid->passphrase || ssid->ssid_len != 0) && !ssid->ext_psk &&
5794 	    !ssid->mem_only_psk)
5795 		return 1;
5796 
5797 	return 0;
5798 }
5799 
5800 
wpas_get_ssid_pmf(struct wpa_supplicant * wpa_s,struct wpa_ssid * ssid)5801 int wpas_get_ssid_pmf(struct wpa_supplicant *wpa_s, struct wpa_ssid *ssid)
5802 {
5803 #ifdef CONFIG_IEEE80211W
5804 	if (ssid == NULL || ssid->ieee80211w == MGMT_FRAME_PROTECTION_DEFAULT) {
5805 		if (wpa_s->conf->pmf == MGMT_FRAME_PROTECTION_OPTIONAL &&
5806 		    !(wpa_s->drv_enc & WPA_DRIVER_CAPA_ENC_BIP)) {
5807 			/*
5808 			 * Driver does not support BIP -- ignore pmf=1 default
5809 			 * since the connection with PMF would fail and the
5810 			 * configuration does not require PMF to be enabled.
5811 			 */
5812 			return NO_MGMT_FRAME_PROTECTION;
5813 		}
5814 
5815 		return wpa_s->conf->pmf;
5816 	}
5817 
5818 	return ssid->ieee80211w;
5819 #else /* CONFIG_IEEE80211W */
5820 	return NO_MGMT_FRAME_PROTECTION;
5821 #endif /* CONFIG_IEEE80211W */
5822 }
5823 
5824 
wpas_is_p2p_prioritized(struct wpa_supplicant * wpa_s)5825 int wpas_is_p2p_prioritized(struct wpa_supplicant *wpa_s)
5826 {
5827 	if (wpa_s->global->conc_pref == WPA_CONC_PREF_P2P)
5828 		return 1;
5829 	if (wpa_s->global->conc_pref == WPA_CONC_PREF_STA)
5830 		return 0;
5831 	return -1;
5832 }
5833 
5834 
wpas_auth_failed(struct wpa_supplicant * wpa_s,char * reason)5835 void wpas_auth_failed(struct wpa_supplicant *wpa_s, char *reason)
5836 {
5837 	struct wpa_ssid *ssid = wpa_s->current_ssid;
5838 	int dur;
5839 	struct os_reltime now;
5840 
5841 	if (ssid == NULL) {
5842 		wpa_printf(MSG_DEBUG, "Authentication failure but no known "
5843 			   "SSID block");
5844 		return;
5845 	}
5846 
5847 	if (ssid->key_mgmt == WPA_KEY_MGMT_WPS)
5848 		return;
5849 
5850 	ssid->auth_failures++;
5851 
5852 #ifdef CONFIG_P2P
5853 	if (ssid->p2p_group &&
5854 	    (wpa_s->p2p_in_provisioning || wpa_s->show_group_started)) {
5855 		/*
5856 		 * Skip the wait time since there is a short timeout on the
5857 		 * connection to a P2P group.
5858 		 */
5859 		return;
5860 	}
5861 #endif /* CONFIG_P2P */
5862 
5863 	if (ssid->auth_failures > 50)
5864 		dur = 300;
5865 	else if (ssid->auth_failures > 10)
5866 		dur = 120;
5867 	else if (ssid->auth_failures > 5)
5868 		dur = 90;
5869 	else if (ssid->auth_failures > 3)
5870 		dur = 60;
5871 	else if (ssid->auth_failures > 2)
5872 		dur = 30;
5873 	else if (ssid->auth_failures > 1)
5874 		dur = 20;
5875 	else
5876 		dur = 10;
5877 
5878 	if (ssid->auth_failures > 1 &&
5879 	    wpa_key_mgmt_wpa_ieee8021x(ssid->key_mgmt))
5880 		dur += os_random() % (ssid->auth_failures * 10);
5881 
5882 	os_get_reltime(&now);
5883 	if (now.sec + dur <= ssid->disabled_until.sec)
5884 		return;
5885 
5886 	ssid->disabled_until.sec = now.sec + dur;
5887 
5888 	wpa_msg(wpa_s, MSG_INFO, WPA_EVENT_TEMP_DISABLED
5889 		"id=%d ssid=\"%s\" auth_failures=%u duration=%d reason=%s",
5890 		ssid->id, wpa_ssid_txt(ssid->ssid, ssid->ssid_len),
5891 		ssid->auth_failures, dur, reason);
5892 }
5893 
5894 
wpas_clear_temp_disabled(struct wpa_supplicant * wpa_s,struct wpa_ssid * ssid,int clear_failures)5895 void wpas_clear_temp_disabled(struct wpa_supplicant *wpa_s,
5896 			      struct wpa_ssid *ssid, int clear_failures)
5897 {
5898 	if (ssid == NULL)
5899 		return;
5900 
5901 	if (ssid->disabled_until.sec) {
5902 		wpa_msg(wpa_s, MSG_INFO, WPA_EVENT_REENABLED
5903 			"id=%d ssid=\"%s\"",
5904 			ssid->id, wpa_ssid_txt(ssid->ssid, ssid->ssid_len));
5905 	}
5906 	ssid->disabled_until.sec = 0;
5907 	ssid->disabled_until.usec = 0;
5908 	if (clear_failures)
5909 		ssid->auth_failures = 0;
5910 }
5911 
5912 
disallowed_bssid(struct wpa_supplicant * wpa_s,const u8 * bssid)5913 int disallowed_bssid(struct wpa_supplicant *wpa_s, const u8 *bssid)
5914 {
5915 	size_t i;
5916 
5917 	if (wpa_s->disallow_aps_bssid == NULL)
5918 		return 0;
5919 
5920 	for (i = 0; i < wpa_s->disallow_aps_bssid_count; i++) {
5921 		if (os_memcmp(wpa_s->disallow_aps_bssid + i * ETH_ALEN,
5922 			      bssid, ETH_ALEN) == 0)
5923 			return 1;
5924 	}
5925 
5926 	return 0;
5927 }
5928 
5929 
disallowed_ssid(struct wpa_supplicant * wpa_s,const u8 * ssid,size_t ssid_len)5930 int disallowed_ssid(struct wpa_supplicant *wpa_s, const u8 *ssid,
5931 		    size_t ssid_len)
5932 {
5933 	size_t i;
5934 
5935 	if (wpa_s->disallow_aps_ssid == NULL || ssid == NULL)
5936 		return 0;
5937 
5938 	for (i = 0; i < wpa_s->disallow_aps_ssid_count; i++) {
5939 		struct wpa_ssid_value *s = &wpa_s->disallow_aps_ssid[i];
5940 		if (ssid_len == s->ssid_len &&
5941 		    os_memcmp(ssid, s->ssid, ssid_len) == 0)
5942 			return 1;
5943 	}
5944 
5945 	return 0;
5946 }
5947 
5948 
5949 /**
5950  * wpas_request_connection - Request a new connection
5951  * @wpa_s: Pointer to the network interface
5952  *
5953  * This function is used to request a new connection to be found. It will mark
5954  * the interface to allow reassociation and request a new scan to find a
5955  * suitable network to connect to.
5956  */
wpas_request_connection(struct wpa_supplicant * wpa_s)5957 void wpas_request_connection(struct wpa_supplicant *wpa_s)
5958 {
5959 	wpa_s->normal_scans = 0;
5960 	wpa_s->scan_req = NORMAL_SCAN_REQ;
5961 	wpa_supplicant_reinit_autoscan(wpa_s);
5962 	wpa_s->extra_blacklist_count = 0;
5963 	wpa_s->disconnected = 0;
5964 	wpa_s->reassociate = 1;
5965 
5966 	if (wpa_supplicant_fast_associate(wpa_s) != 1)
5967 		wpa_supplicant_req_scan(wpa_s, 0, 0);
5968 	else
5969 		wpa_s->reattach = 0;
5970 }
5971 
5972 
dump_freq_data(struct wpa_supplicant * wpa_s,const char * title,struct wpa_used_freq_data * freqs_data,unsigned int len)5973 void dump_freq_data(struct wpa_supplicant *wpa_s, const char *title,
5974 		    struct wpa_used_freq_data *freqs_data,
5975 		    unsigned int len)
5976 {
5977 	unsigned int i;
5978 
5979 	wpa_dbg(wpa_s, MSG_DEBUG, "Shared frequencies (len=%u): %s",
5980 		len, title);
5981 	for (i = 0; i < len; i++) {
5982 		struct wpa_used_freq_data *cur = &freqs_data[i];
5983 		wpa_dbg(wpa_s, MSG_DEBUG, "freq[%u]: %d, flags=0x%X",
5984 			i, cur->freq, cur->flags);
5985 	}
5986 }
5987 
5988 
5989 /*
5990  * Find the operating frequencies of any of the virtual interfaces that
5991  * are using the same radio as the current interface, and in addition, get
5992  * information about the interface types that are using the frequency.
5993  */
get_shared_radio_freqs_data(struct wpa_supplicant * wpa_s,struct wpa_used_freq_data * freqs_data,unsigned int len)5994 int get_shared_radio_freqs_data(struct wpa_supplicant *wpa_s,
5995 				struct wpa_used_freq_data *freqs_data,
5996 				unsigned int len)
5997 {
5998 	struct wpa_supplicant *ifs;
5999 	u8 bssid[ETH_ALEN];
6000 	int freq;
6001 	unsigned int idx = 0, i;
6002 
6003 	wpa_dbg(wpa_s, MSG_DEBUG,
6004 		"Determining shared radio frequencies (max len %u)", len);
6005 	os_memset(freqs_data, 0, sizeof(struct wpa_used_freq_data) * len);
6006 
6007 	dl_list_for_each(ifs, &wpa_s->radio->ifaces, struct wpa_supplicant,
6008 			 radio_list) {
6009 		if (idx == len)
6010 			break;
6011 
6012 		if (ifs->current_ssid == NULL || ifs->assoc_freq == 0)
6013 			continue;
6014 
6015 		if (ifs->current_ssid->mode == WPAS_MODE_AP ||
6016 		    ifs->current_ssid->mode == WPAS_MODE_P2P_GO ||
6017 		    ifs->current_ssid->mode == WPAS_MODE_MESH)
6018 			freq = ifs->current_ssid->frequency;
6019 		else if (wpa_drv_get_bssid(ifs, bssid) == 0)
6020 			freq = ifs->assoc_freq;
6021 		else
6022 			continue;
6023 
6024 		/* Hold only distinct freqs */
6025 		for (i = 0; i < idx; i++)
6026 			if (freqs_data[i].freq == freq)
6027 				break;
6028 
6029 		if (i == idx)
6030 			freqs_data[idx++].freq = freq;
6031 
6032 		if (ifs->current_ssid->mode == WPAS_MODE_INFRA) {
6033 			freqs_data[i].flags |= ifs->current_ssid->p2p_group ?
6034 				WPA_FREQ_USED_BY_P2P_CLIENT :
6035 				WPA_FREQ_USED_BY_INFRA_STATION;
6036 		}
6037 	}
6038 
6039 	dump_freq_data(wpa_s, "completed iteration", freqs_data, idx);
6040 	return idx;
6041 }
6042 
6043 
6044 /*
6045  * Find the operating frequencies of any of the virtual interfaces that
6046  * are using the same radio as the current interface.
6047  */
get_shared_radio_freqs(struct wpa_supplicant * wpa_s,int * freq_array,unsigned int len)6048 int get_shared_radio_freqs(struct wpa_supplicant *wpa_s,
6049 			   int *freq_array, unsigned int len)
6050 {
6051 	struct wpa_used_freq_data *freqs_data;
6052 	int num, i;
6053 
6054 	os_memset(freq_array, 0, sizeof(int) * len);
6055 
6056 	freqs_data = os_calloc(len, sizeof(struct wpa_used_freq_data));
6057 	if (!freqs_data)
6058 		return -1;
6059 
6060 	num = get_shared_radio_freqs_data(wpa_s, freqs_data, len);
6061 	for (i = 0; i < num; i++)
6062 		freq_array[i] = freqs_data[i].freq;
6063 
6064 	os_free(freqs_data);
6065 
6066 	return num;
6067 }
6068 
6069 
wpas_rrm_neighbor_rep_timeout_handler(void * data,void * user_ctx)6070 static void wpas_rrm_neighbor_rep_timeout_handler(void *data, void *user_ctx)
6071 {
6072 	struct rrm_data *rrm = data;
6073 
6074 	if (!rrm->notify_neighbor_rep) {
6075 		wpa_printf(MSG_ERROR,
6076 			   "RRM: Unexpected neighbor report timeout");
6077 		return;
6078 	}
6079 
6080 	wpa_printf(MSG_DEBUG, "RRM: Notifying neighbor report - NONE");
6081 	rrm->notify_neighbor_rep(rrm->neighbor_rep_cb_ctx, NULL);
6082 
6083 	rrm->notify_neighbor_rep = NULL;
6084 	rrm->neighbor_rep_cb_ctx = NULL;
6085 }
6086 
6087 
6088 /*
6089  * wpas_rrm_reset - Clear and reset all RRM data in wpa_supplicant
6090  * @wpa_s: Pointer to wpa_supplicant
6091  */
wpas_rrm_reset(struct wpa_supplicant * wpa_s)6092 void wpas_rrm_reset(struct wpa_supplicant *wpa_s)
6093 {
6094 	wpa_s->rrm.rrm_used = 0;
6095 
6096 	eloop_cancel_timeout(wpas_rrm_neighbor_rep_timeout_handler, &wpa_s->rrm,
6097 			     NULL);
6098 	if (wpa_s->rrm.notify_neighbor_rep)
6099 		wpas_rrm_neighbor_rep_timeout_handler(&wpa_s->rrm, NULL);
6100 	wpa_s->rrm.next_neighbor_rep_token = 1;
6101 }
6102 
6103 
6104 /*
6105  * wpas_rrm_process_neighbor_rep - Handle incoming neighbor report
6106  * @wpa_s: Pointer to wpa_supplicant
6107  * @report: Neighbor report buffer, prefixed by a 1-byte dialog token
6108  * @report_len: Length of neighbor report buffer
6109  */
wpas_rrm_process_neighbor_rep(struct wpa_supplicant * wpa_s,const u8 * report,size_t report_len)6110 void wpas_rrm_process_neighbor_rep(struct wpa_supplicant *wpa_s,
6111 				   const u8 *report, size_t report_len)
6112 {
6113 	struct wpabuf *neighbor_rep;
6114 
6115 	wpa_hexdump(MSG_DEBUG, "RRM: New Neighbor Report", report, report_len);
6116 	if (report_len < 1)
6117 		return;
6118 
6119 	if (report[0] != wpa_s->rrm.next_neighbor_rep_token - 1) {
6120 		wpa_printf(MSG_DEBUG,
6121 			   "RRM: Discarding neighbor report with token %d (expected %d)",
6122 			   report[0], wpa_s->rrm.next_neighbor_rep_token - 1);
6123 		return;
6124 	}
6125 
6126 	eloop_cancel_timeout(wpas_rrm_neighbor_rep_timeout_handler, &wpa_s->rrm,
6127 			     NULL);
6128 
6129 	if (!wpa_s->rrm.notify_neighbor_rep) {
6130 		wpa_printf(MSG_ERROR, "RRM: Unexpected neighbor report");
6131 		return;
6132 	}
6133 
6134 	/* skipping the first byte, which is only an id (dialog token) */
6135 	neighbor_rep = wpabuf_alloc(report_len - 1);
6136 	if (neighbor_rep == NULL)
6137 		return;
6138 	wpabuf_put_data(neighbor_rep, report + 1, report_len - 1);
6139 	wpa_printf(MSG_DEBUG, "RRM: Notifying neighbor report (token = %d)",
6140 		   report[0]);
6141 	wpa_s->rrm.notify_neighbor_rep(wpa_s->rrm.neighbor_rep_cb_ctx,
6142 				       neighbor_rep);
6143 	wpa_s->rrm.notify_neighbor_rep = NULL;
6144 	wpa_s->rrm.neighbor_rep_cb_ctx = NULL;
6145 }
6146 
6147 
6148 #if defined(__CYGWIN__) || defined(CONFIG_NATIVE_WINDOWS)
6149 /* Workaround different, undefined for Windows, error codes used here */
6150 #define ENOTCONN -1
6151 #define EOPNOTSUPP -1
6152 #define ECANCELED -1
6153 #endif
6154 
6155 /**
6156  * wpas_rrm_send_neighbor_rep_request - Request a neighbor report from our AP
6157  * @wpa_s: Pointer to wpa_supplicant
6158  * @ssid: if not null, this is sent in the request. Otherwise, no SSID IE
6159  *	  is sent in the request.
6160  * @cb: Callback function to be called once the requested report arrives, or
6161  *	timed out after RRM_NEIGHBOR_REPORT_TIMEOUT seconds.
6162  *	In the former case, 'neighbor_rep' is a newly allocated wpabuf, and it's
6163  *	the requester's responsibility to free it.
6164  *	In the latter case NULL will be sent in 'neighbor_rep'.
6165  * @cb_ctx: Context value to send the callback function
6166  * Returns: 0 in case of success, negative error code otherwise
6167  *
6168  * In case there is a previous request which has not been answered yet, the
6169  * new request fails. The caller may retry after RRM_NEIGHBOR_REPORT_TIMEOUT.
6170  * Request must contain a callback function.
6171  */
wpas_rrm_send_neighbor_rep_request(struct wpa_supplicant * wpa_s,const struct wpa_ssid * ssid,void (* cb)(void * ctx,struct wpabuf * neighbor_rep),void * cb_ctx)6172 int wpas_rrm_send_neighbor_rep_request(struct wpa_supplicant *wpa_s,
6173 				       const struct wpa_ssid *ssid,
6174 				       void (*cb)(void *ctx,
6175 						  struct wpabuf *neighbor_rep),
6176 				       void *cb_ctx)
6177 {
6178 	struct wpabuf *buf;
6179 	const u8 *rrm_ie;
6180 
6181 	if (wpa_s->wpa_state != WPA_COMPLETED || wpa_s->current_ssid == NULL) {
6182 		wpa_printf(MSG_DEBUG, "RRM: No connection, no RRM.");
6183 		return -ENOTCONN;
6184 	}
6185 
6186 	if (!wpa_s->rrm.rrm_used) {
6187 		wpa_printf(MSG_DEBUG, "RRM: No RRM in current connection.");
6188 		return -EOPNOTSUPP;
6189 	}
6190 
6191 	rrm_ie = wpa_bss_get_ie(wpa_s->current_bss,
6192 				WLAN_EID_RRM_ENABLED_CAPABILITIES);
6193 	if (!rrm_ie || !(wpa_s->current_bss->caps & IEEE80211_CAP_RRM) ||
6194 	    !(rrm_ie[2] & WLAN_RRM_CAPS_NEIGHBOR_REPORT)) {
6195 		wpa_printf(MSG_DEBUG,
6196 			   "RRM: No network support for Neighbor Report.");
6197 		return -EOPNOTSUPP;
6198 	}
6199 
6200 	if (!cb) {
6201 		wpa_printf(MSG_DEBUG,
6202 			   "RRM: Neighbor Report request must provide a callback.");
6203 		return -EINVAL;
6204 	}
6205 
6206 	/* Refuse if there's a live request */
6207 	if (wpa_s->rrm.notify_neighbor_rep) {
6208 		wpa_printf(MSG_DEBUG,
6209 			   "RRM: Currently handling previous Neighbor Report.");
6210 		return -EBUSY;
6211 	}
6212 
6213 	/* 3 = action category + action code + dialog token */
6214 	buf = wpabuf_alloc(3 + (ssid ? 2 + ssid->ssid_len : 0));
6215 	if (buf == NULL) {
6216 		wpa_printf(MSG_DEBUG,
6217 			   "RRM: Failed to allocate Neighbor Report Request");
6218 		return -ENOMEM;
6219 	}
6220 
6221 	wpa_printf(MSG_DEBUG, "RRM: Neighbor report request (for %s), token=%d",
6222 		   (ssid ? wpa_ssid_txt(ssid->ssid, ssid->ssid_len) : ""),
6223 		   wpa_s->rrm.next_neighbor_rep_token);
6224 
6225 	wpabuf_put_u8(buf, WLAN_ACTION_RADIO_MEASUREMENT);
6226 	wpabuf_put_u8(buf, WLAN_RRM_NEIGHBOR_REPORT_REQUEST);
6227 	wpabuf_put_u8(buf, wpa_s->rrm.next_neighbor_rep_token);
6228 	if (ssid) {
6229 		wpabuf_put_u8(buf, WLAN_EID_SSID);
6230 		wpabuf_put_u8(buf, ssid->ssid_len);
6231 		wpabuf_put_data(buf, ssid->ssid, ssid->ssid_len);
6232 	}
6233 
6234 	wpa_s->rrm.next_neighbor_rep_token++;
6235 
6236 	if (wpa_drv_send_action(wpa_s, wpa_s->assoc_freq, 0, wpa_s->bssid,
6237 				wpa_s->own_addr, wpa_s->bssid,
6238 				wpabuf_head(buf), wpabuf_len(buf), 0) < 0) {
6239 		wpa_printf(MSG_DEBUG,
6240 			   "RRM: Failed to send Neighbor Report Request");
6241 		wpabuf_free(buf);
6242 		return -ECANCELED;
6243 	}
6244 
6245 	wpa_s->rrm.neighbor_rep_cb_ctx = cb_ctx;
6246 	wpa_s->rrm.notify_neighbor_rep = cb;
6247 	eloop_register_timeout(RRM_NEIGHBOR_REPORT_TIMEOUT, 0,
6248 			       wpas_rrm_neighbor_rep_timeout_handler,
6249 			       &wpa_s->rrm, NULL);
6250 
6251 	wpabuf_free(buf);
6252 	return 0;
6253 }
6254 
6255 
wpas_rrm_handle_link_measurement_request(struct wpa_supplicant * wpa_s,const u8 * src,const u8 * frame,size_t len,int rssi)6256 void wpas_rrm_handle_link_measurement_request(struct wpa_supplicant *wpa_s,
6257 					      const u8 *src,
6258 					      const u8 *frame, size_t len,
6259 					      int rssi)
6260 {
6261 	struct wpabuf *buf;
6262 	const struct rrm_link_measurement_request *req;
6263 	struct rrm_link_measurement_report report;
6264 
6265 	if (wpa_s->wpa_state != WPA_COMPLETED) {
6266 		wpa_printf(MSG_INFO,
6267 			   "RRM: Ignoring link measurement request. Not associated");
6268 		return;
6269 	}
6270 
6271 	if (!wpa_s->rrm.rrm_used) {
6272 		wpa_printf(MSG_INFO,
6273 			   "RRM: Ignoring link measurement request. Not RRM network");
6274 		return;
6275 	}
6276 
6277 	if (!(wpa_s->drv_rrm_flags & WPA_DRIVER_FLAGS_TX_POWER_INSERTION)) {
6278 		wpa_printf(MSG_INFO,
6279 			   "RRM: Measurement report failed. TX power insertion not supported");
6280 		return;
6281 	}
6282 
6283 	req = (const struct rrm_link_measurement_request *) frame;
6284 	if (len < sizeof(*req)) {
6285 		wpa_printf(MSG_INFO,
6286 			   "RRM: Link measurement report failed. Request too short");
6287 		return;
6288 	}
6289 
6290 	os_memset(&report, 0, sizeof(report));
6291 	report.tpc.eid = WLAN_EID_TPC_REPORT;
6292 	report.tpc.len = 2;
6293 	report.rsni = 255; /* 255 indicates that RSNI is not available */
6294 	report.dialog_token = req->dialog_token;
6295 
6296 	/*
6297 	 * It's possible to estimate RCPI based on RSSI in dBm. This
6298 	 * calculation will not reflect the correct value for high rates,
6299 	 * but it's good enough for Action frames which are transmitted
6300 	 * with up to 24 Mbps rates.
6301 	 */
6302 	if (!rssi)
6303 		report.rcpi = 255; /* not available */
6304 	else if (rssi < -110)
6305 		report.rcpi = 0;
6306 	else if (rssi > 0)
6307 		report.rcpi = 220;
6308 	else
6309 		report.rcpi = (rssi + 110) * 2;
6310 
6311 	/* action_category + action_code */
6312 	buf = wpabuf_alloc(2 + sizeof(report));
6313 	if (buf == NULL) {
6314 		wpa_printf(MSG_ERROR,
6315 			   "RRM: Link measurement report failed. Buffer allocation failed");
6316 		return;
6317 	}
6318 
6319 	wpabuf_put_u8(buf, WLAN_ACTION_RADIO_MEASUREMENT);
6320 	wpabuf_put_u8(buf, WLAN_RRM_LINK_MEASUREMENT_REPORT);
6321 	wpabuf_put_data(buf, &report, sizeof(report));
6322 	wpa_hexdump(MSG_DEBUG, "RRM: Link measurement report:",
6323 		    wpabuf_head(buf), wpabuf_len(buf));
6324 
6325 	if (wpa_drv_send_action(wpa_s, wpa_s->assoc_freq, 0, src,
6326 				wpa_s->own_addr, wpa_s->bssid,
6327 				wpabuf_head(buf), wpabuf_len(buf), 0)) {
6328 		wpa_printf(MSG_ERROR,
6329 			   "RRM: Link measurement report failed. Send action failed");
6330 	}
6331 	wpabuf_free(buf);
6332 }
6333 
6334 
6335 struct wpa_supplicant *
wpas_vendor_elem(struct wpa_supplicant * wpa_s,enum wpa_vendor_elem_frame frame)6336 wpas_vendor_elem(struct wpa_supplicant *wpa_s, enum wpa_vendor_elem_frame frame)
6337 {
6338 	switch (frame) {
6339 #ifdef CONFIG_P2P
6340 	case VENDOR_ELEM_PROBE_REQ_P2P:
6341 	case VENDOR_ELEM_PROBE_RESP_P2P:
6342 	case VENDOR_ELEM_PROBE_RESP_P2P_GO:
6343 	case VENDOR_ELEM_BEACON_P2P_GO:
6344 	case VENDOR_ELEM_P2P_PD_REQ:
6345 	case VENDOR_ELEM_P2P_PD_RESP:
6346 	case VENDOR_ELEM_P2P_GO_NEG_REQ:
6347 	case VENDOR_ELEM_P2P_GO_NEG_RESP:
6348 	case VENDOR_ELEM_P2P_GO_NEG_CONF:
6349 	case VENDOR_ELEM_P2P_INV_REQ:
6350 	case VENDOR_ELEM_P2P_INV_RESP:
6351 	case VENDOR_ELEM_P2P_ASSOC_REQ:
6352 	case VENDOR_ELEM_P2P_ASSOC_RESP:
6353 		return wpa_s->p2pdev;
6354 #endif /* CONFIG_P2P */
6355 	default:
6356 		return wpa_s;
6357 	}
6358 }
6359 
6360 
wpas_vendor_elem_update(struct wpa_supplicant * wpa_s)6361 void wpas_vendor_elem_update(struct wpa_supplicant *wpa_s)
6362 {
6363 	unsigned int i;
6364 	char buf[30];
6365 
6366 	wpa_printf(MSG_DEBUG, "Update vendor elements");
6367 
6368 	for (i = 0; i < NUM_VENDOR_ELEM_FRAMES; i++) {
6369 		if (wpa_s->vendor_elem[i]) {
6370 			int res;
6371 
6372 			res = os_snprintf(buf, sizeof(buf), "frame[%u]", i);
6373 			if (!os_snprintf_error(sizeof(buf), res)) {
6374 				wpa_hexdump_buf(MSG_DEBUG, buf,
6375 						wpa_s->vendor_elem[i]);
6376 			}
6377 		}
6378 	}
6379 
6380 #ifdef CONFIG_P2P
6381 	if (wpa_s->parent == wpa_s &&
6382 	    wpa_s->global->p2p &&
6383 	    !wpa_s->global->p2p_disabled)
6384 		p2p_set_vendor_elems(wpa_s->global->p2p, wpa_s->vendor_elem);
6385 #endif /* CONFIG_P2P */
6386 }
6387 
6388 
wpas_vendor_elem_remove(struct wpa_supplicant * wpa_s,int frame,const u8 * elem,size_t len)6389 int wpas_vendor_elem_remove(struct wpa_supplicant *wpa_s, int frame,
6390 			    const u8 *elem, size_t len)
6391 {
6392 	u8 *ie, *end;
6393 
6394 	ie = wpabuf_mhead_u8(wpa_s->vendor_elem[frame]);
6395 	end = ie + wpabuf_len(wpa_s->vendor_elem[frame]);
6396 
6397 	for (; ie + 1 < end; ie += 2 + ie[1]) {
6398 		if (ie + len > end)
6399 			break;
6400 		if (os_memcmp(ie, elem, len) != 0)
6401 			continue;
6402 
6403 		if (wpabuf_len(wpa_s->vendor_elem[frame]) == len) {
6404 			wpabuf_free(wpa_s->vendor_elem[frame]);
6405 			wpa_s->vendor_elem[frame] = NULL;
6406 		} else {
6407 			os_memmove(ie, ie + len, end - (ie + len));
6408 			wpa_s->vendor_elem[frame]->used -= len;
6409 		}
6410 		wpas_vendor_elem_update(wpa_s);
6411 		return 0;
6412 	}
6413 
6414 	return -1;
6415 }
6416 
6417 
get_mode(struct hostapd_hw_modes * modes,u16 num_modes,enum hostapd_hw_mode mode)6418 struct hostapd_hw_modes * get_mode(struct hostapd_hw_modes *modes,
6419 				   u16 num_modes, enum hostapd_hw_mode mode)
6420 {
6421 	u16 i;
6422 
6423 	for (i = 0; i < num_modes; i++) {
6424 		if (modes[i].mode == mode)
6425 			return &modes[i];
6426 	}
6427 
6428 	return NULL;
6429 }
6430 
6431 
6432 static struct
wpas_get_disallowed_bss(struct wpa_supplicant * wpa_s,const u8 * bssid)6433 wpa_bss_tmp_disallowed * wpas_get_disallowed_bss(struct wpa_supplicant *wpa_s,
6434 						 const u8 *bssid)
6435 {
6436 	struct wpa_bss_tmp_disallowed *bss;
6437 
6438 	dl_list_for_each(bss, &wpa_s->bss_tmp_disallowed,
6439 			 struct wpa_bss_tmp_disallowed, list) {
6440 		if (os_memcmp(bssid, bss->bssid, ETH_ALEN) == 0)
6441 			return bss;
6442 	}
6443 
6444 	return NULL;
6445 }
6446 
6447 
wpa_bss_tmp_disallow(struct wpa_supplicant * wpa_s,const u8 * bssid,unsigned int sec)6448 void wpa_bss_tmp_disallow(struct wpa_supplicant *wpa_s, const u8 *bssid,
6449 			  unsigned int sec)
6450 {
6451 	struct wpa_bss_tmp_disallowed *bss;
6452 	struct os_reltime until;
6453 
6454 	os_get_reltime(&until);
6455 	until.sec += sec;
6456 
6457 	bss = wpas_get_disallowed_bss(wpa_s, bssid);
6458 	if (bss) {
6459 		bss->disallowed_until = until;
6460 		return;
6461 	}
6462 
6463 	bss = os_malloc(sizeof(*bss));
6464 	if (!bss) {
6465 		wpa_printf(MSG_DEBUG,
6466 			   "Failed to allocate memory for temp disallow BSS");
6467 		return;
6468 	}
6469 
6470 	bss->disallowed_until = until;
6471 	os_memcpy(bss->bssid, bssid, ETH_ALEN);
6472 	dl_list_add(&wpa_s->bss_tmp_disallowed, &bss->list);
6473 }
6474 
6475 
wpa_is_bss_tmp_disallowed(struct wpa_supplicant * wpa_s,const u8 * bssid)6476 int wpa_is_bss_tmp_disallowed(struct wpa_supplicant *wpa_s, const u8 *bssid)
6477 {
6478 	struct wpa_bss_tmp_disallowed *bss = NULL, *tmp, *prev;
6479 	struct os_reltime now, age;
6480 
6481 	os_get_reltime(&now);
6482 
6483 	dl_list_for_each_safe(tmp, prev, &wpa_s->bss_tmp_disallowed,
6484 			 struct wpa_bss_tmp_disallowed, list) {
6485 		if (!os_reltime_before(&now, &tmp->disallowed_until)) {
6486 			/* This BSS is not disallowed anymore */
6487 			dl_list_del(&tmp->list);
6488 			os_free(tmp);
6489 			continue;
6490 		}
6491 		if (os_memcmp(bssid, tmp->bssid, ETH_ALEN) == 0) {
6492 			bss = tmp;
6493 			break;
6494 		}
6495 	}
6496 	if (!bss)
6497 		return 0;
6498 
6499 	os_reltime_sub(&bss->disallowed_until, &now, &age);
6500 	wpa_printf(MSG_DEBUG,
6501 		   "BSS " MACSTR " disabled for %ld.%0ld seconds",
6502 		   MAC2STR(bss->bssid), age.sec, age.usec);
6503 	return 1;
6504 }
6505