3 * Copyright (c) 2003-2010, Jouni Malinen <j@w1.fi>
5 * This program is free software; you can redistribute it and/or modify
6 * it under the terms of the GNU General Public License version 2 as
7 * published by the Free Software Foundation.
9 * Alternatively, this software may be distributed under the terms of BSD
12 * See README and COPYING for more details.
14 * This file implements functions for registering and unregistering
15 * %wpa_supplicant interfaces. In addition, this file contains number of
16 * functions for managing network connections.
22 #include "eapol_supp/eapol_supp_sm.h"
23 #include "eap_peer/eap.h"
24 #include "eap_server/eap_methods.h"
25 #include "rsn_supp/wpa.h"
28 #include "l2_packet/l2_packet.h"
29 #include "wpa_supplicant_i.h"
31 #include "ctrl_iface.h"
32 #include "pcsc_funcs.h"
33 #include "common/version.h"
34 #include "rsn_supp/preauth.h"
35 #include "rsn_supp/pmksa_cache.h"
36 #include "common/wpa_ctrl.h"
38 #include "common/ieee802_11_defs.h"
39 #include "blacklist.h"
40 #include "wpas_glue.h"
41 #include "wps_supplicant.h"
50 const char *wpa_supplicant_version =
51 "wpa_supplicant v" VERSION_STR "\n"
52 "Copyright (c) 2003-2010, Jouni Malinen <j@w1.fi> and contributors";
54 const char *wpa_supplicant_license =
55 "This program is free software. You can distribute it and/or modify it\n"
56 "under the terms of the GNU General Public License version 2.\n"
58 "Alternatively, this software may be distributed under the terms of the\n"
59 "BSD license. See README and COPYING for more details.\n"
60 #ifdef EAP_TLS_OPENSSL
61 "\nThis product includes software developed by the OpenSSL Project\n"
62 "for use in the OpenSSL Toolkit (http://www.openssl.org/)\n"
63 #endif /* EAP_TLS_OPENSSL */
66 #ifndef CONFIG_NO_STDOUT_DEBUG
67 /* Long text divided into parts in order to fit in C89 strings size limits. */
68 const char *wpa_supplicant_full_license1 =
69 "This program is free software; you can redistribute it and/or modify\n"
70 "it under the terms of the GNU General Public License version 2 as\n"
71 "published by the Free Software Foundation.\n"
73 "This program is distributed in the hope that it will be useful,\n"
74 "but WITHOUT ANY WARRANTY; without even the implied warranty of\n"
75 "MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n"
76 "GNU General Public License for more details.\n"
78 const char *wpa_supplicant_full_license2 =
79 "You should have received a copy of the GNU General Public License\n"
80 "along with this program; if not, write to the Free Software\n"
81 "Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA\n"
83 "Alternatively, this software may be distributed under the terms of the\n"
86 "Redistribution and use in source and binary forms, with or without\n"
87 "modification, are permitted provided that the following conditions are\n"
90 const char *wpa_supplicant_full_license3 =
91 "1. Redistributions of source code must retain the above copyright\n"
92 " notice, this list of conditions and the following disclaimer.\n"
94 "2. Redistributions in binary form must reproduce the above copyright\n"
95 " notice, this list of conditions and the following disclaimer in the\n"
96 " documentation and/or other materials provided with the distribution.\n"
98 const char *wpa_supplicant_full_license4 =
99 "3. Neither the name(s) of the above-listed copyright holder(s) nor the\n"
100 " names of its contributors may be used to endorse or promote products\n"
101 " derived from this software without specific prior written permission.\n"
103 "THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS\n"
104 "\"AS IS\" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT\n"
105 "LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR\n"
106 "A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT\n";
107 const char *wpa_supplicant_full_license5 =
108 "OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,\n"
109 "SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT\n"
110 "LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,\n"
111 "DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY\n"
112 "THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT\n"
113 "(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE\n"
114 "OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n"
116 #endif /* CONFIG_NO_STDOUT_DEBUG */
118 extern int wpa_debug_level;
119 extern int wpa_debug_show_keys;
120 extern int wpa_debug_timestamp;
121 extern struct wpa_driver_ops *wpa_drivers[];
123 /* Configure default/group WEP keys for static WEP */
124 int wpa_set_wep_keys(struct wpa_supplicant *wpa_s, struct wpa_ssid *ssid)
128 for (i = 0; i < NUM_WEP_KEYS; i++) {
129 if (ssid->wep_key_len[i] == 0)
133 wpa_drv_set_key(wpa_s, WPA_ALG_WEP,
134 (u8 *) "\xff\xff\xff\xff\xff\xff",
135 i, i == ssid->wep_tx_keyidx, (u8 *) "", 0,
136 ssid->wep_key[i], ssid->wep_key_len[i]);
143 static int wpa_supplicant_set_wpa_none_key(struct wpa_supplicant *wpa_s,
144 struct wpa_ssid *ssid)
151 /* IBSS/WPA-None uses only one key (Group) for both receiving and
152 * sending unicast and multicast packets. */
154 if (ssid->mode != WPAS_MODE_IBSS) {
155 wpa_printf(MSG_INFO, "WPA: Invalid mode %d (not IBSS/ad-hoc) "
156 "for WPA-None", ssid->mode);
160 if (!ssid->psk_set) {
161 wpa_printf(MSG_INFO, "WPA: No PSK configured for WPA-None");
165 switch (wpa_s->group_cipher) {
166 case WPA_CIPHER_CCMP:
167 os_memcpy(key, ssid->psk, 16);
171 case WPA_CIPHER_TKIP:
172 /* WPA-None uses the same Michael MIC key for both TX and RX */
173 os_memcpy(key, ssid->psk, 16 + 8);
174 os_memcpy(key + 16 + 8, ssid->psk + 16, 8);
179 wpa_printf(MSG_INFO, "WPA: Invalid group cipher %d for "
180 "WPA-None", wpa_s->group_cipher);
184 /* TODO: should actually remember the previously used seq#, both for TX
185 * and RX from each STA.. */
187 return wpa_drv_set_key(wpa_s, alg, (u8 *) "\xff\xff\xff\xff\xff\xff",
188 0, 1, seq, 6, key, keylen);
192 static void wpa_supplicant_timeout(void *eloop_ctx, void *timeout_ctx)
194 struct wpa_supplicant *wpa_s = eloop_ctx;
195 const u8 *bssid = wpa_s->bssid;
196 if (is_zero_ether_addr(bssid))
197 bssid = wpa_s->pending_bssid;
198 wpa_msg(wpa_s, MSG_INFO, "Authentication with " MACSTR " timed out.",
200 wpa_blacklist_add(wpa_s, bssid);
201 wpa_sm_notify_disassoc(wpa_s->wpa);
202 wpa_supplicant_disassociate(wpa_s, WLAN_REASON_DEAUTH_LEAVING);
203 wpa_s->reassociate = 1;
204 wpa_supplicant_req_scan(wpa_s, 0, 0);
209 * wpa_supplicant_req_auth_timeout - Schedule a timeout for authentication
210 * @wpa_s: Pointer to wpa_supplicant data
211 * @sec: Number of seconds after which to time out authentication
212 * @usec: Number of microseconds after which to time out authentication
214 * This function is used to schedule a timeout for the current authentication
217 void wpa_supplicant_req_auth_timeout(struct wpa_supplicant *wpa_s,
220 if (wpa_s->conf && wpa_s->conf->ap_scan == 0 &&
221 (wpa_s->drv_flags & WPA_DRIVER_FLAGS_WIRED))
224 wpa_msg(wpa_s, MSG_DEBUG, "Setting authentication timeout: %d sec "
225 "%d usec", sec, usec);
226 eloop_cancel_timeout(wpa_supplicant_timeout, wpa_s, NULL);
227 eloop_register_timeout(sec, usec, wpa_supplicant_timeout, wpa_s, NULL);
232 * wpa_supplicant_cancel_auth_timeout - Cancel authentication timeout
233 * @wpa_s: Pointer to wpa_supplicant data
235 * This function is used to cancel authentication timeout scheduled with
236 * wpa_supplicant_req_auth_timeout() and it is called when authentication has
239 void wpa_supplicant_cancel_auth_timeout(struct wpa_supplicant *wpa_s)
241 wpa_msg(wpa_s, MSG_DEBUG, "Cancelling authentication timeout");
242 eloop_cancel_timeout(wpa_supplicant_timeout, wpa_s, NULL);
243 wpa_blacklist_del(wpa_s, wpa_s->bssid);
248 * wpa_supplicant_initiate_eapol - Configure EAPOL state machine
249 * @wpa_s: Pointer to wpa_supplicant data
251 * This function is used to configure EAPOL state machine based on the selected
252 * authentication mode.
254 void wpa_supplicant_initiate_eapol(struct wpa_supplicant *wpa_s)
256 #ifdef IEEE8021X_EAPOL
257 struct eapol_config eapol_conf;
258 struct wpa_ssid *ssid = wpa_s->current_ssid;
260 #ifdef CONFIG_IBSS_RSN
261 if (ssid->mode == WPAS_MODE_IBSS &&
262 wpa_s->key_mgmt != WPA_KEY_MGMT_NONE &&
263 wpa_s->key_mgmt != WPA_KEY_MGMT_WPA_NONE) {
265 * RSN IBSS authentication is per-STA and we can disable the
266 * per-BSSID EAPOL authentication.
268 eapol_sm_notify_portControl(wpa_s->eapol, ForceAuthorized);
269 eapol_sm_notify_eap_success(wpa_s->eapol, TRUE);
270 eapol_sm_notify_eap_fail(wpa_s->eapol, FALSE);
273 #endif /* CONFIG_IBSS_RSN */
275 eapol_sm_notify_eap_success(wpa_s->eapol, FALSE);
276 eapol_sm_notify_eap_fail(wpa_s->eapol, FALSE);
278 if (wpa_s->key_mgmt == WPA_KEY_MGMT_NONE ||
279 wpa_s->key_mgmt == WPA_KEY_MGMT_WPA_NONE)
280 eapol_sm_notify_portControl(wpa_s->eapol, ForceAuthorized);
282 eapol_sm_notify_portControl(wpa_s->eapol, Auto);
284 os_memset(&eapol_conf, 0, sizeof(eapol_conf));
285 if (wpa_s->key_mgmt == WPA_KEY_MGMT_IEEE8021X_NO_WPA) {
286 eapol_conf.accept_802_1x_keys = 1;
287 eapol_conf.required_keys = 0;
288 if (ssid->eapol_flags & EAPOL_FLAG_REQUIRE_KEY_UNICAST) {
289 eapol_conf.required_keys |= EAPOL_REQUIRE_KEY_UNICAST;
291 if (ssid->eapol_flags & EAPOL_FLAG_REQUIRE_KEY_BROADCAST) {
292 eapol_conf.required_keys |=
293 EAPOL_REQUIRE_KEY_BROADCAST;
296 if (wpa_s->conf && (wpa_s->drv_flags & WPA_DRIVER_FLAGS_WIRED))
297 eapol_conf.required_keys = 0;
300 eapol_conf.fast_reauth = wpa_s->conf->fast_reauth;
301 eapol_conf.workaround = ssid->eap_workaround;
302 eapol_conf.eap_disabled =
303 !wpa_key_mgmt_wpa_ieee8021x(wpa_s->key_mgmt) &&
304 wpa_s->key_mgmt != WPA_KEY_MGMT_IEEE8021X_NO_WPA &&
305 wpa_s->key_mgmt != WPA_KEY_MGMT_WPS;
306 eapol_sm_notify_config(wpa_s->eapol, &ssid->eap, &eapol_conf);
307 #endif /* IEEE8021X_EAPOL */
312 * wpa_supplicant_set_non_wpa_policy - Set WPA parameters to non-WPA mode
313 * @wpa_s: Pointer to wpa_supplicant data
314 * @ssid: Configuration data for the network
316 * This function is used to configure WPA state machine and related parameters
317 * to a mode where WPA is not enabled. This is called as part of the
318 * authentication configuration when the selected network does not use WPA.
320 void wpa_supplicant_set_non_wpa_policy(struct wpa_supplicant *wpa_s,
321 struct wpa_ssid *ssid)
325 if (ssid->key_mgmt & WPA_KEY_MGMT_WPS)
326 wpa_s->key_mgmt = WPA_KEY_MGMT_WPS;
327 else if (ssid->key_mgmt & WPA_KEY_MGMT_IEEE8021X_NO_WPA)
328 wpa_s->key_mgmt = WPA_KEY_MGMT_IEEE8021X_NO_WPA;
330 wpa_s->key_mgmt = WPA_KEY_MGMT_NONE;
331 wpa_sm_set_ap_wpa_ie(wpa_s->wpa, NULL, 0);
332 wpa_sm_set_ap_rsn_ie(wpa_s->wpa, NULL, 0);
333 wpa_sm_set_assoc_wpa_ie(wpa_s->wpa, NULL, 0);
334 wpa_s->pairwise_cipher = WPA_CIPHER_NONE;
335 wpa_s->group_cipher = WPA_CIPHER_NONE;
336 wpa_s->mgmt_group_cipher = 0;
338 for (i = 0; i < NUM_WEP_KEYS; i++) {
339 if (ssid->wep_key_len[i] > 5) {
340 wpa_s->pairwise_cipher = WPA_CIPHER_WEP104;
341 wpa_s->group_cipher = WPA_CIPHER_WEP104;
343 } else if (ssid->wep_key_len[i] > 0) {
344 wpa_s->pairwise_cipher = WPA_CIPHER_WEP40;
345 wpa_s->group_cipher = WPA_CIPHER_WEP40;
350 wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_RSN_ENABLED, 0);
351 wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_KEY_MGMT, wpa_s->key_mgmt);
352 wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_PAIRWISE,
353 wpa_s->pairwise_cipher);
354 wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_GROUP, wpa_s->group_cipher);
355 #ifdef CONFIG_IEEE80211W
356 wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_MGMT_GROUP,
357 wpa_s->mgmt_group_cipher);
358 #endif /* CONFIG_IEEE80211W */
360 pmksa_cache_clear_current(wpa_s->wpa);
364 static void wpa_supplicant_cleanup(struct wpa_supplicant *wpa_s)
366 bgscan_deinit(wpa_s);
367 scard_deinit(wpa_s->scard);
369 wpa_sm_set_scard_ctx(wpa_s->wpa, NULL);
370 eapol_sm_register_scard_ctx(wpa_s->eapol, NULL);
371 l2_packet_deinit(wpa_s->l2);
374 l2_packet_deinit(wpa_s->l2_br);
378 if (wpa_s->ctrl_iface) {
379 wpa_supplicant_ctrl_iface_deinit(wpa_s->ctrl_iface);
380 wpa_s->ctrl_iface = NULL;
382 if (wpa_s->conf != NULL) {
383 struct wpa_ssid *ssid;
384 for (ssid = wpa_s->conf->ssid; ssid; ssid = ssid->next)
385 wpas_notify_network_removed(wpa_s, ssid);
386 wpa_config_free(wpa_s->conf);
390 os_free(wpa_s->confname);
391 wpa_s->confname = NULL;
393 wpa_sm_set_eapol(wpa_s->wpa, NULL);
394 eapol_sm_deinit(wpa_s->eapol);
397 rsn_preauth_deinit(wpa_s->wpa);
399 pmksa_candidate_free(wpa_s->wpa);
400 wpa_sm_deinit(wpa_s->wpa);
402 wpa_blacklist_clear(wpa_s);
404 wpa_bss_deinit(wpa_s);
406 wpa_supplicant_cancel_scan(wpa_s);
407 wpa_supplicant_cancel_auth_timeout(wpa_s);
409 ieee80211_sta_deinit(wpa_s);
411 wpas_wps_deinit(wpa_s);
413 wpabuf_free(wpa_s->pending_eapol_rx);
414 wpa_s->pending_eapol_rx = NULL;
416 #ifdef CONFIG_IBSS_RSN
417 ibss_rsn_deinit(wpa_s->ibss_rsn);
418 wpa_s->ibss_rsn = NULL;
419 #endif /* CONFIG_IBSS_RSN */
422 os_free(wpa_s->sme.ft_ies);
423 wpa_s->sme.ft_ies = NULL;
424 wpa_s->sme.ft_ies_len = 0;
425 #endif /* CONFIG_SME */
428 wpa_supplicant_ap_deinit(wpa_s);
429 #endif /* CONFIG_AP */
434 * wpa_clear_keys - Clear keys configured for the driver
435 * @wpa_s: Pointer to wpa_supplicant data
436 * @addr: Previously used BSSID or %NULL if not available
438 * This function clears the encryption keys that has been previously configured
441 void wpa_clear_keys(struct wpa_supplicant *wpa_s, const u8 *addr)
443 u8 *bcast = (u8 *) "\xff\xff\xff\xff\xff\xff";
445 if (wpa_s->keys_cleared) {
446 /* Some drivers (e.g., ndiswrapper & NDIS drivers) seem to have
447 * timing issues with keys being cleared just before new keys
448 * are set or just after association or something similar. This
449 * shows up in group key handshake failing often because of the
450 * client not receiving the first encrypted packets correctly.
451 * Skipping some of the extra key clearing steps seems to help
452 * in completing group key handshake more reliably. */
453 wpa_printf(MSG_DEBUG, "No keys have been configured - "
454 "skip key clearing");
458 /* MLME-DELETEKEYS.request */
459 wpa_drv_set_key(wpa_s, WPA_ALG_NONE, bcast, 0, 0, NULL, 0, NULL, 0);
460 wpa_drv_set_key(wpa_s, WPA_ALG_NONE, bcast, 1, 0, NULL, 0, NULL, 0);
461 wpa_drv_set_key(wpa_s, WPA_ALG_NONE, bcast, 2, 0, NULL, 0, NULL, 0);
462 wpa_drv_set_key(wpa_s, WPA_ALG_NONE, bcast, 3, 0, NULL, 0, NULL, 0);
463 #ifdef CONFIG_IEEE80211W
464 wpa_drv_set_key(wpa_s, WPA_ALG_NONE, bcast, 4, 0, NULL, 0, NULL, 0);
465 wpa_drv_set_key(wpa_s, WPA_ALG_NONE, bcast, 5, 0, NULL, 0, NULL, 0);
466 #endif /* CONFIG_IEEE80211W */
468 wpa_drv_set_key(wpa_s, WPA_ALG_NONE, addr, 0, 0, NULL, 0, NULL,
470 /* MLME-SETPROTECTION.request(None) */
471 wpa_drv_mlme_setprotection(
473 MLME_SETPROTECTION_PROTECT_TYPE_NONE,
474 MLME_SETPROTECTION_KEY_TYPE_PAIRWISE);
476 wpa_s->keys_cleared = 1;
481 * wpa_supplicant_state_txt - Get the connection state name as a text string
482 * @state: State (wpa_state; WPA_*)
483 * Returns: The state name as a printable text string
485 const char * wpa_supplicant_state_txt(enum wpa_states state)
488 case WPA_DISCONNECTED:
489 return "DISCONNECTED";
494 case WPA_AUTHENTICATING:
495 return "AUTHENTICATING";
496 case WPA_ASSOCIATING:
497 return "ASSOCIATING";
500 case WPA_4WAY_HANDSHAKE:
501 return "4WAY_HANDSHAKE";
502 case WPA_GROUP_HANDSHAKE:
503 return "GROUP_HANDSHAKE";
513 * wpa_supplicant_set_state - Set current connection state
514 * @wpa_s: Pointer to wpa_supplicant data
515 * @state: The new connection state
517 * This function is called whenever the connection state changes, e.g.,
518 * association is completed for WPA/WPA2 4-Way Handshake is started.
520 void wpa_supplicant_set_state(struct wpa_supplicant *wpa_s,
521 enum wpa_states state)
523 enum wpa_states old_state = wpa_s->wpa_state;
525 wpa_printf(MSG_DEBUG, "State: %s -> %s",
526 wpa_supplicant_state_txt(wpa_s->wpa_state),
527 wpa_supplicant_state_txt(state));
529 if (state != WPA_SCANNING)
530 wpa_supplicant_notify_scanning(wpa_s, 0);
532 if (state == WPA_COMPLETED && wpa_s->new_connection) {
533 #if defined(CONFIG_CTRL_IFACE) || !defined(CONFIG_NO_STDOUT_DEBUG)
534 struct wpa_ssid *ssid = wpa_s->current_ssid;
535 wpa_msg(wpa_s, MSG_INFO, WPA_EVENT_CONNECTED "- Connection to "
536 MACSTR " completed %s [id=%d id_str=%s]",
537 MAC2STR(wpa_s->bssid), wpa_s->reassociated_connection ?
538 "(reauth)" : "(auth)",
539 ssid ? ssid->id : -1,
540 ssid && ssid->id_str ? ssid->id_str : "");
541 #endif /* CONFIG_CTRL_IFACE || !CONFIG_NO_STDOUT_DEBUG */
542 wpa_s->new_connection = 0;
543 wpa_s->reassociated_connection = 1;
544 wpa_drv_set_operstate(wpa_s, 1);
545 } else if (state == WPA_DISCONNECTED || state == WPA_ASSOCIATING ||
546 state == WPA_ASSOCIATED) {
547 wpa_s->new_connection = 1;
548 wpa_drv_set_operstate(wpa_s, 0);
550 wpa_s->wpa_state = state;
552 if (wpa_s->wpa_state != old_state)
553 wpas_notify_state_changed(wpa_s, wpa_s->wpa_state, old_state);
557 void wpa_supplicant_terminate_proc(struct wpa_global *global)
561 struct wpa_supplicant *wpa_s = global->ifaces;
563 if (wpas_wps_terminate_pending(wpa_s) == 1)
567 #endif /* CONFIG_WPS */
574 static void wpa_supplicant_terminate(int sig, void *signal_ctx)
576 struct wpa_global *global = signal_ctx;
577 struct wpa_supplicant *wpa_s;
578 for (wpa_s = global->ifaces; wpa_s; wpa_s = wpa_s->next) {
579 wpa_msg(wpa_s, MSG_INFO, WPA_EVENT_TERMINATING "- signal %d "
582 wpa_supplicant_terminate_proc(global);
586 static void wpa_supplicant_clear_status(struct wpa_supplicant *wpa_s)
588 enum wpa_states old_state = wpa_s->wpa_state;
590 wpa_s->pairwise_cipher = 0;
591 wpa_s->group_cipher = 0;
592 wpa_s->mgmt_group_cipher = 0;
594 wpa_s->wpa_state = WPA_DISCONNECTED;
596 if (wpa_s->wpa_state != old_state)
597 wpas_notify_state_changed(wpa_s, wpa_s->wpa_state, old_state);
602 * wpa_supplicant_reload_configuration - Reload configuration data
603 * @wpa_s: Pointer to wpa_supplicant data
604 * Returns: 0 on success or -1 if configuration parsing failed
606 * This function can be used to request that the configuration data is reloaded
607 * (e.g., after configuration file change). This function is reloading
608 * configuration only for one interface, so this may need to be called multiple
609 * times if %wpa_supplicant is controlling multiple interfaces and all
610 * interfaces need reconfiguration.
612 int wpa_supplicant_reload_configuration(struct wpa_supplicant *wpa_s)
614 struct wpa_config *conf;
615 struct wpa_ssid *old_ssid;
619 if (wpa_s->confname == NULL)
621 conf = wpa_config_read(wpa_s->confname);
623 wpa_msg(wpa_s, MSG_ERROR, "Failed to parse the configuration "
624 "file '%s' - exiting", wpa_s->confname);
628 reconf_ctrl = !!conf->ctrl_interface != !!wpa_s->conf->ctrl_interface
629 || (conf->ctrl_interface && wpa_s->conf->ctrl_interface &&
630 os_strcmp(conf->ctrl_interface,
631 wpa_s->conf->ctrl_interface) != 0);
633 if (reconf_ctrl && wpa_s->ctrl_iface) {
634 wpa_supplicant_ctrl_iface_deinit(wpa_s->ctrl_iface);
635 wpa_s->ctrl_iface = NULL;
638 eapol_sm_invalidate_cached_session(wpa_s->eapol);
639 old_ssid = wpa_s->current_ssid;
640 wpa_s->current_ssid = NULL;
641 if (old_ssid != wpa_s->current_ssid)
642 wpas_notify_network_changed(wpa_s);
645 * TODO: should notify EAPOL SM about changes in opensc_engine_path,
646 * pkcs11_engine_path, pkcs11_module_path.
648 if (wpa_key_mgmt_wpa_psk(wpa_s->key_mgmt)) {
650 * Clear forced success to clear EAP state for next
653 eapol_sm_notify_eap_success(wpa_s->eapol, FALSE);
655 eapol_sm_notify_config(wpa_s->eapol, NULL, NULL);
656 wpa_sm_set_config(wpa_s->wpa, NULL);
657 wpa_sm_set_fast_reauth(wpa_s->wpa, wpa_s->conf->fast_reauth);
658 rsn_preauth_deinit(wpa_s->wpa);
660 old_ap_scan = wpa_s->conf->ap_scan;
661 wpa_config_free(wpa_s->conf);
663 if (old_ap_scan != wpa_s->conf->ap_scan)
664 wpas_notify_ap_scan_changed(wpa_s);
667 wpa_s->ctrl_iface = wpa_supplicant_ctrl_iface_init(wpa_s);
669 wpa_supplicant_clear_status(wpa_s);
670 wpa_s->reassociate = 1;
671 wpa_supplicant_req_scan(wpa_s, 0, 0);
672 wpa_msg(wpa_s, MSG_DEBUG, "Reconfiguration completed");
677 static void wpa_supplicant_reconfig(int sig, void *signal_ctx)
679 struct wpa_global *global = signal_ctx;
680 struct wpa_supplicant *wpa_s;
681 wpa_printf(MSG_DEBUG, "Signal %d received - reconfiguring", sig);
682 for (wpa_s = global->ifaces; wpa_s; wpa_s = wpa_s->next) {
683 if (wpa_supplicant_reload_configuration(wpa_s) < 0) {
684 wpa_supplicant_terminate_proc(global);
690 static enum wpa_cipher cipher_suite2driver(int cipher)
693 case WPA_CIPHER_NONE:
695 case WPA_CIPHER_WEP40:
697 case WPA_CIPHER_WEP104:
698 return CIPHER_WEP104;
699 case WPA_CIPHER_CCMP:
701 case WPA_CIPHER_TKIP:
708 static enum wpa_key_mgmt key_mgmt2driver(int key_mgmt)
711 case WPA_KEY_MGMT_NONE:
712 return KEY_MGMT_NONE;
713 case WPA_KEY_MGMT_IEEE8021X_NO_WPA:
714 return KEY_MGMT_802_1X_NO_WPA;
715 case WPA_KEY_MGMT_IEEE8021X:
716 return KEY_MGMT_802_1X;
717 case WPA_KEY_MGMT_WPA_NONE:
718 return KEY_MGMT_WPA_NONE;
719 case WPA_KEY_MGMT_FT_IEEE8021X:
720 return KEY_MGMT_FT_802_1X;
721 case WPA_KEY_MGMT_FT_PSK:
722 return KEY_MGMT_FT_PSK;
723 case WPA_KEY_MGMT_IEEE8021X_SHA256:
724 return KEY_MGMT_802_1X_SHA256;
725 case WPA_KEY_MGMT_PSK_SHA256:
726 return KEY_MGMT_PSK_SHA256;
727 case WPA_KEY_MGMT_WPS:
729 case WPA_KEY_MGMT_PSK:
736 static int wpa_supplicant_suites_from_ai(struct wpa_supplicant *wpa_s,
737 struct wpa_ssid *ssid,
738 struct wpa_ie_data *ie)
740 int ret = wpa_sm_parse_own_wpa_ie(wpa_s->wpa, ie);
743 wpa_msg(wpa_s, MSG_INFO, "WPA: Failed to parse WPA IE "
744 "from association info");
749 wpa_printf(MSG_DEBUG, "WPA: Using WPA IE from AssocReq to set cipher "
751 if (!(ie->group_cipher & ssid->group_cipher)) {
752 wpa_msg(wpa_s, MSG_INFO, "WPA: Driver used disabled group "
753 "cipher 0x%x (mask 0x%x) - reject",
754 ie->group_cipher, ssid->group_cipher);
757 if (!(ie->pairwise_cipher & ssid->pairwise_cipher)) {
758 wpa_msg(wpa_s, MSG_INFO, "WPA: Driver used disabled pairwise "
759 "cipher 0x%x (mask 0x%x) - reject",
760 ie->pairwise_cipher, ssid->pairwise_cipher);
763 if (!(ie->key_mgmt & ssid->key_mgmt)) {
764 wpa_msg(wpa_s, MSG_INFO, "WPA: Driver used disabled key "
765 "management 0x%x (mask 0x%x) - reject",
766 ie->key_mgmt, ssid->key_mgmt);
770 #ifdef CONFIG_IEEE80211W
771 if (!(ie->capabilities & WPA_CAPABILITY_MFPC) &&
772 ssid->ieee80211w == MGMT_FRAME_PROTECTION_REQUIRED) {
773 wpa_msg(wpa_s, MSG_INFO, "WPA: Driver associated with an AP "
774 "that does not support management frame protection - "
778 #endif /* CONFIG_IEEE80211W */
785 * wpa_supplicant_set_suites - Set authentication and encryption parameters
786 * @wpa_s: Pointer to wpa_supplicant data
787 * @bss: Scan results for the selected BSS, or %NULL if not available
788 * @ssid: Configuration data for the selected network
789 * @wpa_ie: Buffer for the WPA/RSN IE
790 * @wpa_ie_len: Maximum wpa_ie buffer size on input. This is changed to be the
791 * used buffer length in case the functions returns success.
792 * Returns: 0 on success or -1 on failure
794 * This function is used to configure authentication and encryption parameters
795 * based on the network configuration and scan result for the selected BSS (if
798 int wpa_supplicant_set_suites(struct wpa_supplicant *wpa_s,
799 struct wpa_bss *bss, struct wpa_ssid *ssid,
800 u8 *wpa_ie, size_t *wpa_ie_len)
802 struct wpa_ie_data ie;
804 const u8 *bss_wpa, *bss_rsn;
807 bss_wpa = wpa_bss_get_vendor_ie(bss, WPA_IE_VENDOR_TYPE);
808 bss_rsn = wpa_bss_get_ie(bss, WLAN_EID_RSN);
810 bss_wpa = bss_rsn = NULL;
812 if (bss_rsn && (ssid->proto & WPA_PROTO_RSN) &&
813 wpa_parse_wpa_ie(bss_rsn, 2 + bss_rsn[1], &ie) == 0 &&
814 (ie.group_cipher & ssid->group_cipher) &&
815 (ie.pairwise_cipher & ssid->pairwise_cipher) &&
816 (ie.key_mgmt & ssid->key_mgmt)) {
817 wpa_msg(wpa_s, MSG_DEBUG, "RSN: using IEEE 802.11i/D9.0");
818 proto = WPA_PROTO_RSN;
819 } else if (bss_wpa && (ssid->proto & WPA_PROTO_WPA) &&
820 wpa_parse_wpa_ie(bss_wpa, 2 +bss_wpa[1], &ie) == 0 &&
821 (ie.group_cipher & ssid->group_cipher) &&
822 (ie.pairwise_cipher & ssid->pairwise_cipher) &&
823 (ie.key_mgmt & ssid->key_mgmt)) {
824 wpa_msg(wpa_s, MSG_DEBUG, "WPA: using IEEE 802.11i/D3.0");
825 proto = WPA_PROTO_WPA;
827 wpa_msg(wpa_s, MSG_WARNING, "WPA: Failed to select WPA/RSN");
830 if (ssid->proto & WPA_PROTO_RSN)
831 proto = WPA_PROTO_RSN;
833 proto = WPA_PROTO_WPA;
834 if (wpa_supplicant_suites_from_ai(wpa_s, ssid, &ie) < 0) {
835 os_memset(&ie, 0, sizeof(ie));
836 ie.group_cipher = ssid->group_cipher;
837 ie.pairwise_cipher = ssid->pairwise_cipher;
838 ie.key_mgmt = ssid->key_mgmt;
839 #ifdef CONFIG_IEEE80211W
840 ie.mgmt_group_cipher =
841 ssid->ieee80211w != NO_MGMT_FRAME_PROTECTION ?
842 WPA_CIPHER_AES_128_CMAC : 0;
843 #endif /* CONFIG_IEEE80211W */
844 wpa_printf(MSG_DEBUG, "WPA: Set cipher suites based "
850 wpa_printf(MSG_DEBUG, "WPA: Selected cipher suites: group %d "
851 "pairwise %d key_mgmt %d proto %d",
852 ie.group_cipher, ie.pairwise_cipher, ie.key_mgmt, proto);
853 #ifdef CONFIG_IEEE80211W
854 if (ssid->ieee80211w) {
855 wpa_printf(MSG_DEBUG, "WPA: Selected mgmt group cipher %d",
856 ie.mgmt_group_cipher);
858 #endif /* CONFIG_IEEE80211W */
860 wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_PROTO, proto);
861 wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_RSN_ENABLED,
862 !!(ssid->proto & WPA_PROTO_RSN));
864 if (bss || !wpa_s->ap_ies_from_associnfo) {
865 if (wpa_sm_set_ap_wpa_ie(wpa_s->wpa, bss_wpa,
866 bss_wpa ? 2 + bss_wpa[1] : 0) ||
867 wpa_sm_set_ap_rsn_ie(wpa_s->wpa, bss_rsn,
868 bss_rsn ? 2 + bss_rsn[1] : 0))
872 sel = ie.group_cipher & ssid->group_cipher;
873 if (sel & WPA_CIPHER_CCMP) {
874 wpa_s->group_cipher = WPA_CIPHER_CCMP;
875 wpa_msg(wpa_s, MSG_DEBUG, "WPA: using GTK CCMP");
876 } else if (sel & WPA_CIPHER_TKIP) {
877 wpa_s->group_cipher = WPA_CIPHER_TKIP;
878 wpa_msg(wpa_s, MSG_DEBUG, "WPA: using GTK TKIP");
879 } else if (sel & WPA_CIPHER_WEP104) {
880 wpa_s->group_cipher = WPA_CIPHER_WEP104;
881 wpa_msg(wpa_s, MSG_DEBUG, "WPA: using GTK WEP104");
882 } else if (sel & WPA_CIPHER_WEP40) {
883 wpa_s->group_cipher = WPA_CIPHER_WEP40;
884 wpa_msg(wpa_s, MSG_DEBUG, "WPA: using GTK WEP40");
886 wpa_printf(MSG_WARNING, "WPA: Failed to select group cipher.");
890 sel = ie.pairwise_cipher & ssid->pairwise_cipher;
891 if (sel & WPA_CIPHER_CCMP) {
892 wpa_s->pairwise_cipher = WPA_CIPHER_CCMP;
893 wpa_msg(wpa_s, MSG_DEBUG, "WPA: using PTK CCMP");
894 } else if (sel & WPA_CIPHER_TKIP) {
895 wpa_s->pairwise_cipher = WPA_CIPHER_TKIP;
896 wpa_msg(wpa_s, MSG_DEBUG, "WPA: using PTK TKIP");
897 } else if (sel & WPA_CIPHER_NONE) {
898 wpa_s->pairwise_cipher = WPA_CIPHER_NONE;
899 wpa_msg(wpa_s, MSG_DEBUG, "WPA: using PTK NONE");
901 wpa_printf(MSG_WARNING, "WPA: Failed to select pairwise "
906 sel = ie.key_mgmt & ssid->key_mgmt;
908 #ifdef CONFIG_IEEE80211R
909 } else if (sel & WPA_KEY_MGMT_FT_IEEE8021X) {
910 wpa_s->key_mgmt = WPA_KEY_MGMT_FT_IEEE8021X;
911 wpa_msg(wpa_s, MSG_DEBUG, "WPA: using KEY_MGMT FT/802.1X");
912 } else if (sel & WPA_KEY_MGMT_FT_PSK) {
913 wpa_s->key_mgmt = WPA_KEY_MGMT_FT_PSK;
914 wpa_msg(wpa_s, MSG_DEBUG, "WPA: using KEY_MGMT FT/PSK");
915 #endif /* CONFIG_IEEE80211R */
916 #ifdef CONFIG_IEEE80211W
917 } else if (sel & WPA_KEY_MGMT_IEEE8021X_SHA256) {
918 wpa_s->key_mgmt = WPA_KEY_MGMT_IEEE8021X_SHA256;
919 wpa_msg(wpa_s, MSG_DEBUG,
920 "WPA: using KEY_MGMT 802.1X with SHA256");
921 } else if (sel & WPA_KEY_MGMT_PSK_SHA256) {
922 wpa_s->key_mgmt = WPA_KEY_MGMT_PSK_SHA256;
923 wpa_msg(wpa_s, MSG_DEBUG,
924 "WPA: using KEY_MGMT PSK with SHA256");
925 #endif /* CONFIG_IEEE80211W */
926 } else if (sel & WPA_KEY_MGMT_IEEE8021X) {
927 wpa_s->key_mgmt = WPA_KEY_MGMT_IEEE8021X;
928 wpa_msg(wpa_s, MSG_DEBUG, "WPA: using KEY_MGMT 802.1X");
929 } else if (sel & WPA_KEY_MGMT_PSK) {
930 wpa_s->key_mgmt = WPA_KEY_MGMT_PSK;
931 wpa_msg(wpa_s, MSG_DEBUG, "WPA: using KEY_MGMT WPA-PSK");
932 } else if (sel & WPA_KEY_MGMT_WPA_NONE) {
933 wpa_s->key_mgmt = WPA_KEY_MGMT_WPA_NONE;
934 wpa_msg(wpa_s, MSG_DEBUG, "WPA: using KEY_MGMT WPA-NONE");
936 wpa_printf(MSG_WARNING, "WPA: Failed to select authenticated "
937 "key management type.");
941 wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_KEY_MGMT, wpa_s->key_mgmt);
942 wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_PAIRWISE,
943 wpa_s->pairwise_cipher);
944 wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_GROUP, wpa_s->group_cipher);
946 #ifdef CONFIG_IEEE80211W
947 sel = ie.mgmt_group_cipher;
948 if (ssid->ieee80211w == NO_MGMT_FRAME_PROTECTION ||
949 !(ie.capabilities & WPA_CAPABILITY_MFPC))
951 if (sel & WPA_CIPHER_AES_128_CMAC) {
952 wpa_s->mgmt_group_cipher = WPA_CIPHER_AES_128_CMAC;
953 wpa_msg(wpa_s, MSG_DEBUG, "WPA: using MGMT group cipher "
956 wpa_s->mgmt_group_cipher = 0;
957 wpa_msg(wpa_s, MSG_DEBUG, "WPA: not using MGMT group cipher");
959 wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_MGMT_GROUP,
960 wpa_s->mgmt_group_cipher);
961 wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_MFP, ssid->ieee80211w);
962 #endif /* CONFIG_IEEE80211W */
964 if (wpa_sm_set_assoc_wpa_ie_default(wpa_s->wpa, wpa_ie, wpa_ie_len)) {
965 wpa_printf(MSG_WARNING, "WPA: Failed to generate WPA IE.");
970 (WPA_KEY_MGMT_PSK | WPA_KEY_MGMT_FT_PSK | WPA_KEY_MGMT_PSK_SHA256))
971 wpa_sm_set_pmk(wpa_s->wpa, ssid->psk, PMK_LEN);
973 wpa_sm_set_pmk_from_pmksa(wpa_s->wpa);
980 * wpa_supplicant_associate - Request association
981 * @wpa_s: Pointer to wpa_supplicant data
982 * @bss: Scan results for the selected BSS, or %NULL if not available
983 * @ssid: Configuration data for the selected network
985 * This function is used to request %wpa_supplicant to associate with a BSS.
987 void wpa_supplicant_associate(struct wpa_supplicant *wpa_s,
988 struct wpa_bss *bss, struct wpa_ssid *ssid)
992 int use_crypt, ret, i, bssid_changed;
993 int algs = WPA_AUTH_ALG_OPEN;
994 enum wpa_cipher cipher_pairwise, cipher_group;
995 struct wpa_driver_associate_params params;
996 int wep_keys_set = 0;
997 struct wpa_driver_capa capa;
998 int assoc_failed = 0;
999 struct wpa_ssid *old_ssid;
1001 if (ssid->mode == WPAS_MODE_AP) {
1003 if (!(wpa_s->drv_flags & WPA_DRIVER_FLAGS_AP)) {
1004 wpa_printf(MSG_INFO, "Driver does not support AP "
1008 wpa_supplicant_create_ap(wpa_s, ssid);
1009 wpa_s->current_bss = bss;
1010 #else /* CONFIG_AP */
1011 wpa_printf(MSG_ERROR, "AP mode support not included in the "
1013 #endif /* CONFIG_AP */
1017 if ((wpa_s->drv_flags & WPA_DRIVER_FLAGS_SME) &&
1018 ssid->mode == IEEE80211_MODE_INFRA) {
1019 sme_authenticate(wpa_s, bss, ssid);
1023 wpa_s->reassociate = 0;
1025 #ifdef CONFIG_IEEE80211R
1026 const u8 *ie, *md = NULL;
1027 #endif /* CONFIG_IEEE80211R */
1028 wpa_msg(wpa_s, MSG_INFO, "Trying to associate with " MACSTR
1029 " (SSID='%s' freq=%d MHz)", MAC2STR(bss->bssid),
1030 wpa_ssid_txt(bss->ssid, bss->ssid_len), bss->freq);
1031 bssid_changed = !is_zero_ether_addr(wpa_s->bssid);
1032 os_memset(wpa_s->bssid, 0, ETH_ALEN);
1033 os_memcpy(wpa_s->pending_bssid, bss->bssid, ETH_ALEN);
1035 wpas_notify_bssid_changed(wpa_s);
1036 #ifdef CONFIG_IEEE80211R
1037 ie = wpa_bss_get_ie(bss, WLAN_EID_MOBILITY_DOMAIN);
1038 if (ie && ie[1] >= MOBILITY_DOMAIN_ID_LEN)
1040 wpa_sm_set_ft_params(wpa_s->wpa, ie, ie ? 2 + ie[1] : 0);
1042 /* Prepare for the next transition */
1043 wpa_ft_prepare_auth_request(wpa_s->wpa, ie);
1045 #endif /* CONFIG_IEEE80211R */
1047 } else if ((ssid->ssid == NULL || ssid->ssid_len == 0) &&
1048 wpa_s->conf->ap_scan == 2 &&
1049 (ssid->key_mgmt & WPA_KEY_MGMT_WPS)) {
1050 /* Use ap_scan==1 style network selection to find the network
1052 wpa_s->scan_req = 2;
1053 wpa_s->reassociate = 1;
1054 wpa_supplicant_req_scan(wpa_s, 0, 0);
1056 #endif /* CONFIG_WPS */
1058 wpa_msg(wpa_s, MSG_INFO, "Trying to associate with SSID '%s'",
1059 wpa_ssid_txt(ssid->ssid, ssid->ssid_len));
1060 os_memset(wpa_s->pending_bssid, 0, ETH_ALEN);
1062 wpa_supplicant_cancel_scan(wpa_s);
1064 /* Starting new association, so clear the possibly used WPA IE from the
1065 * previous association. */
1066 wpa_sm_set_assoc_wpa_ie(wpa_s->wpa, NULL, 0);
1068 #ifdef IEEE8021X_EAPOL
1069 if (ssid->key_mgmt & WPA_KEY_MGMT_IEEE8021X_NO_WPA) {
1071 if (ssid->non_leap == 0)
1072 algs = WPA_AUTH_ALG_LEAP;
1074 algs |= WPA_AUTH_ALG_LEAP;
1077 #endif /* IEEE8021X_EAPOL */
1078 wpa_printf(MSG_DEBUG, "Automatic auth_alg selection: 0x%x", algs);
1079 if (ssid->auth_alg) {
1080 algs = ssid->auth_alg;
1081 wpa_printf(MSG_DEBUG, "Overriding auth_alg selection: 0x%x",
1085 if (bss && (wpa_bss_get_vendor_ie(bss, WPA_IE_VENDOR_TYPE) ||
1086 wpa_bss_get_ie(bss, WLAN_EID_RSN)) &&
1087 (ssid->key_mgmt & (WPA_KEY_MGMT_IEEE8021X | WPA_KEY_MGMT_PSK |
1088 WPA_KEY_MGMT_FT_IEEE8021X |
1089 WPA_KEY_MGMT_FT_PSK |
1090 WPA_KEY_MGMT_IEEE8021X_SHA256 |
1091 WPA_KEY_MGMT_PSK_SHA256))) {
1092 int try_opportunistic;
1093 try_opportunistic = ssid->proactive_key_caching &&
1094 (ssid->proto & WPA_PROTO_RSN);
1095 if (pmksa_cache_set_current(wpa_s->wpa, NULL, bss->bssid,
1096 wpa_s->current_ssid,
1097 try_opportunistic) == 0)
1098 eapol_sm_notify_pmkid_attempt(wpa_s->eapol, 1);
1099 wpa_ie_len = sizeof(wpa_ie);
1100 if (wpa_supplicant_set_suites(wpa_s, bss, ssid,
1101 wpa_ie, &wpa_ie_len)) {
1102 wpa_printf(MSG_WARNING, "WPA: Failed to set WPA key "
1103 "management and encryption suites");
1106 } else if (ssid->key_mgmt &
1107 (WPA_KEY_MGMT_PSK | WPA_KEY_MGMT_IEEE8021X |
1108 WPA_KEY_MGMT_WPA_NONE | WPA_KEY_MGMT_FT_PSK |
1109 WPA_KEY_MGMT_FT_IEEE8021X | WPA_KEY_MGMT_PSK_SHA256 |
1110 WPA_KEY_MGMT_IEEE8021X_SHA256)) {
1111 wpa_ie_len = sizeof(wpa_ie);
1112 if (wpa_supplicant_set_suites(wpa_s, NULL, ssid,
1113 wpa_ie, &wpa_ie_len)) {
1114 wpa_printf(MSG_WARNING, "WPA: Failed to set WPA key "
1115 "management and encryption suites (no scan "
1120 } else if (ssid->key_mgmt & WPA_KEY_MGMT_WPS) {
1121 struct wpabuf *wps_ie;
1122 wps_ie = wps_build_assoc_req_ie(wpas_wps_get_req_type(ssid));
1123 if (wps_ie && wpabuf_len(wps_ie) <= sizeof(wpa_ie)) {
1124 wpa_ie_len = wpabuf_len(wps_ie);
1125 os_memcpy(wpa_ie, wpabuf_head(wps_ie), wpa_ie_len);
1128 wpabuf_free(wps_ie);
1129 wpa_supplicant_set_non_wpa_policy(wpa_s, ssid);
1130 #endif /* CONFIG_WPS */
1132 wpa_supplicant_set_non_wpa_policy(wpa_s, ssid);
1136 wpa_clear_keys(wpa_s, bss ? bss->bssid : NULL);
1138 cipher_pairwise = cipher_suite2driver(wpa_s->pairwise_cipher);
1139 cipher_group = cipher_suite2driver(wpa_s->group_cipher);
1140 if (wpa_s->key_mgmt == WPA_KEY_MGMT_NONE ||
1141 wpa_s->key_mgmt == WPA_KEY_MGMT_IEEE8021X_NO_WPA) {
1142 if (wpa_s->key_mgmt == WPA_KEY_MGMT_NONE)
1144 if (wpa_set_wep_keys(wpa_s, ssid)) {
1149 if (wpa_s->key_mgmt == WPA_KEY_MGMT_WPS)
1152 #ifdef IEEE8021X_EAPOL
1153 if (wpa_s->key_mgmt == WPA_KEY_MGMT_IEEE8021X_NO_WPA) {
1154 if ((ssid->eapol_flags &
1155 (EAPOL_FLAG_REQUIRE_KEY_UNICAST |
1156 EAPOL_FLAG_REQUIRE_KEY_BROADCAST)) == 0 &&
1160 /* Assume that dynamic WEP-104 keys will be used and
1161 * set cipher suites in order for drivers to expect
1163 cipher_pairwise = cipher_group = CIPHER_WEP104;
1166 #endif /* IEEE8021X_EAPOL */
1168 if (wpa_s->key_mgmt == WPA_KEY_MGMT_WPA_NONE) {
1169 /* Set the key before (and later after) association */
1170 wpa_supplicant_set_wpa_none_key(wpa_s, ssid);
1173 wpa_supplicant_set_state(wpa_s, WPA_ASSOCIATING);
1174 os_memset(¶ms, 0, sizeof(params));
1176 params.bssid = bss->bssid;
1177 params.ssid = bss->ssid;
1178 params.ssid_len = bss->ssid_len;
1179 params.freq = bss->freq;
1181 params.ssid = ssid->ssid;
1182 params.ssid_len = ssid->ssid_len;
1184 if (ssid->mode == WPAS_MODE_IBSS && ssid->frequency > 0 &&
1186 params.freq = ssid->frequency; /* Initial channel for IBSS */
1187 params.wpa_ie = wpa_ie;
1188 params.wpa_ie_len = wpa_ie_len;
1189 params.pairwise_suite = cipher_pairwise;
1190 params.group_suite = cipher_group;
1191 params.key_mgmt_suite = key_mgmt2driver(wpa_s->key_mgmt);
1192 params.auth_alg = algs;
1193 params.mode = ssid->mode;
1194 for (i = 0; i < NUM_WEP_KEYS; i++) {
1195 if (ssid->wep_key_len[i])
1196 params.wep_key[i] = ssid->wep_key[i];
1197 params.wep_key_len[i] = ssid->wep_key_len[i];
1199 params.wep_tx_keyidx = ssid->wep_tx_keyidx;
1201 if ((wpa_s->drv_flags & WPA_DRIVER_FLAGS_4WAY_HANDSHAKE) &&
1202 (params.key_mgmt_suite == KEY_MGMT_PSK ||
1203 params.key_mgmt_suite == KEY_MGMT_FT_PSK)) {
1204 params.passphrase = ssid->passphrase;
1206 params.psk = ssid->psk;
1209 params.drop_unencrypted = use_crypt;
1211 #ifdef CONFIG_IEEE80211W
1212 params.mgmt_frame_protection = ssid->ieee80211w;
1213 if (ssid->ieee80211w != NO_MGMT_FRAME_PROTECTION && bss) {
1214 const u8 *rsn = wpa_bss_get_ie(bss, WLAN_EID_RSN);
1215 struct wpa_ie_data ie;
1216 if (rsn && wpa_parse_wpa_ie(rsn, 2 + rsn[1], &ie) == 0 &&
1218 (WPA_CAPABILITY_MFPC | WPA_CAPABILITY_MFPR)) {
1219 wpa_printf(MSG_DEBUG, "WPA: Selected AP supports MFP: "
1221 params.mgmt_frame_protection =
1222 MGMT_FRAME_PROTECTION_REQUIRED;
1225 #endif /* CONFIG_IEEE80211W */
1227 if (wpa_s->drv_flags & WPA_DRIVER_FLAGS_USER_SPACE_MLME)
1228 ret = ieee80211_sta_associate(wpa_s, ¶ms);
1230 ret = wpa_drv_associate(wpa_s, ¶ms);
1232 wpa_msg(wpa_s, MSG_INFO, "Association request to the driver "
1234 /* try to continue anyway; new association will be tried again
1239 if (wpa_s->key_mgmt == WPA_KEY_MGMT_WPA_NONE) {
1240 /* Set the key after the association just in case association
1241 * cleared the previously configured key. */
1242 wpa_supplicant_set_wpa_none_key(wpa_s, ssid);
1243 /* No need to timeout authentication since there is no key
1245 wpa_supplicant_cancel_auth_timeout(wpa_s);
1246 wpa_supplicant_set_state(wpa_s, WPA_COMPLETED);
1247 #ifdef CONFIG_IBSS_RSN
1248 } else if (ssid->mode == WPAS_MODE_IBSS &&
1249 wpa_s->key_mgmt != WPA_KEY_MGMT_NONE &&
1250 wpa_s->key_mgmt != WPA_KEY_MGMT_WPA_NONE) {
1251 ibss_rsn_set_psk(wpa_s->ibss_rsn, ssid->psk);
1253 * RSN IBSS authentication is per-STA and we can disable the
1254 * per-BSSID authentication.
1256 wpa_supplicant_cancel_auth_timeout(wpa_s);
1257 #endif /* CONFIG_IBSS_RSN */
1259 /* Timeout for IEEE 802.11 authentication and association */
1263 /* give IBSS a bit more time */
1264 timeout = ssid->mode == WPAS_MODE_IBSS ? 10 : 5;
1265 } else if (wpa_s->conf->ap_scan == 1) {
1266 /* give IBSS a bit more time */
1267 timeout = ssid->mode == WPAS_MODE_IBSS ? 20 : 10;
1269 wpa_supplicant_req_auth_timeout(wpa_s, timeout, 0);
1272 if (wep_keys_set && wpa_drv_get_capa(wpa_s, &capa) == 0 &&
1273 capa.flags & WPA_DRIVER_FLAGS_SET_KEYS_AFTER_ASSOC) {
1274 /* Set static WEP keys again */
1275 wpa_set_wep_keys(wpa_s, ssid);
1278 if (wpa_s->current_ssid && wpa_s->current_ssid != ssid) {
1280 * Do not allow EAP session resumption between different
1281 * network configurations.
1283 eapol_sm_invalidate_cached_session(wpa_s->eapol);
1285 old_ssid = wpa_s->current_ssid;
1286 wpa_s->current_ssid = ssid;
1287 wpa_s->current_bss = bss;
1288 wpa_supplicant_rsn_supp_set_config(wpa_s, wpa_s->current_ssid);
1289 wpa_supplicant_initiate_eapol(wpa_s);
1290 if (old_ssid != wpa_s->current_ssid)
1291 wpas_notify_network_changed(wpa_s);
1296 * wpa_supplicant_disassociate - Disassociate the current connection
1297 * @wpa_s: Pointer to wpa_supplicant data
1298 * @reason_code: IEEE 802.11 reason code for the disassociate frame
1300 * This function is used to request %wpa_supplicant to disassociate with the
1303 void wpa_supplicant_disassociate(struct wpa_supplicant *wpa_s,
1306 struct wpa_ssid *old_ssid;
1309 if (!is_zero_ether_addr(wpa_s->bssid)) {
1310 if (wpa_s->drv_flags & WPA_DRIVER_FLAGS_USER_SPACE_MLME)
1311 ieee80211_sta_disassociate(wpa_s, reason_code);
1313 wpa_drv_disassociate(wpa_s, wpa_s->bssid, reason_code);
1314 addr = wpa_s->bssid;
1316 wpa_clear_keys(wpa_s, addr);
1317 wpa_supplicant_mark_disassoc(wpa_s);
1318 old_ssid = wpa_s->current_ssid;
1319 wpa_s->current_ssid = NULL;
1320 wpa_s->current_bss = NULL;
1321 wpa_sm_set_config(wpa_s->wpa, NULL);
1322 eapol_sm_notify_config(wpa_s->eapol, NULL, NULL);
1323 if (old_ssid != wpa_s->current_ssid)
1324 wpas_notify_network_changed(wpa_s);
1329 * wpa_supplicant_deauthenticate - Deauthenticate the current connection
1330 * @wpa_s: Pointer to wpa_supplicant data
1331 * @reason_code: IEEE 802.11 reason code for the deauthenticate frame
1333 * This function is used to request %wpa_supplicant to deauthenticate from the
1336 void wpa_supplicant_deauthenticate(struct wpa_supplicant *wpa_s,
1339 struct wpa_ssid *old_ssid;
1342 if (!is_zero_ether_addr(wpa_s->bssid)) {
1343 if (wpa_s->drv_flags & WPA_DRIVER_FLAGS_USER_SPACE_MLME)
1344 ieee80211_sta_deauthenticate(wpa_s, reason_code);
1346 wpa_drv_deauthenticate(wpa_s, wpa_s->bssid,
1348 addr = wpa_s->bssid;
1350 wpa_clear_keys(wpa_s, addr);
1351 wpa_supplicant_mark_disassoc(wpa_s);
1352 old_ssid = wpa_s->current_ssid;
1353 wpa_s->current_ssid = NULL;
1354 wpa_s->current_bss = NULL;
1355 wpa_sm_set_config(wpa_s->wpa, NULL);
1356 eapol_sm_notify_config(wpa_s->eapol, NULL, NULL);
1357 if (old_ssid != wpa_s->current_ssid)
1358 wpas_notify_network_changed(wpa_s);
1363 * wpa_supplicant_enable_network - Mark a configured network as enabled
1364 * @wpa_s: wpa_supplicant structure for a network interface
1365 * @ssid: wpa_ssid structure for a configured network or %NULL
1367 * Enables the specified network or all networks if no network specified.
1369 void wpa_supplicant_enable_network(struct wpa_supplicant *wpa_s,
1370 struct wpa_ssid *ssid)
1372 struct wpa_ssid *other_ssid;
1376 other_ssid = wpa_s->conf->ssid;
1377 while (other_ssid) {
1378 if (other_ssid == wpa_s->current_ssid &&
1379 other_ssid->disabled)
1380 wpa_s->reassociate = 1;
1382 was_disabled = other_ssid->disabled;
1384 other_ssid->disabled = 0;
1386 if (was_disabled != other_ssid->disabled)
1387 wpas_notify_network_enabled_changed(
1390 other_ssid = other_ssid->next;
1392 if (wpa_s->reassociate)
1393 wpa_supplicant_req_scan(wpa_s, 0, 0);
1394 } else if (wpa_s->current_ssid == NULL && ssid->disabled) {
1396 * Try to reassociate since there is no current configuration
1397 * and a new network was made available.
1399 wpa_s->reassociate = 1;
1400 wpa_supplicant_req_scan(wpa_s, 0, 0);
1402 was_disabled = ssid->disabled;
1406 if (was_disabled != ssid->disabled)
1407 wpas_notify_network_enabled_changed(wpa_s, ssid);
1413 * wpa_supplicant_disable_network - Mark a configured network as disabled
1414 * @wpa_s: wpa_supplicant structure for a network interface
1415 * @ssid: wpa_ssid structure for a configured network or %NULL
1417 * Disables the specified network or all networks if no network specified.
1419 void wpa_supplicant_disable_network(struct wpa_supplicant *wpa_s,
1420 struct wpa_ssid *ssid)
1422 struct wpa_ssid *other_ssid;
1426 other_ssid = wpa_s->conf->ssid;
1427 while (other_ssid) {
1428 was_disabled = other_ssid->disabled;
1430 other_ssid->disabled = 1;
1432 if (was_disabled != other_ssid->disabled)
1433 wpas_notify_network_enabled_changed(
1436 other_ssid = other_ssid->next;
1438 if (wpa_s->current_ssid)
1439 wpa_supplicant_disassociate(
1440 wpa_s, WLAN_REASON_DEAUTH_LEAVING);
1442 if (ssid == wpa_s->current_ssid)
1443 wpa_supplicant_disassociate(
1444 wpa_s, WLAN_REASON_DEAUTH_LEAVING);
1446 was_disabled = ssid->disabled;
1450 if (was_disabled != ssid->disabled)
1451 wpas_notify_network_enabled_changed(wpa_s, ssid);
1457 * wpa_supplicant_select_network - Attempt association with a network
1458 * @wpa_s: wpa_supplicant structure for a network interface
1459 * @ssid: wpa_ssid structure for a configured network or %NULL for any network
1461 void wpa_supplicant_select_network(struct wpa_supplicant *wpa_s,
1462 struct wpa_ssid *ssid)
1465 struct wpa_ssid *other_ssid;
1467 if (ssid && ssid != wpa_s->current_ssid && wpa_s->current_ssid)
1468 wpa_supplicant_disassociate(
1469 wpa_s, WLAN_REASON_DEAUTH_LEAVING);
1472 * Mark all other networks disabled or mark all networks enabled if no
1473 * network specified.
1475 other_ssid = wpa_s->conf->ssid;
1476 while (other_ssid) {
1477 int was_disabled = other_ssid->disabled;
1479 other_ssid->disabled = ssid ? (ssid->id != other_ssid->id) : 0;
1481 if (was_disabled != other_ssid->disabled)
1482 wpas_notify_network_enabled_changed(wpa_s, other_ssid);
1484 other_ssid = other_ssid->next;
1486 wpa_s->disconnected = 0;
1487 wpa_s->reassociate = 1;
1488 wpa_supplicant_req_scan(wpa_s, 0, 0);
1491 wpas_notify_network_selected(wpa_s, ssid);
1496 * wpa_supplicant_set_ap_scan - Set AP scan mode for interface
1497 * @wpa_s: wpa_supplicant structure for a network interface
1498 * @ap_scan: AP scan mode
1499 * Returns: 0 if succeed or -1 if ap_scan has an invalid value
1502 int wpa_supplicant_set_ap_scan(struct wpa_supplicant *wpa_s, int ap_scan)
1507 if (ap_scan < 0 || ap_scan > 2)
1510 old_ap_scan = wpa_s->conf->ap_scan;
1511 wpa_s->conf->ap_scan = ap_scan;
1513 if (old_ap_scan != wpa_s->conf->ap_scan)
1514 wpas_notify_ap_scan_changed(wpa_s);
1521 * wpa_supplicant_set_debug_params - Set global debug params
1522 * @global: wpa_global structure
1523 * @debug_level: debug level
1524 * @debug_timestamp: determines if show timestamp in debug data
1525 * @debug_show_keys: determines if show keys in debug data
1526 * Returns: 0 if succeed or -1 if debug_level has wrong value
1528 int wpa_supplicant_set_debug_params(struct wpa_global *global, int debug_level,
1529 int debug_timestamp, int debug_show_keys)
1532 int old_level, old_timestamp, old_show_keys;
1534 /* check for allowed debuglevels */
1535 if (debug_level != MSG_MSGDUMP &&
1536 debug_level != MSG_DEBUG &&
1537 debug_level != MSG_INFO &&
1538 debug_level != MSG_WARNING &&
1539 debug_level != MSG_ERROR)
1542 old_level = wpa_debug_level;
1543 old_timestamp = wpa_debug_timestamp;
1544 old_show_keys = wpa_debug_show_keys;
1546 wpa_debug_level = debug_level;
1547 wpa_debug_timestamp = debug_timestamp ? 1 : 0;
1548 wpa_debug_show_keys = debug_show_keys ? 1 : 0;
1550 if (wpa_debug_level != old_level)
1551 wpas_notify_debug_level_changed(global);
1552 if (wpa_debug_timestamp != old_timestamp)
1553 wpas_notify_debug_timestamp_changed(global);
1554 if (wpa_debug_show_keys != old_show_keys)
1555 wpas_notify_debug_show_keys_changed(global);
1562 * wpa_supplicant_get_ssid - Get a pointer to the current network structure
1563 * @wpa_s: Pointer to wpa_supplicant data
1564 * Returns: A pointer to the current network structure or %NULL on failure
1566 struct wpa_ssid * wpa_supplicant_get_ssid(struct wpa_supplicant *wpa_s)
1568 struct wpa_ssid *entry;
1569 u8 ssid[MAX_SSID_LEN];
1575 if (wpa_s->drv_flags & WPA_DRIVER_FLAGS_USER_SPACE_MLME) {
1576 if (ieee80211_sta_get_ssid(wpa_s, ssid, &ssid_len)) {
1577 wpa_printf(MSG_WARNING, "Could not read SSID from "
1582 res = wpa_drv_get_ssid(wpa_s, ssid);
1584 wpa_printf(MSG_WARNING, "Could not read SSID from "
1591 if (wpa_s->drv_flags & WPA_DRIVER_FLAGS_USER_SPACE_MLME)
1592 os_memcpy(bssid, wpa_s->bssid, ETH_ALEN);
1593 else if (wpa_drv_get_bssid(wpa_s, bssid) < 0) {
1594 wpa_printf(MSG_WARNING, "Could not read BSSID from driver.");
1598 wired = wpa_s->conf->ap_scan == 0 &&
1599 (wpa_s->drv_flags & WPA_DRIVER_FLAGS_WIRED);
1601 entry = wpa_s->conf->ssid;
1603 if (!entry->disabled &&
1604 ((ssid_len == entry->ssid_len &&
1605 os_memcmp(ssid, entry->ssid, ssid_len) == 0) || wired) &&
1606 (!entry->bssid_set ||
1607 os_memcmp(bssid, entry->bssid, ETH_ALEN) == 0))
1610 if (!entry->disabled &&
1611 (entry->key_mgmt & WPA_KEY_MGMT_WPS) &&
1612 (entry->ssid == NULL || entry->ssid_len == 0) &&
1613 (!entry->bssid_set ||
1614 os_memcmp(bssid, entry->bssid, ETH_ALEN) == 0))
1616 #endif /* CONFIG_WPS */
1617 entry = entry->next;
1624 static int wpa_supplicant_set_driver(struct wpa_supplicant *wpa_s,
1634 if (wpa_drivers[0] == NULL) {
1635 wpa_printf(MSG_ERROR, "No driver interfaces build into "
1641 /* default to first driver in the list */
1642 wpa_s->driver = wpa_drivers[0];
1643 wpa_s->global_drv_priv = wpa_s->global->drv_priv[0];
1647 pos = os_strchr(name, ',');
1651 len = os_strlen(name);
1652 for (i = 0; wpa_drivers[i]; i++) {
1653 if (os_strlen(wpa_drivers[i]->name) == len &&
1654 os_strncmp(name, wpa_drivers[i]->name, len) ==
1656 wpa_s->driver = wpa_drivers[i];
1657 wpa_s->global_drv_priv = wpa_s->global->drv_priv[i];
1662 wpa_printf(MSG_ERROR, "Unsupported driver '%s'.", name);
1668 * wpa_supplicant_rx_eapol - Deliver a received EAPOL frame to wpa_supplicant
1669 * @ctx: Context pointer (wpa_s); this is the ctx variable registered
1670 * with struct wpa_driver_ops::init()
1671 * @src_addr: Source address of the EAPOL frame
1672 * @buf: EAPOL data starting from the EAPOL header (i.e., no Ethernet header)
1673 * @len: Length of the EAPOL data
1675 * This function is called for each received EAPOL frame. Most driver
1676 * interfaces rely on more generic OS mechanism for receiving frames through
1677 * l2_packet, but if such a mechanism is not available, the driver wrapper may
1678 * take care of received EAPOL frames and deliver them to the core supplicant
1679 * code by calling this function.
1681 void wpa_supplicant_rx_eapol(void *ctx, const u8 *src_addr,
1682 const u8 *buf, size_t len)
1684 struct wpa_supplicant *wpa_s = ctx;
1686 wpa_printf(MSG_DEBUG, "RX EAPOL from " MACSTR, MAC2STR(src_addr));
1687 wpa_hexdump(MSG_MSGDUMP, "RX EAPOL", buf, len);
1689 if (wpa_s->wpa_state < WPA_ASSOCIATED) {
1691 * There is possible race condition between receiving the
1692 * association event and the EAPOL frame since they are coming
1693 * through different paths from the driver. In order to avoid
1694 * issues in trying to process the EAPOL frame before receiving
1695 * association information, lets queue it for processing until
1696 * the association event is received.
1698 wpa_printf(MSG_DEBUG, "Not associated - Delay processing of "
1699 "received EAPOL frame");
1700 wpabuf_free(wpa_s->pending_eapol_rx);
1701 wpa_s->pending_eapol_rx = wpabuf_alloc_copy(buf, len);
1702 if (wpa_s->pending_eapol_rx) {
1703 os_get_time(&wpa_s->pending_eapol_rx_time);
1704 os_memcpy(wpa_s->pending_eapol_rx_src, src_addr,
1711 if (wpa_s->ap_iface) {
1712 wpa_supplicant_ap_rx_eapol(wpa_s, src_addr, buf, len);
1715 #endif /* CONFIG_AP */
1717 if (wpa_s->key_mgmt == WPA_KEY_MGMT_NONE) {
1718 wpa_printf(MSG_DEBUG, "Ignored received EAPOL frame since "
1719 "no key management is configured");
1723 if (wpa_s->eapol_received == 0 &&
1724 (!(wpa_s->drv_flags & WPA_DRIVER_FLAGS_4WAY_HANDSHAKE) ||
1725 !wpa_key_mgmt_wpa_psk(wpa_s->key_mgmt) ||
1726 wpa_s->wpa_state != WPA_COMPLETED) &&
1727 (wpa_s->current_ssid == NULL ||
1728 wpa_s->current_ssid->mode != IEEE80211_MODE_IBSS)) {
1729 /* Timeout for completing IEEE 802.1X and WPA authentication */
1730 wpa_supplicant_req_auth_timeout(
1732 (wpa_key_mgmt_wpa_ieee8021x(wpa_s->key_mgmt) ||
1733 wpa_s->key_mgmt == WPA_KEY_MGMT_IEEE8021X_NO_WPA ||
1734 wpa_s->key_mgmt == WPA_KEY_MGMT_WPS) ?
1737 wpa_s->eapol_received++;
1739 if (wpa_s->countermeasures) {
1740 wpa_printf(MSG_INFO, "WPA: Countermeasures - dropped EAPOL "
1745 #ifdef CONFIG_IBSS_RSN
1746 if (wpa_s->current_ssid &&
1747 wpa_s->current_ssid->mode == WPAS_MODE_IBSS) {
1748 ibss_rsn_rx_eapol(wpa_s->ibss_rsn, src_addr, buf, len);
1751 #endif /* CONFIG_IBSS_RSN */
1753 /* Source address of the incoming EAPOL frame could be compared to the
1754 * current BSSID. However, it is possible that a centralized
1755 * Authenticator could be using another MAC address than the BSSID of
1756 * an AP, so just allow any address to be used for now. The replies are
1757 * still sent to the current BSSID (if available), though. */
1759 os_memcpy(wpa_s->last_eapol_src, src_addr, ETH_ALEN);
1760 if (!wpa_key_mgmt_wpa_psk(wpa_s->key_mgmt) &&
1761 eapol_sm_rx_eapol(wpa_s->eapol, src_addr, buf, len) > 0)
1763 wpa_drv_poll(wpa_s);
1764 if (!(wpa_s->drv_flags & WPA_DRIVER_FLAGS_4WAY_HANDSHAKE))
1765 wpa_sm_rx_eapol(wpa_s->wpa, src_addr, buf, len);
1766 else if (wpa_key_mgmt_wpa_ieee8021x(wpa_s->key_mgmt)) {
1768 * Set portValid = TRUE here since we are going to skip 4-way
1769 * handshake processing which would normally set portValid. We
1770 * need this to allow the EAPOL state machines to be completed
1771 * without going through EAPOL-Key handshake.
1773 eapol_sm_notify_portValid(wpa_s->eapol, TRUE);
1779 * wpa_supplicant_driver_init - Initialize driver interface parameters
1780 * @wpa_s: Pointer to wpa_supplicant data
1781 * Returns: 0 on success, -1 on failure
1783 * This function is called to initialize driver interface parameters.
1784 * wpa_drv_init() must have been called before this function to initialize the
1787 int wpa_supplicant_driver_init(struct wpa_supplicant *wpa_s)
1789 static int interface_count = 0;
1791 if (wpa_s->driver->send_eapol) {
1792 const u8 *addr = wpa_drv_get_mac_addr(wpa_s);
1794 os_memcpy(wpa_s->own_addr, addr, ETH_ALEN);
1796 wpa_s->l2 = l2_packet_init(wpa_s->ifname,
1797 wpa_drv_get_mac_addr(wpa_s),
1799 wpa_supplicant_rx_eapol, wpa_s, 0);
1800 if (wpa_s->l2 == NULL)
1804 if (wpa_s->l2 && l2_packet_get_own_addr(wpa_s->l2, wpa_s->own_addr)) {
1805 wpa_printf(MSG_ERROR, "Failed to get own L2 address");
1809 wpa_printf(MSG_DEBUG, "Own MAC address: " MACSTR,
1810 MAC2STR(wpa_s->own_addr));
1812 if (wpa_s->bridge_ifname[0]) {
1813 wpa_printf(MSG_DEBUG, "Receiving packets from bridge interface"
1814 " '%s'", wpa_s->bridge_ifname);
1815 wpa_s->l2_br = l2_packet_init(wpa_s->bridge_ifname,
1818 wpa_supplicant_rx_eapol, wpa_s,
1820 if (wpa_s->l2_br == NULL) {
1821 wpa_printf(MSG_ERROR, "Failed to open l2_packet "
1822 "connection for the bridge interface '%s'",
1823 wpa_s->bridge_ifname);
1828 wpa_clear_keys(wpa_s, NULL);
1830 /* Make sure that TKIP countermeasures are not left enabled (could
1831 * happen if wpa_supplicant is killed during countermeasures. */
1832 wpa_drv_set_countermeasures(wpa_s, 0);
1834 wpa_printf(MSG_DEBUG, "RSN: flushing PMKID list in the driver");
1835 wpa_drv_flush_pmkid(wpa_s);
1837 wpa_s->prev_scan_ssid = WILDCARD_SSID_SCAN;
1838 wpa_supplicant_req_scan(wpa_s, interface_count, 100000);
1845 static int wpa_supplicant_daemon(const char *pid_file)
1847 wpa_printf(MSG_DEBUG, "Daemonize..");
1848 return os_daemonize(pid_file);
1852 static struct wpa_supplicant * wpa_supplicant_alloc(void)
1854 struct wpa_supplicant *wpa_s;
1856 wpa_s = os_zalloc(sizeof(*wpa_s));
1859 wpa_s->scan_req = 1;
1860 wpa_s->new_connection = 1;
1866 static int wpa_supplicant_init_iface(struct wpa_supplicant *wpa_s,
1867 struct wpa_interface *iface)
1869 const char *ifname, *driver;
1870 struct wpa_driver_capa capa;
1872 wpa_printf(MSG_DEBUG, "Initializing interface '%s' conf '%s' driver "
1873 "'%s' ctrl_interface '%s' bridge '%s'", iface->ifname,
1874 iface->confname ? iface->confname : "N/A",
1875 iface->driver ? iface->driver : "default",
1876 iface->ctrl_interface ? iface->ctrl_interface : "N/A",
1877 iface->bridge_ifname ? iface->bridge_ifname : "N/A");
1879 if (iface->confname) {
1880 #ifdef CONFIG_BACKEND_FILE
1881 wpa_s->confname = os_rel2abs_path(iface->confname);
1882 if (wpa_s->confname == NULL) {
1883 wpa_printf(MSG_ERROR, "Failed to get absolute path "
1884 "for configuration file '%s'.",
1888 wpa_printf(MSG_DEBUG, "Configuration file '%s' -> '%s'",
1889 iface->confname, wpa_s->confname);
1890 #else /* CONFIG_BACKEND_FILE */
1891 wpa_s->confname = os_strdup(iface->confname);
1892 #endif /* CONFIG_BACKEND_FILE */
1893 wpa_s->conf = wpa_config_read(wpa_s->confname);
1894 if (wpa_s->conf == NULL) {
1895 wpa_printf(MSG_ERROR, "Failed to read or parse "
1896 "configuration '%s'.", wpa_s->confname);
1901 * Override ctrl_interface and driver_param if set on command
1904 if (iface->ctrl_interface) {
1905 os_free(wpa_s->conf->ctrl_interface);
1906 wpa_s->conf->ctrl_interface =
1907 os_strdup(iface->ctrl_interface);
1910 if (iface->driver_param) {
1911 os_free(wpa_s->conf->driver_param);
1912 wpa_s->conf->driver_param =
1913 os_strdup(iface->driver_param);
1916 wpa_s->conf = wpa_config_alloc_empty(iface->ctrl_interface,
1917 iface->driver_param);
1919 if (wpa_s->conf == NULL) {
1920 wpa_printf(MSG_ERROR, "\nNo configuration found.");
1924 if (iface->ifname == NULL) {
1925 wpa_printf(MSG_ERROR, "\nInterface name is required.");
1928 if (os_strlen(iface->ifname) >= sizeof(wpa_s->ifname)) {
1929 wpa_printf(MSG_ERROR, "\nToo long interface name '%s'.",
1933 os_strlcpy(wpa_s->ifname, iface->ifname, sizeof(wpa_s->ifname));
1935 if (iface->bridge_ifname) {
1936 if (os_strlen(iface->bridge_ifname) >=
1937 sizeof(wpa_s->bridge_ifname)) {
1938 wpa_printf(MSG_ERROR, "\nToo long bridge interface "
1939 "name '%s'.", iface->bridge_ifname);
1942 os_strlcpy(wpa_s->bridge_ifname, iface->bridge_ifname,
1943 sizeof(wpa_s->bridge_ifname));
1946 /* RSNA Supplicant Key Management - INITIALIZE */
1947 eapol_sm_notify_portEnabled(wpa_s->eapol, FALSE);
1948 eapol_sm_notify_portValid(wpa_s->eapol, FALSE);
1950 /* Initialize driver interface and register driver event handler before
1951 * L2 receive handler so that association events are processed before
1952 * EAPOL-Key packets if both become available for the same select()
1954 driver = iface->driver;
1956 if (wpa_supplicant_set_driver(wpa_s, driver) < 0)
1959 wpa_s->drv_priv = wpa_drv_init(wpa_s, wpa_s->ifname);
1960 if (wpa_s->drv_priv == NULL) {
1962 pos = driver ? os_strchr(driver, ',') : NULL;
1964 wpa_printf(MSG_DEBUG, "Failed to initialize driver "
1965 "interface - try next driver wrapper");
1969 wpa_printf(MSG_ERROR, "Failed to initialize driver interface");
1972 if (wpa_drv_set_param(wpa_s, wpa_s->conf->driver_param) < 0) {
1973 wpa_printf(MSG_ERROR, "Driver interface rejected "
1974 "driver_param '%s'", wpa_s->conf->driver_param);
1978 ifname = wpa_drv_get_ifname(wpa_s);
1979 if (ifname && os_strcmp(ifname, wpa_s->ifname) != 0) {
1980 wpa_printf(MSG_DEBUG, "Driver interface replaced interface "
1981 "name with '%s'", ifname);
1982 os_strlcpy(wpa_s->ifname, ifname, sizeof(wpa_s->ifname));
1985 if (wpa_supplicant_init_wpa(wpa_s) < 0)
1988 wpa_sm_set_ifname(wpa_s->wpa, wpa_s->ifname,
1989 wpa_s->bridge_ifname[0] ? wpa_s->bridge_ifname :
1991 wpa_sm_set_fast_reauth(wpa_s->wpa, wpa_s->conf->fast_reauth);
1993 if (wpa_s->conf->dot11RSNAConfigPMKLifetime &&
1994 wpa_sm_set_param(wpa_s->wpa, RSNA_PMK_LIFETIME,
1995 wpa_s->conf->dot11RSNAConfigPMKLifetime)) {
1996 wpa_printf(MSG_ERROR, "Invalid WPA parameter value for "
1997 "dot11RSNAConfigPMKLifetime");
2001 if (wpa_s->conf->dot11RSNAConfigPMKReauthThreshold &&
2002 wpa_sm_set_param(wpa_s->wpa, RSNA_PMK_REAUTH_THRESHOLD,
2003 wpa_s->conf->dot11RSNAConfigPMKReauthThreshold)) {
2004 wpa_printf(MSG_ERROR, "Invalid WPA parameter value for "
2005 "dot11RSNAConfigPMKReauthThreshold");
2009 if (wpa_s->conf->dot11RSNAConfigSATimeout &&
2010 wpa_sm_set_param(wpa_s->wpa, RSNA_SA_TIMEOUT,
2011 wpa_s->conf->dot11RSNAConfigSATimeout)) {
2012 wpa_printf(MSG_ERROR, "Invalid WPA parameter value for "
2013 "dot11RSNAConfigSATimeout");
2017 if (wpa_supplicant_driver_init(wpa_s) < 0)
2020 if (wpa_s->conf->country[0] && wpa_s->conf->country[1] &&
2021 wpa_drv_set_country(wpa_s, wpa_s->conf->country)) {
2022 wpa_printf(MSG_DEBUG, "Failed to set country");
2026 wpa_sm_set_own_addr(wpa_s->wpa, wpa_s->own_addr);
2028 if (wpas_wps_init(wpa_s))
2031 if (wpa_supplicant_init_eapol(wpa_s) < 0)
2033 wpa_sm_set_eapol(wpa_s->wpa, wpa_s->eapol);
2035 wpa_s->ctrl_iface = wpa_supplicant_ctrl_iface_init(wpa_s);
2036 if (wpa_s->ctrl_iface == NULL) {
2037 wpa_printf(MSG_ERROR,
2038 "Failed to initialize control interface '%s'.\n"
2039 "You may have another wpa_supplicant process "
2040 "already running or the file was\n"
2041 "left by an unclean termination of wpa_supplicant "
2042 "in which case you will need\n"
2043 "to manually remove this file before starting "
2044 "wpa_supplicant again.\n",
2045 wpa_s->conf->ctrl_interface);
2049 if (wpa_drv_get_capa(wpa_s, &capa) == 0) {
2050 wpa_s->drv_flags = capa.flags;
2051 if (capa.flags & WPA_DRIVER_FLAGS_USER_SPACE_MLME) {
2052 if (ieee80211_sta_init(wpa_s))
2055 wpa_s->max_scan_ssids = capa.max_scan_ssids;
2058 #ifdef CONFIG_IBSS_RSN
2059 wpa_s->ibss_rsn = ibss_rsn_init(wpa_s);
2060 if (!wpa_s->ibss_rsn) {
2061 wpa_printf(MSG_DEBUG, "Failed to init IBSS RSN");
2064 #endif /* CONFIG_IBSS_RSN */
2066 if (wpa_bss_init(wpa_s) < 0)
2073 static void wpa_supplicant_deinit_iface(struct wpa_supplicant *wpa_s,
2076 if (wpa_s->drv_priv) {
2077 wpa_supplicant_deauthenticate(wpa_s,
2078 WLAN_REASON_DEAUTH_LEAVING);
2080 wpa_drv_set_countermeasures(wpa_s, 0);
2081 wpa_clear_keys(wpa_s, NULL);
2084 wpa_supplicant_cleanup(wpa_s);
2087 wpas_notify_iface_removed(wpa_s);
2089 if (wpa_s->drv_priv)
2090 wpa_drv_deinit(wpa_s);
2095 * wpa_supplicant_add_iface - Add a new network interface
2096 * @global: Pointer to global data from wpa_supplicant_init()
2097 * @iface: Interface configuration options
2098 * Returns: Pointer to the created interface or %NULL on failure
2100 * This function is used to add new network interfaces for %wpa_supplicant.
2101 * This can be called before wpa_supplicant_run() to add interfaces before the
2102 * main event loop has been started. In addition, new interfaces can be added
2103 * dynamically while %wpa_supplicant is already running. This could happen,
2104 * e.g., when a hotplug network adapter is inserted.
2106 struct wpa_supplicant * wpa_supplicant_add_iface(struct wpa_global *global,
2107 struct wpa_interface *iface)
2109 struct wpa_supplicant *wpa_s;
2110 struct wpa_interface t_iface;
2111 struct wpa_ssid *ssid;
2113 if (global == NULL || iface == NULL)
2116 wpa_s = wpa_supplicant_alloc();
2120 wpa_s->global = global;
2123 if (global->params.override_driver) {
2124 wpa_printf(MSG_DEBUG, "Override interface parameter: driver "
2126 iface->driver, global->params.override_driver);
2127 t_iface.driver = global->params.override_driver;
2129 if (global->params.override_ctrl_interface) {
2130 wpa_printf(MSG_DEBUG, "Override interface parameter: "
2131 "ctrl_interface ('%s' -> '%s')",
2132 iface->ctrl_interface,
2133 global->params.override_ctrl_interface);
2134 t_iface.ctrl_interface =
2135 global->params.override_ctrl_interface;
2137 if (wpa_supplicant_init_iface(wpa_s, &t_iface)) {
2138 wpa_printf(MSG_DEBUG, "Failed to add interface %s",
2140 wpa_supplicant_deinit_iface(wpa_s, 0);
2145 /* Notify the control interfaces about new iface */
2146 if (wpas_notify_iface_added(wpa_s)) {
2147 wpa_supplicant_deinit_iface(wpa_s, 1);
2152 for (ssid = wpa_s->conf->ssid; ssid; ssid = ssid->next)
2153 wpas_notify_network_added(wpa_s, ssid);
2155 wpa_s->next = global->ifaces;
2156 global->ifaces = wpa_s;
2158 wpa_printf(MSG_DEBUG, "Added interface %s", wpa_s->ifname);
2165 * wpa_supplicant_remove_iface - Remove a network interface
2166 * @global: Pointer to global data from wpa_supplicant_init()
2167 * @wpa_s: Pointer to the network interface to be removed
2168 * Returns: 0 if interface was removed, -1 if interface was not found
2170 * This function can be used to dynamically remove network interfaces from
2171 * %wpa_supplicant, e.g., when a hotplug network adapter is ejected. In
2172 * addition, this function is used to remove all remaining interfaces when
2173 * %wpa_supplicant is terminated.
2175 int wpa_supplicant_remove_iface(struct wpa_global *global,
2176 struct wpa_supplicant *wpa_s)
2178 struct wpa_supplicant *prev;
2180 /* Remove interface from the global list of interfaces */
2181 prev = global->ifaces;
2182 if (prev == wpa_s) {
2183 global->ifaces = wpa_s->next;
2185 while (prev && prev->next != wpa_s)
2189 prev->next = wpa_s->next;
2192 wpa_printf(MSG_DEBUG, "Removing interface %s", wpa_s->ifname);
2194 wpa_supplicant_deinit_iface(wpa_s, 1);
2202 * wpa_supplicant_get_iface - Get a new network interface
2203 * @global: Pointer to global data from wpa_supplicant_init()
2204 * @ifname: Interface name
2205 * Returns: Pointer to the interface or %NULL if not found
2207 struct wpa_supplicant * wpa_supplicant_get_iface(struct wpa_global *global,
2210 struct wpa_supplicant *wpa_s;
2212 for (wpa_s = global->ifaces; wpa_s; wpa_s = wpa_s->next) {
2213 if (os_strcmp(wpa_s->ifname, ifname) == 0)
2221 * wpa_supplicant_init - Initialize %wpa_supplicant
2222 * @params: Parameters for %wpa_supplicant
2223 * Returns: Pointer to global %wpa_supplicant data, or %NULL on failure
2225 * This function is used to initialize %wpa_supplicant. After successful
2226 * initialization, the returned data pointer can be used to add and remove
2227 * network interfaces, and eventually, to deinitialize %wpa_supplicant.
2229 struct wpa_global * wpa_supplicant_init(struct wpa_params *params)
2231 struct wpa_global *global;
2237 wpa_debug_open_file(params->wpa_debug_file_path);
2238 if (params->wpa_debug_syslog)
2239 wpa_debug_open_syslog();
2241 ret = eap_register_methods();
2243 wpa_printf(MSG_ERROR, "Failed to register EAP methods");
2245 wpa_printf(MSG_ERROR, "Two or more EAP methods used "
2246 "the same EAP type.");
2250 global = os_zalloc(sizeof(*global));
2253 global->params.daemonize = params->daemonize;
2254 global->params.wait_for_monitor = params->wait_for_monitor;
2255 global->params.dbus_ctrl_interface = params->dbus_ctrl_interface;
2256 if (params->pid_file)
2257 global->params.pid_file = os_strdup(params->pid_file);
2258 if (params->ctrl_interface)
2259 global->params.ctrl_interface =
2260 os_strdup(params->ctrl_interface);
2261 if (params->override_driver)
2262 global->params.override_driver =
2263 os_strdup(params->override_driver);
2264 if (params->override_ctrl_interface)
2265 global->params.override_ctrl_interface =
2266 os_strdup(params->override_ctrl_interface);
2267 wpa_debug_level = global->params.wpa_debug_level =
2268 params->wpa_debug_level;
2269 wpa_debug_show_keys = global->params.wpa_debug_show_keys =
2270 params->wpa_debug_show_keys;
2271 wpa_debug_timestamp = global->params.wpa_debug_timestamp =
2272 params->wpa_debug_timestamp;
2275 wpa_printf(MSG_ERROR, "Failed to initialize event loop");
2276 wpa_supplicant_deinit(global);
2280 global->ctrl_iface = wpa_supplicant_global_ctrl_iface_init(global);
2281 if (global->ctrl_iface == NULL) {
2282 wpa_supplicant_deinit(global);
2286 if (wpas_notify_supplicant_initialized(global)) {
2287 wpa_supplicant_deinit(global);
2291 for (i = 0; wpa_drivers[i]; i++)
2292 global->drv_count++;
2293 if (global->drv_count == 0) {
2294 wpa_printf(MSG_ERROR, "No drivers enabled");
2295 wpa_supplicant_deinit(global);
2298 global->drv_priv = os_zalloc(global->drv_count * sizeof(void *));
2299 if (global->drv_priv == NULL) {
2300 wpa_supplicant_deinit(global);
2303 for (i = 0; wpa_drivers[i]; i++) {
2304 if (!wpa_drivers[i]->global_init)
2306 global->drv_priv[i] = wpa_drivers[i]->global_init();
2307 if (global->drv_priv[i] == NULL) {
2308 wpa_printf(MSG_ERROR, "Failed to initialize driver "
2309 "'%s'", wpa_drivers[i]->name);
2310 wpa_supplicant_deinit(global);
2320 * wpa_supplicant_run - Run the %wpa_supplicant main event loop
2321 * @global: Pointer to global data from wpa_supplicant_init()
2322 * Returns: 0 after successful event loop run, -1 on failure
2324 * This function starts the main event loop and continues running as long as
2325 * there are any remaining events. In most cases, this function is running as
2326 * long as the %wpa_supplicant process in still in use.
2328 int wpa_supplicant_run(struct wpa_global *global)
2330 struct wpa_supplicant *wpa_s;
2332 if (global->params.daemonize &&
2333 wpa_supplicant_daemon(global->params.pid_file))
2336 if (global->params.wait_for_monitor) {
2337 for (wpa_s = global->ifaces; wpa_s; wpa_s = wpa_s->next)
2338 if (wpa_s->ctrl_iface)
2339 wpa_supplicant_ctrl_iface_wait(
2343 eloop_register_signal_terminate(wpa_supplicant_terminate, global);
2344 eloop_register_signal_reconfig(wpa_supplicant_reconfig, global);
2353 * wpa_supplicant_deinit - Deinitialize %wpa_supplicant
2354 * @global: Pointer to global data from wpa_supplicant_init()
2356 * This function is called to deinitialize %wpa_supplicant and to free all
2357 * allocated resources. Remaining network interfaces will also be removed.
2359 void wpa_supplicant_deinit(struct wpa_global *global)
2366 while (global->ifaces)
2367 wpa_supplicant_remove_iface(global, global->ifaces);
2369 if (global->ctrl_iface)
2370 wpa_supplicant_global_ctrl_iface_deinit(global->ctrl_iface);
2372 wpas_notify_supplicant_deinitialized(global);
2374 eap_peer_unregister_methods();
2376 eap_server_unregister_methods();
2377 #endif /* CONFIG_AP */
2379 for (i = 0; wpa_drivers[i] && global->drv_priv; i++) {
2380 if (!global->drv_priv[i])
2382 wpa_drivers[i]->global_deinit(global->drv_priv[i]);
2384 os_free(global->drv_priv);
2388 if (global->params.pid_file) {
2389 os_daemonize_terminate(global->params.pid_file);
2390 os_free(global->params.pid_file);
2392 os_free(global->params.ctrl_interface);
2393 os_free(global->params.override_driver);
2394 os_free(global->params.override_ctrl_interface);
2397 wpa_debug_close_syslog();
2398 wpa_debug_close_file();