3 * Copyright (c) 2003-2012, Jouni Malinen <j@w1.fi>
5 * This software may be distributed under the terms of the BSD license.
6 * See README for more details.
8 * This file implements functions for registering and unregistering
9 * %wpa_supplicant interfaces. In addition, this file contains number of
10 * functions for managing network connections.
16 #include "crypto/random.h"
17 #include "crypto/sha1.h"
18 #include "eapol_supp/eapol_supp_sm.h"
19 #include "eap_peer/eap.h"
20 #include "eap_peer/eap_proxy.h"
21 #include "eap_server/eap_methods.h"
22 #include "rsn_supp/wpa.h"
25 #include "utils/ext_password.h"
26 #include "l2_packet/l2_packet.h"
27 #include "wpa_supplicant_i.h"
29 #include "ctrl_iface.h"
30 #include "pcsc_funcs.h"
31 #include "common/version.h"
32 #include "rsn_supp/preauth.h"
33 #include "rsn_supp/pmksa_cache.h"
34 #include "common/wpa_ctrl.h"
35 #include "common/ieee802_11_defs.h"
37 #include "blacklist.h"
38 #include "wpas_glue.h"
39 #include "wps_supplicant.h"
42 #include "gas_query.h"
44 #include "p2p_supplicant.h"
45 #include "wifi_display.h"
51 #include "offchannel.h"
52 #include "hs20_supplicant.h"
55 const char *wpa_supplicant_version =
56 "wpa_supplicant v" VERSION_STR "\n"
57 "Copyright (c) 2003-2013, Jouni Malinen <j@w1.fi> and contributors";
59 const char *wpa_supplicant_license =
60 "This software may be distributed under the terms of the BSD license.\n"
61 "See README for more details.\n"
62 #ifdef EAP_TLS_OPENSSL
63 "\nThis product includes software developed by the OpenSSL Project\n"
64 "for use in the OpenSSL Toolkit (http://www.openssl.org/)\n"
65 #endif /* EAP_TLS_OPENSSL */
68 #ifndef CONFIG_NO_STDOUT_DEBUG
69 /* Long text divided into parts in order to fit in C89 strings size limits. */
70 const char *wpa_supplicant_full_license1 =
72 const char *wpa_supplicant_full_license2 =
73 "This software may be distributed under the terms of the BSD license.\n"
75 "Redistribution and use in source and binary forms, with or without\n"
76 "modification, are permitted provided that the following conditions are\n"
79 const char *wpa_supplicant_full_license3 =
80 "1. Redistributions of source code must retain the above copyright\n"
81 " notice, this list of conditions and the following disclaimer.\n"
83 "2. Redistributions in binary form must reproduce the above copyright\n"
84 " notice, this list of conditions and the following disclaimer in the\n"
85 " documentation and/or other materials provided with the distribution.\n"
87 const char *wpa_supplicant_full_license4 =
88 "3. Neither the name(s) of the above-listed copyright holder(s) nor the\n"
89 " names of its contributors may be used to endorse or promote products\n"
90 " derived from this software without specific prior written permission.\n"
92 "THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS\n"
93 "\"AS IS\" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT\n"
94 "LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR\n"
95 "A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT\n";
96 const char *wpa_supplicant_full_license5 =
97 "OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,\n"
98 "SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT\n"
99 "LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,\n"
100 "DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY\n"
101 "THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT\n"
102 "(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE\n"
103 "OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n"
105 #endif /* CONFIG_NO_STDOUT_DEBUG */
107 extern int wpa_debug_level;
108 extern int wpa_debug_show_keys;
109 extern int wpa_debug_timestamp;
110 extern struct wpa_driver_ops *wpa_drivers[];
112 /* Configure default/group WEP keys for static WEP */
113 int wpa_set_wep_keys(struct wpa_supplicant *wpa_s, struct wpa_ssid *ssid)
117 for (i = 0; i < NUM_WEP_KEYS; i++) {
118 if (ssid->wep_key_len[i] == 0)
122 wpa_drv_set_key(wpa_s, WPA_ALG_WEP, NULL,
123 i, i == ssid->wep_tx_keyidx, NULL, 0,
124 ssid->wep_key[i], ssid->wep_key_len[i]);
131 int wpa_supplicant_set_wpa_none_key(struct wpa_supplicant *wpa_s,
132 struct wpa_ssid *ssid)
139 /* IBSS/WPA-None uses only one key (Group) for both receiving and
140 * sending unicast and multicast packets. */
142 if (ssid->mode != WPAS_MODE_IBSS) {
143 wpa_msg(wpa_s, MSG_INFO, "WPA: Invalid mode %d (not "
144 "IBSS/ad-hoc) for WPA-None", ssid->mode);
148 if (!ssid->psk_set) {
149 wpa_msg(wpa_s, MSG_INFO, "WPA: No PSK configured for "
154 switch (wpa_s->group_cipher) {
155 case WPA_CIPHER_CCMP:
156 os_memcpy(key, ssid->psk, 16);
160 case WPA_CIPHER_GCMP:
161 os_memcpy(key, ssid->psk, 16);
165 case WPA_CIPHER_TKIP:
166 /* WPA-None uses the same Michael MIC key for both TX and RX */
167 os_memcpy(key, ssid->psk, 16 + 8);
168 os_memcpy(key + 16 + 8, ssid->psk + 16, 8);
173 wpa_msg(wpa_s, MSG_INFO, "WPA: Invalid group cipher %d for "
174 "WPA-None", wpa_s->group_cipher);
178 /* TODO: should actually remember the previously used seq#, both for TX
179 * and RX from each STA.. */
181 return wpa_drv_set_key(wpa_s, alg, NULL, 0, 1, seq, 6, key, keylen);
185 static void wpa_supplicant_timeout(void *eloop_ctx, void *timeout_ctx)
187 struct wpa_supplicant *wpa_s = eloop_ctx;
188 const u8 *bssid = wpa_s->bssid;
189 if (is_zero_ether_addr(bssid))
190 bssid = wpa_s->pending_bssid;
191 wpa_msg(wpa_s, MSG_INFO, "Authentication with " MACSTR " timed out.",
193 wpa_blacklist_add(wpa_s, bssid);
194 wpa_sm_notify_disassoc(wpa_s->wpa);
195 wpa_supplicant_deauthenticate(wpa_s, WLAN_REASON_DEAUTH_LEAVING);
196 wpa_s->reassociate = 1;
199 * If we timed out, the AP or the local radio may be busy.
200 * So, wait a second until scanning again.
202 wpa_supplicant_req_scan(wpa_s, 1, 0);
204 wpas_p2p_continue_after_scan(wpa_s);
209 * wpa_supplicant_req_auth_timeout - Schedule a timeout for authentication
210 * @wpa_s: Pointer to wpa_supplicant data
211 * @sec: Number of seconds after which to time out authentication
212 * @usec: Number of microseconds after which to time out authentication
214 * This function is used to schedule a timeout for the current authentication
217 void wpa_supplicant_req_auth_timeout(struct wpa_supplicant *wpa_s,
220 if (wpa_s->conf && wpa_s->conf->ap_scan == 0 &&
221 (wpa_s->drv_flags & WPA_DRIVER_FLAGS_WIRED))
224 wpa_dbg(wpa_s, MSG_DEBUG, "Setting authentication timeout: %d sec "
225 "%d usec", sec, usec);
226 eloop_cancel_timeout(wpa_supplicant_timeout, wpa_s, NULL);
227 eloop_register_timeout(sec, usec, wpa_supplicant_timeout, wpa_s, NULL);
232 * wpa_supplicant_cancel_auth_timeout - Cancel authentication timeout
233 * @wpa_s: Pointer to wpa_supplicant data
235 * This function is used to cancel authentication timeout scheduled with
236 * wpa_supplicant_req_auth_timeout() and it is called when authentication has
239 void wpa_supplicant_cancel_auth_timeout(struct wpa_supplicant *wpa_s)
241 wpa_dbg(wpa_s, MSG_DEBUG, "Cancelling authentication timeout");
242 eloop_cancel_timeout(wpa_supplicant_timeout, wpa_s, NULL);
243 wpa_blacklist_del(wpa_s, wpa_s->bssid);
248 * wpa_supplicant_initiate_eapol - Configure EAPOL state machine
249 * @wpa_s: Pointer to wpa_supplicant data
251 * This function is used to configure EAPOL state machine based on the selected
252 * authentication mode.
254 void wpa_supplicant_initiate_eapol(struct wpa_supplicant *wpa_s)
256 #ifdef IEEE8021X_EAPOL
257 struct eapol_config eapol_conf;
258 struct wpa_ssid *ssid = wpa_s->current_ssid;
260 #ifdef CONFIG_IBSS_RSN
261 if (ssid->mode == WPAS_MODE_IBSS &&
262 wpa_s->key_mgmt != WPA_KEY_MGMT_NONE &&
263 wpa_s->key_mgmt != WPA_KEY_MGMT_WPA_NONE) {
265 * RSN IBSS authentication is per-STA and we can disable the
266 * per-BSSID EAPOL authentication.
268 eapol_sm_notify_portControl(wpa_s->eapol, ForceAuthorized);
269 eapol_sm_notify_eap_success(wpa_s->eapol, TRUE);
270 eapol_sm_notify_eap_fail(wpa_s->eapol, FALSE);
273 #endif /* CONFIG_IBSS_RSN */
275 eapol_sm_notify_eap_success(wpa_s->eapol, FALSE);
276 eapol_sm_notify_eap_fail(wpa_s->eapol, FALSE);
278 if (wpa_s->key_mgmt == WPA_KEY_MGMT_NONE ||
279 wpa_s->key_mgmt == WPA_KEY_MGMT_WPA_NONE)
280 eapol_sm_notify_portControl(wpa_s->eapol, ForceAuthorized);
282 eapol_sm_notify_portControl(wpa_s->eapol, Auto);
284 os_memset(&eapol_conf, 0, sizeof(eapol_conf));
285 if (wpa_s->key_mgmt == WPA_KEY_MGMT_IEEE8021X_NO_WPA) {
286 eapol_conf.accept_802_1x_keys = 1;
287 eapol_conf.required_keys = 0;
288 if (ssid->eapol_flags & EAPOL_FLAG_REQUIRE_KEY_UNICAST) {
289 eapol_conf.required_keys |= EAPOL_REQUIRE_KEY_UNICAST;
291 if (ssid->eapol_flags & EAPOL_FLAG_REQUIRE_KEY_BROADCAST) {
292 eapol_conf.required_keys |=
293 EAPOL_REQUIRE_KEY_BROADCAST;
296 if (wpa_s->conf && (wpa_s->drv_flags & WPA_DRIVER_FLAGS_WIRED))
297 eapol_conf.required_keys = 0;
300 eapol_conf.fast_reauth = wpa_s->conf->fast_reauth;
301 eapol_conf.workaround = ssid->eap_workaround;
302 eapol_conf.eap_disabled =
303 !wpa_key_mgmt_wpa_ieee8021x(wpa_s->key_mgmt) &&
304 wpa_s->key_mgmt != WPA_KEY_MGMT_IEEE8021X_NO_WPA &&
305 wpa_s->key_mgmt != WPA_KEY_MGMT_WPS;
306 eapol_sm_notify_config(wpa_s->eapol, &ssid->eap, &eapol_conf);
307 #endif /* IEEE8021X_EAPOL */
312 * wpa_supplicant_set_non_wpa_policy - Set WPA parameters to non-WPA mode
313 * @wpa_s: Pointer to wpa_supplicant data
314 * @ssid: Configuration data for the network
316 * This function is used to configure WPA state machine and related parameters
317 * to a mode where WPA is not enabled. This is called as part of the
318 * authentication configuration when the selected network does not use WPA.
320 void wpa_supplicant_set_non_wpa_policy(struct wpa_supplicant *wpa_s,
321 struct wpa_ssid *ssid)
325 if (ssid->key_mgmt & WPA_KEY_MGMT_WPS)
326 wpa_s->key_mgmt = WPA_KEY_MGMT_WPS;
327 else if (ssid->key_mgmt & WPA_KEY_MGMT_IEEE8021X_NO_WPA)
328 wpa_s->key_mgmt = WPA_KEY_MGMT_IEEE8021X_NO_WPA;
330 wpa_s->key_mgmt = WPA_KEY_MGMT_NONE;
331 wpa_sm_set_ap_wpa_ie(wpa_s->wpa, NULL, 0);
332 wpa_sm_set_ap_rsn_ie(wpa_s->wpa, NULL, 0);
333 wpa_sm_set_assoc_wpa_ie(wpa_s->wpa, NULL, 0);
334 wpa_s->pairwise_cipher = WPA_CIPHER_NONE;
335 wpa_s->group_cipher = WPA_CIPHER_NONE;
336 wpa_s->mgmt_group_cipher = 0;
338 for (i = 0; i < NUM_WEP_KEYS; i++) {
339 if (ssid->wep_key_len[i] > 5) {
340 wpa_s->pairwise_cipher = WPA_CIPHER_WEP104;
341 wpa_s->group_cipher = WPA_CIPHER_WEP104;
343 } else if (ssid->wep_key_len[i] > 0) {
344 wpa_s->pairwise_cipher = WPA_CIPHER_WEP40;
345 wpa_s->group_cipher = WPA_CIPHER_WEP40;
350 wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_RSN_ENABLED, 0);
351 wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_KEY_MGMT, wpa_s->key_mgmt);
352 wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_PAIRWISE,
353 wpa_s->pairwise_cipher);
354 wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_GROUP, wpa_s->group_cipher);
355 #ifdef CONFIG_IEEE80211W
356 wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_MGMT_GROUP,
357 wpa_s->mgmt_group_cipher);
358 #endif /* CONFIG_IEEE80211W */
360 pmksa_cache_clear_current(wpa_s->wpa);
364 void free_hw_features(struct wpa_supplicant *wpa_s)
367 if (wpa_s->hw.modes == NULL)
370 for (i = 0; i < wpa_s->hw.num_modes; i++) {
371 os_free(wpa_s->hw.modes[i].channels);
372 os_free(wpa_s->hw.modes[i].rates);
375 os_free(wpa_s->hw.modes);
376 wpa_s->hw.modes = NULL;
380 static void wpa_supplicant_cleanup(struct wpa_supplicant *wpa_s)
382 bgscan_deinit(wpa_s);
383 autoscan_deinit(wpa_s);
384 scard_deinit(wpa_s->scard);
386 wpa_sm_set_scard_ctx(wpa_s->wpa, NULL);
387 eapol_sm_register_scard_ctx(wpa_s->eapol, NULL);
388 l2_packet_deinit(wpa_s->l2);
391 l2_packet_deinit(wpa_s->l2_br);
395 if (wpa_s->conf != NULL) {
396 struct wpa_ssid *ssid;
397 for (ssid = wpa_s->conf->ssid; ssid; ssid = ssid->next)
398 wpas_notify_network_removed(wpa_s, ssid);
401 os_free(wpa_s->confname);
402 wpa_s->confname = NULL;
404 os_free(wpa_s->confanother);
405 wpa_s->confanother = NULL;
407 wpa_sm_set_eapol(wpa_s->wpa, NULL);
408 eapol_sm_deinit(wpa_s->eapol);
411 rsn_preauth_deinit(wpa_s->wpa);
414 wpa_tdls_deinit(wpa_s->wpa);
415 #endif /* CONFIG_TDLS */
417 pmksa_candidate_free(wpa_s->wpa);
418 wpa_sm_deinit(wpa_s->wpa);
420 wpa_blacklist_clear(wpa_s);
422 wpa_bss_deinit(wpa_s);
424 wpa_supplicant_cancel_delayed_sched_scan(wpa_s);
425 wpa_supplicant_cancel_scan(wpa_s);
426 wpa_supplicant_cancel_auth_timeout(wpa_s);
427 eloop_cancel_timeout(wpa_supplicant_stop_countermeasures, wpa_s, NULL);
428 #ifdef CONFIG_DELAYED_MIC_ERROR_REPORT
429 eloop_cancel_timeout(wpa_supplicant_delayed_mic_error_report,
431 #endif /* CONFIG_DELAYED_MIC_ERROR_REPORT */
433 wpas_wps_deinit(wpa_s);
435 wpabuf_free(wpa_s->pending_eapol_rx);
436 wpa_s->pending_eapol_rx = NULL;
438 #ifdef CONFIG_IBSS_RSN
439 ibss_rsn_deinit(wpa_s->ibss_rsn);
440 wpa_s->ibss_rsn = NULL;
441 #endif /* CONFIG_IBSS_RSN */
446 wpa_supplicant_ap_deinit(wpa_s);
447 #endif /* CONFIG_AP */
450 wpas_p2p_deinit(wpa_s);
451 #endif /* CONFIG_P2P */
453 #ifdef CONFIG_OFFCHANNEL
454 offchannel_deinit(wpa_s);
455 #endif /* CONFIG_OFFCHANNEL */
457 wpa_supplicant_cancel_sched_scan(wpa_s);
459 os_free(wpa_s->next_scan_freqs);
460 wpa_s->next_scan_freqs = NULL;
462 gas_query_deinit(wpa_s->gas);
465 free_hw_features(wpa_s);
467 os_free(wpa_s->bssid_filter);
468 wpa_s->bssid_filter = NULL;
470 os_free(wpa_s->disallow_aps_bssid);
471 wpa_s->disallow_aps_bssid = NULL;
472 os_free(wpa_s->disallow_aps_ssid);
473 wpa_s->disallow_aps_ssid = NULL;
475 wnm_bss_keep_alive_deinit(wpa_s);
477 wnm_deallocate_memory(wpa_s);
478 #endif /* CONFIG_WNM */
480 ext_password_deinit(wpa_s->ext_pw);
481 wpa_s->ext_pw = NULL;
483 wpabuf_free(wpa_s->last_gas_resp);
485 os_free(wpa_s->last_scan_res);
486 wpa_s->last_scan_res = NULL;
491 * wpa_clear_keys - Clear keys configured for the driver
492 * @wpa_s: Pointer to wpa_supplicant data
493 * @addr: Previously used BSSID or %NULL if not available
495 * This function clears the encryption keys that has been previously configured
498 void wpa_clear_keys(struct wpa_supplicant *wpa_s, const u8 *addr)
500 if (wpa_s->keys_cleared) {
501 /* Some drivers (e.g., ndiswrapper & NDIS drivers) seem to have
502 * timing issues with keys being cleared just before new keys
503 * are set or just after association or something similar. This
504 * shows up in group key handshake failing often because of the
505 * client not receiving the first encrypted packets correctly.
506 * Skipping some of the extra key clearing steps seems to help
507 * in completing group key handshake more reliably. */
508 wpa_dbg(wpa_s, MSG_DEBUG, "No keys have been configured - "
509 "skip key clearing");
513 /* MLME-DELETEKEYS.request */
514 wpa_drv_set_key(wpa_s, WPA_ALG_NONE, NULL, 0, 0, NULL, 0, NULL, 0);
515 wpa_drv_set_key(wpa_s, WPA_ALG_NONE, NULL, 1, 0, NULL, 0, NULL, 0);
516 wpa_drv_set_key(wpa_s, WPA_ALG_NONE, NULL, 2, 0, NULL, 0, NULL, 0);
517 wpa_drv_set_key(wpa_s, WPA_ALG_NONE, NULL, 3, 0, NULL, 0, NULL, 0);
518 #ifdef CONFIG_IEEE80211W
519 wpa_drv_set_key(wpa_s, WPA_ALG_NONE, NULL, 4, 0, NULL, 0, NULL, 0);
520 wpa_drv_set_key(wpa_s, WPA_ALG_NONE, NULL, 5, 0, NULL, 0, NULL, 0);
521 #endif /* CONFIG_IEEE80211W */
523 wpa_drv_set_key(wpa_s, WPA_ALG_NONE, addr, 0, 0, NULL, 0, NULL,
525 /* MLME-SETPROTECTION.request(None) */
526 wpa_drv_mlme_setprotection(
528 MLME_SETPROTECTION_PROTECT_TYPE_NONE,
529 MLME_SETPROTECTION_KEY_TYPE_PAIRWISE);
531 wpa_s->keys_cleared = 1;
536 * wpa_supplicant_state_txt - Get the connection state name as a text string
537 * @state: State (wpa_state; WPA_*)
538 * Returns: The state name as a printable text string
540 const char * wpa_supplicant_state_txt(enum wpa_states state)
543 case WPA_DISCONNECTED:
544 return "DISCONNECTED";
547 case WPA_INTERFACE_DISABLED:
548 return "INTERFACE_DISABLED";
551 case WPA_AUTHENTICATING:
552 return "AUTHENTICATING";
553 case WPA_ASSOCIATING:
554 return "ASSOCIATING";
557 case WPA_4WAY_HANDSHAKE:
558 return "4WAY_HANDSHAKE";
559 case WPA_GROUP_HANDSHAKE:
560 return "GROUP_HANDSHAKE";
571 static void wpa_supplicant_start_bgscan(struct wpa_supplicant *wpa_s)
573 if (wpas_driver_bss_selection(wpa_s))
575 if (wpa_s->current_ssid == wpa_s->bgscan_ssid)
578 bgscan_deinit(wpa_s);
579 if (wpa_s->current_ssid && wpa_s->current_ssid->bgscan) {
580 if (bgscan_init(wpa_s, wpa_s->current_ssid)) {
581 wpa_dbg(wpa_s, MSG_DEBUG, "Failed to initialize "
584 * Live without bgscan; it is only used as a roaming
585 * optimization, so the initial connection is not
589 struct wpa_scan_results *scan_res;
590 wpa_s->bgscan_ssid = wpa_s->current_ssid;
591 scan_res = wpa_supplicant_get_scan_results(wpa_s, NULL,
594 bgscan_notify_scan(wpa_s, scan_res);
595 wpa_scan_results_free(scan_res);
599 wpa_s->bgscan_ssid = NULL;
603 static void wpa_supplicant_stop_bgscan(struct wpa_supplicant *wpa_s)
605 if (wpa_s->bgscan_ssid != NULL) {
606 bgscan_deinit(wpa_s);
607 wpa_s->bgscan_ssid = NULL;
611 #endif /* CONFIG_BGSCAN */
614 static void wpa_supplicant_start_autoscan(struct wpa_supplicant *wpa_s)
616 if (autoscan_init(wpa_s, 0))
617 wpa_dbg(wpa_s, MSG_DEBUG, "Failed to initialize autoscan");
621 static void wpa_supplicant_stop_autoscan(struct wpa_supplicant *wpa_s)
623 autoscan_deinit(wpa_s);
627 void wpa_supplicant_reinit_autoscan(struct wpa_supplicant *wpa_s)
629 if (wpa_s->wpa_state == WPA_DISCONNECTED ||
630 wpa_s->wpa_state == WPA_SCANNING) {
631 autoscan_deinit(wpa_s);
632 wpa_supplicant_start_autoscan(wpa_s);
638 * wpa_supplicant_set_state - Set current connection state
639 * @wpa_s: Pointer to wpa_supplicant data
640 * @state: The new connection state
642 * This function is called whenever the connection state changes, e.g.,
643 * association is completed for WPA/WPA2 4-Way Handshake is started.
645 void wpa_supplicant_set_state(struct wpa_supplicant *wpa_s,
646 enum wpa_states state)
648 enum wpa_states old_state = wpa_s->wpa_state;
650 wpa_dbg(wpa_s, MSG_DEBUG, "State: %s -> %s",
651 wpa_supplicant_state_txt(wpa_s->wpa_state),
652 wpa_supplicant_state_txt(state));
654 if (state != WPA_SCANNING)
655 wpa_supplicant_notify_scanning(wpa_s, 0);
657 if (state == WPA_COMPLETED && wpa_s->new_connection) {
658 struct wpa_ssid *ssid = wpa_s->current_ssid;
659 #if defined(CONFIG_CTRL_IFACE) || !defined(CONFIG_NO_STDOUT_DEBUG)
660 wpa_msg(wpa_s, MSG_INFO, WPA_EVENT_CONNECTED "- Connection to "
661 MACSTR " completed [id=%d id_str=%s]",
662 MAC2STR(wpa_s->bssid),
663 ssid ? ssid->id : -1,
664 ssid && ssid->id_str ? ssid->id_str : "");
665 #endif /* CONFIG_CTRL_IFACE || !CONFIG_NO_STDOUT_DEBUG */
666 wpas_clear_temp_disabled(wpa_s, ssid, 1);
667 wpa_s->extra_blacklist_count = 0;
668 wpa_s->new_connection = 0;
669 wpa_drv_set_operstate(wpa_s, 1);
670 #ifndef IEEE8021X_EAPOL
671 wpa_drv_set_supp_port(wpa_s, 1);
672 #endif /* IEEE8021X_EAPOL */
673 wpa_s->after_wps = 0;
675 wpas_p2p_completed(wpa_s);
676 #endif /* CONFIG_P2P */
678 sme_sched_obss_scan(wpa_s, 1);
679 } else if (state == WPA_DISCONNECTED || state == WPA_ASSOCIATING ||
680 state == WPA_ASSOCIATED) {
681 wpa_s->new_connection = 1;
682 wpa_drv_set_operstate(wpa_s, 0);
683 #ifndef IEEE8021X_EAPOL
684 wpa_drv_set_supp_port(wpa_s, 0);
685 #endif /* IEEE8021X_EAPOL */
686 sme_sched_obss_scan(wpa_s, 0);
688 wpa_s->wpa_state = state;
691 if (state == WPA_COMPLETED)
692 wpa_supplicant_start_bgscan(wpa_s);
694 wpa_supplicant_stop_bgscan(wpa_s);
695 #endif /* CONFIG_BGSCAN */
697 if (state == WPA_AUTHENTICATING)
698 wpa_supplicant_stop_autoscan(wpa_s);
700 if (state == WPA_DISCONNECTED || state == WPA_INACTIVE)
701 wpa_supplicant_start_autoscan(wpa_s);
703 if (wpa_s->wpa_state != old_state) {
704 wpas_notify_state_changed(wpa_s, wpa_s->wpa_state, old_state);
706 if (wpa_s->wpa_state == WPA_COMPLETED ||
707 old_state == WPA_COMPLETED)
708 wpas_notify_auth_changed(wpa_s);
713 void wpa_supplicant_terminate_proc(struct wpa_global *global)
717 struct wpa_supplicant *wpa_s = global->ifaces;
719 if (wpas_wps_terminate_pending(wpa_s) == 1)
723 #endif /* CONFIG_WPS */
730 static void wpa_supplicant_terminate(int sig, void *signal_ctx)
732 struct wpa_global *global = signal_ctx;
733 wpa_supplicant_terminate_proc(global);
737 void wpa_supplicant_clear_status(struct wpa_supplicant *wpa_s)
739 enum wpa_states old_state = wpa_s->wpa_state;
741 wpa_s->pairwise_cipher = 0;
742 wpa_s->group_cipher = 0;
743 wpa_s->mgmt_group_cipher = 0;
745 if (wpa_s->wpa_state != WPA_INTERFACE_DISABLED)
746 wpa_supplicant_set_state(wpa_s, WPA_DISCONNECTED);
748 if (wpa_s->wpa_state != old_state)
749 wpas_notify_state_changed(wpa_s, wpa_s->wpa_state, old_state);
754 * wpa_supplicant_reload_configuration - Reload configuration data
755 * @wpa_s: Pointer to wpa_supplicant data
756 * Returns: 0 on success or -1 if configuration parsing failed
758 * This function can be used to request that the configuration data is reloaded
759 * (e.g., after configuration file change). This function is reloading
760 * configuration only for one interface, so this may need to be called multiple
761 * times if %wpa_supplicant is controlling multiple interfaces and all
762 * interfaces need reconfiguration.
764 int wpa_supplicant_reload_configuration(struct wpa_supplicant *wpa_s)
766 struct wpa_config *conf;
770 if (wpa_s->confname == NULL)
772 conf = wpa_config_read(wpa_s->confname, NULL);
774 wpa_msg(wpa_s, MSG_ERROR, "Failed to parse the configuration "
775 "file '%s' - exiting", wpa_s->confname);
778 wpa_config_read(wpa_s->confanother, conf);
780 conf->changed_parameters = (unsigned int) -1;
782 reconf_ctrl = !!conf->ctrl_interface != !!wpa_s->conf->ctrl_interface
783 || (conf->ctrl_interface && wpa_s->conf->ctrl_interface &&
784 os_strcmp(conf->ctrl_interface,
785 wpa_s->conf->ctrl_interface) != 0);
787 if (reconf_ctrl && wpa_s->ctrl_iface) {
788 wpa_supplicant_ctrl_iface_deinit(wpa_s->ctrl_iface);
789 wpa_s->ctrl_iface = NULL;
792 eapol_sm_invalidate_cached_session(wpa_s->eapol);
793 if (wpa_s->current_ssid) {
794 wpa_supplicant_deauthenticate(wpa_s,
795 WLAN_REASON_DEAUTH_LEAVING);
799 * TODO: should notify EAPOL SM about changes in opensc_engine_path,
800 * pkcs11_engine_path, pkcs11_module_path.
802 if (wpa_key_mgmt_wpa_psk(wpa_s->key_mgmt)) {
804 * Clear forced success to clear EAP state for next
807 eapol_sm_notify_eap_success(wpa_s->eapol, FALSE);
809 eapol_sm_notify_config(wpa_s->eapol, NULL, NULL);
810 wpa_sm_set_config(wpa_s->wpa, NULL);
811 wpa_sm_pmksa_cache_flush(wpa_s->wpa, NULL);
812 wpa_sm_set_fast_reauth(wpa_s->wpa, wpa_s->conf->fast_reauth);
813 rsn_preauth_deinit(wpa_s->wpa);
815 old_ap_scan = wpa_s->conf->ap_scan;
816 wpa_config_free(wpa_s->conf);
818 if (old_ap_scan != wpa_s->conf->ap_scan)
819 wpas_notify_ap_scan_changed(wpa_s);
822 wpa_s->ctrl_iface = wpa_supplicant_ctrl_iface_init(wpa_s);
824 wpa_supplicant_update_config(wpa_s);
826 wpa_supplicant_clear_status(wpa_s);
827 if (wpa_supplicant_enabled_networks(wpa_s)) {
828 wpa_s->reassociate = 1;
829 wpa_supplicant_req_scan(wpa_s, 0, 0);
831 wpa_dbg(wpa_s, MSG_DEBUG, "Reconfiguration completed");
836 static void wpa_supplicant_reconfig(int sig, void *signal_ctx)
838 struct wpa_global *global = signal_ctx;
839 struct wpa_supplicant *wpa_s;
840 for (wpa_s = global->ifaces; wpa_s; wpa_s = wpa_s->next) {
841 wpa_dbg(wpa_s, MSG_DEBUG, "Signal %d received - reconfiguring",
843 if (wpa_supplicant_reload_configuration(wpa_s) < 0) {
844 wpa_supplicant_terminate_proc(global);
850 enum wpa_key_mgmt key_mgmt2driver(int key_mgmt)
853 case WPA_KEY_MGMT_NONE:
854 return KEY_MGMT_NONE;
855 case WPA_KEY_MGMT_IEEE8021X_NO_WPA:
856 return KEY_MGMT_802_1X_NO_WPA;
857 case WPA_KEY_MGMT_IEEE8021X:
858 return KEY_MGMT_802_1X;
859 case WPA_KEY_MGMT_WPA_NONE:
860 return KEY_MGMT_WPA_NONE;
861 case WPA_KEY_MGMT_FT_IEEE8021X:
862 return KEY_MGMT_FT_802_1X;
863 case WPA_KEY_MGMT_FT_PSK:
864 return KEY_MGMT_FT_PSK;
865 case WPA_KEY_MGMT_IEEE8021X_SHA256:
866 return KEY_MGMT_802_1X_SHA256;
867 case WPA_KEY_MGMT_PSK_SHA256:
868 return KEY_MGMT_PSK_SHA256;
869 case WPA_KEY_MGMT_WPS:
871 case WPA_KEY_MGMT_PSK:
878 static int wpa_supplicant_suites_from_ai(struct wpa_supplicant *wpa_s,
879 struct wpa_ssid *ssid,
880 struct wpa_ie_data *ie)
882 int ret = wpa_sm_parse_own_wpa_ie(wpa_s->wpa, ie);
885 wpa_msg(wpa_s, MSG_INFO, "WPA: Failed to parse WPA IE "
886 "from association info");
891 wpa_dbg(wpa_s, MSG_DEBUG, "WPA: Using WPA IE from AssocReq to set "
893 if (!(ie->group_cipher & ssid->group_cipher)) {
894 wpa_msg(wpa_s, MSG_INFO, "WPA: Driver used disabled group "
895 "cipher 0x%x (mask 0x%x) - reject",
896 ie->group_cipher, ssid->group_cipher);
899 if (!(ie->pairwise_cipher & ssid->pairwise_cipher)) {
900 wpa_msg(wpa_s, MSG_INFO, "WPA: Driver used disabled pairwise "
901 "cipher 0x%x (mask 0x%x) - reject",
902 ie->pairwise_cipher, ssid->pairwise_cipher);
905 if (!(ie->key_mgmt & ssid->key_mgmt)) {
906 wpa_msg(wpa_s, MSG_INFO, "WPA: Driver used disabled key "
907 "management 0x%x (mask 0x%x) - reject",
908 ie->key_mgmt, ssid->key_mgmt);
912 #ifdef CONFIG_IEEE80211W
913 if (!(ie->capabilities & WPA_CAPABILITY_MFPC) &&
914 (ssid->ieee80211w == MGMT_FRAME_PROTECTION_DEFAULT ?
915 wpa_s->conf->pmf : ssid->ieee80211w) ==
916 MGMT_FRAME_PROTECTION_REQUIRED) {
917 wpa_msg(wpa_s, MSG_INFO, "WPA: Driver associated with an AP "
918 "that does not support management frame protection - "
922 #endif /* CONFIG_IEEE80211W */
929 * wpa_supplicant_set_suites - Set authentication and encryption parameters
930 * @wpa_s: Pointer to wpa_supplicant data
931 * @bss: Scan results for the selected BSS, or %NULL if not available
932 * @ssid: Configuration data for the selected network
933 * @wpa_ie: Buffer for the WPA/RSN IE
934 * @wpa_ie_len: Maximum wpa_ie buffer size on input. This is changed to be the
935 * used buffer length in case the functions returns success.
936 * Returns: 0 on success or -1 on failure
938 * This function is used to configure authentication and encryption parameters
939 * based on the network configuration and scan result for the selected BSS (if
942 int wpa_supplicant_set_suites(struct wpa_supplicant *wpa_s,
943 struct wpa_bss *bss, struct wpa_ssid *ssid,
944 u8 *wpa_ie, size_t *wpa_ie_len)
946 struct wpa_ie_data ie;
948 const u8 *bss_wpa, *bss_rsn;
951 bss_wpa = wpa_bss_get_vendor_ie(bss, WPA_IE_VENDOR_TYPE);
952 bss_rsn = wpa_bss_get_ie(bss, WLAN_EID_RSN);
954 bss_wpa = bss_rsn = NULL;
956 if (bss_rsn && (ssid->proto & WPA_PROTO_RSN) &&
957 wpa_parse_wpa_ie(bss_rsn, 2 + bss_rsn[1], &ie) == 0 &&
958 (ie.group_cipher & ssid->group_cipher) &&
959 (ie.pairwise_cipher & ssid->pairwise_cipher) &&
960 (ie.key_mgmt & ssid->key_mgmt)) {
961 wpa_dbg(wpa_s, MSG_DEBUG, "RSN: using IEEE 802.11i/D9.0");
962 proto = WPA_PROTO_RSN;
963 } else if (bss_wpa && (ssid->proto & WPA_PROTO_WPA) &&
964 wpa_parse_wpa_ie(bss_wpa, 2 +bss_wpa[1], &ie) == 0 &&
965 (ie.group_cipher & ssid->group_cipher) &&
966 (ie.pairwise_cipher & ssid->pairwise_cipher) &&
967 (ie.key_mgmt & ssid->key_mgmt)) {
968 wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using IEEE 802.11i/D3.0");
969 proto = WPA_PROTO_WPA;
971 wpa_msg(wpa_s, MSG_WARNING, "WPA: Failed to select WPA/RSN");
974 if (ssid->proto & WPA_PROTO_RSN)
975 proto = WPA_PROTO_RSN;
977 proto = WPA_PROTO_WPA;
978 if (wpa_supplicant_suites_from_ai(wpa_s, ssid, &ie) < 0) {
979 os_memset(&ie, 0, sizeof(ie));
980 ie.group_cipher = ssid->group_cipher;
981 ie.pairwise_cipher = ssid->pairwise_cipher;
982 ie.key_mgmt = ssid->key_mgmt;
983 #ifdef CONFIG_IEEE80211W
984 ie.mgmt_group_cipher =
985 ssid->ieee80211w != NO_MGMT_FRAME_PROTECTION ?
986 WPA_CIPHER_AES_128_CMAC : 0;
987 #endif /* CONFIG_IEEE80211W */
988 wpa_dbg(wpa_s, MSG_DEBUG, "WPA: Set cipher suites "
989 "based on configuration");
994 wpa_dbg(wpa_s, MSG_DEBUG, "WPA: Selected cipher suites: group %d "
995 "pairwise %d key_mgmt %d proto %d",
996 ie.group_cipher, ie.pairwise_cipher, ie.key_mgmt, proto);
997 #ifdef CONFIG_IEEE80211W
998 if (ssid->ieee80211w) {
999 wpa_dbg(wpa_s, MSG_DEBUG, "WPA: Selected mgmt group cipher %d",
1000 ie.mgmt_group_cipher);
1002 #endif /* CONFIG_IEEE80211W */
1004 wpa_s->wpa_proto = proto;
1005 wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_PROTO, proto);
1006 wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_RSN_ENABLED,
1007 !!(ssid->proto & WPA_PROTO_RSN));
1009 if (bss || !wpa_s->ap_ies_from_associnfo) {
1010 if (wpa_sm_set_ap_wpa_ie(wpa_s->wpa, bss_wpa,
1011 bss_wpa ? 2 + bss_wpa[1] : 0) ||
1012 wpa_sm_set_ap_rsn_ie(wpa_s->wpa, bss_rsn,
1013 bss_rsn ? 2 + bss_rsn[1] : 0))
1017 sel = ie.group_cipher & ssid->group_cipher;
1018 wpa_s->group_cipher = wpa_pick_group_cipher(sel);
1019 if (wpa_s->group_cipher < 0) {
1020 wpa_msg(wpa_s, MSG_WARNING, "WPA: Failed to select group "
1024 wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using GTK %s",
1025 wpa_cipher_txt(wpa_s->group_cipher));
1027 sel = ie.pairwise_cipher & ssid->pairwise_cipher;
1028 wpa_s->pairwise_cipher = wpa_pick_pairwise_cipher(sel, 1);
1029 if (wpa_s->pairwise_cipher < 0) {
1030 wpa_msg(wpa_s, MSG_WARNING, "WPA: Failed to select pairwise "
1034 wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using PTK %s",
1035 wpa_cipher_txt(wpa_s->pairwise_cipher));
1037 sel = ie.key_mgmt & ssid->key_mgmt;
1039 if (!(wpa_s->drv_flags & WPA_DRIVER_FLAGS_SAE))
1040 sel &= ~(WPA_KEY_MGMT_SAE | WPA_KEY_MGMT_FT_SAE);
1041 #endif /* CONFIG_SAE */
1043 #ifdef CONFIG_IEEE80211R
1044 } else if (sel & WPA_KEY_MGMT_FT_IEEE8021X) {
1045 wpa_s->key_mgmt = WPA_KEY_MGMT_FT_IEEE8021X;
1046 wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using KEY_MGMT FT/802.1X");
1047 } else if (sel & WPA_KEY_MGMT_FT_PSK) {
1048 wpa_s->key_mgmt = WPA_KEY_MGMT_FT_PSK;
1049 wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using KEY_MGMT FT/PSK");
1050 #endif /* CONFIG_IEEE80211R */
1052 } else if (sel & WPA_KEY_MGMT_SAE) {
1053 wpa_s->key_mgmt = WPA_KEY_MGMT_SAE;
1054 wpa_dbg(wpa_s, MSG_DEBUG, "RSN: using KEY_MGMT SAE");
1055 } else if (sel & WPA_KEY_MGMT_FT_SAE) {
1056 wpa_s->key_mgmt = WPA_KEY_MGMT_FT_SAE;
1057 wpa_dbg(wpa_s, MSG_DEBUG, "RSN: using KEY_MGMT FT/SAE");
1058 #endif /* CONFIG_SAE */
1059 #ifdef CONFIG_IEEE80211W
1060 } else if (sel & WPA_KEY_MGMT_IEEE8021X_SHA256) {
1061 wpa_s->key_mgmt = WPA_KEY_MGMT_IEEE8021X_SHA256;
1062 wpa_dbg(wpa_s, MSG_DEBUG,
1063 "WPA: using KEY_MGMT 802.1X with SHA256");
1064 } else if (sel & WPA_KEY_MGMT_PSK_SHA256) {
1065 wpa_s->key_mgmt = WPA_KEY_MGMT_PSK_SHA256;
1066 wpa_dbg(wpa_s, MSG_DEBUG,
1067 "WPA: using KEY_MGMT PSK with SHA256");
1068 #endif /* CONFIG_IEEE80211W */
1069 } else if (sel & WPA_KEY_MGMT_IEEE8021X) {
1070 wpa_s->key_mgmt = WPA_KEY_MGMT_IEEE8021X;
1071 wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using KEY_MGMT 802.1X");
1072 } else if (sel & WPA_KEY_MGMT_PSK) {
1073 wpa_s->key_mgmt = WPA_KEY_MGMT_PSK;
1074 wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using KEY_MGMT WPA-PSK");
1075 } else if (sel & WPA_KEY_MGMT_WPA_NONE) {
1076 wpa_s->key_mgmt = WPA_KEY_MGMT_WPA_NONE;
1077 wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using KEY_MGMT WPA-NONE");
1079 wpa_msg(wpa_s, MSG_WARNING, "WPA: Failed to select "
1080 "authenticated key management type");
1084 wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_KEY_MGMT, wpa_s->key_mgmt);
1085 wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_PAIRWISE,
1086 wpa_s->pairwise_cipher);
1087 wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_GROUP, wpa_s->group_cipher);
1089 #ifdef CONFIG_IEEE80211W
1090 sel = ie.mgmt_group_cipher;
1091 if ((ssid->ieee80211w == MGMT_FRAME_PROTECTION_DEFAULT ?
1092 wpa_s->conf->pmf : ssid->ieee80211w) == NO_MGMT_FRAME_PROTECTION ||
1093 !(ie.capabilities & WPA_CAPABILITY_MFPC))
1095 if (sel & WPA_CIPHER_AES_128_CMAC) {
1096 wpa_s->mgmt_group_cipher = WPA_CIPHER_AES_128_CMAC;
1097 wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using MGMT group cipher "
1100 wpa_s->mgmt_group_cipher = 0;
1101 wpa_dbg(wpa_s, MSG_DEBUG, "WPA: not using MGMT group cipher");
1103 wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_MGMT_GROUP,
1104 wpa_s->mgmt_group_cipher);
1105 wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_MFP,
1106 (ssid->ieee80211w == MGMT_FRAME_PROTECTION_DEFAULT ?
1107 wpa_s->conf->pmf : ssid->ieee80211w));
1108 #endif /* CONFIG_IEEE80211W */
1110 if (wpa_sm_set_assoc_wpa_ie_default(wpa_s->wpa, wpa_ie, wpa_ie_len)) {
1111 wpa_msg(wpa_s, MSG_WARNING, "WPA: Failed to generate WPA IE");
1115 if (wpa_key_mgmt_wpa_psk(ssid->key_mgmt)) {
1116 wpa_sm_set_pmk(wpa_s->wpa, ssid->psk, PMK_LEN);
1117 #ifndef CONFIG_NO_PBKDF2
1118 if (bss && ssid->bssid_set && ssid->ssid_len == 0 &&
1121 pbkdf2_sha1(ssid->passphrase, bss->ssid, bss->ssid_len,
1122 4096, psk, PMK_LEN);
1123 wpa_hexdump_key(MSG_MSGDUMP, "PSK (from passphrase)",
1125 wpa_sm_set_pmk(wpa_s->wpa, psk, PMK_LEN);
1127 #endif /* CONFIG_NO_PBKDF2 */
1128 #ifdef CONFIG_EXT_PASSWORD
1129 if (ssid->ext_psk) {
1130 struct wpabuf *pw = ext_password_get(wpa_s->ext_pw,
1132 char pw_str[64 + 1];
1136 wpa_msg(wpa_s, MSG_INFO, "EXT PW: No PSK "
1137 "found from external storage");
1141 if (wpabuf_len(pw) < 8 || wpabuf_len(pw) > 64) {
1142 wpa_msg(wpa_s, MSG_INFO, "EXT PW: Unexpected "
1143 "PSK length %d in external storage",
1144 (int) wpabuf_len(pw));
1145 ext_password_free(pw);
1149 os_memcpy(pw_str, wpabuf_head(pw), wpabuf_len(pw));
1150 pw_str[wpabuf_len(pw)] = '\0';
1152 #ifndef CONFIG_NO_PBKDF2
1153 if (wpabuf_len(pw) >= 8 && wpabuf_len(pw) < 64 && bss)
1155 pbkdf2_sha1(pw_str, bss->ssid, bss->ssid_len,
1156 4096, psk, PMK_LEN);
1157 os_memset(pw_str, 0, sizeof(pw_str));
1158 wpa_hexdump_key(MSG_MSGDUMP, "PSK (from "
1159 "external passphrase)",
1161 wpa_sm_set_pmk(wpa_s->wpa, psk, PMK_LEN);
1163 #endif /* CONFIG_NO_PBKDF2 */
1164 if (wpabuf_len(pw) == 2 * PMK_LEN) {
1165 if (hexstr2bin(pw_str, psk, PMK_LEN) < 0) {
1166 wpa_msg(wpa_s, MSG_INFO, "EXT PW: "
1167 "Invalid PSK hex string");
1168 os_memset(pw_str, 0, sizeof(pw_str));
1169 ext_password_free(pw);
1172 wpa_sm_set_pmk(wpa_s->wpa, psk, PMK_LEN);
1174 wpa_msg(wpa_s, MSG_INFO, "EXT PW: No suitable "
1176 os_memset(pw_str, 0, sizeof(pw_str));
1177 ext_password_free(pw);
1181 os_memset(pw_str, 0, sizeof(pw_str));
1182 ext_password_free(pw);
1184 #endif /* CONFIG_EXT_PASSWORD */
1186 wpa_sm_set_pmk_from_pmksa(wpa_s->wpa);
1192 static void wpas_ext_capab_byte(struct wpa_supplicant *wpa_s, u8 *pos, int idx)
1197 case 0: /* Bits 0-7 */
1199 case 1: /* Bits 8-15 */
1201 case 2: /* Bits 16-23 */
1203 *pos |= 0x02; /* Bit 17 - WNM-Sleep Mode */
1204 *pos |= 0x08; /* Bit 19 - BSS Transition */
1205 #endif /* CONFIG_WNM */
1207 case 3: /* Bits 24-31 */
1209 *pos |= 0x02; /* Bit 25 - SSID List */
1210 #endif /* CONFIG_WNM */
1211 #ifdef CONFIG_INTERWORKING
1212 if (wpa_s->conf->interworking)
1213 *pos |= 0x80; /* Bit 31 - Interworking */
1214 #endif /* CONFIG_INTERWORKING */
1216 case 4: /* Bits 32-39 */
1218 case 5: /* Bits 40-47 */
1220 case 6: /* Bits 48-55 */
1226 int wpas_build_ext_capab(struct wpa_supplicant *wpa_s, u8 *buf)
1231 if (len < wpa_s->extended_capa_len)
1232 len = wpa_s->extended_capa_len;
1234 *pos++ = WLAN_EID_EXT_CAPAB;
1236 for (i = 0; i < len; i++, pos++) {
1237 wpas_ext_capab_byte(wpa_s, pos, i);
1239 if (i < wpa_s->extended_capa_len) {
1240 *pos &= ~wpa_s->extended_capa_mask[i];
1241 *pos |= wpa_s->extended_capa[i];
1245 while (len > 0 && buf[1 + len] == 0) {
1257 * wpa_supplicant_associate - Request association
1258 * @wpa_s: Pointer to wpa_supplicant data
1259 * @bss: Scan results for the selected BSS, or %NULL if not available
1260 * @ssid: Configuration data for the selected network
1262 * This function is used to request %wpa_supplicant to associate with a BSS.
1264 void wpa_supplicant_associate(struct wpa_supplicant *wpa_s,
1265 struct wpa_bss *bss, struct wpa_ssid *ssid)
1269 int use_crypt, ret, i, bssid_changed;
1270 int algs = WPA_AUTH_ALG_OPEN;
1271 enum wpa_cipher cipher_pairwise, cipher_group;
1272 struct wpa_driver_associate_params params;
1273 int wep_keys_set = 0;
1274 int assoc_failed = 0;
1275 struct wpa_ssid *old_ssid;
1278 #ifdef CONFIG_HT_OVERRIDES
1279 struct ieee80211_ht_capabilities htcaps;
1280 struct ieee80211_ht_capabilities htcaps_mask;
1281 #endif /* CONFIG_HT_OVERRIDES */
1283 #ifdef CONFIG_IBSS_RSN
1284 ibss_rsn_deinit(wpa_s->ibss_rsn);
1285 wpa_s->ibss_rsn = NULL;
1286 #endif /* CONFIG_IBSS_RSN */
1288 if (ssid->mode == WPAS_MODE_AP || ssid->mode == WPAS_MODE_P2P_GO ||
1289 ssid->mode == WPAS_MODE_P2P_GROUP_FORMATION) {
1291 if (!(wpa_s->drv_flags & WPA_DRIVER_FLAGS_AP)) {
1292 wpa_msg(wpa_s, MSG_INFO, "Driver does not support AP "
1296 if (wpa_supplicant_create_ap(wpa_s, ssid) < 0) {
1297 wpa_supplicant_set_state(wpa_s, WPA_DISCONNECTED);
1300 wpa_s->current_bss = bss;
1301 #else /* CONFIG_AP */
1302 wpa_msg(wpa_s, MSG_ERROR, "AP mode support not included in "
1304 #endif /* CONFIG_AP */
1310 wpa_tdls_ap_ies(wpa_s->wpa, (const u8 *) (bss + 1),
1312 #endif /* CONFIG_TDLS */
1314 if ((wpa_s->drv_flags & WPA_DRIVER_FLAGS_SME) &&
1315 ssid->mode == IEEE80211_MODE_INFRA) {
1316 sme_authenticate(wpa_s, bss, ssid);
1320 os_memset(¶ms, 0, sizeof(params));
1321 wpa_s->reassociate = 0;
1322 if (bss && !wpas_driver_bss_selection(wpa_s)) {
1323 #ifdef CONFIG_IEEE80211R
1324 const u8 *ie, *md = NULL;
1325 #endif /* CONFIG_IEEE80211R */
1326 wpa_msg(wpa_s, MSG_INFO, "Trying to associate with " MACSTR
1327 " (SSID='%s' freq=%d MHz)", MAC2STR(bss->bssid),
1328 wpa_ssid_txt(bss->ssid, bss->ssid_len), bss->freq);
1329 bssid_changed = !is_zero_ether_addr(wpa_s->bssid);
1330 os_memset(wpa_s->bssid, 0, ETH_ALEN);
1331 os_memcpy(wpa_s->pending_bssid, bss->bssid, ETH_ALEN);
1333 wpas_notify_bssid_changed(wpa_s);
1334 #ifdef CONFIG_IEEE80211R
1335 ie = wpa_bss_get_ie(bss, WLAN_EID_MOBILITY_DOMAIN);
1336 if (ie && ie[1] >= MOBILITY_DOMAIN_ID_LEN)
1338 wpa_sm_set_ft_params(wpa_s->wpa, ie, ie ? 2 + ie[1] : 0);
1340 /* Prepare for the next transition */
1341 wpa_ft_prepare_auth_request(wpa_s->wpa, ie);
1343 #endif /* CONFIG_IEEE80211R */
1345 } else if ((ssid->ssid == NULL || ssid->ssid_len == 0) &&
1346 wpa_s->conf->ap_scan == 2 &&
1347 (ssid->key_mgmt & WPA_KEY_MGMT_WPS)) {
1348 /* Use ap_scan==1 style network selection to find the network
1350 wpa_s->scan_req = MANUAL_SCAN_REQ;
1351 wpa_s->reassociate = 1;
1352 wpa_supplicant_req_scan(wpa_s, 0, 0);
1354 #endif /* CONFIG_WPS */
1356 wpa_msg(wpa_s, MSG_INFO, "Trying to associate with SSID '%s'",
1357 wpa_ssid_txt(ssid->ssid, ssid->ssid_len));
1358 os_memset(wpa_s->pending_bssid, 0, ETH_ALEN);
1360 wpa_supplicant_cancel_sched_scan(wpa_s);
1361 wpa_supplicant_cancel_scan(wpa_s);
1363 /* Starting new association, so clear the possibly used WPA IE from the
1364 * previous association. */
1365 wpa_sm_set_assoc_wpa_ie(wpa_s->wpa, NULL, 0);
1367 #ifdef IEEE8021X_EAPOL
1368 if (ssid->key_mgmt & WPA_KEY_MGMT_IEEE8021X_NO_WPA) {
1370 if (ssid->non_leap == 0)
1371 algs = WPA_AUTH_ALG_LEAP;
1373 algs |= WPA_AUTH_ALG_LEAP;
1376 #endif /* IEEE8021X_EAPOL */
1377 wpa_dbg(wpa_s, MSG_DEBUG, "Automatic auth_alg selection: 0x%x", algs);
1378 if (ssid->auth_alg) {
1379 algs = ssid->auth_alg;
1380 wpa_dbg(wpa_s, MSG_DEBUG, "Overriding auth_alg selection: "
1384 if (bss && (wpa_bss_get_vendor_ie(bss, WPA_IE_VENDOR_TYPE) ||
1385 wpa_bss_get_ie(bss, WLAN_EID_RSN)) &&
1386 wpa_key_mgmt_wpa(ssid->key_mgmt)) {
1387 int try_opportunistic;
1388 try_opportunistic = (ssid->proactive_key_caching < 0 ?
1390 ssid->proactive_key_caching) &&
1391 (ssid->proto & WPA_PROTO_RSN);
1392 if (pmksa_cache_set_current(wpa_s->wpa, NULL, bss->bssid,
1393 ssid, try_opportunistic) == 0)
1394 eapol_sm_notify_pmkid_attempt(wpa_s->eapol, 1);
1395 wpa_ie_len = sizeof(wpa_ie);
1396 if (wpa_supplicant_set_suites(wpa_s, bss, ssid,
1397 wpa_ie, &wpa_ie_len)) {
1398 wpa_msg(wpa_s, MSG_WARNING, "WPA: Failed to set WPA "
1399 "key management and encryption suites");
1402 } else if ((ssid->key_mgmt & WPA_KEY_MGMT_IEEE8021X_NO_WPA) && bss &&
1403 wpa_key_mgmt_wpa_ieee8021x(ssid->key_mgmt)) {
1405 * Both WPA and non-WPA IEEE 802.1X enabled in configuration -
1406 * use non-WPA since the scan results did not indicate that the
1407 * AP is using WPA or WPA2.
1409 wpa_supplicant_set_non_wpa_policy(wpa_s, ssid);
1411 wpa_s->wpa_proto = 0;
1412 } else if (wpa_key_mgmt_wpa_any(ssid->key_mgmt)) {
1413 wpa_ie_len = sizeof(wpa_ie);
1414 if (wpa_supplicant_set_suites(wpa_s, NULL, ssid,
1415 wpa_ie, &wpa_ie_len)) {
1416 wpa_msg(wpa_s, MSG_WARNING, "WPA: Failed to set WPA "
1417 "key management and encryption suites (no "
1422 } else if (ssid->key_mgmt & WPA_KEY_MGMT_WPS) {
1423 struct wpabuf *wps_ie;
1424 wps_ie = wps_build_assoc_req_ie(wpas_wps_get_req_type(ssid));
1425 if (wps_ie && wpabuf_len(wps_ie) <= sizeof(wpa_ie)) {
1426 wpa_ie_len = wpabuf_len(wps_ie);
1427 os_memcpy(wpa_ie, wpabuf_head(wps_ie), wpa_ie_len);
1430 wpabuf_free(wps_ie);
1431 wpa_supplicant_set_non_wpa_policy(wpa_s, ssid);
1432 if (!bss || (bss->caps & IEEE80211_CAP_PRIVACY))
1433 params.wps = WPS_MODE_PRIVACY;
1435 params.wps = WPS_MODE_OPEN;
1436 wpa_s->wpa_proto = 0;
1437 #endif /* CONFIG_WPS */
1439 wpa_supplicant_set_non_wpa_policy(wpa_s, ssid);
1441 wpa_s->wpa_proto = 0;
1445 if (wpa_s->global->p2p) {
1449 pos = wpa_ie + wpa_ie_len;
1450 len = sizeof(wpa_ie) - wpa_ie_len;
1451 res = wpas_p2p_assoc_req_ie(wpa_s, bss, pos, len,
1457 wpa_s->cross_connect_disallowed = 0;
1460 p2p = wpa_bss_get_vendor_ie_multi(bss, P2P_IE_VENDOR_TYPE);
1462 wpa_s->cross_connect_disallowed =
1463 p2p_get_cross_connect_disallowed(p2p);
1465 wpa_dbg(wpa_s, MSG_DEBUG, "P2P: WLAN AP %s cross "
1467 wpa_s->cross_connect_disallowed ?
1468 "disallows" : "allows");
1471 #endif /* CONFIG_P2P */
1474 if (is_hs20_network(wpa_s, ssid, bss)) {
1475 struct wpabuf *hs20;
1476 hs20 = wpabuf_alloc(20);
1478 wpas_hs20_add_indication(hs20);
1479 os_memcpy(wpa_ie + wpa_ie_len, wpabuf_head(hs20),
1481 wpa_ie_len += wpabuf_len(hs20);
1485 #endif /* CONFIG_HS20 */
1487 ext_capab_len = wpas_build_ext_capab(wpa_s, ext_capab);
1488 if (ext_capab_len > 0) {
1490 if (wpa_ie_len > 0 && pos[0] == WLAN_EID_RSN)
1492 os_memmove(pos + ext_capab_len, pos,
1493 wpa_ie_len - (pos - wpa_ie));
1494 wpa_ie_len += ext_capab_len;
1495 os_memcpy(pos, ext_capab, ext_capab_len);
1498 wpa_clear_keys(wpa_s, bss ? bss->bssid : NULL);
1500 cipher_pairwise = wpa_cipher_to_suite_driver(wpa_s->pairwise_cipher);
1501 cipher_group = wpa_cipher_to_suite_driver(wpa_s->group_cipher);
1502 if (wpa_s->key_mgmt == WPA_KEY_MGMT_NONE ||
1503 wpa_s->key_mgmt == WPA_KEY_MGMT_IEEE8021X_NO_WPA) {
1504 if (wpa_s->key_mgmt == WPA_KEY_MGMT_NONE)
1506 if (wpa_set_wep_keys(wpa_s, ssid)) {
1511 if (wpa_s->key_mgmt == WPA_KEY_MGMT_WPS)
1514 #ifdef IEEE8021X_EAPOL
1515 if (wpa_s->key_mgmt == WPA_KEY_MGMT_IEEE8021X_NO_WPA) {
1516 if ((ssid->eapol_flags &
1517 (EAPOL_FLAG_REQUIRE_KEY_UNICAST |
1518 EAPOL_FLAG_REQUIRE_KEY_BROADCAST)) == 0 &&
1522 /* Assume that dynamic WEP-104 keys will be used and
1523 * set cipher suites in order for drivers to expect
1525 cipher_pairwise = cipher_group = CIPHER_WEP104;
1528 #endif /* IEEE8021X_EAPOL */
1530 if (wpa_s->key_mgmt == WPA_KEY_MGMT_WPA_NONE) {
1531 /* Set the key before (and later after) association */
1532 wpa_supplicant_set_wpa_none_key(wpa_s, ssid);
1535 wpa_supplicant_set_state(wpa_s, WPA_ASSOCIATING);
1537 params.ssid = bss->ssid;
1538 params.ssid_len = bss->ssid_len;
1539 if (!wpas_driver_bss_selection(wpa_s) || ssid->bssid_set) {
1540 wpa_printf(MSG_DEBUG, "Limit connection to BSSID "
1541 MACSTR " freq=%u MHz based on scan results "
1543 MAC2STR(bss->bssid), bss->freq,
1545 params.bssid = bss->bssid;
1546 params.freq = bss->freq;
1549 params.ssid = ssid->ssid;
1550 params.ssid_len = ssid->ssid_len;
1553 if (ssid->mode == WPAS_MODE_IBSS && ssid->bssid_set &&
1554 wpa_s->conf->ap_scan == 2) {
1555 params.bssid = ssid->bssid;
1556 params.fixed_bssid = 1;
1559 if (ssid->mode == WPAS_MODE_IBSS && ssid->frequency > 0 &&
1561 params.freq = ssid->frequency; /* Initial channel for IBSS */
1562 params.wpa_ie = wpa_ie;
1563 params.wpa_ie_len = wpa_ie_len;
1564 params.pairwise_suite = cipher_pairwise;
1565 params.group_suite = cipher_group;
1566 params.key_mgmt_suite = key_mgmt2driver(wpa_s->key_mgmt);
1567 params.wpa_proto = wpa_s->wpa_proto;
1568 params.auth_alg = algs;
1569 params.mode = ssid->mode;
1570 params.bg_scan_period = ssid->bg_scan_period;
1571 for (i = 0; i < NUM_WEP_KEYS; i++) {
1572 if (ssid->wep_key_len[i])
1573 params.wep_key[i] = ssid->wep_key[i];
1574 params.wep_key_len[i] = ssid->wep_key_len[i];
1576 params.wep_tx_keyidx = ssid->wep_tx_keyidx;
1578 if ((wpa_s->drv_flags & WPA_DRIVER_FLAGS_4WAY_HANDSHAKE) &&
1579 (params.key_mgmt_suite == KEY_MGMT_PSK ||
1580 params.key_mgmt_suite == KEY_MGMT_FT_PSK)) {
1581 params.passphrase = ssid->passphrase;
1583 params.psk = ssid->psk;
1586 params.drop_unencrypted = use_crypt;
1588 #ifdef CONFIG_IEEE80211W
1589 params.mgmt_frame_protection =
1590 ssid->ieee80211w == MGMT_FRAME_PROTECTION_DEFAULT ?
1591 wpa_s->conf->pmf : ssid->ieee80211w;
1592 if (params.mgmt_frame_protection != NO_MGMT_FRAME_PROTECTION && bss) {
1593 const u8 *rsn = wpa_bss_get_ie(bss, WLAN_EID_RSN);
1594 struct wpa_ie_data ie;
1595 if (rsn && wpa_parse_wpa_ie(rsn, 2 + rsn[1], &ie) == 0 &&
1597 (WPA_CAPABILITY_MFPC | WPA_CAPABILITY_MFPR)) {
1598 wpa_dbg(wpa_s, MSG_DEBUG, "WPA: Selected AP supports "
1599 "MFP: require MFP");
1600 params.mgmt_frame_protection =
1601 MGMT_FRAME_PROTECTION_REQUIRED;
1604 #endif /* CONFIG_IEEE80211W */
1606 params.p2p = ssid->p2p_group;
1608 if (wpa_s->parent->set_sta_uapsd)
1609 params.uapsd = wpa_s->parent->sta_uapsd;
1613 #ifdef CONFIG_HT_OVERRIDES
1614 os_memset(&htcaps, 0, sizeof(htcaps));
1615 os_memset(&htcaps_mask, 0, sizeof(htcaps_mask));
1616 params.htcaps = (u8 *) &htcaps;
1617 params.htcaps_mask = (u8 *) &htcaps_mask;
1618 wpa_supplicant_apply_ht_overrides(wpa_s, ssid, ¶ms);
1619 #endif /* CONFIG_HT_OVERRIDES */
1621 ret = wpa_drv_associate(wpa_s, ¶ms);
1623 wpa_msg(wpa_s, MSG_INFO, "Association request to the driver "
1625 if (wpa_s->drv_flags & WPA_DRIVER_FLAGS_SANE_ERROR_CODES) {
1627 * The driver is known to mean what is saying, so we
1628 * can stop right here; the association will not
1631 wpas_connection_failed(wpa_s, wpa_s->pending_bssid);
1632 wpa_supplicant_set_state(wpa_s, WPA_DISCONNECTED);
1633 os_memset(wpa_s->pending_bssid, 0, ETH_ALEN);
1636 /* try to continue anyway; new association will be tried again
1641 if (wpa_s->key_mgmt == WPA_KEY_MGMT_WPA_NONE) {
1642 /* Set the key after the association just in case association
1643 * cleared the previously configured key. */
1644 wpa_supplicant_set_wpa_none_key(wpa_s, ssid);
1645 /* No need to timeout authentication since there is no key
1647 wpa_supplicant_cancel_auth_timeout(wpa_s);
1648 wpa_supplicant_set_state(wpa_s, WPA_COMPLETED);
1649 #ifdef CONFIG_IBSS_RSN
1650 } else if (ssid->mode == WPAS_MODE_IBSS &&
1651 wpa_s->key_mgmt != WPA_KEY_MGMT_NONE &&
1652 wpa_s->key_mgmt != WPA_KEY_MGMT_WPA_NONE) {
1654 * RSN IBSS authentication is per-STA and we can disable the
1655 * per-BSSID authentication.
1657 wpa_supplicant_cancel_auth_timeout(wpa_s);
1658 #endif /* CONFIG_IBSS_RSN */
1660 /* Timeout for IEEE 802.11 authentication and association */
1664 /* give IBSS a bit more time */
1665 timeout = ssid->mode == WPAS_MODE_IBSS ? 10 : 5;
1666 } else if (wpa_s->conf->ap_scan == 1) {
1667 /* give IBSS a bit more time */
1668 timeout = ssid->mode == WPAS_MODE_IBSS ? 20 : 10;
1670 wpa_supplicant_req_auth_timeout(wpa_s, timeout, 0);
1674 (wpa_s->drv_flags & WPA_DRIVER_FLAGS_SET_KEYS_AFTER_ASSOC)) {
1675 /* Set static WEP keys again */
1676 wpa_set_wep_keys(wpa_s, ssid);
1679 if (wpa_s->current_ssid && wpa_s->current_ssid != ssid) {
1681 * Do not allow EAP session resumption between different
1682 * network configurations.
1684 eapol_sm_invalidate_cached_session(wpa_s->eapol);
1686 old_ssid = wpa_s->current_ssid;
1687 wpa_s->current_ssid = ssid;
1688 wpa_s->current_bss = bss;
1689 wpa_supplicant_rsn_supp_set_config(wpa_s, wpa_s->current_ssid);
1690 wpa_supplicant_initiate_eapol(wpa_s);
1691 if (old_ssid != wpa_s->current_ssid)
1692 wpas_notify_network_changed(wpa_s);
1696 static void wpa_supplicant_clear_connection(struct wpa_supplicant *wpa_s,
1699 struct wpa_ssid *old_ssid;
1701 wpa_clear_keys(wpa_s, addr);
1702 old_ssid = wpa_s->current_ssid;
1703 wpa_supplicant_mark_disassoc(wpa_s);
1704 wpa_sm_set_config(wpa_s->wpa, NULL);
1705 eapol_sm_notify_config(wpa_s->eapol, NULL, NULL);
1706 if (old_ssid != wpa_s->current_ssid)
1707 wpas_notify_network_changed(wpa_s);
1708 eloop_cancel_timeout(wpa_supplicant_timeout, wpa_s, NULL);
1713 * wpa_supplicant_deauthenticate - Deauthenticate the current connection
1714 * @wpa_s: Pointer to wpa_supplicant data
1715 * @reason_code: IEEE 802.11 reason code for the deauthenticate frame
1717 * This function is used to request %wpa_supplicant to deauthenticate from the
1720 void wpa_supplicant_deauthenticate(struct wpa_supplicant *wpa_s,
1724 union wpa_event_data event;
1727 wpa_dbg(wpa_s, MSG_DEBUG, "Request to deauthenticate - bssid=" MACSTR
1728 " pending_bssid=" MACSTR " reason=%d state=%s",
1729 MAC2STR(wpa_s->bssid), MAC2STR(wpa_s->pending_bssid),
1730 reason_code, wpa_supplicant_state_txt(wpa_s->wpa_state));
1732 if (!is_zero_ether_addr(wpa_s->bssid))
1733 addr = wpa_s->bssid;
1734 else if (!is_zero_ether_addr(wpa_s->pending_bssid) &&
1735 (wpa_s->wpa_state == WPA_AUTHENTICATING ||
1736 wpa_s->wpa_state == WPA_ASSOCIATING))
1737 addr = wpa_s->pending_bssid;
1738 else if (wpa_s->wpa_state == WPA_ASSOCIATING) {
1740 * When using driver-based BSS selection, we may not know the
1741 * BSSID with which we are currently trying to associate. We
1742 * need to notify the driver of this disconnection even in such
1743 * a case, so use the all zeros address here.
1745 addr = wpa_s->bssid;
1750 wpa_tdls_teardown_peers(wpa_s->wpa);
1751 #endif /* CONFIG_TDLS */
1754 wpa_drv_deauthenticate(wpa_s, addr, reason_code);
1755 os_memset(&event, 0, sizeof(event));
1756 event.deauth_info.reason_code = (u16) reason_code;
1757 event.deauth_info.locally_generated = 1;
1758 wpa_supplicant_event(wpa_s, EVENT_DEAUTH, &event);
1763 wpa_supplicant_clear_connection(wpa_s, addr);
1766 static void wpa_supplicant_enable_one_network(struct wpa_supplicant *wpa_s,
1767 struct wpa_ssid *ssid)
1769 if (!ssid || !ssid->disabled || ssid->disabled == 2)
1773 wpas_clear_temp_disabled(wpa_s, ssid, 1);
1774 wpas_notify_network_enabled_changed(wpa_s, ssid);
1777 * Try to reassociate since there is no current configuration and a new
1778 * network was made available.
1780 if (!wpa_s->current_ssid)
1781 wpa_s->reassociate = 1;
1786 * wpa_supplicant_enable_network - Mark a configured network as enabled
1787 * @wpa_s: wpa_supplicant structure for a network interface
1788 * @ssid: wpa_ssid structure for a configured network or %NULL
1790 * Enables the specified network or all networks if no network specified.
1792 void wpa_supplicant_enable_network(struct wpa_supplicant *wpa_s,
1793 struct wpa_ssid *ssid)
1796 for (ssid = wpa_s->conf->ssid; ssid; ssid = ssid->next)
1797 wpa_supplicant_enable_one_network(wpa_s, ssid);
1799 wpa_supplicant_enable_one_network(wpa_s, ssid);
1801 if (wpa_s->reassociate) {
1802 if (wpa_s->sched_scanning) {
1803 wpa_printf(MSG_DEBUG, "Stop ongoing sched_scan to add "
1804 "new network to scan filters");
1805 wpa_supplicant_cancel_sched_scan(wpa_s);
1808 if (wpa_supplicant_fast_associate(wpa_s) != 1)
1809 wpa_supplicant_req_scan(wpa_s, 0, 0);
1815 * wpa_supplicant_disable_network - Mark a configured network as disabled
1816 * @wpa_s: wpa_supplicant structure for a network interface
1817 * @ssid: wpa_ssid structure for a configured network or %NULL
1819 * Disables the specified network or all networks if no network specified.
1821 void wpa_supplicant_disable_network(struct wpa_supplicant *wpa_s,
1822 struct wpa_ssid *ssid)
1824 struct wpa_ssid *other_ssid;
1828 if (wpa_s->sched_scanning)
1829 wpa_supplicant_cancel_sched_scan(wpa_s);
1831 for (other_ssid = wpa_s->conf->ssid; other_ssid;
1832 other_ssid = other_ssid->next) {
1833 was_disabled = other_ssid->disabled;
1834 if (was_disabled == 2)
1835 continue; /* do not change persistent P2P group
1838 other_ssid->disabled = 1;
1840 if (was_disabled != other_ssid->disabled)
1841 wpas_notify_network_enabled_changed(
1844 if (wpa_s->current_ssid)
1845 wpa_supplicant_deauthenticate(
1846 wpa_s, WLAN_REASON_DEAUTH_LEAVING);
1847 } else if (ssid->disabled != 2) {
1848 if (ssid == wpa_s->current_ssid)
1849 wpa_supplicant_deauthenticate(
1850 wpa_s, WLAN_REASON_DEAUTH_LEAVING);
1852 was_disabled = ssid->disabled;
1856 if (was_disabled != ssid->disabled) {
1857 wpas_notify_network_enabled_changed(wpa_s, ssid);
1858 if (wpa_s->sched_scanning) {
1859 wpa_printf(MSG_DEBUG, "Stop ongoing sched_scan "
1860 "to remove network from filters");
1861 wpa_supplicant_cancel_sched_scan(wpa_s);
1862 wpa_supplicant_req_scan(wpa_s, 0, 0);
1870 * wpa_supplicant_select_network - Attempt association with a network
1871 * @wpa_s: wpa_supplicant structure for a network interface
1872 * @ssid: wpa_ssid structure for a configured network or %NULL for any network
1874 void wpa_supplicant_select_network(struct wpa_supplicant *wpa_s,
1875 struct wpa_ssid *ssid)
1878 struct wpa_ssid *other_ssid;
1879 int disconnected = 0;
1881 if (ssid && ssid != wpa_s->current_ssid && wpa_s->current_ssid) {
1882 wpa_supplicant_deauthenticate(
1883 wpa_s, WLAN_REASON_DEAUTH_LEAVING);
1888 wpas_clear_temp_disabled(wpa_s, ssid, 1);
1891 * Mark all other networks disabled or mark all networks enabled if no
1892 * network specified.
1894 for (other_ssid = wpa_s->conf->ssid; other_ssid;
1895 other_ssid = other_ssid->next) {
1896 int was_disabled = other_ssid->disabled;
1897 if (was_disabled == 2)
1898 continue; /* do not change persistent P2P group data */
1900 other_ssid->disabled = ssid ? (ssid->id != other_ssid->id) : 0;
1901 if (was_disabled && !other_ssid->disabled)
1902 wpas_clear_temp_disabled(wpa_s, other_ssid, 0);
1904 if (was_disabled != other_ssid->disabled)
1905 wpas_notify_network_enabled_changed(wpa_s, other_ssid);
1908 if (ssid && ssid == wpa_s->current_ssid && wpa_s->current_ssid) {
1909 /* We are already associated with the selected network */
1910 wpa_printf(MSG_DEBUG, "Already associated with the "
1911 "selected network - do nothing");
1916 wpa_s->current_ssid = ssid;
1917 wpa_s->connect_without_scan = NULL;
1918 wpa_s->disconnected = 0;
1919 wpa_s->reassociate = 1;
1921 if (wpa_supplicant_fast_associate(wpa_s) != 1)
1922 wpa_supplicant_req_scan(wpa_s, 0, disconnected ? 100000 : 0);
1925 wpas_notify_network_selected(wpa_s, ssid);
1930 * wpa_supplicant_set_ap_scan - Set AP scan mode for interface
1931 * @wpa_s: wpa_supplicant structure for a network interface
1932 * @ap_scan: AP scan mode
1933 * Returns: 0 if succeed or -1 if ap_scan has an invalid value
1936 int wpa_supplicant_set_ap_scan(struct wpa_supplicant *wpa_s, int ap_scan)
1941 if (ap_scan < 0 || ap_scan > 2)
1945 if (ap_scan == 2 && ap_scan != wpa_s->conf->ap_scan &&
1946 wpa_s->wpa_state >= WPA_ASSOCIATING &&
1947 wpa_s->wpa_state < WPA_COMPLETED) {
1948 wpa_printf(MSG_ERROR, "ap_scan = %d (%d) rejected while "
1949 "associating", wpa_s->conf->ap_scan, ap_scan);
1952 #endif /* ANDROID */
1954 old_ap_scan = wpa_s->conf->ap_scan;
1955 wpa_s->conf->ap_scan = ap_scan;
1957 if (old_ap_scan != wpa_s->conf->ap_scan)
1958 wpas_notify_ap_scan_changed(wpa_s);
1965 * wpa_supplicant_set_bss_expiration_age - Set BSS entry expiration age
1966 * @wpa_s: wpa_supplicant structure for a network interface
1967 * @expire_age: Expiration age in seconds
1968 * Returns: 0 if succeed or -1 if expire_age has an invalid value
1971 int wpa_supplicant_set_bss_expiration_age(struct wpa_supplicant *wpa_s,
1972 unsigned int bss_expire_age)
1974 if (bss_expire_age < 10) {
1975 wpa_msg(wpa_s, MSG_ERROR, "Invalid bss expiration age %u",
1979 wpa_msg(wpa_s, MSG_DEBUG, "Setting bss expiration age: %d sec",
1981 wpa_s->conf->bss_expiration_age = bss_expire_age;
1988 * wpa_supplicant_set_bss_expiration_count - Set BSS entry expiration scan count
1989 * @wpa_s: wpa_supplicant structure for a network interface
1990 * @expire_count: number of scans after which an unseen BSS is reclaimed
1991 * Returns: 0 if succeed or -1 if expire_count has an invalid value
1994 int wpa_supplicant_set_bss_expiration_count(struct wpa_supplicant *wpa_s,
1995 unsigned int bss_expire_count)
1997 if (bss_expire_count < 1) {
1998 wpa_msg(wpa_s, MSG_ERROR, "Invalid bss expiration count %u",
2002 wpa_msg(wpa_s, MSG_DEBUG, "Setting bss expiration scan count: %u",
2004 wpa_s->conf->bss_expiration_scan_count = bss_expire_count;
2011 * wpa_supplicant_set_scan_interval - Set scan interval
2012 * @wpa_s: wpa_supplicant structure for a network interface
2013 * @scan_interval: scan interval in seconds
2014 * Returns: 0 if succeed or -1 if scan_interval has an invalid value
2017 int wpa_supplicant_set_scan_interval(struct wpa_supplicant *wpa_s,
2020 if (scan_interval < 0) {
2021 wpa_msg(wpa_s, MSG_ERROR, "Invalid scan interval %d",
2025 wpa_msg(wpa_s, MSG_DEBUG, "Setting scan interval: %d sec",
2027 wpa_supplicant_update_scan_int(wpa_s, scan_interval);
2034 * wpa_supplicant_set_debug_params - Set global debug params
2035 * @global: wpa_global structure
2036 * @debug_level: debug level
2037 * @debug_timestamp: determines if show timestamp in debug data
2038 * @debug_show_keys: determines if show keys in debug data
2039 * Returns: 0 if succeed or -1 if debug_level has wrong value
2041 int wpa_supplicant_set_debug_params(struct wpa_global *global, int debug_level,
2042 int debug_timestamp, int debug_show_keys)
2045 int old_level, old_timestamp, old_show_keys;
2047 /* check for allowed debuglevels */
2048 if (debug_level != MSG_EXCESSIVE &&
2049 debug_level != MSG_MSGDUMP &&
2050 debug_level != MSG_DEBUG &&
2051 debug_level != MSG_INFO &&
2052 debug_level != MSG_WARNING &&
2053 debug_level != MSG_ERROR)
2056 old_level = wpa_debug_level;
2057 old_timestamp = wpa_debug_timestamp;
2058 old_show_keys = wpa_debug_show_keys;
2060 wpa_debug_level = debug_level;
2061 wpa_debug_timestamp = debug_timestamp ? 1 : 0;
2062 wpa_debug_show_keys = debug_show_keys ? 1 : 0;
2064 if (wpa_debug_level != old_level)
2065 wpas_notify_debug_level_changed(global);
2066 if (wpa_debug_timestamp != old_timestamp)
2067 wpas_notify_debug_timestamp_changed(global);
2068 if (wpa_debug_show_keys != old_show_keys)
2069 wpas_notify_debug_show_keys_changed(global);
2076 * wpa_supplicant_get_ssid - Get a pointer to the current network structure
2077 * @wpa_s: Pointer to wpa_supplicant data
2078 * Returns: A pointer to the current network structure or %NULL on failure
2080 struct wpa_ssid * wpa_supplicant_get_ssid(struct wpa_supplicant *wpa_s)
2082 struct wpa_ssid *entry;
2083 u8 ssid[MAX_SSID_LEN];
2089 res = wpa_drv_get_ssid(wpa_s, ssid);
2091 wpa_msg(wpa_s, MSG_WARNING, "Could not read SSID from "
2097 if (wpa_drv_get_bssid(wpa_s, bssid) < 0) {
2098 wpa_msg(wpa_s, MSG_WARNING, "Could not read BSSID from "
2103 wired = wpa_s->conf->ap_scan == 0 &&
2104 (wpa_s->drv_flags & WPA_DRIVER_FLAGS_WIRED);
2106 entry = wpa_s->conf->ssid;
2108 if (!wpas_network_disabled(wpa_s, entry) &&
2109 ((ssid_len == entry->ssid_len &&
2110 os_memcmp(ssid, entry->ssid, ssid_len) == 0) || wired) &&
2111 (!entry->bssid_set ||
2112 os_memcmp(bssid, entry->bssid, ETH_ALEN) == 0))
2115 if (!wpas_network_disabled(wpa_s, entry) &&
2116 (entry->key_mgmt & WPA_KEY_MGMT_WPS) &&
2117 (entry->ssid == NULL || entry->ssid_len == 0) &&
2118 (!entry->bssid_set ||
2119 os_memcmp(bssid, entry->bssid, ETH_ALEN) == 0))
2121 #endif /* CONFIG_WPS */
2123 if (!wpas_network_disabled(wpa_s, entry) && entry->bssid_set &&
2124 entry->ssid_len == 0 &&
2125 os_memcmp(bssid, entry->bssid, ETH_ALEN) == 0)
2128 entry = entry->next;
2135 static int select_driver(struct wpa_supplicant *wpa_s, int i)
2137 struct wpa_global *global = wpa_s->global;
2139 if (wpa_drivers[i]->global_init && global->drv_priv[i] == NULL) {
2140 global->drv_priv[i] = wpa_drivers[i]->global_init();
2141 if (global->drv_priv[i] == NULL) {
2142 wpa_printf(MSG_ERROR, "Failed to initialize driver "
2143 "'%s'", wpa_drivers[i]->name);
2148 wpa_s->driver = wpa_drivers[i];
2149 wpa_s->global_drv_priv = global->drv_priv[i];
2155 static int wpa_supplicant_set_driver(struct wpa_supplicant *wpa_s,
2160 const char *pos, *driver = name;
2165 if (wpa_drivers[0] == NULL) {
2166 wpa_msg(wpa_s, MSG_ERROR, "No driver interfaces build into "
2172 /* default to first driver in the list */
2173 return select_driver(wpa_s, 0);
2177 pos = os_strchr(driver, ',');
2181 len = os_strlen(driver);
2183 for (i = 0; wpa_drivers[i]; i++) {
2184 if (os_strlen(wpa_drivers[i]->name) == len &&
2185 os_strncmp(driver, wpa_drivers[i]->name, len) ==
2187 /* First driver that succeeds wins */
2188 if (select_driver(wpa_s, i) == 0)
2196 wpa_msg(wpa_s, MSG_ERROR, "Unsupported driver '%s'", name);
2202 * wpa_supplicant_rx_eapol - Deliver a received EAPOL frame to wpa_supplicant
2203 * @ctx: Context pointer (wpa_s); this is the ctx variable registered
2204 * with struct wpa_driver_ops::init()
2205 * @src_addr: Source address of the EAPOL frame
2206 * @buf: EAPOL data starting from the EAPOL header (i.e., no Ethernet header)
2207 * @len: Length of the EAPOL data
2209 * This function is called for each received EAPOL frame. Most driver
2210 * interfaces rely on more generic OS mechanism for receiving frames through
2211 * l2_packet, but if such a mechanism is not available, the driver wrapper may
2212 * take care of received EAPOL frames and deliver them to the core supplicant
2213 * code by calling this function.
2215 void wpa_supplicant_rx_eapol(void *ctx, const u8 *src_addr,
2216 const u8 *buf, size_t len)
2218 struct wpa_supplicant *wpa_s = ctx;
2220 wpa_dbg(wpa_s, MSG_DEBUG, "RX EAPOL from " MACSTR, MAC2STR(src_addr));
2221 wpa_hexdump(MSG_MSGDUMP, "RX EAPOL", buf, len);
2223 if (wpa_s->wpa_state < WPA_ASSOCIATED ||
2224 (wpa_s->last_eapol_matches_bssid &&
2227 #endif /* CONFIG_AP */
2228 os_memcmp(src_addr, wpa_s->bssid, ETH_ALEN) != 0)) {
2230 * There is possible race condition between receiving the
2231 * association event and the EAPOL frame since they are coming
2232 * through different paths from the driver. In order to avoid
2233 * issues in trying to process the EAPOL frame before receiving
2234 * association information, lets queue it for processing until
2235 * the association event is received. This may also be needed in
2236 * driver-based roaming case, so also use src_addr != BSSID as a
2237 * trigger if we have previously confirmed that the
2238 * Authenticator uses BSSID as the src_addr (which is not the
2239 * case with wired IEEE 802.1X).
2241 wpa_dbg(wpa_s, MSG_DEBUG, "Not associated - Delay processing "
2242 "of received EAPOL frame (state=%s bssid=" MACSTR ")",
2243 wpa_supplicant_state_txt(wpa_s->wpa_state),
2244 MAC2STR(wpa_s->bssid));
2245 wpabuf_free(wpa_s->pending_eapol_rx);
2246 wpa_s->pending_eapol_rx = wpabuf_alloc_copy(buf, len);
2247 if (wpa_s->pending_eapol_rx) {
2248 os_get_time(&wpa_s->pending_eapol_rx_time);
2249 os_memcpy(wpa_s->pending_eapol_rx_src, src_addr,
2255 wpa_s->last_eapol_matches_bssid =
2256 os_memcmp(src_addr, wpa_s->bssid, ETH_ALEN) == 0;
2259 if (wpa_s->ap_iface) {
2260 wpa_supplicant_ap_rx_eapol(wpa_s, src_addr, buf, len);
2263 #endif /* CONFIG_AP */
2265 if (wpa_s->key_mgmt == WPA_KEY_MGMT_NONE) {
2266 wpa_dbg(wpa_s, MSG_DEBUG, "Ignored received EAPOL frame since "
2267 "no key management is configured");
2271 if (wpa_s->eapol_received == 0 &&
2272 (!(wpa_s->drv_flags & WPA_DRIVER_FLAGS_4WAY_HANDSHAKE) ||
2273 !wpa_key_mgmt_wpa_psk(wpa_s->key_mgmt) ||
2274 wpa_s->wpa_state != WPA_COMPLETED) &&
2275 (wpa_s->current_ssid == NULL ||
2276 wpa_s->current_ssid->mode != IEEE80211_MODE_IBSS)) {
2277 /* Timeout for completing IEEE 802.1X and WPA authentication */
2278 wpa_supplicant_req_auth_timeout(
2280 (wpa_key_mgmt_wpa_ieee8021x(wpa_s->key_mgmt) ||
2281 wpa_s->key_mgmt == WPA_KEY_MGMT_IEEE8021X_NO_WPA ||
2282 wpa_s->key_mgmt == WPA_KEY_MGMT_WPS) ?
2285 wpa_s->eapol_received++;
2287 if (wpa_s->countermeasures) {
2288 wpa_msg(wpa_s, MSG_INFO, "WPA: Countermeasures - dropped "
2293 #ifdef CONFIG_IBSS_RSN
2294 if (wpa_s->current_ssid &&
2295 wpa_s->current_ssid->mode == WPAS_MODE_IBSS) {
2296 ibss_rsn_rx_eapol(wpa_s->ibss_rsn, src_addr, buf, len);
2299 #endif /* CONFIG_IBSS_RSN */
2301 /* Source address of the incoming EAPOL frame could be compared to the
2302 * current BSSID. However, it is possible that a centralized
2303 * Authenticator could be using another MAC address than the BSSID of
2304 * an AP, so just allow any address to be used for now. The replies are
2305 * still sent to the current BSSID (if available), though. */
2307 os_memcpy(wpa_s->last_eapol_src, src_addr, ETH_ALEN);
2308 if (!wpa_key_mgmt_wpa_psk(wpa_s->key_mgmt) &&
2309 eapol_sm_rx_eapol(wpa_s->eapol, src_addr, buf, len) > 0)
2311 wpa_drv_poll(wpa_s);
2312 if (!(wpa_s->drv_flags & WPA_DRIVER_FLAGS_4WAY_HANDSHAKE))
2313 wpa_sm_rx_eapol(wpa_s->wpa, src_addr, buf, len);
2314 else if (wpa_key_mgmt_wpa_ieee8021x(wpa_s->key_mgmt)) {
2316 * Set portValid = TRUE here since we are going to skip 4-way
2317 * handshake processing which would normally set portValid. We
2318 * need this to allow the EAPOL state machines to be completed
2319 * without going through EAPOL-Key handshake.
2321 eapol_sm_notify_portValid(wpa_s->eapol, TRUE);
2326 int wpa_supplicant_update_mac_addr(struct wpa_supplicant *wpa_s)
2328 if (wpa_s->driver->send_eapol) {
2329 const u8 *addr = wpa_drv_get_mac_addr(wpa_s);
2331 os_memcpy(wpa_s->own_addr, addr, ETH_ALEN);
2332 } else if ((!wpa_s->p2p_mgmt ||
2333 !(wpa_s->drv_flags &
2334 WPA_DRIVER_FLAGS_DEDICATED_P2P_DEVICE)) &&
2335 !(wpa_s->drv_flags &
2336 WPA_DRIVER_FLAGS_P2P_DEDICATED_INTERFACE)) {
2337 l2_packet_deinit(wpa_s->l2);
2338 wpa_s->l2 = l2_packet_init(wpa_s->ifname,
2339 wpa_drv_get_mac_addr(wpa_s),
2341 wpa_supplicant_rx_eapol, wpa_s, 0);
2342 if (wpa_s->l2 == NULL)
2345 const u8 *addr = wpa_drv_get_mac_addr(wpa_s);
2347 os_memcpy(wpa_s->own_addr, addr, ETH_ALEN);
2350 if (wpa_s->l2 && l2_packet_get_own_addr(wpa_s->l2, wpa_s->own_addr)) {
2351 wpa_msg(wpa_s, MSG_ERROR, "Failed to get own L2 address");
2359 static void wpa_supplicant_rx_eapol_bridge(void *ctx, const u8 *src_addr,
2360 const u8 *buf, size_t len)
2362 struct wpa_supplicant *wpa_s = ctx;
2363 const struct l2_ethhdr *eth;
2365 if (len < sizeof(*eth))
2367 eth = (const struct l2_ethhdr *) buf;
2369 if (os_memcmp(eth->h_dest, wpa_s->own_addr, ETH_ALEN) != 0 &&
2370 !(eth->h_dest[0] & 0x01)) {
2371 wpa_dbg(wpa_s, MSG_DEBUG, "RX EAPOL from " MACSTR " to " MACSTR
2372 " (bridge - not for this interface - ignore)",
2373 MAC2STR(src_addr), MAC2STR(eth->h_dest));
2377 wpa_dbg(wpa_s, MSG_DEBUG, "RX EAPOL from " MACSTR " to " MACSTR
2378 " (bridge)", MAC2STR(src_addr), MAC2STR(eth->h_dest));
2379 wpa_supplicant_rx_eapol(wpa_s, src_addr, buf + sizeof(*eth),
2380 len - sizeof(*eth));
2385 * wpa_supplicant_driver_init - Initialize driver interface parameters
2386 * @wpa_s: Pointer to wpa_supplicant data
2387 * Returns: 0 on success, -1 on failure
2389 * This function is called to initialize driver interface parameters.
2390 * wpa_drv_init() must have been called before this function to initialize the
2393 int wpa_supplicant_driver_init(struct wpa_supplicant *wpa_s)
2395 static int interface_count = 0;
2397 if (wpa_supplicant_update_mac_addr(wpa_s) < 0)
2400 wpa_dbg(wpa_s, MSG_DEBUG, "Own MAC address: " MACSTR,
2401 MAC2STR(wpa_s->own_addr));
2402 wpa_sm_set_own_addr(wpa_s->wpa, wpa_s->own_addr);
2404 if (wpa_s->bridge_ifname[0]) {
2405 wpa_dbg(wpa_s, MSG_DEBUG, "Receiving packets from bridge "
2406 "interface '%s'", wpa_s->bridge_ifname);
2407 wpa_s->l2_br = l2_packet_init(wpa_s->bridge_ifname,
2410 wpa_supplicant_rx_eapol_bridge,
2412 if (wpa_s->l2_br == NULL) {
2413 wpa_msg(wpa_s, MSG_ERROR, "Failed to open l2_packet "
2414 "connection for the bridge interface '%s'",
2415 wpa_s->bridge_ifname);
2420 wpa_clear_keys(wpa_s, NULL);
2422 /* Make sure that TKIP countermeasures are not left enabled (could
2423 * happen if wpa_supplicant is killed during countermeasures. */
2424 wpa_drv_set_countermeasures(wpa_s, 0);
2426 wpa_dbg(wpa_s, MSG_DEBUG, "RSN: flushing PMKID list in the driver");
2427 wpa_drv_flush_pmkid(wpa_s);
2429 wpa_s->prev_scan_ssid = WILDCARD_SSID_SCAN;
2430 wpa_s->prev_scan_wildcard = 0;
2432 if (wpa_supplicant_enabled_networks(wpa_s)) {
2433 if (wpa_supplicant_delayed_sched_scan(wpa_s, interface_count,
2435 wpa_supplicant_req_scan(wpa_s, interface_count,
2439 wpa_supplicant_set_state(wpa_s, WPA_INACTIVE);
2445 static int wpa_supplicant_daemon(const char *pid_file)
2447 wpa_printf(MSG_DEBUG, "Daemonize..");
2448 return os_daemonize(pid_file);
2452 static struct wpa_supplicant * wpa_supplicant_alloc(void)
2454 struct wpa_supplicant *wpa_s;
2456 wpa_s = os_zalloc(sizeof(*wpa_s));
2459 wpa_s->scan_req = INITIAL_SCAN_REQ;
2460 wpa_s->scan_interval = 5;
2461 wpa_s->new_connection = 1;
2462 wpa_s->parent = wpa_s;
2463 wpa_s->sched_scanning = 0;
2469 #ifdef CONFIG_HT_OVERRIDES
2471 static int wpa_set_htcap_mcs(struct wpa_supplicant *wpa_s,
2472 struct ieee80211_ht_capabilities *htcaps,
2473 struct ieee80211_ht_capabilities *htcaps_mask,
2476 /* parse ht_mcs into hex array */
2478 const char *tmp = ht_mcs;
2481 /* If ht_mcs is null, do not set anything */
2485 /* This is what we are setting in the kernel */
2486 os_memset(&htcaps->supported_mcs_set, 0, IEEE80211_HT_MCS_MASK_LEN);
2488 wpa_msg(wpa_s, MSG_DEBUG, "set_htcap, ht_mcs -:%s:-", ht_mcs);
2490 for (i = 0; i < IEEE80211_HT_MCS_MASK_LEN; i++) {
2492 long v = strtol(tmp, &end, 16);
2494 wpa_msg(wpa_s, MSG_DEBUG,
2495 "htcap value[%i]: %ld end: %p tmp: %p",
2500 htcaps->supported_mcs_set[i] = v;
2503 wpa_msg(wpa_s, MSG_ERROR,
2504 "Failed to parse ht-mcs: %s, error: %s\n",
2505 ht_mcs, strerror(errno));
2511 * If we were able to parse any values, then set mask for the MCS set.
2514 os_memset(&htcaps_mask->supported_mcs_set, 0xff,
2515 IEEE80211_HT_MCS_MASK_LEN - 1);
2516 /* skip the 3 reserved bits */
2517 htcaps_mask->supported_mcs_set[IEEE80211_HT_MCS_MASK_LEN - 1] =
2525 static int wpa_disable_max_amsdu(struct wpa_supplicant *wpa_s,
2526 struct ieee80211_ht_capabilities *htcaps,
2527 struct ieee80211_ht_capabilities *htcaps_mask,
2532 wpa_msg(wpa_s, MSG_DEBUG, "set_disable_max_amsdu: %d", disabled);
2537 msk = host_to_le16(HT_CAP_INFO_MAX_AMSDU_SIZE);
2538 htcaps_mask->ht_capabilities_info |= msk;
2540 htcaps->ht_capabilities_info &= msk;
2542 htcaps->ht_capabilities_info |= msk;
2548 static int wpa_set_ampdu_factor(struct wpa_supplicant *wpa_s,
2549 struct ieee80211_ht_capabilities *htcaps,
2550 struct ieee80211_ht_capabilities *htcaps_mask,
2553 wpa_msg(wpa_s, MSG_DEBUG, "set_ampdu_factor: %d", factor);
2558 if (factor < 0 || factor > 3) {
2559 wpa_msg(wpa_s, MSG_ERROR, "ampdu_factor: %d out of range. "
2560 "Must be 0-3 or -1", factor);
2564 htcaps_mask->a_mpdu_params |= 0x3; /* 2 bits for factor */
2565 htcaps->a_mpdu_params &= ~0x3;
2566 htcaps->a_mpdu_params |= factor & 0x3;
2572 static int wpa_set_ampdu_density(struct wpa_supplicant *wpa_s,
2573 struct ieee80211_ht_capabilities *htcaps,
2574 struct ieee80211_ht_capabilities *htcaps_mask,
2577 wpa_msg(wpa_s, MSG_DEBUG, "set_ampdu_density: %d", density);
2582 if (density < 0 || density > 7) {
2583 wpa_msg(wpa_s, MSG_ERROR,
2584 "ampdu_density: %d out of range. Must be 0-7 or -1.",
2589 htcaps_mask->a_mpdu_params |= 0x1C;
2590 htcaps->a_mpdu_params &= ~(0x1C);
2591 htcaps->a_mpdu_params |= (density << 2) & 0x1C;
2597 static int wpa_set_disable_ht40(struct wpa_supplicant *wpa_s,
2598 struct ieee80211_ht_capabilities *htcaps,
2599 struct ieee80211_ht_capabilities *htcaps_mask,
2602 /* Masking these out disables HT40 */
2603 u16 msk = host_to_le16(HT_CAP_INFO_SUPP_CHANNEL_WIDTH_SET |
2604 HT_CAP_INFO_SHORT_GI40MHZ);
2606 wpa_msg(wpa_s, MSG_DEBUG, "set_disable_ht40: %d", disabled);
2609 htcaps->ht_capabilities_info &= ~msk;
2611 htcaps->ht_capabilities_info |= msk;
2613 htcaps_mask->ht_capabilities_info |= msk;
2619 static int wpa_set_disable_sgi(struct wpa_supplicant *wpa_s,
2620 struct ieee80211_ht_capabilities *htcaps,
2621 struct ieee80211_ht_capabilities *htcaps_mask,
2624 /* Masking these out disables SGI */
2625 u16 msk = host_to_le16(HT_CAP_INFO_SHORT_GI20MHZ |
2626 HT_CAP_INFO_SHORT_GI40MHZ);
2628 wpa_msg(wpa_s, MSG_DEBUG, "set_disable_sgi: %d", disabled);
2631 htcaps->ht_capabilities_info &= ~msk;
2633 htcaps->ht_capabilities_info |= msk;
2635 htcaps_mask->ht_capabilities_info |= msk;
2641 void wpa_supplicant_apply_ht_overrides(
2642 struct wpa_supplicant *wpa_s, struct wpa_ssid *ssid,
2643 struct wpa_driver_associate_params *params)
2645 struct ieee80211_ht_capabilities *htcaps;
2646 struct ieee80211_ht_capabilities *htcaps_mask;
2651 params->disable_ht = ssid->disable_ht;
2652 if (!params->htcaps || !params->htcaps_mask)
2655 htcaps = (struct ieee80211_ht_capabilities *) params->htcaps;
2656 htcaps_mask = (struct ieee80211_ht_capabilities *) params->htcaps_mask;
2657 wpa_set_htcap_mcs(wpa_s, htcaps, htcaps_mask, ssid->ht_mcs);
2658 wpa_disable_max_amsdu(wpa_s, htcaps, htcaps_mask,
2659 ssid->disable_max_amsdu);
2660 wpa_set_ampdu_factor(wpa_s, htcaps, htcaps_mask, ssid->ampdu_factor);
2661 wpa_set_ampdu_density(wpa_s, htcaps, htcaps_mask, ssid->ampdu_density);
2662 wpa_set_disable_ht40(wpa_s, htcaps, htcaps_mask, ssid->disable_ht40);
2663 wpa_set_disable_sgi(wpa_s, htcaps, htcaps_mask, ssid->disable_sgi);
2666 #endif /* CONFIG_HT_OVERRIDES */
2669 #ifdef CONFIG_VHT_OVERRIDES
2670 void wpa_supplicant_apply_vht_overrides(
2671 struct wpa_supplicant *wpa_s, struct wpa_ssid *ssid,
2672 struct wpa_driver_associate_params *params)
2674 struct ieee80211_vht_capabilities *vhtcaps;
2675 struct ieee80211_vht_capabilities *vhtcaps_mask;
2680 params->disable_vht = ssid->disable_vht;
2682 vhtcaps = (void *) params->vhtcaps;
2683 vhtcaps_mask = (void *) params->vhtcaps_mask;
2685 if (!vhtcaps || !vhtcaps_mask)
2688 vhtcaps->vht_capabilities_info = ssid->vht_capa;
2689 vhtcaps_mask->vht_capabilities_info = ssid->vht_capa_mask;
2691 #define OVERRIDE_MCS(i) \
2692 if (ssid->vht_tx_mcs_nss_ ##i >= 0) { \
2693 vhtcaps_mask->vht_supported_mcs_set.tx_map |= \
2695 vhtcaps->vht_supported_mcs_set.tx_map |= \
2696 ssid->vht_tx_mcs_nss_ ##i << 2 * (i - 1); \
2698 if (ssid->vht_rx_mcs_nss_ ##i >= 0) { \
2699 vhtcaps_mask->vht_supported_mcs_set.rx_map |= \
2701 vhtcaps->vht_supported_mcs_set.rx_map |= \
2702 ssid->vht_rx_mcs_nss_ ##i << 2 * (i - 1); \
2714 #endif /* CONFIG_VHT_OVERRIDES */
2717 static int pcsc_reader_init(struct wpa_supplicant *wpa_s)
2722 if (!wpa_s->conf->pcsc_reader)
2725 wpa_s->scard = scard_init(SCARD_TRY_BOTH, wpa_s->conf->pcsc_reader);
2729 if (wpa_s->conf->pcsc_pin &&
2730 scard_set_pin(wpa_s->scard, wpa_s->conf->pcsc_pin) < 0) {
2731 scard_deinit(wpa_s->scard);
2732 wpa_s->scard = NULL;
2733 wpa_msg(wpa_s, MSG_ERROR, "PC/SC PIN validation failed");
2737 len = sizeof(wpa_s->imsi) - 1;
2738 if (scard_get_imsi(wpa_s->scard, wpa_s->imsi, &len)) {
2739 scard_deinit(wpa_s->scard);
2740 wpa_s->scard = NULL;
2741 wpa_msg(wpa_s, MSG_ERROR, "Could not read IMSI");
2744 wpa_s->imsi[len] = '\0';
2746 wpa_s->mnc_len = scard_get_mnc_len(wpa_s->scard);
2748 wpa_printf(MSG_DEBUG, "SCARD: IMSI %s (MNC length %d)",
2749 wpa_s->imsi, wpa_s->mnc_len);
2751 wpa_sm_set_scard_ctx(wpa_s->wpa, wpa_s->scard);
2752 eapol_sm_register_scard_ctx(wpa_s->eapol, wpa_s->scard);
2753 #endif /* PCSC_FUNCS */
2759 int wpas_init_ext_pw(struct wpa_supplicant *wpa_s)
2763 ext_password_deinit(wpa_s->ext_pw);
2764 wpa_s->ext_pw = NULL;
2765 eapol_sm_set_ext_pw_ctx(wpa_s->eapol, NULL);
2767 if (!wpa_s->conf->ext_password_backend)
2770 val = os_strdup(wpa_s->conf->ext_password_backend);
2773 pos = os_strchr(val, ':');
2777 wpa_printf(MSG_DEBUG, "EXT PW: Initialize backend '%s'", val);
2779 wpa_s->ext_pw = ext_password_init(val, pos);
2781 if (wpa_s->ext_pw == NULL) {
2782 wpa_printf(MSG_DEBUG, "EXT PW: Failed to initialize backend");
2785 eapol_sm_set_ext_pw_ctx(wpa_s->eapol, wpa_s->ext_pw);
2791 static int wpa_supplicant_init_iface(struct wpa_supplicant *wpa_s,
2792 struct wpa_interface *iface)
2794 const char *ifname, *driver;
2795 struct wpa_driver_capa capa;
2797 wpa_printf(MSG_DEBUG, "Initializing interface '%s' conf '%s' driver "
2798 "'%s' ctrl_interface '%s' bridge '%s'", iface->ifname,
2799 iface->confname ? iface->confname : "N/A",
2800 iface->driver ? iface->driver : "default",
2801 iface->ctrl_interface ? iface->ctrl_interface : "N/A",
2802 iface->bridge_ifname ? iface->bridge_ifname : "N/A");
2804 if (iface->confname) {
2805 #ifdef CONFIG_BACKEND_FILE
2806 wpa_s->confname = os_rel2abs_path(iface->confname);
2807 if (wpa_s->confname == NULL) {
2808 wpa_printf(MSG_ERROR, "Failed to get absolute path "
2809 "for configuration file '%s'.",
2813 wpa_printf(MSG_DEBUG, "Configuration file '%s' -> '%s'",
2814 iface->confname, wpa_s->confname);
2815 #else /* CONFIG_BACKEND_FILE */
2816 wpa_s->confname = os_strdup(iface->confname);
2817 #endif /* CONFIG_BACKEND_FILE */
2818 wpa_s->conf = wpa_config_read(wpa_s->confname, NULL);
2819 if (wpa_s->conf == NULL) {
2820 wpa_printf(MSG_ERROR, "Failed to read or parse "
2821 "configuration '%s'.", wpa_s->confname);
2824 wpa_s->confanother = os_rel2abs_path(iface->confanother);
2825 wpa_config_read(wpa_s->confanother, wpa_s->conf);
2828 * Override ctrl_interface and driver_param if set on command
2831 if (iface->ctrl_interface) {
2832 os_free(wpa_s->conf->ctrl_interface);
2833 wpa_s->conf->ctrl_interface =
2834 os_strdup(iface->ctrl_interface);
2837 if (iface->driver_param) {
2838 os_free(wpa_s->conf->driver_param);
2839 wpa_s->conf->driver_param =
2840 os_strdup(iface->driver_param);
2843 if (iface->p2p_mgmt && !iface->ctrl_interface) {
2844 os_free(wpa_s->conf->ctrl_interface);
2845 wpa_s->conf->ctrl_interface = NULL;
2848 wpa_s->conf = wpa_config_alloc_empty(iface->ctrl_interface,
2849 iface->driver_param);
2851 if (wpa_s->conf == NULL) {
2852 wpa_printf(MSG_ERROR, "\nNo configuration found.");
2856 if (iface->ifname == NULL) {
2857 wpa_printf(MSG_ERROR, "\nInterface name is required.");
2860 if (os_strlen(iface->ifname) >= sizeof(wpa_s->ifname)) {
2861 wpa_printf(MSG_ERROR, "\nToo long interface name '%s'.",
2865 os_strlcpy(wpa_s->ifname, iface->ifname, sizeof(wpa_s->ifname));
2867 if (iface->bridge_ifname) {
2868 if (os_strlen(iface->bridge_ifname) >=
2869 sizeof(wpa_s->bridge_ifname)) {
2870 wpa_printf(MSG_ERROR, "\nToo long bridge interface "
2871 "name '%s'.", iface->bridge_ifname);
2874 os_strlcpy(wpa_s->bridge_ifname, iface->bridge_ifname,
2875 sizeof(wpa_s->bridge_ifname));
2878 /* RSNA Supplicant Key Management - INITIALIZE */
2879 eapol_sm_notify_portEnabled(wpa_s->eapol, FALSE);
2880 eapol_sm_notify_portValid(wpa_s->eapol, FALSE);
2882 /* Initialize driver interface and register driver event handler before
2883 * L2 receive handler so that association events are processed before
2884 * EAPOL-Key packets if both become available for the same select()
2886 driver = iface->driver;
2888 if (wpa_supplicant_set_driver(wpa_s, driver) < 0)
2891 wpa_s->drv_priv = wpa_drv_init(wpa_s, wpa_s->ifname);
2892 if (wpa_s->drv_priv == NULL) {
2894 pos = driver ? os_strchr(driver, ',') : NULL;
2896 wpa_dbg(wpa_s, MSG_DEBUG, "Failed to initialize "
2897 "driver interface - try next driver wrapper");
2901 wpa_msg(wpa_s, MSG_ERROR, "Failed to initialize driver "
2905 if (wpa_drv_set_param(wpa_s, wpa_s->conf->driver_param) < 0) {
2906 wpa_msg(wpa_s, MSG_ERROR, "Driver interface rejected "
2907 "driver_param '%s'", wpa_s->conf->driver_param);
2911 ifname = wpa_drv_get_ifname(wpa_s);
2912 if (ifname && os_strcmp(ifname, wpa_s->ifname) != 0) {
2913 wpa_dbg(wpa_s, MSG_DEBUG, "Driver interface replaced "
2914 "interface name with '%s'", ifname);
2915 os_strlcpy(wpa_s->ifname, ifname, sizeof(wpa_s->ifname));
2918 if (wpa_supplicant_init_wpa(wpa_s) < 0)
2921 wpa_sm_set_ifname(wpa_s->wpa, wpa_s->ifname,
2922 wpa_s->bridge_ifname[0] ? wpa_s->bridge_ifname :
2924 wpa_sm_set_fast_reauth(wpa_s->wpa, wpa_s->conf->fast_reauth);
2926 if (wpa_s->conf->dot11RSNAConfigPMKLifetime &&
2927 wpa_sm_set_param(wpa_s->wpa, RSNA_PMK_LIFETIME,
2928 wpa_s->conf->dot11RSNAConfigPMKLifetime)) {
2929 wpa_msg(wpa_s, MSG_ERROR, "Invalid WPA parameter value for "
2930 "dot11RSNAConfigPMKLifetime");
2934 if (wpa_s->conf->dot11RSNAConfigPMKReauthThreshold &&
2935 wpa_sm_set_param(wpa_s->wpa, RSNA_PMK_REAUTH_THRESHOLD,
2936 wpa_s->conf->dot11RSNAConfigPMKReauthThreshold)) {
2937 wpa_msg(wpa_s, MSG_ERROR, "Invalid WPA parameter value for "
2938 "dot11RSNAConfigPMKReauthThreshold");
2942 if (wpa_s->conf->dot11RSNAConfigSATimeout &&
2943 wpa_sm_set_param(wpa_s->wpa, RSNA_SA_TIMEOUT,
2944 wpa_s->conf->dot11RSNAConfigSATimeout)) {
2945 wpa_msg(wpa_s, MSG_ERROR, "Invalid WPA parameter value for "
2946 "dot11RSNAConfigSATimeout");
2950 wpa_s->hw.modes = wpa_drv_get_hw_feature_data(wpa_s,
2951 &wpa_s->hw.num_modes,
2954 if (wpa_drv_get_capa(wpa_s, &capa) == 0) {
2955 wpa_s->drv_capa_known = 1;
2956 wpa_s->drv_flags = capa.flags;
2957 wpa_s->drv_enc = capa.enc;
2958 wpa_s->probe_resp_offloads = capa.probe_resp_offloads;
2959 wpa_s->max_scan_ssids = capa.max_scan_ssids;
2960 wpa_s->max_sched_scan_ssids = capa.max_sched_scan_ssids;
2961 wpa_s->sched_scan_supported = capa.sched_scan_supported;
2962 wpa_s->max_match_sets = capa.max_match_sets;
2963 wpa_s->max_remain_on_chan = capa.max_remain_on_chan;
2964 wpa_s->max_stations = capa.max_stations;
2965 wpa_s->extended_capa = capa.extended_capa;
2966 wpa_s->extended_capa_mask = capa.extended_capa_mask;
2967 wpa_s->extended_capa_len = capa.extended_capa_len;
2968 wpa_s->num_multichan_concurrent =
2969 capa.num_multichan_concurrent;
2971 if (wpa_s->max_remain_on_chan == 0)
2972 wpa_s->max_remain_on_chan = 1000;
2975 * Only take p2p_mgmt parameters when P2P Device is supported.
2976 * Doing it here as it determines whether l2_packet_init() will be done
2977 * during wpa_supplicant_driver_init().
2979 if (wpa_s->drv_flags & WPA_DRIVER_FLAGS_DEDICATED_P2P_DEVICE)
2980 wpa_s->p2p_mgmt = iface->p2p_mgmt;
2982 iface->p2p_mgmt = 1;
2984 if (wpa_s->num_multichan_concurrent == 0)
2985 wpa_s->num_multichan_concurrent = 1;
2987 if (wpa_supplicant_driver_init(wpa_s) < 0)
2991 if ((!iface->p2p_mgmt ||
2992 !(wpa_s->drv_flags &
2993 WPA_DRIVER_FLAGS_DEDICATED_P2P_DEVICE)) &&
2994 wpa_tdls_init(wpa_s->wpa))
2996 #endif /* CONFIG_TDLS */
2998 if (wpa_s->conf->country[0] && wpa_s->conf->country[1] &&
2999 wpa_drv_set_country(wpa_s, wpa_s->conf->country)) {
3000 wpa_dbg(wpa_s, MSG_DEBUG, "Failed to set country");
3004 if (wpas_wps_init(wpa_s))
3007 if (wpa_supplicant_init_eapol(wpa_s) < 0)
3009 wpa_sm_set_eapol(wpa_s->wpa, wpa_s->eapol);
3011 wpa_s->ctrl_iface = wpa_supplicant_ctrl_iface_init(wpa_s);
3012 if (wpa_s->ctrl_iface == NULL) {
3013 wpa_printf(MSG_ERROR,
3014 "Failed to initialize control interface '%s'.\n"
3015 "You may have another wpa_supplicant process "
3016 "already running or the file was\n"
3017 "left by an unclean termination of wpa_supplicant "
3018 "in which case you will need\n"
3019 "to manually remove this file before starting "
3020 "wpa_supplicant again.\n",
3021 wpa_s->conf->ctrl_interface);
3025 wpa_s->gas = gas_query_init(wpa_s);
3026 if (wpa_s->gas == NULL) {
3027 wpa_printf(MSG_ERROR, "Failed to initialize GAS query");
3032 if (iface->p2p_mgmt && wpas_p2p_init(wpa_s->global, wpa_s) < 0) {
3033 wpa_msg(wpa_s, MSG_ERROR, "Failed to init P2P");
3036 #endif /* CONFIG_P2P */
3038 if (wpa_bss_init(wpa_s) < 0)
3041 #ifdef CONFIG_EAP_PROXY
3044 wpa_s->mnc_len = eap_proxy_get_imsi(wpa_s->imsi, &len);
3045 if (wpa_s->mnc_len > 0) {
3046 wpa_s->imsi[len] = '\0';
3047 wpa_printf(MSG_DEBUG, "eap_proxy: IMSI %s (MNC length %d)",
3048 wpa_s->imsi, wpa_s->mnc_len);
3050 wpa_printf(MSG_DEBUG, "eap_proxy: IMSI not available");
3053 #endif /* CONFIG_EAP_PROXY */
3055 if (pcsc_reader_init(wpa_s) < 0)
3058 if (wpas_init_ext_pw(wpa_s) < 0)
3065 static void wpa_supplicant_deinit_iface(struct wpa_supplicant *wpa_s,
3066 int notify, int terminate)
3068 wpa_s->disconnected = 1;
3069 if (wpa_s->drv_priv) {
3070 wpa_supplicant_deauthenticate(wpa_s,
3071 WLAN_REASON_DEAUTH_LEAVING);
3073 wpa_drv_set_countermeasures(wpa_s, 0);
3074 wpa_clear_keys(wpa_s, NULL);
3077 wpa_supplicant_cleanup(wpa_s);
3080 if (wpa_s == wpa_s->global->p2p_init_wpa_s && wpa_s->global->p2p) {
3081 wpa_dbg(wpa_s, MSG_DEBUG, "P2P: Disable P2P since removing "
3082 "the management interface is being removed");
3083 wpas_p2p_deinit_global(wpa_s->global);
3085 #endif /* CONFIG_P2P */
3087 if (wpa_s->drv_priv)
3088 wpa_drv_deinit(wpa_s);
3091 wpas_notify_iface_removed(wpa_s);
3094 wpa_msg(wpa_s, MSG_INFO, WPA_EVENT_TERMINATING);
3096 if (wpa_s->ctrl_iface) {
3097 wpa_supplicant_ctrl_iface_deinit(wpa_s->ctrl_iface);
3098 wpa_s->ctrl_iface = NULL;
3101 if (wpa_s->conf != NULL) {
3102 wpa_config_free(wpa_s->conf);
3111 * wpa_supplicant_add_iface - Add a new network interface
3112 * @global: Pointer to global data from wpa_supplicant_init()
3113 * @iface: Interface configuration options
3114 * Returns: Pointer to the created interface or %NULL on failure
3116 * This function is used to add new network interfaces for %wpa_supplicant.
3117 * This can be called before wpa_supplicant_run() to add interfaces before the
3118 * main event loop has been started. In addition, new interfaces can be added
3119 * dynamically while %wpa_supplicant is already running. This could happen,
3120 * e.g., when a hotplug network adapter is inserted.
3122 struct wpa_supplicant * wpa_supplicant_add_iface(struct wpa_global *global,
3123 struct wpa_interface *iface)
3125 struct wpa_supplicant *wpa_s;
3126 struct wpa_interface t_iface;
3127 struct wpa_ssid *ssid;
3129 if (global == NULL || iface == NULL)
3132 wpa_s = wpa_supplicant_alloc();
3136 wpa_s->global = global;
3139 if (global->params.override_driver) {
3140 wpa_printf(MSG_DEBUG, "Override interface parameter: driver "
3142 iface->driver, global->params.override_driver);
3143 t_iface.driver = global->params.override_driver;
3145 if (global->params.override_ctrl_interface) {
3146 wpa_printf(MSG_DEBUG, "Override interface parameter: "
3147 "ctrl_interface ('%s' -> '%s')",
3148 iface->ctrl_interface,
3149 global->params.override_ctrl_interface);
3150 t_iface.ctrl_interface =
3151 global->params.override_ctrl_interface;
3153 if (wpa_supplicant_init_iface(wpa_s, &t_iface)) {
3154 wpa_printf(MSG_DEBUG, "Failed to add interface %s",
3156 wpa_supplicant_deinit_iface(wpa_s, 0, 0);
3160 /* Notify the control interfaces about new iface */
3161 if (wpas_notify_iface_added(wpa_s)) {
3162 wpa_supplicant_deinit_iface(wpa_s, 1, 0);
3166 for (ssid = wpa_s->conf->ssid; ssid; ssid = ssid->next)
3167 wpas_notify_network_added(wpa_s, ssid);
3169 wpa_s->next = global->ifaces;
3170 global->ifaces = wpa_s;
3172 wpa_dbg(wpa_s, MSG_DEBUG, "Added interface %s", wpa_s->ifname);
3173 wpa_supplicant_set_state(wpa_s, WPA_DISCONNECTED);
3180 * wpa_supplicant_remove_iface - Remove a network interface
3181 * @global: Pointer to global data from wpa_supplicant_init()
3182 * @wpa_s: Pointer to the network interface to be removed
3183 * Returns: 0 if interface was removed, -1 if interface was not found
3185 * This function can be used to dynamically remove network interfaces from
3186 * %wpa_supplicant, e.g., when a hotplug network adapter is ejected. In
3187 * addition, this function is used to remove all remaining interfaces when
3188 * %wpa_supplicant is terminated.
3190 int wpa_supplicant_remove_iface(struct wpa_global *global,
3191 struct wpa_supplicant *wpa_s,
3194 struct wpa_supplicant *prev;
3196 /* Remove interface from the global list of interfaces */
3197 prev = global->ifaces;
3198 if (prev == wpa_s) {
3199 global->ifaces = wpa_s->next;
3201 while (prev && prev->next != wpa_s)
3205 prev->next = wpa_s->next;
3208 wpa_dbg(wpa_s, MSG_DEBUG, "Removing interface %s", wpa_s->ifname);
3210 if (global->p2p_group_formation == wpa_s)
3211 global->p2p_group_formation = NULL;
3212 if (global->p2p_invite_group == wpa_s)
3213 global->p2p_invite_group = NULL;
3214 wpa_supplicant_deinit_iface(wpa_s, 1, terminate);
3221 * wpa_supplicant_get_eap_mode - Get the current EAP mode
3222 * @wpa_s: Pointer to the network interface
3223 * Returns: Pointer to the eap mode or the string "UNKNOWN" if not found
3225 const char * wpa_supplicant_get_eap_mode(struct wpa_supplicant *wpa_s)
3227 const char *eapol_method;
3229 if (wpa_key_mgmt_wpa_ieee8021x(wpa_s->key_mgmt) == 0 &&
3230 wpa_s->key_mgmt != WPA_KEY_MGMT_IEEE8021X_NO_WPA) {
3234 eapol_method = eapol_sm_get_method_name(wpa_s->eapol);
3235 if (eapol_method == NULL)
3236 return "UNKNOWN-EAP";
3238 return eapol_method;
3243 * wpa_supplicant_get_iface - Get a new network interface
3244 * @global: Pointer to global data from wpa_supplicant_init()
3245 * @ifname: Interface name
3246 * Returns: Pointer to the interface or %NULL if not found
3248 struct wpa_supplicant * wpa_supplicant_get_iface(struct wpa_global *global,
3251 struct wpa_supplicant *wpa_s;
3253 for (wpa_s = global->ifaces; wpa_s; wpa_s = wpa_s->next) {
3254 if (os_strcmp(wpa_s->ifname, ifname) == 0)
3261 #ifndef CONFIG_NO_WPA_MSG
3262 static const char * wpa_supplicant_msg_ifname_cb(void *ctx)
3264 struct wpa_supplicant *wpa_s = ctx;
3267 return wpa_s->ifname;
3269 #endif /* CONFIG_NO_WPA_MSG */
3273 * wpa_supplicant_init - Initialize %wpa_supplicant
3274 * @params: Parameters for %wpa_supplicant
3275 * Returns: Pointer to global %wpa_supplicant data, or %NULL on failure
3277 * This function is used to initialize %wpa_supplicant. After successful
3278 * initialization, the returned data pointer can be used to add and remove
3279 * network interfaces, and eventually, to deinitialize %wpa_supplicant.
3281 struct wpa_global * wpa_supplicant_init(struct wpa_params *params)
3283 struct wpa_global *global;
3289 #ifdef CONFIG_DRIVER_NDIS
3291 void driver_ndis_init_ops(void);
3292 driver_ndis_init_ops();
3294 #endif /* CONFIG_DRIVER_NDIS */
3296 #ifndef CONFIG_NO_WPA_MSG
3297 wpa_msg_register_ifname_cb(wpa_supplicant_msg_ifname_cb);
3298 #endif /* CONFIG_NO_WPA_MSG */
3300 wpa_debug_open_file(params->wpa_debug_file_path);
3301 if (params->wpa_debug_syslog)
3302 wpa_debug_open_syslog();
3303 if (params->wpa_debug_tracing) {
3304 ret = wpa_debug_open_linux_tracing();
3306 wpa_printf(MSG_ERROR,
3307 "Failed to enable trace logging");
3312 ret = eap_register_methods();
3314 wpa_printf(MSG_ERROR, "Failed to register EAP methods");
3316 wpa_printf(MSG_ERROR, "Two or more EAP methods used "
3317 "the same EAP type.");
3321 global = os_zalloc(sizeof(*global));
3324 dl_list_init(&global->p2p_srv_bonjour);
3325 dl_list_init(&global->p2p_srv_upnp);
3326 global->params.daemonize = params->daemonize;
3327 global->params.wait_for_monitor = params->wait_for_monitor;
3328 global->params.dbus_ctrl_interface = params->dbus_ctrl_interface;
3329 if (params->pid_file)
3330 global->params.pid_file = os_strdup(params->pid_file);
3331 if (params->ctrl_interface)
3332 global->params.ctrl_interface =
3333 os_strdup(params->ctrl_interface);
3334 if (params->ctrl_interface_group)
3335 global->params.ctrl_interface_group =
3336 os_strdup(params->ctrl_interface_group);
3337 if (params->override_driver)
3338 global->params.override_driver =
3339 os_strdup(params->override_driver);
3340 if (params->override_ctrl_interface)
3341 global->params.override_ctrl_interface =
3342 os_strdup(params->override_ctrl_interface);
3343 wpa_debug_level = global->params.wpa_debug_level =
3344 params->wpa_debug_level;
3345 wpa_debug_show_keys = global->params.wpa_debug_show_keys =
3346 params->wpa_debug_show_keys;
3347 wpa_debug_timestamp = global->params.wpa_debug_timestamp =
3348 params->wpa_debug_timestamp;
3350 wpa_printf(MSG_DEBUG, "wpa_supplicant v" VERSION_STR);
3353 wpa_printf(MSG_ERROR, "Failed to initialize event loop");
3354 wpa_supplicant_deinit(global);
3358 random_init(params->entropy_file);
3360 global->ctrl_iface = wpa_supplicant_global_ctrl_iface_init(global);
3361 if (global->ctrl_iface == NULL) {
3362 wpa_supplicant_deinit(global);
3366 if (wpas_notify_supplicant_initialized(global)) {
3367 wpa_supplicant_deinit(global);
3371 for (i = 0; wpa_drivers[i]; i++)
3372 global->drv_count++;
3373 if (global->drv_count == 0) {
3374 wpa_printf(MSG_ERROR, "No drivers enabled");
3375 wpa_supplicant_deinit(global);
3378 global->drv_priv = os_zalloc(global->drv_count * sizeof(void *));
3379 if (global->drv_priv == NULL) {
3380 wpa_supplicant_deinit(global);
3384 #ifdef CONFIG_WIFI_DISPLAY
3385 if (wifi_display_init(global) < 0) {
3386 wpa_printf(MSG_ERROR, "Failed to initialize Wi-Fi Display");
3387 wpa_supplicant_deinit(global);
3390 #endif /* CONFIG_WIFI_DISPLAY */
3397 * wpa_supplicant_run - Run the %wpa_supplicant main event loop
3398 * @global: Pointer to global data from wpa_supplicant_init()
3399 * Returns: 0 after successful event loop run, -1 on failure
3401 * This function starts the main event loop and continues running as long as
3402 * there are any remaining events. In most cases, this function is running as
3403 * long as the %wpa_supplicant process in still in use.
3405 int wpa_supplicant_run(struct wpa_global *global)
3407 struct wpa_supplicant *wpa_s;
3409 if (global->params.daemonize &&
3410 wpa_supplicant_daemon(global->params.pid_file))
3413 if (global->params.wait_for_monitor) {
3414 for (wpa_s = global->ifaces; wpa_s; wpa_s = wpa_s->next)
3415 if (wpa_s->ctrl_iface)
3416 wpa_supplicant_ctrl_iface_wait(
3420 eloop_register_signal_terminate(wpa_supplicant_terminate, global);
3421 eloop_register_signal_reconfig(wpa_supplicant_reconfig, global);
3430 * wpa_supplicant_deinit - Deinitialize %wpa_supplicant
3431 * @global: Pointer to global data from wpa_supplicant_init()
3433 * This function is called to deinitialize %wpa_supplicant and to free all
3434 * allocated resources. Remaining network interfaces will also be removed.
3436 void wpa_supplicant_deinit(struct wpa_global *global)
3443 #ifdef CONFIG_WIFI_DISPLAY
3444 wifi_display_deinit(global);
3445 #endif /* CONFIG_WIFI_DISPLAY */
3447 while (global->ifaces)
3448 wpa_supplicant_remove_iface(global, global->ifaces, 1);
3450 if (global->ctrl_iface)
3451 wpa_supplicant_global_ctrl_iface_deinit(global->ctrl_iface);
3453 wpas_notify_supplicant_deinitialized(global);
3455 eap_peer_unregister_methods();
3457 eap_server_unregister_methods();
3458 #endif /* CONFIG_AP */
3460 for (i = 0; wpa_drivers[i] && global->drv_priv; i++) {
3461 if (!global->drv_priv[i])
3463 wpa_drivers[i]->global_deinit(global->drv_priv[i]);
3465 os_free(global->drv_priv);
3471 if (global->params.pid_file) {
3472 os_daemonize_terminate(global->params.pid_file);
3473 os_free(global->params.pid_file);
3475 os_free(global->params.ctrl_interface);
3476 os_free(global->params.ctrl_interface_group);
3477 os_free(global->params.override_driver);
3478 os_free(global->params.override_ctrl_interface);
3480 os_free(global->p2p_disallow_freq);
3483 wpa_debug_close_syslog();
3484 wpa_debug_close_file();
3485 wpa_debug_close_linux_tracing();
3489 void wpa_supplicant_update_config(struct wpa_supplicant *wpa_s)
3491 if ((wpa_s->conf->changed_parameters & CFG_CHANGED_COUNTRY) &&
3492 wpa_s->conf->country[0] && wpa_s->conf->country[1]) {
3494 country[0] = wpa_s->conf->country[0];
3495 country[1] = wpa_s->conf->country[1];
3497 if (wpa_drv_set_country(wpa_s, country) < 0) {
3498 wpa_printf(MSG_ERROR, "Failed to set country code "
3503 if (wpa_s->conf->changed_parameters & CFG_CHANGED_EXT_PW_BACKEND)
3504 wpas_init_ext_pw(wpa_s);
3507 wpas_wps_update_config(wpa_s);
3508 #endif /* CONFIG_WPS */
3511 wpas_p2p_update_config(wpa_s);
3512 #endif /* CONFIG_P2P */
3514 wpa_s->conf->changed_parameters = 0;
3518 static void add_freq(int *freqs, int *num_freqs, int freq)
3522 for (i = 0; i < *num_freqs; i++) {
3523 if (freqs[i] == freq)
3527 freqs[*num_freqs] = freq;
3532 static int * get_bss_freqs_in_ess(struct wpa_supplicant *wpa_s)
3534 struct wpa_bss *bss, *cbss;
3535 const int max_freqs = 10;
3539 freqs = os_zalloc(sizeof(int) * (max_freqs + 1));
3543 cbss = wpa_s->current_bss;
3545 dl_list_for_each(bss, &wpa_s->bss, struct wpa_bss, list) {
3548 if (bss->ssid_len == cbss->ssid_len &&
3549 os_memcmp(bss->ssid, cbss->ssid, bss->ssid_len) == 0 &&
3550 wpa_blacklist_get(wpa_s, bss->bssid) == NULL) {
3551 add_freq(freqs, &num_freqs, bss->freq);
3552 if (num_freqs == max_freqs)
3557 if (num_freqs == 0) {
3566 void wpas_connection_failed(struct wpa_supplicant *wpa_s, const u8 *bssid)
3573 * Remove possible authentication timeout since the connection failed.
3575 eloop_cancel_timeout(wpa_supplicant_timeout, wpa_s, NULL);
3577 if (wpa_s->disconnected) {
3579 * There is no point in blacklisting the AP if this event is
3580 * generated based on local request to disconnect.
3582 wpa_dbg(wpa_s, MSG_DEBUG, "Ignore connection failure "
3583 "indication since interface has been put into "
3584 "disconnected state");
3589 * Add the failed BSSID into the blacklist and speed up next scan
3590 * attempt if there could be other APs that could accept association.
3591 * The current blacklist count indicates how many times we have tried
3592 * connecting to this AP and multiple attempts mean that other APs are
3593 * either not available or has already been tried, so that we can start
3594 * increasing the delay here to avoid constant scanning.
3596 count = wpa_blacklist_add(wpa_s, bssid);
3597 if (count == 1 && wpa_s->current_bss) {
3599 * This BSS was not in the blacklist before. If there is
3600 * another BSS available for the same ESS, we should try that
3601 * next. Otherwise, we may as well try this one once more
3602 * before allowing other, likely worse, ESSes to be considered.
3604 freqs = get_bss_freqs_in_ess(wpa_s);
3606 wpa_dbg(wpa_s, MSG_DEBUG, "Another BSS in this ESS "
3607 "has been seen; try it next");
3608 wpa_blacklist_add(wpa_s, bssid);
3610 * On the next scan, go through only the known channels
3611 * used in this ESS based on previous scans to speed up
3612 * common load balancing use case.
3614 os_free(wpa_s->next_scan_freqs);
3615 wpa_s->next_scan_freqs = freqs;
3620 * Add previous failure count in case the temporary blacklist was
3621 * cleared due to no other BSSes being available.
3623 count += wpa_s->extra_blacklist_count;
3625 if (count > 3 && wpa_s->current_ssid) {
3626 wpa_printf(MSG_DEBUG, "Continuous association failures - "
3627 "consider temporary network disabling");
3628 wpas_auth_failed(wpa_s);
3649 wpa_dbg(wpa_s, MSG_DEBUG, "Blacklist count %d --> request scan in %d "
3650 "ms", count, timeout);
3653 * TODO: if more than one possible AP is available in scan results,
3654 * could try the other ones before requesting a new scan.
3656 wpa_supplicant_req_scan(wpa_s, timeout / 1000,
3657 1000 * (timeout % 1000));
3659 wpas_p2p_continue_after_scan(wpa_s);
3663 int wpas_driver_bss_selection(struct wpa_supplicant *wpa_s)
3665 return wpa_s->conf->ap_scan == 2 ||
3666 (wpa_s->drv_flags & WPA_DRIVER_FLAGS_BSS_SELECTION);
3670 #if defined(CONFIG_CTRL_IFACE) || defined(CONFIG_CTRL_IFACE_DBUS_NEW)
3671 int wpa_supplicant_ctrl_iface_ctrl_rsp_handle(struct wpa_supplicant *wpa_s,
3672 struct wpa_ssid *ssid,
3676 #ifdef IEEE8021X_EAPOL
3677 struct eap_peer_config *eap = &ssid->eap;
3679 wpa_printf(MSG_DEBUG, "CTRL_IFACE: response handle field=%s", field);
3680 wpa_hexdump_ascii_key(MSG_DEBUG, "CTRL_IFACE: response value",
3681 (const u8 *) value, os_strlen(value));
3683 switch (wpa_supplicant_ctrl_req_from_string(field)) {
3684 case WPA_CTRL_REQ_EAP_IDENTITY:
3685 os_free(eap->identity);
3686 eap->identity = (u8 *) os_strdup(value);
3687 eap->identity_len = os_strlen(value);
3688 eap->pending_req_identity = 0;
3689 if (ssid == wpa_s->current_ssid)
3690 wpa_s->reassociate = 1;
3692 case WPA_CTRL_REQ_EAP_PASSWORD:
3693 os_free(eap->password);
3694 eap->password = (u8 *) os_strdup(value);
3695 eap->password_len = os_strlen(value);
3696 eap->pending_req_password = 0;
3697 if (ssid == wpa_s->current_ssid)
3698 wpa_s->reassociate = 1;
3700 case WPA_CTRL_REQ_EAP_NEW_PASSWORD:
3701 os_free(eap->new_password);
3702 eap->new_password = (u8 *) os_strdup(value);
3703 eap->new_password_len = os_strlen(value);
3704 eap->pending_req_new_password = 0;
3705 if (ssid == wpa_s->current_ssid)
3706 wpa_s->reassociate = 1;
3708 case WPA_CTRL_REQ_EAP_PIN:
3710 eap->pin = os_strdup(value);
3711 eap->pending_req_pin = 0;
3712 if (ssid == wpa_s->current_ssid)
3713 wpa_s->reassociate = 1;
3715 case WPA_CTRL_REQ_EAP_OTP:
3717 eap->otp = (u8 *) os_strdup(value);
3718 eap->otp_len = os_strlen(value);
3719 os_free(eap->pending_req_otp);
3720 eap->pending_req_otp = NULL;
3721 eap->pending_req_otp_len = 0;
3723 case WPA_CTRL_REQ_EAP_PASSPHRASE:
3724 os_free(eap->private_key_passwd);
3725 eap->private_key_passwd = (u8 *) os_strdup(value);
3726 eap->pending_req_passphrase = 0;
3727 if (ssid == wpa_s->current_ssid)
3728 wpa_s->reassociate = 1;
3731 wpa_printf(MSG_DEBUG, "CTRL_IFACE: Unknown field '%s'", field);
3736 #else /* IEEE8021X_EAPOL */
3737 wpa_printf(MSG_DEBUG, "CTRL_IFACE: IEEE 802.1X not included");
3739 #endif /* IEEE8021X_EAPOL */
3741 #endif /* CONFIG_CTRL_IFACE || CONFIG_CTRL_IFACE_DBUS_NEW */
3744 int wpas_network_disabled(struct wpa_supplicant *wpa_s, struct wpa_ssid *ssid)
3747 unsigned int drv_enc;
3755 if (wpa_s && wpa_s->drv_capa_known)
3756 drv_enc = wpa_s->drv_enc;
3758 drv_enc = (unsigned int) -1;
3760 for (i = 0; i < NUM_WEP_KEYS; i++) {
3761 size_t len = ssid->wep_key_len[i];
3764 if (len == 5 && (drv_enc & WPA_DRIVER_CAPA_ENC_WEP40))
3766 if (len == 13 && (drv_enc & WPA_DRIVER_CAPA_ENC_WEP104))
3768 if (len == 16 && (drv_enc & WPA_DRIVER_CAPA_ENC_WEP128))
3770 return 1; /* invalid WEP key */
3773 if (wpa_key_mgmt_wpa_psk(ssid->key_mgmt) && !ssid->psk_set &&
3781 int wpas_is_p2p_prioritized(struct wpa_supplicant *wpa_s)
3783 if (wpa_s->global->conc_pref == WPA_CONC_PREF_P2P)
3785 if (wpa_s->global->conc_pref == WPA_CONC_PREF_STA)
3791 void wpas_auth_failed(struct wpa_supplicant *wpa_s)
3793 struct wpa_ssid *ssid = wpa_s->current_ssid;
3798 wpa_printf(MSG_DEBUG, "Authentication failure but no known "
3803 if (ssid->key_mgmt == WPA_KEY_MGMT_WPS)
3806 ssid->auth_failures++;
3809 if (ssid->p2p_group &&
3810 (wpa_s->p2p_in_provisioning || wpa_s->show_group_started)) {
3812 * Skip the wait time since there is a short timeout on the
3813 * connection to a P2P group.
3817 #endif /* CONFIG_P2P */
3819 if (ssid->auth_failures > 50)
3821 else if (ssid->auth_failures > 20)
3823 else if (ssid->auth_failures > 10)
3825 else if (ssid->auth_failures > 5)
3827 else if (ssid->auth_failures > 1)
3833 if (now.sec + dur <= ssid->disabled_until.sec)
3836 ssid->disabled_until.sec = now.sec + dur;
3838 wpa_msg(wpa_s, MSG_INFO, WPA_EVENT_TEMP_DISABLED
3839 "id=%d ssid=\"%s\" auth_failures=%u duration=%d",
3840 ssid->id, wpa_ssid_txt(ssid->ssid, ssid->ssid_len),
3841 ssid->auth_failures, dur);
3845 void wpas_clear_temp_disabled(struct wpa_supplicant *wpa_s,
3846 struct wpa_ssid *ssid, int clear_failures)
3851 if (ssid->disabled_until.sec) {
3852 wpa_msg(wpa_s, MSG_INFO, WPA_EVENT_REENABLED
3853 "id=%d ssid=\"%s\"",
3854 ssid->id, wpa_ssid_txt(ssid->ssid, ssid->ssid_len));
3856 ssid->disabled_until.sec = 0;
3857 ssid->disabled_until.usec = 0;
3859 ssid->auth_failures = 0;
3863 int disallowed_bssid(struct wpa_supplicant *wpa_s, const u8 *bssid)
3867 if (wpa_s->disallow_aps_bssid == NULL)
3870 for (i = 0; i < wpa_s->disallow_aps_bssid_count; i++) {
3871 if (os_memcmp(wpa_s->disallow_aps_bssid + i * ETH_ALEN,
3872 bssid, ETH_ALEN) == 0)
3880 int disallowed_ssid(struct wpa_supplicant *wpa_s, const u8 *ssid,
3885 if (wpa_s->disallow_aps_ssid == NULL || ssid == NULL)
3888 for (i = 0; i < wpa_s->disallow_aps_ssid_count; i++) {
3889 struct wpa_ssid_value *s = &wpa_s->disallow_aps_ssid[i];
3890 if (ssid_len == s->ssid_len &&
3891 os_memcmp(ssid, s->ssid, ssid_len) == 0)
3900 * wpas_request_connection - Request a new connection
3901 * @wpa_s: Pointer to the network interface
3903 * This function is used to request a new connection to be found. It will mark
3904 * the interface to allow reassociation and request a new scan to find a
3905 * suitable network to connect to.
3907 void wpas_request_connection(struct wpa_supplicant *wpa_s)
3909 wpa_s->normal_scans = 0;
3910 wpa_supplicant_reinit_autoscan(wpa_s);
3911 wpa_s->extra_blacklist_count = 0;
3912 wpa_s->disconnected = 0;
3913 wpa_s->reassociate = 1;
3915 if (wpa_supplicant_fast_associate(wpa_s) != 1)
3916 wpa_supplicant_req_scan(wpa_s, 0, 0);
3921 * wpas_wpa_is_in_progress - Check whether a connection is in progress
3922 * @wpa_s: Pointer to wpa_supplicant data
3924 * This function is to check if the wpa state is in beginning of the connection
3925 * during 4-way handshake or group key handshake with WPA on any shared
3928 int wpas_wpa_is_in_progress(struct wpa_supplicant *wpa_s)
3930 const char *rn, *rn2;
3931 struct wpa_supplicant *ifs;
3933 if (!wpa_s->driver->get_radio_name)
3936 rn = wpa_s->driver->get_radio_name(wpa_s->drv_priv);
3937 if (rn == NULL || rn[0] == '\0')
3940 for (ifs = wpa_s->global->ifaces; ifs; ifs = ifs->next) {
3941 if (ifs == wpa_s || !ifs->driver->get_radio_name)
3944 rn2 = ifs->driver->get_radio_name(ifs->drv_priv);
3945 if (!rn2 || os_strcmp(rn, rn2) != 0)
3947 if (ifs->wpa_state >= WPA_AUTHENTICATING &&
3948 ifs->wpa_state != WPA_COMPLETED) {
3949 wpa_dbg(wpa_s, MSG_DEBUG, "Connection is in progress "
3950 "on interface %s - defer scan", ifs->ifname);
3960 * Find the operating frequencies of any of the virtual interfaces that
3961 * are using the same radio as the current interface.
3963 int get_shared_radio_freqs(struct wpa_supplicant *wpa_s,
3964 int *freq_array, unsigned int len)
3966 const char *rn, *rn2;
3967 struct wpa_supplicant *ifs;
3970 unsigned int idx = 0, i;
3972 os_memset(freq_array, 0, sizeof(int) * len);
3974 /* First add the frequency of the local interface */
3975 if (wpa_s->current_ssid != NULL && wpa_s->assoc_freq != 0) {
3976 if (wpa_s->current_ssid->mode == WPAS_MODE_AP ||
3977 wpa_s->current_ssid->mode == WPAS_MODE_P2P_GO)
3978 freq_array[idx++] = wpa_s->current_ssid->frequency;
3979 else if (wpa_drv_get_bssid(wpa_s, bssid) == 0)
3980 freq_array[idx++] = wpa_s->assoc_freq;
3983 /* If get_radio_name is not supported, use only the local freq */
3984 if (!wpa_s->driver->get_radio_name) {
3985 freq = wpa_drv_shared_freq(wpa_s);
3986 if (freq > 0 && idx < len &&
3987 (idx == 0 || freq_array[0] != freq))
3988 freq_array[idx++] = freq;
3992 rn = wpa_s->driver->get_radio_name(wpa_s->drv_priv);
3993 if (rn == NULL || rn[0] == '\0')
3996 for (ifs = wpa_s->global->ifaces, idx = 0; ifs && idx < len;
3998 if (wpa_s == ifs || !ifs->driver->get_radio_name)
4001 rn2 = ifs->driver->get_radio_name(ifs->drv_priv);
4002 if (!rn2 || os_strcmp(rn, rn2) != 0)
4005 if (ifs->current_ssid == NULL || ifs->assoc_freq == 0)
4008 if (ifs->current_ssid->mode == WPAS_MODE_AP ||
4009 ifs->current_ssid->mode == WPAS_MODE_P2P_GO)
4010 freq = ifs->current_ssid->frequency;
4011 else if (wpa_drv_get_bssid(ifs, bssid) == 0)
4012 freq = ifs->assoc_freq;
4016 /* Hold only distinct freqs */
4017 for (i = 0; i < idx; i++)
4018 if (freq_array[i] == freq)
4022 freq_array[idx++] = freq;