3 * Copyright (c) 2003-2009, Jouni Malinen <j@w1.fi>
5 * This program is free software; you can redistribute it and/or modify
6 * it under the terms of the GNU General Public License version 2 as
7 * published by the Free Software Foundation.
9 * Alternatively, this software may be distributed under the terms of BSD
12 * See README and COPYING for more details.
14 * This file implements functions for registering and unregistering
15 * %wpa_supplicant interfaces. In addition, this file contains number of
16 * functions for managing network connections.
22 #include "eapol_supp/eapol_supp_sm.h"
23 #include "eap_peer/eap.h"
24 #include "eap_server/eap_methods.h"
25 #include "rsn_supp/wpa.h"
28 #include "l2_packet/l2_packet.h"
29 #include "wpa_supplicant_i.h"
31 #include "ctrl_iface.h"
32 #include "pcsc_funcs.h"
33 #include "common/version.h"
34 #include "rsn_supp/preauth.h"
35 #include "rsn_supp/pmksa_cache.h"
36 #include "common/wpa_ctrl.h"
38 #include "common/ieee802_11_defs.h"
39 #include "blacklist.h"
40 #include "wpas_glue.h"
41 #include "wps_supplicant.h"
50 const char *wpa_supplicant_version =
51 "wpa_supplicant v" VERSION_STR "\n"
52 "Copyright (c) 2003-2009, Jouni Malinen <j@w1.fi> and contributors";
54 const char *wpa_supplicant_license =
55 "This program is free software. You can distribute it and/or modify it\n"
56 "under the terms of the GNU General Public License version 2.\n"
58 "Alternatively, this software may be distributed under the terms of the\n"
59 "BSD license. See README and COPYING for more details.\n"
60 #ifdef EAP_TLS_OPENSSL
61 "\nThis product includes software developed by the OpenSSL Project\n"
62 "for use in the OpenSSL Toolkit (http://www.openssl.org/)\n"
63 #endif /* EAP_TLS_OPENSSL */
66 #ifndef CONFIG_NO_STDOUT_DEBUG
67 /* Long text divided into parts in order to fit in C89 strings size limits. */
68 const char *wpa_supplicant_full_license1 =
69 "This program is free software; you can redistribute it and/or modify\n"
70 "it under the terms of the GNU General Public License version 2 as\n"
71 "published by the Free Software Foundation.\n"
73 "This program is distributed in the hope that it will be useful,\n"
74 "but WITHOUT ANY WARRANTY; without even the implied warranty of\n"
75 "MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n"
76 "GNU General Public License for more details.\n"
78 const char *wpa_supplicant_full_license2 =
79 "You should have received a copy of the GNU General Public License\n"
80 "along with this program; if not, write to the Free Software\n"
81 "Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA\n"
83 "Alternatively, this software may be distributed under the terms of the\n"
86 "Redistribution and use in source and binary forms, with or without\n"
87 "modification, are permitted provided that the following conditions are\n"
90 const char *wpa_supplicant_full_license3 =
91 "1. Redistributions of source code must retain the above copyright\n"
92 " notice, this list of conditions and the following disclaimer.\n"
94 "2. Redistributions in binary form must reproduce the above copyright\n"
95 " notice, this list of conditions and the following disclaimer in the\n"
96 " documentation and/or other materials provided with the distribution.\n"
98 const char *wpa_supplicant_full_license4 =
99 "3. Neither the name(s) of the above-listed copyright holder(s) nor the\n"
100 " names of its contributors may be used to endorse or promote products\n"
101 " derived from this software without specific prior written permission.\n"
103 "THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS\n"
104 "\"AS IS\" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT\n"
105 "LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR\n"
106 "A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT\n";
107 const char *wpa_supplicant_full_license5 =
108 "OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,\n"
109 "SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT\n"
110 "LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,\n"
111 "DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY\n"
112 "THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT\n"
113 "(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE\n"
114 "OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n"
116 #endif /* CONFIG_NO_STDOUT_DEBUG */
118 extern int wpa_debug_level;
119 extern int wpa_debug_show_keys;
120 extern int wpa_debug_timestamp;
121 extern struct wpa_driver_ops *wpa_drivers[];
123 /* Configure default/group WEP keys for static WEP */
124 int wpa_set_wep_keys(struct wpa_supplicant *wpa_s, struct wpa_ssid *ssid)
128 for (i = 0; i < NUM_WEP_KEYS; i++) {
129 if (ssid->wep_key_len[i] == 0)
133 wpa_drv_set_key(wpa_s, WPA_ALG_WEP,
134 (u8 *) "\xff\xff\xff\xff\xff\xff",
135 i, i == ssid->wep_tx_keyidx, (u8 *) "", 0,
136 ssid->wep_key[i], ssid->wep_key_len[i]);
143 static int wpa_supplicant_set_wpa_none_key(struct wpa_supplicant *wpa_s,
144 struct wpa_ssid *ssid)
151 /* IBSS/WPA-None uses only one key (Group) for both receiving and
152 * sending unicast and multicast packets. */
154 if (ssid->mode != WPAS_MODE_IBSS) {
155 wpa_printf(MSG_INFO, "WPA: Invalid mode %d (not IBSS/ad-hoc) "
156 "for WPA-None", ssid->mode);
160 if (!ssid->psk_set) {
161 wpa_printf(MSG_INFO, "WPA: No PSK configured for WPA-None");
165 switch (wpa_s->group_cipher) {
166 case WPA_CIPHER_CCMP:
167 os_memcpy(key, ssid->psk, 16);
171 case WPA_CIPHER_TKIP:
172 /* WPA-None uses the same Michael MIC key for both TX and RX */
173 os_memcpy(key, ssid->psk, 16 + 8);
174 os_memcpy(key + 16 + 8, ssid->psk + 16, 8);
179 wpa_printf(MSG_INFO, "WPA: Invalid group cipher %d for "
180 "WPA-None", wpa_s->group_cipher);
184 /* TODO: should actually remember the previously used seq#, both for TX
185 * and RX from each STA.. */
187 return wpa_drv_set_key(wpa_s, alg, (u8 *) "\xff\xff\xff\xff\xff\xff",
188 0, 1, seq, 6, key, keylen);
192 static void wpa_supplicant_timeout(void *eloop_ctx, void *timeout_ctx)
194 struct wpa_supplicant *wpa_s = eloop_ctx;
195 const u8 *bssid = wpa_s->bssid;
196 if (is_zero_ether_addr(bssid))
197 bssid = wpa_s->pending_bssid;
198 wpa_msg(wpa_s, MSG_INFO, "Authentication with " MACSTR " timed out.",
200 wpa_blacklist_add(wpa_s, bssid);
201 wpa_sm_notify_disassoc(wpa_s->wpa);
202 wpa_supplicant_disassociate(wpa_s, WLAN_REASON_DEAUTH_LEAVING);
203 wpa_s->reassociate = 1;
204 wpa_supplicant_req_scan(wpa_s, 0, 0);
209 * wpa_supplicant_req_auth_timeout - Schedule a timeout for authentication
210 * @wpa_s: Pointer to wpa_supplicant data
211 * @sec: Number of seconds after which to time out authentication
212 * @usec: Number of microseconds after which to time out authentication
214 * This function is used to schedule a timeout for the current authentication
217 void wpa_supplicant_req_auth_timeout(struct wpa_supplicant *wpa_s,
220 if (wpa_s->conf && wpa_s->conf->ap_scan == 0 &&
221 (wpa_s->drv_flags & WPA_DRIVER_FLAGS_WIRED))
224 wpa_msg(wpa_s, MSG_DEBUG, "Setting authentication timeout: %d sec "
225 "%d usec", sec, usec);
226 eloop_cancel_timeout(wpa_supplicant_timeout, wpa_s, NULL);
227 eloop_register_timeout(sec, usec, wpa_supplicant_timeout, wpa_s, NULL);
232 * wpa_supplicant_cancel_auth_timeout - Cancel authentication timeout
233 * @wpa_s: Pointer to wpa_supplicant data
235 * This function is used to cancel authentication timeout scheduled with
236 * wpa_supplicant_req_auth_timeout() and it is called when authentication has
239 void wpa_supplicant_cancel_auth_timeout(struct wpa_supplicant *wpa_s)
241 wpa_msg(wpa_s, MSG_DEBUG, "Cancelling authentication timeout");
242 eloop_cancel_timeout(wpa_supplicant_timeout, wpa_s, NULL);
243 wpa_blacklist_del(wpa_s, wpa_s->bssid);
248 * wpa_supplicant_initiate_eapol - Configure EAPOL state machine
249 * @wpa_s: Pointer to wpa_supplicant data
251 * This function is used to configure EAPOL state machine based on the selected
252 * authentication mode.
254 void wpa_supplicant_initiate_eapol(struct wpa_supplicant *wpa_s)
256 #ifdef IEEE8021X_EAPOL
257 struct eapol_config eapol_conf;
258 struct wpa_ssid *ssid = wpa_s->current_ssid;
260 #ifdef CONFIG_IBSS_RSN
261 if (ssid->mode == WPAS_MODE_IBSS &&
262 wpa_s->key_mgmt != WPA_KEY_MGMT_NONE &&
263 wpa_s->key_mgmt != WPA_KEY_MGMT_WPA_NONE) {
265 * RSN IBSS authentication is per-STA and we can disable the
266 * per-BSSID EAPOL authentication.
268 eapol_sm_notify_portControl(wpa_s->eapol, ForceAuthorized);
269 eapol_sm_notify_eap_success(wpa_s->eapol, TRUE);
270 eapol_sm_notify_eap_fail(wpa_s->eapol, FALSE);
273 #endif /* CONFIG_IBSS_RSN */
275 eapol_sm_notify_eap_success(wpa_s->eapol, FALSE);
276 eapol_sm_notify_eap_fail(wpa_s->eapol, FALSE);
278 if (wpa_s->key_mgmt == WPA_KEY_MGMT_NONE ||
279 wpa_s->key_mgmt == WPA_KEY_MGMT_WPA_NONE)
280 eapol_sm_notify_portControl(wpa_s->eapol, ForceAuthorized);
282 eapol_sm_notify_portControl(wpa_s->eapol, Auto);
284 os_memset(&eapol_conf, 0, sizeof(eapol_conf));
285 if (wpa_s->key_mgmt == WPA_KEY_MGMT_IEEE8021X_NO_WPA) {
286 eapol_conf.accept_802_1x_keys = 1;
287 eapol_conf.required_keys = 0;
288 if (ssid->eapol_flags & EAPOL_FLAG_REQUIRE_KEY_UNICAST) {
289 eapol_conf.required_keys |= EAPOL_REQUIRE_KEY_UNICAST;
291 if (ssid->eapol_flags & EAPOL_FLAG_REQUIRE_KEY_BROADCAST) {
292 eapol_conf.required_keys |=
293 EAPOL_REQUIRE_KEY_BROADCAST;
296 if (wpa_s->conf && (wpa_s->drv_flags & WPA_DRIVER_FLAGS_WIRED))
297 eapol_conf.required_keys = 0;
300 eapol_conf.fast_reauth = wpa_s->conf->fast_reauth;
301 eapol_conf.workaround = ssid->eap_workaround;
302 eapol_conf.eap_disabled =
303 !wpa_key_mgmt_wpa_ieee8021x(wpa_s->key_mgmt) &&
304 wpa_s->key_mgmt != WPA_KEY_MGMT_IEEE8021X_NO_WPA &&
305 wpa_s->key_mgmt != WPA_KEY_MGMT_WPS;
306 eapol_sm_notify_config(wpa_s->eapol, &ssid->eap, &eapol_conf);
307 #endif /* IEEE8021X_EAPOL */
312 * wpa_supplicant_set_non_wpa_policy - Set WPA parameters to non-WPA mode
313 * @wpa_s: Pointer to wpa_supplicant data
314 * @ssid: Configuration data for the network
316 * This function is used to configure WPA state machine and related parameters
317 * to a mode where WPA is not enabled. This is called as part of the
318 * authentication configuration when the selected network does not use WPA.
320 void wpa_supplicant_set_non_wpa_policy(struct wpa_supplicant *wpa_s,
321 struct wpa_ssid *ssid)
325 if (ssid->key_mgmt & WPA_KEY_MGMT_WPS)
326 wpa_s->key_mgmt = WPA_KEY_MGMT_WPS;
327 else if (ssid->key_mgmt & WPA_KEY_MGMT_IEEE8021X_NO_WPA)
328 wpa_s->key_mgmt = WPA_KEY_MGMT_IEEE8021X_NO_WPA;
330 wpa_s->key_mgmt = WPA_KEY_MGMT_NONE;
331 wpa_sm_set_ap_wpa_ie(wpa_s->wpa, NULL, 0);
332 wpa_sm_set_ap_rsn_ie(wpa_s->wpa, NULL, 0);
333 wpa_sm_set_assoc_wpa_ie(wpa_s->wpa, NULL, 0);
334 wpa_s->pairwise_cipher = WPA_CIPHER_NONE;
335 wpa_s->group_cipher = WPA_CIPHER_NONE;
336 wpa_s->mgmt_group_cipher = 0;
338 for (i = 0; i < NUM_WEP_KEYS; i++) {
339 if (ssid->wep_key_len[i] > 5) {
340 wpa_s->pairwise_cipher = WPA_CIPHER_WEP104;
341 wpa_s->group_cipher = WPA_CIPHER_WEP104;
343 } else if (ssid->wep_key_len[i] > 0) {
344 wpa_s->pairwise_cipher = WPA_CIPHER_WEP40;
345 wpa_s->group_cipher = WPA_CIPHER_WEP40;
350 wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_RSN_ENABLED, 0);
351 wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_KEY_MGMT, wpa_s->key_mgmt);
352 wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_PAIRWISE,
353 wpa_s->pairwise_cipher);
354 wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_GROUP, wpa_s->group_cipher);
355 #ifdef CONFIG_IEEE80211W
356 wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_MGMT_GROUP,
357 wpa_s->mgmt_group_cipher);
358 #endif /* CONFIG_IEEE80211W */
360 pmksa_cache_clear_current(wpa_s->wpa);
364 static void wpa_supplicant_cleanup(struct wpa_supplicant *wpa_s)
366 bgscan_deinit(wpa_s);
367 scard_deinit(wpa_s->scard);
369 wpa_sm_set_scard_ctx(wpa_s->wpa, NULL);
370 eapol_sm_register_scard_ctx(wpa_s->eapol, NULL);
371 l2_packet_deinit(wpa_s->l2);
374 l2_packet_deinit(wpa_s->l2_br);
378 if (wpa_s->ctrl_iface) {
379 wpa_supplicant_ctrl_iface_deinit(wpa_s->ctrl_iface);
380 wpa_s->ctrl_iface = NULL;
382 if (wpa_s->conf != NULL) {
383 struct wpa_ssid *ssid;
384 for (ssid = wpa_s->conf->ssid; ssid; ssid = ssid->next)
385 wpas_notify_network_removed(wpa_s, ssid);
386 wpa_config_free(wpa_s->conf);
390 os_free(wpa_s->confname);
391 wpa_s->confname = NULL;
393 wpa_sm_set_eapol(wpa_s->wpa, NULL);
394 eapol_sm_deinit(wpa_s->eapol);
397 rsn_preauth_deinit(wpa_s->wpa);
399 pmksa_candidate_free(wpa_s->wpa);
400 wpa_sm_deinit(wpa_s->wpa);
402 wpa_blacklist_clear(wpa_s);
404 wpa_bss_deinit(wpa_s);
406 wpa_supplicant_cancel_scan(wpa_s);
407 wpa_supplicant_cancel_auth_timeout(wpa_s);
409 ieee80211_sta_deinit(wpa_s);
411 wpas_wps_deinit(wpa_s);
413 wpabuf_free(wpa_s->pending_eapol_rx);
414 wpa_s->pending_eapol_rx = NULL;
416 #ifdef CONFIG_IBSS_RSN
417 ibss_rsn_deinit(wpa_s->ibss_rsn);
418 wpa_s->ibss_rsn = NULL;
419 #endif /* CONFIG_IBSS_RSN */
422 os_free(wpa_s->sme.ft_ies);
423 wpa_s->sme.ft_ies = NULL;
424 wpa_s->sme.ft_ies_len = 0;
425 #endif /* CONFIG_SME */
428 wpa_supplicant_ap_deinit(wpa_s);
429 #endif /* CONFIG_AP */
434 * wpa_clear_keys - Clear keys configured for the driver
435 * @wpa_s: Pointer to wpa_supplicant data
436 * @addr: Previously used BSSID or %NULL if not available
438 * This function clears the encryption keys that has been previously configured
441 void wpa_clear_keys(struct wpa_supplicant *wpa_s, const u8 *addr)
443 u8 *bcast = (u8 *) "\xff\xff\xff\xff\xff\xff";
445 if (wpa_s->keys_cleared) {
446 /* Some drivers (e.g., ndiswrapper & NDIS drivers) seem to have
447 * timing issues with keys being cleared just before new keys
448 * are set or just after association or something similar. This
449 * shows up in group key handshake failing often because of the
450 * client not receiving the first encrypted packets correctly.
451 * Skipping some of the extra key clearing steps seems to help
452 * in completing group key handshake more reliably. */
453 wpa_printf(MSG_DEBUG, "No keys have been configured - "
454 "skip key clearing");
458 /* MLME-DELETEKEYS.request */
459 wpa_drv_set_key(wpa_s, WPA_ALG_NONE, bcast, 0, 0, NULL, 0, NULL, 0);
460 wpa_drv_set_key(wpa_s, WPA_ALG_NONE, bcast, 1, 0, NULL, 0, NULL, 0);
461 wpa_drv_set_key(wpa_s, WPA_ALG_NONE, bcast, 2, 0, NULL, 0, NULL, 0);
462 wpa_drv_set_key(wpa_s, WPA_ALG_NONE, bcast, 3, 0, NULL, 0, NULL, 0);
463 #ifdef CONFIG_IEEE80211W
464 wpa_drv_set_key(wpa_s, WPA_ALG_NONE, bcast, 4, 0, NULL, 0, NULL, 0);
465 wpa_drv_set_key(wpa_s, WPA_ALG_NONE, bcast, 5, 0, NULL, 0, NULL, 0);
466 #endif /* CONFIG_IEEE80211W */
468 wpa_drv_set_key(wpa_s, WPA_ALG_NONE, addr, 0, 0, NULL, 0, NULL,
470 /* MLME-SETPROTECTION.request(None) */
471 wpa_drv_mlme_setprotection(
473 MLME_SETPROTECTION_PROTECT_TYPE_NONE,
474 MLME_SETPROTECTION_KEY_TYPE_PAIRWISE);
476 wpa_s->keys_cleared = 1;
481 * wpa_supplicant_state_txt - Get the connection state name as a text string
482 * @state: State (wpa_state; WPA_*)
483 * Returns: The state name as a printable text string
485 const char * wpa_supplicant_state_txt(enum wpa_states state)
488 case WPA_DISCONNECTED:
489 return "DISCONNECTED";
494 case WPA_AUTHENTICATING:
495 return "AUTHENTICATING";
496 case WPA_ASSOCIATING:
497 return "ASSOCIATING";
500 case WPA_4WAY_HANDSHAKE:
501 return "4WAY_HANDSHAKE";
502 case WPA_GROUP_HANDSHAKE:
503 return "GROUP_HANDSHAKE";
513 * wpa_supplicant_set_state - Set current connection state
514 * @wpa_s: Pointer to wpa_supplicant data
515 * @state: The new connection state
517 * This function is called whenever the connection state changes, e.g.,
518 * association is completed for WPA/WPA2 4-Way Handshake is started.
520 void wpa_supplicant_set_state(struct wpa_supplicant *wpa_s,
521 enum wpa_states state)
523 wpa_printf(MSG_DEBUG, "State: %s -> %s",
524 wpa_supplicant_state_txt(wpa_s->wpa_state),
525 wpa_supplicant_state_txt(state));
527 if (state != WPA_SCANNING)
528 wpa_supplicant_notify_scanning(wpa_s, 0);
530 wpas_notify_state_changed(wpa_s, state, wpa_s->wpa_state);
532 if (state == WPA_COMPLETED && wpa_s->new_connection) {
533 #if defined(CONFIG_CTRL_IFACE) || !defined(CONFIG_NO_STDOUT_DEBUG)
534 struct wpa_ssid *ssid = wpa_s->current_ssid;
535 wpa_msg(wpa_s, MSG_INFO, WPA_EVENT_CONNECTED "- Connection to "
536 MACSTR " completed %s [id=%d id_str=%s]",
537 MAC2STR(wpa_s->bssid), wpa_s->reassociated_connection ?
538 "(reauth)" : "(auth)",
539 ssid ? ssid->id : -1,
540 ssid && ssid->id_str ? ssid->id_str : "");
541 #endif /* CONFIG_CTRL_IFACE || !CONFIG_NO_STDOUT_DEBUG */
542 wpa_s->new_connection = 0;
543 wpa_s->reassociated_connection = 1;
544 wpa_drv_set_operstate(wpa_s, 1);
545 } else if (state == WPA_DISCONNECTED || state == WPA_ASSOCIATING ||
546 state == WPA_ASSOCIATED) {
547 wpa_s->new_connection = 1;
548 wpa_drv_set_operstate(wpa_s, 0);
550 wpa_s->wpa_state = state;
554 void wpa_supplicant_terminate_proc(struct wpa_global *global)
558 struct wpa_supplicant *wpa_s = global->ifaces;
560 if (wpas_wps_terminate_pending(wpa_s) == 1)
564 #endif /* CONFIG_WPS */
571 static void wpa_supplicant_terminate(int sig, void *signal_ctx)
573 struct wpa_global *global = signal_ctx;
574 struct wpa_supplicant *wpa_s;
575 for (wpa_s = global->ifaces; wpa_s; wpa_s = wpa_s->next) {
576 wpa_msg(wpa_s, MSG_INFO, WPA_EVENT_TERMINATING "- signal %d "
579 wpa_supplicant_terminate_proc(global);
583 static void wpa_supplicant_clear_status(struct wpa_supplicant *wpa_s)
585 enum wpa_states old_state = wpa_s->wpa_state;
586 wpa_s->pairwise_cipher = 0;
587 wpa_s->group_cipher = 0;
588 wpa_s->mgmt_group_cipher = 0;
590 wpa_s->wpa_state = WPA_DISCONNECTED;
591 wpas_notify_state_changed(wpa_s, wpa_s->wpa_state, old_state);
596 * wpa_supplicant_reload_configuration - Reload configuration data
597 * @wpa_s: Pointer to wpa_supplicant data
598 * Returns: 0 on success or -1 if configuration parsing failed
600 * This function can be used to request that the configuration data is reloaded
601 * (e.g., after configuration file change). This function is reloading
602 * configuration only for one interface, so this may need to be called multiple
603 * times if %wpa_supplicant is controlling multiple interfaces and all
604 * interfaces need reconfiguration.
606 int wpa_supplicant_reload_configuration(struct wpa_supplicant *wpa_s)
608 struct wpa_config *conf;
609 struct wpa_ssid *old_ssid;
613 if (wpa_s->confname == NULL)
615 conf = wpa_config_read(wpa_s->confname);
617 wpa_msg(wpa_s, MSG_ERROR, "Failed to parse the configuration "
618 "file '%s' - exiting", wpa_s->confname);
622 reconf_ctrl = !!conf->ctrl_interface != !!wpa_s->conf->ctrl_interface
623 || (conf->ctrl_interface && wpa_s->conf->ctrl_interface &&
624 os_strcmp(conf->ctrl_interface,
625 wpa_s->conf->ctrl_interface) != 0);
627 if (reconf_ctrl && wpa_s->ctrl_iface) {
628 wpa_supplicant_ctrl_iface_deinit(wpa_s->ctrl_iface);
629 wpa_s->ctrl_iface = NULL;
632 eapol_sm_invalidate_cached_session(wpa_s->eapol);
633 old_ssid = wpa_s->current_ssid;
634 wpa_s->current_ssid = NULL;
635 if (old_ssid != wpa_s->current_ssid)
636 wpas_notify_network_changed(wpa_s);
639 * TODO: should notify EAPOL SM about changes in opensc_engine_path,
640 * pkcs11_engine_path, pkcs11_module_path.
642 if (wpa_key_mgmt_wpa_psk(wpa_s->key_mgmt)) {
644 * Clear forced success to clear EAP state for next
647 eapol_sm_notify_eap_success(wpa_s->eapol, FALSE);
649 eapol_sm_notify_config(wpa_s->eapol, NULL, NULL);
650 wpa_sm_set_config(wpa_s->wpa, NULL);
651 wpa_sm_set_fast_reauth(wpa_s->wpa, wpa_s->conf->fast_reauth);
652 rsn_preauth_deinit(wpa_s->wpa);
654 old_ap_scan = wpa_s->conf->ap_scan;
655 wpa_config_free(wpa_s->conf);
657 if (old_ap_scan != wpa_s->conf->ap_scan)
658 wpas_notify_ap_scan_changed(wpa_s);
661 wpa_s->ctrl_iface = wpa_supplicant_ctrl_iface_init(wpa_s);
663 wpa_supplicant_clear_status(wpa_s);
664 wpa_s->reassociate = 1;
665 wpa_supplicant_req_scan(wpa_s, 0, 0);
666 wpa_msg(wpa_s, MSG_DEBUG, "Reconfiguration completed");
671 static void wpa_supplicant_reconfig(int sig, void *signal_ctx)
673 struct wpa_global *global = signal_ctx;
674 struct wpa_supplicant *wpa_s;
675 wpa_printf(MSG_DEBUG, "Signal %d received - reconfiguring", sig);
676 for (wpa_s = global->ifaces; wpa_s; wpa_s = wpa_s->next) {
677 if (wpa_supplicant_reload_configuration(wpa_s) < 0) {
678 wpa_supplicant_terminate_proc(global);
684 static enum wpa_cipher cipher_suite2driver(int cipher)
687 case WPA_CIPHER_NONE:
689 case WPA_CIPHER_WEP40:
691 case WPA_CIPHER_WEP104:
692 return CIPHER_WEP104;
693 case WPA_CIPHER_CCMP:
695 case WPA_CIPHER_TKIP:
702 static enum wpa_key_mgmt key_mgmt2driver(int key_mgmt)
705 case WPA_KEY_MGMT_NONE:
706 return KEY_MGMT_NONE;
707 case WPA_KEY_MGMT_IEEE8021X_NO_WPA:
708 return KEY_MGMT_802_1X_NO_WPA;
709 case WPA_KEY_MGMT_IEEE8021X:
710 return KEY_MGMT_802_1X;
711 case WPA_KEY_MGMT_WPA_NONE:
712 return KEY_MGMT_WPA_NONE;
713 case WPA_KEY_MGMT_FT_IEEE8021X:
714 return KEY_MGMT_FT_802_1X;
715 case WPA_KEY_MGMT_FT_PSK:
716 return KEY_MGMT_FT_PSK;
717 case WPA_KEY_MGMT_IEEE8021X_SHA256:
718 return KEY_MGMT_802_1X_SHA256;
719 case WPA_KEY_MGMT_PSK_SHA256:
720 return KEY_MGMT_PSK_SHA256;
721 case WPA_KEY_MGMT_WPS:
723 case WPA_KEY_MGMT_PSK:
730 static int wpa_supplicant_suites_from_ai(struct wpa_supplicant *wpa_s,
731 struct wpa_ssid *ssid,
732 struct wpa_ie_data *ie)
734 int ret = wpa_sm_parse_own_wpa_ie(wpa_s->wpa, ie);
737 wpa_msg(wpa_s, MSG_INFO, "WPA: Failed to parse WPA IE "
738 "from association info");
743 wpa_printf(MSG_DEBUG, "WPA: Using WPA IE from AssocReq to set cipher "
745 if (!(ie->group_cipher & ssid->group_cipher)) {
746 wpa_msg(wpa_s, MSG_INFO, "WPA: Driver used disabled group "
747 "cipher 0x%x (mask 0x%x) - reject",
748 ie->group_cipher, ssid->group_cipher);
751 if (!(ie->pairwise_cipher & ssid->pairwise_cipher)) {
752 wpa_msg(wpa_s, MSG_INFO, "WPA: Driver used disabled pairwise "
753 "cipher 0x%x (mask 0x%x) - reject",
754 ie->pairwise_cipher, ssid->pairwise_cipher);
757 if (!(ie->key_mgmt & ssid->key_mgmt)) {
758 wpa_msg(wpa_s, MSG_INFO, "WPA: Driver used disabled key "
759 "management 0x%x (mask 0x%x) - reject",
760 ie->key_mgmt, ssid->key_mgmt);
764 #ifdef CONFIG_IEEE80211W
765 if (!(ie->capabilities & WPA_CAPABILITY_MFPC) &&
766 ssid->ieee80211w == IEEE80211W_REQUIRED) {
767 wpa_msg(wpa_s, MSG_INFO, "WPA: Driver associated with an AP "
768 "that does not support management frame protection - "
772 #endif /* CONFIG_IEEE80211W */
779 * wpa_supplicant_set_suites - Set authentication and encryption parameters
780 * @wpa_s: Pointer to wpa_supplicant data
781 * @bss: Scan results for the selected BSS, or %NULL if not available
782 * @ssid: Configuration data for the selected network
783 * @wpa_ie: Buffer for the WPA/RSN IE
784 * @wpa_ie_len: Maximum wpa_ie buffer size on input. This is changed to be the
785 * used buffer length in case the functions returns success.
786 * Returns: 0 on success or -1 on failure
788 * This function is used to configure authentication and encryption parameters
789 * based on the network configuration and scan result for the selected BSS (if
792 int wpa_supplicant_set_suites(struct wpa_supplicant *wpa_s,
793 struct wpa_bss *bss, struct wpa_ssid *ssid,
794 u8 *wpa_ie, size_t *wpa_ie_len)
796 struct wpa_ie_data ie;
798 const u8 *bss_wpa, *bss_rsn;
801 bss_wpa = wpa_bss_get_vendor_ie(bss, WPA_IE_VENDOR_TYPE);
802 bss_rsn = wpa_bss_get_ie(bss, WLAN_EID_RSN);
804 bss_wpa = bss_rsn = NULL;
806 if (bss_rsn && (ssid->proto & WPA_PROTO_RSN) &&
807 wpa_parse_wpa_ie(bss_rsn, 2 + bss_rsn[1], &ie) == 0 &&
808 (ie.group_cipher & ssid->group_cipher) &&
809 (ie.pairwise_cipher & ssid->pairwise_cipher) &&
810 (ie.key_mgmt & ssid->key_mgmt)) {
811 wpa_msg(wpa_s, MSG_DEBUG, "RSN: using IEEE 802.11i/D9.0");
812 proto = WPA_PROTO_RSN;
813 } else if (bss_wpa && (ssid->proto & WPA_PROTO_WPA) &&
814 wpa_parse_wpa_ie(bss_wpa, 2 +bss_wpa[1], &ie) == 0 &&
815 (ie.group_cipher & ssid->group_cipher) &&
816 (ie.pairwise_cipher & ssid->pairwise_cipher) &&
817 (ie.key_mgmt & ssid->key_mgmt)) {
818 wpa_msg(wpa_s, MSG_DEBUG, "WPA: using IEEE 802.11i/D3.0");
819 proto = WPA_PROTO_WPA;
821 wpa_msg(wpa_s, MSG_WARNING, "WPA: Failed to select WPA/RSN");
824 if (ssid->proto & WPA_PROTO_RSN)
825 proto = WPA_PROTO_RSN;
827 proto = WPA_PROTO_WPA;
828 if (wpa_supplicant_suites_from_ai(wpa_s, ssid, &ie) < 0) {
829 os_memset(&ie, 0, sizeof(ie));
830 ie.group_cipher = ssid->group_cipher;
831 ie.pairwise_cipher = ssid->pairwise_cipher;
832 ie.key_mgmt = ssid->key_mgmt;
833 #ifdef CONFIG_IEEE80211W
834 ie.mgmt_group_cipher =
835 ssid->ieee80211w != NO_IEEE80211W ?
836 WPA_CIPHER_AES_128_CMAC : 0;
837 #endif /* CONFIG_IEEE80211W */
838 wpa_printf(MSG_DEBUG, "WPA: Set cipher suites based "
844 wpa_printf(MSG_DEBUG, "WPA: Selected cipher suites: group %d "
845 "pairwise %d key_mgmt %d proto %d",
846 ie.group_cipher, ie.pairwise_cipher, ie.key_mgmt, proto);
847 #ifdef CONFIG_IEEE80211W
848 if (ssid->ieee80211w) {
849 wpa_printf(MSG_DEBUG, "WPA: Selected mgmt group cipher %d",
850 ie.mgmt_group_cipher);
852 #endif /* CONFIG_IEEE80211W */
854 wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_PROTO, proto);
855 wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_RSN_ENABLED,
856 !!(ssid->proto & WPA_PROTO_RSN));
858 if (bss || !wpa_s->ap_ies_from_associnfo) {
859 if (wpa_sm_set_ap_wpa_ie(wpa_s->wpa, bss_wpa,
860 bss_wpa ? 2 + bss_wpa[1] : 0) ||
861 wpa_sm_set_ap_rsn_ie(wpa_s->wpa, bss_rsn,
862 bss_rsn ? 2 + bss_rsn[1] : 0))
866 sel = ie.group_cipher & ssid->group_cipher;
867 if (sel & WPA_CIPHER_CCMP) {
868 wpa_s->group_cipher = WPA_CIPHER_CCMP;
869 wpa_msg(wpa_s, MSG_DEBUG, "WPA: using GTK CCMP");
870 } else if (sel & WPA_CIPHER_TKIP) {
871 wpa_s->group_cipher = WPA_CIPHER_TKIP;
872 wpa_msg(wpa_s, MSG_DEBUG, "WPA: using GTK TKIP");
873 } else if (sel & WPA_CIPHER_WEP104) {
874 wpa_s->group_cipher = WPA_CIPHER_WEP104;
875 wpa_msg(wpa_s, MSG_DEBUG, "WPA: using GTK WEP104");
876 } else if (sel & WPA_CIPHER_WEP40) {
877 wpa_s->group_cipher = WPA_CIPHER_WEP40;
878 wpa_msg(wpa_s, MSG_DEBUG, "WPA: using GTK WEP40");
880 wpa_printf(MSG_WARNING, "WPA: Failed to select group cipher.");
884 sel = ie.pairwise_cipher & ssid->pairwise_cipher;
885 if (sel & WPA_CIPHER_CCMP) {
886 wpa_s->pairwise_cipher = WPA_CIPHER_CCMP;
887 wpa_msg(wpa_s, MSG_DEBUG, "WPA: using PTK CCMP");
888 } else if (sel & WPA_CIPHER_TKIP) {
889 wpa_s->pairwise_cipher = WPA_CIPHER_TKIP;
890 wpa_msg(wpa_s, MSG_DEBUG, "WPA: using PTK TKIP");
891 } else if (sel & WPA_CIPHER_NONE) {
892 wpa_s->pairwise_cipher = WPA_CIPHER_NONE;
893 wpa_msg(wpa_s, MSG_DEBUG, "WPA: using PTK NONE");
895 wpa_printf(MSG_WARNING, "WPA: Failed to select pairwise "
900 sel = ie.key_mgmt & ssid->key_mgmt;
902 #ifdef CONFIG_IEEE80211R
903 } else if (sel & WPA_KEY_MGMT_FT_IEEE8021X) {
904 wpa_s->key_mgmt = WPA_KEY_MGMT_FT_IEEE8021X;
905 wpa_msg(wpa_s, MSG_DEBUG, "WPA: using KEY_MGMT FT/802.1X");
906 } else if (sel & WPA_KEY_MGMT_FT_PSK) {
907 wpa_s->key_mgmt = WPA_KEY_MGMT_FT_PSK;
908 wpa_msg(wpa_s, MSG_DEBUG, "WPA: using KEY_MGMT FT/PSK");
909 #endif /* CONFIG_IEEE80211R */
910 #ifdef CONFIG_IEEE80211W
911 } else if (sel & WPA_KEY_MGMT_IEEE8021X_SHA256) {
912 wpa_s->key_mgmt = WPA_KEY_MGMT_IEEE8021X_SHA256;
913 wpa_msg(wpa_s, MSG_DEBUG,
914 "WPA: using KEY_MGMT 802.1X with SHA256");
915 } else if (sel & WPA_KEY_MGMT_PSK_SHA256) {
916 wpa_s->key_mgmt = WPA_KEY_MGMT_PSK_SHA256;
917 wpa_msg(wpa_s, MSG_DEBUG,
918 "WPA: using KEY_MGMT PSK with SHA256");
919 #endif /* CONFIG_IEEE80211W */
920 } else if (sel & WPA_KEY_MGMT_IEEE8021X) {
921 wpa_s->key_mgmt = WPA_KEY_MGMT_IEEE8021X;
922 wpa_msg(wpa_s, MSG_DEBUG, "WPA: using KEY_MGMT 802.1X");
923 } else if (sel & WPA_KEY_MGMT_PSK) {
924 wpa_s->key_mgmt = WPA_KEY_MGMT_PSK;
925 wpa_msg(wpa_s, MSG_DEBUG, "WPA: using KEY_MGMT WPA-PSK");
926 } else if (sel & WPA_KEY_MGMT_WPA_NONE) {
927 wpa_s->key_mgmt = WPA_KEY_MGMT_WPA_NONE;
928 wpa_msg(wpa_s, MSG_DEBUG, "WPA: using KEY_MGMT WPA-NONE");
930 wpa_printf(MSG_WARNING, "WPA: Failed to select authenticated "
931 "key management type.");
935 wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_KEY_MGMT, wpa_s->key_mgmt);
936 wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_PAIRWISE,
937 wpa_s->pairwise_cipher);
938 wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_GROUP, wpa_s->group_cipher);
940 #ifdef CONFIG_IEEE80211W
941 sel = ie.mgmt_group_cipher;
942 if (ssid->ieee80211w == NO_IEEE80211W ||
943 !(ie.capabilities & WPA_CAPABILITY_MFPC))
945 if (sel & WPA_CIPHER_AES_128_CMAC) {
946 wpa_s->mgmt_group_cipher = WPA_CIPHER_AES_128_CMAC;
947 wpa_msg(wpa_s, MSG_DEBUG, "WPA: using MGMT group cipher "
950 wpa_s->mgmt_group_cipher = 0;
951 wpa_msg(wpa_s, MSG_DEBUG, "WPA: not using MGMT group cipher");
953 wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_MGMT_GROUP,
954 wpa_s->mgmt_group_cipher);
955 #endif /* CONFIG_IEEE80211W */
957 if (wpa_sm_set_assoc_wpa_ie_default(wpa_s->wpa, wpa_ie, wpa_ie_len)) {
958 wpa_printf(MSG_WARNING, "WPA: Failed to generate WPA IE.");
963 (WPA_KEY_MGMT_PSK | WPA_KEY_MGMT_FT_PSK | WPA_KEY_MGMT_PSK_SHA256))
964 wpa_sm_set_pmk(wpa_s->wpa, ssid->psk, PMK_LEN);
966 wpa_sm_set_pmk_from_pmksa(wpa_s->wpa);
973 * wpa_supplicant_associate - Request association
974 * @wpa_s: Pointer to wpa_supplicant data
975 * @bss: Scan results for the selected BSS, or %NULL if not available
976 * @ssid: Configuration data for the selected network
978 * This function is used to request %wpa_supplicant to associate with a BSS.
980 void wpa_supplicant_associate(struct wpa_supplicant *wpa_s,
981 struct wpa_bss *bss, struct wpa_ssid *ssid)
985 int use_crypt, ret, i, bssid_changed;
986 int algs = AUTH_ALG_OPEN_SYSTEM;
987 enum wpa_cipher cipher_pairwise, cipher_group;
988 struct wpa_driver_associate_params params;
989 int wep_keys_set = 0;
990 struct wpa_driver_capa capa;
991 int assoc_failed = 0;
992 struct wpa_ssid *old_ssid;
994 if (ssid->mode == WPAS_MODE_AP) {
996 if (!(wpa_s->drv_flags & WPA_DRIVER_FLAGS_AP)) {
997 wpa_printf(MSG_INFO, "Driver does not support AP "
1001 wpa_supplicant_create_ap(wpa_s, ssid);
1002 wpa_s->current_bss = bss;
1003 #else /* CONFIG_AP */
1004 wpa_printf(MSG_ERROR, "AP mode support not included in the "
1006 #endif /* CONFIG_AP */
1010 if ((wpa_s->drv_flags & WPA_DRIVER_FLAGS_SME) &&
1011 ssid->mode == IEEE80211_MODE_INFRA) {
1012 sme_authenticate(wpa_s, bss, ssid);
1016 wpa_s->reassociate = 0;
1018 #ifdef CONFIG_IEEE80211R
1019 const u8 *ie, *md = NULL;
1020 #endif /* CONFIG_IEEE80211R */
1021 wpa_msg(wpa_s, MSG_INFO, "Trying to associate with " MACSTR
1022 " (SSID='%s' freq=%d MHz)", MAC2STR(bss->bssid),
1023 wpa_ssid_txt(bss->ssid, bss->ssid_len), bss->freq);
1024 bssid_changed = !is_zero_ether_addr(wpa_s->bssid);
1025 os_memset(wpa_s->bssid, 0, ETH_ALEN);
1026 os_memcpy(wpa_s->pending_bssid, bss->bssid, ETH_ALEN);
1028 wpas_notify_bssid_changed(wpa_s);
1029 #ifdef CONFIG_IEEE80211R
1030 ie = wpa_bss_get_ie(bss, WLAN_EID_MOBILITY_DOMAIN);
1031 if (ie && ie[1] >= MOBILITY_DOMAIN_ID_LEN)
1033 wpa_sm_set_ft_params(wpa_s->wpa, md, NULL, 0, NULL);
1035 /* Prepare for the next transition */
1036 wpa_ft_prepare_auth_request(wpa_s->wpa);
1038 #endif /* CONFIG_IEEE80211R */
1040 } else if ((ssid->ssid == NULL || ssid->ssid_len == 0) &&
1041 wpa_s->conf->ap_scan == 2 &&
1042 (ssid->key_mgmt & WPA_KEY_MGMT_WPS)) {
1043 /* Use ap_scan==1 style network selection to find the network
1045 wpa_s->scan_req = 2;
1046 wpa_s->reassociate = 1;
1047 wpa_supplicant_req_scan(wpa_s, 0, 0);
1049 #endif /* CONFIG_WPS */
1051 wpa_msg(wpa_s, MSG_INFO, "Trying to associate with SSID '%s'",
1052 wpa_ssid_txt(ssid->ssid, ssid->ssid_len));
1053 os_memset(wpa_s->pending_bssid, 0, ETH_ALEN);
1055 wpa_supplicant_cancel_scan(wpa_s);
1057 /* Starting new association, so clear the possibly used WPA IE from the
1058 * previous association. */
1059 wpa_sm_set_assoc_wpa_ie(wpa_s->wpa, NULL, 0);
1061 #ifdef IEEE8021X_EAPOL
1062 if (ssid->key_mgmt & WPA_KEY_MGMT_IEEE8021X_NO_WPA) {
1064 if (ssid->non_leap == 0)
1065 algs = AUTH_ALG_LEAP;
1067 algs |= AUTH_ALG_LEAP;
1070 #endif /* IEEE8021X_EAPOL */
1071 wpa_printf(MSG_DEBUG, "Automatic auth_alg selection: 0x%x", algs);
1072 if (ssid->auth_alg) {
1074 if (ssid->auth_alg & WPA_AUTH_ALG_OPEN)
1075 algs |= AUTH_ALG_OPEN_SYSTEM;
1076 if (ssid->auth_alg & WPA_AUTH_ALG_SHARED)
1077 algs |= AUTH_ALG_SHARED_KEY;
1078 if (ssid->auth_alg & WPA_AUTH_ALG_LEAP)
1079 algs |= AUTH_ALG_LEAP;
1080 wpa_printf(MSG_DEBUG, "Overriding auth_alg selection: 0x%x",
1084 if (bss && (wpa_bss_get_vendor_ie(bss, WPA_IE_VENDOR_TYPE) ||
1085 wpa_bss_get_ie(bss, WLAN_EID_RSN)) &&
1086 (ssid->key_mgmt & (WPA_KEY_MGMT_IEEE8021X | WPA_KEY_MGMT_PSK |
1087 WPA_KEY_MGMT_FT_IEEE8021X |
1088 WPA_KEY_MGMT_FT_PSK |
1089 WPA_KEY_MGMT_IEEE8021X_SHA256 |
1090 WPA_KEY_MGMT_PSK_SHA256))) {
1091 int try_opportunistic;
1092 try_opportunistic = ssid->proactive_key_caching &&
1093 (ssid->proto & WPA_PROTO_RSN);
1094 if (pmksa_cache_set_current(wpa_s->wpa, NULL, bss->bssid,
1095 wpa_s->current_ssid,
1096 try_opportunistic) == 0)
1097 eapol_sm_notify_pmkid_attempt(wpa_s->eapol, 1);
1098 wpa_ie_len = sizeof(wpa_ie);
1099 if (wpa_supplicant_set_suites(wpa_s, bss, ssid,
1100 wpa_ie, &wpa_ie_len)) {
1101 wpa_printf(MSG_WARNING, "WPA: Failed to set WPA key "
1102 "management and encryption suites");
1105 } else if (ssid->key_mgmt &
1106 (WPA_KEY_MGMT_PSK | WPA_KEY_MGMT_IEEE8021X |
1107 WPA_KEY_MGMT_WPA_NONE | WPA_KEY_MGMT_FT_PSK |
1108 WPA_KEY_MGMT_FT_IEEE8021X | WPA_KEY_MGMT_PSK_SHA256 |
1109 WPA_KEY_MGMT_IEEE8021X_SHA256)) {
1110 wpa_ie_len = sizeof(wpa_ie);
1111 if (wpa_supplicant_set_suites(wpa_s, NULL, ssid,
1112 wpa_ie, &wpa_ie_len)) {
1113 wpa_printf(MSG_WARNING, "WPA: Failed to set WPA key "
1114 "management and encryption suites (no scan "
1119 } else if (ssid->key_mgmt & WPA_KEY_MGMT_WPS) {
1120 struct wpabuf *wps_ie;
1121 wps_ie = wps_build_assoc_req_ie(wpas_wps_get_req_type(ssid));
1122 if (wps_ie && wpabuf_len(wps_ie) <= sizeof(wpa_ie)) {
1123 wpa_ie_len = wpabuf_len(wps_ie);
1124 os_memcpy(wpa_ie, wpabuf_head(wps_ie), wpa_ie_len);
1127 wpabuf_free(wps_ie);
1128 wpa_supplicant_set_non_wpa_policy(wpa_s, ssid);
1129 #endif /* CONFIG_WPS */
1131 wpa_supplicant_set_non_wpa_policy(wpa_s, ssid);
1135 wpa_clear_keys(wpa_s, bss ? bss->bssid : NULL);
1137 cipher_pairwise = cipher_suite2driver(wpa_s->pairwise_cipher);
1138 cipher_group = cipher_suite2driver(wpa_s->group_cipher);
1139 if (wpa_s->key_mgmt == WPA_KEY_MGMT_NONE ||
1140 wpa_s->key_mgmt == WPA_KEY_MGMT_IEEE8021X_NO_WPA) {
1141 if (wpa_s->key_mgmt == WPA_KEY_MGMT_NONE)
1143 if (wpa_set_wep_keys(wpa_s, ssid)) {
1148 if (wpa_s->key_mgmt == WPA_KEY_MGMT_WPS)
1151 #ifdef IEEE8021X_EAPOL
1152 if (wpa_s->key_mgmt == WPA_KEY_MGMT_IEEE8021X_NO_WPA) {
1153 if ((ssid->eapol_flags &
1154 (EAPOL_FLAG_REQUIRE_KEY_UNICAST |
1155 EAPOL_FLAG_REQUIRE_KEY_BROADCAST)) == 0 &&
1159 /* Assume that dynamic WEP-104 keys will be used and
1160 * set cipher suites in order for drivers to expect
1162 cipher_pairwise = cipher_group = CIPHER_WEP104;
1165 #endif /* IEEE8021X_EAPOL */
1167 if (wpa_s->key_mgmt == WPA_KEY_MGMT_WPA_NONE) {
1168 /* Set the key before (and later after) association */
1169 wpa_supplicant_set_wpa_none_key(wpa_s, ssid);
1172 wpa_supplicant_set_state(wpa_s, WPA_ASSOCIATING);
1173 os_memset(¶ms, 0, sizeof(params));
1175 params.bssid = bss->bssid;
1176 params.ssid = bss->ssid;
1177 params.ssid_len = bss->ssid_len;
1178 params.freq = bss->freq;
1180 params.ssid = ssid->ssid;
1181 params.ssid_len = ssid->ssid_len;
1183 if (ssid->mode == WPAS_MODE_IBSS && ssid->frequency > 0 &&
1185 params.freq = ssid->frequency; /* Initial channel for IBSS */
1186 params.wpa_ie = wpa_ie;
1187 params.wpa_ie_len = wpa_ie_len;
1188 params.pairwise_suite = cipher_pairwise;
1189 params.group_suite = cipher_group;
1190 params.key_mgmt_suite = key_mgmt2driver(wpa_s->key_mgmt);
1191 params.auth_alg = algs;
1192 params.mode = ssid->mode;
1193 for (i = 0; i < NUM_WEP_KEYS; i++) {
1194 if (ssid->wep_key_len[i])
1195 params.wep_key[i] = ssid->wep_key[i];
1196 params.wep_key_len[i] = ssid->wep_key_len[i];
1198 params.wep_tx_keyidx = ssid->wep_tx_keyidx;
1200 if ((wpa_s->drv_flags & WPA_DRIVER_FLAGS_4WAY_HANDSHAKE) &&
1201 (params.key_mgmt_suite == KEY_MGMT_PSK ||
1202 params.key_mgmt_suite == KEY_MGMT_FT_PSK)) {
1203 params.passphrase = ssid->passphrase;
1205 params.psk = ssid->psk;
1208 params.drop_unencrypted = use_crypt;
1210 #ifdef CONFIG_IEEE80211W
1211 switch (ssid->ieee80211w) {
1213 params.mgmt_frame_protection = NO_MGMT_FRAME_PROTECTION;
1215 case IEEE80211W_OPTIONAL:
1216 params.mgmt_frame_protection = MGMT_FRAME_PROTECTION_OPTIONAL;
1218 case IEEE80211W_REQUIRED:
1219 params.mgmt_frame_protection = MGMT_FRAME_PROTECTION_REQUIRED;
1222 if (ssid->ieee80211w != NO_IEEE80211W && bss) {
1223 const u8 *rsn = wpa_bss_get_ie(bss, WLAN_EID_RSN);
1224 struct wpa_ie_data ie;
1225 if (rsn && wpa_parse_wpa_ie(rsn, 2 + rsn[1], &ie) == 0 &&
1227 (WPA_CAPABILITY_MFPC | WPA_CAPABILITY_MFPR)) {
1228 wpa_printf(MSG_DEBUG, "WPA: Selected AP supports MFP: "
1230 params.mgmt_frame_protection =
1231 MGMT_FRAME_PROTECTION_REQUIRED;
1234 #endif /* CONFIG_IEEE80211W */
1236 if (wpa_s->drv_flags & WPA_DRIVER_FLAGS_USER_SPACE_MLME)
1237 ret = ieee80211_sta_associate(wpa_s, ¶ms);
1239 ret = wpa_drv_associate(wpa_s, ¶ms);
1241 wpa_msg(wpa_s, MSG_INFO, "Association request to the driver "
1243 /* try to continue anyway; new association will be tried again
1248 if (wpa_s->key_mgmt == WPA_KEY_MGMT_WPA_NONE) {
1249 /* Set the key after the association just in case association
1250 * cleared the previously configured key. */
1251 wpa_supplicant_set_wpa_none_key(wpa_s, ssid);
1252 /* No need to timeout authentication since there is no key
1254 wpa_supplicant_cancel_auth_timeout(wpa_s);
1255 wpa_supplicant_set_state(wpa_s, WPA_COMPLETED);
1256 #ifdef CONFIG_IBSS_RSN
1257 } else if (ssid->mode == WPAS_MODE_IBSS &&
1258 wpa_s->key_mgmt != WPA_KEY_MGMT_NONE &&
1259 wpa_s->key_mgmt != WPA_KEY_MGMT_WPA_NONE) {
1260 ibss_rsn_set_psk(wpa_s->ibss_rsn, ssid->psk);
1262 * RSN IBSS authentication is per-STA and we can disable the
1263 * per-BSSID authentication.
1265 wpa_supplicant_cancel_auth_timeout(wpa_s);
1266 #endif /* CONFIG_IBSS_RSN */
1268 /* Timeout for IEEE 802.11 authentication and association */
1272 /* give IBSS a bit more time */
1273 timeout = ssid->mode == WPAS_MODE_IBSS ? 10 : 5;
1274 } else if (wpa_s->conf->ap_scan == 1) {
1275 /* give IBSS a bit more time */
1276 timeout = ssid->mode == WPAS_MODE_IBSS ? 20 : 10;
1278 wpa_supplicant_req_auth_timeout(wpa_s, timeout, 0);
1281 if (wep_keys_set && wpa_drv_get_capa(wpa_s, &capa) == 0 &&
1282 capa.flags & WPA_DRIVER_FLAGS_SET_KEYS_AFTER_ASSOC) {
1283 /* Set static WEP keys again */
1284 wpa_set_wep_keys(wpa_s, ssid);
1287 if (wpa_s->current_ssid && wpa_s->current_ssid != ssid) {
1289 * Do not allow EAP session resumption between different
1290 * network configurations.
1292 eapol_sm_invalidate_cached_session(wpa_s->eapol);
1294 old_ssid = wpa_s->current_ssid;
1295 wpa_s->current_ssid = ssid;
1296 wpa_s->current_bss = bss;
1297 wpa_supplicant_rsn_supp_set_config(wpa_s, wpa_s->current_ssid);
1298 wpa_supplicant_initiate_eapol(wpa_s);
1299 if (old_ssid != wpa_s->current_ssid)
1300 wpas_notify_network_changed(wpa_s);
1305 * wpa_supplicant_disassociate - Disassociate the current connection
1306 * @wpa_s: Pointer to wpa_supplicant data
1307 * @reason_code: IEEE 802.11 reason code for the disassociate frame
1309 * This function is used to request %wpa_supplicant to disassociate with the
1312 void wpa_supplicant_disassociate(struct wpa_supplicant *wpa_s,
1315 struct wpa_ssid *old_ssid;
1318 if (!is_zero_ether_addr(wpa_s->bssid)) {
1319 if (wpa_s->drv_flags & WPA_DRIVER_FLAGS_USER_SPACE_MLME)
1320 ieee80211_sta_disassociate(wpa_s, reason_code);
1322 wpa_drv_disassociate(wpa_s, wpa_s->bssid, reason_code);
1323 addr = wpa_s->bssid;
1325 wpa_clear_keys(wpa_s, addr);
1326 wpa_supplicant_mark_disassoc(wpa_s);
1327 old_ssid = wpa_s->current_ssid;
1328 wpa_s->current_ssid = NULL;
1329 wpa_s->current_bss = NULL;
1330 wpa_sm_set_config(wpa_s->wpa, NULL);
1331 eapol_sm_notify_config(wpa_s->eapol, NULL, NULL);
1332 if (old_ssid != wpa_s->current_ssid)
1333 wpas_notify_network_changed(wpa_s);
1338 * wpa_supplicant_deauthenticate - Deauthenticate the current connection
1339 * @wpa_s: Pointer to wpa_supplicant data
1340 * @reason_code: IEEE 802.11 reason code for the deauthenticate frame
1342 * This function is used to request %wpa_supplicant to deauthenticate from the
1345 void wpa_supplicant_deauthenticate(struct wpa_supplicant *wpa_s,
1348 struct wpa_ssid *old_ssid;
1351 if (!is_zero_ether_addr(wpa_s->bssid)) {
1352 if (wpa_s->drv_flags & WPA_DRIVER_FLAGS_USER_SPACE_MLME)
1353 ieee80211_sta_deauthenticate(wpa_s, reason_code);
1355 wpa_drv_deauthenticate(wpa_s, wpa_s->bssid,
1357 addr = wpa_s->bssid;
1359 wpa_clear_keys(wpa_s, addr);
1360 wpa_supplicant_mark_disassoc(wpa_s);
1361 old_ssid = wpa_s->current_ssid;
1362 wpa_s->current_ssid = NULL;
1363 wpa_s->current_bss = NULL;
1364 wpa_sm_set_config(wpa_s->wpa, NULL);
1365 eapol_sm_notify_config(wpa_s->eapol, NULL, NULL);
1366 if (old_ssid != wpa_s->current_ssid)
1367 wpas_notify_network_changed(wpa_s);
1372 * wpa_supplicant_enable_network - Mark a configured network as enabled
1373 * @wpa_s: wpa_supplicant structure for a network interface
1374 * @ssid: wpa_ssid structure for a configured network or %NULL
1376 * Enables the specified network or all networks if no network specified.
1378 void wpa_supplicant_enable_network(struct wpa_supplicant *wpa_s,
1379 struct wpa_ssid *ssid)
1381 struct wpa_ssid *other_ssid;
1385 other_ssid = wpa_s->conf->ssid;
1386 while (other_ssid) {
1387 if (other_ssid == wpa_s->current_ssid &&
1388 other_ssid->disabled)
1389 wpa_s->reassociate = 1;
1391 was_disabled = other_ssid->disabled;
1393 other_ssid->disabled = 0;
1395 if (was_disabled != other_ssid->disabled)
1396 wpas_notify_network_enabled_changed(
1399 other_ssid = other_ssid->next;
1401 if (wpa_s->reassociate)
1402 wpa_supplicant_req_scan(wpa_s, 0, 0);
1403 } else if (wpa_s->current_ssid == NULL && ssid->disabled) {
1405 * Try to reassociate since there is no current configuration
1406 * and a new network was made available.
1408 wpa_s->reassociate = 1;
1409 wpa_supplicant_req_scan(wpa_s, 0, 0);
1411 was_disabled = ssid->disabled;
1415 if (was_disabled != ssid->disabled)
1416 wpas_notify_network_enabled_changed(wpa_s, ssid);
1422 * wpa_supplicant_disable_network - Mark a configured network as disabled
1423 * @wpa_s: wpa_supplicant structure for a network interface
1424 * @ssid: wpa_ssid structure for a configured network or %NULL
1426 * Disables the specified network or all networks if no network specified.
1428 void wpa_supplicant_disable_network(struct wpa_supplicant *wpa_s,
1429 struct wpa_ssid *ssid)
1431 struct wpa_ssid *other_ssid;
1435 other_ssid = wpa_s->conf->ssid;
1436 while (other_ssid) {
1437 was_disabled = other_ssid->disabled;
1439 other_ssid->disabled = 1;
1441 if (was_disabled != other_ssid->disabled)
1442 wpas_notify_network_enabled_changed(
1445 other_ssid = other_ssid->next;
1447 if (wpa_s->current_ssid)
1448 wpa_supplicant_disassociate(
1449 wpa_s, WLAN_REASON_DEAUTH_LEAVING);
1451 if (ssid == wpa_s->current_ssid)
1452 wpa_supplicant_disassociate(
1453 wpa_s, WLAN_REASON_DEAUTH_LEAVING);
1455 was_disabled = ssid->disabled;
1459 if (was_disabled != ssid->disabled)
1460 wpas_notify_network_enabled_changed(wpa_s, ssid);
1466 * wpa_supplicant_select_network - Attempt association with a network
1467 * @wpa_s: wpa_supplicant structure for a network interface
1468 * @ssid: wpa_ssid structure for a configured network or %NULL for any network
1470 void wpa_supplicant_select_network(struct wpa_supplicant *wpa_s,
1471 struct wpa_ssid *ssid)
1474 struct wpa_ssid *other_ssid;
1476 if (ssid && ssid != wpa_s->current_ssid && wpa_s->current_ssid)
1477 wpa_supplicant_disassociate(
1478 wpa_s, WLAN_REASON_DEAUTH_LEAVING);
1481 * Mark all other networks disabled or mark all networks enabled if no
1482 * network specified.
1484 other_ssid = wpa_s->conf->ssid;
1485 while (other_ssid) {
1486 int was_disabled = other_ssid->disabled;
1488 other_ssid->disabled = ssid ? (ssid->id != other_ssid->id) : 0;
1490 if (was_disabled != other_ssid->disabled)
1491 wpas_notify_network_enabled_changed(wpa_s, other_ssid);
1493 other_ssid = other_ssid->next;
1495 wpa_s->disconnected = 0;
1496 wpa_s->reassociate = 1;
1497 wpa_supplicant_req_scan(wpa_s, 0, 0);
1500 wpas_notify_network_selected(wpa_s, ssid);
1505 * wpa_supplicant_set_ap_scan - Set AP scan mode for interface
1506 * @wpa_s: wpa_supplicant structure for a network interface
1507 * @ap_scan: AP scan mode
1508 * Returns: 0 if succeed or -1 if ap_scan has an invalid value
1511 int wpa_supplicant_set_ap_scan(struct wpa_supplicant *wpa_s, int ap_scan)
1516 if (ap_scan < 0 || ap_scan > 2)
1519 old_ap_scan = wpa_s->conf->ap_scan;
1520 wpa_s->conf->ap_scan = ap_scan;
1522 if (old_ap_scan != wpa_s->conf->ap_scan)
1523 wpas_notify_ap_scan_changed(wpa_s);
1530 * wpa_supplicant_set_debug_params - Set global debug params
1531 * @global: wpa_global structure
1532 * @debug_level: debug level
1533 * @debug_timestamp: determines if show timestamp in debug data
1534 * @debug_show_keys: determines if show keys in debug data
1535 * Returns: 0 if succeed or -1 if debug_level has wrong value
1537 int wpa_supplicant_set_debug_params(struct wpa_global *global, int debug_level,
1538 int debug_timestamp, int debug_show_keys)
1541 int old_level, old_timestamp, old_show_keys;
1543 /* check for allowed debuglevels */
1544 if (debug_level != MSG_MSGDUMP &&
1545 debug_level != MSG_DEBUG &&
1546 debug_level != MSG_INFO &&
1547 debug_level != MSG_WARNING &&
1548 debug_level != MSG_ERROR)
1551 old_level = wpa_debug_level;
1552 old_timestamp = wpa_debug_timestamp;
1553 old_show_keys = wpa_debug_show_keys;
1555 wpa_debug_level = debug_level;
1556 wpa_debug_timestamp = debug_timestamp ? 1 : 0;
1557 wpa_debug_show_keys = debug_show_keys ? 1 : 0;
1559 if (wpa_debug_level != old_level)
1560 wpas_notify_debug_level_changed(global);
1561 if (wpa_debug_timestamp != old_timestamp)
1562 wpas_notify_debug_timestamp_changed(global);
1563 if (wpa_debug_show_keys != old_show_keys)
1564 wpas_notify_debug_show_keys_changed(global);
1571 * wpa_supplicant_get_ssid - Get a pointer to the current network structure
1572 * @wpa_s: Pointer to wpa_supplicant data
1573 * Returns: A pointer to the current network structure or %NULL on failure
1575 struct wpa_ssid * wpa_supplicant_get_ssid(struct wpa_supplicant *wpa_s)
1577 struct wpa_ssid *entry;
1578 u8 ssid[MAX_SSID_LEN];
1584 if (wpa_s->drv_flags & WPA_DRIVER_FLAGS_USER_SPACE_MLME) {
1585 if (ieee80211_sta_get_ssid(wpa_s, ssid, &ssid_len)) {
1586 wpa_printf(MSG_WARNING, "Could not read SSID from "
1591 res = wpa_drv_get_ssid(wpa_s, ssid);
1593 wpa_printf(MSG_WARNING, "Could not read SSID from "
1600 if (wpa_s->drv_flags & WPA_DRIVER_FLAGS_USER_SPACE_MLME)
1601 os_memcpy(bssid, wpa_s->bssid, ETH_ALEN);
1602 else if (wpa_drv_get_bssid(wpa_s, bssid) < 0) {
1603 wpa_printf(MSG_WARNING, "Could not read BSSID from driver.");
1607 wired = wpa_s->conf->ap_scan == 0 &&
1608 (wpa_s->drv_flags & WPA_DRIVER_FLAGS_WIRED);
1610 entry = wpa_s->conf->ssid;
1612 if (!entry->disabled &&
1613 ((ssid_len == entry->ssid_len &&
1614 os_memcmp(ssid, entry->ssid, ssid_len) == 0) || wired) &&
1615 (!entry->bssid_set ||
1616 os_memcmp(bssid, entry->bssid, ETH_ALEN) == 0))
1619 if (!entry->disabled &&
1620 (entry->key_mgmt & WPA_KEY_MGMT_WPS) &&
1621 (entry->ssid == NULL || entry->ssid_len == 0) &&
1622 (!entry->bssid_set ||
1623 os_memcmp(bssid, entry->bssid, ETH_ALEN) == 0))
1625 #endif /* CONFIG_WPS */
1626 entry = entry->next;
1633 static int wpa_supplicant_set_driver(struct wpa_supplicant *wpa_s,
1643 if (wpa_drivers[0] == NULL) {
1644 wpa_printf(MSG_ERROR, "No driver interfaces build into "
1650 /* default to first driver in the list */
1651 wpa_s->driver = wpa_drivers[0];
1652 wpa_s->global_drv_priv = wpa_s->global->drv_priv[0];
1656 pos = os_strchr(name, ',');
1660 len = os_strlen(name);
1661 for (i = 0; wpa_drivers[i]; i++) {
1662 if (os_strlen(wpa_drivers[i]->name) == len &&
1663 os_strncmp(name, wpa_drivers[i]->name, len) ==
1665 wpa_s->driver = wpa_drivers[i];
1666 wpa_s->global_drv_priv = wpa_s->global->drv_priv[i];
1671 wpa_printf(MSG_ERROR, "Unsupported driver '%s'.", name);
1677 * wpa_supplicant_rx_eapol - Deliver a received EAPOL frame to wpa_supplicant
1678 * @ctx: Context pointer (wpa_s); this is the ctx variable registered
1679 * with struct wpa_driver_ops::init()
1680 * @src_addr: Source address of the EAPOL frame
1681 * @buf: EAPOL data starting from the EAPOL header (i.e., no Ethernet header)
1682 * @len: Length of the EAPOL data
1684 * This function is called for each received EAPOL frame. Most driver
1685 * interfaces rely on more generic OS mechanism for receiving frames through
1686 * l2_packet, but if such a mechanism is not available, the driver wrapper may
1687 * take care of received EAPOL frames and deliver them to the core supplicant
1688 * code by calling this function.
1690 void wpa_supplicant_rx_eapol(void *ctx, const u8 *src_addr,
1691 const u8 *buf, size_t len)
1693 struct wpa_supplicant *wpa_s = ctx;
1695 wpa_printf(MSG_DEBUG, "RX EAPOL from " MACSTR, MAC2STR(src_addr));
1696 wpa_hexdump(MSG_MSGDUMP, "RX EAPOL", buf, len);
1698 if (wpa_s->wpa_state < WPA_ASSOCIATED) {
1700 * There is possible race condition between receiving the
1701 * association event and the EAPOL frame since they are coming
1702 * through different paths from the driver. In order to avoid
1703 * issues in trying to process the EAPOL frame before receiving
1704 * association information, lets queue it for processing until
1705 * the association event is received.
1707 wpa_printf(MSG_DEBUG, "Not associated - Delay processing of "
1708 "received EAPOL frame");
1709 wpabuf_free(wpa_s->pending_eapol_rx);
1710 wpa_s->pending_eapol_rx = wpabuf_alloc_copy(buf, len);
1711 if (wpa_s->pending_eapol_rx) {
1712 os_get_time(&wpa_s->pending_eapol_rx_time);
1713 os_memcpy(wpa_s->pending_eapol_rx_src, src_addr,
1720 if (wpa_s->ap_iface) {
1721 wpa_supplicant_ap_rx_eapol(wpa_s, src_addr, buf, len);
1724 #endif /* CONFIG_AP */
1726 if (wpa_s->key_mgmt == WPA_KEY_MGMT_NONE) {
1727 wpa_printf(MSG_DEBUG, "Ignored received EAPOL frame since "
1728 "no key management is configured");
1732 if (wpa_s->eapol_received == 0 &&
1733 (!(wpa_s->drv_flags & WPA_DRIVER_FLAGS_4WAY_HANDSHAKE) ||
1734 !wpa_key_mgmt_wpa_psk(wpa_s->key_mgmt) ||
1735 wpa_s->wpa_state != WPA_COMPLETED) &&
1736 (wpa_s->current_ssid == NULL ||
1737 wpa_s->current_ssid->mode != IEEE80211_MODE_IBSS)) {
1738 /* Timeout for completing IEEE 802.1X and WPA authentication */
1739 wpa_supplicant_req_auth_timeout(
1741 (wpa_key_mgmt_wpa_ieee8021x(wpa_s->key_mgmt) ||
1742 wpa_s->key_mgmt == WPA_KEY_MGMT_IEEE8021X_NO_WPA ||
1743 wpa_s->key_mgmt == WPA_KEY_MGMT_WPS) ?
1746 wpa_s->eapol_received++;
1748 if (wpa_s->countermeasures) {
1749 wpa_printf(MSG_INFO, "WPA: Countermeasures - dropped EAPOL "
1754 #ifdef CONFIG_IBSS_RSN
1755 if (wpa_s->current_ssid &&
1756 wpa_s->current_ssid->mode == WPAS_MODE_IBSS) {
1757 ibss_rsn_rx_eapol(wpa_s->ibss_rsn, src_addr, buf, len);
1760 #endif /* CONFIG_IBSS_RSN */
1762 /* Source address of the incoming EAPOL frame could be compared to the
1763 * current BSSID. However, it is possible that a centralized
1764 * Authenticator could be using another MAC address than the BSSID of
1765 * an AP, so just allow any address to be used for now. The replies are
1766 * still sent to the current BSSID (if available), though. */
1768 os_memcpy(wpa_s->last_eapol_src, src_addr, ETH_ALEN);
1769 if (!wpa_key_mgmt_wpa_psk(wpa_s->key_mgmt) &&
1770 eapol_sm_rx_eapol(wpa_s->eapol, src_addr, buf, len) > 0)
1772 wpa_drv_poll(wpa_s);
1773 if (!(wpa_s->drv_flags & WPA_DRIVER_FLAGS_4WAY_HANDSHAKE))
1774 wpa_sm_rx_eapol(wpa_s->wpa, src_addr, buf, len);
1775 else if (wpa_key_mgmt_wpa_ieee8021x(wpa_s->key_mgmt)) {
1777 * Set portValid = TRUE here since we are going to skip 4-way
1778 * handshake processing which would normally set portValid. We
1779 * need this to allow the EAPOL state machines to be completed
1780 * without going through EAPOL-Key handshake.
1782 eapol_sm_notify_portValid(wpa_s->eapol, TRUE);
1788 * wpa_supplicant_driver_init - Initialize driver interface parameters
1789 * @wpa_s: Pointer to wpa_supplicant data
1790 * Returns: 0 on success, -1 on failure
1792 * This function is called to initialize driver interface parameters.
1793 * wpa_drv_init() must have been called before this function to initialize the
1796 int wpa_supplicant_driver_init(struct wpa_supplicant *wpa_s)
1798 static int interface_count = 0;
1800 if (wpa_s->driver->send_eapol) {
1801 const u8 *addr = wpa_drv_get_mac_addr(wpa_s);
1803 os_memcpy(wpa_s->own_addr, addr, ETH_ALEN);
1805 wpa_s->l2 = l2_packet_init(wpa_s->ifname,
1806 wpa_drv_get_mac_addr(wpa_s),
1808 wpa_supplicant_rx_eapol, wpa_s, 0);
1809 if (wpa_s->l2 == NULL)
1813 if (wpa_s->l2 && l2_packet_get_own_addr(wpa_s->l2, wpa_s->own_addr)) {
1814 wpa_printf(MSG_ERROR, "Failed to get own L2 address");
1818 wpa_printf(MSG_DEBUG, "Own MAC address: " MACSTR,
1819 MAC2STR(wpa_s->own_addr));
1821 if (wpa_s->bridge_ifname[0]) {
1822 wpa_printf(MSG_DEBUG, "Receiving packets from bridge interface"
1823 " '%s'", wpa_s->bridge_ifname);
1824 wpa_s->l2_br = l2_packet_init(wpa_s->bridge_ifname,
1827 wpa_supplicant_rx_eapol, wpa_s,
1829 if (wpa_s->l2_br == NULL) {
1830 wpa_printf(MSG_ERROR, "Failed to open l2_packet "
1831 "connection for the bridge interface '%s'",
1832 wpa_s->bridge_ifname);
1837 wpa_clear_keys(wpa_s, NULL);
1839 /* Make sure that TKIP countermeasures are not left enabled (could
1840 * happen if wpa_supplicant is killed during countermeasures. */
1841 wpa_drv_set_countermeasures(wpa_s, 0);
1843 wpa_printf(MSG_DEBUG, "RSN: flushing PMKID list in the driver");
1844 wpa_drv_flush_pmkid(wpa_s);
1846 wpa_s->prev_scan_ssid = WILDCARD_SSID_SCAN;
1847 wpa_supplicant_req_scan(wpa_s, interface_count, 100000);
1854 static int wpa_supplicant_daemon(const char *pid_file)
1856 wpa_printf(MSG_DEBUG, "Daemonize..");
1857 return os_daemonize(pid_file);
1861 static struct wpa_supplicant * wpa_supplicant_alloc(void)
1863 struct wpa_supplicant *wpa_s;
1865 wpa_s = os_zalloc(sizeof(*wpa_s));
1868 wpa_s->scan_req = 1;
1869 wpa_s->new_connection = 1;
1875 static int wpa_supplicant_init_iface(struct wpa_supplicant *wpa_s,
1876 struct wpa_interface *iface)
1878 const char *ifname, *driver;
1879 struct wpa_driver_capa capa;
1881 wpa_printf(MSG_DEBUG, "Initializing interface '%s' conf '%s' driver "
1882 "'%s' ctrl_interface '%s' bridge '%s'", iface->ifname,
1883 iface->confname ? iface->confname : "N/A",
1884 iface->driver ? iface->driver : "default",
1885 iface->ctrl_interface ? iface->ctrl_interface : "N/A",
1886 iface->bridge_ifname ? iface->bridge_ifname : "N/A");
1888 if (iface->confname) {
1889 #ifdef CONFIG_BACKEND_FILE
1890 wpa_s->confname = os_rel2abs_path(iface->confname);
1891 if (wpa_s->confname == NULL) {
1892 wpa_printf(MSG_ERROR, "Failed to get absolute path "
1893 "for configuration file '%s'.",
1897 wpa_printf(MSG_DEBUG, "Configuration file '%s' -> '%s'",
1898 iface->confname, wpa_s->confname);
1899 #else /* CONFIG_BACKEND_FILE */
1900 wpa_s->confname = os_strdup(iface->confname);
1901 #endif /* CONFIG_BACKEND_FILE */
1902 wpa_s->conf = wpa_config_read(wpa_s->confname);
1903 if (wpa_s->conf == NULL) {
1904 wpa_printf(MSG_ERROR, "Failed to read or parse "
1905 "configuration '%s'.", wpa_s->confname);
1910 * Override ctrl_interface and driver_param if set on command
1913 if (iface->ctrl_interface) {
1914 os_free(wpa_s->conf->ctrl_interface);
1915 wpa_s->conf->ctrl_interface =
1916 os_strdup(iface->ctrl_interface);
1919 if (iface->driver_param) {
1920 os_free(wpa_s->conf->driver_param);
1921 wpa_s->conf->driver_param =
1922 os_strdup(iface->driver_param);
1925 wpa_s->conf = wpa_config_alloc_empty(iface->ctrl_interface,
1926 iface->driver_param);
1928 if (wpa_s->conf == NULL) {
1929 wpa_printf(MSG_ERROR, "\nNo configuration found.");
1933 if (iface->ifname == NULL) {
1934 wpa_printf(MSG_ERROR, "\nInterface name is required.");
1937 if (os_strlen(iface->ifname) >= sizeof(wpa_s->ifname)) {
1938 wpa_printf(MSG_ERROR, "\nToo long interface name '%s'.",
1942 os_strlcpy(wpa_s->ifname, iface->ifname, sizeof(wpa_s->ifname));
1944 if (iface->bridge_ifname) {
1945 if (os_strlen(iface->bridge_ifname) >=
1946 sizeof(wpa_s->bridge_ifname)) {
1947 wpa_printf(MSG_ERROR, "\nToo long bridge interface "
1948 "name '%s'.", iface->bridge_ifname);
1951 os_strlcpy(wpa_s->bridge_ifname, iface->bridge_ifname,
1952 sizeof(wpa_s->bridge_ifname));
1955 /* RSNA Supplicant Key Management - INITIALIZE */
1956 eapol_sm_notify_portEnabled(wpa_s->eapol, FALSE);
1957 eapol_sm_notify_portValid(wpa_s->eapol, FALSE);
1959 /* Initialize driver interface and register driver event handler before
1960 * L2 receive handler so that association events are processed before
1961 * EAPOL-Key packets if both become available for the same select()
1963 driver = iface->driver;
1965 if (wpa_supplicant_set_driver(wpa_s, driver) < 0)
1968 wpa_s->drv_priv = wpa_drv_init(wpa_s, wpa_s->ifname);
1969 if (wpa_s->drv_priv == NULL) {
1971 pos = driver ? os_strchr(driver, ',') : NULL;
1973 wpa_printf(MSG_DEBUG, "Failed to initialize driver "
1974 "interface - try next driver wrapper");
1978 wpa_printf(MSG_ERROR, "Failed to initialize driver interface");
1981 if (wpa_drv_set_param(wpa_s, wpa_s->conf->driver_param) < 0) {
1982 wpa_printf(MSG_ERROR, "Driver interface rejected "
1983 "driver_param '%s'", wpa_s->conf->driver_param);
1987 ifname = wpa_drv_get_ifname(wpa_s);
1988 if (ifname && os_strcmp(ifname, wpa_s->ifname) != 0) {
1989 wpa_printf(MSG_DEBUG, "Driver interface replaced interface "
1990 "name with '%s'", ifname);
1991 os_strlcpy(wpa_s->ifname, ifname, sizeof(wpa_s->ifname));
1994 if (wpa_supplicant_init_wpa(wpa_s) < 0)
1997 wpa_sm_set_ifname(wpa_s->wpa, wpa_s->ifname,
1998 wpa_s->bridge_ifname[0] ? wpa_s->bridge_ifname :
2000 wpa_sm_set_fast_reauth(wpa_s->wpa, wpa_s->conf->fast_reauth);
2002 if (wpa_s->conf->dot11RSNAConfigPMKLifetime &&
2003 wpa_sm_set_param(wpa_s->wpa, RSNA_PMK_LIFETIME,
2004 wpa_s->conf->dot11RSNAConfigPMKLifetime)) {
2005 wpa_printf(MSG_ERROR, "Invalid WPA parameter value for "
2006 "dot11RSNAConfigPMKLifetime");
2010 if (wpa_s->conf->dot11RSNAConfigPMKReauthThreshold &&
2011 wpa_sm_set_param(wpa_s->wpa, RSNA_PMK_REAUTH_THRESHOLD,
2012 wpa_s->conf->dot11RSNAConfigPMKReauthThreshold)) {
2013 wpa_printf(MSG_ERROR, "Invalid WPA parameter value for "
2014 "dot11RSNAConfigPMKReauthThreshold");
2018 if (wpa_s->conf->dot11RSNAConfigSATimeout &&
2019 wpa_sm_set_param(wpa_s->wpa, RSNA_SA_TIMEOUT,
2020 wpa_s->conf->dot11RSNAConfigSATimeout)) {
2021 wpa_printf(MSG_ERROR, "Invalid WPA parameter value for "
2022 "dot11RSNAConfigSATimeout");
2026 if (wpa_supplicant_driver_init(wpa_s) < 0)
2029 if (wpa_s->conf->country[0] && wpa_s->conf->country[1] &&
2030 wpa_drv_set_country(wpa_s, wpa_s->conf->country)) {
2031 wpa_printf(MSG_DEBUG, "Failed to set country");
2035 wpa_sm_set_own_addr(wpa_s->wpa, wpa_s->own_addr);
2037 if (wpas_wps_init(wpa_s))
2040 if (wpa_supplicant_init_eapol(wpa_s) < 0)
2042 wpa_sm_set_eapol(wpa_s->wpa, wpa_s->eapol);
2044 wpa_s->ctrl_iface = wpa_supplicant_ctrl_iface_init(wpa_s);
2045 if (wpa_s->ctrl_iface == NULL) {
2046 wpa_printf(MSG_ERROR,
2047 "Failed to initialize control interface '%s'.\n"
2048 "You may have another wpa_supplicant process "
2049 "already running or the file was\n"
2050 "left by an unclean termination of wpa_supplicant "
2051 "in which case you will need\n"
2052 "to manually remove this file before starting "
2053 "wpa_supplicant again.\n",
2054 wpa_s->conf->ctrl_interface);
2058 if (wpa_drv_get_capa(wpa_s, &capa) == 0) {
2059 wpa_s->drv_flags = capa.flags;
2060 if (capa.flags & WPA_DRIVER_FLAGS_USER_SPACE_MLME) {
2061 if (ieee80211_sta_init(wpa_s))
2064 wpa_s->max_scan_ssids = capa.max_scan_ssids;
2067 #ifdef CONFIG_IBSS_RSN
2068 wpa_s->ibss_rsn = ibss_rsn_init(wpa_s);
2069 if (!wpa_s->ibss_rsn) {
2070 wpa_printf(MSG_DEBUG, "Failed to init IBSS RSN");
2073 #endif /* CONFIG_IBSS_RSN */
2075 if (wpa_bss_init(wpa_s) < 0)
2082 static void wpa_supplicant_deinit_iface(struct wpa_supplicant *wpa_s,
2085 if (wpa_s->drv_priv) {
2086 wpa_supplicant_deauthenticate(wpa_s,
2087 WLAN_REASON_DEAUTH_LEAVING);
2089 wpa_drv_set_countermeasures(wpa_s, 0);
2090 wpa_clear_keys(wpa_s, NULL);
2093 wpa_supplicant_cleanup(wpa_s);
2096 wpas_notify_iface_removed(wpa_s);
2098 if (wpa_s->drv_priv)
2099 wpa_drv_deinit(wpa_s);
2104 * wpa_supplicant_add_iface - Add a new network interface
2105 * @global: Pointer to global data from wpa_supplicant_init()
2106 * @iface: Interface configuration options
2107 * Returns: Pointer to the created interface or %NULL on failure
2109 * This function is used to add new network interfaces for %wpa_supplicant.
2110 * This can be called before wpa_supplicant_run() to add interfaces before the
2111 * main event loop has been started. In addition, new interfaces can be added
2112 * dynamically while %wpa_supplicant is already running. This could happen,
2113 * e.g., when a hotplug network adapter is inserted.
2115 struct wpa_supplicant * wpa_supplicant_add_iface(struct wpa_global *global,
2116 struct wpa_interface *iface)
2118 struct wpa_supplicant *wpa_s;
2119 struct wpa_interface t_iface;
2120 struct wpa_ssid *ssid;
2122 if (global == NULL || iface == NULL)
2125 wpa_s = wpa_supplicant_alloc();
2129 wpa_s->global = global;
2132 if (global->params.override_driver) {
2133 wpa_printf(MSG_DEBUG, "Override interface parameter: driver "
2135 iface->driver, global->params.override_driver);
2136 t_iface.driver = global->params.override_driver;
2138 if (global->params.override_ctrl_interface) {
2139 wpa_printf(MSG_DEBUG, "Override interface parameter: "
2140 "ctrl_interface ('%s' -> '%s')",
2141 iface->ctrl_interface,
2142 global->params.override_ctrl_interface);
2143 t_iface.ctrl_interface =
2144 global->params.override_ctrl_interface;
2146 if (wpa_supplicant_init_iface(wpa_s, &t_iface)) {
2147 wpa_printf(MSG_DEBUG, "Failed to add interface %s",
2149 wpa_supplicant_deinit_iface(wpa_s, 0);
2154 /* Notify the control interfaces about new iface */
2155 if (wpas_notify_iface_added(wpa_s)) {
2156 wpa_supplicant_deinit_iface(wpa_s, 1);
2161 for (ssid = wpa_s->conf->ssid; ssid; ssid = ssid->next)
2162 wpas_notify_network_added(wpa_s, ssid);
2164 wpa_s->next = global->ifaces;
2165 global->ifaces = wpa_s;
2167 wpa_printf(MSG_DEBUG, "Added interface %s", wpa_s->ifname);
2174 * wpa_supplicant_remove_iface - Remove a network interface
2175 * @global: Pointer to global data from wpa_supplicant_init()
2176 * @wpa_s: Pointer to the network interface to be removed
2177 * Returns: 0 if interface was removed, -1 if interface was not found
2179 * This function can be used to dynamically remove network interfaces from
2180 * %wpa_supplicant, e.g., when a hotplug network adapter is ejected. In
2181 * addition, this function is used to remove all remaining interfaces when
2182 * %wpa_supplicant is terminated.
2184 int wpa_supplicant_remove_iface(struct wpa_global *global,
2185 struct wpa_supplicant *wpa_s)
2187 struct wpa_supplicant *prev;
2189 /* Remove interface from the global list of interfaces */
2190 prev = global->ifaces;
2191 if (prev == wpa_s) {
2192 global->ifaces = wpa_s->next;
2194 while (prev && prev->next != wpa_s)
2198 prev->next = wpa_s->next;
2201 wpa_printf(MSG_DEBUG, "Removing interface %s", wpa_s->ifname);
2203 wpa_supplicant_deinit_iface(wpa_s, 1);
2211 * wpa_supplicant_get_iface - Get a new network interface
2212 * @global: Pointer to global data from wpa_supplicant_init()
2213 * @ifname: Interface name
2214 * Returns: Pointer to the interface or %NULL if not found
2216 struct wpa_supplicant * wpa_supplicant_get_iface(struct wpa_global *global,
2219 struct wpa_supplicant *wpa_s;
2221 for (wpa_s = global->ifaces; wpa_s; wpa_s = wpa_s->next) {
2222 if (os_strcmp(wpa_s->ifname, ifname) == 0)
2230 * wpa_supplicant_init - Initialize %wpa_supplicant
2231 * @params: Parameters for %wpa_supplicant
2232 * Returns: Pointer to global %wpa_supplicant data, or %NULL on failure
2234 * This function is used to initialize %wpa_supplicant. After successful
2235 * initialization, the returned data pointer can be used to add and remove
2236 * network interfaces, and eventually, to deinitialize %wpa_supplicant.
2238 struct wpa_global * wpa_supplicant_init(struct wpa_params *params)
2240 struct wpa_global *global;
2246 wpa_debug_open_file(params->wpa_debug_file_path);
2247 if (params->wpa_debug_syslog)
2248 wpa_debug_open_syslog();
2250 ret = eap_register_methods();
2252 wpa_printf(MSG_ERROR, "Failed to register EAP methods");
2254 wpa_printf(MSG_ERROR, "Two or more EAP methods used "
2255 "the same EAP type.");
2259 global = os_zalloc(sizeof(*global));
2262 global->params.daemonize = params->daemonize;
2263 global->params.wait_for_monitor = params->wait_for_monitor;
2264 global->params.dbus_ctrl_interface = params->dbus_ctrl_interface;
2265 if (params->pid_file)
2266 global->params.pid_file = os_strdup(params->pid_file);
2267 if (params->ctrl_interface)
2268 global->params.ctrl_interface =
2269 os_strdup(params->ctrl_interface);
2270 if (params->override_driver)
2271 global->params.override_driver =
2272 os_strdup(params->override_driver);
2273 if (params->override_ctrl_interface)
2274 global->params.override_ctrl_interface =
2275 os_strdup(params->override_ctrl_interface);
2276 wpa_debug_level = global->params.wpa_debug_level =
2277 params->wpa_debug_level;
2278 wpa_debug_show_keys = global->params.wpa_debug_show_keys =
2279 params->wpa_debug_show_keys;
2280 wpa_debug_timestamp = global->params.wpa_debug_timestamp =
2281 params->wpa_debug_timestamp;
2284 wpa_printf(MSG_ERROR, "Failed to initialize event loop");
2285 wpa_supplicant_deinit(global);
2289 global->ctrl_iface = wpa_supplicant_global_ctrl_iface_init(global);
2290 if (global->ctrl_iface == NULL) {
2291 wpa_supplicant_deinit(global);
2295 if (wpas_notify_supplicant_initialized(global)) {
2296 wpa_supplicant_deinit(global);
2300 for (i = 0; wpa_drivers[i]; i++)
2301 global->drv_count++;
2302 if (global->drv_count == 0) {
2303 wpa_printf(MSG_ERROR, "No drivers enabled");
2304 wpa_supplicant_deinit(global);
2307 global->drv_priv = os_zalloc(global->drv_count * sizeof(void *));
2308 if (global->drv_priv == NULL) {
2309 wpa_supplicant_deinit(global);
2312 for (i = 0; wpa_drivers[i]; i++) {
2313 if (!wpa_drivers[i]->global_init)
2315 global->drv_priv[i] = wpa_drivers[i]->global_init();
2316 if (global->drv_priv[i] == NULL) {
2317 wpa_printf(MSG_ERROR, "Failed to initialize driver "
2318 "'%s'", wpa_drivers[i]->name);
2319 wpa_supplicant_deinit(global);
2329 * wpa_supplicant_run - Run the %wpa_supplicant main event loop
2330 * @global: Pointer to global data from wpa_supplicant_init()
2331 * Returns: 0 after successful event loop run, -1 on failure
2333 * This function starts the main event loop and continues running as long as
2334 * there are any remaining events. In most cases, this function is running as
2335 * long as the %wpa_supplicant process in still in use.
2337 int wpa_supplicant_run(struct wpa_global *global)
2339 struct wpa_supplicant *wpa_s;
2341 if (global->params.daemonize &&
2342 wpa_supplicant_daemon(global->params.pid_file))
2345 if (global->params.wait_for_monitor) {
2346 for (wpa_s = global->ifaces; wpa_s; wpa_s = wpa_s->next)
2347 if (wpa_s->ctrl_iface)
2348 wpa_supplicant_ctrl_iface_wait(
2352 eloop_register_signal_terminate(wpa_supplicant_terminate, global);
2353 eloop_register_signal_reconfig(wpa_supplicant_reconfig, global);
2362 * wpa_supplicant_deinit - Deinitialize %wpa_supplicant
2363 * @global: Pointer to global data from wpa_supplicant_init()
2365 * This function is called to deinitialize %wpa_supplicant and to free all
2366 * allocated resources. Remaining network interfaces will also be removed.
2368 void wpa_supplicant_deinit(struct wpa_global *global)
2375 while (global->ifaces)
2376 wpa_supplicant_remove_iface(global, global->ifaces);
2378 if (global->ctrl_iface)
2379 wpa_supplicant_global_ctrl_iface_deinit(global->ctrl_iface);
2381 wpas_notify_supplicant_deinitialized(global);
2383 eap_peer_unregister_methods();
2385 eap_server_unregister_methods();
2386 #endif /* CONFIG_AP */
2388 for (i = 0; wpa_drivers[i] && global->drv_priv; i++) {
2389 if (!global->drv_priv[i])
2391 wpa_drivers[i]->global_deinit(global->drv_priv[i]);
2393 os_free(global->drv_priv);
2397 if (global->params.pid_file) {
2398 os_daemonize_terminate(global->params.pid_file);
2399 os_free(global->params.pid_file);
2401 os_free(global->params.ctrl_interface);
2402 os_free(global->params.override_driver);
2403 os_free(global->params.override_ctrl_interface);
2406 wpa_debug_close_syslog();
2407 wpa_debug_close_file();