3 * Copyright (c) 2003-2012, Jouni Malinen <j@w1.fi>
5 * This software may be distributed under the terms of the BSD license.
6 * See README for more details.
8 * This file implements functions for registering and unregistering
9 * %wpa_supplicant interfaces. In addition, this file contains number of
10 * functions for managing network connections.
16 #include "crypto/random.h"
17 #include "crypto/sha1.h"
18 #include "eapol_supp/eapol_supp_sm.h"
19 #include "eap_peer/eap.h"
20 #include "eap_server/eap_methods.h"
21 #include "rsn_supp/wpa.h"
24 #include "utils/ext_password.h"
25 #include "l2_packet/l2_packet.h"
26 #include "wpa_supplicant_i.h"
28 #include "ctrl_iface.h"
29 #include "pcsc_funcs.h"
30 #include "common/version.h"
31 #include "rsn_supp/preauth.h"
32 #include "rsn_supp/pmksa_cache.h"
33 #include "common/wpa_ctrl.h"
34 #include "common/ieee802_11_defs.h"
36 #include "blacklist.h"
37 #include "wpas_glue.h"
38 #include "wps_supplicant.h"
41 #include "gas_query.h"
43 #include "p2p_supplicant.h"
44 #include "wifi_display.h"
50 #include "offchannel.h"
51 #include "hs20_supplicant.h"
53 const char *wpa_supplicant_version =
54 "wpa_supplicant v" VERSION_STR "\n"
55 "Copyright (c) 2003-2013, Jouni Malinen <j@w1.fi> and contributors";
57 const char *wpa_supplicant_license =
58 "This software may be distributed under the terms of the BSD license.\n"
59 "See README for more details.\n"
60 #ifdef EAP_TLS_OPENSSL
61 "\nThis product includes software developed by the OpenSSL Project\n"
62 "for use in the OpenSSL Toolkit (http://www.openssl.org/)\n"
63 #endif /* EAP_TLS_OPENSSL */
66 #ifndef CONFIG_NO_STDOUT_DEBUG
67 /* Long text divided into parts in order to fit in C89 strings size limits. */
68 const char *wpa_supplicant_full_license1 =
70 const char *wpa_supplicant_full_license2 =
71 "This software may be distributed under the terms of the BSD license.\n"
73 "Redistribution and use in source and binary forms, with or without\n"
74 "modification, are permitted provided that the following conditions are\n"
77 const char *wpa_supplicant_full_license3 =
78 "1. Redistributions of source code must retain the above copyright\n"
79 " notice, this list of conditions and the following disclaimer.\n"
81 "2. Redistributions in binary form must reproduce the above copyright\n"
82 " notice, this list of conditions and the following disclaimer in the\n"
83 " documentation and/or other materials provided with the distribution.\n"
85 const char *wpa_supplicant_full_license4 =
86 "3. Neither the name(s) of the above-listed copyright holder(s) nor the\n"
87 " names of its contributors may be used to endorse or promote products\n"
88 " derived from this software without specific prior written permission.\n"
90 "THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS\n"
91 "\"AS IS\" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT\n"
92 "LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR\n"
93 "A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT\n";
94 const char *wpa_supplicant_full_license5 =
95 "OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,\n"
96 "SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT\n"
97 "LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,\n"
98 "DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY\n"
99 "THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT\n"
100 "(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE\n"
101 "OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n"
103 #endif /* CONFIG_NO_STDOUT_DEBUG */
105 extern int wpa_debug_level;
106 extern int wpa_debug_show_keys;
107 extern int wpa_debug_timestamp;
108 extern struct wpa_driver_ops *wpa_drivers[];
110 /* Configure default/group WEP keys for static WEP */
111 int wpa_set_wep_keys(struct wpa_supplicant *wpa_s, struct wpa_ssid *ssid)
115 for (i = 0; i < NUM_WEP_KEYS; i++) {
116 if (ssid->wep_key_len[i] == 0)
120 wpa_drv_set_key(wpa_s, WPA_ALG_WEP, NULL,
121 i, i == ssid->wep_tx_keyidx, NULL, 0,
122 ssid->wep_key[i], ssid->wep_key_len[i]);
129 int wpa_supplicant_set_wpa_none_key(struct wpa_supplicant *wpa_s,
130 struct wpa_ssid *ssid)
137 /* IBSS/WPA-None uses only one key (Group) for both receiving and
138 * sending unicast and multicast packets. */
140 if (ssid->mode != WPAS_MODE_IBSS) {
141 wpa_msg(wpa_s, MSG_INFO, "WPA: Invalid mode %d (not "
142 "IBSS/ad-hoc) for WPA-None", ssid->mode);
146 if (!ssid->psk_set) {
147 wpa_msg(wpa_s, MSG_INFO, "WPA: No PSK configured for "
152 switch (wpa_s->group_cipher) {
153 case WPA_CIPHER_CCMP:
154 os_memcpy(key, ssid->psk, 16);
158 case WPA_CIPHER_GCMP:
159 os_memcpy(key, ssid->psk, 16);
163 case WPA_CIPHER_TKIP:
164 /* WPA-None uses the same Michael MIC key for both TX and RX */
165 os_memcpy(key, ssid->psk, 16 + 8);
166 os_memcpy(key + 16 + 8, ssid->psk + 16, 8);
171 wpa_msg(wpa_s, MSG_INFO, "WPA: Invalid group cipher %d for "
172 "WPA-None", wpa_s->group_cipher);
176 /* TODO: should actually remember the previously used seq#, both for TX
177 * and RX from each STA.. */
179 return wpa_drv_set_key(wpa_s, alg, NULL, 0, 1, seq, 6, key, keylen);
183 static void wpa_supplicant_timeout(void *eloop_ctx, void *timeout_ctx)
185 struct wpa_supplicant *wpa_s = eloop_ctx;
186 const u8 *bssid = wpa_s->bssid;
187 if (is_zero_ether_addr(bssid))
188 bssid = wpa_s->pending_bssid;
189 wpa_msg(wpa_s, MSG_INFO, "Authentication with " MACSTR " timed out.",
191 wpa_blacklist_add(wpa_s, bssid);
192 wpa_sm_notify_disassoc(wpa_s->wpa);
193 wpa_supplicant_deauthenticate(wpa_s, WLAN_REASON_DEAUTH_LEAVING);
194 wpa_s->reassociate = 1;
197 * If we timed out, the AP or the local radio may be busy.
198 * So, wait a second until scanning again.
200 wpa_supplicant_req_scan(wpa_s, 1, 0);
202 wpas_p2p_continue_after_scan(wpa_s);
207 * wpa_supplicant_req_auth_timeout - Schedule a timeout for authentication
208 * @wpa_s: Pointer to wpa_supplicant data
209 * @sec: Number of seconds after which to time out authentication
210 * @usec: Number of microseconds after which to time out authentication
212 * This function is used to schedule a timeout for the current authentication
215 void wpa_supplicant_req_auth_timeout(struct wpa_supplicant *wpa_s,
218 if (wpa_s->conf && wpa_s->conf->ap_scan == 0 &&
219 (wpa_s->drv_flags & WPA_DRIVER_FLAGS_WIRED))
222 wpa_dbg(wpa_s, MSG_DEBUG, "Setting authentication timeout: %d sec "
223 "%d usec", sec, usec);
224 eloop_cancel_timeout(wpa_supplicant_timeout, wpa_s, NULL);
225 eloop_register_timeout(sec, usec, wpa_supplicant_timeout, wpa_s, NULL);
230 * wpa_supplicant_cancel_auth_timeout - Cancel authentication timeout
231 * @wpa_s: Pointer to wpa_supplicant data
233 * This function is used to cancel authentication timeout scheduled with
234 * wpa_supplicant_req_auth_timeout() and it is called when authentication has
237 void wpa_supplicant_cancel_auth_timeout(struct wpa_supplicant *wpa_s)
239 wpa_dbg(wpa_s, MSG_DEBUG, "Cancelling authentication timeout");
240 eloop_cancel_timeout(wpa_supplicant_timeout, wpa_s, NULL);
241 wpa_blacklist_del(wpa_s, wpa_s->bssid);
246 * wpa_supplicant_initiate_eapol - Configure EAPOL state machine
247 * @wpa_s: Pointer to wpa_supplicant data
249 * This function is used to configure EAPOL state machine based on the selected
250 * authentication mode.
252 void wpa_supplicant_initiate_eapol(struct wpa_supplicant *wpa_s)
254 #ifdef IEEE8021X_EAPOL
255 struct eapol_config eapol_conf;
256 struct wpa_ssid *ssid = wpa_s->current_ssid;
258 #ifdef CONFIG_IBSS_RSN
259 if (ssid->mode == WPAS_MODE_IBSS &&
260 wpa_s->key_mgmt != WPA_KEY_MGMT_NONE &&
261 wpa_s->key_mgmt != WPA_KEY_MGMT_WPA_NONE) {
263 * RSN IBSS authentication is per-STA and we can disable the
264 * per-BSSID EAPOL authentication.
266 eapol_sm_notify_portControl(wpa_s->eapol, ForceAuthorized);
267 eapol_sm_notify_eap_success(wpa_s->eapol, TRUE);
268 eapol_sm_notify_eap_fail(wpa_s->eapol, FALSE);
271 #endif /* CONFIG_IBSS_RSN */
273 eapol_sm_notify_eap_success(wpa_s->eapol, FALSE);
274 eapol_sm_notify_eap_fail(wpa_s->eapol, FALSE);
276 if (wpa_s->key_mgmt == WPA_KEY_MGMT_NONE ||
277 wpa_s->key_mgmt == WPA_KEY_MGMT_WPA_NONE)
278 eapol_sm_notify_portControl(wpa_s->eapol, ForceAuthorized);
280 eapol_sm_notify_portControl(wpa_s->eapol, Auto);
282 os_memset(&eapol_conf, 0, sizeof(eapol_conf));
283 if (wpa_s->key_mgmt == WPA_KEY_MGMT_IEEE8021X_NO_WPA) {
284 eapol_conf.accept_802_1x_keys = 1;
285 eapol_conf.required_keys = 0;
286 if (ssid->eapol_flags & EAPOL_FLAG_REQUIRE_KEY_UNICAST) {
287 eapol_conf.required_keys |= EAPOL_REQUIRE_KEY_UNICAST;
289 if (ssid->eapol_flags & EAPOL_FLAG_REQUIRE_KEY_BROADCAST) {
290 eapol_conf.required_keys |=
291 EAPOL_REQUIRE_KEY_BROADCAST;
294 if (wpa_s->conf && (wpa_s->drv_flags & WPA_DRIVER_FLAGS_WIRED))
295 eapol_conf.required_keys = 0;
298 eapol_conf.fast_reauth = wpa_s->conf->fast_reauth;
299 eapol_conf.workaround = ssid->eap_workaround;
300 eapol_conf.eap_disabled =
301 !wpa_key_mgmt_wpa_ieee8021x(wpa_s->key_mgmt) &&
302 wpa_s->key_mgmt != WPA_KEY_MGMT_IEEE8021X_NO_WPA &&
303 wpa_s->key_mgmt != WPA_KEY_MGMT_WPS;
304 eapol_sm_notify_config(wpa_s->eapol, &ssid->eap, &eapol_conf);
305 #endif /* IEEE8021X_EAPOL */
310 * wpa_supplicant_set_non_wpa_policy - Set WPA parameters to non-WPA mode
311 * @wpa_s: Pointer to wpa_supplicant data
312 * @ssid: Configuration data for the network
314 * This function is used to configure WPA state machine and related parameters
315 * to a mode where WPA is not enabled. This is called as part of the
316 * authentication configuration when the selected network does not use WPA.
318 void wpa_supplicant_set_non_wpa_policy(struct wpa_supplicant *wpa_s,
319 struct wpa_ssid *ssid)
323 if (ssid->key_mgmt & WPA_KEY_MGMT_WPS)
324 wpa_s->key_mgmt = WPA_KEY_MGMT_WPS;
325 else if (ssid->key_mgmt & WPA_KEY_MGMT_IEEE8021X_NO_WPA)
326 wpa_s->key_mgmt = WPA_KEY_MGMT_IEEE8021X_NO_WPA;
328 wpa_s->key_mgmt = WPA_KEY_MGMT_NONE;
329 wpa_sm_set_ap_wpa_ie(wpa_s->wpa, NULL, 0);
330 wpa_sm_set_ap_rsn_ie(wpa_s->wpa, NULL, 0);
331 wpa_sm_set_assoc_wpa_ie(wpa_s->wpa, NULL, 0);
332 wpa_s->pairwise_cipher = WPA_CIPHER_NONE;
333 wpa_s->group_cipher = WPA_CIPHER_NONE;
334 wpa_s->mgmt_group_cipher = 0;
336 for (i = 0; i < NUM_WEP_KEYS; i++) {
337 if (ssid->wep_key_len[i] > 5) {
338 wpa_s->pairwise_cipher = WPA_CIPHER_WEP104;
339 wpa_s->group_cipher = WPA_CIPHER_WEP104;
341 } else if (ssid->wep_key_len[i] > 0) {
342 wpa_s->pairwise_cipher = WPA_CIPHER_WEP40;
343 wpa_s->group_cipher = WPA_CIPHER_WEP40;
348 wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_RSN_ENABLED, 0);
349 wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_KEY_MGMT, wpa_s->key_mgmt);
350 wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_PAIRWISE,
351 wpa_s->pairwise_cipher);
352 wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_GROUP, wpa_s->group_cipher);
353 #ifdef CONFIG_IEEE80211W
354 wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_MGMT_GROUP,
355 wpa_s->mgmt_group_cipher);
356 #endif /* CONFIG_IEEE80211W */
358 pmksa_cache_clear_current(wpa_s->wpa);
362 void free_hw_features(struct wpa_supplicant *wpa_s)
365 if (wpa_s->hw.modes == NULL)
368 for (i = 0; i < wpa_s->hw.num_modes; i++) {
369 os_free(wpa_s->hw.modes[i].channels);
370 os_free(wpa_s->hw.modes[i].rates);
373 os_free(wpa_s->hw.modes);
374 wpa_s->hw.modes = NULL;
378 static void wpa_supplicant_cleanup(struct wpa_supplicant *wpa_s)
380 bgscan_deinit(wpa_s);
381 autoscan_deinit(wpa_s);
382 scard_deinit(wpa_s->scard);
384 wpa_sm_set_scard_ctx(wpa_s->wpa, NULL);
385 eapol_sm_register_scard_ctx(wpa_s->eapol, NULL);
386 l2_packet_deinit(wpa_s->l2);
389 l2_packet_deinit(wpa_s->l2_br);
393 if (wpa_s->conf != NULL) {
394 struct wpa_ssid *ssid;
395 for (ssid = wpa_s->conf->ssid; ssid; ssid = ssid->next)
396 wpas_notify_network_removed(wpa_s, ssid);
399 os_free(wpa_s->confname);
400 wpa_s->confname = NULL;
402 os_free(wpa_s->confanother);
403 wpa_s->confanother = NULL;
405 wpa_sm_set_eapol(wpa_s->wpa, NULL);
406 eapol_sm_deinit(wpa_s->eapol);
409 rsn_preauth_deinit(wpa_s->wpa);
412 wpa_tdls_deinit(wpa_s->wpa);
413 #endif /* CONFIG_TDLS */
415 pmksa_candidate_free(wpa_s->wpa);
416 wpa_sm_deinit(wpa_s->wpa);
418 wpa_blacklist_clear(wpa_s);
420 wpa_bss_deinit(wpa_s);
422 wpa_supplicant_cancel_scan(wpa_s);
423 wpa_supplicant_cancel_auth_timeout(wpa_s);
424 eloop_cancel_timeout(wpa_supplicant_stop_countermeasures, wpa_s, NULL);
425 #ifdef CONFIG_DELAYED_MIC_ERROR_REPORT
426 eloop_cancel_timeout(wpa_supplicant_delayed_mic_error_report,
428 #endif /* CONFIG_DELAYED_MIC_ERROR_REPORT */
430 wpas_wps_deinit(wpa_s);
432 wpabuf_free(wpa_s->pending_eapol_rx);
433 wpa_s->pending_eapol_rx = NULL;
435 #ifdef CONFIG_IBSS_RSN
436 ibss_rsn_deinit(wpa_s->ibss_rsn);
437 wpa_s->ibss_rsn = NULL;
438 #endif /* CONFIG_IBSS_RSN */
443 wpa_supplicant_ap_deinit(wpa_s);
444 #endif /* CONFIG_AP */
447 wpas_p2p_deinit(wpa_s);
448 #endif /* CONFIG_P2P */
450 #ifdef CONFIG_OFFCHANNEL
451 offchannel_deinit(wpa_s);
452 #endif /* CONFIG_OFFCHANNEL */
454 wpa_supplicant_cancel_sched_scan(wpa_s);
456 os_free(wpa_s->next_scan_freqs);
457 wpa_s->next_scan_freqs = NULL;
459 gas_query_deinit(wpa_s->gas);
462 free_hw_features(wpa_s);
464 os_free(wpa_s->bssid_filter);
465 wpa_s->bssid_filter = NULL;
467 os_free(wpa_s->disallow_aps_bssid);
468 wpa_s->disallow_aps_bssid = NULL;
469 os_free(wpa_s->disallow_aps_ssid);
470 wpa_s->disallow_aps_ssid = NULL;
472 wnm_bss_keep_alive_deinit(wpa_s);
474 ext_password_deinit(wpa_s->ext_pw);
475 wpa_s->ext_pw = NULL;
477 wpabuf_free(wpa_s->last_gas_resp);
479 os_free(wpa_s->last_scan_res);
480 wpa_s->last_scan_res = NULL;
485 * wpa_clear_keys - Clear keys configured for the driver
486 * @wpa_s: Pointer to wpa_supplicant data
487 * @addr: Previously used BSSID or %NULL if not available
489 * This function clears the encryption keys that has been previously configured
492 void wpa_clear_keys(struct wpa_supplicant *wpa_s, const u8 *addr)
494 if (wpa_s->keys_cleared) {
495 /* Some drivers (e.g., ndiswrapper & NDIS drivers) seem to have
496 * timing issues with keys being cleared just before new keys
497 * are set or just after association or something similar. This
498 * shows up in group key handshake failing often because of the
499 * client not receiving the first encrypted packets correctly.
500 * Skipping some of the extra key clearing steps seems to help
501 * in completing group key handshake more reliably. */
502 wpa_dbg(wpa_s, MSG_DEBUG, "No keys have been configured - "
503 "skip key clearing");
507 /* MLME-DELETEKEYS.request */
508 wpa_drv_set_key(wpa_s, WPA_ALG_NONE, NULL, 0, 0, NULL, 0, NULL, 0);
509 wpa_drv_set_key(wpa_s, WPA_ALG_NONE, NULL, 1, 0, NULL, 0, NULL, 0);
510 wpa_drv_set_key(wpa_s, WPA_ALG_NONE, NULL, 2, 0, NULL, 0, NULL, 0);
511 wpa_drv_set_key(wpa_s, WPA_ALG_NONE, NULL, 3, 0, NULL, 0, NULL, 0);
512 #ifdef CONFIG_IEEE80211W
513 wpa_drv_set_key(wpa_s, WPA_ALG_NONE, NULL, 4, 0, NULL, 0, NULL, 0);
514 wpa_drv_set_key(wpa_s, WPA_ALG_NONE, NULL, 5, 0, NULL, 0, NULL, 0);
515 #endif /* CONFIG_IEEE80211W */
517 wpa_drv_set_key(wpa_s, WPA_ALG_NONE, addr, 0, 0, NULL, 0, NULL,
519 /* MLME-SETPROTECTION.request(None) */
520 wpa_drv_mlme_setprotection(
522 MLME_SETPROTECTION_PROTECT_TYPE_NONE,
523 MLME_SETPROTECTION_KEY_TYPE_PAIRWISE);
525 wpa_s->keys_cleared = 1;
530 * wpa_supplicant_state_txt - Get the connection state name as a text string
531 * @state: State (wpa_state; WPA_*)
532 * Returns: The state name as a printable text string
534 const char * wpa_supplicant_state_txt(enum wpa_states state)
537 case WPA_DISCONNECTED:
538 return "DISCONNECTED";
541 case WPA_INTERFACE_DISABLED:
542 return "INTERFACE_DISABLED";
545 case WPA_AUTHENTICATING:
546 return "AUTHENTICATING";
547 case WPA_ASSOCIATING:
548 return "ASSOCIATING";
551 case WPA_4WAY_HANDSHAKE:
552 return "4WAY_HANDSHAKE";
553 case WPA_GROUP_HANDSHAKE:
554 return "GROUP_HANDSHAKE";
565 static void wpa_supplicant_start_bgscan(struct wpa_supplicant *wpa_s)
567 if (wpas_driver_bss_selection(wpa_s))
569 if (wpa_s->current_ssid == wpa_s->bgscan_ssid)
572 bgscan_deinit(wpa_s);
573 if (wpa_s->current_ssid && wpa_s->current_ssid->bgscan) {
574 if (bgscan_init(wpa_s, wpa_s->current_ssid)) {
575 wpa_dbg(wpa_s, MSG_DEBUG, "Failed to initialize "
578 * Live without bgscan; it is only used as a roaming
579 * optimization, so the initial connection is not
583 struct wpa_scan_results *scan_res;
584 wpa_s->bgscan_ssid = wpa_s->current_ssid;
585 scan_res = wpa_supplicant_get_scan_results(wpa_s, NULL,
588 bgscan_notify_scan(wpa_s, scan_res);
589 wpa_scan_results_free(scan_res);
593 wpa_s->bgscan_ssid = NULL;
597 static void wpa_supplicant_stop_bgscan(struct wpa_supplicant *wpa_s)
599 if (wpa_s->bgscan_ssid != NULL) {
600 bgscan_deinit(wpa_s);
601 wpa_s->bgscan_ssid = NULL;
605 #endif /* CONFIG_BGSCAN */
608 static void wpa_supplicant_start_autoscan(struct wpa_supplicant *wpa_s)
610 if (autoscan_init(wpa_s, 0))
611 wpa_dbg(wpa_s, MSG_DEBUG, "Failed to initialize autoscan");
615 static void wpa_supplicant_stop_autoscan(struct wpa_supplicant *wpa_s)
617 autoscan_deinit(wpa_s);
621 void wpa_supplicant_reinit_autoscan(struct wpa_supplicant *wpa_s)
623 if (wpa_s->wpa_state == WPA_DISCONNECTED ||
624 wpa_s->wpa_state == WPA_SCANNING) {
625 autoscan_deinit(wpa_s);
626 wpa_supplicant_start_autoscan(wpa_s);
632 * wpa_supplicant_set_state - Set current connection state
633 * @wpa_s: Pointer to wpa_supplicant data
634 * @state: The new connection state
636 * This function is called whenever the connection state changes, e.g.,
637 * association is completed for WPA/WPA2 4-Way Handshake is started.
639 void wpa_supplicant_set_state(struct wpa_supplicant *wpa_s,
640 enum wpa_states state)
642 enum wpa_states old_state = wpa_s->wpa_state;
644 wpa_dbg(wpa_s, MSG_DEBUG, "State: %s -> %s",
645 wpa_supplicant_state_txt(wpa_s->wpa_state),
646 wpa_supplicant_state_txt(state));
648 if (state != WPA_SCANNING)
649 wpa_supplicant_notify_scanning(wpa_s, 0);
651 if (state == WPA_COMPLETED && wpa_s->new_connection) {
652 struct wpa_ssid *ssid = wpa_s->current_ssid;
653 #if defined(CONFIG_CTRL_IFACE) || !defined(CONFIG_NO_STDOUT_DEBUG)
654 wpa_msg(wpa_s, MSG_INFO, WPA_EVENT_CONNECTED "- Connection to "
655 MACSTR " completed [id=%d id_str=%s]",
656 MAC2STR(wpa_s->bssid),
657 ssid ? ssid->id : -1,
658 ssid && ssid->id_str ? ssid->id_str : "");
659 #endif /* CONFIG_CTRL_IFACE || !CONFIG_NO_STDOUT_DEBUG */
660 wpas_clear_temp_disabled(wpa_s, ssid, 1);
661 wpa_s->extra_blacklist_count = 0;
662 wpa_s->new_connection = 0;
663 wpa_drv_set_operstate(wpa_s, 1);
664 #ifndef IEEE8021X_EAPOL
665 wpa_drv_set_supp_port(wpa_s, 1);
666 #endif /* IEEE8021X_EAPOL */
667 wpa_s->after_wps = 0;
669 wpas_p2p_completed(wpa_s);
670 #endif /* CONFIG_P2P */
672 sme_sched_obss_scan(wpa_s, 1);
673 } else if (state == WPA_DISCONNECTED || state == WPA_ASSOCIATING ||
674 state == WPA_ASSOCIATED) {
675 wpa_s->new_connection = 1;
676 wpa_drv_set_operstate(wpa_s, 0);
677 #ifndef IEEE8021X_EAPOL
678 wpa_drv_set_supp_port(wpa_s, 0);
679 #endif /* IEEE8021X_EAPOL */
680 sme_sched_obss_scan(wpa_s, 0);
682 wpa_s->wpa_state = state;
685 if (state == WPA_COMPLETED)
686 wpa_supplicant_start_bgscan(wpa_s);
688 wpa_supplicant_stop_bgscan(wpa_s);
689 #endif /* CONFIG_BGSCAN */
691 if (state == WPA_AUTHENTICATING)
692 wpa_supplicant_stop_autoscan(wpa_s);
694 if (state == WPA_DISCONNECTED || state == WPA_INACTIVE)
695 wpa_supplicant_start_autoscan(wpa_s);
697 if (wpa_s->wpa_state != old_state) {
698 wpas_notify_state_changed(wpa_s, wpa_s->wpa_state, old_state);
700 if (wpa_s->wpa_state == WPA_COMPLETED ||
701 old_state == WPA_COMPLETED)
702 wpas_notify_auth_changed(wpa_s);
707 void wpa_supplicant_terminate_proc(struct wpa_global *global)
711 struct wpa_supplicant *wpa_s = global->ifaces;
713 if (wpas_wps_terminate_pending(wpa_s) == 1)
717 #endif /* CONFIG_WPS */
724 static void wpa_supplicant_terminate(int sig, void *signal_ctx)
726 struct wpa_global *global = signal_ctx;
727 wpa_supplicant_terminate_proc(global);
731 void wpa_supplicant_clear_status(struct wpa_supplicant *wpa_s)
733 enum wpa_states old_state = wpa_s->wpa_state;
735 wpa_s->pairwise_cipher = 0;
736 wpa_s->group_cipher = 0;
737 wpa_s->mgmt_group_cipher = 0;
739 if (wpa_s->wpa_state != WPA_INTERFACE_DISABLED)
740 wpa_supplicant_set_state(wpa_s, WPA_DISCONNECTED);
742 if (wpa_s->wpa_state != old_state)
743 wpas_notify_state_changed(wpa_s, wpa_s->wpa_state, old_state);
748 * wpa_supplicant_reload_configuration - Reload configuration data
749 * @wpa_s: Pointer to wpa_supplicant data
750 * Returns: 0 on success or -1 if configuration parsing failed
752 * This function can be used to request that the configuration data is reloaded
753 * (e.g., after configuration file change). This function is reloading
754 * configuration only for one interface, so this may need to be called multiple
755 * times if %wpa_supplicant is controlling multiple interfaces and all
756 * interfaces need reconfiguration.
758 int wpa_supplicant_reload_configuration(struct wpa_supplicant *wpa_s)
760 struct wpa_config *conf;
764 if (wpa_s->confname == NULL)
766 conf = wpa_config_read(wpa_s->confname, NULL);
768 wpa_msg(wpa_s, MSG_ERROR, "Failed to parse the configuration "
769 "file '%s' - exiting", wpa_s->confname);
772 wpa_config_read(wpa_s->confanother, conf);
774 conf->changed_parameters = (unsigned int) -1;
776 reconf_ctrl = !!conf->ctrl_interface != !!wpa_s->conf->ctrl_interface
777 || (conf->ctrl_interface && wpa_s->conf->ctrl_interface &&
778 os_strcmp(conf->ctrl_interface,
779 wpa_s->conf->ctrl_interface) != 0);
781 if (reconf_ctrl && wpa_s->ctrl_iface) {
782 wpa_supplicant_ctrl_iface_deinit(wpa_s->ctrl_iface);
783 wpa_s->ctrl_iface = NULL;
786 eapol_sm_invalidate_cached_session(wpa_s->eapol);
787 if (wpa_s->current_ssid) {
788 wpa_supplicant_deauthenticate(wpa_s,
789 WLAN_REASON_DEAUTH_LEAVING);
793 * TODO: should notify EAPOL SM about changes in opensc_engine_path,
794 * pkcs11_engine_path, pkcs11_module_path.
796 if (wpa_key_mgmt_wpa_psk(wpa_s->key_mgmt)) {
798 * Clear forced success to clear EAP state for next
801 eapol_sm_notify_eap_success(wpa_s->eapol, FALSE);
803 eapol_sm_notify_config(wpa_s->eapol, NULL, NULL);
804 wpa_sm_set_config(wpa_s->wpa, NULL);
805 wpa_sm_pmksa_cache_flush(wpa_s->wpa, NULL);
806 wpa_sm_set_fast_reauth(wpa_s->wpa, wpa_s->conf->fast_reauth);
807 rsn_preauth_deinit(wpa_s->wpa);
809 old_ap_scan = wpa_s->conf->ap_scan;
810 wpa_config_free(wpa_s->conf);
812 if (old_ap_scan != wpa_s->conf->ap_scan)
813 wpas_notify_ap_scan_changed(wpa_s);
816 wpa_s->ctrl_iface = wpa_supplicant_ctrl_iface_init(wpa_s);
818 wpa_supplicant_update_config(wpa_s);
820 wpa_supplicant_clear_status(wpa_s);
821 if (wpa_supplicant_enabled_networks(wpa_s)) {
822 wpa_s->reassociate = 1;
823 wpa_supplicant_req_scan(wpa_s, 0, 0);
825 wpa_dbg(wpa_s, MSG_DEBUG, "Reconfiguration completed");
830 static void wpa_supplicant_reconfig(int sig, void *signal_ctx)
832 struct wpa_global *global = signal_ctx;
833 struct wpa_supplicant *wpa_s;
834 for (wpa_s = global->ifaces; wpa_s; wpa_s = wpa_s->next) {
835 wpa_dbg(wpa_s, MSG_DEBUG, "Signal %d received - reconfiguring",
837 if (wpa_supplicant_reload_configuration(wpa_s) < 0) {
838 wpa_supplicant_terminate_proc(global);
844 enum wpa_key_mgmt key_mgmt2driver(int key_mgmt)
847 case WPA_KEY_MGMT_NONE:
848 return KEY_MGMT_NONE;
849 case WPA_KEY_MGMT_IEEE8021X_NO_WPA:
850 return KEY_MGMT_802_1X_NO_WPA;
851 case WPA_KEY_MGMT_IEEE8021X:
852 return KEY_MGMT_802_1X;
853 case WPA_KEY_MGMT_WPA_NONE:
854 return KEY_MGMT_WPA_NONE;
855 case WPA_KEY_MGMT_FT_IEEE8021X:
856 return KEY_MGMT_FT_802_1X;
857 case WPA_KEY_MGMT_FT_PSK:
858 return KEY_MGMT_FT_PSK;
859 case WPA_KEY_MGMT_IEEE8021X_SHA256:
860 return KEY_MGMT_802_1X_SHA256;
861 case WPA_KEY_MGMT_PSK_SHA256:
862 return KEY_MGMT_PSK_SHA256;
863 case WPA_KEY_MGMT_WPS:
865 case WPA_KEY_MGMT_PSK:
872 static int wpa_supplicant_suites_from_ai(struct wpa_supplicant *wpa_s,
873 struct wpa_ssid *ssid,
874 struct wpa_ie_data *ie)
876 int ret = wpa_sm_parse_own_wpa_ie(wpa_s->wpa, ie);
879 wpa_msg(wpa_s, MSG_INFO, "WPA: Failed to parse WPA IE "
880 "from association info");
885 wpa_dbg(wpa_s, MSG_DEBUG, "WPA: Using WPA IE from AssocReq to set "
887 if (!(ie->group_cipher & ssid->group_cipher)) {
888 wpa_msg(wpa_s, MSG_INFO, "WPA: Driver used disabled group "
889 "cipher 0x%x (mask 0x%x) - reject",
890 ie->group_cipher, ssid->group_cipher);
893 if (!(ie->pairwise_cipher & ssid->pairwise_cipher)) {
894 wpa_msg(wpa_s, MSG_INFO, "WPA: Driver used disabled pairwise "
895 "cipher 0x%x (mask 0x%x) - reject",
896 ie->pairwise_cipher, ssid->pairwise_cipher);
899 if (!(ie->key_mgmt & ssid->key_mgmt)) {
900 wpa_msg(wpa_s, MSG_INFO, "WPA: Driver used disabled key "
901 "management 0x%x (mask 0x%x) - reject",
902 ie->key_mgmt, ssid->key_mgmt);
906 #ifdef CONFIG_IEEE80211W
907 if (!(ie->capabilities & WPA_CAPABILITY_MFPC) &&
908 (ssid->ieee80211w == MGMT_FRAME_PROTECTION_DEFAULT ?
909 wpa_s->conf->pmf : ssid->ieee80211w) ==
910 MGMT_FRAME_PROTECTION_REQUIRED) {
911 wpa_msg(wpa_s, MSG_INFO, "WPA: Driver associated with an AP "
912 "that does not support management frame protection - "
916 #endif /* CONFIG_IEEE80211W */
923 * wpa_supplicant_set_suites - Set authentication and encryption parameters
924 * @wpa_s: Pointer to wpa_supplicant data
925 * @bss: Scan results for the selected BSS, or %NULL if not available
926 * @ssid: Configuration data for the selected network
927 * @wpa_ie: Buffer for the WPA/RSN IE
928 * @wpa_ie_len: Maximum wpa_ie buffer size on input. This is changed to be the
929 * used buffer length in case the functions returns success.
930 * Returns: 0 on success or -1 on failure
932 * This function is used to configure authentication and encryption parameters
933 * based on the network configuration and scan result for the selected BSS (if
936 int wpa_supplicant_set_suites(struct wpa_supplicant *wpa_s,
937 struct wpa_bss *bss, struct wpa_ssid *ssid,
938 u8 *wpa_ie, size_t *wpa_ie_len)
940 struct wpa_ie_data ie;
942 const u8 *bss_wpa, *bss_rsn;
945 bss_wpa = wpa_bss_get_vendor_ie(bss, WPA_IE_VENDOR_TYPE);
946 bss_rsn = wpa_bss_get_ie(bss, WLAN_EID_RSN);
948 bss_wpa = bss_rsn = NULL;
950 if (bss_rsn && (ssid->proto & WPA_PROTO_RSN) &&
951 wpa_parse_wpa_ie(bss_rsn, 2 + bss_rsn[1], &ie) == 0 &&
952 (ie.group_cipher & ssid->group_cipher) &&
953 (ie.pairwise_cipher & ssid->pairwise_cipher) &&
954 (ie.key_mgmt & ssid->key_mgmt)) {
955 wpa_dbg(wpa_s, MSG_DEBUG, "RSN: using IEEE 802.11i/D9.0");
956 proto = WPA_PROTO_RSN;
957 } else if (bss_wpa && (ssid->proto & WPA_PROTO_WPA) &&
958 wpa_parse_wpa_ie(bss_wpa, 2 +bss_wpa[1], &ie) == 0 &&
959 (ie.group_cipher & ssid->group_cipher) &&
960 (ie.pairwise_cipher & ssid->pairwise_cipher) &&
961 (ie.key_mgmt & ssid->key_mgmt)) {
962 wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using IEEE 802.11i/D3.0");
963 proto = WPA_PROTO_WPA;
965 wpa_msg(wpa_s, MSG_WARNING, "WPA: Failed to select WPA/RSN");
968 if (ssid->proto & WPA_PROTO_RSN)
969 proto = WPA_PROTO_RSN;
971 proto = WPA_PROTO_WPA;
972 if (wpa_supplicant_suites_from_ai(wpa_s, ssid, &ie) < 0) {
973 os_memset(&ie, 0, sizeof(ie));
974 ie.group_cipher = ssid->group_cipher;
975 ie.pairwise_cipher = ssid->pairwise_cipher;
976 ie.key_mgmt = ssid->key_mgmt;
977 #ifdef CONFIG_IEEE80211W
978 ie.mgmt_group_cipher =
979 ssid->ieee80211w != NO_MGMT_FRAME_PROTECTION ?
980 WPA_CIPHER_AES_128_CMAC : 0;
981 #endif /* CONFIG_IEEE80211W */
982 wpa_dbg(wpa_s, MSG_DEBUG, "WPA: Set cipher suites "
983 "based on configuration");
988 wpa_dbg(wpa_s, MSG_DEBUG, "WPA: Selected cipher suites: group %d "
989 "pairwise %d key_mgmt %d proto %d",
990 ie.group_cipher, ie.pairwise_cipher, ie.key_mgmt, proto);
991 #ifdef CONFIG_IEEE80211W
992 if (ssid->ieee80211w) {
993 wpa_dbg(wpa_s, MSG_DEBUG, "WPA: Selected mgmt group cipher %d",
994 ie.mgmt_group_cipher);
996 #endif /* CONFIG_IEEE80211W */
998 wpa_s->wpa_proto = proto;
999 wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_PROTO, proto);
1000 wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_RSN_ENABLED,
1001 !!(ssid->proto & WPA_PROTO_RSN));
1003 if (bss || !wpa_s->ap_ies_from_associnfo) {
1004 if (wpa_sm_set_ap_wpa_ie(wpa_s->wpa, bss_wpa,
1005 bss_wpa ? 2 + bss_wpa[1] : 0) ||
1006 wpa_sm_set_ap_rsn_ie(wpa_s->wpa, bss_rsn,
1007 bss_rsn ? 2 + bss_rsn[1] : 0))
1011 sel = ie.group_cipher & ssid->group_cipher;
1012 wpa_s->group_cipher = wpa_pick_group_cipher(sel);
1013 if (wpa_s->group_cipher < 0) {
1014 wpa_msg(wpa_s, MSG_WARNING, "WPA: Failed to select group "
1018 wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using GTK %s",
1019 wpa_cipher_txt(wpa_s->group_cipher));
1021 sel = ie.pairwise_cipher & ssid->pairwise_cipher;
1022 wpa_s->pairwise_cipher = wpa_pick_pairwise_cipher(sel, 1);
1023 if (wpa_s->pairwise_cipher < 0) {
1024 wpa_msg(wpa_s, MSG_WARNING, "WPA: Failed to select pairwise "
1028 wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using PTK %s",
1029 wpa_cipher_txt(wpa_s->pairwise_cipher));
1031 sel = ie.key_mgmt & ssid->key_mgmt;
1033 if (!(wpa_s->drv_flags & WPA_DRIVER_FLAGS_SAE))
1034 sel &= ~(WPA_KEY_MGMT_SAE | WPA_KEY_MGMT_FT_SAE);
1035 #endif /* CONFIG_SAE */
1037 #ifdef CONFIG_IEEE80211R
1038 } else if (sel & WPA_KEY_MGMT_FT_IEEE8021X) {
1039 wpa_s->key_mgmt = WPA_KEY_MGMT_FT_IEEE8021X;
1040 wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using KEY_MGMT FT/802.1X");
1041 } else if (sel & WPA_KEY_MGMT_FT_PSK) {
1042 wpa_s->key_mgmt = WPA_KEY_MGMT_FT_PSK;
1043 wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using KEY_MGMT FT/PSK");
1044 #endif /* CONFIG_IEEE80211R */
1046 } else if (sel & WPA_KEY_MGMT_SAE) {
1047 wpa_s->key_mgmt = WPA_KEY_MGMT_SAE;
1048 wpa_dbg(wpa_s, MSG_DEBUG, "RSN: using KEY_MGMT SAE");
1049 } else if (sel & WPA_KEY_MGMT_FT_SAE) {
1050 wpa_s->key_mgmt = WPA_KEY_MGMT_FT_SAE;
1051 wpa_dbg(wpa_s, MSG_DEBUG, "RSN: using KEY_MGMT FT/SAE");
1052 #endif /* CONFIG_SAE */
1053 #ifdef CONFIG_IEEE80211W
1054 } else if (sel & WPA_KEY_MGMT_IEEE8021X_SHA256) {
1055 wpa_s->key_mgmt = WPA_KEY_MGMT_IEEE8021X_SHA256;
1056 wpa_dbg(wpa_s, MSG_DEBUG,
1057 "WPA: using KEY_MGMT 802.1X with SHA256");
1058 } else if (sel & WPA_KEY_MGMT_PSK_SHA256) {
1059 wpa_s->key_mgmt = WPA_KEY_MGMT_PSK_SHA256;
1060 wpa_dbg(wpa_s, MSG_DEBUG,
1061 "WPA: using KEY_MGMT PSK with SHA256");
1062 #endif /* CONFIG_IEEE80211W */
1063 } else if (sel & WPA_KEY_MGMT_IEEE8021X) {
1064 wpa_s->key_mgmt = WPA_KEY_MGMT_IEEE8021X;
1065 wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using KEY_MGMT 802.1X");
1066 } else if (sel & WPA_KEY_MGMT_PSK) {
1067 wpa_s->key_mgmt = WPA_KEY_MGMT_PSK;
1068 wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using KEY_MGMT WPA-PSK");
1069 } else if (sel & WPA_KEY_MGMT_WPA_NONE) {
1070 wpa_s->key_mgmt = WPA_KEY_MGMT_WPA_NONE;
1071 wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using KEY_MGMT WPA-NONE");
1073 wpa_msg(wpa_s, MSG_WARNING, "WPA: Failed to select "
1074 "authenticated key management type");
1078 wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_KEY_MGMT, wpa_s->key_mgmt);
1079 wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_PAIRWISE,
1080 wpa_s->pairwise_cipher);
1081 wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_GROUP, wpa_s->group_cipher);
1083 #ifdef CONFIG_IEEE80211W
1084 sel = ie.mgmt_group_cipher;
1085 if ((ssid->ieee80211w == MGMT_FRAME_PROTECTION_DEFAULT ?
1086 wpa_s->conf->pmf : ssid->ieee80211w) == NO_MGMT_FRAME_PROTECTION ||
1087 !(ie.capabilities & WPA_CAPABILITY_MFPC))
1089 if (sel & WPA_CIPHER_AES_128_CMAC) {
1090 wpa_s->mgmt_group_cipher = WPA_CIPHER_AES_128_CMAC;
1091 wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using MGMT group cipher "
1094 wpa_s->mgmt_group_cipher = 0;
1095 wpa_dbg(wpa_s, MSG_DEBUG, "WPA: not using MGMT group cipher");
1097 wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_MGMT_GROUP,
1098 wpa_s->mgmt_group_cipher);
1099 wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_MFP,
1100 (ssid->ieee80211w == MGMT_FRAME_PROTECTION_DEFAULT ?
1101 wpa_s->conf->pmf : ssid->ieee80211w));
1102 #endif /* CONFIG_IEEE80211W */
1104 if (wpa_sm_set_assoc_wpa_ie_default(wpa_s->wpa, wpa_ie, wpa_ie_len)) {
1105 wpa_msg(wpa_s, MSG_WARNING, "WPA: Failed to generate WPA IE");
1109 if (wpa_key_mgmt_wpa_psk(ssid->key_mgmt)) {
1110 wpa_sm_set_pmk(wpa_s->wpa, ssid->psk, PMK_LEN);
1111 #ifndef CONFIG_NO_PBKDF2
1112 if (bss && ssid->bssid_set && ssid->ssid_len == 0 &&
1115 pbkdf2_sha1(ssid->passphrase, bss->ssid, bss->ssid_len,
1116 4096, psk, PMK_LEN);
1117 wpa_hexdump_key(MSG_MSGDUMP, "PSK (from passphrase)",
1119 wpa_sm_set_pmk(wpa_s->wpa, psk, PMK_LEN);
1121 #endif /* CONFIG_NO_PBKDF2 */
1122 #ifdef CONFIG_EXT_PASSWORD
1123 if (ssid->ext_psk) {
1124 struct wpabuf *pw = ext_password_get(wpa_s->ext_pw,
1126 char pw_str[64 + 1];
1130 wpa_msg(wpa_s, MSG_INFO, "EXT PW: No PSK "
1131 "found from external storage");
1135 if (wpabuf_len(pw) < 8 || wpabuf_len(pw) > 64) {
1136 wpa_msg(wpa_s, MSG_INFO, "EXT PW: Unexpected "
1137 "PSK length %d in external storage",
1138 (int) wpabuf_len(pw));
1139 ext_password_free(pw);
1143 os_memcpy(pw_str, wpabuf_head(pw), wpabuf_len(pw));
1144 pw_str[wpabuf_len(pw)] = '\0';
1146 #ifndef CONFIG_NO_PBKDF2
1147 if (wpabuf_len(pw) >= 8 && wpabuf_len(pw) < 64 && bss)
1149 pbkdf2_sha1(pw_str, bss->ssid, bss->ssid_len,
1150 4096, psk, PMK_LEN);
1151 os_memset(pw_str, 0, sizeof(pw_str));
1152 wpa_hexdump_key(MSG_MSGDUMP, "PSK (from "
1153 "external passphrase)",
1155 wpa_sm_set_pmk(wpa_s->wpa, psk, PMK_LEN);
1157 #endif /* CONFIG_NO_PBKDF2 */
1158 if (wpabuf_len(pw) == 2 * PMK_LEN) {
1159 if (hexstr2bin(pw_str, psk, PMK_LEN) < 0) {
1160 wpa_msg(wpa_s, MSG_INFO, "EXT PW: "
1161 "Invalid PSK hex string");
1162 os_memset(pw_str, 0, sizeof(pw_str));
1163 ext_password_free(pw);
1166 wpa_sm_set_pmk(wpa_s->wpa, psk, PMK_LEN);
1168 wpa_msg(wpa_s, MSG_INFO, "EXT PW: No suitable "
1170 os_memset(pw_str, 0, sizeof(pw_str));
1171 ext_password_free(pw);
1175 os_memset(pw_str, 0, sizeof(pw_str));
1176 ext_password_free(pw);
1178 #endif /* CONFIG_EXT_PASSWORD */
1180 wpa_sm_set_pmk_from_pmksa(wpa_s->wpa);
1186 static void wpas_ext_capab_byte(struct wpa_supplicant *wpa_s, u8 *pos, int idx)
1191 case 0: /* Bits 0-7 */
1193 case 1: /* Bits 8-15 */
1195 case 2: /* Bits 16-23 */
1197 *pos |= 0x02; /* Bit 17 - WNM-Sleep Mode */
1198 *pos |= 0x08; /* Bit 19 - BSS Transition */
1199 #endif /* CONFIG_WNM */
1201 case 3: /* Bits 24-31 */
1203 *pos |= 0x02; /* Bit 25 - SSID List */
1204 #endif /* CONFIG_WNM */
1205 #ifdef CONFIG_INTERWORKING
1206 if (wpa_s->conf->interworking)
1207 *pos |= 0x80; /* Bit 31 - Interworking */
1208 #endif /* CONFIG_INTERWORKING */
1210 case 4: /* Bits 32-39 */
1212 case 5: /* Bits 40-47 */
1214 case 6: /* Bits 48-55 */
1220 int wpas_build_ext_capab(struct wpa_supplicant *wpa_s, u8 *buf)
1225 if (len < wpa_s->extended_capa_len)
1226 len = wpa_s->extended_capa_len;
1228 *pos++ = WLAN_EID_EXT_CAPAB;
1230 for (i = 0; i < len; i++, pos++) {
1231 wpas_ext_capab_byte(wpa_s, pos, i);
1233 if (i < wpa_s->extended_capa_len) {
1234 *pos &= ~wpa_s->extended_capa_mask[i];
1235 *pos |= wpa_s->extended_capa[i];
1239 while (len > 0 && buf[1 + len] == 0) {
1251 * wpa_supplicant_associate - Request association
1252 * @wpa_s: Pointer to wpa_supplicant data
1253 * @bss: Scan results for the selected BSS, or %NULL if not available
1254 * @ssid: Configuration data for the selected network
1256 * This function is used to request %wpa_supplicant to associate with a BSS.
1258 void wpa_supplicant_associate(struct wpa_supplicant *wpa_s,
1259 struct wpa_bss *bss, struct wpa_ssid *ssid)
1263 int use_crypt, ret, i, bssid_changed;
1264 int algs = WPA_AUTH_ALG_OPEN;
1265 enum wpa_cipher cipher_pairwise, cipher_group;
1266 struct wpa_driver_associate_params params;
1267 int wep_keys_set = 0;
1268 int assoc_failed = 0;
1269 struct wpa_ssid *old_ssid;
1272 #ifdef CONFIG_HT_OVERRIDES
1273 struct ieee80211_ht_capabilities htcaps;
1274 struct ieee80211_ht_capabilities htcaps_mask;
1275 #endif /* CONFIG_HT_OVERRIDES */
1277 #ifdef CONFIG_IBSS_RSN
1278 ibss_rsn_deinit(wpa_s->ibss_rsn);
1279 wpa_s->ibss_rsn = NULL;
1280 #endif /* CONFIG_IBSS_RSN */
1282 if (ssid->mode == WPAS_MODE_AP || ssid->mode == WPAS_MODE_P2P_GO ||
1283 ssid->mode == WPAS_MODE_P2P_GROUP_FORMATION) {
1285 if (!(wpa_s->drv_flags & WPA_DRIVER_FLAGS_AP)) {
1286 wpa_msg(wpa_s, MSG_INFO, "Driver does not support AP "
1290 if (wpa_supplicant_create_ap(wpa_s, ssid) < 0) {
1291 wpa_supplicant_set_state(wpa_s, WPA_DISCONNECTED);
1294 wpa_s->current_bss = bss;
1295 #else /* CONFIG_AP */
1296 wpa_msg(wpa_s, MSG_ERROR, "AP mode support not included in "
1298 #endif /* CONFIG_AP */
1304 wpa_tdls_ap_ies(wpa_s->wpa, (const u8 *) (bss + 1),
1306 #endif /* CONFIG_TDLS */
1308 if ((wpa_s->drv_flags & WPA_DRIVER_FLAGS_SME) &&
1309 ssid->mode == IEEE80211_MODE_INFRA) {
1310 sme_authenticate(wpa_s, bss, ssid);
1314 os_memset(¶ms, 0, sizeof(params));
1315 wpa_s->reassociate = 0;
1316 if (bss && !wpas_driver_bss_selection(wpa_s)) {
1317 #ifdef CONFIG_IEEE80211R
1318 const u8 *ie, *md = NULL;
1319 #endif /* CONFIG_IEEE80211R */
1320 wpa_msg(wpa_s, MSG_INFO, "Trying to associate with " MACSTR
1321 " (SSID='%s' freq=%d MHz)", MAC2STR(bss->bssid),
1322 wpa_ssid_txt(bss->ssid, bss->ssid_len), bss->freq);
1323 bssid_changed = !is_zero_ether_addr(wpa_s->bssid);
1324 os_memset(wpa_s->bssid, 0, ETH_ALEN);
1325 os_memcpy(wpa_s->pending_bssid, bss->bssid, ETH_ALEN);
1327 wpas_notify_bssid_changed(wpa_s);
1328 #ifdef CONFIG_IEEE80211R
1329 ie = wpa_bss_get_ie(bss, WLAN_EID_MOBILITY_DOMAIN);
1330 if (ie && ie[1] >= MOBILITY_DOMAIN_ID_LEN)
1332 wpa_sm_set_ft_params(wpa_s->wpa, ie, ie ? 2 + ie[1] : 0);
1334 /* Prepare for the next transition */
1335 wpa_ft_prepare_auth_request(wpa_s->wpa, ie);
1337 #endif /* CONFIG_IEEE80211R */
1339 } else if ((ssid->ssid == NULL || ssid->ssid_len == 0) &&
1340 wpa_s->conf->ap_scan == 2 &&
1341 (ssid->key_mgmt & WPA_KEY_MGMT_WPS)) {
1342 /* Use ap_scan==1 style network selection to find the network
1344 wpa_s->scan_req = MANUAL_SCAN_REQ;
1345 wpa_s->reassociate = 1;
1346 wpa_supplicant_req_scan(wpa_s, 0, 0);
1348 #endif /* CONFIG_WPS */
1350 wpa_msg(wpa_s, MSG_INFO, "Trying to associate with SSID '%s'",
1351 wpa_ssid_txt(ssid->ssid, ssid->ssid_len));
1352 os_memset(wpa_s->pending_bssid, 0, ETH_ALEN);
1354 wpa_supplicant_cancel_sched_scan(wpa_s);
1355 wpa_supplicant_cancel_scan(wpa_s);
1357 /* Starting new association, so clear the possibly used WPA IE from the
1358 * previous association. */
1359 wpa_sm_set_assoc_wpa_ie(wpa_s->wpa, NULL, 0);
1361 #ifdef IEEE8021X_EAPOL
1362 if (ssid->key_mgmt & WPA_KEY_MGMT_IEEE8021X_NO_WPA) {
1364 if (ssid->non_leap == 0)
1365 algs = WPA_AUTH_ALG_LEAP;
1367 algs |= WPA_AUTH_ALG_LEAP;
1370 #endif /* IEEE8021X_EAPOL */
1371 wpa_dbg(wpa_s, MSG_DEBUG, "Automatic auth_alg selection: 0x%x", algs);
1372 if (ssid->auth_alg) {
1373 algs = ssid->auth_alg;
1374 wpa_dbg(wpa_s, MSG_DEBUG, "Overriding auth_alg selection: "
1378 if (bss && (wpa_bss_get_vendor_ie(bss, WPA_IE_VENDOR_TYPE) ||
1379 wpa_bss_get_ie(bss, WLAN_EID_RSN)) &&
1380 wpa_key_mgmt_wpa(ssid->key_mgmt)) {
1381 int try_opportunistic;
1382 try_opportunistic = (ssid->proactive_key_caching < 0 ?
1384 ssid->proactive_key_caching) &&
1385 (ssid->proto & WPA_PROTO_RSN);
1386 if (pmksa_cache_set_current(wpa_s->wpa, NULL, bss->bssid,
1387 ssid, try_opportunistic) == 0)
1388 eapol_sm_notify_pmkid_attempt(wpa_s->eapol, 1);
1389 wpa_ie_len = sizeof(wpa_ie);
1390 if (wpa_supplicant_set_suites(wpa_s, bss, ssid,
1391 wpa_ie, &wpa_ie_len)) {
1392 wpa_msg(wpa_s, MSG_WARNING, "WPA: Failed to set WPA "
1393 "key management and encryption suites");
1396 } else if ((ssid->key_mgmt & WPA_KEY_MGMT_IEEE8021X_NO_WPA) && bss &&
1397 wpa_key_mgmt_wpa_ieee8021x(ssid->key_mgmt)) {
1399 * Both WPA and non-WPA IEEE 802.1X enabled in configuration -
1400 * use non-WPA since the scan results did not indicate that the
1401 * AP is using WPA or WPA2.
1403 wpa_supplicant_set_non_wpa_policy(wpa_s, ssid);
1405 wpa_s->wpa_proto = 0;
1406 } else if (wpa_key_mgmt_wpa_any(ssid->key_mgmt)) {
1407 wpa_ie_len = sizeof(wpa_ie);
1408 if (wpa_supplicant_set_suites(wpa_s, NULL, ssid,
1409 wpa_ie, &wpa_ie_len)) {
1410 wpa_msg(wpa_s, MSG_WARNING, "WPA: Failed to set WPA "
1411 "key management and encryption suites (no "
1416 } else if (ssid->key_mgmt & WPA_KEY_MGMT_WPS) {
1417 struct wpabuf *wps_ie;
1418 wps_ie = wps_build_assoc_req_ie(wpas_wps_get_req_type(ssid));
1419 if (wps_ie && wpabuf_len(wps_ie) <= sizeof(wpa_ie)) {
1420 wpa_ie_len = wpabuf_len(wps_ie);
1421 os_memcpy(wpa_ie, wpabuf_head(wps_ie), wpa_ie_len);
1424 wpabuf_free(wps_ie);
1425 wpa_supplicant_set_non_wpa_policy(wpa_s, ssid);
1426 if (!bss || (bss->caps & IEEE80211_CAP_PRIVACY))
1427 params.wps = WPS_MODE_PRIVACY;
1429 params.wps = WPS_MODE_OPEN;
1430 wpa_s->wpa_proto = 0;
1431 #endif /* CONFIG_WPS */
1433 wpa_supplicant_set_non_wpa_policy(wpa_s, ssid);
1435 wpa_s->wpa_proto = 0;
1439 if (wpa_s->global->p2p) {
1443 pos = wpa_ie + wpa_ie_len;
1444 len = sizeof(wpa_ie) - wpa_ie_len;
1445 res = wpas_p2p_assoc_req_ie(wpa_s, bss, pos, len,
1451 wpa_s->cross_connect_disallowed = 0;
1454 p2p = wpa_bss_get_vendor_ie_multi(bss, P2P_IE_VENDOR_TYPE);
1456 wpa_s->cross_connect_disallowed =
1457 p2p_get_cross_connect_disallowed(p2p);
1459 wpa_dbg(wpa_s, MSG_DEBUG, "P2P: WLAN AP %s cross "
1461 wpa_s->cross_connect_disallowed ?
1462 "disallows" : "allows");
1465 #endif /* CONFIG_P2P */
1468 if (is_hs20_network(wpa_s, ssid, bss)) {
1469 struct wpabuf *hs20;
1470 hs20 = wpabuf_alloc(20);
1472 wpas_hs20_add_indication(hs20);
1473 os_memcpy(wpa_ie + wpa_ie_len, wpabuf_head(hs20),
1475 wpa_ie_len += wpabuf_len(hs20);
1479 #endif /* CONFIG_HS20 */
1481 ext_capab_len = wpas_build_ext_capab(wpa_s, ext_capab);
1482 if (ext_capab_len > 0) {
1484 if (wpa_ie_len > 0 && pos[0] == WLAN_EID_RSN)
1486 os_memmove(pos + ext_capab_len, pos,
1487 wpa_ie_len - (pos - wpa_ie));
1488 wpa_ie_len += ext_capab_len;
1489 os_memcpy(pos, ext_capab, ext_capab_len);
1492 wpa_clear_keys(wpa_s, bss ? bss->bssid : NULL);
1494 cipher_pairwise = wpa_cipher_to_suite_driver(wpa_s->pairwise_cipher);
1495 cipher_group = wpa_cipher_to_suite_driver(wpa_s->group_cipher);
1496 if (wpa_s->key_mgmt == WPA_KEY_MGMT_NONE ||
1497 wpa_s->key_mgmt == WPA_KEY_MGMT_IEEE8021X_NO_WPA) {
1498 if (wpa_s->key_mgmt == WPA_KEY_MGMT_NONE)
1500 if (wpa_set_wep_keys(wpa_s, ssid)) {
1505 if (wpa_s->key_mgmt == WPA_KEY_MGMT_WPS)
1508 #ifdef IEEE8021X_EAPOL
1509 if (wpa_s->key_mgmt == WPA_KEY_MGMT_IEEE8021X_NO_WPA) {
1510 if ((ssid->eapol_flags &
1511 (EAPOL_FLAG_REQUIRE_KEY_UNICAST |
1512 EAPOL_FLAG_REQUIRE_KEY_BROADCAST)) == 0 &&
1516 /* Assume that dynamic WEP-104 keys will be used and
1517 * set cipher suites in order for drivers to expect
1519 cipher_pairwise = cipher_group = CIPHER_WEP104;
1522 #endif /* IEEE8021X_EAPOL */
1524 if (wpa_s->key_mgmt == WPA_KEY_MGMT_WPA_NONE) {
1525 /* Set the key before (and later after) association */
1526 wpa_supplicant_set_wpa_none_key(wpa_s, ssid);
1529 wpa_supplicant_set_state(wpa_s, WPA_ASSOCIATING);
1531 params.ssid = bss->ssid;
1532 params.ssid_len = bss->ssid_len;
1533 if (!wpas_driver_bss_selection(wpa_s) || ssid->bssid_set) {
1534 wpa_printf(MSG_DEBUG, "Limit connection to BSSID "
1535 MACSTR " freq=%u MHz based on scan results "
1537 MAC2STR(bss->bssid), bss->freq,
1539 params.bssid = bss->bssid;
1540 params.freq = bss->freq;
1543 params.ssid = ssid->ssid;
1544 params.ssid_len = ssid->ssid_len;
1547 if (ssid->mode == WPAS_MODE_IBSS && ssid->bssid_set &&
1548 wpa_s->conf->ap_scan == 2) {
1549 params.bssid = ssid->bssid;
1550 params.fixed_bssid = 1;
1553 if (ssid->mode == WPAS_MODE_IBSS && ssid->frequency > 0 &&
1555 params.freq = ssid->frequency; /* Initial channel for IBSS */
1556 params.wpa_ie = wpa_ie;
1557 params.wpa_ie_len = wpa_ie_len;
1558 params.pairwise_suite = cipher_pairwise;
1559 params.group_suite = cipher_group;
1560 params.key_mgmt_suite = key_mgmt2driver(wpa_s->key_mgmt);
1561 params.wpa_proto = wpa_s->wpa_proto;
1562 params.auth_alg = algs;
1563 params.mode = ssid->mode;
1564 params.bg_scan_period = ssid->bg_scan_period;
1565 for (i = 0; i < NUM_WEP_KEYS; i++) {
1566 if (ssid->wep_key_len[i])
1567 params.wep_key[i] = ssid->wep_key[i];
1568 params.wep_key_len[i] = ssid->wep_key_len[i];
1570 params.wep_tx_keyidx = ssid->wep_tx_keyidx;
1572 if ((wpa_s->drv_flags & WPA_DRIVER_FLAGS_4WAY_HANDSHAKE) &&
1573 (params.key_mgmt_suite == KEY_MGMT_PSK ||
1574 params.key_mgmt_suite == KEY_MGMT_FT_PSK)) {
1575 params.passphrase = ssid->passphrase;
1577 params.psk = ssid->psk;
1580 params.drop_unencrypted = use_crypt;
1582 #ifdef CONFIG_IEEE80211W
1583 params.mgmt_frame_protection =
1584 ssid->ieee80211w == MGMT_FRAME_PROTECTION_DEFAULT ?
1585 wpa_s->conf->pmf : ssid->ieee80211w;
1586 if (params.mgmt_frame_protection != NO_MGMT_FRAME_PROTECTION && bss) {
1587 const u8 *rsn = wpa_bss_get_ie(bss, WLAN_EID_RSN);
1588 struct wpa_ie_data ie;
1589 if (rsn && wpa_parse_wpa_ie(rsn, 2 + rsn[1], &ie) == 0 &&
1591 (WPA_CAPABILITY_MFPC | WPA_CAPABILITY_MFPR)) {
1592 wpa_dbg(wpa_s, MSG_DEBUG, "WPA: Selected AP supports "
1593 "MFP: require MFP");
1594 params.mgmt_frame_protection =
1595 MGMT_FRAME_PROTECTION_REQUIRED;
1598 #endif /* CONFIG_IEEE80211W */
1600 params.p2p = ssid->p2p_group;
1602 if (wpa_s->parent->set_sta_uapsd)
1603 params.uapsd = wpa_s->parent->sta_uapsd;
1607 #ifdef CONFIG_HT_OVERRIDES
1608 os_memset(&htcaps, 0, sizeof(htcaps));
1609 os_memset(&htcaps_mask, 0, sizeof(htcaps_mask));
1610 params.htcaps = (u8 *) &htcaps;
1611 params.htcaps_mask = (u8 *) &htcaps_mask;
1612 wpa_supplicant_apply_ht_overrides(wpa_s, ssid, ¶ms);
1613 #endif /* CONFIG_HT_OVERRIDES */
1615 ret = wpa_drv_associate(wpa_s, ¶ms);
1617 wpa_msg(wpa_s, MSG_INFO, "Association request to the driver "
1619 if (wpa_s->drv_flags & WPA_DRIVER_FLAGS_SANE_ERROR_CODES) {
1621 * The driver is known to mean what is saying, so we
1622 * can stop right here; the association will not
1625 wpas_connection_failed(wpa_s, wpa_s->pending_bssid);
1626 wpa_supplicant_set_state(wpa_s, WPA_DISCONNECTED);
1627 os_memset(wpa_s->pending_bssid, 0, ETH_ALEN);
1630 /* try to continue anyway; new association will be tried again
1635 if (wpa_s->key_mgmt == WPA_KEY_MGMT_WPA_NONE) {
1636 /* Set the key after the association just in case association
1637 * cleared the previously configured key. */
1638 wpa_supplicant_set_wpa_none_key(wpa_s, ssid);
1639 /* No need to timeout authentication since there is no key
1641 wpa_supplicant_cancel_auth_timeout(wpa_s);
1642 wpa_supplicant_set_state(wpa_s, WPA_COMPLETED);
1643 #ifdef CONFIG_IBSS_RSN
1644 } else if (ssid->mode == WPAS_MODE_IBSS &&
1645 wpa_s->key_mgmt != WPA_KEY_MGMT_NONE &&
1646 wpa_s->key_mgmt != WPA_KEY_MGMT_WPA_NONE) {
1648 * RSN IBSS authentication is per-STA and we can disable the
1649 * per-BSSID authentication.
1651 wpa_supplicant_cancel_auth_timeout(wpa_s);
1652 #endif /* CONFIG_IBSS_RSN */
1654 /* Timeout for IEEE 802.11 authentication and association */
1658 /* give IBSS a bit more time */
1659 timeout = ssid->mode == WPAS_MODE_IBSS ? 10 : 5;
1660 } else if (wpa_s->conf->ap_scan == 1) {
1661 /* give IBSS a bit more time */
1662 timeout = ssid->mode == WPAS_MODE_IBSS ? 20 : 10;
1664 wpa_supplicant_req_auth_timeout(wpa_s, timeout, 0);
1668 (wpa_s->drv_flags & WPA_DRIVER_FLAGS_SET_KEYS_AFTER_ASSOC)) {
1669 /* Set static WEP keys again */
1670 wpa_set_wep_keys(wpa_s, ssid);
1673 if (wpa_s->current_ssid && wpa_s->current_ssid != ssid) {
1675 * Do not allow EAP session resumption between different
1676 * network configurations.
1678 eapol_sm_invalidate_cached_session(wpa_s->eapol);
1680 old_ssid = wpa_s->current_ssid;
1681 wpa_s->current_ssid = ssid;
1682 wpa_s->current_bss = bss;
1683 wpa_supplicant_rsn_supp_set_config(wpa_s, wpa_s->current_ssid);
1684 wpa_supplicant_initiate_eapol(wpa_s);
1685 if (old_ssid != wpa_s->current_ssid)
1686 wpas_notify_network_changed(wpa_s);
1690 static void wpa_supplicant_clear_connection(struct wpa_supplicant *wpa_s,
1693 struct wpa_ssid *old_ssid;
1695 wpa_clear_keys(wpa_s, addr);
1696 old_ssid = wpa_s->current_ssid;
1697 wpa_supplicant_mark_disassoc(wpa_s);
1698 wpa_sm_set_config(wpa_s->wpa, NULL);
1699 eapol_sm_notify_config(wpa_s->eapol, NULL, NULL);
1700 if (old_ssid != wpa_s->current_ssid)
1701 wpas_notify_network_changed(wpa_s);
1702 eloop_cancel_timeout(wpa_supplicant_timeout, wpa_s, NULL);
1707 * wpa_supplicant_deauthenticate - Deauthenticate the current connection
1708 * @wpa_s: Pointer to wpa_supplicant data
1709 * @reason_code: IEEE 802.11 reason code for the deauthenticate frame
1711 * This function is used to request %wpa_supplicant to deauthenticate from the
1714 void wpa_supplicant_deauthenticate(struct wpa_supplicant *wpa_s,
1718 union wpa_event_data event;
1721 wpa_dbg(wpa_s, MSG_DEBUG, "Request to deauthenticate - bssid=" MACSTR
1722 " pending_bssid=" MACSTR " reason=%d state=%s",
1723 MAC2STR(wpa_s->bssid), MAC2STR(wpa_s->pending_bssid),
1724 reason_code, wpa_supplicant_state_txt(wpa_s->wpa_state));
1726 if (!is_zero_ether_addr(wpa_s->bssid))
1727 addr = wpa_s->bssid;
1728 else if (!is_zero_ether_addr(wpa_s->pending_bssid) &&
1729 (wpa_s->wpa_state == WPA_AUTHENTICATING ||
1730 wpa_s->wpa_state == WPA_ASSOCIATING))
1731 addr = wpa_s->pending_bssid;
1732 else if (wpa_s->wpa_state == WPA_ASSOCIATING) {
1734 * When using driver-based BSS selection, we may not know the
1735 * BSSID with which we are currently trying to associate. We
1736 * need to notify the driver of this disconnection even in such
1737 * a case, so use the all zeros address here.
1739 addr = wpa_s->bssid;
1744 wpa_tdls_teardown_peers(wpa_s->wpa);
1745 #endif /* CONFIG_TDLS */
1748 wpa_drv_deauthenticate(wpa_s, addr, reason_code);
1749 os_memset(&event, 0, sizeof(event));
1750 event.deauth_info.reason_code = (u16) reason_code;
1751 event.deauth_info.locally_generated = 1;
1752 wpa_supplicant_event(wpa_s, EVENT_DEAUTH, &event);
1757 wpa_supplicant_clear_connection(wpa_s, addr);
1760 static void wpa_supplicant_enable_one_network(struct wpa_supplicant *wpa_s,
1761 struct wpa_ssid *ssid)
1763 if (!ssid || !ssid->disabled || ssid->disabled == 2)
1767 wpas_clear_temp_disabled(wpa_s, ssid, 1);
1768 wpas_notify_network_enabled_changed(wpa_s, ssid);
1771 * Try to reassociate since there is no current configuration and a new
1772 * network was made available.
1774 if (!wpa_s->current_ssid)
1775 wpa_s->reassociate = 1;
1780 * wpa_supplicant_enable_network - Mark a configured network as enabled
1781 * @wpa_s: wpa_supplicant structure for a network interface
1782 * @ssid: wpa_ssid structure for a configured network or %NULL
1784 * Enables the specified network or all networks if no network specified.
1786 void wpa_supplicant_enable_network(struct wpa_supplicant *wpa_s,
1787 struct wpa_ssid *ssid)
1790 for (ssid = wpa_s->conf->ssid; ssid; ssid = ssid->next)
1791 wpa_supplicant_enable_one_network(wpa_s, ssid);
1793 wpa_supplicant_enable_one_network(wpa_s, ssid);
1795 if (wpa_s->reassociate) {
1796 if (wpa_s->sched_scanning) {
1797 wpa_printf(MSG_DEBUG, "Stop ongoing sched_scan to add "
1798 "new network to scan filters");
1799 wpa_supplicant_cancel_sched_scan(wpa_s);
1802 wpa_supplicant_req_scan(wpa_s, 0, 0);
1808 * wpa_supplicant_disable_network - Mark a configured network as disabled
1809 * @wpa_s: wpa_supplicant structure for a network interface
1810 * @ssid: wpa_ssid structure for a configured network or %NULL
1812 * Disables the specified network or all networks if no network specified.
1814 void wpa_supplicant_disable_network(struct wpa_supplicant *wpa_s,
1815 struct wpa_ssid *ssid)
1817 struct wpa_ssid *other_ssid;
1821 if (wpa_s->sched_scanning)
1822 wpa_supplicant_cancel_sched_scan(wpa_s);
1824 for (other_ssid = wpa_s->conf->ssid; other_ssid;
1825 other_ssid = other_ssid->next) {
1826 was_disabled = other_ssid->disabled;
1827 if (was_disabled == 2)
1828 continue; /* do not change persistent P2P group
1831 other_ssid->disabled = 1;
1833 if (was_disabled != other_ssid->disabled)
1834 wpas_notify_network_enabled_changed(
1837 if (wpa_s->current_ssid)
1838 wpa_supplicant_deauthenticate(
1839 wpa_s, WLAN_REASON_DEAUTH_LEAVING);
1840 } else if (ssid->disabled != 2) {
1841 if (ssid == wpa_s->current_ssid)
1842 wpa_supplicant_deauthenticate(
1843 wpa_s, WLAN_REASON_DEAUTH_LEAVING);
1845 was_disabled = ssid->disabled;
1849 if (was_disabled != ssid->disabled) {
1850 wpas_notify_network_enabled_changed(wpa_s, ssid);
1851 if (wpa_s->sched_scanning) {
1852 wpa_printf(MSG_DEBUG, "Stop ongoing sched_scan "
1853 "to remove network from filters");
1854 wpa_supplicant_cancel_sched_scan(wpa_s);
1855 wpa_supplicant_req_scan(wpa_s, 0, 0);
1863 * wpa_supplicant_select_network - Attempt association with a network
1864 * @wpa_s: wpa_supplicant structure for a network interface
1865 * @ssid: wpa_ssid structure for a configured network or %NULL for any network
1867 void wpa_supplicant_select_network(struct wpa_supplicant *wpa_s,
1868 struct wpa_ssid *ssid)
1871 struct wpa_ssid *other_ssid;
1872 int disconnected = 0;
1874 if (ssid && ssid != wpa_s->current_ssid && wpa_s->current_ssid) {
1875 wpa_supplicant_deauthenticate(
1876 wpa_s, WLAN_REASON_DEAUTH_LEAVING);
1881 wpas_clear_temp_disabled(wpa_s, ssid, 1);
1884 * Mark all other networks disabled or mark all networks enabled if no
1885 * network specified.
1887 for (other_ssid = wpa_s->conf->ssid; other_ssid;
1888 other_ssid = other_ssid->next) {
1889 int was_disabled = other_ssid->disabled;
1890 if (was_disabled == 2)
1891 continue; /* do not change persistent P2P group data */
1893 other_ssid->disabled = ssid ? (ssid->id != other_ssid->id) : 0;
1894 if (was_disabled && !other_ssid->disabled)
1895 wpas_clear_temp_disabled(wpa_s, other_ssid, 0);
1897 if (was_disabled != other_ssid->disabled)
1898 wpas_notify_network_enabled_changed(wpa_s, other_ssid);
1901 if (ssid && ssid == wpa_s->current_ssid && wpa_s->current_ssid) {
1902 /* We are already associated with the selected network */
1903 wpa_printf(MSG_DEBUG, "Already associated with the "
1904 "selected network - do nothing");
1909 wpa_s->current_ssid = ssid;
1910 wpa_s->connect_without_scan = NULL;
1911 wpa_s->disconnected = 0;
1912 wpa_s->reassociate = 1;
1914 if (wpa_supplicant_fast_associate(wpa_s) != 1)
1915 wpa_supplicant_req_scan(wpa_s, 0, disconnected ? 100000 : 0);
1918 wpas_notify_network_selected(wpa_s, ssid);
1923 * wpa_supplicant_set_ap_scan - Set AP scan mode for interface
1924 * @wpa_s: wpa_supplicant structure for a network interface
1925 * @ap_scan: AP scan mode
1926 * Returns: 0 if succeed or -1 if ap_scan has an invalid value
1929 int wpa_supplicant_set_ap_scan(struct wpa_supplicant *wpa_s, int ap_scan)
1934 if (ap_scan < 0 || ap_scan > 2)
1938 if (ap_scan == 2 && ap_scan != wpa_s->conf->ap_scan &&
1939 wpa_s->wpa_state >= WPA_ASSOCIATING &&
1940 wpa_s->wpa_state < WPA_COMPLETED) {
1941 wpa_printf(MSG_ERROR, "ap_scan = %d (%d) rejected while "
1942 "associating", wpa_s->conf->ap_scan, ap_scan);
1945 #endif /* ANDROID */
1947 old_ap_scan = wpa_s->conf->ap_scan;
1948 wpa_s->conf->ap_scan = ap_scan;
1950 if (old_ap_scan != wpa_s->conf->ap_scan)
1951 wpas_notify_ap_scan_changed(wpa_s);
1958 * wpa_supplicant_set_bss_expiration_age - Set BSS entry expiration age
1959 * @wpa_s: wpa_supplicant structure for a network interface
1960 * @expire_age: Expiration age in seconds
1961 * Returns: 0 if succeed or -1 if expire_age has an invalid value
1964 int wpa_supplicant_set_bss_expiration_age(struct wpa_supplicant *wpa_s,
1965 unsigned int bss_expire_age)
1967 if (bss_expire_age < 10) {
1968 wpa_msg(wpa_s, MSG_ERROR, "Invalid bss expiration age %u",
1972 wpa_msg(wpa_s, MSG_DEBUG, "Setting bss expiration age: %d sec",
1974 wpa_s->conf->bss_expiration_age = bss_expire_age;
1981 * wpa_supplicant_set_bss_expiration_count - Set BSS entry expiration scan count
1982 * @wpa_s: wpa_supplicant structure for a network interface
1983 * @expire_count: number of scans after which an unseen BSS is reclaimed
1984 * Returns: 0 if succeed or -1 if expire_count has an invalid value
1987 int wpa_supplicant_set_bss_expiration_count(struct wpa_supplicant *wpa_s,
1988 unsigned int bss_expire_count)
1990 if (bss_expire_count < 1) {
1991 wpa_msg(wpa_s, MSG_ERROR, "Invalid bss expiration count %u",
1995 wpa_msg(wpa_s, MSG_DEBUG, "Setting bss expiration scan count: %u",
1997 wpa_s->conf->bss_expiration_scan_count = bss_expire_count;
2004 * wpa_supplicant_set_scan_interval - Set scan interval
2005 * @wpa_s: wpa_supplicant structure for a network interface
2006 * @scan_interval: scan interval in seconds
2007 * Returns: 0 if succeed or -1 if scan_interval has an invalid value
2010 int wpa_supplicant_set_scan_interval(struct wpa_supplicant *wpa_s,
2013 if (scan_interval < 0) {
2014 wpa_msg(wpa_s, MSG_ERROR, "Invalid scan interval %d",
2018 wpa_msg(wpa_s, MSG_DEBUG, "Setting scan interval: %d sec",
2020 wpa_supplicant_update_scan_int(wpa_s, scan_interval);
2027 * wpa_supplicant_set_debug_params - Set global debug params
2028 * @global: wpa_global structure
2029 * @debug_level: debug level
2030 * @debug_timestamp: determines if show timestamp in debug data
2031 * @debug_show_keys: determines if show keys in debug data
2032 * Returns: 0 if succeed or -1 if debug_level has wrong value
2034 int wpa_supplicant_set_debug_params(struct wpa_global *global, int debug_level,
2035 int debug_timestamp, int debug_show_keys)
2038 int old_level, old_timestamp, old_show_keys;
2040 /* check for allowed debuglevels */
2041 if (debug_level != MSG_EXCESSIVE &&
2042 debug_level != MSG_MSGDUMP &&
2043 debug_level != MSG_DEBUG &&
2044 debug_level != MSG_INFO &&
2045 debug_level != MSG_WARNING &&
2046 debug_level != MSG_ERROR)
2049 old_level = wpa_debug_level;
2050 old_timestamp = wpa_debug_timestamp;
2051 old_show_keys = wpa_debug_show_keys;
2053 wpa_debug_level = debug_level;
2054 wpa_debug_timestamp = debug_timestamp ? 1 : 0;
2055 wpa_debug_show_keys = debug_show_keys ? 1 : 0;
2057 if (wpa_debug_level != old_level)
2058 wpas_notify_debug_level_changed(global);
2059 if (wpa_debug_timestamp != old_timestamp)
2060 wpas_notify_debug_timestamp_changed(global);
2061 if (wpa_debug_show_keys != old_show_keys)
2062 wpas_notify_debug_show_keys_changed(global);
2069 * wpa_supplicant_get_ssid - Get a pointer to the current network structure
2070 * @wpa_s: Pointer to wpa_supplicant data
2071 * Returns: A pointer to the current network structure or %NULL on failure
2073 struct wpa_ssid * wpa_supplicant_get_ssid(struct wpa_supplicant *wpa_s)
2075 struct wpa_ssid *entry;
2076 u8 ssid[MAX_SSID_LEN];
2082 res = wpa_drv_get_ssid(wpa_s, ssid);
2084 wpa_msg(wpa_s, MSG_WARNING, "Could not read SSID from "
2090 if (wpa_drv_get_bssid(wpa_s, bssid) < 0) {
2091 wpa_msg(wpa_s, MSG_WARNING, "Could not read BSSID from "
2096 wired = wpa_s->conf->ap_scan == 0 &&
2097 (wpa_s->drv_flags & WPA_DRIVER_FLAGS_WIRED);
2099 entry = wpa_s->conf->ssid;
2101 if (!wpas_network_disabled(wpa_s, entry) &&
2102 ((ssid_len == entry->ssid_len &&
2103 os_memcmp(ssid, entry->ssid, ssid_len) == 0) || wired) &&
2104 (!entry->bssid_set ||
2105 os_memcmp(bssid, entry->bssid, ETH_ALEN) == 0))
2108 if (!wpas_network_disabled(wpa_s, entry) &&
2109 (entry->key_mgmt & WPA_KEY_MGMT_WPS) &&
2110 (entry->ssid == NULL || entry->ssid_len == 0) &&
2111 (!entry->bssid_set ||
2112 os_memcmp(bssid, entry->bssid, ETH_ALEN) == 0))
2114 #endif /* CONFIG_WPS */
2116 if (!wpas_network_disabled(wpa_s, entry) && entry->bssid_set &&
2117 entry->ssid_len == 0 &&
2118 os_memcmp(bssid, entry->bssid, ETH_ALEN) == 0)
2121 entry = entry->next;
2128 static int select_driver(struct wpa_supplicant *wpa_s, int i)
2130 struct wpa_global *global = wpa_s->global;
2132 if (wpa_drivers[i]->global_init && global->drv_priv[i] == NULL) {
2133 global->drv_priv[i] = wpa_drivers[i]->global_init();
2134 if (global->drv_priv[i] == NULL) {
2135 wpa_printf(MSG_ERROR, "Failed to initialize driver "
2136 "'%s'", wpa_drivers[i]->name);
2141 wpa_s->driver = wpa_drivers[i];
2142 wpa_s->global_drv_priv = global->drv_priv[i];
2148 static int wpa_supplicant_set_driver(struct wpa_supplicant *wpa_s,
2153 const char *pos, *driver = name;
2158 if (wpa_drivers[0] == NULL) {
2159 wpa_msg(wpa_s, MSG_ERROR, "No driver interfaces build into "
2165 /* default to first driver in the list */
2166 return select_driver(wpa_s, 0);
2170 pos = os_strchr(driver, ',');
2174 len = os_strlen(driver);
2176 for (i = 0; wpa_drivers[i]; i++) {
2177 if (os_strlen(wpa_drivers[i]->name) == len &&
2178 os_strncmp(driver, wpa_drivers[i]->name, len) ==
2180 /* First driver that succeeds wins */
2181 if (select_driver(wpa_s, i) == 0)
2189 wpa_msg(wpa_s, MSG_ERROR, "Unsupported driver '%s'", name);
2195 * wpa_supplicant_rx_eapol - Deliver a received EAPOL frame to wpa_supplicant
2196 * @ctx: Context pointer (wpa_s); this is the ctx variable registered
2197 * with struct wpa_driver_ops::init()
2198 * @src_addr: Source address of the EAPOL frame
2199 * @buf: EAPOL data starting from the EAPOL header (i.e., no Ethernet header)
2200 * @len: Length of the EAPOL data
2202 * This function is called for each received EAPOL frame. Most driver
2203 * interfaces rely on more generic OS mechanism for receiving frames through
2204 * l2_packet, but if such a mechanism is not available, the driver wrapper may
2205 * take care of received EAPOL frames and deliver them to the core supplicant
2206 * code by calling this function.
2208 void wpa_supplicant_rx_eapol(void *ctx, const u8 *src_addr,
2209 const u8 *buf, size_t len)
2211 struct wpa_supplicant *wpa_s = ctx;
2213 wpa_dbg(wpa_s, MSG_DEBUG, "RX EAPOL from " MACSTR, MAC2STR(src_addr));
2214 wpa_hexdump(MSG_MSGDUMP, "RX EAPOL", buf, len);
2216 if (wpa_s->wpa_state < WPA_ASSOCIATED ||
2217 (wpa_s->last_eapol_matches_bssid &&
2220 #endif /* CONFIG_AP */
2221 os_memcmp(src_addr, wpa_s->bssid, ETH_ALEN) != 0)) {
2223 * There is possible race condition between receiving the
2224 * association event and the EAPOL frame since they are coming
2225 * through different paths from the driver. In order to avoid
2226 * issues in trying to process the EAPOL frame before receiving
2227 * association information, lets queue it for processing until
2228 * the association event is received. This may also be needed in
2229 * driver-based roaming case, so also use src_addr != BSSID as a
2230 * trigger if we have previously confirmed that the
2231 * Authenticator uses BSSID as the src_addr (which is not the
2232 * case with wired IEEE 802.1X).
2234 wpa_dbg(wpa_s, MSG_DEBUG, "Not associated - Delay processing "
2235 "of received EAPOL frame (state=%s bssid=" MACSTR ")",
2236 wpa_supplicant_state_txt(wpa_s->wpa_state),
2237 MAC2STR(wpa_s->bssid));
2238 wpabuf_free(wpa_s->pending_eapol_rx);
2239 wpa_s->pending_eapol_rx = wpabuf_alloc_copy(buf, len);
2240 if (wpa_s->pending_eapol_rx) {
2241 os_get_time(&wpa_s->pending_eapol_rx_time);
2242 os_memcpy(wpa_s->pending_eapol_rx_src, src_addr,
2248 wpa_s->last_eapol_matches_bssid =
2249 os_memcmp(src_addr, wpa_s->bssid, ETH_ALEN) == 0;
2252 if (wpa_s->ap_iface) {
2253 wpa_supplicant_ap_rx_eapol(wpa_s, src_addr, buf, len);
2256 #endif /* CONFIG_AP */
2258 if (wpa_s->key_mgmt == WPA_KEY_MGMT_NONE) {
2259 wpa_dbg(wpa_s, MSG_DEBUG, "Ignored received EAPOL frame since "
2260 "no key management is configured");
2264 if (wpa_s->eapol_received == 0 &&
2265 (!(wpa_s->drv_flags & WPA_DRIVER_FLAGS_4WAY_HANDSHAKE) ||
2266 !wpa_key_mgmt_wpa_psk(wpa_s->key_mgmt) ||
2267 wpa_s->wpa_state != WPA_COMPLETED) &&
2268 (wpa_s->current_ssid == NULL ||
2269 wpa_s->current_ssid->mode != IEEE80211_MODE_IBSS)) {
2270 /* Timeout for completing IEEE 802.1X and WPA authentication */
2271 wpa_supplicant_req_auth_timeout(
2273 (wpa_key_mgmt_wpa_ieee8021x(wpa_s->key_mgmt) ||
2274 wpa_s->key_mgmt == WPA_KEY_MGMT_IEEE8021X_NO_WPA ||
2275 wpa_s->key_mgmt == WPA_KEY_MGMT_WPS) ?
2278 wpa_s->eapol_received++;
2280 if (wpa_s->countermeasures) {
2281 wpa_msg(wpa_s, MSG_INFO, "WPA: Countermeasures - dropped "
2286 #ifdef CONFIG_IBSS_RSN
2287 if (wpa_s->current_ssid &&
2288 wpa_s->current_ssid->mode == WPAS_MODE_IBSS) {
2289 ibss_rsn_rx_eapol(wpa_s->ibss_rsn, src_addr, buf, len);
2292 #endif /* CONFIG_IBSS_RSN */
2294 /* Source address of the incoming EAPOL frame could be compared to the
2295 * current BSSID. However, it is possible that a centralized
2296 * Authenticator could be using another MAC address than the BSSID of
2297 * an AP, so just allow any address to be used for now. The replies are
2298 * still sent to the current BSSID (if available), though. */
2300 os_memcpy(wpa_s->last_eapol_src, src_addr, ETH_ALEN);
2301 if (!wpa_key_mgmt_wpa_psk(wpa_s->key_mgmt) &&
2302 eapol_sm_rx_eapol(wpa_s->eapol, src_addr, buf, len) > 0)
2304 wpa_drv_poll(wpa_s);
2305 if (!(wpa_s->drv_flags & WPA_DRIVER_FLAGS_4WAY_HANDSHAKE))
2306 wpa_sm_rx_eapol(wpa_s->wpa, src_addr, buf, len);
2307 else if (wpa_key_mgmt_wpa_ieee8021x(wpa_s->key_mgmt)) {
2309 * Set portValid = TRUE here since we are going to skip 4-way
2310 * handshake processing which would normally set portValid. We
2311 * need this to allow the EAPOL state machines to be completed
2312 * without going through EAPOL-Key handshake.
2314 eapol_sm_notify_portValid(wpa_s->eapol, TRUE);
2319 int wpa_supplicant_update_mac_addr(struct wpa_supplicant *wpa_s)
2321 if (wpa_s->driver->send_eapol) {
2322 const u8 *addr = wpa_drv_get_mac_addr(wpa_s);
2324 os_memcpy(wpa_s->own_addr, addr, ETH_ALEN);
2325 } else if (!(wpa_s->drv_flags &
2326 WPA_DRIVER_FLAGS_P2P_DEDICATED_INTERFACE)) {
2327 l2_packet_deinit(wpa_s->l2);
2328 wpa_s->l2 = l2_packet_init(wpa_s->ifname,
2329 wpa_drv_get_mac_addr(wpa_s),
2331 wpa_supplicant_rx_eapol, wpa_s, 0);
2332 if (wpa_s->l2 == NULL)
2335 const u8 *addr = wpa_drv_get_mac_addr(wpa_s);
2337 os_memcpy(wpa_s->own_addr, addr, ETH_ALEN);
2340 if (wpa_s->l2 && l2_packet_get_own_addr(wpa_s->l2, wpa_s->own_addr)) {
2341 wpa_msg(wpa_s, MSG_ERROR, "Failed to get own L2 address");
2345 wpa_dbg(wpa_s, MSG_DEBUG, "Own MAC address: " MACSTR,
2346 MAC2STR(wpa_s->own_addr));
2347 wpa_sm_set_own_addr(wpa_s->wpa, wpa_s->own_addr);
2353 static void wpa_supplicant_rx_eapol_bridge(void *ctx, const u8 *src_addr,
2354 const u8 *buf, size_t len)
2356 struct wpa_supplicant *wpa_s = ctx;
2357 const struct l2_ethhdr *eth;
2359 if (len < sizeof(*eth))
2361 eth = (const struct l2_ethhdr *) buf;
2363 if (os_memcmp(eth->h_dest, wpa_s->own_addr, ETH_ALEN) != 0 &&
2364 !(eth->h_dest[0] & 0x01)) {
2365 wpa_dbg(wpa_s, MSG_DEBUG, "RX EAPOL from " MACSTR " to " MACSTR
2366 " (bridge - not for this interface - ignore)",
2367 MAC2STR(src_addr), MAC2STR(eth->h_dest));
2371 wpa_dbg(wpa_s, MSG_DEBUG, "RX EAPOL from " MACSTR " to " MACSTR
2372 " (bridge)", MAC2STR(src_addr), MAC2STR(eth->h_dest));
2373 wpa_supplicant_rx_eapol(wpa_s, src_addr, buf + sizeof(*eth),
2374 len - sizeof(*eth));
2379 * wpa_supplicant_driver_init - Initialize driver interface parameters
2380 * @wpa_s: Pointer to wpa_supplicant data
2381 * Returns: 0 on success, -1 on failure
2383 * This function is called to initialize driver interface parameters.
2384 * wpa_drv_init() must have been called before this function to initialize the
2387 int wpa_supplicant_driver_init(struct wpa_supplicant *wpa_s)
2389 static int interface_count = 0;
2391 if (wpa_supplicant_update_mac_addr(wpa_s) < 0)
2394 if (wpa_s->bridge_ifname[0]) {
2395 wpa_dbg(wpa_s, MSG_DEBUG, "Receiving packets from bridge "
2396 "interface '%s'", wpa_s->bridge_ifname);
2397 wpa_s->l2_br = l2_packet_init(wpa_s->bridge_ifname,
2400 wpa_supplicant_rx_eapol_bridge,
2402 if (wpa_s->l2_br == NULL) {
2403 wpa_msg(wpa_s, MSG_ERROR, "Failed to open l2_packet "
2404 "connection for the bridge interface '%s'",
2405 wpa_s->bridge_ifname);
2410 wpa_clear_keys(wpa_s, NULL);
2412 /* Make sure that TKIP countermeasures are not left enabled (could
2413 * happen if wpa_supplicant is killed during countermeasures. */
2414 wpa_drv_set_countermeasures(wpa_s, 0);
2416 wpa_dbg(wpa_s, MSG_DEBUG, "RSN: flushing PMKID list in the driver");
2417 wpa_drv_flush_pmkid(wpa_s);
2419 wpa_s->prev_scan_ssid = WILDCARD_SSID_SCAN;
2420 wpa_s->prev_scan_wildcard = 0;
2422 if (wpa_supplicant_enabled_networks(wpa_s)) {
2423 if (wpa_supplicant_delayed_sched_scan(wpa_s, interface_count,
2425 wpa_supplicant_req_scan(wpa_s, interface_count,
2429 wpa_supplicant_set_state(wpa_s, WPA_INACTIVE);
2435 static int wpa_supplicant_daemon(const char *pid_file)
2437 wpa_printf(MSG_DEBUG, "Daemonize..");
2438 return os_daemonize(pid_file);
2442 static struct wpa_supplicant * wpa_supplicant_alloc(void)
2444 struct wpa_supplicant *wpa_s;
2446 wpa_s = os_zalloc(sizeof(*wpa_s));
2449 wpa_s->scan_req = INITIAL_SCAN_REQ;
2450 wpa_s->scan_interval = 5;
2451 wpa_s->new_connection = 1;
2452 wpa_s->parent = wpa_s;
2453 wpa_s->sched_scanning = 0;
2459 #ifdef CONFIG_HT_OVERRIDES
2461 static int wpa_set_htcap_mcs(struct wpa_supplicant *wpa_s,
2462 struct ieee80211_ht_capabilities *htcaps,
2463 struct ieee80211_ht_capabilities *htcaps_mask,
2466 /* parse ht_mcs into hex array */
2468 const char *tmp = ht_mcs;
2471 /* If ht_mcs is null, do not set anything */
2475 /* This is what we are setting in the kernel */
2476 os_memset(&htcaps->supported_mcs_set, 0, IEEE80211_HT_MCS_MASK_LEN);
2478 wpa_msg(wpa_s, MSG_DEBUG, "set_htcap, ht_mcs -:%s:-", ht_mcs);
2480 for (i = 0; i < IEEE80211_HT_MCS_MASK_LEN; i++) {
2482 long v = strtol(tmp, &end, 16);
2484 wpa_msg(wpa_s, MSG_DEBUG,
2485 "htcap value[%i]: %ld end: %p tmp: %p",
2490 htcaps->supported_mcs_set[i] = v;
2493 wpa_msg(wpa_s, MSG_ERROR,
2494 "Failed to parse ht-mcs: %s, error: %s\n",
2495 ht_mcs, strerror(errno));
2501 * If we were able to parse any values, then set mask for the MCS set.
2504 os_memset(&htcaps_mask->supported_mcs_set, 0xff,
2505 IEEE80211_HT_MCS_MASK_LEN - 1);
2506 /* skip the 3 reserved bits */
2507 htcaps_mask->supported_mcs_set[IEEE80211_HT_MCS_MASK_LEN - 1] =
2515 static int wpa_disable_max_amsdu(struct wpa_supplicant *wpa_s,
2516 struct ieee80211_ht_capabilities *htcaps,
2517 struct ieee80211_ht_capabilities *htcaps_mask,
2522 wpa_msg(wpa_s, MSG_DEBUG, "set_disable_max_amsdu: %d", disabled);
2527 msk = host_to_le16(HT_CAP_INFO_MAX_AMSDU_SIZE);
2528 htcaps_mask->ht_capabilities_info |= msk;
2530 htcaps->ht_capabilities_info &= msk;
2532 htcaps->ht_capabilities_info |= msk;
2538 static int wpa_set_ampdu_factor(struct wpa_supplicant *wpa_s,
2539 struct ieee80211_ht_capabilities *htcaps,
2540 struct ieee80211_ht_capabilities *htcaps_mask,
2543 wpa_msg(wpa_s, MSG_DEBUG, "set_ampdu_factor: %d", factor);
2548 if (factor < 0 || factor > 3) {
2549 wpa_msg(wpa_s, MSG_ERROR, "ampdu_factor: %d out of range. "
2550 "Must be 0-3 or -1", factor);
2554 htcaps_mask->a_mpdu_params |= 0x3; /* 2 bits for factor */
2555 htcaps->a_mpdu_params &= ~0x3;
2556 htcaps->a_mpdu_params |= factor & 0x3;
2562 static int wpa_set_ampdu_density(struct wpa_supplicant *wpa_s,
2563 struct ieee80211_ht_capabilities *htcaps,
2564 struct ieee80211_ht_capabilities *htcaps_mask,
2567 wpa_msg(wpa_s, MSG_DEBUG, "set_ampdu_density: %d", density);
2572 if (density < 0 || density > 7) {
2573 wpa_msg(wpa_s, MSG_ERROR,
2574 "ampdu_density: %d out of range. Must be 0-7 or -1.",
2579 htcaps_mask->a_mpdu_params |= 0x1C;
2580 htcaps->a_mpdu_params &= ~(0x1C);
2581 htcaps->a_mpdu_params |= (density << 2) & 0x1C;
2587 static int wpa_set_disable_ht40(struct wpa_supplicant *wpa_s,
2588 struct ieee80211_ht_capabilities *htcaps,
2589 struct ieee80211_ht_capabilities *htcaps_mask,
2592 /* Masking these out disables HT40 */
2593 u16 msk = host_to_le16(HT_CAP_INFO_SUPP_CHANNEL_WIDTH_SET |
2594 HT_CAP_INFO_SHORT_GI40MHZ);
2596 wpa_msg(wpa_s, MSG_DEBUG, "set_disable_ht40: %d", disabled);
2599 htcaps->ht_capabilities_info &= ~msk;
2601 htcaps->ht_capabilities_info |= msk;
2603 htcaps_mask->ht_capabilities_info |= msk;
2609 static int wpa_set_disable_sgi(struct wpa_supplicant *wpa_s,
2610 struct ieee80211_ht_capabilities *htcaps,
2611 struct ieee80211_ht_capabilities *htcaps_mask,
2614 /* Masking these out disables SGI */
2615 u16 msk = host_to_le16(HT_CAP_INFO_SHORT_GI20MHZ |
2616 HT_CAP_INFO_SHORT_GI40MHZ);
2618 wpa_msg(wpa_s, MSG_DEBUG, "set_disable_sgi: %d", disabled);
2621 htcaps->ht_capabilities_info &= ~msk;
2623 htcaps->ht_capabilities_info |= msk;
2625 htcaps_mask->ht_capabilities_info |= msk;
2631 void wpa_supplicant_apply_ht_overrides(
2632 struct wpa_supplicant *wpa_s, struct wpa_ssid *ssid,
2633 struct wpa_driver_associate_params *params)
2635 struct ieee80211_ht_capabilities *htcaps;
2636 struct ieee80211_ht_capabilities *htcaps_mask;
2641 params->disable_ht = ssid->disable_ht;
2642 if (!params->htcaps || !params->htcaps_mask)
2645 htcaps = (struct ieee80211_ht_capabilities *) params->htcaps;
2646 htcaps_mask = (struct ieee80211_ht_capabilities *) params->htcaps_mask;
2647 wpa_set_htcap_mcs(wpa_s, htcaps, htcaps_mask, ssid->ht_mcs);
2648 wpa_disable_max_amsdu(wpa_s, htcaps, htcaps_mask,
2649 ssid->disable_max_amsdu);
2650 wpa_set_ampdu_factor(wpa_s, htcaps, htcaps_mask, ssid->ampdu_factor);
2651 wpa_set_ampdu_density(wpa_s, htcaps, htcaps_mask, ssid->ampdu_density);
2652 wpa_set_disable_ht40(wpa_s, htcaps, htcaps_mask, ssid->disable_ht40);
2653 wpa_set_disable_sgi(wpa_s, htcaps, htcaps_mask, ssid->disable_sgi);
2656 #endif /* CONFIG_HT_OVERRIDES */
2659 #ifdef CONFIG_VHT_OVERRIDES
2660 void wpa_supplicant_apply_vht_overrides(
2661 struct wpa_supplicant *wpa_s, struct wpa_ssid *ssid,
2662 struct wpa_driver_associate_params *params)
2664 struct ieee80211_vht_capabilities *vhtcaps;
2665 struct ieee80211_vht_capabilities *vhtcaps_mask;
2670 params->disable_vht = ssid->disable_vht;
2672 vhtcaps = (void *) params->vhtcaps;
2673 vhtcaps_mask = (void *) params->vhtcaps_mask;
2675 if (!vhtcaps || !vhtcaps_mask)
2678 vhtcaps->vht_capabilities_info = ssid->vht_capa;
2679 vhtcaps_mask->vht_capabilities_info = ssid->vht_capa_mask;
2681 #define OVERRIDE_MCS(i) \
2682 if (ssid->vht_tx_mcs_nss_ ##i >= 0) { \
2683 vhtcaps_mask->vht_supported_mcs_set.tx_map |= \
2685 vhtcaps->vht_supported_mcs_set.tx_map |= \
2686 ssid->vht_tx_mcs_nss_ ##i << 2 * (i - 1); \
2688 if (ssid->vht_rx_mcs_nss_ ##i >= 0) { \
2689 vhtcaps_mask->vht_supported_mcs_set.rx_map |= \
2691 vhtcaps->vht_supported_mcs_set.rx_map |= \
2692 ssid->vht_rx_mcs_nss_ ##i << 2 * (i - 1); \
2704 #endif /* CONFIG_VHT_OVERRIDES */
2707 static int pcsc_reader_init(struct wpa_supplicant *wpa_s)
2712 if (!wpa_s->conf->pcsc_reader)
2715 wpa_s->scard = scard_init(SCARD_TRY_BOTH, wpa_s->conf->pcsc_reader);
2719 if (wpa_s->conf->pcsc_pin &&
2720 scard_set_pin(wpa_s->scard, wpa_s->conf->pcsc_pin) < 0) {
2721 scard_deinit(wpa_s->scard);
2722 wpa_s->scard = NULL;
2723 wpa_msg(wpa_s, MSG_ERROR, "PC/SC PIN validation failed");
2727 len = sizeof(wpa_s->imsi) - 1;
2728 if (scard_get_imsi(wpa_s->scard, wpa_s->imsi, &len)) {
2729 scard_deinit(wpa_s->scard);
2730 wpa_s->scard = NULL;
2731 wpa_msg(wpa_s, MSG_ERROR, "Could not read IMSI");
2734 wpa_s->imsi[len] = '\0';
2736 wpa_s->mnc_len = scard_get_mnc_len(wpa_s->scard);
2738 wpa_printf(MSG_DEBUG, "SCARD: IMSI %s (MNC length %d)",
2739 wpa_s->imsi, wpa_s->mnc_len);
2741 wpa_sm_set_scard_ctx(wpa_s->wpa, wpa_s->scard);
2742 eapol_sm_register_scard_ctx(wpa_s->eapol, wpa_s->scard);
2743 #endif /* PCSC_FUNCS */
2749 int wpas_init_ext_pw(struct wpa_supplicant *wpa_s)
2753 ext_password_deinit(wpa_s->ext_pw);
2754 wpa_s->ext_pw = NULL;
2755 eapol_sm_set_ext_pw_ctx(wpa_s->eapol, NULL);
2757 if (!wpa_s->conf->ext_password_backend)
2760 val = os_strdup(wpa_s->conf->ext_password_backend);
2763 pos = os_strchr(val, ':');
2767 wpa_printf(MSG_DEBUG, "EXT PW: Initialize backend '%s'", val);
2769 wpa_s->ext_pw = ext_password_init(val, pos);
2771 if (wpa_s->ext_pw == NULL) {
2772 wpa_printf(MSG_DEBUG, "EXT PW: Failed to initialize backend");
2775 eapol_sm_set_ext_pw_ctx(wpa_s->eapol, wpa_s->ext_pw);
2781 static int wpa_supplicant_init_iface(struct wpa_supplicant *wpa_s,
2782 struct wpa_interface *iface)
2784 const char *ifname, *driver;
2785 struct wpa_driver_capa capa;
2787 wpa_printf(MSG_DEBUG, "Initializing interface '%s' conf '%s' driver "
2788 "'%s' ctrl_interface '%s' bridge '%s'", iface->ifname,
2789 iface->confname ? iface->confname : "N/A",
2790 iface->driver ? iface->driver : "default",
2791 iface->ctrl_interface ? iface->ctrl_interface : "N/A",
2792 iface->bridge_ifname ? iface->bridge_ifname : "N/A");
2794 if (iface->confname) {
2795 #ifdef CONFIG_BACKEND_FILE
2796 wpa_s->confname = os_rel2abs_path(iface->confname);
2797 if (wpa_s->confname == NULL) {
2798 wpa_printf(MSG_ERROR, "Failed to get absolute path "
2799 "for configuration file '%s'.",
2803 wpa_printf(MSG_DEBUG, "Configuration file '%s' -> '%s'",
2804 iface->confname, wpa_s->confname);
2805 #else /* CONFIG_BACKEND_FILE */
2806 wpa_s->confname = os_strdup(iface->confname);
2807 #endif /* CONFIG_BACKEND_FILE */
2808 wpa_s->conf = wpa_config_read(wpa_s->confname, NULL);
2809 if (wpa_s->conf == NULL) {
2810 wpa_printf(MSG_ERROR, "Failed to read or parse "
2811 "configuration '%s'.", wpa_s->confname);
2814 wpa_s->confanother = os_rel2abs_path(iface->confanother);
2815 wpa_config_read(wpa_s->confanother, wpa_s->conf);
2818 * Override ctrl_interface and driver_param if set on command
2821 if (iface->ctrl_interface) {
2822 os_free(wpa_s->conf->ctrl_interface);
2823 wpa_s->conf->ctrl_interface =
2824 os_strdup(iface->ctrl_interface);
2827 if (iface->driver_param) {
2828 os_free(wpa_s->conf->driver_param);
2829 wpa_s->conf->driver_param =
2830 os_strdup(iface->driver_param);
2833 wpa_s->conf = wpa_config_alloc_empty(iface->ctrl_interface,
2834 iface->driver_param);
2836 if (wpa_s->conf == NULL) {
2837 wpa_printf(MSG_ERROR, "\nNo configuration found.");
2841 if (iface->ifname == NULL) {
2842 wpa_printf(MSG_ERROR, "\nInterface name is required.");
2845 if (os_strlen(iface->ifname) >= sizeof(wpa_s->ifname)) {
2846 wpa_printf(MSG_ERROR, "\nToo long interface name '%s'.",
2850 os_strlcpy(wpa_s->ifname, iface->ifname, sizeof(wpa_s->ifname));
2852 if (iface->bridge_ifname) {
2853 if (os_strlen(iface->bridge_ifname) >=
2854 sizeof(wpa_s->bridge_ifname)) {
2855 wpa_printf(MSG_ERROR, "\nToo long bridge interface "
2856 "name '%s'.", iface->bridge_ifname);
2859 os_strlcpy(wpa_s->bridge_ifname, iface->bridge_ifname,
2860 sizeof(wpa_s->bridge_ifname));
2863 /* RSNA Supplicant Key Management - INITIALIZE */
2864 eapol_sm_notify_portEnabled(wpa_s->eapol, FALSE);
2865 eapol_sm_notify_portValid(wpa_s->eapol, FALSE);
2867 /* Initialize driver interface and register driver event handler before
2868 * L2 receive handler so that association events are processed before
2869 * EAPOL-Key packets if both become available for the same select()
2871 driver = iface->driver;
2873 if (wpa_supplicant_set_driver(wpa_s, driver) < 0)
2876 wpa_s->drv_priv = wpa_drv_init(wpa_s, wpa_s->ifname);
2877 if (wpa_s->drv_priv == NULL) {
2879 pos = driver ? os_strchr(driver, ',') : NULL;
2881 wpa_dbg(wpa_s, MSG_DEBUG, "Failed to initialize "
2882 "driver interface - try next driver wrapper");
2886 wpa_msg(wpa_s, MSG_ERROR, "Failed to initialize driver "
2890 if (wpa_drv_set_param(wpa_s, wpa_s->conf->driver_param) < 0) {
2891 wpa_msg(wpa_s, MSG_ERROR, "Driver interface rejected "
2892 "driver_param '%s'", wpa_s->conf->driver_param);
2896 ifname = wpa_drv_get_ifname(wpa_s);
2897 if (ifname && os_strcmp(ifname, wpa_s->ifname) != 0) {
2898 wpa_dbg(wpa_s, MSG_DEBUG, "Driver interface replaced "
2899 "interface name with '%s'", ifname);
2900 os_strlcpy(wpa_s->ifname, ifname, sizeof(wpa_s->ifname));
2903 if (wpa_supplicant_init_wpa(wpa_s) < 0)
2906 wpa_sm_set_ifname(wpa_s->wpa, wpa_s->ifname,
2907 wpa_s->bridge_ifname[0] ? wpa_s->bridge_ifname :
2909 wpa_sm_set_fast_reauth(wpa_s->wpa, wpa_s->conf->fast_reauth);
2911 if (wpa_s->conf->dot11RSNAConfigPMKLifetime &&
2912 wpa_sm_set_param(wpa_s->wpa, RSNA_PMK_LIFETIME,
2913 wpa_s->conf->dot11RSNAConfigPMKLifetime)) {
2914 wpa_msg(wpa_s, MSG_ERROR, "Invalid WPA parameter value for "
2915 "dot11RSNAConfigPMKLifetime");
2919 if (wpa_s->conf->dot11RSNAConfigPMKReauthThreshold &&
2920 wpa_sm_set_param(wpa_s->wpa, RSNA_PMK_REAUTH_THRESHOLD,
2921 wpa_s->conf->dot11RSNAConfigPMKReauthThreshold)) {
2922 wpa_msg(wpa_s, MSG_ERROR, "Invalid WPA parameter value for "
2923 "dot11RSNAConfigPMKReauthThreshold");
2927 if (wpa_s->conf->dot11RSNAConfigSATimeout &&
2928 wpa_sm_set_param(wpa_s->wpa, RSNA_SA_TIMEOUT,
2929 wpa_s->conf->dot11RSNAConfigSATimeout)) {
2930 wpa_msg(wpa_s, MSG_ERROR, "Invalid WPA parameter value for "
2931 "dot11RSNAConfigSATimeout");
2935 wpa_s->hw.modes = wpa_drv_get_hw_feature_data(wpa_s,
2936 &wpa_s->hw.num_modes,
2939 if (wpa_drv_get_capa(wpa_s, &capa) == 0) {
2940 wpa_s->drv_capa_known = 1;
2941 wpa_s->drv_flags = capa.flags;
2942 wpa_s->drv_enc = capa.enc;
2943 wpa_s->probe_resp_offloads = capa.probe_resp_offloads;
2944 wpa_s->max_scan_ssids = capa.max_scan_ssids;
2945 wpa_s->max_sched_scan_ssids = capa.max_sched_scan_ssids;
2946 wpa_s->sched_scan_supported = capa.sched_scan_supported;
2947 wpa_s->max_match_sets = capa.max_match_sets;
2948 wpa_s->max_remain_on_chan = capa.max_remain_on_chan;
2949 wpa_s->max_stations = capa.max_stations;
2950 wpa_s->extended_capa = capa.extended_capa;
2951 wpa_s->extended_capa_mask = capa.extended_capa_mask;
2952 wpa_s->extended_capa_len = capa.extended_capa_len;
2954 if (wpa_s->max_remain_on_chan == 0)
2955 wpa_s->max_remain_on_chan = 1000;
2957 if (wpa_supplicant_driver_init(wpa_s) < 0)
2961 if (wpa_tdls_init(wpa_s->wpa))
2963 #endif /* CONFIG_TDLS */
2965 if (wpa_s->conf->country[0] && wpa_s->conf->country[1] &&
2966 wpa_drv_set_country(wpa_s, wpa_s->conf->country)) {
2967 wpa_dbg(wpa_s, MSG_DEBUG, "Failed to set country");
2971 if (wpas_wps_init(wpa_s))
2974 if (wpa_supplicant_init_eapol(wpa_s) < 0)
2976 wpa_sm_set_eapol(wpa_s->wpa, wpa_s->eapol);
2978 wpa_s->ctrl_iface = wpa_supplicant_ctrl_iface_init(wpa_s);
2979 if (wpa_s->ctrl_iface == NULL) {
2980 wpa_printf(MSG_ERROR,
2981 "Failed to initialize control interface '%s'.\n"
2982 "You may have another wpa_supplicant process "
2983 "already running or the file was\n"
2984 "left by an unclean termination of wpa_supplicant "
2985 "in which case you will need\n"
2986 "to manually remove this file before starting "
2987 "wpa_supplicant again.\n",
2988 wpa_s->conf->ctrl_interface);
2992 wpa_s->gas = gas_query_init(wpa_s);
2993 if (wpa_s->gas == NULL) {
2994 wpa_printf(MSG_ERROR, "Failed to initialize GAS query");
2999 if (wpas_p2p_init(wpa_s->global, wpa_s) < 0) {
3000 wpa_msg(wpa_s, MSG_ERROR, "Failed to init P2P");
3003 #endif /* CONFIG_P2P */
3005 if (wpa_bss_init(wpa_s) < 0)
3008 if (pcsc_reader_init(wpa_s) < 0)
3011 if (wpas_init_ext_pw(wpa_s) < 0)
3018 static void wpa_supplicant_deinit_iface(struct wpa_supplicant *wpa_s,
3019 int notify, int terminate)
3021 if (wpa_s->drv_priv) {
3022 wpa_supplicant_deauthenticate(wpa_s,
3023 WLAN_REASON_DEAUTH_LEAVING);
3025 wpa_drv_set_countermeasures(wpa_s, 0);
3026 wpa_clear_keys(wpa_s, NULL);
3029 wpa_supplicant_cleanup(wpa_s);
3032 if (wpa_s == wpa_s->global->p2p_init_wpa_s && wpa_s->global->p2p) {
3033 wpa_dbg(wpa_s, MSG_DEBUG, "P2P: Disable P2P since removing "
3034 "the management interface is being removed");
3035 wpas_p2p_deinit_global(wpa_s->global);
3037 #endif /* CONFIG_P2P */
3039 if (wpa_s->drv_priv)
3040 wpa_drv_deinit(wpa_s);
3043 wpas_notify_iface_removed(wpa_s);
3046 wpa_msg(wpa_s, MSG_INFO, WPA_EVENT_TERMINATING);
3048 if (wpa_s->ctrl_iface) {
3049 wpa_supplicant_ctrl_iface_deinit(wpa_s->ctrl_iface);
3050 wpa_s->ctrl_iface = NULL;
3053 if (wpa_s->conf != NULL) {
3054 wpa_config_free(wpa_s->conf);
3063 * wpa_supplicant_add_iface - Add a new network interface
3064 * @global: Pointer to global data from wpa_supplicant_init()
3065 * @iface: Interface configuration options
3066 * Returns: Pointer to the created interface or %NULL on failure
3068 * This function is used to add new network interfaces for %wpa_supplicant.
3069 * This can be called before wpa_supplicant_run() to add interfaces before the
3070 * main event loop has been started. In addition, new interfaces can be added
3071 * dynamically while %wpa_supplicant is already running. This could happen,
3072 * e.g., when a hotplug network adapter is inserted.
3074 struct wpa_supplicant * wpa_supplicant_add_iface(struct wpa_global *global,
3075 struct wpa_interface *iface)
3077 struct wpa_supplicant *wpa_s;
3078 struct wpa_interface t_iface;
3079 struct wpa_ssid *ssid;
3081 if (global == NULL || iface == NULL)
3084 wpa_s = wpa_supplicant_alloc();
3088 wpa_s->global = global;
3091 if (global->params.override_driver) {
3092 wpa_printf(MSG_DEBUG, "Override interface parameter: driver "
3094 iface->driver, global->params.override_driver);
3095 t_iface.driver = global->params.override_driver;
3097 if (global->params.override_ctrl_interface) {
3098 wpa_printf(MSG_DEBUG, "Override interface parameter: "
3099 "ctrl_interface ('%s' -> '%s')",
3100 iface->ctrl_interface,
3101 global->params.override_ctrl_interface);
3102 t_iface.ctrl_interface =
3103 global->params.override_ctrl_interface;
3105 if (wpa_supplicant_init_iface(wpa_s, &t_iface)) {
3106 wpa_printf(MSG_DEBUG, "Failed to add interface %s",
3108 wpa_supplicant_deinit_iface(wpa_s, 0, 0);
3112 /* Notify the control interfaces about new iface */
3113 if (wpas_notify_iface_added(wpa_s)) {
3114 wpa_supplicant_deinit_iface(wpa_s, 1, 0);
3118 for (ssid = wpa_s->conf->ssid; ssid; ssid = ssid->next)
3119 wpas_notify_network_added(wpa_s, ssid);
3121 wpa_s->next = global->ifaces;
3122 global->ifaces = wpa_s;
3124 wpa_dbg(wpa_s, MSG_DEBUG, "Added interface %s", wpa_s->ifname);
3125 wpa_supplicant_set_state(wpa_s, WPA_DISCONNECTED);
3132 * wpa_supplicant_remove_iface - Remove a network interface
3133 * @global: Pointer to global data from wpa_supplicant_init()
3134 * @wpa_s: Pointer to the network interface to be removed
3135 * Returns: 0 if interface was removed, -1 if interface was not found
3137 * This function can be used to dynamically remove network interfaces from
3138 * %wpa_supplicant, e.g., when a hotplug network adapter is ejected. In
3139 * addition, this function is used to remove all remaining interfaces when
3140 * %wpa_supplicant is terminated.
3142 int wpa_supplicant_remove_iface(struct wpa_global *global,
3143 struct wpa_supplicant *wpa_s,
3146 struct wpa_supplicant *prev;
3148 /* Remove interface from the global list of interfaces */
3149 prev = global->ifaces;
3150 if (prev == wpa_s) {
3151 global->ifaces = wpa_s->next;
3153 while (prev && prev->next != wpa_s)
3157 prev->next = wpa_s->next;
3160 wpa_dbg(wpa_s, MSG_DEBUG, "Removing interface %s", wpa_s->ifname);
3162 if (global->p2p_group_formation == wpa_s)
3163 global->p2p_group_formation = NULL;
3164 if (global->p2p_invite_group == wpa_s)
3165 global->p2p_invite_group = NULL;
3166 wpa_supplicant_deinit_iface(wpa_s, 1, terminate);
3173 * wpa_supplicant_get_eap_mode - Get the current EAP mode
3174 * @wpa_s: Pointer to the network interface
3175 * Returns: Pointer to the eap mode or the string "UNKNOWN" if not found
3177 const char * wpa_supplicant_get_eap_mode(struct wpa_supplicant *wpa_s)
3179 const char *eapol_method;
3181 if (wpa_key_mgmt_wpa_ieee8021x(wpa_s->key_mgmt) == 0 &&
3182 wpa_s->key_mgmt != WPA_KEY_MGMT_IEEE8021X_NO_WPA) {
3186 eapol_method = eapol_sm_get_method_name(wpa_s->eapol);
3187 if (eapol_method == NULL)
3188 return "UNKNOWN-EAP";
3190 return eapol_method;
3195 * wpa_supplicant_get_iface - Get a new network interface
3196 * @global: Pointer to global data from wpa_supplicant_init()
3197 * @ifname: Interface name
3198 * Returns: Pointer to the interface or %NULL if not found
3200 struct wpa_supplicant * wpa_supplicant_get_iface(struct wpa_global *global,
3203 struct wpa_supplicant *wpa_s;
3205 for (wpa_s = global->ifaces; wpa_s; wpa_s = wpa_s->next) {
3206 if (os_strcmp(wpa_s->ifname, ifname) == 0)
3213 #ifndef CONFIG_NO_WPA_MSG
3214 static const char * wpa_supplicant_msg_ifname_cb(void *ctx)
3216 struct wpa_supplicant *wpa_s = ctx;
3219 return wpa_s->ifname;
3221 #endif /* CONFIG_NO_WPA_MSG */
3225 * wpa_supplicant_init - Initialize %wpa_supplicant
3226 * @params: Parameters for %wpa_supplicant
3227 * Returns: Pointer to global %wpa_supplicant data, or %NULL on failure
3229 * This function is used to initialize %wpa_supplicant. After successful
3230 * initialization, the returned data pointer can be used to add and remove
3231 * network interfaces, and eventually, to deinitialize %wpa_supplicant.
3233 struct wpa_global * wpa_supplicant_init(struct wpa_params *params)
3235 struct wpa_global *global;
3241 #ifdef CONFIG_DRIVER_NDIS
3243 void driver_ndis_init_ops(void);
3244 driver_ndis_init_ops();
3246 #endif /* CONFIG_DRIVER_NDIS */
3248 #ifndef CONFIG_NO_WPA_MSG
3249 wpa_msg_register_ifname_cb(wpa_supplicant_msg_ifname_cb);
3250 #endif /* CONFIG_NO_WPA_MSG */
3252 wpa_debug_open_file(params->wpa_debug_file_path);
3253 if (params->wpa_debug_syslog)
3254 wpa_debug_open_syslog();
3255 if (params->wpa_debug_tracing) {
3256 ret = wpa_debug_open_linux_tracing();
3258 wpa_printf(MSG_ERROR,
3259 "Failed to enable trace logging");
3264 ret = eap_register_methods();
3266 wpa_printf(MSG_ERROR, "Failed to register EAP methods");
3268 wpa_printf(MSG_ERROR, "Two or more EAP methods used "
3269 "the same EAP type.");
3273 global = os_zalloc(sizeof(*global));
3276 dl_list_init(&global->p2p_srv_bonjour);
3277 dl_list_init(&global->p2p_srv_upnp);
3278 global->params.daemonize = params->daemonize;
3279 global->params.wait_for_monitor = params->wait_for_monitor;
3280 global->params.dbus_ctrl_interface = params->dbus_ctrl_interface;
3281 if (params->pid_file)
3282 global->params.pid_file = os_strdup(params->pid_file);
3283 if (params->ctrl_interface)
3284 global->params.ctrl_interface =
3285 os_strdup(params->ctrl_interface);
3286 if (params->override_driver)
3287 global->params.override_driver =
3288 os_strdup(params->override_driver);
3289 if (params->override_ctrl_interface)
3290 global->params.override_ctrl_interface =
3291 os_strdup(params->override_ctrl_interface);
3292 wpa_debug_level = global->params.wpa_debug_level =
3293 params->wpa_debug_level;
3294 wpa_debug_show_keys = global->params.wpa_debug_show_keys =
3295 params->wpa_debug_show_keys;
3296 wpa_debug_timestamp = global->params.wpa_debug_timestamp =
3297 params->wpa_debug_timestamp;
3299 wpa_printf(MSG_DEBUG, "wpa_supplicant v" VERSION_STR);
3302 wpa_printf(MSG_ERROR, "Failed to initialize event loop");
3303 wpa_supplicant_deinit(global);
3307 random_init(params->entropy_file);
3309 global->ctrl_iface = wpa_supplicant_global_ctrl_iface_init(global);
3310 if (global->ctrl_iface == NULL) {
3311 wpa_supplicant_deinit(global);
3315 if (wpas_notify_supplicant_initialized(global)) {
3316 wpa_supplicant_deinit(global);
3320 for (i = 0; wpa_drivers[i]; i++)
3321 global->drv_count++;
3322 if (global->drv_count == 0) {
3323 wpa_printf(MSG_ERROR, "No drivers enabled");
3324 wpa_supplicant_deinit(global);
3327 global->drv_priv = os_zalloc(global->drv_count * sizeof(void *));
3328 if (global->drv_priv == NULL) {
3329 wpa_supplicant_deinit(global);
3333 #ifdef CONFIG_WIFI_DISPLAY
3334 if (wifi_display_init(global) < 0) {
3335 wpa_printf(MSG_ERROR, "Failed to initialize Wi-Fi Display");
3336 wpa_supplicant_deinit(global);
3339 #endif /* CONFIG_WIFI_DISPLAY */
3346 * wpa_supplicant_run - Run the %wpa_supplicant main event loop
3347 * @global: Pointer to global data from wpa_supplicant_init()
3348 * Returns: 0 after successful event loop run, -1 on failure
3350 * This function starts the main event loop and continues running as long as
3351 * there are any remaining events. In most cases, this function is running as
3352 * long as the %wpa_supplicant process in still in use.
3354 int wpa_supplicant_run(struct wpa_global *global)
3356 struct wpa_supplicant *wpa_s;
3358 if (global->params.daemonize &&
3359 wpa_supplicant_daemon(global->params.pid_file))
3362 if (global->params.wait_for_monitor) {
3363 for (wpa_s = global->ifaces; wpa_s; wpa_s = wpa_s->next)
3364 if (wpa_s->ctrl_iface)
3365 wpa_supplicant_ctrl_iface_wait(
3369 eloop_register_signal_terminate(wpa_supplicant_terminate, global);
3370 eloop_register_signal_reconfig(wpa_supplicant_reconfig, global);
3379 * wpa_supplicant_deinit - Deinitialize %wpa_supplicant
3380 * @global: Pointer to global data from wpa_supplicant_init()
3382 * This function is called to deinitialize %wpa_supplicant and to free all
3383 * allocated resources. Remaining network interfaces will also be removed.
3385 void wpa_supplicant_deinit(struct wpa_global *global)
3392 #ifdef CONFIG_WIFI_DISPLAY
3393 wifi_display_deinit(global);
3394 #endif /* CONFIG_WIFI_DISPLAY */
3396 wpas_p2p_deinit_global(global);
3397 #endif /* CONFIG_P2P */
3399 while (global->ifaces)
3400 wpa_supplicant_remove_iface(global, global->ifaces, 1);
3402 if (global->ctrl_iface)
3403 wpa_supplicant_global_ctrl_iface_deinit(global->ctrl_iface);
3405 wpas_notify_supplicant_deinitialized(global);
3407 eap_peer_unregister_methods();
3409 eap_server_unregister_methods();
3410 #endif /* CONFIG_AP */
3412 for (i = 0; wpa_drivers[i] && global->drv_priv; i++) {
3413 if (!global->drv_priv[i])
3415 wpa_drivers[i]->global_deinit(global->drv_priv[i]);
3417 os_free(global->drv_priv);
3423 if (global->params.pid_file) {
3424 os_daemonize_terminate(global->params.pid_file);
3425 os_free(global->params.pid_file);
3427 os_free(global->params.ctrl_interface);
3428 os_free(global->params.override_driver);
3429 os_free(global->params.override_ctrl_interface);
3431 os_free(global->p2p_disallow_freq);
3434 wpa_debug_close_syslog();
3435 wpa_debug_close_file();
3436 wpa_debug_close_linux_tracing();
3440 void wpa_supplicant_update_config(struct wpa_supplicant *wpa_s)
3442 if ((wpa_s->conf->changed_parameters & CFG_CHANGED_COUNTRY) &&
3443 wpa_s->conf->country[0] && wpa_s->conf->country[1]) {
3445 country[0] = wpa_s->conf->country[0];
3446 country[1] = wpa_s->conf->country[1];
3448 if (wpa_drv_set_country(wpa_s, country) < 0) {
3449 wpa_printf(MSG_ERROR, "Failed to set country code "
3454 if (wpa_s->conf->changed_parameters & CFG_CHANGED_EXT_PW_BACKEND)
3455 wpas_init_ext_pw(wpa_s);
3458 wpas_wps_update_config(wpa_s);
3459 #endif /* CONFIG_WPS */
3462 wpas_p2p_update_config(wpa_s);
3463 #endif /* CONFIG_P2P */
3465 wpa_s->conf->changed_parameters = 0;
3469 static void add_freq(int *freqs, int *num_freqs, int freq)
3473 for (i = 0; i < *num_freqs; i++) {
3474 if (freqs[i] == freq)
3478 freqs[*num_freqs] = freq;
3483 static int * get_bss_freqs_in_ess(struct wpa_supplicant *wpa_s)
3485 struct wpa_bss *bss, *cbss;
3486 const int max_freqs = 10;
3490 freqs = os_zalloc(sizeof(int) * (max_freqs + 1));
3494 cbss = wpa_s->current_bss;
3496 dl_list_for_each(bss, &wpa_s->bss, struct wpa_bss, list) {
3499 if (bss->ssid_len == cbss->ssid_len &&
3500 os_memcmp(bss->ssid, cbss->ssid, bss->ssid_len) == 0 &&
3501 wpa_blacklist_get(wpa_s, bss->bssid) == NULL) {
3502 add_freq(freqs, &num_freqs, bss->freq);
3503 if (num_freqs == max_freqs)
3508 if (num_freqs == 0) {
3517 void wpas_connection_failed(struct wpa_supplicant *wpa_s, const u8 *bssid)
3524 * Remove possible authentication timeout since the connection failed.
3526 eloop_cancel_timeout(wpa_supplicant_timeout, wpa_s, NULL);
3529 * Add the failed BSSID into the blacklist and speed up next scan
3530 * attempt if there could be other APs that could accept association.
3531 * The current blacklist count indicates how many times we have tried
3532 * connecting to this AP and multiple attempts mean that other APs are
3533 * either not available or has already been tried, so that we can start
3534 * increasing the delay here to avoid constant scanning.
3536 count = wpa_blacklist_add(wpa_s, bssid);
3537 if (count == 1 && wpa_s->current_bss) {
3539 * This BSS was not in the blacklist before. If there is
3540 * another BSS available for the same ESS, we should try that
3541 * next. Otherwise, we may as well try this one once more
3542 * before allowing other, likely worse, ESSes to be considered.
3544 freqs = get_bss_freqs_in_ess(wpa_s);
3546 wpa_dbg(wpa_s, MSG_DEBUG, "Another BSS in this ESS "
3547 "has been seen; try it next");
3548 wpa_blacklist_add(wpa_s, bssid);
3550 * On the next scan, go through only the known channels
3551 * used in this ESS based on previous scans to speed up
3552 * common load balancing use case.
3554 os_free(wpa_s->next_scan_freqs);
3555 wpa_s->next_scan_freqs = freqs;
3560 * Add previous failure count in case the temporary blacklist was
3561 * cleared due to no other BSSes being available.
3563 count += wpa_s->extra_blacklist_count;
3565 if (count > 3 && wpa_s->current_ssid) {
3566 wpa_printf(MSG_DEBUG, "Continuous association failures - "
3567 "consider temporary network disabling");
3568 wpas_auth_failed(wpa_s);
3589 wpa_dbg(wpa_s, MSG_DEBUG, "Blacklist count %d --> request scan in %d "
3590 "ms", count, timeout);
3593 * TODO: if more than one possible AP is available in scan results,
3594 * could try the other ones before requesting a new scan.
3596 wpa_supplicant_req_scan(wpa_s, timeout / 1000,
3597 1000 * (timeout % 1000));
3599 wpas_p2p_continue_after_scan(wpa_s);
3603 int wpas_driver_bss_selection(struct wpa_supplicant *wpa_s)
3605 return wpa_s->conf->ap_scan == 2 ||
3606 (wpa_s->drv_flags & WPA_DRIVER_FLAGS_BSS_SELECTION);
3610 #if defined(CONFIG_CTRL_IFACE) || defined(CONFIG_CTRL_IFACE_DBUS_NEW)
3611 int wpa_supplicant_ctrl_iface_ctrl_rsp_handle(struct wpa_supplicant *wpa_s,
3612 struct wpa_ssid *ssid,
3616 #ifdef IEEE8021X_EAPOL
3617 struct eap_peer_config *eap = &ssid->eap;
3619 wpa_printf(MSG_DEBUG, "CTRL_IFACE: response handle field=%s", field);
3620 wpa_hexdump_ascii_key(MSG_DEBUG, "CTRL_IFACE: response value",
3621 (const u8 *) value, os_strlen(value));
3623 switch (wpa_supplicant_ctrl_req_from_string(field)) {
3624 case WPA_CTRL_REQ_EAP_IDENTITY:
3625 os_free(eap->identity);
3626 eap->identity = (u8 *) os_strdup(value);
3627 eap->identity_len = os_strlen(value);
3628 eap->pending_req_identity = 0;
3629 if (ssid == wpa_s->current_ssid)
3630 wpa_s->reassociate = 1;
3632 case WPA_CTRL_REQ_EAP_PASSWORD:
3633 os_free(eap->password);
3634 eap->password = (u8 *) os_strdup(value);
3635 eap->password_len = os_strlen(value);
3636 eap->pending_req_password = 0;
3637 if (ssid == wpa_s->current_ssid)
3638 wpa_s->reassociate = 1;
3640 case WPA_CTRL_REQ_EAP_NEW_PASSWORD:
3641 os_free(eap->new_password);
3642 eap->new_password = (u8 *) os_strdup(value);
3643 eap->new_password_len = os_strlen(value);
3644 eap->pending_req_new_password = 0;
3645 if (ssid == wpa_s->current_ssid)
3646 wpa_s->reassociate = 1;
3648 case WPA_CTRL_REQ_EAP_PIN:
3650 eap->pin = os_strdup(value);
3651 eap->pending_req_pin = 0;
3652 if (ssid == wpa_s->current_ssid)
3653 wpa_s->reassociate = 1;
3655 case WPA_CTRL_REQ_EAP_OTP:
3657 eap->otp = (u8 *) os_strdup(value);
3658 eap->otp_len = os_strlen(value);
3659 os_free(eap->pending_req_otp);
3660 eap->pending_req_otp = NULL;
3661 eap->pending_req_otp_len = 0;
3663 case WPA_CTRL_REQ_EAP_PASSPHRASE:
3664 os_free(eap->private_key_passwd);
3665 eap->private_key_passwd = (u8 *) os_strdup(value);
3666 eap->pending_req_passphrase = 0;
3667 if (ssid == wpa_s->current_ssid)
3668 wpa_s->reassociate = 1;
3671 wpa_printf(MSG_DEBUG, "CTRL_IFACE: Unknown field '%s'", field);
3676 #else /* IEEE8021X_EAPOL */
3677 wpa_printf(MSG_DEBUG, "CTRL_IFACE: IEEE 802.1X not included");
3679 #endif /* IEEE8021X_EAPOL */
3681 #endif /* CONFIG_CTRL_IFACE || CONFIG_CTRL_IFACE_DBUS_NEW */
3684 int wpas_network_disabled(struct wpa_supplicant *wpa_s, struct wpa_ssid *ssid)
3687 unsigned int drv_enc;
3695 if (wpa_s && wpa_s->drv_capa_known)
3696 drv_enc = wpa_s->drv_enc;
3698 drv_enc = (unsigned int) -1;
3700 for (i = 0; i < NUM_WEP_KEYS; i++) {
3701 size_t len = ssid->wep_key_len[i];
3704 if (len == 5 && (drv_enc & WPA_DRIVER_CAPA_ENC_WEP40))
3706 if (len == 13 && (drv_enc & WPA_DRIVER_CAPA_ENC_WEP104))
3708 if (len == 16 && (drv_enc & WPA_DRIVER_CAPA_ENC_WEP128))
3710 return 1; /* invalid WEP key */
3713 if (wpa_key_mgmt_wpa_psk(ssid->key_mgmt) && !ssid->psk_set &&
3721 int wpas_is_p2p_prioritized(struct wpa_supplicant *wpa_s)
3723 if (wpa_s->global->conc_pref == WPA_CONC_PREF_P2P)
3725 if (wpa_s->global->conc_pref == WPA_CONC_PREF_STA)
3731 void wpas_auth_failed(struct wpa_supplicant *wpa_s)
3733 struct wpa_ssid *ssid = wpa_s->current_ssid;
3738 wpa_printf(MSG_DEBUG, "Authentication failure but no known "
3743 if (ssid->key_mgmt == WPA_KEY_MGMT_WPS)
3746 ssid->auth_failures++;
3747 if (ssid->auth_failures > 50)
3749 else if (ssid->auth_failures > 20)
3751 else if (ssid->auth_failures > 10)
3753 else if (ssid->auth_failures > 5)
3755 else if (ssid->auth_failures > 1)
3761 if (now.sec + dur <= ssid->disabled_until.sec)
3764 ssid->disabled_until.sec = now.sec + dur;
3766 wpa_msg(wpa_s, MSG_INFO, WPA_EVENT_TEMP_DISABLED
3767 "id=%d ssid=\"%s\" auth_failures=%u duration=%d",
3768 ssid->id, wpa_ssid_txt(ssid->ssid, ssid->ssid_len),
3769 ssid->auth_failures, dur);
3773 void wpas_clear_temp_disabled(struct wpa_supplicant *wpa_s,
3774 struct wpa_ssid *ssid, int clear_failures)
3779 if (ssid->disabled_until.sec) {
3780 wpa_msg(wpa_s, MSG_INFO, WPA_EVENT_REENABLED
3781 "id=%d ssid=\"%s\"",
3782 ssid->id, wpa_ssid_txt(ssid->ssid, ssid->ssid_len));
3784 ssid->disabled_until.sec = 0;
3785 ssid->disabled_until.usec = 0;
3787 ssid->auth_failures = 0;
3791 int disallowed_bssid(struct wpa_supplicant *wpa_s, const u8 *bssid)
3795 if (wpa_s->disallow_aps_bssid == NULL)
3798 for (i = 0; i < wpa_s->disallow_aps_bssid_count; i++) {
3799 if (os_memcmp(wpa_s->disallow_aps_bssid + i * ETH_ALEN,
3800 bssid, ETH_ALEN) == 0)
3808 int disallowed_ssid(struct wpa_supplicant *wpa_s, const u8 *ssid,
3813 if (wpa_s->disallow_aps_ssid == NULL || ssid == NULL)
3816 for (i = 0; i < wpa_s->disallow_aps_ssid_count; i++) {
3817 struct wpa_ssid_value *s = &wpa_s->disallow_aps_ssid[i];
3818 if (ssid_len == s->ssid_len &&
3819 os_memcmp(ssid, s->ssid, ssid_len) == 0)
3828 * wpas_request_connection - Request a new connection
3829 * @wpa_s: Pointer to the network interface
3831 * This function is used to request a new connection to be found. It will mark
3832 * the interface to allow reassociation and request a new scan to find a
3833 * suitable network to connect to.
3835 void wpas_request_connection(struct wpa_supplicant *wpa_s)
3837 wpa_s->normal_scans = 0;
3838 wpa_supplicant_reinit_autoscan(wpa_s);
3839 wpa_s->extra_blacklist_count = 0;
3840 wpa_s->disconnected = 0;
3841 wpa_s->reassociate = 1;
3843 if (wpa_supplicant_fast_associate(wpa_s) != 1)
3844 wpa_supplicant_req_scan(wpa_s, 0, 0);
3849 * wpas_wpa_is_in_progress - Check whether a connection is in progress
3850 * @wpa_s: Pointer to wpa_supplicant data
3852 * This function is to check if the wpa state is in beginning of the connection
3853 * during 4-way handshake or group key handshake with WPA on any shared
3856 int wpas_wpa_is_in_progress(struct wpa_supplicant *wpa_s)
3858 const char *rn, *rn2;
3859 struct wpa_supplicant *ifs;
3861 if (!wpa_s->driver->get_radio_name)
3864 rn = wpa_s->driver->get_radio_name(wpa_s->drv_priv);
3865 if (rn == NULL || rn[0] == '\0')
3868 for (ifs = wpa_s->global->ifaces; ifs; ifs = ifs->next) {
3869 if (ifs == wpa_s || !ifs->driver->get_radio_name)
3872 rn2 = ifs->driver->get_radio_name(ifs->drv_priv);
3873 if (!rn2 || os_strcmp(rn, rn2) != 0)
3875 if (ifs->wpa_state >= WPA_AUTHENTICATING &&
3876 ifs->wpa_state != WPA_COMPLETED) {
3877 wpa_dbg(wpa_s, MSG_DEBUG, "Connection is in progress "
3878 "on interface %s - defer scan", ifs->ifname);