3 * Copyright (c) 2003-2010, Jouni Malinen <j@w1.fi>
5 * This program is free software; you can redistribute it and/or modify
6 * it under the terms of the GNU General Public License version 2 as
7 * published by the Free Software Foundation.
9 * Alternatively, this software may be distributed under the terms of BSD
12 * See README and COPYING for more details.
14 * This file implements functions for registering and unregistering
15 * %wpa_supplicant interfaces. In addition, this file contains number of
16 * functions for managing network connections.
22 #include "eapol_supp/eapol_supp_sm.h"
23 #include "eap_peer/eap.h"
24 #include "eap_server/eap_methods.h"
25 #include "rsn_supp/wpa.h"
28 #include "l2_packet/l2_packet.h"
29 #include "wpa_supplicant_i.h"
31 #include "ctrl_iface.h"
32 #include "pcsc_funcs.h"
33 #include "common/version.h"
34 #include "rsn_supp/preauth.h"
35 #include "rsn_supp/pmksa_cache.h"
36 #include "common/wpa_ctrl.h"
38 #include "common/ieee802_11_defs.h"
39 #include "blacklist.h"
40 #include "wpas_glue.h"
41 #include "wps_supplicant.h"
50 const char *wpa_supplicant_version =
51 "wpa_supplicant v" VERSION_STR "\n"
52 "Copyright (c) 2003-2010, Jouni Malinen <j@w1.fi> and contributors";
54 const char *wpa_supplicant_license =
55 "This program is free software. You can distribute it and/or modify it\n"
56 "under the terms of the GNU General Public License version 2.\n"
58 "Alternatively, this software may be distributed under the terms of the\n"
59 "BSD license. See README and COPYING for more details.\n"
60 #ifdef EAP_TLS_OPENSSL
61 "\nThis product includes software developed by the OpenSSL Project\n"
62 "for use in the OpenSSL Toolkit (http://www.openssl.org/)\n"
63 #endif /* EAP_TLS_OPENSSL */
66 #ifndef CONFIG_NO_STDOUT_DEBUG
67 /* Long text divided into parts in order to fit in C89 strings size limits. */
68 const char *wpa_supplicant_full_license1 =
69 "This program is free software; you can redistribute it and/or modify\n"
70 "it under the terms of the GNU General Public License version 2 as\n"
71 "published by the Free Software Foundation.\n"
73 "This program is distributed in the hope that it will be useful,\n"
74 "but WITHOUT ANY WARRANTY; without even the implied warranty of\n"
75 "MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n"
76 "GNU General Public License for more details.\n"
78 const char *wpa_supplicant_full_license2 =
79 "You should have received a copy of the GNU General Public License\n"
80 "along with this program; if not, write to the Free Software\n"
81 "Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA\n"
83 "Alternatively, this software may be distributed under the terms of the\n"
86 "Redistribution and use in source and binary forms, with or without\n"
87 "modification, are permitted provided that the following conditions are\n"
90 const char *wpa_supplicant_full_license3 =
91 "1. Redistributions of source code must retain the above copyright\n"
92 " notice, this list of conditions and the following disclaimer.\n"
94 "2. Redistributions in binary form must reproduce the above copyright\n"
95 " notice, this list of conditions and the following disclaimer in the\n"
96 " documentation and/or other materials provided with the distribution.\n"
98 const char *wpa_supplicant_full_license4 =
99 "3. Neither the name(s) of the above-listed copyright holder(s) nor the\n"
100 " names of its contributors may be used to endorse or promote products\n"
101 " derived from this software without specific prior written permission.\n"
103 "THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS\n"
104 "\"AS IS\" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT\n"
105 "LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR\n"
106 "A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT\n";
107 const char *wpa_supplicant_full_license5 =
108 "OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,\n"
109 "SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT\n"
110 "LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,\n"
111 "DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY\n"
112 "THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT\n"
113 "(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE\n"
114 "OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n"
116 #endif /* CONFIG_NO_STDOUT_DEBUG */
118 extern int wpa_debug_level;
119 extern int wpa_debug_show_keys;
120 extern int wpa_debug_timestamp;
121 extern struct wpa_driver_ops *wpa_drivers[];
123 /* Configure default/group WEP keys for static WEP */
124 int wpa_set_wep_keys(struct wpa_supplicant *wpa_s, struct wpa_ssid *ssid)
128 for (i = 0; i < NUM_WEP_KEYS; i++) {
129 if (ssid->wep_key_len[i] == 0)
133 wpa_drv_set_key(wpa_s, WPA_ALG_WEP,
134 (u8 *) "\xff\xff\xff\xff\xff\xff",
135 i, i == ssid->wep_tx_keyidx, (u8 *) "", 0,
136 ssid->wep_key[i], ssid->wep_key_len[i]);
143 static int wpa_supplicant_set_wpa_none_key(struct wpa_supplicant *wpa_s,
144 struct wpa_ssid *ssid)
151 /* IBSS/WPA-None uses only one key (Group) for both receiving and
152 * sending unicast and multicast packets. */
154 if (ssid->mode != WPAS_MODE_IBSS) {
155 wpa_printf(MSG_INFO, "WPA: Invalid mode %d (not IBSS/ad-hoc) "
156 "for WPA-None", ssid->mode);
160 if (!ssid->psk_set) {
161 wpa_printf(MSG_INFO, "WPA: No PSK configured for WPA-None");
165 switch (wpa_s->group_cipher) {
166 case WPA_CIPHER_CCMP:
167 os_memcpy(key, ssid->psk, 16);
171 case WPA_CIPHER_TKIP:
172 /* WPA-None uses the same Michael MIC key for both TX and RX */
173 os_memcpy(key, ssid->psk, 16 + 8);
174 os_memcpy(key + 16 + 8, ssid->psk + 16, 8);
179 wpa_printf(MSG_INFO, "WPA: Invalid group cipher %d for "
180 "WPA-None", wpa_s->group_cipher);
184 /* TODO: should actually remember the previously used seq#, both for TX
185 * and RX from each STA.. */
187 return wpa_drv_set_key(wpa_s, alg, (u8 *) "\xff\xff\xff\xff\xff\xff",
188 0, 1, seq, 6, key, keylen);
192 static void wpa_supplicant_timeout(void *eloop_ctx, void *timeout_ctx)
194 struct wpa_supplicant *wpa_s = eloop_ctx;
195 const u8 *bssid = wpa_s->bssid;
196 if (is_zero_ether_addr(bssid))
197 bssid = wpa_s->pending_bssid;
198 wpa_msg(wpa_s, MSG_INFO, "Authentication with " MACSTR " timed out.",
200 wpa_blacklist_add(wpa_s, bssid);
201 wpa_sm_notify_disassoc(wpa_s->wpa);
202 wpa_supplicant_disassociate(wpa_s, WLAN_REASON_DEAUTH_LEAVING);
203 wpa_s->reassociate = 1;
204 wpa_supplicant_req_scan(wpa_s, 0, 0);
209 * wpa_supplicant_req_auth_timeout - Schedule a timeout for authentication
210 * @wpa_s: Pointer to wpa_supplicant data
211 * @sec: Number of seconds after which to time out authentication
212 * @usec: Number of microseconds after which to time out authentication
214 * This function is used to schedule a timeout for the current authentication
217 void wpa_supplicant_req_auth_timeout(struct wpa_supplicant *wpa_s,
220 if (wpa_s->conf && wpa_s->conf->ap_scan == 0 &&
221 (wpa_s->drv_flags & WPA_DRIVER_FLAGS_WIRED))
224 wpa_msg(wpa_s, MSG_DEBUG, "Setting authentication timeout: %d sec "
225 "%d usec", sec, usec);
226 eloop_cancel_timeout(wpa_supplicant_timeout, wpa_s, NULL);
227 eloop_register_timeout(sec, usec, wpa_supplicant_timeout, wpa_s, NULL);
232 * wpa_supplicant_cancel_auth_timeout - Cancel authentication timeout
233 * @wpa_s: Pointer to wpa_supplicant data
235 * This function is used to cancel authentication timeout scheduled with
236 * wpa_supplicant_req_auth_timeout() and it is called when authentication has
239 void wpa_supplicant_cancel_auth_timeout(struct wpa_supplicant *wpa_s)
241 wpa_msg(wpa_s, MSG_DEBUG, "Cancelling authentication timeout");
242 eloop_cancel_timeout(wpa_supplicant_timeout, wpa_s, NULL);
243 wpa_blacklist_del(wpa_s, wpa_s->bssid);
248 * wpa_supplicant_initiate_eapol - Configure EAPOL state machine
249 * @wpa_s: Pointer to wpa_supplicant data
251 * This function is used to configure EAPOL state machine based on the selected
252 * authentication mode.
254 void wpa_supplicant_initiate_eapol(struct wpa_supplicant *wpa_s)
256 #ifdef IEEE8021X_EAPOL
257 struct eapol_config eapol_conf;
258 struct wpa_ssid *ssid = wpa_s->current_ssid;
260 #ifdef CONFIG_IBSS_RSN
261 if (ssid->mode == WPAS_MODE_IBSS &&
262 wpa_s->key_mgmt != WPA_KEY_MGMT_NONE &&
263 wpa_s->key_mgmt != WPA_KEY_MGMT_WPA_NONE) {
265 * RSN IBSS authentication is per-STA and we can disable the
266 * per-BSSID EAPOL authentication.
268 eapol_sm_notify_portControl(wpa_s->eapol, ForceAuthorized);
269 eapol_sm_notify_eap_success(wpa_s->eapol, TRUE);
270 eapol_sm_notify_eap_fail(wpa_s->eapol, FALSE);
273 #endif /* CONFIG_IBSS_RSN */
275 eapol_sm_notify_eap_success(wpa_s->eapol, FALSE);
276 eapol_sm_notify_eap_fail(wpa_s->eapol, FALSE);
278 if (wpa_s->key_mgmt == WPA_KEY_MGMT_NONE ||
279 wpa_s->key_mgmt == WPA_KEY_MGMT_WPA_NONE)
280 eapol_sm_notify_portControl(wpa_s->eapol, ForceAuthorized);
282 eapol_sm_notify_portControl(wpa_s->eapol, Auto);
284 os_memset(&eapol_conf, 0, sizeof(eapol_conf));
285 if (wpa_s->key_mgmt == WPA_KEY_MGMT_IEEE8021X_NO_WPA) {
286 eapol_conf.accept_802_1x_keys = 1;
287 eapol_conf.required_keys = 0;
288 if (ssid->eapol_flags & EAPOL_FLAG_REQUIRE_KEY_UNICAST) {
289 eapol_conf.required_keys |= EAPOL_REQUIRE_KEY_UNICAST;
291 if (ssid->eapol_flags & EAPOL_FLAG_REQUIRE_KEY_BROADCAST) {
292 eapol_conf.required_keys |=
293 EAPOL_REQUIRE_KEY_BROADCAST;
296 if (wpa_s->conf && (wpa_s->drv_flags & WPA_DRIVER_FLAGS_WIRED))
297 eapol_conf.required_keys = 0;
300 eapol_conf.fast_reauth = wpa_s->conf->fast_reauth;
301 eapol_conf.workaround = ssid->eap_workaround;
302 eapol_conf.eap_disabled =
303 !wpa_key_mgmt_wpa_ieee8021x(wpa_s->key_mgmt) &&
304 wpa_s->key_mgmt != WPA_KEY_MGMT_IEEE8021X_NO_WPA &&
305 wpa_s->key_mgmt != WPA_KEY_MGMT_WPS;
306 eapol_sm_notify_config(wpa_s->eapol, &ssid->eap, &eapol_conf);
307 #endif /* IEEE8021X_EAPOL */
312 * wpa_supplicant_set_non_wpa_policy - Set WPA parameters to non-WPA mode
313 * @wpa_s: Pointer to wpa_supplicant data
314 * @ssid: Configuration data for the network
316 * This function is used to configure WPA state machine and related parameters
317 * to a mode where WPA is not enabled. This is called as part of the
318 * authentication configuration when the selected network does not use WPA.
320 void wpa_supplicant_set_non_wpa_policy(struct wpa_supplicant *wpa_s,
321 struct wpa_ssid *ssid)
325 if (ssid->key_mgmt & WPA_KEY_MGMT_WPS)
326 wpa_s->key_mgmt = WPA_KEY_MGMT_WPS;
327 else if (ssid->key_mgmt & WPA_KEY_MGMT_IEEE8021X_NO_WPA)
328 wpa_s->key_mgmt = WPA_KEY_MGMT_IEEE8021X_NO_WPA;
330 wpa_s->key_mgmt = WPA_KEY_MGMT_NONE;
331 wpa_sm_set_ap_wpa_ie(wpa_s->wpa, NULL, 0);
332 wpa_sm_set_ap_rsn_ie(wpa_s->wpa, NULL, 0);
333 wpa_sm_set_assoc_wpa_ie(wpa_s->wpa, NULL, 0);
334 wpa_s->pairwise_cipher = WPA_CIPHER_NONE;
335 wpa_s->group_cipher = WPA_CIPHER_NONE;
336 wpa_s->mgmt_group_cipher = 0;
338 for (i = 0; i < NUM_WEP_KEYS; i++) {
339 if (ssid->wep_key_len[i] > 5) {
340 wpa_s->pairwise_cipher = WPA_CIPHER_WEP104;
341 wpa_s->group_cipher = WPA_CIPHER_WEP104;
343 } else if (ssid->wep_key_len[i] > 0) {
344 wpa_s->pairwise_cipher = WPA_CIPHER_WEP40;
345 wpa_s->group_cipher = WPA_CIPHER_WEP40;
350 wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_RSN_ENABLED, 0);
351 wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_KEY_MGMT, wpa_s->key_mgmt);
352 wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_PAIRWISE,
353 wpa_s->pairwise_cipher);
354 wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_GROUP, wpa_s->group_cipher);
355 #ifdef CONFIG_IEEE80211W
356 wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_MGMT_GROUP,
357 wpa_s->mgmt_group_cipher);
358 #endif /* CONFIG_IEEE80211W */
360 pmksa_cache_clear_current(wpa_s->wpa);
364 static void wpa_supplicant_cleanup(struct wpa_supplicant *wpa_s)
366 bgscan_deinit(wpa_s);
367 scard_deinit(wpa_s->scard);
369 wpa_sm_set_scard_ctx(wpa_s->wpa, NULL);
370 eapol_sm_register_scard_ctx(wpa_s->eapol, NULL);
371 l2_packet_deinit(wpa_s->l2);
374 l2_packet_deinit(wpa_s->l2_br);
378 if (wpa_s->ctrl_iface) {
379 wpa_supplicant_ctrl_iface_deinit(wpa_s->ctrl_iface);
380 wpa_s->ctrl_iface = NULL;
382 if (wpa_s->conf != NULL) {
383 struct wpa_ssid *ssid;
384 for (ssid = wpa_s->conf->ssid; ssid; ssid = ssid->next)
385 wpas_notify_network_removed(wpa_s, ssid);
386 wpa_config_free(wpa_s->conf);
390 os_free(wpa_s->confname);
391 wpa_s->confname = NULL;
393 wpa_sm_set_eapol(wpa_s->wpa, NULL);
394 eapol_sm_deinit(wpa_s->eapol);
397 rsn_preauth_deinit(wpa_s->wpa);
399 pmksa_candidate_free(wpa_s->wpa);
400 wpa_sm_deinit(wpa_s->wpa);
402 wpa_blacklist_clear(wpa_s);
404 wpa_bss_deinit(wpa_s);
406 wpa_supplicant_cancel_scan(wpa_s);
407 wpa_supplicant_cancel_auth_timeout(wpa_s);
409 ieee80211_sta_deinit(wpa_s);
411 wpas_wps_deinit(wpa_s);
413 wpabuf_free(wpa_s->pending_eapol_rx);
414 wpa_s->pending_eapol_rx = NULL;
416 #ifdef CONFIG_IBSS_RSN
417 ibss_rsn_deinit(wpa_s->ibss_rsn);
418 wpa_s->ibss_rsn = NULL;
419 #endif /* CONFIG_IBSS_RSN */
422 os_free(wpa_s->sme.ft_ies);
423 wpa_s->sme.ft_ies = NULL;
424 wpa_s->sme.ft_ies_len = 0;
425 #endif /* CONFIG_SME */
428 wpa_supplicant_ap_deinit(wpa_s);
429 #endif /* CONFIG_AP */
434 * wpa_clear_keys - Clear keys configured for the driver
435 * @wpa_s: Pointer to wpa_supplicant data
436 * @addr: Previously used BSSID or %NULL if not available
438 * This function clears the encryption keys that has been previously configured
441 void wpa_clear_keys(struct wpa_supplicant *wpa_s, const u8 *addr)
443 u8 *bcast = (u8 *) "\xff\xff\xff\xff\xff\xff";
445 if (wpa_s->keys_cleared) {
446 /* Some drivers (e.g., ndiswrapper & NDIS drivers) seem to have
447 * timing issues with keys being cleared just before new keys
448 * are set or just after association or something similar. This
449 * shows up in group key handshake failing often because of the
450 * client not receiving the first encrypted packets correctly.
451 * Skipping some of the extra key clearing steps seems to help
452 * in completing group key handshake more reliably. */
453 wpa_printf(MSG_DEBUG, "No keys have been configured - "
454 "skip key clearing");
458 /* MLME-DELETEKEYS.request */
459 wpa_drv_set_key(wpa_s, WPA_ALG_NONE, bcast, 0, 0, NULL, 0, NULL, 0);
460 wpa_drv_set_key(wpa_s, WPA_ALG_NONE, bcast, 1, 0, NULL, 0, NULL, 0);
461 wpa_drv_set_key(wpa_s, WPA_ALG_NONE, bcast, 2, 0, NULL, 0, NULL, 0);
462 wpa_drv_set_key(wpa_s, WPA_ALG_NONE, bcast, 3, 0, NULL, 0, NULL, 0);
463 #ifdef CONFIG_IEEE80211W
464 wpa_drv_set_key(wpa_s, WPA_ALG_NONE, bcast, 4, 0, NULL, 0, NULL, 0);
465 wpa_drv_set_key(wpa_s, WPA_ALG_NONE, bcast, 5, 0, NULL, 0, NULL, 0);
466 #endif /* CONFIG_IEEE80211W */
468 wpa_drv_set_key(wpa_s, WPA_ALG_NONE, addr, 0, 0, NULL, 0, NULL,
470 /* MLME-SETPROTECTION.request(None) */
471 wpa_drv_mlme_setprotection(
473 MLME_SETPROTECTION_PROTECT_TYPE_NONE,
474 MLME_SETPROTECTION_KEY_TYPE_PAIRWISE);
476 wpa_s->keys_cleared = 1;
481 * wpa_supplicant_state_txt - Get the connection state name as a text string
482 * @state: State (wpa_state; WPA_*)
483 * Returns: The state name as a printable text string
485 const char * wpa_supplicant_state_txt(enum wpa_states state)
488 case WPA_DISCONNECTED:
489 return "DISCONNECTED";
492 case WPA_INTERFACE_DISABLED:
493 return "INTERFACE_DISABLED";
496 case WPA_AUTHENTICATING:
497 return "AUTHENTICATING";
498 case WPA_ASSOCIATING:
499 return "ASSOCIATING";
502 case WPA_4WAY_HANDSHAKE:
503 return "4WAY_HANDSHAKE";
504 case WPA_GROUP_HANDSHAKE:
505 return "GROUP_HANDSHAKE";
515 * wpa_supplicant_set_state - Set current connection state
516 * @wpa_s: Pointer to wpa_supplicant data
517 * @state: The new connection state
519 * This function is called whenever the connection state changes, e.g.,
520 * association is completed for WPA/WPA2 4-Way Handshake is started.
522 void wpa_supplicant_set_state(struct wpa_supplicant *wpa_s,
523 enum wpa_states state)
525 enum wpa_states old_state = wpa_s->wpa_state;
527 wpa_printf(MSG_DEBUG, "State: %s -> %s",
528 wpa_supplicant_state_txt(wpa_s->wpa_state),
529 wpa_supplicant_state_txt(state));
531 if (state != WPA_SCANNING)
532 wpa_supplicant_notify_scanning(wpa_s, 0);
534 if (state == WPA_COMPLETED && wpa_s->new_connection) {
535 #if defined(CONFIG_CTRL_IFACE) || !defined(CONFIG_NO_STDOUT_DEBUG)
536 struct wpa_ssid *ssid = wpa_s->current_ssid;
537 wpa_msg(wpa_s, MSG_INFO, WPA_EVENT_CONNECTED "- Connection to "
538 MACSTR " completed %s [id=%d id_str=%s]",
539 MAC2STR(wpa_s->bssid), wpa_s->reassociated_connection ?
540 "(reauth)" : "(auth)",
541 ssid ? ssid->id : -1,
542 ssid && ssid->id_str ? ssid->id_str : "");
543 #endif /* CONFIG_CTRL_IFACE || !CONFIG_NO_STDOUT_DEBUG */
544 wpa_s->new_connection = 0;
545 wpa_s->reassociated_connection = 1;
546 wpa_drv_set_operstate(wpa_s, 1);
547 wpa_s->after_wps = 0;
548 } else if (state == WPA_DISCONNECTED || state == WPA_ASSOCIATING ||
549 state == WPA_ASSOCIATED) {
550 wpa_s->new_connection = 1;
551 wpa_drv_set_operstate(wpa_s, 0);
553 wpa_s->wpa_state = state;
555 if (wpa_s->wpa_state != old_state)
556 wpas_notify_state_changed(wpa_s, wpa_s->wpa_state, old_state);
560 void wpa_supplicant_terminate_proc(struct wpa_global *global)
564 struct wpa_supplicant *wpa_s = global->ifaces;
566 if (wpas_wps_terminate_pending(wpa_s) == 1)
570 #endif /* CONFIG_WPS */
577 static void wpa_supplicant_terminate(int sig, void *signal_ctx)
579 struct wpa_global *global = signal_ctx;
580 struct wpa_supplicant *wpa_s;
581 for (wpa_s = global->ifaces; wpa_s; wpa_s = wpa_s->next) {
582 wpa_msg(wpa_s, MSG_INFO, WPA_EVENT_TERMINATING "- signal %d "
585 wpa_supplicant_terminate_proc(global);
589 static void wpa_supplicant_clear_status(struct wpa_supplicant *wpa_s)
591 enum wpa_states old_state = wpa_s->wpa_state;
593 wpa_s->pairwise_cipher = 0;
594 wpa_s->group_cipher = 0;
595 wpa_s->mgmt_group_cipher = 0;
597 if (wpa_s->wpa_state != WPA_INTERFACE_DISABLED)
598 wpa_s->wpa_state = WPA_DISCONNECTED;
600 if (wpa_s->wpa_state != old_state)
601 wpas_notify_state_changed(wpa_s, wpa_s->wpa_state, old_state);
606 * wpa_supplicant_reload_configuration - Reload configuration data
607 * @wpa_s: Pointer to wpa_supplicant data
608 * Returns: 0 on success or -1 if configuration parsing failed
610 * This function can be used to request that the configuration data is reloaded
611 * (e.g., after configuration file change). This function is reloading
612 * configuration only for one interface, so this may need to be called multiple
613 * times if %wpa_supplicant is controlling multiple interfaces and all
614 * interfaces need reconfiguration.
616 int wpa_supplicant_reload_configuration(struct wpa_supplicant *wpa_s)
618 struct wpa_config *conf;
619 struct wpa_ssid *old_ssid;
623 if (wpa_s->confname == NULL)
625 conf = wpa_config_read(wpa_s->confname);
627 wpa_msg(wpa_s, MSG_ERROR, "Failed to parse the configuration "
628 "file '%s' - exiting", wpa_s->confname);
631 conf->changed_parameters = (unsigned int) -1;
633 reconf_ctrl = !!conf->ctrl_interface != !!wpa_s->conf->ctrl_interface
634 || (conf->ctrl_interface && wpa_s->conf->ctrl_interface &&
635 os_strcmp(conf->ctrl_interface,
636 wpa_s->conf->ctrl_interface) != 0);
638 if (reconf_ctrl && wpa_s->ctrl_iface) {
639 wpa_supplicant_ctrl_iface_deinit(wpa_s->ctrl_iface);
640 wpa_s->ctrl_iface = NULL;
643 eapol_sm_invalidate_cached_session(wpa_s->eapol);
644 old_ssid = wpa_s->current_ssid;
645 wpa_s->current_ssid = NULL;
646 if (old_ssid != wpa_s->current_ssid)
647 wpas_notify_network_changed(wpa_s);
650 * TODO: should notify EAPOL SM about changes in opensc_engine_path,
651 * pkcs11_engine_path, pkcs11_module_path.
653 if (wpa_key_mgmt_wpa_psk(wpa_s->key_mgmt)) {
655 * Clear forced success to clear EAP state for next
658 eapol_sm_notify_eap_success(wpa_s->eapol, FALSE);
660 eapol_sm_notify_config(wpa_s->eapol, NULL, NULL);
661 wpa_sm_set_config(wpa_s->wpa, NULL);
662 wpa_sm_set_fast_reauth(wpa_s->wpa, wpa_s->conf->fast_reauth);
663 rsn_preauth_deinit(wpa_s->wpa);
665 old_ap_scan = wpa_s->conf->ap_scan;
666 wpa_config_free(wpa_s->conf);
668 if (old_ap_scan != wpa_s->conf->ap_scan)
669 wpas_notify_ap_scan_changed(wpa_s);
672 wpa_s->ctrl_iface = wpa_supplicant_ctrl_iface_init(wpa_s);
674 wpa_supplicant_update_config(wpa_s);
676 wpa_supplicant_clear_status(wpa_s);
677 wpa_s->reassociate = 1;
678 wpa_supplicant_req_scan(wpa_s, 0, 0);
679 wpa_msg(wpa_s, MSG_DEBUG, "Reconfiguration completed");
684 static void wpa_supplicant_reconfig(int sig, void *signal_ctx)
686 struct wpa_global *global = signal_ctx;
687 struct wpa_supplicant *wpa_s;
688 wpa_printf(MSG_DEBUG, "Signal %d received - reconfiguring", sig);
689 for (wpa_s = global->ifaces; wpa_s; wpa_s = wpa_s->next) {
690 if (wpa_supplicant_reload_configuration(wpa_s) < 0) {
691 wpa_supplicant_terminate_proc(global);
697 enum wpa_cipher cipher_suite2driver(int cipher)
700 case WPA_CIPHER_NONE:
702 case WPA_CIPHER_WEP40:
704 case WPA_CIPHER_WEP104:
705 return CIPHER_WEP104;
706 case WPA_CIPHER_CCMP:
708 case WPA_CIPHER_TKIP:
715 enum wpa_key_mgmt key_mgmt2driver(int key_mgmt)
718 case WPA_KEY_MGMT_NONE:
719 return KEY_MGMT_NONE;
720 case WPA_KEY_MGMT_IEEE8021X_NO_WPA:
721 return KEY_MGMT_802_1X_NO_WPA;
722 case WPA_KEY_MGMT_IEEE8021X:
723 return KEY_MGMT_802_1X;
724 case WPA_KEY_MGMT_WPA_NONE:
725 return KEY_MGMT_WPA_NONE;
726 case WPA_KEY_MGMT_FT_IEEE8021X:
727 return KEY_MGMT_FT_802_1X;
728 case WPA_KEY_MGMT_FT_PSK:
729 return KEY_MGMT_FT_PSK;
730 case WPA_KEY_MGMT_IEEE8021X_SHA256:
731 return KEY_MGMT_802_1X_SHA256;
732 case WPA_KEY_MGMT_PSK_SHA256:
733 return KEY_MGMT_PSK_SHA256;
734 case WPA_KEY_MGMT_WPS:
736 case WPA_KEY_MGMT_PSK:
743 static int wpa_supplicant_suites_from_ai(struct wpa_supplicant *wpa_s,
744 struct wpa_ssid *ssid,
745 struct wpa_ie_data *ie)
747 int ret = wpa_sm_parse_own_wpa_ie(wpa_s->wpa, ie);
750 wpa_msg(wpa_s, MSG_INFO, "WPA: Failed to parse WPA IE "
751 "from association info");
756 wpa_printf(MSG_DEBUG, "WPA: Using WPA IE from AssocReq to set cipher "
758 if (!(ie->group_cipher & ssid->group_cipher)) {
759 wpa_msg(wpa_s, MSG_INFO, "WPA: Driver used disabled group "
760 "cipher 0x%x (mask 0x%x) - reject",
761 ie->group_cipher, ssid->group_cipher);
764 if (!(ie->pairwise_cipher & ssid->pairwise_cipher)) {
765 wpa_msg(wpa_s, MSG_INFO, "WPA: Driver used disabled pairwise "
766 "cipher 0x%x (mask 0x%x) - reject",
767 ie->pairwise_cipher, ssid->pairwise_cipher);
770 if (!(ie->key_mgmt & ssid->key_mgmt)) {
771 wpa_msg(wpa_s, MSG_INFO, "WPA: Driver used disabled key "
772 "management 0x%x (mask 0x%x) - reject",
773 ie->key_mgmt, ssid->key_mgmt);
777 #ifdef CONFIG_IEEE80211W
778 if (!(ie->capabilities & WPA_CAPABILITY_MFPC) &&
779 ssid->ieee80211w == MGMT_FRAME_PROTECTION_REQUIRED) {
780 wpa_msg(wpa_s, MSG_INFO, "WPA: Driver associated with an AP "
781 "that does not support management frame protection - "
785 #endif /* CONFIG_IEEE80211W */
792 * wpa_supplicant_set_suites - Set authentication and encryption parameters
793 * @wpa_s: Pointer to wpa_supplicant data
794 * @bss: Scan results for the selected BSS, or %NULL if not available
795 * @ssid: Configuration data for the selected network
796 * @wpa_ie: Buffer for the WPA/RSN IE
797 * @wpa_ie_len: Maximum wpa_ie buffer size on input. This is changed to be the
798 * used buffer length in case the functions returns success.
799 * Returns: 0 on success or -1 on failure
801 * This function is used to configure authentication and encryption parameters
802 * based on the network configuration and scan result for the selected BSS (if
805 int wpa_supplicant_set_suites(struct wpa_supplicant *wpa_s,
806 struct wpa_bss *bss, struct wpa_ssid *ssid,
807 u8 *wpa_ie, size_t *wpa_ie_len)
809 struct wpa_ie_data ie;
811 const u8 *bss_wpa, *bss_rsn;
814 bss_wpa = wpa_bss_get_vendor_ie(bss, WPA_IE_VENDOR_TYPE);
815 bss_rsn = wpa_bss_get_ie(bss, WLAN_EID_RSN);
817 bss_wpa = bss_rsn = NULL;
819 if (bss_rsn && (ssid->proto & WPA_PROTO_RSN) &&
820 wpa_parse_wpa_ie(bss_rsn, 2 + bss_rsn[1], &ie) == 0 &&
821 (ie.group_cipher & ssid->group_cipher) &&
822 (ie.pairwise_cipher & ssid->pairwise_cipher) &&
823 (ie.key_mgmt & ssid->key_mgmt)) {
824 wpa_msg(wpa_s, MSG_DEBUG, "RSN: using IEEE 802.11i/D9.0");
825 proto = WPA_PROTO_RSN;
826 } else if (bss_wpa && (ssid->proto & WPA_PROTO_WPA) &&
827 wpa_parse_wpa_ie(bss_wpa, 2 +bss_wpa[1], &ie) == 0 &&
828 (ie.group_cipher & ssid->group_cipher) &&
829 (ie.pairwise_cipher & ssid->pairwise_cipher) &&
830 (ie.key_mgmt & ssid->key_mgmt)) {
831 wpa_msg(wpa_s, MSG_DEBUG, "WPA: using IEEE 802.11i/D3.0");
832 proto = WPA_PROTO_WPA;
834 wpa_msg(wpa_s, MSG_WARNING, "WPA: Failed to select WPA/RSN");
837 if (ssid->proto & WPA_PROTO_RSN)
838 proto = WPA_PROTO_RSN;
840 proto = WPA_PROTO_WPA;
841 if (wpa_supplicant_suites_from_ai(wpa_s, ssid, &ie) < 0) {
842 os_memset(&ie, 0, sizeof(ie));
843 ie.group_cipher = ssid->group_cipher;
844 ie.pairwise_cipher = ssid->pairwise_cipher;
845 ie.key_mgmt = ssid->key_mgmt;
846 #ifdef CONFIG_IEEE80211W
847 ie.mgmt_group_cipher =
848 ssid->ieee80211w != NO_MGMT_FRAME_PROTECTION ?
849 WPA_CIPHER_AES_128_CMAC : 0;
850 #endif /* CONFIG_IEEE80211W */
851 wpa_printf(MSG_DEBUG, "WPA: Set cipher suites based "
857 wpa_printf(MSG_DEBUG, "WPA: Selected cipher suites: group %d "
858 "pairwise %d key_mgmt %d proto %d",
859 ie.group_cipher, ie.pairwise_cipher, ie.key_mgmt, proto);
860 #ifdef CONFIG_IEEE80211W
861 if (ssid->ieee80211w) {
862 wpa_printf(MSG_DEBUG, "WPA: Selected mgmt group cipher %d",
863 ie.mgmt_group_cipher);
865 #endif /* CONFIG_IEEE80211W */
867 wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_PROTO, proto);
868 wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_RSN_ENABLED,
869 !!(ssid->proto & WPA_PROTO_RSN));
871 if (bss || !wpa_s->ap_ies_from_associnfo) {
872 if (wpa_sm_set_ap_wpa_ie(wpa_s->wpa, bss_wpa,
873 bss_wpa ? 2 + bss_wpa[1] : 0) ||
874 wpa_sm_set_ap_rsn_ie(wpa_s->wpa, bss_rsn,
875 bss_rsn ? 2 + bss_rsn[1] : 0))
879 sel = ie.group_cipher & ssid->group_cipher;
880 if (sel & WPA_CIPHER_CCMP) {
881 wpa_s->group_cipher = WPA_CIPHER_CCMP;
882 wpa_msg(wpa_s, MSG_DEBUG, "WPA: using GTK CCMP");
883 } else if (sel & WPA_CIPHER_TKIP) {
884 wpa_s->group_cipher = WPA_CIPHER_TKIP;
885 wpa_msg(wpa_s, MSG_DEBUG, "WPA: using GTK TKIP");
886 } else if (sel & WPA_CIPHER_WEP104) {
887 wpa_s->group_cipher = WPA_CIPHER_WEP104;
888 wpa_msg(wpa_s, MSG_DEBUG, "WPA: using GTK WEP104");
889 } else if (sel & WPA_CIPHER_WEP40) {
890 wpa_s->group_cipher = WPA_CIPHER_WEP40;
891 wpa_msg(wpa_s, MSG_DEBUG, "WPA: using GTK WEP40");
893 wpa_printf(MSG_WARNING, "WPA: Failed to select group cipher.");
897 sel = ie.pairwise_cipher & ssid->pairwise_cipher;
898 if (sel & WPA_CIPHER_CCMP) {
899 wpa_s->pairwise_cipher = WPA_CIPHER_CCMP;
900 wpa_msg(wpa_s, MSG_DEBUG, "WPA: using PTK CCMP");
901 } else if (sel & WPA_CIPHER_TKIP) {
902 wpa_s->pairwise_cipher = WPA_CIPHER_TKIP;
903 wpa_msg(wpa_s, MSG_DEBUG, "WPA: using PTK TKIP");
904 } else if (sel & WPA_CIPHER_NONE) {
905 wpa_s->pairwise_cipher = WPA_CIPHER_NONE;
906 wpa_msg(wpa_s, MSG_DEBUG, "WPA: using PTK NONE");
908 wpa_printf(MSG_WARNING, "WPA: Failed to select pairwise "
913 sel = ie.key_mgmt & ssid->key_mgmt;
915 #ifdef CONFIG_IEEE80211R
916 } else if (sel & WPA_KEY_MGMT_FT_IEEE8021X) {
917 wpa_s->key_mgmt = WPA_KEY_MGMT_FT_IEEE8021X;
918 wpa_msg(wpa_s, MSG_DEBUG, "WPA: using KEY_MGMT FT/802.1X");
919 } else if (sel & WPA_KEY_MGMT_FT_PSK) {
920 wpa_s->key_mgmt = WPA_KEY_MGMT_FT_PSK;
921 wpa_msg(wpa_s, MSG_DEBUG, "WPA: using KEY_MGMT FT/PSK");
922 #endif /* CONFIG_IEEE80211R */
923 #ifdef CONFIG_IEEE80211W
924 } else if (sel & WPA_KEY_MGMT_IEEE8021X_SHA256) {
925 wpa_s->key_mgmt = WPA_KEY_MGMT_IEEE8021X_SHA256;
926 wpa_msg(wpa_s, MSG_DEBUG,
927 "WPA: using KEY_MGMT 802.1X with SHA256");
928 } else if (sel & WPA_KEY_MGMT_PSK_SHA256) {
929 wpa_s->key_mgmt = WPA_KEY_MGMT_PSK_SHA256;
930 wpa_msg(wpa_s, MSG_DEBUG,
931 "WPA: using KEY_MGMT PSK with SHA256");
932 #endif /* CONFIG_IEEE80211W */
933 } else if (sel & WPA_KEY_MGMT_IEEE8021X) {
934 wpa_s->key_mgmt = WPA_KEY_MGMT_IEEE8021X;
935 wpa_msg(wpa_s, MSG_DEBUG, "WPA: using KEY_MGMT 802.1X");
936 } else if (sel & WPA_KEY_MGMT_PSK) {
937 wpa_s->key_mgmt = WPA_KEY_MGMT_PSK;
938 wpa_msg(wpa_s, MSG_DEBUG, "WPA: using KEY_MGMT WPA-PSK");
939 } else if (sel & WPA_KEY_MGMT_WPA_NONE) {
940 wpa_s->key_mgmt = WPA_KEY_MGMT_WPA_NONE;
941 wpa_msg(wpa_s, MSG_DEBUG, "WPA: using KEY_MGMT WPA-NONE");
943 wpa_printf(MSG_WARNING, "WPA: Failed to select authenticated "
944 "key management type.");
948 wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_KEY_MGMT, wpa_s->key_mgmt);
949 wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_PAIRWISE,
950 wpa_s->pairwise_cipher);
951 wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_GROUP, wpa_s->group_cipher);
953 #ifdef CONFIG_IEEE80211W
954 sel = ie.mgmt_group_cipher;
955 if (ssid->ieee80211w == NO_MGMT_FRAME_PROTECTION ||
956 !(ie.capabilities & WPA_CAPABILITY_MFPC))
958 if (sel & WPA_CIPHER_AES_128_CMAC) {
959 wpa_s->mgmt_group_cipher = WPA_CIPHER_AES_128_CMAC;
960 wpa_msg(wpa_s, MSG_DEBUG, "WPA: using MGMT group cipher "
963 wpa_s->mgmt_group_cipher = 0;
964 wpa_msg(wpa_s, MSG_DEBUG, "WPA: not using MGMT group cipher");
966 wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_MGMT_GROUP,
967 wpa_s->mgmt_group_cipher);
968 wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_MFP, ssid->ieee80211w);
969 #endif /* CONFIG_IEEE80211W */
971 if (wpa_sm_set_assoc_wpa_ie_default(wpa_s->wpa, wpa_ie, wpa_ie_len)) {
972 wpa_printf(MSG_WARNING, "WPA: Failed to generate WPA IE.");
977 (WPA_KEY_MGMT_PSK | WPA_KEY_MGMT_FT_PSK | WPA_KEY_MGMT_PSK_SHA256))
978 wpa_sm_set_pmk(wpa_s->wpa, ssid->psk, PMK_LEN);
980 wpa_sm_set_pmk_from_pmksa(wpa_s->wpa);
987 * wpa_supplicant_associate - Request association
988 * @wpa_s: Pointer to wpa_supplicant data
989 * @bss: Scan results for the selected BSS, or %NULL if not available
990 * @ssid: Configuration data for the selected network
992 * This function is used to request %wpa_supplicant to associate with a BSS.
994 void wpa_supplicant_associate(struct wpa_supplicant *wpa_s,
995 struct wpa_bss *bss, struct wpa_ssid *ssid)
999 int use_crypt, ret, i, bssid_changed;
1000 int algs = WPA_AUTH_ALG_OPEN;
1001 enum wpa_cipher cipher_pairwise, cipher_group;
1002 struct wpa_driver_associate_params params;
1003 int wep_keys_set = 0;
1004 struct wpa_driver_capa capa;
1005 int assoc_failed = 0;
1006 struct wpa_ssid *old_ssid;
1008 if (ssid->mode == WPAS_MODE_AP) {
1010 if (!(wpa_s->drv_flags & WPA_DRIVER_FLAGS_AP)) {
1011 wpa_printf(MSG_INFO, "Driver does not support AP "
1015 wpa_supplicant_create_ap(wpa_s, ssid);
1016 wpa_s->current_bss = bss;
1017 #else /* CONFIG_AP */
1018 wpa_printf(MSG_ERROR, "AP mode support not included in the "
1020 #endif /* CONFIG_AP */
1024 if ((wpa_s->drv_flags & WPA_DRIVER_FLAGS_SME) &&
1025 ssid->mode == IEEE80211_MODE_INFRA) {
1026 sme_authenticate(wpa_s, bss, ssid);
1030 os_memset(¶ms, 0, sizeof(params));
1031 wpa_s->reassociate = 0;
1033 #ifdef CONFIG_IEEE80211R
1034 const u8 *ie, *md = NULL;
1035 #endif /* CONFIG_IEEE80211R */
1036 wpa_msg(wpa_s, MSG_INFO, "Trying to associate with " MACSTR
1037 " (SSID='%s' freq=%d MHz)", MAC2STR(bss->bssid),
1038 wpa_ssid_txt(bss->ssid, bss->ssid_len), bss->freq);
1039 bssid_changed = !is_zero_ether_addr(wpa_s->bssid);
1040 os_memset(wpa_s->bssid, 0, ETH_ALEN);
1041 os_memcpy(wpa_s->pending_bssid, bss->bssid, ETH_ALEN);
1043 wpas_notify_bssid_changed(wpa_s);
1044 #ifdef CONFIG_IEEE80211R
1045 ie = wpa_bss_get_ie(bss, WLAN_EID_MOBILITY_DOMAIN);
1046 if (ie && ie[1] >= MOBILITY_DOMAIN_ID_LEN)
1048 wpa_sm_set_ft_params(wpa_s->wpa, ie, ie ? 2 + ie[1] : 0);
1050 /* Prepare for the next transition */
1051 wpa_ft_prepare_auth_request(wpa_s->wpa, ie);
1053 #endif /* CONFIG_IEEE80211R */
1055 } else if ((ssid->ssid == NULL || ssid->ssid_len == 0) &&
1056 wpa_s->conf->ap_scan == 2 &&
1057 (ssid->key_mgmt & WPA_KEY_MGMT_WPS)) {
1058 /* Use ap_scan==1 style network selection to find the network
1060 wpa_s->scan_req = 2;
1061 wpa_s->reassociate = 1;
1062 wpa_supplicant_req_scan(wpa_s, 0, 0);
1064 #endif /* CONFIG_WPS */
1066 wpa_msg(wpa_s, MSG_INFO, "Trying to associate with SSID '%s'",
1067 wpa_ssid_txt(ssid->ssid, ssid->ssid_len));
1068 os_memset(wpa_s->pending_bssid, 0, ETH_ALEN);
1070 wpa_supplicant_cancel_scan(wpa_s);
1072 /* Starting new association, so clear the possibly used WPA IE from the
1073 * previous association. */
1074 wpa_sm_set_assoc_wpa_ie(wpa_s->wpa, NULL, 0);
1076 #ifdef IEEE8021X_EAPOL
1077 if (ssid->key_mgmt & WPA_KEY_MGMT_IEEE8021X_NO_WPA) {
1079 if (ssid->non_leap == 0)
1080 algs = WPA_AUTH_ALG_LEAP;
1082 algs |= WPA_AUTH_ALG_LEAP;
1085 #endif /* IEEE8021X_EAPOL */
1086 wpa_printf(MSG_DEBUG, "Automatic auth_alg selection: 0x%x", algs);
1087 if (ssid->auth_alg) {
1088 algs = ssid->auth_alg;
1089 wpa_printf(MSG_DEBUG, "Overriding auth_alg selection: 0x%x",
1093 if (bss && (wpa_bss_get_vendor_ie(bss, WPA_IE_VENDOR_TYPE) ||
1094 wpa_bss_get_ie(bss, WLAN_EID_RSN)) &&
1095 (ssid->key_mgmt & (WPA_KEY_MGMT_IEEE8021X | WPA_KEY_MGMT_PSK |
1096 WPA_KEY_MGMT_FT_IEEE8021X |
1097 WPA_KEY_MGMT_FT_PSK |
1098 WPA_KEY_MGMT_IEEE8021X_SHA256 |
1099 WPA_KEY_MGMT_PSK_SHA256))) {
1100 int try_opportunistic;
1101 try_opportunistic = ssid->proactive_key_caching &&
1102 (ssid->proto & WPA_PROTO_RSN);
1103 if (pmksa_cache_set_current(wpa_s->wpa, NULL, bss->bssid,
1104 wpa_s->current_ssid,
1105 try_opportunistic) == 0)
1106 eapol_sm_notify_pmkid_attempt(wpa_s->eapol, 1);
1107 wpa_ie_len = sizeof(wpa_ie);
1108 if (wpa_supplicant_set_suites(wpa_s, bss, ssid,
1109 wpa_ie, &wpa_ie_len)) {
1110 wpa_printf(MSG_WARNING, "WPA: Failed to set WPA key "
1111 "management and encryption suites");
1114 } else if (ssid->key_mgmt &
1115 (WPA_KEY_MGMT_PSK | WPA_KEY_MGMT_IEEE8021X |
1116 WPA_KEY_MGMT_WPA_NONE | WPA_KEY_MGMT_FT_PSK |
1117 WPA_KEY_MGMT_FT_IEEE8021X | WPA_KEY_MGMT_PSK_SHA256 |
1118 WPA_KEY_MGMT_IEEE8021X_SHA256)) {
1119 wpa_ie_len = sizeof(wpa_ie);
1120 if (wpa_supplicant_set_suites(wpa_s, NULL, ssid,
1121 wpa_ie, &wpa_ie_len)) {
1122 wpa_printf(MSG_WARNING, "WPA: Failed to set WPA key "
1123 "management and encryption suites (no scan "
1128 } else if (ssid->key_mgmt & WPA_KEY_MGMT_WPS) {
1129 struct wpabuf *wps_ie;
1130 wps_ie = wps_build_assoc_req_ie(wpas_wps_get_req_type(ssid));
1131 if (wps_ie && wpabuf_len(wps_ie) <= sizeof(wpa_ie)) {
1132 wpa_ie_len = wpabuf_len(wps_ie);
1133 os_memcpy(wpa_ie, wpabuf_head(wps_ie), wpa_ie_len);
1136 wpabuf_free(wps_ie);
1137 wpa_supplicant_set_non_wpa_policy(wpa_s, ssid);
1138 if (!bss || (bss->caps & IEEE80211_CAP_PRIVACY))
1139 params.wps = WPS_MODE_PRIVACY;
1141 params.wps = WPS_MODE_OPEN;
1142 #endif /* CONFIG_WPS */
1144 wpa_supplicant_set_non_wpa_policy(wpa_s, ssid);
1148 wpa_clear_keys(wpa_s, bss ? bss->bssid : NULL);
1150 cipher_pairwise = cipher_suite2driver(wpa_s->pairwise_cipher);
1151 cipher_group = cipher_suite2driver(wpa_s->group_cipher);
1152 if (wpa_s->key_mgmt == WPA_KEY_MGMT_NONE ||
1153 wpa_s->key_mgmt == WPA_KEY_MGMT_IEEE8021X_NO_WPA) {
1154 if (wpa_s->key_mgmt == WPA_KEY_MGMT_NONE)
1156 if (wpa_set_wep_keys(wpa_s, ssid)) {
1161 if (wpa_s->key_mgmt == WPA_KEY_MGMT_WPS)
1164 #ifdef IEEE8021X_EAPOL
1165 if (wpa_s->key_mgmt == WPA_KEY_MGMT_IEEE8021X_NO_WPA) {
1166 if ((ssid->eapol_flags &
1167 (EAPOL_FLAG_REQUIRE_KEY_UNICAST |
1168 EAPOL_FLAG_REQUIRE_KEY_BROADCAST)) == 0 &&
1172 /* Assume that dynamic WEP-104 keys will be used and
1173 * set cipher suites in order for drivers to expect
1175 cipher_pairwise = cipher_group = CIPHER_WEP104;
1178 #endif /* IEEE8021X_EAPOL */
1180 if (wpa_s->key_mgmt == WPA_KEY_MGMT_WPA_NONE) {
1181 /* Set the key before (and later after) association */
1182 wpa_supplicant_set_wpa_none_key(wpa_s, ssid);
1185 wpa_supplicant_set_state(wpa_s, WPA_ASSOCIATING);
1187 params.bssid = bss->bssid;
1188 params.ssid = bss->ssid;
1189 params.ssid_len = bss->ssid_len;
1190 params.freq = bss->freq;
1192 params.ssid = ssid->ssid;
1193 params.ssid_len = ssid->ssid_len;
1195 if (ssid->mode == WPAS_MODE_IBSS && ssid->frequency > 0 &&
1197 params.freq = ssid->frequency; /* Initial channel for IBSS */
1198 params.wpa_ie = wpa_ie;
1199 params.wpa_ie_len = wpa_ie_len;
1200 params.pairwise_suite = cipher_pairwise;
1201 params.group_suite = cipher_group;
1202 params.key_mgmt_suite = key_mgmt2driver(wpa_s->key_mgmt);
1203 params.auth_alg = algs;
1204 params.mode = ssid->mode;
1205 for (i = 0; i < NUM_WEP_KEYS; i++) {
1206 if (ssid->wep_key_len[i])
1207 params.wep_key[i] = ssid->wep_key[i];
1208 params.wep_key_len[i] = ssid->wep_key_len[i];
1210 params.wep_tx_keyidx = ssid->wep_tx_keyidx;
1212 if ((wpa_s->drv_flags & WPA_DRIVER_FLAGS_4WAY_HANDSHAKE) &&
1213 (params.key_mgmt_suite == KEY_MGMT_PSK ||
1214 params.key_mgmt_suite == KEY_MGMT_FT_PSK)) {
1215 params.passphrase = ssid->passphrase;
1217 params.psk = ssid->psk;
1220 params.drop_unencrypted = use_crypt;
1222 #ifdef CONFIG_IEEE80211W
1223 params.mgmt_frame_protection = ssid->ieee80211w;
1224 if (ssid->ieee80211w != NO_MGMT_FRAME_PROTECTION && bss) {
1225 const u8 *rsn = wpa_bss_get_ie(bss, WLAN_EID_RSN);
1226 struct wpa_ie_data ie;
1227 if (rsn && wpa_parse_wpa_ie(rsn, 2 + rsn[1], &ie) == 0 &&
1229 (WPA_CAPABILITY_MFPC | WPA_CAPABILITY_MFPR)) {
1230 wpa_printf(MSG_DEBUG, "WPA: Selected AP supports MFP: "
1232 params.mgmt_frame_protection =
1233 MGMT_FRAME_PROTECTION_REQUIRED;
1236 #endif /* CONFIG_IEEE80211W */
1238 if (wpa_s->drv_flags & WPA_DRIVER_FLAGS_USER_SPACE_MLME)
1239 ret = ieee80211_sta_associate(wpa_s, ¶ms);
1241 ret = wpa_drv_associate(wpa_s, ¶ms);
1243 wpa_msg(wpa_s, MSG_INFO, "Association request to the driver "
1245 /* try to continue anyway; new association will be tried again
1250 if (wpa_s->key_mgmt == WPA_KEY_MGMT_WPA_NONE) {
1251 /* Set the key after the association just in case association
1252 * cleared the previously configured key. */
1253 wpa_supplicant_set_wpa_none_key(wpa_s, ssid);
1254 /* No need to timeout authentication since there is no key
1256 wpa_supplicant_cancel_auth_timeout(wpa_s);
1257 wpa_supplicant_set_state(wpa_s, WPA_COMPLETED);
1258 #ifdef CONFIG_IBSS_RSN
1259 } else if (ssid->mode == WPAS_MODE_IBSS &&
1260 wpa_s->key_mgmt != WPA_KEY_MGMT_NONE &&
1261 wpa_s->key_mgmt != WPA_KEY_MGMT_WPA_NONE) {
1262 ibss_rsn_set_psk(wpa_s->ibss_rsn, ssid->psk);
1264 * RSN IBSS authentication is per-STA and we can disable the
1265 * per-BSSID authentication.
1267 wpa_supplicant_cancel_auth_timeout(wpa_s);
1268 #endif /* CONFIG_IBSS_RSN */
1270 /* Timeout for IEEE 802.11 authentication and association */
1274 /* give IBSS a bit more time */
1275 timeout = ssid->mode == WPAS_MODE_IBSS ? 10 : 5;
1276 } else if (wpa_s->conf->ap_scan == 1) {
1277 /* give IBSS a bit more time */
1278 timeout = ssid->mode == WPAS_MODE_IBSS ? 20 : 10;
1280 wpa_supplicant_req_auth_timeout(wpa_s, timeout, 0);
1283 if (wep_keys_set && wpa_drv_get_capa(wpa_s, &capa) == 0 &&
1284 capa.flags & WPA_DRIVER_FLAGS_SET_KEYS_AFTER_ASSOC) {
1285 /* Set static WEP keys again */
1286 wpa_set_wep_keys(wpa_s, ssid);
1289 if (wpa_s->current_ssid && wpa_s->current_ssid != ssid) {
1291 * Do not allow EAP session resumption between different
1292 * network configurations.
1294 eapol_sm_invalidate_cached_session(wpa_s->eapol);
1296 old_ssid = wpa_s->current_ssid;
1297 wpa_s->current_ssid = ssid;
1298 wpa_s->current_bss = bss;
1299 wpa_supplicant_rsn_supp_set_config(wpa_s, wpa_s->current_ssid);
1300 wpa_supplicant_initiate_eapol(wpa_s);
1301 if (old_ssid != wpa_s->current_ssid)
1302 wpas_notify_network_changed(wpa_s);
1306 static void wpa_supplicant_clear_connection(struct wpa_supplicant *wpa_s,
1309 struct wpa_ssid *old_ssid;
1311 wpa_clear_keys(wpa_s, addr);
1312 wpa_supplicant_mark_disassoc(wpa_s);
1313 old_ssid = wpa_s->current_ssid;
1314 wpa_s->current_ssid = NULL;
1315 wpa_s->current_bss = NULL;
1316 wpa_sm_set_config(wpa_s->wpa, NULL);
1317 eapol_sm_notify_config(wpa_s->eapol, NULL, NULL);
1318 if (old_ssid != wpa_s->current_ssid)
1319 wpas_notify_network_changed(wpa_s);
1320 eloop_cancel_timeout(wpa_supplicant_timeout, wpa_s, NULL);
1325 * wpa_supplicant_disassociate - Disassociate the current connection
1326 * @wpa_s: Pointer to wpa_supplicant data
1327 * @reason_code: IEEE 802.11 reason code for the disassociate frame
1329 * This function is used to request %wpa_supplicant to disassociate with the
1332 void wpa_supplicant_disassociate(struct wpa_supplicant *wpa_s,
1337 if (!is_zero_ether_addr(wpa_s->bssid)) {
1338 if (wpa_s->drv_flags & WPA_DRIVER_FLAGS_USER_SPACE_MLME)
1339 ieee80211_sta_disassociate(wpa_s, reason_code);
1341 wpa_drv_disassociate(wpa_s, wpa_s->bssid, reason_code);
1342 addr = wpa_s->bssid;
1345 wpa_supplicant_clear_connection(wpa_s, addr);
1350 * wpa_supplicant_deauthenticate - Deauthenticate the current connection
1351 * @wpa_s: Pointer to wpa_supplicant data
1352 * @reason_code: IEEE 802.11 reason code for the deauthenticate frame
1354 * This function is used to request %wpa_supplicant to deauthenticate from the
1357 void wpa_supplicant_deauthenticate(struct wpa_supplicant *wpa_s,
1362 if (!is_zero_ether_addr(wpa_s->bssid)) {
1363 if (wpa_s->drv_flags & WPA_DRIVER_FLAGS_USER_SPACE_MLME)
1364 ieee80211_sta_deauthenticate(wpa_s, reason_code);
1366 wpa_drv_deauthenticate(wpa_s, wpa_s->bssid,
1368 addr = wpa_s->bssid;
1371 wpa_supplicant_clear_connection(wpa_s, addr);
1376 * wpa_supplicant_enable_network - Mark a configured network as enabled
1377 * @wpa_s: wpa_supplicant structure for a network interface
1378 * @ssid: wpa_ssid structure for a configured network or %NULL
1380 * Enables the specified network or all networks if no network specified.
1382 void wpa_supplicant_enable_network(struct wpa_supplicant *wpa_s,
1383 struct wpa_ssid *ssid)
1385 struct wpa_ssid *other_ssid;
1389 other_ssid = wpa_s->conf->ssid;
1390 while (other_ssid) {
1391 if (other_ssid == wpa_s->current_ssid &&
1392 other_ssid->disabled)
1393 wpa_s->reassociate = 1;
1395 was_disabled = other_ssid->disabled;
1397 other_ssid->disabled = 0;
1399 if (was_disabled != other_ssid->disabled)
1400 wpas_notify_network_enabled_changed(
1403 other_ssid = other_ssid->next;
1405 if (wpa_s->reassociate)
1406 wpa_supplicant_req_scan(wpa_s, 0, 0);
1407 } else if (ssid->disabled) {
1408 if (wpa_s->current_ssid == NULL) {
1410 * Try to reassociate since there is no current
1411 * configuration and a new network was made available.
1413 wpa_s->reassociate = 1;
1414 wpa_supplicant_req_scan(wpa_s, 0, 0);
1417 was_disabled = ssid->disabled;
1421 if (was_disabled != ssid->disabled)
1422 wpas_notify_network_enabled_changed(wpa_s, ssid);
1428 * wpa_supplicant_disable_network - Mark a configured network as disabled
1429 * @wpa_s: wpa_supplicant structure for a network interface
1430 * @ssid: wpa_ssid structure for a configured network or %NULL
1432 * Disables the specified network or all networks if no network specified.
1434 void wpa_supplicant_disable_network(struct wpa_supplicant *wpa_s,
1435 struct wpa_ssid *ssid)
1437 struct wpa_ssid *other_ssid;
1441 other_ssid = wpa_s->conf->ssid;
1442 while (other_ssid) {
1443 was_disabled = other_ssid->disabled;
1445 other_ssid->disabled = 1;
1447 if (was_disabled != other_ssid->disabled)
1448 wpas_notify_network_enabled_changed(
1451 other_ssid = other_ssid->next;
1453 if (wpa_s->current_ssid)
1454 wpa_supplicant_disassociate(
1455 wpa_s, WLAN_REASON_DEAUTH_LEAVING);
1457 if (ssid == wpa_s->current_ssid)
1458 wpa_supplicant_disassociate(
1459 wpa_s, WLAN_REASON_DEAUTH_LEAVING);
1461 was_disabled = ssid->disabled;
1465 if (was_disabled != ssid->disabled)
1466 wpas_notify_network_enabled_changed(wpa_s, ssid);
1472 * wpa_supplicant_select_network - Attempt association with a network
1473 * @wpa_s: wpa_supplicant structure for a network interface
1474 * @ssid: wpa_ssid structure for a configured network or %NULL for any network
1476 void wpa_supplicant_select_network(struct wpa_supplicant *wpa_s,
1477 struct wpa_ssid *ssid)
1480 struct wpa_ssid *other_ssid;
1482 if (ssid && ssid != wpa_s->current_ssid && wpa_s->current_ssid)
1483 wpa_supplicant_disassociate(
1484 wpa_s, WLAN_REASON_DEAUTH_LEAVING);
1487 * Mark all other networks disabled or mark all networks enabled if no
1488 * network specified.
1490 other_ssid = wpa_s->conf->ssid;
1491 while (other_ssid) {
1492 int was_disabled = other_ssid->disabled;
1494 other_ssid->disabled = ssid ? (ssid->id != other_ssid->id) : 0;
1496 if (was_disabled != other_ssid->disabled)
1497 wpas_notify_network_enabled_changed(wpa_s, other_ssid);
1499 other_ssid = other_ssid->next;
1501 wpa_s->disconnected = 0;
1502 wpa_s->reassociate = 1;
1503 wpa_supplicant_req_scan(wpa_s, 0, 0);
1506 wpas_notify_network_selected(wpa_s, ssid);
1511 * wpa_supplicant_set_ap_scan - Set AP scan mode for interface
1512 * @wpa_s: wpa_supplicant structure for a network interface
1513 * @ap_scan: AP scan mode
1514 * Returns: 0 if succeed or -1 if ap_scan has an invalid value
1517 int wpa_supplicant_set_ap_scan(struct wpa_supplicant *wpa_s, int ap_scan)
1522 if (ap_scan < 0 || ap_scan > 2)
1525 old_ap_scan = wpa_s->conf->ap_scan;
1526 wpa_s->conf->ap_scan = ap_scan;
1528 if (old_ap_scan != wpa_s->conf->ap_scan)
1529 wpas_notify_ap_scan_changed(wpa_s);
1536 * wpa_supplicant_set_debug_params - Set global debug params
1537 * @global: wpa_global structure
1538 * @debug_level: debug level
1539 * @debug_timestamp: determines if show timestamp in debug data
1540 * @debug_show_keys: determines if show keys in debug data
1541 * Returns: 0 if succeed or -1 if debug_level has wrong value
1543 int wpa_supplicant_set_debug_params(struct wpa_global *global, int debug_level,
1544 int debug_timestamp, int debug_show_keys)
1547 int old_level, old_timestamp, old_show_keys;
1549 /* check for allowed debuglevels */
1550 if (debug_level != MSG_MSGDUMP &&
1551 debug_level != MSG_DEBUG &&
1552 debug_level != MSG_INFO &&
1553 debug_level != MSG_WARNING &&
1554 debug_level != MSG_ERROR)
1557 old_level = wpa_debug_level;
1558 old_timestamp = wpa_debug_timestamp;
1559 old_show_keys = wpa_debug_show_keys;
1561 wpa_debug_level = debug_level;
1562 wpa_debug_timestamp = debug_timestamp ? 1 : 0;
1563 wpa_debug_show_keys = debug_show_keys ? 1 : 0;
1565 if (wpa_debug_level != old_level)
1566 wpas_notify_debug_level_changed(global);
1567 if (wpa_debug_timestamp != old_timestamp)
1568 wpas_notify_debug_timestamp_changed(global);
1569 if (wpa_debug_show_keys != old_show_keys)
1570 wpas_notify_debug_show_keys_changed(global);
1577 * wpa_supplicant_get_ssid - Get a pointer to the current network structure
1578 * @wpa_s: Pointer to wpa_supplicant data
1579 * Returns: A pointer to the current network structure or %NULL on failure
1581 struct wpa_ssid * wpa_supplicant_get_ssid(struct wpa_supplicant *wpa_s)
1583 struct wpa_ssid *entry;
1584 u8 ssid[MAX_SSID_LEN];
1590 if (wpa_s->drv_flags & WPA_DRIVER_FLAGS_USER_SPACE_MLME) {
1591 if (ieee80211_sta_get_ssid(wpa_s, ssid, &ssid_len)) {
1592 wpa_printf(MSG_WARNING, "Could not read SSID from "
1597 res = wpa_drv_get_ssid(wpa_s, ssid);
1599 wpa_printf(MSG_WARNING, "Could not read SSID from "
1606 if (wpa_s->drv_flags & WPA_DRIVER_FLAGS_USER_SPACE_MLME)
1607 os_memcpy(bssid, wpa_s->bssid, ETH_ALEN);
1608 else if (wpa_drv_get_bssid(wpa_s, bssid) < 0) {
1609 wpa_printf(MSG_WARNING, "Could not read BSSID from driver.");
1613 wired = wpa_s->conf->ap_scan == 0 &&
1614 (wpa_s->drv_flags & WPA_DRIVER_FLAGS_WIRED);
1616 entry = wpa_s->conf->ssid;
1618 if (!entry->disabled &&
1619 ((ssid_len == entry->ssid_len &&
1620 os_memcmp(ssid, entry->ssid, ssid_len) == 0) || wired) &&
1621 (!entry->bssid_set ||
1622 os_memcmp(bssid, entry->bssid, ETH_ALEN) == 0))
1625 if (!entry->disabled &&
1626 (entry->key_mgmt & WPA_KEY_MGMT_WPS) &&
1627 (entry->ssid == NULL || entry->ssid_len == 0) &&
1628 (!entry->bssid_set ||
1629 os_memcmp(bssid, entry->bssid, ETH_ALEN) == 0))
1631 #endif /* CONFIG_WPS */
1632 entry = entry->next;
1639 static int wpa_supplicant_set_driver(struct wpa_supplicant *wpa_s,
1649 if (wpa_drivers[0] == NULL) {
1650 wpa_printf(MSG_ERROR, "No driver interfaces build into "
1656 /* default to first driver in the list */
1657 wpa_s->driver = wpa_drivers[0];
1658 wpa_s->global_drv_priv = wpa_s->global->drv_priv[0];
1662 pos = os_strchr(name, ',');
1666 len = os_strlen(name);
1667 for (i = 0; wpa_drivers[i]; i++) {
1668 if (os_strlen(wpa_drivers[i]->name) == len &&
1669 os_strncmp(name, wpa_drivers[i]->name, len) ==
1671 wpa_s->driver = wpa_drivers[i];
1672 wpa_s->global_drv_priv = wpa_s->global->drv_priv[i];
1677 wpa_printf(MSG_ERROR, "Unsupported driver '%s'.", name);
1683 * wpa_supplicant_rx_eapol - Deliver a received EAPOL frame to wpa_supplicant
1684 * @ctx: Context pointer (wpa_s); this is the ctx variable registered
1685 * with struct wpa_driver_ops::init()
1686 * @src_addr: Source address of the EAPOL frame
1687 * @buf: EAPOL data starting from the EAPOL header (i.e., no Ethernet header)
1688 * @len: Length of the EAPOL data
1690 * This function is called for each received EAPOL frame. Most driver
1691 * interfaces rely on more generic OS mechanism for receiving frames through
1692 * l2_packet, but if such a mechanism is not available, the driver wrapper may
1693 * take care of received EAPOL frames and deliver them to the core supplicant
1694 * code by calling this function.
1696 void wpa_supplicant_rx_eapol(void *ctx, const u8 *src_addr,
1697 const u8 *buf, size_t len)
1699 struct wpa_supplicant *wpa_s = ctx;
1701 wpa_printf(MSG_DEBUG, "RX EAPOL from " MACSTR, MAC2STR(src_addr));
1702 wpa_hexdump(MSG_MSGDUMP, "RX EAPOL", buf, len);
1704 if (wpa_s->wpa_state < WPA_ASSOCIATED) {
1706 * There is possible race condition between receiving the
1707 * association event and the EAPOL frame since they are coming
1708 * through different paths from the driver. In order to avoid
1709 * issues in trying to process the EAPOL frame before receiving
1710 * association information, lets queue it for processing until
1711 * the association event is received.
1713 wpa_printf(MSG_DEBUG, "Not associated - Delay processing of "
1714 "received EAPOL frame");
1715 wpabuf_free(wpa_s->pending_eapol_rx);
1716 wpa_s->pending_eapol_rx = wpabuf_alloc_copy(buf, len);
1717 if (wpa_s->pending_eapol_rx) {
1718 os_get_time(&wpa_s->pending_eapol_rx_time);
1719 os_memcpy(wpa_s->pending_eapol_rx_src, src_addr,
1726 if (wpa_s->ap_iface) {
1727 wpa_supplicant_ap_rx_eapol(wpa_s, src_addr, buf, len);
1730 #endif /* CONFIG_AP */
1732 if (wpa_s->key_mgmt == WPA_KEY_MGMT_NONE) {
1733 wpa_printf(MSG_DEBUG, "Ignored received EAPOL frame since "
1734 "no key management is configured");
1738 if (wpa_s->eapol_received == 0 &&
1739 (!(wpa_s->drv_flags & WPA_DRIVER_FLAGS_4WAY_HANDSHAKE) ||
1740 !wpa_key_mgmt_wpa_psk(wpa_s->key_mgmt) ||
1741 wpa_s->wpa_state != WPA_COMPLETED) &&
1742 (wpa_s->current_ssid == NULL ||
1743 wpa_s->current_ssid->mode != IEEE80211_MODE_IBSS)) {
1744 /* Timeout for completing IEEE 802.1X and WPA authentication */
1745 wpa_supplicant_req_auth_timeout(
1747 (wpa_key_mgmt_wpa_ieee8021x(wpa_s->key_mgmt) ||
1748 wpa_s->key_mgmt == WPA_KEY_MGMT_IEEE8021X_NO_WPA ||
1749 wpa_s->key_mgmt == WPA_KEY_MGMT_WPS) ?
1752 wpa_s->eapol_received++;
1754 if (wpa_s->countermeasures) {
1755 wpa_printf(MSG_INFO, "WPA: Countermeasures - dropped EAPOL "
1760 #ifdef CONFIG_IBSS_RSN
1761 if (wpa_s->current_ssid &&
1762 wpa_s->current_ssid->mode == WPAS_MODE_IBSS) {
1763 ibss_rsn_rx_eapol(wpa_s->ibss_rsn, src_addr, buf, len);
1766 #endif /* CONFIG_IBSS_RSN */
1768 /* Source address of the incoming EAPOL frame could be compared to the
1769 * current BSSID. However, it is possible that a centralized
1770 * Authenticator could be using another MAC address than the BSSID of
1771 * an AP, so just allow any address to be used for now. The replies are
1772 * still sent to the current BSSID (if available), though. */
1774 os_memcpy(wpa_s->last_eapol_src, src_addr, ETH_ALEN);
1775 if (!wpa_key_mgmt_wpa_psk(wpa_s->key_mgmt) &&
1776 eapol_sm_rx_eapol(wpa_s->eapol, src_addr, buf, len) > 0)
1778 wpa_drv_poll(wpa_s);
1779 if (!(wpa_s->drv_flags & WPA_DRIVER_FLAGS_4WAY_HANDSHAKE))
1780 wpa_sm_rx_eapol(wpa_s->wpa, src_addr, buf, len);
1781 else if (wpa_key_mgmt_wpa_ieee8021x(wpa_s->key_mgmt)) {
1783 * Set portValid = TRUE here since we are going to skip 4-way
1784 * handshake processing which would normally set portValid. We
1785 * need this to allow the EAPOL state machines to be completed
1786 * without going through EAPOL-Key handshake.
1788 eapol_sm_notify_portValid(wpa_s->eapol, TRUE);
1794 * wpa_supplicant_driver_init - Initialize driver interface parameters
1795 * @wpa_s: Pointer to wpa_supplicant data
1796 * Returns: 0 on success, -1 on failure
1798 * This function is called to initialize driver interface parameters.
1799 * wpa_drv_init() must have been called before this function to initialize the
1802 int wpa_supplicant_driver_init(struct wpa_supplicant *wpa_s)
1804 static int interface_count = 0;
1806 if (wpa_s->driver->send_eapol) {
1807 const u8 *addr = wpa_drv_get_mac_addr(wpa_s);
1809 os_memcpy(wpa_s->own_addr, addr, ETH_ALEN);
1811 wpa_s->l2 = l2_packet_init(wpa_s->ifname,
1812 wpa_drv_get_mac_addr(wpa_s),
1814 wpa_supplicant_rx_eapol, wpa_s, 0);
1815 if (wpa_s->l2 == NULL)
1819 if (wpa_s->l2 && l2_packet_get_own_addr(wpa_s->l2, wpa_s->own_addr)) {
1820 wpa_printf(MSG_ERROR, "Failed to get own L2 address");
1824 wpa_printf(MSG_DEBUG, "Own MAC address: " MACSTR,
1825 MAC2STR(wpa_s->own_addr));
1827 if (wpa_s->bridge_ifname[0]) {
1828 wpa_printf(MSG_DEBUG, "Receiving packets from bridge interface"
1829 " '%s'", wpa_s->bridge_ifname);
1830 wpa_s->l2_br = l2_packet_init(wpa_s->bridge_ifname,
1833 wpa_supplicant_rx_eapol, wpa_s,
1835 if (wpa_s->l2_br == NULL) {
1836 wpa_printf(MSG_ERROR, "Failed to open l2_packet "
1837 "connection for the bridge interface '%s'",
1838 wpa_s->bridge_ifname);
1843 wpa_clear_keys(wpa_s, NULL);
1845 /* Make sure that TKIP countermeasures are not left enabled (could
1846 * happen if wpa_supplicant is killed during countermeasures. */
1847 wpa_drv_set_countermeasures(wpa_s, 0);
1849 wpa_printf(MSG_DEBUG, "RSN: flushing PMKID list in the driver");
1850 wpa_drv_flush_pmkid(wpa_s);
1852 wpa_s->prev_scan_ssid = WILDCARD_SSID_SCAN;
1853 if (wpa_supplicant_enabled_networks(wpa_s->conf)) {
1854 wpa_supplicant_req_scan(wpa_s, interface_count, 100000);
1857 wpa_supplicant_set_state(wpa_s, WPA_INACTIVE);
1863 static int wpa_supplicant_daemon(const char *pid_file)
1865 wpa_printf(MSG_DEBUG, "Daemonize..");
1866 return os_daemonize(pid_file);
1870 static struct wpa_supplicant * wpa_supplicant_alloc(void)
1872 struct wpa_supplicant *wpa_s;
1874 wpa_s = os_zalloc(sizeof(*wpa_s));
1877 wpa_s->scan_req = 1;
1878 wpa_s->new_connection = 1;
1884 static int wpa_supplicant_init_iface(struct wpa_supplicant *wpa_s,
1885 struct wpa_interface *iface)
1887 const char *ifname, *driver;
1888 struct wpa_driver_capa capa;
1890 wpa_printf(MSG_DEBUG, "Initializing interface '%s' conf '%s' driver "
1891 "'%s' ctrl_interface '%s' bridge '%s'", iface->ifname,
1892 iface->confname ? iface->confname : "N/A",
1893 iface->driver ? iface->driver : "default",
1894 iface->ctrl_interface ? iface->ctrl_interface : "N/A",
1895 iface->bridge_ifname ? iface->bridge_ifname : "N/A");
1897 if (iface->confname) {
1898 #ifdef CONFIG_BACKEND_FILE
1899 wpa_s->confname = os_rel2abs_path(iface->confname);
1900 if (wpa_s->confname == NULL) {
1901 wpa_printf(MSG_ERROR, "Failed to get absolute path "
1902 "for configuration file '%s'.",
1906 wpa_printf(MSG_DEBUG, "Configuration file '%s' -> '%s'",
1907 iface->confname, wpa_s->confname);
1908 #else /* CONFIG_BACKEND_FILE */
1909 wpa_s->confname = os_strdup(iface->confname);
1910 #endif /* CONFIG_BACKEND_FILE */
1911 wpa_s->conf = wpa_config_read(wpa_s->confname);
1912 if (wpa_s->conf == NULL) {
1913 wpa_printf(MSG_ERROR, "Failed to read or parse "
1914 "configuration '%s'.", wpa_s->confname);
1919 * Override ctrl_interface and driver_param if set on command
1922 if (iface->ctrl_interface) {
1923 os_free(wpa_s->conf->ctrl_interface);
1924 wpa_s->conf->ctrl_interface =
1925 os_strdup(iface->ctrl_interface);
1928 if (iface->driver_param) {
1929 os_free(wpa_s->conf->driver_param);
1930 wpa_s->conf->driver_param =
1931 os_strdup(iface->driver_param);
1934 wpa_s->conf = wpa_config_alloc_empty(iface->ctrl_interface,
1935 iface->driver_param);
1937 if (wpa_s->conf == NULL) {
1938 wpa_printf(MSG_ERROR, "\nNo configuration found.");
1942 if (iface->ifname == NULL) {
1943 wpa_printf(MSG_ERROR, "\nInterface name is required.");
1946 if (os_strlen(iface->ifname) >= sizeof(wpa_s->ifname)) {
1947 wpa_printf(MSG_ERROR, "\nToo long interface name '%s'.",
1951 os_strlcpy(wpa_s->ifname, iface->ifname, sizeof(wpa_s->ifname));
1953 if (iface->bridge_ifname) {
1954 if (os_strlen(iface->bridge_ifname) >=
1955 sizeof(wpa_s->bridge_ifname)) {
1956 wpa_printf(MSG_ERROR, "\nToo long bridge interface "
1957 "name '%s'.", iface->bridge_ifname);
1960 os_strlcpy(wpa_s->bridge_ifname, iface->bridge_ifname,
1961 sizeof(wpa_s->bridge_ifname));
1964 /* RSNA Supplicant Key Management - INITIALIZE */
1965 eapol_sm_notify_portEnabled(wpa_s->eapol, FALSE);
1966 eapol_sm_notify_portValid(wpa_s->eapol, FALSE);
1968 /* Initialize driver interface and register driver event handler before
1969 * L2 receive handler so that association events are processed before
1970 * EAPOL-Key packets if both become available for the same select()
1972 driver = iface->driver;
1974 if (wpa_supplicant_set_driver(wpa_s, driver) < 0)
1977 wpa_s->drv_priv = wpa_drv_init(wpa_s, wpa_s->ifname);
1978 if (wpa_s->drv_priv == NULL) {
1980 pos = driver ? os_strchr(driver, ',') : NULL;
1982 wpa_printf(MSG_DEBUG, "Failed to initialize driver "
1983 "interface - try next driver wrapper");
1987 wpa_printf(MSG_ERROR, "Failed to initialize driver interface");
1990 if (wpa_drv_set_param(wpa_s, wpa_s->conf->driver_param) < 0) {
1991 wpa_printf(MSG_ERROR, "Driver interface rejected "
1992 "driver_param '%s'", wpa_s->conf->driver_param);
1996 ifname = wpa_drv_get_ifname(wpa_s);
1997 if (ifname && os_strcmp(ifname, wpa_s->ifname) != 0) {
1998 wpa_printf(MSG_DEBUG, "Driver interface replaced interface "
1999 "name with '%s'", ifname);
2000 os_strlcpy(wpa_s->ifname, ifname, sizeof(wpa_s->ifname));
2003 if (wpa_supplicant_init_wpa(wpa_s) < 0)
2006 wpa_sm_set_ifname(wpa_s->wpa, wpa_s->ifname,
2007 wpa_s->bridge_ifname[0] ? wpa_s->bridge_ifname :
2009 wpa_sm_set_fast_reauth(wpa_s->wpa, wpa_s->conf->fast_reauth);
2011 if (wpa_s->conf->dot11RSNAConfigPMKLifetime &&
2012 wpa_sm_set_param(wpa_s->wpa, RSNA_PMK_LIFETIME,
2013 wpa_s->conf->dot11RSNAConfigPMKLifetime)) {
2014 wpa_printf(MSG_ERROR, "Invalid WPA parameter value for "
2015 "dot11RSNAConfigPMKLifetime");
2019 if (wpa_s->conf->dot11RSNAConfigPMKReauthThreshold &&
2020 wpa_sm_set_param(wpa_s->wpa, RSNA_PMK_REAUTH_THRESHOLD,
2021 wpa_s->conf->dot11RSNAConfigPMKReauthThreshold)) {
2022 wpa_printf(MSG_ERROR, "Invalid WPA parameter value for "
2023 "dot11RSNAConfigPMKReauthThreshold");
2027 if (wpa_s->conf->dot11RSNAConfigSATimeout &&
2028 wpa_sm_set_param(wpa_s->wpa, RSNA_SA_TIMEOUT,
2029 wpa_s->conf->dot11RSNAConfigSATimeout)) {
2030 wpa_printf(MSG_ERROR, "Invalid WPA parameter value for "
2031 "dot11RSNAConfigSATimeout");
2035 if (wpa_drv_get_capa(wpa_s, &capa) == 0) {
2036 wpa_s->drv_flags = capa.flags;
2037 if (capa.flags & WPA_DRIVER_FLAGS_USER_SPACE_MLME) {
2038 if (ieee80211_sta_init(wpa_s))
2041 wpa_s->max_scan_ssids = capa.max_scan_ssids;
2042 wpa_s->max_remain_on_chan = capa.max_remain_on_chan;
2044 if (wpa_s->max_remain_on_chan == 0)
2045 wpa_s->max_remain_on_chan = 1000;
2047 if (wpa_supplicant_driver_init(wpa_s) < 0)
2050 if (wpa_s->conf->country[0] && wpa_s->conf->country[1] &&
2051 wpa_drv_set_country(wpa_s, wpa_s->conf->country)) {
2052 wpa_printf(MSG_DEBUG, "Failed to set country");
2056 wpa_sm_set_own_addr(wpa_s->wpa, wpa_s->own_addr);
2058 if (wpas_wps_init(wpa_s))
2061 if (wpa_supplicant_init_eapol(wpa_s) < 0)
2063 wpa_sm_set_eapol(wpa_s->wpa, wpa_s->eapol);
2065 wpa_s->ctrl_iface = wpa_supplicant_ctrl_iface_init(wpa_s);
2066 if (wpa_s->ctrl_iface == NULL) {
2067 wpa_printf(MSG_ERROR,
2068 "Failed to initialize control interface '%s'.\n"
2069 "You may have another wpa_supplicant process "
2070 "already running or the file was\n"
2071 "left by an unclean termination of wpa_supplicant "
2072 "in which case you will need\n"
2073 "to manually remove this file before starting "
2074 "wpa_supplicant again.\n",
2075 wpa_s->conf->ctrl_interface);
2079 #ifdef CONFIG_IBSS_RSN
2080 wpa_s->ibss_rsn = ibss_rsn_init(wpa_s);
2081 if (!wpa_s->ibss_rsn) {
2082 wpa_printf(MSG_DEBUG, "Failed to init IBSS RSN");
2085 #endif /* CONFIG_IBSS_RSN */
2087 if (wpa_bss_init(wpa_s) < 0)
2094 static void wpa_supplicant_deinit_iface(struct wpa_supplicant *wpa_s,
2097 if (wpa_s->drv_priv) {
2098 wpa_supplicant_deauthenticate(wpa_s,
2099 WLAN_REASON_DEAUTH_LEAVING);
2101 wpa_drv_set_countermeasures(wpa_s, 0);
2102 wpa_clear_keys(wpa_s, NULL);
2105 wpa_supplicant_cleanup(wpa_s);
2108 wpas_notify_iface_removed(wpa_s);
2110 if (wpa_s->drv_priv)
2111 wpa_drv_deinit(wpa_s);
2116 * wpa_supplicant_add_iface - Add a new network interface
2117 * @global: Pointer to global data from wpa_supplicant_init()
2118 * @iface: Interface configuration options
2119 * Returns: Pointer to the created interface or %NULL on failure
2121 * This function is used to add new network interfaces for %wpa_supplicant.
2122 * This can be called before wpa_supplicant_run() to add interfaces before the
2123 * main event loop has been started. In addition, new interfaces can be added
2124 * dynamically while %wpa_supplicant is already running. This could happen,
2125 * e.g., when a hotplug network adapter is inserted.
2127 struct wpa_supplicant * wpa_supplicant_add_iface(struct wpa_global *global,
2128 struct wpa_interface *iface)
2130 struct wpa_supplicant *wpa_s;
2131 struct wpa_interface t_iface;
2132 struct wpa_ssid *ssid;
2134 if (global == NULL || iface == NULL)
2137 wpa_s = wpa_supplicant_alloc();
2141 wpa_s->global = global;
2144 if (global->params.override_driver) {
2145 wpa_printf(MSG_DEBUG, "Override interface parameter: driver "
2147 iface->driver, global->params.override_driver);
2148 t_iface.driver = global->params.override_driver;
2150 if (global->params.override_ctrl_interface) {
2151 wpa_printf(MSG_DEBUG, "Override interface parameter: "
2152 "ctrl_interface ('%s' -> '%s')",
2153 iface->ctrl_interface,
2154 global->params.override_ctrl_interface);
2155 t_iface.ctrl_interface =
2156 global->params.override_ctrl_interface;
2158 if (wpa_supplicant_init_iface(wpa_s, &t_iface)) {
2159 wpa_printf(MSG_DEBUG, "Failed to add interface %s",
2161 wpa_supplicant_deinit_iface(wpa_s, 0);
2166 /* Notify the control interfaces about new iface */
2167 if (wpas_notify_iface_added(wpa_s)) {
2168 wpa_supplicant_deinit_iface(wpa_s, 1);
2173 for (ssid = wpa_s->conf->ssid; ssid; ssid = ssid->next)
2174 wpas_notify_network_added(wpa_s, ssid);
2176 wpa_s->next = global->ifaces;
2177 global->ifaces = wpa_s;
2179 wpa_printf(MSG_DEBUG, "Added interface %s", wpa_s->ifname);
2186 * wpa_supplicant_remove_iface - Remove a network interface
2187 * @global: Pointer to global data from wpa_supplicant_init()
2188 * @wpa_s: Pointer to the network interface to be removed
2189 * Returns: 0 if interface was removed, -1 if interface was not found
2191 * This function can be used to dynamically remove network interfaces from
2192 * %wpa_supplicant, e.g., when a hotplug network adapter is ejected. In
2193 * addition, this function is used to remove all remaining interfaces when
2194 * %wpa_supplicant is terminated.
2196 int wpa_supplicant_remove_iface(struct wpa_global *global,
2197 struct wpa_supplicant *wpa_s)
2199 struct wpa_supplicant *prev;
2201 /* Remove interface from the global list of interfaces */
2202 prev = global->ifaces;
2203 if (prev == wpa_s) {
2204 global->ifaces = wpa_s->next;
2206 while (prev && prev->next != wpa_s)
2210 prev->next = wpa_s->next;
2213 wpa_printf(MSG_DEBUG, "Removing interface %s", wpa_s->ifname);
2215 wpa_supplicant_deinit_iface(wpa_s, 1);
2223 * wpa_supplicant_get_iface - Get a new network interface
2224 * @global: Pointer to global data from wpa_supplicant_init()
2225 * @ifname: Interface name
2226 * Returns: Pointer to the interface or %NULL if not found
2228 struct wpa_supplicant * wpa_supplicant_get_iface(struct wpa_global *global,
2231 struct wpa_supplicant *wpa_s;
2233 for (wpa_s = global->ifaces; wpa_s; wpa_s = wpa_s->next) {
2234 if (os_strcmp(wpa_s->ifname, ifname) == 0)
2242 * wpa_supplicant_init - Initialize %wpa_supplicant
2243 * @params: Parameters for %wpa_supplicant
2244 * Returns: Pointer to global %wpa_supplicant data, or %NULL on failure
2246 * This function is used to initialize %wpa_supplicant. After successful
2247 * initialization, the returned data pointer can be used to add and remove
2248 * network interfaces, and eventually, to deinitialize %wpa_supplicant.
2250 struct wpa_global * wpa_supplicant_init(struct wpa_params *params)
2252 struct wpa_global *global;
2258 wpa_debug_open_file(params->wpa_debug_file_path);
2259 if (params->wpa_debug_syslog)
2260 wpa_debug_open_syslog();
2262 ret = eap_register_methods();
2264 wpa_printf(MSG_ERROR, "Failed to register EAP methods");
2266 wpa_printf(MSG_ERROR, "Two or more EAP methods used "
2267 "the same EAP type.");
2271 global = os_zalloc(sizeof(*global));
2274 global->params.daemonize = params->daemonize;
2275 global->params.wait_for_monitor = params->wait_for_monitor;
2276 global->params.dbus_ctrl_interface = params->dbus_ctrl_interface;
2277 if (params->pid_file)
2278 global->params.pid_file = os_strdup(params->pid_file);
2279 if (params->ctrl_interface)
2280 global->params.ctrl_interface =
2281 os_strdup(params->ctrl_interface);
2282 if (params->override_driver)
2283 global->params.override_driver =
2284 os_strdup(params->override_driver);
2285 if (params->override_ctrl_interface)
2286 global->params.override_ctrl_interface =
2287 os_strdup(params->override_ctrl_interface);
2288 wpa_debug_level = global->params.wpa_debug_level =
2289 params->wpa_debug_level;
2290 wpa_debug_show_keys = global->params.wpa_debug_show_keys =
2291 params->wpa_debug_show_keys;
2292 wpa_debug_timestamp = global->params.wpa_debug_timestamp =
2293 params->wpa_debug_timestamp;
2296 wpa_printf(MSG_ERROR, "Failed to initialize event loop");
2297 wpa_supplicant_deinit(global);
2301 global->ctrl_iface = wpa_supplicant_global_ctrl_iface_init(global);
2302 if (global->ctrl_iface == NULL) {
2303 wpa_supplicant_deinit(global);
2307 if (wpas_notify_supplicant_initialized(global)) {
2308 wpa_supplicant_deinit(global);
2312 for (i = 0; wpa_drivers[i]; i++)
2313 global->drv_count++;
2314 if (global->drv_count == 0) {
2315 wpa_printf(MSG_ERROR, "No drivers enabled");
2316 wpa_supplicant_deinit(global);
2319 global->drv_priv = os_zalloc(global->drv_count * sizeof(void *));
2320 if (global->drv_priv == NULL) {
2321 wpa_supplicant_deinit(global);
2324 for (i = 0; wpa_drivers[i]; i++) {
2325 if (!wpa_drivers[i]->global_init)
2327 global->drv_priv[i] = wpa_drivers[i]->global_init();
2328 if (global->drv_priv[i] == NULL) {
2329 wpa_printf(MSG_ERROR, "Failed to initialize driver "
2330 "'%s'", wpa_drivers[i]->name);
2331 wpa_supplicant_deinit(global);
2341 * wpa_supplicant_run - Run the %wpa_supplicant main event loop
2342 * @global: Pointer to global data from wpa_supplicant_init()
2343 * Returns: 0 after successful event loop run, -1 on failure
2345 * This function starts the main event loop and continues running as long as
2346 * there are any remaining events. In most cases, this function is running as
2347 * long as the %wpa_supplicant process in still in use.
2349 int wpa_supplicant_run(struct wpa_global *global)
2351 struct wpa_supplicant *wpa_s;
2353 if (global->params.daemonize &&
2354 wpa_supplicant_daemon(global->params.pid_file))
2357 if (global->params.wait_for_monitor) {
2358 for (wpa_s = global->ifaces; wpa_s; wpa_s = wpa_s->next)
2359 if (wpa_s->ctrl_iface)
2360 wpa_supplicant_ctrl_iface_wait(
2364 eloop_register_signal_terminate(wpa_supplicant_terminate, global);
2365 eloop_register_signal_reconfig(wpa_supplicant_reconfig, global);
2374 * wpa_supplicant_deinit - Deinitialize %wpa_supplicant
2375 * @global: Pointer to global data from wpa_supplicant_init()
2377 * This function is called to deinitialize %wpa_supplicant and to free all
2378 * allocated resources. Remaining network interfaces will also be removed.
2380 void wpa_supplicant_deinit(struct wpa_global *global)
2387 while (global->ifaces)
2388 wpa_supplicant_remove_iface(global, global->ifaces);
2390 if (global->ctrl_iface)
2391 wpa_supplicant_global_ctrl_iface_deinit(global->ctrl_iface);
2393 wpas_notify_supplicant_deinitialized(global);
2395 eap_peer_unregister_methods();
2397 eap_server_unregister_methods();
2398 #endif /* CONFIG_AP */
2400 for (i = 0; wpa_drivers[i] && global->drv_priv; i++) {
2401 if (!global->drv_priv[i])
2403 wpa_drivers[i]->global_deinit(global->drv_priv[i]);
2405 os_free(global->drv_priv);
2409 if (global->params.pid_file) {
2410 os_daemonize_terminate(global->params.pid_file);
2411 os_free(global->params.pid_file);
2413 os_free(global->params.ctrl_interface);
2414 os_free(global->params.override_driver);
2415 os_free(global->params.override_ctrl_interface);
2418 wpa_debug_close_syslog();
2419 wpa_debug_close_file();
2423 void wpa_supplicant_update_config(struct wpa_supplicant *wpa_s)
2426 wpas_wps_update_config(wpa_s);
2427 #endif /* CONFIG_WPS */
2429 wpa_s->conf->changed_parameters = 0;