3 * Copyright (c) 2003-2012, Jouni Malinen <j@w1.fi>
5 * This software may be distributed under the terms of the BSD license.
6 * See README for more details.
8 * This file implements functions for registering and unregistering
9 * %wpa_supplicant interfaces. In addition, this file contains number of
10 * functions for managing network connections.
16 #include "crypto/random.h"
17 #include "crypto/sha1.h"
18 #include "eapol_supp/eapol_supp_sm.h"
19 #include "eap_peer/eap.h"
20 #include "eap_server/eap_methods.h"
21 #include "rsn_supp/wpa.h"
24 #include "utils/ext_password.h"
25 #include "l2_packet/l2_packet.h"
26 #include "wpa_supplicant_i.h"
28 #include "ctrl_iface.h"
29 #include "pcsc_funcs.h"
30 #include "common/version.h"
31 #include "rsn_supp/preauth.h"
32 #include "rsn_supp/pmksa_cache.h"
33 #include "common/wpa_ctrl.h"
34 #include "common/ieee802_11_defs.h"
36 #include "blacklist.h"
37 #include "wpas_glue.h"
38 #include "wps_supplicant.h"
41 #include "gas_query.h"
43 #include "p2p_supplicant.h"
44 #include "wifi_display.h"
50 #include "offchannel.h"
51 #include "hs20_supplicant.h"
53 const char *wpa_supplicant_version =
54 "wpa_supplicant v" VERSION_STR "\n"
55 "Copyright (c) 2003-2013, Jouni Malinen <j@w1.fi> and contributors";
57 const char *wpa_supplicant_license =
58 "This software may be distributed under the terms of the BSD license.\n"
59 "See README for more details.\n"
60 #ifdef EAP_TLS_OPENSSL
61 "\nThis product includes software developed by the OpenSSL Project\n"
62 "for use in the OpenSSL Toolkit (http://www.openssl.org/)\n"
63 #endif /* EAP_TLS_OPENSSL */
66 #ifndef CONFIG_NO_STDOUT_DEBUG
67 /* Long text divided into parts in order to fit in C89 strings size limits. */
68 const char *wpa_supplicant_full_license1 =
70 const char *wpa_supplicant_full_license2 =
71 "This software may be distributed under the terms of the BSD license.\n"
73 "Redistribution and use in source and binary forms, with or without\n"
74 "modification, are permitted provided that the following conditions are\n"
77 const char *wpa_supplicant_full_license3 =
78 "1. Redistributions of source code must retain the above copyright\n"
79 " notice, this list of conditions and the following disclaimer.\n"
81 "2. Redistributions in binary form must reproduce the above copyright\n"
82 " notice, this list of conditions and the following disclaimer in the\n"
83 " documentation and/or other materials provided with the distribution.\n"
85 const char *wpa_supplicant_full_license4 =
86 "3. Neither the name(s) of the above-listed copyright holder(s) nor the\n"
87 " names of its contributors may be used to endorse or promote products\n"
88 " derived from this software without specific prior written permission.\n"
90 "THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS\n"
91 "\"AS IS\" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT\n"
92 "LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR\n"
93 "A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT\n";
94 const char *wpa_supplicant_full_license5 =
95 "OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,\n"
96 "SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT\n"
97 "LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,\n"
98 "DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY\n"
99 "THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT\n"
100 "(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE\n"
101 "OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n"
103 #endif /* CONFIG_NO_STDOUT_DEBUG */
105 extern int wpa_debug_level;
106 extern int wpa_debug_show_keys;
107 extern int wpa_debug_timestamp;
108 extern struct wpa_driver_ops *wpa_drivers[];
110 /* Configure default/group WEP keys for static WEP */
111 int wpa_set_wep_keys(struct wpa_supplicant *wpa_s, struct wpa_ssid *ssid)
115 for (i = 0; i < NUM_WEP_KEYS; i++) {
116 if (ssid->wep_key_len[i] == 0)
120 wpa_drv_set_key(wpa_s, WPA_ALG_WEP, NULL,
121 i, i == ssid->wep_tx_keyidx, NULL, 0,
122 ssid->wep_key[i], ssid->wep_key_len[i]);
129 static int wpa_supplicant_set_wpa_none_key(struct wpa_supplicant *wpa_s,
130 struct wpa_ssid *ssid)
137 /* IBSS/WPA-None uses only one key (Group) for both receiving and
138 * sending unicast and multicast packets. */
140 if (ssid->mode != WPAS_MODE_IBSS) {
141 wpa_msg(wpa_s, MSG_INFO, "WPA: Invalid mode %d (not "
142 "IBSS/ad-hoc) for WPA-None", ssid->mode);
146 if (!ssid->psk_set) {
147 wpa_msg(wpa_s, MSG_INFO, "WPA: No PSK configured for "
152 switch (wpa_s->group_cipher) {
153 case WPA_CIPHER_CCMP:
154 os_memcpy(key, ssid->psk, 16);
158 case WPA_CIPHER_GCMP:
159 os_memcpy(key, ssid->psk, 16);
163 case WPA_CIPHER_TKIP:
164 /* WPA-None uses the same Michael MIC key for both TX and RX */
165 os_memcpy(key, ssid->psk, 16 + 8);
166 os_memcpy(key + 16 + 8, ssid->psk + 16, 8);
171 wpa_msg(wpa_s, MSG_INFO, "WPA: Invalid group cipher %d for "
172 "WPA-None", wpa_s->group_cipher);
176 /* TODO: should actually remember the previously used seq#, both for TX
177 * and RX from each STA.. */
179 return wpa_drv_set_key(wpa_s, alg, NULL, 0, 1, seq, 6, key, keylen);
183 static void wpa_supplicant_timeout(void *eloop_ctx, void *timeout_ctx)
185 struct wpa_supplicant *wpa_s = eloop_ctx;
186 const u8 *bssid = wpa_s->bssid;
187 if (is_zero_ether_addr(bssid))
188 bssid = wpa_s->pending_bssid;
189 wpa_msg(wpa_s, MSG_INFO, "Authentication with " MACSTR " timed out.",
191 wpa_blacklist_add(wpa_s, bssid);
192 wpa_sm_notify_disassoc(wpa_s->wpa);
193 wpa_supplicant_deauthenticate(wpa_s, WLAN_REASON_DEAUTH_LEAVING);
194 wpa_s->reassociate = 1;
197 * If we timed out, the AP or the local radio may be busy.
198 * So, wait a second until scanning again.
200 wpa_supplicant_req_scan(wpa_s, 1, 0);
202 wpas_p2p_continue_after_scan(wpa_s);
207 * wpa_supplicant_req_auth_timeout - Schedule a timeout for authentication
208 * @wpa_s: Pointer to wpa_supplicant data
209 * @sec: Number of seconds after which to time out authentication
210 * @usec: Number of microseconds after which to time out authentication
212 * This function is used to schedule a timeout for the current authentication
215 void wpa_supplicant_req_auth_timeout(struct wpa_supplicant *wpa_s,
218 if (wpa_s->conf && wpa_s->conf->ap_scan == 0 &&
219 (wpa_s->drv_flags & WPA_DRIVER_FLAGS_WIRED))
222 wpa_dbg(wpa_s, MSG_DEBUG, "Setting authentication timeout: %d sec "
223 "%d usec", sec, usec);
224 eloop_cancel_timeout(wpa_supplicant_timeout, wpa_s, NULL);
225 eloop_register_timeout(sec, usec, wpa_supplicant_timeout, wpa_s, NULL);
230 * wpa_supplicant_cancel_auth_timeout - Cancel authentication timeout
231 * @wpa_s: Pointer to wpa_supplicant data
233 * This function is used to cancel authentication timeout scheduled with
234 * wpa_supplicant_req_auth_timeout() and it is called when authentication has
237 void wpa_supplicant_cancel_auth_timeout(struct wpa_supplicant *wpa_s)
239 wpa_dbg(wpa_s, MSG_DEBUG, "Cancelling authentication timeout");
240 eloop_cancel_timeout(wpa_supplicant_timeout, wpa_s, NULL);
241 wpa_blacklist_del(wpa_s, wpa_s->bssid);
246 * wpa_supplicant_initiate_eapol - Configure EAPOL state machine
247 * @wpa_s: Pointer to wpa_supplicant data
249 * This function is used to configure EAPOL state machine based on the selected
250 * authentication mode.
252 void wpa_supplicant_initiate_eapol(struct wpa_supplicant *wpa_s)
254 #ifdef IEEE8021X_EAPOL
255 struct eapol_config eapol_conf;
256 struct wpa_ssid *ssid = wpa_s->current_ssid;
258 #ifdef CONFIG_IBSS_RSN
259 if (ssid->mode == WPAS_MODE_IBSS &&
260 wpa_s->key_mgmt != WPA_KEY_MGMT_NONE &&
261 wpa_s->key_mgmt != WPA_KEY_MGMT_WPA_NONE) {
263 * RSN IBSS authentication is per-STA and we can disable the
264 * per-BSSID EAPOL authentication.
266 eapol_sm_notify_portControl(wpa_s->eapol, ForceAuthorized);
267 eapol_sm_notify_eap_success(wpa_s->eapol, TRUE);
268 eapol_sm_notify_eap_fail(wpa_s->eapol, FALSE);
271 #endif /* CONFIG_IBSS_RSN */
273 eapol_sm_notify_eap_success(wpa_s->eapol, FALSE);
274 eapol_sm_notify_eap_fail(wpa_s->eapol, FALSE);
276 if (wpa_s->key_mgmt == WPA_KEY_MGMT_NONE ||
277 wpa_s->key_mgmt == WPA_KEY_MGMT_WPA_NONE)
278 eapol_sm_notify_portControl(wpa_s->eapol, ForceAuthorized);
280 eapol_sm_notify_portControl(wpa_s->eapol, Auto);
282 os_memset(&eapol_conf, 0, sizeof(eapol_conf));
283 if (wpa_s->key_mgmt == WPA_KEY_MGMT_IEEE8021X_NO_WPA) {
284 eapol_conf.accept_802_1x_keys = 1;
285 eapol_conf.required_keys = 0;
286 if (ssid->eapol_flags & EAPOL_FLAG_REQUIRE_KEY_UNICAST) {
287 eapol_conf.required_keys |= EAPOL_REQUIRE_KEY_UNICAST;
289 if (ssid->eapol_flags & EAPOL_FLAG_REQUIRE_KEY_BROADCAST) {
290 eapol_conf.required_keys |=
291 EAPOL_REQUIRE_KEY_BROADCAST;
294 if (wpa_s->conf && (wpa_s->drv_flags & WPA_DRIVER_FLAGS_WIRED))
295 eapol_conf.required_keys = 0;
298 eapol_conf.fast_reauth = wpa_s->conf->fast_reauth;
299 eapol_conf.workaround = ssid->eap_workaround;
300 eapol_conf.eap_disabled =
301 !wpa_key_mgmt_wpa_ieee8021x(wpa_s->key_mgmt) &&
302 wpa_s->key_mgmt != WPA_KEY_MGMT_IEEE8021X_NO_WPA &&
303 wpa_s->key_mgmt != WPA_KEY_MGMT_WPS;
304 eapol_sm_notify_config(wpa_s->eapol, &ssid->eap, &eapol_conf);
305 #endif /* IEEE8021X_EAPOL */
310 * wpa_supplicant_set_non_wpa_policy - Set WPA parameters to non-WPA mode
311 * @wpa_s: Pointer to wpa_supplicant data
312 * @ssid: Configuration data for the network
314 * This function is used to configure WPA state machine and related parameters
315 * to a mode where WPA is not enabled. This is called as part of the
316 * authentication configuration when the selected network does not use WPA.
318 void wpa_supplicant_set_non_wpa_policy(struct wpa_supplicant *wpa_s,
319 struct wpa_ssid *ssid)
323 if (ssid->key_mgmt & WPA_KEY_MGMT_WPS)
324 wpa_s->key_mgmt = WPA_KEY_MGMT_WPS;
325 else if (ssid->key_mgmt & WPA_KEY_MGMT_IEEE8021X_NO_WPA)
326 wpa_s->key_mgmt = WPA_KEY_MGMT_IEEE8021X_NO_WPA;
328 wpa_s->key_mgmt = WPA_KEY_MGMT_NONE;
329 wpa_sm_set_ap_wpa_ie(wpa_s->wpa, NULL, 0);
330 wpa_sm_set_ap_rsn_ie(wpa_s->wpa, NULL, 0);
331 wpa_sm_set_assoc_wpa_ie(wpa_s->wpa, NULL, 0);
332 wpa_s->pairwise_cipher = WPA_CIPHER_NONE;
333 wpa_s->group_cipher = WPA_CIPHER_NONE;
334 wpa_s->mgmt_group_cipher = 0;
336 for (i = 0; i < NUM_WEP_KEYS; i++) {
337 if (ssid->wep_key_len[i] > 5) {
338 wpa_s->pairwise_cipher = WPA_CIPHER_WEP104;
339 wpa_s->group_cipher = WPA_CIPHER_WEP104;
341 } else if (ssid->wep_key_len[i] > 0) {
342 wpa_s->pairwise_cipher = WPA_CIPHER_WEP40;
343 wpa_s->group_cipher = WPA_CIPHER_WEP40;
348 wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_RSN_ENABLED, 0);
349 wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_KEY_MGMT, wpa_s->key_mgmt);
350 wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_PAIRWISE,
351 wpa_s->pairwise_cipher);
352 wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_GROUP, wpa_s->group_cipher);
353 #ifdef CONFIG_IEEE80211W
354 wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_MGMT_GROUP,
355 wpa_s->mgmt_group_cipher);
356 #endif /* CONFIG_IEEE80211W */
358 pmksa_cache_clear_current(wpa_s->wpa);
362 void free_hw_features(struct wpa_supplicant *wpa_s)
365 if (wpa_s->hw.modes == NULL)
368 for (i = 0; i < wpa_s->hw.num_modes; i++) {
369 os_free(wpa_s->hw.modes[i].channels);
370 os_free(wpa_s->hw.modes[i].rates);
373 os_free(wpa_s->hw.modes);
374 wpa_s->hw.modes = NULL;
378 static void wpa_supplicant_cleanup(struct wpa_supplicant *wpa_s)
380 bgscan_deinit(wpa_s);
381 autoscan_deinit(wpa_s);
382 scard_deinit(wpa_s->scard);
384 wpa_sm_set_scard_ctx(wpa_s->wpa, NULL);
385 eapol_sm_register_scard_ctx(wpa_s->eapol, NULL);
386 l2_packet_deinit(wpa_s->l2);
389 l2_packet_deinit(wpa_s->l2_br);
393 if (wpa_s->conf != NULL) {
394 struct wpa_ssid *ssid;
395 for (ssid = wpa_s->conf->ssid; ssid; ssid = ssid->next)
396 wpas_notify_network_removed(wpa_s, ssid);
399 os_free(wpa_s->confname);
400 wpa_s->confname = NULL;
402 os_free(wpa_s->confanother);
403 wpa_s->confanother = NULL;
405 wpa_sm_set_eapol(wpa_s->wpa, NULL);
406 eapol_sm_deinit(wpa_s->eapol);
409 rsn_preauth_deinit(wpa_s->wpa);
412 wpa_tdls_deinit(wpa_s->wpa);
413 #endif /* CONFIG_TDLS */
415 pmksa_candidate_free(wpa_s->wpa);
416 wpa_sm_deinit(wpa_s->wpa);
418 wpa_blacklist_clear(wpa_s);
420 wpa_bss_deinit(wpa_s);
422 wpa_supplicant_cancel_scan(wpa_s);
423 wpa_supplicant_cancel_auth_timeout(wpa_s);
424 eloop_cancel_timeout(wpa_supplicant_stop_countermeasures, wpa_s, NULL);
425 #ifdef CONFIG_DELAYED_MIC_ERROR_REPORT
426 eloop_cancel_timeout(wpa_supplicant_delayed_mic_error_report,
428 #endif /* CONFIG_DELAYED_MIC_ERROR_REPORT */
430 wpas_wps_deinit(wpa_s);
432 wpabuf_free(wpa_s->pending_eapol_rx);
433 wpa_s->pending_eapol_rx = NULL;
435 #ifdef CONFIG_IBSS_RSN
436 ibss_rsn_deinit(wpa_s->ibss_rsn);
437 wpa_s->ibss_rsn = NULL;
438 #endif /* CONFIG_IBSS_RSN */
443 wpa_supplicant_ap_deinit(wpa_s);
444 #endif /* CONFIG_AP */
447 wpas_p2p_deinit(wpa_s);
448 #endif /* CONFIG_P2P */
450 #ifdef CONFIG_OFFCHANNEL
451 offchannel_deinit(wpa_s);
452 #endif /* CONFIG_OFFCHANNEL */
454 wpa_supplicant_cancel_sched_scan(wpa_s);
456 os_free(wpa_s->next_scan_freqs);
457 wpa_s->next_scan_freqs = NULL;
459 gas_query_deinit(wpa_s->gas);
462 free_hw_features(wpa_s);
464 os_free(wpa_s->bssid_filter);
465 wpa_s->bssid_filter = NULL;
467 os_free(wpa_s->disallow_aps_bssid);
468 wpa_s->disallow_aps_bssid = NULL;
469 os_free(wpa_s->disallow_aps_ssid);
470 wpa_s->disallow_aps_ssid = NULL;
472 wnm_bss_keep_alive_deinit(wpa_s);
474 ext_password_deinit(wpa_s->ext_pw);
475 wpa_s->ext_pw = NULL;
477 wpabuf_free(wpa_s->last_gas_resp);
479 os_free(wpa_s->last_scan_res);
480 wpa_s->last_scan_res = NULL;
485 * wpa_clear_keys - Clear keys configured for the driver
486 * @wpa_s: Pointer to wpa_supplicant data
487 * @addr: Previously used BSSID or %NULL if not available
489 * This function clears the encryption keys that has been previously configured
492 void wpa_clear_keys(struct wpa_supplicant *wpa_s, const u8 *addr)
494 if (wpa_s->keys_cleared) {
495 /* Some drivers (e.g., ndiswrapper & NDIS drivers) seem to have
496 * timing issues with keys being cleared just before new keys
497 * are set or just after association or something similar. This
498 * shows up in group key handshake failing often because of the
499 * client not receiving the first encrypted packets correctly.
500 * Skipping some of the extra key clearing steps seems to help
501 * in completing group key handshake more reliably. */
502 wpa_dbg(wpa_s, MSG_DEBUG, "No keys have been configured - "
503 "skip key clearing");
507 /* MLME-DELETEKEYS.request */
508 wpa_drv_set_key(wpa_s, WPA_ALG_NONE, NULL, 0, 0, NULL, 0, NULL, 0);
509 wpa_drv_set_key(wpa_s, WPA_ALG_NONE, NULL, 1, 0, NULL, 0, NULL, 0);
510 wpa_drv_set_key(wpa_s, WPA_ALG_NONE, NULL, 2, 0, NULL, 0, NULL, 0);
511 wpa_drv_set_key(wpa_s, WPA_ALG_NONE, NULL, 3, 0, NULL, 0, NULL, 0);
512 #ifdef CONFIG_IEEE80211W
513 wpa_drv_set_key(wpa_s, WPA_ALG_NONE, NULL, 4, 0, NULL, 0, NULL, 0);
514 wpa_drv_set_key(wpa_s, WPA_ALG_NONE, NULL, 5, 0, NULL, 0, NULL, 0);
515 #endif /* CONFIG_IEEE80211W */
517 wpa_drv_set_key(wpa_s, WPA_ALG_NONE, addr, 0, 0, NULL, 0, NULL,
519 /* MLME-SETPROTECTION.request(None) */
520 wpa_drv_mlme_setprotection(
522 MLME_SETPROTECTION_PROTECT_TYPE_NONE,
523 MLME_SETPROTECTION_KEY_TYPE_PAIRWISE);
525 wpa_s->keys_cleared = 1;
530 * wpa_supplicant_state_txt - Get the connection state name as a text string
531 * @state: State (wpa_state; WPA_*)
532 * Returns: The state name as a printable text string
534 const char * wpa_supplicant_state_txt(enum wpa_states state)
537 case WPA_DISCONNECTED:
538 return "DISCONNECTED";
541 case WPA_INTERFACE_DISABLED:
542 return "INTERFACE_DISABLED";
545 case WPA_AUTHENTICATING:
546 return "AUTHENTICATING";
547 case WPA_ASSOCIATING:
548 return "ASSOCIATING";
551 case WPA_4WAY_HANDSHAKE:
552 return "4WAY_HANDSHAKE";
553 case WPA_GROUP_HANDSHAKE:
554 return "GROUP_HANDSHAKE";
565 static void wpa_supplicant_start_bgscan(struct wpa_supplicant *wpa_s)
567 if (wpas_driver_bss_selection(wpa_s))
569 if (wpa_s->current_ssid == wpa_s->bgscan_ssid)
572 bgscan_deinit(wpa_s);
573 if (wpa_s->current_ssid && wpa_s->current_ssid->bgscan) {
574 if (bgscan_init(wpa_s, wpa_s->current_ssid)) {
575 wpa_dbg(wpa_s, MSG_DEBUG, "Failed to initialize "
578 * Live without bgscan; it is only used as a roaming
579 * optimization, so the initial connection is not
583 struct wpa_scan_results *scan_res;
584 wpa_s->bgscan_ssid = wpa_s->current_ssid;
585 scan_res = wpa_supplicant_get_scan_results(wpa_s, NULL,
588 bgscan_notify_scan(wpa_s, scan_res);
589 wpa_scan_results_free(scan_res);
593 wpa_s->bgscan_ssid = NULL;
597 static void wpa_supplicant_stop_bgscan(struct wpa_supplicant *wpa_s)
599 if (wpa_s->bgscan_ssid != NULL) {
600 bgscan_deinit(wpa_s);
601 wpa_s->bgscan_ssid = NULL;
605 #endif /* CONFIG_BGSCAN */
608 static void wpa_supplicant_start_autoscan(struct wpa_supplicant *wpa_s)
610 if (autoscan_init(wpa_s, 0))
611 wpa_dbg(wpa_s, MSG_DEBUG, "Failed to initialize autoscan");
615 static void wpa_supplicant_stop_autoscan(struct wpa_supplicant *wpa_s)
617 autoscan_deinit(wpa_s);
621 void wpa_supplicant_reinit_autoscan(struct wpa_supplicant *wpa_s)
623 if (wpa_s->wpa_state == WPA_DISCONNECTED ||
624 wpa_s->wpa_state == WPA_SCANNING) {
625 autoscan_deinit(wpa_s);
626 wpa_supplicant_start_autoscan(wpa_s);
632 * wpa_supplicant_set_state - Set current connection state
633 * @wpa_s: Pointer to wpa_supplicant data
634 * @state: The new connection state
636 * This function is called whenever the connection state changes, e.g.,
637 * association is completed for WPA/WPA2 4-Way Handshake is started.
639 void wpa_supplicant_set_state(struct wpa_supplicant *wpa_s,
640 enum wpa_states state)
642 enum wpa_states old_state = wpa_s->wpa_state;
644 wpa_dbg(wpa_s, MSG_DEBUG, "State: %s -> %s",
645 wpa_supplicant_state_txt(wpa_s->wpa_state),
646 wpa_supplicant_state_txt(state));
648 if (state != WPA_SCANNING)
649 wpa_supplicant_notify_scanning(wpa_s, 0);
651 if (state == WPA_COMPLETED && wpa_s->new_connection) {
652 struct wpa_ssid *ssid = wpa_s->current_ssid;
653 #if defined(CONFIG_CTRL_IFACE) || !defined(CONFIG_NO_STDOUT_DEBUG)
654 wpa_msg(wpa_s, MSG_INFO, WPA_EVENT_CONNECTED "- Connection to "
655 MACSTR " completed [id=%d id_str=%s]",
656 MAC2STR(wpa_s->bssid),
657 ssid ? ssid->id : -1,
658 ssid && ssid->id_str ? ssid->id_str : "");
659 #endif /* CONFIG_CTRL_IFACE || !CONFIG_NO_STDOUT_DEBUG */
660 wpas_clear_temp_disabled(wpa_s, ssid, 1);
661 wpa_s->extra_blacklist_count = 0;
662 wpa_s->new_connection = 0;
663 wpa_drv_set_operstate(wpa_s, 1);
664 #ifndef IEEE8021X_EAPOL
665 wpa_drv_set_supp_port(wpa_s, 1);
666 #endif /* IEEE8021X_EAPOL */
667 wpa_s->after_wps = 0;
669 wpas_p2p_completed(wpa_s);
670 #endif /* CONFIG_P2P */
672 sme_sched_obss_scan(wpa_s, 1);
673 } else if (state == WPA_DISCONNECTED || state == WPA_ASSOCIATING ||
674 state == WPA_ASSOCIATED) {
675 wpa_s->new_connection = 1;
676 wpa_drv_set_operstate(wpa_s, 0);
677 #ifndef IEEE8021X_EAPOL
678 wpa_drv_set_supp_port(wpa_s, 0);
679 #endif /* IEEE8021X_EAPOL */
680 sme_sched_obss_scan(wpa_s, 0);
682 wpa_s->wpa_state = state;
685 if (state == WPA_COMPLETED)
686 wpa_supplicant_start_bgscan(wpa_s);
688 wpa_supplicant_stop_bgscan(wpa_s);
689 #endif /* CONFIG_BGSCAN */
691 if (state == WPA_AUTHENTICATING)
692 wpa_supplicant_stop_autoscan(wpa_s);
694 if (state == WPA_DISCONNECTED || state == WPA_INACTIVE)
695 wpa_supplicant_start_autoscan(wpa_s);
697 if (wpa_s->wpa_state != old_state) {
698 wpas_notify_state_changed(wpa_s, wpa_s->wpa_state, old_state);
700 if (wpa_s->wpa_state == WPA_COMPLETED ||
701 old_state == WPA_COMPLETED)
702 wpas_notify_auth_changed(wpa_s);
707 void wpa_supplicant_terminate_proc(struct wpa_global *global)
711 struct wpa_supplicant *wpa_s = global->ifaces;
713 if (wpas_wps_terminate_pending(wpa_s) == 1)
717 #endif /* CONFIG_WPS */
724 static void wpa_supplicant_terminate(int sig, void *signal_ctx)
726 struct wpa_global *global = signal_ctx;
727 wpa_supplicant_terminate_proc(global);
731 void wpa_supplicant_clear_status(struct wpa_supplicant *wpa_s)
733 enum wpa_states old_state = wpa_s->wpa_state;
735 wpa_s->pairwise_cipher = 0;
736 wpa_s->group_cipher = 0;
737 wpa_s->mgmt_group_cipher = 0;
739 if (wpa_s->wpa_state != WPA_INTERFACE_DISABLED)
740 wpa_supplicant_set_state(wpa_s, WPA_DISCONNECTED);
742 if (wpa_s->wpa_state != old_state)
743 wpas_notify_state_changed(wpa_s, wpa_s->wpa_state, old_state);
748 * wpa_supplicant_reload_configuration - Reload configuration data
749 * @wpa_s: Pointer to wpa_supplicant data
750 * Returns: 0 on success or -1 if configuration parsing failed
752 * This function can be used to request that the configuration data is reloaded
753 * (e.g., after configuration file change). This function is reloading
754 * configuration only for one interface, so this may need to be called multiple
755 * times if %wpa_supplicant is controlling multiple interfaces and all
756 * interfaces need reconfiguration.
758 int wpa_supplicant_reload_configuration(struct wpa_supplicant *wpa_s)
760 struct wpa_config *conf;
764 if (wpa_s->confname == NULL)
766 conf = wpa_config_read(wpa_s->confname, NULL);
768 wpa_msg(wpa_s, MSG_ERROR, "Failed to parse the configuration "
769 "file '%s' - exiting", wpa_s->confname);
772 wpa_config_read(wpa_s->confanother, conf);
774 conf->changed_parameters = (unsigned int) -1;
776 reconf_ctrl = !!conf->ctrl_interface != !!wpa_s->conf->ctrl_interface
777 || (conf->ctrl_interface && wpa_s->conf->ctrl_interface &&
778 os_strcmp(conf->ctrl_interface,
779 wpa_s->conf->ctrl_interface) != 0);
781 if (reconf_ctrl && wpa_s->ctrl_iface) {
782 wpa_supplicant_ctrl_iface_deinit(wpa_s->ctrl_iface);
783 wpa_s->ctrl_iface = NULL;
786 eapol_sm_invalidate_cached_session(wpa_s->eapol);
787 if (wpa_s->current_ssid) {
788 wpa_supplicant_deauthenticate(wpa_s,
789 WLAN_REASON_DEAUTH_LEAVING);
793 * TODO: should notify EAPOL SM about changes in opensc_engine_path,
794 * pkcs11_engine_path, pkcs11_module_path.
796 if (wpa_key_mgmt_wpa_psk(wpa_s->key_mgmt)) {
798 * Clear forced success to clear EAP state for next
801 eapol_sm_notify_eap_success(wpa_s->eapol, FALSE);
803 eapol_sm_notify_config(wpa_s->eapol, NULL, NULL);
804 wpa_sm_set_config(wpa_s->wpa, NULL);
805 wpa_sm_pmksa_cache_flush(wpa_s->wpa, NULL);
806 wpa_sm_set_fast_reauth(wpa_s->wpa, wpa_s->conf->fast_reauth);
807 rsn_preauth_deinit(wpa_s->wpa);
809 old_ap_scan = wpa_s->conf->ap_scan;
810 wpa_config_free(wpa_s->conf);
812 if (old_ap_scan != wpa_s->conf->ap_scan)
813 wpas_notify_ap_scan_changed(wpa_s);
816 wpa_s->ctrl_iface = wpa_supplicant_ctrl_iface_init(wpa_s);
818 wpa_supplicant_update_config(wpa_s);
820 wpa_supplicant_clear_status(wpa_s);
821 if (wpa_supplicant_enabled_networks(wpa_s)) {
822 wpa_s->reassociate = 1;
823 wpa_supplicant_req_scan(wpa_s, 0, 0);
825 wpa_dbg(wpa_s, MSG_DEBUG, "Reconfiguration completed");
830 static void wpa_supplicant_reconfig(int sig, void *signal_ctx)
832 struct wpa_global *global = signal_ctx;
833 struct wpa_supplicant *wpa_s;
834 for (wpa_s = global->ifaces; wpa_s; wpa_s = wpa_s->next) {
835 wpa_dbg(wpa_s, MSG_DEBUG, "Signal %d received - reconfiguring",
837 if (wpa_supplicant_reload_configuration(wpa_s) < 0) {
838 wpa_supplicant_terminate_proc(global);
844 enum wpa_key_mgmt key_mgmt2driver(int key_mgmt)
847 case WPA_KEY_MGMT_NONE:
848 return KEY_MGMT_NONE;
849 case WPA_KEY_MGMT_IEEE8021X_NO_WPA:
850 return KEY_MGMT_802_1X_NO_WPA;
851 case WPA_KEY_MGMT_IEEE8021X:
852 return KEY_MGMT_802_1X;
853 case WPA_KEY_MGMT_WPA_NONE:
854 return KEY_MGMT_WPA_NONE;
855 case WPA_KEY_MGMT_FT_IEEE8021X:
856 return KEY_MGMT_FT_802_1X;
857 case WPA_KEY_MGMT_FT_PSK:
858 return KEY_MGMT_FT_PSK;
859 case WPA_KEY_MGMT_IEEE8021X_SHA256:
860 return KEY_MGMT_802_1X_SHA256;
861 case WPA_KEY_MGMT_PSK_SHA256:
862 return KEY_MGMT_PSK_SHA256;
863 case WPA_KEY_MGMT_WPS:
865 case WPA_KEY_MGMT_PSK:
872 static int wpa_supplicant_suites_from_ai(struct wpa_supplicant *wpa_s,
873 struct wpa_ssid *ssid,
874 struct wpa_ie_data *ie)
876 int ret = wpa_sm_parse_own_wpa_ie(wpa_s->wpa, ie);
879 wpa_msg(wpa_s, MSG_INFO, "WPA: Failed to parse WPA IE "
880 "from association info");
885 wpa_dbg(wpa_s, MSG_DEBUG, "WPA: Using WPA IE from AssocReq to set "
887 if (!(ie->group_cipher & ssid->group_cipher)) {
888 wpa_msg(wpa_s, MSG_INFO, "WPA: Driver used disabled group "
889 "cipher 0x%x (mask 0x%x) - reject",
890 ie->group_cipher, ssid->group_cipher);
893 if (!(ie->pairwise_cipher & ssid->pairwise_cipher)) {
894 wpa_msg(wpa_s, MSG_INFO, "WPA: Driver used disabled pairwise "
895 "cipher 0x%x (mask 0x%x) - reject",
896 ie->pairwise_cipher, ssid->pairwise_cipher);
899 if (!(ie->key_mgmt & ssid->key_mgmt)) {
900 wpa_msg(wpa_s, MSG_INFO, "WPA: Driver used disabled key "
901 "management 0x%x (mask 0x%x) - reject",
902 ie->key_mgmt, ssid->key_mgmt);
906 #ifdef CONFIG_IEEE80211W
907 if (!(ie->capabilities & WPA_CAPABILITY_MFPC) &&
908 (ssid->ieee80211w == MGMT_FRAME_PROTECTION_DEFAULT ?
909 wpa_s->conf->pmf : ssid->ieee80211w) ==
910 MGMT_FRAME_PROTECTION_REQUIRED) {
911 wpa_msg(wpa_s, MSG_INFO, "WPA: Driver associated with an AP "
912 "that does not support management frame protection - "
916 #endif /* CONFIG_IEEE80211W */
923 * wpa_supplicant_set_suites - Set authentication and encryption parameters
924 * @wpa_s: Pointer to wpa_supplicant data
925 * @bss: Scan results for the selected BSS, or %NULL if not available
926 * @ssid: Configuration data for the selected network
927 * @wpa_ie: Buffer for the WPA/RSN IE
928 * @wpa_ie_len: Maximum wpa_ie buffer size on input. This is changed to be the
929 * used buffer length in case the functions returns success.
930 * Returns: 0 on success or -1 on failure
932 * This function is used to configure authentication and encryption parameters
933 * based on the network configuration and scan result for the selected BSS (if
936 int wpa_supplicant_set_suites(struct wpa_supplicant *wpa_s,
937 struct wpa_bss *bss, struct wpa_ssid *ssid,
938 u8 *wpa_ie, size_t *wpa_ie_len)
940 struct wpa_ie_data ie;
942 const u8 *bss_wpa, *bss_rsn;
945 bss_wpa = wpa_bss_get_vendor_ie(bss, WPA_IE_VENDOR_TYPE);
946 bss_rsn = wpa_bss_get_ie(bss, WLAN_EID_RSN);
948 bss_wpa = bss_rsn = NULL;
950 if (bss_rsn && (ssid->proto & WPA_PROTO_RSN) &&
951 wpa_parse_wpa_ie(bss_rsn, 2 + bss_rsn[1], &ie) == 0 &&
952 (ie.group_cipher & ssid->group_cipher) &&
953 (ie.pairwise_cipher & ssid->pairwise_cipher) &&
954 (ie.key_mgmt & ssid->key_mgmt)) {
955 wpa_dbg(wpa_s, MSG_DEBUG, "RSN: using IEEE 802.11i/D9.0");
956 proto = WPA_PROTO_RSN;
957 } else if (bss_wpa && (ssid->proto & WPA_PROTO_WPA) &&
958 wpa_parse_wpa_ie(bss_wpa, 2 +bss_wpa[1], &ie) == 0 &&
959 (ie.group_cipher & ssid->group_cipher) &&
960 (ie.pairwise_cipher & ssid->pairwise_cipher) &&
961 (ie.key_mgmt & ssid->key_mgmt)) {
962 wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using IEEE 802.11i/D3.0");
963 proto = WPA_PROTO_WPA;
965 wpa_msg(wpa_s, MSG_WARNING, "WPA: Failed to select WPA/RSN");
968 if (ssid->proto & WPA_PROTO_RSN)
969 proto = WPA_PROTO_RSN;
971 proto = WPA_PROTO_WPA;
972 if (wpa_supplicant_suites_from_ai(wpa_s, ssid, &ie) < 0) {
973 os_memset(&ie, 0, sizeof(ie));
974 ie.group_cipher = ssid->group_cipher;
975 ie.pairwise_cipher = ssid->pairwise_cipher;
976 ie.key_mgmt = ssid->key_mgmt;
977 #ifdef CONFIG_IEEE80211W
978 ie.mgmt_group_cipher =
979 ssid->ieee80211w != NO_MGMT_FRAME_PROTECTION ?
980 WPA_CIPHER_AES_128_CMAC : 0;
981 #endif /* CONFIG_IEEE80211W */
982 wpa_dbg(wpa_s, MSG_DEBUG, "WPA: Set cipher suites "
983 "based on configuration");
988 wpa_dbg(wpa_s, MSG_DEBUG, "WPA: Selected cipher suites: group %d "
989 "pairwise %d key_mgmt %d proto %d",
990 ie.group_cipher, ie.pairwise_cipher, ie.key_mgmt, proto);
991 #ifdef CONFIG_IEEE80211W
992 if (ssid->ieee80211w) {
993 wpa_dbg(wpa_s, MSG_DEBUG, "WPA: Selected mgmt group cipher %d",
994 ie.mgmt_group_cipher);
996 #endif /* CONFIG_IEEE80211W */
998 wpa_s->wpa_proto = proto;
999 wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_PROTO, proto);
1000 wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_RSN_ENABLED,
1001 !!(ssid->proto & WPA_PROTO_RSN));
1003 if (bss || !wpa_s->ap_ies_from_associnfo) {
1004 if (wpa_sm_set_ap_wpa_ie(wpa_s->wpa, bss_wpa,
1005 bss_wpa ? 2 + bss_wpa[1] : 0) ||
1006 wpa_sm_set_ap_rsn_ie(wpa_s->wpa, bss_rsn,
1007 bss_rsn ? 2 + bss_rsn[1] : 0))
1011 sel = ie.group_cipher & ssid->group_cipher;
1012 wpa_s->group_cipher = wpa_pick_group_cipher(sel);
1013 if (wpa_s->group_cipher < 0) {
1014 wpa_msg(wpa_s, MSG_WARNING, "WPA: Failed to select group "
1018 wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using GTK %s",
1019 wpa_cipher_txt(wpa_s->group_cipher));
1021 sel = ie.pairwise_cipher & ssid->pairwise_cipher;
1022 wpa_s->pairwise_cipher = wpa_pick_pairwise_cipher(sel, 1);
1023 if (wpa_s->pairwise_cipher < 0) {
1024 wpa_msg(wpa_s, MSG_WARNING, "WPA: Failed to select pairwise "
1028 wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using PTK %s",
1029 wpa_cipher_txt(wpa_s->pairwise_cipher));
1031 sel = ie.key_mgmt & ssid->key_mgmt;
1033 if (!(wpa_s->drv_flags & WPA_DRIVER_FLAGS_SAE))
1034 sel &= ~(WPA_KEY_MGMT_SAE | WPA_KEY_MGMT_FT_SAE);
1035 #endif /* CONFIG_SAE */
1037 #ifdef CONFIG_IEEE80211R
1038 } else if (sel & WPA_KEY_MGMT_FT_IEEE8021X) {
1039 wpa_s->key_mgmt = WPA_KEY_MGMT_FT_IEEE8021X;
1040 wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using KEY_MGMT FT/802.1X");
1041 } else if (sel & WPA_KEY_MGMT_FT_PSK) {
1042 wpa_s->key_mgmt = WPA_KEY_MGMT_FT_PSK;
1043 wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using KEY_MGMT FT/PSK");
1044 #endif /* CONFIG_IEEE80211R */
1046 } else if (sel & WPA_KEY_MGMT_SAE) {
1047 wpa_s->key_mgmt = WPA_KEY_MGMT_SAE;
1048 wpa_dbg(wpa_s, MSG_DEBUG, "RSN: using KEY_MGMT SAE");
1049 } else if (sel & WPA_KEY_MGMT_FT_SAE) {
1050 wpa_s->key_mgmt = WPA_KEY_MGMT_FT_SAE;
1051 wpa_dbg(wpa_s, MSG_DEBUG, "RSN: using KEY_MGMT FT/SAE");
1052 #endif /* CONFIG_SAE */
1053 #ifdef CONFIG_IEEE80211W
1054 } else if (sel & WPA_KEY_MGMT_IEEE8021X_SHA256) {
1055 wpa_s->key_mgmt = WPA_KEY_MGMT_IEEE8021X_SHA256;
1056 wpa_dbg(wpa_s, MSG_DEBUG,
1057 "WPA: using KEY_MGMT 802.1X with SHA256");
1058 } else if (sel & WPA_KEY_MGMT_PSK_SHA256) {
1059 wpa_s->key_mgmt = WPA_KEY_MGMT_PSK_SHA256;
1060 wpa_dbg(wpa_s, MSG_DEBUG,
1061 "WPA: using KEY_MGMT PSK with SHA256");
1062 #endif /* CONFIG_IEEE80211W */
1063 } else if (sel & WPA_KEY_MGMT_IEEE8021X) {
1064 wpa_s->key_mgmt = WPA_KEY_MGMT_IEEE8021X;
1065 wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using KEY_MGMT 802.1X");
1066 } else if (sel & WPA_KEY_MGMT_PSK) {
1067 wpa_s->key_mgmt = WPA_KEY_MGMT_PSK;
1068 wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using KEY_MGMT WPA-PSK");
1069 } else if (sel & WPA_KEY_MGMT_WPA_NONE) {
1070 wpa_s->key_mgmt = WPA_KEY_MGMT_WPA_NONE;
1071 wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using KEY_MGMT WPA-NONE");
1073 wpa_msg(wpa_s, MSG_WARNING, "WPA: Failed to select "
1074 "authenticated key management type");
1078 wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_KEY_MGMT, wpa_s->key_mgmt);
1079 wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_PAIRWISE,
1080 wpa_s->pairwise_cipher);
1081 wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_GROUP, wpa_s->group_cipher);
1083 #ifdef CONFIG_IEEE80211W
1084 sel = ie.mgmt_group_cipher;
1085 if ((ssid->ieee80211w == MGMT_FRAME_PROTECTION_DEFAULT ?
1086 wpa_s->conf->pmf : ssid->ieee80211w) == NO_MGMT_FRAME_PROTECTION ||
1087 !(ie.capabilities & WPA_CAPABILITY_MFPC))
1089 if (sel & WPA_CIPHER_AES_128_CMAC) {
1090 wpa_s->mgmt_group_cipher = WPA_CIPHER_AES_128_CMAC;
1091 wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using MGMT group cipher "
1094 wpa_s->mgmt_group_cipher = 0;
1095 wpa_dbg(wpa_s, MSG_DEBUG, "WPA: not using MGMT group cipher");
1097 wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_MGMT_GROUP,
1098 wpa_s->mgmt_group_cipher);
1099 wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_MFP,
1100 (ssid->ieee80211w == MGMT_FRAME_PROTECTION_DEFAULT ?
1101 wpa_s->conf->pmf : ssid->ieee80211w));
1102 #endif /* CONFIG_IEEE80211W */
1104 if (wpa_sm_set_assoc_wpa_ie_default(wpa_s->wpa, wpa_ie, wpa_ie_len)) {
1105 wpa_msg(wpa_s, MSG_WARNING, "WPA: Failed to generate WPA IE");
1109 if (wpa_key_mgmt_wpa_psk(ssid->key_mgmt)) {
1110 wpa_sm_set_pmk(wpa_s->wpa, ssid->psk, PMK_LEN);
1111 #ifndef CONFIG_NO_PBKDF2
1112 if (bss && ssid->bssid_set && ssid->ssid_len == 0 &&
1115 pbkdf2_sha1(ssid->passphrase, bss->ssid, bss->ssid_len,
1116 4096, psk, PMK_LEN);
1117 wpa_hexdump_key(MSG_MSGDUMP, "PSK (from passphrase)",
1119 wpa_sm_set_pmk(wpa_s->wpa, psk, PMK_LEN);
1121 #endif /* CONFIG_NO_PBKDF2 */
1122 #ifdef CONFIG_EXT_PASSWORD
1123 if (ssid->ext_psk) {
1124 struct wpabuf *pw = ext_password_get(wpa_s->ext_pw,
1126 char pw_str[64 + 1];
1130 wpa_msg(wpa_s, MSG_INFO, "EXT PW: No PSK "
1131 "found from external storage");
1135 if (wpabuf_len(pw) < 8 || wpabuf_len(pw) > 64) {
1136 wpa_msg(wpa_s, MSG_INFO, "EXT PW: Unexpected "
1137 "PSK length %d in external storage",
1138 (int) wpabuf_len(pw));
1139 ext_password_free(pw);
1143 os_memcpy(pw_str, wpabuf_head(pw), wpabuf_len(pw));
1144 pw_str[wpabuf_len(pw)] = '\0';
1146 #ifndef CONFIG_NO_PBKDF2
1147 if (wpabuf_len(pw) >= 8 && wpabuf_len(pw) < 64 && bss)
1149 pbkdf2_sha1(pw_str, bss->ssid, bss->ssid_len,
1150 4096, psk, PMK_LEN);
1151 os_memset(pw_str, 0, sizeof(pw_str));
1152 wpa_hexdump_key(MSG_MSGDUMP, "PSK (from "
1153 "external passphrase)",
1155 wpa_sm_set_pmk(wpa_s->wpa, psk, PMK_LEN);
1157 #endif /* CONFIG_NO_PBKDF2 */
1158 if (wpabuf_len(pw) == 2 * PMK_LEN) {
1159 if (hexstr2bin(pw_str, psk, PMK_LEN) < 0) {
1160 wpa_msg(wpa_s, MSG_INFO, "EXT PW: "
1161 "Invalid PSK hex string");
1162 os_memset(pw_str, 0, sizeof(pw_str));
1163 ext_password_free(pw);
1166 wpa_sm_set_pmk(wpa_s->wpa, psk, PMK_LEN);
1168 wpa_msg(wpa_s, MSG_INFO, "EXT PW: No suitable "
1170 os_memset(pw_str, 0, sizeof(pw_str));
1171 ext_password_free(pw);
1175 os_memset(pw_str, 0, sizeof(pw_str));
1176 ext_password_free(pw);
1178 #endif /* CONFIG_EXT_PASSWORD */
1180 wpa_sm_set_pmk_from_pmksa(wpa_s->wpa);
1186 static void wpas_ext_capab_byte(struct wpa_supplicant *wpa_s, u8 *pos, int idx)
1191 case 0: /* Bits 0-7 */
1193 case 1: /* Bits 8-15 */
1195 case 2: /* Bits 16-23 */
1197 *pos |= 0x02; /* Bit 17 - WNM-Sleep Mode */
1198 *pos |= 0x08; /* Bit 19 - BSS Transition */
1199 #endif /* CONFIG_WNM */
1201 case 3: /* Bits 24-31 */
1203 *pos |= 0x02; /* Bit 25 - SSID List */
1204 #endif /* CONFIG_WNM */
1205 #ifdef CONFIG_INTERWORKING
1206 if (wpa_s->conf->interworking)
1207 *pos |= 0x80; /* Bit 31 - Interworking */
1208 #endif /* CONFIG_INTERWORKING */
1210 case 4: /* Bits 32-39 */
1212 case 5: /* Bits 40-47 */
1214 case 6: /* Bits 48-55 */
1220 int wpas_build_ext_capab(struct wpa_supplicant *wpa_s, u8 *buf)
1225 if (len < wpa_s->extended_capa_len)
1226 len = wpa_s->extended_capa_len;
1228 *pos++ = WLAN_EID_EXT_CAPAB;
1230 for (i = 0; i < len; i++, pos++) {
1231 wpas_ext_capab_byte(wpa_s, pos, i);
1233 if (i < wpa_s->extended_capa_len) {
1234 *pos &= ~wpa_s->extended_capa_mask[i];
1235 *pos |= wpa_s->extended_capa[i];
1239 while (len > 0 && buf[1 + len] == 0) {
1251 * wpa_supplicant_associate - Request association
1252 * @wpa_s: Pointer to wpa_supplicant data
1253 * @bss: Scan results for the selected BSS, or %NULL if not available
1254 * @ssid: Configuration data for the selected network
1256 * This function is used to request %wpa_supplicant to associate with a BSS.
1258 void wpa_supplicant_associate(struct wpa_supplicant *wpa_s,
1259 struct wpa_bss *bss, struct wpa_ssid *ssid)
1263 int use_crypt, ret, i, bssid_changed;
1264 int algs = WPA_AUTH_ALG_OPEN;
1265 enum wpa_cipher cipher_pairwise, cipher_group;
1266 struct wpa_driver_associate_params params;
1267 int wep_keys_set = 0;
1268 struct wpa_driver_capa capa;
1269 int assoc_failed = 0;
1270 struct wpa_ssid *old_ssid;
1273 #ifdef CONFIG_HT_OVERRIDES
1274 struct ieee80211_ht_capabilities htcaps;
1275 struct ieee80211_ht_capabilities htcaps_mask;
1276 #endif /* CONFIG_HT_OVERRIDES */
1278 #ifdef CONFIG_IBSS_RSN
1279 ibss_rsn_deinit(wpa_s->ibss_rsn);
1280 wpa_s->ibss_rsn = NULL;
1281 #endif /* CONFIG_IBSS_RSN */
1283 if (ssid->mode == WPAS_MODE_AP || ssid->mode == WPAS_MODE_P2P_GO ||
1284 ssid->mode == WPAS_MODE_P2P_GROUP_FORMATION) {
1286 if (!(wpa_s->drv_flags & WPA_DRIVER_FLAGS_AP)) {
1287 wpa_msg(wpa_s, MSG_INFO, "Driver does not support AP "
1291 if (wpa_supplicant_create_ap(wpa_s, ssid) < 0) {
1292 wpa_supplicant_set_state(wpa_s, WPA_DISCONNECTED);
1295 wpa_s->current_bss = bss;
1296 #else /* CONFIG_AP */
1297 wpa_msg(wpa_s, MSG_ERROR, "AP mode support not included in "
1299 #endif /* CONFIG_AP */
1305 wpa_tdls_ap_ies(wpa_s->wpa, (const u8 *) (bss + 1),
1307 #endif /* CONFIG_TDLS */
1309 if ((wpa_s->drv_flags & WPA_DRIVER_FLAGS_SME) &&
1310 ssid->mode == IEEE80211_MODE_INFRA) {
1311 sme_authenticate(wpa_s, bss, ssid);
1315 os_memset(¶ms, 0, sizeof(params));
1316 wpa_s->reassociate = 0;
1317 if (bss && !wpas_driver_bss_selection(wpa_s)) {
1318 #ifdef CONFIG_IEEE80211R
1319 const u8 *ie, *md = NULL;
1320 #endif /* CONFIG_IEEE80211R */
1321 wpa_msg(wpa_s, MSG_INFO, "Trying to associate with " MACSTR
1322 " (SSID='%s' freq=%d MHz)", MAC2STR(bss->bssid),
1323 wpa_ssid_txt(bss->ssid, bss->ssid_len), bss->freq);
1324 bssid_changed = !is_zero_ether_addr(wpa_s->bssid);
1325 os_memset(wpa_s->bssid, 0, ETH_ALEN);
1326 os_memcpy(wpa_s->pending_bssid, bss->bssid, ETH_ALEN);
1328 wpas_notify_bssid_changed(wpa_s);
1329 #ifdef CONFIG_IEEE80211R
1330 ie = wpa_bss_get_ie(bss, WLAN_EID_MOBILITY_DOMAIN);
1331 if (ie && ie[1] >= MOBILITY_DOMAIN_ID_LEN)
1333 wpa_sm_set_ft_params(wpa_s->wpa, ie, ie ? 2 + ie[1] : 0);
1335 /* Prepare for the next transition */
1336 wpa_ft_prepare_auth_request(wpa_s->wpa, ie);
1338 #endif /* CONFIG_IEEE80211R */
1340 } else if ((ssid->ssid == NULL || ssid->ssid_len == 0) &&
1341 wpa_s->conf->ap_scan == 2 &&
1342 (ssid->key_mgmt & WPA_KEY_MGMT_WPS)) {
1343 /* Use ap_scan==1 style network selection to find the network
1345 wpa_s->scan_req = MANUAL_SCAN_REQ;
1346 wpa_s->reassociate = 1;
1347 wpa_supplicant_req_scan(wpa_s, 0, 0);
1349 #endif /* CONFIG_WPS */
1351 wpa_msg(wpa_s, MSG_INFO, "Trying to associate with SSID '%s'",
1352 wpa_ssid_txt(ssid->ssid, ssid->ssid_len));
1353 os_memset(wpa_s->pending_bssid, 0, ETH_ALEN);
1355 wpa_supplicant_cancel_sched_scan(wpa_s);
1356 wpa_supplicant_cancel_scan(wpa_s);
1358 /* Starting new association, so clear the possibly used WPA IE from the
1359 * previous association. */
1360 wpa_sm_set_assoc_wpa_ie(wpa_s->wpa, NULL, 0);
1362 #ifdef IEEE8021X_EAPOL
1363 if (ssid->key_mgmt & WPA_KEY_MGMT_IEEE8021X_NO_WPA) {
1365 if (ssid->non_leap == 0)
1366 algs = WPA_AUTH_ALG_LEAP;
1368 algs |= WPA_AUTH_ALG_LEAP;
1371 #endif /* IEEE8021X_EAPOL */
1372 wpa_dbg(wpa_s, MSG_DEBUG, "Automatic auth_alg selection: 0x%x", algs);
1373 if (ssid->auth_alg) {
1374 algs = ssid->auth_alg;
1375 wpa_dbg(wpa_s, MSG_DEBUG, "Overriding auth_alg selection: "
1379 if (bss && (wpa_bss_get_vendor_ie(bss, WPA_IE_VENDOR_TYPE) ||
1380 wpa_bss_get_ie(bss, WLAN_EID_RSN)) &&
1381 wpa_key_mgmt_wpa(ssid->key_mgmt)) {
1382 int try_opportunistic;
1383 try_opportunistic = (ssid->proactive_key_caching < 0 ?
1385 ssid->proactive_key_caching) &&
1386 (ssid->proto & WPA_PROTO_RSN);
1387 if (pmksa_cache_set_current(wpa_s->wpa, NULL, bss->bssid,
1388 ssid, try_opportunistic) == 0)
1389 eapol_sm_notify_pmkid_attempt(wpa_s->eapol, 1);
1390 wpa_ie_len = sizeof(wpa_ie);
1391 if (wpa_supplicant_set_suites(wpa_s, bss, ssid,
1392 wpa_ie, &wpa_ie_len)) {
1393 wpa_msg(wpa_s, MSG_WARNING, "WPA: Failed to set WPA "
1394 "key management and encryption suites");
1397 } else if ((ssid->key_mgmt & WPA_KEY_MGMT_IEEE8021X_NO_WPA) && bss &&
1398 wpa_key_mgmt_wpa_ieee8021x(ssid->key_mgmt)) {
1400 * Both WPA and non-WPA IEEE 802.1X enabled in configuration -
1401 * use non-WPA since the scan results did not indicate that the
1402 * AP is using WPA or WPA2.
1404 wpa_supplicant_set_non_wpa_policy(wpa_s, ssid);
1406 wpa_s->wpa_proto = 0;
1407 } else if (wpa_key_mgmt_wpa_any(ssid->key_mgmt)) {
1408 wpa_ie_len = sizeof(wpa_ie);
1409 if (wpa_supplicant_set_suites(wpa_s, NULL, ssid,
1410 wpa_ie, &wpa_ie_len)) {
1411 wpa_msg(wpa_s, MSG_WARNING, "WPA: Failed to set WPA "
1412 "key management and encryption suites (no "
1417 } else if (ssid->key_mgmt & WPA_KEY_MGMT_WPS) {
1418 struct wpabuf *wps_ie;
1419 wps_ie = wps_build_assoc_req_ie(wpas_wps_get_req_type(ssid));
1420 if (wps_ie && wpabuf_len(wps_ie) <= sizeof(wpa_ie)) {
1421 wpa_ie_len = wpabuf_len(wps_ie);
1422 os_memcpy(wpa_ie, wpabuf_head(wps_ie), wpa_ie_len);
1425 wpabuf_free(wps_ie);
1426 wpa_supplicant_set_non_wpa_policy(wpa_s, ssid);
1427 if (!bss || (bss->caps & IEEE80211_CAP_PRIVACY))
1428 params.wps = WPS_MODE_PRIVACY;
1430 params.wps = WPS_MODE_OPEN;
1431 wpa_s->wpa_proto = 0;
1432 #endif /* CONFIG_WPS */
1434 wpa_supplicant_set_non_wpa_policy(wpa_s, ssid);
1436 wpa_s->wpa_proto = 0;
1440 if (wpa_s->global->p2p) {
1444 pos = wpa_ie + wpa_ie_len;
1445 len = sizeof(wpa_ie) - wpa_ie_len;
1446 res = wpas_p2p_assoc_req_ie(wpa_s, bss, pos, len,
1452 wpa_s->cross_connect_disallowed = 0;
1455 p2p = wpa_bss_get_vendor_ie_multi(bss, P2P_IE_VENDOR_TYPE);
1457 wpa_s->cross_connect_disallowed =
1458 p2p_get_cross_connect_disallowed(p2p);
1460 wpa_dbg(wpa_s, MSG_DEBUG, "P2P: WLAN AP %s cross "
1462 wpa_s->cross_connect_disallowed ?
1463 "disallows" : "allows");
1466 #endif /* CONFIG_P2P */
1469 if (wpa_s->conf->hs20) {
1470 struct wpabuf *hs20;
1471 hs20 = wpabuf_alloc(20);
1473 wpas_hs20_add_indication(hs20);
1474 os_memcpy(wpa_ie + wpa_ie_len, wpabuf_head(hs20),
1476 wpa_ie_len += wpabuf_len(hs20);
1480 #endif /* CONFIG_HS20 */
1482 ext_capab_len = wpas_build_ext_capab(wpa_s, ext_capab);
1483 if (ext_capab_len > 0) {
1485 if (wpa_ie_len > 0 && pos[0] == WLAN_EID_RSN)
1487 os_memmove(pos + ext_capab_len, pos,
1488 wpa_ie_len - (pos - wpa_ie));
1489 wpa_ie_len += ext_capab_len;
1490 os_memcpy(pos, ext_capab, ext_capab_len);
1493 wpa_clear_keys(wpa_s, bss ? bss->bssid : NULL);
1495 cipher_pairwise = wpa_cipher_to_suite_driver(wpa_s->pairwise_cipher);
1496 cipher_group = wpa_cipher_to_suite_driver(wpa_s->group_cipher);
1497 if (wpa_s->key_mgmt == WPA_KEY_MGMT_NONE ||
1498 wpa_s->key_mgmt == WPA_KEY_MGMT_IEEE8021X_NO_WPA) {
1499 if (wpa_s->key_mgmt == WPA_KEY_MGMT_NONE)
1501 if (wpa_set_wep_keys(wpa_s, ssid)) {
1506 if (wpa_s->key_mgmt == WPA_KEY_MGMT_WPS)
1509 #ifdef IEEE8021X_EAPOL
1510 if (wpa_s->key_mgmt == WPA_KEY_MGMT_IEEE8021X_NO_WPA) {
1511 if ((ssid->eapol_flags &
1512 (EAPOL_FLAG_REQUIRE_KEY_UNICAST |
1513 EAPOL_FLAG_REQUIRE_KEY_BROADCAST)) == 0 &&
1517 /* Assume that dynamic WEP-104 keys will be used and
1518 * set cipher suites in order for drivers to expect
1520 cipher_pairwise = cipher_group = CIPHER_WEP104;
1523 #endif /* IEEE8021X_EAPOL */
1525 if (wpa_s->key_mgmt == WPA_KEY_MGMT_WPA_NONE) {
1526 /* Set the key before (and later after) association */
1527 wpa_supplicant_set_wpa_none_key(wpa_s, ssid);
1530 wpa_supplicant_set_state(wpa_s, WPA_ASSOCIATING);
1532 params.ssid = bss->ssid;
1533 params.ssid_len = bss->ssid_len;
1534 if (!wpas_driver_bss_selection(wpa_s) || ssid->bssid_set) {
1535 wpa_printf(MSG_DEBUG, "Limit connection to BSSID "
1536 MACSTR " freq=%u MHz based on scan results "
1538 MAC2STR(bss->bssid), bss->freq,
1540 params.bssid = bss->bssid;
1541 params.freq = bss->freq;
1544 params.ssid = ssid->ssid;
1545 params.ssid_len = ssid->ssid_len;
1548 if (ssid->mode == WPAS_MODE_IBSS && ssid->bssid_set &&
1549 wpa_s->conf->ap_scan == 2) {
1550 params.bssid = ssid->bssid;
1551 params.fixed_bssid = 1;
1554 if (ssid->mode == WPAS_MODE_IBSS && ssid->frequency > 0 &&
1556 params.freq = ssid->frequency; /* Initial channel for IBSS */
1557 params.wpa_ie = wpa_ie;
1558 params.wpa_ie_len = wpa_ie_len;
1559 params.pairwise_suite = cipher_pairwise;
1560 params.group_suite = cipher_group;
1561 params.key_mgmt_suite = key_mgmt2driver(wpa_s->key_mgmt);
1562 params.wpa_proto = wpa_s->wpa_proto;
1563 params.auth_alg = algs;
1564 params.mode = ssid->mode;
1565 params.bg_scan_period = ssid->bg_scan_period;
1566 for (i = 0; i < NUM_WEP_KEYS; i++) {
1567 if (ssid->wep_key_len[i])
1568 params.wep_key[i] = ssid->wep_key[i];
1569 params.wep_key_len[i] = ssid->wep_key_len[i];
1571 params.wep_tx_keyidx = ssid->wep_tx_keyidx;
1573 if ((wpa_s->drv_flags & WPA_DRIVER_FLAGS_4WAY_HANDSHAKE) &&
1574 (params.key_mgmt_suite == KEY_MGMT_PSK ||
1575 params.key_mgmt_suite == KEY_MGMT_FT_PSK)) {
1576 params.passphrase = ssid->passphrase;
1578 params.psk = ssid->psk;
1581 params.drop_unencrypted = use_crypt;
1583 #ifdef CONFIG_IEEE80211W
1584 params.mgmt_frame_protection =
1585 ssid->ieee80211w == MGMT_FRAME_PROTECTION_DEFAULT ?
1586 wpa_s->conf->pmf : ssid->ieee80211w;
1587 if (params.mgmt_frame_protection != NO_MGMT_FRAME_PROTECTION && bss) {
1588 const u8 *rsn = wpa_bss_get_ie(bss, WLAN_EID_RSN);
1589 struct wpa_ie_data ie;
1590 if (rsn && wpa_parse_wpa_ie(rsn, 2 + rsn[1], &ie) == 0 &&
1592 (WPA_CAPABILITY_MFPC | WPA_CAPABILITY_MFPR)) {
1593 wpa_dbg(wpa_s, MSG_DEBUG, "WPA: Selected AP supports "
1594 "MFP: require MFP");
1595 params.mgmt_frame_protection =
1596 MGMT_FRAME_PROTECTION_REQUIRED;
1599 #endif /* CONFIG_IEEE80211W */
1601 params.p2p = ssid->p2p_group;
1603 if (wpa_s->parent->set_sta_uapsd)
1604 params.uapsd = wpa_s->parent->sta_uapsd;
1608 #ifdef CONFIG_HT_OVERRIDES
1609 os_memset(&htcaps, 0, sizeof(htcaps));
1610 os_memset(&htcaps_mask, 0, sizeof(htcaps_mask));
1611 params.htcaps = (u8 *) &htcaps;
1612 params.htcaps_mask = (u8 *) &htcaps_mask;
1613 wpa_supplicant_apply_ht_overrides(wpa_s, ssid, ¶ms);
1614 #endif /* CONFIG_HT_OVERRIDES */
1616 ret = wpa_drv_associate(wpa_s, ¶ms);
1618 wpa_msg(wpa_s, MSG_INFO, "Association request to the driver "
1620 if (wpa_s->drv_flags & WPA_DRIVER_FLAGS_SANE_ERROR_CODES) {
1622 * The driver is known to mean what is saying, so we
1623 * can stop right here; the association will not
1626 wpas_connection_failed(wpa_s, wpa_s->pending_bssid);
1627 wpa_supplicant_set_state(wpa_s, WPA_DISCONNECTED);
1628 os_memset(wpa_s->pending_bssid, 0, ETH_ALEN);
1631 /* try to continue anyway; new association will be tried again
1636 if (wpa_s->key_mgmt == WPA_KEY_MGMT_WPA_NONE) {
1637 /* Set the key after the association just in case association
1638 * cleared the previously configured key. */
1639 wpa_supplicant_set_wpa_none_key(wpa_s, ssid);
1640 /* No need to timeout authentication since there is no key
1642 wpa_supplicant_cancel_auth_timeout(wpa_s);
1643 wpa_supplicant_set_state(wpa_s, WPA_COMPLETED);
1644 #ifdef CONFIG_IBSS_RSN
1645 } else if (ssid->mode == WPAS_MODE_IBSS &&
1646 wpa_s->key_mgmt != WPA_KEY_MGMT_NONE &&
1647 wpa_s->key_mgmt != WPA_KEY_MGMT_WPA_NONE) {
1649 * RSN IBSS authentication is per-STA and we can disable the
1650 * per-BSSID authentication.
1652 wpa_supplicant_cancel_auth_timeout(wpa_s);
1653 #endif /* CONFIG_IBSS_RSN */
1655 /* Timeout for IEEE 802.11 authentication and association */
1659 /* give IBSS a bit more time */
1660 timeout = ssid->mode == WPAS_MODE_IBSS ? 10 : 5;
1661 } else if (wpa_s->conf->ap_scan == 1) {
1662 /* give IBSS a bit more time */
1663 timeout = ssid->mode == WPAS_MODE_IBSS ? 20 : 10;
1665 wpa_supplicant_req_auth_timeout(wpa_s, timeout, 0);
1668 if (wep_keys_set && wpa_drv_get_capa(wpa_s, &capa) == 0 &&
1669 capa.flags & WPA_DRIVER_FLAGS_SET_KEYS_AFTER_ASSOC) {
1670 /* Set static WEP keys again */
1671 wpa_set_wep_keys(wpa_s, ssid);
1674 if (wpa_s->current_ssid && wpa_s->current_ssid != ssid) {
1676 * Do not allow EAP session resumption between different
1677 * network configurations.
1679 eapol_sm_invalidate_cached_session(wpa_s->eapol);
1681 old_ssid = wpa_s->current_ssid;
1682 wpa_s->current_ssid = ssid;
1683 wpa_s->current_bss = bss;
1684 wpa_supplicant_rsn_supp_set_config(wpa_s, wpa_s->current_ssid);
1685 wpa_supplicant_initiate_eapol(wpa_s);
1686 if (old_ssid != wpa_s->current_ssid)
1687 wpas_notify_network_changed(wpa_s);
1691 static void wpa_supplicant_clear_connection(struct wpa_supplicant *wpa_s,
1694 struct wpa_ssid *old_ssid;
1696 wpa_clear_keys(wpa_s, addr);
1697 old_ssid = wpa_s->current_ssid;
1698 wpa_supplicant_mark_disassoc(wpa_s);
1699 wpa_sm_set_config(wpa_s->wpa, NULL);
1700 eapol_sm_notify_config(wpa_s->eapol, NULL, NULL);
1701 if (old_ssid != wpa_s->current_ssid)
1702 wpas_notify_network_changed(wpa_s);
1703 eloop_cancel_timeout(wpa_supplicant_timeout, wpa_s, NULL);
1708 * wpa_supplicant_deauthenticate - Deauthenticate the current connection
1709 * @wpa_s: Pointer to wpa_supplicant data
1710 * @reason_code: IEEE 802.11 reason code for the deauthenticate frame
1712 * This function is used to request %wpa_supplicant to deauthenticate from the
1715 void wpa_supplicant_deauthenticate(struct wpa_supplicant *wpa_s,
1719 union wpa_event_data event;
1722 wpa_dbg(wpa_s, MSG_DEBUG, "Request to deauthenticate - bssid=" MACSTR
1723 " pending_bssid=" MACSTR " reason=%d state=%s",
1724 MAC2STR(wpa_s->bssid), MAC2STR(wpa_s->pending_bssid),
1725 reason_code, wpa_supplicant_state_txt(wpa_s->wpa_state));
1727 if (!is_zero_ether_addr(wpa_s->bssid))
1728 addr = wpa_s->bssid;
1729 else if (!is_zero_ether_addr(wpa_s->pending_bssid) &&
1730 (wpa_s->wpa_state == WPA_AUTHENTICATING ||
1731 wpa_s->wpa_state == WPA_ASSOCIATING))
1732 addr = wpa_s->pending_bssid;
1733 else if (wpa_s->wpa_state == WPA_ASSOCIATING) {
1735 * When using driver-based BSS selection, we may not know the
1736 * BSSID with which we are currently trying to associate. We
1737 * need to notify the driver of this disconnection even in such
1738 * a case, so use the all zeros address here.
1740 addr = wpa_s->bssid;
1745 wpa_tdls_teardown_peers(wpa_s->wpa);
1746 #endif /* CONFIG_TDLS */
1749 wpa_drv_deauthenticate(wpa_s, addr, reason_code);
1750 os_memset(&event, 0, sizeof(event));
1751 event.deauth_info.reason_code = (u16) reason_code;
1752 event.deauth_info.locally_generated = 1;
1753 wpa_supplicant_event(wpa_s, EVENT_DEAUTH, &event);
1758 wpa_supplicant_clear_connection(wpa_s, addr);
1761 static void wpa_supplicant_enable_one_network(struct wpa_supplicant *wpa_s,
1762 struct wpa_ssid *ssid)
1764 if (!ssid || !ssid->disabled || ssid->disabled == 2)
1768 wpas_clear_temp_disabled(wpa_s, ssid, 1);
1769 wpas_notify_network_enabled_changed(wpa_s, ssid);
1772 * Try to reassociate since there is no current configuration and a new
1773 * network was made available.
1775 if (!wpa_s->current_ssid)
1776 wpa_s->reassociate = 1;
1781 * wpa_supplicant_enable_network - Mark a configured network as enabled
1782 * @wpa_s: wpa_supplicant structure for a network interface
1783 * @ssid: wpa_ssid structure for a configured network or %NULL
1785 * Enables the specified network or all networks if no network specified.
1787 void wpa_supplicant_enable_network(struct wpa_supplicant *wpa_s,
1788 struct wpa_ssid *ssid)
1791 for (ssid = wpa_s->conf->ssid; ssid; ssid = ssid->next)
1792 wpa_supplicant_enable_one_network(wpa_s, ssid);
1794 wpa_supplicant_enable_one_network(wpa_s, ssid);
1796 if (wpa_s->reassociate) {
1797 if (wpa_s->sched_scanning) {
1798 wpa_printf(MSG_DEBUG, "Stop ongoing sched_scan to add "
1799 "new network to scan filters");
1800 wpa_supplicant_cancel_sched_scan(wpa_s);
1803 wpa_supplicant_req_scan(wpa_s, 0, 0);
1809 * wpa_supplicant_disable_network - Mark a configured network as disabled
1810 * @wpa_s: wpa_supplicant structure for a network interface
1811 * @ssid: wpa_ssid structure for a configured network or %NULL
1813 * Disables the specified network or all networks if no network specified.
1815 void wpa_supplicant_disable_network(struct wpa_supplicant *wpa_s,
1816 struct wpa_ssid *ssid)
1818 struct wpa_ssid *other_ssid;
1822 if (wpa_s->sched_scanning)
1823 wpa_supplicant_cancel_sched_scan(wpa_s);
1825 for (other_ssid = wpa_s->conf->ssid; other_ssid;
1826 other_ssid = other_ssid->next) {
1827 was_disabled = other_ssid->disabled;
1828 if (was_disabled == 2)
1829 continue; /* do not change persistent P2P group
1832 other_ssid->disabled = 1;
1834 if (was_disabled != other_ssid->disabled)
1835 wpas_notify_network_enabled_changed(
1838 if (wpa_s->current_ssid)
1839 wpa_supplicant_deauthenticate(
1840 wpa_s, WLAN_REASON_DEAUTH_LEAVING);
1841 } else if (ssid->disabled != 2) {
1842 if (ssid == wpa_s->current_ssid)
1843 wpa_supplicant_deauthenticate(
1844 wpa_s, WLAN_REASON_DEAUTH_LEAVING);
1846 was_disabled = ssid->disabled;
1850 if (was_disabled != ssid->disabled) {
1851 wpas_notify_network_enabled_changed(wpa_s, ssid);
1852 if (wpa_s->sched_scanning) {
1853 wpa_printf(MSG_DEBUG, "Stop ongoing sched_scan "
1854 "to remove network from filters");
1855 wpa_supplicant_cancel_sched_scan(wpa_s);
1856 wpa_supplicant_req_scan(wpa_s, 0, 0);
1864 * wpa_supplicant_select_network - Attempt association with a network
1865 * @wpa_s: wpa_supplicant structure for a network interface
1866 * @ssid: wpa_ssid structure for a configured network or %NULL for any network
1868 void wpa_supplicant_select_network(struct wpa_supplicant *wpa_s,
1869 struct wpa_ssid *ssid)
1872 struct wpa_ssid *other_ssid;
1873 int disconnected = 0;
1875 if (ssid && ssid != wpa_s->current_ssid && wpa_s->current_ssid) {
1876 wpa_supplicant_deauthenticate(
1877 wpa_s, WLAN_REASON_DEAUTH_LEAVING);
1882 wpas_clear_temp_disabled(wpa_s, ssid, 1);
1885 * Mark all other networks disabled or mark all networks enabled if no
1886 * network specified.
1888 for (other_ssid = wpa_s->conf->ssid; other_ssid;
1889 other_ssid = other_ssid->next) {
1890 int was_disabled = other_ssid->disabled;
1891 if (was_disabled == 2)
1892 continue; /* do not change persistent P2P group data */
1894 other_ssid->disabled = ssid ? (ssid->id != other_ssid->id) : 0;
1895 if (was_disabled && !other_ssid->disabled)
1896 wpas_clear_temp_disabled(wpa_s, other_ssid, 0);
1898 if (was_disabled != other_ssid->disabled)
1899 wpas_notify_network_enabled_changed(wpa_s, other_ssid);
1902 if (ssid && ssid == wpa_s->current_ssid && wpa_s->current_ssid) {
1903 /* We are already associated with the selected network */
1904 wpa_printf(MSG_DEBUG, "Already associated with the "
1905 "selected network - do nothing");
1910 wpa_s->current_ssid = ssid;
1911 wpa_s->connect_without_scan = NULL;
1912 wpa_s->disconnected = 0;
1913 wpa_s->reassociate = 1;
1915 if (wpa_supplicant_fast_associate(wpa_s) != 1)
1916 wpa_supplicant_req_scan(wpa_s, 0, disconnected ? 100000 : 0);
1919 wpas_notify_network_selected(wpa_s, ssid);
1924 * wpa_supplicant_set_ap_scan - Set AP scan mode for interface
1925 * @wpa_s: wpa_supplicant structure for a network interface
1926 * @ap_scan: AP scan mode
1927 * Returns: 0 if succeed or -1 if ap_scan has an invalid value
1930 int wpa_supplicant_set_ap_scan(struct wpa_supplicant *wpa_s, int ap_scan)
1935 if (ap_scan < 0 || ap_scan > 2)
1939 if (ap_scan == 2 && ap_scan != wpa_s->conf->ap_scan &&
1940 wpa_s->wpa_state >= WPA_ASSOCIATING &&
1941 wpa_s->wpa_state < WPA_COMPLETED) {
1942 wpa_printf(MSG_ERROR, "ap_scan = %d (%d) rejected while "
1943 "associating", wpa_s->conf->ap_scan, ap_scan);
1946 #endif /* ANDROID */
1948 old_ap_scan = wpa_s->conf->ap_scan;
1949 wpa_s->conf->ap_scan = ap_scan;
1951 if (old_ap_scan != wpa_s->conf->ap_scan)
1952 wpas_notify_ap_scan_changed(wpa_s);
1959 * wpa_supplicant_set_bss_expiration_age - Set BSS entry expiration age
1960 * @wpa_s: wpa_supplicant structure for a network interface
1961 * @expire_age: Expiration age in seconds
1962 * Returns: 0 if succeed or -1 if expire_age has an invalid value
1965 int wpa_supplicant_set_bss_expiration_age(struct wpa_supplicant *wpa_s,
1966 unsigned int bss_expire_age)
1968 if (bss_expire_age < 10) {
1969 wpa_msg(wpa_s, MSG_ERROR, "Invalid bss expiration age %u",
1973 wpa_msg(wpa_s, MSG_DEBUG, "Setting bss expiration age: %d sec",
1975 wpa_s->conf->bss_expiration_age = bss_expire_age;
1982 * wpa_supplicant_set_bss_expiration_count - Set BSS entry expiration scan count
1983 * @wpa_s: wpa_supplicant structure for a network interface
1984 * @expire_count: number of scans after which an unseen BSS is reclaimed
1985 * Returns: 0 if succeed or -1 if expire_count has an invalid value
1988 int wpa_supplicant_set_bss_expiration_count(struct wpa_supplicant *wpa_s,
1989 unsigned int bss_expire_count)
1991 if (bss_expire_count < 1) {
1992 wpa_msg(wpa_s, MSG_ERROR, "Invalid bss expiration count %u",
1996 wpa_msg(wpa_s, MSG_DEBUG, "Setting bss expiration scan count: %u",
1998 wpa_s->conf->bss_expiration_scan_count = bss_expire_count;
2005 * wpa_supplicant_set_scan_interval - Set scan interval
2006 * @wpa_s: wpa_supplicant structure for a network interface
2007 * @scan_interval: scan interval in seconds
2008 * Returns: 0 if succeed or -1 if scan_interval has an invalid value
2011 int wpa_supplicant_set_scan_interval(struct wpa_supplicant *wpa_s,
2014 if (scan_interval < 0) {
2015 wpa_msg(wpa_s, MSG_ERROR, "Invalid scan interval %d",
2019 wpa_msg(wpa_s, MSG_DEBUG, "Setting scan interval: %d sec",
2021 wpa_supplicant_update_scan_int(wpa_s, scan_interval);
2028 * wpa_supplicant_set_debug_params - Set global debug params
2029 * @global: wpa_global structure
2030 * @debug_level: debug level
2031 * @debug_timestamp: determines if show timestamp in debug data
2032 * @debug_show_keys: determines if show keys in debug data
2033 * Returns: 0 if succeed or -1 if debug_level has wrong value
2035 int wpa_supplicant_set_debug_params(struct wpa_global *global, int debug_level,
2036 int debug_timestamp, int debug_show_keys)
2039 int old_level, old_timestamp, old_show_keys;
2041 /* check for allowed debuglevels */
2042 if (debug_level != MSG_EXCESSIVE &&
2043 debug_level != MSG_MSGDUMP &&
2044 debug_level != MSG_DEBUG &&
2045 debug_level != MSG_INFO &&
2046 debug_level != MSG_WARNING &&
2047 debug_level != MSG_ERROR)
2050 old_level = wpa_debug_level;
2051 old_timestamp = wpa_debug_timestamp;
2052 old_show_keys = wpa_debug_show_keys;
2054 wpa_debug_level = debug_level;
2055 wpa_debug_timestamp = debug_timestamp ? 1 : 0;
2056 wpa_debug_show_keys = debug_show_keys ? 1 : 0;
2058 if (wpa_debug_level != old_level)
2059 wpas_notify_debug_level_changed(global);
2060 if (wpa_debug_timestamp != old_timestamp)
2061 wpas_notify_debug_timestamp_changed(global);
2062 if (wpa_debug_show_keys != old_show_keys)
2063 wpas_notify_debug_show_keys_changed(global);
2070 * wpa_supplicant_get_ssid - Get a pointer to the current network structure
2071 * @wpa_s: Pointer to wpa_supplicant data
2072 * Returns: A pointer to the current network structure or %NULL on failure
2074 struct wpa_ssid * wpa_supplicant_get_ssid(struct wpa_supplicant *wpa_s)
2076 struct wpa_ssid *entry;
2077 u8 ssid[MAX_SSID_LEN];
2083 res = wpa_drv_get_ssid(wpa_s, ssid);
2085 wpa_msg(wpa_s, MSG_WARNING, "Could not read SSID from "
2091 if (wpa_drv_get_bssid(wpa_s, bssid) < 0) {
2092 wpa_msg(wpa_s, MSG_WARNING, "Could not read BSSID from "
2097 wired = wpa_s->conf->ap_scan == 0 &&
2098 (wpa_s->drv_flags & WPA_DRIVER_FLAGS_WIRED);
2100 entry = wpa_s->conf->ssid;
2102 if (!wpas_network_disabled(wpa_s, entry) &&
2103 ((ssid_len == entry->ssid_len &&
2104 os_memcmp(ssid, entry->ssid, ssid_len) == 0) || wired) &&
2105 (!entry->bssid_set ||
2106 os_memcmp(bssid, entry->bssid, ETH_ALEN) == 0))
2109 if (!wpas_network_disabled(wpa_s, entry) &&
2110 (entry->key_mgmt & WPA_KEY_MGMT_WPS) &&
2111 (entry->ssid == NULL || entry->ssid_len == 0) &&
2112 (!entry->bssid_set ||
2113 os_memcmp(bssid, entry->bssid, ETH_ALEN) == 0))
2115 #endif /* CONFIG_WPS */
2117 if (!wpas_network_disabled(wpa_s, entry) && entry->bssid_set &&
2118 entry->ssid_len == 0 &&
2119 os_memcmp(bssid, entry->bssid, ETH_ALEN) == 0)
2122 entry = entry->next;
2129 static int select_driver(struct wpa_supplicant *wpa_s, int i)
2131 struct wpa_global *global = wpa_s->global;
2133 if (wpa_drivers[i]->global_init && global->drv_priv[i] == NULL) {
2134 global->drv_priv[i] = wpa_drivers[i]->global_init();
2135 if (global->drv_priv[i] == NULL) {
2136 wpa_printf(MSG_ERROR, "Failed to initialize driver "
2137 "'%s'", wpa_drivers[i]->name);
2142 wpa_s->driver = wpa_drivers[i];
2143 wpa_s->global_drv_priv = global->drv_priv[i];
2149 static int wpa_supplicant_set_driver(struct wpa_supplicant *wpa_s,
2154 const char *pos, *driver = name;
2159 if (wpa_drivers[0] == NULL) {
2160 wpa_msg(wpa_s, MSG_ERROR, "No driver interfaces build into "
2166 /* default to first driver in the list */
2167 return select_driver(wpa_s, 0);
2171 pos = os_strchr(driver, ',');
2175 len = os_strlen(driver);
2177 for (i = 0; wpa_drivers[i]; i++) {
2178 if (os_strlen(wpa_drivers[i]->name) == len &&
2179 os_strncmp(driver, wpa_drivers[i]->name, len) ==
2181 /* First driver that succeeds wins */
2182 if (select_driver(wpa_s, i) == 0)
2190 wpa_msg(wpa_s, MSG_ERROR, "Unsupported driver '%s'", name);
2196 * wpa_supplicant_rx_eapol - Deliver a received EAPOL frame to wpa_supplicant
2197 * @ctx: Context pointer (wpa_s); this is the ctx variable registered
2198 * with struct wpa_driver_ops::init()
2199 * @src_addr: Source address of the EAPOL frame
2200 * @buf: EAPOL data starting from the EAPOL header (i.e., no Ethernet header)
2201 * @len: Length of the EAPOL data
2203 * This function is called for each received EAPOL frame. Most driver
2204 * interfaces rely on more generic OS mechanism for receiving frames through
2205 * l2_packet, but if such a mechanism is not available, the driver wrapper may
2206 * take care of received EAPOL frames and deliver them to the core supplicant
2207 * code by calling this function.
2209 void wpa_supplicant_rx_eapol(void *ctx, const u8 *src_addr,
2210 const u8 *buf, size_t len)
2212 struct wpa_supplicant *wpa_s = ctx;
2214 wpa_dbg(wpa_s, MSG_DEBUG, "RX EAPOL from " MACSTR, MAC2STR(src_addr));
2215 wpa_hexdump(MSG_MSGDUMP, "RX EAPOL", buf, len);
2217 if (wpa_s->wpa_state < WPA_ASSOCIATED ||
2218 (wpa_s->last_eapol_matches_bssid &&
2221 #endif /* CONFIG_AP */
2222 os_memcmp(src_addr, wpa_s->bssid, ETH_ALEN) != 0)) {
2224 * There is possible race condition between receiving the
2225 * association event and the EAPOL frame since they are coming
2226 * through different paths from the driver. In order to avoid
2227 * issues in trying to process the EAPOL frame before receiving
2228 * association information, lets queue it for processing until
2229 * the association event is received. This may also be needed in
2230 * driver-based roaming case, so also use src_addr != BSSID as a
2231 * trigger if we have previously confirmed that the
2232 * Authenticator uses BSSID as the src_addr (which is not the
2233 * case with wired IEEE 802.1X).
2235 wpa_dbg(wpa_s, MSG_DEBUG, "Not associated - Delay processing "
2236 "of received EAPOL frame (state=%s bssid=" MACSTR ")",
2237 wpa_supplicant_state_txt(wpa_s->wpa_state),
2238 MAC2STR(wpa_s->bssid));
2239 wpabuf_free(wpa_s->pending_eapol_rx);
2240 wpa_s->pending_eapol_rx = wpabuf_alloc_copy(buf, len);
2241 if (wpa_s->pending_eapol_rx) {
2242 os_get_time(&wpa_s->pending_eapol_rx_time);
2243 os_memcpy(wpa_s->pending_eapol_rx_src, src_addr,
2249 wpa_s->last_eapol_matches_bssid =
2250 os_memcmp(src_addr, wpa_s->bssid, ETH_ALEN) == 0;
2253 if (wpa_s->ap_iface) {
2254 wpa_supplicant_ap_rx_eapol(wpa_s, src_addr, buf, len);
2257 #endif /* CONFIG_AP */
2259 if (wpa_s->key_mgmt == WPA_KEY_MGMT_NONE) {
2260 wpa_dbg(wpa_s, MSG_DEBUG, "Ignored received EAPOL frame since "
2261 "no key management is configured");
2265 if (wpa_s->eapol_received == 0 &&
2266 (!(wpa_s->drv_flags & WPA_DRIVER_FLAGS_4WAY_HANDSHAKE) ||
2267 !wpa_key_mgmt_wpa_psk(wpa_s->key_mgmt) ||
2268 wpa_s->wpa_state != WPA_COMPLETED) &&
2269 (wpa_s->current_ssid == NULL ||
2270 wpa_s->current_ssid->mode != IEEE80211_MODE_IBSS)) {
2271 /* Timeout for completing IEEE 802.1X and WPA authentication */
2272 wpa_supplicant_req_auth_timeout(
2274 (wpa_key_mgmt_wpa_ieee8021x(wpa_s->key_mgmt) ||
2275 wpa_s->key_mgmt == WPA_KEY_MGMT_IEEE8021X_NO_WPA ||
2276 wpa_s->key_mgmt == WPA_KEY_MGMT_WPS) ?
2279 wpa_s->eapol_received++;
2281 if (wpa_s->countermeasures) {
2282 wpa_msg(wpa_s, MSG_INFO, "WPA: Countermeasures - dropped "
2287 #ifdef CONFIG_IBSS_RSN
2288 if (wpa_s->current_ssid &&
2289 wpa_s->current_ssid->mode == WPAS_MODE_IBSS) {
2290 ibss_rsn_rx_eapol(wpa_s->ibss_rsn, src_addr, buf, len);
2293 #endif /* CONFIG_IBSS_RSN */
2295 /* Source address of the incoming EAPOL frame could be compared to the
2296 * current BSSID. However, it is possible that a centralized
2297 * Authenticator could be using another MAC address than the BSSID of
2298 * an AP, so just allow any address to be used for now. The replies are
2299 * still sent to the current BSSID (if available), though. */
2301 os_memcpy(wpa_s->last_eapol_src, src_addr, ETH_ALEN);
2302 if (!wpa_key_mgmt_wpa_psk(wpa_s->key_mgmt) &&
2303 eapol_sm_rx_eapol(wpa_s->eapol, src_addr, buf, len) > 0)
2305 wpa_drv_poll(wpa_s);
2306 if (!(wpa_s->drv_flags & WPA_DRIVER_FLAGS_4WAY_HANDSHAKE))
2307 wpa_sm_rx_eapol(wpa_s->wpa, src_addr, buf, len);
2308 else if (wpa_key_mgmt_wpa_ieee8021x(wpa_s->key_mgmt)) {
2310 * Set portValid = TRUE here since we are going to skip 4-way
2311 * handshake processing which would normally set portValid. We
2312 * need this to allow the EAPOL state machines to be completed
2313 * without going through EAPOL-Key handshake.
2315 eapol_sm_notify_portValid(wpa_s->eapol, TRUE);
2320 int wpa_supplicant_update_mac_addr(struct wpa_supplicant *wpa_s)
2322 if (wpa_s->driver->send_eapol) {
2323 const u8 *addr = wpa_drv_get_mac_addr(wpa_s);
2325 os_memcpy(wpa_s->own_addr, addr, ETH_ALEN);
2326 } else if (!(wpa_s->drv_flags &
2327 WPA_DRIVER_FLAGS_P2P_DEDICATED_INTERFACE)) {
2328 l2_packet_deinit(wpa_s->l2);
2329 wpa_s->l2 = l2_packet_init(wpa_s->ifname,
2330 wpa_drv_get_mac_addr(wpa_s),
2332 wpa_supplicant_rx_eapol, wpa_s, 0);
2333 if (wpa_s->l2 == NULL)
2336 const u8 *addr = wpa_drv_get_mac_addr(wpa_s);
2338 os_memcpy(wpa_s->own_addr, addr, ETH_ALEN);
2341 if (wpa_s->l2 && l2_packet_get_own_addr(wpa_s->l2, wpa_s->own_addr)) {
2342 wpa_msg(wpa_s, MSG_ERROR, "Failed to get own L2 address");
2346 wpa_dbg(wpa_s, MSG_DEBUG, "Own MAC address: " MACSTR,
2347 MAC2STR(wpa_s->own_addr));
2348 wpa_sm_set_own_addr(wpa_s->wpa, wpa_s->own_addr);
2354 static void wpa_supplicant_rx_eapol_bridge(void *ctx, const u8 *src_addr,
2355 const u8 *buf, size_t len)
2357 struct wpa_supplicant *wpa_s = ctx;
2358 const struct l2_ethhdr *eth;
2360 if (len < sizeof(*eth))
2362 eth = (const struct l2_ethhdr *) buf;
2364 if (os_memcmp(eth->h_dest, wpa_s->own_addr, ETH_ALEN) != 0 &&
2365 !(eth->h_dest[0] & 0x01)) {
2366 wpa_dbg(wpa_s, MSG_DEBUG, "RX EAPOL from " MACSTR " to " MACSTR
2367 " (bridge - not for this interface - ignore)",
2368 MAC2STR(src_addr), MAC2STR(eth->h_dest));
2372 wpa_dbg(wpa_s, MSG_DEBUG, "RX EAPOL from " MACSTR " to " MACSTR
2373 " (bridge)", MAC2STR(src_addr), MAC2STR(eth->h_dest));
2374 wpa_supplicant_rx_eapol(wpa_s, src_addr, buf + sizeof(*eth),
2375 len - sizeof(*eth));
2380 * wpa_supplicant_driver_init - Initialize driver interface parameters
2381 * @wpa_s: Pointer to wpa_supplicant data
2382 * Returns: 0 on success, -1 on failure
2384 * This function is called to initialize driver interface parameters.
2385 * wpa_drv_init() must have been called before this function to initialize the
2388 int wpa_supplicant_driver_init(struct wpa_supplicant *wpa_s)
2390 static int interface_count = 0;
2392 if (wpa_supplicant_update_mac_addr(wpa_s) < 0)
2395 if (wpa_s->bridge_ifname[0]) {
2396 wpa_dbg(wpa_s, MSG_DEBUG, "Receiving packets from bridge "
2397 "interface '%s'", wpa_s->bridge_ifname);
2398 wpa_s->l2_br = l2_packet_init(wpa_s->bridge_ifname,
2401 wpa_supplicant_rx_eapol_bridge,
2403 if (wpa_s->l2_br == NULL) {
2404 wpa_msg(wpa_s, MSG_ERROR, "Failed to open l2_packet "
2405 "connection for the bridge interface '%s'",
2406 wpa_s->bridge_ifname);
2411 wpa_clear_keys(wpa_s, NULL);
2413 /* Make sure that TKIP countermeasures are not left enabled (could
2414 * happen if wpa_supplicant is killed during countermeasures. */
2415 wpa_drv_set_countermeasures(wpa_s, 0);
2417 wpa_dbg(wpa_s, MSG_DEBUG, "RSN: flushing PMKID list in the driver");
2418 wpa_drv_flush_pmkid(wpa_s);
2420 wpa_s->prev_scan_ssid = WILDCARD_SSID_SCAN;
2421 wpa_s->prev_scan_wildcard = 0;
2423 if (wpa_supplicant_enabled_networks(wpa_s)) {
2424 if (wpa_supplicant_delayed_sched_scan(wpa_s, interface_count,
2426 wpa_supplicant_req_scan(wpa_s, interface_count,
2430 wpa_supplicant_set_state(wpa_s, WPA_INACTIVE);
2436 static int wpa_supplicant_daemon(const char *pid_file)
2438 wpa_printf(MSG_DEBUG, "Daemonize..");
2439 return os_daemonize(pid_file);
2443 static struct wpa_supplicant * wpa_supplicant_alloc(void)
2445 struct wpa_supplicant *wpa_s;
2447 wpa_s = os_zalloc(sizeof(*wpa_s));
2450 wpa_s->scan_req = INITIAL_SCAN_REQ;
2451 wpa_s->scan_interval = 5;
2452 wpa_s->new_connection = 1;
2453 wpa_s->parent = wpa_s;
2454 wpa_s->sched_scanning = 0;
2460 #ifdef CONFIG_HT_OVERRIDES
2462 static int wpa_set_htcap_mcs(struct wpa_supplicant *wpa_s,
2463 struct ieee80211_ht_capabilities *htcaps,
2464 struct ieee80211_ht_capabilities *htcaps_mask,
2467 /* parse ht_mcs into hex array */
2469 const char *tmp = ht_mcs;
2472 /* If ht_mcs is null, do not set anything */
2476 /* This is what we are setting in the kernel */
2477 os_memset(&htcaps->supported_mcs_set, 0, IEEE80211_HT_MCS_MASK_LEN);
2479 wpa_msg(wpa_s, MSG_DEBUG, "set_htcap, ht_mcs -:%s:-", ht_mcs);
2481 for (i = 0; i < IEEE80211_HT_MCS_MASK_LEN; i++) {
2483 long v = strtol(tmp, &end, 16);
2485 wpa_msg(wpa_s, MSG_DEBUG,
2486 "htcap value[%i]: %ld end: %p tmp: %p",
2491 htcaps->supported_mcs_set[i] = v;
2494 wpa_msg(wpa_s, MSG_ERROR,
2495 "Failed to parse ht-mcs: %s, error: %s\n",
2496 ht_mcs, strerror(errno));
2502 * If we were able to parse any values, then set mask for the MCS set.
2505 os_memset(&htcaps_mask->supported_mcs_set, 0xff,
2506 IEEE80211_HT_MCS_MASK_LEN - 1);
2507 /* skip the 3 reserved bits */
2508 htcaps_mask->supported_mcs_set[IEEE80211_HT_MCS_MASK_LEN - 1] =
2516 static int wpa_disable_max_amsdu(struct wpa_supplicant *wpa_s,
2517 struct ieee80211_ht_capabilities *htcaps,
2518 struct ieee80211_ht_capabilities *htcaps_mask,
2523 wpa_msg(wpa_s, MSG_DEBUG, "set_disable_max_amsdu: %d", disabled);
2528 msk = host_to_le16(HT_CAP_INFO_MAX_AMSDU_SIZE);
2529 htcaps_mask->ht_capabilities_info |= msk;
2531 htcaps->ht_capabilities_info &= msk;
2533 htcaps->ht_capabilities_info |= msk;
2539 static int wpa_set_ampdu_factor(struct wpa_supplicant *wpa_s,
2540 struct ieee80211_ht_capabilities *htcaps,
2541 struct ieee80211_ht_capabilities *htcaps_mask,
2544 wpa_msg(wpa_s, MSG_DEBUG, "set_ampdu_factor: %d", factor);
2549 if (factor < 0 || factor > 3) {
2550 wpa_msg(wpa_s, MSG_ERROR, "ampdu_factor: %d out of range. "
2551 "Must be 0-3 or -1", factor);
2555 htcaps_mask->a_mpdu_params |= 0x3; /* 2 bits for factor */
2556 htcaps->a_mpdu_params &= ~0x3;
2557 htcaps->a_mpdu_params |= factor & 0x3;
2563 static int wpa_set_ampdu_density(struct wpa_supplicant *wpa_s,
2564 struct ieee80211_ht_capabilities *htcaps,
2565 struct ieee80211_ht_capabilities *htcaps_mask,
2568 wpa_msg(wpa_s, MSG_DEBUG, "set_ampdu_density: %d", density);
2573 if (density < 0 || density > 7) {
2574 wpa_msg(wpa_s, MSG_ERROR,
2575 "ampdu_density: %d out of range. Must be 0-7 or -1.",
2580 htcaps_mask->a_mpdu_params |= 0x1C;
2581 htcaps->a_mpdu_params &= ~(0x1C);
2582 htcaps->a_mpdu_params |= (density << 2) & 0x1C;
2588 static int wpa_set_disable_ht40(struct wpa_supplicant *wpa_s,
2589 struct ieee80211_ht_capabilities *htcaps,
2590 struct ieee80211_ht_capabilities *htcaps_mask,
2593 /* Masking these out disables HT40 */
2594 u16 msk = host_to_le16(HT_CAP_INFO_SUPP_CHANNEL_WIDTH_SET |
2595 HT_CAP_INFO_SHORT_GI40MHZ);
2597 wpa_msg(wpa_s, MSG_DEBUG, "set_disable_ht40: %d", disabled);
2600 htcaps->ht_capabilities_info &= ~msk;
2602 htcaps->ht_capabilities_info |= msk;
2604 htcaps_mask->ht_capabilities_info |= msk;
2610 static int wpa_set_disable_sgi(struct wpa_supplicant *wpa_s,
2611 struct ieee80211_ht_capabilities *htcaps,
2612 struct ieee80211_ht_capabilities *htcaps_mask,
2615 /* Masking these out disables SGI */
2616 u16 msk = host_to_le16(HT_CAP_INFO_SHORT_GI20MHZ |
2617 HT_CAP_INFO_SHORT_GI40MHZ);
2619 wpa_msg(wpa_s, MSG_DEBUG, "set_disable_sgi: %d", disabled);
2622 htcaps->ht_capabilities_info &= ~msk;
2624 htcaps->ht_capabilities_info |= msk;
2626 htcaps_mask->ht_capabilities_info |= msk;
2632 void wpa_supplicant_apply_ht_overrides(
2633 struct wpa_supplicant *wpa_s, struct wpa_ssid *ssid,
2634 struct wpa_driver_associate_params *params)
2636 struct ieee80211_ht_capabilities *htcaps;
2637 struct ieee80211_ht_capabilities *htcaps_mask;
2642 params->disable_ht = ssid->disable_ht;
2643 if (!params->htcaps || !params->htcaps_mask)
2646 htcaps = (struct ieee80211_ht_capabilities *) params->htcaps;
2647 htcaps_mask = (struct ieee80211_ht_capabilities *) params->htcaps_mask;
2648 wpa_set_htcap_mcs(wpa_s, htcaps, htcaps_mask, ssid->ht_mcs);
2649 wpa_disable_max_amsdu(wpa_s, htcaps, htcaps_mask,
2650 ssid->disable_max_amsdu);
2651 wpa_set_ampdu_factor(wpa_s, htcaps, htcaps_mask, ssid->ampdu_factor);
2652 wpa_set_ampdu_density(wpa_s, htcaps, htcaps_mask, ssid->ampdu_density);
2653 wpa_set_disable_ht40(wpa_s, htcaps, htcaps_mask, ssid->disable_ht40);
2654 wpa_set_disable_sgi(wpa_s, htcaps, htcaps_mask, ssid->disable_sgi);
2657 #endif /* CONFIG_HT_OVERRIDES */
2660 #ifdef CONFIG_VHT_OVERRIDES
2661 void wpa_supplicant_apply_vht_overrides(
2662 struct wpa_supplicant *wpa_s, struct wpa_ssid *ssid,
2663 struct wpa_driver_associate_params *params)
2665 struct ieee80211_vht_capabilities *vhtcaps;
2666 struct ieee80211_vht_capabilities *vhtcaps_mask;
2671 params->disable_vht = ssid->disable_vht;
2673 vhtcaps = (void *) params->vhtcaps;
2674 vhtcaps_mask = (void *) params->vhtcaps_mask;
2676 if (!vhtcaps || !vhtcaps_mask)
2679 vhtcaps->vht_capabilities_info = ssid->vht_capa;
2680 vhtcaps_mask->vht_capabilities_info = ssid->vht_capa_mask;
2682 #define OVERRIDE_MCS(i) \
2683 if (ssid->vht_tx_mcs_nss_ ##i >= 0) { \
2684 vhtcaps_mask->vht_supported_mcs_set.tx_map |= \
2686 vhtcaps->vht_supported_mcs_set.tx_map |= \
2687 ssid->vht_tx_mcs_nss_ ##i << 2 * (i - 1); \
2689 if (ssid->vht_rx_mcs_nss_ ##i >= 0) { \
2690 vhtcaps_mask->vht_supported_mcs_set.rx_map |= \
2692 vhtcaps->vht_supported_mcs_set.rx_map |= \
2693 ssid->vht_rx_mcs_nss_ ##i << 2 * (i - 1); \
2705 #endif /* CONFIG_VHT_OVERRIDES */
2708 static int pcsc_reader_init(struct wpa_supplicant *wpa_s)
2713 if (!wpa_s->conf->pcsc_reader)
2716 wpa_s->scard = scard_init(SCARD_TRY_BOTH, wpa_s->conf->pcsc_reader);
2720 if (wpa_s->conf->pcsc_pin &&
2721 scard_set_pin(wpa_s->scard, wpa_s->conf->pcsc_pin) < 0) {
2722 scard_deinit(wpa_s->scard);
2723 wpa_s->scard = NULL;
2724 wpa_msg(wpa_s, MSG_ERROR, "PC/SC PIN validation failed");
2728 len = sizeof(wpa_s->imsi) - 1;
2729 if (scard_get_imsi(wpa_s->scard, wpa_s->imsi, &len)) {
2730 scard_deinit(wpa_s->scard);
2731 wpa_s->scard = NULL;
2732 wpa_msg(wpa_s, MSG_ERROR, "Could not read IMSI");
2735 wpa_s->imsi[len] = '\0';
2737 wpa_s->mnc_len = scard_get_mnc_len(wpa_s->scard);
2739 wpa_printf(MSG_DEBUG, "SCARD: IMSI %s (MNC length %d)",
2740 wpa_s->imsi, wpa_s->mnc_len);
2742 wpa_sm_set_scard_ctx(wpa_s->wpa, wpa_s->scard);
2743 eapol_sm_register_scard_ctx(wpa_s->eapol, wpa_s->scard);
2744 #endif /* PCSC_FUNCS */
2750 int wpas_init_ext_pw(struct wpa_supplicant *wpa_s)
2754 ext_password_deinit(wpa_s->ext_pw);
2755 wpa_s->ext_pw = NULL;
2756 eapol_sm_set_ext_pw_ctx(wpa_s->eapol, NULL);
2758 if (!wpa_s->conf->ext_password_backend)
2761 val = os_strdup(wpa_s->conf->ext_password_backend);
2764 pos = os_strchr(val, ':');
2768 wpa_printf(MSG_DEBUG, "EXT PW: Initialize backend '%s'", val);
2770 wpa_s->ext_pw = ext_password_init(val, pos);
2772 if (wpa_s->ext_pw == NULL) {
2773 wpa_printf(MSG_DEBUG, "EXT PW: Failed to initialize backend");
2776 eapol_sm_set_ext_pw_ctx(wpa_s->eapol, wpa_s->ext_pw);
2782 static int wpa_supplicant_init_iface(struct wpa_supplicant *wpa_s,
2783 struct wpa_interface *iface)
2785 const char *ifname, *driver;
2786 struct wpa_driver_capa capa;
2788 wpa_printf(MSG_DEBUG, "Initializing interface '%s' conf '%s' driver "
2789 "'%s' ctrl_interface '%s' bridge '%s'", iface->ifname,
2790 iface->confname ? iface->confname : "N/A",
2791 iface->driver ? iface->driver : "default",
2792 iface->ctrl_interface ? iface->ctrl_interface : "N/A",
2793 iface->bridge_ifname ? iface->bridge_ifname : "N/A");
2795 if (iface->confname) {
2796 #ifdef CONFIG_BACKEND_FILE
2797 wpa_s->confname = os_rel2abs_path(iface->confname);
2798 if (wpa_s->confname == NULL) {
2799 wpa_printf(MSG_ERROR, "Failed to get absolute path "
2800 "for configuration file '%s'.",
2804 wpa_printf(MSG_DEBUG, "Configuration file '%s' -> '%s'",
2805 iface->confname, wpa_s->confname);
2806 #else /* CONFIG_BACKEND_FILE */
2807 wpa_s->confname = os_strdup(iface->confname);
2808 #endif /* CONFIG_BACKEND_FILE */
2809 wpa_s->conf = wpa_config_read(wpa_s->confname, NULL);
2810 if (wpa_s->conf == NULL) {
2811 wpa_printf(MSG_ERROR, "Failed to read or parse "
2812 "configuration '%s'.", wpa_s->confname);
2815 wpa_s->confanother = os_rel2abs_path(iface->confanother);
2816 wpa_config_read(wpa_s->confanother, wpa_s->conf);
2819 * Override ctrl_interface and driver_param if set on command
2822 if (iface->ctrl_interface) {
2823 os_free(wpa_s->conf->ctrl_interface);
2824 wpa_s->conf->ctrl_interface =
2825 os_strdup(iface->ctrl_interface);
2828 if (iface->driver_param) {
2829 os_free(wpa_s->conf->driver_param);
2830 wpa_s->conf->driver_param =
2831 os_strdup(iface->driver_param);
2834 wpa_s->conf = wpa_config_alloc_empty(iface->ctrl_interface,
2835 iface->driver_param);
2837 if (wpa_s->conf == NULL) {
2838 wpa_printf(MSG_ERROR, "\nNo configuration found.");
2842 if (iface->ifname == NULL) {
2843 wpa_printf(MSG_ERROR, "\nInterface name is required.");
2846 if (os_strlen(iface->ifname) >= sizeof(wpa_s->ifname)) {
2847 wpa_printf(MSG_ERROR, "\nToo long interface name '%s'.",
2851 os_strlcpy(wpa_s->ifname, iface->ifname, sizeof(wpa_s->ifname));
2853 if (iface->bridge_ifname) {
2854 if (os_strlen(iface->bridge_ifname) >=
2855 sizeof(wpa_s->bridge_ifname)) {
2856 wpa_printf(MSG_ERROR, "\nToo long bridge interface "
2857 "name '%s'.", iface->bridge_ifname);
2860 os_strlcpy(wpa_s->bridge_ifname, iface->bridge_ifname,
2861 sizeof(wpa_s->bridge_ifname));
2864 /* RSNA Supplicant Key Management - INITIALIZE */
2865 eapol_sm_notify_portEnabled(wpa_s->eapol, FALSE);
2866 eapol_sm_notify_portValid(wpa_s->eapol, FALSE);
2868 /* Initialize driver interface and register driver event handler before
2869 * L2 receive handler so that association events are processed before
2870 * EAPOL-Key packets if both become available for the same select()
2872 driver = iface->driver;
2874 if (wpa_supplicant_set_driver(wpa_s, driver) < 0)
2877 wpa_s->drv_priv = wpa_drv_init(wpa_s, wpa_s->ifname);
2878 if (wpa_s->drv_priv == NULL) {
2880 pos = driver ? os_strchr(driver, ',') : NULL;
2882 wpa_dbg(wpa_s, MSG_DEBUG, "Failed to initialize "
2883 "driver interface - try next driver wrapper");
2887 wpa_msg(wpa_s, MSG_ERROR, "Failed to initialize driver "
2891 if (wpa_drv_set_param(wpa_s, wpa_s->conf->driver_param) < 0) {
2892 wpa_msg(wpa_s, MSG_ERROR, "Driver interface rejected "
2893 "driver_param '%s'", wpa_s->conf->driver_param);
2897 ifname = wpa_drv_get_ifname(wpa_s);
2898 if (ifname && os_strcmp(ifname, wpa_s->ifname) != 0) {
2899 wpa_dbg(wpa_s, MSG_DEBUG, "Driver interface replaced "
2900 "interface name with '%s'", ifname);
2901 os_strlcpy(wpa_s->ifname, ifname, sizeof(wpa_s->ifname));
2904 if (wpa_supplicant_init_wpa(wpa_s) < 0)
2907 wpa_sm_set_ifname(wpa_s->wpa, wpa_s->ifname,
2908 wpa_s->bridge_ifname[0] ? wpa_s->bridge_ifname :
2910 wpa_sm_set_fast_reauth(wpa_s->wpa, wpa_s->conf->fast_reauth);
2912 if (wpa_s->conf->dot11RSNAConfigPMKLifetime &&
2913 wpa_sm_set_param(wpa_s->wpa, RSNA_PMK_LIFETIME,
2914 wpa_s->conf->dot11RSNAConfigPMKLifetime)) {
2915 wpa_msg(wpa_s, MSG_ERROR, "Invalid WPA parameter value for "
2916 "dot11RSNAConfigPMKLifetime");
2920 if (wpa_s->conf->dot11RSNAConfigPMKReauthThreshold &&
2921 wpa_sm_set_param(wpa_s->wpa, RSNA_PMK_REAUTH_THRESHOLD,
2922 wpa_s->conf->dot11RSNAConfigPMKReauthThreshold)) {
2923 wpa_msg(wpa_s, MSG_ERROR, "Invalid WPA parameter value for "
2924 "dot11RSNAConfigPMKReauthThreshold");
2928 if (wpa_s->conf->dot11RSNAConfigSATimeout &&
2929 wpa_sm_set_param(wpa_s->wpa, RSNA_SA_TIMEOUT,
2930 wpa_s->conf->dot11RSNAConfigSATimeout)) {
2931 wpa_msg(wpa_s, MSG_ERROR, "Invalid WPA parameter value for "
2932 "dot11RSNAConfigSATimeout");
2936 wpa_s->hw.modes = wpa_drv_get_hw_feature_data(wpa_s,
2937 &wpa_s->hw.num_modes,
2940 if (wpa_drv_get_capa(wpa_s, &capa) == 0) {
2941 wpa_s->drv_capa_known = 1;
2942 wpa_s->drv_flags = capa.flags;
2943 wpa_s->drv_enc = capa.enc;
2944 wpa_s->probe_resp_offloads = capa.probe_resp_offloads;
2945 wpa_s->max_scan_ssids = capa.max_scan_ssids;
2946 wpa_s->max_sched_scan_ssids = capa.max_sched_scan_ssids;
2947 wpa_s->sched_scan_supported = capa.sched_scan_supported;
2948 wpa_s->max_match_sets = capa.max_match_sets;
2949 wpa_s->max_remain_on_chan = capa.max_remain_on_chan;
2950 wpa_s->max_stations = capa.max_stations;
2951 wpa_s->extended_capa = capa.extended_capa;
2952 wpa_s->extended_capa_mask = capa.extended_capa_mask;
2953 wpa_s->extended_capa_len = capa.extended_capa_len;
2955 if (wpa_s->max_remain_on_chan == 0)
2956 wpa_s->max_remain_on_chan = 1000;
2958 if (wpa_supplicant_driver_init(wpa_s) < 0)
2962 if (wpa_tdls_init(wpa_s->wpa))
2964 #endif /* CONFIG_TDLS */
2966 if (wpa_s->conf->country[0] && wpa_s->conf->country[1] &&
2967 wpa_drv_set_country(wpa_s, wpa_s->conf->country)) {
2968 wpa_dbg(wpa_s, MSG_DEBUG, "Failed to set country");
2972 if (wpas_wps_init(wpa_s))
2975 if (wpa_supplicant_init_eapol(wpa_s) < 0)
2977 wpa_sm_set_eapol(wpa_s->wpa, wpa_s->eapol);
2979 wpa_s->ctrl_iface = wpa_supplicant_ctrl_iface_init(wpa_s);
2980 if (wpa_s->ctrl_iface == NULL) {
2981 wpa_printf(MSG_ERROR,
2982 "Failed to initialize control interface '%s'.\n"
2983 "You may have another wpa_supplicant process "
2984 "already running or the file was\n"
2985 "left by an unclean termination of wpa_supplicant "
2986 "in which case you will need\n"
2987 "to manually remove this file before starting "
2988 "wpa_supplicant again.\n",
2989 wpa_s->conf->ctrl_interface);
2993 wpa_s->gas = gas_query_init(wpa_s);
2994 if (wpa_s->gas == NULL) {
2995 wpa_printf(MSG_ERROR, "Failed to initialize GAS query");
3000 if (wpas_p2p_init(wpa_s->global, wpa_s) < 0) {
3001 wpa_msg(wpa_s, MSG_ERROR, "Failed to init P2P");
3004 #endif /* CONFIG_P2P */
3006 if (wpa_bss_init(wpa_s) < 0)
3009 if (pcsc_reader_init(wpa_s) < 0)
3012 if (wpas_init_ext_pw(wpa_s) < 0)
3019 static void wpa_supplicant_deinit_iface(struct wpa_supplicant *wpa_s,
3020 int notify, int terminate)
3022 if (wpa_s->drv_priv) {
3023 wpa_supplicant_deauthenticate(wpa_s,
3024 WLAN_REASON_DEAUTH_LEAVING);
3026 wpa_drv_set_countermeasures(wpa_s, 0);
3027 wpa_clear_keys(wpa_s, NULL);
3030 wpa_supplicant_cleanup(wpa_s);
3033 if (wpa_s == wpa_s->global->p2p_init_wpa_s && wpa_s->global->p2p) {
3034 wpa_dbg(wpa_s, MSG_DEBUG, "P2P: Disable P2P since removing "
3035 "the management interface is being removed");
3036 wpas_p2p_deinit_global(wpa_s->global);
3038 #endif /* CONFIG_P2P */
3040 if (wpa_s->drv_priv)
3041 wpa_drv_deinit(wpa_s);
3044 wpas_notify_iface_removed(wpa_s);
3047 wpa_msg(wpa_s, MSG_INFO, WPA_EVENT_TERMINATING);
3049 if (wpa_s->ctrl_iface) {
3050 wpa_supplicant_ctrl_iface_deinit(wpa_s->ctrl_iface);
3051 wpa_s->ctrl_iface = NULL;
3054 if (wpa_s->conf != NULL) {
3055 wpa_config_free(wpa_s->conf);
3062 * wpa_supplicant_add_iface - Add a new network interface
3063 * @global: Pointer to global data from wpa_supplicant_init()
3064 * @iface: Interface configuration options
3065 * Returns: Pointer to the created interface or %NULL on failure
3067 * This function is used to add new network interfaces for %wpa_supplicant.
3068 * This can be called before wpa_supplicant_run() to add interfaces before the
3069 * main event loop has been started. In addition, new interfaces can be added
3070 * dynamically while %wpa_supplicant is already running. This could happen,
3071 * e.g., when a hotplug network adapter is inserted.
3073 struct wpa_supplicant * wpa_supplicant_add_iface(struct wpa_global *global,
3074 struct wpa_interface *iface)
3076 struct wpa_supplicant *wpa_s;
3077 struct wpa_interface t_iface;
3078 struct wpa_ssid *ssid;
3080 if (global == NULL || iface == NULL)
3083 wpa_s = wpa_supplicant_alloc();
3087 wpa_s->global = global;
3090 if (global->params.override_driver) {
3091 wpa_printf(MSG_DEBUG, "Override interface parameter: driver "
3093 iface->driver, global->params.override_driver);
3094 t_iface.driver = global->params.override_driver;
3096 if (global->params.override_ctrl_interface) {
3097 wpa_printf(MSG_DEBUG, "Override interface parameter: "
3098 "ctrl_interface ('%s' -> '%s')",
3099 iface->ctrl_interface,
3100 global->params.override_ctrl_interface);
3101 t_iface.ctrl_interface =
3102 global->params.override_ctrl_interface;
3104 if (wpa_supplicant_init_iface(wpa_s, &t_iface)) {
3105 wpa_printf(MSG_DEBUG, "Failed to add interface %s",
3107 wpa_supplicant_deinit_iface(wpa_s, 0, 0);
3112 /* Notify the control interfaces about new iface */
3113 if (wpas_notify_iface_added(wpa_s)) {
3114 wpa_supplicant_deinit_iface(wpa_s, 1, 0);
3119 for (ssid = wpa_s->conf->ssid; ssid; ssid = ssid->next)
3120 wpas_notify_network_added(wpa_s, ssid);
3122 wpa_s->next = global->ifaces;
3123 global->ifaces = wpa_s;
3125 wpa_dbg(wpa_s, MSG_DEBUG, "Added interface %s", wpa_s->ifname);
3126 wpa_supplicant_set_state(wpa_s, WPA_DISCONNECTED);
3133 * wpa_supplicant_remove_iface - Remove a network interface
3134 * @global: Pointer to global data from wpa_supplicant_init()
3135 * @wpa_s: Pointer to the network interface to be removed
3136 * Returns: 0 if interface was removed, -1 if interface was not found
3138 * This function can be used to dynamically remove network interfaces from
3139 * %wpa_supplicant, e.g., when a hotplug network adapter is ejected. In
3140 * addition, this function is used to remove all remaining interfaces when
3141 * %wpa_supplicant is terminated.
3143 int wpa_supplicant_remove_iface(struct wpa_global *global,
3144 struct wpa_supplicant *wpa_s,
3147 struct wpa_supplicant *prev;
3149 /* Remove interface from the global list of interfaces */
3150 prev = global->ifaces;
3151 if (prev == wpa_s) {
3152 global->ifaces = wpa_s->next;
3154 while (prev && prev->next != wpa_s)
3158 prev->next = wpa_s->next;
3161 wpa_dbg(wpa_s, MSG_DEBUG, "Removing interface %s", wpa_s->ifname);
3163 if (global->p2p_group_formation == wpa_s)
3164 global->p2p_group_formation = NULL;
3165 if (global->p2p_invite_group == wpa_s)
3166 global->p2p_invite_group = NULL;
3167 wpa_supplicant_deinit_iface(wpa_s, 1, terminate);
3175 * wpa_supplicant_get_eap_mode - Get the current EAP mode
3176 * @wpa_s: Pointer to the network interface
3177 * Returns: Pointer to the eap mode or the string "UNKNOWN" if not found
3179 const char * wpa_supplicant_get_eap_mode(struct wpa_supplicant *wpa_s)
3181 const char *eapol_method;
3183 if (wpa_key_mgmt_wpa_ieee8021x(wpa_s->key_mgmt) == 0 &&
3184 wpa_s->key_mgmt != WPA_KEY_MGMT_IEEE8021X_NO_WPA) {
3188 eapol_method = eapol_sm_get_method_name(wpa_s->eapol);
3189 if (eapol_method == NULL)
3190 return "UNKNOWN-EAP";
3192 return eapol_method;
3197 * wpa_supplicant_get_iface - Get a new network interface
3198 * @global: Pointer to global data from wpa_supplicant_init()
3199 * @ifname: Interface name
3200 * Returns: Pointer to the interface or %NULL if not found
3202 struct wpa_supplicant * wpa_supplicant_get_iface(struct wpa_global *global,
3205 struct wpa_supplicant *wpa_s;
3207 for (wpa_s = global->ifaces; wpa_s; wpa_s = wpa_s->next) {
3208 if (os_strcmp(wpa_s->ifname, ifname) == 0)
3215 #ifndef CONFIG_NO_WPA_MSG
3216 static const char * wpa_supplicant_msg_ifname_cb(void *ctx)
3218 struct wpa_supplicant *wpa_s = ctx;
3221 return wpa_s->ifname;
3223 #endif /* CONFIG_NO_WPA_MSG */
3227 * wpa_supplicant_init - Initialize %wpa_supplicant
3228 * @params: Parameters for %wpa_supplicant
3229 * Returns: Pointer to global %wpa_supplicant data, or %NULL on failure
3231 * This function is used to initialize %wpa_supplicant. After successful
3232 * initialization, the returned data pointer can be used to add and remove
3233 * network interfaces, and eventually, to deinitialize %wpa_supplicant.
3235 struct wpa_global * wpa_supplicant_init(struct wpa_params *params)
3237 struct wpa_global *global;
3243 #ifdef CONFIG_DRIVER_NDIS
3245 void driver_ndis_init_ops(void);
3246 driver_ndis_init_ops();
3248 #endif /* CONFIG_DRIVER_NDIS */
3250 #ifndef CONFIG_NO_WPA_MSG
3251 wpa_msg_register_ifname_cb(wpa_supplicant_msg_ifname_cb);
3252 #endif /* CONFIG_NO_WPA_MSG */
3254 wpa_debug_open_file(params->wpa_debug_file_path);
3255 if (params->wpa_debug_syslog)
3256 wpa_debug_open_syslog();
3257 if (params->wpa_debug_tracing) {
3258 ret = wpa_debug_open_linux_tracing();
3260 wpa_printf(MSG_ERROR,
3261 "Failed to enable trace logging");
3266 ret = eap_register_methods();
3268 wpa_printf(MSG_ERROR, "Failed to register EAP methods");
3270 wpa_printf(MSG_ERROR, "Two or more EAP methods used "
3271 "the same EAP type.");
3275 global = os_zalloc(sizeof(*global));
3278 dl_list_init(&global->p2p_srv_bonjour);
3279 dl_list_init(&global->p2p_srv_upnp);
3280 global->params.daemonize = params->daemonize;
3281 global->params.wait_for_monitor = params->wait_for_monitor;
3282 global->params.dbus_ctrl_interface = params->dbus_ctrl_interface;
3283 if (params->pid_file)
3284 global->params.pid_file = os_strdup(params->pid_file);
3285 if (params->ctrl_interface)
3286 global->params.ctrl_interface =
3287 os_strdup(params->ctrl_interface);
3288 if (params->override_driver)
3289 global->params.override_driver =
3290 os_strdup(params->override_driver);
3291 if (params->override_ctrl_interface)
3292 global->params.override_ctrl_interface =
3293 os_strdup(params->override_ctrl_interface);
3294 wpa_debug_level = global->params.wpa_debug_level =
3295 params->wpa_debug_level;
3296 wpa_debug_show_keys = global->params.wpa_debug_show_keys =
3297 params->wpa_debug_show_keys;
3298 wpa_debug_timestamp = global->params.wpa_debug_timestamp =
3299 params->wpa_debug_timestamp;
3301 wpa_printf(MSG_DEBUG, "wpa_supplicant v" VERSION_STR);
3304 wpa_printf(MSG_ERROR, "Failed to initialize event loop");
3305 wpa_supplicant_deinit(global);
3309 random_init(params->entropy_file);
3311 global->ctrl_iface = wpa_supplicant_global_ctrl_iface_init(global);
3312 if (global->ctrl_iface == NULL) {
3313 wpa_supplicant_deinit(global);
3317 if (wpas_notify_supplicant_initialized(global)) {
3318 wpa_supplicant_deinit(global);
3322 for (i = 0; wpa_drivers[i]; i++)
3323 global->drv_count++;
3324 if (global->drv_count == 0) {
3325 wpa_printf(MSG_ERROR, "No drivers enabled");
3326 wpa_supplicant_deinit(global);
3329 global->drv_priv = os_zalloc(global->drv_count * sizeof(void *));
3330 if (global->drv_priv == NULL) {
3331 wpa_supplicant_deinit(global);
3335 #ifdef CONFIG_WIFI_DISPLAY
3336 if (wifi_display_init(global) < 0) {
3337 wpa_printf(MSG_ERROR, "Failed to initialize Wi-Fi Display");
3338 wpa_supplicant_deinit(global);
3341 #endif /* CONFIG_WIFI_DISPLAY */
3348 * wpa_supplicant_run - Run the %wpa_supplicant main event loop
3349 * @global: Pointer to global data from wpa_supplicant_init()
3350 * Returns: 0 after successful event loop run, -1 on failure
3352 * This function starts the main event loop and continues running as long as
3353 * there are any remaining events. In most cases, this function is running as
3354 * long as the %wpa_supplicant process in still in use.
3356 int wpa_supplicant_run(struct wpa_global *global)
3358 struct wpa_supplicant *wpa_s;
3360 if (global->params.daemonize &&
3361 wpa_supplicant_daemon(global->params.pid_file))
3364 if (global->params.wait_for_monitor) {
3365 for (wpa_s = global->ifaces; wpa_s; wpa_s = wpa_s->next)
3366 if (wpa_s->ctrl_iface)
3367 wpa_supplicant_ctrl_iface_wait(
3371 eloop_register_signal_terminate(wpa_supplicant_terminate, global);
3372 eloop_register_signal_reconfig(wpa_supplicant_reconfig, global);
3381 * wpa_supplicant_deinit - Deinitialize %wpa_supplicant
3382 * @global: Pointer to global data from wpa_supplicant_init()
3384 * This function is called to deinitialize %wpa_supplicant and to free all
3385 * allocated resources. Remaining network interfaces will also be removed.
3387 void wpa_supplicant_deinit(struct wpa_global *global)
3394 #ifdef CONFIG_WIFI_DISPLAY
3395 wifi_display_deinit(global);
3396 #endif /* CONFIG_WIFI_DISPLAY */
3398 wpas_p2p_deinit_global(global);
3399 #endif /* CONFIG_P2P */
3401 while (global->ifaces)
3402 wpa_supplicant_remove_iface(global, global->ifaces, 1);
3404 if (global->ctrl_iface)
3405 wpa_supplicant_global_ctrl_iface_deinit(global->ctrl_iface);
3407 wpas_notify_supplicant_deinitialized(global);
3409 eap_peer_unregister_methods();
3411 eap_server_unregister_methods();
3412 #endif /* CONFIG_AP */
3414 for (i = 0; wpa_drivers[i] && global->drv_priv; i++) {
3415 if (!global->drv_priv[i])
3417 wpa_drivers[i]->global_deinit(global->drv_priv[i]);
3419 os_free(global->drv_priv);
3425 if (global->params.pid_file) {
3426 os_daemonize_terminate(global->params.pid_file);
3427 os_free(global->params.pid_file);
3429 os_free(global->params.ctrl_interface);
3430 os_free(global->params.override_driver);
3431 os_free(global->params.override_ctrl_interface);
3433 os_free(global->p2p_disallow_freq);
3436 wpa_debug_close_syslog();
3437 wpa_debug_close_file();
3438 wpa_debug_close_linux_tracing();
3442 void wpa_supplicant_update_config(struct wpa_supplicant *wpa_s)
3444 if ((wpa_s->conf->changed_parameters & CFG_CHANGED_COUNTRY) &&
3445 wpa_s->conf->country[0] && wpa_s->conf->country[1]) {
3447 country[0] = wpa_s->conf->country[0];
3448 country[1] = wpa_s->conf->country[1];
3450 if (wpa_drv_set_country(wpa_s, country) < 0) {
3451 wpa_printf(MSG_ERROR, "Failed to set country code "
3456 if (wpa_s->conf->changed_parameters & CFG_CHANGED_EXT_PW_BACKEND)
3457 wpas_init_ext_pw(wpa_s);
3460 wpas_wps_update_config(wpa_s);
3461 #endif /* CONFIG_WPS */
3464 wpas_p2p_update_config(wpa_s);
3465 #endif /* CONFIG_P2P */
3467 wpa_s->conf->changed_parameters = 0;
3471 static void add_freq(int *freqs, int *num_freqs, int freq)
3475 for (i = 0; i < *num_freqs; i++) {
3476 if (freqs[i] == freq)
3480 freqs[*num_freqs] = freq;
3485 static int * get_bss_freqs_in_ess(struct wpa_supplicant *wpa_s)
3487 struct wpa_bss *bss, *cbss;
3488 const int max_freqs = 10;
3492 freqs = os_zalloc(sizeof(int) * (max_freqs + 1));
3496 cbss = wpa_s->current_bss;
3498 dl_list_for_each(bss, &wpa_s->bss, struct wpa_bss, list) {
3501 if (bss->ssid_len == cbss->ssid_len &&
3502 os_memcmp(bss->ssid, cbss->ssid, bss->ssid_len) == 0 &&
3503 wpa_blacklist_get(wpa_s, bss->bssid) == NULL) {
3504 add_freq(freqs, &num_freqs, bss->freq);
3505 if (num_freqs == max_freqs)
3510 if (num_freqs == 0) {
3519 void wpas_connection_failed(struct wpa_supplicant *wpa_s, const u8 *bssid)
3526 * Remove possible authentication timeout since the connection failed.
3528 eloop_cancel_timeout(wpa_supplicant_timeout, wpa_s, NULL);
3531 * Add the failed BSSID into the blacklist and speed up next scan
3532 * attempt if there could be other APs that could accept association.
3533 * The current blacklist count indicates how many times we have tried
3534 * connecting to this AP and multiple attempts mean that other APs are
3535 * either not available or has already been tried, so that we can start
3536 * increasing the delay here to avoid constant scanning.
3538 count = wpa_blacklist_add(wpa_s, bssid);
3539 if (count == 1 && wpa_s->current_bss) {
3541 * This BSS was not in the blacklist before. If there is
3542 * another BSS available for the same ESS, we should try that
3543 * next. Otherwise, we may as well try this one once more
3544 * before allowing other, likely worse, ESSes to be considered.
3546 freqs = get_bss_freqs_in_ess(wpa_s);
3548 wpa_dbg(wpa_s, MSG_DEBUG, "Another BSS in this ESS "
3549 "has been seen; try it next");
3550 wpa_blacklist_add(wpa_s, bssid);
3552 * On the next scan, go through only the known channels
3553 * used in this ESS based on previous scans to speed up
3554 * common load balancing use case.
3556 os_free(wpa_s->next_scan_freqs);
3557 wpa_s->next_scan_freqs = freqs;
3562 * Add previous failure count in case the temporary blacklist was
3563 * cleared due to no other BSSes being available.
3565 count += wpa_s->extra_blacklist_count;
3585 wpa_dbg(wpa_s, MSG_DEBUG, "Blacklist count %d --> request scan in %d "
3586 "ms", count, timeout);
3589 * TODO: if more than one possible AP is available in scan results,
3590 * could try the other ones before requesting a new scan.
3592 wpa_supplicant_req_scan(wpa_s, timeout / 1000,
3593 1000 * (timeout % 1000));
3595 wpas_p2p_continue_after_scan(wpa_s);
3599 int wpas_driver_bss_selection(struct wpa_supplicant *wpa_s)
3601 return wpa_s->conf->ap_scan == 2 ||
3602 (wpa_s->drv_flags & WPA_DRIVER_FLAGS_BSS_SELECTION);
3606 #if defined(CONFIG_CTRL_IFACE) || defined(CONFIG_CTRL_IFACE_DBUS_NEW)
3607 int wpa_supplicant_ctrl_iface_ctrl_rsp_handle(struct wpa_supplicant *wpa_s,
3608 struct wpa_ssid *ssid,
3612 #ifdef IEEE8021X_EAPOL
3613 struct eap_peer_config *eap = &ssid->eap;
3615 wpa_printf(MSG_DEBUG, "CTRL_IFACE: response handle field=%s", field);
3616 wpa_hexdump_ascii_key(MSG_DEBUG, "CTRL_IFACE: response value",
3617 (const u8 *) value, os_strlen(value));
3619 switch (wpa_supplicant_ctrl_req_from_string(field)) {
3620 case WPA_CTRL_REQ_EAP_IDENTITY:
3621 os_free(eap->identity);
3622 eap->identity = (u8 *) os_strdup(value);
3623 eap->identity_len = os_strlen(value);
3624 eap->pending_req_identity = 0;
3625 if (ssid == wpa_s->current_ssid)
3626 wpa_s->reassociate = 1;
3628 case WPA_CTRL_REQ_EAP_PASSWORD:
3629 os_free(eap->password);
3630 eap->password = (u8 *) os_strdup(value);
3631 eap->password_len = os_strlen(value);
3632 eap->pending_req_password = 0;
3633 if (ssid == wpa_s->current_ssid)
3634 wpa_s->reassociate = 1;
3636 case WPA_CTRL_REQ_EAP_NEW_PASSWORD:
3637 os_free(eap->new_password);
3638 eap->new_password = (u8 *) os_strdup(value);
3639 eap->new_password_len = os_strlen(value);
3640 eap->pending_req_new_password = 0;
3641 if (ssid == wpa_s->current_ssid)
3642 wpa_s->reassociate = 1;
3644 case WPA_CTRL_REQ_EAP_PIN:
3646 eap->pin = os_strdup(value);
3647 eap->pending_req_pin = 0;
3648 if (ssid == wpa_s->current_ssid)
3649 wpa_s->reassociate = 1;
3651 case WPA_CTRL_REQ_EAP_OTP:
3653 eap->otp = (u8 *) os_strdup(value);
3654 eap->otp_len = os_strlen(value);
3655 os_free(eap->pending_req_otp);
3656 eap->pending_req_otp = NULL;
3657 eap->pending_req_otp_len = 0;
3659 case WPA_CTRL_REQ_EAP_PASSPHRASE:
3660 os_free(eap->private_key_passwd);
3661 eap->private_key_passwd = (u8 *) os_strdup(value);
3662 eap->pending_req_passphrase = 0;
3663 if (ssid == wpa_s->current_ssid)
3664 wpa_s->reassociate = 1;
3667 wpa_printf(MSG_DEBUG, "CTRL_IFACE: Unknown field '%s'", field);
3672 #else /* IEEE8021X_EAPOL */
3673 wpa_printf(MSG_DEBUG, "CTRL_IFACE: IEEE 802.1X not included");
3675 #endif /* IEEE8021X_EAPOL */
3677 #endif /* CONFIG_CTRL_IFACE || CONFIG_CTRL_IFACE_DBUS_NEW */
3680 int wpas_network_disabled(struct wpa_supplicant *wpa_s, struct wpa_ssid *ssid)
3683 unsigned int drv_enc;
3691 if (wpa_s && wpa_s->drv_capa_known)
3692 drv_enc = wpa_s->drv_enc;
3694 drv_enc = (unsigned int) -1;
3696 for (i = 0; i < NUM_WEP_KEYS; i++) {
3697 size_t len = ssid->wep_key_len[i];
3700 if (len == 5 && (drv_enc & WPA_DRIVER_CAPA_ENC_WEP40))
3702 if (len == 13 && (drv_enc & WPA_DRIVER_CAPA_ENC_WEP104))
3704 if (len == 16 && (drv_enc & WPA_DRIVER_CAPA_ENC_WEP128))
3706 return 1; /* invalid WEP key */
3709 if (wpa_key_mgmt_wpa_psk(ssid->key_mgmt) && !ssid->psk_set &&
3717 int wpas_is_p2p_prioritized(struct wpa_supplicant *wpa_s)
3719 if (wpa_s->global->conc_pref == WPA_CONC_PREF_P2P)
3721 if (wpa_s->global->conc_pref == WPA_CONC_PREF_STA)
3727 void wpas_auth_failed(struct wpa_supplicant *wpa_s)
3729 struct wpa_ssid *ssid = wpa_s->current_ssid;
3734 wpa_printf(MSG_DEBUG, "Authentication failure but no known "
3739 if (ssid->key_mgmt == WPA_KEY_MGMT_WPS)
3742 ssid->auth_failures++;
3743 if (ssid->auth_failures > 50)
3745 else if (ssid->auth_failures > 20)
3747 else if (ssid->auth_failures > 10)
3749 else if (ssid->auth_failures > 5)
3751 else if (ssid->auth_failures > 1)
3757 if (now.sec + dur <= ssid->disabled_until.sec)
3760 ssid->disabled_until.sec = now.sec + dur;
3762 wpa_msg(wpa_s, MSG_INFO, WPA_EVENT_TEMP_DISABLED
3763 "id=%d ssid=\"%s\" auth_failures=%u duration=%d",
3764 ssid->id, wpa_ssid_txt(ssid->ssid, ssid->ssid_len),
3765 ssid->auth_failures, dur);
3769 void wpas_clear_temp_disabled(struct wpa_supplicant *wpa_s,
3770 struct wpa_ssid *ssid, int clear_failures)
3775 if (ssid->disabled_until.sec) {
3776 wpa_msg(wpa_s, MSG_INFO, WPA_EVENT_REENABLED
3777 "id=%d ssid=\"%s\"",
3778 ssid->id, wpa_ssid_txt(ssid->ssid, ssid->ssid_len));
3780 ssid->disabled_until.sec = 0;
3781 ssid->disabled_until.usec = 0;
3783 ssid->auth_failures = 0;
3787 int disallowed_bssid(struct wpa_supplicant *wpa_s, const u8 *bssid)
3791 if (wpa_s->disallow_aps_bssid == NULL)
3794 for (i = 0; i < wpa_s->disallow_aps_bssid_count; i++) {
3795 if (os_memcmp(wpa_s->disallow_aps_bssid + i * ETH_ALEN,
3796 bssid, ETH_ALEN) == 0)
3804 int disallowed_ssid(struct wpa_supplicant *wpa_s, const u8 *ssid,
3809 if (wpa_s->disallow_aps_ssid == NULL || ssid == NULL)
3812 for (i = 0; i < wpa_s->disallow_aps_ssid_count; i++) {
3813 struct wpa_ssid_value *s = &wpa_s->disallow_aps_ssid[i];
3814 if (ssid_len == s->ssid_len &&
3815 os_memcmp(ssid, s->ssid, ssid_len) == 0)
3824 * wpas_request_connection - Request a new connection
3825 * @wpa_s: Pointer to the network interface
3827 * This function is used to request a new connection to be found. It will mark
3828 * the interface to allow reassociation and request a new scan to find a
3829 * suitable network to connect to.
3831 void wpas_request_connection(struct wpa_supplicant *wpa_s)
3833 wpa_s->normal_scans = 0;
3834 wpa_supplicant_reinit_autoscan(wpa_s);
3835 wpa_s->extra_blacklist_count = 0;
3836 wpa_s->disconnected = 0;
3837 wpa_s->reassociate = 1;
3839 if (wpa_supplicant_fast_associate(wpa_s) != 1)
3840 wpa_supplicant_req_scan(wpa_s, 0, 0);
projects / mech_eap.git / blob