3 * Copyright (c) 2003-2010, Jouni Malinen <j@w1.fi>
5 * This program is free software; you can redistribute it and/or modify
6 * it under the terms of the GNU General Public License version 2 as
7 * published by the Free Software Foundation.
9 * Alternatively, this software may be distributed under the terms of BSD
12 * See README and COPYING for more details.
14 * This file implements functions for registering and unregistering
15 * %wpa_supplicant interfaces. In addition, this file contains number of
16 * functions for managing network connections.
22 #include "eapol_supp/eapol_supp_sm.h"
23 #include "eap_peer/eap.h"
24 #include "eap_server/eap_methods.h"
25 #include "rsn_supp/wpa.h"
28 #include "l2_packet/l2_packet.h"
29 #include "wpa_supplicant_i.h"
31 #include "ctrl_iface.h"
32 #include "pcsc_funcs.h"
33 #include "common/version.h"
34 #include "rsn_supp/preauth.h"
35 #include "rsn_supp/pmksa_cache.h"
36 #include "common/wpa_ctrl.h"
38 #include "common/ieee802_11_defs.h"
39 #include "blacklist.h"
40 #include "wpas_glue.h"
41 #include "wps_supplicant.h"
45 #include "p2p_supplicant.h"
51 const char *wpa_supplicant_version =
52 "wpa_supplicant v" VERSION_STR "\n"
53 "Copyright (c) 2003-2010, Jouni Malinen <j@w1.fi> and contributors";
55 const char *wpa_supplicant_license =
56 "This program is free software. You can distribute it and/or modify it\n"
57 "under the terms of the GNU General Public License version 2.\n"
59 "Alternatively, this software may be distributed under the terms of the\n"
60 "BSD license. See README and COPYING for more details.\n"
61 #ifdef EAP_TLS_OPENSSL
62 "\nThis product includes software developed by the OpenSSL Project\n"
63 "for use in the OpenSSL Toolkit (http://www.openssl.org/)\n"
64 #endif /* EAP_TLS_OPENSSL */
67 #ifndef CONFIG_NO_STDOUT_DEBUG
68 /* Long text divided into parts in order to fit in C89 strings size limits. */
69 const char *wpa_supplicant_full_license1 =
70 "This program is free software; you can redistribute it and/or modify\n"
71 "it under the terms of the GNU General Public License version 2 as\n"
72 "published by the Free Software Foundation.\n"
74 "This program is distributed in the hope that it will be useful,\n"
75 "but WITHOUT ANY WARRANTY; without even the implied warranty of\n"
76 "MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n"
77 "GNU General Public License for more details.\n"
79 const char *wpa_supplicant_full_license2 =
80 "You should have received a copy of the GNU General Public License\n"
81 "along with this program; if not, write to the Free Software\n"
82 "Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA\n"
84 "Alternatively, this software may be distributed under the terms of the\n"
87 "Redistribution and use in source and binary forms, with or without\n"
88 "modification, are permitted provided that the following conditions are\n"
91 const char *wpa_supplicant_full_license3 =
92 "1. Redistributions of source code must retain the above copyright\n"
93 " notice, this list of conditions and the following disclaimer.\n"
95 "2. Redistributions in binary form must reproduce the above copyright\n"
96 " notice, this list of conditions and the following disclaimer in the\n"
97 " documentation and/or other materials provided with the distribution.\n"
99 const char *wpa_supplicant_full_license4 =
100 "3. Neither the name(s) of the above-listed copyright holder(s) nor the\n"
101 " names of its contributors may be used to endorse or promote products\n"
102 " derived from this software without specific prior written permission.\n"
104 "THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS\n"
105 "\"AS IS\" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT\n"
106 "LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR\n"
107 "A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT\n";
108 const char *wpa_supplicant_full_license5 =
109 "OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,\n"
110 "SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT\n"
111 "LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,\n"
112 "DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY\n"
113 "THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT\n"
114 "(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE\n"
115 "OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n"
117 #endif /* CONFIG_NO_STDOUT_DEBUG */
119 extern int wpa_debug_level;
120 extern int wpa_debug_show_keys;
121 extern int wpa_debug_timestamp;
122 extern struct wpa_driver_ops *wpa_drivers[];
124 /* Configure default/group WEP keys for static WEP */
125 int wpa_set_wep_keys(struct wpa_supplicant *wpa_s, struct wpa_ssid *ssid)
129 for (i = 0; i < NUM_WEP_KEYS; i++) {
130 if (ssid->wep_key_len[i] == 0)
134 wpa_drv_set_key(wpa_s, WPA_ALG_WEP,
135 (u8 *) "\xff\xff\xff\xff\xff\xff",
136 i, i == ssid->wep_tx_keyidx, (u8 *) "", 0,
137 ssid->wep_key[i], ssid->wep_key_len[i]);
144 static int wpa_supplicant_set_wpa_none_key(struct wpa_supplicant *wpa_s,
145 struct wpa_ssid *ssid)
152 /* IBSS/WPA-None uses only one key (Group) for both receiving and
153 * sending unicast and multicast packets. */
155 if (ssid->mode != WPAS_MODE_IBSS) {
156 wpa_printf(MSG_INFO, "WPA: Invalid mode %d (not IBSS/ad-hoc) "
157 "for WPA-None", ssid->mode);
161 if (!ssid->psk_set) {
162 wpa_printf(MSG_INFO, "WPA: No PSK configured for WPA-None");
166 switch (wpa_s->group_cipher) {
167 case WPA_CIPHER_CCMP:
168 os_memcpy(key, ssid->psk, 16);
172 case WPA_CIPHER_TKIP:
173 /* WPA-None uses the same Michael MIC key for both TX and RX */
174 os_memcpy(key, ssid->psk, 16 + 8);
175 os_memcpy(key + 16 + 8, ssid->psk + 16, 8);
180 wpa_printf(MSG_INFO, "WPA: Invalid group cipher %d for "
181 "WPA-None", wpa_s->group_cipher);
185 /* TODO: should actually remember the previously used seq#, both for TX
186 * and RX from each STA.. */
188 return wpa_drv_set_key(wpa_s, alg, (u8 *) "\xff\xff\xff\xff\xff\xff",
189 0, 1, seq, 6, key, keylen);
193 static void wpa_supplicant_timeout(void *eloop_ctx, void *timeout_ctx)
195 struct wpa_supplicant *wpa_s = eloop_ctx;
196 const u8 *bssid = wpa_s->bssid;
197 if (is_zero_ether_addr(bssid))
198 bssid = wpa_s->pending_bssid;
199 wpa_msg(wpa_s, MSG_INFO, "Authentication with " MACSTR " timed out.",
201 wpa_blacklist_add(wpa_s, bssid);
202 wpa_sm_notify_disassoc(wpa_s->wpa);
203 wpa_supplicant_disassociate(wpa_s, WLAN_REASON_DEAUTH_LEAVING);
204 wpa_s->reassociate = 1;
205 wpa_supplicant_req_scan(wpa_s, 0, 0);
210 * wpa_supplicant_req_auth_timeout - Schedule a timeout for authentication
211 * @wpa_s: Pointer to wpa_supplicant data
212 * @sec: Number of seconds after which to time out authentication
213 * @usec: Number of microseconds after which to time out authentication
215 * This function is used to schedule a timeout for the current authentication
218 void wpa_supplicant_req_auth_timeout(struct wpa_supplicant *wpa_s,
221 if (wpa_s->conf && wpa_s->conf->ap_scan == 0 &&
222 (wpa_s->drv_flags & WPA_DRIVER_FLAGS_WIRED))
225 wpa_msg(wpa_s, MSG_DEBUG, "Setting authentication timeout: %d sec "
226 "%d usec", sec, usec);
227 eloop_cancel_timeout(wpa_supplicant_timeout, wpa_s, NULL);
228 eloop_register_timeout(sec, usec, wpa_supplicant_timeout, wpa_s, NULL);
233 * wpa_supplicant_cancel_auth_timeout - Cancel authentication timeout
234 * @wpa_s: Pointer to wpa_supplicant data
236 * This function is used to cancel authentication timeout scheduled with
237 * wpa_supplicant_req_auth_timeout() and it is called when authentication has
240 void wpa_supplicant_cancel_auth_timeout(struct wpa_supplicant *wpa_s)
242 wpa_msg(wpa_s, MSG_DEBUG, "Cancelling authentication timeout");
243 eloop_cancel_timeout(wpa_supplicant_timeout, wpa_s, NULL);
244 wpa_blacklist_del(wpa_s, wpa_s->bssid);
249 * wpa_supplicant_initiate_eapol - Configure EAPOL state machine
250 * @wpa_s: Pointer to wpa_supplicant data
252 * This function is used to configure EAPOL state machine based on the selected
253 * authentication mode.
255 void wpa_supplicant_initiate_eapol(struct wpa_supplicant *wpa_s)
257 #ifdef IEEE8021X_EAPOL
258 struct eapol_config eapol_conf;
259 struct wpa_ssid *ssid = wpa_s->current_ssid;
261 #ifdef CONFIG_IBSS_RSN
262 if (ssid->mode == WPAS_MODE_IBSS &&
263 wpa_s->key_mgmt != WPA_KEY_MGMT_NONE &&
264 wpa_s->key_mgmt != WPA_KEY_MGMT_WPA_NONE) {
266 * RSN IBSS authentication is per-STA and we can disable the
267 * per-BSSID EAPOL authentication.
269 eapol_sm_notify_portControl(wpa_s->eapol, ForceAuthorized);
270 eapol_sm_notify_eap_success(wpa_s->eapol, TRUE);
271 eapol_sm_notify_eap_fail(wpa_s->eapol, FALSE);
274 #endif /* CONFIG_IBSS_RSN */
276 eapol_sm_notify_eap_success(wpa_s->eapol, FALSE);
277 eapol_sm_notify_eap_fail(wpa_s->eapol, FALSE);
279 if (wpa_s->key_mgmt == WPA_KEY_MGMT_NONE ||
280 wpa_s->key_mgmt == WPA_KEY_MGMT_WPA_NONE)
281 eapol_sm_notify_portControl(wpa_s->eapol, ForceAuthorized);
283 eapol_sm_notify_portControl(wpa_s->eapol, Auto);
285 os_memset(&eapol_conf, 0, sizeof(eapol_conf));
286 if (wpa_s->key_mgmt == WPA_KEY_MGMT_IEEE8021X_NO_WPA) {
287 eapol_conf.accept_802_1x_keys = 1;
288 eapol_conf.required_keys = 0;
289 if (ssid->eapol_flags & EAPOL_FLAG_REQUIRE_KEY_UNICAST) {
290 eapol_conf.required_keys |= EAPOL_REQUIRE_KEY_UNICAST;
292 if (ssid->eapol_flags & EAPOL_FLAG_REQUIRE_KEY_BROADCAST) {
293 eapol_conf.required_keys |=
294 EAPOL_REQUIRE_KEY_BROADCAST;
297 if (wpa_s->conf && (wpa_s->drv_flags & WPA_DRIVER_FLAGS_WIRED))
298 eapol_conf.required_keys = 0;
301 eapol_conf.fast_reauth = wpa_s->conf->fast_reauth;
302 eapol_conf.workaround = ssid->eap_workaround;
303 eapol_conf.eap_disabled =
304 !wpa_key_mgmt_wpa_ieee8021x(wpa_s->key_mgmt) &&
305 wpa_s->key_mgmt != WPA_KEY_MGMT_IEEE8021X_NO_WPA &&
306 wpa_s->key_mgmt != WPA_KEY_MGMT_WPS;
307 eapol_sm_notify_config(wpa_s->eapol, &ssid->eap, &eapol_conf);
308 #endif /* IEEE8021X_EAPOL */
313 * wpa_supplicant_set_non_wpa_policy - Set WPA parameters to non-WPA mode
314 * @wpa_s: Pointer to wpa_supplicant data
315 * @ssid: Configuration data for the network
317 * This function is used to configure WPA state machine and related parameters
318 * to a mode where WPA is not enabled. This is called as part of the
319 * authentication configuration when the selected network does not use WPA.
321 void wpa_supplicant_set_non_wpa_policy(struct wpa_supplicant *wpa_s,
322 struct wpa_ssid *ssid)
326 if (ssid->key_mgmt & WPA_KEY_MGMT_WPS)
327 wpa_s->key_mgmt = WPA_KEY_MGMT_WPS;
328 else if (ssid->key_mgmt & WPA_KEY_MGMT_IEEE8021X_NO_WPA)
329 wpa_s->key_mgmt = WPA_KEY_MGMT_IEEE8021X_NO_WPA;
331 wpa_s->key_mgmt = WPA_KEY_MGMT_NONE;
332 wpa_sm_set_ap_wpa_ie(wpa_s->wpa, NULL, 0);
333 wpa_sm_set_ap_rsn_ie(wpa_s->wpa, NULL, 0);
334 wpa_sm_set_assoc_wpa_ie(wpa_s->wpa, NULL, 0);
335 wpa_s->pairwise_cipher = WPA_CIPHER_NONE;
336 wpa_s->group_cipher = WPA_CIPHER_NONE;
337 wpa_s->mgmt_group_cipher = 0;
339 for (i = 0; i < NUM_WEP_KEYS; i++) {
340 if (ssid->wep_key_len[i] > 5) {
341 wpa_s->pairwise_cipher = WPA_CIPHER_WEP104;
342 wpa_s->group_cipher = WPA_CIPHER_WEP104;
344 } else if (ssid->wep_key_len[i] > 0) {
345 wpa_s->pairwise_cipher = WPA_CIPHER_WEP40;
346 wpa_s->group_cipher = WPA_CIPHER_WEP40;
351 wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_RSN_ENABLED, 0);
352 wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_KEY_MGMT, wpa_s->key_mgmt);
353 wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_PAIRWISE,
354 wpa_s->pairwise_cipher);
355 wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_GROUP, wpa_s->group_cipher);
356 #ifdef CONFIG_IEEE80211W
357 wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_MGMT_GROUP,
358 wpa_s->mgmt_group_cipher);
359 #endif /* CONFIG_IEEE80211W */
361 pmksa_cache_clear_current(wpa_s->wpa);
365 static void wpa_supplicant_cleanup(struct wpa_supplicant *wpa_s)
367 bgscan_deinit(wpa_s);
368 scard_deinit(wpa_s->scard);
370 wpa_sm_set_scard_ctx(wpa_s->wpa, NULL);
371 eapol_sm_register_scard_ctx(wpa_s->eapol, NULL);
372 l2_packet_deinit(wpa_s->l2);
375 l2_packet_deinit(wpa_s->l2_br);
379 if (wpa_s->ctrl_iface) {
380 wpa_supplicant_ctrl_iface_deinit(wpa_s->ctrl_iface);
381 wpa_s->ctrl_iface = NULL;
383 if (wpa_s->conf != NULL) {
384 struct wpa_ssid *ssid;
385 for (ssid = wpa_s->conf->ssid; ssid; ssid = ssid->next)
386 wpas_notify_network_removed(wpa_s, ssid);
387 wpa_config_free(wpa_s->conf);
391 os_free(wpa_s->confname);
392 wpa_s->confname = NULL;
394 wpa_sm_set_eapol(wpa_s->wpa, NULL);
395 eapol_sm_deinit(wpa_s->eapol);
398 rsn_preauth_deinit(wpa_s->wpa);
400 pmksa_candidate_free(wpa_s->wpa);
401 wpa_sm_deinit(wpa_s->wpa);
403 wpa_blacklist_clear(wpa_s);
405 wpa_bss_deinit(wpa_s);
407 wpa_supplicant_cancel_scan(wpa_s);
408 wpa_supplicant_cancel_auth_timeout(wpa_s);
410 ieee80211_sta_deinit(wpa_s);
412 wpas_wps_deinit(wpa_s);
414 wpabuf_free(wpa_s->pending_eapol_rx);
415 wpa_s->pending_eapol_rx = NULL;
417 #ifdef CONFIG_IBSS_RSN
418 ibss_rsn_deinit(wpa_s->ibss_rsn);
419 wpa_s->ibss_rsn = NULL;
420 #endif /* CONFIG_IBSS_RSN */
423 os_free(wpa_s->sme.ft_ies);
424 wpa_s->sme.ft_ies = NULL;
425 wpa_s->sme.ft_ies_len = 0;
426 #endif /* CONFIG_SME */
429 wpa_supplicant_ap_deinit(wpa_s);
430 #endif /* CONFIG_AP */
433 wpas_p2p_deinit(wpa_s);
434 #endif /* CONFIG_P2P */
439 * wpa_clear_keys - Clear keys configured for the driver
440 * @wpa_s: Pointer to wpa_supplicant data
441 * @addr: Previously used BSSID or %NULL if not available
443 * This function clears the encryption keys that has been previously configured
446 void wpa_clear_keys(struct wpa_supplicant *wpa_s, const u8 *addr)
448 u8 *bcast = (u8 *) "\xff\xff\xff\xff\xff\xff";
450 if (wpa_s->keys_cleared) {
451 /* Some drivers (e.g., ndiswrapper & NDIS drivers) seem to have
452 * timing issues with keys being cleared just before new keys
453 * are set or just after association or something similar. This
454 * shows up in group key handshake failing often because of the
455 * client not receiving the first encrypted packets correctly.
456 * Skipping some of the extra key clearing steps seems to help
457 * in completing group key handshake more reliably. */
458 wpa_printf(MSG_DEBUG, "No keys have been configured - "
459 "skip key clearing");
463 /* MLME-DELETEKEYS.request */
464 wpa_drv_set_key(wpa_s, WPA_ALG_NONE, bcast, 0, 0, NULL, 0, NULL, 0);
465 wpa_drv_set_key(wpa_s, WPA_ALG_NONE, bcast, 1, 0, NULL, 0, NULL, 0);
466 wpa_drv_set_key(wpa_s, WPA_ALG_NONE, bcast, 2, 0, NULL, 0, NULL, 0);
467 wpa_drv_set_key(wpa_s, WPA_ALG_NONE, bcast, 3, 0, NULL, 0, NULL, 0);
468 #ifdef CONFIG_IEEE80211W
469 wpa_drv_set_key(wpa_s, WPA_ALG_NONE, bcast, 4, 0, NULL, 0, NULL, 0);
470 wpa_drv_set_key(wpa_s, WPA_ALG_NONE, bcast, 5, 0, NULL, 0, NULL, 0);
471 #endif /* CONFIG_IEEE80211W */
473 wpa_drv_set_key(wpa_s, WPA_ALG_NONE, addr, 0, 0, NULL, 0, NULL,
475 /* MLME-SETPROTECTION.request(None) */
476 wpa_drv_mlme_setprotection(
478 MLME_SETPROTECTION_PROTECT_TYPE_NONE,
479 MLME_SETPROTECTION_KEY_TYPE_PAIRWISE);
481 wpa_s->keys_cleared = 1;
486 * wpa_supplicant_state_txt - Get the connection state name as a text string
487 * @state: State (wpa_state; WPA_*)
488 * Returns: The state name as a printable text string
490 const char * wpa_supplicant_state_txt(enum wpa_states state)
493 case WPA_DISCONNECTED:
494 return "DISCONNECTED";
497 case WPA_INTERFACE_DISABLED:
498 return "INTERFACE_DISABLED";
501 case WPA_AUTHENTICATING:
502 return "AUTHENTICATING";
503 case WPA_ASSOCIATING:
504 return "ASSOCIATING";
507 case WPA_4WAY_HANDSHAKE:
508 return "4WAY_HANDSHAKE";
509 case WPA_GROUP_HANDSHAKE:
510 return "GROUP_HANDSHAKE";
520 * wpa_supplicant_set_state - Set current connection state
521 * @wpa_s: Pointer to wpa_supplicant data
522 * @state: The new connection state
524 * This function is called whenever the connection state changes, e.g.,
525 * association is completed for WPA/WPA2 4-Way Handshake is started.
527 void wpa_supplicant_set_state(struct wpa_supplicant *wpa_s,
528 enum wpa_states state)
530 enum wpa_states old_state = wpa_s->wpa_state;
532 wpa_printf(MSG_DEBUG, "State: %s -> %s",
533 wpa_supplicant_state_txt(wpa_s->wpa_state),
534 wpa_supplicant_state_txt(state));
536 if (state != WPA_SCANNING)
537 wpa_supplicant_notify_scanning(wpa_s, 0);
539 if (state == WPA_COMPLETED && wpa_s->new_connection) {
540 #if defined(CONFIG_CTRL_IFACE) || !defined(CONFIG_NO_STDOUT_DEBUG)
541 struct wpa_ssid *ssid = wpa_s->current_ssid;
542 wpa_msg(wpa_s, MSG_INFO, WPA_EVENT_CONNECTED "- Connection to "
543 MACSTR " completed %s [id=%d id_str=%s]",
544 MAC2STR(wpa_s->bssid), wpa_s->reassociated_connection ?
545 "(reauth)" : "(auth)",
546 ssid ? ssid->id : -1,
547 ssid && ssid->id_str ? ssid->id_str : "");
548 #endif /* CONFIG_CTRL_IFACE || !CONFIG_NO_STDOUT_DEBUG */
549 wpa_s->new_connection = 0;
550 wpa_s->reassociated_connection = 1;
551 wpa_drv_set_operstate(wpa_s, 1);
552 wpa_s->after_wps = 0;
554 wpas_p2p_completed(wpa_s);
555 #endif /* CONFIG_P2P */
556 } else if (state == WPA_DISCONNECTED || state == WPA_ASSOCIATING ||
557 state == WPA_ASSOCIATED) {
558 wpa_s->new_connection = 1;
559 wpa_drv_set_operstate(wpa_s, 0);
561 wpa_s->wpa_state = state;
563 if (wpa_s->wpa_state != old_state)
564 wpas_notify_state_changed(wpa_s, wpa_s->wpa_state, old_state);
568 void wpa_supplicant_terminate_proc(struct wpa_global *global)
572 struct wpa_supplicant *wpa_s = global->ifaces;
574 if (wpas_wps_terminate_pending(wpa_s) == 1)
578 #endif /* CONFIG_WPS */
585 static void wpa_supplicant_terminate(int sig, void *signal_ctx)
587 struct wpa_global *global = signal_ctx;
588 struct wpa_supplicant *wpa_s;
589 for (wpa_s = global->ifaces; wpa_s; wpa_s = wpa_s->next) {
590 wpa_msg(wpa_s, MSG_INFO, WPA_EVENT_TERMINATING "- signal %d "
593 wpa_supplicant_terminate_proc(global);
597 void wpa_supplicant_clear_status(struct wpa_supplicant *wpa_s)
599 enum wpa_states old_state = wpa_s->wpa_state;
601 wpa_s->pairwise_cipher = 0;
602 wpa_s->group_cipher = 0;
603 wpa_s->mgmt_group_cipher = 0;
605 if (wpa_s->wpa_state != WPA_INTERFACE_DISABLED)
606 wpa_s->wpa_state = WPA_DISCONNECTED;
608 if (wpa_s->wpa_state != old_state)
609 wpas_notify_state_changed(wpa_s, wpa_s->wpa_state, old_state);
614 * wpa_supplicant_reload_configuration - Reload configuration data
615 * @wpa_s: Pointer to wpa_supplicant data
616 * Returns: 0 on success or -1 if configuration parsing failed
618 * This function can be used to request that the configuration data is reloaded
619 * (e.g., after configuration file change). This function is reloading
620 * configuration only for one interface, so this may need to be called multiple
621 * times if %wpa_supplicant is controlling multiple interfaces and all
622 * interfaces need reconfiguration.
624 int wpa_supplicant_reload_configuration(struct wpa_supplicant *wpa_s)
626 struct wpa_config *conf;
627 struct wpa_ssid *old_ssid;
631 if (wpa_s->confname == NULL)
633 conf = wpa_config_read(wpa_s->confname);
635 wpa_msg(wpa_s, MSG_ERROR, "Failed to parse the configuration "
636 "file '%s' - exiting", wpa_s->confname);
639 conf->changed_parameters = (unsigned int) -1;
641 reconf_ctrl = !!conf->ctrl_interface != !!wpa_s->conf->ctrl_interface
642 || (conf->ctrl_interface && wpa_s->conf->ctrl_interface &&
643 os_strcmp(conf->ctrl_interface,
644 wpa_s->conf->ctrl_interface) != 0);
646 if (reconf_ctrl && wpa_s->ctrl_iface) {
647 wpa_supplicant_ctrl_iface_deinit(wpa_s->ctrl_iface);
648 wpa_s->ctrl_iface = NULL;
651 eapol_sm_invalidate_cached_session(wpa_s->eapol);
652 old_ssid = wpa_s->current_ssid;
653 wpa_s->current_ssid = NULL;
654 if (old_ssid != wpa_s->current_ssid)
655 wpas_notify_network_changed(wpa_s);
658 * TODO: should notify EAPOL SM about changes in opensc_engine_path,
659 * pkcs11_engine_path, pkcs11_module_path.
661 if (wpa_key_mgmt_wpa_psk(wpa_s->key_mgmt)) {
663 * Clear forced success to clear EAP state for next
666 eapol_sm_notify_eap_success(wpa_s->eapol, FALSE);
668 eapol_sm_notify_config(wpa_s->eapol, NULL, NULL);
669 wpa_sm_set_config(wpa_s->wpa, NULL);
670 wpa_sm_set_fast_reauth(wpa_s->wpa, wpa_s->conf->fast_reauth);
671 rsn_preauth_deinit(wpa_s->wpa);
673 old_ap_scan = wpa_s->conf->ap_scan;
674 wpa_config_free(wpa_s->conf);
676 if (old_ap_scan != wpa_s->conf->ap_scan)
677 wpas_notify_ap_scan_changed(wpa_s);
680 wpa_s->ctrl_iface = wpa_supplicant_ctrl_iface_init(wpa_s);
682 wpa_supplicant_update_config(wpa_s);
684 wpa_supplicant_clear_status(wpa_s);
685 wpa_s->reassociate = 1;
686 wpa_supplicant_req_scan(wpa_s, 0, 0);
687 wpa_msg(wpa_s, MSG_DEBUG, "Reconfiguration completed");
692 static void wpa_supplicant_reconfig(int sig, void *signal_ctx)
694 struct wpa_global *global = signal_ctx;
695 struct wpa_supplicant *wpa_s;
696 wpa_printf(MSG_DEBUG, "Signal %d received - reconfiguring", sig);
697 for (wpa_s = global->ifaces; wpa_s; wpa_s = wpa_s->next) {
698 if (wpa_supplicant_reload_configuration(wpa_s) < 0) {
699 wpa_supplicant_terminate_proc(global);
705 enum wpa_cipher cipher_suite2driver(int cipher)
708 case WPA_CIPHER_NONE:
710 case WPA_CIPHER_WEP40:
712 case WPA_CIPHER_WEP104:
713 return CIPHER_WEP104;
714 case WPA_CIPHER_CCMP:
716 case WPA_CIPHER_TKIP:
723 enum wpa_key_mgmt key_mgmt2driver(int key_mgmt)
726 case WPA_KEY_MGMT_NONE:
727 return KEY_MGMT_NONE;
728 case WPA_KEY_MGMT_IEEE8021X_NO_WPA:
729 return KEY_MGMT_802_1X_NO_WPA;
730 case WPA_KEY_MGMT_IEEE8021X:
731 return KEY_MGMT_802_1X;
732 case WPA_KEY_MGMT_WPA_NONE:
733 return KEY_MGMT_WPA_NONE;
734 case WPA_KEY_MGMT_FT_IEEE8021X:
735 return KEY_MGMT_FT_802_1X;
736 case WPA_KEY_MGMT_FT_PSK:
737 return KEY_MGMT_FT_PSK;
738 case WPA_KEY_MGMT_IEEE8021X_SHA256:
739 return KEY_MGMT_802_1X_SHA256;
740 case WPA_KEY_MGMT_PSK_SHA256:
741 return KEY_MGMT_PSK_SHA256;
742 case WPA_KEY_MGMT_WPS:
744 case WPA_KEY_MGMT_PSK:
751 static int wpa_supplicant_suites_from_ai(struct wpa_supplicant *wpa_s,
752 struct wpa_ssid *ssid,
753 struct wpa_ie_data *ie)
755 int ret = wpa_sm_parse_own_wpa_ie(wpa_s->wpa, ie);
758 wpa_msg(wpa_s, MSG_INFO, "WPA: Failed to parse WPA IE "
759 "from association info");
764 wpa_printf(MSG_DEBUG, "WPA: Using WPA IE from AssocReq to set cipher "
766 if (!(ie->group_cipher & ssid->group_cipher)) {
767 wpa_msg(wpa_s, MSG_INFO, "WPA: Driver used disabled group "
768 "cipher 0x%x (mask 0x%x) - reject",
769 ie->group_cipher, ssid->group_cipher);
772 if (!(ie->pairwise_cipher & ssid->pairwise_cipher)) {
773 wpa_msg(wpa_s, MSG_INFO, "WPA: Driver used disabled pairwise "
774 "cipher 0x%x (mask 0x%x) - reject",
775 ie->pairwise_cipher, ssid->pairwise_cipher);
778 if (!(ie->key_mgmt & ssid->key_mgmt)) {
779 wpa_msg(wpa_s, MSG_INFO, "WPA: Driver used disabled key "
780 "management 0x%x (mask 0x%x) - reject",
781 ie->key_mgmt, ssid->key_mgmt);
785 #ifdef CONFIG_IEEE80211W
786 if (!(ie->capabilities & WPA_CAPABILITY_MFPC) &&
787 ssid->ieee80211w == MGMT_FRAME_PROTECTION_REQUIRED) {
788 wpa_msg(wpa_s, MSG_INFO, "WPA: Driver associated with an AP "
789 "that does not support management frame protection - "
793 #endif /* CONFIG_IEEE80211W */
800 * wpa_supplicant_set_suites - Set authentication and encryption parameters
801 * @wpa_s: Pointer to wpa_supplicant data
802 * @bss: Scan results for the selected BSS, or %NULL if not available
803 * @ssid: Configuration data for the selected network
804 * @wpa_ie: Buffer for the WPA/RSN IE
805 * @wpa_ie_len: Maximum wpa_ie buffer size on input. This is changed to be the
806 * used buffer length in case the functions returns success.
807 * Returns: 0 on success or -1 on failure
809 * This function is used to configure authentication and encryption parameters
810 * based on the network configuration and scan result for the selected BSS (if
813 int wpa_supplicant_set_suites(struct wpa_supplicant *wpa_s,
814 struct wpa_bss *bss, struct wpa_ssid *ssid,
815 u8 *wpa_ie, size_t *wpa_ie_len)
817 struct wpa_ie_data ie;
819 const u8 *bss_wpa, *bss_rsn;
822 bss_wpa = wpa_bss_get_vendor_ie(bss, WPA_IE_VENDOR_TYPE);
823 bss_rsn = wpa_bss_get_ie(bss, WLAN_EID_RSN);
825 bss_wpa = bss_rsn = NULL;
827 if (bss_rsn && (ssid->proto & WPA_PROTO_RSN) &&
828 wpa_parse_wpa_ie(bss_rsn, 2 + bss_rsn[1], &ie) == 0 &&
829 (ie.group_cipher & ssid->group_cipher) &&
830 (ie.pairwise_cipher & ssid->pairwise_cipher) &&
831 (ie.key_mgmt & ssid->key_mgmt)) {
832 wpa_msg(wpa_s, MSG_DEBUG, "RSN: using IEEE 802.11i/D9.0");
833 proto = WPA_PROTO_RSN;
834 } else if (bss_wpa && (ssid->proto & WPA_PROTO_WPA) &&
835 wpa_parse_wpa_ie(bss_wpa, 2 +bss_wpa[1], &ie) == 0 &&
836 (ie.group_cipher & ssid->group_cipher) &&
837 (ie.pairwise_cipher & ssid->pairwise_cipher) &&
838 (ie.key_mgmt & ssid->key_mgmt)) {
839 wpa_msg(wpa_s, MSG_DEBUG, "WPA: using IEEE 802.11i/D3.0");
840 proto = WPA_PROTO_WPA;
842 wpa_msg(wpa_s, MSG_WARNING, "WPA: Failed to select WPA/RSN");
845 if (ssid->proto & WPA_PROTO_RSN)
846 proto = WPA_PROTO_RSN;
848 proto = WPA_PROTO_WPA;
849 if (wpa_supplicant_suites_from_ai(wpa_s, ssid, &ie) < 0) {
850 os_memset(&ie, 0, sizeof(ie));
851 ie.group_cipher = ssid->group_cipher;
852 ie.pairwise_cipher = ssid->pairwise_cipher;
853 ie.key_mgmt = ssid->key_mgmt;
854 #ifdef CONFIG_IEEE80211W
855 ie.mgmt_group_cipher =
856 ssid->ieee80211w != NO_MGMT_FRAME_PROTECTION ?
857 WPA_CIPHER_AES_128_CMAC : 0;
858 #endif /* CONFIG_IEEE80211W */
859 wpa_printf(MSG_DEBUG, "WPA: Set cipher suites based "
865 wpa_printf(MSG_DEBUG, "WPA: Selected cipher suites: group %d "
866 "pairwise %d key_mgmt %d proto %d",
867 ie.group_cipher, ie.pairwise_cipher, ie.key_mgmt, proto);
868 #ifdef CONFIG_IEEE80211W
869 if (ssid->ieee80211w) {
870 wpa_printf(MSG_DEBUG, "WPA: Selected mgmt group cipher %d",
871 ie.mgmt_group_cipher);
873 #endif /* CONFIG_IEEE80211W */
875 wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_PROTO, proto);
876 wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_RSN_ENABLED,
877 !!(ssid->proto & WPA_PROTO_RSN));
879 if (bss || !wpa_s->ap_ies_from_associnfo) {
880 if (wpa_sm_set_ap_wpa_ie(wpa_s->wpa, bss_wpa,
881 bss_wpa ? 2 + bss_wpa[1] : 0) ||
882 wpa_sm_set_ap_rsn_ie(wpa_s->wpa, bss_rsn,
883 bss_rsn ? 2 + bss_rsn[1] : 0))
887 sel = ie.group_cipher & ssid->group_cipher;
888 if (sel & WPA_CIPHER_CCMP) {
889 wpa_s->group_cipher = WPA_CIPHER_CCMP;
890 wpa_msg(wpa_s, MSG_DEBUG, "WPA: using GTK CCMP");
891 } else if (sel & WPA_CIPHER_TKIP) {
892 wpa_s->group_cipher = WPA_CIPHER_TKIP;
893 wpa_msg(wpa_s, MSG_DEBUG, "WPA: using GTK TKIP");
894 } else if (sel & WPA_CIPHER_WEP104) {
895 wpa_s->group_cipher = WPA_CIPHER_WEP104;
896 wpa_msg(wpa_s, MSG_DEBUG, "WPA: using GTK WEP104");
897 } else if (sel & WPA_CIPHER_WEP40) {
898 wpa_s->group_cipher = WPA_CIPHER_WEP40;
899 wpa_msg(wpa_s, MSG_DEBUG, "WPA: using GTK WEP40");
901 wpa_printf(MSG_WARNING, "WPA: Failed to select group cipher.");
905 sel = ie.pairwise_cipher & ssid->pairwise_cipher;
906 if (sel & WPA_CIPHER_CCMP) {
907 wpa_s->pairwise_cipher = WPA_CIPHER_CCMP;
908 wpa_msg(wpa_s, MSG_DEBUG, "WPA: using PTK CCMP");
909 } else if (sel & WPA_CIPHER_TKIP) {
910 wpa_s->pairwise_cipher = WPA_CIPHER_TKIP;
911 wpa_msg(wpa_s, MSG_DEBUG, "WPA: using PTK TKIP");
912 } else if (sel & WPA_CIPHER_NONE) {
913 wpa_s->pairwise_cipher = WPA_CIPHER_NONE;
914 wpa_msg(wpa_s, MSG_DEBUG, "WPA: using PTK NONE");
916 wpa_printf(MSG_WARNING, "WPA: Failed to select pairwise "
921 sel = ie.key_mgmt & ssid->key_mgmt;
923 #ifdef CONFIG_IEEE80211R
924 } else if (sel & WPA_KEY_MGMT_FT_IEEE8021X) {
925 wpa_s->key_mgmt = WPA_KEY_MGMT_FT_IEEE8021X;
926 wpa_msg(wpa_s, MSG_DEBUG, "WPA: using KEY_MGMT FT/802.1X");
927 } else if (sel & WPA_KEY_MGMT_FT_PSK) {
928 wpa_s->key_mgmt = WPA_KEY_MGMT_FT_PSK;
929 wpa_msg(wpa_s, MSG_DEBUG, "WPA: using KEY_MGMT FT/PSK");
930 #endif /* CONFIG_IEEE80211R */
931 #ifdef CONFIG_IEEE80211W
932 } else if (sel & WPA_KEY_MGMT_IEEE8021X_SHA256) {
933 wpa_s->key_mgmt = WPA_KEY_MGMT_IEEE8021X_SHA256;
934 wpa_msg(wpa_s, MSG_DEBUG,
935 "WPA: using KEY_MGMT 802.1X with SHA256");
936 } else if (sel & WPA_KEY_MGMT_PSK_SHA256) {
937 wpa_s->key_mgmt = WPA_KEY_MGMT_PSK_SHA256;
938 wpa_msg(wpa_s, MSG_DEBUG,
939 "WPA: using KEY_MGMT PSK with SHA256");
940 #endif /* CONFIG_IEEE80211W */
941 } else if (sel & WPA_KEY_MGMT_IEEE8021X) {
942 wpa_s->key_mgmt = WPA_KEY_MGMT_IEEE8021X;
943 wpa_msg(wpa_s, MSG_DEBUG, "WPA: using KEY_MGMT 802.1X");
944 } else if (sel & WPA_KEY_MGMT_PSK) {
945 wpa_s->key_mgmt = WPA_KEY_MGMT_PSK;
946 wpa_msg(wpa_s, MSG_DEBUG, "WPA: using KEY_MGMT WPA-PSK");
947 } else if (sel & WPA_KEY_MGMT_WPA_NONE) {
948 wpa_s->key_mgmt = WPA_KEY_MGMT_WPA_NONE;
949 wpa_msg(wpa_s, MSG_DEBUG, "WPA: using KEY_MGMT WPA-NONE");
951 wpa_printf(MSG_WARNING, "WPA: Failed to select authenticated "
952 "key management type.");
956 wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_KEY_MGMT, wpa_s->key_mgmt);
957 wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_PAIRWISE,
958 wpa_s->pairwise_cipher);
959 wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_GROUP, wpa_s->group_cipher);
961 #ifdef CONFIG_IEEE80211W
962 sel = ie.mgmt_group_cipher;
963 if (ssid->ieee80211w == NO_MGMT_FRAME_PROTECTION ||
964 !(ie.capabilities & WPA_CAPABILITY_MFPC))
966 if (sel & WPA_CIPHER_AES_128_CMAC) {
967 wpa_s->mgmt_group_cipher = WPA_CIPHER_AES_128_CMAC;
968 wpa_msg(wpa_s, MSG_DEBUG, "WPA: using MGMT group cipher "
971 wpa_s->mgmt_group_cipher = 0;
972 wpa_msg(wpa_s, MSG_DEBUG, "WPA: not using MGMT group cipher");
974 wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_MGMT_GROUP,
975 wpa_s->mgmt_group_cipher);
976 wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_MFP, ssid->ieee80211w);
977 #endif /* CONFIG_IEEE80211W */
979 if (wpa_sm_set_assoc_wpa_ie_default(wpa_s->wpa, wpa_ie, wpa_ie_len)) {
980 wpa_printf(MSG_WARNING, "WPA: Failed to generate WPA IE.");
985 (WPA_KEY_MGMT_PSK | WPA_KEY_MGMT_FT_PSK | WPA_KEY_MGMT_PSK_SHA256))
986 wpa_sm_set_pmk(wpa_s->wpa, ssid->psk, PMK_LEN);
988 wpa_sm_set_pmk_from_pmksa(wpa_s->wpa);
995 * wpa_supplicant_associate - Request association
996 * @wpa_s: Pointer to wpa_supplicant data
997 * @bss: Scan results for the selected BSS, or %NULL if not available
998 * @ssid: Configuration data for the selected network
1000 * This function is used to request %wpa_supplicant to associate with a BSS.
1002 void wpa_supplicant_associate(struct wpa_supplicant *wpa_s,
1003 struct wpa_bss *bss, struct wpa_ssid *ssid)
1007 int use_crypt, ret, i, bssid_changed;
1008 int algs = WPA_AUTH_ALG_OPEN;
1009 enum wpa_cipher cipher_pairwise, cipher_group;
1010 struct wpa_driver_associate_params params;
1011 int wep_keys_set = 0;
1012 struct wpa_driver_capa capa;
1013 int assoc_failed = 0;
1014 struct wpa_ssid *old_ssid;
1016 if (ssid->mode == WPAS_MODE_AP || ssid->mode == WPAS_MODE_P2P_GO ||
1017 ssid->mode == WPAS_MODE_P2P_GROUP_FORMATION) {
1019 if (!(wpa_s->drv_flags & WPA_DRIVER_FLAGS_AP)) {
1020 wpa_printf(MSG_INFO, "Driver does not support AP "
1024 wpa_supplicant_create_ap(wpa_s, ssid);
1025 wpa_s->current_bss = bss;
1026 #else /* CONFIG_AP */
1027 wpa_printf(MSG_ERROR, "AP mode support not included in the "
1029 #endif /* CONFIG_AP */
1033 if ((wpa_s->drv_flags & WPA_DRIVER_FLAGS_SME) &&
1034 ssid->mode == IEEE80211_MODE_INFRA) {
1035 sme_authenticate(wpa_s, bss, ssid);
1039 os_memset(¶ms, 0, sizeof(params));
1040 wpa_s->reassociate = 0;
1042 #ifdef CONFIG_IEEE80211R
1043 const u8 *ie, *md = NULL;
1044 #endif /* CONFIG_IEEE80211R */
1045 wpa_msg(wpa_s, MSG_INFO, "Trying to associate with " MACSTR
1046 " (SSID='%s' freq=%d MHz)", MAC2STR(bss->bssid),
1047 wpa_ssid_txt(bss->ssid, bss->ssid_len), bss->freq);
1048 bssid_changed = !is_zero_ether_addr(wpa_s->bssid);
1049 os_memset(wpa_s->bssid, 0, ETH_ALEN);
1050 os_memcpy(wpa_s->pending_bssid, bss->bssid, ETH_ALEN);
1052 wpas_notify_bssid_changed(wpa_s);
1053 #ifdef CONFIG_IEEE80211R
1054 ie = wpa_bss_get_ie(bss, WLAN_EID_MOBILITY_DOMAIN);
1055 if (ie && ie[1] >= MOBILITY_DOMAIN_ID_LEN)
1057 wpa_sm_set_ft_params(wpa_s->wpa, ie, ie ? 2 + ie[1] : 0);
1059 /* Prepare for the next transition */
1060 wpa_ft_prepare_auth_request(wpa_s->wpa, ie);
1062 #endif /* CONFIG_IEEE80211R */
1064 } else if ((ssid->ssid == NULL || ssid->ssid_len == 0) &&
1065 wpa_s->conf->ap_scan == 2 &&
1066 (ssid->key_mgmt & WPA_KEY_MGMT_WPS)) {
1067 /* Use ap_scan==1 style network selection to find the network
1069 wpa_s->scan_req = 2;
1070 wpa_s->reassociate = 1;
1071 wpa_supplicant_req_scan(wpa_s, 0, 0);
1073 #endif /* CONFIG_WPS */
1075 wpa_msg(wpa_s, MSG_INFO, "Trying to associate with SSID '%s'",
1076 wpa_ssid_txt(ssid->ssid, ssid->ssid_len));
1077 os_memset(wpa_s->pending_bssid, 0, ETH_ALEN);
1079 wpa_supplicant_cancel_scan(wpa_s);
1081 /* Starting new association, so clear the possibly used WPA IE from the
1082 * previous association. */
1083 wpa_sm_set_assoc_wpa_ie(wpa_s->wpa, NULL, 0);
1085 #ifdef IEEE8021X_EAPOL
1086 if (ssid->key_mgmt & WPA_KEY_MGMT_IEEE8021X_NO_WPA) {
1088 if (ssid->non_leap == 0)
1089 algs = WPA_AUTH_ALG_LEAP;
1091 algs |= WPA_AUTH_ALG_LEAP;
1094 #endif /* IEEE8021X_EAPOL */
1095 wpa_printf(MSG_DEBUG, "Automatic auth_alg selection: 0x%x", algs);
1096 if (ssid->auth_alg) {
1097 algs = ssid->auth_alg;
1098 wpa_printf(MSG_DEBUG, "Overriding auth_alg selection: 0x%x",
1102 if (bss && (wpa_bss_get_vendor_ie(bss, WPA_IE_VENDOR_TYPE) ||
1103 wpa_bss_get_ie(bss, WLAN_EID_RSN)) &&
1104 (ssid->key_mgmt & (WPA_KEY_MGMT_IEEE8021X | WPA_KEY_MGMT_PSK |
1105 WPA_KEY_MGMT_FT_IEEE8021X |
1106 WPA_KEY_MGMT_FT_PSK |
1107 WPA_KEY_MGMT_IEEE8021X_SHA256 |
1108 WPA_KEY_MGMT_PSK_SHA256))) {
1109 int try_opportunistic;
1110 try_opportunistic = ssid->proactive_key_caching &&
1111 (ssid->proto & WPA_PROTO_RSN);
1112 if (pmksa_cache_set_current(wpa_s->wpa, NULL, bss->bssid,
1113 wpa_s->current_ssid,
1114 try_opportunistic) == 0)
1115 eapol_sm_notify_pmkid_attempt(wpa_s->eapol, 1);
1116 wpa_ie_len = sizeof(wpa_ie);
1117 if (wpa_supplicant_set_suites(wpa_s, bss, ssid,
1118 wpa_ie, &wpa_ie_len)) {
1119 wpa_printf(MSG_WARNING, "WPA: Failed to set WPA key "
1120 "management and encryption suites");
1123 } else if (ssid->key_mgmt &
1124 (WPA_KEY_MGMT_PSK | WPA_KEY_MGMT_IEEE8021X |
1125 WPA_KEY_MGMT_WPA_NONE | WPA_KEY_MGMT_FT_PSK |
1126 WPA_KEY_MGMT_FT_IEEE8021X | WPA_KEY_MGMT_PSK_SHA256 |
1127 WPA_KEY_MGMT_IEEE8021X_SHA256)) {
1128 wpa_ie_len = sizeof(wpa_ie);
1129 if (wpa_supplicant_set_suites(wpa_s, NULL, ssid,
1130 wpa_ie, &wpa_ie_len)) {
1131 wpa_printf(MSG_WARNING, "WPA: Failed to set WPA key "
1132 "management and encryption suites (no scan "
1137 } else if (ssid->key_mgmt & WPA_KEY_MGMT_WPS) {
1138 struct wpabuf *wps_ie;
1139 wps_ie = wps_build_assoc_req_ie(wpas_wps_get_req_type(ssid));
1140 if (wps_ie && wpabuf_len(wps_ie) <= sizeof(wpa_ie)) {
1141 wpa_ie_len = wpabuf_len(wps_ie);
1142 os_memcpy(wpa_ie, wpabuf_head(wps_ie), wpa_ie_len);
1145 wpabuf_free(wps_ie);
1146 wpa_supplicant_set_non_wpa_policy(wpa_s, ssid);
1147 if (!bss || (bss->caps & IEEE80211_CAP_PRIVACY))
1148 params.wps = WPS_MODE_PRIVACY;
1150 params.wps = WPS_MODE_OPEN;
1151 #endif /* CONFIG_WPS */
1153 wpa_supplicant_set_non_wpa_policy(wpa_s, ssid);
1158 if (wpa_s->global->p2p) {
1163 p2p_group = wpa_s->drv_flags & WPA_DRIVER_FLAGS_P2P_CAPABLE;
1164 pos = wpa_ie + wpa_ie_len;
1165 len = sizeof(wpa_ie) - wpa_ie_len;
1166 res = wpas_p2p_assoc_req_ie(wpa_s, bss->bssid, pos, len,
1171 #endif /* CONFIG_P2P */
1173 wpa_clear_keys(wpa_s, bss ? bss->bssid : NULL);
1175 cipher_pairwise = cipher_suite2driver(wpa_s->pairwise_cipher);
1176 cipher_group = cipher_suite2driver(wpa_s->group_cipher);
1177 if (wpa_s->key_mgmt == WPA_KEY_MGMT_NONE ||
1178 wpa_s->key_mgmt == WPA_KEY_MGMT_IEEE8021X_NO_WPA) {
1179 if (wpa_s->key_mgmt == WPA_KEY_MGMT_NONE)
1181 if (wpa_set_wep_keys(wpa_s, ssid)) {
1186 if (wpa_s->key_mgmt == WPA_KEY_MGMT_WPS)
1189 #ifdef IEEE8021X_EAPOL
1190 if (wpa_s->key_mgmt == WPA_KEY_MGMT_IEEE8021X_NO_WPA) {
1191 if ((ssid->eapol_flags &
1192 (EAPOL_FLAG_REQUIRE_KEY_UNICAST |
1193 EAPOL_FLAG_REQUIRE_KEY_BROADCAST)) == 0 &&
1197 /* Assume that dynamic WEP-104 keys will be used and
1198 * set cipher suites in order for drivers to expect
1200 cipher_pairwise = cipher_group = CIPHER_WEP104;
1203 #endif /* IEEE8021X_EAPOL */
1205 if (wpa_s->key_mgmt == WPA_KEY_MGMT_WPA_NONE) {
1206 /* Set the key before (and later after) association */
1207 wpa_supplicant_set_wpa_none_key(wpa_s, ssid);
1210 wpa_supplicant_set_state(wpa_s, WPA_ASSOCIATING);
1212 params.bssid = bss->bssid;
1213 params.ssid = bss->ssid;
1214 params.ssid_len = bss->ssid_len;
1215 params.freq = bss->freq;
1217 params.ssid = ssid->ssid;
1218 params.ssid_len = ssid->ssid_len;
1220 if (ssid->mode == WPAS_MODE_IBSS && ssid->frequency > 0 &&
1222 params.freq = ssid->frequency; /* Initial channel for IBSS */
1223 params.wpa_ie = wpa_ie;
1224 params.wpa_ie_len = wpa_ie_len;
1225 params.pairwise_suite = cipher_pairwise;
1226 params.group_suite = cipher_group;
1227 params.key_mgmt_suite = key_mgmt2driver(wpa_s->key_mgmt);
1228 params.auth_alg = algs;
1229 params.mode = ssid->mode;
1230 for (i = 0; i < NUM_WEP_KEYS; i++) {
1231 if (ssid->wep_key_len[i])
1232 params.wep_key[i] = ssid->wep_key[i];
1233 params.wep_key_len[i] = ssid->wep_key_len[i];
1235 params.wep_tx_keyidx = ssid->wep_tx_keyidx;
1237 if ((wpa_s->drv_flags & WPA_DRIVER_FLAGS_4WAY_HANDSHAKE) &&
1238 (params.key_mgmt_suite == KEY_MGMT_PSK ||
1239 params.key_mgmt_suite == KEY_MGMT_FT_PSK)) {
1240 params.passphrase = ssid->passphrase;
1242 params.psk = ssid->psk;
1245 params.drop_unencrypted = use_crypt;
1247 #ifdef CONFIG_IEEE80211W
1248 params.mgmt_frame_protection = ssid->ieee80211w;
1249 if (ssid->ieee80211w != NO_MGMT_FRAME_PROTECTION && bss) {
1250 const u8 *rsn = wpa_bss_get_ie(bss, WLAN_EID_RSN);
1251 struct wpa_ie_data ie;
1252 if (rsn && wpa_parse_wpa_ie(rsn, 2 + rsn[1], &ie) == 0 &&
1254 (WPA_CAPABILITY_MFPC | WPA_CAPABILITY_MFPR)) {
1255 wpa_printf(MSG_DEBUG, "WPA: Selected AP supports MFP: "
1257 params.mgmt_frame_protection =
1258 MGMT_FRAME_PROTECTION_REQUIRED;
1261 #endif /* CONFIG_IEEE80211W */
1264 if (wpa_s->global->p2p &&
1265 (wpa_s->drv_flags & WPA_DRIVER_FLAGS_P2P_CAPABLE))
1267 #endif /* CONFIG_P2P */
1269 if (wpa_s->drv_flags & WPA_DRIVER_FLAGS_USER_SPACE_MLME)
1270 ret = ieee80211_sta_associate(wpa_s, ¶ms);
1272 ret = wpa_drv_associate(wpa_s, ¶ms);
1274 wpa_msg(wpa_s, MSG_INFO, "Association request to the driver "
1276 /* try to continue anyway; new association will be tried again
1281 if (wpa_s->key_mgmt == WPA_KEY_MGMT_WPA_NONE) {
1282 /* Set the key after the association just in case association
1283 * cleared the previously configured key. */
1284 wpa_supplicant_set_wpa_none_key(wpa_s, ssid);
1285 /* No need to timeout authentication since there is no key
1287 wpa_supplicant_cancel_auth_timeout(wpa_s);
1288 wpa_supplicant_set_state(wpa_s, WPA_COMPLETED);
1289 #ifdef CONFIG_IBSS_RSN
1290 } else if (ssid->mode == WPAS_MODE_IBSS &&
1291 wpa_s->key_mgmt != WPA_KEY_MGMT_NONE &&
1292 wpa_s->key_mgmt != WPA_KEY_MGMT_WPA_NONE) {
1293 ibss_rsn_set_psk(wpa_s->ibss_rsn, ssid->psk);
1295 * RSN IBSS authentication is per-STA and we can disable the
1296 * per-BSSID authentication.
1298 wpa_supplicant_cancel_auth_timeout(wpa_s);
1299 #endif /* CONFIG_IBSS_RSN */
1301 /* Timeout for IEEE 802.11 authentication and association */
1305 /* give IBSS a bit more time */
1306 timeout = ssid->mode == WPAS_MODE_IBSS ? 10 : 5;
1307 } else if (wpa_s->conf->ap_scan == 1) {
1308 /* give IBSS a bit more time */
1309 timeout = ssid->mode == WPAS_MODE_IBSS ? 20 : 10;
1311 wpa_supplicant_req_auth_timeout(wpa_s, timeout, 0);
1314 if (wep_keys_set && wpa_drv_get_capa(wpa_s, &capa) == 0 &&
1315 capa.flags & WPA_DRIVER_FLAGS_SET_KEYS_AFTER_ASSOC) {
1316 /* Set static WEP keys again */
1317 wpa_set_wep_keys(wpa_s, ssid);
1320 if (wpa_s->current_ssid && wpa_s->current_ssid != ssid) {
1322 * Do not allow EAP session resumption between different
1323 * network configurations.
1325 eapol_sm_invalidate_cached_session(wpa_s->eapol);
1327 old_ssid = wpa_s->current_ssid;
1328 wpa_s->current_ssid = ssid;
1329 wpa_s->current_bss = bss;
1330 wpa_supplicant_rsn_supp_set_config(wpa_s, wpa_s->current_ssid);
1331 wpa_supplicant_initiate_eapol(wpa_s);
1332 if (old_ssid != wpa_s->current_ssid)
1333 wpas_notify_network_changed(wpa_s);
1337 static void wpa_supplicant_clear_connection(struct wpa_supplicant *wpa_s,
1340 struct wpa_ssid *old_ssid;
1342 wpa_clear_keys(wpa_s, addr);
1343 wpa_supplicant_mark_disassoc(wpa_s);
1344 old_ssid = wpa_s->current_ssid;
1345 wpa_s->current_ssid = NULL;
1346 wpa_s->current_bss = NULL;
1347 wpa_sm_set_config(wpa_s->wpa, NULL);
1348 eapol_sm_notify_config(wpa_s->eapol, NULL, NULL);
1349 if (old_ssid != wpa_s->current_ssid)
1350 wpas_notify_network_changed(wpa_s);
1351 eloop_cancel_timeout(wpa_supplicant_timeout, wpa_s, NULL);
1356 * wpa_supplicant_disassociate - Disassociate the current connection
1357 * @wpa_s: Pointer to wpa_supplicant data
1358 * @reason_code: IEEE 802.11 reason code for the disassociate frame
1360 * This function is used to request %wpa_supplicant to disassociate with the
1363 void wpa_supplicant_disassociate(struct wpa_supplicant *wpa_s,
1368 if (!is_zero_ether_addr(wpa_s->bssid)) {
1369 if (wpa_s->drv_flags & WPA_DRIVER_FLAGS_USER_SPACE_MLME)
1370 ieee80211_sta_disassociate(wpa_s, reason_code);
1372 wpa_drv_disassociate(wpa_s, wpa_s->bssid, reason_code);
1373 addr = wpa_s->bssid;
1376 wpa_supplicant_clear_connection(wpa_s, addr);
1381 * wpa_supplicant_deauthenticate - Deauthenticate the current connection
1382 * @wpa_s: Pointer to wpa_supplicant data
1383 * @reason_code: IEEE 802.11 reason code for the deauthenticate frame
1385 * This function is used to request %wpa_supplicant to deauthenticate from the
1388 void wpa_supplicant_deauthenticate(struct wpa_supplicant *wpa_s,
1393 if (!is_zero_ether_addr(wpa_s->bssid)) {
1394 if (wpa_s->drv_flags & WPA_DRIVER_FLAGS_USER_SPACE_MLME)
1395 ieee80211_sta_deauthenticate(wpa_s, reason_code);
1397 wpa_drv_deauthenticate(wpa_s, wpa_s->bssid,
1399 addr = wpa_s->bssid;
1402 wpa_supplicant_clear_connection(wpa_s, addr);
1407 * wpa_supplicant_enable_network - Mark a configured network as enabled
1408 * @wpa_s: wpa_supplicant structure for a network interface
1409 * @ssid: wpa_ssid structure for a configured network or %NULL
1411 * Enables the specified network or all networks if no network specified.
1413 void wpa_supplicant_enable_network(struct wpa_supplicant *wpa_s,
1414 struct wpa_ssid *ssid)
1416 struct wpa_ssid *other_ssid;
1420 for (other_ssid = wpa_s->conf->ssid; other_ssid;
1421 other_ssid = other_ssid->next) {
1422 if (other_ssid->disabled == 2)
1423 continue; /* do not change persistent P2P group
1425 if (other_ssid == wpa_s->current_ssid &&
1426 other_ssid->disabled)
1427 wpa_s->reassociate = 1;
1429 was_disabled = other_ssid->disabled;
1431 other_ssid->disabled = 0;
1433 if (was_disabled != other_ssid->disabled)
1434 wpas_notify_network_enabled_changed(
1437 if (wpa_s->reassociate)
1438 wpa_supplicant_req_scan(wpa_s, 0, 0);
1439 } else if (ssid->disabled && ssid->disabled != 2) {
1440 if (wpa_s->current_ssid == NULL) {
1442 * Try to reassociate since there is no current
1443 * configuration and a new network was made available.
1445 wpa_s->reassociate = 1;
1446 wpa_supplicant_req_scan(wpa_s, 0, 0);
1449 was_disabled = ssid->disabled;
1453 if (was_disabled != ssid->disabled)
1454 wpas_notify_network_enabled_changed(wpa_s, ssid);
1460 * wpa_supplicant_disable_network - Mark a configured network as disabled
1461 * @wpa_s: wpa_supplicant structure for a network interface
1462 * @ssid: wpa_ssid structure for a configured network or %NULL
1464 * Disables the specified network or all networks if no network specified.
1466 void wpa_supplicant_disable_network(struct wpa_supplicant *wpa_s,
1467 struct wpa_ssid *ssid)
1469 struct wpa_ssid *other_ssid;
1473 for (other_ssid = wpa_s->conf->ssid; other_ssid;
1474 other_ssid = other_ssid->next) {
1475 was_disabled = other_ssid->disabled;
1476 if (was_disabled == 2)
1477 continue; /* do not change persistent P2P group
1480 other_ssid->disabled = 1;
1482 if (was_disabled != other_ssid->disabled)
1483 wpas_notify_network_enabled_changed(
1486 if (wpa_s->current_ssid)
1487 wpa_supplicant_disassociate(
1488 wpa_s, WLAN_REASON_DEAUTH_LEAVING);
1489 } else if (ssid->disabled != 2) {
1490 if (ssid == wpa_s->current_ssid)
1491 wpa_supplicant_disassociate(
1492 wpa_s, WLAN_REASON_DEAUTH_LEAVING);
1494 was_disabled = ssid->disabled;
1498 if (was_disabled != ssid->disabled)
1499 wpas_notify_network_enabled_changed(wpa_s, ssid);
1505 * wpa_supplicant_select_network - Attempt association with a network
1506 * @wpa_s: wpa_supplicant structure for a network interface
1507 * @ssid: wpa_ssid structure for a configured network or %NULL for any network
1509 void wpa_supplicant_select_network(struct wpa_supplicant *wpa_s,
1510 struct wpa_ssid *ssid)
1513 struct wpa_ssid *other_ssid;
1515 if (ssid && ssid != wpa_s->current_ssid && wpa_s->current_ssid)
1516 wpa_supplicant_disassociate(
1517 wpa_s, WLAN_REASON_DEAUTH_LEAVING);
1520 * Mark all other networks disabled or mark all networks enabled if no
1521 * network specified.
1523 for (other_ssid = wpa_s->conf->ssid; other_ssid;
1524 other_ssid = other_ssid->next) {
1525 int was_disabled = other_ssid->disabled;
1526 if (was_disabled == 2)
1527 continue; /* do not change persistent P2P group data */
1529 other_ssid->disabled = ssid ? (ssid->id != other_ssid->id) : 0;
1531 if (was_disabled != other_ssid->disabled)
1532 wpas_notify_network_enabled_changed(wpa_s, other_ssid);
1534 wpa_s->disconnected = 0;
1535 wpa_s->reassociate = 1;
1536 wpa_supplicant_req_scan(wpa_s, 0, 0);
1539 wpas_notify_network_selected(wpa_s, ssid);
1544 * wpa_supplicant_set_ap_scan - Set AP scan mode for interface
1545 * @wpa_s: wpa_supplicant structure for a network interface
1546 * @ap_scan: AP scan mode
1547 * Returns: 0 if succeed or -1 if ap_scan has an invalid value
1550 int wpa_supplicant_set_ap_scan(struct wpa_supplicant *wpa_s, int ap_scan)
1555 if (ap_scan < 0 || ap_scan > 2)
1558 old_ap_scan = wpa_s->conf->ap_scan;
1559 wpa_s->conf->ap_scan = ap_scan;
1561 if (old_ap_scan != wpa_s->conf->ap_scan)
1562 wpas_notify_ap_scan_changed(wpa_s);
1569 * wpa_supplicant_set_debug_params - Set global debug params
1570 * @global: wpa_global structure
1571 * @debug_level: debug level
1572 * @debug_timestamp: determines if show timestamp in debug data
1573 * @debug_show_keys: determines if show keys in debug data
1574 * Returns: 0 if succeed or -1 if debug_level has wrong value
1576 int wpa_supplicant_set_debug_params(struct wpa_global *global, int debug_level,
1577 int debug_timestamp, int debug_show_keys)
1580 int old_level, old_timestamp, old_show_keys;
1582 /* check for allowed debuglevels */
1583 if (debug_level != MSG_MSGDUMP &&
1584 debug_level != MSG_DEBUG &&
1585 debug_level != MSG_INFO &&
1586 debug_level != MSG_WARNING &&
1587 debug_level != MSG_ERROR)
1590 old_level = wpa_debug_level;
1591 old_timestamp = wpa_debug_timestamp;
1592 old_show_keys = wpa_debug_show_keys;
1594 wpa_debug_level = debug_level;
1595 wpa_debug_timestamp = debug_timestamp ? 1 : 0;
1596 wpa_debug_show_keys = debug_show_keys ? 1 : 0;
1598 if (wpa_debug_level != old_level)
1599 wpas_notify_debug_level_changed(global);
1600 if (wpa_debug_timestamp != old_timestamp)
1601 wpas_notify_debug_timestamp_changed(global);
1602 if (wpa_debug_show_keys != old_show_keys)
1603 wpas_notify_debug_show_keys_changed(global);
1610 * wpa_supplicant_get_ssid - Get a pointer to the current network structure
1611 * @wpa_s: Pointer to wpa_supplicant data
1612 * Returns: A pointer to the current network structure or %NULL on failure
1614 struct wpa_ssid * wpa_supplicant_get_ssid(struct wpa_supplicant *wpa_s)
1616 struct wpa_ssid *entry;
1617 u8 ssid[MAX_SSID_LEN];
1623 if (wpa_s->drv_flags & WPA_DRIVER_FLAGS_USER_SPACE_MLME) {
1624 if (ieee80211_sta_get_ssid(wpa_s, ssid, &ssid_len)) {
1625 wpa_printf(MSG_WARNING, "Could not read SSID from "
1630 res = wpa_drv_get_ssid(wpa_s, ssid);
1632 wpa_printf(MSG_WARNING, "Could not read SSID from "
1639 if (wpa_s->drv_flags & WPA_DRIVER_FLAGS_USER_SPACE_MLME)
1640 os_memcpy(bssid, wpa_s->bssid, ETH_ALEN);
1641 else if (wpa_drv_get_bssid(wpa_s, bssid) < 0) {
1642 wpa_printf(MSG_WARNING, "Could not read BSSID from driver.");
1646 wired = wpa_s->conf->ap_scan == 0 &&
1647 (wpa_s->drv_flags & WPA_DRIVER_FLAGS_WIRED);
1649 entry = wpa_s->conf->ssid;
1651 if (!entry->disabled &&
1652 ((ssid_len == entry->ssid_len &&
1653 os_memcmp(ssid, entry->ssid, ssid_len) == 0) || wired) &&
1654 (!entry->bssid_set ||
1655 os_memcmp(bssid, entry->bssid, ETH_ALEN) == 0))
1658 if (!entry->disabled &&
1659 (entry->key_mgmt & WPA_KEY_MGMT_WPS) &&
1660 (entry->ssid == NULL || entry->ssid_len == 0) &&
1661 (!entry->bssid_set ||
1662 os_memcmp(bssid, entry->bssid, ETH_ALEN) == 0))
1664 #endif /* CONFIG_WPS */
1665 entry = entry->next;
1672 static int wpa_supplicant_set_driver(struct wpa_supplicant *wpa_s,
1682 if (wpa_drivers[0] == NULL) {
1683 wpa_printf(MSG_ERROR, "No driver interfaces build into "
1689 /* default to first driver in the list */
1690 wpa_s->driver = wpa_drivers[0];
1691 wpa_s->global_drv_priv = wpa_s->global->drv_priv[0];
1695 pos = os_strchr(name, ',');
1699 len = os_strlen(name);
1700 for (i = 0; wpa_drivers[i]; i++) {
1701 if (os_strlen(wpa_drivers[i]->name) == len &&
1702 os_strncmp(name, wpa_drivers[i]->name, len) ==
1704 wpa_s->driver = wpa_drivers[i];
1705 wpa_s->global_drv_priv = wpa_s->global->drv_priv[i];
1710 wpa_printf(MSG_ERROR, "Unsupported driver '%s'.", name);
1716 * wpa_supplicant_rx_eapol - Deliver a received EAPOL frame to wpa_supplicant
1717 * @ctx: Context pointer (wpa_s); this is the ctx variable registered
1718 * with struct wpa_driver_ops::init()
1719 * @src_addr: Source address of the EAPOL frame
1720 * @buf: EAPOL data starting from the EAPOL header (i.e., no Ethernet header)
1721 * @len: Length of the EAPOL data
1723 * This function is called for each received EAPOL frame. Most driver
1724 * interfaces rely on more generic OS mechanism for receiving frames through
1725 * l2_packet, but if such a mechanism is not available, the driver wrapper may
1726 * take care of received EAPOL frames and deliver them to the core supplicant
1727 * code by calling this function.
1729 void wpa_supplicant_rx_eapol(void *ctx, const u8 *src_addr,
1730 const u8 *buf, size_t len)
1732 struct wpa_supplicant *wpa_s = ctx;
1734 wpa_printf(MSG_DEBUG, "RX EAPOL from " MACSTR, MAC2STR(src_addr));
1735 wpa_hexdump(MSG_MSGDUMP, "RX EAPOL", buf, len);
1737 if (wpa_s->wpa_state < WPA_ASSOCIATED) {
1739 * There is possible race condition between receiving the
1740 * association event and the EAPOL frame since they are coming
1741 * through different paths from the driver. In order to avoid
1742 * issues in trying to process the EAPOL frame before receiving
1743 * association information, lets queue it for processing until
1744 * the association event is received.
1746 wpa_printf(MSG_DEBUG, "Not associated - Delay processing of "
1747 "received EAPOL frame");
1748 wpabuf_free(wpa_s->pending_eapol_rx);
1749 wpa_s->pending_eapol_rx = wpabuf_alloc_copy(buf, len);
1750 if (wpa_s->pending_eapol_rx) {
1751 os_get_time(&wpa_s->pending_eapol_rx_time);
1752 os_memcpy(wpa_s->pending_eapol_rx_src, src_addr,
1759 if (wpa_s->ap_iface) {
1760 wpa_supplicant_ap_rx_eapol(wpa_s, src_addr, buf, len);
1763 #endif /* CONFIG_AP */
1765 if (wpa_s->key_mgmt == WPA_KEY_MGMT_NONE) {
1766 wpa_printf(MSG_DEBUG, "Ignored received EAPOL frame since "
1767 "no key management is configured");
1771 if (wpa_s->eapol_received == 0 &&
1772 (!(wpa_s->drv_flags & WPA_DRIVER_FLAGS_4WAY_HANDSHAKE) ||
1773 !wpa_key_mgmt_wpa_psk(wpa_s->key_mgmt) ||
1774 wpa_s->wpa_state != WPA_COMPLETED) &&
1775 (wpa_s->current_ssid == NULL ||
1776 wpa_s->current_ssid->mode != IEEE80211_MODE_IBSS)) {
1777 /* Timeout for completing IEEE 802.1X and WPA authentication */
1778 wpa_supplicant_req_auth_timeout(
1780 (wpa_key_mgmt_wpa_ieee8021x(wpa_s->key_mgmt) ||
1781 wpa_s->key_mgmt == WPA_KEY_MGMT_IEEE8021X_NO_WPA ||
1782 wpa_s->key_mgmt == WPA_KEY_MGMT_WPS) ?
1785 wpa_s->eapol_received++;
1787 if (wpa_s->countermeasures) {
1788 wpa_printf(MSG_INFO, "WPA: Countermeasures - dropped EAPOL "
1793 #ifdef CONFIG_IBSS_RSN
1794 if (wpa_s->current_ssid &&
1795 wpa_s->current_ssid->mode == WPAS_MODE_IBSS) {
1796 ibss_rsn_rx_eapol(wpa_s->ibss_rsn, src_addr, buf, len);
1799 #endif /* CONFIG_IBSS_RSN */
1801 /* Source address of the incoming EAPOL frame could be compared to the
1802 * current BSSID. However, it is possible that a centralized
1803 * Authenticator could be using another MAC address than the BSSID of
1804 * an AP, so just allow any address to be used for now. The replies are
1805 * still sent to the current BSSID (if available), though. */
1807 os_memcpy(wpa_s->last_eapol_src, src_addr, ETH_ALEN);
1808 if (!wpa_key_mgmt_wpa_psk(wpa_s->key_mgmt) &&
1809 eapol_sm_rx_eapol(wpa_s->eapol, src_addr, buf, len) > 0)
1811 wpa_drv_poll(wpa_s);
1812 if (!(wpa_s->drv_flags & WPA_DRIVER_FLAGS_4WAY_HANDSHAKE))
1813 wpa_sm_rx_eapol(wpa_s->wpa, src_addr, buf, len);
1814 else if (wpa_key_mgmt_wpa_ieee8021x(wpa_s->key_mgmt)) {
1816 * Set portValid = TRUE here since we are going to skip 4-way
1817 * handshake processing which would normally set portValid. We
1818 * need this to allow the EAPOL state machines to be completed
1819 * without going through EAPOL-Key handshake.
1821 eapol_sm_notify_portValid(wpa_s->eapol, TRUE);
1827 * wpa_supplicant_driver_init - Initialize driver interface parameters
1828 * @wpa_s: Pointer to wpa_supplicant data
1829 * Returns: 0 on success, -1 on failure
1831 * This function is called to initialize driver interface parameters.
1832 * wpa_drv_init() must have been called before this function to initialize the
1835 int wpa_supplicant_driver_init(struct wpa_supplicant *wpa_s)
1837 static int interface_count = 0;
1839 if (wpa_s->driver->send_eapol) {
1840 const u8 *addr = wpa_drv_get_mac_addr(wpa_s);
1842 os_memcpy(wpa_s->own_addr, addr, ETH_ALEN);
1843 } else if (!(wpa_s->drv_flags &
1844 WPA_DRIVER_FLAGS_P2P_DEDICATED_INTERFACE)) {
1845 wpa_s->l2 = l2_packet_init(wpa_s->ifname,
1846 wpa_drv_get_mac_addr(wpa_s),
1848 wpa_supplicant_rx_eapol, wpa_s, 0);
1849 if (wpa_s->l2 == NULL)
1852 const u8 *addr = wpa_drv_get_mac_addr(wpa_s);
1854 os_memcpy(wpa_s->own_addr, addr, ETH_ALEN);
1857 if (wpa_s->l2 && l2_packet_get_own_addr(wpa_s->l2, wpa_s->own_addr)) {
1858 wpa_printf(MSG_ERROR, "Failed to get own L2 address");
1862 wpa_printf(MSG_DEBUG, "Own MAC address: " MACSTR,
1863 MAC2STR(wpa_s->own_addr));
1865 if (wpa_s->bridge_ifname[0]) {
1866 wpa_printf(MSG_DEBUG, "Receiving packets from bridge interface"
1867 " '%s'", wpa_s->bridge_ifname);
1868 wpa_s->l2_br = l2_packet_init(wpa_s->bridge_ifname,
1871 wpa_supplicant_rx_eapol, wpa_s,
1873 if (wpa_s->l2_br == NULL) {
1874 wpa_printf(MSG_ERROR, "Failed to open l2_packet "
1875 "connection for the bridge interface '%s'",
1876 wpa_s->bridge_ifname);
1881 wpa_clear_keys(wpa_s, NULL);
1883 /* Make sure that TKIP countermeasures are not left enabled (could
1884 * happen if wpa_supplicant is killed during countermeasures. */
1885 wpa_drv_set_countermeasures(wpa_s, 0);
1887 wpa_printf(MSG_DEBUG, "RSN: flushing PMKID list in the driver");
1888 wpa_drv_flush_pmkid(wpa_s);
1890 wpa_s->prev_scan_ssid = WILDCARD_SSID_SCAN;
1891 if (wpa_supplicant_enabled_networks(wpa_s->conf)) {
1892 wpa_supplicant_req_scan(wpa_s, interface_count, 100000);
1895 wpa_supplicant_set_state(wpa_s, WPA_INACTIVE);
1901 static int wpa_supplicant_daemon(const char *pid_file)
1903 wpa_printf(MSG_DEBUG, "Daemonize..");
1904 return os_daemonize(pid_file);
1908 static struct wpa_supplicant * wpa_supplicant_alloc(void)
1910 struct wpa_supplicant *wpa_s;
1912 wpa_s = os_zalloc(sizeof(*wpa_s));
1915 wpa_s->scan_req = 1;
1916 wpa_s->new_connection = 1;
1917 wpa_s->parent = wpa_s;
1923 static int wpa_supplicant_init_iface(struct wpa_supplicant *wpa_s,
1924 struct wpa_interface *iface)
1926 const char *ifname, *driver;
1927 struct wpa_driver_capa capa;
1929 wpa_printf(MSG_DEBUG, "Initializing interface '%s' conf '%s' driver "
1930 "'%s' ctrl_interface '%s' bridge '%s'", iface->ifname,
1931 iface->confname ? iface->confname : "N/A",
1932 iface->driver ? iface->driver : "default",
1933 iface->ctrl_interface ? iface->ctrl_interface : "N/A",
1934 iface->bridge_ifname ? iface->bridge_ifname : "N/A");
1936 if (iface->confname) {
1937 #ifdef CONFIG_BACKEND_FILE
1938 wpa_s->confname = os_rel2abs_path(iface->confname);
1939 if (wpa_s->confname == NULL) {
1940 wpa_printf(MSG_ERROR, "Failed to get absolute path "
1941 "for configuration file '%s'.",
1945 wpa_printf(MSG_DEBUG, "Configuration file '%s' -> '%s'",
1946 iface->confname, wpa_s->confname);
1947 #else /* CONFIG_BACKEND_FILE */
1948 wpa_s->confname = os_strdup(iface->confname);
1949 #endif /* CONFIG_BACKEND_FILE */
1950 wpa_s->conf = wpa_config_read(wpa_s->confname);
1951 if (wpa_s->conf == NULL) {
1952 wpa_printf(MSG_ERROR, "Failed to read or parse "
1953 "configuration '%s'.", wpa_s->confname);
1958 * Override ctrl_interface and driver_param if set on command
1961 if (iface->ctrl_interface) {
1962 os_free(wpa_s->conf->ctrl_interface);
1963 wpa_s->conf->ctrl_interface =
1964 os_strdup(iface->ctrl_interface);
1967 if (iface->driver_param) {
1968 os_free(wpa_s->conf->driver_param);
1969 wpa_s->conf->driver_param =
1970 os_strdup(iface->driver_param);
1973 wpa_s->conf = wpa_config_alloc_empty(iface->ctrl_interface,
1974 iface->driver_param);
1976 if (wpa_s->conf == NULL) {
1977 wpa_printf(MSG_ERROR, "\nNo configuration found.");
1981 if (iface->ifname == NULL) {
1982 wpa_printf(MSG_ERROR, "\nInterface name is required.");
1985 if (os_strlen(iface->ifname) >= sizeof(wpa_s->ifname)) {
1986 wpa_printf(MSG_ERROR, "\nToo long interface name '%s'.",
1990 os_strlcpy(wpa_s->ifname, iface->ifname, sizeof(wpa_s->ifname));
1992 if (iface->bridge_ifname) {
1993 if (os_strlen(iface->bridge_ifname) >=
1994 sizeof(wpa_s->bridge_ifname)) {
1995 wpa_printf(MSG_ERROR, "\nToo long bridge interface "
1996 "name '%s'.", iface->bridge_ifname);
1999 os_strlcpy(wpa_s->bridge_ifname, iface->bridge_ifname,
2000 sizeof(wpa_s->bridge_ifname));
2003 /* RSNA Supplicant Key Management - INITIALIZE */
2004 eapol_sm_notify_portEnabled(wpa_s->eapol, FALSE);
2005 eapol_sm_notify_portValid(wpa_s->eapol, FALSE);
2007 /* Initialize driver interface and register driver event handler before
2008 * L2 receive handler so that association events are processed before
2009 * EAPOL-Key packets if both become available for the same select()
2011 driver = iface->driver;
2013 if (wpa_supplicant_set_driver(wpa_s, driver) < 0)
2016 wpa_s->drv_priv = wpa_drv_init(wpa_s, wpa_s->ifname);
2017 if (wpa_s->drv_priv == NULL) {
2019 pos = driver ? os_strchr(driver, ',') : NULL;
2021 wpa_printf(MSG_DEBUG, "Failed to initialize driver "
2022 "interface - try next driver wrapper");
2026 wpa_printf(MSG_ERROR, "Failed to initialize driver interface");
2029 if (wpa_drv_set_param(wpa_s, wpa_s->conf->driver_param) < 0) {
2030 wpa_printf(MSG_ERROR, "Driver interface rejected "
2031 "driver_param '%s'", wpa_s->conf->driver_param);
2035 ifname = wpa_drv_get_ifname(wpa_s);
2036 if (ifname && os_strcmp(ifname, wpa_s->ifname) != 0) {
2037 wpa_printf(MSG_DEBUG, "Driver interface replaced interface "
2038 "name with '%s'", ifname);
2039 os_strlcpy(wpa_s->ifname, ifname, sizeof(wpa_s->ifname));
2042 if (wpa_supplicant_init_wpa(wpa_s) < 0)
2045 wpa_sm_set_ifname(wpa_s->wpa, wpa_s->ifname,
2046 wpa_s->bridge_ifname[0] ? wpa_s->bridge_ifname :
2048 wpa_sm_set_fast_reauth(wpa_s->wpa, wpa_s->conf->fast_reauth);
2050 if (wpa_s->conf->dot11RSNAConfigPMKLifetime &&
2051 wpa_sm_set_param(wpa_s->wpa, RSNA_PMK_LIFETIME,
2052 wpa_s->conf->dot11RSNAConfigPMKLifetime)) {
2053 wpa_printf(MSG_ERROR, "Invalid WPA parameter value for "
2054 "dot11RSNAConfigPMKLifetime");
2058 if (wpa_s->conf->dot11RSNAConfigPMKReauthThreshold &&
2059 wpa_sm_set_param(wpa_s->wpa, RSNA_PMK_REAUTH_THRESHOLD,
2060 wpa_s->conf->dot11RSNAConfigPMKReauthThreshold)) {
2061 wpa_printf(MSG_ERROR, "Invalid WPA parameter value for "
2062 "dot11RSNAConfigPMKReauthThreshold");
2066 if (wpa_s->conf->dot11RSNAConfigSATimeout &&
2067 wpa_sm_set_param(wpa_s->wpa, RSNA_SA_TIMEOUT,
2068 wpa_s->conf->dot11RSNAConfigSATimeout)) {
2069 wpa_printf(MSG_ERROR, "Invalid WPA parameter value for "
2070 "dot11RSNAConfigSATimeout");
2074 if (wpa_drv_get_capa(wpa_s, &capa) == 0) {
2075 wpa_s->drv_flags = capa.flags;
2076 if (capa.flags & WPA_DRIVER_FLAGS_USER_SPACE_MLME) {
2077 if (ieee80211_sta_init(wpa_s))
2080 wpa_s->max_scan_ssids = capa.max_scan_ssids;
2081 wpa_s->max_remain_on_chan = capa.max_remain_on_chan;
2083 if (wpa_s->max_remain_on_chan == 0)
2084 wpa_s->max_remain_on_chan = 1000;
2086 if (wpa_supplicant_driver_init(wpa_s) < 0)
2089 if (wpa_s->conf->country[0] && wpa_s->conf->country[1] &&
2090 wpa_drv_set_country(wpa_s, wpa_s->conf->country)) {
2091 wpa_printf(MSG_DEBUG, "Failed to set country");
2095 wpa_sm_set_own_addr(wpa_s->wpa, wpa_s->own_addr);
2097 if (wpas_wps_init(wpa_s))
2100 if (wpa_supplicant_init_eapol(wpa_s) < 0)
2102 wpa_sm_set_eapol(wpa_s->wpa, wpa_s->eapol);
2104 wpa_s->ctrl_iface = wpa_supplicant_ctrl_iface_init(wpa_s);
2105 if (wpa_s->ctrl_iface == NULL) {
2106 wpa_printf(MSG_ERROR,
2107 "Failed to initialize control interface '%s'.\n"
2108 "You may have another wpa_supplicant process "
2109 "already running or the file was\n"
2110 "left by an unclean termination of wpa_supplicant "
2111 "in which case you will need\n"
2112 "to manually remove this file before starting "
2113 "wpa_supplicant again.\n",
2114 wpa_s->conf->ctrl_interface);
2118 #ifdef CONFIG_IBSS_RSN
2119 wpa_s->ibss_rsn = ibss_rsn_init(wpa_s);
2120 if (!wpa_s->ibss_rsn) {
2121 wpa_printf(MSG_DEBUG, "Failed to init IBSS RSN");
2124 #endif /* CONFIG_IBSS_RSN */
2127 if (wpas_p2p_init(wpa_s->global, wpa_s) < 0) {
2128 wpa_printf(MSG_ERROR, "Failed to init P2P");
2131 #endif /* CONFIG_P2P */
2133 if (wpa_bss_init(wpa_s) < 0)
2140 static void wpa_supplicant_deinit_iface(struct wpa_supplicant *wpa_s,
2143 if (wpa_s->drv_priv) {
2144 wpa_supplicant_deauthenticate(wpa_s,
2145 WLAN_REASON_DEAUTH_LEAVING);
2147 wpa_drv_set_countermeasures(wpa_s, 0);
2148 wpa_clear_keys(wpa_s, NULL);
2151 wpa_supplicant_cleanup(wpa_s);
2154 wpas_notify_iface_removed(wpa_s);
2156 if (wpa_s->drv_priv)
2157 wpa_drv_deinit(wpa_s);
2162 * wpa_supplicant_add_iface - Add a new network interface
2163 * @global: Pointer to global data from wpa_supplicant_init()
2164 * @iface: Interface configuration options
2165 * Returns: Pointer to the created interface or %NULL on failure
2167 * This function is used to add new network interfaces for %wpa_supplicant.
2168 * This can be called before wpa_supplicant_run() to add interfaces before the
2169 * main event loop has been started. In addition, new interfaces can be added
2170 * dynamically while %wpa_supplicant is already running. This could happen,
2171 * e.g., when a hotplug network adapter is inserted.
2173 struct wpa_supplicant * wpa_supplicant_add_iface(struct wpa_global *global,
2174 struct wpa_interface *iface)
2176 struct wpa_supplicant *wpa_s;
2177 struct wpa_interface t_iface;
2178 struct wpa_ssid *ssid;
2180 if (global == NULL || iface == NULL)
2183 wpa_s = wpa_supplicant_alloc();
2187 wpa_s->global = global;
2190 if (global->params.override_driver) {
2191 wpa_printf(MSG_DEBUG, "Override interface parameter: driver "
2193 iface->driver, global->params.override_driver);
2194 t_iface.driver = global->params.override_driver;
2196 if (global->params.override_ctrl_interface) {
2197 wpa_printf(MSG_DEBUG, "Override interface parameter: "
2198 "ctrl_interface ('%s' -> '%s')",
2199 iface->ctrl_interface,
2200 global->params.override_ctrl_interface);
2201 t_iface.ctrl_interface =
2202 global->params.override_ctrl_interface;
2204 if (wpa_supplicant_init_iface(wpa_s, &t_iface)) {
2205 wpa_printf(MSG_DEBUG, "Failed to add interface %s",
2207 wpa_supplicant_deinit_iface(wpa_s, 0);
2212 /* Notify the control interfaces about new iface */
2213 if (wpas_notify_iface_added(wpa_s)) {
2214 wpa_supplicant_deinit_iface(wpa_s, 1);
2219 for (ssid = wpa_s->conf->ssid; ssid; ssid = ssid->next)
2220 wpas_notify_network_added(wpa_s, ssid);
2222 wpa_s->next = global->ifaces;
2223 global->ifaces = wpa_s;
2225 wpa_printf(MSG_DEBUG, "Added interface %s", wpa_s->ifname);
2232 * wpa_supplicant_remove_iface - Remove a network interface
2233 * @global: Pointer to global data from wpa_supplicant_init()
2234 * @wpa_s: Pointer to the network interface to be removed
2235 * Returns: 0 if interface was removed, -1 if interface was not found
2237 * This function can be used to dynamically remove network interfaces from
2238 * %wpa_supplicant, e.g., when a hotplug network adapter is ejected. In
2239 * addition, this function is used to remove all remaining interfaces when
2240 * %wpa_supplicant is terminated.
2242 int wpa_supplicant_remove_iface(struct wpa_global *global,
2243 struct wpa_supplicant *wpa_s)
2245 struct wpa_supplicant *prev;
2247 /* Remove interface from the global list of interfaces */
2248 prev = global->ifaces;
2249 if (prev == wpa_s) {
2250 global->ifaces = wpa_s->next;
2252 while (prev && prev->next != wpa_s)
2256 prev->next = wpa_s->next;
2259 wpa_printf(MSG_DEBUG, "Removing interface %s", wpa_s->ifname);
2261 if (global->p2p_group_formation == wpa_s)
2262 global->p2p_group_formation = NULL;
2263 wpa_supplicant_deinit_iface(wpa_s, 1);
2271 * wpa_supplicant_get_iface - Get a new network interface
2272 * @global: Pointer to global data from wpa_supplicant_init()
2273 * @ifname: Interface name
2274 * Returns: Pointer to the interface or %NULL if not found
2276 struct wpa_supplicant * wpa_supplicant_get_iface(struct wpa_global *global,
2279 struct wpa_supplicant *wpa_s;
2281 for (wpa_s = global->ifaces; wpa_s; wpa_s = wpa_s->next) {
2282 if (os_strcmp(wpa_s->ifname, ifname) == 0)
2290 * wpa_supplicant_init - Initialize %wpa_supplicant
2291 * @params: Parameters for %wpa_supplicant
2292 * Returns: Pointer to global %wpa_supplicant data, or %NULL on failure
2294 * This function is used to initialize %wpa_supplicant. After successful
2295 * initialization, the returned data pointer can be used to add and remove
2296 * network interfaces, and eventually, to deinitialize %wpa_supplicant.
2298 struct wpa_global * wpa_supplicant_init(struct wpa_params *params)
2300 struct wpa_global *global;
2306 wpa_debug_open_file(params->wpa_debug_file_path);
2307 if (params->wpa_debug_syslog)
2308 wpa_debug_open_syslog();
2310 ret = eap_register_methods();
2312 wpa_printf(MSG_ERROR, "Failed to register EAP methods");
2314 wpa_printf(MSG_ERROR, "Two or more EAP methods used "
2315 "the same EAP type.");
2319 global = os_zalloc(sizeof(*global));
2322 dl_list_init(&global->p2p_srv_bonjour);
2323 dl_list_init(&global->p2p_srv_upnp);
2324 global->params.daemonize = params->daemonize;
2325 global->params.wait_for_monitor = params->wait_for_monitor;
2326 global->params.dbus_ctrl_interface = params->dbus_ctrl_interface;
2327 if (params->pid_file)
2328 global->params.pid_file = os_strdup(params->pid_file);
2329 if (params->ctrl_interface)
2330 global->params.ctrl_interface =
2331 os_strdup(params->ctrl_interface);
2332 if (params->override_driver)
2333 global->params.override_driver =
2334 os_strdup(params->override_driver);
2335 if (params->override_ctrl_interface)
2336 global->params.override_ctrl_interface =
2337 os_strdup(params->override_ctrl_interface);
2338 wpa_debug_level = global->params.wpa_debug_level =
2339 params->wpa_debug_level;
2340 wpa_debug_show_keys = global->params.wpa_debug_show_keys =
2341 params->wpa_debug_show_keys;
2342 wpa_debug_timestamp = global->params.wpa_debug_timestamp =
2343 params->wpa_debug_timestamp;
2346 wpa_printf(MSG_ERROR, "Failed to initialize event loop");
2347 wpa_supplicant_deinit(global);
2351 global->ctrl_iface = wpa_supplicant_global_ctrl_iface_init(global);
2352 if (global->ctrl_iface == NULL) {
2353 wpa_supplicant_deinit(global);
2357 if (wpas_notify_supplicant_initialized(global)) {
2358 wpa_supplicant_deinit(global);
2362 for (i = 0; wpa_drivers[i]; i++)
2363 global->drv_count++;
2364 if (global->drv_count == 0) {
2365 wpa_printf(MSG_ERROR, "No drivers enabled");
2366 wpa_supplicant_deinit(global);
2369 global->drv_priv = os_zalloc(global->drv_count * sizeof(void *));
2370 if (global->drv_priv == NULL) {
2371 wpa_supplicant_deinit(global);
2374 for (i = 0; wpa_drivers[i]; i++) {
2375 if (!wpa_drivers[i]->global_init)
2377 global->drv_priv[i] = wpa_drivers[i]->global_init();
2378 if (global->drv_priv[i] == NULL) {
2379 wpa_printf(MSG_ERROR, "Failed to initialize driver "
2380 "'%s'", wpa_drivers[i]->name);
2381 wpa_supplicant_deinit(global);
2391 * wpa_supplicant_run - Run the %wpa_supplicant main event loop
2392 * @global: Pointer to global data from wpa_supplicant_init()
2393 * Returns: 0 after successful event loop run, -1 on failure
2395 * This function starts the main event loop and continues running as long as
2396 * there are any remaining events. In most cases, this function is running as
2397 * long as the %wpa_supplicant process in still in use.
2399 int wpa_supplicant_run(struct wpa_global *global)
2401 struct wpa_supplicant *wpa_s;
2403 if (global->params.daemonize &&
2404 wpa_supplicant_daemon(global->params.pid_file))
2407 if (global->params.wait_for_monitor) {
2408 for (wpa_s = global->ifaces; wpa_s; wpa_s = wpa_s->next)
2409 if (wpa_s->ctrl_iface)
2410 wpa_supplicant_ctrl_iface_wait(
2414 eloop_register_signal_terminate(wpa_supplicant_terminate, global);
2415 eloop_register_signal_reconfig(wpa_supplicant_reconfig, global);
2424 * wpa_supplicant_deinit - Deinitialize %wpa_supplicant
2425 * @global: Pointer to global data from wpa_supplicant_init()
2427 * This function is called to deinitialize %wpa_supplicant and to free all
2428 * allocated resources. Remaining network interfaces will also be removed.
2430 void wpa_supplicant_deinit(struct wpa_global *global)
2438 wpas_p2p_deinit_global(global);
2439 #endif /* CONFIG_P2P */
2441 while (global->ifaces)
2442 wpa_supplicant_remove_iface(global, global->ifaces);
2444 if (global->ctrl_iface)
2445 wpa_supplicant_global_ctrl_iface_deinit(global->ctrl_iface);
2447 wpas_notify_supplicant_deinitialized(global);
2449 eap_peer_unregister_methods();
2451 eap_server_unregister_methods();
2452 #endif /* CONFIG_AP */
2454 for (i = 0; wpa_drivers[i] && global->drv_priv; i++) {
2455 if (!global->drv_priv[i])
2457 wpa_drivers[i]->global_deinit(global->drv_priv[i]);
2459 os_free(global->drv_priv);
2463 if (global->params.pid_file) {
2464 os_daemonize_terminate(global->params.pid_file);
2465 os_free(global->params.pid_file);
2467 os_free(global->params.ctrl_interface);
2468 os_free(global->params.override_driver);
2469 os_free(global->params.override_ctrl_interface);
2472 wpa_debug_close_syslog();
2473 wpa_debug_close_file();
2477 void wpa_supplicant_update_config(struct wpa_supplicant *wpa_s)
2480 wpas_wps_update_config(wpa_s);
2481 #endif /* CONFIG_WPS */
2484 wpas_p2p_update_config(wpa_s);
2485 #endif /* CONFIG_P2P */
2487 wpa_s->conf->changed_parameters = 0;