3 * Copyright (c) 2003-2012, Jouni Malinen <j@w1.fi>
5 * This software may be distributed under the terms of the BSD license.
6 * See README for more details.
8 * This file implements functions for registering and unregistering
9 * %wpa_supplicant interfaces. In addition, this file contains number of
10 * functions for managing network connections.
16 #include "crypto/random.h"
17 #include "crypto/sha1.h"
18 #include "eapol_supp/eapol_supp_sm.h"
19 #include "eap_peer/eap.h"
20 #include "eap_server/eap_methods.h"
21 #include "rsn_supp/wpa.h"
24 #include "utils/ext_password.h"
25 #include "l2_packet/l2_packet.h"
26 #include "wpa_supplicant_i.h"
28 #include "ctrl_iface.h"
29 #include "pcsc_funcs.h"
30 #include "common/version.h"
31 #include "rsn_supp/preauth.h"
32 #include "rsn_supp/pmksa_cache.h"
33 #include "common/wpa_ctrl.h"
34 #include "common/ieee802_11_defs.h"
36 #include "blacklist.h"
37 #include "wpas_glue.h"
38 #include "wps_supplicant.h"
41 #include "gas_query.h"
43 #include "p2p_supplicant.h"
44 #include "wifi_display.h"
50 #include "offchannel.h"
51 #include "hs20_supplicant.h"
54 const char *wpa_supplicant_version =
55 "wpa_supplicant v" VERSION_STR "\n"
56 "Copyright (c) 2003-2013, Jouni Malinen <j@w1.fi> and contributors";
58 const char *wpa_supplicant_license =
59 "This software may be distributed under the terms of the BSD license.\n"
60 "See README for more details.\n"
61 #ifdef EAP_TLS_OPENSSL
62 "\nThis product includes software developed by the OpenSSL Project\n"
63 "for use in the OpenSSL Toolkit (http://www.openssl.org/)\n"
64 #endif /* EAP_TLS_OPENSSL */
67 #ifndef CONFIG_NO_STDOUT_DEBUG
68 /* Long text divided into parts in order to fit in C89 strings size limits. */
69 const char *wpa_supplicant_full_license1 =
71 const char *wpa_supplicant_full_license2 =
72 "This software may be distributed under the terms of the BSD license.\n"
74 "Redistribution and use in source and binary forms, with or without\n"
75 "modification, are permitted provided that the following conditions are\n"
78 const char *wpa_supplicant_full_license3 =
79 "1. Redistributions of source code must retain the above copyright\n"
80 " notice, this list of conditions and the following disclaimer.\n"
82 "2. Redistributions in binary form must reproduce the above copyright\n"
83 " notice, this list of conditions and the following disclaimer in the\n"
84 " documentation and/or other materials provided with the distribution.\n"
86 const char *wpa_supplicant_full_license4 =
87 "3. Neither the name(s) of the above-listed copyright holder(s) nor the\n"
88 " names of its contributors may be used to endorse or promote products\n"
89 " derived from this software without specific prior written permission.\n"
91 "THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS\n"
92 "\"AS IS\" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT\n"
93 "LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR\n"
94 "A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT\n";
95 const char *wpa_supplicant_full_license5 =
96 "OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,\n"
97 "SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT\n"
98 "LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,\n"
99 "DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY\n"
100 "THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT\n"
101 "(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE\n"
102 "OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n"
104 #endif /* CONFIG_NO_STDOUT_DEBUG */
106 extern int wpa_debug_level;
107 extern int wpa_debug_show_keys;
108 extern int wpa_debug_timestamp;
109 extern struct wpa_driver_ops *wpa_drivers[];
111 /* Configure default/group WEP keys for static WEP */
112 int wpa_set_wep_keys(struct wpa_supplicant *wpa_s, struct wpa_ssid *ssid)
116 for (i = 0; i < NUM_WEP_KEYS; i++) {
117 if (ssid->wep_key_len[i] == 0)
121 wpa_drv_set_key(wpa_s, WPA_ALG_WEP, NULL,
122 i, i == ssid->wep_tx_keyidx, NULL, 0,
123 ssid->wep_key[i], ssid->wep_key_len[i]);
130 int wpa_supplicant_set_wpa_none_key(struct wpa_supplicant *wpa_s,
131 struct wpa_ssid *ssid)
138 /* IBSS/WPA-None uses only one key (Group) for both receiving and
139 * sending unicast and multicast packets. */
141 if (ssid->mode != WPAS_MODE_IBSS) {
142 wpa_msg(wpa_s, MSG_INFO, "WPA: Invalid mode %d (not "
143 "IBSS/ad-hoc) for WPA-None", ssid->mode);
147 if (!ssid->psk_set) {
148 wpa_msg(wpa_s, MSG_INFO, "WPA: No PSK configured for "
153 switch (wpa_s->group_cipher) {
154 case WPA_CIPHER_CCMP:
155 os_memcpy(key, ssid->psk, 16);
159 case WPA_CIPHER_GCMP:
160 os_memcpy(key, ssid->psk, 16);
164 case WPA_CIPHER_TKIP:
165 /* WPA-None uses the same Michael MIC key for both TX and RX */
166 os_memcpy(key, ssid->psk, 16 + 8);
167 os_memcpy(key + 16 + 8, ssid->psk + 16, 8);
172 wpa_msg(wpa_s, MSG_INFO, "WPA: Invalid group cipher %d for "
173 "WPA-None", wpa_s->group_cipher);
177 /* TODO: should actually remember the previously used seq#, both for TX
178 * and RX from each STA.. */
180 return wpa_drv_set_key(wpa_s, alg, NULL, 0, 1, seq, 6, key, keylen);
184 static void wpa_supplicant_timeout(void *eloop_ctx, void *timeout_ctx)
186 struct wpa_supplicant *wpa_s = eloop_ctx;
187 const u8 *bssid = wpa_s->bssid;
188 if (is_zero_ether_addr(bssid))
189 bssid = wpa_s->pending_bssid;
190 wpa_msg(wpa_s, MSG_INFO, "Authentication with " MACSTR " timed out.",
192 wpa_blacklist_add(wpa_s, bssid);
193 wpa_sm_notify_disassoc(wpa_s->wpa);
194 wpa_supplicant_deauthenticate(wpa_s, WLAN_REASON_DEAUTH_LEAVING);
195 wpa_s->reassociate = 1;
198 * If we timed out, the AP or the local radio may be busy.
199 * So, wait a second until scanning again.
201 wpa_supplicant_req_scan(wpa_s, 1, 0);
203 wpas_p2p_continue_after_scan(wpa_s);
208 * wpa_supplicant_req_auth_timeout - Schedule a timeout for authentication
209 * @wpa_s: Pointer to wpa_supplicant data
210 * @sec: Number of seconds after which to time out authentication
211 * @usec: Number of microseconds after which to time out authentication
213 * This function is used to schedule a timeout for the current authentication
216 void wpa_supplicant_req_auth_timeout(struct wpa_supplicant *wpa_s,
219 if (wpa_s->conf && wpa_s->conf->ap_scan == 0 &&
220 (wpa_s->drv_flags & WPA_DRIVER_FLAGS_WIRED))
223 wpa_dbg(wpa_s, MSG_DEBUG, "Setting authentication timeout: %d sec "
224 "%d usec", sec, usec);
225 eloop_cancel_timeout(wpa_supplicant_timeout, wpa_s, NULL);
226 eloop_register_timeout(sec, usec, wpa_supplicant_timeout, wpa_s, NULL);
231 * wpa_supplicant_cancel_auth_timeout - Cancel authentication timeout
232 * @wpa_s: Pointer to wpa_supplicant data
234 * This function is used to cancel authentication timeout scheduled with
235 * wpa_supplicant_req_auth_timeout() and it is called when authentication has
238 void wpa_supplicant_cancel_auth_timeout(struct wpa_supplicant *wpa_s)
240 wpa_dbg(wpa_s, MSG_DEBUG, "Cancelling authentication timeout");
241 eloop_cancel_timeout(wpa_supplicant_timeout, wpa_s, NULL);
242 wpa_blacklist_del(wpa_s, wpa_s->bssid);
247 * wpa_supplicant_initiate_eapol - Configure EAPOL state machine
248 * @wpa_s: Pointer to wpa_supplicant data
250 * This function is used to configure EAPOL state machine based on the selected
251 * authentication mode.
253 void wpa_supplicant_initiate_eapol(struct wpa_supplicant *wpa_s)
255 #ifdef IEEE8021X_EAPOL
256 struct eapol_config eapol_conf;
257 struct wpa_ssid *ssid = wpa_s->current_ssid;
259 #ifdef CONFIG_IBSS_RSN
260 if (ssid->mode == WPAS_MODE_IBSS &&
261 wpa_s->key_mgmt != WPA_KEY_MGMT_NONE &&
262 wpa_s->key_mgmt != WPA_KEY_MGMT_WPA_NONE) {
264 * RSN IBSS authentication is per-STA and we can disable the
265 * per-BSSID EAPOL authentication.
267 eapol_sm_notify_portControl(wpa_s->eapol, ForceAuthorized);
268 eapol_sm_notify_eap_success(wpa_s->eapol, TRUE);
269 eapol_sm_notify_eap_fail(wpa_s->eapol, FALSE);
272 #endif /* CONFIG_IBSS_RSN */
274 eapol_sm_notify_eap_success(wpa_s->eapol, FALSE);
275 eapol_sm_notify_eap_fail(wpa_s->eapol, FALSE);
277 if (wpa_s->key_mgmt == WPA_KEY_MGMT_NONE ||
278 wpa_s->key_mgmt == WPA_KEY_MGMT_WPA_NONE)
279 eapol_sm_notify_portControl(wpa_s->eapol, ForceAuthorized);
281 eapol_sm_notify_portControl(wpa_s->eapol, Auto);
283 os_memset(&eapol_conf, 0, sizeof(eapol_conf));
284 if (wpa_s->key_mgmt == WPA_KEY_MGMT_IEEE8021X_NO_WPA) {
285 eapol_conf.accept_802_1x_keys = 1;
286 eapol_conf.required_keys = 0;
287 if (ssid->eapol_flags & EAPOL_FLAG_REQUIRE_KEY_UNICAST) {
288 eapol_conf.required_keys |= EAPOL_REQUIRE_KEY_UNICAST;
290 if (ssid->eapol_flags & EAPOL_FLAG_REQUIRE_KEY_BROADCAST) {
291 eapol_conf.required_keys |=
292 EAPOL_REQUIRE_KEY_BROADCAST;
295 if (wpa_s->conf && (wpa_s->drv_flags & WPA_DRIVER_FLAGS_WIRED))
296 eapol_conf.required_keys = 0;
299 eapol_conf.fast_reauth = wpa_s->conf->fast_reauth;
300 eapol_conf.workaround = ssid->eap_workaround;
301 eapol_conf.eap_disabled =
302 !wpa_key_mgmt_wpa_ieee8021x(wpa_s->key_mgmt) &&
303 wpa_s->key_mgmt != WPA_KEY_MGMT_IEEE8021X_NO_WPA &&
304 wpa_s->key_mgmt != WPA_KEY_MGMT_WPS;
305 eapol_sm_notify_config(wpa_s->eapol, &ssid->eap, &eapol_conf);
306 #endif /* IEEE8021X_EAPOL */
311 * wpa_supplicant_set_non_wpa_policy - Set WPA parameters to non-WPA mode
312 * @wpa_s: Pointer to wpa_supplicant data
313 * @ssid: Configuration data for the network
315 * This function is used to configure WPA state machine and related parameters
316 * to a mode where WPA is not enabled. This is called as part of the
317 * authentication configuration when the selected network does not use WPA.
319 void wpa_supplicant_set_non_wpa_policy(struct wpa_supplicant *wpa_s,
320 struct wpa_ssid *ssid)
324 if (ssid->key_mgmt & WPA_KEY_MGMT_WPS)
325 wpa_s->key_mgmt = WPA_KEY_MGMT_WPS;
326 else if (ssid->key_mgmt & WPA_KEY_MGMT_IEEE8021X_NO_WPA)
327 wpa_s->key_mgmt = WPA_KEY_MGMT_IEEE8021X_NO_WPA;
329 wpa_s->key_mgmt = WPA_KEY_MGMT_NONE;
330 wpa_sm_set_ap_wpa_ie(wpa_s->wpa, NULL, 0);
331 wpa_sm_set_ap_rsn_ie(wpa_s->wpa, NULL, 0);
332 wpa_sm_set_assoc_wpa_ie(wpa_s->wpa, NULL, 0);
333 wpa_s->pairwise_cipher = WPA_CIPHER_NONE;
334 wpa_s->group_cipher = WPA_CIPHER_NONE;
335 wpa_s->mgmt_group_cipher = 0;
337 for (i = 0; i < NUM_WEP_KEYS; i++) {
338 if (ssid->wep_key_len[i] > 5) {
339 wpa_s->pairwise_cipher = WPA_CIPHER_WEP104;
340 wpa_s->group_cipher = WPA_CIPHER_WEP104;
342 } else if (ssid->wep_key_len[i] > 0) {
343 wpa_s->pairwise_cipher = WPA_CIPHER_WEP40;
344 wpa_s->group_cipher = WPA_CIPHER_WEP40;
349 wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_RSN_ENABLED, 0);
350 wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_KEY_MGMT, wpa_s->key_mgmt);
351 wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_PAIRWISE,
352 wpa_s->pairwise_cipher);
353 wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_GROUP, wpa_s->group_cipher);
354 #ifdef CONFIG_IEEE80211W
355 wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_MGMT_GROUP,
356 wpa_s->mgmt_group_cipher);
357 #endif /* CONFIG_IEEE80211W */
359 pmksa_cache_clear_current(wpa_s->wpa);
363 void free_hw_features(struct wpa_supplicant *wpa_s)
366 if (wpa_s->hw.modes == NULL)
369 for (i = 0; i < wpa_s->hw.num_modes; i++) {
370 os_free(wpa_s->hw.modes[i].channels);
371 os_free(wpa_s->hw.modes[i].rates);
374 os_free(wpa_s->hw.modes);
375 wpa_s->hw.modes = NULL;
379 static void wpa_supplicant_cleanup(struct wpa_supplicant *wpa_s)
381 bgscan_deinit(wpa_s);
382 autoscan_deinit(wpa_s);
383 scard_deinit(wpa_s->scard);
385 wpa_sm_set_scard_ctx(wpa_s->wpa, NULL);
386 eapol_sm_register_scard_ctx(wpa_s->eapol, NULL);
387 l2_packet_deinit(wpa_s->l2);
390 l2_packet_deinit(wpa_s->l2_br);
394 if (wpa_s->conf != NULL) {
395 struct wpa_ssid *ssid;
396 for (ssid = wpa_s->conf->ssid; ssid; ssid = ssid->next)
397 wpas_notify_network_removed(wpa_s, ssid);
400 os_free(wpa_s->confname);
401 wpa_s->confname = NULL;
403 os_free(wpa_s->confanother);
404 wpa_s->confanother = NULL;
406 wpa_sm_set_eapol(wpa_s->wpa, NULL);
407 eapol_sm_deinit(wpa_s->eapol);
410 rsn_preauth_deinit(wpa_s->wpa);
413 wpa_tdls_deinit(wpa_s->wpa);
414 #endif /* CONFIG_TDLS */
416 pmksa_candidate_free(wpa_s->wpa);
417 wpa_sm_deinit(wpa_s->wpa);
419 wpa_blacklist_clear(wpa_s);
421 wpa_bss_deinit(wpa_s);
423 wpa_supplicant_cancel_scan(wpa_s);
424 wpa_supplicant_cancel_auth_timeout(wpa_s);
425 eloop_cancel_timeout(wpa_supplicant_stop_countermeasures, wpa_s, NULL);
426 #ifdef CONFIG_DELAYED_MIC_ERROR_REPORT
427 eloop_cancel_timeout(wpa_supplicant_delayed_mic_error_report,
429 #endif /* CONFIG_DELAYED_MIC_ERROR_REPORT */
431 wpas_wps_deinit(wpa_s);
433 wpabuf_free(wpa_s->pending_eapol_rx);
434 wpa_s->pending_eapol_rx = NULL;
436 #ifdef CONFIG_IBSS_RSN
437 ibss_rsn_deinit(wpa_s->ibss_rsn);
438 wpa_s->ibss_rsn = NULL;
439 #endif /* CONFIG_IBSS_RSN */
444 wpa_supplicant_ap_deinit(wpa_s);
445 #endif /* CONFIG_AP */
448 wpas_p2p_deinit(wpa_s);
449 #endif /* CONFIG_P2P */
451 #ifdef CONFIG_OFFCHANNEL
452 offchannel_deinit(wpa_s);
453 #endif /* CONFIG_OFFCHANNEL */
455 wpa_supplicant_cancel_sched_scan(wpa_s);
457 os_free(wpa_s->next_scan_freqs);
458 wpa_s->next_scan_freqs = NULL;
460 gas_query_deinit(wpa_s->gas);
463 free_hw_features(wpa_s);
465 os_free(wpa_s->bssid_filter);
466 wpa_s->bssid_filter = NULL;
468 os_free(wpa_s->disallow_aps_bssid);
469 wpa_s->disallow_aps_bssid = NULL;
470 os_free(wpa_s->disallow_aps_ssid);
471 wpa_s->disallow_aps_ssid = NULL;
473 wnm_bss_keep_alive_deinit(wpa_s);
475 wnm_deallocate_memory(wpa_s);
476 #endif /* CONFIG_WNM */
478 ext_password_deinit(wpa_s->ext_pw);
479 wpa_s->ext_pw = NULL;
481 wpabuf_free(wpa_s->last_gas_resp);
483 os_free(wpa_s->last_scan_res);
484 wpa_s->last_scan_res = NULL;
489 * wpa_clear_keys - Clear keys configured for the driver
490 * @wpa_s: Pointer to wpa_supplicant data
491 * @addr: Previously used BSSID or %NULL if not available
493 * This function clears the encryption keys that has been previously configured
496 void wpa_clear_keys(struct wpa_supplicant *wpa_s, const u8 *addr)
498 if (wpa_s->keys_cleared) {
499 /* Some drivers (e.g., ndiswrapper & NDIS drivers) seem to have
500 * timing issues with keys being cleared just before new keys
501 * are set or just after association or something similar. This
502 * shows up in group key handshake failing often because of the
503 * client not receiving the first encrypted packets correctly.
504 * Skipping some of the extra key clearing steps seems to help
505 * in completing group key handshake more reliably. */
506 wpa_dbg(wpa_s, MSG_DEBUG, "No keys have been configured - "
507 "skip key clearing");
511 /* MLME-DELETEKEYS.request */
512 wpa_drv_set_key(wpa_s, WPA_ALG_NONE, NULL, 0, 0, NULL, 0, NULL, 0);
513 wpa_drv_set_key(wpa_s, WPA_ALG_NONE, NULL, 1, 0, NULL, 0, NULL, 0);
514 wpa_drv_set_key(wpa_s, WPA_ALG_NONE, NULL, 2, 0, NULL, 0, NULL, 0);
515 wpa_drv_set_key(wpa_s, WPA_ALG_NONE, NULL, 3, 0, NULL, 0, NULL, 0);
516 #ifdef CONFIG_IEEE80211W
517 wpa_drv_set_key(wpa_s, WPA_ALG_NONE, NULL, 4, 0, NULL, 0, NULL, 0);
518 wpa_drv_set_key(wpa_s, WPA_ALG_NONE, NULL, 5, 0, NULL, 0, NULL, 0);
519 #endif /* CONFIG_IEEE80211W */
521 wpa_drv_set_key(wpa_s, WPA_ALG_NONE, addr, 0, 0, NULL, 0, NULL,
523 /* MLME-SETPROTECTION.request(None) */
524 wpa_drv_mlme_setprotection(
526 MLME_SETPROTECTION_PROTECT_TYPE_NONE,
527 MLME_SETPROTECTION_KEY_TYPE_PAIRWISE);
529 wpa_s->keys_cleared = 1;
534 * wpa_supplicant_state_txt - Get the connection state name as a text string
535 * @state: State (wpa_state; WPA_*)
536 * Returns: The state name as a printable text string
538 const char * wpa_supplicant_state_txt(enum wpa_states state)
541 case WPA_DISCONNECTED:
542 return "DISCONNECTED";
545 case WPA_INTERFACE_DISABLED:
546 return "INTERFACE_DISABLED";
549 case WPA_AUTHENTICATING:
550 return "AUTHENTICATING";
551 case WPA_ASSOCIATING:
552 return "ASSOCIATING";
555 case WPA_4WAY_HANDSHAKE:
556 return "4WAY_HANDSHAKE";
557 case WPA_GROUP_HANDSHAKE:
558 return "GROUP_HANDSHAKE";
569 static void wpa_supplicant_start_bgscan(struct wpa_supplicant *wpa_s)
571 if (wpas_driver_bss_selection(wpa_s))
573 if (wpa_s->current_ssid == wpa_s->bgscan_ssid)
576 bgscan_deinit(wpa_s);
577 if (wpa_s->current_ssid && wpa_s->current_ssid->bgscan) {
578 if (bgscan_init(wpa_s, wpa_s->current_ssid)) {
579 wpa_dbg(wpa_s, MSG_DEBUG, "Failed to initialize "
582 * Live without bgscan; it is only used as a roaming
583 * optimization, so the initial connection is not
587 struct wpa_scan_results *scan_res;
588 wpa_s->bgscan_ssid = wpa_s->current_ssid;
589 scan_res = wpa_supplicant_get_scan_results(wpa_s, NULL,
592 bgscan_notify_scan(wpa_s, scan_res);
593 wpa_scan_results_free(scan_res);
597 wpa_s->bgscan_ssid = NULL;
601 static void wpa_supplicant_stop_bgscan(struct wpa_supplicant *wpa_s)
603 if (wpa_s->bgscan_ssid != NULL) {
604 bgscan_deinit(wpa_s);
605 wpa_s->bgscan_ssid = NULL;
609 #endif /* CONFIG_BGSCAN */
612 static void wpa_supplicant_start_autoscan(struct wpa_supplicant *wpa_s)
614 if (autoscan_init(wpa_s, 0))
615 wpa_dbg(wpa_s, MSG_DEBUG, "Failed to initialize autoscan");
619 static void wpa_supplicant_stop_autoscan(struct wpa_supplicant *wpa_s)
621 autoscan_deinit(wpa_s);
625 void wpa_supplicant_reinit_autoscan(struct wpa_supplicant *wpa_s)
627 if (wpa_s->wpa_state == WPA_DISCONNECTED ||
628 wpa_s->wpa_state == WPA_SCANNING) {
629 autoscan_deinit(wpa_s);
630 wpa_supplicant_start_autoscan(wpa_s);
636 * wpa_supplicant_set_state - Set current connection state
637 * @wpa_s: Pointer to wpa_supplicant data
638 * @state: The new connection state
640 * This function is called whenever the connection state changes, e.g.,
641 * association is completed for WPA/WPA2 4-Way Handshake is started.
643 void wpa_supplicant_set_state(struct wpa_supplicant *wpa_s,
644 enum wpa_states state)
646 enum wpa_states old_state = wpa_s->wpa_state;
648 wpa_dbg(wpa_s, MSG_DEBUG, "State: %s -> %s",
649 wpa_supplicant_state_txt(wpa_s->wpa_state),
650 wpa_supplicant_state_txt(state));
653 if(state == WPA_ASSOCIATED && wpa_s->current_ssid) {
654 wpa_s->current_ssid->assoc_retry = 0;
656 #endif /* ANDROID_P2P */
658 if (state != WPA_SCANNING)
659 wpa_supplicant_notify_scanning(wpa_s, 0);
661 if (state == WPA_COMPLETED && wpa_s->new_connection) {
662 struct wpa_ssid *ssid = wpa_s->current_ssid;
663 #if defined(CONFIG_CTRL_IFACE) || !defined(CONFIG_NO_STDOUT_DEBUG)
664 wpa_msg(wpa_s, MSG_INFO, WPA_EVENT_CONNECTED "- Connection to "
665 MACSTR " completed (auth) [id=%d id_str=%s]",
666 MAC2STR(wpa_s->bssid),
667 ssid ? ssid->id : -1,
668 ssid && ssid->id_str ? ssid->id_str : "");
669 #endif /* CONFIG_CTRL_IFACE || !CONFIG_NO_STDOUT_DEBUG */
670 wpas_clear_temp_disabled(wpa_s, ssid, 1);
671 wpa_s->extra_blacklist_count = 0;
672 wpa_s->new_connection = 0;
673 wpa_drv_set_operstate(wpa_s, 1);
674 #ifndef IEEE8021X_EAPOL
675 wpa_drv_set_supp_port(wpa_s, 1);
676 #endif /* IEEE8021X_EAPOL */
677 wpa_s->after_wps = 0;
679 wpas_p2p_completed(wpa_s);
680 #endif /* CONFIG_P2P */
682 sme_sched_obss_scan(wpa_s, 1);
683 } else if (state == WPA_DISCONNECTED || state == WPA_ASSOCIATING ||
684 state == WPA_ASSOCIATED) {
685 wpa_s->new_connection = 1;
686 wpa_drv_set_operstate(wpa_s, 0);
687 #ifndef IEEE8021X_EAPOL
688 wpa_drv_set_supp_port(wpa_s, 0);
689 #endif /* IEEE8021X_EAPOL */
690 sme_sched_obss_scan(wpa_s, 0);
692 wpa_s->wpa_state = state;
695 if (state == WPA_COMPLETED)
696 wpa_supplicant_start_bgscan(wpa_s);
698 wpa_supplicant_stop_bgscan(wpa_s);
699 #endif /* CONFIG_BGSCAN */
701 if (state == WPA_AUTHENTICATING)
702 wpa_supplicant_stop_autoscan(wpa_s);
704 if (state == WPA_DISCONNECTED || state == WPA_INACTIVE)
705 wpa_supplicant_start_autoscan(wpa_s);
707 if (wpa_s->wpa_state != old_state) {
708 wpas_notify_state_changed(wpa_s, wpa_s->wpa_state, old_state);
710 if (wpa_s->wpa_state == WPA_COMPLETED ||
711 old_state == WPA_COMPLETED)
712 wpas_notify_auth_changed(wpa_s);
717 void wpa_supplicant_terminate_proc(struct wpa_global *global)
721 struct wpa_supplicant *wpa_s = global->ifaces;
723 if (wpas_wps_terminate_pending(wpa_s) == 1)
727 #endif /* CONFIG_WPS */
734 static void wpa_supplicant_terminate(int sig, void *signal_ctx)
736 struct wpa_global *global = signal_ctx;
737 wpa_supplicant_terminate_proc(global);
741 void wpa_supplicant_clear_status(struct wpa_supplicant *wpa_s)
743 enum wpa_states old_state = wpa_s->wpa_state;
745 wpa_s->pairwise_cipher = 0;
746 wpa_s->group_cipher = 0;
747 wpa_s->mgmt_group_cipher = 0;
749 if (wpa_s->wpa_state != WPA_INTERFACE_DISABLED)
750 wpa_supplicant_set_state(wpa_s, WPA_DISCONNECTED);
752 if (wpa_s->wpa_state != old_state)
753 wpas_notify_state_changed(wpa_s, wpa_s->wpa_state, old_state);
758 * wpa_supplicant_reload_configuration - Reload configuration data
759 * @wpa_s: Pointer to wpa_supplicant data
760 * Returns: 0 on success or -1 if configuration parsing failed
762 * This function can be used to request that the configuration data is reloaded
763 * (e.g., after configuration file change). This function is reloading
764 * configuration only for one interface, so this may need to be called multiple
765 * times if %wpa_supplicant is controlling multiple interfaces and all
766 * interfaces need reconfiguration.
768 int wpa_supplicant_reload_configuration(struct wpa_supplicant *wpa_s)
770 struct wpa_config *conf;
774 if (wpa_s->confname == NULL)
776 conf = wpa_config_read(wpa_s->confname, NULL);
778 wpa_msg(wpa_s, MSG_ERROR, "Failed to parse the configuration "
779 "file '%s' - exiting", wpa_s->confname);
782 wpa_config_read(wpa_s->confanother, conf);
784 conf->changed_parameters = (unsigned int) -1;
786 reconf_ctrl = !!conf->ctrl_interface != !!wpa_s->conf->ctrl_interface
787 || (conf->ctrl_interface && wpa_s->conf->ctrl_interface &&
788 os_strcmp(conf->ctrl_interface,
789 wpa_s->conf->ctrl_interface) != 0);
791 if (reconf_ctrl && wpa_s->ctrl_iface) {
792 wpa_supplicant_ctrl_iface_deinit(wpa_s->ctrl_iface);
793 wpa_s->ctrl_iface = NULL;
796 eapol_sm_invalidate_cached_session(wpa_s->eapol);
797 if (wpa_s->current_ssid) {
798 wpa_supplicant_deauthenticate(wpa_s,
799 WLAN_REASON_DEAUTH_LEAVING);
803 * TODO: should notify EAPOL SM about changes in opensc_engine_path,
804 * pkcs11_engine_path, pkcs11_module_path.
806 if (wpa_key_mgmt_wpa_psk(wpa_s->key_mgmt)) {
808 * Clear forced success to clear EAP state for next
811 eapol_sm_notify_eap_success(wpa_s->eapol, FALSE);
813 eapol_sm_notify_config(wpa_s->eapol, NULL, NULL);
814 wpa_sm_set_config(wpa_s->wpa, NULL);
815 wpa_sm_pmksa_cache_flush(wpa_s->wpa, NULL);
816 wpa_sm_set_fast_reauth(wpa_s->wpa, wpa_s->conf->fast_reauth);
817 rsn_preauth_deinit(wpa_s->wpa);
819 old_ap_scan = wpa_s->conf->ap_scan;
820 wpa_config_free(wpa_s->conf);
822 if (old_ap_scan != wpa_s->conf->ap_scan)
823 wpas_notify_ap_scan_changed(wpa_s);
826 wpa_s->ctrl_iface = wpa_supplicant_ctrl_iface_init(wpa_s);
828 wpa_supplicant_update_config(wpa_s);
830 wpa_supplicant_clear_status(wpa_s);
831 if (wpa_supplicant_enabled_networks(wpa_s)) {
832 wpa_s->reassociate = 1;
833 wpa_supplicant_req_scan(wpa_s, 0, 0);
835 wpa_dbg(wpa_s, MSG_DEBUG, "Reconfiguration completed");
840 static void wpa_supplicant_reconfig(int sig, void *signal_ctx)
842 struct wpa_global *global = signal_ctx;
843 struct wpa_supplicant *wpa_s;
844 for (wpa_s = global->ifaces; wpa_s; wpa_s = wpa_s->next) {
845 wpa_dbg(wpa_s, MSG_DEBUG, "Signal %d received - reconfiguring",
847 if (wpa_supplicant_reload_configuration(wpa_s) < 0) {
848 wpa_supplicant_terminate_proc(global);
854 enum wpa_key_mgmt key_mgmt2driver(int key_mgmt)
857 case WPA_KEY_MGMT_NONE:
858 return KEY_MGMT_NONE;
859 case WPA_KEY_MGMT_IEEE8021X_NO_WPA:
860 return KEY_MGMT_802_1X_NO_WPA;
861 case WPA_KEY_MGMT_IEEE8021X:
862 return KEY_MGMT_802_1X;
863 case WPA_KEY_MGMT_WPA_NONE:
864 return KEY_MGMT_WPA_NONE;
865 case WPA_KEY_MGMT_FT_IEEE8021X:
866 return KEY_MGMT_FT_802_1X;
867 case WPA_KEY_MGMT_FT_PSK:
868 return KEY_MGMT_FT_PSK;
869 case WPA_KEY_MGMT_IEEE8021X_SHA256:
870 return KEY_MGMT_802_1X_SHA256;
871 case WPA_KEY_MGMT_PSK_SHA256:
872 return KEY_MGMT_PSK_SHA256;
873 case WPA_KEY_MGMT_WPS:
875 case WPA_KEY_MGMT_PSK:
882 static int wpa_supplicant_suites_from_ai(struct wpa_supplicant *wpa_s,
883 struct wpa_ssid *ssid,
884 struct wpa_ie_data *ie)
886 int ret = wpa_sm_parse_own_wpa_ie(wpa_s->wpa, ie);
889 wpa_msg(wpa_s, MSG_INFO, "WPA: Failed to parse WPA IE "
890 "from association info");
895 wpa_dbg(wpa_s, MSG_DEBUG, "WPA: Using WPA IE from AssocReq to set "
897 if (!(ie->group_cipher & ssid->group_cipher)) {
898 wpa_msg(wpa_s, MSG_INFO, "WPA: Driver used disabled group "
899 "cipher 0x%x (mask 0x%x) - reject",
900 ie->group_cipher, ssid->group_cipher);
903 if (!(ie->pairwise_cipher & ssid->pairwise_cipher)) {
904 wpa_msg(wpa_s, MSG_INFO, "WPA: Driver used disabled pairwise "
905 "cipher 0x%x (mask 0x%x) - reject",
906 ie->pairwise_cipher, ssid->pairwise_cipher);
909 if (!(ie->key_mgmt & ssid->key_mgmt)) {
910 wpa_msg(wpa_s, MSG_INFO, "WPA: Driver used disabled key "
911 "management 0x%x (mask 0x%x) - reject",
912 ie->key_mgmt, ssid->key_mgmt);
916 #ifdef CONFIG_IEEE80211W
917 if (!(ie->capabilities & WPA_CAPABILITY_MFPC) &&
918 (ssid->ieee80211w == MGMT_FRAME_PROTECTION_DEFAULT ?
919 wpa_s->conf->pmf : ssid->ieee80211w) ==
920 MGMT_FRAME_PROTECTION_REQUIRED) {
921 wpa_msg(wpa_s, MSG_INFO, "WPA: Driver associated with an AP "
922 "that does not support management frame protection - "
926 #endif /* CONFIG_IEEE80211W */
933 * wpa_supplicant_set_suites - Set authentication and encryption parameters
934 * @wpa_s: Pointer to wpa_supplicant data
935 * @bss: Scan results for the selected BSS, or %NULL if not available
936 * @ssid: Configuration data for the selected network
937 * @wpa_ie: Buffer for the WPA/RSN IE
938 * @wpa_ie_len: Maximum wpa_ie buffer size on input. This is changed to be the
939 * used buffer length in case the functions returns success.
940 * Returns: 0 on success or -1 on failure
942 * This function is used to configure authentication and encryption parameters
943 * based on the network configuration and scan result for the selected BSS (if
946 int wpa_supplicant_set_suites(struct wpa_supplicant *wpa_s,
947 struct wpa_bss *bss, struct wpa_ssid *ssid,
948 u8 *wpa_ie, size_t *wpa_ie_len)
950 struct wpa_ie_data ie;
952 const u8 *bss_wpa, *bss_rsn;
955 bss_wpa = wpa_bss_get_vendor_ie(bss, WPA_IE_VENDOR_TYPE);
956 bss_rsn = wpa_bss_get_ie(bss, WLAN_EID_RSN);
958 bss_wpa = bss_rsn = NULL;
960 if (bss_rsn && (ssid->proto & WPA_PROTO_RSN) &&
961 wpa_parse_wpa_ie(bss_rsn, 2 + bss_rsn[1], &ie) == 0 &&
962 (ie.group_cipher & ssid->group_cipher) &&
963 (ie.pairwise_cipher & ssid->pairwise_cipher) &&
964 (ie.key_mgmt & ssid->key_mgmt)) {
965 wpa_dbg(wpa_s, MSG_DEBUG, "RSN: using IEEE 802.11i/D9.0");
966 proto = WPA_PROTO_RSN;
967 } else if (bss_wpa && (ssid->proto & WPA_PROTO_WPA) &&
968 wpa_parse_wpa_ie(bss_wpa, 2 +bss_wpa[1], &ie) == 0 &&
969 (ie.group_cipher & ssid->group_cipher) &&
970 (ie.pairwise_cipher & ssid->pairwise_cipher) &&
971 (ie.key_mgmt & ssid->key_mgmt)) {
972 wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using IEEE 802.11i/D3.0");
973 proto = WPA_PROTO_WPA;
975 wpa_msg(wpa_s, MSG_WARNING, "WPA: Failed to select WPA/RSN");
978 if (ssid->proto & WPA_PROTO_RSN)
979 proto = WPA_PROTO_RSN;
981 proto = WPA_PROTO_WPA;
982 if (wpa_supplicant_suites_from_ai(wpa_s, ssid, &ie) < 0) {
983 os_memset(&ie, 0, sizeof(ie));
984 ie.group_cipher = ssid->group_cipher;
985 ie.pairwise_cipher = ssid->pairwise_cipher;
986 ie.key_mgmt = ssid->key_mgmt;
987 #ifdef CONFIG_IEEE80211W
988 ie.mgmt_group_cipher =
989 ssid->ieee80211w != NO_MGMT_FRAME_PROTECTION ?
990 WPA_CIPHER_AES_128_CMAC : 0;
991 #endif /* CONFIG_IEEE80211W */
992 wpa_dbg(wpa_s, MSG_DEBUG, "WPA: Set cipher suites "
993 "based on configuration");
998 wpa_dbg(wpa_s, MSG_DEBUG, "WPA: Selected cipher suites: group %d "
999 "pairwise %d key_mgmt %d proto %d",
1000 ie.group_cipher, ie.pairwise_cipher, ie.key_mgmt, proto);
1001 #ifdef CONFIG_IEEE80211W
1002 if (ssid->ieee80211w) {
1003 wpa_dbg(wpa_s, MSG_DEBUG, "WPA: Selected mgmt group cipher %d",
1004 ie.mgmt_group_cipher);
1006 #endif /* CONFIG_IEEE80211W */
1008 wpa_s->wpa_proto = proto;
1009 wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_PROTO, proto);
1010 wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_RSN_ENABLED,
1011 !!(ssid->proto & WPA_PROTO_RSN));
1013 if (bss || !wpa_s->ap_ies_from_associnfo) {
1014 if (wpa_sm_set_ap_wpa_ie(wpa_s->wpa, bss_wpa,
1015 bss_wpa ? 2 + bss_wpa[1] : 0) ||
1016 wpa_sm_set_ap_rsn_ie(wpa_s->wpa, bss_rsn,
1017 bss_rsn ? 2 + bss_rsn[1] : 0))
1021 sel = ie.group_cipher & ssid->group_cipher;
1022 wpa_s->group_cipher = wpa_pick_group_cipher(sel);
1023 if (wpa_s->group_cipher < 0) {
1024 wpa_msg(wpa_s, MSG_WARNING, "WPA: Failed to select group "
1028 wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using GTK %s",
1029 wpa_cipher_txt(wpa_s->group_cipher));
1031 sel = ie.pairwise_cipher & ssid->pairwise_cipher;
1032 wpa_s->pairwise_cipher = wpa_pick_pairwise_cipher(sel, 1);
1033 if (wpa_s->pairwise_cipher < 0) {
1034 wpa_msg(wpa_s, MSG_WARNING, "WPA: Failed to select pairwise "
1038 wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using PTK %s",
1039 wpa_cipher_txt(wpa_s->pairwise_cipher));
1041 sel = ie.key_mgmt & ssid->key_mgmt;
1043 if (!(wpa_s->drv_flags & WPA_DRIVER_FLAGS_SAE))
1044 sel &= ~(WPA_KEY_MGMT_SAE | WPA_KEY_MGMT_FT_SAE);
1045 #endif /* CONFIG_SAE */
1047 #ifdef CONFIG_IEEE80211R
1048 } else if (sel & WPA_KEY_MGMT_FT_IEEE8021X) {
1049 wpa_s->key_mgmt = WPA_KEY_MGMT_FT_IEEE8021X;
1050 wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using KEY_MGMT FT/802.1X");
1051 } else if (sel & WPA_KEY_MGMT_FT_PSK) {
1052 wpa_s->key_mgmt = WPA_KEY_MGMT_FT_PSK;
1053 wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using KEY_MGMT FT/PSK");
1054 #endif /* CONFIG_IEEE80211R */
1056 } else if (sel & WPA_KEY_MGMT_SAE) {
1057 wpa_s->key_mgmt = WPA_KEY_MGMT_SAE;
1058 wpa_dbg(wpa_s, MSG_DEBUG, "RSN: using KEY_MGMT SAE");
1059 } else if (sel & WPA_KEY_MGMT_FT_SAE) {
1060 wpa_s->key_mgmt = WPA_KEY_MGMT_FT_SAE;
1061 wpa_dbg(wpa_s, MSG_DEBUG, "RSN: using KEY_MGMT FT/SAE");
1062 #endif /* CONFIG_SAE */
1063 #ifdef CONFIG_IEEE80211W
1064 } else if (sel & WPA_KEY_MGMT_IEEE8021X_SHA256) {
1065 wpa_s->key_mgmt = WPA_KEY_MGMT_IEEE8021X_SHA256;
1066 wpa_dbg(wpa_s, MSG_DEBUG,
1067 "WPA: using KEY_MGMT 802.1X with SHA256");
1068 } else if (sel & WPA_KEY_MGMT_PSK_SHA256) {
1069 wpa_s->key_mgmt = WPA_KEY_MGMT_PSK_SHA256;
1070 wpa_dbg(wpa_s, MSG_DEBUG,
1071 "WPA: using KEY_MGMT PSK with SHA256");
1072 #endif /* CONFIG_IEEE80211W */
1073 } else if (sel & WPA_KEY_MGMT_IEEE8021X) {
1074 wpa_s->key_mgmt = WPA_KEY_MGMT_IEEE8021X;
1075 wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using KEY_MGMT 802.1X");
1076 } else if (sel & WPA_KEY_MGMT_PSK) {
1077 wpa_s->key_mgmt = WPA_KEY_MGMT_PSK;
1078 wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using KEY_MGMT WPA-PSK");
1079 } else if (sel & WPA_KEY_MGMT_WPA_NONE) {
1080 wpa_s->key_mgmt = WPA_KEY_MGMT_WPA_NONE;
1081 wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using KEY_MGMT WPA-NONE");
1083 wpa_msg(wpa_s, MSG_WARNING, "WPA: Failed to select "
1084 "authenticated key management type");
1088 wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_KEY_MGMT, wpa_s->key_mgmt);
1089 wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_PAIRWISE,
1090 wpa_s->pairwise_cipher);
1091 wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_GROUP, wpa_s->group_cipher);
1093 #ifdef CONFIG_IEEE80211W
1094 sel = ie.mgmt_group_cipher;
1095 if ((ssid->ieee80211w == MGMT_FRAME_PROTECTION_DEFAULT ?
1096 wpa_s->conf->pmf : ssid->ieee80211w) == NO_MGMT_FRAME_PROTECTION ||
1097 !(ie.capabilities & WPA_CAPABILITY_MFPC))
1099 if (sel & WPA_CIPHER_AES_128_CMAC) {
1100 wpa_s->mgmt_group_cipher = WPA_CIPHER_AES_128_CMAC;
1101 wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using MGMT group cipher "
1104 wpa_s->mgmt_group_cipher = 0;
1105 wpa_dbg(wpa_s, MSG_DEBUG, "WPA: not using MGMT group cipher");
1107 wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_MGMT_GROUP,
1108 wpa_s->mgmt_group_cipher);
1109 wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_MFP,
1110 (ssid->ieee80211w == MGMT_FRAME_PROTECTION_DEFAULT ?
1111 wpa_s->conf->pmf : ssid->ieee80211w));
1112 #endif /* CONFIG_IEEE80211W */
1114 if (wpa_sm_set_assoc_wpa_ie_default(wpa_s->wpa, wpa_ie, wpa_ie_len)) {
1115 wpa_msg(wpa_s, MSG_WARNING, "WPA: Failed to generate WPA IE");
1119 if (wpa_key_mgmt_wpa_psk(ssid->key_mgmt)) {
1120 wpa_sm_set_pmk(wpa_s->wpa, ssid->psk, PMK_LEN);
1121 #ifndef CONFIG_NO_PBKDF2
1122 if (bss && ssid->bssid_set && ssid->ssid_len == 0 &&
1125 pbkdf2_sha1(ssid->passphrase, bss->ssid, bss->ssid_len,
1126 4096, psk, PMK_LEN);
1127 wpa_hexdump_key(MSG_MSGDUMP, "PSK (from passphrase)",
1129 wpa_sm_set_pmk(wpa_s->wpa, psk, PMK_LEN);
1131 #endif /* CONFIG_NO_PBKDF2 */
1132 #ifdef CONFIG_EXT_PASSWORD
1133 if (ssid->ext_psk) {
1134 struct wpabuf *pw = ext_password_get(wpa_s->ext_pw,
1136 char pw_str[64 + 1];
1140 wpa_msg(wpa_s, MSG_INFO, "EXT PW: No PSK "
1141 "found from external storage");
1145 if (wpabuf_len(pw) < 8 || wpabuf_len(pw) > 64) {
1146 wpa_msg(wpa_s, MSG_INFO, "EXT PW: Unexpected "
1147 "PSK length %d in external storage",
1148 (int) wpabuf_len(pw));
1149 ext_password_free(pw);
1153 os_memcpy(pw_str, wpabuf_head(pw), wpabuf_len(pw));
1154 pw_str[wpabuf_len(pw)] = '\0';
1156 #ifndef CONFIG_NO_PBKDF2
1157 if (wpabuf_len(pw) >= 8 && wpabuf_len(pw) < 64 && bss)
1159 pbkdf2_sha1(pw_str, bss->ssid, bss->ssid_len,
1160 4096, psk, PMK_LEN);
1161 os_memset(pw_str, 0, sizeof(pw_str));
1162 wpa_hexdump_key(MSG_MSGDUMP, "PSK (from "
1163 "external passphrase)",
1165 wpa_sm_set_pmk(wpa_s->wpa, psk, PMK_LEN);
1167 #endif /* CONFIG_NO_PBKDF2 */
1168 if (wpabuf_len(pw) == 2 * PMK_LEN) {
1169 if (hexstr2bin(pw_str, psk, PMK_LEN) < 0) {
1170 wpa_msg(wpa_s, MSG_INFO, "EXT PW: "
1171 "Invalid PSK hex string");
1172 os_memset(pw_str, 0, sizeof(pw_str));
1173 ext_password_free(pw);
1176 wpa_sm_set_pmk(wpa_s->wpa, psk, PMK_LEN);
1178 wpa_msg(wpa_s, MSG_INFO, "EXT PW: No suitable "
1180 os_memset(pw_str, 0, sizeof(pw_str));
1181 ext_password_free(pw);
1185 os_memset(pw_str, 0, sizeof(pw_str));
1186 ext_password_free(pw);
1188 #endif /* CONFIG_EXT_PASSWORD */
1190 wpa_sm_set_pmk_from_pmksa(wpa_s->wpa);
1196 static void wpas_ext_capab_byte(struct wpa_supplicant *wpa_s, u8 *pos, int idx)
1201 case 0: /* Bits 0-7 */
1203 case 1: /* Bits 8-15 */
1205 case 2: /* Bits 16-23 */
1207 *pos |= 0x02; /* Bit 17 - WNM-Sleep Mode */
1208 *pos |= 0x08; /* Bit 19 - BSS Transition */
1209 #endif /* CONFIG_WNM */
1211 case 3: /* Bits 24-31 */
1213 *pos |= 0x02; /* Bit 25 - SSID List */
1214 #endif /* CONFIG_WNM */
1215 #ifdef CONFIG_INTERWORKING
1216 if (wpa_s->conf->interworking)
1217 *pos |= 0x80; /* Bit 31 - Interworking */
1218 #endif /* CONFIG_INTERWORKING */
1220 case 4: /* Bits 32-39 */
1222 case 5: /* Bits 40-47 */
1224 case 6: /* Bits 48-55 */
1230 int wpas_build_ext_capab(struct wpa_supplicant *wpa_s, u8 *buf)
1235 if (len < wpa_s->extended_capa_len)
1236 len = wpa_s->extended_capa_len;
1238 *pos++ = WLAN_EID_EXT_CAPAB;
1240 for (i = 0; i < len; i++, pos++) {
1241 wpas_ext_capab_byte(wpa_s, pos, i);
1243 if (i < wpa_s->extended_capa_len) {
1244 *pos &= ~wpa_s->extended_capa_mask[i];
1245 *pos |= wpa_s->extended_capa[i];
1249 while (len > 0 && buf[1 + len] == 0) {
1261 * wpa_supplicant_associate - Request association
1262 * @wpa_s: Pointer to wpa_supplicant data
1263 * @bss: Scan results for the selected BSS, or %NULL if not available
1264 * @ssid: Configuration data for the selected network
1266 * This function is used to request %wpa_supplicant to associate with a BSS.
1268 void wpa_supplicant_associate(struct wpa_supplicant *wpa_s,
1269 struct wpa_bss *bss, struct wpa_ssid *ssid)
1273 int use_crypt, ret, i, bssid_changed;
1274 int algs = WPA_AUTH_ALG_OPEN;
1275 enum wpa_cipher cipher_pairwise, cipher_group;
1276 struct wpa_driver_associate_params params;
1277 int wep_keys_set = 0;
1278 int assoc_failed = 0;
1279 struct wpa_ssid *old_ssid;
1282 #ifdef CONFIG_HT_OVERRIDES
1283 struct ieee80211_ht_capabilities htcaps;
1284 struct ieee80211_ht_capabilities htcaps_mask;
1285 #endif /* CONFIG_HT_OVERRIDES */
1287 #ifdef CONFIG_IBSS_RSN
1288 ibss_rsn_deinit(wpa_s->ibss_rsn);
1289 wpa_s->ibss_rsn = NULL;
1290 #endif /* CONFIG_IBSS_RSN */
1295 if (ssid->mode == WPAS_MODE_AP || ssid->mode == WPAS_MODE_P2P_GO ||
1296 ssid->mode == WPAS_MODE_P2P_GROUP_FORMATION) {
1298 if (!(wpa_s->drv_flags & WPA_DRIVER_FLAGS_AP)) {
1299 wpa_msg(wpa_s, MSG_INFO, "Driver does not support AP "
1303 if (wpa_supplicant_create_ap(wpa_s, ssid) < 0) {
1304 wpa_supplicant_set_state(wpa_s, WPA_DISCONNECTED);
1307 wpa_s->current_bss = bss;
1308 #else /* CONFIG_AP */
1309 wpa_msg(wpa_s, MSG_ERROR, "AP mode support not included in "
1311 #endif /* CONFIG_AP */
1317 wpa_tdls_ap_ies(wpa_s->wpa, (const u8 *) (bss + 1),
1319 #endif /* CONFIG_TDLS */
1321 if ((wpa_s->drv_flags & WPA_DRIVER_FLAGS_SME) &&
1322 ssid->mode == IEEE80211_MODE_INFRA) {
1323 sme_authenticate(wpa_s, bss, ssid);
1327 os_memset(¶ms, 0, sizeof(params));
1328 wpa_s->reassociate = 0;
1329 if (bss && !wpas_driver_bss_selection(wpa_s)) {
1330 #ifdef CONFIG_IEEE80211R
1331 const u8 *ie, *md = NULL;
1332 #endif /* CONFIG_IEEE80211R */
1333 wpa_msg(wpa_s, MSG_INFO, "Trying to associate with " MACSTR
1334 " (SSID='%s' freq=%d MHz)", MAC2STR(bss->bssid),
1335 wpa_ssid_txt(bss->ssid, bss->ssid_len), bss->freq);
1336 bssid_changed = !is_zero_ether_addr(wpa_s->bssid);
1337 os_memset(wpa_s->bssid, 0, ETH_ALEN);
1338 os_memcpy(wpa_s->pending_bssid, bss->bssid, ETH_ALEN);
1340 wpas_notify_bssid_changed(wpa_s);
1341 #ifdef CONFIG_IEEE80211R
1342 ie = wpa_bss_get_ie(bss, WLAN_EID_MOBILITY_DOMAIN);
1343 if (ie && ie[1] >= MOBILITY_DOMAIN_ID_LEN)
1345 wpa_sm_set_ft_params(wpa_s->wpa, ie, ie ? 2 + ie[1] : 0);
1347 /* Prepare for the next transition */
1348 wpa_ft_prepare_auth_request(wpa_s->wpa, ie);
1350 #endif /* CONFIG_IEEE80211R */
1352 } else if ((ssid->ssid == NULL || ssid->ssid_len == 0) &&
1353 wpa_s->conf->ap_scan == 2 &&
1354 (ssid->key_mgmt & WPA_KEY_MGMT_WPS)) {
1355 /* Use ap_scan==1 style network selection to find the network
1357 wpa_s->scan_req = MANUAL_SCAN_REQ;
1358 wpa_s->reassociate = 1;
1359 wpa_supplicant_req_scan(wpa_s, 0, 0);
1361 #endif /* CONFIG_WPS */
1363 wpa_msg(wpa_s, MSG_INFO, "Trying to associate with SSID '%s'",
1364 wpa_ssid_txt(ssid->ssid, ssid->ssid_len));
1365 os_memset(wpa_s->pending_bssid, 0, ETH_ALEN);
1367 wpa_supplicant_cancel_sched_scan(wpa_s);
1368 wpa_supplicant_cancel_scan(wpa_s);
1370 /* Starting new association, so clear the possibly used WPA IE from the
1371 * previous association. */
1372 wpa_sm_set_assoc_wpa_ie(wpa_s->wpa, NULL, 0);
1374 #ifdef IEEE8021X_EAPOL
1375 if (ssid->key_mgmt & WPA_KEY_MGMT_IEEE8021X_NO_WPA) {
1377 if (ssid->non_leap == 0)
1378 algs = WPA_AUTH_ALG_LEAP;
1380 algs |= WPA_AUTH_ALG_LEAP;
1383 #endif /* IEEE8021X_EAPOL */
1384 wpa_dbg(wpa_s, MSG_DEBUG, "Automatic auth_alg selection: 0x%x", algs);
1385 if (ssid->auth_alg) {
1386 algs = ssid->auth_alg;
1387 wpa_dbg(wpa_s, MSG_DEBUG, "Overriding auth_alg selection: "
1391 if (bss && (wpa_bss_get_vendor_ie(bss, WPA_IE_VENDOR_TYPE) ||
1392 wpa_bss_get_ie(bss, WLAN_EID_RSN)) &&
1393 wpa_key_mgmt_wpa(ssid->key_mgmt)) {
1394 int try_opportunistic;
1395 try_opportunistic = (ssid->proactive_key_caching < 0 ?
1397 ssid->proactive_key_caching) &&
1398 (ssid->proto & WPA_PROTO_RSN);
1399 if (pmksa_cache_set_current(wpa_s->wpa, NULL, bss->bssid,
1400 ssid, try_opportunistic) == 0)
1401 eapol_sm_notify_pmkid_attempt(wpa_s->eapol, 1);
1402 wpa_ie_len = sizeof(wpa_ie);
1403 if (wpa_supplicant_set_suites(wpa_s, bss, ssid,
1404 wpa_ie, &wpa_ie_len)) {
1405 wpa_msg(wpa_s, MSG_WARNING, "WPA: Failed to set WPA "
1406 "key management and encryption suites");
1409 } else if ((ssid->key_mgmt & WPA_KEY_MGMT_IEEE8021X_NO_WPA) && bss &&
1410 wpa_key_mgmt_wpa_ieee8021x(ssid->key_mgmt)) {
1412 * Both WPA and non-WPA IEEE 802.1X enabled in configuration -
1413 * use non-WPA since the scan results did not indicate that the
1414 * AP is using WPA or WPA2.
1416 wpa_supplicant_set_non_wpa_policy(wpa_s, ssid);
1418 wpa_s->wpa_proto = 0;
1419 } else if (wpa_key_mgmt_wpa_any(ssid->key_mgmt)) {
1420 wpa_ie_len = sizeof(wpa_ie);
1421 if (wpa_supplicant_set_suites(wpa_s, NULL, ssid,
1422 wpa_ie, &wpa_ie_len)) {
1423 wpa_msg(wpa_s, MSG_WARNING, "WPA: Failed to set WPA "
1424 "key management and encryption suites (no "
1429 } else if (ssid->key_mgmt & WPA_KEY_MGMT_WPS) {
1430 struct wpabuf *wps_ie;
1431 wps_ie = wps_build_assoc_req_ie(wpas_wps_get_req_type(ssid));
1432 if (wps_ie && wpabuf_len(wps_ie) <= sizeof(wpa_ie)) {
1433 wpa_ie_len = wpabuf_len(wps_ie);
1434 os_memcpy(wpa_ie, wpabuf_head(wps_ie), wpa_ie_len);
1437 wpabuf_free(wps_ie);
1438 wpa_supplicant_set_non_wpa_policy(wpa_s, ssid);
1439 if (!bss || (bss->caps & IEEE80211_CAP_PRIVACY))
1440 params.wps = WPS_MODE_PRIVACY;
1442 params.wps = WPS_MODE_OPEN;
1443 wpa_s->wpa_proto = 0;
1444 #endif /* CONFIG_WPS */
1446 wpa_supplicant_set_non_wpa_policy(wpa_s, ssid);
1448 wpa_s->wpa_proto = 0;
1452 if (wpa_s->global->p2p) {
1456 pos = wpa_ie + wpa_ie_len;
1457 len = sizeof(wpa_ie) - wpa_ie_len;
1458 res = wpas_p2p_assoc_req_ie(wpa_s, bss, pos, len,
1464 wpa_s->cross_connect_disallowed = 0;
1467 p2p = wpa_bss_get_vendor_ie_multi(bss, P2P_IE_VENDOR_TYPE);
1469 wpa_s->cross_connect_disallowed =
1470 p2p_get_cross_connect_disallowed(p2p);
1472 wpa_dbg(wpa_s, MSG_DEBUG, "P2P: WLAN AP %s cross "
1474 wpa_s->cross_connect_disallowed ?
1475 "disallows" : "allows");
1478 #endif /* CONFIG_P2P */
1481 if (is_hs20_network(wpa_s, ssid, bss)) {
1482 struct wpabuf *hs20;
1483 hs20 = wpabuf_alloc(20);
1485 wpas_hs20_add_indication(hs20);
1486 os_memcpy(wpa_ie + wpa_ie_len, wpabuf_head(hs20),
1488 wpa_ie_len += wpabuf_len(hs20);
1492 #endif /* CONFIG_HS20 */
1494 ext_capab_len = wpas_build_ext_capab(wpa_s, ext_capab);
1495 if (ext_capab_len > 0) {
1497 if (wpa_ie_len > 0 && pos[0] == WLAN_EID_RSN)
1499 os_memmove(pos + ext_capab_len, pos,
1500 wpa_ie_len - (pos - wpa_ie));
1501 wpa_ie_len += ext_capab_len;
1502 os_memcpy(pos, ext_capab, ext_capab_len);
1505 wpa_clear_keys(wpa_s, bss ? bss->bssid : NULL);
1507 cipher_pairwise = wpa_cipher_to_suite_driver(wpa_s->pairwise_cipher);
1508 cipher_group = wpa_cipher_to_suite_driver(wpa_s->group_cipher);
1509 if (wpa_s->key_mgmt == WPA_KEY_MGMT_NONE ||
1510 wpa_s->key_mgmt == WPA_KEY_MGMT_IEEE8021X_NO_WPA) {
1511 if (wpa_s->key_mgmt == WPA_KEY_MGMT_NONE)
1513 if (wpa_set_wep_keys(wpa_s, ssid)) {
1518 if (wpa_s->key_mgmt == WPA_KEY_MGMT_WPS)
1521 #ifdef IEEE8021X_EAPOL
1522 if (wpa_s->key_mgmt == WPA_KEY_MGMT_IEEE8021X_NO_WPA) {
1523 if ((ssid->eapol_flags &
1524 (EAPOL_FLAG_REQUIRE_KEY_UNICAST |
1525 EAPOL_FLAG_REQUIRE_KEY_BROADCAST)) == 0 &&
1529 /* Assume that dynamic WEP-104 keys will be used and
1530 * set cipher suites in order for drivers to expect
1532 cipher_pairwise = cipher_group = CIPHER_WEP104;
1535 #endif /* IEEE8021X_EAPOL */
1537 if (wpa_s->key_mgmt == WPA_KEY_MGMT_WPA_NONE) {
1538 /* Set the key before (and later after) association */
1539 wpa_supplicant_set_wpa_none_key(wpa_s, ssid);
1542 wpa_supplicant_set_state(wpa_s, WPA_ASSOCIATING);
1544 params.ssid = bss->ssid;
1545 params.ssid_len = bss->ssid_len;
1546 if (!wpas_driver_bss_selection(wpa_s) || ssid->bssid_set) {
1547 wpa_printf(MSG_DEBUG, "Limit connection to BSSID "
1548 MACSTR " freq=%u MHz based on scan results "
1550 MAC2STR(bss->bssid), bss->freq,
1552 params.bssid = bss->bssid;
1553 params.freq = bss->freq;
1556 params.ssid = ssid->ssid;
1557 params.ssid_len = ssid->ssid_len;
1560 if (ssid->mode == WPAS_MODE_IBSS && ssid->bssid_set &&
1561 wpa_s->conf->ap_scan == 2) {
1562 params.bssid = ssid->bssid;
1563 params.fixed_bssid = 1;
1566 if (ssid->mode == WPAS_MODE_IBSS && ssid->frequency > 0 &&
1568 params.freq = ssid->frequency; /* Initial channel for IBSS */
1569 params.wpa_ie = wpa_ie;
1570 params.wpa_ie_len = wpa_ie_len;
1571 params.pairwise_suite = cipher_pairwise;
1572 params.group_suite = cipher_group;
1573 params.key_mgmt_suite = key_mgmt2driver(wpa_s->key_mgmt);
1574 params.wpa_proto = wpa_s->wpa_proto;
1575 params.auth_alg = algs;
1576 params.mode = ssid->mode;
1577 params.bg_scan_period = ssid->bg_scan_period;
1578 for (i = 0; i < NUM_WEP_KEYS; i++) {
1579 if (ssid->wep_key_len[i])
1580 params.wep_key[i] = ssid->wep_key[i];
1581 params.wep_key_len[i] = ssid->wep_key_len[i];
1583 params.wep_tx_keyidx = ssid->wep_tx_keyidx;
1585 if ((wpa_s->drv_flags & WPA_DRIVER_FLAGS_4WAY_HANDSHAKE) &&
1586 (params.key_mgmt_suite == KEY_MGMT_PSK ||
1587 params.key_mgmt_suite == KEY_MGMT_FT_PSK)) {
1588 params.passphrase = ssid->passphrase;
1590 params.psk = ssid->psk;
1593 params.drop_unencrypted = use_crypt;
1595 #ifdef CONFIG_IEEE80211W
1596 params.mgmt_frame_protection =
1597 ssid->ieee80211w == MGMT_FRAME_PROTECTION_DEFAULT ?
1598 wpa_s->conf->pmf : ssid->ieee80211w;
1599 if (params.mgmt_frame_protection != NO_MGMT_FRAME_PROTECTION && bss) {
1600 const u8 *rsn = wpa_bss_get_ie(bss, WLAN_EID_RSN);
1601 struct wpa_ie_data ie;
1602 if (rsn && wpa_parse_wpa_ie(rsn, 2 + rsn[1], &ie) == 0 &&
1604 (WPA_CAPABILITY_MFPC | WPA_CAPABILITY_MFPR)) {
1605 wpa_dbg(wpa_s, MSG_DEBUG, "WPA: Selected AP supports "
1606 "MFP: require MFP");
1607 params.mgmt_frame_protection =
1608 MGMT_FRAME_PROTECTION_REQUIRED;
1611 #endif /* CONFIG_IEEE80211W */
1613 params.p2p = ssid->p2p_group;
1615 if (wpa_s->parent->set_sta_uapsd)
1616 params.uapsd = wpa_s->parent->sta_uapsd;
1620 #ifdef CONFIG_HT_OVERRIDES
1621 os_memset(&htcaps, 0, sizeof(htcaps));
1622 os_memset(&htcaps_mask, 0, sizeof(htcaps_mask));
1623 params.htcaps = (u8 *) &htcaps;
1624 params.htcaps_mask = (u8 *) &htcaps_mask;
1625 wpa_supplicant_apply_ht_overrides(wpa_s, ssid, ¶ms);
1626 #endif /* CONFIG_HT_OVERRIDES */
1629 /* If multichannel concurrency is not supported, check for any frequency
1630 * conflict and take appropriate action.
1632 if (!(wpa_s->drv_flags & WPA_DRIVER_FLAGS_MULTI_CHANNEL_CONCURRENT) &&
1633 ((freq = wpa_drv_shared_freq(wpa_s)) > 0) && (freq != params.freq)) {
1634 wpa_printf(MSG_DEBUG, "Shared interface with conflicting frequency found (%d != %d)"
1635 , freq, params.freq);
1636 if (wpas_p2p_handle_frequency_conflicts(wpa_s, params.freq, ssid) < 0)
1640 ret = wpa_drv_associate(wpa_s, ¶ms);
1642 wpa_msg(wpa_s, MSG_INFO, "Association request to the driver "
1644 if (wpa_s->drv_flags & WPA_DRIVER_FLAGS_SANE_ERROR_CODES) {
1646 * The driver is known to mean what is saying, so we
1647 * can stop right here; the association will not
1650 wpas_connection_failed(wpa_s, wpa_s->pending_bssid);
1651 wpa_supplicant_set_state(wpa_s, WPA_DISCONNECTED);
1652 os_memset(wpa_s->pending_bssid, 0, ETH_ALEN);
1655 /* try to continue anyway; new association will be tried again
1660 if (wpa_s->key_mgmt == WPA_KEY_MGMT_WPA_NONE) {
1661 /* Set the key after the association just in case association
1662 * cleared the previously configured key. */
1663 wpa_supplicant_set_wpa_none_key(wpa_s, ssid);
1664 /* No need to timeout authentication since there is no key
1666 wpa_supplicant_cancel_auth_timeout(wpa_s);
1667 wpa_supplicant_set_state(wpa_s, WPA_COMPLETED);
1668 #ifdef CONFIG_IBSS_RSN
1669 } else if (ssid->mode == WPAS_MODE_IBSS &&
1670 wpa_s->key_mgmt != WPA_KEY_MGMT_NONE &&
1671 wpa_s->key_mgmt != WPA_KEY_MGMT_WPA_NONE) {
1673 * RSN IBSS authentication is per-STA and we can disable the
1674 * per-BSSID authentication.
1676 wpa_supplicant_cancel_auth_timeout(wpa_s);
1677 #endif /* CONFIG_IBSS_RSN */
1679 /* Timeout for IEEE 802.11 authentication and association */
1683 /* give IBSS a bit more time */
1684 timeout = ssid->mode == WPAS_MODE_IBSS ? 10 : 5;
1685 } else if (wpa_s->conf->ap_scan == 1) {
1686 /* give IBSS a bit more time */
1687 timeout = ssid->mode == WPAS_MODE_IBSS ? 20 : 10;
1689 wpa_supplicant_req_auth_timeout(wpa_s, timeout, 0);
1693 (wpa_s->drv_flags & WPA_DRIVER_FLAGS_SET_KEYS_AFTER_ASSOC)) {
1694 /* Set static WEP keys again */
1695 wpa_set_wep_keys(wpa_s, ssid);
1698 if (wpa_s->current_ssid && wpa_s->current_ssid != ssid) {
1700 * Do not allow EAP session resumption between different
1701 * network configurations.
1703 eapol_sm_invalidate_cached_session(wpa_s->eapol);
1705 old_ssid = wpa_s->current_ssid;
1706 wpa_s->current_ssid = ssid;
1707 wpa_s->current_bss = bss;
1708 wpa_supplicant_rsn_supp_set_config(wpa_s, wpa_s->current_ssid);
1709 wpa_supplicant_initiate_eapol(wpa_s);
1710 if (old_ssid != wpa_s->current_ssid)
1711 wpas_notify_network_changed(wpa_s);
1715 static void wpa_supplicant_clear_connection(struct wpa_supplicant *wpa_s,
1718 struct wpa_ssid *old_ssid;
1720 wpa_clear_keys(wpa_s, addr);
1721 old_ssid = wpa_s->current_ssid;
1722 wpa_supplicant_mark_disassoc(wpa_s);
1723 wpa_sm_set_config(wpa_s->wpa, NULL);
1724 eapol_sm_notify_config(wpa_s->eapol, NULL, NULL);
1725 if (old_ssid != wpa_s->current_ssid)
1726 wpas_notify_network_changed(wpa_s);
1727 eloop_cancel_timeout(wpa_supplicant_timeout, wpa_s, NULL);
1732 * wpa_supplicant_deauthenticate - Deauthenticate the current connection
1733 * @wpa_s: Pointer to wpa_supplicant data
1734 * @reason_code: IEEE 802.11 reason code for the deauthenticate frame
1736 * This function is used to request %wpa_supplicant to deauthenticate from the
1739 void wpa_supplicant_deauthenticate(struct wpa_supplicant *wpa_s,
1743 union wpa_event_data event;
1746 wpa_dbg(wpa_s, MSG_DEBUG, "Request to deauthenticate - bssid=" MACSTR
1747 " pending_bssid=" MACSTR " reason=%d state=%s",
1748 MAC2STR(wpa_s->bssid), MAC2STR(wpa_s->pending_bssid),
1749 reason_code, wpa_supplicant_state_txt(wpa_s->wpa_state));
1751 if (!is_zero_ether_addr(wpa_s->bssid))
1752 addr = wpa_s->bssid;
1753 else if (!is_zero_ether_addr(wpa_s->pending_bssid) &&
1754 (wpa_s->wpa_state == WPA_AUTHENTICATING ||
1755 wpa_s->wpa_state == WPA_ASSOCIATING))
1756 addr = wpa_s->pending_bssid;
1757 else if (wpa_s->wpa_state == WPA_ASSOCIATING) {
1759 * When using driver-based BSS selection, we may not know the
1760 * BSSID with which we are currently trying to associate. We
1761 * need to notify the driver of this disconnection even in such
1762 * a case, so use the all zeros address here.
1764 addr = wpa_s->bssid;
1769 wpa_tdls_teardown_peers(wpa_s->wpa);
1770 #endif /* CONFIG_TDLS */
1773 wpa_drv_deauthenticate(wpa_s, addr, reason_code);
1774 os_memset(&event, 0, sizeof(event));
1775 event.deauth_info.reason_code = (u16) reason_code;
1776 event.deauth_info.locally_generated = 1;
1777 wpa_supplicant_event(wpa_s, EVENT_DEAUTH, &event);
1782 wpa_supplicant_clear_connection(wpa_s, addr);
1785 static void wpa_supplicant_enable_one_network(struct wpa_supplicant *wpa_s,
1786 struct wpa_ssid *ssid)
1788 if (!ssid || !ssid->disabled || ssid->disabled == 2)
1792 wpas_clear_temp_disabled(wpa_s, ssid, 1);
1793 wpas_notify_network_enabled_changed(wpa_s, ssid);
1796 * Try to reassociate since there is no current configuration and a new
1797 * network was made available.
1799 if (!wpa_s->current_ssid)
1800 wpa_s->reassociate = 1;
1805 * wpa_supplicant_enable_network - Mark a configured network as enabled
1806 * @wpa_s: wpa_supplicant structure for a network interface
1807 * @ssid: wpa_ssid structure for a configured network or %NULL
1809 * Enables the specified network or all networks if no network specified.
1811 void wpa_supplicant_enable_network(struct wpa_supplicant *wpa_s,
1812 struct wpa_ssid *ssid)
1815 for (ssid = wpa_s->conf->ssid; ssid; ssid = ssid->next)
1816 wpa_supplicant_enable_one_network(wpa_s, ssid);
1818 wpa_supplicant_enable_one_network(wpa_s, ssid);
1820 if (wpa_s->reassociate) {
1821 if (wpa_s->sched_scanning) {
1822 wpa_printf(MSG_DEBUG, "Stop ongoing sched_scan to add "
1823 "new network to scan filters");
1824 wpa_supplicant_cancel_sched_scan(wpa_s);
1827 wpa_supplicant_req_scan(wpa_s, 0, 0);
1833 * wpa_supplicant_disable_network - Mark a configured network as disabled
1834 * @wpa_s: wpa_supplicant structure for a network interface
1835 * @ssid: wpa_ssid structure for a configured network or %NULL
1837 * Disables the specified network or all networks if no network specified.
1839 void wpa_supplicant_disable_network(struct wpa_supplicant *wpa_s,
1840 struct wpa_ssid *ssid)
1842 struct wpa_ssid *other_ssid;
1846 if (wpa_s->sched_scanning)
1847 wpa_supplicant_cancel_sched_scan(wpa_s);
1849 for (other_ssid = wpa_s->conf->ssid; other_ssid;
1850 other_ssid = other_ssid->next) {
1851 was_disabled = other_ssid->disabled;
1852 if (was_disabled == 2)
1853 continue; /* do not change persistent P2P group
1856 other_ssid->disabled = 1;
1858 if (was_disabled != other_ssid->disabled)
1859 wpas_notify_network_enabled_changed(
1862 if (wpa_s->current_ssid)
1863 wpa_supplicant_deauthenticate(
1864 wpa_s, WLAN_REASON_DEAUTH_LEAVING);
1865 } else if (ssid->disabled != 2) {
1866 if (ssid == wpa_s->current_ssid)
1867 wpa_supplicant_deauthenticate(
1868 wpa_s, WLAN_REASON_DEAUTH_LEAVING);
1870 was_disabled = ssid->disabled;
1874 if (was_disabled != ssid->disabled) {
1875 wpas_notify_network_enabled_changed(wpa_s, ssid);
1876 if (wpa_s->sched_scanning) {
1877 wpa_printf(MSG_DEBUG, "Stop ongoing sched_scan "
1878 "to remove network from filters");
1879 wpa_supplicant_cancel_sched_scan(wpa_s);
1880 wpa_supplicant_req_scan(wpa_s, 0, 0);
1888 * wpa_supplicant_select_network - Attempt association with a network
1889 * @wpa_s: wpa_supplicant structure for a network interface
1890 * @ssid: wpa_ssid structure for a configured network or %NULL for any network
1892 void wpa_supplicant_select_network(struct wpa_supplicant *wpa_s,
1893 struct wpa_ssid *ssid)
1896 struct wpa_ssid *other_ssid;
1897 int disconnected = 0;
1899 if (ssid && ssid != wpa_s->current_ssid && wpa_s->current_ssid) {
1900 wpa_supplicant_deauthenticate(
1901 wpa_s, WLAN_REASON_DEAUTH_LEAVING);
1906 wpas_clear_temp_disabled(wpa_s, ssid, 1);
1909 * Mark all other networks disabled or mark all networks enabled if no
1910 * network specified.
1912 for (other_ssid = wpa_s->conf->ssid; other_ssid;
1913 other_ssid = other_ssid->next) {
1914 int was_disabled = other_ssid->disabled;
1915 if (was_disabled == 2)
1916 continue; /* do not change persistent P2P group data */
1918 other_ssid->disabled = ssid ? (ssid->id != other_ssid->id) : 0;
1919 if (was_disabled && !other_ssid->disabled)
1920 wpas_clear_temp_disabled(wpa_s, other_ssid, 0);
1922 if (was_disabled != other_ssid->disabled)
1923 wpas_notify_network_enabled_changed(wpa_s, other_ssid);
1926 if (ssid && ssid == wpa_s->current_ssid && wpa_s->current_ssid) {
1927 /* We are already associated with the selected network */
1928 wpa_printf(MSG_DEBUG, "Already associated with the "
1929 "selected network - do nothing");
1934 wpa_s->current_ssid = ssid;
1935 wpa_s->connect_without_scan = NULL;
1936 wpa_s->disconnected = 0;
1937 wpa_s->reassociate = 1;
1939 if (wpa_supplicant_fast_associate(wpa_s) != 1)
1940 wpa_supplicant_req_scan(wpa_s, 0, disconnected ? 100000 : 0);
1943 wpas_notify_network_selected(wpa_s, ssid);
1948 * wpa_supplicant_set_ap_scan - Set AP scan mode for interface
1949 * @wpa_s: wpa_supplicant structure for a network interface
1950 * @ap_scan: AP scan mode
1951 * Returns: 0 if succeed or -1 if ap_scan has an invalid value
1954 int wpa_supplicant_set_ap_scan(struct wpa_supplicant *wpa_s, int ap_scan)
1959 if (ap_scan < 0 || ap_scan > 2)
1963 if (ap_scan == 2 && ap_scan != wpa_s->conf->ap_scan &&
1964 wpa_s->wpa_state >= WPA_ASSOCIATING &&
1965 wpa_s->wpa_state < WPA_COMPLETED) {
1966 wpa_printf(MSG_ERROR, "ap_scan = %d (%d) rejected while "
1967 "associating", wpa_s->conf->ap_scan, ap_scan);
1970 #endif /* ANDROID */
1972 old_ap_scan = wpa_s->conf->ap_scan;
1973 wpa_s->conf->ap_scan = ap_scan;
1975 if (old_ap_scan != wpa_s->conf->ap_scan)
1976 wpas_notify_ap_scan_changed(wpa_s);
1983 * wpa_supplicant_set_bss_expiration_age - Set BSS entry expiration age
1984 * @wpa_s: wpa_supplicant structure for a network interface
1985 * @expire_age: Expiration age in seconds
1986 * Returns: 0 if succeed or -1 if expire_age has an invalid value
1989 int wpa_supplicant_set_bss_expiration_age(struct wpa_supplicant *wpa_s,
1990 unsigned int bss_expire_age)
1992 if (bss_expire_age < 10) {
1993 wpa_msg(wpa_s, MSG_ERROR, "Invalid bss expiration age %u",
1997 wpa_msg(wpa_s, MSG_DEBUG, "Setting bss expiration age: %d sec",
1999 wpa_s->conf->bss_expiration_age = bss_expire_age;
2006 * wpa_supplicant_set_bss_expiration_count - Set BSS entry expiration scan count
2007 * @wpa_s: wpa_supplicant structure for a network interface
2008 * @expire_count: number of scans after which an unseen BSS is reclaimed
2009 * Returns: 0 if succeed or -1 if expire_count has an invalid value
2012 int wpa_supplicant_set_bss_expiration_count(struct wpa_supplicant *wpa_s,
2013 unsigned int bss_expire_count)
2015 if (bss_expire_count < 1) {
2016 wpa_msg(wpa_s, MSG_ERROR, "Invalid bss expiration count %u",
2020 wpa_msg(wpa_s, MSG_DEBUG, "Setting bss expiration scan count: %u",
2022 wpa_s->conf->bss_expiration_scan_count = bss_expire_count;
2029 * wpa_supplicant_set_scan_interval - Set scan interval
2030 * @wpa_s: wpa_supplicant structure for a network interface
2031 * @scan_interval: scan interval in seconds
2032 * Returns: 0 if succeed or -1 if scan_interval has an invalid value
2035 int wpa_supplicant_set_scan_interval(struct wpa_supplicant *wpa_s,
2038 if (scan_interval < 0) {
2039 wpa_msg(wpa_s, MSG_ERROR, "Invalid scan interval %d",
2043 wpa_msg(wpa_s, MSG_DEBUG, "Setting scan interval: %d sec",
2045 wpa_supplicant_update_scan_int(wpa_s, scan_interval);
2052 * wpa_supplicant_set_debug_params - Set global debug params
2053 * @global: wpa_global structure
2054 * @debug_level: debug level
2055 * @debug_timestamp: determines if show timestamp in debug data
2056 * @debug_show_keys: determines if show keys in debug data
2057 * Returns: 0 if succeed or -1 if debug_level has wrong value
2059 int wpa_supplicant_set_debug_params(struct wpa_global *global, int debug_level,
2060 int debug_timestamp, int debug_show_keys)
2063 int old_level, old_timestamp, old_show_keys;
2065 /* check for allowed debuglevels */
2066 if (debug_level != MSG_EXCESSIVE &&
2067 debug_level != MSG_MSGDUMP &&
2068 debug_level != MSG_DEBUG &&
2069 debug_level != MSG_INFO &&
2070 debug_level != MSG_WARNING &&
2071 debug_level != MSG_ERROR)
2074 old_level = wpa_debug_level;
2075 old_timestamp = wpa_debug_timestamp;
2076 old_show_keys = wpa_debug_show_keys;
2078 wpa_debug_level = debug_level;
2079 wpa_debug_timestamp = debug_timestamp ? 1 : 0;
2080 wpa_debug_show_keys = debug_show_keys ? 1 : 0;
2082 if (wpa_debug_level != old_level)
2083 wpas_notify_debug_level_changed(global);
2084 if (wpa_debug_timestamp != old_timestamp)
2085 wpas_notify_debug_timestamp_changed(global);
2086 if (wpa_debug_show_keys != old_show_keys)
2087 wpas_notify_debug_show_keys_changed(global);
2094 * wpa_supplicant_get_ssid - Get a pointer to the current network structure
2095 * @wpa_s: Pointer to wpa_supplicant data
2096 * Returns: A pointer to the current network structure or %NULL on failure
2098 struct wpa_ssid * wpa_supplicant_get_ssid(struct wpa_supplicant *wpa_s)
2100 struct wpa_ssid *entry;
2101 u8 ssid[MAX_SSID_LEN];
2107 res = wpa_drv_get_ssid(wpa_s, ssid);
2109 wpa_msg(wpa_s, MSG_WARNING, "Could not read SSID from "
2115 if (wpa_drv_get_bssid(wpa_s, bssid) < 0) {
2116 wpa_msg(wpa_s, MSG_WARNING, "Could not read BSSID from "
2121 wired = wpa_s->conf->ap_scan == 0 &&
2122 (wpa_s->drv_flags & WPA_DRIVER_FLAGS_WIRED);
2124 entry = wpa_s->conf->ssid;
2126 if (!wpas_network_disabled(wpa_s, entry) &&
2127 ((ssid_len == entry->ssid_len &&
2128 os_memcmp(ssid, entry->ssid, ssid_len) == 0) || wired) &&
2129 (!entry->bssid_set ||
2130 os_memcmp(bssid, entry->bssid, ETH_ALEN) == 0))
2133 if (!wpas_network_disabled(wpa_s, entry) &&
2134 (entry->key_mgmt & WPA_KEY_MGMT_WPS) &&
2135 (entry->ssid == NULL || entry->ssid_len == 0) &&
2136 (!entry->bssid_set ||
2137 os_memcmp(bssid, entry->bssid, ETH_ALEN) == 0))
2139 #endif /* CONFIG_WPS */
2141 if (!wpas_network_disabled(wpa_s, entry) && entry->bssid_set &&
2142 entry->ssid_len == 0 &&
2143 os_memcmp(bssid, entry->bssid, ETH_ALEN) == 0)
2146 entry = entry->next;
2153 static int select_driver(struct wpa_supplicant *wpa_s, int i)
2155 struct wpa_global *global = wpa_s->global;
2157 if (wpa_drivers[i]->global_init && global->drv_priv[i] == NULL) {
2158 global->drv_priv[i] = wpa_drivers[i]->global_init();
2159 if (global->drv_priv[i] == NULL) {
2160 wpa_printf(MSG_ERROR, "Failed to initialize driver "
2161 "'%s'", wpa_drivers[i]->name);
2166 wpa_s->driver = wpa_drivers[i];
2167 wpa_s->global_drv_priv = global->drv_priv[i];
2173 static int wpa_supplicant_set_driver(struct wpa_supplicant *wpa_s,
2178 const char *pos, *driver = name;
2183 if (wpa_drivers[0] == NULL) {
2184 wpa_msg(wpa_s, MSG_ERROR, "No driver interfaces build into "
2190 /* default to first driver in the list */
2191 return select_driver(wpa_s, 0);
2195 pos = os_strchr(driver, ',');
2199 len = os_strlen(driver);
2201 for (i = 0; wpa_drivers[i]; i++) {
2202 if (os_strlen(wpa_drivers[i]->name) == len &&
2203 os_strncmp(driver, wpa_drivers[i]->name, len) ==
2205 /* First driver that succeeds wins */
2206 if (select_driver(wpa_s, i) == 0)
2214 wpa_msg(wpa_s, MSG_ERROR, "Unsupported driver '%s'", name);
2220 * wpa_supplicant_rx_eapol - Deliver a received EAPOL frame to wpa_supplicant
2221 * @ctx: Context pointer (wpa_s); this is the ctx variable registered
2222 * with struct wpa_driver_ops::init()
2223 * @src_addr: Source address of the EAPOL frame
2224 * @buf: EAPOL data starting from the EAPOL header (i.e., no Ethernet header)
2225 * @len: Length of the EAPOL data
2227 * This function is called for each received EAPOL frame. Most driver
2228 * interfaces rely on more generic OS mechanism for receiving frames through
2229 * l2_packet, but if such a mechanism is not available, the driver wrapper may
2230 * take care of received EAPOL frames and deliver them to the core supplicant
2231 * code by calling this function.
2233 void wpa_supplicant_rx_eapol(void *ctx, const u8 *src_addr,
2234 const u8 *buf, size_t len)
2236 struct wpa_supplicant *wpa_s = ctx;
2238 wpa_dbg(wpa_s, MSG_DEBUG, "RX EAPOL from " MACSTR, MAC2STR(src_addr));
2239 wpa_hexdump(MSG_MSGDUMP, "RX EAPOL", buf, len);
2241 if (wpa_s->wpa_state < WPA_ASSOCIATED ||
2242 (wpa_s->last_eapol_matches_bssid &&
2245 #endif /* CONFIG_AP */
2246 os_memcmp(src_addr, wpa_s->bssid, ETH_ALEN) != 0)) {
2248 * There is possible race condition between receiving the
2249 * association event and the EAPOL frame since they are coming
2250 * through different paths from the driver. In order to avoid
2251 * issues in trying to process the EAPOL frame before receiving
2252 * association information, lets queue it for processing until
2253 * the association event is received. This may also be needed in
2254 * driver-based roaming case, so also use src_addr != BSSID as a
2255 * trigger if we have previously confirmed that the
2256 * Authenticator uses BSSID as the src_addr (which is not the
2257 * case with wired IEEE 802.1X).
2259 wpa_dbg(wpa_s, MSG_DEBUG, "Not associated - Delay processing "
2260 "of received EAPOL frame (state=%s bssid=" MACSTR ")",
2261 wpa_supplicant_state_txt(wpa_s->wpa_state),
2262 MAC2STR(wpa_s->bssid));
2263 wpabuf_free(wpa_s->pending_eapol_rx);
2264 wpa_s->pending_eapol_rx = wpabuf_alloc_copy(buf, len);
2265 if (wpa_s->pending_eapol_rx) {
2266 os_get_time(&wpa_s->pending_eapol_rx_time);
2267 os_memcpy(wpa_s->pending_eapol_rx_src, src_addr,
2273 wpa_s->last_eapol_matches_bssid =
2274 os_memcmp(src_addr, wpa_s->bssid, ETH_ALEN) == 0;
2277 if (wpa_s->ap_iface) {
2278 wpa_supplicant_ap_rx_eapol(wpa_s, src_addr, buf, len);
2281 #endif /* CONFIG_AP */
2283 if (wpa_s->key_mgmt == WPA_KEY_MGMT_NONE) {
2284 wpa_dbg(wpa_s, MSG_DEBUG, "Ignored received EAPOL frame since "
2285 "no key management is configured");
2289 if (wpa_s->eapol_received == 0 &&
2290 (!(wpa_s->drv_flags & WPA_DRIVER_FLAGS_4WAY_HANDSHAKE) ||
2291 !wpa_key_mgmt_wpa_psk(wpa_s->key_mgmt) ||
2292 wpa_s->wpa_state != WPA_COMPLETED) &&
2293 (wpa_s->current_ssid == NULL ||
2294 wpa_s->current_ssid->mode != IEEE80211_MODE_IBSS)) {
2295 /* Timeout for completing IEEE 802.1X and WPA authentication */
2296 wpa_supplicant_req_auth_timeout(
2298 (wpa_key_mgmt_wpa_ieee8021x(wpa_s->key_mgmt) ||
2299 wpa_s->key_mgmt == WPA_KEY_MGMT_IEEE8021X_NO_WPA ||
2300 wpa_s->key_mgmt == WPA_KEY_MGMT_WPS) ?
2303 wpa_s->eapol_received++;
2305 if (wpa_s->countermeasures) {
2306 wpa_msg(wpa_s, MSG_INFO, "WPA: Countermeasures - dropped "
2311 #ifdef CONFIG_IBSS_RSN
2312 if (wpa_s->current_ssid &&
2313 wpa_s->current_ssid->mode == WPAS_MODE_IBSS) {
2314 ibss_rsn_rx_eapol(wpa_s->ibss_rsn, src_addr, buf, len);
2317 #endif /* CONFIG_IBSS_RSN */
2319 /* Source address of the incoming EAPOL frame could be compared to the
2320 * current BSSID. However, it is possible that a centralized
2321 * Authenticator could be using another MAC address than the BSSID of
2322 * an AP, so just allow any address to be used for now. The replies are
2323 * still sent to the current BSSID (if available), though. */
2325 os_memcpy(wpa_s->last_eapol_src, src_addr, ETH_ALEN);
2326 if (!wpa_key_mgmt_wpa_psk(wpa_s->key_mgmt) &&
2327 eapol_sm_rx_eapol(wpa_s->eapol, src_addr, buf, len) > 0)
2329 wpa_drv_poll(wpa_s);
2330 if (!(wpa_s->drv_flags & WPA_DRIVER_FLAGS_4WAY_HANDSHAKE))
2331 wpa_sm_rx_eapol(wpa_s->wpa, src_addr, buf, len);
2332 else if (wpa_key_mgmt_wpa_ieee8021x(wpa_s->key_mgmt)) {
2334 * Set portValid = TRUE here since we are going to skip 4-way
2335 * handshake processing which would normally set portValid. We
2336 * need this to allow the EAPOL state machines to be completed
2337 * without going through EAPOL-Key handshake.
2339 eapol_sm_notify_portValid(wpa_s->eapol, TRUE);
2344 int wpa_supplicant_update_mac_addr(struct wpa_supplicant *wpa_s)
2346 if (wpa_s->driver->send_eapol) {
2347 const u8 *addr = wpa_drv_get_mac_addr(wpa_s);
2349 os_memcpy(wpa_s->own_addr, addr, ETH_ALEN);
2350 } else if (!(wpa_s->drv_flags &
2351 WPA_DRIVER_FLAGS_P2P_DEDICATED_INTERFACE)) {
2352 l2_packet_deinit(wpa_s->l2);
2353 wpa_s->l2 = l2_packet_init(wpa_s->ifname,
2354 wpa_drv_get_mac_addr(wpa_s),
2356 wpa_supplicant_rx_eapol, wpa_s, 0);
2357 if (wpa_s->l2 == NULL)
2360 const u8 *addr = wpa_drv_get_mac_addr(wpa_s);
2362 os_memcpy(wpa_s->own_addr, addr, ETH_ALEN);
2365 if (wpa_s->l2 && l2_packet_get_own_addr(wpa_s->l2, wpa_s->own_addr)) {
2366 wpa_msg(wpa_s, MSG_ERROR, "Failed to get own L2 address");
2370 wpa_dbg(wpa_s, MSG_DEBUG, "Own MAC address: " MACSTR,
2371 MAC2STR(wpa_s->own_addr));
2372 wpa_sm_set_own_addr(wpa_s->wpa, wpa_s->own_addr);
2378 static void wpa_supplicant_rx_eapol_bridge(void *ctx, const u8 *src_addr,
2379 const u8 *buf, size_t len)
2381 struct wpa_supplicant *wpa_s = ctx;
2382 const struct l2_ethhdr *eth;
2384 if (len < sizeof(*eth))
2386 eth = (const struct l2_ethhdr *) buf;
2388 if (os_memcmp(eth->h_dest, wpa_s->own_addr, ETH_ALEN) != 0 &&
2389 !(eth->h_dest[0] & 0x01)) {
2390 wpa_dbg(wpa_s, MSG_DEBUG, "RX EAPOL from " MACSTR " to " MACSTR
2391 " (bridge - not for this interface - ignore)",
2392 MAC2STR(src_addr), MAC2STR(eth->h_dest));
2396 wpa_dbg(wpa_s, MSG_DEBUG, "RX EAPOL from " MACSTR " to " MACSTR
2397 " (bridge)", MAC2STR(src_addr), MAC2STR(eth->h_dest));
2398 wpa_supplicant_rx_eapol(wpa_s, src_addr, buf + sizeof(*eth),
2399 len - sizeof(*eth));
2404 * wpa_supplicant_driver_init - Initialize driver interface parameters
2405 * @wpa_s: Pointer to wpa_supplicant data
2406 * Returns: 0 on success, -1 on failure
2408 * This function is called to initialize driver interface parameters.
2409 * wpa_drv_init() must have been called before this function to initialize the
2412 int wpa_supplicant_driver_init(struct wpa_supplicant *wpa_s)
2414 static int interface_count = 0;
2416 if (wpa_supplicant_update_mac_addr(wpa_s) < 0)
2419 if (wpa_s->bridge_ifname[0]) {
2420 wpa_dbg(wpa_s, MSG_DEBUG, "Receiving packets from bridge "
2421 "interface '%s'", wpa_s->bridge_ifname);
2422 wpa_s->l2_br = l2_packet_init(wpa_s->bridge_ifname,
2425 wpa_supplicant_rx_eapol_bridge,
2427 if (wpa_s->l2_br == NULL) {
2428 wpa_msg(wpa_s, MSG_ERROR, "Failed to open l2_packet "
2429 "connection for the bridge interface '%s'",
2430 wpa_s->bridge_ifname);
2435 wpa_clear_keys(wpa_s, NULL);
2437 /* Make sure that TKIP countermeasures are not left enabled (could
2438 * happen if wpa_supplicant is killed during countermeasures. */
2439 wpa_drv_set_countermeasures(wpa_s, 0);
2441 wpa_dbg(wpa_s, MSG_DEBUG, "RSN: flushing PMKID list in the driver");
2442 wpa_drv_flush_pmkid(wpa_s);
2444 wpa_s->prev_scan_ssid = WILDCARD_SSID_SCAN;
2445 wpa_s->prev_scan_wildcard = 0;
2447 if (wpa_supplicant_enabled_networks(wpa_s)) {
2448 if (wpa_supplicant_delayed_sched_scan(wpa_s, interface_count,
2450 wpa_supplicant_req_scan(wpa_s, interface_count,
2454 wpa_supplicant_set_state(wpa_s, WPA_INACTIVE);
2460 static int wpa_supplicant_daemon(const char *pid_file)
2462 wpa_printf(MSG_DEBUG, "Daemonize..");
2463 return os_daemonize(pid_file);
2467 static struct wpa_supplicant * wpa_supplicant_alloc(void)
2469 struct wpa_supplicant *wpa_s;
2471 wpa_s = os_zalloc(sizeof(*wpa_s));
2474 wpa_s->scan_req = INITIAL_SCAN_REQ;
2475 wpa_s->scan_interval = 5;
2476 wpa_s->new_connection = 1;
2477 wpa_s->parent = wpa_s;
2478 wpa_s->sched_scanning = 0;
2484 #ifdef CONFIG_HT_OVERRIDES
2486 static int wpa_set_htcap_mcs(struct wpa_supplicant *wpa_s,
2487 struct ieee80211_ht_capabilities *htcaps,
2488 struct ieee80211_ht_capabilities *htcaps_mask,
2491 /* parse ht_mcs into hex array */
2493 const char *tmp = ht_mcs;
2496 /* If ht_mcs is null, do not set anything */
2500 /* This is what we are setting in the kernel */
2501 os_memset(&htcaps->supported_mcs_set, 0, IEEE80211_HT_MCS_MASK_LEN);
2503 wpa_msg(wpa_s, MSG_DEBUG, "set_htcap, ht_mcs -:%s:-", ht_mcs);
2505 for (i = 0; i < IEEE80211_HT_MCS_MASK_LEN; i++) {
2507 long v = strtol(tmp, &end, 16);
2509 wpa_msg(wpa_s, MSG_DEBUG,
2510 "htcap value[%i]: %ld end: %p tmp: %p",
2515 htcaps->supported_mcs_set[i] = v;
2518 wpa_msg(wpa_s, MSG_ERROR,
2519 "Failed to parse ht-mcs: %s, error: %s\n",
2520 ht_mcs, strerror(errno));
2526 * If we were able to parse any values, then set mask for the MCS set.
2529 os_memset(&htcaps_mask->supported_mcs_set, 0xff,
2530 IEEE80211_HT_MCS_MASK_LEN - 1);
2531 /* skip the 3 reserved bits */
2532 htcaps_mask->supported_mcs_set[IEEE80211_HT_MCS_MASK_LEN - 1] =
2540 static int wpa_disable_max_amsdu(struct wpa_supplicant *wpa_s,
2541 struct ieee80211_ht_capabilities *htcaps,
2542 struct ieee80211_ht_capabilities *htcaps_mask,
2547 wpa_msg(wpa_s, MSG_DEBUG, "set_disable_max_amsdu: %d", disabled);
2552 msk = host_to_le16(HT_CAP_INFO_MAX_AMSDU_SIZE);
2553 htcaps_mask->ht_capabilities_info |= msk;
2555 htcaps->ht_capabilities_info &= msk;
2557 htcaps->ht_capabilities_info |= msk;
2563 static int wpa_set_ampdu_factor(struct wpa_supplicant *wpa_s,
2564 struct ieee80211_ht_capabilities *htcaps,
2565 struct ieee80211_ht_capabilities *htcaps_mask,
2568 wpa_msg(wpa_s, MSG_DEBUG, "set_ampdu_factor: %d", factor);
2573 if (factor < 0 || factor > 3) {
2574 wpa_msg(wpa_s, MSG_ERROR, "ampdu_factor: %d out of range. "
2575 "Must be 0-3 or -1", factor);
2579 htcaps_mask->a_mpdu_params |= 0x3; /* 2 bits for factor */
2580 htcaps->a_mpdu_params &= ~0x3;
2581 htcaps->a_mpdu_params |= factor & 0x3;
2587 static int wpa_set_ampdu_density(struct wpa_supplicant *wpa_s,
2588 struct ieee80211_ht_capabilities *htcaps,
2589 struct ieee80211_ht_capabilities *htcaps_mask,
2592 wpa_msg(wpa_s, MSG_DEBUG, "set_ampdu_density: %d", density);
2597 if (density < 0 || density > 7) {
2598 wpa_msg(wpa_s, MSG_ERROR,
2599 "ampdu_density: %d out of range. Must be 0-7 or -1.",
2604 htcaps_mask->a_mpdu_params |= 0x1C;
2605 htcaps->a_mpdu_params &= ~(0x1C);
2606 htcaps->a_mpdu_params |= (density << 2) & 0x1C;
2612 static int wpa_set_disable_ht40(struct wpa_supplicant *wpa_s,
2613 struct ieee80211_ht_capabilities *htcaps,
2614 struct ieee80211_ht_capabilities *htcaps_mask,
2617 /* Masking these out disables HT40 */
2618 u16 msk = host_to_le16(HT_CAP_INFO_SUPP_CHANNEL_WIDTH_SET |
2619 HT_CAP_INFO_SHORT_GI40MHZ);
2621 wpa_msg(wpa_s, MSG_DEBUG, "set_disable_ht40: %d", disabled);
2624 htcaps->ht_capabilities_info &= ~msk;
2626 htcaps->ht_capabilities_info |= msk;
2628 htcaps_mask->ht_capabilities_info |= msk;
2634 static int wpa_set_disable_sgi(struct wpa_supplicant *wpa_s,
2635 struct ieee80211_ht_capabilities *htcaps,
2636 struct ieee80211_ht_capabilities *htcaps_mask,
2639 /* Masking these out disables SGI */
2640 u16 msk = host_to_le16(HT_CAP_INFO_SHORT_GI20MHZ |
2641 HT_CAP_INFO_SHORT_GI40MHZ);
2643 wpa_msg(wpa_s, MSG_DEBUG, "set_disable_sgi: %d", disabled);
2646 htcaps->ht_capabilities_info &= ~msk;
2648 htcaps->ht_capabilities_info |= msk;
2650 htcaps_mask->ht_capabilities_info |= msk;
2656 void wpa_supplicant_apply_ht_overrides(
2657 struct wpa_supplicant *wpa_s, struct wpa_ssid *ssid,
2658 struct wpa_driver_associate_params *params)
2660 struct ieee80211_ht_capabilities *htcaps;
2661 struct ieee80211_ht_capabilities *htcaps_mask;
2666 params->disable_ht = ssid->disable_ht;
2667 if (!params->htcaps || !params->htcaps_mask)
2670 htcaps = (struct ieee80211_ht_capabilities *) params->htcaps;
2671 htcaps_mask = (struct ieee80211_ht_capabilities *) params->htcaps_mask;
2672 wpa_set_htcap_mcs(wpa_s, htcaps, htcaps_mask, ssid->ht_mcs);
2673 wpa_disable_max_amsdu(wpa_s, htcaps, htcaps_mask,
2674 ssid->disable_max_amsdu);
2675 wpa_set_ampdu_factor(wpa_s, htcaps, htcaps_mask, ssid->ampdu_factor);
2676 wpa_set_ampdu_density(wpa_s, htcaps, htcaps_mask, ssid->ampdu_density);
2677 wpa_set_disable_ht40(wpa_s, htcaps, htcaps_mask, ssid->disable_ht40);
2678 wpa_set_disable_sgi(wpa_s, htcaps, htcaps_mask, ssid->disable_sgi);
2681 #endif /* CONFIG_HT_OVERRIDES */
2684 #ifdef CONFIG_VHT_OVERRIDES
2685 void wpa_supplicant_apply_vht_overrides(
2686 struct wpa_supplicant *wpa_s, struct wpa_ssid *ssid,
2687 struct wpa_driver_associate_params *params)
2689 struct ieee80211_vht_capabilities *vhtcaps;
2690 struct ieee80211_vht_capabilities *vhtcaps_mask;
2695 params->disable_vht = ssid->disable_vht;
2697 vhtcaps = (void *) params->vhtcaps;
2698 vhtcaps_mask = (void *) params->vhtcaps_mask;
2700 if (!vhtcaps || !vhtcaps_mask)
2703 vhtcaps->vht_capabilities_info = ssid->vht_capa;
2704 vhtcaps_mask->vht_capabilities_info = ssid->vht_capa_mask;
2706 #define OVERRIDE_MCS(i) \
2707 if (ssid->vht_tx_mcs_nss_ ##i >= 0) { \
2708 vhtcaps_mask->vht_supported_mcs_set.tx_map |= \
2710 vhtcaps->vht_supported_mcs_set.tx_map |= \
2711 ssid->vht_tx_mcs_nss_ ##i << 2 * (i - 1); \
2713 if (ssid->vht_rx_mcs_nss_ ##i >= 0) { \
2714 vhtcaps_mask->vht_supported_mcs_set.rx_map |= \
2716 vhtcaps->vht_supported_mcs_set.rx_map |= \
2717 ssid->vht_rx_mcs_nss_ ##i << 2 * (i - 1); \
2729 #endif /* CONFIG_VHT_OVERRIDES */
2732 static int pcsc_reader_init(struct wpa_supplicant *wpa_s)
2737 if (!wpa_s->conf->pcsc_reader)
2740 wpa_s->scard = scard_init(SCARD_TRY_BOTH, wpa_s->conf->pcsc_reader);
2744 if (wpa_s->conf->pcsc_pin &&
2745 scard_set_pin(wpa_s->scard, wpa_s->conf->pcsc_pin) < 0) {
2746 scard_deinit(wpa_s->scard);
2747 wpa_s->scard = NULL;
2748 wpa_msg(wpa_s, MSG_ERROR, "PC/SC PIN validation failed");
2752 len = sizeof(wpa_s->imsi) - 1;
2753 if (scard_get_imsi(wpa_s->scard, wpa_s->imsi, &len)) {
2754 scard_deinit(wpa_s->scard);
2755 wpa_s->scard = NULL;
2756 wpa_msg(wpa_s, MSG_ERROR, "Could not read IMSI");
2759 wpa_s->imsi[len] = '\0';
2761 wpa_s->mnc_len = scard_get_mnc_len(wpa_s->scard);
2763 wpa_printf(MSG_DEBUG, "SCARD: IMSI %s (MNC length %d)",
2764 wpa_s->imsi, wpa_s->mnc_len);
2766 wpa_sm_set_scard_ctx(wpa_s->wpa, wpa_s->scard);
2767 eapol_sm_register_scard_ctx(wpa_s->eapol, wpa_s->scard);
2768 #endif /* PCSC_FUNCS */
2774 int wpas_init_ext_pw(struct wpa_supplicant *wpa_s)
2778 ext_password_deinit(wpa_s->ext_pw);
2779 wpa_s->ext_pw = NULL;
2780 eapol_sm_set_ext_pw_ctx(wpa_s->eapol, NULL);
2782 if (!wpa_s->conf->ext_password_backend)
2785 val = os_strdup(wpa_s->conf->ext_password_backend);
2788 pos = os_strchr(val, ':');
2792 wpa_printf(MSG_DEBUG, "EXT PW: Initialize backend '%s'", val);
2794 wpa_s->ext_pw = ext_password_init(val, pos);
2796 if (wpa_s->ext_pw == NULL) {
2797 wpa_printf(MSG_DEBUG, "EXT PW: Failed to initialize backend");
2800 eapol_sm_set_ext_pw_ctx(wpa_s->eapol, wpa_s->ext_pw);
2806 static int wpa_supplicant_init_iface(struct wpa_supplicant *wpa_s,
2807 struct wpa_interface *iface)
2809 const char *ifname, *driver;
2810 struct wpa_driver_capa capa;
2812 wpa_printf(MSG_DEBUG, "Initializing interface '%s' conf '%s' driver "
2813 "'%s' ctrl_interface '%s' bridge '%s'", iface->ifname,
2814 iface->confname ? iface->confname : "N/A",
2815 iface->driver ? iface->driver : "default",
2816 iface->ctrl_interface ? iface->ctrl_interface : "N/A",
2817 iface->bridge_ifname ? iface->bridge_ifname : "N/A");
2819 if (iface->confname) {
2820 #ifdef CONFIG_BACKEND_FILE
2821 wpa_s->confname = os_rel2abs_path(iface->confname);
2822 if (wpa_s->confname == NULL) {
2823 wpa_printf(MSG_ERROR, "Failed to get absolute path "
2824 "for configuration file '%s'.",
2828 wpa_printf(MSG_DEBUG, "Configuration file '%s' -> '%s'",
2829 iface->confname, wpa_s->confname);
2830 #else /* CONFIG_BACKEND_FILE */
2831 wpa_s->confname = os_strdup(iface->confname);
2832 #endif /* CONFIG_BACKEND_FILE */
2833 wpa_s->conf = wpa_config_read(wpa_s->confname, NULL);
2834 if (wpa_s->conf == NULL) {
2835 wpa_printf(MSG_ERROR, "Failed to read or parse "
2836 "configuration '%s'.", wpa_s->confname);
2839 wpa_s->confanother = os_rel2abs_path(iface->confanother);
2840 wpa_config_read(wpa_s->confanother, wpa_s->conf);
2843 * Override ctrl_interface and driver_param if set on command
2846 if (iface->ctrl_interface) {
2847 os_free(wpa_s->conf->ctrl_interface);
2848 wpa_s->conf->ctrl_interface =
2849 os_strdup(iface->ctrl_interface);
2852 if (iface->driver_param) {
2853 os_free(wpa_s->conf->driver_param);
2854 wpa_s->conf->driver_param =
2855 os_strdup(iface->driver_param);
2858 wpa_s->conf = wpa_config_alloc_empty(iface->ctrl_interface,
2859 iface->driver_param);
2861 if (wpa_s->conf == NULL) {
2862 wpa_printf(MSG_ERROR, "\nNo configuration found.");
2866 if (iface->ifname == NULL) {
2867 wpa_printf(MSG_ERROR, "\nInterface name is required.");
2870 if (os_strlen(iface->ifname) >= sizeof(wpa_s->ifname)) {
2871 wpa_printf(MSG_ERROR, "\nToo long interface name '%s'.",
2875 os_strlcpy(wpa_s->ifname, iface->ifname, sizeof(wpa_s->ifname));
2877 if (iface->bridge_ifname) {
2878 if (os_strlen(iface->bridge_ifname) >=
2879 sizeof(wpa_s->bridge_ifname)) {
2880 wpa_printf(MSG_ERROR, "\nToo long bridge interface "
2881 "name '%s'.", iface->bridge_ifname);
2884 os_strlcpy(wpa_s->bridge_ifname, iface->bridge_ifname,
2885 sizeof(wpa_s->bridge_ifname));
2888 /* RSNA Supplicant Key Management - INITIALIZE */
2889 eapol_sm_notify_portEnabled(wpa_s->eapol, FALSE);
2890 eapol_sm_notify_portValid(wpa_s->eapol, FALSE);
2892 /* Initialize driver interface and register driver event handler before
2893 * L2 receive handler so that association events are processed before
2894 * EAPOL-Key packets if both become available for the same select()
2896 driver = iface->driver;
2898 if (wpa_supplicant_set_driver(wpa_s, driver) < 0)
2901 wpa_s->drv_priv = wpa_drv_init(wpa_s, wpa_s->ifname);
2902 if (wpa_s->drv_priv == NULL) {
2904 pos = driver ? os_strchr(driver, ',') : NULL;
2906 wpa_dbg(wpa_s, MSG_DEBUG, "Failed to initialize "
2907 "driver interface - try next driver wrapper");
2911 wpa_msg(wpa_s, MSG_ERROR, "Failed to initialize driver "
2915 if (wpa_drv_set_param(wpa_s, wpa_s->conf->driver_param) < 0) {
2916 wpa_msg(wpa_s, MSG_ERROR, "Driver interface rejected "
2917 "driver_param '%s'", wpa_s->conf->driver_param);
2921 ifname = wpa_drv_get_ifname(wpa_s);
2922 if (ifname && os_strcmp(ifname, wpa_s->ifname) != 0) {
2923 wpa_dbg(wpa_s, MSG_DEBUG, "Driver interface replaced "
2924 "interface name with '%s'", ifname);
2925 os_strlcpy(wpa_s->ifname, ifname, sizeof(wpa_s->ifname));
2928 if (wpa_supplicant_init_wpa(wpa_s) < 0)
2931 wpa_sm_set_ifname(wpa_s->wpa, wpa_s->ifname,
2932 wpa_s->bridge_ifname[0] ? wpa_s->bridge_ifname :
2934 wpa_sm_set_fast_reauth(wpa_s->wpa, wpa_s->conf->fast_reauth);
2936 if (wpa_s->conf->dot11RSNAConfigPMKLifetime &&
2937 wpa_sm_set_param(wpa_s->wpa, RSNA_PMK_LIFETIME,
2938 wpa_s->conf->dot11RSNAConfigPMKLifetime)) {
2939 wpa_msg(wpa_s, MSG_ERROR, "Invalid WPA parameter value for "
2940 "dot11RSNAConfigPMKLifetime");
2944 if (wpa_s->conf->dot11RSNAConfigPMKReauthThreshold &&
2945 wpa_sm_set_param(wpa_s->wpa, RSNA_PMK_REAUTH_THRESHOLD,
2946 wpa_s->conf->dot11RSNAConfigPMKReauthThreshold)) {
2947 wpa_msg(wpa_s, MSG_ERROR, "Invalid WPA parameter value for "
2948 "dot11RSNAConfigPMKReauthThreshold");
2952 if (wpa_s->conf->dot11RSNAConfigSATimeout &&
2953 wpa_sm_set_param(wpa_s->wpa, RSNA_SA_TIMEOUT,
2954 wpa_s->conf->dot11RSNAConfigSATimeout)) {
2955 wpa_msg(wpa_s, MSG_ERROR, "Invalid WPA parameter value for "
2956 "dot11RSNAConfigSATimeout");
2960 wpa_s->hw.modes = wpa_drv_get_hw_feature_data(wpa_s,
2961 &wpa_s->hw.num_modes,
2964 if (wpa_drv_get_capa(wpa_s, &capa) == 0) {
2965 wpa_s->drv_capa_known = 1;
2966 wpa_s->drv_flags = capa.flags;
2967 wpa_s->drv_enc = capa.enc;
2968 wpa_s->probe_resp_offloads = capa.probe_resp_offloads;
2969 wpa_s->max_scan_ssids = capa.max_scan_ssids;
2970 wpa_s->max_sched_scan_ssids = capa.max_sched_scan_ssids;
2971 wpa_s->sched_scan_supported = capa.sched_scan_supported;
2972 wpa_s->max_match_sets = capa.max_match_sets;
2973 wpa_s->max_remain_on_chan = capa.max_remain_on_chan;
2974 wpa_s->max_stations = capa.max_stations;
2975 wpa_s->extended_capa = capa.extended_capa;
2976 wpa_s->extended_capa_mask = capa.extended_capa_mask;
2977 wpa_s->extended_capa_len = capa.extended_capa_len;
2979 if (wpa_s->max_remain_on_chan == 0)
2980 wpa_s->max_remain_on_chan = 1000;
2982 if (wpa_supplicant_driver_init(wpa_s) < 0)
2986 if (wpa_tdls_init(wpa_s->wpa))
2988 #endif /* CONFIG_TDLS */
2990 if (wpa_s->conf->country[0] && wpa_s->conf->country[1] &&
2991 wpa_drv_set_country(wpa_s, wpa_s->conf->country)) {
2992 wpa_dbg(wpa_s, MSG_DEBUG, "Failed to set country");
2996 if (wpas_wps_init(wpa_s))
2999 if (wpa_supplicant_init_eapol(wpa_s) < 0)
3001 wpa_sm_set_eapol(wpa_s->wpa, wpa_s->eapol);
3003 wpa_s->ctrl_iface = wpa_supplicant_ctrl_iface_init(wpa_s);
3004 if (wpa_s->ctrl_iface == NULL) {
3005 wpa_printf(MSG_ERROR,
3006 "Failed to initialize control interface '%s'.\n"
3007 "You may have another wpa_supplicant process "
3008 "already running or the file was\n"
3009 "left by an unclean termination of wpa_supplicant "
3010 "in which case you will need\n"
3011 "to manually remove this file before starting "
3012 "wpa_supplicant again.\n",
3013 wpa_s->conf->ctrl_interface);
3017 wpa_s->gas = gas_query_init(wpa_s);
3018 if (wpa_s->gas == NULL) {
3019 wpa_printf(MSG_ERROR, "Failed to initialize GAS query");
3024 if (wpas_p2p_init(wpa_s->global, wpa_s) < 0) {
3025 wpa_msg(wpa_s, MSG_ERROR, "Failed to init P2P");
3028 #endif /* CONFIG_P2P */
3030 if (wpa_bss_init(wpa_s) < 0)
3033 if (pcsc_reader_init(wpa_s) < 0)
3036 if (wpas_init_ext_pw(wpa_s) < 0)
3043 static void wpa_supplicant_deinit_iface(struct wpa_supplicant *wpa_s,
3044 int notify, int terminate)
3046 wpa_s->disconnected = 1;
3047 if (wpa_s->drv_priv) {
3048 wpa_supplicant_deauthenticate(wpa_s,
3049 WLAN_REASON_DEAUTH_LEAVING);
3051 wpa_drv_set_countermeasures(wpa_s, 0);
3052 wpa_clear_keys(wpa_s, NULL);
3055 wpa_supplicant_cleanup(wpa_s);
3058 if (wpa_s == wpa_s->global->p2p_init_wpa_s && wpa_s->global->p2p) {
3059 wpa_dbg(wpa_s, MSG_DEBUG, "P2P: Disable P2P since removing "
3060 "the management interface is being removed");
3061 wpas_p2p_deinit_global(wpa_s->global);
3063 #endif /* CONFIG_P2P */
3065 if (wpa_s->drv_priv)
3066 wpa_drv_deinit(wpa_s);
3069 wpas_notify_iface_removed(wpa_s);
3072 wpa_msg(wpa_s, MSG_INFO, WPA_EVENT_TERMINATING);
3074 if (wpa_s->ctrl_iface) {
3075 wpa_supplicant_ctrl_iface_deinit(wpa_s->ctrl_iface);
3076 wpa_s->ctrl_iface = NULL;
3079 if (wpa_s->conf != NULL) {
3080 wpa_config_free(wpa_s->conf);
3089 * wpa_supplicant_add_iface - Add a new network interface
3090 * @global: Pointer to global data from wpa_supplicant_init()
3091 * @iface: Interface configuration options
3092 * Returns: Pointer to the created interface or %NULL on failure
3094 * This function is used to add new network interfaces for %wpa_supplicant.
3095 * This can be called before wpa_supplicant_run() to add interfaces before the
3096 * main event loop has been started. In addition, new interfaces can be added
3097 * dynamically while %wpa_supplicant is already running. This could happen,
3098 * e.g., when a hotplug network adapter is inserted.
3100 struct wpa_supplicant * wpa_supplicant_add_iface(struct wpa_global *global,
3101 struct wpa_interface *iface)
3103 struct wpa_supplicant *wpa_s;
3104 struct wpa_interface t_iface;
3105 struct wpa_ssid *ssid;
3107 if (global == NULL || iface == NULL)
3110 wpa_s = wpa_supplicant_alloc();
3114 wpa_s->global = global;
3117 if (global->params.override_driver) {
3118 wpa_printf(MSG_DEBUG, "Override interface parameter: driver "
3120 iface->driver, global->params.override_driver);
3121 t_iface.driver = global->params.override_driver;
3123 if (global->params.override_ctrl_interface) {
3124 wpa_printf(MSG_DEBUG, "Override interface parameter: "
3125 "ctrl_interface ('%s' -> '%s')",
3126 iface->ctrl_interface,
3127 global->params.override_ctrl_interface);
3128 t_iface.ctrl_interface =
3129 global->params.override_ctrl_interface;
3131 if (wpa_supplicant_init_iface(wpa_s, &t_iface)) {
3132 wpa_printf(MSG_DEBUG, "Failed to add interface %s",
3134 wpa_supplicant_deinit_iface(wpa_s, 0, 0);
3138 /* Notify the control interfaces about new iface */
3139 if (wpas_notify_iface_added(wpa_s)) {
3140 wpa_supplicant_deinit_iface(wpa_s, 1, 0);
3144 for (ssid = wpa_s->conf->ssid; ssid; ssid = ssid->next)
3145 wpas_notify_network_added(wpa_s, ssid);
3147 wpa_s->next = global->ifaces;
3148 global->ifaces = wpa_s;
3150 wpa_dbg(wpa_s, MSG_DEBUG, "Added interface %s", wpa_s->ifname);
3151 wpa_supplicant_set_state(wpa_s, WPA_DISCONNECTED);
3158 * wpa_supplicant_remove_iface - Remove a network interface
3159 * @global: Pointer to global data from wpa_supplicant_init()
3160 * @wpa_s: Pointer to the network interface to be removed
3161 * Returns: 0 if interface was removed, -1 if interface was not found
3163 * This function can be used to dynamically remove network interfaces from
3164 * %wpa_supplicant, e.g., when a hotplug network adapter is ejected. In
3165 * addition, this function is used to remove all remaining interfaces when
3166 * %wpa_supplicant is terminated.
3168 int wpa_supplicant_remove_iface(struct wpa_global *global,
3169 struct wpa_supplicant *wpa_s,
3172 struct wpa_supplicant *prev;
3174 /* Remove interface from the global list of interfaces */
3175 prev = global->ifaces;
3176 if (prev == wpa_s) {
3177 global->ifaces = wpa_s->next;
3179 while (prev && prev->next != wpa_s)
3183 prev->next = wpa_s->next;
3186 wpa_dbg(wpa_s, MSG_DEBUG, "Removing interface %s", wpa_s->ifname);
3188 if (global->p2p_group_formation == wpa_s)
3189 global->p2p_group_formation = NULL;
3190 if (global->p2p_invite_group == wpa_s)
3191 global->p2p_invite_group = NULL;
3192 wpa_supplicant_deinit_iface(wpa_s, 1, terminate);
3199 * wpa_supplicant_get_eap_mode - Get the current EAP mode
3200 * @wpa_s: Pointer to the network interface
3201 * Returns: Pointer to the eap mode or the string "UNKNOWN" if not found
3203 const char * wpa_supplicant_get_eap_mode(struct wpa_supplicant *wpa_s)
3205 const char *eapol_method;
3207 if (wpa_key_mgmt_wpa_ieee8021x(wpa_s->key_mgmt) == 0 &&
3208 wpa_s->key_mgmt != WPA_KEY_MGMT_IEEE8021X_NO_WPA) {
3212 eapol_method = eapol_sm_get_method_name(wpa_s->eapol);
3213 if (eapol_method == NULL)
3214 return "UNKNOWN-EAP";
3216 return eapol_method;
3221 * wpa_supplicant_get_iface - Get a new network interface
3222 * @global: Pointer to global data from wpa_supplicant_init()
3223 * @ifname: Interface name
3224 * Returns: Pointer to the interface or %NULL if not found
3226 struct wpa_supplicant * wpa_supplicant_get_iface(struct wpa_global *global,
3229 struct wpa_supplicant *wpa_s;
3231 for (wpa_s = global->ifaces; wpa_s; wpa_s = wpa_s->next) {
3232 if (os_strcmp(wpa_s->ifname, ifname) == 0)
3239 #ifndef CONFIG_NO_WPA_MSG
3240 static const char * wpa_supplicant_msg_ifname_cb(void *ctx)
3242 struct wpa_supplicant *wpa_s = ctx;
3245 return wpa_s->ifname;
3247 #endif /* CONFIG_NO_WPA_MSG */
3251 * wpa_supplicant_init - Initialize %wpa_supplicant
3252 * @params: Parameters for %wpa_supplicant
3253 * Returns: Pointer to global %wpa_supplicant data, or %NULL on failure
3255 * This function is used to initialize %wpa_supplicant. After successful
3256 * initialization, the returned data pointer can be used to add and remove
3257 * network interfaces, and eventually, to deinitialize %wpa_supplicant.
3259 struct wpa_global * wpa_supplicant_init(struct wpa_params *params)
3261 struct wpa_global *global;
3267 #ifdef CONFIG_DRIVER_NDIS
3269 void driver_ndis_init_ops(void);
3270 driver_ndis_init_ops();
3272 #endif /* CONFIG_DRIVER_NDIS */
3274 #ifndef CONFIG_NO_WPA_MSG
3275 wpa_msg_register_ifname_cb(wpa_supplicant_msg_ifname_cb);
3276 #endif /* CONFIG_NO_WPA_MSG */
3278 wpa_debug_open_file(params->wpa_debug_file_path);
3279 if (params->wpa_debug_syslog)
3280 wpa_debug_open_syslog();
3281 if (params->wpa_debug_tracing) {
3282 ret = wpa_debug_open_linux_tracing();
3284 wpa_printf(MSG_ERROR,
3285 "Failed to enable trace logging");
3290 ret = eap_register_methods();
3292 wpa_printf(MSG_ERROR, "Failed to register EAP methods");
3294 wpa_printf(MSG_ERROR, "Two or more EAP methods used "
3295 "the same EAP type.");
3299 global = os_zalloc(sizeof(*global));
3302 dl_list_init(&global->p2p_srv_bonjour);
3303 dl_list_init(&global->p2p_srv_upnp);
3304 global->params.daemonize = params->daemonize;
3305 global->params.wait_for_monitor = params->wait_for_monitor;
3306 global->params.dbus_ctrl_interface = params->dbus_ctrl_interface;
3307 if (params->pid_file)
3308 global->params.pid_file = os_strdup(params->pid_file);
3309 if (params->ctrl_interface)
3310 global->params.ctrl_interface =
3311 os_strdup(params->ctrl_interface);
3312 if (params->ctrl_interface_group)
3313 global->params.ctrl_interface_group =
3314 os_strdup(params->ctrl_interface_group);
3315 if (params->override_driver)
3316 global->params.override_driver =
3317 os_strdup(params->override_driver);
3318 if (params->override_ctrl_interface)
3319 global->params.override_ctrl_interface =
3320 os_strdup(params->override_ctrl_interface);
3321 wpa_debug_level = global->params.wpa_debug_level =
3322 params->wpa_debug_level;
3323 wpa_debug_show_keys = global->params.wpa_debug_show_keys =
3324 params->wpa_debug_show_keys;
3325 wpa_debug_timestamp = global->params.wpa_debug_timestamp =
3326 params->wpa_debug_timestamp;
3328 wpa_printf(MSG_DEBUG, "wpa_supplicant v" VERSION_STR);
3331 wpa_printf(MSG_ERROR, "Failed to initialize event loop");
3332 wpa_supplicant_deinit(global);
3336 random_init(params->entropy_file);
3338 global->ctrl_iface = wpa_supplicant_global_ctrl_iface_init(global);
3339 if (global->ctrl_iface == NULL) {
3340 wpa_supplicant_deinit(global);
3344 if (wpas_notify_supplicant_initialized(global)) {
3345 wpa_supplicant_deinit(global);
3349 for (i = 0; wpa_drivers[i]; i++)
3350 global->drv_count++;
3351 if (global->drv_count == 0) {
3352 wpa_printf(MSG_ERROR, "No drivers enabled");
3353 wpa_supplicant_deinit(global);
3356 global->drv_priv = os_zalloc(global->drv_count * sizeof(void *));
3357 if (global->drv_priv == NULL) {
3358 wpa_supplicant_deinit(global);
3362 #ifdef CONFIG_WIFI_DISPLAY
3363 if (wifi_display_init(global) < 0) {
3364 wpa_printf(MSG_ERROR, "Failed to initialize Wi-Fi Display");
3365 wpa_supplicant_deinit(global);
3368 #endif /* CONFIG_WIFI_DISPLAY */
3375 * wpa_supplicant_run - Run the %wpa_supplicant main event loop
3376 * @global: Pointer to global data from wpa_supplicant_init()
3377 * Returns: 0 after successful event loop run, -1 on failure
3379 * This function starts the main event loop and continues running as long as
3380 * there are any remaining events. In most cases, this function is running as
3381 * long as the %wpa_supplicant process in still in use.
3383 int wpa_supplicant_run(struct wpa_global *global)
3385 struct wpa_supplicant *wpa_s;
3387 if (global->params.daemonize &&
3388 wpa_supplicant_daemon(global->params.pid_file))
3391 if (global->params.wait_for_monitor) {
3392 for (wpa_s = global->ifaces; wpa_s; wpa_s = wpa_s->next)
3393 if (wpa_s->ctrl_iface)
3394 wpa_supplicant_ctrl_iface_wait(
3398 eloop_register_signal_terminate(wpa_supplicant_terminate, global);
3399 eloop_register_signal_reconfig(wpa_supplicant_reconfig, global);
3408 * wpa_supplicant_deinit - Deinitialize %wpa_supplicant
3409 * @global: Pointer to global data from wpa_supplicant_init()
3411 * This function is called to deinitialize %wpa_supplicant and to free all
3412 * allocated resources. Remaining network interfaces will also be removed.
3414 void wpa_supplicant_deinit(struct wpa_global *global)
3421 #ifdef CONFIG_WIFI_DISPLAY
3422 wifi_display_deinit(global);
3423 #endif /* CONFIG_WIFI_DISPLAY */
3425 wpas_p2p_deinit_global(global);
3426 #endif /* CONFIG_P2P */
3428 while (global->ifaces)
3429 wpa_supplicant_remove_iface(global, global->ifaces, 1);
3431 if (global->ctrl_iface)
3432 wpa_supplicant_global_ctrl_iface_deinit(global->ctrl_iface);
3434 wpas_notify_supplicant_deinitialized(global);
3436 eap_peer_unregister_methods();
3438 eap_server_unregister_methods();
3439 #endif /* CONFIG_AP */
3441 for (i = 0; wpa_drivers[i] && global->drv_priv; i++) {
3442 if (!global->drv_priv[i])
3444 wpa_drivers[i]->global_deinit(global->drv_priv[i]);
3446 os_free(global->drv_priv);
3452 if (global->params.pid_file) {
3453 os_daemonize_terminate(global->params.pid_file);
3454 os_free(global->params.pid_file);
3456 os_free(global->params.ctrl_interface);
3457 os_free(global->params.ctrl_interface_group);
3458 os_free(global->params.override_driver);
3459 os_free(global->params.override_ctrl_interface);
3461 os_free(global->p2p_disallow_freq);
3464 wpa_debug_close_syslog();
3465 wpa_debug_close_file();
3466 wpa_debug_close_linux_tracing();
3470 void wpa_supplicant_update_config(struct wpa_supplicant *wpa_s)
3472 if ((wpa_s->conf->changed_parameters & CFG_CHANGED_COUNTRY) &&
3473 wpa_s->conf->country[0] && wpa_s->conf->country[1]) {
3475 country[0] = wpa_s->conf->country[0];
3476 country[1] = wpa_s->conf->country[1];
3478 if (wpa_drv_set_country(wpa_s, country) < 0) {
3479 wpa_printf(MSG_ERROR, "Failed to set country code "
3484 if (wpa_s->conf->changed_parameters & CFG_CHANGED_EXT_PW_BACKEND)
3485 wpas_init_ext_pw(wpa_s);
3488 wpas_wps_update_config(wpa_s);
3489 #endif /* CONFIG_WPS */
3492 wpas_p2p_update_config(wpa_s);
3493 #endif /* CONFIG_P2P */
3495 wpa_s->conf->changed_parameters = 0;
3499 static void add_freq(int *freqs, int *num_freqs, int freq)
3503 for (i = 0; i < *num_freqs; i++) {
3504 if (freqs[i] == freq)
3508 freqs[*num_freqs] = freq;
3513 static int * get_bss_freqs_in_ess(struct wpa_supplicant *wpa_s)
3515 struct wpa_bss *bss, *cbss;
3516 const int max_freqs = 10;
3520 freqs = os_zalloc(sizeof(int) * (max_freqs + 1));
3524 cbss = wpa_s->current_bss;
3526 dl_list_for_each(bss, &wpa_s->bss, struct wpa_bss, list) {
3529 if (bss->ssid_len == cbss->ssid_len &&
3530 os_memcmp(bss->ssid, cbss->ssid, bss->ssid_len) == 0 &&
3531 wpa_blacklist_get(wpa_s, bss->bssid) == NULL) {
3532 add_freq(freqs, &num_freqs, bss->freq);
3533 if (num_freqs == max_freqs)
3538 if (num_freqs == 0) {
3547 void wpas_connection_failed(struct wpa_supplicant *wpa_s, const u8 *bssid)
3554 * Remove possible authentication timeout since the connection failed.
3556 eloop_cancel_timeout(wpa_supplicant_timeout, wpa_s, NULL);
3558 if (wpa_s->disconnected) {
3560 * There is no point in blacklisting the AP if this event is
3561 * generated based on local request to disconnect.
3563 wpa_dbg(wpa_s, MSG_DEBUG, "Ignore connection failure "
3564 "indication since interface has been put into "
3565 "disconnected state");
3570 * Add the failed BSSID into the blacklist and speed up next scan
3571 * attempt if there could be other APs that could accept association.
3572 * The current blacklist count indicates how many times we have tried
3573 * connecting to this AP and multiple attempts mean that other APs are
3574 * either not available or has already been tried, so that we can start
3575 * increasing the delay here to avoid constant scanning.
3577 count = wpa_blacklist_add(wpa_s, bssid);
3578 if (count == 1 && wpa_s->current_bss) {
3580 * This BSS was not in the blacklist before. If there is
3581 * another BSS available for the same ESS, we should try that
3582 * next. Otherwise, we may as well try this one once more
3583 * before allowing other, likely worse, ESSes to be considered.
3585 freqs = get_bss_freqs_in_ess(wpa_s);
3587 wpa_dbg(wpa_s, MSG_DEBUG, "Another BSS in this ESS "
3588 "has been seen; try it next");
3589 wpa_blacklist_add(wpa_s, bssid);
3591 * On the next scan, go through only the known channels
3592 * used in this ESS based on previous scans to speed up
3593 * common load balancing use case.
3595 os_free(wpa_s->next_scan_freqs);
3596 wpa_s->next_scan_freqs = freqs;
3601 * Add previous failure count in case the temporary blacklist was
3602 * cleared due to no other BSSes being available.
3604 count += wpa_s->extra_blacklist_count;
3606 if (count > 3 && wpa_s->current_ssid) {
3607 wpa_printf(MSG_DEBUG, "Continuous association failures - "
3608 "consider temporary network disabling");
3609 wpas_auth_failed(wpa_s);
3630 wpa_dbg(wpa_s, MSG_DEBUG, "Blacklist count %d --> request scan in %d "
3631 "ms", count, timeout);
3634 * TODO: if more than one possible AP is available in scan results,
3635 * could try the other ones before requesting a new scan.
3637 wpa_supplicant_req_scan(wpa_s, timeout / 1000,
3638 1000 * (timeout % 1000));
3640 wpas_p2p_continue_after_scan(wpa_s);
3644 int wpas_driver_bss_selection(struct wpa_supplicant *wpa_s)
3646 return wpa_s->conf->ap_scan == 2 ||
3647 (wpa_s->drv_flags & WPA_DRIVER_FLAGS_BSS_SELECTION);
3651 #if defined(CONFIG_CTRL_IFACE) || defined(CONFIG_CTRL_IFACE_DBUS_NEW)
3652 int wpa_supplicant_ctrl_iface_ctrl_rsp_handle(struct wpa_supplicant *wpa_s,
3653 struct wpa_ssid *ssid,
3657 #ifdef IEEE8021X_EAPOL
3658 struct eap_peer_config *eap = &ssid->eap;
3660 wpa_printf(MSG_DEBUG, "CTRL_IFACE: response handle field=%s", field);
3661 wpa_hexdump_ascii_key(MSG_DEBUG, "CTRL_IFACE: response value",
3662 (const u8 *) value, os_strlen(value));
3664 switch (wpa_supplicant_ctrl_req_from_string(field)) {
3665 case WPA_CTRL_REQ_EAP_IDENTITY:
3666 os_free(eap->identity);
3667 eap->identity = (u8 *) os_strdup(value);
3668 eap->identity_len = os_strlen(value);
3669 eap->pending_req_identity = 0;
3670 if (ssid == wpa_s->current_ssid)
3671 wpa_s->reassociate = 1;
3673 case WPA_CTRL_REQ_EAP_PASSWORD:
3674 os_free(eap->password);
3675 eap->password = (u8 *) os_strdup(value);
3676 eap->password_len = os_strlen(value);
3677 eap->pending_req_password = 0;
3678 if (ssid == wpa_s->current_ssid)
3679 wpa_s->reassociate = 1;
3681 case WPA_CTRL_REQ_EAP_NEW_PASSWORD:
3682 os_free(eap->new_password);
3683 eap->new_password = (u8 *) os_strdup(value);
3684 eap->new_password_len = os_strlen(value);
3685 eap->pending_req_new_password = 0;
3686 if (ssid == wpa_s->current_ssid)
3687 wpa_s->reassociate = 1;
3689 case WPA_CTRL_REQ_EAP_PIN:
3691 eap->pin = os_strdup(value);
3692 eap->pending_req_pin = 0;
3693 if (ssid == wpa_s->current_ssid)
3694 wpa_s->reassociate = 1;
3696 case WPA_CTRL_REQ_EAP_OTP:
3698 eap->otp = (u8 *) os_strdup(value);
3699 eap->otp_len = os_strlen(value);
3700 os_free(eap->pending_req_otp);
3701 eap->pending_req_otp = NULL;
3702 eap->pending_req_otp_len = 0;
3704 case WPA_CTRL_REQ_EAP_PASSPHRASE:
3705 os_free(eap->private_key_passwd);
3706 eap->private_key_passwd = (u8 *) os_strdup(value);
3707 eap->pending_req_passphrase = 0;
3708 if (ssid == wpa_s->current_ssid)
3709 wpa_s->reassociate = 1;
3712 wpa_printf(MSG_DEBUG, "CTRL_IFACE: Unknown field '%s'", field);
3717 #else /* IEEE8021X_EAPOL */
3718 wpa_printf(MSG_DEBUG, "CTRL_IFACE: IEEE 802.1X not included");
3720 #endif /* IEEE8021X_EAPOL */
3722 #endif /* CONFIG_CTRL_IFACE || CONFIG_CTRL_IFACE_DBUS_NEW */
3725 int wpas_network_disabled(struct wpa_supplicant *wpa_s, struct wpa_ssid *ssid)
3728 unsigned int drv_enc;
3736 if (wpa_s && wpa_s->drv_capa_known)
3737 drv_enc = wpa_s->drv_enc;
3739 drv_enc = (unsigned int) -1;
3741 for (i = 0; i < NUM_WEP_KEYS; i++) {
3742 size_t len = ssid->wep_key_len[i];
3745 if (len == 5 && (drv_enc & WPA_DRIVER_CAPA_ENC_WEP40))
3747 if (len == 13 && (drv_enc & WPA_DRIVER_CAPA_ENC_WEP104))
3749 if (len == 16 && (drv_enc & WPA_DRIVER_CAPA_ENC_WEP128))
3751 return 1; /* invalid WEP key */
3754 if (wpa_key_mgmt_wpa_psk(ssid->key_mgmt) && !ssid->psk_set &&
3762 int wpas_is_p2p_prioritized(struct wpa_supplicant *wpa_s)
3764 if (wpa_s->global->conc_pref == WPA_CONC_PREF_P2P)
3766 if (wpa_s->global->conc_pref == WPA_CONC_PREF_STA)
3772 void wpas_auth_failed(struct wpa_supplicant *wpa_s)
3774 struct wpa_ssid *ssid = wpa_s->current_ssid;
3779 wpa_printf(MSG_DEBUG, "Authentication failure but no known "
3784 if (ssid->key_mgmt == WPA_KEY_MGMT_WPS)
3787 ssid->auth_failures++;
3788 if (ssid->auth_failures > 50)
3790 else if (ssid->auth_failures > 20)
3792 else if (ssid->auth_failures > 10)
3794 else if (ssid->auth_failures > 5)
3796 else if (ssid->auth_failures > 1)
3802 if (now.sec + dur <= ssid->disabled_until.sec)
3805 ssid->disabled_until.sec = now.sec + dur;
3807 wpa_msg(wpa_s, MSG_INFO, WPA_EVENT_TEMP_DISABLED
3808 "id=%d ssid=\"%s\" auth_failures=%u duration=%d",
3809 ssid->id, wpa_ssid_txt(ssid->ssid, ssid->ssid_len),
3810 ssid->auth_failures, dur);
3814 void wpas_clear_temp_disabled(struct wpa_supplicant *wpa_s,
3815 struct wpa_ssid *ssid, int clear_failures)
3820 if (ssid->disabled_until.sec) {
3821 wpa_msg(wpa_s, MSG_INFO, WPA_EVENT_REENABLED
3822 "id=%d ssid=\"%s\"",
3823 ssid->id, wpa_ssid_txt(ssid->ssid, ssid->ssid_len));
3825 ssid->disabled_until.sec = 0;
3826 ssid->disabled_until.usec = 0;
3828 ssid->auth_failures = 0;
3832 int disallowed_bssid(struct wpa_supplicant *wpa_s, const u8 *bssid)
3836 if (wpa_s->disallow_aps_bssid == NULL)
3839 for (i = 0; i < wpa_s->disallow_aps_bssid_count; i++) {
3840 if (os_memcmp(wpa_s->disallow_aps_bssid + i * ETH_ALEN,
3841 bssid, ETH_ALEN) == 0)
3849 int disallowed_ssid(struct wpa_supplicant *wpa_s, const u8 *ssid,
3854 if (wpa_s->disallow_aps_ssid == NULL || ssid == NULL)
3857 for (i = 0; i < wpa_s->disallow_aps_ssid_count; i++) {
3858 struct wpa_ssid_value *s = &wpa_s->disallow_aps_ssid[i];
3859 if (ssid_len == s->ssid_len &&
3860 os_memcmp(ssid, s->ssid, ssid_len) == 0)
3869 * wpas_request_connection - Request a new connection
3870 * @wpa_s: Pointer to the network interface
3872 * This function is used to request a new connection to be found. It will mark
3873 * the interface to allow reassociation and request a new scan to find a
3874 * suitable network to connect to.
3876 void wpas_request_connection(struct wpa_supplicant *wpa_s)
3878 wpa_s->normal_scans = 0;
3879 wpa_supplicant_reinit_autoscan(wpa_s);
3880 wpa_s->extra_blacklist_count = 0;
3881 wpa_s->disconnected = 0;
3882 wpa_s->reassociate = 1;
3884 if (wpa_supplicant_fast_associate(wpa_s) != 1)
3885 wpa_supplicant_req_scan(wpa_s, 0, 0);
3890 * wpas_wpa_is_in_progress - Check whether a connection is in progress
3891 * @wpa_s: Pointer to wpa_supplicant data
3893 * This function is to check if the wpa state is in beginning of the connection
3894 * during 4-way handshake or group key handshake with WPA on any shared
3897 int wpas_wpa_is_in_progress(struct wpa_supplicant *wpa_s)
3899 const char *rn, *rn2;
3900 struct wpa_supplicant *ifs;
3902 if (!wpa_s->driver->get_radio_name)
3905 rn = wpa_s->driver->get_radio_name(wpa_s->drv_priv);
3906 if (rn == NULL || rn[0] == '\0')
3909 for (ifs = wpa_s->global->ifaces; ifs; ifs = ifs->next) {
3910 if (ifs == wpa_s || !ifs->driver->get_radio_name)
3913 rn2 = ifs->driver->get_radio_name(ifs->drv_priv);
3914 if (!rn2 || os_strcmp(rn, rn2) != 0)
3916 if (ifs->wpa_state >= WPA_AUTHENTICATING &&
3917 ifs->wpa_state != WPA_COMPLETED) {
3918 wpa_dbg(wpa_s, MSG_DEBUG, "Connection is in progress "
3919 "on interface %s - defer scan", ifs->ifname);