« back to all changes in this revision
Viewing changes to wpa_supplicant/wpa_supplicant.c
- browse files at revision 26
- compare with another revision
- compare with revision 26
- download diff
- download tarball
- view history from revision 26
- Committer: Bazaar Package Importer
- Author(s): Reinhard Tartler, Alexander Sack
- Date: 2007-08-26 16:06:57 UTC
- mfrom: (1.1.9 upstream)
- Revision ID: james.westby@ubuntu.com-20070826160657-2m8pxoweuxe8f93t
Tags: 0.6.0+0.5.8-0ubuntu1
* New upstream release
* remove patch 11_erroneous_manpage_ref, applied upstream
* remove patch 25_wpas_dbus_unregister_iface_fix, applied upstream
[ Alexander Sack ]
* bumping upstream version to replace development version 0.6.0 with
this package from stable release branch.
* attempt to fix wierd timeout and high latency issues by going
back to stable upstream version (0.5.9) (LP: #140763,
LP: #141233).
* remove patch 11_erroneous_manpage_ref, applied upstream
* remove patch 25_wpas_dbus_unregister_iface_fix, applied upstream
[ Alexander Sack ]
* bumping upstream version to replace development version 0.6.0 with
this package from stable release branch.
* attempt to fix wierd timeout and high latency issues by going
back to stable upstream version (0.5.9) (LP: #140763,
LP: #141233).
- files added:
- ChangeLog
- doc
- doc/docbook
- examples
- tests
- vs2005
- vs2005/eapol_test
- vs2005/win_if_list
- vs2005/wpa_cli
- vs2005/wpa_passphrase
- vs2005/wpa_supplicant
- vs2005/wpasvc
- wpa_gui
- wpa_gui-qt4
- files removed:
- debian/dbus-wpa_supplicant.service
- debian/ifupdown
- patches
- src
- src/common
- src/crypto
- src/drivers
- src/eap_common
- src/eap_peer
- src/eap_server
- src/hlr_auc_gw
- src/l2_packet
- src/radius
- src/rsn_supp
- src/tls
- src/utils
- wpa_supplicant
- wpa_supplicant/doc
- wpa_supplicant/doc/docbook
- wpa_supplicant/examples
- wpa_supplicant/symbian
- wpa_supplicant/tests
- wpa_supplicant/vs2005
- wpa_supplicant/vs2005/eapol_test
- wpa_supplicant/vs2005/win_if_list
- wpa_supplicant/vs2005/wpa_cli
- wpa_supplicant/vs2005/wpa_passphrase
- wpa_supplicant/vs2005/wpa_supplicant
- wpa_supplicant/vs2005/wpasvc
- wpa_supplicant/wpa_gui
- wpa_supplicant/wpa_gui-qt4
- files modified:
- README
added
removed
wpa_supplicant/wpa_supplicant.c
1
/*
2
* WPA Supplicant
3
* Copyright (c) 2003-2007, Jouni Malinen <j@w1.fi>
4
*
5
* This program is free software; you can redistribute it and/or modify
6
* it under the terms of the GNU General Public License version 2 as
7
* published by the Free Software Foundation.
8
*
9
* Alternatively, this software may be distributed under the terms of BSD
10
* license.
11
*
12
* See README and COPYING for more details.
13
*
14
* This file implements functions for registering and unregistering
15
* %wpa_supplicant interfaces. In addition, this file contains number of
16
* functions for managing network connections.
17
*/
18
19
#include "includes.h"
20
21
#include "common.h"
22
#include "eapol_sm.h"
23
#include "eap_peer/eap.h"
24
#include "wpa.h"
25
#include "eloop.h"
26
#include "drivers/driver.h"
27
#include "config.h"
28
#include "l2_packet/l2_packet.h"
29
#include "wpa_supplicant_i.h"
30
#include "ctrl_iface.h"
31
#include "ctrl_iface_dbus.h"
32
#include "pcsc_funcs.h"
33
#include "version.h"
34
#include "preauth.h"
35
#include "pmksa_cache.h"
36
#include "wpa_ctrl.h"
37
#include "mlme.h"
38
#include "ieee802_11_defs.h"
39
40
const char *wpa_supplicant_version =
41
"wpa_supplicant v" VERSION_STR "\n"
42
"Copyright (c) 2003-2007, Jouni Malinen <j@w1.fi> and contributors";
43
44
const char *wpa_supplicant_license =
45
"This program is free software. You can distribute it and/or modify it\n"
46
"under the terms of the GNU General Public License version 2.\n"
47
"\n"
48
"Alternatively, this software may be distributed under the terms of the\n"
49
"BSD license. See README and COPYING for more details.\n"
50
#ifdef EAP_TLS_OPENSSL
51
"\nThis product includes software developed by the OpenSSL Project\n"
52
"for use in the OpenSSL Toolkit (http://www.openssl.org/)\n"
53
#endif /* EAP_TLS_OPENSSL */
54
;
55
56
#ifndef CONFIG_NO_STDOUT_DEBUG
57
/* Long text divided into parts in order to fit in C89 strings size limits. */
58
const char *wpa_supplicant_full_license1 =
59
"This program is free software; you can redistribute it and/or modify\n"
60
"it under the terms of the GNU General Public License version 2 as\n"
61
"published by the Free Software Foundation.\n"
62
"\n"
63
"This program is distributed in the hope that it will be useful,\n"
64
"but WITHOUT ANY WARRANTY; without even the implied warranty of\n"
65
"MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n"
66
"GNU General Public License for more details.\n"
67
"\n";
68
const char *wpa_supplicant_full_license2 =
69
"You should have received a copy of the GNU General Public License\n"
70
"along with this program; if not, write to the Free Software\n"
71
"Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA\n"
72
"\n"
73
"Alternatively, this software may be distributed under the terms of the\n"
74
"BSD license.\n"
75
"\n"
76
"Redistribution and use in source and binary forms, with or without\n"
77
"modification, are permitted provided that the following conditions are\n"
78
"met:\n"
79
"\n";
80
const char *wpa_supplicant_full_license3 =
81
"1. Redistributions of source code must retain the above copyright\n"
82
" notice, this list of conditions and the following disclaimer.\n"
83
"\n"
84
"2. Redistributions in binary form must reproduce the above copyright\n"
85
" notice, this list of conditions and the following disclaimer in the\n"
86
" documentation and/or other materials provided with the distribution.\n"
87
"\n";
88
const char *wpa_supplicant_full_license4 =
89
"3. Neither the name(s) of the above-listed copyright holder(s) nor the\n"
90
" names of its contributors may be used to endorse or promote products\n"
91
" derived from this software without specific prior written permission.\n"
92
"\n"
93
"THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS\n"
94
"\"AS IS\" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT\n"
95
"LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR\n"
96
"A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT\n";
97
const char *wpa_supplicant_full_license5 =
98
"OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,\n"
99
"SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT\n"
100
"LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,\n"
101
"DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY\n"
102
"THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT\n"
103
"(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE\n"
104
"OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n"
105
"\n";
106
#endif /* CONFIG_NO_STDOUT_DEBUG */
107
108
extern struct wpa_driver_ops *wpa_supplicant_drivers[];
109
110
extern int wpa_debug_use_file;
111
extern int wpa_debug_level;
112
extern int wpa_debug_show_keys;
113
extern int wpa_debug_timestamp;
114
115
static void wpa_supplicant_scan(void *eloop_ctx, void *timeout_ctx);
116
117
#if defined(IEEE8021X_EAPOL) || !defined(CONFIG_NO_WPA)
118
static u8 * wpa_alloc_eapol(const struct wpa_supplicant *wpa_s, u8 type,
119
const void *data, u16 data_len,
120
size_t *msg_len, void **data_pos)
121
{
122
struct ieee802_1x_hdr *hdr;
123
124
*msg_len = sizeof(*hdr) + data_len;
125
hdr = os_malloc(*msg_len);
126
if (hdr == NULL)
127
return NULL;
128
129
hdr->version = wpa_s->conf->eapol_version;
130
hdr->type = type;
131
hdr->length = host_to_be16(data_len);
132
133
if (data)
134
os_memcpy(hdr + 1, data, data_len);
135
else
136
os_memset(hdr + 1, 0, data_len);
137
138
if (data_pos)
139
*data_pos = hdr + 1;
140
141
return (u8 *) hdr;
142
}
143
144
145
/**
146
* wpa_ether_send - Send Ethernet frame
147
* @wpa_s: Pointer to wpa_supplicant data
148
* @dest: Destination MAC address
149
* @proto: Ethertype in host byte order
150
* @buf: Frame payload starting from IEEE 802.1X header
151
* @len: Frame payload length
152
* Returns: >=0 on success, <0 on failure
153
*/
154
static int wpa_ether_send(struct wpa_supplicant *wpa_s, const u8 *dest,
155
u16 proto, const u8 *buf, size_t len)
156
{
157
if (wpa_s->l2) {
158
return l2_packet_send(wpa_s->l2, dest, proto, buf, len);
159
}
160
161
return wpa_drv_send_eapol(wpa_s, dest, proto, buf, len);
162
}
163
#endif /* IEEE8021X_EAPOL || !CONFIG_NO_WPA */
164
165
166
#ifdef IEEE8021X_EAPOL
167
/**
168
* wpa_supplicant_eapol_send - Send IEEE 802.1X EAPOL packet to Authenticator
169
* @ctx: Pointer to wpa_supplicant data (wpa_s)
170
* @type: IEEE 802.1X packet type (IEEE802_1X_TYPE_*)
171
* @buf: EAPOL payload (after IEEE 802.1X header)
172
* @len: EAPOL payload length
173
* Returns: >=0 on success, <0 on failure
174
*
175
* This function adds Ethernet and IEEE 802.1X header and sends the EAPOL frame
176
* to the current Authenticator.
177
*/
178
static int wpa_supplicant_eapol_send(void *ctx, int type, const u8 *buf,
179
size_t len)
180
{
181
struct wpa_supplicant *wpa_s = ctx;
182
u8 *msg, *dst, bssid[ETH_ALEN];
183
size_t msglen;
184
int res;
185
186
/* TODO: could add l2_packet_sendmsg that allows fragments to avoid
187
* extra copy here */
188
189
if (wpa_s->key_mgmt == WPA_KEY_MGMT_PSK ||
190
wpa_s->key_mgmt == WPA_KEY_MGMT_FT_PSK ||
191
wpa_s->key_mgmt == WPA_KEY_MGMT_NONE) {
192
/* Current SSID is not using IEEE 802.1X/EAP, so drop possible
193
* EAPOL frames (mainly, EAPOL-Start) from EAPOL state
194
* machines. */
195
wpa_printf(MSG_DEBUG, "WPA: drop TX EAPOL in non-IEEE 802.1X "
196
"mode (type=%d len=%lu)", type,
197
(unsigned long) len);
198
return -1;
199
}
200
201
if (pmksa_cache_get_current(wpa_s->wpa) &&
202
type == IEEE802_1X_TYPE_EAPOL_START) {
203
/* Trying to use PMKSA caching - do not send EAPOL-Start frames
204
* since they will trigger full EAPOL authentication. */
205
wpa_printf(MSG_DEBUG, "RSN: PMKSA caching - do not send "
206
"EAPOL-Start");
207
return -1;
208
}
209
210
if (os_memcmp(wpa_s->bssid, "\x00\x00\x00\x00\x00\x00", ETH_ALEN) == 0)
211
{
212
wpa_printf(MSG_DEBUG, "BSSID not set when trying to send an "
213
"EAPOL frame");
214
if (wpa_drv_get_bssid(wpa_s, bssid) == 0 &&
215
os_memcmp(bssid, "\x00\x00\x00\x00\x00\x00", ETH_ALEN) !=
216
0) {
217
dst = bssid;
218
wpa_printf(MSG_DEBUG, "Using current BSSID " MACSTR
219
" from the driver as the EAPOL destination",
220
MAC2STR(dst));
221
} else {
222
dst = wpa_s->last_eapol_src;
223
wpa_printf(MSG_DEBUG, "Using the source address of the"
224
" last received EAPOL frame " MACSTR " as "
225
"the EAPOL destination",
226
MAC2STR(dst));
227
}
228
} else {
229
/* BSSID was already set (from (Re)Assoc event, so use it as
230
* the EAPOL destination. */
231
dst = wpa_s->bssid;
232
}
233
234
msg = wpa_alloc_eapol(wpa_s, type, buf, len, &msglen, NULL);
235
if (msg == NULL)
236
return -1;
237
238
wpa_printf(MSG_DEBUG, "TX EAPOL: dst=" MACSTR, MAC2STR(dst));
239
wpa_hexdump(MSG_MSGDUMP, "TX EAPOL", msg, msglen);
240
res = wpa_ether_send(wpa_s, dst, ETH_P_EAPOL, msg, msglen);
241
os_free(msg);
242
return res;
243
}
244
245
246
/**
247
* wpa_eapol_set_wep_key - set WEP key for the driver
248
* @ctx: Pointer to wpa_supplicant data (wpa_s)
249
* @unicast: 1 = individual unicast key, 0 = broadcast key
250
* @keyidx: WEP key index (0..3)
251
* @key: Pointer to key data
252
* @keylen: Key length in bytes
253
* Returns: 0 on success or < 0 on error.
254
*/
255
static int wpa_eapol_set_wep_key(void *ctx, int unicast, int keyidx,
256
const u8 *key, size_t keylen)
257
{
258
struct wpa_supplicant *wpa_s = ctx;
259
if (wpa_s->key_mgmt == WPA_KEY_MGMT_IEEE8021X_NO_WPA) {
260
int cipher = (keylen == 5) ? WPA_CIPHER_WEP40 :
261
WPA_CIPHER_WEP104;
262
if (unicast)
263
wpa_s->pairwise_cipher = cipher;
264
else
265
wpa_s->group_cipher = cipher;
266
}
267
return wpa_drv_set_key(wpa_s, WPA_ALG_WEP,
268
unicast ? wpa_s->bssid :
269
(u8 *) "\xff\xff\xff\xff\xff\xff",
270
keyidx, unicast, (u8 *) "", 0, key, keylen);
271
}
272
273
274
static void wpa_supplicant_aborted_cached(void *ctx)
275
{
276
struct wpa_supplicant *wpa_s = ctx;
277
wpa_sm_aborted_cached(wpa_s->wpa);
278
}
279
280
#endif /* IEEE8021X_EAPOL */
281
282
283
#if defined(IEEE8021X_EAPOL) || !defined(CONFIG_NO_WPA)
284
static void wpa_supplicant_set_config_blob(void *ctx,
285
struct wpa_config_blob *blob)
286
{
287
struct wpa_supplicant *wpa_s = ctx;
288
wpa_config_set_blob(wpa_s->conf, blob);
289
}
290
291
292
static const struct wpa_config_blob *
293
wpa_supplicant_get_config_blob(void *ctx, const char *name)
294
{
295
struct wpa_supplicant *wpa_s = ctx;
296
return wpa_config_get_blob(wpa_s->conf, name);
297
}
298
#endif /* defined(IEEE8021X_EAPOL) || !defined(CONFIG_NO_WPA) */
299
300
301
/* Configure default/group WEP key for static WEP */
302
static int wpa_set_wep_key(void *ctx, int set_tx, int keyidx, const u8 *key,
303
size_t keylen)
304
{
305
struct wpa_supplicant *wpa_s = ctx;
306
return wpa_drv_set_key(wpa_s, WPA_ALG_WEP,
307
(u8 *) "\xff\xff\xff\xff\xff\xff",
308
keyidx, set_tx, (u8 *) "", 0, key, keylen);
309
}
310
311
312
static int wpa_supplicant_set_wpa_none_key(struct wpa_supplicant *wpa_s,
313
struct wpa_ssid *ssid)
314
{
315
u8 key[32];
316
size_t keylen;
317
wpa_alg alg;
318
u8 seq[6] = { 0 };
319
320
/* IBSS/WPA-None uses only one key (Group) for both receiving and
321
* sending unicast and multicast packets. */
322
323
if (ssid->mode != IEEE80211_MODE_IBSS) {
324
wpa_printf(MSG_INFO, "WPA: Invalid mode %d (not IBSS/ad-hoc) "
325
"for WPA-None", ssid->mode);
326
return -1;
327
}
328
329
if (!ssid->psk_set) {
330
wpa_printf(MSG_INFO, "WPA: No PSK configured for WPA-None");
331
return -1;
332
}
333
334
switch (wpa_s->group_cipher) {
335
case WPA_CIPHER_CCMP:
336
os_memcpy(key, ssid->psk, 16);
337
keylen = 16;
338
alg = WPA_ALG_CCMP;
339
break;
340
case WPA_CIPHER_TKIP:
341
/* WPA-None uses the same Michael MIC key for both TX and RX */
342
os_memcpy(key, ssid->psk, 16 + 8);
343
os_memcpy(key + 16 + 8, ssid->psk + 16, 8);
344
keylen = 32;
345
alg = WPA_ALG_TKIP;
346
break;
347
default:
348
wpa_printf(MSG_INFO, "WPA: Invalid group cipher %d for "
349
"WPA-None", wpa_s->group_cipher);
350
return -1;
351
}
352
353
/* TODO: should actually remember the previously used seq#, both for TX
354
* and RX from each STA.. */
355
356
return wpa_drv_set_key(wpa_s, alg, (u8 *) "\xff\xff\xff\xff\xff\xff",
357
0, 1, seq, 6, key, keylen);
358
}
359
360
361
#ifdef IEEE8021X_EAPOL
362
static void wpa_supplicant_notify_eapol_done(void *ctx)
363
{
364
struct wpa_supplicant *wpa_s = ctx;
365
wpa_msg(wpa_s, MSG_DEBUG, "WPA: EAPOL processing complete");
366
if (wpa_s->key_mgmt == WPA_KEY_MGMT_IEEE8021X ||
367
wpa_s->key_mgmt == WPA_KEY_MGMT_FT_IEEE8021X) {
368
wpa_supplicant_set_state(wpa_s, WPA_4WAY_HANDSHAKE);
369
} else {
370
eloop_cancel_timeout(wpa_supplicant_scan, wpa_s, NULL);
371
wpa_supplicant_cancel_auth_timeout(wpa_s);
372
wpa_supplicant_set_state(wpa_s, WPA_COMPLETED);
373
}
374
}
375
#endif /* IEEE8021X_EAPOL */
376
377
378
/**
379
* wpa_blacklist_get - Get the blacklist entry for a BSSID
380
* @wpa_s: Pointer to wpa_supplicant data
381
* @bssid: BSSID
382
* Returns: Matching blacklist entry for the BSSID or %NULL if not found
383
*/
384
struct wpa_blacklist * wpa_blacklist_get(struct wpa_supplicant *wpa_s,
385
const u8 *bssid)
386
{
387
struct wpa_blacklist *e;
388
389
e = wpa_s->blacklist;
390
while (e) {
391
if (os_memcmp(e->bssid, bssid, ETH_ALEN) == 0)
392
return e;
393
e = e->next;
394
}
395
396
return NULL;
397
}
398
399
400
/**
401
* wpa_blacklist_add - Add an BSSID to the blacklist
402
* @wpa_s: Pointer to wpa_supplicant data
403
* @bssid: BSSID to be added to the blacklist
404
* Returns: 0 on success, -1 on failure
405
*
406
* This function adds the specified BSSID to the blacklist or increases the
407
* blacklist count if the BSSID was already listed. It should be called when
408
* an association attempt fails either due to the selected BSS rejecting
409
* association or due to timeout.
410
*
411
* This blacklist is used to force %wpa_supplicant to go through all available
412
* BSSes before retrying to associate with an BSS that rejected or timed out
413
* association. It does not prevent the listed BSS from being used; it only
414
* changes the order in which they are tried.
415
*/
416
int wpa_blacklist_add(struct wpa_supplicant *wpa_s, const u8 *bssid)
417
{
418
struct wpa_blacklist *e;
419
420
e = wpa_blacklist_get(wpa_s, bssid);
421
if (e) {
422
e->count++;
423
wpa_printf(MSG_DEBUG, "BSSID " MACSTR " blacklist count "
424
"incremented to %d",
425
MAC2STR(bssid), e->count);
426
return 0;
427
}
428
429
e = os_zalloc(sizeof(*e));
430
if (e == NULL)
431
return -1;
432
os_memcpy(e->bssid, bssid, ETH_ALEN);
433
e->count = 1;
434
e->next = wpa_s->blacklist;
435
wpa_s->blacklist = e;
436
wpa_printf(MSG_DEBUG, "Added BSSID " MACSTR " into blacklist",
437
MAC2STR(bssid));
438
439
return 0;
440
}
441
442
443
static int wpa_blacklist_del(struct wpa_supplicant *wpa_s, const u8 *bssid)
444
{
445
struct wpa_blacklist *e, *prev = NULL;
446
447
e = wpa_s->blacklist;
448
while (e) {
449
if (os_memcmp(e->bssid, bssid, ETH_ALEN) == 0) {
450
if (prev == NULL) {
451
wpa_s->blacklist = e->next;
452
} else {
453
prev->next = e->next;
454
}
455
wpa_printf(MSG_DEBUG, "Removed BSSID " MACSTR " from "
456
"blacklist", MAC2STR(bssid));
457
os_free(e);
458
return 0;
459
}
460
prev = e;
461
e = e->next;
462
}
463
return -1;
464
}
465
466
467
/**
468
* wpa_blacklist_clear - Clear the blacklist of all entries
469
* @wpa_s: Pointer to wpa_supplicant data
470
*/
471
void wpa_blacklist_clear(struct wpa_supplicant *wpa_s)
472
{
473
struct wpa_blacklist *e, *prev;
474
475
e = wpa_s->blacklist;
476
wpa_s->blacklist = NULL;
477
while (e) {
478
prev = e;
479
e = e->next;
480
wpa_printf(MSG_DEBUG, "Removed BSSID " MACSTR " from "
481
"blacklist (clear)", MAC2STR(prev->bssid));
482
os_free(prev);
483
}
484
}
485
486
487
/**
488
* wpa_supplicant_req_scan - Schedule a scan for neighboring access points
489
* @wpa_s: Pointer to wpa_supplicant data
490
* @sec: Number of seconds after which to scan
491
* @usec: Number of microseconds after which to scan
492
*
493
* This function is used to schedule a scan for neighboring access points after
494
* the specified time.
495
*/
496
void wpa_supplicant_req_scan(struct wpa_supplicant *wpa_s, int sec, int usec)
497
{
498
wpa_msg(wpa_s, MSG_DEBUG, "Setting scan request: %d sec %d usec",
499
sec, usec);
500
eloop_cancel_timeout(wpa_supplicant_scan, wpa_s, NULL);
501
eloop_register_timeout(sec, usec, wpa_supplicant_scan, wpa_s, NULL);
502
}
503
504
505
/**
506
* wpa_supplicant_cancel_scan - Cancel a scheduled scan request
507
* @wpa_s: Pointer to wpa_supplicant data
508
*
509
* This function is used to cancel a scan request scheduled with
510
* wpa_supplicant_req_scan().
511
*/
512
void wpa_supplicant_cancel_scan(struct wpa_supplicant *wpa_s)
513
{
514
wpa_msg(wpa_s, MSG_DEBUG, "Cancelling scan request");
515
eloop_cancel_timeout(wpa_supplicant_scan, wpa_s, NULL);
516
}
517
518
519
static void wpa_supplicant_timeout(void *eloop_ctx, void *timeout_ctx)
520
{
521
struct wpa_supplicant *wpa_s = eloop_ctx;
522
const u8 *bssid = wpa_s->bssid;
523
if (os_memcmp(bssid, "\x00\x00\x00\x00\x00\x00", ETH_ALEN) == 0)
524
bssid = wpa_s->pending_bssid;
525
wpa_msg(wpa_s, MSG_INFO, "Authentication with " MACSTR " timed out.",
526
MAC2STR(wpa_s->bssid));
527
wpa_blacklist_add(wpa_s, bssid);
528
wpa_sm_notify_disassoc(wpa_s->wpa);
529
wpa_supplicant_disassociate(wpa_s, WLAN_REASON_DEAUTH_LEAVING);
530
wpa_s->reassociate = 1;
531
wpa_supplicant_req_scan(wpa_s, 0, 0);
532
}
533
534
535
/**
536
* wpa_supplicant_req_auth_timeout - Schedule a timeout for authentication
537
* @wpa_s: Pointer to wpa_supplicant data
538
* @sec: Number of seconds after which to time out authentication
539
* @usec: Number of microseconds after which to time out authentication
540
*
541
* This function is used to schedule a timeout for the current authentication
542
* attempt.
543
*/
544
void wpa_supplicant_req_auth_timeout(struct wpa_supplicant *wpa_s,
545
int sec, int usec)
546
{
547
if (wpa_s->conf && wpa_s->conf->ap_scan == 0 &&
548
wpa_s->driver && os_strcmp(wpa_s->driver->name, "wired") == 0)
549
return;
550
551
wpa_msg(wpa_s, MSG_DEBUG, "Setting authentication timeout: %d sec "
552
"%d usec", sec, usec);
553
eloop_cancel_timeout(wpa_supplicant_timeout, wpa_s, NULL);
554
eloop_register_timeout(sec, usec, wpa_supplicant_timeout, wpa_s, NULL);
555
}
556
557
558
/**
559
* wpa_supplicant_cancel_auth_timeout - Cancel authentication timeout
560
* @wpa_s: Pointer to wpa_supplicant data
561
*
562
* This function is used to cancel authentication timeout scheduled with
563
* wpa_supplicant_req_auth_timeout() and it is called when authentication has
564
* been completed.
565
*/
566
void wpa_supplicant_cancel_auth_timeout(struct wpa_supplicant *wpa_s)
567
{
568
wpa_msg(wpa_s, MSG_DEBUG, "Cancelling authentication timeout");
569
eloop_cancel_timeout(wpa_supplicant_timeout, wpa_s, NULL);
570
wpa_blacklist_del(wpa_s, wpa_s->bssid);
571
}
572
573
574
/**
575
* wpa_supplicant_initiate_eapol - Configure EAPOL state machine
576
* @wpa_s: Pointer to wpa_supplicant data
577
*
578
* This function is used to configure EAPOL state machine based on the selected
579
* authentication mode.
580
*/
581
void wpa_supplicant_initiate_eapol(struct wpa_supplicant *wpa_s)
582
{
583
#ifdef IEEE8021X_EAPOL
584
struct eapol_config eapol_conf;
585
struct wpa_ssid *ssid = wpa_s->current_ssid;
586
587
if (wpa_s->key_mgmt == WPA_KEY_MGMT_PSK ||
588
wpa_s->key_mgmt == WPA_KEY_MGMT_FT_PSK) {
589
eapol_sm_notify_eap_success(wpa_s->eapol, FALSE);
590
eapol_sm_notify_eap_fail(wpa_s->eapol, FALSE);
591
}
592
if (wpa_s->key_mgmt == WPA_KEY_MGMT_NONE ||
593
wpa_s->key_mgmt == WPA_KEY_MGMT_WPA_NONE)
594
eapol_sm_notify_portControl(wpa_s->eapol, ForceAuthorized);
595
else
596
eapol_sm_notify_portControl(wpa_s->eapol, Auto);
597
598
os_memset(&eapol_conf, 0, sizeof(eapol_conf));
599
if (wpa_s->key_mgmt == WPA_KEY_MGMT_IEEE8021X_NO_WPA) {
600
eapol_conf.accept_802_1x_keys = 1;
601
eapol_conf.required_keys = 0;
602
if (ssid->eapol_flags & EAPOL_FLAG_REQUIRE_KEY_UNICAST) {
603
eapol_conf.required_keys |= EAPOL_REQUIRE_KEY_UNICAST;
604
}
605
if (ssid->eapol_flags & EAPOL_FLAG_REQUIRE_KEY_BROADCAST) {
606
eapol_conf.required_keys |=
607
EAPOL_REQUIRE_KEY_BROADCAST;
608
}
609
610
if (wpa_s->conf && wpa_s->driver &&
611
os_strcmp(wpa_s->driver->name, "wired") == 0) {
612
eapol_conf.required_keys = 0;
613
}
614
}
615
if (wpa_s->conf)
616
eapol_conf.fast_reauth = wpa_s->conf->fast_reauth;
617
eapol_conf.workaround = ssid->eap_workaround;
618
eapol_conf.eap_disabled = wpa_s->key_mgmt != WPA_KEY_MGMT_IEEE8021X &&
619
wpa_s->key_mgmt != WPA_KEY_MGMT_FT_IEEE8021X &&
620
wpa_s->key_mgmt != WPA_KEY_MGMT_IEEE8021X_NO_WPA;
621
eapol_sm_notify_config(wpa_s->eapol, ssid, &eapol_conf);
622
#endif /* IEEE8021X_EAPOL */
623
}
624
625
626
/**
627
* wpa_supplicant_set_non_wpa_policy - Set WPA parameters to non-WPA mode
628
* @wpa_s: Pointer to wpa_supplicant data
629
* @ssid: Configuration data for the network
630
*
631
* This function is used to configure WPA state machine and related parameters
632
* to a mode where WPA is not enabled. This is called as part of the
633
* authentication configuration when the selected network does not use WPA.
634
*/
635
void wpa_supplicant_set_non_wpa_policy(struct wpa_supplicant *wpa_s,
636
struct wpa_ssid *ssid)
637
{
638
int i;
639
640
if (ssid->key_mgmt & WPA_KEY_MGMT_IEEE8021X_NO_WPA)
641
wpa_s->key_mgmt = WPA_KEY_MGMT_IEEE8021X_NO_WPA;
642
else
643
wpa_s->key_mgmt = WPA_KEY_MGMT_NONE;
644
wpa_sm_set_ap_wpa_ie(wpa_s->wpa, NULL, 0);
645
wpa_sm_set_ap_rsn_ie(wpa_s->wpa, NULL, 0);
646
wpa_sm_set_assoc_wpa_ie(wpa_s->wpa, NULL, 0);
647
wpa_s->pairwise_cipher = WPA_CIPHER_NONE;
648
wpa_s->group_cipher = WPA_CIPHER_NONE;
649
wpa_s->mgmt_group_cipher = 0;
650
651
for (i = 0; i < NUM_WEP_KEYS; i++) {
652
if (ssid->wep_key_len[i] > 5) {
653
wpa_s->pairwise_cipher = WPA_CIPHER_WEP104;
654
wpa_s->group_cipher = WPA_CIPHER_WEP104;
655
break;
656
} else if (ssid->wep_key_len[i] > 0) {
657
wpa_s->pairwise_cipher = WPA_CIPHER_WEP40;
658
wpa_s->group_cipher = WPA_CIPHER_WEP40;
659
break;
660
}
661
}
662
663
wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_RSN_ENABLED, 0);
664
wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_KEY_MGMT, wpa_s->key_mgmt);
665
wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_PAIRWISE,
666
wpa_s->pairwise_cipher);
667
wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_GROUP, wpa_s->group_cipher);
668
#ifdef CONFIG_IEEE80211W
669
wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_MGMT_GROUP,
670
wpa_s->mgmt_group_cipher);
671
#endif /* CONFIG_IEEE80211W */
672
673
pmksa_cache_clear_current(wpa_s->wpa);
674
}
675
676
677
static void wpa_supplicant_cleanup(struct wpa_supplicant *wpa_s)
678
{
679
scard_deinit(wpa_s->scard);
680
wpa_s->scard = NULL;
681
wpa_sm_set_scard_ctx(wpa_s->wpa, NULL);
682
eapol_sm_register_scard_ctx(wpa_s->eapol, NULL);
683
l2_packet_deinit(wpa_s->l2);
684
wpa_s->l2 = NULL;
685
if (wpa_s->l2_br) {
686
l2_packet_deinit(wpa_s->l2_br);
687
wpa_s->l2_br = NULL;
688
}
689
690
if (wpa_s->ctrl_iface) {
691
wpa_supplicant_ctrl_iface_deinit(wpa_s->ctrl_iface);
692
wpa_s->ctrl_iface = NULL;
693
}
694
if (wpa_s->conf != NULL) {
695
wpa_config_free(wpa_s->conf);
696
wpa_s->conf = NULL;
697
}
698
699
os_free(wpa_s->confname);
700
wpa_s->confname = NULL;
701
702
wpa_sm_set_eapol(wpa_s->wpa, NULL);
703
eapol_sm_deinit(wpa_s->eapol);
704
wpa_s->eapol = NULL;
705
706
rsn_preauth_deinit(wpa_s->wpa);
707
708
pmksa_candidate_free(wpa_s->wpa);
709
wpa_sm_deinit(wpa_s->wpa);
710
wpa_s->wpa = NULL;
711
wpa_blacklist_clear(wpa_s);
712
713
os_free(wpa_s->scan_results);
714
wpa_s->scan_results = NULL;
715
wpa_s->num_scan_results = 0;
716
717
wpa_supplicant_cancel_scan(wpa_s);
718
wpa_supplicant_cancel_auth_timeout(wpa_s);
719
720
ieee80211_sta_deinit(wpa_s);
721
}
722
723
724
/**
725
* wpa_clear_keys - Clear keys configured for the driver
726
* @wpa_s: Pointer to wpa_supplicant data
727
* @addr: Previously used BSSID or %NULL if not available
728
*
729
* This function clears the encryption keys that has been previously configured
730
* for the driver.
731
*/
732
void wpa_clear_keys(struct wpa_supplicant *wpa_s, const u8 *addr)
733
{
734
u8 *bcast = (u8 *) "\xff\xff\xff\xff\xff\xff";
735
736
if (wpa_s->keys_cleared) {
737
/* Some drivers (e.g., ndiswrapper & NDIS drivers) seem to have
738
* timing issues with keys being cleared just before new keys
739
* are set or just after association or something similar. This
740
* shows up in group key handshake failing often because of the
741
* client not receiving the first encrypted packets correctly.
742
* Skipping some of the extra key clearing steps seems to help
743
* in completing group key handshake more reliably. */
744
wpa_printf(MSG_DEBUG, "No keys have been configured - "
745
"skip key clearing");
746
return;
747
}
748
749
/* MLME-DELETEKEYS.request */
750
wpa_drv_set_key(wpa_s, WPA_ALG_NONE, bcast, 0, 0, NULL, 0, NULL, 0);
751
wpa_drv_set_key(wpa_s, WPA_ALG_NONE, bcast, 1, 0, NULL, 0, NULL, 0);
752
wpa_drv_set_key(wpa_s, WPA_ALG_NONE, bcast, 2, 0, NULL, 0, NULL, 0);
753
wpa_drv_set_key(wpa_s, WPA_ALG_NONE, bcast, 3, 0, NULL, 0, NULL, 0);
754
if (addr) {
755
wpa_drv_set_key(wpa_s, WPA_ALG_NONE, addr, 0, 0, NULL, 0, NULL,
756
0);
757
/* MLME-SETPROTECTION.request(None) */
758
wpa_drv_mlme_setprotection(
759
wpa_s, addr,
760
MLME_SETPROTECTION_PROTECT_TYPE_NONE,
761
MLME_SETPROTECTION_KEY_TYPE_PAIRWISE);
762
}
763
wpa_s->keys_cleared = 1;
764
}
765
766
767
/**
768
* wpa_supplicant_state_txt - Get the connection state name as a text string
769
* @state: State (wpa_state; WPA_*)
770
* Returns: The state name as a printable text string
771
*/
772
const char * wpa_supplicant_state_txt(int state)
773
{
774
switch (state) {
775
case WPA_DISCONNECTED:
776
return "DISCONNECTED";
777
case WPA_INACTIVE:
778
return "INACTIVE";
779
case WPA_SCANNING:
780
return "SCANNING";
781
case WPA_ASSOCIATING:
782
return "ASSOCIATING";
783
case WPA_ASSOCIATED:
784
return "ASSOCIATED";
785
case WPA_4WAY_HANDSHAKE:
786
return "4WAY_HANDSHAKE";
787
case WPA_GROUP_HANDSHAKE:
788
return "GROUP_HANDSHAKE";
789
case WPA_COMPLETED:
790
return "COMPLETED";
791
default:
792
return "UNKNOWN";
793
}
794
}
795
796
797
/**
798
* wpa_supplicant_set_state - Set current connection state
799
* @wpa_s: Pointer to wpa_supplicant data
800
* @state: The new connection state
801
*
802
* This function is called whenever the connection state changes, e.g.,
803
* association is completed for WPA/WPA2 4-Way Handshake is started.
804
*/
805
void wpa_supplicant_set_state(struct wpa_supplicant *wpa_s, wpa_states state)
806
{
807
wpa_printf(MSG_DEBUG, "State: %s -> %s",
808
wpa_supplicant_state_txt(wpa_s->wpa_state),
809
wpa_supplicant_state_txt(state));
810
811
wpa_supplicant_dbus_notify_state_change(wpa_s, state,
812
wpa_s->wpa_state);
813
814
if (state == WPA_COMPLETED && wpa_s->new_connection) {
815
#if defined(CONFIG_CTRL_IFACE) || !defined(CONFIG_NO_STDOUT_DEBUG)
816
struct wpa_ssid *ssid = wpa_s->current_ssid;
817
wpa_msg(wpa_s, MSG_INFO, WPA_EVENT_CONNECTED "- Connection to "
818
MACSTR " completed %s [id=%d id_str=%s]",
819
MAC2STR(wpa_s->bssid), wpa_s->reassociated_connection ?
820
"(reauth)" : "(auth)",
821
ssid ? ssid->id : -1,
822
ssid && ssid->id_str ? ssid->id_str : "");
823
#endif /* CONFIG_CTRL_IFACE || !CONFIG_NO_STDOUT_DEBUG */
824
wpa_s->new_connection = 0;
825
wpa_s->reassociated_connection = 1;
826
wpa_drv_set_operstate(wpa_s, 1);
827
} else if (state == WPA_DISCONNECTED || state == WPA_ASSOCIATING ||
828
state == WPA_ASSOCIATED) {
829
wpa_s->new_connection = 1;
830
wpa_drv_set_operstate(wpa_s, 0);
831
}
832
wpa_s->wpa_state = state;
833
}
834
835
836
/**
837
* wpa_supplicant_get_state - Get the connection state
838
* @wpa_s: Pointer to wpa_supplicant data
839
* Returns: The current connection state (WPA_*)
840
*/
841
wpa_states wpa_supplicant_get_state(struct wpa_supplicant *wpa_s)
842
{
843
return wpa_s->wpa_state;
844
}
845
846
847
static void wpa_supplicant_terminate(int sig, void *eloop_ctx,
848
void *signal_ctx)
849
{
850
struct wpa_global *global = eloop_ctx;
851
struct wpa_supplicant *wpa_s;
852
for (wpa_s = global->ifaces; wpa_s; wpa_s = wpa_s->next) {
853
wpa_msg(wpa_s, MSG_INFO, WPA_EVENT_TERMINATING "- signal %d "
854
"received", sig);
855
}
856
eloop_terminate();
857
}
858
859
860
static void wpa_supplicant_clear_status(struct wpa_supplicant *wpa_s)
861
{
862
wpa_s->pairwise_cipher = 0;
863
wpa_s->group_cipher = 0;
864
wpa_s->mgmt_group_cipher = 0;
865
wpa_s->key_mgmt = 0;
866
wpa_s->wpa_state = WPA_DISCONNECTED;
867
}
868
869
870
/**
871
* wpa_supplicant_reload_configuration - Reload configuration data
872
* @wpa_s: Pointer to wpa_supplicant data
873
* Returns: 0 on success or -1 if configuration parsing failed
874
*
875
* This function can be used to request that the configuration data is reloaded
876
* (e.g., after configuration file change). This function is reloading
877
* configuration only for one interface, so this may need to be called multiple
878
* times if %wpa_supplicant is controlling multiple interfaces and all
879
* interfaces need reconfiguration.
880
*/
881
int wpa_supplicant_reload_configuration(struct wpa_supplicant *wpa_s)
882
{
883
struct wpa_config *conf;
884
int reconf_ctrl;
885
if (wpa_s->confname == NULL)
886
return -1;
887
conf = wpa_config_read(wpa_s->confname);
888
if (conf == NULL) {
889
wpa_msg(wpa_s, MSG_ERROR, "Failed to parse the configuration "
890
"file '%s' - exiting", wpa_s->confname);
891
return -1;
892
}
893
894
reconf_ctrl = !!conf->ctrl_interface != !!wpa_s->conf->ctrl_interface
895
|| (conf->ctrl_interface && wpa_s->conf->ctrl_interface &&
896
os_strcmp(conf->ctrl_interface,
897
wpa_s->conf->ctrl_interface) != 0);
898
899
if (reconf_ctrl && wpa_s->ctrl_iface) {
900
wpa_supplicant_ctrl_iface_deinit(wpa_s->ctrl_iface);
901
wpa_s->ctrl_iface = NULL;
902
}
903
904
eapol_sm_invalidate_cached_session(wpa_s->eapol);
905
wpa_s->current_ssid = NULL;
906
/*
907
* TODO: should notify EAPOL SM about changes in opensc_engine_path,
908
* pkcs11_engine_path, pkcs11_module_path.
909
*/
910
eapol_sm_notify_config(wpa_s->eapol, NULL, NULL);
911
wpa_sm_set_config(wpa_s->wpa, NULL);
912
wpa_sm_set_fast_reauth(wpa_s->wpa, wpa_s->conf->fast_reauth);
913
rsn_preauth_deinit(wpa_s->wpa);
914
wpa_config_free(wpa_s->conf);
915
wpa_s->conf = conf;
916
if (reconf_ctrl)
917
wpa_s->ctrl_iface = wpa_supplicant_ctrl_iface_init(wpa_s);
918
919
wpa_supplicant_clear_status(wpa_s);
920
wpa_s->reassociate = 1;
921
wpa_supplicant_req_scan(wpa_s, 0, 0);
922
wpa_msg(wpa_s, MSG_DEBUG, "Reconfiguration completed");
923
return 0;
924
}
925
926
927
static void wpa_supplicant_reconfig(int sig, void *eloop_ctx,
928
void *signal_ctx)
929
{
930
struct wpa_global *global = eloop_ctx;
931
struct wpa_supplicant *wpa_s;
932
wpa_printf(MSG_DEBUG, "Signal %d received - reconfiguring", sig);
933
for (wpa_s = global->ifaces; wpa_s; wpa_s = wpa_s->next) {
934
if (wpa_supplicant_reload_configuration(wpa_s) < 0) {
935
eloop_terminate();
936
}
937
}
938
}
939
940
941
static void wpa_supplicant_gen_assoc_event(struct wpa_supplicant *wpa_s)
942
{
943
struct wpa_ssid *ssid;
944
union wpa_event_data data;
945
946
ssid = wpa_supplicant_get_ssid(wpa_s);
947
if (ssid == NULL)
948
return;
949
950
if (wpa_s->current_ssid == NULL)
951
wpa_s->current_ssid = ssid;
952
wpa_supplicant_initiate_eapol(wpa_s);
953
wpa_printf(MSG_DEBUG, "Already associated with a configured network - "
954
"generating associated event");
955
os_memset(&data, 0, sizeof(data));
956
wpa_supplicant_event(wpa_s, EVENT_ASSOC, &data);
957
}
958
959
960
static void wpa_supplicant_scan(void *eloop_ctx, void *timeout_ctx)
961
{
962
struct wpa_supplicant *wpa_s = eloop_ctx;
963
struct wpa_ssid *ssid;
964
int enabled, scan_req = 0, ret;
965
966
if (wpa_s->disconnected)
967
return;
968
969
enabled = 0;
970
ssid = wpa_s->conf->ssid;
971
while (ssid) {
972
if (!ssid->disabled) {
973
enabled++;
974
break;
975
}
976
ssid = ssid->next;
977
}
978
if (!enabled && !wpa_s->scan_req) {
979
wpa_printf(MSG_DEBUG, "No enabled networks - do not scan");
980
wpa_supplicant_set_state(wpa_s, WPA_INACTIVE);
981
return;
982
}
983
scan_req = wpa_s->scan_req;
984
wpa_s->scan_req = 0;
985
986
if (wpa_s->conf->ap_scan != 0 &&
987
wpa_s->driver && os_strcmp(wpa_s->driver->name, "wired") == 0) {
988
wpa_printf(MSG_DEBUG, "Using wired driver - overriding "
989
"ap_scan configuration");
990
wpa_s->conf->ap_scan = 0;
991
}
992
993
if (wpa_s->conf->ap_scan == 0) {
994
wpa_supplicant_gen_assoc_event(wpa_s);
995
return;
996
}
997
998
if (wpa_s->wpa_state == WPA_DISCONNECTED ||
999
wpa_s->wpa_state == WPA_INACTIVE)
1000
wpa_supplicant_set_state(wpa_s, WPA_SCANNING);
1001
1002
ssid = wpa_s->conf->ssid;
1003
if (wpa_s->prev_scan_ssid != BROADCAST_SSID_SCAN) {
1004
while (ssid) {
1005
if (ssid == wpa_s->prev_scan_ssid) {
1006
ssid = ssid->next;
1007
break;
1008
}
1009
ssid = ssid->next;
1010
}
1011
}
1012
while (ssid) {
1013
if (!ssid->disabled &&
1014
(ssid->scan_ssid || wpa_s->conf->ap_scan == 2))
1015
break;
1016
ssid = ssid->next;
1017
}
1018
1019
if (scan_req != 2 && wpa_s->conf->ap_scan == 2) {
1020
/*
1021
* ap_scan=2 mode - try to associate with each SSID instead of
1022
* scanning for each scan_ssid=1 network.
1023
*/
1024
if (ssid == NULL) {
1025
wpa_printf(MSG_DEBUG, "wpa_supplicant_scan: Reached "
1026
"end of scan list - go back to beginning");
1027
wpa_s->prev_scan_ssid = BROADCAST_SSID_SCAN;
1028
wpa_supplicant_req_scan(wpa_s, 0, 0);
1029
return;
1030
}
1031
if (ssid->next) {
1032
/* Continue from the next SSID on the next attempt. */
1033
wpa_s->prev_scan_ssid = ssid;
1034
} else {
1035
/* Start from the beginning of the SSID list. */
1036
wpa_s->prev_scan_ssid = BROADCAST_SSID_SCAN;
1037
}
1038
wpa_supplicant_associate(wpa_s, NULL, ssid);
1039
return;
1040
}
1041
1042
wpa_printf(MSG_DEBUG, "Starting AP scan (%s SSID)",
1043
ssid ? "specific": "broadcast");
1044
if (ssid) {
1045
wpa_hexdump_ascii(MSG_DEBUG, "Scan SSID",
1046
ssid->ssid, ssid->ssid_len);
1047
wpa_s->prev_scan_ssid = ssid;
1048
} else
1049
wpa_s->prev_scan_ssid = BROADCAST_SSID_SCAN;
1050
1051
if (wpa_s->scan_res_tried == 0 && wpa_s->conf->ap_scan == 1 &&
1052
!wpa_s->use_client_mlme) {
1053
wpa_s->scan_res_tried++;
1054
wpa_printf(MSG_DEBUG, "Trying to get current scan results "
1055
"first without requesting a new scan to speed up "
1056
"initial association");
1057
wpa_supplicant_event(wpa_s, EVENT_SCAN_RESULTS, NULL);
1058
return;
1059
}
1060
1061
if (wpa_s->use_client_mlme) {
1062
ret = ieee80211_sta_req_scan(wpa_s, ssid ? ssid->ssid : NULL,
1063
ssid ? ssid->ssid_len : 0);
1064
} else {
1065
ret = wpa_drv_scan(wpa_s, ssid ? ssid->ssid : NULL,
1066
ssid ? ssid->ssid_len : 0);
1067
}
1068
if (ret) {
1069
wpa_printf(MSG_WARNING, "Failed to initiate AP scan.");
1070
wpa_supplicant_req_scan(wpa_s, 10, 0);
1071
}
1072
}
1073
1074
1075
static wpa_cipher cipher_suite2driver(int cipher)
1076
{
1077
switch (cipher) {
1078
case WPA_CIPHER_NONE:
1079
return CIPHER_NONE;
1080
case WPA_CIPHER_WEP40:
1081
return CIPHER_WEP40;
1082
case WPA_CIPHER_WEP104:
1083
return CIPHER_WEP104;
1084
case WPA_CIPHER_CCMP:
1085
return CIPHER_CCMP;
1086
case WPA_CIPHER_TKIP:
1087
default:
1088
return CIPHER_TKIP;
1089
}
1090
}
1091
1092
1093
static wpa_key_mgmt key_mgmt2driver(int key_mgmt)
1094
{
1095
switch (key_mgmt) {
1096
case WPA_KEY_MGMT_NONE:
1097
return KEY_MGMT_NONE;
1098
case WPA_KEY_MGMT_IEEE8021X_NO_WPA:
1099
return KEY_MGMT_802_1X_NO_WPA;
1100
case WPA_KEY_MGMT_IEEE8021X:
1101
return KEY_MGMT_802_1X;
1102
case WPA_KEY_MGMT_WPA_NONE:
1103
return KEY_MGMT_WPA_NONE;
1104
case WPA_KEY_MGMT_FT_IEEE8021X:
1105
return KEY_MGMT_FT_802_1X;
1106
case WPA_KEY_MGMT_FT_PSK:
1107
return KEY_MGMT_FT_PSK;
1108
case WPA_KEY_MGMT_PSK:
1109
default:
1110
return KEY_MGMT_PSK;
1111
}
1112
}
1113
1114
1115
static int wpa_supplicant_suites_from_ai(struct wpa_supplicant *wpa_s,
1116
struct wpa_ssid *ssid,
1117
struct wpa_ie_data *ie)
1118
{
1119
int ret = wpa_sm_parse_own_wpa_ie(wpa_s->wpa, ie);
1120
if (ret) {
1121
if (ret == -2) {
1122
wpa_msg(wpa_s, MSG_INFO, "WPA: Failed to parse WPA IE "
1123
"from association info");
1124
}
1125
return -1;
1126
}
1127
1128
wpa_printf(MSG_DEBUG, "WPA: Using WPA IE from AssocReq to set cipher "
1129
"suites");
1130
if (!(ie->group_cipher & ssid->group_cipher)) {
1131
wpa_msg(wpa_s, MSG_INFO, "WPA: Driver used disabled group "
1132
"cipher 0x%x (mask 0x%x) - reject",
1133
ie->group_cipher, ssid->group_cipher);
1134
return -1;
1135
}
1136
if (!(ie->pairwise_cipher & ssid->pairwise_cipher)) {
1137
wpa_msg(wpa_s, MSG_INFO, "WPA: Driver used disabled pairwise "
1138
"cipher 0x%x (mask 0x%x) - reject",
1139
ie->pairwise_cipher, ssid->pairwise_cipher);
1140
return -1;
1141
}
1142
if (!(ie->key_mgmt & ssid->key_mgmt)) {
1143
wpa_msg(wpa_s, MSG_INFO, "WPA: Driver used disabled key "
1144
"management 0x%x (mask 0x%x) - reject",
1145
ie->key_mgmt, ssid->key_mgmt);
1146
return -1;
1147
}
1148
1149
#ifdef CONFIG_IEEE80211W
1150
if (!(ie->capabilities & WPA_CAPABILITY_MGMT_FRAME_PROTECTION) &&
1151
ssid->ieee80211w == IEEE80211W_REQUIRED) {
1152
wpa_msg(wpa_s, MSG_INFO, "WPA: Driver associated with an AP "
1153
"that does not support management frame protection - "
1154
"reject");
1155
return -1;
1156
}
1157
#endif /* CONFIG_IEEE80211W */
1158
1159
return 0;
1160
}
1161
1162
1163
/**
1164
* wpa_supplicant_set_suites - Set authentication and encryption parameters
1165
* @wpa_s: Pointer to wpa_supplicant data
1166
* @bss: Scan results for the selected BSS, or %NULL if not available
1167
* @ssid: Configuration data for the selected network
1168
* @wpa_ie: Buffer for the WPA/RSN IE
1169
* @wpa_ie_len: Maximum wpa_ie buffer size on input. This is changed to be the
1170
* used buffer length in case the functions returns success.
1171
* Returns: 0 on success or -1 on failure
1172
*
1173
* This function is used to configure authentication and encryption parameters
1174
* based on the network configuration and scan result for the selected BSS (if
1175
* available).
1176
*/
1177
int wpa_supplicant_set_suites(struct wpa_supplicant *wpa_s,
1178
struct wpa_scan_result *bss,
1179
struct wpa_ssid *ssid,
1180
u8 *wpa_ie, size_t *wpa_ie_len)
1181
{
1182
struct wpa_ie_data ie;
1183
int sel, proto;
1184
1185
if (bss && bss->rsn_ie_len && (ssid->proto & WPA_PROTO_RSN) &&
1186
wpa_parse_wpa_ie(bss->rsn_ie, bss->rsn_ie_len, &ie) == 0 &&
1187
(ie.group_cipher & ssid->group_cipher) &&
1188
(ie.pairwise_cipher & ssid->pairwise_cipher) &&
1189
(ie.key_mgmt & ssid->key_mgmt)) {
1190
wpa_msg(wpa_s, MSG_DEBUG, "RSN: using IEEE 802.11i/D9.0");
1191
proto = WPA_PROTO_RSN;
1192
} else if (bss && bss->wpa_ie_len && (ssid->proto & WPA_PROTO_WPA) &&
1193
wpa_parse_wpa_ie(bss->wpa_ie, bss->wpa_ie_len, &ie) == 0 &&
1194
(ie.group_cipher & ssid->group_cipher) &&
1195
(ie.pairwise_cipher & ssid->pairwise_cipher) &&
1196
(ie.key_mgmt & ssid->key_mgmt)) {
1197
wpa_msg(wpa_s, MSG_DEBUG, "WPA: using IEEE 802.11i/D3.0");
1198
proto = WPA_PROTO_WPA;
1199
} else if (bss) {
1200
wpa_msg(wpa_s, MSG_WARNING, "WPA: Failed to select WPA/RSN");
1201
return -1;
1202
} else {
1203
if (ssid->proto & WPA_PROTO_RSN)
1204
proto = WPA_PROTO_RSN;
1205
else
1206
proto = WPA_PROTO_WPA;
1207
if (wpa_supplicant_suites_from_ai(wpa_s, ssid, &ie) < 0) {
1208
os_memset(&ie, 0, sizeof(ie));
1209
ie.group_cipher = ssid->group_cipher;
1210
ie.pairwise_cipher = ssid->pairwise_cipher;
1211
ie.key_mgmt = ssid->key_mgmt;
1212
#ifdef CONFIG_IEEE80211W
1213
ie.mgmt_group_cipher =
1214
ssid->ieee80211w != NO_IEEE80211W ?
1215
WPA_CIPHER_AES_128_CMAC : 0;
1216
#endif /* CONFIG_IEEE80211W */
1217
wpa_printf(MSG_DEBUG, "WPA: Set cipher suites based "
1218
"on configuration");
1219
} else
1220
proto = ie.proto;
1221
}
1222
1223
wpa_printf(MSG_DEBUG, "WPA: Selected cipher suites: group %d "
1224
"pairwise %d key_mgmt %d proto %d",
1225
ie.group_cipher, ie.pairwise_cipher, ie.key_mgmt, proto);
1226
#ifdef CONFIG_IEEE80211W
1227
if (ssid->ieee80211w) {
1228
wpa_printf(MSG_DEBUG, "WPA: Selected mgmt group cipher %d",
1229
ie.mgmt_group_cipher);
1230
}
1231
#endif /* CONFIG_IEEE80211W */
1232
1233
wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_PROTO, proto);
1234
wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_RSN_ENABLED,
1235
!!(ssid->proto & WPA_PROTO_RSN));
1236
1237
if (wpa_sm_set_ap_wpa_ie(wpa_s->wpa, bss ? bss->wpa_ie : NULL,
1238
bss ? bss->wpa_ie_len : 0) ||
1239
wpa_sm_set_ap_rsn_ie(wpa_s->wpa, bss ? bss->rsn_ie : NULL,
1240
bss ? bss->rsn_ie_len : 0))
1241
return -1;
1242
1243
sel = ie.group_cipher & ssid->group_cipher;
1244
if (sel & WPA_CIPHER_CCMP) {
1245
wpa_s->group_cipher = WPA_CIPHER_CCMP;
1246
wpa_msg(wpa_s, MSG_DEBUG, "WPA: using GTK CCMP");
1247
} else if (sel & WPA_CIPHER_TKIP) {
1248
wpa_s->group_cipher = WPA_CIPHER_TKIP;
1249
wpa_msg(wpa_s, MSG_DEBUG, "WPA: using GTK TKIP");
1250
} else if (sel & WPA_CIPHER_WEP104) {
1251
wpa_s->group_cipher = WPA_CIPHER_WEP104;
1252
wpa_msg(wpa_s, MSG_DEBUG, "WPA: using GTK WEP104");
1253
} else if (sel & WPA_CIPHER_WEP40) {
1254
wpa_s->group_cipher = WPA_CIPHER_WEP40;
1255
wpa_msg(wpa_s, MSG_DEBUG, "WPA: using GTK WEP40");
1256
} else {
1257
wpa_printf(MSG_WARNING, "WPA: Failed to select group cipher.");
1258
return -1;
1259
}
1260
1261
sel = ie.pairwise_cipher & ssid->pairwise_cipher;
1262
if (sel & WPA_CIPHER_CCMP) {
1263
wpa_s->pairwise_cipher = WPA_CIPHER_CCMP;
1264
wpa_msg(wpa_s, MSG_DEBUG, "WPA: using PTK CCMP");
1265
} else if (sel & WPA_CIPHER_TKIP) {
1266
wpa_s->pairwise_cipher = WPA_CIPHER_TKIP;
1267
wpa_msg(wpa_s, MSG_DEBUG, "WPA: using PTK TKIP");
1268
} else if (sel & WPA_CIPHER_NONE) {
1269
wpa_s->pairwise_cipher = WPA_CIPHER_NONE;
1270
wpa_msg(wpa_s, MSG_DEBUG, "WPA: using PTK NONE");
1271
} else {
1272
wpa_printf(MSG_WARNING, "WPA: Failed to select pairwise "
1273
"cipher.");
1274
return -1;
1275
}
1276
1277
sel = ie.key_mgmt & ssid->key_mgmt;
1278
if (0) {
1279
#ifdef CONFIG_IEEE80211R
1280
} else if (sel & WPA_KEY_MGMT_FT_IEEE8021X) {
1281
wpa_s->key_mgmt = WPA_KEY_MGMT_FT_IEEE8021X;
1282
wpa_msg(wpa_s, MSG_DEBUG, "WPA: using KEY_MGMT FT/802.1X");
1283
} else if (sel & WPA_KEY_MGMT_FT_PSK) {
1284
wpa_s->key_mgmt = WPA_KEY_MGMT_FT_PSK;
1285
wpa_msg(wpa_s, MSG_DEBUG, "WPA: using KEY_MGMT FT/PSK");
1286
#endif /* CONFIG_IEEE80211R */
1287
} else if (sel & WPA_KEY_MGMT_IEEE8021X) {
1288
wpa_s->key_mgmt = WPA_KEY_MGMT_IEEE8021X;
1289
wpa_msg(wpa_s, MSG_DEBUG, "WPA: using KEY_MGMT 802.1X");
1290
} else if (sel & WPA_KEY_MGMT_PSK) {
1291
wpa_s->key_mgmt = WPA_KEY_MGMT_PSK;
1292
wpa_msg(wpa_s, MSG_DEBUG, "WPA: using KEY_MGMT WPA-PSK");
1293
} else if (sel & WPA_KEY_MGMT_WPA_NONE) {
1294
wpa_s->key_mgmt = WPA_KEY_MGMT_WPA_NONE;
1295
wpa_msg(wpa_s, MSG_DEBUG, "WPA: using KEY_MGMT WPA-NONE");
1296
} else {
1297
wpa_printf(MSG_WARNING, "WPA: Failed to select authenticated "
1298
"key management type.");
1299
return -1;
1300
}
1301
1302
wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_KEY_MGMT, wpa_s->key_mgmt);
1303
wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_PAIRWISE,
1304
wpa_s->pairwise_cipher);
1305
wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_GROUP, wpa_s->group_cipher);
1306
1307
#ifdef CONFIG_IEEE80211W
1308
sel = ie.mgmt_group_cipher;
1309
if (ssid->ieee80211w == NO_IEEE80211W ||
1310
!(ie.capabilities & WPA_CAPABILITY_MGMT_FRAME_PROTECTION))
1311
sel = 0;
1312
if (sel & WPA_CIPHER_AES_128_CMAC) {
1313
wpa_s->mgmt_group_cipher = WPA_CIPHER_AES_128_CMAC;
1314
wpa_msg(wpa_s, MSG_DEBUG, "WPA: using MGMT group cipher "
1315
"AES-128-CMAC");
1316
} else {
1317
wpa_s->mgmt_group_cipher = 0;
1318
wpa_msg(wpa_s, MSG_DEBUG, "WPA: not using MGMT group cipher");
1319
}
1320
wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_MGMT_GROUP,
1321
wpa_s->mgmt_group_cipher);
1322
#endif /* CONFIG_IEEE80211W */
1323
1324
if (wpa_sm_set_assoc_wpa_ie_default(wpa_s->wpa, wpa_ie, wpa_ie_len)) {
1325
wpa_printf(MSG_WARNING, "WPA: Failed to generate WPA IE.");
1326
return -1;
1327
}
1328
1329
if (ssid->key_mgmt & (WPA_KEY_MGMT_PSK | WPA_KEY_MGMT_FT_PSK))
1330
wpa_sm_set_pmk(wpa_s->wpa, ssid->psk, PMK_LEN);
1331
else
1332
wpa_sm_set_pmk_from_pmksa(wpa_s->wpa);
1333
1334
return 0;
1335
}
1336
1337
1338
/**
1339
* wpa_supplicant_associate - Request association
1340
* @wpa_s: Pointer to wpa_supplicant data
1341
* @bss: Scan results for the selected BSS, or %NULL if not available
1342
* @ssid: Configuration data for the selected network
1343
*
1344
* This function is used to request %wpa_supplicant to associate with a BSS.
1345
*/
1346
void wpa_supplicant_associate(struct wpa_supplicant *wpa_s,
1347
struct wpa_scan_result *bss,
1348
struct wpa_ssid *ssid)
1349
{
1350
u8 wpa_ie[80];
1351
size_t wpa_ie_len;
1352
int use_crypt, ret, i;
1353
int algs = AUTH_ALG_OPEN_SYSTEM;
1354
wpa_cipher cipher_pairwise, cipher_group;
1355
struct wpa_driver_associate_params params;
1356
int wep_keys_set = 0;
1357
struct wpa_driver_capa capa;
1358
int assoc_failed = 0;
1359
1360
wpa_s->reassociate = 0;
1361
if (bss) {
1362
#ifdef CONFIG_IEEE80211R
1363
const u8 *md = NULL;
1364
#endif /* CONFIG_IEEE80211R */
1365
wpa_msg(wpa_s, MSG_INFO, "Trying to associate with " MACSTR
1366
" (SSID='%s' freq=%d MHz)", MAC2STR(bss->bssid),
1367
wpa_ssid_txt(bss->ssid, bss->ssid_len), bss->freq);
1368
os_memset(wpa_s->bssid, 0, ETH_ALEN);
1369
os_memcpy(wpa_s->pending_bssid, bss->bssid, ETH_ALEN);
1370
#ifdef CONFIG_IEEE80211R
1371
if (bss->mdie_present &&
1372
bss->mdie[1] >= MOBILITY_DOMAIN_ID_LEN)
1373
md = bss->mdie + 2;
1374
wpa_sm_set_ft_params(wpa_s->wpa, md, NULL, 0, NULL);
1375
#endif /* CONFIG_IEEE80211R */
1376
} else {
1377
wpa_msg(wpa_s, MSG_INFO, "Trying to associate with SSID '%s'",
1378
wpa_ssid_txt(ssid->ssid, ssid->ssid_len));
1379
os_memset(wpa_s->pending_bssid, 0, ETH_ALEN);
1380
}
1381
wpa_supplicant_cancel_scan(wpa_s);
1382
1383
/* Starting new association, so clear the possibly used WPA IE from the
1384
* previous association. */
1385
wpa_sm_set_assoc_wpa_ie(wpa_s->wpa, NULL, 0);
1386
1387
#ifdef IEEE8021X_EAPOL
1388
if (ssid->key_mgmt & WPA_KEY_MGMT_IEEE8021X_NO_WPA) {
1389
if (ssid->leap) {
1390
if (ssid->non_leap == 0)
1391
algs = AUTH_ALG_LEAP;
1392
else
1393
algs |= AUTH_ALG_LEAP;
1394
}
1395
}
1396
#endif /* IEEE8021X_EAPOL */
1397
wpa_printf(MSG_DEBUG, "Automatic auth_alg selection: 0x%x", algs);
1398
if (ssid->auth_alg) {
1399
algs = 0;
1400
if (ssid->auth_alg & WPA_AUTH_ALG_OPEN)
1401
algs |= AUTH_ALG_OPEN_SYSTEM;
1402
if (ssid->auth_alg & WPA_AUTH_ALG_SHARED)
1403
algs |= AUTH_ALG_SHARED_KEY;
1404
if (ssid->auth_alg & WPA_AUTH_ALG_LEAP)
1405
algs |= AUTH_ALG_LEAP;
1406
wpa_printf(MSG_DEBUG, "Overriding auth_alg selection: 0x%x",
1407
algs);
1408
}
1409
wpa_drv_set_auth_alg(wpa_s, algs);
1410
1411
if (bss && (bss->wpa_ie_len || bss->rsn_ie_len) &&
1412
(ssid->key_mgmt & (WPA_KEY_MGMT_IEEE8021X | WPA_KEY_MGMT_PSK |
1413
WPA_KEY_MGMT_FT_IEEE8021X |
1414
WPA_KEY_MGMT_FT_PSK))) {
1415
int try_opportunistic;
1416
try_opportunistic = ssid->proactive_key_caching &&
1417
(ssid->proto & WPA_PROTO_RSN);
1418
if (pmksa_cache_set_current(wpa_s->wpa, NULL, bss->bssid,
1419
wpa_s->current_ssid,
1420
try_opportunistic) == 0)
1421
eapol_sm_notify_pmkid_attempt(wpa_s->eapol, 1);
1422
wpa_ie_len = sizeof(wpa_ie);
1423
if (wpa_supplicant_set_suites(wpa_s, bss, ssid,
1424
wpa_ie, &wpa_ie_len)) {
1425
wpa_printf(MSG_WARNING, "WPA: Failed to set WPA key "
1426
"management and encryption suites");
1427
return;
1428
}
1429
} else if (ssid->key_mgmt &
1430
(WPA_KEY_MGMT_PSK | WPA_KEY_MGMT_IEEE8021X |
1431
WPA_KEY_MGMT_WPA_NONE | WPA_KEY_MGMT_FT_PSK |
1432
WPA_KEY_MGMT_FT_IEEE8021X)) {
1433
wpa_ie_len = sizeof(wpa_ie);
1434
if (wpa_supplicant_set_suites(wpa_s, NULL, ssid,
1435
wpa_ie, &wpa_ie_len)) {
1436
wpa_printf(MSG_WARNING, "WPA: Failed to set WPA key "
1437
"management and encryption suites (no scan "
1438
"results)");
1439
return;
1440
}
1441
} else {
1442
wpa_supplicant_set_non_wpa_policy(wpa_s, ssid);
1443
wpa_ie_len = 0;
1444
}
1445
1446
wpa_clear_keys(wpa_s, bss ? bss->bssid : NULL);
1447
use_crypt = 1;
1448
cipher_pairwise = cipher_suite2driver(wpa_s->pairwise_cipher);
1449
cipher_group = cipher_suite2driver(wpa_s->group_cipher);
1450
if (wpa_s->key_mgmt == WPA_KEY_MGMT_NONE ||
1451
wpa_s->key_mgmt == WPA_KEY_MGMT_IEEE8021X_NO_WPA) {
1452
if (wpa_s->key_mgmt == WPA_KEY_MGMT_NONE)
1453
use_crypt = 0;
1454
for (i = 0; i < NUM_WEP_KEYS; i++) {
1455
if (ssid->wep_key_len[i]) {
1456
use_crypt = 1;
1457
wep_keys_set = 1;
1458
wpa_set_wep_key(wpa_s,
1459
i == ssid->wep_tx_keyidx,
1460
i, ssid->wep_key[i],
1461
ssid->wep_key_len[i]);
1462
}
1463
}
1464
}
1465
1466
#ifdef IEEE8021X_EAPOL
1467
if (wpa_s->key_mgmt == WPA_KEY_MGMT_IEEE8021X_NO_WPA) {
1468
if ((ssid->eapol_flags &
1469
(EAPOL_FLAG_REQUIRE_KEY_UNICAST |
1470
EAPOL_FLAG_REQUIRE_KEY_BROADCAST)) == 0 &&
1471
!wep_keys_set) {
1472
use_crypt = 0;
1473
} else {
1474
/* Assume that dynamic WEP-104 keys will be used and
1475
* set cipher suites in order for drivers to expect
1476
* encryption. */
1477
cipher_pairwise = cipher_group = CIPHER_WEP104;
1478
}
1479
}
1480
#endif /* IEEE8021X_EAPOL */
1481
1482
if (wpa_s->key_mgmt == WPA_KEY_MGMT_WPA_NONE) {
1483
/* Set the key before (and later after) association */
1484
wpa_supplicant_set_wpa_none_key(wpa_s, ssid);
1485
}
1486
1487
wpa_drv_set_drop_unencrypted(wpa_s, use_crypt);
1488
wpa_supplicant_set_state(wpa_s, WPA_ASSOCIATING);
1489
os_memset(¶ms, 0, sizeof(params));
1490
if (bss) {
1491
params.bssid = bss->bssid;
1492
params.ssid = bss->ssid;
1493
params.ssid_len = bss->ssid_len;
1494
params.freq = bss->freq;
1495
} else {
1496
params.ssid = ssid->ssid;
1497
params.ssid_len = ssid->ssid_len;
1498
}
1499
if (ssid->mode == 1 && ssid->frequency > 0 && params.freq == 0)
1500
params.freq = ssid->frequency; /* Initial channel for IBSS */
1501
params.wpa_ie = wpa_ie;
1502
params.wpa_ie_len = wpa_ie_len;
1503
params.pairwise_suite = cipher_pairwise;
1504
params.group_suite = cipher_group;
1505
params.key_mgmt_suite = key_mgmt2driver(wpa_s->key_mgmt);
1506
params.auth_alg = algs;
1507
params.mode = ssid->mode;
1508
for (i = 0; i < NUM_WEP_KEYS; i++) {
1509
if (ssid->wep_key_len[i])
1510
params.wep_key[i] = ssid->wep_key[i];
1511
params.wep_key_len[i] = ssid->wep_key_len[i];
1512
}
1513
params.wep_tx_keyidx = ssid->wep_tx_keyidx;
1514
1515
#ifdef CONFIG_IEEE80211W
1516
switch (ssid->ieee80211w) {
1517
case NO_IEEE80211W:
1518
params.mgmt_frame_protection = NO_MGMT_FRAME_PROTECTION;
1519
break;
1520
case IEEE80211W_OPTIONAL:
1521
params.mgmt_frame_protection = MGMT_FRAME_PROTECTION_OPTIONAL;
1522
break;
1523
case IEEE80211W_REQUIRED:
1524
params.mgmt_frame_protection = MGMT_FRAME_PROTECTION_REQUIRED;
1525
break;
1526
}
1527
#endif /* CONFIG_IEEE80211W */
1528
1529
if (wpa_s->use_client_mlme)
1530
ret = ieee80211_sta_associate(wpa_s, ¶ms);
1531
else
1532
ret = wpa_drv_associate(wpa_s, ¶ms);
1533
if (ret < 0) {
1534
wpa_msg(wpa_s, MSG_INFO, "Association request to the driver "
1535
"failed");
1536
/* try to continue anyway; new association will be tried again
1537
* after timeout */
1538
assoc_failed = 1;
1539
}
1540
1541
if (wpa_s->key_mgmt == WPA_KEY_MGMT_WPA_NONE) {
1542
/* Set the key after the association just in case association
1543
* cleared the previously configured key. */
1544
wpa_supplicant_set_wpa_none_key(wpa_s, ssid);
1545
/* No need to timeout authentication since there is no key
1546
* management. */
1547
wpa_supplicant_cancel_auth_timeout(wpa_s);
1548
wpa_supplicant_set_state(wpa_s, WPA_COMPLETED);
1549
} else {
1550
/* Timeout for IEEE 802.11 authentication and association */
1551
int timeout;
1552
if (assoc_failed)
1553
timeout = 5;
1554
else if (wpa_s->conf->ap_scan == 1)
1555
timeout = 10;
1556
else
1557
timeout = 60;
1558
wpa_supplicant_req_auth_timeout(wpa_s, timeout, 0);
1559
}
1560
1561
if (wep_keys_set && wpa_drv_get_capa(wpa_s, &capa) == 0 &&
1562
capa.flags & WPA_DRIVER_FLAGS_SET_KEYS_AFTER_ASSOC) {
1563
/* Set static WEP keys again */
1564
int j;
1565
for (j = 0; j < NUM_WEP_KEYS; j++) {
1566
if (ssid->wep_key_len[j]) {
1567
wpa_set_wep_key(wpa_s,
1568
j == ssid->wep_tx_keyidx,
1569
j, ssid->wep_key[j],
1570
ssid->wep_key_len[j]);
1571
}
1572
}
1573
}
1574
1575
if (wpa_s->current_ssid && wpa_s->current_ssid != ssid) {
1576
/*
1577
* Do not allow EAP session resumption between different
1578
* network configurations.
1579
*/
1580
eapol_sm_invalidate_cached_session(wpa_s->eapol);
1581
}
1582
wpa_s->current_ssid = ssid;
1583
wpa_sm_set_config(wpa_s->wpa, wpa_s->current_ssid);
1584
wpa_supplicant_initiate_eapol(wpa_s);
1585
}
1586
1587
1588
/**
1589
* wpa_supplicant_disassociate - Disassociate the current connection
1590
* @wpa_s: Pointer to wpa_supplicant data
1591
* @reason_code: IEEE 802.11 reason code for the disassociate frame
1592
*
1593
* This function is used to request %wpa_supplicant to disassociate with the
1594
* current AP.
1595
*/
1596
void wpa_supplicant_disassociate(struct wpa_supplicant *wpa_s,
1597
int reason_code)
1598
{
1599
u8 *addr = NULL;
1600
if (os_memcmp(wpa_s->bssid, "\x00\x00\x00\x00\x00\x00", ETH_ALEN) != 0)
1601
{
1602
if (wpa_s->use_client_mlme)
1603
ieee80211_sta_disassociate(wpa_s, reason_code);
1604
else
1605
wpa_drv_disassociate(wpa_s, wpa_s->bssid, reason_code);
1606
addr = wpa_s->bssid;
1607
}
1608
wpa_clear_keys(wpa_s, addr);
1609
wpa_supplicant_mark_disassoc(wpa_s);
1610
wpa_s->current_ssid = NULL;
1611
wpa_sm_set_config(wpa_s->wpa, NULL);
1612
eapol_sm_notify_config(wpa_s->eapol, NULL, NULL);
1613
}
1614
1615
1616
/**
1617
* wpa_supplicant_deauthenticate - Deauthenticate the current connection
1618
* @wpa_s: Pointer to wpa_supplicant data
1619
* @reason_code: IEEE 802.11 reason code for the deauthenticate frame
1620
*
1621
* This function is used to request %wpa_supplicant to disassociate with the
1622
* current AP.
1623
*/
1624
void wpa_supplicant_deauthenticate(struct wpa_supplicant *wpa_s,
1625
int reason_code)
1626
{
1627
u8 *addr = NULL;
1628
wpa_supplicant_set_state(wpa_s, WPA_DISCONNECTED);
1629
if (os_memcmp(wpa_s->bssid, "\x00\x00\x00\x00\x00\x00", ETH_ALEN) != 0)
1630
{
1631
if (wpa_s->use_client_mlme)
1632
ieee80211_sta_deauthenticate(wpa_s, reason_code);
1633
else
1634
wpa_drv_deauthenticate(wpa_s, wpa_s->bssid,
1635
reason_code);
1636
addr = wpa_s->bssid;
1637
}
1638
wpa_clear_keys(wpa_s, addr);
1639
wpa_s->current_ssid = NULL;
1640
wpa_sm_set_config(wpa_s->wpa, NULL);
1641
eapol_sm_notify_config(wpa_s->eapol, NULL, NULL);
1642
eapol_sm_notify_portEnabled(wpa_s->eapol, FALSE);
1643
eapol_sm_notify_portValid(wpa_s->eapol, FALSE);
1644
}
1645
1646
1647
/**
1648
* wpa_supplicant_get_scan_results - Get scan results
1649
* @wpa_s: Pointer to wpa_supplicant data
1650
* Returns: 0 on success, -1 on failure
1651
*
1652
* This function is request the current scan results from the driver and stores
1653
* a local copy of the results in wpa_s->scan_results.
1654
*/
1655
int wpa_supplicant_get_scan_results(struct wpa_supplicant *wpa_s)
1656
{
1657
#define SCAN_AP_LIMIT 128
1658
struct wpa_scan_result *results, *tmp;
1659
int num;
1660
1661
results = os_malloc(SCAN_AP_LIMIT * sizeof(struct wpa_scan_result));
1662
if (results == NULL) {
1663
wpa_printf(MSG_WARNING, "Failed to allocate memory for scan "
1664
"results");
1665
return -1;
1666
}
1667
1668
if (wpa_s->use_client_mlme) {
1669
num = ieee80211_sta_get_scan_results(wpa_s, results,
1670
SCAN_AP_LIMIT);
1671
} else
1672
num = wpa_drv_get_scan_results(wpa_s, results, SCAN_AP_LIMIT);
1673
wpa_printf(MSG_DEBUG, "Scan results: %d", num);
1674
if (num < 0) {
1675
wpa_printf(MSG_DEBUG, "Failed to get scan results");
1676
os_free(results);
1677
return -1;
1678
}
1679
if (num > SCAN_AP_LIMIT) {
1680
wpa_printf(MSG_INFO, "Not enough room for all APs (%d < %d)",
1681
num, SCAN_AP_LIMIT);
1682
num = SCAN_AP_LIMIT;
1683
}
1684
1685
/* Free unneeded memory for unused scan result entries */
1686
tmp = os_realloc(results, num * sizeof(struct wpa_scan_result));
1687
if (tmp || num == 0) {
1688
results = tmp;
1689
}
1690
1691
os_free(wpa_s->scan_results);
1692
wpa_s->scan_results = results;
1693
wpa_s->num_scan_results = num;
1694
1695
return 0;
1696
}
1697
1698
1699
#ifndef CONFIG_NO_WPA
1700
static int wpa_get_beacon_ie(struct wpa_supplicant *wpa_s)
1701
{
1702
int i, ret = 0;
1703
struct wpa_scan_result *results, *curr = NULL;
1704
1705
results = wpa_s->scan_results;
1706
if (results == NULL) {
1707
return -1;
1708
}
1709
1710
for (i = 0; i < wpa_s->num_scan_results; i++) {
1711
struct wpa_ssid *ssid = wpa_s->current_ssid;
1712
if (os_memcmp(results[i].bssid, wpa_s->bssid, ETH_ALEN) != 0)
1713
continue;
1714
if (ssid == NULL ||
1715
((results[i].ssid_len == ssid->ssid_len &&
1716
os_memcmp(results[i].ssid, ssid->ssid, ssid->ssid_len)
1717
== 0) ||
1718
ssid->ssid_len == 0)) {
1719
curr = &results[i];
1720
break;
1721
}
1722
}
1723
1724
if (curr) {
1725
if (wpa_sm_set_ap_wpa_ie(wpa_s->wpa, curr->wpa_ie,
1726
curr->wpa_ie_len) ||
1727
wpa_sm_set_ap_rsn_ie(wpa_s->wpa, curr->rsn_ie,
1728
curr->rsn_ie_len))
1729
ret = -1;
1730
} else {
1731
ret = -1;
1732
}
1733
1734
return ret;
1735
}
1736
1737
1738
static int wpa_supplicant_get_beacon_ie(void *ctx)
1739
{
1740
struct wpa_supplicant *wpa_s = ctx;
1741
if (wpa_get_beacon_ie(wpa_s) == 0) {
1742
return 0;
1743
}
1744
1745
/* No WPA/RSN IE found in the cached scan results. Try to get updated
1746
* scan results from the driver. */
1747
if (wpa_supplicant_get_scan_results(wpa_s) < 0) {
1748
return -1;
1749
}
1750
1751
return wpa_get_beacon_ie(wpa_s);
1752
}
1753
#endif /* CONFIG_NO_WPA */
1754
1755
1756
/**
1757
* wpa_supplicant_get_ssid - Get a pointer to the current network structure
1758
* @wpa_s: Pointer to wpa_supplicant data
1759
* Returns: A pointer to the current network structure or %NULL on failure
1760
*/
1761
struct wpa_ssid * wpa_supplicant_get_ssid(struct wpa_supplicant *wpa_s)
1762
{
1763
struct wpa_ssid *entry;
1764
u8 ssid[MAX_SSID_LEN];
1765
int res;
1766
size_t ssid_len;
1767
u8 bssid[ETH_ALEN];
1768
int wired;
1769
1770
if (wpa_s->use_client_mlme) {
1771
if (ieee80211_sta_get_ssid(wpa_s, ssid, &ssid_len)) {
1772
wpa_printf(MSG_WARNING, "Could not read SSID from "
1773
"MLME.");
1774
return NULL;
1775
}
1776
} else {
1777
res = wpa_drv_get_ssid(wpa_s, ssid);
1778
if (res < 0) {
1779
wpa_printf(MSG_WARNING, "Could not read SSID from "
1780
"driver.");
1781
return NULL;
1782
}
1783
ssid_len = res;
1784
}
1785
1786
if (wpa_s->use_client_mlme)
1787
os_memcpy(bssid, wpa_s->bssid, ETH_ALEN);
1788
else if (wpa_drv_get_bssid(wpa_s, bssid) < 0) {
1789
wpa_printf(MSG_WARNING, "Could not read BSSID from driver.");
1790
return NULL;
1791
}
1792
1793
wired = wpa_s->conf->ap_scan == 0 && wpa_s->driver &&
1794
os_strcmp(wpa_s->driver->name, "wired") == 0;
1795
1796
entry = wpa_s->conf->ssid;
1797
while (entry) {
1798
if (!entry->disabled &&
1799
((ssid_len == entry->ssid_len &&
1800
os_memcmp(ssid, entry->ssid, ssid_len) == 0) || wired) &&
1801
(!entry->bssid_set ||
1802
os_memcmp(bssid, entry->bssid, ETH_ALEN) == 0))
1803
return entry;
1804
entry = entry->next;
1805
}
1806
1807
return NULL;
1808
}
1809
1810
1811
#ifndef CONFIG_NO_WPA
1812
static u8 * _wpa_alloc_eapol(void *wpa_s, u8 type,
1813
const void *data, u16 data_len,
1814
size_t *msg_len, void **data_pos)
1815
{
1816
return wpa_alloc_eapol(wpa_s, type, data, data_len, msg_len, data_pos);
1817
}
1818
1819
1820
static int _wpa_ether_send(void *wpa_s, const u8 *dest, u16 proto,
1821
const u8 *buf, size_t len)
1822
{
1823
return wpa_ether_send(wpa_s, dest, proto, buf, len);
1824
}
1825
1826
1827
static void _wpa_supplicant_req_scan(void *wpa_s, int sec, int usec)
1828
{
1829
wpa_supplicant_req_scan(wpa_s, sec, usec);
1830
}
1831
1832
1833
static void _wpa_supplicant_cancel_scan(void *wpa_s)
1834
{
1835
wpa_supplicant_cancel_scan(wpa_s);
1836
}
1837
1838
1839
static void _wpa_supplicant_cancel_auth_timeout(void *wpa_s)
1840
{
1841
wpa_supplicant_cancel_auth_timeout(wpa_s);
1842
}
1843
1844
1845
static void _wpa_supplicant_set_state(void *wpa_s, wpa_states state)
1846
{
1847
wpa_supplicant_set_state(wpa_s, state);
1848
}
1849
1850
1851
static wpa_states _wpa_supplicant_get_state(void *wpa_s)
1852
{
1853
return wpa_supplicant_get_state(wpa_s);
1854
}
1855
1856
1857
static void _wpa_supplicant_disassociate(void *wpa_s, int reason_code)
1858
{
1859
wpa_supplicant_disassociate(wpa_s, reason_code);
1860
}
1861
1862
1863
static void _wpa_supplicant_deauthenticate(void *wpa_s, int reason_code)
1864
{
1865
wpa_supplicant_deauthenticate(wpa_s, reason_code);
1866
}
1867
1868
1869
static struct wpa_ssid * _wpa_supplicant_get_ssid(void *wpa_s)
1870
{
1871
return wpa_supplicant_get_ssid(wpa_s);
1872
}
1873
1874
1875
static int wpa_supplicant_get_bssid(void *ctx, u8 *bssid)
1876
{
1877
struct wpa_supplicant *wpa_s = ctx;
1878
if (wpa_s->use_client_mlme) {
1879
os_memcpy(bssid, wpa_s->bssid, ETH_ALEN);
1880
return 0;
1881
}
1882
return wpa_drv_get_bssid(wpa_s, bssid);
1883
}
1884
1885
1886
static int wpa_supplicant_set_key(void *wpa_s, wpa_alg alg,
1887
const u8 *addr, int key_idx, int set_tx,
1888
const u8 *seq, size_t seq_len,
1889
const u8 *key, size_t key_len)
1890
{
1891
return wpa_drv_set_key(wpa_s, alg, addr, key_idx, set_tx, seq, seq_len,
1892
key, key_len);
1893
}
1894
1895
1896
static int wpa_supplicant_mlme_setprotection(void *wpa_s, const u8 *addr,
1897
int protection_type,
1898
int key_type)
1899
{
1900
return wpa_drv_mlme_setprotection(wpa_s, addr, protection_type,
1901
key_type);
1902
}
1903
1904
1905
static int wpa_supplicant_add_pmkid(void *wpa_s,
1906
const u8 *bssid, const u8 *pmkid)
1907
{
1908
return wpa_drv_add_pmkid(wpa_s, bssid, pmkid);
1909
}
1910
1911
1912
static int wpa_supplicant_remove_pmkid(void *wpa_s,
1913
const u8 *bssid, const u8 *pmkid)
1914
{
1915
return wpa_drv_remove_pmkid(wpa_s, bssid, pmkid);
1916
}
1917
1918
1919
#ifdef CONFIG_IEEE80211R
1920
static int wpa_supplicant_update_ft_ies(void *ctx, const u8 *md,
1921
const u8 *ies, size_t ies_len)
1922
{
1923
struct wpa_supplicant *wpa_s = ctx;
1924
if (wpa_s->use_client_mlme)
1925
return ieee80211_sta_update_ft_ies(wpa_s, md, ies, ies_len);
1926
return wpa_drv_update_ft_ies(wpa_s, md, ies, ies_len);
1927
}
1928
1929
1930
static int wpa_supplicant_send_ft_action(void *ctx, u8 action,
1931
const u8 *target_ap,
1932
const u8 *ies, size_t ies_len)
1933
{
1934
struct wpa_supplicant *wpa_s = ctx;
1935
if (wpa_s->use_client_mlme)
1936
return ieee80211_sta_send_ft_action(wpa_s, action, target_ap,
1937
ies, ies_len);
1938
return wpa_drv_send_ft_action(wpa_s, action, target_ap, ies, ies_len);
1939
}
1940
#endif /* CONFIG_IEEE80211R */
1941
#endif /* CONFIG_NO_WPA */
1942
1943
1944
static int wpa_supplicant_set_driver(struct wpa_supplicant *wpa_s,
1945
const char *name)
1946
{
1947
int i;
1948
1949
if (wpa_s == NULL)
1950
return -1;
1951
1952
if (wpa_supplicant_drivers[0] == NULL) {
1953
wpa_printf(MSG_ERROR, "No driver interfaces build into "
1954
"wpa_supplicant.");
1955
return -1;
1956
}
1957
1958
if (name == NULL) {
1959
/* default to first driver in the list */
1960
wpa_s->driver = wpa_supplicant_drivers[0];
1961
return 0;
1962
}
1963
1964
for (i = 0; wpa_supplicant_drivers[i]; i++) {
1965
if (os_strcmp(name, wpa_supplicant_drivers[i]->name) == 0) {
1966
wpa_s->driver = wpa_supplicant_drivers[i];
1967
return 0;
1968
}
1969
}
1970
1971
wpa_printf(MSG_ERROR, "Unsupported driver '%s'.\n", name);
1972
return -1;
1973
}
1974
1975
1976
void wpa_supplicant_rx_eapol(void *ctx, const u8 *src_addr,
1977
const u8 *buf, size_t len)
1978
{
1979
struct wpa_supplicant *wpa_s = ctx;
1980
1981
wpa_printf(MSG_DEBUG, "RX EAPOL from " MACSTR, MAC2STR(src_addr));
1982
wpa_hexdump(MSG_MSGDUMP, "RX EAPOL", buf, len);
1983
1984
if (wpa_s->key_mgmt == WPA_KEY_MGMT_NONE) {
1985
wpa_printf(MSG_DEBUG, "Ignored received EAPOL frame since "
1986
"no key management is configured");
1987
return;
1988
}
1989
1990
if (wpa_s->eapol_received == 0) {
1991
/* Timeout for completing IEEE 802.1X and WPA authentication */
1992
wpa_supplicant_req_auth_timeout(
1993
wpa_s,
1994
(wpa_s->key_mgmt == WPA_KEY_MGMT_IEEE8021X ||
1995
wpa_s->key_mgmt == WPA_KEY_MGMT_IEEE8021X_NO_WPA ||
1996
wpa_s->key_mgmt == WPA_KEY_MGMT_FT_IEEE8021X) ?
1997
70 : 10, 0);
1998
}
1999
wpa_s->eapol_received++;
2000
2001
if (wpa_s->countermeasures) {
2002
wpa_printf(MSG_INFO, "WPA: Countermeasures - dropped EAPOL "
2003
"packet");
2004
return;
2005
}
2006
2007
/* Source address of the incoming EAPOL frame could be compared to the
2008
* current BSSID. However, it is possible that a centralized
2009
* Authenticator could be using another MAC address than the BSSID of
2010
* an AP, so just allow any address to be used for now. The replies are
2011
* still sent to the current BSSID (if available), though. */
2012
2013
os_memcpy(wpa_s->last_eapol_src, src_addr, ETH_ALEN);
2014
if (wpa_s->key_mgmt != WPA_KEY_MGMT_PSK &&
2015
wpa_s->key_mgmt != WPA_KEY_MGMT_FT_PSK &&
2016
eapol_sm_rx_eapol(wpa_s->eapol, src_addr, buf, len) > 0)
2017
return;
2018
wpa_drv_poll(wpa_s);
2019
wpa_sm_rx_eapol(wpa_s->wpa, src_addr, buf, len);
2020
}
2021
2022
2023
/**
2024
* wpa_supplicant_driver_init - Initialize driver interface parameters
2025
* @wpa_s: Pointer to wpa_supplicant data
2026
* @wait_for_interface: 0 = do not wait for the interface (reports a failure if
2027
* the interface is not present), 1 = wait until the interface is available
2028
* Returns: 0 on success, -1 on failure
2029
*
2030
* This function is called to initialize driver interface parameters.
2031
* wpa_drv_init() must have been called before this function to initialize the
2032
* driver interface.
2033
*/
2034
int wpa_supplicant_driver_init(struct wpa_supplicant *wpa_s,
2035
int wait_for_interface)
2036
{
2037
static int interface_count = 0;
2038
2039
for (;;) {
2040
if (wpa_s->driver->send_eapol) {
2041
const u8 *addr = wpa_drv_get_mac_addr(wpa_s);
2042
if (addr)
2043
os_memcpy(wpa_s->own_addr, addr, ETH_ALEN);
2044
break;
2045
}
2046
wpa_s->l2 = l2_packet_init(wpa_s->ifname,
2047
wpa_drv_get_mac_addr(wpa_s),
2048
ETH_P_EAPOL,
2049
wpa_supplicant_rx_eapol, wpa_s, 0);
2050
if (wpa_s->l2)
2051
break;
2052
else if (!wait_for_interface)
2053
return -1;
2054
wpa_printf(MSG_DEBUG, "Waiting for interface..");
2055
os_sleep(5, 0);
2056
}
2057
2058
if (wpa_s->l2 && l2_packet_get_own_addr(wpa_s->l2, wpa_s->own_addr)) {
2059
wpa_printf(MSG_ERROR, "Failed to get own L2 address");
2060
return -1;
2061
}
2062
2063
wpa_printf(MSG_DEBUG, "Own MAC address: " MACSTR,
2064
MAC2STR(wpa_s->own_addr));
2065
2066
if (wpa_s->bridge_ifname[0]) {
2067
wpa_printf(MSG_DEBUG, "Receiving packets from bridge interface"
2068
" '%s'", wpa_s->bridge_ifname);
2069
wpa_s->l2_br = l2_packet_init(wpa_s->bridge_ifname,
2070
wpa_s->own_addr,
2071
ETH_P_EAPOL,
2072
wpa_supplicant_rx_eapol, wpa_s,
2073
0);
2074
if (wpa_s->l2_br == NULL) {
2075
wpa_printf(MSG_ERROR, "Failed to open l2_packet "
2076
"connection for the bridge interface '%s'",
2077
wpa_s->bridge_ifname);
2078
return -1;
2079
}
2080
}
2081
2082
/* Backwards compatibility call to set_wpa() handler. This is called
2083
* only just after init and just before deinit, so these handler can be
2084
* used to implement same functionality. */
2085
if (wpa_drv_set_wpa(wpa_s, 1) < 0) {
2086
struct wpa_driver_capa capa;
2087
if (wpa_drv_get_capa(wpa_s, &capa) < 0 ||
2088
!(capa.flags & (WPA_DRIVER_CAPA_KEY_MGMT_WPA |
2089
WPA_DRIVER_CAPA_KEY_MGMT_WPA2))) {
2090
wpa_printf(MSG_DEBUG, "Driver does not support WPA.");
2091
/* Continue to allow non-WPA modes to be used. */
2092
} else {
2093
wpa_printf(MSG_ERROR, "Failed to enable WPA in the "
2094
"driver.");
2095
return -1;
2096
}
2097
}
2098
2099
wpa_clear_keys(wpa_s, NULL);
2100
2101
/* Make sure that TKIP countermeasures are not left enabled (could
2102
* happen if wpa_supplicant is killed during countermeasures. */
2103
wpa_drv_set_countermeasures(wpa_s, 0);
2104
2105
wpa_drv_set_drop_unencrypted(wpa_s, 1);
2106
2107
wpa_printf(MSG_DEBUG, "RSN: flushing PMKID list in the driver");
2108
wpa_drv_flush_pmkid(wpa_s);
2109
2110
wpa_s->prev_scan_ssid = BROADCAST_SSID_SCAN;
2111
wpa_supplicant_req_scan(wpa_s, interface_count, 100000);
2112
interface_count++;
2113
2114
return 0;
2115
}
2116
2117
2118
static int wpa_supplicant_daemon(const char *pid_file)
2119
{
2120
wpa_printf(MSG_DEBUG, "Daemonize..");
2121
return os_daemonize(pid_file);
2122
}
2123
2124
2125
static struct wpa_supplicant * wpa_supplicant_alloc(void)
2126
{
2127
struct wpa_supplicant *wpa_s;
2128
2129
wpa_s = os_zalloc(sizeof(*wpa_s));
2130
if (wpa_s == NULL)
2131
return NULL;
2132
wpa_s->scan_req = 1;
2133
2134
return wpa_s;
2135
}
2136
2137
2138
static int wpa_supplicant_init_iface(struct wpa_supplicant *wpa_s,
2139
struct wpa_interface *iface)
2140
{
2141
wpa_printf(MSG_DEBUG, "Initializing interface '%s' conf '%s' driver "
2142
"'%s' ctrl_interface '%s' bridge '%s'", iface->ifname,
2143
iface->confname ? iface->confname : "N/A",
2144
iface->driver ? iface->driver : "default",
2145
iface->ctrl_interface ? iface->ctrl_interface : "N/A",
2146
iface->bridge_ifname ? iface->bridge_ifname : "N/A");
2147
2148
if (wpa_supplicant_set_driver(wpa_s, iface->driver) < 0) {
2149
return -1;
2150
}
2151
2152
if (iface->confname) {
2153
#ifdef CONFIG_BACKEND_FILE
2154
wpa_s->confname = os_rel2abs_path(iface->confname);
2155
if (wpa_s->confname == NULL) {
2156
wpa_printf(MSG_ERROR, "Failed to get absolute path "
2157
"for configuration file '%s'.",
2158
iface->confname);
2159
return -1;
2160
}
2161
wpa_printf(MSG_DEBUG, "Configuration file '%s' -> '%s'",
2162
iface->confname, wpa_s->confname);
2163
#else /* CONFIG_BACKEND_FILE */
2164
wpa_s->confname = os_strdup(iface->confname);
2165
#endif /* CONFIG_BACKEND_FILE */
2166
wpa_s->conf = wpa_config_read(wpa_s->confname);
2167
if (wpa_s->conf == NULL) {
2168
wpa_printf(MSG_ERROR, "Failed to read or parse "
2169
"configuration '%s'.", wpa_s->confname);
2170
return -1;
2171
}
2172
2173
/*
2174
* Override ctrl_interface and driver_param if set on command
2175
* line.
2176
*/
2177
if (iface->ctrl_interface) {
2178
os_free(wpa_s->conf->ctrl_interface);
2179
wpa_s->conf->ctrl_interface =
2180
os_strdup(iface->ctrl_interface);
2181
}
2182
2183
if (iface->driver_param) {
2184
os_free(wpa_s->conf->driver_param);
2185
wpa_s->conf->driver_param =
2186
os_strdup(iface->driver_param);
2187
}
2188
} else
2189
wpa_s->conf = wpa_config_alloc_empty(iface->ctrl_interface,
2190
iface->driver_param);
2191
2192
if (wpa_s->conf == NULL) {
2193
wpa_printf(MSG_ERROR, "\nNo configuration found.");
2194
return -1;
2195
}
2196
2197
if (iface->ifname == NULL) {
2198
wpa_printf(MSG_ERROR, "\nInterface name is required.");
2199
return -1;
2200
}
2201
if (os_strlen(iface->ifname) >= sizeof(wpa_s->ifname)) {
2202
wpa_printf(MSG_ERROR, "\nToo long interface name '%s'.",
2203
iface->ifname);
2204
return -1;
2205
}
2206
os_strlcpy(wpa_s->ifname, iface->ifname, sizeof(wpa_s->ifname));
2207
2208
if (iface->bridge_ifname) {
2209
if (os_strlen(iface->bridge_ifname) >=
2210
sizeof(wpa_s->bridge_ifname)) {
2211
wpa_printf(MSG_ERROR, "\nToo long bridge interface "
2212
"name '%s'.", iface->bridge_ifname);
2213
return -1;
2214
}
2215
os_strlcpy(wpa_s->bridge_ifname, iface->bridge_ifname,
2216
sizeof(wpa_s->bridge_ifname));
2217
}
2218
2219
return 0;
2220
}
2221
2222
2223
static int wpa_supplicant_init_eapol(struct wpa_supplicant *wpa_s)
2224
{
2225
#ifdef IEEE8021X_EAPOL
2226
struct eapol_ctx *ctx;
2227
ctx = os_zalloc(sizeof(*ctx));
2228
if (ctx == NULL) {
2229
wpa_printf(MSG_ERROR, "Failed to allocate EAPOL context.");
2230
return -1;
2231
}
2232
2233
ctx->ctx = wpa_s;
2234
ctx->msg_ctx = wpa_s;
2235
ctx->eapol_send_ctx = wpa_s;
2236
ctx->preauth = 0;
2237
ctx->eapol_done_cb = wpa_supplicant_notify_eapol_done;
2238
ctx->eapol_send = wpa_supplicant_eapol_send;
2239
ctx->set_wep_key = wpa_eapol_set_wep_key;
2240
ctx->set_config_blob = wpa_supplicant_set_config_blob;
2241
ctx->get_config_blob = wpa_supplicant_get_config_blob;
2242
ctx->aborted_cached = wpa_supplicant_aborted_cached;
2243
ctx->opensc_engine_path = wpa_s->conf->opensc_engine_path;
2244
ctx->pkcs11_engine_path = wpa_s->conf->pkcs11_engine_path;
2245
ctx->pkcs11_module_path = wpa_s->conf->pkcs11_module_path;
2246
wpa_s->eapol = eapol_sm_init(ctx);
2247
if (wpa_s->eapol == NULL) {
2248
os_free(ctx);
2249
wpa_printf(MSG_ERROR, "Failed to initialize EAPOL state "
2250
"machines.");
2251
return -1;
2252
}
2253
#endif /* IEEE8021X_EAPOL */
2254
2255
return 0;
2256
}
2257
2258
2259
static int wpa_supplicant_init_wpa(struct wpa_supplicant *wpa_s)
2260
{
2261
#ifndef CONFIG_NO_WPA
2262
struct wpa_sm_ctx *ctx;
2263
ctx = os_zalloc(sizeof(*ctx));
2264
if (ctx == NULL) {
2265
wpa_printf(MSG_ERROR, "Failed to allocate WPA context.");
2266
return -1;
2267
}
2268
2269
ctx->ctx = wpa_s;
2270
ctx->set_state = _wpa_supplicant_set_state;
2271
ctx->get_state = _wpa_supplicant_get_state;
2272
ctx->req_scan = _wpa_supplicant_req_scan;
2273
ctx->cancel_scan = _wpa_supplicant_cancel_scan;
2274
ctx->deauthenticate = _wpa_supplicant_deauthenticate;
2275
ctx->disassociate = _wpa_supplicant_disassociate;
2276
ctx->set_key = wpa_supplicant_set_key;
2277
ctx->get_ssid = _wpa_supplicant_get_ssid;
2278
ctx->get_bssid = wpa_supplicant_get_bssid;
2279
ctx->ether_send = _wpa_ether_send;
2280
ctx->get_beacon_ie = wpa_supplicant_get_beacon_ie;
2281
ctx->alloc_eapol = _wpa_alloc_eapol;
2282
ctx->cancel_auth_timeout = _wpa_supplicant_cancel_auth_timeout;
2283
ctx->add_pmkid = wpa_supplicant_add_pmkid;
2284
ctx->remove_pmkid = wpa_supplicant_remove_pmkid;
2285
ctx->set_config_blob = wpa_supplicant_set_config_blob;
2286
ctx->get_config_blob = wpa_supplicant_get_config_blob;
2287
ctx->mlme_setprotection = wpa_supplicant_mlme_setprotection;
2288
#ifdef CONFIG_IEEE80211R
2289
ctx->update_ft_ies = wpa_supplicant_update_ft_ies;
2290
ctx->send_ft_action = wpa_supplicant_send_ft_action;
2291
#endif /* CONFIG_IEEE80211R */
2292
2293
wpa_s->wpa = wpa_sm_init(ctx);
2294
if (wpa_s->wpa == NULL) {
2295
wpa_printf(MSG_ERROR, "Failed to initialize WPA state "
2296
"machine");
2297
return -1;
2298
}
2299
#endif /* CONFIG_NO_WPA */
2300
2301
return 0;
2302
}
2303
2304
2305
static int wpa_supplicant_init_iface2(struct wpa_supplicant *wpa_s,
2306
int wait_for_interface)
2307
{
2308
const char *ifname;
2309
struct wpa_driver_capa capa;
2310
2311
wpa_printf(MSG_DEBUG, "Initializing interface (2) '%s'",
2312
wpa_s->ifname);
2313
2314
if (wpa_supplicant_init_eapol(wpa_s) < 0)
2315
return -1;
2316
2317
/* RSNA Supplicant Key Management - INITIALIZE */
2318
eapol_sm_notify_portEnabled(wpa_s->eapol, FALSE);
2319
eapol_sm_notify_portValid(wpa_s->eapol, FALSE);
2320
2321
/* Initialize driver interface and register driver event handler before
2322
* L2 receive handler so that association events are processed before
2323
* EAPOL-Key packets if both become available for the same select()
2324
* call. */
2325
wpa_s->drv_priv = wpa_drv_init(wpa_s, wpa_s->ifname);
2326
if (wpa_s->drv_priv == NULL) {
2327
wpa_printf(MSG_ERROR, "Failed to initialize driver interface");
2328
return -1;
2329
}
2330
if (wpa_drv_set_param(wpa_s, wpa_s->conf->driver_param) < 0) {
2331
wpa_printf(MSG_ERROR, "Driver interface rejected "
2332
"driver_param '%s'", wpa_s->conf->driver_param);
2333
return -1;
2334
}
2335
2336
ifname = wpa_drv_get_ifname(wpa_s);
2337
if (ifname && os_strcmp(ifname, wpa_s->ifname) != 0) {
2338
wpa_printf(MSG_DEBUG, "Driver interface replaced interface "
2339
"name with '%s'", ifname);
2340
os_strlcpy(wpa_s->ifname, ifname, sizeof(wpa_s->ifname));
2341
}
2342
2343
if (wpa_supplicant_init_wpa(wpa_s) < 0)
2344
return -1;
2345
2346
wpa_sm_set_ifname(wpa_s->wpa, wpa_s->ifname,
2347
wpa_s->bridge_ifname[0] ? wpa_s->bridge_ifname :
2348
NULL);
2349
wpa_sm_set_fast_reauth(wpa_s->wpa, wpa_s->conf->fast_reauth);
2350
wpa_sm_set_eapol(wpa_s->wpa, wpa_s->eapol);
2351
2352
if (wpa_s->conf->dot11RSNAConfigPMKLifetime &&
2353
wpa_sm_set_param(wpa_s->wpa, RSNA_PMK_LIFETIME,
2354
wpa_s->conf->dot11RSNAConfigPMKLifetime)) {
2355
wpa_printf(MSG_ERROR, "Invalid WPA parameter value for "
2356
"dot11RSNAConfigPMKLifetime");
2357
return -1;
2358
}
2359
2360
if (wpa_s->conf->dot11RSNAConfigPMKReauthThreshold &&
2361
wpa_sm_set_param(wpa_s->wpa, RSNA_PMK_REAUTH_THRESHOLD,
2362
wpa_s->conf->dot11RSNAConfigPMKReauthThreshold)) {
2363
wpa_printf(MSG_ERROR, "Invalid WPA parameter value for "
2364
"dot11RSNAConfigPMKReauthThreshold");
2365
return -1;
2366
}
2367
2368
if (wpa_s->conf->dot11RSNAConfigSATimeout &&
2369
wpa_sm_set_param(wpa_s->wpa, RSNA_SA_TIMEOUT,
2370
wpa_s->conf->dot11RSNAConfigSATimeout)) {
2371
wpa_printf(MSG_ERROR, "Invalid WPA parameter value for "
2372
"dot11RSNAConfigSATimeout");
2373
return -1;
2374
}
2375
2376
if (wpa_supplicant_driver_init(wpa_s, wait_for_interface) < 0) {
2377
return -1;
2378
}
2379
wpa_sm_set_own_addr(wpa_s->wpa, wpa_s->own_addr);
2380
2381
wpa_s->ctrl_iface = wpa_supplicant_ctrl_iface_init(wpa_s);
2382
if (wpa_s->ctrl_iface == NULL) {
2383
wpa_printf(MSG_ERROR,
2384
"Failed to initialize control interface '%s'.\n"
2385
"You may have another wpa_supplicant process "
2386
"already running or the file was\n"
2387
"left by an unclean termination of wpa_supplicant "
2388
"in which case you will need\n"
2389
"to manually remove this file before starting "
2390
"wpa_supplicant again.\n",
2391
wpa_s->conf->ctrl_interface);
2392
return -1;
2393
}
2394
2395
if (wpa_drv_get_capa(wpa_s, &capa) == 0 &&
2396
capa.flags & WPA_DRIVER_FLAGS_USER_SPACE_MLME) {
2397
wpa_s->use_client_mlme = 1;
2398
if (ieee80211_sta_init(wpa_s))
2399
return -1;
2400
}
2401
2402
return 0;
2403
}
2404
2405
2406
static void wpa_supplicant_deinit_iface(struct wpa_supplicant *wpa_s)
2407
{
2408
if (wpa_s->drv_priv) {
2409
wpa_supplicant_deauthenticate(wpa_s,
2410
WLAN_REASON_DEAUTH_LEAVING);
2411
2412
/* Backwards compatibility call to set_wpa() handler. This is
2413
* called only just after init and just before deinit, so these
2414
* handler can be used to implement same functionality. */
2415
if (wpa_drv_set_wpa(wpa_s, 0) < 0) {
2416
wpa_printf(MSG_ERROR, "Failed to disable WPA in the "
2417
"driver.");
2418
}
2419
2420
wpa_drv_set_drop_unencrypted(wpa_s, 0);
2421
wpa_drv_set_countermeasures(wpa_s, 0);
2422
wpa_clear_keys(wpa_s, NULL);
2423
}
2424
2425
wpas_dbus_unregister_iface(wpa_s);
2426
2427
wpa_supplicant_cleanup(wpa_s);
2428
2429
if (wpa_s->drv_priv)
2430
wpa_drv_deinit(wpa_s);
2431
}
2432
2433
2434
/**
2435
* wpa_supplicant_add_iface - Add a new network interface
2436
* @global: Pointer to global data from wpa_supplicant_init()
2437
* @iface: Interface configuration options
2438
* Returns: Pointer to the created interface or %NULL on failure
2439
*
2440
* This function is used to add new network interfaces for %wpa_supplicant.
2441
* This can be called before wpa_supplicant_run() to add interfaces before the
2442
* main event loop has been started. In addition, new interfaces can be added
2443
* dynamically while %wpa_supplicant is already running. This could happen,
2444
* e.g., when a hotplug network adapter is inserted.
2445
*/
2446
struct wpa_supplicant * wpa_supplicant_add_iface(struct wpa_global *global,
2447
struct wpa_interface *iface)
2448
{
2449
struct wpa_supplicant *wpa_s;
2450
2451
if (global == NULL || iface == NULL)
2452
return NULL;
2453
2454
wpa_s = wpa_supplicant_alloc();
2455
if (wpa_s == NULL)
2456
return NULL;
2457
2458
if (wpa_supplicant_init_iface(wpa_s, iface) ||
2459
wpa_supplicant_init_iface2(wpa_s,
2460
global->params.wait_for_interface)) {
2461
wpa_printf(MSG_DEBUG, "Failed to add interface %s",
2462
iface->ifname);
2463
wpa_supplicant_deinit_iface(wpa_s);
2464
os_free(wpa_s);
2465
return NULL;
2466
}
2467
2468
wpa_s->global = global;
2469
2470
/* Register the interface with the dbus control interface */
2471
if (wpas_dbus_register_iface(wpa_s)) {
2472
wpa_supplicant_deinit_iface(wpa_s);
2473
os_free(wpa_s);
2474
return NULL;
2475
}
2476
2477
wpa_s->next = global->ifaces;
2478
global->ifaces = wpa_s;
2479
2480
wpa_printf(MSG_DEBUG, "Added interface %s", wpa_s->ifname);
2481
2482
return wpa_s;
2483
}
2484
2485
2486
/**
2487
* wpa_supplicant_remove_iface - Remove a network interface
2488
* @global: Pointer to global data from wpa_supplicant_init()
2489
* @wpa_s: Pointer to the network interface to be removed
2490
* Returns: 0 if interface was removed, -1 if interface was not found
2491
*
2492
* This function can be used to dynamically remove network interfaces from
2493
* %wpa_supplicant, e.g., when a hotplug network adapter is ejected. In
2494
* addition, this function is used to remove all remaining interdaces when
2495
* %wpa_supplicant is terminated.
2496
*/
2497
int wpa_supplicant_remove_iface(struct wpa_global *global,
2498
struct wpa_supplicant *wpa_s)
2499
{
2500
struct wpa_supplicant *prev;
2501
2502
/* Remove interface from the global list of interfaces */
2503
prev = global->ifaces;
2504
if (prev == wpa_s) {
2505
global->ifaces = wpa_s->next;
2506
} else {
2507
while (prev && prev->next != wpa_s)
2508
prev = prev->next;
2509
if (prev == NULL)
2510
return -1;
2511
prev->next = wpa_s->next;
2512
}
2513
2514
wpa_printf(MSG_DEBUG, "Removing interface %s", wpa_s->ifname);
2515
2516
wpa_supplicant_deinit_iface(wpa_s);
2517
os_free(wpa_s);
2518
2519
return 0;
2520
}
2521
2522
2523
/**
2524
* wpa_supplicant_get_iface - Get a new network interface
2525
* @global: Pointer to global data from wpa_supplicant_init()
2526
* @ifname: Interface name
2527
* Returns: Pointer to the interface or %NULL if not found
2528
*/
2529
struct wpa_supplicant * wpa_supplicant_get_iface(struct wpa_global *global,
2530
const char *ifname)
2531
{
2532
struct wpa_supplicant *wpa_s;
2533
2534
for (wpa_s = global->ifaces; wpa_s; wpa_s = wpa_s->next) {
2535
if (os_strcmp(wpa_s->ifname, ifname) == 0)
2536
return wpa_s;
2537
}
2538
return NULL;
2539
}
2540
2541
2542
/**
2543
* wpa_supplicant_init - Initialize %wpa_supplicant
2544
* @params: Parameters for %wpa_supplicant
2545
* Returns: Pointer to global %wpa_supplicant data, or %NULL on failure
2546
*
2547
* This function is used to initialize %wpa_supplicant. After successful
2548
* initialization, the returned data pointer can be used to add and remove
2549
* network interfaces, and eventually, to deinitialize %wpa_supplicant.
2550
*/
2551
struct wpa_global * wpa_supplicant_init(struct wpa_params *params)
2552
{
2553
struct wpa_global *global;
2554
int ret;
2555
2556
if (params == NULL)
2557
return NULL;
2558
2559
wpa_debug_use_file = params->wpa_debug_use_file;
2560
wpa_debug_open_file();
2561
2562
ret = eap_peer_register_methods();
2563
if (ret) {
2564
wpa_printf(MSG_ERROR, "Failed to register EAP methods");
2565
if (ret == -2)
2566
wpa_printf(MSG_ERROR, "Two or more EAP methods used "
2567
"the same EAP type.");
2568
return NULL;
2569
}
2570
2571
global = os_zalloc(sizeof(*global));
2572
if (global == NULL)
2573
return NULL;
2574
global->params.daemonize = params->daemonize;
2575
global->params.wait_for_interface = params->wait_for_interface;
2576
global->params.wait_for_monitor = params->wait_for_monitor;
2577
global->params.dbus_ctrl_interface = params->dbus_ctrl_interface;
2578
if (params->pid_file)
2579
global->params.pid_file = os_strdup(params->pid_file);
2580
if (params->ctrl_interface)
2581
global->params.ctrl_interface =
2582
os_strdup(params->ctrl_interface);
2583
wpa_debug_level = global->params.wpa_debug_level =
2584
params->wpa_debug_level;
2585
wpa_debug_show_keys = global->params.wpa_debug_show_keys =
2586
params->wpa_debug_show_keys;
2587
wpa_debug_timestamp = global->params.wpa_debug_timestamp =
2588
params->wpa_debug_timestamp;
2589
wpa_debug_use_file = global->params.wpa_debug_use_file =
2590
params->wpa_debug_use_file;
2591
2592
if (eloop_init(global)) {
2593
wpa_printf(MSG_ERROR, "Failed to initialize event loop");
2594
wpa_supplicant_deinit(global);
2595
return NULL;
2596
}
2597
2598
global->ctrl_iface = wpa_supplicant_global_ctrl_iface_init(global);
2599
if (global->ctrl_iface == NULL) {
2600
wpa_supplicant_deinit(global);
2601
return NULL;
2602
}
2603
2604
if (global->params.dbus_ctrl_interface) {
2605
global->dbus_ctrl_iface =
2606
wpa_supplicant_dbus_ctrl_iface_init(global);
2607
if (global->dbus_ctrl_iface == NULL) {
2608
wpa_supplicant_deinit(global);
2609
return NULL;
2610
}
2611
}
2612
2613
if (global->params.wait_for_interface && global->params.daemonize &&
2614
wpa_supplicant_daemon(global->params.pid_file)) {
2615
wpa_supplicant_deinit(global);
2616
return NULL;
2617
}
2618
2619
return global;
2620
}
2621
2622
2623
/**
2624
* wpa_supplicant_run - Run the %wpa_supplicant main event loop
2625
* @global: Pointer to global data from wpa_supplicant_init()
2626
* Returns: 0 after successful event loop run, -1 on failure
2627
*
2628
* This function starts the main event loop and continues running as long as
2629
* there are any remaining events. In most cases, this function is running as
2630
* long as the %wpa_supplicant process in still in use.
2631
*/
2632
int wpa_supplicant_run(struct wpa_global *global)
2633
{
2634
struct wpa_supplicant *wpa_s;
2635
2636
if (!global->params.wait_for_interface && global->params.daemonize &&
2637
wpa_supplicant_daemon(global->params.pid_file))
2638
return -1;
2639
2640
if (global->params.wait_for_monitor) {
2641
for (wpa_s = global->ifaces; wpa_s; wpa_s = wpa_s->next)
2642
if (wpa_s->ctrl_iface)
2643
wpa_supplicant_ctrl_iface_wait(
2644
wpa_s->ctrl_iface);
2645
}
2646
2647
eloop_register_signal_terminate(wpa_supplicant_terminate, NULL);
2648
eloop_register_signal_reconfig(wpa_supplicant_reconfig, NULL);
2649
2650
eloop_run();
2651
2652
return 0;
2653
}
2654
2655
2656
/**
2657
* wpa_supplicant_deinit - Deinitialize %wpa_supplicant
2658
* @global: Pointer to global data from wpa_supplicant_init()
2659
*
2660
* This function is called to deinitialize %wpa_supplicant and to free all
2661
* allocated resources. Remaining network interfaces will also be removed.
2662
*/
2663
void wpa_supplicant_deinit(struct wpa_global *global)
2664
{
2665
if (global == NULL)
2666
return;
2667
2668
while (global->ifaces)
2669
wpa_supplicant_remove_iface(global, global->ifaces);
2670
2671
if (global->ctrl_iface)
2672
wpa_supplicant_global_ctrl_iface_deinit(global->ctrl_iface);
2673
if (global->dbus_ctrl_iface)
2674
wpa_supplicant_dbus_ctrl_iface_deinit(global->dbus_ctrl_iface);
2675
2676
eap_peer_unregister_methods();
2677
2678
eloop_destroy();
2679
2680
if (global->params.pid_file) {
2681
os_daemonize_terminate(global->params.pid_file);
2682
os_free(global->params.pid_file);
2683
}
2684
os_free(global->params.ctrl_interface);
2685
2686
os_free(global);
2687
wpa_debug_close_file();
2688
}
Loggerhead is a web-based interface for Breezy
Version: 2.0.1