3
* Copyright (c) 2003-2010, Jouni Malinen <j@w1.fi>
5
* This program is free software; you can redistribute it and/or modify
6
* it under the terms of the GNU General Public License version 2 as
7
* published by the Free Software Foundation.
9
* Alternatively, this software may be distributed under the terms of BSD
12
* See README and COPYING for more details.
14
* This file implements functions for registering and unregistering
15
* %wpa_supplicant interfaces. In addition, this file contains number of
16
* functions for managing network connections.
22
#include "eapol_supp/eapol_supp_sm.h"
23
#include "eap_peer/eap.h"
24
#include "eap_server/eap_methods.h"
25
#include "rsn_supp/wpa.h"
28
#include "l2_packet/l2_packet.h"
29
#include "wpa_supplicant_i.h"
31
#include "ctrl_iface.h"
32
#include "pcsc_funcs.h"
33
#include "common/version.h"
34
#include "rsn_supp/preauth.h"
35
#include "rsn_supp/pmksa_cache.h"
36
#include "common/wpa_ctrl.h"
38
#include "common/ieee802_11_defs.h"
39
#include "blacklist.h"
40
#include "wpas_glue.h"
41
#include "wps_supplicant.h"
50
const char *wpa_supplicant_version =
51
"wpa_supplicant v" VERSION_STR "\n"
52
"Copyright (c) 2003-2010, Jouni Malinen <j@w1.fi> and contributors";
54
const char *wpa_supplicant_license =
55
"This program is free software. You can distribute it and/or modify it\n"
56
"under the terms of the GNU General Public License version 2.\n"
58
"Alternatively, this software may be distributed under the terms of the\n"
59
"BSD license. See README and COPYING for more details.\n"
60
#ifdef EAP_TLS_OPENSSL
61
"\nThis product includes software developed by the OpenSSL Project\n"
62
"for use in the OpenSSL Toolkit (http://www.openssl.org/)\n"
63
#endif /* EAP_TLS_OPENSSL */
66
#ifndef CONFIG_NO_STDOUT_DEBUG
67
/* Long text divided into parts in order to fit in C89 strings size limits. */
68
const char *wpa_supplicant_full_license1 =
69
"This program is free software; you can redistribute it and/or modify\n"
70
"it under the terms of the GNU General Public License version 2 as\n"
71
"published by the Free Software Foundation.\n"
73
"This program is distributed in the hope that it will be useful,\n"
74
"but WITHOUT ANY WARRANTY; without even the implied warranty of\n"
75
"MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n"
76
"GNU General Public License for more details.\n"
78
const char *wpa_supplicant_full_license2 =
79
"You should have received a copy of the GNU General Public License\n"
80
"along with this program; if not, write to the Free Software\n"
81
"Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA\n"
83
"Alternatively, this software may be distributed under the terms of the\n"
86
"Redistribution and use in source and binary forms, with or without\n"
87
"modification, are permitted provided that the following conditions are\n"
90
const char *wpa_supplicant_full_license3 =
91
"1. Redistributions of source code must retain the above copyright\n"
92
" notice, this list of conditions and the following disclaimer.\n"
94
"2. Redistributions in binary form must reproduce the above copyright\n"
95
" notice, this list of conditions and the following disclaimer in the\n"
96
" documentation and/or other materials provided with the distribution.\n"
98
const char *wpa_supplicant_full_license4 =
99
"3. Neither the name(s) of the above-listed copyright holder(s) nor the\n"
100
" names of its contributors may be used to endorse or promote products\n"
101
" derived from this software without specific prior written permission.\n"
103
"THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS\n"
104
"\"AS IS\" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT\n"
105
"LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR\n"
106
"A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT\n";
107
const char *wpa_supplicant_full_license5 =
108
"OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,\n"
109
"SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT\n"
110
"LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,\n"
111
"DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY\n"
112
"THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT\n"
113
"(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE\n"
114
"OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n"
116
#endif /* CONFIG_NO_STDOUT_DEBUG */
118
extern int wpa_debug_level;
119
extern int wpa_debug_show_keys;
120
extern int wpa_debug_timestamp;
121
extern struct wpa_driver_ops *wpa_drivers[];
123
/* Configure default/group WEP keys for static WEP */
124
int wpa_set_wep_keys(struct wpa_supplicant *wpa_s, struct wpa_ssid *ssid)
128
for (i = 0; i < NUM_WEP_KEYS; i++) {
129
if (ssid->wep_key_len[i] == 0)
133
wpa_drv_set_key(wpa_s, WPA_ALG_WEP,
134
(u8 *) "\xff\xff\xff\xff\xff\xff",
135
i, i == ssid->wep_tx_keyidx, (u8 *) "", 0,
136
ssid->wep_key[i], ssid->wep_key_len[i]);
143
static int wpa_supplicant_set_wpa_none_key(struct wpa_supplicant *wpa_s,
144
struct wpa_ssid *ssid)
151
/* IBSS/WPA-None uses only one key (Group) for both receiving and
152
* sending unicast and multicast packets. */
154
if (ssid->mode != WPAS_MODE_IBSS) {
155
wpa_printf(MSG_INFO, "WPA: Invalid mode %d (not IBSS/ad-hoc) "
156
"for WPA-None", ssid->mode);
160
if (!ssid->psk_set) {
161
wpa_printf(MSG_INFO, "WPA: No PSK configured for WPA-None");
165
switch (wpa_s->group_cipher) {
166
case WPA_CIPHER_CCMP:
167
os_memcpy(key, ssid->psk, 16);
171
case WPA_CIPHER_TKIP:
172
/* WPA-None uses the same Michael MIC key for both TX and RX */
173
os_memcpy(key, ssid->psk, 16 + 8);
174
os_memcpy(key + 16 + 8, ssid->psk + 16, 8);
179
wpa_printf(MSG_INFO, "WPA: Invalid group cipher %d for "
180
"WPA-None", wpa_s->group_cipher);
184
/* TODO: should actually remember the previously used seq#, both for TX
185
* and RX from each STA.. */
187
return wpa_drv_set_key(wpa_s, alg, (u8 *) "\xff\xff\xff\xff\xff\xff",
188
0, 1, seq, 6, key, keylen);
192
static void wpa_supplicant_timeout(void *eloop_ctx, void *timeout_ctx)
194
struct wpa_supplicant *wpa_s = eloop_ctx;
195
const u8 *bssid = wpa_s->bssid;
196
if (is_zero_ether_addr(bssid))
197
bssid = wpa_s->pending_bssid;
198
wpa_msg(wpa_s, MSG_INFO, "Authentication with " MACSTR " timed out.",
200
wpa_blacklist_add(wpa_s, bssid);
201
wpa_sm_notify_disassoc(wpa_s->wpa);
202
wpa_supplicant_disassociate(wpa_s, WLAN_REASON_DEAUTH_LEAVING);
203
wpa_s->reassociate = 1;
204
wpa_supplicant_req_scan(wpa_s, 0, 0);
209
* wpa_supplicant_req_auth_timeout - Schedule a timeout for authentication
210
* @wpa_s: Pointer to wpa_supplicant data
211
* @sec: Number of seconds after which to time out authentication
212
* @usec: Number of microseconds after which to time out authentication
214
* This function is used to schedule a timeout for the current authentication
217
void wpa_supplicant_req_auth_timeout(struct wpa_supplicant *wpa_s,
220
if (wpa_s->conf && wpa_s->conf->ap_scan == 0 &&
221
(wpa_s->drv_flags & WPA_DRIVER_FLAGS_WIRED))
224
wpa_msg(wpa_s, MSG_DEBUG, "Setting authentication timeout: %d sec "
225
"%d usec", sec, usec);
226
eloop_cancel_timeout(wpa_supplicant_timeout, wpa_s, NULL);
227
eloop_register_timeout(sec, usec, wpa_supplicant_timeout, wpa_s, NULL);
232
* wpa_supplicant_cancel_auth_timeout - Cancel authentication timeout
233
* @wpa_s: Pointer to wpa_supplicant data
235
* This function is used to cancel authentication timeout scheduled with
236
* wpa_supplicant_req_auth_timeout() and it is called when authentication has
239
void wpa_supplicant_cancel_auth_timeout(struct wpa_supplicant *wpa_s)
241
wpa_msg(wpa_s, MSG_DEBUG, "Cancelling authentication timeout");
242
eloop_cancel_timeout(wpa_supplicant_timeout, wpa_s, NULL);
243
wpa_blacklist_del(wpa_s, wpa_s->bssid);
248
* wpa_supplicant_initiate_eapol - Configure EAPOL state machine
249
* @wpa_s: Pointer to wpa_supplicant data
251
* This function is used to configure EAPOL state machine based on the selected
252
* authentication mode.
254
void wpa_supplicant_initiate_eapol(struct wpa_supplicant *wpa_s)
256
#ifdef IEEE8021X_EAPOL
257
struct eapol_config eapol_conf;
258
struct wpa_ssid *ssid = wpa_s->current_ssid;
260
#ifdef CONFIG_IBSS_RSN
261
if (ssid->mode == WPAS_MODE_IBSS &&
262
wpa_s->key_mgmt != WPA_KEY_MGMT_NONE &&
263
wpa_s->key_mgmt != WPA_KEY_MGMT_WPA_NONE) {
265
* RSN IBSS authentication is per-STA and we can disable the
266
* per-BSSID EAPOL authentication.
268
eapol_sm_notify_portControl(wpa_s->eapol, ForceAuthorized);
269
eapol_sm_notify_eap_success(wpa_s->eapol, TRUE);
270
eapol_sm_notify_eap_fail(wpa_s->eapol, FALSE);
273
#endif /* CONFIG_IBSS_RSN */
275
eapol_sm_notify_eap_success(wpa_s->eapol, FALSE);
276
eapol_sm_notify_eap_fail(wpa_s->eapol, FALSE);
278
if (wpa_s->key_mgmt == WPA_KEY_MGMT_NONE ||
279
wpa_s->key_mgmt == WPA_KEY_MGMT_WPA_NONE)
280
eapol_sm_notify_portControl(wpa_s->eapol, ForceAuthorized);
282
eapol_sm_notify_portControl(wpa_s->eapol, Auto);
284
os_memset(&eapol_conf, 0, sizeof(eapol_conf));
285
if (wpa_s->key_mgmt == WPA_KEY_MGMT_IEEE8021X_NO_WPA) {
286
eapol_conf.accept_802_1x_keys = 1;
287
eapol_conf.required_keys = 0;
288
if (ssid->eapol_flags & EAPOL_FLAG_REQUIRE_KEY_UNICAST) {
289
eapol_conf.required_keys |= EAPOL_REQUIRE_KEY_UNICAST;
291
if (ssid->eapol_flags & EAPOL_FLAG_REQUIRE_KEY_BROADCAST) {
292
eapol_conf.required_keys |=
293
EAPOL_REQUIRE_KEY_BROADCAST;
296
if (wpa_s->conf && (wpa_s->drv_flags & WPA_DRIVER_FLAGS_WIRED))
297
eapol_conf.required_keys = 0;
300
eapol_conf.fast_reauth = wpa_s->conf->fast_reauth;
301
eapol_conf.workaround = ssid->eap_workaround;
302
eapol_conf.eap_disabled =
303
!wpa_key_mgmt_wpa_ieee8021x(wpa_s->key_mgmt) &&
304
wpa_s->key_mgmt != WPA_KEY_MGMT_IEEE8021X_NO_WPA &&
305
wpa_s->key_mgmt != WPA_KEY_MGMT_WPS;
306
eapol_sm_notify_config(wpa_s->eapol, &ssid->eap, &eapol_conf);
307
#endif /* IEEE8021X_EAPOL */
312
* wpa_supplicant_set_non_wpa_policy - Set WPA parameters to non-WPA mode
313
* @wpa_s: Pointer to wpa_supplicant data
314
* @ssid: Configuration data for the network
316
* This function is used to configure WPA state machine and related parameters
317
* to a mode where WPA is not enabled. This is called as part of the
318
* authentication configuration when the selected network does not use WPA.
320
void wpa_supplicant_set_non_wpa_policy(struct wpa_supplicant *wpa_s,
321
struct wpa_ssid *ssid)
325
if (ssid->key_mgmt & WPA_KEY_MGMT_WPS)
326
wpa_s->key_mgmt = WPA_KEY_MGMT_WPS;
327
else if (ssid->key_mgmt & WPA_KEY_MGMT_IEEE8021X_NO_WPA)
328
wpa_s->key_mgmt = WPA_KEY_MGMT_IEEE8021X_NO_WPA;
330
wpa_s->key_mgmt = WPA_KEY_MGMT_NONE;
331
wpa_sm_set_ap_wpa_ie(wpa_s->wpa, NULL, 0);
332
wpa_sm_set_ap_rsn_ie(wpa_s->wpa, NULL, 0);
333
wpa_sm_set_assoc_wpa_ie(wpa_s->wpa, NULL, 0);
334
wpa_s->pairwise_cipher = WPA_CIPHER_NONE;
335
wpa_s->group_cipher = WPA_CIPHER_NONE;
336
wpa_s->mgmt_group_cipher = 0;
338
for (i = 0; i < NUM_WEP_KEYS; i++) {
339
if (ssid->wep_key_len[i] > 5) {
340
wpa_s->pairwise_cipher = WPA_CIPHER_WEP104;
341
wpa_s->group_cipher = WPA_CIPHER_WEP104;
343
} else if (ssid->wep_key_len[i] > 0) {
344
wpa_s->pairwise_cipher = WPA_CIPHER_WEP40;
345
wpa_s->group_cipher = WPA_CIPHER_WEP40;
350
wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_RSN_ENABLED, 0);
351
wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_KEY_MGMT, wpa_s->key_mgmt);
352
wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_PAIRWISE,
353
wpa_s->pairwise_cipher);
354
wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_GROUP, wpa_s->group_cipher);
355
#ifdef CONFIG_IEEE80211W
356
wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_MGMT_GROUP,
357
wpa_s->mgmt_group_cipher);
358
#endif /* CONFIG_IEEE80211W */
360
pmksa_cache_clear_current(wpa_s->wpa);
364
static void wpa_supplicant_cleanup(struct wpa_supplicant *wpa_s)
366
bgscan_deinit(wpa_s);
367
scard_deinit(wpa_s->scard);
369
wpa_sm_set_scard_ctx(wpa_s->wpa, NULL);
370
eapol_sm_register_scard_ctx(wpa_s->eapol, NULL);
371
l2_packet_deinit(wpa_s->l2);
374
l2_packet_deinit(wpa_s->l2_br);
378
if (wpa_s->ctrl_iface) {
379
wpa_supplicant_ctrl_iface_deinit(wpa_s->ctrl_iface);
380
wpa_s->ctrl_iface = NULL;
382
if (wpa_s->conf != NULL) {
383
struct wpa_ssid *ssid;
384
for (ssid = wpa_s->conf->ssid; ssid; ssid = ssid->next)
385
wpas_notify_network_removed(wpa_s, ssid);
386
wpa_config_free(wpa_s->conf);
390
os_free(wpa_s->confname);
391
wpa_s->confname = NULL;
393
wpa_sm_set_eapol(wpa_s->wpa, NULL);
394
eapol_sm_deinit(wpa_s->eapol);
397
rsn_preauth_deinit(wpa_s->wpa);
399
pmksa_candidate_free(wpa_s->wpa);
400
wpa_sm_deinit(wpa_s->wpa);
402
wpa_blacklist_clear(wpa_s);
404
wpa_bss_deinit(wpa_s);
406
wpa_supplicant_cancel_scan(wpa_s);
407
wpa_supplicant_cancel_auth_timeout(wpa_s);
409
ieee80211_sta_deinit(wpa_s);
411
wpas_wps_deinit(wpa_s);
413
wpabuf_free(wpa_s->pending_eapol_rx);
414
wpa_s->pending_eapol_rx = NULL;
416
#ifdef CONFIG_IBSS_RSN
417
ibss_rsn_deinit(wpa_s->ibss_rsn);
418
wpa_s->ibss_rsn = NULL;
419
#endif /* CONFIG_IBSS_RSN */
424
wpa_supplicant_ap_deinit(wpa_s);
425
#endif /* CONFIG_AP */
427
os_free(wpa_s->next_scan_freqs);
428
wpa_s->next_scan_freqs = NULL;
433
* wpa_clear_keys - Clear keys configured for the driver
434
* @wpa_s: Pointer to wpa_supplicant data
435
* @addr: Previously used BSSID or %NULL if not available
437
* This function clears the encryption keys that has been previously configured
440
void wpa_clear_keys(struct wpa_supplicant *wpa_s, const u8 *addr)
442
u8 *bcast = (u8 *) "\xff\xff\xff\xff\xff\xff";
444
if (wpa_s->keys_cleared) {
445
/* Some drivers (e.g., ndiswrapper & NDIS drivers) seem to have
446
* timing issues with keys being cleared just before new keys
447
* are set or just after association or something similar. This
448
* shows up in group key handshake failing often because of the
449
* client not receiving the first encrypted packets correctly.
450
* Skipping some of the extra key clearing steps seems to help
451
* in completing group key handshake more reliably. */
452
wpa_printf(MSG_DEBUG, "No keys have been configured - "
453
"skip key clearing");
457
/* MLME-DELETEKEYS.request */
458
wpa_drv_set_key(wpa_s, WPA_ALG_NONE, bcast, 0, 0, NULL, 0, NULL, 0);
459
wpa_drv_set_key(wpa_s, WPA_ALG_NONE, bcast, 1, 0, NULL, 0, NULL, 0);
460
wpa_drv_set_key(wpa_s, WPA_ALG_NONE, bcast, 2, 0, NULL, 0, NULL, 0);
461
wpa_drv_set_key(wpa_s, WPA_ALG_NONE, bcast, 3, 0, NULL, 0, NULL, 0);
462
#ifdef CONFIG_IEEE80211W
463
wpa_drv_set_key(wpa_s, WPA_ALG_NONE, bcast, 4, 0, NULL, 0, NULL, 0);
464
wpa_drv_set_key(wpa_s, WPA_ALG_NONE, bcast, 5, 0, NULL, 0, NULL, 0);
465
#endif /* CONFIG_IEEE80211W */
467
wpa_drv_set_key(wpa_s, WPA_ALG_NONE, addr, 0, 0, NULL, 0, NULL,
469
/* MLME-SETPROTECTION.request(None) */
470
wpa_drv_mlme_setprotection(
472
MLME_SETPROTECTION_PROTECT_TYPE_NONE,
473
MLME_SETPROTECTION_KEY_TYPE_PAIRWISE);
475
wpa_s->keys_cleared = 1;
480
* wpa_supplicant_state_txt - Get the connection state name as a text string
481
* @state: State (wpa_state; WPA_*)
482
* Returns: The state name as a printable text string
484
const char * wpa_supplicant_state_txt(enum wpa_states state)
487
case WPA_DISCONNECTED:
488
return "DISCONNECTED";
493
case WPA_AUTHENTICATING:
494
return "AUTHENTICATING";
495
case WPA_ASSOCIATING:
496
return "ASSOCIATING";
499
case WPA_4WAY_HANDSHAKE:
500
return "4WAY_HANDSHAKE";
501
case WPA_GROUP_HANDSHAKE:
502
return "GROUP_HANDSHAKE";
512
* wpa_supplicant_set_state - Set current connection state
513
* @wpa_s: Pointer to wpa_supplicant data
514
* @state: The new connection state
516
* This function is called whenever the connection state changes, e.g.,
517
* association is completed for WPA/WPA2 4-Way Handshake is started.
519
void wpa_supplicant_set_state(struct wpa_supplicant *wpa_s,
520
enum wpa_states state)
522
enum wpa_states old_state = wpa_s->wpa_state;
524
wpa_printf(MSG_DEBUG, "State: %s -> %s",
525
wpa_supplicant_state_txt(wpa_s->wpa_state),
526
wpa_supplicant_state_txt(state));
528
if (state != WPA_SCANNING)
529
wpa_supplicant_notify_scanning(wpa_s, 0);
531
if (state == WPA_COMPLETED && wpa_s->new_connection) {
532
#if defined(CONFIG_CTRL_IFACE) || !defined(CONFIG_NO_STDOUT_DEBUG)
533
struct wpa_ssid *ssid = wpa_s->current_ssid;
534
wpa_msg(wpa_s, MSG_INFO, WPA_EVENT_CONNECTED "- Connection to "
535
MACSTR " completed %s [id=%d id_str=%s]",
536
MAC2STR(wpa_s->bssid), wpa_s->reassociated_connection ?
537
"(reauth)" : "(auth)",
538
ssid ? ssid->id : -1,
539
ssid && ssid->id_str ? ssid->id_str : "");
540
#endif /* CONFIG_CTRL_IFACE || !CONFIG_NO_STDOUT_DEBUG */
541
wpa_s->new_connection = 0;
542
wpa_s->reassociated_connection = 1;
543
wpa_drv_set_operstate(wpa_s, 1);
544
wpa_s->after_wps = 0;
545
} else if (state == WPA_DISCONNECTED || state == WPA_ASSOCIATING ||
546
state == WPA_ASSOCIATED) {
547
wpa_s->new_connection = 1;
548
wpa_drv_set_operstate(wpa_s, 0);
550
wpa_s->wpa_state = state;
552
if (wpa_s->wpa_state != old_state)
553
wpas_notify_state_changed(wpa_s, wpa_s->wpa_state, old_state);
557
void wpa_supplicant_terminate_proc(struct wpa_global *global)
561
struct wpa_supplicant *wpa_s = global->ifaces;
563
if (wpas_wps_terminate_pending(wpa_s) == 1)
567
#endif /* CONFIG_WPS */
574
static void wpa_supplicant_terminate(int sig, void *signal_ctx)
576
struct wpa_global *global = signal_ctx;
577
struct wpa_supplicant *wpa_s;
578
for (wpa_s = global->ifaces; wpa_s; wpa_s = wpa_s->next) {
579
wpa_msg(wpa_s, MSG_INFO, WPA_EVENT_TERMINATING "- signal %d "
582
wpa_supplicant_terminate_proc(global);
586
static void wpa_supplicant_clear_status(struct wpa_supplicant *wpa_s)
588
enum wpa_states old_state = wpa_s->wpa_state;
590
wpa_s->pairwise_cipher = 0;
591
wpa_s->group_cipher = 0;
592
wpa_s->mgmt_group_cipher = 0;
594
wpa_s->wpa_state = WPA_DISCONNECTED;
596
if (wpa_s->wpa_state != old_state)
597
wpas_notify_state_changed(wpa_s, wpa_s->wpa_state, old_state);
602
* wpa_supplicant_reload_configuration - Reload configuration data
603
* @wpa_s: Pointer to wpa_supplicant data
604
* Returns: 0 on success or -1 if configuration parsing failed
606
* This function can be used to request that the configuration data is reloaded
607
* (e.g., after configuration file change). This function is reloading
608
* configuration only for one interface, so this may need to be called multiple
609
* times if %wpa_supplicant is controlling multiple interfaces and all
610
* interfaces need reconfiguration.
612
int wpa_supplicant_reload_configuration(struct wpa_supplicant *wpa_s)
614
struct wpa_config *conf;
615
struct wpa_ssid *old_ssid;
619
if (wpa_s->confname == NULL)
621
conf = wpa_config_read(wpa_s->confname);
623
wpa_msg(wpa_s, MSG_ERROR, "Failed to parse the configuration "
624
"file '%s' - exiting", wpa_s->confname);
628
reconf_ctrl = !!conf->ctrl_interface != !!wpa_s->conf->ctrl_interface
629
|| (conf->ctrl_interface && wpa_s->conf->ctrl_interface &&
630
os_strcmp(conf->ctrl_interface,
631
wpa_s->conf->ctrl_interface) != 0);
633
if (reconf_ctrl && wpa_s->ctrl_iface) {
634
wpa_supplicant_ctrl_iface_deinit(wpa_s->ctrl_iface);
635
wpa_s->ctrl_iface = NULL;
638
eapol_sm_invalidate_cached_session(wpa_s->eapol);
639
old_ssid = wpa_s->current_ssid;
640
wpa_s->current_ssid = NULL;
641
if (old_ssid != wpa_s->current_ssid)
642
wpas_notify_network_changed(wpa_s);
645
* TODO: should notify EAPOL SM about changes in opensc_engine_path,
646
* pkcs11_engine_path, pkcs11_module_path.
648
if (wpa_key_mgmt_wpa_psk(wpa_s->key_mgmt)) {
650
* Clear forced success to clear EAP state for next
653
eapol_sm_notify_eap_success(wpa_s->eapol, FALSE);
655
eapol_sm_notify_config(wpa_s->eapol, NULL, NULL);
656
wpa_sm_set_config(wpa_s->wpa, NULL);
657
wpa_sm_set_fast_reauth(wpa_s->wpa, wpa_s->conf->fast_reauth);
658
rsn_preauth_deinit(wpa_s->wpa);
660
old_ap_scan = wpa_s->conf->ap_scan;
661
wpa_config_free(wpa_s->conf);
663
if (old_ap_scan != wpa_s->conf->ap_scan)
664
wpas_notify_ap_scan_changed(wpa_s);
667
wpa_s->ctrl_iface = wpa_supplicant_ctrl_iface_init(wpa_s);
669
wpa_supplicant_clear_status(wpa_s);
670
wpa_s->reassociate = 1;
671
wpa_supplicant_req_scan(wpa_s, 0, 0);
672
wpa_msg(wpa_s, MSG_DEBUG, "Reconfiguration completed");
677
static void wpa_supplicant_reconfig(int sig, void *signal_ctx)
679
struct wpa_global *global = signal_ctx;
680
struct wpa_supplicant *wpa_s;
681
wpa_printf(MSG_DEBUG, "Signal %d received - reconfiguring", sig);
682
for (wpa_s = global->ifaces; wpa_s; wpa_s = wpa_s->next) {
683
if (wpa_supplicant_reload_configuration(wpa_s) < 0) {
684
wpa_supplicant_terminate_proc(global);
690
enum wpa_cipher cipher_suite2driver(int cipher)
693
case WPA_CIPHER_NONE:
695
case WPA_CIPHER_WEP40:
697
case WPA_CIPHER_WEP104:
698
return CIPHER_WEP104;
699
case WPA_CIPHER_CCMP:
701
case WPA_CIPHER_TKIP:
708
enum wpa_key_mgmt key_mgmt2driver(int key_mgmt)
711
case WPA_KEY_MGMT_NONE:
712
return KEY_MGMT_NONE;
713
case WPA_KEY_MGMT_IEEE8021X_NO_WPA:
714
return KEY_MGMT_802_1X_NO_WPA;
715
case WPA_KEY_MGMT_IEEE8021X:
716
return KEY_MGMT_802_1X;
717
case WPA_KEY_MGMT_WPA_NONE:
718
return KEY_MGMT_WPA_NONE;
719
case WPA_KEY_MGMT_FT_IEEE8021X:
720
return KEY_MGMT_FT_802_1X;
721
case WPA_KEY_MGMT_FT_PSK:
722
return KEY_MGMT_FT_PSK;
723
case WPA_KEY_MGMT_IEEE8021X_SHA256:
724
return KEY_MGMT_802_1X_SHA256;
725
case WPA_KEY_MGMT_PSK_SHA256:
726
return KEY_MGMT_PSK_SHA256;
727
case WPA_KEY_MGMT_WPS:
729
case WPA_KEY_MGMT_PSK:
736
static int wpa_supplicant_suites_from_ai(struct wpa_supplicant *wpa_s,
737
struct wpa_ssid *ssid,
738
struct wpa_ie_data *ie)
740
int ret = wpa_sm_parse_own_wpa_ie(wpa_s->wpa, ie);
743
wpa_msg(wpa_s, MSG_INFO, "WPA: Failed to parse WPA IE "
744
"from association info");
749
wpa_printf(MSG_DEBUG, "WPA: Using WPA IE from AssocReq to set cipher "
751
if (!(ie->group_cipher & ssid->group_cipher)) {
752
wpa_msg(wpa_s, MSG_INFO, "WPA: Driver used disabled group "
753
"cipher 0x%x (mask 0x%x) - reject",
754
ie->group_cipher, ssid->group_cipher);
757
if (!(ie->pairwise_cipher & ssid->pairwise_cipher)) {
758
wpa_msg(wpa_s, MSG_INFO, "WPA: Driver used disabled pairwise "
759
"cipher 0x%x (mask 0x%x) - reject",
760
ie->pairwise_cipher, ssid->pairwise_cipher);
763
if (!(ie->key_mgmt & ssid->key_mgmt)) {
764
wpa_msg(wpa_s, MSG_INFO, "WPA: Driver used disabled key "
765
"management 0x%x (mask 0x%x) - reject",
766
ie->key_mgmt, ssid->key_mgmt);
770
#ifdef CONFIG_IEEE80211W
771
if (!(ie->capabilities & WPA_CAPABILITY_MFPC) &&
772
ssid->ieee80211w == MGMT_FRAME_PROTECTION_REQUIRED) {
773
wpa_msg(wpa_s, MSG_INFO, "WPA: Driver associated with an AP "
774
"that does not support management frame protection - "
778
#endif /* CONFIG_IEEE80211W */
785
* wpa_supplicant_set_suites - Set authentication and encryption parameters
786
* @wpa_s: Pointer to wpa_supplicant data
787
* @bss: Scan results for the selected BSS, or %NULL if not available
788
* @ssid: Configuration data for the selected network
789
* @wpa_ie: Buffer for the WPA/RSN IE
790
* @wpa_ie_len: Maximum wpa_ie buffer size on input. This is changed to be the
791
* used buffer length in case the functions returns success.
792
* Returns: 0 on success or -1 on failure
794
* This function is used to configure authentication and encryption parameters
795
* based on the network configuration and scan result for the selected BSS (if
798
int wpa_supplicant_set_suites(struct wpa_supplicant *wpa_s,
799
struct wpa_bss *bss, struct wpa_ssid *ssid,
800
u8 *wpa_ie, size_t *wpa_ie_len)
802
struct wpa_ie_data ie;
804
const u8 *bss_wpa, *bss_rsn;
807
bss_wpa = wpa_bss_get_vendor_ie(bss, WPA_IE_VENDOR_TYPE);
808
bss_rsn = wpa_bss_get_ie(bss, WLAN_EID_RSN);
810
bss_wpa = bss_rsn = NULL;
812
if (bss_rsn && (ssid->proto & WPA_PROTO_RSN) &&
813
wpa_parse_wpa_ie(bss_rsn, 2 + bss_rsn[1], &ie) == 0 &&
814
(ie.group_cipher & ssid->group_cipher) &&
815
(ie.pairwise_cipher & ssid->pairwise_cipher) &&
816
(ie.key_mgmt & ssid->key_mgmt)) {
817
wpa_msg(wpa_s, MSG_DEBUG, "RSN: using IEEE 802.11i/D9.0");
818
proto = WPA_PROTO_RSN;
819
} else if (bss_wpa && (ssid->proto & WPA_PROTO_WPA) &&
820
wpa_parse_wpa_ie(bss_wpa, 2 +bss_wpa[1], &ie) == 0 &&
821
(ie.group_cipher & ssid->group_cipher) &&
822
(ie.pairwise_cipher & ssid->pairwise_cipher) &&
823
(ie.key_mgmt & ssid->key_mgmt)) {
824
wpa_msg(wpa_s, MSG_DEBUG, "WPA: using IEEE 802.11i/D3.0");
825
proto = WPA_PROTO_WPA;
827
wpa_msg(wpa_s, MSG_WARNING, "WPA: Failed to select WPA/RSN");
830
if (ssid->proto & WPA_PROTO_RSN)
831
proto = WPA_PROTO_RSN;
833
proto = WPA_PROTO_WPA;
834
if (wpa_supplicant_suites_from_ai(wpa_s, ssid, &ie) < 0) {
835
os_memset(&ie, 0, sizeof(ie));
836
ie.group_cipher = ssid->group_cipher;
837
ie.pairwise_cipher = ssid->pairwise_cipher;
838
ie.key_mgmt = ssid->key_mgmt;
839
#ifdef CONFIG_IEEE80211W
840
ie.mgmt_group_cipher =
841
ssid->ieee80211w != NO_MGMT_FRAME_PROTECTION ?
842
WPA_CIPHER_AES_128_CMAC : 0;
843
#endif /* CONFIG_IEEE80211W */
844
wpa_printf(MSG_DEBUG, "WPA: Set cipher suites based "
850
wpa_printf(MSG_DEBUG, "WPA: Selected cipher suites: group %d "
851
"pairwise %d key_mgmt %d proto %d",
852
ie.group_cipher, ie.pairwise_cipher, ie.key_mgmt, proto);
853
#ifdef CONFIG_IEEE80211W
854
if (ssid->ieee80211w) {
855
wpa_printf(MSG_DEBUG, "WPA: Selected mgmt group cipher %d",
856
ie.mgmt_group_cipher);
858
#endif /* CONFIG_IEEE80211W */
860
wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_PROTO, proto);
861
wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_RSN_ENABLED,
862
!!(ssid->proto & WPA_PROTO_RSN));
864
if (bss || !wpa_s->ap_ies_from_associnfo) {
865
if (wpa_sm_set_ap_wpa_ie(wpa_s->wpa, bss_wpa,
866
bss_wpa ? 2 + bss_wpa[1] : 0) ||
867
wpa_sm_set_ap_rsn_ie(wpa_s->wpa, bss_rsn,
868
bss_rsn ? 2 + bss_rsn[1] : 0))
872
sel = ie.group_cipher & ssid->group_cipher;
873
if (sel & WPA_CIPHER_CCMP) {
874
wpa_s->group_cipher = WPA_CIPHER_CCMP;
875
wpa_msg(wpa_s, MSG_DEBUG, "WPA: using GTK CCMP");
876
} else if (sel & WPA_CIPHER_TKIP) {
877
wpa_s->group_cipher = WPA_CIPHER_TKIP;
878
wpa_msg(wpa_s, MSG_DEBUG, "WPA: using GTK TKIP");
879
} else if (sel & WPA_CIPHER_WEP104) {
880
wpa_s->group_cipher = WPA_CIPHER_WEP104;
881
wpa_msg(wpa_s, MSG_DEBUG, "WPA: using GTK WEP104");
882
} else if (sel & WPA_CIPHER_WEP40) {
883
wpa_s->group_cipher = WPA_CIPHER_WEP40;
884
wpa_msg(wpa_s, MSG_DEBUG, "WPA: using GTK WEP40");
886
wpa_printf(MSG_WARNING, "WPA: Failed to select group cipher.");
890
sel = ie.pairwise_cipher & ssid->pairwise_cipher;
891
if (sel & WPA_CIPHER_CCMP) {
892
wpa_s->pairwise_cipher = WPA_CIPHER_CCMP;
893
wpa_msg(wpa_s, MSG_DEBUG, "WPA: using PTK CCMP");
894
} else if (sel & WPA_CIPHER_TKIP) {
895
wpa_s->pairwise_cipher = WPA_CIPHER_TKIP;
896
wpa_msg(wpa_s, MSG_DEBUG, "WPA: using PTK TKIP");
897
} else if (sel & WPA_CIPHER_NONE) {
898
wpa_s->pairwise_cipher = WPA_CIPHER_NONE;
899
wpa_msg(wpa_s, MSG_DEBUG, "WPA: using PTK NONE");
901
wpa_printf(MSG_WARNING, "WPA: Failed to select pairwise "
906
sel = ie.key_mgmt & ssid->key_mgmt;
908
#ifdef CONFIG_IEEE80211R
909
} else if (sel & WPA_KEY_MGMT_FT_IEEE8021X) {
910
wpa_s->key_mgmt = WPA_KEY_MGMT_FT_IEEE8021X;
911
wpa_msg(wpa_s, MSG_DEBUG, "WPA: using KEY_MGMT FT/802.1X");
912
} else if (sel & WPA_KEY_MGMT_FT_PSK) {
913
wpa_s->key_mgmt = WPA_KEY_MGMT_FT_PSK;
914
wpa_msg(wpa_s, MSG_DEBUG, "WPA: using KEY_MGMT FT/PSK");
915
#endif /* CONFIG_IEEE80211R */
916
#ifdef CONFIG_IEEE80211W
917
} else if (sel & WPA_KEY_MGMT_IEEE8021X_SHA256) {
918
wpa_s->key_mgmt = WPA_KEY_MGMT_IEEE8021X_SHA256;
919
wpa_msg(wpa_s, MSG_DEBUG,
920
"WPA: using KEY_MGMT 802.1X with SHA256");
921
} else if (sel & WPA_KEY_MGMT_PSK_SHA256) {
922
wpa_s->key_mgmt = WPA_KEY_MGMT_PSK_SHA256;
923
wpa_msg(wpa_s, MSG_DEBUG,
924
"WPA: using KEY_MGMT PSK with SHA256");
925
#endif /* CONFIG_IEEE80211W */
926
} else if (sel & WPA_KEY_MGMT_IEEE8021X) {
927
wpa_s->key_mgmt = WPA_KEY_MGMT_IEEE8021X;
928
wpa_msg(wpa_s, MSG_DEBUG, "WPA: using KEY_MGMT 802.1X");
929
} else if (sel & WPA_KEY_MGMT_PSK) {
930
wpa_s->key_mgmt = WPA_KEY_MGMT_PSK;
931
wpa_msg(wpa_s, MSG_DEBUG, "WPA: using KEY_MGMT WPA-PSK");
932
} else if (sel & WPA_KEY_MGMT_WPA_NONE) {
933
wpa_s->key_mgmt = WPA_KEY_MGMT_WPA_NONE;
934
wpa_msg(wpa_s, MSG_DEBUG, "WPA: using KEY_MGMT WPA-NONE");
936
wpa_printf(MSG_WARNING, "WPA: Failed to select authenticated "
937
"key management type.");
941
wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_KEY_MGMT, wpa_s->key_mgmt);
942
wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_PAIRWISE,
943
wpa_s->pairwise_cipher);
944
wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_GROUP, wpa_s->group_cipher);
946
#ifdef CONFIG_IEEE80211W
947
sel = ie.mgmt_group_cipher;
948
if (ssid->ieee80211w == NO_MGMT_FRAME_PROTECTION ||
949
!(ie.capabilities & WPA_CAPABILITY_MFPC))
951
if (sel & WPA_CIPHER_AES_128_CMAC) {
952
wpa_s->mgmt_group_cipher = WPA_CIPHER_AES_128_CMAC;
953
wpa_msg(wpa_s, MSG_DEBUG, "WPA: using MGMT group cipher "
956
wpa_s->mgmt_group_cipher = 0;
957
wpa_msg(wpa_s, MSG_DEBUG, "WPA: not using MGMT group cipher");
959
wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_MGMT_GROUP,
960
wpa_s->mgmt_group_cipher);
961
wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_MFP, ssid->ieee80211w);
962
#endif /* CONFIG_IEEE80211W */
964
if (wpa_sm_set_assoc_wpa_ie_default(wpa_s->wpa, wpa_ie, wpa_ie_len)) {
965
wpa_printf(MSG_WARNING, "WPA: Failed to generate WPA IE.");
970
(WPA_KEY_MGMT_PSK | WPA_KEY_MGMT_FT_PSK | WPA_KEY_MGMT_PSK_SHA256))
971
wpa_sm_set_pmk(wpa_s->wpa, ssid->psk, PMK_LEN);
973
wpa_sm_set_pmk_from_pmksa(wpa_s->wpa);
980
* wpa_supplicant_associate - Request association
981
* @wpa_s: Pointer to wpa_supplicant data
982
* @bss: Scan results for the selected BSS, or %NULL if not available
983
* @ssid: Configuration data for the selected network
985
* This function is used to request %wpa_supplicant to associate with a BSS.
987
void wpa_supplicant_associate(struct wpa_supplicant *wpa_s,
988
struct wpa_bss *bss, struct wpa_ssid *ssid)
992
int use_crypt, ret, i, bssid_changed;
993
int algs = WPA_AUTH_ALG_OPEN;
994
enum wpa_cipher cipher_pairwise, cipher_group;
995
struct wpa_driver_associate_params params;
996
int wep_keys_set = 0;
997
struct wpa_driver_capa capa;
998
int assoc_failed = 0;
999
struct wpa_ssid *old_ssid;
1001
if (ssid->mode == WPAS_MODE_AP) {
1003
if (!(wpa_s->drv_flags & WPA_DRIVER_FLAGS_AP)) {
1004
wpa_printf(MSG_INFO, "Driver does not support AP "
1008
wpa_supplicant_create_ap(wpa_s, ssid);
1009
wpa_s->current_bss = bss;
1010
#else /* CONFIG_AP */
1011
wpa_printf(MSG_ERROR, "AP mode support not included in the "
1013
#endif /* CONFIG_AP */
1017
if ((wpa_s->drv_flags & WPA_DRIVER_FLAGS_SME) &&
1018
ssid->mode == IEEE80211_MODE_INFRA) {
1019
sme_authenticate(wpa_s, bss, ssid);
1023
wpa_s->reassociate = 0;
1025
#ifdef CONFIG_IEEE80211R
1026
const u8 *ie, *md = NULL;
1027
#endif /* CONFIG_IEEE80211R */
1028
wpa_msg(wpa_s, MSG_INFO, "Trying to associate with " MACSTR
1029
" (SSID='%s' freq=%d MHz)", MAC2STR(bss->bssid),
1030
wpa_ssid_txt(bss->ssid, bss->ssid_len), bss->freq);
1031
bssid_changed = !is_zero_ether_addr(wpa_s->bssid);
1032
os_memset(wpa_s->bssid, 0, ETH_ALEN);
1033
os_memcpy(wpa_s->pending_bssid, bss->bssid, ETH_ALEN);
1035
wpas_notify_bssid_changed(wpa_s);
1036
#ifdef CONFIG_IEEE80211R
1037
ie = wpa_bss_get_ie(bss, WLAN_EID_MOBILITY_DOMAIN);
1038
if (ie && ie[1] >= MOBILITY_DOMAIN_ID_LEN)
1040
wpa_sm_set_ft_params(wpa_s->wpa, ie, ie ? 2 + ie[1] : 0);
1042
/* Prepare for the next transition */
1043
wpa_ft_prepare_auth_request(wpa_s->wpa, ie);
1045
#endif /* CONFIG_IEEE80211R */
1047
} else if ((ssid->ssid == NULL || ssid->ssid_len == 0) &&
1048
wpa_s->conf->ap_scan == 2 &&
1049
(ssid->key_mgmt & WPA_KEY_MGMT_WPS)) {
1050
/* Use ap_scan==1 style network selection to find the network
1052
wpa_s->scan_req = 2;
1053
wpa_s->reassociate = 1;
1054
wpa_supplicant_req_scan(wpa_s, 0, 0);
1056
#endif /* CONFIG_WPS */
1058
wpa_msg(wpa_s, MSG_INFO, "Trying to associate with SSID '%s'",
1059
wpa_ssid_txt(ssid->ssid, ssid->ssid_len));
1060
os_memset(wpa_s->pending_bssid, 0, ETH_ALEN);
1062
wpa_supplicant_cancel_scan(wpa_s);
1064
/* Starting new association, so clear the possibly used WPA IE from the
1065
* previous association. */
1066
wpa_sm_set_assoc_wpa_ie(wpa_s->wpa, NULL, 0);
1068
#ifdef IEEE8021X_EAPOL
1069
if (ssid->key_mgmt & WPA_KEY_MGMT_IEEE8021X_NO_WPA) {
1071
if (ssid->non_leap == 0)
1072
algs = WPA_AUTH_ALG_LEAP;
1074
algs |= WPA_AUTH_ALG_LEAP;
1077
#endif /* IEEE8021X_EAPOL */
1078
wpa_printf(MSG_DEBUG, "Automatic auth_alg selection: 0x%x", algs);
1079
if (ssid->auth_alg) {
1080
algs = ssid->auth_alg;
1081
wpa_printf(MSG_DEBUG, "Overriding auth_alg selection: 0x%x",
1085
if (bss && (wpa_bss_get_vendor_ie(bss, WPA_IE_VENDOR_TYPE) ||
1086
wpa_bss_get_ie(bss, WLAN_EID_RSN)) &&
1087
(ssid->key_mgmt & (WPA_KEY_MGMT_IEEE8021X | WPA_KEY_MGMT_PSK |
1088
WPA_KEY_MGMT_FT_IEEE8021X |
1089
WPA_KEY_MGMT_FT_PSK |
1090
WPA_KEY_MGMT_IEEE8021X_SHA256 |
1091
WPA_KEY_MGMT_PSK_SHA256))) {
1092
int try_opportunistic;
1093
try_opportunistic = ssid->proactive_key_caching &&
1094
(ssid->proto & WPA_PROTO_RSN);
1095
if (pmksa_cache_set_current(wpa_s->wpa, NULL, bss->bssid,
1096
wpa_s->current_ssid,
1097
try_opportunistic) == 0)
1098
eapol_sm_notify_pmkid_attempt(wpa_s->eapol, 1);
1099
wpa_ie_len = sizeof(wpa_ie);
1100
if (wpa_supplicant_set_suites(wpa_s, bss, ssid,
1101
wpa_ie, &wpa_ie_len)) {
1102
wpa_printf(MSG_WARNING, "WPA: Failed to set WPA key "
1103
"management and encryption suites");
1106
} else if (ssid->key_mgmt &
1107
(WPA_KEY_MGMT_PSK | WPA_KEY_MGMT_IEEE8021X |
1108
WPA_KEY_MGMT_WPA_NONE | WPA_KEY_MGMT_FT_PSK |
1109
WPA_KEY_MGMT_FT_IEEE8021X | WPA_KEY_MGMT_PSK_SHA256 |
1110
WPA_KEY_MGMT_IEEE8021X_SHA256)) {
1111
wpa_ie_len = sizeof(wpa_ie);
1112
if (wpa_supplicant_set_suites(wpa_s, NULL, ssid,
1113
wpa_ie, &wpa_ie_len)) {
1114
wpa_printf(MSG_WARNING, "WPA: Failed to set WPA key "
1115
"management and encryption suites (no scan "
1120
} else if (ssid->key_mgmt & WPA_KEY_MGMT_WPS) {
1121
struct wpabuf *wps_ie;
1122
wps_ie = wps_build_assoc_req_ie(wpas_wps_get_req_type(ssid));
1123
if (wps_ie && wpabuf_len(wps_ie) <= sizeof(wpa_ie)) {
1124
wpa_ie_len = wpabuf_len(wps_ie);
1125
os_memcpy(wpa_ie, wpabuf_head(wps_ie), wpa_ie_len);
1128
wpabuf_free(wps_ie);
1129
wpa_supplicant_set_non_wpa_policy(wpa_s, ssid);
1130
#endif /* CONFIG_WPS */
1132
wpa_supplicant_set_non_wpa_policy(wpa_s, ssid);
1136
wpa_clear_keys(wpa_s, bss ? bss->bssid : NULL);
1138
cipher_pairwise = cipher_suite2driver(wpa_s->pairwise_cipher);
1139
cipher_group = cipher_suite2driver(wpa_s->group_cipher);
1140
if (wpa_s->key_mgmt == WPA_KEY_MGMT_NONE ||
1141
wpa_s->key_mgmt == WPA_KEY_MGMT_IEEE8021X_NO_WPA) {
1142
if (wpa_s->key_mgmt == WPA_KEY_MGMT_NONE)
1144
if (wpa_set_wep_keys(wpa_s, ssid)) {
1149
if (wpa_s->key_mgmt == WPA_KEY_MGMT_WPS)
1152
#ifdef IEEE8021X_EAPOL
1153
if (wpa_s->key_mgmt == WPA_KEY_MGMT_IEEE8021X_NO_WPA) {
1154
if ((ssid->eapol_flags &
1155
(EAPOL_FLAG_REQUIRE_KEY_UNICAST |
1156
EAPOL_FLAG_REQUIRE_KEY_BROADCAST)) == 0 &&
1160
/* Assume that dynamic WEP-104 keys will be used and
1161
* set cipher suites in order for drivers to expect
1163
cipher_pairwise = cipher_group = CIPHER_WEP104;
1166
#endif /* IEEE8021X_EAPOL */
1168
if (wpa_s->key_mgmt == WPA_KEY_MGMT_WPA_NONE) {
1169
/* Set the key before (and later after) association */
1170
wpa_supplicant_set_wpa_none_key(wpa_s, ssid);
1173
wpa_supplicant_set_state(wpa_s, WPA_ASSOCIATING);
1174
os_memset(¶ms, 0, sizeof(params));
1176
params.bssid = bss->bssid;
1177
params.ssid = bss->ssid;
1178
params.ssid_len = bss->ssid_len;
1179
params.freq = bss->freq;
1181
params.ssid = ssid->ssid;
1182
params.ssid_len = ssid->ssid_len;
1184
if (ssid->mode == WPAS_MODE_IBSS && ssid->frequency > 0 &&
1186
params.freq = ssid->frequency; /* Initial channel for IBSS */
1187
params.wpa_ie = wpa_ie;
1188
params.wpa_ie_len = wpa_ie_len;
1189
params.pairwise_suite = cipher_pairwise;
1190
params.group_suite = cipher_group;
1191
params.key_mgmt_suite = key_mgmt2driver(wpa_s->key_mgmt);
1192
params.auth_alg = algs;
1193
params.mode = ssid->mode;
1194
for (i = 0; i < NUM_WEP_KEYS; i++) {
1195
if (ssid->wep_key_len[i])
1196
params.wep_key[i] = ssid->wep_key[i];
1197
params.wep_key_len[i] = ssid->wep_key_len[i];
1199
params.wep_tx_keyidx = ssid->wep_tx_keyidx;
1201
if ((wpa_s->drv_flags & WPA_DRIVER_FLAGS_4WAY_HANDSHAKE) &&
1202
(params.key_mgmt_suite == KEY_MGMT_PSK ||
1203
params.key_mgmt_suite == KEY_MGMT_FT_PSK)) {
1204
params.passphrase = ssid->passphrase;
1206
params.psk = ssid->psk;
1209
params.drop_unencrypted = use_crypt;
1211
#ifdef CONFIG_IEEE80211W
1212
params.mgmt_frame_protection = ssid->ieee80211w;
1213
if (ssid->ieee80211w != NO_MGMT_FRAME_PROTECTION && bss) {
1214
const u8 *rsn = wpa_bss_get_ie(bss, WLAN_EID_RSN);
1215
struct wpa_ie_data ie;
1216
if (rsn && wpa_parse_wpa_ie(rsn, 2 + rsn[1], &ie) == 0 &&
1218
(WPA_CAPABILITY_MFPC | WPA_CAPABILITY_MFPR)) {
1219
wpa_printf(MSG_DEBUG, "WPA: Selected AP supports MFP: "
1221
params.mgmt_frame_protection =
1222
MGMT_FRAME_PROTECTION_REQUIRED;
1225
#endif /* CONFIG_IEEE80211W */
1227
if (wpa_s->drv_flags & WPA_DRIVER_FLAGS_USER_SPACE_MLME)
1228
ret = ieee80211_sta_associate(wpa_s, ¶ms);
1230
ret = wpa_drv_associate(wpa_s, ¶ms);
1232
wpa_msg(wpa_s, MSG_INFO, "Association request to the driver "
1234
/* try to continue anyway; new association will be tried again
1239
if (wpa_s->key_mgmt == WPA_KEY_MGMT_WPA_NONE) {
1240
/* Set the key after the association just in case association
1241
* cleared the previously configured key. */
1242
wpa_supplicant_set_wpa_none_key(wpa_s, ssid);
1243
/* No need to timeout authentication since there is no key
1245
wpa_supplicant_cancel_auth_timeout(wpa_s);
1246
wpa_supplicant_set_state(wpa_s, WPA_COMPLETED);
1247
#ifdef CONFIG_IBSS_RSN
1248
} else if (ssid->mode == WPAS_MODE_IBSS &&
1249
wpa_s->key_mgmt != WPA_KEY_MGMT_NONE &&
1250
wpa_s->key_mgmt != WPA_KEY_MGMT_WPA_NONE) {
1251
ibss_rsn_set_psk(wpa_s->ibss_rsn, ssid->psk);
1253
* RSN IBSS authentication is per-STA and we can disable the
1254
* per-BSSID authentication.
1256
wpa_supplicant_cancel_auth_timeout(wpa_s);
1257
#endif /* CONFIG_IBSS_RSN */
1259
/* Timeout for IEEE 802.11 authentication and association */
1263
/* give IBSS a bit more time */
1264
timeout = ssid->mode == WPAS_MODE_IBSS ? 10 : 5;
1265
} else if (wpa_s->conf->ap_scan == 1) {
1266
/* give IBSS a bit more time */
1267
timeout = ssid->mode == WPAS_MODE_IBSS ? 20 : 10;
1269
wpa_supplicant_req_auth_timeout(wpa_s, timeout, 0);
1272
if (wep_keys_set && wpa_drv_get_capa(wpa_s, &capa) == 0 &&
1273
capa.flags & WPA_DRIVER_FLAGS_SET_KEYS_AFTER_ASSOC) {
1274
/* Set static WEP keys again */
1275
wpa_set_wep_keys(wpa_s, ssid);
1278
if (wpa_s->current_ssid && wpa_s->current_ssid != ssid) {
1280
* Do not allow EAP session resumption between different
1281
* network configurations.
1283
eapol_sm_invalidate_cached_session(wpa_s->eapol);
1285
old_ssid = wpa_s->current_ssid;
1286
wpa_s->current_ssid = ssid;
1287
wpa_s->current_bss = bss;
1288
wpa_supplicant_rsn_supp_set_config(wpa_s, wpa_s->current_ssid);
1289
wpa_supplicant_initiate_eapol(wpa_s);
1290
if (old_ssid != wpa_s->current_ssid)
1291
wpas_notify_network_changed(wpa_s);
1296
* wpa_supplicant_disassociate - Disassociate the current connection
1297
* @wpa_s: Pointer to wpa_supplicant data
1298
* @reason_code: IEEE 802.11 reason code for the disassociate frame
1300
* This function is used to request %wpa_supplicant to disassociate with the
1303
void wpa_supplicant_disassociate(struct wpa_supplicant *wpa_s,
1306
struct wpa_ssid *old_ssid;
1309
if (!is_zero_ether_addr(wpa_s->bssid)) {
1310
if (wpa_s->drv_flags & WPA_DRIVER_FLAGS_USER_SPACE_MLME)
1311
ieee80211_sta_disassociate(wpa_s, reason_code);
1313
wpa_drv_disassociate(wpa_s, wpa_s->bssid, reason_code);
1314
addr = wpa_s->bssid;
1316
wpa_clear_keys(wpa_s, addr);
1317
wpa_supplicant_mark_disassoc(wpa_s);
1318
old_ssid = wpa_s->current_ssid;
1319
wpa_s->current_ssid = NULL;
1320
wpa_s->current_bss = NULL;
1321
wpa_sm_set_config(wpa_s->wpa, NULL);
1322
eapol_sm_notify_config(wpa_s->eapol, NULL, NULL);
1323
if (old_ssid != wpa_s->current_ssid)
1324
wpas_notify_network_changed(wpa_s);
1325
eloop_cancel_timeout(wpa_supplicant_timeout, wpa_s, NULL);
1330
* wpa_supplicant_deauthenticate - Deauthenticate the current connection
1331
* @wpa_s: Pointer to wpa_supplicant data
1332
* @reason_code: IEEE 802.11 reason code for the deauthenticate frame
1334
* This function is used to request %wpa_supplicant to deauthenticate from the
1337
void wpa_supplicant_deauthenticate(struct wpa_supplicant *wpa_s,
1340
struct wpa_ssid *old_ssid;
1343
if (!is_zero_ether_addr(wpa_s->bssid)) {
1344
if (wpa_s->drv_flags & WPA_DRIVER_FLAGS_USER_SPACE_MLME)
1345
ieee80211_sta_deauthenticate(wpa_s, reason_code);
1347
wpa_drv_deauthenticate(wpa_s, wpa_s->bssid,
1349
addr = wpa_s->bssid;
1351
wpa_clear_keys(wpa_s, addr);
1352
wpa_supplicant_mark_disassoc(wpa_s);
1353
old_ssid = wpa_s->current_ssid;
1354
wpa_s->current_ssid = NULL;
1355
wpa_s->current_bss = NULL;
1356
wpa_sm_set_config(wpa_s->wpa, NULL);
1357
eapol_sm_notify_config(wpa_s->eapol, NULL, NULL);
1358
if (old_ssid != wpa_s->current_ssid)
1359
wpas_notify_network_changed(wpa_s);
1360
eloop_cancel_timeout(wpa_supplicant_timeout, wpa_s, NULL);
1365
* wpa_supplicant_enable_network - Mark a configured network as enabled
1366
* @wpa_s: wpa_supplicant structure for a network interface
1367
* @ssid: wpa_ssid structure for a configured network or %NULL
1369
* Enables the specified network or all networks if no network specified.
1371
void wpa_supplicant_enable_network(struct wpa_supplicant *wpa_s,
1372
struct wpa_ssid *ssid)
1374
struct wpa_ssid *other_ssid;
1378
other_ssid = wpa_s->conf->ssid;
1379
while (other_ssid) {
1380
if (other_ssid == wpa_s->current_ssid &&
1381
other_ssid->disabled)
1382
wpa_s->reassociate = 1;
1384
was_disabled = other_ssid->disabled;
1386
other_ssid->disabled = 0;
1388
if (was_disabled != other_ssid->disabled)
1389
wpas_notify_network_enabled_changed(
1392
other_ssid = other_ssid->next;
1394
if (wpa_s->reassociate)
1395
wpa_supplicant_req_scan(wpa_s, 0, 0);
1396
} else if (ssid->disabled) {
1397
if (wpa_s->current_ssid == NULL) {
1399
* Try to reassociate since there is no current
1400
* configuration and a new network was made available.
1402
wpa_s->reassociate = 1;
1403
wpa_supplicant_req_scan(wpa_s, 0, 0);
1406
was_disabled = ssid->disabled;
1410
if (was_disabled != ssid->disabled)
1411
wpas_notify_network_enabled_changed(wpa_s, ssid);
1417
* wpa_supplicant_disable_network - Mark a configured network as disabled
1418
* @wpa_s: wpa_supplicant structure for a network interface
1419
* @ssid: wpa_ssid structure for a configured network or %NULL
1421
* Disables the specified network or all networks if no network specified.
1423
void wpa_supplicant_disable_network(struct wpa_supplicant *wpa_s,
1424
struct wpa_ssid *ssid)
1426
struct wpa_ssid *other_ssid;
1430
other_ssid = wpa_s->conf->ssid;
1431
while (other_ssid) {
1432
was_disabled = other_ssid->disabled;
1434
other_ssid->disabled = 1;
1436
if (was_disabled != other_ssid->disabled)
1437
wpas_notify_network_enabled_changed(
1440
other_ssid = other_ssid->next;
1442
if (wpa_s->current_ssid)
1443
wpa_supplicant_disassociate(
1444
wpa_s, WLAN_REASON_DEAUTH_LEAVING);
1446
if (ssid == wpa_s->current_ssid)
1447
wpa_supplicant_disassociate(
1448
wpa_s, WLAN_REASON_DEAUTH_LEAVING);
1450
was_disabled = ssid->disabled;
1454
if (was_disabled != ssid->disabled)
1455
wpas_notify_network_enabled_changed(wpa_s, ssid);
1461
* wpa_supplicant_select_network - Attempt association with a network
1462
* @wpa_s: wpa_supplicant structure for a network interface
1463
* @ssid: wpa_ssid structure for a configured network or %NULL for any network
1465
void wpa_supplicant_select_network(struct wpa_supplicant *wpa_s,
1466
struct wpa_ssid *ssid)
1469
struct wpa_ssid *other_ssid;
1471
if (ssid && ssid != wpa_s->current_ssid && wpa_s->current_ssid)
1472
wpa_supplicant_disassociate(
1473
wpa_s, WLAN_REASON_DEAUTH_LEAVING);
1476
* Mark all other networks disabled or mark all networks enabled if no
1477
* network specified.
1479
other_ssid = wpa_s->conf->ssid;
1480
while (other_ssid) {
1481
int was_disabled = other_ssid->disabled;
1483
other_ssid->disabled = ssid ? (ssid->id != other_ssid->id) : 0;
1485
if (was_disabled != other_ssid->disabled)
1486
wpas_notify_network_enabled_changed(wpa_s, other_ssid);
1488
other_ssid = other_ssid->next;
1490
wpa_s->disconnected = 0;
1491
wpa_s->reassociate = 1;
1492
wpa_supplicant_req_scan(wpa_s, 0, 0);
1495
wpas_notify_network_selected(wpa_s, ssid);
1500
* wpa_supplicant_set_ap_scan - Set AP scan mode for interface
1501
* @wpa_s: wpa_supplicant structure for a network interface
1502
* @ap_scan: AP scan mode
1503
* Returns: 0 if succeed or -1 if ap_scan has an invalid value
1506
int wpa_supplicant_set_ap_scan(struct wpa_supplicant *wpa_s, int ap_scan)
1511
if (ap_scan < 0 || ap_scan > 2)
1514
old_ap_scan = wpa_s->conf->ap_scan;
1515
wpa_s->conf->ap_scan = ap_scan;
1517
if (old_ap_scan != wpa_s->conf->ap_scan)
1518
wpas_notify_ap_scan_changed(wpa_s);
1525
* wpa_supplicant_set_debug_params - Set global debug params
1526
* @global: wpa_global structure
1527
* @debug_level: debug level
1528
* @debug_timestamp: determines if show timestamp in debug data
1529
* @debug_show_keys: determines if show keys in debug data
1530
* Returns: 0 if succeed or -1 if debug_level has wrong value
1532
int wpa_supplicant_set_debug_params(struct wpa_global *global, int debug_level,
1533
int debug_timestamp, int debug_show_keys)
1536
int old_level, old_timestamp, old_show_keys;
1538
/* check for allowed debuglevels */
1539
if (debug_level != MSG_MSGDUMP &&
1540
debug_level != MSG_DEBUG &&
1541
debug_level != MSG_INFO &&
1542
debug_level != MSG_WARNING &&
1543
debug_level != MSG_ERROR)
1546
old_level = wpa_debug_level;
1547
old_timestamp = wpa_debug_timestamp;
1548
old_show_keys = wpa_debug_show_keys;
1550
wpa_debug_level = debug_level;
1551
wpa_debug_timestamp = debug_timestamp ? 1 : 0;
1552
wpa_debug_show_keys = debug_show_keys ? 1 : 0;
1554
if (wpa_debug_level != old_level)
1555
wpas_notify_debug_level_changed(global);
1556
if (wpa_debug_timestamp != old_timestamp)
1557
wpas_notify_debug_timestamp_changed(global);
1558
if (wpa_debug_show_keys != old_show_keys)
1559
wpas_notify_debug_show_keys_changed(global);
1566
* wpa_supplicant_get_ssid - Get a pointer to the current network structure
1567
* @wpa_s: Pointer to wpa_supplicant data
1568
* Returns: A pointer to the current network structure or %NULL on failure
1570
struct wpa_ssid * wpa_supplicant_get_ssid(struct wpa_supplicant *wpa_s)
1572
struct wpa_ssid *entry;
1573
u8 ssid[MAX_SSID_LEN];
1579
if (wpa_s->drv_flags & WPA_DRIVER_FLAGS_USER_SPACE_MLME) {
1580
if (ieee80211_sta_get_ssid(wpa_s, ssid, &ssid_len)) {
1581
wpa_printf(MSG_WARNING, "Could not read SSID from "
1586
res = wpa_drv_get_ssid(wpa_s, ssid);
1588
wpa_printf(MSG_WARNING, "Could not read SSID from "
1595
if (wpa_s->drv_flags & WPA_DRIVER_FLAGS_USER_SPACE_MLME)
1596
os_memcpy(bssid, wpa_s->bssid, ETH_ALEN);
1597
else if (wpa_drv_get_bssid(wpa_s, bssid) < 0) {
1598
wpa_printf(MSG_WARNING, "Could not read BSSID from driver.");
1602
wired = wpa_s->conf->ap_scan == 0 &&
1603
(wpa_s->drv_flags & WPA_DRIVER_FLAGS_WIRED);
1605
entry = wpa_s->conf->ssid;
1607
if (!entry->disabled &&
1608
((ssid_len == entry->ssid_len &&
1609
os_memcmp(ssid, entry->ssid, ssid_len) == 0) || wired) &&
1610
(!entry->bssid_set ||
1611
os_memcmp(bssid, entry->bssid, ETH_ALEN) == 0))
1614
if (!entry->disabled &&
1615
(entry->key_mgmt & WPA_KEY_MGMT_WPS) &&
1616
(entry->ssid == NULL || entry->ssid_len == 0) &&
1617
(!entry->bssid_set ||
1618
os_memcmp(bssid, entry->bssid, ETH_ALEN) == 0))
1620
#endif /* CONFIG_WPS */
1621
entry = entry->next;
1628
static int wpa_supplicant_set_driver(struct wpa_supplicant *wpa_s,
1638
if (wpa_drivers[0] == NULL) {
1639
wpa_printf(MSG_ERROR, "No driver interfaces build into "
1645
/* default to first driver in the list */
1646
wpa_s->driver = wpa_drivers[0];
1647
wpa_s->global_drv_priv = wpa_s->global->drv_priv[0];
1651
pos = os_strchr(name, ',');
1655
len = os_strlen(name);
1656
for (i = 0; wpa_drivers[i]; i++) {
1657
if (os_strlen(wpa_drivers[i]->name) == len &&
1658
os_strncmp(name, wpa_drivers[i]->name, len) ==
1660
wpa_s->driver = wpa_drivers[i];
1661
wpa_s->global_drv_priv = wpa_s->global->drv_priv[i];
1666
wpa_printf(MSG_ERROR, "Unsupported driver '%s'.", name);
1672
* wpa_supplicant_rx_eapol - Deliver a received EAPOL frame to wpa_supplicant
1673
* @ctx: Context pointer (wpa_s); this is the ctx variable registered
1674
* with struct wpa_driver_ops::init()
1675
* @src_addr: Source address of the EAPOL frame
1676
* @buf: EAPOL data starting from the EAPOL header (i.e., no Ethernet header)
1677
* @len: Length of the EAPOL data
1679
* This function is called for each received EAPOL frame. Most driver
1680
* interfaces rely on more generic OS mechanism for receiving frames through
1681
* l2_packet, but if such a mechanism is not available, the driver wrapper may
1682
* take care of received EAPOL frames and deliver them to the core supplicant
1683
* code by calling this function.
1685
void wpa_supplicant_rx_eapol(void *ctx, const u8 *src_addr,
1686
const u8 *buf, size_t len)
1688
struct wpa_supplicant *wpa_s = ctx;
1690
wpa_printf(MSG_DEBUG, "RX EAPOL from " MACSTR, MAC2STR(src_addr));
1691
wpa_hexdump(MSG_MSGDUMP, "RX EAPOL", buf, len);
1693
if (wpa_s->wpa_state < WPA_ASSOCIATED) {
1695
* There is possible race condition between receiving the
1696
* association event and the EAPOL frame since they are coming
1697
* through different paths from the driver. In order to avoid
1698
* issues in trying to process the EAPOL frame before receiving
1699
* association information, lets queue it for processing until
1700
* the association event is received.
1702
wpa_printf(MSG_DEBUG, "Not associated - Delay processing of "
1703
"received EAPOL frame");
1704
wpabuf_free(wpa_s->pending_eapol_rx);
1705
wpa_s->pending_eapol_rx = wpabuf_alloc_copy(buf, len);
1706
if (wpa_s->pending_eapol_rx) {
1707
os_get_time(&wpa_s->pending_eapol_rx_time);
1708
os_memcpy(wpa_s->pending_eapol_rx_src, src_addr,
1715
if (wpa_s->ap_iface) {
1716
wpa_supplicant_ap_rx_eapol(wpa_s, src_addr, buf, len);
1719
#endif /* CONFIG_AP */
1721
if (wpa_s->key_mgmt == WPA_KEY_MGMT_NONE) {
1722
wpa_printf(MSG_DEBUG, "Ignored received EAPOL frame since "
1723
"no key management is configured");
1727
if (wpa_s->eapol_received == 0 &&
1728
(!(wpa_s->drv_flags & WPA_DRIVER_FLAGS_4WAY_HANDSHAKE) ||
1729
!wpa_key_mgmt_wpa_psk(wpa_s->key_mgmt) ||
1730
wpa_s->wpa_state != WPA_COMPLETED) &&
1731
(wpa_s->current_ssid == NULL ||
1732
wpa_s->current_ssid->mode != IEEE80211_MODE_IBSS)) {
1733
/* Timeout for completing IEEE 802.1X and WPA authentication */
1734
wpa_supplicant_req_auth_timeout(
1736
(wpa_key_mgmt_wpa_ieee8021x(wpa_s->key_mgmt) ||
1737
wpa_s->key_mgmt == WPA_KEY_MGMT_IEEE8021X_NO_WPA ||
1738
wpa_s->key_mgmt == WPA_KEY_MGMT_WPS) ?
1741
wpa_s->eapol_received++;
1743
if (wpa_s->countermeasures) {
1744
wpa_printf(MSG_INFO, "WPA: Countermeasures - dropped EAPOL "
1749
#ifdef CONFIG_IBSS_RSN
1750
if (wpa_s->current_ssid &&
1751
wpa_s->current_ssid->mode == WPAS_MODE_IBSS) {
1752
ibss_rsn_rx_eapol(wpa_s->ibss_rsn, src_addr, buf, len);
1755
#endif /* CONFIG_IBSS_RSN */
1757
/* Source address of the incoming EAPOL frame could be compared to the
1758
* current BSSID. However, it is possible that a centralized
1759
* Authenticator could be using another MAC address than the BSSID of
1760
* an AP, so just allow any address to be used for now. The replies are
1761
* still sent to the current BSSID (if available), though. */
1763
os_memcpy(wpa_s->last_eapol_src, src_addr, ETH_ALEN);
1764
if (!wpa_key_mgmt_wpa_psk(wpa_s->key_mgmt) &&
1765
eapol_sm_rx_eapol(wpa_s->eapol, src_addr, buf, len) > 0)
1767
wpa_drv_poll(wpa_s);
1768
if (!(wpa_s->drv_flags & WPA_DRIVER_FLAGS_4WAY_HANDSHAKE))
1769
wpa_sm_rx_eapol(wpa_s->wpa, src_addr, buf, len);
1770
else if (wpa_key_mgmt_wpa_ieee8021x(wpa_s->key_mgmt)) {
1772
* Set portValid = TRUE here since we are going to skip 4-way
1773
* handshake processing which would normally set portValid. We
1774
* need this to allow the EAPOL state machines to be completed
1775
* without going through EAPOL-Key handshake.
1777
eapol_sm_notify_portValid(wpa_s->eapol, TRUE);
1783
* wpa_supplicant_driver_init - Initialize driver interface parameters
1784
* @wpa_s: Pointer to wpa_supplicant data
1785
* Returns: 0 on success, -1 on failure
1787
* This function is called to initialize driver interface parameters.
1788
* wpa_drv_init() must have been called before this function to initialize the
1791
int wpa_supplicant_driver_init(struct wpa_supplicant *wpa_s)
1793
static int interface_count = 0;
1795
if (wpa_s->driver->send_eapol) {
1796
const u8 *addr = wpa_drv_get_mac_addr(wpa_s);
1798
os_memcpy(wpa_s->own_addr, addr, ETH_ALEN);
1800
wpa_s->l2 = l2_packet_init(wpa_s->ifname,
1801
wpa_drv_get_mac_addr(wpa_s),
1803
wpa_supplicant_rx_eapol, wpa_s, 0);
1804
if (wpa_s->l2 == NULL)
1808
if (wpa_s->l2 && l2_packet_get_own_addr(wpa_s->l2, wpa_s->own_addr)) {
1809
wpa_printf(MSG_ERROR, "Failed to get own L2 address");
1813
wpa_printf(MSG_DEBUG, "Own MAC address: " MACSTR,
1814
MAC2STR(wpa_s->own_addr));
1816
if (wpa_s->bridge_ifname[0]) {
1817
wpa_printf(MSG_DEBUG, "Receiving packets from bridge interface"
1818
" '%s'", wpa_s->bridge_ifname);
1819
wpa_s->l2_br = l2_packet_init(wpa_s->bridge_ifname,
1822
wpa_supplicant_rx_eapol, wpa_s,
1824
if (wpa_s->l2_br == NULL) {
1825
wpa_printf(MSG_ERROR, "Failed to open l2_packet "
1826
"connection for the bridge interface '%s'",
1827
wpa_s->bridge_ifname);
1832
wpa_clear_keys(wpa_s, NULL);
1834
/* Make sure that TKIP countermeasures are not left enabled (could
1835
* happen if wpa_supplicant is killed during countermeasures. */
1836
wpa_drv_set_countermeasures(wpa_s, 0);
1838
wpa_printf(MSG_DEBUG, "RSN: flushing PMKID list in the driver");
1839
wpa_drv_flush_pmkid(wpa_s);
1841
wpa_s->prev_scan_ssid = WILDCARD_SSID_SCAN;
1842
if (wpa_supplicant_enabled_networks(wpa_s->conf)) {
1843
wpa_supplicant_req_scan(wpa_s, interface_count, 100000);
1846
wpa_supplicant_set_state(wpa_s, WPA_INACTIVE);
1852
static int wpa_supplicant_daemon(const char *pid_file)
1854
wpa_printf(MSG_DEBUG, "Daemonize..");
1855
return os_daemonize(pid_file);
1859
static struct wpa_supplicant * wpa_supplicant_alloc(void)
1861
struct wpa_supplicant *wpa_s;
1863
wpa_s = os_zalloc(sizeof(*wpa_s));
1866
wpa_s->scan_req = 1;
1867
wpa_s->new_connection = 1;
1873
static int wpa_supplicant_init_iface(struct wpa_supplicant *wpa_s,
1874
struct wpa_interface *iface)
1876
const char *ifname, *driver;
1877
struct wpa_driver_capa capa;
1879
wpa_printf(MSG_DEBUG, "Initializing interface '%s' conf '%s' driver "
1880
"'%s' ctrl_interface '%s' bridge '%s'", iface->ifname,
1881
iface->confname ? iface->confname : "N/A",
1882
iface->driver ? iface->driver : "default",
1883
iface->ctrl_interface ? iface->ctrl_interface : "N/A",
1884
iface->bridge_ifname ? iface->bridge_ifname : "N/A");
1886
if (iface->confname) {
1887
#ifdef CONFIG_BACKEND_FILE
1888
wpa_s->confname = os_rel2abs_path(iface->confname);
1889
if (wpa_s->confname == NULL) {
1890
wpa_printf(MSG_ERROR, "Failed to get absolute path "
1891
"for configuration file '%s'.",
1895
wpa_printf(MSG_DEBUG, "Configuration file '%s' -> '%s'",
1896
iface->confname, wpa_s->confname);
1897
#else /* CONFIG_BACKEND_FILE */
1898
wpa_s->confname = os_strdup(iface->confname);
1899
#endif /* CONFIG_BACKEND_FILE */
1900
wpa_s->conf = wpa_config_read(wpa_s->confname);
1901
if (wpa_s->conf == NULL) {
1902
wpa_printf(MSG_ERROR, "Failed to read or parse "
1903
"configuration '%s'.", wpa_s->confname);
1908
* Override ctrl_interface and driver_param if set on command
1911
if (iface->ctrl_interface) {
1912
os_free(wpa_s->conf->ctrl_interface);
1913
wpa_s->conf->ctrl_interface =
1914
os_strdup(iface->ctrl_interface);
1917
if (iface->driver_param) {
1918
os_free(wpa_s->conf->driver_param);
1919
wpa_s->conf->driver_param =
1920
os_strdup(iface->driver_param);
1923
wpa_s->conf = wpa_config_alloc_empty(iface->ctrl_interface,
1924
iface->driver_param);
1926
if (wpa_s->conf == NULL) {
1927
wpa_printf(MSG_ERROR, "\nNo configuration found.");
1931
if (iface->ifname == NULL) {
1932
wpa_printf(MSG_ERROR, "\nInterface name is required.");
1935
if (os_strlen(iface->ifname) >= sizeof(wpa_s->ifname)) {
1936
wpa_printf(MSG_ERROR, "\nToo long interface name '%s'.",
1940
os_strlcpy(wpa_s->ifname, iface->ifname, sizeof(wpa_s->ifname));
1942
if (iface->bridge_ifname) {
1943
if (os_strlen(iface->bridge_ifname) >=
1944
sizeof(wpa_s->bridge_ifname)) {
1945
wpa_printf(MSG_ERROR, "\nToo long bridge interface "
1946
"name '%s'.", iface->bridge_ifname);
1949
os_strlcpy(wpa_s->bridge_ifname, iface->bridge_ifname,
1950
sizeof(wpa_s->bridge_ifname));
1953
/* RSNA Supplicant Key Management - INITIALIZE */
1954
eapol_sm_notify_portEnabled(wpa_s->eapol, FALSE);
1955
eapol_sm_notify_portValid(wpa_s->eapol, FALSE);
1957
/* Initialize driver interface and register driver event handler before
1958
* L2 receive handler so that association events are processed before
1959
* EAPOL-Key packets if both become available for the same select()
1961
driver = iface->driver;
1963
if (wpa_supplicant_set_driver(wpa_s, driver) < 0)
1966
wpa_s->drv_priv = wpa_drv_init(wpa_s, wpa_s->ifname);
1967
if (wpa_s->drv_priv == NULL) {
1969
pos = driver ? os_strchr(driver, ',') : NULL;
1971
wpa_printf(MSG_DEBUG, "Failed to initialize driver "
1972
"interface - try next driver wrapper");
1976
wpa_printf(MSG_ERROR, "Failed to initialize driver interface");
1979
if (wpa_drv_set_param(wpa_s, wpa_s->conf->driver_param) < 0) {
1980
wpa_printf(MSG_ERROR, "Driver interface rejected "
1981
"driver_param '%s'", wpa_s->conf->driver_param);
1985
ifname = wpa_drv_get_ifname(wpa_s);
1986
if (ifname && os_strcmp(ifname, wpa_s->ifname) != 0) {
1987
wpa_printf(MSG_DEBUG, "Driver interface replaced interface "
1988
"name with '%s'", ifname);
1989
os_strlcpy(wpa_s->ifname, ifname, sizeof(wpa_s->ifname));
1992
if (wpa_supplicant_init_wpa(wpa_s) < 0)
1995
wpa_sm_set_ifname(wpa_s->wpa, wpa_s->ifname,
1996
wpa_s->bridge_ifname[0] ? wpa_s->bridge_ifname :
1998
wpa_sm_set_fast_reauth(wpa_s->wpa, wpa_s->conf->fast_reauth);
2000
if (wpa_s->conf->dot11RSNAConfigPMKLifetime &&
2001
wpa_sm_set_param(wpa_s->wpa, RSNA_PMK_LIFETIME,
2002
wpa_s->conf->dot11RSNAConfigPMKLifetime)) {
2003
wpa_printf(MSG_ERROR, "Invalid WPA parameter value for "
2004
"dot11RSNAConfigPMKLifetime");
2008
if (wpa_s->conf->dot11RSNAConfigPMKReauthThreshold &&
2009
wpa_sm_set_param(wpa_s->wpa, RSNA_PMK_REAUTH_THRESHOLD,
2010
wpa_s->conf->dot11RSNAConfigPMKReauthThreshold)) {
2011
wpa_printf(MSG_ERROR, "Invalid WPA parameter value for "
2012
"dot11RSNAConfigPMKReauthThreshold");
2016
if (wpa_s->conf->dot11RSNAConfigSATimeout &&
2017
wpa_sm_set_param(wpa_s->wpa, RSNA_SA_TIMEOUT,
2018
wpa_s->conf->dot11RSNAConfigSATimeout)) {
2019
wpa_printf(MSG_ERROR, "Invalid WPA parameter value for "
2020
"dot11RSNAConfigSATimeout");
2024
if (wpa_drv_get_capa(wpa_s, &capa) == 0) {
2025
wpa_s->drv_flags = capa.flags;
2026
if (capa.flags & WPA_DRIVER_FLAGS_USER_SPACE_MLME) {
2027
if (ieee80211_sta_init(wpa_s))
2030
wpa_s->max_scan_ssids = capa.max_scan_ssids;
2031
wpa_s->max_remain_on_chan = capa.max_remain_on_chan;
2033
if (wpa_s->max_remain_on_chan == 0)
2034
wpa_s->max_remain_on_chan = 1000;
2036
if (wpa_supplicant_driver_init(wpa_s) < 0)
2039
if (wpa_s->conf->country[0] && wpa_s->conf->country[1] &&
2040
wpa_drv_set_country(wpa_s, wpa_s->conf->country)) {
2041
wpa_printf(MSG_DEBUG, "Failed to set country");
2045
wpa_sm_set_own_addr(wpa_s->wpa, wpa_s->own_addr);
2047
if (wpas_wps_init(wpa_s))
2050
if (wpa_supplicant_init_eapol(wpa_s) < 0)
2052
wpa_sm_set_eapol(wpa_s->wpa, wpa_s->eapol);
2054
wpa_s->ctrl_iface = wpa_supplicant_ctrl_iface_init(wpa_s);
2055
if (wpa_s->ctrl_iface == NULL) {
2056
wpa_printf(MSG_ERROR,
2057
"Failed to initialize control interface '%s'.\n"
2058
"You may have another wpa_supplicant process "
2059
"already running or the file was\n"
2060
"left by an unclean termination of wpa_supplicant "
2061
"in which case you will need\n"
2062
"to manually remove this file before starting "
2063
"wpa_supplicant again.\n",
2064
wpa_s->conf->ctrl_interface);
2068
#ifdef CONFIG_IBSS_RSN
2069
wpa_s->ibss_rsn = ibss_rsn_init(wpa_s);
2070
if (!wpa_s->ibss_rsn) {
2071
wpa_printf(MSG_DEBUG, "Failed to init IBSS RSN");
2074
#endif /* CONFIG_IBSS_RSN */
2076
if (wpa_bss_init(wpa_s) < 0)
2083
static void wpa_supplicant_deinit_iface(struct wpa_supplicant *wpa_s,
2086
if (wpa_s->drv_priv) {
2087
wpa_supplicant_deauthenticate(wpa_s,
2088
WLAN_REASON_DEAUTH_LEAVING);
2090
wpa_drv_set_countermeasures(wpa_s, 0);
2091
wpa_clear_keys(wpa_s, NULL);
2094
wpa_supplicant_cleanup(wpa_s);
2097
wpas_notify_iface_removed(wpa_s);
2099
if (wpa_s->drv_priv)
2100
wpa_drv_deinit(wpa_s);
2105
* wpa_supplicant_add_iface - Add a new network interface
2106
* @global: Pointer to global data from wpa_supplicant_init()
2107
* @iface: Interface configuration options
2108
* Returns: Pointer to the created interface or %NULL on failure
2110
* This function is used to add new network interfaces for %wpa_supplicant.
2111
* This can be called before wpa_supplicant_run() to add interfaces before the
2112
* main event loop has been started. In addition, new interfaces can be added
2113
* dynamically while %wpa_supplicant is already running. This could happen,
2114
* e.g., when a hotplug network adapter is inserted.
2116
struct wpa_supplicant * wpa_supplicant_add_iface(struct wpa_global *global,
2117
struct wpa_interface *iface)
2119
struct wpa_supplicant *wpa_s;
2120
struct wpa_interface t_iface;
2121
struct wpa_ssid *ssid;
2123
if (global == NULL || iface == NULL)
2126
wpa_s = wpa_supplicant_alloc();
2130
wpa_s->global = global;
2133
if (global->params.override_driver) {
2134
wpa_printf(MSG_DEBUG, "Override interface parameter: driver "
2136
iface->driver, global->params.override_driver);
2137
t_iface.driver = global->params.override_driver;
2139
if (global->params.override_ctrl_interface) {
2140
wpa_printf(MSG_DEBUG, "Override interface parameter: "
2141
"ctrl_interface ('%s' -> '%s')",
2142
iface->ctrl_interface,
2143
global->params.override_ctrl_interface);
2144
t_iface.ctrl_interface =
2145
global->params.override_ctrl_interface;
2147
if (wpa_supplicant_init_iface(wpa_s, &t_iface)) {
2148
wpa_printf(MSG_DEBUG, "Failed to add interface %s",
2150
wpa_supplicant_deinit_iface(wpa_s, 0);
2155
/* Notify the control interfaces about new iface */
2156
if (wpas_notify_iface_added(wpa_s)) {
2157
wpa_supplicant_deinit_iface(wpa_s, 1);
2162
for (ssid = wpa_s->conf->ssid; ssid; ssid = ssid->next)
2163
wpas_notify_network_added(wpa_s, ssid);
2165
wpa_s->next = global->ifaces;
2166
global->ifaces = wpa_s;
2168
wpa_printf(MSG_DEBUG, "Added interface %s", wpa_s->ifname);
2175
* wpa_supplicant_remove_iface - Remove a network interface
2176
* @global: Pointer to global data from wpa_supplicant_init()
2177
* @wpa_s: Pointer to the network interface to be removed
2178
* Returns: 0 if interface was removed, -1 if interface was not found
2180
* This function can be used to dynamically remove network interfaces from
2181
* %wpa_supplicant, e.g., when a hotplug network adapter is ejected. In
2182
* addition, this function is used to remove all remaining interfaces when
2183
* %wpa_supplicant is terminated.
2185
int wpa_supplicant_remove_iface(struct wpa_global *global,
2186
struct wpa_supplicant *wpa_s)
2188
struct wpa_supplicant *prev;
2190
/* Remove interface from the global list of interfaces */
2191
prev = global->ifaces;
2192
if (prev == wpa_s) {
2193
global->ifaces = wpa_s->next;
2195
while (prev && prev->next != wpa_s)
2199
prev->next = wpa_s->next;
2202
wpa_printf(MSG_DEBUG, "Removing interface %s", wpa_s->ifname);
2204
wpa_supplicant_deinit_iface(wpa_s, 1);
2212
* wpa_supplicant_get_iface - Get a new network interface
2213
* @global: Pointer to global data from wpa_supplicant_init()
2214
* @ifname: Interface name
2215
* Returns: Pointer to the interface or %NULL if not found
2217
struct wpa_supplicant * wpa_supplicant_get_iface(struct wpa_global *global,
2220
struct wpa_supplicant *wpa_s;
2222
for (wpa_s = global->ifaces; wpa_s; wpa_s = wpa_s->next) {
2223
if (os_strcmp(wpa_s->ifname, ifname) == 0)
2231
* wpa_supplicant_init - Initialize %wpa_supplicant
2232
* @params: Parameters for %wpa_supplicant
2233
* Returns: Pointer to global %wpa_supplicant data, or %NULL on failure
2235
* This function is used to initialize %wpa_supplicant. After successful
2236
* initialization, the returned data pointer can be used to add and remove
2237
* network interfaces, and eventually, to deinitialize %wpa_supplicant.
2239
struct wpa_global * wpa_supplicant_init(struct wpa_params *params)
2241
struct wpa_global *global;
2247
wpa_debug_open_file(params->wpa_debug_file_path);
2248
if (params->wpa_debug_syslog)
2249
wpa_debug_open_syslog();
2251
ret = eap_register_methods();
2253
wpa_printf(MSG_ERROR, "Failed to register EAP methods");
2255
wpa_printf(MSG_ERROR, "Two or more EAP methods used "
2256
"the same EAP type.");
2260
global = os_zalloc(sizeof(*global));
2263
global->params.daemonize = params->daemonize;
2264
global->params.wait_for_monitor = params->wait_for_monitor;
2265
global->params.dbus_ctrl_interface = params->dbus_ctrl_interface;
2266
if (params->pid_file)
2267
global->params.pid_file = os_strdup(params->pid_file);
2268
if (params->ctrl_interface)
2269
global->params.ctrl_interface =
2270
os_strdup(params->ctrl_interface);
2271
if (params->override_driver)
2272
global->params.override_driver =
2273
os_strdup(params->override_driver);
2274
if (params->override_ctrl_interface)
2275
global->params.override_ctrl_interface =
2276
os_strdup(params->override_ctrl_interface);
2277
wpa_debug_level = global->params.wpa_debug_level =
2278
params->wpa_debug_level;
2279
wpa_debug_show_keys = global->params.wpa_debug_show_keys =
2280
params->wpa_debug_show_keys;
2281
wpa_debug_timestamp = global->params.wpa_debug_timestamp =
2282
params->wpa_debug_timestamp;
2285
wpa_printf(MSG_ERROR, "Failed to initialize event loop");
2286
wpa_supplicant_deinit(global);
2290
global->ctrl_iface = wpa_supplicant_global_ctrl_iface_init(global);
2291
if (global->ctrl_iface == NULL) {
2292
wpa_supplicant_deinit(global);
2296
if (wpas_notify_supplicant_initialized(global)) {
2297
wpa_supplicant_deinit(global);
2301
for (i = 0; wpa_drivers[i]; i++)
2302
global->drv_count++;
2303
if (global->drv_count == 0) {
2304
wpa_printf(MSG_ERROR, "No drivers enabled");
2305
wpa_supplicant_deinit(global);
2308
global->drv_priv = os_zalloc(global->drv_count * sizeof(void *));
2309
if (global->drv_priv == NULL) {
2310
wpa_supplicant_deinit(global);
2313
for (i = 0; wpa_drivers[i]; i++) {
2314
if (!wpa_drivers[i]->global_init)
2316
global->drv_priv[i] = wpa_drivers[i]->global_init();
2317
if (global->drv_priv[i] == NULL) {
2318
wpa_printf(MSG_ERROR, "Failed to initialize driver "
2319
"'%s'", wpa_drivers[i]->name);
2320
wpa_supplicant_deinit(global);
2330
* wpa_supplicant_run - Run the %wpa_supplicant main event loop
2331
* @global: Pointer to global data from wpa_supplicant_init()
2332
* Returns: 0 after successful event loop run, -1 on failure
2334
* This function starts the main event loop and continues running as long as
2335
* there are any remaining events. In most cases, this function is running as
2336
* long as the %wpa_supplicant process in still in use.
2338
int wpa_supplicant_run(struct wpa_global *global)
2340
struct wpa_supplicant *wpa_s;
2342
if (global->params.daemonize &&
2343
wpa_supplicant_daemon(global->params.pid_file))
2346
if (global->params.wait_for_monitor) {
2347
for (wpa_s = global->ifaces; wpa_s; wpa_s = wpa_s->next)
2348
if (wpa_s->ctrl_iface)
2349
wpa_supplicant_ctrl_iface_wait(
2353
eloop_register_signal_terminate(wpa_supplicant_terminate, global);
2354
eloop_register_signal_reconfig(wpa_supplicant_reconfig, global);
2363
* wpa_supplicant_deinit - Deinitialize %wpa_supplicant
2364
* @global: Pointer to global data from wpa_supplicant_init()
2366
* This function is called to deinitialize %wpa_supplicant and to free all
2367
* allocated resources. Remaining network interfaces will also be removed.
2369
void wpa_supplicant_deinit(struct wpa_global *global)
2376
while (global->ifaces)
2377
wpa_supplicant_remove_iface(global, global->ifaces);
2379
if (global->ctrl_iface)
2380
wpa_supplicant_global_ctrl_iface_deinit(global->ctrl_iface);
2382
wpas_notify_supplicant_deinitialized(global);
2384
eap_peer_unregister_methods();
2386
eap_server_unregister_methods();
2387
#endif /* CONFIG_AP */
2389
for (i = 0; wpa_drivers[i] && global->drv_priv; i++) {
2390
if (!global->drv_priv[i])
2392
wpa_drivers[i]->global_deinit(global->drv_priv[i]);
2394
os_free(global->drv_priv);
2398
if (global->params.pid_file) {
2399
os_daemonize_terminate(global->params.pid_file);
2400
os_free(global->params.pid_file);
2402
os_free(global->params.ctrl_interface);
2403
os_free(global->params.override_driver);
2404
os_free(global->params.override_ctrl_interface);
2407
wpa_debug_close_syslog();
2408
wpa_debug_close_file();
2412
static void add_freq(int *freqs, int *num_freqs, int freq)
2416
for (i = 0; i < *num_freqs; i++) {
2417
if (freqs[i] == freq)
2421
freqs[*num_freqs] = freq;
2426
static int * get_bss_freqs_in_ess(struct wpa_supplicant *wpa_s)
2428
struct wpa_bss *bss, *cbss;
2429
const int max_freqs = 10;
2433
freqs = os_zalloc(sizeof(int) * (max_freqs + 1));
2437
cbss = wpa_s->current_bss;
2439
dl_list_for_each(bss, &wpa_s->bss, struct wpa_bss, list) {
2442
if (bss->ssid_len == cbss->ssid_len &&
2443
os_memcmp(bss->ssid, cbss->ssid, bss->ssid_len) == 0 &&
2444
wpa_blacklist_get(wpa_s, bss->bssid) == NULL) {
2445
add_freq(freqs, &num_freqs, bss->freq);
2446
if (num_freqs == max_freqs)
2451
if (num_freqs == 0) {
2460
void wpas_connection_failed(struct wpa_supplicant *wpa_s, const u8 *bssid)
2467
* Add the failed BSSID into the blacklist and speed up next scan
2468
* attempt if there could be other APs that could accept association.
2469
* The current blacklist count indicates how many times we have tried
2470
* connecting to this AP and multiple attempts mean that other APs are
2471
* either not available or has already been tried, so that we can start
2472
* increasing the delay here to avoid constant scanning.
2474
count = wpa_blacklist_add(wpa_s, bssid);
2475
if (count == 1 && wpa_s->current_bss) {
2477
* This BSS was not in the blacklist before. If there is
2478
* another BSS available for the same ESS, we should try that
2479
* next. Otherwise, we may as well try this one once more
2480
* before allowing other, likely worse, ESSes to be considered.
2482
freqs = get_bss_freqs_in_ess(wpa_s);
2484
wpa_printf(MSG_DEBUG, "Another BSS in this ESS has "
2485
"been seen; try it next");
2486
wpa_blacklist_add(wpa_s, bssid);
2488
* On the next scan, go through only the known channels
2489
* used in this ESS based on previous scans to speed up
2490
* common load balancing use case.
2492
os_free(wpa_s->next_scan_freqs);
2493
wpa_s->next_scan_freqs = freqs;
2512
* TODO: if more than one possible AP is available in scan results,
2513
* could try the other ones before requesting a new scan.
2515
wpa_supplicant_req_scan(wpa_s, timeout / 1000,
2516
1000 * (timeout % 1000));