~ubuntu-branches/ubuntu/precise/wpasupplicant/precise-security
» Revision
19
: .pc/0009-pmkokc-Use-PMKSA-cache-entries-with-only-a-single-network-c.patch/wpa_supplicant/wpa_supplicant.c
« back to all changes in this revision
Viewing changes to .pc/0009-pmkokc-Use-PMKSA-cache-entries-with-only-a-single-network-c.patch/wpa_supplicant/wpa_supplicant.c
- browse files at revision 19
- compare with another revision
- download diff
- download tarball
- view history from revision 19
- Committer: Package Import Robot
- Author(s): Marc Deslauriers
- Date: 2014-10-10 09:23:53 UTC
- mfrom: (18.1.2 precise-proposed)
- Revision ID: package-import@ubuntu.com-20141010092353-zo940kiyc1tqwcyi
Tags: 0.7.3-6ubuntu2.3
* SECURITY UPDATE: arbitrary command execution via unsanitized string
passed to action scripts by wpa_cli
- debian/patches/CVE-2014-3686.patch: added os_exec() helper to
src/utils/os.h, src/utils/os_unix.c, src/utils/os_win32.c,
use instead of system() in wpa_supplicant/wpa_cli.c.
- CVE-2014-3686
passed to action scripts by wpa_cli
- debian/patches/CVE-2014-3686.patch: added os_exec() helper to
src/utils/os.h, src/utils/os_unix.c, src/utils/os_win32.c,
use instead of system() in wpa_supplicant/wpa_cli.c.
- CVE-2014-3686
- files added:
- .pc/.quilt_patches
- .pc/0001-nl80211-Fix-UNSPEC-signal-quality-reporting.patch
- .pc/0001-nl80211-Fix-UNSPEC-signal-quality-reporting.patch/src
- .pc/0001-nl80211-Fix-UNSPEC-signal-quality-reporting.patch/src/drivers
- .pc/0001-pmkokc-Set-portValid-TRUE-on-association-for-driver-based-4.patch
- .pc/0001-pmkokc-Set-portValid-TRUE-on-association-for-driver-based-4.patch/wpa_supplicant
- .pc/0001-sme-fix-retry-after-auth-assoc-timeout-failure.patch
- .pc/0001-sme-fix-retry-after-auth-assoc-timeout-failure.patch/wpa_supplicant
- .pc/0002-pmkokc-Clear-WPA-and-EAPOL-state-machine-config-pointer-on-.patch
- .pc/0002-pmkokc-Clear-WPA-and-EAPOL-state-machine-config-pointer-on-.patch/wpa_supplicant
- .pc/0002-sme-optimize-recovery-from-common-load-balancing-mechanisms.patch
- .pc/0002-sme-optimize-recovery-from-common-load-balancing-mechanisms.patch/wpa_supplicant
- .pc/0003-pmkokc-Clear-driver-PMKSA-cache-entry-on-PMKSA-cache-expira.patch
- .pc/0003-pmkokc-Clear-driver-PMKSA-cache-entry-on-PMKSA-cache-expira.patch/src
- .pc/0003-pmkokc-Clear-driver-PMKSA-cache-entry-on-PMKSA-cache-expira.patch/src/rsn_supp
- .pc/0003-sme-blacklist-bss-on-first-failure-if-only-a-single-network-is-enabled.patch
- .pc/0003-sme-blacklist-bss-on-first-failure-if-only-a-single-network-is-enabled.patch/wpa_supplicant
- .pc/0004-pmkokc-Flush-PMKSA-cache-entries-and-invalidate-EAP-state-o.patch
- .pc/0004-pmkokc-Flush-PMKSA-cache-entries-and-invalidate-EAP-state-o.patch/src
- .pc/0004-pmkokc-Flush-PMKSA-cache-entries-and-invalidate-EAP-state-o.patch/src/rsn_supp
- .pc/0004-pmkokc-Flush-PMKSA-cache-entries-and-invalidate-EAP-state-o.patch/wpa_supplicant
- .pc/0004-sme-extend-load-balancing-optimization-in-bss-blacklisting.patch
- .pc/0004-sme-extend-load-balancing-optimization-in-bss-blacklisting.patch/wpa_supplicant
- .pc/0005-pmkokc-Fix-proactive_key_caching-configuration-to-WPA-code.patch
- .pc/0005-pmkokc-Fix-proactive_key_caching-configuration-to-WPA-code.patch/wpa_supplicant
- .pc/0005-pmkokc-Fix-proactive_key_caching-configuration-to-WPA-code.patch/wpa_supplicant/wpas_glue.c
- .pc/0005-sme-optimize-recovery-from-association-command-failures.patch
- .pc/0005-sme-optimize-recovery-from-association-command-failures.patch/wpa_supplicant
- .pc/0006-pmkokc-RSN-Add-a-debug-message-when-considing-addition-of-O.patch
- .pc/0006-pmkokc-RSN-Add-a-debug-message-when-considing-addition-of-O.patch/src
- .pc/0006-pmkokc-RSN-Add-a-debug-message-when-considing-addition-of-O.patch/src/rsn_supp
- .pc/0006-sme-add-timers-for-authentication-and-association.patch
- .pc/0006-sme-add-timers-for-authentication-and-association.patch/wpa_supplicant
- .pc/0007-pmkokc-Clear-OKC-based-PMKSA-caching-entries-if-PMK-is-chan.patch
- .pc/0007-pmkokc-Clear-OKC-based-PMKSA-caching-entries-if-PMK-is-chan.patch/src
- .pc/0007-pmkokc-Clear-OKC-based-PMKSA-caching-entries-if-PMK-is-chan.patch/src/rsn_supp
- .pc/0007-sme-nl80211-set-cipher-suites.patch
- .pc/0007-sme-nl80211-set-cipher-suites.patch/src
- .pc/0007-sme-nl80211-set-cipher-suites.patch/src/drivers
- .pc/0007-sme-nl80211-set-cipher-suites.patch/wpa_supplicant
- .pc/0008-pmkokc-Move-wpa_sm_remove_pmkid-call-to-PMKSA-cache-entry-f.patch
- .pc/0008-pmkokc-Move-wpa_sm_remove_pmkid-call-to-PMKSA-cache-entry-f.patch/src
- .pc/0008-pmkokc-Move-wpa_sm_remove_pmkid-call-to-PMKSA-cache-entry-f.patch/src/rsn_supp
- .pc/0009-pmkokc-Use-PMKSA-cache-entries-with-only-a-single-network-c.patch
- .pc/0009-pmkokc-Use-PMKSA-cache-entries-with-only-a-single-network-c.patch/src
- .pc/0009-pmkokc-Use-PMKSA-cache-entries-with-only-a-single-network-c.patch/src/rsn_supp
- .pc/0009-pmkokc-Use-PMKSA-cache-entries-with-only-a-single-network-c.patch/wpa_supplicant
- .pc/0010-pmkokc-PMKSA-Do-not-evict-active-cache-entry-when-adding-ne.patch
- .pc/0010-pmkokc-PMKSA-Do-not-evict-active-cache-entry-when-adding-ne.patch/src
- .pc/0010-pmkokc-PMKSA-Do-not-evict-active-cache-entry-when-adding-ne.patch/src/rsn_supp
- .pc/0011-pmkokc-PMKSA-Set-cur_pmksa-pointer-during-initial-associati.patch
- .pc/0011-pmkokc-PMKSA-Set-cur_pmksa-pointer-during-initial-associati.patch/src
- .pc/0011-pmkokc-PMKSA-Set-cur_pmksa-pointer-during-initial-associati.patch/src/rsn_supp
- .pc/0012-pmkokc-PMKSA-make-deauthentication-due-to-cache-entry-remov.patch
- .pc/0012-pmkokc-PMKSA-make-deauthentication-due-to-cache-entry-remov.patch/src
- .pc/0012-pmkokc-PMKSA-make-deauthentication-due-to-cache-entry-remov.patch/src/rsn_supp
- .pc/0013-pmkokc-PMKSA-update-current-cache-entry-due-to-association-.patch
- .pc/0013-pmkokc-PMKSA-update-current-cache-entry-due-to-association-.patch/src
- .pc/0013-pmkokc-PMKSA-update-current-cache-entry-due-to-association-.patch/src/rsn_supp
- .pc/0013-pmkokc-PMKSA-update-current-cache-entry-due-to-association-.patch/wpa_supplicant
- .pc/0013-pmkokc-PMKSA-update-current-cache-entry-due-to-association-.patch/wpa_supplicant/ibss_rsn.c
- .pc/0013-pmkokc-PMKSA-update-current-cache-entry-due-to-association-.patch/wpa_supplicant/tests
- .pc/CVE-2014-3686.patch
- .pc/CVE-2014-3686.patch/src
- .pc/CVE-2014-3686.patch/src/utils
- .pc/CVE-2014-3686.patch/wpa_supplicant
- .pc/force-enable-okc.patch
- .pc/force-enable-okc.patch/wpa_supplicant
- .pc/less-aggressive-roaming.patch
- .pc/less-aggressive-roaming.patch/wpa_supplicant
- .pc/session-ticket.patch
- .pc/session-ticket.patch/src
- .pc/session-ticket.patch/src/crypto
- .pc/wpa_supplicant-assoc-timeout.patch
- .pc/wpa_supplicant-assoc-timeout.patch/wpa_supplicant
- .pc/wpa_supplicant-dbus-null-error.patch
- .pc/wpa_supplicant-dbus-null-error.patch/wpa_supplicant
- .pc/wpa_supplicant-dbus-null-error.patch/wpa_supplicant/dbus
- .pc/wpa_supplicant-squelch-driver-disconnect-spam.patch
- .pc/wpa_supplicant-squelch-driver-disconnect-spam.patch/wpa_supplicant
- files modified:
- .pc/applied-patches
added
removed
.pc/0009-pmkokc-Use-PMKSA-cache-entries-with-only-a-single-network-c.patch/wpa_supplicant/wpa_supplicant.c
1
/*
2
* WPA Supplicant
3
* Copyright (c) 2003-2010, Jouni Malinen <j@w1.fi>
4
*
5
* This program is free software; you can redistribute it and/or modify
6
* it under the terms of the GNU General Public License version 2 as
7
* published by the Free Software Foundation.
8
*
9
* Alternatively, this software may be distributed under the terms of BSD
10
* license.
11
*
12
* See README and COPYING for more details.
13
*
14
* This file implements functions for registering and unregistering
15
* %wpa_supplicant interfaces. In addition, this file contains number of
16
* functions for managing network connections.
17
*/
18
19
#include "includes.h"
20
21
#include "common.h"
22
#include "eapol_supp/eapol_supp_sm.h"
23
#include "eap_peer/eap.h"
24
#include "eap_server/eap_methods.h"
25
#include "rsn_supp/wpa.h"
26
#include "eloop.h"
27
#include "config.h"
28
#include "l2_packet/l2_packet.h"
29
#include "wpa_supplicant_i.h"
30
#include "driver_i.h"
31
#include "ctrl_iface.h"
32
#include "pcsc_funcs.h"
33
#include "common/version.h"
34
#include "rsn_supp/preauth.h"
35
#include "rsn_supp/pmksa_cache.h"
36
#include "common/wpa_ctrl.h"
37
#include "mlme.h"
38
#include "common/ieee802_11_defs.h"
39
#include "blacklist.h"
40
#include "wpas_glue.h"
41
#include "wps_supplicant.h"
42
#include "ibss_rsn.h"
43
#include "sme.h"
44
#include "ap.h"
45
#include "notify.h"
46
#include "bgscan.h"
47
#include "bss.h"
48
#include "scan.h"
49
50
const char *wpa_supplicant_version =
51
"wpa_supplicant v" VERSION_STR "\n"
52
"Copyright (c) 2003-2010, Jouni Malinen <j@w1.fi> and contributors";
53
54
const char *wpa_supplicant_license =
55
"This program is free software. You can distribute it and/or modify it\n"
56
"under the terms of the GNU General Public License version 2.\n"
57
"\n"
58
"Alternatively, this software may be distributed under the terms of the\n"
59
"BSD license. See README and COPYING for more details.\n"
60
#ifdef EAP_TLS_OPENSSL
61
"\nThis product includes software developed by the OpenSSL Project\n"
62
"for use in the OpenSSL Toolkit (http://www.openssl.org/)\n"
63
#endif /* EAP_TLS_OPENSSL */
64
;
65
66
#ifndef CONFIG_NO_STDOUT_DEBUG
67
/* Long text divided into parts in order to fit in C89 strings size limits. */
68
const char *wpa_supplicant_full_license1 =
69
"This program is free software; you can redistribute it and/or modify\n"
70
"it under the terms of the GNU General Public License version 2 as\n"
71
"published by the Free Software Foundation.\n"
72
"\n"
73
"This program is distributed in the hope that it will be useful,\n"
74
"but WITHOUT ANY WARRANTY; without even the implied warranty of\n"
75
"MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n"
76
"GNU General Public License for more details.\n"
77
"\n";
78
const char *wpa_supplicant_full_license2 =
79
"You should have received a copy of the GNU General Public License\n"
80
"along with this program; if not, write to the Free Software\n"
81
"Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA\n"
82
"\n"
83
"Alternatively, this software may be distributed under the terms of the\n"
84
"BSD license.\n"
85
"\n"
86
"Redistribution and use in source and binary forms, with or without\n"
87
"modification, are permitted provided that the following conditions are\n"
88
"met:\n"
89
"\n";
90
const char *wpa_supplicant_full_license3 =
91
"1. Redistributions of source code must retain the above copyright\n"
92
" notice, this list of conditions and the following disclaimer.\n"
93
"\n"
94
"2. Redistributions in binary form must reproduce the above copyright\n"
95
" notice, this list of conditions and the following disclaimer in the\n"
96
" documentation and/or other materials provided with the distribution.\n"
97
"\n";
98
const char *wpa_supplicant_full_license4 =
99
"3. Neither the name(s) of the above-listed copyright holder(s) nor the\n"
100
" names of its contributors may be used to endorse or promote products\n"
101
" derived from this software without specific prior written permission.\n"
102
"\n"
103
"THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS\n"
104
"\"AS IS\" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT\n"
105
"LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR\n"
106
"A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT\n";
107
const char *wpa_supplicant_full_license5 =
108
"OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,\n"
109
"SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT\n"
110
"LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,\n"
111
"DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY\n"
112
"THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT\n"
113
"(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE\n"
114
"OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n"
115
"\n";
116
#endif /* CONFIG_NO_STDOUT_DEBUG */
117
118
extern int wpa_debug_level;
119
extern int wpa_debug_show_keys;
120
extern int wpa_debug_timestamp;
121
extern struct wpa_driver_ops *wpa_drivers[];
122
123
/* Configure default/group WEP keys for static WEP */
124
int wpa_set_wep_keys(struct wpa_supplicant *wpa_s, struct wpa_ssid *ssid)
125
{
126
int i, set = 0;
127
128
for (i = 0; i < NUM_WEP_KEYS; i++) {
129
if (ssid->wep_key_len[i] == 0)
130
continue;
131
132
set = 1;
133
wpa_drv_set_key(wpa_s, WPA_ALG_WEP,
134
(u8 *) "\xff\xff\xff\xff\xff\xff",
135
i, i == ssid->wep_tx_keyidx, (u8 *) "", 0,
136
ssid->wep_key[i], ssid->wep_key_len[i]);
137
}
138
139
return set;
140
}
141
142
143
static int wpa_supplicant_set_wpa_none_key(struct wpa_supplicant *wpa_s,
144
struct wpa_ssid *ssid)
145
{
146
u8 key[32];
147
size_t keylen;
148
enum wpa_alg alg;
149
u8 seq[6] = { 0 };
150
151
/* IBSS/WPA-None uses only one key (Group) for both receiving and
152
* sending unicast and multicast packets. */
153
154
if (ssid->mode != WPAS_MODE_IBSS) {
155
wpa_printf(MSG_INFO, "WPA: Invalid mode %d (not IBSS/ad-hoc) "
156
"for WPA-None", ssid->mode);
157
return -1;
158
}
159
160
if (!ssid->psk_set) {
161
wpa_printf(MSG_INFO, "WPA: No PSK configured for WPA-None");
162
return -1;
163
}
164
165
switch (wpa_s->group_cipher) {
166
case WPA_CIPHER_CCMP:
167
os_memcpy(key, ssid->psk, 16);
168
keylen = 16;
169
alg = WPA_ALG_CCMP;
170
break;
171
case WPA_CIPHER_TKIP:
172
/* WPA-None uses the same Michael MIC key for both TX and RX */
173
os_memcpy(key, ssid->psk, 16 + 8);
174
os_memcpy(key + 16 + 8, ssid->psk + 16, 8);
175
keylen = 32;
176
alg = WPA_ALG_TKIP;
177
break;
178
default:
179
wpa_printf(MSG_INFO, "WPA: Invalid group cipher %d for "
180
"WPA-None", wpa_s->group_cipher);
181
return -1;
182
}
183
184
/* TODO: should actually remember the previously used seq#, both for TX
185
* and RX from each STA.. */
186
187
return wpa_drv_set_key(wpa_s, alg, (u8 *) "\xff\xff\xff\xff\xff\xff",
188
0, 1, seq, 6, key, keylen);
189
}
190
191
192
static void wpa_supplicant_timeout(void *eloop_ctx, void *timeout_ctx)
193
{
194
struct wpa_supplicant *wpa_s = eloop_ctx;
195
const u8 *bssid = wpa_s->bssid;
196
if (is_zero_ether_addr(bssid))
197
bssid = wpa_s->pending_bssid;
198
wpa_msg(wpa_s, MSG_INFO, "Authentication with " MACSTR " timed out.",
199
MAC2STR(bssid));
200
wpa_blacklist_add(wpa_s, bssid);
201
wpa_sm_notify_disassoc(wpa_s->wpa);
202
wpa_supplicant_disassociate(wpa_s, WLAN_REASON_DEAUTH_LEAVING);
203
wpa_s->reassociate = 1;
204
wpa_supplicant_req_scan(wpa_s, 0, 0);
205
}
206
207
208
/**
209
* wpa_supplicant_req_auth_timeout - Schedule a timeout for authentication
210
* @wpa_s: Pointer to wpa_supplicant data
211
* @sec: Number of seconds after which to time out authentication
212
* @usec: Number of microseconds after which to time out authentication
213
*
214
* This function is used to schedule a timeout for the current authentication
215
* attempt.
216
*/
217
void wpa_supplicant_req_auth_timeout(struct wpa_supplicant *wpa_s,
218
int sec, int usec)
219
{
220
if (wpa_s->conf && wpa_s->conf->ap_scan == 0 &&
221
(wpa_s->drv_flags & WPA_DRIVER_FLAGS_WIRED))
222
return;
223
224
wpa_msg(wpa_s, MSG_DEBUG, "Setting authentication timeout: %d sec "
225
"%d usec", sec, usec);
226
eloop_cancel_timeout(wpa_supplicant_timeout, wpa_s, NULL);
227
eloop_register_timeout(sec, usec, wpa_supplicant_timeout, wpa_s, NULL);
228
}
229
230
231
/**
232
* wpa_supplicant_cancel_auth_timeout - Cancel authentication timeout
233
* @wpa_s: Pointer to wpa_supplicant data
234
*
235
* This function is used to cancel authentication timeout scheduled with
236
* wpa_supplicant_req_auth_timeout() and it is called when authentication has
237
* been completed.
238
*/
239
void wpa_supplicant_cancel_auth_timeout(struct wpa_supplicant *wpa_s)
240
{
241
wpa_msg(wpa_s, MSG_DEBUG, "Cancelling authentication timeout");
242
eloop_cancel_timeout(wpa_supplicant_timeout, wpa_s, NULL);
243
wpa_blacklist_del(wpa_s, wpa_s->bssid);
244
}
245
246
247
/**
248
* wpa_supplicant_initiate_eapol - Configure EAPOL state machine
249
* @wpa_s: Pointer to wpa_supplicant data
250
*
251
* This function is used to configure EAPOL state machine based on the selected
252
* authentication mode.
253
*/
254
void wpa_supplicant_initiate_eapol(struct wpa_supplicant *wpa_s)
255
{
256
#ifdef IEEE8021X_EAPOL
257
struct eapol_config eapol_conf;
258
struct wpa_ssid *ssid = wpa_s->current_ssid;
259
260
#ifdef CONFIG_IBSS_RSN
261
if (ssid->mode == WPAS_MODE_IBSS &&
262
wpa_s->key_mgmt != WPA_KEY_MGMT_NONE &&
263
wpa_s->key_mgmt != WPA_KEY_MGMT_WPA_NONE) {
264
/*
265
* RSN IBSS authentication is per-STA and we can disable the
266
* per-BSSID EAPOL authentication.
267
*/
268
eapol_sm_notify_portControl(wpa_s->eapol, ForceAuthorized);
269
eapol_sm_notify_eap_success(wpa_s->eapol, TRUE);
270
eapol_sm_notify_eap_fail(wpa_s->eapol, FALSE);
271
return;
272
}
273
#endif /* CONFIG_IBSS_RSN */
274
275
eapol_sm_notify_eap_success(wpa_s->eapol, FALSE);
276
eapol_sm_notify_eap_fail(wpa_s->eapol, FALSE);
277
278
if (wpa_s->key_mgmt == WPA_KEY_MGMT_NONE ||
279
wpa_s->key_mgmt == WPA_KEY_MGMT_WPA_NONE)
280
eapol_sm_notify_portControl(wpa_s->eapol, ForceAuthorized);
281
else
282
eapol_sm_notify_portControl(wpa_s->eapol, Auto);
283
284
os_memset(&eapol_conf, 0, sizeof(eapol_conf));
285
if (wpa_s->key_mgmt == WPA_KEY_MGMT_IEEE8021X_NO_WPA) {
286
eapol_conf.accept_802_1x_keys = 1;
287
eapol_conf.required_keys = 0;
288
if (ssid->eapol_flags & EAPOL_FLAG_REQUIRE_KEY_UNICAST) {
289
eapol_conf.required_keys |= EAPOL_REQUIRE_KEY_UNICAST;
290
}
291
if (ssid->eapol_flags & EAPOL_FLAG_REQUIRE_KEY_BROADCAST) {
292
eapol_conf.required_keys |=
293
EAPOL_REQUIRE_KEY_BROADCAST;
294
}
295
296
if (wpa_s->conf && (wpa_s->drv_flags & WPA_DRIVER_FLAGS_WIRED))
297
eapol_conf.required_keys = 0;
298
}
299
if (wpa_s->conf)
300
eapol_conf.fast_reauth = wpa_s->conf->fast_reauth;
301
eapol_conf.workaround = ssid->eap_workaround;
302
eapol_conf.eap_disabled =
303
!wpa_key_mgmt_wpa_ieee8021x(wpa_s->key_mgmt) &&
304
wpa_s->key_mgmt != WPA_KEY_MGMT_IEEE8021X_NO_WPA &&
305
wpa_s->key_mgmt != WPA_KEY_MGMT_WPS;
306
eapol_sm_notify_config(wpa_s->eapol, &ssid->eap, &eapol_conf);
307
#endif /* IEEE8021X_EAPOL */
308
}
309
310
311
/**
312
* wpa_supplicant_set_non_wpa_policy - Set WPA parameters to non-WPA mode
313
* @wpa_s: Pointer to wpa_supplicant data
314
* @ssid: Configuration data for the network
315
*
316
* This function is used to configure WPA state machine and related parameters
317
* to a mode where WPA is not enabled. This is called as part of the
318
* authentication configuration when the selected network does not use WPA.
319
*/
320
void wpa_supplicant_set_non_wpa_policy(struct wpa_supplicant *wpa_s,
321
struct wpa_ssid *ssid)
322
{
323
int i;
324
325
if (ssid->key_mgmt & WPA_KEY_MGMT_WPS)
326
wpa_s->key_mgmt = WPA_KEY_MGMT_WPS;
327
else if (ssid->key_mgmt & WPA_KEY_MGMT_IEEE8021X_NO_WPA)
328
wpa_s->key_mgmt = WPA_KEY_MGMT_IEEE8021X_NO_WPA;
329
else
330
wpa_s->key_mgmt = WPA_KEY_MGMT_NONE;
331
wpa_sm_set_ap_wpa_ie(wpa_s->wpa, NULL, 0);
332
wpa_sm_set_ap_rsn_ie(wpa_s->wpa, NULL, 0);
333
wpa_sm_set_assoc_wpa_ie(wpa_s->wpa, NULL, 0);
334
wpa_s->pairwise_cipher = WPA_CIPHER_NONE;
335
wpa_s->group_cipher = WPA_CIPHER_NONE;
336
wpa_s->mgmt_group_cipher = 0;
337
338
for (i = 0; i < NUM_WEP_KEYS; i++) {
339
if (ssid->wep_key_len[i] > 5) {
340
wpa_s->pairwise_cipher = WPA_CIPHER_WEP104;
341
wpa_s->group_cipher = WPA_CIPHER_WEP104;
342
break;
343
} else if (ssid->wep_key_len[i] > 0) {
344
wpa_s->pairwise_cipher = WPA_CIPHER_WEP40;
345
wpa_s->group_cipher = WPA_CIPHER_WEP40;
346
break;
347
}
348
}
349
350
wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_RSN_ENABLED, 0);
351
wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_KEY_MGMT, wpa_s->key_mgmt);
352
wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_PAIRWISE,
353
wpa_s->pairwise_cipher);
354
wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_GROUP, wpa_s->group_cipher);
355
#ifdef CONFIG_IEEE80211W
356
wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_MGMT_GROUP,
357
wpa_s->mgmt_group_cipher);
358
#endif /* CONFIG_IEEE80211W */
359
360
pmksa_cache_clear_current(wpa_s->wpa);
361
}
362
363
364
static void wpa_supplicant_cleanup(struct wpa_supplicant *wpa_s)
365
{
366
bgscan_deinit(wpa_s);
367
scard_deinit(wpa_s->scard);
368
wpa_s->scard = NULL;
369
wpa_sm_set_scard_ctx(wpa_s->wpa, NULL);
370
eapol_sm_register_scard_ctx(wpa_s->eapol, NULL);
371
l2_packet_deinit(wpa_s->l2);
372
wpa_s->l2 = NULL;
373
if (wpa_s->l2_br) {
374
l2_packet_deinit(wpa_s->l2_br);
375
wpa_s->l2_br = NULL;
376
}
377
378
if (wpa_s->ctrl_iface) {
379
wpa_supplicant_ctrl_iface_deinit(wpa_s->ctrl_iface);
380
wpa_s->ctrl_iface = NULL;
381
}
382
if (wpa_s->conf != NULL) {
383
struct wpa_ssid *ssid;
384
for (ssid = wpa_s->conf->ssid; ssid; ssid = ssid->next)
385
wpas_notify_network_removed(wpa_s, ssid);
386
wpa_config_free(wpa_s->conf);
387
wpa_s->conf = NULL;
388
}
389
390
os_free(wpa_s->confname);
391
wpa_s->confname = NULL;
392
393
wpa_sm_set_eapol(wpa_s->wpa, NULL);
394
eapol_sm_deinit(wpa_s->eapol);
395
wpa_s->eapol = NULL;
396
397
rsn_preauth_deinit(wpa_s->wpa);
398
399
pmksa_candidate_free(wpa_s->wpa);
400
wpa_sm_deinit(wpa_s->wpa);
401
wpa_s->wpa = NULL;
402
wpa_blacklist_clear(wpa_s);
403
404
wpa_bss_deinit(wpa_s);
405
406
wpa_supplicant_cancel_scan(wpa_s);
407
wpa_supplicant_cancel_auth_timeout(wpa_s);
408
409
ieee80211_sta_deinit(wpa_s);
410
411
wpas_wps_deinit(wpa_s);
412
413
wpabuf_free(wpa_s->pending_eapol_rx);
414
wpa_s->pending_eapol_rx = NULL;
415
416
#ifdef CONFIG_IBSS_RSN
417
ibss_rsn_deinit(wpa_s->ibss_rsn);
418
wpa_s->ibss_rsn = NULL;
419
#endif /* CONFIG_IBSS_RSN */
420
421
sme_deinit(wpa_s);
422
423
#ifdef CONFIG_AP
424
wpa_supplicant_ap_deinit(wpa_s);
425
#endif /* CONFIG_AP */
426
427
os_free(wpa_s->next_scan_freqs);
428
wpa_s->next_scan_freqs = NULL;
429
}
430
431
432
/**
433
* wpa_clear_keys - Clear keys configured for the driver
434
* @wpa_s: Pointer to wpa_supplicant data
435
* @addr: Previously used BSSID or %NULL if not available
436
*
437
* This function clears the encryption keys that has been previously configured
438
* for the driver.
439
*/
440
void wpa_clear_keys(struct wpa_supplicant *wpa_s, const u8 *addr)
441
{
442
u8 *bcast = (u8 *) "\xff\xff\xff\xff\xff\xff";
443
444
if (wpa_s->keys_cleared) {
445
/* Some drivers (e.g., ndiswrapper & NDIS drivers) seem to have
446
* timing issues with keys being cleared just before new keys
447
* are set or just after association or something similar. This
448
* shows up in group key handshake failing often because of the
449
* client not receiving the first encrypted packets correctly.
450
* Skipping some of the extra key clearing steps seems to help
451
* in completing group key handshake more reliably. */
452
wpa_printf(MSG_DEBUG, "No keys have been configured - "
453
"skip key clearing");
454
return;
455
}
456
457
/* MLME-DELETEKEYS.request */
458
wpa_drv_set_key(wpa_s, WPA_ALG_NONE, bcast, 0, 0, NULL, 0, NULL, 0);
459
wpa_drv_set_key(wpa_s, WPA_ALG_NONE, bcast, 1, 0, NULL, 0, NULL, 0);
460
wpa_drv_set_key(wpa_s, WPA_ALG_NONE, bcast, 2, 0, NULL, 0, NULL, 0);
461
wpa_drv_set_key(wpa_s, WPA_ALG_NONE, bcast, 3, 0, NULL, 0, NULL, 0);
462
#ifdef CONFIG_IEEE80211W
463
wpa_drv_set_key(wpa_s, WPA_ALG_NONE, bcast, 4, 0, NULL, 0, NULL, 0);
464
wpa_drv_set_key(wpa_s, WPA_ALG_NONE, bcast, 5, 0, NULL, 0, NULL, 0);
465
#endif /* CONFIG_IEEE80211W */
466
if (addr) {
467
wpa_drv_set_key(wpa_s, WPA_ALG_NONE, addr, 0, 0, NULL, 0, NULL,
468
0);
469
/* MLME-SETPROTECTION.request(None) */
470
wpa_drv_mlme_setprotection(
471
wpa_s, addr,
472
MLME_SETPROTECTION_PROTECT_TYPE_NONE,
473
MLME_SETPROTECTION_KEY_TYPE_PAIRWISE);
474
}
475
wpa_s->keys_cleared = 1;
476
}
477
478
479
/**
480
* wpa_supplicant_state_txt - Get the connection state name as a text string
481
* @state: State (wpa_state; WPA_*)
482
* Returns: The state name as a printable text string
483
*/
484
const char * wpa_supplicant_state_txt(enum wpa_states state)
485
{
486
switch (state) {
487
case WPA_DISCONNECTED:
488
return "DISCONNECTED";
489
case WPA_INACTIVE:
490
return "INACTIVE";
491
case WPA_SCANNING:
492
return "SCANNING";
493
case WPA_AUTHENTICATING:
494
return "AUTHENTICATING";
495
case WPA_ASSOCIATING:
496
return "ASSOCIATING";
497
case WPA_ASSOCIATED:
498
return "ASSOCIATED";
499
case WPA_4WAY_HANDSHAKE:
500
return "4WAY_HANDSHAKE";
501
case WPA_GROUP_HANDSHAKE:
502
return "GROUP_HANDSHAKE";
503
case WPA_COMPLETED:
504
return "COMPLETED";
505
default:
506
return "UNKNOWN";
507
}
508
}
509
510
511
/**
512
* wpa_supplicant_set_state - Set current connection state
513
* @wpa_s: Pointer to wpa_supplicant data
514
* @state: The new connection state
515
*
516
* This function is called whenever the connection state changes, e.g.,
517
* association is completed for WPA/WPA2 4-Way Handshake is started.
518
*/
519
void wpa_supplicant_set_state(struct wpa_supplicant *wpa_s,
520
enum wpa_states state)
521
{
522
enum wpa_states old_state = wpa_s->wpa_state;
523
524
wpa_printf(MSG_DEBUG, "State: %s -> %s",
525
wpa_supplicant_state_txt(wpa_s->wpa_state),
526
wpa_supplicant_state_txt(state));
527
528
if (state != WPA_SCANNING)
529
wpa_supplicant_notify_scanning(wpa_s, 0);
530
531
if (state == WPA_COMPLETED && wpa_s->new_connection) {
532
#if defined(CONFIG_CTRL_IFACE) || !defined(CONFIG_NO_STDOUT_DEBUG)
533
struct wpa_ssid *ssid = wpa_s->current_ssid;
534
wpa_msg(wpa_s, MSG_INFO, WPA_EVENT_CONNECTED "- Connection to "
535
MACSTR " completed %s [id=%d id_str=%s]",
536
MAC2STR(wpa_s->bssid), wpa_s->reassociated_connection ?
537
"(reauth)" : "(auth)",
538
ssid ? ssid->id : -1,
539
ssid && ssid->id_str ? ssid->id_str : "");
540
#endif /* CONFIG_CTRL_IFACE || !CONFIG_NO_STDOUT_DEBUG */
541
wpa_s->new_connection = 0;
542
wpa_s->reassociated_connection = 1;
543
wpa_drv_set_operstate(wpa_s, 1);
544
wpa_s->after_wps = 0;
545
} else if (state == WPA_DISCONNECTED || state == WPA_ASSOCIATING ||
546
state == WPA_ASSOCIATED) {
547
wpa_s->new_connection = 1;
548
wpa_drv_set_operstate(wpa_s, 0);
549
}
550
wpa_s->wpa_state = state;
551
552
if (wpa_s->wpa_state != old_state)
553
wpas_notify_state_changed(wpa_s, wpa_s->wpa_state, old_state);
554
}
555
556
557
void wpa_supplicant_terminate_proc(struct wpa_global *global)
558
{
559
int pending = 0;
560
#ifdef CONFIG_WPS
561
struct wpa_supplicant *wpa_s = global->ifaces;
562
while (wpa_s) {
563
if (wpas_wps_terminate_pending(wpa_s) == 1)
564
pending = 1;
565
wpa_s = wpa_s->next;
566
}
567
#endif /* CONFIG_WPS */
568
if (pending)
569
return;
570
eloop_terminate();
571
}
572
573
574
static void wpa_supplicant_terminate(int sig, void *signal_ctx)
575
{
576
struct wpa_global *global = signal_ctx;
577
struct wpa_supplicant *wpa_s;
578
for (wpa_s = global->ifaces; wpa_s; wpa_s = wpa_s->next) {
579
wpa_msg(wpa_s, MSG_INFO, WPA_EVENT_TERMINATING "- signal %d "
580
"received", sig);
581
}
582
wpa_supplicant_terminate_proc(global);
583
}
584
585
586
static void wpa_supplicant_clear_status(struct wpa_supplicant *wpa_s)
587
{
588
enum wpa_states old_state = wpa_s->wpa_state;
589
590
wpa_s->pairwise_cipher = 0;
591
wpa_s->group_cipher = 0;
592
wpa_s->mgmt_group_cipher = 0;
593
wpa_s->key_mgmt = 0;
594
wpa_s->wpa_state = WPA_DISCONNECTED;
595
596
if (wpa_s->wpa_state != old_state)
597
wpas_notify_state_changed(wpa_s, wpa_s->wpa_state, old_state);
598
}
599
600
601
/**
602
* wpa_supplicant_reload_configuration - Reload configuration data
603
* @wpa_s: Pointer to wpa_supplicant data
604
* Returns: 0 on success or -1 if configuration parsing failed
605
*
606
* This function can be used to request that the configuration data is reloaded
607
* (e.g., after configuration file change). This function is reloading
608
* configuration only for one interface, so this may need to be called multiple
609
* times if %wpa_supplicant is controlling multiple interfaces and all
610
* interfaces need reconfiguration.
611
*/
612
int wpa_supplicant_reload_configuration(struct wpa_supplicant *wpa_s)
613
{
614
struct wpa_config *conf;
615
struct wpa_ssid *old_ssid;
616
int reconf_ctrl;
617
int old_ap_scan;
618
619
if (wpa_s->confname == NULL)
620
return -1;
621
conf = wpa_config_read(wpa_s->confname);
622
if (conf == NULL) {
623
wpa_msg(wpa_s, MSG_ERROR, "Failed to parse the configuration "
624
"file '%s' - exiting", wpa_s->confname);
625
return -1;
626
}
627
628
reconf_ctrl = !!conf->ctrl_interface != !!wpa_s->conf->ctrl_interface
629
|| (conf->ctrl_interface && wpa_s->conf->ctrl_interface &&
630
os_strcmp(conf->ctrl_interface,
631
wpa_s->conf->ctrl_interface) != 0);
632
633
if (reconf_ctrl && wpa_s->ctrl_iface) {
634
wpa_supplicant_ctrl_iface_deinit(wpa_s->ctrl_iface);
635
wpa_s->ctrl_iface = NULL;
636
}
637
638
eapol_sm_invalidate_cached_session(wpa_s->eapol);
639
old_ssid = wpa_s->current_ssid;
640
wpa_s->current_ssid = NULL;
641
if (old_ssid != wpa_s->current_ssid)
642
wpas_notify_network_changed(wpa_s);
643
644
/*
645
* TODO: should notify EAPOL SM about changes in opensc_engine_path,
646
* pkcs11_engine_path, pkcs11_module_path.
647
*/
648
if (wpa_key_mgmt_wpa_psk(wpa_s->key_mgmt)) {
649
/*
650
* Clear forced success to clear EAP state for next
651
* authentication.
652
*/
653
eapol_sm_notify_eap_success(wpa_s->eapol, FALSE);
654
}
655
eapol_sm_notify_config(wpa_s->eapol, NULL, NULL);
656
wpa_sm_set_config(wpa_s->wpa, NULL);
657
wpa_sm_pmksa_cache_flush(wpa_s->wpa, NULL);
658
wpa_sm_set_fast_reauth(wpa_s->wpa, wpa_s->conf->fast_reauth);
659
rsn_preauth_deinit(wpa_s->wpa);
660
661
old_ap_scan = wpa_s->conf->ap_scan;
662
wpa_config_free(wpa_s->conf);
663
wpa_s->conf = conf;
664
if (old_ap_scan != wpa_s->conf->ap_scan)
665
wpas_notify_ap_scan_changed(wpa_s);
666
667
if (reconf_ctrl)
668
wpa_s->ctrl_iface = wpa_supplicant_ctrl_iface_init(wpa_s);
669
670
wpa_supplicant_clear_status(wpa_s);
671
wpa_s->reassociate = 1;
672
wpa_supplicant_req_scan(wpa_s, 0, 0);
673
wpa_msg(wpa_s, MSG_DEBUG, "Reconfiguration completed");
674
return 0;
675
}
676
677
678
static void wpa_supplicant_reconfig(int sig, void *signal_ctx)
679
{
680
struct wpa_global *global = signal_ctx;
681
struct wpa_supplicant *wpa_s;
682
wpa_printf(MSG_DEBUG, "Signal %d received - reconfiguring", sig);
683
for (wpa_s = global->ifaces; wpa_s; wpa_s = wpa_s->next) {
684
if (wpa_supplicant_reload_configuration(wpa_s) < 0) {
685
wpa_supplicant_terminate_proc(global);
686
}
687
}
688
}
689
690
691
enum wpa_cipher cipher_suite2driver(int cipher)
692
{
693
switch (cipher) {
694
case WPA_CIPHER_NONE:
695
return CIPHER_NONE;
696
case WPA_CIPHER_WEP40:
697
return CIPHER_WEP40;
698
case WPA_CIPHER_WEP104:
699
return CIPHER_WEP104;
700
case WPA_CIPHER_CCMP:
701
return CIPHER_CCMP;
702
case WPA_CIPHER_TKIP:
703
default:
704
return CIPHER_TKIP;
705
}
706
}
707
708
709
enum wpa_key_mgmt key_mgmt2driver(int key_mgmt)
710
{
711
switch (key_mgmt) {
712
case WPA_KEY_MGMT_NONE:
713
return KEY_MGMT_NONE;
714
case WPA_KEY_MGMT_IEEE8021X_NO_WPA:
715
return KEY_MGMT_802_1X_NO_WPA;
716
case WPA_KEY_MGMT_IEEE8021X:
717
return KEY_MGMT_802_1X;
718
case WPA_KEY_MGMT_WPA_NONE:
719
return KEY_MGMT_WPA_NONE;
720
case WPA_KEY_MGMT_FT_IEEE8021X:
721
return KEY_MGMT_FT_802_1X;
722
case WPA_KEY_MGMT_FT_PSK:
723
return KEY_MGMT_FT_PSK;
724
case WPA_KEY_MGMT_IEEE8021X_SHA256:
725
return KEY_MGMT_802_1X_SHA256;
726
case WPA_KEY_MGMT_PSK_SHA256:
727
return KEY_MGMT_PSK_SHA256;
728
case WPA_KEY_MGMT_WPS:
729
return KEY_MGMT_WPS;
730
case WPA_KEY_MGMT_PSK:
731
default:
732
return KEY_MGMT_PSK;
733
}
734
}
735
736
737
static int wpa_supplicant_suites_from_ai(struct wpa_supplicant *wpa_s,
738
struct wpa_ssid *ssid,
739
struct wpa_ie_data *ie)
740
{
741
int ret = wpa_sm_parse_own_wpa_ie(wpa_s->wpa, ie);
742
if (ret) {
743
if (ret == -2) {
744
wpa_msg(wpa_s, MSG_INFO, "WPA: Failed to parse WPA IE "
745
"from association info");
746
}
747
return -1;
748
}
749
750
wpa_printf(MSG_DEBUG, "WPA: Using WPA IE from AssocReq to set cipher "
751
"suites");
752
if (!(ie->group_cipher & ssid->group_cipher)) {
753
wpa_msg(wpa_s, MSG_INFO, "WPA: Driver used disabled group "
754
"cipher 0x%x (mask 0x%x) - reject",
755
ie->group_cipher, ssid->group_cipher);
756
return -1;
757
}
758
if (!(ie->pairwise_cipher & ssid->pairwise_cipher)) {
759
wpa_msg(wpa_s, MSG_INFO, "WPA: Driver used disabled pairwise "
760
"cipher 0x%x (mask 0x%x) - reject",
761
ie->pairwise_cipher, ssid->pairwise_cipher);
762
return -1;
763
}
764
if (!(ie->key_mgmt & ssid->key_mgmt)) {
765
wpa_msg(wpa_s, MSG_INFO, "WPA: Driver used disabled key "
766
"management 0x%x (mask 0x%x) - reject",
767
ie->key_mgmt, ssid->key_mgmt);
768
return -1;
769
}
770
771
#ifdef CONFIG_IEEE80211W
772
if (!(ie->capabilities & WPA_CAPABILITY_MFPC) &&
773
ssid->ieee80211w == MGMT_FRAME_PROTECTION_REQUIRED) {
774
wpa_msg(wpa_s, MSG_INFO, "WPA: Driver associated with an AP "
775
"that does not support management frame protection - "
776
"reject");
777
return -1;
778
}
779
#endif /* CONFIG_IEEE80211W */
780
781
return 0;
782
}
783
784
785
/**
786
* wpa_supplicant_set_suites - Set authentication and encryption parameters
787
* @wpa_s: Pointer to wpa_supplicant data
788
* @bss: Scan results for the selected BSS, or %NULL if not available
789
* @ssid: Configuration data for the selected network
790
* @wpa_ie: Buffer for the WPA/RSN IE
791
* @wpa_ie_len: Maximum wpa_ie buffer size on input. This is changed to be the
792
* used buffer length in case the functions returns success.
793
* Returns: 0 on success or -1 on failure
794
*
795
* This function is used to configure authentication and encryption parameters
796
* based on the network configuration and scan result for the selected BSS (if
797
* available).
798
*/
799
int wpa_supplicant_set_suites(struct wpa_supplicant *wpa_s,
800
struct wpa_bss *bss, struct wpa_ssid *ssid,
801
u8 *wpa_ie, size_t *wpa_ie_len)
802
{
803
struct wpa_ie_data ie;
804
int sel, proto;
805
const u8 *bss_wpa, *bss_rsn;
806
807
if (bss) {
808
bss_wpa = wpa_bss_get_vendor_ie(bss, WPA_IE_VENDOR_TYPE);
809
bss_rsn = wpa_bss_get_ie(bss, WLAN_EID_RSN);
810
} else
811
bss_wpa = bss_rsn = NULL;
812
813
if (bss_rsn && (ssid->proto & WPA_PROTO_RSN) &&
814
wpa_parse_wpa_ie(bss_rsn, 2 + bss_rsn[1], &ie) == 0 &&
815
(ie.group_cipher & ssid->group_cipher) &&
816
(ie.pairwise_cipher & ssid->pairwise_cipher) &&
817
(ie.key_mgmt & ssid->key_mgmt)) {
818
wpa_msg(wpa_s, MSG_DEBUG, "RSN: using IEEE 802.11i/D9.0");
819
proto = WPA_PROTO_RSN;
820
} else if (bss_wpa && (ssid->proto & WPA_PROTO_WPA) &&
821
wpa_parse_wpa_ie(bss_wpa, 2 +bss_wpa[1], &ie) == 0 &&
822
(ie.group_cipher & ssid->group_cipher) &&
823
(ie.pairwise_cipher & ssid->pairwise_cipher) &&
824
(ie.key_mgmt & ssid->key_mgmt)) {
825
wpa_msg(wpa_s, MSG_DEBUG, "WPA: using IEEE 802.11i/D3.0");
826
proto = WPA_PROTO_WPA;
827
} else if (bss) {
828
wpa_msg(wpa_s, MSG_WARNING, "WPA: Failed to select WPA/RSN");
829
return -1;
830
} else {
831
if (ssid->proto & WPA_PROTO_RSN)
832
proto = WPA_PROTO_RSN;
833
else
834
proto = WPA_PROTO_WPA;
835
if (wpa_supplicant_suites_from_ai(wpa_s, ssid, &ie) < 0) {
836
os_memset(&ie, 0, sizeof(ie));
837
ie.group_cipher = ssid->group_cipher;
838
ie.pairwise_cipher = ssid->pairwise_cipher;
839
ie.key_mgmt = ssid->key_mgmt;
840
#ifdef CONFIG_IEEE80211W
841
ie.mgmt_group_cipher =
842
ssid->ieee80211w != NO_MGMT_FRAME_PROTECTION ?
843
WPA_CIPHER_AES_128_CMAC : 0;
844
#endif /* CONFIG_IEEE80211W */
845
wpa_printf(MSG_DEBUG, "WPA: Set cipher suites based "
846
"on configuration");
847
} else
848
proto = ie.proto;
849
}
850
851
wpa_printf(MSG_DEBUG, "WPA: Selected cipher suites: group %d "
852
"pairwise %d key_mgmt %d proto %d",
853
ie.group_cipher, ie.pairwise_cipher, ie.key_mgmt, proto);
854
#ifdef CONFIG_IEEE80211W
855
if (ssid->ieee80211w) {
856
wpa_printf(MSG_DEBUG, "WPA: Selected mgmt group cipher %d",
857
ie.mgmt_group_cipher);
858
}
859
#endif /* CONFIG_IEEE80211W */
860
861
wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_PROTO, proto);
862
wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_RSN_ENABLED,
863
!!(ssid->proto & WPA_PROTO_RSN));
864
865
if (bss || !wpa_s->ap_ies_from_associnfo) {
866
if (wpa_sm_set_ap_wpa_ie(wpa_s->wpa, bss_wpa,
867
bss_wpa ? 2 + bss_wpa[1] : 0) ||
868
wpa_sm_set_ap_rsn_ie(wpa_s->wpa, bss_rsn,
869
bss_rsn ? 2 + bss_rsn[1] : 0))
870
return -1;
871
}
872
873
sel = ie.group_cipher & ssid->group_cipher;
874
if (sel & WPA_CIPHER_CCMP) {
875
wpa_s->group_cipher = WPA_CIPHER_CCMP;
876
wpa_msg(wpa_s, MSG_DEBUG, "WPA: using GTK CCMP");
877
} else if (sel & WPA_CIPHER_TKIP) {
878
wpa_s->group_cipher = WPA_CIPHER_TKIP;
879
wpa_msg(wpa_s, MSG_DEBUG, "WPA: using GTK TKIP");
880
} else if (sel & WPA_CIPHER_WEP104) {
881
wpa_s->group_cipher = WPA_CIPHER_WEP104;
882
wpa_msg(wpa_s, MSG_DEBUG, "WPA: using GTK WEP104");
883
} else if (sel & WPA_CIPHER_WEP40) {
884
wpa_s->group_cipher = WPA_CIPHER_WEP40;
885
wpa_msg(wpa_s, MSG_DEBUG, "WPA: using GTK WEP40");
886
} else {
887
wpa_printf(MSG_WARNING, "WPA: Failed to select group cipher.");
888
return -1;
889
}
890
891
sel = ie.pairwise_cipher & ssid->pairwise_cipher;
892
if (sel & WPA_CIPHER_CCMP) {
893
wpa_s->pairwise_cipher = WPA_CIPHER_CCMP;
894
wpa_msg(wpa_s, MSG_DEBUG, "WPA: using PTK CCMP");
895
} else if (sel & WPA_CIPHER_TKIP) {
896
wpa_s->pairwise_cipher = WPA_CIPHER_TKIP;
897
wpa_msg(wpa_s, MSG_DEBUG, "WPA: using PTK TKIP");
898
} else if (sel & WPA_CIPHER_NONE) {
899
wpa_s->pairwise_cipher = WPA_CIPHER_NONE;
900
wpa_msg(wpa_s, MSG_DEBUG, "WPA: using PTK NONE");
901
} else {
902
wpa_printf(MSG_WARNING, "WPA: Failed to select pairwise "
903
"cipher.");
904
return -1;
905
}
906
907
sel = ie.key_mgmt & ssid->key_mgmt;
908
if (0) {
909
#ifdef CONFIG_IEEE80211R
910
} else if (sel & WPA_KEY_MGMT_FT_IEEE8021X) {
911
wpa_s->key_mgmt = WPA_KEY_MGMT_FT_IEEE8021X;
912
wpa_msg(wpa_s, MSG_DEBUG, "WPA: using KEY_MGMT FT/802.1X");
913
} else if (sel & WPA_KEY_MGMT_FT_PSK) {
914
wpa_s->key_mgmt = WPA_KEY_MGMT_FT_PSK;
915
wpa_msg(wpa_s, MSG_DEBUG, "WPA: using KEY_MGMT FT/PSK");
916
#endif /* CONFIG_IEEE80211R */
917
#ifdef CONFIG_IEEE80211W
918
} else if (sel & WPA_KEY_MGMT_IEEE8021X_SHA256) {
919
wpa_s->key_mgmt = WPA_KEY_MGMT_IEEE8021X_SHA256;
920
wpa_msg(wpa_s, MSG_DEBUG,
921
"WPA: using KEY_MGMT 802.1X with SHA256");
922
} else if (sel & WPA_KEY_MGMT_PSK_SHA256) {
923
wpa_s->key_mgmt = WPA_KEY_MGMT_PSK_SHA256;
924
wpa_msg(wpa_s, MSG_DEBUG,
925
"WPA: using KEY_MGMT PSK with SHA256");
926
#endif /* CONFIG_IEEE80211W */
927
} else if (sel & WPA_KEY_MGMT_IEEE8021X) {
928
wpa_s->key_mgmt = WPA_KEY_MGMT_IEEE8021X;
929
wpa_msg(wpa_s, MSG_DEBUG, "WPA: using KEY_MGMT 802.1X");
930
} else if (sel & WPA_KEY_MGMT_PSK) {
931
wpa_s->key_mgmt = WPA_KEY_MGMT_PSK;
932
wpa_msg(wpa_s, MSG_DEBUG, "WPA: using KEY_MGMT WPA-PSK");
933
} else if (sel & WPA_KEY_MGMT_WPA_NONE) {
934
wpa_s->key_mgmt = WPA_KEY_MGMT_WPA_NONE;
935
wpa_msg(wpa_s, MSG_DEBUG, "WPA: using KEY_MGMT WPA-NONE");
936
} else {
937
wpa_printf(MSG_WARNING, "WPA: Failed to select authenticated "
938
"key management type.");
939
return -1;
940
}
941
942
wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_KEY_MGMT, wpa_s->key_mgmt);
943
wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_PAIRWISE,
944
wpa_s->pairwise_cipher);
945
wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_GROUP, wpa_s->group_cipher);
946
947
#ifdef CONFIG_IEEE80211W
948
sel = ie.mgmt_group_cipher;
949
if (ssid->ieee80211w == NO_MGMT_FRAME_PROTECTION ||
950
!(ie.capabilities & WPA_CAPABILITY_MFPC))
951
sel = 0;
952
if (sel & WPA_CIPHER_AES_128_CMAC) {
953
wpa_s->mgmt_group_cipher = WPA_CIPHER_AES_128_CMAC;
954
wpa_msg(wpa_s, MSG_DEBUG, "WPA: using MGMT group cipher "
955
"AES-128-CMAC");
956
} else {
957
wpa_s->mgmt_group_cipher = 0;
958
wpa_msg(wpa_s, MSG_DEBUG, "WPA: not using MGMT group cipher");
959
}
960
wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_MGMT_GROUP,
961
wpa_s->mgmt_group_cipher);
962
wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_MFP, ssid->ieee80211w);
963
#endif /* CONFIG_IEEE80211W */
964
965
if (wpa_sm_set_assoc_wpa_ie_default(wpa_s->wpa, wpa_ie, wpa_ie_len)) {
966
wpa_printf(MSG_WARNING, "WPA: Failed to generate WPA IE.");
967
return -1;
968
}
969
970
if (ssid->key_mgmt &
971
(WPA_KEY_MGMT_PSK | WPA_KEY_MGMT_FT_PSK | WPA_KEY_MGMT_PSK_SHA256))
972
wpa_sm_set_pmk(wpa_s->wpa, ssid->psk, PMK_LEN);
973
else
974
wpa_sm_set_pmk_from_pmksa(wpa_s->wpa);
975
976
return 0;
977
}
978
979
980
/**
981
* wpa_supplicant_associate - Request association
982
* @wpa_s: Pointer to wpa_supplicant data
983
* @bss: Scan results for the selected BSS, or %NULL if not available
984
* @ssid: Configuration data for the selected network
985
*
986
* This function is used to request %wpa_supplicant to associate with a BSS.
987
*/
988
void wpa_supplicant_associate(struct wpa_supplicant *wpa_s,
989
struct wpa_bss *bss, struct wpa_ssid *ssid)
990
{
991
u8 wpa_ie[80];
992
size_t wpa_ie_len;
993
int use_crypt, ret, i, bssid_changed;
994
int algs = WPA_AUTH_ALG_OPEN;
995
enum wpa_cipher cipher_pairwise, cipher_group;
996
struct wpa_driver_associate_params params;
997
int wep_keys_set = 0;
998
struct wpa_driver_capa capa;
999
int assoc_failed = 0;
1000
struct wpa_ssid *old_ssid;
1001
1002
if (ssid->mode == WPAS_MODE_AP) {
1003
#ifdef CONFIG_AP
1004
if (!(wpa_s->drv_flags & WPA_DRIVER_FLAGS_AP)) {
1005
wpa_printf(MSG_INFO, "Driver does not support AP "
1006
"mode");
1007
return;
1008
}
1009
wpa_supplicant_create_ap(wpa_s, ssid);
1010
wpa_s->current_bss = bss;
1011
#else /* CONFIG_AP */
1012
wpa_printf(MSG_ERROR, "AP mode support not included in the "
1013
"build");
1014
#endif /* CONFIG_AP */
1015
return;
1016
}
1017
1018
if ((wpa_s->drv_flags & WPA_DRIVER_FLAGS_SME) &&
1019
ssid->mode == IEEE80211_MODE_INFRA) {
1020
sme_authenticate(wpa_s, bss, ssid);
1021
return;
1022
}
1023
1024
wpa_s->reassociate = 0;
1025
if (bss) {
1026
#ifdef CONFIG_IEEE80211R
1027
const u8 *ie, *md = NULL;
1028
#endif /* CONFIG_IEEE80211R */
1029
wpa_msg(wpa_s, MSG_INFO, "Trying to associate with " MACSTR
1030
" (SSID='%s' freq=%d MHz)", MAC2STR(bss->bssid),
1031
wpa_ssid_txt(bss->ssid, bss->ssid_len), bss->freq);
1032
bssid_changed = !is_zero_ether_addr(wpa_s->bssid);
1033
os_memset(wpa_s->bssid, 0, ETH_ALEN);
1034
os_memcpy(wpa_s->pending_bssid, bss->bssid, ETH_ALEN);
1035
if (bssid_changed)
1036
wpas_notify_bssid_changed(wpa_s);
1037
#ifdef CONFIG_IEEE80211R
1038
ie = wpa_bss_get_ie(bss, WLAN_EID_MOBILITY_DOMAIN);
1039
if (ie && ie[1] >= MOBILITY_DOMAIN_ID_LEN)
1040
md = ie + 2;
1041
wpa_sm_set_ft_params(wpa_s->wpa, ie, ie ? 2 + ie[1] : 0);
1042
if (md) {
1043
/* Prepare for the next transition */
1044
wpa_ft_prepare_auth_request(wpa_s->wpa, ie);
1045
}
1046
#endif /* CONFIG_IEEE80211R */
1047
#ifdef CONFIG_WPS
1048
} else if ((ssid->ssid == NULL || ssid->ssid_len == 0) &&
1049
wpa_s->conf->ap_scan == 2 &&
1050
(ssid->key_mgmt & WPA_KEY_MGMT_WPS)) {
1051
/* Use ap_scan==1 style network selection to find the network
1052
*/
1053
wpa_s->scan_req = 2;
1054
wpa_s->reassociate = 1;
1055
wpa_supplicant_req_scan(wpa_s, 0, 0);
1056
return;
1057
#endif /* CONFIG_WPS */
1058
} else {
1059
wpa_msg(wpa_s, MSG_INFO, "Trying to associate with SSID '%s'",
1060
wpa_ssid_txt(ssid->ssid, ssid->ssid_len));
1061
os_memset(wpa_s->pending_bssid, 0, ETH_ALEN);
1062
}
1063
wpa_supplicant_cancel_scan(wpa_s);
1064
1065
/* Starting new association, so clear the possibly used WPA IE from the
1066
* previous association. */
1067
wpa_sm_set_assoc_wpa_ie(wpa_s->wpa, NULL, 0);
1068
1069
#ifdef IEEE8021X_EAPOL
1070
if (ssid->key_mgmt & WPA_KEY_MGMT_IEEE8021X_NO_WPA) {
1071
if (ssid->leap) {
1072
if (ssid->non_leap == 0)
1073
algs = WPA_AUTH_ALG_LEAP;
1074
else
1075
algs |= WPA_AUTH_ALG_LEAP;
1076
}
1077
}
1078
#endif /* IEEE8021X_EAPOL */
1079
wpa_printf(MSG_DEBUG, "Automatic auth_alg selection: 0x%x", algs);
1080
if (ssid->auth_alg) {
1081
algs = ssid->auth_alg;
1082
wpa_printf(MSG_DEBUG, "Overriding auth_alg selection: 0x%x",
1083
algs);
1084
}
1085
1086
if (bss && (wpa_bss_get_vendor_ie(bss, WPA_IE_VENDOR_TYPE) ||
1087
wpa_bss_get_ie(bss, WLAN_EID_RSN)) &&
1088
(ssid->key_mgmt & (WPA_KEY_MGMT_IEEE8021X | WPA_KEY_MGMT_PSK |
1089
WPA_KEY_MGMT_FT_IEEE8021X |
1090
WPA_KEY_MGMT_FT_PSK |
1091
WPA_KEY_MGMT_IEEE8021X_SHA256 |
1092
WPA_KEY_MGMT_PSK_SHA256))) {
1093
int try_opportunistic;
1094
try_opportunistic = ssid->proactive_key_caching &&
1095
(ssid->proto & WPA_PROTO_RSN);
1096
if (pmksa_cache_set_current(wpa_s->wpa, NULL, bss->bssid,
1097
wpa_s->current_ssid,
1098
try_opportunistic) == 0)
1099
eapol_sm_notify_pmkid_attempt(wpa_s->eapol, 1);
1100
wpa_ie_len = sizeof(wpa_ie);
1101
if (wpa_supplicant_set_suites(wpa_s, bss, ssid,
1102
wpa_ie, &wpa_ie_len)) {
1103
wpa_printf(MSG_WARNING, "WPA: Failed to set WPA key "
1104
"management and encryption suites");
1105
return;
1106
}
1107
} else if (ssid->key_mgmt &
1108
(WPA_KEY_MGMT_PSK | WPA_KEY_MGMT_IEEE8021X |
1109
WPA_KEY_MGMT_WPA_NONE | WPA_KEY_MGMT_FT_PSK |
1110
WPA_KEY_MGMT_FT_IEEE8021X | WPA_KEY_MGMT_PSK_SHA256 |
1111
WPA_KEY_MGMT_IEEE8021X_SHA256)) {
1112
wpa_ie_len = sizeof(wpa_ie);
1113
if (wpa_supplicant_set_suites(wpa_s, NULL, ssid,
1114
wpa_ie, &wpa_ie_len)) {
1115
wpa_printf(MSG_WARNING, "WPA: Failed to set WPA key "
1116
"management and encryption suites (no scan "
1117
"results)");
1118
return;
1119
}
1120
#ifdef CONFIG_WPS
1121
} else if (ssid->key_mgmt & WPA_KEY_MGMT_WPS) {
1122
struct wpabuf *wps_ie;
1123
wps_ie = wps_build_assoc_req_ie(wpas_wps_get_req_type(ssid));
1124
if (wps_ie && wpabuf_len(wps_ie) <= sizeof(wpa_ie)) {
1125
wpa_ie_len = wpabuf_len(wps_ie);
1126
os_memcpy(wpa_ie, wpabuf_head(wps_ie), wpa_ie_len);
1127
} else
1128
wpa_ie_len = 0;
1129
wpabuf_free(wps_ie);
1130
wpa_supplicant_set_non_wpa_policy(wpa_s, ssid);
1131
#endif /* CONFIG_WPS */
1132
} else {
1133
wpa_supplicant_set_non_wpa_policy(wpa_s, ssid);
1134
wpa_ie_len = 0;
1135
}
1136
1137
wpa_clear_keys(wpa_s, bss ? bss->bssid : NULL);
1138
use_crypt = 1;
1139
cipher_pairwise = cipher_suite2driver(wpa_s->pairwise_cipher);
1140
cipher_group = cipher_suite2driver(wpa_s->group_cipher);
1141
if (wpa_s->key_mgmt == WPA_KEY_MGMT_NONE ||
1142
wpa_s->key_mgmt == WPA_KEY_MGMT_IEEE8021X_NO_WPA) {
1143
if (wpa_s->key_mgmt == WPA_KEY_MGMT_NONE)
1144
use_crypt = 0;
1145
if (wpa_set_wep_keys(wpa_s, ssid)) {
1146
use_crypt = 1;
1147
wep_keys_set = 1;
1148
}
1149
}
1150
if (wpa_s->key_mgmt == WPA_KEY_MGMT_WPS)
1151
use_crypt = 0;
1152
1153
#ifdef IEEE8021X_EAPOL
1154
if (wpa_s->key_mgmt == WPA_KEY_MGMT_IEEE8021X_NO_WPA) {
1155
if ((ssid->eapol_flags &
1156
(EAPOL_FLAG_REQUIRE_KEY_UNICAST |
1157
EAPOL_FLAG_REQUIRE_KEY_BROADCAST)) == 0 &&
1158
!wep_keys_set) {
1159
use_crypt = 0;
1160
} else {
1161
/* Assume that dynamic WEP-104 keys will be used and
1162
* set cipher suites in order for drivers to expect
1163
* encryption. */
1164
cipher_pairwise = cipher_group = CIPHER_WEP104;
1165
}
1166
}
1167
#endif /* IEEE8021X_EAPOL */
1168
1169
if (wpa_s->key_mgmt == WPA_KEY_MGMT_WPA_NONE) {
1170
/* Set the key before (and later after) association */
1171
wpa_supplicant_set_wpa_none_key(wpa_s, ssid);
1172
}
1173
1174
wpa_supplicant_set_state(wpa_s, WPA_ASSOCIATING);
1175
os_memset(¶ms, 0, sizeof(params));
1176
if (bss) {
1177
params.bssid = bss->bssid;
1178
params.ssid = bss->ssid;
1179
params.ssid_len = bss->ssid_len;
1180
params.freq = bss->freq;
1181
} else {
1182
params.ssid = ssid->ssid;
1183
params.ssid_len = ssid->ssid_len;
1184
}
1185
if (ssid->mode == WPAS_MODE_IBSS && ssid->frequency > 0 &&
1186
params.freq == 0)
1187
params.freq = ssid->frequency; /* Initial channel for IBSS */
1188
params.wpa_ie = wpa_ie;
1189
params.wpa_ie_len = wpa_ie_len;
1190
params.pairwise_suite = cipher_pairwise;
1191
params.group_suite = cipher_group;
1192
params.key_mgmt_suite = key_mgmt2driver(wpa_s->key_mgmt);
1193
params.auth_alg = algs;
1194
params.mode = ssid->mode;
1195
for (i = 0; i < NUM_WEP_KEYS; i++) {
1196
if (ssid->wep_key_len[i])
1197
params.wep_key[i] = ssid->wep_key[i];
1198
params.wep_key_len[i] = ssid->wep_key_len[i];
1199
}
1200
params.wep_tx_keyidx = ssid->wep_tx_keyidx;
1201
1202
if ((wpa_s->drv_flags & WPA_DRIVER_FLAGS_4WAY_HANDSHAKE) &&
1203
(params.key_mgmt_suite == KEY_MGMT_PSK ||
1204
params.key_mgmt_suite == KEY_MGMT_FT_PSK)) {
1205
params.passphrase = ssid->passphrase;
1206
if (ssid->psk_set)
1207
params.psk = ssid->psk;
1208
}
1209
1210
params.drop_unencrypted = use_crypt;
1211
1212
#ifdef CONFIG_IEEE80211W
1213
params.mgmt_frame_protection = ssid->ieee80211w;
1214
if (ssid->ieee80211w != NO_MGMT_FRAME_PROTECTION && bss) {
1215
const u8 *rsn = wpa_bss_get_ie(bss, WLAN_EID_RSN);
1216
struct wpa_ie_data ie;
1217
if (rsn && wpa_parse_wpa_ie(rsn, 2 + rsn[1], &ie) == 0 &&
1218
ie.capabilities &
1219
(WPA_CAPABILITY_MFPC | WPA_CAPABILITY_MFPR)) {
1220
wpa_printf(MSG_DEBUG, "WPA: Selected AP supports MFP: "
1221
"require MFP");
1222
params.mgmt_frame_protection =
1223
MGMT_FRAME_PROTECTION_REQUIRED;
1224
}
1225
}
1226
#endif /* CONFIG_IEEE80211W */
1227
1228
if (wpa_s->drv_flags & WPA_DRIVER_FLAGS_USER_SPACE_MLME)
1229
ret = ieee80211_sta_associate(wpa_s, ¶ms);
1230
else
1231
ret = wpa_drv_associate(wpa_s, ¶ms);
1232
if (ret < 0) {
1233
wpa_msg(wpa_s, MSG_INFO, "Association request to the driver "
1234
"failed");
1235
/* try to continue anyway; new association will be tried again
1236
* after timeout */
1237
assoc_failed = 1;
1238
}
1239
1240
if (wpa_s->key_mgmt == WPA_KEY_MGMT_WPA_NONE) {
1241
/* Set the key after the association just in case association
1242
* cleared the previously configured key. */
1243
wpa_supplicant_set_wpa_none_key(wpa_s, ssid);
1244
/* No need to timeout authentication since there is no key
1245
* management. */
1246
wpa_supplicant_cancel_auth_timeout(wpa_s);
1247
wpa_supplicant_set_state(wpa_s, WPA_COMPLETED);
1248
#ifdef CONFIG_IBSS_RSN
1249
} else if (ssid->mode == WPAS_MODE_IBSS &&
1250
wpa_s->key_mgmt != WPA_KEY_MGMT_NONE &&
1251
wpa_s->key_mgmt != WPA_KEY_MGMT_WPA_NONE) {
1252
ibss_rsn_set_psk(wpa_s->ibss_rsn, ssid->psk);
1253
/*
1254
* RSN IBSS authentication is per-STA and we can disable the
1255
* per-BSSID authentication.
1256
*/
1257
wpa_supplicant_cancel_auth_timeout(wpa_s);
1258
#endif /* CONFIG_IBSS_RSN */
1259
} else {
1260
/* Timeout for IEEE 802.11 authentication and association */
1261
int timeout = 60;
1262
1263
if (assoc_failed) {
1264
/* give IBSS a bit more time */
1265
timeout = ssid->mode == WPAS_MODE_IBSS ? 10 : 5;
1266
} else if (wpa_s->conf->ap_scan == 1) {
1267
/* give IBSS a bit more time */
1268
timeout = ssid->mode == WPAS_MODE_IBSS ? 20 : 10;
1269
}
1270
wpa_supplicant_req_auth_timeout(wpa_s, timeout, 0);
1271
}
1272
1273
if (wep_keys_set && wpa_drv_get_capa(wpa_s, &capa) == 0 &&
1274
capa.flags & WPA_DRIVER_FLAGS_SET_KEYS_AFTER_ASSOC) {
1275
/* Set static WEP keys again */
1276
wpa_set_wep_keys(wpa_s, ssid);
1277
}
1278
1279
if (wpa_s->current_ssid && wpa_s->current_ssid != ssid) {
1280
/*
1281
* Do not allow EAP session resumption between different
1282
* network configurations.
1283
*/
1284
eapol_sm_invalidate_cached_session(wpa_s->eapol);
1285
}
1286
old_ssid = wpa_s->current_ssid;
1287
wpa_s->current_ssid = ssid;
1288
wpa_s->current_bss = bss;
1289
wpa_supplicant_rsn_supp_set_config(wpa_s, wpa_s->current_ssid);
1290
wpa_supplicant_initiate_eapol(wpa_s);
1291
if (old_ssid != wpa_s->current_ssid)
1292
wpas_notify_network_changed(wpa_s);
1293
}
1294
1295
1296
/**
1297
* wpa_supplicant_disassociate - Disassociate the current connection
1298
* @wpa_s: Pointer to wpa_supplicant data
1299
* @reason_code: IEEE 802.11 reason code for the disassociate frame
1300
*
1301
* This function is used to request %wpa_supplicant to disassociate with the
1302
* current AP.
1303
*/
1304
void wpa_supplicant_disassociate(struct wpa_supplicant *wpa_s,
1305
int reason_code)
1306
{
1307
struct wpa_ssid *old_ssid;
1308
u8 *addr = NULL;
1309
1310
if (!is_zero_ether_addr(wpa_s->bssid)) {
1311
if (wpa_s->drv_flags & WPA_DRIVER_FLAGS_USER_SPACE_MLME)
1312
ieee80211_sta_disassociate(wpa_s, reason_code);
1313
else
1314
wpa_drv_disassociate(wpa_s, wpa_s->bssid, reason_code);
1315
addr = wpa_s->bssid;
1316
}
1317
wpa_clear_keys(wpa_s, addr);
1318
wpa_supplicant_mark_disassoc(wpa_s);
1319
old_ssid = wpa_s->current_ssid;
1320
wpa_s->current_ssid = NULL;
1321
wpa_s->current_bss = NULL;
1322
wpa_sm_set_config(wpa_s->wpa, NULL);
1323
eapol_sm_notify_config(wpa_s->eapol, NULL, NULL);
1324
if (old_ssid != wpa_s->current_ssid)
1325
wpas_notify_network_changed(wpa_s);
1326
eloop_cancel_timeout(wpa_supplicant_timeout, wpa_s, NULL);
1327
}
1328
1329
1330
/**
1331
* wpa_supplicant_deauthenticate - Deauthenticate the current connection
1332
* @wpa_s: Pointer to wpa_supplicant data
1333
* @reason_code: IEEE 802.11 reason code for the deauthenticate frame
1334
*
1335
* This function is used to request %wpa_supplicant to deauthenticate from the
1336
* current AP.
1337
*/
1338
void wpa_supplicant_deauthenticate(struct wpa_supplicant *wpa_s,
1339
int reason_code)
1340
{
1341
struct wpa_ssid *old_ssid;
1342
u8 *addr = NULL;
1343
1344
if (!is_zero_ether_addr(wpa_s->bssid)) {
1345
if (wpa_s->drv_flags & WPA_DRIVER_FLAGS_USER_SPACE_MLME)
1346
ieee80211_sta_deauthenticate(wpa_s, reason_code);
1347
else
1348
wpa_drv_deauthenticate(wpa_s, wpa_s->bssid,
1349
reason_code);
1350
addr = wpa_s->bssid;
1351
}
1352
wpa_clear_keys(wpa_s, addr);
1353
wpa_supplicant_mark_disassoc(wpa_s);
1354
old_ssid = wpa_s->current_ssid;
1355
wpa_s->current_ssid = NULL;
1356
wpa_s->current_bss = NULL;
1357
wpa_sm_set_config(wpa_s->wpa, NULL);
1358
eapol_sm_notify_config(wpa_s->eapol, NULL, NULL);
1359
if (old_ssid != wpa_s->current_ssid)
1360
wpas_notify_network_changed(wpa_s);
1361
eloop_cancel_timeout(wpa_supplicant_timeout, wpa_s, NULL);
1362
}
1363
1364
1365
/**
1366
* wpa_supplicant_enable_network - Mark a configured network as enabled
1367
* @wpa_s: wpa_supplicant structure for a network interface
1368
* @ssid: wpa_ssid structure for a configured network or %NULL
1369
*
1370
* Enables the specified network or all networks if no network specified.
1371
*/
1372
void wpa_supplicant_enable_network(struct wpa_supplicant *wpa_s,
1373
struct wpa_ssid *ssid)
1374
{
1375
struct wpa_ssid *other_ssid;
1376
int was_disabled;
1377
1378
if (ssid == NULL) {
1379
other_ssid = wpa_s->conf->ssid;
1380
while (other_ssid) {
1381
if (other_ssid == wpa_s->current_ssid &&
1382
other_ssid->disabled)
1383
wpa_s->reassociate = 1;
1384
1385
was_disabled = other_ssid->disabled;
1386
1387
other_ssid->disabled = 0;
1388
1389
if (was_disabled != other_ssid->disabled)
1390
wpas_notify_network_enabled_changed(
1391
wpa_s, other_ssid);
1392
1393
other_ssid = other_ssid->next;
1394
}
1395
if (wpa_s->reassociate)
1396
wpa_supplicant_req_scan(wpa_s, 0, 0);
1397
} else if (ssid->disabled) {
1398
if (wpa_s->current_ssid == NULL) {
1399
/*
1400
* Try to reassociate since there is no current
1401
* configuration and a new network was made available.
1402
*/
1403
wpa_s->reassociate = 1;
1404
wpa_supplicant_req_scan(wpa_s, 0, 0);
1405
}
1406
1407
was_disabled = ssid->disabled;
1408
1409
ssid->disabled = 0;
1410
1411
if (was_disabled != ssid->disabled)
1412
wpas_notify_network_enabled_changed(wpa_s, ssid);
1413
}
1414
}
1415
1416
1417
/**
1418
* wpa_supplicant_disable_network - Mark a configured network as disabled
1419
* @wpa_s: wpa_supplicant structure for a network interface
1420
* @ssid: wpa_ssid structure for a configured network or %NULL
1421
*
1422
* Disables the specified network or all networks if no network specified.
1423
*/
1424
void wpa_supplicant_disable_network(struct wpa_supplicant *wpa_s,
1425
struct wpa_ssid *ssid)
1426
{
1427
struct wpa_ssid *other_ssid;
1428
int was_disabled;
1429
1430
if (ssid == NULL) {
1431
other_ssid = wpa_s->conf->ssid;
1432
while (other_ssid) {
1433
was_disabled = other_ssid->disabled;
1434
1435
other_ssid->disabled = 1;
1436
1437
if (was_disabled != other_ssid->disabled)
1438
wpas_notify_network_enabled_changed(
1439
wpa_s, other_ssid);
1440
1441
other_ssid = other_ssid->next;
1442
}
1443
if (wpa_s->current_ssid)
1444
wpa_supplicant_disassociate(
1445
wpa_s, WLAN_REASON_DEAUTH_LEAVING);
1446
} else {
1447
if (ssid == wpa_s->current_ssid)
1448
wpa_supplicant_disassociate(
1449
wpa_s, WLAN_REASON_DEAUTH_LEAVING);
1450
1451
was_disabled = ssid->disabled;
1452
1453
ssid->disabled = 1;
1454
1455
if (was_disabled != ssid->disabled)
1456
wpas_notify_network_enabled_changed(wpa_s, ssid);
1457
}
1458
}
1459
1460
1461
/**
1462
* wpa_supplicant_select_network - Attempt association with a network
1463
* @wpa_s: wpa_supplicant structure for a network interface
1464
* @ssid: wpa_ssid structure for a configured network or %NULL for any network
1465
*/
1466
void wpa_supplicant_select_network(struct wpa_supplicant *wpa_s,
1467
struct wpa_ssid *ssid)
1468
{
1469
1470
struct wpa_ssid *other_ssid;
1471
1472
if (ssid && ssid != wpa_s->current_ssid && wpa_s->current_ssid)
1473
wpa_supplicant_disassociate(
1474
wpa_s, WLAN_REASON_DEAUTH_LEAVING);
1475
1476
/*
1477
* Mark all other networks disabled or mark all networks enabled if no
1478
* network specified.
1479
*/
1480
other_ssid = wpa_s->conf->ssid;
1481
while (other_ssid) {
1482
int was_disabled = other_ssid->disabled;
1483
1484
other_ssid->disabled = ssid ? (ssid->id != other_ssid->id) : 0;
1485
1486
if (was_disabled != other_ssid->disabled)
1487
wpas_notify_network_enabled_changed(wpa_s, other_ssid);
1488
1489
other_ssid = other_ssid->next;
1490
}
1491
wpa_s->disconnected = 0;
1492
wpa_s->reassociate = 1;
1493
wpa_supplicant_req_scan(wpa_s, 0, 0);
1494
1495
if (ssid)
1496
wpas_notify_network_selected(wpa_s, ssid);
1497
}
1498
1499
1500
/**
1501
* wpa_supplicant_set_ap_scan - Set AP scan mode for interface
1502
* @wpa_s: wpa_supplicant structure for a network interface
1503
* @ap_scan: AP scan mode
1504
* Returns: 0 if succeed or -1 if ap_scan has an invalid value
1505
*
1506
*/
1507
int wpa_supplicant_set_ap_scan(struct wpa_supplicant *wpa_s, int ap_scan)
1508
{
1509
1510
int old_ap_scan;
1511
1512
if (ap_scan < 0 || ap_scan > 2)
1513
return -1;
1514
1515
old_ap_scan = wpa_s->conf->ap_scan;
1516
wpa_s->conf->ap_scan = ap_scan;
1517
1518
if (old_ap_scan != wpa_s->conf->ap_scan)
1519
wpas_notify_ap_scan_changed(wpa_s);
1520
1521
return 0;
1522
}
1523
1524
1525
/**
1526
* wpa_supplicant_set_debug_params - Set global debug params
1527
* @global: wpa_global structure
1528
* @debug_level: debug level
1529
* @debug_timestamp: determines if show timestamp in debug data
1530
* @debug_show_keys: determines if show keys in debug data
1531
* Returns: 0 if succeed or -1 if debug_level has wrong value
1532
*/
1533
int wpa_supplicant_set_debug_params(struct wpa_global *global, int debug_level,
1534
int debug_timestamp, int debug_show_keys)
1535
{
1536
1537
int old_level, old_timestamp, old_show_keys;
1538
1539
/* check for allowed debuglevels */
1540
if (debug_level != MSG_MSGDUMP &&
1541
debug_level != MSG_DEBUG &&
1542
debug_level != MSG_INFO &&
1543
debug_level != MSG_WARNING &&
1544
debug_level != MSG_ERROR)
1545
return -1;
1546
1547
old_level = wpa_debug_level;
1548
old_timestamp = wpa_debug_timestamp;
1549
old_show_keys = wpa_debug_show_keys;
1550
1551
wpa_debug_level = debug_level;
1552
wpa_debug_timestamp = debug_timestamp ? 1 : 0;
1553
wpa_debug_show_keys = debug_show_keys ? 1 : 0;
1554
1555
if (wpa_debug_level != old_level)
1556
wpas_notify_debug_level_changed(global);
1557
if (wpa_debug_timestamp != old_timestamp)
1558
wpas_notify_debug_timestamp_changed(global);
1559
if (wpa_debug_show_keys != old_show_keys)
1560
wpas_notify_debug_show_keys_changed(global);
1561
1562
return 0;
1563
}
1564
1565
1566
/**
1567
* wpa_supplicant_get_ssid - Get a pointer to the current network structure
1568
* @wpa_s: Pointer to wpa_supplicant data
1569
* Returns: A pointer to the current network structure or %NULL on failure
1570
*/
1571
struct wpa_ssid * wpa_supplicant_get_ssid(struct wpa_supplicant *wpa_s)
1572
{
1573
struct wpa_ssid *entry;
1574
u8 ssid[MAX_SSID_LEN];
1575
int res;
1576
size_t ssid_len;
1577
u8 bssid[ETH_ALEN];
1578
int wired;
1579
1580
if (wpa_s->drv_flags & WPA_DRIVER_FLAGS_USER_SPACE_MLME) {
1581
if (ieee80211_sta_get_ssid(wpa_s, ssid, &ssid_len)) {
1582
wpa_printf(MSG_WARNING, "Could not read SSID from "
1583
"MLME.");
1584
return NULL;
1585
}
1586
} else {
1587
res = wpa_drv_get_ssid(wpa_s, ssid);
1588
if (res < 0) {
1589
wpa_printf(MSG_WARNING, "Could not read SSID from "
1590
"driver.");
1591
return NULL;
1592
}
1593
ssid_len = res;
1594
}
1595
1596
if (wpa_s->drv_flags & WPA_DRIVER_FLAGS_USER_SPACE_MLME)
1597
os_memcpy(bssid, wpa_s->bssid, ETH_ALEN);
1598
else if (wpa_drv_get_bssid(wpa_s, bssid) < 0) {
1599
wpa_printf(MSG_WARNING, "Could not read BSSID from driver.");
1600
return NULL;
1601
}
1602
1603
wired = wpa_s->conf->ap_scan == 0 &&
1604
(wpa_s->drv_flags & WPA_DRIVER_FLAGS_WIRED);
1605
1606
entry = wpa_s->conf->ssid;
1607
while (entry) {
1608
if (!entry->disabled &&
1609
((ssid_len == entry->ssid_len &&
1610
os_memcmp(ssid, entry->ssid, ssid_len) == 0) || wired) &&
1611
(!entry->bssid_set ||
1612
os_memcmp(bssid, entry->bssid, ETH_ALEN) == 0))
1613
return entry;
1614
#ifdef CONFIG_WPS
1615
if (!entry->disabled &&
1616
(entry->key_mgmt & WPA_KEY_MGMT_WPS) &&
1617
(entry->ssid == NULL || entry->ssid_len == 0) &&
1618
(!entry->bssid_set ||
1619
os_memcmp(bssid, entry->bssid, ETH_ALEN) == 0))
1620
return entry;
1621
#endif /* CONFIG_WPS */
1622
entry = entry->next;
1623
}
1624
1625
return NULL;
1626
}
1627
1628
1629
static int wpa_supplicant_set_driver(struct wpa_supplicant *wpa_s,
1630
const char *name)
1631
{
1632
int i;
1633
size_t len;
1634
const char *pos;
1635
1636
if (wpa_s == NULL)
1637
return -1;
1638
1639
if (wpa_drivers[0] == NULL) {
1640
wpa_printf(MSG_ERROR, "No driver interfaces build into "
1641
"wpa_supplicant.");
1642
return -1;
1643
}
1644
1645
if (name == NULL) {
1646
/* default to first driver in the list */
1647
wpa_s->driver = wpa_drivers[0];
1648
wpa_s->global_drv_priv = wpa_s->global->drv_priv[0];
1649
return 0;
1650
}
1651
1652
pos = os_strchr(name, ',');
1653
if (pos)
1654
len = pos - name;
1655
else
1656
len = os_strlen(name);
1657
for (i = 0; wpa_drivers[i]; i++) {
1658
if (os_strlen(wpa_drivers[i]->name) == len &&
1659
os_strncmp(name, wpa_drivers[i]->name, len) ==
1660
0) {
1661
wpa_s->driver = wpa_drivers[i];
1662
wpa_s->global_drv_priv = wpa_s->global->drv_priv[i];
1663
return 0;
1664
}
1665
}
1666
1667
wpa_printf(MSG_ERROR, "Unsupported driver '%s'.", name);
1668
return -1;
1669
}
1670
1671
1672
/**
1673
* wpa_supplicant_rx_eapol - Deliver a received EAPOL frame to wpa_supplicant
1674
* @ctx: Context pointer (wpa_s); this is the ctx variable registered
1675
* with struct wpa_driver_ops::init()
1676
* @src_addr: Source address of the EAPOL frame
1677
* @buf: EAPOL data starting from the EAPOL header (i.e., no Ethernet header)
1678
* @len: Length of the EAPOL data
1679
*
1680
* This function is called for each received EAPOL frame. Most driver
1681
* interfaces rely on more generic OS mechanism for receiving frames through
1682
* l2_packet, but if such a mechanism is not available, the driver wrapper may
1683
* take care of received EAPOL frames and deliver them to the core supplicant
1684
* code by calling this function.
1685
*/
1686
void wpa_supplicant_rx_eapol(void *ctx, const u8 *src_addr,
1687
const u8 *buf, size_t len)
1688
{
1689
struct wpa_supplicant *wpa_s = ctx;
1690
1691
wpa_printf(MSG_DEBUG, "RX EAPOL from " MACSTR, MAC2STR(src_addr));
1692
wpa_hexdump(MSG_MSGDUMP, "RX EAPOL", buf, len);
1693
1694
if (wpa_s->wpa_state < WPA_ASSOCIATED) {
1695
/*
1696
* There is possible race condition between receiving the
1697
* association event and the EAPOL frame since they are coming
1698
* through different paths from the driver. In order to avoid
1699
* issues in trying to process the EAPOL frame before receiving
1700
* association information, lets queue it for processing until
1701
* the association event is received.
1702
*/
1703
wpa_printf(MSG_DEBUG, "Not associated - Delay processing of "
1704
"received EAPOL frame");
1705
wpabuf_free(wpa_s->pending_eapol_rx);
1706
wpa_s->pending_eapol_rx = wpabuf_alloc_copy(buf, len);
1707
if (wpa_s->pending_eapol_rx) {
1708
os_get_time(&wpa_s->pending_eapol_rx_time);
1709
os_memcpy(wpa_s->pending_eapol_rx_src, src_addr,
1710
ETH_ALEN);
1711
}
1712
return;
1713
}
1714
1715
#ifdef CONFIG_AP
1716
if (wpa_s->ap_iface) {
1717
wpa_supplicant_ap_rx_eapol(wpa_s, src_addr, buf, len);
1718
return;
1719
}
1720
#endif /* CONFIG_AP */
1721
1722
if (wpa_s->key_mgmt == WPA_KEY_MGMT_NONE) {
1723
wpa_printf(MSG_DEBUG, "Ignored received EAPOL frame since "
1724
"no key management is configured");
1725
return;
1726
}
1727
1728
if (wpa_s->eapol_received == 0 &&
1729
(!(wpa_s->drv_flags & WPA_DRIVER_FLAGS_4WAY_HANDSHAKE) ||
1730
!wpa_key_mgmt_wpa_psk(wpa_s->key_mgmt) ||
1731
wpa_s->wpa_state != WPA_COMPLETED) &&
1732
(wpa_s->current_ssid == NULL ||
1733
wpa_s->current_ssid->mode != IEEE80211_MODE_IBSS)) {
1734
/* Timeout for completing IEEE 802.1X and WPA authentication */
1735
wpa_supplicant_req_auth_timeout(
1736
wpa_s,
1737
(wpa_key_mgmt_wpa_ieee8021x(wpa_s->key_mgmt) ||
1738
wpa_s->key_mgmt == WPA_KEY_MGMT_IEEE8021X_NO_WPA ||
1739
wpa_s->key_mgmt == WPA_KEY_MGMT_WPS) ?
1740
70 : 10, 0);
1741
}
1742
wpa_s->eapol_received++;
1743
1744
if (wpa_s->countermeasures) {
1745
wpa_printf(MSG_INFO, "WPA: Countermeasures - dropped EAPOL "
1746
"packet");
1747
return;
1748
}
1749
1750
#ifdef CONFIG_IBSS_RSN
1751
if (wpa_s->current_ssid &&
1752
wpa_s->current_ssid->mode == WPAS_MODE_IBSS) {
1753
ibss_rsn_rx_eapol(wpa_s->ibss_rsn, src_addr, buf, len);
1754
return;
1755
}
1756
#endif /* CONFIG_IBSS_RSN */
1757
1758
/* Source address of the incoming EAPOL frame could be compared to the
1759
* current BSSID. However, it is possible that a centralized
1760
* Authenticator could be using another MAC address than the BSSID of
1761
* an AP, so just allow any address to be used for now. The replies are
1762
* still sent to the current BSSID (if available), though. */
1763
1764
os_memcpy(wpa_s->last_eapol_src, src_addr, ETH_ALEN);
1765
if (!wpa_key_mgmt_wpa_psk(wpa_s->key_mgmt) &&
1766
eapol_sm_rx_eapol(wpa_s->eapol, src_addr, buf, len) > 0)
1767
return;
1768
wpa_drv_poll(wpa_s);
1769
if (!(wpa_s->drv_flags & WPA_DRIVER_FLAGS_4WAY_HANDSHAKE))
1770
wpa_sm_rx_eapol(wpa_s->wpa, src_addr, buf, len);
1771
else if (wpa_key_mgmt_wpa_ieee8021x(wpa_s->key_mgmt)) {
1772
/*
1773
* Set portValid = TRUE here since we are going to skip 4-way
1774
* handshake processing which would normally set portValid. We
1775
* need this to allow the EAPOL state machines to be completed
1776
* without going through EAPOL-Key handshake.
1777
*/
1778
eapol_sm_notify_portValid(wpa_s->eapol, TRUE);
1779
}
1780
}
1781
1782
1783
/**
1784
* wpa_supplicant_driver_init - Initialize driver interface parameters
1785
* @wpa_s: Pointer to wpa_supplicant data
1786
* Returns: 0 on success, -1 on failure
1787
*
1788
* This function is called to initialize driver interface parameters.
1789
* wpa_drv_init() must have been called before this function to initialize the
1790
* driver interface.
1791
*/
1792
int wpa_supplicant_driver_init(struct wpa_supplicant *wpa_s)
1793
{
1794
static int interface_count = 0;
1795
1796
if (wpa_s->driver->send_eapol) {
1797
const u8 *addr = wpa_drv_get_mac_addr(wpa_s);
1798
if (addr)
1799
os_memcpy(wpa_s->own_addr, addr, ETH_ALEN);
1800
} else {
1801
wpa_s->l2 = l2_packet_init(wpa_s->ifname,
1802
wpa_drv_get_mac_addr(wpa_s),
1803
ETH_P_EAPOL,
1804
wpa_supplicant_rx_eapol, wpa_s, 0);
1805
if (wpa_s->l2 == NULL)
1806
return -1;
1807
}
1808
1809
if (wpa_s->l2 && l2_packet_get_own_addr(wpa_s->l2, wpa_s->own_addr)) {
1810
wpa_printf(MSG_ERROR, "Failed to get own L2 address");
1811
return -1;
1812
}
1813
1814
wpa_printf(MSG_DEBUG, "Own MAC address: " MACSTR,
1815
MAC2STR(wpa_s->own_addr));
1816
1817
if (wpa_s->bridge_ifname[0]) {
1818
wpa_printf(MSG_DEBUG, "Receiving packets from bridge interface"
1819
" '%s'", wpa_s->bridge_ifname);
1820
wpa_s->l2_br = l2_packet_init(wpa_s->bridge_ifname,
1821
wpa_s->own_addr,
1822
ETH_P_EAPOL,
1823
wpa_supplicant_rx_eapol, wpa_s,
1824
0);
1825
if (wpa_s->l2_br == NULL) {
1826
wpa_printf(MSG_ERROR, "Failed to open l2_packet "
1827
"connection for the bridge interface '%s'",
1828
wpa_s->bridge_ifname);
1829
return -1;
1830
}
1831
}
1832
1833
wpa_clear_keys(wpa_s, NULL);
1834
1835
/* Make sure that TKIP countermeasures are not left enabled (could
1836
* happen if wpa_supplicant is killed during countermeasures. */
1837
wpa_drv_set_countermeasures(wpa_s, 0);
1838
1839
wpa_printf(MSG_DEBUG, "RSN: flushing PMKID list in the driver");
1840
wpa_drv_flush_pmkid(wpa_s);
1841
1842
wpa_s->prev_scan_ssid = WILDCARD_SSID_SCAN;
1843
if (wpa_supplicant_enabled_networks(wpa_s->conf)) {
1844
wpa_supplicant_req_scan(wpa_s, interface_count, 100000);
1845
interface_count++;
1846
} else
1847
wpa_supplicant_set_state(wpa_s, WPA_INACTIVE);
1848
1849
return 0;
1850
}
1851
1852
1853
static int wpa_supplicant_daemon(const char *pid_file)
1854
{
1855
wpa_printf(MSG_DEBUG, "Daemonize..");
1856
return os_daemonize(pid_file);
1857
}
1858
1859
1860
static struct wpa_supplicant * wpa_supplicant_alloc(void)
1861
{
1862
struct wpa_supplicant *wpa_s;
1863
1864
wpa_s = os_zalloc(sizeof(*wpa_s));
1865
if (wpa_s == NULL)
1866
return NULL;
1867
wpa_s->scan_req = 1;
1868
wpa_s->new_connection = 1;
1869
1870
return wpa_s;
1871
}
1872
1873
1874
static int wpa_supplicant_init_iface(struct wpa_supplicant *wpa_s,
1875
struct wpa_interface *iface)
1876
{
1877
const char *ifname, *driver;
1878
struct wpa_driver_capa capa;
1879
1880
wpa_printf(MSG_DEBUG, "Initializing interface '%s' conf '%s' driver "
1881
"'%s' ctrl_interface '%s' bridge '%s'", iface->ifname,
1882
iface->confname ? iface->confname : "N/A",
1883
iface->driver ? iface->driver : "default",
1884
iface->ctrl_interface ? iface->ctrl_interface : "N/A",
1885
iface->bridge_ifname ? iface->bridge_ifname : "N/A");
1886
1887
if (iface->confname) {
1888
#ifdef CONFIG_BACKEND_FILE
1889
wpa_s->confname = os_rel2abs_path(iface->confname);
1890
if (wpa_s->confname == NULL) {
1891
wpa_printf(MSG_ERROR, "Failed to get absolute path "
1892
"for configuration file '%s'.",
1893
iface->confname);
1894
return -1;
1895
}
1896
wpa_printf(MSG_DEBUG, "Configuration file '%s' -> '%s'",
1897
iface->confname, wpa_s->confname);
1898
#else /* CONFIG_BACKEND_FILE */
1899
wpa_s->confname = os_strdup(iface->confname);
1900
#endif /* CONFIG_BACKEND_FILE */
1901
wpa_s->conf = wpa_config_read(wpa_s->confname);
1902
if (wpa_s->conf == NULL) {
1903
wpa_printf(MSG_ERROR, "Failed to read or parse "
1904
"configuration '%s'.", wpa_s->confname);
1905
return -1;
1906
}
1907
1908
/*
1909
* Override ctrl_interface and driver_param if set on command
1910
* line.
1911
*/
1912
if (iface->ctrl_interface) {
1913
os_free(wpa_s->conf->ctrl_interface);
1914
wpa_s->conf->ctrl_interface =
1915
os_strdup(iface->ctrl_interface);
1916
}
1917
1918
if (iface->driver_param) {
1919
os_free(wpa_s->conf->driver_param);
1920
wpa_s->conf->driver_param =
1921
os_strdup(iface->driver_param);
1922
}
1923
} else
1924
wpa_s->conf = wpa_config_alloc_empty(iface->ctrl_interface,
1925
iface->driver_param);
1926
1927
if (wpa_s->conf == NULL) {
1928
wpa_printf(MSG_ERROR, "\nNo configuration found.");
1929
return -1;
1930
}
1931
1932
if (iface->ifname == NULL) {
1933
wpa_printf(MSG_ERROR, "\nInterface name is required.");
1934
return -1;
1935
}
1936
if (os_strlen(iface->ifname) >= sizeof(wpa_s->ifname)) {
1937
wpa_printf(MSG_ERROR, "\nToo long interface name '%s'.",
1938
iface->ifname);
1939
return -1;
1940
}
1941
os_strlcpy(wpa_s->ifname, iface->ifname, sizeof(wpa_s->ifname));
1942
1943
if (iface->bridge_ifname) {
1944
if (os_strlen(iface->bridge_ifname) >=
1945
sizeof(wpa_s->bridge_ifname)) {
1946
wpa_printf(MSG_ERROR, "\nToo long bridge interface "
1947
"name '%s'.", iface->bridge_ifname);
1948
return -1;
1949
}
1950
os_strlcpy(wpa_s->bridge_ifname, iface->bridge_ifname,
1951
sizeof(wpa_s->bridge_ifname));
1952
}
1953
1954
/* RSNA Supplicant Key Management - INITIALIZE */
1955
eapol_sm_notify_portEnabled(wpa_s->eapol, FALSE);
1956
eapol_sm_notify_portValid(wpa_s->eapol, FALSE);
1957
1958
/* Initialize driver interface and register driver event handler before
1959
* L2 receive handler so that association events are processed before
1960
* EAPOL-Key packets if both become available for the same select()
1961
* call. */
1962
driver = iface->driver;
1963
next_driver:
1964
if (wpa_supplicant_set_driver(wpa_s, driver) < 0)
1965
return -1;
1966
1967
wpa_s->drv_priv = wpa_drv_init(wpa_s, wpa_s->ifname);
1968
if (wpa_s->drv_priv == NULL) {
1969
const char *pos;
1970
pos = driver ? os_strchr(driver, ',') : NULL;
1971
if (pos) {
1972
wpa_printf(MSG_DEBUG, "Failed to initialize driver "
1973
"interface - try next driver wrapper");
1974
driver = pos + 1;
1975
goto next_driver;
1976
}
1977
wpa_printf(MSG_ERROR, "Failed to initialize driver interface");
1978
return -1;
1979
}
1980
if (wpa_drv_set_param(wpa_s, wpa_s->conf->driver_param) < 0) {
1981
wpa_printf(MSG_ERROR, "Driver interface rejected "
1982
"driver_param '%s'", wpa_s->conf->driver_param);
1983
return -1;
1984
}
1985
1986
ifname = wpa_drv_get_ifname(wpa_s);
1987
if (ifname && os_strcmp(ifname, wpa_s->ifname) != 0) {
1988
wpa_printf(MSG_DEBUG, "Driver interface replaced interface "
1989
"name with '%s'", ifname);
1990
os_strlcpy(wpa_s->ifname, ifname, sizeof(wpa_s->ifname));
1991
}
1992
1993
if (wpa_supplicant_init_wpa(wpa_s) < 0)
1994
return -1;
1995
1996
wpa_sm_set_ifname(wpa_s->wpa, wpa_s->ifname,
1997
wpa_s->bridge_ifname[0] ? wpa_s->bridge_ifname :
1998
NULL);
1999
wpa_sm_set_fast_reauth(wpa_s->wpa, wpa_s->conf->fast_reauth);
2000
2001
if (wpa_s->conf->dot11RSNAConfigPMKLifetime &&
2002
wpa_sm_set_param(wpa_s->wpa, RSNA_PMK_LIFETIME,
2003
wpa_s->conf->dot11RSNAConfigPMKLifetime)) {
2004
wpa_printf(MSG_ERROR, "Invalid WPA parameter value for "
2005
"dot11RSNAConfigPMKLifetime");
2006
return -1;
2007
}
2008
2009
if (wpa_s->conf->dot11RSNAConfigPMKReauthThreshold &&
2010
wpa_sm_set_param(wpa_s->wpa, RSNA_PMK_REAUTH_THRESHOLD,
2011
wpa_s->conf->dot11RSNAConfigPMKReauthThreshold)) {
2012
wpa_printf(MSG_ERROR, "Invalid WPA parameter value for "
2013
"dot11RSNAConfigPMKReauthThreshold");
2014
return -1;
2015
}
2016
2017
if (wpa_s->conf->dot11RSNAConfigSATimeout &&
2018
wpa_sm_set_param(wpa_s->wpa, RSNA_SA_TIMEOUT,
2019
wpa_s->conf->dot11RSNAConfigSATimeout)) {
2020
wpa_printf(MSG_ERROR, "Invalid WPA parameter value for "
2021
"dot11RSNAConfigSATimeout");
2022
return -1;
2023
}
2024
2025
if (wpa_drv_get_capa(wpa_s, &capa) == 0) {
2026
wpa_s->drv_flags = capa.flags;
2027
if (capa.flags & WPA_DRIVER_FLAGS_USER_SPACE_MLME) {
2028
if (ieee80211_sta_init(wpa_s))
2029
return -1;
2030
}
2031
wpa_s->max_scan_ssids = capa.max_scan_ssids;
2032
wpa_s->max_remain_on_chan = capa.max_remain_on_chan;
2033
}
2034
if (wpa_s->max_remain_on_chan == 0)
2035
wpa_s->max_remain_on_chan = 1000;
2036
2037
if (wpa_supplicant_driver_init(wpa_s) < 0)
2038
return -1;
2039
2040
if (wpa_s->conf->country[0] && wpa_s->conf->country[1] &&
2041
wpa_drv_set_country(wpa_s, wpa_s->conf->country)) {
2042
wpa_printf(MSG_DEBUG, "Failed to set country");
2043
return -1;
2044
}
2045
2046
wpa_sm_set_own_addr(wpa_s->wpa, wpa_s->own_addr);
2047
2048
if (wpas_wps_init(wpa_s))
2049
return -1;
2050
2051
if (wpa_supplicant_init_eapol(wpa_s) < 0)
2052
return -1;
2053
wpa_sm_set_eapol(wpa_s->wpa, wpa_s->eapol);
2054
2055
wpa_s->ctrl_iface = wpa_supplicant_ctrl_iface_init(wpa_s);
2056
if (wpa_s->ctrl_iface == NULL) {
2057
wpa_printf(MSG_ERROR,
2058
"Failed to initialize control interface '%s'.\n"
2059
"You may have another wpa_supplicant process "
2060
"already running or the file was\n"
2061
"left by an unclean termination of wpa_supplicant "
2062
"in which case you will need\n"
2063
"to manually remove this file before starting "
2064
"wpa_supplicant again.\n",
2065
wpa_s->conf->ctrl_interface);
2066
return -1;
2067
}
2068
2069
#ifdef CONFIG_IBSS_RSN
2070
wpa_s->ibss_rsn = ibss_rsn_init(wpa_s);
2071
if (!wpa_s->ibss_rsn) {
2072
wpa_printf(MSG_DEBUG, "Failed to init IBSS RSN");
2073
return -1;
2074
}
2075
#endif /* CONFIG_IBSS_RSN */
2076
2077
if (wpa_bss_init(wpa_s) < 0)
2078
return -1;
2079
2080
return 0;
2081
}
2082
2083
2084
static void wpa_supplicant_deinit_iface(struct wpa_supplicant *wpa_s,
2085
int notify)
2086
{
2087
if (wpa_s->drv_priv) {
2088
wpa_supplicant_deauthenticate(wpa_s,
2089
WLAN_REASON_DEAUTH_LEAVING);
2090
2091
wpa_drv_set_countermeasures(wpa_s, 0);
2092
wpa_clear_keys(wpa_s, NULL);
2093
}
2094
2095
wpa_supplicant_cleanup(wpa_s);
2096
2097
if (notify)
2098
wpas_notify_iface_removed(wpa_s);
2099
2100
if (wpa_s->drv_priv)
2101
wpa_drv_deinit(wpa_s);
2102
}
2103
2104
2105
/**
2106
* wpa_supplicant_add_iface - Add a new network interface
2107
* @global: Pointer to global data from wpa_supplicant_init()
2108
* @iface: Interface configuration options
2109
* Returns: Pointer to the created interface or %NULL on failure
2110
*
2111
* This function is used to add new network interfaces for %wpa_supplicant.
2112
* This can be called before wpa_supplicant_run() to add interfaces before the
2113
* main event loop has been started. In addition, new interfaces can be added
2114
* dynamically while %wpa_supplicant is already running. This could happen,
2115
* e.g., when a hotplug network adapter is inserted.
2116
*/
2117
struct wpa_supplicant * wpa_supplicant_add_iface(struct wpa_global *global,
2118
struct wpa_interface *iface)
2119
{
2120
struct wpa_supplicant *wpa_s;
2121
struct wpa_interface t_iface;
2122
struct wpa_ssid *ssid;
2123
2124
if (global == NULL || iface == NULL)
2125
return NULL;
2126
2127
wpa_s = wpa_supplicant_alloc();
2128
if (wpa_s == NULL)
2129
return NULL;
2130
2131
wpa_s->global = global;
2132
2133
t_iface = *iface;
2134
if (global->params.override_driver) {
2135
wpa_printf(MSG_DEBUG, "Override interface parameter: driver "
2136
"('%s' -> '%s')",
2137
iface->driver, global->params.override_driver);
2138
t_iface.driver = global->params.override_driver;
2139
}
2140
if (global->params.override_ctrl_interface) {
2141
wpa_printf(MSG_DEBUG, "Override interface parameter: "
2142
"ctrl_interface ('%s' -> '%s')",
2143
iface->ctrl_interface,
2144
global->params.override_ctrl_interface);
2145
t_iface.ctrl_interface =
2146
global->params.override_ctrl_interface;
2147
}
2148
if (wpa_supplicant_init_iface(wpa_s, &t_iface)) {
2149
wpa_printf(MSG_DEBUG, "Failed to add interface %s",
2150
iface->ifname);
2151
wpa_supplicant_deinit_iface(wpa_s, 0);
2152
os_free(wpa_s);
2153
return NULL;
2154
}
2155
2156
/* Notify the control interfaces about new iface */
2157
if (wpas_notify_iface_added(wpa_s)) {
2158
wpa_supplicant_deinit_iface(wpa_s, 1);
2159
os_free(wpa_s);
2160
return NULL;
2161
}
2162
2163
for (ssid = wpa_s->conf->ssid; ssid; ssid = ssid->next)
2164
wpas_notify_network_added(wpa_s, ssid);
2165
2166
wpa_s->next = global->ifaces;
2167
global->ifaces = wpa_s;
2168
2169
wpa_printf(MSG_DEBUG, "Added interface %s", wpa_s->ifname);
2170
2171
return wpa_s;
2172
}
2173
2174
2175
/**
2176
* wpa_supplicant_remove_iface - Remove a network interface
2177
* @global: Pointer to global data from wpa_supplicant_init()
2178
* @wpa_s: Pointer to the network interface to be removed
2179
* Returns: 0 if interface was removed, -1 if interface was not found
2180
*
2181
* This function can be used to dynamically remove network interfaces from
2182
* %wpa_supplicant, e.g., when a hotplug network adapter is ejected. In
2183
* addition, this function is used to remove all remaining interfaces when
2184
* %wpa_supplicant is terminated.
2185
*/
2186
int wpa_supplicant_remove_iface(struct wpa_global *global,
2187
struct wpa_supplicant *wpa_s)
2188
{
2189
struct wpa_supplicant *prev;
2190
2191
/* Remove interface from the global list of interfaces */
2192
prev = global->ifaces;
2193
if (prev == wpa_s) {
2194
global->ifaces = wpa_s->next;
2195
} else {
2196
while (prev && prev->next != wpa_s)
2197
prev = prev->next;
2198
if (prev == NULL)
2199
return -1;
2200
prev->next = wpa_s->next;
2201
}
2202
2203
wpa_printf(MSG_DEBUG, "Removing interface %s", wpa_s->ifname);
2204
2205
wpa_supplicant_deinit_iface(wpa_s, 1);
2206
os_free(wpa_s);
2207
2208
return 0;
2209
}
2210
2211
2212
/**
2213
* wpa_supplicant_get_iface - Get a new network interface
2214
* @global: Pointer to global data from wpa_supplicant_init()
2215
* @ifname: Interface name
2216
* Returns: Pointer to the interface or %NULL if not found
2217
*/
2218
struct wpa_supplicant * wpa_supplicant_get_iface(struct wpa_global *global,
2219
const char *ifname)
2220
{
2221
struct wpa_supplicant *wpa_s;
2222
2223
for (wpa_s = global->ifaces; wpa_s; wpa_s = wpa_s->next) {
2224
if (os_strcmp(wpa_s->ifname, ifname) == 0)
2225
return wpa_s;
2226
}
2227
return NULL;
2228
}
2229
2230
2231
/**
2232
* wpa_supplicant_init - Initialize %wpa_supplicant
2233
* @params: Parameters for %wpa_supplicant
2234
* Returns: Pointer to global %wpa_supplicant data, or %NULL on failure
2235
*
2236
* This function is used to initialize %wpa_supplicant. After successful
2237
* initialization, the returned data pointer can be used to add and remove
2238
* network interfaces, and eventually, to deinitialize %wpa_supplicant.
2239
*/
2240
struct wpa_global * wpa_supplicant_init(struct wpa_params *params)
2241
{
2242
struct wpa_global *global;
2243
int ret, i;
2244
2245
if (params == NULL)
2246
return NULL;
2247
2248
wpa_debug_open_file(params->wpa_debug_file_path);
2249
if (params->wpa_debug_syslog)
2250
wpa_debug_open_syslog();
2251
2252
ret = eap_register_methods();
2253
if (ret) {
2254
wpa_printf(MSG_ERROR, "Failed to register EAP methods");
2255
if (ret == -2)
2256
wpa_printf(MSG_ERROR, "Two or more EAP methods used "
2257
"the same EAP type.");
2258
return NULL;
2259
}
2260
2261
global = os_zalloc(sizeof(*global));
2262
if (global == NULL)
2263
return NULL;
2264
global->params.daemonize = params->daemonize;
2265
global->params.wait_for_monitor = params->wait_for_monitor;
2266
global->params.dbus_ctrl_interface = params->dbus_ctrl_interface;
2267
if (params->pid_file)
2268
global->params.pid_file = os_strdup(params->pid_file);
2269
if (params->ctrl_interface)
2270
global->params.ctrl_interface =
2271
os_strdup(params->ctrl_interface);
2272
if (params->override_driver)
2273
global->params.override_driver =
2274
os_strdup(params->override_driver);
2275
if (params->override_ctrl_interface)
2276
global->params.override_ctrl_interface =
2277
os_strdup(params->override_ctrl_interface);
2278
wpa_debug_level = global->params.wpa_debug_level =
2279
params->wpa_debug_level;
2280
wpa_debug_show_keys = global->params.wpa_debug_show_keys =
2281
params->wpa_debug_show_keys;
2282
wpa_debug_timestamp = global->params.wpa_debug_timestamp =
2283
params->wpa_debug_timestamp;
2284
2285
if (eloop_init()) {
2286
wpa_printf(MSG_ERROR, "Failed to initialize event loop");
2287
wpa_supplicant_deinit(global);
2288
return NULL;
2289
}
2290
2291
global->ctrl_iface = wpa_supplicant_global_ctrl_iface_init(global);
2292
if (global->ctrl_iface == NULL) {
2293
wpa_supplicant_deinit(global);
2294
return NULL;
2295
}
2296
2297
if (wpas_notify_supplicant_initialized(global)) {
2298
wpa_supplicant_deinit(global);
2299
return NULL;
2300
}
2301
2302
for (i = 0; wpa_drivers[i]; i++)
2303
global->drv_count++;
2304
if (global->drv_count == 0) {
2305
wpa_printf(MSG_ERROR, "No drivers enabled");
2306
wpa_supplicant_deinit(global);
2307
return NULL;
2308
}
2309
global->drv_priv = os_zalloc(global->drv_count * sizeof(void *));
2310
if (global->drv_priv == NULL) {
2311
wpa_supplicant_deinit(global);
2312
return NULL;
2313
}
2314
for (i = 0; wpa_drivers[i]; i++) {
2315
if (!wpa_drivers[i]->global_init)
2316
continue;
2317
global->drv_priv[i] = wpa_drivers[i]->global_init();
2318
if (global->drv_priv[i] == NULL) {
2319
wpa_printf(MSG_ERROR, "Failed to initialize driver "
2320
"'%s'", wpa_drivers[i]->name);
2321
wpa_supplicant_deinit(global);
2322
return NULL;
2323
}
2324
}
2325
2326
return global;
2327
}
2328
2329
2330
/**
2331
* wpa_supplicant_run - Run the %wpa_supplicant main event loop
2332
* @global: Pointer to global data from wpa_supplicant_init()
2333
* Returns: 0 after successful event loop run, -1 on failure
2334
*
2335
* This function starts the main event loop and continues running as long as
2336
* there are any remaining events. In most cases, this function is running as
2337
* long as the %wpa_supplicant process in still in use.
2338
*/
2339
int wpa_supplicant_run(struct wpa_global *global)
2340
{
2341
struct wpa_supplicant *wpa_s;
2342
2343
if (global->params.daemonize &&
2344
wpa_supplicant_daemon(global->params.pid_file))
2345
return -1;
2346
2347
if (global->params.wait_for_monitor) {
2348
for (wpa_s = global->ifaces; wpa_s; wpa_s = wpa_s->next)
2349
if (wpa_s->ctrl_iface)
2350
wpa_supplicant_ctrl_iface_wait(
2351
wpa_s->ctrl_iface);
2352
}
2353
2354
eloop_register_signal_terminate(wpa_supplicant_terminate, global);
2355
eloop_register_signal_reconfig(wpa_supplicant_reconfig, global);
2356
2357
eloop_run();
2358
2359
return 0;
2360
}
2361
2362
2363
/**
2364
* wpa_supplicant_deinit - Deinitialize %wpa_supplicant
2365
* @global: Pointer to global data from wpa_supplicant_init()
2366
*
2367
* This function is called to deinitialize %wpa_supplicant and to free all
2368
* allocated resources. Remaining network interfaces will also be removed.
2369
*/
2370
void wpa_supplicant_deinit(struct wpa_global *global)
2371
{
2372
int i;
2373
2374
if (global == NULL)
2375
return;
2376
2377
while (global->ifaces)
2378
wpa_supplicant_remove_iface(global, global->ifaces);
2379
2380
if (global->ctrl_iface)
2381
wpa_supplicant_global_ctrl_iface_deinit(global->ctrl_iface);
2382
2383
wpas_notify_supplicant_deinitialized(global);
2384
2385
eap_peer_unregister_methods();
2386
#ifdef CONFIG_AP
2387
eap_server_unregister_methods();
2388
#endif /* CONFIG_AP */
2389
2390
for (i = 0; wpa_drivers[i] && global->drv_priv; i++) {
2391
if (!global->drv_priv[i])
2392
continue;
2393
wpa_drivers[i]->global_deinit(global->drv_priv[i]);
2394
}
2395
os_free(global->drv_priv);
2396
2397
eloop_destroy();
2398
2399
if (global->params.pid_file) {
2400
os_daemonize_terminate(global->params.pid_file);
2401
os_free(global->params.pid_file);
2402
}
2403
os_free(global->params.ctrl_interface);
2404
os_free(global->params.override_driver);
2405
os_free(global->params.override_ctrl_interface);
2406
2407
os_free(global);
2408
wpa_debug_close_syslog();
2409
wpa_debug_close_file();
2410
}
2411
2412
2413
static void add_freq(int *freqs, int *num_freqs, int freq)
2414
{
2415
int i;
2416
2417
for (i = 0; i < *num_freqs; i++) {
2418
if (freqs[i] == freq)
2419
return;
2420
}
2421
2422
freqs[*num_freqs] = freq;
2423
(*num_freqs)++;
2424
}
2425
2426
2427
static int * get_bss_freqs_in_ess(struct wpa_supplicant *wpa_s)
2428
{
2429
struct wpa_bss *bss, *cbss;
2430
const int max_freqs = 10;
2431
int *freqs;
2432
int num_freqs = 0;
2433
2434
freqs = os_zalloc(sizeof(int) * (max_freqs + 1));
2435
if (freqs == NULL)
2436
return NULL;
2437
2438
cbss = wpa_s->current_bss;
2439
2440
dl_list_for_each(bss, &wpa_s->bss, struct wpa_bss, list) {
2441
if (bss == cbss)
2442
continue;
2443
if (bss->ssid_len == cbss->ssid_len &&
2444
os_memcmp(bss->ssid, cbss->ssid, bss->ssid_len) == 0 &&
2445
wpa_blacklist_get(wpa_s, bss->bssid) == NULL) {
2446
add_freq(freqs, &num_freqs, bss->freq);
2447
if (num_freqs == max_freqs)
2448
break;
2449
}
2450
}
2451
2452
if (num_freqs == 0) {
2453
os_free(freqs);
2454
freqs = NULL;
2455
}
2456
2457
return freqs;
2458
}
2459
2460
2461
void wpas_connection_failed(struct wpa_supplicant *wpa_s, const u8 *bssid)
2462
{
2463
int timeout;
2464
int count;
2465
int *freqs = NULL;
2466
2467
/*
2468
* Add the failed BSSID into the blacklist and speed up next scan
2469
* attempt if there could be other APs that could accept association.
2470
* The current blacklist count indicates how many times we have tried
2471
* connecting to this AP and multiple attempts mean that other APs are
2472
* either not available or has already been tried, so that we can start
2473
* increasing the delay here to avoid constant scanning.
2474
*/
2475
count = wpa_blacklist_add(wpa_s, bssid);
2476
if (count == 1 && wpa_s->current_bss) {
2477
/*
2478
* This BSS was not in the blacklist before. If there is
2479
* another BSS available for the same ESS, we should try that
2480
* next. Otherwise, we may as well try this one once more
2481
* before allowing other, likely worse, ESSes to be considered.
2482
*/
2483
freqs = get_bss_freqs_in_ess(wpa_s);
2484
if (freqs) {
2485
wpa_printf(MSG_DEBUG, "Another BSS in this ESS has "
2486
"been seen; try it next");
2487
wpa_blacklist_add(wpa_s, bssid);
2488
/*
2489
* On the next scan, go through only the known channels
2490
* used in this ESS based on previous scans to speed up
2491
* common load balancing use case.
2492
*/
2493
os_free(wpa_s->next_scan_freqs);
2494
wpa_s->next_scan_freqs = freqs;
2495
}
2496
}
2497
2498
switch (count) {
2499
case 1:
2500
timeout = 100;
2501
break;
2502
case 2:
2503
timeout = 500;
2504
break;
2505
case 3:
2506
timeout = 1000;
2507
break;
2508
default:
2509
timeout = 5000;
2510
}
2511
2512
/*
2513
* TODO: if more than one possible AP is available in scan results,
2514
* could try the other ones before requesting a new scan.
2515
*/
2516
wpa_supplicant_req_scan(wpa_s, timeout / 1000,
2517
1000 * (timeout % 1000));
2518
}
Loggerhead is a web-based interface for Breezy
Version: 2.0.1