3
* Copyright (c) 2003-2010, Jouni Malinen <j@w1.fi>
5
* This program is free software; you can redistribute it and/or modify
6
* it under the terms of the GNU General Public License version 2 as
7
* published by the Free Software Foundation.
9
* Alternatively, this software may be distributed under the terms of BSD
12
* See README and COPYING for more details.
14
* This file implements functions for registering and unregistering
15
* %wpa_supplicant interfaces. In addition, this file contains number of
16
* functions for managing network connections.
22
#include "eapol_supp/eapol_supp_sm.h"
23
#include "eap_peer/eap.h"
24
#include "eap_server/eap_methods.h"
25
#include "rsn_supp/wpa.h"
28
#include "l2_packet/l2_packet.h"
29
#include "wpa_supplicant_i.h"
31
#include "ctrl_iface.h"
32
#include "pcsc_funcs.h"
33
#include "common/version.h"
34
#include "rsn_supp/preauth.h"
35
#include "rsn_supp/pmksa_cache.h"
36
#include "common/wpa_ctrl.h"
38
#include "common/ieee802_11_defs.h"
39
#include "blacklist.h"
40
#include "wpas_glue.h"
41
#include "wps_supplicant.h"
50
const char *wpa_supplicant_version =
51
"wpa_supplicant v" VERSION_STR "\n"
52
"Copyright (c) 2003-2010, Jouni Malinen <j@w1.fi> and contributors";
54
const char *wpa_supplicant_license =
55
"This program is free software. You can distribute it and/or modify it\n"
56
"under the terms of the GNU General Public License version 2.\n"
58
"Alternatively, this software may be distributed under the terms of the\n"
59
"BSD license. See README and COPYING for more details.\n"
60
#ifdef EAP_TLS_OPENSSL
61
"\nThis product includes software developed by the OpenSSL Project\n"
62
"for use in the OpenSSL Toolkit (http://www.openssl.org/)\n"
63
#endif /* EAP_TLS_OPENSSL */
66
#ifndef CONFIG_NO_STDOUT_DEBUG
67
/* Long text divided into parts in order to fit in C89 strings size limits. */
68
const char *wpa_supplicant_full_license1 =
69
"This program is free software; you can redistribute it and/or modify\n"
70
"it under the terms of the GNU General Public License version 2 as\n"
71
"published by the Free Software Foundation.\n"
73
"This program is distributed in the hope that it will be useful,\n"
74
"but WITHOUT ANY WARRANTY; without even the implied warranty of\n"
75
"MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n"
76
"GNU General Public License for more details.\n"
78
const char *wpa_supplicant_full_license2 =
79
"You should have received a copy of the GNU General Public License\n"
80
"along with this program; if not, write to the Free Software\n"
81
"Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA\n"
83
"Alternatively, this software may be distributed under the terms of the\n"
86
"Redistribution and use in source and binary forms, with or without\n"
87
"modification, are permitted provided that the following conditions are\n"
90
const char *wpa_supplicant_full_license3 =
91
"1. Redistributions of source code must retain the above copyright\n"
92
" notice, this list of conditions and the following disclaimer.\n"
94
"2. Redistributions in binary form must reproduce the above copyright\n"
95
" notice, this list of conditions and the following disclaimer in the\n"
96
" documentation and/or other materials provided with the distribution.\n"
98
const char *wpa_supplicant_full_license4 =
99
"3. Neither the name(s) of the above-listed copyright holder(s) nor the\n"
100
" names of its contributors may be used to endorse or promote products\n"
101
" derived from this software without specific prior written permission.\n"
103
"THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS\n"
104
"\"AS IS\" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT\n"
105
"LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR\n"
106
"A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT\n";
107
const char *wpa_supplicant_full_license5 =
108
"OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,\n"
109
"SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT\n"
110
"LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,\n"
111
"DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY\n"
112
"THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT\n"
113
"(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE\n"
114
"OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n"
116
#endif /* CONFIG_NO_STDOUT_DEBUG */
118
extern int wpa_debug_level;
119
extern int wpa_debug_show_keys;
120
extern int wpa_debug_timestamp;
121
extern struct wpa_driver_ops *wpa_drivers[];
123
/* Configure default/group WEP keys for static WEP */
124
int wpa_set_wep_keys(struct wpa_supplicant *wpa_s, struct wpa_ssid *ssid)
128
for (i = 0; i < NUM_WEP_KEYS; i++) {
129
if (ssid->wep_key_len[i] == 0)
133
wpa_drv_set_key(wpa_s, WPA_ALG_WEP,
134
(u8 *) "\xff\xff\xff\xff\xff\xff",
135
i, i == ssid->wep_tx_keyidx, (u8 *) "", 0,
136
ssid->wep_key[i], ssid->wep_key_len[i]);
143
static int wpa_supplicant_set_wpa_none_key(struct wpa_supplicant *wpa_s,
144
struct wpa_ssid *ssid)
151
/* IBSS/WPA-None uses only one key (Group) for both receiving and
152
* sending unicast and multicast packets. */
154
if (ssid->mode != WPAS_MODE_IBSS) {
155
wpa_printf(MSG_INFO, "WPA: Invalid mode %d (not IBSS/ad-hoc) "
156
"for WPA-None", ssid->mode);
160
if (!ssid->psk_set) {
161
wpa_printf(MSG_INFO, "WPA: No PSK configured for WPA-None");
165
switch (wpa_s->group_cipher) {
166
case WPA_CIPHER_CCMP:
167
os_memcpy(key, ssid->psk, 16);
171
case WPA_CIPHER_TKIP:
172
/* WPA-None uses the same Michael MIC key for both TX and RX */
173
os_memcpy(key, ssid->psk, 16 + 8);
174
os_memcpy(key + 16 + 8, ssid->psk + 16, 8);
179
wpa_printf(MSG_INFO, "WPA: Invalid group cipher %d for "
180
"WPA-None", wpa_s->group_cipher);
184
/* TODO: should actually remember the previously used seq#, both for TX
185
* and RX from each STA.. */
187
return wpa_drv_set_key(wpa_s, alg, (u8 *) "\xff\xff\xff\xff\xff\xff",
188
0, 1, seq, 6, key, keylen);
192
static void wpa_supplicant_timeout(void *eloop_ctx, void *timeout_ctx)
194
struct wpa_supplicant *wpa_s = eloop_ctx;
195
const u8 *bssid = wpa_s->bssid;
196
if (is_zero_ether_addr(bssid))
197
bssid = wpa_s->pending_bssid;
198
wpa_msg(wpa_s, MSG_INFO, "Authentication with " MACSTR " timed out.",
200
wpa_blacklist_add(wpa_s, bssid);
201
wpa_sm_notify_disassoc(wpa_s->wpa);
202
wpa_supplicant_disassociate(wpa_s, WLAN_REASON_DEAUTH_LEAVING);
203
wpa_s->reassociate = 1;
204
wpa_supplicant_req_scan(wpa_s, 0, 0);
209
* wpa_supplicant_req_auth_timeout - Schedule a timeout for authentication
210
* @wpa_s: Pointer to wpa_supplicant data
211
* @sec: Number of seconds after which to time out authentication
212
* @usec: Number of microseconds after which to time out authentication
214
* This function is used to schedule a timeout for the current authentication
217
void wpa_supplicant_req_auth_timeout(struct wpa_supplicant *wpa_s,
220
if (wpa_s->conf && wpa_s->conf->ap_scan == 0 &&
221
(wpa_s->drv_flags & WPA_DRIVER_FLAGS_WIRED))
224
wpa_msg(wpa_s, MSG_DEBUG, "Setting authentication timeout: %d sec "
225
"%d usec", sec, usec);
226
eloop_cancel_timeout(wpa_supplicant_timeout, wpa_s, NULL);
227
eloop_register_timeout(sec, usec, wpa_supplicant_timeout, wpa_s, NULL);
232
* wpa_supplicant_cancel_auth_timeout - Cancel authentication timeout
233
* @wpa_s: Pointer to wpa_supplicant data
235
* This function is used to cancel authentication timeout scheduled with
236
* wpa_supplicant_req_auth_timeout() and it is called when authentication has
239
void wpa_supplicant_cancel_auth_timeout(struct wpa_supplicant *wpa_s)
241
wpa_msg(wpa_s, MSG_DEBUG, "Cancelling authentication timeout");
242
eloop_cancel_timeout(wpa_supplicant_timeout, wpa_s, NULL);
243
wpa_blacklist_del(wpa_s, wpa_s->bssid);
248
* wpa_supplicant_initiate_eapol - Configure EAPOL state machine
249
* @wpa_s: Pointer to wpa_supplicant data
251
* This function is used to configure EAPOL state machine based on the selected
252
* authentication mode.
254
void wpa_supplicant_initiate_eapol(struct wpa_supplicant *wpa_s)
256
#ifdef IEEE8021X_EAPOL
257
struct eapol_config eapol_conf;
258
struct wpa_ssid *ssid = wpa_s->current_ssid;
260
#ifdef CONFIG_IBSS_RSN
261
if (ssid->mode == WPAS_MODE_IBSS &&
262
wpa_s->key_mgmt != WPA_KEY_MGMT_NONE &&
263
wpa_s->key_mgmt != WPA_KEY_MGMT_WPA_NONE) {
265
* RSN IBSS authentication is per-STA and we can disable the
266
* per-BSSID EAPOL authentication.
268
eapol_sm_notify_portControl(wpa_s->eapol, ForceAuthorized);
269
eapol_sm_notify_eap_success(wpa_s->eapol, TRUE);
270
eapol_sm_notify_eap_fail(wpa_s->eapol, FALSE);
273
#endif /* CONFIG_IBSS_RSN */
275
eapol_sm_notify_eap_success(wpa_s->eapol, FALSE);
276
eapol_sm_notify_eap_fail(wpa_s->eapol, FALSE);
278
if (wpa_s->key_mgmt == WPA_KEY_MGMT_NONE ||
279
wpa_s->key_mgmt == WPA_KEY_MGMT_WPA_NONE)
280
eapol_sm_notify_portControl(wpa_s->eapol, ForceAuthorized);
282
eapol_sm_notify_portControl(wpa_s->eapol, Auto);
284
os_memset(&eapol_conf, 0, sizeof(eapol_conf));
285
if (wpa_s->key_mgmt == WPA_KEY_MGMT_IEEE8021X_NO_WPA) {
286
eapol_conf.accept_802_1x_keys = 1;
287
eapol_conf.required_keys = 0;
288
if (ssid->eapol_flags & EAPOL_FLAG_REQUIRE_KEY_UNICAST) {
289
eapol_conf.required_keys |= EAPOL_REQUIRE_KEY_UNICAST;
291
if (ssid->eapol_flags & EAPOL_FLAG_REQUIRE_KEY_BROADCAST) {
292
eapol_conf.required_keys |=
293
EAPOL_REQUIRE_KEY_BROADCAST;
296
if (wpa_s->conf && (wpa_s->drv_flags & WPA_DRIVER_FLAGS_WIRED))
297
eapol_conf.required_keys = 0;
300
eapol_conf.fast_reauth = wpa_s->conf->fast_reauth;
301
eapol_conf.workaround = ssid->eap_workaround;
302
eapol_conf.eap_disabled =
303
!wpa_key_mgmt_wpa_ieee8021x(wpa_s->key_mgmt) &&
304
wpa_s->key_mgmt != WPA_KEY_MGMT_IEEE8021X_NO_WPA &&
305
wpa_s->key_mgmt != WPA_KEY_MGMT_WPS;
306
eapol_sm_notify_config(wpa_s->eapol, &ssid->eap, &eapol_conf);
307
#endif /* IEEE8021X_EAPOL */
312
* wpa_supplicant_set_non_wpa_policy - Set WPA parameters to non-WPA mode
313
* @wpa_s: Pointer to wpa_supplicant data
314
* @ssid: Configuration data for the network
316
* This function is used to configure WPA state machine and related parameters
317
* to a mode where WPA is not enabled. This is called as part of the
318
* authentication configuration when the selected network does not use WPA.
320
void wpa_supplicant_set_non_wpa_policy(struct wpa_supplicant *wpa_s,
321
struct wpa_ssid *ssid)
325
if (ssid->key_mgmt & WPA_KEY_MGMT_WPS)
326
wpa_s->key_mgmt = WPA_KEY_MGMT_WPS;
327
else if (ssid->key_mgmt & WPA_KEY_MGMT_IEEE8021X_NO_WPA)
328
wpa_s->key_mgmt = WPA_KEY_MGMT_IEEE8021X_NO_WPA;
330
wpa_s->key_mgmt = WPA_KEY_MGMT_NONE;
331
wpa_sm_set_ap_wpa_ie(wpa_s->wpa, NULL, 0);
332
wpa_sm_set_ap_rsn_ie(wpa_s->wpa, NULL, 0);
333
wpa_sm_set_assoc_wpa_ie(wpa_s->wpa, NULL, 0);
334
wpa_s->pairwise_cipher = WPA_CIPHER_NONE;
335
wpa_s->group_cipher = WPA_CIPHER_NONE;
336
wpa_s->mgmt_group_cipher = 0;
338
for (i = 0; i < NUM_WEP_KEYS; i++) {
339
if (ssid->wep_key_len[i] > 5) {
340
wpa_s->pairwise_cipher = WPA_CIPHER_WEP104;
341
wpa_s->group_cipher = WPA_CIPHER_WEP104;
343
} else if (ssid->wep_key_len[i] > 0) {
344
wpa_s->pairwise_cipher = WPA_CIPHER_WEP40;
345
wpa_s->group_cipher = WPA_CIPHER_WEP40;
350
wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_RSN_ENABLED, 0);
351
wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_KEY_MGMT, wpa_s->key_mgmt);
352
wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_PAIRWISE,
353
wpa_s->pairwise_cipher);
354
wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_GROUP, wpa_s->group_cipher);
355
#ifdef CONFIG_IEEE80211W
356
wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_MGMT_GROUP,
357
wpa_s->mgmt_group_cipher);
358
#endif /* CONFIG_IEEE80211W */
360
pmksa_cache_clear_current(wpa_s->wpa);
364
static void wpa_supplicant_cleanup(struct wpa_supplicant *wpa_s)
366
bgscan_deinit(wpa_s);
367
scard_deinit(wpa_s->scard);
369
wpa_sm_set_scard_ctx(wpa_s->wpa, NULL);
370
eapol_sm_register_scard_ctx(wpa_s->eapol, NULL);
371
l2_packet_deinit(wpa_s->l2);
374
l2_packet_deinit(wpa_s->l2_br);
378
if (wpa_s->ctrl_iface) {
379
wpa_supplicant_ctrl_iface_deinit(wpa_s->ctrl_iface);
380
wpa_s->ctrl_iface = NULL;
382
if (wpa_s->conf != NULL) {
383
struct wpa_ssid *ssid;
384
for (ssid = wpa_s->conf->ssid; ssid; ssid = ssid->next)
385
wpas_notify_network_removed(wpa_s, ssid);
386
wpa_config_free(wpa_s->conf);
390
os_free(wpa_s->confname);
391
wpa_s->confname = NULL;
393
wpa_sm_set_eapol(wpa_s->wpa, NULL);
394
eapol_sm_deinit(wpa_s->eapol);
397
rsn_preauth_deinit(wpa_s->wpa);
399
pmksa_candidate_free(wpa_s->wpa);
400
wpa_sm_deinit(wpa_s->wpa);
402
wpa_blacklist_clear(wpa_s);
404
wpa_bss_deinit(wpa_s);
406
wpa_supplicant_cancel_scan(wpa_s);
407
wpa_supplicant_cancel_auth_timeout(wpa_s);
409
ieee80211_sta_deinit(wpa_s);
411
wpas_wps_deinit(wpa_s);
413
wpabuf_free(wpa_s->pending_eapol_rx);
414
wpa_s->pending_eapol_rx = NULL;
416
#ifdef CONFIG_IBSS_RSN
417
ibss_rsn_deinit(wpa_s->ibss_rsn);
418
wpa_s->ibss_rsn = NULL;
419
#endif /* CONFIG_IBSS_RSN */
424
wpa_supplicant_ap_deinit(wpa_s);
425
#endif /* CONFIG_AP */
427
os_free(wpa_s->next_scan_freqs);
428
wpa_s->next_scan_freqs = NULL;
433
* wpa_clear_keys - Clear keys configured for the driver
434
* @wpa_s: Pointer to wpa_supplicant data
435
* @addr: Previously used BSSID or %NULL if not available
437
* This function clears the encryption keys that has been previously configured
440
void wpa_clear_keys(struct wpa_supplicant *wpa_s, const u8 *addr)
442
u8 *bcast = (u8 *) "\xff\xff\xff\xff\xff\xff";
444
if (wpa_s->keys_cleared) {
445
/* Some drivers (e.g., ndiswrapper & NDIS drivers) seem to have
446
* timing issues with keys being cleared just before new keys
447
* are set or just after association or something similar. This
448
* shows up in group key handshake failing often because of the
449
* client not receiving the first encrypted packets correctly.
450
* Skipping some of the extra key clearing steps seems to help
451
* in completing group key handshake more reliably. */
452
wpa_printf(MSG_DEBUG, "No keys have been configured - "
453
"skip key clearing");
457
/* MLME-DELETEKEYS.request */
458
wpa_drv_set_key(wpa_s, WPA_ALG_NONE, bcast, 0, 0, NULL, 0, NULL, 0);
459
wpa_drv_set_key(wpa_s, WPA_ALG_NONE, bcast, 1, 0, NULL, 0, NULL, 0);
460
wpa_drv_set_key(wpa_s, WPA_ALG_NONE, bcast, 2, 0, NULL, 0, NULL, 0);
461
wpa_drv_set_key(wpa_s, WPA_ALG_NONE, bcast, 3, 0, NULL, 0, NULL, 0);
462
#ifdef CONFIG_IEEE80211W
463
wpa_drv_set_key(wpa_s, WPA_ALG_NONE, bcast, 4, 0, NULL, 0, NULL, 0);
464
wpa_drv_set_key(wpa_s, WPA_ALG_NONE, bcast, 5, 0, NULL, 0, NULL, 0);
465
#endif /* CONFIG_IEEE80211W */
467
wpa_drv_set_key(wpa_s, WPA_ALG_NONE, addr, 0, 0, NULL, 0, NULL,
469
/* MLME-SETPROTECTION.request(None) */
470
wpa_drv_mlme_setprotection(
472
MLME_SETPROTECTION_PROTECT_TYPE_NONE,
473
MLME_SETPROTECTION_KEY_TYPE_PAIRWISE);
475
wpa_s->keys_cleared = 1;
480
* wpa_supplicant_state_txt - Get the connection state name as a text string
481
* @state: State (wpa_state; WPA_*)
482
* Returns: The state name as a printable text string
484
const char * wpa_supplicant_state_txt(enum wpa_states state)
487
case WPA_DISCONNECTED:
488
return "DISCONNECTED";
493
case WPA_AUTHENTICATING:
494
return "AUTHENTICATING";
495
case WPA_ASSOCIATING:
496
return "ASSOCIATING";
499
case WPA_4WAY_HANDSHAKE:
500
return "4WAY_HANDSHAKE";
501
case WPA_GROUP_HANDSHAKE:
502
return "GROUP_HANDSHAKE";
512
* wpa_supplicant_set_state - Set current connection state
513
* @wpa_s: Pointer to wpa_supplicant data
514
* @state: The new connection state
516
* This function is called whenever the connection state changes, e.g.,
517
* association is completed for WPA/WPA2 4-Way Handshake is started.
519
void wpa_supplicant_set_state(struct wpa_supplicant *wpa_s,
520
enum wpa_states state)
522
enum wpa_states old_state = wpa_s->wpa_state;
524
wpa_printf(MSG_DEBUG, "State: %s -> %s",
525
wpa_supplicant_state_txt(wpa_s->wpa_state),
526
wpa_supplicant_state_txt(state));
528
if (state != WPA_SCANNING)
529
wpa_supplicant_notify_scanning(wpa_s, 0);
531
if (state == WPA_COMPLETED && wpa_s->new_connection) {
532
#if defined(CONFIG_CTRL_IFACE) || !defined(CONFIG_NO_STDOUT_DEBUG)
533
struct wpa_ssid *ssid = wpa_s->current_ssid;
534
wpa_msg(wpa_s, MSG_INFO, WPA_EVENT_CONNECTED "- Connection to "
535
MACSTR " completed %s [id=%d id_str=%s]",
536
MAC2STR(wpa_s->bssid), wpa_s->reassociated_connection ?
537
"(reauth)" : "(auth)",
538
ssid ? ssid->id : -1,
539
ssid && ssid->id_str ? ssid->id_str : "");
540
#endif /* CONFIG_CTRL_IFACE || !CONFIG_NO_STDOUT_DEBUG */
541
wpa_s->new_connection = 0;
542
wpa_s->reassociated_connection = 1;
543
wpa_drv_set_operstate(wpa_s, 1);
544
wpa_s->after_wps = 0;
545
} else if (state == WPA_DISCONNECTED || state == WPA_ASSOCIATING ||
546
state == WPA_ASSOCIATED) {
547
wpa_s->new_connection = 1;
548
wpa_drv_set_operstate(wpa_s, 0);
550
wpa_s->wpa_state = state;
552
if (wpa_s->wpa_state != old_state)
553
wpas_notify_state_changed(wpa_s, wpa_s->wpa_state, old_state);
557
void wpa_supplicant_terminate_proc(struct wpa_global *global)
561
struct wpa_supplicant *wpa_s = global->ifaces;
563
if (wpas_wps_terminate_pending(wpa_s) == 1)
567
#endif /* CONFIG_WPS */
574
static void wpa_supplicant_terminate(int sig, void *signal_ctx)
576
struct wpa_global *global = signal_ctx;
577
struct wpa_supplicant *wpa_s;
578
for (wpa_s = global->ifaces; wpa_s; wpa_s = wpa_s->next) {
579
wpa_msg(wpa_s, MSG_INFO, WPA_EVENT_TERMINATING "- signal %d "
582
wpa_supplicant_terminate_proc(global);
586
static void wpa_supplicant_clear_status(struct wpa_supplicant *wpa_s)
588
enum wpa_states old_state = wpa_s->wpa_state;
590
wpa_s->pairwise_cipher = 0;
591
wpa_s->group_cipher = 0;
592
wpa_s->mgmt_group_cipher = 0;
594
wpa_s->wpa_state = WPA_DISCONNECTED;
596
if (wpa_s->wpa_state != old_state)
597
wpas_notify_state_changed(wpa_s, wpa_s->wpa_state, old_state);
602
* wpa_supplicant_reload_configuration - Reload configuration data
603
* @wpa_s: Pointer to wpa_supplicant data
604
* Returns: 0 on success or -1 if configuration parsing failed
606
* This function can be used to request that the configuration data is reloaded
607
* (e.g., after configuration file change). This function is reloading
608
* configuration only for one interface, so this may need to be called multiple
609
* times if %wpa_supplicant is controlling multiple interfaces and all
610
* interfaces need reconfiguration.
612
int wpa_supplicant_reload_configuration(struct wpa_supplicant *wpa_s)
614
struct wpa_config *conf;
615
struct wpa_ssid *old_ssid;
619
if (wpa_s->confname == NULL)
621
conf = wpa_config_read(wpa_s->confname);
623
wpa_msg(wpa_s, MSG_ERROR, "Failed to parse the configuration "
624
"file '%s' - exiting", wpa_s->confname);
628
reconf_ctrl = !!conf->ctrl_interface != !!wpa_s->conf->ctrl_interface
629
|| (conf->ctrl_interface && wpa_s->conf->ctrl_interface &&
630
os_strcmp(conf->ctrl_interface,
631
wpa_s->conf->ctrl_interface) != 0);
633
if (reconf_ctrl && wpa_s->ctrl_iface) {
634
wpa_supplicant_ctrl_iface_deinit(wpa_s->ctrl_iface);
635
wpa_s->ctrl_iface = NULL;
638
eapol_sm_invalidate_cached_session(wpa_s->eapol);
639
old_ssid = wpa_s->current_ssid;
640
wpa_s->current_ssid = NULL;
641
if (old_ssid != wpa_s->current_ssid)
642
wpas_notify_network_changed(wpa_s);
645
* TODO: should notify EAPOL SM about changes in opensc_engine_path,
646
* pkcs11_engine_path, pkcs11_module_path.
648
if (wpa_key_mgmt_wpa_psk(wpa_s->key_mgmt)) {
650
* Clear forced success to clear EAP state for next
653
eapol_sm_notify_eap_success(wpa_s->eapol, FALSE);
655
eapol_sm_notify_config(wpa_s->eapol, NULL, NULL);
656
wpa_sm_set_config(wpa_s->wpa, NULL);
657
wpa_sm_pmksa_cache_flush(wpa_s->wpa, NULL);
658
wpa_sm_set_fast_reauth(wpa_s->wpa, wpa_s->conf->fast_reauth);
659
rsn_preauth_deinit(wpa_s->wpa);
661
old_ap_scan = wpa_s->conf->ap_scan;
662
wpa_config_free(wpa_s->conf);
664
if (old_ap_scan != wpa_s->conf->ap_scan)
665
wpas_notify_ap_scan_changed(wpa_s);
668
wpa_s->ctrl_iface = wpa_supplicant_ctrl_iface_init(wpa_s);
670
wpa_supplicant_clear_status(wpa_s);
671
wpa_s->reassociate = 1;
672
wpa_supplicant_req_scan(wpa_s, 0, 0);
673
wpa_msg(wpa_s, MSG_DEBUG, "Reconfiguration completed");
678
static void wpa_supplicant_reconfig(int sig, void *signal_ctx)
680
struct wpa_global *global = signal_ctx;
681
struct wpa_supplicant *wpa_s;
682
wpa_printf(MSG_DEBUG, "Signal %d received - reconfiguring", sig);
683
for (wpa_s = global->ifaces; wpa_s; wpa_s = wpa_s->next) {
684
if (wpa_supplicant_reload_configuration(wpa_s) < 0) {
685
wpa_supplicant_terminate_proc(global);
691
enum wpa_cipher cipher_suite2driver(int cipher)
694
case WPA_CIPHER_NONE:
696
case WPA_CIPHER_WEP40:
698
case WPA_CIPHER_WEP104:
699
return CIPHER_WEP104;
700
case WPA_CIPHER_CCMP:
702
case WPA_CIPHER_TKIP:
709
enum wpa_key_mgmt key_mgmt2driver(int key_mgmt)
712
case WPA_KEY_MGMT_NONE:
713
return KEY_MGMT_NONE;
714
case WPA_KEY_MGMT_IEEE8021X_NO_WPA:
715
return KEY_MGMT_802_1X_NO_WPA;
716
case WPA_KEY_MGMT_IEEE8021X:
717
return KEY_MGMT_802_1X;
718
case WPA_KEY_MGMT_WPA_NONE:
719
return KEY_MGMT_WPA_NONE;
720
case WPA_KEY_MGMT_FT_IEEE8021X:
721
return KEY_MGMT_FT_802_1X;
722
case WPA_KEY_MGMT_FT_PSK:
723
return KEY_MGMT_FT_PSK;
724
case WPA_KEY_MGMT_IEEE8021X_SHA256:
725
return KEY_MGMT_802_1X_SHA256;
726
case WPA_KEY_MGMT_PSK_SHA256:
727
return KEY_MGMT_PSK_SHA256;
728
case WPA_KEY_MGMT_WPS:
730
case WPA_KEY_MGMT_PSK:
737
static int wpa_supplicant_suites_from_ai(struct wpa_supplicant *wpa_s,
738
struct wpa_ssid *ssid,
739
struct wpa_ie_data *ie)
741
int ret = wpa_sm_parse_own_wpa_ie(wpa_s->wpa, ie);
744
wpa_msg(wpa_s, MSG_INFO, "WPA: Failed to parse WPA IE "
745
"from association info");
750
wpa_printf(MSG_DEBUG, "WPA: Using WPA IE from AssocReq to set cipher "
752
if (!(ie->group_cipher & ssid->group_cipher)) {
753
wpa_msg(wpa_s, MSG_INFO, "WPA: Driver used disabled group "
754
"cipher 0x%x (mask 0x%x) - reject",
755
ie->group_cipher, ssid->group_cipher);
758
if (!(ie->pairwise_cipher & ssid->pairwise_cipher)) {
759
wpa_msg(wpa_s, MSG_INFO, "WPA: Driver used disabled pairwise "
760
"cipher 0x%x (mask 0x%x) - reject",
761
ie->pairwise_cipher, ssid->pairwise_cipher);
764
if (!(ie->key_mgmt & ssid->key_mgmt)) {
765
wpa_msg(wpa_s, MSG_INFO, "WPA: Driver used disabled key "
766
"management 0x%x (mask 0x%x) - reject",
767
ie->key_mgmt, ssid->key_mgmt);
771
#ifdef CONFIG_IEEE80211W
772
if (!(ie->capabilities & WPA_CAPABILITY_MFPC) &&
773
ssid->ieee80211w == MGMT_FRAME_PROTECTION_REQUIRED) {
774
wpa_msg(wpa_s, MSG_INFO, "WPA: Driver associated with an AP "
775
"that does not support management frame protection - "
779
#endif /* CONFIG_IEEE80211W */
786
* wpa_supplicant_set_suites - Set authentication and encryption parameters
787
* @wpa_s: Pointer to wpa_supplicant data
788
* @bss: Scan results for the selected BSS, or %NULL if not available
789
* @ssid: Configuration data for the selected network
790
* @wpa_ie: Buffer for the WPA/RSN IE
791
* @wpa_ie_len: Maximum wpa_ie buffer size on input. This is changed to be the
792
* used buffer length in case the functions returns success.
793
* Returns: 0 on success or -1 on failure
795
* This function is used to configure authentication and encryption parameters
796
* based on the network configuration and scan result for the selected BSS (if
799
int wpa_supplicant_set_suites(struct wpa_supplicant *wpa_s,
800
struct wpa_bss *bss, struct wpa_ssid *ssid,
801
u8 *wpa_ie, size_t *wpa_ie_len)
803
struct wpa_ie_data ie;
805
const u8 *bss_wpa, *bss_rsn;
808
bss_wpa = wpa_bss_get_vendor_ie(bss, WPA_IE_VENDOR_TYPE);
809
bss_rsn = wpa_bss_get_ie(bss, WLAN_EID_RSN);
811
bss_wpa = bss_rsn = NULL;
813
if (bss_rsn && (ssid->proto & WPA_PROTO_RSN) &&
814
wpa_parse_wpa_ie(bss_rsn, 2 + bss_rsn[1], &ie) == 0 &&
815
(ie.group_cipher & ssid->group_cipher) &&
816
(ie.pairwise_cipher & ssid->pairwise_cipher) &&
817
(ie.key_mgmt & ssid->key_mgmt)) {
818
wpa_msg(wpa_s, MSG_DEBUG, "RSN: using IEEE 802.11i/D9.0");
819
proto = WPA_PROTO_RSN;
820
} else if (bss_wpa && (ssid->proto & WPA_PROTO_WPA) &&
821
wpa_parse_wpa_ie(bss_wpa, 2 +bss_wpa[1], &ie) == 0 &&
822
(ie.group_cipher & ssid->group_cipher) &&
823
(ie.pairwise_cipher & ssid->pairwise_cipher) &&
824
(ie.key_mgmt & ssid->key_mgmt)) {
825
wpa_msg(wpa_s, MSG_DEBUG, "WPA: using IEEE 802.11i/D3.0");
826
proto = WPA_PROTO_WPA;
828
wpa_msg(wpa_s, MSG_WARNING, "WPA: Failed to select WPA/RSN");
831
if (ssid->proto & WPA_PROTO_RSN)
832
proto = WPA_PROTO_RSN;
834
proto = WPA_PROTO_WPA;
835
if (wpa_supplicant_suites_from_ai(wpa_s, ssid, &ie) < 0) {
836
os_memset(&ie, 0, sizeof(ie));
837
ie.group_cipher = ssid->group_cipher;
838
ie.pairwise_cipher = ssid->pairwise_cipher;
839
ie.key_mgmt = ssid->key_mgmt;
840
#ifdef CONFIG_IEEE80211W
841
ie.mgmt_group_cipher =
842
ssid->ieee80211w != NO_MGMT_FRAME_PROTECTION ?
843
WPA_CIPHER_AES_128_CMAC : 0;
844
#endif /* CONFIG_IEEE80211W */
845
wpa_printf(MSG_DEBUG, "WPA: Set cipher suites based "
851
wpa_printf(MSG_DEBUG, "WPA: Selected cipher suites: group %d "
852
"pairwise %d key_mgmt %d proto %d",
853
ie.group_cipher, ie.pairwise_cipher, ie.key_mgmt, proto);
854
#ifdef CONFIG_IEEE80211W
855
if (ssid->ieee80211w) {
856
wpa_printf(MSG_DEBUG, "WPA: Selected mgmt group cipher %d",
857
ie.mgmt_group_cipher);
859
#endif /* CONFIG_IEEE80211W */
861
wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_PROTO, proto);
862
wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_RSN_ENABLED,
863
!!(ssid->proto & WPA_PROTO_RSN));
865
if (bss || !wpa_s->ap_ies_from_associnfo) {
866
if (wpa_sm_set_ap_wpa_ie(wpa_s->wpa, bss_wpa,
867
bss_wpa ? 2 + bss_wpa[1] : 0) ||
868
wpa_sm_set_ap_rsn_ie(wpa_s->wpa, bss_rsn,
869
bss_rsn ? 2 + bss_rsn[1] : 0))
873
sel = ie.group_cipher & ssid->group_cipher;
874
if (sel & WPA_CIPHER_CCMP) {
875
wpa_s->group_cipher = WPA_CIPHER_CCMP;
876
wpa_msg(wpa_s, MSG_DEBUG, "WPA: using GTK CCMP");
877
} else if (sel & WPA_CIPHER_TKIP) {
878
wpa_s->group_cipher = WPA_CIPHER_TKIP;
879
wpa_msg(wpa_s, MSG_DEBUG, "WPA: using GTK TKIP");
880
} else if (sel & WPA_CIPHER_WEP104) {
881
wpa_s->group_cipher = WPA_CIPHER_WEP104;
882
wpa_msg(wpa_s, MSG_DEBUG, "WPA: using GTK WEP104");
883
} else if (sel & WPA_CIPHER_WEP40) {
884
wpa_s->group_cipher = WPA_CIPHER_WEP40;
885
wpa_msg(wpa_s, MSG_DEBUG, "WPA: using GTK WEP40");
887
wpa_printf(MSG_WARNING, "WPA: Failed to select group cipher.");
891
sel = ie.pairwise_cipher & ssid->pairwise_cipher;
892
if (sel & WPA_CIPHER_CCMP) {
893
wpa_s->pairwise_cipher = WPA_CIPHER_CCMP;
894
wpa_msg(wpa_s, MSG_DEBUG, "WPA: using PTK CCMP");
895
} else if (sel & WPA_CIPHER_TKIP) {
896
wpa_s->pairwise_cipher = WPA_CIPHER_TKIP;
897
wpa_msg(wpa_s, MSG_DEBUG, "WPA: using PTK TKIP");
898
} else if (sel & WPA_CIPHER_NONE) {
899
wpa_s->pairwise_cipher = WPA_CIPHER_NONE;
900
wpa_msg(wpa_s, MSG_DEBUG, "WPA: using PTK NONE");
902
wpa_printf(MSG_WARNING, "WPA: Failed to select pairwise "
907
sel = ie.key_mgmt & ssid->key_mgmt;
909
#ifdef CONFIG_IEEE80211R
910
} else if (sel & WPA_KEY_MGMT_FT_IEEE8021X) {
911
wpa_s->key_mgmt = WPA_KEY_MGMT_FT_IEEE8021X;
912
wpa_msg(wpa_s, MSG_DEBUG, "WPA: using KEY_MGMT FT/802.1X");
913
} else if (sel & WPA_KEY_MGMT_FT_PSK) {
914
wpa_s->key_mgmt = WPA_KEY_MGMT_FT_PSK;
915
wpa_msg(wpa_s, MSG_DEBUG, "WPA: using KEY_MGMT FT/PSK");
916
#endif /* CONFIG_IEEE80211R */
917
#ifdef CONFIG_IEEE80211W
918
} else if (sel & WPA_KEY_MGMT_IEEE8021X_SHA256) {
919
wpa_s->key_mgmt = WPA_KEY_MGMT_IEEE8021X_SHA256;
920
wpa_msg(wpa_s, MSG_DEBUG,
921
"WPA: using KEY_MGMT 802.1X with SHA256");
922
} else if (sel & WPA_KEY_MGMT_PSK_SHA256) {
923
wpa_s->key_mgmt = WPA_KEY_MGMT_PSK_SHA256;
924
wpa_msg(wpa_s, MSG_DEBUG,
925
"WPA: using KEY_MGMT PSK with SHA256");
926
#endif /* CONFIG_IEEE80211W */
927
} else if (sel & WPA_KEY_MGMT_IEEE8021X) {
928
wpa_s->key_mgmt = WPA_KEY_MGMT_IEEE8021X;
929
wpa_msg(wpa_s, MSG_DEBUG, "WPA: using KEY_MGMT 802.1X");
930
} else if (sel & WPA_KEY_MGMT_PSK) {
931
wpa_s->key_mgmt = WPA_KEY_MGMT_PSK;
932
wpa_msg(wpa_s, MSG_DEBUG, "WPA: using KEY_MGMT WPA-PSK");
933
} else if (sel & WPA_KEY_MGMT_WPA_NONE) {
934
wpa_s->key_mgmt = WPA_KEY_MGMT_WPA_NONE;
935
wpa_msg(wpa_s, MSG_DEBUG, "WPA: using KEY_MGMT WPA-NONE");
937
wpa_printf(MSG_WARNING, "WPA: Failed to select authenticated "
938
"key management type.");
942
wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_KEY_MGMT, wpa_s->key_mgmt);
943
wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_PAIRWISE,
944
wpa_s->pairwise_cipher);
945
wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_GROUP, wpa_s->group_cipher);
947
#ifdef CONFIG_IEEE80211W
948
sel = ie.mgmt_group_cipher;
949
if (ssid->ieee80211w == NO_MGMT_FRAME_PROTECTION ||
950
!(ie.capabilities & WPA_CAPABILITY_MFPC))
952
if (sel & WPA_CIPHER_AES_128_CMAC) {
953
wpa_s->mgmt_group_cipher = WPA_CIPHER_AES_128_CMAC;
954
wpa_msg(wpa_s, MSG_DEBUG, "WPA: using MGMT group cipher "
957
wpa_s->mgmt_group_cipher = 0;
958
wpa_msg(wpa_s, MSG_DEBUG, "WPA: not using MGMT group cipher");
960
wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_MGMT_GROUP,
961
wpa_s->mgmt_group_cipher);
962
wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_MFP, ssid->ieee80211w);
963
#endif /* CONFIG_IEEE80211W */
965
if (wpa_sm_set_assoc_wpa_ie_default(wpa_s->wpa, wpa_ie, wpa_ie_len)) {
966
wpa_printf(MSG_WARNING, "WPA: Failed to generate WPA IE.");
971
(WPA_KEY_MGMT_PSK | WPA_KEY_MGMT_FT_PSK | WPA_KEY_MGMT_PSK_SHA256))
972
wpa_sm_set_pmk(wpa_s->wpa, ssid->psk, PMK_LEN);
974
wpa_sm_set_pmk_from_pmksa(wpa_s->wpa);
981
* wpa_supplicant_associate - Request association
982
* @wpa_s: Pointer to wpa_supplicant data
983
* @bss: Scan results for the selected BSS, or %NULL if not available
984
* @ssid: Configuration data for the selected network
986
* This function is used to request %wpa_supplicant to associate with a BSS.
988
void wpa_supplicant_associate(struct wpa_supplicant *wpa_s,
989
struct wpa_bss *bss, struct wpa_ssid *ssid)
993
int use_crypt, ret, i, bssid_changed;
994
int algs = WPA_AUTH_ALG_OPEN;
995
enum wpa_cipher cipher_pairwise, cipher_group;
996
struct wpa_driver_associate_params params;
997
int wep_keys_set = 0;
998
struct wpa_driver_capa capa;
999
int assoc_failed = 0;
1000
struct wpa_ssid *old_ssid;
1002
if (ssid->mode == WPAS_MODE_AP) {
1004
if (!(wpa_s->drv_flags & WPA_DRIVER_FLAGS_AP)) {
1005
wpa_printf(MSG_INFO, "Driver does not support AP "
1009
wpa_supplicant_create_ap(wpa_s, ssid);
1010
wpa_s->current_bss = bss;
1011
#else /* CONFIG_AP */
1012
wpa_printf(MSG_ERROR, "AP mode support not included in the "
1014
#endif /* CONFIG_AP */
1018
if ((wpa_s->drv_flags & WPA_DRIVER_FLAGS_SME) &&
1019
ssid->mode == IEEE80211_MODE_INFRA) {
1020
sme_authenticate(wpa_s, bss, ssid);
1024
wpa_s->reassociate = 0;
1026
#ifdef CONFIG_IEEE80211R
1027
const u8 *ie, *md = NULL;
1028
#endif /* CONFIG_IEEE80211R */
1029
wpa_msg(wpa_s, MSG_INFO, "Trying to associate with " MACSTR
1030
" (SSID='%s' freq=%d MHz)", MAC2STR(bss->bssid),
1031
wpa_ssid_txt(bss->ssid, bss->ssid_len), bss->freq);
1032
bssid_changed = !is_zero_ether_addr(wpa_s->bssid);
1033
os_memset(wpa_s->bssid, 0, ETH_ALEN);
1034
os_memcpy(wpa_s->pending_bssid, bss->bssid, ETH_ALEN);
1036
wpas_notify_bssid_changed(wpa_s);
1037
#ifdef CONFIG_IEEE80211R
1038
ie = wpa_bss_get_ie(bss, WLAN_EID_MOBILITY_DOMAIN);
1039
if (ie && ie[1] >= MOBILITY_DOMAIN_ID_LEN)
1041
wpa_sm_set_ft_params(wpa_s->wpa, ie, ie ? 2 + ie[1] : 0);
1043
/* Prepare for the next transition */
1044
wpa_ft_prepare_auth_request(wpa_s->wpa, ie);
1046
#endif /* CONFIG_IEEE80211R */
1048
} else if ((ssid->ssid == NULL || ssid->ssid_len == 0) &&
1049
wpa_s->conf->ap_scan == 2 &&
1050
(ssid->key_mgmt & WPA_KEY_MGMT_WPS)) {
1051
/* Use ap_scan==1 style network selection to find the network
1053
wpa_s->scan_req = 2;
1054
wpa_s->reassociate = 1;
1055
wpa_supplicant_req_scan(wpa_s, 0, 0);
1057
#endif /* CONFIG_WPS */
1059
wpa_msg(wpa_s, MSG_INFO, "Trying to associate with SSID '%s'",
1060
wpa_ssid_txt(ssid->ssid, ssid->ssid_len));
1061
os_memset(wpa_s->pending_bssid, 0, ETH_ALEN);
1063
wpa_supplicant_cancel_scan(wpa_s);
1065
/* Starting new association, so clear the possibly used WPA IE from the
1066
* previous association. */
1067
wpa_sm_set_assoc_wpa_ie(wpa_s->wpa, NULL, 0);
1069
#ifdef IEEE8021X_EAPOL
1070
if (ssid->key_mgmt & WPA_KEY_MGMT_IEEE8021X_NO_WPA) {
1072
if (ssid->non_leap == 0)
1073
algs = WPA_AUTH_ALG_LEAP;
1075
algs |= WPA_AUTH_ALG_LEAP;
1078
#endif /* IEEE8021X_EAPOL */
1079
wpa_printf(MSG_DEBUG, "Automatic auth_alg selection: 0x%x", algs);
1080
if (ssid->auth_alg) {
1081
algs = ssid->auth_alg;
1082
wpa_printf(MSG_DEBUG, "Overriding auth_alg selection: 0x%x",
1086
if (bss && (wpa_bss_get_vendor_ie(bss, WPA_IE_VENDOR_TYPE) ||
1087
wpa_bss_get_ie(bss, WLAN_EID_RSN)) &&
1088
(ssid->key_mgmt & (WPA_KEY_MGMT_IEEE8021X | WPA_KEY_MGMT_PSK |
1089
WPA_KEY_MGMT_FT_IEEE8021X |
1090
WPA_KEY_MGMT_FT_PSK |
1091
WPA_KEY_MGMT_IEEE8021X_SHA256 |
1092
WPA_KEY_MGMT_PSK_SHA256))) {
1093
int try_opportunistic;
1094
try_opportunistic = ssid->proactive_key_caching &&
1095
(ssid->proto & WPA_PROTO_RSN);
1096
if (pmksa_cache_set_current(wpa_s->wpa, NULL, bss->bssid,
1097
wpa_s->current_ssid,
1098
try_opportunistic) == 0)
1099
eapol_sm_notify_pmkid_attempt(wpa_s->eapol, 1);
1100
wpa_ie_len = sizeof(wpa_ie);
1101
if (wpa_supplicant_set_suites(wpa_s, bss, ssid,
1102
wpa_ie, &wpa_ie_len)) {
1103
wpa_printf(MSG_WARNING, "WPA: Failed to set WPA key "
1104
"management and encryption suites");
1107
} else if (ssid->key_mgmt &
1108
(WPA_KEY_MGMT_PSK | WPA_KEY_MGMT_IEEE8021X |
1109
WPA_KEY_MGMT_WPA_NONE | WPA_KEY_MGMT_FT_PSK |
1110
WPA_KEY_MGMT_FT_IEEE8021X | WPA_KEY_MGMT_PSK_SHA256 |
1111
WPA_KEY_MGMT_IEEE8021X_SHA256)) {
1112
wpa_ie_len = sizeof(wpa_ie);
1113
if (wpa_supplicant_set_suites(wpa_s, NULL, ssid,
1114
wpa_ie, &wpa_ie_len)) {
1115
wpa_printf(MSG_WARNING, "WPA: Failed to set WPA key "
1116
"management and encryption suites (no scan "
1121
} else if (ssid->key_mgmt & WPA_KEY_MGMT_WPS) {
1122
struct wpabuf *wps_ie;
1123
wps_ie = wps_build_assoc_req_ie(wpas_wps_get_req_type(ssid));
1124
if (wps_ie && wpabuf_len(wps_ie) <= sizeof(wpa_ie)) {
1125
wpa_ie_len = wpabuf_len(wps_ie);
1126
os_memcpy(wpa_ie, wpabuf_head(wps_ie), wpa_ie_len);
1129
wpabuf_free(wps_ie);
1130
wpa_supplicant_set_non_wpa_policy(wpa_s, ssid);
1131
#endif /* CONFIG_WPS */
1133
wpa_supplicant_set_non_wpa_policy(wpa_s, ssid);
1137
wpa_clear_keys(wpa_s, bss ? bss->bssid : NULL);
1139
cipher_pairwise = cipher_suite2driver(wpa_s->pairwise_cipher);
1140
cipher_group = cipher_suite2driver(wpa_s->group_cipher);
1141
if (wpa_s->key_mgmt == WPA_KEY_MGMT_NONE ||
1142
wpa_s->key_mgmt == WPA_KEY_MGMT_IEEE8021X_NO_WPA) {
1143
if (wpa_s->key_mgmt == WPA_KEY_MGMT_NONE)
1145
if (wpa_set_wep_keys(wpa_s, ssid)) {
1150
if (wpa_s->key_mgmt == WPA_KEY_MGMT_WPS)
1153
#ifdef IEEE8021X_EAPOL
1154
if (wpa_s->key_mgmt == WPA_KEY_MGMT_IEEE8021X_NO_WPA) {
1155
if ((ssid->eapol_flags &
1156
(EAPOL_FLAG_REQUIRE_KEY_UNICAST |
1157
EAPOL_FLAG_REQUIRE_KEY_BROADCAST)) == 0 &&
1161
/* Assume that dynamic WEP-104 keys will be used and
1162
* set cipher suites in order for drivers to expect
1164
cipher_pairwise = cipher_group = CIPHER_WEP104;
1167
#endif /* IEEE8021X_EAPOL */
1169
if (wpa_s->key_mgmt == WPA_KEY_MGMT_WPA_NONE) {
1170
/* Set the key before (and later after) association */
1171
wpa_supplicant_set_wpa_none_key(wpa_s, ssid);
1174
wpa_supplicant_set_state(wpa_s, WPA_ASSOCIATING);
1175
os_memset(¶ms, 0, sizeof(params));
1177
params.bssid = bss->bssid;
1178
params.ssid = bss->ssid;
1179
params.ssid_len = bss->ssid_len;
1180
params.freq = bss->freq;
1182
params.ssid = ssid->ssid;
1183
params.ssid_len = ssid->ssid_len;
1185
if (ssid->mode == WPAS_MODE_IBSS && ssid->frequency > 0 &&
1187
params.freq = ssid->frequency; /* Initial channel for IBSS */
1188
params.wpa_ie = wpa_ie;
1189
params.wpa_ie_len = wpa_ie_len;
1190
params.pairwise_suite = cipher_pairwise;
1191
params.group_suite = cipher_group;
1192
params.key_mgmt_suite = key_mgmt2driver(wpa_s->key_mgmt);
1193
params.auth_alg = algs;
1194
params.mode = ssid->mode;
1195
for (i = 0; i < NUM_WEP_KEYS; i++) {
1196
if (ssid->wep_key_len[i])
1197
params.wep_key[i] = ssid->wep_key[i];
1198
params.wep_key_len[i] = ssid->wep_key_len[i];
1200
params.wep_tx_keyidx = ssid->wep_tx_keyidx;
1202
if ((wpa_s->drv_flags & WPA_DRIVER_FLAGS_4WAY_HANDSHAKE) &&
1203
(params.key_mgmt_suite == KEY_MGMT_PSK ||
1204
params.key_mgmt_suite == KEY_MGMT_FT_PSK)) {
1205
params.passphrase = ssid->passphrase;
1207
params.psk = ssid->psk;
1210
params.drop_unencrypted = use_crypt;
1212
#ifdef CONFIG_IEEE80211W
1213
params.mgmt_frame_protection = ssid->ieee80211w;
1214
if (ssid->ieee80211w != NO_MGMT_FRAME_PROTECTION && bss) {
1215
const u8 *rsn = wpa_bss_get_ie(bss, WLAN_EID_RSN);
1216
struct wpa_ie_data ie;
1217
if (rsn && wpa_parse_wpa_ie(rsn, 2 + rsn[1], &ie) == 0 &&
1219
(WPA_CAPABILITY_MFPC | WPA_CAPABILITY_MFPR)) {
1220
wpa_printf(MSG_DEBUG, "WPA: Selected AP supports MFP: "
1222
params.mgmt_frame_protection =
1223
MGMT_FRAME_PROTECTION_REQUIRED;
1226
#endif /* CONFIG_IEEE80211W */
1228
if (wpa_s->drv_flags & WPA_DRIVER_FLAGS_USER_SPACE_MLME)
1229
ret = ieee80211_sta_associate(wpa_s, ¶ms);
1231
ret = wpa_drv_associate(wpa_s, ¶ms);
1233
wpa_msg(wpa_s, MSG_INFO, "Association request to the driver "
1235
/* try to continue anyway; new association will be tried again
1240
if (wpa_s->key_mgmt == WPA_KEY_MGMT_WPA_NONE) {
1241
/* Set the key after the association just in case association
1242
* cleared the previously configured key. */
1243
wpa_supplicant_set_wpa_none_key(wpa_s, ssid);
1244
/* No need to timeout authentication since there is no key
1246
wpa_supplicant_cancel_auth_timeout(wpa_s);
1247
wpa_supplicant_set_state(wpa_s, WPA_COMPLETED);
1248
#ifdef CONFIG_IBSS_RSN
1249
} else if (ssid->mode == WPAS_MODE_IBSS &&
1250
wpa_s->key_mgmt != WPA_KEY_MGMT_NONE &&
1251
wpa_s->key_mgmt != WPA_KEY_MGMT_WPA_NONE) {
1252
ibss_rsn_set_psk(wpa_s->ibss_rsn, ssid->psk);
1254
* RSN IBSS authentication is per-STA and we can disable the
1255
* per-BSSID authentication.
1257
wpa_supplicant_cancel_auth_timeout(wpa_s);
1258
#endif /* CONFIG_IBSS_RSN */
1260
/* Timeout for IEEE 802.11 authentication and association */
1264
/* give IBSS a bit more time */
1265
timeout = ssid->mode == WPAS_MODE_IBSS ? 10 : 5;
1266
} else if (wpa_s->conf->ap_scan == 1) {
1267
/* give IBSS a bit more time */
1268
timeout = ssid->mode == WPAS_MODE_IBSS ? 20 : 10;
1270
wpa_supplicant_req_auth_timeout(wpa_s, timeout, 0);
1273
if (wep_keys_set && wpa_drv_get_capa(wpa_s, &capa) == 0 &&
1274
capa.flags & WPA_DRIVER_FLAGS_SET_KEYS_AFTER_ASSOC) {
1275
/* Set static WEP keys again */
1276
wpa_set_wep_keys(wpa_s, ssid);
1279
if (wpa_s->current_ssid && wpa_s->current_ssid != ssid) {
1281
* Do not allow EAP session resumption between different
1282
* network configurations.
1284
eapol_sm_invalidate_cached_session(wpa_s->eapol);
1286
old_ssid = wpa_s->current_ssid;
1287
wpa_s->current_ssid = ssid;
1288
wpa_s->current_bss = bss;
1289
wpa_supplicant_rsn_supp_set_config(wpa_s, wpa_s->current_ssid);
1290
wpa_supplicant_initiate_eapol(wpa_s);
1291
if (old_ssid != wpa_s->current_ssid)
1292
wpas_notify_network_changed(wpa_s);
1297
* wpa_supplicant_disassociate - Disassociate the current connection
1298
* @wpa_s: Pointer to wpa_supplicant data
1299
* @reason_code: IEEE 802.11 reason code for the disassociate frame
1301
* This function is used to request %wpa_supplicant to disassociate with the
1304
void wpa_supplicant_disassociate(struct wpa_supplicant *wpa_s,
1307
struct wpa_ssid *old_ssid;
1310
if (!is_zero_ether_addr(wpa_s->bssid)) {
1311
if (wpa_s->drv_flags & WPA_DRIVER_FLAGS_USER_SPACE_MLME)
1312
ieee80211_sta_disassociate(wpa_s, reason_code);
1314
wpa_drv_disassociate(wpa_s, wpa_s->bssid, reason_code);
1315
addr = wpa_s->bssid;
1317
wpa_clear_keys(wpa_s, addr);
1318
wpa_supplicant_mark_disassoc(wpa_s);
1319
old_ssid = wpa_s->current_ssid;
1320
wpa_s->current_ssid = NULL;
1321
wpa_s->current_bss = NULL;
1322
wpa_sm_set_config(wpa_s->wpa, NULL);
1323
eapol_sm_notify_config(wpa_s->eapol, NULL, NULL);
1324
if (old_ssid != wpa_s->current_ssid)
1325
wpas_notify_network_changed(wpa_s);
1326
eloop_cancel_timeout(wpa_supplicant_timeout, wpa_s, NULL);
1331
* wpa_supplicant_deauthenticate - Deauthenticate the current connection
1332
* @wpa_s: Pointer to wpa_supplicant data
1333
* @reason_code: IEEE 802.11 reason code for the deauthenticate frame
1335
* This function is used to request %wpa_supplicant to deauthenticate from the
1338
void wpa_supplicant_deauthenticate(struct wpa_supplicant *wpa_s,
1341
struct wpa_ssid *old_ssid;
1344
if (!is_zero_ether_addr(wpa_s->bssid)) {
1345
if (wpa_s->drv_flags & WPA_DRIVER_FLAGS_USER_SPACE_MLME)
1346
ieee80211_sta_deauthenticate(wpa_s, reason_code);
1348
wpa_drv_deauthenticate(wpa_s, wpa_s->bssid,
1350
addr = wpa_s->bssid;
1352
wpa_clear_keys(wpa_s, addr);
1353
wpa_supplicant_mark_disassoc(wpa_s);
1354
old_ssid = wpa_s->current_ssid;
1355
wpa_s->current_ssid = NULL;
1356
wpa_s->current_bss = NULL;
1357
wpa_sm_set_config(wpa_s->wpa, NULL);
1358
eapol_sm_notify_config(wpa_s->eapol, NULL, NULL);
1359
if (old_ssid != wpa_s->current_ssid)
1360
wpas_notify_network_changed(wpa_s);
1361
eloop_cancel_timeout(wpa_supplicant_timeout, wpa_s, NULL);
1366
* wpa_supplicant_enable_network - Mark a configured network as enabled
1367
* @wpa_s: wpa_supplicant structure for a network interface
1368
* @ssid: wpa_ssid structure for a configured network or %NULL
1370
* Enables the specified network or all networks if no network specified.
1372
void wpa_supplicant_enable_network(struct wpa_supplicant *wpa_s,
1373
struct wpa_ssid *ssid)
1375
struct wpa_ssid *other_ssid;
1379
other_ssid = wpa_s->conf->ssid;
1380
while (other_ssid) {
1381
if (other_ssid == wpa_s->current_ssid &&
1382
other_ssid->disabled)
1383
wpa_s->reassociate = 1;
1385
was_disabled = other_ssid->disabled;
1387
other_ssid->disabled = 0;
1389
if (was_disabled != other_ssid->disabled)
1390
wpas_notify_network_enabled_changed(
1393
other_ssid = other_ssid->next;
1395
if (wpa_s->reassociate)
1396
wpa_supplicant_req_scan(wpa_s, 0, 0);
1397
} else if (ssid->disabled) {
1398
if (wpa_s->current_ssid == NULL) {
1400
* Try to reassociate since there is no current
1401
* configuration and a new network was made available.
1403
wpa_s->reassociate = 1;
1404
wpa_supplicant_req_scan(wpa_s, 0, 0);
1407
was_disabled = ssid->disabled;
1411
if (was_disabled != ssid->disabled)
1412
wpas_notify_network_enabled_changed(wpa_s, ssid);
1418
* wpa_supplicant_disable_network - Mark a configured network as disabled
1419
* @wpa_s: wpa_supplicant structure for a network interface
1420
* @ssid: wpa_ssid structure for a configured network or %NULL
1422
* Disables the specified network or all networks if no network specified.
1424
void wpa_supplicant_disable_network(struct wpa_supplicant *wpa_s,
1425
struct wpa_ssid *ssid)
1427
struct wpa_ssid *other_ssid;
1431
other_ssid = wpa_s->conf->ssid;
1432
while (other_ssid) {
1433
was_disabled = other_ssid->disabled;
1435
other_ssid->disabled = 1;
1437
if (was_disabled != other_ssid->disabled)
1438
wpas_notify_network_enabled_changed(
1441
other_ssid = other_ssid->next;
1443
if (wpa_s->current_ssid)
1444
wpa_supplicant_disassociate(
1445
wpa_s, WLAN_REASON_DEAUTH_LEAVING);
1447
if (ssid == wpa_s->current_ssid)
1448
wpa_supplicant_disassociate(
1449
wpa_s, WLAN_REASON_DEAUTH_LEAVING);
1451
was_disabled = ssid->disabled;
1455
if (was_disabled != ssid->disabled)
1456
wpas_notify_network_enabled_changed(wpa_s, ssid);
1462
* wpa_supplicant_select_network - Attempt association with a network
1463
* @wpa_s: wpa_supplicant structure for a network interface
1464
* @ssid: wpa_ssid structure for a configured network or %NULL for any network
1466
void wpa_supplicant_select_network(struct wpa_supplicant *wpa_s,
1467
struct wpa_ssid *ssid)
1470
struct wpa_ssid *other_ssid;
1472
if (ssid && ssid != wpa_s->current_ssid && wpa_s->current_ssid)
1473
wpa_supplicant_disassociate(
1474
wpa_s, WLAN_REASON_DEAUTH_LEAVING);
1477
* Mark all other networks disabled or mark all networks enabled if no
1478
* network specified.
1480
other_ssid = wpa_s->conf->ssid;
1481
while (other_ssid) {
1482
int was_disabled = other_ssid->disabled;
1484
other_ssid->disabled = ssid ? (ssid->id != other_ssid->id) : 0;
1486
if (was_disabled != other_ssid->disabled)
1487
wpas_notify_network_enabled_changed(wpa_s, other_ssid);
1489
other_ssid = other_ssid->next;
1491
wpa_s->disconnected = 0;
1492
wpa_s->reassociate = 1;
1493
wpa_supplicant_req_scan(wpa_s, 0, 0);
1496
wpas_notify_network_selected(wpa_s, ssid);
1501
* wpa_supplicant_set_ap_scan - Set AP scan mode for interface
1502
* @wpa_s: wpa_supplicant structure for a network interface
1503
* @ap_scan: AP scan mode
1504
* Returns: 0 if succeed or -1 if ap_scan has an invalid value
1507
int wpa_supplicant_set_ap_scan(struct wpa_supplicant *wpa_s, int ap_scan)
1512
if (ap_scan < 0 || ap_scan > 2)
1515
old_ap_scan = wpa_s->conf->ap_scan;
1516
wpa_s->conf->ap_scan = ap_scan;
1518
if (old_ap_scan != wpa_s->conf->ap_scan)
1519
wpas_notify_ap_scan_changed(wpa_s);
1526
* wpa_supplicant_set_debug_params - Set global debug params
1527
* @global: wpa_global structure
1528
* @debug_level: debug level
1529
* @debug_timestamp: determines if show timestamp in debug data
1530
* @debug_show_keys: determines if show keys in debug data
1531
* Returns: 0 if succeed or -1 if debug_level has wrong value
1533
int wpa_supplicant_set_debug_params(struct wpa_global *global, int debug_level,
1534
int debug_timestamp, int debug_show_keys)
1537
int old_level, old_timestamp, old_show_keys;
1539
/* check for allowed debuglevels */
1540
if (debug_level != MSG_MSGDUMP &&
1541
debug_level != MSG_DEBUG &&
1542
debug_level != MSG_INFO &&
1543
debug_level != MSG_WARNING &&
1544
debug_level != MSG_ERROR)
1547
old_level = wpa_debug_level;
1548
old_timestamp = wpa_debug_timestamp;
1549
old_show_keys = wpa_debug_show_keys;
1551
wpa_debug_level = debug_level;
1552
wpa_debug_timestamp = debug_timestamp ? 1 : 0;
1553
wpa_debug_show_keys = debug_show_keys ? 1 : 0;
1555
if (wpa_debug_level != old_level)
1556
wpas_notify_debug_level_changed(global);
1557
if (wpa_debug_timestamp != old_timestamp)
1558
wpas_notify_debug_timestamp_changed(global);
1559
if (wpa_debug_show_keys != old_show_keys)
1560
wpas_notify_debug_show_keys_changed(global);
1567
* wpa_supplicant_get_ssid - Get a pointer to the current network structure
1568
* @wpa_s: Pointer to wpa_supplicant data
1569
* Returns: A pointer to the current network structure or %NULL on failure
1571
struct wpa_ssid * wpa_supplicant_get_ssid(struct wpa_supplicant *wpa_s)
1573
struct wpa_ssid *entry;
1574
u8 ssid[MAX_SSID_LEN];
1580
if (wpa_s->drv_flags & WPA_DRIVER_FLAGS_USER_SPACE_MLME) {
1581
if (ieee80211_sta_get_ssid(wpa_s, ssid, &ssid_len)) {
1582
wpa_printf(MSG_WARNING, "Could not read SSID from "
1587
res = wpa_drv_get_ssid(wpa_s, ssid);
1589
wpa_printf(MSG_WARNING, "Could not read SSID from "
1596
if (wpa_s->drv_flags & WPA_DRIVER_FLAGS_USER_SPACE_MLME)
1597
os_memcpy(bssid, wpa_s->bssid, ETH_ALEN);
1598
else if (wpa_drv_get_bssid(wpa_s, bssid) < 0) {
1599
wpa_printf(MSG_WARNING, "Could not read BSSID from driver.");
1603
wired = wpa_s->conf->ap_scan == 0 &&
1604
(wpa_s->drv_flags & WPA_DRIVER_FLAGS_WIRED);
1606
entry = wpa_s->conf->ssid;
1608
if (!entry->disabled &&
1609
((ssid_len == entry->ssid_len &&
1610
os_memcmp(ssid, entry->ssid, ssid_len) == 0) || wired) &&
1611
(!entry->bssid_set ||
1612
os_memcmp(bssid, entry->bssid, ETH_ALEN) == 0))
1615
if (!entry->disabled &&
1616
(entry->key_mgmt & WPA_KEY_MGMT_WPS) &&
1617
(entry->ssid == NULL || entry->ssid_len == 0) &&
1618
(!entry->bssid_set ||
1619
os_memcmp(bssid, entry->bssid, ETH_ALEN) == 0))
1621
#endif /* CONFIG_WPS */
1622
entry = entry->next;
1629
static int wpa_supplicant_set_driver(struct wpa_supplicant *wpa_s,
1639
if (wpa_drivers[0] == NULL) {
1640
wpa_printf(MSG_ERROR, "No driver interfaces build into "
1646
/* default to first driver in the list */
1647
wpa_s->driver = wpa_drivers[0];
1648
wpa_s->global_drv_priv = wpa_s->global->drv_priv[0];
1652
pos = os_strchr(name, ',');
1656
len = os_strlen(name);
1657
for (i = 0; wpa_drivers[i]; i++) {
1658
if (os_strlen(wpa_drivers[i]->name) == len &&
1659
os_strncmp(name, wpa_drivers[i]->name, len) ==
1661
wpa_s->driver = wpa_drivers[i];
1662
wpa_s->global_drv_priv = wpa_s->global->drv_priv[i];
1667
wpa_printf(MSG_ERROR, "Unsupported driver '%s'.", name);
1673
* wpa_supplicant_rx_eapol - Deliver a received EAPOL frame to wpa_supplicant
1674
* @ctx: Context pointer (wpa_s); this is the ctx variable registered
1675
* with struct wpa_driver_ops::init()
1676
* @src_addr: Source address of the EAPOL frame
1677
* @buf: EAPOL data starting from the EAPOL header (i.e., no Ethernet header)
1678
* @len: Length of the EAPOL data
1680
* This function is called for each received EAPOL frame. Most driver
1681
* interfaces rely on more generic OS mechanism for receiving frames through
1682
* l2_packet, but if such a mechanism is not available, the driver wrapper may
1683
* take care of received EAPOL frames and deliver them to the core supplicant
1684
* code by calling this function.
1686
void wpa_supplicant_rx_eapol(void *ctx, const u8 *src_addr,
1687
const u8 *buf, size_t len)
1689
struct wpa_supplicant *wpa_s = ctx;
1691
wpa_printf(MSG_DEBUG, "RX EAPOL from " MACSTR, MAC2STR(src_addr));
1692
wpa_hexdump(MSG_MSGDUMP, "RX EAPOL", buf, len);
1694
if (wpa_s->wpa_state < WPA_ASSOCIATED) {
1696
* There is possible race condition between receiving the
1697
* association event and the EAPOL frame since they are coming
1698
* through different paths from the driver. In order to avoid
1699
* issues in trying to process the EAPOL frame before receiving
1700
* association information, lets queue it for processing until
1701
* the association event is received.
1703
wpa_printf(MSG_DEBUG, "Not associated - Delay processing of "
1704
"received EAPOL frame");
1705
wpabuf_free(wpa_s->pending_eapol_rx);
1706
wpa_s->pending_eapol_rx = wpabuf_alloc_copy(buf, len);
1707
if (wpa_s->pending_eapol_rx) {
1708
os_get_time(&wpa_s->pending_eapol_rx_time);
1709
os_memcpy(wpa_s->pending_eapol_rx_src, src_addr,
1716
if (wpa_s->ap_iface) {
1717
wpa_supplicant_ap_rx_eapol(wpa_s, src_addr, buf, len);
1720
#endif /* CONFIG_AP */
1722
if (wpa_s->key_mgmt == WPA_KEY_MGMT_NONE) {
1723
wpa_printf(MSG_DEBUG, "Ignored received EAPOL frame since "
1724
"no key management is configured");
1728
if (wpa_s->eapol_received == 0 &&
1729
(!(wpa_s->drv_flags & WPA_DRIVER_FLAGS_4WAY_HANDSHAKE) ||
1730
!wpa_key_mgmt_wpa_psk(wpa_s->key_mgmt) ||
1731
wpa_s->wpa_state != WPA_COMPLETED) &&
1732
(wpa_s->current_ssid == NULL ||
1733
wpa_s->current_ssid->mode != IEEE80211_MODE_IBSS)) {
1734
/* Timeout for completing IEEE 802.1X and WPA authentication */
1735
wpa_supplicant_req_auth_timeout(
1737
(wpa_key_mgmt_wpa_ieee8021x(wpa_s->key_mgmt) ||
1738
wpa_s->key_mgmt == WPA_KEY_MGMT_IEEE8021X_NO_WPA ||
1739
wpa_s->key_mgmt == WPA_KEY_MGMT_WPS) ?
1742
wpa_s->eapol_received++;
1744
if (wpa_s->countermeasures) {
1745
wpa_printf(MSG_INFO, "WPA: Countermeasures - dropped EAPOL "
1750
#ifdef CONFIG_IBSS_RSN
1751
if (wpa_s->current_ssid &&
1752
wpa_s->current_ssid->mode == WPAS_MODE_IBSS) {
1753
ibss_rsn_rx_eapol(wpa_s->ibss_rsn, src_addr, buf, len);
1756
#endif /* CONFIG_IBSS_RSN */
1758
/* Source address of the incoming EAPOL frame could be compared to the
1759
* current BSSID. However, it is possible that a centralized
1760
* Authenticator could be using another MAC address than the BSSID of
1761
* an AP, so just allow any address to be used for now. The replies are
1762
* still sent to the current BSSID (if available), though. */
1764
os_memcpy(wpa_s->last_eapol_src, src_addr, ETH_ALEN);
1765
if (!wpa_key_mgmt_wpa_psk(wpa_s->key_mgmt) &&
1766
eapol_sm_rx_eapol(wpa_s->eapol, src_addr, buf, len) > 0)
1768
wpa_drv_poll(wpa_s);
1769
if (!(wpa_s->drv_flags & WPA_DRIVER_FLAGS_4WAY_HANDSHAKE))
1770
wpa_sm_rx_eapol(wpa_s->wpa, src_addr, buf, len);
1771
else if (wpa_key_mgmt_wpa_ieee8021x(wpa_s->key_mgmt)) {
1773
* Set portValid = TRUE here since we are going to skip 4-way
1774
* handshake processing which would normally set portValid. We
1775
* need this to allow the EAPOL state machines to be completed
1776
* without going through EAPOL-Key handshake.
1778
eapol_sm_notify_portValid(wpa_s->eapol, TRUE);
1784
* wpa_supplicant_driver_init - Initialize driver interface parameters
1785
* @wpa_s: Pointer to wpa_supplicant data
1786
* Returns: 0 on success, -1 on failure
1788
* This function is called to initialize driver interface parameters.
1789
* wpa_drv_init() must have been called before this function to initialize the
1792
int wpa_supplicant_driver_init(struct wpa_supplicant *wpa_s)
1794
static int interface_count = 0;
1796
if (wpa_s->driver->send_eapol) {
1797
const u8 *addr = wpa_drv_get_mac_addr(wpa_s);
1799
os_memcpy(wpa_s->own_addr, addr, ETH_ALEN);
1801
wpa_s->l2 = l2_packet_init(wpa_s->ifname,
1802
wpa_drv_get_mac_addr(wpa_s),
1804
wpa_supplicant_rx_eapol, wpa_s, 0);
1805
if (wpa_s->l2 == NULL)
1809
if (wpa_s->l2 && l2_packet_get_own_addr(wpa_s->l2, wpa_s->own_addr)) {
1810
wpa_printf(MSG_ERROR, "Failed to get own L2 address");
1814
wpa_printf(MSG_DEBUG, "Own MAC address: " MACSTR,
1815
MAC2STR(wpa_s->own_addr));
1817
if (wpa_s->bridge_ifname[0]) {
1818
wpa_printf(MSG_DEBUG, "Receiving packets from bridge interface"
1819
" '%s'", wpa_s->bridge_ifname);
1820
wpa_s->l2_br = l2_packet_init(wpa_s->bridge_ifname,
1823
wpa_supplicant_rx_eapol, wpa_s,
1825
if (wpa_s->l2_br == NULL) {
1826
wpa_printf(MSG_ERROR, "Failed to open l2_packet "
1827
"connection for the bridge interface '%s'",
1828
wpa_s->bridge_ifname);
1833
wpa_clear_keys(wpa_s, NULL);
1835
/* Make sure that TKIP countermeasures are not left enabled (could
1836
* happen if wpa_supplicant is killed during countermeasures. */
1837
wpa_drv_set_countermeasures(wpa_s, 0);
1839
wpa_printf(MSG_DEBUG, "RSN: flushing PMKID list in the driver");
1840
wpa_drv_flush_pmkid(wpa_s);
1842
wpa_s->prev_scan_ssid = WILDCARD_SSID_SCAN;
1843
if (wpa_supplicant_enabled_networks(wpa_s->conf)) {
1844
wpa_supplicant_req_scan(wpa_s, interface_count, 100000);
1847
wpa_supplicant_set_state(wpa_s, WPA_INACTIVE);
1853
static int wpa_supplicant_daemon(const char *pid_file)
1855
wpa_printf(MSG_DEBUG, "Daemonize..");
1856
return os_daemonize(pid_file);
1860
static struct wpa_supplicant * wpa_supplicant_alloc(void)
1862
struct wpa_supplicant *wpa_s;
1864
wpa_s = os_zalloc(sizeof(*wpa_s));
1867
wpa_s->scan_req = 1;
1868
wpa_s->new_connection = 1;
1874
static int wpa_supplicant_init_iface(struct wpa_supplicant *wpa_s,
1875
struct wpa_interface *iface)
1877
const char *ifname, *driver;
1878
struct wpa_driver_capa capa;
1880
wpa_printf(MSG_DEBUG, "Initializing interface '%s' conf '%s' driver "
1881
"'%s' ctrl_interface '%s' bridge '%s'", iface->ifname,
1882
iface->confname ? iface->confname : "N/A",
1883
iface->driver ? iface->driver : "default",
1884
iface->ctrl_interface ? iface->ctrl_interface : "N/A",
1885
iface->bridge_ifname ? iface->bridge_ifname : "N/A");
1887
if (iface->confname) {
1888
#ifdef CONFIG_BACKEND_FILE
1889
wpa_s->confname = os_rel2abs_path(iface->confname);
1890
if (wpa_s->confname == NULL) {
1891
wpa_printf(MSG_ERROR, "Failed to get absolute path "
1892
"for configuration file '%s'.",
1896
wpa_printf(MSG_DEBUG, "Configuration file '%s' -> '%s'",
1897
iface->confname, wpa_s->confname);
1898
#else /* CONFIG_BACKEND_FILE */
1899
wpa_s->confname = os_strdup(iface->confname);
1900
#endif /* CONFIG_BACKEND_FILE */
1901
wpa_s->conf = wpa_config_read(wpa_s->confname);
1902
if (wpa_s->conf == NULL) {
1903
wpa_printf(MSG_ERROR, "Failed to read or parse "
1904
"configuration '%s'.", wpa_s->confname);
1909
* Override ctrl_interface and driver_param if set on command
1912
if (iface->ctrl_interface) {
1913
os_free(wpa_s->conf->ctrl_interface);
1914
wpa_s->conf->ctrl_interface =
1915
os_strdup(iface->ctrl_interface);
1918
if (iface->driver_param) {
1919
os_free(wpa_s->conf->driver_param);
1920
wpa_s->conf->driver_param =
1921
os_strdup(iface->driver_param);
1924
wpa_s->conf = wpa_config_alloc_empty(iface->ctrl_interface,
1925
iface->driver_param);
1927
if (wpa_s->conf == NULL) {
1928
wpa_printf(MSG_ERROR, "\nNo configuration found.");
1932
if (iface->ifname == NULL) {
1933
wpa_printf(MSG_ERROR, "\nInterface name is required.");
1936
if (os_strlen(iface->ifname) >= sizeof(wpa_s->ifname)) {
1937
wpa_printf(MSG_ERROR, "\nToo long interface name '%s'.",
1941
os_strlcpy(wpa_s->ifname, iface->ifname, sizeof(wpa_s->ifname));
1943
if (iface->bridge_ifname) {
1944
if (os_strlen(iface->bridge_ifname) >=
1945
sizeof(wpa_s->bridge_ifname)) {
1946
wpa_printf(MSG_ERROR, "\nToo long bridge interface "
1947
"name '%s'.", iface->bridge_ifname);
1950
os_strlcpy(wpa_s->bridge_ifname, iface->bridge_ifname,
1951
sizeof(wpa_s->bridge_ifname));
1954
/* RSNA Supplicant Key Management - INITIALIZE */
1955
eapol_sm_notify_portEnabled(wpa_s->eapol, FALSE);
1956
eapol_sm_notify_portValid(wpa_s->eapol, FALSE);
1958
/* Initialize driver interface and register driver event handler before
1959
* L2 receive handler so that association events are processed before
1960
* EAPOL-Key packets if both become available for the same select()
1962
driver = iface->driver;
1964
if (wpa_supplicant_set_driver(wpa_s, driver) < 0)
1967
wpa_s->drv_priv = wpa_drv_init(wpa_s, wpa_s->ifname);
1968
if (wpa_s->drv_priv == NULL) {
1970
pos = driver ? os_strchr(driver, ',') : NULL;
1972
wpa_printf(MSG_DEBUG, "Failed to initialize driver "
1973
"interface - try next driver wrapper");
1977
wpa_printf(MSG_ERROR, "Failed to initialize driver interface");
1980
if (wpa_drv_set_param(wpa_s, wpa_s->conf->driver_param) < 0) {
1981
wpa_printf(MSG_ERROR, "Driver interface rejected "
1982
"driver_param '%s'", wpa_s->conf->driver_param);
1986
ifname = wpa_drv_get_ifname(wpa_s);
1987
if (ifname && os_strcmp(ifname, wpa_s->ifname) != 0) {
1988
wpa_printf(MSG_DEBUG, "Driver interface replaced interface "
1989
"name with '%s'", ifname);
1990
os_strlcpy(wpa_s->ifname, ifname, sizeof(wpa_s->ifname));
1993
if (wpa_supplicant_init_wpa(wpa_s) < 0)
1996
wpa_sm_set_ifname(wpa_s->wpa, wpa_s->ifname,
1997
wpa_s->bridge_ifname[0] ? wpa_s->bridge_ifname :
1999
wpa_sm_set_fast_reauth(wpa_s->wpa, wpa_s->conf->fast_reauth);
2001
if (wpa_s->conf->dot11RSNAConfigPMKLifetime &&
2002
wpa_sm_set_param(wpa_s->wpa, RSNA_PMK_LIFETIME,
2003
wpa_s->conf->dot11RSNAConfigPMKLifetime)) {
2004
wpa_printf(MSG_ERROR, "Invalid WPA parameter value for "
2005
"dot11RSNAConfigPMKLifetime");
2009
if (wpa_s->conf->dot11RSNAConfigPMKReauthThreshold &&
2010
wpa_sm_set_param(wpa_s->wpa, RSNA_PMK_REAUTH_THRESHOLD,
2011
wpa_s->conf->dot11RSNAConfigPMKReauthThreshold)) {
2012
wpa_printf(MSG_ERROR, "Invalid WPA parameter value for "
2013
"dot11RSNAConfigPMKReauthThreshold");
2017
if (wpa_s->conf->dot11RSNAConfigSATimeout &&
2018
wpa_sm_set_param(wpa_s->wpa, RSNA_SA_TIMEOUT,
2019
wpa_s->conf->dot11RSNAConfigSATimeout)) {
2020
wpa_printf(MSG_ERROR, "Invalid WPA parameter value for "
2021
"dot11RSNAConfigSATimeout");
2025
if (wpa_drv_get_capa(wpa_s, &capa) == 0) {
2026
wpa_s->drv_flags = capa.flags;
2027
if (capa.flags & WPA_DRIVER_FLAGS_USER_SPACE_MLME) {
2028
if (ieee80211_sta_init(wpa_s))
2031
wpa_s->max_scan_ssids = capa.max_scan_ssids;
2032
wpa_s->max_remain_on_chan = capa.max_remain_on_chan;
2034
if (wpa_s->max_remain_on_chan == 0)
2035
wpa_s->max_remain_on_chan = 1000;
2037
if (wpa_supplicant_driver_init(wpa_s) < 0)
2040
if (wpa_s->conf->country[0] && wpa_s->conf->country[1] &&
2041
wpa_drv_set_country(wpa_s, wpa_s->conf->country)) {
2042
wpa_printf(MSG_DEBUG, "Failed to set country");
2046
wpa_sm_set_own_addr(wpa_s->wpa, wpa_s->own_addr);
2048
if (wpas_wps_init(wpa_s))
2051
if (wpa_supplicant_init_eapol(wpa_s) < 0)
2053
wpa_sm_set_eapol(wpa_s->wpa, wpa_s->eapol);
2055
wpa_s->ctrl_iface = wpa_supplicant_ctrl_iface_init(wpa_s);
2056
if (wpa_s->ctrl_iface == NULL) {
2057
wpa_printf(MSG_ERROR,
2058
"Failed to initialize control interface '%s'.\n"
2059
"You may have another wpa_supplicant process "
2060
"already running or the file was\n"
2061
"left by an unclean termination of wpa_supplicant "
2062
"in which case you will need\n"
2063
"to manually remove this file before starting "
2064
"wpa_supplicant again.\n",
2065
wpa_s->conf->ctrl_interface);
2069
#ifdef CONFIG_IBSS_RSN
2070
wpa_s->ibss_rsn = ibss_rsn_init(wpa_s);
2071
if (!wpa_s->ibss_rsn) {
2072
wpa_printf(MSG_DEBUG, "Failed to init IBSS RSN");
2075
#endif /* CONFIG_IBSS_RSN */
2077
if (wpa_bss_init(wpa_s) < 0)
2084
static void wpa_supplicant_deinit_iface(struct wpa_supplicant *wpa_s,
2087
if (wpa_s->drv_priv) {
2088
wpa_supplicant_deauthenticate(wpa_s,
2089
WLAN_REASON_DEAUTH_LEAVING);
2091
wpa_drv_set_countermeasures(wpa_s, 0);
2092
wpa_clear_keys(wpa_s, NULL);
2095
wpa_supplicant_cleanup(wpa_s);
2098
wpas_notify_iface_removed(wpa_s);
2100
if (wpa_s->drv_priv)
2101
wpa_drv_deinit(wpa_s);
2106
* wpa_supplicant_add_iface - Add a new network interface
2107
* @global: Pointer to global data from wpa_supplicant_init()
2108
* @iface: Interface configuration options
2109
* Returns: Pointer to the created interface or %NULL on failure
2111
* This function is used to add new network interfaces for %wpa_supplicant.
2112
* This can be called before wpa_supplicant_run() to add interfaces before the
2113
* main event loop has been started. In addition, new interfaces can be added
2114
* dynamically while %wpa_supplicant is already running. This could happen,
2115
* e.g., when a hotplug network adapter is inserted.
2117
struct wpa_supplicant * wpa_supplicant_add_iface(struct wpa_global *global,
2118
struct wpa_interface *iface)
2120
struct wpa_supplicant *wpa_s;
2121
struct wpa_interface t_iface;
2122
struct wpa_ssid *ssid;
2124
if (global == NULL || iface == NULL)
2127
wpa_s = wpa_supplicant_alloc();
2131
wpa_s->global = global;
2134
if (global->params.override_driver) {
2135
wpa_printf(MSG_DEBUG, "Override interface parameter: driver "
2137
iface->driver, global->params.override_driver);
2138
t_iface.driver = global->params.override_driver;
2140
if (global->params.override_ctrl_interface) {
2141
wpa_printf(MSG_DEBUG, "Override interface parameter: "
2142
"ctrl_interface ('%s' -> '%s')",
2143
iface->ctrl_interface,
2144
global->params.override_ctrl_interface);
2145
t_iface.ctrl_interface =
2146
global->params.override_ctrl_interface;
2148
if (wpa_supplicant_init_iface(wpa_s, &t_iface)) {
2149
wpa_printf(MSG_DEBUG, "Failed to add interface %s",
2151
wpa_supplicant_deinit_iface(wpa_s, 0);
2156
/* Notify the control interfaces about new iface */
2157
if (wpas_notify_iface_added(wpa_s)) {
2158
wpa_supplicant_deinit_iface(wpa_s, 1);
2163
for (ssid = wpa_s->conf->ssid; ssid; ssid = ssid->next)
2164
wpas_notify_network_added(wpa_s, ssid);
2166
wpa_s->next = global->ifaces;
2167
global->ifaces = wpa_s;
2169
wpa_printf(MSG_DEBUG, "Added interface %s", wpa_s->ifname);
2176
* wpa_supplicant_remove_iface - Remove a network interface
2177
* @global: Pointer to global data from wpa_supplicant_init()
2178
* @wpa_s: Pointer to the network interface to be removed
2179
* Returns: 0 if interface was removed, -1 if interface was not found
2181
* This function can be used to dynamically remove network interfaces from
2182
* %wpa_supplicant, e.g., when a hotplug network adapter is ejected. In
2183
* addition, this function is used to remove all remaining interfaces when
2184
* %wpa_supplicant is terminated.
2186
int wpa_supplicant_remove_iface(struct wpa_global *global,
2187
struct wpa_supplicant *wpa_s)
2189
struct wpa_supplicant *prev;
2191
/* Remove interface from the global list of interfaces */
2192
prev = global->ifaces;
2193
if (prev == wpa_s) {
2194
global->ifaces = wpa_s->next;
2196
while (prev && prev->next != wpa_s)
2200
prev->next = wpa_s->next;
2203
wpa_printf(MSG_DEBUG, "Removing interface %s", wpa_s->ifname);
2205
wpa_supplicant_deinit_iface(wpa_s, 1);
2213
* wpa_supplicant_get_iface - Get a new network interface
2214
* @global: Pointer to global data from wpa_supplicant_init()
2215
* @ifname: Interface name
2216
* Returns: Pointer to the interface or %NULL if not found
2218
struct wpa_supplicant * wpa_supplicant_get_iface(struct wpa_global *global,
2221
struct wpa_supplicant *wpa_s;
2223
for (wpa_s = global->ifaces; wpa_s; wpa_s = wpa_s->next) {
2224
if (os_strcmp(wpa_s->ifname, ifname) == 0)
2232
* wpa_supplicant_init - Initialize %wpa_supplicant
2233
* @params: Parameters for %wpa_supplicant
2234
* Returns: Pointer to global %wpa_supplicant data, or %NULL on failure
2236
* This function is used to initialize %wpa_supplicant. After successful
2237
* initialization, the returned data pointer can be used to add and remove
2238
* network interfaces, and eventually, to deinitialize %wpa_supplicant.
2240
struct wpa_global * wpa_supplicant_init(struct wpa_params *params)
2242
struct wpa_global *global;
2248
wpa_debug_open_file(params->wpa_debug_file_path);
2249
if (params->wpa_debug_syslog)
2250
wpa_debug_open_syslog();
2252
ret = eap_register_methods();
2254
wpa_printf(MSG_ERROR, "Failed to register EAP methods");
2256
wpa_printf(MSG_ERROR, "Two or more EAP methods used "
2257
"the same EAP type.");
2261
global = os_zalloc(sizeof(*global));
2264
global->params.daemonize = params->daemonize;
2265
global->params.wait_for_monitor = params->wait_for_monitor;
2266
global->params.dbus_ctrl_interface = params->dbus_ctrl_interface;
2267
if (params->pid_file)
2268
global->params.pid_file = os_strdup(params->pid_file);
2269
if (params->ctrl_interface)
2270
global->params.ctrl_interface =
2271
os_strdup(params->ctrl_interface);
2272
if (params->override_driver)
2273
global->params.override_driver =
2274
os_strdup(params->override_driver);
2275
if (params->override_ctrl_interface)
2276
global->params.override_ctrl_interface =
2277
os_strdup(params->override_ctrl_interface);
2278
wpa_debug_level = global->params.wpa_debug_level =
2279
params->wpa_debug_level;
2280
wpa_debug_show_keys = global->params.wpa_debug_show_keys =
2281
params->wpa_debug_show_keys;
2282
wpa_debug_timestamp = global->params.wpa_debug_timestamp =
2283
params->wpa_debug_timestamp;
2286
wpa_printf(MSG_ERROR, "Failed to initialize event loop");
2287
wpa_supplicant_deinit(global);
2291
global->ctrl_iface = wpa_supplicant_global_ctrl_iface_init(global);
2292
if (global->ctrl_iface == NULL) {
2293
wpa_supplicant_deinit(global);
2297
if (wpas_notify_supplicant_initialized(global)) {
2298
wpa_supplicant_deinit(global);
2302
for (i = 0; wpa_drivers[i]; i++)
2303
global->drv_count++;
2304
if (global->drv_count == 0) {
2305
wpa_printf(MSG_ERROR, "No drivers enabled");
2306
wpa_supplicant_deinit(global);
2309
global->drv_priv = os_zalloc(global->drv_count * sizeof(void *));
2310
if (global->drv_priv == NULL) {
2311
wpa_supplicant_deinit(global);
2314
for (i = 0; wpa_drivers[i]; i++) {
2315
if (!wpa_drivers[i]->global_init)
2317
global->drv_priv[i] = wpa_drivers[i]->global_init();
2318
if (global->drv_priv[i] == NULL) {
2319
wpa_printf(MSG_ERROR, "Failed to initialize driver "
2320
"'%s'", wpa_drivers[i]->name);
2321
wpa_supplicant_deinit(global);
2331
* wpa_supplicant_run - Run the %wpa_supplicant main event loop
2332
* @global: Pointer to global data from wpa_supplicant_init()
2333
* Returns: 0 after successful event loop run, -1 on failure
2335
* This function starts the main event loop and continues running as long as
2336
* there are any remaining events. In most cases, this function is running as
2337
* long as the %wpa_supplicant process in still in use.
2339
int wpa_supplicant_run(struct wpa_global *global)
2341
struct wpa_supplicant *wpa_s;
2343
if (global->params.daemonize &&
2344
wpa_supplicant_daemon(global->params.pid_file))
2347
if (global->params.wait_for_monitor) {
2348
for (wpa_s = global->ifaces; wpa_s; wpa_s = wpa_s->next)
2349
if (wpa_s->ctrl_iface)
2350
wpa_supplicant_ctrl_iface_wait(
2354
eloop_register_signal_terminate(wpa_supplicant_terminate, global);
2355
eloop_register_signal_reconfig(wpa_supplicant_reconfig, global);
2364
* wpa_supplicant_deinit - Deinitialize %wpa_supplicant
2365
* @global: Pointer to global data from wpa_supplicant_init()
2367
* This function is called to deinitialize %wpa_supplicant and to free all
2368
* allocated resources. Remaining network interfaces will also be removed.
2370
void wpa_supplicant_deinit(struct wpa_global *global)
2377
while (global->ifaces)
2378
wpa_supplicant_remove_iface(global, global->ifaces);
2380
if (global->ctrl_iface)
2381
wpa_supplicant_global_ctrl_iface_deinit(global->ctrl_iface);
2383
wpas_notify_supplicant_deinitialized(global);
2385
eap_peer_unregister_methods();
2387
eap_server_unregister_methods();
2388
#endif /* CONFIG_AP */
2390
for (i = 0; wpa_drivers[i] && global->drv_priv; i++) {
2391
if (!global->drv_priv[i])
2393
wpa_drivers[i]->global_deinit(global->drv_priv[i]);
2395
os_free(global->drv_priv);
2399
if (global->params.pid_file) {
2400
os_daemonize_terminate(global->params.pid_file);
2401
os_free(global->params.pid_file);
2403
os_free(global->params.ctrl_interface);
2404
os_free(global->params.override_driver);
2405
os_free(global->params.override_ctrl_interface);
2408
wpa_debug_close_syslog();
2409
wpa_debug_close_file();
2413
static void add_freq(int *freqs, int *num_freqs, int freq)
2417
for (i = 0; i < *num_freqs; i++) {
2418
if (freqs[i] == freq)
2422
freqs[*num_freqs] = freq;
2427
static int * get_bss_freqs_in_ess(struct wpa_supplicant *wpa_s)
2429
struct wpa_bss *bss, *cbss;
2430
const int max_freqs = 10;
2434
freqs = os_zalloc(sizeof(int) * (max_freqs + 1));
2438
cbss = wpa_s->current_bss;
2440
dl_list_for_each(bss, &wpa_s->bss, struct wpa_bss, list) {
2443
if (bss->ssid_len == cbss->ssid_len &&
2444
os_memcmp(bss->ssid, cbss->ssid, bss->ssid_len) == 0 &&
2445
wpa_blacklist_get(wpa_s, bss->bssid) == NULL) {
2446
add_freq(freqs, &num_freqs, bss->freq);
2447
if (num_freqs == max_freqs)
2452
if (num_freqs == 0) {
2461
void wpas_connection_failed(struct wpa_supplicant *wpa_s, const u8 *bssid)
2468
* Add the failed BSSID into the blacklist and speed up next scan
2469
* attempt if there could be other APs that could accept association.
2470
* The current blacklist count indicates how many times we have tried
2471
* connecting to this AP and multiple attempts mean that other APs are
2472
* either not available or has already been tried, so that we can start
2473
* increasing the delay here to avoid constant scanning.
2475
count = wpa_blacklist_add(wpa_s, bssid);
2476
if (count == 1 && wpa_s->current_bss) {
2478
* This BSS was not in the blacklist before. If there is
2479
* another BSS available for the same ESS, we should try that
2480
* next. Otherwise, we may as well try this one once more
2481
* before allowing other, likely worse, ESSes to be considered.
2483
freqs = get_bss_freqs_in_ess(wpa_s);
2485
wpa_printf(MSG_DEBUG, "Another BSS in this ESS has "
2486
"been seen; try it next");
2487
wpa_blacklist_add(wpa_s, bssid);
2489
* On the next scan, go through only the known channels
2490
* used in this ESS based on previous scans to speed up
2491
* common load balancing use case.
2493
os_free(wpa_s->next_scan_freqs);
2494
wpa_s->next_scan_freqs = freqs;
2513
* TODO: if more than one possible AP is available in scan results,
2514
* could try the other ones before requesting a new scan.
2516
wpa_supplicant_req_scan(wpa_s, timeout / 1000,
2517
1000 * (timeout % 1000));