search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
modules: disable dummy module declarations
[dragonfly.git] / contrib / wpa_supplicant-0.5.8 / wpa_supplicant.c
blobf7ac13e836aba7e4c0d272c43c920dd362e0f911
1 /*
2 * WPA Supplicant
3 * Copyright (c) 2003-2007, Jouni Malinen <j@w1.fi>
4 *
5 * This program is free software; you can redistribute it and/or modify
6 * it under the terms of the GNU General Public License version 2 as
7 * published by the Free Software Foundation.
8 *
9 * Alternatively, this software may be distributed under the terms of BSD
10 * license.
11 *
12 * See README and COPYING for more details.
13 *
14 * This file implements functions for registering and unregistering
15 * %wpa_supplicant interfaces. In addition, this file contains number of
16 * functions for managing network connections.
17 */
18
19 #include "includes.h"
20
21 #include "common.h"
22 #include "eapol_sm.h"
23 #include "eap.h"
24 #include "wpa.h"
25 #include "eloop.h"
26 #include "wpa_supplicant.h"
27 #include "config.h"
28 #include "l2_packet.h"
29 #include "wpa_supplicant_i.h"
30 #include "ctrl_iface.h"
31 #include "ctrl_iface_dbus.h"
32 #include "pcsc_funcs.h"
33 #include "version.h"
34 #include "preauth.h"
35 #include "pmksa_cache.h"
36 #include "wpa_ctrl.h"
37 #include "mlme.h"
38
39 const char *wpa_supplicant_version =
40 "wpa_supplicant v" VERSION_STR "\n"
41 "Copyright (c) 2003-2007, Jouni Malinen <j@w1.fi> and contributors";
42
43 const char *wpa_supplicant_license =
44 "This program is free software. You can distribute it and/or modify it\n"
45 "under the terms of the GNU General Public License version 2.\n"
46 "\n"
47 "Alternatively, this software may be distributed under the terms of the\n"
48 "BSD license. See README and COPYING for more details.\n"
49 #ifdef EAP_TLS_OPENSSL
50 "\nThis product includes software developed by the OpenSSL Project\n"
51 "for use in the OpenSSL Toolkit (http://www.openssl.org/)\n"
52 #endif /* EAP_TLS_OPENSSL */
53 ;
54
55 #ifndef CONFIG_NO_STDOUT_DEBUG
56 /* Long text divided into parts in order to fit in C89 strings size limits. */
57 const char *wpa_supplicant_full_license1 =
58 "This program is free software; you can redistribute it and/or modify\n"
59 "it under the terms of the GNU General Public License version 2 as\n"
60 "published by the Free Software Foundation.\n"
61 "\n"
62 "This program is distributed in the hope that it will be useful,\n"
63 "but WITHOUT ANY WARRANTY; without even the implied warranty of\n"
64 "MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n"
65 "GNU General Public License for more details.\n"
66 "\n";
67 const char *wpa_supplicant_full_license2 =
68 "You should have received a copy of the GNU General Public License\n"
69 "along with this program; if not, write to the Free Software\n"
70 "Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA\n"
71 "\n"
72 "Alternatively, this software may be distributed under the terms of the\n"
73 "BSD license.\n"
74 "\n"
75 "Redistribution and use in source and binary forms, with or without\n"
76 "modification, are permitted provided that the following conditions are\n"
77 "met:\n"
78 "\n";
79 const char *wpa_supplicant_full_license3 =
80 "1. Redistributions of source code must retain the above copyright\n"
81 " notice, this list of conditions and the following disclaimer.\n"
82 "\n"
83 "2. Redistributions in binary form must reproduce the above copyright\n"
84 " notice, this list of conditions and the following disclaimer in the\n"
85 " documentation and/or other materials provided with the distribution.\n"
86 "\n";
87 const char *wpa_supplicant_full_license4 =
88 "3. Neither the name(s) of the above-listed copyright holder(s) nor the\n"
89 " names of its contributors may be used to endorse or promote products\n"
90 " derived from this software without specific prior written permission.\n"
91 "\n"
92 "THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS\n"
93 "\"AS IS\" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT\n"
94 "LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR\n"
95 "A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT\n";
96 const char *wpa_supplicant_full_license5 =
97 "OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,\n"
98 "SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT\n"
99 "LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,\n"
100 "DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY\n"
101 "THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT\n"
102 "(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE\n"
103 "OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n"
104 "\n";
105 #endif /* CONFIG_NO_STDOUT_DEBUG */
106
107 extern struct wpa_driver_ops *wpa_supplicant_drivers[];
108
109 extern int wpa_debug_use_file;
110 extern int wpa_debug_level;
111 extern int wpa_debug_show_keys;
112 extern int wpa_debug_timestamp;
113
114 static void wpa_supplicant_scan(void *eloop_ctx, void *timeout_ctx);
115
116 #if defined(IEEE8021X_EAPOL) || !defined(CONFIG_NO_WPA)
117 static u8 * wpa_alloc_eapol(const struct wpa_supplicant *wpa_s, u8 type,
118 const void *data, u16 data_len,
119 size_t *msg_len, void **data_pos)
120 {
121 struct ieee802_1x_hdr *hdr;
122
123 *msg_len = sizeof(*hdr) + data_len;
124 hdr = os_malloc(*msg_len);
125 if (hdr == NULL)
126 return NULL;
127
128 hdr->version = wpa_s->conf->eapol_version;
129 hdr->type = type;
130 hdr->length = host_to_be16(data_len);
131
132 if (data)
133 os_memcpy(hdr + 1, data, data_len);
134 else
135 os_memset(hdr + 1, 0, data_len);
136
137 if (data_pos)
138 *data_pos = hdr + 1;
139
140 return (u8 *) hdr;
141 }
142
143
144 /**
145 * wpa_ether_send - Send Ethernet frame
146 * @wpa_s: Pointer to wpa_supplicant data
147 * @dest: Destination MAC address
148 * @proto: Ethertype in host byte order
149 * @buf: Frame payload starting from IEEE 802.1X header
150 * @len: Frame payload length
151 * Returns: >=0 on success, <0 on failure
152 */
153 static int wpa_ether_send(struct wpa_supplicant *wpa_s, const u8 *dest,
154 u16 proto, const u8 *buf, size_t len)
155 {
156 if (wpa_s->l2) {
157 return l2_packet_send(wpa_s->l2, dest, proto, buf, len);
158 }
159
160 return wpa_drv_send_eapol(wpa_s, dest, proto, buf, len);
161 }
162 #endif /* IEEE8021X_EAPOL || !CONFIG_NO_WPA */
163
164
165 #ifdef IEEE8021X_EAPOL
166 /**
167 * wpa_supplicant_eapol_send - Send IEEE 802.1X EAPOL packet to Authenticator
168 * @ctx: Pointer to wpa_supplicant data (wpa_s)
169 * @type: IEEE 802.1X packet type (IEEE802_1X_TYPE_*)
170 * @buf: EAPOL payload (after IEEE 802.1X header)
171 * @len: EAPOL payload length
172 * Returns: >=0 on success, <0 on failure
173 *
174 * This function adds Ethernet and IEEE 802.1X header and sends the EAPOL frame
175 * to the current Authenticator.
176 */
177 static int wpa_supplicant_eapol_send(void *ctx, int type, const u8 *buf,
178 size_t len)
179 {
180 struct wpa_supplicant *wpa_s = ctx;
181 u8 *msg, *dst, bssid[ETH_ALEN];
182 size_t msglen;
183 int res;
184
185 /* TODO: could add l2_packet_sendmsg that allows fragments to avoid
186 * extra copy here */
187
188 if (wpa_s->key_mgmt == WPA_KEY_MGMT_PSK ||
189 wpa_s->key_mgmt == WPA_KEY_MGMT_NONE) {
190 /* Current SSID is not using IEEE 802.1X/EAP, so drop possible
191 * EAPOL frames (mainly, EAPOL-Start) from EAPOL state
192 * machines. */
193 wpa_printf(MSG_DEBUG, "WPA: drop TX EAPOL in non-IEEE 802.1X "
194 "mode (type=%d len=%lu)", type,
195 (unsigned long) len);
196 return -1;
197 }
198
199 if (pmksa_cache_get_current(wpa_s->wpa) &&
200 type == IEEE802_1X_TYPE_EAPOL_START) {
201 /* Trying to use PMKSA caching - do not send EAPOL-Start frames
202 * since they will trigger full EAPOL authentication. */
203 wpa_printf(MSG_DEBUG, "RSN: PMKSA caching - do not send "
204 "EAPOL-Start");
205 return -1;
206 }
207
208 if (os_memcmp(wpa_s->bssid, "\x00\x00\x00\x00\x00\x00", ETH_ALEN) == 0)
209 {
210 wpa_printf(MSG_DEBUG, "BSSID not set when trying to send an "
211 "EAPOL frame");
212 if (wpa_drv_get_bssid(wpa_s, bssid) == 0 &&
213 os_memcmp(bssid, "\x00\x00\x00\x00\x00\x00", ETH_ALEN) !=
214 0) {
215 dst = bssid;
216 wpa_printf(MSG_DEBUG, "Using current BSSID " MACSTR
217 " from the driver as the EAPOL destination",
218 MAC2STR(dst));
219 } else {
220 dst = wpa_s->last_eapol_src;
221 wpa_printf(MSG_DEBUG, "Using the source address of the"
222 " last received EAPOL frame " MACSTR " as "
223 "the EAPOL destination",
224 MAC2STR(dst));
225 }
226 } else {
227 /* BSSID was already set (from (Re)Assoc event, so use it as
228 * the EAPOL destination. */
229 dst = wpa_s->bssid;
230 }
231
232 msg = wpa_alloc_eapol(wpa_s, type, buf, len, &msglen, NULL);
233 if (msg == NULL)
234 return -1;
235
236 wpa_hexdump(MSG_MSGDUMP, "TX EAPOL", msg, msglen);
237 res = wpa_ether_send(wpa_s, dst, ETH_P_EAPOL, msg, msglen);
238 os_free(msg);
239 return res;
240 }
241
242
243 /**
244 * wpa_eapol_set_wep_key - set WEP key for the driver
245 * @ctx: Pointer to wpa_supplicant data (wpa_s)
246 * @unicast: 1 = individual unicast key, 0 = broadcast key
247 * @keyidx: WEP key index (0..3)
248 * @key: Pointer to key data
249 * @keylen: Key length in bytes
250 * Returns: 0 on success or < 0 on error.
251 */
252 static int wpa_eapol_set_wep_key(void *ctx, int unicast, int keyidx,
253 const u8 *key, size_t keylen)
254 {
255 struct wpa_supplicant *wpa_s = ctx;
256 if (wpa_s->key_mgmt == WPA_KEY_MGMT_IEEE8021X_NO_WPA) {
257 int cipher = (keylen == 5) ? WPA_CIPHER_WEP40 :
258 WPA_CIPHER_WEP104;
259 if (unicast)
260 wpa_s->pairwise_cipher = cipher;
261 else
262 wpa_s->group_cipher = cipher;
263 }
264 return wpa_drv_set_key(wpa_s, WPA_ALG_WEP,
265 unicast ? wpa_s->bssid :
266 (u8 *) "\xff\xff\xff\xff\xff\xff",
267 keyidx, unicast, (u8 *) "", 0, key, keylen);
268 }
269
270
271 static void wpa_supplicant_aborted_cached(void *ctx)
272 {
273 struct wpa_supplicant *wpa_s = ctx;
274 wpa_sm_aborted_cached(wpa_s->wpa);
275 }
276
277 #endif /* IEEE8021X_EAPOL */
278
279
280 #if defined(IEEE8021X_EAPOL) || !defined(CONFIG_NO_WPA)
281 static void wpa_supplicant_set_config_blob(void *ctx,
282 struct wpa_config_blob *blob)
283 {
284 struct wpa_supplicant *wpa_s = ctx;
285 wpa_config_set_blob(wpa_s->conf, blob);
286 }
287
288
289 static const struct wpa_config_blob *
290 wpa_supplicant_get_config_blob(void *ctx, const char *name)
291 {
292 struct wpa_supplicant *wpa_s = ctx;
293 return wpa_config_get_blob(wpa_s->conf, name);
294 }
295 #endif /* defined(IEEE8021X_EAPOL) || !defined(CONFIG_NO_WPA) */
296
297
298 /* Configure default/group WEP key for static WEP */
299 static int wpa_set_wep_key(void *ctx, int set_tx, int keyidx, const u8 *key,
300 size_t keylen)
301 {
302 struct wpa_supplicant *wpa_s = ctx;
303 return wpa_drv_set_key(wpa_s, WPA_ALG_WEP,
304 (u8 *) "\xff\xff\xff\xff\xff\xff",
305 keyidx, set_tx, (u8 *) "", 0, key, keylen);
306 }
307
308
309 static int wpa_supplicant_set_wpa_none_key(struct wpa_supplicant *wpa_s,
310 struct wpa_ssid *ssid)
311 {
312 u8 key[32];
313 size_t keylen;
314 wpa_alg alg;
315 u8 seq[6] = { 0 };
316
317 /* IBSS/WPA-None uses only one key (Group) for both receiving and
318 * sending unicast and multicast packets. */
319
320 if (ssid->mode != IEEE80211_MODE_IBSS) {
321 wpa_printf(MSG_INFO, "WPA: Invalid mode %d (not IBSS/ad-hoc) "
322 "for WPA-None", ssid->mode);
323 return -1;
324 }
325
326 if (!ssid->psk_set) {
327 wpa_printf(MSG_INFO, "WPA: No PSK configured for WPA-None");
328 return -1;
329 }
330
331 switch (wpa_s->group_cipher) {
332 case WPA_CIPHER_CCMP:
333 os_memcpy(key, ssid->psk, 16);
334 keylen = 16;
335 alg = WPA_ALG_CCMP;
336 break;
337 case WPA_CIPHER_TKIP:
338 /* WPA-None uses the same Michael MIC key for both TX and RX */
339 os_memcpy(key, ssid->psk, 16 + 8);
340 os_memcpy(key + 16 + 8, ssid->psk + 16, 8);
341 keylen = 32;
342 alg = WPA_ALG_TKIP;
343 break;
344 default:
345 wpa_printf(MSG_INFO, "WPA: Invalid group cipher %d for "
346 "WPA-None", wpa_s->group_cipher);
347 return -1;
348 }
349
350 /* TODO: should actually remember the previously used seq#, both for TX
351 * and RX from each STA.. */
352
353 return wpa_drv_set_key(wpa_s, alg, (u8 *) "\xff\xff\xff\xff\xff\xff",
354 0, 1, seq, 6, key, keylen);
355 }
356
357
358 #ifdef IEEE8021X_EAPOL
359 static void wpa_supplicant_notify_eapol_done(void *ctx)
360 {
361 struct wpa_supplicant *wpa_s = ctx;
362 wpa_msg(wpa_s, MSG_DEBUG, "WPA: EAPOL processing complete");
363 if (wpa_s->key_mgmt == WPA_KEY_MGMT_IEEE8021X) {
364 wpa_supplicant_set_state(wpa_s, WPA_4WAY_HANDSHAKE);
365 } else {
366 eloop_cancel_timeout(wpa_supplicant_scan, wpa_s, NULL);
367 wpa_supplicant_cancel_auth_timeout(wpa_s);
368 wpa_supplicant_set_state(wpa_s, WPA_COMPLETED);
369 }
370 }
371 #endif /* IEEE8021X_EAPOL */
372
373
374 /**
375 * wpa_blacklist_get - Get the blacklist entry for a BSSID
376 * @wpa_s: Pointer to wpa_supplicant data
377 * @bssid: BSSID
378 * Returns: Matching blacklist entry for the BSSID or %NULL if not found
379 */
380 struct wpa_blacklist * wpa_blacklist_get(struct wpa_supplicant *wpa_s,
381 const u8 *bssid)
382 {
383 struct wpa_blacklist *e;
384
385 e = wpa_s->blacklist;
386 while (e) {
387 if (os_memcmp(e->bssid, bssid, ETH_ALEN) == 0)
388 return e;
389 e = e->next;
390 }
391
392 return NULL;
393 }
394
395
396 /**
397 * wpa_blacklist_add - Add an BSSID to the blacklist
398 * @wpa_s: Pointer to wpa_supplicant data
399 * @bssid: BSSID to be added to the blacklist
400 * Returns: 0 on success, -1 on failure
401 *
402 * This function adds the specified BSSID to the blacklist or increases the
403 * blacklist count if the BSSID was already listed. It should be called when
404 * an association attempt fails either due to the selected BSS rejecting
405 * association or due to timeout.
406 *
407 * This blacklist is used to force %wpa_supplicant to go through all available
408 * BSSes before retrying to associate with an BSS that rejected or timed out
409 * association. It does not prevent the listed BSS from being used; it only
410 * changes the order in which they are tried.
411 */
412 int wpa_blacklist_add(struct wpa_supplicant *wpa_s, const u8 *bssid)
413 {
414 struct wpa_blacklist *e;
415
416 e = wpa_blacklist_get(wpa_s, bssid);
417 if (e) {
418 e->count++;
419 wpa_printf(MSG_DEBUG, "BSSID " MACSTR " blacklist count "
420 "incremented to %d",
421 MAC2STR(bssid), e->count);
422 return 0;
423 }
424
425 e = os_zalloc(sizeof(*e));
426 if (e == NULL)
427 return -1;
428 os_memcpy(e->bssid, bssid, ETH_ALEN);
429 e->count = 1;
430 e->next = wpa_s->blacklist;
431 wpa_s->blacklist = e;
432 wpa_printf(MSG_DEBUG, "Added BSSID " MACSTR " into blacklist",
433 MAC2STR(bssid));
434
435 return 0;
436 }
437
438
439 static int wpa_blacklist_del(struct wpa_supplicant *wpa_s, const u8 *bssid)
440 {
441 struct wpa_blacklist *e, *prev = NULL;
442
443 e = wpa_s->blacklist;
444 while (e) {
445 if (os_memcmp(e->bssid, bssid, ETH_ALEN) == 0) {
446 if (prev == NULL) {
447 wpa_s->blacklist = e->next;
448 } else {
449 prev->next = e->next;
450 }
451 wpa_printf(MSG_DEBUG, "Removed BSSID " MACSTR " from "
452 "blacklist", MAC2STR(bssid));
453 os_free(e);
454 return 0;
455 }
456 prev = e;
457 e = e->next;
458 }
459 return -1;
460 }
461
462
463 /**
464 * wpa_blacklist_clear - Clear the blacklist of all entries
465 * @wpa_s: Pointer to wpa_supplicant data
466 */
467 void wpa_blacklist_clear(struct wpa_supplicant *wpa_s)
468 {
469 struct wpa_blacklist *e, *prev;
470
471 e = wpa_s->blacklist;
472 wpa_s->blacklist = NULL;
473 while (e) {
474 prev = e;
475 e = e->next;
476 wpa_printf(MSG_DEBUG, "Removed BSSID " MACSTR " from "
477 "blacklist (clear)", MAC2STR(prev->bssid));
478 os_free(prev);
479 }
480 }
481
482
483 /**
484 * wpa_supplicant_req_scan - Schedule a scan for neighboring access points
485 * @wpa_s: Pointer to wpa_supplicant data
486 * @sec: Number of seconds after which to scan
487 * @usec: Number of microseconds after which to scan
488 *
489 * This function is used to schedule a scan for neighboring access points after
490 * the specified time.
491 */
492 void wpa_supplicant_req_scan(struct wpa_supplicant *wpa_s, int sec, int usec)
493 {
494 wpa_msg(wpa_s, MSG_DEBUG, "Setting scan request: %d sec %d usec",
495 sec, usec);
496 eloop_cancel_timeout(wpa_supplicant_scan, wpa_s, NULL);
497 eloop_register_timeout(sec, usec, wpa_supplicant_scan, wpa_s, NULL);
498 }
499
500
501 /**
502 * wpa_supplicant_cancel_scan - Cancel a scheduled scan request
503 * @wpa_s: Pointer to wpa_supplicant data
504 *
505 * This function is used to cancel a scan request scheduled with
506 * wpa_supplicant_req_scan().
507 */
508 void wpa_supplicant_cancel_scan(struct wpa_supplicant *wpa_s)
509 {
510 wpa_msg(wpa_s, MSG_DEBUG, "Cancelling scan request");
511 eloop_cancel_timeout(wpa_supplicant_scan, wpa_s, NULL);
512 }
513
514
515 static void wpa_supplicant_timeout(void *eloop_ctx, void *timeout_ctx)
516 {
517 struct wpa_supplicant *wpa_s = eloop_ctx;
518 const u8 *bssid = wpa_s->bssid;
519 if (os_memcmp(bssid, "\x00\x00\x00\x00\x00\x00", ETH_ALEN) == 0)
520 bssid = wpa_s->pending_bssid;
521 wpa_msg(wpa_s, MSG_INFO, "Authentication with " MACSTR " timed out.",
522 MAC2STR(wpa_s->bssid));
523 wpa_blacklist_add(wpa_s, bssid);
524 wpa_sm_notify_disassoc(wpa_s->wpa);
525 wpa_supplicant_disassociate(wpa_s, REASON_DEAUTH_LEAVING);
526 wpa_s->reassociate = 1;
527 wpa_supplicant_req_scan(wpa_s, 0, 0);
528 }
529
530
531 /**
532 * wpa_supplicant_req_auth_timeout - Schedule a timeout for authentication
533 * @wpa_s: Pointer to wpa_supplicant data
534 * @sec: Number of seconds after which to time out authentication
535 * @usec: Number of microseconds after which to time out authentication
536 *
537 * This function is used to schedule a timeout for the current authentication
538 * attempt.
539 */
540 void wpa_supplicant_req_auth_timeout(struct wpa_supplicant *wpa_s,
541 int sec, int usec)
542 {
543 if (wpa_s->conf && wpa_s->conf->ap_scan == 0 &&
544 wpa_s->driver && os_strcmp(wpa_s->driver->name, "wired") == 0)
545 return;
546
547 wpa_msg(wpa_s, MSG_DEBUG, "Setting authentication timeout: %d sec "
548 "%d usec", sec, usec);
549 eloop_cancel_timeout(wpa_supplicant_timeout, wpa_s, NULL);
550 eloop_register_timeout(sec, usec, wpa_supplicant_timeout, wpa_s, NULL);
551 }
552
553
554 /**
555 * wpa_supplicant_cancel_auth_timeout - Cancel authentication timeout
556 * @wpa_s: Pointer to wpa_supplicant data
557 *
558 * This function is used to cancel authentication timeout scheduled with
559 * wpa_supplicant_req_auth_timeout() and it is called when authentication has
560 * been completed.
561 */
562 void wpa_supplicant_cancel_auth_timeout(struct wpa_supplicant *wpa_s)
563 {
564 wpa_msg(wpa_s, MSG_DEBUG, "Cancelling authentication timeout");
565 eloop_cancel_timeout(wpa_supplicant_timeout, wpa_s, NULL);
566 wpa_blacklist_del(wpa_s, wpa_s->bssid);
567 }
568
569
570 /**
571 * wpa_supplicant_initiate_eapol - Configure EAPOL state machine
572 * @wpa_s: Pointer to wpa_supplicant data
573 *
574 * This function is used to configure EAPOL state machine based on the selected
575 * authentication mode.
576 */
577 void wpa_supplicant_initiate_eapol(struct wpa_supplicant *wpa_s)
578 {
579 #ifdef IEEE8021X_EAPOL
580 struct eapol_config eapol_conf;
581 struct wpa_ssid *ssid = wpa_s->current_ssid;
582
583 if (wpa_s->key_mgmt == WPA_KEY_MGMT_PSK) {
584 eapol_sm_notify_eap_success(wpa_s->eapol, FALSE);
585 eapol_sm_notify_eap_fail(wpa_s->eapol, FALSE);
586 }
587 if (wpa_s->key_mgmt == WPA_KEY_MGMT_NONE ||
588 wpa_s->key_mgmt == WPA_KEY_MGMT_WPA_NONE)
589 eapol_sm_notify_portControl(wpa_s->eapol, ForceAuthorized);
590 else
591 eapol_sm_notify_portControl(wpa_s->eapol, Auto);
592
593 os_memset(&eapol_conf, 0, sizeof(eapol_conf));
594 if (wpa_s->key_mgmt == WPA_KEY_MGMT_IEEE8021X_NO_WPA) {
595 eapol_conf.accept_802_1x_keys = 1;
596 eapol_conf.required_keys = 0;
597 if (ssid->eapol_flags & EAPOL_FLAG_REQUIRE_KEY_UNICAST) {
598 eapol_conf.required_keys |= EAPOL_REQUIRE_KEY_UNICAST;
599 }
600 if (ssid->eapol_flags & EAPOL_FLAG_REQUIRE_KEY_BROADCAST) {
601 eapol_conf.required_keys |=
602 EAPOL_REQUIRE_KEY_BROADCAST;
603 }
604
605 if (wpa_s->conf && wpa_s->driver &&
606 os_strcmp(wpa_s->driver->name, "wired") == 0) {
607 eapol_conf.required_keys = 0;
608 }
609 }
610 if (wpa_s->conf)
611 eapol_conf.fast_reauth = wpa_s->conf->fast_reauth;
612 eapol_conf.workaround = ssid->eap_workaround;
613 eapol_conf.eap_disabled = wpa_s->key_mgmt != WPA_KEY_MGMT_IEEE8021X &&
614 wpa_s->key_mgmt != WPA_KEY_MGMT_IEEE8021X_NO_WPA;
615 eapol_sm_notify_config(wpa_s->eapol, ssid, &eapol_conf);
616 #endif /* IEEE8021X_EAPOL */
617 }
618
619
620 /**
621 * wpa_supplicant_set_non_wpa_policy - Set WPA parameters to non-WPA mode
622 * @wpa_s: Pointer to wpa_supplicant data
623 * @ssid: Configuration data for the network
624 *
625 * This function is used to configure WPA state machine and related parameters
626 * to a mode where WPA is not enabled. This is called as part of the
627 * authentication configuration when the selected network does not use WPA.
628 */
629 void wpa_supplicant_set_non_wpa_policy(struct wpa_supplicant *wpa_s,
630 struct wpa_ssid *ssid)
631 {
632 int i;
633
634 if (ssid->key_mgmt & WPA_KEY_MGMT_IEEE8021X_NO_WPA)
635 wpa_s->key_mgmt = WPA_KEY_MGMT_IEEE8021X_NO_WPA;
636 else
637 wpa_s->key_mgmt = WPA_KEY_MGMT_NONE;
638 wpa_sm_set_ap_wpa_ie(wpa_s->wpa, NULL, 0);
639 wpa_sm_set_ap_rsn_ie(wpa_s->wpa, NULL, 0);
640 wpa_sm_set_assoc_wpa_ie(wpa_s->wpa, NULL, 0);
641 wpa_s->pairwise_cipher = WPA_CIPHER_NONE;
642 wpa_s->group_cipher = WPA_CIPHER_NONE;
643 wpa_s->mgmt_group_cipher = 0;
644
645 for (i = 0; i < NUM_WEP_KEYS; i++) {
646 if (ssid->wep_key_len[i] > 5) {
647 wpa_s->pairwise_cipher = WPA_CIPHER_WEP104;
648 wpa_s->group_cipher = WPA_CIPHER_WEP104;
649 break;
650 } else if (ssid->wep_key_len[i] > 0) {
651 wpa_s->pairwise_cipher = WPA_CIPHER_WEP40;
652 wpa_s->group_cipher = WPA_CIPHER_WEP40;
653 break;
654 }
655 }
656
657 wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_KEY_MGMT, wpa_s->key_mgmt);
658 wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_PAIRWISE,
659 wpa_s->pairwise_cipher);
660 wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_GROUP, wpa_s->group_cipher);
661 #ifdef CONFIG_IEEE80211W
662 wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_MGMT_GROUP,
663 wpa_s->mgmt_group_cipher);
664 #endif /* CONFIG_IEEE80211W */
665
666 pmksa_cache_clear_current(wpa_s->wpa);
667 }
668
669
670 static void wpa_supplicant_cleanup(struct wpa_supplicant *wpa_s)
671 {
672 scard_deinit(wpa_s->scard);
673 wpa_s->scard = NULL;
674 wpa_sm_set_scard_ctx(wpa_s->wpa, NULL);
675 eapol_sm_register_scard_ctx(wpa_s->eapol, NULL);
676 l2_packet_deinit(wpa_s->l2);
677 wpa_s->l2 = NULL;
678 if (wpa_s->l2_br) {
679 l2_packet_deinit(wpa_s->l2_br);
680 wpa_s->l2_br = NULL;
681 }
682
683 if (wpa_s->ctrl_iface) {
684 wpa_supplicant_ctrl_iface_deinit(wpa_s->ctrl_iface);
685 wpa_s->ctrl_iface = NULL;
686 }
687 if (wpa_s->conf != NULL) {
688 wpa_config_free(wpa_s->conf);
689 wpa_s->conf = NULL;
690 }
691
692 os_free(wpa_s->confname);
693 wpa_s->confname = NULL;
694
695 wpa_sm_set_eapol(wpa_s->wpa, NULL);
696 eapol_sm_deinit(wpa_s->eapol);
697 wpa_s->eapol = NULL;
698
699 rsn_preauth_deinit(wpa_s->wpa);
700
701 pmksa_candidate_free(wpa_s->wpa);
702 wpa_sm_deinit(wpa_s->wpa);
703 wpa_s->wpa = NULL;
704 wpa_blacklist_clear(wpa_s);
705
706 os_free(wpa_s->scan_results);
707 wpa_s->scan_results = NULL;
708 wpa_s->num_scan_results = 0;
709
710 wpa_supplicant_cancel_scan(wpa_s);
711 wpa_supplicant_cancel_auth_timeout(wpa_s);
712
713 ieee80211_sta_deinit(wpa_s);
714 }
715
716
717 /**
718 * wpa_clear_keys - Clear keys configured for the driver
719 * @wpa_s: Pointer to wpa_supplicant data
720 * @addr: Previously used BSSID or %NULL if not available
721 *
722 * This function clears the encryption keys that has been previously configured
723 * for the driver.
724 */
725 void wpa_clear_keys(struct wpa_supplicant *wpa_s, const u8 *addr)
726 {
727 u8 *bcast = (u8 *) "\xff\xff\xff\xff\xff\xff";
728
729 if (wpa_s->keys_cleared) {
730 /* Some drivers (e.g., ndiswrapper & NDIS drivers) seem to have
731 * timing issues with keys being cleared just before new keys
732 * are set or just after association or something similar. This
733 * shows up in group key handshake failing often because of the
734 * client not receiving the first encrypted packets correctly.
735 * Skipping some of the extra key clearing steps seems to help
736 * in completing group key handshake more reliably. */
737 wpa_printf(MSG_DEBUG, "No keys have been configured - "
738 "skip key clearing");
739 return;
740 }
741
742 /* MLME-DELETEKEYS.request */
743 wpa_drv_set_key(wpa_s, WPA_ALG_NONE, bcast, 0, 0, NULL, 0, NULL, 0);
744 wpa_drv_set_key(wpa_s, WPA_ALG_NONE, bcast, 1, 0, NULL, 0, NULL, 0);
745 wpa_drv_set_key(wpa_s, WPA_ALG_NONE, bcast, 2, 0, NULL, 0, NULL, 0);
746 wpa_drv_set_key(wpa_s, WPA_ALG_NONE, bcast, 3, 0, NULL, 0, NULL, 0);
747 if (addr) {
748 wpa_drv_set_key(wpa_s, WPA_ALG_NONE, addr, 0, 0, NULL, 0, NULL,
749 0);
750 /* MLME-SETPROTECTION.request(None) */
751 wpa_drv_mlme_setprotection(
752 wpa_s, addr,
753 MLME_SETPROTECTION_PROTECT_TYPE_NONE,
754 MLME_SETPROTECTION_KEY_TYPE_PAIRWISE);
755 }
756 wpa_s->keys_cleared = 1;
757 }
758
759
760 /**
761 * wpa_supplicant_state_txt - Get the connection state name as a text string
762 * @state: State (wpa_state; WPA_*)
763 * Returns: The state name as a printable text string
764 */
765 const char * wpa_supplicant_state_txt(int state)
766 {
767 switch (state) {
768 case WPA_DISCONNECTED:
769 return "DISCONNECTED";
770 case WPA_INACTIVE:
771 return "INACTIVE";
772 case WPA_SCANNING:
773 return "SCANNING";
774 case WPA_ASSOCIATING:
775 return "ASSOCIATING";
776 case WPA_ASSOCIATED:
777 return "ASSOCIATED";
778 case WPA_4WAY_HANDSHAKE:
779 return "4WAY_HANDSHAKE";
780 case WPA_GROUP_HANDSHAKE:
781 return "GROUP_HANDSHAKE";
782 case WPA_COMPLETED:
783 return "COMPLETED";
784 default:
785 return "UNKNOWN";
786 }
787 }
788
789
790 /**
791 * wpa_supplicant_set_state - Set current connection state
792 * @wpa_s: Pointer to wpa_supplicant data
793 * @state: The new connection state
794 *
795 * This function is called whenever the connection state changes, e.g.,
796 * association is completed for WPA/WPA2 4-Way Handshake is started.
797 */
798 void wpa_supplicant_set_state(struct wpa_supplicant *wpa_s, wpa_states state)
799 {
800 wpa_printf(MSG_DEBUG, "State: %s -> %s",
801 wpa_supplicant_state_txt(wpa_s->wpa_state),
802 wpa_supplicant_state_txt(state));
803
804 wpa_supplicant_dbus_notify_state_change(wpa_s, state,
805 wpa_s->wpa_state);
806
807 if (state == WPA_COMPLETED && wpa_s->new_connection) {
808 #if defined(CONFIG_CTRL_IFACE) || !defined(CONFIG_NO_STDOUT_DEBUG)
809 struct wpa_ssid *ssid = wpa_s->current_ssid;
810 wpa_msg(wpa_s, MSG_INFO, WPA_EVENT_CONNECTED "- Connection to "
811 MACSTR " completed %s [id=%d id_str=%s]",
812 MAC2STR(wpa_s->bssid), wpa_s->reassociated_connection ?
813 "(reauth)" : "(auth)",
814 ssid ? ssid->id : -1,
815 ssid && ssid->id_str ? ssid->id_str : "");
816 #endif /* CONFIG_CTRL_IFACE || !CONFIG_NO_STDOUT_DEBUG */
817 wpa_s->new_connection = 0;
818 wpa_s->reassociated_connection = 1;
819 wpa_drv_set_operstate(wpa_s, 1);
820 } else if (state == WPA_DISCONNECTED || state == WPA_ASSOCIATING ||
821 state == WPA_ASSOCIATED) {
822 wpa_s->new_connection = 1;
823 wpa_drv_set_operstate(wpa_s, 0);
824 }
825 wpa_s->wpa_state = state;
826 }
827
828
829 /**
830 * wpa_supplicant_get_state - Get the connection state
831 * @wpa_s: Pointer to wpa_supplicant data
832 * Returns: The current connection state (WPA_*)
833 */
834 wpa_states wpa_supplicant_get_state(struct wpa_supplicant *wpa_s)
835 {
836 return wpa_s->wpa_state;
837 }
838
839
840 static void wpa_supplicant_terminate(int sig, void *eloop_ctx,
841 void *signal_ctx)
842 {
843 struct wpa_global *global = eloop_ctx;
844 struct wpa_supplicant *wpa_s;
845 for (wpa_s = global->ifaces; wpa_s; wpa_s = wpa_s->next) {
846 wpa_msg(wpa_s, MSG_INFO, WPA_EVENT_TERMINATING "- signal %d "
847 "received", sig);
848 }
849 eloop_terminate();
850 }
851
852
853 static void wpa_supplicant_clear_status(struct wpa_supplicant *wpa_s)
854 {
855 wpa_s->pairwise_cipher = 0;
856 wpa_s->group_cipher = 0;
857 wpa_s->mgmt_group_cipher = 0;
858 wpa_s->key_mgmt = 0;
859 wpa_s->wpa_state = WPA_DISCONNECTED;
860 }
861
862
863 /**
864 * wpa_supplicant_reload_configuration - Reload configuration data
865 * @wpa_s: Pointer to wpa_supplicant data
866 * Returns: 0 on success or -1 if configuration parsing failed
867 *
868 * This function can be used to request that the configuration data is reloaded
869 * (e.g., after configuration file change). This function is reloading
870 * configuration only for one interface, so this may need to be called multiple
871 * times if %wpa_supplicant is controlling multiple interfaces and all
872 * interfaces need reconfiguration.
873 */
874 int wpa_supplicant_reload_configuration(struct wpa_supplicant *wpa_s)
875 {
876 struct wpa_config *conf;
877 int reconf_ctrl;
878 if (wpa_s->confname == NULL)
879 return -1;
880 conf = wpa_config_read(wpa_s->confname);
881 if (conf == NULL) {
882 wpa_msg(wpa_s, MSG_ERROR, "Failed to parse the configuration "
883 "file '%s' - exiting", wpa_s->confname);
884 return -1;
885 }
886
887 reconf_ctrl = !!conf->ctrl_interface != !!wpa_s->conf->ctrl_interface
888 || (conf->ctrl_interface && wpa_s->conf->ctrl_interface &&
889 os_strcmp(conf->ctrl_interface,
890 wpa_s->conf->ctrl_interface) != 0);
891
892 if (reconf_ctrl && wpa_s->ctrl_iface) {
893 wpa_supplicant_ctrl_iface_deinit(wpa_s->ctrl_iface);
894 wpa_s->ctrl_iface = NULL;
895 }
896
897 eapol_sm_invalidate_cached_session(wpa_s->eapol);
898 wpa_s->current_ssid = NULL;
899 /*
900 * TODO: should notify EAPOL SM about changes in opensc_engine_path,
901 * pkcs11_engine_path, pkcs11_module_path.
902 */
903 eapol_sm_notify_config(wpa_s->eapol, NULL, NULL);
904 wpa_sm_set_config(wpa_s->wpa, NULL);
905 wpa_sm_set_fast_reauth(wpa_s->wpa, wpa_s->conf->fast_reauth);
906 rsn_preauth_deinit(wpa_s->wpa);
907 wpa_config_free(wpa_s->conf);
908 wpa_s->conf = conf;
909 if (reconf_ctrl)
910 wpa_s->ctrl_iface = wpa_supplicant_ctrl_iface_init(wpa_s);
911
912 wpa_supplicant_clear_status(wpa_s);
913 wpa_s->reassociate = 1;
914 wpa_supplicant_req_scan(wpa_s, 0, 0);
915 wpa_msg(wpa_s, MSG_DEBUG, "Reconfiguration completed");
916 return 0;
917 }
918
919
920 static void wpa_supplicant_reconfig(int sig, void *eloop_ctx,
921 void *signal_ctx)
922 {
923 struct wpa_global *global = eloop_ctx;
924 struct wpa_supplicant *wpa_s;
925 wpa_printf(MSG_DEBUG, "Signal %d received - reconfiguring", sig);
926 for (wpa_s = global->ifaces; wpa_s; wpa_s = wpa_s->next) {
927 if (wpa_supplicant_reload_configuration(wpa_s) < 0) {
928 eloop_terminate();
929 }
930 }
931 }
932
933
934 static void wpa_supplicant_gen_assoc_event(struct wpa_supplicant *wpa_s)
935 {
936 struct wpa_ssid *ssid;
937 union wpa_event_data data;
938
939 ssid = wpa_supplicant_get_ssid(wpa_s);
940 if (ssid == NULL)
941 return;
942
943 if (wpa_s->current_ssid == NULL)
944 wpa_s->current_ssid = ssid;
945 wpa_supplicant_initiate_eapol(wpa_s);
946 wpa_printf(MSG_DEBUG, "Already associated with a configured network - "
947 "generating associated event");
948 os_memset(&data, 0, sizeof(data));
949 wpa_supplicant_event(wpa_s, EVENT_ASSOC, &data);
950 }
951
952
953 static void wpa_supplicant_scan(void *eloop_ctx, void *timeout_ctx)
954 {
955 struct wpa_supplicant *wpa_s = eloop_ctx;
956 struct wpa_ssid *ssid;
957 int enabled, scan_req = 0, ret;
958
959 if (wpa_s->disconnected)
960 return;
961
962 enabled = 0;
963 ssid = wpa_s->conf->ssid;
964 while (ssid) {
965 if (!ssid->disabled) {
966 enabled++;
967 break;
968 }
969 ssid = ssid->next;
970 }
971 if (!enabled && !wpa_s->scan_req) {
972 wpa_printf(MSG_DEBUG, "No enabled networks - do not scan");
973 wpa_supplicant_set_state(wpa_s, WPA_INACTIVE);
974 return;
975 }
976 scan_req = wpa_s->scan_req;
977 wpa_s->scan_req = 0;
978
979 if (wpa_s->conf->ap_scan != 0 &&
980 wpa_s->driver && os_strcmp(wpa_s->driver->name, "wired") == 0) {
981 wpa_printf(MSG_DEBUG, "Using wired driver - overriding "
982 "ap_scan configuration");
983 wpa_s->conf->ap_scan = 0;
984 }
985
986 if (wpa_s->conf->ap_scan == 0) {
987 wpa_supplicant_gen_assoc_event(wpa_s);
988 return;
989 }
990
991 if (wpa_s->wpa_state == WPA_DISCONNECTED ||
992 wpa_s->wpa_state == WPA_INACTIVE)
993 wpa_supplicant_set_state(wpa_s, WPA_SCANNING);
994
995 ssid = wpa_s->conf->ssid;
996 if (wpa_s->prev_scan_ssid != BROADCAST_SSID_SCAN) {
997 while (ssid) {
998 if (ssid == wpa_s->prev_scan_ssid) {
999 ssid = ssid->next;
1000 break;
1001 }
1002 ssid = ssid->next;
1003 }
1004 }
1005 while (ssid) {
1006 if (!ssid->disabled &&
1007 (ssid->scan_ssid || wpa_s->conf->ap_scan == 2))
1008 break;
1009 ssid = ssid->next;
1010 }
1011
1012 if (scan_req != 2 && wpa_s->conf->ap_scan == 2) {
1013 /*
1014 * ap_scan=2 mode - try to associate with each SSID instead of
1015 * scanning for each scan_ssid=1 network.
1016 */
1017 if (ssid == NULL) {
1018 wpa_printf(MSG_DEBUG, "wpa_supplicant_scan: Reached "
1019 "end of scan list - go back to beginning");
1020 wpa_s->prev_scan_ssid = BROADCAST_SSID_SCAN;
1021 wpa_supplicant_req_scan(wpa_s, 0, 0);
1022 return;
1023 }
1024 if (ssid->next) {
1025 /* Continue from the next SSID on the next attempt. */
1026 wpa_s->prev_scan_ssid = ssid;
1027 } else {
1028 /* Start from the beginning of the SSID list. */
1029 wpa_s->prev_scan_ssid = BROADCAST_SSID_SCAN;
1030 }
1031 wpa_supplicant_associate(wpa_s, NULL, ssid);
1032 return;
1033 }
1034
1035 wpa_printf(MSG_DEBUG, "Starting AP scan (%s SSID)",
1036 ssid ? "specific": "broadcast");
1037 if (ssid) {
1038 wpa_hexdump_ascii(MSG_DEBUG, "Scan SSID",
1039 ssid->ssid, ssid->ssid_len);
1040 wpa_s->prev_scan_ssid = ssid;
1041 } else
1042 wpa_s->prev_scan_ssid = BROADCAST_SSID_SCAN;
1043
1044 if (wpa_s->scan_res_tried == 0 && wpa_s->conf->ap_scan == 1) {
1045 wpa_s->scan_res_tried++;
1046 wpa_printf(MSG_DEBUG, "Trying to get current scan results "
1047 "first without requesting a new scan to speed up "
1048 "initial association");
1049 wpa_supplicant_event(wpa_s, EVENT_SCAN_RESULTS, NULL);
1050 return;
1051 }
1052
1053 if (wpa_s->use_client_mlme) {
1054 ret = ieee80211_sta_req_scan(wpa_s, ssid ? ssid->ssid : NULL,
1055 ssid ? ssid->ssid_len : 0);
1056 } else {
1057 ret = wpa_drv_scan(wpa_s, ssid ? ssid->ssid : NULL,
1058 ssid ? ssid->ssid_len : 0);
1059 }
1060 if (ret) {
1061 wpa_printf(MSG_WARNING, "Failed to initiate AP scan.");
1062 wpa_supplicant_req_scan(wpa_s, 10, 0);
1063 }
1064 }
1065
1066
1067 static wpa_cipher cipher_suite2driver(int cipher)
1068 {
1069 switch (cipher) {
1070 case WPA_CIPHER_NONE:
1071 return CIPHER_NONE;
1072 case WPA_CIPHER_WEP40:
1073 return CIPHER_WEP40;
1074 case WPA_CIPHER_WEP104:
1075 return CIPHER_WEP104;
1076 case WPA_CIPHER_CCMP:
1077 return CIPHER_CCMP;
1078 case WPA_CIPHER_TKIP:
1079 default:
1080 return CIPHER_TKIP;
1081 }
1082 }
1083
1084
1085 static wpa_key_mgmt key_mgmt2driver(int key_mgmt)
1086 {
1087 switch (key_mgmt) {
1088 case WPA_KEY_MGMT_NONE:
1089 return KEY_MGMT_NONE;
1090 case WPA_KEY_MGMT_IEEE8021X_NO_WPA:
1091 return KEY_MGMT_802_1X_NO_WPA;
1092 case WPA_KEY_MGMT_IEEE8021X:
1093 return KEY_MGMT_802_1X;
1094 case WPA_KEY_MGMT_WPA_NONE:
1095 return KEY_MGMT_WPA_NONE;
1096 case WPA_KEY_MGMT_PSK:
1097 default:
1098 return KEY_MGMT_PSK;
1099 }
1100 }
1101
1102
1103 static int wpa_supplicant_suites_from_ai(struct wpa_supplicant *wpa_s,
1104 struct wpa_ssid *ssid,
1105 struct wpa_ie_data *ie)
1106 {
1107 int ret = wpa_sm_parse_own_wpa_ie(wpa_s->wpa, ie);
1108 if (ret) {
1109 if (ret == -2) {
1110 wpa_msg(wpa_s, MSG_INFO, "WPA: Failed to parse WPA IE "
1111 "from association info");
1112 }
1113 return -1;
1114 }
1115
1116 wpa_printf(MSG_DEBUG, "WPA: Using WPA IE from AssocReq to set cipher "
1117 "suites");
1118 if (!(ie->group_cipher & ssid->group_cipher)) {
1119 wpa_msg(wpa_s, MSG_INFO, "WPA: Driver used disabled group "
1120 "cipher 0x%x (mask 0x%x) - reject",
1121 ie->group_cipher, ssid->group_cipher);
1122 return -1;
1123 }
1124 if (!(ie->pairwise_cipher & ssid->pairwise_cipher)) {
1125 wpa_msg(wpa_s, MSG_INFO, "WPA: Driver used disabled pairwise "
1126 "cipher 0x%x (mask 0x%x) - reject",
1127 ie->pairwise_cipher, ssid->pairwise_cipher);
1128 return -1;
1129 }
1130 if (!(ie->key_mgmt & ssid->key_mgmt)) {
1131 wpa_msg(wpa_s, MSG_INFO, "WPA: Driver used disabled key "
1132 "management 0x%x (mask 0x%x) - reject",
1133 ie->key_mgmt, ssid->key_mgmt);
1134 return -1;
1135 }
1136
1137 #ifdef CONFIG_IEEE80211W
1138 if (!(ie->capabilities & WPA_CAPABILITY_MGMT_FRAME_PROTECTION) &&
1139 ssid->ieee80211w == IEEE80211W_REQUIRED) {
1140 wpa_msg(wpa_s, MSG_INFO, "WPA: Driver associated with an AP "
1141 "that does not support management frame protection - "
1142 "reject");
1143 return -1;
1144 }
1145 #endif /* CONFIG_IEEE80211W */
1146
1147 return 0;
1148 }
1149
1150
1151 /**
1152 * wpa_supplicant_set_suites - Set authentication and encryption parameters
1153 * @wpa_s: Pointer to wpa_supplicant data
1154 * @bss: Scan results for the selected BSS, or %NULL if not available
1155 * @ssid: Configuration data for the selected network
1156 * @wpa_ie: Buffer for the WPA/RSN IE
1157 * @wpa_ie_len: Maximum wpa_ie buffer size on input. This is changed to be the
1158 * used buffer length in case the functions returns success.
1159 * Returns: 0 on success or -1 on failure
1160 *
1161 * This function is used to configure authentication and encryption parameters
1162 * based on the network configuration and scan result for the selected BSS (if
1163 * available).
1164 */
1165 int wpa_supplicant_set_suites(struct wpa_supplicant *wpa_s,
1166 struct wpa_scan_result *bss,
1167 struct wpa_ssid *ssid,
1168 u8 *wpa_ie, size_t *wpa_ie_len)
1169 {
1170 struct wpa_ie_data ie;
1171 int sel, proto;
1172
1173 if (bss && bss->rsn_ie_len && (ssid->proto & WPA_PROTO_RSN) &&
1174 wpa_parse_wpa_ie(bss->rsn_ie, bss->rsn_ie_len, &ie) == 0 &&
1175 (ie.group_cipher & ssid->group_cipher) &&
1176 (ie.pairwise_cipher & ssid->pairwise_cipher) &&
1177 (ie.key_mgmt & ssid->key_mgmt)) {
1178 wpa_msg(wpa_s, MSG_DEBUG, "RSN: using IEEE 802.11i/D9.0");
1179 proto = WPA_PROTO_RSN;
1180 } else if (bss && bss->wpa_ie_len && (ssid->proto & WPA_PROTO_WPA) &&
1181 wpa_parse_wpa_ie(bss->wpa_ie, bss->wpa_ie_len, &ie) == 0 &&
1182 (ie.group_cipher & ssid->group_cipher) &&
1183 (ie.pairwise_cipher & ssid->pairwise_cipher) &&
1184 (ie.key_mgmt & ssid->key_mgmt)) {
1185 wpa_msg(wpa_s, MSG_DEBUG, "WPA: using IEEE 802.11i/D3.0");
1186 proto = WPA_PROTO_WPA;
1187 } else if (bss) {
1188 wpa_msg(wpa_s, MSG_WARNING, "WPA: Failed to select WPA/RSN");
1189 return -1;
1190 } else {
1191 if (ssid->proto & WPA_PROTO_RSN)
1192 proto = WPA_PROTO_RSN;
1193 else
1194 proto = WPA_PROTO_WPA;
1195 if (wpa_supplicant_suites_from_ai(wpa_s, ssid, &ie) < 0) {
1196 os_memset(&ie, 0, sizeof(ie));
1197 ie.group_cipher = ssid->group_cipher;
1198 ie.pairwise_cipher = ssid->pairwise_cipher;
1199 ie.key_mgmt = ssid->key_mgmt;
1200 #ifdef CONFIG_IEEE80211W
1201 ie.mgmt_group_cipher =
1202 ssid->ieee80211w != NO_IEEE80211W ?
1203 WPA_CIPHER_AES_128_CMAC : 0;
1204 #endif /* CONFIG_IEEE80211W */
1205 wpa_printf(MSG_DEBUG, "WPA: Set cipher suites based "
1206 "on configuration");
1207 } else
1208 proto = ie.proto;
1209 }
1210
1211 wpa_printf(MSG_DEBUG, "WPA: Selected cipher suites: group %d "
1212 "pairwise %d key_mgmt %d proto %d",
1213 ie.group_cipher, ie.pairwise_cipher, ie.key_mgmt, proto);
1214 #ifdef CONFIG_IEEE80211W
1215 if (ssid->ieee80211w) {
1216 wpa_printf(MSG_DEBUG, "WPA: Selected mgmt group cipher %d",
1217 ie.mgmt_group_cipher);
1218 }
1219 #endif /* CONFIG_IEEE80211W */
1220
1221 wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_PROTO, proto);
1222
1223 if (wpa_sm_set_ap_wpa_ie(wpa_s->wpa, bss ? bss->wpa_ie : NULL,
1224 bss ? bss->wpa_ie_len : 0) ||
1225 wpa_sm_set_ap_rsn_ie(wpa_s->wpa, bss ? bss->rsn_ie : NULL,
1226 bss ? bss->rsn_ie_len : 0))
1227 return -1;
1228
1229 sel = ie.group_cipher & ssid->group_cipher;
1230 if (sel & WPA_CIPHER_CCMP) {
1231 wpa_s->group_cipher = WPA_CIPHER_CCMP;
1232 wpa_msg(wpa_s, MSG_DEBUG, "WPA: using GTK CCMP");
1233 } else if (sel & WPA_CIPHER_TKIP) {
1234 wpa_s->group_cipher = WPA_CIPHER_TKIP;
1235 wpa_msg(wpa_s, MSG_DEBUG, "WPA: using GTK TKIP");
1236 } else if (sel & WPA_CIPHER_WEP104) {
1237 wpa_s->group_cipher = WPA_CIPHER_WEP104;
1238 wpa_msg(wpa_s, MSG_DEBUG, "WPA: using GTK WEP104");
1239 } else if (sel & WPA_CIPHER_WEP40) {
1240 wpa_s->group_cipher = WPA_CIPHER_WEP40;
1241 wpa_msg(wpa_s, MSG_DEBUG, "WPA: using GTK WEP40");
1242 } else {
1243 wpa_printf(MSG_WARNING, "WPA: Failed to select group cipher.");
1244 return -1;
1245 }
1246
1247 sel = ie.pairwise_cipher & ssid->pairwise_cipher;
1248 if (sel & WPA_CIPHER_CCMP) {
1249 wpa_s->pairwise_cipher = WPA_CIPHER_CCMP;
1250 wpa_msg(wpa_s, MSG_DEBUG, "WPA: using PTK CCMP");
1251 } else if (sel & WPA_CIPHER_TKIP) {
1252 wpa_s->pairwise_cipher = WPA_CIPHER_TKIP;
1253 wpa_msg(wpa_s, MSG_DEBUG, "WPA: using PTK TKIP");
1254 } else if (sel & WPA_CIPHER_NONE) {
1255 wpa_s->pairwise_cipher = WPA_CIPHER_NONE;
1256 wpa_msg(wpa_s, MSG_DEBUG, "WPA: using PTK NONE");
1257 } else {
1258 wpa_printf(MSG_WARNING, "WPA: Failed to select pairwise "
1259 "cipher.");
1260 return -1;
1261 }
1262
1263 sel = ie.key_mgmt & ssid->key_mgmt;
1264 if (sel & WPA_KEY_MGMT_IEEE8021X) {
1265 wpa_s->key_mgmt = WPA_KEY_MGMT_IEEE8021X;
1266 wpa_msg(wpa_s, MSG_DEBUG, "WPA: using KEY_MGMT 802.1X");
1267 } else if (sel & WPA_KEY_MGMT_PSK) {
1268 wpa_s->key_mgmt = WPA_KEY_MGMT_PSK;
1269 wpa_msg(wpa_s, MSG_DEBUG, "WPA: using KEY_MGMT WPA-PSK");
1270 } else if (sel & WPA_KEY_MGMT_WPA_NONE) {
1271 wpa_s->key_mgmt = WPA_KEY_MGMT_WPA_NONE;
1272 wpa_msg(wpa_s, MSG_DEBUG, "WPA: using KEY_MGMT WPA-NONE");
1273 } else {
1274 wpa_printf(MSG_WARNING, "WPA: Failed to select authenticated "
1275 "key management type.");
1276 return -1;
1277 }
1278
1279 wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_KEY_MGMT, wpa_s->key_mgmt);
1280 wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_PAIRWISE,
1281 wpa_s->pairwise_cipher);
1282 wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_GROUP, wpa_s->group_cipher);
1283
1284 #ifdef CONFIG_IEEE80211W
1285 sel = ie.mgmt_group_cipher;
1286 if (ssid->ieee80211w == NO_IEEE80211W ||
1287 !(ie.capabilities & WPA_CAPABILITY_MGMT_FRAME_PROTECTION))
1288 sel = 0;
1289 if (sel & WPA_CIPHER_AES_128_CMAC) {
1290 wpa_s->mgmt_group_cipher = WPA_CIPHER_AES_128_CMAC;
1291 wpa_msg(wpa_s, MSG_DEBUG, "WPA: using MGMT group cipher "
1292 "AES-128-CMAC");
1293 } else {
1294 wpa_s->mgmt_group_cipher = 0;
1295 wpa_msg(wpa_s, MSG_DEBUG, "WPA: not using MGMT group cipher");
1296 }
1297 wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_MGMT_GROUP,
1298 wpa_s->mgmt_group_cipher);
1299 #endif /* CONFIG_IEEE80211W */
1300
1301 if (wpa_sm_set_assoc_wpa_ie_default(wpa_s->wpa, wpa_ie, wpa_ie_len)) {
1302 wpa_printf(MSG_WARNING, "WPA: Failed to generate WPA IE.");
1303 return -1;
1304 }
1305
1306 if (ssid->key_mgmt & WPA_KEY_MGMT_PSK)
1307 wpa_sm_set_pmk(wpa_s->wpa, ssid->psk, PMK_LEN);
1308 else
1309 wpa_sm_set_pmk_from_pmksa(wpa_s->wpa);
1310
1311 return 0;
1312 }
1313
1314
1315 /**
1316 * wpa_supplicant_associate - Request association
1317 * @wpa_s: Pointer to wpa_supplicant data
1318 * @bss: Scan results for the selected BSS, or %NULL if not available
1319 * @ssid: Configuration data for the selected network
1320 *
1321 * This function is used to request %wpa_supplicant to associate with a BSS.
1322 */
1323 void wpa_supplicant_associate(struct wpa_supplicant *wpa_s,
1324 struct wpa_scan_result *bss,
1325 struct wpa_ssid *ssid)
1326 {
1327 u8 wpa_ie[80];
1328 size_t wpa_ie_len;
1329 int use_crypt, ret, i;
1330 int algs = AUTH_ALG_OPEN_SYSTEM;
1331 wpa_cipher cipher_pairwise, cipher_group;
1332 struct wpa_driver_associate_params params;
1333 int wep_keys_set = 0;
1334 struct wpa_driver_capa capa;
1335 int assoc_failed = 0;
1336
1337 wpa_s->reassociate = 0;
1338 if (bss) {
1339 wpa_msg(wpa_s, MSG_INFO, "Trying to associate with " MACSTR
1340 " (SSID='%s' freq=%d MHz)", MAC2STR(bss->bssid),
1341 wpa_ssid_txt(bss->ssid, bss->ssid_len), bss->freq);
1342 os_memset(wpa_s->bssid, 0, ETH_ALEN);
1343 os_memcpy(wpa_s->pending_bssid, bss->bssid, ETH_ALEN);
1344 } else {
1345 wpa_msg(wpa_s, MSG_INFO, "Trying to associate with SSID '%s'",
1346 wpa_ssid_txt(ssid->ssid, ssid->ssid_len));
1347 os_memset(wpa_s->pending_bssid, 0, ETH_ALEN);
1348 }
1349 wpa_supplicant_cancel_scan(wpa_s);
1350
1351 /* Starting new association, so clear the possibly used WPA IE from the
1352 * previous association. */
1353 wpa_sm_set_assoc_wpa_ie(wpa_s->wpa, NULL, 0);
1354
1355 #ifdef IEEE8021X_EAPOL
1356 if (ssid->key_mgmt & WPA_KEY_MGMT_IEEE8021X_NO_WPA) {
1357 if (ssid->leap) {
1358 if (ssid->non_leap == 0)
1359 algs = AUTH_ALG_LEAP;
1360 else
1361 algs |= AUTH_ALG_LEAP;
1362 }
1363 }
1364 #endif /* IEEE8021X_EAPOL */
1365 wpa_printf(MSG_DEBUG, "Automatic auth_alg selection: 0x%x", algs);
1366 if (ssid->auth_alg) {
1367 algs = 0;
1368 if (ssid->auth_alg & WPA_AUTH_ALG_OPEN)
1369 algs |= AUTH_ALG_OPEN_SYSTEM;
1370 if (ssid->auth_alg & WPA_AUTH_ALG_SHARED)
1371 algs |= AUTH_ALG_SHARED_KEY;
1372 if (ssid->auth_alg & WPA_AUTH_ALG_LEAP)
1373 algs |= AUTH_ALG_LEAP;
1374 wpa_printf(MSG_DEBUG, "Overriding auth_alg selection: 0x%x",
1375 algs);
1376 }
1377 wpa_drv_set_auth_alg(wpa_s, algs);
1378
1379 if (bss && (bss->wpa_ie_len || bss->rsn_ie_len) &&
1380 (ssid->key_mgmt & (WPA_KEY_MGMT_IEEE8021X | WPA_KEY_MGMT_PSK))) {
1381 int try_opportunistic;
1382 try_opportunistic = ssid->proactive_key_caching &&
1383 (ssid->proto & WPA_PROTO_RSN);
1384 if (pmksa_cache_set_current(wpa_s->wpa, NULL, bss->bssid,
1385 wpa_s->current_ssid,
1386 try_opportunistic) == 0)
1387 eapol_sm_notify_pmkid_attempt(wpa_s->eapol, 1);
1388 wpa_ie_len = sizeof(wpa_ie);
1389 if (wpa_supplicant_set_suites(wpa_s, bss, ssid,
1390 wpa_ie, &wpa_ie_len)) {
1391 wpa_printf(MSG_WARNING, "WPA: Failed to set WPA key "
1392 "management and encryption suites");
1393 return;
1394 }
1395 } else if (ssid->key_mgmt &
1396 (WPA_KEY_MGMT_PSK | WPA_KEY_MGMT_IEEE8021X |
1397 WPA_KEY_MGMT_WPA_NONE)) {
1398 wpa_ie_len = sizeof(wpa_ie);
1399 if (wpa_supplicant_set_suites(wpa_s, NULL, ssid,
1400 wpa_ie, &wpa_ie_len)) {
1401 wpa_printf(MSG_WARNING, "WPA: Failed to set WPA key "
1402 "management and encryption suites (no scan "
1403 "results)");
1404 return;
1405 }
1406 } else {
1407 wpa_supplicant_set_non_wpa_policy(wpa_s, ssid);
1408 wpa_ie_len = 0;
1409 }
1410
1411 wpa_clear_keys(wpa_s, bss ? bss->bssid : NULL);
1412 use_crypt = 1;
1413 cipher_pairwise = cipher_suite2driver(wpa_s->pairwise_cipher);
1414 cipher_group = cipher_suite2driver(wpa_s->group_cipher);
1415 if (wpa_s->key_mgmt == WPA_KEY_MGMT_NONE ||
1416 wpa_s->key_mgmt == WPA_KEY_MGMT_IEEE8021X_NO_WPA) {
1417 if (wpa_s->key_mgmt == WPA_KEY_MGMT_NONE)
1418 use_crypt = 0;
1419 for (i = 0; i < NUM_WEP_KEYS; i++) {
1420 if (ssid->wep_key_len[i]) {
1421 use_crypt = 1;
1422 wep_keys_set = 1;
1423 wpa_set_wep_key(wpa_s,
1424 i == ssid->wep_tx_keyidx,
1425 i, ssid->wep_key[i],
1426 ssid->wep_key_len[i]);
1427 }
1428 }
1429 }
1430
1431 #ifdef IEEE8021X_EAPOL
1432 if (wpa_s->key_mgmt == WPA_KEY_MGMT_IEEE8021X_NO_WPA) {
1433 if ((ssid->eapol_flags &
1434 (EAPOL_FLAG_REQUIRE_KEY_UNICAST |
1435 EAPOL_FLAG_REQUIRE_KEY_BROADCAST)) == 0 &&
1436 !wep_keys_set) {
1437 use_crypt = 0;
1438 } else {
1439 /* Assume that dynamic WEP-104 keys will be used and
1440 * set cipher suites in order for drivers to expect
1441 * encryption. */
1442 cipher_pairwise = cipher_group = CIPHER_WEP104;
1443 }
1444 }
1445 #endif /* IEEE8021X_EAPOL */
1446
1447 if (wpa_s->key_mgmt == WPA_KEY_MGMT_WPA_NONE) {
1448 /* Set the key before (and later after) association */
1449 wpa_supplicant_set_wpa_none_key(wpa_s, ssid);
1450 }
1451
1452 wpa_drv_set_drop_unencrypted(wpa_s, use_crypt);
1453 wpa_supplicant_set_state(wpa_s, WPA_ASSOCIATING);
1454 os_memset(&params, 0, sizeof(params));
1455 if (bss) {
1456 params.bssid = bss->bssid;
1457 params.ssid = bss->ssid;
1458 params.ssid_len = bss->ssid_len;
1459 params.freq = bss->freq;
1460 } else {
1461 params.ssid = ssid->ssid;
1462 params.ssid_len = ssid->ssid_len;
1463 }
1464 params.wpa_ie = wpa_ie;
1465 params.wpa_ie_len = wpa_ie_len;
1466 params.pairwise_suite = cipher_pairwise;
1467 params.group_suite = cipher_group;
1468 params.key_mgmt_suite = key_mgmt2driver(wpa_s->key_mgmt);
1469 params.auth_alg = algs;
1470 params.mode = ssid->mode;
1471 for (i = 0; i < NUM_WEP_KEYS; i++) {
1472 if (ssid->wep_key_len[i])
1473 params.wep_key[i] = ssid->wep_key[i];
1474 params.wep_key_len[i] = ssid->wep_key_len[i];
1475 }
1476 params.wep_tx_keyidx = ssid->wep_tx_keyidx;
1477
1478 #ifdef CONFIG_IEEE80211W
1479 switch (ssid->ieee80211w) {
1480 case NO_IEEE80211W:
1481 params.mgmt_frame_protection = NO_MGMT_FRAME_PROTECTION;
1482 break;
1483 case IEEE80211W_OPTIONAL:
1484 params.mgmt_frame_protection = MGMT_FRAME_PROTECTION_OPTIONAL;
1485 break;
1486 case IEEE80211W_REQUIRED:
1487 params.mgmt_frame_protection = MGMT_FRAME_PROTECTION_REQUIRED;
1488 break;
1489 }
1490 #endif /* CONFIG_IEEE80211W */
1491
1492 if (wpa_s->use_client_mlme)
1493 ret = ieee80211_sta_associate(wpa_s, &params);
1494 else
1495 ret = wpa_drv_associate(wpa_s, &params);
1496 if (ret < 0) {
1497 wpa_msg(wpa_s, MSG_INFO, "Association request to the driver "
1498 "failed");
1499 /* try to continue anyway; new association will be tried again
1500 * after timeout */
1501 assoc_failed = 1;
1502 }
1503
1504 if (wpa_s->key_mgmt == WPA_KEY_MGMT_WPA_NONE) {
1505 /* Set the key after the association just in case association
1506 * cleared the previously configured key. */
1507 wpa_supplicant_set_wpa_none_key(wpa_s, ssid);
1508 /* No need to timeout authentication since there is no key
1509 * management. */
1510 wpa_supplicant_cancel_auth_timeout(wpa_s);
1511 wpa_supplicant_set_state(wpa_s, WPA_COMPLETED);
1512 } else {
1513 /* Timeout for IEEE 802.11 authentication and association */
1514 int timeout;
1515 if (assoc_failed)
1516 timeout = 5;
1517 else if (wpa_s->conf->ap_scan == 1)
1518 timeout = 10;
1519 else
1520 timeout = 60;
1521 wpa_supplicant_req_auth_timeout(wpa_s, timeout, 0);
1522 }
1523
1524 if (wep_keys_set && wpa_drv_get_capa(wpa_s, &capa) == 0 &&
1525 capa.flags & WPA_DRIVER_FLAGS_SET_KEYS_AFTER_ASSOC) {
1526 /* Set static WEP keys again */
1527 int j;
1528 for (j = 0; j < NUM_WEP_KEYS; j++) {
1529 if (ssid->wep_key_len[j]) {
1530 wpa_set_wep_key(wpa_s,
1531 j == ssid->wep_tx_keyidx,
1532 j, ssid->wep_key[j],
1533 ssid->wep_key_len[j]);
1534 }
1535 }
1536 }
1537
1538 if (wpa_s->current_ssid && wpa_s->current_ssid != ssid) {
1539 /*
1540 * Do not allow EAP session resumption between different
1541 * network configurations.
1542 */
1543 eapol_sm_invalidate_cached_session(wpa_s->eapol);
1544 }
1545 wpa_s->current_ssid = ssid;
1546 wpa_sm_set_config(wpa_s->wpa, wpa_s->current_ssid);
1547 wpa_supplicant_initiate_eapol(wpa_s);
1548 }
1549
1550
1551 /**
1552 * wpa_supplicant_disassociate - Disassociate the current connection
1553 * @wpa_s: Pointer to wpa_supplicant data
1554 * @reason_code: IEEE 802.11 reason code for the disassociate frame
1555 *
1556 * This function is used to request %wpa_supplicant to disassociate with the
1557 * current AP.
1558 */
1559 void wpa_supplicant_disassociate(struct wpa_supplicant *wpa_s,
1560 int reason_code)
1561 {
1562 u8 *addr = NULL;
1563 if (os_memcmp(wpa_s->bssid, "\x00\x00\x00\x00\x00\x00", ETH_ALEN) != 0)
1564 {
1565 if (wpa_s->use_client_mlme)
1566 ieee80211_sta_disassociate(wpa_s, reason_code);
1567 else
1568 wpa_drv_disassociate(wpa_s, wpa_s->bssid, reason_code);
1569 addr = wpa_s->bssid;
1570 }
1571 wpa_clear_keys(wpa_s, addr);
1572 wpa_supplicant_mark_disassoc(wpa_s);
1573 wpa_s->current_ssid = NULL;
1574 wpa_sm_set_config(wpa_s->wpa, NULL);
1575 eapol_sm_notify_config(wpa_s->eapol, NULL, NULL);
1576 }
1577
1578
1579 /**
1580 * wpa_supplicant_deauthenticate - Deauthenticate the current connection
1581 * @wpa_s: Pointer to wpa_supplicant data
1582 * @reason_code: IEEE 802.11 reason code for the deauthenticate frame
1583 *
1584 * This function is used to request %wpa_supplicant to disassociate with the
1585 * current AP.
1586 */
1587 void wpa_supplicant_deauthenticate(struct wpa_supplicant *wpa_s,
1588 int reason_code)
1589 {
1590 u8 *addr = NULL;
1591 wpa_supplicant_set_state(wpa_s, WPA_DISCONNECTED);
1592 if (os_memcmp(wpa_s->bssid, "\x00\x00\x00\x00\x00\x00", ETH_ALEN) != 0)
1593 {
1594 if (wpa_s->use_client_mlme)
1595 ieee80211_sta_deauthenticate(wpa_s, reason_code);
1596 else
1597 wpa_drv_deauthenticate(wpa_s, wpa_s->bssid,
1598 reason_code);
1599 addr = wpa_s->bssid;
1600 }
1601 wpa_clear_keys(wpa_s, addr);
1602 wpa_s->current_ssid = NULL;
1603 wpa_sm_set_config(wpa_s->wpa, NULL);
1604 eapol_sm_notify_config(wpa_s->eapol, NULL, NULL);
1605 eapol_sm_notify_portEnabled(wpa_s->eapol, FALSE);
1606 eapol_sm_notify_portValid(wpa_s->eapol, FALSE);
1607 }
1608
1609
1610 /**
1611 * wpa_supplicant_get_scan_results - Get scan results
1612 * @wpa_s: Pointer to wpa_supplicant data
1613 * Returns: 0 on success, -1 on failure
1614 *
1615 * This function is request the current scan results from the driver and stores
1616 * a local copy of the results in wpa_s->scan_results.
1617 */
1618 int wpa_supplicant_get_scan_results(struct wpa_supplicant *wpa_s)
1619 {
1620 #define SCAN_AP_LIMIT 128
1621 struct wpa_scan_result *results, *tmp;
1622 int num;
1623
1624 results = os_malloc(SCAN_AP_LIMIT * sizeof(struct wpa_scan_result));
1625 if (results == NULL) {
1626 wpa_printf(MSG_WARNING, "Failed to allocate memory for scan "
1627 "results");
1628 return -1;
1629 }
1630
1631 if (wpa_s->use_client_mlme) {
1632 num = ieee80211_sta_get_scan_results(wpa_s, results,
1633 SCAN_AP_LIMIT);
1634 } else
1635 num = wpa_drv_get_scan_results(wpa_s, results, SCAN_AP_LIMIT);
1636 wpa_printf(MSG_DEBUG, "Scan results: %d", num);
1637 if (num < 0) {
1638 wpa_printf(MSG_DEBUG, "Failed to get scan results");
1639 os_free(results);
1640 return -1;
1641 }
1642 if (num > SCAN_AP_LIMIT) {
1643 wpa_printf(MSG_INFO, "Not enough room for all APs (%d < %d)",
1644 num, SCAN_AP_LIMIT);
1645 num = SCAN_AP_LIMIT;
1646 }
1647
1648 /* Free unneeded memory for unused scan result entries */
1649 tmp = os_realloc(results, num * sizeof(struct wpa_scan_result));
1650 if (tmp || num == 0) {
1651 results = tmp;
1652 }
1653
1654 os_free(wpa_s->scan_results);
1655 wpa_s->scan_results = results;
1656 wpa_s->num_scan_results = num;
1657
1658 return 0;
1659 }
1660
1661
1662 #ifndef CONFIG_NO_WPA
1663 static int wpa_get_beacon_ie(struct wpa_supplicant *wpa_s)
1664 {
1665 int i, ret = 0;
1666 struct wpa_scan_result *results, *curr = NULL;
1667
1668 results = wpa_s->scan_results;
1669 if (results == NULL) {
1670 return -1;
1671 }
1672
1673 for (i = 0; i < wpa_s->num_scan_results; i++) {
1674 struct wpa_ssid *ssid = wpa_s->current_ssid;
1675 if (os_memcmp(results[i].bssid, wpa_s->bssid, ETH_ALEN) != 0)
1676 continue;
1677 if (ssid == NULL ||
1678 ((results[i].ssid_len == ssid->ssid_len &&
1679 os_memcmp(results[i].ssid, ssid->ssid, ssid->ssid_len)
1680 == 0) ||
1681 ssid->ssid_len == 0)) {
1682 curr = &results[i];
1683 break;
1684 }
1685 }
1686
1687 if (curr) {
1688 if (wpa_sm_set_ap_wpa_ie(wpa_s->wpa, curr->wpa_ie,
1689 curr->wpa_ie_len) ||
1690 wpa_sm_set_ap_rsn_ie(wpa_s->wpa, curr->rsn_ie,
1691 curr->rsn_ie_len))
1692 ret = -1;
1693 } else {
1694 ret = -1;
1695 }
1696
1697 return ret;
1698 }
1699
1700
1701 static int wpa_supplicant_get_beacon_ie(void *ctx)
1702 {
1703 struct wpa_supplicant *wpa_s = ctx;
1704 if (wpa_get_beacon_ie(wpa_s) == 0) {
1705 return 0;
1706 }
1707
1708 /* No WPA/RSN IE found in the cached scan results. Try to get updated
1709 * scan results from the driver. */
1710 if (wpa_supplicant_get_scan_results(wpa_s) < 0) {
1711 return -1;
1712 }
1713
1714 return wpa_get_beacon_ie(wpa_s);
1715 }
1716 #endif /* CONFIG_NO_WPA */
1717
1718
1719 /**
1720 * wpa_supplicant_get_ssid - Get a pointer to the current network structure
1721 * @wpa_s: Pointer to wpa_supplicant data
1722 * Returns: A pointer to the current network structure or %NULL on failure
1723 */
1724 struct wpa_ssid * wpa_supplicant_get_ssid(struct wpa_supplicant *wpa_s)
1725 {
1726 struct wpa_ssid *entry;
1727 u8 ssid[MAX_SSID_LEN];
1728 int res;
1729 size_t ssid_len;
1730 u8 bssid[ETH_ALEN];
1731 int wired;
1732
1733 if (wpa_s->use_client_mlme) {
1734 if (ieee80211_sta_get_ssid(wpa_s, ssid, &ssid_len)) {
1735 wpa_printf(MSG_WARNING, "Could not read SSID from "
1736 "MLME.");
1737 return NULL;
1738 }
1739 } else {
1740 res = wpa_drv_get_ssid(wpa_s, ssid);
1741 if (res < 0) {
1742 wpa_printf(MSG_WARNING, "Could not read SSID from "
1743 "driver.");
1744 return NULL;
1745 }
1746 ssid_len = res;
1747 }
1748
1749 if (wpa_s->use_client_mlme)
1750 os_memcpy(bssid, wpa_s->bssid, ETH_ALEN);
1751 else if (wpa_drv_get_bssid(wpa_s, bssid) < 0) {
1752 wpa_printf(MSG_WARNING, "Could not read BSSID from driver.");
1753 return NULL;
1754 }
1755
1756 wired = wpa_s->conf->ap_scan == 0 && wpa_s->driver &&
1757 os_strcmp(wpa_s->driver->name, "wired") == 0;
1758
1759 entry = wpa_s->conf->ssid;
1760 while (entry) {
1761 if (!entry->disabled &&
1762 ((ssid_len == entry->ssid_len &&
1763 os_memcmp(ssid, entry->ssid, ssid_len) == 0) || wired) &&
1764 (!entry->bssid_set ||
1765 os_memcmp(bssid, entry->bssid, ETH_ALEN) == 0))
1766 return entry;
1767 entry = entry->next;
1768 }
1769
1770 return NULL;
1771 }
1772
1773
1774 #ifndef CONFIG_NO_WPA
1775 static u8 * _wpa_alloc_eapol(void *wpa_s, u8 type,
1776 const void *data, u16 data_len,
1777 size_t *msg_len, void **data_pos)
1778 {
1779 return wpa_alloc_eapol(wpa_s, type, data, data_len, msg_len, data_pos);
1780 }
1781
1782
1783 static int _wpa_ether_send(void *wpa_s, const u8 *dest, u16 proto,
1784 const u8 *buf, size_t len)
1785 {
1786 return wpa_ether_send(wpa_s, dest, proto, buf, len);
1787 }
1788
1789
1790 static void _wpa_supplicant_req_scan(void *wpa_s, int sec, int usec)
1791 {
1792 wpa_supplicant_req_scan(wpa_s, sec, usec);
1793 }
1794
1795
1796 static void _wpa_supplicant_cancel_auth_timeout(void *wpa_s)
1797 {
1798 wpa_supplicant_cancel_auth_timeout(wpa_s);
1799 }
1800
1801
1802 static void _wpa_supplicant_set_state(void *wpa_s, wpa_states state)
1803 {
1804 wpa_supplicant_set_state(wpa_s, state);
1805 }
1806
1807
1808 static wpa_states _wpa_supplicant_get_state(void *wpa_s)
1809 {
1810 return wpa_supplicant_get_state(wpa_s);
1811 }
1812
1813
1814 static void _wpa_supplicant_disassociate(void *wpa_s, int reason_code)
1815 {
1816 wpa_supplicant_disassociate(wpa_s, reason_code);
1817 }
1818
1819
1820 static void _wpa_supplicant_deauthenticate(void *wpa_s, int reason_code)
1821 {
1822 wpa_supplicant_deauthenticate(wpa_s, reason_code);
1823 }
1824
1825
1826 static struct wpa_ssid * _wpa_supplicant_get_ssid(void *wpa_s)
1827 {
1828 return wpa_supplicant_get_ssid(wpa_s);
1829 }
1830
1831
1832 static int wpa_supplicant_get_bssid(void *ctx, u8 *bssid)
1833 {
1834 struct wpa_supplicant *wpa_s = ctx;
1835 if (wpa_s->use_client_mlme) {
1836 os_memcpy(bssid, wpa_s->bssid, ETH_ALEN);
1837 return 0;
1838 }
1839 return wpa_drv_get_bssid(wpa_s, bssid);
1840 }
1841
1842
1843 static int wpa_supplicant_set_key(void *wpa_s, wpa_alg alg,
1844 const u8 *addr, int key_idx, int set_tx,
1845 const u8 *seq, size_t seq_len,
1846 const u8 *key, size_t key_len)
1847 {
1848 return wpa_drv_set_key(wpa_s, alg, addr, key_idx, set_tx, seq, seq_len,
1849 key, key_len);
1850 }
1851
1852
1853 static int wpa_supplicant_mlme_setprotection(void *wpa_s, const u8 *addr,
1854 int protection_type,
1855 int key_type)
1856 {
1857 return wpa_drv_mlme_setprotection(wpa_s, addr, protection_type,
1858 key_type);
1859 }
1860
1861
1862 static int wpa_supplicant_add_pmkid(void *wpa_s,
1863 const u8 *bssid, const u8 *pmkid)
1864 {
1865 return wpa_drv_add_pmkid(wpa_s, bssid, pmkid);
1866 }
1867
1868
1869 static int wpa_supplicant_remove_pmkid(void *wpa_s,
1870 const u8 *bssid, const u8 *pmkid)
1871 {
1872 return wpa_drv_remove_pmkid(wpa_s, bssid, pmkid);
1873 }
1874 #endif /* CONFIG_NO_WPA */
1875
1876
1877 static int wpa_supplicant_set_driver(struct wpa_supplicant *wpa_s,
1878 const char *name)
1879 {
1880 int i;
1881
1882 if (wpa_s == NULL)
1883 return -1;
1884
1885 if (wpa_supplicant_drivers[0] == NULL) {
1886 wpa_printf(MSG_ERROR, "No driver interfaces build into "
1887 "wpa_supplicant.");
1888 return -1;
1889 }
1890
1891 if (name == NULL) {
1892 /* default to first driver in the list */
1893 wpa_s->driver = wpa_supplicant_drivers[0];
1894 return 0;
1895 }
1896
1897 for (i = 0; wpa_supplicant_drivers[i]; i++) {
1898 if (os_strcmp(name, wpa_supplicant_drivers[i]->name) == 0) {
1899 wpa_s->driver = wpa_supplicant_drivers[i];
1900 return 0;
1901 }
1902 }
1903
1904 wpa_printf(MSG_ERROR, "Unsupported driver '%s'.\n", name);
1905 return -1;
1906 }
1907
1908
1909 void wpa_supplicant_rx_eapol(void *ctx, const u8 *src_addr,
1910 const u8 *buf, size_t len)
1911 {
1912 struct wpa_supplicant *wpa_s = ctx;
1913
1914 wpa_printf(MSG_DEBUG, "RX EAPOL from " MACSTR, MAC2STR(src_addr));
1915 wpa_hexdump(MSG_MSGDUMP, "RX EAPOL", buf, len);
1916
1917 if (wpa_s->key_mgmt == WPA_KEY_MGMT_NONE) {
1918 wpa_printf(MSG_DEBUG, "Ignored received EAPOL frame since "
1919 "no key management is configured");
1920 return;
1921 }
1922
1923 if (wpa_s->eapol_received == 0) {
1924 /* Timeout for completing IEEE 802.1X and WPA authentication */
1925 wpa_supplicant_req_auth_timeout(
1926 wpa_s,
1927 (wpa_s->key_mgmt == WPA_KEY_MGMT_IEEE8021X ||
1928 wpa_s->key_mgmt == WPA_KEY_MGMT_IEEE8021X_NO_WPA) ?
1929 70 : 10, 0);
1930 }
1931 wpa_s->eapol_received++;
1932
1933 if (wpa_s->countermeasures) {
1934 wpa_printf(MSG_INFO, "WPA: Countermeasures - dropped EAPOL "
1935 "packet");
1936 return;
1937 }
1938
1939 /* Source address of the incoming EAPOL frame could be compared to the
1940 * current BSSID. However, it is possible that a centralized
1941 * Authenticator could be using another MAC address than the BSSID of
1942 * an AP, so just allow any address to be used for now. The replies are
1943 * still sent to the current BSSID (if available), though. */
1944
1945 os_memcpy(wpa_s->last_eapol_src, src_addr, ETH_ALEN);
1946 if (wpa_s->key_mgmt != WPA_KEY_MGMT_PSK &&
1947 eapol_sm_rx_eapol(wpa_s->eapol, src_addr, buf, len) > 0)
1948 return;
1949 wpa_drv_poll(wpa_s);
1950 wpa_sm_rx_eapol(wpa_s->wpa, src_addr, buf, len);
1951 }
1952
1953
1954 /**
1955 * wpa_supplicant_driver_init - Initialize driver interface parameters
1956 * @wpa_s: Pointer to wpa_supplicant data
1957 * @wait_for_interface: 0 = do not wait for the interface (reports a failure if
1958 * the interface is not present), 1 = wait until the interface is available
1959 * Returns: 0 on success, -1 on failure
1960 *
1961 * This function is called to initialize driver interface parameters.
1962 * wpa_drv_init() must have been called before this function to initialize the
1963 * driver interface.
1964 */
1965 int wpa_supplicant_driver_init(struct wpa_supplicant *wpa_s,
1966 int wait_for_interface)
1967 {
1968 static int interface_count = 0;
1969
1970 for (;;) {
1971 if (wpa_s->driver->send_eapol) {
1972 const u8 *addr = wpa_drv_get_mac_addr(wpa_s);
1973 if (addr)
1974 os_memcpy(wpa_s->own_addr, addr, ETH_ALEN);
1975 break;
1976 }
1977 wpa_s->l2 = l2_packet_init(wpa_s->ifname,
1978 wpa_drv_get_mac_addr(wpa_s),
1979 ETH_P_EAPOL,
1980 wpa_supplicant_rx_eapol, wpa_s, 0);
1981 if (wpa_s->l2)
1982 break;
1983 else if (!wait_for_interface)
1984 return -1;
1985 wpa_printf(MSG_DEBUG, "Waiting for interface..");
1986 os_sleep(5, 0);
1987 }
1988
1989 if (wpa_s->l2 && l2_packet_get_own_addr(wpa_s->l2, wpa_s->own_addr)) {
1990 wpa_printf(MSG_ERROR, "Failed to get own L2 address");
1991 return -1;
1992 }
1993
1994 wpa_printf(MSG_DEBUG, "Own MAC address: " MACSTR,
1995 MAC2STR(wpa_s->own_addr));
1996
1997 if (wpa_s->bridge_ifname[0]) {
1998 wpa_printf(MSG_DEBUG, "Receiving packets from bridge interface"
1999 " '%s'", wpa_s->bridge_ifname);
2000 wpa_s->l2_br = l2_packet_init(wpa_s->bridge_ifname,
2001 wpa_s->own_addr,
2002 ETH_P_EAPOL,
2003 wpa_supplicant_rx_eapol, wpa_s,
2004 0);
2005 if (wpa_s->l2_br == NULL) {
2006 wpa_printf(MSG_ERROR, "Failed to open l2_packet "
2007 "connection for the bridge interface '%s'",
2008 wpa_s->bridge_ifname);
2009 return -1;
2010 }
2011 }
2012
2013 /* Backwards compatibility call to set_wpa() handler. This is called
2014 * only just after init and just before deinit, so these handler can be
2015 * used to implement same functionality. */
2016 if (wpa_drv_set_wpa(wpa_s, 1) < 0) {
2017 struct wpa_driver_capa capa;
2018 if (wpa_drv_get_capa(wpa_s, &capa) < 0 ||
2019 !(capa.flags & (WPA_DRIVER_CAPA_KEY_MGMT_WPA |
2020 WPA_DRIVER_CAPA_KEY_MGMT_WPA2))) {
2021 wpa_printf(MSG_DEBUG, "Driver does not support WPA.");
2022 /* Continue to allow non-WPA modes to be used. */
2023 } else {
2024 wpa_printf(MSG_ERROR, "Failed to enable WPA in the "
2025 "driver.");
2026 return -1;
2027 }
2028 }
2029
2030 wpa_clear_keys(wpa_s, NULL);
2031
2032 /* Make sure that TKIP countermeasures are not left enabled (could
2033 * happen if wpa_supplicant is killed during countermeasures. */
2034 wpa_drv_set_countermeasures(wpa_s, 0);
2035
2036 wpa_drv_set_drop_unencrypted(wpa_s, 1);
2037
2038 wpa_s->prev_scan_ssid = BROADCAST_SSID_SCAN;
2039 wpa_supplicant_req_scan(wpa_s, interface_count, 100000);
2040 interface_count++;
2041
2042 return 0;
2043 }
2044
2045
2046 static int wpa_supplicant_daemon(const char *pid_file)
2047 {
2048 wpa_printf(MSG_DEBUG, "Daemonize..");
2049 return os_daemonize(pid_file);
2050 }
2051
2052
2053 static struct wpa_supplicant * wpa_supplicant_alloc(void)
2054 {
2055 struct wpa_supplicant *wpa_s;
2056
2057 wpa_s = os_zalloc(sizeof(*wpa_s));
2058 if (wpa_s == NULL)
2059 return NULL;
2060 wpa_s->scan_req = 1;
2061
2062 return wpa_s;
2063 }
2064
2065
2066 static int wpa_supplicant_init_iface(struct wpa_supplicant *wpa_s,
2067 struct wpa_interface *iface)
2068 {
2069 wpa_printf(MSG_DEBUG, "Initializing interface '%s' conf '%s' driver "
2070 "'%s' ctrl_interface '%s' bridge '%s'", iface->ifname,
2071 iface->confname ? iface->confname : "N/A",
2072 iface->driver ? iface->driver : "default",
2073 iface->ctrl_interface ? iface->ctrl_interface : "N/A",
2074 iface->bridge_ifname ? iface->bridge_ifname : "N/A");
2075
2076 if (wpa_supplicant_set_driver(wpa_s, iface->driver) < 0) {
2077 return -1;
2078 }
2079
2080 if (iface->confname) {
2081 #ifdef CONFIG_BACKEND_FILE
2082 wpa_s->confname = os_rel2abs_path(iface->confname);
2083 if (wpa_s->confname == NULL) {
2084 wpa_printf(MSG_ERROR, "Failed to get absolute path "
2085 "for configuration file '%s'.",
2086 iface->confname);
2087 return -1;
2088 }
2089 wpa_printf(MSG_DEBUG, "Configuration file '%s' -> '%s'",
2090 iface->confname, wpa_s->confname);
2091 #else /* CONFIG_BACKEND_FILE */
2092 wpa_s->confname = os_strdup(iface->confname);
2093 #endif /* CONFIG_BACKEND_FILE */
2094 wpa_s->conf = wpa_config_read(wpa_s->confname);
2095 if (wpa_s->conf == NULL) {
2096 wpa_printf(MSG_ERROR, "Failed to read or parse "
2097 "configuration '%s'.", wpa_s->confname);
2098 return -1;
2099 }
2100
2101 /*
2102 * Override ctrl_interface and driver_param if set on command
2103 * line.
2104 */
2105 if (iface->ctrl_interface) {
2106 os_free(wpa_s->conf->ctrl_interface);
2107 wpa_s->conf->ctrl_interface =
2108 os_strdup(iface->ctrl_interface);
2109 }
2110
2111 if (iface->driver_param) {
2112 os_free(wpa_s->conf->driver_param);
2113 wpa_s->conf->driver_param =
2114 os_strdup(iface->driver_param);
2115 }
2116 } else
2117 wpa_s->conf = wpa_config_alloc_empty(iface->ctrl_interface,
2118 iface->driver_param);
2119
2120 if (wpa_s->conf == NULL) {
2121 wpa_printf(MSG_ERROR, "\nNo configuration found.");
2122 return -1;
2123 }
2124
2125 if (iface->ifname == NULL) {
2126 wpa_printf(MSG_ERROR, "\nInterface name is required.");
2127 return -1;
2128 }
2129 if (os_strlen(iface->ifname) >= sizeof(wpa_s->ifname)) {
2130 wpa_printf(MSG_ERROR, "\nToo long interface name '%s'.",
2131 iface->ifname);
2132 return -1;
2133 }
2134 os_strncpy(wpa_s->ifname, iface->ifname, sizeof(wpa_s->ifname));
2135
2136 if (iface->bridge_ifname) {
2137 if (os_strlen(iface->bridge_ifname) >=
2138 sizeof(wpa_s->bridge_ifname)) {
2139 wpa_printf(MSG_ERROR, "\nToo long bridge interface "
2140 "name '%s'.", iface->bridge_ifname);
2141 return -1;
2142 }
2143 os_strncpy(wpa_s->bridge_ifname, iface->bridge_ifname,
2144 sizeof(wpa_s->bridge_ifname));
2145 }
2146
2147 return 0;
2148 }
2149
2150
2151 static int wpa_supplicant_init_eapol(struct wpa_supplicant *wpa_s)
2152 {
2153 #ifdef IEEE8021X_EAPOL
2154 struct eapol_ctx *ctx;
2155 ctx = os_zalloc(sizeof(*ctx));
2156 if (ctx == NULL) {
2157 wpa_printf(MSG_ERROR, "Failed to allocate EAPOL context.");
2158 return -1;
2159 }
2160
2161 ctx->ctx = wpa_s;
2162 ctx->msg_ctx = wpa_s;
2163 ctx->eapol_send_ctx = wpa_s;
2164 ctx->preauth = 0;
2165 ctx->eapol_done_cb = wpa_supplicant_notify_eapol_done;
2166 ctx->eapol_send = wpa_supplicant_eapol_send;
2167 ctx->set_wep_key = wpa_eapol_set_wep_key;
2168 ctx->set_config_blob = wpa_supplicant_set_config_blob;
2169 ctx->get_config_blob = wpa_supplicant_get_config_blob;
2170 ctx->aborted_cached = wpa_supplicant_aborted_cached;
2171 ctx->opensc_engine_path = wpa_s->conf->opensc_engine_path;
2172 ctx->pkcs11_engine_path = wpa_s->conf->pkcs11_engine_path;
2173 ctx->pkcs11_module_path = wpa_s->conf->pkcs11_module_path;
2174 wpa_s->eapol = eapol_sm_init(ctx);
2175 if (wpa_s->eapol == NULL) {
2176 os_free(ctx);
2177 wpa_printf(MSG_ERROR, "Failed to initialize EAPOL state "
2178 "machines.");
2179 return -1;
2180 }
2181 #endif /* IEEE8021X_EAPOL */
2182
2183 return 0;
2184 }
2185
2186
2187 static int wpa_supplicant_init_wpa(struct wpa_supplicant *wpa_s)
2188 {
2189 #ifndef CONFIG_NO_WPA
2190 struct wpa_sm_ctx *ctx;
2191 ctx = os_zalloc(sizeof(*ctx));
2192 if (ctx == NULL) {
2193 wpa_printf(MSG_ERROR, "Failed to allocate WPA context.");
2194 return -1;
2195 }
2196
2197 ctx->ctx = wpa_s;
2198 ctx->set_state = _wpa_supplicant_set_state;
2199 ctx->get_state = _wpa_supplicant_get_state;
2200 ctx->req_scan = _wpa_supplicant_req_scan;
2201 ctx->deauthenticate = _wpa_supplicant_deauthenticate;
2202 ctx->disassociate = _wpa_supplicant_disassociate;
2203 ctx->set_key = wpa_supplicant_set_key;
2204 ctx->scan = wpa_supplicant_scan;
2205 ctx->get_ssid = _wpa_supplicant_get_ssid;
2206 ctx->get_bssid = wpa_supplicant_get_bssid;
2207 ctx->ether_send = _wpa_ether_send;
2208 ctx->get_beacon_ie = wpa_supplicant_get_beacon_ie;
2209 ctx->alloc_eapol = _wpa_alloc_eapol;
2210 ctx->cancel_auth_timeout = _wpa_supplicant_cancel_auth_timeout;
2211 ctx->add_pmkid = wpa_supplicant_add_pmkid;
2212 ctx->remove_pmkid = wpa_supplicant_remove_pmkid;
2213 ctx->set_config_blob = wpa_supplicant_set_config_blob;
2214 ctx->get_config_blob = wpa_supplicant_get_config_blob;
2215 ctx->mlme_setprotection = wpa_supplicant_mlme_setprotection;
2216
2217 wpa_s->wpa = wpa_sm_init(ctx);
2218 if (wpa_s->wpa == NULL) {
2219 wpa_printf(MSG_ERROR, "Failed to initialize WPA state "
2220 "machine");
2221 return -1;
2222 }
2223 #endif /* CONFIG_NO_WPA */
2224
2225 return 0;
2226 }
2227
2228
2229 static int wpa_supplicant_init_iface2(struct wpa_supplicant *wpa_s,
2230 int wait_for_interface)
2231 {
2232 const char *ifname;
2233 struct wpa_driver_capa capa;
2234
2235 wpa_printf(MSG_DEBUG, "Initializing interface (2) '%s'",
2236 wpa_s->ifname);
2237
2238 if (wpa_supplicant_init_eapol(wpa_s) < 0)
2239 return -1;
2240
2241 /* RSNA Supplicant Key Management - INITIALIZE */
2242 eapol_sm_notify_portEnabled(wpa_s->eapol, FALSE);
2243 eapol_sm_notify_portValid(wpa_s->eapol, FALSE);
2244
2245 /* Initialize driver interface and register driver event handler before
2246 * L2 receive handler so that association events are processed before
2247 * EAPOL-Key packets if both become available for the same select()
2248 * call. */
2249 wpa_s->drv_priv = wpa_drv_init(wpa_s, wpa_s->ifname);
2250 if (wpa_s->drv_priv == NULL) {
2251 wpa_printf(MSG_ERROR, "Failed to initialize driver interface");
2252 return -1;
2253 }
2254 if (wpa_drv_set_param(wpa_s, wpa_s->conf->driver_param) < 0) {
2255 wpa_printf(MSG_ERROR, "Driver interface rejected "
2256 "driver_param '%s'", wpa_s->conf->driver_param);
2257 return -1;
2258 }
2259
2260 ifname = wpa_drv_get_ifname(wpa_s);
2261 if (ifname && os_strcmp(ifname, wpa_s->ifname) != 0) {
2262 wpa_printf(MSG_DEBUG, "Driver interface replaced interface "
2263 "name with '%s'", ifname);
2264 os_strncpy(wpa_s->ifname, ifname, sizeof(wpa_s->ifname));
2265 }
2266
2267 if (wpa_supplicant_init_wpa(wpa_s) < 0)
2268 return -1;
2269
2270 wpa_sm_set_ifname(wpa_s->wpa, wpa_s->ifname,
2271 wpa_s->bridge_ifname[0] ? wpa_s->bridge_ifname :
2272 NULL);
2273 wpa_sm_set_fast_reauth(wpa_s->wpa, wpa_s->conf->fast_reauth);
2274 wpa_sm_set_eapol(wpa_s->wpa, wpa_s->eapol);
2275
2276 if (wpa_s->conf->dot11RSNAConfigPMKLifetime &&
2277 wpa_sm_set_param(wpa_s->wpa, RSNA_PMK_LIFETIME,
2278 wpa_s->conf->dot11RSNAConfigPMKLifetime)) {
2279 wpa_printf(MSG_ERROR, "Invalid WPA parameter value for "
2280 "dot11RSNAConfigPMKLifetime");
2281 return -1;
2282 }
2283
2284 if (wpa_s->conf->dot11RSNAConfigPMKReauthThreshold &&
2285 wpa_sm_set_param(wpa_s->wpa, RSNA_PMK_REAUTH_THRESHOLD,
2286 wpa_s->conf->dot11RSNAConfigPMKReauthThreshold)) {
2287 wpa_printf(MSG_ERROR, "Invalid WPA parameter value for "
2288 "dot11RSNAConfigPMKReauthThreshold");
2289 return -1;
2290 }
2291
2292 if (wpa_s->conf->dot11RSNAConfigSATimeout &&
2293 wpa_sm_set_param(wpa_s->wpa, RSNA_SA_TIMEOUT,
2294 wpa_s->conf->dot11RSNAConfigSATimeout)) {
2295 wpa_printf(MSG_ERROR, "Invalid WPA parameter value for "
2296 "dot11RSNAConfigSATimeout");
2297 return -1;
2298 }
2299
2300 if (wpa_supplicant_driver_init(wpa_s, wait_for_interface) < 0) {
2301 return -1;
2302 }
2303 wpa_sm_set_own_addr(wpa_s->wpa, wpa_s->own_addr);
2304
2305 wpa_s->ctrl_iface = wpa_supplicant_ctrl_iface_init(wpa_s);
2306 if (wpa_s->ctrl_iface == NULL) {
2307 wpa_printf(MSG_ERROR,
2308 "Failed to initialize control interface '%s'.\n"
2309 "You may have another wpa_supplicant process "
2310 "already running or the file was\n"
2311 "left by an unclean termination of wpa_supplicant "
2312 "in which case you will need\n"
2313 "to manually remove this file before starting "
2314 "wpa_supplicant again.\n",
2315 wpa_s->conf->ctrl_interface);
2316 return -1;
2317 }
2318
2319 if (wpa_drv_get_capa(wpa_s, &capa) == 0 &&
2320 capa.flags & WPA_DRIVER_FLAGS_USER_SPACE_MLME) {
2321 wpa_s->use_client_mlme = 1;
2322 if (ieee80211_sta_init(wpa_s))
2323 return -1;
2324 }
2325
2326 return 0;
2327 }
2328
2329
2330 static void wpa_supplicant_deinit_iface(struct wpa_supplicant *wpa_s)
2331 {
2332 if (wpa_s->drv_priv) {
2333 wpa_supplicant_deauthenticate(wpa_s, REASON_DEAUTH_LEAVING);
2334
2335 /* Backwards compatibility call to set_wpa() handler. This is
2336 * called only just after init and just before deinit, so these
2337 * handler can be used to implement same functionality. */
2338 if (wpa_drv_set_wpa(wpa_s, 0) < 0) {
2339 wpa_printf(MSG_ERROR, "Failed to disable WPA in the "
2340 "driver.");
2341 }
2342
2343 wpa_drv_set_drop_unencrypted(wpa_s, 0);
2344 wpa_drv_set_countermeasures(wpa_s, 0);
2345 wpa_clear_keys(wpa_s, NULL);
2346 }
2347
2348 wpas_dbus_unregister_iface(wpa_s);
2349
2350 wpa_supplicant_cleanup(wpa_s);
2351
2352 if (wpa_s->drv_priv)
2353 wpa_drv_deinit(wpa_s);
2354 }
2355
2356
2357 /**
2358 * wpa_supplicant_add_iface - Add a new network interface
2359 * @global: Pointer to global data from wpa_supplicant_init()
2360 * @iface: Interface configuration options
2361 * Returns: Pointer to the created interface or %NULL on failure
2362 *
2363 * This function is used to add new network interfaces for %wpa_supplicant.
2364 * This can be called before wpa_supplicant_run() to add interfaces before the
2365 * main event loop has been started. In addition, new interfaces can be added
2366 * dynamically while %wpa_supplicant is already running. This could happen,
2367 * e.g., when a hotplug network adapter is inserted.
2368 */
2369 struct wpa_supplicant * wpa_supplicant_add_iface(struct wpa_global *global,
2370 struct wpa_interface *iface)
2371 {
2372 struct wpa_supplicant *wpa_s;
2373
2374 if (global == NULL || iface == NULL)
2375 return NULL;
2376
2377 wpa_s = wpa_supplicant_alloc();
2378 if (wpa_s == NULL)
2379 return NULL;
2380
2381 if (wpa_supplicant_init_iface(wpa_s, iface) ||
2382 wpa_supplicant_init_iface2(wpa_s,
2383 global->params.wait_for_interface)) {
2384 wpa_printf(MSG_DEBUG, "Failed to add interface %s",
2385 iface->ifname);
2386 wpa_supplicant_deinit_iface(wpa_s);
2387 os_free(wpa_s);
2388 return NULL;
2389 }
2390
2391 wpa_s->global = global;
2392
2393 /* Register the interface with the dbus control interface */
2394 if (wpas_dbus_register_iface(wpa_s)) {
2395 wpa_supplicant_deinit_iface(wpa_s);
2396 os_free(wpa_s);
2397 return NULL;
2398 }
2399
2400 wpa_s->next = global->ifaces;
2401 global->ifaces = wpa_s;
2402
2403 wpa_printf(MSG_DEBUG, "Added interface %s", wpa_s->ifname);
2404
2405 return wpa_s;
2406 }
2407
2408
2409 /**
2410 * wpa_supplicant_remove_iface - Remove a network interface
2411 * @global: Pointer to global data from wpa_supplicant_init()
2412 * @wpa_s: Pointer to the network interface to be removed
2413 * Returns: 0 if interface was removed, -1 if interface was not found
2414 *
2415 * This function can be used to dynamically remove network interfaces from
2416 * %wpa_supplicant, e.g., when a hotplug network adapter is ejected. In
2417 * addition, this function is used to remove all remaining interdaces when
2418 * %wpa_supplicant is terminated.
2419 */
2420 int wpa_supplicant_remove_iface(struct wpa_global *global,
2421 struct wpa_supplicant *wpa_s)
2422 {
2423 struct wpa_supplicant *prev;
2424
2425 /* Remove interface from the global list of interfaces */
2426 prev = global->ifaces;
2427 if (prev == wpa_s) {
2428 global->ifaces = wpa_s->next;
2429 } else {
2430 while (prev && prev->next != wpa_s)
2431 prev = prev->next;
2432 if (prev == NULL)
2433 return -1;
2434 prev->next = wpa_s->next;
2435 }
2436
2437 wpa_printf(MSG_DEBUG, "Removing interface %s", wpa_s->ifname);
2438
2439 wpa_supplicant_deinit_iface(wpa_s);
2440 os_free(wpa_s);
2441
2442 return 0;
2443 }
2444
2445
2446 /**
2447 * wpa_supplicant_get_iface - Get a new network interface
2448 * @global: Pointer to global data from wpa_supplicant_init()
2449 * @ifname: Interface name
2450 * Returns: Pointer to the interface or %NULL if not found
2451 */
2452 struct wpa_supplicant * wpa_supplicant_get_iface(struct wpa_global *global,
2453 const char *ifname)
2454 {
2455 struct wpa_supplicant *wpa_s;
2456
2457 for (wpa_s = global->ifaces; wpa_s; wpa_s = wpa_s->next) {
2458 if (os_strcmp(wpa_s->ifname, ifname) == 0)
2459 return wpa_s;
2460 }
2461 return NULL;
2462 }
2463
2464
2465 /**
2466 * wpa_supplicant_init - Initialize %wpa_supplicant
2467 * @params: Parameters for %wpa_supplicant
2468 * Returns: Pointer to global %wpa_supplicant data, or %NULL on failure
2469 *
2470 * This function is used to initialize %wpa_supplicant. After successful
2471 * initialization, the returned data pointer can be used to add and remove
2472 * network interfaces, and eventually, to deinitialize %wpa_supplicant.
2473 */
2474 struct wpa_global * wpa_supplicant_init(struct wpa_params *params)
2475 {
2476 struct wpa_global *global;
2477 int ret;
2478
2479 if (params == NULL)
2480 return NULL;
2481
2482 wpa_debug_use_file = params->wpa_debug_use_file;
2483 wpa_debug_open_file();
2484
2485 ret = eap_peer_register_methods();
2486 if (ret) {
2487 wpa_printf(MSG_ERROR, "Failed to register EAP methods");
2488 if (ret == -2)
2489 wpa_printf(MSG_ERROR, "Two or more EAP methods used "
2490 "the same EAP type.");
2491 return NULL;
2492 }
2493
2494 global = os_zalloc(sizeof(*global));
2495 if (global == NULL)
2496 return NULL;
2497 global->params.daemonize = params->daemonize;
2498 global->params.wait_for_interface = params->wait_for_interface;
2499 global->params.wait_for_monitor = params->wait_for_monitor;
2500 global->params.dbus_ctrl_interface = params->dbus_ctrl_interface;
2501 if (params->pid_file)
2502 global->params.pid_file = os_strdup(params->pid_file);
2503 if (params->ctrl_interface)
2504 global->params.ctrl_interface =
2505 os_strdup(params->ctrl_interface);
2506 wpa_debug_level = global->params.wpa_debug_level =
2507 params->wpa_debug_level;
2508 wpa_debug_show_keys = global->params.wpa_debug_show_keys =
2509 params->wpa_debug_show_keys;
2510 wpa_debug_timestamp = global->params.wpa_debug_timestamp =
2511 params->wpa_debug_timestamp;
2512 wpa_debug_use_file = global->params.wpa_debug_use_file =
2513 params->wpa_debug_use_file;
2514
2515 if (eloop_init(global)) {
2516 wpa_printf(MSG_ERROR, "Failed to initialize event loop");
2517 wpa_supplicant_deinit(global);
2518 return NULL;
2519 }
2520
2521 global->ctrl_iface = wpa_supplicant_global_ctrl_iface_init(global);
2522 if (global->ctrl_iface == NULL) {
2523 wpa_supplicant_deinit(global);
2524 return NULL;
2525 }
2526
2527 if (global->params.dbus_ctrl_interface) {
2528 global->dbus_ctrl_iface =
2529 wpa_supplicant_dbus_ctrl_iface_init(global);
2530 if (global->dbus_ctrl_iface == NULL) {
2531 wpa_supplicant_deinit(global);
2532 return NULL;
2533 }
2534 }
2535
2536 if (global->params.wait_for_interface && global->params.daemonize &&
2537 wpa_supplicant_daemon(global->params.pid_file)) {
2538 wpa_supplicant_deinit(global);
2539 return NULL;
2540 }
2541
2542 return global;
2543 }
2544
2545
2546 /**
2547 * wpa_supplicant_run - Run the %wpa_supplicant main event loop
2548 * @global: Pointer to global data from wpa_supplicant_init()
2549 * Returns: 0 after successful event loop run, -1 on failure
2550 *
2551 * This function starts the main event loop and continues running as long as
2552 * there are any remaining events. In most cases, this function is running as
2553 * long as the %wpa_supplicant process in still in use.
2554 */
2555 int wpa_supplicant_run(struct wpa_global *global)
2556 {
2557 struct wpa_supplicant *wpa_s;
2558
2559 if (!global->params.wait_for_interface && global->params.daemonize &&
2560 wpa_supplicant_daemon(global->params.pid_file))
2561 return -1;
2562
2563 if (global->params.wait_for_monitor) {
2564 for (wpa_s = global->ifaces; wpa_s; wpa_s = wpa_s->next)
2565 if (wpa_s->ctrl_iface)
2566 wpa_supplicant_ctrl_iface_wait(
2567 wpa_s->ctrl_iface);
2568 }
2569
2570 eloop_register_signal_terminate(wpa_supplicant_terminate, NULL);
2571 eloop_register_signal_reconfig(wpa_supplicant_reconfig, NULL);
2572
2573 eloop_run();
2574
2575 return 0;
2576 }
2577
2578
2579 /**
2580 * wpa_supplicant_deinit - Deinitialize %wpa_supplicant
2581 * @global: Pointer to global data from wpa_supplicant_init()
2582 *
2583 * This function is called to deinitialize %wpa_supplicant and to free all
2584 * allocated resources. Remaining network interfaces will also be removed.
2585 */
2586 void wpa_supplicant_deinit(struct wpa_global *global)
2587 {
2588 if (global == NULL)
2589 return;
2590
2591 while (global->ifaces)
2592 wpa_supplicant_remove_iface(global, global->ifaces);
2593
2594 if (global->ctrl_iface)
2595 wpa_supplicant_global_ctrl_iface_deinit(global->ctrl_iface);
2596 if (global->dbus_ctrl_iface)
2597 wpa_supplicant_dbus_ctrl_iface_deinit(global->dbus_ctrl_iface);
2598
2599 eap_peer_unregister_methods();
2600
2601 eloop_destroy();
2602
2603 if (global->params.pid_file) {
2604 os_daemonize_terminate(global->params.pid_file);
2605 os_free(global->params.pid_file);
2606 }
2607 os_free(global->params.ctrl_interface);
2608
2609 os_free(global);
2610 wpa_debug_close_file();
2611 }
DragonFly BSD