3 * Copyright (c) 2003-2009, Jouni Malinen <j@w1.fi>
5 * This program is free software; you can redistribute it and/or modify
6 * it under the terms of the GNU General Public License version 2 as
7 * published by the Free Software Foundation.
9 * Alternatively, this software may be distributed under the terms of BSD
12 * See README and COPYING for more details.
14 * This file implements functions for registering and unregistering
15 * %wpa_supplicant interfaces. In addition, this file contains number of
16 * functions for managing network connections.
22 #include "eapol_supp/eapol_supp_sm.h"
23 #include "eap_peer/eap.h"
26 #include "drivers/driver.h"
28 #include "l2_packet/l2_packet.h"
29 #include "wpa_supplicant_i.h"
30 #include "ctrl_iface.h"
31 #include "ctrl_iface_dbus.h"
32 #include "pcsc_funcs.h"
35 #include "pmksa_cache.h"
38 #include "ieee802_11_defs.h"
39 #include "blacklist.h"
40 #include "wpas_glue.h"
41 #include "wps_supplicant.h"
43 const char *wpa_supplicant_version =
44 "wpa_supplicant v" VERSION_STR "\n"
45 "Copyright (c) 2003-2009, Jouni Malinen <j@w1.fi> and contributors";
47 const char *wpa_supplicant_license =
48 "This program is free software. You can distribute it and/or modify it\n"
49 "under the terms of the GNU General Public License version 2.\n"
51 "Alternatively, this software may be distributed under the terms of the\n"
52 "BSD license. See README and COPYING for more details.\n"
53 #ifdef EAP_TLS_OPENSSL
54 "\nThis product includes software developed by the OpenSSL Project\n"
55 "for use in the OpenSSL Toolkit (http://www.openssl.org/)\n"
56 #endif /* EAP_TLS_OPENSSL */
59 #ifndef CONFIG_NO_STDOUT_DEBUG
60 /* Long text divided into parts in order to fit in C89 strings size limits. */
61 const char *wpa_supplicant_full_license1 =
62 "This program is free software; you can redistribute it and/or modify\n"
63 "it under the terms of the GNU General Public License version 2 as\n"
64 "published by the Free Software Foundation.\n"
66 "This program is distributed in the hope that it will be useful,\n"
67 "but WITHOUT ANY WARRANTY; without even the implied warranty of\n"
68 "MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n"
69 "GNU General Public License for more details.\n"
71 const char *wpa_supplicant_full_license2 =
72 "You should have received a copy of the GNU General Public License\n"
73 "along with this program; if not, write to the Free Software\n"
74 "Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA\n"
76 "Alternatively, this software may be distributed under the terms of the\n"
79 "Redistribution and use in source and binary forms, with or without\n"
80 "modification, are permitted provided that the following conditions are\n"
83 const char *wpa_supplicant_full_license3 =
84 "1. Redistributions of source code must retain the above copyright\n"
85 " notice, this list of conditions and the following disclaimer.\n"
87 "2. Redistributions in binary form must reproduce the above copyright\n"
88 " notice, this list of conditions and the following disclaimer in the\n"
89 " documentation and/or other materials provided with the distribution.\n"
91 const char *wpa_supplicant_full_license4 =
92 "3. Neither the name(s) of the above-listed copyright holder(s) nor the\n"
93 " names of its contributors may be used to endorse or promote products\n"
94 " derived from this software without specific prior written permission.\n"
96 "THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS\n"
97 "\"AS IS\" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT\n"
98 "LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR\n"
99 "A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT\n";
100 const char *wpa_supplicant_full_license5 =
101 "OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,\n"
102 "SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT\n"
103 "LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,\n"
104 "DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY\n"
105 "THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT\n"
106 "(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE\n"
107 "OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n"
109 #endif /* CONFIG_NO_STDOUT_DEBUG */
111 extern int wpa_debug_level;
112 extern int wpa_debug_show_keys;
113 extern int wpa_debug_timestamp;
115 /* Configure default/group WEP keys for static WEP */
116 static int wpa_set_wep_keys(struct wpa_supplicant *wpa_s,
117 struct wpa_ssid *ssid)
121 for (i = 0; i < NUM_WEP_KEYS; i++) {
122 if (ssid->wep_key_len[i] == 0)
126 wpa_drv_set_key(wpa_s, WPA_ALG_WEP,
127 (u8 *) "\xff\xff\xff\xff\xff\xff",
128 i, i == ssid->wep_tx_keyidx, (u8 *) "", 0,
129 ssid->wep_key[i], ssid->wep_key_len[i]);
136 static int wpa_supplicant_set_wpa_none_key(struct wpa_supplicant *wpa_s,
137 struct wpa_ssid *ssid)
144 /* IBSS/WPA-None uses only one key (Group) for both receiving and
145 * sending unicast and multicast packets. */
147 if (ssid->mode != IEEE80211_MODE_IBSS) {
148 wpa_printf(MSG_INFO, "WPA: Invalid mode %d (not IBSS/ad-hoc) "
149 "for WPA-None", ssid->mode);
153 if (!ssid->psk_set) {
154 wpa_printf(MSG_INFO, "WPA: No PSK configured for WPA-None");
158 switch (wpa_s->group_cipher) {
159 case WPA_CIPHER_CCMP:
160 os_memcpy(key, ssid->psk, 16);
164 case WPA_CIPHER_TKIP:
165 /* WPA-None uses the same Michael MIC key for both TX and RX */
166 os_memcpy(key, ssid->psk, 16 + 8);
167 os_memcpy(key + 16 + 8, ssid->psk + 16, 8);
172 wpa_printf(MSG_INFO, "WPA: Invalid group cipher %d for "
173 "WPA-None", wpa_s->group_cipher);
177 /* TODO: should actually remember the previously used seq#, both for TX
178 * and RX from each STA.. */
180 return wpa_drv_set_key(wpa_s, alg, (u8 *) "\xff\xff\xff\xff\xff\xff",
181 0, 1, seq, 6, key, keylen);
185 static void wpa_supplicant_timeout(void *eloop_ctx, void *timeout_ctx)
187 struct wpa_supplicant *wpa_s = eloop_ctx;
188 const u8 *bssid = wpa_s->bssid;
189 if (is_zero_ether_addr(bssid))
190 bssid = wpa_s->pending_bssid;
191 wpa_msg(wpa_s, MSG_INFO, "Authentication with " MACSTR " timed out.",
193 wpa_blacklist_add(wpa_s, bssid);
194 wpa_sm_notify_disassoc(wpa_s->wpa);
195 wpa_supplicant_disassociate(wpa_s, WLAN_REASON_DEAUTH_LEAVING);
196 wpa_s->reassociate = 1;
197 wpa_supplicant_req_scan(wpa_s, 0, 0);
202 * wpa_supplicant_req_auth_timeout - Schedule a timeout for authentication
203 * @wpa_s: Pointer to wpa_supplicant data
204 * @sec: Number of seconds after which to time out authentication
205 * @usec: Number of microseconds after which to time out authentication
207 * This function is used to schedule a timeout for the current authentication
210 void wpa_supplicant_req_auth_timeout(struct wpa_supplicant *wpa_s,
213 if (wpa_s->conf && wpa_s->conf->ap_scan == 0 &&
214 wpa_s->driver && IS_WIRED(wpa_s->driver))
217 wpa_msg(wpa_s, MSG_DEBUG, "Setting authentication timeout: %d sec "
218 "%d usec", sec, usec);
219 eloop_cancel_timeout(wpa_supplicant_timeout, wpa_s, NULL);
220 eloop_register_timeout(sec, usec, wpa_supplicant_timeout, wpa_s, NULL);
225 * wpa_supplicant_cancel_auth_timeout - Cancel authentication timeout
226 * @wpa_s: Pointer to wpa_supplicant data
228 * This function is used to cancel authentication timeout scheduled with
229 * wpa_supplicant_req_auth_timeout() and it is called when authentication has
232 void wpa_supplicant_cancel_auth_timeout(struct wpa_supplicant *wpa_s)
234 wpa_msg(wpa_s, MSG_DEBUG, "Cancelling authentication timeout");
235 eloop_cancel_timeout(wpa_supplicant_timeout, wpa_s, NULL);
236 wpa_blacklist_del(wpa_s, wpa_s->bssid);
241 * wpa_supplicant_initiate_eapol - Configure EAPOL state machine
242 * @wpa_s: Pointer to wpa_supplicant data
244 * This function is used to configure EAPOL state machine based on the selected
245 * authentication mode.
247 void wpa_supplicant_initiate_eapol(struct wpa_supplicant *wpa_s)
249 #ifdef IEEE8021X_EAPOL
250 struct eapol_config eapol_conf;
251 struct wpa_ssid *ssid = wpa_s->current_ssid;
253 eapol_sm_notify_eap_success(wpa_s->eapol, FALSE);
254 eapol_sm_notify_eap_fail(wpa_s->eapol, FALSE);
256 if (wpa_s->key_mgmt == WPA_KEY_MGMT_NONE ||
257 wpa_s->key_mgmt == WPA_KEY_MGMT_WPA_NONE)
258 eapol_sm_notify_portControl(wpa_s->eapol, ForceAuthorized);
260 eapol_sm_notify_portControl(wpa_s->eapol, Auto);
262 os_memset(&eapol_conf, 0, sizeof(eapol_conf));
263 if (wpa_s->key_mgmt == WPA_KEY_MGMT_IEEE8021X_NO_WPA) {
264 eapol_conf.accept_802_1x_keys = 1;
265 eapol_conf.required_keys = 0;
266 if (ssid->eapol_flags & EAPOL_FLAG_REQUIRE_KEY_UNICAST) {
267 eapol_conf.required_keys |= EAPOL_REQUIRE_KEY_UNICAST;
269 if (ssid->eapol_flags & EAPOL_FLAG_REQUIRE_KEY_BROADCAST) {
270 eapol_conf.required_keys |=
271 EAPOL_REQUIRE_KEY_BROADCAST;
274 if (wpa_s->conf && wpa_s->driver && IS_WIRED(wpa_s->driver)) {
275 eapol_conf.required_keys = 0;
279 eapol_conf.fast_reauth = wpa_s->conf->fast_reauth;
280 eapol_conf.workaround = ssid->eap_workaround;
281 eapol_conf.eap_disabled =
282 !wpa_key_mgmt_wpa_ieee8021x(wpa_s->key_mgmt) &&
283 wpa_s->key_mgmt != WPA_KEY_MGMT_IEEE8021X_NO_WPA &&
284 wpa_s->key_mgmt != WPA_KEY_MGMT_WPS;
285 eapol_sm_notify_config(wpa_s->eapol, &ssid->eap, &eapol_conf);
286 #endif /* IEEE8021X_EAPOL */
291 * wpa_supplicant_set_non_wpa_policy - Set WPA parameters to non-WPA mode
292 * @wpa_s: Pointer to wpa_supplicant data
293 * @ssid: Configuration data for the network
295 * This function is used to configure WPA state machine and related parameters
296 * to a mode where WPA is not enabled. This is called as part of the
297 * authentication configuration when the selected network does not use WPA.
299 void wpa_supplicant_set_non_wpa_policy(struct wpa_supplicant *wpa_s,
300 struct wpa_ssid *ssid)
304 if (ssid->key_mgmt & WPA_KEY_MGMT_WPS)
305 wpa_s->key_mgmt = WPA_KEY_MGMT_WPS;
306 else if (ssid->key_mgmt & WPA_KEY_MGMT_IEEE8021X_NO_WPA)
307 wpa_s->key_mgmt = WPA_KEY_MGMT_IEEE8021X_NO_WPA;
309 wpa_s->key_mgmt = WPA_KEY_MGMT_NONE;
310 wpa_sm_set_ap_wpa_ie(wpa_s->wpa, NULL, 0);
311 wpa_sm_set_ap_rsn_ie(wpa_s->wpa, NULL, 0);
312 wpa_sm_set_assoc_wpa_ie(wpa_s->wpa, NULL, 0);
313 wpa_s->pairwise_cipher = WPA_CIPHER_NONE;
314 wpa_s->group_cipher = WPA_CIPHER_NONE;
315 wpa_s->mgmt_group_cipher = 0;
317 for (i = 0; i < NUM_WEP_KEYS; i++) {
318 if (ssid->wep_key_len[i] > 5) {
319 wpa_s->pairwise_cipher = WPA_CIPHER_WEP104;
320 wpa_s->group_cipher = WPA_CIPHER_WEP104;
322 } else if (ssid->wep_key_len[i] > 0) {
323 wpa_s->pairwise_cipher = WPA_CIPHER_WEP40;
324 wpa_s->group_cipher = WPA_CIPHER_WEP40;
329 wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_RSN_ENABLED, 0);
330 wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_KEY_MGMT, wpa_s->key_mgmt);
331 wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_PAIRWISE,
332 wpa_s->pairwise_cipher);
333 wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_GROUP, wpa_s->group_cipher);
334 #ifdef CONFIG_IEEE80211W
335 wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_MGMT_GROUP,
336 wpa_s->mgmt_group_cipher);
337 #endif /* CONFIG_IEEE80211W */
339 pmksa_cache_clear_current(wpa_s->wpa);
343 static void wpa_supplicant_cleanup(struct wpa_supplicant *wpa_s)
345 scard_deinit(wpa_s->scard);
347 wpa_sm_set_scard_ctx(wpa_s->wpa, NULL);
348 eapol_sm_register_scard_ctx(wpa_s->eapol, NULL);
349 l2_packet_deinit(wpa_s->l2);
352 l2_packet_deinit(wpa_s->l2_br);
356 if (wpa_s->ctrl_iface) {
357 wpa_supplicant_ctrl_iface_deinit(wpa_s->ctrl_iface);
358 wpa_s->ctrl_iface = NULL;
360 if (wpa_s->conf != NULL) {
361 wpa_config_free(wpa_s->conf);
365 os_free(wpa_s->confname);
366 wpa_s->confname = NULL;
368 wpa_sm_set_eapol(wpa_s->wpa, NULL);
369 eapol_sm_deinit(wpa_s->eapol);
372 rsn_preauth_deinit(wpa_s->wpa);
374 pmksa_candidate_free(wpa_s->wpa);
375 wpa_sm_deinit(wpa_s->wpa);
377 wpa_blacklist_clear(wpa_s);
379 wpa_scan_results_free(wpa_s->scan_res);
380 wpa_s->scan_res = NULL;
382 wpa_supplicant_cancel_scan(wpa_s);
383 wpa_supplicant_cancel_auth_timeout(wpa_s);
385 ieee80211_sta_deinit(wpa_s);
387 wpas_wps_deinit(wpa_s);
389 wpabuf_free(wpa_s->pending_eapol_rx);
390 wpa_s->pending_eapol_rx = NULL;
395 * wpa_clear_keys - Clear keys configured for the driver
396 * @wpa_s: Pointer to wpa_supplicant data
397 * @addr: Previously used BSSID or %NULL if not available
399 * This function clears the encryption keys that has been previously configured
402 void wpa_clear_keys(struct wpa_supplicant *wpa_s, const u8 *addr)
404 u8 *bcast = (u8 *) "\xff\xff\xff\xff\xff\xff";
406 if (wpa_s->keys_cleared) {
407 /* Some drivers (e.g., ndiswrapper & NDIS drivers) seem to have
408 * timing issues with keys being cleared just before new keys
409 * are set or just after association or something similar. This
410 * shows up in group key handshake failing often because of the
411 * client not receiving the first encrypted packets correctly.
412 * Skipping some of the extra key clearing steps seems to help
413 * in completing group key handshake more reliably. */
414 wpa_printf(MSG_DEBUG, "No keys have been configured - "
415 "skip key clearing");
419 /* MLME-DELETEKEYS.request */
420 wpa_drv_set_key(wpa_s, WPA_ALG_NONE, bcast, 0, 0, NULL, 0, NULL, 0);
421 wpa_drv_set_key(wpa_s, WPA_ALG_NONE, bcast, 1, 0, NULL, 0, NULL, 0);
422 wpa_drv_set_key(wpa_s, WPA_ALG_NONE, bcast, 2, 0, NULL, 0, NULL, 0);
423 wpa_drv_set_key(wpa_s, WPA_ALG_NONE, bcast, 3, 0, NULL, 0, NULL, 0);
424 #ifdef CONFIG_IEEE80211W
425 wpa_drv_set_key(wpa_s, WPA_ALG_NONE, bcast, 4, 0, NULL, 0, NULL, 0);
426 wpa_drv_set_key(wpa_s, WPA_ALG_NONE, bcast, 5, 0, NULL, 0, NULL, 0);
427 #endif /* CONFIG_IEEE80211W */
429 wpa_drv_set_key(wpa_s, WPA_ALG_NONE, addr, 0, 0, NULL, 0, NULL,
431 /* MLME-SETPROTECTION.request(None) */
432 wpa_drv_mlme_setprotection(
434 MLME_SETPROTECTION_PROTECT_TYPE_NONE,
435 MLME_SETPROTECTION_KEY_TYPE_PAIRWISE);
437 wpa_s->keys_cleared = 1;
442 * wpa_supplicant_state_txt - Get the connection state name as a text string
443 * @state: State (wpa_state; WPA_*)
444 * Returns: The state name as a printable text string
446 const char * wpa_supplicant_state_txt(int state)
449 case WPA_DISCONNECTED:
450 return "DISCONNECTED";
455 case WPA_ASSOCIATING:
456 return "ASSOCIATING";
459 case WPA_4WAY_HANDSHAKE:
460 return "4WAY_HANDSHAKE";
461 case WPA_GROUP_HANDSHAKE:
462 return "GROUP_HANDSHAKE";
472 * wpa_supplicant_set_state - Set current connection state
473 * @wpa_s: Pointer to wpa_supplicant data
474 * @state: The new connection state
476 * This function is called whenever the connection state changes, e.g.,
477 * association is completed for WPA/WPA2 4-Way Handshake is started.
479 void wpa_supplicant_set_state(struct wpa_supplicant *wpa_s, wpa_states state)
481 wpa_printf(MSG_DEBUG, "State: %s -> %s",
482 wpa_supplicant_state_txt(wpa_s->wpa_state),
483 wpa_supplicant_state_txt(state));
485 if (state != WPA_SCANNING)
486 wpa_supplicant_notify_scanning(wpa_s, 0);
488 wpa_supplicant_dbus_notify_state_change(wpa_s, state,
491 if (state == WPA_COMPLETED && wpa_s->new_connection) {
492 #if defined(CONFIG_CTRL_IFACE) || !defined(CONFIG_NO_STDOUT_DEBUG)
493 struct wpa_ssid *ssid = wpa_s->current_ssid;
494 wpa_msg(wpa_s, MSG_INFO, WPA_EVENT_CONNECTED "- Connection to "
495 MACSTR " completed %s [id=%d id_str=%s]",
496 MAC2STR(wpa_s->bssid), wpa_s->reassociated_connection ?
497 "(reauth)" : "(auth)",
498 ssid ? ssid->id : -1,
499 ssid && ssid->id_str ? ssid->id_str : "");
500 #endif /* CONFIG_CTRL_IFACE || !CONFIG_NO_STDOUT_DEBUG */
501 wpa_s->new_connection = 0;
502 wpa_s->reassociated_connection = 1;
503 wpa_drv_set_operstate(wpa_s, 1);
504 } else if (state == WPA_DISCONNECTED || state == WPA_ASSOCIATING ||
505 state == WPA_ASSOCIATED) {
506 wpa_s->new_connection = 1;
507 wpa_drv_set_operstate(wpa_s, 0);
509 wpa_s->wpa_state = state;
513 static void wpa_supplicant_terminate(int sig, void *eloop_ctx,
516 struct wpa_global *global = eloop_ctx;
517 struct wpa_supplicant *wpa_s;
518 for (wpa_s = global->ifaces; wpa_s; wpa_s = wpa_s->next) {
519 wpa_msg(wpa_s, MSG_INFO, WPA_EVENT_TERMINATING "- signal %d "
526 static void wpa_supplicant_clear_status(struct wpa_supplicant *wpa_s)
528 wpa_s->pairwise_cipher = 0;
529 wpa_s->group_cipher = 0;
530 wpa_s->mgmt_group_cipher = 0;
532 wpa_s->wpa_state = WPA_DISCONNECTED;
537 * wpa_supplicant_reload_configuration - Reload configuration data
538 * @wpa_s: Pointer to wpa_supplicant data
539 * Returns: 0 on success or -1 if configuration parsing failed
541 * This function can be used to request that the configuration data is reloaded
542 * (e.g., after configuration file change). This function is reloading
543 * configuration only for one interface, so this may need to be called multiple
544 * times if %wpa_supplicant is controlling multiple interfaces and all
545 * interfaces need reconfiguration.
547 int wpa_supplicant_reload_configuration(struct wpa_supplicant *wpa_s)
549 struct wpa_config *conf;
551 if (wpa_s->confname == NULL)
553 conf = wpa_config_read(wpa_s->confname);
555 wpa_msg(wpa_s, MSG_ERROR, "Failed to parse the configuration "
556 "file '%s' - exiting", wpa_s->confname);
560 reconf_ctrl = !!conf->ctrl_interface != !!wpa_s->conf->ctrl_interface
561 || (conf->ctrl_interface && wpa_s->conf->ctrl_interface &&
562 os_strcmp(conf->ctrl_interface,
563 wpa_s->conf->ctrl_interface) != 0);
565 if (reconf_ctrl && wpa_s->ctrl_iface) {
566 wpa_supplicant_ctrl_iface_deinit(wpa_s->ctrl_iface);
567 wpa_s->ctrl_iface = NULL;
570 eapol_sm_invalidate_cached_session(wpa_s->eapol);
571 wpa_s->current_ssid = NULL;
573 * TODO: should notify EAPOL SM about changes in opensc_engine_path,
574 * pkcs11_engine_path, pkcs11_module_path.
576 if (wpa_key_mgmt_wpa_psk(wpa_s->key_mgmt)) {
578 * Clear forced success to clear EAP state for next
581 eapol_sm_notify_eap_success(wpa_s->eapol, FALSE);
583 eapol_sm_notify_config(wpa_s->eapol, NULL, NULL);
584 wpa_sm_set_config(wpa_s->wpa, NULL);
585 wpa_sm_set_fast_reauth(wpa_s->wpa, wpa_s->conf->fast_reauth);
586 rsn_preauth_deinit(wpa_s->wpa);
587 wpa_config_free(wpa_s->conf);
590 wpa_s->ctrl_iface = wpa_supplicant_ctrl_iface_init(wpa_s);
592 wpa_supplicant_clear_status(wpa_s);
593 wpa_s->reassociate = 1;
594 wpa_supplicant_req_scan(wpa_s, 0, 0);
595 wpa_msg(wpa_s, MSG_DEBUG, "Reconfiguration completed");
600 static void wpa_supplicant_reconfig(int sig, void *eloop_ctx,
603 struct wpa_global *global = eloop_ctx;
604 struct wpa_supplicant *wpa_s;
605 wpa_printf(MSG_DEBUG, "Signal %d received - reconfiguring", sig);
606 for (wpa_s = global->ifaces; wpa_s; wpa_s = wpa_s->next) {
607 if (wpa_supplicant_reload_configuration(wpa_s) < 0) {
614 static wpa_cipher cipher_suite2driver(int cipher)
617 case WPA_CIPHER_NONE:
619 case WPA_CIPHER_WEP40:
621 case WPA_CIPHER_WEP104:
622 return CIPHER_WEP104;
623 case WPA_CIPHER_CCMP:
625 case WPA_CIPHER_TKIP:
632 static wpa_key_mgmt key_mgmt2driver(int key_mgmt)
635 case WPA_KEY_MGMT_NONE:
636 return KEY_MGMT_NONE;
637 case WPA_KEY_MGMT_IEEE8021X_NO_WPA:
638 return KEY_MGMT_802_1X_NO_WPA;
639 case WPA_KEY_MGMT_IEEE8021X:
640 return KEY_MGMT_802_1X;
641 case WPA_KEY_MGMT_WPA_NONE:
642 return KEY_MGMT_WPA_NONE;
643 case WPA_KEY_MGMT_FT_IEEE8021X:
644 return KEY_MGMT_FT_802_1X;
645 case WPA_KEY_MGMT_FT_PSK:
646 return KEY_MGMT_FT_PSK;
647 case WPA_KEY_MGMT_IEEE8021X_SHA256:
648 return KEY_MGMT_802_1X_SHA256;
649 case WPA_KEY_MGMT_PSK_SHA256:
650 return KEY_MGMT_PSK_SHA256;
651 case WPA_KEY_MGMT_WPS:
653 case WPA_KEY_MGMT_PSK:
660 static int wpa_supplicant_suites_from_ai(struct wpa_supplicant *wpa_s,
661 struct wpa_ssid *ssid,
662 struct wpa_ie_data *ie)
664 int ret = wpa_sm_parse_own_wpa_ie(wpa_s->wpa, ie);
667 wpa_msg(wpa_s, MSG_INFO, "WPA: Failed to parse WPA IE "
668 "from association info");
673 wpa_printf(MSG_DEBUG, "WPA: Using WPA IE from AssocReq to set cipher "
675 if (!(ie->group_cipher & ssid->group_cipher)) {
676 wpa_msg(wpa_s, MSG_INFO, "WPA: Driver used disabled group "
677 "cipher 0x%x (mask 0x%x) - reject",
678 ie->group_cipher, ssid->group_cipher);
681 if (!(ie->pairwise_cipher & ssid->pairwise_cipher)) {
682 wpa_msg(wpa_s, MSG_INFO, "WPA: Driver used disabled pairwise "
683 "cipher 0x%x (mask 0x%x) - reject",
684 ie->pairwise_cipher, ssid->pairwise_cipher);
687 if (!(ie->key_mgmt & ssid->key_mgmt)) {
688 wpa_msg(wpa_s, MSG_INFO, "WPA: Driver used disabled key "
689 "management 0x%x (mask 0x%x) - reject",
690 ie->key_mgmt, ssid->key_mgmt);
694 #ifdef CONFIG_IEEE80211W
695 if (!(ie->capabilities & WPA_CAPABILITY_MFPC) &&
696 ssid->ieee80211w == IEEE80211W_REQUIRED) {
697 wpa_msg(wpa_s, MSG_INFO, "WPA: Driver associated with an AP "
698 "that does not support management frame protection - "
702 #endif /* CONFIG_IEEE80211W */
709 * wpa_supplicant_set_suites - Set authentication and encryption parameters
710 * @wpa_s: Pointer to wpa_supplicant data
711 * @bss: Scan results for the selected BSS, or %NULL if not available
712 * @ssid: Configuration data for the selected network
713 * @wpa_ie: Buffer for the WPA/RSN IE
714 * @wpa_ie_len: Maximum wpa_ie buffer size on input. This is changed to be the
715 * used buffer length in case the functions returns success.
716 * Returns: 0 on success or -1 on failure
718 * This function is used to configure authentication and encryption parameters
719 * based on the network configuration and scan result for the selected BSS (if
722 int wpa_supplicant_set_suites(struct wpa_supplicant *wpa_s,
723 struct wpa_scan_res *bss,
724 struct wpa_ssid *ssid,
725 u8 *wpa_ie, size_t *wpa_ie_len)
727 struct wpa_ie_data ie;
729 const u8 *bss_wpa, *bss_rsn;
732 bss_wpa = wpa_scan_get_vendor_ie(bss, WPA_IE_VENDOR_TYPE);
733 bss_rsn = wpa_scan_get_ie(bss, WLAN_EID_RSN);
735 bss_wpa = bss_rsn = NULL;
737 if (bss_rsn && (ssid->proto & WPA_PROTO_RSN) &&
738 wpa_parse_wpa_ie(bss_rsn, 2 + bss_rsn[1], &ie) == 0 &&
739 (ie.group_cipher & ssid->group_cipher) &&
740 (ie.pairwise_cipher & ssid->pairwise_cipher) &&
741 (ie.key_mgmt & ssid->key_mgmt)) {
742 wpa_msg(wpa_s, MSG_DEBUG, "RSN: using IEEE 802.11i/D9.0");
743 proto = WPA_PROTO_RSN;
744 } else if (bss_wpa && (ssid->proto & WPA_PROTO_WPA) &&
745 wpa_parse_wpa_ie(bss_wpa, 2 +bss_wpa[1], &ie) == 0 &&
746 (ie.group_cipher & ssid->group_cipher) &&
747 (ie.pairwise_cipher & ssid->pairwise_cipher) &&
748 (ie.key_mgmt & ssid->key_mgmt)) {
749 wpa_msg(wpa_s, MSG_DEBUG, "WPA: using IEEE 802.11i/D3.0");
750 proto = WPA_PROTO_WPA;
752 wpa_msg(wpa_s, MSG_WARNING, "WPA: Failed to select WPA/RSN");
755 if (ssid->proto & WPA_PROTO_RSN)
756 proto = WPA_PROTO_RSN;
758 proto = WPA_PROTO_WPA;
759 if (wpa_supplicant_suites_from_ai(wpa_s, ssid, &ie) < 0) {
760 os_memset(&ie, 0, sizeof(ie));
761 ie.group_cipher = ssid->group_cipher;
762 ie.pairwise_cipher = ssid->pairwise_cipher;
763 ie.key_mgmt = ssid->key_mgmt;
764 #ifdef CONFIG_IEEE80211W
765 ie.mgmt_group_cipher =
766 ssid->ieee80211w != NO_IEEE80211W ?
767 WPA_CIPHER_AES_128_CMAC : 0;
768 #endif /* CONFIG_IEEE80211W */
769 wpa_printf(MSG_DEBUG, "WPA: Set cipher suites based "
775 wpa_printf(MSG_DEBUG, "WPA: Selected cipher suites: group %d "
776 "pairwise %d key_mgmt %d proto %d",
777 ie.group_cipher, ie.pairwise_cipher, ie.key_mgmt, proto);
778 #ifdef CONFIG_IEEE80211W
779 if (ssid->ieee80211w) {
780 wpa_printf(MSG_DEBUG, "WPA: Selected mgmt group cipher %d",
781 ie.mgmt_group_cipher);
783 #endif /* CONFIG_IEEE80211W */
785 wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_PROTO, proto);
786 wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_RSN_ENABLED,
787 !!(ssid->proto & WPA_PROTO_RSN));
789 if (bss || !wpa_s->ap_ies_from_associnfo) {
790 if (wpa_sm_set_ap_wpa_ie(wpa_s->wpa, bss_wpa,
791 bss_wpa ? 2 + bss_wpa[1] : 0) ||
792 wpa_sm_set_ap_rsn_ie(wpa_s->wpa, bss_rsn,
793 bss_rsn ? 2 + bss_rsn[1] : 0))
797 sel = ie.group_cipher & ssid->group_cipher;
798 if (sel & WPA_CIPHER_CCMP) {
799 wpa_s->group_cipher = WPA_CIPHER_CCMP;
800 wpa_msg(wpa_s, MSG_DEBUG, "WPA: using GTK CCMP");
801 } else if (sel & WPA_CIPHER_TKIP) {
802 wpa_s->group_cipher = WPA_CIPHER_TKIP;
803 wpa_msg(wpa_s, MSG_DEBUG, "WPA: using GTK TKIP");
804 } else if (sel & WPA_CIPHER_WEP104) {
805 wpa_s->group_cipher = WPA_CIPHER_WEP104;
806 wpa_msg(wpa_s, MSG_DEBUG, "WPA: using GTK WEP104");
807 } else if (sel & WPA_CIPHER_WEP40) {
808 wpa_s->group_cipher = WPA_CIPHER_WEP40;
809 wpa_msg(wpa_s, MSG_DEBUG, "WPA: using GTK WEP40");
811 wpa_printf(MSG_WARNING, "WPA: Failed to select group cipher.");
815 sel = ie.pairwise_cipher & ssid->pairwise_cipher;
816 if (sel & WPA_CIPHER_CCMP) {
817 wpa_s->pairwise_cipher = WPA_CIPHER_CCMP;
818 wpa_msg(wpa_s, MSG_DEBUG, "WPA: using PTK CCMP");
819 } else if (sel & WPA_CIPHER_TKIP) {
820 wpa_s->pairwise_cipher = WPA_CIPHER_TKIP;
821 wpa_msg(wpa_s, MSG_DEBUG, "WPA: using PTK TKIP");
822 } else if (sel & WPA_CIPHER_NONE) {
823 wpa_s->pairwise_cipher = WPA_CIPHER_NONE;
824 wpa_msg(wpa_s, MSG_DEBUG, "WPA: using PTK NONE");
826 wpa_printf(MSG_WARNING, "WPA: Failed to select pairwise "
831 sel = ie.key_mgmt & ssid->key_mgmt;
833 #ifdef CONFIG_IEEE80211R
834 } else if (sel & WPA_KEY_MGMT_FT_IEEE8021X) {
835 wpa_s->key_mgmt = WPA_KEY_MGMT_FT_IEEE8021X;
836 wpa_msg(wpa_s, MSG_DEBUG, "WPA: using KEY_MGMT FT/802.1X");
837 } else if (sel & WPA_KEY_MGMT_FT_PSK) {
838 wpa_s->key_mgmt = WPA_KEY_MGMT_FT_PSK;
839 wpa_msg(wpa_s, MSG_DEBUG, "WPA: using KEY_MGMT FT/PSK");
840 #endif /* CONFIG_IEEE80211R */
841 #ifdef CONFIG_IEEE80211W
842 } else if (sel & WPA_KEY_MGMT_IEEE8021X_SHA256) {
843 wpa_s->key_mgmt = WPA_KEY_MGMT_IEEE8021X_SHA256;
844 wpa_msg(wpa_s, MSG_DEBUG,
845 "WPA: using KEY_MGMT 802.1X with SHA256");
846 } else if (sel & WPA_KEY_MGMT_PSK_SHA256) {
847 wpa_s->key_mgmt = WPA_KEY_MGMT_PSK_SHA256;
848 wpa_msg(wpa_s, MSG_DEBUG,
849 "WPA: using KEY_MGMT PSK with SHA256");
850 #endif /* CONFIG_IEEE80211W */
851 } else if (sel & WPA_KEY_MGMT_IEEE8021X) {
852 wpa_s->key_mgmt = WPA_KEY_MGMT_IEEE8021X;
853 wpa_msg(wpa_s, MSG_DEBUG, "WPA: using KEY_MGMT 802.1X");
854 } else if (sel & WPA_KEY_MGMT_PSK) {
855 wpa_s->key_mgmt = WPA_KEY_MGMT_PSK;
856 wpa_msg(wpa_s, MSG_DEBUG, "WPA: using KEY_MGMT WPA-PSK");
857 } else if (sel & WPA_KEY_MGMT_WPA_NONE) {
858 wpa_s->key_mgmt = WPA_KEY_MGMT_WPA_NONE;
859 wpa_msg(wpa_s, MSG_DEBUG, "WPA: using KEY_MGMT WPA-NONE");
861 wpa_printf(MSG_WARNING, "WPA: Failed to select authenticated "
862 "key management type.");
866 wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_KEY_MGMT, wpa_s->key_mgmt);
867 wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_PAIRWISE,
868 wpa_s->pairwise_cipher);
869 wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_GROUP, wpa_s->group_cipher);
871 #ifdef CONFIG_IEEE80211W
872 sel = ie.mgmt_group_cipher;
873 if (ssid->ieee80211w == NO_IEEE80211W ||
874 !(ie.capabilities & WPA_CAPABILITY_MFPC))
876 if (sel & WPA_CIPHER_AES_128_CMAC) {
877 wpa_s->mgmt_group_cipher = WPA_CIPHER_AES_128_CMAC;
878 wpa_msg(wpa_s, MSG_DEBUG, "WPA: using MGMT group cipher "
881 wpa_s->mgmt_group_cipher = 0;
882 wpa_msg(wpa_s, MSG_DEBUG, "WPA: not using MGMT group cipher");
884 wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_MGMT_GROUP,
885 wpa_s->mgmt_group_cipher);
886 #endif /* CONFIG_IEEE80211W */
888 if (wpa_sm_set_assoc_wpa_ie_default(wpa_s->wpa, wpa_ie, wpa_ie_len)) {
889 wpa_printf(MSG_WARNING, "WPA: Failed to generate WPA IE.");
894 (WPA_KEY_MGMT_PSK | WPA_KEY_MGMT_FT_PSK | WPA_KEY_MGMT_PSK_SHA256))
895 wpa_sm_set_pmk(wpa_s->wpa, ssid->psk, PMK_LEN);
897 wpa_sm_set_pmk_from_pmksa(wpa_s->wpa);
904 * wpa_supplicant_associate - Request association
905 * @wpa_s: Pointer to wpa_supplicant data
906 * @bss: Scan results for the selected BSS, or %NULL if not available
907 * @ssid: Configuration data for the selected network
909 * This function is used to request %wpa_supplicant to associate with a BSS.
911 void wpa_supplicant_associate(struct wpa_supplicant *wpa_s,
912 struct wpa_scan_res *bss, struct wpa_ssid *ssid)
916 int use_crypt, ret, i;
917 int algs = AUTH_ALG_OPEN_SYSTEM;
918 wpa_cipher cipher_pairwise, cipher_group;
919 struct wpa_driver_associate_params params;
920 int wep_keys_set = 0;
921 struct wpa_driver_capa capa;
922 int assoc_failed = 0;
924 wpa_s->reassociate = 0;
926 #ifdef CONFIG_IEEE80211R
928 #endif /* CONFIG_IEEE80211R */
929 const u8 *ie = wpa_scan_get_ie(bss, WLAN_EID_SSID);
930 wpa_msg(wpa_s, MSG_INFO, "Trying to associate with " MACSTR
931 " (SSID='%s' freq=%d MHz)", MAC2STR(bss->bssid),
932 ie ? wpa_ssid_txt(ie + 2, ie[1]) : "", bss->freq);
933 os_memset(wpa_s->bssid, 0, ETH_ALEN);
934 os_memcpy(wpa_s->pending_bssid, bss->bssid, ETH_ALEN);
935 #ifdef CONFIG_IEEE80211R
936 ie = wpa_scan_get_ie(bss, WLAN_EID_MOBILITY_DOMAIN);
937 if (ie && ie[1] >= MOBILITY_DOMAIN_ID_LEN)
939 wpa_sm_set_ft_params(wpa_s->wpa, md, NULL, 0, NULL);
941 /* Prepare for the next transition */
942 wpa_ft_prepare_auth_request(wpa_s->wpa);
944 #endif /* CONFIG_IEEE80211R */
946 } else if ((ssid->ssid == NULL || ssid->ssid_len == 0) &&
947 wpa_s->conf->ap_scan == 2 &&
948 (ssid->key_mgmt & WPA_KEY_MGMT_WPS)) {
949 /* Use ap_scan==1 style network selection to find the network
952 wpa_s->reassociate = 1;
953 wpa_supplicant_req_scan(wpa_s, 0, 0);
955 #endif /* CONFIG_WPS */
957 wpa_msg(wpa_s, MSG_INFO, "Trying to associate with SSID '%s'",
958 wpa_ssid_txt(ssid->ssid, ssid->ssid_len));
959 os_memset(wpa_s->pending_bssid, 0, ETH_ALEN);
961 wpa_supplicant_cancel_scan(wpa_s);
963 /* Starting new association, so clear the possibly used WPA IE from the
964 * previous association. */
965 wpa_sm_set_assoc_wpa_ie(wpa_s->wpa, NULL, 0);
967 if (wpa_drv_set_mode(wpa_s, ssid->mode)) {
968 wpa_printf(MSG_WARNING, "Failed to set operating mode");
972 #ifdef IEEE8021X_EAPOL
973 if (ssid->key_mgmt & WPA_KEY_MGMT_IEEE8021X_NO_WPA) {
975 if (ssid->non_leap == 0)
976 algs = AUTH_ALG_LEAP;
978 algs |= AUTH_ALG_LEAP;
981 #endif /* IEEE8021X_EAPOL */
982 wpa_printf(MSG_DEBUG, "Automatic auth_alg selection: 0x%x", algs);
983 if (ssid->auth_alg) {
985 if (ssid->auth_alg & WPA_AUTH_ALG_OPEN)
986 algs |= AUTH_ALG_OPEN_SYSTEM;
987 if (ssid->auth_alg & WPA_AUTH_ALG_SHARED)
988 algs |= AUTH_ALG_SHARED_KEY;
989 if (ssid->auth_alg & WPA_AUTH_ALG_LEAP)
990 algs |= AUTH_ALG_LEAP;
991 wpa_printf(MSG_DEBUG, "Overriding auth_alg selection: 0x%x",
994 wpa_drv_set_auth_alg(wpa_s, algs);
996 if (bss && (wpa_scan_get_vendor_ie(bss, WPA_IE_VENDOR_TYPE) ||
997 wpa_scan_get_ie(bss, WLAN_EID_RSN)) &&
998 (ssid->key_mgmt & (WPA_KEY_MGMT_IEEE8021X | WPA_KEY_MGMT_PSK |
999 WPA_KEY_MGMT_FT_IEEE8021X |
1000 WPA_KEY_MGMT_FT_PSK |
1001 WPA_KEY_MGMT_IEEE8021X_SHA256 |
1002 WPA_KEY_MGMT_PSK_SHA256))) {
1003 int try_opportunistic;
1004 try_opportunistic = ssid->proactive_key_caching &&
1005 (ssid->proto & WPA_PROTO_RSN);
1006 if (pmksa_cache_set_current(wpa_s->wpa, NULL, bss->bssid,
1007 wpa_s->current_ssid,
1008 try_opportunistic) == 0)
1009 eapol_sm_notify_pmkid_attempt(wpa_s->eapol, 1);
1010 wpa_ie_len = sizeof(wpa_ie);
1011 if (wpa_supplicant_set_suites(wpa_s, bss, ssid,
1012 wpa_ie, &wpa_ie_len)) {
1013 wpa_printf(MSG_WARNING, "WPA: Failed to set WPA key "
1014 "management and encryption suites");
1017 } else if (ssid->key_mgmt &
1018 (WPA_KEY_MGMT_PSK | WPA_KEY_MGMT_IEEE8021X |
1019 WPA_KEY_MGMT_WPA_NONE | WPA_KEY_MGMT_FT_PSK |
1020 WPA_KEY_MGMT_FT_IEEE8021X | WPA_KEY_MGMT_PSK_SHA256 |
1021 WPA_KEY_MGMT_IEEE8021X_SHA256)) {
1022 wpa_ie_len = sizeof(wpa_ie);
1023 if (wpa_supplicant_set_suites(wpa_s, NULL, ssid,
1024 wpa_ie, &wpa_ie_len)) {
1025 wpa_printf(MSG_WARNING, "WPA: Failed to set WPA key "
1026 "management and encryption suites (no scan "
1031 } else if (ssid->key_mgmt & WPA_KEY_MGMT_WPS) {
1032 struct wpabuf *wps_ie;
1033 wps_ie = wps_build_assoc_req_ie(wpas_wps_get_req_type(ssid));
1034 if (wps_ie && wpabuf_len(wps_ie) <= sizeof(wpa_ie)) {
1035 wpa_ie_len = wpabuf_len(wps_ie);
1036 os_memcpy(wpa_ie, wpabuf_head(wps_ie), wpa_ie_len);
1039 wpabuf_free(wps_ie);
1040 wpa_supplicant_set_non_wpa_policy(wpa_s, ssid);
1041 #endif /* CONFIG_WPS */
1043 wpa_supplicant_set_non_wpa_policy(wpa_s, ssid);
1047 wpa_clear_keys(wpa_s, bss ? bss->bssid : NULL);
1049 cipher_pairwise = cipher_suite2driver(wpa_s->pairwise_cipher);
1050 cipher_group = cipher_suite2driver(wpa_s->group_cipher);
1051 if (wpa_s->key_mgmt == WPA_KEY_MGMT_NONE ||
1052 wpa_s->key_mgmt == WPA_KEY_MGMT_IEEE8021X_NO_WPA) {
1053 if (wpa_s->key_mgmt == WPA_KEY_MGMT_NONE)
1055 if (wpa_set_wep_keys(wpa_s, ssid)) {
1060 if (wpa_s->key_mgmt == WPA_KEY_MGMT_WPS)
1063 #ifdef IEEE8021X_EAPOL
1064 if (wpa_s->key_mgmt == WPA_KEY_MGMT_IEEE8021X_NO_WPA) {
1065 if ((ssid->eapol_flags &
1066 (EAPOL_FLAG_REQUIRE_KEY_UNICAST |
1067 EAPOL_FLAG_REQUIRE_KEY_BROADCAST)) == 0 &&
1071 /* Assume that dynamic WEP-104 keys will be used and
1072 * set cipher suites in order for drivers to expect
1074 cipher_pairwise = cipher_group = CIPHER_WEP104;
1077 #endif /* IEEE8021X_EAPOL */
1079 if (wpa_s->key_mgmt == WPA_KEY_MGMT_WPA_NONE) {
1080 /* Set the key before (and later after) association */
1081 wpa_supplicant_set_wpa_none_key(wpa_s, ssid);
1084 wpa_drv_set_drop_unencrypted(wpa_s, use_crypt);
1085 wpa_supplicant_set_state(wpa_s, WPA_ASSOCIATING);
1086 os_memset(¶ms, 0, sizeof(params));
1088 const u8 *ie = wpa_scan_get_ie(bss, WLAN_EID_SSID);
1089 params.bssid = bss->bssid;
1090 params.ssid = ie ? ie + 2 : (u8 *) "";
1091 params.ssid_len = ie ? ie[1] : 0;
1092 params.freq = bss->freq;
1094 params.ssid = ssid->ssid;
1095 params.ssid_len = ssid->ssid_len;
1097 if (ssid->mode == 1 && ssid->frequency > 0 && params.freq == 0)
1098 params.freq = ssid->frequency; /* Initial channel for IBSS */
1099 params.wpa_ie = wpa_ie;
1100 params.wpa_ie_len = wpa_ie_len;
1101 params.pairwise_suite = cipher_pairwise;
1102 params.group_suite = cipher_group;
1103 params.key_mgmt_suite = key_mgmt2driver(wpa_s->key_mgmt);
1104 params.auth_alg = algs;
1105 params.mode = ssid->mode;
1106 for (i = 0; i < NUM_WEP_KEYS; i++) {
1107 if (ssid->wep_key_len[i])
1108 params.wep_key[i] = ssid->wep_key[i];
1109 params.wep_key_len[i] = ssid->wep_key_len[i];
1111 params.wep_tx_keyidx = ssid->wep_tx_keyidx;
1113 if (wpa_s->driver_4way_handshake &&
1114 (params.key_mgmt_suite == KEY_MGMT_PSK ||
1115 params.key_mgmt_suite == KEY_MGMT_FT_PSK)) {
1116 params.passphrase = ssid->passphrase;
1118 params.psk = ssid->psk;
1121 #ifdef CONFIG_IEEE80211W
1122 switch (ssid->ieee80211w) {
1124 params.mgmt_frame_protection = NO_MGMT_FRAME_PROTECTION;
1126 case IEEE80211W_OPTIONAL:
1127 params.mgmt_frame_protection = MGMT_FRAME_PROTECTION_OPTIONAL;
1129 case IEEE80211W_REQUIRED:
1130 params.mgmt_frame_protection = MGMT_FRAME_PROTECTION_REQUIRED;
1133 if (ssid->ieee80211w != NO_IEEE80211W && bss) {
1134 const u8 *rsn = wpa_scan_get_ie(bss, WLAN_EID_RSN);
1135 struct wpa_ie_data ie;
1136 if (rsn && wpa_parse_wpa_ie(rsn, 2 + rsn[1], &ie) == 0 &&
1138 (WPA_CAPABILITY_MFPC | WPA_CAPABILITY_MFPR)) {
1139 wpa_printf(MSG_DEBUG, "WPA: Selected AP supports MFP: "
1141 params.mgmt_frame_protection =
1142 MGMT_FRAME_PROTECTION_REQUIRED;
1145 #endif /* CONFIG_IEEE80211W */
1147 if (wpa_s->use_client_mlme)
1148 ret = ieee80211_sta_associate(wpa_s, ¶ms);
1150 ret = wpa_drv_associate(wpa_s, ¶ms);
1152 wpa_msg(wpa_s, MSG_INFO, "Association request to the driver "
1154 /* try to continue anyway; new association will be tried again
1159 if (wpa_s->key_mgmt == WPA_KEY_MGMT_WPA_NONE) {
1160 /* Set the key after the association just in case association
1161 * cleared the previously configured key. */
1162 wpa_supplicant_set_wpa_none_key(wpa_s, ssid);
1163 /* No need to timeout authentication since there is no key
1165 wpa_supplicant_cancel_auth_timeout(wpa_s);
1166 wpa_supplicant_set_state(wpa_s, WPA_COMPLETED);
1168 /* Timeout for IEEE 802.11 authentication and association */
1172 /* give IBSS a bit more time */
1173 timeout = ssid->mode ? 10 : 5;
1174 } else if (wpa_s->conf->ap_scan == 1) {
1175 /* give IBSS a bit more time */
1176 timeout = ssid->mode ? 20 : 10;
1178 wpa_supplicant_req_auth_timeout(wpa_s, timeout, 0);
1181 if (wep_keys_set && wpa_drv_get_capa(wpa_s, &capa) == 0 &&
1182 capa.flags & WPA_DRIVER_FLAGS_SET_KEYS_AFTER_ASSOC) {
1183 /* Set static WEP keys again */
1184 wpa_set_wep_keys(wpa_s, ssid);
1187 if (wpa_s->current_ssid && wpa_s->current_ssid != ssid) {
1189 * Do not allow EAP session resumption between different
1190 * network configurations.
1192 eapol_sm_invalidate_cached_session(wpa_s->eapol);
1194 wpa_s->current_ssid = ssid;
1195 wpa_supplicant_rsn_supp_set_config(wpa_s, wpa_s->current_ssid);
1196 wpa_supplicant_initiate_eapol(wpa_s);
1201 * wpa_supplicant_disassociate - Disassociate the current connection
1202 * @wpa_s: Pointer to wpa_supplicant data
1203 * @reason_code: IEEE 802.11 reason code for the disassociate frame
1205 * This function is used to request %wpa_supplicant to disassociate with the
1208 void wpa_supplicant_disassociate(struct wpa_supplicant *wpa_s,
1212 if (!is_zero_ether_addr(wpa_s->bssid)) {
1213 if (wpa_s->use_client_mlme)
1214 ieee80211_sta_disassociate(wpa_s, reason_code);
1216 wpa_drv_disassociate(wpa_s, wpa_s->bssid, reason_code);
1217 addr = wpa_s->bssid;
1219 wpa_clear_keys(wpa_s, addr);
1220 wpa_supplicant_mark_disassoc(wpa_s);
1221 wpa_s->current_ssid = NULL;
1222 wpa_sm_set_config(wpa_s->wpa, NULL);
1223 eapol_sm_notify_config(wpa_s->eapol, NULL, NULL);
1228 * wpa_supplicant_deauthenticate - Deauthenticate the current connection
1229 * @wpa_s: Pointer to wpa_supplicant data
1230 * @reason_code: IEEE 802.11 reason code for the deauthenticate frame
1232 * This function is used to request %wpa_supplicant to deauthenticate from the
1235 void wpa_supplicant_deauthenticate(struct wpa_supplicant *wpa_s,
1239 if (!is_zero_ether_addr(wpa_s->bssid)) {
1240 if (wpa_s->use_client_mlme)
1241 ieee80211_sta_deauthenticate(wpa_s, reason_code);
1243 wpa_drv_deauthenticate(wpa_s, wpa_s->bssid,
1245 addr = wpa_s->bssid;
1247 wpa_clear_keys(wpa_s, addr);
1248 wpa_supplicant_mark_disassoc(wpa_s);
1249 wpa_s->current_ssid = NULL;
1250 wpa_sm_set_config(wpa_s->wpa, NULL);
1251 eapol_sm_notify_config(wpa_s->eapol, NULL, NULL);
1255 static int wpa_supplicant_get_scan_results_old(struct wpa_supplicant *wpa_s)
1257 #define SCAN_AP_LIMIT 128
1258 struct wpa_scan_result *results;
1260 struct wpa_scan_results *res;
1262 results = os_malloc(SCAN_AP_LIMIT * sizeof(struct wpa_scan_result));
1263 if (results == NULL) {
1264 wpa_printf(MSG_WARNING, "Failed to allocate memory for scan "
1269 num = wpa_drv_get_scan_results(wpa_s, results, SCAN_AP_LIMIT);
1270 wpa_printf(MSG_DEBUG, "Scan results: %d", num);
1272 wpa_printf(MSG_DEBUG, "Failed to get scan results");
1276 if (num > SCAN_AP_LIMIT) {
1277 wpa_printf(MSG_INFO, "Not enough room for all APs (%d < %d)",
1278 num, SCAN_AP_LIMIT);
1279 num = SCAN_AP_LIMIT;
1282 wpa_scan_results_free(wpa_s->scan_res);
1283 wpa_s->scan_res = NULL;
1285 /* Convert old scan result data structure to the new one */
1286 res = os_zalloc(sizeof(*res));
1291 res->res = os_zalloc(num * sizeof(struct wpa_scan_res *));
1292 if (res->res == NULL) {
1298 for (i = 0; i < num; i++) {
1299 struct wpa_scan_result *bss = &results[i];
1300 struct wpa_scan_res *r;
1304 ie_len = 2 + bss->ssid_len + bss->rsn_ie_len + bss->wpa_ie_len;
1307 if (bss->mdie_present)
1310 r = os_zalloc(sizeof(*r) + ie_len);
1314 os_memcpy(r->bssid, bss->bssid, ETH_ALEN);
1315 r->freq = bss->freq;
1316 r->caps = bss->caps;
1317 r->qual = bss->qual;
1318 r->noise = bss->noise;
1319 r->level = bss->level;
1323 pos = (u8 *) (r + 1);
1326 *pos++ = WLAN_EID_SSID;
1327 *pos++ = bss->ssid_len;
1328 os_memcpy(pos, bss->ssid, bss->ssid_len);
1329 pos += bss->ssid_len;
1332 /* Fake Supported Rate IE to include max rate */
1333 *pos++ = WLAN_EID_SUPP_RATES;
1335 *pos++ = bss->maxrate;
1338 if (bss->rsn_ie_len) {
1339 os_memcpy(pos, bss->rsn_ie, bss->rsn_ie_len);
1340 pos += bss->rsn_ie_len;
1343 if (bss->mdie_present) {
1344 os_memcpy(pos, bss->mdie, 5);
1348 if (bss->wpa_ie_len) {
1349 os_memcpy(pos, bss->wpa_ie, bss->wpa_ie_len);
1350 pos += bss->wpa_ie_len;
1353 res->res[res->num++] = r;
1357 wpa_s->scan_res = res;
1364 * wpa_supplicant_get_scan_results - Get scan results
1365 * @wpa_s: Pointer to wpa_supplicant data
1366 * Returns: 0 on success, -1 on failure
1368 * This function is request the current scan results from the driver and stores
1369 * a local copy of the results in wpa_s->scan_res.
1371 int wpa_supplicant_get_scan_results(struct wpa_supplicant *wpa_s)
1375 if (wpa_s->use_client_mlme) {
1376 wpa_scan_results_free(wpa_s->scan_res);
1377 wpa_s->scan_res = ieee80211_sta_get_scan_results(wpa_s);
1378 if (wpa_s->scan_res == NULL) {
1379 wpa_printf(MSG_DEBUG, "Failed to get scan results");
1383 } else if (wpa_s->driver->get_scan_results2 == NULL)
1384 ret = wpa_supplicant_get_scan_results_old(wpa_s);
1386 wpa_scan_results_free(wpa_s->scan_res);
1387 wpa_s->scan_res = wpa_drv_get_scan_results2(wpa_s);
1388 if (wpa_s->scan_res == NULL) {
1389 wpa_printf(MSG_DEBUG, "Failed to get scan results");
1395 if (wpa_s->scan_res)
1396 wpa_scan_sort_results(wpa_s->scan_res);
1403 * wpa_supplicant_get_ssid - Get a pointer to the current network structure
1404 * @wpa_s: Pointer to wpa_supplicant data
1405 * Returns: A pointer to the current network structure or %NULL on failure
1407 struct wpa_ssid * wpa_supplicant_get_ssid(struct wpa_supplicant *wpa_s)
1409 struct wpa_ssid *entry;
1410 u8 ssid[MAX_SSID_LEN];
1416 if (wpa_s->use_client_mlme) {
1417 if (ieee80211_sta_get_ssid(wpa_s, ssid, &ssid_len)) {
1418 wpa_printf(MSG_WARNING, "Could not read SSID from "
1423 res = wpa_drv_get_ssid(wpa_s, ssid);
1425 wpa_printf(MSG_WARNING, "Could not read SSID from "
1432 if (wpa_s->use_client_mlme)
1433 os_memcpy(bssid, wpa_s->bssid, ETH_ALEN);
1434 else if (wpa_drv_get_bssid(wpa_s, bssid) < 0) {
1435 wpa_printf(MSG_WARNING, "Could not read BSSID from driver.");
1439 wired = wpa_s->conf->ap_scan == 0 && wpa_s->driver &&
1440 IS_WIRED(wpa_s->driver);
1442 entry = wpa_s->conf->ssid;
1444 if (!entry->disabled &&
1445 ((ssid_len == entry->ssid_len &&
1446 os_memcmp(ssid, entry->ssid, ssid_len) == 0) || wired) &&
1447 (!entry->bssid_set ||
1448 os_memcmp(bssid, entry->bssid, ETH_ALEN) == 0))
1451 if (!entry->disabled &&
1452 (entry->key_mgmt & WPA_KEY_MGMT_WPS) &&
1453 (entry->ssid == NULL || entry->ssid_len == 0) &&
1454 (!entry->bssid_set ||
1455 os_memcmp(bssid, entry->bssid, ETH_ALEN) == 0))
1457 #endif /* CONFIG_WPS */
1458 entry = entry->next;
1465 static int wpa_supplicant_set_driver(struct wpa_supplicant *wpa_s,
1473 if (wpa_supplicant_drivers[0] == NULL) {
1474 wpa_printf(MSG_ERROR, "No driver interfaces build into "
1480 /* default to first driver in the list */
1481 wpa_s->driver = wpa_supplicant_drivers[0];
1482 wpa_s->global_drv_priv = wpa_s->global->drv_priv[0];
1486 for (i = 0; wpa_supplicant_drivers[i]; i++) {
1487 if (os_strcmp(name, wpa_supplicant_drivers[i]->name) == 0) {
1488 wpa_s->driver = wpa_supplicant_drivers[i];
1489 wpa_s->global_drv_priv = wpa_s->global->drv_priv[i];
1494 wpa_printf(MSG_ERROR, "Unsupported driver '%s'.\n", name);
1499 void wpa_supplicant_rx_eapol(void *ctx, const u8 *src_addr,
1500 const u8 *buf, size_t len)
1502 struct wpa_supplicant *wpa_s = ctx;
1504 wpa_printf(MSG_DEBUG, "RX EAPOL from " MACSTR, MAC2STR(src_addr));
1505 wpa_hexdump(MSG_MSGDUMP, "RX EAPOL", buf, len);
1507 if (wpa_s->wpa_state < WPA_ASSOCIATED) {
1509 * There is possible race condition between receiving the
1510 * association event and the EAPOL frame since they are coming
1511 * through different paths from the driver. In order to avoid
1512 * issues in trying to process the EAPOL frame before receiving
1513 * association information, lets queue it for processing until
1514 * the association event is received.
1516 wpa_printf(MSG_DEBUG, "Not associated - Delay processing of "
1517 "received EAPOL frame");
1518 wpabuf_free(wpa_s->pending_eapol_rx);
1519 wpa_s->pending_eapol_rx = wpabuf_alloc_copy(buf, len);
1520 if (wpa_s->pending_eapol_rx) {
1521 os_get_time(&wpa_s->pending_eapol_rx_time);
1522 os_memcpy(wpa_s->pending_eapol_rx_src, src_addr,
1528 if (wpa_s->key_mgmt == WPA_KEY_MGMT_NONE) {
1529 wpa_printf(MSG_DEBUG, "Ignored received EAPOL frame since "
1530 "no key management is configured");
1534 if (wpa_s->eapol_received == 0 &&
1535 (!wpa_s->driver_4way_handshake ||
1536 !wpa_key_mgmt_wpa_psk(wpa_s->key_mgmt) ||
1537 wpa_s->wpa_state != WPA_COMPLETED)) {
1538 /* Timeout for completing IEEE 802.1X and WPA authentication */
1539 wpa_supplicant_req_auth_timeout(
1541 (wpa_key_mgmt_wpa_ieee8021x(wpa_s->key_mgmt) ||
1542 wpa_s->key_mgmt == WPA_KEY_MGMT_IEEE8021X_NO_WPA ||
1543 wpa_s->key_mgmt == WPA_KEY_MGMT_WPS) ?
1546 wpa_s->eapol_received++;
1548 if (wpa_s->countermeasures) {
1549 wpa_printf(MSG_INFO, "WPA: Countermeasures - dropped EAPOL "
1554 /* Source address of the incoming EAPOL frame could be compared to the
1555 * current BSSID. However, it is possible that a centralized
1556 * Authenticator could be using another MAC address than the BSSID of
1557 * an AP, so just allow any address to be used for now. The replies are
1558 * still sent to the current BSSID (if available), though. */
1560 os_memcpy(wpa_s->last_eapol_src, src_addr, ETH_ALEN);
1561 if (!wpa_key_mgmt_wpa_psk(wpa_s->key_mgmt) &&
1562 eapol_sm_rx_eapol(wpa_s->eapol, src_addr, buf, len) > 0)
1564 wpa_drv_poll(wpa_s);
1565 if (!wpa_s->driver_4way_handshake)
1566 wpa_sm_rx_eapol(wpa_s->wpa, src_addr, buf, len);
1567 else if (wpa_key_mgmt_wpa_ieee8021x(wpa_s->key_mgmt)) {
1569 * Set portValid = TRUE here since we are going to skip 4-way
1570 * handshake processing which would normally set portValid. We
1571 * need this to allow the EAPOL state machines to be completed
1572 * without going through EAPOL-Key handshake.
1574 eapol_sm_notify_portValid(wpa_s->eapol, TRUE);
1579 void wpa_supplicant_sta_free_hw_features(struct wpa_hw_modes *hw_features,
1580 size_t num_hw_features)
1582 ieee80211_sta_free_hw_features(hw_features, num_hw_features);
1586 void wpa_supplicant_sta_rx(void *ctx, const u8 *buf, size_t len,
1587 struct ieee80211_rx_status *rx_status)
1589 struct wpa_supplicant *wpa_s = ctx;
1590 ieee80211_sta_rx(wpa_s, buf, len, rx_status);
1595 * wpa_supplicant_driver_init - Initialize driver interface parameters
1596 * @wpa_s: Pointer to wpa_supplicant data
1597 * Returns: 0 on success, -1 on failure
1599 * This function is called to initialize driver interface parameters.
1600 * wpa_drv_init() must have been called before this function to initialize the
1603 int wpa_supplicant_driver_init(struct wpa_supplicant *wpa_s)
1605 static int interface_count = 0;
1607 if (wpa_s->driver->send_eapol) {
1608 const u8 *addr = wpa_drv_get_mac_addr(wpa_s);
1610 os_memcpy(wpa_s->own_addr, addr, ETH_ALEN);
1612 wpa_s->l2 = l2_packet_init(wpa_s->ifname,
1613 wpa_drv_get_mac_addr(wpa_s),
1615 wpa_supplicant_rx_eapol, wpa_s, 0);
1616 if (wpa_s->l2 == NULL)
1620 if (wpa_s->l2 && l2_packet_get_own_addr(wpa_s->l2, wpa_s->own_addr)) {
1621 wpa_printf(MSG_ERROR, "Failed to get own L2 address");
1625 wpa_printf(MSG_DEBUG, "Own MAC address: " MACSTR,
1626 MAC2STR(wpa_s->own_addr));
1628 if (wpa_s->bridge_ifname[0]) {
1629 wpa_printf(MSG_DEBUG, "Receiving packets from bridge interface"
1630 " '%s'", wpa_s->bridge_ifname);
1631 wpa_s->l2_br = l2_packet_init(wpa_s->bridge_ifname,
1634 wpa_supplicant_rx_eapol, wpa_s,
1636 if (wpa_s->l2_br == NULL) {
1637 wpa_printf(MSG_ERROR, "Failed to open l2_packet "
1638 "connection for the bridge interface '%s'",
1639 wpa_s->bridge_ifname);
1644 /* Backwards compatibility call to set_wpa() handler. This is called
1645 * only just after init and just before deinit, so these handler can be
1646 * used to implement same functionality. */
1647 if (wpa_drv_set_wpa(wpa_s, 1) < 0) {
1648 struct wpa_driver_capa capa;
1649 if (wpa_drv_get_capa(wpa_s, &capa) < 0 ||
1650 !(capa.flags & (WPA_DRIVER_CAPA_KEY_MGMT_WPA |
1651 WPA_DRIVER_CAPA_KEY_MGMT_WPA2))) {
1652 wpa_printf(MSG_DEBUG, "Driver does not support WPA.");
1653 /* Continue to allow non-WPA modes to be used. */
1655 wpa_printf(MSG_ERROR, "Failed to enable WPA in the "
1661 wpa_clear_keys(wpa_s, NULL);
1663 /* Make sure that TKIP countermeasures are not left enabled (could
1664 * happen if wpa_supplicant is killed during countermeasures. */
1665 wpa_drv_set_countermeasures(wpa_s, 0);
1667 wpa_drv_set_drop_unencrypted(wpa_s, 1);
1669 wpa_printf(MSG_DEBUG, "RSN: flushing PMKID list in the driver");
1670 wpa_drv_flush_pmkid(wpa_s);
1672 wpa_s->prev_scan_ssid = BROADCAST_SSID_SCAN;
1673 wpa_supplicant_req_scan(wpa_s, interface_count, 100000);
1680 static int wpa_supplicant_daemon(const char *pid_file)
1682 wpa_printf(MSG_DEBUG, "Daemonize..");
1683 return os_daemonize(pid_file);
1687 static struct wpa_supplicant * wpa_supplicant_alloc(void)
1689 struct wpa_supplicant *wpa_s;
1691 wpa_s = os_zalloc(sizeof(*wpa_s));
1694 wpa_s->scan_req = 1;
1700 static int wpa_supplicant_init_iface(struct wpa_supplicant *wpa_s,
1701 struct wpa_interface *iface)
1703 wpa_printf(MSG_DEBUG, "Initializing interface '%s' conf '%s' driver "
1704 "'%s' ctrl_interface '%s' bridge '%s'", iface->ifname,
1705 iface->confname ? iface->confname : "N/A",
1706 iface->driver ? iface->driver : "default",
1707 iface->ctrl_interface ? iface->ctrl_interface : "N/A",
1708 iface->bridge_ifname ? iface->bridge_ifname : "N/A");
1710 if (wpa_supplicant_set_driver(wpa_s, iface->driver) < 0) {
1714 if (iface->confname) {
1715 #ifdef CONFIG_BACKEND_FILE
1716 wpa_s->confname = os_rel2abs_path(iface->confname);
1717 if (wpa_s->confname == NULL) {
1718 wpa_printf(MSG_ERROR, "Failed to get absolute path "
1719 "for configuration file '%s'.",
1723 wpa_printf(MSG_DEBUG, "Configuration file '%s' -> '%s'",
1724 iface->confname, wpa_s->confname);
1725 #else /* CONFIG_BACKEND_FILE */
1726 wpa_s->confname = os_strdup(iface->confname);
1727 #endif /* CONFIG_BACKEND_FILE */
1728 wpa_s->conf = wpa_config_read(wpa_s->confname);
1729 if (wpa_s->conf == NULL) {
1730 wpa_printf(MSG_ERROR, "Failed to read or parse "
1731 "configuration '%s'.", wpa_s->confname);
1736 * Override ctrl_interface and driver_param if set on command
1739 if (iface->ctrl_interface) {
1740 os_free(wpa_s->conf->ctrl_interface);
1741 wpa_s->conf->ctrl_interface =
1742 os_strdup(iface->ctrl_interface);
1745 if (iface->driver_param) {
1746 os_free(wpa_s->conf->driver_param);
1747 wpa_s->conf->driver_param =
1748 os_strdup(iface->driver_param);
1751 wpa_s->conf = wpa_config_alloc_empty(iface->ctrl_interface,
1752 iface->driver_param);
1754 if (wpa_s->conf == NULL) {
1755 wpa_printf(MSG_ERROR, "\nNo configuration found.");
1759 if (iface->ifname == NULL) {
1760 wpa_printf(MSG_ERROR, "\nInterface name is required.");
1763 if (os_strlen(iface->ifname) >= sizeof(wpa_s->ifname)) {
1764 wpa_printf(MSG_ERROR, "\nToo long interface name '%s'.",
1768 os_strlcpy(wpa_s->ifname, iface->ifname, sizeof(wpa_s->ifname));
1770 if (iface->bridge_ifname) {
1771 if (os_strlen(iface->bridge_ifname) >=
1772 sizeof(wpa_s->bridge_ifname)) {
1773 wpa_printf(MSG_ERROR, "\nToo long bridge interface "
1774 "name '%s'.", iface->bridge_ifname);
1777 os_strlcpy(wpa_s->bridge_ifname, iface->bridge_ifname,
1778 sizeof(wpa_s->bridge_ifname));
1785 static int wpa_supplicant_init_iface2(struct wpa_supplicant *wpa_s)
1788 struct wpa_driver_capa capa;
1790 wpa_printf(MSG_DEBUG, "Initializing interface (2) '%s'",
1793 /* RSNA Supplicant Key Management - INITIALIZE */
1794 eapol_sm_notify_portEnabled(wpa_s->eapol, FALSE);
1795 eapol_sm_notify_portValid(wpa_s->eapol, FALSE);
1797 /* Initialize driver interface and register driver event handler before
1798 * L2 receive handler so that association events are processed before
1799 * EAPOL-Key packets if both become available for the same select()
1801 wpa_s->drv_priv = wpa_drv_init(wpa_s, wpa_s->ifname);
1802 if (wpa_s->drv_priv == NULL) {
1803 wpa_printf(MSG_ERROR, "Failed to initialize driver interface");
1806 if (wpa_drv_set_param(wpa_s, wpa_s->conf->driver_param) < 0) {
1807 wpa_printf(MSG_ERROR, "Driver interface rejected "
1808 "driver_param '%s'", wpa_s->conf->driver_param);
1812 ifname = wpa_drv_get_ifname(wpa_s);
1813 if (ifname && os_strcmp(ifname, wpa_s->ifname) != 0) {
1814 wpa_printf(MSG_DEBUG, "Driver interface replaced interface "
1815 "name with '%s'", ifname);
1816 os_strlcpy(wpa_s->ifname, ifname, sizeof(wpa_s->ifname));
1819 if (wpa_supplicant_init_wpa(wpa_s) < 0)
1822 wpa_sm_set_ifname(wpa_s->wpa, wpa_s->ifname,
1823 wpa_s->bridge_ifname[0] ? wpa_s->bridge_ifname :
1825 wpa_sm_set_fast_reauth(wpa_s->wpa, wpa_s->conf->fast_reauth);
1827 if (wpa_s->conf->dot11RSNAConfigPMKLifetime &&
1828 wpa_sm_set_param(wpa_s->wpa, RSNA_PMK_LIFETIME,
1829 wpa_s->conf->dot11RSNAConfigPMKLifetime)) {
1830 wpa_printf(MSG_ERROR, "Invalid WPA parameter value for "
1831 "dot11RSNAConfigPMKLifetime");
1835 if (wpa_s->conf->dot11RSNAConfigPMKReauthThreshold &&
1836 wpa_sm_set_param(wpa_s->wpa, RSNA_PMK_REAUTH_THRESHOLD,
1837 wpa_s->conf->dot11RSNAConfigPMKReauthThreshold)) {
1838 wpa_printf(MSG_ERROR, "Invalid WPA parameter value for "
1839 "dot11RSNAConfigPMKReauthThreshold");
1843 if (wpa_s->conf->dot11RSNAConfigSATimeout &&
1844 wpa_sm_set_param(wpa_s->wpa, RSNA_SA_TIMEOUT,
1845 wpa_s->conf->dot11RSNAConfigSATimeout)) {
1846 wpa_printf(MSG_ERROR, "Invalid WPA parameter value for "
1847 "dot11RSNAConfigSATimeout");
1851 if (wpa_supplicant_driver_init(wpa_s) < 0)
1854 if (wpa_s->conf->country[0] && wpa_s->conf->country[1] &&
1855 wpa_drv_set_country(wpa_s, wpa_s->conf->country)) {
1856 wpa_printf(MSG_DEBUG, "Failed to set country");
1860 wpa_sm_set_own_addr(wpa_s->wpa, wpa_s->own_addr);
1862 if (wpas_wps_init(wpa_s))
1865 if (wpa_supplicant_init_eapol(wpa_s) < 0)
1867 wpa_sm_set_eapol(wpa_s->wpa, wpa_s->eapol);
1869 wpa_s->ctrl_iface = wpa_supplicant_ctrl_iface_init(wpa_s);
1870 if (wpa_s->ctrl_iface == NULL) {
1871 wpa_printf(MSG_ERROR,
1872 "Failed to initialize control interface '%s'.\n"
1873 "You may have another wpa_supplicant process "
1874 "already running or the file was\n"
1875 "left by an unclean termination of wpa_supplicant "
1876 "in which case you will need\n"
1877 "to manually remove this file before starting "
1878 "wpa_supplicant again.\n",
1879 wpa_s->conf->ctrl_interface);
1883 if (wpa_drv_get_capa(wpa_s, &capa) == 0) {
1884 if (capa.flags & WPA_DRIVER_FLAGS_USER_SPACE_MLME) {
1885 wpa_s->use_client_mlme = 1;
1886 if (ieee80211_sta_init(wpa_s))
1889 if (capa.flags & WPA_DRIVER_FLAGS_4WAY_HANDSHAKE)
1890 wpa_s->driver_4way_handshake = 1;
1897 static void wpa_supplicant_deinit_iface(struct wpa_supplicant *wpa_s)
1899 if (wpa_s->drv_priv) {
1900 wpa_supplicant_deauthenticate(wpa_s,
1901 WLAN_REASON_DEAUTH_LEAVING);
1903 /* Backwards compatibility call to set_wpa() handler. This is
1904 * called only just after init and just before deinit, so these
1905 * handler can be used to implement same functionality. */
1906 if (wpa_drv_set_wpa(wpa_s, 0) < 0) {
1907 wpa_printf(MSG_ERROR, "Failed to disable WPA in the "
1911 wpa_drv_set_drop_unencrypted(wpa_s, 0);
1912 wpa_drv_set_countermeasures(wpa_s, 0);
1913 wpa_clear_keys(wpa_s, NULL);
1916 wpas_dbus_unregister_iface(wpa_s);
1918 wpa_supplicant_cleanup(wpa_s);
1920 if (wpa_s->drv_priv)
1921 wpa_drv_deinit(wpa_s);
1926 * wpa_supplicant_add_iface - Add a new network interface
1927 * @global: Pointer to global data from wpa_supplicant_init()
1928 * @iface: Interface configuration options
1929 * Returns: Pointer to the created interface or %NULL on failure
1931 * This function is used to add new network interfaces for %wpa_supplicant.
1932 * This can be called before wpa_supplicant_run() to add interfaces before the
1933 * main event loop has been started. In addition, new interfaces can be added
1934 * dynamically while %wpa_supplicant is already running. This could happen,
1935 * e.g., when a hotplug network adapter is inserted.
1937 struct wpa_supplicant * wpa_supplicant_add_iface(struct wpa_global *global,
1938 struct wpa_interface *iface)
1940 struct wpa_supplicant *wpa_s;
1942 if (global == NULL || iface == NULL)
1945 wpa_s = wpa_supplicant_alloc();
1949 wpa_s->global = global;
1951 if (wpa_supplicant_init_iface(wpa_s, iface) ||
1952 wpa_supplicant_init_iface2(wpa_s)) {
1953 wpa_printf(MSG_DEBUG, "Failed to add interface %s",
1955 wpa_supplicant_deinit_iface(wpa_s);
1960 /* Register the interface with the dbus control interface */
1961 if (wpas_dbus_register_iface(wpa_s)) {
1962 wpa_supplicant_deinit_iface(wpa_s);
1967 wpa_s->next = global->ifaces;
1968 global->ifaces = wpa_s;
1970 wpa_printf(MSG_DEBUG, "Added interface %s", wpa_s->ifname);
1977 * wpa_supplicant_remove_iface - Remove a network interface
1978 * @global: Pointer to global data from wpa_supplicant_init()
1979 * @wpa_s: Pointer to the network interface to be removed
1980 * Returns: 0 if interface was removed, -1 if interface was not found
1982 * This function can be used to dynamically remove network interfaces from
1983 * %wpa_supplicant, e.g., when a hotplug network adapter is ejected. In
1984 * addition, this function is used to remove all remaining interfaces when
1985 * %wpa_supplicant is terminated.
1987 int wpa_supplicant_remove_iface(struct wpa_global *global,
1988 struct wpa_supplicant *wpa_s)
1990 struct wpa_supplicant *prev;
1992 /* Remove interface from the global list of interfaces */
1993 prev = global->ifaces;
1994 if (prev == wpa_s) {
1995 global->ifaces = wpa_s->next;
1997 while (prev && prev->next != wpa_s)
2001 prev->next = wpa_s->next;
2004 wpa_printf(MSG_DEBUG, "Removing interface %s", wpa_s->ifname);
2006 wpa_supplicant_deinit_iface(wpa_s);
2014 * wpa_supplicant_get_iface - Get a new network interface
2015 * @global: Pointer to global data from wpa_supplicant_init()
2016 * @ifname: Interface name
2017 * Returns: Pointer to the interface or %NULL if not found
2019 struct wpa_supplicant * wpa_supplicant_get_iface(struct wpa_global *global,
2022 struct wpa_supplicant *wpa_s;
2024 for (wpa_s = global->ifaces; wpa_s; wpa_s = wpa_s->next) {
2025 if (os_strcmp(wpa_s->ifname, ifname) == 0)
2033 * wpa_supplicant_init - Initialize %wpa_supplicant
2034 * @params: Parameters for %wpa_supplicant
2035 * Returns: Pointer to global %wpa_supplicant data, or %NULL on failure
2037 * This function is used to initialize %wpa_supplicant. After successful
2038 * initialization, the returned data pointer can be used to add and remove
2039 * network interfaces, and eventually, to deinitialize %wpa_supplicant.
2041 struct wpa_global * wpa_supplicant_init(struct wpa_params *params)
2043 struct wpa_global *global;
2049 wpa_debug_open_file(params->wpa_debug_file_path);
2051 ret = eap_peer_register_methods();
2053 wpa_printf(MSG_ERROR, "Failed to register EAP methods");
2055 wpa_printf(MSG_ERROR, "Two or more EAP methods used "
2056 "the same EAP type.");
2060 global = os_zalloc(sizeof(*global));
2063 global->params.daemonize = params->daemonize;
2064 global->params.wait_for_monitor = params->wait_for_monitor;
2065 global->params.dbus_ctrl_interface = params->dbus_ctrl_interface;
2066 if (params->pid_file)
2067 global->params.pid_file = os_strdup(params->pid_file);
2068 if (params->ctrl_interface)
2069 global->params.ctrl_interface =
2070 os_strdup(params->ctrl_interface);
2071 wpa_debug_level = global->params.wpa_debug_level =
2072 params->wpa_debug_level;
2073 wpa_debug_show_keys = global->params.wpa_debug_show_keys =
2074 params->wpa_debug_show_keys;
2075 wpa_debug_timestamp = global->params.wpa_debug_timestamp =
2076 params->wpa_debug_timestamp;
2078 if (eloop_init(global)) {
2079 wpa_printf(MSG_ERROR, "Failed to initialize event loop");
2080 wpa_supplicant_deinit(global);
2084 global->ctrl_iface = wpa_supplicant_global_ctrl_iface_init(global);
2085 if (global->ctrl_iface == NULL) {
2086 wpa_supplicant_deinit(global);
2090 if (global->params.dbus_ctrl_interface) {
2091 global->dbus_ctrl_iface =
2092 wpa_supplicant_dbus_ctrl_iface_init(global);
2093 if (global->dbus_ctrl_iface == NULL) {
2094 wpa_supplicant_deinit(global);
2099 for (i = 0; wpa_supplicant_drivers[i]; i++)
2100 global->drv_count++;
2101 if (global->drv_count == 0) {
2102 wpa_printf(MSG_ERROR, "No drivers enabled");
2103 wpa_supplicant_deinit(global);
2106 global->drv_priv = os_zalloc(global->drv_count * sizeof(void *));
2107 if (global->drv_priv == NULL) {
2108 wpa_supplicant_deinit(global);
2111 for (i = 0; wpa_supplicant_drivers[i]; i++) {
2112 if (!wpa_supplicant_drivers[i]->global_init)
2114 global->drv_priv[i] = wpa_supplicant_drivers[i]->global_init();
2115 if (global->drv_priv[i] == NULL) {
2116 wpa_printf(MSG_ERROR, "Failed to initialize driver "
2117 "'%s'", wpa_supplicant_drivers[i]->name);
2118 wpa_supplicant_deinit(global);
2128 * wpa_supplicant_run - Run the %wpa_supplicant main event loop
2129 * @global: Pointer to global data from wpa_supplicant_init()
2130 * Returns: 0 after successful event loop run, -1 on failure
2132 * This function starts the main event loop and continues running as long as
2133 * there are any remaining events. In most cases, this function is running as
2134 * long as the %wpa_supplicant process in still in use.
2136 int wpa_supplicant_run(struct wpa_global *global)
2138 struct wpa_supplicant *wpa_s;
2140 if (global->params.daemonize &&
2141 wpa_supplicant_daemon(global->params.pid_file))
2144 if (global->params.wait_for_monitor) {
2145 for (wpa_s = global->ifaces; wpa_s; wpa_s = wpa_s->next)
2146 if (wpa_s->ctrl_iface)
2147 wpa_supplicant_ctrl_iface_wait(
2151 eloop_register_signal_terminate(wpa_supplicant_terminate, NULL);
2152 eloop_register_signal_reconfig(wpa_supplicant_reconfig, NULL);
2161 * wpa_supplicant_deinit - Deinitialize %wpa_supplicant
2162 * @global: Pointer to global data from wpa_supplicant_init()
2164 * This function is called to deinitialize %wpa_supplicant and to free all
2165 * allocated resources. Remaining network interfaces will also be removed.
2167 void wpa_supplicant_deinit(struct wpa_global *global)
2174 while (global->ifaces)
2175 wpa_supplicant_remove_iface(global, global->ifaces);
2177 if (global->ctrl_iface)
2178 wpa_supplicant_global_ctrl_iface_deinit(global->ctrl_iface);
2179 if (global->dbus_ctrl_iface)
2180 wpa_supplicant_dbus_ctrl_iface_deinit(global->dbus_ctrl_iface);
2182 eap_peer_unregister_methods();
2184 for (i = 0; wpa_supplicant_drivers[i] && global->drv_priv; i++) {
2185 if (!global->drv_priv[i])
2187 wpa_supplicant_drivers[i]->global_deinit(global->drv_priv[i]);
2189 os_free(global->drv_priv);
2193 if (global->params.pid_file) {
2194 os_daemonize_terminate(global->params.pid_file);
2195 os_free(global->params.pid_file);
2197 os_free(global->params.ctrl_interface);
2200 wpa_debug_close_file();
tuxillo's projects / dragonfly.git / blob