3 * Copyright (c) 2003-2006, Jouni Malinen <jkmaline@cc.hut.fi>
5 * This program is free software; you can redistribute it and/or modify
6 * it under the terms of the GNU General Public License version 2 as
7 * published by the Free Software Foundation.
9 * Alternatively, this software may be distributed under the terms of BSD
12 * See README and COPYING for more details.
14 * This file implements functions for registering and unregistering
15 * %wpa_supplicant interfaces. In addition, this file contains number of
16 * functions for managing network connections.
26 #ifndef CONFIG_NATIVE_WINDOWS
27 #include <netinet/in.h>
28 #endif /* CONFIG_NATIVE_WINDOWS */
35 #include "wpa_supplicant.h"
37 #include "l2_packet.h"
38 #include "wpa_supplicant_i.h"
39 #include "ctrl_iface.h"
40 #include "pcsc_funcs.h"
45 const char *wpa_supplicant_version =
46 "wpa_supplicant v" VERSION_STR "\n"
47 "Copyright (c) 2003-2006, Jouni Malinen <jkmaline@cc.hut.fi> and contributors";
49 const char *wpa_supplicant_license =
50 "This program is free software. You can distribute it and/or modify it\n"
51 "under the terms of the GNU General Public License version 2.\n"
53 "Alternatively, this software may be distributed under the terms of the\n"
54 "BSD license. See README and COPYING for more details.\n"
56 "\nThis product includes software developed by the OpenSSL Project\n"
57 "for use in the OpenSSL Toolkit (http://www.openssl.org/)\n"
58 #endif /* EAP_TLS_FUNCS */
61 #ifndef CONFIG_NO_STDOUT_DEBUG
62 const char *wpa_supplicant_full_license =
63 "This program is free software; you can redistribute it and/or modify\n"
64 "it under the terms of the GNU General Public License version 2 as\n"
65 "published by the Free Software Foundation.\n"
67 "This program is distributed in the hope that it will be useful,\n"
68 "but WITHOUT ANY WARRANTY; without even the implied warranty of\n"
69 "MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n"
70 "GNU General Public License for more details.\n"
72 "You should have received a copy of the GNU General Public License\n"
73 "along with this program; if not, write to the Free Software\n"
74 "Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA\n"
76 "Alternatively, this software may be distributed under the terms of the\n"
79 "Redistribution and use in source and binary forms, with or without\n"
80 "modification, are permitted provided that the following conditions are\n"
83 "1. Redistributions of source code must retain the above copyright\n"
84 " notice, this list of conditions and the following disclaimer.\n"
86 "2. Redistributions in binary form must reproduce the above copyright\n"
87 " notice, this list of conditions and the following disclaimer in the\n"
88 " documentation and/or other materials provided with the distribution.\n"
90 "3. Neither the name(s) of the above-listed copyright holder(s) nor the\n"
91 " names of its contributors may be used to endorse or promote products\n"
92 " derived from this software without specific prior written permission.\n"
94 "THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS\n"
95 "\"AS IS\" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT\n"
96 "LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR\n"
97 "A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT\n"
98 "OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,\n"
99 "SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT\n"
100 "LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,\n"
101 "DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY\n"
102 "THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT\n"
103 "(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE\n"
104 "OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n"
106 #endif /* CONFIG_NO_STDOUT_DEBUG */
108 extern struct wpa_driver_ops *wpa_supplicant_drivers[];
110 extern int wpa_debug_level;
111 extern int wpa_debug_show_keys;
112 extern int wpa_debug_timestamp;
114 static void wpa_supplicant_scan(void *eloop_ctx, void *timeout_ctx);
116 void wpa_msg(struct wpa_supplicant *wpa_s, int level, char *fmt, ...)
120 const int buflen = 2048;
123 buf = malloc(buflen);
125 printf("Failed to allocate message buffer for:\n");
133 len = vsnprintf(buf, buflen, fmt, ap);
135 wpa_printf(level, "%s", buf);
136 wpa_supplicant_ctrl_iface_send(wpa_s, level, buf, len);
141 #if defined(IEEE8021X_EAPOL) || !defined(CONFIG_NO_WPA)
142 static u8 * wpa_alloc_eapol(const struct wpa_supplicant *wpa_s, u8 type,
143 const void *data, u16 data_len,
144 size_t *msg_len, void **data_pos)
146 struct ieee802_1x_hdr *hdr;
148 *msg_len = sizeof(*hdr) + data_len;
149 hdr = malloc(*msg_len);
153 hdr->version = wpa_s->conf->eapol_version;
155 hdr->length = htons(data_len);
158 memcpy(hdr + 1, data, data_len);
160 memset(hdr + 1, 0, data_len);
170 * wpa_ether_send - Send Ethernet frame
171 * @wpa_s: Pointer to wpa_supplicant data
172 * @dest: Destination MAC address
173 * @proto: Ethertype in host byte order
174 * @buf: Frame payload starting from IEEE 802.1X header
175 * @len: Frame payload length
176 * Returns: >=0 on success, <0 on failure
178 static int wpa_ether_send(struct wpa_supplicant *wpa_s, const u8 *dest,
179 u16 proto, const u8 *buf, size_t len)
182 return l2_packet_send(wpa_s->l2, dest, proto, buf, len);
185 return wpa_drv_send_eapol(wpa_s, dest, proto, buf, len);
187 #endif /* IEEE8021X_EAPOL || !CONFIG_NO_WPA */
190 #ifdef IEEE8021X_EAPOL
192 * wpa_supplicant_eapol_send - Send IEEE 802.1X EAPOL packet to Authenticator
193 * @ctx: Pointer to wpa_supplicant data (wpa_s)
194 * @type: IEEE 802.1X packet type (IEEE802_1X_TYPE_*)
195 * @buf: EAPOL payload (after IEEE 802.1X header)
196 * @len: EAPOL payload length
197 * Returns: >=0 on success, <0 on failure
199 * This function adds Ethernet and IEEE 802.1X header and sends the EAPOL frame
200 * to the current Authenticator.
202 static int wpa_supplicant_eapol_send(void *ctx, int type, const u8 *buf,
205 struct wpa_supplicant *wpa_s = ctx;
206 u8 *msg, *dst, bssid[ETH_ALEN];
210 /* TODO: could add l2_packet_sendmsg that allows fragments to avoid
213 if (wpa_s->key_mgmt == WPA_KEY_MGMT_PSK ||
214 wpa_s->key_mgmt == WPA_KEY_MGMT_NONE) {
215 /* Current SSID is not using IEEE 802.1X/EAP, so drop possible
216 * EAPOL frames (mainly, EAPOL-Start) from EAPOL state
218 wpa_printf(MSG_DEBUG, "WPA: drop TX EAPOL in non-IEEE 802.1X "
219 "mode (type=%d len=%lu)", type,
220 (unsigned long) len);
224 if (pmksa_cache_get_current(wpa_s->wpa) &&
225 type == IEEE802_1X_TYPE_EAPOL_START) {
226 /* Trying to use PMKSA caching - do not send EAPOL-Start frames
227 * since they will trigger full EAPOL authentication. */
228 wpa_printf(MSG_DEBUG, "RSN: PMKSA caching - do not send "
233 if (memcmp(wpa_s->bssid, "\x00\x00\x00\x00\x00\x00", ETH_ALEN) == 0) {
234 wpa_printf(MSG_DEBUG, "BSSID not set when trying to send an "
236 if (wpa_drv_get_bssid(wpa_s, bssid) == 0 &&
237 memcmp(bssid, "\x00\x00\x00\x00\x00\x00", ETH_ALEN) != 0) {
239 wpa_printf(MSG_DEBUG, "Using current BSSID " MACSTR
240 " from the driver as the EAPOL destination",
243 dst = wpa_s->last_eapol_src;
244 wpa_printf(MSG_DEBUG, "Using the source address of the"
245 " last received EAPOL frame " MACSTR " as "
246 "the EAPOL destination",
250 /* BSSID was already set (from (Re)Assoc event, so use it as
251 * the EAPOL destination. */
255 msg = wpa_alloc_eapol(wpa_s, type, buf, len, &msglen, NULL);
259 wpa_hexdump(MSG_MSGDUMP, "TX EAPOL", msg, msglen);
260 res = wpa_ether_send(wpa_s, dst, ETH_P_EAPOL, msg, msglen);
267 * wpa_eapol_set_wep_key - set WEP key for the driver
268 * @ctx: Pointer to wpa_supplicant data (wpa_s)
269 * @unicast: 1 = individual unicast key, 0 = broadcast key
270 * @keyidx: WEP key index (0..3)
271 * @key: Pointer to key data
272 * @keylen: Key length in bytes
273 * Returns: 0 on success or < 0 on error.
275 static int wpa_eapol_set_wep_key(void *ctx, int unicast, int keyidx,
276 const u8 *key, size_t keylen)
278 struct wpa_supplicant *wpa_s = ctx;
279 return wpa_drv_set_key(wpa_s, WPA_ALG_WEP,
280 unicast ? wpa_s->bssid :
281 (u8 *) "\xff\xff\xff\xff\xff\xff",
282 keyidx, unicast, (u8 *) "", 0, key, keylen);
286 static void wpa_supplicant_aborted_cached(void *ctx)
288 struct wpa_supplicant *wpa_s = ctx;
289 wpa_sm_aborted_cached(wpa_s->wpa);
292 #endif /* IEEE8021X_EAPOL */
295 #if defined(IEEE8021X_EAPOL) || !defined(CONFIG_NO_WPA)
296 static void wpa_supplicant_set_config_blob(void *ctx,
297 struct wpa_config_blob *blob)
299 struct wpa_supplicant *wpa_s = ctx;
300 wpa_config_set_blob(wpa_s->conf, blob);
304 static const struct wpa_config_blob *
305 wpa_supplicant_get_config_blob(void *ctx, const char *name)
307 struct wpa_supplicant *wpa_s = ctx;
308 return wpa_config_get_blob(wpa_s->conf, name);
310 #endif /* defined(IEEE8021X_EAPOL) || !defined(CONFIG_NO_WPA) */
313 /* Configure default/group WEP key for static WEP */
314 static int wpa_set_wep_key(void *ctx, int set_tx, int keyidx, const u8 *key,
317 struct wpa_supplicant *wpa_s = ctx;
318 return wpa_drv_set_key(wpa_s, WPA_ALG_WEP,
319 (u8 *) "\xff\xff\xff\xff\xff\xff",
320 keyidx, set_tx, (u8 *) "", 0, key, keylen);
324 static int wpa_supplicant_set_wpa_none_key(struct wpa_supplicant *wpa_s,
325 struct wpa_ssid *ssid)
332 /* IBSS/WPA-None uses only one key (Group) for both receiving and
333 * sending unicast and multicast packets. */
335 if (ssid->mode != IEEE80211_MODE_IBSS) {
336 wpa_printf(MSG_INFO, "WPA: Invalid mode %d (not IBSS/ad-hoc) "
337 "for WPA-None", ssid->mode);
341 if (!ssid->psk_set) {
342 wpa_printf(MSG_INFO, "WPA: No PSK configured for WPA-None");
346 switch (wpa_s->group_cipher) {
347 case WPA_CIPHER_CCMP:
348 memcpy(key, ssid->psk, 16);
352 case WPA_CIPHER_TKIP:
353 /* WPA-None uses the same Michael MIC key for both TX and RX */
354 memcpy(key, ssid->psk, 16 + 8);
355 memcpy(key + 16 + 8, ssid->psk + 16, 8);
360 wpa_printf(MSG_INFO, "WPA: Invalid group cipher %d for "
361 "WPA-None", wpa_s->group_cipher);
365 /* TODO: should actually remember the previously used seq#, both for TX
366 * and RX from each STA.. */
368 return wpa_drv_set_key(wpa_s, alg, (u8 *) "\xff\xff\xff\xff\xff\xff",
369 0, 1, seq, 6, key, keylen);
373 #ifdef IEEE8021X_EAPOL
374 static void wpa_supplicant_notify_eapol_done(void *ctx)
376 struct wpa_supplicant *wpa_s = ctx;
377 wpa_msg(wpa_s, MSG_DEBUG, "WPA: EAPOL processing complete");
378 if (wpa_s->key_mgmt == WPA_KEY_MGMT_IEEE8021X) {
379 wpa_supplicant_set_state(wpa_s, WPA_4WAY_HANDSHAKE);
381 eloop_cancel_timeout(wpa_supplicant_scan, wpa_s, NULL);
382 wpa_supplicant_cancel_auth_timeout(wpa_s);
383 wpa_supplicant_set_state(wpa_s, WPA_COMPLETED);
386 #endif /* IEEE8021X_EAPOL */
390 * wpa_blacklist_get - Get the blacklist entry for a BSSID
391 * @wpa_s: Pointer to wpa_supplicant data
393 * Returns: Matching blacklist entry for the BSSID or %NULL if not found
395 struct wpa_blacklist * wpa_blacklist_get(struct wpa_supplicant *wpa_s,
398 struct wpa_blacklist *e;
400 e = wpa_s->blacklist;
402 if (memcmp(e->bssid, bssid, ETH_ALEN) == 0)
412 * wpa_blacklist_add - Add an BSSID to the blacklist
413 * @wpa_s: Pointer to wpa_supplicant data
414 * @bssid: BSSID to be added to the blacklist
415 * Returns: 0 on success, -1 on failure
417 * This function adds the specified BSSID to the blacklist or increases the
418 * blacklist count if the BSSID was already listed. It should be called when
419 * an association attempt fails either due to the selected BSS rejecting
420 * association or due to timeout.
422 * This blacklist is used to force %wpa_supplicant to go through all available
423 * BSSes before retrying to associate with an BSS that rejected or timed out
424 * association. It does not prevent the listed BSS from being used; it only
425 * changes the order in which they are tried.
427 int wpa_blacklist_add(struct wpa_supplicant *wpa_s, const u8 *bssid)
429 struct wpa_blacklist *e;
431 e = wpa_blacklist_get(wpa_s, bssid);
434 wpa_printf(MSG_DEBUG, "BSSID " MACSTR " blacklist count "
436 MAC2STR(bssid), e->count);
440 e = malloc(sizeof(*e));
443 memset(e, 0, sizeof(*e));
444 memcpy(e->bssid, bssid, ETH_ALEN);
446 e->next = wpa_s->blacklist;
447 wpa_s->blacklist = e;
448 wpa_printf(MSG_DEBUG, "Added BSSID " MACSTR " into blacklist",
455 static int wpa_blacklist_del(struct wpa_supplicant *wpa_s, const u8 *bssid)
457 struct wpa_blacklist *e, *prev = NULL;
459 e = wpa_s->blacklist;
461 if (memcmp(e->bssid, bssid, ETH_ALEN) == 0) {
463 wpa_s->blacklist = e->next;
465 prev->next = e->next;
467 wpa_printf(MSG_DEBUG, "Removed BSSID " MACSTR " from "
468 "blacklist", MAC2STR(bssid));
480 * wpa_blacklist_clear - Clear the blacklist of all entries
481 * @wpa_s: Pointer to wpa_supplicant data
483 void wpa_blacklist_clear(struct wpa_supplicant *wpa_s)
485 struct wpa_blacklist *e, *prev;
487 e = wpa_s->blacklist;
488 wpa_s->blacklist = NULL;
492 wpa_printf(MSG_DEBUG, "Removed BSSID " MACSTR " from "
493 "blacklist (clear)", MAC2STR(prev->bssid));
500 * wpa_ssid_txt - Convert SSID to a printable string
501 * @ssid: SSID (32-octet string)
502 * @ssid_len: Length of ssid in octets
503 * Returns: Pointer to a printable string
505 * This function can be used to convert SSIDs into printable form. In most
506 * cases, SSIDs do not use unprintable characters, but IEEE 802.11 standard
507 * does not limit the used character set, so anything could be used in an SSID.
509 * This function uses a static buffer, so only one call can be used at the
510 * time, i.e., this is not re-entrant and the returned buffer must be used
511 * before calling this again.
513 const char * wpa_ssid_txt(u8 *ssid, size_t ssid_len)
515 static char ssid_txt[MAX_SSID_LEN + 1];
518 if (ssid_len > MAX_SSID_LEN)
519 ssid_len = MAX_SSID_LEN;
520 memcpy(ssid_txt, ssid, ssid_len);
521 ssid_txt[ssid_len] = '\0';
522 for (pos = ssid_txt; *pos != '\0'; pos++) {
523 if ((u8) *pos < 32 || (u8) *pos >= 127)
531 * wpa_supplicant_req_scan - Schedule a scan for neighboring access points
532 * @wpa_s: Pointer to wpa_supplicant data
533 * @sec: Number of seconds after which to scan
534 * @usec: Number of microseconds after which to scan
536 * This function is used to schedule a scan for neighboring access points after
537 * the specified time.
539 void wpa_supplicant_req_scan(struct wpa_supplicant *wpa_s, int sec, int usec)
541 wpa_msg(wpa_s, MSG_DEBUG, "Setting scan request: %d sec %d usec",
543 eloop_cancel_timeout(wpa_supplicant_scan, wpa_s, NULL);
544 eloop_register_timeout(sec, usec, wpa_supplicant_scan, wpa_s, NULL);
549 * wpa_supplicant_cancel_scan - Cancel a scheduled scan request
550 * @wpa_s: Pointer to wpa_supplicant data
552 * This function is used to cancel a scan request scheduled with
553 * wpa_supplicant_req_scan().
555 void wpa_supplicant_cancel_scan(struct wpa_supplicant *wpa_s)
557 wpa_msg(wpa_s, MSG_DEBUG, "Cancelling scan request");
558 eloop_cancel_timeout(wpa_supplicant_scan, wpa_s, NULL);
562 static void wpa_supplicant_timeout(void *eloop_ctx, void *timeout_ctx)
564 struct wpa_supplicant *wpa_s = eloop_ctx;
565 wpa_msg(wpa_s, MSG_INFO, "Authentication with " MACSTR " timed out.",
566 MAC2STR(wpa_s->bssid));
567 wpa_blacklist_add(wpa_s, wpa_s->bssid);
568 wpa_sm_notify_disassoc(wpa_s->wpa);
569 wpa_supplicant_disassociate(wpa_s, REASON_DEAUTH_LEAVING);
570 wpa_s->reassociate = 1;
571 wpa_supplicant_req_scan(wpa_s, 0, 0);
576 * wpa_supplicant_req_auth_timeout - Schedule a timeout for authentication
577 * @wpa_s: Pointer to wpa_supplicant data
578 * @sec: Number of seconds after which to time out authentication
579 * @usec: Number of microseconds after which to time out authentication
581 * This function is used to schedule a timeout for the current authentication
584 void wpa_supplicant_req_auth_timeout(struct wpa_supplicant *wpa_s,
587 if (wpa_s->conf && wpa_s->conf->ap_scan == 0 &&
588 wpa_s->driver && strcmp(wpa_s->driver->name, "wired") == 0)
591 wpa_msg(wpa_s, MSG_DEBUG, "Setting authentication timeout: %d sec "
592 "%d usec", sec, usec);
593 eloop_cancel_timeout(wpa_supplicant_timeout, wpa_s, NULL);
594 eloop_register_timeout(sec, usec, wpa_supplicant_timeout, wpa_s, NULL);
599 * wpa_supplicant_cancel_auth_timeout - Cancel authentication timeout
600 * @wpa_s: Pointer to wpa_supplicant data
602 * This function is used to cancel authentication timeout scheduled with
603 * wpa_supplicant_req_auth_timeout() and it is called when authentication has
606 void wpa_supplicant_cancel_auth_timeout(struct wpa_supplicant *wpa_s)
608 wpa_msg(wpa_s, MSG_DEBUG, "Cancelling authentication timeout");
609 eloop_cancel_timeout(wpa_supplicant_timeout, wpa_s, NULL);
610 wpa_blacklist_del(wpa_s, wpa_s->bssid);
615 * wpa_supplicant_initiate_eapol - Configure EAPOL state machine
616 * @wpa_s: Pointer to wpa_supplicant data
618 * This function is used to configure EAPOL state machine based on the selected
619 * authentication mode.
621 void wpa_supplicant_initiate_eapol(struct wpa_supplicant *wpa_s)
623 struct eapol_config eapol_conf;
624 struct wpa_ssid *ssid = wpa_s->current_ssid;
626 if (wpa_s->key_mgmt == WPA_KEY_MGMT_PSK) {
627 eapol_sm_notify_eap_success(wpa_s->eapol, FALSE);
628 eapol_sm_notify_eap_fail(wpa_s->eapol, FALSE);
630 if (wpa_s->key_mgmt == WPA_KEY_MGMT_NONE ||
631 wpa_s->key_mgmt == WPA_KEY_MGMT_WPA_NONE)
632 eapol_sm_notify_portControl(wpa_s->eapol, ForceAuthorized);
634 eapol_sm_notify_portControl(wpa_s->eapol, Auto);
636 memset(&eapol_conf, 0, sizeof(eapol_conf));
637 if (wpa_s->key_mgmt == WPA_KEY_MGMT_IEEE8021X_NO_WPA) {
638 eapol_conf.accept_802_1x_keys = 1;
639 eapol_conf.required_keys = 0;
640 if (ssid->eapol_flags & EAPOL_FLAG_REQUIRE_KEY_UNICAST) {
641 eapol_conf.required_keys |= EAPOL_REQUIRE_KEY_UNICAST;
643 if (ssid->eapol_flags & EAPOL_FLAG_REQUIRE_KEY_BROADCAST) {
644 eapol_conf.required_keys |=
645 EAPOL_REQUIRE_KEY_BROADCAST;
648 if (wpa_s->conf && wpa_s->driver &&
649 strcmp(wpa_s->driver->name, "wired") == 0) {
650 eapol_conf.required_keys = 0;
653 eapol_conf.fast_reauth = wpa_s->conf->fast_reauth;
654 eapol_conf.workaround = ssid->eap_workaround;
655 eapol_conf.eap_disabled = wpa_s->key_mgmt != WPA_KEY_MGMT_IEEE8021X &&
656 wpa_s->key_mgmt != WPA_KEY_MGMT_IEEE8021X_NO_WPA;
657 eapol_sm_notify_config(wpa_s->eapol, ssid, &eapol_conf);
662 * wpa_supplicant_set_non_wpa_policy - Set WPA parameters to non-WPA mode
663 * @wpa_s: Pointer to wpa_supplicant data
664 * @ssid: Configuration data for the network
666 * This function is used to configure WPA state machine and related parameters
667 * to a mode where WPA is not enabled. This is called as part of the
668 * authentication configuration when the selected network does not use WPA.
670 void wpa_supplicant_set_non_wpa_policy(struct wpa_supplicant *wpa_s,
671 struct wpa_ssid *ssid)
675 if (ssid->key_mgmt & WPA_KEY_MGMT_IEEE8021X_NO_WPA)
676 wpa_s->key_mgmt = WPA_KEY_MGMT_IEEE8021X_NO_WPA;
678 wpa_s->key_mgmt = WPA_KEY_MGMT_NONE;
679 wpa_sm_set_ap_wpa_ie(wpa_s->wpa, NULL, 0);
680 wpa_sm_set_ap_rsn_ie(wpa_s->wpa, NULL, 0);
681 wpa_sm_set_assoc_wpa_ie(wpa_s->wpa, NULL, 0);
682 wpa_s->pairwise_cipher = WPA_CIPHER_NONE;
683 wpa_s->group_cipher = WPA_CIPHER_NONE;
685 for (i = 0; i < NUM_WEP_KEYS; i++) {
686 if (ssid->wep_key_len[i] > 5) {
687 wpa_s->pairwise_cipher = WPA_CIPHER_WEP104;
688 wpa_s->group_cipher = WPA_CIPHER_WEP104;
690 } else if (ssid->wep_key_len[i] > 0) {
691 wpa_s->pairwise_cipher = WPA_CIPHER_WEP40;
692 wpa_s->group_cipher = WPA_CIPHER_WEP40;
697 wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_KEY_MGMT, wpa_s->key_mgmt);
698 wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_PAIRWISE,
699 wpa_s->pairwise_cipher);
700 wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_GROUP, wpa_s->group_cipher);
702 pmksa_cache_clear_current(wpa_s->wpa);
706 static void wpa_supplicant_cleanup(struct wpa_supplicant *wpa_s)
708 scard_deinit(wpa_s->scard);
710 wpa_sm_set_scard_ctx(wpa_s->wpa, NULL);
711 eapol_sm_register_scard_ctx(wpa_s->eapol, NULL);
712 l2_packet_deinit(wpa_s->l2);
715 wpa_supplicant_ctrl_iface_deinit(wpa_s);
716 if (wpa_s->conf != NULL) {
717 wpa_config_free(wpa_s->conf);
721 free(wpa_s->confname);
722 wpa_s->confname = NULL;
724 wpa_sm_set_eapol(wpa_s->wpa, NULL);
725 eapol_sm_deinit(wpa_s->eapol);
728 rsn_preauth_deinit(wpa_s->wpa);
730 pmksa_candidate_free(wpa_s->wpa);
731 pmksa_cache_free(wpa_s->wpa);
732 wpa_sm_deinit(wpa_s->wpa);
734 wpa_blacklist_clear(wpa_s);
736 free(wpa_s->scan_results);
737 wpa_s->scan_results = NULL;
738 wpa_s->num_scan_results = 0;
740 wpa_supplicant_cancel_scan(wpa_s);
745 * wpa_clear_keys - Clear keys configured for the driver
746 * @wpa_s: Pointer to wpa_supplicant data
747 * @addr: Previously used BSSID or %NULL if not available
749 * This function clears the encryption keys that has been previously configured
752 void wpa_clear_keys(struct wpa_supplicant *wpa_s, const u8 *addr)
754 u8 *bcast = (u8 *) "\xff\xff\xff\xff\xff\xff";
756 if (wpa_s->keys_cleared) {
757 /* Some drivers (e.g., ndiswrapper & NDIS drivers) seem to have
758 * timing issues with keys being cleared just before new keys
759 * are set or just after association or something similar. This
760 * shows up in group key handshake failing often because of the
761 * client not receiving the first encrypted packets correctly.
762 * Skipping some of the extra key clearing steps seems to help
763 * in completing group key handshake more reliably. */
764 wpa_printf(MSG_DEBUG, "No keys have been configured - "
765 "skip key clearing");
769 wpa_drv_set_key(wpa_s, WPA_ALG_NONE, bcast, 0, 0, NULL, 0, NULL, 0);
770 wpa_drv_set_key(wpa_s, WPA_ALG_NONE, bcast, 1, 0, NULL, 0, NULL, 0);
771 wpa_drv_set_key(wpa_s, WPA_ALG_NONE, bcast, 2, 0, NULL, 0, NULL, 0);
772 wpa_drv_set_key(wpa_s, WPA_ALG_NONE, bcast, 3, 0, NULL, 0, NULL, 0);
774 wpa_drv_set_key(wpa_s, WPA_ALG_NONE, addr, 0, 0, NULL, 0, NULL,
777 wpa_s->keys_cleared = 1;
782 * wpa_supplicant_state_txt - Get the connection state name as a text string
783 * @state: State (wpa_state; WPA_*)
784 * Returns: The state name as a printable text string
786 const char * wpa_supplicant_state_txt(int state)
789 case WPA_DISCONNECTED:
790 return "DISCONNECTED";
795 case WPA_ASSOCIATING:
796 return "ASSOCIATING";
799 case WPA_4WAY_HANDSHAKE:
800 return "4WAY_HANDSHAKE";
801 case WPA_GROUP_HANDSHAKE:
802 return "GROUP_HANDSHAKE";
812 * wpa_supplicant_set_state - Set current connection state
813 * @wpa_s: Pointer to wpa_supplicant data
814 * @state: The new connection state
816 * This function is called whenever the connection state changes, e.g.,
817 * association is completed for WPA/WPA2 4-Way Handshake is started.
819 void wpa_supplicant_set_state(struct wpa_supplicant *wpa_s, wpa_states state)
821 wpa_printf(MSG_DEBUG, "State: %s -> %s",
822 wpa_supplicant_state_txt(wpa_s->wpa_state),
823 wpa_supplicant_state_txt(state));
824 if (state == WPA_COMPLETED && wpa_s->new_connection) {
825 wpa_s->new_connection = 0;
826 wpa_msg(wpa_s, MSG_INFO, WPA_EVENT_CONNECTED "- Connection to "
827 MACSTR " completed %s",
828 MAC2STR(wpa_s->bssid), wpa_s->reassociated_connection ?
829 "(reauth)" : "(auth)");
830 wpa_s->reassociated_connection = 1;
831 } else if (state == WPA_DISCONNECTED || state == WPA_ASSOCIATING ||
832 state == WPA_ASSOCIATED) {
833 wpa_s->new_connection = 1;
835 wpa_s->wpa_state = state;
840 * wpa_supplicant_get_state - Get the connection state
841 * @wpa_s: Pointer to wpa_supplicant data
842 * Returns: The current connection state (WPA_*)
844 wpa_states wpa_supplicant_get_state(struct wpa_supplicant *wpa_s)
846 return wpa_s->wpa_state;
850 static void wpa_supplicant_terminate(int sig, void *eloop_ctx,
853 struct wpa_global *global = eloop_ctx;
854 struct wpa_supplicant *wpa_s;
855 for (wpa_s = global->ifaces; wpa_s; wpa_s = wpa_s->next) {
856 wpa_msg(wpa_s, MSG_INFO, WPA_EVENT_TERMINATING "- signal %d "
864 * wpa_supplicant_reload_configuration - Reload configuration data
865 * @wpa_s: Pointer to wpa_supplicant data
866 * Returns: 0 on success or -1 if configuration parsing failed
868 * This function can be used to request that the configuration data is reloaded
869 * (e.g., after configuration file change). This function is reloading
870 * configuration only for one interface, so this may need to be called multiple
871 * times if %wpa_supplicant is controlling multiple interfaces and all
872 * interfaces need reconfiguration.
874 int wpa_supplicant_reload_configuration(struct wpa_supplicant *wpa_s)
876 struct wpa_config *conf;
878 if (wpa_s->confname == NULL)
880 conf = wpa_config_read(wpa_s->confname);
882 wpa_msg(wpa_s, MSG_ERROR, "Failed to parse the configuration "
883 "file '%s' - exiting", wpa_s->confname);
887 reconf_ctrl = !!conf->ctrl_interface != !!wpa_s->conf->ctrl_interface
888 || (conf->ctrl_interface && wpa_s->conf->ctrl_interface &&
889 strcmp(conf->ctrl_interface, wpa_s->conf->ctrl_interface)
893 wpa_supplicant_ctrl_iface_deinit(wpa_s);
895 wpa_s->current_ssid = NULL;
897 * TODO: should notify EAPOL SM about changes in opensc_engine_path,
898 * pkcs11_engine_path, pkcs11_module_path.
900 eapol_sm_notify_config(wpa_s->eapol, NULL, NULL);
901 wpa_sm_set_config(wpa_s->wpa, NULL);
902 wpa_sm_set_fast_reauth(wpa_s->wpa, wpa_s->conf->fast_reauth);
903 pmksa_cache_notify_reconfig(wpa_s->wpa);
904 rsn_preauth_deinit(wpa_s->wpa);
905 wpa_config_free(wpa_s->conf);
908 wpa_supplicant_ctrl_iface_init(wpa_s);
909 wpa_s->reassociate = 1;
910 wpa_supplicant_req_scan(wpa_s, 0, 0);
911 wpa_msg(wpa_s, MSG_DEBUG, "Reconfiguration completed");
916 #ifndef CONFIG_NATIVE_WINDOWS
917 static void wpa_supplicant_reconfig(int sig, void *eloop_ctx,
920 struct wpa_global *global = eloop_ctx;
921 struct wpa_supplicant *wpa_s;
922 wpa_printf(MSG_DEBUG, "Signal %d received - reconfiguring", sig);
923 for (wpa_s = global->ifaces; wpa_s; wpa_s = wpa_s->next) {
924 if (wpa_supplicant_reload_configuration(wpa_s) < 0) {
929 #endif /* CONFIG_NATIVE_WINDOWS */
932 static void wpa_supplicant_gen_assoc_event(struct wpa_supplicant *wpa_s)
934 struct wpa_ssid *ssid;
935 union wpa_event_data data;
937 ssid = wpa_supplicant_get_ssid(wpa_s);
941 if (wpa_s->current_ssid == NULL)
942 wpa_s->current_ssid = ssid;
943 wpa_supplicant_initiate_eapol(wpa_s);
944 wpa_printf(MSG_DEBUG, "Already associated with a configured network - "
945 "generating associated event");
946 memset(&data, 0, sizeof(data));
947 wpa_supplicant_event(wpa_s, EVENT_ASSOC, &data);
951 static void wpa_supplicant_scan(void *eloop_ctx, void *timeout_ctx)
953 struct wpa_supplicant *wpa_s = eloop_ctx;
954 struct wpa_ssid *ssid;
955 int enabled, scan_req = 0;
957 if (wpa_s->disconnected)
961 ssid = wpa_s->conf->ssid;
963 if (!ssid->disabled) {
969 if (!enabled && !wpa_s->scan_req) {
970 wpa_printf(MSG_DEBUG, "No enabled networks - do not scan");
971 wpa_supplicant_set_state(wpa_s, WPA_INACTIVE);
974 scan_req = wpa_s->scan_req;
977 if (wpa_s->conf->ap_scan == 0) {
978 wpa_supplicant_gen_assoc_event(wpa_s);
982 if (wpa_s->wpa_state == WPA_DISCONNECTED ||
983 wpa_s->wpa_state == WPA_INACTIVE)
984 wpa_supplicant_set_state(wpa_s, WPA_SCANNING);
986 ssid = wpa_s->conf->ssid;
987 if (wpa_s->prev_scan_ssid != BROADCAST_SSID_SCAN) {
989 if (ssid == wpa_s->prev_scan_ssid) {
997 if (!ssid->disabled &&
998 (ssid->scan_ssid || wpa_s->conf->ap_scan == 2))
1003 if (scan_req != 2 && wpa_s->conf->ap_scan == 2) {
1005 * ap_scan=2 mode - try to associate with each SSID instead of
1006 * scanning for each scan_ssid=1 network.
1011 /* Continue from the next SSID on the next attempt. */
1012 wpa_s->prev_scan_ssid = ssid;
1014 /* Start from the beginning of the SSID list. */
1015 wpa_s->prev_scan_ssid = BROADCAST_SSID_SCAN;
1017 wpa_supplicant_associate(wpa_s, NULL, ssid);
1021 wpa_printf(MSG_DEBUG, "Starting AP scan (%s SSID)",
1022 ssid ? "specific": "broadcast");
1024 wpa_hexdump_ascii(MSG_DEBUG, "Scan SSID",
1025 ssid->ssid, ssid->ssid_len);
1026 wpa_s->prev_scan_ssid = ssid;
1028 wpa_s->prev_scan_ssid = BROADCAST_SSID_SCAN;
1030 if (wpa_drv_scan(wpa_s, ssid ? ssid->ssid : NULL,
1031 ssid ? ssid->ssid_len : 0)) {
1032 wpa_printf(MSG_WARNING, "Failed to initiate AP scan.");
1033 wpa_supplicant_req_scan(wpa_s, 10, 0);
1038 static wpa_cipher cipher_suite2driver(int cipher)
1041 case WPA_CIPHER_NONE:
1043 case WPA_CIPHER_WEP40:
1044 return CIPHER_WEP40;
1045 case WPA_CIPHER_WEP104:
1046 return CIPHER_WEP104;
1047 case WPA_CIPHER_CCMP:
1049 case WPA_CIPHER_TKIP:
1056 static wpa_key_mgmt key_mgmt2driver(int key_mgmt)
1059 case WPA_KEY_MGMT_NONE:
1060 return KEY_MGMT_NONE;
1061 case WPA_KEY_MGMT_IEEE8021X_NO_WPA:
1062 return KEY_MGMT_802_1X_NO_WPA;
1063 case WPA_KEY_MGMT_IEEE8021X:
1064 return KEY_MGMT_802_1X;
1065 case WPA_KEY_MGMT_WPA_NONE:
1066 return KEY_MGMT_WPA_NONE;
1067 case WPA_KEY_MGMT_PSK:
1069 return KEY_MGMT_PSK;
1074 static int wpa_supplicant_suites_from_ai(struct wpa_supplicant *wpa_s,
1075 struct wpa_ssid *ssid,
1076 struct wpa_ie_data *ie)
1078 int ret = wpa_sm_parse_own_wpa_ie(wpa_s->wpa, ie);
1081 wpa_msg(wpa_s, MSG_INFO, "WPA: Failed to parse WPA IE "
1082 "from association info");
1087 wpa_printf(MSG_DEBUG, "WPA: Using WPA IE from AssocReq to set cipher "
1089 if (!(ie->group_cipher & ssid->group_cipher)) {
1090 wpa_msg(wpa_s, MSG_INFO, "WPA: Driver used disabled group "
1091 "cipher 0x%x (mask 0x%x) - reject",
1092 ie->group_cipher, ssid->group_cipher);
1095 if (!(ie->pairwise_cipher & ssid->pairwise_cipher)) {
1096 wpa_msg(wpa_s, MSG_INFO, "WPA: Driver used disabled pairwise "
1097 "cipher 0x%x (mask 0x%x) - reject",
1098 ie->pairwise_cipher, ssid->pairwise_cipher);
1101 if (!(ie->key_mgmt & ssid->key_mgmt)) {
1102 wpa_msg(wpa_s, MSG_INFO, "WPA: Driver used disabled key "
1103 "management 0x%x (mask 0x%x) - reject",
1104 ie->key_mgmt, ssid->key_mgmt);
1113 * wpa_supplicant_set_suites - Set authentication and encryption parameters
1114 * @wpa_s: Pointer to wpa_supplicant data
1115 * @bss: Scan results for the selected BSS, or %NULL if not available
1116 * @ssid: Configuration data for the selected network
1117 * @wpa_ie: Buffer for the WPA/RSN IE
1118 * @wpa_ie_len: Maximum wpa_ie buffer size on input. This is changed to be the
1119 * used buffer length in case the functions returns success.
1120 * Returns: 0 on success or -1 on failure
1122 * This function is used to configure authentication and encryption parameters
1123 * based on the network configuration and scan result for the selected BSS (if
1126 int wpa_supplicant_set_suites(struct wpa_supplicant *wpa_s,
1127 struct wpa_scan_result *bss,
1128 struct wpa_ssid *ssid,
1129 u8 *wpa_ie, size_t *wpa_ie_len)
1131 struct wpa_ie_data ie;
1134 if (bss && bss->rsn_ie_len && (ssid->proto & WPA_PROTO_RSN) &&
1135 wpa_parse_wpa_ie(bss->rsn_ie, bss->rsn_ie_len, &ie) == 0 &&
1136 (ie.group_cipher & ssid->group_cipher) &&
1137 (ie.pairwise_cipher & ssid->pairwise_cipher) &&
1138 (ie.key_mgmt & ssid->key_mgmt)) {
1139 wpa_msg(wpa_s, MSG_DEBUG, "RSN: using IEEE 802.11i/D9.0");
1140 proto = WPA_PROTO_RSN;
1141 } else if (bss && bss->wpa_ie_len && (ssid->proto & WPA_PROTO_WPA) &&
1142 wpa_parse_wpa_ie(bss->wpa_ie, bss->wpa_ie_len, &ie) == 0 &&
1143 (ie.group_cipher & ssid->group_cipher) &&
1144 (ie.pairwise_cipher & ssid->pairwise_cipher) &&
1145 (ie.key_mgmt & ssid->key_mgmt)) {
1146 wpa_msg(wpa_s, MSG_DEBUG, "WPA: using IEEE 802.11i/D3.0");
1147 proto = WPA_PROTO_WPA;
1149 wpa_msg(wpa_s, MSG_WARNING, "WPA: Failed to select WPA/RSN");
1152 if (ssid->proto & WPA_PROTO_RSN)
1153 proto = WPA_PROTO_RSN;
1155 proto = WPA_PROTO_WPA;
1156 if (wpa_supplicant_suites_from_ai(wpa_s, ssid, &ie) < 0) {
1157 memset(&ie, 0, sizeof(ie));
1158 ie.group_cipher = ssid->group_cipher;
1159 ie.pairwise_cipher = ssid->pairwise_cipher;
1160 ie.key_mgmt = ssid->key_mgmt;
1161 wpa_printf(MSG_DEBUG, "WPA: Set cipher suites based "
1162 "on configuration");
1166 wpa_printf(MSG_DEBUG, "WPA: Selected cipher suites: group %d "
1167 "pairwise %d key_mgmt %d",
1168 ie.group_cipher, ie.pairwise_cipher, ie.key_mgmt);
1170 wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_PROTO, proto);
1172 if (wpa_sm_set_ap_wpa_ie(wpa_s->wpa, bss ? bss->wpa_ie : NULL,
1173 bss ? bss->wpa_ie_len : 0) ||
1174 wpa_sm_set_ap_rsn_ie(wpa_s->wpa, bss ? bss->rsn_ie : NULL,
1175 bss ? bss->rsn_ie_len : 0))
1178 sel = ie.group_cipher & ssid->group_cipher;
1179 if (sel & WPA_CIPHER_CCMP) {
1180 wpa_s->group_cipher = WPA_CIPHER_CCMP;
1181 wpa_msg(wpa_s, MSG_DEBUG, "WPA: using GTK CCMP");
1182 } else if (sel & WPA_CIPHER_TKIP) {
1183 wpa_s->group_cipher = WPA_CIPHER_TKIP;
1184 wpa_msg(wpa_s, MSG_DEBUG, "WPA: using GTK TKIP");
1185 } else if (sel & WPA_CIPHER_WEP104) {
1186 wpa_s->group_cipher = WPA_CIPHER_WEP104;
1187 wpa_msg(wpa_s, MSG_DEBUG, "WPA: using GTK WEP104");
1188 } else if (sel & WPA_CIPHER_WEP40) {
1189 wpa_s->group_cipher = WPA_CIPHER_WEP40;
1190 wpa_msg(wpa_s, MSG_DEBUG, "WPA: using GTK WEP40");
1192 wpa_printf(MSG_WARNING, "WPA: Failed to select group cipher.");
1196 sel = ie.pairwise_cipher & ssid->pairwise_cipher;
1197 if (sel & WPA_CIPHER_CCMP) {
1198 wpa_s->pairwise_cipher = WPA_CIPHER_CCMP;
1199 wpa_msg(wpa_s, MSG_DEBUG, "WPA: using PTK CCMP");
1200 } else if (sel & WPA_CIPHER_TKIP) {
1201 wpa_s->pairwise_cipher = WPA_CIPHER_TKIP;
1202 wpa_msg(wpa_s, MSG_DEBUG, "WPA: using PTK TKIP");
1203 } else if (sel & WPA_CIPHER_NONE) {
1204 wpa_s->pairwise_cipher = WPA_CIPHER_NONE;
1205 wpa_msg(wpa_s, MSG_DEBUG, "WPA: using PTK NONE");
1207 wpa_printf(MSG_WARNING, "WPA: Failed to select pairwise "
1212 sel = ie.key_mgmt & ssid->key_mgmt;
1213 if (sel & WPA_KEY_MGMT_IEEE8021X) {
1214 wpa_s->key_mgmt = WPA_KEY_MGMT_IEEE8021X;
1215 wpa_msg(wpa_s, MSG_DEBUG, "WPA: using KEY_MGMT 802.1X");
1216 } else if (sel & WPA_KEY_MGMT_PSK) {
1217 wpa_s->key_mgmt = WPA_KEY_MGMT_PSK;
1218 wpa_msg(wpa_s, MSG_DEBUG, "WPA: using KEY_MGMT WPA-PSK");
1219 } else if (sel & WPA_KEY_MGMT_WPA_NONE) {
1220 wpa_s->key_mgmt = WPA_KEY_MGMT_WPA_NONE;
1221 wpa_msg(wpa_s, MSG_DEBUG, "WPA: using KEY_MGMT WPA-NONE");
1223 wpa_printf(MSG_WARNING, "WPA: Failed to select authenticated "
1224 "key management type.");
1228 wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_KEY_MGMT, wpa_s->key_mgmt);
1229 wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_PAIRWISE,
1230 wpa_s->pairwise_cipher);
1231 wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_GROUP, wpa_s->group_cipher);
1233 if (wpa_sm_set_assoc_wpa_ie_default(wpa_s->wpa, wpa_ie, wpa_ie_len)) {
1234 wpa_printf(MSG_WARNING, "WPA: Failed to generate WPA IE.");
1238 if (ssid->key_mgmt & WPA_KEY_MGMT_PSK)
1239 wpa_sm_set_pmk(wpa_s->wpa, ssid->psk, PMK_LEN);
1241 wpa_sm_set_pmk_from_pmksa(wpa_s->wpa);
1248 * wpa_supplicant_associate - Request association
1249 * @wpa_s: Pointer to wpa_supplicant data
1250 * @bss: Scan results for the selected BSS, or %NULL if not available
1251 * @ssid: Configuration data for the selected network
1253 * This function is used to request %wpa_supplicant to associate with a BSS.
1255 void wpa_supplicant_associate(struct wpa_supplicant *wpa_s,
1256 struct wpa_scan_result *bss,
1257 struct wpa_ssid *ssid)
1262 int algs = AUTH_ALG_OPEN_SYSTEM;
1263 int cipher_pairwise, cipher_group;
1264 struct wpa_driver_associate_params params;
1265 int wep_keys_set = 0;
1266 struct wpa_driver_capa capa;
1267 int assoc_failed = 0;
1269 wpa_s->reassociate = 0;
1271 wpa_msg(wpa_s, MSG_INFO, "Trying to associate with " MACSTR
1272 " (SSID='%s' freq=%d MHz)", MAC2STR(bss->bssid),
1273 wpa_ssid_txt(bss->ssid, bss->ssid_len), bss->freq);
1274 memset(wpa_s->bssid, 0, ETH_ALEN);
1276 wpa_msg(wpa_s, MSG_INFO, "Trying to associate with SSID '%s'",
1277 wpa_ssid_txt(ssid->ssid, ssid->ssid_len));
1279 wpa_supplicant_cancel_scan(wpa_s);
1281 /* Starting new association, so clear the possibly used WPA IE from the
1282 * previous association. */
1283 wpa_sm_set_assoc_wpa_ie(wpa_s->wpa, NULL, 0);
1285 if (ssid->key_mgmt & WPA_KEY_MGMT_IEEE8021X_NO_WPA) {
1287 if (ssid->non_leap == 0)
1288 algs = AUTH_ALG_LEAP;
1290 algs |= AUTH_ALG_LEAP;
1293 wpa_printf(MSG_DEBUG, "Automatic auth_alg selection: 0x%x", algs);
1294 if (ssid->auth_alg) {
1296 if (ssid->auth_alg & WPA_AUTH_ALG_OPEN)
1297 algs |= AUTH_ALG_OPEN_SYSTEM;
1298 if (ssid->auth_alg & WPA_AUTH_ALG_SHARED)
1299 algs |= AUTH_ALG_SHARED_KEY;
1300 if (ssid->auth_alg & WPA_AUTH_ALG_LEAP)
1301 algs |= AUTH_ALG_LEAP;
1302 wpa_printf(MSG_DEBUG, "Overriding auth_alg selection: 0x%x",
1305 wpa_drv_set_auth_alg(wpa_s, algs);
1307 if (bss && (bss->wpa_ie_len || bss->rsn_ie_len) &&
1308 (ssid->key_mgmt & (WPA_KEY_MGMT_IEEE8021X | WPA_KEY_MGMT_PSK))) {
1309 int try_opportunistic;
1310 try_opportunistic = ssid->proactive_key_caching &&
1311 (ssid->proto & WPA_PROTO_RSN);
1312 if (pmksa_cache_set_current(wpa_s->wpa, NULL, bss->bssid,
1313 wpa_s->current_ssid,
1314 try_opportunistic) == 0)
1315 eapol_sm_notify_pmkid_attempt(wpa_s->eapol, 1);
1316 wpa_ie_len = sizeof(wpa_ie);
1317 if (wpa_supplicant_set_suites(wpa_s, bss, ssid,
1318 wpa_ie, &wpa_ie_len)) {
1319 wpa_printf(MSG_WARNING, "WPA: Failed to set WPA key "
1320 "management and encryption suites");
1323 } else if (ssid->key_mgmt &
1324 (WPA_KEY_MGMT_PSK | WPA_KEY_MGMT_IEEE8021X |
1325 WPA_KEY_MGMT_WPA_NONE)) {
1326 wpa_ie_len = sizeof(wpa_ie);
1327 if (wpa_supplicant_set_suites(wpa_s, NULL, ssid,
1328 wpa_ie, &wpa_ie_len)) {
1329 wpa_printf(MSG_WARNING, "WPA: Failed to set WPA key "
1330 "management and encryption suites (no scan "
1335 wpa_supplicant_set_non_wpa_policy(wpa_s, ssid);
1339 wpa_clear_keys(wpa_s, bss ? bss->bssid : NULL);
1341 cipher_pairwise = cipher_suite2driver(wpa_s->pairwise_cipher);
1342 cipher_group = cipher_suite2driver(wpa_s->group_cipher);
1343 if (wpa_s->key_mgmt == WPA_KEY_MGMT_NONE ||
1344 wpa_s->key_mgmt == WPA_KEY_MGMT_IEEE8021X_NO_WPA) {
1346 if (wpa_s->key_mgmt == WPA_KEY_MGMT_NONE)
1348 for (i = 0; i < NUM_WEP_KEYS; i++) {
1349 if (ssid->wep_key_len[i]) {
1352 wpa_set_wep_key(wpa_s,
1353 i == ssid->wep_tx_keyidx,
1354 i, ssid->wep_key[i],
1355 ssid->wep_key_len[i]);
1360 if (wpa_s->key_mgmt == WPA_KEY_MGMT_IEEE8021X_NO_WPA) {
1361 if ((ssid->eapol_flags &
1362 (EAPOL_FLAG_REQUIRE_KEY_UNICAST |
1363 EAPOL_FLAG_REQUIRE_KEY_BROADCAST)) == 0 &&
1367 /* Assume that dynamic WEP-104 keys will be used and
1368 * set cipher suites in order for drivers to expect
1370 cipher_pairwise = cipher_group = CIPHER_WEP104;
1374 if (wpa_s->key_mgmt == WPA_KEY_MGMT_WPA_NONE) {
1375 /* Set the key before (and later after) association */
1376 wpa_supplicant_set_wpa_none_key(wpa_s, ssid);
1379 wpa_drv_set_drop_unencrypted(wpa_s, use_crypt);
1380 wpa_supplicant_set_state(wpa_s, WPA_ASSOCIATING);
1381 memset(¶ms, 0, sizeof(params));
1383 params.bssid = bss->bssid;
1384 params.ssid = bss->ssid;
1385 params.ssid_len = bss->ssid_len;
1386 params.freq = bss->freq;
1388 params.ssid = ssid->ssid;
1389 params.ssid_len = ssid->ssid_len;
1391 params.wpa_ie = wpa_ie;
1392 params.wpa_ie_len = wpa_ie_len;
1393 params.pairwise_suite = cipher_pairwise;
1394 params.group_suite = cipher_group;
1395 params.key_mgmt_suite = key_mgmt2driver(wpa_s->key_mgmt);
1396 params.auth_alg = algs;
1397 params.mode = ssid->mode;
1398 if (wpa_drv_associate(wpa_s, ¶ms) < 0) {
1399 wpa_msg(wpa_s, MSG_INFO, "Association request to the driver "
1401 /* try to continue anyway; new association will be tried again
1406 if (wpa_s->key_mgmt == WPA_KEY_MGMT_WPA_NONE) {
1407 /* Set the key after the association just in case association
1408 * cleared the previously configured key. */
1409 wpa_supplicant_set_wpa_none_key(wpa_s, ssid);
1410 /* No need to timeout authentication since there is no key
1412 wpa_supplicant_cancel_auth_timeout(wpa_s);
1413 wpa_supplicant_set_state(wpa_s, WPA_COMPLETED);
1415 /* Timeout for IEEE 802.11 authentication and association */
1419 else if (wpa_s->conf->ap_scan == 1)
1423 wpa_supplicant_req_auth_timeout(wpa_s, timeout, 0);
1426 if (wep_keys_set && wpa_drv_get_capa(wpa_s, &capa) == 0 &&
1427 capa.flags & WPA_DRIVER_FLAGS_SET_KEYS_AFTER_ASSOC) {
1428 /* Set static WEP keys again */
1430 for (i = 0; i < NUM_WEP_KEYS; i++) {
1431 if (ssid->wep_key_len[i]) {
1432 wpa_set_wep_key(wpa_s,
1433 i == ssid->wep_tx_keyidx,
1434 i, ssid->wep_key[i],
1435 ssid->wep_key_len[i]);
1440 wpa_s->current_ssid = ssid;
1441 wpa_sm_set_config(wpa_s->wpa, wpa_s->current_ssid);
1442 wpa_supplicant_initiate_eapol(wpa_s);
1447 * wpa_supplicant_disassociate - Disassociate the current connection
1448 * @wpa_s: Pointer to wpa_supplicant data
1449 * @reason_code: IEEE 802.11 reason code for the disassociate frame
1451 * This function is used to request %wpa_supplicant to disassociate with the
1454 void wpa_supplicant_disassociate(struct wpa_supplicant *wpa_s,
1458 wpa_supplicant_set_state(wpa_s, WPA_DISCONNECTED);
1459 if (memcmp(wpa_s->bssid, "\x00\x00\x00\x00\x00\x00", ETH_ALEN) != 0) {
1460 wpa_drv_disassociate(wpa_s, wpa_s->bssid, reason_code);
1461 addr = wpa_s->bssid;
1463 wpa_clear_keys(wpa_s, addr);
1464 wpa_s->current_ssid = NULL;
1465 wpa_sm_set_config(wpa_s->wpa, NULL);
1466 eapol_sm_notify_config(wpa_s->eapol, NULL, NULL);
1467 eapol_sm_notify_portEnabled(wpa_s->eapol, FALSE);
1468 eapol_sm_notify_portValid(wpa_s->eapol, FALSE);
1473 * wpa_supplicant_deauthenticate - Deauthenticate the current connection
1474 * @wpa_s: Pointer to wpa_supplicant data
1475 * @reason_code: IEEE 802.11 reason code for the deauthenticate frame
1477 * This function is used to request %wpa_supplicant to disassociate with the
1480 void wpa_supplicant_deauthenticate(struct wpa_supplicant *wpa_s,
1484 wpa_supplicant_set_state(wpa_s, WPA_DISCONNECTED);
1485 if (memcmp(wpa_s->bssid, "\x00\x00\x00\x00\x00\x00", ETH_ALEN) != 0) {
1486 wpa_drv_deauthenticate(wpa_s, wpa_s->bssid, reason_code);
1487 addr = wpa_s->bssid;
1489 wpa_clear_keys(wpa_s, addr);
1490 wpa_s->current_ssid = NULL;
1491 wpa_sm_set_config(wpa_s->wpa, NULL);
1492 eapol_sm_notify_config(wpa_s->eapol, NULL, NULL);
1493 eapol_sm_notify_portEnabled(wpa_s->eapol, FALSE);
1494 eapol_sm_notify_portValid(wpa_s->eapol, FALSE);
1499 * wpa_supplicant_get_scan_results - Get scan results
1500 * @wpa_s: Pointer to wpa_supplicant data
1501 * Returns: 0 on success, -1 on failure
1503 * This function is request the current scan results from the driver and stores
1504 * a local copy of the results in wpa_s->scan_results.
1506 int wpa_supplicant_get_scan_results(struct wpa_supplicant *wpa_s)
1508 #define SCAN_AP_LIMIT 128
1509 struct wpa_scan_result *results, *tmp;
1512 results = malloc(SCAN_AP_LIMIT * sizeof(struct wpa_scan_result));
1513 if (results == NULL) {
1514 wpa_printf(MSG_WARNING, "Failed to allocate memory for scan "
1519 num = wpa_drv_get_scan_results(wpa_s, results, SCAN_AP_LIMIT);
1520 wpa_printf(MSG_DEBUG, "Scan results: %d", num);
1522 wpa_printf(MSG_DEBUG, "Failed to get scan results");
1526 if (num > SCAN_AP_LIMIT) {
1527 wpa_printf(MSG_INFO, "Not enough room for all APs (%d < %d)",
1528 num, SCAN_AP_LIMIT);
1529 num = SCAN_AP_LIMIT;
1532 /* Free unneeded memory for unused scan result entries */
1533 tmp = realloc(results, num * sizeof(struct wpa_scan_result));
1534 if (tmp || num == 0) {
1538 free(wpa_s->scan_results);
1539 wpa_s->scan_results = results;
1540 wpa_s->num_scan_results = num;
1546 #ifndef CONFIG_NO_WPA
1547 static int wpa_get_beacon_ie(struct wpa_supplicant *wpa_s)
1550 struct wpa_scan_result *results, *curr = NULL;
1552 results = wpa_s->scan_results;
1553 if (results == NULL) {
1557 for (i = 0; i < wpa_s->num_scan_results; i++) {
1558 if (memcmp(results[i].bssid, wpa_s->bssid, ETH_ALEN) == 0) {
1565 if (wpa_sm_set_ap_wpa_ie(wpa_s->wpa, curr->wpa_ie,
1566 curr->wpa_ie_len) ||
1567 wpa_sm_set_ap_rsn_ie(wpa_s->wpa, curr->rsn_ie,
1578 static int wpa_supplicant_get_beacon_ie(void *ctx)
1580 struct wpa_supplicant *wpa_s = ctx;
1581 if (wpa_get_beacon_ie(wpa_s) == 0) {
1585 /* No WPA/RSN IE found in the cached scan results. Try to get updated
1586 * scan results from the driver. */
1587 if (wpa_supplicant_get_scan_results(wpa_s) < 0) {
1591 return wpa_get_beacon_ie(wpa_s);
1593 #endif /* CONFIG_NO_WPA */
1597 * wpa_supplicant_get_ssid - Get a pointer to the current network structure
1598 * @wpa_s: Pointer to wpa_supplicant data
1599 * Returns: A pointer to the current network structure or %NULL on failure
1601 struct wpa_ssid * wpa_supplicant_get_ssid(struct wpa_supplicant *wpa_s)
1603 struct wpa_ssid *entry;
1604 u8 ssid[MAX_SSID_LEN];
1608 ssid_len = wpa_drv_get_ssid(wpa_s, ssid);
1610 wpa_printf(MSG_WARNING, "Could not read SSID from driver.");
1614 if (wpa_drv_get_bssid(wpa_s, bssid) < 0) {
1615 wpa_printf(MSG_WARNING, "Could not read BSSID from driver.");
1619 entry = wpa_s->conf->ssid;
1621 if (!entry->disabled &&
1622 ssid_len == entry->ssid_len &&
1623 memcmp(ssid, entry->ssid, ssid_len) == 0 &&
1624 (!entry->bssid_set ||
1625 memcmp(bssid, entry->bssid, ETH_ALEN) == 0))
1627 entry = entry->next;
1634 #ifndef CONFIG_NO_WPA
1635 static u8 * _wpa_alloc_eapol(void *wpa_s, u8 type,
1636 const void *data, u16 data_len,
1637 size_t *msg_len, void **data_pos)
1639 return wpa_alloc_eapol(wpa_s, type, data, data_len, msg_len, data_pos);
1643 static int _wpa_ether_send(void *wpa_s, const u8 *dest, u16 proto,
1644 const u8 *buf, size_t len)
1646 return wpa_ether_send(wpa_s, dest, proto, buf, len);
1650 static void _wpa_supplicant_req_scan(void *wpa_s, int sec, int usec)
1652 wpa_supplicant_req_scan(wpa_s, sec, usec);
1656 static void _wpa_supplicant_cancel_auth_timeout(void *wpa_s)
1658 wpa_supplicant_cancel_auth_timeout(wpa_s);
1662 static void _wpa_supplicant_set_state(void *wpa_s, wpa_states state)
1664 wpa_supplicant_set_state(wpa_s, state);
1668 static wpa_states _wpa_supplicant_get_state(void *wpa_s)
1670 return wpa_supplicant_get_state(wpa_s);
1674 static void _wpa_supplicant_disassociate(void *wpa_s, int reason_code)
1676 wpa_supplicant_disassociate(wpa_s, reason_code);
1680 static void _wpa_supplicant_deauthenticate(void *wpa_s, int reason_code)
1682 wpa_supplicant_deauthenticate(wpa_s, reason_code);
1686 static struct wpa_ssid * _wpa_supplicant_get_ssid(void *wpa_s)
1688 return wpa_supplicant_get_ssid(wpa_s);
1692 static int wpa_supplicant_get_bssid(void *wpa_s, u8 *bssid)
1694 return wpa_drv_get_bssid(wpa_s, bssid);
1698 static int wpa_supplicant_set_key(void *wpa_s, wpa_alg alg,
1699 const u8 *addr, int key_idx, int set_tx,
1700 const u8 *seq, size_t seq_len,
1701 const u8 *key, size_t key_len)
1703 return wpa_drv_set_key(wpa_s, alg, addr, key_idx, set_tx, seq, seq_len,
1708 static int wpa_supplicant_add_pmkid(void *wpa_s,
1709 const u8 *bssid, const u8 *pmkid)
1711 return wpa_drv_add_pmkid(wpa_s, bssid, pmkid);
1715 static int wpa_supplicant_remove_pmkid(void *wpa_s,
1716 const u8 *bssid, const u8 *pmkid)
1718 return wpa_drv_remove_pmkid(wpa_s, bssid, pmkid);
1720 #endif /* CONFIG_NO_WPA */
1723 static int wpa_supplicant_set_driver(struct wpa_supplicant *wpa_s,
1731 if (wpa_supplicant_drivers[0] == NULL) {
1732 wpa_printf(MSG_ERROR, "No driver interfaces build into "
1738 /* default to first driver in the list */
1739 wpa_s->driver = wpa_supplicant_drivers[0];
1743 for (i = 0; wpa_supplicant_drivers[i]; i++) {
1744 if (strcmp(name, wpa_supplicant_drivers[i]->name) == 0) {
1745 wpa_s->driver = wpa_supplicant_drivers[i];
1750 printf("Unsupported driver '%s'.\n", name);
1755 void wpa_supplicant_rx_eapol(void *ctx, const u8 *src_addr,
1756 const u8 *buf, size_t len)
1758 struct wpa_supplicant *wpa_s = ctx;
1760 wpa_printf(MSG_DEBUG, "RX EAPOL from " MACSTR, MAC2STR(src_addr));
1761 wpa_hexdump(MSG_MSGDUMP, "RX EAPOL", buf, len);
1763 if (wpa_s->key_mgmt == WPA_KEY_MGMT_NONE) {
1764 wpa_printf(MSG_DEBUG, "Ignored received EAPOL frame since "
1765 "no key management is configured");
1769 if (wpa_s->eapol_received == 0) {
1770 /* Timeout for completing IEEE 802.1X and WPA authentication */
1771 wpa_supplicant_req_auth_timeout(
1773 (wpa_s->key_mgmt == WPA_KEY_MGMT_IEEE8021X ||
1774 wpa_s->key_mgmt == WPA_KEY_MGMT_IEEE8021X_NO_WPA) ?
1777 wpa_s->eapol_received++;
1779 if (wpa_s->countermeasures) {
1780 wpa_printf(MSG_INFO, "WPA: Countermeasures - dropped EAPOL "
1785 /* Source address of the incoming EAPOL frame could be compared to the
1786 * current BSSID. However, it is possible that a centralized
1787 * Authenticator could be using another MAC address than the BSSID of
1788 * an AP, so just allow any address to be used for now. The replies are
1789 * still sent to the current BSSID (if available), though. */
1791 memcpy(wpa_s->last_eapol_src, src_addr, ETH_ALEN);
1792 if (wpa_s->key_mgmt != WPA_KEY_MGMT_PSK &&
1793 eapol_sm_rx_eapol(wpa_s->eapol, src_addr, buf, len) > 0)
1795 wpa_drv_poll(wpa_s);
1796 wpa_sm_rx_eapol(wpa_s->wpa, src_addr, buf, len);
1801 * wpa_supplicant_driver_init - Initialize driver interface parameters
1802 * @wpa_s: Pointer to wpa_supplicant data
1803 * @wait_for_interface: 0 = do not wait for the interface (reports a failure if
1804 * the interface is not present), 1 = wait until the interface is available
1805 * Returns: 0 on success, -1 on failure
1807 * This function is called to initialize driver interface parameters.
1808 * wpa_drv_init() must have been called before this function to initialize the
1811 int wpa_supplicant_driver_init(struct wpa_supplicant *wpa_s,
1812 int wait_for_interface)
1814 static int interface_count = 0;
1817 if (wpa_s->driver->send_eapol) {
1818 const u8 *addr = wpa_drv_get_mac_addr(wpa_s);
1820 memcpy(wpa_s->own_addr, addr, ETH_ALEN);
1823 wpa_s->l2 = l2_packet_init(wpa_s->ifname,
1824 wpa_drv_get_mac_addr(wpa_s),
1826 wpa_supplicant_rx_eapol, wpa_s, 0);
1829 else if (!wait_for_interface)
1831 printf("Waiting for interface..\n");
1835 if (wpa_s->l2 && l2_packet_get_own_addr(wpa_s->l2, wpa_s->own_addr)) {
1836 fprintf(stderr, "Failed to get own L2 address\n");
1840 wpa_printf(MSG_DEBUG, "Own MAC address: " MACSTR,
1841 MAC2STR(wpa_s->own_addr));
1843 /* Backwards compatibility call to set_wpa() handler. This is called
1844 * only just after init and just before deinit, so these handler can be
1845 * used to implement same functionality. */
1846 if (wpa_drv_set_wpa(wpa_s, 1) < 0) {
1847 struct wpa_driver_capa capa;
1848 if (wpa_drv_get_capa(wpa_s, &capa) < 0 ||
1849 !(capa.flags & (WPA_DRIVER_CAPA_KEY_MGMT_WPA |
1850 WPA_DRIVER_CAPA_KEY_MGMT_WPA2))) {
1851 wpa_printf(MSG_DEBUG, "Driver does not support WPA.");
1852 /* Continue to allow non-WPA modes to be used. */
1854 fprintf(stderr, "Failed to enable WPA in the "
1860 wpa_clear_keys(wpa_s, NULL);
1862 /* Make sure that TKIP countermeasures are not left enabled (could
1863 * happen if wpa_supplicant is killed during countermeasures. */
1864 wpa_drv_set_countermeasures(wpa_s, 0);
1866 wpa_drv_set_drop_unencrypted(wpa_s, 1);
1868 wpa_s->prev_scan_ssid = BROADCAST_SSID_SCAN;
1869 wpa_supplicant_req_scan(wpa_s, interface_count, 100000);
1876 static int wpa_supplicant_daemon(const char *pid_file)
1878 wpa_printf(MSG_DEBUG, "Daemonize..");
1885 FILE *f = fopen(pid_file, "w");
1887 fprintf(f, "%u\n", getpid());
1896 static struct wpa_supplicant * wpa_supplicant_alloc(void)
1898 struct wpa_supplicant *wpa_s;
1900 wpa_s = malloc(sizeof(*wpa_s));
1903 memset(wpa_s, 0, sizeof(*wpa_s));
1904 wpa_s->ctrl_sock = -1;
1905 wpa_s->scan_req = 1;
1911 static int wpa_supplicant_init_iface(struct wpa_supplicant *wpa_s,
1912 struct wpa_interface *iface)
1914 wpa_printf(MSG_DEBUG, "Initializing interface '%s' conf '%s' driver "
1915 "'%s' ctrl_interface '%s'", iface->ifname,
1916 iface->confname ? iface->confname : "N/A",
1917 iface->driver ? iface->driver : "default",
1918 iface->ctrl_interface ? iface->ctrl_interface : "N/A");
1920 if (wpa_supplicant_set_driver(wpa_s, iface->driver) < 0) {
1924 if (iface->confname) {
1925 #ifdef CONFIG_BACKEND_FILE
1926 wpa_s->confname = rel2abs_path(iface->confname);
1927 if (wpa_s->confname == NULL) {
1928 wpa_printf(MSG_ERROR, "Failed to get absolute path "
1929 "for configuration file '%s'.",
1933 wpa_printf(MSG_DEBUG, "Configuration file '%s' -> '%s'",
1934 iface->confname, wpa_s->confname);
1935 #else /* CONFIG_BACKEND_FILE */
1936 wpa_s->confname = strdup(iface->confname);
1937 #endif /* CONFIG_BACKEND_FILE */
1938 wpa_s->conf = wpa_config_read(wpa_s->confname);
1939 if (wpa_s->conf == NULL) {
1940 printf("Failed to read read or parse configuration "
1941 "'%s'.\n", wpa_s->confname);
1946 * Override ctrl_interface and driver_param if set on command
1949 if (iface->ctrl_interface) {
1950 free(wpa_s->conf->ctrl_interface);
1951 wpa_s->conf->ctrl_interface =
1952 strdup(iface->ctrl_interface);
1955 if (iface->driver_param) {
1956 free(wpa_s->conf->driver_param);
1957 wpa_s->conf->driver_param =
1958 strdup(iface->driver_param);
1961 wpa_s->conf = wpa_config_alloc_empty(iface->ctrl_interface,
1962 iface->driver_param);
1964 if (wpa_s->conf == NULL) {
1965 printf("\nNo configuration found.\n");
1969 if (iface->ifname == NULL) {
1970 printf("\nInterface name is required.\n");
1973 if (strlen(iface->ifname) >= sizeof(wpa_s->ifname)) {
1974 printf("Too long interface name '%s'.\n", iface->ifname);
1977 strncpy(wpa_s->ifname, iface->ifname, sizeof(wpa_s->ifname));
1983 static int wpa_supplicant_init_eapol(struct wpa_supplicant *wpa_s)
1985 #ifdef IEEE8021X_EAPOL
1986 struct eapol_ctx *ctx;
1987 ctx = malloc(sizeof(*ctx));
1989 printf("Failed to allocate EAPOL context.\n");
1993 memset(ctx, 0, sizeof(*ctx));
1995 ctx->msg_ctx = wpa_s;
1996 ctx->eapol_send_ctx = wpa_s;
1998 ctx->eapol_done_cb = wpa_supplicant_notify_eapol_done;
1999 ctx->eapol_send = wpa_supplicant_eapol_send;
2000 ctx->set_wep_key = wpa_eapol_set_wep_key;
2001 ctx->set_config_blob = wpa_supplicant_set_config_blob;
2002 ctx->get_config_blob = wpa_supplicant_get_config_blob;
2003 ctx->aborted_cached = wpa_supplicant_aborted_cached;
2004 ctx->opensc_engine_path = wpa_s->conf->opensc_engine_path;
2005 ctx->pkcs11_engine_path = wpa_s->conf->pkcs11_engine_path;
2006 ctx->pkcs11_module_path = wpa_s->conf->pkcs11_module_path;
2007 wpa_s->eapol = eapol_sm_init(ctx);
2008 if (wpa_s->eapol == NULL) {
2010 printf("Failed to initialize EAPOL state machines.\n");
2013 #endif /* IEEE8021X_EAPOL */
2019 static int wpa_supplicant_init_wpa(struct wpa_supplicant *wpa_s)
2021 #ifndef CONFIG_NO_WPA
2022 struct wpa_sm_ctx *ctx;
2023 ctx = malloc(sizeof(*ctx));
2025 printf("Failed to allocate WPA context.\n");
2029 memset(ctx, 0, sizeof(*ctx));
2031 ctx->set_state = _wpa_supplicant_set_state;
2032 ctx->get_state = _wpa_supplicant_get_state;
2033 ctx->req_scan = _wpa_supplicant_req_scan;
2034 ctx->deauthenticate = _wpa_supplicant_deauthenticate;
2035 ctx->disassociate = _wpa_supplicant_disassociate;
2036 ctx->set_key = wpa_supplicant_set_key;
2037 ctx->scan = wpa_supplicant_scan;
2038 ctx->get_ssid = _wpa_supplicant_get_ssid;
2039 ctx->get_bssid = wpa_supplicant_get_bssid;
2040 ctx->ether_send = _wpa_ether_send;
2041 ctx->get_beacon_ie = wpa_supplicant_get_beacon_ie;
2042 ctx->alloc_eapol = _wpa_alloc_eapol;
2043 ctx->cancel_auth_timeout = _wpa_supplicant_cancel_auth_timeout;
2044 ctx->add_pmkid = wpa_supplicant_add_pmkid;
2045 ctx->remove_pmkid = wpa_supplicant_remove_pmkid;
2046 ctx->set_config_blob = wpa_supplicant_set_config_blob;
2047 ctx->get_config_blob = wpa_supplicant_get_config_blob;
2049 wpa_s->wpa = wpa_sm_init(ctx);
2050 if (wpa_s->wpa == NULL) {
2051 fprintf(stderr, "Failed to initialize WPA state machine\n");
2054 #endif /* CONFIG_NO_WPA */
2060 static int wpa_supplicant_init_iface2(struct wpa_supplicant *wpa_s,
2061 int wait_for_interface)
2065 wpa_printf(MSG_DEBUG, "Initializing interface (2) '%s'",
2068 if (wpa_supplicant_init_eapol(wpa_s) < 0)
2071 /* RSNA Supplicant Key Management - INITIALIZE */
2072 eapol_sm_notify_portEnabled(wpa_s->eapol, FALSE);
2073 eapol_sm_notify_portValid(wpa_s->eapol, FALSE);
2075 /* Initialize driver interface and register driver event handler before
2076 * L2 receive handler so that association events are processed before
2077 * EAPOL-Key packets if both become available for the same select()
2079 wpa_s->drv_priv = wpa_drv_init(wpa_s, wpa_s->ifname);
2080 if (wpa_s->drv_priv == NULL) {
2081 fprintf(stderr, "Failed to initialize driver interface\n");
2084 if (wpa_drv_set_param(wpa_s, wpa_s->conf->driver_param) < 0) {
2085 fprintf(stderr, "Driver interface rejected driver_param "
2086 "'%s'\n", wpa_s->conf->driver_param);
2090 ifname = wpa_drv_get_ifname(wpa_s);
2091 if (ifname && strcmp(ifname, wpa_s->ifname) != 0) {
2092 wpa_printf(MSG_DEBUG, "Driver interface replaced interface "
2093 "name with '%s'", ifname);
2094 strncpy(wpa_s->ifname, ifname, sizeof(wpa_s->ifname));
2097 if (wpa_supplicant_init_wpa(wpa_s) < 0)
2100 wpa_sm_set_ifname(wpa_s->wpa, wpa_s->ifname);
2101 wpa_sm_set_fast_reauth(wpa_s->wpa, wpa_s->conf->fast_reauth);
2102 wpa_sm_set_eapol(wpa_s->wpa, wpa_s->eapol);
2104 if (wpa_s->conf->dot11RSNAConfigPMKLifetime &&
2105 wpa_sm_set_param(wpa_s->wpa, RSNA_PMK_LIFETIME,
2106 wpa_s->conf->dot11RSNAConfigPMKLifetime)) {
2107 fprintf(stderr, "Invalid WPA parameter value for "
2108 "dot11RSNAConfigPMKLifetime\n");
2112 if (wpa_s->conf->dot11RSNAConfigPMKReauthThreshold &&
2113 wpa_sm_set_param(wpa_s->wpa, RSNA_PMK_REAUTH_THRESHOLD,
2114 wpa_s->conf->dot11RSNAConfigPMKReauthThreshold)) {
2115 fprintf(stderr, "Invalid WPA parameter value for "
2116 "dot11RSNAConfigPMKReauthThreshold\n");
2120 if (wpa_s->conf->dot11RSNAConfigSATimeout &&
2121 wpa_sm_set_param(wpa_s->wpa, RSNA_SA_TIMEOUT,
2122 wpa_s->conf->dot11RSNAConfigSATimeout)) {
2123 fprintf(stderr, "Invalid WPA parameter value for "
2124 "dot11RSNAConfigSATimeout\n");
2128 if (wpa_supplicant_driver_init(wpa_s, wait_for_interface) < 0) {
2131 wpa_sm_set_own_addr(wpa_s->wpa, wpa_s->own_addr);
2133 if (wpa_supplicant_ctrl_iface_init(wpa_s)) {
2134 printf("Failed to initialize control interface '%s'.\n"
2135 "You may have another wpa_supplicant process already "
2136 "running or the file was\n"
2137 "left by an unclean termination of wpa_supplicant in "
2138 "which case you will need\n"
2139 "to manually remove this file before starting "
2140 "wpa_supplicant again.\n",
2141 wpa_s->conf->ctrl_interface);
2149 static void wpa_supplicant_deinit_iface(struct wpa_supplicant *wpa_s)
2151 if (wpa_s->drv_priv) {
2152 wpa_supplicant_deauthenticate(wpa_s, REASON_DEAUTH_LEAVING);
2154 /* Backwards compatibility call to set_wpa() handler. This is
2155 * called only just after init and just before deinit, so these
2156 * handler can be used to implement same functionality. */
2157 if (wpa_drv_set_wpa(wpa_s, 0) < 0) {
2158 fprintf(stderr, "Failed to disable WPA in the "
2162 wpa_drv_set_drop_unencrypted(wpa_s, 0);
2163 wpa_drv_set_countermeasures(wpa_s, 0);
2164 wpa_clear_keys(wpa_s, NULL);
2166 wpa_drv_deinit(wpa_s);
2168 wpa_supplicant_cleanup(wpa_s);
2173 * wpa_supplicant_add_iface - Add a new network interface
2174 * @global: Pointer to global data from wpa_supplicant_init()
2175 * @iface: Interface configuration options
2176 * Returns: Pointer to the created interface or %NULL on failure
2178 * This function is used to add new network interfaces for %wpa_supplicant.
2179 * This can be called before wpa_supplicant_run() to add interfaces before the
2180 * main event loop has been started. In addition, new interfaces can be added
2181 * dynamically while %wpa_supplicant is already running. This could happen,
2182 * e.g., when a hotplug network adapter is inserted.
2184 struct wpa_supplicant * wpa_supplicant_add_iface(struct wpa_global *global,
2185 struct wpa_interface *iface)
2187 struct wpa_supplicant *wpa_s;
2189 if (global == NULL || iface == NULL)
2192 wpa_s = wpa_supplicant_alloc();
2196 if (wpa_supplicant_init_iface(wpa_s, iface) ||
2197 wpa_supplicant_init_iface2(wpa_s,
2198 global->params.wait_for_interface)) {
2199 wpa_printf(MSG_DEBUG, "Failed to add interface %s",
2201 wpa_supplicant_deinit_iface(wpa_s);
2206 wpa_s->global = global;
2207 wpa_s->next = global->ifaces;
2208 global->ifaces = wpa_s;
2210 wpa_printf(MSG_DEBUG, "Added interface %s", wpa_s->ifname);
2217 * wpa_supplicant_remove_iface - Remove a network interface
2218 * @global: Pointer to global data from wpa_supplicant_init()
2219 * @wpa_s: Pointer to the network interface to be removed
2220 * Returns: 0 if interface was removed, -1 if interface was not found
2222 * This function can be used to dynamically remove network interfaces from
2223 * %wpa_supplicant, e.g., when a hotplug network adapter is ejected. In
2224 * addition, this function is used to remove all remaining interdaces when
2225 * %wpa_supplicant is terminated.
2227 int wpa_supplicant_remove_iface(struct wpa_global *global,
2228 struct wpa_supplicant *wpa_s)
2230 struct wpa_supplicant *prev;
2232 /* Remove interface from the global list of interfaces */
2233 prev = global->ifaces;
2234 if (prev == wpa_s) {
2235 global->ifaces = wpa_s->next;
2237 while (prev && prev->next != wpa_s)
2241 prev->next = wpa_s->next;
2244 wpa_printf(MSG_DEBUG, "Removing interface %s", wpa_s->ifname);
2246 wpa_supplicant_deinit_iface(wpa_s);
2254 * wpa_supplicant_get_iface - Get a new network interface
2255 * @global: Pointer to global data from wpa_supplicant_init()
2256 * @ifname: Interface name
2257 * Returns: Pointer to the interface or %NULL if not found
2259 struct wpa_supplicant * wpa_supplicant_get_iface(struct wpa_global *global,
2262 struct wpa_supplicant *wpa_s;
2264 for (wpa_s = global->ifaces; wpa_s; wpa_s = wpa_s->next) {
2265 if (strcmp(wpa_s->ifname, ifname) == 0)
2273 * wpa_supplicant_init - Initialize %wpa_supplicant
2274 * @params: Parameters for %wpa_supplicant
2275 * Returns: Pointer to global %wpa_supplicant data, or %NULL on failure
2277 * This function is used to initialize %wpa_supplicant. After successful
2278 * initialization, the returned data pointer can be used to add and remove
2279 * network interfaces, and eventually, to deinitialize %wpa_supplicant.
2281 struct wpa_global * wpa_supplicant_init(struct wpa_params *params)
2283 struct wpa_global *global;
2287 global = malloc(sizeof(*global));
2290 memset(global, 0, sizeof(*global));
2291 global->params.daemonize = params->daemonize;
2292 global->params.wait_for_interface = params->wait_for_interface;
2293 global->params.wait_for_monitor = params->wait_for_monitor;
2294 if (params->pid_file)
2295 global->params.pid_file = strdup(params->pid_file);
2296 if (params->ctrl_interface)
2297 global->params.ctrl_interface = strdup(params->ctrl_interface);
2298 wpa_debug_level = global->params.wpa_debug_level =
2299 params->wpa_debug_level;
2300 wpa_debug_show_keys = global->params.wpa_debug_show_keys =
2301 params->wpa_debug_show_keys;
2302 wpa_debug_timestamp = global->params.wpa_debug_timestamp =
2303 params->wpa_debug_timestamp;
2307 if (wpa_supplicant_global_ctrl_iface_init(global)) {
2308 wpa_supplicant_deinit(global);
2312 if (global->params.wait_for_interface && global->params.daemonize &&
2313 wpa_supplicant_daemon(global->params.pid_file)) {
2314 wpa_supplicant_deinit(global);
2323 * wpa_supplicant_run - Run the %wpa_supplicant main event loop
2324 * @global: Pointer to global data from wpa_supplicant_init()
2325 * Returns: 0 after successful event loop run, -1 on failure
2327 * This function starts the main event loop and continues running as long as
2328 * there are any remaining events. In most cases, this function is running as
2329 * long as the %wpa_supplicant process in still in use.
2331 int wpa_supplicant_run(struct wpa_global *global)
2333 struct wpa_supplicant *wpa_s;
2335 if (!global->params.wait_for_interface && global->params.daemonize &&
2336 wpa_supplicant_daemon(global->params.pid_file))
2339 if (global->params.wait_for_monitor) {
2340 for (wpa_s = global->ifaces; wpa_s; wpa_s = wpa_s->next)
2341 wpa_supplicant_ctrl_iface_wait(wpa_s);
2344 eloop_register_signal(SIGINT, wpa_supplicant_terminate, NULL);
2345 eloop_register_signal(SIGTERM, wpa_supplicant_terminate, NULL);
2346 #ifndef CONFIG_NATIVE_WINDOWS
2347 eloop_register_signal(SIGHUP, wpa_supplicant_reconfig, NULL);
2348 #endif /* CONFIG_NATIVE_WINDOWS */
2357 * wpa_supplicant_deinit - Deinitialize %wpa_supplicant
2358 * @global: Pointer to global data from wpa_supplicant_init()
2360 * This function is called to deinitialize %wpa_supplicant and to free all
2361 * allocated resources. Remaining network interfaces will also be removed.
2363 void wpa_supplicant_deinit(struct wpa_global *global)
2368 while (global->ifaces)
2369 wpa_supplicant_remove_iface(global, global->ifaces);
2371 wpa_supplicant_global_ctrl_iface_deinit(global);
2375 if (global->params.pid_file) {
2376 unlink(global->params.pid_file);
2377 free(global->params.pid_file);
2379 free(global->params.ctrl_interface);