Context Navigation

source: rtems-libbsd/freebsd/contrib/wpa/wpa_supplicant/wpa_supplicant.c @ 8f2267b

55-freebsd-126-freebsd-12

Last change on this file since 8f2267b was 9c9d11b, checked in by Sichen Zhao <1473996754@…>, on 08/01/17 at 12:43:41
Import wpa from FreeBSD
Property mode set to `100644`
File size: 161.1 KB

Line
1	#include <machine/rtems-bsd-user-space.h>
2
3	/*
4	* WPA Supplicant
5	* Copyright (c) 2003-2015, Jouni Malinen <j@w1.fi>
6	*
7	* This software may be distributed under the terms of the BSD license.
8	* See README for more details.
9	*
10	* This file implements functions for registering and unregistering
11	* %wpa_supplicant interfaces. In addition, this file contains number of
12	* functions for managing network connections.
13	*/
14
15	#include "includes.h"
16
17	#include "common.h"
18	#include "crypto/random.h"
19	#include "crypto/sha1.h"
20	#include "eapol_supp/eapol_supp_sm.h"
21	#include "eap_peer/eap.h"
22	#include "eap_peer/eap_proxy.h"
23	#include "eap_server/eap_methods.h"
24	#include "rsn_supp/wpa.h"
25	#include "eloop.h"
26	#include "config.h"
27	#include "utils/ext_password.h"
28	#include "l2_packet/l2_packet.h"
29	#include "wpa_supplicant_i.h"
30	#include "driver_i.h"
31	#include "ctrl_iface.h"
32	#include "pcsc_funcs.h"
33	#include "common/version.h"
34	#include "rsn_supp/preauth.h"
35	#include "rsn_supp/pmksa_cache.h"
36	#include "common/wpa_ctrl.h"
37	#include "common/ieee802_11_defs.h"
38	#include "common/hw_features_common.h"
39	#include "p2p/p2p.h"
40	#include "fst/fst.h"
41	#include "blacklist.h"
42	#include "wpas_glue.h"
43	#include "wps_supplicant.h"
44	#include "ibss_rsn.h"
45	#include "sme.h"
46	#include "gas_query.h"
47	#include "ap.h"
48	#include "p2p_supplicant.h"
49	#include "wifi_display.h"
50	#include "notify.h"
51	#include "bgscan.h"
52	#include "autoscan.h"
53	#include "bss.h"
54	#include "scan.h"
55	#include "offchannel.h"
56	#include "hs20_supplicant.h"
57	#include "wnm_sta.h"
58	#include "wpas_kay.h"
59	#include "mesh.h"
60
61	const char *const wpa_supplicant_version =
62	"wpa_supplicant v" VERSION_STR "\n"
63	"Copyright (c) 2003-2015, Jouni Malinen <j@w1.fi> and contributors";
64
65	const char *const wpa_supplicant_license =
66	"This software may be distributed under the terms of the BSD license.\n"
67	"See README for more details.\n"
68	#ifdef EAP_TLS_OPENSSL
69	"\nThis product includes software developed by the OpenSSL Project\n"
70	"for use in the OpenSSL Toolkit (http://www.openssl.org/)\n"
71	#endif /* EAP_TLS_OPENSSL */
72	;
73
74	#ifndef CONFIG_NO_STDOUT_DEBUG
75	/* Long text divided into parts in order to fit in C89 strings size limits. */
76	const char *const wpa_supplicant_full_license1 =
77	"";
78	const char *const wpa_supplicant_full_license2 =
79	"This software may be distributed under the terms of the BSD license.\n"
80	"\n"
81	"Redistribution and use in source and binary forms, with or without\n"
82	"modification, are permitted provided that the following conditions are\n"
83	"met:\n"
84	"\n";
85	const char *const wpa_supplicant_full_license3 =
86	"1. Redistributions of source code must retain the above copyright\n"
87	" notice, this list of conditions and the following disclaimer.\n"
88	"\n"
89	"2. Redistributions in binary form must reproduce the above copyright\n"
90	" notice, this list of conditions and the following disclaimer in the\n"
91	" documentation and/or other materials provided with the distribution.\n"
92	"\n";
93	const char *const wpa_supplicant_full_license4 =
94	"3. Neither the name(s) of the above-listed copyright holder(s) nor the\n"
95	" names of its contributors may be used to endorse or promote products\n"
96	" derived from this software without specific prior written permission.\n"
97	"\n"
98	"THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS\n"
99	"\"AS IS\" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT\n"
100	"LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR\n"
101	"A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT\n";
102	const char *const wpa_supplicant_full_license5 =
103	"OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,\n"
104	"SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT\n"
105	"LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,\n"
106	"DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY\n"
107	"THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT\n"
108	"(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE\n"
109	"OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n"
110	"\n";
111	#endif /* CONFIG_NO_STDOUT_DEBUG */
112
113	/* Configure default/group WEP keys for static WEP */
114	int wpa_set_wep_keys(struct wpa_supplicant wpa_s, struct wpa_ssid ssid)
115	{
116	int i, set = 0;
117
118	for (i = 0; i < NUM_WEP_KEYS; i++) {
119	if (ssid->wep_key_len[i] == 0)
120	continue;
121
122	set = 1;
123	wpa_drv_set_key(wpa_s, WPA_ALG_WEP, NULL,
124	i, i == ssid->wep_tx_keyidx, NULL, 0,
125	ssid->wep_key[i], ssid->wep_key_len[i]);
126	}
127
128	return set;
129	}
130
131
132	int wpa_supplicant_set_wpa_none_key(struct wpa_supplicant *wpa_s,
133	struct wpa_ssid *ssid)
134	{
135	u8 key[32];
136	size_t keylen;
137	enum wpa_alg alg;
138	u8 seq[6] = { 0 };
139	int ret;
140
141	/* IBSS/WPA-None uses only one key (Group) for both receiving and
142	* sending unicast and multicast packets. */
143
144	if (ssid->mode != WPAS_MODE_IBSS) {
145	wpa_msg(wpa_s, MSG_INFO, "WPA: Invalid mode %d (not "
146	"IBSS/ad-hoc) for WPA-None", ssid->mode);
147	return -1;
148	}
149
150	if (!ssid->psk_set) {
151	wpa_msg(wpa_s, MSG_INFO, "WPA: No PSK configured for "
152	"WPA-None");
153	return -1;
154	}
155
156	switch (wpa_s->group_cipher) {
157	case WPA_CIPHER_CCMP:
158	os_memcpy(key, ssid->psk, 16);
159	keylen = 16;
160	alg = WPA_ALG_CCMP;
161	break;
162	case WPA_CIPHER_GCMP:
163	os_memcpy(key, ssid->psk, 16);
164	keylen = 16;
165	alg = WPA_ALG_GCMP;
166	break;
167	case WPA_CIPHER_TKIP:
168	/* WPA-None uses the same Michael MIC key for both TX and RX */
169	os_memcpy(key, ssid->psk, 16 + 8);
170	os_memcpy(key + 16 + 8, ssid->psk + 16, 8);
171	keylen = 32;
172	alg = WPA_ALG_TKIP;
173	break;
174	default:
175	wpa_msg(wpa_s, MSG_INFO, "WPA: Invalid group cipher %d for "
176	"WPA-None", wpa_s->group_cipher);
177	return -1;
178	}
179
180	/* TODO: should actually remember the previously used seq#, both for TX
181	* and RX from each STA.. */
182
183	ret = wpa_drv_set_key(wpa_s, alg, NULL, 0, 1, seq, 6, key, keylen);
184	os_memset(key, 0, sizeof(key));
185	return ret;
186	}
187
188
189	static void wpa_supplicant_timeout(void eloop_ctx, void timeout_ctx)
190	{
191	struct wpa_supplicant *wpa_s = eloop_ctx;
192	const u8 *bssid = wpa_s->bssid;
193	if (is_zero_ether_addr(bssid))
194	bssid = wpa_s->pending_bssid;
195	wpa_msg(wpa_s, MSG_INFO, "Authentication with " MACSTR " timed out.",
196	MAC2STR(bssid));
197	wpa_blacklist_add(wpa_s, bssid);
198	wpa_sm_notify_disassoc(wpa_s->wpa);
199	wpa_supplicant_deauthenticate(wpa_s, WLAN_REASON_DEAUTH_LEAVING);
200	wpa_s->reassociate = 1;
201
202	/*
203	* If we timed out, the AP or the local radio may be busy.
204	* So, wait a second until scanning again.
205	*/
206	wpa_supplicant_req_scan(wpa_s, 1, 0);
207	}
208
209
210	/**
211	* wpa_supplicant_req_auth_timeout - Schedule a timeout for authentication
212	* @wpa_s: Pointer to wpa_supplicant data
213	* @sec: Number of seconds after which to time out authentication
214	* @usec: Number of microseconds after which to time out authentication
215	*
216	* This function is used to schedule a timeout for the current authentication
217	* attempt.
218	*/
219	void wpa_supplicant_req_auth_timeout(struct wpa_supplicant *wpa_s,
220	int sec, int usec)
221	{
222	if (wpa_s->conf->ap_scan == 0 &&
223	(wpa_s->drv_flags & WPA_DRIVER_FLAGS_WIRED))
224	return;
225
226	wpa_dbg(wpa_s, MSG_DEBUG, "Setting authentication timeout: %d sec "
227	"%d usec", sec, usec);
228	eloop_cancel_timeout(wpa_supplicant_timeout, wpa_s, NULL);
229	eloop_register_timeout(sec, usec, wpa_supplicant_timeout, wpa_s, NULL);
230	}
231
232
233	/**
234	* wpa_supplicant_cancel_auth_timeout - Cancel authentication timeout
235	* @wpa_s: Pointer to wpa_supplicant data
236	*
237	* This function is used to cancel authentication timeout scheduled with
238	* wpa_supplicant_req_auth_timeout() and it is called when authentication has
239	* been completed.
240	*/
241	void wpa_supplicant_cancel_auth_timeout(struct wpa_supplicant *wpa_s)
242	{
243	wpa_dbg(wpa_s, MSG_DEBUG, "Cancelling authentication timeout");
244	eloop_cancel_timeout(wpa_supplicant_timeout, wpa_s, NULL);
245	wpa_blacklist_del(wpa_s, wpa_s->bssid);
246	}
247
248
249	/**
250	* wpa_supplicant_initiate_eapol - Configure EAPOL state machine
251	* @wpa_s: Pointer to wpa_supplicant data
252	*
253	* This function is used to configure EAPOL state machine based on the selected
254	* authentication mode.
255	*/
256	void wpa_supplicant_initiate_eapol(struct wpa_supplicant *wpa_s)
257	{
258	#ifdef IEEE8021X_EAPOL
259	struct eapol_config eapol_conf;
260	struct wpa_ssid *ssid = wpa_s->current_ssid;
261
262	#ifdef CONFIG_IBSS_RSN
263	if (ssid->mode == WPAS_MODE_IBSS &&
264	wpa_s->key_mgmt != WPA_KEY_MGMT_NONE &&
265	wpa_s->key_mgmt != WPA_KEY_MGMT_WPA_NONE) {
266	/*
267	* RSN IBSS authentication is per-STA and we can disable the
268	* per-BSSID EAPOL authentication.
269	*/
270	eapol_sm_notify_portControl(wpa_s->eapol, ForceAuthorized);
271	eapol_sm_notify_eap_success(wpa_s->eapol, TRUE);
272	eapol_sm_notify_eap_fail(wpa_s->eapol, FALSE);
273	return;
274	}
275	#endif /* CONFIG_IBSS_RSN */
276
277	eapol_sm_notify_eap_success(wpa_s->eapol, FALSE);
278	eapol_sm_notify_eap_fail(wpa_s->eapol, FALSE);
279
280	if (wpa_s->key_mgmt == WPA_KEY_MGMT_NONE \|\|
281	wpa_s->key_mgmt == WPA_KEY_MGMT_WPA_NONE)
282	eapol_sm_notify_portControl(wpa_s->eapol, ForceAuthorized);
283	else
284	eapol_sm_notify_portControl(wpa_s->eapol, Auto);
285
286	os_memset(&eapol_conf, 0, sizeof(eapol_conf));
287	if (wpa_s->key_mgmt == WPA_KEY_MGMT_IEEE8021X_NO_WPA) {
288	eapol_conf.accept_802_1x_keys = 1;
289	eapol_conf.required_keys = 0;
290	if (ssid->eapol_flags & EAPOL_FLAG_REQUIRE_KEY_UNICAST) {
291	eapol_conf.required_keys \|= EAPOL_REQUIRE_KEY_UNICAST;
292	}
293	if (ssid->eapol_flags & EAPOL_FLAG_REQUIRE_KEY_BROADCAST) {
294	eapol_conf.required_keys \|=
295	EAPOL_REQUIRE_KEY_BROADCAST;
296	}
297
298	if (wpa_s->drv_flags & WPA_DRIVER_FLAGS_WIRED)
299	eapol_conf.required_keys = 0;
300	}
301	eapol_conf.fast_reauth = wpa_s->conf->fast_reauth;
302	eapol_conf.workaround = ssid->eap_workaround;
303	eapol_conf.eap_disabled =
304	!wpa_key_mgmt_wpa_ieee8021x(wpa_s->key_mgmt) &&
305	wpa_s->key_mgmt != WPA_KEY_MGMT_IEEE8021X_NO_WPA &&
306	wpa_s->key_mgmt != WPA_KEY_MGMT_WPS;
307	eapol_conf.external_sim = wpa_s->conf->external_sim;
308
309	#ifdef CONFIG_WPS
310	if (wpa_s->key_mgmt == WPA_KEY_MGMT_WPS) {
311	eapol_conf.wps \|= EAPOL_LOCAL_WPS_IN_USE;
312	if (wpa_s->current_bss) {
313	struct wpabuf *ie;
314	ie = wpa_bss_get_vendor_ie_multi(wpa_s->current_bss,
315	WPS_IE_VENDOR_TYPE);
316	if (ie) {
317	if (wps_is_20(ie))
318	eapol_conf.wps \|=
319	EAPOL_PEER_IS_WPS20_AP;
320	wpabuf_free(ie);
321	}
322	}
323	}
324	#endif /* CONFIG_WPS */
325
326	eapol_sm_notify_config(wpa_s->eapol, &ssid->eap, &eapol_conf);
327
328	ieee802_1x_alloc_kay_sm(wpa_s, ssid);
329	#endif /* IEEE8021X_EAPOL */
330	}
331
332
333	/**
334	* wpa_supplicant_set_non_wpa_policy - Set WPA parameters to non-WPA mode
335	* @wpa_s: Pointer to wpa_supplicant data
336	* @ssid: Configuration data for the network
337	*
338	* This function is used to configure WPA state machine and related parameters
339	* to a mode where WPA is not enabled. This is called as part of the
340	* authentication configuration when the selected network does not use WPA.
341	*/
342	void wpa_supplicant_set_non_wpa_policy(struct wpa_supplicant *wpa_s,
343	struct wpa_ssid *ssid)
344	{
345	int i;
346
347	if (ssid->key_mgmt & WPA_KEY_MGMT_WPS)
348	wpa_s->key_mgmt = WPA_KEY_MGMT_WPS;
349	else if (ssid->key_mgmt & WPA_KEY_MGMT_IEEE8021X_NO_WPA)
350	wpa_s->key_mgmt = WPA_KEY_MGMT_IEEE8021X_NO_WPA;
351	else
352	wpa_s->key_mgmt = WPA_KEY_MGMT_NONE;
353	wpa_sm_set_ap_wpa_ie(wpa_s->wpa, NULL, 0);
354	wpa_sm_set_ap_rsn_ie(wpa_s->wpa, NULL, 0);
355	wpa_sm_set_assoc_wpa_ie(wpa_s->wpa, NULL, 0);
356	wpa_s->pairwise_cipher = WPA_CIPHER_NONE;
357	wpa_s->group_cipher = WPA_CIPHER_NONE;
358	wpa_s->mgmt_group_cipher = 0;
359
360	for (i = 0; i < NUM_WEP_KEYS; i++) {
361	if (ssid->wep_key_len[i] > 5) {
362	wpa_s->pairwise_cipher = WPA_CIPHER_WEP104;
363	wpa_s->group_cipher = WPA_CIPHER_WEP104;
364	break;
365	} else if (ssid->wep_key_len[i] > 0) {
366	wpa_s->pairwise_cipher = WPA_CIPHER_WEP40;
367	wpa_s->group_cipher = WPA_CIPHER_WEP40;
368	break;
369	}
370	}
371
372	wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_RSN_ENABLED, 0);
373	wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_KEY_MGMT, wpa_s->key_mgmt);
374	wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_PAIRWISE,
375	wpa_s->pairwise_cipher);
376	wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_GROUP, wpa_s->group_cipher);
377	#ifdef CONFIG_IEEE80211W
378	wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_MGMT_GROUP,
379	wpa_s->mgmt_group_cipher);
380	#endif /* CONFIG_IEEE80211W */
381
382	pmksa_cache_clear_current(wpa_s->wpa);
383	}
384
385
386	void free_hw_features(struct wpa_supplicant *wpa_s)
387	{
388	int i;
389	if (wpa_s->hw.modes == NULL)
390	return;
391
392	for (i = 0; i < wpa_s->hw.num_modes; i++) {
393	os_free(wpa_s->hw.modes[i].channels);
394	os_free(wpa_s->hw.modes[i].rates);
395	}
396
397	os_free(wpa_s->hw.modes);
398	wpa_s->hw.modes = NULL;
399	}
400
401
402	static void wpa_supplicant_cleanup(struct wpa_supplicant *wpa_s)
403	{
404	int i;
405
406	bgscan_deinit(wpa_s);
407	autoscan_deinit(wpa_s);
408	scard_deinit(wpa_s->scard);
409	wpa_s->scard = NULL;
410	wpa_sm_set_scard_ctx(wpa_s->wpa, NULL);
411	eapol_sm_register_scard_ctx(wpa_s->eapol, NULL);
412	l2_packet_deinit(wpa_s->l2);
413	wpa_s->l2 = NULL;
414	if (wpa_s->l2_br) {
415	l2_packet_deinit(wpa_s->l2_br);
416	wpa_s->l2_br = NULL;
417	}
418	#ifdef CONFIG_TESTING_OPTIONS
419	l2_packet_deinit(wpa_s->l2_test);
420	wpa_s->l2_test = NULL;
421	#endif /* CONFIG_TESTING_OPTIONS */
422
423	if (wpa_s->conf != NULL) {
424	struct wpa_ssid *ssid;
425	for (ssid = wpa_s->conf->ssid; ssid; ssid = ssid->next)
426	wpas_notify_network_removed(wpa_s, ssid);
427	}
428
429	os_free(wpa_s->confname);
430	wpa_s->confname = NULL;
431
432	os_free(wpa_s->confanother);
433	wpa_s->confanother = NULL;
434
435	wpa_sm_set_eapol(wpa_s->wpa, NULL);
436	eapol_sm_deinit(wpa_s->eapol);
437	wpa_s->eapol = NULL;
438
439	rsn_preauth_deinit(wpa_s->wpa);
440
441	#ifdef CONFIG_TDLS
442	wpa_tdls_deinit(wpa_s->wpa);
443	#endif /* CONFIG_TDLS */
444
445	wmm_ac_clear_saved_tspecs(wpa_s);
446	pmksa_candidate_free(wpa_s->wpa);
447	wpa_sm_deinit(wpa_s->wpa);
448	wpa_s->wpa = NULL;
449	wpa_blacklist_clear(wpa_s);
450
451	wpa_bss_deinit(wpa_s);
452
453	wpa_supplicant_cancel_delayed_sched_scan(wpa_s);
454	wpa_supplicant_cancel_scan(wpa_s);
455	wpa_supplicant_cancel_auth_timeout(wpa_s);
456	eloop_cancel_timeout(wpa_supplicant_stop_countermeasures, wpa_s, NULL);
457	#ifdef CONFIG_DELAYED_MIC_ERROR_REPORT
458	eloop_cancel_timeout(wpa_supplicant_delayed_mic_error_report,
459	wpa_s, NULL);
460	#endif /* CONFIG_DELAYED_MIC_ERROR_REPORT */
461
462	eloop_cancel_timeout(wpas_network_reenabled, wpa_s, NULL);
463
464	wpas_wps_deinit(wpa_s);
465
466	wpabuf_free(wpa_s->pending_eapol_rx);
467	wpa_s->pending_eapol_rx = NULL;
468
469	#ifdef CONFIG_IBSS_RSN
470	ibss_rsn_deinit(wpa_s->ibss_rsn);
471	wpa_s->ibss_rsn = NULL;
472	#endif /* CONFIG_IBSS_RSN */
473
474	sme_deinit(wpa_s);
475
476	#ifdef CONFIG_AP
477	wpa_supplicant_ap_deinit(wpa_s);
478	#endif /* CONFIG_AP */
479
480	wpas_p2p_deinit(wpa_s);
481
482	#ifdef CONFIG_OFFCHANNEL
483	offchannel_deinit(wpa_s);
484	#endif /* CONFIG_OFFCHANNEL */
485
486	wpa_supplicant_cancel_sched_scan(wpa_s);
487
488	os_free(wpa_s->next_scan_freqs);
489	wpa_s->next_scan_freqs = NULL;
490
491	os_free(wpa_s->manual_scan_freqs);
492	wpa_s->manual_scan_freqs = NULL;
493
494	os_free(wpa_s->manual_sched_scan_freqs);
495	wpa_s->manual_sched_scan_freqs = NULL;
496
497	wpas_mac_addr_rand_scan_clear(wpa_s, MAC_ADDR_RAND_ALL);
498
499	/*
500	* Need to remove any pending gas-query radio work before the
501	* gas_query_deinit() call because gas_query::work has not yet been set
502	* for works that have not been started. gas_query_free() will be unable
503	* to cancel such pending radio works and once the pending gas-query
504	* radio work eventually gets removed, the deinit notification call to
505	* gas_query_start_cb() would result in dereferencing freed memory.
506	*/
507	if (wpa_s->radio)
508	radio_remove_works(wpa_s, "gas-query", 0);
509	gas_query_deinit(wpa_s->gas);
510	wpa_s->gas = NULL;
511
512	free_hw_features(wpa_s);
513
514	ieee802_1x_dealloc_kay_sm(wpa_s);
515
516	os_free(wpa_s->bssid_filter);
517	wpa_s->bssid_filter = NULL;
518
519	os_free(wpa_s->disallow_aps_bssid);
520	wpa_s->disallow_aps_bssid = NULL;
521	os_free(wpa_s->disallow_aps_ssid);
522	wpa_s->disallow_aps_ssid = NULL;
523
524	wnm_bss_keep_alive_deinit(wpa_s);
525	#ifdef CONFIG_WNM
526	wnm_deallocate_memory(wpa_s);
527	#endif /* CONFIG_WNM */
528
529	ext_password_deinit(wpa_s->ext_pw);
530	wpa_s->ext_pw = NULL;
531
532	wpabuf_free(wpa_s->last_gas_resp);
533	wpa_s->last_gas_resp = NULL;
534	wpabuf_free(wpa_s->prev_gas_resp);
535	wpa_s->prev_gas_resp = NULL;
536
537	os_free(wpa_s->last_scan_res);
538	wpa_s->last_scan_res = NULL;
539
540	#ifdef CONFIG_HS20
541	hs20_deinit(wpa_s);
542	#endif /* CONFIG_HS20 */
543
544	for (i = 0; i < NUM_VENDOR_ELEM_FRAMES; i++) {
545	wpabuf_free(wpa_s->vendor_elem[i]);
546	wpa_s->vendor_elem[i] = NULL;
547	}
548
549	wmm_ac_notify_disassoc(wpa_s);
550	}
551
552
553	/**
554	* wpa_clear_keys - Clear keys configured for the driver
555	* @wpa_s: Pointer to wpa_supplicant data
556	* @addr: Previously used BSSID or %NULL if not available
557	*
558	* This function clears the encryption keys that has been previously configured
559	* for the driver.
560	*/
561	void wpa_clear_keys(struct wpa_supplicant wpa_s, const u8 addr)
562	{
563	int i, max;
564
565	#ifdef CONFIG_IEEE80211W
566	max = 6;
567	#else /* CONFIG_IEEE80211W */
568	max = 4;
569	#endif /* CONFIG_IEEE80211W */
570
571	/* MLME-DELETEKEYS.request */
572	for (i = 0; i < max; i++) {
573	if (wpa_s->keys_cleared & BIT(i))
574	continue;
575	wpa_drv_set_key(wpa_s, WPA_ALG_NONE, NULL, i, 0, NULL, 0,
576	NULL, 0);
577	}
578	if (!(wpa_s->keys_cleared & BIT(0)) && addr &&
579	!is_zero_ether_addr(addr)) {
580	wpa_drv_set_key(wpa_s, WPA_ALG_NONE, addr, 0, 0, NULL, 0, NULL,
581	0);
582	/* MLME-SETPROTECTION.request(None) */
583	wpa_drv_mlme_setprotection(
584	wpa_s, addr,
585	MLME_SETPROTECTION_PROTECT_TYPE_NONE,
586	MLME_SETPROTECTION_KEY_TYPE_PAIRWISE);
587	}
588	wpa_s->keys_cleared = (u32) -1;
589	}
590
591
592	/**
593	* wpa_supplicant_state_txt - Get the connection state name as a text string
594	* @state: State (wpa_state; WPA_*)
595	* Returns: The state name as a printable text string
596	*/
597	const char * wpa_supplicant_state_txt(enum wpa_states state)
598	{
599	switch (state) {
600	case WPA_DISCONNECTED:
601	return "DISCONNECTED";
602	case WPA_INACTIVE:
603	return "INACTIVE";
604	case WPA_INTERFACE_DISABLED:
605	return "INTERFACE_DISABLED";
606	case WPA_SCANNING:
607	return "SCANNING";
608	case WPA_AUTHENTICATING:
609	return "AUTHENTICATING";
610	case WPA_ASSOCIATING:
611	return "ASSOCIATING";
612	case WPA_ASSOCIATED:
613	return "ASSOCIATED";
614	case WPA_4WAY_HANDSHAKE:
615	return "4WAY_HANDSHAKE";
616	case WPA_GROUP_HANDSHAKE:
617	return "GROUP_HANDSHAKE";
618	case WPA_COMPLETED:
619	return "COMPLETED";
620	default:
621	return "UNKNOWN";
622	}
623	}
624
625
626	#ifdef CONFIG_BGSCAN
627
628	static void wpa_supplicant_start_bgscan(struct wpa_supplicant *wpa_s)
629	{
630	const char *name;
631
632	if (wpa_s->current_ssid && wpa_s->current_ssid->bgscan)
633	name = wpa_s->current_ssid->bgscan;
634	else
635	name = wpa_s->conf->bgscan;
636	if (name == NULL \|\| name[0] == '\0')
637	return;
638	if (wpas_driver_bss_selection(wpa_s))
639	return;
640	if (wpa_s->current_ssid == wpa_s->bgscan_ssid)
641	return;
642	#ifdef CONFIG_P2P
643	if (wpa_s->p2p_group_interface != NOT_P2P_GROUP_INTERFACE)
644	return;
645	#endif /* CONFIG_P2P */
646
647	bgscan_deinit(wpa_s);
648	if (wpa_s->current_ssid) {
649	if (bgscan_init(wpa_s, wpa_s->current_ssid, name)) {
650	wpa_dbg(wpa_s, MSG_DEBUG, "Failed to initialize "
651	"bgscan");
652	/*
653	* Live without bgscan; it is only used as a roaming
654	* optimization, so the initial connection is not
655	* affected.
656	*/
657	} else {
658	struct wpa_scan_results *scan_res;
659	wpa_s->bgscan_ssid = wpa_s->current_ssid;
660	scan_res = wpa_supplicant_get_scan_results(wpa_s, NULL,
661	0);
662	if (scan_res) {
663	bgscan_notify_scan(wpa_s, scan_res);
664	wpa_scan_results_free(scan_res);
665	}
666	}
667	} else
668	wpa_s->bgscan_ssid = NULL;
669	}
670
671
672	static void wpa_supplicant_stop_bgscan(struct wpa_supplicant *wpa_s)
673	{
674	if (wpa_s->bgscan_ssid != NULL) {
675	bgscan_deinit(wpa_s);
676	wpa_s->bgscan_ssid = NULL;
677	}
678	}
679
680	#endif /* CONFIG_BGSCAN */
681
682
683	static void wpa_supplicant_start_autoscan(struct wpa_supplicant *wpa_s)
684	{
685	if (autoscan_init(wpa_s, 0))
686	wpa_dbg(wpa_s, MSG_DEBUG, "Failed to initialize autoscan");
687	}
688
689
690	static void wpa_supplicant_stop_autoscan(struct wpa_supplicant *wpa_s)
691	{
692	autoscan_deinit(wpa_s);
693	}
694
695
696	void wpa_supplicant_reinit_autoscan(struct wpa_supplicant *wpa_s)
697	{
698	if (wpa_s->wpa_state == WPA_DISCONNECTED \|\|
699	wpa_s->wpa_state == WPA_SCANNING) {
700	autoscan_deinit(wpa_s);
701	wpa_supplicant_start_autoscan(wpa_s);
702	}
703	}
704
705
706	/**
707	* wpa_supplicant_set_state - Set current connection state
708	* @wpa_s: Pointer to wpa_supplicant data
709	* @state: The new connection state
710	*
711	* This function is called whenever the connection state changes, e.g.,
712	* association is completed for WPA/WPA2 4-Way Handshake is started.
713	*/
714	void wpa_supplicant_set_state(struct wpa_supplicant *wpa_s,
715	enum wpa_states state)
716	{
717	enum wpa_states old_state = wpa_s->wpa_state;
718
719	wpa_dbg(wpa_s, MSG_DEBUG, "State: %s -> %s",
720	wpa_supplicant_state_txt(wpa_s->wpa_state),
721	wpa_supplicant_state_txt(state));
722
723	if (state == WPA_INTERFACE_DISABLED) {
724	/* Assure normal scan when interface is restored */
725	wpa_s->normal_scans = 0;
726	}
727
728	if (state == WPA_COMPLETED) {
729	wpas_connect_work_done(wpa_s);
730	/* Reinitialize normal_scan counter */
731	wpa_s->normal_scans = 0;
732	}
733
734	#ifdef CONFIG_P2P
735	/*
736	* P2PS client has to reply to Probe Request frames received on the
737	* group operating channel. Enable Probe Request frame reporting for
738	* P2P connected client in case p2p_cli_probe configuration property is
739	* set to 1.
740	*/
741	if (wpa_s->conf->p2p_cli_probe && wpa_s->current_ssid &&
742	wpa_s->current_ssid->mode == WPAS_MODE_INFRA &&
743	wpa_s->current_ssid->p2p_group) {
744	if (state == WPA_COMPLETED && !wpa_s->p2p_cli_probe) {
745	wpa_dbg(wpa_s, MSG_DEBUG,
746	"P2P: Enable CLI Probe Request RX reporting");
747	wpa_s->p2p_cli_probe =
748	wpa_drv_probe_req_report(wpa_s, 1) >= 0;
749	} else if (state != WPA_COMPLETED && wpa_s->p2p_cli_probe) {
750	wpa_dbg(wpa_s, MSG_DEBUG,
751	"P2P: Disable CLI Probe Request RX reporting");
752	wpa_s->p2p_cli_probe = 0;
753	wpa_drv_probe_req_report(wpa_s, 0);
754	}
755	}
756	#endif /* CONFIG_P2P */
757
758	if (state != WPA_SCANNING)
759	wpa_supplicant_notify_scanning(wpa_s, 0);
760
761	if (state == WPA_COMPLETED && wpa_s->new_connection) {
762	struct wpa_ssid *ssid = wpa_s->current_ssid;
763	#if defined(CONFIG_CTRL_IFACE) \|\| !defined(CONFIG_NO_STDOUT_DEBUG)
764	wpa_msg(wpa_s, MSG_INFO, WPA_EVENT_CONNECTED "- Connection to "
765	MACSTR " completed [id=%d id_str=%s]",
766	MAC2STR(wpa_s->bssid),
767	ssid ? ssid->id : -1,
768	ssid && ssid->id_str ? ssid->id_str : "");
769	#endif /* CONFIG_CTRL_IFACE \|\| !CONFIG_NO_STDOUT_DEBUG */
770	wpas_clear_temp_disabled(wpa_s, ssid, 1);
771	wpa_blacklist_clear(wpa_s);
772	wpa_s->extra_blacklist_count = 0;
773	wpa_s->new_connection = 0;
774	wpa_drv_set_operstate(wpa_s, 1);
775	#ifndef IEEE8021X_EAPOL
776	wpa_drv_set_supp_port(wpa_s, 1);
777	#endif /* IEEE8021X_EAPOL */
778	wpa_s->after_wps = 0;
779	wpa_s->known_wps_freq = 0;
780	wpas_p2p_completed(wpa_s);
781
782	sme_sched_obss_scan(wpa_s, 1);
783	} else if (state == WPA_DISCONNECTED \|\| state == WPA_ASSOCIATING \|\|
784	state == WPA_ASSOCIATED) {
785	wpa_s->new_connection = 1;
786	wpa_drv_set_operstate(wpa_s, 0);
787	#ifndef IEEE8021X_EAPOL
788	wpa_drv_set_supp_port(wpa_s, 0);
789	#endif /* IEEE8021X_EAPOL */
790	sme_sched_obss_scan(wpa_s, 0);
791	}
792	wpa_s->wpa_state = state;
793
794	#ifdef CONFIG_BGSCAN
795	if (state == WPA_COMPLETED)
796	wpa_supplicant_start_bgscan(wpa_s);
797	else if (state < WPA_ASSOCIATED)
798	wpa_supplicant_stop_bgscan(wpa_s);
799	#endif /* CONFIG_BGSCAN */
800
801	if (state == WPA_AUTHENTICATING)
802	wpa_supplicant_stop_autoscan(wpa_s);
803
804	if (state == WPA_DISCONNECTED \|\| state == WPA_INACTIVE)
805	wpa_supplicant_start_autoscan(wpa_s);
806
807	if (old_state >= WPA_ASSOCIATED && wpa_s->wpa_state < WPA_ASSOCIATED)
808	wmm_ac_notify_disassoc(wpa_s);
809
810	if (wpa_s->wpa_state != old_state) {
811	wpas_notify_state_changed(wpa_s, wpa_s->wpa_state, old_state);
812
813	/*
814	* Notify the P2P Device interface about a state change in one
815	* of the interfaces.
816	*/
817	wpas_p2p_indicate_state_change(wpa_s);
818
819	if (wpa_s->wpa_state == WPA_COMPLETED \|\|
820	old_state == WPA_COMPLETED)
821	wpas_notify_auth_changed(wpa_s);
822	}
823	}
824
825
826	void wpa_supplicant_terminate_proc(struct wpa_global *global)
827	{
828	int pending = 0;
829	#ifdef CONFIG_WPS
830	struct wpa_supplicant *wpa_s = global->ifaces;
831	while (wpa_s) {
832	struct wpa_supplicant *next = wpa_s->next;
833	if (wpas_wps_terminate_pending(wpa_s) == 1)
834	pending = 1;
835	#ifdef CONFIG_P2P
836	if (wpa_s->p2p_group_interface != NOT_P2P_GROUP_INTERFACE \|\|
837	(wpa_s->current_ssid && wpa_s->current_ssid->p2p_group))
838	wpas_p2p_disconnect(wpa_s);
839	#endif /* CONFIG_P2P */
840	wpa_s = next;
841	}
842	#endif /* CONFIG_WPS */
843	if (pending)
844	return;
845	eloop_terminate();
846	}
847
848
849	static void wpa_supplicant_terminate(int sig, void *signal_ctx)
850	{
851	struct wpa_global *global = signal_ctx;
852	wpa_supplicant_terminate_proc(global);
853	}
854
855
856	void wpa_supplicant_clear_status(struct wpa_supplicant *wpa_s)
857	{
858	enum wpa_states old_state = wpa_s->wpa_state;
859
860	wpa_s->pairwise_cipher = 0;
861	wpa_s->group_cipher = 0;
862	wpa_s->mgmt_group_cipher = 0;
863	wpa_s->key_mgmt = 0;
864	if (wpa_s->wpa_state != WPA_INTERFACE_DISABLED)
865	wpa_supplicant_set_state(wpa_s, WPA_DISCONNECTED);
866
867	if (wpa_s->wpa_state != old_state)
868	wpas_notify_state_changed(wpa_s, wpa_s->wpa_state, old_state);
869	}
870
871
872	/**
873	* wpa_supplicant_reload_configuration - Reload configuration data
874	* @wpa_s: Pointer to wpa_supplicant data
875	* Returns: 0 on success or -1 if configuration parsing failed
876	*
877	* This function can be used to request that the configuration data is reloaded
878	* (e.g., after configuration file change). This function is reloading
879	* configuration only for one interface, so this may need to be called multiple
880	* times if %wpa_supplicant is controlling multiple interfaces and all
881	* interfaces need reconfiguration.
882	*/
883	int wpa_supplicant_reload_configuration(struct wpa_supplicant *wpa_s)
884	{
885	struct wpa_config *conf;
886	int reconf_ctrl;
887	int old_ap_scan;
888
889	if (wpa_s->confname == NULL)
890	return -1;
891	conf = wpa_config_read(wpa_s->confname, NULL);
892	if (conf == NULL) {
893	wpa_msg(wpa_s, MSG_ERROR, "Failed to parse the configuration "
894	"file '%s' - exiting", wpa_s->confname);
895	return -1;
896	}
897	wpa_config_read(wpa_s->confanother, conf);
898
899	conf->changed_parameters = (unsigned int) -1;
900
901	reconf_ctrl = !!conf->ctrl_interface != !!wpa_s->conf->ctrl_interface
902	\|\| (conf->ctrl_interface && wpa_s->conf->ctrl_interface &&
903	os_strcmp(conf->ctrl_interface,
904	wpa_s->conf->ctrl_interface) != 0);
905
906	if (reconf_ctrl && wpa_s->ctrl_iface) {
907	wpa_supplicant_ctrl_iface_deinit(wpa_s->ctrl_iface);
908	wpa_s->ctrl_iface = NULL;
909	}
910
911	eapol_sm_invalidate_cached_session(wpa_s->eapol);
912	if (wpa_s->current_ssid) {
913	if (wpa_s->wpa_state >= WPA_AUTHENTICATING)
914	wpa_s->own_disconnect_req = 1;
915	wpa_supplicant_deauthenticate(wpa_s,
916	WLAN_REASON_DEAUTH_LEAVING);
917	}
918
919	/*
920	* TODO: should notify EAPOL SM about changes in opensc_engine_path,
921	* pkcs11_engine_path, pkcs11_module_path, openssl_ciphers.
922	*/
923	if (wpa_key_mgmt_wpa_psk(wpa_s->key_mgmt)) {
924	/*
925	* Clear forced success to clear EAP state for next
926	* authentication.
927	*/
928	eapol_sm_notify_eap_success(wpa_s->eapol, FALSE);
929	}
930	eapol_sm_notify_config(wpa_s->eapol, NULL, NULL);
931	wpa_sm_set_config(wpa_s->wpa, NULL);
932	wpa_sm_pmksa_cache_flush(wpa_s->wpa, NULL);
933	wpa_sm_set_fast_reauth(wpa_s->wpa, wpa_s->conf->fast_reauth);
934	rsn_preauth_deinit(wpa_s->wpa);
935
936	old_ap_scan = wpa_s->conf->ap_scan;
937	wpa_config_free(wpa_s->conf);
938	wpa_s->conf = conf;
939	if (old_ap_scan != wpa_s->conf->ap_scan)
940	wpas_notify_ap_scan_changed(wpa_s);
941
942	if (reconf_ctrl)
943	wpa_s->ctrl_iface = wpa_supplicant_ctrl_iface_init(wpa_s);
944
945	wpa_supplicant_update_config(wpa_s);
946
947	wpa_supplicant_clear_status(wpa_s);
948	if (wpa_supplicant_enabled_networks(wpa_s)) {
949	wpa_s->reassociate = 1;
950	wpa_supplicant_req_scan(wpa_s, 0, 0);
951	}
952	wpa_dbg(wpa_s, MSG_DEBUG, "Reconfiguration completed");
953	return 0;
954	}
955
956
957	static void wpa_supplicant_reconfig(int sig, void *signal_ctx)
958	{
959	struct wpa_global *global = signal_ctx;
960	struct wpa_supplicant *wpa_s;
961	for (wpa_s = global->ifaces; wpa_s; wpa_s = wpa_s->next) {
962	wpa_dbg(wpa_s, MSG_DEBUG, "Signal %d received - reconfiguring",
963	sig);
964	if (wpa_supplicant_reload_configuration(wpa_s) < 0) {
965	wpa_supplicant_terminate_proc(global);
966	}
967	}
968	}
969
970
971	static int wpa_supplicant_suites_from_ai(struct wpa_supplicant *wpa_s,
972	struct wpa_ssid *ssid,
973	struct wpa_ie_data *ie)
974	{
975	int ret = wpa_sm_parse_own_wpa_ie(wpa_s->wpa, ie);
976	if (ret) {
977	if (ret == -2) {
978	wpa_msg(wpa_s, MSG_INFO, "WPA: Failed to parse WPA IE "
979	"from association info");
980	}
981	return -1;
982	}
983
984	wpa_dbg(wpa_s, MSG_DEBUG, "WPA: Using WPA IE from AssocReq to set "
985	"cipher suites");
986	if (!(ie->group_cipher & ssid->group_cipher)) {
987	wpa_msg(wpa_s, MSG_INFO, "WPA: Driver used disabled group "
988	"cipher 0x%x (mask 0x%x) - reject",
989	ie->group_cipher, ssid->group_cipher);
990	return -1;
991	}
992	if (!(ie->pairwise_cipher & ssid->pairwise_cipher)) {
993	wpa_msg(wpa_s, MSG_INFO, "WPA: Driver used disabled pairwise "
994	"cipher 0x%x (mask 0x%x) - reject",
995	ie->pairwise_cipher, ssid->pairwise_cipher);
996	return -1;
997	}
998	if (!(ie->key_mgmt & ssid->key_mgmt)) {
999	wpa_msg(wpa_s, MSG_INFO, "WPA: Driver used disabled key "
1000	"management 0x%x (mask 0x%x) - reject",
1001	ie->key_mgmt, ssid->key_mgmt);
1002	return -1;
1003	}
1004
1005	#ifdef CONFIG_IEEE80211W
1006	if (!(ie->capabilities & WPA_CAPABILITY_MFPC) &&
1007	wpas_get_ssid_pmf(wpa_s, ssid) == MGMT_FRAME_PROTECTION_REQUIRED) {
1008	wpa_msg(wpa_s, MSG_INFO, "WPA: Driver associated with an AP "
1009	"that does not support management frame protection - "
1010	"reject");
1011	return -1;
1012	}
1013	#endif /* CONFIG_IEEE80211W */
1014
1015	return 0;
1016	}
1017
1018
1019	/**
1020	* wpa_supplicant_set_suites - Set authentication and encryption parameters
1021	* @wpa_s: Pointer to wpa_supplicant data
1022	* @bss: Scan results for the selected BSS, or %NULL if not available
1023	* @ssid: Configuration data for the selected network
1024	* @wpa_ie: Buffer for the WPA/RSN IE
1025	* @wpa_ie_len: Maximum wpa_ie buffer size on input. This is changed to be the
1026	* used buffer length in case the functions returns success.
1027	* Returns: 0 on success or -1 on failure
1028	*
1029	* This function is used to configure authentication and encryption parameters
1030	* based on the network configuration and scan result for the selected BSS (if
1031	* available).
1032	*/
1033	int wpa_supplicant_set_suites(struct wpa_supplicant *wpa_s,
1034	struct wpa_bss bss, struct wpa_ssid ssid,
1035	u8 wpa_ie, size_t wpa_ie_len)
1036	{
1037	struct wpa_ie_data ie;
1038	int sel, proto;
1039	const u8 bss_wpa, bss_rsn, *bss_osen;
1040
1041	if (bss) {
1042	bss_wpa = wpa_bss_get_vendor_ie(bss, WPA_IE_VENDOR_TYPE);
1043	bss_rsn = wpa_bss_get_ie(bss, WLAN_EID_RSN);
1044	bss_osen = wpa_bss_get_vendor_ie(bss, OSEN_IE_VENDOR_TYPE);
1045	} else
1046	bss_wpa = bss_rsn = bss_osen = NULL;
1047
1048	if (bss_rsn && (ssid->proto & WPA_PROTO_RSN) &&
1049	wpa_parse_wpa_ie(bss_rsn, 2 + bss_rsn[1], &ie) == 0 &&
1050	(ie.group_cipher & ssid->group_cipher) &&
1051	(ie.pairwise_cipher & ssid->pairwise_cipher) &&
1052	(ie.key_mgmt & ssid->key_mgmt)) {
1053	wpa_dbg(wpa_s, MSG_DEBUG, "RSN: using IEEE 802.11i/D9.0");
1054	proto = WPA_PROTO_RSN;
1055	} else if (bss_wpa && (ssid->proto & WPA_PROTO_WPA) &&
1056	wpa_parse_wpa_ie(bss_wpa, 2 + bss_wpa[1], &ie) == 0 &&
1057	(ie.group_cipher & ssid->group_cipher) &&
1058	(ie.pairwise_cipher & ssid->pairwise_cipher) &&
1059	(ie.key_mgmt & ssid->key_mgmt)) {
1060	wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using IEEE 802.11i/D3.0");
1061	proto = WPA_PROTO_WPA;
1062	#ifdef CONFIG_HS20
1063	} else if (bss_osen && (ssid->proto & WPA_PROTO_OSEN)) {
1064	wpa_dbg(wpa_s, MSG_DEBUG, "HS 2.0: using OSEN");
1065	/* TODO: parse OSEN element */
1066	os_memset(&ie, 0, sizeof(ie));
1067	ie.group_cipher = WPA_CIPHER_CCMP;
1068	ie.pairwise_cipher = WPA_CIPHER_CCMP;
1069	ie.key_mgmt = WPA_KEY_MGMT_OSEN;
1070	proto = WPA_PROTO_OSEN;
1071	#endif /* CONFIG_HS20 */
1072	} else if (bss) {
1073	wpa_msg(wpa_s, MSG_WARNING, "WPA: Failed to select WPA/RSN");
1074	wpa_dbg(wpa_s, MSG_DEBUG,
1075	"WPA: ssid proto=0x%x pairwise_cipher=0x%x group_cipher=0x%x key_mgmt=0x%x",
1076	ssid->proto, ssid->pairwise_cipher, ssid->group_cipher,
1077	ssid->key_mgmt);
1078	wpa_dbg(wpa_s, MSG_DEBUG, "WPA: BSS " MACSTR " ssid='%s'%s%s%s",
1079	MAC2STR(bss->bssid),
1080	wpa_ssid_txt(bss->ssid, bss->ssid_len),
1081	bss_wpa ? " WPA" : "",
1082	bss_rsn ? " RSN" : "",
1083	bss_osen ? " OSEN" : "");
1084	if (bss_rsn) {
1085	wpa_hexdump(MSG_DEBUG, "RSN", bss_rsn, 2 + bss_rsn[1]);
1086	if (wpa_parse_wpa_ie(bss_rsn, 2 + bss_rsn[1], &ie)) {
1087	wpa_dbg(wpa_s, MSG_DEBUG,
1088	"Could not parse RSN element");
1089	} else {
1090	wpa_dbg(wpa_s, MSG_DEBUG,
1091	"RSN: pairwise_cipher=0x%x group_cipher=0x%x key_mgmt=0x%x",
1092	ie.pairwise_cipher, ie.group_cipher,
1093	ie.key_mgmt);
1094	}
1095	}
1096	if (bss_wpa) {
1097	wpa_hexdump(MSG_DEBUG, "WPA", bss_wpa, 2 + bss_wpa[1]);
1098	if (wpa_parse_wpa_ie(bss_wpa, 2 + bss_wpa[1], &ie)) {
1099	wpa_dbg(wpa_s, MSG_DEBUG,
1100	"Could not parse WPA element");
1101	} else {
1102	wpa_dbg(wpa_s, MSG_DEBUG,
1103	"WPA: pairwise_cipher=0x%x group_cipher=0x%x key_mgmt=0x%x",
1104	ie.pairwise_cipher, ie.group_cipher,
1105	ie.key_mgmt);
1106	}
1107	}
1108	return -1;
1109	} else {
1110	if (ssid->proto & WPA_PROTO_OSEN)
1111	proto = WPA_PROTO_OSEN;
1112	else if (ssid->proto & WPA_PROTO_RSN)
1113	proto = WPA_PROTO_RSN;
1114	else
1115	proto = WPA_PROTO_WPA;
1116	if (wpa_supplicant_suites_from_ai(wpa_s, ssid, &ie) < 0) {
1117	os_memset(&ie, 0, sizeof(ie));
1118	ie.group_cipher = ssid->group_cipher;
1119	ie.pairwise_cipher = ssid->pairwise_cipher;
1120	ie.key_mgmt = ssid->key_mgmt;
1121	#ifdef CONFIG_IEEE80211W
1122	ie.mgmt_group_cipher =
1123	ssid->ieee80211w != NO_MGMT_FRAME_PROTECTION ?
1124	WPA_CIPHER_AES_128_CMAC : 0;
1125	#endif /* CONFIG_IEEE80211W */
1126	wpa_dbg(wpa_s, MSG_DEBUG, "WPA: Set cipher suites "
1127	"based on configuration");
1128	} else
1129	proto = ie.proto;
1130	}
1131
1132	wpa_dbg(wpa_s, MSG_DEBUG, "WPA: Selected cipher suites: group %d "
1133	"pairwise %d key_mgmt %d proto %d",
1134	ie.group_cipher, ie.pairwise_cipher, ie.key_mgmt, proto);
1135	#ifdef CONFIG_IEEE80211W
1136	if (ssid->ieee80211w) {
1137	wpa_dbg(wpa_s, MSG_DEBUG, "WPA: Selected mgmt group cipher %d",
1138	ie.mgmt_group_cipher);
1139	}
1140	#endif /* CONFIG_IEEE80211W */
1141
1142	wpa_s->wpa_proto = proto;
1143	wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_PROTO, proto);
1144	wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_RSN_ENABLED,
1145	!!(ssid->proto & (WPA_PROTO_RSN \| WPA_PROTO_OSEN)));
1146
1147	if (bss \|\| !wpa_s->ap_ies_from_associnfo) {
1148	if (wpa_sm_set_ap_wpa_ie(wpa_s->wpa, bss_wpa,
1149	bss_wpa ? 2 + bss_wpa[1] : 0) \|\|
1150	wpa_sm_set_ap_rsn_ie(wpa_s->wpa, bss_rsn,
1151	bss_rsn ? 2 + bss_rsn[1] : 0))
1152	return -1;
1153	}
1154
1155	sel = ie.group_cipher & ssid->group_cipher;
1156	wpa_s->group_cipher = wpa_pick_group_cipher(sel);
1157	if (wpa_s->group_cipher < 0) {
1158	wpa_msg(wpa_s, MSG_WARNING, "WPA: Failed to select group "
1159	"cipher");
1160	return -1;
1161	}
1162	wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using GTK %s",
1163	wpa_cipher_txt(wpa_s->group_cipher));
1164
1165	sel = ie.pairwise_cipher & ssid->pairwise_cipher;
1166	wpa_s->pairwise_cipher = wpa_pick_pairwise_cipher(sel, 1);
1167	if (wpa_s->pairwise_cipher < 0) {
1168	wpa_msg(wpa_s, MSG_WARNING, "WPA: Failed to select pairwise "
1169	"cipher");
1170	return -1;
1171	}
1172	wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using PTK %s",
1173	wpa_cipher_txt(wpa_s->pairwise_cipher));
1174
1175	sel = ie.key_mgmt & ssid->key_mgmt;
1176	#ifdef CONFIG_SAE
1177	if (!(wpa_s->drv_flags & WPA_DRIVER_FLAGS_SAE))
1178	sel &= ~(WPA_KEY_MGMT_SAE \| WPA_KEY_MGMT_FT_SAE);
1179	#endif /* CONFIG_SAE */
1180	if (0) {
1181	#ifdef CONFIG_SUITEB192
1182	} else if (sel & WPA_KEY_MGMT_IEEE8021X_SUITE_B_192) {
1183	wpa_s->key_mgmt = WPA_KEY_MGMT_IEEE8021X_SUITE_B_192;
1184	wpa_dbg(wpa_s, MSG_DEBUG,
1185	"WPA: using KEY_MGMT 802.1X with Suite B (192-bit)");
1186	#endif /* CONFIG_SUITEB192 */
1187	#ifdef CONFIG_SUITEB
1188	} else if (sel & WPA_KEY_MGMT_IEEE8021X_SUITE_B) {
1189	wpa_s->key_mgmt = WPA_KEY_MGMT_IEEE8021X_SUITE_B;
1190	wpa_dbg(wpa_s, MSG_DEBUG,
1191	"WPA: using KEY_MGMT 802.1X with Suite B");
1192	#endif /* CONFIG_SUITEB */
1193	#ifdef CONFIG_IEEE80211R
1194	} else if (sel & WPA_KEY_MGMT_FT_IEEE8021X) {
1195	wpa_s->key_mgmt = WPA_KEY_MGMT_FT_IEEE8021X;
1196	wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using KEY_MGMT FT/802.1X");
1197	} else if (sel & WPA_KEY_MGMT_FT_PSK) {
1198	wpa_s->key_mgmt = WPA_KEY_MGMT_FT_PSK;
1199	wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using KEY_MGMT FT/PSK");
1200	#endif /* CONFIG_IEEE80211R */
1201	#ifdef CONFIG_SAE
1202	} else if (sel & WPA_KEY_MGMT_SAE) {
1203	wpa_s->key_mgmt = WPA_KEY_MGMT_SAE;
1204	wpa_dbg(wpa_s, MSG_DEBUG, "RSN: using KEY_MGMT SAE");
1205	} else if (sel & WPA_KEY_MGMT_FT_SAE) {
1206	wpa_s->key_mgmt = WPA_KEY_MGMT_FT_SAE;
1207	wpa_dbg(wpa_s, MSG_DEBUG, "RSN: using KEY_MGMT FT/SAE");
1208	#endif /* CONFIG_SAE */
1209	#ifdef CONFIG_IEEE80211W
1210	} else if (sel & WPA_KEY_MGMT_IEEE8021X_SHA256) {
1211	wpa_s->key_mgmt = WPA_KEY_MGMT_IEEE8021X_SHA256;
1212	wpa_dbg(wpa_s, MSG_DEBUG,
1213	"WPA: using KEY_MGMT 802.1X with SHA256");
1214	} else if (sel & WPA_KEY_MGMT_PSK_SHA256) {
1215	wpa_s->key_mgmt = WPA_KEY_MGMT_PSK_SHA256;
1216	wpa_dbg(wpa_s, MSG_DEBUG,
1217	"WPA: using KEY_MGMT PSK with SHA256");
1218	#endif /* CONFIG_IEEE80211W */
1219	} else if (sel & WPA_KEY_MGMT_IEEE8021X) {
1220	wpa_s->key_mgmt = WPA_KEY_MGMT_IEEE8021X;
1221	wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using KEY_MGMT 802.1X");
1222	} else if (sel & WPA_KEY_MGMT_PSK) {
1223	wpa_s->key_mgmt = WPA_KEY_MGMT_PSK;
1224	wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using KEY_MGMT WPA-PSK");
1225	} else if (sel & WPA_KEY_MGMT_WPA_NONE) {
1226	wpa_s->key_mgmt = WPA_KEY_MGMT_WPA_NONE;
1227	wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using KEY_MGMT WPA-NONE");
1228	#ifdef CONFIG_HS20
1229	} else if (sel & WPA_KEY_MGMT_OSEN) {
1230	wpa_s->key_mgmt = WPA_KEY_MGMT_OSEN;
1231	wpa_dbg(wpa_s, MSG_DEBUG, "HS 2.0: using KEY_MGMT OSEN");
1232	#endif /* CONFIG_HS20 */
1233	} else {
1234	wpa_msg(wpa_s, MSG_WARNING, "WPA: Failed to select "
1235	"authenticated key management type");
1236	return -1;
1237	}
1238
1239	wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_KEY_MGMT, wpa_s->key_mgmt);
1240	wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_PAIRWISE,
1241	wpa_s->pairwise_cipher);
1242	wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_GROUP, wpa_s->group_cipher);
1243
1244	#ifdef CONFIG_IEEE80211W
1245	sel = ie.mgmt_group_cipher;
1246	if (wpas_get_ssid_pmf(wpa_s, ssid) == NO_MGMT_FRAME_PROTECTION \|\|
1247	!(ie.capabilities & WPA_CAPABILITY_MFPC))
1248	sel = 0;
1249	if (sel & WPA_CIPHER_AES_128_CMAC) {
1250	wpa_s->mgmt_group_cipher = WPA_CIPHER_AES_128_CMAC;
1251	wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using MGMT group cipher "
1252	"AES-128-CMAC");
1253	} else if (sel & WPA_CIPHER_BIP_GMAC_128) {
1254	wpa_s->mgmt_group_cipher = WPA_CIPHER_BIP_GMAC_128;
1255	wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using MGMT group cipher "
1256	"BIP-GMAC-128");
1257	} else if (sel & WPA_CIPHER_BIP_GMAC_256) {
1258	wpa_s->mgmt_group_cipher = WPA_CIPHER_BIP_GMAC_256;
1259	wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using MGMT group cipher "
1260	"BIP-GMAC-256");
1261	} else if (sel & WPA_CIPHER_BIP_CMAC_256) {
1262	wpa_s->mgmt_group_cipher = WPA_CIPHER_BIP_CMAC_256;
1263	wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using MGMT group cipher "
1264	"BIP-CMAC-256");
1265	} else {
1266	wpa_s->mgmt_group_cipher = 0;
1267	wpa_dbg(wpa_s, MSG_DEBUG, "WPA: not using MGMT group cipher");
1268	}
1269	wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_MGMT_GROUP,
1270	wpa_s->mgmt_group_cipher);
1271	wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_MFP,
1272	wpas_get_ssid_pmf(wpa_s, ssid));
1273	#endif /* CONFIG_IEEE80211W */
1274
1275	if (wpa_sm_set_assoc_wpa_ie_default(wpa_s->wpa, wpa_ie, wpa_ie_len)) {
1276	wpa_msg(wpa_s, MSG_WARNING, "WPA: Failed to generate WPA IE");
1277	return -1;
1278	}
1279
1280	if (wpa_key_mgmt_wpa_psk(ssid->key_mgmt)) {
1281	int psk_set = 0;
1282
1283	if (ssid->psk_set) {
1284	wpa_sm_set_pmk(wpa_s->wpa, ssid->psk, PMK_LEN, NULL);
1285	psk_set = 1;
1286	}
1287	#ifndef CONFIG_NO_PBKDF2
1288	if (bss && ssid->bssid_set && ssid->ssid_len == 0 &&
1289	ssid->passphrase) {
1290	u8 psk[PMK_LEN];
1291	pbkdf2_sha1(ssid->passphrase, bss->ssid, bss->ssid_len,
1292	4096, psk, PMK_LEN);
1293	wpa_hexdump_key(MSG_MSGDUMP, "PSK (from passphrase)",
1294	psk, PMK_LEN);
1295	wpa_sm_set_pmk(wpa_s->wpa, psk, PMK_LEN, NULL);
1296	psk_set = 1;
1297	os_memset(psk, 0, sizeof(psk));
1298	}
1299	#endif /* CONFIG_NO_PBKDF2 */
1300	#ifdef CONFIG_EXT_PASSWORD
1301	if (ssid->ext_psk) {
1302	struct wpabuf *pw = ext_password_get(wpa_s->ext_pw,
1303	ssid->ext_psk);
1304	char pw_str[64 + 1];
1305	u8 psk[PMK_LEN];
1306
1307	if (pw == NULL) {
1308	wpa_msg(wpa_s, MSG_INFO, "EXT PW: No PSK "
1309	"found from external storage");
1310	return -1;
1311	}
1312
1313	if (wpabuf_len(pw) < 8 \|\| wpabuf_len(pw) > 64) {
1314	wpa_msg(wpa_s, MSG_INFO, "EXT PW: Unexpected "
1315	"PSK length %d in external storage",
1316	(int) wpabuf_len(pw));
1317	ext_password_free(pw);
1318	return -1;
1319	}
1320
1321	os_memcpy(pw_str, wpabuf_head(pw), wpabuf_len(pw));
1322	pw_str[wpabuf_len(pw)] = '\0';
1323
1324	#ifndef CONFIG_NO_PBKDF2
1325	if (wpabuf_len(pw) >= 8 && wpabuf_len(pw) < 64 && bss)
1326	{
1327	pbkdf2_sha1(pw_str, bss->ssid, bss->ssid_len,
1328	4096, psk, PMK_LEN);
1329	os_memset(pw_str, 0, sizeof(pw_str));
1330	wpa_hexdump_key(MSG_MSGDUMP, "PSK (from "
1331	"external passphrase)",
1332	psk, PMK_LEN);
1333	wpa_sm_set_pmk(wpa_s->wpa, psk, PMK_LEN, NULL);
1334	psk_set = 1;
1335	os_memset(psk, 0, sizeof(psk));
1336	} else
1337	#endif /* CONFIG_NO_PBKDF2 */
1338	if (wpabuf_len(pw) == 2 * PMK_LEN) {
1339	if (hexstr2bin(pw_str, psk, PMK_LEN) < 0) {
1340	wpa_msg(wpa_s, MSG_INFO, "EXT PW: "
1341	"Invalid PSK hex string");
1342	os_memset(pw_str, 0, sizeof(pw_str));
1343	ext_password_free(pw);
1344	return -1;
1345	}
1346	wpa_sm_set_pmk(wpa_s->wpa, psk, PMK_LEN, NULL);
1347	psk_set = 1;
1348	os_memset(psk, 0, sizeof(psk));
1349	} else {
1350	wpa_msg(wpa_s, MSG_INFO, "EXT PW: No suitable "
1351	"PSK available");
1352	os_memset(pw_str, 0, sizeof(pw_str));
1353	ext_password_free(pw);
1354	return -1;
1355	}
1356
1357	os_memset(pw_str, 0, sizeof(pw_str));
1358	ext_password_free(pw);
1359	}
1360	#endif /* CONFIG_EXT_PASSWORD */
1361
1362	if (!psk_set) {
1363	wpa_msg(wpa_s, MSG_INFO,
1364	"No PSK available for association");
1365	return -1;
1366	}
1367	} else
1368	wpa_sm_set_pmk_from_pmksa(wpa_s->wpa);
1369
1370	return 0;
1371	}
1372
1373
1374	static void wpas_ext_capab_byte(struct wpa_supplicant wpa_s, u8 pos, int idx)
1375	{
1376	*pos = 0x00;
1377
1378	switch (idx) {
1379	case 0: /* Bits 0-7 */
1380	break;
1381	case 1: /* Bits 8-15 */
1382	break;
1383	case 2: /* Bits 16-23 */
1384	#ifdef CONFIG_WNM
1385	pos \|= 0x02; / Bit 17 - WNM-Sleep Mode */
1386	pos \|= 0x08; / Bit 19 - BSS Transition */
1387	#endif /* CONFIG_WNM */
1388	break;
1389	case 3: /* Bits 24-31 */
1390	#ifdef CONFIG_WNM
1391	pos \|= 0x02; / Bit 25 - SSID List */
1392	#endif /* CONFIG_WNM */
1393	#ifdef CONFIG_INTERWORKING
1394	if (wpa_s->conf->interworking)
1395	pos \|= 0x80; / Bit 31 - Interworking */
1396	#endif /* CONFIG_INTERWORKING */
1397	break;
1398	case 4: /* Bits 32-39 */
1399	#ifdef CONFIG_INTERWORKING
1400	if (wpa_s->drv_flags / WPA_DRIVER_FLAGS_QOS_MAPPING)
1401	pos \|= 0x01; / Bit 32 - QoS Map */
1402	#endif /* CONFIG_INTERWORKING */
1403	break;
1404	case 5: /* Bits 40-47 */
1405	#ifdef CONFIG_HS20
1406	if (wpa_s->conf->hs20)
1407	pos \|= 0x40; / Bit 46 - WNM-Notification */
1408	#endif /* CONFIG_HS20 */
1409	break;
1410	case 6: /* Bits 48-55 */
1411	break;
1412	}
1413	}
1414
1415
1416	int wpas_build_ext_capab(struct wpa_supplicant wpa_s, u8 buf, size_t buflen)
1417	{
1418	u8 *pos = buf;
1419	u8 len = 6, i;
1420
1421	if (len < wpa_s->extended_capa_len)
1422	len = wpa_s->extended_capa_len;
1423	if (buflen < (size_t) len + 2) {
1424	wpa_printf(MSG_INFO,
1425	"Not enough room for building extended capabilities element");
1426	return -1;
1427	}
1428
1429	*pos++ = WLAN_EID_EXT_CAPAB;
1430	*pos++ = len;
1431	for (i = 0; i < len; i++, pos++) {
1432	wpas_ext_capab_byte(wpa_s, pos, i);
1433
1434	if (i < wpa_s->extended_capa_len) {
1435	*pos &= ~wpa_s->extended_capa_mask[i];
1436	*pos \|= wpa_s->extended_capa[i];
1437	}
1438	}
1439
1440	while (len > 0 && buf[1 + len] == 0) {
1441	len--;
1442	buf[1] = len;
1443	}
1444	if (len == 0)
1445	return 0;
1446
1447	return 2 + len;
1448	}
1449
1450
1451	static int wpas_valid_bss(struct wpa_supplicant *wpa_s,
1452	struct wpa_bss *test_bss)
1453	{
1454	struct wpa_bss *bss;
1455
1456	dl_list_for_each(bss, &wpa_s->bss, struct wpa_bss, list) {
1457	if (bss == test_bss)
1458	return 1;
1459	}
1460
1461	return 0;
1462	}
1463
1464
1465	static int wpas_valid_ssid(struct wpa_supplicant *wpa_s,
1466	struct wpa_ssid *test_ssid)
1467	{
1468	struct wpa_ssid *ssid;
1469
1470	for (ssid = wpa_s->conf->ssid; ssid; ssid = ssid->next) {
1471	if (ssid == test_ssid)
1472	return 1;
1473	}
1474
1475	return 0;
1476	}
1477
1478
1479	int wpas_valid_bss_ssid(struct wpa_supplicant wpa_s, struct wpa_bss test_bss,
1480	struct wpa_ssid *test_ssid)
1481	{
1482	if (test_bss && !wpas_valid_bss(wpa_s, test_bss))
1483	return 0;
1484
1485	return test_ssid == NULL \|\| wpas_valid_ssid(wpa_s, test_ssid);
1486	}
1487
1488
1489	void wpas_connect_work_free(struct wpa_connect_work *cwork)
1490	{
1491	if (cwork == NULL)
1492	return;
1493	os_free(cwork);
1494	}
1495
1496
1497	void wpas_connect_work_done(struct wpa_supplicant *wpa_s)
1498	{
1499	struct wpa_connect_work *cwork;
1500	struct wpa_radio_work *work = wpa_s->connect_work;
1501
1502	if (!work)
1503	return;
1504
1505	wpa_s->connect_work = NULL;
1506	cwork = work->ctx;
1507	work->ctx = NULL;
1508	wpas_connect_work_free(cwork);
1509	radio_work_done(work);
1510	}
1511
1512
1513	int wpas_update_random_addr(struct wpa_supplicant *wpa_s, int style)
1514	{
1515	struct os_reltime now;
1516	u8 addr[ETH_ALEN];
1517
1518	os_get_reltime(&now);
1519	if (wpa_s->last_mac_addr_style == style &&
1520	wpa_s->last_mac_addr_change.sec != 0 &&
1521	!os_reltime_expired(&now, &wpa_s->last_mac_addr_change,
1522	wpa_s->conf->rand_addr_lifetime)) {
1523	wpa_msg(wpa_s, MSG_DEBUG,
1524	"Previously selected random MAC address has not yet expired");
1525	return 0;
1526	}
1527
1528	switch (style) {
1529	case 1:
1530	if (random_mac_addr(addr) < 0)
1531	return -1;
1532	break;
1533	case 2:
1534	os_memcpy(addr, wpa_s->perm_addr, ETH_ALEN);
1535	if (random_mac_addr_keep_oui(addr) < 0)
1536	return -1;
1537	break;
1538	default:
1539	return -1;
1540	}
1541
1542	if (wpa_drv_set_mac_addr(wpa_s, addr) < 0) {
1543	wpa_msg(wpa_s, MSG_INFO,
1544	"Failed to set random MAC address");
1545	return -1;
1546	}
1547
1548	os_get_reltime(&wpa_s->last_mac_addr_change);
1549	wpa_s->mac_addr_changed = 1;
1550	wpa_s->last_mac_addr_style = style;
1551
1552	if (wpa_supplicant_update_mac_addr(wpa_s) < 0) {
1553	wpa_msg(wpa_s, MSG_INFO,
1554	"Could not update MAC address information");
1555	return -1;
1556	}
1557
1558	wpa_msg(wpa_s, MSG_DEBUG, "Using random MAC address " MACSTR,
1559	MAC2STR(addr));
1560
1561	return 0;
1562	}
1563
1564
1565	int wpas_update_random_addr_disassoc(struct wpa_supplicant *wpa_s)
1566	{
1567	if (wpa_s->wpa_state >= WPA_AUTHENTICATING \|\|
1568	!wpa_s->conf->preassoc_mac_addr)
1569	return 0;
1570
1571	return wpas_update_random_addr(wpa_s, wpa_s->conf->preassoc_mac_addr);
1572	}
1573
1574
1575	static void wpas_start_assoc_cb(struct wpa_radio_work *work, int deinit);
1576
1577	/**
1578	* wpa_supplicant_associate - Request association
1579	* @wpa_s: Pointer to wpa_supplicant data
1580	* @bss: Scan results for the selected BSS, or %NULL if not available
1581	* @ssid: Configuration data for the selected network
1582	*
1583	* This function is used to request %wpa_supplicant to associate with a BSS.
1584	*/
1585	void wpa_supplicant_associate(struct wpa_supplicant *wpa_s,
1586	struct wpa_bss bss, struct wpa_ssid ssid)
1587	{
1588	struct wpa_connect_work *cwork;
1589	int rand_style;
1590
1591	if (ssid->mac_addr == -1)
1592	rand_style = wpa_s->conf->mac_addr;
1593	else
1594	rand_style = ssid->mac_addr;
1595
1596	wmm_ac_clear_saved_tspecs(wpa_s);
1597	wpa_s->reassoc_same_bss = 0;
1598
1599	if (wpa_s->last_ssid == ssid) {
1600	wpa_dbg(wpa_s, MSG_DEBUG, "Re-association to the same ESS");
1601	if (wpa_s->current_bss && wpa_s->current_bss == bss) {
1602	wmm_ac_save_tspecs(wpa_s);
1603	wpa_s->reassoc_same_bss = 1;
1604	}
1605	} else if (rand_style > 0) {
1606	if (wpas_update_random_addr(wpa_s, rand_style) < 0)
1607	return;
1608	wpa_sm_pmksa_cache_flush(wpa_s->wpa, ssid);
1609	} else if (wpa_s->mac_addr_changed) {
1610	if (wpa_drv_set_mac_addr(wpa_s, NULL) < 0) {
1611	wpa_msg(wpa_s, MSG_INFO,
1612	"Could not restore permanent MAC address");
1613	return;
1614	}
1615	wpa_s->mac_addr_changed = 0;
1616	if (wpa_supplicant_update_mac_addr(wpa_s) < 0) {
1617	wpa_msg(wpa_s, MSG_INFO,
1618	"Could not update MAC address information");
1619	return;
1620	}
1621	wpa_msg(wpa_s, MSG_DEBUG, "Using permanent MAC address");
1622	}
1623	wpa_s->last_ssid = ssid;
1624
1625	#ifdef CONFIG_IBSS_RSN
1626	ibss_rsn_deinit(wpa_s->ibss_rsn);
1627	wpa_s->ibss_rsn = NULL;
1628	#endif /* CONFIG_IBSS_RSN */
1629
1630	if (ssid->mode == WPAS_MODE_AP \|\| ssid->mode == WPAS_MODE_P2P_GO \|\|
1631	ssid->mode == WPAS_MODE_P2P_GROUP_FORMATION) {
1632	#ifdef CONFIG_AP
1633	if (!(wpa_s->drv_flags & WPA_DRIVER_FLAGS_AP)) {
1634	wpa_msg(wpa_s, MSG_INFO, "Driver does not support AP "
1635	"mode");
1636	return;
1637	}
1638	if (wpa_supplicant_create_ap(wpa_s, ssid) < 0) {
1639	wpa_supplicant_set_state(wpa_s, WPA_DISCONNECTED);
1640	if (ssid->mode == WPAS_MODE_P2P_GROUP_FORMATION)
1641	wpas_p2p_ap_setup_failed(wpa_s);
1642	return;
1643	}
1644	wpa_s->current_bss = bss;
1645	#else /* CONFIG_AP */
1646	wpa_msg(wpa_s, MSG_ERROR, "AP mode support not included in "
1647	"the build");
1648	#endif /* CONFIG_AP */
1649	return;
1650	}
1651
1652	if (ssid->mode == WPAS_MODE_MESH) {
1653	#ifdef CONFIG_MESH
1654	if (!(wpa_s->drv_flags & WPA_DRIVER_FLAGS_MESH)) {
1655	wpa_msg(wpa_s, MSG_INFO,
1656	"Driver does not support mesh mode");
1657	return;
1658	}
1659	if (bss)
1660	ssid->frequency = bss->freq;
1661	if (wpa_supplicant_join_mesh(wpa_s, ssid) < 0) {
1662	wpa_msg(wpa_s, MSG_ERROR, "Could not join mesh");
1663	return;
1664	}
1665	wpa_s->current_bss = bss;
1666	wpa_msg_ctrl(wpa_s, MSG_INFO, MESH_GROUP_STARTED
1667	"ssid=\"%s\" id=%d",
1668	wpa_ssid_txt(ssid->ssid, ssid->ssid_len),
1669	ssid->id);
1670	#else /* CONFIG_MESH */
1671	wpa_msg(wpa_s, MSG_ERROR,
1672	"mesh mode support not included in the build");
1673	#endif /* CONFIG_MESH */
1674	return;
1675	}
1676
1677	#ifdef CONFIG_TDLS
1678	if (bss)
1679	wpa_tdls_ap_ies(wpa_s->wpa, (const u8 *) (bss + 1),
1680	bss->ie_len);
1681	#endif /* CONFIG_TDLS */
1682
1683	if ((wpa_s->drv_flags & WPA_DRIVER_FLAGS_SME) &&
1684	ssid->mode == IEEE80211_MODE_INFRA) {
1685	sme_authenticate(wpa_s, bss, ssid);
1686	return;
1687	}
1688
1689	if (wpa_s->connect_work) {
1690	wpa_dbg(wpa_s, MSG_DEBUG, "Reject wpa_supplicant_associate() call since connect_work exist");
1691	return;
1692	}
1693
1694	if (radio_work_pending(wpa_s, "connect")) {
1695	wpa_dbg(wpa_s, MSG_DEBUG, "Reject wpa_supplicant_associate() call since pending work exist");
1696	return;
1697	}
1698
1699	cwork = os_zalloc(sizeof(*cwork));
1700	if (cwork == NULL)
1701	return;
1702
1703	cwork->bss = bss;
1704	cwork->ssid = ssid;
1705
1706	if (radio_add_work(wpa_s, bss ? bss->freq : 0, "connect", 1,
1707	wpas_start_assoc_cb, cwork) < 0) {
1708	os_free(cwork);
1709	}
1710	}
1711
1712
1713	static int bss_is_ibss(struct wpa_bss *bss)
1714	{
1715	return (bss->caps & (IEEE80211_CAP_ESS \| IEEE80211_CAP_IBSS)) ==
1716	IEEE80211_CAP_IBSS;
1717	}
1718
1719
1720	void ibss_mesh_setup_freq(struct wpa_supplicant *wpa_s,
1721	const struct wpa_ssid *ssid,
1722	struct hostapd_freq_params *freq)
1723	{
1724	enum hostapd_hw_mode hw_mode;
1725	struct hostapd_hw_modes *mode = NULL;
1726	int ht40plus[] = { 36, 44, 52, 60, 100, 108, 116, 124, 132, 149, 157,
1727	184, 192 };
1728	int vht80[] = { 36, 52, 100, 116, 132, 149 };
1729	struct hostapd_channel_data pri_chan = NULL, sec_chan = NULL;
1730	u8 channel;
1731	int i, chan_idx, ht40 = -1, res, obss_scan = 1;
1732	unsigned int j;
1733	struct hostapd_freq_params vht_freq;
1734
1735	freq->freq = ssid->frequency;
1736
1737	for (j = 0; j < wpa_s->last_scan_res_used; j++) {
1738	struct wpa_bss *bss = wpa_s->last_scan_res[j];
1739
1740	if (ssid->mode != WPAS_MODE_IBSS)
1741	break;
1742
1743	/* Don't adjust control freq in case of fixed_freq */
1744	if (ssid->fixed_freq)
1745	break;
1746
1747	if (!bss_is_ibss(bss))
1748	continue;
1749
1750	if (ssid->ssid_len == bss->ssid_len &&
1751	os_memcmp(ssid->ssid, bss->ssid, bss->ssid_len) == 0) {
1752	wpa_printf(MSG_DEBUG,
1753	"IBSS already found in scan results, adjust control freq: %d",
1754	bss->freq);
1755	freq->freq = bss->freq;
1756	obss_scan = 0;
1757	break;
1758	}
1759	}
1760
1761	/* For IBSS check HT_IBSS flag */
1762	if (ssid->mode == WPAS_MODE_IBSS &&
1763	!(wpa_s->drv_flags & WPA_DRIVER_FLAGS_HT_IBSS))
1764	return;
1765
1766	if (wpa_s->group_cipher == WPA_CIPHER_WEP40 \|\|
1767	wpa_s->group_cipher == WPA_CIPHER_WEP104 \|\|
1768	wpa_s->pairwise_cipher == WPA_CIPHER_TKIP) {
1769	wpa_printf(MSG_DEBUG,
1770	"IBSS: WEP/TKIP detected, do not try to enable HT");
1771	return;
1772	}
1773
1774	hw_mode = ieee80211_freq_to_chan(freq->freq, &channel);
1775	for (i = 0; wpa_s->hw.modes && i < wpa_s->hw.num_modes; i++) {
1776	if (wpa_s->hw.modes[i].mode == hw_mode) {
1777	mode = &wpa_s->hw.modes[i];
1778	break;
1779	}
1780	}
1781
1782	if (!mode)
1783	return;
1784
1785	freq->ht_enabled = ht_supported(mode);
1786	if (!freq->ht_enabled)
1787	return;
1788
1789	/* Setup higher BW only for 5 GHz */
1790	if (mode->mode != HOSTAPD_MODE_IEEE80211A)
1791	return;
1792
1793	for (chan_idx = 0; chan_idx < mode->num_channels; chan_idx++) {
1794	pri_chan = &mode->channels[chan_idx];
1795	if (pri_chan->chan == channel)
1796	break;
1797	pri_chan = NULL;
1798	}
1799	if (!pri_chan)
1800	return;
1801
1802	/* Check primary channel flags */
1803	if (pri_chan->flag & (HOSTAPD_CHAN_DISABLED \| HOSTAPD_CHAN_NO_IR))
1804	return;
1805
1806	/* Check/setup HT40+/HT40- */
1807	for (j = 0; j < ARRAY_SIZE(ht40plus); j++) {
1808	if (ht40plus[j] == channel) {
1809	ht40 = 1;
1810	break;
1811	}
1812	}
1813
1814	/* Find secondary channel */
1815	for (i = 0; i < mode->num_channels; i++) {
1816	sec_chan = &mode->channels[i];
1817	if (sec_chan->chan == channel + ht40 * 4)
1818	break;
1819	sec_chan = NULL;
1820	}
1821	if (!sec_chan)
1822	return;
1823
1824	/* Check secondary channel flags */
1825	if (sec_chan->flag & (HOSTAPD_CHAN_DISABLED \| HOSTAPD_CHAN_NO_IR))
1826	return;
1827
1828	freq->channel = pri_chan->chan;
1829
1830	switch (ht40) {
1831	case -1:
1832	if (!(pri_chan->flag & HOSTAPD_CHAN_HT40MINUS))
1833	return;
1834	freq->sec_channel_offset = -1;
1835	break;
1836	case 1:
1837	if (!(pri_chan->flag & HOSTAPD_CHAN_HT40PLUS))
1838	return;
1839	freq->sec_channel_offset = 1;
1840	break;
1841	default:
1842	break;
1843	}
1844
1845	if (freq->sec_channel_offset && obss_scan) {
1846	struct wpa_scan_results *scan_res;
1847
1848	scan_res = wpa_supplicant_get_scan_results(wpa_s, NULL, 0);
1849	if (scan_res == NULL) {
1850	/* Back to HT20 */
1851	freq->sec_channel_offset = 0;
1852	return;
1853	}
1854
1855	res = check_40mhz_5g(mode, scan_res, pri_chan->chan,
1856	sec_chan->chan);
1857	switch (res) {
1858	case 0:
1859	/* Back to HT20 */
1860	freq->sec_channel_offset = 0;
1861	break;
1862	case 1:
1863	/* Configuration allowed */
1864	break;
1865	case 2:
1866	/* Switch pri/sec channels */
1867	freq->freq = hw_get_freq(mode, sec_chan->chan);
1868	freq->sec_channel_offset = -freq->sec_channel_offset;
1869	freq->channel = sec_chan->chan;
1870	break;
1871	default:
1872	freq->sec_channel_offset = 0;
1873	break;
1874	}
1875
1876	wpa_scan_results_free(scan_res);
1877	}
1878
1879	wpa_printf(MSG_DEBUG,
1880	"IBSS/mesh: setup freq channel %d, sec_channel_offset %d",
1881	freq->channel, freq->sec_channel_offset);
1882
1883	/* Not sure if mesh is ready for VHT */
1884	if (ssid->mode != WPAS_MODE_IBSS)
1885	return;
1886
1887	/* For IBSS check VHT_IBSS flag */
1888	if (!(wpa_s->drv_flags & WPA_DRIVER_FLAGS_VHT_IBSS))
1889	return;
1890
1891	vht_freq = *freq;
1892
1893	vht_freq.vht_enabled = vht_supported(mode);
1894	if (!vht_freq.vht_enabled)
1895	return;
1896
1897	/* setup center_freq1, bandwidth */
1898	for (j = 0; j < ARRAY_SIZE(vht80); j++) {
1899	if (freq->channel >= vht80[j] &&
1900	freq->channel < vht80[j] + 16)
1901	break;
1902	}
1903
1904	if (j == ARRAY_SIZE(vht80))
1905	return;
1906
1907	for (i = vht80[j]; i < vht80[j] + 16; i += 4) {
1908	struct hostapd_channel_data *chan;
1909
1910	chan = hw_get_channel_chan(mode, i, NULL);
1911	if (!chan)
1912	return;
1913
1914	/* Back to HT configuration if channel not usable */
1915	if (chan->flag & (HOSTAPD_CHAN_DISABLED \| HOSTAPD_CHAN_NO_IR))
1916	return;
1917	}
1918
1919	if (hostapd_set_freq_params(&vht_freq, mode->mode, freq->freq,
1920	freq->channel, freq->ht_enabled,
1921	vht_freq.vht_enabled,
1922	freq->sec_channel_offset,
1923	VHT_CHANWIDTH_80MHZ,
1924	vht80[j] + 6, 0, 0) != 0)
1925	return;
1926
1927	*freq = vht_freq;
1928
1929	wpa_printf(MSG_DEBUG, "IBSS: VHT setup freq cf1 %d, cf2 %d, bw %d",
1930	freq->center_freq1, freq->center_freq2, freq->bandwidth);
1931	}
1932
1933
1934	static void wpas_start_assoc_cb(struct wpa_radio_work *work, int deinit)
1935	{
1936	struct wpa_connect_work *cwork = work->ctx;
1937	struct wpa_bss *bss = cwork->bss;
1938	struct wpa_ssid *ssid = cwork->ssid;
1939	struct wpa_supplicant *wpa_s = work->wpa_s;
1940	u8 wpa_ie[200];
1941	size_t wpa_ie_len;
1942	int use_crypt, ret, i, bssid_changed;
1943	int algs = WPA_AUTH_ALG_OPEN;
1944	unsigned int cipher_pairwise, cipher_group;
1945	struct wpa_driver_associate_params params;
1946	int wep_keys_set = 0;
1947	int assoc_failed = 0;
1948	struct wpa_ssid *old_ssid;
1949	#ifdef CONFIG_HT_OVERRIDES
1950	struct ieee80211_ht_capabilities htcaps;
1951	struct ieee80211_ht_capabilities htcaps_mask;
1952	#endif /* CONFIG_HT_OVERRIDES */
1953	#ifdef CONFIG_VHT_OVERRIDES
1954	struct ieee80211_vht_capabilities vhtcaps;
1955	struct ieee80211_vht_capabilities vhtcaps_mask;
1956	#endif /* CONFIG_VHT_OVERRIDES */
1957
1958	if (deinit) {
1959	if (work->started) {
1960	wpa_s->connect_work = NULL;
1961
1962	/* cancel possible auth. timeout */
1963	eloop_cancel_timeout(wpa_supplicant_timeout, wpa_s,
1964	NULL);
1965	}
1966	wpas_connect_work_free(cwork);
1967	return;
1968	}
1969
1970	wpa_s->connect_work = work;
1971
1972	if (cwork->bss_removed \|\| !wpas_valid_bss_ssid(wpa_s, bss, ssid) \|\|
1973	wpas_network_disabled(wpa_s, ssid)) {
1974	wpa_dbg(wpa_s, MSG_DEBUG, "BSS/SSID entry for association not valid anymore - drop connection attempt");
1975	wpas_connect_work_done(wpa_s);
1976	return;
1977	}
1978
1979	os_memset(&params, 0, sizeof(params));
1980	wpa_s->reassociate = 0;
1981	wpa_s->eap_expected_failure = 0;
1982	if (bss &&
1983	(!wpas_driver_bss_selection(wpa_s) \|\| wpas_wps_searching(wpa_s))) {
1984	#ifdef CONFIG_IEEE80211R
1985	const u8 ie, md = NULL;
1986	#endif /* CONFIG_IEEE80211R */
1987	wpa_msg(wpa_s, MSG_INFO, "Trying to associate with " MACSTR
1988	" (SSID='%s' freq=%d MHz)", MAC2STR(bss->bssid),
1989	wpa_ssid_txt(bss->ssid, bss->ssid_len), bss->freq);
1990	bssid_changed = !is_zero_ether_addr(wpa_s->bssid);
1991	os_memset(wpa_s->bssid, 0, ETH_ALEN);
1992	os_memcpy(wpa_s->pending_bssid, bss->bssid, ETH_ALEN);
1993	if (bssid_changed)
1994	wpas_notify_bssid_changed(wpa_s);
1995	#ifdef CONFIG_IEEE80211R
1996	ie = wpa_bss_get_ie(bss, WLAN_EID_MOBILITY_DOMAIN);
1997	if (ie && ie[1] >= MOBILITY_DOMAIN_ID_LEN)
1998	md = ie + 2;
1999	wpa_sm_set_ft_params(wpa_s->wpa, ie, ie ? 2 + ie[1] : 0);
2000	if (md) {
2001	/* Prepare for the next transition */
2002	wpa_ft_prepare_auth_request(wpa_s->wpa, ie);
2003	}
2004	#endif /* CONFIG_IEEE80211R */
2005	#ifdef CONFIG_WPS
2006	} else if ((ssid->ssid == NULL \|\| ssid->ssid_len == 0) &&
2007	wpa_s->conf->ap_scan == 2 &&
2008	(ssid->key_mgmt & WPA_KEY_MGMT_WPS)) {
2009	/* Use ap_scan==1 style network selection to find the network
2010	*/
2011	wpas_connect_work_done(wpa_s);
2012	wpa_s->scan_req = MANUAL_SCAN_REQ;
2013	wpa_s->reassociate = 1;
2014	wpa_supplicant_req_scan(wpa_s, 0, 0);
2015	return;
2016	#endif /* CONFIG_WPS */
2017	} else {
2018	wpa_msg(wpa_s, MSG_INFO, "Trying to associate with SSID '%s'",
2019	wpa_ssid_txt(ssid->ssid, ssid->ssid_len));
2020	os_memset(wpa_s->pending_bssid, 0, ETH_ALEN);
2021	}
2022	if (!wpa_s->pno)
2023	wpa_supplicant_cancel_sched_scan(wpa_s);
2024
2025	wpa_supplicant_cancel_scan(wpa_s);
2026
2027	/* Starting new association, so clear the possibly used WPA IE from the
2028	* previous association. */
2029	wpa_sm_set_assoc_wpa_ie(wpa_s->wpa, NULL, 0);
2030
2031	#ifdef IEEE8021X_EAPOL
2032	if (ssid->key_mgmt & WPA_KEY_MGMT_IEEE8021X_NO_WPA) {
2033	if (ssid->leap) {
2034	if (ssid->non_leap == 0)
2035	algs = WPA_AUTH_ALG_LEAP;
2036	else
2037	algs \|= WPA_AUTH_ALG_LEAP;
2038	}
2039	}
2040	#endif /* IEEE8021X_EAPOL */
2041	wpa_dbg(wpa_s, MSG_DEBUG, "Automatic auth_alg selection: 0x%x", algs);
2042	if (ssid->auth_alg) {
2043	algs = ssid->auth_alg;
2044	wpa_dbg(wpa_s, MSG_DEBUG, "Overriding auth_alg selection: "
2045	"0x%x", algs);
2046	}
2047
2048	if (bss && (wpa_bss_get_vendor_ie(bss, WPA_IE_VENDOR_TYPE) \|\|
2049	wpa_bss_get_ie(bss, WLAN_EID_RSN)) &&
2050	wpa_key_mgmt_wpa(ssid->key_mgmt)) {
2051	int try_opportunistic;
2052	try_opportunistic = (ssid->proactive_key_caching < 0 ?
2053	wpa_s->conf->okc :
2054	ssid->proactive_key_caching) &&
2055	(ssid->proto & WPA_PROTO_RSN);
2056	if (pmksa_cache_set_current(wpa_s->wpa, NULL, bss->bssid,
2057	ssid, try_opportunistic) == 0)
2058	eapol_sm_notify_pmkid_attempt(wpa_s->eapol);
2059	wpa_ie_len = sizeof(wpa_ie);
2060	if (wpa_supplicant_set_suites(wpa_s, bss, ssid,
2061	wpa_ie, &wpa_ie_len)) {
2062	wpa_msg(wpa_s, MSG_WARNING, "WPA: Failed to set WPA "
2063	"key management and encryption suites");
2064	wpas_connect_work_done(wpa_s);
2065	return;
2066	}
2067	} else if ((ssid->key_mgmt & WPA_KEY_MGMT_IEEE8021X_NO_WPA) && bss &&
2068	wpa_key_mgmt_wpa_ieee8021x(ssid->key_mgmt)) {
2069	/*
2070	* Both WPA and non-WPA IEEE 802.1X enabled in configuration -
2071	* use non-WPA since the scan results did not indicate that the
2072	* AP is using WPA or WPA2.
2073	*/
2074	wpa_supplicant_set_non_wpa_policy(wpa_s, ssid);
2075	wpa_ie_len = 0;
2076	wpa_s->wpa_proto = 0;
2077	} else if (wpa_key_mgmt_wpa_any(ssid->key_mgmt)) {
2078	wpa_ie_len = sizeof(wpa_ie);
2079	if (wpa_supplicant_set_suites(wpa_s, NULL, ssid,
2080	wpa_ie, &wpa_ie_len)) {
2081	wpa_msg(wpa_s, MSG_WARNING, "WPA: Failed to set WPA "
2082	"key management and encryption suites (no "
2083	"scan results)");
2084	wpas_connect_work_done(wpa_s);
2085	return;
2086	}
2087	#ifdef CONFIG_WPS
2088	} else if (ssid->key_mgmt & WPA_KEY_MGMT_WPS) {
2089	struct wpabuf *wps_ie;
2090	wps_ie = wps_build_assoc_req_ie(wpas_wps_get_req_type(ssid));
2091	if (wps_ie && wpabuf_len(wps_ie) <= sizeof(wpa_ie)) {
2092	wpa_ie_len = wpabuf_len(wps_ie);
2093	os_memcpy(wpa_ie, wpabuf_head(wps_ie), wpa_ie_len);
2094	} else
2095	wpa_ie_len = 0;
2096	wpabuf_free(wps_ie);
2097	wpa_supplicant_set_non_wpa_policy(wpa_s, ssid);
2098	if (!bss \|\| (bss->caps & IEEE80211_CAP_PRIVACY))
2099	params.wps = WPS_MODE_PRIVACY;
2100	else
2101	params.wps = WPS_MODE_OPEN;
2102	wpa_s->wpa_proto = 0;
2103	#endif /* CONFIG_WPS */
2104	} else {
2105	wpa_supplicant_set_non_wpa_policy(wpa_s, ssid);
2106	wpa_ie_len = 0;
2107	wpa_s->wpa_proto = 0;
2108	}
2109
2110	#ifdef CONFIG_P2P
2111	if (wpa_s->global->p2p) {
2112	u8 *pos;
2113	size_t len;
2114	int res;
2115	pos = wpa_ie + wpa_ie_len;
2116	len = sizeof(wpa_ie) - wpa_ie_len;
2117	res = wpas_p2p_assoc_req_ie(wpa_s, bss, pos, len,
2118	ssid->p2p_group);
2119	if (res >= 0)
2120	wpa_ie_len += res;
2121	}
2122
2123	wpa_s->cross_connect_disallowed = 0;
2124	if (bss) {
2125	struct wpabuf *p2p;
2126	p2p = wpa_bss_get_vendor_ie_multi(bss, P2P_IE_VENDOR_TYPE);
2127	if (p2p) {
2128	wpa_s->cross_connect_disallowed =
2129	p2p_get_cross_connect_disallowed(p2p);
2130	wpabuf_free(p2p);
2131	wpa_dbg(wpa_s, MSG_DEBUG, "P2P: WLAN AP %s cross "
2132	"connection",
2133	wpa_s->cross_connect_disallowed ?
2134	"disallows" : "allows");
2135	}
2136	}
2137
2138	os_memset(wpa_s->p2p_ip_addr_info, 0, sizeof(wpa_s->p2p_ip_addr_info));
2139	#endif /* CONFIG_P2P */
2140
2141	#ifdef CONFIG_HS20
2142	if (is_hs20_network(wpa_s, ssid, bss)) {
2143	struct wpabuf *hs20;
2144	hs20 = wpabuf_alloc(20);
2145	if (hs20) {
2146	int pps_mo_id = hs20_get_pps_mo_id(wpa_s, ssid);
2147	size_t len;
2148
2149	wpas_hs20_add_indication(hs20, pps_mo_id);
2150	len = sizeof(wpa_ie) - wpa_ie_len;
2151	if (wpabuf_len(hs20) <= len) {
2152	os_memcpy(wpa_ie + wpa_ie_len,
2153	wpabuf_head(hs20), wpabuf_len(hs20));
2154	wpa_ie_len += wpabuf_len(hs20);
2155	}
2156	wpabuf_free(hs20);
2157	}
2158	}
2159	#endif /* CONFIG_HS20 */
2160
2161	/*
2162	* Workaround: Add Extended Capabilities element only if the AP
2163	* included this element in Beacon/Probe Response frames. Some older
2164	* APs seem to have interoperability issues if this element is
2165	* included, so while the standard may require us to include the
2166	* element in all cases, it is justifiable to skip it to avoid
2167	* interoperability issues.
2168	*/
2169	if (!bss \|\| wpa_bss_get_ie(bss, WLAN_EID_EXT_CAPAB)) {
2170	u8 ext_capab[18];
2171	int ext_capab_len;
2172	ext_capab_len = wpas_build_ext_capab(wpa_s, ext_capab,
2173	sizeof(ext_capab));
2174	if (ext_capab_len > 0) {
2175	u8 *pos = wpa_ie;
2176	if (wpa_ie_len > 0 && pos[0] == WLAN_EID_RSN)
2177	pos += 2 + pos[1];
2178	os_memmove(pos + ext_capab_len, pos,
2179	wpa_ie_len - (pos - wpa_ie));
2180	wpa_ie_len += ext_capab_len;
2181	os_memcpy(pos, ext_capab, ext_capab_len);
2182	}
2183	}
2184
2185	if (wpa_s->vendor_elem[VENDOR_ELEM_ASSOC_REQ]) {
2186	struct wpabuf *buf = wpa_s->vendor_elem[VENDOR_ELEM_ASSOC_REQ];
2187	size_t len;
2188
2189	len = sizeof(wpa_ie) - wpa_ie_len;
2190	if (wpabuf_len(buf) <= len) {
2191	os_memcpy(wpa_ie + wpa_ie_len,
2192	wpabuf_head(buf), wpabuf_len(buf));
2193	wpa_ie_len += wpabuf_len(buf);
2194	}
2195	}
2196
2197	#ifdef CONFIG_FST
2198	if (wpa_s->fst_ies) {
2199	int fst_ies_len = wpabuf_len(wpa_s->fst_ies);
2200
2201	if (wpa_ie_len + fst_ies_len <= sizeof(wpa_ie)) {
2202	os_memcpy(wpa_ie + wpa_ie_len,
2203	wpabuf_head(wpa_s->fst_ies), fst_ies_len);
2204	wpa_ie_len += fst_ies_len;
2205	}
2206	}
2207	#endif /* CONFIG_FST */
2208
2209	wpa_clear_keys(wpa_s, bss ? bss->bssid : NULL);
2210	use_crypt = 1;
2211	cipher_pairwise = wpa_s->pairwise_cipher;
2212	cipher_group = wpa_s->group_cipher;
2213	if (wpa_s->key_mgmt == WPA_KEY_MGMT_NONE \|\|
2214	wpa_s->key_mgmt == WPA_KEY_MGMT_IEEE8021X_NO_WPA) {
2215	if (wpa_s->key_mgmt == WPA_KEY_MGMT_NONE)
2216	use_crypt = 0;
2217	if (wpa_set_wep_keys(wpa_s, ssid)) {
2218	use_crypt = 1;
2219	wep_keys_set = 1;
2220	}
2221	}
2222	if (wpa_s->key_mgmt == WPA_KEY_MGMT_WPS)
2223	use_crypt = 0;
2224
2225	#ifdef IEEE8021X_EAPOL
2226	if (wpa_s->key_mgmt == WPA_KEY_MGMT_IEEE8021X_NO_WPA) {
2227	if ((ssid->eapol_flags &
2228	(EAPOL_FLAG_REQUIRE_KEY_UNICAST \|
2229	EAPOL_FLAG_REQUIRE_KEY_BROADCAST)) == 0 &&
2230	!wep_keys_set) {
2231	use_crypt = 0;
2232	} else {
2233	/* Assume that dynamic WEP-104 keys will be used and
2234	* set cipher suites in order for drivers to expect
2235	* encryption. */
2236	cipher_pairwise = cipher_group = WPA_CIPHER_WEP104;
2237	}
2238	}
2239	#endif /* IEEE8021X_EAPOL */
2240
2241	if (wpa_s->key_mgmt == WPA_KEY_MGMT_WPA_NONE) {
2242	/* Set the key before (and later after) association */
2243	wpa_supplicant_set_wpa_none_key(wpa_s, ssid);
2244	}
2245
2246	wpa_supplicant_set_state(wpa_s, WPA_ASSOCIATING);
2247	if (bss) {
2248	params.ssid = bss->ssid;
2249	params.ssid_len = bss->ssid_len;
2250	if (!wpas_driver_bss_selection(wpa_s) \|\| ssid->bssid_set) {
2251	wpa_printf(MSG_DEBUG, "Limit connection to BSSID "
2252	MACSTR " freq=%u MHz based on scan results "
2253	"(bssid_set=%d)",
2254	MAC2STR(bss->bssid), bss->freq,
2255	ssid->bssid_set);
2256	params.bssid = bss->bssid;
2257	params.freq.freq = bss->freq;
2258	}
2259	params.bssid_hint = bss->bssid;
2260	params.freq_hint = bss->freq;
2261	} else {
2262	params.ssid = ssid->ssid;
2263	params.ssid_len = ssid->ssid_len;
2264	}
2265
2266	if (ssid->mode == WPAS_MODE_IBSS && ssid->bssid_set &&
2267	wpa_s->conf->ap_scan == 2) {
2268	params.bssid = ssid->bssid;
2269	params.fixed_bssid = 1;
2270	}
2271
2272	/* Initial frequency for IBSS/mesh */
2273	if ((ssid->mode == WPAS_MODE_IBSS \|\| ssid->mode == WPAS_MODE_MESH) &&
2274	ssid->frequency > 0 && params.freq.freq == 0)
2275	ibss_mesh_setup_freq(wpa_s, ssid, &params.freq);
2276
2277	if (ssid->mode == WPAS_MODE_IBSS) {
2278	params.fixed_freq = ssid->fixed_freq;
2279	if (ssid->beacon_int)
2280	params.beacon_int = ssid->beacon_int;
2281	else
2282	params.beacon_int = wpa_s->conf->beacon_int;
2283	}
2284
2285	params.wpa_ie = wpa_ie;
2286	params.wpa_ie_len = wpa_ie_len;
2287	params.pairwise_suite = cipher_pairwise;
2288	params.group_suite = cipher_group;
2289	params.key_mgmt_suite = wpa_s->key_mgmt;
2290	params.wpa_proto = wpa_s->wpa_proto;
2291	params.auth_alg = algs;
2292	params.mode = ssid->mode;
2293	params.bg_scan_period = ssid->bg_scan_period;
2294	for (i = 0; i < NUM_WEP_KEYS; i++) {
2295	if (ssid->wep_key_len[i])
2296	params.wep_key[i] = ssid->wep_key[i];
2297	params.wep_key_len[i] = ssid->wep_key_len[i];
2298	}
2299	params.wep_tx_keyidx = ssid->wep_tx_keyidx;
2300
2301	if ((wpa_s->drv_flags & WPA_DRIVER_FLAGS_4WAY_HANDSHAKE) &&
2302	(params.key_mgmt_suite == WPA_KEY_MGMT_PSK \|\|
2303	params.key_mgmt_suite == WPA_KEY_MGMT_FT_PSK)) {
2304	params.passphrase = ssid->passphrase;
2305	if (ssid->psk_set)
2306	params.psk = ssid->psk;
2307	}
2308
2309	if (wpa_s->conf->key_mgmt_offload) {
2310	if (params.key_mgmt_suite == WPA_KEY_MGMT_IEEE8021X \|\|
2311	params.key_mgmt_suite == WPA_KEY_MGMT_IEEE8021X_SHA256 \|\|
2312	params.key_mgmt_suite == WPA_KEY_MGMT_IEEE8021X_SUITE_B \|\|
2313	params.key_mgmt_suite == WPA_KEY_MGMT_IEEE8021X_SUITE_B_192)
2314	params.req_key_mgmt_offload =
2315	ssid->proactive_key_caching < 0 ?
2316	wpa_s->conf->okc : ssid->proactive_key_caching;
2317	else
2318	params.req_key_mgmt_offload = 1;
2319
2320	if ((params.key_mgmt_suite == WPA_KEY_MGMT_PSK \|\|
2321	params.key_mgmt_suite == WPA_KEY_MGMT_PSK_SHA256 \|\|
2322	params.key_mgmt_suite == WPA_KEY_MGMT_FT_PSK) &&
2323	ssid->psk_set)
2324	params.psk = ssid->psk;
2325	}
2326
2327	params.drop_unencrypted = use_crypt;
2328
2329	#ifdef CONFIG_IEEE80211W
2330	params.mgmt_frame_protection = wpas_get_ssid_pmf(wpa_s, ssid);
2331	if (params.mgmt_frame_protection != NO_MGMT_FRAME_PROTECTION && bss) {
2332	const u8 *rsn = wpa_bss_get_ie(bss, WLAN_EID_RSN);
2333	struct wpa_ie_data ie;
2334	if (rsn && wpa_parse_wpa_ie(rsn, 2 + rsn[1], &ie) == 0 &&
2335	ie.capabilities &
2336	(WPA_CAPABILITY_MFPC \| WPA_CAPABILITY_MFPR)) {
2337	wpa_dbg(wpa_s, MSG_DEBUG, "WPA: Selected AP supports "
2338	"MFP: require MFP");
2339	params.mgmt_frame_protection =
2340	MGMT_FRAME_PROTECTION_REQUIRED;
2341	}
2342	}
2343	#endif /* CONFIG_IEEE80211W */
2344
2345	params.p2p = ssid->p2p_group;
2346
2347	if (wpa_s->parent->set_sta_uapsd)
2348	params.uapsd = wpa_s->parent->sta_uapsd;
2349	else
2350	params.uapsd = -1;
2351
2352	#ifdef CONFIG_HT_OVERRIDES
2353	os_memset(&htcaps, 0, sizeof(htcaps));
2354	os_memset(&htcaps_mask, 0, sizeof(htcaps_mask));
2355	params.htcaps = (u8 *) &htcaps;
2356	params.htcaps_mask = (u8 *) &htcaps_mask;
2357	wpa_supplicant_apply_ht_overrides(wpa_s, ssid, &params);
2358	#endif /* CONFIG_HT_OVERRIDES */
2359	#ifdef CONFIG_VHT_OVERRIDES
2360	os_memset(&vhtcaps, 0, sizeof(vhtcaps));
2361	os_memset(&vhtcaps_mask, 0, sizeof(vhtcaps_mask));
2362	params.vhtcaps = &vhtcaps;
2363	params.vhtcaps_mask = &vhtcaps_mask;
2364	wpa_supplicant_apply_vht_overrides(wpa_s, ssid, &params);
2365	#endif /* CONFIG_VHT_OVERRIDES */
2366
2367	#ifdef CONFIG_P2P
2368	/*
2369	* If multi-channel concurrency is not supported, check for any
2370	* frequency conflict. In case of any frequency conflict, remove the
2371	* least prioritized connection.
2372	*/
2373	if (wpa_s->num_multichan_concurrent < 2) {
2374	int freq, num;
2375	num = get_shared_radio_freqs(wpa_s, &freq, 1);
2376	if (num > 0 && freq > 0 && freq != params.freq.freq) {
2377	wpa_printf(MSG_DEBUG,
2378	"Assoc conflicting freq found (%d != %d)",
2379	freq, params.freq.freq);
2380	if (wpas_p2p_handle_frequency_conflicts(
2381	wpa_s, params.freq.freq, ssid) < 0) {
2382	wpas_connect_work_done(wpa_s);
2383	return;
2384	}
2385	}
2386	}
2387	#endif /* CONFIG_P2P */
2388
2389	ret = wpa_drv_associate(wpa_s, &params);
2390	if (ret < 0) {
2391	wpa_msg(wpa_s, MSG_INFO, "Association request to the driver "
2392	"failed");
2393	if (wpa_s->drv_flags & WPA_DRIVER_FLAGS_SANE_ERROR_CODES) {
2394	/*
2395	* The driver is known to mean what is saying, so we
2396	* can stop right here; the association will not
2397	* succeed.
2398	*/
2399	wpas_connection_failed(wpa_s, wpa_s->pending_bssid);
2400	wpa_supplicant_set_state(wpa_s, WPA_DISCONNECTED);
2401	os_memset(wpa_s->pending_bssid, 0, ETH_ALEN);
2402	return;
2403	}
2404	/* try to continue anyway; new association will be tried again
2405	* after timeout */
2406	assoc_failed = 1;
2407	}
2408
2409	if (wpa_s->key_mgmt == WPA_KEY_MGMT_WPA_NONE) {
2410	/* Set the key after the association just in case association
2411	* cleared the previously configured key. */
2412	wpa_supplicant_set_wpa_none_key(wpa_s, ssid);
2413	/* No need to timeout authentication since there is no key
2414	* management. */
2415	wpa_supplicant_cancel_auth_timeout(wpa_s);
2416	wpa_supplicant_set_state(wpa_s, WPA_COMPLETED);
2417	#ifdef CONFIG_IBSS_RSN
2418	} else if (ssid->mode == WPAS_MODE_IBSS &&
2419	wpa_s->key_mgmt != WPA_KEY_MGMT_NONE &&
2420	wpa_s->key_mgmt != WPA_KEY_MGMT_WPA_NONE) {
2421	/*
2422	* RSN IBSS authentication is per-STA and we can disable the
2423	* per-BSSID authentication.
2424	*/
2425	wpa_supplicant_cancel_auth_timeout(wpa_s);
2426	#endif /* CONFIG_IBSS_RSN */
2427	} else {
2428	/* Timeout for IEEE 802.11 authentication and association */
2429	int timeout = 60;
2430
2431	if (assoc_failed) {
2432	/* give IBSS a bit more time */
2433	timeout = ssid->mode == WPAS_MODE_IBSS ? 10 : 5;
2434	} else if (wpa_s->conf->ap_scan == 1) {
2435	/* give IBSS a bit more time */
2436	timeout = ssid->mode == WPAS_MODE_IBSS ? 20 : 10;
2437	}
2438	wpa_supplicant_req_auth_timeout(wpa_s, timeout, 0);
2439	}
2440
2441	if (wep_keys_set &&
2442	(wpa_s->drv_flags & WPA_DRIVER_FLAGS_SET_KEYS_AFTER_ASSOC)) {
2443	/* Set static WEP keys again */
2444	wpa_set_wep_keys(wpa_s, ssid);
2445	}
2446
2447	if (wpa_s->current_ssid && wpa_s->current_ssid != ssid) {
2448	/*
2449	* Do not allow EAP session resumption between different
2450	* network configurations.
2451	*/
2452	eapol_sm_invalidate_cached_session(wpa_s->eapol);
2453	}
2454	old_ssid = wpa_s->current_ssid;
2455	wpa_s->current_ssid = ssid;
2456	if (!wpas_driver_bss_selection(wpa_s) \|\| ssid->bssid_set)
2457	wpa_s->current_bss = bss;
2458	wpa_supplicant_rsn_supp_set_config(wpa_s, wpa_s->current_ssid);
2459	wpa_supplicant_initiate_eapol(wpa_s);
2460	if (old_ssid != wpa_s->current_ssid)
2461	wpas_notify_network_changed(wpa_s);
2462	}
2463
2464
2465	static void wpa_supplicant_clear_connection(struct wpa_supplicant *wpa_s,
2466	const u8 *addr)
2467	{
2468	struct wpa_ssid *old_ssid;
2469
2470	wpas_connect_work_done(wpa_s);
2471	wpa_clear_keys(wpa_s, addr);
2472	old_ssid = wpa_s->current_ssid;
2473	wpa_supplicant_mark_disassoc(wpa_s);
2474	wpa_sm_set_config(wpa_s->wpa, NULL);
2475	eapol_sm_notify_config(wpa_s->eapol, NULL, NULL);
2476	if (old_ssid != wpa_s->current_ssid)
2477	wpas_notify_network_changed(wpa_s);
2478	eloop_cancel_timeout(wpa_supplicant_timeout, wpa_s, NULL);
2479	}
2480
2481
2482	/**
2483	* wpa_supplicant_deauthenticate - Deauthenticate the current connection
2484	* @wpa_s: Pointer to wpa_supplicant data
2485	* @reason_code: IEEE 802.11 reason code for the deauthenticate frame
2486	*
2487	* This function is used to request %wpa_supplicant to deauthenticate from the
2488	* current AP.
2489	*/
2490	void wpa_supplicant_deauthenticate(struct wpa_supplicant *wpa_s,
2491	int reason_code)
2492	{
2493	u8 *addr = NULL;
2494	union wpa_event_data event;
2495	int zero_addr = 0;
2496
2497	wpa_dbg(wpa_s, MSG_DEBUG, "Request to deauthenticate - bssid=" MACSTR
2498	" pending_bssid=" MACSTR " reason=%d state=%s",
2499	MAC2STR(wpa_s->bssid), MAC2STR(wpa_s->pending_bssid),
2500	reason_code, wpa_supplicant_state_txt(wpa_s->wpa_state));
2501
2502	if (!is_zero_ether_addr(wpa_s->bssid))
2503	addr = wpa_s->bssid;
2504	else if (!is_zero_ether_addr(wpa_s->pending_bssid) &&
2505	(wpa_s->wpa_state == WPA_AUTHENTICATING \|\|
2506	wpa_s->wpa_state == WPA_ASSOCIATING))
2507	addr = wpa_s->pending_bssid;
2508	else if (wpa_s->wpa_state == WPA_ASSOCIATING) {
2509	/*
2510	* When using driver-based BSS selection, we may not know the
2511	* BSSID with which we are currently trying to associate. We
2512	* need to notify the driver of this disconnection even in such
2513	* a case, so use the all zeros address here.
2514	*/
2515	addr = wpa_s->bssid;
2516	zero_addr = 1;
2517	}
2518
2519	#ifdef CONFIG_TDLS
2520	wpa_tdls_teardown_peers(wpa_s->wpa);
2521	#endif /* CONFIG_TDLS */
2522
2523	#ifdef CONFIG_MESH
2524	if (wpa_s->ifmsh) {
2525	wpa_msg_ctrl(wpa_s, MSG_INFO, MESH_GROUP_REMOVED "%s",
2526	wpa_s->ifname);
2527	wpa_supplicant_leave_mesh(wpa_s);
2528	}
2529	#endif /* CONFIG_MESH */
2530
2531	if (addr) {
2532	wpa_drv_deauthenticate(wpa_s, addr, reason_code);
2533	os_memset(&event, 0, sizeof(event));
2534	event.deauth_info.reason_code = (u16) reason_code;
2535	event.deauth_info.locally_generated = 1;
2536	wpa_supplicant_event(wpa_s, EVENT_DEAUTH, &event);
2537	if (zero_addr)
2538	addr = NULL;
2539	}
2540
2541	wpa_supplicant_clear_connection(wpa_s, addr);
2542	}
2543
2544	static void wpa_supplicant_enable_one_network(struct wpa_supplicant *wpa_s,
2545	struct wpa_ssid *ssid)
2546	{
2547	if (!ssid \|\| !ssid->disabled \|\| ssid->disabled == 2)
2548	return;
2549
2550	ssid->disabled = 0;
2551	wpas_clear_temp_disabled(wpa_s, ssid, 1);
2552	wpas_notify_network_enabled_changed(wpa_s, ssid);
2553
2554	/*
2555	* Try to reassociate since there is no current configuration and a new
2556	* network was made available.
2557	*/
2558	if (!wpa_s->current_ssid && !wpa_s->disconnected)
2559	wpa_s->reassociate = 1;
2560	}
2561
2562
2563	/**
2564	* wpa_supplicant_enable_network - Mark a configured network as enabled
2565	* @wpa_s: wpa_supplicant structure for a network interface
2566	* @ssid: wpa_ssid structure for a configured network or %NULL
2567	*
2568	* Enables the specified network or all networks if no network specified.
2569	*/
2570	void wpa_supplicant_enable_network(struct wpa_supplicant *wpa_s,
2571	struct wpa_ssid *ssid)
2572	{
2573	if (ssid == NULL) {
2574	for (ssid = wpa_s->conf->ssid; ssid; ssid = ssid->next)
2575	wpa_supplicant_enable_one_network(wpa_s, ssid);
2576	} else
2577	wpa_supplicant_enable_one_network(wpa_s, ssid);
2578
2579	if (wpa_s->reassociate && !wpa_s->disconnected &&
2580	(!wpa_s->current_ssid \|\|
2581	wpa_s->wpa_state == WPA_DISCONNECTED \|\|
2582	wpa_s->wpa_state == WPA_SCANNING)) {
2583	if (wpa_s->sched_scanning) {
2584	wpa_printf(MSG_DEBUG, "Stop ongoing sched_scan to add "
2585	"new network to scan filters");
2586	wpa_supplicant_cancel_sched_scan(wpa_s);
2587	}
2588
2589	if (wpa_supplicant_fast_associate(wpa_s) != 1) {
2590	wpa_s->scan_req = NORMAL_SCAN_REQ;
2591	wpa_supplicant_req_scan(wpa_s, 0, 0);
2592	}
2593	}
2594	}
2595
2596
2597	/**
2598	* wpa_supplicant_disable_network - Mark a configured network as disabled
2599	* @wpa_s: wpa_supplicant structure for a network interface
2600	* @ssid: wpa_ssid structure for a configured network or %NULL
2601	*
2602	* Disables the specified network or all networks if no network specified.
2603	*/
2604	void wpa_supplicant_disable_network(struct wpa_supplicant *wpa_s,
2605	struct wpa_ssid *ssid)
2606	{
2607	struct wpa_ssid *other_ssid;
2608	int was_disabled;
2609
2610	if (ssid == NULL) {
2611	if (wpa_s->sched_scanning)
2612	wpa_supplicant_cancel_sched_scan(wpa_s);
2613
2614	for (other_ssid = wpa_s->conf->ssid; other_ssid;
2615	other_ssid = other_ssid->next) {
2616	was_disabled = other_ssid->disabled;
2617	if (was_disabled == 2)
2618	continue; /* do not change persistent P2P group
2619	* data */
2620
2621	other_ssid->disabled = 1;
2622
2623	if (was_disabled != other_ssid->disabled)
2624	wpas_notify_network_enabled_changed(
2625	wpa_s, other_ssid);
2626	}
2627	if (wpa_s->current_ssid)
2628	wpa_supplicant_deauthenticate(
2629	wpa_s, WLAN_REASON_DEAUTH_LEAVING);
2630	} else if (ssid->disabled != 2) {
2631	if (ssid == wpa_s->current_ssid)
2632	wpa_supplicant_deauthenticate(
2633	wpa_s, WLAN_REASON_DEAUTH_LEAVING);
2634
2635	was_disabled = ssid->disabled;
2636
2637	ssid->disabled = 1;
2638
2639	if (was_disabled != ssid->disabled) {
2640	wpas_notify_network_enabled_changed(wpa_s, ssid);
2641	if (wpa_s->sched_scanning) {
2642	wpa_printf(MSG_DEBUG, "Stop ongoing sched_scan "
2643	"to remove network from filters");
2644	wpa_supplicant_cancel_sched_scan(wpa_s);
2645	wpa_supplicant_req_scan(wpa_s, 0, 0);
2646	}
2647	}
2648	}
2649	}
2650
2651
2652	/**
2653	* wpa_supplicant_select_network - Attempt association with a network
2654	* @wpa_s: wpa_supplicant structure for a network interface
2655	* @ssid: wpa_ssid structure for a configured network or %NULL for any network
2656	*/
2657	void wpa_supplicant_select_network(struct wpa_supplicant *wpa_s,
2658	struct wpa_ssid *ssid)
2659	{
2660
2661	struct wpa_ssid *other_ssid;
2662	int disconnected = 0;
2663
2664	if (ssid && ssid != wpa_s->current_ssid && wpa_s->current_ssid) {
2665	if (wpa_s->wpa_state >= WPA_AUTHENTICATING)
2666	wpa_s->own_disconnect_req = 1;
2667	wpa_supplicant_deauthenticate(
2668	wpa_s, WLAN_REASON_DEAUTH_LEAVING);
2669	disconnected = 1;
2670	}
2671
2672	if (ssid)
2673	wpas_clear_temp_disabled(wpa_s, ssid, 1);
2674
2675	/*
2676	* Mark all other networks disabled or mark all networks enabled if no
2677	* network specified.
2678	*/
2679	for (other_ssid = wpa_s->conf->ssid; other_ssid;
2680	other_ssid = other_ssid->next) {
2681	int was_disabled = other_ssid->disabled;
2682	if (was_disabled == 2)
2683	continue; /* do not change persistent P2P group data */
2684
2685	other_ssid->disabled = ssid ? (ssid->id != other_ssid->id) : 0;
2686	if (was_disabled && !other_ssid->disabled)
2687	wpas_clear_temp_disabled(wpa_s, other_ssid, 0);
2688
2689	if (was_disabled != other_ssid->disabled)
2690	wpas_notify_network_enabled_changed(wpa_s, other_ssid);
2691	}
2692
2693	if (ssid && ssid == wpa_s->current_ssid && wpa_s->current_ssid) {
2694	/* We are already associated with the selected network */
2695	wpa_printf(MSG_DEBUG, "Already associated with the "
2696	"selected network - do nothing");
2697	return;
2698	}
2699
2700	if (ssid) {
2701	wpa_s->current_ssid = ssid;
2702	eapol_sm_notify_config(wpa_s->eapol, NULL, NULL);
2703	wpa_s->connect_without_scan =
2704	(ssid->mode == WPAS_MODE_MESH) ? ssid : NULL;
2705
2706	/*
2707	* Don't optimize next scan freqs since a new ESS has been
2708	* selected.
2709	*/
2710	os_free(wpa_s->next_scan_freqs);
2711	wpa_s->next_scan_freqs = NULL;
2712	} else {
2713	wpa_s->connect_without_scan = NULL;
2714	}
2715
2716	wpa_s->disconnected = 0;
2717	wpa_s->reassociate = 1;
2718
2719	if (wpa_s->connect_without_scan \|\|
2720	wpa_supplicant_fast_associate(wpa_s) != 1) {
2721	wpa_s->scan_req = NORMAL_SCAN_REQ;
2722	wpa_supplicant_req_scan(wpa_s, 0, disconnected ? 100000 : 0);
2723	}
2724
2725	if (ssid)
2726	wpas_notify_network_selected(wpa_s, ssid);
2727	}
2728
2729
2730	/**
2731	* wpas_set_pkcs11_engine_and_module_path - Set PKCS #11 engine and module path
2732	* @wpa_s: wpa_supplicant structure for a network interface
2733	* @pkcs11_engine_path: PKCS #11 engine path or NULL
2734	* @pkcs11_module_path: PKCS #11 module path or NULL
2735	* Returns: 0 on success; -1 on failure
2736	*
2737	* Sets the PKCS #11 engine and module path. Both have to be NULL or a valid
2738	* path. If resetting the EAPOL state machine with the new PKCS #11 engine and
2739	* module path fails the paths will be reset to the default value (NULL).
2740	*/
2741	int wpas_set_pkcs11_engine_and_module_path(struct wpa_supplicant *wpa_s,
2742	const char *pkcs11_engine_path,
2743	const char *pkcs11_module_path)
2744	{
2745	char *pkcs11_engine_path_copy = NULL;
2746	char *pkcs11_module_path_copy = NULL;
2747
2748	if (pkcs11_engine_path != NULL) {
2749	pkcs11_engine_path_copy = os_strdup(pkcs11_engine_path);
2750	if (pkcs11_engine_path_copy == NULL)
2751	return -1;
2752	}
2753	if (pkcs11_module_path != NULL) {
2754	pkcs11_module_path_copy = os_strdup(pkcs11_module_path);
2755	if (pkcs11_module_path_copy == NULL) {
2756	os_free(pkcs11_engine_path_copy);
2757	return -1;
2758	}
2759	}
2760
2761	os_free(wpa_s->conf->pkcs11_engine_path);
2762	os_free(wpa_s->conf->pkcs11_module_path);
2763	wpa_s->conf->pkcs11_engine_path = pkcs11_engine_path_copy;
2764	wpa_s->conf->pkcs11_module_path = pkcs11_module_path_copy;
2765
2766	wpa_sm_set_eapol(wpa_s->wpa, NULL);
2767	eapol_sm_deinit(wpa_s->eapol);
2768	wpa_s->eapol = NULL;
2769	if (wpa_supplicant_init_eapol(wpa_s)) {
2770	/* Error -> Reset paths to the default value (NULL) once. */
2771	if (pkcs11_engine_path != NULL && pkcs11_module_path != NULL)
2772	wpas_set_pkcs11_engine_and_module_path(wpa_s, NULL,
2773	NULL);
2774
2775	return -1;
2776	}
2777	wpa_sm_set_eapol(wpa_s->wpa, wpa_s->eapol);
2778
2779	return 0;
2780	}
2781
2782
2783	/**
2784	* wpa_supplicant_set_ap_scan - Set AP scan mode for interface
2785	* @wpa_s: wpa_supplicant structure for a network interface
2786	* @ap_scan: AP scan mode
2787	* Returns: 0 if succeed or -1 if ap_scan has an invalid value
2788	*
2789	*/
2790	int wpa_supplicant_set_ap_scan(struct wpa_supplicant *wpa_s, int ap_scan)
2791	{
2792
2793	int old_ap_scan;
2794
2795	if (ap_scan < 0 \|\| ap_scan > 2)
2796	return -1;
2797
2798	if (ap_scan == 2 && os_strcmp(wpa_s->driver->name, "nl80211") == 0) {
2799	wpa_printf(MSG_INFO,
2800	"Note: nl80211 driver interface is not designed to be used with ap_scan=2; this can result in connection failures");
2801	}
2802
2803	#ifdef ANDROID
2804	if (ap_scan == 2 && ap_scan != wpa_s->conf->ap_scan &&
2805	wpa_s->wpa_state >= WPA_ASSOCIATING &&
2806	wpa_s->wpa_state < WPA_COMPLETED) {
2807	wpa_printf(MSG_ERROR, "ap_scan = %d (%d) rejected while "
2808	"associating", wpa_s->conf->ap_scan, ap_scan);
2809	return 0;
2810	}
2811	#endif /* ANDROID */
2812
2813	old_ap_scan = wpa_s->conf->ap_scan;
2814	wpa_s->conf->ap_scan = ap_scan;
2815
2816	if (old_ap_scan != wpa_s->conf->ap_scan)
2817	wpas_notify_ap_scan_changed(wpa_s);
2818
2819	return 0;
2820	}
2821
2822
2823	/**
2824	* wpa_supplicant_set_bss_expiration_age - Set BSS entry expiration age
2825	* @wpa_s: wpa_supplicant structure for a network interface
2826	* @expire_age: Expiration age in seconds
2827	* Returns: 0 if succeed or -1 if expire_age has an invalid value
2828	*
2829	*/
2830	int wpa_supplicant_set_bss_expiration_age(struct wpa_supplicant *wpa_s,
2831	unsigned int bss_expire_age)
2832	{
2833	if (bss_expire_age < 10) {
2834	wpa_msg(wpa_s, MSG_ERROR, "Invalid bss expiration age %u",
2835	bss_expire_age);
2836	return -1;
2837	}
2838	wpa_msg(wpa_s, MSG_DEBUG, "Setting bss expiration age: %d sec",
2839	bss_expire_age);
2840	wpa_s->conf->bss_expiration_age = bss_expire_age;
2841
2842	return 0;
2843	}
2844
2845
2846	/**
2847	* wpa_supplicant_set_bss_expiration_count - Set BSS entry expiration scan count
2848	* @wpa_s: wpa_supplicant structure for a network interface
2849	* @expire_count: number of scans after which an unseen BSS is reclaimed
2850	* Returns: 0 if succeed or -1 if expire_count has an invalid value
2851	*
2852	*/
2853	int wpa_supplicant_set_bss_expiration_count(struct wpa_supplicant *wpa_s,
2854	unsigned int bss_expire_count)
2855	{
2856	if (bss_expire_count < 1) {
2857	wpa_msg(wpa_s, MSG_ERROR, "Invalid bss expiration count %u",
2858	bss_expire_count);
2859	return -1;
2860	}
2861	wpa_msg(wpa_s, MSG_DEBUG, "Setting bss expiration scan count: %u",
2862	bss_expire_count);
2863	wpa_s->conf->bss_expiration_scan_count = bss_expire_count;
2864
2865	return 0;
2866	}
2867
2868
2869	/**
2870	* wpa_supplicant_set_scan_interval - Set scan interval
2871	* @wpa_s: wpa_supplicant structure for a network interface
2872	* @scan_interval: scan interval in seconds
2873	* Returns: 0 if succeed or -1 if scan_interval has an invalid value
2874	*
2875	*/
2876	int wpa_supplicant_set_scan_interval(struct wpa_supplicant *wpa_s,
2877	int scan_interval)
2878	{
2879	if (scan_interval < 0) {
2880	wpa_msg(wpa_s, MSG_ERROR, "Invalid scan interval %d",
2881	scan_interval);
2882	return -1;
2883	}
2884	wpa_msg(wpa_s, MSG_DEBUG, "Setting scan interval: %d sec",
2885	scan_interval);
2886	wpa_supplicant_update_scan_int(wpa_s, scan_interval);
2887
2888	return 0;
2889	}
2890
2891
2892	/**
2893	* wpa_supplicant_set_debug_params - Set global debug params
2894	* @global: wpa_global structure
2895	* @debug_level: debug level
2896	* @debug_timestamp: determines if show timestamp in debug data
2897	* @debug_show_keys: determines if show keys in debug data
2898	* Returns: 0 if succeed or -1 if debug_level has wrong value
2899	*/
2900	int wpa_supplicant_set_debug_params(struct wpa_global *global, int debug_level,
2901	int debug_timestamp, int debug_show_keys)
2902	{
2903
2904	int old_level, old_timestamp, old_show_keys;
2905
2906	/* check for allowed debuglevels */
2907	if (debug_level != MSG_EXCESSIVE &&
2908	debug_level != MSG_MSGDUMP &&
2909	debug_level != MSG_DEBUG &&
2910	debug_level != MSG_INFO &&
2911	debug_level != MSG_WARNING &&
2912	debug_level != MSG_ERROR)
2913	return -1;
2914
2915	old_level = wpa_debug_level;
2916	old_timestamp = wpa_debug_timestamp;
2917	old_show_keys = wpa_debug_show_keys;
2918
2919	wpa_debug_level = debug_level;
2920	wpa_debug_timestamp = debug_timestamp ? 1 : 0;
2921	wpa_debug_show_keys = debug_show_keys ? 1 : 0;
2922
2923	if (wpa_debug_level != old_level)
2924	wpas_notify_debug_level_changed(global);
2925	if (wpa_debug_timestamp != old_timestamp)
2926	wpas_notify_debug_timestamp_changed(global);
2927	if (wpa_debug_show_keys != old_show_keys)
2928	wpas_notify_debug_show_keys_changed(global);
2929
2930	return 0;
2931	}
2932
2933
2934	/**
2935	* wpa_supplicant_get_ssid - Get a pointer to the current network structure
2936	* @wpa_s: Pointer to wpa_supplicant data
2937	* Returns: A pointer to the current network structure or %NULL on failure
2938	*/
2939	struct wpa_ssid * wpa_supplicant_get_ssid(struct wpa_supplicant *wpa_s)
2940	{
2941	struct wpa_ssid *entry;
2942	u8 ssid[SSID_MAX_LEN];
2943	int res;
2944	size_t ssid_len;
2945	u8 bssid[ETH_ALEN];
2946	int wired;
2947
2948	res = wpa_drv_get_ssid(wpa_s, ssid);
2949	if (res < 0) {
2950	wpa_msg(wpa_s, MSG_WARNING, "Could not read SSID from "
2951	"driver");
2952	return NULL;
2953	}
2954	ssid_len = res;
2955
2956	if (wpa_drv_get_bssid(wpa_s, bssid) < 0) {
2957	wpa_msg(wpa_s, MSG_WARNING, "Could not read BSSID from "
2958	"driver");
2959	return NULL;
2960	}
2961
2962	wired = wpa_s->conf->ap_scan == 0 &&
2963	(wpa_s->drv_flags & WPA_DRIVER_FLAGS_WIRED);
2964
2965	entry = wpa_s->conf->ssid;
2966	while (entry) {
2967	if (!wpas_network_disabled(wpa_s, entry) &&
2968	((ssid_len == entry->ssid_len &&
2969	os_memcmp(ssid, entry->ssid, ssid_len) == 0) \|\| wired) &&
2970	(!entry->bssid_set \|\|
2971	os_memcmp(bssid, entry->bssid, ETH_ALEN) == 0))
2972	return entry;
2973	#ifdef CONFIG_WPS
2974	if (!wpas_network_disabled(wpa_s, entry) &&
2975	(entry->key_mgmt & WPA_KEY_MGMT_WPS) &&
2976	(entry->ssid == NULL \|\| entry->ssid_len == 0) &&
2977	(!entry->bssid_set \|\|
2978	os_memcmp(bssid, entry->bssid, ETH_ALEN) == 0))
2979	return entry;
2980	#endif /* CONFIG_WPS */
2981
2982	if (!wpas_network_disabled(wpa_s, entry) && entry->bssid_set &&
2983	entry->ssid_len == 0 &&
2984	os_memcmp(bssid, entry->bssid, ETH_ALEN) == 0)
2985	return entry;
2986
2987	entry = entry->next;
2988	}
2989
2990	return NULL;
2991	}
2992
2993
2994	static int select_driver(struct wpa_supplicant *wpa_s, int i)
2995	{
2996	struct wpa_global *global = wpa_s->global;
2997
2998	if (wpa_drivers[i]->global_init && global->drv_priv[i] == NULL) {
2999	global->drv_priv[i] = wpa_drivers[i]->global_init();
3000	if (global->drv_priv[i] == NULL) {
3001	wpa_printf(MSG_ERROR, "Failed to initialize driver "
3002	"'%s'", wpa_drivers[i]->name);
3003	return -1;
3004	}
3005	}
3006
3007	wpa_s->driver = wpa_drivers[i];
3008	wpa_s->global_drv_priv = global->drv_priv[i];
3009
3010	return 0;
3011	}
3012
3013
3014	static int wpa_supplicant_set_driver(struct wpa_supplicant *wpa_s,
3015	const char *name)
3016	{
3017	int i;
3018	size_t len;
3019	const char pos, driver = name;
3020
3021	if (wpa_s == NULL)
3022	return -1;
3023
3024	if (wpa_drivers[0] == NULL) {
3025	wpa_msg(wpa_s, MSG_ERROR, "No driver interfaces build into "
3026	"wpa_supplicant");
3027	return -1;
3028	}
3029
3030	if (name == NULL) {
3031	/* default to first driver in the list */
3032	return select_driver(wpa_s, 0);
3033	}
3034
3035	do {
3036	pos = os_strchr(driver, ',');
3037	if (pos)
3038	len = pos - driver;
3039	else
3040	len = os_strlen(driver);
3041
3042	for (i = 0; wpa_drivers[i]; i++) {
3043	if (os_strlen(wpa_drivers[i]->name) == len &&
3044	os_strncmp(driver, wpa_drivers[i]->name, len) ==
3045	0) {
3046	/* First driver that succeeds wins */
3047	if (select_driver(wpa_s, i) == 0)
3048	return 0;
3049	}
3050	}
3051
3052	driver = pos + 1;
3053	} while (pos);
3054
3055	wpa_msg(wpa_s, MSG_ERROR, "Unsupported driver '%s'", name);
3056	return -1;
3057	}
3058
3059
3060	/**
3061	* wpa_supplicant_rx_eapol - Deliver a received EAPOL frame to wpa_supplicant
3062	* @ctx: Context pointer (wpa_s); this is the ctx variable registered
3063	* with struct wpa_driver_ops::init()
3064	* @src_addr: Source address of the EAPOL frame
3065	* @buf: EAPOL data starting from the EAPOL header (i.e., no Ethernet header)
3066	* @len: Length of the EAPOL data
3067	*
3068	* This function is called for each received EAPOL frame. Most driver
3069	* interfaces rely on more generic OS mechanism for receiving frames through
3070	* l2_packet, but if such a mechanism is not available, the driver wrapper may
3071	* take care of received EAPOL frames and deliver them to the core supplicant
3072	* code by calling this function.
3073	*/
3074	void wpa_supplicant_rx_eapol(void ctx, const u8 src_addr,
3075	const u8 *buf, size_t len)
3076	{
3077	struct wpa_supplicant *wpa_s = ctx;
3078
3079	wpa_dbg(wpa_s, MSG_DEBUG, "RX EAPOL from " MACSTR, MAC2STR(src_addr));
3080	wpa_hexdump(MSG_MSGDUMP, "RX EAPOL", buf, len);
3081
3082	#ifdef CONFIG_PEERKEY
3083	if (wpa_s->wpa_state > WPA_ASSOCIATED && wpa_s->current_ssid &&
3084	wpa_s->current_ssid->peerkey &&
3085	!(wpa_s->drv_flags & WPA_DRIVER_FLAGS_4WAY_HANDSHAKE) &&
3086	wpa_sm_rx_eapol_peerkey(wpa_s->wpa, src_addr, buf, len) == 1) {
3087	wpa_dbg(wpa_s, MSG_DEBUG, "RSN: Processed PeerKey EAPOL-Key");
3088	return;
3089	}
3090	#endif /* CONFIG_PEERKEY */
3091
3092	if (wpa_s->wpa_state < WPA_ASSOCIATED \|\|
3093	(wpa_s->last_eapol_matches_bssid &&
3094	#ifdef CONFIG_AP
3095	!wpa_s->ap_iface &&
3096	#endif /* CONFIG_AP */
3097	os_memcmp(src_addr, wpa_s->bssid, ETH_ALEN) != 0)) {
3098	/*
3099	* There is possible race condition between receiving the
3100	* association event and the EAPOL frame since they are coming
3101	* through different paths from the driver. In order to avoid
3102	* issues in trying to process the EAPOL frame before receiving
3103	* association information, lets queue it for processing until
3104	* the association event is received. This may also be needed in
3105	* driver-based roaming case, so also use src_addr != BSSID as a
3106	* trigger if we have previously confirmed that the
3107	* Authenticator uses BSSID as the src_addr (which is not the
3108	* case with wired IEEE 802.1X).
3109	*/
3110	wpa_dbg(wpa_s, MSG_DEBUG, "Not associated - Delay processing "
3111	"of received EAPOL frame (state=%s bssid=" MACSTR ")",
3112	wpa_supplicant_state_txt(wpa_s->wpa_state),
3113	MAC2STR(wpa_s->bssid));
3114	wpabuf_free(wpa_s->pending_eapol_rx);
3115	wpa_s->pending_eapol_rx = wpabuf_alloc_copy(buf, len);
3116	if (wpa_s->pending_eapol_rx) {
3117	os_get_reltime(&wpa_s->pending_eapol_rx_time);
3118	os_memcpy(wpa_s->pending_eapol_rx_src, src_addr,
3119	ETH_ALEN);
3120	}
3121	return;
3122	}
3123
3124	wpa_s->last_eapol_matches_bssid =
3125	os_memcmp(src_addr, wpa_s->bssid, ETH_ALEN) == 0;
3126
3127	#ifdef CONFIG_AP
3128	if (wpa_s->ap_iface) {
3129	wpa_supplicant_ap_rx_eapol(wpa_s, src_addr, buf, len);
3130	return;
3131	}
3132	#endif /* CONFIG_AP */
3133
3134	if (wpa_s->key_mgmt == WPA_KEY_MGMT_NONE) {
3135	wpa_dbg(wpa_s, MSG_DEBUG, "Ignored received EAPOL frame since "
3136	"no key management is configured");
3137	return;
3138	}
3139
3140	if (wpa_s->eapol_received == 0 &&
3141	(!(wpa_s->drv_flags & WPA_DRIVER_FLAGS_4WAY_HANDSHAKE) \|\|
3142	!wpa_key_mgmt_wpa_psk(wpa_s->key_mgmt) \|\|
3143	wpa_s->wpa_state != WPA_COMPLETED) &&
3144	(wpa_s->current_ssid == NULL \|\|
3145	wpa_s->current_ssid->mode != IEEE80211_MODE_IBSS)) {
3146	/* Timeout for completing IEEE 802.1X and WPA authentication */
3147	int timeout = 10;
3148
3149	if (wpa_key_mgmt_wpa_ieee8021x(wpa_s->key_mgmt) \|\|
3150	wpa_s->key_mgmt == WPA_KEY_MGMT_IEEE8021X_NO_WPA \|\|
3151	wpa_s->key_mgmt == WPA_KEY_MGMT_WPS) {
3152	/* Use longer timeout for IEEE 802.1X/EAP */
3153	timeout = 70;
3154	}
3155
3156	#ifdef CONFIG_WPS
3157	if (wpa_s->current_ssid && wpa_s->current_bss &&
3158	(wpa_s->current_ssid->key_mgmt & WPA_KEY_MGMT_WPS) &&
3159	eap_is_wps_pin_enrollee(&wpa_s->current_ssid->eap)) {
3160	/*
3161	* Use shorter timeout if going through WPS AP iteration
3162	* for PIN config method with an AP that does not
3163	* advertise Selected Registrar.
3164	*/
3165	struct wpabuf *wps_ie;
3166
3167	wps_ie = wpa_bss_get_vendor_ie_multi(
3168	wpa_s->current_bss, WPS_IE_VENDOR_TYPE);
3169	if (wps_ie &&
3170	!wps_is_addr_authorized(wps_ie, wpa_s->own_addr, 1))
3171	timeout = 10;
3172	wpabuf_free(wps_ie);
3173	}
3174	#endif /* CONFIG_WPS */
3175
3176	wpa_supplicant_req_auth_timeout(wpa_s, timeout, 0);
3177	}
3178	wpa_s->eapol_received++;
3179
3180	if (wpa_s->countermeasures) {
3181	wpa_msg(wpa_s, MSG_INFO, "WPA: Countermeasures - dropped "
3182	"EAPOL packet");
3183	return;
3184	}
3185
3186	#ifdef CONFIG_IBSS_RSN
3187	if (wpa_s->current_ssid &&
3188	wpa_s->current_ssid->mode == WPAS_MODE_IBSS) {
3189	ibss_rsn_rx_eapol(wpa_s->ibss_rsn, src_addr, buf, len);
3190	return;
3191	}
3192	#endif /* CONFIG_IBSS_RSN */
3193
3194	/* Source address of the incoming EAPOL frame could be compared to the
3195	* current BSSID. However, it is possible that a centralized
3196	* Authenticator could be using another MAC address than the BSSID of
3197	* an AP, so just allow any address to be used for now. The replies are
3198	* still sent to the current BSSID (if available), though. */
3199
3200	os_memcpy(wpa_s->last_eapol_src, src_addr, ETH_ALEN);
3201	if (!wpa_key_mgmt_wpa_psk(wpa_s->key_mgmt) &&
3202	eapol_sm_rx_eapol(wpa_s->eapol, src_addr, buf, len) > 0)
3203	return;
3204	wpa_drv_poll(wpa_s);
3205	if (!(wpa_s->drv_flags & WPA_DRIVER_FLAGS_4WAY_HANDSHAKE))
3206	wpa_sm_rx_eapol(wpa_s->wpa, src_addr, buf, len);
3207	else if (wpa_key_mgmt_wpa_ieee8021x(wpa_s->key_mgmt)) {
3208	/*
3209	* Set portValid = TRUE here since we are going to skip 4-way
3210	* handshake processing which would normally set portValid. We
3211	* need this to allow the EAPOL state machines to be completed
3212	* without going through EAPOL-Key handshake.
3213	*/
3214	eapol_sm_notify_portValid(wpa_s->eapol, TRUE);
3215	}
3216	}
3217
3218
3219	int wpa_supplicant_update_mac_addr(struct wpa_supplicant *wpa_s)
3220	{
3221	if ((!wpa_s->p2p_mgmt \|\|
3222	!(wpa_s->drv_flags & WPA_DRIVER_FLAGS_DEDICATED_P2P_DEVICE)) &&
3223	!(wpa_s->drv_flags & WPA_DRIVER_FLAGS_P2P_DEDICATED_INTERFACE)) {
3224	l2_packet_deinit(wpa_s->l2);
3225	wpa_s->l2 = l2_packet_init(wpa_s->ifname,
3226	wpa_drv_get_mac_addr(wpa_s),
3227	ETH_P_EAPOL,
3228	wpa_supplicant_rx_eapol, wpa_s, 0);
3229	if (wpa_s->l2 == NULL)
3230	return -1;
3231	} else {
3232	const u8 *addr = wpa_drv_get_mac_addr(wpa_s);
3233	if (addr)
3234	os_memcpy(wpa_s->own_addr, addr, ETH_ALEN);
3235	}
3236
3237	if (wpa_s->l2 && l2_packet_get_own_addr(wpa_s->l2, wpa_s->own_addr)) {
3238	wpa_msg(wpa_s, MSG_ERROR, "Failed to get own L2 address");
3239	return -1;
3240	}
3241
3242	wpa_sm_set_own_addr(wpa_s->wpa, wpa_s->own_addr);
3243
3244	return 0;
3245	}
3246
3247
3248	static void wpa_supplicant_rx_eapol_bridge(void ctx, const u8 src_addr,
3249	const u8 *buf, size_t len)
3250	{
3251	struct wpa_supplicant *wpa_s = ctx;
3252	const struct l2_ethhdr *eth;
3253
3254	if (len < sizeof(*eth))
3255	return;
3256	eth = (const struct l2_ethhdr *) buf;
3257
3258	if (os_memcmp(eth->h_dest, wpa_s->own_addr, ETH_ALEN) != 0 &&
3259	!(eth->h_dest[0] & 0x01)) {
3260	wpa_dbg(wpa_s, MSG_DEBUG, "RX EAPOL from " MACSTR " to " MACSTR
3261	" (bridge - not for this interface - ignore)",
3262	MAC2STR(src_addr), MAC2STR(eth->h_dest));
3263	return;
3264	}
3265
3266	wpa_dbg(wpa_s, MSG_DEBUG, "RX EAPOL from " MACSTR " to " MACSTR
3267	" (bridge)", MAC2STR(src_addr), MAC2STR(eth->h_dest));
3268	wpa_supplicant_rx_eapol(wpa_s, src_addr, buf + sizeof(*eth),
3269	len - sizeof(*eth));
3270	}
3271
3272
3273	/**
3274	* wpa_supplicant_driver_init - Initialize driver interface parameters
3275	* @wpa_s: Pointer to wpa_supplicant data
3276	* Returns: 0 on success, -1 on failure
3277	*
3278	* This function is called to initialize driver interface parameters.
3279	* wpa_drv_init() must have been called before this function to initialize the
3280	* driver interface.
3281	*/
3282	int wpa_supplicant_driver_init(struct wpa_supplicant *wpa_s)
3283	{
3284	static int interface_count = 0;
3285
3286	if (wpa_supplicant_update_mac_addr(wpa_s) < 0)
3287	return -1;
3288
3289	wpa_dbg(wpa_s, MSG_DEBUG, "Own MAC address: " MACSTR,
3290	MAC2STR(wpa_s->own_addr));
3291	os_memcpy(wpa_s->perm_addr, wpa_s->own_addr, ETH_ALEN);
3292	wpa_sm_set_own_addr(wpa_s->wpa, wpa_s->own_addr);
3293
3294	if (wpa_s->bridge_ifname[0]) {
3295	wpa_dbg(wpa_s, MSG_DEBUG, "Receiving packets from bridge "
3296	"interface '%s'", wpa_s->bridge_ifname);
3297	wpa_s->l2_br = l2_packet_init_bridge(
3298	wpa_s->bridge_ifname, wpa_s->ifname, wpa_s->own_addr,
3299	ETH_P_EAPOL, wpa_supplicant_rx_eapol_bridge, wpa_s, 1);
3300	if (wpa_s->l2_br == NULL) {
3301	wpa_msg(wpa_s, MSG_ERROR, "Failed to open l2_packet "
3302	"connection for the bridge interface '%s'",
3303	wpa_s->bridge_ifname);
3304	return -1;
3305	}
3306	}
3307
3308	if (wpa_s->conf->ap_scan == 2 &&
3309	os_strcmp(wpa_s->driver->name, "nl80211") == 0) {
3310	wpa_printf(MSG_INFO,
3311	"Note: nl80211 driver interface is not designed to be used with ap_scan=2; this can result in connection failures");
3312	}
3313
3314	wpa_clear_keys(wpa_s, NULL);
3315
3316	/* Make sure that TKIP countermeasures are not left enabled (could
3317	* happen if wpa_supplicant is killed during countermeasures. */
3318	wpa_drv_set_countermeasures(wpa_s, 0);
3319
3320	wpa_dbg(wpa_s, MSG_DEBUG, "RSN: flushing PMKID list in the driver");
3321	wpa_drv_flush_pmkid(wpa_s);
3322
3323	wpa_s->prev_scan_ssid = WILDCARD_SSID_SCAN;
3324	wpa_s->prev_scan_wildcard = 0;
3325
3326	if (wpa_supplicant_enabled_networks(wpa_s)) {
3327	if (wpa_s->wpa_state == WPA_INTERFACE_DISABLED) {
3328	wpa_supplicant_set_state(wpa_s, WPA_DISCONNECTED);
3329	interface_count = 0;
3330	}
3331	#ifndef ANDROID
3332	if (!wpa_s->p2p_mgmt &&
3333	wpa_supplicant_delayed_sched_scan(wpa_s,
3334	interface_count % 3,
3335	100000))
3336	wpa_supplicant_req_scan(wpa_s, interface_count % 3,
3337	100000);
3338	#endif /* ANDROID */
3339	interface_count++;
3340	} else
3341	wpa_supplicant_set_state(wpa_s, WPA_INACTIVE);
3342
3343	return 0;
3344	}
3345
3346
3347	static int wpa_supplicant_daemon(const char *pid_file)
3348	{
3349	wpa_printf(MSG_DEBUG, "Daemonize..");
3350	return os_daemonize(pid_file);
3351	}
3352
3353
3354	static struct wpa_supplicant *
3355	wpa_supplicant_alloc(struct wpa_supplicant *parent)
3356	{
3357	struct wpa_supplicant *wpa_s;
3358
3359	wpa_s = os_zalloc(sizeof(*wpa_s));
3360	if (wpa_s == NULL)
3361	return NULL;
3362	wpa_s->scan_req = INITIAL_SCAN_REQ;
3363	wpa_s->scan_interval = 5;
3364	wpa_s->new_connection = 1;
3365	wpa_s->parent = parent ? parent : wpa_s;
3366	wpa_s->sched_scanning = 0;
3367
3368	return wpa_s;
3369	}
3370
3371
3372	#ifdef CONFIG_HT_OVERRIDES
3373
3374	static int wpa_set_htcap_mcs(struct wpa_supplicant *wpa_s,
3375	struct ieee80211_ht_capabilities *htcaps,
3376	struct ieee80211_ht_capabilities *htcaps_mask,
3377	const char *ht_mcs)
3378	{
3379	/* parse ht_mcs into hex array */
3380	int i;
3381	const char *tmp = ht_mcs;
3382	char *end = NULL;
3383
3384	/* If ht_mcs is null, do not set anything */
3385	if (!ht_mcs)
3386	return 0;
3387
3388	/* This is what we are setting in the kernel */
3389	os_memset(&htcaps->supported_mcs_set, 0, IEEE80211_HT_MCS_MASK_LEN);
3390
3391	wpa_msg(wpa_s, MSG_DEBUG, "set_htcap, ht_mcs -:%s:-", ht_mcs);
3392
3393	for (i = 0; i < IEEE80211_HT_MCS_MASK_LEN; i++) {
3394	errno = 0;
3395	long v = strtol(tmp, &end, 16);
3396	if (errno == 0) {
3397	wpa_msg(wpa_s, MSG_DEBUG,
3398	"htcap value[%i]: %ld end: %p tmp: %p",
3399	i, v, end, tmp);
3400	if (end == tmp)
3401	break;
3402
3403	htcaps->supported_mcs_set[i] = v;
3404	tmp = end;
3405	} else {
3406	wpa_msg(wpa_s, MSG_ERROR,
3407	"Failed to parse ht-mcs: %s, error: %s\n",
3408	ht_mcs, strerror(errno));
3409	return -1;
3410	}
3411	}
3412
3413	/*
3414	* If we were able to parse any values, then set mask for the MCS set.
3415	*/
3416	if (i) {
3417	os_memset(&htcaps_mask->supported_mcs_set, 0xff,
3418	IEEE80211_HT_MCS_MASK_LEN - 1);
3419	/* skip the 3 reserved bits */
3420	htcaps_mask->supported_mcs_set[IEEE80211_HT_MCS_MASK_LEN - 1] =
3421	0x1f;
3422	}
3423
3424	return 0;
3425	}
3426
3427
3428	static int wpa_disable_max_amsdu(struct wpa_supplicant *wpa_s,
3429	struct ieee80211_ht_capabilities *htcaps,
3430	struct ieee80211_ht_capabilities *htcaps_mask,
3431	int disabled)
3432	{
3433	le16 msk;
3434
3435	wpa_msg(wpa_s, MSG_DEBUG, "set_disable_max_amsdu: %d", disabled);
3436
3437	if (disabled == -1)
3438	return 0;
3439
3440	msk = host_to_le16(HT_CAP_INFO_MAX_AMSDU_SIZE);
3441	htcaps_mask->ht_capabilities_info \|= msk;
3442	if (disabled)
3443	htcaps->ht_capabilities_info &= msk;
3444	else
3445	htcaps->ht_capabilities_info \|= msk;
3446
3447	return 0;
3448	}
3449
3450
3451	static int wpa_set_ampdu_factor(struct wpa_supplicant *wpa_s,
3452	struct ieee80211_ht_capabilities *htcaps,
3453	struct ieee80211_ht_capabilities *htcaps_mask,
3454	int factor)
3455	{
3456	wpa_msg(wpa_s, MSG_DEBUG, "set_ampdu_factor: %d", factor);
3457
3458	if (factor == -1)
3459	return 0;
3460
3461	if (factor < 0 \|\| factor > 3) {
3462	wpa_msg(wpa_s, MSG_ERROR, "ampdu_factor: %d out of range. "
3463	"Must be 0-3 or -1", factor);
3464	return -EINVAL;
3465	}
3466
3467	htcaps_mask->a_mpdu_params \|= 0x3; /* 2 bits for factor */
3468	htcaps->a_mpdu_params &= ~0x3;
3469	htcaps->a_mpdu_params \|= factor & 0x3;
3470
3471	return 0;
3472	}
3473
3474
3475	static int wpa_set_ampdu_density(struct wpa_supplicant *wpa_s,
3476	struct ieee80211_ht_capabilities *htcaps,
3477	struct ieee80211_ht_capabilities *htcaps_mask,
3478	int density)
3479	{
3480	wpa_msg(wpa_s, MSG_DEBUG, "set_ampdu_density: %d", density);
3481
3482	if (density == -1)
3483	return 0;
3484
3485	if (density < 0 \|\| density > 7) {
3486	wpa_msg(wpa_s, MSG_ERROR,
3487	"ampdu_density: %d out of range. Must be 0-7 or -1.",
3488	density);
3489	return -EINVAL;
3490	}
3491
3492	htcaps_mask->a_mpdu_params \|= 0x1C;
3493	htcaps->a_mpdu_params &= ~(0x1C);
3494	htcaps->a_mpdu_params \|= (density << 2) & 0x1C;
3495
3496	return 0;
3497	}
3498
3499
3500	static int wpa_set_disable_ht40(struct wpa_supplicant *wpa_s,
3501	struct ieee80211_ht_capabilities *htcaps,
3502	struct ieee80211_ht_capabilities *htcaps_mask,
3503	int disabled)
3504	{
3505	/* Masking these out disables HT40 */
3506	le16 msk = host_to_le16(HT_CAP_INFO_SUPP_CHANNEL_WIDTH_SET \|
3507	HT_CAP_INFO_SHORT_GI40MHZ);
3508
3509	wpa_msg(wpa_s, MSG_DEBUG, "set_disable_ht40: %d", disabled);
3510
3511	if (disabled)
3512	htcaps->ht_capabilities_info &= ~msk;
3513	else
3514	htcaps->ht_capabilities_info \|= msk;
3515
3516	htcaps_mask->ht_capabilities_info \|= msk;
3517
3518	return 0;
3519	}
3520
3521
3522	static int wpa_set_disable_sgi(struct wpa_supplicant *wpa_s,
3523	struct ieee80211_ht_capabilities *htcaps,
3524	struct ieee80211_ht_capabilities *htcaps_mask,
3525	int disabled)
3526	{
3527	/* Masking these out disables SGI */
3528	le16 msk = host_to_le16(HT_CAP_INFO_SHORT_GI20MHZ \|
3529	HT_CAP_INFO_SHORT_GI40MHZ);
3530
3531	wpa_msg(wpa_s, MSG_DEBUG, "set_disable_sgi: %d", disabled);
3532
3533	if (disabled)
3534	htcaps->ht_capabilities_info &= ~msk;
3535	else
3536	htcaps->ht_capabilities_info \|= msk;
3537
3538	htcaps_mask->ht_capabilities_info \|= msk;
3539
3540	return 0;
3541	}
3542
3543
3544	static int wpa_set_disable_ldpc(struct wpa_supplicant *wpa_s,
3545	struct ieee80211_ht_capabilities *htcaps,
3546	struct ieee80211_ht_capabilities *htcaps_mask,
3547	int disabled)
3548	{
3549	/* Masking these out disables LDPC */
3550	le16 msk = host_to_le16(HT_CAP_INFO_LDPC_CODING_CAP);
3551
3552	wpa_msg(wpa_s, MSG_DEBUG, "set_disable_ldpc: %d", disabled);
3553
3554	if (disabled)
3555	htcaps->ht_capabilities_info &= ~msk;
3556	else
3557	htcaps->ht_capabilities_info \|= msk;
3558
3559	htcaps_mask->ht_capabilities_info \|= msk;
3560
3561	return 0;
3562	}
3563
3564
3565	void wpa_supplicant_apply_ht_overrides(
3566	struct wpa_supplicant wpa_s, struct wpa_ssid ssid,
3567	struct wpa_driver_associate_params *params)
3568	{
3569	struct ieee80211_ht_capabilities *htcaps;
3570	struct ieee80211_ht_capabilities *htcaps_mask;
3571
3572	if (!ssid)
3573	return;
3574
3575	params->disable_ht = ssid->disable_ht;
3576	if (!params->htcaps \|\| !params->htcaps_mask)
3577	return;
3578
3579	htcaps = (struct ieee80211_ht_capabilities *) params->htcaps;
3580	htcaps_mask = (struct ieee80211_ht_capabilities *) params->htcaps_mask;
3581	wpa_set_htcap_mcs(wpa_s, htcaps, htcaps_mask, ssid->ht_mcs);
3582	wpa_disable_max_amsdu(wpa_s, htcaps, htcaps_mask,
3583	ssid->disable_max_amsdu);
3584	wpa_set_ampdu_factor(wpa_s, htcaps, htcaps_mask, ssid->ampdu_factor);
3585	wpa_set_ampdu_density(wpa_s, htcaps, htcaps_mask, ssid->ampdu_density);
3586	wpa_set_disable_ht40(wpa_s, htcaps, htcaps_mask, ssid->disable_ht40);
3587	wpa_set_disable_sgi(wpa_s, htcaps, htcaps_mask, ssid->disable_sgi);
3588	wpa_set_disable_ldpc(wpa_s, htcaps, htcaps_mask, ssid->disable_ldpc);
3589
3590	if (ssid->ht40_intolerant) {
3591	le16 bit = host_to_le16(HT_CAP_INFO_40MHZ_INTOLERANT);
3592	htcaps->ht_capabilities_info \|= bit;
3593	htcaps_mask->ht_capabilities_info \|= bit;
3594	}
3595	}
3596
3597	#endif /* CONFIG_HT_OVERRIDES */
3598
3599
3600	#ifdef CONFIG_VHT_OVERRIDES
3601	void wpa_supplicant_apply_vht_overrides(
3602	struct wpa_supplicant wpa_s, struct wpa_ssid ssid,
3603	struct wpa_driver_associate_params *params)
3604	{
3605	struct ieee80211_vht_capabilities *vhtcaps;
3606	struct ieee80211_vht_capabilities *vhtcaps_mask;
3607
3608	if (!ssid)
3609	return;
3610
3611	params->disable_vht = ssid->disable_vht;
3612
3613	vhtcaps = (void *) params->vhtcaps;
3614	vhtcaps_mask = (void *) params->vhtcaps_mask;
3615
3616	if (!vhtcaps \|\| !vhtcaps_mask)
3617	return;
3618
3619	vhtcaps->vht_capabilities_info = ssid->vht_capa;
3620	vhtcaps_mask->vht_capabilities_info = ssid->vht_capa_mask;
3621
3622	#ifdef CONFIG_HT_OVERRIDES
3623	/* if max ampdu is <= 3, we have to make the HT cap the same */
3624	if (ssid->vht_capa_mask & VHT_CAP_MAX_A_MPDU_LENGTH_EXPONENT_MAX) {
3625	int max_ampdu;
3626
3627	max_ampdu = (ssid->vht_capa &
3628	VHT_CAP_MAX_A_MPDU_LENGTH_EXPONENT_MAX) >>
3629	VHT_CAP_MAX_A_MPDU_LENGTH_EXPONENT_MAX_SHIFT;
3630
3631	max_ampdu = max_ampdu < 3 ? max_ampdu : 3;
3632	wpa_set_ampdu_factor(wpa_s,
3633	(void *) params->htcaps,
3634	(void *) params->htcaps_mask,
3635	max_ampdu);
3636	}
3637	#endif /* CONFIG_HT_OVERRIDES */
3638
3639	#define OVERRIDE_MCS(i) \
3640	if (ssid->vht_tx_mcs_nss_ ##i >= 0) { \
3641	vhtcaps_mask->vht_supported_mcs_set.tx_map \|= \
3642	3 << 2 * (i - 1); \
3643	vhtcaps->vht_supported_mcs_set.tx_map \|= \
3644	ssid->vht_tx_mcs_nss_ ##i << 2 * (i - 1); \
3645	} \
3646	if (ssid->vht_rx_mcs_nss_ ##i >= 0) { \
3647	vhtcaps_mask->vht_supported_mcs_set.rx_map \|= \
3648	3 << 2 * (i - 1); \
3649	vhtcaps->vht_supported_mcs_set.rx_map \|= \
3650	ssid->vht_rx_mcs_nss_ ##i << 2 * (i - 1); \
3651	}
3652
3653	OVERRIDE_MCS(1);
3654	OVERRIDE_MCS(2);
3655	OVERRIDE_MCS(3);
3656	OVERRIDE_MCS(4);
3657	OVERRIDE_MCS(5);
3658	OVERRIDE_MCS(6);
3659	OVERRIDE_MCS(7);
3660	OVERRIDE_MCS(8);
3661	}
3662	#endif /* CONFIG_VHT_OVERRIDES */
3663
3664
3665	static int pcsc_reader_init(struct wpa_supplicant *wpa_s)
3666	{
3667	#ifdef PCSC_FUNCS
3668	size_t len;
3669
3670	if (!wpa_s->conf->pcsc_reader)
3671	return 0;
3672
3673	wpa_s->scard = scard_init(wpa_s->conf->pcsc_reader);
3674	if (!wpa_s->scard)
3675	return 1;
3676
3677	if (wpa_s->conf->pcsc_pin &&
3678	scard_set_pin(wpa_s->scard, wpa_s->conf->pcsc_pin) < 0) {
3679	scard_deinit(wpa_s->scard);
3680	wpa_s->scard = NULL;
3681	wpa_msg(wpa_s, MSG_ERROR, "PC/SC PIN validation failed");
3682	return -1;
3683	}
3684
3685	len = sizeof(wpa_s->imsi) - 1;
3686	if (scard_get_imsi(wpa_s->scard, wpa_s->imsi, &len)) {
3687	scard_deinit(wpa_s->scard);
3688	wpa_s->scard = NULL;
3689	wpa_msg(wpa_s, MSG_ERROR, "Could not read IMSI");
3690	return -1;
3691	}
3692	wpa_s->imsi[len] = '\0';
3693
3694	wpa_s->mnc_len = scard_get_mnc_len(wpa_s->scard);
3695
3696	wpa_printf(MSG_DEBUG, "SCARD: IMSI %s (MNC length %d)",
3697	wpa_s->imsi, wpa_s->mnc_len);
3698
3699	wpa_sm_set_scard_ctx(wpa_s->wpa, wpa_s->scard);
3700	eapol_sm_register_scard_ctx(wpa_s->eapol, wpa_s->scard);
3701	#endif /* PCSC_FUNCS */
3702
3703	return 0;
3704	}
3705
3706
3707	int wpas_init_ext_pw(struct wpa_supplicant *wpa_s)
3708	{
3709	char val, pos;
3710
3711	ext_password_deinit(wpa_s->ext_pw);
3712	wpa_s->ext_pw = NULL;
3713	eapol_sm_set_ext_pw_ctx(wpa_s->eapol, NULL);
3714
3715	if (!wpa_s->conf->ext_password_backend)
3716	return 0;
3717
3718	val = os_strdup(wpa_s->conf->ext_password_backend);
3719	if (val == NULL)
3720	return -1;
3721	pos = os_strchr(val, ':');
3722	if (pos)
3723	*pos++ = '\0';
3724
3725	wpa_printf(MSG_DEBUG, "EXT PW: Initialize backend '%s'", val);
3726
3727	wpa_s->ext_pw = ext_password_init(val, pos);
3728	os_free(val);
3729	if (wpa_s->ext_pw == NULL) {
3730	wpa_printf(MSG_DEBUG, "EXT PW: Failed to initialize backend");
3731	return -1;
3732	}
3733	eapol_sm_set_ext_pw_ctx(wpa_s->eapol, wpa_s->ext_pw);
3734
3735	return 0;
3736	}
3737
3738
3739	#ifdef CONFIG_FST
3740
3741	static const u8 * wpas_fst_get_bssid_cb(void *ctx)
3742	{
3743	struct wpa_supplicant *wpa_s = ctx;
3744
3745	return (is_zero_ether_addr(wpa_s->bssid) \|\|
3746	wpa_s->wpa_state != WPA_COMPLETED) ? NULL : wpa_s->bssid;
3747	}
3748
3749
3750	static void wpas_fst_get_channel_info_cb(void *ctx,
3751	enum hostapd_hw_mode *hw_mode,
3752	u8 *channel)
3753	{
3754	struct wpa_supplicant *wpa_s = ctx;
3755
3756	if (wpa_s->current_bss) {
3757	*hw_mode = ieee80211_freq_to_chan(wpa_s->current_bss->freq,
3758	channel);
3759	} else if (wpa_s->hw.num_modes) {
3760	*hw_mode = wpa_s->hw.modes[0].mode;
3761	} else {
3762	WPA_ASSERT(0);
3763	*hw_mode = 0;
3764	}
3765	}
3766
3767
3768	static int wpas_fst_get_hw_modes(void ctx, struct hostapd_hw_modes *modes)
3769	{
3770	struct wpa_supplicant *wpa_s = ctx;
3771
3772	*modes = wpa_s->hw.modes;
3773	return wpa_s->hw.num_modes;
3774	}
3775
3776
3777	static void wpas_fst_set_ies_cb(void ctx, const struct wpabuf fst_ies)
3778	{
3779	struct wpa_supplicant *wpa_s = ctx;
3780
3781	wpa_hexdump_buf(MSG_DEBUG, "FST: Set IEs", fst_ies);
3782	wpa_s->fst_ies = fst_ies;
3783	}
3784
3785
3786	static int wpas_fst_send_action_cb(void ctx, const u8 da, struct wpabuf *data)
3787	{
3788	struct wpa_supplicant *wpa_s = ctx;
3789
3790	WPA_ASSERT(os_memcmp(wpa_s->bssid, da, ETH_ALEN) == 0);
3791	return wpa_drv_send_action(wpa_s, wpa_s->assoc_freq, 0, wpa_s->bssid,
3792	wpa_s->own_addr, wpa_s->bssid,
3793	wpabuf_head(data), wpabuf_len(data),
3794	0);
3795	}
3796
3797
3798	static const struct wpabuf * wpas_fst_get_mb_ie_cb(void ctx, const u8 addr)
3799	{
3800	struct wpa_supplicant *wpa_s = ctx;
3801
3802	WPA_ASSERT(os_memcmp(wpa_s->bssid, addr, ETH_ALEN) == 0);
3803	return wpa_s->received_mb_ies;
3804	}
3805
3806
3807	static void wpas_fst_update_mb_ie_cb(void ctx, const u8 addr,
3808	const u8 *buf, size_t size)
3809	{
3810	struct wpa_supplicant *wpa_s = ctx;
3811	struct mb_ies_info info;
3812
3813	WPA_ASSERT(os_memcmp(wpa_s->bssid, addr, ETH_ALEN) == 0);
3814
3815	if (!mb_ies_info_by_ies(&info, buf, size)) {
3816	wpabuf_free(wpa_s->received_mb_ies);
3817	wpa_s->received_mb_ies = mb_ies_by_info(&info);
3818	}
3819	}
3820
3821
3822	const u8 * wpas_fst_get_peer_first(void ctx, struct fst_get_peer_ctx *get_ctx,
3823	Boolean mb_only)
3824	{
3825	struct wpa_supplicant *wpa_s = ctx;
3826
3827	*get_ctx = NULL;
3828	if (!is_zero_ether_addr(wpa_s->bssid))
3829	return (wpa_s->received_mb_ies \|\| !mb_only) ?
3830	wpa_s->bssid : NULL;
3831	return NULL;
3832	}
3833
3834
3835	const u8 * wpas_fst_get_peer_next(void ctx, struct fst_get_peer_ctx *get_ctx,
3836	Boolean mb_only)
3837	{
3838	return NULL;
3839	}
3840
3841	void fst_wpa_supplicant_fill_iface_obj(struct wpa_supplicant *wpa_s,
3842	struct fst_wpa_obj *iface_obj)
3843	{
3844	iface_obj->ctx = wpa_s;
3845	iface_obj->get_bssid = wpas_fst_get_bssid_cb;
3846	iface_obj->get_channel_info = wpas_fst_get_channel_info_cb;
3847	iface_obj->get_hw_modes = wpas_fst_get_hw_modes;
3848	iface_obj->set_ies = wpas_fst_set_ies_cb;
3849	iface_obj->send_action = wpas_fst_send_action_cb;
3850	iface_obj->get_mb_ie = wpas_fst_get_mb_ie_cb;
3851	iface_obj->update_mb_ie = wpas_fst_update_mb_ie_cb;
3852	iface_obj->get_peer_first = wpas_fst_get_peer_first;
3853	iface_obj->get_peer_next = wpas_fst_get_peer_next;
3854	}
3855	#endif /* CONFIG_FST */
3856
3857	static int wpas_set_wowlan_triggers(struct wpa_supplicant *wpa_s,
3858	const struct wpa_driver_capa *capa)
3859	{
3860	struct wowlan_triggers *triggers;
3861	int ret = 0;
3862
3863	if (!wpa_s->conf->wowlan_triggers)
3864	return 0;
3865
3866	triggers = wpa_get_wowlan_triggers(wpa_s->conf->wowlan_triggers, capa);
3867	if (triggers) {
3868	ret = wpa_drv_wowlan(wpa_s, triggers);
3869	os_free(triggers);
3870	}
3871	return ret;
3872	}
3873
3874
3875	static struct wpa_radio * radio_add_interface(struct wpa_supplicant *wpa_s,
3876	const char *rn)
3877	{
3878	struct wpa_supplicant *iface = wpa_s->global->ifaces;
3879	struct wpa_radio *radio;
3880
3881	while (rn && iface) {
3882	radio = iface->radio;
3883	if (radio && os_strcmp(rn, radio->name) == 0) {
3884	wpa_printf(MSG_DEBUG, "Add interface %s to existing radio %s",
3885	wpa_s->ifname, rn);
3886	dl_list_add(&radio->ifaces, &wpa_s->radio_list);
3887	return radio;
3888	}
3889
3890	iface = iface->next;
3891	}
3892
3893	wpa_printf(MSG_DEBUG, "Add interface %s to a new radio %s",
3894	wpa_s->ifname, rn ? rn : "N/A");
3895	radio = os_zalloc(sizeof(*radio));
3896	if (radio == NULL)
3897	return NULL;
3898
3899	if (rn)
3900	os_strlcpy(radio->name, rn, sizeof(radio->name));
3901	dl_list_init(&radio->ifaces);
3902	dl_list_init(&radio->work);
3903	dl_list_add(&radio->ifaces, &wpa_s->radio_list);
3904
3905	return radio;
3906	}
3907
3908
3909	static void radio_work_free(struct wpa_radio_work *work)
3910	{
3911	if (work->wpa_s->scan_work == work) {
3912	/* This should not really happen. */
3913	wpa_dbg(work->wpa_s, MSG_INFO, "Freeing radio work '%s'@%p (started=%d) that is marked as scan_work",
3914	work->type, work, work->started);
3915	work->wpa_s->scan_work = NULL;
3916	}
3917
3918	#ifdef CONFIG_P2P
3919	if (work->wpa_s->p2p_scan_work == work) {
3920	/* This should not really happen. */
3921	wpa_dbg(work->wpa_s, MSG_INFO, "Freeing radio work '%s'@%p (started=%d) that is marked as p2p_scan_work",
3922	work->type, work, work->started);
3923	work->wpa_s->p2p_scan_work = NULL;
3924	}
3925	#endif /* CONFIG_P2P */
3926
3927	dl_list_del(&work->list);
3928	os_free(work);
3929	}
3930
3931
3932	static void radio_start_next_work(void eloop_ctx, void timeout_ctx)
3933	{
3934	struct wpa_radio *radio = eloop_ctx;
3935	struct wpa_radio_work *work;
3936	struct os_reltime now, diff;
3937	struct wpa_supplicant *wpa_s;
3938
3939	work = dl_list_first(&radio->work, struct wpa_radio_work, list);
3940	if (work == NULL)
3941	return;
3942
3943	if (work->started)
3944	return; /* already started and still in progress */
3945
3946	wpa_s = dl_list_first(&radio->ifaces, struct wpa_supplicant,
3947	radio_list);
3948	if (wpa_s && wpa_s->radio->external_scan_running) {
3949	wpa_printf(MSG_DEBUG, "Delay radio work start until externally triggered scan completes");
3950	return;
3951	}
3952
3953	os_get_reltime(&now);
3954	os_reltime_sub(&now, &work->time, &diff);
3955	wpa_dbg(work->wpa_s, MSG_DEBUG, "Starting radio work '%s'@%p after %ld.%06ld second wait",
3956	work->type, work, diff.sec, diff.usec);
3957	work->started = 1;
3958	work->time = now;
3959	work->cb(work, 0);
3960	}
3961
3962
3963	/*
3964	* This function removes both started and pending radio works running on
3965	* the provided interface's radio.
3966	* Prior to the removal of the radio work, its callback (cb) is called with
3967	* deinit set to be 1. Each work's callback is responsible for clearing its
3968	* internal data and restoring to a correct state.
3969	* @wpa_s: wpa_supplicant data
3970	* @type: type of works to be removed
3971	* @remove_all: 1 to remove all the works on this radio, 0 to remove only
3972	* this interface's works.
3973	*/
3974	void radio_remove_works(struct wpa_supplicant *wpa_s,
3975	const char *type, int remove_all)
3976	{
3977	struct wpa_radio_work work, tmp;
3978	struct wpa_radio *radio = wpa_s->radio;
3979
3980	dl_list_for_each_safe(work, tmp, &radio->work, struct wpa_radio_work,
3981	list) {
3982	if (type && os_strcmp(type, work->type) != 0)
3983	continue;
3984
3985	/* skip other ifaces' works */
3986	if (!remove_all && work->wpa_s != wpa_s)
3987	continue;
3988
3989	wpa_dbg(wpa_s, MSG_DEBUG, "Remove radio work '%s'@%p%s",
3990	work->type, work, work->started ? " (started)" : "");
3991	work->cb(work, 1);
3992	radio_work_free(work);
3993	}
3994
3995	/* in case we removed the started work */
3996	radio_work_check_next(wpa_s);
3997	}
3998
3999
4000	static void radio_remove_interface(struct wpa_supplicant *wpa_s)
4001	{
4002	struct wpa_radio *radio = wpa_s->radio;
4003
4004	if (!radio)
4005	return;
4006
4007	wpa_printf(MSG_DEBUG, "Remove interface %s from radio %s",
4008	wpa_s->ifname, radio->name);
4009	dl_list_del(&wpa_s->radio_list);
4010	radio_remove_works(wpa_s, NULL, 0);
4011	wpa_s->radio = NULL;
4012	if (!dl_list_empty(&radio->ifaces))
4013	return; /* Interfaces remain for this radio */
4014
4015	wpa_printf(MSG_DEBUG, "Remove radio %s", radio->name);
4016	eloop_cancel_timeout(radio_start_next_work, radio, NULL);
4017	os_free(radio);
4018	}
4019
4020
4021	void radio_work_check_next(struct wpa_supplicant *wpa_s)
4022	{
4023	struct wpa_radio *radio = wpa_s->radio;
4024
4025	if (dl_list_empty(&radio->work))
4026	return;
4027	if (wpa_s->ext_work_in_progress) {
4028	wpa_printf(MSG_DEBUG,
4029	"External radio work in progress - delay start of pending item");
4030	return;
4031	}
4032	eloop_cancel_timeout(radio_start_next_work, radio, NULL);
4033	eloop_register_timeout(0, 0, radio_start_next_work, radio, NULL);
4034	}
4035
4036
4037	/**
4038	* radio_add_work - Add a radio work item
4039	* @wpa_s: Pointer to wpa_supplicant data
4040	* @freq: Frequency of the offchannel operation in MHz or 0
4041	* @type: Unique identifier for each type of work
4042	* @next: Force as the next work to be executed
4043	* @cb: Callback function for indicating when radio is available
4044	* @ctx: Context pointer for the work (work->ctx in cb())
4045	* Returns: 0 on success, -1 on failure
4046	*
4047	* This function is used to request time for an operation that requires
4048	* exclusive radio control. Once the radio is available, the registered callback
4049	* function will be called. radio_work_done() must be called once the exclusive
4050	* radio operation has been completed, so that the radio is freed for other
4051	* operations. The special case of deinit=1 is used to free the context data
4052	* during interface removal. That does not allow the callback function to start
4053	* the radio operation, i.e., it must free any resources allocated for the radio
4054	* work and return.
4055	*
4056	* The @freq parameter can be used to indicate a single channel on which the
4057	* offchannel operation will occur. This may allow multiple radio work
4058	* operations to be performed in parallel if they apply for the same channel.
4059	* Setting this to 0 indicates that the work item may use multiple channels or
4060	* requires exclusive control of the radio.
4061	*/
4062	int radio_add_work(struct wpa_supplicant *wpa_s, unsigned int freq,
4063	const char *type, int next,
4064	void (cb)(struct wpa_radio_work work, int deinit),
4065	void *ctx)
4066	{
4067	struct wpa_radio_work *work;
4068	int was_empty;
4069
4070	work = os_zalloc(sizeof(*work));
4071	if (work == NULL)
4072	return -1;
4073	wpa_dbg(wpa_s, MSG_DEBUG, "Add radio work '%s'@%p", type, work);
4074	os_get_reltime(&work->time);
4075	work->freq = freq;
4076	work->type = type;
4077	work->wpa_s = wpa_s;
4078	work->cb = cb;
4079	work->ctx = ctx;
4080
4081	was_empty = dl_list_empty(&wpa_s->radio->work);
4082	if (next)
4083	dl_list_add(&wpa_s->radio->work, &work->list);
4084	else
4085	dl_list_add_tail(&wpa_s->radio->work, &work->list);
4086	if (was_empty) {
4087	wpa_dbg(wpa_s, MSG_DEBUG, "First radio work item in the queue - schedule start immediately");
4088	radio_work_check_next(wpa_s);
4089	}
4090
4091	return 0;
4092	}
4093
4094
4095	/**
4096	* radio_work_done - Indicate that a radio work item has been completed
4097	* @work: Completed work
4098	*
4099	* This function is called once the callback function registered with
4100	* radio_add_work() has completed its work.
4101	*/
4102	void radio_work_done(struct wpa_radio_work *work)
4103	{
4104	struct wpa_supplicant *wpa_s = work->wpa_s;
4105	struct os_reltime now, diff;
4106	unsigned int started = work->started;
4107
4108	os_get_reltime(&now);
4109	os_reltime_sub(&now, &work->time, &diff);
4110	wpa_dbg(wpa_s, MSG_DEBUG, "Radio work '%s'@%p %s in %ld.%06ld seconds",
4111	work->type, work, started ? "done" : "canceled",
4112	diff.sec, diff.usec);
4113	radio_work_free(work);
4114	if (started)
4115	radio_work_check_next(wpa_s);
4116	}
4117
4118
4119	struct wpa_radio_work *
4120	radio_work_pending(struct wpa_supplicant wpa_s, const char type)
4121	{
4122	struct wpa_radio_work *work;
4123	struct wpa_radio *radio = wpa_s->radio;
4124
4125	dl_list_for_each(work, &radio->work, struct wpa_radio_work, list) {
4126	if (work->wpa_s == wpa_s && os_strcmp(work->type, type) == 0)
4127	return work;
4128	}
4129
4130	return NULL;
4131	}
4132
4133
4134	static int wpas_init_driver(struct wpa_supplicant *wpa_s,
4135	struct wpa_interface *iface)
4136	{
4137	const char ifname, driver, *rn;
4138
4139	driver = iface->driver;
4140	next_driver:
4141	if (wpa_supplicant_set_driver(wpa_s, driver) < 0)
4142	return -1;
4143
4144	wpa_s->drv_priv = wpa_drv_init(wpa_s, wpa_s->ifname);
4145	if (wpa_s->drv_priv == NULL) {
4146	const char *pos;
4147	pos = driver ? os_strchr(driver, ',') : NULL;
4148	if (pos) {
4149	wpa_dbg(wpa_s, MSG_DEBUG, "Failed to initialize "
4150	"driver interface - try next driver wrapper");
4151	driver = pos + 1;
4152	goto next_driver;
4153	}
4154	wpa_msg(wpa_s, MSG_ERROR, "Failed to initialize driver "
4155	"interface");
4156	return -1;
4157	}
4158	if (wpa_drv_set_param(wpa_s, wpa_s->conf->driver_param) < 0) {
4159	wpa_msg(wpa_s, MSG_ERROR, "Driver interface rejected "
4160	"driver_param '%s'", wpa_s->conf->driver_param);
4161	return -1;
4162	}
4163
4164	ifname = wpa_drv_get_ifname(wpa_s);
4165	if (ifname && os_strcmp(ifname, wpa_s->ifname) != 0) {
4166	wpa_dbg(wpa_s, MSG_DEBUG, "Driver interface replaced "
4167	"interface name with '%s'", ifname);
4168	os_strlcpy(wpa_s->ifname, ifname, sizeof(wpa_s->ifname));
4169	}
4170
4171	rn = wpa_driver_get_radio_name(wpa_s);
4172	if (rn && rn[0] == '\0')
4173	rn = NULL;
4174
4175	wpa_s->radio = radio_add_interface(wpa_s, rn);
4176	if (wpa_s->radio == NULL)
4177	return -1;
4178
4179	return 0;
4180	}
4181
4182
4183	static int wpa_supplicant_init_iface(struct wpa_supplicant *wpa_s,
4184	struct wpa_interface *iface)
4185	{
4186	struct wpa_driver_capa capa;
4187	int capa_res;
4188
4189	wpa_printf(MSG_DEBUG, "Initializing interface '%s' conf '%s' driver "
4190	"'%s' ctrl_interface '%s' bridge '%s'", iface->ifname,
4191	iface->confname ? iface->confname : "N/A",
4192	iface->driver ? iface->driver : "default",
4193	iface->ctrl_interface ? iface->ctrl_interface : "N/A",
4194	iface->bridge_ifname ? iface->bridge_ifname : "N/A");
4195
4196	if (iface->confname) {
4197	#ifdef CONFIG_BACKEND_FILE
4198	wpa_s->confname = os_rel2abs_path(iface->confname);
4199	if (wpa_s->confname == NULL) {
4200	wpa_printf(MSG_ERROR, "Failed to get absolute path "
4201	"for configuration file '%s'.",
4202	iface->confname);
4203	return -1;
4204	}
4205	wpa_printf(MSG_DEBUG, "Configuration file '%s' -> '%s'",
4206	iface->confname, wpa_s->confname);
4207	#else /* CONFIG_BACKEND_FILE */
4208	wpa_s->confname = os_strdup(iface->confname);
4209	#endif /* CONFIG_BACKEND_FILE */
4210	wpa_s->conf = wpa_config_read(wpa_s->confname, NULL);
4211	if (wpa_s->conf == NULL) {
4212	wpa_printf(MSG_ERROR, "Failed to read or parse "
4213	"configuration '%s'.", wpa_s->confname);
4214	return -1;
4215	}
4216	wpa_s->confanother = os_rel2abs_path(iface->confanother);
4217	wpa_config_read(wpa_s->confanother, wpa_s->conf);
4218
4219	/*
4220	* Override ctrl_interface and driver_param if set on command
4221	* line.
4222	*/
4223	if (iface->ctrl_interface) {
4224	os_free(wpa_s->conf->ctrl_interface);
4225	wpa_s->conf->ctrl_interface =
4226	os_strdup(iface->ctrl_interface);
4227	}
4228
4229	if (iface->driver_param) {
4230	os_free(wpa_s->conf->driver_param);
4231	wpa_s->conf->driver_param =
4232	os_strdup(iface->driver_param);
4233	}
4234
4235	if (iface->p2p_mgmt && !iface->ctrl_interface) {
4236	os_free(wpa_s->conf->ctrl_interface);
4237	wpa_s->conf->ctrl_interface = NULL;
4238	}
4239	} else
4240	wpa_s->conf = wpa_config_alloc_empty(iface->ctrl_interface,
4241	iface->driver_param);
4242
4243	if (wpa_s->conf == NULL) {
4244	wpa_printf(MSG_ERROR, "\nNo configuration found.");
4245	return -1;
4246	}
4247
4248	if (iface->ifname == NULL) {
4249	wpa_printf(MSG_ERROR, "\nInterface name is required.");
4250	return -1;
4251	}
4252	if (os_strlen(iface->ifname) >= sizeof(wpa_s->ifname)) {
4253	wpa_printf(MSG_ERROR, "\nToo long interface name '%s'.",
4254	iface->ifname);
4255	return -1;
4256	}
4257	os_strlcpy(wpa_s->ifname, iface->ifname, sizeof(wpa_s->ifname));
4258
4259	if (iface->bridge_ifname) {
4260	if (os_strlen(iface->bridge_ifname) >=
4261	sizeof(wpa_s->bridge_ifname)) {
4262	wpa_printf(MSG_ERROR, "\nToo long bridge interface "
4263	"name '%s'.", iface->bridge_ifname);
4264	return -1;
4265	}
4266	os_strlcpy(wpa_s->bridge_ifname, iface->bridge_ifname,
4267	sizeof(wpa_s->bridge_ifname));
4268	}
4269
4270	/* RSNA Supplicant Key Management - INITIALIZE */
4271	eapol_sm_notify_portEnabled(wpa_s->eapol, FALSE);
4272	eapol_sm_notify_portValid(wpa_s->eapol, FALSE);
4273
4274	/* Initialize driver interface and register driver event handler before
4275	* L2 receive handler so that association events are processed before
4276	* EAPOL-Key packets if both become available for the same select()
4277	* call. */
4278	if (wpas_init_driver(wpa_s, iface) < 0)
4279	return -1;
4280
4281	if (wpa_supplicant_init_wpa(wpa_s) < 0)
4282	return -1;
4283
4284	wpa_sm_set_ifname(wpa_s->wpa, wpa_s->ifname,
4285	wpa_s->bridge_ifname[0] ? wpa_s->bridge_ifname :
4286	NULL);
4287	wpa_sm_set_fast_reauth(wpa_s->wpa, wpa_s->conf->fast_reauth);
4288
4289	if (wpa_s->conf->dot11RSNAConfigPMKLifetime &&
4290	wpa_sm_set_param(wpa_s->wpa, RSNA_PMK_LIFETIME,
4291	wpa_s->conf->dot11RSNAConfigPMKLifetime)) {
4292	wpa_msg(wpa_s, MSG_ERROR, "Invalid WPA parameter value for "
4293	"dot11RSNAConfigPMKLifetime");
4294	return -1;
4295	}
4296
4297	if (wpa_s->conf->dot11RSNAConfigPMKReauthThreshold &&
4298	wpa_sm_set_param(wpa_s->wpa, RSNA_PMK_REAUTH_THRESHOLD,
4299	wpa_s->conf->dot11RSNAConfigPMKReauthThreshold)) {
4300	wpa_msg(wpa_s, MSG_ERROR, "Invalid WPA parameter value for "
4301	"dot11RSNAConfigPMKReauthThreshold");
4302	return -1;
4303	}
4304
4305	if (wpa_s->conf->dot11RSNAConfigSATimeout &&
4306	wpa_sm_set_param(wpa_s->wpa, RSNA_SA_TIMEOUT,
4307	wpa_s->conf->dot11RSNAConfigSATimeout)) {
4308	wpa_msg(wpa_s, MSG_ERROR, "Invalid WPA parameter value for "
4309	"dot11RSNAConfigSATimeout");
4310	return -1;
4311	}
4312
4313	wpa_s->hw.modes = wpa_drv_get_hw_feature_data(wpa_s,
4314	&wpa_s->hw.num_modes,
4315	&wpa_s->hw.flags);
4316	if (wpa_s->hw.modes) {
4317	u16 i;
4318
4319	for (i = 0; i < wpa_s->hw.num_modes; i++) {
4320	if (wpa_s->hw.modes[i].vht_capab) {
4321	wpa_s->hw_capab = CAPAB_VHT;
4322	break;
4323	}
4324
4325	if (wpa_s->hw.modes[i].ht_capab &
4326	HT_CAP_INFO_SUPP_CHANNEL_WIDTH_SET)
4327	wpa_s->hw_capab = CAPAB_HT40;
4328	else if (wpa_s->hw.modes[i].ht_capab &&
4329	wpa_s->hw_capab == CAPAB_NO_HT_VHT)
4330	wpa_s->hw_capab = CAPAB_HT;
4331	}
4332	}
4333
4334	capa_res = wpa_drv_get_capa(wpa_s, &capa);
4335	if (capa_res == 0) {
4336	wpa_s->drv_capa_known = 1;
4337	wpa_s->drv_flags = capa.flags;
4338	wpa_s->drv_enc = capa.enc;
4339	wpa_s->drv_smps_modes = capa.smps_modes;
4340	wpa_s->drv_rrm_flags = capa.rrm_flags;
4341	wpa_s->probe_resp_offloads = capa.probe_resp_offloads;
4342	wpa_s->max_scan_ssids = capa.max_scan_ssids;
4343	wpa_s->max_sched_scan_ssids = capa.max_sched_scan_ssids;
4344	wpa_s->sched_scan_supported = capa.sched_scan_supported;
4345	wpa_s->max_match_sets = capa.max_match_sets;
4346	wpa_s->max_remain_on_chan = capa.max_remain_on_chan;
4347	wpa_s->max_stations = capa.max_stations;
4348	wpa_s->extended_capa = capa.extended_capa;
4349	wpa_s->extended_capa_mask = capa.extended_capa_mask;
4350	wpa_s->extended_capa_len = capa.extended_capa_len;
4351	wpa_s->num_multichan_concurrent =
4352	capa.num_multichan_concurrent;
4353	wpa_s->wmm_ac_supported = capa.wmm_ac_supported;
4354
4355	if (capa.mac_addr_rand_scan_supported)
4356	wpa_s->mac_addr_rand_supported \|= MAC_ADDR_RAND_SCAN;
4357	if (wpa_s->sched_scan_supported &&
4358	capa.mac_addr_rand_sched_scan_supported)
4359	wpa_s->mac_addr_rand_supported \|=
4360	(MAC_ADDR_RAND_SCHED_SCAN \| MAC_ADDR_RAND_PNO);
4361	}
4362	if (wpa_s->max_remain_on_chan == 0)
4363	wpa_s->max_remain_on_chan = 1000;
4364
4365	/*
4366	* Only take p2p_mgmt parameters when P2P Device is supported.
4367	* Doing it here as it determines whether l2_packet_init() will be done
4368	* during wpa_supplicant_driver_init().
4369	*/
4370	if (wpa_s->drv_flags & WPA_DRIVER_FLAGS_DEDICATED_P2P_DEVICE)
4371	wpa_s->p2p_mgmt = iface->p2p_mgmt;
4372	else
4373	iface->p2p_mgmt = 1;
4374
4375	if (wpa_s->num_multichan_concurrent == 0)
4376	wpa_s->num_multichan_concurrent = 1;
4377
4378	if (wpa_supplicant_driver_init(wpa_s) < 0)
4379	return -1;
4380
4381	#ifdef CONFIG_TDLS
4382	if ((!iface->p2p_mgmt \|\|
4383	!(wpa_s->drv_flags &
4384	WPA_DRIVER_FLAGS_DEDICATED_P2P_DEVICE)) &&
4385	wpa_tdls_init(wpa_s->wpa))
4386	return -1;
4387	#endif /* CONFIG_TDLS */
4388
4389	if (wpa_s->conf->country[0] && wpa_s->conf->country[1] &&
4390	wpa_drv_set_country(wpa_s, wpa_s->conf->country)) {
4391	wpa_dbg(wpa_s, MSG_DEBUG, "Failed to set country");
4392	return -1;
4393	}
4394
4395	#ifdef CONFIG_FST
4396	if (wpa_s->conf->fst_group_id) {
4397	struct fst_iface_cfg cfg;
4398	struct fst_wpa_obj iface_obj;
4399
4400	fst_wpa_supplicant_fill_iface_obj(wpa_s, &iface_obj);
4401	os_strlcpy(cfg.group_id, wpa_s->conf->fst_group_id,
4402	sizeof(cfg.group_id));
4403	cfg.priority = wpa_s->conf->fst_priority;
4404	cfg.llt = wpa_s->conf->fst_llt;
4405
4406	wpa_s->fst = fst_attach(wpa_s->ifname, wpa_s->own_addr,
4407	&iface_obj, &cfg);
4408	if (!wpa_s->fst) {
4409	wpa_msg(wpa_s, MSG_ERROR,
4410	"FST: Cannot attach iface %s to group %s",
4411	wpa_s->ifname, cfg.group_id);
4412	return -1;
4413	}
4414	}
4415	#endif /* CONFIG_FST */
4416
4417	if (wpas_wps_init(wpa_s))
4418	return -1;
4419
4420	if (wpa_supplicant_init_eapol(wpa_s) < 0)
4421	return -1;
4422	wpa_sm_set_eapol(wpa_s->wpa, wpa_s->eapol);
4423
4424	wpa_s->ctrl_iface = wpa_supplicant_ctrl_iface_init(wpa_s);
4425	if (wpa_s->ctrl_iface == NULL) {
4426	wpa_printf(MSG_ERROR,
4427	"Failed to initialize control interface '%s'.\n"
4428	"You may have another wpa_supplicant process "
4429	"already running or the file was\n"
4430	"left by an unclean termination of wpa_supplicant "
4431	"in which case you will need\n"
4432	"to manually remove this file before starting "
4433	"wpa_supplicant again.\n",
4434	wpa_s->conf->ctrl_interface);
4435	return -1;
4436	}
4437
4438	wpa_s->gas = gas_query_init(wpa_s);
4439	if (wpa_s->gas == NULL) {
4440	wpa_printf(MSG_ERROR, "Failed to initialize GAS query");
4441	return -1;
4442	}
4443
4444	if (iface->p2p_mgmt && wpas_p2p_init(wpa_s->global, wpa_s) < 0) {
4445	wpa_msg(wpa_s, MSG_ERROR, "Failed to init P2P");
4446	return -1;
4447	}
4448
4449	if (wpa_bss_init(wpa_s) < 0)
4450	return -1;
4451
4452	/*
4453	* Set Wake-on-WLAN triggers, if configured.
4454	* Note: We don't restore/remove the triggers on shutdown (it doesn't
4455	* have effect anyway when the interface is down).
4456	*/
4457	if (capa_res == 0 && wpas_set_wowlan_triggers(wpa_s, &capa) < 0)
4458	return -1;
4459
4460	#ifdef CONFIG_EAP_PROXY
4461	{
4462	size_t len;
4463	wpa_s->mnc_len = eapol_sm_get_eap_proxy_imsi(wpa_s->eapol, wpa_s->imsi,
4464	&len);
4465	if (wpa_s->mnc_len > 0) {
4466	wpa_s->imsi[len] = '\0';
4467	wpa_printf(MSG_DEBUG, "eap_proxy: IMSI %s (MNC length %d)",
4468	wpa_s->imsi, wpa_s->mnc_len);
4469	} else {
4470	wpa_printf(MSG_DEBUG, "eap_proxy: IMSI not available");
4471	}
4472	}
4473	#endif /* CONFIG_EAP_PROXY */
4474
4475	if (pcsc_reader_init(wpa_s) < 0)
4476	return -1;
4477
4478	if (wpas_init_ext_pw(wpa_s) < 0)
4479	return -1;
4480
4481	wpas_rrm_reset(wpa_s);
4482
4483	return 0;
4484	}
4485
4486
4487	static void wpa_supplicant_deinit_iface(struct wpa_supplicant *wpa_s,
4488	int notify, int terminate)
4489	{
4490	struct wpa_global *global = wpa_s->global;
4491	struct wpa_supplicant iface, prev;
4492
4493	if (wpa_s == wpa_s->parent)
4494	wpas_p2p_group_remove(wpa_s, "*");
4495
4496	iface = global->ifaces;
4497	while (iface) {
4498	if (iface == wpa_s \|\| iface->parent != wpa_s) {
4499	iface = iface->next;
4500	continue;
4501	}
4502	wpa_printf(MSG_DEBUG,
4503	"Remove remaining child interface %s from parent %s",
4504	iface->ifname, wpa_s->ifname);
4505	prev = iface;
4506	iface = iface->next;
4507	wpa_supplicant_remove_iface(global, prev, terminate);
4508	}
4509
4510	wpa_s->disconnected = 1;
4511	if (wpa_s->drv_priv) {
4512	wpa_supplicant_deauthenticate(wpa_s,
4513	WLAN_REASON_DEAUTH_LEAVING);
4514
4515	wpa_drv_set_countermeasures(wpa_s, 0);
4516	wpa_clear_keys(wpa_s, NULL);
4517	}
4518
4519	wpa_supplicant_cleanup(wpa_s);
4520	wpas_p2p_deinit_iface(wpa_s);
4521
4522	wpas_ctrl_radio_work_flush(wpa_s);
4523	radio_remove_interface(wpa_s);
4524
4525	#ifdef CONFIG_FST
4526	if (wpa_s->fst) {
4527	fst_detach(wpa_s->fst);
4528	wpa_s->fst = NULL;
4529	}
4530	if (wpa_s->received_mb_ies) {
4531	wpabuf_free(wpa_s->received_mb_ies);
4532	wpa_s->received_mb_ies = NULL;
4533	}
4534	#endif /* CONFIG_FST */
4535
4536	if (wpa_s->drv_priv)
4537	wpa_drv_deinit(wpa_s);
4538
4539	if (notify)
4540	wpas_notify_iface_removed(wpa_s);
4541
4542	if (terminate)
4543	wpa_msg(wpa_s, MSG_INFO, WPA_EVENT_TERMINATING);
4544
4545	if (wpa_s->ctrl_iface) {
4546	wpa_supplicant_ctrl_iface_deinit(wpa_s->ctrl_iface);
4547	wpa_s->ctrl_iface = NULL;
4548	}
4549
4550	#ifdef CONFIG_MESH
4551	if (wpa_s->ifmsh) {
4552	wpa_supplicant_mesh_iface_deinit(wpa_s, wpa_s->ifmsh);
4553	wpa_s->ifmsh = NULL;
4554	}
4555	#endif /* CONFIG_MESH */
4556
4557	if (wpa_s->conf != NULL) {
4558	wpa_config_free(wpa_s->conf);
4559	wpa_s->conf = NULL;
4560	}
4561
4562	os_free(wpa_s->ssids_from_scan_req);
4563
4564	os_free(wpa_s);
4565	}
4566
4567
4568	/**
4569	* wpa_supplicant_add_iface - Add a new network interface
4570	* @global: Pointer to global data from wpa_supplicant_init()
4571	* @iface: Interface configuration options
4572	* @parent: Parent interface or %NULL to assign new interface as parent
4573	* Returns: Pointer to the created interface or %NULL on failure
4574	*
4575	* This function is used to add new network interfaces for %wpa_supplicant.
4576	* This can be called before wpa_supplicant_run() to add interfaces before the
4577	* main event loop has been started. In addition, new interfaces can be added
4578	* dynamically while %wpa_supplicant is already running. This could happen,
4579	* e.g., when a hotplug network adapter is inserted.
4580	*/
4581	struct wpa_supplicant * wpa_supplicant_add_iface(struct wpa_global *global,
4582	struct wpa_interface *iface,
4583	struct wpa_supplicant *parent)
4584	{
4585	struct wpa_supplicant *wpa_s;
4586	struct wpa_interface t_iface;
4587	struct wpa_ssid *ssid;
4588
4589	if (global == NULL \|\| iface == NULL)
4590	return NULL;
4591
4592	wpa_s = wpa_supplicant_alloc(parent);
4593	if (wpa_s == NULL)
4594	return NULL;
4595
4596	wpa_s->global = global;
4597
4598	t_iface = *iface;
4599	if (global->params.override_driver) {
4600	wpa_printf(MSG_DEBUG, "Override interface parameter: driver "
4601	"('%s' -> '%s')",
4602	iface->driver, global->params.override_driver);
4603	t_iface.driver = global->params.override_driver;
4604	}
4605	if (global->params.override_ctrl_interface) {
4606	wpa_printf(MSG_DEBUG, "Override interface parameter: "
4607	"ctrl_interface ('%s' -> '%s')",
4608	iface->ctrl_interface,
4609	global->params.override_ctrl_interface);
4610	t_iface.ctrl_interface =
4611	global->params.override_ctrl_interface;
4612	}
4613	if (wpa_supplicant_init_iface(wpa_s, &t_iface)) {
4614	wpa_printf(MSG_DEBUG, "Failed to add interface %s",
4615	iface->ifname);
4616	wpa_supplicant_deinit_iface(wpa_s, 0, 0);
4617	return NULL;
4618	}
4619
4620	if (iface->p2p_mgmt == 0) {
4621	/* Notify the control interfaces about new iface */
4622	if (wpas_notify_iface_added(wpa_s)) {
4623	wpa_supplicant_deinit_iface(wpa_s, 1, 0);
4624	return NULL;
4625	}
4626
4627	for (ssid = wpa_s->conf->ssid; ssid; ssid = ssid->next)
4628	wpas_notify_network_added(wpa_s, ssid);
4629	}
4630
4631	wpa_s->next = global->ifaces;
4632	global->ifaces = wpa_s;
4633
4634	wpa_dbg(wpa_s, MSG_DEBUG, "Added interface %s", wpa_s->ifname);
4635	wpa_supplicant_set_state(wpa_s, WPA_DISCONNECTED);
4636
4637	#ifdef CONFIG_P2P
4638	if (wpa_s->global->p2p == NULL &&
4639	!wpa_s->global->p2p_disabled && !wpa_s->conf->p2p_disabled &&
4640	(wpa_s->drv_flags & WPA_DRIVER_FLAGS_DEDICATED_P2P_DEVICE) &&
4641	wpas_p2p_add_p2pdev_interface(
4642	wpa_s, wpa_s->global->params.conf_p2p_dev) < 0) {
4643	wpa_printf(MSG_INFO,
4644	"P2P: Failed to enable P2P Device interface");
4645	/* Try to continue without. P2P will be disabled. */
4646	}
4647	#endif /* CONFIG_P2P */
4648
4649	return wpa_s;
4650	}
4651
4652
4653	/**
4654	* wpa_supplicant_remove_iface - Remove a network interface
4655	* @global: Pointer to global data from wpa_supplicant_init()
4656	* @wpa_s: Pointer to the network interface to be removed
4657	* Returns: 0 if interface was removed, -1 if interface was not found
4658	*
4659	* This function can be used to dynamically remove network interfaces from
4660	* %wpa_supplicant, e.g., when a hotplug network adapter is ejected. In
4661	* addition, this function is used to remove all remaining interfaces when
4662	* %wpa_supplicant is terminated.
4663	*/
4664	int wpa_supplicant_remove_iface(struct wpa_global *global,
4665	struct wpa_supplicant *wpa_s,
4666	int terminate)
4667	{
4668	struct wpa_supplicant *prev;
4669	#ifdef CONFIG_MESH
4670	unsigned int mesh_if_created = wpa_s->mesh_if_created;
4671	char *ifname = NULL;
4672	#endif /* CONFIG_MESH */
4673
4674	/* Remove interface from the global list of interfaces */
4675	prev = global->ifaces;
4676	if (prev == wpa_s) {
4677	global->ifaces = wpa_s->next;
4678	} else {
4679	while (prev && prev->next != wpa_s)
4680	prev = prev->next;
4681	if (prev == NULL)
4682	return -1;
4683	prev->next = wpa_s->next;
4684	}
4685
4686	wpa_dbg(wpa_s, MSG_DEBUG, "Removing interface %s", wpa_s->ifname);
4687
4688	#ifdef CONFIG_MESH
4689	if (mesh_if_created) {
4690	ifname = os_strdup(wpa_s->ifname);
4691	if (ifname == NULL) {
4692	wpa_dbg(wpa_s, MSG_ERROR,
4693	"mesh: Failed to malloc ifname");
4694	return -1;
4695	}
4696	}
4697	#endif /* CONFIG_MESH */
4698
4699	if (global->p2p_group_formation == wpa_s)
4700	global->p2p_group_formation = NULL;
4701	if (global->p2p_invite_group == wpa_s)
4702	global->p2p_invite_group = NULL;
4703	wpa_supplicant_deinit_iface(wpa_s, 1, terminate);
4704
4705	#ifdef CONFIG_MESH
4706	if (mesh_if_created) {
4707	wpa_drv_if_remove(global->ifaces, WPA_IF_MESH, ifname);
4708	os_free(ifname);
4709	}
4710	#endif /* CONFIG_MESH */
4711
4712	return 0;
4713	}
4714
4715
4716	/**
4717	* wpa_supplicant_get_eap_mode - Get the current EAP mode
4718	* @wpa_s: Pointer to the network interface
4719	* Returns: Pointer to the eap mode or the string "UNKNOWN" if not found
4720	*/
4721	const char * wpa_supplicant_get_eap_mode(struct wpa_supplicant *wpa_s)
4722	{
4723	const char *eapol_method;
4724
4725	if (wpa_key_mgmt_wpa_ieee8021x(wpa_s->key_mgmt) == 0 &&
4726	wpa_s->key_mgmt != WPA_KEY_MGMT_IEEE8021X_NO_WPA) {
4727	return "NO-EAP";
4728	}
4729
4730	eapol_method = eapol_sm_get_method_name(wpa_s->eapol);
4731	if (eapol_method == NULL)
4732	return "UNKNOWN-EAP";
4733
4734	return eapol_method;
4735	}
4736
4737
4738	/**
4739	* wpa_supplicant_get_iface - Get a new network interface
4740	* @global: Pointer to global data from wpa_supplicant_init()
4741	* @ifname: Interface name
4742	* Returns: Pointer to the interface or %NULL if not found
4743	*/
4744	struct wpa_supplicant * wpa_supplicant_get_iface(struct wpa_global *global,
4745	const char *ifname)
4746	{
4747	struct wpa_supplicant *wpa_s;
4748
4749	for (wpa_s = global->ifaces; wpa_s; wpa_s = wpa_s->next) {
4750	if (os_strcmp(wpa_s->ifname, ifname) == 0)
4751	return wpa_s;
4752	}
4753	return NULL;
4754	}
4755
4756
4757	#ifndef CONFIG_NO_WPA_MSG
4758	static const char * wpa_supplicant_msg_ifname_cb(void *ctx)
4759	{
4760	struct wpa_supplicant *wpa_s = ctx;
4761	if (wpa_s == NULL)
4762	return NULL;
4763	return wpa_s->ifname;
4764	}
4765	#endif /* CONFIG_NO_WPA_MSG */
4766
4767
4768	#ifndef WPA_SUPPLICANT_CLEANUP_INTERVAL
4769	#define WPA_SUPPLICANT_CLEANUP_INTERVAL 10
4770	#endif /* WPA_SUPPLICANT_CLEANUP_INTERVAL */
4771
4772	/* Periodic cleanup tasks */
4773	static void wpas_periodic(void eloop_ctx, void timeout_ctx)
4774	{
4775	struct wpa_global *global = eloop_ctx;
4776	struct wpa_supplicant *wpa_s;
4777
4778	eloop_register_timeout(WPA_SUPPLICANT_CLEANUP_INTERVAL, 0,
4779	wpas_periodic, global, NULL);
4780
4781	#ifdef CONFIG_P2P
4782	if (global->p2p)
4783	p2p_expire_peers(global->p2p);
4784	#endif /* CONFIG_P2P */
4785
4786	for (wpa_s = global->ifaces; wpa_s; wpa_s = wpa_s->next) {
4787	wpa_bss_flush_by_age(wpa_s, wpa_s->conf->bss_expiration_age);
4788	#ifdef CONFIG_AP
4789	ap_periodic(wpa_s);
4790	#endif /* CONFIG_AP */
4791	}
4792	}
4793
4794
4795	/**
4796	* wpa_supplicant_init - Initialize %wpa_supplicant
4797	* @params: Parameters for %wpa_supplicant
4798	* Returns: Pointer to global %wpa_supplicant data, or %NULL on failure
4799	*
4800	* This function is used to initialize %wpa_supplicant. After successful
4801	* initialization, the returned data pointer can be used to add and remove
4802	* network interfaces, and eventually, to deinitialize %wpa_supplicant.
4803	*/
4804	struct wpa_global * wpa_supplicant_init(struct wpa_params *params)
4805	{
4806	struct wpa_global *global;
4807	int ret, i;
4808
4809	if (params == NULL)
4810	return NULL;
4811
4812	#ifdef CONFIG_DRIVER_NDIS
4813	{
4814	void driver_ndis_init_ops(void);
4815	driver_ndis_init_ops();
4816	}
4817	#endif /* CONFIG_DRIVER_NDIS */
4818
4819	#ifndef CONFIG_NO_WPA_MSG
4820	wpa_msg_register_ifname_cb(wpa_supplicant_msg_ifname_cb);
4821	#endif /* CONFIG_NO_WPA_MSG */
4822
4823	if (params->wpa_debug_file_path)
4824	wpa_debug_open_file(params->wpa_debug_file_path);
4825	else
4826	wpa_debug_setup_stdout();
4827	if (params->wpa_debug_syslog)
4828	wpa_debug_open_syslog();
4829	if (params->wpa_debug_tracing) {
4830	ret = wpa_debug_open_linux_tracing();
4831	if (ret) {
4832	wpa_printf(MSG_ERROR,
4833	"Failed to enable trace logging");
4834	return NULL;
4835	}
4836	}
4837
4838	ret = eap_register_methods();
4839	if (ret) {
4840	wpa_printf(MSG_ERROR, "Failed to register EAP methods");
4841	if (ret == -2)
4842	wpa_printf(MSG_ERROR, "Two or more EAP methods used "
4843	"the same EAP type.");
4844	return NULL;
4845	}
4846
4847	global = os_zalloc(sizeof(*global));
4848	if (global == NULL)
4849	return NULL;
4850	dl_list_init(&global->p2p_srv_bonjour);
4851	dl_list_init(&global->p2p_srv_upnp);
4852	global->params.daemonize = params->daemonize;
4853	global->params.wait_for_monitor = params->wait_for_monitor;
4854	global->params.dbus_ctrl_interface = params->dbus_ctrl_interface;
4855	if (params->pid_file)
4856	global->params.pid_file = os_strdup(params->pid_file);
4857	if (params->ctrl_interface)
4858	global->params.ctrl_interface =
4859	os_strdup(params->ctrl_interface);
4860	if (params->ctrl_interface_group)
4861	global->params.ctrl_interface_group =
4862	os_strdup(params->ctrl_interface_group);
4863	if (params->override_driver)
4864	global->params.override_driver =
4865	os_strdup(params->override_driver);
4866	if (params->override_ctrl_interface)
4867	global->params.override_ctrl_interface =
4868	os_strdup(params->override_ctrl_interface);
4869	#ifdef CONFIG_P2P
4870	if (params->conf_p2p_dev)
4871	global->params.conf_p2p_dev =
4872	os_strdup(params->conf_p2p_dev);
4873	#endif /* CONFIG_P2P */
4874	wpa_debug_level = global->params.wpa_debug_level =
4875	params->wpa_debug_level;
4876	wpa_debug_show_keys = global->params.wpa_debug_show_keys =
4877	params->wpa_debug_show_keys;
4878	wpa_debug_timestamp = global->params.wpa_debug_timestamp =
4879	params->wpa_debug_timestamp;
4880
4881	wpa_printf(MSG_DEBUG, "wpa_supplicant v" VERSION_STR);
4882
4883	if (eloop_init()) {
4884	wpa_printf(MSG_ERROR, "Failed to initialize event loop");
4885	wpa_supplicant_deinit(global);
4886	return NULL;
4887	}
4888
4889	random_init(params->entropy_file);
4890
4891	global->ctrl_iface = wpa_supplicant_global_ctrl_iface_init(global);
4892	if (global->ctrl_iface == NULL) {
4893	wpa_supplicant_deinit(global);
4894	return NULL;
4895	}
4896
4897	if (wpas_notify_supplicant_initialized(global)) {
4898	wpa_supplicant_deinit(global);
4899	return NULL;
4900	}
4901
4902	for (i = 0; wpa_drivers[i]; i++)
4903	global->drv_count++;
4904	if (global->drv_count == 0) {
4905	wpa_printf(MSG_ERROR, "No drivers enabled");
4906	wpa_supplicant_deinit(global);
4907	return NULL;
4908	}
4909	global->drv_priv = os_calloc(global->drv_count, sizeof(void *));
4910	if (global->drv_priv == NULL) {
4911	wpa_supplicant_deinit(global);
4912	return NULL;
4913	}
4914
4915	#ifdef CONFIG_WIFI_DISPLAY
4916	if (wifi_display_init(global) < 0) {
4917	wpa_printf(MSG_ERROR, "Failed to initialize Wi-Fi Display");
4918	wpa_supplicant_deinit(global);
4919	return NULL;
4920	}
4921	#endif /* CONFIG_WIFI_DISPLAY */
4922
4923	eloop_register_timeout(WPA_SUPPLICANT_CLEANUP_INTERVAL, 0,
4924	wpas_periodic, global, NULL);
4925
4926	return global;
4927	}
4928
4929
4930	/**
4931	* wpa_supplicant_run - Run the %wpa_supplicant main event loop
4932	* @global: Pointer to global data from wpa_supplicant_init()
4933	* Returns: 0 after successful event loop run, -1 on failure
4934	*
4935	* This function starts the main event loop and continues running as long as
4936	* there are any remaining events. In most cases, this function is running as
4937	* long as the %wpa_supplicant process in still in use.
4938	*/
4939	int wpa_supplicant_run(struct wpa_global *global)
4940	{
4941	struct wpa_supplicant *wpa_s;
4942
4943	if (global->params.daemonize &&
4944	wpa_supplicant_daemon(global->params.pid_file))
4945	return -1;
4946
4947	if (global->params.wait_for_monitor) {
4948	for (wpa_s = global->ifaces; wpa_s; wpa_s = wpa_s->next)
4949	if (wpa_s->ctrl_iface)
4950	wpa_supplicant_ctrl_iface_wait(
4951	wpa_s->ctrl_iface);
4952	}
4953
4954	eloop_register_signal_terminate(wpa_supplicant_terminate, global);
4955	eloop_register_signal_reconfig(wpa_supplicant_reconfig, global);
4956
4957	eloop_run();
4958
4959	return 0;
4960	}
4961
4962
4963	/**
4964	* wpa_supplicant_deinit - Deinitialize %wpa_supplicant
4965	* @global: Pointer to global data from wpa_supplicant_init()
4966	*
4967	* This function is called to deinitialize %wpa_supplicant and to free all
4968	* allocated resources. Remaining network interfaces will also be removed.
4969	*/
4970	void wpa_supplicant_deinit(struct wpa_global *global)
4971	{
4972	int i;
4973
4974	if (global == NULL)
4975	return;
4976
4977	eloop_cancel_timeout(wpas_periodic, global, NULL);
4978
4979	#ifdef CONFIG_WIFI_DISPLAY
4980	wifi_display_deinit(global);
4981	#endif /* CONFIG_WIFI_DISPLAY */
4982
4983	while (global->ifaces)
4984	wpa_supplicant_remove_iface(global, global->ifaces, 1);
4985
4986	if (global->ctrl_iface)
4987	wpa_supplicant_global_ctrl_iface_deinit(global->ctrl_iface);
4988
4989	wpas_notify_supplicant_deinitialized(global);
4990
4991	eap_peer_unregister_methods();
4992	#ifdef CONFIG_AP
4993	eap_server_unregister_methods();
4994	#endif /* CONFIG_AP */
4995
4996	for (i = 0; wpa_drivers[i] && global->drv_priv; i++) {
4997	if (!global->drv_priv[i])
4998	continue;
4999	wpa_drivers[i]->global_deinit(global->drv_priv[i]);
5000	}
5001	os_free(global->drv_priv);
5002
5003	random_deinit();
5004
5005	eloop_destroy();
5006
5007	if (global->params.pid_file) {
5008	os_daemonize_terminate(global->params.pid_file);
5009	os_free(global->params.pid_file);
5010	}
5011	os_free(global->params.ctrl_interface);
5012	os_free(global->params.ctrl_interface_group);
5013	os_free(global->params.override_driver);
5014	os_free(global->params.override_ctrl_interface);
5015	#ifdef CONFIG_P2P
5016	os_free(global->params.conf_p2p_dev);
5017	#endif /* CONFIG_P2P */
5018
5019	os_free(global->p2p_disallow_freq.range);
5020	os_free(global->p2p_go_avoid_freq.range);
5021	os_free(global->add_psk);
5022
5023	os_free(global);
5024	wpa_debug_close_syslog();
5025	wpa_debug_close_file();
5026	wpa_debug_close_linux_tracing();
5027	}
5028
5029
5030	void wpa_supplicant_update_config(struct wpa_supplicant *wpa_s)
5031	{
5032	if ((wpa_s->conf->changed_parameters & CFG_CHANGED_COUNTRY) &&
5033	wpa_s->conf->country[0] && wpa_s->conf->country[1]) {
5034	char country[3];
5035	country[0] = wpa_s->conf->country[0];
5036	country[1] = wpa_s->conf->country[1];
5037	country[2] = '\0';
5038	if (wpa_drv_set_country(wpa_s, country) < 0) {
5039	wpa_printf(MSG_ERROR, "Failed to set country code "
5040	"'%s'", country);
5041	}
5042	}
5043
5044	if (wpa_s->conf->changed_parameters & CFG_CHANGED_EXT_PW_BACKEND)
5045	wpas_init_ext_pw(wpa_s);
5046
5047	#ifdef CONFIG_WPS
5048	wpas_wps_update_config(wpa_s);
5049	#endif /* CONFIG_WPS */
5050	wpas_p2p_update_config(wpa_s);
5051	wpa_s->conf->changed_parameters = 0;
5052	}
5053
5054
5055	void add_freq(int freqs, int num_freqs, int freq)
5056	{
5057	int i;
5058
5059	for (i = 0; i < *num_freqs; i++) {
5060	if (freqs[i] == freq)
5061	return;
5062	}
5063
5064	freqs[*num_freqs] = freq;
5065	(*num_freqs)++;
5066	}
5067
5068
5069	static int * get_bss_freqs_in_ess(struct wpa_supplicant *wpa_s)
5070	{
5071	struct wpa_bss bss, cbss;
5072	const int max_freqs = 10;
5073	int *freqs;
5074	int num_freqs = 0;
5075
5076	freqs = os_calloc(max_freqs + 1, sizeof(int));
5077	if (freqs == NULL)
5078	return NULL;
5079
5080	cbss = wpa_s->current_bss;
5081
5082	dl_list_for_each(bss, &wpa_s->bss, struct wpa_bss, list) {
5083	if (bss == cbss)
5084	continue;
5085	if (bss->ssid_len == cbss->ssid_len &&
5086	os_memcmp(bss->ssid, cbss->ssid, bss->ssid_len) == 0 &&
5087	wpa_blacklist_get(wpa_s, bss->bssid) == NULL) {
5088	add_freq(freqs, &num_freqs, bss->freq);
5089	if (num_freqs == max_freqs)
5090	break;
5091	}
5092	}
5093
5094	if (num_freqs == 0) {
5095	os_free(freqs);
5096	freqs = NULL;
5097	}
5098
5099	return freqs;
5100	}
5101
5102
5103	void wpas_connection_failed(struct wpa_supplicant wpa_s, const u8 bssid)
5104	{
5105	int timeout;
5106	int count;
5107	int *freqs = NULL;
5108
5109	wpas_connect_work_done(wpa_s);
5110
5111	/*
5112	* Remove possible authentication timeout since the connection failed.
5113	*/
5114	eloop_cancel_timeout(wpa_supplicant_timeout, wpa_s, NULL);
5115
5116	/*
5117	* There is no point in blacklisting the AP if this event is
5118	* generated based on local request to disconnect.
5119	*/
5120	if (wpa_s->own_disconnect_req) {
5121	wpa_s->own_disconnect_req = 0;
5122	wpa_dbg(wpa_s, MSG_DEBUG,
5123	"Ignore connection failure due to local request to disconnect");
5124	return;
5125	}
5126	if (wpa_s->disconnected) {
5127	wpa_dbg(wpa_s, MSG_DEBUG, "Ignore connection failure "
5128	"indication since interface has been put into "
5129	"disconnected state");
5130	return;
5131	}
5132
5133	/*
5134	* Add the failed BSSID into the blacklist and speed up next scan
5135	* attempt if there could be other APs that could accept association.
5136	* The current blacklist count indicates how many times we have tried
5137	* connecting to this AP and multiple attempts mean that other APs are
5138	* either not available or has already been tried, so that we can start
5139	* increasing the delay here to avoid constant scanning.
5140	*/
5141	count = wpa_blacklist_add(wpa_s, bssid);
5142	if (count == 1 && wpa_s->current_bss) {
5143	/*
5144	* This BSS was not in the blacklist before. If there is
5145	* another BSS available for the same ESS, we should try that
5146	* next. Otherwise, we may as well try this one once more
5147	* before allowing other, likely worse, ESSes to be considered.
5148	*/
5149	freqs = get_bss_freqs_in_ess(wpa_s);
5150	if (freqs) {
5151	wpa_dbg(wpa_s, MSG_DEBUG, "Another BSS in this ESS "
5152	"has been seen; try it next");
5153	wpa_blacklist_add(wpa_s, bssid);
5154	/*
5155	* On the next scan, go through only the known channels
5156	* used in this ESS based on previous scans to speed up
5157	* common load balancing use case.
5158	*/
5159	os_free(wpa_s->next_scan_freqs);
5160	wpa_s->next_scan_freqs = freqs;
5161	}
5162	}
5163
5164	/*
5165	* Add previous failure count in case the temporary blacklist was
5166	* cleared due to no other BSSes being available.
5167	*/
5168	count += wpa_s->extra_blacklist_count;
5169
5170	if (count > 3 && wpa_s->current_ssid) {
5171	wpa_printf(MSG_DEBUG, "Continuous association failures - "
5172	"consider temporary network disabling");
5173	wpas_auth_failed(wpa_s, "CONN_FAILED");
5174	}
5175
5176	switch (count) {
5177	case 1:
5178	timeout = 100;
5179	break;
5180	case 2:
5181	timeout = 500;
5182	break;
5183	case 3:
5184	timeout = 1000;
5185	break;
5186	case 4:
5187	timeout = 5000;
5188	break;
5189	default:
5190	timeout = 10000;
5191	break;
5192	}
5193
5194	wpa_dbg(wpa_s, MSG_DEBUG, "Blacklist count %d --> request scan in %d "
5195	"ms", count, timeout);
5196
5197	/*
5198	* TODO: if more than one possible AP is available in scan results,
5199	* could try the other ones before requesting a new scan.
5200	*/
5201	wpa_supplicant_req_scan(wpa_s, timeout / 1000,
5202	1000 * (timeout % 1000));
5203	}
5204
5205
5206	int wpas_driver_bss_selection(struct wpa_supplicant *wpa_s)
5207	{
5208	return wpa_s->conf->ap_scan == 2 \|\|
5209	(wpa_s->drv_flags & WPA_DRIVER_FLAGS_BSS_SELECTION);
5210	}
5211
5212
5213	#if defined(CONFIG_CTRL_IFACE) \|\| defined(CONFIG_CTRL_IFACE_DBUS_NEW)
5214	int wpa_supplicant_ctrl_iface_ctrl_rsp_handle(struct wpa_supplicant *wpa_s,
5215	struct wpa_ssid *ssid,
5216	const char *field,
5217	const char *value)
5218	{
5219	#ifdef IEEE8021X_EAPOL
5220	struct eap_peer_config *eap = &ssid->eap;
5221
5222	wpa_printf(MSG_DEBUG, "CTRL_IFACE: response handle field=%s", field);
5223	wpa_hexdump_ascii_key(MSG_DEBUG, "CTRL_IFACE: response value",
5224	(const u8 *) value, os_strlen(value));
5225
5226	switch (wpa_supplicant_ctrl_req_from_string(field)) {
5227	case WPA_CTRL_REQ_EAP_IDENTITY:
5228	os_free(eap->identity);
5229	eap->identity = (u8 *) os_strdup(value);
5230	eap->identity_len = os_strlen(value);
5231	eap->pending_req_identity = 0;
5232	if (ssid == wpa_s->current_ssid)
5233	wpa_s->reassociate = 1;
5234	break;
5235	case WPA_CTRL_REQ_EAP_PASSWORD:
5236	bin_clear_free(eap->password, eap->password_len);
5237	eap->password = (u8 *) os_strdup(value);
5238	eap->password_len = os_strlen(value);
5239	eap->pending_req_password = 0;
5240	if (ssid == wpa_s->current_ssid)
5241	wpa_s->reassociate = 1;
5242	break;
5243	case WPA_CTRL_REQ_EAP_NEW_PASSWORD:
5244	bin_clear_free(eap->new_password, eap->new_password_len);
5245	eap->new_password = (u8 *) os_strdup(value);
5246	eap->new_password_len = os_strlen(value);
5247	eap->pending_req_new_password = 0;
5248	if (ssid == wpa_s->current_ssid)
5249	wpa_s->reassociate = 1;
5250	break;
5251	case WPA_CTRL_REQ_EAP_PIN:
5252	str_clear_free(eap->pin);
5253	eap->pin = os_strdup(value);
5254	eap->pending_req_pin = 0;
5255	if (ssid == wpa_s->current_ssid)
5256	wpa_s->reassociate = 1;
5257	break;
5258	case WPA_CTRL_REQ_EAP_OTP:
5259	bin_clear_free(eap->otp, eap->otp_len);
5260	eap->otp = (u8 *) os_strdup(value);
5261	eap->otp_len = os_strlen(value);
5262	os_free(eap->pending_req_otp);
5263	eap->pending_req_otp = NULL;
5264	eap->pending_req_otp_len = 0;
5265	break;
5266	case WPA_CTRL_REQ_EAP_PASSPHRASE:
5267	str_clear_free(eap->private_key_passwd);
5268	eap->private_key_passwd = os_strdup(value);
5269	eap->pending_req_passphrase = 0;
5270	if (ssid == wpa_s->current_ssid)
5271	wpa_s->reassociate = 1;
5272	break;
5273	case WPA_CTRL_REQ_SIM:
5274	str_clear_free(eap->external_sim_resp);
5275	eap->external_sim_resp = os_strdup(value);
5276	break;
5277	case WPA_CTRL_REQ_PSK_PASSPHRASE:
5278	if (wpa_config_set(ssid, "psk", value, 0) < 0)
5279	return -1;
5280	ssid->mem_only_psk = 1;
5281	if (ssid->passphrase)
5282	wpa_config_update_psk(ssid);
5283	if (wpa_s->wpa_state == WPA_SCANNING && !wpa_s->scanning)
5284	wpa_supplicant_req_scan(wpa_s, 0, 0);
5285	break;
5286	default:
5287	wpa_printf(MSG_DEBUG, "CTRL_IFACE: Unknown field '%s'", field);
5288	return -1;
5289	}
5290
5291	return 0;
5292	#else /* IEEE8021X_EAPOL */
5293	wpa_printf(MSG_DEBUG, "CTRL_IFACE: IEEE 802.1X not included");
5294	return -1;
5295	#endif /* IEEE8021X_EAPOL */
5296	}
5297	#endif /* CONFIG_CTRL_IFACE \|\| CONFIG_CTRL_IFACE_DBUS_NEW */
5298
5299
5300	int wpas_network_disabled(struct wpa_supplicant wpa_s, struct wpa_ssid ssid)
5301	{
5302	int i;
5303	unsigned int drv_enc;
5304
5305	if (wpa_s->p2p_mgmt)
5306	return 1; /* no normal network profiles on p2p_mgmt interface */
5307
5308	if (ssid == NULL)
5309	return 1;
5310
5311	if (ssid->disabled)
5312	return 1;
5313
5314	if (wpa_s->drv_capa_known)
5315	drv_enc = wpa_s->drv_enc;
5316	else
5317	drv_enc = (unsigned int) -1;
5318
5319	for (i = 0; i < NUM_WEP_KEYS; i++) {
5320	size_t len = ssid->wep_key_len[i];
5321	if (len == 0)
5322	continue;
5323	if (len == 5 && (drv_enc & WPA_DRIVER_CAPA_ENC_WEP40))
5324	continue;
5325	if (len == 13 && (drv_enc & WPA_DRIVER_CAPA_ENC_WEP104))
5326	continue;
5327	if (len == 16 && (drv_enc & WPA_DRIVER_CAPA_ENC_WEP128))
5328	continue;
5329	return 1; /* invalid WEP key */
5330	}
5331
5332	if (wpa_key_mgmt_wpa_psk(ssid->key_mgmt) && !ssid->psk_set &&
5333	(!ssid->passphrase \|\| ssid->ssid_len != 0) && !ssid->ext_psk &&
5334	!ssid->mem_only_psk)
5335	return 1;
5336
5337	return 0;
5338	}
5339
5340
5341	int wpas_get_ssid_pmf(struct wpa_supplicant wpa_s, struct wpa_ssid ssid)
5342	{
5343	#ifdef CONFIG_IEEE80211W
5344	if (ssid == NULL \|\| ssid->ieee80211w == MGMT_FRAME_PROTECTION_DEFAULT) {
5345	if (wpa_s->conf->pmf == MGMT_FRAME_PROTECTION_OPTIONAL &&
5346	!(wpa_s->drv_enc & WPA_DRIVER_CAPA_ENC_BIP)) {
5347	/*
5348	* Driver does not support BIP -- ignore pmf=1 default
5349	* since the connection with PMF would fail and the
5350	* configuration does not require PMF to be enabled.
5351	*/
5352	return NO_MGMT_FRAME_PROTECTION;
5353	}
5354
5355	return wpa_s->conf->pmf;
5356	}
5357
5358	return ssid->ieee80211w;
5359	#else /* CONFIG_IEEE80211W */
5360	return NO_MGMT_FRAME_PROTECTION;
5361	#endif /* CONFIG_IEEE80211W */
5362	}
5363
5364
5365	int wpas_is_p2p_prioritized(struct wpa_supplicant *wpa_s)
5366	{
5367	if (wpa_s->global->conc_pref == WPA_CONC_PREF_P2P)
5368	return 1;
5369	if (wpa_s->global->conc_pref == WPA_CONC_PREF_STA)
5370	return 0;
5371	return -1;
5372	}
5373
5374
5375	void wpas_auth_failed(struct wpa_supplicant wpa_s, char reason)
5376	{
5377	struct wpa_ssid *ssid = wpa_s->current_ssid;
5378	int dur;
5379	struct os_reltime now;
5380
5381	if (ssid == NULL) {
5382	wpa_printf(MSG_DEBUG, "Authentication failure but no known "
5383	"SSID block");
5384	return;
5385	}
5386
5387	if (ssid->key_mgmt == WPA_KEY_MGMT_WPS)
5388	return;
5389
5390	ssid->auth_failures++;
5391
5392	#ifdef CONFIG_P2P
5393	if (ssid->p2p_group &&
5394	(wpa_s->p2p_in_provisioning \|\| wpa_s->show_group_started)) {
5395	/*
5396	* Skip the wait time since there is a short timeout on the
5397	* connection to a P2P group.
5398	*/
5399	return;
5400	}
5401	#endif /* CONFIG_P2P */
5402
5403	if (ssid->auth_failures > 50)
5404	dur = 300;
5405	else if (ssid->auth_failures > 10)
5406	dur = 120;
5407	else if (ssid->auth_failures > 5)
5408	dur = 90;
5409	else if (ssid->auth_failures > 3)
5410	dur = 60;
5411	else if (ssid->auth_failures > 2)
5412	dur = 30;
5413	else if (ssid->auth_failures > 1)
5414	dur = 20;
5415	else
5416	dur = 10;
5417
5418	if (ssid->auth_failures > 1 &&
5419	wpa_key_mgmt_wpa_ieee8021x(ssid->key_mgmt))
5420	dur += os_random() % (ssid->auth_failures * 10);
5421
5422	os_get_reltime(&now);
5423	if (now.sec + dur <= ssid->disabled_until.sec)
5424	return;
5425
5426	ssid->disabled_until.sec = now.sec + dur;
5427
5428	wpa_msg(wpa_s, MSG_INFO, WPA_EVENT_TEMP_DISABLED
5429	"id=%d ssid=\"%s\" auth_failures=%u duration=%d reason=%s",
5430	ssid->id, wpa_ssid_txt(ssid->ssid, ssid->ssid_len),
5431	ssid->auth_failures, dur, reason);
5432	}
5433
5434
5435	void wpas_clear_temp_disabled(struct wpa_supplicant *wpa_s,
5436	struct wpa_ssid *ssid, int clear_failures)
5437	{
5438	if (ssid == NULL)
5439	return;
5440
5441	if (ssid->disabled_until.sec) {
5442	wpa_msg(wpa_s, MSG_INFO, WPA_EVENT_REENABLED
5443	"id=%d ssid=\"%s\"",
5444	ssid->id, wpa_ssid_txt(ssid->ssid, ssid->ssid_len));
5445	}
5446	ssid->disabled_until.sec = 0;
5447	ssid->disabled_until.usec = 0;
5448	if (clear_failures)
5449	ssid->auth_failures = 0;
5450	}
5451
5452
5453	int disallowed_bssid(struct wpa_supplicant wpa_s, const u8 bssid)
5454	{
5455	size_t i;
5456
5457	if (wpa_s->disallow_aps_bssid == NULL)
5458	return 0;
5459
5460	for (i = 0; i < wpa_s->disallow_aps_bssid_count; i++) {
5461	if (os_memcmp(wpa_s->disallow_aps_bssid + i * ETH_ALEN,
5462	bssid, ETH_ALEN) == 0)
5463	return 1;
5464	}
5465
5466	return 0;
5467	}
5468
5469
5470	int disallowed_ssid(struct wpa_supplicant wpa_s, const u8 ssid,
5471	size_t ssid_len)
5472	{
5473	size_t i;
5474
5475	if (wpa_s->disallow_aps_ssid == NULL \|\| ssid == NULL)
5476	return 0;
5477
5478	for (i = 0; i < wpa_s->disallow_aps_ssid_count; i++) {
5479	struct wpa_ssid_value *s = &wpa_s->disallow_aps_ssid[i];
5480	if (ssid_len == s->ssid_len &&
5481	os_memcmp(ssid, s->ssid, ssid_len) == 0)
5482	return 1;
5483	}
5484
5485	return 0;
5486	}
5487
5488
5489	/**
5490	* wpas_request_connection - Request a new connection
5491	* @wpa_s: Pointer to the network interface
5492	*
5493	* This function is used to request a new connection to be found. It will mark
5494	* the interface to allow reassociation and request a new scan to find a
5495	* suitable network to connect to.
5496	*/
5497	void wpas_request_connection(struct wpa_supplicant *wpa_s)
5498	{
5499	wpa_s->normal_scans = 0;
5500	wpa_s->scan_req = NORMAL_SCAN_REQ;
5501	wpa_supplicant_reinit_autoscan(wpa_s);
5502	wpa_s->extra_blacklist_count = 0;
5503	wpa_s->disconnected = 0;
5504	wpa_s->reassociate = 1;
5505
5506	if (wpa_supplicant_fast_associate(wpa_s) != 1)
5507	wpa_supplicant_req_scan(wpa_s, 0, 0);
5508	else
5509	wpa_s->reattach = 0;
5510	}
5511
5512
5513	void dump_freq_data(struct wpa_supplicant wpa_s, const char title,
5514	struct wpa_used_freq_data *freqs_data,
5515	unsigned int len)
5516	{
5517	unsigned int i;
5518
5519	wpa_dbg(wpa_s, MSG_DEBUG, "Shared frequencies (len=%u): %s",
5520	len, title);
5521	for (i = 0; i < len; i++) {
5522	struct wpa_used_freq_data *cur = &freqs_data[i];
5523	wpa_dbg(wpa_s, MSG_DEBUG, "freq[%u]: %d, flags=0x%X",
5524	i, cur->freq, cur->flags);
5525	}
5526	}
5527
5528
5529	/*
5530	* Find the operating frequencies of any of the virtual interfaces that
5531	* are using the same radio as the current interface, and in addition, get
5532	* information about the interface types that are using the frequency.
5533	*/
5534	int get_shared_radio_freqs_data(struct wpa_supplicant *wpa_s,
5535	struct wpa_used_freq_data *freqs_data,
5536	unsigned int len)
5537	{
5538	struct wpa_supplicant *ifs;
5539	u8 bssid[ETH_ALEN];
5540	int freq;
5541	unsigned int idx = 0, i;
5542
5543	wpa_dbg(wpa_s, MSG_DEBUG,
5544	"Determining shared radio frequencies (max len %u)", len);
5545	os_memset(freqs_data, 0, sizeof(struct wpa_used_freq_data) * len);
5546
5547	dl_list_for_each(ifs, &wpa_s->radio->ifaces, struct wpa_supplicant,
5548	radio_list) {
5549	if (idx == len)
5550	break;
5551
5552	if (ifs->current_ssid == NULL \|\| ifs->assoc_freq == 0)
5553	continue;
5554
5555	if (ifs->current_ssid->mode == WPAS_MODE_AP \|\|
5556	ifs->current_ssid->mode == WPAS_MODE_P2P_GO \|\|
5557	ifs->current_ssid->mode == WPAS_MODE_MESH)
5558	freq = ifs->current_ssid->frequency;
5559	else if (wpa_drv_get_bssid(ifs, bssid) == 0)
5560	freq = ifs->assoc_freq;
5561	else
5562	continue;
5563
5564	/* Hold only distinct freqs */
5565	for (i = 0; i < idx; i++)
5566	if (freqs_data[i].freq == freq)
5567	break;
5568
5569	if (i == idx)
5570	freqs_data[idx++].freq = freq;
5571
5572	if (ifs->current_ssid->mode == WPAS_MODE_INFRA) {
5573	freqs_data[i].flags \|= ifs->current_ssid->p2p_group ?
5574	WPA_FREQ_USED_BY_P2P_CLIENT :
5575	WPA_FREQ_USED_BY_INFRA_STATION;
5576	}
5577	}
5578
5579	dump_freq_data(wpa_s, "completed iteration", freqs_data, idx);
5580	return idx;
5581	}
5582
5583
5584	/*
5585	* Find the operating frequencies of any of the virtual interfaces that
5586	* are using the same radio as the current interface.
5587	*/
5588	int get_shared_radio_freqs(struct wpa_supplicant *wpa_s,
5589	int *freq_array, unsigned int len)
5590	{
5591	struct wpa_used_freq_data *freqs_data;
5592	int num, i;
5593
5594	os_memset(freq_array, 0, sizeof(int) * len);
5595
5596	freqs_data = os_calloc(len, sizeof(struct wpa_used_freq_data));
5597	if (!freqs_data)
5598	return -1;
5599
5600	num = get_shared_radio_freqs_data(wpa_s, freqs_data, len);
5601	for (i = 0; i < num; i++)
5602	freq_array[i] = freqs_data[i].freq;
5603
5604	os_free(freqs_data);
5605
5606	return num;
5607	}
5608
5609
5610	static void wpas_rrm_neighbor_rep_timeout_handler(void data, void user_ctx)
5611	{
5612	struct rrm_data *rrm = data;
5613
5614	if (!rrm->notify_neighbor_rep) {
5615	wpa_printf(MSG_ERROR,
5616	"RRM: Unexpected neighbor report timeout");
5617	return;
5618	}
5619
5620	wpa_printf(MSG_DEBUG, "RRM: Notifying neighbor report - NONE");
5621	rrm->notify_neighbor_rep(rrm->neighbor_rep_cb_ctx, NULL);
5622
5623	rrm->notify_neighbor_rep = NULL;
5624	rrm->neighbor_rep_cb_ctx = NULL;
5625	}
5626
5627
5628	/*
5629	* wpas_rrm_reset - Clear and reset all RRM data in wpa_supplicant
5630	* @wpa_s: Pointer to wpa_supplicant
5631	*/
5632	void wpas_rrm_reset(struct wpa_supplicant *wpa_s)
5633	{
5634	wpa_s->rrm.rrm_used = 0;
5635
5636	eloop_cancel_timeout(wpas_rrm_neighbor_rep_timeout_handler, &wpa_s->rrm,
5637	NULL);
5638	if (wpa_s->rrm.notify_neighbor_rep)
5639	wpas_rrm_neighbor_rep_timeout_handler(&wpa_s->rrm, NULL);
5640	wpa_s->rrm.next_neighbor_rep_token = 1;
5641	}
5642
5643
5644	/*
5645	* wpas_rrm_process_neighbor_rep - Handle incoming neighbor report
5646	* @wpa_s: Pointer to wpa_supplicant
5647	* @report: Neighbor report buffer, prefixed by a 1-byte dialog token
5648	* @report_len: Length of neighbor report buffer
5649	*/
5650	void wpas_rrm_process_neighbor_rep(struct wpa_supplicant *wpa_s,
5651	const u8 *report, size_t report_len)
5652	{
5653	struct wpabuf *neighbor_rep;
5654
5655	wpa_hexdump(MSG_DEBUG, "RRM: New Neighbor Report", report, report_len);
5656	if (report_len < 1)
5657	return;
5658
5659	if (report[0] != wpa_s->rrm.next_neighbor_rep_token - 1) {
5660	wpa_printf(MSG_DEBUG,
5661	"RRM: Discarding neighbor report with token %d (expected %d)",
5662	report[0], wpa_s->rrm.next_neighbor_rep_token - 1);
5663	return;
5664	}
5665
5666	eloop_cancel_timeout(wpas_rrm_neighbor_rep_timeout_handler, &wpa_s->rrm,
5667	NULL);
5668
5669	if (!wpa_s->rrm.notify_neighbor_rep) {
5670	wpa_printf(MSG_ERROR, "RRM: Unexpected neighbor report");
5671	return;
5672	}
5673
5674	/* skipping the first byte, which is only an id (dialog token) */
5675	neighbor_rep = wpabuf_alloc(report_len - 1);
5676	if (neighbor_rep == NULL)
5677	return;
5678	wpabuf_put_data(neighbor_rep, report + 1, report_len - 1);
5679	wpa_printf(MSG_DEBUG, "RRM: Notifying neighbor report (token = %d)",
5680	report[0]);
5681	wpa_s->rrm.notify_neighbor_rep(wpa_s->rrm.neighbor_rep_cb_ctx,
5682	neighbor_rep);
5683	wpa_s->rrm.notify_neighbor_rep = NULL;
5684	wpa_s->rrm.neighbor_rep_cb_ctx = NULL;
5685	}
5686
5687
5688	#if defined(__CYGWIN__) \|\| defined(CONFIG_NATIVE_WINDOWS)
5689	/* Workaround different, undefined for Windows, error codes used here */
5690	#define ENOTCONN -1
5691	#define EOPNOTSUPP -1
5692	#define ECANCELED -1
5693	#endif
5694
5695	/**
5696	* wpas_rrm_send_neighbor_rep_request - Request a neighbor report from our AP
5697	* @wpa_s: Pointer to wpa_supplicant
5698	* @ssid: if not null, this is sent in the request. Otherwise, no SSID IE
5699	* is sent in the request.
5700	* @cb: Callback function to be called once the requested report arrives, or
5701	* timed out after RRM_NEIGHBOR_REPORT_TIMEOUT seconds.
5702	* In the former case, 'neighbor_rep' is a newly allocated wpabuf, and it's
5703	* the requester's responsibility to free it.
5704	* In the latter case NULL will be sent in 'neighbor_rep'.
5705	* @cb_ctx: Context value to send the callback function
5706	* Returns: 0 in case of success, negative error code otherwise
5707	*
5708	* In case there is a previous request which has not been answered yet, the
5709	* new request fails. The caller may retry after RRM_NEIGHBOR_REPORT_TIMEOUT.
5710	* Request must contain a callback function.
5711	*/
5712	int wpas_rrm_send_neighbor_rep_request(struct wpa_supplicant *wpa_s,
5713	const struct wpa_ssid *ssid,
5714	void (cb)(void ctx,
5715	struct wpabuf *neighbor_rep),
5716	void *cb_ctx)
5717	{
5718	struct wpabuf *buf;
5719	const u8 *rrm_ie;
5720
5721	if (wpa_s->wpa_state != WPA_COMPLETED \|\| wpa_s->current_ssid == NULL) {
5722	wpa_printf(MSG_DEBUG, "RRM: No connection, no RRM.");
5723	return -ENOTCONN;
5724	}
5725
5726	if (!wpa_s->rrm.rrm_used) {
5727	wpa_printf(MSG_DEBUG, "RRM: No RRM in current connection.");
5728	return -EOPNOTSUPP;
5729	}
5730
5731	rrm_ie = wpa_bss_get_ie(wpa_s->current_bss,
5732	WLAN_EID_RRM_ENABLED_CAPABILITIES);
5733	if (!rrm_ie \|\| !(wpa_s->current_bss->caps & IEEE80211_CAP_RRM) \|\|
5734	!(rrm_ie[2] & WLAN_RRM_CAPS_NEIGHBOR_REPORT)) {
5735	wpa_printf(MSG_DEBUG,
5736	"RRM: No network support for Neighbor Report.");
5737	return -EOPNOTSUPP;
5738	}
5739
5740	if (!cb) {
5741	wpa_printf(MSG_DEBUG,
5742	"RRM: Neighbor Report request must provide a callback.");
5743	return -EINVAL;
5744	}
5745
5746	/* Refuse if there's a live request */
5747	if (wpa_s->rrm.notify_neighbor_rep) {
5748	wpa_printf(MSG_DEBUG,
5749	"RRM: Currently handling previous Neighbor Report.");
5750	return -EBUSY;
5751	}
5752
5753	/* 3 = action category + action code + dialog token */
5754	buf = wpabuf_alloc(3 + (ssid ? 2 + ssid->ssid_len : 0));
5755	if (buf == NULL) {
5756	wpa_printf(MSG_DEBUG,
5757	"RRM: Failed to allocate Neighbor Report Request");
5758	return -ENOMEM;
5759	}
5760
5761	wpa_printf(MSG_DEBUG, "RRM: Neighbor report request (for %s), token=%d",
5762	(ssid ? wpa_ssid_txt(ssid->ssid, ssid->ssid_len) : ""),
5763	wpa_s->rrm.next_neighbor_rep_token);
5764
5765	wpabuf_put_u8(buf, WLAN_ACTION_RADIO_MEASUREMENT);
5766	wpabuf_put_u8(buf, WLAN_RRM_NEIGHBOR_REPORT_REQUEST);
5767	wpabuf_put_u8(buf, wpa_s->rrm.next_neighbor_rep_token);
5768	if (ssid) {
5769	wpabuf_put_u8(buf, WLAN_EID_SSID);
5770	wpabuf_put_u8(buf, ssid->ssid_len);
5771	wpabuf_put_data(buf, ssid->ssid, ssid->ssid_len);
5772	}
5773
5774	wpa_s->rrm.next_neighbor_rep_token++;
5775
5776	if (wpa_drv_send_action(wpa_s, wpa_s->assoc_freq, 0, wpa_s->bssid,
5777	wpa_s->own_addr, wpa_s->bssid,
5778	wpabuf_head(buf), wpabuf_len(buf), 0) < 0) {
5779	wpa_printf(MSG_DEBUG,
5780	"RRM: Failed to send Neighbor Report Request");
5781	wpabuf_free(buf);
5782	return -ECANCELED;
5783	}
5784
5785	wpa_s->rrm.neighbor_rep_cb_ctx = cb_ctx;
5786	wpa_s->rrm.notify_neighbor_rep = cb;
5787	eloop_register_timeout(RRM_NEIGHBOR_REPORT_TIMEOUT, 0,
5788	wpas_rrm_neighbor_rep_timeout_handler,
5789	&wpa_s->rrm, NULL);
5790
5791	wpabuf_free(buf);
5792	return 0;
5793	}
5794
5795
5796	void wpas_rrm_handle_link_measurement_request(struct wpa_supplicant *wpa_s,
5797	const u8 *src,
5798	const u8 *frame, size_t len,
5799	int rssi)
5800	{
5801	struct wpabuf *buf;
5802	const struct rrm_link_measurement_request *req;
5803	struct rrm_link_measurement_report report;
5804
5805	if (wpa_s->wpa_state != WPA_COMPLETED) {
5806	wpa_printf(MSG_INFO,
5807	"RRM: Ignoring link measurement request. Not associated");
5808	return;
5809	}
5810
5811	if (!wpa_s->rrm.rrm_used) {
5812	wpa_printf(MSG_INFO,
5813	"RRM: Ignoring link measurement request. Not RRM network");
5814	return;
5815	}
5816
5817	if (!(wpa_s->drv_rrm_flags & WPA_DRIVER_FLAGS_TX_POWER_INSERTION)) {
5818	wpa_printf(MSG_INFO,
5819	"RRM: Measurement report failed. TX power insertion not supported");
5820	return;
5821	}
5822
5823	req = (const struct rrm_link_measurement_request *) frame;
5824	if (len < sizeof(*req)) {
5825	wpa_printf(MSG_INFO,
5826	"RRM: Link measurement report failed. Request too short");
5827	return;
5828	}
5829
5830	os_memset(&report, 0, sizeof(report));
5831	report.tpc.eid = WLAN_EID_TPC_REPORT;
5832	report.tpc.len = 2;
5833	report.rsni = 255; /* 255 indicates that RSNI is not available */
5834	report.dialog_token = req->dialog_token;
5835
5836	/*
5837	* It's possible to estimate RCPI based on RSSI in dBm. This
5838	* calculation will not reflect the correct value for high rates,
5839	* but it's good enough for Action frames which are transmitted
5840	* with up to 24 Mbps rates.
5841	*/
5842	if (!rssi)
5843	report.rcpi = 255; /* not available */
5844	else if (rssi < -110)
5845	report.rcpi = 0;
5846	else if (rssi > 0)
5847	report.rcpi = 220;
5848	else
5849	report.rcpi = (rssi + 110) * 2;
5850
5851	/* action_category + action_code */
5852	buf = wpabuf_alloc(2 + sizeof(report));
5853	if (buf == NULL) {
5854	wpa_printf(MSG_ERROR,
5855	"RRM: Link measurement report failed. Buffer allocation failed");
5856	return;
5857	}
5858
5859	wpabuf_put_u8(buf, WLAN_ACTION_RADIO_MEASUREMENT);
5860	wpabuf_put_u8(buf, WLAN_RRM_LINK_MEASUREMENT_REPORT);
5861	wpabuf_put_data(buf, &report, sizeof(report));
5862	wpa_hexdump(MSG_DEBUG, "RRM: Link measurement report:",
5863	wpabuf_head(buf), wpabuf_len(buf));
5864
5865	if (wpa_drv_send_action(wpa_s, wpa_s->assoc_freq, 0, src,
5866	wpa_s->own_addr, wpa_s->bssid,
5867	wpabuf_head(buf), wpabuf_len(buf), 0)) {
5868	wpa_printf(MSG_ERROR,
5869	"RRM: Link measurement report failed. Send action failed");
5870	}
5871	wpabuf_free(buf);
5872	}

Note: See TracBrowser for help on using the repository browser.

Download in other formats: