1 /*
2  * WPA Supplicant
3  * Copyright (c) 2003-2017, Jouni Malinen <j@w1.fi>
4  *
5  * This software may be distributed under the terms of the BSD license.
6  * See README for more details.
7  *
8  * This file implements functions for registering and unregistering
9  * %wpa_supplicant interfaces. In addition, this file contains number of
10  * functions for managing network connections.
11  */
12 
13 #include "includes.h"
14 #ifdef CONFIG_MATCH_IFACE
15 #include <net/if.h>
16 #include <fnmatch.h>
17 #endif /* CONFIG_MATCH_IFACE */
18 
19 #include "common.h"
20 #include "crypto/random.h"
21 #include "crypto/sha1.h"
22 #include "eapol_supp/eapol_supp_sm.h"
23 #include "eap_peer/eap.h"
24 #include "eap_peer/eap_proxy.h"
25 #include "eap_server/eap_methods.h"
26 #include "rsn_supp/wpa.h"
27 #include "eloop.h"
28 #include "config.h"
29 #include "utils/ext_password.h"
30 #include "l2_packet/l2_packet.h"
31 #include "wpa_supplicant_i.h"
32 #include "driver_i.h"
33 #include "ctrl_iface.h"
34 #include "pcsc_funcs.h"
35 #include "common/version.h"
36 #include "rsn_supp/preauth.h"
37 #include "rsn_supp/pmksa_cache.h"
38 #include "common/wpa_ctrl.h"
39 #include "common/ieee802_11_defs.h"
40 #include "common/hw_features_common.h"
41 #include "p2p/p2p.h"
42 #include "fst/fst.h"
43 #include "blacklist.h"
44 #include "wpas_glue.h"
45 #include "wps_supplicant.h"
46 #include "ibss_rsn.h"
47 #include "sme.h"
48 #include "gas_query.h"
49 #include "ap.h"
50 #include "p2p_supplicant.h"
51 #include "wifi_display.h"
52 #include "notify.h"
53 #include "bgscan.h"
54 #include "autoscan.h"
55 #include "bss.h"
56 #include "scan.h"
57 #include "offchannel.h"
58 #include "hs20_supplicant.h"
59 #include "wnm_sta.h"
60 #include "wpas_kay.h"
61 #include "mesh.h"
62 
63 const char *const wpa_supplicant_version =
64 "wpa_supplicant v" VERSION_STR "\n"
65 "Copyright (c) 2003-2017, Jouni Malinen <j@w1.fi> and contributors";
66 
67 const char *const wpa_supplicant_license =
68 "This software may be distributed under the terms of the BSD license.\n"
69 "See README for more details.\n"
70 #ifdef EAP_TLS_OPENSSL
71 "\nThis product includes software developed by the OpenSSL Project\n"
72 "for use in the OpenSSL Toolkit (http://www.openssl.org/)\n"
73 #endif /* EAP_TLS_OPENSSL */
74 ;
75 
76 #ifndef CONFIG_NO_STDOUT_DEBUG
77 /* Long text divided into parts in order to fit in C89 strings size limits. */
78 const char *const wpa_supplicant_full_license1 =
79 "";
80 const char *const wpa_supplicant_full_license2 =
81 "This software may be distributed under the terms of the BSD license.\n"
82 "\n"
83 "Redistribution and use in source and binary forms, with or without\n"
84 "modification, are permitted provided that the following conditions are\n"
85 "met:\n"
86 "\n";
87 const char *const wpa_supplicant_full_license3 =
88 "1. Redistributions of source code must retain the above copyright\n"
89 "   notice, this list of conditions and the following disclaimer.\n"
90 "\n"
91 "2. Redistributions in binary form must reproduce the above copyright\n"
92 "   notice, this list of conditions and the following disclaimer in the\n"
93 "   documentation and/or other materials provided with the distribution.\n"
94 "\n";
95 const char *const wpa_supplicant_full_license4 =
96 "3. Neither the name(s) of the above-listed copyright holder(s) nor the\n"
97 "   names of its contributors may be used to endorse or promote products\n"
98 "   derived from this software without specific prior written permission.\n"
99 "\n"
100 "THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS\n"
101 "\"AS IS\" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT\n"
102 "LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR\n"
103 "A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT\n";
104 const char *const wpa_supplicant_full_license5 =
105 "OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,\n"
106 "SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT\n"
107 "LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,\n"
108 "DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY\n"
109 "THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT\n"
110 "(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE\n"
111 "OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n"
112 "\n";
113 #endif /* CONFIG_NO_STDOUT_DEBUG */
114 
115 /* Configure default/group WEP keys for static WEP */
wpa_set_wep_keys(struct wpa_supplicant * wpa_s,struct wpa_ssid * ssid)116 int wpa_set_wep_keys(struct wpa_supplicant *wpa_s, struct wpa_ssid *ssid)
117 {
118 	int i, set = 0;
119 
120 	for (i = 0; i < NUM_WEP_KEYS; i++) {
121 		if (ssid->wep_key_len[i] == 0)
122 			continue;
123 
124 		set = 1;
125 		wpa_drv_set_key(wpa_s, WPA_ALG_WEP, NULL,
126 				i, i == ssid->wep_tx_keyidx, NULL, 0,
127 				ssid->wep_key[i], ssid->wep_key_len[i]);
128 	}
129 
130 	return set;
131 }
132 
133 
wpa_supplicant_set_wpa_none_key(struct wpa_supplicant * wpa_s,struct wpa_ssid * ssid)134 int wpa_supplicant_set_wpa_none_key(struct wpa_supplicant *wpa_s,
135 				    struct wpa_ssid *ssid)
136 {
137 	u8 key[32];
138 	size_t keylen;
139 	enum wpa_alg alg;
140 	u8 seq[6] = { 0 };
141 	int ret;
142 
143 	/* IBSS/WPA-None uses only one key (Group) for both receiving and
144 	 * sending unicast and multicast packets. */
145 
146 	if (ssid->mode != WPAS_MODE_IBSS) {
147 		wpa_msg(wpa_s, MSG_INFO, "WPA: Invalid mode %d (not "
148 			"IBSS/ad-hoc) for WPA-None", ssid->mode);
149 		return -1;
150 	}
151 
152 	if (!ssid->psk_set) {
153 		wpa_msg(wpa_s, MSG_INFO, "WPA: No PSK configured for "
154 			"WPA-None");
155 		return -1;
156 	}
157 
158 	switch (wpa_s->group_cipher) {
159 	case WPA_CIPHER_CCMP:
160 		os_memcpy(key, ssid->psk, 16);
161 		keylen = 16;
162 		alg = WPA_ALG_CCMP;
163 		break;
164 	case WPA_CIPHER_GCMP:
165 		os_memcpy(key, ssid->psk, 16);
166 		keylen = 16;
167 		alg = WPA_ALG_GCMP;
168 		break;
169 	case WPA_CIPHER_TKIP:
170 		/* WPA-None uses the same Michael MIC key for both TX and RX */
171 		os_memcpy(key, ssid->psk, 16 + 8);
172 		os_memcpy(key + 16 + 8, ssid->psk + 16, 8);
173 		keylen = 32;
174 		alg = WPA_ALG_TKIP;
175 		break;
176 	default:
177 		wpa_msg(wpa_s, MSG_INFO, "WPA: Invalid group cipher %d for "
178 			"WPA-None", wpa_s->group_cipher);
179 		return -1;
180 	}
181 
182 	/* TODO: should actually remember the previously used seq#, both for TX
183 	 * and RX from each STA.. */
184 
185 	ret = wpa_drv_set_key(wpa_s, alg, NULL, 0, 1, seq, 6, key, keylen);
186 	os_memset(key, 0, sizeof(key));
187 	return ret;
188 }
189 
190 
wpa_supplicant_timeout(void * eloop_ctx,void * timeout_ctx)191 static void wpa_supplicant_timeout(void *eloop_ctx, void *timeout_ctx)
192 {
193 	struct wpa_supplicant *wpa_s = eloop_ctx;
194 	const u8 *bssid = wpa_s->bssid;
195 	if (!is_zero_ether_addr(wpa_s->pending_bssid) &&
196 	    (wpa_s->wpa_state == WPA_AUTHENTICATING ||
197 	     wpa_s->wpa_state == WPA_ASSOCIATING))
198 		bssid = wpa_s->pending_bssid;
199 	wpa_msg(wpa_s, MSG_INFO, "Authentication with " MACSTR " timed out.",
200 		MAC2STR(bssid));
201 	wpa_blacklist_add(wpa_s, bssid);
202 	wpa_sm_notify_disassoc(wpa_s->wpa);
203 	wpa_supplicant_deauthenticate(wpa_s, WLAN_REASON_DEAUTH_LEAVING);
204 	wpa_s->reassociate = 1;
205 	wpas_notify_auth_timeout(wpa_s);
206 
207 	/*
208 	 * If we timed out, the AP or the local radio may be busy.
209 	 * So, wait a second until scanning again.
210 	 */
211 	wpa_supplicant_req_scan(wpa_s, 1, 0);
212 }
213 
214 
215 /**
216  * wpa_supplicant_req_auth_timeout - Schedule a timeout for authentication
217  * @wpa_s: Pointer to wpa_supplicant data
218  * @sec: Number of seconds after which to time out authentication
219  * @usec: Number of microseconds after which to time out authentication
220  *
221  * This function is used to schedule a timeout for the current authentication
222  * attempt.
223  */
wpa_supplicant_req_auth_timeout(struct wpa_supplicant * wpa_s,int sec,int usec)224 void wpa_supplicant_req_auth_timeout(struct wpa_supplicant *wpa_s,
225 				     int sec, int usec)
226 {
227 	if (wpa_s->conf->ap_scan == 0 &&
228 	    (wpa_s->drv_flags & WPA_DRIVER_FLAGS_WIRED))
229 		return;
230 
231 	wpa_dbg(wpa_s, MSG_DEBUG, "Setting authentication timeout: %d sec "
232 		"%d usec", sec, usec);
233 	eloop_cancel_timeout(wpa_supplicant_timeout, wpa_s, NULL);
234 	eloop_register_timeout(sec, usec, wpa_supplicant_timeout, wpa_s, NULL);
235 }
236 
237 
238 /**
239  * wpa_supplicant_cancel_auth_timeout - Cancel authentication timeout
240  * @wpa_s: Pointer to wpa_supplicant data
241  *
242  * This function is used to cancel authentication timeout scheduled with
243  * wpa_supplicant_req_auth_timeout() and it is called when authentication has
244  * been completed.
245  */
wpa_supplicant_cancel_auth_timeout(struct wpa_supplicant * wpa_s)246 void wpa_supplicant_cancel_auth_timeout(struct wpa_supplicant *wpa_s)
247 {
248 	wpa_dbg(wpa_s, MSG_DEBUG, "Cancelling authentication timeout");
249 	eloop_cancel_timeout(wpa_supplicant_timeout, wpa_s, NULL);
250 	wpa_blacklist_del(wpa_s, wpa_s->bssid);
251 }
252 
253 
254 /**
255  * wpa_supplicant_initiate_eapol - Configure EAPOL state machine
256  * @wpa_s: Pointer to wpa_supplicant data
257  *
258  * This function is used to configure EAPOL state machine based on the selected
259  * authentication mode.
260  */
wpa_supplicant_initiate_eapol(struct wpa_supplicant * wpa_s)261 void wpa_supplicant_initiate_eapol(struct wpa_supplicant *wpa_s)
262 {
263 #ifdef IEEE8021X_EAPOL
264 	struct eapol_config eapol_conf;
265 	struct wpa_ssid *ssid = wpa_s->current_ssid;
266 
267 #ifdef CONFIG_IBSS_RSN
268 	if (ssid->mode == WPAS_MODE_IBSS &&
269 	    wpa_s->key_mgmt != WPA_KEY_MGMT_NONE &&
270 	    wpa_s->key_mgmt != WPA_KEY_MGMT_WPA_NONE) {
271 		/*
272 		 * RSN IBSS authentication is per-STA and we can disable the
273 		 * per-BSSID EAPOL authentication.
274 		 */
275 		eapol_sm_notify_portControl(wpa_s->eapol, ForceAuthorized);
276 		eapol_sm_notify_eap_success(wpa_s->eapol, TRUE);
277 		eapol_sm_notify_eap_fail(wpa_s->eapol, FALSE);
278 		return;
279 	}
280 #endif /* CONFIG_IBSS_RSN */
281 
282 	eapol_sm_notify_eap_success(wpa_s->eapol, FALSE);
283 	eapol_sm_notify_eap_fail(wpa_s->eapol, FALSE);
284 
285 	if (wpa_s->key_mgmt == WPA_KEY_MGMT_NONE ||
286 	    wpa_s->key_mgmt == WPA_KEY_MGMT_WPA_NONE)
287 		eapol_sm_notify_portControl(wpa_s->eapol, ForceAuthorized);
288 	else
289 		eapol_sm_notify_portControl(wpa_s->eapol, Auto);
290 
291 	os_memset(&eapol_conf, 0, sizeof(eapol_conf));
292 	if (wpa_s->key_mgmt == WPA_KEY_MGMT_IEEE8021X_NO_WPA) {
293 		eapol_conf.accept_802_1x_keys = 1;
294 		eapol_conf.required_keys = 0;
295 		if (ssid->eapol_flags & EAPOL_FLAG_REQUIRE_KEY_UNICAST) {
296 			eapol_conf.required_keys |= EAPOL_REQUIRE_KEY_UNICAST;
297 		}
298 		if (ssid->eapol_flags & EAPOL_FLAG_REQUIRE_KEY_BROADCAST) {
299 			eapol_conf.required_keys |=
300 				EAPOL_REQUIRE_KEY_BROADCAST;
301 		}
302 
303 		if (wpa_s->drv_flags & WPA_DRIVER_FLAGS_WIRED)
304 			eapol_conf.required_keys = 0;
305 	}
306 	eapol_conf.fast_reauth = wpa_s->conf->fast_reauth;
307 	eapol_conf.workaround = ssid->eap_workaround;
308 	eapol_conf.eap_disabled =
309 		!wpa_key_mgmt_wpa_ieee8021x(wpa_s->key_mgmt) &&
310 		wpa_s->key_mgmt != WPA_KEY_MGMT_IEEE8021X_NO_WPA &&
311 		wpa_s->key_mgmt != WPA_KEY_MGMT_WPS;
312 	eapol_conf.external_sim = wpa_s->conf->external_sim;
313 
314 #ifdef CONFIG_WPS
315 	if (wpa_s->key_mgmt == WPA_KEY_MGMT_WPS) {
316 		eapol_conf.wps |= EAPOL_LOCAL_WPS_IN_USE;
317 		if (wpa_s->current_bss) {
318 			struct wpabuf *ie;
319 			ie = wpa_bss_get_vendor_ie_multi(wpa_s->current_bss,
320 							 WPS_IE_VENDOR_TYPE);
321 			if (ie) {
322 				if (wps_is_20(ie))
323 					eapol_conf.wps |=
324 						EAPOL_PEER_IS_WPS20_AP;
325 				wpabuf_free(ie);
326 			}
327 		}
328 	}
329 #endif /* CONFIG_WPS */
330 
331 	eapol_sm_notify_config(wpa_s->eapol, &ssid->eap, &eapol_conf);
332 
333 #ifdef CONFIG_MACSEC
334 	if (wpa_s->key_mgmt == WPA_KEY_MGMT_NONE && ssid->mka_psk_set)
335 		ieee802_1x_create_preshared_mka(wpa_s, ssid);
336 	else
337 		ieee802_1x_alloc_kay_sm(wpa_s, ssid);
338 #endif /* CONFIG_MACSEC */
339 #endif /* IEEE8021X_EAPOL */
340 }
341 
342 
343 /**
344  * wpa_supplicant_set_non_wpa_policy - Set WPA parameters to non-WPA mode
345  * @wpa_s: Pointer to wpa_supplicant data
346  * @ssid: Configuration data for the network
347  *
348  * This function is used to configure WPA state machine and related parameters
349  * to a mode where WPA is not enabled. This is called as part of the
350  * authentication configuration when the selected network does not use WPA.
351  */
wpa_supplicant_set_non_wpa_policy(struct wpa_supplicant * wpa_s,struct wpa_ssid * ssid)352 void wpa_supplicant_set_non_wpa_policy(struct wpa_supplicant *wpa_s,
353 				       struct wpa_ssid *ssid)
354 {
355 	int i;
356 
357 	if (ssid->key_mgmt & WPA_KEY_MGMT_WPS)
358 		wpa_s->key_mgmt = WPA_KEY_MGMT_WPS;
359 	else if (ssid->key_mgmt & WPA_KEY_MGMT_IEEE8021X_NO_WPA)
360 		wpa_s->key_mgmt = WPA_KEY_MGMT_IEEE8021X_NO_WPA;
361 	else
362 		wpa_s->key_mgmt = WPA_KEY_MGMT_NONE;
363 	wpa_sm_set_ap_wpa_ie(wpa_s->wpa, NULL, 0);
364 	wpa_sm_set_ap_rsn_ie(wpa_s->wpa, NULL, 0);
365 	wpa_sm_set_assoc_wpa_ie(wpa_s->wpa, NULL, 0);
366 	wpa_s->pairwise_cipher = WPA_CIPHER_NONE;
367 	wpa_s->group_cipher = WPA_CIPHER_NONE;
368 	wpa_s->mgmt_group_cipher = 0;
369 
370 	for (i = 0; i < NUM_WEP_KEYS; i++) {
371 		if (ssid->wep_key_len[i] > 5) {
372 			wpa_s->pairwise_cipher = WPA_CIPHER_WEP104;
373 			wpa_s->group_cipher = WPA_CIPHER_WEP104;
374 			break;
375 		} else if (ssid->wep_key_len[i] > 0) {
376 			wpa_s->pairwise_cipher = WPA_CIPHER_WEP40;
377 			wpa_s->group_cipher = WPA_CIPHER_WEP40;
378 			break;
379 		}
380 	}
381 
382 	wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_RSN_ENABLED, 0);
383 	wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_KEY_MGMT, wpa_s->key_mgmt);
384 	wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_PAIRWISE,
385 			 wpa_s->pairwise_cipher);
386 	wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_GROUP, wpa_s->group_cipher);
387 #ifdef CONFIG_IEEE80211W
388 	wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_MGMT_GROUP,
389 			 wpa_s->mgmt_group_cipher);
390 #endif /* CONFIG_IEEE80211W */
391 
392 	pmksa_cache_clear_current(wpa_s->wpa);
393 }
394 
395 
free_hw_features(struct wpa_supplicant * wpa_s)396 void free_hw_features(struct wpa_supplicant *wpa_s)
397 {
398 	int i;
399 	if (wpa_s->hw.modes == NULL)
400 		return;
401 
402 	for (i = 0; i < wpa_s->hw.num_modes; i++) {
403 		os_free(wpa_s->hw.modes[i].channels);
404 		os_free(wpa_s->hw.modes[i].rates);
405 	}
406 
407 	os_free(wpa_s->hw.modes);
408 	wpa_s->hw.modes = NULL;
409 }
410 
411 
free_bss_tmp_disallowed(struct wpa_supplicant * wpa_s)412 static void free_bss_tmp_disallowed(struct wpa_supplicant *wpa_s)
413 {
414 	struct wpa_bss_tmp_disallowed *bss, *prev;
415 
416 	dl_list_for_each_safe(bss, prev, &wpa_s->bss_tmp_disallowed,
417 			      struct wpa_bss_tmp_disallowed, list) {
418 		dl_list_del(&bss->list);
419 		os_free(bss);
420 	}
421 }
422 
423 
wpas_flush_fils_hlp_req(struct wpa_supplicant * wpa_s)424 void wpas_flush_fils_hlp_req(struct wpa_supplicant *wpa_s)
425 {
426 	struct fils_hlp_req *req;
427 
428 	while ((req = dl_list_first(&wpa_s->fils_hlp_req, struct fils_hlp_req,
429 				    list)) != NULL) {
430 		dl_list_del(&req->list);
431 		wpabuf_free(req->pkt);
432 		os_free(req);
433 	}
434 }
435 
436 
wpa_supplicant_cleanup(struct wpa_supplicant * wpa_s)437 static void wpa_supplicant_cleanup(struct wpa_supplicant *wpa_s)
438 {
439 	int i;
440 
441 	bgscan_deinit(wpa_s);
442 	autoscan_deinit(wpa_s);
443 	scard_deinit(wpa_s->scard);
444 	wpa_s->scard = NULL;
445 	wpa_sm_set_scard_ctx(wpa_s->wpa, NULL);
446 	eapol_sm_register_scard_ctx(wpa_s->eapol, NULL);
447 	l2_packet_deinit(wpa_s->l2);
448 	wpa_s->l2 = NULL;
449 	if (wpa_s->l2_br) {
450 		l2_packet_deinit(wpa_s->l2_br);
451 		wpa_s->l2_br = NULL;
452 	}
453 #ifdef CONFIG_TESTING_OPTIONS
454 	l2_packet_deinit(wpa_s->l2_test);
455 	wpa_s->l2_test = NULL;
456 	os_free(wpa_s->get_pref_freq_list_override);
457 	wpa_s->get_pref_freq_list_override = NULL;
458 #endif /* CONFIG_TESTING_OPTIONS */
459 
460 	if (wpa_s->conf != NULL) {
461 		struct wpa_ssid *ssid;
462 		for (ssid = wpa_s->conf->ssid; ssid; ssid = ssid->next)
463 			wpas_notify_network_removed(wpa_s, ssid);
464 	}
465 
466 	os_free(wpa_s->confname);
467 	wpa_s->confname = NULL;
468 
469 	os_free(wpa_s->confanother);
470 	wpa_s->confanother = NULL;
471 
472 	wpa_sm_set_eapol(wpa_s->wpa, NULL);
473 	eapol_sm_deinit(wpa_s->eapol);
474 	wpa_s->eapol = NULL;
475 
476 	rsn_preauth_deinit(wpa_s->wpa);
477 
478 #ifdef CONFIG_TDLS
479 	wpa_tdls_deinit(wpa_s->wpa);
480 #endif /* CONFIG_TDLS */
481 
482 	wmm_ac_clear_saved_tspecs(wpa_s);
483 	pmksa_candidate_free(wpa_s->wpa);
484 	wpa_sm_deinit(wpa_s->wpa);
485 	wpa_s->wpa = NULL;
486 	wpa_blacklist_clear(wpa_s);
487 
488 	wpa_bss_deinit(wpa_s);
489 
490 	wpa_supplicant_cancel_delayed_sched_scan(wpa_s);
491 	wpa_supplicant_cancel_scan(wpa_s);
492 	wpa_supplicant_cancel_auth_timeout(wpa_s);
493 	eloop_cancel_timeout(wpa_supplicant_stop_countermeasures, wpa_s, NULL);
494 #ifdef CONFIG_DELAYED_MIC_ERROR_REPORT
495 	eloop_cancel_timeout(wpa_supplicant_delayed_mic_error_report,
496 			     wpa_s, NULL);
497 #endif /* CONFIG_DELAYED_MIC_ERROR_REPORT */
498 
499 	eloop_cancel_timeout(wpas_network_reenabled, wpa_s, NULL);
500 
501 	wpas_wps_deinit(wpa_s);
502 
503 	wpabuf_free(wpa_s->pending_eapol_rx);
504 	wpa_s->pending_eapol_rx = NULL;
505 
506 #ifdef CONFIG_IBSS_RSN
507 	ibss_rsn_deinit(wpa_s->ibss_rsn);
508 	wpa_s->ibss_rsn = NULL;
509 #endif /* CONFIG_IBSS_RSN */
510 
511 	sme_deinit(wpa_s);
512 
513 #ifdef CONFIG_AP
514 	wpa_supplicant_ap_deinit(wpa_s);
515 #endif /* CONFIG_AP */
516 
517 	wpas_p2p_deinit(wpa_s);
518 
519 #ifdef CONFIG_OFFCHANNEL
520 	offchannel_deinit(wpa_s);
521 #endif /* CONFIG_OFFCHANNEL */
522 
523 	wpa_supplicant_cancel_sched_scan(wpa_s);
524 
525 	os_free(wpa_s->next_scan_freqs);
526 	wpa_s->next_scan_freqs = NULL;
527 
528 	os_free(wpa_s->manual_scan_freqs);
529 	wpa_s->manual_scan_freqs = NULL;
530 
531 	os_free(wpa_s->manual_sched_scan_freqs);
532 	wpa_s->manual_sched_scan_freqs = NULL;
533 
534 	wpas_mac_addr_rand_scan_clear(wpa_s, MAC_ADDR_RAND_ALL);
535 
536 	/*
537 	 * Need to remove any pending gas-query radio work before the
538 	 * gas_query_deinit() call because gas_query::work has not yet been set
539 	 * for works that have not been started. gas_query_free() will be unable
540 	 * to cancel such pending radio works and once the pending gas-query
541 	 * radio work eventually gets removed, the deinit notification call to
542 	 * gas_query_start_cb() would result in dereferencing freed memory.
543 	 */
544 	if (wpa_s->radio)
545 		radio_remove_works(wpa_s, "gas-query", 0);
546 	gas_query_deinit(wpa_s->gas);
547 	wpa_s->gas = NULL;
548 
549 	free_hw_features(wpa_s);
550 
551 	ieee802_1x_dealloc_kay_sm(wpa_s);
552 
553 	os_free(wpa_s->bssid_filter);
554 	wpa_s->bssid_filter = NULL;
555 
556 	os_free(wpa_s->disallow_aps_bssid);
557 	wpa_s->disallow_aps_bssid = NULL;
558 	os_free(wpa_s->disallow_aps_ssid);
559 	wpa_s->disallow_aps_ssid = NULL;
560 
561 	wnm_bss_keep_alive_deinit(wpa_s);
562 #ifdef CONFIG_WNM
563 	wnm_deallocate_memory(wpa_s);
564 #endif /* CONFIG_WNM */
565 
566 	ext_password_deinit(wpa_s->ext_pw);
567 	wpa_s->ext_pw = NULL;
568 
569 	wpabuf_free(wpa_s->last_gas_resp);
570 	wpa_s->last_gas_resp = NULL;
571 	wpabuf_free(wpa_s->prev_gas_resp);
572 	wpa_s->prev_gas_resp = NULL;
573 
574 	os_free(wpa_s->last_scan_res);
575 	wpa_s->last_scan_res = NULL;
576 
577 #ifdef CONFIG_HS20
578 	if (wpa_s->drv_priv)
579 		wpa_drv_configure_frame_filters(wpa_s, 0);
580 	hs20_deinit(wpa_s);
581 #endif /* CONFIG_HS20 */
582 
583 	for (i = 0; i < NUM_VENDOR_ELEM_FRAMES; i++) {
584 		wpabuf_free(wpa_s->vendor_elem[i]);
585 		wpa_s->vendor_elem[i] = NULL;
586 	}
587 
588 	wmm_ac_notify_disassoc(wpa_s);
589 
590 	wpa_s->sched_scan_plans_num = 0;
591 	os_free(wpa_s->sched_scan_plans);
592 	wpa_s->sched_scan_plans = NULL;
593 
594 #ifdef CONFIG_MBO
595 	wpa_s->non_pref_chan_num = 0;
596 	os_free(wpa_s->non_pref_chan);
597 	wpa_s->non_pref_chan = NULL;
598 #endif /* CONFIG_MBO */
599 
600 	free_bss_tmp_disallowed(wpa_s);
601 
602 	wpabuf_free(wpa_s->lci);
603 	wpa_s->lci = NULL;
604 	wpas_clear_beacon_rep_data(wpa_s);
605 
606 #ifdef CONFIG_PMKSA_CACHE_EXTERNAL
607 #ifdef CONFIG_MESH
608 	{
609 		struct external_pmksa_cache *entry;
610 
611 		while ((entry = dl_list_last(&wpa_s->mesh_external_pmksa_cache,
612 					     struct external_pmksa_cache,
613 					     list)) != NULL) {
614 			dl_list_del(&entry->list);
615 			os_free(entry->pmksa_cache);
616 			os_free(entry);
617 		}
618 	}
619 #endif /* CONFIG_MESH */
620 #endif /* CONFIG_PMKSA_CACHE_EXTERNAL */
621 
622 	wpas_flush_fils_hlp_req(wpa_s);
623 
624 	wpabuf_free(wpa_s->ric_ies);
625 	wpa_s->ric_ies = NULL;
626 }
627 
628 
629 /**
630  * wpa_clear_keys - Clear keys configured for the driver
631  * @wpa_s: Pointer to wpa_supplicant data
632  * @addr: Previously used BSSID or %NULL if not available
633  *
634  * This function clears the encryption keys that has been previously configured
635  * for the driver.
636  */
wpa_clear_keys(struct wpa_supplicant * wpa_s,const u8 * addr)637 void wpa_clear_keys(struct wpa_supplicant *wpa_s, const u8 *addr)
638 {
639 	int i, max;
640 
641 #ifdef CONFIG_IEEE80211W
642 	max = 6;
643 #else /* CONFIG_IEEE80211W */
644 	max = 4;
645 #endif /* CONFIG_IEEE80211W */
646 
647 	/* MLME-DELETEKEYS.request */
648 	for (i = 0; i < max; i++) {
649 		if (wpa_s->keys_cleared & BIT(i))
650 			continue;
651 		wpa_drv_set_key(wpa_s, WPA_ALG_NONE, NULL, i, 0, NULL, 0,
652 				NULL, 0);
653 	}
654 	if (!(wpa_s->keys_cleared & BIT(0)) && addr &&
655 	    !is_zero_ether_addr(addr)) {
656 		wpa_drv_set_key(wpa_s, WPA_ALG_NONE, addr, 0, 0, NULL, 0, NULL,
657 				0);
658 		/* MLME-SETPROTECTION.request(None) */
659 		wpa_drv_mlme_setprotection(
660 			wpa_s, addr,
661 			MLME_SETPROTECTION_PROTECT_TYPE_NONE,
662 			MLME_SETPROTECTION_KEY_TYPE_PAIRWISE);
663 	}
664 	wpa_s->keys_cleared = (u32) -1;
665 }
666 
667 
668 /**
669  * wpa_supplicant_state_txt - Get the connection state name as a text string
670  * @state: State (wpa_state; WPA_*)
671  * Returns: The state name as a printable text string
672  */
wpa_supplicant_state_txt(enum wpa_states state)673 const char * wpa_supplicant_state_txt(enum wpa_states state)
674 {
675 	switch (state) {
676 	case WPA_DISCONNECTED:
677 		return "DISCONNECTED";
678 	case WPA_INACTIVE:
679 		return "INACTIVE";
680 	case WPA_INTERFACE_DISABLED:
681 		return "INTERFACE_DISABLED";
682 	case WPA_SCANNING:
683 		return "SCANNING";
684 	case WPA_AUTHENTICATING:
685 		return "AUTHENTICATING";
686 	case WPA_ASSOCIATING:
687 		return "ASSOCIATING";
688 	case WPA_ASSOCIATED:
689 		return "ASSOCIATED";
690 	case WPA_4WAY_HANDSHAKE:
691 		return "4WAY_HANDSHAKE";
692 	case WPA_GROUP_HANDSHAKE:
693 		return "GROUP_HANDSHAKE";
694 	case WPA_COMPLETED:
695 		return "COMPLETED";
696 	default:
697 		return "UNKNOWN";
698 	}
699 }
700 
701 
702 #ifdef CONFIG_BGSCAN
703 
wpa_supplicant_start_bgscan(struct wpa_supplicant * wpa_s)704 static void wpa_supplicant_start_bgscan(struct wpa_supplicant *wpa_s)
705 {
706 	const char *name;
707 
708 	if (wpa_s->current_ssid && wpa_s->current_ssid->bgscan)
709 		name = wpa_s->current_ssid->bgscan;
710 	else
711 		name = wpa_s->conf->bgscan;
712 	if (name == NULL || name[0] == '\0')
713 		return;
714 	if (wpas_driver_bss_selection(wpa_s))
715 		return;
716 	if (wpa_s->current_ssid == wpa_s->bgscan_ssid)
717 		return;
718 #ifdef CONFIG_P2P
719 	if (wpa_s->p2p_group_interface != NOT_P2P_GROUP_INTERFACE)
720 		return;
721 #endif /* CONFIG_P2P */
722 
723 	bgscan_deinit(wpa_s);
724 	if (wpa_s->current_ssid) {
725 		if (bgscan_init(wpa_s, wpa_s->current_ssid, name)) {
726 			wpa_dbg(wpa_s, MSG_DEBUG, "Failed to initialize "
727 				"bgscan");
728 			/*
729 			 * Live without bgscan; it is only used as a roaming
730 			 * optimization, so the initial connection is not
731 			 * affected.
732 			 */
733 		} else {
734 			struct wpa_scan_results *scan_res;
735 			wpa_s->bgscan_ssid = wpa_s->current_ssid;
736 			scan_res = wpa_supplicant_get_scan_results(wpa_s, NULL,
737 								   0);
738 			if (scan_res) {
739 				bgscan_notify_scan(wpa_s, scan_res);
740 				wpa_scan_results_free(scan_res);
741 			}
742 		}
743 	} else
744 		wpa_s->bgscan_ssid = NULL;
745 }
746 
747 
wpa_supplicant_stop_bgscan(struct wpa_supplicant * wpa_s)748 static void wpa_supplicant_stop_bgscan(struct wpa_supplicant *wpa_s)
749 {
750 	if (wpa_s->bgscan_ssid != NULL) {
751 		bgscan_deinit(wpa_s);
752 		wpa_s->bgscan_ssid = NULL;
753 	}
754 }
755 
756 #endif /* CONFIG_BGSCAN */
757 
758 
wpa_supplicant_start_autoscan(struct wpa_supplicant * wpa_s)759 static void wpa_supplicant_start_autoscan(struct wpa_supplicant *wpa_s)
760 {
761 	if (autoscan_init(wpa_s, 0))
762 		wpa_dbg(wpa_s, MSG_DEBUG, "Failed to initialize autoscan");
763 }
764 
765 
wpa_supplicant_stop_autoscan(struct wpa_supplicant * wpa_s)766 static void wpa_supplicant_stop_autoscan(struct wpa_supplicant *wpa_s)
767 {
768 	autoscan_deinit(wpa_s);
769 }
770 
771 
wpa_supplicant_reinit_autoscan(struct wpa_supplicant * wpa_s)772 void wpa_supplicant_reinit_autoscan(struct wpa_supplicant *wpa_s)
773 {
774 	if (wpa_s->wpa_state == WPA_DISCONNECTED ||
775 	    wpa_s->wpa_state == WPA_SCANNING) {
776 		autoscan_deinit(wpa_s);
777 		wpa_supplicant_start_autoscan(wpa_s);
778 	}
779 }
780 
781 
782 /**
783  * wpa_supplicant_set_state - Set current connection state
784  * @wpa_s: Pointer to wpa_supplicant data
785  * @state: The new connection state
786  *
787  * This function is called whenever the connection state changes, e.g.,
788  * association is completed for WPA/WPA2 4-Way Handshake is started.
789  */
wpa_supplicant_set_state(struct wpa_supplicant * wpa_s,enum wpa_states state)790 void wpa_supplicant_set_state(struct wpa_supplicant *wpa_s,
791 			      enum wpa_states state)
792 {
793 	enum wpa_states old_state = wpa_s->wpa_state;
794 
795 	wpa_dbg(wpa_s, MSG_DEBUG, "State: %s -> %s",
796 		wpa_supplicant_state_txt(wpa_s->wpa_state),
797 		wpa_supplicant_state_txt(state));
798 
799 	if (state == WPA_INTERFACE_DISABLED) {
800 		/* Assure normal scan when interface is restored */
801 		wpa_s->normal_scans = 0;
802 	}
803 
804 	if (state == WPA_COMPLETED) {
805 		wpas_connect_work_done(wpa_s);
806 		/* Reinitialize normal_scan counter */
807 		wpa_s->normal_scans = 0;
808 	}
809 
810 #ifdef CONFIG_P2P
811 	/*
812 	 * P2PS client has to reply to Probe Request frames received on the
813 	 * group operating channel. Enable Probe Request frame reporting for
814 	 * P2P connected client in case p2p_cli_probe configuration property is
815 	 * set to 1.
816 	 */
817 	if (wpa_s->conf->p2p_cli_probe && wpa_s->current_ssid &&
818 	    wpa_s->current_ssid->mode == WPAS_MODE_INFRA &&
819 	    wpa_s->current_ssid->p2p_group) {
820 		if (state == WPA_COMPLETED && !wpa_s->p2p_cli_probe) {
821 			wpa_dbg(wpa_s, MSG_DEBUG,
822 				"P2P: Enable CLI Probe Request RX reporting");
823 			wpa_s->p2p_cli_probe =
824 				wpa_drv_probe_req_report(wpa_s, 1) >= 0;
825 		} else if (state != WPA_COMPLETED && wpa_s->p2p_cli_probe) {
826 			wpa_dbg(wpa_s, MSG_DEBUG,
827 				"P2P: Disable CLI Probe Request RX reporting");
828 			wpa_s->p2p_cli_probe = 0;
829 			wpa_drv_probe_req_report(wpa_s, 0);
830 		}
831 	}
832 #endif /* CONFIG_P2P */
833 
834 	if (state != WPA_SCANNING)
835 		wpa_supplicant_notify_scanning(wpa_s, 0);
836 
837 	if (state == WPA_COMPLETED && wpa_s->new_connection) {
838 		struct wpa_ssid *ssid = wpa_s->current_ssid;
839 #if defined(CONFIG_CTRL_IFACE) || !defined(CONFIG_NO_STDOUT_DEBUG)
840 		wpa_msg(wpa_s, MSG_INFO, WPA_EVENT_CONNECTED "- Connection to "
841 			MACSTR " completed [id=%d id_str=%s]",
842 			MAC2STR(wpa_s->bssid),
843 			ssid ? ssid->id : -1,
844 			ssid && ssid->id_str ? ssid->id_str : "");
845 #endif /* CONFIG_CTRL_IFACE || !CONFIG_NO_STDOUT_DEBUG */
846 		wpas_clear_temp_disabled(wpa_s, ssid, 1);
847 		wpa_blacklist_clear(wpa_s);
848 		wpa_s->extra_blacklist_count = 0;
849 		wpa_s->new_connection = 0;
850 		wpa_drv_set_operstate(wpa_s, 1);
851 #ifndef IEEE8021X_EAPOL
852 		wpa_drv_set_supp_port(wpa_s, 1);
853 #endif /* IEEE8021X_EAPOL */
854 		wpa_s->after_wps = 0;
855 		wpa_s->known_wps_freq = 0;
856 		wpas_p2p_completed(wpa_s);
857 
858 		sme_sched_obss_scan(wpa_s, 1);
859 	} else if (state == WPA_DISCONNECTED || state == WPA_ASSOCIATING ||
860 		   state == WPA_ASSOCIATED) {
861 		wpa_s->new_connection = 1;
862 		wpa_drv_set_operstate(wpa_s, 0);
863 #ifndef IEEE8021X_EAPOL
864 		wpa_drv_set_supp_port(wpa_s, 0);
865 #endif /* IEEE8021X_EAPOL */
866 		sme_sched_obss_scan(wpa_s, 0);
867 	}
868 	wpa_s->wpa_state = state;
869 
870 #ifdef CONFIG_BGSCAN
871 	if (state == WPA_COMPLETED)
872 		wpa_supplicant_start_bgscan(wpa_s);
873 	else if (state < WPA_ASSOCIATED)
874 		wpa_supplicant_stop_bgscan(wpa_s);
875 #endif /* CONFIG_BGSCAN */
876 
877 	if (state == WPA_AUTHENTICATING)
878 		wpa_supplicant_stop_autoscan(wpa_s);
879 
880 	if (state == WPA_DISCONNECTED || state == WPA_INACTIVE)
881 		wpa_supplicant_start_autoscan(wpa_s);
882 
883 	if (old_state >= WPA_ASSOCIATED && wpa_s->wpa_state < WPA_ASSOCIATED)
884 		wmm_ac_notify_disassoc(wpa_s);
885 
886 	if (wpa_s->wpa_state != old_state) {
887 		wpas_notify_state_changed(wpa_s, wpa_s->wpa_state, old_state);
888 
889 		/*
890 		 * Notify the P2P Device interface about a state change in one
891 		 * of the interfaces.
892 		 */
893 		wpas_p2p_indicate_state_change(wpa_s);
894 
895 		if (wpa_s->wpa_state == WPA_COMPLETED ||
896 		    old_state == WPA_COMPLETED)
897 			wpas_notify_auth_changed(wpa_s);
898 	}
899 }
900 
901 
wpa_supplicant_terminate_proc(struct wpa_global * global)902 void wpa_supplicant_terminate_proc(struct wpa_global *global)
903 {
904 	int pending = 0;
905 #ifdef CONFIG_WPS
906 	struct wpa_supplicant *wpa_s = global->ifaces;
907 	while (wpa_s) {
908 		struct wpa_supplicant *next = wpa_s->next;
909 		if (wpas_wps_terminate_pending(wpa_s) == 1)
910 			pending = 1;
911 #ifdef CONFIG_P2P
912 		if (wpa_s->p2p_group_interface != NOT_P2P_GROUP_INTERFACE ||
913 		    (wpa_s->current_ssid && wpa_s->current_ssid->p2p_group))
914 			wpas_p2p_disconnect(wpa_s);
915 #endif /* CONFIG_P2P */
916 		wpa_s = next;
917 	}
918 #endif /* CONFIG_WPS */
919 	if (pending)
920 		return;
921 	eloop_terminate();
922 }
923 
924 
wpa_supplicant_terminate(int sig,void * signal_ctx)925 static void wpa_supplicant_terminate(int sig, void *signal_ctx)
926 {
927 	struct wpa_global *global = signal_ctx;
928 	wpa_supplicant_terminate_proc(global);
929 }
930 
931 
wpa_supplicant_clear_status(struct wpa_supplicant * wpa_s)932 void wpa_supplicant_clear_status(struct wpa_supplicant *wpa_s)
933 {
934 	enum wpa_states old_state = wpa_s->wpa_state;
935 
936 	wpa_s->pairwise_cipher = 0;
937 	wpa_s->group_cipher = 0;
938 	wpa_s->mgmt_group_cipher = 0;
939 	wpa_s->key_mgmt = 0;
940 	if (wpa_s->wpa_state != WPA_INTERFACE_DISABLED)
941 		wpa_supplicant_set_state(wpa_s, WPA_DISCONNECTED);
942 
943 	if (wpa_s->wpa_state != old_state)
944 		wpas_notify_state_changed(wpa_s, wpa_s->wpa_state, old_state);
945 }
946 
947 
948 /**
949  * wpa_supplicant_reload_configuration - Reload configuration data
950  * @wpa_s: Pointer to wpa_supplicant data
951  * Returns: 0 on success or -1 if configuration parsing failed
952  *
953  * This function can be used to request that the configuration data is reloaded
954  * (e.g., after configuration file change). This function is reloading
955  * configuration only for one interface, so this may need to be called multiple
956  * times if %wpa_supplicant is controlling multiple interfaces and all
957  * interfaces need reconfiguration.
958  */
wpa_supplicant_reload_configuration(struct wpa_supplicant * wpa_s)959 int wpa_supplicant_reload_configuration(struct wpa_supplicant *wpa_s)
960 {
961 	struct wpa_config *conf;
962 	int reconf_ctrl;
963 	int old_ap_scan;
964 
965 	if (wpa_s->confname == NULL)
966 		return -1;
967 	conf = wpa_config_read(wpa_s->confname, NULL);
968 	if (conf == NULL) {
969 		wpa_msg(wpa_s, MSG_ERROR, "Failed to parse the configuration "
970 			"file '%s' - exiting", wpa_s->confname);
971 		return -1;
972 	}
973 	wpa_config_read(wpa_s->confanother, conf);
974 
975 	conf->changed_parameters = (unsigned int) -1;
976 
977 	reconf_ctrl = !!conf->ctrl_interface != !!wpa_s->conf->ctrl_interface
978 		|| (conf->ctrl_interface && wpa_s->conf->ctrl_interface &&
979 		    os_strcmp(conf->ctrl_interface,
980 			      wpa_s->conf->ctrl_interface) != 0);
981 
982 	if (reconf_ctrl && wpa_s->ctrl_iface) {
983 		wpa_supplicant_ctrl_iface_deinit(wpa_s->ctrl_iface);
984 		wpa_s->ctrl_iface = NULL;
985 	}
986 
987 	eapol_sm_invalidate_cached_session(wpa_s->eapol);
988 	if (wpa_s->current_ssid) {
989 		if (wpa_s->wpa_state >= WPA_AUTHENTICATING)
990 			wpa_s->own_disconnect_req = 1;
991 		wpa_supplicant_deauthenticate(wpa_s,
992 					      WLAN_REASON_DEAUTH_LEAVING);
993 	}
994 
995 	/*
996 	 * TODO: should notify EAPOL SM about changes in opensc_engine_path,
997 	 * pkcs11_engine_path, pkcs11_module_path, openssl_ciphers.
998 	 */
999 	if (wpa_key_mgmt_wpa_psk(wpa_s->key_mgmt)) {
1000 		/*
1001 		 * Clear forced success to clear EAP state for next
1002 		 * authentication.
1003 		 */
1004 		eapol_sm_notify_eap_success(wpa_s->eapol, FALSE);
1005 	}
1006 	eapol_sm_notify_config(wpa_s->eapol, NULL, NULL);
1007 	wpa_sm_set_config(wpa_s->wpa, NULL);
1008 	wpa_sm_pmksa_cache_flush(wpa_s->wpa, NULL);
1009 	wpa_sm_set_fast_reauth(wpa_s->wpa, wpa_s->conf->fast_reauth);
1010 	rsn_preauth_deinit(wpa_s->wpa);
1011 
1012 	old_ap_scan = wpa_s->conf->ap_scan;
1013 	wpa_config_free(wpa_s->conf);
1014 	wpa_s->conf = conf;
1015 	if (old_ap_scan != wpa_s->conf->ap_scan)
1016 		wpas_notify_ap_scan_changed(wpa_s);
1017 
1018 	if (reconf_ctrl)
1019 		wpa_s->ctrl_iface = wpa_supplicant_ctrl_iface_init(wpa_s);
1020 
1021 	wpa_supplicant_update_config(wpa_s);
1022 
1023 	wpa_supplicant_clear_status(wpa_s);
1024 	if (wpa_supplicant_enabled_networks(wpa_s)) {
1025 		wpa_s->reassociate = 1;
1026 		wpa_supplicant_req_scan(wpa_s, 0, 0);
1027 	}
1028 	wpa_dbg(wpa_s, MSG_DEBUG, "Reconfiguration completed");
1029 	return 0;
1030 }
1031 
1032 
wpa_supplicant_reconfig(int sig,void * signal_ctx)1033 static void wpa_supplicant_reconfig(int sig, void *signal_ctx)
1034 {
1035 	struct wpa_global *global = signal_ctx;
1036 	struct wpa_supplicant *wpa_s;
1037 	for (wpa_s = global->ifaces; wpa_s; wpa_s = wpa_s->next) {
1038 		wpa_dbg(wpa_s, MSG_DEBUG, "Signal %d received - reconfiguring",
1039 			sig);
1040 		if (wpa_supplicant_reload_configuration(wpa_s) < 0) {
1041 			wpa_supplicant_terminate_proc(global);
1042 		}
1043 	}
1044 
1045 	if (wpa_debug_reopen_file() < 0) {
1046 		/* Ignore errors since we cannot really do much to fix this */
1047 		wpa_printf(MSG_DEBUG, "Could not reopen debug log file");
1048 	}
1049 }
1050 
1051 
wpa_supplicant_suites_from_ai(struct wpa_supplicant * wpa_s,struct wpa_ssid * ssid,struct wpa_ie_data * ie)1052 static int wpa_supplicant_suites_from_ai(struct wpa_supplicant *wpa_s,
1053 					 struct wpa_ssid *ssid,
1054 					 struct wpa_ie_data *ie)
1055 {
1056 	int ret = wpa_sm_parse_own_wpa_ie(wpa_s->wpa, ie);
1057 	if (ret) {
1058 		if (ret == -2) {
1059 			wpa_msg(wpa_s, MSG_INFO, "WPA: Failed to parse WPA IE "
1060 				"from association info");
1061 		}
1062 		return -1;
1063 	}
1064 
1065 	wpa_dbg(wpa_s, MSG_DEBUG, "WPA: Using WPA IE from AssocReq to set "
1066 		"cipher suites");
1067 	if (!(ie->group_cipher & ssid->group_cipher)) {
1068 		wpa_msg(wpa_s, MSG_INFO, "WPA: Driver used disabled group "
1069 			"cipher 0x%x (mask 0x%x) - reject",
1070 			ie->group_cipher, ssid->group_cipher);
1071 		return -1;
1072 	}
1073 	if (!(ie->pairwise_cipher & ssid->pairwise_cipher)) {
1074 		wpa_msg(wpa_s, MSG_INFO, "WPA: Driver used disabled pairwise "
1075 			"cipher 0x%x (mask 0x%x) - reject",
1076 			ie->pairwise_cipher, ssid->pairwise_cipher);
1077 		return -1;
1078 	}
1079 	if (!(ie->key_mgmt & ssid->key_mgmt)) {
1080 		wpa_msg(wpa_s, MSG_INFO, "WPA: Driver used disabled key "
1081 			"management 0x%x (mask 0x%x) - reject",
1082 			ie->key_mgmt, ssid->key_mgmt);
1083 		return -1;
1084 	}
1085 
1086 #ifdef CONFIG_IEEE80211W
1087 	if (!(ie->capabilities & WPA_CAPABILITY_MFPC) &&
1088 	    wpas_get_ssid_pmf(wpa_s, ssid) == MGMT_FRAME_PROTECTION_REQUIRED) {
1089 		wpa_msg(wpa_s, MSG_INFO, "WPA: Driver associated with an AP "
1090 			"that does not support management frame protection - "
1091 			"reject");
1092 		return -1;
1093 	}
1094 #endif /* CONFIG_IEEE80211W */
1095 
1096 	return 0;
1097 }
1098 
1099 
1100 /**
1101  * wpa_supplicant_set_suites - Set authentication and encryption parameters
1102  * @wpa_s: Pointer to wpa_supplicant data
1103  * @bss: Scan results for the selected BSS, or %NULL if not available
1104  * @ssid: Configuration data for the selected network
1105  * @wpa_ie: Buffer for the WPA/RSN IE
1106  * @wpa_ie_len: Maximum wpa_ie buffer size on input. This is changed to be the
1107  * used buffer length in case the functions returns success.
1108  * Returns: 0 on success or -1 on failure
1109  *
1110  * This function is used to configure authentication and encryption parameters
1111  * based on the network configuration and scan result for the selected BSS (if
1112  * available).
1113  */
wpa_supplicant_set_suites(struct wpa_supplicant * wpa_s,struct wpa_bss * bss,struct wpa_ssid * ssid,u8 * wpa_ie,size_t * wpa_ie_len)1114 int wpa_supplicant_set_suites(struct wpa_supplicant *wpa_s,
1115 			      struct wpa_bss *bss, struct wpa_ssid *ssid,
1116 			      u8 *wpa_ie, size_t *wpa_ie_len)
1117 {
1118 	struct wpa_ie_data ie;
1119 	int sel, proto;
1120 	const u8 *bss_wpa, *bss_rsn, *bss_osen;
1121 
1122 	if (bss) {
1123 		bss_wpa = wpa_bss_get_vendor_ie(bss, WPA_IE_VENDOR_TYPE);
1124 		bss_rsn = wpa_bss_get_ie(bss, WLAN_EID_RSN);
1125 		bss_osen = wpa_bss_get_vendor_ie(bss, OSEN_IE_VENDOR_TYPE);
1126 	} else
1127 		bss_wpa = bss_rsn = bss_osen = NULL;
1128 
1129 	if (bss_rsn && (ssid->proto & WPA_PROTO_RSN) &&
1130 	    wpa_parse_wpa_ie(bss_rsn, 2 + bss_rsn[1], &ie) == 0 &&
1131 	    (ie.group_cipher & ssid->group_cipher) &&
1132 	    (ie.pairwise_cipher & ssid->pairwise_cipher) &&
1133 	    (ie.key_mgmt & ssid->key_mgmt)) {
1134 		wpa_dbg(wpa_s, MSG_DEBUG, "RSN: using IEEE 802.11i/D9.0");
1135 		proto = WPA_PROTO_RSN;
1136 	} else if (bss_wpa && (ssid->proto & WPA_PROTO_WPA) &&
1137 		   wpa_parse_wpa_ie(bss_wpa, 2 + bss_wpa[1], &ie) == 0 &&
1138 		   (ie.group_cipher & ssid->group_cipher) &&
1139 		   (ie.pairwise_cipher & ssid->pairwise_cipher) &&
1140 		   (ie.key_mgmt & ssid->key_mgmt)) {
1141 		wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using IEEE 802.11i/D3.0");
1142 		proto = WPA_PROTO_WPA;
1143 #ifdef CONFIG_HS20
1144 	} else if (bss_osen && (ssid->proto & WPA_PROTO_OSEN)) {
1145 		wpa_dbg(wpa_s, MSG_DEBUG, "HS 2.0: using OSEN");
1146 		/* TODO: parse OSEN element */
1147 		os_memset(&ie, 0, sizeof(ie));
1148 		ie.group_cipher = WPA_CIPHER_CCMP;
1149 		ie.pairwise_cipher = WPA_CIPHER_CCMP;
1150 		ie.key_mgmt = WPA_KEY_MGMT_OSEN;
1151 		proto = WPA_PROTO_OSEN;
1152 #endif /* CONFIG_HS20 */
1153 	} else if (bss) {
1154 		wpa_msg(wpa_s, MSG_WARNING, "WPA: Failed to select WPA/RSN");
1155 		wpa_dbg(wpa_s, MSG_DEBUG,
1156 			"WPA: ssid proto=0x%x pairwise_cipher=0x%x group_cipher=0x%x key_mgmt=0x%x",
1157 			ssid->proto, ssid->pairwise_cipher, ssid->group_cipher,
1158 			ssid->key_mgmt);
1159 		wpa_dbg(wpa_s, MSG_DEBUG, "WPA: BSS " MACSTR " ssid='%s'%s%s%s",
1160 			MAC2STR(bss->bssid),
1161 			wpa_ssid_txt(bss->ssid, bss->ssid_len),
1162 			bss_wpa ? " WPA" : "",
1163 			bss_rsn ? " RSN" : "",
1164 			bss_osen ? " OSEN" : "");
1165 		if (bss_rsn) {
1166 			wpa_hexdump(MSG_DEBUG, "RSN", bss_rsn, 2 + bss_rsn[1]);
1167 			if (wpa_parse_wpa_ie(bss_rsn, 2 + bss_rsn[1], &ie)) {
1168 				wpa_dbg(wpa_s, MSG_DEBUG,
1169 					"Could not parse RSN element");
1170 			} else {
1171 				wpa_dbg(wpa_s, MSG_DEBUG,
1172 					"RSN: pairwise_cipher=0x%x group_cipher=0x%x key_mgmt=0x%x",
1173 					ie.pairwise_cipher, ie.group_cipher,
1174 					ie.key_mgmt);
1175 			}
1176 		}
1177 		if (bss_wpa) {
1178 			wpa_hexdump(MSG_DEBUG, "WPA", bss_wpa, 2 + bss_wpa[1]);
1179 			if (wpa_parse_wpa_ie(bss_wpa, 2 + bss_wpa[1], &ie)) {
1180 				wpa_dbg(wpa_s, MSG_DEBUG,
1181 					"Could not parse WPA element");
1182 			} else {
1183 				wpa_dbg(wpa_s, MSG_DEBUG,
1184 					"WPA: pairwise_cipher=0x%x group_cipher=0x%x key_mgmt=0x%x",
1185 					ie.pairwise_cipher, ie.group_cipher,
1186 					ie.key_mgmt);
1187 			}
1188 		}
1189 		return -1;
1190 	} else {
1191 		if (ssid->proto & WPA_PROTO_OSEN)
1192 			proto = WPA_PROTO_OSEN;
1193 		else if (ssid->proto & WPA_PROTO_RSN)
1194 			proto = WPA_PROTO_RSN;
1195 		else
1196 			proto = WPA_PROTO_WPA;
1197 		if (wpa_supplicant_suites_from_ai(wpa_s, ssid, &ie) < 0) {
1198 			os_memset(&ie, 0, sizeof(ie));
1199 			ie.group_cipher = ssid->group_cipher;
1200 			ie.pairwise_cipher = ssid->pairwise_cipher;
1201 			ie.key_mgmt = ssid->key_mgmt;
1202 #ifdef CONFIG_IEEE80211W
1203 			ie.mgmt_group_cipher =
1204 				ssid->ieee80211w != NO_MGMT_FRAME_PROTECTION ?
1205 				WPA_CIPHER_AES_128_CMAC : 0;
1206 #endif /* CONFIG_IEEE80211W */
1207 			wpa_dbg(wpa_s, MSG_DEBUG, "WPA: Set cipher suites "
1208 				"based on configuration");
1209 		} else
1210 			proto = ie.proto;
1211 	}
1212 
1213 	wpa_dbg(wpa_s, MSG_DEBUG, "WPA: Selected cipher suites: group %d "
1214 		"pairwise %d key_mgmt %d proto %d",
1215 		ie.group_cipher, ie.pairwise_cipher, ie.key_mgmt, proto);
1216 #ifdef CONFIG_IEEE80211W
1217 	if (ssid->ieee80211w) {
1218 		wpa_dbg(wpa_s, MSG_DEBUG, "WPA: Selected mgmt group cipher %d",
1219 			ie.mgmt_group_cipher);
1220 	}
1221 #endif /* CONFIG_IEEE80211W */
1222 
1223 	wpa_s->wpa_proto = proto;
1224 	wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_PROTO, proto);
1225 	wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_RSN_ENABLED,
1226 			 !!(ssid->proto & (WPA_PROTO_RSN | WPA_PROTO_OSEN)));
1227 
1228 	if (bss || !wpa_s->ap_ies_from_associnfo) {
1229 		if (wpa_sm_set_ap_wpa_ie(wpa_s->wpa, bss_wpa,
1230 					 bss_wpa ? 2 + bss_wpa[1] : 0) ||
1231 		    wpa_sm_set_ap_rsn_ie(wpa_s->wpa, bss_rsn,
1232 					 bss_rsn ? 2 + bss_rsn[1] : 0))
1233 			return -1;
1234 	}
1235 
1236 #ifdef CONFIG_NO_WPA
1237 	wpa_s->group_cipher = WPA_CIPHER_NONE;
1238 	wpa_s->pairwise_cipher = WPA_CIPHER_NONE;
1239 #else /* CONFIG_NO_WPA */
1240 	sel = ie.group_cipher & ssid->group_cipher;
1241 	wpa_s->group_cipher = wpa_pick_group_cipher(sel);
1242 	if (wpa_s->group_cipher < 0) {
1243 		wpa_msg(wpa_s, MSG_WARNING, "WPA: Failed to select group "
1244 			"cipher");
1245 		return -1;
1246 	}
1247 	wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using GTK %s",
1248 		wpa_cipher_txt(wpa_s->group_cipher));
1249 
1250 	sel = ie.pairwise_cipher & ssid->pairwise_cipher;
1251 	wpa_s->pairwise_cipher = wpa_pick_pairwise_cipher(sel, 1);
1252 	if (wpa_s->pairwise_cipher < 0) {
1253 		wpa_msg(wpa_s, MSG_WARNING, "WPA: Failed to select pairwise "
1254 			"cipher");
1255 		return -1;
1256 	}
1257 	wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using PTK %s",
1258 		wpa_cipher_txt(wpa_s->pairwise_cipher));
1259 #endif /* CONFIG_NO_WPA */
1260 
1261 	sel = ie.key_mgmt & ssid->key_mgmt;
1262 #ifdef CONFIG_SAE
1263 	if (!(wpa_s->drv_flags & WPA_DRIVER_FLAGS_SAE))
1264 		sel &= ~(WPA_KEY_MGMT_SAE | WPA_KEY_MGMT_FT_SAE);
1265 #endif /* CONFIG_SAE */
1266 	if (0) {
1267 #ifdef CONFIG_SUITEB192
1268 	} else if (sel & WPA_KEY_MGMT_IEEE8021X_SUITE_B_192) {
1269 		wpa_s->key_mgmt = WPA_KEY_MGMT_IEEE8021X_SUITE_B_192;
1270 		wpa_dbg(wpa_s, MSG_DEBUG,
1271 			"WPA: using KEY_MGMT 802.1X with Suite B (192-bit)");
1272 #endif /* CONFIG_SUITEB192 */
1273 #ifdef CONFIG_SUITEB
1274 	} else if (sel & WPA_KEY_MGMT_IEEE8021X_SUITE_B) {
1275 		wpa_s->key_mgmt = WPA_KEY_MGMT_IEEE8021X_SUITE_B;
1276 		wpa_dbg(wpa_s, MSG_DEBUG,
1277 			"WPA: using KEY_MGMT 802.1X with Suite B");
1278 #endif /* CONFIG_SUITEB */
1279 #ifdef CONFIG_FILS
1280 #ifdef CONFIG_IEEE80211R
1281 	} else if (sel & WPA_KEY_MGMT_FT_FILS_SHA384) {
1282 		wpa_s->key_mgmt = WPA_KEY_MGMT_FT_FILS_SHA384;
1283 		wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using KEY_MGMT FT-FILS-SHA384");
1284 	} else if (sel & WPA_KEY_MGMT_FT_FILS_SHA256) {
1285 		wpa_s->key_mgmt = WPA_KEY_MGMT_FT_FILS_SHA256;
1286 		wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using KEY_MGMT FT-FILS-SHA256");
1287 #endif /* CONFIG_IEEE80211R */
1288 	} else if (sel & WPA_KEY_MGMT_FILS_SHA384) {
1289 		wpa_s->key_mgmt = WPA_KEY_MGMT_FILS_SHA384;
1290 		wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using KEY_MGMT FILS-SHA384");
1291 	} else if (sel & WPA_KEY_MGMT_FILS_SHA256) {
1292 		wpa_s->key_mgmt = WPA_KEY_MGMT_FILS_SHA256;
1293 		wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using KEY_MGMT FILS-SHA256");
1294 #endif /* CONFIG_FILS */
1295 #ifdef CONFIG_IEEE80211R
1296 	} else if (sel & WPA_KEY_MGMT_FT_IEEE8021X) {
1297 		wpa_s->key_mgmt = WPA_KEY_MGMT_FT_IEEE8021X;
1298 		wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using KEY_MGMT FT/802.1X");
1299 	} else if (sel & WPA_KEY_MGMT_FT_PSK) {
1300 		wpa_s->key_mgmt = WPA_KEY_MGMT_FT_PSK;
1301 		wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using KEY_MGMT FT/PSK");
1302 #endif /* CONFIG_IEEE80211R */
1303 #ifdef CONFIG_SAE
1304 	} else if (sel & WPA_KEY_MGMT_SAE) {
1305 		wpa_s->key_mgmt = WPA_KEY_MGMT_SAE;
1306 		wpa_dbg(wpa_s, MSG_DEBUG, "RSN: using KEY_MGMT SAE");
1307 	} else if (sel & WPA_KEY_MGMT_FT_SAE) {
1308 		wpa_s->key_mgmt = WPA_KEY_MGMT_FT_SAE;
1309 		wpa_dbg(wpa_s, MSG_DEBUG, "RSN: using KEY_MGMT FT/SAE");
1310 #endif /* CONFIG_SAE */
1311 #ifdef CONFIG_IEEE80211W
1312 	} else if (sel & WPA_KEY_MGMT_IEEE8021X_SHA256) {
1313 		wpa_s->key_mgmt = WPA_KEY_MGMT_IEEE8021X_SHA256;
1314 		wpa_dbg(wpa_s, MSG_DEBUG,
1315 			"WPA: using KEY_MGMT 802.1X with SHA256");
1316 	} else if (sel & WPA_KEY_MGMT_PSK_SHA256) {
1317 		wpa_s->key_mgmt = WPA_KEY_MGMT_PSK_SHA256;
1318 		wpa_dbg(wpa_s, MSG_DEBUG,
1319 			"WPA: using KEY_MGMT PSK with SHA256");
1320 #endif /* CONFIG_IEEE80211W */
1321 	} else if (sel & WPA_KEY_MGMT_IEEE8021X) {
1322 		wpa_s->key_mgmt = WPA_KEY_MGMT_IEEE8021X;
1323 		wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using KEY_MGMT 802.1X");
1324 	} else if (sel & WPA_KEY_MGMT_PSK) {
1325 		wpa_s->key_mgmt = WPA_KEY_MGMT_PSK;
1326 		wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using KEY_MGMT WPA-PSK");
1327 	} else if (sel & WPA_KEY_MGMT_WPA_NONE) {
1328 		wpa_s->key_mgmt = WPA_KEY_MGMT_WPA_NONE;
1329 		wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using KEY_MGMT WPA-NONE");
1330 #ifdef CONFIG_HS20
1331 	} else if (sel & WPA_KEY_MGMT_OSEN) {
1332 		wpa_s->key_mgmt = WPA_KEY_MGMT_OSEN;
1333 		wpa_dbg(wpa_s, MSG_DEBUG, "HS 2.0: using KEY_MGMT OSEN");
1334 #endif /* CONFIG_HS20 */
1335 	} else {
1336 		wpa_msg(wpa_s, MSG_WARNING, "WPA: Failed to select "
1337 			"authenticated key management type");
1338 		return -1;
1339 	}
1340 
1341 	wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_KEY_MGMT, wpa_s->key_mgmt);
1342 	wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_PAIRWISE,
1343 			 wpa_s->pairwise_cipher);
1344 	wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_GROUP, wpa_s->group_cipher);
1345 
1346 #ifdef CONFIG_IEEE80211W
1347 	sel = ie.mgmt_group_cipher;
1348 	if (wpas_get_ssid_pmf(wpa_s, ssid) == NO_MGMT_FRAME_PROTECTION ||
1349 	    !(ie.capabilities & WPA_CAPABILITY_MFPC))
1350 		sel = 0;
1351 	if (sel & WPA_CIPHER_AES_128_CMAC) {
1352 		wpa_s->mgmt_group_cipher = WPA_CIPHER_AES_128_CMAC;
1353 		wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using MGMT group cipher "
1354 			"AES-128-CMAC");
1355 	} else if (sel & WPA_CIPHER_BIP_GMAC_128) {
1356 		wpa_s->mgmt_group_cipher = WPA_CIPHER_BIP_GMAC_128;
1357 		wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using MGMT group cipher "
1358 			"BIP-GMAC-128");
1359 	} else if (sel & WPA_CIPHER_BIP_GMAC_256) {
1360 		wpa_s->mgmt_group_cipher = WPA_CIPHER_BIP_GMAC_256;
1361 		wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using MGMT group cipher "
1362 			"BIP-GMAC-256");
1363 	} else if (sel & WPA_CIPHER_BIP_CMAC_256) {
1364 		wpa_s->mgmt_group_cipher = WPA_CIPHER_BIP_CMAC_256;
1365 		wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using MGMT group cipher "
1366 			"BIP-CMAC-256");
1367 	} else {
1368 		wpa_s->mgmt_group_cipher = 0;
1369 		wpa_dbg(wpa_s, MSG_DEBUG, "WPA: not using MGMT group cipher");
1370 	}
1371 	wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_MGMT_GROUP,
1372 			 wpa_s->mgmt_group_cipher);
1373 	wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_MFP,
1374 			 wpas_get_ssid_pmf(wpa_s, ssid));
1375 #endif /* CONFIG_IEEE80211W */
1376 
1377 	if (wpa_sm_set_assoc_wpa_ie_default(wpa_s->wpa, wpa_ie, wpa_ie_len)) {
1378 		wpa_msg(wpa_s, MSG_WARNING, "WPA: Failed to generate WPA IE");
1379 		return -1;
1380 	}
1381 
1382 	if (wpa_key_mgmt_wpa_psk(ssid->key_mgmt)) {
1383 		int psk_set = 0;
1384 
1385 		if (ssid->psk_set) {
1386 			wpa_sm_set_pmk(wpa_s->wpa, ssid->psk, PMK_LEN, NULL,
1387 				       NULL);
1388 			psk_set = 1;
1389 		}
1390 #ifndef CONFIG_NO_PBKDF2
1391 		if (bss && ssid->bssid_set && ssid->ssid_len == 0 &&
1392 		    ssid->passphrase) {
1393 			u8 psk[PMK_LEN];
1394 		        pbkdf2_sha1(ssid->passphrase, bss->ssid, bss->ssid_len,
1395 				    4096, psk, PMK_LEN);
1396 		        wpa_hexdump_key(MSG_MSGDUMP, "PSK (from passphrase)",
1397 					psk, PMK_LEN);
1398 			wpa_sm_set_pmk(wpa_s->wpa, psk, PMK_LEN, NULL, NULL);
1399 			psk_set = 1;
1400 			os_memset(psk, 0, sizeof(psk));
1401 		}
1402 #endif /* CONFIG_NO_PBKDF2 */
1403 #ifdef CONFIG_EXT_PASSWORD
1404 		if (ssid->ext_psk) {
1405 			struct wpabuf *pw = ext_password_get(wpa_s->ext_pw,
1406 							     ssid->ext_psk);
1407 			char pw_str[64 + 1];
1408 			u8 psk[PMK_LEN];
1409 
1410 			if (pw == NULL) {
1411 				wpa_msg(wpa_s, MSG_INFO, "EXT PW: No PSK "
1412 					"found from external storage");
1413 				return -1;
1414 			}
1415 
1416 			if (wpabuf_len(pw) < 8 || wpabuf_len(pw) > 64) {
1417 				wpa_msg(wpa_s, MSG_INFO, "EXT PW: Unexpected "
1418 					"PSK length %d in external storage",
1419 					(int) wpabuf_len(pw));
1420 				ext_password_free(pw);
1421 				return -1;
1422 			}
1423 
1424 			os_memcpy(pw_str, wpabuf_head(pw), wpabuf_len(pw));
1425 			pw_str[wpabuf_len(pw)] = '\0';
1426 
1427 #ifndef CONFIG_NO_PBKDF2
1428 			if (wpabuf_len(pw) >= 8 && wpabuf_len(pw) < 64 && bss)
1429 			{
1430 				pbkdf2_sha1(pw_str, bss->ssid, bss->ssid_len,
1431 					    4096, psk, PMK_LEN);
1432 				os_memset(pw_str, 0, sizeof(pw_str));
1433 				wpa_hexdump_key(MSG_MSGDUMP, "PSK (from "
1434 						"external passphrase)",
1435 						psk, PMK_LEN);
1436 				wpa_sm_set_pmk(wpa_s->wpa, psk, PMK_LEN, NULL,
1437 					       NULL);
1438 				psk_set = 1;
1439 				os_memset(psk, 0, sizeof(psk));
1440 			} else
1441 #endif /* CONFIG_NO_PBKDF2 */
1442 			if (wpabuf_len(pw) == 2 * PMK_LEN) {
1443 				if (hexstr2bin(pw_str, psk, PMK_LEN) < 0) {
1444 					wpa_msg(wpa_s, MSG_INFO, "EXT PW: "
1445 						"Invalid PSK hex string");
1446 					os_memset(pw_str, 0, sizeof(pw_str));
1447 					ext_password_free(pw);
1448 					return -1;
1449 				}
1450 				wpa_sm_set_pmk(wpa_s->wpa, psk, PMK_LEN, NULL,
1451 					       NULL);
1452 				psk_set = 1;
1453 				os_memset(psk, 0, sizeof(psk));
1454 			} else {
1455 				wpa_msg(wpa_s, MSG_INFO, "EXT PW: No suitable "
1456 					"PSK available");
1457 				os_memset(pw_str, 0, sizeof(pw_str));
1458 				ext_password_free(pw);
1459 				return -1;
1460 			}
1461 
1462 			os_memset(pw_str, 0, sizeof(pw_str));
1463 			ext_password_free(pw);
1464 		}
1465 #endif /* CONFIG_EXT_PASSWORD */
1466 
1467 		if (!psk_set) {
1468 			wpa_msg(wpa_s, MSG_INFO,
1469 				"No PSK available for association");
1470 			return -1;
1471 		}
1472 	} else
1473 		wpa_sm_set_pmk_from_pmksa(wpa_s->wpa);
1474 
1475 	return 0;
1476 }
1477 
1478 
wpas_ext_capab_byte(struct wpa_supplicant * wpa_s,u8 * pos,int idx)1479 static void wpas_ext_capab_byte(struct wpa_supplicant *wpa_s, u8 *pos, int idx)
1480 {
1481 	*pos = 0x00;
1482 
1483 	switch (idx) {
1484 	case 0: /* Bits 0-7 */
1485 		break;
1486 	case 1: /* Bits 8-15 */
1487 		break;
1488 	case 2: /* Bits 16-23 */
1489 #ifdef CONFIG_WNM
1490 		*pos |= 0x02; /* Bit 17 - WNM-Sleep Mode */
1491 		*pos |= 0x08; /* Bit 19 - BSS Transition */
1492 #endif /* CONFIG_WNM */
1493 		break;
1494 	case 3: /* Bits 24-31 */
1495 #ifdef CONFIG_WNM
1496 		*pos |= 0x02; /* Bit 25 - SSID List */
1497 #endif /* CONFIG_WNM */
1498 #ifdef CONFIG_INTERWORKING
1499 		if (wpa_s->conf->interworking)
1500 			*pos |= 0x80; /* Bit 31 - Interworking */
1501 #endif /* CONFIG_INTERWORKING */
1502 		break;
1503 	case 4: /* Bits 32-39 */
1504 #ifdef CONFIG_INTERWORKING
1505 		if (wpa_s->drv_flags / WPA_DRIVER_FLAGS_QOS_MAPPING)
1506 			*pos |= 0x01; /* Bit 32 - QoS Map */
1507 #endif /* CONFIG_INTERWORKING */
1508 		break;
1509 	case 5: /* Bits 40-47 */
1510 #ifdef CONFIG_HS20
1511 		if (wpa_s->conf->hs20)
1512 			*pos |= 0x40; /* Bit 46 - WNM-Notification */
1513 #endif /* CONFIG_HS20 */
1514 #ifdef CONFIG_MBO
1515 		*pos |= 0x40; /* Bit 46 - WNM-Notification */
1516 #endif /* CONFIG_MBO */
1517 		break;
1518 	case 6: /* Bits 48-55 */
1519 		break;
1520 	case 7: /* Bits 56-63 */
1521 		break;
1522 	case 8: /* Bits 64-71 */
1523 		if (wpa_s->conf->ftm_responder)
1524 			*pos |= 0x40; /* Bit 70 - FTM responder */
1525 		if (wpa_s->conf->ftm_initiator)
1526 			*pos |= 0x80; /* Bit 71 - FTM initiator */
1527 		break;
1528 	case 9: /* Bits 72-79 */
1529 #ifdef CONFIG_FILS
1530 		*pos |= 0x01;
1531 #endif /* CONFIG_FILS */
1532 		break;
1533 	}
1534 }
1535 
1536 
wpas_build_ext_capab(struct wpa_supplicant * wpa_s,u8 * buf,size_t buflen)1537 int wpas_build_ext_capab(struct wpa_supplicant *wpa_s, u8 *buf, size_t buflen)
1538 {
1539 	u8 *pos = buf;
1540 	u8 len = 10, i;
1541 
1542 	if (len < wpa_s->extended_capa_len)
1543 		len = wpa_s->extended_capa_len;
1544 	if (buflen < (size_t) len + 2) {
1545 		wpa_printf(MSG_INFO,
1546 			   "Not enough room for building extended capabilities element");
1547 		return -1;
1548 	}
1549 
1550 	*pos++ = WLAN_EID_EXT_CAPAB;
1551 	*pos++ = len;
1552 	for (i = 0; i < len; i++, pos++) {
1553 		wpas_ext_capab_byte(wpa_s, pos, i);
1554 
1555 		if (i < wpa_s->extended_capa_len) {
1556 			*pos &= ~wpa_s->extended_capa_mask[i];
1557 			*pos |= wpa_s->extended_capa[i];
1558 		}
1559 	}
1560 
1561 	while (len > 0 && buf[1 + len] == 0) {
1562 		len--;
1563 		buf[1] = len;
1564 	}
1565 	if (len == 0)
1566 		return 0;
1567 
1568 	return 2 + len;
1569 }
1570 
1571 
wpas_valid_bss(struct wpa_supplicant * wpa_s,struct wpa_bss * test_bss)1572 static int wpas_valid_bss(struct wpa_supplicant *wpa_s,
1573 			  struct wpa_bss *test_bss)
1574 {
1575 	struct wpa_bss *bss;
1576 
1577 	dl_list_for_each(bss, &wpa_s->bss, struct wpa_bss, list) {
1578 		if (bss == test_bss)
1579 			return 1;
1580 	}
1581 
1582 	return 0;
1583 }
1584 
1585 
wpas_valid_ssid(struct wpa_supplicant * wpa_s,struct wpa_ssid * test_ssid)1586 static int wpas_valid_ssid(struct wpa_supplicant *wpa_s,
1587 			   struct wpa_ssid *test_ssid)
1588 {
1589 	struct wpa_ssid *ssid;
1590 
1591 	for (ssid = wpa_s->conf->ssid; ssid; ssid = ssid->next) {
1592 		if (ssid == test_ssid)
1593 			return 1;
1594 	}
1595 
1596 	return 0;
1597 }
1598 
1599 
wpas_valid_bss_ssid(struct wpa_supplicant * wpa_s,struct wpa_bss * test_bss,struct wpa_ssid * test_ssid)1600 int wpas_valid_bss_ssid(struct wpa_supplicant *wpa_s, struct wpa_bss *test_bss,
1601 			struct wpa_ssid *test_ssid)
1602 {
1603 	if (test_bss && !wpas_valid_bss(wpa_s, test_bss))
1604 		return 0;
1605 
1606 	return test_ssid == NULL || wpas_valid_ssid(wpa_s, test_ssid);
1607 }
1608 
1609 
wpas_connect_work_free(struct wpa_connect_work * cwork)1610 void wpas_connect_work_free(struct wpa_connect_work *cwork)
1611 {
1612 	if (cwork == NULL)
1613 		return;
1614 	os_free(cwork);
1615 }
1616 
1617 
wpas_connect_work_done(struct wpa_supplicant * wpa_s)1618 void wpas_connect_work_done(struct wpa_supplicant *wpa_s)
1619 {
1620 	struct wpa_connect_work *cwork;
1621 	struct wpa_radio_work *work = wpa_s->connect_work;
1622 
1623 	if (!work)
1624 		return;
1625 
1626 	wpa_s->connect_work = NULL;
1627 	cwork = work->ctx;
1628 	work->ctx = NULL;
1629 	wpas_connect_work_free(cwork);
1630 	radio_work_done(work);
1631 }
1632 
1633 
wpas_update_random_addr(struct wpa_supplicant * wpa_s,int style)1634 int wpas_update_random_addr(struct wpa_supplicant *wpa_s, int style)
1635 {
1636 	struct os_reltime now;
1637 	u8 addr[ETH_ALEN];
1638 
1639 	os_get_reltime(&now);
1640 	if (wpa_s->last_mac_addr_style == style &&
1641 	    wpa_s->last_mac_addr_change.sec != 0 &&
1642 	    !os_reltime_expired(&now, &wpa_s->last_mac_addr_change,
1643 				wpa_s->conf->rand_addr_lifetime)) {
1644 		wpa_msg(wpa_s, MSG_DEBUG,
1645 			"Previously selected random MAC address has not yet expired");
1646 		return 0;
1647 	}
1648 
1649 	switch (style) {
1650 	case 1:
1651 		if (random_mac_addr(addr) < 0)
1652 			return -1;
1653 		break;
1654 	case 2:
1655 		os_memcpy(addr, wpa_s->perm_addr, ETH_ALEN);
1656 		if (random_mac_addr_keep_oui(addr) < 0)
1657 			return -1;
1658 		break;
1659 	default:
1660 		return -1;
1661 	}
1662 
1663 	if (wpa_drv_set_mac_addr(wpa_s, addr) < 0) {
1664 		wpa_msg(wpa_s, MSG_INFO,
1665 			"Failed to set random MAC address");
1666 		return -1;
1667 	}
1668 
1669 	os_get_reltime(&wpa_s->last_mac_addr_change);
1670 	wpa_s->mac_addr_changed = 1;
1671 	wpa_s->last_mac_addr_style = style;
1672 
1673 	if (wpa_supplicant_update_mac_addr(wpa_s) < 0) {
1674 		wpa_msg(wpa_s, MSG_INFO,
1675 			"Could not update MAC address information");
1676 		return -1;
1677 	}
1678 
1679 	wpa_msg(wpa_s, MSG_DEBUG, "Using random MAC address " MACSTR,
1680 		MAC2STR(addr));
1681 
1682 	return 0;
1683 }
1684 
1685 
wpas_update_random_addr_disassoc(struct wpa_supplicant * wpa_s)1686 int wpas_update_random_addr_disassoc(struct wpa_supplicant *wpa_s)
1687 {
1688 	if (wpa_s->wpa_state >= WPA_AUTHENTICATING ||
1689 	    !wpa_s->conf->preassoc_mac_addr)
1690 		return 0;
1691 
1692 	return wpas_update_random_addr(wpa_s, wpa_s->conf->preassoc_mac_addr);
1693 }
1694 
1695 
1696 static void wpas_start_assoc_cb(struct wpa_radio_work *work, int deinit);
1697 
1698 /**
1699  * wpa_supplicant_associate - Request association
1700  * @wpa_s: Pointer to wpa_supplicant data
1701  * @bss: Scan results for the selected BSS, or %NULL if not available
1702  * @ssid: Configuration data for the selected network
1703  *
1704  * This function is used to request %wpa_supplicant to associate with a BSS.
1705  */
wpa_supplicant_associate(struct wpa_supplicant * wpa_s,struct wpa_bss * bss,struct wpa_ssid * ssid)1706 void wpa_supplicant_associate(struct wpa_supplicant *wpa_s,
1707 			      struct wpa_bss *bss, struct wpa_ssid *ssid)
1708 {
1709 	struct wpa_connect_work *cwork;
1710 	int rand_style;
1711 
1712 	wpa_s->own_disconnect_req = 0;
1713 
1714 	/*
1715 	 * If we are starting a new connection, any previously pending EAPOL
1716 	 * RX cannot be valid anymore.
1717 	 */
1718 	wpabuf_free(wpa_s->pending_eapol_rx);
1719 	wpa_s->pending_eapol_rx = NULL;
1720 
1721 	if (ssid->mac_addr == -1)
1722 		rand_style = wpa_s->conf->mac_addr;
1723 	else
1724 		rand_style = ssid->mac_addr;
1725 
1726 	wmm_ac_clear_saved_tspecs(wpa_s);
1727 	wpa_s->reassoc_same_bss = 0;
1728 	wpa_s->reassoc_same_ess = 0;
1729 
1730 	if (wpa_s->last_ssid == ssid) {
1731 		wpa_dbg(wpa_s, MSG_DEBUG, "Re-association to the same ESS");
1732 		wpa_s->reassoc_same_ess = 1;
1733 		if (wpa_s->current_bss && wpa_s->current_bss == bss) {
1734 			wmm_ac_save_tspecs(wpa_s);
1735 			wpa_s->reassoc_same_bss = 1;
1736 		}
1737 	}
1738 
1739 	if (rand_style > 0 && !wpa_s->reassoc_same_ess) {
1740 		if (wpas_update_random_addr(wpa_s, rand_style) < 0)
1741 			return;
1742 		wpa_sm_pmksa_cache_flush(wpa_s->wpa, ssid);
1743 	} else if (rand_style == 0 && wpa_s->mac_addr_changed) {
1744 		if (wpa_drv_set_mac_addr(wpa_s, NULL) < 0) {
1745 			wpa_msg(wpa_s, MSG_INFO,
1746 				"Could not restore permanent MAC address");
1747 			return;
1748 		}
1749 		wpa_s->mac_addr_changed = 0;
1750 		if (wpa_supplicant_update_mac_addr(wpa_s) < 0) {
1751 			wpa_msg(wpa_s, MSG_INFO,
1752 				"Could not update MAC address information");
1753 			return;
1754 		}
1755 		wpa_msg(wpa_s, MSG_DEBUG, "Using permanent MAC address");
1756 	}
1757 	wpa_s->last_ssid = ssid;
1758 
1759 #ifdef CONFIG_IBSS_RSN
1760 	ibss_rsn_deinit(wpa_s->ibss_rsn);
1761 	wpa_s->ibss_rsn = NULL;
1762 #else /* CONFIG_IBSS_RSN */
1763 	if (ssid->mode == WPAS_MODE_IBSS &&
1764 	    !(ssid->key_mgmt & (WPA_KEY_MGMT_NONE | WPA_KEY_MGMT_WPA_NONE))) {
1765 		wpa_msg(wpa_s, MSG_INFO,
1766 			"IBSS RSN not supported in the build");
1767 		return;
1768 	}
1769 #endif /* CONFIG_IBSS_RSN */
1770 
1771 	if (ssid->mode == WPAS_MODE_AP || ssid->mode == WPAS_MODE_P2P_GO ||
1772 	    ssid->mode == WPAS_MODE_P2P_GROUP_FORMATION) {
1773 #ifdef CONFIG_AP
1774 		if (!(wpa_s->drv_flags & WPA_DRIVER_FLAGS_AP)) {
1775 			wpa_msg(wpa_s, MSG_INFO, "Driver does not support AP "
1776 				"mode");
1777 			return;
1778 		}
1779 		if (wpa_supplicant_create_ap(wpa_s, ssid) < 0) {
1780 			wpa_supplicant_set_state(wpa_s, WPA_DISCONNECTED);
1781 			if (ssid->mode == WPAS_MODE_P2P_GROUP_FORMATION)
1782 				wpas_p2p_ap_setup_failed(wpa_s);
1783 			return;
1784 		}
1785 		wpa_s->current_bss = bss;
1786 #else /* CONFIG_AP */
1787 		wpa_msg(wpa_s, MSG_ERROR, "AP mode support not included in "
1788 			"the build");
1789 #endif /* CONFIG_AP */
1790 		return;
1791 	}
1792 
1793 	if (ssid->mode == WPAS_MODE_MESH) {
1794 #ifdef CONFIG_MESH
1795 		if (!(wpa_s->drv_flags & WPA_DRIVER_FLAGS_MESH)) {
1796 			wpa_msg(wpa_s, MSG_INFO,
1797 				"Driver does not support mesh mode");
1798 			return;
1799 		}
1800 		if (bss)
1801 			ssid->frequency = bss->freq;
1802 		if (wpa_supplicant_join_mesh(wpa_s, ssid) < 0) {
1803 			wpa_msg(wpa_s, MSG_ERROR, "Could not join mesh");
1804 			return;
1805 		}
1806 		wpa_s->current_bss = bss;
1807 		wpa_msg(wpa_s, MSG_INFO, MESH_GROUP_STARTED "ssid=\"%s\" id=%d",
1808 			wpa_ssid_txt(ssid->ssid, ssid->ssid_len),
1809 			ssid->id);
1810 #else /* CONFIG_MESH */
1811 		wpa_msg(wpa_s, MSG_ERROR,
1812 			"mesh mode support not included in the build");
1813 #endif /* CONFIG_MESH */
1814 		return;
1815 	}
1816 
1817 #ifdef CONFIG_TDLS
1818 	if (bss)
1819 		wpa_tdls_ap_ies(wpa_s->wpa, (const u8 *) (bss + 1),
1820 				bss->ie_len);
1821 #endif /* CONFIG_TDLS */
1822 
1823 	if ((wpa_s->drv_flags & WPA_DRIVER_FLAGS_SME) &&
1824 	    ssid->mode == IEEE80211_MODE_INFRA) {
1825 		sme_authenticate(wpa_s, bss, ssid);
1826 		return;
1827 	}
1828 
1829 	if (wpa_s->connect_work) {
1830 		wpa_dbg(wpa_s, MSG_DEBUG, "Reject wpa_supplicant_associate() call since connect_work exist");
1831 		return;
1832 	}
1833 
1834 	if (radio_work_pending(wpa_s, "connect")) {
1835 		wpa_dbg(wpa_s, MSG_DEBUG, "Reject wpa_supplicant_associate() call since pending work exist");
1836 		return;
1837 	}
1838 
1839 #ifdef CONFIG_SME
1840 	if (ssid->mode == WPAS_MODE_IBSS || ssid->mode == WPAS_MODE_MESH) {
1841 		/* Clear possibly set auth_alg, if any, from last attempt. */
1842 		wpa_s->sme.auth_alg = WPA_AUTH_ALG_OPEN;
1843 	}
1844 #endif /* CONFIG_SME */
1845 
1846 	wpas_abort_ongoing_scan(wpa_s);
1847 
1848 	cwork = os_zalloc(sizeof(*cwork));
1849 	if (cwork == NULL)
1850 		return;
1851 
1852 	cwork->bss = bss;
1853 	cwork->ssid = ssid;
1854 
1855 	if (radio_add_work(wpa_s, bss ? bss->freq : 0, "connect", 1,
1856 			   wpas_start_assoc_cb, cwork) < 0) {
1857 		os_free(cwork);
1858 	}
1859 }
1860 
1861 
bss_is_ibss(struct wpa_bss * bss)1862 static int bss_is_ibss(struct wpa_bss *bss)
1863 {
1864 	return (bss->caps & (IEEE80211_CAP_ESS | IEEE80211_CAP_IBSS)) ==
1865 		IEEE80211_CAP_IBSS;
1866 }
1867 
1868 
drv_supports_vht(struct wpa_supplicant * wpa_s,const struct wpa_ssid * ssid)1869 static int drv_supports_vht(struct wpa_supplicant *wpa_s,
1870 			    const struct wpa_ssid *ssid)
1871 {
1872 	enum hostapd_hw_mode hw_mode;
1873 	struct hostapd_hw_modes *mode = NULL;
1874 	u8 channel;
1875 	int i;
1876 
1877 	hw_mode = ieee80211_freq_to_chan(ssid->frequency, &channel);
1878 	if (hw_mode == NUM_HOSTAPD_MODES)
1879 		return 0;
1880 	for (i = 0; wpa_s->hw.modes && i < wpa_s->hw.num_modes; i++) {
1881 		if (wpa_s->hw.modes[i].mode == hw_mode) {
1882 			mode = &wpa_s->hw.modes[i];
1883 			break;
1884 		}
1885 	}
1886 
1887 	if (!mode)
1888 		return 0;
1889 
1890 	return mode->vht_capab != 0;
1891 }
1892 
1893 
ibss_mesh_setup_freq(struct wpa_supplicant * wpa_s,const struct wpa_ssid * ssid,struct hostapd_freq_params * freq)1894 void ibss_mesh_setup_freq(struct wpa_supplicant *wpa_s,
1895 			  const struct wpa_ssid *ssid,
1896 			  struct hostapd_freq_params *freq)
1897 {
1898 	enum hostapd_hw_mode hw_mode;
1899 	struct hostapd_hw_modes *mode = NULL;
1900 	int ht40plus[] = { 36, 44, 52, 60, 100, 108, 116, 124, 132, 149, 157,
1901 			   184, 192 };
1902 	int vht80[] = { 36, 52, 100, 116, 132, 149 };
1903 	struct hostapd_channel_data *pri_chan = NULL, *sec_chan = NULL;
1904 	u8 channel;
1905 	int i, chan_idx, ht40 = -1, res, obss_scan = 1;
1906 	unsigned int j, k;
1907 	struct hostapd_freq_params vht_freq;
1908 	int chwidth, seg0, seg1;
1909 	u32 vht_caps = 0;
1910 
1911 	freq->freq = ssid->frequency;
1912 
1913 	for (j = 0; j < wpa_s->last_scan_res_used; j++) {
1914 		struct wpa_bss *bss = wpa_s->last_scan_res[j];
1915 
1916 		if (ssid->mode != WPAS_MODE_IBSS)
1917 			break;
1918 
1919 		/* Don't adjust control freq in case of fixed_freq */
1920 		if (ssid->fixed_freq)
1921 			break;
1922 
1923 		if (!bss_is_ibss(bss))
1924 			continue;
1925 
1926 		if (ssid->ssid_len == bss->ssid_len &&
1927 		    os_memcmp(ssid->ssid, bss->ssid, bss->ssid_len) == 0) {
1928 			wpa_printf(MSG_DEBUG,
1929 				   "IBSS already found in scan results, adjust control freq: %d",
1930 				   bss->freq);
1931 			freq->freq = bss->freq;
1932 			obss_scan = 0;
1933 			break;
1934 		}
1935 	}
1936 
1937 	/* For IBSS check HT_IBSS flag */
1938 	if (ssid->mode == WPAS_MODE_IBSS &&
1939 	    !(wpa_s->drv_flags & WPA_DRIVER_FLAGS_HT_IBSS))
1940 		return;
1941 
1942 	if (wpa_s->group_cipher == WPA_CIPHER_WEP40 ||
1943 	    wpa_s->group_cipher == WPA_CIPHER_WEP104 ||
1944 	    wpa_s->pairwise_cipher == WPA_CIPHER_TKIP) {
1945 		wpa_printf(MSG_DEBUG,
1946 			   "IBSS: WEP/TKIP detected, do not try to enable HT");
1947 		return;
1948 	}
1949 
1950 	hw_mode = ieee80211_freq_to_chan(freq->freq, &channel);
1951 	for (i = 0; wpa_s->hw.modes && i < wpa_s->hw.num_modes; i++) {
1952 		if (wpa_s->hw.modes[i].mode == hw_mode) {
1953 			mode = &wpa_s->hw.modes[i];
1954 			break;
1955 		}
1956 	}
1957 
1958 	if (!mode)
1959 		return;
1960 
1961 #ifdef CONFIG_HT_OVERRIDES
1962 	if (ssid->disable_ht) {
1963 		freq->ht_enabled = 0;
1964 		return;
1965 	}
1966 #endif /* CONFIG_HT_OVERRIDES */
1967 
1968 	freq->ht_enabled = ht_supported(mode);
1969 	if (!freq->ht_enabled)
1970 		return;
1971 
1972 	/* Setup higher BW only for 5 GHz */
1973 	if (mode->mode != HOSTAPD_MODE_IEEE80211A)
1974 		return;
1975 
1976 	for (chan_idx = 0; chan_idx < mode->num_channels; chan_idx++) {
1977 		pri_chan = &mode->channels[chan_idx];
1978 		if (pri_chan->chan == channel)
1979 			break;
1980 		pri_chan = NULL;
1981 	}
1982 	if (!pri_chan)
1983 		return;
1984 
1985 	/* Check primary channel flags */
1986 	if (pri_chan->flag & (HOSTAPD_CHAN_DISABLED | HOSTAPD_CHAN_NO_IR))
1987 		return;
1988 
1989 #ifdef CONFIG_HT_OVERRIDES
1990 	if (ssid->disable_ht40)
1991 		return;
1992 #endif /* CONFIG_HT_OVERRIDES */
1993 
1994 	/* Check/setup HT40+/HT40- */
1995 	for (j = 0; j < ARRAY_SIZE(ht40plus); j++) {
1996 		if (ht40plus[j] == channel) {
1997 			ht40 = 1;
1998 			break;
1999 		}
2000 	}
2001 
2002 	/* Find secondary channel */
2003 	for (i = 0; i < mode->num_channels; i++) {
2004 		sec_chan = &mode->channels[i];
2005 		if (sec_chan->chan == channel + ht40 * 4)
2006 			break;
2007 		sec_chan = NULL;
2008 	}
2009 	if (!sec_chan)
2010 		return;
2011 
2012 	/* Check secondary channel flags */
2013 	if (sec_chan->flag & (HOSTAPD_CHAN_DISABLED | HOSTAPD_CHAN_NO_IR))
2014 		return;
2015 
2016 	freq->channel = pri_chan->chan;
2017 
2018 	if (ht40 == -1) {
2019 		if (!(pri_chan->flag & HOSTAPD_CHAN_HT40MINUS))
2020 			return;
2021 	} else {
2022 		if (!(pri_chan->flag & HOSTAPD_CHAN_HT40PLUS))
2023 			return;
2024 	}
2025 	freq->sec_channel_offset = ht40;
2026 
2027 	if (obss_scan) {
2028 		struct wpa_scan_results *scan_res;
2029 
2030 		scan_res = wpa_supplicant_get_scan_results(wpa_s, NULL, 0);
2031 		if (scan_res == NULL) {
2032 			/* Back to HT20 */
2033 			freq->sec_channel_offset = 0;
2034 			return;
2035 		}
2036 
2037 		res = check_40mhz_5g(mode, scan_res, pri_chan->chan,
2038 				     sec_chan->chan);
2039 		switch (res) {
2040 		case 0:
2041 			/* Back to HT20 */
2042 			freq->sec_channel_offset = 0;
2043 			break;
2044 		case 1:
2045 			/* Configuration allowed */
2046 			break;
2047 		case 2:
2048 			/* Switch pri/sec channels */
2049 			freq->freq = hw_get_freq(mode, sec_chan->chan);
2050 			freq->sec_channel_offset = -freq->sec_channel_offset;
2051 			freq->channel = sec_chan->chan;
2052 			break;
2053 		default:
2054 			freq->sec_channel_offset = 0;
2055 			break;
2056 		}
2057 
2058 		wpa_scan_results_free(scan_res);
2059 	}
2060 
2061 	wpa_printf(MSG_DEBUG,
2062 		   "IBSS/mesh: setup freq channel %d, sec_channel_offset %d",
2063 		   freq->channel, freq->sec_channel_offset);
2064 
2065 	if (!drv_supports_vht(wpa_s, ssid))
2066 		return;
2067 
2068 	/* For IBSS check VHT_IBSS flag */
2069 	if (ssid->mode == WPAS_MODE_IBSS &&
2070 	    !(wpa_s->drv_flags & WPA_DRIVER_FLAGS_VHT_IBSS))
2071 		return;
2072 
2073 	vht_freq = *freq;
2074 
2075 #ifdef CONFIG_VHT_OVERRIDES
2076 	if (ssid->disable_vht) {
2077 		freq->vht_enabled = 0;
2078 		return;
2079 	}
2080 #endif /* CONFIG_VHT_OVERRIDES */
2081 
2082 	vht_freq.vht_enabled = vht_supported(mode);
2083 	if (!vht_freq.vht_enabled)
2084 		return;
2085 
2086 	/* setup center_freq1, bandwidth */
2087 	for (j = 0; j < ARRAY_SIZE(vht80); j++) {
2088 		if (freq->channel >= vht80[j] &&
2089 		    freq->channel < vht80[j] + 16)
2090 			break;
2091 	}
2092 
2093 	if (j == ARRAY_SIZE(vht80))
2094 		return;
2095 
2096 	for (i = vht80[j]; i < vht80[j] + 16; i += 4) {
2097 		struct hostapd_channel_data *chan;
2098 
2099 		chan = hw_get_channel_chan(mode, i, NULL);
2100 		if (!chan)
2101 			return;
2102 
2103 		/* Back to HT configuration if channel not usable */
2104 		if (chan->flag & (HOSTAPD_CHAN_DISABLED | HOSTAPD_CHAN_NO_IR))
2105 			return;
2106 	}
2107 
2108 	chwidth = VHT_CHANWIDTH_80MHZ;
2109 	seg0 = vht80[j] + 6;
2110 	seg1 = 0;
2111 
2112 	if (ssid->max_oper_chwidth == VHT_CHANWIDTH_80P80MHZ) {
2113 		/* setup center_freq2, bandwidth */
2114 		for (k = 0; k < ARRAY_SIZE(vht80); k++) {
2115 			/* Only accept 80 MHz segments separated by a gap */
2116 			if (j == k || abs(vht80[j] - vht80[k]) == 16)
2117 				continue;
2118 			for (i = vht80[k]; i < vht80[k] + 16; i += 4) {
2119 				struct hostapd_channel_data *chan;
2120 
2121 				chan = hw_get_channel_chan(mode, i, NULL);
2122 				if (!chan)
2123 					continue;
2124 
2125 				if (chan->flag & (HOSTAPD_CHAN_DISABLED |
2126 						  HOSTAPD_CHAN_NO_IR |
2127 						  HOSTAPD_CHAN_RADAR))
2128 					continue;
2129 
2130 				/* Found a suitable second segment for 80+80 */
2131 				chwidth = VHT_CHANWIDTH_80P80MHZ;
2132 				vht_caps |=
2133 					VHT_CAP_SUPP_CHAN_WIDTH_160_80PLUS80MHZ;
2134 				seg1 = vht80[k] + 6;
2135 			}
2136 
2137 			if (chwidth == VHT_CHANWIDTH_80P80MHZ)
2138 				break;
2139 		}
2140 	} else if (ssid->max_oper_chwidth == VHT_CHANWIDTH_160MHZ) {
2141 		if (freq->freq == 5180) {
2142 			chwidth = VHT_CHANWIDTH_160MHZ;
2143 			vht_caps |= VHT_CAP_SUPP_CHAN_WIDTH_160MHZ;
2144 			seg0 = 50;
2145 		} else if (freq->freq == 5520) {
2146 			chwidth = VHT_CHANWIDTH_160MHZ;
2147 			vht_caps |= VHT_CAP_SUPP_CHAN_WIDTH_160MHZ;
2148 			seg0 = 114;
2149 		}
2150 	}
2151 
2152 	if (hostapd_set_freq_params(&vht_freq, mode->mode, freq->freq,
2153 				    freq->channel, freq->ht_enabled,
2154 				    vht_freq.vht_enabled,
2155 				    freq->sec_channel_offset,
2156 				    chwidth, seg0, seg1, vht_caps) != 0)
2157 		return;
2158 
2159 	*freq = vht_freq;
2160 
2161 	wpa_printf(MSG_DEBUG, "IBSS: VHT setup freq cf1 %d, cf2 %d, bw %d",
2162 		   freq->center_freq1, freq->center_freq2, freq->bandwidth);
2163 }
2164 
2165 
wpas_start_assoc_cb(struct wpa_radio_work * work,int deinit)2166 static void wpas_start_assoc_cb(struct wpa_radio_work *work, int deinit)
2167 {
2168 	struct wpa_connect_work *cwork = work->ctx;
2169 	struct wpa_bss *bss = cwork->bss;
2170 	struct wpa_ssid *ssid = cwork->ssid;
2171 	struct wpa_supplicant *wpa_s = work->wpa_s;
2172 	u8 wpa_ie[200];
2173 	size_t wpa_ie_len;
2174 	int use_crypt, ret, i, bssid_changed;
2175 	int algs = WPA_AUTH_ALG_OPEN;
2176 	unsigned int cipher_pairwise, cipher_group;
2177 	struct wpa_driver_associate_params params;
2178 	int wep_keys_set = 0;
2179 	int assoc_failed = 0;
2180 	struct wpa_ssid *old_ssid;
2181 	u8 prev_bssid[ETH_ALEN];
2182 #ifdef CONFIG_HT_OVERRIDES
2183 	struct ieee80211_ht_capabilities htcaps;
2184 	struct ieee80211_ht_capabilities htcaps_mask;
2185 #endif /* CONFIG_HT_OVERRIDES */
2186 #ifdef CONFIG_VHT_OVERRIDES
2187        struct ieee80211_vht_capabilities vhtcaps;
2188        struct ieee80211_vht_capabilities vhtcaps_mask;
2189 #endif /* CONFIG_VHT_OVERRIDES */
2190 
2191 	if (deinit) {
2192 		if (work->started) {
2193 			wpa_s->connect_work = NULL;
2194 
2195 			/* cancel possible auth. timeout */
2196 			eloop_cancel_timeout(wpa_supplicant_timeout, wpa_s,
2197 					     NULL);
2198 		}
2199 		wpas_connect_work_free(cwork);
2200 		return;
2201 	}
2202 
2203 	wpa_s->connect_work = work;
2204 
2205 	if (cwork->bss_removed || !wpas_valid_bss_ssid(wpa_s, bss, ssid) ||
2206 	    wpas_network_disabled(wpa_s, ssid)) {
2207 		wpa_dbg(wpa_s, MSG_DEBUG, "BSS/SSID entry for association not valid anymore - drop connection attempt");
2208 		wpas_connect_work_done(wpa_s);
2209 		return;
2210 	}
2211 
2212 	os_memcpy(prev_bssid, wpa_s->bssid, ETH_ALEN);
2213 	os_memset(&params, 0, sizeof(params));
2214 	wpa_s->reassociate = 0;
2215 	wpa_s->eap_expected_failure = 0;
2216 	if (bss &&
2217 	    (!wpas_driver_bss_selection(wpa_s) || wpas_wps_searching(wpa_s))) {
2218 #ifdef CONFIG_IEEE80211R
2219 		const u8 *ie, *md = NULL;
2220 #endif /* CONFIG_IEEE80211R */
2221 		wpa_msg(wpa_s, MSG_INFO, "Trying to associate with " MACSTR
2222 			" (SSID='%s' freq=%d MHz)", MAC2STR(bss->bssid),
2223 			wpa_ssid_txt(bss->ssid, bss->ssid_len), bss->freq);
2224 		bssid_changed = !is_zero_ether_addr(wpa_s->bssid);
2225 		os_memset(wpa_s->bssid, 0, ETH_ALEN);
2226 		os_memcpy(wpa_s->pending_bssid, bss->bssid, ETH_ALEN);
2227 		if (bssid_changed)
2228 			wpas_notify_bssid_changed(wpa_s);
2229 #ifdef CONFIG_IEEE80211R
2230 		ie = wpa_bss_get_ie(bss, WLAN_EID_MOBILITY_DOMAIN);
2231 		if (ie && ie[1] >= MOBILITY_DOMAIN_ID_LEN)
2232 			md = ie + 2;
2233 		wpa_sm_set_ft_params(wpa_s->wpa, ie, ie ? 2 + ie[1] : 0);
2234 		if (md) {
2235 			/* Prepare for the next transition */
2236 			wpa_ft_prepare_auth_request(wpa_s->wpa, ie);
2237 		}
2238 #endif /* CONFIG_IEEE80211R */
2239 #ifdef CONFIG_WPS
2240 	} else if ((ssid->ssid == NULL || ssid->ssid_len == 0) &&
2241 		   wpa_s->conf->ap_scan == 2 &&
2242 		   (ssid->key_mgmt & WPA_KEY_MGMT_WPS)) {
2243 		/* Use ap_scan==1 style network selection to find the network
2244 		 */
2245 		wpas_connect_work_done(wpa_s);
2246 		wpa_s->scan_req = MANUAL_SCAN_REQ;
2247 		wpa_s->reassociate = 1;
2248 		wpa_supplicant_req_scan(wpa_s, 0, 0);
2249 		return;
2250 #endif /* CONFIG_WPS */
2251 	} else {
2252 		wpa_msg(wpa_s, MSG_INFO, "Trying to associate with SSID '%s'",
2253 			wpa_ssid_txt(ssid->ssid, ssid->ssid_len));
2254 		if (bss)
2255 			os_memcpy(wpa_s->pending_bssid, bss->bssid, ETH_ALEN);
2256 		else
2257 			os_memset(wpa_s->pending_bssid, 0, ETH_ALEN);
2258 	}
2259 	if (!wpa_s->pno)
2260 		wpa_supplicant_cancel_sched_scan(wpa_s);
2261 
2262 	wpa_supplicant_cancel_scan(wpa_s);
2263 
2264 	/* Starting new association, so clear the possibly used WPA IE from the
2265 	 * previous association. */
2266 	wpa_sm_set_assoc_wpa_ie(wpa_s->wpa, NULL, 0);
2267 
2268 #ifdef IEEE8021X_EAPOL
2269 	if (ssid->key_mgmt & WPA_KEY_MGMT_IEEE8021X_NO_WPA) {
2270 		if (ssid->leap) {
2271 			if (ssid->non_leap == 0)
2272 				algs = WPA_AUTH_ALG_LEAP;
2273 			else
2274 				algs |= WPA_AUTH_ALG_LEAP;
2275 		}
2276 	}
2277 #endif /* IEEE8021X_EAPOL */
2278 	wpa_dbg(wpa_s, MSG_DEBUG, "Automatic auth_alg selection: 0x%x", algs);
2279 	if (ssid->auth_alg) {
2280 		algs = ssid->auth_alg;
2281 		wpa_dbg(wpa_s, MSG_DEBUG, "Overriding auth_alg selection: "
2282 			"0x%x", algs);
2283 	}
2284 
2285 	if (bss && (wpa_bss_get_vendor_ie(bss, WPA_IE_VENDOR_TYPE) ||
2286 		    wpa_bss_get_ie(bss, WLAN_EID_RSN)) &&
2287 	    wpa_key_mgmt_wpa(ssid->key_mgmt)) {
2288 		int try_opportunistic;
2289 		try_opportunistic = (ssid->proactive_key_caching < 0 ?
2290 				     wpa_s->conf->okc :
2291 				     ssid->proactive_key_caching) &&
2292 			(ssid->proto & WPA_PROTO_RSN);
2293 		if (pmksa_cache_set_current(wpa_s->wpa, NULL, bss->bssid,
2294 					    ssid, try_opportunistic) == 0)
2295 			eapol_sm_notify_pmkid_attempt(wpa_s->eapol);
2296 		wpa_ie_len = sizeof(wpa_ie);
2297 		if (wpa_supplicant_set_suites(wpa_s, bss, ssid,
2298 					      wpa_ie, &wpa_ie_len)) {
2299 			wpa_msg(wpa_s, MSG_WARNING, "WPA: Failed to set WPA "
2300 				"key management and encryption suites");
2301 			wpas_connect_work_done(wpa_s);
2302 			return;
2303 		}
2304 	} else if ((ssid->key_mgmt & WPA_KEY_MGMT_IEEE8021X_NO_WPA) && bss &&
2305 		   wpa_key_mgmt_wpa_ieee8021x(ssid->key_mgmt)) {
2306 		/*
2307 		 * Both WPA and non-WPA IEEE 802.1X enabled in configuration -
2308 		 * use non-WPA since the scan results did not indicate that the
2309 		 * AP is using WPA or WPA2.
2310 		 */
2311 		wpa_supplicant_set_non_wpa_policy(wpa_s, ssid);
2312 		wpa_ie_len = 0;
2313 		wpa_s->wpa_proto = 0;
2314 	} else if (wpa_key_mgmt_wpa_any(ssid->key_mgmt)) {
2315 		wpa_ie_len = sizeof(wpa_ie);
2316 		if (wpa_supplicant_set_suites(wpa_s, NULL, ssid,
2317 					      wpa_ie, &wpa_ie_len)) {
2318 			wpa_msg(wpa_s, MSG_WARNING, "WPA: Failed to set WPA "
2319 				"key management and encryption suites (no "
2320 				"scan results)");
2321 			wpas_connect_work_done(wpa_s);
2322 			return;
2323 		}
2324 #ifdef CONFIG_WPS
2325 	} else if (ssid->key_mgmt & WPA_KEY_MGMT_WPS) {
2326 		struct wpabuf *wps_ie;
2327 		wps_ie = wps_build_assoc_req_ie(wpas_wps_get_req_type(ssid));
2328 		if (wps_ie && wpabuf_len(wps_ie) <= sizeof(wpa_ie)) {
2329 			wpa_ie_len = wpabuf_len(wps_ie);
2330 			os_memcpy(wpa_ie, wpabuf_head(wps_ie), wpa_ie_len);
2331 		} else
2332 			wpa_ie_len = 0;
2333 		wpabuf_free(wps_ie);
2334 		wpa_supplicant_set_non_wpa_policy(wpa_s, ssid);
2335 		if (!bss || (bss->caps & IEEE80211_CAP_PRIVACY))
2336 			params.wps = WPS_MODE_PRIVACY;
2337 		else
2338 			params.wps = WPS_MODE_OPEN;
2339 		wpa_s->wpa_proto = 0;
2340 #endif /* CONFIG_WPS */
2341 	} else {
2342 		wpa_supplicant_set_non_wpa_policy(wpa_s, ssid);
2343 		wpa_ie_len = 0;
2344 		wpa_s->wpa_proto = 0;
2345 	}
2346 
2347 #ifdef CONFIG_P2P
2348 	if (wpa_s->global->p2p) {
2349 		u8 *pos;
2350 		size_t len;
2351 		int res;
2352 		pos = wpa_ie + wpa_ie_len;
2353 		len = sizeof(wpa_ie) - wpa_ie_len;
2354 		res = wpas_p2p_assoc_req_ie(wpa_s, bss, pos, len,
2355 					    ssid->p2p_group);
2356 		if (res >= 0)
2357 			wpa_ie_len += res;
2358 	}
2359 
2360 	wpa_s->cross_connect_disallowed = 0;
2361 	if (bss) {
2362 		struct wpabuf *p2p;
2363 		p2p = wpa_bss_get_vendor_ie_multi(bss, P2P_IE_VENDOR_TYPE);
2364 		if (p2p) {
2365 			wpa_s->cross_connect_disallowed =
2366 				p2p_get_cross_connect_disallowed(p2p);
2367 			wpabuf_free(p2p);
2368 			wpa_dbg(wpa_s, MSG_DEBUG, "P2P: WLAN AP %s cross "
2369 				"connection",
2370 				wpa_s->cross_connect_disallowed ?
2371 				"disallows" : "allows");
2372 		}
2373 	}
2374 
2375 	os_memset(wpa_s->p2p_ip_addr_info, 0, sizeof(wpa_s->p2p_ip_addr_info));
2376 #endif /* CONFIG_P2P */
2377 
2378 	if (bss) {
2379 		wpa_ie_len += wpas_supp_op_class_ie(wpa_s, bss->freq,
2380 						    wpa_ie + wpa_ie_len,
2381 						    sizeof(wpa_ie) -
2382 						    wpa_ie_len);
2383 	}
2384 
2385 	/*
2386 	 * Workaround: Add Extended Capabilities element only if the AP
2387 	 * included this element in Beacon/Probe Response frames. Some older
2388 	 * APs seem to have interoperability issues if this element is
2389 	 * included, so while the standard may require us to include the
2390 	 * element in all cases, it is justifiable to skip it to avoid
2391 	 * interoperability issues.
2392 	 */
2393 	if (ssid->p2p_group)
2394 		wpa_drv_get_ext_capa(wpa_s, WPA_IF_P2P_CLIENT);
2395 	else
2396 		wpa_drv_get_ext_capa(wpa_s, WPA_IF_STATION);
2397 
2398 	if (!bss || wpa_bss_get_ie(bss, WLAN_EID_EXT_CAPAB)) {
2399 		u8 ext_capab[18];
2400 		int ext_capab_len;
2401 		ext_capab_len = wpas_build_ext_capab(wpa_s, ext_capab,
2402 						     sizeof(ext_capab));
2403 		if (ext_capab_len > 0) {
2404 			u8 *pos = wpa_ie;
2405 			if (wpa_ie_len > 0 && pos[0] == WLAN_EID_RSN)
2406 				pos += 2 + pos[1];
2407 			os_memmove(pos + ext_capab_len, pos,
2408 				   wpa_ie_len - (pos - wpa_ie));
2409 			wpa_ie_len += ext_capab_len;
2410 			os_memcpy(pos, ext_capab, ext_capab_len);
2411 		}
2412 	}
2413 
2414 #ifdef CONFIG_HS20
2415 	if (is_hs20_network(wpa_s, ssid, bss)) {
2416 		struct wpabuf *hs20;
2417 
2418 		hs20 = wpabuf_alloc(20);
2419 		if (hs20) {
2420 			int pps_mo_id = hs20_get_pps_mo_id(wpa_s, ssid);
2421 			size_t len;
2422 
2423 			wpas_hs20_add_indication(hs20, pps_mo_id);
2424 			len = sizeof(wpa_ie) - wpa_ie_len;
2425 			if (wpabuf_len(hs20) <= len) {
2426 				os_memcpy(wpa_ie + wpa_ie_len,
2427 					  wpabuf_head(hs20), wpabuf_len(hs20));
2428 				wpa_ie_len += wpabuf_len(hs20);
2429 			}
2430 			wpabuf_free(hs20);
2431 
2432 			hs20_configure_frame_filters(wpa_s);
2433 		}
2434 	}
2435 #endif /* CONFIG_HS20 */
2436 
2437 	if (wpa_s->vendor_elem[VENDOR_ELEM_ASSOC_REQ]) {
2438 		struct wpabuf *buf = wpa_s->vendor_elem[VENDOR_ELEM_ASSOC_REQ];
2439 		size_t len;
2440 
2441 		len = sizeof(wpa_ie) - wpa_ie_len;
2442 		if (wpabuf_len(buf) <= len) {
2443 			os_memcpy(wpa_ie + wpa_ie_len,
2444 				  wpabuf_head(buf), wpabuf_len(buf));
2445 			wpa_ie_len += wpabuf_len(buf);
2446 		}
2447 	}
2448 
2449 #ifdef CONFIG_FST
2450 	if (wpa_s->fst_ies) {
2451 		int fst_ies_len = wpabuf_len(wpa_s->fst_ies);
2452 
2453 		if (wpa_ie_len + fst_ies_len <= sizeof(wpa_ie)) {
2454 			os_memcpy(wpa_ie + wpa_ie_len,
2455 				  wpabuf_head(wpa_s->fst_ies), fst_ies_len);
2456 			wpa_ie_len += fst_ies_len;
2457 		}
2458 	}
2459 #endif /* CONFIG_FST */
2460 
2461 #ifdef CONFIG_MBO
2462 	if (bss && wpa_bss_get_vendor_ie(bss, MBO_IE_VENDOR_TYPE)) {
2463 		int len;
2464 
2465 		len = wpas_mbo_ie(wpa_s, wpa_ie + wpa_ie_len,
2466 				  sizeof(wpa_ie) - wpa_ie_len);
2467 		if (len >= 0)
2468 			wpa_ie_len += len;
2469 	}
2470 #endif /* CONFIG_MBO */
2471 
2472 	wpa_clear_keys(wpa_s, bss ? bss->bssid : NULL);
2473 	use_crypt = 1;
2474 	cipher_pairwise = wpa_s->pairwise_cipher;
2475 	cipher_group = wpa_s->group_cipher;
2476 	if (wpa_s->key_mgmt == WPA_KEY_MGMT_NONE ||
2477 	    wpa_s->key_mgmt == WPA_KEY_MGMT_IEEE8021X_NO_WPA) {
2478 		if (wpa_s->key_mgmt == WPA_KEY_MGMT_NONE)
2479 			use_crypt = 0;
2480 		if (wpa_set_wep_keys(wpa_s, ssid)) {
2481 			use_crypt = 1;
2482 			wep_keys_set = 1;
2483 		}
2484 	}
2485 	if (wpa_s->key_mgmt == WPA_KEY_MGMT_WPS)
2486 		use_crypt = 0;
2487 
2488 #ifdef IEEE8021X_EAPOL
2489 	if (wpa_s->key_mgmt == WPA_KEY_MGMT_IEEE8021X_NO_WPA) {
2490 		if ((ssid->eapol_flags &
2491 		     (EAPOL_FLAG_REQUIRE_KEY_UNICAST |
2492 		      EAPOL_FLAG_REQUIRE_KEY_BROADCAST)) == 0 &&
2493 		    !wep_keys_set) {
2494 			use_crypt = 0;
2495 		} else {
2496 			/* Assume that dynamic WEP-104 keys will be used and
2497 			 * set cipher suites in order for drivers to expect
2498 			 * encryption. */
2499 			cipher_pairwise = cipher_group = WPA_CIPHER_WEP104;
2500 		}
2501 	}
2502 #endif /* IEEE8021X_EAPOL */
2503 
2504 	if (wpa_s->key_mgmt == WPA_KEY_MGMT_WPA_NONE) {
2505 		/* Set the key before (and later after) association */
2506 		wpa_supplicant_set_wpa_none_key(wpa_s, ssid);
2507 	}
2508 
2509 	wpa_supplicant_set_state(wpa_s, WPA_ASSOCIATING);
2510 	if (bss) {
2511 		params.ssid = bss->ssid;
2512 		params.ssid_len = bss->ssid_len;
2513 		if (!wpas_driver_bss_selection(wpa_s) || ssid->bssid_set ||
2514 		    wpa_s->key_mgmt == WPA_KEY_MGMT_WPS) {
2515 			wpa_printf(MSG_DEBUG, "Limit connection to BSSID "
2516 				   MACSTR " freq=%u MHz based on scan results "
2517 				   "(bssid_set=%d wps=%d)",
2518 				   MAC2STR(bss->bssid), bss->freq,
2519 				   ssid->bssid_set,
2520 				   wpa_s->key_mgmt == WPA_KEY_MGMT_WPS);
2521 			params.bssid = bss->bssid;
2522 			params.freq.freq = bss->freq;
2523 		}
2524 		params.bssid_hint = bss->bssid;
2525 		params.freq_hint = bss->freq;
2526 		params.pbss = bss_is_pbss(bss);
2527 	} else {
2528 		params.ssid = ssid->ssid;
2529 		params.ssid_len = ssid->ssid_len;
2530 		params.pbss = (ssid->pbss != 2) ? ssid->pbss : 0;
2531 	}
2532 
2533 	if (ssid->mode == WPAS_MODE_IBSS && ssid->bssid_set &&
2534 	    wpa_s->conf->ap_scan == 2) {
2535 		params.bssid = ssid->bssid;
2536 		params.fixed_bssid = 1;
2537 	}
2538 
2539 	/* Initial frequency for IBSS/mesh */
2540 	if ((ssid->mode == WPAS_MODE_IBSS || ssid->mode == WPAS_MODE_MESH) &&
2541 	    ssid->frequency > 0 && params.freq.freq == 0)
2542 		ibss_mesh_setup_freq(wpa_s, ssid, &params.freq);
2543 
2544 	if (ssid->mode == WPAS_MODE_IBSS) {
2545 		params.fixed_freq = ssid->fixed_freq;
2546 		if (ssid->beacon_int)
2547 			params.beacon_int = ssid->beacon_int;
2548 		else
2549 			params.beacon_int = wpa_s->conf->beacon_int;
2550 	}
2551 
2552 	params.wpa_ie = wpa_ie;
2553 	params.wpa_ie_len = wpa_ie_len;
2554 	params.pairwise_suite = cipher_pairwise;
2555 	params.group_suite = cipher_group;
2556 	params.key_mgmt_suite = wpa_s->key_mgmt;
2557 	params.wpa_proto = wpa_s->wpa_proto;
2558 	params.auth_alg = algs;
2559 	params.mode = ssid->mode;
2560 	params.bg_scan_period = ssid->bg_scan_period;
2561 	for (i = 0; i < NUM_WEP_KEYS; i++) {
2562 		if (ssid->wep_key_len[i])
2563 			params.wep_key[i] = ssid->wep_key[i];
2564 		params.wep_key_len[i] = ssid->wep_key_len[i];
2565 	}
2566 	params.wep_tx_keyidx = ssid->wep_tx_keyidx;
2567 
2568 	if ((wpa_s->drv_flags & WPA_DRIVER_FLAGS_4WAY_HANDSHAKE) &&
2569 	    (params.key_mgmt_suite == WPA_KEY_MGMT_PSK ||
2570 	     params.key_mgmt_suite == WPA_KEY_MGMT_FT_PSK)) {
2571 		params.passphrase = ssid->passphrase;
2572 		if (ssid->psk_set)
2573 			params.psk = ssid->psk;
2574 	}
2575 
2576 	if (wpa_s->conf->key_mgmt_offload) {
2577 		if (params.key_mgmt_suite == WPA_KEY_MGMT_IEEE8021X ||
2578 		    params.key_mgmt_suite == WPA_KEY_MGMT_IEEE8021X_SHA256 ||
2579 		    params.key_mgmt_suite == WPA_KEY_MGMT_IEEE8021X_SUITE_B ||
2580 		    params.key_mgmt_suite == WPA_KEY_MGMT_IEEE8021X_SUITE_B_192)
2581 			params.req_key_mgmt_offload =
2582 				ssid->proactive_key_caching < 0 ?
2583 				wpa_s->conf->okc : ssid->proactive_key_caching;
2584 		else
2585 			params.req_key_mgmt_offload = 1;
2586 
2587 		if ((params.key_mgmt_suite == WPA_KEY_MGMT_PSK ||
2588 		     params.key_mgmt_suite == WPA_KEY_MGMT_PSK_SHA256 ||
2589 		     params.key_mgmt_suite == WPA_KEY_MGMT_FT_PSK) &&
2590 		    ssid->psk_set)
2591 			params.psk = ssid->psk;
2592 	}
2593 
2594 	params.drop_unencrypted = use_crypt;
2595 
2596 #ifdef CONFIG_IEEE80211W
2597 	params.mgmt_frame_protection = wpas_get_ssid_pmf(wpa_s, ssid);
2598 	if (params.mgmt_frame_protection != NO_MGMT_FRAME_PROTECTION && bss) {
2599 		const u8 *rsn = wpa_bss_get_ie(bss, WLAN_EID_RSN);
2600 		struct wpa_ie_data ie;
2601 		if (rsn && wpa_parse_wpa_ie(rsn, 2 + rsn[1], &ie) == 0 &&
2602 		    ie.capabilities &
2603 		    (WPA_CAPABILITY_MFPC | WPA_CAPABILITY_MFPR)) {
2604 			wpa_dbg(wpa_s, MSG_DEBUG, "WPA: Selected AP supports "
2605 				"MFP: require MFP");
2606 			params.mgmt_frame_protection =
2607 				MGMT_FRAME_PROTECTION_REQUIRED;
2608 		}
2609 	}
2610 #endif /* CONFIG_IEEE80211W */
2611 
2612 	params.p2p = ssid->p2p_group;
2613 
2614 	if (wpa_s->p2pdev->set_sta_uapsd)
2615 		params.uapsd = wpa_s->p2pdev->sta_uapsd;
2616 	else
2617 		params.uapsd = -1;
2618 
2619 #ifdef CONFIG_HT_OVERRIDES
2620 	os_memset(&htcaps, 0, sizeof(htcaps));
2621 	os_memset(&htcaps_mask, 0, sizeof(htcaps_mask));
2622 	params.htcaps = (u8 *) &htcaps;
2623 	params.htcaps_mask = (u8 *) &htcaps_mask;
2624 	wpa_supplicant_apply_ht_overrides(wpa_s, ssid, &params);
2625 #endif /* CONFIG_HT_OVERRIDES */
2626 #ifdef CONFIG_VHT_OVERRIDES
2627 	os_memset(&vhtcaps, 0, sizeof(vhtcaps));
2628 	os_memset(&vhtcaps_mask, 0, sizeof(vhtcaps_mask));
2629 	params.vhtcaps = &vhtcaps;
2630 	params.vhtcaps_mask = &vhtcaps_mask;
2631 	wpa_supplicant_apply_vht_overrides(wpa_s, ssid, &params);
2632 #endif /* CONFIG_VHT_OVERRIDES */
2633 
2634 #ifdef CONFIG_P2P
2635 	/*
2636 	 * If multi-channel concurrency is not supported, check for any
2637 	 * frequency conflict. In case of any frequency conflict, remove the
2638 	 * least prioritized connection.
2639 	 */
2640 	if (wpa_s->num_multichan_concurrent < 2) {
2641 		int freq, num;
2642 		num = get_shared_radio_freqs(wpa_s, &freq, 1);
2643 		if (num > 0 && freq > 0 && freq != params.freq.freq) {
2644 			wpa_printf(MSG_DEBUG,
2645 				   "Assoc conflicting freq found (%d != %d)",
2646 				   freq, params.freq.freq);
2647 			if (wpas_p2p_handle_frequency_conflicts(
2648 				    wpa_s, params.freq.freq, ssid) < 0) {
2649 				wpas_connect_work_done(wpa_s);
2650 				return;
2651 			}
2652 		}
2653 	}
2654 #endif /* CONFIG_P2P */
2655 
2656 	if (wpa_s->reassoc_same_ess && !is_zero_ether_addr(prev_bssid) &&
2657 	    wpa_s->current_ssid)
2658 		params.prev_bssid = prev_bssid;
2659 
2660 	ret = wpa_drv_associate(wpa_s, &params);
2661 	if (ret < 0) {
2662 		wpa_msg(wpa_s, MSG_INFO, "Association request to the driver "
2663 			"failed");
2664 		if (wpa_s->drv_flags & WPA_DRIVER_FLAGS_SANE_ERROR_CODES) {
2665 			/*
2666 			 * The driver is known to mean what is saying, so we
2667 			 * can stop right here; the association will not
2668 			 * succeed.
2669 			 */
2670 			wpas_connection_failed(wpa_s, wpa_s->pending_bssid);
2671 			wpa_supplicant_set_state(wpa_s, WPA_DISCONNECTED);
2672 			os_memset(wpa_s->pending_bssid, 0, ETH_ALEN);
2673 			return;
2674 		}
2675 		/* try to continue anyway; new association will be tried again
2676 		 * after timeout */
2677 		assoc_failed = 1;
2678 	}
2679 
2680 	if (wpa_s->key_mgmt == WPA_KEY_MGMT_WPA_NONE) {
2681 		/* Set the key after the association just in case association
2682 		 * cleared the previously configured key. */
2683 		wpa_supplicant_set_wpa_none_key(wpa_s, ssid);
2684 		/* No need to timeout authentication since there is no key
2685 		 * management. */
2686 		wpa_supplicant_cancel_auth_timeout(wpa_s);
2687 		wpa_supplicant_set_state(wpa_s, WPA_COMPLETED);
2688 #ifdef CONFIG_IBSS_RSN
2689 	} else if (ssid->mode == WPAS_MODE_IBSS &&
2690 		   wpa_s->key_mgmt != WPA_KEY_MGMT_NONE &&
2691 		   wpa_s->key_mgmt != WPA_KEY_MGMT_WPA_NONE) {
2692 		/*
2693 		 * RSN IBSS authentication is per-STA and we can disable the
2694 		 * per-BSSID authentication.
2695 		 */
2696 		wpa_supplicant_cancel_auth_timeout(wpa_s);
2697 #endif /* CONFIG_IBSS_RSN */
2698 	} else {
2699 		/* Timeout for IEEE 802.11 authentication and association */
2700 		int timeout = 60;
2701 
2702 		if (assoc_failed) {
2703 			/* give IBSS a bit more time */
2704 			timeout = ssid->mode == WPAS_MODE_IBSS ? 10 : 5;
2705 		} else if (wpa_s->conf->ap_scan == 1) {
2706 			/* give IBSS a bit more time */
2707 			timeout = ssid->mode == WPAS_MODE_IBSS ? 20 : 10;
2708 		}
2709 		wpa_supplicant_req_auth_timeout(wpa_s, timeout, 0);
2710 	}
2711 
2712 	if (wep_keys_set &&
2713 	    (wpa_s->drv_flags & WPA_DRIVER_FLAGS_SET_KEYS_AFTER_ASSOC)) {
2714 		/* Set static WEP keys again */
2715 		wpa_set_wep_keys(wpa_s, ssid);
2716 	}
2717 
2718 	if (wpa_s->current_ssid && wpa_s->current_ssid != ssid) {
2719 		/*
2720 		 * Do not allow EAP session resumption between different
2721 		 * network configurations.
2722 		 */
2723 		eapol_sm_invalidate_cached_session(wpa_s->eapol);
2724 	}
2725 	old_ssid = wpa_s->current_ssid;
2726 	wpa_s->current_ssid = ssid;
2727 
2728 	if (!wpas_driver_bss_selection(wpa_s) || ssid->bssid_set) {
2729 		wpa_s->current_bss = bss;
2730 #ifdef CONFIG_HS20
2731 		hs20_configure_frame_filters(wpa_s);
2732 #endif /* CONFIG_HS20 */
2733 	}
2734 
2735 	wpa_supplicant_rsn_supp_set_config(wpa_s, wpa_s->current_ssid);
2736 	wpa_supplicant_initiate_eapol(wpa_s);
2737 	if (old_ssid != wpa_s->current_ssid)
2738 		wpas_notify_network_changed(wpa_s);
2739 }
2740 
2741 
wpa_supplicant_clear_connection(struct wpa_supplicant * wpa_s,const u8 * addr)2742 static void wpa_supplicant_clear_connection(struct wpa_supplicant *wpa_s,
2743 					    const u8 *addr)
2744 {
2745 	struct wpa_ssid *old_ssid;
2746 
2747 	wpas_connect_work_done(wpa_s);
2748 	wpa_clear_keys(wpa_s, addr);
2749 	old_ssid = wpa_s->current_ssid;
2750 	wpa_supplicant_mark_disassoc(wpa_s);
2751 	wpa_sm_set_config(wpa_s->wpa, NULL);
2752 	eapol_sm_notify_config(wpa_s->eapol, NULL, NULL);
2753 	if (old_ssid != wpa_s->current_ssid)
2754 		wpas_notify_network_changed(wpa_s);
2755 	eloop_cancel_timeout(wpa_supplicant_timeout, wpa_s, NULL);
2756 }
2757 
2758 
2759 /**
2760  * wpa_supplicant_deauthenticate - Deauthenticate the current connection
2761  * @wpa_s: Pointer to wpa_supplicant data
2762  * @reason_code: IEEE 802.11 reason code for the deauthenticate frame
2763  *
2764  * This function is used to request %wpa_supplicant to deauthenticate from the
2765  * current AP.
2766  */
wpa_supplicant_deauthenticate(struct wpa_supplicant * wpa_s,int reason_code)2767 void wpa_supplicant_deauthenticate(struct wpa_supplicant *wpa_s,
2768 				   int reason_code)
2769 {
2770 	u8 *addr = NULL;
2771 	union wpa_event_data event;
2772 	int zero_addr = 0;
2773 
2774 	wpa_dbg(wpa_s, MSG_DEBUG, "Request to deauthenticate - bssid=" MACSTR
2775 		" pending_bssid=" MACSTR " reason=%d state=%s",
2776 		MAC2STR(wpa_s->bssid), MAC2STR(wpa_s->pending_bssid),
2777 		reason_code, wpa_supplicant_state_txt(wpa_s->wpa_state));
2778 
2779 	if (!is_zero_ether_addr(wpa_s->pending_bssid) &&
2780 	    (wpa_s->wpa_state == WPA_AUTHENTICATING ||
2781 	     wpa_s->wpa_state == WPA_ASSOCIATING))
2782 		addr = wpa_s->pending_bssid;
2783 	else if (!is_zero_ether_addr(wpa_s->bssid))
2784 		addr = wpa_s->bssid;
2785 	else if (wpa_s->wpa_state == WPA_ASSOCIATING) {
2786 		/*
2787 		 * When using driver-based BSS selection, we may not know the
2788 		 * BSSID with which we are currently trying to associate. We
2789 		 * need to notify the driver of this disconnection even in such
2790 		 * a case, so use the all zeros address here.
2791 		 */
2792 		addr = wpa_s->bssid;
2793 		zero_addr = 1;
2794 	}
2795 
2796 #ifdef CONFIG_TDLS
2797 	wpa_tdls_teardown_peers(wpa_s->wpa);
2798 #endif /* CONFIG_TDLS */
2799 
2800 #ifdef CONFIG_MESH
2801 	if (wpa_s->ifmsh) {
2802 		wpa_msg(wpa_s, MSG_INFO, MESH_GROUP_REMOVED "%s",
2803 			wpa_s->ifname);
2804 		wpa_supplicant_leave_mesh(wpa_s);
2805 	}
2806 #endif /* CONFIG_MESH */
2807 
2808 	if (addr) {
2809 		wpa_drv_deauthenticate(wpa_s, addr, reason_code);
2810 		os_memset(&event, 0, sizeof(event));
2811 		event.deauth_info.reason_code = (u16) reason_code;
2812 		event.deauth_info.locally_generated = 1;
2813 		wpa_supplicant_event(wpa_s, EVENT_DEAUTH, &event);
2814 		if (zero_addr)
2815 			addr = NULL;
2816 	}
2817 
2818 	wpa_supplicant_clear_connection(wpa_s, addr);
2819 }
2820 
wpa_supplicant_enable_one_network(struct wpa_supplicant * wpa_s,struct wpa_ssid * ssid)2821 static void wpa_supplicant_enable_one_network(struct wpa_supplicant *wpa_s,
2822 					      struct wpa_ssid *ssid)
2823 {
2824 	if (!ssid || !ssid->disabled || ssid->disabled == 2)
2825 		return;
2826 
2827 	ssid->disabled = 0;
2828 	wpas_clear_temp_disabled(wpa_s, ssid, 1);
2829 	wpas_notify_network_enabled_changed(wpa_s, ssid);
2830 
2831 	/*
2832 	 * Try to reassociate since there is no current configuration and a new
2833 	 * network was made available.
2834 	 */
2835 	if (!wpa_s->current_ssid && !wpa_s->disconnected)
2836 		wpa_s->reassociate = 1;
2837 }
2838 
2839 /**
2840  * wpa_supplicant_add_network - Add a new network.
2841  * @wpa_s: wpa_supplicant structure for a network interface
2842  * Returns: The new network configuration or %NULL if operation failed
2843  *
2844  * This function performs the following operations:
2845  * 1. Adds a new network.
2846  * 2. Send network addition notification.
2847  * 3. Marks the network disabled.
2848  * 4. Set network default parameters.
2849  */
wpa_supplicant_add_network(struct wpa_supplicant * wpa_s)2850 struct wpa_ssid * wpa_supplicant_add_network(struct wpa_supplicant *wpa_s)
2851 {
2852 	struct wpa_ssid *ssid;
2853 
2854 	ssid = wpa_config_add_network(wpa_s->conf);
2855 	if (!ssid) {
2856 		return NULL;
2857 	}
2858 	wpas_notify_network_added(wpa_s, ssid);
2859 	ssid->disabled = 1;
2860 	wpa_config_set_network_defaults(ssid);
2861 
2862 	return ssid;
2863 }
2864 
2865 /**
2866  * wpa_supplicant_remove_network - Remove a configured network based on id
2867  * @wpa_s: wpa_supplicant structure for a network interface
2868  * @id: Unique network id to search for
2869  * Returns: 0 on success, or -1 if the network was not found, -2 if the network
2870  * could not be removed
2871  *
2872  * This function performs the following operations:
2873  * 1. Removes the network.
2874  * 2. Send network removal notification.
2875  * 3. Update internal state machines.
2876  * 4. Stop any running sched scans.
2877  */
wpa_supplicant_remove_network(struct wpa_supplicant * wpa_s,int id)2878 int wpa_supplicant_remove_network(struct wpa_supplicant *wpa_s, int id)
2879 {
2880 	struct wpa_ssid *ssid;
2881 	int was_disabled;
2882 
2883 	ssid = wpa_config_get_network(wpa_s->conf, id);
2884 	if (ssid)
2885 		wpas_notify_network_removed(wpa_s, ssid);
2886 	if (ssid == NULL) {
2887 		return -1;
2888 	}
2889 
2890 	if (wpa_s->last_ssid == ssid)
2891 		wpa_s->last_ssid = NULL;
2892 
2893 	if (ssid == wpa_s->current_ssid || wpa_s->current_ssid == NULL) {
2894 #ifdef CONFIG_SME
2895 		wpa_s->sme.prev_bssid_set = 0;
2896 #endif /* CONFIG_SME */
2897 		/*
2898 		 * Invalidate the EAP session cache if the current or
2899 		 * previously used network is removed.
2900 		 */
2901 		eapol_sm_invalidate_cached_session(wpa_s->eapol);
2902 	}
2903 
2904 	if (ssid == wpa_s->current_ssid) {
2905 		wpa_sm_set_config(wpa_s->wpa, NULL);
2906 		eapol_sm_notify_config(wpa_s->eapol, NULL, NULL);
2907 
2908 		if (wpa_s->wpa_state >= WPA_AUTHENTICATING)
2909 			wpa_s->own_disconnect_req = 1;
2910 		wpa_supplicant_deauthenticate(wpa_s,
2911 					      WLAN_REASON_DEAUTH_LEAVING);
2912 	}
2913 
2914 	was_disabled = ssid->disabled;
2915 
2916 	if (wpa_config_remove_network(wpa_s->conf, id) < 0) {
2917 		return -2;
2918 	}
2919 
2920 	if (!was_disabled && wpa_s->sched_scanning) {
2921 		wpa_printf(MSG_DEBUG, "Stop ongoing sched_scan to remove "
2922 			   "network from filters");
2923 		wpa_supplicant_cancel_sched_scan(wpa_s);
2924 		wpa_supplicant_req_scan(wpa_s, 0, 0);
2925 	}
2926 	return 0;
2927 }
2928 
2929 /**
2930  * wpa_supplicant_enable_network - Mark a configured network as enabled
2931  * @wpa_s: wpa_supplicant structure for a network interface
2932  * @ssid: wpa_ssid structure for a configured network or %NULL
2933  *
2934  * Enables the specified network or all networks if no network specified.
2935  */
wpa_supplicant_enable_network(struct wpa_supplicant * wpa_s,struct wpa_ssid * ssid)2936 void wpa_supplicant_enable_network(struct wpa_supplicant *wpa_s,
2937 				   struct wpa_ssid *ssid)
2938 {
2939 	if (ssid == NULL) {
2940 		for (ssid = wpa_s->conf->ssid; ssid; ssid = ssid->next)
2941 			wpa_supplicant_enable_one_network(wpa_s, ssid);
2942 	} else
2943 		wpa_supplicant_enable_one_network(wpa_s, ssid);
2944 
2945 	if (wpa_s->reassociate && !wpa_s->disconnected &&
2946 	    (!wpa_s->current_ssid ||
2947 	     wpa_s->wpa_state == WPA_DISCONNECTED ||
2948 	     wpa_s->wpa_state == WPA_SCANNING)) {
2949 		if (wpa_s->sched_scanning) {
2950 			wpa_printf(MSG_DEBUG, "Stop ongoing sched_scan to add "
2951 				   "new network to scan filters");
2952 			wpa_supplicant_cancel_sched_scan(wpa_s);
2953 		}
2954 
2955 		if (wpa_supplicant_fast_associate(wpa_s) != 1) {
2956 			wpa_s->scan_req = NORMAL_SCAN_REQ;
2957 			wpa_supplicant_req_scan(wpa_s, 0, 0);
2958 		}
2959 	}
2960 }
2961 
2962 
2963 /**
2964  * wpa_supplicant_disable_network - Mark a configured network as disabled
2965  * @wpa_s: wpa_supplicant structure for a network interface
2966  * @ssid: wpa_ssid structure for a configured network or %NULL
2967  *
2968  * Disables the specified network or all networks if no network specified.
2969  */
wpa_supplicant_disable_network(struct wpa_supplicant * wpa_s,struct wpa_ssid * ssid)2970 void wpa_supplicant_disable_network(struct wpa_supplicant *wpa_s,
2971 				    struct wpa_ssid *ssid)
2972 {
2973 	struct wpa_ssid *other_ssid;
2974 	int was_disabled;
2975 
2976 	if (ssid == NULL) {
2977 		if (wpa_s->sched_scanning)
2978 			wpa_supplicant_cancel_sched_scan(wpa_s);
2979 
2980 		for (other_ssid = wpa_s->conf->ssid; other_ssid;
2981 		     other_ssid = other_ssid->next) {
2982 			was_disabled = other_ssid->disabled;
2983 			if (was_disabled == 2)
2984 				continue; /* do not change persistent P2P group
2985 					   * data */
2986 
2987 			other_ssid->disabled = 1;
2988 
2989 			if (was_disabled != other_ssid->disabled)
2990 				wpas_notify_network_enabled_changed(
2991 					wpa_s, other_ssid);
2992 		}
2993 		if (wpa_s->current_ssid)
2994 			wpa_supplicant_deauthenticate(
2995 				wpa_s, WLAN_REASON_DEAUTH_LEAVING);
2996 	} else if (ssid->disabled != 2) {
2997 		if (ssid == wpa_s->current_ssid)
2998 			wpa_supplicant_deauthenticate(
2999 				wpa_s, WLAN_REASON_DEAUTH_LEAVING);
3000 
3001 		was_disabled = ssid->disabled;
3002 
3003 		ssid->disabled = 1;
3004 
3005 		if (was_disabled != ssid->disabled) {
3006 			wpas_notify_network_enabled_changed(wpa_s, ssid);
3007 			if (wpa_s->sched_scanning) {
3008 				wpa_printf(MSG_DEBUG, "Stop ongoing sched_scan "
3009 					   "to remove network from filters");
3010 				wpa_supplicant_cancel_sched_scan(wpa_s);
3011 				wpa_supplicant_req_scan(wpa_s, 0, 0);
3012 			}
3013 		}
3014 	}
3015 }
3016 
3017 
3018 /**
3019  * wpa_supplicant_select_network - Attempt association with a network
3020  * @wpa_s: wpa_supplicant structure for a network interface
3021  * @ssid: wpa_ssid structure for a configured network or %NULL for any network
3022  */
wpa_supplicant_select_network(struct wpa_supplicant * wpa_s,struct wpa_ssid * ssid)3023 void wpa_supplicant_select_network(struct wpa_supplicant *wpa_s,
3024 				   struct wpa_ssid *ssid)
3025 {
3026 
3027 	struct wpa_ssid *other_ssid;
3028 	int disconnected = 0;
3029 
3030 	if (ssid && ssid != wpa_s->current_ssid && wpa_s->current_ssid) {
3031 		if (wpa_s->wpa_state >= WPA_AUTHENTICATING)
3032 			wpa_s->own_disconnect_req = 1;
3033 		wpa_supplicant_deauthenticate(
3034 			wpa_s, WLAN_REASON_DEAUTH_LEAVING);
3035 		disconnected = 1;
3036 	}
3037 
3038 	if (ssid)
3039 		wpas_clear_temp_disabled(wpa_s, ssid, 1);
3040 
3041 	/*
3042 	 * Mark all other networks disabled or mark all networks enabled if no
3043 	 * network specified.
3044 	 */
3045 	for (other_ssid = wpa_s->conf->ssid; other_ssid;
3046 	     other_ssid = other_ssid->next) {
3047 		int was_disabled = other_ssid->disabled;
3048 		if (was_disabled == 2)
3049 			continue; /* do not change persistent P2P group data */
3050 
3051 		other_ssid->disabled = ssid ? (ssid->id != other_ssid->id) : 0;
3052 		if (was_disabled && !other_ssid->disabled)
3053 			wpas_clear_temp_disabled(wpa_s, other_ssid, 0);
3054 
3055 		if (was_disabled != other_ssid->disabled)
3056 			wpas_notify_network_enabled_changed(wpa_s, other_ssid);
3057 	}
3058 
3059 	if (ssid && ssid == wpa_s->current_ssid && wpa_s->current_ssid &&
3060 	    wpa_s->wpa_state >= WPA_AUTHENTICATING) {
3061 		/* We are already associated with the selected network */
3062 		wpa_printf(MSG_DEBUG, "Already associated with the "
3063 			   "selected network - do nothing");
3064 		return;
3065 	}
3066 
3067 	if (ssid) {
3068 		wpa_s->current_ssid = ssid;
3069 		eapol_sm_notify_config(wpa_s->eapol, NULL, NULL);
3070 		wpa_s->connect_without_scan =
3071 			(ssid->mode == WPAS_MODE_MESH) ? ssid : NULL;
3072 
3073 		/*
3074 		 * Don't optimize next scan freqs since a new ESS has been
3075 		 * selected.
3076 		 */
3077 		os_free(wpa_s->next_scan_freqs);
3078 		wpa_s->next_scan_freqs = NULL;
3079 	} else {
3080 		wpa_s->connect_without_scan = NULL;
3081 	}
3082 
3083 	wpa_s->disconnected = 0;
3084 	wpa_s->reassociate = 1;
3085 
3086 	if (wpa_s->connect_without_scan ||
3087 	    wpa_supplicant_fast_associate(wpa_s) != 1) {
3088 		wpa_s->scan_req = NORMAL_SCAN_REQ;
3089 		wpas_scan_reset_sched_scan(wpa_s);
3090 		wpa_supplicant_req_scan(wpa_s, 0, disconnected ? 100000 : 0);
3091 	}
3092 
3093 	if (ssid)
3094 		wpas_notify_network_selected(wpa_s, ssid);
3095 }
3096 
3097 
3098 /**
3099  * wpas_set_pkcs11_engine_and_module_path - Set PKCS #11 engine and module path
3100  * @wpa_s: wpa_supplicant structure for a network interface
3101  * @pkcs11_engine_path: PKCS #11 engine path or NULL
3102  * @pkcs11_module_path: PKCS #11 module path or NULL
3103  * Returns: 0 on success; -1 on failure
3104  *
3105  * Sets the PKCS #11 engine and module path. Both have to be NULL or a valid
3106  * path. If resetting the EAPOL state machine with the new PKCS #11 engine and
3107  * module path fails the paths will be reset to the default value (NULL).
3108  */
wpas_set_pkcs11_engine_and_module_path(struct wpa_supplicant * wpa_s,const char * pkcs11_engine_path,const char * pkcs11_module_path)3109 int wpas_set_pkcs11_engine_and_module_path(struct wpa_supplicant *wpa_s,
3110 					   const char *pkcs11_engine_path,
3111 					   const char *pkcs11_module_path)
3112 {
3113 	char *pkcs11_engine_path_copy = NULL;
3114 	char *pkcs11_module_path_copy = NULL;
3115 
3116 	if (pkcs11_engine_path != NULL) {
3117 		pkcs11_engine_path_copy = os_strdup(pkcs11_engine_path);
3118 		if (pkcs11_engine_path_copy == NULL)
3119 			return -1;
3120 	}
3121 	if (pkcs11_module_path != NULL) {
3122 		pkcs11_module_path_copy = os_strdup(pkcs11_module_path);
3123 		if (pkcs11_module_path_copy == NULL) {
3124 			os_free(pkcs11_engine_path_copy);
3125 			return -1;
3126 		}
3127 	}
3128 
3129 	os_free(wpa_s->conf->pkcs11_engine_path);
3130 	os_free(wpa_s->conf->pkcs11_module_path);
3131 	wpa_s->conf->pkcs11_engine_path = pkcs11_engine_path_copy;
3132 	wpa_s->conf->pkcs11_module_path = pkcs11_module_path_copy;
3133 
3134 	wpa_sm_set_eapol(wpa_s->wpa, NULL);
3135 	eapol_sm_deinit(wpa_s->eapol);
3136 	wpa_s->eapol = NULL;
3137 	if (wpa_supplicant_init_eapol(wpa_s)) {
3138 		/* Error -> Reset paths to the default value (NULL) once. */
3139 		if (pkcs11_engine_path != NULL && pkcs11_module_path != NULL)
3140 			wpas_set_pkcs11_engine_and_module_path(wpa_s, NULL,
3141 							       NULL);
3142 
3143 		return -1;
3144 	}
3145 	wpa_sm_set_eapol(wpa_s->wpa, wpa_s->eapol);
3146 
3147 	return 0;
3148 }
3149 
3150 
3151 /**
3152  * wpa_supplicant_set_ap_scan - Set AP scan mode for interface
3153  * @wpa_s: wpa_supplicant structure for a network interface
3154  * @ap_scan: AP scan mode
3155  * Returns: 0 if succeed or -1 if ap_scan has an invalid value
3156  *
3157  */
wpa_supplicant_set_ap_scan(struct wpa_supplicant * wpa_s,int ap_scan)3158 int wpa_supplicant_set_ap_scan(struct wpa_supplicant *wpa_s, int ap_scan)
3159 {
3160 
3161 	int old_ap_scan;
3162 
3163 	if (ap_scan < 0 || ap_scan > 2)
3164 		return -1;
3165 
3166 	if (ap_scan == 2 && os_strcmp(wpa_s->driver->name, "nl80211") == 0) {
3167 		wpa_printf(MSG_INFO,
3168 			   "Note: nl80211 driver interface is not designed to be used with ap_scan=2; this can result in connection failures");
3169 	}
3170 
3171 #ifdef ANDROID
3172 	if (ap_scan == 2 && ap_scan != wpa_s->conf->ap_scan &&
3173 	    wpa_s->wpa_state >= WPA_ASSOCIATING &&
3174 	    wpa_s->wpa_state < WPA_COMPLETED) {
3175 		wpa_printf(MSG_ERROR, "ap_scan = %d (%d) rejected while "
3176 			   "associating", wpa_s->conf->ap_scan, ap_scan);
3177 		return 0;
3178 	}
3179 #endif /* ANDROID */
3180 
3181 	old_ap_scan = wpa_s->conf->ap_scan;
3182 	wpa_s->conf->ap_scan = ap_scan;
3183 
3184 	if (old_ap_scan != wpa_s->conf->ap_scan)
3185 		wpas_notify_ap_scan_changed(wpa_s);
3186 
3187 	return 0;
3188 }
3189 
3190 
3191 /**
3192  * wpa_supplicant_set_bss_expiration_age - Set BSS entry expiration age
3193  * @wpa_s: wpa_supplicant structure for a network interface
3194  * @expire_age: Expiration age in seconds
3195  * Returns: 0 if succeed or -1 if expire_age has an invalid value
3196  *
3197  */
wpa_supplicant_set_bss_expiration_age(struct wpa_supplicant * wpa_s,unsigned int bss_expire_age)3198 int wpa_supplicant_set_bss_expiration_age(struct wpa_supplicant *wpa_s,
3199 					  unsigned int bss_expire_age)
3200 {
3201 	if (bss_expire_age < 10) {
3202 		wpa_msg(wpa_s, MSG_ERROR, "Invalid bss expiration age %u",
3203 			bss_expire_age);
3204 		return -1;
3205 	}
3206 	wpa_msg(wpa_s, MSG_DEBUG, "Setting bss expiration age: %d sec",
3207 		bss_expire_age);
3208 	wpa_s->conf->bss_expiration_age = bss_expire_age;
3209 
3210 	return 0;
3211 }
3212 
3213 
3214 /**
3215  * wpa_supplicant_set_bss_expiration_count - Set BSS entry expiration scan count
3216  * @wpa_s: wpa_supplicant structure for a network interface
3217  * @expire_count: number of scans after which an unseen BSS is reclaimed
3218  * Returns: 0 if succeed or -1 if expire_count has an invalid value
3219  *
3220  */
wpa_supplicant_set_bss_expiration_count(struct wpa_supplicant * wpa_s,unsigned int bss_expire_count)3221 int wpa_supplicant_set_bss_expiration_count(struct wpa_supplicant *wpa_s,
3222 					    unsigned int bss_expire_count)
3223 {
3224 	if (bss_expire_count < 1) {
3225 		wpa_msg(wpa_s, MSG_ERROR, "Invalid bss expiration count %u",
3226 			bss_expire_count);
3227 		return -1;
3228 	}
3229 	wpa_msg(wpa_s, MSG_DEBUG, "Setting bss expiration scan count: %u",
3230 		bss_expire_count);
3231 	wpa_s->conf->bss_expiration_scan_count = bss_expire_count;
3232 
3233 	return 0;
3234 }
3235 
3236 
3237 /**
3238  * wpa_supplicant_set_scan_interval - Set scan interval
3239  * @wpa_s: wpa_supplicant structure for a network interface
3240  * @scan_interval: scan interval in seconds
3241  * Returns: 0 if succeed or -1 if scan_interval has an invalid value
3242  *
3243  */
wpa_supplicant_set_scan_interval(struct wpa_supplicant * wpa_s,int scan_interval)3244 int wpa_supplicant_set_scan_interval(struct wpa_supplicant *wpa_s,
3245 				     int scan_interval)
3246 {
3247 	if (scan_interval < 0) {
3248 		wpa_msg(wpa_s, MSG_ERROR, "Invalid scan interval %d",
3249 			scan_interval);
3250 		return -1;
3251 	}
3252 	wpa_msg(wpa_s, MSG_DEBUG, "Setting scan interval: %d sec",
3253 		scan_interval);
3254 	wpa_supplicant_update_scan_int(wpa_s, scan_interval);
3255 
3256 	return 0;
3257 }
3258 
3259 
3260 /**
3261  * wpa_supplicant_set_debug_params - Set global debug params
3262  * @global: wpa_global structure
3263  * @debug_level: debug level
3264  * @debug_timestamp: determines if show timestamp in debug data
3265  * @debug_show_keys: determines if show keys in debug data
3266  * Returns: 0 if succeed or -1 if debug_level has wrong value
3267  */
wpa_supplicant_set_debug_params(struct wpa_global * global,int debug_level,int debug_timestamp,int debug_show_keys)3268 int wpa_supplicant_set_debug_params(struct wpa_global *global, int debug_level,
3269 				    int debug_timestamp, int debug_show_keys)
3270 {
3271 
3272 	int old_level, old_timestamp, old_show_keys;
3273 
3274 	/* check for allowed debuglevels */
3275 	if (debug_level != MSG_EXCESSIVE &&
3276 	    debug_level != MSG_MSGDUMP &&
3277 	    debug_level != MSG_DEBUG &&
3278 	    debug_level != MSG_INFO &&
3279 	    debug_level != MSG_WARNING &&
3280 	    debug_level != MSG_ERROR)
3281 		return -1;
3282 
3283 	old_level = wpa_debug_level;
3284 	old_timestamp = wpa_debug_timestamp;
3285 	old_show_keys = wpa_debug_show_keys;
3286 
3287 	wpa_debug_level = debug_level;
3288 	wpa_debug_timestamp = debug_timestamp ? 1 : 0;
3289 	wpa_debug_show_keys = debug_show_keys ? 1 : 0;
3290 
3291 	if (wpa_debug_level != old_level)
3292 		wpas_notify_debug_level_changed(global);
3293 	if (wpa_debug_timestamp != old_timestamp)
3294 		wpas_notify_debug_timestamp_changed(global);
3295 	if (wpa_debug_show_keys != old_show_keys)
3296 		wpas_notify_debug_show_keys_changed(global);
3297 
3298 	return 0;
3299 }
3300 
3301 
3302 /**
3303  * wpa_supplicant_get_ssid - Get a pointer to the current network structure
3304  * @wpa_s: Pointer to wpa_supplicant data
3305  * Returns: A pointer to the current network structure or %NULL on failure
3306  */
wpa_supplicant_get_ssid(struct wpa_supplicant * wpa_s)3307 struct wpa_ssid * wpa_supplicant_get_ssid(struct wpa_supplicant *wpa_s)
3308 {
3309 	struct wpa_ssid *entry;
3310 	u8 ssid[SSID_MAX_LEN];
3311 	int res;
3312 	size_t ssid_len;
3313 	u8 bssid[ETH_ALEN];
3314 	int wired;
3315 
3316 	res = wpa_drv_get_ssid(wpa_s, ssid);
3317 	if (res < 0) {
3318 		wpa_msg(wpa_s, MSG_WARNING, "Could not read SSID from "
3319 			"driver");
3320 		return NULL;
3321 	}
3322 	ssid_len = res;
3323 
3324 	if (wpa_drv_get_bssid(wpa_s, bssid) < 0) {
3325 		wpa_msg(wpa_s, MSG_WARNING, "Could not read BSSID from "
3326 			"driver");
3327 		return NULL;
3328 	}
3329 
3330 	wired = wpa_s->conf->ap_scan == 0 &&
3331 		(wpa_s->drv_flags & WPA_DRIVER_FLAGS_WIRED);
3332 
3333 	entry = wpa_s->conf->ssid;
3334 	while (entry) {
3335 		if (!wpas_network_disabled(wpa_s, entry) &&
3336 		    ((ssid_len == entry->ssid_len &&
3337 		      os_memcmp(ssid, entry->ssid, ssid_len) == 0) || wired) &&
3338 		    (!entry->bssid_set ||
3339 		     os_memcmp(bssid, entry->bssid, ETH_ALEN) == 0))
3340 			return entry;
3341 #ifdef CONFIG_WPS
3342 		if (!wpas_network_disabled(wpa_s, entry) &&
3343 		    (entry->key_mgmt & WPA_KEY_MGMT_WPS) &&
3344 		    (entry->ssid == NULL || entry->ssid_len == 0) &&
3345 		    (!entry->bssid_set ||
3346 		     os_memcmp(bssid, entry->bssid, ETH_ALEN) == 0))
3347 			return entry;
3348 #endif /* CONFIG_WPS */
3349 
3350 		if (!wpas_network_disabled(wpa_s, entry) && entry->bssid_set &&
3351 		    entry->ssid_len == 0 &&
3352 		    os_memcmp(bssid, entry->bssid, ETH_ALEN) == 0)
3353 			return entry;
3354 
3355 		entry = entry->next;
3356 	}
3357 
3358 	return NULL;
3359 }
3360 
3361 
select_driver(struct wpa_supplicant * wpa_s,int i)3362 static int select_driver(struct wpa_supplicant *wpa_s, int i)
3363 {
3364 	struct wpa_global *global = wpa_s->global;
3365 
3366 	if (wpa_drivers[i]->global_init && global->drv_priv[i] == NULL) {
3367 		global->drv_priv[i] = wpa_drivers[i]->global_init(global);
3368 		if (global->drv_priv[i] == NULL) {
3369 			wpa_printf(MSG_ERROR, "Failed to initialize driver "
3370 				   "'%s'", wpa_drivers[i]->name);
3371 			return -1;
3372 		}
3373 	}
3374 
3375 	wpa_s->driver = wpa_drivers[i];
3376 	wpa_s->global_drv_priv = global->drv_priv[i];
3377 
3378 	return 0;
3379 }
3380 
3381 
wpa_supplicant_set_driver(struct wpa_supplicant * wpa_s,const char * name)3382 static int wpa_supplicant_set_driver(struct wpa_supplicant *wpa_s,
3383 				     const char *name)
3384 {
3385 	int i;
3386 	size_t len;
3387 	const char *pos, *driver = name;
3388 
3389 	if (wpa_s == NULL)
3390 		return -1;
3391 
3392 	if (wpa_drivers[0] == NULL) {
3393 		wpa_msg(wpa_s, MSG_ERROR, "No driver interfaces build into "
3394 			"wpa_supplicant");
3395 		return -1;
3396 	}
3397 
3398 	if (name == NULL) {
3399 		/* default to first driver in the list */
3400 		return select_driver(wpa_s, 0);
3401 	}
3402 
3403 	do {
3404 		pos = os_strchr(driver, ',');
3405 		if (pos)
3406 			len = pos - driver;
3407 		else
3408 			len = os_strlen(driver);
3409 
3410 		for (i = 0; wpa_drivers[i]; i++) {
3411 			if (os_strlen(wpa_drivers[i]->name) == len &&
3412 			    os_strncmp(driver, wpa_drivers[i]->name, len) ==
3413 			    0) {
3414 				/* First driver that succeeds wins */
3415 				if (select_driver(wpa_s, i) == 0)
3416 					return 0;
3417 			}
3418 		}
3419 
3420 		driver = pos + 1;
3421 	} while (pos);
3422 
3423 	wpa_msg(wpa_s, MSG_ERROR, "Unsupported driver '%s'", name);
3424 	return -1;
3425 }
3426 
3427 
3428 /**
3429  * wpa_supplicant_rx_eapol - Deliver a received EAPOL frame to wpa_supplicant
3430  * @ctx: Context pointer (wpa_s); this is the ctx variable registered
3431  *	with struct wpa_driver_ops::init()
3432  * @src_addr: Source address of the EAPOL frame
3433  * @buf: EAPOL data starting from the EAPOL header (i.e., no Ethernet header)
3434  * @len: Length of the EAPOL data
3435  *
3436  * This function is called for each received EAPOL frame. Most driver
3437  * interfaces rely on more generic OS mechanism for receiving frames through
3438  * l2_packet, but if such a mechanism is not available, the driver wrapper may
3439  * take care of received EAPOL frames and deliver them to the core supplicant
3440  * code by calling this function.
3441  */
wpa_supplicant_rx_eapol(void * ctx,const u8 * src_addr,const u8 * buf,size_t len)3442 void wpa_supplicant_rx_eapol(void *ctx, const u8 *src_addr,
3443 			     const u8 *buf, size_t len)
3444 {
3445 	struct wpa_supplicant *wpa_s = ctx;
3446 
3447 	wpa_dbg(wpa_s, MSG_DEBUG, "RX EAPOL from " MACSTR, MAC2STR(src_addr));
3448 	wpa_hexdump(MSG_MSGDUMP, "RX EAPOL", buf, len);
3449 
3450 #ifdef CONFIG_TESTING_OPTIONS
3451 	if (wpa_s->ignore_auth_resp) {
3452 		wpa_printf(MSG_INFO, "RX EAPOL - ignore_auth_resp active!");
3453 		return;
3454 	}
3455 #endif /* CONFIG_TESTING_OPTIONS */
3456 
3457 #ifdef CONFIG_PEERKEY
3458 	if (wpa_s->wpa_state > WPA_ASSOCIATED && wpa_s->current_ssid &&
3459 	    wpa_s->current_ssid->peerkey &&
3460 	    !(wpa_s->drv_flags & WPA_DRIVER_FLAGS_4WAY_HANDSHAKE) &&
3461 	    wpa_sm_rx_eapol_peerkey(wpa_s->wpa, src_addr, buf, len) == 1) {
3462 		wpa_dbg(wpa_s, MSG_DEBUG, "RSN: Processed PeerKey EAPOL-Key");
3463 		return;
3464 	}
3465 #endif /* CONFIG_PEERKEY */
3466 
3467 	if (wpa_s->wpa_state < WPA_ASSOCIATED ||
3468 	    (wpa_s->last_eapol_matches_bssid &&
3469 #ifdef CONFIG_AP
3470 	     !wpa_s->ap_iface &&
3471 #endif /* CONFIG_AP */
3472 	     os_memcmp(src_addr, wpa_s->bssid, ETH_ALEN) != 0)) {
3473 		/*
3474 		 * There is possible race condition between receiving the
3475 		 * association event and the EAPOL frame since they are coming
3476 		 * through different paths from the driver. In order to avoid
3477 		 * issues in trying to process the EAPOL frame before receiving
3478 		 * association information, lets queue it for processing until
3479 		 * the association event is received. This may also be needed in
3480 		 * driver-based roaming case, so also use src_addr != BSSID as a
3481 		 * trigger if we have previously confirmed that the
3482 		 * Authenticator uses BSSID as the src_addr (which is not the
3483 		 * case with wired IEEE 802.1X).
3484 		 */
3485 		wpa_dbg(wpa_s, MSG_DEBUG, "Not associated - Delay processing "
3486 			"of received EAPOL frame (state=%s bssid=" MACSTR ")",
3487 			wpa_supplicant_state_txt(wpa_s->wpa_state),
3488 			MAC2STR(wpa_s->bssid));
3489 		wpabuf_free(wpa_s->pending_eapol_rx);
3490 		wpa_s->pending_eapol_rx = wpabuf_alloc_copy(buf, len);
3491 		if (wpa_s->pending_eapol_rx) {
3492 			os_get_reltime(&wpa_s->pending_eapol_rx_time);
3493 			os_memcpy(wpa_s->pending_eapol_rx_src, src_addr,
3494 				  ETH_ALEN);
3495 		}
3496 		return;
3497 	}
3498 
3499 	wpa_s->last_eapol_matches_bssid =
3500 		os_memcmp(src_addr, wpa_s->bssid, ETH_ALEN) == 0;
3501 
3502 #ifdef CONFIG_AP
3503 	if (wpa_s->ap_iface) {
3504 		wpa_supplicant_ap_rx_eapol(wpa_s, src_addr, buf, len);
3505 		return;
3506 	}
3507 #endif /* CONFIG_AP */
3508 
3509 	if (wpa_s->key_mgmt == WPA_KEY_MGMT_NONE) {
3510 		wpa_dbg(wpa_s, MSG_DEBUG, "Ignored received EAPOL frame since "
3511 			"no key management is configured");
3512 		return;
3513 	}
3514 
3515 	if (wpa_s->eapol_received == 0 &&
3516 	    (!(wpa_s->drv_flags & WPA_DRIVER_FLAGS_4WAY_HANDSHAKE) ||
3517 	     !wpa_key_mgmt_wpa_psk(wpa_s->key_mgmt) ||
3518 	     wpa_s->wpa_state != WPA_COMPLETED) &&
3519 	    (wpa_s->current_ssid == NULL ||
3520 	     wpa_s->current_ssid->mode != IEEE80211_MODE_IBSS)) {
3521 		/* Timeout for completing IEEE 802.1X and WPA authentication */
3522 		int timeout = 10;
3523 
3524 		if (wpa_key_mgmt_wpa_ieee8021x(wpa_s->key_mgmt) ||
3525 		    wpa_s->key_mgmt == WPA_KEY_MGMT_IEEE8021X_NO_WPA ||
3526 		    wpa_s->key_mgmt == WPA_KEY_MGMT_WPS) {
3527 			/* Use longer timeout for IEEE 802.1X/EAP */
3528 			timeout = 70;
3529 		}
3530 
3531 #ifdef CONFIG_WPS
3532 		if (wpa_s->current_ssid && wpa_s->current_bss &&
3533 		    (wpa_s->current_ssid->key_mgmt & WPA_KEY_MGMT_WPS) &&
3534 		    eap_is_wps_pin_enrollee(&wpa_s->current_ssid->eap)) {
3535 			/*
3536 			 * Use shorter timeout if going through WPS AP iteration
3537 			 * for PIN config method with an AP that does not
3538 			 * advertise Selected Registrar.
3539 			 */
3540 			struct wpabuf *wps_ie;
3541 
3542 			wps_ie = wpa_bss_get_vendor_ie_multi(
3543 				wpa_s->current_bss, WPS_IE_VENDOR_TYPE);
3544 			if (wps_ie &&
3545 			    !wps_is_addr_authorized(wps_ie, wpa_s->own_addr, 1))
3546 				timeout = 10;
3547 			wpabuf_free(wps_ie);
3548 		}
3549 #endif /* CONFIG_WPS */
3550 
3551 		wpa_supplicant_req_auth_timeout(wpa_s, timeout, 0);
3552 	}
3553 	wpa_s->eapol_received++;
3554 
3555 	if (wpa_s->countermeasures) {
3556 		wpa_msg(wpa_s, MSG_INFO, "WPA: Countermeasures - dropped "
3557 			"EAPOL packet");
3558 		return;
3559 	}
3560 
3561 #ifdef CONFIG_IBSS_RSN
3562 	if (wpa_s->current_ssid &&
3563 	    wpa_s->current_ssid->mode == WPAS_MODE_IBSS) {
3564 		ibss_rsn_rx_eapol(wpa_s->ibss_rsn, src_addr, buf, len);
3565 		return;
3566 	}
3567 #endif /* CONFIG_IBSS_RSN */
3568 
3569 	/* Source address of the incoming EAPOL frame could be compared to the
3570 	 * current BSSID. However, it is possible that a centralized
3571 	 * Authenticator could be using another MAC address than the BSSID of
3572 	 * an AP, so just allow any address to be used for now. The replies are
3573 	 * still sent to the current BSSID (if available), though. */
3574 
3575 	os_memcpy(wpa_s->last_eapol_src, src_addr, ETH_ALEN);
3576 	if (!wpa_key_mgmt_wpa_psk(wpa_s->key_mgmt) &&
3577 	    eapol_sm_rx_eapol(wpa_s->eapol, src_addr, buf, len) > 0)
3578 		return;
3579 	wpa_drv_poll(wpa_s);
3580 	if (!(wpa_s->drv_flags & WPA_DRIVER_FLAGS_4WAY_HANDSHAKE))
3581 		wpa_sm_rx_eapol(wpa_s->wpa, src_addr, buf, len);
3582 	else if (wpa_key_mgmt_wpa_ieee8021x(wpa_s->key_mgmt)) {
3583 		/*
3584 		 * Set portValid = TRUE here since we are going to skip 4-way
3585 		 * handshake processing which would normally set portValid. We
3586 		 * need this to allow the EAPOL state machines to be completed
3587 		 * without going through EAPOL-Key handshake.
3588 		 */
3589 		eapol_sm_notify_portValid(wpa_s->eapol, TRUE);
3590 	}
3591 }
3592 
3593 
wpa_supplicant_update_mac_addr(struct wpa_supplicant * wpa_s)3594 int wpa_supplicant_update_mac_addr(struct wpa_supplicant *wpa_s)
3595 {
3596 	if ((!wpa_s->p2p_mgmt ||
3597 	     !(wpa_s->drv_flags & WPA_DRIVER_FLAGS_DEDICATED_P2P_DEVICE)) &&
3598 	    !(wpa_s->drv_flags & WPA_DRIVER_FLAGS_P2P_DEDICATED_INTERFACE)) {
3599 		l2_packet_deinit(wpa_s->l2);
3600 		wpa_s->l2 = l2_packet_init(wpa_s->ifname,
3601 					   wpa_drv_get_mac_addr(wpa_s),
3602 					   ETH_P_EAPOL,
3603 					   wpa_supplicant_rx_eapol, wpa_s, 0);
3604 		if (wpa_s->l2 == NULL)
3605 			return -1;
3606 	} else {
3607 		const u8 *addr = wpa_drv_get_mac_addr(wpa_s);
3608 		if (addr)
3609 			os_memcpy(wpa_s->own_addr, addr, ETH_ALEN);
3610 	}
3611 
3612 	if (wpa_s->l2 && l2_packet_get_own_addr(wpa_s->l2, wpa_s->own_addr)) {
3613 		wpa_msg(wpa_s, MSG_ERROR, "Failed to get own L2 address");
3614 		return -1;
3615 	}
3616 
3617 	wpa_sm_set_own_addr(wpa_s->wpa, wpa_s->own_addr);
3618 
3619 	return 0;
3620 }
3621 
3622 
wpa_supplicant_rx_eapol_bridge(void * ctx,const u8 * src_addr,const u8 * buf,size_t len)3623 static void wpa_supplicant_rx_eapol_bridge(void *ctx, const u8 *src_addr,
3624 					   const u8 *buf, size_t len)
3625 {
3626 	struct wpa_supplicant *wpa_s = ctx;
3627 	const struct l2_ethhdr *eth;
3628 
3629 	if (len < sizeof(*eth))
3630 		return;
3631 	eth = (const struct l2_ethhdr *) buf;
3632 
3633 	if (os_memcmp(eth->h_dest, wpa_s->own_addr, ETH_ALEN) != 0 &&
3634 	    !(eth->h_dest[0] & 0x01)) {
3635 		wpa_dbg(wpa_s, MSG_DEBUG, "RX EAPOL from " MACSTR " to " MACSTR
3636 			" (bridge - not for this interface - ignore)",
3637 			MAC2STR(src_addr), MAC2STR(eth->h_dest));
3638 		return;
3639 	}
3640 
3641 	wpa_dbg(wpa_s, MSG_DEBUG, "RX EAPOL from " MACSTR " to " MACSTR
3642 		" (bridge)", MAC2STR(src_addr), MAC2STR(eth->h_dest));
3643 	wpa_supplicant_rx_eapol(wpa_s, src_addr, buf + sizeof(*eth),
3644 				len - sizeof(*eth));
3645 }
3646 
3647 
3648 /**
3649  * wpa_supplicant_driver_init - Initialize driver interface parameters
3650  * @wpa_s: Pointer to wpa_supplicant data
3651  * Returns: 0 on success, -1 on failure
3652  *
3653  * This function is called to initialize driver interface parameters.
3654  * wpa_drv_init() must have been called before this function to initialize the
3655  * driver interface.
3656  */
wpa_supplicant_driver_init(struct wpa_supplicant * wpa_s)3657 int wpa_supplicant_driver_init(struct wpa_supplicant *wpa_s)
3658 {
3659 	static int interface_count = 0;
3660 
3661 	if (wpa_supplicant_update_mac_addr(wpa_s) < 0)
3662 		return -1;
3663 
3664 	wpa_dbg(wpa_s, MSG_DEBUG, "Own MAC address: " MACSTR,
3665 		MAC2STR(wpa_s->own_addr));
3666 	os_memcpy(wpa_s->perm_addr, wpa_s->own_addr, ETH_ALEN);
3667 	wpa_sm_set_own_addr(wpa_s->wpa, wpa_s->own_addr);
3668 
3669 	if (wpa_s->bridge_ifname[0]) {
3670 		wpa_dbg(wpa_s, MSG_DEBUG, "Receiving packets from bridge "
3671 			"interface '%s'", wpa_s->bridge_ifname);
3672 		wpa_s->l2_br = l2_packet_init_bridge(
3673 			wpa_s->bridge_ifname, wpa_s->ifname, wpa_s->own_addr,
3674 			ETH_P_EAPOL, wpa_supplicant_rx_eapol_bridge, wpa_s, 1);
3675 		if (wpa_s->l2_br == NULL) {
3676 			wpa_msg(wpa_s, MSG_ERROR, "Failed to open l2_packet "
3677 				"connection for the bridge interface '%s'",
3678 				wpa_s->bridge_ifname);
3679 			return -1;
3680 		}
3681 	}
3682 
3683 	if (wpa_s->conf->ap_scan == 2 &&
3684 	    os_strcmp(wpa_s->driver->name, "nl80211") == 0) {
3685 		wpa_printf(MSG_INFO,
3686 			   "Note: nl80211 driver interface is not designed to be used with ap_scan=2; this can result in connection failures");
3687 	}
3688 
3689 	wpa_clear_keys(wpa_s, NULL);
3690 
3691 	/* Make sure that TKIP countermeasures are not left enabled (could
3692 	 * happen if wpa_supplicant is killed during countermeasures. */
3693 	wpa_drv_set_countermeasures(wpa_s, 0);
3694 
3695 	wpa_dbg(wpa_s, MSG_DEBUG, "RSN: flushing PMKID list in the driver");
3696 	wpa_drv_flush_pmkid(wpa_s);
3697 
3698 	wpa_s->prev_scan_ssid = WILDCARD_SSID_SCAN;
3699 	wpa_s->prev_scan_wildcard = 0;
3700 
3701 	if (wpa_supplicant_enabled_networks(wpa_s)) {
3702 		if (wpa_s->wpa_state == WPA_INTERFACE_DISABLED) {
3703 			wpa_supplicant_set_state(wpa_s, WPA_DISCONNECTED);
3704 			interface_count = 0;
3705 		}
3706 #ifndef ANDROID
3707 		if (!wpa_s->p2p_mgmt &&
3708 		    wpa_supplicant_delayed_sched_scan(wpa_s,
3709 						      interface_count % 3,
3710 						      100000))
3711 			wpa_supplicant_req_scan(wpa_s, interface_count % 3,
3712 						100000);
3713 #endif /* ANDROID */
3714 		interface_count++;
3715 	} else
3716 		wpa_supplicant_set_state(wpa_s, WPA_INACTIVE);
3717 
3718 	return 0;
3719 }
3720 
3721 
wpa_supplicant_daemon(const char * pid_file)3722 static int wpa_supplicant_daemon(const char *pid_file)
3723 {
3724 	wpa_printf(MSG_DEBUG, "Daemonize..");
3725 	return os_daemonize(pid_file);
3726 }
3727 
3728 
3729 static struct wpa_supplicant *
wpa_supplicant_alloc(struct wpa_supplicant * parent)3730 wpa_supplicant_alloc(struct wpa_supplicant *parent)
3731 {
3732 	struct wpa_supplicant *wpa_s;
3733 
3734 	wpa_s = os_zalloc(sizeof(*wpa_s));
3735 	if (wpa_s == NULL)
3736 		return NULL;
3737 	wpa_s->scan_req = INITIAL_SCAN_REQ;
3738 	wpa_s->scan_interval = 5;
3739 	wpa_s->new_connection = 1;
3740 	wpa_s->parent = parent ? parent : wpa_s;
3741 	wpa_s->p2pdev = wpa_s->parent;
3742 	wpa_s->sched_scanning = 0;
3743 
3744 	dl_list_init(&wpa_s->bss_tmp_disallowed);
3745 	dl_list_init(&wpa_s->fils_hlp_req);
3746 
3747 	return wpa_s;
3748 }
3749 
3750 
3751 #ifdef CONFIG_HT_OVERRIDES
3752 
wpa_set_htcap_mcs(struct wpa_supplicant * wpa_s,struct ieee80211_ht_capabilities * htcaps,struct ieee80211_ht_capabilities * htcaps_mask,const char * ht_mcs)3753 static int wpa_set_htcap_mcs(struct wpa_supplicant *wpa_s,
3754 			     struct ieee80211_ht_capabilities *htcaps,
3755 			     struct ieee80211_ht_capabilities *htcaps_mask,
3756 			     const char *ht_mcs)
3757 {
3758 	/* parse ht_mcs into hex array */
3759 	int i;
3760 	const char *tmp = ht_mcs;
3761 	char *end = NULL;
3762 
3763 	/* If ht_mcs is null, do not set anything */
3764 	if (!ht_mcs)
3765 		return 0;
3766 
3767 	/* This is what we are setting in the kernel */
3768 	os_memset(&htcaps->supported_mcs_set, 0, IEEE80211_HT_MCS_MASK_LEN);
3769 
3770 	wpa_msg(wpa_s, MSG_DEBUG, "set_htcap, ht_mcs -:%s:-", ht_mcs);
3771 
3772 	for (i = 0; i < IEEE80211_HT_MCS_MASK_LEN; i++) {
3773 		long v;
3774 
3775 		errno = 0;
3776 		v = strtol(tmp, &end, 16);
3777 
3778 		if (errno == 0) {
3779 			wpa_msg(wpa_s, MSG_DEBUG,
3780 				"htcap value[%i]: %ld end: %p  tmp: %p",
3781 				i, v, end, tmp);
3782 			if (end == tmp)
3783 				break;
3784 
3785 			htcaps->supported_mcs_set[i] = v;
3786 			tmp = end;
3787 		} else {
3788 			wpa_msg(wpa_s, MSG_ERROR,
3789 				"Failed to parse ht-mcs: %s, error: %s\n",
3790 				ht_mcs, strerror(errno));
3791 			return -1;
3792 		}
3793 	}
3794 
3795 	/*
3796 	 * If we were able to parse any values, then set mask for the MCS set.
3797 	 */
3798 	if (i) {
3799 		os_memset(&htcaps_mask->supported_mcs_set, 0xff,
3800 			  IEEE80211_HT_MCS_MASK_LEN - 1);
3801 		/* skip the 3 reserved bits */
3802 		htcaps_mask->supported_mcs_set[IEEE80211_HT_MCS_MASK_LEN - 1] =
3803 			0x1f;
3804 	}
3805 
3806 	return 0;
3807 }
3808 
3809 
wpa_disable_max_amsdu(struct wpa_supplicant * wpa_s,struct ieee80211_ht_capabilities * htcaps,struct ieee80211_ht_capabilities * htcaps_mask,int disabled)3810 static int wpa_disable_max_amsdu(struct wpa_supplicant *wpa_s,
3811 				 struct ieee80211_ht_capabilities *htcaps,
3812 				 struct ieee80211_ht_capabilities *htcaps_mask,
3813 				 int disabled)
3814 {
3815 	le16 msk;
3816 
3817 	wpa_msg(wpa_s, MSG_DEBUG, "set_disable_max_amsdu: %d", disabled);
3818 
3819 	if (disabled == -1)
3820 		return 0;
3821 
3822 	msk = host_to_le16(HT_CAP_INFO_MAX_AMSDU_SIZE);
3823 	htcaps_mask->ht_capabilities_info |= msk;
3824 	if (disabled)
3825 		htcaps->ht_capabilities_info &= msk;
3826 	else
3827 		htcaps->ht_capabilities_info |= msk;
3828 
3829 	return 0;
3830 }
3831 
3832 
wpa_set_ampdu_factor(struct wpa_supplicant * wpa_s,struct ieee80211_ht_capabilities * htcaps,struct ieee80211_ht_capabilities * htcaps_mask,int factor)3833 static int wpa_set_ampdu_factor(struct wpa_supplicant *wpa_s,
3834 				struct ieee80211_ht_capabilities *htcaps,
3835 				struct ieee80211_ht_capabilities *htcaps_mask,
3836 				int factor)
3837 {
3838 	wpa_msg(wpa_s, MSG_DEBUG, "set_ampdu_factor: %d", factor);
3839 
3840 	if (factor == -1)
3841 		return 0;
3842 
3843 	if (factor < 0 || factor > 3) {
3844 		wpa_msg(wpa_s, MSG_ERROR, "ampdu_factor: %d out of range. "
3845 			"Must be 0-3 or -1", factor);
3846 		return -EINVAL;
3847 	}
3848 
3849 	htcaps_mask->a_mpdu_params |= 0x3; /* 2 bits for factor */
3850 	htcaps->a_mpdu_params &= ~0x3;
3851 	htcaps->a_mpdu_params |= factor & 0x3;
3852 
3853 	return 0;
3854 }
3855 
3856 
wpa_set_ampdu_density(struct wpa_supplicant * wpa_s,struct ieee80211_ht_capabilities * htcaps,struct ieee80211_ht_capabilities * htcaps_mask,int density)3857 static int wpa_set_ampdu_density(struct wpa_supplicant *wpa_s,
3858 				 struct ieee80211_ht_capabilities *htcaps,
3859 				 struct ieee80211_ht_capabilities *htcaps_mask,
3860 				 int density)
3861 {
3862 	wpa_msg(wpa_s, MSG_DEBUG, "set_ampdu_density: %d", density);
3863 
3864 	if (density == -1)
3865 		return 0;
3866 
3867 	if (density < 0 || density > 7) {
3868 		wpa_msg(wpa_s, MSG_ERROR,
3869 			"ampdu_density: %d out of range. Must be 0-7 or -1.",
3870 			density);
3871 		return -EINVAL;
3872 	}
3873 
3874 	htcaps_mask->a_mpdu_params |= 0x1C;
3875 	htcaps->a_mpdu_params &= ~(0x1C);
3876 	htcaps->a_mpdu_params |= (density << 2) & 0x1C;
3877 
3878 	return 0;
3879 }
3880 
3881 
wpa_set_disable_ht40(struct wpa_supplicant * wpa_s,struct ieee80211_ht_capabilities * htcaps,struct ieee80211_ht_capabilities * htcaps_mask,int disabled)3882 static int wpa_set_disable_ht40(struct wpa_supplicant *wpa_s,
3883 				struct ieee80211_ht_capabilities *htcaps,
3884 				struct ieee80211_ht_capabilities *htcaps_mask,
3885 				int disabled)
3886 {
3887 	wpa_msg(wpa_s, MSG_DEBUG, "set_disable_ht40: %d", disabled);
3888 
3889 	set_disable_ht40(htcaps, disabled);
3890 	set_disable_ht40(htcaps_mask, 0);
3891 
3892 	return 0;
3893 }
3894 
3895 
wpa_set_disable_sgi(struct wpa_supplicant * wpa_s,struct ieee80211_ht_capabilities * htcaps,struct ieee80211_ht_capabilities * htcaps_mask,int disabled)3896 static int wpa_set_disable_sgi(struct wpa_supplicant *wpa_s,
3897 			       struct ieee80211_ht_capabilities *htcaps,
3898 			       struct ieee80211_ht_capabilities *htcaps_mask,
3899 			       int disabled)
3900 {
3901 	/* Masking these out disables SGI */
3902 	le16 msk = host_to_le16(HT_CAP_INFO_SHORT_GI20MHZ |
3903 				HT_CAP_INFO_SHORT_GI40MHZ);
3904 
3905 	wpa_msg(wpa_s, MSG_DEBUG, "set_disable_sgi: %d", disabled);
3906 
3907 	if (disabled)
3908 		htcaps->ht_capabilities_info &= ~msk;
3909 	else
3910 		htcaps->ht_capabilities_info |= msk;
3911 
3912 	htcaps_mask->ht_capabilities_info |= msk;
3913 
3914 	return 0;
3915 }
3916 
3917 
wpa_set_disable_ldpc(struct wpa_supplicant * wpa_s,struct ieee80211_ht_capabilities * htcaps,struct ieee80211_ht_capabilities * htcaps_mask,int disabled)3918 static int wpa_set_disable_ldpc(struct wpa_supplicant *wpa_s,
3919 			       struct ieee80211_ht_capabilities *htcaps,
3920 			       struct ieee80211_ht_capabilities *htcaps_mask,
3921 			       int disabled)
3922 {
3923 	/* Masking these out disables LDPC */
3924 	le16 msk = host_to_le16(HT_CAP_INFO_LDPC_CODING_CAP);
3925 
3926 	wpa_msg(wpa_s, MSG_DEBUG, "set_disable_ldpc: %d", disabled);
3927 
3928 	if (disabled)
3929 		htcaps->ht_capabilities_info &= ~msk;
3930 	else
3931 		htcaps->ht_capabilities_info |= msk;
3932 
3933 	htcaps_mask->ht_capabilities_info |= msk;
3934 
3935 	return 0;
3936 }
3937 
3938 
wpa_supplicant_apply_ht_overrides(struct wpa_supplicant * wpa_s,struct wpa_ssid * ssid,struct wpa_driver_associate_params * params)3939 void wpa_supplicant_apply_ht_overrides(
3940 	struct wpa_supplicant *wpa_s, struct wpa_ssid *ssid,
3941 	struct wpa_driver_associate_params *params)
3942 {
3943 	struct ieee80211_ht_capabilities *htcaps;
3944 	struct ieee80211_ht_capabilities *htcaps_mask;
3945 
3946 	if (!ssid)
3947 		return;
3948 
3949 	params->disable_ht = ssid->disable_ht;
3950 	if (!params->htcaps || !params->htcaps_mask)
3951 		return;
3952 
3953 	htcaps = (struct ieee80211_ht_capabilities *) params->htcaps;
3954 	htcaps_mask = (struct ieee80211_ht_capabilities *) params->htcaps_mask;
3955 	wpa_set_htcap_mcs(wpa_s, htcaps, htcaps_mask, ssid->ht_mcs);
3956 	wpa_disable_max_amsdu(wpa_s, htcaps, htcaps_mask,
3957 			      ssid->disable_max_amsdu);
3958 	wpa_set_ampdu_factor(wpa_s, htcaps, htcaps_mask, ssid->ampdu_factor);
3959 	wpa_set_ampdu_density(wpa_s, htcaps, htcaps_mask, ssid->ampdu_density);
3960 	wpa_set_disable_ht40(wpa_s, htcaps, htcaps_mask, ssid->disable_ht40);
3961 	wpa_set_disable_sgi(wpa_s, htcaps, htcaps_mask, ssid->disable_sgi);
3962 	wpa_set_disable_ldpc(wpa_s, htcaps, htcaps_mask, ssid->disable_ldpc);
3963 
3964 	if (ssid->ht40_intolerant) {
3965 		le16 bit = host_to_le16(HT_CAP_INFO_40MHZ_INTOLERANT);
3966 		htcaps->ht_capabilities_info |= bit;
3967 		htcaps_mask->ht_capabilities_info |= bit;
3968 	}
3969 }
3970 
3971 #endif /* CONFIG_HT_OVERRIDES */
3972 
3973 
3974 #ifdef CONFIG_VHT_OVERRIDES
wpa_supplicant_apply_vht_overrides(struct wpa_supplicant * wpa_s,struct wpa_ssid * ssid,struct wpa_driver_associate_params * params)3975 void wpa_supplicant_apply_vht_overrides(
3976 	struct wpa_supplicant *wpa_s, struct wpa_ssid *ssid,
3977 	struct wpa_driver_associate_params *params)
3978 {
3979 	struct ieee80211_vht_capabilities *vhtcaps;
3980 	struct ieee80211_vht_capabilities *vhtcaps_mask;
3981 
3982 	if (!ssid)
3983 		return;
3984 
3985 	params->disable_vht = ssid->disable_vht;
3986 
3987 	vhtcaps = (void *) params->vhtcaps;
3988 	vhtcaps_mask = (void *) params->vhtcaps_mask;
3989 
3990 	if (!vhtcaps || !vhtcaps_mask)
3991 		return;
3992 
3993 	vhtcaps->vht_capabilities_info = host_to_le32(ssid->vht_capa);
3994 	vhtcaps_mask->vht_capabilities_info = host_to_le32(ssid->vht_capa_mask);
3995 
3996 #ifdef CONFIG_HT_OVERRIDES
3997 	/* if max ampdu is <= 3, we have to make the HT cap the same */
3998 	if (ssid->vht_capa_mask & VHT_CAP_MAX_A_MPDU_LENGTH_EXPONENT_MAX) {
3999 		int max_ampdu;
4000 
4001 		max_ampdu = (ssid->vht_capa &
4002 			     VHT_CAP_MAX_A_MPDU_LENGTH_EXPONENT_MAX) >>
4003 			VHT_CAP_MAX_A_MPDU_LENGTH_EXPONENT_MAX_SHIFT;
4004 
4005 		max_ampdu = max_ampdu < 3 ? max_ampdu : 3;
4006 		wpa_set_ampdu_factor(wpa_s,
4007 				     (void *) params->htcaps,
4008 				     (void *) params->htcaps_mask,
4009 				     max_ampdu);
4010 	}
4011 #endif /* CONFIG_HT_OVERRIDES */
4012 
4013 #define OVERRIDE_MCS(i)							\
4014 	if (ssid->vht_tx_mcs_nss_ ##i >= 0) {				\
4015 		vhtcaps_mask->vht_supported_mcs_set.tx_map |=		\
4016 			host_to_le16(3 << 2 * (i - 1));			\
4017 		vhtcaps->vht_supported_mcs_set.tx_map |=		\
4018 			host_to_le16(ssid->vht_tx_mcs_nss_ ##i <<	\
4019 				     2 * (i - 1));			\
4020 	}								\
4021 	if (ssid->vht_rx_mcs_nss_ ##i >= 0) {				\
4022 		vhtcaps_mask->vht_supported_mcs_set.rx_map |=		\
4023 			host_to_le16(3 << 2 * (i - 1));			\
4024 		vhtcaps->vht_supported_mcs_set.rx_map |=		\
4025 			host_to_le16(ssid->vht_rx_mcs_nss_ ##i <<	\
4026 				     2 * (i - 1));			\
4027 	}
4028 
4029 	OVERRIDE_MCS(1);
4030 	OVERRIDE_MCS(2);
4031 	OVERRIDE_MCS(3);
4032 	OVERRIDE_MCS(4);
4033 	OVERRIDE_MCS(5);
4034 	OVERRIDE_MCS(6);
4035 	OVERRIDE_MCS(7);
4036 	OVERRIDE_MCS(8);
4037 }
4038 #endif /* CONFIG_VHT_OVERRIDES */
4039 
4040 
pcsc_reader_init(struct wpa_supplicant * wpa_s)4041 static int pcsc_reader_init(struct wpa_supplicant *wpa_s)
4042 {
4043 #ifdef PCSC_FUNCS
4044 	size_t len;
4045 
4046 	if (!wpa_s->conf->pcsc_reader)
4047 		return 0;
4048 
4049 	wpa_s->scard = scard_init(wpa_s->conf->pcsc_reader);
4050 	if (!wpa_s->scard)
4051 		return 1;
4052 
4053 	if (wpa_s->conf->pcsc_pin &&
4054 	    scard_set_pin(wpa_s->scard, wpa_s->conf->pcsc_pin) < 0) {
4055 		scard_deinit(wpa_s->scard);
4056 		wpa_s->scard = NULL;
4057 		wpa_msg(wpa_s, MSG_ERROR, "PC/SC PIN validation failed");
4058 		return -1;
4059 	}
4060 
4061 	len = sizeof(wpa_s->imsi) - 1;
4062 	if (scard_get_imsi(wpa_s->scard, wpa_s->imsi, &len)) {
4063 		scard_deinit(wpa_s->scard);
4064 		wpa_s->scard = NULL;
4065 		wpa_msg(wpa_s, MSG_ERROR, "Could not read IMSI");
4066 		return -1;
4067 	}
4068 	wpa_s->imsi[len] = '\0';
4069 
4070 	wpa_s->mnc_len = scard_get_mnc_len(wpa_s->scard);
4071 
4072 	wpa_printf(MSG_DEBUG, "SCARD: IMSI %s (MNC length %d)",
4073 		   wpa_s->imsi, wpa_s->mnc_len);
4074 
4075 	wpa_sm_set_scard_ctx(wpa_s->wpa, wpa_s->scard);
4076 	eapol_sm_register_scard_ctx(wpa_s->eapol, wpa_s->scard);
4077 #endif /* PCSC_FUNCS */
4078 
4079 	return 0;
4080 }
4081 
4082 
wpas_init_ext_pw(struct wpa_supplicant * wpa_s)4083 int wpas_init_ext_pw(struct wpa_supplicant *wpa_s)
4084 {
4085 	char *val, *pos;
4086 
4087 	ext_password_deinit(wpa_s->ext_pw);
4088 	wpa_s->ext_pw = NULL;
4089 	eapol_sm_set_ext_pw_ctx(wpa_s->eapol, NULL);
4090 
4091 	if (!wpa_s->conf->ext_password_backend)
4092 		return 0;
4093 
4094 	val = os_strdup(wpa_s->conf->ext_password_backend);
4095 	if (val == NULL)
4096 		return -1;
4097 	pos = os_strchr(val, ':');
4098 	if (pos)
4099 		*pos++ = '\0';
4100 
4101 	wpa_printf(MSG_DEBUG, "EXT PW: Initialize backend '%s'", val);
4102 
4103 	wpa_s->ext_pw = ext_password_init(val, pos);
4104 	os_free(val);
4105 	if (wpa_s->ext_pw == NULL) {
4106 		wpa_printf(MSG_DEBUG, "EXT PW: Failed to initialize backend");
4107 		return -1;
4108 	}
4109 	eapol_sm_set_ext_pw_ctx(wpa_s->eapol, wpa_s->ext_pw);
4110 
4111 	return 0;
4112 }
4113 
4114 
4115 #ifdef CONFIG_FST
4116 
wpas_fst_get_bssid_cb(void * ctx)4117 static const u8 * wpas_fst_get_bssid_cb(void *ctx)
4118 {
4119 	struct wpa_supplicant *wpa_s = ctx;
4120 
4121 	return (is_zero_ether_addr(wpa_s->bssid) ||
4122 		wpa_s->wpa_state != WPA_COMPLETED) ? NULL : wpa_s->bssid;
4123 }
4124 
4125 
wpas_fst_get_channel_info_cb(void * ctx,enum hostapd_hw_mode * hw_mode,u8 * channel)4126 static void wpas_fst_get_channel_info_cb(void *ctx,
4127 					 enum hostapd_hw_mode *hw_mode,
4128 					 u8 *channel)
4129 {
4130 	struct wpa_supplicant *wpa_s = ctx;
4131 
4132 	if (wpa_s->current_bss) {
4133 		*hw_mode = ieee80211_freq_to_chan(wpa_s->current_bss->freq,
4134 						  channel);
4135 	} else if (wpa_s->hw.num_modes) {
4136 		*hw_mode = wpa_s->hw.modes[0].mode;
4137 	} else {
4138 		WPA_ASSERT(0);
4139 		*hw_mode = 0;
4140 	}
4141 }
4142 
4143 
wpas_fst_get_hw_modes(void * ctx,struct hostapd_hw_modes ** modes)4144 static int wpas_fst_get_hw_modes(void *ctx, struct hostapd_hw_modes **modes)
4145 {
4146 	struct wpa_supplicant *wpa_s = ctx;
4147 
4148 	*modes = wpa_s->hw.modes;
4149 	return wpa_s->hw.num_modes;
4150 }
4151 
4152 
wpas_fst_set_ies_cb(void * ctx,const struct wpabuf * fst_ies)4153 static void wpas_fst_set_ies_cb(void *ctx, const struct wpabuf *fst_ies)
4154 {
4155 	struct wpa_supplicant *wpa_s = ctx;
4156 
4157 	wpa_hexdump_buf(MSG_DEBUG, "FST: Set IEs", fst_ies);
4158 	wpa_s->fst_ies = fst_ies;
4159 }
4160 
4161 
wpas_fst_send_action_cb(void * ctx,const u8 * da,struct wpabuf * data)4162 static int wpas_fst_send_action_cb(void *ctx, const u8 *da, struct wpabuf *data)
4163 {
4164 	struct wpa_supplicant *wpa_s = ctx;
4165 
4166 	if (os_memcmp(wpa_s->bssid, da, ETH_ALEN) != 0) {
4167 		wpa_printf(MSG_INFO, "FST:%s:bssid=" MACSTR " != da=" MACSTR,
4168 			   __func__, MAC2STR(wpa_s->bssid), MAC2STR(da));
4169 		return -1;
4170 	}
4171 	return wpa_drv_send_action(wpa_s, wpa_s->assoc_freq, 0, wpa_s->bssid,
4172 				   wpa_s->own_addr, wpa_s->bssid,
4173 				   wpabuf_head(data), wpabuf_len(data),
4174 				   0);
4175 }
4176 
4177 
wpas_fst_get_mb_ie_cb(void * ctx,const u8 * addr)4178 static const struct wpabuf * wpas_fst_get_mb_ie_cb(void *ctx, const u8 *addr)
4179 {
4180 	struct wpa_supplicant *wpa_s = ctx;
4181 
4182 	WPA_ASSERT(os_memcmp(wpa_s->bssid, addr, ETH_ALEN) == 0);
4183 	return wpa_s->received_mb_ies;
4184 }
4185 
4186 
wpas_fst_update_mb_ie_cb(void * ctx,const u8 * addr,const u8 * buf,size_t size)4187 static void wpas_fst_update_mb_ie_cb(void *ctx, const u8 *addr,
4188 				     const u8 *buf, size_t size)
4189 {
4190 	struct wpa_supplicant *wpa_s = ctx;
4191 	struct mb_ies_info info;
4192 
4193 	WPA_ASSERT(os_memcmp(wpa_s->bssid, addr, ETH_ALEN) == 0);
4194 
4195 	if (!mb_ies_info_by_ies(&info, buf, size)) {
4196 		wpabuf_free(wpa_s->received_mb_ies);
4197 		wpa_s->received_mb_ies = mb_ies_by_info(&info);
4198 	}
4199 }
4200 
4201 
wpas_fst_get_peer_first(void * ctx,struct fst_get_peer_ctx ** get_ctx,Boolean mb_only)4202 static const u8 * wpas_fst_get_peer_first(void *ctx,
4203 					  struct fst_get_peer_ctx **get_ctx,
4204 					  Boolean mb_only)
4205 {
4206 	struct wpa_supplicant *wpa_s = ctx;
4207 
4208 	*get_ctx = NULL;
4209 	if (!is_zero_ether_addr(wpa_s->bssid))
4210 		return (wpa_s->received_mb_ies || !mb_only) ?
4211 			wpa_s->bssid : NULL;
4212 	return NULL;
4213 }
4214 
4215 
wpas_fst_get_peer_next(void * ctx,struct fst_get_peer_ctx ** get_ctx,Boolean mb_only)4216 static const u8 * wpas_fst_get_peer_next(void *ctx,
4217 					 struct fst_get_peer_ctx **get_ctx,
4218 					 Boolean mb_only)
4219 {
4220 	return NULL;
4221 }
4222 
fst_wpa_supplicant_fill_iface_obj(struct wpa_supplicant * wpa_s,struct fst_wpa_obj * iface_obj)4223 void fst_wpa_supplicant_fill_iface_obj(struct wpa_supplicant *wpa_s,
4224 				       struct fst_wpa_obj *iface_obj)
4225 {
4226 	iface_obj->ctx              = wpa_s;
4227 	iface_obj->get_bssid        = wpas_fst_get_bssid_cb;
4228 	iface_obj->get_channel_info = wpas_fst_get_channel_info_cb;
4229 	iface_obj->get_hw_modes     = wpas_fst_get_hw_modes;
4230 	iface_obj->set_ies          = wpas_fst_set_ies_cb;
4231 	iface_obj->send_action      = wpas_fst_send_action_cb;
4232 	iface_obj->get_mb_ie        = wpas_fst_get_mb_ie_cb;
4233 	iface_obj->update_mb_ie     = wpas_fst_update_mb_ie_cb;
4234 	iface_obj->get_peer_first   = wpas_fst_get_peer_first;
4235 	iface_obj->get_peer_next    = wpas_fst_get_peer_next;
4236 }
4237 #endif /* CONFIG_FST */
4238 
wpas_set_wowlan_triggers(struct wpa_supplicant * wpa_s,const struct wpa_driver_capa * capa)4239 static int wpas_set_wowlan_triggers(struct wpa_supplicant *wpa_s,
4240 				    const struct wpa_driver_capa *capa)
4241 {
4242 	struct wowlan_triggers *triggers;
4243 	int ret = 0;
4244 
4245 	if (!wpa_s->conf->wowlan_triggers)
4246 		return 0;
4247 
4248 	triggers = wpa_get_wowlan_triggers(wpa_s->conf->wowlan_triggers, capa);
4249 	if (triggers) {
4250 		ret = wpa_drv_wowlan(wpa_s, triggers);
4251 		os_free(triggers);
4252 	}
4253 	return ret;
4254 }
4255 
4256 
wpas_freq_to_band(int freq)4257 enum wpa_radio_work_band wpas_freq_to_band(int freq)
4258 {
4259 	if (freq < 3000)
4260 		return BAND_2_4_GHZ;
4261 	if (freq > 50000)
4262 		return BAND_60_GHZ;
4263 	return BAND_5_GHZ;
4264 }
4265 
4266 
wpas_get_bands(struct wpa_supplicant * wpa_s,const int * freqs)4267 unsigned int wpas_get_bands(struct wpa_supplicant *wpa_s, const int *freqs)
4268 {
4269 	int i;
4270 	unsigned int band = 0;
4271 
4272 	if (freqs) {
4273 		/* freqs are specified for the radio work */
4274 		for (i = 0; freqs[i]; i++)
4275 			band |= wpas_freq_to_band(freqs[i]);
4276 	} else {
4277 		/*
4278 		 * freqs are not specified, implies all
4279 		 * the supported freqs by HW
4280 		 */
4281 		for (i = 0; i < wpa_s->hw.num_modes; i++) {
4282 			if (wpa_s->hw.modes[i].num_channels != 0) {
4283 				if (wpa_s->hw.modes[i].mode ==
4284 				    HOSTAPD_MODE_IEEE80211B ||
4285 				    wpa_s->hw.modes[i].mode ==
4286 				    HOSTAPD_MODE_IEEE80211G)
4287 					band |= BAND_2_4_GHZ;
4288 				else if (wpa_s->hw.modes[i].mode ==
4289 					 HOSTAPD_MODE_IEEE80211A)
4290 					band |= BAND_5_GHZ;
4291 				else if (wpa_s->hw.modes[i].mode ==
4292 					 HOSTAPD_MODE_IEEE80211AD)
4293 					band |= BAND_60_GHZ;
4294 				else if (wpa_s->hw.modes[i].mode ==
4295 					 HOSTAPD_MODE_IEEE80211ANY)
4296 					band = BAND_2_4_GHZ | BAND_5_GHZ |
4297 						BAND_60_GHZ;
4298 			}
4299 		}
4300 	}
4301 
4302 	return band;
4303 }
4304 
4305 
radio_add_interface(struct wpa_supplicant * wpa_s,const char * rn)4306 static struct wpa_radio * radio_add_interface(struct wpa_supplicant *wpa_s,
4307 					      const char *rn)
4308 {
4309 	struct wpa_supplicant *iface = wpa_s->global->ifaces;
4310 	struct wpa_radio *radio;
4311 
4312 	while (rn && iface) {
4313 		radio = iface->radio;
4314 		if (radio && os_strcmp(rn, radio->name) == 0) {
4315 			wpa_printf(MSG_DEBUG, "Add interface %s to existing radio %s",
4316 				   wpa_s->ifname, rn);
4317 			dl_list_add(&radio->ifaces, &wpa_s->radio_list);
4318 			return radio;
4319 		}
4320 
4321 		iface = iface->next;
4322 	}
4323 
4324 	wpa_printf(MSG_DEBUG, "Add interface %s to a new radio %s",
4325 		   wpa_s->ifname, rn ? rn : "N/A");
4326 	radio = os_zalloc(sizeof(*radio));
4327 	if (radio == NULL)
4328 		return NULL;
4329 
4330 	if (rn)
4331 		os_strlcpy(radio->name, rn, sizeof(radio->name));
4332 	dl_list_init(&radio->ifaces);
4333 	dl_list_init(&radio->work);
4334 	dl_list_add(&radio->ifaces, &wpa_s->radio_list);
4335 
4336 	return radio;
4337 }
4338 
4339 
radio_work_free(struct wpa_radio_work * work)4340 static void radio_work_free(struct wpa_radio_work *work)
4341 {
4342 	if (work->wpa_s->scan_work == work) {
4343 		/* This should not really happen. */
4344 		wpa_dbg(work->wpa_s, MSG_INFO, "Freeing radio work '%s'@%p (started=%d) that is marked as scan_work",
4345 			work->type, work, work->started);
4346 		work->wpa_s->scan_work = NULL;
4347 	}
4348 
4349 #ifdef CONFIG_P2P
4350 	if (work->wpa_s->p2p_scan_work == work) {
4351 		/* This should not really happen. */
4352 		wpa_dbg(work->wpa_s, MSG_INFO, "Freeing radio work '%s'@%p (started=%d) that is marked as p2p_scan_work",
4353 			work->type, work, work->started);
4354 		work->wpa_s->p2p_scan_work = NULL;
4355 	}
4356 #endif /* CONFIG_P2P */
4357 
4358 	if (work->started) {
4359 		work->wpa_s->radio->num_active_works--;
4360 		wpa_dbg(work->wpa_s, MSG_DEBUG,
4361 			"radio_work_free('%s'@%p: num_active_works --> %u",
4362 			work->type, work,
4363 			work->wpa_s->radio->num_active_works);
4364 	}
4365 
4366 	dl_list_del(&work->list);
4367 	os_free(work);
4368 }
4369 
4370 
radio_work_is_connect(struct wpa_radio_work * work)4371 static int radio_work_is_connect(struct wpa_radio_work *work)
4372 {
4373 	return os_strcmp(work->type, "sme-connect") == 0 ||
4374 		os_strcmp(work->type, "connect") == 0;
4375 }
4376 
4377 
radio_work_is_scan(struct wpa_radio_work * work)4378 static int radio_work_is_scan(struct wpa_radio_work *work)
4379 {
4380 	return os_strcmp(work->type, "scan") == 0 ||
4381 		os_strcmp(work->type, "p2p-scan") == 0;
4382 }
4383 
4384 
radio_work_get_next_work(struct wpa_radio * radio)4385 static struct wpa_radio_work * radio_work_get_next_work(struct wpa_radio *radio)
4386 {
4387 	struct wpa_radio_work *active_work = NULL;
4388 	struct wpa_radio_work *tmp;
4389 
4390 	/* Get the active work to know the type and band. */
4391 	dl_list_for_each(tmp, &radio->work, struct wpa_radio_work, list) {
4392 		if (tmp->started) {
4393 			active_work = tmp;
4394 			break;
4395 		}
4396 	}
4397 
4398 	if (!active_work) {
4399 		/* No active work, start one */
4400 		radio->num_active_works = 0;
4401 		dl_list_for_each(tmp, &radio->work, struct wpa_radio_work,
4402 				 list) {
4403 			if (os_strcmp(tmp->type, "scan") == 0 &&
4404 			    radio->external_scan_running &&
4405 			    (((struct wpa_driver_scan_params *)
4406 			      tmp->ctx)->only_new_results ||
4407 			     tmp->wpa_s->clear_driver_scan_cache))
4408 				continue;
4409 			return tmp;
4410 		}
4411 		return NULL;
4412 	}
4413 
4414 	if (radio_work_is_connect(active_work)) {
4415 		/*
4416 		 * If the active work is either connect or sme-connect,
4417 		 * do not parallelize them with other radio works.
4418 		 */
4419 		wpa_dbg(active_work->wpa_s, MSG_DEBUG,
4420 			"Do not parallelize radio work with %s",
4421 			active_work->type);
4422 		return NULL;
4423 	}
4424 
4425 	dl_list_for_each(tmp, &radio->work, struct wpa_radio_work, list) {
4426 		if (tmp->started)
4427 			continue;
4428 
4429 		/*
4430 		 * If connect or sme-connect are enqueued, parallelize only
4431 		 * those operations ahead of them in the queue.
4432 		 */
4433 		if (radio_work_is_connect(tmp))
4434 			break;
4435 
4436 		/* Serialize parallel scan and p2p_scan operations on the same
4437 		 * interface since the driver_nl80211 mechanism for tracking
4438 		 * scan cookies does not yet have support for this. */
4439 		if (active_work->wpa_s == tmp->wpa_s &&
4440 		    radio_work_is_scan(active_work) &&
4441 		    radio_work_is_scan(tmp)) {
4442 			wpa_dbg(active_work->wpa_s, MSG_DEBUG,
4443 				"Do not start work '%s' when another work '%s' is already scheduled",
4444 				tmp->type, active_work->type);
4445 			continue;
4446 		}
4447 		/*
4448 		 * Check that the radio works are distinct and
4449 		 * on different bands.
4450 		 */
4451 		if (os_strcmp(active_work->type, tmp->type) != 0 &&
4452 		    (active_work->bands != tmp->bands)) {
4453 			/*
4454 			 * If a scan has to be scheduled through nl80211 scan
4455 			 * interface and if an external scan is already running,
4456 			 * do not schedule the scan since it is likely to get
4457 			 * rejected by kernel.
4458 			 */
4459 			if (os_strcmp(tmp->type, "scan") == 0 &&
4460 			    radio->external_scan_running &&
4461 			    (((struct wpa_driver_scan_params *)
4462 			      tmp->ctx)->only_new_results ||
4463 			     tmp->wpa_s->clear_driver_scan_cache))
4464 				continue;
4465 
4466 			wpa_dbg(active_work->wpa_s, MSG_DEBUG,
4467 				"active_work:%s new_work:%s",
4468 				active_work->type, tmp->type);
4469 			return tmp;
4470 		}
4471 	}
4472 
4473 	/* Did not find a radio work to schedule in parallel. */
4474 	return NULL;
4475 }
4476 
4477 
radio_start_next_work(void * eloop_ctx,void * timeout_ctx)4478 static void radio_start_next_work(void *eloop_ctx, void *timeout_ctx)
4479 {
4480 	struct wpa_radio *radio = eloop_ctx;
4481 	struct wpa_radio_work *work;
4482 	struct os_reltime now, diff;
4483 	struct wpa_supplicant *wpa_s;
4484 
4485 	work = dl_list_first(&radio->work, struct wpa_radio_work, list);
4486 	if (work == NULL) {
4487 		radio->num_active_works = 0;
4488 		return;
4489 	}
4490 
4491 	wpa_s = dl_list_first(&radio->ifaces, struct wpa_supplicant,
4492 			      radio_list);
4493 
4494 	if (!(wpa_s &&
4495 	      wpa_s->drv_flags & WPA_DRIVER_FLAGS_OFFCHANNEL_SIMULTANEOUS)) {
4496 		if (work->started)
4497 			return; /* already started and still in progress */
4498 
4499 		if (wpa_s && wpa_s->radio->external_scan_running) {
4500 			wpa_printf(MSG_DEBUG, "Delay radio work start until externally triggered scan completes");
4501 			return;
4502 		}
4503 	} else {
4504 		work = NULL;
4505 		if (radio->num_active_works < MAX_ACTIVE_WORKS) {
4506 			/* get the work to schedule next */
4507 			work = radio_work_get_next_work(radio);
4508 		}
4509 		if (!work)
4510 			return;
4511 	}
4512 
4513 	wpa_s = work->wpa_s;
4514 	os_get_reltime(&now);
4515 	os_reltime_sub(&now, &work->time, &diff);
4516 	wpa_dbg(wpa_s, MSG_DEBUG,
4517 		"Starting radio work '%s'@%p after %ld.%06ld second wait",
4518 		work->type, work, diff.sec, diff.usec);
4519 	work->started = 1;
4520 	work->time = now;
4521 	radio->num_active_works++;
4522 
4523 	work->cb(work, 0);
4524 
4525 	if ((wpa_s->drv_flags & WPA_DRIVER_FLAGS_OFFCHANNEL_SIMULTANEOUS) &&
4526 	    radio->num_active_works < MAX_ACTIVE_WORKS)
4527 		radio_work_check_next(wpa_s);
4528 }
4529 
4530 
4531 /*
4532  * This function removes both started and pending radio works running on
4533  * the provided interface's radio.
4534  * Prior to the removal of the radio work, its callback (cb) is called with
4535  * deinit set to be 1. Each work's callback is responsible for clearing its
4536  * internal data and restoring to a correct state.
4537  * @wpa_s: wpa_supplicant data
4538  * @type: type of works to be removed
4539  * @remove_all: 1 to remove all the works on this radio, 0 to remove only
4540  * this interface's works.
4541  */
radio_remove_works(struct wpa_supplicant * wpa_s,const char * type,int remove_all)4542 void radio_remove_works(struct wpa_supplicant *wpa_s,
4543 			const char *type, int remove_all)
4544 {
4545 	struct wpa_radio_work *work, *tmp;
4546 	struct wpa_radio *radio = wpa_s->radio;
4547 
4548 	dl_list_for_each_safe(work, tmp, &radio->work, struct wpa_radio_work,
4549 			      list) {
4550 		if (type && os_strcmp(type, work->type) != 0)
4551 			continue;
4552 
4553 		/* skip other ifaces' works */
4554 		if (!remove_all && work->wpa_s != wpa_s)
4555 			continue;
4556 
4557 		wpa_dbg(wpa_s, MSG_DEBUG, "Remove radio work '%s'@%p%s",
4558 			work->type, work, work->started ? " (started)" : "");
4559 		work->cb(work, 1);
4560 		radio_work_free(work);
4561 	}
4562 
4563 	/* in case we removed the started work */
4564 	radio_work_check_next(wpa_s);
4565 }
4566 
4567 
radio_remove_interface(struct wpa_supplicant * wpa_s)4568 static void radio_remove_interface(struct wpa_supplicant *wpa_s)
4569 {
4570 	struct wpa_radio *radio = wpa_s->radio;
4571 
4572 	if (!radio)
4573 		return;
4574 
4575 	wpa_printf(MSG_DEBUG, "Remove interface %s from radio %s",
4576 		   wpa_s->ifname, radio->name);
4577 	dl_list_del(&wpa_s->radio_list);
4578 	radio_remove_works(wpa_s, NULL, 0);
4579 	wpa_s->radio = NULL;
4580 	if (!dl_list_empty(&radio->ifaces))
4581 		return; /* Interfaces remain for this radio */
4582 
4583 	wpa_printf(MSG_DEBUG, "Remove radio %s", radio->name);
4584 	eloop_cancel_timeout(radio_start_next_work, radio, NULL);
4585 	os_free(radio);
4586 }
4587 
4588 
radio_work_check_next(struct wpa_supplicant * wpa_s)4589 void radio_work_check_next(struct wpa_supplicant *wpa_s)
4590 {
4591 	struct wpa_radio *radio = wpa_s->radio;
4592 
4593 	if (dl_list_empty(&radio->work))
4594 		return;
4595 	if (wpa_s->ext_work_in_progress) {
4596 		wpa_printf(MSG_DEBUG,
4597 			   "External radio work in progress - delay start of pending item");
4598 		return;
4599 	}
4600 	eloop_cancel_timeout(radio_start_next_work, radio, NULL);
4601 	eloop_register_timeout(0, 0, radio_start_next_work, radio, NULL);
4602 }
4603 
4604 
4605 /**
4606  * radio_add_work - Add a radio work item
4607  * @wpa_s: Pointer to wpa_supplicant data
4608  * @freq: Frequency of the offchannel operation in MHz or 0
4609  * @type: Unique identifier for each type of work
4610  * @next: Force as the next work to be executed
4611  * @cb: Callback function for indicating when radio is available
4612  * @ctx: Context pointer for the work (work->ctx in cb())
4613  * Returns: 0 on success, -1 on failure
4614  *
4615  * This function is used to request time for an operation that requires
4616  * exclusive radio control. Once the radio is available, the registered callback
4617  * function will be called. radio_work_done() must be called once the exclusive
4618  * radio operation has been completed, so that the radio is freed for other
4619  * operations. The special case of deinit=1 is used to free the context data
4620  * during interface removal. That does not allow the callback function to start
4621  * the radio operation, i.e., it must free any resources allocated for the radio
4622  * work and return.
4623  *
4624  * The @freq parameter can be used to indicate a single channel on which the
4625  * offchannel operation will occur. This may allow multiple radio work
4626  * operations to be performed in parallel if they apply for the same channel.
4627  * Setting this to 0 indicates that the work item may use multiple channels or
4628  * requires exclusive control of the radio.
4629  */
radio_add_work(struct wpa_supplicant * wpa_s,unsigned int freq,const char * type,int next,void (* cb)(struct wpa_radio_work * work,int deinit),void * ctx)4630 int radio_add_work(struct wpa_supplicant *wpa_s, unsigned int freq,
4631 		   const char *type, int next,
4632 		   void (*cb)(struct wpa_radio_work *work, int deinit),
4633 		   void *ctx)
4634 {
4635 	struct wpa_radio *radio = wpa_s->radio;
4636 	struct wpa_radio_work *work;
4637 	int was_empty;
4638 
4639 	work = os_zalloc(sizeof(*work));
4640 	if (work == NULL)
4641 		return -1;
4642 	wpa_dbg(wpa_s, MSG_DEBUG, "Add radio work '%s'@%p", type, work);
4643 	os_get_reltime(&work->time);
4644 	work->freq = freq;
4645 	work->type = type;
4646 	work->wpa_s = wpa_s;
4647 	work->cb = cb;
4648 	work->ctx = ctx;
4649 
4650 	if (freq)
4651 		work->bands = wpas_freq_to_band(freq);
4652 	else if (os_strcmp(type, "scan") == 0 ||
4653 		 os_strcmp(type, "p2p-scan") == 0)
4654 		work->bands = wpas_get_bands(wpa_s,
4655 					     ((struct wpa_driver_scan_params *)
4656 					      ctx)->freqs);
4657 	else
4658 		work->bands = wpas_get_bands(wpa_s, NULL);
4659 
4660 	was_empty = dl_list_empty(&wpa_s->radio->work);
4661 	if (next)
4662 		dl_list_add(&wpa_s->radio->work, &work->list);
4663 	else
4664 		dl_list_add_tail(&wpa_s->radio->work, &work->list);
4665 	if (was_empty) {
4666 		wpa_dbg(wpa_s, MSG_DEBUG, "First radio work item in the queue - schedule start immediately");
4667 		radio_work_check_next(wpa_s);
4668 	} else if ((wpa_s->drv_flags & WPA_DRIVER_FLAGS_OFFCHANNEL_SIMULTANEOUS)
4669 		   && radio->num_active_works < MAX_ACTIVE_WORKS) {
4670 		wpa_dbg(wpa_s, MSG_DEBUG,
4671 			"Try to schedule a radio work (num_active_works=%u)",
4672 			radio->num_active_works);
4673 		radio_work_check_next(wpa_s);
4674 	}
4675 
4676 	return 0;
4677 }
4678 
4679 
4680 /**
4681  * radio_work_done - Indicate that a radio work item has been completed
4682  * @work: Completed work
4683  *
4684  * This function is called once the callback function registered with
4685  * radio_add_work() has completed its work.
4686  */
radio_work_done(struct wpa_radio_work * work)4687 void radio_work_done(struct wpa_radio_work *work)
4688 {
4689 	struct wpa_supplicant *wpa_s = work->wpa_s;
4690 	struct os_reltime now, diff;
4691 	unsigned int started = work->started;
4692 
4693 	os_get_reltime(&now);
4694 	os_reltime_sub(&now, &work->time, &diff);
4695 	wpa_dbg(wpa_s, MSG_DEBUG, "Radio work '%s'@%p %s in %ld.%06ld seconds",
4696 		work->type, work, started ? "done" : "canceled",
4697 		diff.sec, diff.usec);
4698 	radio_work_free(work);
4699 	if (started)
4700 		radio_work_check_next(wpa_s);
4701 }
4702 
4703 
4704 struct wpa_radio_work *
radio_work_pending(struct wpa_supplicant * wpa_s,const char * type)4705 radio_work_pending(struct wpa_supplicant *wpa_s, const char *type)
4706 {
4707 	struct wpa_radio_work *work;
4708 	struct wpa_radio *radio = wpa_s->radio;
4709 
4710 	dl_list_for_each(work, &radio->work, struct wpa_radio_work, list) {
4711 		if (work->wpa_s == wpa_s && os_strcmp(work->type, type) == 0)
4712 			return work;
4713 	}
4714 
4715 	return NULL;
4716 }
4717 
4718 
wpas_init_driver(struct wpa_supplicant * wpa_s,struct wpa_interface * iface)4719 static int wpas_init_driver(struct wpa_supplicant *wpa_s,
4720 			    struct wpa_interface *iface)
4721 {
4722 	const char *ifname, *driver, *rn;
4723 
4724 	driver = iface->driver;
4725 next_driver:
4726 	if (wpa_supplicant_set_driver(wpa_s, driver) < 0)
4727 		return -1;
4728 
4729 	wpa_s->drv_priv = wpa_drv_init(wpa_s, wpa_s->ifname);
4730 	if (wpa_s->drv_priv == NULL) {
4731 		const char *pos;
4732 		pos = driver ? os_strchr(driver, ',') : NULL;
4733 		if (pos) {
4734 			wpa_dbg(wpa_s, MSG_DEBUG, "Failed to initialize "
4735 				"driver interface - try next driver wrapper");
4736 			driver = pos + 1;
4737 			goto next_driver;
4738 		}
4739 		wpa_msg(wpa_s, MSG_ERROR, "Failed to initialize driver "
4740 			"interface");
4741 		return -1;
4742 	}
4743 	if (wpa_drv_set_param(wpa_s, wpa_s->conf->driver_param) < 0) {
4744 		wpa_msg(wpa_s, MSG_ERROR, "Driver interface rejected "
4745 			"driver_param '%s'", wpa_s->conf->driver_param);
4746 		return -1;
4747 	}
4748 
4749 	ifname = wpa_drv_get_ifname(wpa_s);
4750 	if (ifname && os_strcmp(ifname, wpa_s->ifname) != 0) {
4751 		wpa_dbg(wpa_s, MSG_DEBUG, "Driver interface replaced "
4752 			"interface name with '%s'", ifname);
4753 		os_strlcpy(wpa_s->ifname, ifname, sizeof(wpa_s->ifname));
4754 	}
4755 
4756 	rn = wpa_driver_get_radio_name(wpa_s);
4757 	if (rn && rn[0] == '\0')
4758 		rn = NULL;
4759 
4760 	wpa_s->radio = radio_add_interface(wpa_s, rn);
4761 	if (wpa_s->radio == NULL)
4762 		return -1;
4763 
4764 	return 0;
4765 }
4766 
4767 
wpa_supplicant_init_iface(struct wpa_supplicant * wpa_s,struct wpa_interface * iface)4768 static int wpa_supplicant_init_iface(struct wpa_supplicant *wpa_s,
4769 				     struct wpa_interface *iface)
4770 {
4771 	struct wpa_driver_capa capa;
4772 	int capa_res;
4773 
4774 	wpa_printf(MSG_DEBUG, "Initializing interface '%s' conf '%s' driver "
4775 		   "'%s' ctrl_interface '%s' bridge '%s'", iface->ifname,
4776 		   iface->confname ? iface->confname : "N/A",
4777 		   iface->driver ? iface->driver : "default",
4778 		   iface->ctrl_interface ? iface->ctrl_interface : "N/A",
4779 		   iface->bridge_ifname ? iface->bridge_ifname : "N/A");
4780 
4781 	if (iface->confname) {
4782 #ifdef CONFIG_BACKEND_FILE
4783 		wpa_s->confname = os_rel2abs_path(iface->confname);
4784 		if (wpa_s->confname == NULL) {
4785 			wpa_printf(MSG_ERROR, "Failed to get absolute path "
4786 				   "for configuration file '%s'.",
4787 				   iface->confname);
4788 			return -1;
4789 		}
4790 		wpa_printf(MSG_DEBUG, "Configuration file '%s' -> '%s'",
4791 			   iface->confname, wpa_s->confname);
4792 #else /* CONFIG_BACKEND_FILE */
4793 		wpa_s->confname = os_strdup(iface->confname);
4794 #endif /* CONFIG_BACKEND_FILE */
4795 		wpa_s->conf = wpa_config_read(wpa_s->confname, NULL);
4796 		if (wpa_s->conf == NULL) {
4797 			wpa_printf(MSG_ERROR, "Failed to read or parse "
4798 				   "configuration '%s'.", wpa_s->confname);
4799 			return -1;
4800 		}
4801 		wpa_s->confanother = os_rel2abs_path(iface->confanother);
4802 		wpa_config_read(wpa_s->confanother, wpa_s->conf);
4803 
4804 		/*
4805 		 * Override ctrl_interface and driver_param if set on command
4806 		 * line.
4807 		 */
4808 		if (iface->ctrl_interface) {
4809 			os_free(wpa_s->conf->ctrl_interface);
4810 			wpa_s->conf->ctrl_interface =
4811 				os_strdup(iface->ctrl_interface);
4812 		}
4813 
4814 		if (iface->driver_param) {
4815 			os_free(wpa_s->conf->driver_param);
4816 			wpa_s->conf->driver_param =
4817 				os_strdup(iface->driver_param);
4818 		}
4819 
4820 		if (iface->p2p_mgmt && !iface->ctrl_interface) {
4821 			os_free(wpa_s->conf->ctrl_interface);
4822 			wpa_s->conf->ctrl_interface = NULL;
4823 		}
4824 	} else
4825 		wpa_s->conf = wpa_config_alloc_empty(iface->ctrl_interface,
4826 						     iface->driver_param);
4827 
4828 	if (wpa_s->conf == NULL) {
4829 		wpa_printf(MSG_ERROR, "\nNo configuration found.");
4830 		return -1;
4831 	}
4832 
4833 	if (iface->ifname == NULL) {
4834 		wpa_printf(MSG_ERROR, "\nInterface name is required.");
4835 		return -1;
4836 	}
4837 	if (os_strlen(iface->ifname) >= sizeof(wpa_s->ifname)) {
4838 		wpa_printf(MSG_ERROR, "\nToo long interface name '%s'.",
4839 			   iface->ifname);
4840 		return -1;
4841 	}
4842 	os_strlcpy(wpa_s->ifname, iface->ifname, sizeof(wpa_s->ifname));
4843 
4844 	if (iface->bridge_ifname) {
4845 		if (os_strlen(iface->bridge_ifname) >=
4846 		    sizeof(wpa_s->bridge_ifname)) {
4847 			wpa_printf(MSG_ERROR, "\nToo long bridge interface "
4848 				   "name '%s'.", iface->bridge_ifname);
4849 			return -1;
4850 		}
4851 		os_strlcpy(wpa_s->bridge_ifname, iface->bridge_ifname,
4852 			   sizeof(wpa_s->bridge_ifname));
4853 	}
4854 
4855 	/* RSNA Supplicant Key Management - INITIALIZE */
4856 	eapol_sm_notify_portEnabled(wpa_s->eapol, FALSE);
4857 	eapol_sm_notify_portValid(wpa_s->eapol, FALSE);
4858 
4859 	/* Initialize driver interface and register driver event handler before
4860 	 * L2 receive handler so that association events are processed before
4861 	 * EAPOL-Key packets if both become available for the same select()
4862 	 * call. */
4863 	if (wpas_init_driver(wpa_s, iface) < 0)
4864 		return -1;
4865 
4866 	if (wpa_supplicant_init_wpa(wpa_s) < 0)
4867 		return -1;
4868 
4869 	wpa_sm_set_ifname(wpa_s->wpa, wpa_s->ifname,
4870 			  wpa_s->bridge_ifname[0] ? wpa_s->bridge_ifname :
4871 			  NULL);
4872 	wpa_sm_set_fast_reauth(wpa_s->wpa, wpa_s->conf->fast_reauth);
4873 
4874 	if (wpa_s->conf->dot11RSNAConfigPMKLifetime &&
4875 	    wpa_sm_set_param(wpa_s->wpa, RSNA_PMK_LIFETIME,
4876 			     wpa_s->conf->dot11RSNAConfigPMKLifetime)) {
4877 		wpa_msg(wpa_s, MSG_ERROR, "Invalid WPA parameter value for "
4878 			"dot11RSNAConfigPMKLifetime");
4879 		return -1;
4880 	}
4881 
4882 	if (wpa_s->conf->dot11RSNAConfigPMKReauthThreshold &&
4883 	    wpa_sm_set_param(wpa_s->wpa, RSNA_PMK_REAUTH_THRESHOLD,
4884 			     wpa_s->conf->dot11RSNAConfigPMKReauthThreshold)) {
4885 		wpa_msg(wpa_s, MSG_ERROR, "Invalid WPA parameter value for "
4886 			"dot11RSNAConfigPMKReauthThreshold");
4887 		return -1;
4888 	}
4889 
4890 	if (wpa_s->conf->dot11RSNAConfigSATimeout &&
4891 	    wpa_sm_set_param(wpa_s->wpa, RSNA_SA_TIMEOUT,
4892 			     wpa_s->conf->dot11RSNAConfigSATimeout)) {
4893 		wpa_msg(wpa_s, MSG_ERROR, "Invalid WPA parameter value for "
4894 			"dot11RSNAConfigSATimeout");
4895 		return -1;
4896 	}
4897 
4898 	wpa_s->hw.modes = wpa_drv_get_hw_feature_data(wpa_s,
4899 						      &wpa_s->hw.num_modes,
4900 						      &wpa_s->hw.flags);
4901 	if (wpa_s->hw.modes) {
4902 		u16 i;
4903 
4904 		for (i = 0; i < wpa_s->hw.num_modes; i++) {
4905 			if (wpa_s->hw.modes[i].vht_capab) {
4906 				wpa_s->hw_capab = CAPAB_VHT;
4907 				break;
4908 			}
4909 
4910 			if (wpa_s->hw.modes[i].ht_capab &
4911 			    HT_CAP_INFO_SUPP_CHANNEL_WIDTH_SET)
4912 				wpa_s->hw_capab = CAPAB_HT40;
4913 			else if (wpa_s->hw.modes[i].ht_capab &&
4914 				 wpa_s->hw_capab == CAPAB_NO_HT_VHT)
4915 				wpa_s->hw_capab = CAPAB_HT;
4916 		}
4917 	}
4918 
4919 	capa_res = wpa_drv_get_capa(wpa_s, &capa);
4920 	if (capa_res == 0) {
4921 		wpa_s->drv_capa_known = 1;
4922 		wpa_s->drv_flags = capa.flags;
4923 		wpa_s->drv_enc = capa.enc;
4924 		wpa_s->drv_smps_modes = capa.smps_modes;
4925 		wpa_s->drv_rrm_flags = capa.rrm_flags;
4926 		wpa_s->probe_resp_offloads = capa.probe_resp_offloads;
4927 		wpa_s->max_scan_ssids = capa.max_scan_ssids;
4928 		wpa_s->max_sched_scan_ssids = capa.max_sched_scan_ssids;
4929 		wpa_s->max_sched_scan_plans = capa.max_sched_scan_plans;
4930 		wpa_s->max_sched_scan_plan_interval =
4931 			capa.max_sched_scan_plan_interval;
4932 		wpa_s->max_sched_scan_plan_iterations =
4933 			capa.max_sched_scan_plan_iterations;
4934 		wpa_s->sched_scan_supported = capa.sched_scan_supported;
4935 		wpa_s->max_match_sets = capa.max_match_sets;
4936 		wpa_s->max_remain_on_chan = capa.max_remain_on_chan;
4937 		wpa_s->max_stations = capa.max_stations;
4938 		wpa_s->extended_capa = capa.extended_capa;
4939 		wpa_s->extended_capa_mask = capa.extended_capa_mask;
4940 		wpa_s->extended_capa_len = capa.extended_capa_len;
4941 		wpa_s->num_multichan_concurrent =
4942 			capa.num_multichan_concurrent;
4943 		wpa_s->wmm_ac_supported = capa.wmm_ac_supported;
4944 
4945 		if (capa.mac_addr_rand_scan_supported)
4946 			wpa_s->mac_addr_rand_supported |= MAC_ADDR_RAND_SCAN;
4947 		if (wpa_s->sched_scan_supported &&
4948 		    capa.mac_addr_rand_sched_scan_supported)
4949 			wpa_s->mac_addr_rand_supported |=
4950 				(MAC_ADDR_RAND_SCHED_SCAN | MAC_ADDR_RAND_PNO);
4951 	}
4952 	if (wpa_s->max_remain_on_chan == 0)
4953 		wpa_s->max_remain_on_chan = 1000;
4954 
4955 	/*
4956 	 * Only take p2p_mgmt parameters when P2P Device is supported.
4957 	 * Doing it here as it determines whether l2_packet_init() will be done
4958 	 * during wpa_supplicant_driver_init().
4959 	 */
4960 	if (wpa_s->drv_flags & WPA_DRIVER_FLAGS_DEDICATED_P2P_DEVICE)
4961 		wpa_s->p2p_mgmt = iface->p2p_mgmt;
4962 	else
4963 		iface->p2p_mgmt = 1;
4964 
4965 	if (wpa_s->num_multichan_concurrent == 0)
4966 		wpa_s->num_multichan_concurrent = 1;
4967 
4968 	if (wpa_supplicant_driver_init(wpa_s) < 0)
4969 		return -1;
4970 
4971 #ifdef CONFIG_TDLS
4972 	if ((!iface->p2p_mgmt ||
4973 	     !(wpa_s->drv_flags &
4974 	       WPA_DRIVER_FLAGS_DEDICATED_P2P_DEVICE)) &&
4975 	    wpa_tdls_init(wpa_s->wpa))
4976 		return -1;
4977 #endif /* CONFIG_TDLS */
4978 
4979 	if (wpa_s->conf->country[0] && wpa_s->conf->country[1] &&
4980 	    wpa_drv_set_country(wpa_s, wpa_s->conf->country)) {
4981 		wpa_dbg(wpa_s, MSG_DEBUG, "Failed to set country");
4982 		return -1;
4983 	}
4984 
4985 #ifdef CONFIG_FST
4986 	if (wpa_s->conf->fst_group_id) {
4987 		struct fst_iface_cfg cfg;
4988 		struct fst_wpa_obj iface_obj;
4989 
4990 		fst_wpa_supplicant_fill_iface_obj(wpa_s, &iface_obj);
4991 		os_strlcpy(cfg.group_id, wpa_s->conf->fst_group_id,
4992 			   sizeof(cfg.group_id));
4993 		cfg.priority = wpa_s->conf->fst_priority;
4994 		cfg.llt = wpa_s->conf->fst_llt;
4995 
4996 		wpa_s->fst = fst_attach(wpa_s->ifname, wpa_s->own_addr,
4997 					&iface_obj, &cfg);
4998 		if (!wpa_s->fst) {
4999 			wpa_msg(wpa_s, MSG_ERROR,
5000 				"FST: Cannot attach iface %s to group %s",
5001 				wpa_s->ifname, cfg.group_id);
5002 			return -1;
5003 		}
5004 	}
5005 #endif /* CONFIG_FST */
5006 
5007 	if (wpas_wps_init(wpa_s))
5008 		return -1;
5009 
5010 	if (wpa_supplicant_init_eapol(wpa_s) < 0)
5011 		return -1;
5012 	wpa_sm_set_eapol(wpa_s->wpa, wpa_s->eapol);
5013 
5014 	wpa_s->ctrl_iface = wpa_supplicant_ctrl_iface_init(wpa_s);
5015 	if (wpa_s->ctrl_iface == NULL) {
5016 		wpa_printf(MSG_ERROR,
5017 			   "Failed to initialize control interface '%s'.\n"
5018 			   "You may have another wpa_supplicant process "
5019 			   "already running or the file was\n"
5020 			   "left by an unclean termination of wpa_supplicant "
5021 			   "in which case you will need\n"
5022 			   "to manually remove this file before starting "
5023 			   "wpa_supplicant again.\n",
5024 			   wpa_s->conf->ctrl_interface);
5025 		return -1;
5026 	}
5027 
5028 	wpa_s->gas = gas_query_init(wpa_s);
5029 	if (wpa_s->gas == NULL) {
5030 		wpa_printf(MSG_ERROR, "Failed to initialize GAS query");
5031 		return -1;
5032 	}
5033 
5034 	if (iface->p2p_mgmt && wpas_p2p_init(wpa_s->global, wpa_s) < 0) {
5035 		wpa_msg(wpa_s, MSG_ERROR, "Failed to init P2P");
5036 		return -1;
5037 	}
5038 
5039 	if (wpa_bss_init(wpa_s) < 0)
5040 		return -1;
5041 
5042 #ifdef CONFIG_PMKSA_CACHE_EXTERNAL
5043 #ifdef CONFIG_MESH
5044 	dl_list_init(&wpa_s->mesh_external_pmksa_cache);
5045 #endif /* CONFIG_MESH */
5046 #endif /* CONFIG_PMKSA_CACHE_EXTERNAL */
5047 
5048 	/*
5049 	 * Set Wake-on-WLAN triggers, if configured.
5050 	 * Note: We don't restore/remove the triggers on shutdown (it doesn't
5051 	 * have effect anyway when the interface is down).
5052 	 */
5053 	if (capa_res == 0 && wpas_set_wowlan_triggers(wpa_s, &capa) < 0)
5054 		return -1;
5055 
5056 #ifdef CONFIG_EAP_PROXY
5057 {
5058 	size_t len;
5059 	wpa_s->mnc_len = eapol_sm_get_eap_proxy_imsi(wpa_s->eapol, wpa_s->imsi,
5060 						     &len);
5061 	if (wpa_s->mnc_len > 0) {
5062 		wpa_s->imsi[len] = '\0';
5063 		wpa_printf(MSG_DEBUG, "eap_proxy: IMSI %s (MNC length %d)",
5064 			   wpa_s->imsi, wpa_s->mnc_len);
5065 	} else {
5066 		wpa_printf(MSG_DEBUG, "eap_proxy: IMSI not available");
5067 	}
5068 }
5069 #endif /* CONFIG_EAP_PROXY */
5070 
5071 	if (pcsc_reader_init(wpa_s) < 0)
5072 		return -1;
5073 
5074 	if (wpas_init_ext_pw(wpa_s) < 0)
5075 		return -1;
5076 
5077 	wpas_rrm_reset(wpa_s);
5078 
5079 	wpas_sched_scan_plans_set(wpa_s, wpa_s->conf->sched_scan_plans);
5080 
5081 #ifdef CONFIG_HS20
5082 	hs20_init(wpa_s);
5083 #endif /* CONFIG_HS20 */
5084 #ifdef CONFIG_MBO
5085 	wpas_mbo_update_non_pref_chan(wpa_s, wpa_s->conf->non_pref_chan);
5086 #endif /* CONFIG_MBO */
5087 
5088 	wpa_supplicant_set_default_scan_ies(wpa_s);
5089 
5090 	return 0;
5091 }
5092 
5093 
wpa_supplicant_deinit_iface(struct wpa_supplicant * wpa_s,int notify,int terminate)5094 static void wpa_supplicant_deinit_iface(struct wpa_supplicant *wpa_s,
5095 					int notify, int terminate)
5096 {
5097 	struct wpa_global *global = wpa_s->global;
5098 	struct wpa_supplicant *iface, *prev;
5099 
5100 	if (wpa_s == wpa_s->parent)
5101 		wpas_p2p_group_remove(wpa_s, "*");
5102 
5103 	iface = global->ifaces;
5104 	while (iface) {
5105 		if (iface->p2pdev == wpa_s)
5106 			iface->p2pdev = iface->parent;
5107 		if (iface == wpa_s || iface->parent != wpa_s) {
5108 			iface = iface->next;
5109 			continue;
5110 		}
5111 		wpa_printf(MSG_DEBUG,
5112 			   "Remove remaining child interface %s from parent %s",
5113 			   iface->ifname, wpa_s->ifname);
5114 		prev = iface;
5115 		iface = iface->next;
5116 		wpa_supplicant_remove_iface(global, prev, terminate);
5117 	}
5118 
5119 	wpa_s->disconnected = 1;
5120 	if (wpa_s->drv_priv) {
5121 		wpa_supplicant_deauthenticate(wpa_s,
5122 					      WLAN_REASON_DEAUTH_LEAVING);
5123 
5124 		wpa_drv_set_countermeasures(wpa_s, 0);
5125 		wpa_clear_keys(wpa_s, NULL);
5126 	}
5127 
5128 	wpa_supplicant_cleanup(wpa_s);
5129 	wpas_p2p_deinit_iface(wpa_s);
5130 
5131 	wpas_ctrl_radio_work_flush(wpa_s);
5132 	radio_remove_interface(wpa_s);
5133 
5134 #ifdef CONFIG_FST
5135 	if (wpa_s->fst) {
5136 		fst_detach(wpa_s->fst);
5137 		wpa_s->fst = NULL;
5138 	}
5139 	if (wpa_s->received_mb_ies) {
5140 		wpabuf_free(wpa_s->received_mb_ies);
5141 		wpa_s->received_mb_ies = NULL;
5142 	}
5143 #endif /* CONFIG_FST */
5144 
5145 	if (wpa_s->drv_priv)
5146 		wpa_drv_deinit(wpa_s);
5147 
5148 	if (notify)
5149 		wpas_notify_iface_removed(wpa_s);
5150 
5151 	if (terminate)
5152 		wpa_msg(wpa_s, MSG_INFO, WPA_EVENT_TERMINATING);
5153 
5154 	if (wpa_s->ctrl_iface) {
5155 		wpa_supplicant_ctrl_iface_deinit(wpa_s->ctrl_iface);
5156 		wpa_s->ctrl_iface = NULL;
5157 	}
5158 
5159 #ifdef CONFIG_MESH
5160 	if (wpa_s->ifmsh) {
5161 		wpa_supplicant_mesh_iface_deinit(wpa_s, wpa_s->ifmsh);
5162 		wpa_s->ifmsh = NULL;
5163 	}
5164 #endif /* CONFIG_MESH */
5165 
5166 	if (wpa_s->conf != NULL) {
5167 		wpa_config_free(wpa_s->conf);
5168 		wpa_s->conf = NULL;
5169 	}
5170 
5171 	os_free(wpa_s->ssids_from_scan_req);
5172 
5173 	os_free(wpa_s);
5174 }
5175 
5176 
5177 #ifdef CONFIG_MATCH_IFACE
5178 
5179 /**
5180  * wpa_supplicant_match_iface - Match an interface description to a name
5181  * @global: Pointer to global data from wpa_supplicant_init()
5182  * @ifname: Name of the interface to match
5183  * Returns: Pointer to the created interface description or %NULL on failure
5184  */
wpa_supplicant_match_iface(struct wpa_global * global,const char * ifname)5185 struct wpa_interface * wpa_supplicant_match_iface(struct wpa_global *global,
5186 						  const char *ifname)
5187 {
5188 	int i;
5189 	struct wpa_interface *iface, *miface;
5190 
5191 	for (i = 0; i < global->params.match_iface_count; i++) {
5192 		miface = &global->params.match_ifaces[i];
5193 		if (!miface->ifname ||
5194 		    fnmatch(miface->ifname, ifname, 0) == 0) {
5195 			iface = os_zalloc(sizeof(*iface));
5196 			if (!iface)
5197 				return NULL;
5198 			*iface = *miface;
5199 			iface->ifname = ifname;
5200 			return iface;
5201 		}
5202 	}
5203 
5204 	return NULL;
5205 }
5206 
5207 
5208 /**
5209  * wpa_supplicant_match_existing - Match existing interfaces
5210  * @global: Pointer to global data from wpa_supplicant_init()
5211  * Returns: 0 on success, -1 on failure
5212  */
wpa_supplicant_match_existing(struct wpa_global * global)5213 static int wpa_supplicant_match_existing(struct wpa_global *global)
5214 {
5215 	struct if_nameindex *ifi, *ifp;
5216 	struct wpa_supplicant *wpa_s;
5217 	struct wpa_interface *iface;
5218 
5219 	ifp = if_nameindex();
5220 	if (!ifp) {
5221 		wpa_printf(MSG_ERROR, "if_nameindex: %s", strerror(errno));
5222 		return -1;
5223 	}
5224 
5225 	for (ifi = ifp; ifi->if_name; ifi++) {
5226 		wpa_s = wpa_supplicant_get_iface(global, ifi->if_name);
5227 		if (wpa_s)
5228 			continue;
5229 		iface = wpa_supplicant_match_iface(global, ifi->if_name);
5230 		if (iface) {
5231 			wpa_s = wpa_supplicant_add_iface(global, iface, NULL);
5232 			os_free(iface);
5233 			if (wpa_s)
5234 				wpa_s->matched = 1;
5235 		}
5236 	}
5237 
5238 	if_freenameindex(ifp);
5239 	return 0;
5240 }
5241 
5242 #endif /* CONFIG_MATCH_IFACE */
5243 
5244 
5245 /**
5246  * wpa_supplicant_add_iface - Add a new network interface
5247  * @global: Pointer to global data from wpa_supplicant_init()
5248  * @iface: Interface configuration options
5249  * @parent: Parent interface or %NULL to assign new interface as parent
5250  * Returns: Pointer to the created interface or %NULL on failure
5251  *
5252  * This function is used to add new network interfaces for %wpa_supplicant.
5253  * This can be called before wpa_supplicant_run() to add interfaces before the
5254  * main event loop has been started. In addition, new interfaces can be added
5255  * dynamically while %wpa_supplicant is already running. This could happen,
5256  * e.g., when a hotplug network adapter is inserted.
5257  */
wpa_supplicant_add_iface(struct wpa_global * global,struct wpa_interface * iface,struct wpa_supplicant * parent)5258 struct wpa_supplicant * wpa_supplicant_add_iface(struct wpa_global *global,
5259 						 struct wpa_interface *iface,
5260 						 struct wpa_supplicant *parent)
5261 {
5262 	struct wpa_supplicant *wpa_s;
5263 	struct wpa_interface t_iface;
5264 	struct wpa_ssid *ssid;
5265 
5266 	if (global == NULL || iface == NULL)
5267 		return NULL;
5268 
5269 	wpa_s = wpa_supplicant_alloc(parent);
5270 	if (wpa_s == NULL)
5271 		return NULL;
5272 
5273 	wpa_s->global = global;
5274 
5275 	t_iface = *iface;
5276 	if (global->params.override_driver) {
5277 		wpa_printf(MSG_DEBUG, "Override interface parameter: driver "
5278 			   "('%s' -> '%s')",
5279 			   iface->driver, global->params.override_driver);
5280 		t_iface.driver = global->params.override_driver;
5281 	}
5282 	if (global->params.override_ctrl_interface) {
5283 		wpa_printf(MSG_DEBUG, "Override interface parameter: "
5284 			   "ctrl_interface ('%s' -> '%s')",
5285 			   iface->ctrl_interface,
5286 			   global->params.override_ctrl_interface);
5287 		t_iface.ctrl_interface =
5288 			global->params.override_ctrl_interface;
5289 	}
5290 	if (wpa_supplicant_init_iface(wpa_s, &t_iface)) {
5291 		wpa_printf(MSG_DEBUG, "Failed to add interface %s",
5292 			   iface->ifname);
5293 		wpa_supplicant_deinit_iface(wpa_s, 0, 0);
5294 		return NULL;
5295 	}
5296 
5297 	/* Notify the control interfaces about new iface */
5298 	if (wpas_notify_iface_added(wpa_s)) {
5299 		wpa_supplicant_deinit_iface(wpa_s, 1, 0);
5300 		return NULL;
5301 	}
5302 
5303 	/* Notify the control interfaces about new networks for non p2p mgmt
5304 	 * ifaces. */
5305 	if (iface->p2p_mgmt == 0) {
5306 		for (ssid = wpa_s->conf->ssid; ssid; ssid = ssid->next)
5307 			wpas_notify_network_added(wpa_s, ssid);
5308 	}
5309 
5310 	wpa_s->next = global->ifaces;
5311 	global->ifaces = wpa_s;
5312 
5313 	wpa_dbg(wpa_s, MSG_DEBUG, "Added interface %s", wpa_s->ifname);
5314 	wpa_supplicant_set_state(wpa_s, WPA_DISCONNECTED);
5315 
5316 #ifdef CONFIG_P2P
5317 	if (wpa_s->global->p2p == NULL &&
5318 	    !wpa_s->global->p2p_disabled && !wpa_s->conf->p2p_disabled &&
5319 	    (wpa_s->drv_flags & WPA_DRIVER_FLAGS_DEDICATED_P2P_DEVICE) &&
5320 	    wpas_p2p_add_p2pdev_interface(
5321 		    wpa_s, wpa_s->global->params.conf_p2p_dev) < 0) {
5322 		wpa_printf(MSG_INFO,
5323 			   "P2P: Failed to enable P2P Device interface");
5324 		/* Try to continue without. P2P will be disabled. */
5325 	}
5326 #endif /* CONFIG_P2P */
5327 
5328 	return wpa_s;
5329 }
5330 
5331 
5332 /**
5333  * wpa_supplicant_remove_iface - Remove a network interface
5334  * @global: Pointer to global data from wpa_supplicant_init()
5335  * @wpa_s: Pointer to the network interface to be removed
5336  * Returns: 0 if interface was removed, -1 if interface was not found
5337  *
5338  * This function can be used to dynamically remove network interfaces from
5339  * %wpa_supplicant, e.g., when a hotplug network adapter is ejected. In
5340  * addition, this function is used to remove all remaining interfaces when
5341  * %wpa_supplicant is terminated.
5342  */
wpa_supplicant_remove_iface(struct wpa_global * global,struct wpa_supplicant * wpa_s,int terminate)5343 int wpa_supplicant_remove_iface(struct wpa_global *global,
5344 				struct wpa_supplicant *wpa_s,
5345 				int terminate)
5346 {
5347 	struct wpa_supplicant *prev;
5348 #ifdef CONFIG_MESH
5349 	unsigned int mesh_if_created = wpa_s->mesh_if_created;
5350 	char *ifname = NULL;
5351 	struct wpa_supplicant *parent = wpa_s->parent;
5352 #endif /* CONFIG_MESH */
5353 
5354 	/* Remove interface from the global list of interfaces */
5355 	prev = global->ifaces;
5356 	if (prev == wpa_s) {
5357 		global->ifaces = wpa_s->next;
5358 	} else {
5359 		while (prev && prev->next != wpa_s)
5360 			prev = prev->next;
5361 		if (prev == NULL)
5362 			return -1;
5363 		prev->next = wpa_s->next;
5364 	}
5365 
5366 	wpa_dbg(wpa_s, MSG_DEBUG, "Removing interface %s", wpa_s->ifname);
5367 
5368 #ifdef CONFIG_MESH
5369 	if (mesh_if_created) {
5370 		ifname = os_strdup(wpa_s->ifname);
5371 		if (ifname == NULL) {
5372 			wpa_dbg(wpa_s, MSG_ERROR,
5373 				"mesh: Failed to malloc ifname");
5374 			return -1;
5375 		}
5376 	}
5377 #endif /* CONFIG_MESH */
5378 
5379 	if (global->p2p_group_formation == wpa_s)
5380 		global->p2p_group_formation = NULL;
5381 	if (global->p2p_invite_group == wpa_s)
5382 		global->p2p_invite_group = NULL;
5383 	wpa_supplicant_deinit_iface(wpa_s, 1, terminate);
5384 
5385 #ifdef CONFIG_MESH
5386 	if (mesh_if_created) {
5387 		wpa_drv_if_remove(parent, WPA_IF_MESH, ifname);
5388 		os_free(ifname);
5389 	}
5390 #endif /* CONFIG_MESH */
5391 
5392 	return 0;
5393 }
5394 
5395 
5396 /**
5397  * wpa_supplicant_get_eap_mode - Get the current EAP mode
5398  * @wpa_s: Pointer to the network interface
5399  * Returns: Pointer to the eap mode or the string "UNKNOWN" if not found
5400  */
wpa_supplicant_get_eap_mode(struct wpa_supplicant * wpa_s)5401 const char * wpa_supplicant_get_eap_mode(struct wpa_supplicant *wpa_s)
5402 {
5403 	const char *eapol_method;
5404 
5405         if (wpa_key_mgmt_wpa_ieee8021x(wpa_s->key_mgmt) == 0 &&
5406             wpa_s->key_mgmt != WPA_KEY_MGMT_IEEE8021X_NO_WPA) {
5407 		return "NO-EAP";
5408 	}
5409 
5410 	eapol_method = eapol_sm_get_method_name(wpa_s->eapol);
5411 	if (eapol_method == NULL)
5412 		return "UNKNOWN-EAP";
5413 
5414 	return eapol_method;
5415 }
5416 
5417 
5418 /**
5419  * wpa_supplicant_get_iface - Get a new network interface
5420  * @global: Pointer to global data from wpa_supplicant_init()
5421  * @ifname: Interface name
5422  * Returns: Pointer to the interface or %NULL if not found
5423  */
wpa_supplicant_get_iface(struct wpa_global * global,const char * ifname)5424 struct wpa_supplicant * wpa_supplicant_get_iface(struct wpa_global *global,
5425 						 const char *ifname)
5426 {
5427 	struct wpa_supplicant *wpa_s;
5428 
5429 	for (wpa_s = global->ifaces; wpa_s; wpa_s = wpa_s->next) {
5430 		if (os_strcmp(wpa_s->ifname, ifname) == 0)
5431 			return wpa_s;
5432 	}
5433 	return NULL;
5434 }
5435 
5436 
5437 #ifndef CONFIG_NO_WPA_MSG
wpa_supplicant_msg_ifname_cb(void * ctx)5438 static const char * wpa_supplicant_msg_ifname_cb(void *ctx)
5439 {
5440 	struct wpa_supplicant *wpa_s = ctx;
5441 	if (wpa_s == NULL)
5442 		return NULL;
5443 	return wpa_s->ifname;
5444 }
5445 #endif /* CONFIG_NO_WPA_MSG */
5446 
5447 
5448 #ifndef WPA_SUPPLICANT_CLEANUP_INTERVAL
5449 #define WPA_SUPPLICANT_CLEANUP_INTERVAL 10
5450 #endif /* WPA_SUPPLICANT_CLEANUP_INTERVAL */
5451 
5452 /* Periodic cleanup tasks */
wpas_periodic(void * eloop_ctx,void * timeout_ctx)5453 static void wpas_periodic(void *eloop_ctx, void *timeout_ctx)
5454 {
5455 	struct wpa_global *global = eloop_ctx;
5456 	struct wpa_supplicant *wpa_s;
5457 
5458 	eloop_register_timeout(WPA_SUPPLICANT_CLEANUP_INTERVAL, 0,
5459 			       wpas_periodic, global, NULL);
5460 
5461 #ifdef CONFIG_P2P
5462 	if (global->p2p)
5463 		p2p_expire_peers(global->p2p);
5464 #endif /* CONFIG_P2P */
5465 
5466 	for (wpa_s = global->ifaces; wpa_s; wpa_s = wpa_s->next) {
5467 		wpa_bss_flush_by_age(wpa_s, wpa_s->conf->bss_expiration_age);
5468 #ifdef CONFIG_AP
5469 		ap_periodic(wpa_s);
5470 #endif /* CONFIG_AP */
5471 	}
5472 }
5473 
5474 
5475 /**
5476  * wpa_supplicant_init - Initialize %wpa_supplicant
5477  * @params: Parameters for %wpa_supplicant
5478  * Returns: Pointer to global %wpa_supplicant data, or %NULL on failure
5479  *
5480  * This function is used to initialize %wpa_supplicant. After successful
5481  * initialization, the returned data pointer can be used to add and remove
5482  * network interfaces, and eventually, to deinitialize %wpa_supplicant.
5483  */
wpa_supplicant_init(struct wpa_params * params)5484 struct wpa_global * wpa_supplicant_init(struct wpa_params *params)
5485 {
5486 	struct wpa_global *global;
5487 	int ret, i;
5488 
5489 	if (params == NULL)
5490 		return NULL;
5491 
5492 #ifdef CONFIG_DRIVER_NDIS
5493 	{
5494 		void driver_ndis_init_ops(void);
5495 		driver_ndis_init_ops();
5496 	}
5497 #endif /* CONFIG_DRIVER_NDIS */
5498 
5499 #ifndef CONFIG_NO_WPA_MSG
5500 	wpa_msg_register_ifname_cb(wpa_supplicant_msg_ifname_cb);
5501 #endif /* CONFIG_NO_WPA_MSG */
5502 
5503 	if (params->wpa_debug_file_path)
5504 		wpa_debug_open_file(params->wpa_debug_file_path);
5505 	else
5506 		wpa_debug_setup_stdout();
5507 	if (params->wpa_debug_syslog)
5508 		wpa_debug_open_syslog();
5509 	if (params->wpa_debug_tracing) {
5510 		ret = wpa_debug_open_linux_tracing();
5511 		if (ret) {
5512 			wpa_printf(MSG_ERROR,
5513 				   "Failed to enable trace logging");
5514 			return NULL;
5515 		}
5516 	}
5517 
5518 	ret = eap_register_methods();
5519 	if (ret) {
5520 		wpa_printf(MSG_ERROR, "Failed to register EAP methods");
5521 		if (ret == -2)
5522 			wpa_printf(MSG_ERROR, "Two or more EAP methods used "
5523 				   "the same EAP type.");
5524 		return NULL;
5525 	}
5526 
5527 	global = os_zalloc(sizeof(*global));
5528 	if (global == NULL)
5529 		return NULL;
5530 	dl_list_init(&global->p2p_srv_bonjour);
5531 	dl_list_init(&global->p2p_srv_upnp);
5532 	global->params.daemonize = params->daemonize;
5533 	global->params.wait_for_monitor = params->wait_for_monitor;
5534 	global->params.dbus_ctrl_interface = params->dbus_ctrl_interface;
5535 	if (params->pid_file)
5536 		global->params.pid_file = os_strdup(params->pid_file);
5537 	if (params->ctrl_interface)
5538 		global->params.ctrl_interface =
5539 			os_strdup(params->ctrl_interface);
5540 	if (params->ctrl_interface_group)
5541 		global->params.ctrl_interface_group =
5542 			os_strdup(params->ctrl_interface_group);
5543 	if (params->override_driver)
5544 		global->params.override_driver =
5545 			os_strdup(params->override_driver);
5546 	if (params->override_ctrl_interface)
5547 		global->params.override_ctrl_interface =
5548 			os_strdup(params->override_ctrl_interface);
5549 #ifdef CONFIG_MATCH_IFACE
5550 	global->params.match_iface_count = params->match_iface_count;
5551 	if (params->match_iface_count) {
5552 		global->params.match_ifaces =
5553 			os_calloc(params->match_iface_count,
5554 				  sizeof(struct wpa_interface));
5555 		os_memcpy(global->params.match_ifaces,
5556 			  params->match_ifaces,
5557 			  params->match_iface_count *
5558 			  sizeof(struct wpa_interface));
5559 	}
5560 #endif /* CONFIG_MATCH_IFACE */
5561 #ifdef CONFIG_P2P
5562 	if (params->conf_p2p_dev)
5563 		global->params.conf_p2p_dev =
5564 			os_strdup(params->conf_p2p_dev);
5565 #endif /* CONFIG_P2P */
5566 	wpa_debug_level = global->params.wpa_debug_level =
5567 		params->wpa_debug_level;
5568 	wpa_debug_show_keys = global->params.wpa_debug_show_keys =
5569 		params->wpa_debug_show_keys;
5570 	wpa_debug_timestamp = global->params.wpa_debug_timestamp =
5571 		params->wpa_debug_timestamp;
5572 
5573 	wpa_printf(MSG_DEBUG, "wpa_supplicant v" VERSION_STR);
5574 
5575 	if (eloop_init()) {
5576 		wpa_printf(MSG_ERROR, "Failed to initialize event loop");
5577 		wpa_supplicant_deinit(global);
5578 		return NULL;
5579 	}
5580 
5581 	random_init(params->entropy_file);
5582 
5583 	global->ctrl_iface = wpa_supplicant_global_ctrl_iface_init(global);
5584 	if (global->ctrl_iface == NULL) {
5585 		wpa_supplicant_deinit(global);
5586 		return NULL;
5587 	}
5588 
5589 	if (wpas_notify_supplicant_initialized(global)) {
5590 		wpa_supplicant_deinit(global);
5591 		return NULL;
5592 	}
5593 
5594 	for (i = 0; wpa_drivers[i]; i++)
5595 		global->drv_count++;
5596 	if (global->drv_count == 0) {
5597 		wpa_printf(MSG_ERROR, "No drivers enabled");
5598 		wpa_supplicant_deinit(global);
5599 		return NULL;
5600 	}
5601 	global->drv_priv = os_calloc(global->drv_count, sizeof(void *));
5602 	if (global->drv_priv == NULL) {
5603 		wpa_supplicant_deinit(global);
5604 		return NULL;
5605 	}
5606 
5607 #ifdef CONFIG_WIFI_DISPLAY
5608 	if (wifi_display_init(global) < 0) {
5609 		wpa_printf(MSG_ERROR, "Failed to initialize Wi-Fi Display");
5610 		wpa_supplicant_deinit(global);
5611 		return NULL;
5612 	}
5613 #endif /* CONFIG_WIFI_DISPLAY */
5614 
5615 	eloop_register_timeout(WPA_SUPPLICANT_CLEANUP_INTERVAL, 0,
5616 			       wpas_periodic, global, NULL);
5617 
5618 	return global;
5619 }
5620 
5621 
5622 /**
5623  * wpa_supplicant_run - Run the %wpa_supplicant main event loop
5624  * @global: Pointer to global data from wpa_supplicant_init()
5625  * Returns: 0 after successful event loop run, -1 on failure
5626  *
5627  * This function starts the main event loop and continues running as long as
5628  * there are any remaining events. In most cases, this function is running as
5629  * long as the %wpa_supplicant process in still in use.
5630  */
wpa_supplicant_run(struct wpa_global * global)5631 int wpa_supplicant_run(struct wpa_global *global)
5632 {
5633 	struct wpa_supplicant *wpa_s;
5634 
5635 	if (global->params.daemonize &&
5636 	    (wpa_supplicant_daemon(global->params.pid_file) ||
5637 	     eloop_sock_requeue()))
5638 		return -1;
5639 
5640 #ifdef CONFIG_MATCH_IFACE
5641 	if (wpa_supplicant_match_existing(global))
5642 		return -1;
5643 #endif
5644 
5645 	if (global->params.wait_for_monitor) {
5646 		for (wpa_s = global->ifaces; wpa_s; wpa_s = wpa_s->next)
5647 			if (wpa_s->ctrl_iface && !wpa_s->p2p_mgmt)
5648 				wpa_supplicant_ctrl_iface_wait(
5649 					wpa_s->ctrl_iface);
5650 	}
5651 
5652 	eloop_register_signal_terminate(wpa_supplicant_terminate, global);
5653 	eloop_register_signal_reconfig(wpa_supplicant_reconfig, global);
5654 
5655 	eloop_run();
5656 
5657 	return 0;
5658 }
5659 
5660 
5661 /**
5662  * wpa_supplicant_deinit - Deinitialize %wpa_supplicant
5663  * @global: Pointer to global data from wpa_supplicant_init()
5664  *
5665  * This function is called to deinitialize %wpa_supplicant and to free all
5666  * allocated resources. Remaining network interfaces will also be removed.
5667  */
wpa_supplicant_deinit(struct wpa_global * global)5668 void wpa_supplicant_deinit(struct wpa_global *global)
5669 {
5670 	int i;
5671 
5672 	if (global == NULL)
5673 		return;
5674 
5675 	eloop_cancel_timeout(wpas_periodic, global, NULL);
5676 
5677 #ifdef CONFIG_WIFI_DISPLAY
5678 	wifi_display_deinit(global);
5679 #endif /* CONFIG_WIFI_DISPLAY */
5680 
5681 	while (global->ifaces)
5682 		wpa_supplicant_remove_iface(global, global->ifaces, 1);
5683 
5684 	if (global->ctrl_iface)
5685 		wpa_supplicant_global_ctrl_iface_deinit(global->ctrl_iface);
5686 
5687 	wpas_notify_supplicant_deinitialized(global);
5688 
5689 	eap_peer_unregister_methods();
5690 #ifdef CONFIG_AP
5691 	eap_server_unregister_methods();
5692 #endif /* CONFIG_AP */
5693 
5694 	for (i = 0; wpa_drivers[i] && global->drv_priv; i++) {
5695 		if (!global->drv_priv[i])
5696 			continue;
5697 		wpa_drivers[i]->global_deinit(global->drv_priv[i]);
5698 	}
5699 	os_free(global->drv_priv);
5700 
5701 	random_deinit();
5702 
5703 	eloop_destroy();
5704 
5705 	if (global->params.pid_file) {
5706 		os_daemonize_terminate(global->params.pid_file);
5707 		os_free(global->params.pid_file);
5708 	}
5709 	os_free(global->params.ctrl_interface);
5710 	os_free(global->params.ctrl_interface_group);
5711 	os_free(global->params.override_driver);
5712 	os_free(global->params.override_ctrl_interface);
5713 #ifdef CONFIG_MATCH_IFACE
5714 	os_free(global->params.match_ifaces);
5715 #endif /* CONFIG_MATCH_IFACE */
5716 #ifdef CONFIG_P2P
5717 	os_free(global->params.conf_p2p_dev);
5718 #endif /* CONFIG_P2P */
5719 
5720 	os_free(global->p2p_disallow_freq.range);
5721 	os_free(global->p2p_go_avoid_freq.range);
5722 	os_free(global->add_psk);
5723 
5724 	os_free(global);
5725 	wpa_debug_close_syslog();
5726 	wpa_debug_close_file();
5727 	wpa_debug_close_linux_tracing();
5728 }
5729 
5730 
wpa_supplicant_update_config(struct wpa_supplicant * wpa_s)5731 void wpa_supplicant_update_config(struct wpa_supplicant *wpa_s)
5732 {
5733 	if ((wpa_s->conf->changed_parameters & CFG_CHANGED_COUNTRY) &&
5734 	    wpa_s->conf->country[0] && wpa_s->conf->country[1]) {
5735 		char country[3];
5736 		country[0] = wpa_s->conf->country[0];
5737 		country[1] = wpa_s->conf->country[1];
5738 		country[2] = '\0';
5739 		if (wpa_drv_set_country(wpa_s, country) < 0) {
5740 			wpa_printf(MSG_ERROR, "Failed to set country code "
5741 				   "'%s'", country);
5742 		}
5743 	}
5744 
5745 	if (wpa_s->conf->changed_parameters & CFG_CHANGED_EXT_PW_BACKEND)
5746 		wpas_init_ext_pw(wpa_s);
5747 
5748 	if (wpa_s->conf->changed_parameters & CFG_CHANGED_SCHED_SCAN_PLANS)
5749 		wpas_sched_scan_plans_set(wpa_s, wpa_s->conf->sched_scan_plans);
5750 
5751 #ifdef CONFIG_WPS
5752 	wpas_wps_update_config(wpa_s);
5753 #endif /* CONFIG_WPS */
5754 	wpas_p2p_update_config(wpa_s);
5755 	wpa_s->conf->changed_parameters = 0;
5756 }
5757 
5758 
add_freq(int * freqs,int * num_freqs,int freq)5759 void add_freq(int *freqs, int *num_freqs, int freq)
5760 {
5761 	int i;
5762 
5763 	for (i = 0; i < *num_freqs; i++) {
5764 		if (freqs[i] == freq)
5765 			return;
5766 	}
5767 
5768 	freqs[*num_freqs] = freq;
5769 	(*num_freqs)++;
5770 }
5771 
5772 
get_bss_freqs_in_ess(struct wpa_supplicant * wpa_s)5773 static int * get_bss_freqs_in_ess(struct wpa_supplicant *wpa_s)
5774 {
5775 	struct wpa_bss *bss, *cbss;
5776 	const int max_freqs = 10;
5777 	int *freqs;
5778 	int num_freqs = 0;
5779 
5780 	freqs = os_calloc(max_freqs + 1, sizeof(int));
5781 	if (freqs == NULL)
5782 		return NULL;
5783 
5784 	cbss = wpa_s->current_bss;
5785 
5786 	dl_list_for_each(bss, &wpa_s->bss, struct wpa_bss, list) {
5787 		if (bss == cbss)
5788 			continue;
5789 		if (bss->ssid_len == cbss->ssid_len &&
5790 		    os_memcmp(bss->ssid, cbss->ssid, bss->ssid_len) == 0 &&
5791 		    wpa_blacklist_get(wpa_s, bss->bssid) == NULL) {
5792 			add_freq(freqs, &num_freqs, bss->freq);
5793 			if (num_freqs == max_freqs)
5794 				break;
5795 		}
5796 	}
5797 
5798 	if (num_freqs == 0) {
5799 		os_free(freqs);
5800 		freqs = NULL;
5801 	}
5802 
5803 	return freqs;
5804 }
5805 
5806 
wpas_connection_failed(struct wpa_supplicant * wpa_s,const u8 * bssid)5807 void wpas_connection_failed(struct wpa_supplicant *wpa_s, const u8 *bssid)
5808 {
5809 	int timeout;
5810 	int count;
5811 	int *freqs = NULL;
5812 
5813 	wpas_connect_work_done(wpa_s);
5814 
5815 	/*
5816 	 * Remove possible authentication timeout since the connection failed.
5817 	 */
5818 	eloop_cancel_timeout(wpa_supplicant_timeout, wpa_s, NULL);
5819 
5820 	/*
5821 	 * There is no point in blacklisting the AP if this event is
5822 	 * generated based on local request to disconnect.
5823 	 */
5824 	if (wpa_s->own_disconnect_req) {
5825 		wpa_s->own_disconnect_req = 0;
5826 		wpa_dbg(wpa_s, MSG_DEBUG,
5827 			"Ignore connection failure due to local request to disconnect");
5828 		return;
5829 	}
5830 	if (wpa_s->disconnected) {
5831 		wpa_dbg(wpa_s, MSG_DEBUG, "Ignore connection failure "
5832 			"indication since interface has been put into "
5833 			"disconnected state");
5834 		return;
5835 	}
5836 
5837 	/*
5838 	 * Add the failed BSSID into the blacklist and speed up next scan
5839 	 * attempt if there could be other APs that could accept association.
5840 	 * The current blacklist count indicates how many times we have tried
5841 	 * connecting to this AP and multiple attempts mean that other APs are
5842 	 * either not available or has already been tried, so that we can start
5843 	 * increasing the delay here to avoid constant scanning.
5844 	 */
5845 	count = wpa_blacklist_add(wpa_s, bssid);
5846 	if (count == 1 && wpa_s->current_bss) {
5847 		/*
5848 		 * This BSS was not in the blacklist before. If there is
5849 		 * another BSS available for the same ESS, we should try that
5850 		 * next. Otherwise, we may as well try this one once more
5851 		 * before allowing other, likely worse, ESSes to be considered.
5852 		 */
5853 		freqs = get_bss_freqs_in_ess(wpa_s);
5854 		if (freqs) {
5855 			wpa_dbg(wpa_s, MSG_DEBUG, "Another BSS in this ESS "
5856 				"has been seen; try it next");
5857 			wpa_blacklist_add(wpa_s, bssid);
5858 			/*
5859 			 * On the next scan, go through only the known channels
5860 			 * used in this ESS based on previous scans to speed up
5861 			 * common load balancing use case.
5862 			 */
5863 			os_free(wpa_s->next_scan_freqs);
5864 			wpa_s->next_scan_freqs = freqs;
5865 		}
5866 	}
5867 
5868 	/*
5869 	 * Add previous failure count in case the temporary blacklist was
5870 	 * cleared due to no other BSSes being available.
5871 	 */
5872 	count += wpa_s->extra_blacklist_count;
5873 
5874 	if (count > 3 && wpa_s->current_ssid) {
5875 		wpa_printf(MSG_DEBUG, "Continuous association failures - "
5876 			   "consider temporary network disabling");
5877 		wpas_auth_failed(wpa_s, "CONN_FAILED");
5878 	}
5879 
5880 	switch (count) {
5881 	case 1:
5882 		timeout = 100;
5883 		break;
5884 	case 2:
5885 		timeout = 500;
5886 		break;
5887 	case 3:
5888 		timeout = 1000;
5889 		break;
5890 	case 4:
5891 		timeout = 5000;
5892 		break;
5893 	default:
5894 		timeout = 10000;
5895 		break;
5896 	}
5897 
5898 	wpa_dbg(wpa_s, MSG_DEBUG, "Blacklist count %d --> request scan in %d "
5899 		"ms", count, timeout);
5900 
5901 	/*
5902 	 * TODO: if more than one possible AP is available in scan results,
5903 	 * could try the other ones before requesting a new scan.
5904 	 */
5905 	wpa_supplicant_req_scan(wpa_s, timeout / 1000,
5906 				1000 * (timeout % 1000));
5907 }
5908 
5909 
wpas_driver_bss_selection(struct wpa_supplicant * wpa_s)5910 int wpas_driver_bss_selection(struct wpa_supplicant *wpa_s)
5911 {
5912 	return wpa_s->conf->ap_scan == 2 ||
5913 		(wpa_s->drv_flags & WPA_DRIVER_FLAGS_BSS_SELECTION);
5914 }
5915 
5916 
5917 #if defined(CONFIG_CTRL_IFACE) || defined(CONFIG_CTRL_IFACE_DBUS_NEW) || defined (CONFIG_CTRL_IFACE_HIDL)
wpa_supplicant_ctrl_iface_ctrl_rsp_handle(struct wpa_supplicant * wpa_s,struct wpa_ssid * ssid,const char * field,const char * value)5918 int wpa_supplicant_ctrl_iface_ctrl_rsp_handle(struct wpa_supplicant *wpa_s,
5919 					      struct wpa_ssid *ssid,
5920 					      const char *field,
5921 					      const char *value)
5922 {
5923 #ifdef IEEE8021X_EAPOL
5924 	enum wpa_ctrl_req_type rtype;
5925 
5926 	wpa_printf(MSG_DEBUG, "CTRL_IFACE: response handle field=%s", field);
5927 	wpa_hexdump_ascii_key(MSG_DEBUG, "CTRL_IFACE: response value",
5928 			      (const u8 *) value, os_strlen(value));
5929 
5930 	rtype = wpa_supplicant_ctrl_req_from_string(field);
5931 	return wpa_supplicant_ctrl_rsp_handle(wpa_s, ssid, rtype, value);
5932 #else /* IEEE8021X_EAPOL */
5933 	wpa_printf(MSG_DEBUG, "CTRL_IFACE: IEEE 802.1X not included");
5934 	return -1;
5935 #endif /* IEEE8021X_EAPOL */
5936 }
5937 
wpa_supplicant_ctrl_rsp_handle(struct wpa_supplicant * wpa_s,struct wpa_ssid * ssid,enum wpa_ctrl_req_type rtype,const char * value)5938 int wpa_supplicant_ctrl_rsp_handle(struct wpa_supplicant *wpa_s,
5939 				   struct wpa_ssid *ssid,
5940 				   enum wpa_ctrl_req_type rtype,
5941 				   const char *value)
5942 {
5943 #ifdef IEEE8021X_EAPOL
5944 	struct eap_peer_config *eap = &ssid->eap;
5945 
5946 	switch (rtype) {
5947 	case WPA_CTRL_REQ_EAP_IDENTITY:
5948 		os_free(eap->identity);
5949 		eap->identity = (u8 *) os_strdup(value);
5950 		eap->identity_len = os_strlen(value);
5951 		eap->pending_req_identity = 0;
5952 		if (ssid == wpa_s->current_ssid)
5953 			wpa_s->reassociate = 1;
5954 		break;
5955 	case WPA_CTRL_REQ_EAP_PASSWORD:
5956 		bin_clear_free(eap->password, eap->password_len);
5957 		eap->password = (u8 *) os_strdup(value);
5958 		eap->password_len = os_strlen(value);
5959 		eap->pending_req_password = 0;
5960 		if (ssid == wpa_s->current_ssid)
5961 			wpa_s->reassociate = 1;
5962 		break;
5963 	case WPA_CTRL_REQ_EAP_NEW_PASSWORD:
5964 		bin_clear_free(eap->new_password, eap->new_password_len);
5965 		eap->new_password = (u8 *) os_strdup(value);
5966 		eap->new_password_len = os_strlen(value);
5967 		eap->pending_req_new_password = 0;
5968 		if (ssid == wpa_s->current_ssid)
5969 			wpa_s->reassociate = 1;
5970 		break;
5971 	case WPA_CTRL_REQ_EAP_PIN:
5972 		str_clear_free(eap->pin);
5973 		eap->pin = os_strdup(value);
5974 		eap->pending_req_pin = 0;
5975 		if (ssid == wpa_s->current_ssid)
5976 			wpa_s->reassociate = 1;
5977 		break;
5978 	case WPA_CTRL_REQ_EAP_OTP:
5979 		bin_clear_free(eap->otp, eap->otp_len);
5980 		eap->otp = (u8 *) os_strdup(value);
5981 		eap->otp_len = os_strlen(value);
5982 		os_free(eap->pending_req_otp);
5983 		eap->pending_req_otp = NULL;
5984 		eap->pending_req_otp_len = 0;
5985 		break;
5986 	case WPA_CTRL_REQ_EAP_PASSPHRASE:
5987 		str_clear_free(eap->private_key_passwd);
5988 		eap->private_key_passwd = os_strdup(value);
5989 		eap->pending_req_passphrase = 0;
5990 		if (ssid == wpa_s->current_ssid)
5991 			wpa_s->reassociate = 1;
5992 		break;
5993 	case WPA_CTRL_REQ_SIM:
5994 		str_clear_free(eap->external_sim_resp);
5995 		eap->external_sim_resp = os_strdup(value);
5996 		eap->pending_req_sim = 0;
5997 		break;
5998 	case WPA_CTRL_REQ_PSK_PASSPHRASE:
5999 		if (wpa_config_set(ssid, "psk", value, 0) < 0)
6000 			return -1;
6001 		ssid->mem_only_psk = 1;
6002 		if (ssid->passphrase)
6003 			wpa_config_update_psk(ssid);
6004 		if (wpa_s->wpa_state == WPA_SCANNING && !wpa_s->scanning)
6005 			wpa_supplicant_req_scan(wpa_s, 0, 0);
6006 		break;
6007 	case WPA_CTRL_REQ_EXT_CERT_CHECK:
6008 		if (eap->pending_ext_cert_check != PENDING_CHECK)
6009 			return -1;
6010 		if (os_strcmp(value, "good") == 0)
6011 			eap->pending_ext_cert_check = EXT_CERT_CHECK_GOOD;
6012 		else if (os_strcmp(value, "bad") == 0)
6013 			eap->pending_ext_cert_check = EXT_CERT_CHECK_BAD;
6014 		else
6015 			return -1;
6016 		break;
6017 	default:
6018 		wpa_printf(MSG_DEBUG, "CTRL_IFACE: Unknown type %d", rtype);
6019 		return -1;
6020 	}
6021 
6022 	return 0;
6023 #else /* IEEE8021X_EAPOL */
6024 	wpa_printf(MSG_DEBUG, "CTRL_IFACE: IEEE 802.1X not included");
6025 	return -1;
6026 #endif /* IEEE8021X_EAPOL */
6027 }
6028 #endif /* CONFIG_CTRL_IFACE || CONFIG_CTRL_IFACE_DBUS_NEW || CONFIG_CTRL_IFACE_HIDL */
6029 
6030 
wpas_network_disabled(struct wpa_supplicant * wpa_s,struct wpa_ssid * ssid)6031 int wpas_network_disabled(struct wpa_supplicant *wpa_s, struct wpa_ssid *ssid)
6032 {
6033 	int i;
6034 	unsigned int drv_enc;
6035 
6036 	if (wpa_s->p2p_mgmt)
6037 		return 1; /* no normal network profiles on p2p_mgmt interface */
6038 
6039 	if (ssid == NULL)
6040 		return 1;
6041 
6042 	if (ssid->disabled)
6043 		return 1;
6044 
6045 	if (wpa_s->drv_capa_known)
6046 		drv_enc = wpa_s->drv_enc;
6047 	else
6048 		drv_enc = (unsigned int) -1;
6049 
6050 	for (i = 0; i < NUM_WEP_KEYS; i++) {
6051 		size_t len = ssid->wep_key_len[i];
6052 		if (len == 0)
6053 			continue;
6054 		if (len == 5 && (drv_enc & WPA_DRIVER_CAPA_ENC_WEP40))
6055 			continue;
6056 		if (len == 13 && (drv_enc & WPA_DRIVER_CAPA_ENC_WEP104))
6057 			continue;
6058 		if (len == 16 && (drv_enc & WPA_DRIVER_CAPA_ENC_WEP128))
6059 			continue;
6060 		return 1; /* invalid WEP key */
6061 	}
6062 
6063 	if (wpa_key_mgmt_wpa_psk(ssid->key_mgmt) && !ssid->psk_set &&
6064 	    (!ssid->passphrase || ssid->ssid_len != 0) && !ssid->ext_psk &&
6065 	    !ssid->mem_only_psk)
6066 		return 1;
6067 
6068 	return 0;
6069 }
6070 
6071 
wpas_get_ssid_pmf(struct wpa_supplicant * wpa_s,struct wpa_ssid * ssid)6072 int wpas_get_ssid_pmf(struct wpa_supplicant *wpa_s, struct wpa_ssid *ssid)
6073 {
6074 #ifdef CONFIG_IEEE80211W
6075 	if (ssid == NULL || ssid->ieee80211w == MGMT_FRAME_PROTECTION_DEFAULT) {
6076 		if (wpa_s->conf->pmf == MGMT_FRAME_PROTECTION_OPTIONAL &&
6077 		    !(wpa_s->drv_enc & WPA_DRIVER_CAPA_ENC_BIP)) {
6078 			/*
6079 			 * Driver does not support BIP -- ignore pmf=1 default
6080 			 * since the connection with PMF would fail and the
6081 			 * configuration does not require PMF to be enabled.
6082 			 */
6083 			return NO_MGMT_FRAME_PROTECTION;
6084 		}
6085 
6086 		if (ssid &&
6087 		    (ssid->key_mgmt &
6088 		     ~(WPA_KEY_MGMT_NONE | WPA_KEY_MGMT_WPS |
6089 		       WPA_KEY_MGMT_IEEE8021X_NO_WPA)) == 0) {
6090 			/*
6091 			 * Do not use the default PMF value for non-RSN networks
6092 			 * since PMF is available only with RSN and pmf=2
6093 			 * configuration would otherwise prevent connections to
6094 			 * all open networks.
6095 			 */
6096 			return NO_MGMT_FRAME_PROTECTION;
6097 		}
6098 
6099 		return wpa_s->conf->pmf;
6100 	}
6101 
6102 	return ssid->ieee80211w;
6103 #else /* CONFIG_IEEE80211W */
6104 	return NO_MGMT_FRAME_PROTECTION;
6105 #endif /* CONFIG_IEEE80211W */
6106 }
6107 
6108 
wpas_is_p2p_prioritized(struct wpa_supplicant * wpa_s)6109 int wpas_is_p2p_prioritized(struct wpa_supplicant *wpa_s)
6110 {
6111 	if (wpa_s->global->conc_pref == WPA_CONC_PREF_P2P)
6112 		return 1;
6113 	if (wpa_s->global->conc_pref == WPA_CONC_PREF_STA)
6114 		return 0;
6115 	return -1;
6116 }
6117 
6118 
wpas_auth_failed(struct wpa_supplicant * wpa_s,char * reason)6119 void wpas_auth_failed(struct wpa_supplicant *wpa_s, char *reason)
6120 {
6121 	struct wpa_ssid *ssid = wpa_s->current_ssid;
6122 	int dur;
6123 	struct os_reltime now;
6124 
6125 	if (ssid == NULL) {
6126 		wpa_printf(MSG_DEBUG, "Authentication failure but no known "
6127 			   "SSID block");
6128 		return;
6129 	}
6130 
6131 	if (ssid->key_mgmt == WPA_KEY_MGMT_WPS)
6132 		return;
6133 
6134 	ssid->auth_failures++;
6135 
6136 #ifdef CONFIG_P2P
6137 	if (ssid->p2p_group &&
6138 	    (wpa_s->p2p_in_provisioning || wpa_s->show_group_started)) {
6139 		/*
6140 		 * Skip the wait time since there is a short timeout on the
6141 		 * connection to a P2P group.
6142 		 */
6143 		return;
6144 	}
6145 #endif /* CONFIG_P2P */
6146 
6147 	if (ssid->auth_failures > 50)
6148 		dur = 300;
6149 	else if (ssid->auth_failures > 10)
6150 		dur = 120;
6151 	else if (ssid->auth_failures > 5)
6152 		dur = 90;
6153 	else if (ssid->auth_failures > 3)
6154 		dur = 60;
6155 	else if (ssid->auth_failures > 2)
6156 		dur = 30;
6157 	else if (ssid->auth_failures > 1)
6158 		dur = 20;
6159 	else
6160 		dur = 10;
6161 
6162 	if (ssid->auth_failures > 1 &&
6163 	    wpa_key_mgmt_wpa_ieee8021x(ssid->key_mgmt))
6164 		dur += os_random() % (ssid->auth_failures * 10);
6165 
6166 	os_get_reltime(&now);
6167 	if (now.sec + dur <= ssid->disabled_until.sec)
6168 		return;
6169 
6170 	ssid->disabled_until.sec = now.sec + dur;
6171 
6172 	wpa_msg(wpa_s, MSG_INFO, WPA_EVENT_TEMP_DISABLED
6173 		"id=%d ssid=\"%s\" auth_failures=%u duration=%d reason=%s",
6174 		ssid->id, wpa_ssid_txt(ssid->ssid, ssid->ssid_len),
6175 		ssid->auth_failures, dur, reason);
6176 }
6177 
6178 
wpas_clear_temp_disabled(struct wpa_supplicant * wpa_s,struct wpa_ssid * ssid,int clear_failures)6179 void wpas_clear_temp_disabled(struct wpa_supplicant *wpa_s,
6180 			      struct wpa_ssid *ssid, int clear_failures)
6181 {
6182 	if (ssid == NULL)
6183 		return;
6184 
6185 	if (ssid->disabled_until.sec) {
6186 		wpa_msg(wpa_s, MSG_INFO, WPA_EVENT_REENABLED
6187 			"id=%d ssid=\"%s\"",
6188 			ssid->id, wpa_ssid_txt(ssid->ssid, ssid->ssid_len));
6189 	}
6190 	ssid->disabled_until.sec = 0;
6191 	ssid->disabled_until.usec = 0;
6192 	if (clear_failures)
6193 		ssid->auth_failures = 0;
6194 }
6195 
6196 
disallowed_bssid(struct wpa_supplicant * wpa_s,const u8 * bssid)6197 int disallowed_bssid(struct wpa_supplicant *wpa_s, const u8 *bssid)
6198 {
6199 	size_t i;
6200 
6201 	if (wpa_s->disallow_aps_bssid == NULL)
6202 		return 0;
6203 
6204 	for (i = 0; i < wpa_s->disallow_aps_bssid_count; i++) {
6205 		if (os_memcmp(wpa_s->disallow_aps_bssid + i * ETH_ALEN,
6206 			      bssid, ETH_ALEN) == 0)
6207 			return 1;
6208 	}
6209 
6210 	return 0;
6211 }
6212 
6213 
disallowed_ssid(struct wpa_supplicant * wpa_s,const u8 * ssid,size_t ssid_len)6214 int disallowed_ssid(struct wpa_supplicant *wpa_s, const u8 *ssid,
6215 		    size_t ssid_len)
6216 {
6217 	size_t i;
6218 
6219 	if (wpa_s->disallow_aps_ssid == NULL || ssid == NULL)
6220 		return 0;
6221 
6222 	for (i = 0; i < wpa_s->disallow_aps_ssid_count; i++) {
6223 		struct wpa_ssid_value *s = &wpa_s->disallow_aps_ssid[i];
6224 		if (ssid_len == s->ssid_len &&
6225 		    os_memcmp(ssid, s->ssid, ssid_len) == 0)
6226 			return 1;
6227 	}
6228 
6229 	return 0;
6230 }
6231 
6232 
6233 /**
6234  * wpas_request_connection - Request a new connection
6235  * @wpa_s: Pointer to the network interface
6236  *
6237  * This function is used to request a new connection to be found. It will mark
6238  * the interface to allow reassociation and request a new scan to find a
6239  * suitable network to connect to.
6240  */
wpas_request_connection(struct wpa_supplicant * wpa_s)6241 void wpas_request_connection(struct wpa_supplicant *wpa_s)
6242 {
6243 	wpa_s->normal_scans = 0;
6244 	wpa_s->scan_req = NORMAL_SCAN_REQ;
6245 	wpa_supplicant_reinit_autoscan(wpa_s);
6246 	wpa_s->extra_blacklist_count = 0;
6247 	wpa_s->disconnected = 0;
6248 	wpa_s->reassociate = 1;
6249 
6250 	if (wpa_supplicant_fast_associate(wpa_s) != 1)
6251 		wpa_supplicant_req_scan(wpa_s, 0, 0);
6252 	else
6253 		wpa_s->reattach = 0;
6254 }
6255 
6256 /**
6257  * wpas_request_disconnection - Request disconnection
6258  * @wpa_s: Pointer to the network interface
6259  *
6260  * This function is used to request disconnection from the currently connected
6261  * network. This will stop any ongoing scans and initiate deauthentication.
6262  */
wpas_request_disconnection(struct wpa_supplicant * wpa_s)6263 void wpas_request_disconnection(struct wpa_supplicant *wpa_s)
6264 {
6265 #ifdef CONFIG_SME
6266 	wpa_s->sme.prev_bssid_set = 0;
6267 #endif /* CONFIG_SME */
6268 	wpa_s->reassociate = 0;
6269 	wpa_s->disconnected = 1;
6270 	wpa_supplicant_cancel_sched_scan(wpa_s);
6271 	wpa_supplicant_cancel_scan(wpa_s);
6272 	wpa_supplicant_deauthenticate(wpa_s, WLAN_REASON_DEAUTH_LEAVING);
6273 	eloop_cancel_timeout(wpas_network_reenabled, wpa_s, NULL);
6274 }
6275 
6276 
dump_freq_data(struct wpa_supplicant * wpa_s,const char * title,struct wpa_used_freq_data * freqs_data,unsigned int len)6277 void dump_freq_data(struct wpa_supplicant *wpa_s, const char *title,
6278 		    struct wpa_used_freq_data *freqs_data,
6279 		    unsigned int len)
6280 {
6281 	unsigned int i;
6282 
6283 	wpa_dbg(wpa_s, MSG_DEBUG, "Shared frequencies (len=%u): %s",
6284 		len, title);
6285 	for (i = 0; i < len; i++) {
6286 		struct wpa_used_freq_data *cur = &freqs_data[i];
6287 		wpa_dbg(wpa_s, MSG_DEBUG, "freq[%u]: %d, flags=0x%X",
6288 			i, cur->freq, cur->flags);
6289 	}
6290 }
6291 
6292 
6293 /*
6294  * Find the operating frequencies of any of the virtual interfaces that
6295  * are using the same radio as the current interface, and in addition, get
6296  * information about the interface types that are using the frequency.
6297  */
get_shared_radio_freqs_data(struct wpa_supplicant * wpa_s,struct wpa_used_freq_data * freqs_data,unsigned int len)6298 int get_shared_radio_freqs_data(struct wpa_supplicant *wpa_s,
6299 				struct wpa_used_freq_data *freqs_data,
6300 				unsigned int len)
6301 {
6302 	struct wpa_supplicant *ifs;
6303 	u8 bssid[ETH_ALEN];
6304 	int freq;
6305 	unsigned int idx = 0, i;
6306 
6307 	wpa_dbg(wpa_s, MSG_DEBUG,
6308 		"Determining shared radio frequencies (max len %u)", len);
6309 	os_memset(freqs_data, 0, sizeof(struct wpa_used_freq_data) * len);
6310 
6311 	dl_list_for_each(ifs, &wpa_s->radio->ifaces, struct wpa_supplicant,
6312 			 radio_list) {
6313 		if (idx == len)
6314 			break;
6315 
6316 		if (ifs->current_ssid == NULL || ifs->assoc_freq == 0)
6317 			continue;
6318 
6319 		if (ifs->current_ssid->mode == WPAS_MODE_AP ||
6320 		    ifs->current_ssid->mode == WPAS_MODE_P2P_GO ||
6321 		    ifs->current_ssid->mode == WPAS_MODE_MESH)
6322 			freq = ifs->current_ssid->frequency;
6323 		else if (wpa_drv_get_bssid(ifs, bssid) == 0)
6324 			freq = ifs->assoc_freq;
6325 		else
6326 			continue;
6327 
6328 		/* Hold only distinct freqs */
6329 		for (i = 0; i < idx; i++)
6330 			if (freqs_data[i].freq == freq)
6331 				break;
6332 
6333 		if (i == idx)
6334 			freqs_data[idx++].freq = freq;
6335 
6336 		if (ifs->current_ssid->mode == WPAS_MODE_INFRA) {
6337 			freqs_data[i].flags |= ifs->current_ssid->p2p_group ?
6338 				WPA_FREQ_USED_BY_P2P_CLIENT :
6339 				WPA_FREQ_USED_BY_INFRA_STATION;
6340 		}
6341 	}
6342 
6343 	dump_freq_data(wpa_s, "completed iteration", freqs_data, idx);
6344 	return idx;
6345 }
6346 
6347 
6348 /*
6349  * Find the operating frequencies of any of the virtual interfaces that
6350  * are using the same radio as the current interface.
6351  */
get_shared_radio_freqs(struct wpa_supplicant * wpa_s,int * freq_array,unsigned int len)6352 int get_shared_radio_freqs(struct wpa_supplicant *wpa_s,
6353 			   int *freq_array, unsigned int len)
6354 {
6355 	struct wpa_used_freq_data *freqs_data;
6356 	int num, i;
6357 
6358 	os_memset(freq_array, 0, sizeof(int) * len);
6359 
6360 	freqs_data = os_calloc(len, sizeof(struct wpa_used_freq_data));
6361 	if (!freqs_data)
6362 		return -1;
6363 
6364 	num = get_shared_radio_freqs_data(wpa_s, freqs_data, len);
6365 	for (i = 0; i < num; i++)
6366 		freq_array[i] = freqs_data[i].freq;
6367 
6368 	os_free(freqs_data);
6369 
6370 	return num;
6371 }
6372 
6373 
6374 struct wpa_supplicant *
wpas_vendor_elem(struct wpa_supplicant * wpa_s,enum wpa_vendor_elem_frame frame)6375 wpas_vendor_elem(struct wpa_supplicant *wpa_s, enum wpa_vendor_elem_frame frame)
6376 {
6377 	switch (frame) {
6378 #ifdef CONFIG_P2P
6379 	case VENDOR_ELEM_PROBE_REQ_P2P:
6380 	case VENDOR_ELEM_PROBE_RESP_P2P:
6381 	case VENDOR_ELEM_PROBE_RESP_P2P_GO:
6382 	case VENDOR_ELEM_BEACON_P2P_GO:
6383 	case VENDOR_ELEM_P2P_PD_REQ:
6384 	case VENDOR_ELEM_P2P_PD_RESP:
6385 	case VENDOR_ELEM_P2P_GO_NEG_REQ:
6386 	case VENDOR_ELEM_P2P_GO_NEG_RESP:
6387 	case VENDOR_ELEM_P2P_GO_NEG_CONF:
6388 	case VENDOR_ELEM_P2P_INV_REQ:
6389 	case VENDOR_ELEM_P2P_INV_RESP:
6390 	case VENDOR_ELEM_P2P_ASSOC_REQ:
6391 	case VENDOR_ELEM_P2P_ASSOC_RESP:
6392 		return wpa_s->p2pdev;
6393 #endif /* CONFIG_P2P */
6394 	default:
6395 		return wpa_s;
6396 	}
6397 }
6398 
6399 
wpas_vendor_elem_update(struct wpa_supplicant * wpa_s)6400 void wpas_vendor_elem_update(struct wpa_supplicant *wpa_s)
6401 {
6402 	unsigned int i;
6403 	char buf[30];
6404 
6405 	wpa_printf(MSG_DEBUG, "Update vendor elements");
6406 
6407 	for (i = 0; i < NUM_VENDOR_ELEM_FRAMES; i++) {
6408 		if (wpa_s->vendor_elem[i]) {
6409 			int res;
6410 
6411 			res = os_snprintf(buf, sizeof(buf), "frame[%u]", i);
6412 			if (!os_snprintf_error(sizeof(buf), res)) {
6413 				wpa_hexdump_buf(MSG_DEBUG, buf,
6414 						wpa_s->vendor_elem[i]);
6415 			}
6416 		}
6417 	}
6418 
6419 #ifdef CONFIG_P2P
6420 	if (wpa_s->parent == wpa_s &&
6421 	    wpa_s->global->p2p &&
6422 	    !wpa_s->global->p2p_disabled)
6423 		p2p_set_vendor_elems(wpa_s->global->p2p, wpa_s->vendor_elem);
6424 #endif /* CONFIG_P2P */
6425 }
6426 
6427 
wpas_vendor_elem_remove(struct wpa_supplicant * wpa_s,int frame,const u8 * elem,size_t len)6428 int wpas_vendor_elem_remove(struct wpa_supplicant *wpa_s, int frame,
6429 			    const u8 *elem, size_t len)
6430 {
6431 	u8 *ie, *end;
6432 
6433 	ie = wpabuf_mhead_u8(wpa_s->vendor_elem[frame]);
6434 	end = ie + wpabuf_len(wpa_s->vendor_elem[frame]);
6435 
6436 	for (; ie + 1 < end; ie += 2 + ie[1]) {
6437 		if (ie + len > end)
6438 			break;
6439 		if (os_memcmp(ie, elem, len) != 0)
6440 			continue;
6441 
6442 		if (wpabuf_len(wpa_s->vendor_elem[frame]) == len) {
6443 			wpabuf_free(wpa_s->vendor_elem[frame]);
6444 			wpa_s->vendor_elem[frame] = NULL;
6445 		} else {
6446 			os_memmove(ie, ie + len, end - (ie + len));
6447 			wpa_s->vendor_elem[frame]->used -= len;
6448 		}
6449 		wpas_vendor_elem_update(wpa_s);
6450 		return 0;
6451 	}
6452 
6453 	return -1;
6454 }
6455 
6456 
get_mode(struct hostapd_hw_modes * modes,u16 num_modes,enum hostapd_hw_mode mode)6457 struct hostapd_hw_modes * get_mode(struct hostapd_hw_modes *modes,
6458 				   u16 num_modes, enum hostapd_hw_mode mode)
6459 {
6460 	u16 i;
6461 
6462 	for (i = 0; i < num_modes; i++) {
6463 		if (modes[i].mode == mode)
6464 			return &modes[i];
6465 	}
6466 
6467 	return NULL;
6468 }
6469 
6470 
6471 static struct
wpas_get_disallowed_bss(struct wpa_supplicant * wpa_s,const u8 * bssid)6472 wpa_bss_tmp_disallowed * wpas_get_disallowed_bss(struct wpa_supplicant *wpa_s,
6473 						 const u8 *bssid)
6474 {
6475 	struct wpa_bss_tmp_disallowed *bss;
6476 
6477 	dl_list_for_each(bss, &wpa_s->bss_tmp_disallowed,
6478 			 struct wpa_bss_tmp_disallowed, list) {
6479 		if (os_memcmp(bssid, bss->bssid, ETH_ALEN) == 0)
6480 			return bss;
6481 	}
6482 
6483 	return NULL;
6484 }
6485 
6486 
wpa_bss_tmp_disallow(struct wpa_supplicant * wpa_s,const u8 * bssid,unsigned int sec)6487 void wpa_bss_tmp_disallow(struct wpa_supplicant *wpa_s, const u8 *bssid,
6488 			  unsigned int sec)
6489 {
6490 	struct wpa_bss_tmp_disallowed *bss;
6491 	struct os_reltime until;
6492 
6493 	os_get_reltime(&until);
6494 	until.sec += sec;
6495 
6496 	bss = wpas_get_disallowed_bss(wpa_s, bssid);
6497 	if (bss) {
6498 		bss->disallowed_until = until;
6499 		return;
6500 	}
6501 
6502 	bss = os_malloc(sizeof(*bss));
6503 	if (!bss) {
6504 		wpa_printf(MSG_DEBUG,
6505 			   "Failed to allocate memory for temp disallow BSS");
6506 		return;
6507 	}
6508 
6509 	bss->disallowed_until = until;
6510 	os_memcpy(bss->bssid, bssid, ETH_ALEN);
6511 	dl_list_add(&wpa_s->bss_tmp_disallowed, &bss->list);
6512 }
6513 
6514 
wpa_is_bss_tmp_disallowed(struct wpa_supplicant * wpa_s,const u8 * bssid)6515 int wpa_is_bss_tmp_disallowed(struct wpa_supplicant *wpa_s, const u8 *bssid)
6516 {
6517 	struct wpa_bss_tmp_disallowed *bss = NULL, *tmp, *prev;
6518 	struct os_reltime now, age;
6519 
6520 	os_get_reltime(&now);
6521 
6522 	dl_list_for_each_safe(tmp, prev, &wpa_s->bss_tmp_disallowed,
6523 			 struct wpa_bss_tmp_disallowed, list) {
6524 		if (!os_reltime_before(&now, &tmp->disallowed_until)) {
6525 			/* This BSS is not disallowed anymore */
6526 			dl_list_del(&tmp->list);
6527 			os_free(tmp);
6528 			continue;
6529 		}
6530 		if (os_memcmp(bssid, tmp->bssid, ETH_ALEN) == 0) {
6531 			bss = tmp;
6532 			break;
6533 		}
6534 	}
6535 	if (!bss)
6536 		return 0;
6537 
6538 	os_reltime_sub(&bss->disallowed_until, &now, &age);
6539 	wpa_printf(MSG_DEBUG,
6540 		   "BSS " MACSTR " disabled for %ld.%0ld seconds",
6541 		   MAC2STR(bss->bssid), age.sec, age.usec);
6542 	return 1;
6543 }
6544