wpa_supplicant.c

Go to the documentation of this file.
00001 
00020 #include <stdlib.h>
00021 #include <stdio.h>
00022 #include <stdarg.h>
00023 #include <unistd.h>
00024 #include <string.h>
00025 #include <time.h>
00026 #include <signal.h>
00027 #ifndef CONFIG_NATIVE_WINDOWS
00028 #include <netinet/in.h>
00029 #endif /* CONFIG_NATIVE_WINDOWS */
00030 
00031 #include "common.h"
00032 #include "eapol_sm.h"
00033 #include "eap.h"
00034 #include "wpa.h"
00035 #include "eloop.h"
00036 #include "wpa_supplicant.h"
00037 #include "config.h"
00038 #include "l2_packet.h"
00039 #include "wpa_supplicant_i.h"
00040 #include "ctrl_iface.h"
00041 #include "pcsc_funcs.h"
00042 #include "version.h"
00043 #include "preauth.h"
00044 #include "wpa_ctrl.h"
00045 
00046 const char *wpa_supplicant_version =
00047 "wpa_supplicant v" VERSION_STR "\n"
00048 "Copyright (c) 2003-2006, Jouni Malinen <[email protected]> and contributors";
00049 
00050 const char *wpa_supplicant_license =
00051 "This program is free software. You can distribute it and/or modify it\n"
00052 "under the terms of the GNU General Public License version 2.\n"
00053 "\n"
00054 "Alternatively, this software may be distributed under the terms of the\n"
00055 "BSD license. See README and COPYING for more details.\n"
00056 #ifdef EAP_TLS_FUNCS
00057 "\nThis product includes software developed by the OpenSSL Project\n"
00058 "for use in the OpenSSL Toolkit (http://www.openssl.org/)\n"
00059 #endif /* EAP_TLS_FUNCS */
00060 ;
00061 
00062 #ifndef CONFIG_NO_STDOUT_DEBUG
00063 const char *wpa_supplicant_full_license =
00064 "This program is free software; you can redistribute it and/or modify\n"
00065 "it under the terms of the GNU General Public License version 2 as\n"
00066 "published by the Free Software Foundation.\n"
00067 "\n"
00068 "This program is distributed in the hope that it will be useful,\n"
00069 "but WITHOUT ANY WARRANTY; without even the implied warranty of\n"
00070 "MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the\n"
00071 "GNU General Public License for more details.\n"
00072 "\n"
00073 "You should have received a copy of the GNU General Public License\n"
00074 "along with this program; if not, write to the Free Software\n"
00075 "Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA\n"
00076 "\n"
00077 "Alternatively, this software may be distributed under the terms of the\n"
00078 "BSD license.\n"
00079 "\n"
00080 "Redistribution and use in source and binary forms, with or without\n"
00081 "modification, are permitted provided that the following conditions are\n"
00082 "met:\n"
00083 "\n"
00084 "1. Redistributions of source code must retain the above copyright\n"
00085 "   notice, this list of conditions and the following disclaimer.\n"
00086 "\n"
00087 "2. Redistributions in binary form must reproduce the above copyright\n"
00088 "   notice, this list of conditions and the following disclaimer in the\n"
00089 "   documentation and/or other materials provided with the distribution.\n"
00090 "\n"
00091 "3. Neither the name(s) of the above-listed copyright holder(s) nor the\n"
00092 "   names of its contributors may be used to endorse or promote products\n"
00093 "   derived from this software without specific prior written permission.\n"
00094 "\n"
00095 "THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS\n"
00096 "\"AS IS\" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT\n"
00097 "LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR\n"
00098 "A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT\n"
00099 "OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,\n"
00100 "SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT\n"
00101 "LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,\n"
00102 "DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY\n"
00103 "THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT\n"
00104 "(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE\n"
00105 "OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n"
00106 "\n";
00107 #endif /* CONFIG_NO_STDOUT_DEBUG */
00108 
00109 extern struct wpa_driver_ops *wpa_supplicant_drivers[];
00110 
00111 extern int wpa_debug_level;
00112 extern int wpa_debug_show_keys;
00113 extern int wpa_debug_timestamp;
00114 
00115 static void wpa_supplicant_scan(void *eloop_ctx, void *timeout_ctx);
00116 
00117 void wpa_msg(struct wpa_supplicant *wpa_s, int level, char *fmt, ...)
00118 {
00119         va_list ap;
00120         char *buf;
00121         const int buflen = 2048;
00122         int len;
00123 
00124         buf = malloc(buflen);
00125         if (buf == NULL) {
00126                 printf("Failed to allocate message buffer for:\n");
00127                 va_start(ap, fmt);
00128                 vprintf(fmt, ap);
00129                 printf("\n");
00130                 va_end(ap);
00131                 return;
00132         }
00133         va_start(ap, fmt);
00134         len = vsnprintf(buf, buflen, fmt, ap);
00135         va_end(ap);
00136         wpa_printf(level, "%s", buf);
00137         wpa_supplicant_ctrl_iface_send(wpa_s, level, buf, len);
00138         free(buf);
00139 }
00140 
00141 
00142 #if defined(IEEE8021X_EAPOL) || !defined(CONFIG_NO_WPA)
00143 static u8 * wpa_alloc_eapol(const struct wpa_supplicant *wpa_s, u8 type,
00144                             const void *data, u16 data_len,
00145                             size_t *msg_len, void **data_pos)
00146 {
00147         struct ieee802_1x_hdr *hdr;
00148 
00149         *msg_len = sizeof(*hdr) + data_len;
00150         hdr = malloc(*msg_len);
00151         if (hdr == NULL)
00152                 return NULL;
00153 
00154         hdr->version = wpa_s->conf->eapol_version;
00155         hdr->type = type;
00156         hdr->length = htons(data_len);
00157 
00158         if (data)
00159                 memcpy(hdr + 1, data, data_len);
00160         else
00161                 memset(hdr + 1, 0, data_len);
00162 
00163         if (data_pos)
00164                 *data_pos = hdr + 1;
00165 
00166         return (u8 *) hdr;
00167 }
00168 
00169 
00180 static int wpa_ether_send(struct wpa_supplicant *wpa_s, const u8 *dest,
00181                           u16 proto, const u8 *buf, size_t len)
00182 {
00183         if (wpa_s->l2) {
00184                 return l2_packet_send(wpa_s->l2, dest, proto, buf, len);
00185         }
00186 
00187         return wpa_drv_send_eapol(wpa_s, dest, proto, buf, len);
00188 }
00189 #endif /* IEEE8021X_EAPOL || !CONFIG_NO_WPA */
00190 
00191 
00192 #ifdef IEEE8021X_EAPOL
00193 
00205 static int wpa_supplicant_eapol_send(void *ctx, int type, const u8 *buf,
00206                                      size_t len)
00207 {
00208         struct wpa_supplicant *wpa_s = ctx;
00209         u8 *msg, *dst, bssid[ETH_ALEN];
00210         size_t msglen;
00211         int res;
00212 
00213         /* TODO: could add l2_packet_sendmsg that allows fragments to avoid
00214          * extra copy here */
00215 
00216         if (wpa_s->key_mgmt == WPA_KEY_MGMT_PSK ||
00217             wpa_s->key_mgmt == WPA_KEY_MGMT_NONE) {
00218                 /* Current SSID is not using IEEE 802.1X/EAP, so drop possible
00219                  * EAPOL frames (mainly, EAPOL-Start) from EAPOL state
00220                  * machines. */
00221                 wpa_printf(MSG_DEBUG, "WPA: drop TX EAPOL in non-IEEE 802.1X "
00222                            "mode (type=%d len=%lu)", type,
00223                            (unsigned long) len);
00224                 return -1;
00225         }
00226 
00227         if (pmksa_cache_get_current(wpa_s->wpa) &&
00228             type == IEEE802_1X_TYPE_EAPOL_START) {
00229                 /* Trying to use PMKSA caching - do not send EAPOL-Start frames
00230                  * since they will trigger full EAPOL authentication. */
00231                 wpa_printf(MSG_DEBUG, "RSN: PMKSA caching - do not send "
00232                            "EAPOL-Start");
00233                 return -1;
00234         }
00235 
00236         if (memcmp(wpa_s->bssid, "\x00\x00\x00\x00\x00\x00", ETH_ALEN) == 0) {
00237                 wpa_printf(MSG_DEBUG, "BSSID not set when trying to send an "
00238                            "EAPOL frame");
00239                 if (wpa_drv_get_bssid(wpa_s, bssid) == 0 &&
00240                     memcmp(bssid, "\x00\x00\x00\x00\x00\x00", ETH_ALEN) != 0) {
00241                         dst = bssid;
00242                         wpa_printf(MSG_DEBUG, "Using current BSSID " MACSTR
00243                                    " from the driver as the EAPOL destination",
00244                                    MAC2STR(dst));
00245                 } else {
00246                         dst = wpa_s->last_eapol_src;
00247                         wpa_printf(MSG_DEBUG, "Using the source address of the"
00248                                    " last received EAPOL frame " MACSTR " as "
00249                                    "the EAPOL destination",
00250                                    MAC2STR(dst));
00251                 }
00252         } else {
00253                 /* BSSID was already set (from (Re)Assoc event, so use it as
00254                  * the EAPOL destination. */
00255                 dst = wpa_s->bssid;
00256         }
00257 
00258         msg = wpa_alloc_eapol(wpa_s, type, buf, len, &msglen, NULL);
00259         if (msg == NULL)
00260                 return -1;
00261 
00262         wpa_hexdump(MSG_MSGDUMP, "TX EAPOL", msg, msglen);
00263         res = wpa_ether_send(wpa_s, dst, ETH_P_EAPOL, msg, msglen);
00264         free(msg);
00265         return res;
00266 }
00267 
00268 
00279 static int wpa_eapol_set_wep_key(void *ctx, int unicast, int keyidx,
00280                                  const u8 *key, size_t keylen)
00281 {
00282         struct wpa_supplicant *wpa_s = ctx;
00283         return wpa_drv_set_key(wpa_s, WPA_ALG_WEP,
00284                                unicast ? wpa_s->bssid :
00285                                (u8 *) "\xff\xff\xff\xff\xff\xff",
00286                                keyidx, unicast, (u8 *) "", 0, key, keylen);
00287 }
00288 
00289 
00290 static void wpa_supplicant_aborted_cached(void *ctx)
00291 {
00292         struct wpa_supplicant *wpa_s = ctx;
00293         wpa_sm_aborted_cached(wpa_s->wpa);
00294 }
00295 
00296 #endif /* IEEE8021X_EAPOL */
00297 
00298 
00299 #if defined(IEEE8021X_EAPOL) || !defined(CONFIG_NO_WPA)
00300 static void wpa_supplicant_set_config_blob(void *ctx,
00301                                            struct wpa_config_blob *blob)
00302 {
00303         struct wpa_supplicant *wpa_s = ctx;
00304         wpa_config_set_blob(wpa_s->conf, blob);
00305 }
00306 
00307 
00308 static const struct wpa_config_blob *
00309 wpa_supplicant_get_config_blob(void *ctx, const char *name)
00310 {
00311         struct wpa_supplicant *wpa_s = ctx;
00312         return wpa_config_get_blob(wpa_s->conf, name);
00313 }
00314 #endif /* defined(IEEE8021X_EAPOL) || !defined(CONFIG_NO_WPA) */
00315 
00316 
00317 /* Configure default/group WEP key for static WEP */
00318 static int wpa_set_wep_key(void *ctx, int set_tx, int keyidx, const u8 *key,
00319                            size_t keylen)
00320 {
00321         struct wpa_supplicant *wpa_s = ctx;
00322         return wpa_drv_set_key(wpa_s, WPA_ALG_WEP,
00323                                (u8 *) "\xff\xff\xff\xff\xff\xff",
00324                                keyidx, set_tx, (u8 *) "", 0, key, keylen);
00325 }
00326 
00327 
00328 static int wpa_supplicant_set_wpa_none_key(struct wpa_supplicant *wpa_s,
00329                                            struct wpa_ssid *ssid)
00330 {
00331         u8 key[32];
00332         size_t keylen;
00333         wpa_alg alg;
00334         u8 seq[6] = { 0 };
00335 
00336         /* IBSS/WPA-None uses only one key (Group) for both receiving and
00337          * sending unicast and multicast packets. */
00338 
00339         if (ssid->mode != IEEE80211_MODE_IBSS) {
00340                 wpa_printf(MSG_INFO, "WPA: Invalid mode %d (not IBSS/ad-hoc) "
00341                            "for WPA-None", ssid->mode);
00342                 return -1;
00343         }
00344 
00345         if (!ssid->psk_set) {
00346                 wpa_printf(MSG_INFO, "WPA: No PSK configured for WPA-None");
00347                 return -1;
00348         }
00349 
00350         switch (wpa_s->group_cipher) {
00351         case WPA_CIPHER_CCMP:
00352                 memcpy(key, ssid->psk, 16);
00353                 keylen = 16;
00354                 alg = WPA_ALG_CCMP;
00355                 break;
00356         case WPA_CIPHER_TKIP:
00357                 /* WPA-None uses the same Michael MIC key for both TX and RX */
00358                 memcpy(key, ssid->psk, 16 + 8);
00359                 memcpy(key + 16 + 8, ssid->psk + 16, 8);
00360                 keylen = 32;
00361                 alg = WPA_ALG_TKIP;
00362                 break;
00363         default:
00364                 wpa_printf(MSG_INFO, "WPA: Invalid group cipher %d for "
00365                            "WPA-None", wpa_s->group_cipher);
00366                 return -1;
00367         }
00368 
00369         /* TODO: should actually remember the previously used seq#, both for TX
00370          * and RX from each STA.. */
00371 
00372         return wpa_drv_set_key(wpa_s, alg, (u8 *) "\xff\xff\xff\xff\xff\xff",
00373                                0, 1, seq, 6, key, keylen);
00374 }
00375 
00376 
00377 #ifdef IEEE8021X_EAPOL
00378 static void wpa_supplicant_notify_eapol_done(void *ctx)
00379 {
00380         struct wpa_supplicant *wpa_s = ctx;
00381         wpa_msg(wpa_s, MSG_DEBUG, "WPA: EAPOL processing complete");
00382         if (wpa_s->key_mgmt == WPA_KEY_MGMT_IEEE8021X) {
00383                 wpa_supplicant_set_state(wpa_s, WPA_4WAY_HANDSHAKE);
00384         } else {
00385                 eloop_cancel_timeout(wpa_supplicant_scan, wpa_s, NULL);
00386                 wpa_supplicant_cancel_auth_timeout(wpa_s);
00387                 wpa_supplicant_set_state(wpa_s, WPA_COMPLETED);
00388         }
00389 }
00390 #endif /* IEEE8021X_EAPOL */
00391 
00392 
00400 struct wpa_blacklist * wpa_blacklist_get(struct wpa_supplicant *wpa_s,
00401                                          const u8 *bssid)
00402 {
00403         struct wpa_blacklist *e;
00404 
00405         e = wpa_s->blacklist;
00406         while (e) {
00407                 if (memcmp(e->bssid, bssid, ETH_ALEN) == 0)
00408                         return e;
00409                 e = e->next;
00410         }
00411 
00412         return NULL;
00413 }
00414 
00415 
00433 int wpa_blacklist_add(struct wpa_supplicant *wpa_s, const u8 *bssid)
00434 {
00435         struct wpa_blacklist *e;
00436 
00437         e = wpa_blacklist_get(wpa_s, bssid);
00438         if (e) {
00439                 e->count++;
00440                 wpa_printf(MSG_DEBUG, "BSSID " MACSTR " blacklist count "
00441                            "incremented to %d",
00442                            MAC2STR(bssid), e->count);
00443                 return 0;
00444         }
00445 
00446         e = malloc(sizeof(*e));
00447         if (e == NULL)
00448                 return -1;
00449         memset(e, 0, sizeof(*e));
00450         memcpy(e->bssid, bssid, ETH_ALEN);
00451         e->count = 1;
00452         e->next = wpa_s->blacklist;
00453         wpa_s->blacklist = e;
00454         wpa_printf(MSG_DEBUG, "Added BSSID " MACSTR " into blacklist",
00455                    MAC2STR(bssid));
00456 
00457         return 0;
00458 }
00459 
00460 
00461 static int wpa_blacklist_del(struct wpa_supplicant *wpa_s, const u8 *bssid)
00462 {
00463         struct wpa_blacklist *e, *prev = NULL;
00464 
00465         e = wpa_s->blacklist;
00466         while (e) {
00467                 if (memcmp(e->bssid, bssid, ETH_ALEN) == 0) {
00468                         if (prev == NULL) {
00469                                 wpa_s->blacklist = e->next;
00470                         } else {
00471                                 prev->next = e->next;
00472                         }
00473                         wpa_printf(MSG_DEBUG, "Removed BSSID " MACSTR " from "
00474                                    "blacklist", MAC2STR(bssid));
00475                         free(e);
00476                         return 0;
00477                 }
00478                 prev = e;
00479                 e = e->next;
00480         }
00481         return -1;
00482 }
00483 
00484 
00490 void wpa_blacklist_clear(struct wpa_supplicant *wpa_s)
00491 {
00492         struct wpa_blacklist *e, *prev;
00493 
00494         e = wpa_s->blacklist;
00495         wpa_s->blacklist = NULL;
00496         while (e) {
00497                 prev = e;
00498                 e = e->next;
00499                 wpa_printf(MSG_DEBUG, "Removed BSSID " MACSTR " from "
00500                            "blacklist (clear)", MAC2STR(prev->bssid));
00501                 free(prev);
00502         }
00503 }
00504 
00505 
00521 const char * wpa_ssid_txt(u8 *ssid, size_t ssid_len)
00522 {
00523         static char ssid_txt[MAX_SSID_LEN + 1];
00524         char *pos;
00525 
00526         if (ssid_len > MAX_SSID_LEN)
00527                 ssid_len = MAX_SSID_LEN;
00528         memcpy(ssid_txt, ssid, ssid_len);
00529         ssid_txt[ssid_len] = '\0';
00530         for (pos = ssid_txt; *pos != '\0'; pos++) {
00531                 if ((u8) *pos < 32 || (u8) *pos >= 127)
00532                         *pos = '_';
00533         }
00534         return ssid_txt;
00535 }
00536 
00537 
00548 void wpa_supplicant_req_scan(struct wpa_supplicant *wpa_s, int sec, int usec)
00549 {
00550         wpa_msg(wpa_s, MSG_DEBUG, "Setting scan request: %d sec %d usec",
00551                 sec, usec);
00552         eloop_cancel_timeout(wpa_supplicant_scan, wpa_s, NULL);
00553         eloop_register_timeout(sec, usec, wpa_supplicant_scan, wpa_s, NULL);
00554 }
00555 
00556 
00565 void wpa_supplicant_cancel_scan(struct wpa_supplicant *wpa_s)
00566 {
00567         wpa_msg(wpa_s, MSG_DEBUG, "Cancelling scan request");
00568         eloop_cancel_timeout(wpa_supplicant_scan, wpa_s, NULL);
00569 }
00570 
00571 
00572 static void wpa_supplicant_timeout(void *eloop_ctx, void *timeout_ctx)
00573 {
00574         struct wpa_supplicant *wpa_s = eloop_ctx;
00575         wpa_msg(wpa_s, MSG_INFO, "Authentication with " MACSTR " timed out.",
00576                 MAC2STR(wpa_s->bssid));
00577         wpa_blacklist_add(wpa_s, wpa_s->bssid);
00578         wpa_sm_notify_disassoc(wpa_s->wpa);
00579         wpa_supplicant_disassociate(wpa_s, REASON_DEAUTH_LEAVING);
00580         wpa_s->reassociate = 1;
00581         wpa_supplicant_req_scan(wpa_s, 0, 0);
00582 }
00583 
00584 
00595 void wpa_supplicant_req_auth_timeout(struct wpa_supplicant *wpa_s,
00596                                      int sec, int usec)
00597 {
00598         if (wpa_s->conf && wpa_s->conf->ap_scan == 0 &&
00599             wpa_s->driver && strcmp(wpa_s->driver->name, "wired") == 0)
00600                 return;
00601 
00602         wpa_msg(wpa_s, MSG_DEBUG, "Setting authentication timeout: %d sec "
00603                 "%d usec", sec, usec);
00604         eloop_cancel_timeout(wpa_supplicant_timeout, wpa_s, NULL);
00605         eloop_register_timeout(sec, usec, wpa_supplicant_timeout, wpa_s, NULL);
00606 }
00607 
00608 
00618 void wpa_supplicant_cancel_auth_timeout(struct wpa_supplicant *wpa_s)
00619 {
00620         wpa_msg(wpa_s, MSG_DEBUG, "Cancelling authentication timeout");
00621         eloop_cancel_timeout(wpa_supplicant_timeout, wpa_s, NULL);
00622         wpa_blacklist_del(wpa_s, wpa_s->bssid);
00623 }
00624 
00625 
00634 void wpa_supplicant_initiate_eapol(struct wpa_supplicant *wpa_s)
00635 {
00636         struct eapol_config eapol_conf;
00637         struct wpa_ssid *ssid = wpa_s->current_ssid;
00638 
00639         if (wpa_s->key_mgmt == WPA_KEY_MGMT_PSK) {
00640                 eapol_sm_notify_eap_success(wpa_s->eapol, FALSE);
00641                 eapol_sm_notify_eap_fail(wpa_s->eapol, FALSE);
00642         }
00643         if (wpa_s->key_mgmt == WPA_KEY_MGMT_NONE ||
00644             wpa_s->key_mgmt == WPA_KEY_MGMT_WPA_NONE)
00645                 eapol_sm_notify_portControl(wpa_s->eapol, ForceAuthorized);
00646         else
00647                 eapol_sm_notify_portControl(wpa_s->eapol, Auto);
00648 
00649         memset(&eapol_conf, 0, sizeof(eapol_conf));
00650         if (wpa_s->key_mgmt == WPA_KEY_MGMT_IEEE8021X_NO_WPA) {
00651                 eapol_conf.accept_802_1x_keys = 1;
00652                 eapol_conf.required_keys = 0;
00653                 if (ssid->eapol_flags & EAPOL_FLAG_REQUIRE_KEY_UNICAST) {
00654                         eapol_conf.required_keys |= EAPOL_REQUIRE_KEY_UNICAST;
00655                 }
00656                 if (ssid->eapol_flags & EAPOL_FLAG_REQUIRE_KEY_BROADCAST) {
00657                         eapol_conf.required_keys |=
00658                                 EAPOL_REQUIRE_KEY_BROADCAST;
00659                 }
00660 
00661                 if (wpa_s->conf && wpa_s->driver &&
00662                     strcmp(wpa_s->driver->name, "wired") == 0) {
00663                         eapol_conf.required_keys = 0;
00664                 }
00665         }
00666         eapol_conf.fast_reauth = wpa_s->conf->fast_reauth;
00667         eapol_conf.workaround = ssid->eap_workaround;
00668         eapol_conf.eap_disabled = wpa_s->key_mgmt != WPA_KEY_MGMT_IEEE8021X &&
00669                 wpa_s->key_mgmt != WPA_KEY_MGMT_IEEE8021X_NO_WPA;
00670         eapol_sm_notify_config(wpa_s->eapol, ssid, &eapol_conf);
00671 }
00672 
00673 
00684 void wpa_supplicant_set_non_wpa_policy(struct wpa_supplicant *wpa_s,
00685                                        struct wpa_ssid *ssid)
00686 {
00687         int i;
00688 
00689         if (ssid->key_mgmt & WPA_KEY_MGMT_IEEE8021X_NO_WPA)
00690                 wpa_s->key_mgmt = WPA_KEY_MGMT_IEEE8021X_NO_WPA;
00691         else
00692                 wpa_s->key_mgmt = WPA_KEY_MGMT_NONE;
00693         wpa_sm_set_ap_wpa_ie(wpa_s->wpa, NULL, 0);
00694         wpa_sm_set_ap_rsn_ie(wpa_s->wpa, NULL, 0);
00695         wpa_sm_set_assoc_wpa_ie(wpa_s->wpa, NULL, 0);
00696         wpa_s->pairwise_cipher = WPA_CIPHER_NONE;
00697         wpa_s->group_cipher = WPA_CIPHER_NONE;
00698 
00699         for (i = 0; i < NUM_WEP_KEYS; i++) {
00700                 if (ssid->wep_key_len[i] > 5) {
00701                         wpa_s->pairwise_cipher = WPA_CIPHER_WEP104;
00702                         wpa_s->group_cipher = WPA_CIPHER_WEP104;
00703                         break;
00704                 } else if (ssid->wep_key_len[i] > 0) {
00705                         wpa_s->pairwise_cipher = WPA_CIPHER_WEP40;
00706                         wpa_s->group_cipher = WPA_CIPHER_WEP40;
00707                         break;
00708                 }
00709         }
00710 
00711         wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_KEY_MGMT, wpa_s->key_mgmt);
00712         wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_PAIRWISE,
00713                          wpa_s->pairwise_cipher);
00714         wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_GROUP, wpa_s->group_cipher);
00715 
00716         pmksa_cache_clear_current(wpa_s->wpa);
00717 }
00718 
00719 
00720 static void wpa_supplicant_cleanup(struct wpa_supplicant *wpa_s)
00721 {
00722         scard_deinit(wpa_s->scard);
00723         wpa_s->scard = NULL;
00724         wpa_sm_set_scard_ctx(wpa_s->wpa, NULL);
00725         eapol_sm_register_scard_ctx(wpa_s->eapol, NULL);
00726         l2_packet_deinit(wpa_s->l2);
00727         wpa_s->l2 = NULL;
00728 
00729         wpa_supplicant_ctrl_iface_deinit(wpa_s);
00730         if (wpa_s->conf != NULL) {
00731                 wpa_config_free(wpa_s->conf);
00732                 wpa_s->conf = NULL;
00733         }
00734 
00735         free(wpa_s->confname);
00736         wpa_s->confname = NULL;
00737 
00738         wpa_sm_set_eapol(wpa_s->wpa, NULL);
00739         eapol_sm_deinit(wpa_s->eapol);
00740         wpa_s->eapol = NULL;
00741 
00742         rsn_preauth_deinit(wpa_s->wpa);
00743 
00744         pmksa_candidate_free(wpa_s->wpa);
00745         pmksa_cache_free(wpa_s->wpa);
00746         wpa_sm_deinit(wpa_s->wpa);
00747         wpa_s->wpa = NULL;
00748         wpa_blacklist_clear(wpa_s);
00749 
00750         free(wpa_s->scan_results);
00751         wpa_s->scan_results = NULL;
00752         wpa_s->num_scan_results = 0;
00753 
00754         wpa_supplicant_cancel_scan(wpa_s);
00755 }
00756 
00757 
00767 void wpa_clear_keys(struct wpa_supplicant *wpa_s, const u8 *addr)
00768 {
00769         u8 *bcast = (u8 *) "\xff\xff\xff\xff\xff\xff";
00770 
00771         if (wpa_s->keys_cleared) {
00772                 /* Some drivers (e.g., ndiswrapper & NDIS drivers) seem to have
00773                  * timing issues with keys being cleared just before new keys
00774                  * are set or just after association or something similar. This
00775                  * shows up in group key handshake failing often because of the
00776                  * client not receiving the first encrypted packets correctly.
00777                  * Skipping some of the extra key clearing steps seems to help
00778                  * in completing group key handshake more reliably. */
00779                 wpa_printf(MSG_DEBUG, "No keys have been configured - "
00780                            "skip key clearing");
00781                 return;
00782         }
00783 
00784         wpa_drv_set_key(wpa_s, WPA_ALG_NONE, bcast, 0, 0, NULL, 0, NULL, 0);
00785         wpa_drv_set_key(wpa_s, WPA_ALG_NONE, bcast, 1, 0, NULL, 0, NULL, 0);
00786         wpa_drv_set_key(wpa_s, WPA_ALG_NONE, bcast, 2, 0, NULL, 0, NULL, 0);
00787         wpa_drv_set_key(wpa_s, WPA_ALG_NONE, bcast, 3, 0, NULL, 0, NULL, 0);
00788         if (addr) {
00789                 wpa_drv_set_key(wpa_s, WPA_ALG_NONE, addr, 0, 0, NULL, 0, NULL,
00790                                 0);
00791         }
00792         wpa_s->keys_cleared = 1;
00793 }
00794 
00795 
00802 const char * wpa_supplicant_state_txt(int state)
00803 {
00804         switch (state) {
00805         case WPA_DISCONNECTED:
00806                 return "DISCONNECTED";
00807         case WPA_INACTIVE:
00808                 return "INACTIVE";
00809         case WPA_SCANNING:
00810                 return "SCANNING";
00811         case WPA_ASSOCIATING:
00812                 return "ASSOCIATING";
00813         case WPA_ASSOCIATED:
00814                 return "ASSOCIATED";
00815         case WPA_4WAY_HANDSHAKE:
00816                 return "4WAY_HANDSHAKE";
00817         case WPA_GROUP_HANDSHAKE:
00818                 return "GROUP_HANDSHAKE";
00819         case WPA_COMPLETED:
00820                 return "COMPLETED";
00821         default:
00822                 return "UNKNOWN";
00823         }
00824 }
00825 
00826 
00836 void wpa_supplicant_set_state(struct wpa_supplicant *wpa_s, wpa_states state)
00837 {
00838         wpa_printf(MSG_DEBUG, "State: %s -> %s",
00839                    wpa_supplicant_state_txt(wpa_s->wpa_state),
00840                    wpa_supplicant_state_txt(state));
00841         if (state == WPA_COMPLETED && wpa_s->new_connection) {
00842                 wpa_s->new_connection = 0;
00843                 wpa_msg(wpa_s, MSG_INFO, WPA_EVENT_CONNECTED "- Connection to "
00844                         MACSTR " completed %s",
00845                         MAC2STR(wpa_s->bssid), wpa_s->reassociated_connection ?
00846                         "(reauth)" : "(auth)");
00847                 wpa_s->reassociated_connection = 1;
00848         } else if (state == WPA_DISCONNECTED || state == WPA_ASSOCIATING ||
00849                    state == WPA_ASSOCIATED) {
00850                 wpa_s->new_connection = 1;
00851         }
00852         wpa_s->wpa_state = state;
00853 }
00854 
00855 
00862 wpa_states wpa_supplicant_get_state(struct wpa_supplicant *wpa_s)
00863 {
00864         return wpa_s->wpa_state;
00865 }
00866 
00867 
00868 static void wpa_supplicant_terminate(int sig, void *eloop_ctx,
00869                                      void *signal_ctx)
00870 {
00871         struct wpa_global *global = eloop_ctx;
00872         struct wpa_supplicant *wpa_s;
00873         for (wpa_s = global->ifaces; wpa_s; wpa_s = wpa_s->next) {
00874                 wpa_msg(wpa_s, MSG_INFO, WPA_EVENT_TERMINATING "- signal %d "
00875                         "received", sig);
00876         }
00877         eloop_terminate();
00878 }
00879 
00880 
00893 int wpa_supplicant_reload_configuration(struct wpa_supplicant *wpa_s)
00894 {
00895         struct wpa_config *conf;
00896         int reconf_ctrl;
00897         if (wpa_s->confname == NULL)
00898                 return -1;
00899         conf = wpa_config_read(wpa_s->confname);
00900         if (conf == NULL) {
00901                 wpa_msg(wpa_s, MSG_ERROR, "Failed to parse the configuration "
00902                         "file '%s' - exiting", wpa_s->confname);
00903                 return -1;
00904         }
00905 
00906         reconf_ctrl = !!conf->ctrl_interface != !!wpa_s->conf->ctrl_interface
00907                 || (conf->ctrl_interface && wpa_s->conf->ctrl_interface &&
00908                     strcmp(conf->ctrl_interface, wpa_s->conf->ctrl_interface)
00909                     != 0);
00910 
00911         if (reconf_ctrl)
00912                 wpa_supplicant_ctrl_iface_deinit(wpa_s);
00913 
00914         wpa_s->current_ssid = NULL;
00915         /*
00916          * TODO: should notify EAPOL SM about changes in opensc_engine_path,
00917          * pkcs11_engine_path, pkcs11_module_path.
00918          */ 
00919         eapol_sm_notify_config(wpa_s->eapol, NULL, NULL);
00920         wpa_sm_set_config(wpa_s->wpa, NULL);
00921         wpa_sm_set_fast_reauth(wpa_s->wpa, wpa_s->conf->fast_reauth);
00922         pmksa_cache_notify_reconfig(wpa_s->wpa);
00923         rsn_preauth_deinit(wpa_s->wpa);
00924         wpa_config_free(wpa_s->conf);
00925         wpa_s->conf = conf;
00926         if (reconf_ctrl)
00927                 wpa_supplicant_ctrl_iface_init(wpa_s);
00928         wpa_s->reassociate = 1;
00929         wpa_supplicant_req_scan(wpa_s, 0, 0);
00930         wpa_msg(wpa_s, MSG_DEBUG, "Reconfiguration completed");
00931         return 0;
00932 }
00933 
00934 
00935 #ifndef CONFIG_NATIVE_WINDOWS
00936 static void wpa_supplicant_reconfig(int sig, void *eloop_ctx,
00937                                     void *signal_ctx)
00938 {
00939         struct wpa_global *global = eloop_ctx;
00940         struct wpa_supplicant *wpa_s;
00941         wpa_printf(MSG_DEBUG, "Signal %d received - reconfiguring", sig);
00942         for (wpa_s = global->ifaces; wpa_s; wpa_s = wpa_s->next) {
00943                 if (wpa_supplicant_reload_configuration(wpa_s) < 0) {
00944                         eloop_terminate();
00945                 }
00946         }
00947 }
00948 #endif /* CONFIG_NATIVE_WINDOWS */
00949 
00950 
00951 static void wpa_supplicant_gen_assoc_event(struct wpa_supplicant *wpa_s)
00952 {
00953         struct wpa_ssid *ssid;
00954         union wpa_event_data data;
00955 
00956         ssid = wpa_supplicant_get_ssid(wpa_s);
00957         if (ssid == NULL)
00958                 return;
00959 
00960         if (wpa_s->current_ssid == NULL)
00961                 wpa_s->current_ssid = ssid;
00962         wpa_supplicant_initiate_eapol(wpa_s);
00963         wpa_printf(MSG_DEBUG, "Already associated with a configured network - "
00964                    "generating associated event");
00965         memset(&data, 0, sizeof(data));
00966         wpa_supplicant_event(wpa_s, EVENT_ASSOC, &data);
00967 }
00968 
00969 
00970 static void wpa_supplicant_scan(void *eloop_ctx, void *timeout_ctx)
00971 {
00972         struct wpa_supplicant *wpa_s = eloop_ctx;
00973         struct wpa_ssid *ssid;
00974         int enabled, scan_req = 0;
00975 
00976         if (wpa_s->disconnected)
00977                 return;
00978 
00979         enabled = 0;
00980         ssid = wpa_s->conf->ssid;
00981         while (ssid) {
00982                 if (!ssid->disabled) {
00983                         enabled++;
00984                         break;
00985                 }
00986                 ssid = ssid->next;
00987         }
00988         if (!enabled && !wpa_s->scan_req) {
00989                 wpa_printf(MSG_DEBUG, "No enabled networks - do not scan");
00990                 wpa_supplicant_set_state(wpa_s, WPA_INACTIVE);
00991                 return;
00992         }
00993         scan_req = wpa_s->scan_req;
00994         wpa_s->scan_req = 0;
00995 
00996         if (wpa_s->conf->ap_scan == 0) {
00997                 wpa_supplicant_gen_assoc_event(wpa_s);
00998                 return;
00999         }
01000 
01001         if (wpa_s->wpa_state == WPA_DISCONNECTED ||
01002             wpa_s->wpa_state == WPA_INACTIVE)
01003                 wpa_supplicant_set_state(wpa_s, WPA_SCANNING);
01004 
01005         ssid = wpa_s->conf->ssid;
01006         if (wpa_s->prev_scan_ssid != BROADCAST_SSID_SCAN) {
01007                 while (ssid) {
01008                         if (ssid == wpa_s->prev_scan_ssid) {
01009                                 ssid = ssid->next;
01010                                 break;
01011                         }
01012                         ssid = ssid->next;
01013                 }
01014         }
01015         while (ssid) {
01016                 if (!ssid->disabled &&
01017                     (ssid->scan_ssid || wpa_s->conf->ap_scan == 2))
01018                         break;
01019                 ssid = ssid->next;
01020         }
01021 
01022         if (scan_req != 2 && wpa_s->conf->ap_scan == 2) {
01023                 /*
01024                  * ap_scan=2 mode - try to associate with each SSID instead of
01025                  * scanning for each scan_ssid=1 network.
01026                  */
01027                 if (ssid == NULL)
01028                         return;
01029                 if (ssid->next) {
01030                         /* Continue from the next SSID on the next attempt. */
01031                         wpa_s->prev_scan_ssid = ssid;
01032                 } else {
01033                         /* Start from the beginning of the SSID list. */
01034                         wpa_s->prev_scan_ssid = BROADCAST_SSID_SCAN;
01035                 }
01036                 wpa_supplicant_associate(wpa_s, NULL, ssid);
01037                 return;
01038         }
01039 
01040         wpa_printf(MSG_DEBUG, "Starting AP scan (%s SSID)",
01041                    ssid ? "specific": "broadcast");
01042         if (ssid) {
01043                 wpa_hexdump_ascii(MSG_DEBUG, "Scan SSID",
01044                                   ssid->ssid, ssid->ssid_len);
01045                 wpa_s->prev_scan_ssid = ssid;
01046         } else
01047                 wpa_s->prev_scan_ssid = BROADCAST_SSID_SCAN;
01048 
01049         if (wpa_drv_scan(wpa_s, ssid ? ssid->ssid : NULL,
01050                          ssid ? ssid->ssid_len : 0)) {
01051                 wpa_printf(MSG_WARNING, "Failed to initiate AP scan.");
01052                 wpa_supplicant_req_scan(wpa_s, 10, 0);
01053         }
01054 }
01055 
01056 
01057 static wpa_cipher cipher_suite2driver(int cipher)
01058 {
01059         switch (cipher) {
01060         case WPA_CIPHER_NONE:
01061                 return CIPHER_NONE;
01062         case WPA_CIPHER_WEP40:
01063                 return CIPHER_WEP40;
01064         case WPA_CIPHER_WEP104:
01065                 return CIPHER_WEP104;
01066         case WPA_CIPHER_CCMP:
01067                 return CIPHER_CCMP;
01068         case WPA_CIPHER_TKIP:
01069         default:
01070                 return CIPHER_TKIP;
01071         }
01072 }
01073 
01074 
01075 static wpa_key_mgmt key_mgmt2driver(int key_mgmt)
01076 {
01077         switch (key_mgmt) {
01078         case WPA_KEY_MGMT_NONE:
01079                 return KEY_MGMT_NONE;
01080         case WPA_KEY_MGMT_IEEE8021X_NO_WPA:
01081                 return KEY_MGMT_802_1X_NO_WPA;
01082         case WPA_KEY_MGMT_IEEE8021X:
01083                 return KEY_MGMT_802_1X;
01084         case WPA_KEY_MGMT_WPA_NONE:
01085                 return KEY_MGMT_WPA_NONE;
01086         case WPA_KEY_MGMT_PSK:
01087         default:
01088                 return KEY_MGMT_PSK;
01089         }
01090 }
01091 
01092 
01093 static int wpa_supplicant_suites_from_ai(struct wpa_supplicant *wpa_s,
01094                                          struct wpa_ssid *ssid,
01095                                          struct wpa_ie_data *ie)
01096 {
01097         int ret = wpa_sm_parse_own_wpa_ie(wpa_s->wpa, ie);
01098         if (ret) {
01099                 if (ret == -2) {
01100                         wpa_msg(wpa_s, MSG_INFO, "WPA: Failed to parse WPA IE "
01101                                 "from association info");
01102                 }
01103                 return -1;
01104         }
01105 
01106         wpa_printf(MSG_DEBUG, "WPA: Using WPA IE from AssocReq to set cipher "
01107                    "suites");
01108         if (!(ie->group_cipher & ssid->group_cipher)) {
01109                 wpa_msg(wpa_s, MSG_INFO, "WPA: Driver used disabled group "
01110                         "cipher 0x%x (mask 0x%x) - reject",
01111                         ie->group_cipher, ssid->group_cipher);
01112                 return -1;
01113         }
01114         if (!(ie->pairwise_cipher & ssid->pairwise_cipher)) {
01115                 wpa_msg(wpa_s, MSG_INFO, "WPA: Driver used disabled pairwise "
01116                         "cipher 0x%x (mask 0x%x) - reject",
01117                         ie->pairwise_cipher, ssid->pairwise_cipher);
01118                 return -1;
01119         }
01120         if (!(ie->key_mgmt & ssid->key_mgmt)) {
01121                 wpa_msg(wpa_s, MSG_INFO, "WPA: Driver used disabled key "
01122                         "management 0x%x (mask 0x%x) - reject",
01123                         ie->key_mgmt, ssid->key_mgmt);
01124                 return -1;
01125         }
01126 
01127         return 0;
01128 }
01129 
01130 
01146 int wpa_supplicant_set_suites(struct wpa_supplicant *wpa_s,
01147                               struct wpa_scan_result *bss,
01148                               struct wpa_ssid *ssid,
01149                               u8 *wpa_ie, size_t *wpa_ie_len)
01150 {
01151         struct wpa_ie_data ie;
01152         int sel, proto;
01153 
01154         if (bss && bss->rsn_ie_len && (ssid->proto & WPA_PROTO_RSN) &&
01155             wpa_parse_wpa_ie(bss->rsn_ie, bss->rsn_ie_len, &ie) == 0 &&
01156             (ie.group_cipher & ssid->group_cipher) &&
01157             (ie.pairwise_cipher & ssid->pairwise_cipher) &&
01158             (ie.key_mgmt & ssid->key_mgmt)) {
01159                 wpa_msg(wpa_s, MSG_DEBUG, "RSN: using IEEE 802.11i/D9.0");
01160                 proto = WPA_PROTO_RSN;
01161         } else if (bss && bss->wpa_ie_len && (ssid->proto & WPA_PROTO_WPA) &&
01162                    wpa_parse_wpa_ie(bss->wpa_ie, bss->wpa_ie_len, &ie) == 0 &&
01163                    (ie.group_cipher & ssid->group_cipher) &&
01164                    (ie.pairwise_cipher & ssid->pairwise_cipher) &&
01165                    (ie.key_mgmt & ssid->key_mgmt)) {
01166                 wpa_msg(wpa_s, MSG_DEBUG, "WPA: using IEEE 802.11i/D3.0");
01167                 proto = WPA_PROTO_WPA;
01168         } else if (bss) {
01169                 wpa_msg(wpa_s, MSG_WARNING, "WPA: Failed to select WPA/RSN");
01170                 return -1;
01171         } else {
01172                 if (ssid->proto & WPA_PROTO_RSN)
01173                         proto = WPA_PROTO_RSN;
01174                 else
01175                         proto = WPA_PROTO_WPA;
01176                 if (wpa_supplicant_suites_from_ai(wpa_s, ssid, &ie) < 0) {
01177                         memset(&ie, 0, sizeof(ie));
01178                         ie.group_cipher = ssid->group_cipher;
01179                         ie.pairwise_cipher = ssid->pairwise_cipher;
01180                         ie.key_mgmt = ssid->key_mgmt;
01181                         wpa_printf(MSG_DEBUG, "WPA: Set cipher suites based "
01182                                    "on configuration");
01183                 }
01184         }
01185 
01186         wpa_printf(MSG_DEBUG, "WPA: Selected cipher suites: group %d "
01187                    "pairwise %d key_mgmt %d",
01188                    ie.group_cipher, ie.pairwise_cipher, ie.key_mgmt);
01189 
01190         wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_PROTO, proto);
01191 
01192         if (wpa_sm_set_ap_wpa_ie(wpa_s->wpa, bss ? bss->wpa_ie : NULL,
01193                                  bss ? bss->wpa_ie_len : 0) ||
01194             wpa_sm_set_ap_rsn_ie(wpa_s->wpa, bss ? bss->rsn_ie : NULL,
01195                                  bss ? bss->rsn_ie_len : 0))
01196                 return -1;
01197 
01198         sel = ie.group_cipher & ssid->group_cipher;
01199         if (sel & WPA_CIPHER_CCMP) {
01200                 wpa_s->group_cipher = WPA_CIPHER_CCMP;
01201                 wpa_msg(wpa_s, MSG_DEBUG, "WPA: using GTK CCMP");
01202         } else if (sel & WPA_CIPHER_TKIP) {
01203                 wpa_s->group_cipher = WPA_CIPHER_TKIP;
01204                 wpa_msg(wpa_s, MSG_DEBUG, "WPA: using GTK TKIP");
01205         } else if (sel & WPA_CIPHER_WEP104) {
01206                 wpa_s->group_cipher = WPA_CIPHER_WEP104;
01207                 wpa_msg(wpa_s, MSG_DEBUG, "WPA: using GTK WEP104");
01208         } else if (sel & WPA_CIPHER_WEP40) {
01209                 wpa_s->group_cipher = WPA_CIPHER_WEP40;
01210                 wpa_msg(wpa_s, MSG_DEBUG, "WPA: using GTK WEP40");
01211         } else {
01212                 wpa_printf(MSG_WARNING, "WPA: Failed to select group cipher.");
01213                 return -1;
01214         }
01215 
01216         sel = ie.pairwise_cipher & ssid->pairwise_cipher;
01217         if (sel & WPA_CIPHER_CCMP) {
01218                 wpa_s->pairwise_cipher = WPA_CIPHER_CCMP;
01219                 wpa_msg(wpa_s, MSG_DEBUG, "WPA: using PTK CCMP");
01220         } else if (sel & WPA_CIPHER_TKIP) {
01221                 wpa_s->pairwise_cipher = WPA_CIPHER_TKIP;
01222                 wpa_msg(wpa_s, MSG_DEBUG, "WPA: using PTK TKIP");
01223         } else if (sel & WPA_CIPHER_NONE) {
01224                 wpa_s->pairwise_cipher = WPA_CIPHER_NONE;
01225                 wpa_msg(wpa_s, MSG_DEBUG, "WPA: using PTK NONE");
01226         } else {
01227                 wpa_printf(MSG_WARNING, "WPA: Failed to select pairwise "
01228                            "cipher.");
01229                 return -1;
01230         }
01231 
01232         sel = ie.key_mgmt & ssid->key_mgmt;
01233         if (sel & WPA_KEY_MGMT_IEEE8021X) {
01234                 wpa_s->key_mgmt = WPA_KEY_MGMT_IEEE8021X;
01235                 wpa_msg(wpa_s, MSG_DEBUG, "WPA: using KEY_MGMT 802.1X");
01236         } else if (sel & WPA_KEY_MGMT_PSK) {
01237                 wpa_s->key_mgmt = WPA_KEY_MGMT_PSK;
01238                 wpa_msg(wpa_s, MSG_DEBUG, "WPA: using KEY_MGMT WPA-PSK");
01239         } else if (sel & WPA_KEY_MGMT_WPA_NONE) {
01240                 wpa_s->key_mgmt = WPA_KEY_MGMT_WPA_NONE;
01241                 wpa_msg(wpa_s, MSG_DEBUG, "WPA: using KEY_MGMT WPA-NONE");
01242         } else {
01243                 wpa_printf(MSG_WARNING, "WPA: Failed to select authenticated "
01244                            "key management type.");
01245                 return -1;
01246         }
01247 
01248         wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_KEY_MGMT, wpa_s->key_mgmt);
01249         wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_PAIRWISE,
01250                          wpa_s->pairwise_cipher);
01251         wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_GROUP, wpa_s->group_cipher);
01252 
01253         if (wpa_sm_set_assoc_wpa_ie_default(wpa_s->wpa, wpa_ie, wpa_ie_len)) {
01254                 wpa_printf(MSG_WARNING, "WPA: Failed to generate WPA IE.");
01255                 return -1;
01256         }
01257 
01258         if (ssid->key_mgmt & WPA_KEY_MGMT_PSK)
01259                 wpa_sm_set_pmk(wpa_s->wpa, ssid->psk, PMK_LEN);
01260         else
01261                 wpa_sm_set_pmk_from_pmksa(wpa_s->wpa);
01262 
01263         return 0;
01264 }
01265 
01266 
01276 void wpa_supplicant_associate(struct wpa_supplicant *wpa_s,
01277                               struct wpa_scan_result *bss,
01278                               struct wpa_ssid *ssid)
01279 {
01280         u8 wpa_ie[80];
01281         size_t wpa_ie_len;
01282         int use_crypt;
01283         int algs = AUTH_ALG_OPEN_SYSTEM;
01284         int cipher_pairwise, cipher_group;
01285         struct wpa_driver_associate_params params;
01286         int wep_keys_set = 0;
01287         struct wpa_driver_capa capa;
01288         int assoc_failed = 0;
01289 
01290         wpa_s->reassociate = 0;
01291         if (bss) {
01292                 wpa_msg(wpa_s, MSG_INFO, "Trying to associate with " MACSTR
01293                         " (SSID='%s' freq=%d MHz)", MAC2STR(bss->bssid),
01294                         wpa_ssid_txt(bss->ssid, bss->ssid_len), bss->freq);
01295                 memset(wpa_s->bssid, 0, ETH_ALEN);
01296         } else {
01297                 wpa_msg(wpa_s, MSG_INFO, "Trying to associate with SSID '%s'",
01298                         wpa_ssid_txt(ssid->ssid, ssid->ssid_len));
01299         }
01300         wpa_supplicant_cancel_scan(wpa_s);
01301 
01302         /* Starting new association, so clear the possibly used WPA IE from the
01303          * previous association. */
01304         wpa_sm_set_assoc_wpa_ie(wpa_s->wpa, NULL, 0);
01305 
01306         if (ssid->key_mgmt & WPA_KEY_MGMT_IEEE8021X_NO_WPA) {
01307                 if (ssid->leap) {
01308                         if (ssid->non_leap == 0)
01309                                 algs = AUTH_ALG_LEAP;
01310                         else
01311                                 algs |= AUTH_ALG_LEAP;
01312                 }
01313         }
01314         wpa_printf(MSG_DEBUG, "Automatic auth_alg selection: 0x%x", algs);
01315         if (ssid->auth_alg) {
01316                 algs = 0;
01317                 if (ssid->auth_alg & WPA_AUTH_ALG_OPEN)
01318                         algs |= AUTH_ALG_OPEN_SYSTEM;
01319                 if (ssid->auth_alg & WPA_AUTH_ALG_SHARED)
01320                         algs |= AUTH_ALG_SHARED_KEY;
01321                 if (ssid->auth_alg & WPA_AUTH_ALG_LEAP)
01322                         algs |= AUTH_ALG_LEAP;
01323                 wpa_printf(MSG_DEBUG, "Overriding auth_alg selection: 0x%x",
01324                            algs);
01325         }
01326         wpa_drv_set_auth_alg(wpa_s, algs);
01327 
01328         if (bss && (bss->wpa_ie_len || bss->rsn_ie_len) &&
01329             (ssid->key_mgmt & (WPA_KEY_MGMT_IEEE8021X | WPA_KEY_MGMT_PSK))) {
01330                 int try_opportunistic;
01331                 try_opportunistic = ssid->proactive_key_caching &&
01332                         (ssid->proto & WPA_PROTO_RSN);
01333                 if (pmksa_cache_set_current(wpa_s->wpa, NULL, bss->bssid,
01334                                             wpa_s->current_ssid,
01335                                             try_opportunistic) == 0)
01336                         eapol_sm_notify_pmkid_attempt(wpa_s->eapol, 1);
01337                 wpa_ie_len = sizeof(wpa_ie);
01338                 if (wpa_supplicant_set_suites(wpa_s, bss, ssid,
01339                                               wpa_ie, &wpa_ie_len)) {
01340                         wpa_printf(MSG_WARNING, "WPA: Failed to set WPA key "
01341                                    "management and encryption suites");
01342                         return;
01343                 }
01344         } else if (ssid->key_mgmt &
01345                    (WPA_KEY_MGMT_PSK | WPA_KEY_MGMT_IEEE8021X |
01346                     WPA_KEY_MGMT_WPA_NONE)) {
01347                 wpa_ie_len = sizeof(wpa_ie);
01348                 if (wpa_supplicant_set_suites(wpa_s, NULL, ssid,
01349                                               wpa_ie, &wpa_ie_len)) {
01350                         wpa_printf(MSG_WARNING, "WPA: Failed to set WPA key "
01351                                    "management and encryption suites (no scan "
01352                                    "results)");
01353                         return;
01354                 }
01355         } else {
01356                 wpa_supplicant_set_non_wpa_policy(wpa_s, ssid);
01357                 wpa_ie_len = 0;
01358         }
01359 
01360         wpa_clear_keys(wpa_s, bss ? bss->bssid : NULL);
01361         use_crypt = 1;
01362         cipher_pairwise = cipher_suite2driver(wpa_s->pairwise_cipher);
01363         cipher_group = cipher_suite2driver(wpa_s->group_cipher);
01364         if (wpa_s->key_mgmt == WPA_KEY_MGMT_NONE ||
01365             wpa_s->key_mgmt == WPA_KEY_MGMT_IEEE8021X_NO_WPA) {
01366                 int i;
01367                 if (wpa_s->key_mgmt == WPA_KEY_MGMT_NONE)
01368                         use_crypt = 0;
01369                 for (i = 0; i < NUM_WEP_KEYS; i++) {
01370                         if (ssid->wep_key_len[i]) {
01371                                 use_crypt = 1;
01372                                 wep_keys_set = 1;
01373                                 wpa_set_wep_key(wpa_s,
01374                                                 i == ssid->wep_tx_keyidx,
01375                                                 i, ssid->wep_key[i],
01376                                                 ssid->wep_key_len[i]);
01377                         }
01378                 }
01379         }
01380 
01381         if (wpa_s->key_mgmt == WPA_KEY_MGMT_IEEE8021X_NO_WPA) {
01382                 if ((ssid->eapol_flags &
01383                      (EAPOL_FLAG_REQUIRE_KEY_UNICAST |
01384                       EAPOL_FLAG_REQUIRE_KEY_BROADCAST)) == 0 &&
01385                     !wep_keys_set) {
01386                         use_crypt = 0;
01387                 } else {
01388                         /* Assume that dynamic WEP-104 keys will be used and
01389                          * set cipher suites in order for drivers to expect
01390                          * encryption. */
01391                         cipher_pairwise = cipher_group = CIPHER_WEP104;
01392                 }
01393         }
01394 
01395         if (wpa_s->key_mgmt == WPA_KEY_MGMT_WPA_NONE) {
01396                 /* Set the key before (and later after) association */
01397                 wpa_supplicant_set_wpa_none_key(wpa_s, ssid);
01398         }
01399 
01400         wpa_drv_set_drop_unencrypted(wpa_s, use_crypt);
01401         wpa_supplicant_set_state(wpa_s, WPA_ASSOCIATING);
01402         memset(&params, 0, sizeof(params));
01403         if (bss) {
01404                 params.bssid = bss->bssid;
01405                 params.ssid = bss->ssid;
01406                 params.ssid_len = bss->ssid_len;
01407                 params.freq = bss->freq;
01408         } else {
01409                 params.ssid = ssid->ssid;
01410                 params.ssid_len = ssid->ssid_len;
01411         }
01412         params.wpa_ie = wpa_ie;
01413         params.wpa_ie_len = wpa_ie_len;
01414         params.pairwise_suite = cipher_pairwise;
01415         params.group_suite = cipher_group;
01416         params.key_mgmt_suite = key_mgmt2driver(wpa_s->key_mgmt);
01417         params.auth_alg = algs;
01418         params.mode = ssid->mode;
01419         if (wpa_drv_associate(wpa_s, &params) < 0) {
01420                 wpa_msg(wpa_s, MSG_INFO, "Association request to the driver "
01421                         "failed");
01422                 /* try to continue anyway; new association will be tried again
01423                  * after timeout */
01424                 assoc_failed = 1;
01425         }
01426 
01427         if (wpa_s->key_mgmt == WPA_KEY_MGMT_WPA_NONE) {
01428                 /* Set the key after the association just in case association
01429                  * cleared the previously configured key. */
01430                 wpa_supplicant_set_wpa_none_key(wpa_s, ssid);
01431                 /* No need to timeout authentication since there is no key
01432                  * management. */
01433                 wpa_supplicant_cancel_auth_timeout(wpa_s);
01434                 wpa_supplicant_set_state(wpa_s, WPA_COMPLETED);
01435         } else {
01436                 /* Timeout for IEEE 802.11 authentication and association */
01437                 int timeout;
01438                 if (assoc_failed)
01439                         timeout = 5;
01440                 else if (wpa_s->conf->ap_scan == 1)
01441                         timeout = 10;
01442                 else
01443                         timeout = 60;
01444                 wpa_supplicant_req_auth_timeout(wpa_s, timeout, 0);
01445         }
01446 
01447         if (wep_keys_set && wpa_drv_get_capa(wpa_s, &capa) == 0 &&
01448             capa.flags & WPA_DRIVER_FLAGS_SET_KEYS_AFTER_ASSOC) {
01449                 /* Set static WEP keys again */
01450                 int i;
01451                 for (i = 0; i < NUM_WEP_KEYS; i++) {
01452                         if (ssid->wep_key_len[i]) {
01453                                 wpa_set_wep_key(wpa_s,
01454                                                 i == ssid->wep_tx_keyidx,
01455                                                 i, ssid->wep_key[i],
01456                                                 ssid->wep_key_len[i]);
01457                         }
01458                 }
01459         }
01460 
01461         wpa_s->current_ssid = ssid;
01462         wpa_sm_set_config(wpa_s->wpa, wpa_s->current_ssid);
01463         wpa_supplicant_initiate_eapol(wpa_s);
01464 }
01465 
01466 
01476 void wpa_supplicant_disassociate(struct wpa_supplicant *wpa_s,
01477                                  int reason_code)
01478 {
01479         u8 *addr = NULL;
01480         wpa_supplicant_set_state(wpa_s, WPA_DISCONNECTED);
01481         if (memcmp(wpa_s->bssid, "\x00\x00\x00\x00\x00\x00", ETH_ALEN) != 0) {
01482                 wpa_drv_disassociate(wpa_s, wpa_s->bssid, reason_code);
01483                 addr = wpa_s->bssid;
01484         }
01485         wpa_clear_keys(wpa_s, addr);
01486         wpa_s->current_ssid = NULL;
01487         wpa_sm_set_config(wpa_s->wpa, NULL);
01488         eapol_sm_notify_config(wpa_s->eapol, NULL, NULL);
01489         eapol_sm_notify_portEnabled(wpa_s->eapol, FALSE);
01490         eapol_sm_notify_portValid(wpa_s->eapol, FALSE);
01491 }
01492 
01493 
01503 void wpa_supplicant_deauthenticate(struct wpa_supplicant *wpa_s,
01504                                    int reason_code)
01505 {
01506         u8 *addr = NULL;
01507         wpa_supplicant_set_state(wpa_s, WPA_DISCONNECTED);
01508         if (memcmp(wpa_s->bssid, "\x00\x00\x00\x00\x00\x00", ETH_ALEN) != 0) {
01509                 wpa_drv_deauthenticate(wpa_s, wpa_s->bssid, reason_code);
01510                 addr = wpa_s->bssid;
01511         }
01512         wpa_clear_keys(wpa_s, addr);
01513         wpa_s->current_ssid = NULL;
01514         wpa_sm_set_config(wpa_s->wpa, NULL);
01515         eapol_sm_notify_config(wpa_s->eapol, NULL, NULL);
01516         eapol_sm_notify_portEnabled(wpa_s->eapol, FALSE);
01517         eapol_sm_notify_portValid(wpa_s->eapol, FALSE);
01518 }
01519 
01520 
01530 int wpa_supplicant_get_scan_results(struct wpa_supplicant *wpa_s)
01531 {
01532 #define SCAN_AP_LIMIT 128
01533         struct wpa_scan_result *results, *tmp;
01534         int num;
01535 
01536         results = malloc(SCAN_AP_LIMIT * sizeof(struct wpa_scan_result));
01537         if (results == NULL) {
01538                 wpa_printf(MSG_WARNING, "Failed to allocate memory for scan "
01539                            "results");
01540                 return -1;
01541         }
01542 
01543         num = wpa_drv_get_scan_results(wpa_s, results, SCAN_AP_LIMIT);
01544         wpa_printf(MSG_DEBUG, "Scan results: %d", num);
01545         if (num < 0) {
01546                 wpa_printf(MSG_DEBUG, "Failed to get scan results");
01547                 free(results);
01548                 return -1;
01549         }
01550         if (num > SCAN_AP_LIMIT) {
01551                 wpa_printf(MSG_INFO, "Not enough room for all APs (%d < %d)",
01552                            num, SCAN_AP_LIMIT);
01553                 num = SCAN_AP_LIMIT;
01554         }
01555 
01556         /* Free unneeded memory for unused scan result entries */
01557         tmp = realloc(results, num * sizeof(struct wpa_scan_result));
01558         if (tmp || num == 0) {
01559                 results = tmp;
01560         }
01561 
01562         free(wpa_s->scan_results);
01563         wpa_s->scan_results = results;
01564         wpa_s->num_scan_results = num;
01565 
01566         return 0;
01567 }
01568 
01569 
01570 #ifndef CONFIG_NO_WPA
01571 static int wpa_get_beacon_ie(struct wpa_supplicant *wpa_s)
01572 {
01573         int i, ret = 0;
01574         struct wpa_scan_result *results, *curr = NULL;
01575 
01576         results = wpa_s->scan_results;
01577         if (results == NULL) {
01578                 return -1;
01579         }
01580 
01581         for (i = 0; i < wpa_s->num_scan_results; i++) {
01582                 if (memcmp(results[i].bssid, wpa_s->bssid, ETH_ALEN) == 0) {
01583                         curr = &results[i];
01584                         break;
01585                 }
01586         }
01587 
01588         if (curr) {
01589                 if (wpa_sm_set_ap_wpa_ie(wpa_s->wpa, curr->wpa_ie,
01590                                          curr->wpa_ie_len) ||
01591                     wpa_sm_set_ap_rsn_ie(wpa_s->wpa, curr->rsn_ie,
01592                                          curr->rsn_ie_len))
01593                         ret = -1;
01594         } else {
01595                 ret = -1;
01596         }
01597 
01598         return ret;
01599 }
01600 
01601 
01602 static int wpa_supplicant_get_beacon_ie(void *ctx)
01603 {
01604         struct wpa_supplicant *wpa_s = ctx;
01605         if (wpa_get_beacon_ie(wpa_s) == 0) {
01606                 return 0;
01607         }
01608 
01609         /* No WPA/RSN IE found in the cached scan results. Try to get updated
01610          * scan results from the driver. */
01611         if (wpa_supplicant_get_scan_results(wpa_s) < 0) {
01612                 return -1;
01613         }
01614 
01615         return wpa_get_beacon_ie(wpa_s);
01616 }
01617 #endif /* CONFIG_NO_WPA */
01618 
01619 
01626 struct wpa_ssid * wpa_supplicant_get_ssid(struct wpa_supplicant *wpa_s)
01627 {
01628         struct wpa_ssid *entry;
01629         u8 ssid[MAX_SSID_LEN];
01630         int ssid_len;
01631         u8 bssid[ETH_ALEN];
01632 
01633         ssid_len = wpa_drv_get_ssid(wpa_s, ssid);
01634         if (ssid_len < 0) {
01635                 wpa_printf(MSG_WARNING, "Could not read SSID from driver.");
01636                 return NULL;
01637         }
01638 
01639         if (wpa_drv_get_bssid(wpa_s, bssid) < 0) {
01640                 wpa_printf(MSG_WARNING, "Could not read BSSID from driver.");
01641                 return NULL;
01642         }
01643 
01644         entry = wpa_s->conf->ssid;
01645         while (entry) {
01646                 if (!entry->disabled &&
01647                     ssid_len == entry->ssid_len &&
01648                     memcmp(ssid, entry->ssid, ssid_len) == 0 &&
01649                     (!entry->bssid_set ||
01650                      memcmp(bssid, entry->bssid, ETH_ALEN) == 0))
01651                         return entry;
01652                 entry = entry->next;
01653         }
01654 
01655         return NULL;
01656 }
01657 
01658 
01659 #ifndef CONFIG_NO_WPA
01660 static u8 * _wpa_alloc_eapol(void *wpa_s, u8 type,
01661                              const void *data, u16 data_len,
01662                              size_t *msg_len, void **data_pos)
01663 {
01664         return wpa_alloc_eapol(wpa_s, type, data, data_len, msg_len, data_pos);
01665 }
01666 
01667 
01668 static int _wpa_ether_send(void *wpa_s, const u8 *dest, u16 proto,
01669                            const u8 *buf, size_t len)
01670 {
01671         return wpa_ether_send(wpa_s, dest, proto, buf, len);
01672 }
01673 
01674 
01675 static void _wpa_supplicant_req_scan(void *wpa_s, int sec, int usec)
01676 {
01677         wpa_supplicant_req_scan(wpa_s, sec, usec);
01678 }
01679 
01680 
01681 static void _wpa_supplicant_cancel_auth_timeout(void *wpa_s)
01682 {
01683         wpa_supplicant_cancel_auth_timeout(wpa_s);
01684 }
01685 
01686 
01687 static void _wpa_supplicant_set_state(void *wpa_s, wpa_states state)
01688 {
01689         wpa_supplicant_set_state(wpa_s, state);
01690 }
01691 
01692 
01693 static wpa_states _wpa_supplicant_get_state(void *wpa_s)
01694 {
01695         return wpa_supplicant_get_state(wpa_s);
01696 }
01697 
01698 
01699 static void _wpa_supplicant_disassociate(void *wpa_s, int reason_code)
01700 {
01701         wpa_supplicant_disassociate(wpa_s, reason_code);
01702 }
01703 
01704 
01705 static void _wpa_supplicant_deauthenticate(void *wpa_s, int reason_code)
01706 {
01707         wpa_supplicant_deauthenticate(wpa_s, reason_code);
01708 }
01709 
01710 
01711 static struct wpa_ssid * _wpa_supplicant_get_ssid(void *wpa_s)
01712 {
01713         return wpa_supplicant_get_ssid(wpa_s);
01714 }
01715 
01716 
01717 static int wpa_supplicant_get_bssid(void *wpa_s, u8 *bssid)
01718 {
01719         return wpa_drv_get_bssid(wpa_s, bssid);
01720 }
01721 
01722 
01723 static int wpa_supplicant_set_key(void *wpa_s, wpa_alg alg,
01724                                   const u8 *addr, int key_idx, int set_tx,
01725                                   const u8 *seq, size_t seq_len,
01726                                   const u8 *key, size_t key_len)
01727 {
01728         return wpa_drv_set_key(wpa_s, alg, addr, key_idx, set_tx, seq, seq_len,
01729                                key, key_len);
01730 }
01731 
01732 
01733 static int wpa_supplicant_add_pmkid(void *wpa_s,
01734                                     const u8 *bssid, const u8 *pmkid)
01735 {
01736         return wpa_drv_add_pmkid(wpa_s, bssid, pmkid);
01737 }
01738 
01739 
01740 static int wpa_supplicant_remove_pmkid(void *wpa_s,
01741                                        const u8 *bssid, const u8 *pmkid)
01742 {
01743         return wpa_drv_remove_pmkid(wpa_s, bssid, pmkid);
01744 }
01745 #endif /* CONFIG_NO_WPA */
01746 
01747 
01748 static int wpa_supplicant_set_driver(struct wpa_supplicant *wpa_s,
01749                                      const char *name)
01750 {
01751         int i;
01752 
01753         if (wpa_s == NULL)
01754                 return -1;
01755 
01756         if (wpa_supplicant_drivers[0] == NULL) {
01757                 wpa_printf(MSG_ERROR, "No driver interfaces build into "
01758                            "wpa_supplicant.");
01759                 return -1;
01760         }
01761 
01762         if (name == NULL) {
01763                 /* default to first driver in the list */
01764                 wpa_s->driver = wpa_supplicant_drivers[0];
01765                 return 0;
01766         }
01767 
01768         for (i = 0; wpa_supplicant_drivers[i]; i++) {
01769                 if (strcmp(name, wpa_supplicant_drivers[i]->name) == 0) {
01770                         wpa_s->driver = wpa_supplicant_drivers[i];
01771                         return 0;
01772                 }
01773         }
01774 
01775         printf("Unsupported driver '%s'.\n", name);
01776         return -1;
01777 }
01778 
01779 
01780 void wpa_supplicant_rx_eapol(void *ctx, const u8 *src_addr,
01781                              const u8 *buf, size_t len)
01782 {
01783         struct wpa_supplicant *wpa_s = ctx;
01784 
01785         wpa_printf(MSG_DEBUG, "RX EAPOL from " MACSTR, MAC2STR(src_addr));
01786         wpa_hexdump(MSG_MSGDUMP, "RX EAPOL", buf, len);
01787 
01788         if (wpa_s->key_mgmt == WPA_KEY_MGMT_NONE) {
01789                 wpa_printf(MSG_DEBUG, "Ignored received EAPOL frame since "
01790                            "no key management is configured");
01791                 return;
01792         }
01793 
01794         if (wpa_s->eapol_received == 0) {
01795                 /* Timeout for completing IEEE 802.1X and WPA authentication */
01796                 wpa_supplicant_req_auth_timeout(
01797                         wpa_s,
01798                         (wpa_s->key_mgmt == WPA_KEY_MGMT_IEEE8021X ||
01799                          wpa_s->key_mgmt == WPA_KEY_MGMT_IEEE8021X_NO_WPA) ?
01800                         70 : 10, 0);
01801         }
01802         wpa_s->eapol_received++;
01803 
01804         if (wpa_s->countermeasures) {
01805                 wpa_printf(MSG_INFO, "WPA: Countermeasures - dropped EAPOL "
01806                            "packet");
01807                 return;
01808         }
01809 
01810         /* Source address of the incoming EAPOL frame could be compared to the
01811          * current BSSID. However, it is possible that a centralized
01812          * Authenticator could be using another MAC address than the BSSID of
01813          * an AP, so just allow any address to be used for now. The replies are
01814          * still sent to the current BSSID (if available), though. */
01815 
01816         memcpy(wpa_s->last_eapol_src, src_addr, ETH_ALEN);
01817         if (wpa_s->key_mgmt != WPA_KEY_MGMT_PSK &&
01818             eapol_sm_rx_eapol(wpa_s->eapol, src_addr, buf, len) > 0)
01819                 return;
01820         wpa_drv_poll(wpa_s);
01821         wpa_sm_rx_eapol(wpa_s->wpa, src_addr, buf, len);
01822 }
01823 
01824 
01837 int wpa_supplicant_driver_init(struct wpa_supplicant *wpa_s,
01838                                int wait_for_interface)
01839 {
01840         static int interface_count = 0;
01841 
01842         for (;;) {
01843                 if (wpa_s->driver->send_eapol) {
01844                         const u8 *addr = wpa_drv_get_mac_addr(wpa_s);
01845                         if (addr)
01846                                 memcpy(wpa_s->own_addr, addr, ETH_ALEN);
01847                         break;
01848                 }
01849                 wpa_s->l2 = l2_packet_init(wpa_s->ifname,
01850                                            wpa_drv_get_mac_addr(wpa_s),
01851                                            ETH_P_EAPOL,
01852                                            wpa_supplicant_rx_eapol, wpa_s, 0);
01853                 if (wpa_s->l2)
01854                         break;
01855                 else if (!wait_for_interface)
01856                         return -1;
01857                 printf("Waiting for interface..\n");
01858                 sleep(5);
01859         }
01860 
01861         if (wpa_s->l2 && l2_packet_get_own_addr(wpa_s->l2, wpa_s->own_addr)) {
01862                 fprintf(stderr, "Failed to get own L2 address\n");
01863                 return -1;
01864         }
01865 
01866         wpa_printf(MSG_DEBUG, "Own MAC address: " MACSTR,
01867                    MAC2STR(wpa_s->own_addr));
01868 
01869         /* Backwards compatibility call to set_wpa() handler. This is called
01870          * only just after init and just before deinit, so these handler can be
01871          * used to implement same functionality. */
01872         if (wpa_drv_set_wpa(wpa_s, 1) < 0) {
01873                 struct wpa_driver_capa capa;
01874                 if (wpa_drv_get_capa(wpa_s, &capa) < 0 ||
01875                     !(capa.flags & (WPA_DRIVER_CAPA_KEY_MGMT_WPA |
01876                                     WPA_DRIVER_CAPA_KEY_MGMT_WPA2))) {
01877                         wpa_printf(MSG_DEBUG, "Driver does not support WPA.");
01878                         /* Continue to allow non-WPA modes to be used. */
01879                 } else {
01880                         fprintf(stderr, "Failed to enable WPA in the "
01881                                 "driver.\n");
01882                         return -1;
01883                 }
01884         }
01885 
01886         wpa_clear_keys(wpa_s, NULL);
01887 
01888         /* Make sure that TKIP countermeasures are not left enabled (could
01889          * happen if wpa_supplicant is killed during countermeasures. */
01890         wpa_drv_set_countermeasures(wpa_s, 0);
01891 
01892         wpa_drv_set_drop_unencrypted(wpa_s, 1);
01893 
01894         wpa_s->prev_scan_ssid = BROADCAST_SSID_SCAN;
01895         wpa_supplicant_req_scan(wpa_s, interface_count, 100000);
01896         interface_count++;
01897 
01898         return 0;
01899 }
01900 
01901 
01902 static int wpa_supplicant_daemon(const char *pid_file)
01903 {
01904         wpa_printf(MSG_DEBUG, "Daemonize..");
01905         if (daemon(0, 0)) {
01906                 perror("daemon");
01907                 return -1;
01908         }
01909 
01910         if (pid_file) {
01911                 FILE *f = fopen(pid_file, "w");
01912                 if (f) {
01913                         fprintf(f, "%u\n", getpid());
01914                         fclose(f);
01915                 }
01916         }
01917 
01918         return 0;
01919 }
01920 
01921 
01922 static struct wpa_supplicant * wpa_supplicant_alloc(void)
01923 {
01924         struct wpa_supplicant *wpa_s;
01925 
01926         wpa_s = malloc(sizeof(*wpa_s));
01927         if (wpa_s == NULL)
01928                 return NULL;
01929         memset(wpa_s, 0, sizeof(*wpa_s));
01930         wpa_s->ctrl_sock = -1;
01931         wpa_s->scan_req = 1;
01932 
01933         return wpa_s;
01934 }
01935 
01936 
01937 static int wpa_supplicant_init_iface(struct wpa_supplicant *wpa_s,
01938                                      struct wpa_interface *iface)
01939 {
01940         wpa_printf(MSG_DEBUG, "Initializing interface '%s' conf '%s' driver "
01941                    "'%s' ctrl_interface '%s'", iface->ifname,
01942                    iface->confname ? iface->confname : "N/A",
01943                    iface->driver ? iface->driver : "default",
01944                    iface->ctrl_interface ? iface->ctrl_interface : "N/A");
01945 
01946         if (wpa_supplicant_set_driver(wpa_s, iface->driver) < 0) {
01947                 return -1;
01948         }
01949 
01950         if (iface->confname) {
01951 #ifdef CONFIG_BACKEND_FILE
01952                 wpa_s->confname = rel2abs_path(iface->confname);
01953                 if (wpa_s->confname == NULL) {
01954                         wpa_printf(MSG_ERROR, "Failed to get absolute path "
01955                                    "for configuration file '%s'.",
01956                                    iface->confname);
01957                         return -1;
01958                 }
01959                 wpa_printf(MSG_DEBUG, "Configuration file '%s' -> '%s'",
01960                            iface->confname, wpa_s->confname);
01961 #else /* CONFIG_BACKEND_FILE */
01962                 wpa_s->confname = strdup(iface->confname);
01963 #endif /* CONFIG_BACKEND_FILE */
01964                 wpa_s->conf = wpa_config_read(wpa_s->confname);
01965                 if (wpa_s->conf == NULL) {
01966                         printf("Failed to read read or parse configuration "
01967                                "'%s'.\n", wpa_s->confname);
01968                         return -1;
01969                 }
01970 
01971                 /*
01972                  * Override ctrl_interface and driver_param if set on command
01973                  * line.
01974                  */
01975                 if (iface->ctrl_interface) {
01976                         free(wpa_s->conf->ctrl_interface);
01977                         wpa_s->conf->ctrl_interface =
01978                                 strdup(iface->ctrl_interface);
01979                 }
01980 
01981                 if (iface->driver_param) {
01982                         free(wpa_s->conf->driver_param);
01983                         wpa_s->conf->driver_param =
01984                                 strdup(iface->driver_param);
01985                 }
01986         } else
01987                 wpa_s->conf = wpa_config_alloc_empty(iface->ctrl_interface,
01988                                                      iface->driver_param);
01989 
01990         if (wpa_s->conf == NULL) {
01991                 printf("\nNo configuration found.\n");
01992                 return -1;
01993         }
01994 
01995         if (iface->ifname == NULL) {
01996                 printf("\nInterface name is required.\n");
01997                 return -1;
01998         }
01999         if (strlen(iface->ifname) >= sizeof(wpa_s->ifname)) {
02000                 printf("Too long interface name '%s'.\n", iface->ifname);
02001                 return -1;
02002         }
02003         strncpy(wpa_s->ifname, iface->ifname, sizeof(wpa_s->ifname));
02004 
02005         return 0;
02006 }
02007 
02008 
02009 static int wpa_supplicant_init_eapol(struct wpa_supplicant *wpa_s)
02010 {
02011 #ifdef IEEE8021X_EAPOL
02012         struct eapol_ctx *ctx;
02013         ctx = malloc(sizeof(*ctx));
02014         if (ctx == NULL) {
02015                 printf("Failed to allocate EAPOL context.\n");
02016                 return -1;
02017         }
02018 
02019         memset(ctx, 0, sizeof(*ctx));
02020         ctx->ctx = wpa_s;
02021         ctx->msg_ctx = wpa_s;
02022         ctx->eapol_send_ctx = wpa_s;
02023         ctx->preauth = 0;
02024         ctx->eapol_done_cb = wpa_supplicant_notify_eapol_done;
02025         ctx->eapol_send = wpa_supplicant_eapol_send;
02026         ctx->set_wep_key = wpa_eapol_set_wep_key;
02027         ctx->set_config_blob = wpa_supplicant_set_config_blob;
02028         ctx->get_config_blob = wpa_supplicant_get_config_blob;
02029         ctx->aborted_cached = wpa_supplicant_aborted_cached;
02030         ctx->opensc_engine_path = wpa_s->conf->opensc_engine_path;
02031         ctx->pkcs11_engine_path = wpa_s->conf->pkcs11_engine_path;
02032         ctx->pkcs11_module_path = wpa_s->conf->pkcs11_module_path;
02033         wpa_s->eapol = eapol_sm_init(ctx);
02034         if (wpa_s->eapol == NULL) {
02035                 free(ctx);
02036                 printf("Failed to initialize EAPOL state machines.\n");
02037                 return -1;
02038         }
02039 #endif /* IEEE8021X_EAPOL */
02040 
02041         return 0;
02042 }
02043 
02044 
02045 static int wpa_supplicant_init_wpa(struct wpa_supplicant *wpa_s)
02046 {
02047 #ifndef CONFIG_NO_WPA
02048         struct wpa_sm_ctx *ctx;
02049         ctx = malloc(sizeof(*ctx));
02050         if (ctx == NULL) {
02051                 printf("Failed to allocate WPA context.\n");
02052                 return -1;
02053         }
02054 
02055         memset(ctx, 0, sizeof(*ctx));
02056         ctx->ctx = wpa_s;
02057         ctx->set_state = _wpa_supplicant_set_state;
02058         ctx->get_state = _wpa_supplicant_get_state;
02059         ctx->req_scan = _wpa_supplicant_req_scan;
02060         ctx->deauthenticate = _wpa_supplicant_deauthenticate;
02061         ctx->disassociate = _wpa_supplicant_disassociate;
02062         ctx->set_key = wpa_supplicant_set_key;
02063         ctx->scan = wpa_supplicant_scan;
02064         ctx->get_ssid = _wpa_supplicant_get_ssid;
02065         ctx->get_bssid = wpa_supplicant_get_bssid;
02066         ctx->ether_send = _wpa_ether_send;
02067         ctx->get_beacon_ie = wpa_supplicant_get_beacon_ie;
02068         ctx->alloc_eapol = _wpa_alloc_eapol;
02069         ctx->cancel_auth_timeout = _wpa_supplicant_cancel_auth_timeout;
02070         ctx->add_pmkid = wpa_supplicant_add_pmkid;
02071         ctx->remove_pmkid = wpa_supplicant_remove_pmkid;
02072         ctx->set_config_blob = wpa_supplicant_set_config_blob;
02073         ctx->get_config_blob = wpa_supplicant_get_config_blob;
02074 
02075         wpa_s->wpa = wpa_sm_init(ctx);
02076         if (wpa_s->wpa == NULL) {
02077                 fprintf(stderr, "Failed to initialize WPA state machine\n");
02078                 return -1;
02079         }
02080 #endif /* CONFIG_NO_WPA */
02081 
02082         return 0;
02083 }
02084 
02085 
02086 static int wpa_supplicant_init_iface2(struct wpa_supplicant *wpa_s,
02087                                       int wait_for_interface)
02088 {
02089         const char *ifname;
02090 
02091         wpa_printf(MSG_DEBUG, "Initializing interface (2) '%s'",
02092                    wpa_s->ifname);
02093 
02094         if (wpa_supplicant_init_eapol(wpa_s) < 0)
02095                 return -1;
02096 
02097         /* RSNA Supplicant Key Management - INITIALIZE */
02098         eapol_sm_notify_portEnabled(wpa_s->eapol, FALSE);
02099         eapol_sm_notify_portValid(wpa_s->eapol, FALSE);
02100 
02101         /* Initialize driver interface and register driver event handler before
02102          * L2 receive handler so that association events are processed before
02103          * EAPOL-Key packets if both become available for the same select()
02104          * call. */
02105         wpa_s->drv_priv = wpa_drv_init(wpa_s, wpa_s->ifname);
02106         if (wpa_s->drv_priv == NULL) {
02107                 fprintf(stderr, "Failed to initialize driver interface\n");
02108                 return -1;
02109         }
02110         if (wpa_drv_set_param(wpa_s, wpa_s->conf->driver_param) < 0) {
02111                 fprintf(stderr, "Driver interface rejected driver_param "
02112                         "'%s'\n", wpa_s->conf->driver_param);
02113                 return -1;
02114         }
02115 
02116         ifname = wpa_drv_get_ifname(wpa_s);
02117         if (ifname && strcmp(ifname, wpa_s->ifname) != 0) {
02118                 wpa_printf(MSG_DEBUG, "Driver interface replaced interface "
02119                            "name with '%s'", ifname);
02120                 strncpy(wpa_s->ifname, ifname, sizeof(wpa_s->ifname));
02121         }
02122 
02123         if (wpa_supplicant_init_wpa(wpa_s) < 0)
02124                 return -1;
02125 
02126         wpa_sm_set_ifname(wpa_s->wpa, wpa_s->ifname);
02127         wpa_sm_set_fast_reauth(wpa_s->wpa, wpa_s->conf->fast_reauth);
02128         wpa_sm_set_eapol(wpa_s->wpa, wpa_s->eapol);
02129 
02130         if (wpa_s->conf->dot11RSNAConfigPMKLifetime &&
02131             wpa_sm_set_param(wpa_s->wpa, RSNA_PMK_LIFETIME,
02132                              wpa_s->conf->dot11RSNAConfigPMKLifetime)) {
02133                 fprintf(stderr, "Invalid WPA parameter value for "
02134                         "dot11RSNAConfigPMKLifetime\n");
02135                 return -1;
02136         }
02137 
02138         if (wpa_s->conf->dot11RSNAConfigPMKReauthThreshold &&
02139             wpa_sm_set_param(wpa_s->wpa, RSNA_PMK_REAUTH_THRESHOLD,
02140                              wpa_s->conf->dot11RSNAConfigPMKReauthThreshold)) {
02141                 fprintf(stderr, "Invalid WPA parameter value for "
02142                         "dot11RSNAConfigPMKReauthThreshold\n");
02143                 return -1;
02144         }
02145 
02146         if (wpa_s->conf->dot11RSNAConfigSATimeout &&
02147             wpa_sm_set_param(wpa_s->wpa, RSNA_SA_TIMEOUT,
02148                              wpa_s->conf->dot11RSNAConfigSATimeout)) {
02149                 fprintf(stderr, "Invalid WPA parameter value for "
02150                         "dot11RSNAConfigSATimeout\n");
02151                 return -1;
02152         }
02153 
02154         if (wpa_supplicant_driver_init(wpa_s, wait_for_interface) < 0) {
02155                 return -1;
02156         }
02157         wpa_sm_set_own_addr(wpa_s->wpa, wpa_s->own_addr);
02158 
02159         if (wpa_supplicant_ctrl_iface_init(wpa_s)) {
02160                 printf("Failed to initialize control interface '%s'.\n"
02161                        "You may have another wpa_supplicant process already "
02162                        "running or the file was\n"
02163                        "left by an unclean termination of wpa_supplicant in "
02164                        "which case you will need\n"
02165                        "to manually remove this file before starting "
02166                        "wpa_supplicant again.\n",
02167                        wpa_s->conf->ctrl_interface);
02168                 return -1;
02169         }
02170 
02171         return 0;
02172 }
02173 
02174 
02175 static void wpa_supplicant_deinit_iface(struct wpa_supplicant *wpa_s)
02176 {
02177         if (wpa_s->drv_priv) {
02178                 wpa_supplicant_deauthenticate(wpa_s, REASON_DEAUTH_LEAVING);
02179 
02180                 /* Backwards compatibility call to set_wpa() handler. This is
02181                  * called only just after init and just before deinit, so these
02182                  * handler can be used to implement same functionality. */
02183                 if (wpa_drv_set_wpa(wpa_s, 0) < 0) {
02184                         fprintf(stderr, "Failed to disable WPA in the "
02185                                 "driver.\n");
02186                 }
02187 
02188                 wpa_drv_set_drop_unencrypted(wpa_s, 0);
02189                 wpa_drv_set_countermeasures(wpa_s, 0);
02190                 wpa_clear_keys(wpa_s, NULL);
02191 
02192                 wpa_drv_deinit(wpa_s);
02193         }
02194         wpa_supplicant_cleanup(wpa_s);
02195 }
02196 
02197 
02211 struct wpa_supplicant * wpa_supplicant_add_iface(struct wpa_global *global,
02212                                                  struct wpa_interface *iface)
02213 {
02214         struct wpa_supplicant *wpa_s;
02215 
02216         if (global == NULL || iface == NULL)
02217                 return NULL;
02218 
02219         wpa_s = wpa_supplicant_alloc();
02220         if (wpa_s == NULL)
02221                 return NULL;
02222 
02223         if (wpa_supplicant_init_iface(wpa_s, iface) ||
02224             wpa_supplicant_init_iface2(wpa_s,
02225                                        global->params.wait_for_interface)) {
02226                 wpa_printf(MSG_DEBUG, "Failed to add interface %s",
02227                            iface->ifname);
02228                 wpa_supplicant_deinit_iface(wpa_s);
02229                 free(wpa_s);
02230                 return NULL;
02231         }
02232 
02233         wpa_s->global = global;
02234         wpa_s->next = global->ifaces;
02235         global->ifaces = wpa_s;
02236 
02237         wpa_printf(MSG_DEBUG, "Added interface %s", wpa_s->ifname);
02238 
02239         return wpa_s;
02240 }
02241 
02242 
02255 int wpa_supplicant_remove_iface(struct wpa_global *global,
02256                                 struct wpa_supplicant *wpa_s)
02257 {
02258         struct wpa_supplicant *prev;
02259 
02260         /* Remove interface from the global list of interfaces */
02261         prev = global->ifaces;
02262         if (prev == wpa_s) {
02263                 global->ifaces = wpa_s->next;
02264         } else {
02265                 while (prev && prev->next != wpa_s)
02266                         prev = prev->next;
02267                 if (prev == NULL)
02268                         return -1;
02269                 prev->next = wpa_s->next;
02270         }
02271 
02272         wpa_printf(MSG_DEBUG, "Removing interface %s", wpa_s->ifname);
02273 
02274         wpa_supplicant_deinit_iface(wpa_s);
02275         free(wpa_s);
02276 
02277         return 0;
02278 }
02279 
02280 
02288 struct wpa_supplicant * wpa_supplicant_get_iface(struct wpa_global *global,
02289                                                  const char *ifname)
02290 {
02291         struct wpa_supplicant *wpa_s;
02292 
02293         for (wpa_s = global->ifaces; wpa_s; wpa_s = wpa_s->next) {
02294                 if (strcmp(wpa_s->ifname, ifname) == 0)
02295                         return wpa_s;
02296         }
02297         return NULL;
02298 }
02299 
02300 
02311 struct wpa_global * wpa_supplicant_init(struct wpa_params *params)
02312 {
02313         struct wpa_global *global;
02314 
02315         if (params == NULL)
02316                 return NULL;
02317         global = malloc(sizeof(*global));
02318         if (global == NULL)
02319                 return NULL;
02320         memset(global, 0, sizeof(*global));
02321         global->params.daemonize = params->daemonize;
02322         global->params.wait_for_interface = params->wait_for_interface;
02323         global->params.wait_for_monitor = params->wait_for_monitor;
02324         if (params->pid_file)
02325                 global->params.pid_file = strdup(params->pid_file);
02326         if (params->ctrl_interface)
02327                 global->params.ctrl_interface = strdup(params->ctrl_interface);
02328         wpa_debug_level = global->params.wpa_debug_level =
02329                 params->wpa_debug_level;
02330         wpa_debug_show_keys = global->params.wpa_debug_show_keys =
02331                 params->wpa_debug_show_keys;
02332         wpa_debug_timestamp = global->params.wpa_debug_timestamp =
02333                 params->wpa_debug_timestamp;
02334 
02335         eloop_init(global);
02336 
02337         if (wpa_supplicant_global_ctrl_iface_init(global)) {
02338                 wpa_supplicant_deinit(global);
02339                 return NULL;
02340         }
02341 
02342         if (global->params.wait_for_interface && global->params.daemonize &&
02343             wpa_supplicant_daemon(global->params.pid_file)) {
02344                 wpa_supplicant_deinit(global);
02345                 return NULL;
02346         }
02347 
02348         return global;
02349 }
02350 
02351 
02362 int wpa_supplicant_run(struct wpa_global *global)
02363 {
02364         struct wpa_supplicant *wpa_s;
02365 
02366         if (!global->params.wait_for_interface && global->params.daemonize &&
02367             wpa_supplicant_daemon(global->params.pid_file))
02368                 return -1;
02369 
02370         if (global->params.wait_for_monitor) {
02371                 for (wpa_s = global->ifaces; wpa_s; wpa_s = wpa_s->next)
02372                         wpa_supplicant_ctrl_iface_wait(wpa_s);
02373         }
02374 
02375         eloop_register_signal(SIGINT, wpa_supplicant_terminate, NULL);
02376         eloop_register_signal(SIGTERM, wpa_supplicant_terminate, NULL);
02377 #ifndef CONFIG_NATIVE_WINDOWS
02378         eloop_register_signal(SIGHUP, wpa_supplicant_reconfig, NULL);
02379 #endif /* CONFIG_NATIVE_WINDOWS */
02380 
02381         eloop_run();
02382 
02383         return 0;
02384 }
02385 
02386 
02395 void wpa_supplicant_deinit(struct wpa_global *global)
02396 {
02397         if (global == NULL)
02398                 return;
02399 
02400         while (global->ifaces)
02401                 wpa_supplicant_remove_iface(global, global->ifaces);
02402 
02403         wpa_supplicant_global_ctrl_iface_deinit(global);
02404 
02405         eloop_destroy();
02406 
02407         if (global->params.pid_file) {
02408                 unlink(global->params.pid_file);
02409                 free(global->params.pid_file);
02410         }
02411         free(global->params.ctrl_interface);
02412 
02413         free(global);
02414 }
02415 

Generated on Sat May 6 21:13:42 2006 for wpa_supplicant by  doxygen 1.4.2