Home | History | Annotate | Download | only in wpa_supplicant
      1 /*
      2  * WPA Supplicant
      3  * Copyright (c) 2003-2012, Jouni Malinen <j (at) w1.fi>
      4  *
      5  * This software may be distributed under the terms of the BSD license.
      6  * See README for more details.
      7  *
      8  * This file implements functions for registering and unregistering
      9  * %wpa_supplicant interfaces. In addition, this file contains number of
     10  * functions for managing network connections.
     11  */
     12 
     13 #include "includes.h"
     14 
     15 #include "common.h"
     16 #include "crypto/random.h"
     17 #include "crypto/sha1.h"
     18 #include "eapol_supp/eapol_supp_sm.h"
     19 #include "eap_peer/eap.h"
     20 #include "eap_peer/eap_proxy.h"
     21 #include "eap_server/eap_methods.h"
     22 #include "rsn_supp/wpa.h"
     23 #include "eloop.h"
     24 #include "config.h"
     25 #include "utils/ext_password.h"
     26 #include "l2_packet/l2_packet.h"
     27 #include "wpa_supplicant_i.h"
     28 #include "driver_i.h"
     29 #include "ctrl_iface.h"
     30 #include "pcsc_funcs.h"
     31 #include "common/version.h"
     32 #include "rsn_supp/preauth.h"
     33 #include "rsn_supp/pmksa_cache.h"
     34 #include "common/wpa_ctrl.h"
     35 #include "common/ieee802_11_defs.h"
     36 #include "p2p/p2p.h"
     37 #include "blacklist.h"
     38 #include "wpas_glue.h"
     39 #include "wps_supplicant.h"
     40 #include "ibss_rsn.h"
     41 #include "sme.h"
     42 #include "gas_query.h"
     43 #include "ap.h"
     44 #include "p2p_supplicant.h"
     45 #include "wifi_display.h"
     46 #include "notify.h"
     47 #include "bgscan.h"
     48 #include "autoscan.h"
     49 #include "bss.h"
     50 #include "scan.h"
     51 #include "offchannel.h"
     52 #include "hs20_supplicant.h"
     53 #include "wnm_sta.h"
     54 
     55 const char *wpa_supplicant_version =
     56 "wpa_supplicant v" VERSION_STR "\n"
     57 "Copyright (c) 2003-2013, Jouni Malinen <j (at) w1.fi> and contributors";
     58 
     59 const char *wpa_supplicant_license =
     60 "This software may be distributed under the terms of the BSD license.\n"
     61 "See README for more details.\n"
     62 #ifdef EAP_TLS_OPENSSL
     63 "\nThis product includes software developed by the OpenSSL Project\n"
     64 "for use in the OpenSSL Toolkit (http://www.openssl.org/)\n"
     65 #endif /* EAP_TLS_OPENSSL */
     66 ;
     67 
     68 #ifndef CONFIG_NO_STDOUT_DEBUG
     69 /* Long text divided into parts in order to fit in C89 strings size limits. */
     70 const char *wpa_supplicant_full_license1 =
     71 "";
     72 const char *wpa_supplicant_full_license2 =
     73 "This software may be distributed under the terms of the BSD license.\n"
     74 "\n"
     75 "Redistribution and use in source and binary forms, with or without\n"
     76 "modification, are permitted provided that the following conditions are\n"
     77 "met:\n"
     78 "\n";
     79 const char *wpa_supplicant_full_license3 =
     80 "1. Redistributions of source code must retain the above copyright\n"
     81 "   notice, this list of conditions and the following disclaimer.\n"
     82 "\n"
     83 "2. Redistributions in binary form must reproduce the above copyright\n"
     84 "   notice, this list of conditions and the following disclaimer in the\n"
     85 "   documentation and/or other materials provided with the distribution.\n"
     86 "\n";
     87 const char *wpa_supplicant_full_license4 =
     88 "3. Neither the name(s) of the above-listed copyright holder(s) nor the\n"
     89 "   names of its contributors may be used to endorse or promote products\n"
     90 "   derived from this software without specific prior written permission.\n"
     91 "\n"
     92 "THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS\n"
     93 "\"AS IS\" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT\n"
     94 "LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR\n"
     95 "A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT\n";
     96 const char *wpa_supplicant_full_license5 =
     97 "OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,\n"
     98 "SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT\n"
     99 "LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,\n"
    100 "DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY\n"
    101 "THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT\n"
    102 "(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE\n"
    103 "OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n"
    104 "\n";
    105 #endif /* CONFIG_NO_STDOUT_DEBUG */
    106 
    107 extern int wpa_debug_level;
    108 extern int wpa_debug_show_keys;
    109 extern int wpa_debug_timestamp;
    110 extern struct wpa_driver_ops *wpa_drivers[];
    111 
    112 /* Configure default/group WEP keys for static WEP */
    113 int wpa_set_wep_keys(struct wpa_supplicant *wpa_s, struct wpa_ssid *ssid)
    114 {
    115 	int i, set = 0;
    116 
    117 	for (i = 0; i < NUM_WEP_KEYS; i++) {
    118 		if (ssid->wep_key_len[i] == 0)
    119 			continue;
    120 
    121 		set = 1;
    122 		wpa_drv_set_key(wpa_s, WPA_ALG_WEP, NULL,
    123 				i, i == ssid->wep_tx_keyidx, NULL, 0,
    124 				ssid->wep_key[i], ssid->wep_key_len[i]);
    125 	}
    126 
    127 	return set;
    128 }
    129 
    130 
    131 int wpa_supplicant_set_wpa_none_key(struct wpa_supplicant *wpa_s,
    132 				    struct wpa_ssid *ssid)
    133 {
    134 	u8 key[32];
    135 	size_t keylen;
    136 	enum wpa_alg alg;
    137 	u8 seq[6] = { 0 };
    138 
    139 	/* IBSS/WPA-None uses only one key (Group) for both receiving and
    140 	 * sending unicast and multicast packets. */
    141 
    142 	if (ssid->mode != WPAS_MODE_IBSS) {
    143 		wpa_msg(wpa_s, MSG_INFO, "WPA: Invalid mode %d (not "
    144 			"IBSS/ad-hoc) for WPA-None", ssid->mode);
    145 		return -1;
    146 	}
    147 
    148 	if (!ssid->psk_set) {
    149 		wpa_msg(wpa_s, MSG_INFO, "WPA: No PSK configured for "
    150 			"WPA-None");
    151 		return -1;
    152 	}
    153 
    154 	switch (wpa_s->group_cipher) {
    155 	case WPA_CIPHER_CCMP:
    156 		os_memcpy(key, ssid->psk, 16);
    157 		keylen = 16;
    158 		alg = WPA_ALG_CCMP;
    159 		break;
    160 	case WPA_CIPHER_GCMP:
    161 		os_memcpy(key, ssid->psk, 16);
    162 		keylen = 16;
    163 		alg = WPA_ALG_GCMP;
    164 		break;
    165 	case WPA_CIPHER_TKIP:
    166 		/* WPA-None uses the same Michael MIC key for both TX and RX */
    167 		os_memcpy(key, ssid->psk, 16 + 8);
    168 		os_memcpy(key + 16 + 8, ssid->psk + 16, 8);
    169 		keylen = 32;
    170 		alg = WPA_ALG_TKIP;
    171 		break;
    172 	default:
    173 		wpa_msg(wpa_s, MSG_INFO, "WPA: Invalid group cipher %d for "
    174 			"WPA-None", wpa_s->group_cipher);
    175 		return -1;
    176 	}
    177 
    178 	/* TODO: should actually remember the previously used seq#, both for TX
    179 	 * and RX from each STA.. */
    180 
    181 	return wpa_drv_set_key(wpa_s, alg, NULL, 0, 1, seq, 6, key, keylen);
    182 }
    183 
    184 
    185 static void wpa_supplicant_timeout(void *eloop_ctx, void *timeout_ctx)
    186 {
    187 	struct wpa_supplicant *wpa_s = eloop_ctx;
    188 	const u8 *bssid = wpa_s->bssid;
    189 	if (is_zero_ether_addr(bssid))
    190 		bssid = wpa_s->pending_bssid;
    191 	wpa_msg(wpa_s, MSG_INFO, "Authentication with " MACSTR " timed out.",
    192 		MAC2STR(bssid));
    193 	wpa_blacklist_add(wpa_s, bssid);
    194 	wpa_sm_notify_disassoc(wpa_s->wpa);
    195 	wpa_supplicant_deauthenticate(wpa_s, WLAN_REASON_DEAUTH_LEAVING);
    196 	wpa_s->reassociate = 1;
    197 
    198 	/*
    199 	 * If we timed out, the AP or the local radio may be busy.
    200 	 * So, wait a second until scanning again.
    201 	 */
    202 	wpa_supplicant_req_scan(wpa_s, 1, 0);
    203 
    204 	wpas_p2p_continue_after_scan(wpa_s);
    205 }
    206 
    207 
    208 /**
    209  * wpa_supplicant_req_auth_timeout - Schedule a timeout for authentication
    210  * @wpa_s: Pointer to wpa_supplicant data
    211  * @sec: Number of seconds after which to time out authentication
    212  * @usec: Number of microseconds after which to time out authentication
    213  *
    214  * This function is used to schedule a timeout for the current authentication
    215  * attempt.
    216  */
    217 void wpa_supplicant_req_auth_timeout(struct wpa_supplicant *wpa_s,
    218 				     int sec, int usec)
    219 {
    220 	if (wpa_s->conf && wpa_s->conf->ap_scan == 0 &&
    221 	    (wpa_s->drv_flags & WPA_DRIVER_FLAGS_WIRED))
    222 		return;
    223 
    224 	wpa_dbg(wpa_s, MSG_DEBUG, "Setting authentication timeout: %d sec "
    225 		"%d usec", sec, usec);
    226 	eloop_cancel_timeout(wpa_supplicant_timeout, wpa_s, NULL);
    227 	eloop_register_timeout(sec, usec, wpa_supplicant_timeout, wpa_s, NULL);
    228 }
    229 
    230 
    231 /**
    232  * wpa_supplicant_cancel_auth_timeout - Cancel authentication timeout
    233  * @wpa_s: Pointer to wpa_supplicant data
    234  *
    235  * This function is used to cancel authentication timeout scheduled with
    236  * wpa_supplicant_req_auth_timeout() and it is called when authentication has
    237  * been completed.
    238  */
    239 void wpa_supplicant_cancel_auth_timeout(struct wpa_supplicant *wpa_s)
    240 {
    241 	wpa_dbg(wpa_s, MSG_DEBUG, "Cancelling authentication timeout");
    242 	eloop_cancel_timeout(wpa_supplicant_timeout, wpa_s, NULL);
    243 	wpa_blacklist_del(wpa_s, wpa_s->bssid);
    244 }
    245 
    246 
    247 /**
    248  * wpa_supplicant_initiate_eapol - Configure EAPOL state machine
    249  * @wpa_s: Pointer to wpa_supplicant data
    250  *
    251  * This function is used to configure EAPOL state machine based on the selected
    252  * authentication mode.
    253  */
    254 void wpa_supplicant_initiate_eapol(struct wpa_supplicant *wpa_s)
    255 {
    256 #ifdef IEEE8021X_EAPOL
    257 	struct eapol_config eapol_conf;
    258 	struct wpa_ssid *ssid = wpa_s->current_ssid;
    259 
    260 #ifdef CONFIG_IBSS_RSN
    261 	if (ssid->mode == WPAS_MODE_IBSS &&
    262 	    wpa_s->key_mgmt != WPA_KEY_MGMT_NONE &&
    263 	    wpa_s->key_mgmt != WPA_KEY_MGMT_WPA_NONE) {
    264 		/*
    265 		 * RSN IBSS authentication is per-STA and we can disable the
    266 		 * per-BSSID EAPOL authentication.
    267 		 */
    268 		eapol_sm_notify_portControl(wpa_s->eapol, ForceAuthorized);
    269 		eapol_sm_notify_eap_success(wpa_s->eapol, TRUE);
    270 		eapol_sm_notify_eap_fail(wpa_s->eapol, FALSE);
    271 		return;
    272 	}
    273 #endif /* CONFIG_IBSS_RSN */
    274 
    275 	eapol_sm_notify_eap_success(wpa_s->eapol, FALSE);
    276 	eapol_sm_notify_eap_fail(wpa_s->eapol, FALSE);
    277 
    278 	if (wpa_s->key_mgmt == WPA_KEY_MGMT_NONE ||
    279 	    wpa_s->key_mgmt == WPA_KEY_MGMT_WPA_NONE)
    280 		eapol_sm_notify_portControl(wpa_s->eapol, ForceAuthorized);
    281 	else
    282 		eapol_sm_notify_portControl(wpa_s->eapol, Auto);
    283 
    284 	os_memset(&eapol_conf, 0, sizeof(eapol_conf));
    285 	if (wpa_s->key_mgmt == WPA_KEY_MGMT_IEEE8021X_NO_WPA) {
    286 		eapol_conf.accept_802_1x_keys = 1;
    287 		eapol_conf.required_keys = 0;
    288 		if (ssid->eapol_flags & EAPOL_FLAG_REQUIRE_KEY_UNICAST) {
    289 			eapol_conf.required_keys |= EAPOL_REQUIRE_KEY_UNICAST;
    290 		}
    291 		if (ssid->eapol_flags & EAPOL_FLAG_REQUIRE_KEY_BROADCAST) {
    292 			eapol_conf.required_keys |=
    293 				EAPOL_REQUIRE_KEY_BROADCAST;
    294 		}
    295 
    296 		if (wpa_s->conf && (wpa_s->drv_flags & WPA_DRIVER_FLAGS_WIRED))
    297 			eapol_conf.required_keys = 0;
    298 	}
    299 	if (wpa_s->conf)
    300 		eapol_conf.fast_reauth = wpa_s->conf->fast_reauth;
    301 	eapol_conf.workaround = ssid->eap_workaround;
    302 	eapol_conf.eap_disabled =
    303 		!wpa_key_mgmt_wpa_ieee8021x(wpa_s->key_mgmt) &&
    304 		wpa_s->key_mgmt != WPA_KEY_MGMT_IEEE8021X_NO_WPA &&
    305 		wpa_s->key_mgmt != WPA_KEY_MGMT_WPS;
    306 	eapol_sm_notify_config(wpa_s->eapol, &ssid->eap, &eapol_conf);
    307 #endif /* IEEE8021X_EAPOL */
    308 }
    309 
    310 
    311 /**
    312  * wpa_supplicant_set_non_wpa_policy - Set WPA parameters to non-WPA mode
    313  * @wpa_s: Pointer to wpa_supplicant data
    314  * @ssid: Configuration data for the network
    315  *
    316  * This function is used to configure WPA state machine and related parameters
    317  * to a mode where WPA is not enabled. This is called as part of the
    318  * authentication configuration when the selected network does not use WPA.
    319  */
    320 void wpa_supplicant_set_non_wpa_policy(struct wpa_supplicant *wpa_s,
    321 				       struct wpa_ssid *ssid)
    322 {
    323 	int i;
    324 
    325 	if (ssid->key_mgmt & WPA_KEY_MGMT_WPS)
    326 		wpa_s->key_mgmt = WPA_KEY_MGMT_WPS;
    327 	else if (ssid->key_mgmt & WPA_KEY_MGMT_IEEE8021X_NO_WPA)
    328 		wpa_s->key_mgmt = WPA_KEY_MGMT_IEEE8021X_NO_WPA;
    329 	else
    330 		wpa_s->key_mgmt = WPA_KEY_MGMT_NONE;
    331 	wpa_sm_set_ap_wpa_ie(wpa_s->wpa, NULL, 0);
    332 	wpa_sm_set_ap_rsn_ie(wpa_s->wpa, NULL, 0);
    333 	wpa_sm_set_assoc_wpa_ie(wpa_s->wpa, NULL, 0);
    334 	wpa_s->pairwise_cipher = WPA_CIPHER_NONE;
    335 	wpa_s->group_cipher = WPA_CIPHER_NONE;
    336 	wpa_s->mgmt_group_cipher = 0;
    337 
    338 	for (i = 0; i < NUM_WEP_KEYS; i++) {
    339 		if (ssid->wep_key_len[i] > 5) {
    340 			wpa_s->pairwise_cipher = WPA_CIPHER_WEP104;
    341 			wpa_s->group_cipher = WPA_CIPHER_WEP104;
    342 			break;
    343 		} else if (ssid->wep_key_len[i] > 0) {
    344 			wpa_s->pairwise_cipher = WPA_CIPHER_WEP40;
    345 			wpa_s->group_cipher = WPA_CIPHER_WEP40;
    346 			break;
    347 		}
    348 	}
    349 
    350 	wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_RSN_ENABLED, 0);
    351 	wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_KEY_MGMT, wpa_s->key_mgmt);
    352 	wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_PAIRWISE,
    353 			 wpa_s->pairwise_cipher);
    354 	wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_GROUP, wpa_s->group_cipher);
    355 #ifdef CONFIG_IEEE80211W
    356 	wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_MGMT_GROUP,
    357 			 wpa_s->mgmt_group_cipher);
    358 #endif /* CONFIG_IEEE80211W */
    359 
    360 	pmksa_cache_clear_current(wpa_s->wpa);
    361 }
    362 
    363 
    364 void free_hw_features(struct wpa_supplicant *wpa_s)
    365 {
    366 	int i;
    367 	if (wpa_s->hw.modes == NULL)
    368 		return;
    369 
    370 	for (i = 0; i < wpa_s->hw.num_modes; i++) {
    371 		os_free(wpa_s->hw.modes[i].channels);
    372 		os_free(wpa_s->hw.modes[i].rates);
    373 	}
    374 
    375 	os_free(wpa_s->hw.modes);
    376 	wpa_s->hw.modes = NULL;
    377 }
    378 
    379 
    380 static void wpa_supplicant_cleanup(struct wpa_supplicant *wpa_s)
    381 {
    382 	bgscan_deinit(wpa_s);
    383 	autoscan_deinit(wpa_s);
    384 	scard_deinit(wpa_s->scard);
    385 	wpa_s->scard = NULL;
    386 	wpa_sm_set_scard_ctx(wpa_s->wpa, NULL);
    387 	eapol_sm_register_scard_ctx(wpa_s->eapol, NULL);
    388 	l2_packet_deinit(wpa_s->l2);
    389 	wpa_s->l2 = NULL;
    390 	if (wpa_s->l2_br) {
    391 		l2_packet_deinit(wpa_s->l2_br);
    392 		wpa_s->l2_br = NULL;
    393 	}
    394 
    395 	if (wpa_s->conf != NULL) {
    396 		struct wpa_ssid *ssid;
    397 		for (ssid = wpa_s->conf->ssid; ssid; ssid = ssid->next)
    398 			wpas_notify_network_removed(wpa_s, ssid);
    399 	}
    400 
    401 	os_free(wpa_s->confname);
    402 	wpa_s->confname = NULL;
    403 
    404 	os_free(wpa_s->confanother);
    405 	wpa_s->confanother = NULL;
    406 
    407 	wpa_sm_set_eapol(wpa_s->wpa, NULL);
    408 	eapol_sm_deinit(wpa_s->eapol);
    409 	wpa_s->eapol = NULL;
    410 
    411 	rsn_preauth_deinit(wpa_s->wpa);
    412 
    413 #ifdef CONFIG_TDLS
    414 	wpa_tdls_deinit(wpa_s->wpa);
    415 #endif /* CONFIG_TDLS */
    416 
    417 	pmksa_candidate_free(wpa_s->wpa);
    418 	wpa_sm_deinit(wpa_s->wpa);
    419 	wpa_s->wpa = NULL;
    420 	wpa_blacklist_clear(wpa_s);
    421 
    422 	wpa_bss_deinit(wpa_s);
    423 
    424 	wpa_supplicant_cancel_delayed_sched_scan(wpa_s);
    425 	wpa_supplicant_cancel_scan(wpa_s);
    426 	wpa_supplicant_cancel_auth_timeout(wpa_s);
    427 	eloop_cancel_timeout(wpa_supplicant_stop_countermeasures, wpa_s, NULL);
    428 #ifdef CONFIG_DELAYED_MIC_ERROR_REPORT
    429 	eloop_cancel_timeout(wpa_supplicant_delayed_mic_error_report,
    430 			     wpa_s, NULL);
    431 #endif /* CONFIG_DELAYED_MIC_ERROR_REPORT */
    432 
    433 	wpas_wps_deinit(wpa_s);
    434 
    435 	wpabuf_free(wpa_s->pending_eapol_rx);
    436 	wpa_s->pending_eapol_rx = NULL;
    437 
    438 #ifdef CONFIG_IBSS_RSN
    439 	ibss_rsn_deinit(wpa_s->ibss_rsn);
    440 	wpa_s->ibss_rsn = NULL;
    441 #endif /* CONFIG_IBSS_RSN */
    442 
    443 	sme_deinit(wpa_s);
    444 
    445 #ifdef CONFIG_AP
    446 	wpa_supplicant_ap_deinit(wpa_s);
    447 #endif /* CONFIG_AP */
    448 
    449 #ifdef CONFIG_P2P
    450 	wpas_p2p_deinit(wpa_s);
    451 #endif /* CONFIG_P2P */
    452 
    453 #ifdef CONFIG_OFFCHANNEL
    454 	offchannel_deinit(wpa_s);
    455 #endif /* CONFIG_OFFCHANNEL */
    456 
    457 	wpa_supplicant_cancel_sched_scan(wpa_s);
    458 
    459 	os_free(wpa_s->next_scan_freqs);
    460 	wpa_s->next_scan_freqs = NULL;
    461 
    462 	gas_query_deinit(wpa_s->gas);
    463 	wpa_s->gas = NULL;
    464 
    465 	free_hw_features(wpa_s);
    466 
    467 	os_free(wpa_s->bssid_filter);
    468 	wpa_s->bssid_filter = NULL;
    469 
    470 	os_free(wpa_s->disallow_aps_bssid);
    471 	wpa_s->disallow_aps_bssid = NULL;
    472 	os_free(wpa_s->disallow_aps_ssid);
    473 	wpa_s->disallow_aps_ssid = NULL;
    474 
    475 	wnm_bss_keep_alive_deinit(wpa_s);
    476 #ifdef CONFIG_WNM
    477 	wnm_deallocate_memory(wpa_s);
    478 #endif /* CONFIG_WNM */
    479 
    480 	ext_password_deinit(wpa_s->ext_pw);
    481 	wpa_s->ext_pw = NULL;
    482 
    483 	wpabuf_free(wpa_s->last_gas_resp);
    484 
    485 	os_free(wpa_s->last_scan_res);
    486 	wpa_s->last_scan_res = NULL;
    487 }
    488 
    489 
    490 /**
    491  * wpa_clear_keys - Clear keys configured for the driver
    492  * @wpa_s: Pointer to wpa_supplicant data
    493  * @addr: Previously used BSSID or %NULL if not available
    494  *
    495  * This function clears the encryption keys that has been previously configured
    496  * for the driver.
    497  */
    498 void wpa_clear_keys(struct wpa_supplicant *wpa_s, const u8 *addr)
    499 {
    500 	if (wpa_s->keys_cleared) {
    501 		/* Some drivers (e.g., ndiswrapper & NDIS drivers) seem to have
    502 		 * timing issues with keys being cleared just before new keys
    503 		 * are set or just after association or something similar. This
    504 		 * shows up in group key handshake failing often because of the
    505 		 * client not receiving the first encrypted packets correctly.
    506 		 * Skipping some of the extra key clearing steps seems to help
    507 		 * in completing group key handshake more reliably. */
    508 		wpa_dbg(wpa_s, MSG_DEBUG, "No keys have been configured - "
    509 			"skip key clearing");
    510 		return;
    511 	}
    512 
    513 	/* MLME-DELETEKEYS.request */
    514 	wpa_drv_set_key(wpa_s, WPA_ALG_NONE, NULL, 0, 0, NULL, 0, NULL, 0);
    515 	wpa_drv_set_key(wpa_s, WPA_ALG_NONE, NULL, 1, 0, NULL, 0, NULL, 0);
    516 	wpa_drv_set_key(wpa_s, WPA_ALG_NONE, NULL, 2, 0, NULL, 0, NULL, 0);
    517 	wpa_drv_set_key(wpa_s, WPA_ALG_NONE, NULL, 3, 0, NULL, 0, NULL, 0);
    518 #ifdef CONFIG_IEEE80211W
    519 	wpa_drv_set_key(wpa_s, WPA_ALG_NONE, NULL, 4, 0, NULL, 0, NULL, 0);
    520 	wpa_drv_set_key(wpa_s, WPA_ALG_NONE, NULL, 5, 0, NULL, 0, NULL, 0);
    521 #endif /* CONFIG_IEEE80211W */
    522 	if (addr) {
    523 		wpa_drv_set_key(wpa_s, WPA_ALG_NONE, addr, 0, 0, NULL, 0, NULL,
    524 				0);
    525 		/* MLME-SETPROTECTION.request(None) */
    526 		wpa_drv_mlme_setprotection(
    527 			wpa_s, addr,
    528 			MLME_SETPROTECTION_PROTECT_TYPE_NONE,
    529 			MLME_SETPROTECTION_KEY_TYPE_PAIRWISE);
    530 	}
    531 	wpa_s->keys_cleared = 1;
    532 }
    533 
    534 
    535 /**
    536  * wpa_supplicant_state_txt - Get the connection state name as a text string
    537  * @state: State (wpa_state; WPA_*)
    538  * Returns: The state name as a printable text string
    539  */
    540 const char * wpa_supplicant_state_txt(enum wpa_states state)
    541 {
    542 	switch (state) {
    543 	case WPA_DISCONNECTED:
    544 		return "DISCONNECTED";
    545 	case WPA_INACTIVE:
    546 		return "INACTIVE";
    547 	case WPA_INTERFACE_DISABLED:
    548 		return "INTERFACE_DISABLED";
    549 	case WPA_SCANNING:
    550 		return "SCANNING";
    551 	case WPA_AUTHENTICATING:
    552 		return "AUTHENTICATING";
    553 	case WPA_ASSOCIATING:
    554 		return "ASSOCIATING";
    555 	case WPA_ASSOCIATED:
    556 		return "ASSOCIATED";
    557 	case WPA_4WAY_HANDSHAKE:
    558 		return "4WAY_HANDSHAKE";
    559 	case WPA_GROUP_HANDSHAKE:
    560 		return "GROUP_HANDSHAKE";
    561 	case WPA_COMPLETED:
    562 		return "COMPLETED";
    563 	default:
    564 		return "UNKNOWN";
    565 	}
    566 }
    567 
    568 
    569 #ifdef CONFIG_BGSCAN
    570 
    571 static void wpa_supplicant_start_bgscan(struct wpa_supplicant *wpa_s)
    572 {
    573 	if (wpas_driver_bss_selection(wpa_s))
    574 		return;
    575 	if (wpa_s->current_ssid == wpa_s->bgscan_ssid)
    576 		return;
    577 
    578 	bgscan_deinit(wpa_s);
    579 	if (wpa_s->current_ssid && wpa_s->current_ssid->bgscan) {
    580 		if (bgscan_init(wpa_s, wpa_s->current_ssid)) {
    581 			wpa_dbg(wpa_s, MSG_DEBUG, "Failed to initialize "
    582 				"bgscan");
    583 			/*
    584 			 * Live without bgscan; it is only used as a roaming
    585 			 * optimization, so the initial connection is not
    586 			 * affected.
    587 			 */
    588 		} else {
    589 			struct wpa_scan_results *scan_res;
    590 			wpa_s->bgscan_ssid = wpa_s->current_ssid;
    591 			scan_res = wpa_supplicant_get_scan_results(wpa_s, NULL,
    592 								   0);
    593 			if (scan_res) {
    594 				bgscan_notify_scan(wpa_s, scan_res);
    595 				wpa_scan_results_free(scan_res);
    596 			}
    597 		}
    598 	} else
    599 		wpa_s->bgscan_ssid = NULL;
    600 }
    601 
    602 
    603 static void wpa_supplicant_stop_bgscan(struct wpa_supplicant *wpa_s)
    604 {
    605 	if (wpa_s->bgscan_ssid != NULL) {
    606 		bgscan_deinit(wpa_s);
    607 		wpa_s->bgscan_ssid = NULL;
    608 	}
    609 }
    610 
    611 #endif /* CONFIG_BGSCAN */
    612 
    613 
    614 static void wpa_supplicant_start_autoscan(struct wpa_supplicant *wpa_s)
    615 {
    616 	if (autoscan_init(wpa_s, 0))
    617 		wpa_dbg(wpa_s, MSG_DEBUG, "Failed to initialize autoscan");
    618 }
    619 
    620 
    621 static void wpa_supplicant_stop_autoscan(struct wpa_supplicant *wpa_s)
    622 {
    623 	autoscan_deinit(wpa_s);
    624 }
    625 
    626 
    627 void wpa_supplicant_reinit_autoscan(struct wpa_supplicant *wpa_s)
    628 {
    629 	if (wpa_s->wpa_state == WPA_DISCONNECTED ||
    630 	    wpa_s->wpa_state == WPA_SCANNING) {
    631 		autoscan_deinit(wpa_s);
    632 		wpa_supplicant_start_autoscan(wpa_s);
    633 	}
    634 }
    635 
    636 
    637 /**
    638  * wpa_supplicant_set_state - Set current connection state
    639  * @wpa_s: Pointer to wpa_supplicant data
    640  * @state: The new connection state
    641  *
    642  * This function is called whenever the connection state changes, e.g.,
    643  * association is completed for WPA/WPA2 4-Way Handshake is started.
    644  */
    645 void wpa_supplicant_set_state(struct wpa_supplicant *wpa_s,
    646 			      enum wpa_states state)
    647 {
    648 	enum wpa_states old_state = wpa_s->wpa_state;
    649 
    650 	wpa_dbg(wpa_s, MSG_DEBUG, "State: %s -> %s",
    651 		wpa_supplicant_state_txt(wpa_s->wpa_state),
    652 		wpa_supplicant_state_txt(state));
    653 
    654 #ifdef ANDROID_P2P
    655 	if(state == WPA_ASSOCIATED && wpa_s->current_ssid) {
    656 		wpa_s->current_ssid->assoc_retry = 0;
    657 	}
    658 #endif /* ANDROID_P2P */
    659 
    660 	if (state != WPA_SCANNING)
    661 		wpa_supplicant_notify_scanning(wpa_s, 0);
    662 
    663 	if (state == WPA_COMPLETED && wpa_s->new_connection) {
    664 		struct wpa_ssid *ssid = wpa_s->current_ssid;
    665 #if defined(CONFIG_CTRL_IFACE) || !defined(CONFIG_NO_STDOUT_DEBUG)
    666 		wpa_msg(wpa_s, MSG_INFO, WPA_EVENT_CONNECTED "- Connection to "
    667 			MACSTR " completed (auth) [id=%d id_str=%s]",
    668 			MAC2STR(wpa_s->bssid),
    669 			ssid ? ssid->id : -1,
    670 			ssid && ssid->id_str ? ssid->id_str : "");
    671 #endif /* CONFIG_CTRL_IFACE || !CONFIG_NO_STDOUT_DEBUG */
    672 		wpas_clear_temp_disabled(wpa_s, ssid, 1);
    673 		wpa_s->extra_blacklist_count = 0;
    674 		wpa_s->new_connection = 0;
    675 		wpa_drv_set_operstate(wpa_s, 1);
    676 #ifndef IEEE8021X_EAPOL
    677 		wpa_drv_set_supp_port(wpa_s, 1);
    678 #endif /* IEEE8021X_EAPOL */
    679 		wpa_s->after_wps = 0;
    680 #ifdef CONFIG_P2P
    681 		wpas_p2p_completed(wpa_s);
    682 #endif /* CONFIG_P2P */
    683 
    684 		sme_sched_obss_scan(wpa_s, 1);
    685 	} else if (state == WPA_DISCONNECTED || state == WPA_ASSOCIATING ||
    686 		   state == WPA_ASSOCIATED) {
    687 		wpa_s->new_connection = 1;
    688 		wpa_drv_set_operstate(wpa_s, 0);
    689 #ifndef IEEE8021X_EAPOL
    690 		wpa_drv_set_supp_port(wpa_s, 0);
    691 #endif /* IEEE8021X_EAPOL */
    692 		sme_sched_obss_scan(wpa_s, 0);
    693 	}
    694 	wpa_s->wpa_state = state;
    695 
    696 #ifdef CONFIG_BGSCAN
    697 	if (state == WPA_COMPLETED)
    698 		wpa_supplicant_start_bgscan(wpa_s);
    699 	else
    700 		wpa_supplicant_stop_bgscan(wpa_s);
    701 #endif /* CONFIG_BGSCAN */
    702 
    703 	if (state == WPA_AUTHENTICATING)
    704 		wpa_supplicant_stop_autoscan(wpa_s);
    705 
    706 	if (state == WPA_DISCONNECTED || state == WPA_INACTIVE)
    707 		wpa_supplicant_start_autoscan(wpa_s);
    708 
    709 	if (wpa_s->wpa_state != old_state) {
    710 		wpas_notify_state_changed(wpa_s, wpa_s->wpa_state, old_state);
    711 
    712 		if (wpa_s->wpa_state == WPA_COMPLETED ||
    713 		    old_state == WPA_COMPLETED)
    714 			wpas_notify_auth_changed(wpa_s);
    715 	}
    716 }
    717 
    718 
    719 void wpa_supplicant_terminate_proc(struct wpa_global *global)
    720 {
    721 	int pending = 0;
    722 #ifdef CONFIG_WPS
    723 	struct wpa_supplicant *wpa_s = global->ifaces;
    724 	while (wpa_s) {
    725 		if (wpas_wps_terminate_pending(wpa_s) == 1)
    726 			pending = 1;
    727 		wpa_s = wpa_s->next;
    728 	}
    729 #endif /* CONFIG_WPS */
    730 	if (pending)
    731 		return;
    732 	eloop_terminate();
    733 }
    734 
    735 
    736 static void wpa_supplicant_terminate(int sig, void *signal_ctx)
    737 {
    738 	struct wpa_global *global = signal_ctx;
    739 	wpa_supplicant_terminate_proc(global);
    740 }
    741 
    742 
    743 void wpa_supplicant_clear_status(struct wpa_supplicant *wpa_s)
    744 {
    745 	enum wpa_states old_state = wpa_s->wpa_state;
    746 
    747 	wpa_s->pairwise_cipher = 0;
    748 	wpa_s->group_cipher = 0;
    749 	wpa_s->mgmt_group_cipher = 0;
    750 	wpa_s->key_mgmt = 0;
    751 	if (wpa_s->wpa_state != WPA_INTERFACE_DISABLED)
    752 		wpa_supplicant_set_state(wpa_s, WPA_DISCONNECTED);
    753 
    754 	if (wpa_s->wpa_state != old_state)
    755 		wpas_notify_state_changed(wpa_s, wpa_s->wpa_state, old_state);
    756 }
    757 
    758 
    759 /**
    760  * wpa_supplicant_reload_configuration - Reload configuration data
    761  * @wpa_s: Pointer to wpa_supplicant data
    762  * Returns: 0 on success or -1 if configuration parsing failed
    763  *
    764  * This function can be used to request that the configuration data is reloaded
    765  * (e.g., after configuration file change). This function is reloading
    766  * configuration only for one interface, so this may need to be called multiple
    767  * times if %wpa_supplicant is controlling multiple interfaces and all
    768  * interfaces need reconfiguration.
    769  */
    770 int wpa_supplicant_reload_configuration(struct wpa_supplicant *wpa_s)
    771 {
    772 	struct wpa_config *conf;
    773 	int reconf_ctrl;
    774 	int old_ap_scan;
    775 
    776 	if (wpa_s->confname == NULL)
    777 		return -1;
    778 	conf = wpa_config_read(wpa_s->confname, NULL);
    779 	if (conf == NULL) {
    780 		wpa_msg(wpa_s, MSG_ERROR, "Failed to parse the configuration "
    781 			"file '%s' - exiting", wpa_s->confname);
    782 		return -1;
    783 	}
    784 	wpa_config_read(wpa_s->confanother, conf);
    785 
    786 	conf->changed_parameters = (unsigned int) -1;
    787 
    788 	reconf_ctrl = !!conf->ctrl_interface != !!wpa_s->conf->ctrl_interface
    789 		|| (conf->ctrl_interface && wpa_s->conf->ctrl_interface &&
    790 		    os_strcmp(conf->ctrl_interface,
    791 			      wpa_s->conf->ctrl_interface) != 0);
    792 
    793 	if (reconf_ctrl && wpa_s->ctrl_iface) {
    794 		wpa_supplicant_ctrl_iface_deinit(wpa_s->ctrl_iface);
    795 		wpa_s->ctrl_iface = NULL;
    796 	}
    797 
    798 	eapol_sm_invalidate_cached_session(wpa_s->eapol);
    799 	if (wpa_s->current_ssid) {
    800 		wpa_supplicant_deauthenticate(wpa_s,
    801 					      WLAN_REASON_DEAUTH_LEAVING);
    802 	}
    803 
    804 	/*
    805 	 * TODO: should notify EAPOL SM about changes in opensc_engine_path,
    806 	 * pkcs11_engine_path, pkcs11_module_path.
    807 	 */
    808 	if (wpa_key_mgmt_wpa_psk(wpa_s->key_mgmt)) {
    809 		/*
    810 		 * Clear forced success to clear EAP state for next
    811 		 * authentication.
    812 		 */
    813 		eapol_sm_notify_eap_success(wpa_s->eapol, FALSE);
    814 	}
    815 	eapol_sm_notify_config(wpa_s->eapol, NULL, NULL);
    816 	wpa_sm_set_config(wpa_s->wpa, NULL);
    817 	wpa_sm_pmksa_cache_flush(wpa_s->wpa, NULL);
    818 	wpa_sm_set_fast_reauth(wpa_s->wpa, wpa_s->conf->fast_reauth);
    819 	rsn_preauth_deinit(wpa_s->wpa);
    820 
    821 	old_ap_scan = wpa_s->conf->ap_scan;
    822 	wpa_config_free(wpa_s->conf);
    823 	wpa_s->conf = conf;
    824 	if (old_ap_scan != wpa_s->conf->ap_scan)
    825 		wpas_notify_ap_scan_changed(wpa_s);
    826 
    827 	if (reconf_ctrl)
    828 		wpa_s->ctrl_iface = wpa_supplicant_ctrl_iface_init(wpa_s);
    829 
    830 	wpa_supplicant_update_config(wpa_s);
    831 
    832 	wpa_supplicant_clear_status(wpa_s);
    833 	if (wpa_supplicant_enabled_networks(wpa_s)) {
    834 		wpa_s->reassociate = 1;
    835 		wpa_supplicant_req_scan(wpa_s, 0, 0);
    836 	}
    837 	wpa_dbg(wpa_s, MSG_DEBUG, "Reconfiguration completed");
    838 	return 0;
    839 }
    840 
    841 
    842 static void wpa_supplicant_reconfig(int sig, void *signal_ctx)
    843 {
    844 	struct wpa_global *global = signal_ctx;
    845 	struct wpa_supplicant *wpa_s;
    846 	for (wpa_s = global->ifaces; wpa_s; wpa_s = wpa_s->next) {
    847 		wpa_dbg(wpa_s, MSG_DEBUG, "Signal %d received - reconfiguring",
    848 			sig);
    849 		if (wpa_supplicant_reload_configuration(wpa_s) < 0) {
    850 			wpa_supplicant_terminate_proc(global);
    851 		}
    852 	}
    853 }
    854 
    855 
    856 enum wpa_key_mgmt key_mgmt2driver(int key_mgmt)
    857 {
    858 	switch (key_mgmt) {
    859 	case WPA_KEY_MGMT_NONE:
    860 		return KEY_MGMT_NONE;
    861 	case WPA_KEY_MGMT_IEEE8021X_NO_WPA:
    862 		return KEY_MGMT_802_1X_NO_WPA;
    863 	case WPA_KEY_MGMT_IEEE8021X:
    864 		return KEY_MGMT_802_1X;
    865 	case WPA_KEY_MGMT_WPA_NONE:
    866 		return KEY_MGMT_WPA_NONE;
    867 	case WPA_KEY_MGMT_FT_IEEE8021X:
    868 		return KEY_MGMT_FT_802_1X;
    869 	case WPA_KEY_MGMT_FT_PSK:
    870 		return KEY_MGMT_FT_PSK;
    871 	case WPA_KEY_MGMT_IEEE8021X_SHA256:
    872 		return KEY_MGMT_802_1X_SHA256;
    873 	case WPA_KEY_MGMT_PSK_SHA256:
    874 		return KEY_MGMT_PSK_SHA256;
    875 	case WPA_KEY_MGMT_WPS:
    876 		return KEY_MGMT_WPS;
    877 	case WPA_KEY_MGMT_PSK:
    878 	default:
    879 		return KEY_MGMT_PSK;
    880 	}
    881 }
    882 
    883 
    884 static int wpa_supplicant_suites_from_ai(struct wpa_supplicant *wpa_s,
    885 					 struct wpa_ssid *ssid,
    886 					 struct wpa_ie_data *ie)
    887 {
    888 	int ret = wpa_sm_parse_own_wpa_ie(wpa_s->wpa, ie);
    889 	if (ret) {
    890 		if (ret == -2) {
    891 			wpa_msg(wpa_s, MSG_INFO, "WPA: Failed to parse WPA IE "
    892 				"from association info");
    893 		}
    894 		return -1;
    895 	}
    896 
    897 	wpa_dbg(wpa_s, MSG_DEBUG, "WPA: Using WPA IE from AssocReq to set "
    898 		"cipher suites");
    899 	if (!(ie->group_cipher & ssid->group_cipher)) {
    900 		wpa_msg(wpa_s, MSG_INFO, "WPA: Driver used disabled group "
    901 			"cipher 0x%x (mask 0x%x) - reject",
    902 			ie->group_cipher, ssid->group_cipher);
    903 		return -1;
    904 	}
    905 	if (!(ie->pairwise_cipher & ssid->pairwise_cipher)) {
    906 		wpa_msg(wpa_s, MSG_INFO, "WPA: Driver used disabled pairwise "
    907 			"cipher 0x%x (mask 0x%x) - reject",
    908 			ie->pairwise_cipher, ssid->pairwise_cipher);
    909 		return -1;
    910 	}
    911 	if (!(ie->key_mgmt & ssid->key_mgmt)) {
    912 		wpa_msg(wpa_s, MSG_INFO, "WPA: Driver used disabled key "
    913 			"management 0x%x (mask 0x%x) - reject",
    914 			ie->key_mgmt, ssid->key_mgmt);
    915 		return -1;
    916 	}
    917 
    918 #ifdef CONFIG_IEEE80211W
    919 	if (!(ie->capabilities & WPA_CAPABILITY_MFPC) &&
    920 	    (ssid->ieee80211w == MGMT_FRAME_PROTECTION_DEFAULT ?
    921 	     wpa_s->conf->pmf : ssid->ieee80211w) ==
    922 	    MGMT_FRAME_PROTECTION_REQUIRED) {
    923 		wpa_msg(wpa_s, MSG_INFO, "WPA: Driver associated with an AP "
    924 			"that does not support management frame protection - "
    925 			"reject");
    926 		return -1;
    927 	}
    928 #endif /* CONFIG_IEEE80211W */
    929 
    930 	return 0;
    931 }
    932 
    933 
    934 /**
    935  * wpa_supplicant_set_suites - Set authentication and encryption parameters
    936  * @wpa_s: Pointer to wpa_supplicant data
    937  * @bss: Scan results for the selected BSS, or %NULL if not available
    938  * @ssid: Configuration data for the selected network
    939  * @wpa_ie: Buffer for the WPA/RSN IE
    940  * @wpa_ie_len: Maximum wpa_ie buffer size on input. This is changed to be the
    941  * used buffer length in case the functions returns success.
    942  * Returns: 0 on success or -1 on failure
    943  *
    944  * This function is used to configure authentication and encryption parameters
    945  * based on the network configuration and scan result for the selected BSS (if
    946  * available).
    947  */
    948 int wpa_supplicant_set_suites(struct wpa_supplicant *wpa_s,
    949 			      struct wpa_bss *bss, struct wpa_ssid *ssid,
    950 			      u8 *wpa_ie, size_t *wpa_ie_len)
    951 {
    952 	struct wpa_ie_data ie;
    953 	int sel, proto;
    954 	const u8 *bss_wpa, *bss_rsn;
    955 
    956 	if (bss) {
    957 		bss_wpa = wpa_bss_get_vendor_ie(bss, WPA_IE_VENDOR_TYPE);
    958 		bss_rsn = wpa_bss_get_ie(bss, WLAN_EID_RSN);
    959 	} else
    960 		bss_wpa = bss_rsn = NULL;
    961 
    962 	if (bss_rsn && (ssid->proto & WPA_PROTO_RSN) &&
    963 	    wpa_parse_wpa_ie(bss_rsn, 2 + bss_rsn[1], &ie) == 0 &&
    964 	    (ie.group_cipher & ssid->group_cipher) &&
    965 	    (ie.pairwise_cipher & ssid->pairwise_cipher) &&
    966 	    (ie.key_mgmt & ssid->key_mgmt)) {
    967 		wpa_dbg(wpa_s, MSG_DEBUG, "RSN: using IEEE 802.11i/D9.0");
    968 		proto = WPA_PROTO_RSN;
    969 	} else if (bss_wpa && (ssid->proto & WPA_PROTO_WPA) &&
    970 		   wpa_parse_wpa_ie(bss_wpa, 2 +bss_wpa[1], &ie) == 0 &&
    971 		   (ie.group_cipher & ssid->group_cipher) &&
    972 		   (ie.pairwise_cipher & ssid->pairwise_cipher) &&
    973 		   (ie.key_mgmt & ssid->key_mgmt)) {
    974 		wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using IEEE 802.11i/D3.0");
    975 		proto = WPA_PROTO_WPA;
    976 	} else if (bss) {
    977 		wpa_msg(wpa_s, MSG_WARNING, "WPA: Failed to select WPA/RSN");
    978 		return -1;
    979 	} else {
    980 		if (ssid->proto & WPA_PROTO_RSN)
    981 			proto = WPA_PROTO_RSN;
    982 		else
    983 			proto = WPA_PROTO_WPA;
    984 		if (wpa_supplicant_suites_from_ai(wpa_s, ssid, &ie) < 0) {
    985 			os_memset(&ie, 0, sizeof(ie));
    986 			ie.group_cipher = ssid->group_cipher;
    987 			ie.pairwise_cipher = ssid->pairwise_cipher;
    988 			ie.key_mgmt = ssid->key_mgmt;
    989 #ifdef CONFIG_IEEE80211W
    990 			ie.mgmt_group_cipher =
    991 				ssid->ieee80211w != NO_MGMT_FRAME_PROTECTION ?
    992 				WPA_CIPHER_AES_128_CMAC : 0;
    993 #endif /* CONFIG_IEEE80211W */
    994 			wpa_dbg(wpa_s, MSG_DEBUG, "WPA: Set cipher suites "
    995 				"based on configuration");
    996 		} else
    997 			proto = ie.proto;
    998 	}
    999 
   1000 	wpa_dbg(wpa_s, MSG_DEBUG, "WPA: Selected cipher suites: group %d "
   1001 		"pairwise %d key_mgmt %d proto %d",
   1002 		ie.group_cipher, ie.pairwise_cipher, ie.key_mgmt, proto);
   1003 #ifdef CONFIG_IEEE80211W
   1004 	if (ssid->ieee80211w) {
   1005 		wpa_dbg(wpa_s, MSG_DEBUG, "WPA: Selected mgmt group cipher %d",
   1006 			ie.mgmt_group_cipher);
   1007 	}
   1008 #endif /* CONFIG_IEEE80211W */
   1009 
   1010 	wpa_s->wpa_proto = proto;
   1011 	wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_PROTO, proto);
   1012 	wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_RSN_ENABLED,
   1013 			 !!(ssid->proto & WPA_PROTO_RSN));
   1014 
   1015 	if (bss || !wpa_s->ap_ies_from_associnfo) {
   1016 		if (wpa_sm_set_ap_wpa_ie(wpa_s->wpa, bss_wpa,
   1017 					 bss_wpa ? 2 + bss_wpa[1] : 0) ||
   1018 		    wpa_sm_set_ap_rsn_ie(wpa_s->wpa, bss_rsn,
   1019 					 bss_rsn ? 2 + bss_rsn[1] : 0))
   1020 			return -1;
   1021 	}
   1022 
   1023 	sel = ie.group_cipher & ssid->group_cipher;
   1024 	wpa_s->group_cipher = wpa_pick_group_cipher(sel);
   1025 	if (wpa_s->group_cipher < 0) {
   1026 		wpa_msg(wpa_s, MSG_WARNING, "WPA: Failed to select group "
   1027 			"cipher");
   1028 		return -1;
   1029 	}
   1030 	wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using GTK %s",
   1031 		wpa_cipher_txt(wpa_s->group_cipher));
   1032 
   1033 	sel = ie.pairwise_cipher & ssid->pairwise_cipher;
   1034 	wpa_s->pairwise_cipher = wpa_pick_pairwise_cipher(sel, 1);
   1035 	if (wpa_s->pairwise_cipher < 0) {
   1036 		wpa_msg(wpa_s, MSG_WARNING, "WPA: Failed to select pairwise "
   1037 			"cipher");
   1038 		return -1;
   1039 	}
   1040 	wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using PTK %s",
   1041 		wpa_cipher_txt(wpa_s->pairwise_cipher));
   1042 
   1043 	sel = ie.key_mgmt & ssid->key_mgmt;
   1044 #ifdef CONFIG_SAE
   1045 	if (!(wpa_s->drv_flags & WPA_DRIVER_FLAGS_SAE))
   1046 		sel &= ~(WPA_KEY_MGMT_SAE | WPA_KEY_MGMT_FT_SAE);
   1047 #endif /* CONFIG_SAE */
   1048 	if (0) {
   1049 #ifdef CONFIG_IEEE80211R
   1050 	} else if (sel & WPA_KEY_MGMT_FT_IEEE8021X) {
   1051 		wpa_s->key_mgmt = WPA_KEY_MGMT_FT_IEEE8021X;
   1052 		wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using KEY_MGMT FT/802.1X");
   1053 	} else if (sel & WPA_KEY_MGMT_FT_PSK) {
   1054 		wpa_s->key_mgmt = WPA_KEY_MGMT_FT_PSK;
   1055 		wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using KEY_MGMT FT/PSK");
   1056 #endif /* CONFIG_IEEE80211R */
   1057 #ifdef CONFIG_SAE
   1058 	} else if (sel & WPA_KEY_MGMT_SAE) {
   1059 		wpa_s->key_mgmt = WPA_KEY_MGMT_SAE;
   1060 		wpa_dbg(wpa_s, MSG_DEBUG, "RSN: using KEY_MGMT SAE");
   1061 	} else if (sel & WPA_KEY_MGMT_FT_SAE) {
   1062 		wpa_s->key_mgmt = WPA_KEY_MGMT_FT_SAE;
   1063 		wpa_dbg(wpa_s, MSG_DEBUG, "RSN: using KEY_MGMT FT/SAE");
   1064 #endif /* CONFIG_SAE */
   1065 #ifdef CONFIG_IEEE80211W
   1066 	} else if (sel & WPA_KEY_MGMT_IEEE8021X_SHA256) {
   1067 		wpa_s->key_mgmt = WPA_KEY_MGMT_IEEE8021X_SHA256;
   1068 		wpa_dbg(wpa_s, MSG_DEBUG,
   1069 			"WPA: using KEY_MGMT 802.1X with SHA256");
   1070 	} else if (sel & WPA_KEY_MGMT_PSK_SHA256) {
   1071 		wpa_s->key_mgmt = WPA_KEY_MGMT_PSK_SHA256;
   1072 		wpa_dbg(wpa_s, MSG_DEBUG,
   1073 			"WPA: using KEY_MGMT PSK with SHA256");
   1074 #endif /* CONFIG_IEEE80211W */
   1075 	} else if (sel & WPA_KEY_MGMT_IEEE8021X) {
   1076 		wpa_s->key_mgmt = WPA_KEY_MGMT_IEEE8021X;
   1077 		wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using KEY_MGMT 802.1X");
   1078 	} else if (sel & WPA_KEY_MGMT_PSK) {
   1079 		wpa_s->key_mgmt = WPA_KEY_MGMT_PSK;
   1080 		wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using KEY_MGMT WPA-PSK");
   1081 	} else if (sel & WPA_KEY_MGMT_WPA_NONE) {
   1082 		wpa_s->key_mgmt = WPA_KEY_MGMT_WPA_NONE;
   1083 		wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using KEY_MGMT WPA-NONE");
   1084 	} else {
   1085 		wpa_msg(wpa_s, MSG_WARNING, "WPA: Failed to select "
   1086 			"authenticated key management type");
   1087 		return -1;
   1088 	}
   1089 
   1090 	wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_KEY_MGMT, wpa_s->key_mgmt);
   1091 	wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_PAIRWISE,
   1092 			 wpa_s->pairwise_cipher);
   1093 	wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_GROUP, wpa_s->group_cipher);
   1094 
   1095 #ifdef CONFIG_IEEE80211W
   1096 	sel = ie.mgmt_group_cipher;
   1097 	if ((ssid->ieee80211w == MGMT_FRAME_PROTECTION_DEFAULT ?
   1098 	     wpa_s->conf->pmf : ssid->ieee80211w) == NO_MGMT_FRAME_PROTECTION ||
   1099 	    !(ie.capabilities & WPA_CAPABILITY_MFPC))
   1100 		sel = 0;
   1101 	if (sel & WPA_CIPHER_AES_128_CMAC) {
   1102 		wpa_s->mgmt_group_cipher = WPA_CIPHER_AES_128_CMAC;
   1103 		wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using MGMT group cipher "
   1104 			"AES-128-CMAC");
   1105 	} else {
   1106 		wpa_s->mgmt_group_cipher = 0;
   1107 		wpa_dbg(wpa_s, MSG_DEBUG, "WPA: not using MGMT group cipher");
   1108 	}
   1109 	wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_MGMT_GROUP,
   1110 			 wpa_s->mgmt_group_cipher);
   1111 	wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_MFP,
   1112 			 (ssid->ieee80211w == MGMT_FRAME_PROTECTION_DEFAULT ?
   1113 			  wpa_s->conf->pmf : ssid->ieee80211w));
   1114 #endif /* CONFIG_IEEE80211W */
   1115 
   1116 	if (wpa_sm_set_assoc_wpa_ie_default(wpa_s->wpa, wpa_ie, wpa_ie_len)) {
   1117 		wpa_msg(wpa_s, MSG_WARNING, "WPA: Failed to generate WPA IE");
   1118 		return -1;
   1119 	}
   1120 
   1121 	if (wpa_key_mgmt_wpa_psk(ssid->key_mgmt)) {
   1122 		wpa_sm_set_pmk(wpa_s->wpa, ssid->psk, PMK_LEN);
   1123 #ifndef CONFIG_NO_PBKDF2
   1124 		if (bss && ssid->bssid_set && ssid->ssid_len == 0 &&
   1125 		    ssid->passphrase) {
   1126 			u8 psk[PMK_LEN];
   1127 		        pbkdf2_sha1(ssid->passphrase, bss->ssid, bss->ssid_len,
   1128 				    4096, psk, PMK_LEN);
   1129 		        wpa_hexdump_key(MSG_MSGDUMP, "PSK (from passphrase)",
   1130 					psk, PMK_LEN);
   1131 			wpa_sm_set_pmk(wpa_s->wpa, psk, PMK_LEN);
   1132 		}
   1133 #endif /* CONFIG_NO_PBKDF2 */
   1134 #ifdef CONFIG_EXT_PASSWORD
   1135 		if (ssid->ext_psk) {
   1136 			struct wpabuf *pw = ext_password_get(wpa_s->ext_pw,
   1137 							     ssid->ext_psk);
   1138 			char pw_str[64 + 1];
   1139 			u8 psk[PMK_LEN];
   1140 
   1141 			if (pw == NULL) {
   1142 				wpa_msg(wpa_s, MSG_INFO, "EXT PW: No PSK "
   1143 					"found from external storage");
   1144 				return -1;
   1145 			}
   1146 
   1147 			if (wpabuf_len(pw) < 8 || wpabuf_len(pw) > 64) {
   1148 				wpa_msg(wpa_s, MSG_INFO, "EXT PW: Unexpected "
   1149 					"PSK length %d in external storage",
   1150 					(int) wpabuf_len(pw));
   1151 				ext_password_free(pw);
   1152 				return -1;
   1153 			}
   1154 
   1155 			os_memcpy(pw_str, wpabuf_head(pw), wpabuf_len(pw));
   1156 			pw_str[wpabuf_len(pw)] = '\0';
   1157 
   1158 #ifndef CONFIG_NO_PBKDF2
   1159 			if (wpabuf_len(pw) >= 8 && wpabuf_len(pw) < 64 && bss)
   1160 			{
   1161 				pbkdf2_sha1(pw_str, bss->ssid, bss->ssid_len,
   1162 					    4096, psk, PMK_LEN);
   1163 				os_memset(pw_str, 0, sizeof(pw_str));
   1164 				wpa_hexdump_key(MSG_MSGDUMP, "PSK (from "
   1165 						"external passphrase)",
   1166 						psk, PMK_LEN);
   1167 				wpa_sm_set_pmk(wpa_s->wpa, psk, PMK_LEN);
   1168 			} else
   1169 #endif /* CONFIG_NO_PBKDF2 */
   1170 			if (wpabuf_len(pw) == 2 * PMK_LEN) {
   1171 				if (hexstr2bin(pw_str, psk, PMK_LEN) < 0) {
   1172 					wpa_msg(wpa_s, MSG_INFO, "EXT PW: "
   1173 						"Invalid PSK hex string");
   1174 					os_memset(pw_str, 0, sizeof(pw_str));
   1175 					ext_password_free(pw);
   1176 					return -1;
   1177 				}
   1178 				wpa_sm_set_pmk(wpa_s->wpa, psk, PMK_LEN);
   1179 			} else {
   1180 				wpa_msg(wpa_s, MSG_INFO, "EXT PW: No suitable "
   1181 					"PSK available");
   1182 				os_memset(pw_str, 0, sizeof(pw_str));
   1183 				ext_password_free(pw);
   1184 				return -1;
   1185 			}
   1186 
   1187 			os_memset(pw_str, 0, sizeof(pw_str));
   1188 			ext_password_free(pw);
   1189 		}
   1190 #endif /* CONFIG_EXT_PASSWORD */
   1191 	} else
   1192 		wpa_sm_set_pmk_from_pmksa(wpa_s->wpa);
   1193 
   1194 	return 0;
   1195 }
   1196 
   1197 
   1198 static void wpas_ext_capab_byte(struct wpa_supplicant *wpa_s, u8 *pos, int idx)
   1199 {
   1200 	*pos = 0x00;
   1201 
   1202 	switch (idx) {
   1203 	case 0: /* Bits 0-7 */
   1204 		break;
   1205 	case 1: /* Bits 8-15 */
   1206 		break;
   1207 	case 2: /* Bits 16-23 */
   1208 #ifdef CONFIG_WNM
   1209 		*pos |= 0x02; /* Bit 17 - WNM-Sleep Mode */
   1210 		*pos |= 0x08; /* Bit 19 - BSS Transition */
   1211 #endif /* CONFIG_WNM */
   1212 		break;
   1213 	case 3: /* Bits 24-31 */
   1214 #ifdef CONFIG_WNM
   1215 		*pos |= 0x02; /* Bit 25 - SSID List */
   1216 #endif /* CONFIG_WNM */
   1217 #ifdef CONFIG_INTERWORKING
   1218 		if (wpa_s->conf->interworking)
   1219 			*pos |= 0x80; /* Bit 31 - Interworking */
   1220 #endif /* CONFIG_INTERWORKING */
   1221 		break;
   1222 	case 4: /* Bits 32-39 */
   1223 		break;
   1224 	case 5: /* Bits 40-47 */
   1225 		break;
   1226 	case 6: /* Bits 48-55 */
   1227 		break;
   1228 	}
   1229 }
   1230 
   1231 
   1232 int wpas_build_ext_capab(struct wpa_supplicant *wpa_s, u8 *buf)
   1233 {
   1234 	u8 *pos = buf;
   1235 	u8 len = 4, i;
   1236 
   1237 	if (len < wpa_s->extended_capa_len)
   1238 		len = wpa_s->extended_capa_len;
   1239 
   1240 	*pos++ = WLAN_EID_EXT_CAPAB;
   1241 	*pos++ = len;
   1242 	for (i = 0; i < len; i++, pos++) {
   1243 		wpas_ext_capab_byte(wpa_s, pos, i);
   1244 
   1245 		if (i < wpa_s->extended_capa_len) {
   1246 			*pos &= ~wpa_s->extended_capa_mask[i];
   1247 			*pos |= wpa_s->extended_capa[i];
   1248 		}
   1249 	}
   1250 
   1251 	while (len > 0 && buf[1 + len] == 0) {
   1252 		len--;
   1253 		buf[1] = len;
   1254 	}
   1255 	if (len == 0)
   1256 		return 0;
   1257 
   1258 	return 2 + len;
   1259 }
   1260 
   1261 
   1262 /**
   1263  * wpa_supplicant_associate - Request association
   1264  * @wpa_s: Pointer to wpa_supplicant data
   1265  * @bss: Scan results for the selected BSS, or %NULL if not available
   1266  * @ssid: Configuration data for the selected network
   1267  *
   1268  * This function is used to request %wpa_supplicant to associate with a BSS.
   1269  */
   1270 void wpa_supplicant_associate(struct wpa_supplicant *wpa_s,
   1271 			      struct wpa_bss *bss, struct wpa_ssid *ssid)
   1272 {
   1273 	u8 wpa_ie[200];
   1274 	size_t wpa_ie_len;
   1275 	int use_crypt, ret, i, bssid_changed;
   1276 	int algs = WPA_AUTH_ALG_OPEN;
   1277 	enum wpa_cipher cipher_pairwise, cipher_group;
   1278 	struct wpa_driver_associate_params params;
   1279 	int wep_keys_set = 0;
   1280 	int assoc_failed = 0;
   1281 	struct wpa_ssid *old_ssid;
   1282 	u8 ext_capab[10];
   1283 	int ext_capab_len;
   1284 #ifdef CONFIG_HT_OVERRIDES
   1285 	struct ieee80211_ht_capabilities htcaps;
   1286 	struct ieee80211_ht_capabilities htcaps_mask;
   1287 #endif /* CONFIG_HT_OVERRIDES */
   1288 
   1289 #ifdef CONFIG_IBSS_RSN
   1290 	ibss_rsn_deinit(wpa_s->ibss_rsn);
   1291 	wpa_s->ibss_rsn = NULL;
   1292 #endif /* CONFIG_IBSS_RSN */
   1293 #ifdef ANDROID_P2P
   1294 	int freq = 0;
   1295 #endif
   1296 
   1297 	if (ssid->mode == WPAS_MODE_AP || ssid->mode == WPAS_MODE_P2P_GO ||
   1298 	    ssid->mode == WPAS_MODE_P2P_GROUP_FORMATION) {
   1299 #ifdef CONFIG_AP
   1300 		if (!(wpa_s->drv_flags & WPA_DRIVER_FLAGS_AP)) {
   1301 			wpa_msg(wpa_s, MSG_INFO, "Driver does not support AP "
   1302 				"mode");
   1303 			return;
   1304 		}
   1305 		if (wpa_supplicant_create_ap(wpa_s, ssid) < 0) {
   1306 			wpa_supplicant_set_state(wpa_s, WPA_DISCONNECTED);
   1307 			if (ssid->mode == WPAS_MODE_P2P_GROUP_FORMATION)
   1308 				wpas_p2p_ap_setup_failed(wpa_s);
   1309 			return;
   1310 		}
   1311 		wpa_s->current_bss = bss;
   1312 #else /* CONFIG_AP */
   1313 		wpa_msg(wpa_s, MSG_ERROR, "AP mode support not included in "
   1314 			"the build");
   1315 #endif /* CONFIG_AP */
   1316 		return;
   1317 	}
   1318 
   1319 #ifdef CONFIG_TDLS
   1320 	if (bss)
   1321 		wpa_tdls_ap_ies(wpa_s->wpa, (const u8 *) (bss + 1),
   1322 				bss->ie_len);
   1323 #endif /* CONFIG_TDLS */
   1324 
   1325 	if ((wpa_s->drv_flags & WPA_DRIVER_FLAGS_SME) &&
   1326 	    ssid->mode == IEEE80211_MODE_INFRA) {
   1327 		sme_authenticate(wpa_s, bss, ssid);
   1328 		return;
   1329 	}
   1330 
   1331 	os_memset(&params, 0, sizeof(params));
   1332 	wpa_s->reassociate = 0;
   1333 	if (bss && !wpas_driver_bss_selection(wpa_s)) {
   1334 #ifdef CONFIG_IEEE80211R
   1335 		const u8 *ie, *md = NULL;
   1336 #endif /* CONFIG_IEEE80211R */
   1337 		wpa_msg(wpa_s, MSG_INFO, "Trying to associate with " MACSTR
   1338 			" (SSID='%s' freq=%d MHz)", MAC2STR(bss->bssid),
   1339 			wpa_ssid_txt(bss->ssid, bss->ssid_len), bss->freq);
   1340 		bssid_changed = !is_zero_ether_addr(wpa_s->bssid);
   1341 		os_memset(wpa_s->bssid, 0, ETH_ALEN);
   1342 		os_memcpy(wpa_s->pending_bssid, bss->bssid, ETH_ALEN);
   1343 		if (bssid_changed)
   1344 			wpas_notify_bssid_changed(wpa_s);
   1345 #ifdef CONFIG_IEEE80211R
   1346 		ie = wpa_bss_get_ie(bss, WLAN_EID_MOBILITY_DOMAIN);
   1347 		if (ie && ie[1] >= MOBILITY_DOMAIN_ID_LEN)
   1348 			md = ie + 2;
   1349 		wpa_sm_set_ft_params(wpa_s->wpa, ie, ie ? 2 + ie[1] : 0);
   1350 		if (md) {
   1351 			/* Prepare for the next transition */
   1352 			wpa_ft_prepare_auth_request(wpa_s->wpa, ie);
   1353 		}
   1354 #endif /* CONFIG_IEEE80211R */
   1355 #ifdef CONFIG_WPS
   1356 	} else if ((ssid->ssid == NULL || ssid->ssid_len == 0) &&
   1357 		   wpa_s->conf->ap_scan == 2 &&
   1358 		   (ssid->key_mgmt & WPA_KEY_MGMT_WPS)) {
   1359 		/* Use ap_scan==1 style network selection to find the network
   1360 		 */
   1361 		wpa_s->scan_req = MANUAL_SCAN_REQ;
   1362 		wpa_s->reassociate = 1;
   1363 		wpa_supplicant_req_scan(wpa_s, 0, 0);
   1364 		return;
   1365 #endif /* CONFIG_WPS */
   1366 	} else {
   1367 		wpa_msg(wpa_s, MSG_INFO, "Trying to associate with SSID '%s'",
   1368 			wpa_ssid_txt(ssid->ssid, ssid->ssid_len));
   1369 		os_memset(wpa_s->pending_bssid, 0, ETH_ALEN);
   1370 	}
   1371 	wpa_supplicant_cancel_sched_scan(wpa_s);
   1372 	wpa_supplicant_cancel_scan(wpa_s);
   1373 
   1374 	/* Starting new association, so clear the possibly used WPA IE from the
   1375 	 * previous association. */
   1376 	wpa_sm_set_assoc_wpa_ie(wpa_s->wpa, NULL, 0);
   1377 
   1378 #ifdef IEEE8021X_EAPOL
   1379 	if (ssid->key_mgmt & WPA_KEY_MGMT_IEEE8021X_NO_WPA) {
   1380 		if (ssid->leap) {
   1381 			if (ssid->non_leap == 0)
   1382 				algs = WPA_AUTH_ALG_LEAP;
   1383 			else
   1384 				algs |= WPA_AUTH_ALG_LEAP;
   1385 		}
   1386 	}
   1387 #endif /* IEEE8021X_EAPOL */
   1388 	wpa_dbg(wpa_s, MSG_DEBUG, "Automatic auth_alg selection: 0x%x", algs);
   1389 	if (ssid->auth_alg) {
   1390 		algs = ssid->auth_alg;
   1391 		wpa_dbg(wpa_s, MSG_DEBUG, "Overriding auth_alg selection: "
   1392 			"0x%x", algs);
   1393 	}
   1394 
   1395 	if (bss && (wpa_bss_get_vendor_ie(bss, WPA_IE_VENDOR_TYPE) ||
   1396 		    wpa_bss_get_ie(bss, WLAN_EID_RSN)) &&
   1397 	    wpa_key_mgmt_wpa(ssid->key_mgmt)) {
   1398 		int try_opportunistic;
   1399 		try_opportunistic = (ssid->proactive_key_caching < 0 ?
   1400 				     wpa_s->conf->okc :
   1401 				     ssid->proactive_key_caching) &&
   1402 			(ssid->proto & WPA_PROTO_RSN);
   1403 		if (pmksa_cache_set_current(wpa_s->wpa, NULL, bss->bssid,
   1404 					    ssid, try_opportunistic) == 0)
   1405 			eapol_sm_notify_pmkid_attempt(wpa_s->eapol, 1);
   1406 		wpa_ie_len = sizeof(wpa_ie);
   1407 		if (wpa_supplicant_set_suites(wpa_s, bss, ssid,
   1408 					      wpa_ie, &wpa_ie_len)) {
   1409 			wpa_msg(wpa_s, MSG_WARNING, "WPA: Failed to set WPA "
   1410 				"key management and encryption suites");
   1411 			return;
   1412 		}
   1413 	} else if ((ssid->key_mgmt & WPA_KEY_MGMT_IEEE8021X_NO_WPA) && bss &&
   1414 		   wpa_key_mgmt_wpa_ieee8021x(ssid->key_mgmt)) {
   1415 		/*
   1416 		 * Both WPA and non-WPA IEEE 802.1X enabled in configuration -
   1417 		 * use non-WPA since the scan results did not indicate that the
   1418 		 * AP is using WPA or WPA2.
   1419 		 */
   1420 		wpa_supplicant_set_non_wpa_policy(wpa_s, ssid);
   1421 		wpa_ie_len = 0;
   1422 		wpa_s->wpa_proto = 0;
   1423 	} else if (wpa_key_mgmt_wpa_any(ssid->key_mgmt)) {
   1424 		wpa_ie_len = sizeof(wpa_ie);
   1425 		if (wpa_supplicant_set_suites(wpa_s, NULL, ssid,
   1426 					      wpa_ie, &wpa_ie_len)) {
   1427 			wpa_msg(wpa_s, MSG_WARNING, "WPA: Failed to set WPA "
   1428 				"key management and encryption suites (no "
   1429 				"scan results)");
   1430 			return;
   1431 		}
   1432 #ifdef CONFIG_WPS
   1433 	} else if (ssid->key_mgmt & WPA_KEY_MGMT_WPS) {
   1434 		struct wpabuf *wps_ie;
   1435 		wps_ie = wps_build_assoc_req_ie(wpas_wps_get_req_type(ssid));
   1436 		if (wps_ie && wpabuf_len(wps_ie) <= sizeof(wpa_ie)) {
   1437 			wpa_ie_len = wpabuf_len(wps_ie);
   1438 			os_memcpy(wpa_ie, wpabuf_head(wps_ie), wpa_ie_len);
   1439 		} else
   1440 			wpa_ie_len = 0;
   1441 		wpabuf_free(wps_ie);
   1442 		wpa_supplicant_set_non_wpa_policy(wpa_s, ssid);
   1443 		if (!bss || (bss->caps & IEEE80211_CAP_PRIVACY))
   1444 			params.wps = WPS_MODE_PRIVACY;
   1445 		else
   1446 			params.wps = WPS_MODE_OPEN;
   1447 		wpa_s->wpa_proto = 0;
   1448 #endif /* CONFIG_WPS */
   1449 	} else {
   1450 		wpa_supplicant_set_non_wpa_policy(wpa_s, ssid);
   1451 		wpa_ie_len = 0;
   1452 		wpa_s->wpa_proto = 0;
   1453 	}
   1454 
   1455 #ifdef CONFIG_P2P
   1456 	if (wpa_s->global->p2p) {
   1457 		u8 *pos;
   1458 		size_t len;
   1459 		int res;
   1460 		pos = wpa_ie + wpa_ie_len;
   1461 		len = sizeof(wpa_ie) - wpa_ie_len;
   1462 		res = wpas_p2p_assoc_req_ie(wpa_s, bss, pos, len,
   1463 					    ssid->p2p_group);
   1464 		if (res >= 0)
   1465 			wpa_ie_len += res;
   1466 	}
   1467 
   1468 	wpa_s->cross_connect_disallowed = 0;
   1469 	if (bss) {
   1470 		struct wpabuf *p2p;
   1471 		p2p = wpa_bss_get_vendor_ie_multi(bss, P2P_IE_VENDOR_TYPE);
   1472 		if (p2p) {
   1473 			wpa_s->cross_connect_disallowed =
   1474 				p2p_get_cross_connect_disallowed(p2p);
   1475 			wpabuf_free(p2p);
   1476 			wpa_dbg(wpa_s, MSG_DEBUG, "P2P: WLAN AP %s cross "
   1477 				"connection",
   1478 				wpa_s->cross_connect_disallowed ?
   1479 				"disallows" : "allows");
   1480 		}
   1481 	}
   1482 #endif /* CONFIG_P2P */
   1483 
   1484 #ifdef CONFIG_HS20
   1485 	if (is_hs20_network(wpa_s, ssid, bss)) {
   1486 		struct wpabuf *hs20;
   1487 		hs20 = wpabuf_alloc(20);
   1488 		if (hs20) {
   1489 			wpas_hs20_add_indication(hs20);
   1490 			os_memcpy(wpa_ie + wpa_ie_len, wpabuf_head(hs20),
   1491 				  wpabuf_len(hs20));
   1492 			wpa_ie_len += wpabuf_len(hs20);
   1493 			wpabuf_free(hs20);
   1494 		}
   1495 	}
   1496 #endif /* CONFIG_HS20 */
   1497 
   1498 	ext_capab_len = wpas_build_ext_capab(wpa_s, ext_capab);
   1499 	if (ext_capab_len > 0) {
   1500 		u8 *pos = wpa_ie;
   1501 		if (wpa_ie_len > 0 && pos[0] == WLAN_EID_RSN)
   1502 			pos += 2 + pos[1];
   1503 		os_memmove(pos + ext_capab_len, pos,
   1504 			   wpa_ie_len - (pos - wpa_ie));
   1505 		wpa_ie_len += ext_capab_len;
   1506 		os_memcpy(pos, ext_capab, ext_capab_len);
   1507 	}
   1508 
   1509 	wpa_clear_keys(wpa_s, bss ? bss->bssid : NULL);
   1510 	use_crypt = 1;
   1511 	cipher_pairwise = wpa_cipher_to_suite_driver(wpa_s->pairwise_cipher);
   1512 	cipher_group = wpa_cipher_to_suite_driver(wpa_s->group_cipher);
   1513 	if (wpa_s->key_mgmt == WPA_KEY_MGMT_NONE ||
   1514 	    wpa_s->key_mgmt == WPA_KEY_MGMT_IEEE8021X_NO_WPA) {
   1515 		if (wpa_s->key_mgmt == WPA_KEY_MGMT_NONE)
   1516 			use_crypt = 0;
   1517 		if (wpa_set_wep_keys(wpa_s, ssid)) {
   1518 			use_crypt = 1;
   1519 			wep_keys_set = 1;
   1520 		}
   1521 	}
   1522 	if (wpa_s->key_mgmt == WPA_KEY_MGMT_WPS)
   1523 		use_crypt = 0;
   1524 
   1525 #ifdef IEEE8021X_EAPOL
   1526 	if (wpa_s->key_mgmt == WPA_KEY_MGMT_IEEE8021X_NO_WPA) {
   1527 		if ((ssid->eapol_flags &
   1528 		     (EAPOL_FLAG_REQUIRE_KEY_UNICAST |
   1529 		      EAPOL_FLAG_REQUIRE_KEY_BROADCAST)) == 0 &&
   1530 		    !wep_keys_set) {
   1531 			use_crypt = 0;
   1532 		} else {
   1533 			/* Assume that dynamic WEP-104 keys will be used and
   1534 			 * set cipher suites in order for drivers to expect
   1535 			 * encryption. */
   1536 			cipher_pairwise = cipher_group = CIPHER_WEP104;
   1537 		}
   1538 	}
   1539 #endif /* IEEE8021X_EAPOL */
   1540 
   1541 	if (wpa_s->key_mgmt == WPA_KEY_MGMT_WPA_NONE) {
   1542 		/* Set the key before (and later after) association */
   1543 		wpa_supplicant_set_wpa_none_key(wpa_s, ssid);
   1544 	}
   1545 
   1546 	wpa_supplicant_set_state(wpa_s, WPA_ASSOCIATING);
   1547 	if (bss) {
   1548 		params.ssid = bss->ssid;
   1549 		params.ssid_len = bss->ssid_len;
   1550 		if (!wpas_driver_bss_selection(wpa_s) || ssid->bssid_set) {
   1551 			wpa_printf(MSG_DEBUG, "Limit connection to BSSID "
   1552 				   MACSTR " freq=%u MHz based on scan results "
   1553 				   "(bssid_set=%d)",
   1554 				   MAC2STR(bss->bssid), bss->freq,
   1555 				   ssid->bssid_set);
   1556 			params.bssid = bss->bssid;
   1557 			params.freq = bss->freq;
   1558 		}
   1559 	} else {
   1560 		params.ssid = ssid->ssid;
   1561 		params.ssid_len = ssid->ssid_len;
   1562 	}
   1563 
   1564 	if (ssid->mode == WPAS_MODE_IBSS && ssid->bssid_set &&
   1565 	    wpa_s->conf->ap_scan == 2) {
   1566 		params.bssid = ssid->bssid;
   1567 		params.fixed_bssid = 1;
   1568 	}
   1569 
   1570 	if (ssid->mode == WPAS_MODE_IBSS && ssid->frequency > 0 &&
   1571 	    params.freq == 0)
   1572 		params.freq = ssid->frequency; /* Initial channel for IBSS */
   1573 	params.wpa_ie = wpa_ie;
   1574 	params.wpa_ie_len = wpa_ie_len;
   1575 	params.pairwise_suite = cipher_pairwise;
   1576 	params.group_suite = cipher_group;
   1577 	params.key_mgmt_suite = key_mgmt2driver(wpa_s->key_mgmt);
   1578 	params.wpa_proto = wpa_s->wpa_proto;
   1579 	params.auth_alg = algs;
   1580 	params.mode = ssid->mode;
   1581 	params.bg_scan_period = ssid->bg_scan_period;
   1582 	for (i = 0; i < NUM_WEP_KEYS; i++) {
   1583 		if (ssid->wep_key_len[i])
   1584 			params.wep_key[i] = ssid->wep_key[i];
   1585 		params.wep_key_len[i] = ssid->wep_key_len[i];
   1586 	}
   1587 	params.wep_tx_keyidx = ssid->wep_tx_keyidx;
   1588 
   1589 	if ((wpa_s->drv_flags & WPA_DRIVER_FLAGS_4WAY_HANDSHAKE) &&
   1590 	    (params.key_mgmt_suite == KEY_MGMT_PSK ||
   1591 	     params.key_mgmt_suite == KEY_MGMT_FT_PSK)) {
   1592 		params.passphrase = ssid->passphrase;
   1593 		if (ssid->psk_set)
   1594 			params.psk = ssid->psk;
   1595 	}
   1596 
   1597 	params.drop_unencrypted = use_crypt;
   1598 
   1599 #ifdef CONFIG_IEEE80211W
   1600 	params.mgmt_frame_protection =
   1601 		ssid->ieee80211w == MGMT_FRAME_PROTECTION_DEFAULT ?
   1602 		wpa_s->conf->pmf : ssid->ieee80211w;
   1603 	if (params.mgmt_frame_protection != NO_MGMT_FRAME_PROTECTION && bss) {
   1604 		const u8 *rsn = wpa_bss_get_ie(bss, WLAN_EID_RSN);
   1605 		struct wpa_ie_data ie;
   1606 		if (rsn && wpa_parse_wpa_ie(rsn, 2 + rsn[1], &ie) == 0 &&
   1607 		    ie.capabilities &
   1608 		    (WPA_CAPABILITY_MFPC | WPA_CAPABILITY_MFPR)) {
   1609 			wpa_dbg(wpa_s, MSG_DEBUG, "WPA: Selected AP supports "
   1610 				"MFP: require MFP");
   1611 			params.mgmt_frame_protection =
   1612 				MGMT_FRAME_PROTECTION_REQUIRED;
   1613 		}
   1614 	}
   1615 #endif /* CONFIG_IEEE80211W */
   1616 
   1617 	params.p2p = ssid->p2p_group;
   1618 
   1619 	if (wpa_s->parent->set_sta_uapsd)
   1620 		params.uapsd = wpa_s->parent->sta_uapsd;
   1621 	else
   1622 		params.uapsd = -1;
   1623 
   1624 #ifdef CONFIG_HT_OVERRIDES
   1625 	os_memset(&htcaps, 0, sizeof(htcaps));
   1626 	os_memset(&htcaps_mask, 0, sizeof(htcaps_mask));
   1627 	params.htcaps = (u8 *) &htcaps;
   1628 	params.htcaps_mask = (u8 *) &htcaps_mask;
   1629 	wpa_supplicant_apply_ht_overrides(wpa_s, ssid, &params);
   1630 #endif /* CONFIG_HT_OVERRIDES */
   1631 
   1632 #ifdef ANDROID_P2P
   1633 	/* If multichannel concurrency is not supported, check for any frequency
   1634 	 * conflict and take appropriate action.
   1635 	 */
   1636 	if ((wpa_s->num_multichan_concurrent < 2) &&
   1637 		((freq = wpa_drv_shared_freq(wpa_s)) > 0) && (freq != params.freq)) {
   1638 		wpa_printf(MSG_DEBUG, "Shared interface with conflicting frequency found (%d != %d)"
   1639 																, freq, params.freq);
   1640 		if (wpas_p2p_handle_frequency_conflicts(wpa_s, params.freq, ssid) < 0)
   1641 			return;
   1642 	}
   1643 #endif
   1644 	ret = wpa_drv_associate(wpa_s, &params);
   1645 	if (ret < 0) {
   1646 		wpa_msg(wpa_s, MSG_INFO, "Association request to the driver "
   1647 			"failed");
   1648 		if (wpa_s->drv_flags & WPA_DRIVER_FLAGS_SANE_ERROR_CODES) {
   1649 			/*
   1650 			 * The driver is known to mean what is saying, so we
   1651 			 * can stop right here; the association will not
   1652 			 * succeed.
   1653 			 */
   1654 			wpas_connection_failed(wpa_s, wpa_s->pending_bssid);
   1655 			wpa_supplicant_set_state(wpa_s, WPA_DISCONNECTED);
   1656 			os_memset(wpa_s->pending_bssid, 0, ETH_ALEN);
   1657 			return;
   1658 		}
   1659 		/* try to continue anyway; new association will be tried again
   1660 		 * after timeout */
   1661 		assoc_failed = 1;
   1662 	}
   1663 
   1664 	if (wpa_s->key_mgmt == WPA_KEY_MGMT_WPA_NONE) {
   1665 		/* Set the key after the association just in case association
   1666 		 * cleared the previously configured key. */
   1667 		wpa_supplicant_set_wpa_none_key(wpa_s, ssid);
   1668 		/* No need to timeout authentication since there is no key
   1669 		 * management. */
   1670 		wpa_supplicant_cancel_auth_timeout(wpa_s);
   1671 		wpa_supplicant_set_state(wpa_s, WPA_COMPLETED);
   1672 #ifdef CONFIG_IBSS_RSN
   1673 	} else if (ssid->mode == WPAS_MODE_IBSS &&
   1674 		   wpa_s->key_mgmt != WPA_KEY_MGMT_NONE &&
   1675 		   wpa_s->key_mgmt != WPA_KEY_MGMT_WPA_NONE) {
   1676 		/*
   1677 		 * RSN IBSS authentication is per-STA and we can disable the
   1678 		 * per-BSSID authentication.
   1679 		 */
   1680 		wpa_supplicant_cancel_auth_timeout(wpa_s);
   1681 #endif /* CONFIG_IBSS_RSN */
   1682 	} else {
   1683 		/* Timeout for IEEE 802.11 authentication and association */
   1684 		int timeout = 60;
   1685 
   1686 		if (assoc_failed) {
   1687 			/* give IBSS a bit more time */
   1688 			timeout = ssid->mode == WPAS_MODE_IBSS ? 10 : 5;
   1689 		} else if (wpa_s->conf->ap_scan == 1) {
   1690 			/* give IBSS a bit more time */
   1691 			timeout = ssid->mode == WPAS_MODE_IBSS ? 20 : 10;
   1692 		}
   1693 		wpa_supplicant_req_auth_timeout(wpa_s, timeout, 0);
   1694 	}
   1695 
   1696 	if (wep_keys_set &&
   1697 	    (wpa_s->drv_flags & WPA_DRIVER_FLAGS_SET_KEYS_AFTER_ASSOC)) {
   1698 		/* Set static WEP keys again */
   1699 		wpa_set_wep_keys(wpa_s, ssid);
   1700 	}
   1701 
   1702 	if (wpa_s->current_ssid && wpa_s->current_ssid != ssid) {
   1703 		/*
   1704 		 * Do not allow EAP session resumption between different
   1705 		 * network configurations.
   1706 		 */
   1707 		eapol_sm_invalidate_cached_session(wpa_s->eapol);
   1708 	}
   1709 	old_ssid = wpa_s->current_ssid;
   1710 	wpa_s->current_ssid = ssid;
   1711 	wpa_s->current_bss = bss;
   1712 	wpa_supplicant_rsn_supp_set_config(wpa_s, wpa_s->current_ssid);
   1713 	wpa_supplicant_initiate_eapol(wpa_s);
   1714 	if (old_ssid != wpa_s->current_ssid)
   1715 		wpas_notify_network_changed(wpa_s);
   1716 }
   1717 
   1718 
   1719 static void wpa_supplicant_clear_connection(struct wpa_supplicant *wpa_s,
   1720 					    const u8 *addr)
   1721 {
   1722 	struct wpa_ssid *old_ssid;
   1723 
   1724 	wpa_clear_keys(wpa_s, addr);
   1725 	old_ssid = wpa_s->current_ssid;
   1726 	wpa_supplicant_mark_disassoc(wpa_s);
   1727 	wpa_sm_set_config(wpa_s->wpa, NULL);
   1728 	eapol_sm_notify_config(wpa_s->eapol, NULL, NULL);
   1729 	if (old_ssid != wpa_s->current_ssid)
   1730 		wpas_notify_network_changed(wpa_s);
   1731 	eloop_cancel_timeout(wpa_supplicant_timeout, wpa_s, NULL);
   1732 }
   1733 
   1734 
   1735 /**
   1736  * wpa_supplicant_deauthenticate - Deauthenticate the current connection
   1737  * @wpa_s: Pointer to wpa_supplicant data
   1738  * @reason_code: IEEE 802.11 reason code for the deauthenticate frame
   1739  *
   1740  * This function is used to request %wpa_supplicant to deauthenticate from the
   1741  * current AP.
   1742  */
   1743 void wpa_supplicant_deauthenticate(struct wpa_supplicant *wpa_s,
   1744 				   int reason_code)
   1745 {
   1746 	u8 *addr = NULL;
   1747 	union wpa_event_data event;
   1748 	int zero_addr = 0;
   1749 
   1750 	wpa_dbg(wpa_s, MSG_DEBUG, "Request to deauthenticate - bssid=" MACSTR
   1751 		" pending_bssid=" MACSTR " reason=%d state=%s",
   1752 		MAC2STR(wpa_s->bssid), MAC2STR(wpa_s->pending_bssid),
   1753 		reason_code, wpa_supplicant_state_txt(wpa_s->wpa_state));
   1754 
   1755 	if (!is_zero_ether_addr(wpa_s->bssid))
   1756 		addr = wpa_s->bssid;
   1757 	else if (!is_zero_ether_addr(wpa_s->pending_bssid) &&
   1758 		 (wpa_s->wpa_state == WPA_AUTHENTICATING ||
   1759 		  wpa_s->wpa_state == WPA_ASSOCIATING))
   1760 		addr = wpa_s->pending_bssid;
   1761 	else if (wpa_s->wpa_state == WPA_ASSOCIATING) {
   1762 		/*
   1763 		 * When using driver-based BSS selection, we may not know the
   1764 		 * BSSID with which we are currently trying to associate. We
   1765 		 * need to notify the driver of this disconnection even in such
   1766 		 * a case, so use the all zeros address here.
   1767 		 */
   1768 		addr = wpa_s->bssid;
   1769 		zero_addr = 1;
   1770 	}
   1771 
   1772 #ifdef CONFIG_TDLS
   1773 	wpa_tdls_teardown_peers(wpa_s->wpa);
   1774 #endif /* CONFIG_TDLS */
   1775 
   1776 	if (addr) {
   1777 		wpa_drv_deauthenticate(wpa_s, addr, reason_code);
   1778 		os_memset(&event, 0, sizeof(event));
   1779 		event.deauth_info.reason_code = (u16) reason_code;
   1780 		event.deauth_info.locally_generated = 1;
   1781 		wpa_supplicant_event(wpa_s, EVENT_DEAUTH, &event);
   1782 		if (zero_addr)
   1783 			addr = NULL;
   1784 	}
   1785 
   1786 	wpa_supplicant_clear_connection(wpa_s, addr);
   1787 }
   1788 
   1789 static void wpa_supplicant_enable_one_network(struct wpa_supplicant *wpa_s,
   1790 					      struct wpa_ssid *ssid)
   1791 {
   1792 	if (!ssid || !ssid->disabled || ssid->disabled == 2)
   1793 		return;
   1794 
   1795 	ssid->disabled = 0;
   1796 	wpas_clear_temp_disabled(wpa_s, ssid, 1);
   1797 	wpas_notify_network_enabled_changed(wpa_s, ssid);
   1798 
   1799 	/*
   1800 	 * Try to reassociate since there is no current configuration and a new
   1801 	 * network was made available.
   1802 	 */
   1803 	if (!wpa_s->current_ssid && !wpa_s->disconnected)
   1804 		wpa_s->reassociate = 1;
   1805 }
   1806 
   1807 
   1808 /**
   1809  * wpa_supplicant_enable_network - Mark a configured network as enabled
   1810  * @wpa_s: wpa_supplicant structure for a network interface
   1811  * @ssid: wpa_ssid structure for a configured network or %NULL
   1812  *
   1813  * Enables the specified network or all networks if no network specified.
   1814  */
   1815 void wpa_supplicant_enable_network(struct wpa_supplicant *wpa_s,
   1816 				   struct wpa_ssid *ssid)
   1817 {
   1818 	if (ssid == NULL) {
   1819 		for (ssid = wpa_s->conf->ssid; ssid; ssid = ssid->next)
   1820 			wpa_supplicant_enable_one_network(wpa_s, ssid);
   1821 	} else
   1822 		wpa_supplicant_enable_one_network(wpa_s, ssid);
   1823 
   1824 	if (wpa_s->reassociate && !wpa_s->disconnected) {
   1825 		if (wpa_s->sched_scanning) {
   1826 			wpa_printf(MSG_DEBUG, "Stop ongoing sched_scan to add "
   1827 				   "new network to scan filters");
   1828 			wpa_supplicant_cancel_sched_scan(wpa_s);
   1829 		}
   1830 
   1831 		if (wpa_supplicant_fast_associate(wpa_s) != 1)
   1832 			wpa_supplicant_req_scan(wpa_s, 0, 0);
   1833 	}
   1834 }
   1835 
   1836 
   1837 /**
   1838  * wpa_supplicant_disable_network - Mark a configured network as disabled
   1839  * @wpa_s: wpa_supplicant structure for a network interface
   1840  * @ssid: wpa_ssid structure for a configured network or %NULL
   1841  *
   1842  * Disables the specified network or all networks if no network specified.
   1843  */
   1844 void wpa_supplicant_disable_network(struct wpa_supplicant *wpa_s,
   1845 				    struct wpa_ssid *ssid)
   1846 {
   1847 	struct wpa_ssid *other_ssid;
   1848 	int was_disabled;
   1849 
   1850 	if (ssid == NULL) {
   1851 		if (wpa_s->sched_scanning)
   1852 			wpa_supplicant_cancel_sched_scan(wpa_s);
   1853 
   1854 		for (other_ssid = wpa_s->conf->ssid; other_ssid;
   1855 		     other_ssid = other_ssid->next) {
   1856 			was_disabled = other_ssid->disabled;
   1857 			if (was_disabled == 2)
   1858 				continue; /* do not change persistent P2P group
   1859 					   * data */
   1860 
   1861 			other_ssid->disabled = 1;
   1862 
   1863 			if (was_disabled != other_ssid->disabled)
   1864 				wpas_notify_network_enabled_changed(
   1865 					wpa_s, other_ssid);
   1866 		}
   1867 		if (wpa_s->current_ssid)
   1868 			wpa_supplicant_deauthenticate(
   1869 				wpa_s, WLAN_REASON_DEAUTH_LEAVING);
   1870 	} else if (ssid->disabled != 2) {
   1871 		if (ssid == wpa_s->current_ssid)
   1872 			wpa_supplicant_deauthenticate(
   1873 				wpa_s, WLAN_REASON_DEAUTH_LEAVING);
   1874 
   1875 		was_disabled = ssid->disabled;
   1876 
   1877 		ssid->disabled = 1;
   1878 
   1879 		if (was_disabled != ssid->disabled) {
   1880 			wpas_notify_network_enabled_changed(wpa_s, ssid);
   1881 			if (wpa_s->sched_scanning) {
   1882 				wpa_printf(MSG_DEBUG, "Stop ongoing sched_scan "
   1883 					   "to remove network from filters");
   1884 				wpa_supplicant_cancel_sched_scan(wpa_s);
   1885 				wpa_supplicant_req_scan(wpa_s, 0, 0);
   1886 			}
   1887 		}
   1888 	}
   1889 }
   1890 
   1891 
   1892 /**
   1893  * wpa_supplicant_select_network - Attempt association with a network
   1894  * @wpa_s: wpa_supplicant structure for a network interface
   1895  * @ssid: wpa_ssid structure for a configured network or %NULL for any network
   1896  */
   1897 void wpa_supplicant_select_network(struct wpa_supplicant *wpa_s,
   1898 				   struct wpa_ssid *ssid)
   1899 {
   1900 
   1901 	struct wpa_ssid *other_ssid;
   1902 	int disconnected = 0;
   1903 
   1904 	if (ssid && ssid != wpa_s->current_ssid && wpa_s->current_ssid) {
   1905 		wpa_supplicant_deauthenticate(
   1906 			wpa_s, WLAN_REASON_DEAUTH_LEAVING);
   1907 		disconnected = 1;
   1908 	}
   1909 
   1910 	if (ssid)
   1911 		wpas_clear_temp_disabled(wpa_s, ssid, 1);
   1912 
   1913 	/*
   1914 	 * Mark all other networks disabled or mark all networks enabled if no
   1915 	 * network specified.
   1916 	 */
   1917 	for (other_ssid = wpa_s->conf->ssid; other_ssid;
   1918 	     other_ssid = other_ssid->next) {
   1919 		int was_disabled = other_ssid->disabled;
   1920 		if (was_disabled == 2)
   1921 			continue; /* do not change persistent P2P group data */
   1922 
   1923 		other_ssid->disabled = ssid ? (ssid->id != other_ssid->id) : 0;
   1924 		if (was_disabled && !other_ssid->disabled)
   1925 			wpas_clear_temp_disabled(wpa_s, other_ssid, 0);
   1926 
   1927 		if (was_disabled != other_ssid->disabled)
   1928 			wpas_notify_network_enabled_changed(wpa_s, other_ssid);
   1929 	}
   1930 
   1931 	if (ssid && ssid == wpa_s->current_ssid && wpa_s->current_ssid) {
   1932 		/* We are already associated with the selected network */
   1933 		wpa_printf(MSG_DEBUG, "Already associated with the "
   1934 			   "selected network - do nothing");
   1935 		return;
   1936 	}
   1937 
   1938 	if (ssid) {
   1939 		wpa_s->current_ssid = ssid;
   1940 		eapol_sm_notify_config(wpa_s->eapol, NULL, NULL);
   1941 	}
   1942 	wpa_s->connect_without_scan = NULL;
   1943 	wpa_s->disconnected = 0;
   1944 	wpa_s->reassociate = 1;
   1945 
   1946 	if (wpa_supplicant_fast_associate(wpa_s) != 1)
   1947 		wpa_supplicant_req_scan(wpa_s, 0, disconnected ? 100000 : 0);
   1948 
   1949 	if (ssid)
   1950 		wpas_notify_network_selected(wpa_s, ssid);
   1951 }
   1952 
   1953 
   1954 /**
   1955  * wpa_supplicant_set_ap_scan - Set AP scan mode for interface
   1956  * @wpa_s: wpa_supplicant structure for a network interface
   1957  * @ap_scan: AP scan mode
   1958  * Returns: 0 if succeed or -1 if ap_scan has an invalid value
   1959  *
   1960  */
   1961 int wpa_supplicant_set_ap_scan(struct wpa_supplicant *wpa_s, int ap_scan)
   1962 {
   1963 
   1964 	int old_ap_scan;
   1965 
   1966 	if (ap_scan < 0 || ap_scan > 2)
   1967 		return -1;
   1968 
   1969 #ifdef ANDROID
   1970 	if (ap_scan == 2 && ap_scan != wpa_s->conf->ap_scan &&
   1971 	    wpa_s->wpa_state >= WPA_ASSOCIATING &&
   1972 	    wpa_s->wpa_state < WPA_COMPLETED) {
   1973 		wpa_printf(MSG_ERROR, "ap_scan = %d (%d) rejected while "
   1974 			   "associating", wpa_s->conf->ap_scan, ap_scan);
   1975 		return 0;
   1976 	}
   1977 #endif /* ANDROID */
   1978 
   1979 	old_ap_scan = wpa_s->conf->ap_scan;
   1980 	wpa_s->conf->ap_scan = ap_scan;
   1981 
   1982 	if (old_ap_scan != wpa_s->conf->ap_scan)
   1983 		wpas_notify_ap_scan_changed(wpa_s);
   1984 
   1985 	return 0;
   1986 }
   1987 
   1988 
   1989 /**
   1990  * wpa_supplicant_set_bss_expiration_age - Set BSS entry expiration age
   1991  * @wpa_s: wpa_supplicant structure for a network interface
   1992  * @expire_age: Expiration age in seconds
   1993  * Returns: 0 if succeed or -1 if expire_age has an invalid value
   1994  *
   1995  */
   1996 int wpa_supplicant_set_bss_expiration_age(struct wpa_supplicant *wpa_s,
   1997 					  unsigned int bss_expire_age)
   1998 {
   1999 	if (bss_expire_age < 10) {
   2000 		wpa_msg(wpa_s, MSG_ERROR, "Invalid bss expiration age %u",
   2001 			bss_expire_age);
   2002 		return -1;
   2003 	}
   2004 	wpa_msg(wpa_s, MSG_DEBUG, "Setting bss expiration age: %d sec",
   2005 		bss_expire_age);
   2006 	wpa_s->conf->bss_expiration_age = bss_expire_age;
   2007 
   2008 	return 0;
   2009 }
   2010 
   2011 
   2012 /**
   2013  * wpa_supplicant_set_bss_expiration_count - Set BSS entry expiration scan count
   2014  * @wpa_s: wpa_supplicant structure for a network interface
   2015  * @expire_count: number of scans after which an unseen BSS is reclaimed
   2016  * Returns: 0 if succeed or -1 if expire_count has an invalid value
   2017  *
   2018  */
   2019 int wpa_supplicant_set_bss_expiration_count(struct wpa_supplicant *wpa_s,
   2020 					    unsigned int bss_expire_count)
   2021 {
   2022 	if (bss_expire_count < 1) {
   2023 		wpa_msg(wpa_s, MSG_ERROR, "Invalid bss expiration count %u",
   2024 			bss_expire_count);
   2025 		return -1;
   2026 	}
   2027 	wpa_msg(wpa_s, MSG_DEBUG, "Setting bss expiration scan count: %u",
   2028 		bss_expire_count);
   2029 	wpa_s->conf->bss_expiration_scan_count = bss_expire_count;
   2030 
   2031 	return 0;
   2032 }
   2033 
   2034 
   2035 /**
   2036  * wpa_supplicant_set_scan_interval - Set scan interval
   2037  * @wpa_s: wpa_supplicant structure for a network interface
   2038  * @scan_interval: scan interval in seconds
   2039  * Returns: 0 if succeed or -1 if scan_interval has an invalid value
   2040  *
   2041  */
   2042 int wpa_supplicant_set_scan_interval(struct wpa_supplicant *wpa_s,
   2043 				     int scan_interval)
   2044 {
   2045 	if (scan_interval < 0) {
   2046 		wpa_msg(wpa_s, MSG_ERROR, "Invalid scan interval %d",
   2047 			scan_interval);
   2048 		return -1;
   2049 	}
   2050 	wpa_msg(wpa_s, MSG_DEBUG, "Setting scan interval: %d sec",
   2051 		scan_interval);
   2052 	wpa_supplicant_update_scan_int(wpa_s, scan_interval);
   2053 
   2054 	return 0;
   2055 }
   2056 
   2057 
   2058 /**
   2059  * wpa_supplicant_set_debug_params - Set global debug params
   2060  * @global: wpa_global structure
   2061  * @debug_level: debug level
   2062  * @debug_timestamp: determines if show timestamp in debug data
   2063  * @debug_show_keys: determines if show keys in debug data
   2064  * Returns: 0 if succeed or -1 if debug_level has wrong value
   2065  */
   2066 int wpa_supplicant_set_debug_params(struct wpa_global *global, int debug_level,
   2067 				    int debug_timestamp, int debug_show_keys)
   2068 {
   2069 
   2070 	int old_level, old_timestamp, old_show_keys;
   2071 
   2072 	/* check for allowed debuglevels */
   2073 	if (debug_level != MSG_EXCESSIVE &&
   2074 	    debug_level != MSG_MSGDUMP &&
   2075 	    debug_level != MSG_DEBUG &&
   2076 	    debug_level != MSG_INFO &&
   2077 	    debug_level != MSG_WARNING &&
   2078 	    debug_level != MSG_ERROR)
   2079 		return -1;
   2080 
   2081 	old_level = wpa_debug_level;
   2082 	old_timestamp = wpa_debug_timestamp;
   2083 	old_show_keys = wpa_debug_show_keys;
   2084 
   2085 	wpa_debug_level = debug_level;
   2086 	wpa_debug_timestamp = debug_timestamp ? 1 : 0;
   2087 	wpa_debug_show_keys = debug_show_keys ? 1 : 0;
   2088 
   2089 	if (wpa_debug_level != old_level)
   2090 		wpas_notify_debug_level_changed(global);
   2091 	if (wpa_debug_timestamp != old_timestamp)
   2092 		wpas_notify_debug_timestamp_changed(global);
   2093 	if (wpa_debug_show_keys != old_show_keys)
   2094 		wpas_notify_debug_show_keys_changed(global);
   2095 
   2096 	return 0;
   2097 }
   2098 
   2099 
   2100 /**
   2101  * wpa_supplicant_get_ssid - Get a pointer to the current network structure
   2102  * @wpa_s: Pointer to wpa_supplicant data
   2103  * Returns: A pointer to the current network structure or %NULL on failure
   2104  */
   2105 struct wpa_ssid * wpa_supplicant_get_ssid(struct wpa_supplicant *wpa_s)
   2106 {
   2107 	struct wpa_ssid *entry;
   2108 	u8 ssid[MAX_SSID_LEN];
   2109 	int res;
   2110 	size_t ssid_len;
   2111 	u8 bssid[ETH_ALEN];
   2112 	int wired;
   2113 
   2114 	res = wpa_drv_get_ssid(wpa_s, ssid);
   2115 	if (res < 0) {
   2116 		wpa_msg(wpa_s, MSG_WARNING, "Could not read SSID from "
   2117 			"driver");
   2118 		return NULL;
   2119 	}
   2120 	ssid_len = res;
   2121 
   2122 	if (wpa_drv_get_bssid(wpa_s, bssid) < 0) {
   2123 		wpa_msg(wpa_s, MSG_WARNING, "Could not read BSSID from "
   2124 			"driver");
   2125 		return NULL;
   2126 	}
   2127 
   2128 	wired = wpa_s->conf->ap_scan == 0 &&
   2129 		(wpa_s->drv_flags & WPA_DRIVER_FLAGS_WIRED);
   2130 
   2131 	entry = wpa_s->conf->ssid;
   2132 	while (entry) {
   2133 		if (!wpas_network_disabled(wpa_s, entry) &&
   2134 		    ((ssid_len == entry->ssid_len &&
   2135 		      os_memcmp(ssid, entry->ssid, ssid_len) == 0) || wired) &&
   2136 		    (!entry->bssid_set ||
   2137 		     os_memcmp(bssid, entry->bssid, ETH_ALEN) == 0))
   2138 			return entry;
   2139 #ifdef CONFIG_WPS
   2140 		if (!wpas_network_disabled(wpa_s, entry) &&
   2141 		    (entry->key_mgmt & WPA_KEY_MGMT_WPS) &&
   2142 		    (entry->ssid == NULL || entry->ssid_len == 0) &&
   2143 		    (!entry->bssid_set ||
   2144 		     os_memcmp(bssid, entry->bssid, ETH_ALEN) == 0))
   2145 			return entry;
   2146 #endif /* CONFIG_WPS */
   2147 
   2148 		if (!wpas_network_disabled(wpa_s, entry) && entry->bssid_set &&
   2149 		    entry->ssid_len == 0 &&
   2150 		    os_memcmp(bssid, entry->bssid, ETH_ALEN) == 0)
   2151 			return entry;
   2152 
   2153 		entry = entry->next;
   2154 	}
   2155 
   2156 	return NULL;
   2157 }
   2158 
   2159 
   2160 static int select_driver(struct wpa_supplicant *wpa_s, int i)
   2161 {
   2162 	struct wpa_global *global = wpa_s->global;
   2163 
   2164 	if (wpa_drivers[i]->global_init && global->drv_priv[i] == NULL) {
   2165 		global->drv_priv[i] = wpa_drivers[i]->global_init();
   2166 		if (global->drv_priv[i] == NULL) {
   2167 			wpa_printf(MSG_ERROR, "Failed to initialize driver "
   2168 				   "'%s'", wpa_drivers[i]->name);
   2169 			return -1;
   2170 		}
   2171 	}
   2172 
   2173 	wpa_s->driver = wpa_drivers[i];
   2174 	wpa_s->global_drv_priv = global->drv_priv[i];
   2175 
   2176 	return 0;
   2177 }
   2178 
   2179 
   2180 static int wpa_supplicant_set_driver(struct wpa_supplicant *wpa_s,
   2181 				     const char *name)
   2182 {
   2183 	int i;
   2184 	size_t len;
   2185 	const char *pos, *driver = name;
   2186 
   2187 	if (wpa_s == NULL)
   2188 		return -1;
   2189 
   2190 	if (wpa_drivers[0] == NULL) {
   2191 		wpa_msg(wpa_s, MSG_ERROR, "No driver interfaces build into "
   2192 			"wpa_supplicant");
   2193 		return -1;
   2194 	}
   2195 
   2196 	if (name == NULL) {
   2197 		/* default to first driver in the list */
   2198 		return select_driver(wpa_s, 0);
   2199 	}
   2200 
   2201 	do {
   2202 		pos = os_strchr(driver, ',');
   2203 		if (pos)
   2204 			len = pos - driver;
   2205 		else
   2206 			len = os_strlen(driver);
   2207 
   2208 		for (i = 0; wpa_drivers[i]; i++) {
   2209 			if (os_strlen(wpa_drivers[i]->name) == len &&
   2210 			    os_strncmp(driver, wpa_drivers[i]->name, len) ==
   2211 			    0) {
   2212 				/* First driver that succeeds wins */
   2213 				if (select_driver(wpa_s, i) == 0)
   2214 					return 0;
   2215 			}
   2216 		}
   2217 
   2218 		driver = pos + 1;
   2219 	} while (pos);
   2220 
   2221 	wpa_msg(wpa_s, MSG_ERROR, "Unsupported driver '%s'", name);
   2222 	return -1;
   2223 }
   2224 
   2225 
   2226 /**
   2227  * wpa_supplicant_rx_eapol - Deliver a received EAPOL frame to wpa_supplicant
   2228  * @ctx: Context pointer (wpa_s); this is the ctx variable registered
   2229  *	with struct wpa_driver_ops::init()
   2230  * @src_addr: Source address of the EAPOL frame
   2231  * @buf: EAPOL data starting from the EAPOL header (i.e., no Ethernet header)
   2232  * @len: Length of the EAPOL data
   2233  *
   2234  * This function is called for each received EAPOL frame. Most driver
   2235  * interfaces rely on more generic OS mechanism for receiving frames through
   2236  * l2_packet, but if such a mechanism is not available, the driver wrapper may
   2237  * take care of received EAPOL frames and deliver them to the core supplicant
   2238  * code by calling this function.
   2239  */
   2240 void wpa_supplicant_rx_eapol(void *ctx, const u8 *src_addr,
   2241 			     const u8 *buf, size_t len)
   2242 {
   2243 	struct wpa_supplicant *wpa_s = ctx;
   2244 
   2245 	wpa_dbg(wpa_s, MSG_DEBUG, "RX EAPOL from " MACSTR, MAC2STR(src_addr));
   2246 	wpa_hexdump(MSG_MSGDUMP, "RX EAPOL", buf, len);
   2247 
   2248 	if (wpa_s->wpa_state < WPA_ASSOCIATED ||
   2249 	    (wpa_s->last_eapol_matches_bssid &&
   2250 #ifdef CONFIG_AP
   2251 	     !wpa_s->ap_iface &&
   2252 #endif /* CONFIG_AP */
   2253 	     os_memcmp(src_addr, wpa_s->bssid, ETH_ALEN) != 0)) {
   2254 		/*
   2255 		 * There is possible race condition between receiving the
   2256 		 * association event and the EAPOL frame since they are coming
   2257 		 * through different paths from the driver. In order to avoid
   2258 		 * issues in trying to process the EAPOL frame before receiving
   2259 		 * association information, lets queue it for processing until
   2260 		 * the association event is received. This may also be needed in
   2261 		 * driver-based roaming case, so also use src_addr != BSSID as a
   2262 		 * trigger if we have previously confirmed that the
   2263 		 * Authenticator uses BSSID as the src_addr (which is not the
   2264 		 * case with wired IEEE 802.1X).
   2265 		 */
   2266 		wpa_dbg(wpa_s, MSG_DEBUG, "Not associated - Delay processing "
   2267 			"of received EAPOL frame (state=%s bssid=" MACSTR ")",
   2268 			wpa_supplicant_state_txt(wpa_s->wpa_state),
   2269 			MAC2STR(wpa_s->bssid));
   2270 		wpabuf_free(wpa_s->pending_eapol_rx);
   2271 		wpa_s->pending_eapol_rx = wpabuf_alloc_copy(buf, len);
   2272 		if (wpa_s->pending_eapol_rx) {
   2273 			os_get_time(&wpa_s->pending_eapol_rx_time);
   2274 			os_memcpy(wpa_s->pending_eapol_rx_src, src_addr,
   2275 				  ETH_ALEN);
   2276 		}
   2277 		return;
   2278 	}
   2279 
   2280 	wpa_s->last_eapol_matches_bssid =
   2281 		os_memcmp(src_addr, wpa_s->bssid, ETH_ALEN) == 0;
   2282 
   2283 #ifdef CONFIG_AP
   2284 	if (wpa_s->ap_iface) {
   2285 		wpa_supplicant_ap_rx_eapol(wpa_s, src_addr, buf, len);
   2286 		return;
   2287 	}
   2288 #endif /* CONFIG_AP */
   2289 
   2290 	if (wpa_s->key_mgmt == WPA_KEY_MGMT_NONE) {
   2291 		wpa_dbg(wpa_s, MSG_DEBUG, "Ignored received EAPOL frame since "
   2292 			"no key management is configured");
   2293 		return;
   2294 	}
   2295 
   2296 	if (wpa_s->eapol_received == 0 &&
   2297 	    (!(wpa_s->drv_flags & WPA_DRIVER_FLAGS_4WAY_HANDSHAKE) ||
   2298 	     !wpa_key_mgmt_wpa_psk(wpa_s->key_mgmt) ||
   2299 	     wpa_s->wpa_state != WPA_COMPLETED) &&
   2300 	    (wpa_s->current_ssid == NULL ||
   2301 	     wpa_s->current_ssid->mode != IEEE80211_MODE_IBSS)) {
   2302 		/* Timeout for completing IEEE 802.1X and WPA authentication */
   2303 		wpa_supplicant_req_auth_timeout(
   2304 			wpa_s,
   2305 			(wpa_key_mgmt_wpa_ieee8021x(wpa_s->key_mgmt) ||
   2306 			 wpa_s->key_mgmt == WPA_KEY_MGMT_IEEE8021X_NO_WPA ||
   2307 			 wpa_s->key_mgmt == WPA_KEY_MGMT_WPS) ?
   2308 			70 : 10, 0);
   2309 	}
   2310 	wpa_s->eapol_received++;
   2311 
   2312 	if (wpa_s->countermeasures) {
   2313 		wpa_msg(wpa_s, MSG_INFO, "WPA: Countermeasures - dropped "
   2314 			"EAPOL packet");
   2315 		return;
   2316 	}
   2317 
   2318 #ifdef CONFIG_IBSS_RSN
   2319 	if (wpa_s->current_ssid &&
   2320 	    wpa_s->current_ssid->mode == WPAS_MODE_IBSS) {
   2321 		ibss_rsn_rx_eapol(wpa_s->ibss_rsn, src_addr, buf, len);
   2322 		return;
   2323 	}
   2324 #endif /* CONFIG_IBSS_RSN */
   2325 
   2326 	/* Source address of the incoming EAPOL frame could be compared to the
   2327 	 * current BSSID. However, it is possible that a centralized
   2328 	 * Authenticator could be using another MAC address than the BSSID of
   2329 	 * an AP, so just allow any address to be used for now. The replies are
   2330 	 * still sent to the current BSSID (if available), though. */
   2331 
   2332 	os_memcpy(wpa_s->last_eapol_src, src_addr, ETH_ALEN);
   2333 	if (!wpa_key_mgmt_wpa_psk(wpa_s->key_mgmt) &&
   2334 	    eapol_sm_rx_eapol(wpa_s->eapol, src_addr, buf, len) > 0)
   2335 		return;
   2336 	wpa_drv_poll(wpa_s);
   2337 	if (!(wpa_s->drv_flags & WPA_DRIVER_FLAGS_4WAY_HANDSHAKE))
   2338 		wpa_sm_rx_eapol(wpa_s->wpa, src_addr, buf, len);
   2339 	else if (wpa_key_mgmt_wpa_ieee8021x(wpa_s->key_mgmt)) {
   2340 		/*
   2341 		 * Set portValid = TRUE here since we are going to skip 4-way
   2342 		 * handshake processing which would normally set portValid. We
   2343 		 * need this to allow the EAPOL state machines to be completed
   2344 		 * without going through EAPOL-Key handshake.
   2345 		 */
   2346 		eapol_sm_notify_portValid(wpa_s->eapol, TRUE);
   2347 	}
   2348 }
   2349 
   2350 
   2351 int wpa_supplicant_update_mac_addr(struct wpa_supplicant *wpa_s)
   2352 {
   2353 	if (wpa_s->driver->send_eapol) {
   2354 		const u8 *addr = wpa_drv_get_mac_addr(wpa_s);
   2355 		if (addr)
   2356 			os_memcpy(wpa_s->own_addr, addr, ETH_ALEN);
   2357 	} else if ((!wpa_s->p2p_mgmt ||
   2358 		    !(wpa_s->drv_flags &
   2359 		      WPA_DRIVER_FLAGS_DEDICATED_P2P_DEVICE)) &&
   2360 		   !(wpa_s->drv_flags &
   2361 		     WPA_DRIVER_FLAGS_P2P_DEDICATED_INTERFACE)) {
   2362 		l2_packet_deinit(wpa_s->l2);
   2363 		wpa_s->l2 = l2_packet_init(wpa_s->ifname,
   2364 					   wpa_drv_get_mac_addr(wpa_s),
   2365 					   ETH_P_EAPOL,
   2366 					   wpa_supplicant_rx_eapol, wpa_s, 0);
   2367 		if (wpa_s->l2 == NULL)
   2368 			return -1;
   2369 	} else {
   2370 		const u8 *addr = wpa_drv_get_mac_addr(wpa_s);
   2371 		if (addr)
   2372 			os_memcpy(wpa_s->own_addr, addr, ETH_ALEN);
   2373 	}
   2374 
   2375 	if (wpa_s->l2 && l2_packet_get_own_addr(wpa_s->l2, wpa_s->own_addr)) {
   2376 		wpa_msg(wpa_s, MSG_ERROR, "Failed to get own L2 address");
   2377 		return -1;
   2378 	}
   2379 
   2380 	return 0;
   2381 }
   2382 
   2383 
   2384 static void wpa_supplicant_rx_eapol_bridge(void *ctx, const u8 *src_addr,
   2385 					   const u8 *buf, size_t len)
   2386 {
   2387 	struct wpa_supplicant *wpa_s = ctx;
   2388 	const struct l2_ethhdr *eth;
   2389 
   2390 	if (len < sizeof(*eth))
   2391 		return;
   2392 	eth = (const struct l2_ethhdr *) buf;
   2393 
   2394 	if (os_memcmp(eth->h_dest, wpa_s->own_addr, ETH_ALEN) != 0 &&
   2395 	    !(eth->h_dest[0] & 0x01)) {
   2396 		wpa_dbg(wpa_s, MSG_DEBUG, "RX EAPOL from " MACSTR " to " MACSTR
   2397 			" (bridge - not for this interface - ignore)",
   2398 			MAC2STR(src_addr), MAC2STR(eth->h_dest));
   2399 		return;
   2400 	}
   2401 
   2402 	wpa_dbg(wpa_s, MSG_DEBUG, "RX EAPOL from " MACSTR " to " MACSTR
   2403 		" (bridge)", MAC2STR(src_addr), MAC2STR(eth->h_dest));
   2404 	wpa_supplicant_rx_eapol(wpa_s, src_addr, buf + sizeof(*eth),
   2405 				len - sizeof(*eth));
   2406 }
   2407 
   2408 
   2409 /**
   2410  * wpa_supplicant_driver_init - Initialize driver interface parameters
   2411  * @wpa_s: Pointer to wpa_supplicant data
   2412  * Returns: 0 on success, -1 on failure
   2413  *
   2414  * This function is called to initialize driver interface parameters.
   2415  * wpa_drv_init() must have been called before this function to initialize the
   2416  * driver interface.
   2417  */
   2418 int wpa_supplicant_driver_init(struct wpa_supplicant *wpa_s)
   2419 {
   2420 	static int interface_count = 0;
   2421 
   2422 	if (wpa_supplicant_update_mac_addr(wpa_s) < 0)
   2423 		return -1;
   2424 
   2425 	wpa_dbg(wpa_s, MSG_DEBUG, "Own MAC address: " MACSTR,
   2426 		MAC2STR(wpa_s->own_addr));
   2427 	wpa_sm_set_own_addr(wpa_s->wpa, wpa_s->own_addr);
   2428 
   2429 	if (wpa_s->bridge_ifname[0]) {
   2430 		wpa_dbg(wpa_s, MSG_DEBUG, "Receiving packets from bridge "
   2431 			"interface '%s'", wpa_s->bridge_ifname);
   2432 		wpa_s->l2_br = l2_packet_init(wpa_s->bridge_ifname,
   2433 					      wpa_s->own_addr,
   2434 					      ETH_P_EAPOL,
   2435 					      wpa_supplicant_rx_eapol_bridge,
   2436 					      wpa_s, 1);
   2437 		if (wpa_s->l2_br == NULL) {
   2438 			wpa_msg(wpa_s, MSG_ERROR, "Failed to open l2_packet "
   2439 				"connection for the bridge interface '%s'",
   2440 				wpa_s->bridge_ifname);
   2441 			return -1;
   2442 		}
   2443 	}
   2444 
   2445 	wpa_clear_keys(wpa_s, NULL);
   2446 
   2447 	/* Make sure that TKIP countermeasures are not left enabled (could
   2448 	 * happen if wpa_supplicant is killed during countermeasures. */
   2449 	wpa_drv_set_countermeasures(wpa_s, 0);
   2450 
   2451 	wpa_dbg(wpa_s, MSG_DEBUG, "RSN: flushing PMKID list in the driver");
   2452 	wpa_drv_flush_pmkid(wpa_s);
   2453 
   2454 	wpa_s->prev_scan_ssid = WILDCARD_SSID_SCAN;
   2455 	wpa_s->prev_scan_wildcard = 0;
   2456 
   2457 	if (wpa_supplicant_enabled_networks(wpa_s)) {
   2458 		if (wpa_supplicant_delayed_sched_scan(wpa_s, interface_count,
   2459 						      100000))
   2460 			wpa_supplicant_req_scan(wpa_s, interface_count,
   2461 						100000);
   2462 		interface_count++;
   2463 	} else
   2464 		wpa_supplicant_set_state(wpa_s, WPA_INACTIVE);
   2465 
   2466 	return 0;
   2467 }
   2468 
   2469 
   2470 static int wpa_supplicant_daemon(const char *pid_file)
   2471 {
   2472 	wpa_printf(MSG_DEBUG, "Daemonize..");
   2473 	return os_daemonize(pid_file);
   2474 }
   2475 
   2476 
   2477 static struct wpa_supplicant * wpa_supplicant_alloc(void)
   2478 {
   2479 	struct wpa_supplicant *wpa_s;
   2480 
   2481 	wpa_s = os_zalloc(sizeof(*wpa_s));
   2482 	if (wpa_s == NULL)
   2483 		return NULL;
   2484 	wpa_s->scan_req = INITIAL_SCAN_REQ;
   2485 	wpa_s->scan_interval = 5;
   2486 	wpa_s->new_connection = 1;
   2487 	wpa_s->parent = wpa_s;
   2488 	wpa_s->sched_scanning = 0;
   2489 
   2490 	return wpa_s;
   2491 }
   2492 
   2493 
   2494 #ifdef CONFIG_HT_OVERRIDES
   2495 
   2496 static int wpa_set_htcap_mcs(struct wpa_supplicant *wpa_s,
   2497 			     struct ieee80211_ht_capabilities *htcaps,
   2498 			     struct ieee80211_ht_capabilities *htcaps_mask,
   2499 			     const char *ht_mcs)
   2500 {
   2501 	/* parse ht_mcs into hex array */
   2502 	int i;
   2503 	const char *tmp = ht_mcs;
   2504 	char *end = NULL;
   2505 
   2506 	/* If ht_mcs is null, do not set anything */
   2507 	if (!ht_mcs)
   2508 		return 0;
   2509 
   2510 	/* This is what we are setting in the kernel */
   2511 	os_memset(&htcaps->supported_mcs_set, 0, IEEE80211_HT_MCS_MASK_LEN);
   2512 
   2513 	wpa_msg(wpa_s, MSG_DEBUG, "set_htcap, ht_mcs -:%s:-", ht_mcs);
   2514 
   2515 	for (i = 0; i < IEEE80211_HT_MCS_MASK_LEN; i++) {
   2516 		errno = 0;
   2517 		long v = strtol(tmp, &end, 16);
   2518 		if (errno == 0) {
   2519 			wpa_msg(wpa_s, MSG_DEBUG,
   2520 				"htcap value[%i]: %ld end: %p  tmp: %p",
   2521 				i, v, end, tmp);
   2522 			if (end == tmp)
   2523 				break;
   2524 
   2525 			htcaps->supported_mcs_set[i] = v;
   2526 			tmp = end;
   2527 		} else {
   2528 			wpa_msg(wpa_s, MSG_ERROR,
   2529 				"Failed to parse ht-mcs: %s, error: %s\n",
   2530 				ht_mcs, strerror(errno));
   2531 			return -1;
   2532 		}
   2533 	}
   2534 
   2535 	/*
   2536 	 * If we were able to parse any values, then set mask for the MCS set.
   2537 	 */
   2538 	if (i) {
   2539 		os_memset(&htcaps_mask->supported_mcs_set, 0xff,
   2540 			  IEEE80211_HT_MCS_MASK_LEN - 1);
   2541 		/* skip the 3 reserved bits */
   2542 		htcaps_mask->supported_mcs_set[IEEE80211_HT_MCS_MASK_LEN - 1] =
   2543 			0x1f;
   2544 	}
   2545 
   2546 	return 0;
   2547 }
   2548 
   2549 
   2550 static int wpa_disable_max_amsdu(struct wpa_supplicant *wpa_s,
   2551 				 struct ieee80211_ht_capabilities *htcaps,
   2552 				 struct ieee80211_ht_capabilities *htcaps_mask,
   2553 				 int disabled)
   2554 {
   2555 	u16 msk;
   2556 
   2557 	wpa_msg(wpa_s, MSG_DEBUG, "set_disable_max_amsdu: %d", disabled);
   2558 
   2559 	if (disabled == -1)
   2560 		return 0;
   2561 
   2562 	msk = host_to_le16(HT_CAP_INFO_MAX_AMSDU_SIZE);
   2563 	htcaps_mask->ht_capabilities_info |= msk;
   2564 	if (disabled)
   2565 		htcaps->ht_capabilities_info &= msk;
   2566 	else
   2567 		htcaps->ht_capabilities_info |= msk;
   2568 
   2569 	return 0;
   2570 }
   2571 
   2572 
   2573 static int wpa_set_ampdu_factor(struct wpa_supplicant *wpa_s,
   2574 				struct ieee80211_ht_capabilities *htcaps,
   2575 				struct ieee80211_ht_capabilities *htcaps_mask,
   2576 				int factor)
   2577 {
   2578 	wpa_msg(wpa_s, MSG_DEBUG, "set_ampdu_factor: %d", factor);
   2579 
   2580 	if (factor == -1)
   2581 		return 0;
   2582 
   2583 	if (factor < 0 || factor > 3) {
   2584 		wpa_msg(wpa_s, MSG_ERROR, "ampdu_factor: %d out of range. "
   2585 			"Must be 0-3 or -1", factor);
   2586 		return -EINVAL;
   2587 	}
   2588 
   2589 	htcaps_mask->a_mpdu_params |= 0x3; /* 2 bits for factor */
   2590 	htcaps->a_mpdu_params &= ~0x3;
   2591 	htcaps->a_mpdu_params |= factor & 0x3;
   2592 
   2593 	return 0;
   2594 }
   2595 
   2596 
   2597 static int wpa_set_ampdu_density(struct wpa_supplicant *wpa_s,
   2598 				 struct ieee80211_ht_capabilities *htcaps,
   2599 				 struct ieee80211_ht_capabilities *htcaps_mask,
   2600 				 int density)
   2601 {
   2602 	wpa_msg(wpa_s, MSG_DEBUG, "set_ampdu_density: %d", density);
   2603 
   2604 	if (density == -1)
   2605 		return 0;
   2606 
   2607 	if (density < 0 || density > 7) {
   2608 		wpa_msg(wpa_s, MSG_ERROR,
   2609 			"ampdu_density: %d out of range. Must be 0-7 or -1.",
   2610 			density);
   2611 		return -EINVAL;
   2612 	}
   2613 
   2614 	htcaps_mask->a_mpdu_params |= 0x1C;
   2615 	htcaps->a_mpdu_params &= ~(0x1C);
   2616 	htcaps->a_mpdu_params |= (density << 2) & 0x1C;
   2617 
   2618 	return 0;
   2619 }
   2620 
   2621 
   2622 static int wpa_set_disable_ht40(struct wpa_supplicant *wpa_s,
   2623 				struct ieee80211_ht_capabilities *htcaps,
   2624 				struct ieee80211_ht_capabilities *htcaps_mask,
   2625 				int disabled)
   2626 {
   2627 	/* Masking these out disables HT40 */
   2628 	u16 msk = host_to_le16(HT_CAP_INFO_SUPP_CHANNEL_WIDTH_SET |
   2629 			       HT_CAP_INFO_SHORT_GI40MHZ);
   2630 
   2631 	wpa_msg(wpa_s, MSG_DEBUG, "set_disable_ht40: %d", disabled);
   2632 
   2633 	if (disabled)
   2634 		htcaps->ht_capabilities_info &= ~msk;
   2635 	else
   2636 		htcaps->ht_capabilities_info |= msk;
   2637 
   2638 	htcaps_mask->ht_capabilities_info |= msk;
   2639 
   2640 	return 0;
   2641 }
   2642 
   2643 
   2644 static int wpa_set_disable_sgi(struct wpa_supplicant *wpa_s,
   2645 			       struct ieee80211_ht_capabilities *htcaps,
   2646 			       struct ieee80211_ht_capabilities *htcaps_mask,
   2647 			       int disabled)
   2648 {
   2649 	/* Masking these out disables SGI */
   2650 	u16 msk = host_to_le16(HT_CAP_INFO_SHORT_GI20MHZ |
   2651 			       HT_CAP_INFO_SHORT_GI40MHZ);
   2652 
   2653 	wpa_msg(wpa_s, MSG_DEBUG, "set_disable_sgi: %d", disabled);
   2654 
   2655 	if (disabled)
   2656 		htcaps->ht_capabilities_info &= ~msk;
   2657 	else
   2658 		htcaps->ht_capabilities_info |= msk;
   2659 
   2660 	htcaps_mask->ht_capabilities_info |= msk;
   2661 
   2662 	return 0;
   2663 }
   2664 
   2665 
   2666 void wpa_supplicant_apply_ht_overrides(
   2667 	struct wpa_supplicant *wpa_s, struct wpa_ssid *ssid,
   2668 	struct wpa_driver_associate_params *params)
   2669 {
   2670 	struct ieee80211_ht_capabilities *htcaps;
   2671 	struct ieee80211_ht_capabilities *htcaps_mask;
   2672 
   2673 	if (!ssid)
   2674 		return;
   2675 
   2676 	params->disable_ht = ssid->disable_ht;
   2677 	if (!params->htcaps || !params->htcaps_mask)
   2678 		return;
   2679 
   2680 	htcaps = (struct ieee80211_ht_capabilities *) params->htcaps;
   2681 	htcaps_mask = (struct ieee80211_ht_capabilities *) params->htcaps_mask;
   2682 	wpa_set_htcap_mcs(wpa_s, htcaps, htcaps_mask, ssid->ht_mcs);
   2683 	wpa_disable_max_amsdu(wpa_s, htcaps, htcaps_mask,
   2684 			      ssid->disable_max_amsdu);
   2685 	wpa_set_ampdu_factor(wpa_s, htcaps, htcaps_mask, ssid->ampdu_factor);
   2686 	wpa_set_ampdu_density(wpa_s, htcaps, htcaps_mask, ssid->ampdu_density);
   2687 	wpa_set_disable_ht40(wpa_s, htcaps, htcaps_mask, ssid->disable_ht40);
   2688 	wpa_set_disable_sgi(wpa_s, htcaps, htcaps_mask, ssid->disable_sgi);
   2689 }
   2690 
   2691 #endif /* CONFIG_HT_OVERRIDES */
   2692 
   2693 
   2694 #ifdef CONFIG_VHT_OVERRIDES
   2695 void wpa_supplicant_apply_vht_overrides(
   2696 	struct wpa_supplicant *wpa_s, struct wpa_ssid *ssid,
   2697 	struct wpa_driver_associate_params *params)
   2698 {
   2699 	struct ieee80211_vht_capabilities *vhtcaps;
   2700 	struct ieee80211_vht_capabilities *vhtcaps_mask;
   2701 
   2702 	if (!ssid)
   2703 		return;
   2704 
   2705 	params->disable_vht = ssid->disable_vht;
   2706 
   2707 	vhtcaps = (void *) params->vhtcaps;
   2708 	vhtcaps_mask = (void *) params->vhtcaps_mask;
   2709 
   2710 	if (!vhtcaps || !vhtcaps_mask)
   2711 		return;
   2712 
   2713 	vhtcaps->vht_capabilities_info = ssid->vht_capa;
   2714 	vhtcaps_mask->vht_capabilities_info = ssid->vht_capa_mask;
   2715 
   2716 #define OVERRIDE_MCS(i)							\
   2717 	if (ssid->vht_tx_mcs_nss_ ##i >= 0) {				\
   2718 		vhtcaps_mask->vht_supported_mcs_set.tx_map |=		\
   2719 			3 << 2 * (i - 1);				\
   2720 		vhtcaps->vht_supported_mcs_set.tx_map |=		\
   2721 			ssid->vht_tx_mcs_nss_ ##i << 2 * (i - 1);	\
   2722 	}								\
   2723 	if (ssid->vht_rx_mcs_nss_ ##i >= 0) {				\
   2724 		vhtcaps_mask->vht_supported_mcs_set.rx_map |=		\
   2725 			3 << 2 * (i - 1);				\
   2726 		vhtcaps->vht_supported_mcs_set.rx_map |=		\
   2727 			ssid->vht_rx_mcs_nss_ ##i << 2 * (i - 1);	\
   2728 	}
   2729 
   2730 	OVERRIDE_MCS(1);
   2731 	OVERRIDE_MCS(2);
   2732 	OVERRIDE_MCS(3);
   2733 	OVERRIDE_MCS(4);
   2734 	OVERRIDE_MCS(5);
   2735 	OVERRIDE_MCS(6);
   2736 	OVERRIDE_MCS(7);
   2737 	OVERRIDE_MCS(8);
   2738 }
   2739 #endif /* CONFIG_VHT_OVERRIDES */
   2740 
   2741 
   2742 static int pcsc_reader_init(struct wpa_supplicant *wpa_s)
   2743 {
   2744 #ifdef PCSC_FUNCS
   2745 	size_t len;
   2746 
   2747 	if (!wpa_s->conf->pcsc_reader)
   2748 		return 0;
   2749 
   2750 	wpa_s->scard = scard_init(SCARD_TRY_BOTH, wpa_s->conf->pcsc_reader);
   2751 	if (!wpa_s->scard)
   2752 		return 1;
   2753 
   2754 	if (wpa_s->conf->pcsc_pin &&
   2755 	    scard_set_pin(wpa_s->scard, wpa_s->conf->pcsc_pin) < 0) {
   2756 		scard_deinit(wpa_s->scard);
   2757 		wpa_s->scard = NULL;
   2758 		wpa_msg(wpa_s, MSG_ERROR, "PC/SC PIN validation failed");
   2759 		return -1;
   2760 	}
   2761 
   2762 	len = sizeof(wpa_s->imsi) - 1;
   2763 	if (scard_get_imsi(wpa_s->scard, wpa_s->imsi, &len)) {
   2764 		scard_deinit(wpa_s->scard);
   2765 		wpa_s->scard = NULL;
   2766 		wpa_msg(wpa_s, MSG_ERROR, "Could not read IMSI");
   2767 		return -1;
   2768 	}
   2769 	wpa_s->imsi[len] = '\0';
   2770 
   2771 	wpa_s->mnc_len = scard_get_mnc_len(wpa_s->scard);
   2772 
   2773 	wpa_printf(MSG_DEBUG, "SCARD: IMSI %s (MNC length %d)",
   2774 		   wpa_s->imsi, wpa_s->mnc_len);
   2775 
   2776 	wpa_sm_set_scard_ctx(wpa_s->wpa, wpa_s->scard);
   2777 	eapol_sm_register_scard_ctx(wpa_s->eapol, wpa_s->scard);
   2778 #endif /* PCSC_FUNCS */
   2779 
   2780 	return 0;
   2781 }
   2782 
   2783 
   2784 int wpas_init_ext_pw(struct wpa_supplicant *wpa_s)
   2785 {
   2786 	char *val, *pos;
   2787 
   2788 	ext_password_deinit(wpa_s->ext_pw);
   2789 	wpa_s->ext_pw = NULL;
   2790 	eapol_sm_set_ext_pw_ctx(wpa_s->eapol, NULL);
   2791 
   2792 	if (!wpa_s->conf->ext_password_backend)
   2793 		return 0;
   2794 
   2795 	val = os_strdup(wpa_s->conf->ext_password_backend);
   2796 	if (val == NULL)
   2797 		return -1;
   2798 	pos = os_strchr(val, ':');
   2799 	if (pos)
   2800 		*pos++ = '\0';
   2801 
   2802 	wpa_printf(MSG_DEBUG, "EXT PW: Initialize backend '%s'", val);
   2803 
   2804 	wpa_s->ext_pw = ext_password_init(val, pos);
   2805 	os_free(val);
   2806 	if (wpa_s->ext_pw == NULL) {
   2807 		wpa_printf(MSG_DEBUG, "EXT PW: Failed to initialize backend");
   2808 		return -1;
   2809 	}
   2810 	eapol_sm_set_ext_pw_ctx(wpa_s->eapol, wpa_s->ext_pw);
   2811 
   2812 	return 0;
   2813 }
   2814 
   2815 
   2816 static int wpa_supplicant_init_iface(struct wpa_supplicant *wpa_s,
   2817 				     struct wpa_interface *iface)
   2818 {
   2819 	const char *ifname, *driver;
   2820 	struct wpa_driver_capa capa;
   2821 
   2822 	wpa_printf(MSG_DEBUG, "Initializing interface '%s' conf '%s' driver "
   2823 		   "'%s' ctrl_interface '%s' bridge '%s'", iface->ifname,
   2824 		   iface->confname ? iface->confname : "N/A",
   2825 		   iface->driver ? iface->driver : "default",
   2826 		   iface->ctrl_interface ? iface->ctrl_interface : "N/A",
   2827 		   iface->bridge_ifname ? iface->bridge_ifname : "N/A");
   2828 
   2829 	if (iface->confname) {
   2830 #ifdef CONFIG_BACKEND_FILE
   2831 		wpa_s->confname = os_rel2abs_path(iface->confname);
   2832 		if (wpa_s->confname == NULL) {
   2833 			wpa_printf(MSG_ERROR, "Failed to get absolute path "
   2834 				   "for configuration file '%s'.",
   2835 				   iface->confname);
   2836 			return -1;
   2837 		}
   2838 		wpa_printf(MSG_DEBUG, "Configuration file '%s' -> '%s'",
   2839 			   iface->confname, wpa_s->confname);
   2840 #else /* CONFIG_BACKEND_FILE */
   2841 		wpa_s->confname = os_strdup(iface->confname);
   2842 #endif /* CONFIG_BACKEND_FILE */
   2843 		wpa_s->conf = wpa_config_read(wpa_s->confname, NULL);
   2844 		if (wpa_s->conf == NULL) {
   2845 			wpa_printf(MSG_ERROR, "Failed to read or parse "
   2846 				   "configuration '%s'.", wpa_s->confname);
   2847 			return -1;
   2848 		}
   2849 		wpa_s->confanother = os_rel2abs_path(iface->confanother);
   2850 		wpa_config_read(wpa_s->confanother, wpa_s->conf);
   2851 
   2852 		/*
   2853 		 * Override ctrl_interface and driver_param if set on command
   2854 		 * line.
   2855 		 */
   2856 		if (iface->ctrl_interface) {
   2857 			os_free(wpa_s->conf->ctrl_interface);
   2858 			wpa_s->conf->ctrl_interface =
   2859 				os_strdup(iface->ctrl_interface);
   2860 		}
   2861 
   2862 		if (iface->driver_param) {
   2863 			os_free(wpa_s->conf->driver_param);
   2864 			wpa_s->conf->driver_param =
   2865 				os_strdup(iface->driver_param);
   2866 		}
   2867 
   2868 		if (iface->p2p_mgmt && !iface->ctrl_interface) {
   2869 			os_free(wpa_s->conf->ctrl_interface);
   2870 			wpa_s->conf->ctrl_interface = NULL;
   2871 		}
   2872 	} else
   2873 		wpa_s->conf = wpa_config_alloc_empty(iface->ctrl_interface,
   2874 						     iface->driver_param);
   2875 
   2876 	if (wpa_s->conf == NULL) {
   2877 		wpa_printf(MSG_ERROR, "\nNo configuration found.");
   2878 		return -1;
   2879 	}
   2880 
   2881 	if (iface->ifname == NULL) {
   2882 		wpa_printf(MSG_ERROR, "\nInterface name is required.");
   2883 		return -1;
   2884 	}
   2885 	if (os_strlen(iface->ifname) >= sizeof(wpa_s->ifname)) {
   2886 		wpa_printf(MSG_ERROR, "\nToo long interface name '%s'.",
   2887 			   iface->ifname);
   2888 		return -1;
   2889 	}
   2890 	os_strlcpy(wpa_s->ifname, iface->ifname, sizeof(wpa_s->ifname));
   2891 
   2892 	if (iface->bridge_ifname) {
   2893 		if (os_strlen(iface->bridge_ifname) >=
   2894 		    sizeof(wpa_s->bridge_ifname)) {
   2895 			wpa_printf(MSG_ERROR, "\nToo long bridge interface "
   2896 				   "name '%s'.", iface->bridge_ifname);
   2897 			return -1;
   2898 		}
   2899 		os_strlcpy(wpa_s->bridge_ifname, iface->bridge_ifname,
   2900 			   sizeof(wpa_s->bridge_ifname));
   2901 	}
   2902 
   2903 	/* RSNA Supplicant Key Management - INITIALIZE */
   2904 	eapol_sm_notify_portEnabled(wpa_s->eapol, FALSE);
   2905 	eapol_sm_notify_portValid(wpa_s->eapol, FALSE);
   2906 
   2907 	/* Initialize driver interface and register driver event handler before
   2908 	 * L2 receive handler so that association events are processed before
   2909 	 * EAPOL-Key packets if both become available for the same select()
   2910 	 * call. */
   2911 	driver = iface->driver;
   2912 next_driver:
   2913 	if (wpa_supplicant_set_driver(wpa_s, driver) < 0)
   2914 		return -1;
   2915 
   2916 	wpa_s->drv_priv = wpa_drv_init(wpa_s, wpa_s->ifname);
   2917 	if (wpa_s->drv_priv == NULL) {
   2918 		const char *pos;
   2919 		pos = driver ? os_strchr(driver, ',') : NULL;
   2920 		if (pos) {
   2921 			wpa_dbg(wpa_s, MSG_DEBUG, "Failed to initialize "
   2922 				"driver interface - try next driver wrapper");
   2923 			driver = pos + 1;
   2924 			goto next_driver;
   2925 		}
   2926 		wpa_msg(wpa_s, MSG_ERROR, "Failed to initialize driver "
   2927 			"interface");
   2928 		return -1;
   2929 	}
   2930 	if (wpa_drv_set_param(wpa_s, wpa_s->conf->driver_param) < 0) {
   2931 		wpa_msg(wpa_s, MSG_ERROR, "Driver interface rejected "
   2932 			"driver_param '%s'", wpa_s->conf->driver_param);
   2933 		return -1;
   2934 	}
   2935 
   2936 	ifname = wpa_drv_get_ifname(wpa_s);
   2937 	if (ifname && os_strcmp(ifname, wpa_s->ifname) != 0) {
   2938 		wpa_dbg(wpa_s, MSG_DEBUG, "Driver interface replaced "
   2939 			"interface name with '%s'", ifname);
   2940 		os_strlcpy(wpa_s->ifname, ifname, sizeof(wpa_s->ifname));
   2941 	}
   2942 
   2943 	if (wpa_supplicant_init_wpa(wpa_s) < 0)
   2944 		return -1;
   2945 
   2946 	wpa_sm_set_ifname(wpa_s->wpa, wpa_s->ifname,
   2947 			  wpa_s->bridge_ifname[0] ? wpa_s->bridge_ifname :
   2948 			  NULL);
   2949 	wpa_sm_set_fast_reauth(wpa_s->wpa, wpa_s->conf->fast_reauth);
   2950 
   2951 	if (wpa_s->conf->dot11RSNAConfigPMKLifetime &&
   2952 	    wpa_sm_set_param(wpa_s->wpa, RSNA_PMK_LIFETIME,
   2953 			     wpa_s->conf->dot11RSNAConfigPMKLifetime)) {
   2954 		wpa_msg(wpa_s, MSG_ERROR, "Invalid WPA parameter value for "
   2955 			"dot11RSNAConfigPMKLifetime");
   2956 		return -1;
   2957 	}
   2958 
   2959 	if (wpa_s->conf->dot11RSNAConfigPMKReauthThreshold &&
   2960 	    wpa_sm_set_param(wpa_s->wpa, RSNA_PMK_REAUTH_THRESHOLD,
   2961 			     wpa_s->conf->dot11RSNAConfigPMKReauthThreshold)) {
   2962 		wpa_msg(wpa_s, MSG_ERROR, "Invalid WPA parameter value for "
   2963 			"dot11RSNAConfigPMKReauthThreshold");
   2964 		return -1;
   2965 	}
   2966 
   2967 	if (wpa_s->conf->dot11RSNAConfigSATimeout &&
   2968 	    wpa_sm_set_param(wpa_s->wpa, RSNA_SA_TIMEOUT,
   2969 			     wpa_s->conf->dot11RSNAConfigSATimeout)) {
   2970 		wpa_msg(wpa_s, MSG_ERROR, "Invalid WPA parameter value for "
   2971 			"dot11RSNAConfigSATimeout");
   2972 		return -1;
   2973 	}
   2974 
   2975 	wpa_s->hw.modes = wpa_drv_get_hw_feature_data(wpa_s,
   2976 						      &wpa_s->hw.num_modes,
   2977 						      &wpa_s->hw.flags);
   2978 
   2979 	if (wpa_drv_get_capa(wpa_s, &capa) == 0) {
   2980 		wpa_s->drv_capa_known = 1;
   2981 		wpa_s->drv_flags = capa.flags;
   2982 		wpa_s->drv_enc = capa.enc;
   2983 		wpa_s->probe_resp_offloads = capa.probe_resp_offloads;
   2984 		wpa_s->max_scan_ssids = capa.max_scan_ssids;
   2985 		wpa_s->max_sched_scan_ssids = capa.max_sched_scan_ssids;
   2986 		wpa_s->sched_scan_supported = capa.sched_scan_supported;
   2987 		wpa_s->max_match_sets = capa.max_match_sets;
   2988 		wpa_s->max_remain_on_chan = capa.max_remain_on_chan;
   2989 		wpa_s->max_stations = capa.max_stations;
   2990 		wpa_s->extended_capa = capa.extended_capa;
   2991 		wpa_s->extended_capa_mask = capa.extended_capa_mask;
   2992 		wpa_s->extended_capa_len = capa.extended_capa_len;
   2993 		wpa_s->num_multichan_concurrent =
   2994 			capa.num_multichan_concurrent;
   2995 	}
   2996 	if (wpa_s->max_remain_on_chan == 0)
   2997 		wpa_s->max_remain_on_chan = 1000;
   2998 
   2999 	/*
   3000 	 * Only take p2p_mgmt parameters when P2P Device is supported.
   3001 	 * Doing it here as it determines whether l2_packet_init() will be done
   3002 	 * during wpa_supplicant_driver_init().
   3003 	 */
   3004 	if (wpa_s->drv_flags & WPA_DRIVER_FLAGS_DEDICATED_P2P_DEVICE)
   3005 		wpa_s->p2p_mgmt = iface->p2p_mgmt;
   3006 	else
   3007 		iface->p2p_mgmt = 1;
   3008 
   3009 	if (wpa_s->num_multichan_concurrent == 0)
   3010 		wpa_s->num_multichan_concurrent = 1;
   3011 
   3012 	if (wpa_supplicant_driver_init(wpa_s) < 0)
   3013 		return -1;
   3014 
   3015 #ifdef CONFIG_TDLS
   3016 	if ((!iface->p2p_mgmt ||
   3017 	     !(wpa_s->drv_flags &
   3018 	       WPA_DRIVER_FLAGS_DEDICATED_P2P_DEVICE)) &&
   3019 	    wpa_tdls_init(wpa_s->wpa))
   3020 		return -1;
   3021 #endif /* CONFIG_TDLS */
   3022 
   3023 	if (wpa_s->conf->country[0] && wpa_s->conf->country[1] &&
   3024 	    wpa_drv_set_country(wpa_s, wpa_s->conf->country)) {
   3025 		wpa_dbg(wpa_s, MSG_DEBUG, "Failed to set country");
   3026 		return -1;
   3027 	}
   3028 
   3029 	if (wpas_wps_init(wpa_s))
   3030 		return -1;
   3031 
   3032 	if (wpa_supplicant_init_eapol(wpa_s) < 0)
   3033 		return -1;
   3034 	wpa_sm_set_eapol(wpa_s->wpa, wpa_s->eapol);
   3035 
   3036 	wpa_s->ctrl_iface = wpa_supplicant_ctrl_iface_init(wpa_s);
   3037 	if (wpa_s->ctrl_iface == NULL) {
   3038 		wpa_printf(MSG_ERROR,
   3039 			   "Failed to initialize control interface '%s'.\n"
   3040 			   "You may have another wpa_supplicant process "
   3041 			   "already running or the file was\n"
   3042 			   "left by an unclean termination of wpa_supplicant "
   3043 			   "in which case you will need\n"
   3044 			   "to manually remove this file before starting "
   3045 			   "wpa_supplicant again.\n",
   3046 			   wpa_s->conf->ctrl_interface);
   3047 		return -1;
   3048 	}
   3049 
   3050 	wpa_s->gas = gas_query_init(wpa_s);
   3051 	if (wpa_s->gas == NULL) {
   3052 		wpa_printf(MSG_ERROR, "Failed to initialize GAS query");
   3053 		return -1;
   3054 	}
   3055 
   3056 #ifdef CONFIG_P2P
   3057 	if (iface->p2p_mgmt && wpas_p2p_init(wpa_s->global, wpa_s) < 0) {
   3058 		wpa_msg(wpa_s, MSG_ERROR, "Failed to init P2P");
   3059 		return -1;
   3060 	}
   3061 #endif /* CONFIG_P2P */
   3062 
   3063 	if (wpa_bss_init(wpa_s) < 0)
   3064 		return -1;
   3065 
   3066 #ifdef CONFIG_EAP_PROXY
   3067 {
   3068 	size_t len;
   3069 	wpa_s->mnc_len = eap_proxy_get_imsi(wpa_s->imsi, &len);
   3070 	if (wpa_s->mnc_len > 0) {
   3071 		wpa_s->imsi[len] = '\0';
   3072 		wpa_printf(MSG_DEBUG, "eap_proxy: IMSI %s (MNC length %d)",
   3073 			   wpa_s->imsi, wpa_s->mnc_len);
   3074 	} else {
   3075 		wpa_printf(MSG_DEBUG, "eap_proxy: IMSI not available");
   3076 	}
   3077 }
   3078 #endif /* CONFIG_EAP_PROXY */
   3079 
   3080 	if (pcsc_reader_init(wpa_s) < 0)
   3081 		return -1;
   3082 
   3083 	if (wpas_init_ext_pw(wpa_s) < 0)
   3084 		return -1;
   3085 
   3086 	return 0;
   3087 }
   3088 
   3089 
   3090 static void wpa_supplicant_deinit_iface(struct wpa_supplicant *wpa_s,
   3091 					int notify, int terminate)
   3092 {
   3093 	wpa_s->disconnected = 1;
   3094 	if (wpa_s->drv_priv) {
   3095 		wpa_supplicant_deauthenticate(wpa_s,
   3096 					      WLAN_REASON_DEAUTH_LEAVING);
   3097 
   3098 		wpa_drv_set_countermeasures(wpa_s, 0);
   3099 		wpa_clear_keys(wpa_s, NULL);
   3100 	}
   3101 
   3102 	wpa_supplicant_cleanup(wpa_s);
   3103 
   3104 #ifdef CONFIG_P2P
   3105 	if (wpa_s == wpa_s->global->p2p_init_wpa_s && wpa_s->global->p2p) {
   3106 		wpa_dbg(wpa_s, MSG_DEBUG, "P2P: Disable P2P since removing "
   3107 			"the management interface is being removed");
   3108 		wpas_p2p_deinit_global(wpa_s->global);
   3109 	}
   3110 #endif /* CONFIG_P2P */
   3111 
   3112 	if (wpa_s->drv_priv)
   3113 		wpa_drv_deinit(wpa_s);
   3114 
   3115 	if (notify)
   3116 		wpas_notify_iface_removed(wpa_s);
   3117 
   3118 	if (terminate)
   3119 		wpa_msg(wpa_s, MSG_INFO, WPA_EVENT_TERMINATING);
   3120 
   3121 	if (wpa_s->ctrl_iface) {
   3122 		wpa_supplicant_ctrl_iface_deinit(wpa_s->ctrl_iface);
   3123 		wpa_s->ctrl_iface = NULL;
   3124 	}
   3125 
   3126 	if (wpa_s->conf != NULL) {
   3127 		wpa_config_free(wpa_s->conf);
   3128 		wpa_s->conf = NULL;
   3129 	}
   3130 
   3131 	os_free(wpa_s);
   3132 }
   3133 
   3134 
   3135 /**
   3136  * wpa_supplicant_add_iface - Add a new network interface
   3137  * @global: Pointer to global data from wpa_supplicant_init()
   3138  * @iface: Interface configuration options
   3139  * Returns: Pointer to the created interface or %NULL on failure
   3140  *
   3141  * This function is used to add new network interfaces for %wpa_supplicant.
   3142  * This can be called before wpa_supplicant_run() to add interfaces before the
   3143  * main event loop has been started. In addition, new interfaces can be added
   3144  * dynamically while %wpa_supplicant is already running. This could happen,
   3145  * e.g., when a hotplug network adapter is inserted.
   3146  */
   3147 struct wpa_supplicant * wpa_supplicant_add_iface(struct wpa_global *global,
   3148 						 struct wpa_interface *iface)
   3149 {
   3150 	struct wpa_supplicant *wpa_s;
   3151 	struct wpa_interface t_iface;
   3152 	struct wpa_ssid *ssid;
   3153 
   3154 	if (global == NULL || iface == NULL)
   3155 		return NULL;
   3156 
   3157 	wpa_s = wpa_supplicant_alloc();
   3158 	if (wpa_s == NULL)
   3159 		return NULL;
   3160 
   3161 	wpa_s->global = global;
   3162 
   3163 	t_iface = *iface;
   3164 	if (global->params.override_driver) {
   3165 		wpa_printf(MSG_DEBUG, "Override interface parameter: driver "
   3166 			   "('%s' -> '%s')",
   3167 			   iface->driver, global->params.override_driver);
   3168 		t_iface.driver = global->params.override_driver;
   3169 	}
   3170 	if (global->params.override_ctrl_interface) {
   3171 		wpa_printf(MSG_DEBUG, "Override interface parameter: "
   3172 			   "ctrl_interface ('%s' -> '%s')",
   3173 			   iface->ctrl_interface,
   3174 			   global->params.override_ctrl_interface);
   3175 		t_iface.ctrl_interface =
   3176 			global->params.override_ctrl_interface;
   3177 	}
   3178 	if (wpa_supplicant_init_iface(wpa_s, &t_iface)) {
   3179 		wpa_printf(MSG_DEBUG, "Failed to add interface %s",
   3180 			   iface->ifname);
   3181 		wpa_supplicant_deinit_iface(wpa_s, 0, 0);
   3182 		return NULL;
   3183 	}
   3184 
   3185 	/* Notify the control interfaces about new iface */
   3186 	if (wpas_notify_iface_added(wpa_s)) {
   3187 		wpa_supplicant_deinit_iface(wpa_s, 1, 0);
   3188 		return NULL;
   3189 	}
   3190 
   3191 	for (ssid = wpa_s->conf->ssid; ssid; ssid = ssid->next)
   3192 		wpas_notify_network_added(wpa_s, ssid);
   3193 
   3194 	wpa_s->next = global->ifaces;
   3195 	global->ifaces = wpa_s;
   3196 
   3197 	wpa_dbg(wpa_s, MSG_DEBUG, "Added interface %s", wpa_s->ifname);
   3198 	wpa_supplicant_set_state(wpa_s, WPA_DISCONNECTED);
   3199 
   3200 	return wpa_s;
   3201 }
   3202 
   3203 
   3204 /**
   3205  * wpa_supplicant_remove_iface - Remove a network interface
   3206  * @global: Pointer to global data from wpa_supplicant_init()
   3207  * @wpa_s: Pointer to the network interface to be removed
   3208  * Returns: 0 if interface was removed, -1 if interface was not found
   3209  *
   3210  * This function can be used to dynamically remove network interfaces from
   3211  * %wpa_supplicant, e.g., when a hotplug network adapter is ejected. In
   3212  * addition, this function is used to remove all remaining interfaces when
   3213  * %wpa_supplicant is terminated.
   3214  */
   3215 int wpa_supplicant_remove_iface(struct wpa_global *global,
   3216 				struct wpa_supplicant *wpa_s,
   3217 				int terminate)
   3218 {
   3219 	struct wpa_supplicant *prev;
   3220 
   3221 	/* Remove interface from the global list of interfaces */
   3222 	prev = global->ifaces;
   3223 	if (prev == wpa_s) {
   3224 		global->ifaces = wpa_s->next;
   3225 	} else {
   3226 		while (prev && prev->next != wpa_s)
   3227 			prev = prev->next;
   3228 		if (prev == NULL)
   3229 			return -1;
   3230 		prev->next = wpa_s->next;
   3231 	}
   3232 
   3233 	wpa_dbg(wpa_s, MSG_DEBUG, "Removing interface %s", wpa_s->ifname);
   3234 
   3235 	if (global->p2p_group_formation == wpa_s)
   3236 		global->p2p_group_formation = NULL;
   3237 	if (global->p2p_invite_group == wpa_s)
   3238 		global->p2p_invite_group = NULL;
   3239 	wpa_supplicant_deinit_iface(wpa_s, 1, terminate);
   3240 
   3241 	return 0;
   3242 }
   3243 
   3244 
   3245 /**
   3246  * wpa_supplicant_get_eap_mode - Get the current EAP mode
   3247  * @wpa_s: Pointer to the network interface
   3248  * Returns: Pointer to the eap mode or the string "UNKNOWN" if not found
   3249  */
   3250 const char * wpa_supplicant_get_eap_mode(struct wpa_supplicant *wpa_s)
   3251 {
   3252 	const char *eapol_method;
   3253 
   3254         if (wpa_key_mgmt_wpa_ieee8021x(wpa_s->key_mgmt) == 0 &&
   3255             wpa_s->key_mgmt != WPA_KEY_MGMT_IEEE8021X_NO_WPA) {
   3256 		return "NO-EAP";
   3257 	}
   3258 
   3259 	eapol_method = eapol_sm_get_method_name(wpa_s->eapol);
   3260 	if (eapol_method == NULL)
   3261 		return "UNKNOWN-EAP";
   3262 
   3263 	return eapol_method;
   3264 }
   3265 
   3266 
   3267 /**
   3268  * wpa_supplicant_get_iface - Get a new network interface
   3269  * @global: Pointer to global data from wpa_supplicant_init()
   3270  * @ifname: Interface name
   3271  * Returns: Pointer to the interface or %NULL if not found
   3272  */
   3273 struct wpa_supplicant * wpa_supplicant_get_iface(struct wpa_global *global,
   3274 						 const char *ifname)
   3275 {
   3276 	struct wpa_supplicant *wpa_s;
   3277 
   3278 	for (wpa_s = global->ifaces; wpa_s; wpa_s = wpa_s->next) {
   3279 		if (os_strcmp(wpa_s->ifname, ifname) == 0)
   3280 			return wpa_s;
   3281 	}
   3282 	return NULL;
   3283 }
   3284 
   3285 
   3286 #ifndef CONFIG_NO_WPA_MSG
   3287 static const char * wpa_supplicant_msg_ifname_cb(void *ctx)
   3288 {
   3289 	struct wpa_supplicant *wpa_s = ctx;
   3290 	if (wpa_s == NULL)
   3291 		return NULL;
   3292 	return wpa_s->ifname;
   3293 }
   3294 #endif /* CONFIG_NO_WPA_MSG */
   3295 
   3296 
   3297 /**
   3298  * wpa_supplicant_init - Initialize %wpa_supplicant
   3299  * @params: Parameters for %wpa_supplicant
   3300  * Returns: Pointer to global %wpa_supplicant data, or %NULL on failure
   3301  *
   3302  * This function is used to initialize %wpa_supplicant. After successful
   3303  * initialization, the returned data pointer can be used to add and remove
   3304  * network interfaces, and eventually, to deinitialize %wpa_supplicant.
   3305  */
   3306 struct wpa_global * wpa_supplicant_init(struct wpa_params *params)
   3307 {
   3308 	struct wpa_global *global;
   3309 	int ret, i;
   3310 
   3311 	if (params == NULL)
   3312 		return NULL;
   3313 
   3314 #ifdef CONFIG_DRIVER_NDIS
   3315 	{
   3316 		void driver_ndis_init_ops(void);
   3317 		driver_ndis_init_ops();
   3318 	}
   3319 #endif /* CONFIG_DRIVER_NDIS */
   3320 
   3321 #ifndef CONFIG_NO_WPA_MSG
   3322 	wpa_msg_register_ifname_cb(wpa_supplicant_msg_ifname_cb);
   3323 #endif /* CONFIG_NO_WPA_MSG */
   3324 
   3325 	wpa_debug_open_file(params->wpa_debug_file_path);
   3326 	if (params->wpa_debug_syslog)
   3327 		wpa_debug_open_syslog();
   3328 	if (params->wpa_debug_tracing) {
   3329 		ret = wpa_debug_open_linux_tracing();
   3330 		if (ret) {
   3331 			wpa_printf(MSG_ERROR,
   3332 				   "Failed to enable trace logging");
   3333 			return NULL;
   3334 		}
   3335 	}
   3336 
   3337 	ret = eap_register_methods();
   3338 	if (ret) {
   3339 		wpa_printf(MSG_ERROR, "Failed to register EAP methods");
   3340 		if (ret == -2)
   3341 			wpa_printf(MSG_ERROR, "Two or more EAP methods used "
   3342 				   "the same EAP type.");
   3343 		return NULL;
   3344 	}
   3345 
   3346 	global = os_zalloc(sizeof(*global));
   3347 	if (global == NULL)
   3348 		return NULL;
   3349 	dl_list_init(&global->p2p_srv_bonjour);
   3350 	dl_list_init(&global->p2p_srv_upnp);
   3351 	global->params.daemonize = params->daemonize;
   3352 	global->params.wait_for_monitor = params->wait_for_monitor;
   3353 	global->params.dbus_ctrl_interface = params->dbus_ctrl_interface;
   3354 	if (params->pid_file)
   3355 		global->params.pid_file = os_strdup(params->pid_file);
   3356 	if (params->ctrl_interface)
   3357 		global->params.ctrl_interface =
   3358 			os_strdup(params->ctrl_interface);
   3359 	if (params->ctrl_interface_group)
   3360 		global->params.ctrl_interface_group =
   3361 			os_strdup(params->ctrl_interface_group);
   3362 	if (params->override_driver)
   3363 		global->params.override_driver =
   3364 			os_strdup(params->override_driver);
   3365 	if (params->override_ctrl_interface)
   3366 		global->params.override_ctrl_interface =
   3367 			os_strdup(params->override_ctrl_interface);
   3368 	wpa_debug_level = global->params.wpa_debug_level =
   3369 		params->wpa_debug_level;
   3370 	wpa_debug_show_keys = global->params.wpa_debug_show_keys =
   3371 		params->wpa_debug_show_keys;
   3372 	wpa_debug_timestamp = global->params.wpa_debug_timestamp =
   3373 		params->wpa_debug_timestamp;
   3374 
   3375 	wpa_printf(MSG_DEBUG, "wpa_supplicant v" VERSION_STR);
   3376 
   3377 	if (eloop_init()) {
   3378 		wpa_printf(MSG_ERROR, "Failed to initialize event loop");
   3379 		wpa_supplicant_deinit(global);
   3380 		return NULL;
   3381 	}
   3382 
   3383 	random_init(params->entropy_file);
   3384 
   3385 	global->ctrl_iface = wpa_supplicant_global_ctrl_iface_init(global);
   3386 	if (global->ctrl_iface == NULL) {
   3387 		wpa_supplicant_deinit(global);
   3388 		return NULL;
   3389 	}
   3390 
   3391 	if (wpas_notify_supplicant_initialized(global)) {
   3392 		wpa_supplicant_deinit(global);
   3393 		return NULL;
   3394 	}
   3395 
   3396 	for (i = 0; wpa_drivers[i]; i++)
   3397 		global->drv_count++;
   3398 	if (global->drv_count == 0) {
   3399 		wpa_printf(MSG_ERROR, "No drivers enabled");
   3400 		wpa_supplicant_deinit(global);
   3401 		return NULL;
   3402 	}
   3403 	global->drv_priv = os_zalloc(global->drv_count * sizeof(void *));
   3404 	if (global->drv_priv == NULL) {
   3405 		wpa_supplicant_deinit(global);
   3406 		return NULL;
   3407 	}
   3408 
   3409 #ifdef CONFIG_WIFI_DISPLAY
   3410 	if (wifi_display_init(global) < 0) {
   3411 		wpa_printf(MSG_ERROR, "Failed to initialize Wi-Fi Display");
   3412 		wpa_supplicant_deinit(global);
   3413 		return NULL;
   3414 	}
   3415 #endif /* CONFIG_WIFI_DISPLAY */
   3416 
   3417 	return global;
   3418 }
   3419 
   3420 
   3421 /**
   3422  * wpa_supplicant_run - Run the %wpa_supplicant main event loop
   3423  * @global: Pointer to global data from wpa_supplicant_init()
   3424  * Returns: 0 after successful event loop run, -1 on failure
   3425  *
   3426  * This function starts the main event loop and continues running as long as
   3427  * there are any remaining events. In most cases, this function is running as
   3428  * long as the %wpa_supplicant process in still in use.
   3429  */
   3430 int wpa_supplicant_run(struct wpa_global *global)
   3431 {
   3432 	struct wpa_supplicant *wpa_s;
   3433 
   3434 	if (global->params.daemonize &&
   3435 	    wpa_supplicant_daemon(global->params.pid_file))
   3436 		return -1;
   3437 
   3438 	if (global->params.wait_for_monitor) {
   3439 		for (wpa_s = global->ifaces; wpa_s; wpa_s = wpa_s->next)
   3440 			if (wpa_s->ctrl_iface)
   3441 				wpa_supplicant_ctrl_iface_wait(
   3442 					wpa_s->ctrl_iface);
   3443 	}
   3444 
   3445 	eloop_register_signal_terminate(wpa_supplicant_terminate, global);
   3446 	eloop_register_signal_reconfig(wpa_supplicant_reconfig, global);
   3447 
   3448 	eloop_run();
   3449 
   3450 	return 0;
   3451 }
   3452 
   3453 
   3454 /**
   3455  * wpa_supplicant_deinit - Deinitialize %wpa_supplicant
   3456  * @global: Pointer to global data from wpa_supplicant_init()
   3457  *
   3458  * This function is called to deinitialize %wpa_supplicant and to free all
   3459  * allocated resources. Remaining network interfaces will also be removed.
   3460  */
   3461 void wpa_supplicant_deinit(struct wpa_global *global)
   3462 {
   3463 	int i;
   3464 
   3465 	if (global == NULL)
   3466 		return;
   3467 
   3468 #ifdef CONFIG_WIFI_DISPLAY
   3469 	wifi_display_deinit(global);
   3470 #endif /* CONFIG_WIFI_DISPLAY */
   3471 
   3472 	while (global->ifaces)
   3473 		wpa_supplicant_remove_iface(global, global->ifaces, 1);
   3474 
   3475 	if (global->ctrl_iface)
   3476 		wpa_supplicant_global_ctrl_iface_deinit(global->ctrl_iface);
   3477 
   3478 	wpas_notify_supplicant_deinitialized(global);
   3479 
   3480 	eap_peer_unregister_methods();
   3481 #ifdef CONFIG_AP
   3482 	eap_server_unregister_methods();
   3483 #endif /* CONFIG_AP */
   3484 
   3485 	for (i = 0; wpa_drivers[i] && global->drv_priv; i++) {
   3486 		if (!global->drv_priv[i])
   3487 			continue;
   3488 		wpa_drivers[i]->global_deinit(global->drv_priv[i]);
   3489 	}
   3490 	os_free(global->drv_priv);
   3491 
   3492 	random_deinit();
   3493 
   3494 	eloop_destroy();
   3495 
   3496 	if (global->params.pid_file) {
   3497 		os_daemonize_terminate(global->params.pid_file);
   3498 		os_free(global->params.pid_file);
   3499 	}
   3500 	os_free(global->params.ctrl_interface);
   3501 	os_free(global->params.ctrl_interface_group);
   3502 	os_free(global->params.override_driver);
   3503 	os_free(global->params.override_ctrl_interface);
   3504 
   3505 	os_free(global->p2p_disallow_freq);
   3506 	os_free(global->add_psk);
   3507 
   3508 	os_free(global);
   3509 	wpa_debug_close_syslog();
   3510 	wpa_debug_close_file();
   3511 	wpa_debug_close_linux_tracing();
   3512 }
   3513 
   3514 
   3515 void wpa_supplicant_update_config(struct wpa_supplicant *wpa_s)
   3516 {
   3517 	if ((wpa_s->conf->changed_parameters & CFG_CHANGED_COUNTRY) &&
   3518 	    wpa_s->conf->country[0] && wpa_s->conf->country[1]) {
   3519 		char country[3];
   3520 		country[0] = wpa_s->conf->country[0];
   3521 		country[1] = wpa_s->conf->country[1];
   3522 		country[2] = '\0';
   3523 		if (wpa_drv_set_country(wpa_s, country) < 0) {
   3524 			wpa_printf(MSG_ERROR, "Failed to set country code "
   3525 				   "'%s'", country);
   3526 		}
   3527 	}
   3528 
   3529 	if (wpa_s->conf->changed_parameters & CFG_CHANGED_EXT_PW_BACKEND)
   3530 		wpas_init_ext_pw(wpa_s);
   3531 
   3532 #ifdef CONFIG_WPS
   3533 	wpas_wps_update_config(wpa_s);
   3534 #endif /* CONFIG_WPS */
   3535 
   3536 #ifdef CONFIG_P2P
   3537 	wpas_p2p_update_config(wpa_s);
   3538 #endif /* CONFIG_P2P */
   3539 
   3540 	wpa_s->conf->changed_parameters = 0;
   3541 }
   3542 
   3543 
   3544 static void add_freq(int *freqs, int *num_freqs, int freq)
   3545 {
   3546 	int i;
   3547 
   3548 	for (i = 0; i < *num_freqs; i++) {
   3549 		if (freqs[i] == freq)
   3550 			return;
   3551 	}
   3552 
   3553 	freqs[*num_freqs] = freq;
   3554 	(*num_freqs)++;
   3555 }
   3556 
   3557 
   3558 static int * get_bss_freqs_in_ess(struct wpa_supplicant *wpa_s)
   3559 {
   3560 	struct wpa_bss *bss, *cbss;
   3561 	const int max_freqs = 10;
   3562 	int *freqs;
   3563 	int num_freqs = 0;
   3564 
   3565 	freqs = os_zalloc(sizeof(int) * (max_freqs + 1));
   3566 	if (freqs == NULL)
   3567 		return NULL;
   3568 
   3569 	cbss = wpa_s->current_bss;
   3570 
   3571 	dl_list_for_each(bss, &wpa_s->bss, struct wpa_bss, list) {
   3572 		if (bss == cbss)
   3573 			continue;
   3574 		if (bss->ssid_len == cbss->ssid_len &&
   3575 		    os_memcmp(bss->ssid, cbss->ssid, bss->ssid_len) == 0 &&
   3576 		    wpa_blacklist_get(wpa_s, bss->bssid) == NULL) {
   3577 			add_freq(freqs, &num_freqs, bss->freq);
   3578 			if (num_freqs == max_freqs)
   3579 				break;
   3580 		}
   3581 	}
   3582 
   3583 	if (num_freqs == 0) {
   3584 		os_free(freqs);
   3585 		freqs = NULL;
   3586 	}
   3587 
   3588 	return freqs;
   3589 }
   3590 
   3591 
   3592 void wpas_connection_failed(struct wpa_supplicant *wpa_s, const u8 *bssid)
   3593 {
   3594 	int timeout;
   3595 	int count;
   3596 	int *freqs = NULL;
   3597 
   3598 	/*
   3599 	 * Remove possible authentication timeout since the connection failed.
   3600 	 */
   3601 	eloop_cancel_timeout(wpa_supplicant_timeout, wpa_s, NULL);
   3602 
   3603 	if (wpa_s->disconnected) {
   3604 		/*
   3605 		 * There is no point in blacklisting the AP if this event is
   3606 		 * generated based on local request to disconnect.
   3607 		 */
   3608 		wpa_dbg(wpa_s, MSG_DEBUG, "Ignore connection failure "
   3609 			"indication since interface has been put into "
   3610 			"disconnected state");
   3611 		return;
   3612 	}
   3613 
   3614 	/*
   3615 	 * Add the failed BSSID into the blacklist and speed up next scan
   3616 	 * attempt if there could be other APs that could accept association.
   3617 	 * The current blacklist count indicates how many times we have tried
   3618 	 * connecting to this AP and multiple attempts mean that other APs are
   3619 	 * either not available or has already been tried, so that we can start
   3620 	 * increasing the delay here to avoid constant scanning.
   3621 	 */
   3622 	count = wpa_blacklist_add(wpa_s, bssid);
   3623 	if (count == 1 && wpa_s->current_bss) {
   3624 		/*
   3625 		 * This BSS was not in the blacklist before. If there is
   3626 		 * another BSS available for the same ESS, we should try that
   3627 		 * next. Otherwise, we may as well try this one once more
   3628 		 * before allowing other, likely worse, ESSes to be considered.
   3629 		 */
   3630 		freqs = get_bss_freqs_in_ess(wpa_s);
   3631 		if (freqs) {
   3632 			wpa_dbg(wpa_s, MSG_DEBUG, "Another BSS in this ESS "
   3633 				"has been seen; try it next");
   3634 			wpa_blacklist_add(wpa_s, bssid);
   3635 			/*
   3636 			 * On the next scan, go through only the known channels
   3637 			 * used in this ESS based on previous scans to speed up
   3638 			 * common load balancing use case.
   3639 			 */
   3640 			os_free(wpa_s->next_scan_freqs);
   3641 			wpa_s->next_scan_freqs = freqs;
   3642 		}
   3643 	}
   3644 
   3645 	/*
   3646 	 * Add previous failure count in case the temporary blacklist was
   3647 	 * cleared due to no other BSSes being available.
   3648 	 */
   3649 	count += wpa_s->extra_blacklist_count;
   3650 
   3651 	if (count > 3 && wpa_s->current_ssid) {
   3652 		wpa_printf(MSG_DEBUG, "Continuous association failures - "
   3653 			   "consider temporary network disabling");
   3654 		wpas_auth_failed(wpa_s);
   3655 	}
   3656 
   3657 	switch (count) {
   3658 	case 1:
   3659 		timeout = 100;
   3660 		break;
   3661 	case 2:
   3662 		timeout = 500;
   3663 		break;
   3664 	case 3:
   3665 		timeout = 1000;
   3666 		break;
   3667 	case 4:
   3668 		timeout = 5000;
   3669 		break;
   3670 	default:
   3671 		timeout = 10000;
   3672 		break;
   3673 	}
   3674 
   3675 	wpa_dbg(wpa_s, MSG_DEBUG, "Blacklist count %d --> request scan in %d "
   3676 		"ms", count, timeout);
   3677 
   3678 	/*
   3679 	 * TODO: if more than one possible AP is available in scan results,
   3680 	 * could try the other ones before requesting a new scan.
   3681 	 */
   3682 	wpa_supplicant_req_scan(wpa_s, timeout / 1000,
   3683 				1000 * (timeout % 1000));
   3684 
   3685 	wpas_p2p_continue_after_scan(wpa_s);
   3686 }
   3687 
   3688 
   3689 int wpas_driver_bss_selection(struct wpa_supplicant *wpa_s)
   3690 {
   3691 	return wpa_s->conf->ap_scan == 2 ||
   3692 		(wpa_s->drv_flags & WPA_DRIVER_FLAGS_BSS_SELECTION);
   3693 }
   3694 
   3695 
   3696 #if defined(CONFIG_CTRL_IFACE) || defined(CONFIG_CTRL_IFACE_DBUS_NEW)
   3697 int wpa_supplicant_ctrl_iface_ctrl_rsp_handle(struct wpa_supplicant *wpa_s,
   3698 					      struct wpa_ssid *ssid,
   3699 					      const char *field,
   3700 					      const char *value)
   3701 {
   3702 #ifdef IEEE8021X_EAPOL
   3703 	struct eap_peer_config *eap = &ssid->eap;
   3704 
   3705 	wpa_printf(MSG_DEBUG, "CTRL_IFACE: response handle field=%s", field);
   3706 	wpa_hexdump_ascii_key(MSG_DEBUG, "CTRL_IFACE: response value",
   3707 			      (const u8 *) value, os_strlen(value));
   3708 
   3709 	switch (wpa_supplicant_ctrl_req_from_string(field)) {
   3710 	case WPA_CTRL_REQ_EAP_IDENTITY:
   3711 		os_free(eap->identity);
   3712 		eap->identity = (u8 *) os_strdup(value);
   3713 		eap->identity_len = os_strlen(value);
   3714 		eap->pending_req_identity = 0;
   3715 		if (ssid == wpa_s->current_ssid)
   3716 			wpa_s->reassociate = 1;
   3717 		break;
   3718 	case WPA_CTRL_REQ_EAP_PASSWORD:
   3719 		os_free(eap->password);
   3720 		eap->password = (u8 *) os_strdup(value);
   3721 		eap->password_len = os_strlen(value);
   3722 		eap->pending_req_password = 0;
   3723 		if (ssid == wpa_s->current_ssid)
   3724 			wpa_s->reassociate = 1;
   3725 		break;
   3726 	case WPA_CTRL_REQ_EAP_NEW_PASSWORD:
   3727 		os_free(eap->new_password);
   3728 		eap->new_password = (u8 *) os_strdup(value);
   3729 		eap->new_password_len = os_strlen(value);
   3730 		eap->pending_req_new_password = 0;
   3731 		if (ssid == wpa_s->current_ssid)
   3732 			wpa_s->reassociate = 1;
   3733 		break;
   3734 	case WPA_CTRL_REQ_EAP_PIN:
   3735 		os_free(eap->pin);
   3736 		eap->pin = os_strdup(value);
   3737 		eap->pending_req_pin = 0;
   3738 		if (ssid == wpa_s->current_ssid)
   3739 			wpa_s->reassociate = 1;
   3740 		break;
   3741 	case WPA_CTRL_REQ_EAP_OTP:
   3742 		os_free(eap->otp);
   3743 		eap->otp = (u8 *) os_strdup(value);
   3744 		eap->otp_len = os_strlen(value);
   3745 		os_free(eap->pending_req_otp);
   3746 		eap->pending_req_otp = NULL;
   3747 		eap->pending_req_otp_len = 0;
   3748 		break;
   3749 	case WPA_CTRL_REQ_EAP_PASSPHRASE:
   3750 		os_free(eap->private_key_passwd);
   3751 		eap->private_key_passwd = (u8 *) os_strdup(value);
   3752 		eap->pending_req_passphrase = 0;
   3753 		if (ssid == wpa_s->current_ssid)
   3754 			wpa_s->reassociate = 1;
   3755 		break;
   3756 	default:
   3757 		wpa_printf(MSG_DEBUG, "CTRL_IFACE: Unknown field '%s'", field);
   3758 		return -1;
   3759 	}
   3760 
   3761 	return 0;
   3762 #else /* IEEE8021X_EAPOL */
   3763 	wpa_printf(MSG_DEBUG, "CTRL_IFACE: IEEE 802.1X not included");
   3764 	return -1;
   3765 #endif /* IEEE8021X_EAPOL */
   3766 }
   3767 #endif /* CONFIG_CTRL_IFACE || CONFIG_CTRL_IFACE_DBUS_NEW */
   3768 
   3769 
   3770 int wpas_network_disabled(struct wpa_supplicant *wpa_s, struct wpa_ssid *ssid)
   3771 {
   3772 	int i;
   3773 	unsigned int drv_enc;
   3774 
   3775 	if (ssid == NULL)
   3776 		return 1;
   3777 
   3778 	if (ssid->disabled)
   3779 		return 1;
   3780 
   3781 	if (wpa_s && wpa_s->drv_capa_known)
   3782 		drv_enc = wpa_s->drv_enc;
   3783 	else
   3784 		drv_enc = (unsigned int) -1;
   3785 
   3786 	for (i = 0; i < NUM_WEP_KEYS; i++) {
   3787 		size_t len = ssid->wep_key_len[i];
   3788 		if (len == 0)
   3789 			continue;
   3790 		if (len == 5 && (drv_enc & WPA_DRIVER_CAPA_ENC_WEP40))
   3791 			continue;
   3792 		if (len == 13 && (drv_enc & WPA_DRIVER_CAPA_ENC_WEP104))
   3793 			continue;
   3794 		if (len == 16 && (drv_enc & WPA_DRIVER_CAPA_ENC_WEP128))
   3795 			continue;
   3796 		return 1; /* invalid WEP key */
   3797 	}
   3798 
   3799 	if (wpa_key_mgmt_wpa_psk(ssid->key_mgmt) && !ssid->psk_set &&
   3800 	    !ssid->ext_psk)
   3801 		return 1;
   3802 
   3803 	return 0;
   3804 }
   3805 
   3806 
   3807 int wpas_is_p2p_prioritized(struct wpa_supplicant *wpa_s)
   3808 {
   3809 	if (wpa_s->global->conc_pref == WPA_CONC_PREF_P2P)
   3810 		return 1;
   3811 	if (wpa_s->global->conc_pref == WPA_CONC_PREF_STA)
   3812 		return 0;
   3813 	return -1;
   3814 }
   3815 
   3816 
   3817 void wpas_auth_failed(struct wpa_supplicant *wpa_s)
   3818 {
   3819 	struct wpa_ssid *ssid = wpa_s->current_ssid;
   3820 	int dur;
   3821 	struct os_time now;
   3822 
   3823 	if (ssid == NULL) {
   3824 		wpa_printf(MSG_DEBUG, "Authentication failure but no known "
   3825 			   "SSID block");
   3826 		return;
   3827 	}
   3828 
   3829 	if (ssid->key_mgmt == WPA_KEY_MGMT_WPS)
   3830 		return;
   3831 
   3832 	ssid->auth_failures++;
   3833 
   3834 #ifdef CONFIG_P2P
   3835 	if (ssid->p2p_group &&
   3836 	    (wpa_s->p2p_in_provisioning || wpa_s->show_group_started)) {
   3837 		/*
   3838 		 * Skip the wait time since there is a short timeout on the
   3839 		 * connection to a P2P group.
   3840 		 */
   3841 		return;
   3842 	}
   3843 #endif /* CONFIG_P2P */
   3844 
   3845 	if (ssid->auth_failures > 50)
   3846 		dur = 300;
   3847 	else if (ssid->auth_failures > 20)
   3848 		dur = 120;
   3849 	else if (ssid->auth_failures > 10)
   3850 		dur = 60;
   3851 	else if (ssid->auth_failures > 5)
   3852 		dur = 30;
   3853 	else if (ssid->auth_failures > 1)
   3854 		dur = 20;
   3855 	else
   3856 		dur = 10;
   3857 
   3858 	os_get_time(&now);
   3859 	if (now.sec + dur <= ssid->disabled_until.sec)
   3860 		return;
   3861 
   3862 	ssid->disabled_until.sec = now.sec + dur;
   3863 
   3864 	wpa_msg(wpa_s, MSG_INFO, WPA_EVENT_TEMP_DISABLED
   3865 		"id=%d ssid=\"%s\" auth_failures=%u duration=%d",
   3866 		ssid->id, wpa_ssid_txt(ssid->ssid, ssid->ssid_len),
   3867 		ssid->auth_failures, dur);
   3868 }
   3869 
   3870 
   3871 void wpas_clear_temp_disabled(struct wpa_supplicant *wpa_s,
   3872 			      struct wpa_ssid *ssid, int clear_failures)
   3873 {
   3874 	if (ssid == NULL)
   3875 		return;
   3876 
   3877 	if (ssid->disabled_until.sec) {
   3878 		wpa_msg(wpa_s, MSG_INFO, WPA_EVENT_REENABLED
   3879 			"id=%d ssid=\"%s\"",
   3880 			ssid->id, wpa_ssid_txt(ssid->ssid, ssid->ssid_len));
   3881 	}
   3882 	ssid->disabled_until.sec = 0;
   3883 	ssid->disabled_until.usec = 0;
   3884 	if (clear_failures)
   3885 		ssid->auth_failures = 0;
   3886 }
   3887 
   3888 
   3889 int disallowed_bssid(struct wpa_supplicant *wpa_s, const u8 *bssid)
   3890 {
   3891 	size_t i;
   3892 
   3893 	if (wpa_s->disallow_aps_bssid == NULL)
   3894 		return 0;
   3895 
   3896 	for (i = 0; i < wpa_s->disallow_aps_bssid_count; i++) {
   3897 		if (os_memcmp(wpa_s->disallow_aps_bssid + i * ETH_ALEN,
   3898 			      bssid, ETH_ALEN) == 0)
   3899 			return 1;
   3900 	}
   3901 
   3902 	return 0;
   3903 }
   3904 
   3905 
   3906 int disallowed_ssid(struct wpa_supplicant *wpa_s, const u8 *ssid,
   3907 		    size_t ssid_len)
   3908 {
   3909 	size_t i;
   3910 
   3911 	if (wpa_s->disallow_aps_ssid == NULL || ssid == NULL)
   3912 		return 0;
   3913 
   3914 	for (i = 0; i < wpa_s->disallow_aps_ssid_count; i++) {
   3915 		struct wpa_ssid_value *s = &wpa_s->disallow_aps_ssid[i];
   3916 		if (ssid_len == s->ssid_len &&
   3917 		    os_memcmp(ssid, s->ssid, ssid_len) == 0)
   3918 			return 1;
   3919 	}
   3920 
   3921 	return 0;
   3922 }
   3923 
   3924 
   3925 /**
   3926  * wpas_request_connection - Request a new connection
   3927  * @wpa_s: Pointer to the network interface
   3928  *
   3929  * This function is used to request a new connection to be found. It will mark
   3930  * the interface to allow reassociation and request a new scan to find a
   3931  * suitable network to connect to.
   3932  */
   3933 void wpas_request_connection(struct wpa_supplicant *wpa_s)
   3934 {
   3935 	wpa_s->normal_scans = 0;
   3936 	wpa_supplicant_reinit_autoscan(wpa_s);
   3937 	wpa_s->extra_blacklist_count = 0;
   3938 	wpa_s->disconnected = 0;
   3939 	wpa_s->reassociate = 1;
   3940 
   3941 	if (wpa_supplicant_fast_associate(wpa_s) != 1)
   3942 		wpa_supplicant_req_scan(wpa_s, 0, 0);
   3943 }
   3944 
   3945 
   3946 /**
   3947  * wpas_wpa_is_in_progress - Check whether a connection is in progress
   3948  * @wpa_s: Pointer to wpa_supplicant data
   3949  *
   3950  * This function is to check if the wpa state is in beginning of the connection
   3951  * during 4-way handshake or group key handshake with WPA on any shared
   3952  * interface.
   3953  */
   3954 int wpas_wpa_is_in_progress(struct wpa_supplicant *wpa_s)
   3955 {
   3956 	const char *rn, *rn2;
   3957 	struct wpa_supplicant *ifs;
   3958 
   3959 	if (!wpa_s->driver->get_radio_name)
   3960                 return 0;
   3961 
   3962 	rn = wpa_s->driver->get_radio_name(wpa_s->drv_priv);
   3963 	if (rn == NULL || rn[0] == '\0')
   3964 		return 0;
   3965 
   3966 	for (ifs = wpa_s->global->ifaces; ifs; ifs = ifs->next) {
   3967 		if (ifs == wpa_s || !ifs->driver->get_radio_name)
   3968 			continue;
   3969 
   3970 		rn2 = ifs->driver->get_radio_name(ifs->drv_priv);
   3971 		if (!rn2 || os_strcmp(rn, rn2) != 0)
   3972 			continue;
   3973 		if (ifs->wpa_state >= WPA_AUTHENTICATING &&
   3974 		    ifs->wpa_state != WPA_COMPLETED) {
   3975 			wpa_dbg(wpa_s, MSG_DEBUG, "Connection is in progress "
   3976 				"on interface %s - defer scan", ifs->ifname);
   3977 			return 1;
   3978 		}
   3979 	}
   3980 
   3981 	return 0;
   3982 }
   3983 
   3984 
   3985 /*
   3986  * Find the operating frequencies of any of the virtual interfaces that
   3987  * are using the same radio as the current interface.
   3988  */
   3989 int get_shared_radio_freqs(struct wpa_supplicant *wpa_s,
   3990 			   int *freq_array, unsigned int len)
   3991 {
   3992 	const char *rn, *rn2;
   3993 	struct wpa_supplicant *ifs;
   3994 	u8 bssid[ETH_ALEN];
   3995 	int freq;
   3996 	unsigned int idx = 0, i;
   3997 
   3998 	os_memset(freq_array, 0, sizeof(int) * len);
   3999 
   4000 	/* First add the frequency of the local interface */
   4001 	if (wpa_s->current_ssid != NULL && wpa_s->assoc_freq != 0) {
   4002 		if (wpa_s->current_ssid->mode == WPAS_MODE_AP ||
   4003 		    wpa_s->current_ssid->mode == WPAS_MODE_P2P_GO)
   4004 			freq_array[idx++] = wpa_s->current_ssid->frequency;
   4005 		else if (wpa_drv_get_bssid(wpa_s, bssid) == 0)
   4006 			freq_array[idx++] = wpa_s->assoc_freq;
   4007 	}
   4008 
   4009 	/* If get_radio_name is not supported, use only the local freq */
   4010 	if (!wpa_s->driver->get_radio_name) {
   4011 		freq = wpa_drv_shared_freq(wpa_s);
   4012 		if (freq > 0 && idx < len &&
   4013 		    (idx == 0 || freq_array[0] != freq))
   4014 			freq_array[idx++] = freq;
   4015 		return idx;
   4016 	}
   4017 
   4018 	rn = wpa_s->driver->get_radio_name(wpa_s->drv_priv);
   4019 	if (rn == NULL || rn[0] == '\0')
   4020 		return idx;
   4021 
   4022 	for (ifs = wpa_s->global->ifaces, idx = 0; ifs && idx < len;
   4023 	     ifs = ifs->next) {
   4024 		if (wpa_s == ifs || !ifs->driver->get_radio_name)
   4025 			continue;
   4026 
   4027 		rn2 = ifs->driver->get_radio_name(ifs->drv_priv);
   4028 		if (!rn2 || os_strcmp(rn, rn2) != 0)
   4029 			continue;
   4030 
   4031 		if (ifs->current_ssid == NULL || ifs->assoc_freq == 0)
   4032 			continue;
   4033 
   4034 		if (ifs->current_ssid->mode == WPAS_MODE_AP ||
   4035 		    ifs->current_ssid->mode == WPAS_MODE_P2P_GO)
   4036 			freq = ifs->current_ssid->frequency;
   4037 		else if (wpa_drv_get_bssid(ifs, bssid) == 0)
   4038 			freq = ifs->assoc_freq;
   4039 		else
   4040 			continue;
   4041 
   4042 		/* Hold only distinct freqs */
   4043 		for (i = 0; i < idx; i++)
   4044 			if (freq_array[i] == freq)
   4045 				break;
   4046 
   4047 		if (i == idx)
   4048 			freq_array[idx++] = freq;
   4049 	}
   4050 	return idx;
   4051 }
   4052