/** * wpas_dbus_iface_disable_network - Mark a configured network as disabled * @message: Pointer to incoming dbus message * @wpa_s: wpa_supplicant structure for a network interface * @ssid: wpa_ssid structure for a configured network * Returns: A dbus message containing a UINT32 indicating success (1) or * failure (0) * * Handler function for "disable" method call of a configured network. */ DBusMessage * wpas_dbus_iface_disable_network(DBusMessage *message, struct wpa_supplicant *wpa_s, struct wpa_ssid *ssid) { wpa_supplicant_disable_network(wpa_s, ssid); return wpas_dbus_new_success_reply(message); }
void sme_authenticate(struct wpa_supplicant *wpa_s, struct wpa_bss *bss, struct wpa_ssid *ssid) { struct wpa_driver_auth_params params; struct wpa_ssid *old_ssid; #ifdef CONFIG_IEEE80211R const u8 *ie; #endif /* CONFIG_IEEE80211R */ #ifdef CONFIG_IEEE80211R const u8 *md = NULL; #endif /* CONFIG_IEEE80211R */ int i, bssid_changed; #if defined(ANDROID_P2P) && defined(WIFI_EAGLE) int freq = 0; #endif /* ANDROID_P2P && WIFI_EAGLE */ if (bss == NULL) { wpa_msg(wpa_s, MSG_ERROR, "SME: No scan result available for " "the network"); return; } wpa_s->current_bss = bss; os_memset(¶ms, 0, sizeof(params)); wpa_s->reassociate = 0; params.freq = bss->freq; params.bssid = bss->bssid; params.ssid = bss->ssid; params.ssid_len = bss->ssid_len; params.p2p = ssid->p2p_group; if (wpa_s->sme.ssid_len != params.ssid_len || os_memcmp(wpa_s->sme.ssid, params.ssid, params.ssid_len) != 0) wpa_s->sme.prev_bssid_set = 0; wpa_s->sme.freq = params.freq; os_memcpy(wpa_s->sme.ssid, params.ssid, params.ssid_len); wpa_s->sme.ssid_len = params.ssid_len; params.auth_alg = WPA_AUTH_ALG_OPEN; #ifdef IEEE8021X_EAPOL if (ssid->key_mgmt & WPA_KEY_MGMT_IEEE8021X_NO_WPA) { if (ssid->leap) { if (ssid->non_leap == 0) params.auth_alg = WPA_AUTH_ALG_LEAP; else params.auth_alg |= WPA_AUTH_ALG_LEAP; } } #endif /* IEEE8021X_EAPOL */ wpa_dbg(wpa_s, MSG_DEBUG, "Automatic auth_alg selection: 0x%x", params.auth_alg); if (ssid->auth_alg) { params.auth_alg = ssid->auth_alg; wpa_dbg(wpa_s, MSG_DEBUG, "Overriding auth_alg selection: " "0x%x", params.auth_alg); } for (i = 0; i < NUM_WEP_KEYS; i++) { if (ssid->wep_key_len[i]) params.wep_key[i] = ssid->wep_key[i]; params.wep_key_len[i] = ssid->wep_key_len[i]; } params.wep_tx_keyidx = ssid->wep_tx_keyidx; bssid_changed = !is_zero_ether_addr(wpa_s->bssid); os_memset(wpa_s->bssid, 0, ETH_ALEN); os_memcpy(wpa_s->pending_bssid, bss->bssid, ETH_ALEN); if (bssid_changed) wpas_notify_bssid_changed(wpa_s); if ((wpa_bss_get_vendor_ie(bss, WPA_IE_VENDOR_TYPE) || wpa_bss_get_ie(bss, WLAN_EID_RSN)) && wpa_key_mgmt_wpa(ssid->key_mgmt)) { int try_opportunistic; try_opportunistic = ssid->proactive_key_caching && (ssid->proto & WPA_PROTO_RSN); if (pmksa_cache_set_current(wpa_s->wpa, NULL, bss->bssid, wpa_s->current_ssid, try_opportunistic) == 0) eapol_sm_notify_pmkid_attempt(wpa_s->eapol, 1); wpa_s->sme.assoc_req_ie_len = sizeof(wpa_s->sme.assoc_req_ie); if (wpa_supplicant_set_suites(wpa_s, bss, ssid, wpa_s->sme.assoc_req_ie, &wpa_s->sme.assoc_req_ie_len)) { wpa_msg(wpa_s, MSG_WARNING, "SME: Failed to set WPA " "key management and encryption suites"); return; } } else if ((ssid->key_mgmt & WPA_KEY_MGMT_IEEE8021X_NO_WPA) && wpa_key_mgmt_wpa_ieee8021x(ssid->key_mgmt)) { /* * Both WPA and non-WPA IEEE 802.1X enabled in configuration - * use non-WPA since the scan results did not indicate that the * AP is using WPA or WPA2. */ wpa_supplicant_set_non_wpa_policy(wpa_s, ssid); wpa_s->sme.assoc_req_ie_len = 0; } else if (wpa_key_mgmt_wpa_any(ssid->key_mgmt)) { wpa_s->sme.assoc_req_ie_len = sizeof(wpa_s->sme.assoc_req_ie); if (wpa_supplicant_set_suites(wpa_s, NULL, ssid, wpa_s->sme.assoc_req_ie, &wpa_s->sme.assoc_req_ie_len)) { wpa_msg(wpa_s, MSG_WARNING, "SME: Failed to set WPA " "key management and encryption suites (no " "scan results)"); return; } #ifdef CONFIG_WPS } else if (ssid->key_mgmt & WPA_KEY_MGMT_WPS) { struct wpabuf *wps_ie; wps_ie = wps_build_assoc_req_ie(wpas_wps_get_req_type(ssid)); if (wps_ie && wpabuf_len(wps_ie) <= sizeof(wpa_s->sme.assoc_req_ie)) { wpa_s->sme.assoc_req_ie_len = wpabuf_len(wps_ie); os_memcpy(wpa_s->sme.assoc_req_ie, wpabuf_head(wps_ie), wpa_s->sme.assoc_req_ie_len); } else wpa_s->sme.assoc_req_ie_len = 0; wpabuf_free(wps_ie); wpa_supplicant_set_non_wpa_policy(wpa_s, ssid); #endif /* CONFIG_WPS */ } else { wpa_supplicant_set_non_wpa_policy(wpa_s, ssid); wpa_s->sme.assoc_req_ie_len = 0; } #ifdef CONFIG_IEEE80211R ie = wpa_bss_get_ie(bss, WLAN_EID_MOBILITY_DOMAIN); if (ie && ie[1] >= MOBILITY_DOMAIN_ID_LEN) md = ie + 2; wpa_sm_set_ft_params(wpa_s->wpa, ie, ie ? 2 + ie[1] : 0); if (md) { /* Prepare for the next transition */ wpa_ft_prepare_auth_request(wpa_s->wpa, ie); } if (md && wpa_key_mgmt_ft(ssid->key_mgmt)) { if (wpa_s->sme.assoc_req_ie_len + 5 < sizeof(wpa_s->sme.assoc_req_ie)) { struct rsn_mdie *mdie; u8 *pos = wpa_s->sme.assoc_req_ie + wpa_s->sme.assoc_req_ie_len; *pos++ = WLAN_EID_MOBILITY_DOMAIN; *pos++ = sizeof(*mdie); mdie = (struct rsn_mdie *) pos; os_memcpy(mdie->mobility_domain, md, MOBILITY_DOMAIN_ID_LEN); mdie->ft_capab = md[MOBILITY_DOMAIN_ID_LEN]; wpa_s->sme.assoc_req_ie_len += 5; } if (wpa_s->sme.ft_used && os_memcmp(md, wpa_s->sme.mobility_domain, 2) == 0 && wpa_sm_has_ptk(wpa_s->wpa)) { wpa_dbg(wpa_s, MSG_DEBUG, "SME: Trying to use FT " "over-the-air"); params.auth_alg = WPA_AUTH_ALG_FT; params.ie = wpa_s->sme.ft_ies; params.ie_len = wpa_s->sme.ft_ies_len; } } #endif /* CONFIG_IEEE80211R */ #ifdef CONFIG_IEEE80211W wpa_s->sme.mfp = ssid->ieee80211w; if (ssid->ieee80211w != NO_MGMT_FRAME_PROTECTION) { const u8 *rsn = wpa_bss_get_ie(bss, WLAN_EID_RSN); struct wpa_ie_data _ie; if (rsn && wpa_parse_wpa_ie(rsn, 2 + rsn[1], &_ie) == 0 && _ie.capabilities & (WPA_CAPABILITY_MFPC | WPA_CAPABILITY_MFPR)) { wpa_dbg(wpa_s, MSG_DEBUG, "SME: Selected AP supports " "MFP: require MFP"); wpa_s->sme.mfp = MGMT_FRAME_PROTECTION_REQUIRED; } } #endif /* CONFIG_IEEE80211W */ #ifdef CONFIG_P2P if (wpa_s->global->p2p) { u8 *pos; size_t len; int res; pos = wpa_s->sme.assoc_req_ie + wpa_s->sme.assoc_req_ie_len; len = sizeof(wpa_s->sme.assoc_req_ie) - wpa_s->sme.assoc_req_ie_len; res = wpas_p2p_assoc_req_ie(wpa_s, bss, pos, len, ssid->p2p_group); if (res >= 0) wpa_s->sme.assoc_req_ie_len += res; } #endif /* CONFIG_P2P */ #ifdef CONFIG_HS20 if (wpa_s->conf->hs20) { struct wpabuf *hs20; hs20 = wpabuf_alloc(20); if (hs20) { wpas_hs20_add_indication(hs20); os_memcpy(wpa_s->sme.assoc_req_ie + wpa_s->sme.assoc_req_ie_len, wpabuf_head(hs20), wpabuf_len(hs20)); wpa_s->sme.assoc_req_ie_len += wpabuf_len(hs20); wpabuf_free(hs20); } } #endif /* CONFIG_HS20 */ #ifdef CONFIG_INTERWORKING if (wpa_s->conf->interworking) { u8 *pos = wpa_s->sme.assoc_req_ie; if (wpa_s->sme.assoc_req_ie_len > 0 && pos[0] == WLAN_EID_RSN) pos += 2 + pos[1]; os_memmove(pos + 6, pos, wpa_s->sme.assoc_req_ie_len - (pos - wpa_s->sme.assoc_req_ie)); wpa_s->sme.assoc_req_ie_len += 6; *pos++ = WLAN_EID_EXT_CAPAB; *pos++ = 4; *pos++ = 0x00; *pos++ = 0x00; *pos++ = 0x00; *pos++ = 0x80; /* Bit 31 - Interworking */ } #endif /* CONFIG_INTERWORKING */ wpa_supplicant_cancel_sched_scan(wpa_s); wpa_supplicant_cancel_scan(wpa_s); wpa_msg(wpa_s, MSG_INFO, "SME: Trying to authenticate with " MACSTR " (SSID='%s' freq=%d MHz)", MAC2STR(params.bssid), wpa_ssid_txt(params.ssid, params.ssid_len), params.freq); wpa_clear_keys(wpa_s, bss->bssid); wpa_supplicant_set_state(wpa_s, WPA_AUTHENTICATING); old_ssid = wpa_s->current_ssid; wpa_s->current_ssid = ssid; wpa_supplicant_rsn_supp_set_config(wpa_s, wpa_s->current_ssid); wpa_supplicant_initiate_eapol(wpa_s); if (old_ssid != wpa_s->current_ssid) wpas_notify_network_changed(wpa_s); wpa_s->sme.auth_alg = params.auth_alg; #if defined(ANDROID_P2P) && defined(WIFI_EAGLE) /* If multichannel concurrency is not supported, check for any frequency * conflict and take appropriate action. */ wpa_printf(MSG_DEBUG, "%s EAGLE: Priority choose", __func__); if (!(wpa_s->drv_flags & WPA_DRIVER_FLAGS_MULTI_CHANNEL_CONCURRENT) && ((freq = wpa_drv_shared_freq(wpa_s)) > 0) && (freq != params.freq)) { wpa_printf(MSG_DEBUG, "Shared interface with conflicting frequency found (%d != %d)" , freq, params.freq); if (wpas_p2p_handle_frequency_conflicts(wpa_s, params.freq) < 0) { /* Handling conflicts failed. Disable the current connect req and * notify the userspace to take appropriate action */ wpa_printf(MSG_DEBUG, "proiritize is not set. Notifying user space to handle the case"); wpa_supplicant_disable_network(wpa_s, ssid); wpa_msg(wpa_s, MSG_INFO, WPA_EVENT_FREQ_CONFLICT " id=%d", ssid->id); os_memset(wpa_s->pending_bssid, 0, ETH_ALEN); return; } } #endif /* ANDROID_P2P && WIFI_EAGLE */ if (wpa_drv_authenticate(wpa_s, ¶ms) < 0) { wpa_msg(wpa_s, MSG_INFO, "SME: Authentication request to the " "driver failed"); wpas_connection_failed(wpa_s, bss->bssid); wpa_supplicant_mark_disassoc(wpa_s); return; } eloop_register_timeout(SME_AUTH_TIMEOUT, 0, sme_auth_timer, wpa_s, NULL); /* * Association will be started based on the authentication event from * the driver. */ }
status_t WPASupplicantApp::_JoinNetwork(BMessage *message) { const char *interfaceName = NULL; status_t status = message->FindString("device", &interfaceName); if (status != B_OK) return status; // Check if we already registered this interface. wpa_supplicant *interface = wpa_supplicant_get_iface(fWPAGlobal, interfaceName); if (interface == NULL) { wpa_interface interfaceOptions; memset(&interfaceOptions, 0, sizeof(wpa_interface)); interfaceOptions.ifname = interfaceName; interface = wpa_supplicant_add_iface(fWPAGlobal, &interfaceOptions); if (interface == NULL) return B_NO_MEMORY; } else { // Disable everything wpa_supplicant_disable_network(interface, NULL); // Try to remove any existing network while (true) { wpa_ssid *network = wpa_config_get_network(interface->conf, 0); if (network == NULL) break; wpas_notify_network_removed(interface, network); wpa_config_remove_network(interface->conf, network->id); } } const char *networkName = NULL; status = message->FindString("name", &networkName); if (status != B_OK) return status; uint32 authMode = B_NETWORK_AUTHENTICATION_NONE; status = message->FindUInt32("authentication", &authMode); if (status != B_OK) return status; uint32 encapMode = B_NETWORK_EAP_ENCAPSULATION_NONE; if (authMode == B_NETWORK_AUTHENTICATION_EAP) message->FindUInt32("encapsulation", &encapMode); const char *username = NULL; if (encapMode > B_NETWORK_EAP_ENCAPSULATION_NONE) { status = message->FindString("username", &username); if (status != B_OK) return status; } const char *password = NULL; if (authMode > B_NETWORK_AUTHENTICATION_NONE) { status = message->FindString("password", &password); if (status != B_OK) return status; } wpa_ssid *network = wpa_config_add_network(interface->conf); if (network == NULL) return B_NO_MEMORY; wpas_notify_network_added(interface, network); network->disabled = 1; wpa_config_set_network_defaults(network); // Fill in the info from the join request // The format includes the quotes BString value; value = "\""; value += networkName; value += "\""; int result = wpa_config_set(network, "ssid", value.String(), 0); if (result == 0) result = wpa_config_set(network, "scan_ssid", "1", 1); if (authMode >= B_NETWORK_AUTHENTICATION_WPA) { if (result == 0) result = wpa_config_set(network, "proto", "WPA RSN", 2); if (result == 0) { switch (authMode) { case B_NETWORK_AUTHENTICATION_WPA: case B_NETWORK_AUTHENTICATION_WPA2: default: result = wpa_config_set(network, "key_mgmt", "WPA-PSK", 3); break; case B_NETWORK_AUTHENTICATION_EAP: result = wpa_config_set(network, "key_mgmt", "WPA-EAP", 3); break; } } if (result == 0) result = wpa_config_set(network, "pairwise", "CCMP TKIP NONE", 4); if (result == 0) { result = wpa_config_set(network, "group", "CCMP TKIP WEP104 WEP40", 5); } if (result == 0) { if (encapMode > B_NETWORK_EAP_ENCAPSULATION_NONE) { switch (encapMode) { case B_NETWORK_EAP_ENCAPSULATION_PEAP: result = wpa_config_set(network, "eap", "PEAP", 6); break; case B_NETWORK_EAP_ENCAPSULATION_TLS: result = wpa_config_set(network, "eap", "TLS", 6); break; } } } } else { // Open or WEP. if (result == 0) result = wpa_config_set(network, "key_mgmt", "NONE", 6); } if (result == 0) { if (authMode == B_NETWORK_AUTHENTICATION_WEP) { if (strncmp("0x", password, 2) == 0) { // interpret as hex key // TODO: make this non-ambiguous result = wpa_config_set(network, "wep_key0", password + 2, 7); } else { value = "\""; value += password; value += "\""; result = wpa_config_set(network, "wep_key0", value.String(), 8); } if (result == 0) result = wpa_config_set(network, "wep_tx_keyidx", "0", 9); } else if (authMode == B_NETWORK_AUTHENTICATION_EAP) { // EAP value = "\""; value += password; value += "\""; result = wpa_config_set(network, "password", value.String(), 10); if (encapMode > B_NETWORK_EAP_ENCAPSULATION_NONE) { value = "\""; value += username; value += "\""; result = wpa_config_set(network, "identity", value.String(), 11); } // TODO: Does EAP need the same thing? #if 0 if (result == 0) { // We need to actually "apply" the PSK wpa_config_update_psk(network); } #endif } else if (authMode >= B_NETWORK_AUTHENTICATION_WPA) { // WPA/WPA2 value = "\""; value += password; value += "\""; result = wpa_config_set(network, "psk", value.String(), 10); if (result == 0) { // We need to actually "apply" the PSK wpa_config_update_psk(network); } } if (result != 0) { // The key format is invalid, we need to ask for another password. BMessage newJoinRequest = *message; newJoinRequest.RemoveName("password"); newJoinRequest.AddString("error", "Password format invalid"); newJoinRequest.AddBool("forceDialog", true); PostMessage(&newJoinRequest); } } if (result != 0) { wpas_notify_network_removed(interface, network); wpa_config_remove_network(interface->conf, network->id); return B_ERROR; } // Set up watching for the completion event _StartWatchingInterfaceChanges(interface, _InterfaceStateChangeCallback, message); // Now attempt to connect wpa_supplicant_select_network(interface, network); // Use a message runner to return a timeout and stop watching after a while BMessage timeout(kMsgJoinTimeout); timeout.AddPointer("interface", interface); BMessageRunner::StartSending(be_app_messenger, &timeout, 15 * 1000 * 1000, 1); // Note that we don't need to cancel this. If joining works before the // timeout happens, it will take the StateChangeWatchingEntry with it // and the timeout message won't match anything and be discarded. return B_OK; }