/**
* wpas_dbus_iface_disable_network - Mark a configured network as disabled
* @message: Pointer to incoming dbus message
* @wpa_s: wpa_supplicant structure for a network interface
* @ssid: wpa_ssid structure for a configured network
* Returns: A dbus message containing a UINT32 indicating success (1) or
* failure (0)
*
* Handler function for "disable" method call of a configured network.
*/
DBusMessage * wpas_dbus_iface_disable_network(DBusMessage *message,
struct wpa_supplicant *wpa_s,
struct wpa_ssid *ssid)
{
wpa_supplicant_disable_network(wpa_s, ssid);
return wpas_dbus_new_success_reply(message);
}
void sme_authenticate(struct wpa_supplicant *wpa_s,
struct wpa_bss *bss, struct wpa_ssid *ssid)
{
struct wpa_driver_auth_params params;
struct wpa_ssid *old_ssid;
#ifdef CONFIG_IEEE80211R
const u8 *ie;
#endif /* CONFIG_IEEE80211R */
#ifdef CONFIG_IEEE80211R
const u8 *md = NULL;
#endif /* CONFIG_IEEE80211R */
int i, bssid_changed;
#if defined(ANDROID_P2P) && defined(WIFI_EAGLE)
int freq = 0;
#endif /* ANDROID_P2P && WIFI_EAGLE */
if (bss == NULL) {
wpa_msg(wpa_s, MSG_ERROR, "SME: No scan result available for "
"the network");
return;
}
wpa_s->current_bss = bss;
os_memset(¶ms, 0, sizeof(params));
wpa_s->reassociate = 0;
params.freq = bss->freq;
params.bssid = bss->bssid;
params.ssid = bss->ssid;
params.ssid_len = bss->ssid_len;
params.p2p = ssid->p2p_group;
if (wpa_s->sme.ssid_len != params.ssid_len ||
os_memcmp(wpa_s->sme.ssid, params.ssid, params.ssid_len) != 0)
wpa_s->sme.prev_bssid_set = 0;
wpa_s->sme.freq = params.freq;
os_memcpy(wpa_s->sme.ssid, params.ssid, params.ssid_len);
wpa_s->sme.ssid_len = params.ssid_len;
params.auth_alg = WPA_AUTH_ALG_OPEN;
#ifdef IEEE8021X_EAPOL
if (ssid->key_mgmt & WPA_KEY_MGMT_IEEE8021X_NO_WPA) {
if (ssid->leap) {
if (ssid->non_leap == 0)
params.auth_alg = WPA_AUTH_ALG_LEAP;
else
params.auth_alg |= WPA_AUTH_ALG_LEAP;
}
}
#endif /* IEEE8021X_EAPOL */
wpa_dbg(wpa_s, MSG_DEBUG, "Automatic auth_alg selection: 0x%x",
params.auth_alg);
if (ssid->auth_alg) {
params.auth_alg = ssid->auth_alg;
wpa_dbg(wpa_s, MSG_DEBUG, "Overriding auth_alg selection: "
"0x%x", params.auth_alg);
}
for (i = 0; i < NUM_WEP_KEYS; i++) {
if (ssid->wep_key_len[i])
params.wep_key[i] = ssid->wep_key[i];
params.wep_key_len[i] = ssid->wep_key_len[i];
}
params.wep_tx_keyidx = ssid->wep_tx_keyidx;
bssid_changed = !is_zero_ether_addr(wpa_s->bssid);
os_memset(wpa_s->bssid, 0, ETH_ALEN);
os_memcpy(wpa_s->pending_bssid, bss->bssid, ETH_ALEN);
if (bssid_changed)
wpas_notify_bssid_changed(wpa_s);
if ((wpa_bss_get_vendor_ie(bss, WPA_IE_VENDOR_TYPE) ||
wpa_bss_get_ie(bss, WLAN_EID_RSN)) &&
wpa_key_mgmt_wpa(ssid->key_mgmt)) {
int try_opportunistic;
try_opportunistic = ssid->proactive_key_caching &&
(ssid->proto & WPA_PROTO_RSN);
if (pmksa_cache_set_current(wpa_s->wpa, NULL, bss->bssid,
wpa_s->current_ssid,
try_opportunistic) == 0)
eapol_sm_notify_pmkid_attempt(wpa_s->eapol, 1);
wpa_s->sme.assoc_req_ie_len = sizeof(wpa_s->sme.assoc_req_ie);
if (wpa_supplicant_set_suites(wpa_s, bss, ssid,
wpa_s->sme.assoc_req_ie,
&wpa_s->sme.assoc_req_ie_len)) {
wpa_msg(wpa_s, MSG_WARNING, "SME: Failed to set WPA "
"key management and encryption suites");
return;
}
} else if ((ssid->key_mgmt & WPA_KEY_MGMT_IEEE8021X_NO_WPA) &&
wpa_key_mgmt_wpa_ieee8021x(ssid->key_mgmt)) {
/*
* Both WPA and non-WPA IEEE 802.1X enabled in configuration -
* use non-WPA since the scan results did not indicate that the
* AP is using WPA or WPA2.
*/
wpa_supplicant_set_non_wpa_policy(wpa_s, ssid);
wpa_s->sme.assoc_req_ie_len = 0;
} else if (wpa_key_mgmt_wpa_any(ssid->key_mgmt)) {
wpa_s->sme.assoc_req_ie_len = sizeof(wpa_s->sme.assoc_req_ie);
if (wpa_supplicant_set_suites(wpa_s, NULL, ssid,
wpa_s->sme.assoc_req_ie,
&wpa_s->sme.assoc_req_ie_len)) {
wpa_msg(wpa_s, MSG_WARNING, "SME: Failed to set WPA "
"key management and encryption suites (no "
"scan results)");
return;
}
#ifdef CONFIG_WPS
} else if (ssid->key_mgmt & WPA_KEY_MGMT_WPS) {
struct wpabuf *wps_ie;
wps_ie = wps_build_assoc_req_ie(wpas_wps_get_req_type(ssid));
if (wps_ie && wpabuf_len(wps_ie) <=
sizeof(wpa_s->sme.assoc_req_ie)) {
wpa_s->sme.assoc_req_ie_len = wpabuf_len(wps_ie);
os_memcpy(wpa_s->sme.assoc_req_ie, wpabuf_head(wps_ie),
wpa_s->sme.assoc_req_ie_len);
} else
wpa_s->sme.assoc_req_ie_len = 0;
wpabuf_free(wps_ie);
wpa_supplicant_set_non_wpa_policy(wpa_s, ssid);
#endif /* CONFIG_WPS */
} else {
wpa_supplicant_set_non_wpa_policy(wpa_s, ssid);
wpa_s->sme.assoc_req_ie_len = 0;
}
#ifdef CONFIG_IEEE80211R
ie = wpa_bss_get_ie(bss, WLAN_EID_MOBILITY_DOMAIN);
if (ie && ie[1] >= MOBILITY_DOMAIN_ID_LEN)
md = ie + 2;
wpa_sm_set_ft_params(wpa_s->wpa, ie, ie ? 2 + ie[1] : 0);
if (md) {
/* Prepare for the next transition */
wpa_ft_prepare_auth_request(wpa_s->wpa, ie);
}
if (md && wpa_key_mgmt_ft(ssid->key_mgmt)) {
if (wpa_s->sme.assoc_req_ie_len + 5 <
sizeof(wpa_s->sme.assoc_req_ie)) {
struct rsn_mdie *mdie;
u8 *pos = wpa_s->sme.assoc_req_ie +
wpa_s->sme.assoc_req_ie_len;
*pos++ = WLAN_EID_MOBILITY_DOMAIN;
*pos++ = sizeof(*mdie);
mdie = (struct rsn_mdie *) pos;
os_memcpy(mdie->mobility_domain, md,
MOBILITY_DOMAIN_ID_LEN);
mdie->ft_capab = md[MOBILITY_DOMAIN_ID_LEN];
wpa_s->sme.assoc_req_ie_len += 5;
}
if (wpa_s->sme.ft_used &&
os_memcmp(md, wpa_s->sme.mobility_domain, 2) == 0 &&
wpa_sm_has_ptk(wpa_s->wpa)) {
wpa_dbg(wpa_s, MSG_DEBUG, "SME: Trying to use FT "
"over-the-air");
params.auth_alg = WPA_AUTH_ALG_FT;
params.ie = wpa_s->sme.ft_ies;
params.ie_len = wpa_s->sme.ft_ies_len;
}
}
#endif /* CONFIG_IEEE80211R */
#ifdef CONFIG_IEEE80211W
wpa_s->sme.mfp = ssid->ieee80211w;
if (ssid->ieee80211w != NO_MGMT_FRAME_PROTECTION) {
const u8 *rsn = wpa_bss_get_ie(bss, WLAN_EID_RSN);
struct wpa_ie_data _ie;
if (rsn && wpa_parse_wpa_ie(rsn, 2 + rsn[1], &_ie) == 0 &&
_ie.capabilities &
(WPA_CAPABILITY_MFPC | WPA_CAPABILITY_MFPR)) {
wpa_dbg(wpa_s, MSG_DEBUG, "SME: Selected AP supports "
"MFP: require MFP");
wpa_s->sme.mfp = MGMT_FRAME_PROTECTION_REQUIRED;
}
}
#endif /* CONFIG_IEEE80211W */
#ifdef CONFIG_P2P
if (wpa_s->global->p2p) {
u8 *pos;
size_t len;
int res;
pos = wpa_s->sme.assoc_req_ie + wpa_s->sme.assoc_req_ie_len;
len = sizeof(wpa_s->sme.assoc_req_ie) -
wpa_s->sme.assoc_req_ie_len;
res = wpas_p2p_assoc_req_ie(wpa_s, bss, pos, len,
ssid->p2p_group);
if (res >= 0)
wpa_s->sme.assoc_req_ie_len += res;
}
#endif /* CONFIG_P2P */
#ifdef CONFIG_HS20
if (wpa_s->conf->hs20) {
struct wpabuf *hs20;
hs20 = wpabuf_alloc(20);
if (hs20) {
wpas_hs20_add_indication(hs20);
os_memcpy(wpa_s->sme.assoc_req_ie +
wpa_s->sme.assoc_req_ie_len,
wpabuf_head(hs20), wpabuf_len(hs20));
wpa_s->sme.assoc_req_ie_len += wpabuf_len(hs20);
wpabuf_free(hs20);
}
}
#endif /* CONFIG_HS20 */
#ifdef CONFIG_INTERWORKING
if (wpa_s->conf->interworking) {
u8 *pos = wpa_s->sme.assoc_req_ie;
if (wpa_s->sme.assoc_req_ie_len > 0 && pos[0] == WLAN_EID_RSN)
pos += 2 + pos[1];
os_memmove(pos + 6, pos,
wpa_s->sme.assoc_req_ie_len -
(pos - wpa_s->sme.assoc_req_ie));
wpa_s->sme.assoc_req_ie_len += 6;
*pos++ = WLAN_EID_EXT_CAPAB;
*pos++ = 4;
*pos++ = 0x00;
*pos++ = 0x00;
*pos++ = 0x00;
*pos++ = 0x80; /* Bit 31 - Interworking */
}
#endif /* CONFIG_INTERWORKING */
wpa_supplicant_cancel_sched_scan(wpa_s);
wpa_supplicant_cancel_scan(wpa_s);
wpa_msg(wpa_s, MSG_INFO, "SME: Trying to authenticate with " MACSTR
" (SSID='%s' freq=%d MHz)", MAC2STR(params.bssid),
wpa_ssid_txt(params.ssid, params.ssid_len), params.freq);
wpa_clear_keys(wpa_s, bss->bssid);
wpa_supplicant_set_state(wpa_s, WPA_AUTHENTICATING);
old_ssid = wpa_s->current_ssid;
wpa_s->current_ssid = ssid;
wpa_supplicant_rsn_supp_set_config(wpa_s, wpa_s->current_ssid);
wpa_supplicant_initiate_eapol(wpa_s);
if (old_ssid != wpa_s->current_ssid)
wpas_notify_network_changed(wpa_s);
wpa_s->sme.auth_alg = params.auth_alg;
#if defined(ANDROID_P2P) && defined(WIFI_EAGLE)
/* If multichannel concurrency is not supported, check for any frequency
* conflict and take appropriate action.
*/
wpa_printf(MSG_DEBUG, "%s EAGLE: Priority choose", __func__);
if (!(wpa_s->drv_flags & WPA_DRIVER_FLAGS_MULTI_CHANNEL_CONCURRENT) &&
((freq = wpa_drv_shared_freq(wpa_s)) > 0) && (freq != params.freq)) {
wpa_printf(MSG_DEBUG, "Shared interface with conflicting frequency found (%d != %d)"
, freq, params.freq);
if (wpas_p2p_handle_frequency_conflicts(wpa_s, params.freq) < 0) {
/* Handling conflicts failed. Disable the current connect req and
* notify the userspace to take appropriate action */
wpa_printf(MSG_DEBUG, "proiritize is not set. Notifying user space to handle the case");
wpa_supplicant_disable_network(wpa_s, ssid);
wpa_msg(wpa_s, MSG_INFO, WPA_EVENT_FREQ_CONFLICT
" id=%d", ssid->id);
os_memset(wpa_s->pending_bssid, 0, ETH_ALEN);
return;
}
}
#endif /* ANDROID_P2P && WIFI_EAGLE */
if (wpa_drv_authenticate(wpa_s, ¶ms) < 0) {
wpa_msg(wpa_s, MSG_INFO, "SME: Authentication request to the "
"driver failed");
wpas_connection_failed(wpa_s, bss->bssid);
wpa_supplicant_mark_disassoc(wpa_s);
return;
}
eloop_register_timeout(SME_AUTH_TIMEOUT, 0, sme_auth_timer, wpa_s,
NULL);
/*
* Association will be started based on the authentication event from
* the driver.
*/
}
status_t
WPASupplicantApp::_JoinNetwork(BMessage *message)
{
const char *interfaceName = NULL;
status_t status = message->FindString("device", &interfaceName);
if (status != B_OK)
return status;
// Check if we already registered this interface.
wpa_supplicant *interface = wpa_supplicant_get_iface(fWPAGlobal,
interfaceName);
if (interface == NULL) {
wpa_interface interfaceOptions;
memset(&interfaceOptions, 0, sizeof(wpa_interface));
interfaceOptions.ifname = interfaceName;
interface = wpa_supplicant_add_iface(fWPAGlobal, &interfaceOptions);
if (interface == NULL)
return B_NO_MEMORY;
} else {
// Disable everything
wpa_supplicant_disable_network(interface, NULL);
// Try to remove any existing network
while (true) {
wpa_ssid *network = wpa_config_get_network(interface->conf, 0);
if (network == NULL)
break;
wpas_notify_network_removed(interface, network);
wpa_config_remove_network(interface->conf, network->id);
}
}
const char *networkName = NULL;
status = message->FindString("name", &networkName);
if (status != B_OK)
return status;
uint32 authMode = B_NETWORK_AUTHENTICATION_NONE;
status = message->FindUInt32("authentication", &authMode);
if (status != B_OK)
return status;
uint32 encapMode = B_NETWORK_EAP_ENCAPSULATION_NONE;
if (authMode == B_NETWORK_AUTHENTICATION_EAP)
message->FindUInt32("encapsulation", &encapMode);
const char *username = NULL;
if (encapMode > B_NETWORK_EAP_ENCAPSULATION_NONE) {
status = message->FindString("username", &username);
if (status != B_OK)
return status;
}
const char *password = NULL;
if (authMode > B_NETWORK_AUTHENTICATION_NONE) {
status = message->FindString("password", &password);
if (status != B_OK)
return status;
}
wpa_ssid *network = wpa_config_add_network(interface->conf);
if (network == NULL)
return B_NO_MEMORY;
wpas_notify_network_added(interface, network);
network->disabled = 1;
wpa_config_set_network_defaults(network);
// Fill in the info from the join request
// The format includes the quotes
BString value;
value = "\"";
value += networkName;
value += "\"";
int result = wpa_config_set(network, "ssid", value.String(), 0);
if (result == 0)
result = wpa_config_set(network, "scan_ssid", "1", 1);
if (authMode >= B_NETWORK_AUTHENTICATION_WPA) {
if (result == 0)
result = wpa_config_set(network, "proto", "WPA RSN", 2);
if (result == 0) {
switch (authMode) {
case B_NETWORK_AUTHENTICATION_WPA:
case B_NETWORK_AUTHENTICATION_WPA2:
default:
result = wpa_config_set(network, "key_mgmt", "WPA-PSK", 3);
break;
case B_NETWORK_AUTHENTICATION_EAP:
result = wpa_config_set(network, "key_mgmt", "WPA-EAP", 3);
break;
}
}
if (result == 0)
result = wpa_config_set(network, "pairwise", "CCMP TKIP NONE", 4);
if (result == 0) {
result = wpa_config_set(network, "group",
"CCMP TKIP WEP104 WEP40", 5);
}
if (result == 0) {
if (encapMode > B_NETWORK_EAP_ENCAPSULATION_NONE) {
switch (encapMode) {
case B_NETWORK_EAP_ENCAPSULATION_PEAP:
result = wpa_config_set(network, "eap", "PEAP", 6);
break;
case B_NETWORK_EAP_ENCAPSULATION_TLS:
result = wpa_config_set(network, "eap", "TLS", 6);
break;
}
}
}
} else {
// Open or WEP.
if (result == 0)
result = wpa_config_set(network, "key_mgmt", "NONE", 6);
}
if (result == 0) {
if (authMode == B_NETWORK_AUTHENTICATION_WEP) {
if (strncmp("0x", password, 2) == 0) {
// interpret as hex key
// TODO: make this non-ambiguous
result = wpa_config_set(network, "wep_key0", password + 2, 7);
} else {
value = "\"";
value += password;
value += "\"";
result = wpa_config_set(network, "wep_key0", value.String(), 8);
}
if (result == 0)
result = wpa_config_set(network, "wep_tx_keyidx", "0", 9);
} else if (authMode == B_NETWORK_AUTHENTICATION_EAP) {
// EAP
value = "\"";
value += password;
value += "\"";
result = wpa_config_set(network, "password", value.String(), 10);
if (encapMode > B_NETWORK_EAP_ENCAPSULATION_NONE) {
value = "\"";
value += username;
value += "\"";
result = wpa_config_set(network, "identity",
value.String(), 11);
}
// TODO: Does EAP need the same thing?
#if 0
if (result == 0) {
// We need to actually "apply" the PSK
wpa_config_update_psk(network);
}
#endif
} else if (authMode >= B_NETWORK_AUTHENTICATION_WPA) {
// WPA/WPA2
value = "\"";
value += password;
value += "\"";
result = wpa_config_set(network, "psk", value.String(), 10);
if (result == 0) {
// We need to actually "apply" the PSK
wpa_config_update_psk(network);
}
}
if (result != 0) {
// The key format is invalid, we need to ask for another password.
BMessage newJoinRequest = *message;
newJoinRequest.RemoveName("password");
newJoinRequest.AddString("error", "Password format invalid");
newJoinRequest.AddBool("forceDialog", true);
PostMessage(&newJoinRequest);
}
}
if (result != 0) {
wpas_notify_network_removed(interface, network);
wpa_config_remove_network(interface->conf, network->id);
return B_ERROR;
}
// Set up watching for the completion event
_StartWatchingInterfaceChanges(interface, _InterfaceStateChangeCallback,
message);
// Now attempt to connect
wpa_supplicant_select_network(interface, network);
// Use a message runner to return a timeout and stop watching after a while
BMessage timeout(kMsgJoinTimeout);
timeout.AddPointer("interface", interface);
BMessageRunner::StartSending(be_app_messenger, &timeout,
15 * 1000 * 1000, 1);
// Note that we don't need to cancel this. If joining works before the
// timeout happens, it will take the StateChangeWatchingEntry with it
// and the timeout message won't match anything and be discarded.
return B_OK;
}
