7 files changed, 474 insertions, 32 deletions

diff --git a/include/net/cfg80211.h b/include/net/cfg80211.h
index 68e11321ed74..24fab439d415 100644
--- a/include/net/cfg80211.h
+++ b/include/net/cfg80211.h
@@ -1209,6 +1209,9 @@ extern void wiphy_unregister(struct wiphy *wiphy);
  */
 extern void wiphy_free(struct wiphy *wiphy);
 
+/* internal struct */
+struct cfg80211_conn;
+
 /**
  * struct wireless_dev - wireless per-netdev state
  *
@@ -1242,9 +1245,10 @@ struct wireless_dev {
         u8 ssid_len;
         enum {
                 CFG80211_SME_IDLE,
-                CFG80211_SME_CONNECTING, /* ->connect called */
+                CFG80211_SME_CONNECTING,
                 CFG80211_SME_CONNECTED,
         } sme_state;
+        struct cfg80211_conn *conn;
 
 #ifdef CONFIG_WIRELESS_EXT
         /* wext data */
diff --git a/net/wireless/core.c b/net/wireless/core.c
index 314e00f70e3b..a0a679704612 100644
--- a/net/wireless/core.c
+++ b/net/wireless/core.c
@@ -321,6 +321,7 @@ struct wiphy *wiphy_new(const struct cfg80211_ops *ops, int sizeof_priv)
         }
 
         INIT_WORK(&drv->rfkill_sync, cfg80211_rfkill_sync_work);
+        INIT_WORK(&drv->conn_work, cfg80211_conn_work);
 
         /*
          * Initialize wiphy parameters to IEEE 802.11 MIB default values.
@@ -481,6 +482,8 @@ void wiphy_unregister(struct wiphy *wiphy)
         /* unlock again before freeing */
         mutex_unlock(&drv->mtx);
 
+        cancel_work_sync(&drv->conn_work);
+
         cfg80211_debugfs_drv_del(drv);
 
         /* If this device got a regulatory hint tell core its
@@ -569,6 +572,10 @@ static int cfg80211_netdev_notifier_call(struct notifier_block * nb,
                         break;
                 }
                 break;
+        case NETDEV_DOWN:
+                kfree(wdev->conn);
+                wdev->conn = NULL;
+                break;
         case NETDEV_UP:
 #ifdef CONFIG_WIRELESS_EXT
                 if (wdev->iftype != NL80211_IFTYPE_ADHOC)
diff --git a/net/wireless/core.h b/net/wireless/core.h
index f93f96f85d2b..2c0f64252f3d 100644
--- a/net/wireless/core.h
+++ b/net/wireless/core.h
@@ -62,6 +62,8 @@ struct cfg80211_registered_device {
         struct genl_info *testmode_info;
 #endif
 
+        struct work_struct conn_work;
+
 #ifdef CONFIG_CFG80211_DEBUGFS
         /* Debugfs entries */
         struct wiphy_debugfsdentries {
@@ -181,8 +183,14 @@ int cfg80211_connect(struct cfg80211_registered_device *rdev,
 int cfg80211_disconnect(struct cfg80211_registered_device *rdev,
                         struct net_device *dev, u16 reason);
 
+void cfg80211_conn_work(struct work_struct *work);
+
 /* internal helpers */
 int cfg80211_validate_key_settings(struct key_params *params, int key_idx,
                                    const u8 *mac_addr);
+void __cfg80211_disconnected(struct net_device *dev, gfp_t gfp, u8 *ie,
+                             size_t ie_len, u16 reason, bool from_ap);
+void cfg80211_sme_scan_done(struct net_device *dev);
+void cfg80211_sme_rx_auth(struct net_device *dev, const u8 *buf, size_t len);
 
 #endif /* __NET_WIRELESS_CORE_H */
diff --git a/net/wireless/mlme.c b/net/wireless/mlme.c
index c4e6d4b84a46..3427fe73d3c3 100644
--- a/net/wireless/mlme.c
+++ b/net/wireless/mlme.c
@@ -16,58 +16,105 @@ void cfg80211_send_rx_auth(struct net_device *dev, const u8 *buf, size_t len, gf
 {
         struct wiphy *wiphy = dev->ieee80211_ptr->wiphy;
         struct cfg80211_registered_device *rdev = wiphy_to_dev(wiphy);
+
         nl80211_send_rx_auth(rdev, dev, buf, len, gfp);
+        cfg80211_sme_rx_auth(dev, buf, len);
 }
 EXPORT_SYMBOL(cfg80211_send_rx_auth);
 
 void cfg80211_send_rx_assoc(struct net_device *dev, const u8 *buf, size_t len, gfp_t gfp)
 {
-        struct wiphy *wiphy = dev->ieee80211_ptr->wiphy;
+        u16 status_code;
+        struct wireless_dev *wdev = dev->ieee80211_ptr;
+        struct wiphy *wiphy = wdev->wiphy;
         struct cfg80211_registered_device *rdev = wiphy_to_dev(wiphy);
+        struct ieee80211_mgmt *mgmt = (struct ieee80211_mgmt *)buf;
+        u8 *ie = mgmt->u.assoc_resp.variable;
+        int ieoffs = offsetof(struct ieee80211_mgmt, u.assoc_resp.variable);
+
+        status_code = le16_to_cpu(mgmt->u.assoc_resp.status_code);
+
         nl80211_send_rx_assoc(rdev, dev, buf, len, gfp);
+
+        cfg80211_connect_result(dev, mgmt->bssid, NULL, 0, ie, len - ieoffs,
+                                status_code, gfp);
 }
 EXPORT_SYMBOL(cfg80211_send_rx_assoc);
 
 void cfg80211_send_deauth(struct net_device *dev, const u8 *buf, size_t len, gfp_t gfp)
 {
-        struct wiphy *wiphy = dev->ieee80211_ptr->wiphy;
+        struct wireless_dev *wdev = dev->ieee80211_ptr;
+        struct wiphy *wiphy = wdev->wiphy;
         struct cfg80211_registered_device *rdev = wiphy_to_dev(wiphy);
+        struct ieee80211_mgmt *mgmt = (struct ieee80211_mgmt *)buf;
+
         nl80211_send_deauth(rdev, dev, buf, len, gfp);
+
+        if (wdev->sme_state == CFG80211_SME_CONNECTED) {
+                u16 reason_code;
+                bool from_ap;
+
+                reason_code = le16_to_cpu(mgmt->u.deauth.reason_code);
+
+                from_ap = memcmp(mgmt->da, dev->dev_addr, ETH_ALEN) == 0;
+                __cfg80211_disconnected(dev, gfp, NULL, 0,
+                                        reason_code, from_ap);
+
+                wdev->sme_state = CFG80211_SME_IDLE;
+        } else if (wdev->sme_state == CFG80211_SME_CONNECTING) {
+                cfg80211_connect_result(dev, mgmt->bssid, NULL, 0, NULL, 0,
+                                        WLAN_STATUS_UNSPECIFIED_FAILURE, gfp);
+        }
 }
 EXPORT_SYMBOL(cfg80211_send_deauth);
 
 void cfg80211_send_disassoc(struct net_device *dev, const u8 *buf, size_t len, gfp_t gfp)
 {
-        struct wiphy *wiphy = dev->ieee80211_ptr->wiphy;
+        struct wireless_dev *wdev = dev->ieee80211_ptr;
+        struct wiphy *wiphy = wdev->wiphy;
         struct cfg80211_registered_device *rdev = wiphy_to_dev(wiphy);
+        struct ieee80211_mgmt *mgmt = (struct ieee80211_mgmt *)buf;
+
         nl80211_send_disassoc(rdev, dev, buf, len, gfp);
-}
-EXPORT_SYMBOL(cfg80211_send_disassoc);
 
-static void cfg80211_wext_disconnected(struct net_device *dev)
-{
-#ifdef CONFIG_WIRELESS_EXT
-        union iwreq_data wrqu;
-        memset(&wrqu, 0, sizeof(wrqu));
-        wireless_send_event(dev, SIOCGIWAP, &wrqu, NULL);
-#endif
+        if (wdev->sme_state == CFG80211_SME_CONNECTED) {
+                u16 reason_code;
+                bool from_ap;
+
+                reason_code = le16_to_cpu(mgmt->u.disassoc.reason_code);
+
+                from_ap = memcmp(mgmt->da, dev->dev_addr, ETH_ALEN) == 0;
+                __cfg80211_disconnected(dev, gfp, NULL, 0,
+                                        reason_code, from_ap);
+
+                wdev->sme_state = CFG80211_SME_IDLE;
+        }
 }
+EXPORT_SYMBOL(cfg80211_send_disassoc);
 
 void cfg80211_send_auth_timeout(struct net_device *dev, const u8 *addr, gfp_t gfp)
 {
-        struct wiphy *wiphy = dev->ieee80211_ptr->wiphy;
+        struct wireless_dev *wdev = dev->ieee80211_ptr;
+        struct wiphy *wiphy = wdev->wiphy;
         struct cfg80211_registered_device *rdev = wiphy_to_dev(wiphy);
         nl80211_send_auth_timeout(rdev, dev, addr, gfp);
-        cfg80211_wext_disconnected(dev);
+        if (wdev->sme_state == CFG80211_SME_CONNECTING)
+                cfg80211_connect_result(dev, addr, NULL, 0, NULL, 0,
+                                        WLAN_STATUS_UNSPECIFIED_FAILURE, gfp);
+        wdev->sme_state = CFG80211_SME_IDLE;
 }
 EXPORT_SYMBOL(cfg80211_send_auth_timeout);
 
 void cfg80211_send_assoc_timeout(struct net_device *dev, const u8 *addr, gfp_t gfp)
 {
-        struct wiphy *wiphy = dev->ieee80211_ptr->wiphy;
+        struct wireless_dev *wdev = dev->ieee80211_ptr;
+        struct wiphy *wiphy = wdev->wiphy;
         struct cfg80211_registered_device *rdev = wiphy_to_dev(wiphy);
         nl80211_send_assoc_timeout(rdev, dev, addr, gfp);
-        cfg80211_wext_disconnected(dev);
+        if (wdev->sme_state == CFG80211_SME_CONNECTING)
+                cfg80211_connect_result(dev, addr, NULL, 0, NULL, 0,
+                                        WLAN_STATUS_UNSPECIFIED_FAILURE, gfp);
+        wdev->sme_state = CFG80211_SME_IDLE;
 }
 EXPORT_SYMBOL(cfg80211_send_assoc_timeout);
 
diff --git a/net/wireless/nl80211.c b/net/wireless/nl80211.c
index 89dd3793e03c..89aa9e781d10 100644
--- a/net/wireless/nl80211.c
+++ b/net/wireless/nl80211.c
@@ -351,12 +351,12 @@ static int nl80211_send_wiphy(struct sk_buff *msg, u32 pid, u32 seq, int flags,
 
 #undef CMD
 
-        if (dev->ops->connect) {
+        if (dev->ops->connect || dev->ops->auth) {
                 i++;
                 NLA_PUT_U32(msg, i, NL80211_CMD_CONNECT);
         }
 
-        if (dev->ops->disconnect) {
+        if (dev->ops->disconnect || dev->ops->deauth) {
                 i++;
                 NLA_PUT_U32(msg, i, NL80211_CMD_DISCONNECT);
         }
diff --git a/net/wireless/scan.c b/net/wireless/scan.c
index 261a06386822..82b33e708488 100644
--- a/net/wireless/scan.c
+++ b/net/wireless/scan.c
@@ -30,6 +30,13 @@ void cfg80211_scan_done(struct cfg80211_scan_request *request, bool aborted)
 
         WARN_ON(request != wiphy_to_dev(request->wiphy)->scan_req);
 
+        /*
+         * This must be before sending the other events!
+         * Otherwise, wpa_supplicant gets completely confused with
+         * wext events.
+         */
+        cfg80211_sme_scan_done(dev);
+
         if (aborted)
                 nl80211_send_scan_aborted(wiphy_to_dev(request->wiphy), dev);
         else
diff --git a/net/wireless/sme.c b/net/wireless/sme.c
index fc117031d0bb..3abb04729873 100644
--- a/net/wireless/sme.c
+++ b/net/wireless/sme.c
@@ -12,6 +12,266 @@
 #include <net/rtnetlink.h>
 #include "nl80211.h"
 
+struct cfg80211_conn {
+        struct cfg80211_connect_params params;
+        /* these are sub-states of the _CONNECTING sme_state */
+        enum {
+                CFG80211_CONN_IDLE,
+                CFG80211_CONN_SCANNING,
+                CFG80211_CONN_SCAN_AGAIN,
+                CFG80211_CONN_AUTHENTICATE_NEXT,
+                CFG80211_CONN_AUTHENTICATING,
+                CFG80211_CONN_ASSOCIATE_NEXT,
+                CFG80211_CONN_ASSOCIATING,
+        } state;
+        u8 bssid[ETH_ALEN];
+        u8 *ie;
+        size_t ie_len;
+        bool auto_auth;
+};
+
+
+static int cfg80211_conn_scan(struct wireless_dev *wdev)
+{
+        struct cfg80211_registered_device *drv = wiphy_to_dev(wdev->wiphy);
+        struct cfg80211_scan_request *request;
+        int n_channels, err;
+
+        ASSERT_RTNL();
+
+        if (drv->scan_req)
+                return -EBUSY;
+
+        if (wdev->conn->params.channel) {
+                n_channels = 1;
+        } else {
+                enum ieee80211_band band;
+                n_channels = 0;
+
+                for (band = 0; band < IEEE80211_NUM_BANDS; band++) {
+                        if (!wdev->wiphy->bands[band])
+                                continue;
+                        n_channels += wdev->wiphy->bands[band]->n_channels;
+                }
+        }
+        request = kzalloc(sizeof(*request) + sizeof(request->ssids[0]) +
+                          sizeof(request->channels[0]) * n_channels,
+                          GFP_KERNEL);
+        if (!request)
+                return -ENOMEM;
+
+        request->channels = (void *)((char *)request + sizeof(*request));
+        if (wdev->conn->params.channel)
+                request->channels[0] = wdev->conn->params.channel;
+        else {
+                int i = 0, j;
+                enum ieee80211_band band;
+
+                for (band = 0; band < IEEE80211_NUM_BANDS; band++) {
+                        if (!wdev->wiphy->bands[band])
+                                continue;
+                        for (j = 0; j < wdev->wiphy->bands[band]->n_channels;
+                             i++, j++)
+                                request->channels[i] =
+                                        &wdev->wiphy->bands[band]->channels[j];
+                }
+        }
+        request->n_channels = n_channels;
+        request->ssids = (void *)(request->channels + n_channels);
+        request->n_ssids = 1;
+
+        memcpy(request->ssids[0].ssid, wdev->conn->params.ssid,
+                wdev->conn->params.ssid_len);
+        request->ssids[0].ssid_len = wdev->conn->params.ssid_len;
+
+        request->ifidx = wdev->netdev->ifindex;
+        request->wiphy = &drv->wiphy;
+
+        drv->scan_req = request;
+
+        err = drv->ops->scan(wdev->wiphy, wdev->netdev, request);
+        if (!err) {
+                wdev->conn->state = CFG80211_CONN_SCANNING;
+                nl80211_send_scan_start(drv, wdev->netdev);
+        } else {
+                drv->scan_req = NULL;
+                kfree(request);
+        }
+        return err;
+}
+
+static int cfg80211_conn_do_work(struct wireless_dev *wdev)
+{
+        struct cfg80211_registered_device *drv = wiphy_to_dev(wdev->wiphy);
+        union {
+                struct cfg80211_auth_request auth_req;
+                struct cfg80211_assoc_request assoc_req;
+        } u;
+
+        memset(&u, 0, sizeof(u));
+
+        if (!wdev->conn)
+                return 0;
+
+        switch (wdev->conn->state) {
+        case CFG80211_CONN_SCAN_AGAIN:
+                return cfg80211_conn_scan(wdev);
+        case CFG80211_CONN_AUTHENTICATE_NEXT:
+                u.auth_req.chan = wdev->conn->params.channel;
+                u.auth_req.peer_addr = wdev->conn->params.bssid;
+                u.auth_req.ssid = wdev->conn->params.ssid;
+                u.auth_req.ssid_len = wdev->conn->params.ssid_len;
+                u.auth_req.auth_type = wdev->conn->params.auth_type;
+                u.auth_req.ie = NULL;
+                u.auth_req.ie_len = 0;
+                wdev->conn->state = CFG80211_CONN_AUTHENTICATING;
+                BUG_ON(!drv->ops->auth);
+                return drv->ops->auth(wdev->wiphy, wdev->netdev, &u.auth_req);
+        case CFG80211_CONN_ASSOCIATE_NEXT:
+                u.assoc_req.chan = wdev->conn->params.channel;
+                u.assoc_req.peer_addr = wdev->conn->params.bssid;
+                u.assoc_req.ssid = wdev->conn->params.ssid;
+                u.assoc_req.ssid_len = wdev->conn->params.ssid_len;
+                u.assoc_req.ie = wdev->conn->params.ie;
+                u.assoc_req.ie_len = wdev->conn->params.ie_len;
+                u.assoc_req.use_mfp = false;
+                memcpy(&u.assoc_req.crypto, &wdev->conn->params.crypto,
+                        sizeof(u.assoc_req.crypto));
+                wdev->conn->state = CFG80211_CONN_ASSOCIATING;
+                BUG_ON(!drv->ops->assoc);
+                return drv->ops->assoc(wdev->wiphy, wdev->netdev,
+                                        &u.assoc_req);
+        default:
+                return 0;
+        }
+}
+
+void cfg80211_conn_work(struct work_struct *work)
+{
+        struct cfg80211_registered_device *drv =
+                container_of(work, struct cfg80211_registered_device, conn_work);
+        struct wireless_dev *wdev;
+
+        rtnl_lock();
+        mutex_lock(&drv->devlist_mtx);
+
+        list_for_each_entry(wdev, &drv->netdev_list, list) {
+                if (!netif_running(wdev->netdev))
+                        continue;
+                if (wdev->sme_state != CFG80211_SME_CONNECTING)
+                        continue;
+                if (cfg80211_conn_do_work(wdev))
+                        cfg80211_connect_result(wdev->netdev,
+                                                wdev->conn->params.bssid,
+                                                NULL, 0, NULL, 0,
+                                                WLAN_STATUS_UNSPECIFIED_FAILURE,
+                                                GFP_ATOMIC);
+        }
+
+        mutex_unlock(&drv->devlist_mtx);
+        rtnl_unlock();
+}
+
+static bool cfg80211_get_conn_bss(struct wireless_dev *wdev)
+{
+        struct cfg80211_registered_device *drv = wiphy_to_dev(wdev->wiphy);
+        struct cfg80211_bss *bss;
+        u16 capa = WLAN_CAPABILITY_ESS;
+
+        if (wdev->conn->params.privacy)
+                capa |= WLAN_CAPABILITY_PRIVACY;
+
+        bss = cfg80211_get_bss(wdev->wiphy, NULL, wdev->conn->params.bssid,
+                               wdev->conn->params.ssid,
+                               wdev->conn->params.ssid_len,
+                               WLAN_CAPABILITY_ESS | WLAN_CAPABILITY_PRIVACY,
+                               capa);
+
+        if (!bss)
+                return false;
+
+        memcpy(wdev->conn->bssid, bss->bssid, ETH_ALEN);
+        wdev->conn->params.bssid = wdev->conn->bssid;
+        wdev->conn->params.channel = bss->channel;
+        wdev->conn->state = CFG80211_CONN_AUTHENTICATE_NEXT;
+        schedule_work(&drv->conn_work);
+
+        cfg80211_put_bss(bss);
+        return true;
+}
+
+void cfg80211_sme_scan_done(struct net_device *dev)
+{
+        struct wireless_dev *wdev = dev->ieee80211_ptr;
+        struct cfg80211_registered_device *drv = wiphy_to_dev(wdev->wiphy);
+
+        if (wdev->sme_state != CFG80211_SME_CONNECTING)
+                return;
+
+        if (WARN_ON(!wdev->conn))
+                return;
+
+        if (wdev->conn->state != CFG80211_CONN_SCANNING &&
+            wdev->conn->state != CFG80211_CONN_SCAN_AGAIN)
+                return;
+
+        if (!cfg80211_get_conn_bss(wdev)) {
+                /* not found */
+                if (wdev->conn->state == CFG80211_CONN_SCAN_AGAIN)
+                        schedule_work(&drv->conn_work);
+                else
+                        cfg80211_connect_result(dev, wdev->conn->params.bssid,
+                                                NULL, 0, NULL, 0,
+                                                WLAN_STATUS_UNSPECIFIED_FAILURE,
+                                                GFP_ATOMIC);
+                return;
+        }
+}
+
+void cfg80211_sme_rx_auth(struct net_device *dev, const u8 *buf, size_t len)
+{
+        struct wireless_dev *wdev = dev->ieee80211_ptr;
+        struct wiphy *wiphy = wdev->wiphy;
+        struct cfg80211_registered_device *rdev = wiphy_to_dev(wiphy);
+        struct ieee80211_mgmt *mgmt = (struct ieee80211_mgmt *)buf;
+        u16 status_code = le16_to_cpu(mgmt->u.auth.status_code);
+
+        /* should only RX auth frames when connecting */
+        if (wdev->sme_state != CFG80211_SME_CONNECTING)
+                return;
+
+        if (WARN_ON(!wdev->conn))
+                return;
+
+        if (status_code == WLAN_STATUS_NOT_SUPPORTED_AUTH_ALG &&
+            wdev->conn->auto_auth &&
+            wdev->conn->params.auth_type != NL80211_AUTHTYPE_NETWORK_EAP) {
+                /* select automatically between only open, shared, leap */
+                switch (wdev->conn->params.auth_type) {
+                case NL80211_AUTHTYPE_OPEN_SYSTEM:
+                        wdev->conn->params.auth_type =
+                                NL80211_AUTHTYPE_SHARED_KEY;
+                        break;
+                case NL80211_AUTHTYPE_SHARED_KEY:
+                        wdev->conn->params.auth_type =
+                                NL80211_AUTHTYPE_NETWORK_EAP;
+                        break;
+                default:
+                        /* huh? */
+                        wdev->conn->params.auth_type =
+                                NL80211_AUTHTYPE_OPEN_SYSTEM;
+                        break;
+                }
+                wdev->conn->state = CFG80211_CONN_AUTHENTICATE_NEXT;
+                schedule_work(&rdev->conn_work);
+        } else if (status_code != WLAN_STATUS_SUCCESS)
+                wdev->sme_state = CFG80211_SME_IDLE;
+        else if (wdev->sme_state == CFG80211_SME_CONNECTING &&
+                 wdev->conn->state == CFG80211_CONN_AUTHENTICATING) {
+                wdev->conn->state = CFG80211_CONN_ASSOCIATE_NEXT;
+                schedule_work(&rdev->conn_work);
+        }
+}
 
 void cfg80211_connect_result(struct net_device *dev, const u8 *bssid,
                              const u8 *req_ie, size_t req_ie_len,
@@ -27,7 +287,7 @@ void cfg80211_connect_result(struct net_device *dev, const u8 *bssid,
         if (WARN_ON(wdev->iftype != NL80211_IFTYPE_STATION))
                 return;
 
-        if (WARN_ON(wdev->sme_state != CFG80211_SME_CONNECTING))
+        if (wdev->sme_state != CFG80211_SME_CONNECTING)
                 return;
 
         if (wdev->current_bss) {
@@ -53,6 +313,9 @@ void cfg80211_connect_result(struct net_device *dev, const u8 *bssid,
                 wdev->sme_state = CFG80211_SME_IDLE;
         }
 
+        if (wdev->conn)
+                wdev->conn->state = CFG80211_CONN_IDLE;
+
         nl80211_send_connect_result(wiphy_to_dev(wdev->wiphy), dev, bssid,
                                     req_ie, req_ie_len, resp_ie, resp_ie_len,
                                     status, gfp);
@@ -72,7 +335,7 @@ void cfg80211_connect_result(struct net_device *dev, const u8 *bssid,
 
         memset(&wrqu, 0, sizeof(wrqu));
         wrqu.ap_addr.sa_family = ARPHRD_ETHER;
-        if (bssid)
+        if (bssid && status == WLAN_STATUS_SUCCESS)
                 memcpy(wrqu.ap_addr.sa_data, bssid, ETH_ALEN);
         wireless_send_event(dev, SIOCGIWAP, &wrqu, NULL);
 #endif
@@ -138,9 +401,8 @@ void cfg80211_roamed(struct net_device *dev, const u8 *bssid,
 }
 EXPORT_SYMBOL(cfg80211_roamed);
 
-static void __cfg80211_disconnected(struct net_device *dev, gfp_t gfp,
-                                    u8 *ie, size_t ie_len, u16 reason,
-                                    bool from_ap)
+void __cfg80211_disconnected(struct net_device *dev, gfp_t gfp, u8 *ie,
+                             size_t ie_len, u16 reason, bool from_ap)
 {
         struct wireless_dev *wdev = dev->ieee80211_ptr;
 #ifdef CONFIG_WIRELESS_EXT
@@ -161,6 +423,11 @@ static void __cfg80211_disconnected(struct net_device *dev, gfp_t gfp,
         wdev->current_bss = NULL;
         wdev->sme_state = CFG80211_SME_IDLE;
 
+        if (wdev->conn) {
+                kfree(wdev->conn->ie);
+                wdev->conn->ie = NULL;
+        }
+
         nl80211_send_disconnected(wiphy_to_dev(wdev->wiphy), dev,
                                   reason, ie, ie_len, from_ap, gfp);
 
@@ -174,7 +441,7 @@ static void __cfg80211_disconnected(struct net_device *dev, gfp_t gfp,
 void cfg80211_disconnected(struct net_device *dev, u16 reason,
                            u8 *ie, size_t ie_len, gfp_t gfp)
 {
-        __cfg80211_disconnected(dev, reason, ie, ie_len, true, gfp);
+        __cfg80211_disconnected(dev, gfp, ie, ie_len, reason, true);
 }
 EXPORT_SYMBOL(cfg80211_disconnected);
 
@@ -189,7 +456,74 @@ int cfg80211_connect(struct cfg80211_registered_device *rdev,
                 return -EALREADY;
 
         if (!rdev->ops->connect) {
-                return -EOPNOTSUPP;
+                if (!rdev->ops->auth || !rdev->ops->assoc)
+                        return -EOPNOTSUPP;
+
+                if (!wdev->conn) {
+                        wdev->conn = kzalloc(sizeof(*wdev->conn), GFP_KERNEL);
+                        if (!wdev->conn)
+                                return -ENOMEM;
+                } else
+                        memset(wdev->conn, 0, sizeof(*wdev->conn));
+
+                /*
+                 * Copy all parameters, and treat explicitly IEs, BSSID, SSID.
+                 */
+                memcpy(&wdev->conn->params, connect, sizeof(*connect));
+                if (connect->bssid) {
+                        wdev->conn->params.bssid = wdev->conn->bssid;
+                        memcpy(wdev->conn->bssid, connect->bssid, ETH_ALEN);
+                }
+
+                if (connect->ie) {
+                        wdev->conn->ie = kmemdup(connect->ie, connect->ie_len,
+                                                GFP_KERNEL);
+                        wdev->conn->params.ie = wdev->conn->ie;
+                        if (!wdev->conn->ie)
+                                return -ENOMEM;
+                }
+
+                if (connect->auth_type == NL80211_AUTHTYPE_AUTOMATIC) {
+                        wdev->conn->auto_auth = true;
+                        /* start with open system ... should mostly work */
+                        wdev->conn->params.auth_type =
+                                NL80211_AUTHTYPE_OPEN_SYSTEM;
+                } else {
+                        wdev->conn->auto_auth = false;
+                }
+
+                memcpy(wdev->ssid, connect->ssid, connect->ssid_len);
+                wdev->ssid_len = connect->ssid_len;
+                wdev->conn->params.ssid = wdev->ssid;
+                wdev->conn->params.ssid_len = connect->ssid_len;
+
+                /* don't care about result -- but fill bssid & channel */
+                if (!wdev->conn->params.bssid || !wdev->conn->params.channel)
+                        cfg80211_get_conn_bss(wdev);
+
+                wdev->sme_state = CFG80211_SME_CONNECTING;
+
+                /* we're good if we have both BSSID and channel */
+                if (wdev->conn->params.bssid && wdev->conn->params.channel) {
+                        wdev->conn->state = CFG80211_CONN_AUTHENTICATE_NEXT;
+                        err = cfg80211_conn_do_work(wdev);
+                } else {
+                        /* otherwise we'll need to scan for the AP first */
+                        err = cfg80211_conn_scan(wdev);
+                        /*
+                         * If we can't scan right now, then we need to scan again
+                         * after the current scan finished, since the parameters
+                         * changed (unless we find a good AP anyway).
+                         */
+                        if (err == -EBUSY) {
+                                err = 0;
+                                wdev->conn->state = CFG80211_CONN_SCAN_AGAIN;
+                        }
+                }
+                if (err)
+                        wdev->sme_state = CFG80211_SME_IDLE;
+
+                return err;
         } else {
                 wdev->sme_state = CFG80211_SME_CONNECTING;
                 err = rdev->ops->connect(&rdev->wiphy, dev, connect);
@@ -197,28 +531,63 @@ int cfg80211_connect(struct cfg80211_registered_device *rdev,
                         wdev->sme_state = CFG80211_SME_IDLE;
                         return err;
                 }
-        }
 
-        memcpy(wdev->ssid, connect->ssid, connect->ssid_len);
-        wdev->ssid_len = connect->ssid_len;
+                memcpy(wdev->ssid, connect->ssid, connect->ssid_len);
+                wdev->ssid_len = connect->ssid_len;
 
-        return 0;
+                return 0;
+        }
 }
 
 int cfg80211_disconnect(struct cfg80211_registered_device *rdev,
                         struct net_device *dev, u16 reason)
 {
+        struct wireless_dev *wdev = dev->ieee80211_ptr;
         int err;
 
+        if (wdev->sme_state == CFG80211_SME_IDLE)
+                return -EINVAL;
+
         if (!rdev->ops->disconnect) {
-                return -EOPNOTSUPP;
+                struct cfg80211_deauth_request deauth;
+                u8 bssid[ETH_ALEN];
+
+                /* internal bug. */
+                if (WARN_ON(!wdev->conn))
+                        return -EINVAL;
+
+                if (wdev->sme_state == CFG80211_SME_CONNECTING &&
+                    (wdev->conn->state == CFG80211_CONN_SCANNING ||
+                     wdev->conn->state == CFG80211_CONN_SCAN_AGAIN)) {
+                        wdev->sme_state = CFG80211_SME_IDLE;
+                        return 0;
+                }
+
+                if (!rdev->ops->deauth)
+                        return -EOPNOTSUPP;
+
+                memset(&deauth, 0, sizeof(deauth));
+
+                /* wdev->conn->params.bssid must be set if > SCANNING */
+                memcpy(bssid, wdev->conn->params.bssid, ETH_ALEN);
+                deauth.peer_addr = bssid;
+                deauth.reason_code = reason;
+
+                err = rdev->ops->deauth(&rdev->wiphy, dev, &deauth);
+                if (err)
+                        return err;
         } else {
                 err = rdev->ops->disconnect(&rdev->wiphy, dev, reason);
                 if (err)
                         return err;
         }
 
-        __cfg80211_disconnected(dev, 0, NULL, 0, false, GFP_KERNEL);
+        if (wdev->sme_state == CFG80211_SME_CONNECTED)
+                __cfg80211_disconnected(dev, GFP_KERNEL, NULL, 0, 0, false);
+        else if (wdev->sme_state == CFG80211_SME_CONNECTING)
+                cfg80211_connect_result(dev, NULL, NULL, 0, NULL, 0,
+                                        WLAN_STATUS_UNSPECIFIED_FAILURE,
+                                        GFP_KERNEL);
 
         return 0;
 }