1 /*
2 * WPA Supplicant / UNIX domain socket -based control interface
3 * Copyright (c) 2004-2020, Jouni Malinen <j@w1.fi>
4 *
5 * This software may be distributed under the terms of the BSD license.
6 * See README for more details.
7 */
8
9 #include "includes.h"
10 #include <sys/un.h>
11 #include <sys/stat.h>
12 #include <grp.h>
13 #include <stddef.h>
14 #include <unistd.h>
15 #include <fcntl.h>
16 #ifdef __linux__
17 #include <sys/ioctl.h>
18 #endif /* __linux__ */
19 #ifdef ANDROID
20 #include <cutils/sockets.h>
21 #endif /* ANDROID */
22
23 #include "utils/common.h"
24 #include "utils/eloop.h"
25 #include "utils/list.h"
26 #include "common/ctrl_iface_common.h"
27 #include "eapol_supp/eapol_supp_sm.h"
28 #include "config.h"
29 #include "wpa_supplicant_i.h"
30 #include "ctrl_iface.h"
31
32 /* Per-interface ctrl_iface */
33
34 struct ctrl_iface_priv {
35 struct wpa_supplicant *wpa_s;
36 int sock;
37 struct dl_list ctrl_dst;
38 int android_control_socket;
39 struct dl_list msg_queue;
40 unsigned int throttle_count;
41 };
42
43
44 struct ctrl_iface_global_priv {
45 struct wpa_global *global;
46 int sock;
47 struct dl_list ctrl_dst;
48 int android_control_socket;
49 struct dl_list msg_queue;
50 unsigned int throttle_count;
51 };
52
53 struct ctrl_iface_msg {
54 struct dl_list list;
55 struct wpa_supplicant *wpa_s;
56 int level;
57 enum wpa_msg_type type;
58 const char *txt;
59 size_t len;
60 };
61
62
63 static void wpa_supplicant_ctrl_iface_send(struct wpa_supplicant *wpa_s,
64 const char *ifname, int sock,
65 struct dl_list *ctrl_dst,
66 int level, const char *buf,
67 size_t len,
68 struct ctrl_iface_priv *priv,
69 struct ctrl_iface_global_priv *gp);
70 static int wpas_ctrl_iface_reinit(struct wpa_supplicant *wpa_s,
71 struct ctrl_iface_priv *priv);
72 static int wpas_ctrl_iface_global_reinit(struct wpa_global *global,
73 struct ctrl_iface_global_priv *priv);
74
75
wpas_ctrl_sock_debug(const char * title,int sock,const char * buf,size_t len)76 static void wpas_ctrl_sock_debug(const char *title, int sock, const char *buf,
77 size_t len)
78 {
79 #ifdef __linux__
80 socklen_t optlen;
81 int sndbuf, outq;
82 int level = MSG_MSGDUMP;
83
84 if (len >= 5 && os_strncmp(buf, "PONG\n", 5) == 0)
85 level = MSG_EXCESSIVE;
86
87 optlen = sizeof(sndbuf);
88 sndbuf = 0;
89 if (getsockopt(sock, SOL_SOCKET, SO_SNDBUF, &sndbuf, &optlen) < 0)
90 sndbuf = -1;
91
92 if (ioctl(sock, TIOCOUTQ, &outq) < 0)
93 outq = -1;
94
95 wpa_printf(level,
96 "CTRL-DEBUG: %s: sock=%d sndbuf=%d outq=%d send_len=%d",
97 title, sock, sndbuf, outq, (int) len);
98 #endif /* __linux__ */
99 }
100
101
wpa_supplicant_ctrl_iface_attach(struct dl_list * ctrl_dst,struct sockaddr_storage * from,socklen_t fromlen,int global)102 static int wpa_supplicant_ctrl_iface_attach(struct dl_list *ctrl_dst,
103 struct sockaddr_storage *from,
104 socklen_t fromlen, int global)
105 {
106 return ctrl_iface_attach(ctrl_dst, from, fromlen, NULL);
107 }
108
109
wpa_supplicant_ctrl_iface_detach(struct dl_list * ctrl_dst,struct sockaddr_storage * from,socklen_t fromlen)110 static int wpa_supplicant_ctrl_iface_detach(struct dl_list *ctrl_dst,
111 struct sockaddr_storage *from,
112 socklen_t fromlen)
113 {
114 return ctrl_iface_detach(ctrl_dst, from, fromlen);
115 }
116
117
wpa_supplicant_ctrl_iface_level(struct ctrl_iface_priv * priv,struct sockaddr_storage * from,socklen_t fromlen,char * level)118 static int wpa_supplicant_ctrl_iface_level(struct ctrl_iface_priv *priv,
119 struct sockaddr_storage *from,
120 socklen_t fromlen,
121 char *level)
122 {
123 wpa_printf(MSG_DEBUG, "CTRL_IFACE LEVEL %s", level);
124
125 return ctrl_iface_level(&priv->ctrl_dst, from, fromlen, level);
126 }
127
128
wpa_supplicant_ctrl_iface_receive(int sock,void * eloop_ctx,void * sock_ctx)129 static void wpa_supplicant_ctrl_iface_receive(int sock, void *eloop_ctx,
130 void *sock_ctx)
131 {
132 struct wpa_supplicant *wpa_s = eloop_ctx;
133 struct ctrl_iface_priv *priv = sock_ctx;
134 char *buf;
135 int res;
136 struct sockaddr_storage from;
137 socklen_t fromlen = sizeof(from);
138 char *reply = NULL, *reply_buf = NULL;
139 size_t reply_len = 0;
140 int new_attached = 0;
141
142 buf = os_malloc(CTRL_IFACE_MAX_LEN + 1);
143 if (!buf)
144 return;
145 res = recvfrom(sock, buf, CTRL_IFACE_MAX_LEN + 1, 0,
146 (struct sockaddr *) &from, &fromlen);
147 if (res < 0) {
148 wpa_printf(MSG_ERROR, "recvfrom(ctrl_iface): %s",
149 strerror(errno));
150 os_free(buf);
151 return;
152 }
153 if ((size_t) res > CTRL_IFACE_MAX_LEN) {
154 wpa_printf(MSG_ERROR, "recvform(ctrl_iface): input truncated");
155 os_free(buf);
156 return;
157 }
158 buf[res] = '\0';
159
160 if (os_strcmp(buf, "ATTACH") == 0) {
161 if (wpa_supplicant_ctrl_iface_attach(&priv->ctrl_dst, &from,
162 fromlen, 0))
163 reply_len = 1;
164 else {
165 new_attached = 1;
166 reply_len = 2;
167 }
168 } else if (os_strcmp(buf, "DETACH") == 0) {
169 if (wpa_supplicant_ctrl_iface_detach(&priv->ctrl_dst, &from,
170 fromlen))
171 reply_len = 1;
172 else
173 reply_len = 2;
174 } else if (os_strncmp(buf, "LEVEL ", 6) == 0) {
175 if (wpa_supplicant_ctrl_iface_level(priv, &from, fromlen,
176 buf + 6))
177 reply_len = 1;
178 else
179 reply_len = 2;
180 } else {
181 sockaddr_print(wpas_ctrl_cmd_debug_level(buf),
182 "Control interface recv command from:",
183 &from, fromlen);
184 reply_buf = wpa_supplicant_ctrl_iface_process(wpa_s, buf,
185 &reply_len);
186 reply = reply_buf;
187
188 /*
189 * There could be some password/key material in the command, so
190 * clear the buffer explicitly now that it is not needed
191 * anymore.
192 */
193 os_memset(buf, 0, res);
194 }
195
196 if (!reply && reply_len == 1) {
197 reply = "FAIL\n";
198 reply_len = 5;
199 } else if (!reply && reply_len == 2) {
200 reply = "OK\n";
201 reply_len = 3;
202 }
203
204 if (reply) {
205 wpas_ctrl_sock_debug("ctrl_sock-sendto", sock, reply,
206 reply_len);
207 if (sendto(sock, reply, reply_len, 0, (struct sockaddr *) &from,
208 fromlen) < 0) {
209 int _errno = errno;
210 wpa_dbg(wpa_s, MSG_DEBUG,
211 "ctrl_iface sendto failed: %d - %s",
212 _errno, strerror(_errno));
213 if (_errno == ENOBUFS || _errno == EAGAIN) {
214 /*
215 * The socket send buffer could be full. This
216 * may happen if client programs are not
217 * receiving their pending messages. Close and
218 * reopen the socket as a workaround to avoid
219 * getting stuck being unable to send any new
220 * responses.
221 */
222 sock = wpas_ctrl_iface_reinit(wpa_s, priv);
223 if (sock < 0) {
224 wpa_dbg(wpa_s, MSG_DEBUG, "Failed to reinitialize ctrl_iface socket");
225 }
226 }
227 if (new_attached) {
228 wpa_dbg(wpa_s, MSG_DEBUG, "Failed to send response to ATTACH - detaching");
229 new_attached = 0;
230 wpa_supplicant_ctrl_iface_detach(
231 &priv->ctrl_dst, &from, fromlen);
232 }
233 }
234 }
235 os_free(reply_buf);
236 os_free(buf);
237
238 if (new_attached)
239 eapol_sm_notify_ctrl_attached(wpa_s->eapol);
240 }
241
242
wpa_supplicant_ctrl_iface_path(struct wpa_supplicant * wpa_s)243 static char * wpa_supplicant_ctrl_iface_path(struct wpa_supplicant *wpa_s)
244 {
245 char *buf;
246 size_t len;
247 char *pbuf, *dir = NULL;
248 int res;
249
250 if (wpa_s->conf->ctrl_interface == NULL)
251 return NULL;
252
253 pbuf = os_strdup(wpa_s->conf->ctrl_interface);
254 if (pbuf == NULL)
255 return NULL;
256 if (os_strncmp(pbuf, "DIR=", 4) == 0) {
257 char *gid_str;
258 dir = pbuf + 4;
259 gid_str = os_strstr(dir, " GROUP=");
260 if (gid_str)
261 *gid_str = '\0';
262 } else
263 dir = pbuf;
264
265 len = os_strlen(dir) + os_strlen(wpa_s->ifname) + 2;
266 buf = os_malloc(len);
267 if (buf == NULL) {
268 os_free(pbuf);
269 return NULL;
270 }
271
272 res = os_snprintf(buf, len, "%s/%s", dir, wpa_s->ifname);
273 if (os_snprintf_error(len, res)) {
274 os_free(pbuf);
275 os_free(buf);
276 return NULL;
277 }
278 #ifdef __CYGWIN__
279 {
280 /* Windows/WinPcap uses interface names that are not suitable
281 * as a file name - convert invalid chars to underscores */
282 char *pos = buf;
283 while (*pos) {
284 if (*pos == '\\')
285 *pos = '_';
286 pos++;
287 }
288 }
289 #endif /* __CYGWIN__ */
290 os_free(pbuf);
291 return buf;
292 }
293
294
wpas_ctrl_iface_throttle(int sock)295 static int wpas_ctrl_iface_throttle(int sock)
296 {
297 #ifdef __linux__
298 socklen_t optlen;
299 int sndbuf, outq;
300
301 optlen = sizeof(sndbuf);
302 sndbuf = 0;
303 if (getsockopt(sock, SOL_SOCKET, SO_SNDBUF, &sndbuf, &optlen) < 0 ||
304 ioctl(sock, TIOCOUTQ, &outq) < 0 ||
305 sndbuf <= 0 || outq < 0)
306 return 0;
307 return outq > sndbuf / 2;
308 #else /* __linux__ */
309 return 0;
310 #endif /* __linux__ */
311 }
312
313
wpas_ctrl_msg_send_pending_global(struct wpa_global * global)314 static void wpas_ctrl_msg_send_pending_global(struct wpa_global *global)
315 {
316 struct ctrl_iface_global_priv *gpriv;
317 struct ctrl_iface_msg *msg;
318
319 gpriv = global->ctrl_iface;
320 while (gpriv && !dl_list_empty(&gpriv->msg_queue) &&
321 !wpas_ctrl_iface_throttle(gpriv->sock)) {
322 msg = dl_list_first(&gpriv->msg_queue, struct ctrl_iface_msg,
323 list);
324 if (!msg)
325 break;
326 dl_list_del(&msg->list);
327 wpa_supplicant_ctrl_iface_send(
328 msg->wpa_s,
329 msg->type != WPA_MSG_PER_INTERFACE ?
330 NULL : msg->wpa_s->ifname,
331 gpriv->sock, &gpriv->ctrl_dst, msg->level,
332 msg->txt, msg->len, NULL, gpriv);
333 os_free(msg);
334 }
335 }
336
337
wpas_ctrl_msg_send_pending_iface(struct wpa_supplicant * wpa_s)338 static void wpas_ctrl_msg_send_pending_iface(struct wpa_supplicant *wpa_s)
339 {
340 struct ctrl_iface_priv *priv;
341 struct ctrl_iface_msg *msg;
342
343 priv = wpa_s->ctrl_iface;
344 while (priv && !dl_list_empty(&priv->msg_queue) &&
345 !wpas_ctrl_iface_throttle(priv->sock)) {
346 msg = dl_list_first(&priv->msg_queue, struct ctrl_iface_msg,
347 list);
348 if (!msg)
349 break;
350 dl_list_del(&msg->list);
351 wpa_supplicant_ctrl_iface_send(wpa_s, NULL, priv->sock,
352 &priv->ctrl_dst, msg->level,
353 msg->txt, msg->len, priv, NULL);
354 os_free(msg);
355 }
356 }
357
358
wpas_ctrl_msg_queue_timeout(void * eloop_ctx,void * timeout_ctx)359 static void wpas_ctrl_msg_queue_timeout(void *eloop_ctx, void *timeout_ctx)
360 {
361 struct wpa_supplicant *wpa_s = eloop_ctx;
362 struct ctrl_iface_priv *priv;
363 struct ctrl_iface_global_priv *gpriv;
364 int sock = -1, gsock = -1;
365
366 wpas_ctrl_msg_send_pending_global(wpa_s->global);
367 wpas_ctrl_msg_send_pending_iface(wpa_s);
368
369 priv = wpa_s->ctrl_iface;
370 if (priv && !dl_list_empty(&priv->msg_queue))
371 sock = priv->sock;
372
373 gpriv = wpa_s->global->ctrl_iface;
374 if (gpriv && !dl_list_empty(&gpriv->msg_queue))
375 gsock = gpriv->sock;
376
377 if (sock > -1 || gsock > -1) {
378 /* Continue pending message transmission from a timeout */
379 wpa_printf(MSG_MSGDUMP,
380 "CTRL: Had to throttle pending event message transmission for (sock %d gsock %d)",
381 sock, gsock);
382 eloop_register_timeout(0, 20000, wpas_ctrl_msg_queue_timeout,
383 wpa_s, NULL);
384 }
385 }
386
387
wpas_ctrl_msg_queue(struct dl_list * queue,struct wpa_supplicant * wpa_s,int level,enum wpa_msg_type type,const char * txt,size_t len)388 static void wpas_ctrl_msg_queue(struct dl_list *queue,
389 struct wpa_supplicant *wpa_s, int level,
390 enum wpa_msg_type type,
391 const char *txt, size_t len)
392 {
393 struct ctrl_iface_msg *msg;
394
395 msg = os_zalloc(sizeof(*msg) + len);
396 if (!msg)
397 return;
398
399 msg->wpa_s = wpa_s;
400 msg->level = level;
401 msg->type = type;
402 os_memcpy(msg + 1, txt, len);
403 msg->txt = (const char *) (msg + 1);
404 msg->len = len;
405 dl_list_add_tail(queue, &msg->list);
406 eloop_cancel_timeout(wpas_ctrl_msg_queue_timeout, wpa_s, NULL);
407 eloop_register_timeout(0, 0, wpas_ctrl_msg_queue_timeout, wpa_s, NULL);
408 }
409
410
wpas_ctrl_msg_queue_limit(unsigned int throttle_count,struct dl_list * queue)411 static void wpas_ctrl_msg_queue_limit(unsigned int throttle_count,
412 struct dl_list *queue)
413 {
414 struct ctrl_iface_msg *msg;
415
416 if (throttle_count < 2000)
417 return;
418
419 msg = dl_list_first(queue, struct ctrl_iface_msg, list);
420 if (msg) {
421 wpa_printf(MSG_DEBUG, "CTRL: Dropped oldest pending message");
422 dl_list_del(&msg->list);
423 os_free(msg);
424 }
425 }
426
427
wpa_supplicant_ctrl_iface_msg_cb(void * ctx,int level,enum wpa_msg_type type,const char * txt,size_t len)428 static void wpa_supplicant_ctrl_iface_msg_cb(void *ctx, int level,
429 enum wpa_msg_type type,
430 const char *txt, size_t len)
431 {
432 struct wpa_supplicant *wpa_s = ctx;
433 struct ctrl_iface_priv *priv;
434 struct ctrl_iface_global_priv *gpriv;
435
436 if (wpa_s == NULL)
437 return;
438
439 gpriv = wpa_s->global->ctrl_iface;
440
441 if (type != WPA_MSG_NO_GLOBAL && gpriv &&
442 !dl_list_empty(&gpriv->ctrl_dst)) {
443 if (!dl_list_empty(&gpriv->msg_queue) ||
444 wpas_ctrl_iface_throttle(gpriv->sock)) {
445 if (gpriv->throttle_count == 0) {
446 wpa_printf(MSG_MSGDUMP,
447 "CTRL: Had to throttle global event message for sock %d",
448 gpriv->sock);
449 }
450 gpriv->throttle_count++;
451 wpas_ctrl_msg_queue_limit(gpriv->throttle_count,
452 &gpriv->msg_queue);
453 wpas_ctrl_msg_queue(&gpriv->msg_queue, wpa_s, level,
454 type, txt, len);
455 } else {
456 if (gpriv->throttle_count) {
457 wpa_printf(MSG_MSGDUMP,
458 "CTRL: Had to throttle %u global event message(s) for sock %d",
459 gpriv->throttle_count, gpriv->sock);
460 }
461 gpriv->throttle_count = 0;
462 wpa_supplicant_ctrl_iface_send(
463 wpa_s,
464 type != WPA_MSG_PER_INTERFACE ?
465 NULL : wpa_s->ifname,
466 gpriv->sock, &gpriv->ctrl_dst, level,
467 txt, len, NULL, gpriv);
468 }
469 }
470
471 priv = wpa_s->ctrl_iface;
472
473 if (type != WPA_MSG_ONLY_GLOBAL && priv) {
474 if (!dl_list_empty(&priv->msg_queue) ||
475 wpas_ctrl_iface_throttle(priv->sock)) {
476 if (priv->throttle_count == 0) {
477 wpa_printf(MSG_MSGDUMP,
478 "CTRL: Had to throttle event message for sock %d",
479 priv->sock);
480 }
481 priv->throttle_count++;
482 wpas_ctrl_msg_queue_limit(priv->throttle_count,
483 &priv->msg_queue);
484 wpas_ctrl_msg_queue(&priv->msg_queue, wpa_s, level,
485 type, txt, len);
486 } else {
487 if (priv->throttle_count) {
488 wpa_printf(MSG_MSGDUMP,
489 "CTRL: Had to throttle %u event message(s) for sock %d",
490 priv->throttle_count, priv->sock);
491 }
492 priv->throttle_count = 0;
493 wpa_supplicant_ctrl_iface_send(wpa_s, NULL, priv->sock,
494 &priv->ctrl_dst, level,
495 txt, len, priv, NULL);
496 }
497 }
498 }
499
500
wpas_ctrl_iface_open_sock(struct wpa_supplicant * wpa_s,struct ctrl_iface_priv * priv)501 static int wpas_ctrl_iface_open_sock(struct wpa_supplicant *wpa_s,
502 struct ctrl_iface_priv *priv)
503 {
504 struct sockaddr_un addr;
505 char *fname = NULL;
506 gid_t gid = 0;
507 int gid_set = 0;
508 char *buf, *dir = NULL, *gid_str = NULL;
509 struct group *grp;
510 char *endp;
511 int flags;
512 #if defined(__FreeBSD__)
513 int optval, rc;
514 socklen_t optlen;
515 #endif
516
517 buf = os_strdup(wpa_s->conf->ctrl_interface);
518 if (buf == NULL)
519 goto fail;
520 #ifdef ANDROID
521 os_snprintf(addr.sun_path, sizeof(addr.sun_path), "wpa_%s",
522 wpa_s->conf->ctrl_interface);
523 priv->sock = android_get_control_socket(addr.sun_path);
524 if (priv->sock >= 0) {
525 priv->android_control_socket = 1;
526 goto havesock;
527 }
528 #endif /* ANDROID */
529 if (os_strncmp(buf, "DIR=", 4) == 0) {
530 dir = buf + 4;
531 gid_str = os_strstr(dir, " GROUP=");
532 if (gid_str) {
533 *gid_str = '\0';
534 gid_str += 7;
535 }
536 } else {
537 dir = buf;
538 gid_str = wpa_s->conf->ctrl_interface_group;
539 }
540
541 if (mkdir(dir, S_IRWXU | S_IRWXG) < 0) {
542 if (errno == EEXIST) {
543 wpa_printf(MSG_DEBUG, "Using existing control "
544 "interface directory.");
545 } else {
546 wpa_printf(MSG_ERROR, "mkdir[ctrl_interface=%s]: %s",
547 dir, strerror(errno));
548 goto fail;
549 }
550 }
551
552 #ifdef ANDROID
553 /*
554 * wpa_supplicant is started from /init.*.rc on Android and that seems
555 * to be using umask 0077 which would leave the control interface
556 * directory without group access. This breaks things since Wi-Fi
557 * framework assumes that this directory can be accessed by other
558 * applications in the wifi group. Fix this by adding group access even
559 * if umask value would prevent this.
560 */
561 if (chmod(dir, S_IRWXU | S_IRWXG) < 0) {
562 wpa_printf(MSG_ERROR, "CTRL: Could not chmod directory: %s",
563 strerror(errno));
564 /* Try to continue anyway */
565 }
566 #endif /* ANDROID */
567
568 if (gid_str) {
569 grp = getgrnam(gid_str);
570 if (grp) {
571 gid = grp->gr_gid;
572 gid_set = 1;
573 wpa_printf(MSG_DEBUG, "ctrl_interface_group=%d"
574 " (from group name '%s')",
575 (int) gid, gid_str);
576 } else {
577 /* Group name not found - try to parse this as gid */
578 gid = strtol(gid_str, &endp, 10);
579 if (*gid_str == '\0' || *endp != '\0') {
580 wpa_printf(MSG_ERROR, "CTRL: Invalid group "
581 "'%s'", gid_str);
582 goto fail;
583 }
584 gid_set = 1;
585 wpa_printf(MSG_DEBUG, "ctrl_interface_group=%d",
586 (int) gid);
587 }
588 }
589
590 if (gid_set && lchown(dir, -1, gid) < 0) {
591 wpa_printf(MSG_ERROR, "lchown[ctrl_interface=%s,gid=%d]: %s",
592 dir, (int) gid, strerror(errno));
593 goto fail;
594 }
595
596 /* Make sure the group can enter and read the directory */
597 if (gid_set &&
598 chmod(dir, S_IRUSR | S_IWUSR | S_IXUSR | S_IRGRP | S_IXGRP) < 0) {
599 wpa_printf(MSG_ERROR, "CTRL: chmod[ctrl_interface]: %s",
600 strerror(errno));
601 goto fail;
602 }
603
604 if (os_strlen(dir) + 1 + os_strlen(wpa_s->ifname) >=
605 sizeof(addr.sun_path)) {
606 wpa_printf(MSG_ERROR, "ctrl_iface path limit exceeded");
607 goto fail;
608 }
609
610 priv->sock = socket(PF_UNIX, SOCK_DGRAM, 0);
611 if (priv->sock < 0) {
612 wpa_printf(MSG_ERROR, "socket(PF_UNIX): %s", strerror(errno));
613 goto fail;
614 }
615
616 os_memset(&addr, 0, sizeof(addr));
617 #if defined(__FreeBSD__) || defined(__FreeBSD_kernel__)
618 addr.sun_len = sizeof(addr);
619 #endif /* __FreeBSD__ */
620 addr.sun_family = AF_UNIX;
621 fname = wpa_supplicant_ctrl_iface_path(wpa_s);
622 if (fname == NULL)
623 goto fail;
624 os_strlcpy(addr.sun_path, fname, sizeof(addr.sun_path));
625 if (bind(priv->sock, (struct sockaddr *) &addr, sizeof(addr)) < 0) {
626 wpa_printf(MSG_DEBUG, "ctrl_iface bind(PF_UNIX) failed: %s",
627 strerror(errno));
628 if (connect(priv->sock, (struct sockaddr *) &addr,
629 sizeof(addr)) < 0) {
630 wpa_printf(MSG_DEBUG, "ctrl_iface exists, but does not"
631 " allow connections - assuming it was left"
632 "over from forced program termination");
633 if (unlink(fname) < 0) {
634 wpa_printf(MSG_ERROR,
635 "Could not unlink existing ctrl_iface socket '%s': %s",
636 fname, strerror(errno));
637 goto fail;
638 }
639 if (bind(priv->sock, (struct sockaddr *) &addr,
640 sizeof(addr)) < 0) {
641 wpa_printf(MSG_ERROR, "supp-ctrl-iface-init: bind(PF_UNIX): %s",
642 strerror(errno));
643 goto fail;
644 }
645 wpa_printf(MSG_DEBUG, "Successfully replaced leftover "
646 "ctrl_iface socket '%s'", fname);
647 } else {
648 wpa_printf(MSG_INFO, "ctrl_iface exists and seems to "
649 "be in use - cannot override it");
650 wpa_printf(MSG_INFO, "Delete '%s' manually if it is "
651 "not used anymore", fname);
652 os_free(fname);
653 fname = NULL;
654 goto fail;
655 }
656 }
657
658 if (gid_set && lchown(fname, -1, gid) < 0) {
659 wpa_printf(MSG_ERROR, "lchown[ctrl_interface=%s,gid=%d]: %s",
660 fname, (int) gid, strerror(errno));
661 goto fail;
662 }
663
664 if (chmod(fname, S_IRWXU | S_IRWXG) < 0) {
665 wpa_printf(MSG_ERROR, "chmod[ctrl_interface=%s]: %s",
666 fname, strerror(errno));
667 goto fail;
668 }
669 os_free(fname);
670
671 #ifdef ANDROID
672 havesock:
673 #endif /* ANDROID */
674
675 /*
676 * Make socket non-blocking so that we don't hang forever if
677 * target dies unexpectedly.
678 */
679 flags = fcntl(priv->sock, F_GETFL);
680 if (flags >= 0) {
681 flags |= O_NONBLOCK;
682 if (fcntl(priv->sock, F_SETFL, flags) < 0) {
683 wpa_printf(MSG_INFO, "fcntl(ctrl, O_NONBLOCK): %s",
684 strerror(errno));
685 /* Not fatal, continue on.*/
686 }
687 }
688
689 #if defined(__FreeBSD__)
690 /* Ensure we can send a full length message atomically. */
691 optval = 0;
692 optlen = sizeof(optval);
693 if (getsockopt(priv->sock, SOL_SOCKET, SO_SNDBUF, &optval, &optlen) == -1) {
694 wpa_printf(MSG_INFO, "failed to get sndbuf for sock=%d: %s",
695 priv->sock, strerror(errno));
696 } else if (optval < CTRL_IFACE_MAX_LEN) {
697 optval = CTRL_IFACE_MAX_LEN;
698 if (setsockopt(priv->sock, SOL_SOCKET, SO_SNDBUF, &optval,
699 sizeof(optval)) == -1)
700 wpa_printf(MSG_ERROR, "failed to set sndbuf for "
701 "sock=%d: %s", priv->sock, strerror(errno));
702 }
703 #endif
704
705 eloop_register_read_sock(priv->sock, wpa_supplicant_ctrl_iface_receive,
706 wpa_s, priv);
707 wpa_msg_register_cb(wpa_supplicant_ctrl_iface_msg_cb);
708
709 os_free(buf);
710 return 0;
711
712 fail:
713 if (priv->sock >= 0) {
714 close(priv->sock);
715 priv->sock = -1;
716 }
717 if (fname) {
718 unlink(fname);
719 os_free(fname);
720 }
721 os_free(buf);
722 return -1;
723 }
724
725
726 struct ctrl_iface_priv *
wpa_supplicant_ctrl_iface_init(struct wpa_supplicant * wpa_s)727 wpa_supplicant_ctrl_iface_init(struct wpa_supplicant *wpa_s)
728 {
729 struct ctrl_iface_priv *priv;
730
731 priv = os_zalloc(sizeof(*priv));
732 if (priv == NULL)
733 return NULL;
734 dl_list_init(&priv->ctrl_dst);
735 dl_list_init(&priv->msg_queue);
736 priv->wpa_s = wpa_s;
737 priv->sock = -1;
738
739 if (wpa_s->conf->ctrl_interface == NULL)
740 return priv;
741
742 #ifdef ANDROID
743 if (wpa_s->global->params.ctrl_interface) {
744 int same = 0;
745
746 if (wpa_s->global->params.ctrl_interface[0] == '/') {
747 if (os_strcmp(wpa_s->global->params.ctrl_interface,
748 wpa_s->conf->ctrl_interface) == 0)
749 same = 1;
750 } else if (os_strncmp(wpa_s->global->params.ctrl_interface,
751 "@android:", 9) == 0 ||
752 os_strncmp(wpa_s->global->params.ctrl_interface,
753 "@abstract:", 10) == 0) {
754 char *pos;
755
756 /*
757 * Currently, Android uses @android:wpa_* as the naming
758 * convention for the global ctrl interface. This logic
759 * needs to be revisited if the above naming convention
760 * is modified.
761 */
762 pos = os_strchr(wpa_s->global->params.ctrl_interface,
763 '_');
764 if (pos &&
765 os_strcmp(pos + 1,
766 wpa_s->conf->ctrl_interface) == 0)
767 same = 1;
768 }
769
770 if (same) {
771 /*
772 * The invalid configuration combination might be
773 * possible to hit in an Android OTA upgrade case, so
774 * instead of refusing to start the wpa_supplicant
775 * process, do not open the per-interface ctrl_iface
776 * and continue with the global control interface that
777 * was set from the command line since the Wi-Fi
778 * framework will use it for operations.
779 */
780 wpa_printf(MSG_ERROR,
781 "global ctrl interface %s matches ctrl interface %s - do not open per-interface ctrl interface",
782 wpa_s->global->params.ctrl_interface,
783 wpa_s->conf->ctrl_interface);
784 return priv;
785 }
786 }
787 #endif /* ANDROID */
788
789 if (wpas_ctrl_iface_open_sock(wpa_s, priv) < 0) {
790 os_free(priv);
791 return NULL;
792 }
793
794 return priv;
795 }
796
797
wpas_ctrl_iface_reinit(struct wpa_supplicant * wpa_s,struct ctrl_iface_priv * priv)798 static int wpas_ctrl_iface_reinit(struct wpa_supplicant *wpa_s,
799 struct ctrl_iface_priv *priv)
800 {
801 int res;
802
803 if (priv->sock <= 0)
804 return -1;
805
806 /*
807 * On Android, the control socket being used may be the socket
808 * that is created when wpa_supplicant is started as a /init.*.rc
809 * service. Such a socket is maintained as a key-value pair in
810 * Android's environment. Closing this control socket would leave us
811 * in a bad state with an invalid socket descriptor.
812 */
813 if (priv->android_control_socket)
814 return priv->sock;
815
816 eloop_unregister_read_sock(priv->sock);
817 close(priv->sock);
818 priv->sock = -1;
819 res = wpas_ctrl_iface_open_sock(wpa_s, priv);
820 if (res < 0)
821 return -1;
822 return priv->sock;
823 }
824
825
826 static void
wpas_global_ctrl_iface_flush_queued_msg(struct wpa_global * global,struct wpa_supplicant * wpa_s)827 wpas_global_ctrl_iface_flush_queued_msg(struct wpa_global *global,
828 struct wpa_supplicant *wpa_s)
829 {
830 struct ctrl_iface_global_priv *gpriv;
831 struct ctrl_iface_msg *msg, *prev_msg;
832 unsigned int count = 0;
833
834 if (!global || !global->ctrl_iface)
835 return;
836
837 gpriv = global->ctrl_iface;
838 dl_list_for_each_safe(msg, prev_msg, &gpriv->msg_queue,
839 struct ctrl_iface_msg, list) {
840 if (msg->wpa_s == wpa_s) {
841 count++;
842 dl_list_del(&msg->list);
843 os_free(msg);
844 }
845 }
846
847 if (count) {
848 wpa_printf(MSG_DEBUG,
849 "CTRL: Dropped %u pending message(s) for interface that is being removed",
850 count);
851 }
852 }
853
854
wpa_supplicant_ctrl_iface_deinit(struct wpa_supplicant * wpa_s,struct ctrl_iface_priv * priv)855 void wpa_supplicant_ctrl_iface_deinit(struct wpa_supplicant *wpa_s,
856 struct ctrl_iface_priv *priv)
857 {
858 struct wpa_ctrl_dst *dst, *prev;
859 struct ctrl_iface_msg *msg, *prev_msg;
860 struct ctrl_iface_global_priv *gpriv;
861
862 if (!priv) {
863 /* Control interface has not yet been initialized, so there is
864 * nothing to deinitialize here. However, there might be a
865 * pending message for this interface, so get rid of any such
866 * entry before completing interface removal. */
867 wpas_global_ctrl_iface_flush_queued_msg(wpa_s->global, wpa_s);
868 eloop_cancel_timeout(wpas_ctrl_msg_queue_timeout, wpa_s, NULL);
869 return;
870 }
871
872 if (priv->sock > -1) {
873 char *fname;
874 char *buf, *dir = NULL;
875 eloop_unregister_read_sock(priv->sock);
876 if (!dl_list_empty(&priv->ctrl_dst)) {
877 /*
878 * Wait before closing the control socket if
879 * there are any attached monitors in order to allow
880 * them to receive any pending messages.
881 */
882 wpa_printf(MSG_DEBUG, "CTRL_IFACE wait for attached "
883 "monitors to receive messages");
884 os_sleep(0, 100000);
885 }
886 close(priv->sock);
887 priv->sock = -1;
888 fname = wpa_supplicant_ctrl_iface_path(priv->wpa_s);
889 if (fname) {
890 unlink(fname);
891 os_free(fname);
892 }
893
894 if (priv->wpa_s->conf->ctrl_interface == NULL)
895 goto free_dst;
896 buf = os_strdup(priv->wpa_s->conf->ctrl_interface);
897 if (buf == NULL)
898 goto free_dst;
899 if (os_strncmp(buf, "DIR=", 4) == 0) {
900 char *gid_str;
901 dir = buf + 4;
902 gid_str = os_strstr(dir, " GROUP=");
903 if (gid_str)
904 *gid_str = '\0';
905 } else
906 dir = buf;
907
908 if (rmdir(dir) < 0) {
909 if (errno == ENOTEMPTY) {
910 wpa_printf(MSG_DEBUG, "Control interface "
911 "directory not empty - leaving it "
912 "behind");
913 } else {
914 wpa_printf(MSG_ERROR,
915 "rmdir[ctrl_interface=%s]: %s",
916 dir, strerror(errno));
917 }
918 }
919 os_free(buf);
920 }
921
922 free_dst:
923 dl_list_for_each_safe(dst, prev, &priv->ctrl_dst, struct wpa_ctrl_dst,
924 list) {
925 dl_list_del(&dst->list);
926 os_free(dst);
927 }
928 dl_list_for_each_safe(msg, prev_msg, &priv->msg_queue,
929 struct ctrl_iface_msg, list) {
930 dl_list_del(&msg->list);
931 os_free(msg);
932 }
933 gpriv = priv->wpa_s->global->ctrl_iface;
934 if (gpriv) {
935 dl_list_for_each_safe(msg, prev_msg, &gpriv->msg_queue,
936 struct ctrl_iface_msg, list) {
937 if (msg->wpa_s == priv->wpa_s) {
938 dl_list_del(&msg->list);
939 os_free(msg);
940 }
941 }
942 }
943 wpas_global_ctrl_iface_flush_queued_msg(wpa_s->global, wpa_s);
944 eloop_cancel_timeout(wpas_ctrl_msg_queue_timeout, priv->wpa_s, NULL);
945 os_free(priv);
946 }
947
948
949 /**
950 * wpa_supplicant_ctrl_iface_send - Send a control interface packet to monitors
951 * @ifname: Interface name for global control socket or %NULL
952 * @sock: Local socket fd
953 * @ctrl_dst: List of attached listeners
954 * @level: Priority level of the message
955 * @buf: Message data
956 * @len: Message length
957 *
958 * Send a packet to all monitor programs attached to the control interface.
959 */
wpa_supplicant_ctrl_iface_send(struct wpa_supplicant * wpa_s,const char * ifname,int sock,struct dl_list * ctrl_dst,int level,const char * buf,size_t len,struct ctrl_iface_priv * priv,struct ctrl_iface_global_priv * gp)960 static void wpa_supplicant_ctrl_iface_send(struct wpa_supplicant *wpa_s,
961 const char *ifname, int sock,
962 struct dl_list *ctrl_dst,
963 int level, const char *buf,
964 size_t len,
965 struct ctrl_iface_priv *priv,
966 struct ctrl_iface_global_priv *gp)
967 {
968 struct wpa_ctrl_dst *dst, *next;
969 char levelstr[10];
970 int idx, res;
971 struct msghdr msg;
972 struct iovec io[5];
973
974 if (sock < 0 || dl_list_empty(ctrl_dst))
975 return;
976
977 res = os_snprintf(levelstr, sizeof(levelstr), "<%d>", level);
978 if (os_snprintf_error(sizeof(levelstr), res))
979 return;
980 idx = 0;
981 if (ifname) {
982 io[idx].iov_base = "IFNAME=";
983 io[idx].iov_len = 7;
984 idx++;
985 io[idx].iov_base = (char *) ifname;
986 io[idx].iov_len = os_strlen(ifname);
987 idx++;
988 io[idx].iov_base = " ";
989 io[idx].iov_len = 1;
990 idx++;
991 }
992 io[idx].iov_base = levelstr;
993 io[idx].iov_len = os_strlen(levelstr);
994 idx++;
995 io[idx].iov_base = (char *) buf;
996 io[idx].iov_len = len;
997 idx++;
998 os_memset(&msg, 0, sizeof(msg));
999 msg.msg_iov = io;
1000 msg.msg_iovlen = idx;
1001
1002 dl_list_for_each_safe(dst, next, ctrl_dst, struct wpa_ctrl_dst, list) {
1003 int _errno;
1004 char txt[200];
1005
1006 if (level < dst->debug_level)
1007 continue;
1008
1009 msg.msg_name = (void *) &dst->addr;
1010 msg.msg_namelen = dst->addrlen;
1011 wpas_ctrl_sock_debug("ctrl_sock-sendmsg", sock, buf, len);
1012 if (sendmsg(sock, &msg, MSG_DONTWAIT) >= 0) {
1013 sockaddr_print(MSG_MSGDUMP,
1014 "CTRL_IFACE monitor sent successfully to",
1015 &dst->addr, dst->addrlen);
1016 dst->errors = 0;
1017 continue;
1018 }
1019
1020 _errno = errno;
1021 os_snprintf(txt, sizeof(txt), "CTRL_IFACE monitor: %d (%s) for",
1022 _errno, strerror(_errno));
1023 sockaddr_print(MSG_DEBUG, txt, &dst->addr, dst->addrlen);
1024 dst->errors++;
1025
1026 if (dst->errors > 10 || _errno == ENOENT || _errno == EPERM) {
1027 sockaddr_print(MSG_INFO, "CTRL_IFACE: Detach monitor that cannot receive messages:",
1028 &dst->addr, dst->addrlen);
1029 wpa_supplicant_ctrl_iface_detach(ctrl_dst, &dst->addr,
1030 dst->addrlen);
1031 }
1032
1033 if (_errno == ENOBUFS || _errno == EAGAIN) {
1034 /*
1035 * The socket send buffer could be full. This may happen
1036 * if client programs are not receiving their pending
1037 * messages. Close and reopen the socket as a workaround
1038 * to avoid getting stuck being unable to send any new
1039 * responses.
1040 */
1041 if (priv)
1042 sock = wpas_ctrl_iface_reinit(wpa_s, priv);
1043 else if (gp)
1044 sock = wpas_ctrl_iface_global_reinit(
1045 wpa_s->global, gp);
1046 else
1047 break;
1048 if (sock < 0) {
1049 wpa_dbg(wpa_s, MSG_DEBUG,
1050 "Failed to reinitialize ctrl_iface socket");
1051 break;
1052 }
1053 }
1054 }
1055 }
1056
1057
wpa_supplicant_ctrl_iface_wait(struct ctrl_iface_priv * priv)1058 void wpa_supplicant_ctrl_iface_wait(struct ctrl_iface_priv *priv)
1059 {
1060 char buf[256];
1061 int res;
1062 struct sockaddr_storage from;
1063 socklen_t fromlen = sizeof(from);
1064
1065 if (priv->sock == -1)
1066 return;
1067
1068 for (;;) {
1069 wpa_printf(MSG_DEBUG, "CTRL_IFACE - %s - wait for monitor to "
1070 "attach", priv->wpa_s->ifname);
1071 eloop_wait_for_read_sock(priv->sock);
1072
1073 res = recvfrom(priv->sock, buf, sizeof(buf) - 1, 0,
1074 (struct sockaddr *) &from, &fromlen);
1075 if (res < 0) {
1076 wpa_printf(MSG_ERROR, "recvfrom(ctrl_iface): %s",
1077 strerror(errno));
1078 continue;
1079 }
1080 buf[res] = '\0';
1081
1082 if (os_strcmp(buf, "ATTACH") == 0) {
1083 /* handle ATTACH signal of first monitor interface */
1084 if (!wpa_supplicant_ctrl_iface_attach(&priv->ctrl_dst,
1085 &from, fromlen,
1086 0)) {
1087 if (sendto(priv->sock, "OK\n", 3, 0,
1088 (struct sockaddr *) &from, fromlen) <
1089 0) {
1090 wpa_printf(MSG_DEBUG, "ctrl_iface sendto failed: %s",
1091 strerror(errno));
1092 }
1093 /* OK to continue */
1094 return;
1095 } else {
1096 if (sendto(priv->sock, "FAIL\n", 5, 0,
1097 (struct sockaddr *) &from, fromlen) <
1098 0) {
1099 wpa_printf(MSG_DEBUG, "ctrl_iface sendto failed: %s",
1100 strerror(errno));
1101 }
1102 }
1103 } else {
1104 /* return FAIL for all other signals */
1105 if (sendto(priv->sock, "FAIL\n", 5, 0,
1106 (struct sockaddr *) &from, fromlen) < 0) {
1107 wpa_printf(MSG_DEBUG,
1108 "ctrl_iface sendto failed: %s",
1109 strerror(errno));
1110 }
1111 }
1112 }
1113 }
1114
1115
1116 /* Global ctrl_iface */
1117
wpa_supplicant_global_ctrl_iface_receive(int sock,void * eloop_ctx,void * sock_ctx)1118 static void wpa_supplicant_global_ctrl_iface_receive(int sock, void *eloop_ctx,
1119 void *sock_ctx)
1120 {
1121 struct wpa_global *global = eloop_ctx;
1122 struct ctrl_iface_global_priv *priv = sock_ctx;
1123 char *buf;
1124 int res;
1125 struct sockaddr_storage from;
1126 socklen_t fromlen = sizeof(from);
1127 char *reply = NULL, *reply_buf = NULL;
1128 size_t reply_len;
1129
1130 buf = os_malloc(CTRL_IFACE_MAX_LEN + 1);
1131 if (!buf)
1132 return;
1133 res = recvfrom(sock, buf, CTRL_IFACE_MAX_LEN + 1, 0,
1134 (struct sockaddr *) &from, &fromlen);
1135 if (res < 0) {
1136 wpa_printf(MSG_ERROR, "recvfrom(ctrl_iface): %s",
1137 strerror(errno));
1138 os_free(buf);
1139 return;
1140 }
1141 if ((size_t) res > CTRL_IFACE_MAX_LEN) {
1142 wpa_printf(MSG_ERROR, "recvform(ctrl_iface): input truncated");
1143 os_free(buf);
1144 return;
1145 }
1146 buf[res] = '\0';
1147
1148 if (os_strcmp(buf, "ATTACH") == 0) {
1149 if (wpa_supplicant_ctrl_iface_attach(&priv->ctrl_dst, &from,
1150 fromlen, 1))
1151 reply_len = 1;
1152 else
1153 reply_len = 2;
1154 } else if (os_strcmp(buf, "DETACH") == 0) {
1155 if (wpa_supplicant_ctrl_iface_detach(&priv->ctrl_dst, &from,
1156 fromlen))
1157 reply_len = 1;
1158 else
1159 reply_len = 2;
1160 } else {
1161 reply_buf = wpa_supplicant_global_ctrl_iface_process(
1162 global, buf, &reply_len);
1163 reply = reply_buf;
1164
1165 /*
1166 * There could be some password/key material in the command, so
1167 * clear the buffer explicitly now that it is not needed
1168 * anymore.
1169 */
1170 os_memset(buf, 0, res);
1171 }
1172
1173 if (!reply && reply_len == 1) {
1174 reply = "FAIL\n";
1175 reply_len = 5;
1176 } else if (!reply && reply_len == 2) {
1177 reply = "OK\n";
1178 reply_len = 3;
1179 }
1180
1181 if (reply) {
1182 wpas_ctrl_sock_debug("global_ctrl_sock-sendto",
1183 sock, reply, reply_len);
1184 if (sendto(sock, reply, reply_len, 0, (struct sockaddr *) &from,
1185 fromlen) < 0) {
1186 wpa_printf(MSG_DEBUG, "ctrl_iface sendto failed: %s",
1187 strerror(errno));
1188 }
1189 }
1190 os_free(reply_buf);
1191 os_free(buf);
1192 }
1193
1194
wpas_global_ctrl_iface_open_sock(struct wpa_global * global,struct ctrl_iface_global_priv * priv)1195 static int wpas_global_ctrl_iface_open_sock(struct wpa_global *global,
1196 struct ctrl_iface_global_priv *priv)
1197 {
1198 struct sockaddr_un addr;
1199 const char *ctrl = global->params.ctrl_interface;
1200 int flags;
1201
1202 wpa_printf(MSG_DEBUG, "Global control interface '%s'", ctrl);
1203
1204 #ifdef ANDROID
1205 if (os_strncmp(ctrl, "@android:", 9) == 0) {
1206 priv->sock = android_get_control_socket(ctrl + 9);
1207 if (priv->sock < 0) {
1208 wpa_printf(MSG_ERROR, "Failed to open Android control "
1209 "socket '%s'", ctrl + 9);
1210 goto fail;
1211 }
1212 wpa_printf(MSG_DEBUG, "Using Android control socket '%s'",
1213 ctrl + 9);
1214 priv->android_control_socket = 1;
1215 goto havesock;
1216 }
1217
1218 if (os_strncmp(ctrl, "@abstract:", 10) != 0) {
1219 /*
1220 * Backwards compatibility - try to open an Android control
1221 * socket and if that fails, assume this was a UNIX domain
1222 * socket instead.
1223 */
1224 priv->sock = android_get_control_socket(ctrl);
1225 if (priv->sock >= 0) {
1226 wpa_printf(MSG_DEBUG,
1227 "Using Android control socket '%s'",
1228 ctrl);
1229 priv->android_control_socket = 1;
1230 goto havesock;
1231 }
1232 }
1233 #endif /* ANDROID */
1234
1235 priv->sock = socket(PF_UNIX, SOCK_DGRAM, 0);
1236 if (priv->sock < 0) {
1237 wpa_printf(MSG_ERROR, "socket(PF_UNIX): %s", strerror(errno));
1238 goto fail;
1239 }
1240
1241 os_memset(&addr, 0, sizeof(addr));
1242 #if defined(__FreeBSD__) || defined(__FreeBSD_kernel__)
1243 addr.sun_len = sizeof(addr);
1244 #endif /* __FreeBSD__ */
1245 addr.sun_family = AF_UNIX;
1246
1247 if (os_strncmp(ctrl, "@abstract:", 10) == 0) {
1248 addr.sun_path[0] = '\0';
1249 os_strlcpy(addr.sun_path + 1, ctrl + 10,
1250 sizeof(addr.sun_path) - 1);
1251 if (bind(priv->sock, (struct sockaddr *) &addr, sizeof(addr)) <
1252 0) {
1253 wpa_printf(MSG_ERROR, "supp-global-ctrl-iface-init: "
1254 "bind(PF_UNIX;%s) failed: %s",
1255 ctrl, strerror(errno));
1256 goto fail;
1257 }
1258 wpa_printf(MSG_DEBUG, "Using Abstract control socket '%s'",
1259 ctrl + 10);
1260 goto havesock;
1261 }
1262
1263 os_strlcpy(addr.sun_path, ctrl, sizeof(addr.sun_path));
1264 if (bind(priv->sock, (struct sockaddr *) &addr, sizeof(addr)) < 0) {
1265 wpa_printf(MSG_INFO, "supp-global-ctrl-iface-init(%s) (will try fixup): bind(PF_UNIX): %s",
1266 ctrl, strerror(errno));
1267 if (connect(priv->sock, (struct sockaddr *) &addr,
1268 sizeof(addr)) < 0) {
1269 wpa_printf(MSG_DEBUG, "ctrl_iface exists, but does not"
1270 " allow connections - assuming it was left"
1271 "over from forced program termination");
1272 if (unlink(ctrl) < 0) {
1273 wpa_printf(MSG_ERROR,
1274 "Could not unlink existing ctrl_iface socket '%s': %s",
1275 ctrl, strerror(errno));
1276 goto fail;
1277 }
1278 if (bind(priv->sock, (struct sockaddr *) &addr,
1279 sizeof(addr)) < 0) {
1280 wpa_printf(MSG_ERROR, "supp-glb-iface-init: bind(PF_UNIX;%s): %s",
1281 ctrl, strerror(errno));
1282 goto fail;
1283 }
1284 wpa_printf(MSG_DEBUG, "Successfully replaced leftover "
1285 "ctrl_iface socket '%s'",
1286 ctrl);
1287 } else {
1288 wpa_printf(MSG_INFO, "ctrl_iface exists and seems to "
1289 "be in use - cannot override it");
1290 wpa_printf(MSG_INFO, "Delete '%s' manually if it is "
1291 "not used anymore",
1292 ctrl);
1293 goto fail;
1294 }
1295 }
1296
1297 wpa_printf(MSG_DEBUG, "Using UNIX control socket '%s'", ctrl);
1298
1299 if (global->params.ctrl_interface_group) {
1300 char *gid_str = global->params.ctrl_interface_group;
1301 gid_t gid = 0;
1302 struct group *grp;
1303 char *endp;
1304
1305 grp = getgrnam(gid_str);
1306 if (grp) {
1307 gid = grp->gr_gid;
1308 wpa_printf(MSG_DEBUG, "ctrl_interface_group=%d"
1309 " (from group name '%s')",
1310 (int) gid, gid_str);
1311 } else {
1312 /* Group name not found - try to parse this as gid */
1313 gid = strtol(gid_str, &endp, 10);
1314 if (*gid_str == '\0' || *endp != '\0') {
1315 wpa_printf(MSG_ERROR, "CTRL: Invalid group "
1316 "'%s'", gid_str);
1317 goto fail;
1318 }
1319 wpa_printf(MSG_DEBUG, "ctrl_interface_group=%d",
1320 (int) gid);
1321 }
1322 if (lchown(ctrl, -1, gid) < 0) {
1323 wpa_printf(MSG_ERROR,
1324 "lchown[global_ctrl_interface=%s,gid=%d]: %s",
1325 ctrl, (int) gid, strerror(errno));
1326 goto fail;
1327 }
1328
1329 if (chmod(ctrl, S_IRWXU | S_IRWXG) < 0) {
1330 wpa_printf(MSG_ERROR,
1331 "chmod[global_ctrl_interface=%s]: %s",
1332 ctrl, strerror(errno));
1333 goto fail;
1334 }
1335 } else {
1336 if (chmod(ctrl, S_IRWXU) < 0) {
1337 wpa_printf(MSG_DEBUG,
1338 "chmod[global_ctrl_interface=%s](S_IRWXU): %s",
1339 ctrl, strerror(errno));
1340 /* continue anyway since group change was not required
1341 */
1342 }
1343 }
1344
1345 havesock:
1346
1347 /*
1348 * Make socket non-blocking so that we don't hang forever if
1349 * target dies unexpectedly.
1350 */
1351 flags = fcntl(priv->sock, F_GETFL);
1352 if (flags >= 0) {
1353 flags |= O_NONBLOCK;
1354 if (fcntl(priv->sock, F_SETFL, flags) < 0) {
1355 wpa_printf(MSG_INFO, "fcntl(ctrl, O_NONBLOCK): %s",
1356 strerror(errno));
1357 /* Not fatal, continue on.*/
1358 }
1359 }
1360
1361 eloop_register_read_sock(priv->sock,
1362 wpa_supplicant_global_ctrl_iface_receive,
1363 global, priv);
1364
1365 return 0;
1366
1367 fail:
1368 if (priv->sock >= 0) {
1369 close(priv->sock);
1370 priv->sock = -1;
1371 }
1372 return -1;
1373 }
1374
1375
1376 struct ctrl_iface_global_priv *
wpa_supplicant_global_ctrl_iface_init(struct wpa_global * global)1377 wpa_supplicant_global_ctrl_iface_init(struct wpa_global *global)
1378 {
1379 struct ctrl_iface_global_priv *priv;
1380
1381 priv = os_zalloc(sizeof(*priv));
1382 if (priv == NULL)
1383 return NULL;
1384 dl_list_init(&priv->ctrl_dst);
1385 dl_list_init(&priv->msg_queue);
1386 priv->global = global;
1387 priv->sock = -1;
1388
1389 if (global->params.ctrl_interface == NULL)
1390 return priv;
1391
1392 if (wpas_global_ctrl_iface_open_sock(global, priv) < 0) {
1393 os_free(priv);
1394 return NULL;
1395 }
1396
1397 wpa_msg_register_cb(wpa_supplicant_ctrl_iface_msg_cb);
1398
1399 return priv;
1400 }
1401
1402
wpas_ctrl_iface_global_reinit(struct wpa_global * global,struct ctrl_iface_global_priv * priv)1403 static int wpas_ctrl_iface_global_reinit(struct wpa_global *global,
1404 struct ctrl_iface_global_priv *priv)
1405 {
1406 int res;
1407
1408 if (priv->sock <= 0)
1409 return -1;
1410
1411 /*
1412 * On Android, the control socket being used may be the socket
1413 * that is created when wpa_supplicant is started as a /init.*.rc
1414 * service. Such a socket is maintained as a key-value pair in
1415 * Android's environment. Closing this control socket would leave us
1416 * in a bad state with an invalid socket descriptor.
1417 */
1418 if (priv->android_control_socket)
1419 return priv->sock;
1420
1421 eloop_unregister_read_sock(priv->sock);
1422 close(priv->sock);
1423 priv->sock = -1;
1424 res = wpas_global_ctrl_iface_open_sock(global, priv);
1425 if (res < 0)
1426 return -1;
1427 return priv->sock;
1428 }
1429
1430
1431 void
wpa_supplicant_global_ctrl_iface_deinit(struct ctrl_iface_global_priv * priv)1432 wpa_supplicant_global_ctrl_iface_deinit(struct ctrl_iface_global_priv *priv)
1433 {
1434 struct wpa_ctrl_dst *dst, *prev;
1435 struct ctrl_iface_msg *msg, *prev_msg;
1436
1437 if (priv->sock >= 0) {
1438 eloop_unregister_read_sock(priv->sock);
1439 close(priv->sock);
1440 }
1441 if (priv->global->params.ctrl_interface)
1442 unlink(priv->global->params.ctrl_interface);
1443 dl_list_for_each_safe(dst, prev, &priv->ctrl_dst, struct wpa_ctrl_dst,
1444 list) {
1445 dl_list_del(&dst->list);
1446 os_free(dst);
1447 }
1448 dl_list_for_each_safe(msg, prev_msg, &priv->msg_queue,
1449 struct ctrl_iface_msg, list) {
1450 dl_list_del(&msg->list);
1451 os_free(msg);
1452 }
1453 os_free(priv);
1454 }
1455