1 /* 2 * WPA Supplicant / UNIX domain socket -based control interface 3 * Copyright (c) 2004-2014, Jouni Malinen <j@w1.fi> 4 * 5 * This software may be distributed under the terms of the BSD license. 6 * See README for more details. 7 */ 8 9 #include "includes.h" 10 #include <sys/un.h> 11 #include <sys/stat.h> 12 #include <grp.h> 13 #include <stddef.h> 14 #include <unistd.h> 15 #include <fcntl.h> 16 #ifdef ANDROID 17 #include <cutils/sockets.h> 18 #endif /* ANDROID */ 19 20 #include "utils/common.h" 21 #include "utils/eloop.h" 22 #include "utils/list.h" 23 #include "eapol_supp/eapol_supp_sm.h" 24 #include "config.h" 25 #include "wpa_supplicant_i.h" 26 #include "ctrl_iface.h" 27 28 /* Per-interface ctrl_iface */ 29 30 /** 31 * struct wpa_ctrl_dst - Internal data structure of control interface monitors 32 * 33 * This structure is used to store information about registered control 34 * interface monitors into struct wpa_supplicant. This data is private to 35 * ctrl_iface_unix.c and should not be touched directly from other files. 36 */ 37 struct wpa_ctrl_dst { 38 struct dl_list list; 39 struct sockaddr_un addr; 40 socklen_t addrlen; 41 int debug_level; 42 int errors; 43 }; 44 45 46 struct ctrl_iface_priv { 47 struct wpa_supplicant *wpa_s; 48 int sock; 49 struct dl_list ctrl_dst; 50 int android_control_socket; 51 }; 52 53 54 struct ctrl_iface_global_priv { 55 struct wpa_global *global; 56 int sock; 57 struct dl_list ctrl_dst; 58 int android_control_socket; 59 }; 60 61 62 static void wpa_supplicant_ctrl_iface_send(struct wpa_supplicant *wpa_s, 63 const char *ifname, int sock, 64 struct dl_list *ctrl_dst, 65 int level, const char *buf, 66 size_t len, 67 struct ctrl_iface_priv *priv, 68 struct ctrl_iface_global_priv *gp); 69 static int wpas_ctrl_iface_reinit(struct wpa_supplicant *wpa_s, 70 struct ctrl_iface_priv *priv); 71 static int wpas_ctrl_iface_global_reinit(struct wpa_global *global, 72 struct ctrl_iface_global_priv *priv); 73 74 75 static int wpa_supplicant_ctrl_iface_attach(struct dl_list *ctrl_dst, 76 struct sockaddr_un *from, 77 socklen_t fromlen, int global) 78 { 79 struct wpa_ctrl_dst *dst; 80 char addr_txt[200]; 81 82 dst = os_zalloc(sizeof(*dst)); 83 if (dst == NULL) 84 return -1; 85 os_memcpy(&dst->addr, from, sizeof(struct sockaddr_un)); 86 dst->addrlen = fromlen; 87 dst->debug_level = MSG_INFO; 88 dl_list_add(ctrl_dst, &dst->list); 89 printf_encode(addr_txt, sizeof(addr_txt), 90 (u8 *) from->sun_path, 91 fromlen - offsetof(struct sockaddr_un, sun_path)); 92 wpa_printf(MSG_DEBUG, "CTRL_IFACE %smonitor attached %s", 93 global ? "global " : "", addr_txt); 94 return 0; 95 } 96 97 98 static int wpa_supplicant_ctrl_iface_detach(struct dl_list *ctrl_dst, 99 struct sockaddr_un *from, 100 socklen_t fromlen) 101 { 102 struct wpa_ctrl_dst *dst; 103 104 dl_list_for_each(dst, ctrl_dst, struct wpa_ctrl_dst, list) { 105 if (fromlen == dst->addrlen && 106 os_memcmp(from->sun_path, dst->addr.sun_path, 107 fromlen - offsetof(struct sockaddr_un, sun_path)) 108 == 0) { 109 char addr_txt[200]; 110 printf_encode(addr_txt, sizeof(addr_txt), 111 (u8 *) from->sun_path, 112 fromlen - 113 offsetof(struct sockaddr_un, sun_path)); 114 wpa_printf(MSG_DEBUG, "CTRL_IFACE monitor detached %s", 115 addr_txt); 116 dl_list_del(&dst->list); 117 os_free(dst); 118 return 0; 119 } 120 } 121 return -1; 122 } 123 124 125 static int wpa_supplicant_ctrl_iface_level(struct ctrl_iface_priv *priv, 126 struct sockaddr_un *from, 127 socklen_t fromlen, 128 char *level) 129 { 130 struct wpa_ctrl_dst *dst; 131 132 wpa_printf(MSG_DEBUG, "CTRL_IFACE LEVEL %s", level); 133 134 dl_list_for_each(dst, &priv->ctrl_dst, struct wpa_ctrl_dst, list) { 135 if (fromlen == dst->addrlen && 136 os_memcmp(from->sun_path, dst->addr.sun_path, 137 fromlen - offsetof(struct sockaddr_un, sun_path)) 138 == 0) { 139 char addr_txt[200]; 140 dst->debug_level = atoi(level); 141 printf_encode(addr_txt, sizeof(addr_txt), 142 (u8 *) from->sun_path, fromlen - 143 offsetof(struct sockaddr_un, sun_path)); 144 wpa_printf(MSG_DEBUG, "CTRL_IFACE changed monitor level to %d for %s", 145 dst->debug_level, addr_txt); 146 return 0; 147 } 148 } 149 150 return -1; 151 } 152 153 154 static void wpa_supplicant_ctrl_iface_receive(int sock, void *eloop_ctx, 155 void *sock_ctx) 156 { 157 struct wpa_supplicant *wpa_s = eloop_ctx; 158 struct ctrl_iface_priv *priv = sock_ctx; 159 char buf[4096]; 160 int res; 161 struct sockaddr_un from; 162 socklen_t fromlen = sizeof(from); 163 char *reply = NULL, *reply_buf = NULL; 164 size_t reply_len = 0; 165 int new_attached = 0; 166 167 res = recvfrom(sock, buf, sizeof(buf) - 1, 0, 168 (struct sockaddr *) &from, &fromlen); 169 if (res < 0) { 170 wpa_printf(MSG_ERROR, "recvfrom(ctrl_iface): %s", 171 strerror(errno)); 172 return; 173 } 174 buf[res] = '\0'; 175 176 if (os_strcmp(buf, "ATTACH") == 0) { 177 if (wpa_supplicant_ctrl_iface_attach(&priv->ctrl_dst, &from, 178 fromlen, 0)) 179 reply_len = 1; 180 else { 181 new_attached = 1; 182 reply_len = 2; 183 } 184 } else if (os_strcmp(buf, "DETACH") == 0) { 185 if (wpa_supplicant_ctrl_iface_detach(&priv->ctrl_dst, &from, 186 fromlen)) 187 reply_len = 1; 188 else 189 reply_len = 2; 190 } else if (os_strncmp(buf, "LEVEL ", 6) == 0) { 191 if (wpa_supplicant_ctrl_iface_level(priv, &from, fromlen, 192 buf + 6)) 193 reply_len = 1; 194 else 195 reply_len = 2; 196 } else { 197 reply_buf = wpa_supplicant_ctrl_iface_process(wpa_s, buf, 198 &reply_len); 199 reply = reply_buf; 200 } 201 202 if (!reply && reply_len == 1) { 203 reply = "FAIL\n"; 204 reply_len = 5; 205 } else if (!reply && reply_len == 2) { 206 reply = "OK\n"; 207 reply_len = 3; 208 } 209 210 if (reply) { 211 if (sendto(sock, reply, reply_len, 0, (struct sockaddr *) &from, 212 fromlen) < 0) { 213 int _errno = errno; 214 wpa_dbg(wpa_s, MSG_DEBUG, 215 "ctrl_iface sendto failed: %d - %s", 216 _errno, strerror(_errno)); 217 if (_errno == ENOBUFS || _errno == EAGAIN) { 218 /* 219 * The socket send buffer could be full. This 220 * may happen if client programs are not 221 * receiving their pending messages. Close and 222 * reopen the socket as a workaround to avoid 223 * getting stuck being unable to send any new 224 * responses. 225 */ 226 sock = wpas_ctrl_iface_reinit(wpa_s, priv); 227 if (sock < 0) { 228 wpa_dbg(wpa_s, MSG_DEBUG, "Failed to reinitialize ctrl_iface socket"); 229 } 230 } 231 if (new_attached) { 232 wpa_dbg(wpa_s, MSG_DEBUG, "Failed to send response to ATTACH - detaching"); 233 new_attached = 0; 234 wpa_supplicant_ctrl_iface_detach( 235 &priv->ctrl_dst, &from, fromlen); 236 } 237 } 238 } 239 os_free(reply_buf); 240 241 if (new_attached) 242 eapol_sm_notify_ctrl_attached(wpa_s->eapol); 243 } 244 245 246 static char * wpa_supplicant_ctrl_iface_path(struct wpa_supplicant *wpa_s) 247 { 248 char *buf; 249 size_t len; 250 char *pbuf, *dir = NULL; 251 int res; 252 253 if (wpa_s->conf->ctrl_interface == NULL) 254 return NULL; 255 256 pbuf = os_strdup(wpa_s->conf->ctrl_interface); 257 if (pbuf == NULL) 258 return NULL; 259 if (os_strncmp(pbuf, "DIR=", 4) == 0) { 260 char *gid_str; 261 dir = pbuf + 4; 262 gid_str = os_strstr(dir, " GROUP="); 263 if (gid_str) 264 *gid_str = '\0'; 265 } else 266 dir = pbuf; 267 268 len = os_strlen(dir) + os_strlen(wpa_s->ifname) + 2; 269 buf = os_malloc(len); 270 if (buf == NULL) { 271 os_free(pbuf); 272 return NULL; 273 } 274 275 res = os_snprintf(buf, len, "%s/%s", dir, wpa_s->ifname); 276 if (os_snprintf_error(len, res)) { 277 os_free(pbuf); 278 os_free(buf); 279 return NULL; 280 } 281 #ifdef __CYGWIN__ 282 { 283 /* Windows/WinPcap uses interface names that are not suitable 284 * as a file name - convert invalid chars to underscores */ 285 char *pos = buf; 286 while (*pos) { 287 if (*pos == '\\') 288 *pos = '_'; 289 pos++; 290 } 291 } 292 #endif /* __CYGWIN__ */ 293 os_free(pbuf); 294 return buf; 295 } 296 297 298 static void wpa_supplicant_ctrl_iface_msg_cb(void *ctx, int level, int global, 299 const char *txt, size_t len) 300 { 301 struct wpa_supplicant *wpa_s = ctx; 302 303 if (wpa_s == NULL) 304 return; 305 306 if (global != 2 && wpa_s->global->ctrl_iface) { 307 struct ctrl_iface_global_priv *priv = wpa_s->global->ctrl_iface; 308 if (!dl_list_empty(&priv->ctrl_dst)) { 309 wpa_supplicant_ctrl_iface_send(wpa_s, global ? NULL : 310 wpa_s->ifname, 311 priv->sock, 312 &priv->ctrl_dst, 313 level, txt, len, NULL, 314 priv); 315 } 316 } 317 318 if (wpa_s->ctrl_iface == NULL) 319 return; 320 wpa_supplicant_ctrl_iface_send(wpa_s, NULL, wpa_s->ctrl_iface->sock, 321 &wpa_s->ctrl_iface->ctrl_dst, 322 level, txt, len, wpa_s->ctrl_iface, 323 NULL); 324 } 325 326 327 static int wpas_ctrl_iface_open_sock(struct wpa_supplicant *wpa_s, 328 struct ctrl_iface_priv *priv) 329 { 330 struct sockaddr_un addr; 331 char *fname = NULL; 332 gid_t gid = 0; 333 int gid_set = 0; 334 char *buf, *dir = NULL, *gid_str = NULL; 335 struct group *grp; 336 char *endp; 337 int flags; 338 339 buf = os_strdup(wpa_s->conf->ctrl_interface); 340 if (buf == NULL) 341 goto fail; 342 #ifdef ANDROID 343 os_snprintf(addr.sun_path, sizeof(addr.sun_path), "wpa_%s", 344 wpa_s->conf->ctrl_interface); 345 priv->sock = android_get_control_socket(addr.sun_path); 346 if (priv->sock >= 0) { 347 priv->android_control_socket = 1; 348 goto havesock; 349 } 350 #endif /* ANDROID */ 351 if (os_strncmp(buf, "DIR=", 4) == 0) { 352 dir = buf + 4; 353 gid_str = os_strstr(dir, " GROUP="); 354 if (gid_str) { 355 *gid_str = '\0'; 356 gid_str += 7; 357 } 358 } else { 359 dir = buf; 360 gid_str = wpa_s->conf->ctrl_interface_group; 361 } 362 363 if (mkdir(dir, S_IRWXU | S_IRWXG) < 0) { 364 if (errno == EEXIST) { 365 wpa_printf(MSG_DEBUG, "Using existing control " 366 "interface directory."); 367 } else { 368 wpa_printf(MSG_ERROR, "mkdir[ctrl_interface=%s]: %s", 369 dir, strerror(errno)); 370 goto fail; 371 } 372 } 373 374 #ifdef ANDROID 375 /* 376 * wpa_supplicant is started from /init.*.rc on Android and that seems 377 * to be using umask 0077 which would leave the control interface 378 * directory without group access. This breaks things since Wi-Fi 379 * framework assumes that this directory can be accessed by other 380 * applications in the wifi group. Fix this by adding group access even 381 * if umask value would prevent this. 382 */ 383 if (chmod(dir, S_IRWXU | S_IRWXG) < 0) { 384 wpa_printf(MSG_ERROR, "CTRL: Could not chmod directory: %s", 385 strerror(errno)); 386 /* Try to continue anyway */ 387 } 388 #endif /* ANDROID */ 389 390 if (gid_str) { 391 grp = getgrnam(gid_str); 392 if (grp) { 393 gid = grp->gr_gid; 394 gid_set = 1; 395 wpa_printf(MSG_DEBUG, "ctrl_interface_group=%d" 396 " (from group name '%s')", 397 (int) gid, gid_str); 398 } else { 399 /* Group name not found - try to parse this as gid */ 400 gid = strtol(gid_str, &endp, 10); 401 if (*gid_str == '\0' || *endp != '\0') { 402 wpa_printf(MSG_ERROR, "CTRL: Invalid group " 403 "'%s'", gid_str); 404 goto fail; 405 } 406 gid_set = 1; 407 wpa_printf(MSG_DEBUG, "ctrl_interface_group=%d", 408 (int) gid); 409 } 410 } 411 412 if (gid_set && chown(dir, -1, gid) < 0) { 413 wpa_printf(MSG_ERROR, "chown[ctrl_interface=%s,gid=%d]: %s", 414 dir, (int) gid, strerror(errno)); 415 goto fail; 416 } 417 418 /* Make sure the group can enter and read the directory */ 419 if (gid_set && 420 chmod(dir, S_IRUSR | S_IWUSR | S_IXUSR | S_IRGRP | S_IXGRP) < 0) { 421 wpa_printf(MSG_ERROR, "CTRL: chmod[ctrl_interface]: %s", 422 strerror(errno)); 423 goto fail; 424 } 425 426 if (os_strlen(dir) + 1 + os_strlen(wpa_s->ifname) >= 427 sizeof(addr.sun_path)) { 428 wpa_printf(MSG_ERROR, "ctrl_iface path limit exceeded"); 429 goto fail; 430 } 431 432 priv->sock = socket(PF_UNIX, SOCK_DGRAM, 0); 433 if (priv->sock < 0) { 434 wpa_printf(MSG_ERROR, "socket(PF_UNIX): %s", strerror(errno)); 435 goto fail; 436 } 437 438 os_memset(&addr, 0, sizeof(addr)); 439 #if defined(__FreeBSD__) || defined(__FreeBSD_kernel__) 440 addr.sun_len = sizeof(addr); 441 #endif /* __FreeBSD__ */ 442 addr.sun_family = AF_UNIX; 443 fname = wpa_supplicant_ctrl_iface_path(wpa_s); 444 if (fname == NULL) 445 goto fail; 446 os_strlcpy(addr.sun_path, fname, sizeof(addr.sun_path)); 447 if (bind(priv->sock, (struct sockaddr *) &addr, sizeof(addr)) < 0) { 448 wpa_printf(MSG_DEBUG, "ctrl_iface bind(PF_UNIX) failed: %s", 449 strerror(errno)); 450 if (connect(priv->sock, (struct sockaddr *) &addr, 451 sizeof(addr)) < 0) { 452 wpa_printf(MSG_DEBUG, "ctrl_iface exists, but does not" 453 " allow connections - assuming it was left" 454 "over from forced program termination"); 455 if (unlink(fname) < 0) { 456 wpa_printf(MSG_ERROR, 457 "Could not unlink existing ctrl_iface socket '%s': %s", 458 fname, strerror(errno)); 459 goto fail; 460 } 461 if (bind(priv->sock, (struct sockaddr *) &addr, 462 sizeof(addr)) < 0) { 463 wpa_printf(MSG_ERROR, "supp-ctrl-iface-init: bind(PF_UNIX): %s", 464 strerror(errno)); 465 goto fail; 466 } 467 wpa_printf(MSG_DEBUG, "Successfully replaced leftover " 468 "ctrl_iface socket '%s'", fname); 469 } else { 470 wpa_printf(MSG_INFO, "ctrl_iface exists and seems to " 471 "be in use - cannot override it"); 472 wpa_printf(MSG_INFO, "Delete '%s' manually if it is " 473 "not used anymore", fname); 474 os_free(fname); 475 fname = NULL; 476 goto fail; 477 } 478 } 479 480 if (gid_set && chown(fname, -1, gid) < 0) { 481 wpa_printf(MSG_ERROR, "chown[ctrl_interface=%s,gid=%d]: %s", 482 fname, (int) gid, strerror(errno)); 483 goto fail; 484 } 485 486 if (chmod(fname, S_IRWXU | S_IRWXG) < 0) { 487 wpa_printf(MSG_ERROR, "chmod[ctrl_interface=%s]: %s", 488 fname, strerror(errno)); 489 goto fail; 490 } 491 os_free(fname); 492 493 #ifdef ANDROID 494 havesock: 495 #endif /* ANDROID */ 496 497 /* 498 * Make socket non-blocking so that we don't hang forever if 499 * target dies unexpectedly. 500 */ 501 flags = fcntl(priv->sock, F_GETFL); 502 if (flags >= 0) { 503 flags |= O_NONBLOCK; 504 if (fcntl(priv->sock, F_SETFL, flags) < 0) { 505 wpa_printf(MSG_INFO, "fcntl(ctrl, O_NONBLOCK): %s", 506 strerror(errno)); 507 /* Not fatal, continue on.*/ 508 } 509 } 510 511 eloop_register_read_sock(priv->sock, wpa_supplicant_ctrl_iface_receive, 512 wpa_s, priv); 513 wpa_msg_register_cb(wpa_supplicant_ctrl_iface_msg_cb); 514 515 os_free(buf); 516 return 0; 517 518 fail: 519 if (priv->sock >= 0) { 520 close(priv->sock); 521 priv->sock = -1; 522 } 523 if (fname) { 524 unlink(fname); 525 os_free(fname); 526 } 527 os_free(buf); 528 return -1; 529 } 530 531 532 struct ctrl_iface_priv * 533 wpa_supplicant_ctrl_iface_init(struct wpa_supplicant *wpa_s) 534 { 535 struct ctrl_iface_priv *priv; 536 537 priv = os_zalloc(sizeof(*priv)); 538 if (priv == NULL) 539 return NULL; 540 dl_list_init(&priv->ctrl_dst); 541 priv->wpa_s = wpa_s; 542 priv->sock = -1; 543 544 if (wpa_s->conf->ctrl_interface == NULL) 545 return priv; 546 547 if (wpas_ctrl_iface_open_sock(wpa_s, priv) < 0) { 548 os_free(priv); 549 return NULL; 550 } 551 552 return priv; 553 } 554 555 556 static int wpas_ctrl_iface_reinit(struct wpa_supplicant *wpa_s, 557 struct ctrl_iface_priv *priv) 558 { 559 int res; 560 561 if (priv->sock <= 0) 562 return -1; 563 564 /* 565 * On Android, the control socket being used may be the socket 566 * that is created when wpa_supplicant is started as a /init.*.rc 567 * service. Such a socket is maintained as a key-value pair in 568 * Android's environment. Closing this control socket would leave us 569 * in a bad state with an invalid socket descriptor. 570 */ 571 if (priv->android_control_socket) 572 return priv->sock; 573 574 eloop_unregister_read_sock(priv->sock); 575 close(priv->sock); 576 priv->sock = -1; 577 res = wpas_ctrl_iface_open_sock(wpa_s, priv); 578 if (res < 0) 579 return -1; 580 return priv->sock; 581 } 582 583 584 void wpa_supplicant_ctrl_iface_deinit(struct ctrl_iface_priv *priv) 585 { 586 struct wpa_ctrl_dst *dst, *prev; 587 588 if (priv->sock > -1) { 589 char *fname; 590 char *buf, *dir = NULL; 591 eloop_unregister_read_sock(priv->sock); 592 if (!dl_list_empty(&priv->ctrl_dst)) { 593 /* 594 * Wait before closing the control socket if 595 * there are any attached monitors in order to allow 596 * them to receive any pending messages. 597 */ 598 wpa_printf(MSG_DEBUG, "CTRL_IFACE wait for attached " 599 "monitors to receive messages"); 600 os_sleep(0, 100000); 601 } 602 close(priv->sock); 603 priv->sock = -1; 604 fname = wpa_supplicant_ctrl_iface_path(priv->wpa_s); 605 if (fname) { 606 unlink(fname); 607 os_free(fname); 608 } 609 610 if (priv->wpa_s->conf->ctrl_interface == NULL) 611 goto free_dst; 612 buf = os_strdup(priv->wpa_s->conf->ctrl_interface); 613 if (buf == NULL) 614 goto free_dst; 615 if (os_strncmp(buf, "DIR=", 4) == 0) { 616 char *gid_str; 617 dir = buf + 4; 618 gid_str = os_strstr(dir, " GROUP="); 619 if (gid_str) 620 *gid_str = '\0'; 621 } else 622 dir = buf; 623 624 if (rmdir(dir) < 0) { 625 if (errno == ENOTEMPTY) { 626 wpa_printf(MSG_DEBUG, "Control interface " 627 "directory not empty - leaving it " 628 "behind"); 629 } else { 630 wpa_printf(MSG_ERROR, 631 "rmdir[ctrl_interface=%s]: %s", 632 dir, strerror(errno)); 633 } 634 } 635 os_free(buf); 636 } 637 638 free_dst: 639 dl_list_for_each_safe(dst, prev, &priv->ctrl_dst, struct wpa_ctrl_dst, 640 list) 641 os_free(dst); 642 os_free(priv); 643 } 644 645 646 /** 647 * wpa_supplicant_ctrl_iface_send - Send a control interface packet to monitors 648 * @ifname: Interface name for global control socket or %NULL 649 * @sock: Local socket fd 650 * @ctrl_dst: List of attached listeners 651 * @level: Priority level of the message 652 * @buf: Message data 653 * @len: Message length 654 * 655 * Send a packet to all monitor programs attached to the control interface. 656 */ 657 static void wpa_supplicant_ctrl_iface_send(struct wpa_supplicant *wpa_s, 658 const char *ifname, int sock, 659 struct dl_list *ctrl_dst, 660 int level, const char *buf, 661 size_t len, 662 struct ctrl_iface_priv *priv, 663 struct ctrl_iface_global_priv *gp) 664 { 665 struct wpa_ctrl_dst *dst, *next; 666 char levelstr[10]; 667 int idx, res; 668 struct msghdr msg; 669 struct iovec io[5]; 670 671 if (sock < 0 || dl_list_empty(ctrl_dst)) 672 return; 673 674 res = os_snprintf(levelstr, sizeof(levelstr), "<%d>", level); 675 if (os_snprintf_error(sizeof(levelstr), res)) 676 return; 677 idx = 0; 678 if (ifname) { 679 io[idx].iov_base = "IFNAME="; 680 io[idx].iov_len = 7; 681 idx++; 682 io[idx].iov_base = (char *) ifname; 683 io[idx].iov_len = os_strlen(ifname); 684 idx++; 685 io[idx].iov_base = " "; 686 io[idx].iov_len = 1; 687 idx++; 688 } 689 io[idx].iov_base = levelstr; 690 io[idx].iov_len = os_strlen(levelstr); 691 idx++; 692 io[idx].iov_base = (char *) buf; 693 io[idx].iov_len = len; 694 idx++; 695 os_memset(&msg, 0, sizeof(msg)); 696 msg.msg_iov = io; 697 msg.msg_iovlen = idx; 698 699 dl_list_for_each_safe(dst, next, ctrl_dst, struct wpa_ctrl_dst, list) { 700 int _errno; 701 char addr_txt[200]; 702 703 if (level < dst->debug_level) 704 continue; 705 706 printf_encode(addr_txt, sizeof(addr_txt), 707 (u8 *) dst->addr.sun_path, dst->addrlen - 708 offsetof(struct sockaddr_un, sun_path)); 709 msg.msg_name = (void *) &dst->addr; 710 msg.msg_namelen = dst->addrlen; 711 if (sendmsg(sock, &msg, MSG_DONTWAIT) >= 0) { 712 wpa_printf(MSG_DEBUG, "CTRL_IFACE monitor sent successfully to %s", 713 addr_txt); 714 dst->errors = 0; 715 continue; 716 } 717 718 _errno = errno; 719 wpa_printf(MSG_DEBUG, "CTRL_IFACE monitor[%s]: %d - %s", 720 addr_txt, errno, strerror(errno)); 721 dst->errors++; 722 723 if (dst->errors > 10 || _errno == ENOENT || _errno == EPERM) { 724 wpa_printf(MSG_INFO, "CTRL_IFACE: Detach monitor %s that cannot receive messages", 725 addr_txt); 726 wpa_supplicant_ctrl_iface_detach(ctrl_dst, &dst->addr, 727 dst->addrlen); 728 } 729 730 if (_errno == ENOBUFS || _errno == EAGAIN) { 731 /* 732 * The socket send buffer could be full. This may happen 733 * if client programs are not receiving their pending 734 * messages. Close and reopen the socket as a workaround 735 * to avoid getting stuck being unable to send any new 736 * responses. 737 */ 738 if (priv) 739 sock = wpas_ctrl_iface_reinit(wpa_s, priv); 740 else if (gp) 741 sock = wpas_ctrl_iface_global_reinit( 742 wpa_s->global, gp); 743 else 744 break; 745 if (sock < 0) { 746 wpa_dbg(wpa_s, MSG_DEBUG, 747 "Failed to reinitialize ctrl_iface socket"); 748 break; 749 } 750 } 751 } 752 } 753 754 755 void wpa_supplicant_ctrl_iface_wait(struct ctrl_iface_priv *priv) 756 { 757 char buf[256]; 758 int res; 759 struct sockaddr_un from; 760 socklen_t fromlen = sizeof(from); 761 762 for (;;) { 763 wpa_printf(MSG_DEBUG, "CTRL_IFACE - %s - wait for monitor to " 764 "attach", priv->wpa_s->ifname); 765 eloop_wait_for_read_sock(priv->sock); 766 767 res = recvfrom(priv->sock, buf, sizeof(buf) - 1, 0, 768 (struct sockaddr *) &from, &fromlen); 769 if (res < 0) { 770 wpa_printf(MSG_ERROR, "recvfrom(ctrl_iface): %s", 771 strerror(errno)); 772 continue; 773 } 774 buf[res] = '\0'; 775 776 if (os_strcmp(buf, "ATTACH") == 0) { 777 /* handle ATTACH signal of first monitor interface */ 778 if (!wpa_supplicant_ctrl_iface_attach(&priv->ctrl_dst, 779 &from, fromlen, 780 0)) { 781 if (sendto(priv->sock, "OK\n", 3, 0, 782 (struct sockaddr *) &from, fromlen) < 783 0) { 784 wpa_printf(MSG_DEBUG, "ctrl_iface sendto failed: %s", 785 strerror(errno)); 786 } 787 /* OK to continue */ 788 return; 789 } else { 790 if (sendto(priv->sock, "FAIL\n", 5, 0, 791 (struct sockaddr *) &from, fromlen) < 792 0) { 793 wpa_printf(MSG_DEBUG, "ctrl_iface sendto failed: %s", 794 strerror(errno)); 795 } 796 } 797 } else { 798 /* return FAIL for all other signals */ 799 if (sendto(priv->sock, "FAIL\n", 5, 0, 800 (struct sockaddr *) &from, fromlen) < 0) { 801 wpa_printf(MSG_DEBUG, 802 "ctrl_iface sendto failed: %s", 803 strerror(errno)); 804 } 805 } 806 } 807 } 808 809 810 /* Global ctrl_iface */ 811 812 static void wpa_supplicant_global_ctrl_iface_receive(int sock, void *eloop_ctx, 813 void *sock_ctx) 814 { 815 struct wpa_global *global = eloop_ctx; 816 struct ctrl_iface_global_priv *priv = sock_ctx; 817 char buf[4096]; 818 int res; 819 struct sockaddr_un from; 820 socklen_t fromlen = sizeof(from); 821 char *reply = NULL, *reply_buf = NULL; 822 size_t reply_len; 823 824 res = recvfrom(sock, buf, sizeof(buf) - 1, 0, 825 (struct sockaddr *) &from, &fromlen); 826 if (res < 0) { 827 wpa_printf(MSG_ERROR, "recvfrom(ctrl_iface): %s", 828 strerror(errno)); 829 return; 830 } 831 buf[res] = '\0'; 832 833 if (os_strcmp(buf, "ATTACH") == 0) { 834 if (wpa_supplicant_ctrl_iface_attach(&priv->ctrl_dst, &from, 835 fromlen, 1)) 836 reply_len = 1; 837 else 838 reply_len = 2; 839 } else if (os_strcmp(buf, "DETACH") == 0) { 840 if (wpa_supplicant_ctrl_iface_detach(&priv->ctrl_dst, &from, 841 fromlen)) 842 reply_len = 1; 843 else 844 reply_len = 2; 845 } else { 846 reply_buf = wpa_supplicant_global_ctrl_iface_process( 847 global, buf, &reply_len); 848 reply = reply_buf; 849 } 850 851 if (!reply && reply_len == 1) { 852 reply = "FAIL\n"; 853 reply_len = 5; 854 } else if (!reply && reply_len == 2) { 855 reply = "OK\n"; 856 reply_len = 3; 857 } 858 859 if (reply) { 860 if (sendto(sock, reply, reply_len, 0, (struct sockaddr *) &from, 861 fromlen) < 0) { 862 wpa_printf(MSG_DEBUG, "ctrl_iface sendto failed: %s", 863 strerror(errno)); 864 } 865 } 866 os_free(reply_buf); 867 } 868 869 870 static int wpas_global_ctrl_iface_open_sock(struct wpa_global *global, 871 struct ctrl_iface_global_priv *priv) 872 { 873 struct sockaddr_un addr; 874 const char *ctrl = global->params.ctrl_interface; 875 int flags; 876 877 wpa_printf(MSG_DEBUG, "Global control interface '%s'", ctrl); 878 879 #ifdef ANDROID 880 if (os_strncmp(ctrl, "@android:", 9) == 0) { 881 priv->sock = android_get_control_socket(ctrl + 9); 882 if (priv->sock < 0) { 883 wpa_printf(MSG_ERROR, "Failed to open Android control " 884 "socket '%s'", ctrl + 9); 885 goto fail; 886 } 887 wpa_printf(MSG_DEBUG, "Using Android control socket '%s'", 888 ctrl + 9); 889 priv->android_control_socket = 1; 890 goto havesock; 891 } 892 893 if (os_strncmp(ctrl, "@abstract:", 10) != 0) { 894 /* 895 * Backwards compatibility - try to open an Android control 896 * socket and if that fails, assume this was a UNIX domain 897 * socket instead. 898 */ 899 priv->sock = android_get_control_socket(ctrl); 900 if (priv->sock >= 0) { 901 wpa_printf(MSG_DEBUG, 902 "Using Android control socket '%s'", 903 ctrl); 904 priv->android_control_socket = 1; 905 goto havesock; 906 } 907 } 908 #endif /* ANDROID */ 909 910 priv->sock = socket(PF_UNIX, SOCK_DGRAM, 0); 911 if (priv->sock < 0) { 912 wpa_printf(MSG_ERROR, "socket(PF_UNIX): %s", strerror(errno)); 913 goto fail; 914 } 915 916 os_memset(&addr, 0, sizeof(addr)); 917 #if defined(__FreeBSD__) || defined(__FreeBSD_kernel__) 918 addr.sun_len = sizeof(addr); 919 #endif /* __FreeBSD__ */ 920 addr.sun_family = AF_UNIX; 921 922 if (os_strncmp(ctrl, "@abstract:", 10) == 0) { 923 addr.sun_path[0] = '\0'; 924 os_strlcpy(addr.sun_path + 1, ctrl + 10, 925 sizeof(addr.sun_path) - 1); 926 if (bind(priv->sock, (struct sockaddr *) &addr, sizeof(addr)) < 927 0) { 928 wpa_printf(MSG_ERROR, "supp-global-ctrl-iface-init: " 929 "bind(PF_UNIX;%s) failed: %s", 930 ctrl, strerror(errno)); 931 goto fail; 932 } 933 wpa_printf(MSG_DEBUG, "Using Abstract control socket '%s'", 934 ctrl + 10); 935 goto havesock; 936 } 937 938 os_strlcpy(addr.sun_path, ctrl, sizeof(addr.sun_path)); 939 if (bind(priv->sock, (struct sockaddr *) &addr, sizeof(addr)) < 0) { 940 wpa_printf(MSG_INFO, "supp-global-ctrl-iface-init(%s) (will try fixup): bind(PF_UNIX): %s", 941 ctrl, strerror(errno)); 942 if (connect(priv->sock, (struct sockaddr *) &addr, 943 sizeof(addr)) < 0) { 944 wpa_printf(MSG_DEBUG, "ctrl_iface exists, but does not" 945 " allow connections - assuming it was left" 946 "over from forced program termination"); 947 if (unlink(ctrl) < 0) { 948 wpa_printf(MSG_ERROR, 949 "Could not unlink existing ctrl_iface socket '%s': %s", 950 ctrl, strerror(errno)); 951 goto fail; 952 } 953 if (bind(priv->sock, (struct sockaddr *) &addr, 954 sizeof(addr)) < 0) { 955 wpa_printf(MSG_ERROR, "supp-glb-iface-init: bind(PF_UNIX;%s): %s", 956 ctrl, strerror(errno)); 957 goto fail; 958 } 959 wpa_printf(MSG_DEBUG, "Successfully replaced leftover " 960 "ctrl_iface socket '%s'", 961 ctrl); 962 } else { 963 wpa_printf(MSG_INFO, "ctrl_iface exists and seems to " 964 "be in use - cannot override it"); 965 wpa_printf(MSG_INFO, "Delete '%s' manually if it is " 966 "not used anymore", 967 ctrl); 968 goto fail; 969 } 970 } 971 972 wpa_printf(MSG_DEBUG, "Using UNIX control socket '%s'", ctrl); 973 974 if (global->params.ctrl_interface_group) { 975 char *gid_str = global->params.ctrl_interface_group; 976 gid_t gid = 0; 977 struct group *grp; 978 char *endp; 979 980 grp = getgrnam(gid_str); 981 if (grp) { 982 gid = grp->gr_gid; 983 wpa_printf(MSG_DEBUG, "ctrl_interface_group=%d" 984 " (from group name '%s')", 985 (int) gid, gid_str); 986 } else { 987 /* Group name not found - try to parse this as gid */ 988 gid = strtol(gid_str, &endp, 10); 989 if (*gid_str == '\0' || *endp != '\0') { 990 wpa_printf(MSG_ERROR, "CTRL: Invalid group " 991 "'%s'", gid_str); 992 goto fail; 993 } 994 wpa_printf(MSG_DEBUG, "ctrl_interface_group=%d", 995 (int) gid); 996 } 997 if (chown(ctrl, -1, gid) < 0) { 998 wpa_printf(MSG_ERROR, 999 "chown[global_ctrl_interface=%s,gid=%d]: %s", 1000 ctrl, (int) gid, strerror(errno)); 1001 goto fail; 1002 } 1003 1004 if (chmod(ctrl, S_IRWXU | S_IRWXG) < 0) { 1005 wpa_printf(MSG_ERROR, 1006 "chmod[global_ctrl_interface=%s]: %s", 1007 ctrl, strerror(errno)); 1008 goto fail; 1009 } 1010 } else { 1011 if (chmod(ctrl, S_IRWXU) < 0) { 1012 wpa_printf(MSG_DEBUG, 1013 "chmod[global_ctrl_interface=%s](S_IRWXU): %s", 1014 ctrl, strerror(errno)); 1015 /* continue anyway since group change was not required 1016 */ 1017 } 1018 } 1019 1020 havesock: 1021 1022 /* 1023 * Make socket non-blocking so that we don't hang forever if 1024 * target dies unexpectedly. 1025 */ 1026 flags = fcntl(priv->sock, F_GETFL); 1027 if (flags >= 0) { 1028 flags |= O_NONBLOCK; 1029 if (fcntl(priv->sock, F_SETFL, flags) < 0) { 1030 wpa_printf(MSG_INFO, "fcntl(ctrl, O_NONBLOCK): %s", 1031 strerror(errno)); 1032 /* Not fatal, continue on.*/ 1033 } 1034 } 1035 1036 eloop_register_read_sock(priv->sock, 1037 wpa_supplicant_global_ctrl_iface_receive, 1038 global, priv); 1039 1040 return 0; 1041 1042 fail: 1043 if (priv->sock >= 0) { 1044 close(priv->sock); 1045 priv->sock = -1; 1046 } 1047 return -1; 1048 } 1049 1050 1051 struct ctrl_iface_global_priv * 1052 wpa_supplicant_global_ctrl_iface_init(struct wpa_global *global) 1053 { 1054 struct ctrl_iface_global_priv *priv; 1055 1056 priv = os_zalloc(sizeof(*priv)); 1057 if (priv == NULL) 1058 return NULL; 1059 dl_list_init(&priv->ctrl_dst); 1060 priv->global = global; 1061 priv->sock = -1; 1062 1063 if (global->params.ctrl_interface == NULL) 1064 return priv; 1065 1066 if (wpas_global_ctrl_iface_open_sock(global, priv) < 0) { 1067 os_free(priv); 1068 return NULL; 1069 } 1070 1071 wpa_msg_register_cb(wpa_supplicant_ctrl_iface_msg_cb); 1072 1073 return priv; 1074 } 1075 1076 1077 static int wpas_ctrl_iface_global_reinit(struct wpa_global *global, 1078 struct ctrl_iface_global_priv *priv) 1079 { 1080 int res; 1081 1082 if (priv->sock <= 0) 1083 return -1; 1084 1085 /* 1086 * On Android, the control socket being used may be the socket 1087 * that is created when wpa_supplicant is started as a /init.*.rc 1088 * service. Such a socket is maintained as a key-value pair in 1089 * Android's environment. Closing this control socket would leave us 1090 * in a bad state with an invalid socket descriptor. 1091 */ 1092 if (priv->android_control_socket) 1093 return priv->sock; 1094 1095 eloop_unregister_read_sock(priv->sock); 1096 close(priv->sock); 1097 priv->sock = -1; 1098 res = wpas_global_ctrl_iface_open_sock(global, priv); 1099 if (res < 0) 1100 return -1; 1101 return priv->sock; 1102 } 1103 1104 1105 void 1106 wpa_supplicant_global_ctrl_iface_deinit(struct ctrl_iface_global_priv *priv) 1107 { 1108 struct wpa_ctrl_dst *dst, *prev; 1109 1110 if (priv->sock >= 0) { 1111 eloop_unregister_read_sock(priv->sock); 1112 close(priv->sock); 1113 } 1114 if (priv->global->params.ctrl_interface) 1115 unlink(priv->global->params.ctrl_interface); 1116 dl_list_for_each_safe(dst, prev, &priv->ctrl_dst, struct wpa_ctrl_dst, 1117 list) 1118 os_free(dst); 1119 os_free(priv); 1120 } 1121