1 /* 2 * WPA Supplicant / UNIX domain socket -based control interface 3 * Copyright (c) 2004-2020, Jouni Malinen <j@w1.fi> 4 * 5 * This software may be distributed under the terms of the BSD license. 6 * See README for more details. 7 */ 8 9 #include "includes.h" 10 #include <sys/un.h> 11 #include <sys/stat.h> 12 #include <grp.h> 13 #include <stddef.h> 14 #include <unistd.h> 15 #include <fcntl.h> 16 #ifdef __linux__ 17 #include <sys/ioctl.h> 18 #endif /* __linux__ */ 19 #ifdef ANDROID 20 #include <cutils/sockets.h> 21 #endif /* ANDROID */ 22 23 #include "utils/common.h" 24 #include "utils/eloop.h" 25 #include "utils/list.h" 26 #include "common/ctrl_iface_common.h" 27 #include "eapol_supp/eapol_supp_sm.h" 28 #include "config.h" 29 #include "wpa_supplicant_i.h" 30 #include "ctrl_iface.h" 31 32 /* Per-interface ctrl_iface */ 33 34 struct ctrl_iface_priv { 35 struct wpa_supplicant *wpa_s; 36 int sock; 37 struct dl_list ctrl_dst; 38 int android_control_socket; 39 struct dl_list msg_queue; 40 unsigned int throttle_count; 41 }; 42 43 44 struct ctrl_iface_global_priv { 45 struct wpa_global *global; 46 int sock; 47 struct dl_list ctrl_dst; 48 int android_control_socket; 49 struct dl_list msg_queue; 50 unsigned int throttle_count; 51 }; 52 53 struct ctrl_iface_msg { 54 struct dl_list list; 55 struct wpa_supplicant *wpa_s; 56 int level; 57 enum wpa_msg_type type; 58 const char *txt; 59 size_t len; 60 }; 61 62 63 static void wpa_supplicant_ctrl_iface_send(struct wpa_supplicant *wpa_s, 64 const char *ifname, int sock, 65 struct dl_list *ctrl_dst, 66 int level, const char *buf, 67 size_t len, 68 struct ctrl_iface_priv *priv, 69 struct ctrl_iface_global_priv *gp); 70 static int wpas_ctrl_iface_reinit(struct wpa_supplicant *wpa_s, 71 struct ctrl_iface_priv *priv); 72 static int wpas_ctrl_iface_global_reinit(struct wpa_global *global, 73 struct ctrl_iface_global_priv *priv); 74 75 76 static void wpas_ctrl_sock_debug(const char *title, int sock, const char *buf, 77 size_t len) 78 { 79 #ifdef __linux__ 80 socklen_t optlen; 81 int sndbuf, outq; 82 int level = MSG_MSGDUMP; 83 84 if (len >= 5 && os_strncmp(buf, "PONG\n", 5) == 0) 85 level = MSG_EXCESSIVE; 86 87 optlen = sizeof(sndbuf); 88 sndbuf = 0; 89 if (getsockopt(sock, SOL_SOCKET, SO_SNDBUF, &sndbuf, &optlen) < 0) 90 sndbuf = -1; 91 92 if (ioctl(sock, TIOCOUTQ, &outq) < 0) 93 outq = -1; 94 95 wpa_printf(level, 96 "CTRL-DEBUG: %s: sock=%d sndbuf=%d outq=%d send_len=%d", 97 title, sock, sndbuf, outq, (int) len); 98 #endif /* __linux__ */ 99 } 100 101 102 static int wpa_supplicant_ctrl_iface_attach(struct dl_list *ctrl_dst, 103 struct sockaddr_storage *from, 104 socklen_t fromlen, int global) 105 { 106 return ctrl_iface_attach(ctrl_dst, from, fromlen, NULL); 107 } 108 109 110 static int wpa_supplicant_ctrl_iface_detach(struct dl_list *ctrl_dst, 111 struct sockaddr_storage *from, 112 socklen_t fromlen) 113 { 114 return ctrl_iface_detach(ctrl_dst, from, fromlen); 115 } 116 117 118 static int wpa_supplicant_ctrl_iface_level(struct ctrl_iface_priv *priv, 119 struct sockaddr_storage *from, 120 socklen_t fromlen, 121 char *level) 122 { 123 wpa_printf(MSG_DEBUG, "CTRL_IFACE LEVEL %s", level); 124 125 return ctrl_iface_level(&priv->ctrl_dst, from, fromlen, level); 126 } 127 128 129 static void wpa_supplicant_ctrl_iface_receive(int sock, void *eloop_ctx, 130 void *sock_ctx) 131 { 132 struct wpa_supplicant *wpa_s = eloop_ctx; 133 struct ctrl_iface_priv *priv = sock_ctx; 134 char *buf; 135 int res; 136 struct sockaddr_storage from; 137 socklen_t fromlen = sizeof(from); 138 char *reply = NULL, *reply_buf = NULL; 139 size_t reply_len = 0; 140 int new_attached = 0; 141 142 buf = os_malloc(CTRL_IFACE_MAX_LEN + 1); 143 if (!buf) 144 return; 145 res = recvfrom(sock, buf, CTRL_IFACE_MAX_LEN + 1, 0, 146 (struct sockaddr *) &from, &fromlen); 147 if (res < 0) { 148 wpa_printf(MSG_ERROR, "recvfrom(ctrl_iface): %s", 149 strerror(errno)); 150 os_free(buf); 151 return; 152 } 153 if ((size_t) res > CTRL_IFACE_MAX_LEN) { 154 wpa_printf(MSG_ERROR, "recvform(ctrl_iface): input truncated"); 155 os_free(buf); 156 return; 157 } 158 buf[res] = '\0'; 159 160 if (os_strcmp(buf, "ATTACH") == 0) { 161 if (wpa_supplicant_ctrl_iface_attach(&priv->ctrl_dst, &from, 162 fromlen, 0)) 163 reply_len = 1; 164 else { 165 new_attached = 1; 166 reply_len = 2; 167 } 168 } else if (os_strcmp(buf, "DETACH") == 0) { 169 if (wpa_supplicant_ctrl_iface_detach(&priv->ctrl_dst, &from, 170 fromlen)) 171 reply_len = 1; 172 else 173 reply_len = 2; 174 } else if (os_strncmp(buf, "LEVEL ", 6) == 0) { 175 if (wpa_supplicant_ctrl_iface_level(priv, &from, fromlen, 176 buf + 6)) 177 reply_len = 1; 178 else 179 reply_len = 2; 180 } else { 181 sockaddr_print(wpas_ctrl_cmd_debug_level(buf), 182 "Control interface recv command from:", 183 &from, fromlen); 184 reply_buf = wpa_supplicant_ctrl_iface_process(wpa_s, buf, 185 &reply_len); 186 reply = reply_buf; 187 188 /* 189 * There could be some password/key material in the command, so 190 * clear the buffer explicitly now that it is not needed 191 * anymore. 192 */ 193 os_memset(buf, 0, res); 194 } 195 196 if (!reply && reply_len == 1) { 197 reply = "FAIL\n"; 198 reply_len = 5; 199 } else if (!reply && reply_len == 2) { 200 reply = "OK\n"; 201 reply_len = 3; 202 } 203 204 if (reply) { 205 wpas_ctrl_sock_debug("ctrl_sock-sendto", sock, reply, 206 reply_len); 207 if (sendto(sock, reply, reply_len, 0, (struct sockaddr *) &from, 208 fromlen) < 0) { 209 int _errno = errno; 210 wpa_dbg(wpa_s, MSG_DEBUG, 211 "ctrl_iface sendto failed: %d - %s", 212 _errno, strerror(_errno)); 213 if (_errno == ENOBUFS || _errno == EAGAIN) { 214 /* 215 * The socket send buffer could be full. This 216 * may happen if client programs are not 217 * receiving their pending messages. Close and 218 * reopen the socket as a workaround to avoid 219 * getting stuck being unable to send any new 220 * responses. 221 */ 222 sock = wpas_ctrl_iface_reinit(wpa_s, priv); 223 if (sock < 0) { 224 wpa_dbg(wpa_s, MSG_DEBUG, "Failed to reinitialize ctrl_iface socket"); 225 } 226 } 227 if (new_attached) { 228 wpa_dbg(wpa_s, MSG_DEBUG, "Failed to send response to ATTACH - detaching"); 229 new_attached = 0; 230 wpa_supplicant_ctrl_iface_detach( 231 &priv->ctrl_dst, &from, fromlen); 232 } 233 } 234 } 235 os_free(reply_buf); 236 os_free(buf); 237 238 if (new_attached) 239 eapol_sm_notify_ctrl_attached(wpa_s->eapol); 240 } 241 242 243 static char * wpa_supplicant_ctrl_iface_path(struct wpa_supplicant *wpa_s) 244 { 245 char *buf; 246 size_t len; 247 char *pbuf, *dir = NULL; 248 int res; 249 250 if (wpa_s->conf->ctrl_interface == NULL) 251 return NULL; 252 253 pbuf = os_strdup(wpa_s->conf->ctrl_interface); 254 if (pbuf == NULL) 255 return NULL; 256 if (os_strncmp(pbuf, "DIR=", 4) == 0) { 257 char *gid_str; 258 dir = pbuf + 4; 259 gid_str = os_strstr(dir, " GROUP="); 260 if (gid_str) 261 *gid_str = '\0'; 262 } else 263 dir = pbuf; 264 265 len = os_strlen(dir) + os_strlen(wpa_s->ifname) + 2; 266 buf = os_malloc(len); 267 if (buf == NULL) { 268 os_free(pbuf); 269 return NULL; 270 } 271 272 res = os_snprintf(buf, len, "%s/%s", dir, wpa_s->ifname); 273 if (os_snprintf_error(len, res)) { 274 os_free(pbuf); 275 os_free(buf); 276 return NULL; 277 } 278 #ifdef __CYGWIN__ 279 { 280 /* Windows/WinPcap uses interface names that are not suitable 281 * as a file name - convert invalid chars to underscores */ 282 char *pos = buf; 283 while (*pos) { 284 if (*pos == '\\') 285 *pos = '_'; 286 pos++; 287 } 288 } 289 #endif /* __CYGWIN__ */ 290 os_free(pbuf); 291 return buf; 292 } 293 294 295 static int wpas_ctrl_iface_throttle(int sock) 296 { 297 #ifdef __linux__ 298 socklen_t optlen; 299 int sndbuf, outq; 300 301 optlen = sizeof(sndbuf); 302 sndbuf = 0; 303 if (getsockopt(sock, SOL_SOCKET, SO_SNDBUF, &sndbuf, &optlen) < 0 || 304 ioctl(sock, TIOCOUTQ, &outq) < 0 || 305 sndbuf <= 0 || outq < 0) 306 return 0; 307 return outq > sndbuf / 2; 308 #else /* __linux__ */ 309 return 0; 310 #endif /* __linux__ */ 311 } 312 313 314 static void wpas_ctrl_msg_send_pending_global(struct wpa_global *global) 315 { 316 struct ctrl_iface_global_priv *gpriv; 317 struct ctrl_iface_msg *msg; 318 319 gpriv = global->ctrl_iface; 320 while (gpriv && !dl_list_empty(&gpriv->msg_queue) && 321 !wpas_ctrl_iface_throttle(gpriv->sock)) { 322 msg = dl_list_first(&gpriv->msg_queue, struct ctrl_iface_msg, 323 list); 324 if (!msg) 325 break; 326 dl_list_del(&msg->list); 327 wpa_supplicant_ctrl_iface_send( 328 msg->wpa_s, 329 msg->type != WPA_MSG_PER_INTERFACE ? 330 NULL : msg->wpa_s->ifname, 331 gpriv->sock, &gpriv->ctrl_dst, msg->level, 332 msg->txt, msg->len, NULL, gpriv); 333 os_free(msg); 334 } 335 } 336 337 338 static void wpas_ctrl_msg_send_pending_iface(struct wpa_supplicant *wpa_s) 339 { 340 struct ctrl_iface_priv *priv; 341 struct ctrl_iface_msg *msg; 342 343 priv = wpa_s->ctrl_iface; 344 while (priv && !dl_list_empty(&priv->msg_queue) && 345 !wpas_ctrl_iface_throttle(priv->sock)) { 346 msg = dl_list_first(&priv->msg_queue, struct ctrl_iface_msg, 347 list); 348 if (!msg) 349 break; 350 dl_list_del(&msg->list); 351 wpa_supplicant_ctrl_iface_send(wpa_s, NULL, priv->sock, 352 &priv->ctrl_dst, msg->level, 353 msg->txt, msg->len, priv, NULL); 354 os_free(msg); 355 } 356 } 357 358 359 static void wpas_ctrl_msg_queue_timeout(void *eloop_ctx, void *timeout_ctx) 360 { 361 struct wpa_supplicant *wpa_s = eloop_ctx; 362 struct ctrl_iface_priv *priv; 363 struct ctrl_iface_global_priv *gpriv; 364 int sock = -1, gsock = -1; 365 366 wpas_ctrl_msg_send_pending_global(wpa_s->global); 367 wpas_ctrl_msg_send_pending_iface(wpa_s); 368 369 priv = wpa_s->ctrl_iface; 370 if (priv && !dl_list_empty(&priv->msg_queue)) 371 sock = priv->sock; 372 373 gpriv = wpa_s->global->ctrl_iface; 374 if (gpriv && !dl_list_empty(&gpriv->msg_queue)) 375 gsock = gpriv->sock; 376 377 if (sock > -1 || gsock > -1) { 378 /* Continue pending message transmission from a timeout */ 379 wpa_printf(MSG_MSGDUMP, 380 "CTRL: Had to throttle pending event message transmission for (sock %d gsock %d)", 381 sock, gsock); 382 eloop_register_timeout(0, 20000, wpas_ctrl_msg_queue_timeout, 383 wpa_s, NULL); 384 } 385 } 386 387 388 static void wpas_ctrl_msg_queue(struct dl_list *queue, 389 struct wpa_supplicant *wpa_s, int level, 390 enum wpa_msg_type type, 391 const char *txt, size_t len) 392 { 393 struct ctrl_iface_msg *msg; 394 395 msg = os_zalloc(sizeof(*msg) + len); 396 if (!msg) 397 return; 398 399 msg->wpa_s = wpa_s; 400 msg->level = level; 401 msg->type = type; 402 os_memcpy(msg + 1, txt, len); 403 msg->txt = (const char *) (msg + 1); 404 msg->len = len; 405 dl_list_add_tail(queue, &msg->list); 406 eloop_cancel_timeout(wpas_ctrl_msg_queue_timeout, wpa_s, NULL); 407 eloop_register_timeout(0, 0, wpas_ctrl_msg_queue_timeout, wpa_s, NULL); 408 } 409 410 411 static void wpas_ctrl_msg_queue_limit(unsigned int throttle_count, 412 struct dl_list *queue) 413 { 414 struct ctrl_iface_msg *msg; 415 416 if (throttle_count < 2000) 417 return; 418 419 msg = dl_list_first(queue, struct ctrl_iface_msg, list); 420 if (msg) { 421 wpa_printf(MSG_DEBUG, "CTRL: Dropped oldest pending message"); 422 dl_list_del(&msg->list); 423 os_free(msg); 424 } 425 } 426 427 428 static void wpa_supplicant_ctrl_iface_msg_cb(void *ctx, int level, 429 enum wpa_msg_type type, 430 const char *txt, size_t len) 431 { 432 struct wpa_supplicant *wpa_s = ctx; 433 struct ctrl_iface_priv *priv; 434 struct ctrl_iface_global_priv *gpriv; 435 436 if (wpa_s == NULL) 437 return; 438 439 gpriv = wpa_s->global->ctrl_iface; 440 441 if (type != WPA_MSG_NO_GLOBAL && gpriv && 442 !dl_list_empty(&gpriv->ctrl_dst)) { 443 if (!dl_list_empty(&gpriv->msg_queue) || 444 wpas_ctrl_iface_throttle(gpriv->sock)) { 445 if (gpriv->throttle_count == 0) { 446 wpa_printf(MSG_MSGDUMP, 447 "CTRL: Had to throttle global event message for sock %d", 448 gpriv->sock); 449 } 450 gpriv->throttle_count++; 451 wpas_ctrl_msg_queue_limit(gpriv->throttle_count, 452 &gpriv->msg_queue); 453 wpas_ctrl_msg_queue(&gpriv->msg_queue, wpa_s, level, 454 type, txt, len); 455 } else { 456 if (gpriv->throttle_count) { 457 wpa_printf(MSG_MSGDUMP, 458 "CTRL: Had to throttle %u global event message(s) for sock %d", 459 gpriv->throttle_count, gpriv->sock); 460 } 461 gpriv->throttle_count = 0; 462 wpa_supplicant_ctrl_iface_send( 463 wpa_s, 464 type != WPA_MSG_PER_INTERFACE ? 465 NULL : wpa_s->ifname, 466 gpriv->sock, &gpriv->ctrl_dst, level, 467 txt, len, NULL, gpriv); 468 } 469 } 470 471 priv = wpa_s->ctrl_iface; 472 473 if (type != WPA_MSG_ONLY_GLOBAL && priv) { 474 if (!dl_list_empty(&priv->msg_queue) || 475 wpas_ctrl_iface_throttle(priv->sock)) { 476 if (priv->throttle_count == 0) { 477 wpa_printf(MSG_MSGDUMP, 478 "CTRL: Had to throttle event message for sock %d", 479 priv->sock); 480 } 481 priv->throttle_count++; 482 wpas_ctrl_msg_queue_limit(priv->throttle_count, 483 &priv->msg_queue); 484 wpas_ctrl_msg_queue(&priv->msg_queue, wpa_s, level, 485 type, txt, len); 486 } else { 487 if (priv->throttle_count) { 488 wpa_printf(MSG_MSGDUMP, 489 "CTRL: Had to throttle %u event message(s) for sock %d", 490 priv->throttle_count, priv->sock); 491 } 492 priv->throttle_count = 0; 493 wpa_supplicant_ctrl_iface_send(wpa_s, NULL, priv->sock, 494 &priv->ctrl_dst, level, 495 txt, len, priv, NULL); 496 } 497 } 498 } 499 500 501 static int wpas_ctrl_iface_open_sock(struct wpa_supplicant *wpa_s, 502 struct ctrl_iface_priv *priv) 503 { 504 struct sockaddr_un addr; 505 char *fname = NULL; 506 gid_t gid = 0; 507 int gid_set = 0; 508 char *buf, *dir = NULL, *gid_str = NULL; 509 struct group *grp; 510 char *endp; 511 int flags; 512 #if defined(__FreeBSD__) 513 int optval, rc; 514 socklen_t optlen; 515 #endif 516 517 buf = os_strdup(wpa_s->conf->ctrl_interface); 518 if (buf == NULL) 519 goto fail; 520 #ifdef ANDROID 521 os_snprintf(addr.sun_path, sizeof(addr.sun_path), "wpa_%s", 522 wpa_s->conf->ctrl_interface); 523 priv->sock = android_get_control_socket(addr.sun_path); 524 if (priv->sock >= 0) { 525 priv->android_control_socket = 1; 526 goto havesock; 527 } 528 #endif /* ANDROID */ 529 if (os_strncmp(buf, "DIR=", 4) == 0) { 530 dir = buf + 4; 531 gid_str = os_strstr(dir, " GROUP="); 532 if (gid_str) { 533 *gid_str = '\0'; 534 gid_str += 7; 535 } 536 } else { 537 dir = buf; 538 gid_str = wpa_s->conf->ctrl_interface_group; 539 } 540 541 if (mkdir(dir, S_IRWXU | S_IRWXG) < 0) { 542 if (errno == EEXIST) { 543 wpa_printf(MSG_DEBUG, "Using existing control " 544 "interface directory."); 545 } else { 546 wpa_printf(MSG_ERROR, "mkdir[ctrl_interface=%s]: %s", 547 dir, strerror(errno)); 548 goto fail; 549 } 550 } 551 552 #ifdef ANDROID 553 /* 554 * wpa_supplicant is started from /init.*.rc on Android and that seems 555 * to be using umask 0077 which would leave the control interface 556 * directory without group access. This breaks things since Wi-Fi 557 * framework assumes that this directory can be accessed by other 558 * applications in the wifi group. Fix this by adding group access even 559 * if umask value would prevent this. 560 */ 561 if (chmod(dir, S_IRWXU | S_IRWXG) < 0) { 562 wpa_printf(MSG_ERROR, "CTRL: Could not chmod directory: %s", 563 strerror(errno)); 564 /* Try to continue anyway */ 565 } 566 #endif /* ANDROID */ 567 568 if (gid_str) { 569 grp = getgrnam(gid_str); 570 if (grp) { 571 gid = grp->gr_gid; 572 gid_set = 1; 573 wpa_printf(MSG_DEBUG, "ctrl_interface_group=%d" 574 " (from group name '%s')", 575 (int) gid, gid_str); 576 } else { 577 /* Group name not found - try to parse this as gid */ 578 gid = strtol(gid_str, &endp, 10); 579 if (*gid_str == '\0' || *endp != '\0') { 580 wpa_printf(MSG_ERROR, "CTRL: Invalid group " 581 "'%s'", gid_str); 582 goto fail; 583 } 584 gid_set = 1; 585 wpa_printf(MSG_DEBUG, "ctrl_interface_group=%d", 586 (int) gid); 587 } 588 } 589 590 if (gid_set && lchown(dir, -1, gid) < 0) { 591 wpa_printf(MSG_ERROR, "lchown[ctrl_interface=%s,gid=%d]: %s", 592 dir, (int) gid, strerror(errno)); 593 goto fail; 594 } 595 596 /* Make sure the group can enter and read the directory */ 597 if (gid_set && 598 chmod(dir, S_IRUSR | S_IWUSR | S_IXUSR | S_IRGRP | S_IXGRP) < 0) { 599 wpa_printf(MSG_ERROR, "CTRL: chmod[ctrl_interface]: %s", 600 strerror(errno)); 601 goto fail; 602 } 603 604 if (os_strlen(dir) + 1 + os_strlen(wpa_s->ifname) >= 605 sizeof(addr.sun_path)) { 606 wpa_printf(MSG_ERROR, "ctrl_iface path limit exceeded"); 607 goto fail; 608 } 609 610 priv->sock = socket(PF_UNIX, SOCK_DGRAM, 0); 611 if (priv->sock < 0) { 612 wpa_printf(MSG_ERROR, "socket(PF_UNIX): %s", strerror(errno)); 613 goto fail; 614 } 615 616 os_memset(&addr, 0, sizeof(addr)); 617 #if defined(__FreeBSD__) || defined(__FreeBSD_kernel__) 618 addr.sun_len = sizeof(addr); 619 #endif /* __FreeBSD__ */ 620 addr.sun_family = AF_UNIX; 621 fname = wpa_supplicant_ctrl_iface_path(wpa_s); 622 if (fname == NULL) 623 goto fail; 624 os_strlcpy(addr.sun_path, fname, sizeof(addr.sun_path)); 625 if (bind(priv->sock, (struct sockaddr *) &addr, sizeof(addr)) < 0) { 626 wpa_printf(MSG_DEBUG, "ctrl_iface bind(PF_UNIX) failed: %s", 627 strerror(errno)); 628 if (connect(priv->sock, (struct sockaddr *) &addr, 629 sizeof(addr)) < 0) { 630 wpa_printf(MSG_DEBUG, "ctrl_iface exists, but does not" 631 " allow connections - assuming it was left" 632 "over from forced program termination"); 633 if (unlink(fname) < 0) { 634 wpa_printf(MSG_ERROR, 635 "Could not unlink existing ctrl_iface socket '%s': %s", 636 fname, strerror(errno)); 637 goto fail; 638 } 639 if (bind(priv->sock, (struct sockaddr *) &addr, 640 sizeof(addr)) < 0) { 641 wpa_printf(MSG_ERROR, "supp-ctrl-iface-init: bind(PF_UNIX): %s", 642 strerror(errno)); 643 goto fail; 644 } 645 wpa_printf(MSG_DEBUG, "Successfully replaced leftover " 646 "ctrl_iface socket '%s'", fname); 647 } else { 648 wpa_printf(MSG_INFO, "ctrl_iface exists and seems to " 649 "be in use - cannot override it"); 650 wpa_printf(MSG_INFO, "Delete '%s' manually if it is " 651 "not used anymore", fname); 652 os_free(fname); 653 fname = NULL; 654 goto fail; 655 } 656 } 657 658 if (gid_set && lchown(fname, -1, gid) < 0) { 659 wpa_printf(MSG_ERROR, "lchown[ctrl_interface=%s,gid=%d]: %s", 660 fname, (int) gid, strerror(errno)); 661 goto fail; 662 } 663 664 if (chmod(fname, S_IRWXU | S_IRWXG) < 0) { 665 wpa_printf(MSG_ERROR, "chmod[ctrl_interface=%s]: %s", 666 fname, strerror(errno)); 667 goto fail; 668 } 669 os_free(fname); 670 671 #ifdef ANDROID 672 havesock: 673 #endif /* ANDROID */ 674 675 /* 676 * Make socket non-blocking so that we don't hang forever if 677 * target dies unexpectedly. 678 */ 679 flags = fcntl(priv->sock, F_GETFL); 680 if (flags >= 0) { 681 flags |= O_NONBLOCK; 682 if (fcntl(priv->sock, F_SETFL, flags) < 0) { 683 wpa_printf(MSG_INFO, "fcntl(ctrl, O_NONBLOCK): %s", 684 strerror(errno)); 685 /* Not fatal, continue on.*/ 686 } 687 } 688 689 #if defined(__FreeBSD__) 690 /* Ensure we can send a full length message atomically. */ 691 optval = 0; 692 optlen = sizeof(optval); 693 if (getsockopt(priv->sock, SOL_SOCKET, SO_SNDBUF, &optval, &optlen) == -1) { 694 wpa_printf(MSG_INFO, "failed to get sndbuf for sock=%d: %s", 695 priv->sock, strerror(errno)); 696 } else if (optval < CTRL_IFACE_MAX_LEN) { 697 optval = CTRL_IFACE_MAX_LEN; 698 if (setsockopt(priv->sock, SOL_SOCKET, SO_SNDBUF, &optval, 699 sizeof(optval)) == -1) 700 wpa_printf(MSG_ERROR, "failed to set sndbuf for " 701 "sock=%d: %s", priv->sock, strerror(errno)); 702 } 703 #endif 704 705 eloop_register_read_sock(priv->sock, wpa_supplicant_ctrl_iface_receive, 706 wpa_s, priv); 707 wpa_msg_register_cb(wpa_supplicant_ctrl_iface_msg_cb); 708 709 os_free(buf); 710 return 0; 711 712 fail: 713 if (priv->sock >= 0) { 714 close(priv->sock); 715 priv->sock = -1; 716 } 717 if (fname) { 718 unlink(fname); 719 os_free(fname); 720 } 721 os_free(buf); 722 return -1; 723 } 724 725 726 struct ctrl_iface_priv * 727 wpa_supplicant_ctrl_iface_init(struct wpa_supplicant *wpa_s) 728 { 729 struct ctrl_iface_priv *priv; 730 731 priv = os_zalloc(sizeof(*priv)); 732 if (priv == NULL) 733 return NULL; 734 dl_list_init(&priv->ctrl_dst); 735 dl_list_init(&priv->msg_queue); 736 priv->wpa_s = wpa_s; 737 priv->sock = -1; 738 739 if (wpa_s->conf->ctrl_interface == NULL) 740 return priv; 741 742 #ifdef ANDROID 743 if (wpa_s->global->params.ctrl_interface) { 744 int same = 0; 745 746 if (wpa_s->global->params.ctrl_interface[0] == '/') { 747 if (os_strcmp(wpa_s->global->params.ctrl_interface, 748 wpa_s->conf->ctrl_interface) == 0) 749 same = 1; 750 } else if (os_strncmp(wpa_s->global->params.ctrl_interface, 751 "@android:", 9) == 0 || 752 os_strncmp(wpa_s->global->params.ctrl_interface, 753 "@abstract:", 10) == 0) { 754 char *pos; 755 756 /* 757 * Currently, Android uses @android:wpa_* as the naming 758 * convention for the global ctrl interface. This logic 759 * needs to be revisited if the above naming convention 760 * is modified. 761 */ 762 pos = os_strchr(wpa_s->global->params.ctrl_interface, 763 '_'); 764 if (pos && 765 os_strcmp(pos + 1, 766 wpa_s->conf->ctrl_interface) == 0) 767 same = 1; 768 } 769 770 if (same) { 771 /* 772 * The invalid configuration combination might be 773 * possible to hit in an Android OTA upgrade case, so 774 * instead of refusing to start the wpa_supplicant 775 * process, do not open the per-interface ctrl_iface 776 * and continue with the global control interface that 777 * was set from the command line since the Wi-Fi 778 * framework will use it for operations. 779 */ 780 wpa_printf(MSG_ERROR, 781 "global ctrl interface %s matches ctrl interface %s - do not open per-interface ctrl interface", 782 wpa_s->global->params.ctrl_interface, 783 wpa_s->conf->ctrl_interface); 784 return priv; 785 } 786 } 787 #endif /* ANDROID */ 788 789 if (wpas_ctrl_iface_open_sock(wpa_s, priv) < 0) { 790 os_free(priv); 791 return NULL; 792 } 793 794 return priv; 795 } 796 797 798 static int wpas_ctrl_iface_reinit(struct wpa_supplicant *wpa_s, 799 struct ctrl_iface_priv *priv) 800 { 801 int res; 802 803 if (priv->sock <= 0) 804 return -1; 805 806 /* 807 * On Android, the control socket being used may be the socket 808 * that is created when wpa_supplicant is started as a /init.*.rc 809 * service. Such a socket is maintained as a key-value pair in 810 * Android's environment. Closing this control socket would leave us 811 * in a bad state with an invalid socket descriptor. 812 */ 813 if (priv->android_control_socket) 814 return priv->sock; 815 816 eloop_unregister_read_sock(priv->sock); 817 close(priv->sock); 818 priv->sock = -1; 819 res = wpas_ctrl_iface_open_sock(wpa_s, priv); 820 if (res < 0) 821 return -1; 822 return priv->sock; 823 } 824 825 826 static void 827 wpas_global_ctrl_iface_flush_queued_msg(struct wpa_global *global, 828 struct wpa_supplicant *wpa_s) 829 { 830 struct ctrl_iface_global_priv *gpriv; 831 struct ctrl_iface_msg *msg, *prev_msg; 832 unsigned int count = 0; 833 834 if (!global || !global->ctrl_iface) 835 return; 836 837 gpriv = global->ctrl_iface; 838 dl_list_for_each_safe(msg, prev_msg, &gpriv->msg_queue, 839 struct ctrl_iface_msg, list) { 840 if (msg->wpa_s == wpa_s) { 841 count++; 842 dl_list_del(&msg->list); 843 os_free(msg); 844 } 845 } 846 847 if (count) { 848 wpa_printf(MSG_DEBUG, 849 "CTRL: Dropped %u pending message(s) for interface that is being removed", 850 count); 851 } 852 } 853 854 855 void wpa_supplicant_ctrl_iface_deinit(struct wpa_supplicant *wpa_s, 856 struct ctrl_iface_priv *priv) 857 { 858 struct wpa_ctrl_dst *dst, *prev; 859 struct ctrl_iface_msg *msg, *prev_msg; 860 struct ctrl_iface_global_priv *gpriv; 861 862 if (!priv) { 863 /* Control interface has not yet been initialized, so there is 864 * nothing to deinitialize here. However, there might be a 865 * pending message for this interface, so get rid of any such 866 * entry before completing interface removal. */ 867 wpas_global_ctrl_iface_flush_queued_msg(wpa_s->global, wpa_s); 868 eloop_cancel_timeout(wpas_ctrl_msg_queue_timeout, wpa_s, NULL); 869 return; 870 } 871 872 if (priv->sock > -1) { 873 char *fname; 874 char *buf, *dir = NULL; 875 eloop_unregister_read_sock(priv->sock); 876 if (!dl_list_empty(&priv->ctrl_dst)) { 877 /* 878 * Wait before closing the control socket if 879 * there are any attached monitors in order to allow 880 * them to receive any pending messages. 881 */ 882 wpa_printf(MSG_DEBUG, "CTRL_IFACE wait for attached " 883 "monitors to receive messages"); 884 os_sleep(0, 100000); 885 } 886 close(priv->sock); 887 priv->sock = -1; 888 fname = wpa_supplicant_ctrl_iface_path(priv->wpa_s); 889 if (fname) { 890 unlink(fname); 891 os_free(fname); 892 } 893 894 if (priv->wpa_s->conf->ctrl_interface == NULL) 895 goto free_dst; 896 buf = os_strdup(priv->wpa_s->conf->ctrl_interface); 897 if (buf == NULL) 898 goto free_dst; 899 if (os_strncmp(buf, "DIR=", 4) == 0) { 900 char *gid_str; 901 dir = buf + 4; 902 gid_str = os_strstr(dir, " GROUP="); 903 if (gid_str) 904 *gid_str = '\0'; 905 } else 906 dir = buf; 907 908 if (rmdir(dir) < 0) { 909 if (errno == ENOTEMPTY) { 910 wpa_printf(MSG_DEBUG, "Control interface " 911 "directory not empty - leaving it " 912 "behind"); 913 } else { 914 wpa_printf(MSG_ERROR, 915 "rmdir[ctrl_interface=%s]: %s", 916 dir, strerror(errno)); 917 } 918 } 919 os_free(buf); 920 } 921 922 free_dst: 923 dl_list_for_each_safe(dst, prev, &priv->ctrl_dst, struct wpa_ctrl_dst, 924 list) { 925 dl_list_del(&dst->list); 926 os_free(dst); 927 } 928 dl_list_for_each_safe(msg, prev_msg, &priv->msg_queue, 929 struct ctrl_iface_msg, list) { 930 dl_list_del(&msg->list); 931 os_free(msg); 932 } 933 gpriv = priv->wpa_s->global->ctrl_iface; 934 if (gpriv) { 935 dl_list_for_each_safe(msg, prev_msg, &gpriv->msg_queue, 936 struct ctrl_iface_msg, list) { 937 if (msg->wpa_s == priv->wpa_s) { 938 dl_list_del(&msg->list); 939 os_free(msg); 940 } 941 } 942 } 943 wpas_global_ctrl_iface_flush_queued_msg(wpa_s->global, wpa_s); 944 eloop_cancel_timeout(wpas_ctrl_msg_queue_timeout, priv->wpa_s, NULL); 945 os_free(priv); 946 } 947 948 949 /** 950 * wpa_supplicant_ctrl_iface_send - Send a control interface packet to monitors 951 * @ifname: Interface name for global control socket or %NULL 952 * @sock: Local socket fd 953 * @ctrl_dst: List of attached listeners 954 * @level: Priority level of the message 955 * @buf: Message data 956 * @len: Message length 957 * 958 * Send a packet to all monitor programs attached to the control interface. 959 */ 960 static void wpa_supplicant_ctrl_iface_send(struct wpa_supplicant *wpa_s, 961 const char *ifname, int sock, 962 struct dl_list *ctrl_dst, 963 int level, const char *buf, 964 size_t len, 965 struct ctrl_iface_priv *priv, 966 struct ctrl_iface_global_priv *gp) 967 { 968 struct wpa_ctrl_dst *dst, *next; 969 char levelstr[10]; 970 int idx, res; 971 struct msghdr msg; 972 struct iovec io[5]; 973 974 if (sock < 0 || dl_list_empty(ctrl_dst)) 975 return; 976 977 res = os_snprintf(levelstr, sizeof(levelstr), "<%d>", level); 978 if (os_snprintf_error(sizeof(levelstr), res)) 979 return; 980 idx = 0; 981 if (ifname) { 982 io[idx].iov_base = "IFNAME="; 983 io[idx].iov_len = 7; 984 idx++; 985 io[idx].iov_base = (char *) ifname; 986 io[idx].iov_len = os_strlen(ifname); 987 idx++; 988 io[idx].iov_base = " "; 989 io[idx].iov_len = 1; 990 idx++; 991 } 992 io[idx].iov_base = levelstr; 993 io[idx].iov_len = os_strlen(levelstr); 994 idx++; 995 io[idx].iov_base = (char *) buf; 996 io[idx].iov_len = len; 997 idx++; 998 os_memset(&msg, 0, sizeof(msg)); 999 msg.msg_iov = io; 1000 msg.msg_iovlen = idx; 1001 1002 dl_list_for_each_safe(dst, next, ctrl_dst, struct wpa_ctrl_dst, list) { 1003 int _errno; 1004 char txt[200]; 1005 1006 if (level < dst->debug_level) 1007 continue; 1008 1009 msg.msg_name = (void *) &dst->addr; 1010 msg.msg_namelen = dst->addrlen; 1011 wpas_ctrl_sock_debug("ctrl_sock-sendmsg", sock, buf, len); 1012 if (sendmsg(sock, &msg, MSG_DONTWAIT) >= 0) { 1013 sockaddr_print(MSG_MSGDUMP, 1014 "CTRL_IFACE monitor sent successfully to", 1015 &dst->addr, dst->addrlen); 1016 dst->errors = 0; 1017 continue; 1018 } 1019 1020 _errno = errno; 1021 os_snprintf(txt, sizeof(txt), "CTRL_IFACE monitor: %d (%s) for", 1022 _errno, strerror(_errno)); 1023 sockaddr_print(MSG_DEBUG, txt, &dst->addr, dst->addrlen); 1024 dst->errors++; 1025 1026 if (dst->errors > 10 || _errno == ENOENT || _errno == EPERM) { 1027 sockaddr_print(MSG_INFO, "CTRL_IFACE: Detach monitor that cannot receive messages:", 1028 &dst->addr, dst->addrlen); 1029 wpa_supplicant_ctrl_iface_detach(ctrl_dst, &dst->addr, 1030 dst->addrlen); 1031 } 1032 1033 if (_errno == ENOBUFS || _errno == EAGAIN) { 1034 /* 1035 * The socket send buffer could be full. This may happen 1036 * if client programs are not receiving their pending 1037 * messages. Close and reopen the socket as a workaround 1038 * to avoid getting stuck being unable to send any new 1039 * responses. 1040 */ 1041 if (priv) 1042 sock = wpas_ctrl_iface_reinit(wpa_s, priv); 1043 else if (gp) 1044 sock = wpas_ctrl_iface_global_reinit( 1045 wpa_s->global, gp); 1046 else 1047 break; 1048 if (sock < 0) { 1049 wpa_dbg(wpa_s, MSG_DEBUG, 1050 "Failed to reinitialize ctrl_iface socket"); 1051 break; 1052 } 1053 } 1054 } 1055 } 1056 1057 1058 void wpa_supplicant_ctrl_iface_wait(struct ctrl_iface_priv *priv) 1059 { 1060 char buf[256]; 1061 int res; 1062 struct sockaddr_storage from; 1063 socklen_t fromlen = sizeof(from); 1064 1065 if (priv->sock == -1) 1066 return; 1067 1068 for (;;) { 1069 wpa_printf(MSG_DEBUG, "CTRL_IFACE - %s - wait for monitor to " 1070 "attach", priv->wpa_s->ifname); 1071 eloop_wait_for_read_sock(priv->sock); 1072 1073 res = recvfrom(priv->sock, buf, sizeof(buf) - 1, 0, 1074 (struct sockaddr *) &from, &fromlen); 1075 if (res < 0) { 1076 wpa_printf(MSG_ERROR, "recvfrom(ctrl_iface): %s", 1077 strerror(errno)); 1078 continue; 1079 } 1080 buf[res] = '\0'; 1081 1082 if (os_strcmp(buf, "ATTACH") == 0) { 1083 /* handle ATTACH signal of first monitor interface */ 1084 if (!wpa_supplicant_ctrl_iface_attach(&priv->ctrl_dst, 1085 &from, fromlen, 1086 0)) { 1087 if (sendto(priv->sock, "OK\n", 3, 0, 1088 (struct sockaddr *) &from, fromlen) < 1089 0) { 1090 wpa_printf(MSG_DEBUG, "ctrl_iface sendto failed: %s", 1091 strerror(errno)); 1092 } 1093 /* OK to continue */ 1094 return; 1095 } else { 1096 if (sendto(priv->sock, "FAIL\n", 5, 0, 1097 (struct sockaddr *) &from, fromlen) < 1098 0) { 1099 wpa_printf(MSG_DEBUG, "ctrl_iface sendto failed: %s", 1100 strerror(errno)); 1101 } 1102 } 1103 } else { 1104 /* return FAIL for all other signals */ 1105 if (sendto(priv->sock, "FAIL\n", 5, 0, 1106 (struct sockaddr *) &from, fromlen) < 0) { 1107 wpa_printf(MSG_DEBUG, 1108 "ctrl_iface sendto failed: %s", 1109 strerror(errno)); 1110 } 1111 } 1112 } 1113 } 1114 1115 1116 /* Global ctrl_iface */ 1117 1118 static void wpa_supplicant_global_ctrl_iface_receive(int sock, void *eloop_ctx, 1119 void *sock_ctx) 1120 { 1121 struct wpa_global *global = eloop_ctx; 1122 struct ctrl_iface_global_priv *priv = sock_ctx; 1123 char *buf; 1124 int res; 1125 struct sockaddr_storage from; 1126 socklen_t fromlen = sizeof(from); 1127 char *reply = NULL, *reply_buf = NULL; 1128 size_t reply_len; 1129 1130 buf = os_malloc(CTRL_IFACE_MAX_LEN + 1); 1131 if (!buf) 1132 return; 1133 res = recvfrom(sock, buf, CTRL_IFACE_MAX_LEN + 1, 0, 1134 (struct sockaddr *) &from, &fromlen); 1135 if (res < 0) { 1136 wpa_printf(MSG_ERROR, "recvfrom(ctrl_iface): %s", 1137 strerror(errno)); 1138 os_free(buf); 1139 return; 1140 } 1141 if ((size_t) res > CTRL_IFACE_MAX_LEN) { 1142 wpa_printf(MSG_ERROR, "recvform(ctrl_iface): input truncated"); 1143 os_free(buf); 1144 return; 1145 } 1146 buf[res] = '\0'; 1147 1148 if (os_strcmp(buf, "ATTACH") == 0) { 1149 if (wpa_supplicant_ctrl_iface_attach(&priv->ctrl_dst, &from, 1150 fromlen, 1)) 1151 reply_len = 1; 1152 else 1153 reply_len = 2; 1154 } else if (os_strcmp(buf, "DETACH") == 0) { 1155 if (wpa_supplicant_ctrl_iface_detach(&priv->ctrl_dst, &from, 1156 fromlen)) 1157 reply_len = 1; 1158 else 1159 reply_len = 2; 1160 } else { 1161 reply_buf = wpa_supplicant_global_ctrl_iface_process( 1162 global, buf, &reply_len); 1163 reply = reply_buf; 1164 1165 /* 1166 * There could be some password/key material in the command, so 1167 * clear the buffer explicitly now that it is not needed 1168 * anymore. 1169 */ 1170 os_memset(buf, 0, res); 1171 } 1172 1173 if (!reply && reply_len == 1) { 1174 reply = "FAIL\n"; 1175 reply_len = 5; 1176 } else if (!reply && reply_len == 2) { 1177 reply = "OK\n"; 1178 reply_len = 3; 1179 } 1180 1181 if (reply) { 1182 wpas_ctrl_sock_debug("global_ctrl_sock-sendto", 1183 sock, reply, reply_len); 1184 if (sendto(sock, reply, reply_len, 0, (struct sockaddr *) &from, 1185 fromlen) < 0) { 1186 wpa_printf(MSG_DEBUG, "ctrl_iface sendto failed: %s", 1187 strerror(errno)); 1188 } 1189 } 1190 os_free(reply_buf); 1191 os_free(buf); 1192 } 1193 1194 1195 static int wpas_global_ctrl_iface_open_sock(struct wpa_global *global, 1196 struct ctrl_iface_global_priv *priv) 1197 { 1198 struct sockaddr_un addr; 1199 const char *ctrl = global->params.ctrl_interface; 1200 int flags; 1201 1202 wpa_printf(MSG_DEBUG, "Global control interface '%s'", ctrl); 1203 1204 #ifdef ANDROID 1205 if (os_strncmp(ctrl, "@android:", 9) == 0) { 1206 priv->sock = android_get_control_socket(ctrl + 9); 1207 if (priv->sock < 0) { 1208 wpa_printf(MSG_ERROR, "Failed to open Android control " 1209 "socket '%s'", ctrl + 9); 1210 goto fail; 1211 } 1212 wpa_printf(MSG_DEBUG, "Using Android control socket '%s'", 1213 ctrl + 9); 1214 priv->android_control_socket = 1; 1215 goto havesock; 1216 } 1217 1218 if (os_strncmp(ctrl, "@abstract:", 10) != 0) { 1219 /* 1220 * Backwards compatibility - try to open an Android control 1221 * socket and if that fails, assume this was a UNIX domain 1222 * socket instead. 1223 */ 1224 priv->sock = android_get_control_socket(ctrl); 1225 if (priv->sock >= 0) { 1226 wpa_printf(MSG_DEBUG, 1227 "Using Android control socket '%s'", 1228 ctrl); 1229 priv->android_control_socket = 1; 1230 goto havesock; 1231 } 1232 } 1233 #endif /* ANDROID */ 1234 1235 priv->sock = socket(PF_UNIX, SOCK_DGRAM, 0); 1236 if (priv->sock < 0) { 1237 wpa_printf(MSG_ERROR, "socket(PF_UNIX): %s", strerror(errno)); 1238 goto fail; 1239 } 1240 1241 os_memset(&addr, 0, sizeof(addr)); 1242 #if defined(__FreeBSD__) || defined(__FreeBSD_kernel__) 1243 addr.sun_len = sizeof(addr); 1244 #endif /* __FreeBSD__ */ 1245 addr.sun_family = AF_UNIX; 1246 1247 if (os_strncmp(ctrl, "@abstract:", 10) == 0) { 1248 addr.sun_path[0] = '\0'; 1249 os_strlcpy(addr.sun_path + 1, ctrl + 10, 1250 sizeof(addr.sun_path) - 1); 1251 if (bind(priv->sock, (struct sockaddr *) &addr, sizeof(addr)) < 1252 0) { 1253 wpa_printf(MSG_ERROR, "supp-global-ctrl-iface-init: " 1254 "bind(PF_UNIX;%s) failed: %s", 1255 ctrl, strerror(errno)); 1256 goto fail; 1257 } 1258 wpa_printf(MSG_DEBUG, "Using Abstract control socket '%s'", 1259 ctrl + 10); 1260 goto havesock; 1261 } 1262 1263 os_strlcpy(addr.sun_path, ctrl, sizeof(addr.sun_path)); 1264 if (bind(priv->sock, (struct sockaddr *) &addr, sizeof(addr)) < 0) { 1265 wpa_printf(MSG_INFO, "supp-global-ctrl-iface-init(%s) (will try fixup): bind(PF_UNIX): %s", 1266 ctrl, strerror(errno)); 1267 if (connect(priv->sock, (struct sockaddr *) &addr, 1268 sizeof(addr)) < 0) { 1269 wpa_printf(MSG_DEBUG, "ctrl_iface exists, but does not" 1270 " allow connections - assuming it was left" 1271 "over from forced program termination"); 1272 if (unlink(ctrl) < 0) { 1273 wpa_printf(MSG_ERROR, 1274 "Could not unlink existing ctrl_iface socket '%s': %s", 1275 ctrl, strerror(errno)); 1276 goto fail; 1277 } 1278 if (bind(priv->sock, (struct sockaddr *) &addr, 1279 sizeof(addr)) < 0) { 1280 wpa_printf(MSG_ERROR, "supp-glb-iface-init: bind(PF_UNIX;%s): %s", 1281 ctrl, strerror(errno)); 1282 goto fail; 1283 } 1284 wpa_printf(MSG_DEBUG, "Successfully replaced leftover " 1285 "ctrl_iface socket '%s'", 1286 ctrl); 1287 } else { 1288 wpa_printf(MSG_INFO, "ctrl_iface exists and seems to " 1289 "be in use - cannot override it"); 1290 wpa_printf(MSG_INFO, "Delete '%s' manually if it is " 1291 "not used anymore", 1292 ctrl); 1293 goto fail; 1294 } 1295 } 1296 1297 wpa_printf(MSG_DEBUG, "Using UNIX control socket '%s'", ctrl); 1298 1299 if (global->params.ctrl_interface_group) { 1300 char *gid_str = global->params.ctrl_interface_group; 1301 gid_t gid = 0; 1302 struct group *grp; 1303 char *endp; 1304 1305 grp = getgrnam(gid_str); 1306 if (grp) { 1307 gid = grp->gr_gid; 1308 wpa_printf(MSG_DEBUG, "ctrl_interface_group=%d" 1309 " (from group name '%s')", 1310 (int) gid, gid_str); 1311 } else { 1312 /* Group name not found - try to parse this as gid */ 1313 gid = strtol(gid_str, &endp, 10); 1314 if (*gid_str == '\0' || *endp != '\0') { 1315 wpa_printf(MSG_ERROR, "CTRL: Invalid group " 1316 "'%s'", gid_str); 1317 goto fail; 1318 } 1319 wpa_printf(MSG_DEBUG, "ctrl_interface_group=%d", 1320 (int) gid); 1321 } 1322 if (lchown(ctrl, -1, gid) < 0) { 1323 wpa_printf(MSG_ERROR, 1324 "lchown[global_ctrl_interface=%s,gid=%d]: %s", 1325 ctrl, (int) gid, strerror(errno)); 1326 goto fail; 1327 } 1328 1329 if (chmod(ctrl, S_IRWXU | S_IRWXG) < 0) { 1330 wpa_printf(MSG_ERROR, 1331 "chmod[global_ctrl_interface=%s]: %s", 1332 ctrl, strerror(errno)); 1333 goto fail; 1334 } 1335 } else { 1336 if (chmod(ctrl, S_IRWXU) < 0) { 1337 wpa_printf(MSG_DEBUG, 1338 "chmod[global_ctrl_interface=%s](S_IRWXU): %s", 1339 ctrl, strerror(errno)); 1340 /* continue anyway since group change was not required 1341 */ 1342 } 1343 } 1344 1345 havesock: 1346 1347 /* 1348 * Make socket non-blocking so that we don't hang forever if 1349 * target dies unexpectedly. 1350 */ 1351 flags = fcntl(priv->sock, F_GETFL); 1352 if (flags >= 0) { 1353 flags |= O_NONBLOCK; 1354 if (fcntl(priv->sock, F_SETFL, flags) < 0) { 1355 wpa_printf(MSG_INFO, "fcntl(ctrl, O_NONBLOCK): %s", 1356 strerror(errno)); 1357 /* Not fatal, continue on.*/ 1358 } 1359 } 1360 1361 eloop_register_read_sock(priv->sock, 1362 wpa_supplicant_global_ctrl_iface_receive, 1363 global, priv); 1364 1365 return 0; 1366 1367 fail: 1368 if (priv->sock >= 0) { 1369 close(priv->sock); 1370 priv->sock = -1; 1371 } 1372 return -1; 1373 } 1374 1375 1376 struct ctrl_iface_global_priv * 1377 wpa_supplicant_global_ctrl_iface_init(struct wpa_global *global) 1378 { 1379 struct ctrl_iface_global_priv *priv; 1380 1381 priv = os_zalloc(sizeof(*priv)); 1382 if (priv == NULL) 1383 return NULL; 1384 dl_list_init(&priv->ctrl_dst); 1385 dl_list_init(&priv->msg_queue); 1386 priv->global = global; 1387 priv->sock = -1; 1388 1389 if (global->params.ctrl_interface == NULL) 1390 return priv; 1391 1392 if (wpas_global_ctrl_iface_open_sock(global, priv) < 0) { 1393 os_free(priv); 1394 return NULL; 1395 } 1396 1397 wpa_msg_register_cb(wpa_supplicant_ctrl_iface_msg_cb); 1398 1399 return priv; 1400 } 1401 1402 1403 static int wpas_ctrl_iface_global_reinit(struct wpa_global *global, 1404 struct ctrl_iface_global_priv *priv) 1405 { 1406 int res; 1407 1408 if (priv->sock <= 0) 1409 return -1; 1410 1411 /* 1412 * On Android, the control socket being used may be the socket 1413 * that is created when wpa_supplicant is started as a /init.*.rc 1414 * service. Such a socket is maintained as a key-value pair in 1415 * Android's environment. Closing this control socket would leave us 1416 * in a bad state with an invalid socket descriptor. 1417 */ 1418 if (priv->android_control_socket) 1419 return priv->sock; 1420 1421 eloop_unregister_read_sock(priv->sock); 1422 close(priv->sock); 1423 priv->sock = -1; 1424 res = wpas_global_ctrl_iface_open_sock(global, priv); 1425 if (res < 0) 1426 return -1; 1427 return priv->sock; 1428 } 1429 1430 1431 void 1432 wpa_supplicant_global_ctrl_iface_deinit(struct ctrl_iface_global_priv *priv) 1433 { 1434 struct wpa_ctrl_dst *dst, *prev; 1435 struct ctrl_iface_msg *msg, *prev_msg; 1436 1437 if (priv->sock >= 0) { 1438 eloop_unregister_read_sock(priv->sock); 1439 close(priv->sock); 1440 } 1441 if (priv->global->params.ctrl_interface) 1442 unlink(priv->global->params.ctrl_interface); 1443 dl_list_for_each_safe(dst, prev, &priv->ctrl_dst, struct wpa_ctrl_dst, 1444 list) { 1445 dl_list_del(&dst->list); 1446 os_free(dst); 1447 } 1448 dl_list_for_each_safe(msg, prev_msg, &priv->msg_queue, 1449 struct ctrl_iface_msg, list) { 1450 dl_list_del(&msg->list); 1451 os_free(msg); 1452 } 1453 os_free(priv); 1454 } 1455