xref: /freebsd/contrib/wpa/wpa_supplicant/wpa_priv.c (revision 0b3105a37d7adcadcb720112fed4dc4e8040be99)
1 /*
2  * WPA Supplicant / privileged helper program
3  * Copyright (c) 2007-2009, Jouni Malinen <j@w1.fi>
4  *
5  * This software may be distributed under the terms of the BSD license.
6  * See README for more details.
7  */
8 
9 #include "includes.h"
10 #ifdef __linux__
11 #include <fcntl.h>
12 #endif /* __linux__ */
13 #include <sys/un.h>
14 #include <sys/stat.h>
15 
16 #include "common.h"
17 #include "eloop.h"
18 #include "common/version.h"
19 #include "drivers/driver.h"
20 #include "l2_packet/l2_packet.h"
21 #include "common/privsep_commands.h"
22 #include "common/ieee802_11_defs.h"
23 
24 
25 struct wpa_priv_interface {
26 	struct wpa_priv_interface *next;
27 	char *driver_name;
28 	char *ifname;
29 	char *sock_name;
30 	int fd;
31 
32 	const struct wpa_driver_ops *driver;
33 	void *drv_priv;
34 	void *drv_global_priv;
35 	struct sockaddr_un drv_addr;
36 	int wpas_registered;
37 
38 	/* TODO: add support for multiple l2 connections */
39 	struct l2_packet_data *l2;
40 	struct sockaddr_un l2_addr;
41 };
42 
43 
44 static void wpa_priv_cmd_register(struct wpa_priv_interface *iface,
45 				  struct sockaddr_un *from)
46 {
47 	if (iface->drv_priv) {
48 		wpa_printf(MSG_DEBUG, "Cleaning up forgotten driver instance");
49 		if (iface->driver->deinit)
50 			iface->driver->deinit(iface->drv_priv);
51 		iface->drv_priv = NULL;
52 		if (iface->drv_global_priv) {
53 			iface->driver->global_deinit(iface->drv_global_priv);
54 			iface->drv_global_priv = NULL;
55 		}
56 		iface->wpas_registered = 0;
57 	}
58 
59 	if (iface->l2) {
60 		wpa_printf(MSG_DEBUG, "Cleaning up forgotten l2_packet "
61 			   "instance");
62 		l2_packet_deinit(iface->l2);
63 		iface->l2 = NULL;
64 	}
65 
66 	if (iface->driver->init2) {
67 		if (iface->driver->global_init) {
68 			iface->drv_global_priv = iface->driver->global_init();
69 			if (!iface->drv_global_priv) {
70 				wpa_printf(MSG_INFO,
71 					   "Failed to initialize driver global context");
72 				return;
73 			}
74 		} else {
75 			iface->drv_global_priv = NULL;
76 		}
77 		iface->drv_priv = iface->driver->init2(iface, iface->ifname,
78 						       iface->drv_global_priv);
79 	} else if (iface->driver->init) {
80 		iface->drv_priv = iface->driver->init(iface, iface->ifname);
81 	} else {
82 		return;
83 	}
84 	if (iface->drv_priv == NULL) {
85 		wpa_printf(MSG_DEBUG, "Failed to initialize driver wrapper");
86 		return;
87 	}
88 
89 	wpa_printf(MSG_DEBUG, "Driver wrapper '%s' initialized for interface "
90 		   "'%s'", iface->driver_name, iface->ifname);
91 
92 	os_memcpy(&iface->drv_addr, from, sizeof(iface->drv_addr));
93 	iface->wpas_registered = 1;
94 
95 	if (iface->driver->set_param &&
96 	    iface->driver->set_param(iface->drv_priv, NULL) < 0) {
97 		wpa_printf(MSG_ERROR, "Driver interface rejected param");
98 	}
99 }
100 
101 
102 static void wpa_priv_cmd_unregister(struct wpa_priv_interface *iface,
103 				    struct sockaddr_un *from)
104 {
105 	if (iface->drv_priv) {
106 		if (iface->driver->deinit)
107 			iface->driver->deinit(iface->drv_priv);
108 		iface->drv_priv = NULL;
109 		if (iface->drv_global_priv) {
110 			iface->driver->global_deinit(iface->drv_global_priv);
111 			iface->drv_global_priv = NULL;
112 		}
113 		iface->wpas_registered = 0;
114 	}
115 }
116 
117 
118 static void wpa_priv_cmd_scan(struct wpa_priv_interface *iface,
119 			      char *buf, size_t len)
120 {
121 	struct wpa_driver_scan_params params;
122 
123 	if (iface->drv_priv == NULL)
124 		return;
125 
126 	os_memset(&params, 0, sizeof(params));
127 	if (len) {
128 		params.ssids[0].ssid = (u8 *) buf;
129 		params.ssids[0].ssid_len = len;
130 		params.num_ssids = 1;
131 	}
132 
133 	if (iface->driver->scan2)
134 		iface->driver->scan2(iface->drv_priv, &params);
135 }
136 
137 
138 static void wpa_priv_get_scan_results2(struct wpa_priv_interface *iface,
139 				       struct sockaddr_un *from)
140 {
141 	struct wpa_scan_results *res;
142 	u8 *buf = NULL, *pos, *end;
143 	int val;
144 	size_t i;
145 
146 	res = iface->driver->get_scan_results2(iface->drv_priv);
147 	if (res == NULL)
148 		goto fail;
149 
150 	buf = os_malloc(60000);
151 	if (buf == NULL)
152 		goto fail;
153 	pos = buf;
154 	end = buf + 60000;
155 	val = res->num;
156 	os_memcpy(pos, &val, sizeof(int));
157 	pos += sizeof(int);
158 
159 	for (i = 0; i < res->num; i++) {
160 		struct wpa_scan_res *r = res->res[i];
161 		val = sizeof(*r) + r->ie_len;
162 		if (end - pos < (int) sizeof(int) + val)
163 			break;
164 		os_memcpy(pos, &val, sizeof(int));
165 		pos += sizeof(int);
166 		os_memcpy(pos, r, val);
167 		pos += val;
168 	}
169 
170 	sendto(iface->fd, buf, pos - buf, 0, (struct sockaddr *) from,
171 	       sizeof(*from));
172 
173 	os_free(buf);
174 	wpa_scan_results_free(res);
175 	return;
176 
177 fail:
178 	os_free(buf);
179 	wpa_scan_results_free(res);
180 	sendto(iface->fd, "", 0, 0, (struct sockaddr *) from, sizeof(*from));
181 }
182 
183 
184 static void wpa_priv_cmd_get_scan_results(struct wpa_priv_interface *iface,
185 					  struct sockaddr_un *from)
186 {
187 	if (iface->drv_priv == NULL)
188 		return;
189 
190 	if (iface->driver->get_scan_results2)
191 		wpa_priv_get_scan_results2(iface, from);
192 	else
193 		sendto(iface->fd, "", 0, 0, (struct sockaddr *) from,
194 		       sizeof(*from));
195 }
196 
197 
198 static void wpa_priv_cmd_authenticate(struct wpa_priv_interface *iface,
199 				      void *buf, size_t len)
200 {
201 	struct wpa_driver_auth_params params;
202 	struct privsep_cmd_authenticate *auth;
203 	int res, i;
204 
205 	if (iface->drv_priv == NULL || iface->driver->authenticate == NULL)
206 		return;
207 
208 	if (len < sizeof(*auth)) {
209 		wpa_printf(MSG_DEBUG, "Invalid authentication request");
210 		return;
211 	}
212 
213 	auth = buf;
214 	if (sizeof(*auth) + auth->ie_len + auth->sae_data_len > len) {
215 		wpa_printf(MSG_DEBUG, "Authentication request overflow");
216 		return;
217 	}
218 
219 	os_memset(&params, 0, sizeof(params));
220 	params.freq = auth->freq;
221 	params.bssid = auth->bssid;
222 	params.ssid = auth->ssid;
223 	if (auth->ssid_len > SSID_MAX_LEN)
224 		return;
225 	params.ssid_len = auth->ssid_len;
226 	params.auth_alg = auth->auth_alg;
227 	for (i = 0; i < 4; i++) {
228 		if (auth->wep_key_len[i]) {
229 			params.wep_key[i] = auth->wep_key[i];
230 			params.wep_key_len[i] = auth->wep_key_len[i];
231 		}
232 	}
233 	params.wep_tx_keyidx = auth->wep_tx_keyidx;
234 	params.local_state_change = auth->local_state_change;
235 	params.p2p = auth->p2p;
236 	if (auth->ie_len) {
237 		params.ie = (u8 *) (auth + 1);
238 		params.ie_len = auth->ie_len;
239 	}
240 	if (auth->sae_data_len) {
241 		params.sae_data = ((u8 *) (auth + 1)) + auth->ie_len;
242 		params.sae_data_len = auth->sae_data_len;
243 	}
244 
245 	res = iface->driver->authenticate(iface->drv_priv, &params);
246 	wpa_printf(MSG_DEBUG, "drv->authenticate: res=%d", res);
247 }
248 
249 
250 static void wpa_priv_cmd_associate(struct wpa_priv_interface *iface,
251 				   void *buf, size_t len)
252 {
253 	struct wpa_driver_associate_params params;
254 	struct privsep_cmd_associate *assoc;
255 	u8 *bssid;
256 	int res;
257 
258 	if (iface->drv_priv == NULL || iface->driver->associate == NULL)
259 		return;
260 
261 	if (len < sizeof(*assoc)) {
262 		wpa_printf(MSG_DEBUG, "Invalid association request");
263 		return;
264 	}
265 
266 	assoc = buf;
267 	if (sizeof(*assoc) + assoc->wpa_ie_len > len) {
268 		wpa_printf(MSG_DEBUG, "Association request overflow");
269 		return;
270 	}
271 
272 	os_memset(&params, 0, sizeof(params));
273 	bssid = assoc->bssid;
274 	if (bssid[0] | bssid[1] | bssid[2] | bssid[3] | bssid[4] | bssid[5])
275 		params.bssid = bssid;
276 	params.ssid = assoc->ssid;
277 	if (assoc->ssid_len > SSID_MAX_LEN)
278 		return;
279 	params.ssid_len = assoc->ssid_len;
280 	params.freq.mode = assoc->hwmode;
281 	params.freq.freq = assoc->freq;
282 	params.freq.channel = assoc->channel;
283 	if (assoc->wpa_ie_len) {
284 		params.wpa_ie = (u8 *) (assoc + 1);
285 		params.wpa_ie_len = assoc->wpa_ie_len;
286 	}
287 	params.pairwise_suite = assoc->pairwise_suite;
288 	params.group_suite = assoc->group_suite;
289 	params.key_mgmt_suite = assoc->key_mgmt_suite;
290 	params.auth_alg = assoc->auth_alg;
291 	params.mode = assoc->mode;
292 
293 	res = iface->driver->associate(iface->drv_priv, &params);
294 	wpa_printf(MSG_DEBUG, "drv->associate: res=%d", res);
295 }
296 
297 
298 static void wpa_priv_cmd_get_bssid(struct wpa_priv_interface *iface,
299 				   struct sockaddr_un *from)
300 {
301 	u8 bssid[ETH_ALEN];
302 
303 	if (iface->drv_priv == NULL)
304 		goto fail;
305 
306 	if (iface->driver->get_bssid == NULL ||
307 	    iface->driver->get_bssid(iface->drv_priv, bssid) < 0)
308 		goto fail;
309 
310 	sendto(iface->fd, bssid, ETH_ALEN, 0, (struct sockaddr *) from,
311 	       sizeof(*from));
312 	return;
313 
314 fail:
315 	sendto(iface->fd, "", 0, 0, (struct sockaddr *) from, sizeof(*from));
316 }
317 
318 
319 static void wpa_priv_cmd_get_ssid(struct wpa_priv_interface *iface,
320 				  struct sockaddr_un *from)
321 {
322 	u8 ssid[sizeof(int) + SSID_MAX_LEN];
323 	int res;
324 
325 	if (iface->drv_priv == NULL)
326 		goto fail;
327 
328 	if (iface->driver->get_ssid == NULL)
329 		goto fail;
330 
331 	res = iface->driver->get_ssid(iface->drv_priv, &ssid[sizeof(int)]);
332 	if (res < 0 || res > SSID_MAX_LEN)
333 		goto fail;
334 	os_memcpy(ssid, &res, sizeof(int));
335 
336 	sendto(iface->fd, ssid, sizeof(ssid), 0, (struct sockaddr *) from,
337 	       sizeof(*from));
338 	return;
339 
340 fail:
341 	sendto(iface->fd, "", 0, 0, (struct sockaddr *) from, sizeof(*from));
342 }
343 
344 
345 static void wpa_priv_cmd_set_key(struct wpa_priv_interface *iface,
346 				 void *buf, size_t len)
347 {
348 	struct privsep_cmd_set_key *params;
349 	int res;
350 
351 	if (iface->drv_priv == NULL || iface->driver->set_key == NULL)
352 		return;
353 
354 	if (len != sizeof(*params)) {
355 		wpa_printf(MSG_DEBUG, "Invalid set_key request");
356 		return;
357 	}
358 
359 	params = buf;
360 
361 	res = iface->driver->set_key(iface->ifname, iface->drv_priv,
362 				     params->alg,
363 				     params->addr, params->key_idx,
364 				     params->set_tx,
365 				     params->seq_len ? params->seq : NULL,
366 				     params->seq_len,
367 				     params->key_len ? params->key : NULL,
368 				     params->key_len);
369 	wpa_printf(MSG_DEBUG, "drv->set_key: res=%d", res);
370 }
371 
372 
373 static void wpa_priv_cmd_get_capa(struct wpa_priv_interface *iface,
374 				  struct sockaddr_un *from)
375 {
376 	struct wpa_driver_capa capa;
377 
378 	if (iface->drv_priv == NULL)
379 		goto fail;
380 
381 	if (iface->driver->get_capa == NULL ||
382 	    iface->driver->get_capa(iface->drv_priv, &capa) < 0)
383 		goto fail;
384 
385 	/* For now, no support for passing extended_capa pointers */
386 	capa.extended_capa = NULL;
387 	capa.extended_capa_mask = NULL;
388 	capa.extended_capa_len = 0;
389 	sendto(iface->fd, &capa, sizeof(capa), 0, (struct sockaddr *) from,
390 	       sizeof(*from));
391 	return;
392 
393 fail:
394 	sendto(iface->fd, "", 0, 0, (struct sockaddr *) from, sizeof(*from));
395 }
396 
397 
398 static void wpa_priv_l2_rx(void *ctx, const u8 *src_addr, const u8 *buf,
399 			   size_t len)
400 {
401 	struct wpa_priv_interface *iface = ctx;
402 	struct msghdr msg;
403 	struct iovec io[2];
404 
405 	io[0].iov_base = (u8 *) src_addr;
406 	io[0].iov_len = ETH_ALEN;
407 	io[1].iov_base = (u8 *) buf;
408 	io[1].iov_len = len;
409 
410 	os_memset(&msg, 0, sizeof(msg));
411 	msg.msg_iov = io;
412 	msg.msg_iovlen = 2;
413 	msg.msg_name = &iface->l2_addr;
414 	msg.msg_namelen = sizeof(iface->l2_addr);
415 
416 	if (sendmsg(iface->fd, &msg, 0) < 0) {
417 		wpa_printf(MSG_ERROR, "sendmsg(l2 rx): %s", strerror(errno));
418 	}
419 }
420 
421 
422 static void wpa_priv_cmd_l2_register(struct wpa_priv_interface *iface,
423 				     struct sockaddr_un *from,
424 				     void *buf, size_t len)
425 {
426 	int *reg_cmd = buf;
427 	u8 own_addr[ETH_ALEN];
428 	int res;
429 	u16 proto;
430 
431 	if (len != 2 * sizeof(int)) {
432 		wpa_printf(MSG_DEBUG, "Invalid l2_register length %lu",
433 			   (unsigned long) len);
434 		return;
435 	}
436 
437 	proto = reg_cmd[0];
438 	if (proto != ETH_P_EAPOL && proto != ETH_P_RSN_PREAUTH &&
439 	    proto != ETH_P_80211_ENCAP) {
440 		wpa_printf(MSG_DEBUG, "Refused l2_packet connection for "
441 			   "ethertype 0x%x", proto);
442 		return;
443 	}
444 
445 	if (iface->l2) {
446 		wpa_printf(MSG_DEBUG, "Cleaning up forgotten l2_packet "
447 			   "instance");
448 		l2_packet_deinit(iface->l2);
449 		iface->l2 = NULL;
450 	}
451 
452 	os_memcpy(&iface->l2_addr, from, sizeof(iface->l2_addr));
453 
454 	iface->l2 = l2_packet_init(iface->ifname, NULL, proto,
455 				   wpa_priv_l2_rx, iface, reg_cmd[1]);
456 	if (iface->l2 == NULL) {
457 		wpa_printf(MSG_DEBUG, "Failed to initialize l2_packet "
458 			   "instance for protocol %d", proto);
459 		return;
460 	}
461 
462 	if (l2_packet_get_own_addr(iface->l2, own_addr) < 0) {
463 		wpa_printf(MSG_DEBUG, "Failed to get own address from "
464 			   "l2_packet");
465 		l2_packet_deinit(iface->l2);
466 		iface->l2 = NULL;
467 		return;
468 	}
469 
470 	res = sendto(iface->fd, own_addr, ETH_ALEN, 0,
471 		     (struct sockaddr *) from, sizeof(*from));
472 	wpa_printf(MSG_DEBUG, "L2 registration: res=%d", res);
473 }
474 
475 
476 static void wpa_priv_cmd_l2_unregister(struct wpa_priv_interface *iface,
477 				       struct sockaddr_un *from)
478 {
479 	if (iface->l2) {
480 		l2_packet_deinit(iface->l2);
481 		iface->l2 = NULL;
482 	}
483 }
484 
485 
486 static void wpa_priv_cmd_l2_notify_auth_start(struct wpa_priv_interface *iface,
487 					      struct sockaddr_un *from)
488 {
489 	if (iface->l2)
490 		l2_packet_notify_auth_start(iface->l2);
491 }
492 
493 
494 static void wpa_priv_cmd_l2_send(struct wpa_priv_interface *iface,
495 				 struct sockaddr_un *from,
496 				 void *buf, size_t len)
497 {
498 	u8 *dst_addr;
499 	u16 proto;
500 	int res;
501 
502 	if (iface->l2 == NULL)
503 		return;
504 
505 	if (len < ETH_ALEN + 2) {
506 		wpa_printf(MSG_DEBUG, "Too short L2 send packet (len=%lu)",
507 			   (unsigned long) len);
508 		return;
509 	}
510 
511 	dst_addr = buf;
512 	os_memcpy(&proto, buf + ETH_ALEN, 2);
513 
514 	if (proto != ETH_P_EAPOL && proto != ETH_P_RSN_PREAUTH) {
515 		wpa_printf(MSG_DEBUG, "Refused l2_packet send for ethertype "
516 			   "0x%x", proto);
517 		return;
518 	}
519 
520 	res = l2_packet_send(iface->l2, dst_addr, proto, buf + ETH_ALEN + 2,
521 			     len - ETH_ALEN - 2);
522 	wpa_printf(MSG_DEBUG, "L2 send: res=%d", res);
523 }
524 
525 
526 static void wpa_priv_cmd_set_country(struct wpa_priv_interface *iface,
527 				     char *buf)
528 {
529 	if (iface->drv_priv == NULL || iface->driver->set_country == NULL ||
530 	    *buf == '\0')
531 		return;
532 
533 	iface->driver->set_country(iface->drv_priv, buf);
534 }
535 
536 
537 static void wpa_priv_receive(int sock, void *eloop_ctx, void *sock_ctx)
538 {
539 	struct wpa_priv_interface *iface = eloop_ctx;
540 	char buf[2000], *pos;
541 	void *cmd_buf;
542 	size_t cmd_len;
543 	int res, cmd;
544 	struct sockaddr_un from;
545 	socklen_t fromlen = sizeof(from);
546 
547 	res = recvfrom(sock, buf, sizeof(buf), 0, (struct sockaddr *) &from,
548 		       &fromlen);
549 	if (res < 0) {
550 		wpa_printf(MSG_ERROR, "recvfrom: %s", strerror(errno));
551 		return;
552 	}
553 
554 	if (res < (int) sizeof(int)) {
555 		wpa_printf(MSG_DEBUG, "Too short command (len=%d)", res);
556 		return;
557 	}
558 
559 	os_memcpy(&cmd, buf, sizeof(int));
560 	wpa_printf(MSG_DEBUG, "Command %d for interface %s",
561 		   cmd, iface->ifname);
562 	cmd_buf = &buf[sizeof(int)];
563 	cmd_len = res - sizeof(int);
564 
565 	switch (cmd) {
566 	case PRIVSEP_CMD_REGISTER:
567 		wpa_priv_cmd_register(iface, &from);
568 		break;
569 	case PRIVSEP_CMD_UNREGISTER:
570 		wpa_priv_cmd_unregister(iface, &from);
571 		break;
572 	case PRIVSEP_CMD_SCAN:
573 		wpa_priv_cmd_scan(iface, cmd_buf, cmd_len);
574 		break;
575 	case PRIVSEP_CMD_GET_SCAN_RESULTS:
576 		wpa_priv_cmd_get_scan_results(iface, &from);
577 		break;
578 	case PRIVSEP_CMD_ASSOCIATE:
579 		wpa_priv_cmd_associate(iface, cmd_buf, cmd_len);
580 		break;
581 	case PRIVSEP_CMD_GET_BSSID:
582 		wpa_priv_cmd_get_bssid(iface, &from);
583 		break;
584 	case PRIVSEP_CMD_GET_SSID:
585 		wpa_priv_cmd_get_ssid(iface, &from);
586 		break;
587 	case PRIVSEP_CMD_SET_KEY:
588 		wpa_priv_cmd_set_key(iface, cmd_buf, cmd_len);
589 		break;
590 	case PRIVSEP_CMD_GET_CAPA:
591 		wpa_priv_cmd_get_capa(iface, &from);
592 		break;
593 	case PRIVSEP_CMD_L2_REGISTER:
594 		wpa_priv_cmd_l2_register(iface, &from, cmd_buf, cmd_len);
595 		break;
596 	case PRIVSEP_CMD_L2_UNREGISTER:
597 		wpa_priv_cmd_l2_unregister(iface, &from);
598 		break;
599 	case PRIVSEP_CMD_L2_NOTIFY_AUTH_START:
600 		wpa_priv_cmd_l2_notify_auth_start(iface, &from);
601 		break;
602 	case PRIVSEP_CMD_L2_SEND:
603 		wpa_priv_cmd_l2_send(iface, &from, cmd_buf, cmd_len);
604 		break;
605 	case PRIVSEP_CMD_SET_COUNTRY:
606 		pos = cmd_buf;
607 		if (pos + cmd_len >= buf + sizeof(buf))
608 			break;
609 		pos[cmd_len] = '\0';
610 		wpa_priv_cmd_set_country(iface, pos);
611 		break;
612 	case PRIVSEP_CMD_AUTHENTICATE:
613 		wpa_priv_cmd_authenticate(iface, cmd_buf, cmd_len);
614 		break;
615 	}
616 }
617 
618 
619 static void wpa_priv_interface_deinit(struct wpa_priv_interface *iface)
620 {
621 	if (iface->drv_priv && iface->driver->deinit)
622 		iface->driver->deinit(iface->drv_priv);
623 
624 	if (iface->fd >= 0) {
625 		eloop_unregister_read_sock(iface->fd);
626 		close(iface->fd);
627 		unlink(iface->sock_name);
628 	}
629 
630 	if (iface->l2)
631 		l2_packet_deinit(iface->l2);
632 
633 	os_free(iface->ifname);
634 	os_free(iface->driver_name);
635 	os_free(iface->sock_name);
636 	os_free(iface);
637 }
638 
639 
640 static struct wpa_priv_interface *
641 wpa_priv_interface_init(const char *dir, const char *params)
642 {
643 	struct wpa_priv_interface *iface;
644 	char *pos;
645 	size_t len;
646 	struct sockaddr_un addr;
647 	int i;
648 
649 	pos = os_strchr(params, ':');
650 	if (pos == NULL)
651 		return NULL;
652 
653 	iface = os_zalloc(sizeof(*iface));
654 	if (iface == NULL)
655 		return NULL;
656 	iface->fd = -1;
657 
658 	len = pos - params;
659 	iface->driver_name = dup_binstr(params, len);
660 	if (iface->driver_name == NULL) {
661 		wpa_priv_interface_deinit(iface);
662 		return NULL;
663 	}
664 
665 	for (i = 0; wpa_drivers[i]; i++) {
666 		if (os_strcmp(iface->driver_name,
667 			      wpa_drivers[i]->name) == 0) {
668 			iface->driver = wpa_drivers[i];
669 			break;
670 		}
671 	}
672 	if (iface->driver == NULL) {
673 		wpa_printf(MSG_ERROR, "Unsupported driver '%s'",
674 			   iface->driver_name);
675 		wpa_priv_interface_deinit(iface);
676 		return NULL;
677 	}
678 
679 	pos++;
680 	iface->ifname = os_strdup(pos);
681 	if (iface->ifname == NULL) {
682 		wpa_priv_interface_deinit(iface);
683 		return NULL;
684 	}
685 
686 	len = os_strlen(dir) + 1 + os_strlen(iface->ifname);
687 	iface->sock_name = os_malloc(len + 1);
688 	if (iface->sock_name == NULL) {
689 		wpa_priv_interface_deinit(iface);
690 		return NULL;
691 	}
692 
693 	os_snprintf(iface->sock_name, len + 1, "%s/%s", dir, iface->ifname);
694 	if (os_strlen(iface->sock_name) >= sizeof(addr.sun_path)) {
695 		wpa_priv_interface_deinit(iface);
696 		return NULL;
697 	}
698 
699 	iface->fd = socket(PF_UNIX, SOCK_DGRAM, 0);
700 	if (iface->fd < 0) {
701 		wpa_printf(MSG_ERROR, "socket(PF_UNIX): %s", strerror(errno));
702 		wpa_priv_interface_deinit(iface);
703 		return NULL;
704 	}
705 
706 	os_memset(&addr, 0, sizeof(addr));
707 	addr.sun_family = AF_UNIX;
708 	os_strlcpy(addr.sun_path, iface->sock_name, sizeof(addr.sun_path));
709 
710 	if (bind(iface->fd, (struct sockaddr *) &addr, sizeof(addr)) < 0) {
711 		wpa_printf(MSG_DEBUG, "bind(PF_UNIX) failed: %s",
712 			   strerror(errno));
713 		if (connect(iface->fd, (struct sockaddr *) &addr,
714 			    sizeof(addr)) < 0) {
715 			wpa_printf(MSG_DEBUG, "Socket exists, but does not "
716 				   "allow connections - assuming it was "
717 				   "leftover from forced program termination");
718 			if (unlink(iface->sock_name) < 0) {
719 				wpa_printf(MSG_ERROR,
720 					   "Could not unlink existing ctrl_iface socket '%s': %s",
721 					   iface->sock_name, strerror(errno));
722 				goto fail;
723 			}
724 			if (bind(iface->fd, (struct sockaddr *) &addr,
725 				 sizeof(addr)) < 0) {
726 				wpa_printf(MSG_ERROR,
727 					   "wpa-priv-iface-init: bind(PF_UNIX): %s",
728 					   strerror(errno));
729 				goto fail;
730 			}
731 			wpa_printf(MSG_DEBUG, "Successfully replaced leftover "
732 				   "socket '%s'", iface->sock_name);
733 		} else {
734 			wpa_printf(MSG_INFO, "Socket exists and seems to be "
735 				   "in use - cannot override it");
736 			wpa_printf(MSG_INFO, "Delete '%s' manually if it is "
737 				   "not used anymore", iface->sock_name);
738 			goto fail;
739 		}
740 	}
741 
742 	if (chmod(iface->sock_name, S_IRWXU | S_IRWXG | S_IRWXO) < 0) {
743 		wpa_printf(MSG_ERROR, "chmod: %s", strerror(errno));
744 		goto fail;
745 	}
746 
747 	eloop_register_read_sock(iface->fd, wpa_priv_receive, iface, NULL);
748 
749 	return iface;
750 
751 fail:
752 	wpa_priv_interface_deinit(iface);
753 	return NULL;
754 }
755 
756 
757 static int wpa_priv_send_event(struct wpa_priv_interface *iface, int event,
758 			       const void *data, size_t data_len)
759 {
760 	struct msghdr msg;
761 	struct iovec io[2];
762 
763 	io[0].iov_base = &event;
764 	io[0].iov_len = sizeof(event);
765 	io[1].iov_base = (u8 *) data;
766 	io[1].iov_len = data_len;
767 
768 	os_memset(&msg, 0, sizeof(msg));
769 	msg.msg_iov = io;
770 	msg.msg_iovlen = data ? 2 : 1;
771 	msg.msg_name = &iface->drv_addr;
772 	msg.msg_namelen = sizeof(iface->drv_addr);
773 
774 	if (sendmsg(iface->fd, &msg, 0) < 0) {
775 		wpa_printf(MSG_ERROR, "sendmsg(wpas_socket): %s",
776 			   strerror(errno));
777 		return -1;
778 	}
779 
780 	return 0;
781 }
782 
783 
784 static void wpa_priv_send_auth(struct wpa_priv_interface *iface,
785 			       union wpa_event_data *data)
786 {
787 	size_t buflen = sizeof(struct privsep_event_auth) + data->auth.ies_len;
788 	struct privsep_event_auth *auth;
789 	u8 *buf, *pos;
790 
791 	buf = os_malloc(buflen);
792 	if (buf == NULL)
793 		return;
794 
795 	auth = (struct privsep_event_auth *) buf;
796 	pos = (u8 *) (auth + 1);
797 
798 	os_memcpy(auth->peer, data->auth.peer, ETH_ALEN);
799 	os_memcpy(auth->bssid, data->auth.bssid, ETH_ALEN);
800 	auth->auth_type = data->auth.auth_type;
801 	auth->auth_transaction = data->auth.auth_transaction;
802 	auth->status_code = data->auth.status_code;
803 	if (data->auth.ies) {
804 		os_memcpy(pos, data->auth.ies, data->auth.ies_len);
805 		auth->ies_len = data->auth.ies_len;
806 	}
807 
808 	wpa_priv_send_event(iface, PRIVSEP_EVENT_AUTH, buf, buflen);
809 
810 	os_free(buf);
811 }
812 
813 
814 static void wpa_priv_send_assoc(struct wpa_priv_interface *iface, int event,
815 				union wpa_event_data *data)
816 {
817 	size_t buflen = 3 * sizeof(int);
818 	u8 *buf, *pos;
819 	int len;
820 
821 	if (data) {
822 		buflen += data->assoc_info.req_ies_len +
823 			data->assoc_info.resp_ies_len +
824 			data->assoc_info.beacon_ies_len;
825 	}
826 
827 	buf = os_malloc(buflen);
828 	if (buf == NULL)
829 		return;
830 
831 	pos = buf;
832 
833 	if (data && data->assoc_info.req_ies) {
834 		len = data->assoc_info.req_ies_len;
835 		os_memcpy(pos, &len, sizeof(int));
836 		pos += sizeof(int);
837 		os_memcpy(pos, data->assoc_info.req_ies, len);
838 		pos += len;
839 	} else {
840 		len = 0;
841 		os_memcpy(pos, &len, sizeof(int));
842 		pos += sizeof(int);
843 	}
844 
845 	if (data && data->assoc_info.resp_ies) {
846 		len = data->assoc_info.resp_ies_len;
847 		os_memcpy(pos, &len, sizeof(int));
848 		pos += sizeof(int);
849 		os_memcpy(pos, data->assoc_info.resp_ies, len);
850 		pos += len;
851 	} else {
852 		len = 0;
853 		os_memcpy(pos, &len, sizeof(int));
854 		pos += sizeof(int);
855 	}
856 
857 	if (data && data->assoc_info.beacon_ies) {
858 		len = data->assoc_info.beacon_ies_len;
859 		os_memcpy(pos, &len, sizeof(int));
860 		pos += sizeof(int);
861 		os_memcpy(pos, data->assoc_info.beacon_ies, len);
862 		pos += len;
863 	} else {
864 		len = 0;
865 		os_memcpy(pos, &len, sizeof(int));
866 		pos += sizeof(int);
867 	}
868 
869 	wpa_priv_send_event(iface, event, buf, buflen);
870 
871 	os_free(buf);
872 }
873 
874 
875 static void wpa_priv_send_interface_status(struct wpa_priv_interface *iface,
876 					   union wpa_event_data *data)
877 {
878 	int ievent;
879 	size_t len, maxlen;
880 	u8 *buf;
881 	char *ifname;
882 
883 	if (data == NULL)
884 		return;
885 
886 	ievent = data->interface_status.ievent;
887 	maxlen = sizeof(data->interface_status.ifname);
888 	ifname = data->interface_status.ifname;
889 	for (len = 0; len < maxlen && ifname[len]; len++)
890 		;
891 
892 	buf = os_malloc(sizeof(int) + len);
893 	if (buf == NULL)
894 		return;
895 
896 	os_memcpy(buf, &ievent, sizeof(int));
897 	os_memcpy(buf + sizeof(int), ifname, len);
898 
899 	wpa_priv_send_event(iface, PRIVSEP_EVENT_INTERFACE_STATUS,
900 			    buf, sizeof(int) + len);
901 
902 	os_free(buf);
903 
904 }
905 
906 
907 static void wpa_priv_send_ft_response(struct wpa_priv_interface *iface,
908 				      union wpa_event_data *data)
909 {
910 	size_t len;
911 	u8 *buf, *pos;
912 
913 	if (data == NULL || data->ft_ies.ies == NULL)
914 		return;
915 
916 	len = sizeof(int) + ETH_ALEN + data->ft_ies.ies_len;
917 	buf = os_malloc(len);
918 	if (buf == NULL)
919 		return;
920 
921 	pos = buf;
922 	os_memcpy(pos, &data->ft_ies.ft_action, sizeof(int));
923 	pos += sizeof(int);
924 	os_memcpy(pos, data->ft_ies.target_ap, ETH_ALEN);
925 	pos += ETH_ALEN;
926 	os_memcpy(pos, data->ft_ies.ies, data->ft_ies.ies_len);
927 
928 	wpa_priv_send_event(iface, PRIVSEP_EVENT_FT_RESPONSE, buf, len);
929 
930 	os_free(buf);
931 
932 }
933 
934 
935 void wpa_supplicant_event(void *ctx, enum wpa_event_type event,
936 			  union wpa_event_data *data)
937 {
938 	struct wpa_priv_interface *iface = ctx;
939 
940 	wpa_printf(MSG_DEBUG, "%s - event=%d", __func__, event);
941 
942 	if (!iface->wpas_registered) {
943 		wpa_printf(MSG_DEBUG, "Driver event received, but "
944 			   "wpa_supplicant not registered");
945 		return;
946 	}
947 
948 	switch (event) {
949 	case EVENT_ASSOC:
950 		wpa_priv_send_assoc(iface, PRIVSEP_EVENT_ASSOC, data);
951 		break;
952 	case EVENT_DISASSOC:
953 		wpa_priv_send_event(iface, PRIVSEP_EVENT_DISASSOC, NULL, 0);
954 		break;
955 	case EVENT_ASSOCINFO:
956 		if (data == NULL)
957 			return;
958 		wpa_priv_send_assoc(iface, PRIVSEP_EVENT_ASSOCINFO, data);
959 		break;
960 	case EVENT_MICHAEL_MIC_FAILURE:
961 		if (data == NULL)
962 			return;
963 		wpa_priv_send_event(iface, PRIVSEP_EVENT_MICHAEL_MIC_FAILURE,
964 				    &data->michael_mic_failure.unicast,
965 				    sizeof(int));
966 		break;
967 	case EVENT_SCAN_STARTED:
968 		wpa_priv_send_event(iface, PRIVSEP_EVENT_SCAN_STARTED, NULL,
969 				    0);
970 		break;
971 	case EVENT_SCAN_RESULTS:
972 		wpa_priv_send_event(iface, PRIVSEP_EVENT_SCAN_RESULTS, NULL,
973 				    0);
974 		break;
975 	case EVENT_INTERFACE_STATUS:
976 		wpa_priv_send_interface_status(iface, data);
977 		break;
978 	case EVENT_PMKID_CANDIDATE:
979 		if (data == NULL)
980 			return;
981 		wpa_priv_send_event(iface, PRIVSEP_EVENT_PMKID_CANDIDATE,
982 				    &data->pmkid_candidate,
983 				    sizeof(struct pmkid_candidate));
984 		break;
985 	case EVENT_STKSTART:
986 		if (data == NULL)
987 			return;
988 		wpa_priv_send_event(iface, PRIVSEP_EVENT_STKSTART,
989 				    &data->stkstart.peer, ETH_ALEN);
990 		break;
991 	case EVENT_FT_RESPONSE:
992 		wpa_priv_send_ft_response(iface, data);
993 		break;
994 	case EVENT_AUTH:
995 		wpa_priv_send_auth(iface, data);
996 		break;
997 	default:
998 		wpa_printf(MSG_DEBUG, "Unsupported driver event %d (%s) - TODO",
999 			   event, event_to_string(event));
1000 		break;
1001 	}
1002 }
1003 
1004 
1005 void wpa_supplicant_rx_eapol(void *ctx, const u8 *src_addr,
1006 			     const u8 *buf, size_t len)
1007 {
1008 	struct wpa_priv_interface *iface = ctx;
1009 	struct msghdr msg;
1010 	struct iovec io[3];
1011 	int event = PRIVSEP_EVENT_RX_EAPOL;
1012 
1013 	wpa_printf(MSG_DEBUG, "RX EAPOL from driver");
1014 	io[0].iov_base = &event;
1015 	io[0].iov_len = sizeof(event);
1016 	io[1].iov_base = (u8 *) src_addr;
1017 	io[1].iov_len = ETH_ALEN;
1018 	io[2].iov_base = (u8 *) buf;
1019 	io[2].iov_len = len;
1020 
1021 	os_memset(&msg, 0, sizeof(msg));
1022 	msg.msg_iov = io;
1023 	msg.msg_iovlen = 3;
1024 	msg.msg_name = &iface->drv_addr;
1025 	msg.msg_namelen = sizeof(iface->drv_addr);
1026 
1027 	if (sendmsg(iface->fd, &msg, 0) < 0)
1028 		wpa_printf(MSG_ERROR, "sendmsg(wpas_socket): %s",
1029 			   strerror(errno));
1030 }
1031 
1032 
1033 static void wpa_priv_terminate(int sig, void *signal_ctx)
1034 {
1035 	wpa_printf(MSG_DEBUG, "wpa_priv termination requested");
1036 	eloop_terminate();
1037 }
1038 
1039 
1040 static void wpa_priv_fd_workaround(void)
1041 {
1042 #ifdef __linux__
1043 	int s, i;
1044 	/* When started from pcmcia-cs scripts, wpa_supplicant might start with
1045 	 * fd 0, 1, and 2 closed. This will cause some issues because many
1046 	 * places in wpa_supplicant are still printing out to stdout. As a
1047 	 * workaround, make sure that fd's 0, 1, and 2 are not used for other
1048 	 * sockets. */
1049 	for (i = 0; i < 3; i++) {
1050 		s = open("/dev/null", O_RDWR);
1051 		if (s > 2) {
1052 			close(s);
1053 			break;
1054 		}
1055 	}
1056 #endif /* __linux__ */
1057 }
1058 
1059 
1060 static void usage(void)
1061 {
1062 	printf("wpa_priv v" VERSION_STR "\n"
1063 	       "Copyright (c) 2007-2009, Jouni Malinen <j@w1.fi> and "
1064 	       "contributors\n"
1065 	       "\n"
1066 	       "usage:\n"
1067 	       "  wpa_priv [-Bdd] [-c<ctrl dir>] [-P<pid file>] "
1068 	       "<driver:ifname> \\\n"
1069 	       "           [driver:ifname ...]\n");
1070 }
1071 
1072 
1073 int main(int argc, char *argv[])
1074 {
1075 	int c, i;
1076 	int ret = -1;
1077 	char *pid_file = NULL;
1078 	int daemonize = 0;
1079 	char *ctrl_dir = "/var/run/wpa_priv";
1080 	struct wpa_priv_interface *interfaces = NULL, *iface;
1081 
1082 	if (os_program_init())
1083 		return -1;
1084 
1085 	wpa_priv_fd_workaround();
1086 
1087 	for (;;) {
1088 		c = getopt(argc, argv, "Bc:dP:");
1089 		if (c < 0)
1090 			break;
1091 		switch (c) {
1092 		case 'B':
1093 			daemonize++;
1094 			break;
1095 		case 'c':
1096 			ctrl_dir = optarg;
1097 			break;
1098 		case 'd':
1099 			wpa_debug_level--;
1100 			break;
1101 		case 'P':
1102 			pid_file = os_rel2abs_path(optarg);
1103 			break;
1104 		default:
1105 			usage();
1106 			goto out2;
1107 		}
1108 	}
1109 
1110 	if (optind >= argc) {
1111 		usage();
1112 		goto out2;
1113 	}
1114 
1115 	wpa_printf(MSG_DEBUG, "wpa_priv control directory: '%s'", ctrl_dir);
1116 
1117 	if (eloop_init()) {
1118 		wpa_printf(MSG_ERROR, "Failed to initialize event loop");
1119 		goto out2;
1120 	}
1121 
1122 	for (i = optind; i < argc; i++) {
1123 		wpa_printf(MSG_DEBUG, "Adding driver:interface %s", argv[i]);
1124 		iface = wpa_priv_interface_init(ctrl_dir, argv[i]);
1125 		if (iface == NULL)
1126 			goto out;
1127 		iface->next = interfaces;
1128 		interfaces = iface;
1129 	}
1130 
1131 	if (daemonize && os_daemonize(pid_file))
1132 		goto out;
1133 
1134 	eloop_register_signal_terminate(wpa_priv_terminate, NULL);
1135 	eloop_run();
1136 
1137 	ret = 0;
1138 
1139 out:
1140 	iface = interfaces;
1141 	while (iface) {
1142 		struct wpa_priv_interface *prev = iface;
1143 		iface = iface->next;
1144 		wpa_priv_interface_deinit(prev);
1145 	}
1146 
1147 	eloop_destroy();
1148 
1149 out2:
1150 	if (daemonize)
1151 		os_daemonize_terminate(pid_file);
1152 	os_free(pid_file);
1153 	os_program_deinit();
1154 
1155 	return ret;
1156 }
1157