1 /* 2 * WPA Supplicant / privileged helper program 3 * Copyright (c) 2007-2009, Jouni Malinen <j@w1.fi> 4 * 5 * This software may be distributed under the terms of the BSD license. 6 * See README for more details. 7 */ 8 9 #include "includes.h" 10 #ifdef __linux__ 11 #include <fcntl.h> 12 #endif /* __linux__ */ 13 #include <sys/un.h> 14 #include <sys/stat.h> 15 16 #include "common.h" 17 #include "eloop.h" 18 #include "common/version.h" 19 #include "drivers/driver.h" 20 #include "l2_packet/l2_packet.h" 21 #include "common/privsep_commands.h" 22 #include "common/ieee802_11_defs.h" 23 24 #define WPA_PRIV_MAX_L2 3 25 26 struct wpa_priv_interface { 27 struct wpa_priv_interface *next; 28 char *driver_name; 29 char *ifname; 30 char *sock_name; 31 int fd; 32 33 void *ctx; 34 35 const struct wpa_driver_ops *driver; 36 void *drv_priv; 37 void *drv_global_priv; 38 struct sockaddr_un drv_addr; 39 socklen_t drv_addr_len; 40 int wpas_registered; 41 42 struct l2_packet_data *l2[WPA_PRIV_MAX_L2]; 43 struct sockaddr_un l2_addr[WPA_PRIV_MAX_L2]; 44 socklen_t l2_addr_len[WPA_PRIV_MAX_L2]; 45 struct wpa_priv_l2 { 46 struct wpa_priv_interface *parent; 47 int idx; 48 } l2_ctx[WPA_PRIV_MAX_L2]; 49 }; 50 51 struct wpa_priv_global { 52 struct wpa_priv_interface *interfaces; 53 }; 54 55 56 static void wpa_priv_cmd_register(struct wpa_priv_interface *iface, 57 struct sockaddr_un *from, socklen_t fromlen) 58 { 59 int i; 60 61 if (iface->drv_priv) { 62 wpa_printf(MSG_DEBUG, "Cleaning up forgotten driver instance"); 63 if (iface->driver->deinit) 64 iface->driver->deinit(iface->drv_priv); 65 iface->drv_priv = NULL; 66 if (iface->drv_global_priv) { 67 iface->driver->global_deinit(iface->drv_global_priv); 68 iface->drv_global_priv = NULL; 69 } 70 iface->wpas_registered = 0; 71 } 72 73 for (i = 0; i < WPA_PRIV_MAX_L2; i++) { 74 if (iface->l2[i]) { 75 wpa_printf(MSG_DEBUG, 76 "Cleaning up forgotten l2_packet instance"); 77 l2_packet_deinit(iface->l2[i]); 78 iface->l2[i] = NULL; 79 } 80 } 81 82 if (iface->driver->init2) { 83 if (iface->driver->global_init) { 84 iface->drv_global_priv = 85 iface->driver->global_init(iface->ctx); 86 if (!iface->drv_global_priv) { 87 wpa_printf(MSG_INFO, 88 "Failed to initialize driver global context"); 89 return; 90 } 91 } else { 92 iface->drv_global_priv = NULL; 93 } 94 iface->drv_priv = iface->driver->init2(iface, iface->ifname, 95 iface->drv_global_priv); 96 } else if (iface->driver->init) { 97 iface->drv_priv = iface->driver->init(iface, iface->ifname); 98 } else { 99 return; 100 } 101 if (iface->drv_priv == NULL) { 102 wpa_printf(MSG_DEBUG, "Failed to initialize driver wrapper"); 103 return; 104 } 105 106 wpa_printf(MSG_DEBUG, "Driver wrapper '%s' initialized for interface " 107 "'%s'", iface->driver_name, iface->ifname); 108 109 os_memcpy(&iface->drv_addr, from, fromlen); 110 iface->drv_addr_len = fromlen; 111 iface->wpas_registered = 1; 112 113 if (iface->driver->set_param && 114 iface->driver->set_param(iface->drv_priv, NULL) < 0) { 115 wpa_printf(MSG_ERROR, "Driver interface rejected param"); 116 } 117 } 118 119 120 static void wpa_priv_cmd_unregister(struct wpa_priv_interface *iface, 121 struct sockaddr_un *from) 122 { 123 if (iface->drv_priv) { 124 if (iface->driver->deinit) 125 iface->driver->deinit(iface->drv_priv); 126 iface->drv_priv = NULL; 127 if (iface->drv_global_priv) { 128 iface->driver->global_deinit(iface->drv_global_priv); 129 iface->drv_global_priv = NULL; 130 } 131 iface->wpas_registered = 0; 132 } 133 } 134 135 136 static void wpa_priv_cmd_scan(struct wpa_priv_interface *iface, 137 void *buf, size_t len) 138 { 139 struct wpa_driver_scan_params params; 140 struct privsep_cmd_scan *scan; 141 unsigned int i; 142 int freqs[PRIVSEP_MAX_SCAN_FREQS + 1]; 143 144 if (iface->drv_priv == NULL) 145 return; 146 147 if (len < sizeof(*scan)) { 148 wpa_printf(MSG_DEBUG, "Invalid scan request"); 149 return; 150 } 151 152 scan = buf; 153 154 os_memset(¶ms, 0, sizeof(params)); 155 if (scan->num_ssids > WPAS_MAX_SCAN_SSIDS) { 156 wpa_printf(MSG_DEBUG, "Invalid scan request (num_ssids)"); 157 return; 158 } 159 params.num_ssids = scan->num_ssids; 160 for (i = 0; i < scan->num_ssids; i++) { 161 params.ssids[i].ssid = scan->ssids[i]; 162 params.ssids[i].ssid_len = scan->ssid_lens[i]; 163 } 164 165 if (scan->num_freqs > PRIVSEP_MAX_SCAN_FREQS) { 166 wpa_printf(MSG_DEBUG, "Invalid scan request (num_freqs)"); 167 return; 168 } 169 if (scan->num_freqs) { 170 for (i = 0; i < scan->num_freqs; i++) 171 freqs[i] = scan->freqs[i]; 172 freqs[i] = 0; 173 params.freqs = freqs; 174 } 175 176 if (iface->driver->scan2) 177 iface->driver->scan2(iface->drv_priv, ¶ms); 178 } 179 180 181 static void wpa_priv_get_scan_results2(struct wpa_priv_interface *iface, 182 struct sockaddr_un *from, 183 socklen_t fromlen) 184 { 185 struct wpa_scan_results *res; 186 u8 *buf = NULL, *pos, *end; 187 int val; 188 size_t i; 189 190 res = iface->driver->get_scan_results2(iface->drv_priv); 191 if (res == NULL) 192 goto fail; 193 194 buf = os_malloc(60000); 195 if (buf == NULL) 196 goto fail; 197 pos = buf; 198 end = buf + 60000; 199 val = res->num; 200 os_memcpy(pos, &val, sizeof(int)); 201 pos += sizeof(int); 202 203 for (i = 0; i < res->num; i++) { 204 struct wpa_scan_res *r = res->res[i]; 205 val = sizeof(*r) + r->ie_len + r->beacon_ie_len; 206 if (end - pos < (int) sizeof(int) + val) 207 break; 208 os_memcpy(pos, &val, sizeof(int)); 209 pos += sizeof(int); 210 os_memcpy(pos, r, val); 211 pos += val; 212 } 213 214 sendto(iface->fd, buf, pos - buf, 0, (struct sockaddr *) from, fromlen); 215 216 os_free(buf); 217 wpa_scan_results_free(res); 218 return; 219 220 fail: 221 os_free(buf); 222 wpa_scan_results_free(res); 223 sendto(iface->fd, "", 0, 0, (struct sockaddr *) from, fromlen); 224 } 225 226 227 static void wpa_priv_cmd_get_scan_results(struct wpa_priv_interface *iface, 228 struct sockaddr_un *from, 229 socklen_t fromlen) 230 { 231 if (iface->drv_priv == NULL) 232 return; 233 234 if (iface->driver->get_scan_results2) 235 wpa_priv_get_scan_results2(iface, from, fromlen); 236 else 237 sendto(iface->fd, "", 0, 0, (struct sockaddr *) from, fromlen); 238 } 239 240 241 static void wpa_priv_cmd_authenticate(struct wpa_priv_interface *iface, 242 void *buf, size_t len) 243 { 244 struct wpa_driver_auth_params params; 245 struct privsep_cmd_authenticate *auth; 246 int res, i; 247 248 if (iface->drv_priv == NULL || iface->driver->authenticate == NULL) 249 return; 250 251 if (len < sizeof(*auth)) { 252 wpa_printf(MSG_DEBUG, "Invalid authentication request"); 253 return; 254 } 255 256 auth = buf; 257 if (sizeof(*auth) + auth->ie_len + auth->auth_data_len > len) { 258 wpa_printf(MSG_DEBUG, "Authentication request overflow"); 259 return; 260 } 261 262 os_memset(¶ms, 0, sizeof(params)); 263 params.freq = auth->freq; 264 params.bssid = auth->bssid; 265 params.ssid = auth->ssid; 266 if (auth->ssid_len > SSID_MAX_LEN) 267 return; 268 params.ssid_len = auth->ssid_len; 269 params.auth_alg = auth->auth_alg; 270 for (i = 0; i < 4; i++) { 271 if (auth->wep_key_len[i]) { 272 params.wep_key[i] = auth->wep_key[i]; 273 params.wep_key_len[i] = auth->wep_key_len[i]; 274 } 275 } 276 params.wep_tx_keyidx = auth->wep_tx_keyidx; 277 params.local_state_change = auth->local_state_change; 278 params.p2p = auth->p2p; 279 if (auth->ie_len) { 280 params.ie = (u8 *) (auth + 1); 281 params.ie_len = auth->ie_len; 282 } 283 if (auth->auth_data_len) { 284 params.auth_data = ((u8 *) (auth + 1)) + auth->ie_len; 285 params.auth_data_len = auth->auth_data_len; 286 } 287 288 res = iface->driver->authenticate(iface->drv_priv, ¶ms); 289 wpa_printf(MSG_DEBUG, "drv->authenticate: res=%d", res); 290 } 291 292 293 static void wpa_priv_cmd_associate(struct wpa_priv_interface *iface, 294 void *buf, size_t len) 295 { 296 struct wpa_driver_associate_params params; 297 struct privsep_cmd_associate *assoc; 298 u8 *bssid; 299 int res; 300 301 if (iface->drv_priv == NULL || iface->driver->associate == NULL) 302 return; 303 304 if (len < sizeof(*assoc)) { 305 wpa_printf(MSG_DEBUG, "Invalid association request"); 306 return; 307 } 308 309 assoc = buf; 310 if (sizeof(*assoc) + assoc->wpa_ie_len > len) { 311 wpa_printf(MSG_DEBUG, "Association request overflow"); 312 return; 313 } 314 315 os_memset(¶ms, 0, sizeof(params)); 316 bssid = assoc->bssid; 317 if (bssid[0] | bssid[1] | bssid[2] | bssid[3] | bssid[4] | bssid[5]) 318 params.bssid = bssid; 319 params.ssid = assoc->ssid; 320 if (assoc->ssid_len > SSID_MAX_LEN) 321 return; 322 params.ssid_len = assoc->ssid_len; 323 params.freq.mode = assoc->hwmode; 324 params.freq.freq = assoc->freq; 325 params.freq.channel = assoc->channel; 326 if (assoc->wpa_ie_len) { 327 params.wpa_ie = (u8 *) (assoc + 1); 328 params.wpa_ie_len = assoc->wpa_ie_len; 329 } 330 params.pairwise_suite = assoc->pairwise_suite; 331 params.group_suite = assoc->group_suite; 332 params.key_mgmt_suite = assoc->key_mgmt_suite; 333 params.auth_alg = assoc->auth_alg; 334 params.mode = assoc->mode; 335 336 res = iface->driver->associate(iface->drv_priv, ¶ms); 337 wpa_printf(MSG_DEBUG, "drv->associate: res=%d", res); 338 } 339 340 341 static void wpa_priv_cmd_get_bssid(struct wpa_priv_interface *iface, 342 struct sockaddr_un *from, socklen_t fromlen) 343 { 344 u8 bssid[ETH_ALEN]; 345 346 if (iface->drv_priv == NULL) 347 goto fail; 348 349 if (iface->driver->get_bssid == NULL || 350 iface->driver->get_bssid(iface->drv_priv, bssid) < 0) 351 goto fail; 352 353 sendto(iface->fd, bssid, ETH_ALEN, 0, (struct sockaddr *) from, 354 fromlen); 355 return; 356 357 fail: 358 sendto(iface->fd, "", 0, 0, (struct sockaddr *) from, fromlen); 359 } 360 361 362 static void wpa_priv_cmd_get_ssid(struct wpa_priv_interface *iface, 363 struct sockaddr_un *from, socklen_t fromlen) 364 { 365 u8 ssid[sizeof(int) + SSID_MAX_LEN]; 366 int res; 367 368 if (iface->drv_priv == NULL) 369 goto fail; 370 371 if (iface->driver->get_ssid == NULL) 372 goto fail; 373 374 os_memset(ssid, 0, sizeof(ssid)); 375 res = iface->driver->get_ssid(iface->drv_priv, &ssid[sizeof(int)]); 376 if (res < 0 || res > SSID_MAX_LEN) 377 goto fail; 378 os_memcpy(ssid, &res, sizeof(int)); 379 380 sendto(iface->fd, ssid, sizeof(ssid), 0, (struct sockaddr *) from, 381 fromlen); 382 return; 383 384 fail: 385 sendto(iface->fd, "", 0, 0, (struct sockaddr *) from, fromlen); 386 } 387 388 389 static void wpa_priv_cmd_set_key(struct wpa_priv_interface *iface, 390 void *buf, size_t len) 391 { 392 struct privsep_cmd_set_key *params; 393 int res; 394 struct wpa_driver_set_key_params p; 395 396 if (iface->drv_priv == NULL || iface->driver->set_key == NULL) 397 return; 398 399 if (len != sizeof(*params)) { 400 wpa_printf(MSG_DEBUG, "Invalid set_key request"); 401 return; 402 } 403 404 params = buf; 405 406 os_memset(&p, 0, sizeof(p)); 407 p.ifname = iface->ifname; 408 p.alg = params->alg; 409 p.addr = params->addr; 410 p.key_idx = params->key_idx; 411 p.set_tx = params->set_tx; 412 p.seq = params->seq_len ? params->seq : NULL; 413 p.seq_len = params->seq_len; 414 p.key = params->key_len ? params->key : NULL; 415 p.key_len = params->key_len; 416 p.key_flag = params->key_flag; 417 418 res = iface->driver->set_key(iface->drv_priv, &p); 419 wpa_printf(MSG_DEBUG, "drv->set_key: res=%d", res); 420 } 421 422 423 static void wpa_priv_cmd_get_capa(struct wpa_priv_interface *iface, 424 struct sockaddr_un *from, socklen_t fromlen) 425 { 426 struct wpa_driver_capa capa; 427 428 if (iface->drv_priv == NULL) 429 goto fail; 430 431 if (iface->driver->get_capa == NULL || 432 iface->driver->get_capa(iface->drv_priv, &capa) < 0) 433 goto fail; 434 435 /* For now, no support for passing extended_capa pointers */ 436 capa.extended_capa = NULL; 437 capa.extended_capa_mask = NULL; 438 capa.extended_capa_len = 0; 439 sendto(iface->fd, &capa, sizeof(capa), 0, (struct sockaddr *) from, 440 fromlen); 441 return; 442 443 fail: 444 sendto(iface->fd, "", 0, 0, (struct sockaddr *) from, fromlen); 445 } 446 447 448 static void wpa_priv_l2_rx(void *ctx, const u8 *src_addr, const u8 *buf, 449 size_t len) 450 { 451 struct wpa_priv_l2 *l2_ctx = ctx; 452 struct wpa_priv_interface *iface = l2_ctx->parent; 453 struct msghdr msg; 454 struct iovec io[2]; 455 456 io[0].iov_base = (u8 *) src_addr; 457 io[0].iov_len = ETH_ALEN; 458 io[1].iov_base = (u8 *) buf; 459 io[1].iov_len = len; 460 461 os_memset(&msg, 0, sizeof(msg)); 462 msg.msg_iov = io; 463 msg.msg_iovlen = 2; 464 msg.msg_name = &iface->l2_addr[l2_ctx->idx]; 465 msg.msg_namelen = iface->l2_addr_len[l2_ctx->idx]; 466 467 if (sendmsg(iface->fd, &msg, 0) < 0) { 468 wpa_printf(MSG_ERROR, "sendmsg(l2 rx): %s", strerror(errno)); 469 } 470 } 471 472 473 static int wpa_priv_allowed_l2_proto(u16 proto) 474 { 475 return proto == ETH_P_EAPOL || proto == ETH_P_RSN_PREAUTH || 476 proto == ETH_P_80211_ENCAP; 477 } 478 479 480 static void wpa_priv_cmd_l2_register(struct wpa_priv_interface *iface, 481 struct sockaddr_un *from, 482 socklen_t fromlen, 483 void *buf, size_t len) 484 { 485 int *reg_cmd = buf; 486 u8 own_addr[ETH_ALEN]; 487 int res; 488 u16 proto; 489 int idx; 490 491 if (len != 2 * sizeof(int)) { 492 wpa_printf(MSG_DEBUG, "Invalid l2_register length %lu", 493 (unsigned long) len); 494 return; 495 } 496 497 proto = reg_cmd[0]; 498 if (!wpa_priv_allowed_l2_proto(proto)) { 499 wpa_printf(MSG_DEBUG, "Refused l2_packet connection for " 500 "ethertype 0x%x", proto); 501 return; 502 } 503 504 for (idx = 0; idx < WPA_PRIV_MAX_L2; idx++) { 505 if (!iface->l2[idx]) 506 break; 507 } 508 if (idx == WPA_PRIV_MAX_L2) { 509 wpa_printf(MSG_DEBUG, "No free l2_packet connection found"); 510 return; 511 } 512 513 os_memcpy(&iface->l2_addr[idx], from, fromlen); 514 iface->l2_addr_len[idx] = fromlen; 515 516 iface->l2_ctx[idx].idx = idx; 517 iface->l2_ctx[idx].parent = iface; 518 iface->l2[idx] = l2_packet_init(iface->ifname, NULL, proto, 519 wpa_priv_l2_rx, &iface->l2_ctx[idx], 520 reg_cmd[1]); 521 if (!iface->l2[idx]) { 522 wpa_printf(MSG_DEBUG, "Failed to initialize l2_packet " 523 "instance for protocol %d", proto); 524 return; 525 } 526 527 if (l2_packet_get_own_addr(iface->l2[idx], own_addr) < 0) { 528 wpa_printf(MSG_DEBUG, "Failed to get own address from " 529 "l2_packet"); 530 l2_packet_deinit(iface->l2[idx]); 531 iface->l2[idx] = NULL; 532 return; 533 } 534 535 res = sendto(iface->fd, own_addr, ETH_ALEN, 0, 536 (struct sockaddr *) from, fromlen); 537 wpa_printf(MSG_DEBUG, "L2 registration[idx=%d]: res=%d", idx, res); 538 } 539 540 541 static void wpa_priv_cmd_l2_unregister(struct wpa_priv_interface *iface, 542 struct sockaddr_un *from, 543 socklen_t fromlen) 544 { 545 int idx; 546 547 for (idx = 0; idx < WPA_PRIV_MAX_L2; idx++) { 548 if (iface->l2_addr_len[idx] == fromlen && 549 os_memcmp(&iface->l2_addr[idx], from, fromlen) == 0) 550 break; 551 } 552 if (idx == WPA_PRIV_MAX_L2) { 553 wpa_printf(MSG_DEBUG, 554 "No registered l2_packet socket found for unregister request"); 555 return; 556 } 557 558 if (iface->l2[idx]) { 559 l2_packet_deinit(iface->l2[idx]); 560 iface->l2[idx] = NULL; 561 } 562 } 563 564 565 static void wpa_priv_cmd_l2_notify_auth_start(struct wpa_priv_interface *iface, 566 struct sockaddr_un *from) 567 { 568 int idx; 569 570 for (idx = 0; idx < WPA_PRIV_MAX_L2; idx++) { 571 if (iface->l2[idx]) 572 l2_packet_notify_auth_start(iface->l2[idx]); 573 } 574 } 575 576 577 static void wpa_priv_cmd_l2_send(struct wpa_priv_interface *iface, 578 struct sockaddr_un *from, socklen_t fromlen, 579 void *buf, size_t len) 580 { 581 u8 *dst_addr; 582 u16 proto; 583 int res; 584 int idx; 585 586 for (idx = 0; idx < WPA_PRIV_MAX_L2; idx++) { 587 if (iface->l2_addr_len[idx] == fromlen && 588 os_memcmp(&iface->l2_addr[idx], from, fromlen) == 0) 589 break; 590 } 591 if (idx == WPA_PRIV_MAX_L2) { 592 wpa_printf(MSG_DEBUG, 593 "No registered l2_packet socket found for send request"); 594 return; 595 } 596 597 if (iface->l2[idx] == NULL) 598 return; 599 600 if (len < ETH_ALEN + 2) { 601 wpa_printf(MSG_DEBUG, "Too short L2 send packet (len=%lu)", 602 (unsigned long) len); 603 return; 604 } 605 606 dst_addr = buf; 607 os_memcpy(&proto, (char *) buf + ETH_ALEN, 2); 608 609 if (!wpa_priv_allowed_l2_proto(proto)) { 610 wpa_printf(MSG_DEBUG, "Refused l2_packet send for ethertype " 611 "0x%x", proto); 612 return; 613 } 614 615 res = l2_packet_send(iface->l2[idx], dst_addr, proto, 616 (unsigned char *) buf + ETH_ALEN + 2, 617 len - ETH_ALEN - 2); 618 wpa_printf(MSG_DEBUG, "L2 send[idx=%d]: res=%d", idx, res); 619 } 620 621 622 static void wpa_priv_cmd_set_country(struct wpa_priv_interface *iface, 623 char *buf) 624 { 625 if (iface->drv_priv == NULL || iface->driver->set_country == NULL || 626 *buf == '\0') 627 return; 628 629 iface->driver->set_country(iface->drv_priv, buf); 630 } 631 632 633 static void wpa_priv_receive(int sock, void *eloop_ctx, void *sock_ctx) 634 { 635 struct wpa_priv_interface *iface = eloop_ctx; 636 char buf[2000], *pos; 637 void *cmd_buf; 638 size_t cmd_len; 639 int res, cmd; 640 struct sockaddr_un from; 641 socklen_t fromlen = sizeof(from); 642 643 res = recvfrom(sock, buf, sizeof(buf), 0, (struct sockaddr *) &from, 644 &fromlen); 645 if (res < 0) { 646 wpa_printf(MSG_ERROR, "recvfrom: %s", strerror(errno)); 647 return; 648 } 649 650 if (res < (int) sizeof(int)) { 651 wpa_printf(MSG_DEBUG, "Too short command (len=%d)", res); 652 return; 653 } 654 655 os_memcpy(&cmd, buf, sizeof(int)); 656 wpa_printf(MSG_DEBUG, "Command %d for interface %s", 657 cmd, iface->ifname); 658 cmd_buf = &buf[sizeof(int)]; 659 cmd_len = res - sizeof(int); 660 661 switch (cmd) { 662 case PRIVSEP_CMD_REGISTER: 663 wpa_priv_cmd_register(iface, &from, fromlen); 664 break; 665 case PRIVSEP_CMD_UNREGISTER: 666 wpa_priv_cmd_unregister(iface, &from); 667 break; 668 case PRIVSEP_CMD_SCAN: 669 wpa_priv_cmd_scan(iface, cmd_buf, cmd_len); 670 break; 671 case PRIVSEP_CMD_GET_SCAN_RESULTS: 672 wpa_priv_cmd_get_scan_results(iface, &from, fromlen); 673 break; 674 case PRIVSEP_CMD_ASSOCIATE: 675 wpa_priv_cmd_associate(iface, cmd_buf, cmd_len); 676 break; 677 case PRIVSEP_CMD_GET_BSSID: 678 wpa_priv_cmd_get_bssid(iface, &from, fromlen); 679 break; 680 case PRIVSEP_CMD_GET_SSID: 681 wpa_priv_cmd_get_ssid(iface, &from, fromlen); 682 break; 683 case PRIVSEP_CMD_SET_KEY: 684 wpa_priv_cmd_set_key(iface, cmd_buf, cmd_len); 685 break; 686 case PRIVSEP_CMD_GET_CAPA: 687 wpa_priv_cmd_get_capa(iface, &from, fromlen); 688 break; 689 case PRIVSEP_CMD_L2_REGISTER: 690 wpa_priv_cmd_l2_register(iface, &from, fromlen, 691 cmd_buf, cmd_len); 692 break; 693 case PRIVSEP_CMD_L2_UNREGISTER: 694 wpa_priv_cmd_l2_unregister(iface, &from, fromlen); 695 break; 696 case PRIVSEP_CMD_L2_NOTIFY_AUTH_START: 697 wpa_priv_cmd_l2_notify_auth_start(iface, &from); 698 break; 699 case PRIVSEP_CMD_L2_SEND: 700 wpa_priv_cmd_l2_send(iface, &from, fromlen, cmd_buf, cmd_len); 701 break; 702 case PRIVSEP_CMD_SET_COUNTRY: 703 pos = cmd_buf; 704 if (pos + cmd_len >= buf + sizeof(buf)) 705 break; 706 pos[cmd_len] = '\0'; 707 wpa_priv_cmd_set_country(iface, pos); 708 break; 709 case PRIVSEP_CMD_AUTHENTICATE: 710 wpa_priv_cmd_authenticate(iface, cmd_buf, cmd_len); 711 break; 712 } 713 } 714 715 716 static void wpa_priv_interface_deinit(struct wpa_priv_interface *iface) 717 { 718 int i; 719 720 if (iface->drv_priv) { 721 if (iface->driver->deinit) 722 iface->driver->deinit(iface->drv_priv); 723 if (iface->drv_global_priv) 724 iface->driver->global_deinit(iface->drv_global_priv); 725 } 726 727 if (iface->fd >= 0) { 728 eloop_unregister_read_sock(iface->fd); 729 close(iface->fd); 730 unlink(iface->sock_name); 731 } 732 733 for (i = 0; i < WPA_PRIV_MAX_L2; i++) { 734 if (iface->l2[i]) 735 l2_packet_deinit(iface->l2[i]); 736 } 737 738 os_free(iface->ifname); 739 os_free(iface->driver_name); 740 os_free(iface->sock_name); 741 os_free(iface); 742 } 743 744 745 static struct wpa_priv_interface * 746 wpa_priv_interface_init(void *ctx, const char *dir, const char *params) 747 { 748 struct wpa_priv_interface *iface; 749 char *pos; 750 size_t len; 751 struct sockaddr_un addr; 752 int i; 753 754 pos = os_strchr(params, ':'); 755 if (pos == NULL) 756 return NULL; 757 758 iface = os_zalloc(sizeof(*iface)); 759 if (iface == NULL) 760 return NULL; 761 iface->fd = -1; 762 iface->ctx = ctx; 763 764 len = pos - params; 765 iface->driver_name = dup_binstr(params, len); 766 if (iface->driver_name == NULL) { 767 wpa_priv_interface_deinit(iface); 768 return NULL; 769 } 770 771 for (i = 0; wpa_drivers[i]; i++) { 772 if (os_strcmp(iface->driver_name, 773 wpa_drivers[i]->name) == 0) { 774 iface->driver = wpa_drivers[i]; 775 break; 776 } 777 } 778 if (iface->driver == NULL) { 779 wpa_printf(MSG_ERROR, "Unsupported driver '%s'", 780 iface->driver_name); 781 wpa_priv_interface_deinit(iface); 782 return NULL; 783 } 784 785 pos++; 786 iface->ifname = os_strdup(pos); 787 if (iface->ifname == NULL) { 788 wpa_priv_interface_deinit(iface); 789 return NULL; 790 } 791 792 len = os_strlen(dir) + 1 + os_strlen(iface->ifname); 793 iface->sock_name = os_malloc(len + 1); 794 if (iface->sock_name == NULL) { 795 wpa_priv_interface_deinit(iface); 796 return NULL; 797 } 798 799 os_snprintf(iface->sock_name, len + 1, "%s/%s", dir, iface->ifname); 800 if (os_strlen(iface->sock_name) >= sizeof(addr.sun_path)) { 801 wpa_priv_interface_deinit(iface); 802 return NULL; 803 } 804 805 iface->fd = socket(PF_UNIX, SOCK_DGRAM, 0); 806 if (iface->fd < 0) { 807 wpa_printf(MSG_ERROR, "socket(PF_UNIX): %s", strerror(errno)); 808 wpa_priv_interface_deinit(iface); 809 return NULL; 810 } 811 812 os_memset(&addr, 0, sizeof(addr)); 813 addr.sun_family = AF_UNIX; 814 os_strlcpy(addr.sun_path, iface->sock_name, sizeof(addr.sun_path)); 815 816 if (bind(iface->fd, (struct sockaddr *) &addr, sizeof(addr)) < 0) { 817 wpa_printf(MSG_DEBUG, "bind(PF_UNIX) failed: %s", 818 strerror(errno)); 819 if (connect(iface->fd, (struct sockaddr *) &addr, 820 sizeof(addr)) < 0) { 821 wpa_printf(MSG_DEBUG, "Socket exists, but does not " 822 "allow connections - assuming it was " 823 "leftover from forced program termination"); 824 if (unlink(iface->sock_name) < 0) { 825 wpa_printf(MSG_ERROR, 826 "Could not unlink existing ctrl_iface socket '%s': %s", 827 iface->sock_name, strerror(errno)); 828 goto fail; 829 } 830 if (bind(iface->fd, (struct sockaddr *) &addr, 831 sizeof(addr)) < 0) { 832 wpa_printf(MSG_ERROR, 833 "wpa-priv-iface-init: bind(PF_UNIX): %s", 834 strerror(errno)); 835 goto fail; 836 } 837 wpa_printf(MSG_DEBUG, "Successfully replaced leftover " 838 "socket '%s'", iface->sock_name); 839 } else { 840 wpa_printf(MSG_INFO, "Socket exists and seems to be " 841 "in use - cannot override it"); 842 wpa_printf(MSG_INFO, "Delete '%s' manually if it is " 843 "not used anymore", iface->sock_name); 844 goto fail; 845 } 846 } 847 848 if (chmod(iface->sock_name, S_IRWXU | S_IRWXG | S_IRWXO) < 0) { 849 wpa_printf(MSG_ERROR, "chmod: %s", strerror(errno)); 850 goto fail; 851 } 852 853 eloop_register_read_sock(iface->fd, wpa_priv_receive, iface, NULL); 854 855 return iface; 856 857 fail: 858 wpa_priv_interface_deinit(iface); 859 return NULL; 860 } 861 862 863 static int wpa_priv_send_event(struct wpa_priv_interface *iface, int event, 864 const void *data, size_t data_len) 865 { 866 struct msghdr msg; 867 struct iovec io[2]; 868 869 io[0].iov_base = &event; 870 io[0].iov_len = sizeof(event); 871 io[1].iov_base = (u8 *) data; 872 io[1].iov_len = data_len; 873 874 os_memset(&msg, 0, sizeof(msg)); 875 msg.msg_iov = io; 876 msg.msg_iovlen = data ? 2 : 1; 877 msg.msg_name = &iface->drv_addr; 878 msg.msg_namelen = iface->drv_addr_len; 879 880 if (sendmsg(iface->fd, &msg, 0) < 0) { 881 wpa_printf(MSG_ERROR, "sendmsg(wpas_socket): %s", 882 strerror(errno)); 883 return -1; 884 } 885 886 return 0; 887 } 888 889 890 static void wpa_priv_send_auth(struct wpa_priv_interface *iface, 891 union wpa_event_data *data) 892 { 893 size_t buflen = sizeof(struct privsep_event_auth) + data->auth.ies_len; 894 struct privsep_event_auth *auth; 895 u8 *buf, *pos; 896 897 buf = os_zalloc(buflen); 898 if (buf == NULL) 899 return; 900 901 auth = (struct privsep_event_auth *) buf; 902 pos = (u8 *) (auth + 1); 903 904 os_memcpy(auth->peer, data->auth.peer, ETH_ALEN); 905 os_memcpy(auth->bssid, data->auth.bssid, ETH_ALEN); 906 auth->auth_type = data->auth.auth_type; 907 auth->auth_transaction = data->auth.auth_transaction; 908 auth->status_code = data->auth.status_code; 909 if (data->auth.ies) { 910 os_memcpy(pos, data->auth.ies, data->auth.ies_len); 911 auth->ies_len = data->auth.ies_len; 912 } 913 914 wpa_priv_send_event(iface, PRIVSEP_EVENT_AUTH, buf, buflen); 915 916 os_free(buf); 917 } 918 919 920 static void wpa_priv_send_assoc(struct wpa_priv_interface *iface, int event, 921 union wpa_event_data *data) 922 { 923 size_t buflen = 3 * sizeof(int); 924 u8 *buf, *pos; 925 int len; 926 927 if (data) { 928 buflen += data->assoc_info.req_ies_len + 929 data->assoc_info.resp_ies_len + 930 data->assoc_info.beacon_ies_len; 931 } 932 933 buf = os_malloc(buflen); 934 if (buf == NULL) 935 return; 936 937 pos = buf; 938 939 if (data && data->assoc_info.req_ies) { 940 len = data->assoc_info.req_ies_len; 941 os_memcpy(pos, &len, sizeof(int)); 942 pos += sizeof(int); 943 os_memcpy(pos, data->assoc_info.req_ies, len); 944 pos += len; 945 } else { 946 len = 0; 947 os_memcpy(pos, &len, sizeof(int)); 948 pos += sizeof(int); 949 } 950 951 if (data && data->assoc_info.resp_ies) { 952 len = data->assoc_info.resp_ies_len; 953 os_memcpy(pos, &len, sizeof(int)); 954 pos += sizeof(int); 955 os_memcpy(pos, data->assoc_info.resp_ies, len); 956 pos += len; 957 } else { 958 len = 0; 959 os_memcpy(pos, &len, sizeof(int)); 960 pos += sizeof(int); 961 } 962 963 if (data && data->assoc_info.beacon_ies) { 964 len = data->assoc_info.beacon_ies_len; 965 os_memcpy(pos, &len, sizeof(int)); 966 pos += sizeof(int); 967 os_memcpy(pos, data->assoc_info.beacon_ies, len); 968 pos += len; 969 } else { 970 len = 0; 971 os_memcpy(pos, &len, sizeof(int)); 972 pos += sizeof(int); 973 } 974 975 wpa_priv_send_event(iface, event, buf, buflen); 976 977 os_free(buf); 978 } 979 980 981 static void wpa_priv_send_interface_status(struct wpa_priv_interface *iface, 982 union wpa_event_data *data) 983 { 984 int ievent; 985 size_t len, maxlen; 986 u8 *buf; 987 char *ifname; 988 989 if (data == NULL) 990 return; 991 992 ievent = data->interface_status.ievent; 993 maxlen = sizeof(data->interface_status.ifname); 994 ifname = data->interface_status.ifname; 995 for (len = 0; len < maxlen && ifname[len]; len++) 996 ; 997 998 buf = os_malloc(sizeof(int) + len); 999 if (buf == NULL) 1000 return; 1001 1002 os_memcpy(buf, &ievent, sizeof(int)); 1003 os_memcpy(buf + sizeof(int), ifname, len); 1004 1005 wpa_priv_send_event(iface, PRIVSEP_EVENT_INTERFACE_STATUS, 1006 buf, sizeof(int) + len); 1007 1008 os_free(buf); 1009 1010 } 1011 1012 1013 static void wpa_priv_send_ft_response(struct wpa_priv_interface *iface, 1014 union wpa_event_data *data) 1015 { 1016 size_t len; 1017 u8 *buf, *pos; 1018 1019 if (data == NULL || data->ft_ies.ies == NULL) 1020 return; 1021 1022 len = sizeof(int) + ETH_ALEN + data->ft_ies.ies_len; 1023 buf = os_malloc(len); 1024 if (buf == NULL) 1025 return; 1026 1027 pos = buf; 1028 os_memcpy(pos, &data->ft_ies.ft_action, sizeof(int)); 1029 pos += sizeof(int); 1030 os_memcpy(pos, data->ft_ies.target_ap, ETH_ALEN); 1031 pos += ETH_ALEN; 1032 os_memcpy(pos, data->ft_ies.ies, data->ft_ies.ies_len); 1033 1034 wpa_priv_send_event(iface, PRIVSEP_EVENT_FT_RESPONSE, buf, len); 1035 1036 os_free(buf); 1037 1038 } 1039 1040 1041 void wpa_supplicant_event(void *ctx, enum wpa_event_type event, 1042 union wpa_event_data *data) 1043 { 1044 struct wpa_priv_interface *iface = ctx; 1045 1046 wpa_printf(MSG_DEBUG, "%s - event=%d", __func__, event); 1047 1048 if (!iface->wpas_registered) { 1049 wpa_printf(MSG_DEBUG, "Driver event received, but " 1050 "wpa_supplicant not registered"); 1051 return; 1052 } 1053 1054 switch (event) { 1055 case EVENT_ASSOC: 1056 wpa_priv_send_assoc(iface, PRIVSEP_EVENT_ASSOC, data); 1057 break; 1058 case EVENT_DISASSOC: 1059 wpa_priv_send_event(iface, PRIVSEP_EVENT_DISASSOC, NULL, 0); 1060 break; 1061 case EVENT_ASSOCINFO: 1062 if (data == NULL) 1063 return; 1064 wpa_priv_send_assoc(iface, PRIVSEP_EVENT_ASSOCINFO, data); 1065 break; 1066 case EVENT_MICHAEL_MIC_FAILURE: 1067 if (data == NULL) 1068 return; 1069 wpa_priv_send_event(iface, PRIVSEP_EVENT_MICHAEL_MIC_FAILURE, 1070 &data->michael_mic_failure.unicast, 1071 sizeof(int)); 1072 break; 1073 case EVENT_SCAN_STARTED: 1074 wpa_priv_send_event(iface, PRIVSEP_EVENT_SCAN_STARTED, NULL, 1075 0); 1076 break; 1077 case EVENT_SCAN_RESULTS: 1078 wpa_priv_send_event(iface, PRIVSEP_EVENT_SCAN_RESULTS, NULL, 1079 0); 1080 break; 1081 case EVENT_INTERFACE_STATUS: 1082 wpa_priv_send_interface_status(iface, data); 1083 break; 1084 case EVENT_PMKID_CANDIDATE: 1085 if (data == NULL) 1086 return; 1087 wpa_priv_send_event(iface, PRIVSEP_EVENT_PMKID_CANDIDATE, 1088 &data->pmkid_candidate, 1089 sizeof(struct pmkid_candidate)); 1090 break; 1091 case EVENT_FT_RESPONSE: 1092 wpa_priv_send_ft_response(iface, data); 1093 break; 1094 case EVENT_AUTH: 1095 wpa_priv_send_auth(iface, data); 1096 break; 1097 default: 1098 wpa_printf(MSG_DEBUG, "Unsupported driver event %d (%s) - TODO", 1099 event, event_to_string(event)); 1100 break; 1101 } 1102 } 1103 1104 1105 void wpa_supplicant_event_global(void *ctx, enum wpa_event_type event, 1106 union wpa_event_data *data) 1107 { 1108 struct wpa_priv_global *global = ctx; 1109 struct wpa_priv_interface *iface; 1110 1111 if (event != EVENT_INTERFACE_STATUS) 1112 return; 1113 1114 for (iface = global->interfaces; iface; iface = iface->next) { 1115 if (os_strcmp(iface->ifname, data->interface_status.ifname) == 1116 0) 1117 break; 1118 } 1119 if (iface && iface->driver->get_ifindex) { 1120 unsigned int ifindex; 1121 1122 ifindex = iface->driver->get_ifindex(iface->drv_priv); 1123 if (ifindex != data->interface_status.ifindex) { 1124 wpa_printf(MSG_DEBUG, 1125 "%s: interface status ifindex %d mismatch (%d)", 1126 iface->ifname, ifindex, 1127 data->interface_status.ifindex); 1128 return; 1129 } 1130 } 1131 if (iface) 1132 wpa_supplicant_event(iface, event, data); 1133 } 1134 1135 1136 void wpa_supplicant_rx_eapol(void *ctx, const u8 *src_addr, 1137 const u8 *buf, size_t len) 1138 { 1139 struct wpa_priv_interface *iface = ctx; 1140 struct msghdr msg; 1141 struct iovec io[3]; 1142 int event = PRIVSEP_EVENT_RX_EAPOL; 1143 1144 wpa_printf(MSG_DEBUG, "RX EAPOL from driver"); 1145 io[0].iov_base = &event; 1146 io[0].iov_len = sizeof(event); 1147 io[1].iov_base = (u8 *) src_addr; 1148 io[1].iov_len = ETH_ALEN; 1149 io[2].iov_base = (u8 *) buf; 1150 io[2].iov_len = len; 1151 1152 os_memset(&msg, 0, sizeof(msg)); 1153 msg.msg_iov = io; 1154 msg.msg_iovlen = 3; 1155 msg.msg_name = &iface->drv_addr; 1156 msg.msg_namelen = iface->drv_addr_len; 1157 1158 if (sendmsg(iface->fd, &msg, 0) < 0) 1159 wpa_printf(MSG_ERROR, "sendmsg(wpas_socket): %s", 1160 strerror(errno)); 1161 } 1162 1163 1164 static void wpa_priv_terminate(int sig, void *signal_ctx) 1165 { 1166 wpa_printf(MSG_DEBUG, "wpa_priv termination requested"); 1167 eloop_terminate(); 1168 } 1169 1170 1171 static void wpa_priv_fd_workaround(void) 1172 { 1173 #ifdef __linux__ 1174 int s, i; 1175 /* When started from pcmcia-cs scripts, wpa_supplicant might start with 1176 * fd 0, 1, and 2 closed. This will cause some issues because many 1177 * places in wpa_supplicant are still printing out to stdout. As a 1178 * workaround, make sure that fd's 0, 1, and 2 are not used for other 1179 * sockets. */ 1180 for (i = 0; i < 3; i++) { 1181 s = open("/dev/null", O_RDWR); 1182 if (s > 2) { 1183 close(s); 1184 break; 1185 } 1186 } 1187 #endif /* __linux__ */ 1188 } 1189 1190 1191 static void usage(void) 1192 { 1193 printf("wpa_priv v%s\n" 1194 "Copyright (c) 2007-2017, Jouni Malinen <j@w1.fi> and " 1195 "contributors\n" 1196 "\n" 1197 "usage:\n" 1198 " wpa_priv [-Bdd] [-c<ctrl dir>] [-P<pid file>] " 1199 "<driver:ifname> \\\n" 1200 " [driver:ifname ...]\n", 1201 VERSION_STR); 1202 } 1203 1204 1205 int main(int argc, char *argv[]) 1206 { 1207 int c, i; 1208 int ret = -1; 1209 char *pid_file = NULL; 1210 int daemonize = 0; 1211 char *ctrl_dir = "/var/run/wpa_priv"; 1212 struct wpa_priv_global global; 1213 struct wpa_priv_interface *iface; 1214 1215 if (os_program_init()) 1216 return -1; 1217 1218 wpa_priv_fd_workaround(); 1219 1220 os_memset(&global, 0, sizeof(global)); 1221 global.interfaces = NULL; 1222 1223 for (;;) { 1224 c = getopt(argc, argv, "Bc:dP:"); 1225 if (c < 0) 1226 break; 1227 switch (c) { 1228 case 'B': 1229 daemonize++; 1230 break; 1231 case 'c': 1232 ctrl_dir = optarg; 1233 break; 1234 case 'd': 1235 wpa_debug_level--; 1236 break; 1237 case 'P': 1238 pid_file = os_rel2abs_path(optarg); 1239 break; 1240 default: 1241 usage(); 1242 goto out2; 1243 } 1244 } 1245 1246 if (optind >= argc) { 1247 usage(); 1248 goto out2; 1249 } 1250 1251 wpa_printf(MSG_DEBUG, "wpa_priv control directory: '%s'", ctrl_dir); 1252 1253 if (eloop_init()) { 1254 wpa_printf(MSG_ERROR, "Failed to initialize event loop"); 1255 goto out2; 1256 } 1257 1258 for (i = optind; i < argc; i++) { 1259 wpa_printf(MSG_DEBUG, "Adding driver:interface %s", argv[i]); 1260 iface = wpa_priv_interface_init(&global, ctrl_dir, argv[i]); 1261 if (iface == NULL) 1262 goto out; 1263 iface->next = global.interfaces; 1264 global.interfaces = iface; 1265 } 1266 1267 if (daemonize && os_daemonize(pid_file) && eloop_sock_requeue()) 1268 goto out; 1269 1270 eloop_register_signal_terminate(wpa_priv_terminate, NULL); 1271 eloop_run(); 1272 1273 ret = 0; 1274 1275 out: 1276 iface = global.interfaces; 1277 while (iface) { 1278 struct wpa_priv_interface *prev = iface; 1279 iface = iface->next; 1280 wpa_priv_interface_deinit(prev); 1281 } 1282 1283 eloop_destroy(); 1284 1285 out2: 1286 if (daemonize) 1287 os_daemonize_terminate(pid_file); 1288 os_free(pid_file); 1289 os_program_deinit(); 1290 1291 return ret; 1292 } 1293