1 /*
2 * WPA Supplicant / UDP socket -based control interface
3 * Copyright (c) 2004-2016, Jouni Malinen <j@w1.fi>
4 *
5 * This software may be distributed under the terms of the BSD license.
6 * See README for more details.
7 */
8
9 #include "includes.h"
10
11 #include "common.h"
12 #include "eloop.h"
13 #include "config.h"
14 #include "eapol_supp/eapol_supp_sm.h"
15 #include "wpa_supplicant_i.h"
16 #include "ctrl_iface.h"
17 #include "common/wpa_ctrl.h"
18
19
20 #define COOKIE_LEN 8
21
22 /* Per-interface ctrl_iface */
23
24 /**
25 * struct wpa_ctrl_dst - Internal data structure of control interface monitors
26 *
27 * This structure is used to store information about registered control
28 * interface monitors into struct wpa_supplicant. This data is private to
29 * ctrl_iface_udp.c and should not be touched directly from other files.
30 */
31 struct wpa_ctrl_dst {
32 struct wpa_ctrl_dst *next;
33 #ifdef CONFIG_CTRL_IFACE_UDP_IPV6
34 struct sockaddr_in6 addr;
35 #else /* CONFIG_CTRL_IFACE_UDP_IPV6 */
36 struct sockaddr_in addr;
37 #endif /* CONFIG_CTRL_IFACE_UDP_IPV6 */
38 socklen_t addrlen;
39 int debug_level;
40 int errors;
41 };
42
43
44 struct ctrl_iface_priv {
45 struct wpa_supplicant *wpa_s;
46 int sock;
47 struct wpa_ctrl_dst *ctrl_dst;
48 u8 cookie[COOKIE_LEN];
49 };
50
51 struct ctrl_iface_global_priv {
52 int sock;
53 struct wpa_ctrl_dst *ctrl_dst;
54 u8 cookie[COOKIE_LEN];
55 };
56
57
58 static void wpa_supplicant_ctrl_iface_send(struct wpa_supplicant *wpa_s,
59 const char *ifname, int sock,
60 struct wpa_ctrl_dst **head,
61 int level, const char *buf,
62 size_t len);
63
64
wpas_ctrl_iface_free_dst(struct wpa_ctrl_dst * dst)65 static void wpas_ctrl_iface_free_dst(struct wpa_ctrl_dst *dst)
66 {
67 struct wpa_ctrl_dst *prev;
68
69 while (dst) {
70 prev = dst;
71 dst = dst->next;
72 os_free(prev);
73 }
74 }
75
76
wpa_supplicant_ctrl_iface_attach(struct wpa_ctrl_dst ** head,struct sockaddr_in6 * from,socklen_t fromlen)77 static int wpa_supplicant_ctrl_iface_attach(struct wpa_ctrl_dst **head,
78 #ifdef CONFIG_CTRL_IFACE_UDP_IPV6
79 struct sockaddr_in6 *from,
80 #else /* CONFIG_CTRL_IFACE_UDP_IPV6 */
81 struct sockaddr_in *from,
82 #endif /* CONFIG_CTRL_IFACE_UDP_IPV6 */
83 socklen_t fromlen)
84 {
85 struct wpa_ctrl_dst *dst;
86 #ifdef CONFIG_CTRL_IFACE_UDP_IPV6
87 char addr[INET6_ADDRSTRLEN];
88 #endif /* CONFIG_UDP_IPV6 */
89
90 dst = os_zalloc(sizeof(*dst));
91 if (dst == NULL)
92 return -1;
93 os_memcpy(&dst->addr, from, sizeof(*from));
94 dst->addrlen = fromlen;
95 dst->debug_level = MSG_INFO;
96 dst->next = *head;
97 *head = dst;
98 #ifdef CONFIG_CTRL_IFACE_UDP_IPV6
99 wpa_printf(MSG_DEBUG, "CTRL_IFACE monitor attached %s:%d",
100 inet_ntop(AF_INET6, &from->sin6_addr, addr, sizeof(*from)),
101 ntohs(from->sin6_port));
102 #else /* CONFIG_CTRL_IFACE_UDP_IPV6 */
103 wpa_printf(MSG_DEBUG, "CTRL_IFACE monitor attached %s:%d",
104 inet_ntoa(from->sin_addr), ntohs(from->sin_port));
105 #endif /* CONFIG_CTRL_IFACE_UDP_IPV6 */
106 return 0;
107 }
108
109
wpa_supplicant_ctrl_iface_detach(struct wpa_ctrl_dst ** head,struct sockaddr_in6 * from,socklen_t fromlen)110 static int wpa_supplicant_ctrl_iface_detach(struct wpa_ctrl_dst **head,
111 #ifdef CONFIG_CTRL_IFACE_UDP_IPV6
112 struct sockaddr_in6 *from,
113 #else /* CONFIG_CTRL_IFACE_UDP_IPV6 */
114 struct sockaddr_in *from,
115 #endif /* CONFIG_CTRL_IFACE_UDP_IPV6 */
116 socklen_t fromlen)
117 {
118 struct wpa_ctrl_dst *dst, *prev = NULL;
119 #ifdef CONFIG_CTRL_IFACE_UDP_IPV6
120 char addr[INET6_ADDRSTRLEN];
121 #endif /* CONFIG_CTRL_IFACE_UDP_IPV6 */
122
123 dst = *head;
124 while (dst) {
125 #ifdef CONFIG_CTRL_IFACE_UDP_IPV6
126 if (from->sin6_port == dst->addr.sin6_port &&
127 !os_memcmp(&from->sin6_addr, &dst->addr.sin6_addr,
128 sizeof(from->sin6_addr))) {
129 wpa_printf(MSG_DEBUG, "CTRL_IFACE monitor detached %s:%d",
130 inet_ntop(AF_INET6, &from->sin6_addr, addr,
131 sizeof(*from)),
132 ntohs(from->sin6_port));
133 #else /* CONFIG_CTRL_IFACE_UDP_IPV6 */
134 if (from->sin_addr.s_addr == dst->addr.sin_addr.s_addr &&
135 from->sin_port == dst->addr.sin_port) {
136 wpa_printf(MSG_DEBUG, "CTRL_IFACE monitor detached "
137 "%s:%d", inet_ntoa(from->sin_addr),
138 ntohs(from->sin_port));
139 #endif /* CONFIG_CTRL_IFACE_UDP_IPV6 */
140 if (prev == NULL)
141 *head = dst->next;
142 else
143 prev->next = dst->next;
144 os_free(dst);
145 return 0;
146 }
147 prev = dst;
148 dst = dst->next;
149 }
150 return -1;
151 }
152
153
154 static int wpa_supplicant_ctrl_iface_level(struct ctrl_iface_priv *priv,
155 #ifdef CONFIG_CTRL_IFACE_UDP_IPV6
156 struct sockaddr_in6 *from,
157 #else /* CONFIG_CTRL_IFACE_UDP_IPV6 */
158 struct sockaddr_in *from,
159 #endif /* CONFIG_CTRL_IFACE_UDP_IPV6 */
160 socklen_t fromlen,
161 char *level)
162 {
163 struct wpa_ctrl_dst *dst;
164 #ifdef CONFIG_CTRL_IFACE_UDP_IPV6
165 char addr[INET6_ADDRSTRLEN];
166 #endif /* CONFIG_CTRL_IFACE_UDP_IPV6 */
167
168 wpa_printf(MSG_DEBUG, "CTRL_IFACE LEVEL %s", level);
169
170 dst = priv->ctrl_dst;
171 while (dst) {
172 #if CONFIG_CTRL_IFACE_UDP_IPV6
173 if (from->sin6_port == dst->addr.sin6_port &&
174 !os_memcmp(&from->sin6_addr, &dst->addr.sin6_addr,
175 sizeof(from->sin6_addr))) {
176 wpa_printf(MSG_DEBUG, "CTRL_IFACE changed monitor level %s:%d",
177 inet_ntop(AF_INET6, &from->sin6_addr, addr,
178 sizeof(*from)),
179 ntohs(from->sin6_port));
180 #else /* CONFIG_CTRL_IFACE_UDP_IPV6 */
181 if (from->sin_addr.s_addr == dst->addr.sin_addr.s_addr &&
182 from->sin_port == dst->addr.sin_port) {
183 wpa_printf(MSG_DEBUG, "CTRL_IFACE changed monitor "
184 "level %s:%d", inet_ntoa(from->sin_addr),
185 ntohs(from->sin_port));
186 #endif /* CONFIG_CTRL_IFACE_UDP_IPV6 */
187 dst->debug_level = atoi(level);
188 return 0;
189 }
190 dst = dst->next;
191 }
192
193 return -1;
194 }
195
196
197 static char *
198 wpa_supplicant_ctrl_iface_get_cookie(struct ctrl_iface_priv *priv,
199 size_t *reply_len)
200 {
201 char *reply;
202 reply = os_malloc(7 + 2 * COOKIE_LEN + 1);
203 if (reply == NULL) {
204 *reply_len = 1;
205 return NULL;
206 }
207
208 os_memcpy(reply, "COOKIE=", 7);
209 wpa_snprintf_hex(reply + 7, 2 * COOKIE_LEN + 1,
210 priv->cookie, COOKIE_LEN);
211
212 *reply_len = 7 + 2 * COOKIE_LEN;
213 return reply;
214 }
215
216
217 static void wpa_supplicant_ctrl_iface_receive(int sock, void *eloop_ctx,
218 void *sock_ctx)
219 {
220 struct wpa_supplicant *wpa_s = eloop_ctx;
221 struct ctrl_iface_priv *priv = sock_ctx;
222 char buf[256], *pos;
223 int res;
224 #ifdef CONFIG_CTRL_IFACE_UDP_IPV6
225 struct sockaddr_in6 from;
226 #ifndef CONFIG_CTRL_IFACE_UDP_REMOTE
227 char addr[INET6_ADDRSTRLEN];
228 #endif /* CONFIG_CTRL_IFACE_UDP_REMOTE */
229 #else /* CONFIG_CTRL_IFACE_UDP_IPV6 */
230 struct sockaddr_in from;
231 #endif /* CONFIG_CTRL_IFACE_UDP_IPV6 */
232 socklen_t fromlen = sizeof(from);
233 char *reply = NULL;
234 size_t reply_len = 0;
235 int new_attached = 0;
236 u8 cookie[COOKIE_LEN];
237
238 res = recvfrom(sock, buf, sizeof(buf) - 1, 0,
239 (struct sockaddr *) &from, &fromlen);
240 if (res < 0) {
241 wpa_printf(MSG_ERROR, "recvfrom(ctrl_iface): %s",
242 strerror(errno));
243 return;
244 }
245
246 #ifndef CONFIG_CTRL_IFACE_UDP_REMOTE
247 #ifdef CONFIG_CTRL_IFACE_UDP_IPV6
248 inet_ntop(AF_INET6, &from.sin6_addr, addr, sizeof(from));
249 if (os_strcmp(addr, "::1")) {
250 wpa_printf(MSG_DEBUG, "CTRL: Drop packet from unexpected source %s",
251 addr);
252 }
253 #else /* CONFIG_CTRL_IFACE_UDP_IPV6 */
254 if (from.sin_addr.s_addr != htonl((127 << 24) | 1)) {
255 /*
256 * The OS networking stack is expected to drop this kind of
257 * frames since the socket is bound to only localhost address.
258 * Just in case, drop the frame if it is coming from any other
259 * address.
260 */
261 wpa_printf(MSG_DEBUG, "CTRL: Drop packet from unexpected "
262 "source %s", inet_ntoa(from.sin_addr));
263 return;
264 }
265 #endif /* CONFIG_CTRL_IFACE_UDP_IPV6 */
266 #endif /* CONFIG_CTRL_IFACE_UDP_REMOTE */
267
268 buf[res] = '\0';
269
270 if (os_strcmp(buf, "GET_COOKIE") == 0) {
271 reply = wpa_supplicant_ctrl_iface_get_cookie(priv, &reply_len);
272 goto done;
273 }
274
275 /*
276 * Require that the client includes a prefix with the 'cookie' value
277 * fetched with GET_COOKIE command. This is used to verify that the
278 * client has access to a bidirectional link over UDP in order to
279 * avoid attacks using forged localhost IP address even if the OS does
280 * not block such frames from remote destinations.
281 */
282 if (os_strncmp(buf, "COOKIE=", 7) != 0) {
283 wpa_printf(MSG_DEBUG, "CTLR: No cookie in the request - "
284 "drop request");
285 return;
286 }
287
288 if (hexstr2bin(buf + 7, cookie, COOKIE_LEN) < 0) {
289 wpa_printf(MSG_DEBUG, "CTLR: Invalid cookie format in the "
290 "request - drop request");
291 return;
292 }
293
294 if (os_memcmp(cookie, priv->cookie, COOKIE_LEN) != 0) {
295 wpa_printf(MSG_DEBUG, "CTLR: Invalid cookie in the request - "
296 "drop request");
297 return;
298 }
299
300 pos = buf + 7 + 2 * COOKIE_LEN;
301 while (*pos == ' ')
302 pos++;
303
304 if (os_strcmp(pos, "ATTACH") == 0) {
305 if (wpa_supplicant_ctrl_iface_attach(&priv->ctrl_dst,
306 &from, fromlen))
307 reply_len = 1;
308 else {
309 new_attached = 1;
310 reply_len = 2;
311 }
312 } else if (os_strcmp(pos, "DETACH") == 0) {
313 if (wpa_supplicant_ctrl_iface_detach(&priv->ctrl_dst,
314 &from, fromlen))
315 reply_len = 1;
316 else
317 reply_len = 2;
318 } else if (os_strncmp(pos, "LEVEL ", 6) == 0) {
319 if (wpa_supplicant_ctrl_iface_level(priv, &from, fromlen,
320 pos + 6))
321 reply_len = 1;
322 else
323 reply_len = 2;
324 } else {
325 reply = wpa_supplicant_ctrl_iface_process(wpa_s, pos,
326 &reply_len);
327 }
328
329 done:
330 if (reply) {
331 sendto(sock, reply, reply_len, 0, (struct sockaddr *) &from,
332 fromlen);
333 os_free(reply);
334 } else if (reply_len == 1) {
335 sendto(sock, "FAIL\n", 5, 0, (struct sockaddr *) &from,
336 fromlen);
337 } else if (reply_len == 2) {
338 sendto(sock, "OK\n", 3, 0, (struct sockaddr *) &from,
339 fromlen);
340 }
341
342 if (new_attached)
343 eapol_sm_notify_ctrl_attached(wpa_s->eapol);
344 }
345
346
347 static void wpa_supplicant_ctrl_iface_msg_cb(void *ctx, int level,
348 enum wpa_msg_type type,
349 const char *txt, size_t len)
350 {
351 struct wpa_supplicant *wpa_s = ctx;
352
353 if (!wpa_s)
354 return;
355
356 if (type != WPA_MSG_NO_GLOBAL && wpa_s->global->ctrl_iface) {
357 struct ctrl_iface_global_priv *priv = wpa_s->global->ctrl_iface;
358
359 if (priv->ctrl_dst) {
360 wpa_supplicant_ctrl_iface_send(
361 wpa_s,
362 type != WPA_MSG_PER_INTERFACE ?
363 NULL : wpa_s->ifname,
364 priv->sock, &priv->ctrl_dst, level, txt, len);
365 }
366 }
367
368 if (type == WPA_MSG_ONLY_GLOBAL || !wpa_s->ctrl_iface)
369 return;
370
371 wpa_supplicant_ctrl_iface_send(wpa_s, NULL, wpa_s->ctrl_iface->sock,
372 &wpa_s->ctrl_iface->ctrl_dst,
373 level, txt, len);
374 }
375
376
377 struct ctrl_iface_priv *
378 wpa_supplicant_ctrl_iface_init(struct wpa_supplicant *wpa_s)
379 {
380 struct ctrl_iface_priv *priv;
381 char port_str[40];
382 int port = WPA_CTRL_IFACE_PORT;
383 char *pos;
384 #ifdef CONFIG_CTRL_IFACE_UDP_IPV6
385 struct sockaddr_in6 addr;
386 int domain = PF_INET6;
387 #else /* CONFIG_CTRL_IFACE_UDP_IPV6 */
388 struct sockaddr_in addr;
389 int domain = PF_INET;
390 #endif /* CONFIG_CTRL_IFACE_UDP_IPV6 */
391
392 priv = os_zalloc(sizeof(*priv));
393 if (priv == NULL)
394 return NULL;
395 priv->wpa_s = wpa_s;
396 priv->sock = -1;
397 os_get_random(priv->cookie, COOKIE_LEN);
398
399 if (wpa_s->conf->ctrl_interface == NULL)
400 return priv;
401
402 pos = os_strstr(wpa_s->conf->ctrl_interface, "udp:");
403 if (pos) {
404 pos += 4;
405 port = atoi(pos);
406 if (port <= 0) {
407 wpa_printf(MSG_ERROR, "Invalid ctrl_iface UDP port: %s",
408 wpa_s->conf->ctrl_interface);
409 goto fail;
410 }
411 }
412
413 priv->sock = socket(domain, SOCK_DGRAM, 0);
414 if (priv->sock < 0) {
415 wpa_printf(MSG_ERROR, "socket(PF_INET): %s", strerror(errno));
416 goto fail;
417 }
418
419 os_memset(&addr, 0, sizeof(addr));
420 #ifdef CONFIG_CTRL_IFACE_UDP_IPV6
421 addr.sin6_family = AF_INET6;
422 #ifdef CONFIG_CTRL_IFACE_UDP_REMOTE
423 addr.sin6_addr = in6addr_any;
424 #else /* CONFIG_CTRL_IFACE_UDP_REMOTE */
425 inet_pton(AF_INET6, "::1", &addr.sin6_addr);
426 #endif /* CONFIG_CTRL_IFACE_UDP_REMOTE */
427 #else /* CONFIG_CTRL_IFACE_UDP_IPV6 */
428 addr.sin_family = AF_INET;
429 #ifdef CONFIG_CTRL_IFACE_UDP_REMOTE
430 addr.sin_addr.s_addr = INADDR_ANY;
431 #else /* CONFIG_CTRL_IFACE_UDP_REMOTE */
432 addr.sin_addr.s_addr = htonl((127 << 24) | 1);
433 #endif /* CONFIG_CTRL_IFACE_UDP_REMOTE */
434 #endif /* CONFIG_CTRL_IFACE_UDP_IPV6 */
435 try_again:
436 #ifdef CONFIG_CTRL_IFACE_UDP_IPV6
437 addr.sin6_port = htons(port);
438 #else /* CONFIG_CTRL_IFACE_UDP_IPV6 */
439 addr.sin_port = htons(port);
440 #endif /* CONFIG_CTRL_IFACE_UDP_IPV6 */
441 if (bind(priv->sock, (struct sockaddr *) &addr, sizeof(addr)) < 0) {
442 port--;
443 if ((WPA_CTRL_IFACE_PORT - port) < WPA_CTRL_IFACE_PORT_LIMIT)
444 goto try_again;
445 wpa_printf(MSG_ERROR, "bind(AF_INET): %s", strerror(errno));
446 goto fail;
447 }
448
449 /* Update the ctrl_interface value to match the selected port */
450 os_snprintf(port_str, sizeof(port_str), "udp:%d", port);
451 os_free(wpa_s->conf->ctrl_interface);
452 wpa_s->conf->ctrl_interface = os_strdup(port_str);
453 if (!wpa_s->conf->ctrl_interface) {
454 wpa_msg(wpa_s, MSG_ERROR, "Failed to malloc ctrl_interface");
455 goto fail;
456 }
457
458 #ifdef CONFIG_CTRL_IFACE_UDP_REMOTE
459 wpa_msg(wpa_s, MSG_DEBUG, "ctrl_iface_init UDP port: %d", port);
460 #endif /* CONFIG_CTRL_IFACE_UDP_REMOTE */
461
462 eloop_register_read_sock(priv->sock, wpa_supplicant_ctrl_iface_receive,
463 wpa_s, priv);
464 wpa_msg_register_cb(wpa_supplicant_ctrl_iface_msg_cb);
465
466 return priv;
467
468 fail:
469 if (priv->sock >= 0)
470 close(priv->sock);
471 os_free(priv);
472 return NULL;
473 }
474
475
476 void wpa_supplicant_ctrl_iface_deinit(struct ctrl_iface_priv *priv)
477 {
478 if (priv->sock > -1) {
479 eloop_unregister_read_sock(priv->sock);
480 if (priv->ctrl_dst) {
481 /*
482 * Wait before closing the control socket if
483 * there are any attached monitors in order to allow
484 * them to receive any pending messages.
485 */
486 wpa_printf(MSG_DEBUG, "CTRL_IFACE wait for attached "
487 "monitors to receive messages");
488 os_sleep(0, 100000);
489 }
490 close(priv->sock);
491 priv->sock = -1;
492 }
493
494 wpas_ctrl_iface_free_dst(priv->ctrl_dst);
495 os_free(priv);
496 }
497
498
499 static void wpa_supplicant_ctrl_iface_send(struct wpa_supplicant *wpa_s,
500 const char *ifname, int sock,
501 struct wpa_ctrl_dst **head,
502 int level, const char *buf,
503 size_t len)
504 {
505 struct wpa_ctrl_dst *dst, *next;
506 char levelstr[64];
507 int idx;
508 char *sbuf;
509 int llen;
510 #ifdef CONFIG_CTRL_IFACE_UDP_IPV6
511 char addr[INET6_ADDRSTRLEN];
512 #endif /* CONFIG_CTRL_IFACE_UDP_IPV6 */
513
514 dst = *head;
515 if (sock < 0 || dst == NULL)
516 return;
517
518 if (ifname)
519 os_snprintf(levelstr, sizeof(levelstr), "IFACE=%s <%d>",
520 ifname, level);
521 else
522 os_snprintf(levelstr, sizeof(levelstr), "<%d>", level);
523
524 llen = os_strlen(levelstr);
525 sbuf = os_malloc(llen + len);
526 if (sbuf == NULL)
527 return;
528
529 os_memcpy(sbuf, levelstr, llen);
530 os_memcpy(sbuf + llen, buf, len);
531
532 idx = 0;
533 while (dst) {
534 next = dst->next;
535 if (level >= dst->debug_level) {
536 #ifdef CONFIG_CTRL_IFACE_UDP_IPV6
537 wpa_printf(MSG_DEBUG, "CTRL_IFACE monitor send %s:%d",
538 inet_ntop(AF_INET6, &dst->addr.sin6_addr,
539 addr, sizeof(dst->addr)),
540 ntohs(dst->addr.sin6_port));
541 #else /* CONFIG_CTRL_IFACE_UDP_IPV6 */
542 wpa_printf(MSG_DEBUG, "CTRL_IFACE monitor send %s:%d",
543 inet_ntoa(dst->addr.sin_addr),
544 ntohs(dst->addr.sin_port));
545 #endif /* CONFIG_CTRL_IFACE_UDP_IPV6 */
546 if (sendto(sock, sbuf, llen + len, 0,
547 (struct sockaddr *) &dst->addr,
548 sizeof(dst->addr)) < 0) {
549 wpa_printf(MSG_ERROR,
550 "sendto(CTRL_IFACE monitor): %s",
551 strerror(errno));
552 dst->errors++;
553 if (dst->errors > 10) {
554 wpa_supplicant_ctrl_iface_detach(
555 head, &dst->addr,
556 dst->addrlen);
557 }
558 } else
559 dst->errors = 0;
560 }
561 idx++;
562 dst = next;
563 }
564 os_free(sbuf);
565 }
566
567
568 void wpa_supplicant_ctrl_iface_wait(struct ctrl_iface_priv *priv)
569 {
570 wpa_printf(MSG_DEBUG, "CTRL_IFACE - %s - wait for monitor",
571 priv->wpa_s->ifname);
572 eloop_wait_for_read_sock(priv->sock);
573 }
574
575
576 /* Global ctrl_iface */
577
578 static char *
579 wpa_supplicant_global_get_cookie(struct ctrl_iface_global_priv *priv,
580 size_t *reply_len)
581 {
582 char *reply;
583 reply = os_malloc(7 + 2 * COOKIE_LEN + 1);
584 if (reply == NULL) {
585 *reply_len = 1;
586 return NULL;
587 }
588
589 os_memcpy(reply, "COOKIE=", 7);
590 wpa_snprintf_hex(reply + 7, 2 * COOKIE_LEN + 1,
591 priv->cookie, COOKIE_LEN);
592
593 *reply_len = 7 + 2 * COOKIE_LEN;
594 return reply;
595 }
596
597
598 static void wpa_supplicant_global_ctrl_iface_receive(int sock, void *eloop_ctx,
599 void *sock_ctx)
600 {
601 struct wpa_global *global = eloop_ctx;
602 struct ctrl_iface_global_priv *priv = sock_ctx;
603 char buf[256], *pos;
604 int res;
605 #ifdef CONFIG_CTRL_IFACE_UDP_IPV6
606 struct sockaddr_in6 from;
607 #else /* CONFIG_CTRL_IFACE_UDP_IPV6 */
608 struct sockaddr_in from;
609 #endif /* CONFIG_CTRL_IFACE_UDP_IPV6 */
610 socklen_t fromlen = sizeof(from);
611 char *reply = NULL;
612 size_t reply_len;
613 u8 cookie[COOKIE_LEN];
614
615 res = recvfrom(sock, buf, sizeof(buf) - 1, 0,
616 (struct sockaddr *) &from, &fromlen);
617 if (res < 0) {
618 wpa_printf(MSG_ERROR, "recvfrom(ctrl_iface): %s",
619 strerror(errno));
620 return;
621 }
622
623 #ifndef CONFIG_CTRL_IFACE_UDP_REMOTE
624 #ifndef CONFIG_CTRL_IFACE_UDP_IPV6
625 if (from.sin_addr.s_addr != htonl((127 << 24) | 1)) {
626 /*
627 * The OS networking stack is expected to drop this kind of
628 * frames since the socket is bound to only localhost address.
629 * Just in case, drop the frame if it is coming from any other
630 * address.
631 */
632 wpa_printf(MSG_DEBUG, "CTRL: Drop packet from unexpected "
633 "source %s", inet_ntoa(from.sin_addr));
634 return;
635 }
636 #endif /* CONFIG_CTRL_IFACE_UDP_IPV6 */
637 #endif /* CONFIG_CTRL_IFACE_UDP_REMOTE */
638
639 buf[res] = '\0';
640
641 if (os_strcmp(buf, "GET_COOKIE") == 0) {
642 reply = wpa_supplicant_global_get_cookie(priv, &reply_len);
643 goto done;
644 }
645
646 if (os_strncmp(buf, "COOKIE=", 7) != 0) {
647 wpa_printf(MSG_DEBUG, "CTLR: No cookie in the request - "
648 "drop request");
649 return;
650 }
651
652 if (hexstr2bin(buf + 7, cookie, COOKIE_LEN) < 0) {
653 wpa_printf(MSG_DEBUG, "CTLR: Invalid cookie format in the "
654 "request - drop request");
655 return;
656 }
657
658 if (os_memcmp(cookie, priv->cookie, COOKIE_LEN) != 0) {
659 wpa_printf(MSG_DEBUG, "CTLR: Invalid cookie in the request - "
660 "drop request");
661 return;
662 }
663
664 pos = buf + 7 + 2 * COOKIE_LEN;
665 while (*pos == ' ')
666 pos++;
667
668 if (os_strcmp(pos, "ATTACH") == 0) {
669 if (wpa_supplicant_ctrl_iface_attach(&priv->ctrl_dst,
670 &from, fromlen))
671 reply_len = 1;
672 else
673 reply_len = 2;
674 } else if (os_strcmp(pos, "DETACH") == 0) {
675 if (wpa_supplicant_ctrl_iface_detach(&priv->ctrl_dst,
676 &from, fromlen))
677 reply_len = 1;
678 else
679 reply_len = 2;
680 } else {
681 reply = wpa_supplicant_global_ctrl_iface_process(global, pos,
682 &reply_len);
683 }
684
685 done:
686 if (reply) {
687 sendto(sock, reply, reply_len, 0, (struct sockaddr *) &from,
688 fromlen);
689 os_free(reply);
690 } else if (reply_len == 1) {
691 sendto(sock, "FAIL\n", 5, 0, (struct sockaddr *) &from,
692 fromlen);
693 } else if (reply_len == 2) {
694 sendto(sock, "OK\n", 3, 0, (struct sockaddr *) &from,
695 fromlen);
696 }
697 }
698
699
700 struct ctrl_iface_global_priv *
701 wpa_supplicant_global_ctrl_iface_init(struct wpa_global *global)
702 {
703 struct ctrl_iface_global_priv *priv;
704 struct sockaddr_in addr;
705 char *pos;
706 int port = WPA_GLOBAL_CTRL_IFACE_PORT;
707
708 priv = os_zalloc(sizeof(*priv));
709 if (priv == NULL)
710 return NULL;
711 priv->sock = -1;
712 os_get_random(priv->cookie, COOKIE_LEN);
713
714 if (global->params.ctrl_interface == NULL)
715 return priv;
716
717 wpa_printf(MSG_DEBUG, "Global control interface '%s'",
718 global->params.ctrl_interface);
719
720 pos = os_strstr(global->params.ctrl_interface, "udp:");
721 if (pos) {
722 pos += 4;
723 port = atoi(pos);
724 if (port <= 0) {
725 wpa_printf(MSG_ERROR, "Invalid global ctrl UDP port %s",
726 global->params.ctrl_interface);
727 goto fail;
728 }
729 }
730
731 priv->sock = socket(PF_INET, SOCK_DGRAM, 0);
732 if (priv->sock < 0) {
733 wpa_printf(MSG_ERROR, "socket(PF_INET): %s", strerror(errno));
734 goto fail;
735 }
736
737 os_memset(&addr, 0, sizeof(addr));
738 addr.sin_family = AF_INET;
739 #ifdef CONFIG_CTRL_IFACE_UDP_REMOTE
740 addr.sin_addr.s_addr = INADDR_ANY;
741 #else /* CONFIG_CTRL_IFACE_UDP_REMOTE */
742 addr.sin_addr.s_addr = htonl((127 << 24) | 1);
743 #endif /* CONFIG_CTRL_IFACE_UDP_REMOTE */
744 try_again:
745 addr.sin_port = htons(port);
746 if (bind(priv->sock, (struct sockaddr *) &addr, sizeof(addr)) < 0) {
747 port++;
748 if ((port - WPA_GLOBAL_CTRL_IFACE_PORT) <
749 WPA_GLOBAL_CTRL_IFACE_PORT_LIMIT && !pos)
750 goto try_again;
751 wpa_printf(MSG_ERROR, "bind(AF_INET): %s", strerror(errno));
752 goto fail;
753 }
754
755 #ifdef CONFIG_CTRL_IFACE_UDP_REMOTE
756 wpa_printf(MSG_DEBUG, "global_ctrl_iface_init UDP port: %d", port);
757 #endif /* CONFIG_CTRL_IFACE_UDP_REMOTE */
758
759 eloop_register_read_sock(priv->sock,
760 wpa_supplicant_global_ctrl_iface_receive,
761 global, priv);
762 wpa_msg_register_cb(wpa_supplicant_ctrl_iface_msg_cb);
763
764 return priv;
765
766 fail:
767 if (priv->sock >= 0)
768 close(priv->sock);
769 os_free(priv);
770 return NULL;
771 }
772
773
774 void
775 wpa_supplicant_global_ctrl_iface_deinit(struct ctrl_iface_global_priv *priv)
776 {
777 if (priv->sock >= 0) {
778 eloop_unregister_read_sock(priv->sock);
779 close(priv->sock);
780 }
781
782 wpas_ctrl_iface_free_dst(priv->ctrl_dst);
783 os_free(priv);
784 }
785