1 /*
2 * WPA Supplicant / UDP socket -based control interface
3 * Copyright (c) 2004-2020, Jouni Malinen <j@w1.fi>
4 *
5 * This software may be distributed under the terms of the BSD license.
6 * See README for more details.
7 */
8
9 #include "includes.h"
10
11 #include "common.h"
12 #include "eloop.h"
13 #include "config.h"
14 #include "eapol_supp/eapol_supp_sm.h"
15 #include "wpa_supplicant_i.h"
16 #include "ctrl_iface.h"
17 #include "common/wpa_ctrl.h"
18
19
20 #define COOKIE_LEN 8
21 /* Per-interface ctrl_iface */
22
23 /**
24 * struct wpa_ctrl_dst - Internal data structure of control interface monitors
25 *
26 * This structure is used to store information about registered control
27 * interface monitors into struct wpa_supplicant. This data is private to
28 * ctrl_iface_udp.c and should not be touched directly from other files.
29 */
30 struct wpa_ctrl_dst {
31 struct wpa_ctrl_dst *next;
32 #ifdef CONFIG_CTRL_IFACE_UDP_IPV6
33 struct sockaddr_in6 addr;
34 #else /* CONFIG_CTRL_IFACE_UDP_IPV6 */
35 struct sockaddr_in addr;
36 #endif /* CONFIG_CTRL_IFACE_UDP_IPV6 */
37 socklen_t addrlen;
38 int debug_level;
39 int errors;
40 };
41
42
43 struct ctrl_iface_priv {
44 struct wpa_supplicant *wpa_s;
45 int sock;
46 struct wpa_ctrl_dst *ctrl_dst;
47 u8 cookie[COOKIE_LEN];
48 };
49
50 struct ctrl_iface_global_priv {
51 int sock;
52 struct wpa_ctrl_dst *ctrl_dst;
53 u8 cookie[COOKIE_LEN];
54 };
55
56
57 static void wpa_supplicant_ctrl_iface_send(struct wpa_supplicant *wpa_s,
58 const char *ifname, int sock,
59 struct wpa_ctrl_dst **head,
60 int level, const char *buf,
61 size_t len);
62
63
wpas_ctrl_iface_free_dst(struct wpa_ctrl_dst * dst)64 static void wpas_ctrl_iface_free_dst(struct wpa_ctrl_dst *dst)
65 {
66 struct wpa_ctrl_dst *prev;
67
68 while (dst) {
69 prev = dst;
70 dst = dst->next;
71 os_free(prev);
72 }
73 }
74
75
wpa_supplicant_ctrl_iface_attach(struct wpa_ctrl_dst ** head,struct sockaddr_in6 * from,socklen_t fromlen)76 static int wpa_supplicant_ctrl_iface_attach(struct wpa_ctrl_dst **head,
77 #ifdef CONFIG_CTRL_IFACE_UDP_IPV6
78 struct sockaddr_in6 *from,
79 #else /* CONFIG_CTRL_IFACE_UDP_IPV6 */
80 struct sockaddr_in *from,
81 #endif /* CONFIG_CTRL_IFACE_UDP_IPV6 */
82 socklen_t fromlen)
83 {
84 struct wpa_ctrl_dst *dst;
85 #ifdef CONFIG_CTRL_IFACE_UDP_IPV6
86 char addr[INET6_ADDRSTRLEN];
87 #endif /* CONFIG_UDP_IPV6 */
88
89 dst = os_zalloc(sizeof(*dst));
90 if (dst == NULL)
91 return -1;
92 os_memcpy(&dst->addr, from, sizeof(*from));
93 dst->addrlen = fromlen;
94 dst->debug_level = MSG_INFO;
95 dst->next = *head;
96 *head = dst;
97 #ifdef CONFIG_CTRL_IFACE_UDP_IPV6
98 wpa_printf(MSG_DEBUG, "CTRL_IFACE monitor attached %s:%d",
99 inet_ntop(AF_INET6, &from->sin6_addr, addr, sizeof(*from)),
100 ntohs(from->sin6_port));
101 #else /* CONFIG_CTRL_IFACE_UDP_IPV6 */
102 wpa_printf(MSG_DEBUG, "CTRL_IFACE monitor attached %s:%d",
103 inet_ntoa(from->sin_addr), ntohs(from->sin_port));
104 #endif /* CONFIG_CTRL_IFACE_UDP_IPV6 */
105 return 0;
106 }
107
108
wpa_supplicant_ctrl_iface_detach(struct wpa_ctrl_dst ** head,struct sockaddr_in6 * from,socklen_t fromlen)109 static int wpa_supplicant_ctrl_iface_detach(struct wpa_ctrl_dst **head,
110 #ifdef CONFIG_CTRL_IFACE_UDP_IPV6
111 struct sockaddr_in6 *from,
112 #else /* CONFIG_CTRL_IFACE_UDP_IPV6 */
113 struct sockaddr_in *from,
114 #endif /* CONFIG_CTRL_IFACE_UDP_IPV6 */
115 socklen_t fromlen)
116 {
117 struct wpa_ctrl_dst *dst, *prev = NULL;
118 #ifdef CONFIG_CTRL_IFACE_UDP_IPV6
119 char addr[INET6_ADDRSTRLEN];
120 #endif /* CONFIG_CTRL_IFACE_UDP_IPV6 */
121
122 dst = *head;
123 while (dst) {
124 #ifdef CONFIG_CTRL_IFACE_UDP_IPV6
125 if (from->sin6_port == dst->addr.sin6_port &&
126 !os_memcmp(&from->sin6_addr, &dst->addr.sin6_addr,
127 sizeof(from->sin6_addr))) {
128 wpa_printf(MSG_DEBUG, "CTRL_IFACE monitor detached %s:%d",
129 inet_ntop(AF_INET6, &from->sin6_addr, addr,
130 sizeof(*from)),
131 ntohs(from->sin6_port));
132 #else /* CONFIG_CTRL_IFACE_UDP_IPV6 */
133 if (from->sin_addr.s_addr == dst->addr.sin_addr.s_addr &&
134 from->sin_port == dst->addr.sin_port) {
135 wpa_printf(MSG_DEBUG, "CTRL_IFACE monitor detached "
136 "%s:%d", inet_ntoa(from->sin_addr),
137 ntohs(from->sin_port));
138 #endif /* CONFIG_CTRL_IFACE_UDP_IPV6 */
139 if (prev == NULL)
140 *head = dst->next;
141 else
142 prev->next = dst->next;
143 os_free(dst);
144 return 0;
145 }
146 prev = dst;
147 dst = dst->next;
148 }
149 return -1;
150 }
151
152
153 static int wpa_supplicant_ctrl_iface_level(struct ctrl_iface_priv *priv,
154 #ifdef CONFIG_CTRL_IFACE_UDP_IPV6
155 struct sockaddr_in6 *from,
156 #else /* CONFIG_CTRL_IFACE_UDP_IPV6 */
157 struct sockaddr_in *from,
158 #endif /* CONFIG_CTRL_IFACE_UDP_IPV6 */
159 socklen_t fromlen,
160 char *level)
161 {
162 struct wpa_ctrl_dst *dst;
163 #ifdef CONFIG_CTRL_IFACE_UDP_IPV6
164 char addr[INET6_ADDRSTRLEN];
165 #endif /* CONFIG_CTRL_IFACE_UDP_IPV6 */
166
167 wpa_printf(MSG_DEBUG, "CTRL_IFACE LEVEL %s", level);
168
169 dst = priv->ctrl_dst;
170 while (dst) {
171 #if CONFIG_CTRL_IFACE_UDP_IPV6
172 if (from->sin6_port == dst->addr.sin6_port &&
173 !os_memcmp(&from->sin6_addr, &dst->addr.sin6_addr,
174 sizeof(from->sin6_addr))) {
175 wpa_printf(MSG_DEBUG, "CTRL_IFACE changed monitor level %s:%d",
176 inet_ntop(AF_INET6, &from->sin6_addr, addr,
177 sizeof(*from)),
178 ntohs(from->sin6_port));
179 #else /* CONFIG_CTRL_IFACE_UDP_IPV6 */
180 if (from->sin_addr.s_addr == dst->addr.sin_addr.s_addr &&
181 from->sin_port == dst->addr.sin_port) {
182 wpa_printf(MSG_DEBUG, "CTRL_IFACE changed monitor "
183 "level %s:%d", inet_ntoa(from->sin_addr),
184 ntohs(from->sin_port));
185 #endif /* CONFIG_CTRL_IFACE_UDP_IPV6 */
186 dst->debug_level = atoi(level);
187 return 0;
188 }
189 dst = dst->next;
190 }
191
192 return -1;
193 }
194
195
196 static char *
197 wpa_supplicant_ctrl_iface_get_cookie(struct ctrl_iface_priv *priv,
198 size_t *reply_len)
199 {
200 char *reply;
201 reply = os_malloc(7 + 2 * COOKIE_LEN + 1);
202 if (reply == NULL) {
203 *reply_len = 1;
204 return NULL;
205 }
206
207 os_memcpy(reply, "COOKIE=", 7);
208 wpa_snprintf_hex(reply + 7, 2 * COOKIE_LEN + 1,
209 priv->cookie, COOKIE_LEN);
210
211 *reply_len = 7 + 2 * COOKIE_LEN;
212 return reply;
213 }
214
215
216 static void wpa_supplicant_ctrl_iface_receive(int sock, void *eloop_ctx,
217 void *sock_ctx)
218 {
219 struct wpa_supplicant *wpa_s = eloop_ctx;
220 struct ctrl_iface_priv *priv = sock_ctx;
221 char *buf, *pos;
222 int res;
223 #ifdef CONFIG_CTRL_IFACE_UDP_IPV6
224 struct sockaddr_in6 from;
225 #ifndef CONFIG_CTRL_IFACE_UDP_REMOTE
226 char addr[INET6_ADDRSTRLEN];
227 #endif /* CONFIG_CTRL_IFACE_UDP_REMOTE */
228 #else /* CONFIG_CTRL_IFACE_UDP_IPV6 */
229 struct sockaddr_in from;
230 #endif /* CONFIG_CTRL_IFACE_UDP_IPV6 */
231 socklen_t fromlen = sizeof(from);
232 char *reply = NULL;
233 size_t reply_len = 0;
234 int new_attached = 0;
235 u8 cookie[COOKIE_LEN];
236
237 buf = os_malloc(CTRL_IFACE_MAX_LEN + 1);
238 if (!buf)
239 return;
240 res = recvfrom(sock, buf, CTRL_IFACE_MAX_LEN, 0,
241 (struct sockaddr *) &from, &fromlen);
242 if (res < 0) {
243 wpa_printf(MSG_ERROR, "recvfrom(ctrl_iface): %s",
244 strerror(errno));
245 os_free(buf);
246 return;
247 }
248
249 #ifndef CONFIG_CTRL_IFACE_UDP_REMOTE
250 #ifdef CONFIG_CTRL_IFACE_UDP_IPV6
251 inet_ntop(AF_INET6, &from.sin6_addr, addr, sizeof(from));
252 if (os_strcmp(addr, "::1")) {
253 wpa_printf(MSG_DEBUG, "CTRL: Drop packet from unexpected source %s",
254 addr);
255 os_free(buf);
256 return;
257 }
258 #else /* CONFIG_CTRL_IFACE_UDP_IPV6 */
259 if (from.sin_addr.s_addr != htonl((127 << 24) | 1)) {
260 /*
261 * The OS networking stack is expected to drop this kind of
262 * frames since the socket is bound to only localhost address.
263 * Just in case, drop the frame if it is coming from any other
264 * address.
265 */
266 wpa_printf(MSG_DEBUG, "CTRL: Drop packet from unexpected "
267 "source %s", inet_ntoa(from.sin_addr));
268 os_free(buf);
269 return;
270 }
271 #endif /* CONFIG_CTRL_IFACE_UDP_IPV6 */
272 #endif /* CONFIG_CTRL_IFACE_UDP_REMOTE */
273
274 if ((size_t) res > CTRL_IFACE_MAX_LEN) {
275 wpa_printf(MSG_ERROR, "recvform(ctrl_iface): input truncated");
276 os_free(buf);
277 return;
278 }
279 buf[res] = '\0';
280
281 if (os_strcmp(buf, "GET_COOKIE") == 0) {
282 reply = wpa_supplicant_ctrl_iface_get_cookie(priv, &reply_len);
283 goto done;
284 }
285
286 /*
287 * Require that the client includes a prefix with the 'cookie' value
288 * fetched with GET_COOKIE command. This is used to verify that the
289 * client has access to a bidirectional link over UDP in order to
290 * avoid attacks using forged localhost IP address even if the OS does
291 * not block such frames from remote destinations.
292 */
293 if (os_strncmp(buf, "COOKIE=", 7) != 0) {
294 wpa_printf(MSG_DEBUG, "CTLR: No cookie in the request - "
295 "drop request");
296 os_free(buf);
297 return;
298 }
299
300 if (hexstr2bin(buf + 7, cookie, COOKIE_LEN) < 0) {
301 wpa_printf(MSG_DEBUG, "CTLR: Invalid cookie format in the "
302 "request - drop request");
303 os_free(buf);
304 return;
305 }
306
307 if (os_memcmp(cookie, priv->cookie, COOKIE_LEN) != 0) {
308 wpa_printf(MSG_DEBUG, "CTLR: Invalid cookie in the request - "
309 "drop request");
310 os_free(buf);
311 return;
312 }
313
314 pos = buf + 7 + 2 * COOKIE_LEN;
315 while (*pos == ' ')
316 pos++;
317
318 if (os_strcmp(pos, "ATTACH") == 0) {
319 if (wpa_supplicant_ctrl_iface_attach(&priv->ctrl_dst,
320 &from, fromlen))
321 reply_len = 1;
322 else {
323 new_attached = 1;
324 reply_len = 2;
325 }
326 } else if (os_strcmp(pos, "DETACH") == 0) {
327 if (wpa_supplicant_ctrl_iface_detach(&priv->ctrl_dst,
328 &from, fromlen))
329 reply_len = 1;
330 else
331 reply_len = 2;
332 } else if (os_strncmp(pos, "LEVEL ", 6) == 0) {
333 if (wpa_supplicant_ctrl_iface_level(priv, &from, fromlen,
334 pos + 6))
335 reply_len = 1;
336 else
337 reply_len = 2;
338 } else {
339 reply = wpa_supplicant_ctrl_iface_process(wpa_s, pos,
340 &reply_len);
341 }
342
343 done:
344 if (reply) {
345 sendto(sock, reply, reply_len, 0, (struct sockaddr *) &from,
346 fromlen);
347 os_free(reply);
348 } else if (reply_len == 1) {
349 sendto(sock, "FAIL\n", 5, 0, (struct sockaddr *) &from,
350 fromlen);
351 } else if (reply_len == 2) {
352 sendto(sock, "OK\n", 3, 0, (struct sockaddr *) &from,
353 fromlen);
354 }
355
356 os_free(buf);
357
358 if (new_attached)
359 eapol_sm_notify_ctrl_attached(wpa_s->eapol);
360 }
361
362
363 static void wpa_supplicant_ctrl_iface_msg_cb(void *ctx, int level,
364 enum wpa_msg_type type,
365 const char *txt, size_t len)
366 {
367 struct wpa_supplicant *wpa_s = ctx;
368
369 if (!wpa_s)
370 return;
371
372 if (type != WPA_MSG_NO_GLOBAL && wpa_s->global->ctrl_iface) {
373 struct ctrl_iface_global_priv *priv = wpa_s->global->ctrl_iface;
374
375 if (priv->ctrl_dst) {
376 wpa_supplicant_ctrl_iface_send(
377 wpa_s,
378 type != WPA_MSG_PER_INTERFACE ?
379 NULL : wpa_s->ifname,
380 priv->sock, &priv->ctrl_dst, level, txt, len);
381 }
382 }
383
384 if (type == WPA_MSG_ONLY_GLOBAL || !wpa_s->ctrl_iface)
385 return;
386
387 wpa_supplicant_ctrl_iface_send(wpa_s, NULL, wpa_s->ctrl_iface->sock,
388 &wpa_s->ctrl_iface->ctrl_dst,
389 level, txt, len);
390 }
391
392
393 struct ctrl_iface_priv *
394 wpa_supplicant_ctrl_iface_init(struct wpa_supplicant *wpa_s)
395 {
396 struct ctrl_iface_priv *priv;
397 char port_str[40];
398 int port = WPA_CTRL_IFACE_PORT;
399 char *pos;
400 #ifdef CONFIG_CTRL_IFACE_UDP_IPV6
401 struct sockaddr_in6 addr;
402 int domain = PF_INET6;
403 #else /* CONFIG_CTRL_IFACE_UDP_IPV6 */
404 struct sockaddr_in addr;
405 int domain = PF_INET;
406 #endif /* CONFIG_CTRL_IFACE_UDP_IPV6 */
407
408 priv = os_zalloc(sizeof(*priv));
409 if (priv == NULL)
410 return NULL;
411 priv->wpa_s = wpa_s;
412 priv->sock = -1;
413 os_get_random(priv->cookie, COOKIE_LEN);
414
415 if (wpa_s->conf->ctrl_interface == NULL)
416 return priv;
417
418 pos = os_strstr(wpa_s->conf->ctrl_interface, "udp:");
419 if (pos) {
420 pos += 4;
421 port = atoi(pos);
422 if (port <= 0) {
423 wpa_printf(MSG_ERROR, "Invalid ctrl_iface UDP port: %s",
424 wpa_s->conf->ctrl_interface);
425 goto fail;
426 }
427 }
428
429 priv->sock = socket(domain, SOCK_DGRAM, 0);
430 if (priv->sock < 0) {
431 wpa_printf(MSG_ERROR, "socket(PF_INET): %s", strerror(errno));
432 goto fail;
433 }
434
435 os_memset(&addr, 0, sizeof(addr));
436 #ifdef CONFIG_CTRL_IFACE_UDP_IPV6
437 addr.sin6_family = AF_INET6;
438 #ifdef CONFIG_CTRL_IFACE_UDP_REMOTE
439 addr.sin6_addr = in6addr_any;
440 #else /* CONFIG_CTRL_IFACE_UDP_REMOTE */
441 inet_pton(AF_INET6, "::1", &addr.sin6_addr);
442 #endif /* CONFIG_CTRL_IFACE_UDP_REMOTE */
443 #else /* CONFIG_CTRL_IFACE_UDP_IPV6 */
444 addr.sin_family = AF_INET;
445 #ifdef CONFIG_CTRL_IFACE_UDP_REMOTE
446 addr.sin_addr.s_addr = INADDR_ANY;
447 #else /* CONFIG_CTRL_IFACE_UDP_REMOTE */
448 addr.sin_addr.s_addr = htonl((127 << 24) | 1);
449 #endif /* CONFIG_CTRL_IFACE_UDP_REMOTE */
450 #endif /* CONFIG_CTRL_IFACE_UDP_IPV6 */
451 try_again:
452 #ifdef CONFIG_CTRL_IFACE_UDP_IPV6
453 addr.sin6_port = htons(port);
454 #else /* CONFIG_CTRL_IFACE_UDP_IPV6 */
455 addr.sin_port = htons(port);
456 #endif /* CONFIG_CTRL_IFACE_UDP_IPV6 */
457 if (bind(priv->sock, (struct sockaddr *) &addr, sizeof(addr)) < 0) {
458 port--;
459 if ((WPA_CTRL_IFACE_PORT - port) < WPA_CTRL_IFACE_PORT_LIMIT)
460 goto try_again;
461 wpa_printf(MSG_ERROR, "bind(AF_INET): %s", strerror(errno));
462 goto fail;
463 }
464
465 /* Update the ctrl_interface value to match the selected port */
466 os_snprintf(port_str, sizeof(port_str), "udp:%d", port);
467 os_free(wpa_s->conf->ctrl_interface);
468 wpa_s->conf->ctrl_interface = os_strdup(port_str);
469 if (!wpa_s->conf->ctrl_interface) {
470 wpa_msg(wpa_s, MSG_ERROR, "Failed to malloc ctrl_interface");
471 goto fail;
472 }
473
474 #ifdef CONFIG_CTRL_IFACE_UDP_REMOTE
475 wpa_msg(wpa_s, MSG_DEBUG, "ctrl_iface_init UDP port: %d", port);
476 #endif /* CONFIG_CTRL_IFACE_UDP_REMOTE */
477
478 eloop_register_read_sock(priv->sock, wpa_supplicant_ctrl_iface_receive,
479 wpa_s, priv);
480 wpa_msg_register_cb(wpa_supplicant_ctrl_iface_msg_cb);
481
482 return priv;
483
484 fail:
485 if (priv->sock >= 0)
486 close(priv->sock);
487 os_free(priv);
488 return NULL;
489 }
490
491
492 void wpa_supplicant_ctrl_iface_deinit(struct wpa_supplicant *wpa_s,
493 struct ctrl_iface_priv *priv)
494 {
495 if (!priv)
496 return;
497
498 if (priv->sock > -1) {
499 eloop_unregister_read_sock(priv->sock);
500 if (priv->ctrl_dst) {
501 /*
502 * Wait before closing the control socket if
503 * there are any attached monitors in order to allow
504 * them to receive any pending messages.
505 */
506 wpa_printf(MSG_DEBUG, "CTRL_IFACE wait for attached "
507 "monitors to receive messages");
508 os_sleep(0, 100000);
509 }
510 close(priv->sock);
511 priv->sock = -1;
512 }
513
514 wpas_ctrl_iface_free_dst(priv->ctrl_dst);
515 os_free(priv);
516 }
517
518
519 static void wpa_supplicant_ctrl_iface_send(struct wpa_supplicant *wpa_s,
520 const char *ifname, int sock,
521 struct wpa_ctrl_dst **head,
522 int level, const char *buf,
523 size_t len)
524 {
525 struct wpa_ctrl_dst *dst, *next;
526 char levelstr[64];
527 int idx;
528 char *sbuf;
529 int llen;
530 #ifdef CONFIG_CTRL_IFACE_UDP_IPV6
531 char addr[INET6_ADDRSTRLEN];
532 #endif /* CONFIG_CTRL_IFACE_UDP_IPV6 */
533
534 dst = *head;
535 if (sock < 0 || dst == NULL)
536 return;
537
538 if (ifname)
539 os_snprintf(levelstr, sizeof(levelstr), "IFNAME=%s <%d>",
540 ifname, level);
541 else
542 os_snprintf(levelstr, sizeof(levelstr), "<%d>", level);
543
544 llen = os_strlen(levelstr);
545 sbuf = os_malloc(llen + len);
546 if (sbuf == NULL)
547 return;
548
549 os_memcpy(sbuf, levelstr, llen);
550 os_memcpy(sbuf + llen, buf, len);
551
552 idx = 0;
553 while (dst) {
554 next = dst->next;
555 if (level >= dst->debug_level) {
556 #ifdef CONFIG_CTRL_IFACE_UDP_IPV6
557 wpa_printf(MSG_DEBUG, "CTRL_IFACE monitor send %s:%d",
558 inet_ntop(AF_INET6, &dst->addr.sin6_addr,
559 addr, sizeof(dst->addr)),
560 ntohs(dst->addr.sin6_port));
561 #else /* CONFIG_CTRL_IFACE_UDP_IPV6 */
562 wpa_printf(MSG_DEBUG, "CTRL_IFACE monitor send %s:%d",
563 inet_ntoa(dst->addr.sin_addr),
564 ntohs(dst->addr.sin_port));
565 #endif /* CONFIG_CTRL_IFACE_UDP_IPV6 */
566 if (sendto(sock, sbuf, llen + len, 0,
567 (struct sockaddr *) &dst->addr,
568 sizeof(dst->addr)) < 0) {
569 wpa_printf(MSG_ERROR,
570 "sendto(CTRL_IFACE monitor): %s",
571 strerror(errno));
572 dst->errors++;
573 if (dst->errors > 10) {
574 wpa_supplicant_ctrl_iface_detach(
575 head, &dst->addr,
576 dst->addrlen);
577 }
578 } else
579 dst->errors = 0;
580 }
581 idx++;
582 dst = next;
583 }
584 os_free(sbuf);
585 }
586
587
588 void wpa_supplicant_ctrl_iface_wait(struct ctrl_iface_priv *priv)
589 {
590 wpa_printf(MSG_DEBUG, "CTRL_IFACE - %s - wait for monitor",
591 priv->wpa_s->ifname);
592 eloop_wait_for_read_sock(priv->sock);
593 }
594
595
596 /* Global ctrl_iface */
597
598 static char *
599 wpa_supplicant_global_get_cookie(struct ctrl_iface_global_priv *priv,
600 size_t *reply_len)
601 {
602 char *reply;
603 reply = os_malloc(7 + 2 * COOKIE_LEN + 1);
604 if (reply == NULL) {
605 *reply_len = 1;
606 return NULL;
607 }
608
609 os_memcpy(reply, "COOKIE=", 7);
610 wpa_snprintf_hex(reply + 7, 2 * COOKIE_LEN + 1,
611 priv->cookie, COOKIE_LEN);
612
613 *reply_len = 7 + 2 * COOKIE_LEN;
614 return reply;
615 }
616
617
618 static void wpa_supplicant_global_ctrl_iface_receive(int sock, void *eloop_ctx,
619 void *sock_ctx)
620 {
621 struct wpa_global *global = eloop_ctx;
622 struct ctrl_iface_global_priv *priv = sock_ctx;
623 char *buf, *pos;
624 int res;
625 #ifdef CONFIG_CTRL_IFACE_UDP_IPV6
626 struct sockaddr_in6 from;
627 #ifndef CONFIG_CTRL_IFACE_UDP_REMOTE
628 char addr[INET6_ADDRSTRLEN];
629 #endif /* CONFIG_CTRL_IFACE_UDP_REMOTE */
630 #else /* CONFIG_CTRL_IFACE_UDP_IPV6 */
631 struct sockaddr_in from;
632 #endif /* CONFIG_CTRL_IFACE_UDP_IPV6 */
633 socklen_t fromlen = sizeof(from);
634 char *reply = NULL;
635 size_t reply_len;
636 u8 cookie[COOKIE_LEN];
637
638 buf = os_malloc(CTRL_IFACE_MAX_LEN + 1);
639 if (!buf)
640 return;
641 res = recvfrom(sock, buf, CTRL_IFACE_MAX_LEN, 0,
642 (struct sockaddr *) &from, &fromlen);
643 if (res < 0) {
644 wpa_printf(MSG_ERROR, "recvfrom(ctrl_iface): %s",
645 strerror(errno));
646 os_free(buf);
647 return;
648 }
649
650 #ifndef CONFIG_CTRL_IFACE_UDP_REMOTE
651 #ifdef CONFIG_CTRL_IFACE_UDP_IPV6
652 inet_ntop(AF_INET6, &from.sin6_addr, addr, sizeof(from));
653 if (os_strcmp(addr, "::1")) {
654 wpa_printf(MSG_DEBUG, "CTRL: Drop packet from unexpected source %s",
655 addr);
656 os_free(buf);
657 return;
658 }
659 #else /* CONFIG_CTRL_IFACE_UDP_IPV6 */
660 if (from.sin_addr.s_addr != htonl((127 << 24) | 1)) {
661 /*
662 * The OS networking stack is expected to drop this kind of
663 * frames since the socket is bound to only localhost address.
664 * Just in case, drop the frame if it is coming from any other
665 * address.
666 */
667 wpa_printf(MSG_DEBUG, "CTRL: Drop packet from unexpected "
668 "source %s", inet_ntoa(from.sin_addr));
669 os_free(buf);
670 return;
671 }
672 #endif /* CONFIG_CTRL_IFACE_UDP_IPV6 */
673 #endif /* CONFIG_CTRL_IFACE_UDP_REMOTE */
674
675 if ((size_t) res > CTRL_IFACE_MAX_LEN) {
676 wpa_printf(MSG_ERROR, "recvform(ctrl_iface): input truncated");
677 os_free(buf);
678 return;
679 }
680 buf[res] = '\0';
681
682 if (os_strcmp(buf, "GET_COOKIE") == 0) {
683 reply = wpa_supplicant_global_get_cookie(priv, &reply_len);
684 goto done;
685 }
686
687 if (os_strncmp(buf, "COOKIE=", 7) != 0) {
688 wpa_printf(MSG_DEBUG, "CTLR: No cookie in the request - "
689 "drop request");
690 os_free(buf);
691 return;
692 }
693
694 if (hexstr2bin(buf + 7, cookie, COOKIE_LEN) < 0) {
695 wpa_printf(MSG_DEBUG, "CTLR: Invalid cookie format in the "
696 "request - drop request");
697 os_free(buf);
698 return;
699 }
700
701 if (os_memcmp(cookie, priv->cookie, COOKIE_LEN) != 0) {
702 wpa_printf(MSG_DEBUG, "CTLR: Invalid cookie in the request - "
703 "drop request");
704 os_free(buf);
705 return;
706 }
707
708 pos = buf + 7 + 2 * COOKIE_LEN;
709 while (*pos == ' ')
710 pos++;
711
712 if (os_strcmp(pos, "ATTACH") == 0) {
713 if (wpa_supplicant_ctrl_iface_attach(&priv->ctrl_dst,
714 &from, fromlen))
715 reply_len = 1;
716 else
717 reply_len = 2;
718 } else if (os_strcmp(pos, "DETACH") == 0) {
719 if (wpa_supplicant_ctrl_iface_detach(&priv->ctrl_dst,
720 &from, fromlen))
721 reply_len = 1;
722 else
723 reply_len = 2;
724 } else {
725 reply = wpa_supplicant_global_ctrl_iface_process(global, pos,
726 &reply_len);
727 }
728
729 done:
730 if (reply) {
731 sendto(sock, reply, reply_len, 0, (struct sockaddr *) &from,
732 fromlen);
733 os_free(reply);
734 } else if (reply_len == 1) {
735 sendto(sock, "FAIL\n", 5, 0, (struct sockaddr *) &from,
736 fromlen);
737 } else if (reply_len == 2) {
738 sendto(sock, "OK\n", 3, 0, (struct sockaddr *) &from,
739 fromlen);
740 }
741
742 os_free(buf);
743 }
744
745
746 struct ctrl_iface_global_priv *
747 wpa_supplicant_global_ctrl_iface_init(struct wpa_global *global)
748 {
749 struct ctrl_iface_global_priv *priv;
750 struct sockaddr_in addr;
751 char *pos;
752 int port = WPA_GLOBAL_CTRL_IFACE_PORT;
753
754 priv = os_zalloc(sizeof(*priv));
755 if (priv == NULL)
756 return NULL;
757 priv->sock = -1;
758 os_get_random(priv->cookie, COOKIE_LEN);
759
760 if (global->params.ctrl_interface == NULL)
761 return priv;
762
763 wpa_printf(MSG_DEBUG, "Global control interface '%s'",
764 global->params.ctrl_interface);
765
766 pos = os_strstr(global->params.ctrl_interface, "udp:");
767 if (pos) {
768 pos += 4;
769 port = atoi(pos);
770 if (port <= 0) {
771 wpa_printf(MSG_ERROR, "Invalid global ctrl UDP port %s",
772 global->params.ctrl_interface);
773 goto fail;
774 }
775 }
776
777 priv->sock = socket(PF_INET, SOCK_DGRAM, 0);
778 if (priv->sock < 0) {
779 wpa_printf(MSG_ERROR, "socket(PF_INET): %s", strerror(errno));
780 goto fail;
781 }
782
783 os_memset(&addr, 0, sizeof(addr));
784 addr.sin_family = AF_INET;
785 #ifdef CONFIG_CTRL_IFACE_UDP_REMOTE
786 addr.sin_addr.s_addr = INADDR_ANY;
787 #else /* CONFIG_CTRL_IFACE_UDP_REMOTE */
788 addr.sin_addr.s_addr = htonl((127 << 24) | 1);
789 #endif /* CONFIG_CTRL_IFACE_UDP_REMOTE */
790 try_again:
791 addr.sin_port = htons(port);
792 if (bind(priv->sock, (struct sockaddr *) &addr, sizeof(addr)) < 0) {
793 port++;
794 if ((port - WPA_GLOBAL_CTRL_IFACE_PORT) <
795 WPA_GLOBAL_CTRL_IFACE_PORT_LIMIT && !pos)
796 goto try_again;
797 wpa_printf(MSG_ERROR, "bind(AF_INET): %s", strerror(errno));
798 goto fail;
799 }
800
801 #ifdef CONFIG_CTRL_IFACE_UDP_REMOTE
802 wpa_printf(MSG_DEBUG, "global_ctrl_iface_init UDP port: %d", port);
803 #endif /* CONFIG_CTRL_IFACE_UDP_REMOTE */
804
805 eloop_register_read_sock(priv->sock,
806 wpa_supplicant_global_ctrl_iface_receive,
807 global, priv);
808 wpa_msg_register_cb(wpa_supplicant_ctrl_iface_msg_cb);
809
810 return priv;
811
812 fail:
813 if (priv->sock >= 0)
814 close(priv->sock);
815 os_free(priv);
816 return NULL;
817 }
818
819
820 void
821 wpa_supplicant_global_ctrl_iface_deinit(struct ctrl_iface_global_priv *priv)
822 {
823 if (priv->sock >= 0) {
824 eloop_unregister_read_sock(priv->sock);
825 close(priv->sock);
826 }
827
828 wpas_ctrl_iface_free_dst(priv->ctrl_dst);
829 os_free(priv);
830 }
831
