2 * WPA Supplicant - privilege separated driver interface
3 * Copyright (c) 2007-2009, Jouni Malinen <j@w1.fi>
5 * This program is free software; you can redistribute it and/or modify
6 * it under the terms of the GNU General Public License version 2 as
7 * published by the Free Software Foundation.
9 * Alternatively, this software may be distributed under the terms of BSD
12 * See README and COPYING for more details.
21 #include "common/privsep_commands.h"
24 struct wpa_driver_privsep_data {
26 u8 own_addr[ETH_ALEN];
28 char *own_socket_path;
31 struct sockaddr_un priv_addr;
36 static int wpa_priv_reg_cmd(struct wpa_driver_privsep_data *drv, int cmd)
40 res = sendto(drv->priv_socket, &cmd, sizeof(cmd), 0,
41 (struct sockaddr *) &drv->priv_addr,
42 sizeof(drv->priv_addr));
45 return res < 0 ? -1 : 0;
49 static int wpa_priv_cmd(struct wpa_driver_privsep_data *drv, int cmd,
50 const void *data, size_t data_len,
51 void *reply, size_t *reply_len)
56 io[0].iov_base = &cmd;
57 io[0].iov_len = sizeof(cmd);
58 io[1].iov_base = (u8 *) data;
59 io[1].iov_len = data_len;
61 os_memset(&msg, 0, sizeof(msg));
63 msg.msg_iovlen = data ? 2 : 1;
64 msg.msg_name = &drv->priv_addr;
65 msg.msg_namelen = sizeof(drv->priv_addr);
67 if (sendmsg(drv->cmd_socket, &msg, 0) < 0) {
68 perror("sendmsg(cmd_socket)");
78 FD_SET(drv->cmd_socket, &rfds);
81 res = select(drv->cmd_socket + 1, &rfds, NULL, NULL, &tv);
82 if (res < 0 && errno != EINTR) {
87 if (FD_ISSET(drv->cmd_socket, &rfds)) {
88 res = recv(drv->cmd_socket, reply, *reply_len, 0);
95 wpa_printf(MSG_DEBUG, "PRIVSEP: Timeout while waiting "
96 "for reply (cmd=%d)", cmd);
105 static int wpa_driver_privsep_scan(void *priv,
106 struct wpa_driver_scan_params *params)
108 struct wpa_driver_privsep_data *drv = priv;
109 const u8 *ssid = params->ssids[0].ssid;
110 size_t ssid_len = params->ssids[0].ssid_len;
111 wpa_printf(MSG_DEBUG, "%s: priv=%p", __func__, priv);
112 return wpa_priv_cmd(drv, PRIVSEP_CMD_SCAN, ssid, ssid_len,
117 static struct wpa_scan_results *
118 wpa_driver_privsep_get_scan_results2(void *priv)
120 struct wpa_driver_privsep_data *drv = priv;
123 size_t reply_len = 60000;
124 struct wpa_scan_results *results;
125 struct wpa_scan_res *r;
127 buf = os_malloc(reply_len);
130 res = wpa_priv_cmd(drv, PRIVSEP_CMD_GET_SCAN_RESULTS,
131 NULL, 0, buf, &reply_len);
137 wpa_printf(MSG_DEBUG, "privsep: Received %lu bytes of scan results",
138 (unsigned long) reply_len);
139 if (reply_len < sizeof(int)) {
140 wpa_printf(MSG_DEBUG, "privsep: Invalid scan result len %lu",
141 (unsigned long) reply_len);
147 end = buf + reply_len;
148 os_memcpy(&num, pos, sizeof(int));
149 if (num < 0 || num > 1000) {
155 results = os_zalloc(sizeof(*results));
156 if (results == NULL) {
161 results->res = os_zalloc(num * sizeof(struct wpa_scan_res *));
162 if (results->res == NULL) {
168 while (results->num < (size_t) num && pos + sizeof(int) < end) {
170 os_memcpy(&len, pos, sizeof(int));
172 if (len < 0 || len > 10000 || pos + len > end)
178 os_memcpy(r, pos, len);
180 if (sizeof(*r) + r->ie_len > (size_t) len) {
185 results->res[results->num++] = r;
193 static int wpa_driver_privsep_set_key(const char *ifname, void *priv,
194 enum wpa_alg alg, const u8 *addr,
195 int key_idx, int set_tx,
196 const u8 *seq, size_t seq_len,
197 const u8 *key, size_t key_len)
199 struct wpa_driver_privsep_data *drv = priv;
200 struct privsep_cmd_set_key cmd;
202 wpa_printf(MSG_DEBUG, "%s: priv=%p alg=%d key_idx=%d set_tx=%d",
203 __func__, priv, alg, key_idx, set_tx);
205 os_memset(&cmd, 0, sizeof(cmd));
208 os_memcpy(cmd.addr, addr, ETH_ALEN);
210 os_memset(cmd.addr, 0xff, ETH_ALEN);
211 cmd.key_idx = key_idx;
213 if (seq && seq_len > 0 && seq_len < sizeof(cmd.seq)) {
214 os_memcpy(cmd.seq, seq, seq_len);
215 cmd.seq_len = seq_len;
217 if (key && key_len > 0 && key_len < sizeof(cmd.key)) {
218 os_memcpy(cmd.key, key, key_len);
219 cmd.key_len = key_len;
222 return wpa_priv_cmd(drv, PRIVSEP_CMD_SET_KEY, &cmd, sizeof(cmd),
227 static int wpa_driver_privsep_associate(
228 void *priv, struct wpa_driver_associate_params *params)
230 struct wpa_driver_privsep_data *drv = priv;
231 struct privsep_cmd_associate *data;
235 wpa_printf(MSG_DEBUG, "%s: priv=%p freq=%d pairwise_suite=%d "
236 "group_suite=%d key_mgmt_suite=%d auth_alg=%d mode=%d",
237 __func__, priv, params->freq, params->pairwise_suite,
238 params->group_suite, params->key_mgmt_suite,
239 params->auth_alg, params->mode);
241 buflen = sizeof(*data) + params->wpa_ie_len;
242 data = os_zalloc(buflen);
247 os_memcpy(data->bssid, params->bssid, ETH_ALEN);
248 os_memcpy(data->ssid, params->ssid, params->ssid_len);
249 data->ssid_len = params->ssid_len;
250 data->freq = params->freq;
251 data->pairwise_suite = params->pairwise_suite;
252 data->group_suite = params->group_suite;
253 data->key_mgmt_suite = params->key_mgmt_suite;
254 data->auth_alg = params->auth_alg;
255 data->mode = params->mode;
256 data->wpa_ie_len = params->wpa_ie_len;
258 os_memcpy(data + 1, params->wpa_ie, params->wpa_ie_len);
259 /* TODO: add support for other assoc parameters */
261 res = wpa_priv_cmd(drv, PRIVSEP_CMD_ASSOCIATE, data, buflen,
269 static int wpa_driver_privsep_get_bssid(void *priv, u8 *bssid)
271 struct wpa_driver_privsep_data *drv = priv;
273 size_t len = ETH_ALEN;
275 res = wpa_priv_cmd(drv, PRIVSEP_CMD_GET_BSSID, NULL, 0, bssid, &len);
276 if (res < 0 || len != ETH_ALEN)
282 static int wpa_driver_privsep_get_ssid(void *priv, u8 *ssid)
284 struct wpa_driver_privsep_data *drv = priv;
286 u8 reply[sizeof(int) + 32];
287 size_t len = sizeof(reply);
289 res = wpa_priv_cmd(drv, PRIVSEP_CMD_GET_SSID, NULL, 0, reply, &len);
290 if (res < 0 || len < sizeof(int))
292 os_memcpy(&ssid_len, reply, sizeof(int));
293 if (ssid_len < 0 || ssid_len > 32 || sizeof(int) + ssid_len > len) {
294 wpa_printf(MSG_DEBUG, "privsep: Invalid get SSID reply");
297 os_memcpy(ssid, &reply[sizeof(int)], ssid_len);
302 static int wpa_driver_privsep_deauthenticate(void *priv, const u8 *addr,
305 //struct wpa_driver_privsep_data *drv = priv;
306 wpa_printf(MSG_DEBUG, "%s addr=" MACSTR " reason_code=%d",
307 __func__, MAC2STR(addr), reason_code);
308 wpa_printf(MSG_DEBUG, "%s - TODO", __func__);
313 static int wpa_driver_privsep_disassociate(void *priv, const u8 *addr,
316 //struct wpa_driver_privsep_data *drv = priv;
317 wpa_printf(MSG_DEBUG, "%s addr=" MACSTR " reason_code=%d",
318 __func__, MAC2STR(addr), reason_code);
319 wpa_printf(MSG_DEBUG, "%s - TODO", __func__);
324 static void wpa_driver_privsep_event_assoc(void *ctx, wpa_event_type event,
327 union wpa_event_data data;
332 os_memset(&data, 0, sizeof(data));
337 if (end - pos < (int) sizeof(int))
339 os_memcpy(&ie_len, pos, sizeof(int));
341 if (ie_len < 0 || ie_len > end - pos)
344 data.assoc_info.req_ies = pos;
345 data.assoc_info.req_ies_len = ie_len;
350 wpa_supplicant_event(ctx, event, inc_data ? &data : NULL);
354 static void wpa_driver_privsep_event_interface_status(void *ctx, u8 *buf,
357 union wpa_event_data data;
360 if (len < sizeof(int) ||
361 len - sizeof(int) > sizeof(data.interface_status.ifname))
364 os_memcpy(&ievent, buf, sizeof(int));
366 os_memset(&data, 0, sizeof(data));
367 data.interface_status.ievent = ievent;
368 os_memcpy(data.interface_status.ifname, buf + sizeof(int),
370 wpa_supplicant_event(ctx, EVENT_INTERFACE_STATUS, &data);
374 static void wpa_driver_privsep_event_michael_mic_failure(
375 void *ctx, u8 *buf, size_t len)
377 union wpa_event_data data;
379 if (len != sizeof(int))
382 os_memset(&data, 0, sizeof(data));
383 os_memcpy(&data.michael_mic_failure.unicast, buf, sizeof(int));
384 wpa_supplicant_event(ctx, EVENT_MICHAEL_MIC_FAILURE, &data);
388 static void wpa_driver_privsep_event_pmkid_candidate(void *ctx, u8 *buf,
391 union wpa_event_data data;
393 if (len != sizeof(struct pmkid_candidate))
396 os_memset(&data, 0, sizeof(data));
397 os_memcpy(&data.pmkid_candidate, buf, len);
398 wpa_supplicant_event(ctx, EVENT_PMKID_CANDIDATE, &data);
402 static void wpa_driver_privsep_event_stkstart(void *ctx, u8 *buf, size_t len)
404 union wpa_event_data data;
409 os_memset(&data, 0, sizeof(data));
410 os_memcpy(data.stkstart.peer, buf, ETH_ALEN);
411 wpa_supplicant_event(ctx, EVENT_STKSTART, &data);
415 static void wpa_driver_privsep_event_ft_response(void *ctx, u8 *buf,
418 union wpa_event_data data;
420 if (len < sizeof(int) + ETH_ALEN)
423 os_memset(&data, 0, sizeof(data));
424 os_memcpy(&data.ft_ies.ft_action, buf, sizeof(int));
425 os_memcpy(data.ft_ies.target_ap, buf + sizeof(int), ETH_ALEN);
426 data.ft_ies.ies = buf + sizeof(int) + ETH_ALEN;
427 data.ft_ies.ies_len = len - sizeof(int) - ETH_ALEN;
428 wpa_supplicant_event(ctx, EVENT_FT_RESPONSE, &data);
432 static void wpa_driver_privsep_event_rx_eapol(void *ctx, u8 *buf, size_t len)
437 wpa_supplicant_rx_eapol(ctx, buf, buf + ETH_ALEN, len - ETH_ALEN);
441 static void wpa_driver_privsep_event_sta_rx(void *ctx, u8 *buf, size_t len)
443 #ifdef CONFIG_CLIENT_MLME
444 struct ieee80211_rx_status *rx_status;
446 if (len < sizeof(*rx_status))
448 rx_status = (struct ieee80211_rx_status *) buf;
449 buf += sizeof(*rx_status);
450 len -= sizeof(*rx_status);
452 wpa_supplicant_sta_rx(ctx, buf, len, rx_status);
453 #endif /* CONFIG_CLIENT_MLME */
457 static void wpa_driver_privsep_receive(int sock, void *eloop_ctx,
460 struct wpa_driver_privsep_data *drv = eloop_ctx;
464 enum privsep_event e;
465 struct sockaddr_un from;
466 socklen_t fromlen = sizeof(from);
467 const size_t buflen = 2000;
469 buf = os_malloc(buflen);
472 res = recvfrom(sock, buf, buflen, 0,
473 (struct sockaddr *) &from, &fromlen);
475 perror("recvfrom(priv_socket)");
480 wpa_printf(MSG_DEBUG, "privsep_driver: received %u bytes", res);
482 if (res < (int) sizeof(int)) {
483 wpa_printf(MSG_DEBUG, "Too short event message (len=%d)", res);
487 os_memcpy(&event, buf, sizeof(int));
488 event_buf = &buf[sizeof(int)];
489 event_len = res - sizeof(int);
490 wpa_printf(MSG_DEBUG, "privsep: Event %d received (len=%lu)",
491 event, (unsigned long) event_len);
495 case PRIVSEP_EVENT_SCAN_RESULTS:
496 wpa_supplicant_event(drv->ctx, EVENT_SCAN_RESULTS, NULL);
498 case PRIVSEP_EVENT_ASSOC:
499 wpa_driver_privsep_event_assoc(drv->ctx, EVENT_ASSOC,
500 event_buf, event_len);
502 case PRIVSEP_EVENT_DISASSOC:
503 wpa_supplicant_event(drv->ctx, EVENT_DISASSOC, NULL);
505 case PRIVSEP_EVENT_ASSOCINFO:
506 wpa_driver_privsep_event_assoc(drv->ctx, EVENT_ASSOCINFO,
507 event_buf, event_len);
509 case PRIVSEP_EVENT_MICHAEL_MIC_FAILURE:
510 wpa_driver_privsep_event_michael_mic_failure(
511 drv->ctx, event_buf, event_len);
513 case PRIVSEP_EVENT_INTERFACE_STATUS:
514 wpa_driver_privsep_event_interface_status(drv->ctx, event_buf,
517 case PRIVSEP_EVENT_PMKID_CANDIDATE:
518 wpa_driver_privsep_event_pmkid_candidate(drv->ctx, event_buf,
521 case PRIVSEP_EVENT_STKSTART:
522 wpa_driver_privsep_event_stkstart(drv->ctx, event_buf,
525 case PRIVSEP_EVENT_FT_RESPONSE:
526 wpa_driver_privsep_event_ft_response(drv->ctx, event_buf,
529 case PRIVSEP_EVENT_RX_EAPOL:
530 wpa_driver_privsep_event_rx_eapol(drv->ctx, event_buf,
533 case PRIVSEP_EVENT_STA_RX:
534 wpa_driver_privsep_event_sta_rx(drv->ctx, event_buf,
543 static void * wpa_driver_privsep_init(void *ctx, const char *ifname)
545 struct wpa_driver_privsep_data *drv;
547 drv = os_zalloc(sizeof(*drv));
551 drv->priv_socket = -1;
552 drv->cmd_socket = -1;
553 os_strlcpy(drv->ifname, ifname, sizeof(drv->ifname));
559 static void wpa_driver_privsep_deinit(void *priv)
561 struct wpa_driver_privsep_data *drv = priv;
563 if (drv->priv_socket >= 0) {
564 wpa_priv_reg_cmd(drv, PRIVSEP_CMD_UNREGISTER);
565 eloop_unregister_read_sock(drv->priv_socket);
566 close(drv->priv_socket);
569 if (drv->own_socket_path) {
570 unlink(drv->own_socket_path);
571 os_free(drv->own_socket_path);
574 if (drv->cmd_socket >= 0) {
575 eloop_unregister_read_sock(drv->cmd_socket);
576 close(drv->cmd_socket);
579 if (drv->own_cmd_path) {
580 unlink(drv->own_cmd_path);
581 os_free(drv->own_cmd_path);
588 static int wpa_driver_privsep_set_param(void *priv, const char *param)
590 struct wpa_driver_privsep_data *drv = priv;
592 char *own_dir, *priv_dir;
593 static unsigned int counter = 0;
595 struct sockaddr_un addr;
597 wpa_printf(MSG_DEBUG, "%s: param='%s'", __func__, param);
601 pos = os_strstr(param, "own_dir=");
604 own_dir = os_strdup(pos + 8);
607 end = os_strchr(own_dir, ' ');
611 own_dir = os_strdup("/tmp");
619 pos = os_strstr(param, "priv_dir=");
622 priv_dir = os_strdup(pos + 9);
623 if (priv_dir == NULL) {
627 end = os_strchr(priv_dir, ' ');
631 priv_dir = os_strdup("/var/run/wpa_priv");
632 if (priv_dir == NULL) {
638 len = os_strlen(own_dir) + 50;
639 drv->own_socket_path = os_malloc(len);
640 if (drv->own_socket_path == NULL) {
645 os_snprintf(drv->own_socket_path, len, "%s/wpa_privsep-%d-%d",
646 own_dir, getpid(), counter++);
648 len = os_strlen(own_dir) + 50;
649 drv->own_cmd_path = os_malloc(len);
650 if (drv->own_cmd_path == NULL) {
651 os_free(drv->own_socket_path);
652 drv->own_socket_path = NULL;
657 os_snprintf(drv->own_cmd_path, len, "%s/wpa_privsep-%d-%d",
658 own_dir, getpid(), counter++);
662 drv->priv_addr.sun_family = AF_UNIX;
663 os_snprintf(drv->priv_addr.sun_path, sizeof(drv->priv_addr.sun_path),
664 "%s/%s", priv_dir, drv->ifname);
667 drv->priv_socket = socket(PF_UNIX, SOCK_DGRAM, 0);
668 if (drv->priv_socket < 0) {
669 perror("socket(PF_UNIX)");
670 os_free(drv->own_socket_path);
671 drv->own_socket_path = NULL;
675 os_memset(&addr, 0, sizeof(addr));
676 addr.sun_family = AF_UNIX;
677 os_strlcpy(addr.sun_path, drv->own_socket_path, sizeof(addr.sun_path));
678 if (bind(drv->priv_socket, (struct sockaddr *) &addr, sizeof(addr)) <
680 perror("bind(PF_UNIX)");
681 close(drv->priv_socket);
682 drv->priv_socket = -1;
683 unlink(drv->own_socket_path);
684 os_free(drv->own_socket_path);
685 drv->own_socket_path = NULL;
689 eloop_register_read_sock(drv->priv_socket, wpa_driver_privsep_receive,
692 drv->cmd_socket = socket(PF_UNIX, SOCK_DGRAM, 0);
693 if (drv->cmd_socket < 0) {
694 perror("socket(PF_UNIX)");
695 os_free(drv->own_cmd_path);
696 drv->own_cmd_path = NULL;
700 os_memset(&addr, 0, sizeof(addr));
701 addr.sun_family = AF_UNIX;
702 os_strlcpy(addr.sun_path, drv->own_cmd_path, sizeof(addr.sun_path));
703 if (bind(drv->cmd_socket, (struct sockaddr *) &addr, sizeof(addr)) < 0)
705 perror("bind(PF_UNIX)");
706 close(drv->cmd_socket);
707 drv->cmd_socket = -1;
708 unlink(drv->own_cmd_path);
709 os_free(drv->own_cmd_path);
710 drv->own_cmd_path = NULL;
714 if (wpa_priv_reg_cmd(drv, PRIVSEP_CMD_REGISTER) < 0) {
715 wpa_printf(MSG_ERROR, "Failed to register with wpa_priv");
723 static int wpa_driver_privsep_get_capa(void *priv,
724 struct wpa_driver_capa *capa)
726 struct wpa_driver_privsep_data *drv = priv;
728 size_t len = sizeof(*capa);
730 res = wpa_priv_cmd(drv, PRIVSEP_CMD_GET_CAPA, NULL, 0, capa, &len);
731 if (res < 0 || len != sizeof(*capa))
737 static const u8 * wpa_driver_privsep_get_mac_addr(void *priv)
739 struct wpa_driver_privsep_data *drv = priv;
740 wpa_printf(MSG_DEBUG, "%s", __func__);
741 return drv->own_addr;
745 static int wpa_driver_privsep_set_country(void *priv, const char *alpha2)
747 struct wpa_driver_privsep_data *drv = priv;
748 wpa_printf(MSG_DEBUG, "%s country='%s'", __func__, alpha2);
749 return wpa_priv_cmd(drv, PRIVSEP_CMD_SET_COUNTRY, alpha2,
750 os_strlen(alpha2), NULL, NULL);
754 struct wpa_driver_ops wpa_driver_privsep_ops = {
756 "wpa_supplicant privilege separated driver",
757 .get_bssid = wpa_driver_privsep_get_bssid,
758 .get_ssid = wpa_driver_privsep_get_ssid,
759 .set_key = wpa_driver_privsep_set_key,
760 .init = wpa_driver_privsep_init,
761 .deinit = wpa_driver_privsep_deinit,
762 .set_param = wpa_driver_privsep_set_param,
763 .scan2 = wpa_driver_privsep_scan,
764 .deauthenticate = wpa_driver_privsep_deauthenticate,
765 .disassociate = wpa_driver_privsep_disassociate,
766 .associate = wpa_driver_privsep_associate,
767 .get_capa = wpa_driver_privsep_get_capa,
768 .get_mac_addr = wpa_driver_privsep_get_mac_addr,
769 .get_scan_results2 = wpa_driver_privsep_get_scan_results2,
770 .set_country = wpa_driver_privsep_set_country,
774 struct wpa_driver_ops *wpa_drivers[] =
776 &wpa_driver_privsep_ops,