wpa_supplicant/ctrl_iface_unix.c

   1 /*
   2  * WPA Supplicant / UNIX domain socket -based control interface
   3  * Copyright (c) 2004-2014, Jouni Malinen <j@w1.fi>
   4  *
   5  * This software may be distributed under the terms of the BSD license.
   6  * See README for more details.
   7  */
   8
   9 #include "includes.h"
  10 #include <sys/un.h>
  11 #include <sys/stat.h>
  12 #include <grp.h>
  13 #include <stddef.h>
  14 #include <unistd.h>
  15 #include <fcntl.h>
  16 #ifdef ANDROID
  17 #include <cutils/sockets.h>
  18 #endif /* ANDROID */
  19
  20 #include "utils/common.h"
  21 #include "utils/eloop.h"
  22 #include "utils/list.h"
  23 #include "eapol_supp/eapol_supp_sm.h"
  24 #include "config.h"
  25 #include "wpa_supplicant_i.h"
  26 #include "ctrl_iface.h"
  27
  28 /* Per-interface ctrl_iface */
  29
  30 /**
  31  * struct wpa_ctrl_dst - Internal data structure of control interface monitors
  32  *
  33  * This structure is used to store information about registered control
  34  * interface monitors into struct wpa_supplicant. This data is private to
  35  * ctrl_iface_unix.c and should not be touched directly from other files.
  36  */
  37 struct wpa_ctrl_dst {
  38         struct dl_list list;
  39         struct sockaddr_un addr;
  40         socklen_t addrlen;
  41         int debug_level;
  42         int errors;
  43 };
  44
  45
  46 struct ctrl_iface_priv {
  47         struct wpa_supplicant *wpa_s;
  48         int sock;
  49         struct dl_list ctrl_dst;
  50         int android_control_socket;
  51 };
  52
  53
  54 struct ctrl_iface_global_priv {
  55         struct wpa_global *global;
  56         int sock;
  57         struct dl_list ctrl_dst;
  58         int android_control_socket;
  59 };
  60
  61
  62 static void wpa_supplicant_ctrl_iface_send(struct wpa_supplicant *wpa_s,
  63                                            const char *ifname, int sock,
  64                                            struct dl_list *ctrl_dst,
  65                                            int level, const char *buf,
  66                                            size_t len,
  67                                            struct ctrl_iface_priv *priv,
  68                                            struct ctrl_iface_global_priv *gp);
  69 static int wpas_ctrl_iface_reinit(struct wpa_supplicant *wpa_s,
  70                                   struct ctrl_iface_priv *priv);
  71 static int wpas_ctrl_iface_global_reinit(struct wpa_global *global,
  72                                          struct ctrl_iface_global_priv *priv);
  73
  74
  75 static int wpa_supplicant_ctrl_iface_attach(struct dl_list *ctrl_dst,
  76                                             struct sockaddr_un *from,
  77                                             socklen_t fromlen)
  78 {
  79         struct wpa_ctrl_dst *dst;
  80         char addr_txt[200];
  81
  82         dst = os_zalloc(sizeof(*dst));
  83         if (dst == NULL)
  84                 return -1;
  85         os_memcpy(&dst->addr, from, sizeof(struct sockaddr_un));
  86         dst->addrlen = fromlen;
  87         dst->debug_level = MSG_INFO;
  88         dl_list_add(ctrl_dst, &dst->list);
  89         printf_encode(addr_txt, sizeof(addr_txt),
  90                       (u8 *) from->sun_path,
  91                       fromlen - offsetof(struct sockaddr_un, sun_path));
  92         wpa_printf(MSG_DEBUG, "CTRL_IFACE monitor attached %s", addr_txt);
  93         return 0;
  94 }
  95
  96
  97 static int wpa_supplicant_ctrl_iface_detach(struct dl_list *ctrl_dst,
  98                                             struct sockaddr_un *from,
  99                                             socklen_t fromlen)
 100 {
 101         struct wpa_ctrl_dst *dst;
 102
 103         dl_list_for_each(dst, ctrl_dst, struct wpa_ctrl_dst, list) {
 104                 if (fromlen == dst->addrlen &&
 105                     os_memcmp(from->sun_path, dst->addr.sun_path,
 106                               fromlen - offsetof(struct sockaddr_un, sun_path))
 107                     == 0) {
 108                         char addr_txt[200];
 109                         printf_encode(addr_txt, sizeof(addr_txt),
 110                                       (u8 *) from->sun_path,
 111                                       fromlen -
 112                                       offsetof(struct sockaddr_un, sun_path));
 113                         wpa_printf(MSG_DEBUG, "CTRL_IFACE monitor detached %s",
 114                                    addr_txt);
 115                         dl_list_del(&dst->list);
 116                         os_free(dst);
 117                         return 0;
 118                 }
 119         }
 120         return -1;
 121 }
 122
 123
 124 static int wpa_supplicant_ctrl_iface_level(struct ctrl_iface_priv *priv,
 125                                            struct sockaddr_un *from,
 126                                            socklen_t fromlen,
 127                                            char *level)
 128 {
 129         struct wpa_ctrl_dst *dst;
 130
 131         wpa_printf(MSG_DEBUG, "CTRL_IFACE LEVEL %s", level);
 132
 133         dl_list_for_each(dst, &priv->ctrl_dst, struct wpa_ctrl_dst, list) {
 134                 if (fromlen == dst->addrlen &&
 135                     os_memcmp(from->sun_path, dst->addr.sun_path,
 136                               fromlen - offsetof(struct sockaddr_un, sun_path))
 137                     == 0) {
 138                         char addr_txt[200];
 139                         dst->debug_level = atoi(level);
 140                         printf_encode(addr_txt, sizeof(addr_txt),
 141                                       (u8 *) from->sun_path, fromlen -
 142                                       offsetof(struct sockaddr_un, sun_path));
 143                         wpa_printf(MSG_DEBUG, "CTRL_IFACE changed monitor level to %d for %s",
 144                                    dst->debug_level, addr_txt);
 145                         return 0;
 146                 }
 147         }
 148
 149         return -1;
 150 }
 151
 152
 153 static void wpa_supplicant_ctrl_iface_receive(int sock, void *eloop_ctx,
 154                                               void *sock_ctx)
 155 {
 156         struct wpa_supplicant *wpa_s = eloop_ctx;
 157         struct ctrl_iface_priv *priv = sock_ctx;
 158         char buf[4096];
 159         int res;
 160         struct sockaddr_un from;
 161         socklen_t fromlen = sizeof(from);
 162         char *reply = NULL, *reply_buf = NULL;
 163         size_t reply_len = 0;
 164         int new_attached = 0;
 165
 166         res = recvfrom(sock, buf, sizeof(buf) - 1, 0,
 167                        (struct sockaddr *) &from, &fromlen);
 168         if (res < 0) {
 169                 wpa_printf(MSG_ERROR, "recvfrom(ctrl_iface): %s",
 170                            strerror(errno));
 171                 return;
 172         }
 173         buf[res] = '\0';
 174
 175         if (os_strcmp(buf, "ATTACH") == 0) {
 176                 if (wpa_supplicant_ctrl_iface_attach(&priv->ctrl_dst, &from,
 177                                                      fromlen))
 178                         reply_len = 1;
 179                 else {
 180                         new_attached = 1;
 181                         reply_len = 2;
 182                 }
 183         } else if (os_strcmp(buf, "DETACH") == 0) {
 184                 if (wpa_supplicant_ctrl_iface_detach(&priv->ctrl_dst, &from,
 185                                                      fromlen))
 186                         reply_len = 1;
 187                 else
 188                         reply_len = 2;
 189         } else if (os_strncmp(buf, "LEVEL ", 6) == 0) {
 190                 if (wpa_supplicant_ctrl_iface_level(priv, &from, fromlen,
 191                                                     buf + 6))
 192                         reply_len = 1;
 193                 else
 194                         reply_len = 2;
 195         } else {
 196                 reply_buf = wpa_supplicant_ctrl_iface_process(wpa_s, buf,
 197                                                               &reply_len);
 198                 reply = reply_buf;
 199         }
 200
 201         if (!reply && reply_len == 1) {
 202                 reply = "FAIL\n";
 203                 reply_len = 5;
 204         } else if (!reply && reply_len == 2) {
 205                 reply = "OK\n";
 206                 reply_len = 3;
 207         }
 208
 209         if (reply) {
 210                 if (sendto(sock, reply, reply_len, 0, (struct sockaddr *) &from,
 211                            fromlen) < 0) {
 212                         int _errno = errno;
 213                         wpa_dbg(wpa_s, MSG_DEBUG,
 214                                 "ctrl_iface sendto failed: %d - %s",
 215                                 _errno, strerror(_errno));
 216                         if (_errno == ENOBUFS || _errno == EAGAIN) {
 217                                 /*
 218                                  * The socket send buffer could be full. This
 219                                  * may happen if client programs are not
 220                                  * receiving their pending messages. Close and
 221                                  * reopen the socket as a workaround to avoid
 222                                  * getting stuck being unable to send any new
 223                                  * responses.
 224                                  */
 225                                 sock = wpas_ctrl_iface_reinit(wpa_s, priv);
 226                                 if (sock < 0) {
 227                                         wpa_dbg(wpa_s, MSG_DEBUG, "Failed to reinitialize ctrl_iface socket");
 228                                 }
 229                         }
 230                         if (new_attached) {
 231                                 wpa_dbg(wpa_s, MSG_DEBUG, "Failed to send response to ATTACH - detaching");
 232                                 new_attached = 0;
 233                                 wpa_supplicant_ctrl_iface_detach(
 234                                         &priv->ctrl_dst, &from, fromlen);
 235                         }
 236                 }
 237         }
 238         os_free(reply_buf);
 239
 240         if (new_attached)
 241                 eapol_sm_notify_ctrl_attached(wpa_s->eapol);
 242 }
 243
 244
 245 static char * wpa_supplicant_ctrl_iface_path(struct wpa_supplicant *wpa_s)
 246 {
 247         char *buf;
 248         size_t len;
 249         char *pbuf, *dir = NULL;
 250         int res;
 251
 252         if (wpa_s->conf->ctrl_interface == NULL)
 253                 return NULL;
 254
 255         pbuf = os_strdup(wpa_s->conf->ctrl_interface);
 256         if (pbuf == NULL)
 257                 return NULL;
 258         if (os_strncmp(pbuf, "DIR=", 4) == 0) {
 259                 char *gid_str;
 260                 dir = pbuf + 4;
 261                 gid_str = os_strstr(dir, " GROUP=");
 262                 if (gid_str)
 263                         *gid_str = '\0';
 264         } else
 265                 dir = pbuf;
 266
 267         len = os_strlen(dir) + os_strlen(wpa_s->ifname) + 2;
 268         buf = os_malloc(len);
 269         if (buf == NULL) {
 270                 os_free(pbuf);
 271                 return NULL;
 272         }
 273
 274         res = os_snprintf(buf, len, "%s/%s", dir, wpa_s->ifname);
 275         if (res < 0 || (size_t) res >= len) {
 276                 os_free(pbuf);
 277                 os_free(buf);
 278                 return NULL;
 279         }
 280 #ifdef __CYGWIN__
 281         {
 282                 /* Windows/WinPcap uses interface names that are not suitable
 283                  * as a file name - convert invalid chars to underscores */
 284                 char *pos = buf;
 285                 while (*pos) {
 286                         if (*pos == '\\')
 287                                 *pos = '_';
 288                         pos++;
 289                 }
 290         }
 291 #endif /* __CYGWIN__ */
 292         os_free(pbuf);
 293         return buf;
 294 }
 295
 296
 297 static void wpa_supplicant_ctrl_iface_msg_cb(void *ctx, int level, int global,
 298                                              const char *txt, size_t len)
 299 {
 300         struct wpa_supplicant *wpa_s = ctx;
 301
 302         if (wpa_s == NULL)
 303                 return;
 304
 305         if (global != 2 && wpa_s->global->ctrl_iface) {
 306                 struct ctrl_iface_global_priv *priv = wpa_s->global->ctrl_iface;
 307                 if (!dl_list_empty(&priv->ctrl_dst)) {
 308                         wpa_supplicant_ctrl_iface_send(wpa_s, global ? NULL :
 309                                                        wpa_s->ifname,
 310                                                        priv->sock,
 311                                                        &priv->ctrl_dst,
 312                                                        level, txt, len, NULL,
 313                                                        priv);
 314                 }
 315         }
 316
 317         if (wpa_s->ctrl_iface == NULL)
 318                 return;
 319         wpa_supplicant_ctrl_iface_send(wpa_s, NULL, wpa_s->ctrl_iface->sock,
 320                                        &wpa_s->ctrl_iface->ctrl_dst,
 321                                        level, txt, len, wpa_s->ctrl_iface,
 322                                        NULL);
 323 }
 324
 325
 326 static int wpas_ctrl_iface_open_sock(struct wpa_supplicant *wpa_s,
 327                                      struct ctrl_iface_priv *priv)
 328 {
 329         struct sockaddr_un addr;
 330         char *fname = NULL;
 331         gid_t gid = 0;
 332         int gid_set = 0;
 333         char *buf, *dir = NULL, *gid_str = NULL;
 334         struct group *grp;
 335         char *endp;
 336         int flags;
 337
 338         buf = os_strdup(wpa_s->conf->ctrl_interface);
 339         if (buf == NULL)
 340                 goto fail;
 341 #ifdef ANDROID
 342         os_snprintf(addr.sun_path, sizeof(addr.sun_path), "wpa_%s",
 343                     wpa_s->conf->ctrl_interface);
 344         priv->sock = android_get_control_socket(addr.sun_path);
 345         if (priv->sock >= 0) {
 346                 priv->android_control_socket = 1;
 347                 goto havesock;
 348         }
 349 #endif /* ANDROID */
 350         if (os_strncmp(buf, "DIR=", 4) == 0) {
 351                 dir = buf + 4;
 352                 gid_str = os_strstr(dir, " GROUP=");
 353                 if (gid_str) {
 354                         *gid_str = '\0';
 355                         gid_str += 7;
 356                 }
 357         } else {
 358                 dir = buf;
 359                 gid_str = wpa_s->conf->ctrl_interface_group;
 360         }
 361
 362         if (mkdir(dir, S_IRWXU | S_IRWXG) < 0) {
 363                 if (errno == EEXIST) {
 364                         wpa_printf(MSG_DEBUG, "Using existing control "
 365                                    "interface directory.");
 366                 } else {
 367                         wpa_printf(MSG_ERROR, "mkdir[ctrl_interface=%s]: %s",
 368                                    dir, strerror(errno));
 369                         goto fail;
 370                 }
 371         }
 372
 373 #ifdef ANDROID
 374         /*
 375          * wpa_supplicant is started from /init.*.rc on Android and that seems
 376          * to be using umask 0077 which would leave the control interface
 377          * directory without group access. This breaks things since Wi-Fi
 378          * framework assumes that this directory can be accessed by other
 379          * applications in the wifi group. Fix this by adding group access even
 380          * if umask value would prevent this.
 381          */
 382         if (chmod(dir, S_IRWXU | S_IRWXG) < 0) {
 383                 wpa_printf(MSG_ERROR, "CTRL: Could not chmod directory: %s",
 384                            strerror(errno));
 385                 /* Try to continue anyway */
 386         }
 387 #endif /* ANDROID */
 388
 389         if (gid_str) {
 390                 grp = getgrnam(gid_str);
 391                 if (grp) {
 392                         gid = grp->gr_gid;
 393                         gid_set = 1;
 394                         wpa_printf(MSG_DEBUG, "ctrl_interface_group=%d"
 395                                    " (from group name '%s')",
 396                                    (int) gid, gid_str);
 397                 } else {
 398                         /* Group name not found - try to parse this as gid */
 399                         gid = strtol(gid_str, &endp, 10);
 400                         if (*gid_str == '\0' || *endp != '\0') {
 401                                 wpa_printf(MSG_ERROR, "CTRL: Invalid group "
 402                                            "'%s'", gid_str);
 403                                 goto fail;
 404                         }
 405                         gid_set = 1;
 406                         wpa_printf(MSG_DEBUG, "ctrl_interface_group=%d",
 407                                    (int) gid);
 408                 }
 409         }
 410
 411         if (gid_set && chown(dir, -1, gid) < 0) {
 412                 wpa_printf(MSG_ERROR, "chown[ctrl_interface=%s,gid=%d]: %s",
 413                            dir, (int) gid, strerror(errno));
 414                 goto fail;
 415         }
 416
 417         /* Make sure the group can enter and read the directory */
 418         if (gid_set &&
 419             chmod(dir, S_IRUSR | S_IWUSR | S_IXUSR | S_IRGRP | S_IXGRP) < 0) {
 420                 wpa_printf(MSG_ERROR, "CTRL: chmod[ctrl_interface]: %s",
 421                            strerror(errno));
 422                 goto fail;
 423         }
 424
 425         if (os_strlen(dir) + 1 + os_strlen(wpa_s->ifname) >=
 426             sizeof(addr.sun_path)) {
 427                 wpa_printf(MSG_ERROR, "ctrl_iface path limit exceeded");
 428                 goto fail;
 429         }
 430
 431         priv->sock = socket(PF_UNIX, SOCK_DGRAM, 0);
 432         if (priv->sock < 0) {
 433                 wpa_printf(MSG_ERROR, "socket(PF_UNIX): %s", strerror(errno));
 434                 goto fail;
 435         }
 436
 437         os_memset(&addr, 0, sizeof(addr));
 438 #if defined(__FreeBSD__) || defined(__FreeBSD_kernel__)
 439         addr.sun_len = sizeof(addr);
 440 #endif /* __FreeBSD__ */
 441         addr.sun_family = AF_UNIX;
 442         fname = wpa_supplicant_ctrl_iface_path(wpa_s);
 443         if (fname == NULL)
 444                 goto fail;
 445         os_strlcpy(addr.sun_path, fname, sizeof(addr.sun_path));
 446         if (bind(priv->sock, (struct sockaddr *) &addr, sizeof(addr)) < 0) {
 447                 wpa_printf(MSG_DEBUG, "ctrl_iface bind(PF_UNIX) failed: %s",
 448                            strerror(errno));
 449                 if (connect(priv->sock, (struct sockaddr *) &addr,
 450                             sizeof(addr)) < 0) {
 451                         wpa_printf(MSG_DEBUG, "ctrl_iface exists, but does not"
 452                                    " allow connections - assuming it was left"
 453                                    "over from forced program termination");
 454                         if (unlink(fname) < 0) {
 455                                 wpa_printf(MSG_ERROR,
 456                                            "Could not unlink existing ctrl_iface socket '%s': %s",
 457                                            fname, strerror(errno));
 458                                 goto fail;
 459                         }
 460                         if (bind(priv->sock, (struct sockaddr *) &addr,
 461                                  sizeof(addr)) < 0) {
 462                                 wpa_printf(MSG_ERROR, "supp-ctrl-iface-init: bind(PF_UNIX): %s",
 463                                            strerror(errno));
 464                                 goto fail;
 465                         }
 466                         wpa_printf(MSG_DEBUG, "Successfully replaced leftover "
 467                                    "ctrl_iface socket '%s'", fname);
 468                 } else {
 469                         wpa_printf(MSG_INFO, "ctrl_iface exists and seems to "
 470                                    "be in use - cannot override it");
 471                         wpa_printf(MSG_INFO, "Delete '%s' manually if it is "
 472                                    "not used anymore", fname);
 473                         os_free(fname);
 474                         fname = NULL;
 475                         goto fail;
 476                 }
 477         }
 478
 479         if (gid_set && chown(fname, -1, gid) < 0) {
 480                 wpa_printf(MSG_ERROR, "chown[ctrl_interface=%s,gid=%d]: %s",
 481                            fname, (int) gid, strerror(errno));
 482                 goto fail;
 483         }
 484
 485         if (chmod(fname, S_IRWXU | S_IRWXG) < 0) {
 486                 wpa_printf(MSG_ERROR, "chmod[ctrl_interface=%s]: %s",
 487                            fname, strerror(errno));
 488                 goto fail;
 489         }
 490         os_free(fname);
 491
 492 #ifdef ANDROID
 493 havesock:
 494 #endif /* ANDROID */
 495
 496         /*
 497          * Make socket non-blocking so that we don't hang forever if
 498          * target dies unexpectedly.
 499          */
 500         flags = fcntl(priv->sock, F_GETFL);
 501         if (flags >= 0) {
 502                 flags |= O_NONBLOCK;
 503                 if (fcntl(priv->sock, F_SETFL, flags) < 0) {
 504                         wpa_printf(MSG_INFO, "fcntl(ctrl, O_NONBLOCK): %s",
 505                                    strerror(errno));
 506                         /* Not fatal, continue on.*/
 507                 }
 508         }
 509
 510         eloop_register_read_sock(priv->sock, wpa_supplicant_ctrl_iface_receive,
 511                                  wpa_s, priv);
 512         wpa_msg_register_cb(wpa_supplicant_ctrl_iface_msg_cb);
 513
 514         os_free(buf);
 515         return 0;
 516
 517 fail:
 518         if (priv->sock >= 0) {
 519                 close(priv->sock);
 520                 priv->sock = -1;
 521         }
 522         if (fname) {
 523                 unlink(fname);
 524                 os_free(fname);
 525         }
 526         os_free(buf);
 527         return -1;
 528 }
 529
 530
 531 struct ctrl_iface_priv *
 532 wpa_supplicant_ctrl_iface_init(struct wpa_supplicant *wpa_s)
 533 {
 534         struct ctrl_iface_priv *priv;
 535
 536         priv = os_zalloc(sizeof(*priv));
 537         if (priv == NULL)
 538                 return NULL;
 539         dl_list_init(&priv->ctrl_dst);
 540         priv->wpa_s = wpa_s;
 541         priv->sock = -1;
 542
 543         if (wpa_s->conf->ctrl_interface == NULL)
 544                 return priv;
 545
 546         if (wpas_ctrl_iface_open_sock(wpa_s, priv) < 0) {
 547                 os_free(priv);
 548                 return NULL;
 549         }
 550
 551         return priv;
 552 }
 553
 554
 555 static int wpas_ctrl_iface_reinit(struct wpa_supplicant *wpa_s,
 556                                   struct ctrl_iface_priv *priv)
 557 {
 558         int res;
 559
 560         if (priv->sock <= 0)
 561                 return -1;
 562
 563         /*
 564          * On Android, the control socket being used may be the socket
 565          * that is created when wpa_supplicant is started as a /init.*.rc
 566          * service. Such a socket is maintained as a key-value pair in
 567          * Android's environment. Closing this control socket would leave us
 568          * in a bad state with an invalid socket descriptor.
 569          */
 570         if (priv->android_control_socket)
 571                 return priv->sock;
 572
 573         eloop_unregister_read_sock(priv->sock);
 574         close(priv->sock);
 575         priv->sock = -1;
 576         res = wpas_ctrl_iface_open_sock(wpa_s, priv);
 577         if (res < 0)
 578                 return -1;
 579         return priv->sock;
 580 }
 581
 582
 583 void wpa_supplicant_ctrl_iface_deinit(struct ctrl_iface_priv *priv)
 584 {
 585         struct wpa_ctrl_dst *dst, *prev;
 586
 587         if (priv->sock > -1) {
 588                 char *fname;
 589                 char *buf, *dir = NULL;
 590                 eloop_unregister_read_sock(priv->sock);
 591                 if (!dl_list_empty(&priv->ctrl_dst)) {
 592                         /*
 593                          * Wait before closing the control socket if
 594                          * there are any attached monitors in order to allow
 595                          * them to receive any pending messages.
 596                          */
 597                         wpa_printf(MSG_DEBUG, "CTRL_IFACE wait for attached "
 598                                    "monitors to receive messages");
 599                         os_sleep(0, 100000);
 600                 }
 601                 close(priv->sock);
 602                 priv->sock = -1;
 603                 fname = wpa_supplicant_ctrl_iface_path(priv->wpa_s);
 604                 if (fname) {
 605                         unlink(fname);
 606                         os_free(fname);
 607                 }
 608
 609                 if (priv->wpa_s->conf->ctrl_interface == NULL)
 610                         goto free_dst;
 611                 buf = os_strdup(priv->wpa_s->conf->ctrl_interface);
 612                 if (buf == NULL)
 613                         goto free_dst;
 614                 if (os_strncmp(buf, "DIR=", 4) == 0) {
 615                         char *gid_str;
 616                         dir = buf + 4;
 617                         gid_str = os_strstr(dir, " GROUP=");
 618                         if (gid_str)
 619                                 *gid_str = '\0';
 620                 } else
 621                         dir = buf;
 622
 623                 if (rmdir(dir) < 0) {
 624                         if (errno == ENOTEMPTY) {
 625                                 wpa_printf(MSG_DEBUG, "Control interface "
 626                                            "directory not empty - leaving it "
 627                                            "behind");
 628                         } else {
 629                                 wpa_printf(MSG_ERROR,
 630                                            "rmdir[ctrl_interface=%s]: %s",
 631                                            dir, strerror(errno));
 632                         }
 633                 }
 634                 os_free(buf);
 635         }
 636
 637 free_dst:
 638         dl_list_for_each_safe(dst, prev, &priv->ctrl_dst, struct wpa_ctrl_dst,
 639                               list)
 640                 os_free(dst);
 641         os_free(priv);
 642 }
 643
 644
 645 /**
 646  * wpa_supplicant_ctrl_iface_send - Send a control interface packet to monitors
 647  * @ifname: Interface name for global control socket or %NULL
 648  * @sock: Local socket fd
 649  * @ctrl_dst: List of attached listeners
 650  * @level: Priority level of the message
 651  * @buf: Message data
 652  * @len: Message length
 653  *
 654  * Send a packet to all monitor programs attached to the control interface.
 655  */
 656 static void wpa_supplicant_ctrl_iface_send(struct wpa_supplicant *wpa_s,
 657                                            const char *ifname, int sock,
 658                                            struct dl_list *ctrl_dst,
 659                                            int level, const char *buf,
 660                                            size_t len,
 661                                            struct ctrl_iface_priv *priv,
 662                                            struct ctrl_iface_global_priv *gp)
 663 {
 664         struct wpa_ctrl_dst *dst, *next;
 665         char levelstr[10];
 666         int idx, res;
 667         struct msghdr msg;
 668         struct iovec io[5];
 669
 670         if (sock < 0 || dl_list_empty(ctrl_dst))
 671                 return;
 672
 673         res = os_snprintf(levelstr, sizeof(levelstr), "<%d>", level);
 674         if (res < 0 || (size_t) res >= sizeof(levelstr))
 675                 return;
 676         idx = 0;
 677         if (ifname) {
 678                 io[idx].iov_base = "IFNAME=";
 679                 io[idx].iov_len = 7;
 680                 idx++;
 681                 io[idx].iov_base = (char *) ifname;
 682                 io[idx].iov_len = os_strlen(ifname);
 683                 idx++;
 684                 io[idx].iov_base = " ";
 685                 io[idx].iov_len = 1;
 686                 idx++;
 687         }
 688         io[idx].iov_base = levelstr;
 689         io[idx].iov_len = os_strlen(levelstr);
 690         idx++;
 691         io[idx].iov_base = (char *) buf;
 692         io[idx].iov_len = len;
 693         idx++;
 694         os_memset(&msg, 0, sizeof(msg));
 695         msg.msg_iov = io;
 696         msg.msg_iovlen = idx;
 697
 698         dl_list_for_each_safe(dst, next, ctrl_dst, struct wpa_ctrl_dst, list) {
 699                 int _errno;
 700                 char addr_txt[200];
 701
 702                 if (level < dst->debug_level)
 703                         continue;
 704
 705                 printf_encode(addr_txt, sizeof(addr_txt),
 706                               (u8 *) dst->addr.sun_path, dst->addrlen -
 707                               offsetof(struct sockaddr_un, sun_path));
 708                 msg.msg_name = (void *) &dst->addr;
 709                 msg.msg_namelen = dst->addrlen;
 710                 if (sendmsg(sock, &msg, MSG_DONTWAIT) >= 0) {
 711                         wpa_printf(MSG_DEBUG, "CTRL_IFACE monitor sent successfully to %s",
 712                                    addr_txt);
 713                         dst->errors = 0;
 714                         continue;
 715                 }
 716
 717                 _errno = errno;
 718                 wpa_printf(MSG_DEBUG, "CTRL_IFACE monitor[%s]: %d - %s",
 719                            addr_txt, errno, strerror(errno));
 720                 dst->errors++;
 721
 722                 if (dst->errors > 10 || _errno == ENOENT || _errno == EPERM) {
 723                         wpa_printf(MSG_INFO, "CTRL_IFACE: Detach monitor %s that cannot receive messages",
 724                                 addr_txt);
 725                         wpa_supplicant_ctrl_iface_detach(ctrl_dst, &dst->addr,
 726                                                          dst->addrlen);
 727                 }
 728
 729                 if (_errno == ENOBUFS || _errno == EAGAIN) {
 730                         /*
 731                          * The socket send buffer could be full. This may happen
 732                          * if client programs are not receiving their pending
 733                          * messages. Close and reopen the socket as a workaround
 734                          * to avoid getting stuck being unable to send any new
 735                          * responses.
 736                          */
 737                         if (priv)
 738                                 sock = wpas_ctrl_iface_reinit(wpa_s, priv);
 739                         else if (gp)
 740                                 sock = wpas_ctrl_iface_global_reinit(
 741                                         wpa_s->global, gp);
 742                         else
 743                                 break;
 744                         if (sock < 0) {
 745                                 wpa_dbg(wpa_s, MSG_DEBUG,
 746                                         "Failed to reinitialize ctrl_iface socket");
 747                                 break;
 748                         }
 749                 }
 750         }
 751 }
 752
 753
 754 void wpa_supplicant_ctrl_iface_wait(struct ctrl_iface_priv *priv)
 755 {
 756         char buf[256];
 757         int res;
 758         struct sockaddr_un from;
 759         socklen_t fromlen = sizeof(from);
 760
 761         for (;;) {
 762                 wpa_printf(MSG_DEBUG, "CTRL_IFACE - %s - wait for monitor to "
 763                            "attach", priv->wpa_s->ifname);
 764                 eloop_wait_for_read_sock(priv->sock);
 765
 766                 res = recvfrom(priv->sock, buf, sizeof(buf) - 1, 0,
 767                                (struct sockaddr *) &from, &fromlen);
 768                 if (res < 0) {
 769                         wpa_printf(MSG_ERROR, "recvfrom(ctrl_iface): %s",
 770                                    strerror(errno));
 771                         continue;
 772                 }
 773                 buf[res] = '\0';
 774
 775                 if (os_strcmp(buf, "ATTACH") == 0) {
 776                         /* handle ATTACH signal of first monitor interface */
 777                         if (!wpa_supplicant_ctrl_iface_attach(&priv->ctrl_dst,
 778                                                               &from, fromlen)) {
 779                                 if (sendto(priv->sock, "OK\n", 3, 0,
 780                                            (struct sockaddr *) &from, fromlen) <
 781                                     0) {
 782                                         wpa_printf(MSG_DEBUG, "ctrl_iface sendto failed: %s",
 783                                                    strerror(errno));
 784                                 }
 785                                 /* OK to continue */
 786                                 return;
 787                         } else {
 788                                 if (sendto(priv->sock, "FAIL\n", 5, 0,
 789                                            (struct sockaddr *) &from, fromlen) <
 790                                     0) {
 791                                         wpa_printf(MSG_DEBUG, "ctrl_iface sendto failed: %s",
 792                                                    strerror(errno));
 793                                 }
 794                         }
 795                 } else {
 796                         /* return FAIL for all other signals */
 797                         if (sendto(priv->sock, "FAIL\n", 5, 0,
 798                                    (struct sockaddr *) &from, fromlen) < 0) {
 799                                 wpa_printf(MSG_DEBUG,
 800                                            "ctrl_iface sendto failed: %s",
 801                                            strerror(errno));
 802                         }
 803                 }
 804         }
 805 }
 806
 807
 808 /* Global ctrl_iface */
 809
 810 static void wpa_supplicant_global_ctrl_iface_receive(int sock, void *eloop_ctx,
 811                                                      void *sock_ctx)
 812 {
 813         struct wpa_global *global = eloop_ctx;
 814         struct ctrl_iface_global_priv *priv = sock_ctx;
 815         char buf[4096];
 816         int res;
 817         struct sockaddr_un from;
 818         socklen_t fromlen = sizeof(from);
 819         char *reply = NULL, *reply_buf = NULL;
 820         size_t reply_len;
 821
 822         res = recvfrom(sock, buf, sizeof(buf) - 1, 0,
 823                        (struct sockaddr *) &from, &fromlen);
 824         if (res < 0) {
 825                 wpa_printf(MSG_ERROR, "recvfrom(ctrl_iface): %s",
 826                            strerror(errno));
 827                 return;
 828         }
 829         buf[res] = '\0';
 830
 831         if (os_strcmp(buf, "ATTACH") == 0) {
 832                 if (wpa_supplicant_ctrl_iface_attach(&priv->ctrl_dst, &from,
 833                                                      fromlen))
 834                         reply_len = 1;
 835                 else
 836                         reply_len = 2;
 837         } else if (os_strcmp(buf, "DETACH") == 0) {
 838                 if (wpa_supplicant_ctrl_iface_detach(&priv->ctrl_dst, &from,
 839                                                      fromlen))
 840                         reply_len = 1;
 841                 else
 842                         reply_len = 2;
 843         } else {
 844                 reply_buf = wpa_supplicant_global_ctrl_iface_process(
 845                         global, buf, &reply_len);
 846                 reply = reply_buf;
 847         }
 848
 849         if (!reply && reply_len == 1) {
 850                 reply = "FAIL\n";
 851                 reply_len = 5;
 852         } else if (!reply && reply_len == 2) {
 853                 reply = "OK\n";
 854                 reply_len = 3;
 855         }
 856
 857         if (reply) {
 858                 if (sendto(sock, reply, reply_len, 0, (struct sockaddr *) &from,
 859                            fromlen) < 0) {
 860                         wpa_printf(MSG_DEBUG, "ctrl_iface sendto failed: %s",
 861                                 strerror(errno));
 862                 }
 863         }
 864         os_free(reply_buf);
 865 }
 866
 867
 868 static int wpas_global_ctrl_iface_open_sock(struct wpa_global *global,
 869                                             struct ctrl_iface_global_priv *priv)
 870 {
 871         struct sockaddr_un addr;
 872         const char *ctrl = global->params.ctrl_interface;
 873         int flags;
 874
 875         wpa_printf(MSG_DEBUG, "Global control interface '%s'", ctrl);
 876
 877 #ifdef ANDROID
 878         if (os_strncmp(ctrl, "@android:", 9) == 0) {
 879                 priv->sock = android_get_control_socket(ctrl + 9);
 880                 if (priv->sock < 0) {
 881                         wpa_printf(MSG_ERROR, "Failed to open Android control "
 882                                    "socket '%s'", ctrl + 9);
 883                         goto fail;
 884                 }
 885                 wpa_printf(MSG_DEBUG, "Using Android control socket '%s'",
 886                            ctrl + 9);
 887                 priv->android_control_socket = 1;
 888                 goto havesock;
 889         }
 890
 891         if (os_strncmp(ctrl, "@abstract:", 10) != 0) {
 892                 /*
 893                  * Backwards compatibility - try to open an Android control
 894                  * socket and if that fails, assume this was a UNIX domain
 895                  * socket instead.
 896                  */
 897                 priv->sock = android_get_control_socket(ctrl);
 898                 if (priv->sock >= 0) {
 899                         wpa_printf(MSG_DEBUG,
 900                                    "Using Android control socket '%s'",
 901                                    ctrl);
 902                         priv->android_control_socket = 1;
 903                         goto havesock;
 904                 }
 905         }
 906 #endif /* ANDROID */
 907
 908         priv->sock = socket(PF_UNIX, SOCK_DGRAM, 0);
 909         if (priv->sock < 0) {
 910                 wpa_printf(MSG_ERROR, "socket(PF_UNIX): %s", strerror(errno));
 911                 goto fail;
 912         }
 913
 914         os_memset(&addr, 0, sizeof(addr));
 915 #if defined(__FreeBSD__) || defined(__FreeBSD_kernel__)
 916         addr.sun_len = sizeof(addr);
 917 #endif /* __FreeBSD__ */
 918         addr.sun_family = AF_UNIX;
 919
 920         if (os_strncmp(ctrl, "@abstract:", 10) == 0) {
 921                 addr.sun_path[0] = '\0';
 922                 os_strlcpy(addr.sun_path + 1, ctrl + 10,
 923                            sizeof(addr.sun_path) - 1);
 924                 if (bind(priv->sock, (struct sockaddr *) &addr, sizeof(addr)) <
 925                     0) {
 926                         wpa_printf(MSG_ERROR, "supp-global-ctrl-iface-init: "
 927                                    "bind(PF_UNIX;%s) failed: %s",
 928                                    ctrl, strerror(errno));
 929                         goto fail;
 930                 }
 931                 wpa_printf(MSG_DEBUG, "Using Abstract control socket '%s'",
 932                            ctrl + 10);
 933                 goto havesock;
 934         }
 935
 936         os_strlcpy(addr.sun_path, ctrl, sizeof(addr.sun_path));
 937         if (bind(priv->sock, (struct sockaddr *) &addr, sizeof(addr)) < 0) {
 938                 wpa_printf(MSG_INFO, "supp-global-ctrl-iface-init(%s) (will try fixup): bind(PF_UNIX): %s",
 939                            ctrl, strerror(errno));
 940                 if (connect(priv->sock, (struct sockaddr *) &addr,
 941                             sizeof(addr)) < 0) {
 942                         wpa_printf(MSG_DEBUG, "ctrl_iface exists, but does not"
 943                                    " allow connections - assuming it was left"
 944                                    "over from forced program termination");
 945                         if (unlink(ctrl) < 0) {
 946                                 wpa_printf(MSG_ERROR,
 947                                            "Could not unlink existing ctrl_iface socket '%s': %s",
 948                                            ctrl, strerror(errno));
 949                                 goto fail;
 950                         }
 951                         if (bind(priv->sock, (struct sockaddr *) &addr,
 952                                  sizeof(addr)) < 0) {
 953                                 wpa_printf(MSG_ERROR, "supp-glb-iface-init: bind(PF_UNIX;%s): %s",
 954                                            ctrl, strerror(errno));
 955                                 goto fail;
 956                         }
 957                         wpa_printf(MSG_DEBUG, "Successfully replaced leftover "
 958                                    "ctrl_iface socket '%s'",
 959                                    ctrl);
 960                 } else {
 961                         wpa_printf(MSG_INFO, "ctrl_iface exists and seems to "
 962                                    "be in use - cannot override it");
 963                         wpa_printf(MSG_INFO, "Delete '%s' manually if it is "
 964                                    "not used anymore",
 965                                    ctrl);
 966                         goto fail;
 967                 }
 968         }
 969
 970         wpa_printf(MSG_DEBUG, "Using UNIX control socket '%s'", ctrl);
 971
 972         if (global->params.ctrl_interface_group) {
 973                 char *gid_str = global->params.ctrl_interface_group;
 974                 gid_t gid = 0;
 975                 struct group *grp;
 976                 char *endp;
 977
 978                 grp = getgrnam(gid_str);
 979                 if (grp) {
 980                         gid = grp->gr_gid;
 981                         wpa_printf(MSG_DEBUG, "ctrl_interface_group=%d"
 982                                    " (from group name '%s')",
 983                                    (int) gid, gid_str);
 984                 } else {
 985                         /* Group name not found - try to parse this as gid */
 986                         gid = strtol(gid_str, &endp, 10);
 987                         if (*gid_str == '\0' || *endp != '\0') {
 988                                 wpa_printf(MSG_ERROR, "CTRL: Invalid group "
 989                                            "'%s'", gid_str);
 990                                 goto fail;
 991                         }
 992                         wpa_printf(MSG_DEBUG, "ctrl_interface_group=%d",
 993                                    (int) gid);
 994                 }
 995                 if (chown(ctrl, -1, gid) < 0) {
 996                         wpa_printf(MSG_ERROR,
 997                                    "chown[global_ctrl_interface=%s,gid=%d]: %s",
 998                                    ctrl, (int) gid, strerror(errno));
 999                         goto fail;
1000                 }
1001
1002                 if (chmod(ctrl, S_IRWXU | S_IRWXG) < 0) {
1003                         wpa_printf(MSG_ERROR,
1004                                    "chmod[global_ctrl_interface=%s]: %s",
1005                                    ctrl, strerror(errno));
1006                         goto fail;
1007                 }
1008         } else {
1009                 if (chmod(ctrl, S_IRWXU) < 0) {
1010                         wpa_printf(MSG_DEBUG,
1011                                    "chmod[global_ctrl_interface=%s](S_IRWXU): %s",
1012                                    ctrl, strerror(errno));
1013                         /* continue anyway since group change was not required
1014                          */
1015                 }
1016         }
1017
1018 havesock:
1019
1020         /*
1021          * Make socket non-blocking so that we don't hang forever if
1022          * target dies unexpectedly.
1023          */
1024         flags = fcntl(priv->sock, F_GETFL);
1025         if (flags >= 0) {
1026                 flags |= O_NONBLOCK;
1027                 if (fcntl(priv->sock, F_SETFL, flags) < 0) {
1028                         wpa_printf(MSG_INFO, "fcntl(ctrl, O_NONBLOCK): %s",
1029                                    strerror(errno));
1030                         /* Not fatal, continue on.*/
1031                 }
1032         }
1033
1034         eloop_register_read_sock(priv->sock,
1035                                  wpa_supplicant_global_ctrl_iface_receive,
1036                                  global, priv);
1037
1038         return 0;
1039
1040 fail:
1041         if (priv->sock >= 0) {
1042                 close(priv->sock);
1043                 priv->sock = -1;
1044         }
1045         return -1;
1046 }
1047
1048
1049 struct ctrl_iface_global_priv *
1050 wpa_supplicant_global_ctrl_iface_init(struct wpa_global *global)
1051 {
1052         struct ctrl_iface_global_priv *priv;
1053
1054         priv = os_zalloc(sizeof(*priv));
1055         if (priv == NULL)
1056                 return NULL;
1057         dl_list_init(&priv->ctrl_dst);
1058         priv->global = global;
1059         priv->sock = -1;
1060
1061         if (global->params.ctrl_interface == NULL)
1062                 return priv;
1063
1064         if (wpas_global_ctrl_iface_open_sock(global, priv) < 0) {
1065                 os_free(priv);
1066                 return NULL;
1067         }
1068
1069         wpa_msg_register_cb(wpa_supplicant_ctrl_iface_msg_cb);
1070
1071         return priv;
1072 }
1073
1074
1075 static int wpas_ctrl_iface_global_reinit(struct wpa_global *global,
1076                                          struct ctrl_iface_global_priv *priv)
1077 {
1078         int res;
1079
1080         if (priv->sock <= 0)
1081                 return -1;
1082
1083         /*
1084          * On Android, the control socket being used may be the socket
1085          * that is created when wpa_supplicant is started as a /init.*.rc
1086          * service. Such a socket is maintained as a key-value pair in
1087          * Android's environment. Closing this control socket would leave us
1088          * in a bad state with an invalid socket descriptor.
1089          */
1090         if (priv->android_control_socket)
1091                 return priv->sock;
1092
1093         eloop_unregister_read_sock(priv->sock);
1094         close(priv->sock);
1095         priv->sock = -1;
1096         res = wpas_global_ctrl_iface_open_sock(global, priv);
1097         if (res < 0)
1098                 return -1;
1099         return priv->sock;
1100 }
1101
1102
1103 void
1104 wpa_supplicant_global_ctrl_iface_deinit(struct ctrl_iface_global_priv *priv)
1105 {
1106         struct wpa_ctrl_dst *dst, *prev;
1107
1108         if (priv->sock >= 0) {
1109                 eloop_unregister_read_sock(priv->sock);
1110                 close(priv->sock);
1111         }
1112         if (priv->global->params.ctrl_interface)
1113                 unlink(priv->global->params.ctrl_interface);
1114         dl_list_for_each_safe(dst, prev, &priv->ctrl_dst, struct wpa_ctrl_dst,
1115                               list)
1116                 os_free(dst);
1117         os_free(priv);
1118 }