/* * WPA Supplicant / privileged helper program * Copyright (c) 2007-2009, Jouni Malinen <j@w1.fi> * * This software may be distributed under the terms of the BSD license. * See README for more details. */ #include "includes.h" #ifdef __linux__ #include <fcntl.h> #endif /* __linux__ */ #include <sys/un.h> #include <sys/stat.h> #include "common.h" #include "eloop.h" #include "common/version.h" #include "drivers/driver.h" #include "l2_packet/l2_packet.h" #include "common/privsep_commands.h" #include "common/ieee802_11_defs.h" #define WPA_PRIV_MAX_L2 3 struct wpa_priv_interface { struct wpa_priv_interface *next; char *driver_name; char *ifname; char *sock_name; int fd; void *ctx; const struct wpa_driver_ops *driver; void *drv_priv; void *drv_global_priv; struct sockaddr_un drv_addr; socklen_t drv_addr_len; int wpas_registered; struct l2_packet_data *l2[WPA_PRIV_MAX_L2]; struct sockaddr_un l2_addr[WPA_PRIV_MAX_L2]; socklen_t l2_addr_len[WPA_PRIV_MAX_L2]; struct wpa_priv_l2 { struct wpa_priv_interface *parent; int idx; } l2_ctx[WPA_PRIV_MAX_L2]; }; struct wpa_priv_global { struct wpa_priv_interface *interfaces; }; static void wpa_priv_cmd_register(struct wpa_priv_interface *iface, struct sockaddr_un *from, socklen_t fromlen) { int i; if (iface->drv_priv) { wpa_printf(MSG_DEBUG, "Cleaning up forgotten driver instance"); if (iface->driver->deinit) iface->driver->deinit(iface->drv_priv); iface->drv_priv = NULL; if (iface->drv_global_priv) { iface->driver->global_deinit(iface->drv_global_priv); iface->drv_global_priv = NULL; } iface->wpas_registered = 0; } for (i = 0; i < WPA_PRIV_MAX_L2; i++) { if (iface->l2[i]) { wpa_printf(MSG_DEBUG, "Cleaning up forgotten l2_packet instance"); l2_packet_deinit(iface->l2[i]); iface->l2[i] = NULL; } } if (iface->driver->init2) { if (iface->driver->global_init) { iface->drv_global_priv = iface->driver->global_init(iface->ctx); if (!iface->drv_global_priv) { wpa_printf(MSG_INFO, "Failed to initialize driver global context"); return; } } else { iface->drv_global_priv = NULL; } iface->drv_priv = iface->driver->init2(iface, iface->ifname, iface->drv_global_priv); } else if (iface->driver->init) { iface->drv_priv = iface->driver->init(iface, iface->ifname); } else { return; } if (iface->drv_priv == NULL) { wpa_printf(MSG_DEBUG, "Failed to initialize driver wrapper"); return; } wpa_printf(MSG_DEBUG, "Driver wrapper '%s' initialized for interface " "'%s'", iface->driver_name, iface->ifname); os_memcpy(&iface->drv_addr, from, fromlen); iface->drv_addr_len = fromlen; iface->wpas_registered = 1; if (iface->driver->set_param && iface->driver->set_param(iface->drv_priv, NULL) < 0) { wpa_printf(MSG_ERROR, "Driver interface rejected param"); } } static void wpa_priv_cmd_unregister(struct wpa_priv_interface *iface, struct sockaddr_un *from) { if (iface->drv_priv) { if (iface->driver->deinit) iface->driver->deinit(iface->drv_priv); iface->drv_priv = NULL; if (iface->drv_global_priv) { iface->driver->global_deinit(iface->drv_global_priv); iface->drv_global_priv = NULL; } iface->wpas_registered = 0; } } static void wpa_priv_cmd_scan(struct wpa_priv_interface *iface, void *buf, size_t len) { struct wpa_driver_scan_params params; struct privsep_cmd_scan *scan; unsigned int i; int freqs[PRIVSEP_MAX_SCAN_FREQS + 1]; if (iface->drv_priv == NULL) return; if (len < sizeof(*scan)) { wpa_printf(MSG_DEBUG, "Invalid scan request"); return; } scan = buf; os_memset(¶ms, 0, sizeof(params)); if (scan->num_ssids > WPAS_MAX_SCAN_SSIDS) { wpa_printf(MSG_DEBUG, "Invalid scan request (num_ssids)"); return; } params.num_ssids = scan->num_ssids; for (i = 0; i < scan->num_ssids; i++) { params.ssids[i].ssid = scan->ssids[i]; params.ssids[i].ssid_len = scan->ssid_lens[i]; } if (scan->num_freqs > PRIVSEP_MAX_SCAN_FREQS) { wpa_printf(MSG_DEBUG, "Invalid scan request (num_freqs)"); return; } if (scan->num_freqs) { for (i = 0; i < scan->num_freqs; i++) freqs[i] = scan->freqs[i]; freqs[i] = 0; params.freqs = freqs; } if (iface->driver->scan2) iface->driver->scan2(iface->drv_priv, ¶ms); } static void wpa_priv_get_scan_results2(struct wpa_priv_interface *iface, struct sockaddr_un *from, socklen_t fromlen) { struct wpa_scan_results *res; u8 *buf = NULL, *pos, *end; int val; size_t i; if (iface->driver->get_scan_results) res = iface->driver->get_scan_results(iface->drv_priv, NULL); else res = iface->driver->get_scan_results2(iface->drv_priv); if (res == NULL) goto fail; buf = os_malloc(60000); if (buf == NULL) goto fail; pos = buf; end = buf + 60000; val = res->num; os_memcpy(pos, &val, sizeof(int)); pos += sizeof(int); for (i = 0; i < res->num; i++) { struct wpa_scan_res *r = res->res[i]; val = sizeof(*r) + r->ie_len + r->beacon_ie_len; if (end - pos < (int) sizeof(int) + val) break; os_memcpy(pos, &val, sizeof(int)); pos += sizeof(int); os_memcpy(pos, r, val); pos += val; } sendto(iface->fd, buf, pos - buf, 0, (struct sockaddr *) from, fromlen); os_free(buf); wpa_scan_results_free(res); return; fail: os_free(buf); wpa_scan_results_free(res); sendto(iface->fd, "", 0, 0, (struct sockaddr *) from, fromlen); } static void wpa_priv_cmd_get_scan_results(struct wpa_priv_interface *iface, struct sockaddr_un *from, socklen_t fromlen) { if (iface->drv_priv == NULL) return; if (iface->driver->get_scan_results || iface->driver->get_scan_results2) wpa_priv_get_scan_results2(iface, from, fromlen); else sendto(iface->fd, "", 0, 0, (struct sockaddr *) from, fromlen); } static void wpa_priv_cmd_authenticate(struct wpa_priv_interface *iface, void *buf, size_t len) { struct wpa_driver_auth_params params; struct privsep_cmd_authenticate *auth; int res, i; if (iface->drv_priv == NULL || iface->driver->authenticate == NULL) return; if (len < sizeof(*auth)) { wpa_printf(MSG_DEBUG, "Invalid authentication request"); return; } auth = buf; if (sizeof(*auth) + auth->ie_len + auth->auth_data_len > len) { wpa_printf(MSG_DEBUG, "Authentication request overflow"); return; } os_memset(¶ms, 0, sizeof(params)); params.freq = auth->freq; params.bssid = auth->bssid; params.ssid = auth->ssid; if (auth->ssid_len > SSID_MAX_LEN) return; params.ssid_len = auth->ssid_len; params.auth_alg = auth->auth_alg; for (i = 0; i < 4; i++) { if (auth->wep_key_len[i]) { params.wep_key[i] = auth->wep_key[i]; params.wep_key_len[i] = auth->wep_key_len[i]; } } params.wep_tx_keyidx = auth->wep_tx_keyidx; params.local_state_change = auth->local_state_change; params.p2p = auth->p2p; if (auth->ie_len) { params.ie = (u8 *) (auth + 1); params.ie_len = auth->ie_len; } if (auth->auth_data_len) { params.auth_data = ((u8 *) (auth + 1)) + auth->ie_len; params.auth_data_len = auth->auth_data_len; } res = iface->driver->authenticate(iface->drv_priv, ¶ms); wpa_printf(MSG_DEBUG, "drv->authenticate: res=%d", res); } static void wpa_priv_cmd_associate(struct wpa_priv_interface *iface, void *buf, size_t len) { struct wpa_driver_associate_params params; struct privsep_cmd_associate *assoc; u8 *bssid; int res; if (iface->drv_priv == NULL || iface->driver->associate == NULL) return; if (len < sizeof(*assoc)) { wpa_printf(MSG_DEBUG, "Invalid association request"); return; } assoc = buf; if (sizeof(*assoc) + assoc->wpa_ie_len > len) { wpa_printf(MSG_DEBUG, "Association request overflow"); return; } os_memset(¶ms, 0, sizeof(params)); bssid = assoc->bssid; if (bssid[0] | bssid[1] | bssid[2] | bssid[3] | bssid[4] | bssid[5]) params.bssid = bssid; params.ssid = assoc->ssid; if (assoc->ssid_len > SSID_MAX_LEN) return; params.ssid_len = assoc->ssid_len; params.freq.mode = assoc->hwmode; params.freq.freq = assoc->freq; params.freq.channel = assoc->channel; if (assoc->wpa_ie_len) { params.wpa_ie = (u8 *) (assoc + 1); params.wpa_ie_len = assoc->wpa_ie_len; } params.pairwise_suite = assoc->pairwise_suite; params.group_suite = assoc->group_suite; params.key_mgmt_suite = assoc->key_mgmt_suite; params.auth_alg = assoc->auth_alg; params.mode = assoc->mode; res = iface->driver->associate(iface->drv_priv, ¶ms); wpa_printf(MSG_DEBUG, "drv->associate: res=%d", res); } static void wpa_priv_cmd_get_bssid(struct wpa_priv_interface *iface, struct sockaddr_un *from, socklen_t fromlen) { u8 bssid[ETH_ALEN]; if (iface->drv_priv == NULL) goto fail; if (iface->driver->get_bssid == NULL || iface->driver->get_bssid(iface->drv_priv, bssid) < 0) goto fail; sendto(iface->fd, bssid, ETH_ALEN, 0, (struct sockaddr *) from, fromlen); return; fail: sendto(iface->fd, "", 0, 0, (struct sockaddr *) from, fromlen); } static void wpa_priv_cmd_get_ssid(struct wpa_priv_interface *iface, struct sockaddr_un *from, socklen_t fromlen) { u8 ssid[sizeof(int) + SSID_MAX_LEN]; int res; if (iface->drv_priv == NULL) goto fail; if (iface->driver->get_ssid == NULL) goto fail; os_memset(ssid, 0, sizeof(ssid)); res = iface->driver->get_ssid(iface->drv_priv, &ssid[sizeof(int)]); if (res < 0 || res > SSID_MAX_LEN) goto fail; os_memcpy(ssid, &res, sizeof(int)); sendto(iface->fd, ssid, sizeof(ssid), 0, (struct sockaddr *) from, fromlen); return; fail: sendto(iface->fd, "", 0, 0, (struct sockaddr *) from, fromlen); } static void wpa_priv_cmd_set_key(struct wpa_priv_interface *iface, void *buf, size_t len) { struct privsep_cmd_set_key *params; int res; struct wpa_driver_set_key_params p; if (iface->drv_priv == NULL || iface->driver->set_key == NULL) return; if (len != sizeof(*params)) { wpa_printf(MSG_DEBUG, "Invalid set_key request"); return; } params = buf; os_memset(&p, 0, sizeof(p)); p.ifname = iface->ifname; p.alg = params->alg; p.addr = params->addr; p.key_idx = params->key_idx; p.set_tx = params->set_tx; p.seq = params->seq_len ? params->seq : NULL; p.seq_len = params->seq_len; p.key = params->key_len ? params->key : NULL; p.key_len = params->key_len; p.key_flag = params->key_flag; p.link_id = -1; res = iface->driver->set_key(iface->drv_priv, &p); wpa_printf(MSG_DEBUG, "drv->set_key: res=%d", res); } static void wpa_priv_cmd_get_capa(struct wpa_priv_interface *iface, struct sockaddr_un *from, socklen_t fromlen) { struct wpa_driver_capa capa; if (iface->drv_priv == NULL) goto fail; if (iface->driver->get_capa == NULL || iface->driver->get_capa(iface->drv_priv, &capa) < 0) goto fail; /* For now, no support for passing extended_capa pointers */ capa.extended_capa = NULL; capa.extended_capa_mask = NULL; capa.extended_capa_len = 0; sendto(iface->fd, &capa, sizeof(capa), 0, (struct sockaddr *) from, fromlen); return; fail: sendto(iface->fd, "", 0, 0, (struct sockaddr *) from, fromlen); } static void wpa_priv_l2_rx(void *ctx, const u8 *src_addr, const u8 *buf, size_t len) { struct wpa_priv_l2 *l2_ctx = ctx; struct wpa_priv_interface *iface = l2_ctx->parent; struct msghdr msg; struct iovec io[2]; io[0].iov_base = (u8 *) src_addr; io[0].iov_len = ETH_ALEN; io[1].iov_base = (u8 *) buf; io[1].iov_len = len; os_memset(&msg, 0, sizeof(msg)); msg.msg_iov = io; msg.msg_iovlen = 2; msg.msg_name = &iface->l2_addr[l2_ctx->idx]; msg.msg_namelen = iface->l2_addr_len[l2_ctx->idx]; if (sendmsg(iface->fd, &msg, 0) < 0) { wpa_printf(MSG_ERROR, "sendmsg(l2 rx): %s", strerror(errno)); } } static int wpa_priv_allowed_l2_proto(u16 proto) { return proto == ETH_P_EAPOL || proto == ETH_P_RSN_PREAUTH || proto == ETH_P_80211_ENCAP; } static void wpa_priv_cmd_l2_register(struct wpa_priv_interface *iface, struct sockaddr_un *from, socklen_t fromlen, void *buf, size_t len) { int *reg_cmd = buf; u8 own_addr[ETH_ALEN]; int res; u16 proto; int idx; if (len != 2 * sizeof(int)) { wpa_printf(MSG_DEBUG, "Invalid l2_register length %lu", (unsigned long) len); return; } proto = reg_cmd[0]; if (!wpa_priv_allowed_l2_proto(proto)) { wpa_printf(MSG_DEBUG, "Refused l2_packet connection for " "ethertype 0x%x", proto); return; } for (idx = 0; idx < WPA_PRIV_MAX_L2; idx++) { if (!iface->l2[idx]) break; } if (idx == WPA_PRIV_MAX_L2) { wpa_printf(MSG_DEBUG, "No free l2_packet connection found"); return; } os_memcpy(&iface->l2_addr[idx], from, fromlen); iface->l2_addr_len[idx] = fromlen; iface->l2_ctx[idx].idx = idx; iface->l2_ctx[idx].parent = iface; iface->l2[idx] = l2_packet_init(iface->ifname, NULL, proto, wpa_priv_l2_rx, &iface->l2_ctx[idx], reg_cmd[1]); if (!iface->l2[idx]) { wpa_printf(MSG_DEBUG, "Failed to initialize l2_packet " "instance for protocol %d", proto); return; } if (l2_packet_get_own_addr(iface->l2[idx], own_addr) < 0) { wpa_printf(MSG_DEBUG, "Failed to get own address from " "l2_packet"); l2_packet_deinit(iface->l2[idx]); iface->l2[idx] = NULL; return; } res = sendto(iface->fd, own_addr, ETH_ALEN, 0, (struct sockaddr *) from, fromlen); wpa_printf(MSG_DEBUG, "L2 registration[idx=%d]: res=%d", idx, res); } static void wpa_priv_cmd_l2_unregister(struct wpa_priv_interface *iface, struct sockaddr_un *from, socklen_t fromlen) { int idx; for (idx = 0; idx < WPA_PRIV_MAX_L2; idx++) { if (iface->l2_addr_len[idx] == fromlen && os_memcmp(&iface->l2_addr[idx], from, fromlen) == 0) break; } if (idx == WPA_PRIV_MAX_L2) { wpa_printf(MSG_DEBUG, "No registered l2_packet socket found for unregister request"); return; } if (iface->l2[idx]) { l2_packet_deinit(iface->l2[idx]); iface->l2[idx] = NULL; } } static void wpa_priv_cmd_l2_notify_auth_start(struct wpa_priv_interface *iface, struct sockaddr_un *from) { int idx; for (idx = 0; idx < WPA_PRIV_MAX_L2; idx++) { if (iface->l2[idx]) l2_packet_notify_auth_start(iface->l2[idx]); } } static void wpa_priv_cmd_l2_send(struct wpa_priv_interface *iface, struct sockaddr_un *from, socklen_t fromlen, void *buf, size_t len) { u8 *dst_addr; u16 proto; int res; int idx; for (idx = 0; idx < WPA_PRIV_MAX_L2; idx++) { if (iface->l2_addr_len[idx] == fromlen && os_memcmp(&iface->l2_addr[idx], from, fromlen) == 0) break; } if (idx == WPA_PRIV_MAX_L2) { wpa_printf(MSG_DEBUG, "No registered l2_packet socket found for send request"); return; } if (iface->l2[idx] == NULL) return; if (len < ETH_ALEN + 2) { wpa_printf(MSG_DEBUG, "Too short L2 send packet (len=%lu)", (unsigned long) len); return; } dst_addr = buf; os_memcpy(&proto, (char *) buf + ETH_ALEN, 2); if (!wpa_priv_allowed_l2_proto(proto)) { wpa_printf(MSG_DEBUG, "Refused l2_packet send for ethertype " "0x%x", proto); return; } res = l2_packet_send(iface->l2[idx], dst_addr, proto, (unsigned char *) buf + ETH_ALEN + 2, len - ETH_ALEN - 2); wpa_printf(MSG_DEBUG, "L2 send[idx=%d]: res=%d", idx, res); } static void wpa_priv_cmd_set_country(struct wpa_priv_interface *iface, char *buf) { if (iface->drv_priv == NULL || iface->driver->set_country == NULL || *buf == '\0') return; iface->driver->set_country(iface->drv_priv, buf); } static void wpa_priv_receive(int sock, void *eloop_ctx, void *sock_ctx) { struct wpa_priv_interface *iface = eloop_ctx; char buf[2000], *pos; void *cmd_buf; size_t cmd_len; int res, cmd; struct sockaddr_un from; socklen_t fromlen = sizeof(from); res = recvfrom(sock, buf, sizeof(buf), 0, (struct sockaddr *) &from, &fromlen); if (res < 0) { wpa_printf(MSG_ERROR, "recvfrom: %s", strerror(errno)); return; } if (res < (int) sizeof(int)) { wpa_printf(MSG_DEBUG, "Too short command (len=%d)", res); return; } os_memcpy(&cmd, buf, sizeof(int)); wpa_printf(MSG_DEBUG, "Command %d for interface %s", cmd, iface->ifname); cmd_buf = &buf[sizeof(int)]; cmd_len = res - sizeof(int); switch (cmd) { case PRIVSEP_CMD_REGISTER: wpa_priv_cmd_register(iface, &from, fromlen); break; case PRIVSEP_CMD_UNREGISTER: wpa_priv_cmd_unregister(iface, &from); break; case PRIVSEP_CMD_SCAN: wpa_priv_cmd_scan(iface, cmd_buf, cmd_len); break; case PRIVSEP_CMD_GET_SCAN_RESULTS: wpa_priv_cmd_get_scan_results(iface, &from, fromlen); break; case PRIVSEP_CMD_ASSOCIATE: wpa_priv_cmd_associate(iface, cmd_buf, cmd_len); break; case PRIVSEP_CMD_GET_BSSID: wpa_priv_cmd_get_bssid(iface, &from, fromlen); break; case PRIVSEP_CMD_GET_SSID: wpa_priv_cmd_get_ssid(iface, &from, fromlen); break; case PRIVSEP_CMD_SET_KEY: wpa_priv_cmd_set_key(iface, cmd_buf, cmd_len); break; case PRIVSEP_CMD_GET_CAPA: wpa_priv_cmd_get_capa(iface, &from, fromlen); break; case PRIVSEP_CMD_L2_REGISTER: wpa_priv_cmd_l2_register(iface, &from, fromlen, cmd_buf, cmd_len); break; case PRIVSEP_CMD_L2_UNREGISTER: wpa_priv_cmd_l2_unregister(iface, &from, fromlen); break; case PRIVSEP_CMD_L2_NOTIFY_AUTH_START: wpa_priv_cmd_l2_notify_auth_start(iface, &from); break; case PRIVSEP_CMD_L2_SEND: wpa_priv_cmd_l2_send(iface, &from, fromlen, cmd_buf, cmd_len); break; case PRIVSEP_CMD_SET_COUNTRY: pos = cmd_buf; if (pos + cmd_len >= buf + sizeof(buf)) break; pos[cmd_len] = '\0'; wpa_priv_cmd_set_country(iface, pos); break; case PRIVSEP_CMD_AUTHENTICATE: wpa_priv_cmd_authenticate(iface, cmd_buf, cmd_len); break; } } static void wpa_priv_interface_deinit(struct wpa_priv_interface *iface) { int i; if (iface->drv_priv) { if (iface->driver->deinit) iface->driver->deinit(iface->drv_priv); if (iface->drv_global_priv) iface->driver->global_deinit(iface->drv_global_priv); } if (iface->fd >= 0) { eloop_unregister_read_sock(iface->fd); close(iface->fd); unlink(iface->sock_name); } for (i = 0; i < WPA_PRIV_MAX_L2; i++) { if (iface->l2[i]) l2_packet_deinit(iface->l2[i]); } os_free(iface->ifname); os_free(iface->driver_name); os_free(iface->sock_name); os_free(iface); } static struct wpa_priv_interface * wpa_priv_interface_init(void *ctx, const char *dir, const char *params) { struct wpa_priv_interface *iface; char *pos; size_t len; struct sockaddr_un addr; int i; pos = os_strchr(params, ':'); if (pos == NULL) return NULL; iface = os_zalloc(sizeof(*iface)); if (iface == NULL) return NULL; iface->fd = -1; iface->ctx = ctx; len = pos - params; iface->driver_name = dup_binstr(params, len); if (iface->driver_name == NULL) { wpa_priv_interface_deinit(iface); return NULL; } for (i = 0; wpa_drivers[i]; i++) { if (os_strcmp(iface->driver_name, wpa_drivers[i]->name) == 0) { iface->driver = wpa_drivers[i]; break; } } if (iface->driver == NULL) { wpa_printf(MSG_ERROR, "Unsupported driver '%s'", iface->driver_name); wpa_priv_interface_deinit(iface); return NULL; } pos++; iface->ifname = os_strdup(pos); if (iface->ifname == NULL) { wpa_priv_interface_deinit(iface); return NULL; } len = os_strlen(dir) + 1 + os_strlen(iface->ifname); iface->sock_name = os_malloc(len + 1); if (iface->sock_name == NULL) { wpa_priv_interface_deinit(iface); return NULL; } os_snprintf(iface->sock_name, len + 1, "%s/%s", dir, iface->ifname); if (os_strlen(iface->sock_name) >= sizeof(addr.sun_path)) { wpa_priv_interface_deinit(iface); return NULL; } iface->fd = socket(PF_UNIX, SOCK_DGRAM, 0); if (iface->fd < 0) { wpa_printf(MSG_ERROR, "socket(PF_UNIX): %s", strerror(errno)); wpa_priv_interface_deinit(iface); return NULL; } os_memset(&addr, 0, sizeof(addr)); addr.sun_family = AF_UNIX; os_strlcpy(addr.sun_path, iface->sock_name, sizeof(addr.sun_path)); if (bind(iface->fd, (struct sockaddr *) &addr, sizeof(addr)) < 0) { wpa_printf(MSG_DEBUG, "bind(PF_UNIX) failed: %s", strerror(errno)); if (connect(iface->fd, (struct sockaddr *) &addr, sizeof(addr)) < 0) { wpa_printf(MSG_DEBUG, "Socket exists, but does not " "allow connections - assuming it was " "leftover from forced program termination"); if (unlink(iface->sock_name) < 0) { wpa_printf(MSG_ERROR, "Could not unlink existing ctrl_iface socket '%s': %s", iface->sock_name, strerror(errno)); goto fail; } if (bind(iface->fd, (struct sockaddr *) &addr, sizeof(addr)) < 0) { wpa_printf(MSG_ERROR, "wpa-priv-iface-init: bind(PF_UNIX): %s", strerror(errno)); goto fail; } wpa_printf(MSG_DEBUG, "Successfully replaced leftover " "socket '%s'", iface->sock_name); } else { wpa_printf(MSG_INFO, "Socket exists and seems to be " "in use - cannot override it"); wpa_printf(MSG_INFO, "Delete '%s' manually if it is " "not used anymore", iface->sock_name); goto fail; } } if (chmod(iface->sock_name, S_IRWXU | S_IRWXG | S_IRWXO) < 0) { wpa_printf(MSG_ERROR, "chmod: %s", strerror(errno)); goto fail; } eloop_register_read_sock(iface->fd, wpa_priv_receive, iface, NULL); return iface; fail: wpa_priv_interface_deinit(iface); return NULL; } static int wpa_priv_send_event(struct wpa_priv_interface *iface, int event, const void *data, size_t data_len) { struct msghdr msg; struct iovec io[2]; io[0].iov_base = &event; io[0].iov_len = sizeof(event); io[1].iov_base = (u8 *) data; io[1].iov_len = data_len; os_memset(&msg, 0, sizeof(msg)); msg.msg_iov = io; msg.msg_iovlen = data ? 2 : 1; msg.msg_name = &iface->drv_addr; msg.msg_namelen = iface->drv_addr_len; if (sendmsg(iface->fd, &msg, 0) < 0) { wpa_printf(MSG_ERROR, "sendmsg(wpas_socket): %s", strerror(errno)); return -1; } return 0; } static void wpa_priv_send_auth(struct wpa_priv_interface *iface, union wpa_event_data *data) { size_t buflen = sizeof(struct privsep_event_auth) + data->auth.ies_len; struct privsep_event_auth *auth; u8 *buf, *pos; buf = os_zalloc(buflen); if (buf == NULL) return; auth = (struct privsep_event_auth *) buf; pos = (u8 *) (auth + 1); os_memcpy(auth->peer, data->auth.peer, ETH_ALEN); os_memcpy(auth->bssid, data->auth.bssid, ETH_ALEN); auth->auth_type = data->auth.auth_type; auth->auth_transaction = data->auth.auth_transaction; auth->status_code = data->auth.status_code; if (data->auth.ies) { os_memcpy(pos, data->auth.ies, data->auth.ies_len); auth->ies_len = data->auth.ies_len; } wpa_priv_send_event(iface, PRIVSEP_EVENT_AUTH, buf, buflen); os_free(buf); } static void wpa_priv_send_assoc(struct wpa_priv_interface *iface, int event, union wpa_event_data *data) { size_t buflen = 3 * sizeof(int); u8 *buf, *pos; int len; if (data) { buflen += data->assoc_info.req_ies_len + data->assoc_info.resp_ies_len + data->assoc_info.beacon_ies_len; } buf = os_malloc(buflen); if (buf == NULL) return; pos = buf; if (data && data->assoc_info.req_ies) { len = data->assoc_info.req_ies_len; os_memcpy(pos, &len, sizeof(int)); pos += sizeof(int); os_memcpy(pos, data->assoc_info.req_ies, len); pos += len; } else { len = 0; os_memcpy(pos, &len, sizeof(int)); pos += sizeof(int); } if (data && data->assoc_info.resp_ies) { len = data->assoc_info.resp_ies_len; os_memcpy(pos, &len, sizeof(int)); pos += sizeof(int); os_memcpy(pos, data->assoc_info.resp_ies, len); pos += len; } else { len = 0; os_memcpy(pos, &len, sizeof(int)); pos += sizeof(int); } if (data && data->assoc_info.beacon_ies) { len = data->assoc_info.beacon_ies_len; os_memcpy(pos, &len, sizeof(int)); pos += sizeof(int); os_memcpy(pos, data->assoc_info.beacon_ies, len); pos += len; } else { len = 0; os_memcpy(pos, &len, sizeof(int)); pos += sizeof(int); } wpa_priv_send_event(iface, event, buf, buflen); os_free(buf); } static void wpa_priv_send_interface_status(struct wpa_priv_interface *iface, union wpa_event_data *data) { int ievent; size_t len, maxlen; u8 *buf; char *ifname; if (data == NULL) return; ievent = data->interface_status.ievent; maxlen = sizeof(data->interface_status.ifname); ifname = data->interface_status.ifname; for (len = 0; len < maxlen && ifname[len]; len++) ; buf = os_malloc(sizeof(int) + len); if (buf == NULL) return; os_memcpy(buf, &ievent, sizeof(int)); os_memcpy(buf + sizeof(int), ifname, len); wpa_priv_send_event(iface, PRIVSEP_EVENT_INTERFACE_STATUS, buf, sizeof(int) + len); os_free(buf); } static void wpa_priv_send_ft_response(struct wpa_priv_interface *iface, union wpa_event_data *data) { size_t len; u8 *buf, *pos; if (data == NULL || data->ft_ies.ies == NULL) return; len = sizeof(int) + ETH_ALEN + data->ft_ies.ies_len; buf = os_malloc(len); if (buf == NULL) return; pos = buf; os_memcpy(pos, &data->ft_ies.ft_action, sizeof(int)); pos += sizeof(int); os_memcpy(pos, data->ft_ies.target_ap, ETH_ALEN); pos += ETH_ALEN; os_memcpy(pos, data->ft_ies.ies, data->ft_ies.ies_len); wpa_priv_send_event(iface, PRIVSEP_EVENT_FT_RESPONSE, buf, len); os_free(buf); } void wpa_supplicant_event(void *ctx, enum wpa_event_type event, union wpa_event_data *data) { struct wpa_priv_interface *iface = ctx; wpa_printf(MSG_DEBUG, "%s - event=%d", __func__, event); if (!iface->wpas_registered) { wpa_printf(MSG_DEBUG, "Driver event received, but " "wpa_supplicant not registered"); return; } switch (event) { case EVENT_ASSOC: wpa_priv_send_assoc(iface, PRIVSEP_EVENT_ASSOC, data); break; case EVENT_DISASSOC: wpa_priv_send_event(iface, PRIVSEP_EVENT_DISASSOC, NULL, 0); break; case EVENT_ASSOCINFO: if (data == NULL) return; wpa_priv_send_assoc(iface, PRIVSEP_EVENT_ASSOCINFO, data); break; case EVENT_MICHAEL_MIC_FAILURE: if (data == NULL) return; wpa_priv_send_event(iface, PRIVSEP_EVENT_MICHAEL_MIC_FAILURE, &data->michael_mic_failure.unicast, sizeof(int)); break; case EVENT_SCAN_STARTED: wpa_priv_send_event(iface, PRIVSEP_EVENT_SCAN_STARTED, NULL, 0); break; case EVENT_SCAN_RESULTS: wpa_priv_send_event(iface, PRIVSEP_EVENT_SCAN_RESULTS, NULL, 0); break; case EVENT_INTERFACE_STATUS: wpa_priv_send_interface_status(iface, data); break; case EVENT_PMKID_CANDIDATE: if (data == NULL) return; wpa_priv_send_event(iface, PRIVSEP_EVENT_PMKID_CANDIDATE, &data->pmkid_candidate, sizeof(struct pmkid_candidate)); break; case EVENT_FT_RESPONSE: wpa_priv_send_ft_response(iface, data); break; case EVENT_AUTH: wpa_priv_send_auth(iface, data); break; default: wpa_printf(MSG_DEBUG, "Unsupported driver event %d (%s) - TODO", event, event_to_string(event)); break; } } void wpa_supplicant_event_global(void *ctx, enum wpa_event_type event, union wpa_event_data *data) { struct wpa_priv_global *global = ctx; struct wpa_priv_interface *iface; if (event != EVENT_INTERFACE_STATUS) return; for (iface = global->interfaces; iface; iface = iface->next) { if (os_strcmp(iface->ifname, data->interface_status.ifname) == 0) break; } if (iface && iface->driver->get_ifindex) { unsigned int ifindex; ifindex = iface->driver->get_ifindex(iface->drv_priv); if (ifindex != data->interface_status.ifindex) { wpa_printf(MSG_DEBUG, "%s: interface status ifindex %d mismatch (%d)", iface->ifname, ifindex, data->interface_status.ifindex); return; } } if (iface) wpa_supplicant_event(iface, event, data); } void wpa_supplicant_rx_eapol(void *ctx, const u8 *src_addr, const u8 *buf, size_t len, enum frame_encryption encrypted) { struct wpa_priv_interface *iface = ctx; struct msghdr msg; struct iovec io[3]; int event = PRIVSEP_EVENT_RX_EAPOL; wpa_printf(MSG_DEBUG, "RX EAPOL from driver"); io[0].iov_base = &event; io[0].iov_len = sizeof(event); io[1].iov_base = (u8 *) src_addr; io[1].iov_len = ETH_ALEN; io[2].iov_base = (u8 *) buf; io[2].iov_len = len; os_memset(&msg, 0, sizeof(msg)); msg.msg_iov = io; msg.msg_iovlen = 3; msg.msg_name = &iface->drv_addr; msg.msg_namelen = iface->drv_addr_len; if (sendmsg(iface->fd, &msg, 0) < 0) wpa_printf(MSG_ERROR, "sendmsg(wpas_socket): %s", strerror(errno)); } static void wpa_priv_terminate(int sig, void *signal_ctx) { wpa_printf(MSG_DEBUG, "wpa_priv termination requested"); eloop_terminate(); } static void wpa_priv_fd_workaround(void) { #ifdef __linux__ int s, i; /* When started from pcmcia-cs scripts, wpa_supplicant might start with * fd 0, 1, and 2 closed. This will cause some issues because many * places in wpa_supplicant are still printing out to stdout. As a * workaround, make sure that fd's 0, 1, and 2 are not used for other * sockets. */ for (i = 0; i < 3; i++) { s = open("/dev/null", O_RDWR); if (s > 2) { close(s); break; } } #endif /* __linux__ */ } static void usage(void) { printf("wpa_priv v%s\n" "Copyright (c) 2007-2017, Jouni Malinen <j@w1.fi> and " "contributors\n" "\n" "usage:\n" " wpa_priv [-Bdd] [-c<ctrl dir>] [-P<pid file>] " "<driver:ifname> \\\n" " [driver:ifname ...]\n", VERSION_STR); } int main(int argc, char *argv[]) { int c, i; int ret = -1; char *pid_file = NULL; int daemonize = 0; char *ctrl_dir = "/var/run/wpa_priv"; struct wpa_priv_global global; struct wpa_priv_interface *iface; if (os_program_init()) return -1; wpa_priv_fd_workaround(); os_memset(&global, 0, sizeof(global)); global.interfaces = NULL; for (;;) { c = getopt(argc, argv, "Bc:dP:"); if (c < 0) break; switch (c) { case 'B': daemonize++; break; case 'c': ctrl_dir = optarg; break; case 'd': wpa_debug_level--; break; case 'P': pid_file = os_rel2abs_path(optarg); break; default: usage(); goto out2; } } if (optind >= argc) { usage(); goto out2; } wpa_printf(MSG_DEBUG, "wpa_priv control directory: '%s'", ctrl_dir); if (eloop_init()) { wpa_printf(MSG_ERROR, "Failed to initialize event loop"); goto out2; } for (i = optind; i < argc; i++) { wpa_printf(MSG_DEBUG, "Adding driver:interface %s", argv[i]); iface = wpa_priv_interface_init(&global, ctrl_dir, argv[i]); if (iface == NULL) goto out; iface->next = global.interfaces; global.interfaces = iface; } if (daemonize && os_daemonize(pid_file) && eloop_sock_requeue()) goto out; eloop_register_signal_terminate(wpa_priv_terminate, NULL); eloop_run(); ret = 0; out: iface = global.interfaces; while (iface) { struct wpa_priv_interface *prev = iface; iface = iface->next; wpa_priv_interface_deinit(prev); } eloop_destroy(); out2: if (daemonize) os_daemonize_terminate(pid_file); os_free(pid_file); os_program_deinit(); return ret; }