robin.thoni
/
hostapd-rtl8188
Watch 1
Star 0
Fork 0
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
2 Commits
1 Branch
Tree: e79cbd9348
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'e79cbd9348'
${ noResults }
hostapd-rtl8188/wpa_supplicant/ctrl_iface_udp.c

ctrl_iface_udp.c 13KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561 
  1. /*

  2.  * WPA Supplicant / UDP socket -based control interface

  3.  * Copyright (c) 2004-2005, Jouni Malinen <j@w1.fi>

  4.  *

  5.  * This program is free software; you can redistribute it and/or modify

  6.  * it under the terms of the GNU General Public License version 2 as

  7.  * published by the Free Software Foundation.

  8.  *

  9.  * Alternatively, this software may be distributed under the terms of BSD

  10.  * license.

  11.  *

  12.  * See README and COPYING for more details.

  13.  */

  14. 

  15. #include "includes.h"

  16. 

  17. #include "common.h"

  18. #include "eloop.h"

  19. #include "config.h"

  20. #include "eapol_supp/eapol_supp_sm.h"

  21. #include "wpa_supplicant_i.h"

  22. #include "ctrl_iface.h"

  23. #include "common/wpa_ctrl.h"

  24. 

  25. 

  26. #define COOKIE_LEN 8

  27. 

  28. /* Per-interface ctrl_iface */

  29. 

  30. /**

  31.  * struct wpa_ctrl_dst - Internal data structure of control interface monitors

  32.  *

  33.  * This structure is used to store information about registered control

  34.  * interface monitors into struct wpa_supplicant. This data is private to

  35.  * ctrl_iface_udp.c and should not be touched directly from other files.

  36.  */

  37. struct wpa_ctrl_dst {

  38. 	struct wpa_ctrl_dst *next;

  39. 	struct sockaddr_in addr;

  40. 	socklen_t addrlen;

  41. 	int debug_level;

  42. 	int errors;

  43. };

  44. 

  45. 

  46. struct ctrl_iface_priv {

  47. 	struct wpa_supplicant *wpa_s;

  48. 	int sock;

  49. 	struct wpa_ctrl_dst *ctrl_dst;

  50. 	u8 cookie[COOKIE_LEN];

  51. };

  52. 

  53. 

  54. static void wpa_supplicant_ctrl_iface_send(struct ctrl_iface_priv *priv,

  55. 					   int level, const char *buf,

  56. 					   size_t len);

  57. 

  58. 

  59. static int wpa_supplicant_ctrl_iface_attach(struct ctrl_iface_priv *priv,

  60. 					    struct sockaddr_in *from,

  61. 					    socklen_t fromlen)

  62. {

  63. 	struct wpa_ctrl_dst *dst;

  64. 

  65. 	dst = os_zalloc(sizeof(*dst));

  66. 	if (dst == NULL)

  67. 		return -1;

  68. 	os_memcpy(&dst->addr, from, sizeof(struct sockaddr_in));

  69. 	dst->addrlen = fromlen;

  70. 	dst->debug_level = MSG_INFO;

  71. 	dst->next = priv->ctrl_dst;

  72. 	priv->ctrl_dst = dst;

  73. 	wpa_printf(MSG_DEBUG, "CTRL_IFACE monitor attached %s:%d",

  74. 		   inet_ntoa(from->sin_addr), ntohs(from->sin_port));

  75. 	return 0;

  76. }

  77. 

  78. 

  79. static int wpa_supplicant_ctrl_iface_detach(struct ctrl_iface_priv *priv,

  80. 					    struct sockaddr_in *from,

  81. 					    socklen_t fromlen)

  82. {

  83. 	struct wpa_ctrl_dst *dst, *prev = NULL;

  84. 

  85. 	dst = priv->ctrl_dst;

  86. 	while (dst) {

  87. 		if (from->sin_addr.s_addr == dst->addr.sin_addr.s_addr &&

  88. 		    from->sin_port == dst->addr.sin_port) {

  89. 			if (prev == NULL)

  90. 				priv->ctrl_dst = dst->next;

  91. 			else

  92. 				prev->next = dst->next;

  93. 			os_free(dst);

  94. 			wpa_printf(MSG_DEBUG, "CTRL_IFACE monitor detached "

  95. 				   "%s:%d", inet_ntoa(from->sin_addr),

  96. 				   ntohs(from->sin_port));

  97. 			return 0;

  98. 		}

  99. 		prev = dst;

  100. 		dst = dst->next;

  101. 	}

  102. 	return -1;

  103. }

  104. 

  105. 

  106. static int wpa_supplicant_ctrl_iface_level(struct ctrl_iface_priv *priv,

  107. 					   struct sockaddr_in *from,

  108. 					   socklen_t fromlen,

  109. 					   char *level)

  110. {

  111. 	struct wpa_ctrl_dst *dst;

  112. 

  113. 	wpa_printf(MSG_DEBUG, "CTRL_IFACE LEVEL %s", level);

  114. 

  115. 	dst = priv->ctrl_dst;

  116. 	while (dst) {

  117. 		if (from->sin_addr.s_addr == dst->addr.sin_addr.s_addr &&

  118. 		    from->sin_port == dst->addr.sin_port) {

  119. 			wpa_printf(MSG_DEBUG, "CTRL_IFACE changed monitor "

  120. 				   "level %s:%d", inet_ntoa(from->sin_addr),

  121. 				   ntohs(from->sin_port));

  122. 			dst->debug_level = atoi(level);

  123. 			return 0;

  124. 		}

  125. 		dst = dst->next;

  126. 	}

  127. 

  128. 	return -1;

  129. }

  130. 

  131. 

  132. static char *

  133. wpa_supplicant_ctrl_iface_get_cookie(struct ctrl_iface_priv *priv,

  134. 				     size_t *reply_len)

  135. {

  136. 	char *reply;

  137. 	reply = os_malloc(7 + 2 * COOKIE_LEN + 1);

  138. 	if (reply == NULL) {

  139. 		*reply_len = 1;

  140. 		return NULL;

  141. 	}

  142. 

  143. 	os_memcpy(reply, "COOKIE=", 7);

  144. 	wpa_snprintf_hex(reply + 7, 2 * COOKIE_LEN + 1,

  145. 			 priv->cookie, COOKIE_LEN);

  146. 

  147. 	*reply_len = 7 + 2 * COOKIE_LEN;

  148. 	return reply;

  149. }

  150. 

  151. 

  152. static void wpa_supplicant_ctrl_iface_receive(int sock, void *eloop_ctx,

  153. 					      void *sock_ctx)

  154. {

  155. 	struct wpa_supplicant *wpa_s = eloop_ctx;

  156. 	struct ctrl_iface_priv *priv = sock_ctx;

  157. 	char buf[256], *pos;

  158. 	int res;

  159. 	struct sockaddr_in from;

  160. 	socklen_t fromlen = sizeof(from);

  161. 	char *reply = NULL;

  162. 	size_t reply_len = 0;

  163. 	int new_attached = 0;

  164. 	u8 cookie[COOKIE_LEN];

  165. 

  166. 	res = recvfrom(sock, buf, sizeof(buf) - 1, 0,

  167. 		       (struct sockaddr *) &from, &fromlen);

  168. 	if (res < 0) {

  169. 		perror("recvfrom(ctrl_iface)");

  170. 		return;

  171. 	}

  172. 	if (from.sin_addr.s_addr != htonl((127 << 24) | 1)) {

  173. 		/*

  174. 		 * The OS networking stack is expected to drop this kind of

  175. 		 * frames since the socket is bound to only localhost address.

  176. 		 * Just in case, drop the frame if it is coming from any other

  177. 		 * address.

  178. 		 */

  179. 		wpa_printf(MSG_DEBUG, "CTRL: Drop packet from unexpected "

  180. 			   "source %s", inet_ntoa(from.sin_addr));

  181. 		return;

  182. 	}

  183. 	buf[res] = '\0';

  184. 

  185. 	if (os_strcmp(buf, "GET_COOKIE") == 0) {

  186. 		reply = wpa_supplicant_ctrl_iface_get_cookie(priv, &reply_len);

  187. 		goto done;

  188. 	}

  189. 

  190. 	/*

  191. 	 * Require that the client includes a prefix with the 'cookie' value

  192. 	 * fetched with GET_COOKIE command. This is used to verify that the

  193. 	 * client has access to a bidirectional link over UDP in order to

  194. 	 * avoid attacks using forged localhost IP address even if the OS does

  195. 	 * not block such frames from remote destinations.

  196. 	 */

  197. 	if (os_strncmp(buf, "COOKIE=", 7) != 0) {

  198. 		wpa_printf(MSG_DEBUG, "CTLR: No cookie in the request - "

  199. 			   "drop request");

  200. 		return;

  201. 	}

  202. 

  203. 	if (hexstr2bin(buf + 7, cookie, COOKIE_LEN) < 0) {

  204. 		wpa_printf(MSG_DEBUG, "CTLR: Invalid cookie format in the "

  205. 			   "request - drop request");

  206. 		return;

  207. 	}

  208. 

  209. 	if (os_memcmp(cookie, priv->cookie, COOKIE_LEN) != 0) {

  210. 		wpa_printf(MSG_DEBUG, "CTLR: Invalid cookie in the request - "

  211. 			   "drop request");

  212. 		return;

  213. 	}

  214. 

  215. 	pos = buf + 7 + 2 * COOKIE_LEN;

  216. 	while (*pos == ' ')

  217. 		pos++;

  218. 

  219. 	if (os_strcmp(pos, "ATTACH") == 0) {

  220. 		if (wpa_supplicant_ctrl_iface_attach(priv, &from, fromlen))

  221. 			reply_len = 1;

  222. 		else {

  223. 			new_attached = 1;

  224. 			reply_len = 2;

  225. 		}

  226. 	} else if (os_strcmp(pos, "DETACH") == 0) {

  227. 		if (wpa_supplicant_ctrl_iface_detach(priv, &from, fromlen))

  228. 			reply_len = 1;

  229. 		else

  230. 			reply_len = 2;

  231. 	} else if (os_strncmp(pos, "LEVEL ", 6) == 0) {

  232. 		if (wpa_supplicant_ctrl_iface_level(priv, &from, fromlen,

  233. 						    pos + 6))

  234. 			reply_len = 1;

  235. 		else

  236. 			reply_len = 2;

  237. 	} else {

  238. 		reply = wpa_supplicant_ctrl_iface_process(wpa_s, pos,

  239. 							  &reply_len);

  240. 	}

  241. 

  242.  done:

  243. 	if (reply) {

  244. 		sendto(sock, reply, reply_len, 0, (struct sockaddr *) &from,

  245. 		       fromlen);

  246. 		os_free(reply);

  247. 	} else if (reply_len == 1) {

  248. 		sendto(sock, "FAIL\n", 5, 0, (struct sockaddr *) &from,

  249. 		       fromlen);

  250. 	} else if (reply_len == 2) {

  251. 		sendto(sock, "OK\n", 3, 0, (struct sockaddr *) &from,

  252. 		       fromlen);

  253. 	}

  254. 

  255. 	if (new_attached)

  256. 		eapol_sm_notify_ctrl_attached(wpa_s->eapol);

  257. }

  258. 

  259. 

  260. static void wpa_supplicant_ctrl_iface_msg_cb(void *ctx, int level,

  261. 					     const char *txt, size_t len)

  262. {

  263. 	struct wpa_supplicant *wpa_s = ctx;

  264. 	if (wpa_s == NULL || wpa_s->ctrl_iface == NULL)

  265. 		return;

  266. 	wpa_supplicant_ctrl_iface_send(wpa_s->ctrl_iface, level, txt, len);

  267. }

  268. 

  269. 

  270. struct ctrl_iface_priv *

  271. wpa_supplicant_ctrl_iface_init(struct wpa_supplicant *wpa_s)

  272. {

  273. 	struct ctrl_iface_priv *priv;

  274. 	struct sockaddr_in addr;

  275. 

  276. 	priv = os_zalloc(sizeof(*priv));

  277. 	if (priv == NULL)

  278. 		return NULL;

  279. 	priv->wpa_s = wpa_s;

  280. 	priv->sock = -1;

  281. 	os_get_random(priv->cookie, COOKIE_LEN);

  282. 

  283. 	if (wpa_s->conf->ctrl_interface == NULL)

  284. 		return priv;

  285. 

  286. 	priv->sock = socket(PF_INET, SOCK_DGRAM, 0);

  287. 	if (priv->sock < 0) {

  288. 		perror("socket(PF_INET)");

  289. 		goto fail;

  290. 	}

  291. 

  292. 	os_memset(&addr, 0, sizeof(addr));

  293. 	addr.sin_family = AF_INET;

  294. 	addr.sin_addr.s_addr = htonl((127 << 24) | 1);

  295. 	addr.sin_port = htons(WPA_CTRL_IFACE_PORT);

  296. 	if (bind(priv->sock, (struct sockaddr *) &addr, sizeof(addr)) < 0) {

  297. 		perror("bind(AF_INET)");

  298. 		goto fail;

  299. 	}

  300. 

  301. 	eloop_register_read_sock(priv->sock, wpa_supplicant_ctrl_iface_receive,

  302. 				 wpa_s, priv);

  303. 	wpa_msg_register_cb(wpa_supplicant_ctrl_iface_msg_cb);

  304. 

  305. 	return priv;

  306. 

  307. fail:

  308. 	if (priv->sock >= 0)

  309. 		close(priv->sock);

  310. 	os_free(priv);

  311. 	return NULL;

  312. }

  313. 

  314. 

  315. void wpa_supplicant_ctrl_iface_deinit(struct ctrl_iface_priv *priv)

  316. {

  317. 	struct wpa_ctrl_dst *dst, *prev;

  318. 

  319. 	if (priv->sock > -1) {

  320. 		eloop_unregister_read_sock(priv->sock);

  321. 		if (priv->ctrl_dst) {

  322. 			/*

  323. 			 * Wait a second before closing the control socket if

  324. 			 * there are any attached monitors in order to allow

  325. 			 * them to receive any pending messages.

  326. 			 */

  327. 			wpa_printf(MSG_DEBUG, "CTRL_IFACE wait for attached "

  328. 				   "monitors to receive messages");

  329. 			os_sleep(1, 0);

  330. 		}

  331. 		close(priv->sock);

  332. 		priv->sock = -1;

  333. 	}

  334. 

  335. 	dst = priv->ctrl_dst;

  336. 	while (dst) {

  337. 		prev = dst;

  338. 		dst = dst->next;

  339. 		os_free(prev);

  340. 	}

  341. 	os_free(priv);

  342. }

  343. 

  344. 

  345. static void wpa_supplicant_ctrl_iface_send(struct ctrl_iface_priv *priv,

  346. 					   int level, const char *buf,

  347. 					   size_t len)

  348. {

  349. 	struct wpa_ctrl_dst *dst, *next;

  350. 	char levelstr[10];

  351. 	int idx;

  352. 	char *sbuf;

  353. 	int llen;

  354. 

  355. 	dst = priv->ctrl_dst;

  356. 	if (priv->sock < 0 || dst == NULL)

  357. 		return;

  358. 

  359. 	os_snprintf(levelstr, sizeof(levelstr), "<%d>", level);

  360. 

  361. 	llen = os_strlen(levelstr);

  362. 	sbuf = os_malloc(llen + len);

  363. 	if (sbuf == NULL)

  364. 		return;

  365. 

  366. 	os_memcpy(sbuf, levelstr, llen);

  367. 	os_memcpy(sbuf + llen, buf, len);

  368. 

  369. 	idx = 0;

  370. 	while (dst) {

  371. 		next = dst->next;

  372. 		if (level >= dst->debug_level) {

  373. 			wpa_printf(MSG_DEBUG, "CTRL_IFACE monitor send %s:%d",

  374. 				   inet_ntoa(dst->addr.sin_addr),

  375. 				   ntohs(dst->addr.sin_port));

  376. 			if (sendto(priv->sock, sbuf, llen + len, 0,

  377. 				   (struct sockaddr *) &dst->addr,

  378. 				   sizeof(dst->addr)) < 0) {

  379. 				perror("sendto(CTRL_IFACE monitor)");

  380. 				dst->errors++;

  381. 				if (dst->errors > 10) {

  382. 					wpa_supplicant_ctrl_iface_detach(

  383. 						priv, &dst->addr,

  384. 						dst->addrlen);

  385. 				}

  386. 			} else

  387. 				dst->errors = 0;

  388. 		}

  389. 		idx++;

  390. 		dst = next;

  391. 	}

  392. 	os_free(sbuf);

  393. }

  394. 

  395. 

  396. void wpa_supplicant_ctrl_iface_wait(struct ctrl_iface_priv *priv)

  397. {

  398. 	wpa_printf(MSG_DEBUG, "CTRL_IFACE - %s - wait for monitor",

  399. 		   priv->wpa_s->ifname);

  400. 	eloop_wait_for_read_sock(priv->sock);

  401. }

  402. 

  403. 

  404. /* Global ctrl_iface */

  405. 

  406. struct ctrl_iface_global_priv {

  407. 	int sock;

  408. 	u8 cookie[COOKIE_LEN];

  409. };

  410. 

  411. 

  412. static char *

  413. wpa_supplicant_global_get_cookie(struct ctrl_iface_global_priv *priv,

  414. 				 size_t *reply_len)

  415. {

  416. 	char *reply;

  417. 	reply = os_malloc(7 + 2 * COOKIE_LEN + 1);

  418. 	if (reply == NULL) {

  419. 		*reply_len = 1;

  420. 		return NULL;

  421. 	}

  422. 

  423. 	os_memcpy(reply, "COOKIE=", 7);

  424. 	wpa_snprintf_hex(reply + 7, 2 * COOKIE_LEN + 1,

  425. 			 priv->cookie, COOKIE_LEN);

  426. 

  427. 	*reply_len = 7 + 2 * COOKIE_LEN;

  428. 	return reply;

  429. }

  430. 

  431. 

  432. static void wpa_supplicant_global_ctrl_iface_receive(int sock, void *eloop_ctx,

  433. 						     void *sock_ctx)

  434. {

  435. 	struct wpa_global *global = eloop_ctx;

  436. 	struct ctrl_iface_global_priv *priv = sock_ctx;

  437. 	char buf[256], *pos;

  438. 	int res;

  439. 	struct sockaddr_in from;

  440. 	socklen_t fromlen = sizeof(from);

  441. 	char *reply;

  442. 	size_t reply_len;

  443. 	u8 cookie[COOKIE_LEN];

  444. 

  445. 	res = recvfrom(sock, buf, sizeof(buf) - 1, 0,

  446. 		       (struct sockaddr *) &from, &fromlen);

  447. 	if (res < 0) {

  448. 		perror("recvfrom(ctrl_iface)");

  449. 		return;

  450. 	}

  451. 	if (from.sin_addr.s_addr != htonl((127 << 24) | 1)) {

  452. 		/*

  453. 		 * The OS networking stack is expected to drop this kind of

  454. 		 * frames since the socket is bound to only localhost address.

  455. 		 * Just in case, drop the frame if it is coming from any other

  456. 		 * address.

  457. 		 */

  458. 		wpa_printf(MSG_DEBUG, "CTRL: Drop packet from unexpected "

  459. 			   "source %s", inet_ntoa(from.sin_addr));

  460. 		return;

  461. 	}

  462. 	buf[res] = '\0';

  463. 

  464. 	if (os_strcmp(buf, "GET_COOKIE") == 0) {

  465. 		reply = wpa_supplicant_global_get_cookie(priv, &reply_len);

  466. 		goto done;

  467. 	}

  468. 

  469. 	if (os_strncmp(buf, "COOKIE=", 7) != 0) {

  470. 		wpa_printf(MSG_DEBUG, "CTLR: No cookie in the request - "

  471. 			   "drop request");

  472. 		return;

  473. 	}

  474. 

  475. 	if (hexstr2bin(buf + 7, cookie, COOKIE_LEN) < 0) {

  476. 		wpa_printf(MSG_DEBUG, "CTLR: Invalid cookie format in the "

  477. 			   "request - drop request");

  478. 		return;

  479. 	}

  480. 

  481. 	if (os_memcmp(cookie, priv->cookie, COOKIE_LEN) != 0) {

  482. 		wpa_printf(MSG_DEBUG, "CTLR: Invalid cookie in the request - "

  483. 			   "drop request");

  484. 		return;

  485. 	}

  486. 

  487. 	pos = buf + 7 + 2 * COOKIE_LEN;

  488. 	while (*pos == ' ')

  489. 		pos++;

  490. 

  491. 	reply = wpa_supplicant_global_ctrl_iface_process(global, pos,

  492. 							 &reply_len);

  493. 

  494.  done:

  495. 	if (reply) {

  496. 		sendto(sock, reply, reply_len, 0, (struct sockaddr *) &from,

  497. 		       fromlen);

  498. 		os_free(reply);

  499. 	} else if (reply_len) {

  500. 		sendto(sock, "FAIL\n", 5, 0, (struct sockaddr *) &from,

  501. 		       fromlen);

  502. 	}

  503. }

  504. 

  505. 

  506. struct ctrl_iface_global_priv *

  507. wpa_supplicant_global_ctrl_iface_init(struct wpa_global *global)

  508. {

  509. 	struct ctrl_iface_global_priv *priv;

  510. 	struct sockaddr_in addr;

  511. 

  512. 	priv = os_zalloc(sizeof(*priv));

  513. 	if (priv == NULL)

  514. 		return NULL;

  515. 	priv->sock = -1;

  516. 	os_get_random(priv->cookie, COOKIE_LEN);

  517. 

  518. 	if (global->params.ctrl_interface == NULL)

  519. 		return priv;

  520. 

  521. 	wpa_printf(MSG_DEBUG, "Global control interface '%s'",

  522. 		   global->params.ctrl_interface);

  523. 

  524. 	priv->sock = socket(PF_INET, SOCK_DGRAM, 0);

  525. 	if (priv->sock < 0) {

  526. 		perror("socket(PF_INET)");

  527. 		goto fail;

  528. 	}

  529. 

  530. 	os_memset(&addr, 0, sizeof(addr));

  531. 	addr.sin_family = AF_INET;

  532. 	addr.sin_addr.s_addr = htonl((127 << 24) | 1);

  533. 	addr.sin_port = htons(WPA_GLOBAL_CTRL_IFACE_PORT);

  534. 	if (bind(priv->sock, (struct sockaddr *) &addr, sizeof(addr)) < 0) {

  535. 		perror("bind(AF_INET)");

  536. 		goto fail;

  537. 	}

  538. 

  539. 	eloop_register_read_sock(priv->sock,

  540. 				 wpa_supplicant_global_ctrl_iface_receive,

  541. 				 global, priv);

  542. 

  543. 	return priv;

  544. 

  545. fail:

  546. 	if (priv->sock >= 0)

  547. 		close(priv->sock);

  548. 	os_free(priv);

  549. 	return NULL;

  550. }

  551. 

  552. 

  553. void

  554. wpa_supplicant_global_ctrl_iface_deinit(struct ctrl_iface_global_priv *priv)

  555. {

  556. 	if (priv->sock >= 0) {

  557. 		eloop_unregister_read_sock(priv->sock);

  558. 		close(priv->sock);

  559. 	}

  560. 	os_free(priv);

  561. }