contrib/wpa_supplicant/wpa_supplicant/ctrl_iface_udp.c

   1 /*
   2  * WPA Supplicant / UDP socket -based control interface
   3  * Copyright (c) 2004-2005, Jouni Malinen <j@w1.fi>
   4  *
   5  * This program is free software; you can redistribute it and/or modify
   6  * it under the terms of the GNU General Public License version 2 as
   7  * published by the Free Software Foundation.
   8  *
   9  * Alternatively, this software may be distributed under the terms of BSD
  10  * license.
  11  *
  12  * See README and COPYING for more details.
  13  */
  14
  15 #include "includes.h"
  16
  17 #include "common.h"
  18 #include "eloop.h"
  19 #include "config.h"
  20 #include "eapol_supp/eapol_supp_sm.h"
  21 #include "wpa_supplicant_i.h"
  22 #include "ctrl_iface.h"
  23 #include "wpa_ctrl.h"
  24
  25
  26 #define COOKIE_LEN 8
  27
  28 /* Per-interface ctrl_iface */
  29
  30 /**
  31  * struct wpa_ctrl_dst - Internal data structure of control interface monitors
  32  *
  33  * This structure is used to store information about registered control
  34  * interface monitors into struct wpa_supplicant. This data is private to
  35  * ctrl_iface_udp.c and should not be touched directly from other files.
  36  */
  37 struct wpa_ctrl_dst {
  38         struct wpa_ctrl_dst *next;
  39         struct sockaddr_in addr;
  40         socklen_t addrlen;
  41         int debug_level;
  42         int errors;
  43 };
  44
  45
  46 struct ctrl_iface_priv {
  47         struct wpa_supplicant *wpa_s;
  48         int sock;
  49         struct wpa_ctrl_dst *ctrl_dst;
  50         u8 cookie[COOKIE_LEN];
  51 };
  52
  53
  54 static void wpa_supplicant_ctrl_iface_send(struct ctrl_iface_priv *priv,
  55                                            int level, const char *buf,
  56                                            size_t len);
  57
  58
  59 static int wpa_supplicant_ctrl_iface_attach(struct ctrl_iface_priv *priv,
  60                                             struct sockaddr_in *from,
  61                                             socklen_t fromlen)
  62 {
  63         struct wpa_ctrl_dst *dst;
  64
  65         dst = os_zalloc(sizeof(*dst));
  66         if (dst == NULL)
  67                 return -1;
  68         os_memcpy(&dst->addr, from, sizeof(struct sockaddr_in));
  69         dst->addrlen = fromlen;
  70         dst->debug_level = MSG_INFO;
  71         dst->next = priv->ctrl_dst;
  72         priv->ctrl_dst = dst;
  73         wpa_printf(MSG_DEBUG, "CTRL_IFACE monitor attached %s:%d",
  74                    inet_ntoa(from->sin_addr), ntohs(from->sin_port));
  75         return 0;
  76 }
  77
  78
  79 static int wpa_supplicant_ctrl_iface_detach(struct ctrl_iface_priv *priv,
  80                                             struct sockaddr_in *from,
  81                                             socklen_t fromlen)
  82 {
  83         struct wpa_ctrl_dst *dst, *prev = NULL;
  84
  85         dst = priv->ctrl_dst;
  86         while (dst) {
  87                 if (from->sin_addr.s_addr == dst->addr.sin_addr.s_addr &&
  88                     from->sin_port == dst->addr.sin_port) {
  89                         if (prev == NULL)
  90                                 priv->ctrl_dst = dst->next;
  91                         else
  92                                 prev->next = dst->next;
  93                         os_free(dst);
  94                         wpa_printf(MSG_DEBUG, "CTRL_IFACE monitor detached "
  95                                    "%s:%d", inet_ntoa(from->sin_addr),
  96                                    ntohs(from->sin_port));
  97                         return 0;
  98                 }
  99                 prev = dst;
 100                 dst = dst->next;
 101         }
 102         return -1;
 103 }
 104
 105
 106 static int wpa_supplicant_ctrl_iface_level(struct ctrl_iface_priv *priv,
 107                                            struct sockaddr_in *from,
 108                                            socklen_t fromlen,
 109                                            char *level)
 110 {
 111         struct wpa_ctrl_dst *dst;
 112
 113         wpa_printf(MSG_DEBUG, "CTRL_IFACE LEVEL %s", level);
 114
 115         dst = priv->ctrl_dst;
 116         while (dst) {
 117                 if (from->sin_addr.s_addr == dst->addr.sin_addr.s_addr &&
 118                     from->sin_port == dst->addr.sin_port) {
 119                         wpa_printf(MSG_DEBUG, "CTRL_IFACE changed monitor "
 120                                    "level %s:%d", inet_ntoa(from->sin_addr),
 121                                    ntohs(from->sin_port));
 122                         dst->debug_level = atoi(level);
 123                         return 0;
 124                 }
 125                 dst = dst->next;
 126         }
 127
 128         return -1;
 129 }
 130
 131
 132 static char *
 133 wpa_supplicant_ctrl_iface_get_cookie(struct ctrl_iface_priv *priv,
 134                                      size_t *reply_len)
 135 {
 136         char *reply;
 137         reply = os_malloc(7 + 2 * COOKIE_LEN + 1);
 138         if (reply == NULL) {
 139                 *reply_len = 1;
 140                 return NULL;
 141         }
 142
 143         os_memcpy(reply, "COOKIE=", 7);
 144         wpa_snprintf_hex(reply + 7, 2 * COOKIE_LEN + 1,
 145                          priv->cookie, COOKIE_LEN);
 146
 147         *reply_len = 7 + 2 * COOKIE_LEN;
 148         return reply;
 149 }
 150
 151
 152 static void wpa_supplicant_ctrl_iface_receive(int sock, void *eloop_ctx,
 153                                               void *sock_ctx)
 154 {
 155         struct wpa_supplicant *wpa_s = eloop_ctx;
 156         struct ctrl_iface_priv *priv = sock_ctx;
 157         char buf[256], *pos;
 158         int res;
 159         struct sockaddr_in from;
 160         socklen_t fromlen = sizeof(from);
 161         char *reply = NULL;
 162         size_t reply_len = 0;
 163         int new_attached = 0;
 164         u8 cookie[COOKIE_LEN];
 165
 166         res = recvfrom(sock, buf, sizeof(buf) - 1, 0,
 167                        (struct sockaddr *) &from, &fromlen);
 168         if (res < 0) {
 169                 perror("recvfrom(ctrl_iface)");
 170                 return;
 171         }
 172         if (from.sin_addr.s_addr != htonl((127 << 24) | 1)) {
 173                 /*
 174                  * The OS networking stack is expected to drop this kind of
 175                  * frames since the socket is bound to only localhost address.
 176                  * Just in case, drop the frame if it is coming from any other
 177                  * address.
 178                  */
 179                 wpa_printf(MSG_DEBUG, "CTRL: Drop packet from unexpected "
 180                            "source %s", inet_ntoa(from.sin_addr));
 181                 return;
 182         }
 183         buf[res] = '\0';
 184
 185         if (os_strcmp(buf, "GET_COOKIE") == 0) {
 186                 reply = wpa_supplicant_ctrl_iface_get_cookie(priv, &reply_len);
 187                 goto done;
 188         }
 189
 190         /*
 191          * Require that the client includes a prefix with the 'cookie' value
 192          * fetched with GET_COOKIE command. This is used to verify that the
 193          * client has access to a bidirectional link over UDP in order to
 194          * avoid attacks using forged localhost IP address even if the OS does
 195          * not block such frames from remote destinations.
 196          */
 197         if (os_strncmp(buf, "COOKIE=", 7) != 0) {
 198                 wpa_printf(MSG_DEBUG, "CTLR: No cookie in the request - "
 199                            "drop request");
 200                 return;
 201         }
 202
 203         if (hexstr2bin(buf + 7, cookie, COOKIE_LEN) < 0) {
 204                 wpa_printf(MSG_DEBUG, "CTLR: Invalid cookie format in the "
 205                            "request - drop request");
 206                 return;
 207         }
 208
 209         if (os_memcmp(cookie, priv->cookie, COOKIE_LEN) != 0) {
 210                 wpa_printf(MSG_DEBUG, "CTLR: Invalid cookie in the request - "
 211                            "drop request");
 212                 return;
 213         }
 214
 215         pos = buf + 7 + 2 * COOKIE_LEN;
 216         while (*pos == ' ')
 217                 pos++;
 218
 219         if (os_strcmp(pos, "ATTACH") == 0) {
 220                 if (wpa_supplicant_ctrl_iface_attach(priv, &from, fromlen))
 221                         reply_len = 1;
 222                 else {
 223                         new_attached = 1;
 224                         reply_len = 2;
 225                 }
 226         } else if (os_strcmp(pos, "DETACH") == 0) {
 227                 if (wpa_supplicant_ctrl_iface_detach(priv, &from, fromlen))
 228                         reply_len = 1;
 229                 else
 230                         reply_len = 2;
 231         } else if (os_strncmp(pos, "LEVEL ", 6) == 0) {
 232                 if (wpa_supplicant_ctrl_iface_level(priv, &from, fromlen,
 233                                                     pos + 6))
 234                         reply_len = 1;
 235                 else
 236                         reply_len = 2;
 237         } else {
 238                 reply = wpa_supplicant_ctrl_iface_process(wpa_s, pos,
 239                                                           &reply_len);
 240         }
 241
 242  done:
 243         if (reply) {
 244                 sendto(sock, reply, reply_len, 0, (struct sockaddr *) &from,
 245                        fromlen);
 246                 os_free(reply);
 247         } else if (reply_len == 1) {
 248                 sendto(sock, "FAIL\n", 5, 0, (struct sockaddr *) &from,
 249                        fromlen);
 250         } else if (reply_len == 2) {
 251                 sendto(sock, "OK\n", 3, 0, (struct sockaddr *) &from,
 252                        fromlen);
 253         }
 254
 255         if (new_attached)
 256                 eapol_sm_notify_ctrl_attached(wpa_s->eapol);
 257 }
 258
 259
 260 static void wpa_supplicant_ctrl_iface_msg_cb(void *ctx, int level,
 261                                              const char *txt, size_t len)
 262 {
 263         struct wpa_supplicant *wpa_s = ctx;
 264         if (wpa_s == NULL || wpa_s->ctrl_iface == NULL)
 265                 return;
 266         wpa_supplicant_ctrl_iface_send(wpa_s->ctrl_iface, level, txt, len);
 267 }
 268
 269
 270 struct ctrl_iface_priv *
 271 wpa_supplicant_ctrl_iface_init(struct wpa_supplicant *wpa_s)
 272 {
 273         struct ctrl_iface_priv *priv;
 274         struct sockaddr_in addr;
 275
 276         priv = os_zalloc(sizeof(*priv));
 277         if (priv == NULL)
 278                 return NULL;
 279         priv->wpa_s = wpa_s;
 280         priv->sock = -1;
 281         os_get_random(priv->cookie, COOKIE_LEN);
 282
 283         if (wpa_s->conf->ctrl_interface == NULL)
 284                 return priv;
 285
 286         priv->sock = socket(PF_INET, SOCK_DGRAM, 0);
 287         if (priv->sock < 0) {
 288                 perror("socket(PF_INET)");
 289                 goto fail;
 290         }
 291
 292         os_memset(&addr, 0, sizeof(addr));
 293         addr.sin_family = AF_INET;
 294         addr.sin_addr.s_addr = htonl((127 << 24) | 1);
 295         addr.sin_port = htons(WPA_CTRL_IFACE_PORT);
 296         if (bind(priv->sock, (struct sockaddr *) &addr, sizeof(addr)) < 0) {
 297                 perror("bind(AF_INET)");
 298                 goto fail;
 299         }
 300
 301         eloop_register_read_sock(priv->sock, wpa_supplicant_ctrl_iface_receive,
 302                                  wpa_s, priv);
 303         wpa_msg_register_cb(wpa_supplicant_ctrl_iface_msg_cb);
 304
 305         return priv;
 306
 307 fail:
 308         if (priv->sock >= 0)
 309                 close(priv->sock);
 310         os_free(priv);
 311         return NULL;
 312 }
 313
 314
 315 void wpa_supplicant_ctrl_iface_deinit(struct ctrl_iface_priv *priv)
 316 {
 317         struct wpa_ctrl_dst *dst, *prev;
 318
 319         if (priv->sock > -1) {
 320                 eloop_unregister_read_sock(priv->sock);
 321                 if (priv->ctrl_dst) {
 322                         /*
 323                          * Wait a second before closing the control socket if
 324                          * there are any attached monitors in order to allow
 325                          * them to receive any pending messages.
 326                          */
 327                         wpa_printf(MSG_DEBUG, "CTRL_IFACE wait for attached "
 328                                    "monitors to receive messages");
 329                         os_sleep(1, 0);
 330                 }
 331                 close(priv->sock);
 332                 priv->sock = -1;
 333         }
 334
 335         dst = priv->ctrl_dst;
 336         while (dst) {
 337                 prev = dst;
 338                 dst = dst->next;
 339                 os_free(prev);
 340         }
 341         os_free(priv);
 342 }
 343
 344
 345 static void wpa_supplicant_ctrl_iface_send(struct ctrl_iface_priv *priv,
 346                                            int level, const char *buf,
 347                                            size_t len)
 348 {
 349         struct wpa_ctrl_dst *dst, *next;
 350         char levelstr[10];
 351         int idx;
 352         char *sbuf;
 353         int llen;
 354
 355         dst = priv->ctrl_dst;
 356         if (priv->sock < 0 || dst == NULL)
 357                 return;
 358
 359         os_snprintf(levelstr, sizeof(levelstr), "<%d>", level);
 360
 361         llen = os_strlen(levelstr);
 362         sbuf = os_malloc(llen + len);
 363         if (sbuf == NULL)
 364                 return;
 365
 366         os_memcpy(sbuf, levelstr, llen);
 367         os_memcpy(sbuf + llen, buf, len);
 368
 369         idx = 0;
 370         while (dst) {
 371                 next = dst->next;
 372                 if (level >= dst->debug_level) {
 373                         wpa_printf(MSG_DEBUG, "CTRL_IFACE monitor send %s:%d",
 374                                    inet_ntoa(dst->addr.sin_addr),
 375                                    ntohs(dst->addr.sin_port));
 376                         if (sendto(priv->sock, sbuf, llen + len, 0,
 377                                    (struct sockaddr *) &dst->addr,
 378                                    sizeof(dst->addr)) < 0) {
 379                                 perror("sendto(CTRL_IFACE monitor)");
 380                                 dst->errors++;
 381                                 if (dst->errors > 10) {
 382                                         wpa_supplicant_ctrl_iface_detach(
 383                                                 priv, &dst->addr,
 384                                                 dst->addrlen);
 385                                 }
 386                         } else
 387                                 dst->errors = 0;
 388                 }
 389                 idx++;
 390                 dst = next;
 391         }
 392         os_free(sbuf);
 393 }
 394
 395
 396 void wpa_supplicant_ctrl_iface_wait(struct ctrl_iface_priv *priv)
 397 {
 398         wpa_printf(MSG_DEBUG, "CTRL_IFACE - %s - wait for monitor",
 399                    priv->wpa_s->ifname);
 400         eloop_wait_for_read_sock(priv->sock);
 401 }
 402
 403
 404 /* Global ctrl_iface */
 405
 406 struct ctrl_iface_global_priv {
 407         int sock;
 408         u8 cookie[COOKIE_LEN];
 409 };
 410
 411
 412 static char *
 413 wpa_supplicant_global_get_cookie(struct ctrl_iface_global_priv *priv,
 414                                  size_t *reply_len)
 415 {
 416         char *reply;
 417         reply = os_malloc(7 + 2 * COOKIE_LEN + 1);
 418         if (reply == NULL) {
 419                 *reply_len = 1;
 420                 return NULL;
 421         }
 422
 423         os_memcpy(reply, "COOKIE=", 7);
 424         wpa_snprintf_hex(reply + 7, 2 * COOKIE_LEN + 1,
 425                          priv->cookie, COOKIE_LEN);
 426
 427         *reply_len = 7 + 2 * COOKIE_LEN;
 428         return reply;
 429 }
 430
 431
 432 static void wpa_supplicant_global_ctrl_iface_receive(int sock, void *eloop_ctx,
 433                                                      void *sock_ctx)
 434 {
 435         struct wpa_global *global = eloop_ctx;
 436         struct ctrl_iface_global_priv *priv = sock_ctx;
 437         char buf[256], *pos;
 438         int res;
 439         struct sockaddr_in from;
 440         socklen_t fromlen = sizeof(from);
 441         char *reply;
 442         size_t reply_len;
 443         u8 cookie[COOKIE_LEN];
 444
 445         res = recvfrom(sock, buf, sizeof(buf) - 1, 0,
 446                        (struct sockaddr *) &from, &fromlen);
 447         if (res < 0) {
 448                 perror("recvfrom(ctrl_iface)");
 449                 return;
 450         }
 451         if (from.sin_addr.s_addr != htonl((127 << 24) | 1)) {
 452                 /*
 453                  * The OS networking stack is expected to drop this kind of
 454                  * frames since the socket is bound to only localhost address.
 455                  * Just in case, drop the frame if it is coming from any other
 456                  * address.
 457                  */
 458                 wpa_printf(MSG_DEBUG, "CTRL: Drop packet from unexpected "
 459                            "source %s", inet_ntoa(from.sin_addr));
 460                 return;
 461         }
 462         buf[res] = '\0';
 463
 464         if (os_strcmp(buf, "GET_COOKIE") == 0) {
 465                 reply = wpa_supplicant_global_get_cookie(priv, &reply_len);
 466                 goto done;
 467         }
 468
 469         if (os_strncmp(buf, "COOKIE=", 7) != 0) {
 470                 wpa_printf(MSG_DEBUG, "CTLR: No cookie in the request - "
 471                            "drop request");
 472                 return;
 473         }
 474
 475         if (hexstr2bin(buf + 7, cookie, COOKIE_LEN) < 0) {
 476                 wpa_printf(MSG_DEBUG, "CTLR: Invalid cookie format in the "
 477                            "request - drop request");
 478                 return;
 479         }
 480
 481         if (os_memcmp(cookie, priv->cookie, COOKIE_LEN) != 0) {
 482                 wpa_printf(MSG_DEBUG, "CTLR: Invalid cookie in the request - "
 483                            "drop request");
 484                 return;
 485         }
 486
 487         pos = buf + 7 + 2 * COOKIE_LEN;
 488         while (*pos == ' ')
 489                 pos++;
 490
 491         reply = wpa_supplicant_global_ctrl_iface_process(global, pos,
 492                                                          &reply_len);
 493
 494  done:
 495         if (reply) {
 496                 sendto(sock, reply, reply_len, 0, (struct sockaddr *) &from,
 497                        fromlen);
 498                 os_free(reply);
 499         } else if (reply_len) {
 500                 sendto(sock, "FAIL\n", 5, 0, (struct sockaddr *) &from,
 501                        fromlen);
 502         }
 503 }
 504
 505
 506 struct ctrl_iface_global_priv *
 507 wpa_supplicant_global_ctrl_iface_init(struct wpa_global *global)
 508 {
 509         struct ctrl_iface_global_priv *priv;
 510         struct sockaddr_in addr;
 511
 512         priv = os_zalloc(sizeof(*priv));
 513         if (priv == NULL)
 514                 return NULL;
 515         priv->sock = -1;
 516         os_get_random(priv->cookie, COOKIE_LEN);
 517
 518         if (global->params.ctrl_interface == NULL)
 519                 return priv;
 520
 521         wpa_printf(MSG_DEBUG, "Global control interface '%s'",
 522                    global->params.ctrl_interface);
 523
 524         priv->sock = socket(PF_INET, SOCK_DGRAM, 0);
 525         if (priv->sock < 0) {
 526                 perror("socket(PF_INET)");
 527                 goto fail;
 528         }
 529
 530         os_memset(&addr, 0, sizeof(addr));
 531         addr.sin_family = AF_INET;
 532         addr.sin_addr.s_addr = htonl((127 << 24) | 1);
 533         addr.sin_port = htons(WPA_GLOBAL_CTRL_IFACE_PORT);
 534         if (bind(priv->sock, (struct sockaddr *) &addr, sizeof(addr)) < 0) {
 535                 perror("bind(AF_INET)");
 536                 goto fail;
 537         }
 538
 539         eloop_register_read_sock(priv->sock,
 540                                  wpa_supplicant_global_ctrl_iface_receive,
 541                                  global, priv);
 542
 543         return priv;
 544
 545 fail:
 546         if (priv->sock >= 0)
 547                 close(priv->sock);
 548         os_free(priv);
 549         return NULL;
 550 }
 551
 552
 553 void
 554 wpa_supplicant_global_ctrl_iface_deinit(struct ctrl_iface_global_priv *priv)
 555 {
 556         if (priv->sock >= 0) {
 557                 eloop_unregister_read_sock(priv->sock);
 558                 close(priv->sock);
 559         }
 560         os_free(priv);
 561 }