1 /*
2 * hostapd / UNIX domain socket -based control interface
3 * Copyright (c) 2004-2018, Jouni Malinen <j@w1.fi>
4 *
5 * This software may be distributed under the terms of the BSD license.
6 * See README for more details.
7 */
8
9 #include "utils/includes.h"
10
11 #ifndef CONFIG_NATIVE_WINDOWS
12
13 #ifdef CONFIG_TESTING_OPTIONS
14 #ifdef __NetBSD__
15 #include <net/if_ether.h>
16 #else
17 #include <net/ethernet.h>
18 #endif
19 #include <netinet/ip.h>
20 #endif /* CONFIG_TESTING_OPTIONS */
21
22 #include <sys/un.h>
23 #include <sys/stat.h>
24 #include <stddef.h>
25
26 #ifdef CONFIG_CTRL_IFACE_UDP
27 #include <netdb.h>
28 #endif /* CONFIG_CTRL_IFACE_UDP */
29
30 #include "utils/common.h"
31 #include "utils/eloop.h"
32 #include "utils/module_tests.h"
33 #include "common/version.h"
34 #include "common/ieee802_11_defs.h"
35 #include "common/ctrl_iface_common.h"
36 #ifdef CONFIG_DPP
37 #include "common/dpp.h"
38 #endif /* CONFIG_DPP */
39 #include "common/wpa_ctrl.h"
40 #include "common/ptksa_cache.h"
41 #include "common/hw_features_common.h"
42 #include "crypto/tls.h"
43 #include "drivers/driver.h"
44 #include "eapol_auth/eapol_auth_sm.h"
45 #include "radius/radius_client.h"
46 #include "radius/radius_server.h"
47 #include "l2_packet/l2_packet.h"
48 #include "ap/hostapd.h"
49 #include "ap/ap_config.h"
50 #include "ap/ieee802_1x.h"
51 #include "ap/wpa_auth.h"
52 #include "ap/pmksa_cache_auth.h"
53 #include "ap/ieee802_11.h"
54 #include "ap/sta_info.h"
55 #include "ap/wps_hostapd.h"
56 #include "ap/ctrl_iface_ap.h"
57 #include "ap/ap_drv_ops.h"
58 #include "ap/hs20.h"
59 #include "ap/wnm_ap.h"
60 #include "ap/wpa_auth.h"
61 #include "ap/beacon.h"
62 #include "ap/neighbor_db.h"
63 #include "ap/rrm.h"
64 #include "ap/dpp_hostapd.h"
65 #include "ap/dfs.h"
66 #include "wps/wps_defs.h"
67 #include "wps/wps.h"
68 #include "fst/fst_ctrl_iface.h"
69 #include "config_file.h"
70 #include "ctrl_iface.h"
71
72
73 #define HOSTAPD_CLI_DUP_VALUE_MAX_LEN 256
74
75 #ifdef CONFIG_CTRL_IFACE_UDP
76 #define HOSTAPD_CTRL_IFACE_PORT 8877
77 #define HOSTAPD_CTRL_IFACE_PORT_LIMIT 50
78 #define HOSTAPD_GLOBAL_CTRL_IFACE_PORT 8878
79 #define HOSTAPD_GLOBAL_CTRL_IFACE_PORT_LIMIT 50
80 #endif /* CONFIG_CTRL_IFACE_UDP */
81
82 static void hostapd_ctrl_iface_send(struct hostapd_data *hapd, int level,
83 enum wpa_msg_type type,
84 const char *buf, size_t len);
85
86
hostapd_ctrl_iface_attach(struct hostapd_data * hapd,struct sockaddr_storage * from,socklen_t fromlen,const char * input)87 static int hostapd_ctrl_iface_attach(struct hostapd_data *hapd,
88 struct sockaddr_storage *from,
89 socklen_t fromlen, const char *input)
90 {
91 return ctrl_iface_attach(&hapd->ctrl_dst, from, fromlen, input);
92 }
93
94
hostapd_ctrl_iface_detach(struct hostapd_data * hapd,struct sockaddr_storage * from,socklen_t fromlen)95 static int hostapd_ctrl_iface_detach(struct hostapd_data *hapd,
96 struct sockaddr_storage *from,
97 socklen_t fromlen)
98 {
99 return ctrl_iface_detach(&hapd->ctrl_dst, from, fromlen);
100 }
101
102
hostapd_ctrl_iface_level(struct hostapd_data * hapd,struct sockaddr_storage * from,socklen_t fromlen,char * level)103 static int hostapd_ctrl_iface_level(struct hostapd_data *hapd,
104 struct sockaddr_storage *from,
105 socklen_t fromlen,
106 char *level)
107 {
108 return ctrl_iface_level(&hapd->ctrl_dst, from, fromlen, level);
109 }
110
111
hostapd_ctrl_iface_new_sta(struct hostapd_data * hapd,const char * txtaddr)112 static int hostapd_ctrl_iface_new_sta(struct hostapd_data *hapd,
113 const char *txtaddr)
114 {
115 u8 addr[ETH_ALEN];
116 struct sta_info *sta;
117
118 wpa_printf(MSG_DEBUG, "CTRL_IFACE NEW_STA %s", txtaddr);
119
120 if (hwaddr_aton(txtaddr, addr))
121 return -1;
122
123 sta = ap_get_sta(hapd, addr);
124 if (sta)
125 return 0;
126
127 wpa_printf(MSG_DEBUG, "Add new STA " MACSTR " based on ctrl_iface "
128 "notification", MAC2STR(addr));
129 sta = ap_sta_add(hapd, addr);
130 if (sta == NULL)
131 return -1;
132
133 hostapd_new_assoc_sta(hapd, sta, 0);
134 return 0;
135 }
136
137
138 #ifdef NEED_AP_MLME
hostapd_ctrl_iface_sa_query(struct hostapd_data * hapd,const char * txtaddr)139 static int hostapd_ctrl_iface_sa_query(struct hostapd_data *hapd,
140 const char *txtaddr)
141 {
142 u8 addr[ETH_ALEN];
143 u8 trans_id[WLAN_SA_QUERY_TR_ID_LEN];
144
145 wpa_printf(MSG_DEBUG, "CTRL_IFACE SA_QUERY %s", txtaddr);
146
147 if (hwaddr_aton(txtaddr, addr) ||
148 os_get_random(trans_id, WLAN_SA_QUERY_TR_ID_LEN) < 0)
149 return -1;
150
151 ieee802_11_send_sa_query_req(hapd, addr, trans_id);
152
153 return 0;
154 }
155 #endif /* NEED_AP_MLME */
156
157
158 #ifdef CONFIG_WPS
hostapd_ctrl_iface_wps_pin(struct hostapd_data * hapd,char * txt)159 static int hostapd_ctrl_iface_wps_pin(struct hostapd_data *hapd, char *txt)
160 {
161 char *pin = os_strchr(txt, ' ');
162 char *timeout_txt;
163 int timeout;
164 u8 addr_buf[ETH_ALEN], *addr = NULL;
165 char *pos;
166
167 if (pin == NULL)
168 return -1;
169 *pin++ = '\0';
170
171 timeout_txt = os_strchr(pin, ' ');
172 if (timeout_txt) {
173 *timeout_txt++ = '\0';
174 timeout = atoi(timeout_txt);
175 pos = os_strchr(timeout_txt, ' ');
176 if (pos) {
177 *pos++ = '\0';
178 if (hwaddr_aton(pos, addr_buf) == 0)
179 addr = addr_buf;
180 }
181 } else
182 timeout = 0;
183
184 return hostapd_wps_add_pin(hapd, addr, txt, pin, timeout);
185 }
186
187
hostapd_ctrl_iface_wps_check_pin(struct hostapd_data * hapd,char * cmd,char * buf,size_t buflen)188 static int hostapd_ctrl_iface_wps_check_pin(
189 struct hostapd_data *hapd, char *cmd, char *buf, size_t buflen)
190 {
191 char pin[9];
192 size_t len;
193 char *pos;
194 int ret;
195
196 wpa_hexdump_ascii_key(MSG_DEBUG, "WPS_CHECK_PIN",
197 (u8 *) cmd, os_strlen(cmd));
198 for (pos = cmd, len = 0; *pos != '\0'; pos++) {
199 if (*pos < '0' || *pos > '9')
200 continue;
201 pin[len++] = *pos;
202 if (len == 9) {
203 wpa_printf(MSG_DEBUG, "WPS: Too long PIN");
204 return -1;
205 }
206 }
207 if (len != 4 && len != 8) {
208 wpa_printf(MSG_DEBUG, "WPS: Invalid PIN length %d", (int) len);
209 return -1;
210 }
211 pin[len] = '\0';
212
213 if (len == 8) {
214 unsigned int pin_val;
215 pin_val = atoi(pin);
216 if (!wps_pin_valid(pin_val)) {
217 wpa_printf(MSG_DEBUG, "WPS: Invalid checksum digit");
218 ret = os_snprintf(buf, buflen, "FAIL-CHECKSUM\n");
219 if (os_snprintf_error(buflen, ret))
220 return -1;
221 return ret;
222 }
223 }
224
225 ret = os_snprintf(buf, buflen, "%s", pin);
226 if (os_snprintf_error(buflen, ret))
227 return -1;
228
229 return ret;
230 }
231
232
233 #ifdef CONFIG_WPS_NFC
hostapd_ctrl_iface_wps_nfc_tag_read(struct hostapd_data * hapd,char * pos)234 static int hostapd_ctrl_iface_wps_nfc_tag_read(struct hostapd_data *hapd,
235 char *pos)
236 {
237 size_t len;
238 struct wpabuf *buf;
239 int ret;
240
241 len = os_strlen(pos);
242 if (len & 0x01)
243 return -1;
244 len /= 2;
245
246 buf = wpabuf_alloc(len);
247 if (buf == NULL)
248 return -1;
249 if (hexstr2bin(pos, wpabuf_put(buf, len), len) < 0) {
250 wpabuf_free(buf);
251 return -1;
252 }
253
254 ret = hostapd_wps_nfc_tag_read(hapd, buf);
255 wpabuf_free(buf);
256
257 return ret;
258 }
259
260
hostapd_ctrl_iface_wps_nfc_config_token(struct hostapd_data * hapd,char * cmd,char * reply,size_t max_len)261 static int hostapd_ctrl_iface_wps_nfc_config_token(struct hostapd_data *hapd,
262 char *cmd, char *reply,
263 size_t max_len)
264 {
265 int ndef;
266 struct wpabuf *buf;
267 int res;
268
269 if (os_strcmp(cmd, "WPS") == 0)
270 ndef = 0;
271 else if (os_strcmp(cmd, "NDEF") == 0)
272 ndef = 1;
273 else
274 return -1;
275
276 buf = hostapd_wps_nfc_config_token(hapd, ndef);
277 if (buf == NULL)
278 return -1;
279
280 res = wpa_snprintf_hex_uppercase(reply, max_len, wpabuf_head(buf),
281 wpabuf_len(buf));
282 reply[res++] = '\n';
283 reply[res] = '\0';
284
285 wpabuf_free(buf);
286
287 return res;
288 }
289
290
hostapd_ctrl_iface_wps_nfc_token_gen(struct hostapd_data * hapd,char * reply,size_t max_len,int ndef)291 static int hostapd_ctrl_iface_wps_nfc_token_gen(struct hostapd_data *hapd,
292 char *reply, size_t max_len,
293 int ndef)
294 {
295 struct wpabuf *buf;
296 int res;
297
298 buf = hostapd_wps_nfc_token_gen(hapd, ndef);
299 if (buf == NULL)
300 return -1;
301
302 res = wpa_snprintf_hex_uppercase(reply, max_len, wpabuf_head(buf),
303 wpabuf_len(buf));
304 reply[res++] = '\n';
305 reply[res] = '\0';
306
307 wpabuf_free(buf);
308
309 return res;
310 }
311
312
hostapd_ctrl_iface_wps_nfc_token(struct hostapd_data * hapd,char * cmd,char * reply,size_t max_len)313 static int hostapd_ctrl_iface_wps_nfc_token(struct hostapd_data *hapd,
314 char *cmd, char *reply,
315 size_t max_len)
316 {
317 if (os_strcmp(cmd, "WPS") == 0)
318 return hostapd_ctrl_iface_wps_nfc_token_gen(hapd, reply,
319 max_len, 0);
320
321 if (os_strcmp(cmd, "NDEF") == 0)
322 return hostapd_ctrl_iface_wps_nfc_token_gen(hapd, reply,
323 max_len, 1);
324
325 if (os_strcmp(cmd, "enable") == 0)
326 return hostapd_wps_nfc_token_enable(hapd);
327
328 if (os_strcmp(cmd, "disable") == 0) {
329 hostapd_wps_nfc_token_disable(hapd);
330 return 0;
331 }
332
333 return -1;
334 }
335
336
hostapd_ctrl_iface_nfc_get_handover_sel(struct hostapd_data * hapd,char * cmd,char * reply,size_t max_len)337 static int hostapd_ctrl_iface_nfc_get_handover_sel(struct hostapd_data *hapd,
338 char *cmd, char *reply,
339 size_t max_len)
340 {
341 struct wpabuf *buf;
342 int res;
343 char *pos;
344 int ndef;
345
346 pos = os_strchr(cmd, ' ');
347 if (pos == NULL)
348 return -1;
349 *pos++ = '\0';
350
351 if (os_strcmp(cmd, "WPS") == 0)
352 ndef = 0;
353 else if (os_strcmp(cmd, "NDEF") == 0)
354 ndef = 1;
355 else
356 return -1;
357
358 if (os_strcmp(pos, "WPS-CR") == 0)
359 buf = hostapd_wps_nfc_hs_cr(hapd, ndef);
360 else
361 buf = NULL;
362 if (buf == NULL)
363 return -1;
364
365 res = wpa_snprintf_hex_uppercase(reply, max_len, wpabuf_head(buf),
366 wpabuf_len(buf));
367 reply[res++] = '\n';
368 reply[res] = '\0';
369
370 wpabuf_free(buf);
371
372 return res;
373 }
374
375
hostapd_ctrl_iface_nfc_report_handover(struct hostapd_data * hapd,char * cmd)376 static int hostapd_ctrl_iface_nfc_report_handover(struct hostapd_data *hapd,
377 char *cmd)
378 {
379 size_t len;
380 struct wpabuf *req, *sel;
381 int ret;
382 char *pos, *role, *type, *pos2;
383
384 role = cmd;
385 pos = os_strchr(role, ' ');
386 if (pos == NULL)
387 return -1;
388 *pos++ = '\0';
389
390 type = pos;
391 pos = os_strchr(type, ' ');
392 if (pos == NULL)
393 return -1;
394 *pos++ = '\0';
395
396 pos2 = os_strchr(pos, ' ');
397 if (pos2 == NULL)
398 return -1;
399 *pos2++ = '\0';
400
401 len = os_strlen(pos);
402 if (len & 0x01)
403 return -1;
404 len /= 2;
405
406 req = wpabuf_alloc(len);
407 if (req == NULL)
408 return -1;
409 if (hexstr2bin(pos, wpabuf_put(req, len), len) < 0) {
410 wpabuf_free(req);
411 return -1;
412 }
413
414 len = os_strlen(pos2);
415 if (len & 0x01) {
416 wpabuf_free(req);
417 return -1;
418 }
419 len /= 2;
420
421 sel = wpabuf_alloc(len);
422 if (sel == NULL) {
423 wpabuf_free(req);
424 return -1;
425 }
426 if (hexstr2bin(pos2, wpabuf_put(sel, len), len) < 0) {
427 wpabuf_free(req);
428 wpabuf_free(sel);
429 return -1;
430 }
431
432 if (os_strcmp(role, "RESP") == 0 && os_strcmp(type, "WPS") == 0) {
433 ret = hostapd_wps_nfc_report_handover(hapd, req, sel);
434 } else {
435 wpa_printf(MSG_DEBUG, "NFC: Unsupported connection handover "
436 "reported: role=%s type=%s", role, type);
437 ret = -1;
438 }
439 wpabuf_free(req);
440 wpabuf_free(sel);
441
442 return ret;
443 }
444
445 #endif /* CONFIG_WPS_NFC */
446
447
hostapd_ctrl_iface_wps_ap_pin(struct hostapd_data * hapd,char * txt,char * buf,size_t buflen)448 static int hostapd_ctrl_iface_wps_ap_pin(struct hostapd_data *hapd, char *txt,
449 char *buf, size_t buflen)
450 {
451 int timeout = 300;
452 char *pos;
453 const char *pin_txt;
454
455 pos = os_strchr(txt, ' ');
456 if (pos)
457 *pos++ = '\0';
458
459 if (os_strcmp(txt, "disable") == 0) {
460 hostapd_wps_ap_pin_disable(hapd);
461 return os_snprintf(buf, buflen, "OK\n");
462 }
463
464 if (os_strcmp(txt, "random") == 0) {
465 if (pos)
466 timeout = atoi(pos);
467 pin_txt = hostapd_wps_ap_pin_random(hapd, timeout);
468 if (pin_txt == NULL)
469 return -1;
470 return os_snprintf(buf, buflen, "%s", pin_txt);
471 }
472
473 if (os_strcmp(txt, "get") == 0) {
474 pin_txt = hostapd_wps_ap_pin_get(hapd);
475 if (pin_txt == NULL)
476 return -1;
477 return os_snprintf(buf, buflen, "%s", pin_txt);
478 }
479
480 if (os_strcmp(txt, "set") == 0) {
481 char *pin;
482 if (pos == NULL)
483 return -1;
484 pin = pos;
485 pos = os_strchr(pos, ' ');
486 if (pos) {
487 *pos++ = '\0';
488 timeout = atoi(pos);
489 }
490 if (os_strlen(pin) > buflen)
491 return -1;
492 if (hostapd_wps_ap_pin_set(hapd, pin, timeout) < 0)
493 return -1;
494 return os_snprintf(buf, buflen, "%s", pin);
495 }
496
497 return -1;
498 }
499
500
hostapd_ctrl_iface_wps_config(struct hostapd_data * hapd,char * txt)501 static int hostapd_ctrl_iface_wps_config(struct hostapd_data *hapd, char *txt)
502 {
503 char *pos;
504 char *ssid, *auth, *encr = NULL, *key = NULL;
505
506 ssid = txt;
507 pos = os_strchr(txt, ' ');
508 if (!pos)
509 return -1;
510 *pos++ = '\0';
511
512 auth = pos;
513 pos = os_strchr(pos, ' ');
514 if (pos) {
515 *pos++ = '\0';
516 encr = pos;
517 pos = os_strchr(pos, ' ');
518 if (pos) {
519 *pos++ = '\0';
520 key = pos;
521 }
522 }
523
524 return hostapd_wps_config_ap(hapd, ssid, auth, encr, key);
525 }
526
527
pbc_status_str(enum pbc_status status)528 static const char * pbc_status_str(enum pbc_status status)
529 {
530 switch (status) {
531 case WPS_PBC_STATUS_DISABLE:
532 return "Disabled";
533 case WPS_PBC_STATUS_ACTIVE:
534 return "Active";
535 case WPS_PBC_STATUS_TIMEOUT:
536 return "Timed-out";
537 case WPS_PBC_STATUS_OVERLAP:
538 return "Overlap";
539 default:
540 return "Unknown";
541 }
542 }
543
544
hostapd_ctrl_iface_wps_get_status(struct hostapd_data * hapd,char * buf,size_t buflen)545 static int hostapd_ctrl_iface_wps_get_status(struct hostapd_data *hapd,
546 char *buf, size_t buflen)
547 {
548 int ret;
549 char *pos, *end;
550
551 pos = buf;
552 end = buf + buflen;
553
554 ret = os_snprintf(pos, end - pos, "PBC Status: %s\n",
555 pbc_status_str(hapd->wps_stats.pbc_status));
556
557 if (os_snprintf_error(end - pos, ret))
558 return pos - buf;
559 pos += ret;
560
561 ret = os_snprintf(pos, end - pos, "Last WPS result: %s\n",
562 (hapd->wps_stats.status == WPS_STATUS_SUCCESS ?
563 "Success":
564 (hapd->wps_stats.status == WPS_STATUS_FAILURE ?
565 "Failed" : "None")));
566
567 if (os_snprintf_error(end - pos, ret))
568 return pos - buf;
569 pos += ret;
570
571 /* If status == Failure - Add possible Reasons */
572 if(hapd->wps_stats.status == WPS_STATUS_FAILURE &&
573 hapd->wps_stats.failure_reason > 0) {
574 ret = os_snprintf(pos, end - pos,
575 "Failure Reason: %s\n",
576 wps_ei_str(hapd->wps_stats.failure_reason));
577
578 if (os_snprintf_error(end - pos, ret))
579 return pos - buf;
580 pos += ret;
581 }
582
583 if (hapd->wps_stats.status) {
584 ret = os_snprintf(pos, end - pos, "Peer Address: " MACSTR "\n",
585 MAC2STR(hapd->wps_stats.peer_addr));
586
587 if (os_snprintf_error(end - pos, ret))
588 return pos - buf;
589 pos += ret;
590 }
591
592 return pos - buf;
593 }
594
595 #endif /* CONFIG_WPS */
596
597 #ifdef CONFIG_HS20
598
hostapd_ctrl_iface_hs20_wnm_notif(struct hostapd_data * hapd,const char * cmd)599 static int hostapd_ctrl_iface_hs20_wnm_notif(struct hostapd_data *hapd,
600 const char *cmd)
601 {
602 u8 addr[ETH_ALEN];
603 const char *url;
604
605 if (hwaddr_aton(cmd, addr))
606 return -1;
607 url = cmd + 17;
608 if (*url == '\0') {
609 url = NULL;
610 } else {
611 if (*url != ' ')
612 return -1;
613 url++;
614 if (*url == '\0')
615 url = NULL;
616 }
617
618 return hs20_send_wnm_notification(hapd, addr, 1, url);
619 }
620
621
hostapd_ctrl_iface_hs20_deauth_req(struct hostapd_data * hapd,const char * cmd)622 static int hostapd_ctrl_iface_hs20_deauth_req(struct hostapd_data *hapd,
623 const char *cmd)
624 {
625 u8 addr[ETH_ALEN];
626 int code, reauth_delay, ret;
627 const char *pos;
628 size_t url_len;
629 struct wpabuf *req;
630
631 /* <STA MAC Addr> <Code(0/1)> <Re-auth-Delay(sec)> [URL] */
632 if (hwaddr_aton(cmd, addr))
633 return -1;
634
635 pos = os_strchr(cmd, ' ');
636 if (pos == NULL)
637 return -1;
638 pos++;
639 code = atoi(pos);
640
641 pos = os_strchr(pos, ' ');
642 if (pos == NULL)
643 return -1;
644 pos++;
645 reauth_delay = atoi(pos);
646
647 url_len = 0;
648 pos = os_strchr(pos, ' ');
649 if (pos) {
650 pos++;
651 url_len = os_strlen(pos);
652 }
653
654 req = wpabuf_alloc(4 + url_len);
655 if (req == NULL)
656 return -1;
657 wpabuf_put_u8(req, code);
658 wpabuf_put_le16(req, reauth_delay);
659 wpabuf_put_u8(req, url_len);
660 if (pos)
661 wpabuf_put_data(req, pos, url_len);
662
663 wpa_printf(MSG_DEBUG, "HS 2.0: Send WNM-Notification to " MACSTR
664 " to indicate imminent deauthentication (code=%d "
665 "reauth_delay=%d)", MAC2STR(addr), code, reauth_delay);
666 ret = hs20_send_wnm_notification_deauth_req(hapd, addr, req);
667 wpabuf_free(req);
668 return ret;
669 }
670
671 #endif /* CONFIG_HS20 */
672
673
674 #ifdef CONFIG_INTERWORKING
675
hostapd_ctrl_iface_set_qos_map_set(struct hostapd_data * hapd,const char * cmd)676 static int hostapd_ctrl_iface_set_qos_map_set(struct hostapd_data *hapd,
677 const char *cmd)
678 {
679 u8 qos_map_set[16 + 2 * 21], count = 0;
680 const char *pos = cmd;
681 int val, ret;
682
683 for (;;) {
684 if (count == sizeof(qos_map_set)) {
685 wpa_printf(MSG_ERROR, "Too many qos_map_set parameters");
686 return -1;
687 }
688
689 val = atoi(pos);
690 if (val < 0 || val > 255) {
691 wpa_printf(MSG_INFO, "Invalid QoS Map Set");
692 return -1;
693 }
694
695 qos_map_set[count++] = val;
696 pos = os_strchr(pos, ',');
697 if (!pos)
698 break;
699 pos++;
700 }
701
702 if (count < 16 || count & 1) {
703 wpa_printf(MSG_INFO, "Invalid QoS Map Set");
704 return -1;
705 }
706
707 ret = hostapd_drv_set_qos_map(hapd, qos_map_set, count);
708 if (ret) {
709 wpa_printf(MSG_INFO, "Failed to set QoS Map Set");
710 return -1;
711 }
712
713 os_memcpy(hapd->conf->qos_map_set, qos_map_set, count);
714 hapd->conf->qos_map_set_len = count;
715
716 return 0;
717 }
718
719
hostapd_ctrl_iface_send_qos_map_conf(struct hostapd_data * hapd,const char * cmd)720 static int hostapd_ctrl_iface_send_qos_map_conf(struct hostapd_data *hapd,
721 const char *cmd)
722 {
723 u8 addr[ETH_ALEN];
724 struct sta_info *sta;
725 struct wpabuf *buf;
726 u8 *qos_map_set = hapd->conf->qos_map_set;
727 u8 qos_map_set_len = hapd->conf->qos_map_set_len;
728 int ret;
729
730 if (!qos_map_set_len) {
731 wpa_printf(MSG_INFO, "QoS Map Set is not set");
732 return -1;
733 }
734
735 if (hwaddr_aton(cmd, addr))
736 return -1;
737
738 sta = ap_get_sta(hapd, addr);
739 if (sta == NULL) {
740 wpa_printf(MSG_DEBUG, "Station " MACSTR " not found "
741 "for QoS Map Configuration message",
742 MAC2STR(addr));
743 return -1;
744 }
745
746 if (!sta->qos_map_enabled) {
747 wpa_printf(MSG_DEBUG, "Station " MACSTR " did not indicate "
748 "support for QoS Map", MAC2STR(addr));
749 return -1;
750 }
751
752 buf = wpabuf_alloc(2 + 2 + qos_map_set_len);
753 if (buf == NULL)
754 return -1;
755
756 wpabuf_put_u8(buf, WLAN_ACTION_QOS);
757 wpabuf_put_u8(buf, QOS_QOS_MAP_CONFIG);
758
759 /* QoS Map Set Element */
760 wpabuf_put_u8(buf, WLAN_EID_QOS_MAP_SET);
761 wpabuf_put_u8(buf, qos_map_set_len);
762 wpabuf_put_data(buf, qos_map_set, qos_map_set_len);
763
764 ret = hostapd_drv_send_action(hapd, hapd->iface->freq, 0, addr,
765 wpabuf_head(buf), wpabuf_len(buf));
766 wpabuf_free(buf);
767
768 return ret;
769 }
770
771 #endif /* CONFIG_INTERWORKING */
772
773
774 #ifdef CONFIG_WNM_AP
775
hostapd_ctrl_iface_coloc_intf_req(struct hostapd_data * hapd,const char * cmd)776 static int hostapd_ctrl_iface_coloc_intf_req(struct hostapd_data *hapd,
777 const char *cmd)
778 {
779 u8 addr[ETH_ALEN];
780 struct sta_info *sta;
781 const char *pos;
782 unsigned int auto_report, timeout;
783
784 if (hwaddr_aton(cmd, addr)) {
785 wpa_printf(MSG_DEBUG, "Invalid STA MAC address");
786 return -1;
787 }
788
789 sta = ap_get_sta(hapd, addr);
790 if (!sta) {
791 wpa_printf(MSG_DEBUG, "Station " MACSTR
792 " not found for Collocated Interference Request",
793 MAC2STR(addr));
794 return -1;
795 }
796
797 pos = cmd + 17;
798 if (*pos != ' ')
799 return -1;
800 pos++;
801 auto_report = atoi(pos);
802 pos = os_strchr(pos, ' ');
803 if (!pos)
804 return -1;
805 pos++;
806 timeout = atoi(pos);
807
808 return wnm_send_coloc_intf_req(hapd, sta, auto_report, timeout);
809 }
810
811 #endif /* CONFIG_WNM_AP */
812
813
hostapd_ctrl_iface_get_key_mgmt(struct hostapd_data * hapd,char * buf,size_t buflen)814 static int hostapd_ctrl_iface_get_key_mgmt(struct hostapd_data *hapd,
815 char *buf, size_t buflen)
816 {
817 int ret = 0;
818 char *pos, *end;
819
820 pos = buf;
821 end = buf + buflen;
822
823 WPA_ASSERT(hapd->conf->wpa_key_mgmt);
824
825 if (hapd->conf->wpa_key_mgmt & WPA_KEY_MGMT_PSK) {
826 ret = os_snprintf(pos, end - pos, "WPA-PSK ");
827 if (os_snprintf_error(end - pos, ret))
828 return pos - buf;
829 pos += ret;
830 }
831 if (hapd->conf->wpa_key_mgmt & WPA_KEY_MGMT_IEEE8021X) {
832 ret = os_snprintf(pos, end - pos, "WPA-EAP ");
833 if (os_snprintf_error(end - pos, ret))
834 return pos - buf;
835 pos += ret;
836 }
837 #ifdef CONFIG_IEEE80211R_AP
838 if (hapd->conf->wpa_key_mgmt & WPA_KEY_MGMT_FT_PSK) {
839 ret = os_snprintf(pos, end - pos, "FT-PSK ");
840 if (os_snprintf_error(end - pos, ret))
841 return pos - buf;
842 pos += ret;
843 }
844 if (hapd->conf->wpa_key_mgmt & WPA_KEY_MGMT_FT_IEEE8021X) {
845 ret = os_snprintf(pos, end - pos, "FT-EAP ");
846 if (os_snprintf_error(end - pos, ret))
847 return pos - buf;
848 pos += ret;
849 }
850 #ifdef CONFIG_SHA384
851 if (hapd->conf->wpa_key_mgmt & WPA_KEY_MGMT_FT_IEEE8021X_SHA384) {
852 ret = os_snprintf(pos, end - pos, "FT-EAP-SHA384 ");
853 if (os_snprintf_error(end - pos, ret))
854 return pos - buf;
855 pos += ret;
856 }
857 #endif /* CONFIG_SHA384 */
858 #ifdef CONFIG_SAE
859 if (hapd->conf->wpa_key_mgmt & WPA_KEY_MGMT_FT_SAE) {
860 ret = os_snprintf(pos, end - pos, "FT-SAE ");
861 if (os_snprintf_error(end - pos, ret))
862 return pos - buf;
863 pos += ret;
864 }
865 if (hapd->conf->wpa_key_mgmt & WPA_KEY_MGMT_FT_SAE_EXT_KEY) {
866 ret = os_snprintf(pos, end - pos, "FT-SAE-EXT-KEY ");
867 if (os_snprintf_error(end - pos, ret))
868 return pos - buf;
869 pos += ret;
870 }
871 #endif /* CONFIG_SAE */
872 #ifdef CONFIG_FILS
873 if (hapd->conf->wpa_key_mgmt & WPA_KEY_MGMT_FT_FILS_SHA256) {
874 ret = os_snprintf(pos, end - pos, "FT-FILS-SHA256 ");
875 if (os_snprintf_error(end - pos, ret))
876 return pos - buf;
877 pos += ret;
878 }
879 if (hapd->conf->wpa_key_mgmt & WPA_KEY_MGMT_FT_FILS_SHA384) {
880 ret = os_snprintf(pos, end - pos, "FT-FILS-SHA384 ");
881 if (os_snprintf_error(end - pos, ret))
882 return pos - buf;
883 pos += ret;
884 }
885 #endif /* CONFIG_FILS */
886 #endif /* CONFIG_IEEE80211R_AP */
887 if (hapd->conf->wpa_key_mgmt & WPA_KEY_MGMT_PSK_SHA256) {
888 ret = os_snprintf(pos, end - pos, "WPA-PSK-SHA256 ");
889 if (os_snprintf_error(end - pos, ret))
890 return pos - buf;
891 pos += ret;
892 }
893 if (hapd->conf->wpa_key_mgmt & WPA_KEY_MGMT_IEEE8021X_SHA256) {
894 ret = os_snprintf(pos, end - pos, "WPA-EAP-SHA256 ");
895 if (os_snprintf_error(end - pos, ret))
896 return pos - buf;
897 pos += ret;
898 }
899 #ifdef CONFIG_SAE
900 if (hapd->conf->wpa_key_mgmt & WPA_KEY_MGMT_SAE) {
901 ret = os_snprintf(pos, end - pos, "SAE ");
902 if (os_snprintf_error(end - pos, ret))
903 return pos - buf;
904 pos += ret;
905 }
906 if (hapd->conf->wpa_key_mgmt & WPA_KEY_MGMT_SAE_EXT_KEY) {
907 ret = os_snprintf(pos, end - pos, "SAE-EXT-KEY ");
908 if (os_snprintf_error(end - pos, ret))
909 return pos - buf;
910 pos += ret;
911 }
912 #endif /* CONFIG_SAE */
913 if (hapd->conf->wpa_key_mgmt & WPA_KEY_MGMT_IEEE8021X_SUITE_B) {
914 ret = os_snprintf(pos, end - pos, "WPA-EAP-SUITE-B ");
915 if (os_snprintf_error(end - pos, ret))
916 return pos - buf;
917 pos += ret;
918 }
919 if (hapd->conf->wpa_key_mgmt &
920 WPA_KEY_MGMT_IEEE8021X_SUITE_B_192) {
921 ret = os_snprintf(pos, end - pos,
922 "WPA-EAP-SUITE-B-192 ");
923 if (os_snprintf_error(end - pos, ret))
924 return pos - buf;
925 pos += ret;
926 }
927 #ifdef CONFIG_FILS
928 if (hapd->conf->wpa_key_mgmt & WPA_KEY_MGMT_FILS_SHA256) {
929 ret = os_snprintf(pos, end - pos, "FILS-SHA256 ");
930 if (os_snprintf_error(end - pos, ret))
931 return pos - buf;
932 pos += ret;
933 }
934 if (hapd->conf->wpa_key_mgmt & WPA_KEY_MGMT_FILS_SHA384) {
935 ret = os_snprintf(pos, end - pos, "FILS-SHA384 ");
936 if (os_snprintf_error(end - pos, ret))
937 return pos - buf;
938 pos += ret;
939 }
940 #endif /* CONFIG_FILS */
941
942 #ifdef CONFIG_OWE
943 if (hapd->conf->wpa_key_mgmt & WPA_KEY_MGMT_OWE) {
944 ret = os_snprintf(pos, end - pos, "OWE ");
945 if (os_snprintf_error(end - pos, ret))
946 return pos - buf;
947 pos += ret;
948 }
949 #endif /* CONFIG_OWE */
950
951 #ifdef CONFIG_DPP
952 if (hapd->conf->wpa_key_mgmt & WPA_KEY_MGMT_DPP) {
953 ret = os_snprintf(pos, end - pos, "DPP ");
954 if (os_snprintf_error(end - pos, ret))
955 return pos - buf;
956 pos += ret;
957 }
958 #endif /* CONFIG_DPP */
959 #ifdef CONFIG_SHA384
960 if (hapd->conf->wpa_key_mgmt & WPA_KEY_MGMT_IEEE8021X_SHA384) {
961 ret = os_snprintf(pos, end - pos, "WPA-EAP-SHA384 ");
962 if (os_snprintf_error(end - pos, ret))
963 return pos - buf;
964 pos += ret;
965 }
966 #endif /* CONFIG_SHA384 */
967
968 if (pos > buf && *(pos - 1) == ' ') {
969 *(pos - 1) = '\0';
970 pos--;
971 }
972
973 return pos - buf;
974 }
975
976
hostapd_ctrl_iface_get_config(struct hostapd_data * hapd,char * buf,size_t buflen)977 static int hostapd_ctrl_iface_get_config(struct hostapd_data *hapd,
978 char *buf, size_t buflen)
979 {
980 int ret;
981 char *pos, *end;
982
983 pos = buf;
984 end = buf + buflen;
985
986 ret = os_snprintf(pos, end - pos, "bssid=" MACSTR "\n"
987 "ssid=%s\n",
988 MAC2STR(hapd->own_addr),
989 wpa_ssid_txt(hapd->conf->ssid.ssid,
990 hapd->conf->ssid.ssid_len));
991 if (os_snprintf_error(end - pos, ret))
992 return pos - buf;
993 pos += ret;
994
995 if ((hapd->conf->config_id)) {
996 ret = os_snprintf(pos, end - pos, "config_id=%s\n",
997 hapd->conf->config_id);
998 if (os_snprintf_error(end - pos, ret))
999 return pos - buf;
1000 pos += ret;
1001 }
1002
1003 #ifdef CONFIG_WPS
1004 ret = os_snprintf(pos, end - pos, "wps_state=%s\n",
1005 hapd->conf->wps_state == 0 ? "disabled" :
1006 (hapd->conf->wps_state == 1 ? "not configured" :
1007 "configured"));
1008 if (os_snprintf_error(end - pos, ret))
1009 return pos - buf;
1010 pos += ret;
1011
1012 if (hapd->conf->wps_state && hapd->conf->wpa &&
1013 hapd->conf->ssid.wpa_passphrase) {
1014 ret = os_snprintf(pos, end - pos, "passphrase=%s\n",
1015 hapd->conf->ssid.wpa_passphrase);
1016 if (os_snprintf_error(end - pos, ret))
1017 return pos - buf;
1018 pos += ret;
1019 }
1020
1021 if (hapd->conf->wps_state && hapd->conf->wpa &&
1022 hapd->conf->ssid.wpa_psk &&
1023 hapd->conf->ssid.wpa_psk->group) {
1024 char hex[PMK_LEN * 2 + 1];
1025 wpa_snprintf_hex(hex, sizeof(hex),
1026 hapd->conf->ssid.wpa_psk->psk, PMK_LEN);
1027 ret = os_snprintf(pos, end - pos, "psk=%s\n", hex);
1028 if (os_snprintf_error(end - pos, ret))
1029 return pos - buf;
1030 pos += ret;
1031 }
1032
1033 if (hapd->conf->multi_ap) {
1034 struct hostapd_ssid *ssid = &hapd->conf->multi_ap_backhaul_ssid;
1035
1036 ret = os_snprintf(pos, end - pos, "multi_ap=%d\n",
1037 hapd->conf->multi_ap);
1038 if (os_snprintf_error(end - pos, ret))
1039 return pos - buf;
1040 pos += ret;
1041
1042 if (ssid->ssid_len) {
1043 ret = os_snprintf(pos, end - pos,
1044 "multi_ap_backhaul_ssid=%s\n",
1045 wpa_ssid_txt(ssid->ssid,
1046 ssid->ssid_len));
1047 if (os_snprintf_error(end - pos, ret))
1048 return pos - buf;
1049 pos += ret;
1050 }
1051
1052 if (hapd->conf->wps_state && hapd->conf->wpa &&
1053 ssid->wpa_passphrase) {
1054 ret = os_snprintf(pos, end - pos,
1055 "multi_ap_backhaul_wpa_passphrase=%s\n",
1056 ssid->wpa_passphrase);
1057 if (os_snprintf_error(end - pos, ret))
1058 return pos - buf;
1059 pos += ret;
1060 }
1061
1062 if (hapd->conf->wps_state && hapd->conf->wpa &&
1063 ssid->wpa_psk &&
1064 ssid->wpa_psk->group) {
1065 char hex[PMK_LEN * 2 + 1];
1066
1067 wpa_snprintf_hex(hex, sizeof(hex), ssid->wpa_psk->psk,
1068 PMK_LEN);
1069 ret = os_snprintf(pos, end - pos,
1070 "multi_ap_backhaul_wpa_psk=%s\n",
1071 hex);
1072 forced_memzero(hex, sizeof(hex));
1073 if (os_snprintf_error(end - pos, ret))
1074 return pos - buf;
1075 pos += ret;
1076 }
1077 }
1078 #endif /* CONFIG_WPS */
1079
1080 if (hapd->conf->wpa) {
1081 ret = os_snprintf(pos, end - pos, "wpa=%d\n", hapd->conf->wpa);
1082 if (os_snprintf_error(end - pos, ret))
1083 return pos - buf;
1084 pos += ret;
1085 }
1086
1087 if (hapd->conf->wpa && hapd->conf->wpa_key_mgmt) {
1088 ret = os_snprintf(pos, end - pos, "key_mgmt=");
1089 if (os_snprintf_error(end - pos, ret))
1090 return pos - buf;
1091 pos += ret;
1092
1093 pos += hostapd_ctrl_iface_get_key_mgmt(hapd, pos, end - pos);
1094
1095 ret = os_snprintf(pos, end - pos, "\n");
1096 if (os_snprintf_error(end - pos, ret))
1097 return pos - buf;
1098 pos += ret;
1099 }
1100
1101 if (hapd->conf->wpa) {
1102 ret = os_snprintf(pos, end - pos, "group_cipher=%s\n",
1103 wpa_cipher_txt(hapd->conf->wpa_group));
1104 if (os_snprintf_error(end - pos, ret))
1105 return pos - buf;
1106 pos += ret;
1107 }
1108
1109 if ((hapd->conf->wpa & WPA_PROTO_RSN) && hapd->conf->rsn_pairwise) {
1110 ret = os_snprintf(pos, end - pos, "rsn_pairwise_cipher=");
1111 if (os_snprintf_error(end - pos, ret))
1112 return pos - buf;
1113 pos += ret;
1114
1115 ret = wpa_write_ciphers(pos, end, hapd->conf->rsn_pairwise,
1116 " ");
1117 if (ret < 0)
1118 return pos - buf;
1119 pos += ret;
1120
1121 ret = os_snprintf(pos, end - pos, "\n");
1122 if (os_snprintf_error(end - pos, ret))
1123 return pos - buf;
1124 pos += ret;
1125 }
1126
1127 if ((hapd->conf->wpa & WPA_PROTO_WPA) && hapd->conf->wpa_pairwise) {
1128 ret = os_snprintf(pos, end - pos, "wpa_pairwise_cipher=");
1129 if (os_snprintf_error(end - pos, ret))
1130 return pos - buf;
1131 pos += ret;
1132
1133 ret = wpa_write_ciphers(pos, end, hapd->conf->wpa_pairwise,
1134 " ");
1135 if (ret < 0)
1136 return pos - buf;
1137 pos += ret;
1138
1139 ret = os_snprintf(pos, end - pos, "\n");
1140 if (os_snprintf_error(end - pos, ret))
1141 return pos - buf;
1142 pos += ret;
1143 }
1144
1145 if (hapd->conf->wpa && hapd->conf->wpa_deny_ptk0_rekey) {
1146 ret = os_snprintf(pos, end - pos, "wpa_deny_ptk0_rekey=%d\n",
1147 hapd->conf->wpa_deny_ptk0_rekey);
1148 if (os_snprintf_error(end - pos, ret))
1149 return pos - buf;
1150 pos += ret;
1151 }
1152
1153 if ((hapd->conf->wpa & WPA_PROTO_RSN) && hapd->conf->extended_key_id) {
1154 ret = os_snprintf(pos, end - pos, "extended_key_id=%d\n",
1155 hapd->conf->extended_key_id);
1156 if (os_snprintf_error(end - pos, ret))
1157 return pos - buf;
1158 pos += ret;
1159 }
1160
1161 return pos - buf;
1162 }
1163
1164
hostapd_ctrl_iface_set_band(struct hostapd_data * hapd,const char * bands)1165 static int hostapd_ctrl_iface_set_band(struct hostapd_data *hapd,
1166 const char *bands)
1167 {
1168 union wpa_event_data event;
1169 u32 setband_mask = WPA_SETBAND_AUTO;
1170
1171 /*
1172 * For example:
1173 * SET setband 2G,6G
1174 * SET setband 5G
1175 * SET setband AUTO
1176 */
1177 if (!os_strstr(bands, "AUTO")) {
1178 if (os_strstr(bands, "5G"))
1179 setband_mask |= WPA_SETBAND_5G;
1180 if (os_strstr(bands, "6G"))
1181 setband_mask |= WPA_SETBAND_6G;
1182 if (os_strstr(bands, "2G"))
1183 setband_mask |= WPA_SETBAND_2G;
1184 if (setband_mask == WPA_SETBAND_AUTO)
1185 return -1;
1186 }
1187
1188 if (hostapd_drv_set_band(hapd, setband_mask) == 0) {
1189 os_memset(&event, 0, sizeof(event));
1190 event.channel_list_changed.initiator = REGDOM_SET_BY_USER;
1191 event.channel_list_changed.type = REGDOM_TYPE_UNKNOWN;
1192 wpa_supplicant_event(hapd, EVENT_CHANNEL_LIST_CHANGED, &event);
1193 }
1194
1195 return 0;
1196 }
1197
1198
hostapd_ctrl_iface_set(struct hostapd_data * hapd,char * cmd)1199 static int hostapd_ctrl_iface_set(struct hostapd_data *hapd, char *cmd)
1200 {
1201 char *value;
1202 int ret = 0;
1203
1204 value = os_strchr(cmd, ' ');
1205 if (value == NULL)
1206 return -1;
1207 *value++ = '\0';
1208
1209 wpa_printf(MSG_DEBUG, "CTRL_IFACE SET '%s'='%s'", cmd, value);
1210 if (0) {
1211 #ifdef CONFIG_WPS_TESTING
1212 } else if (os_strcasecmp(cmd, "wps_version_number") == 0) {
1213 long int val;
1214 val = strtol(value, NULL, 0);
1215 if (val < 0 || val > 0xff) {
1216 ret = -1;
1217 wpa_printf(MSG_DEBUG, "WPS: Invalid "
1218 "wps_version_number %ld", val);
1219 } else {
1220 wps_version_number = val;
1221 wpa_printf(MSG_DEBUG, "WPS: Testing - force WPS "
1222 "version %u.%u",
1223 (wps_version_number & 0xf0) >> 4,
1224 wps_version_number & 0x0f);
1225 hostapd_wps_update_ie(hapd);
1226 }
1227 } else if (os_strcasecmp(cmd, "wps_testing_stub_cred") == 0) {
1228 wps_testing_stub_cred = atoi(value);
1229 wpa_printf(MSG_DEBUG, "WPS: Testing - stub_cred=%d",
1230 wps_testing_stub_cred);
1231 } else if (os_strcasecmp(cmd, "wps_corrupt_pkhash") == 0) {
1232 wps_corrupt_pkhash = atoi(value);
1233 wpa_printf(MSG_DEBUG, "WPS: Testing - wps_corrupt_pkhash=%d",
1234 wps_corrupt_pkhash);
1235 #endif /* CONFIG_WPS_TESTING */
1236 #ifdef CONFIG_TESTING_OPTIONS
1237 } else if (os_strcasecmp(cmd, "ext_mgmt_frame_handling") == 0) {
1238 hapd->ext_mgmt_frame_handling = atoi(value);
1239 } else if (os_strcasecmp(cmd, "ext_eapol_frame_io") == 0) {
1240 hapd->ext_eapol_frame_io = atoi(value);
1241 } else if (os_strcasecmp(cmd, "force_backlog_bytes") == 0) {
1242 hapd->force_backlog_bytes = atoi(value);
1243 #ifdef CONFIG_DPP
1244 } else if (os_strcasecmp(cmd, "dpp_config_obj_override") == 0) {
1245 os_free(hapd->dpp_config_obj_override);
1246 hapd->dpp_config_obj_override = os_strdup(value);
1247 } else if (os_strcasecmp(cmd, "dpp_discovery_override") == 0) {
1248 os_free(hapd->dpp_discovery_override);
1249 hapd->dpp_discovery_override = os_strdup(value);
1250 } else if (os_strcasecmp(cmd, "dpp_groups_override") == 0) {
1251 os_free(hapd->dpp_groups_override);
1252 hapd->dpp_groups_override = os_strdup(value);
1253 } else if (os_strcasecmp(cmd,
1254 "dpp_ignore_netaccesskey_mismatch") == 0) {
1255 hapd->dpp_ignore_netaccesskey_mismatch = atoi(value);
1256 } else if (os_strcasecmp(cmd, "dpp_test") == 0) {
1257 dpp_test = atoi(value);
1258 } else if (os_strcasecmp(cmd, "dpp_version_override") == 0) {
1259 dpp_version_override = atoi(value);
1260 #endif /* CONFIG_DPP */
1261 #endif /* CONFIG_TESTING_OPTIONS */
1262 #ifdef CONFIG_MBO
1263 } else if (os_strcasecmp(cmd, "mbo_assoc_disallow") == 0) {
1264 int val;
1265
1266 if (!hapd->conf->mbo_enabled)
1267 return -1;
1268
1269 val = atoi(value);
1270 if (val < 0 || val > MBO_ASSOC_DISALLOW_REASON_LOW_RSSI)
1271 return -1;
1272
1273 hapd->mbo_assoc_disallow = val;
1274 ieee802_11_update_beacons(hapd->iface);
1275
1276 /*
1277 * TODO: Need to configure drivers that do AP MLME offload with
1278 * disallowing station logic.
1279 */
1280 #endif /* CONFIG_MBO */
1281 #ifdef CONFIG_DPP
1282 } else if (os_strcasecmp(cmd, "dpp_configurator_params") == 0) {
1283 os_free(hapd->dpp_configurator_params);
1284 hapd->dpp_configurator_params = os_strdup(value);
1285 #ifdef CONFIG_DPP2
1286 dpp_controller_set_params(hapd->iface->interfaces->dpp, value);
1287 #endif /* CONFIG_DPP2 */
1288 } else if (os_strcasecmp(cmd, "dpp_init_max_tries") == 0) {
1289 hapd->dpp_init_max_tries = atoi(value);
1290 } else if (os_strcasecmp(cmd, "dpp_init_retry_time") == 0) {
1291 hapd->dpp_init_retry_time = atoi(value);
1292 } else if (os_strcasecmp(cmd, "dpp_resp_wait_time") == 0) {
1293 hapd->dpp_resp_wait_time = atoi(value);
1294 } else if (os_strcasecmp(cmd, "dpp_resp_max_tries") == 0) {
1295 hapd->dpp_resp_max_tries = atoi(value);
1296 } else if (os_strcasecmp(cmd, "dpp_resp_retry_time") == 0) {
1297 hapd->dpp_resp_retry_time = atoi(value);
1298 #endif /* CONFIG_DPP */
1299 } else if (os_strcasecmp(cmd, "setband") == 0) {
1300 ret = hostapd_ctrl_iface_set_band(hapd, value);
1301 } else {
1302 ret = hostapd_set_iface(hapd->iconf, hapd->conf, cmd, value);
1303 if (ret)
1304 return ret;
1305
1306 if (os_strcasecmp(cmd, "deny_mac_file") == 0) {
1307 hostapd_disassoc_deny_mac(hapd);
1308 } else if (os_strcasecmp(cmd, "accept_mac_file") == 0) {
1309 hostapd_disassoc_accept_mac(hapd);
1310 } else if (os_strncmp(cmd, "wme_ac_", 7) == 0 ||
1311 os_strncmp(cmd, "wmm_ac_", 7) == 0) {
1312 hapd->parameter_set_count++;
1313 if (ieee802_11_update_beacons(hapd->iface))
1314 wpa_printf(MSG_DEBUG,
1315 "Failed to update beacons with WMM parameters");
1316 } else if (os_strcmp(cmd, "wpa_passphrase") == 0 ||
1317 os_strcmp(cmd, "sae_password") == 0 ||
1318 os_strcmp(cmd, "sae_pwe") == 0) {
1319 if (hapd->started)
1320 hostapd_setup_sae_pt(hapd->conf);
1321 } else if (os_strcasecmp(cmd, "transition_disable") == 0) {
1322 wpa_auth_set_transition_disable(hapd->wpa_auth,
1323 hapd->conf->transition_disable);
1324 }
1325
1326 #ifdef CONFIG_TESTING_OPTIONS
1327 if (os_strcmp(cmd, "ft_rsnxe_used") == 0)
1328 wpa_auth_set_ft_rsnxe_used(hapd->wpa_auth,
1329 hapd->conf->ft_rsnxe_used);
1330 else if (os_strcmp(cmd, "oci_freq_override_eapol_m3") == 0)
1331 wpa_auth_set_ocv_override_freq(
1332 hapd->wpa_auth, WPA_AUTH_OCV_OVERRIDE_EAPOL_M3,
1333 atoi(value));
1334 else if (os_strcmp(cmd, "oci_freq_override_eapol_g1") == 0)
1335 wpa_auth_set_ocv_override_freq(
1336 hapd->wpa_auth, WPA_AUTH_OCV_OVERRIDE_EAPOL_G1,
1337 atoi(value));
1338 else if (os_strcmp(cmd, "oci_freq_override_ft_assoc") == 0)
1339 wpa_auth_set_ocv_override_freq(
1340 hapd->wpa_auth, WPA_AUTH_OCV_OVERRIDE_FT_ASSOC,
1341 atoi(value));
1342 else if (os_strcmp(cmd, "oci_freq_override_fils_assoc") == 0)
1343 wpa_auth_set_ocv_override_freq(
1344 hapd->wpa_auth,
1345 WPA_AUTH_OCV_OVERRIDE_FILS_ASSOC, atoi(value));
1346 else if (os_strcasecmp(cmd, "skip_send_eapol") == 0)
1347 wpa_auth_set_skip_send_eapol(hapd->wpa_auth, atoi(value));
1348 else if (os_strcasecmp(cmd, "enable_eapol_large_timeout") == 0)
1349 wpa_auth_set_enable_eapol_large_timeout(hapd->wpa_auth, atoi(value));
1350 #endif /* CONFIG_TESTING_OPTIONS */
1351 }
1352
1353 return ret;
1354 }
1355
1356
hostapd_ctrl_iface_get(struct hostapd_data * hapd,char * cmd,char * buf,size_t buflen)1357 static int hostapd_ctrl_iface_get(struct hostapd_data *hapd, char *cmd,
1358 char *buf, size_t buflen)
1359 {
1360 int res;
1361
1362 wpa_printf(MSG_DEBUG, "CTRL_IFACE GET '%s'", cmd);
1363
1364 if (os_strcmp(cmd, "version") == 0) {
1365 res = os_snprintf(buf, buflen, "%s", VERSION_STR);
1366 if (os_snprintf_error(buflen, res))
1367 return -1;
1368 return res;
1369 } else if (os_strcmp(cmd, "tls_library") == 0) {
1370 res = tls_get_library_version(buf, buflen);
1371 if (os_snprintf_error(buflen, res))
1372 return -1;
1373 return res;
1374 }
1375
1376 return -1;
1377 }
1378
1379
hostapd_ctrl_iface_enable(struct hostapd_iface * iface)1380 static int hostapd_ctrl_iface_enable(struct hostapd_iface *iface)
1381 {
1382 if (hostapd_enable_iface(iface) < 0) {
1383 wpa_printf(MSG_ERROR, "Enabling of interface failed");
1384 return -1;
1385 }
1386 return 0;
1387 }
1388
1389
hostapd_ctrl_iface_reload(struct hostapd_iface * iface)1390 static int hostapd_ctrl_iface_reload(struct hostapd_iface *iface)
1391 {
1392 if (hostapd_reload_iface(iface) < 0) {
1393 wpa_printf(MSG_ERROR, "Reloading of interface failed");
1394 return -1;
1395 }
1396 return 0;
1397 }
1398
1399
hostapd_ctrl_iface_reload_bss(struct hostapd_data * bss)1400 static int hostapd_ctrl_iface_reload_bss(struct hostapd_data *bss)
1401 {
1402 if (hostapd_reload_bss_only(bss) < 0) {
1403 wpa_printf(MSG_ERROR, "Reloading of BSS failed");
1404 return -1;
1405 }
1406 return 0;
1407 }
1408
1409
hostapd_ctrl_iface_disable(struct hostapd_iface * iface)1410 static int hostapd_ctrl_iface_disable(struct hostapd_iface *iface)
1411 {
1412 if (hostapd_disable_iface(iface) < 0) {
1413 wpa_printf(MSG_ERROR, "Disabling of interface failed");
1414 return -1;
1415 }
1416 return 0;
1417 }
1418
1419
1420 static int
hostapd_ctrl_iface_kick_mismatch_psk_sta_iter(struct hostapd_data * hapd,struct sta_info * sta,void * ctx)1421 hostapd_ctrl_iface_kick_mismatch_psk_sta_iter(struct hostapd_data *hapd,
1422 struct sta_info *sta, void *ctx)
1423 {
1424 struct hostapd_wpa_psk *psk;
1425 const u8 *pmk;
1426 int pmk_len;
1427 int pmk_match;
1428 int sta_match;
1429 int bss_match;
1430 int reason;
1431
1432 pmk = wpa_auth_get_pmk(sta->wpa_sm, &pmk_len);
1433
1434 for (psk = hapd->conf->ssid.wpa_psk; pmk && psk; psk = psk->next) {
1435 pmk_match = PMK_LEN == pmk_len &&
1436 os_memcmp(psk->psk, pmk, pmk_len) == 0;
1437 sta_match = psk->group == 0 &&
1438 os_memcmp(sta->addr, psk->addr, ETH_ALEN) == 0;
1439 bss_match = psk->group == 1;
1440
1441 if (pmk_match && (sta_match || bss_match))
1442 return 0;
1443 }
1444
1445 wpa_printf(MSG_INFO, "STA " MACSTR
1446 " PSK/passphrase no longer valid - disconnect",
1447 MAC2STR(sta->addr));
1448 reason = WLAN_REASON_PREV_AUTH_NOT_VALID;
1449 hostapd_drv_sta_deauth(hapd, sta->addr, reason);
1450 ap_sta_deauthenticate(hapd, sta, reason);
1451
1452 return 0;
1453 }
1454
1455
hostapd_ctrl_iface_reload_wpa_psk(struct hostapd_data * hapd)1456 static int hostapd_ctrl_iface_reload_wpa_psk(struct hostapd_data *hapd)
1457 {
1458 struct hostapd_bss_config *conf = hapd->conf;
1459 int err;
1460
1461 hostapd_config_clear_wpa_psk(&conf->ssid.wpa_psk);
1462
1463 err = hostapd_setup_wpa_psk(conf);
1464 if (err < 0) {
1465 wpa_printf(MSG_ERROR, "Reloading WPA-PSK passwords failed: %d",
1466 err);
1467 return -1;
1468 }
1469
1470 ap_for_each_sta(hapd, hostapd_ctrl_iface_kick_mismatch_psk_sta_iter,
1471 NULL);
1472
1473 return 0;
1474 }
1475
1476
1477 #ifdef CONFIG_TESTING_OPTIONS
1478
hostapd_ctrl_iface_radar(struct hostapd_data * hapd,char * cmd)1479 static int hostapd_ctrl_iface_radar(struct hostapd_data *hapd, char *cmd)
1480 {
1481 union wpa_event_data data;
1482 char *pos, *param;
1483 enum wpa_event_type event;
1484
1485 wpa_printf(MSG_DEBUG, "RADAR TEST: %s", cmd);
1486
1487 os_memset(&data, 0, sizeof(data));
1488
1489 param = os_strchr(cmd, ' ');
1490 if (param == NULL)
1491 return -1;
1492 *param++ = '\0';
1493
1494 if (os_strcmp(cmd, "DETECTED") == 0)
1495 event = EVENT_DFS_RADAR_DETECTED;
1496 else if (os_strcmp(cmd, "CAC-FINISHED") == 0)
1497 event = EVENT_DFS_CAC_FINISHED;
1498 else if (os_strcmp(cmd, "CAC-ABORTED") == 0)
1499 event = EVENT_DFS_CAC_ABORTED;
1500 else if (os_strcmp(cmd, "NOP-FINISHED") == 0)
1501 event = EVENT_DFS_NOP_FINISHED;
1502 else {
1503 wpa_printf(MSG_DEBUG, "Unsupported RADAR test command: %s",
1504 cmd);
1505 return -1;
1506 }
1507
1508 pos = os_strstr(param, "freq=");
1509 if (pos)
1510 data.dfs_event.freq = atoi(pos + 5);
1511
1512 pos = os_strstr(param, "ht_enabled=1");
1513 if (pos)
1514 data.dfs_event.ht_enabled = 1;
1515
1516 pos = os_strstr(param, "chan_offset=");
1517 if (pos)
1518 data.dfs_event.chan_offset = atoi(pos + 12);
1519
1520 pos = os_strstr(param, "chan_width=");
1521 if (pos)
1522 data.dfs_event.chan_width = atoi(pos + 11);
1523
1524 pos = os_strstr(param, "cf1=");
1525 if (pos)
1526 data.dfs_event.cf1 = atoi(pos + 4);
1527
1528 pos = os_strstr(param, "cf2=");
1529 if (pos)
1530 data.dfs_event.cf2 = atoi(pos + 4);
1531
1532 wpa_supplicant_event(hapd, event, &data);
1533
1534 return 0;
1535 }
1536
1537
hostapd_ctrl_iface_mgmt_tx(struct hostapd_data * hapd,char * cmd)1538 static int hostapd_ctrl_iface_mgmt_tx(struct hostapd_data *hapd, char *cmd)
1539 {
1540 size_t len;
1541 u8 *buf;
1542 int res;
1543
1544 wpa_printf(MSG_DEBUG, "External MGMT TX: %s", cmd);
1545
1546 len = os_strlen(cmd);
1547 if (len & 1)
1548 return -1;
1549 len /= 2;
1550
1551 buf = os_malloc(len);
1552 if (buf == NULL)
1553 return -1;
1554
1555 if (hexstr2bin(cmd, buf, len) < 0) {
1556 os_free(buf);
1557 return -1;
1558 }
1559
1560 res = hostapd_drv_send_mlme(hapd, buf, len, 0, NULL, 0, 0);
1561 os_free(buf);
1562 return res;
1563 }
1564
1565
hostapd_ctrl_iface_mgmt_tx_status_process(struct hostapd_data * hapd,char * cmd)1566 static int hostapd_ctrl_iface_mgmt_tx_status_process(struct hostapd_data *hapd,
1567 char *cmd)
1568 {
1569 char *pos, *param;
1570 size_t len;
1571 u8 *buf;
1572 int stype = 0, ok = 0;
1573 union wpa_event_data event;
1574
1575 if (!hapd->ext_mgmt_frame_handling)
1576 return -1;
1577
1578 /* stype=<val> ok=<0/1> buf=<frame hexdump> */
1579
1580 wpa_printf(MSG_DEBUG, "External MGMT TX status process: %s", cmd);
1581
1582 pos = cmd;
1583 param = os_strstr(pos, "stype=");
1584 if (param) {
1585 param += 6;
1586 stype = atoi(param);
1587 }
1588
1589 param = os_strstr(pos, " ok=");
1590 if (param) {
1591 param += 4;
1592 ok = atoi(param);
1593 }
1594
1595 param = os_strstr(pos, " buf=");
1596 if (!param)
1597 return -1;
1598 param += 5;
1599
1600 len = os_strlen(param);
1601 if (len & 1)
1602 return -1;
1603 len /= 2;
1604
1605 buf = os_malloc(len);
1606 if (!buf || hexstr2bin(param, buf, len) < 0) {
1607 os_free(buf);
1608 return -1;
1609 }
1610
1611 os_memset(&event, 0, sizeof(event));
1612 event.tx_status.type = WLAN_FC_TYPE_MGMT;
1613 event.tx_status.data = buf;
1614 event.tx_status.data_len = len;
1615 event.tx_status.stype = stype;
1616 event.tx_status.ack = ok;
1617 hapd->ext_mgmt_frame_handling = 0;
1618 wpa_supplicant_event(hapd, EVENT_TX_STATUS, &event);
1619 hapd->ext_mgmt_frame_handling = 1;
1620
1621 os_free(buf);
1622
1623 return 0;
1624 }
1625
1626
hostapd_ctrl_iface_mgmt_rx_process(struct hostapd_data * hapd,char * cmd)1627 static int hostapd_ctrl_iface_mgmt_rx_process(struct hostapd_data *hapd,
1628 char *cmd)
1629 {
1630 char *pos, *param;
1631 size_t len;
1632 u8 *buf;
1633 int freq = 0, datarate = 0, ssi_signal = 0;
1634 union wpa_event_data event;
1635
1636 if (!hapd->ext_mgmt_frame_handling)
1637 return -1;
1638
1639 /* freq=<MHz> datarate=<val> ssi_signal=<val> frame=<frame hexdump> */
1640
1641 wpa_printf(MSG_DEBUG, "External MGMT RX process: %s", cmd);
1642
1643 pos = cmd;
1644 param = os_strstr(pos, "freq=");
1645 if (param) {
1646 param += 5;
1647 freq = atoi(param);
1648 }
1649
1650 param = os_strstr(pos, " datarate=");
1651 if (param) {
1652 param += 10;
1653 datarate = atoi(param);
1654 }
1655
1656 param = os_strstr(pos, " ssi_signal=");
1657 if (param) {
1658 param += 12;
1659 ssi_signal = atoi(param);
1660 }
1661
1662 param = os_strstr(pos, " frame=");
1663 if (param == NULL)
1664 return -1;
1665 param += 7;
1666
1667 len = os_strlen(param);
1668 if (len & 1)
1669 return -1;
1670 len /= 2;
1671
1672 buf = os_malloc(len);
1673 if (buf == NULL)
1674 return -1;
1675
1676 if (hexstr2bin(param, buf, len) < 0) {
1677 os_free(buf);
1678 return -1;
1679 }
1680
1681 os_memset(&event, 0, sizeof(event));
1682 event.rx_mgmt.freq = freq;
1683 event.rx_mgmt.frame = buf;
1684 event.rx_mgmt.frame_len = len;
1685 event.rx_mgmt.ssi_signal = ssi_signal;
1686 event.rx_mgmt.datarate = datarate;
1687 hapd->ext_mgmt_frame_handling = 0;
1688 wpa_supplicant_event(hapd, EVENT_RX_MGMT, &event);
1689 hapd->ext_mgmt_frame_handling = 1;
1690
1691 os_free(buf);
1692
1693 return 0;
1694 }
1695
1696
hostapd_ctrl_iface_eapol_rx(struct hostapd_data * hapd,char * cmd)1697 static int hostapd_ctrl_iface_eapol_rx(struct hostapd_data *hapd, char *cmd)
1698 {
1699 char *pos;
1700 u8 src[ETH_ALEN], *buf;
1701 int used;
1702 size_t len;
1703
1704 wpa_printf(MSG_DEBUG, "External EAPOL RX: %s", cmd);
1705
1706 pos = cmd;
1707 used = hwaddr_aton2(pos, src);
1708 if (used < 0)
1709 return -1;
1710 pos += used;
1711 while (*pos == ' ')
1712 pos++;
1713
1714 len = os_strlen(pos);
1715 if (len & 1)
1716 return -1;
1717 len /= 2;
1718
1719 buf = os_malloc(len);
1720 if (buf == NULL)
1721 return -1;
1722
1723 if (hexstr2bin(pos, buf, len) < 0) {
1724 os_free(buf);
1725 return -1;
1726 }
1727
1728 ieee802_1x_receive(hapd, src, buf, len, FRAME_ENCRYPTION_UNKNOWN);
1729 os_free(buf);
1730
1731 return 0;
1732 }
1733
1734
hostapd_ctrl_iface_eapol_tx(struct hostapd_data * hapd,char * cmd)1735 static int hostapd_ctrl_iface_eapol_tx(struct hostapd_data *hapd, char *cmd)
1736 {
1737 char *pos, *pos2;
1738 u8 dst[ETH_ALEN], *buf;
1739 int used, ret;
1740 size_t len;
1741 unsigned int prev;
1742 int encrypt = 0;
1743
1744 wpa_printf(MSG_DEBUG, "External EAPOL TX: %s", cmd);
1745
1746 pos = cmd;
1747 used = hwaddr_aton2(pos, dst);
1748 if (used < 0)
1749 return -1;
1750 pos += used;
1751 while (*pos == ' ')
1752 pos++;
1753
1754 pos2 = os_strchr(pos, ' ');
1755 if (pos2) {
1756 len = pos2 - pos;
1757 encrypt = os_strstr(pos2, "encrypt=1") != NULL;
1758 } else {
1759 len = os_strlen(pos);
1760 }
1761 if (len & 1)
1762 return -1;
1763 len /= 2;
1764
1765 buf = os_malloc(len);
1766 if (!buf || hexstr2bin(pos, buf, len) < 0) {
1767 os_free(buf);
1768 return -1;
1769 }
1770
1771 prev = hapd->ext_eapol_frame_io;
1772 hapd->ext_eapol_frame_io = 0;
1773 ret = hostapd_wpa_auth_send_eapol(hapd, dst, buf, len, encrypt);
1774 hapd->ext_eapol_frame_io = prev;
1775 os_free(buf);
1776
1777 return ret;
1778 }
1779
1780
ipv4_hdr_checksum(const void * buf,size_t len)1781 static u16 ipv4_hdr_checksum(const void *buf, size_t len)
1782 {
1783 size_t i;
1784 u32 sum = 0;
1785 const u16 *pos = buf;
1786
1787 for (i = 0; i < len / 2; i++)
1788 sum += *pos++;
1789
1790 while (sum >> 16)
1791 sum = (sum & 0xffff) + (sum >> 16);
1792
1793 return sum ^ 0xffff;
1794 }
1795
1796
1797 #define HWSIM_PACKETLEN 1500
1798 #define HWSIM_IP_LEN (HWSIM_PACKETLEN - sizeof(struct ether_header))
1799
hostapd_data_test_rx(void * ctx,const u8 * src_addr,const u8 * buf,size_t len)1800 static void hostapd_data_test_rx(void *ctx, const u8 *src_addr, const u8 *buf,
1801 size_t len)
1802 {
1803 struct hostapd_data *hapd = ctx;
1804 const struct ether_header *eth;
1805 struct ip ip;
1806 const u8 *pos;
1807 unsigned int i;
1808 char extra[30];
1809
1810 if (len < sizeof(*eth) + sizeof(ip) || len > HWSIM_PACKETLEN) {
1811 wpa_printf(MSG_DEBUG,
1812 "test data: RX - ignore unexpected length %d",
1813 (int) len);
1814 return;
1815 }
1816
1817 eth = (const struct ether_header *) buf;
1818 os_memcpy(&ip, eth + 1, sizeof(ip));
1819 pos = &buf[sizeof(*eth) + sizeof(ip)];
1820
1821 if (ip.ip_hl != 5 || ip.ip_v != 4 ||
1822 ntohs(ip.ip_len) > HWSIM_IP_LEN) {
1823 wpa_printf(MSG_DEBUG,
1824 "test data: RX - ignore unexpected IP header");
1825 return;
1826 }
1827
1828 for (i = 0; i < ntohs(ip.ip_len) - sizeof(ip); i++) {
1829 if (*pos != (u8) i) {
1830 wpa_printf(MSG_DEBUG,
1831 "test data: RX - ignore mismatching payload");
1832 return;
1833 }
1834 pos++;
1835 }
1836
1837 extra[0] = '\0';
1838 if (ntohs(ip.ip_len) != HWSIM_IP_LEN)
1839 os_snprintf(extra, sizeof(extra), " len=%d", ntohs(ip.ip_len));
1840 wpa_msg(hapd->msg_ctx, MSG_INFO, "DATA-TEST-RX " MACSTR " " MACSTR "%s",
1841 MAC2STR(eth->ether_dhost), MAC2STR(eth->ether_shost), extra);
1842 }
1843
1844
hostapd_ctrl_iface_data_test_config(struct hostapd_data * hapd,char * cmd)1845 static int hostapd_ctrl_iface_data_test_config(struct hostapd_data *hapd,
1846 char *cmd)
1847 {
1848 int enabled = atoi(cmd);
1849 char *pos;
1850 const char *ifname;
1851 const u8 *addr = hapd->own_addr;
1852
1853 if (!enabled) {
1854 if (hapd->l2_test) {
1855 l2_packet_deinit(hapd->l2_test);
1856 hapd->l2_test = NULL;
1857 wpa_dbg(hapd->msg_ctx, MSG_DEBUG,
1858 "test data: Disabled");
1859 }
1860 return 0;
1861 }
1862
1863 if (hapd->l2_test)
1864 return 0;
1865
1866 pos = os_strstr(cmd, " ifname=");
1867 if (pos)
1868 ifname = pos + 8;
1869 else
1870 ifname = hapd->conf->iface;
1871
1872 #ifdef CONFIG_IEEE80211BE
1873 if (hapd->conf->mld_ap)
1874 addr = hapd->mld_addr;
1875 #endif /* CONFIG_IEEE80211BE */
1876 hapd->l2_test = l2_packet_init(ifname, addr,
1877 ETHERTYPE_IP, hostapd_data_test_rx,
1878 hapd, 1);
1879 if (hapd->l2_test == NULL)
1880 return -1;
1881
1882 wpa_dbg(hapd->msg_ctx, MSG_DEBUG, "test data: Enabled");
1883
1884 return 0;
1885 }
1886
1887
hostapd_ctrl_iface_data_test_tx(struct hostapd_data * hapd,char * cmd)1888 static int hostapd_ctrl_iface_data_test_tx(struct hostapd_data *hapd, char *cmd)
1889 {
1890 u8 dst[ETH_ALEN], src[ETH_ALEN];
1891 char *pos, *pos2;
1892 int used;
1893 long int val;
1894 u8 tos;
1895 u8 buf[2 + HWSIM_PACKETLEN];
1896 struct ether_header *eth;
1897 struct ip *ip;
1898 u8 *dpos;
1899 unsigned int i;
1900 size_t send_len = HWSIM_IP_LEN;
1901
1902 if (hapd->l2_test == NULL)
1903 return -1;
1904
1905 /* format: <dst> <src> <tos> [len=<length>] */
1906
1907 pos = cmd;
1908 used = hwaddr_aton2(pos, dst);
1909 if (used < 0)
1910 return -1;
1911 pos += used;
1912 while (*pos == ' ')
1913 pos++;
1914 used = hwaddr_aton2(pos, src);
1915 if (used < 0)
1916 return -1;
1917 pos += used;
1918
1919 val = strtol(pos, &pos2, 0);
1920 if (val < 0 || val > 0xff)
1921 return -1;
1922 tos = val;
1923
1924 pos = os_strstr(pos2, " len=");
1925 if (pos) {
1926 i = atoi(pos + 5);
1927 if (i < sizeof(*ip) || i > HWSIM_IP_LEN)
1928 return -1;
1929 send_len = i;
1930 }
1931
1932 eth = (struct ether_header *) &buf[2];
1933 os_memcpy(eth->ether_dhost, dst, ETH_ALEN);
1934 os_memcpy(eth->ether_shost, src, ETH_ALEN);
1935 eth->ether_type = htons(ETHERTYPE_IP);
1936 ip = (struct ip *) (eth + 1);
1937 os_memset(ip, 0, sizeof(*ip));
1938 ip->ip_hl = 5;
1939 ip->ip_v = 4;
1940 ip->ip_ttl = 64;
1941 ip->ip_tos = tos;
1942 ip->ip_len = htons(send_len);
1943 ip->ip_p = 1;
1944 ip->ip_src.s_addr = htonl(192U << 24 | 168 << 16 | 1 << 8 | 1);
1945 ip->ip_dst.s_addr = htonl(192U << 24 | 168 << 16 | 1 << 8 | 2);
1946 ip->ip_sum = ipv4_hdr_checksum(ip, sizeof(*ip));
1947 dpos = (u8 *) (ip + 1);
1948 for (i = 0; i < send_len - sizeof(*ip); i++)
1949 *dpos++ = i;
1950
1951 if (l2_packet_send(hapd->l2_test, dst, ETHERTYPE_IP, &buf[2],
1952 sizeof(struct ether_header) + send_len) < 0)
1953 return -1;
1954
1955 wpa_dbg(hapd->msg_ctx, MSG_DEBUG, "test data: TX dst=" MACSTR
1956 " src=" MACSTR " tos=0x%x", MAC2STR(dst), MAC2STR(src), tos);
1957
1958 return 0;
1959 }
1960
1961
hostapd_ctrl_iface_data_test_frame(struct hostapd_data * hapd,char * cmd)1962 static int hostapd_ctrl_iface_data_test_frame(struct hostapd_data *hapd,
1963 char *cmd)
1964 {
1965 u8 *buf;
1966 struct ether_header *eth;
1967 struct l2_packet_data *l2 = NULL;
1968 size_t len;
1969 u16 ethertype;
1970 int res = -1;
1971 const char *ifname = hapd->conf->iface;
1972
1973 if (os_strncmp(cmd, "ifname=", 7) == 0) {
1974 cmd += 7;
1975 ifname = cmd;
1976 cmd = os_strchr(cmd, ' ');
1977 if (cmd == NULL)
1978 return -1;
1979 *cmd++ = '\0';
1980 }
1981
1982 len = os_strlen(cmd);
1983 if (len & 1 || len < ETH_HLEN * 2)
1984 return -1;
1985 len /= 2;
1986
1987 buf = os_malloc(len);
1988 if (buf == NULL)
1989 return -1;
1990
1991 if (hexstr2bin(cmd, buf, len) < 0)
1992 goto done;
1993
1994 eth = (struct ether_header *) buf;
1995 ethertype = ntohs(eth->ether_type);
1996
1997 l2 = l2_packet_init(ifname, hapd->own_addr, ethertype,
1998 hostapd_data_test_rx, hapd, 1);
1999 if (l2 == NULL)
2000 goto done;
2001
2002 res = l2_packet_send(l2, eth->ether_dhost, ethertype, buf, len);
2003 wpa_dbg(hapd->msg_ctx, MSG_DEBUG, "test data: TX frame res=%d", res);
2004 done:
2005 if (l2)
2006 l2_packet_deinit(l2);
2007 os_free(buf);
2008
2009 return res < 0 ? -1 : 0;
2010 }
2011
2012
hostapd_ctrl_test_alloc_fail(struct hostapd_data * hapd,char * cmd)2013 static int hostapd_ctrl_test_alloc_fail(struct hostapd_data *hapd, char *cmd)
2014 {
2015 #ifdef WPA_TRACE_BFD
2016 char *pos;
2017
2018 wpa_trace_fail_after = atoi(cmd);
2019 pos = os_strchr(cmd, ':');
2020 if (pos) {
2021 pos++;
2022 os_strlcpy(wpa_trace_fail_func, pos,
2023 sizeof(wpa_trace_fail_func));
2024 } else {
2025 wpa_trace_fail_after = 0;
2026 }
2027
2028 return 0;
2029 #else /* WPA_TRACE_BFD */
2030 return -1;
2031 #endif /* WPA_TRACE_BFD */
2032 }
2033
2034
hostapd_ctrl_get_alloc_fail(struct hostapd_data * hapd,char * buf,size_t buflen)2035 static int hostapd_ctrl_get_alloc_fail(struct hostapd_data *hapd,
2036 char *buf, size_t buflen)
2037 {
2038 #ifdef WPA_TRACE_BFD
2039 return os_snprintf(buf, buflen, "%u:%s", wpa_trace_fail_after,
2040 wpa_trace_fail_func);
2041 #else /* WPA_TRACE_BFD */
2042 return -1;
2043 #endif /* WPA_TRACE_BFD */
2044 }
2045
2046
hostapd_ctrl_test_fail(struct hostapd_data * hapd,char * cmd)2047 static int hostapd_ctrl_test_fail(struct hostapd_data *hapd, char *cmd)
2048 {
2049 #ifdef WPA_TRACE_BFD
2050 char *pos;
2051
2052 wpa_trace_test_fail_after = atoi(cmd);
2053 pos = os_strchr(cmd, ':');
2054 if (pos) {
2055 pos++;
2056 os_strlcpy(wpa_trace_test_fail_func, pos,
2057 sizeof(wpa_trace_test_fail_func));
2058 } else {
2059 wpa_trace_test_fail_after = 0;
2060 }
2061
2062 return 0;
2063 #else /* WPA_TRACE_BFD */
2064 return -1;
2065 #endif /* WPA_TRACE_BFD */
2066 }
2067
2068
hostapd_ctrl_get_fail(struct hostapd_data * hapd,char * buf,size_t buflen)2069 static int hostapd_ctrl_get_fail(struct hostapd_data *hapd,
2070 char *buf, size_t buflen)
2071 {
2072 #ifdef WPA_TRACE_BFD
2073 return os_snprintf(buf, buflen, "%u:%s", wpa_trace_test_fail_after,
2074 wpa_trace_test_fail_func);
2075 #else /* WPA_TRACE_BFD */
2076 return -1;
2077 #endif /* WPA_TRACE_BFD */
2078 }
2079
2080
hostapd_ctrl_reset_pn(struct hostapd_data * hapd,const char * cmd)2081 static int hostapd_ctrl_reset_pn(struct hostapd_data *hapd, const char *cmd)
2082 {
2083 struct sta_info *sta;
2084 u8 addr[ETH_ALEN];
2085 u8 zero[WPA_TK_MAX_LEN];
2086
2087 os_memset(zero, 0, sizeof(zero));
2088
2089 if (hwaddr_aton(cmd, addr))
2090 return -1;
2091
2092 if (is_broadcast_ether_addr(addr) && os_strstr(cmd, " BIGTK")) {
2093 if (hapd->last_bigtk_alg == WPA_ALG_NONE)
2094 return -1;
2095
2096 wpa_printf(MSG_INFO, "TESTING: Reset BIPN for BIGTK");
2097
2098 /* First, use a zero key to avoid any possible duplicate key
2099 * avoidance in the driver. */
2100 if (hostapd_drv_set_key(hapd->conf->iface, hapd,
2101 hapd->last_bigtk_alg,
2102 broadcast_ether_addr,
2103 hapd->last_bigtk_key_idx, 0, 1, NULL, 0,
2104 zero, hapd->last_bigtk_len,
2105 KEY_FLAG_GROUP_TX_DEFAULT) < 0)
2106 return -1;
2107
2108 /* Set the previously configured key to reset its TSC */
2109 return hostapd_drv_set_key(hapd->conf->iface, hapd,
2110 hapd->last_bigtk_alg,
2111 broadcast_ether_addr,
2112 hapd->last_bigtk_key_idx, 0, 1, NULL,
2113 0, hapd->last_bigtk,
2114 hapd->last_bigtk_len,
2115 KEY_FLAG_GROUP_TX_DEFAULT);
2116 }
2117
2118 if (is_broadcast_ether_addr(addr) && os_strstr(cmd, "IGTK")) {
2119 if (hapd->last_igtk_alg == WPA_ALG_NONE)
2120 return -1;
2121
2122 wpa_printf(MSG_INFO, "TESTING: Reset IPN for IGTK");
2123
2124 /* First, use a zero key to avoid any possible duplicate key
2125 * avoidance in the driver. */
2126 if (hostapd_drv_set_key(hapd->conf->iface, hapd,
2127 hapd->last_igtk_alg,
2128 broadcast_ether_addr,
2129 hapd->last_igtk_key_idx, 0, 1, NULL, 0,
2130 zero, hapd->last_igtk_len,
2131 KEY_FLAG_GROUP_TX_DEFAULT) < 0)
2132 return -1;
2133
2134 /* Set the previously configured key to reset its TSC */
2135 return hostapd_drv_set_key(hapd->conf->iface, hapd,
2136 hapd->last_igtk_alg,
2137 broadcast_ether_addr,
2138 hapd->last_igtk_key_idx, 0, 1, NULL,
2139 0, hapd->last_igtk,
2140 hapd->last_igtk_len,
2141 KEY_FLAG_GROUP_TX_DEFAULT);
2142 }
2143
2144 if (is_broadcast_ether_addr(addr)) {
2145 if (hapd->last_gtk_alg == WPA_ALG_NONE)
2146 return -1;
2147
2148 wpa_printf(MSG_INFO, "TESTING: Reset PN for GTK");
2149
2150 /* First, use a zero key to avoid any possible duplicate key
2151 * avoidance in the driver. */
2152 if (hostapd_drv_set_key(hapd->conf->iface, hapd,
2153 hapd->last_gtk_alg,
2154 broadcast_ether_addr,
2155 hapd->last_gtk_key_idx, 0, 1, NULL, 0,
2156 zero, hapd->last_gtk_len,
2157 KEY_FLAG_GROUP_TX_DEFAULT) < 0)
2158 return -1;
2159
2160 /* Set the previously configured key to reset its TSC */
2161 return hostapd_drv_set_key(hapd->conf->iface, hapd,
2162 hapd->last_gtk_alg,
2163 broadcast_ether_addr,
2164 hapd->last_gtk_key_idx, 0, 1, NULL,
2165 0, hapd->last_gtk,
2166 hapd->last_gtk_len,
2167 KEY_FLAG_GROUP_TX_DEFAULT);
2168 }
2169
2170 sta = ap_get_sta(hapd, addr);
2171 if (!sta)
2172 return -1;
2173
2174 if (sta->last_tk_alg == WPA_ALG_NONE)
2175 return -1;
2176
2177 wpa_printf(MSG_INFO, "TESTING: Reset PN for " MACSTR,
2178 MAC2STR(sta->addr));
2179
2180 /* First, use a zero key to avoid any possible duplicate key avoidance
2181 * in the driver. */
2182 if (hostapd_drv_set_key(hapd->conf->iface, hapd, sta->last_tk_alg,
2183 sta->addr, sta->last_tk_key_idx, 0, 1, NULL, 0,
2184 zero, sta->last_tk_len,
2185 KEY_FLAG_PAIRWISE_RX_TX) < 0)
2186 return -1;
2187
2188 /* Set the previously configured key to reset its TSC/RSC */
2189 return hostapd_drv_set_key(hapd->conf->iface, hapd, sta->last_tk_alg,
2190 sta->addr, sta->last_tk_key_idx, 0, 1, NULL,
2191 0, sta->last_tk, sta->last_tk_len,
2192 KEY_FLAG_PAIRWISE_RX_TX);
2193 }
2194
2195
hostapd_ctrl_set_key(struct hostapd_data * hapd,const char * cmd)2196 static int hostapd_ctrl_set_key(struct hostapd_data *hapd, const char *cmd)
2197 {
2198 u8 addr[ETH_ALEN];
2199 const char *pos = cmd;
2200 enum wpa_alg alg;
2201 enum key_flag key_flag;
2202 int idx, set_tx;
2203 u8 seq[6], key[WPA_TK_MAX_LEN];
2204 size_t key_len;
2205
2206 /* parameters: alg addr idx set_tx seq key key_flag */
2207
2208 alg = atoi(pos);
2209 pos = os_strchr(pos, ' ');
2210 if (!pos)
2211 return -1;
2212 pos++;
2213 if (hwaddr_aton(pos, addr))
2214 return -1;
2215 pos += 17;
2216 if (*pos != ' ')
2217 return -1;
2218 pos++;
2219 idx = atoi(pos);
2220 pos = os_strchr(pos, ' ');
2221 if (!pos)
2222 return -1;
2223 pos++;
2224 set_tx = atoi(pos);
2225 pos = os_strchr(pos, ' ');
2226 if (!pos)
2227 return -1;
2228 pos++;
2229 if (hexstr2bin(pos, seq, sizeof(seq)) < 0)
2230 return -1;
2231 pos += 2 * 6;
2232 if (*pos != ' ')
2233 return -1;
2234 pos++;
2235 if (!os_strchr(pos, ' '))
2236 return -1;
2237 key_len = (os_strchr(pos, ' ') - pos) / 2;
2238 if (hexstr2bin(pos, key, key_len) < 0)
2239 return -1;
2240 pos += 2 * key_len;
2241 if (*pos != ' ')
2242 return -1;
2243
2244 pos++;
2245 key_flag = atoi(pos);
2246 pos = os_strchr(pos, ' ');
2247 if (pos)
2248 return -1;
2249
2250 wpa_printf(MSG_INFO, "TESTING: Set key");
2251 return hostapd_drv_set_key(hapd->conf->iface, hapd, alg, addr, idx, 0,
2252 set_tx, seq, 6, key, key_len, key_flag);
2253 }
2254
2255
restore_tk(void * ctx1,void * ctx2)2256 static void restore_tk(void *ctx1, void *ctx2)
2257 {
2258 struct hostapd_data *hapd = ctx1;
2259 struct sta_info *sta = ctx2;
2260
2261 wpa_printf(MSG_INFO, "TESTING: Restore TK for " MACSTR,
2262 MAC2STR(sta->addr));
2263 /* This does not really restore the TSC properly, so this will result
2264 * in replay protection issues for now since there is no clean way of
2265 * preventing encryption of a single EAPOL frame. */
2266 hostapd_drv_set_key(hapd->conf->iface, hapd, sta->last_tk_alg,
2267 sta->addr, sta->last_tk_key_idx, 0, 1, NULL, 0,
2268 sta->last_tk, sta->last_tk_len,
2269 KEY_FLAG_PAIRWISE_RX_TX);
2270 }
2271
2272
hostapd_ctrl_resend_m1(struct hostapd_data * hapd,const char * cmd)2273 static int hostapd_ctrl_resend_m1(struct hostapd_data *hapd, const char *cmd)
2274 {
2275 struct sta_info *sta;
2276 u8 addr[ETH_ALEN];
2277 int plain = os_strstr(cmd, "plaintext") != NULL;
2278
2279 if (hwaddr_aton(cmd, addr))
2280 return -1;
2281
2282 sta = ap_get_sta(hapd, addr);
2283 if (!sta || !sta->wpa_sm)
2284 return -1;
2285
2286 if (plain && sta->last_tk_alg == WPA_ALG_NONE)
2287 plain = 0; /* no need for special processing */
2288 if (plain) {
2289 wpa_printf(MSG_INFO, "TESTING: Clear TK for " MACSTR,
2290 MAC2STR(sta->addr));
2291 hostapd_drv_set_key(hapd->conf->iface, hapd, WPA_ALG_NONE,
2292 sta->addr, sta->last_tk_key_idx, 0, 0, NULL,
2293 0, NULL, 0, KEY_FLAG_PAIRWISE);
2294 }
2295
2296 wpa_printf(MSG_INFO, "TESTING: Send M1 to " MACSTR, MAC2STR(sta->addr));
2297 return wpa_auth_resend_m1(sta->wpa_sm,
2298 os_strstr(cmd, "change-anonce") != NULL,
2299 plain ? restore_tk : NULL, hapd, sta);
2300 }
2301
2302
hostapd_ctrl_resend_m3(struct hostapd_data * hapd,const char * cmd)2303 static int hostapd_ctrl_resend_m3(struct hostapd_data *hapd, const char *cmd)
2304 {
2305 struct sta_info *sta;
2306 u8 addr[ETH_ALEN];
2307 int plain = os_strstr(cmd, "plaintext") != NULL;
2308
2309 if (hwaddr_aton(cmd, addr))
2310 return -1;
2311
2312 sta = ap_get_sta(hapd, addr);
2313 if (!sta || !sta->wpa_sm)
2314 return -1;
2315
2316 if (plain && sta->last_tk_alg == WPA_ALG_NONE)
2317 plain = 0; /* no need for special processing */
2318 if (plain) {
2319 wpa_printf(MSG_INFO, "TESTING: Clear TK for " MACSTR,
2320 MAC2STR(sta->addr));
2321 hostapd_drv_set_key(hapd->conf->iface, hapd, WPA_ALG_NONE,
2322 sta->addr, sta->last_tk_key_idx, 0, 0, NULL,
2323 0, NULL, 0, KEY_FLAG_PAIRWISE);
2324 }
2325
2326 wpa_printf(MSG_INFO, "TESTING: Send M3 to " MACSTR, MAC2STR(sta->addr));
2327 return wpa_auth_resend_m3(sta->wpa_sm,
2328 plain ? restore_tk : NULL, hapd, sta);
2329 }
2330
2331
hostapd_ctrl_resend_group_m1(struct hostapd_data * hapd,const char * cmd)2332 static int hostapd_ctrl_resend_group_m1(struct hostapd_data *hapd,
2333 const char *cmd)
2334 {
2335 struct sta_info *sta;
2336 u8 addr[ETH_ALEN];
2337 int plain = os_strstr(cmd, "plaintext") != NULL;
2338
2339 if (hwaddr_aton(cmd, addr))
2340 return -1;
2341
2342 sta = ap_get_sta(hapd, addr);
2343 if (!sta || !sta->wpa_sm)
2344 return -1;
2345
2346 if (plain && sta->last_tk_alg == WPA_ALG_NONE)
2347 plain = 0; /* no need for special processing */
2348 if (plain) {
2349 wpa_printf(MSG_INFO, "TESTING: Clear TK for " MACSTR,
2350 MAC2STR(sta->addr));
2351 hostapd_drv_set_key(hapd->conf->iface, hapd, WPA_ALG_NONE,
2352 sta->addr, sta->last_tk_key_idx, 0, 0, NULL,
2353 0, NULL, 0, KEY_FLAG_PAIRWISE);
2354 }
2355
2356 wpa_printf(MSG_INFO,
2357 "TESTING: Send group M1 for the same GTK and zero RSC to "
2358 MACSTR, MAC2STR(sta->addr));
2359 return wpa_auth_resend_group_m1(sta->wpa_sm,
2360 plain ? restore_tk : NULL, hapd, sta);
2361 }
2362
2363
hostapd_ctrl_rekey_ptk(struct hostapd_data * hapd,const char * cmd)2364 static int hostapd_ctrl_rekey_ptk(struct hostapd_data *hapd, const char *cmd)
2365 {
2366 struct sta_info *sta;
2367 u8 addr[ETH_ALEN];
2368
2369 if (hwaddr_aton(cmd, addr))
2370 return -1;
2371
2372 sta = ap_get_sta(hapd, addr);
2373 if (!sta || !sta->wpa_sm)
2374 return -1;
2375
2376 return wpa_auth_rekey_ptk(hapd->wpa_auth, sta->wpa_sm);
2377 }
2378
2379
hostapd_ctrl_get_pmksa_pmk(struct hostapd_data * hapd,const u8 * addr,char * buf,size_t buflen)2380 static int hostapd_ctrl_get_pmksa_pmk(struct hostapd_data *hapd, const u8 *addr,
2381 char *buf, size_t buflen)
2382 {
2383 struct rsn_pmksa_cache_entry *pmksa;
2384
2385 pmksa = wpa_auth_pmksa_get(hapd->wpa_auth, addr, NULL);
2386 if (!pmksa)
2387 return -1;
2388
2389 return wpa_snprintf_hex(buf, buflen, pmksa->pmk, pmksa->pmk_len);
2390 }
2391
2392
hostapd_ctrl_get_pmk(struct hostapd_data * hapd,const char * cmd,char * buf,size_t buflen)2393 static int hostapd_ctrl_get_pmk(struct hostapd_data *hapd, const char *cmd,
2394 char *buf, size_t buflen)
2395 {
2396 struct sta_info *sta;
2397 u8 addr[ETH_ALEN];
2398 const u8 *pmk;
2399 int pmk_len;
2400
2401 if (hwaddr_aton(cmd, addr))
2402 return -1;
2403
2404 sta = ap_get_sta(hapd, addr);
2405 if (!sta || !sta->wpa_sm) {
2406 wpa_printf(MSG_DEBUG, "No STA WPA state machine for " MACSTR,
2407 MAC2STR(addr));
2408 return hostapd_ctrl_get_pmksa_pmk(hapd, addr, buf, buflen);
2409 }
2410 pmk = wpa_auth_get_pmk(sta->wpa_sm, &pmk_len);
2411 if (!pmk || !pmk_len) {
2412 wpa_printf(MSG_DEBUG, "No PMK stored for " MACSTR,
2413 MAC2STR(addr));
2414 return hostapd_ctrl_get_pmksa_pmk(hapd, addr, buf, buflen);
2415 }
2416
2417 return wpa_snprintf_hex(buf, buflen, pmk, pmk_len);
2418 }
2419
2420
hostapd_ctrl_register_frame(struct hostapd_data * hapd,const char * cmd)2421 static int hostapd_ctrl_register_frame(struct hostapd_data *hapd,
2422 const char *cmd)
2423 {
2424 u16 type;
2425 char *pos, *end;
2426 u8 match[10];
2427 size_t match_len;
2428 bool multicast = false;
2429
2430 type = strtol(cmd, &pos, 16);
2431 if (*pos != ' ')
2432 return -1;
2433 pos++;
2434 end = os_strchr(pos, ' ');
2435 if (end) {
2436 match_len = end - pos;
2437 multicast = os_strstr(end, "multicast") != NULL;
2438 } else {
2439 match_len = os_strlen(pos) / 2;
2440 }
2441 if (hexstr2bin(pos, match, match_len))
2442 return -1;
2443
2444 return hostapd_drv_register_frame(hapd, type, match, match_len,
2445 multicast);
2446 }
2447
2448 #endif /* CONFIG_TESTING_OPTIONS */
2449
2450
2451 #ifdef NEED_AP_MLME
hostapd_ctrl_check_freq_params(struct hostapd_freq_params * params,u16 punct_bitmap)2452 static int hostapd_ctrl_check_freq_params(struct hostapd_freq_params *params,
2453 u16 punct_bitmap)
2454 {
2455 u32 start_freq;
2456
2457 if (is_6ghz_freq(params->freq)) {
2458 const int bw_idx[] = { 20, 40, 80, 160, 320 };
2459 int idx, bw;
2460
2461 /* The 6 GHz band requires HE to be enabled. */
2462 params->he_enabled = 1;
2463
2464 if (params->center_freq1) {
2465 if (params->freq == 5935)
2466 idx = (params->center_freq1 - 5925) / 5;
2467 else
2468 idx = (params->center_freq1 - 5950) / 5;
2469
2470 bw = center_idx_to_bw_6ghz(idx);
2471 if (bw < 0 || bw > (int) ARRAY_SIZE(bw_idx) ||
2472 bw_idx[bw] != params->bandwidth)
2473 return -1;
2474 }
2475 }
2476
2477 switch (params->bandwidth) {
2478 case 0:
2479 /* bandwidth not specified: use 20 MHz by default */
2480 /* fall-through */
2481 case 20:
2482 if (params->center_freq1 &&
2483 params->center_freq1 != params->freq)
2484 return -1;
2485
2486 if (params->center_freq2 || params->sec_channel_offset)
2487 return -1;
2488
2489 if (punct_bitmap)
2490 return -1;
2491 break;
2492 case 40:
2493 if (params->center_freq2 || !params->sec_channel_offset)
2494 return -1;
2495
2496 if (punct_bitmap)
2497 return -1;
2498
2499 if (!params->center_freq1)
2500 break;
2501 switch (params->sec_channel_offset) {
2502 case 1:
2503 if (params->freq + 10 != params->center_freq1)
2504 return -1;
2505 break;
2506 case -1:
2507 if (params->freq - 10 != params->center_freq1)
2508 return -1;
2509 break;
2510 default:
2511 return -1;
2512 }
2513 break;
2514 case 80:
2515 if (!params->center_freq1 || !params->sec_channel_offset)
2516 return 1;
2517
2518 switch (params->sec_channel_offset) {
2519 case 1:
2520 if (params->freq - 10 != params->center_freq1 &&
2521 params->freq + 30 != params->center_freq1)
2522 return 1;
2523 break;
2524 case -1:
2525 if (params->freq + 10 != params->center_freq1 &&
2526 params->freq - 30 != params->center_freq1)
2527 return -1;
2528 break;
2529 default:
2530 return -1;
2531 }
2532
2533 if (params->center_freq2 && punct_bitmap)
2534 return -1;
2535
2536 /* Adjacent and overlapped are not allowed for 80+80 */
2537 if (params->center_freq2 &&
2538 params->center_freq1 - params->center_freq2 <= 80 &&
2539 params->center_freq2 - params->center_freq1 <= 80)
2540 return 1;
2541 break;
2542 case 160:
2543 if (!params->center_freq1 || params->center_freq2 ||
2544 !params->sec_channel_offset)
2545 return -1;
2546
2547 switch (params->sec_channel_offset) {
2548 case 1:
2549 if (params->freq + 70 != params->center_freq1 &&
2550 params->freq + 30 != params->center_freq1 &&
2551 params->freq - 10 != params->center_freq1 &&
2552 params->freq - 50 != params->center_freq1)
2553 return -1;
2554 break;
2555 case -1:
2556 if (params->freq + 50 != params->center_freq1 &&
2557 params->freq + 10 != params->center_freq1 &&
2558 params->freq - 30 != params->center_freq1 &&
2559 params->freq - 70 != params->center_freq1)
2560 return -1;
2561 break;
2562 default:
2563 return -1;
2564 }
2565 break;
2566 case 320:
2567 if (!params->center_freq1 || params->center_freq2 ||
2568 !params->sec_channel_offset)
2569 return -1;
2570
2571 switch (params->sec_channel_offset) {
2572 case 1:
2573 if (params->freq + 150 != params->center_freq1 &&
2574 params->freq + 110 != params->center_freq1 &&
2575 params->freq + 70 != params->center_freq1 &&
2576 params->freq + 30 != params->center_freq1 &&
2577 params->freq - 10 != params->center_freq1 &&
2578 params->freq - 50 != params->center_freq1 &&
2579 params->freq - 90 != params->center_freq1 &&
2580 params->freq - 130 != params->center_freq1)
2581 return -1;
2582 break;
2583 case -1:
2584 if (params->freq + 130 != params->center_freq1 &&
2585 params->freq + 90 != params->center_freq1 &&
2586 params->freq + 50 != params->center_freq1 &&
2587 params->freq + 10 != params->center_freq1 &&
2588 params->freq - 30 != params->center_freq1 &&
2589 params->freq - 70 != params->center_freq1 &&
2590 params->freq - 110 != params->center_freq1 &&
2591 params->freq - 150 != params->center_freq1)
2592 return -1;
2593 break;
2594 }
2595 break;
2596 default:
2597 return -1;
2598 }
2599
2600 if (!punct_bitmap)
2601 return 0;
2602
2603 if (!params->eht_enabled) {
2604 wpa_printf(MSG_ERROR,
2605 "Preamble puncturing supported only in EHT");
2606 return -1;
2607 }
2608
2609 if (params->freq >= 2412 && params->freq <= 2484) {
2610 wpa_printf(MSG_ERROR,
2611 "Preamble puncturing is not supported in 2.4 GHz");
2612 return -1;
2613 }
2614
2615 start_freq = params->center_freq1 - (params->bandwidth / 2);
2616 if (!is_punct_bitmap_valid(params->bandwidth,
2617 (params->freq - start_freq) / 20,
2618 punct_bitmap)) {
2619 wpa_printf(MSG_ERROR, "Invalid preamble puncturing bitmap");
2620 return -1;
2621 }
2622
2623 return 0;
2624 }
2625 #endif /* NEED_AP_MLME */
2626
2627
hostapd_ctrl_iface_chan_switch(struct hostapd_iface * iface,char * pos)2628 static int hostapd_ctrl_iface_chan_switch(struct hostapd_iface *iface,
2629 char *pos)
2630 {
2631 #ifdef NEED_AP_MLME
2632 struct csa_settings settings;
2633 int ret;
2634 int dfs_range = 0;
2635 unsigned int i;
2636 int bandwidth;
2637 u8 chan;
2638
2639 ret = hostapd_parse_csa_settings(pos, &settings);
2640 if (ret)
2641 return ret;
2642
2643 ret = hostapd_ctrl_check_freq_params(&settings.freq_params,
2644 settings.punct_bitmap);
2645 if (ret) {
2646 wpa_printf(MSG_INFO,
2647 "chanswitch: invalid frequency settings provided");
2648 return ret;
2649 }
2650
2651 switch (settings.freq_params.bandwidth) {
2652 case 40:
2653 bandwidth = CHAN_WIDTH_40;
2654 break;
2655 case 80:
2656 if (settings.freq_params.center_freq2)
2657 bandwidth = CHAN_WIDTH_80P80;
2658 else
2659 bandwidth = CHAN_WIDTH_80;
2660 break;
2661 case 160:
2662 bandwidth = CHAN_WIDTH_160;
2663 break;
2664 case 320:
2665 bandwidth = CHAN_WIDTH_320;
2666 break;
2667 default:
2668 bandwidth = CHAN_WIDTH_20;
2669 break;
2670 }
2671
2672 if (settings.freq_params.center_freq1)
2673 dfs_range += hostapd_is_dfs_overlap(
2674 iface, bandwidth, settings.freq_params.center_freq1);
2675 else
2676 dfs_range += hostapd_is_dfs_overlap(
2677 iface, bandwidth, settings.freq_params.freq);
2678
2679 if (settings.freq_params.center_freq2)
2680 dfs_range += hostapd_is_dfs_overlap(
2681 iface, bandwidth, settings.freq_params.center_freq2);
2682
2683 if (dfs_range) {
2684 ret = ieee80211_freq_to_chan(settings.freq_params.freq, &chan);
2685 if (ret == NUM_HOSTAPD_MODES) {
2686 wpa_printf(MSG_ERROR,
2687 "Failed to get channel for (freq=%d, sec_channel_offset=%d, bw=%d)",
2688 settings.freq_params.freq,
2689 settings.freq_params.sec_channel_offset,
2690 settings.freq_params.bandwidth);
2691 return -1;
2692 }
2693
2694 settings.freq_params.channel = chan;
2695
2696 wpa_printf(MSG_DEBUG,
2697 "DFS/CAC to (channel=%u, freq=%d, sec_channel_offset=%d, bw=%d, center_freq1=%d)",
2698 settings.freq_params.channel,
2699 settings.freq_params.freq,
2700 settings.freq_params.sec_channel_offset,
2701 settings.freq_params.bandwidth,
2702 settings.freq_params.center_freq1);
2703
2704 /* Perform CAC and switch channel */
2705 hostapd_switch_channel_fallback(iface, &settings.freq_params);
2706 return 0;
2707 }
2708
2709 for (i = 0; i < iface->num_bss; i++) {
2710
2711 /* Save CHAN_SWITCH VHT, HE, and EHT config */
2712 hostapd_chan_switch_config(iface->bss[i],
2713 &settings.freq_params);
2714
2715 ret = hostapd_switch_channel(iface->bss[i], &settings);
2716 if (ret) {
2717 /* FIX: What do we do if CSA fails in the middle of
2718 * submitting multi-BSS CSA requests? */
2719 return ret;
2720 }
2721 }
2722
2723 return 0;
2724 #else /* NEED_AP_MLME */
2725 return -1;
2726 #endif /* NEED_AP_MLME */
2727 }
2728
2729
hostapd_maxnss(struct hostapd_data * hapd,struct sta_info * sta)2730 static u8 hostapd_maxnss(struct hostapd_data *hapd, struct sta_info *sta)
2731 {
2732 u8 *mcs_set = NULL;
2733 u16 mcs_map;
2734 u8 ht_rx_nss = 0;
2735 u8 vht_rx_nss = 1;
2736 u8 mcs;
2737 bool ht_supported = false;
2738 bool vht_supported = false;
2739 int i;
2740
2741 if (sta->ht_capabilities && (sta->flags & WLAN_STA_HT)) {
2742 mcs_set = sta->ht_capabilities->supported_mcs_set;
2743 ht_supported = true;
2744 }
2745
2746 if (sta->vht_capabilities && (sta->flags & WLAN_STA_VHT)) {
2747 mcs_map = le_to_host16(
2748 sta->vht_capabilities->vht_supported_mcs_set.rx_map);
2749 vht_supported = true;
2750 }
2751
2752 if (ht_supported && mcs_set) {
2753 if (mcs_set[0])
2754 ht_rx_nss++;
2755 if (mcs_set[1])
2756 ht_rx_nss++;
2757 if (mcs_set[2])
2758 ht_rx_nss++;
2759 if (mcs_set[3])
2760 ht_rx_nss++;
2761 }
2762 if (vht_supported) {
2763 for (i = 7; i >= 0; i--) {
2764 mcs = (mcs_map >> (2 * i)) & 0x03;
2765 if (mcs != 0x03) {
2766 vht_rx_nss = i + 1;
2767 break;
2768 }
2769 }
2770 }
2771
2772 return ht_rx_nss > vht_rx_nss ? ht_rx_nss : vht_rx_nss;
2773 }
2774
2775
hostapd_ctrl_iface_notify_cw_htaction(struct hostapd_data * hapd,const u8 * addr,u8 width)2776 static char hostapd_ctrl_iface_notify_cw_htaction(struct hostapd_data *hapd,
2777 const u8 *addr, u8 width)
2778 {
2779 u8 buf[3];
2780 char ret;
2781
2782 width = width >= 1 ? 1 : 0;
2783
2784 buf[0] = WLAN_ACTION_HT;
2785 buf[1] = WLAN_HT_ACTION_NOTIFY_CHANWIDTH;
2786 buf[2] = width;
2787
2788 ret = hostapd_drv_send_action(hapd, hapd->iface->freq, 0, addr,
2789 buf, sizeof(buf));
2790 if (ret)
2791 wpa_printf(MSG_DEBUG,
2792 "Failed to send Notify Channel Width frame to "
2793 MACSTR, MAC2STR(addr));
2794
2795 return ret;
2796 }
2797
2798
hostapd_ctrl_iface_notify_cw_vhtaction(struct hostapd_data * hapd,const u8 * addr,u8 width)2799 static char hostapd_ctrl_iface_notify_cw_vhtaction(struct hostapd_data *hapd,
2800 const u8 *addr, u8 width)
2801 {
2802 u8 buf[3];
2803 char ret;
2804
2805 buf[0] = WLAN_ACTION_VHT;
2806 buf[1] = WLAN_VHT_ACTION_OPMODE_NOTIF;
2807 buf[2] = width;
2808
2809 ret = hostapd_drv_send_action(hapd, hapd->iface->freq, 0, addr,
2810 buf, sizeof(buf));
2811 if (ret)
2812 wpa_printf(MSG_DEBUG,
2813 "Failed to send Opeating Mode Notification frame to "
2814 MACSTR, MAC2STR(addr));
2815
2816 return ret;
2817 }
2818
2819
hostapd_ctrl_iface_notify_cw_change(struct hostapd_data * hapd,const char * cmd)2820 static char hostapd_ctrl_iface_notify_cw_change(struct hostapd_data *hapd,
2821 const char *cmd)
2822 {
2823 u8 cw, operating_mode = 0, nss;
2824 struct sta_info *sta;
2825 enum hostapd_hw_mode hw_mode;
2826
2827 if (is_6ghz_freq(hapd->iface->freq)) {
2828 wpa_printf(MSG_ERROR, "20/40 BSS coex not supported in 6 GHz");
2829 return -1;
2830 }
2831
2832 cw = atoi(cmd);
2833 hw_mode = hapd->iface->current_mode->mode;
2834 if ((hw_mode == HOSTAPD_MODE_IEEE80211G ||
2835 hw_mode == HOSTAPD_MODE_IEEE80211B) &&
2836 !(cw == 0 || cw == 1)) {
2837 wpa_printf(MSG_ERROR,
2838 "Channel width should be either 20 MHz or 40 MHz for 2.4 GHz band");
2839 return -1;
2840 }
2841
2842 switch (cw) {
2843 case 0:
2844 operating_mode = 0;
2845 break;
2846 case 1:
2847 operating_mode = VHT_OPMODE_CHANNEL_40MHZ;
2848 break;
2849 case 2:
2850 operating_mode = VHT_OPMODE_CHANNEL_80MHZ;
2851 break;
2852 case 3:
2853 operating_mode = VHT_OPMODE_CHANNEL_160MHZ;
2854 break;
2855 default:
2856 wpa_printf(MSG_ERROR, "Channel width should be between 0 to 3");
2857 return -1;
2858 }
2859
2860 for (sta = hapd->sta_list; sta; sta = sta->next) {
2861 if ((sta->flags & WLAN_STA_VHT) && sta->vht_capabilities) {
2862 nss = hostapd_maxnss(hapd, sta) - 1;
2863 hostapd_ctrl_iface_notify_cw_vhtaction(hapd, sta->addr,
2864 operating_mode |
2865 (u8) (nss << 4));
2866 continue;
2867 }
2868
2869 if ((sta->flags & (WLAN_STA_HT | WLAN_STA_VHT)) ==
2870 WLAN_STA_HT && sta->ht_capabilities)
2871 hostapd_ctrl_iface_notify_cw_htaction(hapd, sta->addr,
2872 cw);
2873 }
2874
2875 return 0;
2876 }
2877
2878
hostapd_ctrl_iface_mib(struct hostapd_data * hapd,char * reply,int reply_size,const char * param)2879 static int hostapd_ctrl_iface_mib(struct hostapd_data *hapd, char *reply,
2880 int reply_size, const char *param)
2881 {
2882 #ifdef RADIUS_SERVER
2883 if (os_strcmp(param, "radius_server") == 0) {
2884 return radius_server_get_mib(hapd->radius_srv, reply,
2885 reply_size);
2886 }
2887 #endif /* RADIUS_SERVER */
2888 return -1;
2889 }
2890
2891
hostapd_ctrl_iface_vendor(struct hostapd_data * hapd,char * cmd,char * buf,size_t buflen)2892 static int hostapd_ctrl_iface_vendor(struct hostapd_data *hapd, char *cmd,
2893 char *buf, size_t buflen)
2894 {
2895 int ret;
2896 char *pos, *temp = NULL;
2897 u8 *data = NULL;
2898 unsigned int vendor_id, subcmd;
2899 enum nested_attr nested_attr_flag = NESTED_ATTR_UNSPECIFIED;
2900 struct wpabuf *reply;
2901 size_t data_len = 0;
2902
2903 /**
2904 * cmd: <vendor id> <subcommand id> [<hex formatted data>]
2905 * [nested=<0|1>]
2906 */
2907 vendor_id = strtoul(cmd, &pos, 16);
2908 if (!isblank((unsigned char) *pos))
2909 return -EINVAL;
2910
2911 subcmd = strtoul(pos, &pos, 10);
2912
2913 if (*pos != '\0') {
2914 if (!isblank((unsigned char) *pos++))
2915 return -EINVAL;
2916
2917 temp = os_strchr(pos, ' ');
2918 data_len = temp ? (size_t) (temp - pos) : os_strlen(pos);
2919 }
2920
2921 if (data_len) {
2922 data_len /= 2;
2923 data = os_malloc(data_len);
2924 if (!data)
2925 return -ENOBUFS;
2926
2927 if (hexstr2bin(pos, data, data_len)) {
2928 wpa_printf(MSG_DEBUG,
2929 "Vendor command: wrong parameter format");
2930 os_free(data);
2931 return -EINVAL;
2932 }
2933 }
2934
2935 pos = os_strstr(cmd, "nested=");
2936 if (pos)
2937 nested_attr_flag = atoi(pos + 7) ? NESTED_ATTR_USED :
2938 NESTED_ATTR_NOT_USED;
2939
2940 reply = wpabuf_alloc((buflen - 1) / 2);
2941 if (!reply) {
2942 os_free(data);
2943 return -ENOBUFS;
2944 }
2945
2946 ret = hostapd_drv_vendor_cmd(hapd, vendor_id, subcmd, data, data_len,
2947 nested_attr_flag, reply);
2948
2949 if (ret == 0)
2950 ret = wpa_snprintf_hex(buf, buflen, wpabuf_head_u8(reply),
2951 wpabuf_len(reply));
2952
2953 wpabuf_free(reply);
2954 os_free(data);
2955
2956 return ret;
2957 }
2958
2959
hostapd_ctrl_iface_eapol_reauth(struct hostapd_data * hapd,const char * cmd)2960 static int hostapd_ctrl_iface_eapol_reauth(struct hostapd_data *hapd,
2961 const char *cmd)
2962 {
2963 u8 addr[ETH_ALEN];
2964 struct sta_info *sta;
2965
2966 if (hwaddr_aton(cmd, addr))
2967 return -1;
2968
2969 sta = ap_get_sta(hapd, addr);
2970 if (!sta || !sta->eapol_sm)
2971 return -1;
2972
2973 eapol_auth_reauthenticate(sta->eapol_sm);
2974 return 0;
2975 }
2976
2977
hostapd_ctrl_iface_eapol_set(struct hostapd_data * hapd,char * cmd)2978 static int hostapd_ctrl_iface_eapol_set(struct hostapd_data *hapd, char *cmd)
2979 {
2980 u8 addr[ETH_ALEN];
2981 struct sta_info *sta;
2982 char *pos = cmd, *param;
2983
2984 if (hwaddr_aton(pos, addr) || pos[17] != ' ')
2985 return -1;
2986 pos += 18;
2987 param = pos;
2988 pos = os_strchr(pos, ' ');
2989 if (!pos)
2990 return -1;
2991 *pos++ = '\0';
2992
2993 sta = ap_get_sta(hapd, addr);
2994 if (!sta || !sta->eapol_sm)
2995 return -1;
2996
2997 return eapol_auth_set_conf(sta->eapol_sm, param, pos);
2998 }
2999
3000
hostapd_ctrl_iface_log_level(struct hostapd_data * hapd,char * cmd,char * buf,size_t buflen)3001 static int hostapd_ctrl_iface_log_level(struct hostapd_data *hapd, char *cmd,
3002 char *buf, size_t buflen)
3003 {
3004 char *pos, *end, *stamp;
3005 int ret;
3006
3007 /* cmd: "LOG_LEVEL [<level>]" */
3008 if (*cmd == '\0') {
3009 pos = buf;
3010 end = buf + buflen;
3011 ret = os_snprintf(pos, end - pos, "Current level: %s\n"
3012 "Timestamp: %d\n",
3013 debug_level_str(wpa_debug_level),
3014 wpa_debug_timestamp);
3015 if (os_snprintf_error(end - pos, ret))
3016 ret = 0;
3017
3018 return ret;
3019 }
3020
3021 while (*cmd == ' ')
3022 cmd++;
3023
3024 stamp = os_strchr(cmd, ' ');
3025 if (stamp) {
3026 *stamp++ = '\0';
3027 while (*stamp == ' ') {
3028 stamp++;
3029 }
3030 }
3031
3032 if (os_strlen(cmd)) {
3033 int level = str_to_debug_level(cmd);
3034 if (level < 0)
3035 return -1;
3036 wpa_debug_level = level;
3037 }
3038
3039 if (stamp && os_strlen(stamp))
3040 wpa_debug_timestamp = atoi(stamp);
3041
3042 os_memcpy(buf, "OK\n", 3);
3043 return 3;
3044 }
3045
3046
3047 #ifdef NEED_AP_MLME
hostapd_ctrl_iface_track_sta_list(struct hostapd_data * hapd,char * buf,size_t buflen)3048 static int hostapd_ctrl_iface_track_sta_list(struct hostapd_data *hapd,
3049 char *buf, size_t buflen)
3050 {
3051 struct hostapd_iface *iface = hapd->iface;
3052 char *pos, *end;
3053 struct hostapd_sta_info *info;
3054 struct os_reltime now;
3055
3056 if (!iface->num_sta_seen)
3057 return 0;
3058
3059 sta_track_expire(iface, 0);
3060
3061 pos = buf;
3062 end = buf + buflen;
3063
3064 os_get_reltime(&now);
3065 dl_list_for_each_reverse(info, &iface->sta_seen,
3066 struct hostapd_sta_info, list) {
3067 struct os_reltime age;
3068 int ret;
3069
3070 os_reltime_sub(&now, &info->last_seen, &age);
3071 ret = os_snprintf(pos, end - pos, MACSTR " %u %d\n",
3072 MAC2STR(info->addr), (unsigned int) age.sec,
3073 info->ssi_signal);
3074 if (os_snprintf_error(end - pos, ret))
3075 break;
3076 pos += ret;
3077 }
3078
3079 return pos - buf;
3080 }
3081 #endif /* NEED_AP_MLME */
3082
3083
hostapd_ctrl_iface_req_lci(struct hostapd_data * hapd,const char * cmd)3084 static int hostapd_ctrl_iface_req_lci(struct hostapd_data *hapd,
3085 const char *cmd)
3086 {
3087 u8 addr[ETH_ALEN];
3088
3089 if (hwaddr_aton(cmd, addr)) {
3090 wpa_printf(MSG_INFO, "CTRL: REQ_LCI: Invalid MAC address");
3091 return -1;
3092 }
3093
3094 return hostapd_send_lci_req(hapd, addr);
3095 }
3096
3097
hostapd_ctrl_iface_req_range(struct hostapd_data * hapd,char * cmd)3098 static int hostapd_ctrl_iface_req_range(struct hostapd_data *hapd, char *cmd)
3099 {
3100 u8 addr[ETH_ALEN];
3101 char *token, *context = NULL;
3102 int random_interval, min_ap;
3103 u8 responders[ETH_ALEN * RRM_RANGE_REQ_MAX_RESPONDERS];
3104 unsigned int n_responders;
3105
3106 token = str_token(cmd, " ", &context);
3107 if (!token || hwaddr_aton(token, addr)) {
3108 wpa_printf(MSG_INFO,
3109 "CTRL: REQ_RANGE - Bad destination address");
3110 return -1;
3111 }
3112
3113 token = str_token(cmd, " ", &context);
3114 if (!token)
3115 return -1;
3116
3117 random_interval = atoi(token);
3118 if (random_interval < 0 || random_interval > 0xffff)
3119 return -1;
3120
3121 token = str_token(cmd, " ", &context);
3122 if (!token)
3123 return -1;
3124
3125 min_ap = atoi(token);
3126 if (min_ap <= 0 || min_ap > WLAN_RRM_RANGE_REQ_MAX_MIN_AP)
3127 return -1;
3128
3129 n_responders = 0;
3130 while ((token = str_token(cmd, " ", &context))) {
3131 if (n_responders == RRM_RANGE_REQ_MAX_RESPONDERS) {
3132 wpa_printf(MSG_INFO,
3133 "CTRL: REQ_RANGE: Too many responders");
3134 return -1;
3135 }
3136
3137 if (hwaddr_aton(token, responders + n_responders * ETH_ALEN)) {
3138 wpa_printf(MSG_INFO,
3139 "CTRL: REQ_RANGE: Bad responder address");
3140 return -1;
3141 }
3142
3143 n_responders++;
3144 }
3145
3146 if (!n_responders) {
3147 wpa_printf(MSG_INFO,
3148 "CTRL: REQ_RANGE - No FTM responder address");
3149 return -1;
3150 }
3151
3152 return hostapd_send_range_req(hapd, addr, random_interval, min_ap,
3153 responders, n_responders);
3154 }
3155
3156
hostapd_ctrl_iface_req_beacon(struct hostapd_data * hapd,const char * cmd,char * reply,size_t reply_size)3157 static int hostapd_ctrl_iface_req_beacon(struct hostapd_data *hapd,
3158 const char *cmd, char *reply,
3159 size_t reply_size)
3160 {
3161 u8 addr[ETH_ALEN];
3162 const char *pos;
3163 struct wpabuf *req;
3164 int ret;
3165 u8 req_mode = 0;
3166
3167 if (hwaddr_aton(cmd, addr))
3168 return -1;
3169 pos = os_strchr(cmd, ' ');
3170 if (!pos)
3171 return -1;
3172 pos++;
3173 if (os_strncmp(pos, "req_mode=", 9) == 0) {
3174 int val = hex2byte(pos + 9);
3175
3176 if (val < 0)
3177 return -1;
3178 req_mode = val;
3179 pos += 11;
3180 pos = os_strchr(pos, ' ');
3181 if (!pos)
3182 return -1;
3183 pos++;
3184 }
3185 req = wpabuf_parse_bin(pos);
3186 if (!req)
3187 return -1;
3188
3189 ret = hostapd_send_beacon_req(hapd, addr, req_mode, req);
3190 wpabuf_free(req);
3191 if (ret >= 0)
3192 ret = os_snprintf(reply, reply_size, "%d", ret);
3193 return ret;
3194 }
3195
3196
hostapd_ctrl_iface_show_neighbor(struct hostapd_data * hapd,char * buf,size_t buflen)3197 static int hostapd_ctrl_iface_show_neighbor(struct hostapd_data *hapd,
3198 char *buf, size_t buflen)
3199 {
3200 if (!(hapd->conf->radio_measurements[0] &
3201 WLAN_RRM_CAPS_NEIGHBOR_REPORT)) {
3202 wpa_printf(MSG_ERROR,
3203 "CTRL: SHOW_NEIGHBOR: Neighbor report is not enabled");
3204 return -1;
3205 }
3206
3207 return hostapd_neighbor_show(hapd, buf, buflen);
3208 }
3209
3210
hostapd_ctrl_iface_set_neighbor(struct hostapd_data * hapd,char * buf)3211 static int hostapd_ctrl_iface_set_neighbor(struct hostapd_data *hapd, char *buf)
3212 {
3213 struct wpa_ssid_value ssid;
3214 u8 bssid[ETH_ALEN];
3215 struct wpabuf *nr, *lci = NULL, *civic = NULL;
3216 int stationary = 0;
3217 int bss_parameters = 0;
3218 char *tmp;
3219 int ret = -1;
3220
3221 if (!(hapd->conf->radio_measurements[0] &
3222 WLAN_RRM_CAPS_NEIGHBOR_REPORT)) {
3223 wpa_printf(MSG_ERROR,
3224 "CTRL: SET_NEIGHBOR: Neighbor report is not enabled");
3225 return -1;
3226 }
3227
3228 if (hwaddr_aton(buf, bssid)) {
3229 wpa_printf(MSG_ERROR, "CTRL: SET_NEIGHBOR: Bad BSSID");
3230 return -1;
3231 }
3232
3233 tmp = os_strstr(buf, "ssid=");
3234 if (!tmp || ssid_parse(tmp + 5, &ssid)) {
3235 wpa_printf(MSG_ERROR,
3236 "CTRL: SET_NEIGHBOR: Bad or missing SSID");
3237 return -1;
3238 }
3239 buf = os_strchr(tmp + 6, tmp[5] == '"' ? '"' : ' ');
3240 if (!buf)
3241 return -1;
3242
3243 tmp = os_strstr(buf, "nr=");
3244 if (!tmp) {
3245 wpa_printf(MSG_ERROR,
3246 "CTRL: SET_NEIGHBOR: Missing Neighbor Report element");
3247 return -1;
3248 }
3249
3250 buf = os_strchr(tmp, ' ');
3251 if (buf)
3252 *buf++ = '\0';
3253
3254 nr = wpabuf_parse_bin(tmp + 3);
3255 if (!nr) {
3256 wpa_printf(MSG_ERROR,
3257 "CTRL: SET_NEIGHBOR: Bad Neighbor Report element");
3258 return -1;
3259 }
3260
3261 if (!buf)
3262 goto set;
3263
3264 tmp = os_strstr(buf, "lci=");
3265 if (tmp) {
3266 buf = os_strchr(tmp, ' ');
3267 if (buf)
3268 *buf++ = '\0';
3269 lci = wpabuf_parse_bin(tmp + 4);
3270 if (!lci) {
3271 wpa_printf(MSG_ERROR,
3272 "CTRL: SET_NEIGHBOR: Bad LCI subelement");
3273 goto fail;
3274 }
3275 }
3276
3277 if (!buf)
3278 goto set;
3279
3280 tmp = os_strstr(buf, "civic=");
3281 if (tmp) {
3282 buf = os_strchr(tmp, ' ');
3283 if (buf)
3284 *buf++ = '\0';
3285 civic = wpabuf_parse_bin(tmp + 6);
3286 if (!civic) {
3287 wpa_printf(MSG_ERROR,
3288 "CTRL: SET_NEIGHBOR: Bad civic subelement");
3289 goto fail;
3290 }
3291 }
3292
3293 if (!buf)
3294 goto set;
3295
3296 if (os_strstr(buf, "stat"))
3297 stationary = 1;
3298
3299 tmp = os_strstr(buf, "bss_parameter=");
3300 if (tmp) {
3301 bss_parameters = atoi(tmp + 14);
3302 if (bss_parameters < 0 || bss_parameters > 0xff) {
3303 wpa_printf(MSG_ERROR,
3304 "CTRL: SET_NEIGHBOR: Bad bss_parameters subelement");
3305 goto fail;
3306 }
3307 }
3308
3309 set:
3310 ret = hostapd_neighbor_set(hapd, bssid, &ssid, nr, lci, civic,
3311 stationary, bss_parameters);
3312
3313 fail:
3314 wpabuf_free(nr);
3315 wpabuf_free(lci);
3316 wpabuf_free(civic);
3317
3318 return ret;
3319 }
3320
3321
hostapd_ctrl_iface_remove_neighbor(struct hostapd_data * hapd,char * buf)3322 static int hostapd_ctrl_iface_remove_neighbor(struct hostapd_data *hapd,
3323 char *buf)
3324 {
3325 struct wpa_ssid_value ssid;
3326 struct wpa_ssid_value *ssidp = NULL;
3327 u8 bssid[ETH_ALEN];
3328 char *tmp;
3329
3330 if (hwaddr_aton(buf, bssid)) {
3331 wpa_printf(MSG_ERROR, "CTRL: REMOVE_NEIGHBOR: Bad BSSID");
3332 return -1;
3333 }
3334
3335 tmp = os_strstr(buf, "ssid=");
3336 if (tmp) {
3337 ssidp = &ssid;
3338 if (ssid_parse(tmp + 5, &ssid)) {
3339 wpa_printf(MSG_ERROR,
3340 "CTRL: REMOVE_NEIGHBOR: Bad SSID");
3341 return -1;
3342 }
3343 }
3344
3345 return hostapd_neighbor_remove(hapd, bssid, ssidp);
3346 }
3347
3348
hostapd_ctrl_driver_flags(struct hostapd_iface * iface,char * buf,size_t buflen)3349 static int hostapd_ctrl_driver_flags(struct hostapd_iface *iface, char *buf,
3350 size_t buflen)
3351 {
3352 int ret, i;
3353 char *pos, *end;
3354
3355 ret = os_snprintf(buf, buflen, "%016llX:\n",
3356 (long long unsigned) iface->drv_flags);
3357 if (os_snprintf_error(buflen, ret))
3358 return -1;
3359
3360 pos = buf + ret;
3361 end = buf + buflen;
3362
3363 for (i = 0; i < 64; i++) {
3364 if (iface->drv_flags & (1LLU << i)) {
3365 ret = os_snprintf(pos, end - pos, "%s\n",
3366 driver_flag_to_string(1LLU << i));
3367 if (os_snprintf_error(end - pos, ret))
3368 return -1;
3369 pos += ret;
3370 }
3371 }
3372
3373 return pos - buf;
3374 }
3375
3376
hostapd_ctrl_driver_flags2(struct hostapd_iface * iface,char * buf,size_t buflen)3377 static int hostapd_ctrl_driver_flags2(struct hostapd_iface *iface, char *buf,
3378 size_t buflen)
3379 {
3380 int ret, i;
3381 char *pos, *end;
3382
3383 ret = os_snprintf(buf, buflen, "%016llX:\n",
3384 (long long unsigned) iface->drv_flags2);
3385 if (os_snprintf_error(buflen, ret))
3386 return -1;
3387
3388 pos = buf + ret;
3389 end = buf + buflen;
3390
3391 for (i = 0; i < 64; i++) {
3392 if (iface->drv_flags2 & (1LLU << i)) {
3393 ret = os_snprintf(pos, end - pos, "%s\n",
3394 driver_flag2_to_string(1LLU << i));
3395 if (os_snprintf_error(end - pos, ret))
3396 return -1;
3397 pos += ret;
3398 }
3399 }
3400
3401 return pos - buf;
3402 }
3403
3404
hostapd_ctrl_iface_get_capability(struct hostapd_data * hapd,const char * field,char * buf,size_t buflen)3405 static int hostapd_ctrl_iface_get_capability(struct hostapd_data *hapd,
3406 const char *field, char *buf,
3407 size_t buflen)
3408 {
3409 wpa_printf(MSG_DEBUG, "CTRL_IFACE: GET_CAPABILITY '%s'", field);
3410
3411 #ifdef CONFIG_DPP
3412 if (os_strcmp(field, "dpp") == 0) {
3413 int res;
3414
3415 #ifdef CONFIG_DPP3
3416 res = os_snprintf(buf, buflen, "DPP=3");
3417 #elif defined(CONFIG_DPP2)
3418 res = os_snprintf(buf, buflen, "DPP=2");
3419 #else /* CONFIG_DPP2 */
3420 res = os_snprintf(buf, buflen, "DPP=1");
3421 #endif /* CONFIG_DPP2 */
3422 if (os_snprintf_error(buflen, res))
3423 return -1;
3424 return res;
3425 }
3426 #endif /* CONFIG_DPP */
3427
3428 wpa_printf(MSG_DEBUG, "CTRL_IFACE: Unknown GET_CAPABILITY field '%s'",
3429 field);
3430
3431 return -1;
3432 }
3433
3434
3435 #ifdef ANDROID
hostapd_ctrl_iface_driver_cmd(struct hostapd_data * hapd,char * cmd,char * buf,size_t buflen)3436 static int hostapd_ctrl_iface_driver_cmd(struct hostapd_data *hapd, char *cmd,
3437 char *buf, size_t buflen)
3438 {
3439 int ret;
3440
3441 ret = hostapd_drv_driver_cmd(hapd, cmd, buf, buflen);
3442 if (ret == 0) {
3443 ret = os_snprintf(buf, buflen, "%s\n", "OK");
3444 if (os_snprintf_error(buflen, ret))
3445 ret = -1;
3446 }
3447 return ret;
3448 }
3449 #endif /* ANDROID */
3450
3451
hostapd_ctrl_iface_receive_process(struct hostapd_data * hapd,char * buf,char * reply,int reply_size,struct sockaddr_storage * from,socklen_t fromlen)3452 static int hostapd_ctrl_iface_receive_process(struct hostapd_data *hapd,
3453 char *buf, char *reply,
3454 int reply_size,
3455 struct sockaddr_storage *from,
3456 socklen_t fromlen)
3457 {
3458 int reply_len, res;
3459
3460 os_memcpy(reply, "OK\n", 3);
3461 reply_len = 3;
3462
3463 if (os_strcmp(buf, "PING") == 0) {
3464 os_memcpy(reply, "PONG\n", 5);
3465 reply_len = 5;
3466 } else if (os_strncmp(buf, "RELOG", 5) == 0) {
3467 if (wpa_debug_reopen_file() < 0)
3468 reply_len = -1;
3469 } else if (os_strcmp(buf, "CLOSE_LOG") == 0) {
3470 wpa_debug_stop_log();
3471 } else if (os_strncmp(buf, "NOTE ", 5) == 0) {
3472 wpa_printf(MSG_INFO, "NOTE: %s", buf + 5);
3473 } else if (os_strcmp(buf, "STATUS") == 0) {
3474 reply_len = hostapd_ctrl_iface_status(hapd, reply,
3475 reply_size);
3476 } else if (os_strcmp(buf, "STATUS-DRIVER") == 0) {
3477 reply_len = hostapd_drv_status(hapd, reply, reply_size);
3478 } else if (os_strcmp(buf, "MIB") == 0) {
3479 reply_len = ieee802_11_get_mib(hapd, reply, reply_size);
3480 if (reply_len >= 0) {
3481 res = wpa_get_mib(hapd->wpa_auth, reply + reply_len,
3482 reply_size - reply_len);
3483 if (res < 0)
3484 reply_len = -1;
3485 else
3486 reply_len += res;
3487 }
3488 if (reply_len >= 0) {
3489 res = ieee802_1x_get_mib(hapd, reply + reply_len,
3490 reply_size - reply_len);
3491 if (res < 0)
3492 reply_len = -1;
3493 else
3494 reply_len += res;
3495 }
3496 #ifndef CONFIG_NO_RADIUS
3497 if (reply_len >= 0) {
3498 res = radius_client_get_mib(hapd->radius,
3499 reply + reply_len,
3500 reply_size - reply_len);
3501 if (res < 0)
3502 reply_len = -1;
3503 else
3504 reply_len += res;
3505 }
3506 #endif /* CONFIG_NO_RADIUS */
3507 } else if (os_strncmp(buf, "MIB ", 4) == 0) {
3508 reply_len = hostapd_ctrl_iface_mib(hapd, reply, reply_size,
3509 buf + 4);
3510 } else if (os_strcmp(buf, "STA-FIRST") == 0) {
3511 reply_len = hostapd_ctrl_iface_sta_first(hapd, reply,
3512 reply_size);
3513 } else if (os_strncmp(buf, "STA ", 4) == 0) {
3514 reply_len = hostapd_ctrl_iface_sta(hapd, buf + 4, reply,
3515 reply_size);
3516 } else if (os_strncmp(buf, "STA-NEXT ", 9) == 0) {
3517 reply_len = hostapd_ctrl_iface_sta_next(hapd, buf + 9, reply,
3518 reply_size);
3519 } else if (os_strcmp(buf, "ATTACH") == 0) {
3520 if (hostapd_ctrl_iface_attach(hapd, from, fromlen, NULL))
3521 reply_len = -1;
3522 } else if (os_strncmp(buf, "ATTACH ", 7) == 0) {
3523 if (hostapd_ctrl_iface_attach(hapd, from, fromlen, buf + 7))
3524 reply_len = -1;
3525 } else if (os_strcmp(buf, "DETACH") == 0) {
3526 if (hostapd_ctrl_iface_detach(hapd, from, fromlen))
3527 reply_len = -1;
3528 } else if (os_strncmp(buf, "LEVEL ", 6) == 0) {
3529 if (hostapd_ctrl_iface_level(hapd, from, fromlen,
3530 buf + 6))
3531 reply_len = -1;
3532 } else if (os_strncmp(buf, "NEW_STA ", 8) == 0) {
3533 if (hostapd_ctrl_iface_new_sta(hapd, buf + 8))
3534 reply_len = -1;
3535 } else if (os_strncmp(buf, "DEAUTHENTICATE ", 15) == 0) {
3536 if (hostapd_ctrl_iface_deauthenticate(hapd, buf + 15))
3537 reply_len = -1;
3538 } else if (os_strncmp(buf, "DISASSOCIATE ", 13) == 0) {
3539 if (hostapd_ctrl_iface_disassociate(hapd, buf + 13))
3540 reply_len = -1;
3541 #ifdef CONFIG_TAXONOMY
3542 } else if (os_strncmp(buf, "SIGNATURE ", 10) == 0) {
3543 reply_len = hostapd_ctrl_iface_signature(hapd, buf + 10,
3544 reply, reply_size);
3545 #endif /* CONFIG_TAXONOMY */
3546 } else if (os_strncmp(buf, "POLL_STA ", 9) == 0) {
3547 if (hostapd_ctrl_iface_poll_sta(hapd, buf + 9))
3548 reply_len = -1;
3549 } else if (os_strcmp(buf, "STOP_AP") == 0) {
3550 if (hostapd_ctrl_iface_stop_ap(hapd))
3551 reply_len = -1;
3552 #ifdef NEED_AP_MLME
3553 } else if (os_strncmp(buf, "SA_QUERY ", 9) == 0) {
3554 if (hostapd_ctrl_iface_sa_query(hapd, buf + 9))
3555 reply_len = -1;
3556 #endif /* NEED_AP_MLME */
3557 #ifdef CONFIG_WPS
3558 } else if (os_strncmp(buf, "WPS_PIN ", 8) == 0) {
3559 if (hostapd_ctrl_iface_wps_pin(hapd, buf + 8))
3560 reply_len = -1;
3561 } else if (os_strncmp(buf, "WPS_CHECK_PIN ", 14) == 0) {
3562 reply_len = hostapd_ctrl_iface_wps_check_pin(
3563 hapd, buf + 14, reply, reply_size);
3564 } else if (os_strcmp(buf, "WPS_PBC") == 0) {
3565 if (hostapd_wps_button_pushed(hapd, NULL))
3566 reply_len = -1;
3567 } else if (os_strcmp(buf, "WPS_CANCEL") == 0) {
3568 if (hostapd_wps_cancel(hapd))
3569 reply_len = -1;
3570 } else if (os_strncmp(buf, "WPS_AP_PIN ", 11) == 0) {
3571 reply_len = hostapd_ctrl_iface_wps_ap_pin(hapd, buf + 11,
3572 reply, reply_size);
3573 } else if (os_strncmp(buf, "WPS_CONFIG ", 11) == 0) {
3574 if (hostapd_ctrl_iface_wps_config(hapd, buf + 11) < 0)
3575 reply_len = -1;
3576 } else if (os_strncmp(buf, "WPS_GET_STATUS", 13) == 0) {
3577 reply_len = hostapd_ctrl_iface_wps_get_status(hapd, reply,
3578 reply_size);
3579 #ifdef CONFIG_WPS_NFC
3580 } else if (os_strncmp(buf, "WPS_NFC_TAG_READ ", 17) == 0) {
3581 if (hostapd_ctrl_iface_wps_nfc_tag_read(hapd, buf + 17))
3582 reply_len = -1;
3583 } else if (os_strncmp(buf, "WPS_NFC_CONFIG_TOKEN ", 21) == 0) {
3584 reply_len = hostapd_ctrl_iface_wps_nfc_config_token(
3585 hapd, buf + 21, reply, reply_size);
3586 } else if (os_strncmp(buf, "WPS_NFC_TOKEN ", 14) == 0) {
3587 reply_len = hostapd_ctrl_iface_wps_nfc_token(
3588 hapd, buf + 14, reply, reply_size);
3589 } else if (os_strncmp(buf, "NFC_GET_HANDOVER_SEL ", 21) == 0) {
3590 reply_len = hostapd_ctrl_iface_nfc_get_handover_sel(
3591 hapd, buf + 21, reply, reply_size);
3592 } else if (os_strncmp(buf, "NFC_REPORT_HANDOVER ", 20) == 0) {
3593 if (hostapd_ctrl_iface_nfc_report_handover(hapd, buf + 20))
3594 reply_len = -1;
3595 #endif /* CONFIG_WPS_NFC */
3596 #endif /* CONFIG_WPS */
3597 #ifdef CONFIG_INTERWORKING
3598 } else if (os_strncmp(buf, "SET_QOS_MAP_SET ", 16) == 0) {
3599 if (hostapd_ctrl_iface_set_qos_map_set(hapd, buf + 16))
3600 reply_len = -1;
3601 } else if (os_strncmp(buf, "SEND_QOS_MAP_CONF ", 18) == 0) {
3602 if (hostapd_ctrl_iface_send_qos_map_conf(hapd, buf + 18))
3603 reply_len = -1;
3604 #endif /* CONFIG_INTERWORKING */
3605 #ifdef CONFIG_HS20
3606 } else if (os_strncmp(buf, "HS20_WNM_NOTIF ", 15) == 0) {
3607 if (hostapd_ctrl_iface_hs20_wnm_notif(hapd, buf + 15))
3608 reply_len = -1;
3609 } else if (os_strncmp(buf, "HS20_DEAUTH_REQ ", 16) == 0) {
3610 if (hostapd_ctrl_iface_hs20_deauth_req(hapd, buf + 16))
3611 reply_len = -1;
3612 #endif /* CONFIG_HS20 */
3613 #ifdef CONFIG_WNM_AP
3614 } else if (os_strncmp(buf, "DISASSOC_IMMINENT ", 18) == 0) {
3615 if (hostapd_ctrl_iface_disassoc_imminent(hapd, buf + 18))
3616 reply_len = -1;
3617 } else if (os_strncmp(buf, "ESS_DISASSOC ", 13) == 0) {
3618 if (hostapd_ctrl_iface_ess_disassoc(hapd, buf + 13))
3619 reply_len = -1;
3620 } else if (os_strncmp(buf, "BSS_TM_REQ ", 11) == 0) {
3621 if (hostapd_ctrl_iface_bss_tm_req(hapd, buf + 11))
3622 reply_len = -1;
3623 } else if (os_strncmp(buf, "COLOC_INTF_REQ ", 15) == 0) {
3624 if (hostapd_ctrl_iface_coloc_intf_req(hapd, buf + 15))
3625 reply_len = -1;
3626 #endif /* CONFIG_WNM_AP */
3627 } else if (os_strcmp(buf, "GET_CONFIG") == 0) {
3628 reply_len = hostapd_ctrl_iface_get_config(hapd, reply,
3629 reply_size);
3630 } else if (os_strncmp(buf, "SET ", 4) == 0) {
3631 if (hostapd_ctrl_iface_set(hapd, buf + 4))
3632 reply_len = -1;
3633 } else if (os_strncmp(buf, "GET ", 4) == 0) {
3634 reply_len = hostapd_ctrl_iface_get(hapd, buf + 4, reply,
3635 reply_size);
3636 } else if (os_strncmp(buf, "ENABLE", 6) == 0) {
3637 if (hostapd_ctrl_iface_enable(hapd->iface))
3638 reply_len = -1;
3639 } else if (os_strcmp(buf, "RELOAD_WPA_PSK") == 0) {
3640 if (hostapd_ctrl_iface_reload_wpa_psk(hapd))
3641 reply_len = -1;
3642 } else if (os_strcmp(buf, "RELOAD_BSS") == 0) {
3643 if (hostapd_ctrl_iface_reload_bss(hapd))
3644 reply_len = -1;
3645 } else if (os_strncmp(buf, "RELOAD", 6) == 0) {
3646 if (hostapd_ctrl_iface_reload(hapd->iface))
3647 reply_len = -1;
3648 } else if (os_strncmp(buf, "DISABLE", 7) == 0) {
3649 if (hostapd_ctrl_iface_disable(hapd->iface))
3650 reply_len = -1;
3651 } else if (os_strcmp(buf, "UPDATE_BEACON") == 0) {
3652 if (ieee802_11_set_beacon(hapd))
3653 reply_len = -1;
3654 #ifdef CONFIG_TESTING_OPTIONS
3655 } else if (os_strncmp(buf, "RADAR ", 6) == 0) {
3656 if (hostapd_ctrl_iface_radar(hapd, buf + 6))
3657 reply_len = -1;
3658 } else if (os_strncmp(buf, "MGMT_TX ", 8) == 0) {
3659 if (hostapd_ctrl_iface_mgmt_tx(hapd, buf + 8))
3660 reply_len = -1;
3661 } else if (os_strncmp(buf, "MGMT_TX_STATUS_PROCESS ", 23) == 0) {
3662 if (hostapd_ctrl_iface_mgmt_tx_status_process(hapd,
3663 buf + 23) < 0)
3664 reply_len = -1;
3665 } else if (os_strncmp(buf, "MGMT_RX_PROCESS ", 16) == 0) {
3666 if (hostapd_ctrl_iface_mgmt_rx_process(hapd, buf + 16) < 0)
3667 reply_len = -1;
3668 } else if (os_strncmp(buf, "EAPOL_RX ", 9) == 0) {
3669 if (hostapd_ctrl_iface_eapol_rx(hapd, buf + 9) < 0)
3670 reply_len = -1;
3671 } else if (os_strncmp(buf, "EAPOL_TX ", 9) == 0) {
3672 if (hostapd_ctrl_iface_eapol_tx(hapd, buf + 9) < 0)
3673 reply_len = -1;
3674 } else if (os_strncmp(buf, "DATA_TEST_CONFIG ", 17) == 0) {
3675 if (hostapd_ctrl_iface_data_test_config(hapd, buf + 17) < 0)
3676 reply_len = -1;
3677 } else if (os_strncmp(buf, "DATA_TEST_TX ", 13) == 0) {
3678 if (hostapd_ctrl_iface_data_test_tx(hapd, buf + 13) < 0)
3679 reply_len = -1;
3680 } else if (os_strncmp(buf, "DATA_TEST_FRAME ", 16) == 0) {
3681 if (hostapd_ctrl_iface_data_test_frame(hapd, buf + 16) < 0)
3682 reply_len = -1;
3683 } else if (os_strncmp(buf, "TEST_ALLOC_FAIL ", 16) == 0) {
3684 if (hostapd_ctrl_test_alloc_fail(hapd, buf + 16) < 0)
3685 reply_len = -1;
3686 } else if (os_strcmp(buf, "GET_ALLOC_FAIL") == 0) {
3687 reply_len = hostapd_ctrl_get_alloc_fail(hapd, reply,
3688 reply_size);
3689 } else if (os_strncmp(buf, "TEST_FAIL ", 10) == 0) {
3690 if (hostapd_ctrl_test_fail(hapd, buf + 10) < 0)
3691 reply_len = -1;
3692 } else if (os_strcmp(buf, "GET_FAIL") == 0) {
3693 reply_len = hostapd_ctrl_get_fail(hapd, reply, reply_size);
3694 } else if (os_strncmp(buf, "RESET_PN ", 9) == 0) {
3695 if (hostapd_ctrl_reset_pn(hapd, buf + 9) < 0)
3696 reply_len = -1;
3697 } else if (os_strncmp(buf, "SET_KEY ", 8) == 0) {
3698 if (hostapd_ctrl_set_key(hapd, buf + 8) < 0)
3699 reply_len = -1;
3700 } else if (os_strncmp(buf, "RESEND_M1 ", 10) == 0) {
3701 if (hostapd_ctrl_resend_m1(hapd, buf + 10) < 0)
3702 reply_len = -1;
3703 } else if (os_strncmp(buf, "RESEND_M3 ", 10) == 0) {
3704 if (hostapd_ctrl_resend_m3(hapd, buf + 10) < 0)
3705 reply_len = -1;
3706 } else if (os_strncmp(buf, "RESEND_GROUP_M1 ", 16) == 0) {
3707 if (hostapd_ctrl_resend_group_m1(hapd, buf + 16) < 0)
3708 reply_len = -1;
3709 } else if (os_strncmp(buf, "REKEY_PTK ", 10) == 0) {
3710 if (hostapd_ctrl_rekey_ptk(hapd, buf + 10) < 0)
3711 reply_len = -1;
3712 } else if (os_strcmp(buf, "REKEY_GTK") == 0) {
3713 if (wpa_auth_rekey_gtk(hapd->wpa_auth) < 0)
3714 reply_len = -1;
3715 } else if (os_strncmp(buf, "GET_PMK ", 8) == 0) {
3716 reply_len = hostapd_ctrl_get_pmk(hapd, buf + 8, reply,
3717 reply_size);
3718 } else if (os_strncmp(buf, "REGISTER_FRAME ", 15) == 0) {
3719 if (hostapd_ctrl_register_frame(hapd, buf + 16) < 0)
3720 reply_len = -1;
3721 #endif /* CONFIG_TESTING_OPTIONS */
3722 } else if (os_strncmp(buf, "CHAN_SWITCH ", 12) == 0) {
3723 if (hostapd_ctrl_iface_chan_switch(hapd->iface, buf + 12))
3724 reply_len = -1;
3725 } else if (os_strncmp(buf, "NOTIFY_CW_CHANGE ", 17) == 0) {
3726 if (hostapd_ctrl_iface_notify_cw_change(hapd, buf + 17))
3727 reply_len = -1;
3728 } else if (os_strncmp(buf, "VENDOR ", 7) == 0) {
3729 reply_len = hostapd_ctrl_iface_vendor(hapd, buf + 7, reply,
3730 reply_size);
3731 } else if (os_strcmp(buf, "ERP_FLUSH") == 0) {
3732 ieee802_1x_erp_flush(hapd);
3733 #ifdef RADIUS_SERVER
3734 radius_server_erp_flush(hapd->radius_srv);
3735 #endif /* RADIUS_SERVER */
3736 } else if (os_strncmp(buf, "EAPOL_REAUTH ", 13) == 0) {
3737 if (hostapd_ctrl_iface_eapol_reauth(hapd, buf + 13))
3738 reply_len = -1;
3739 } else if (os_strncmp(buf, "EAPOL_SET ", 10) == 0) {
3740 if (hostapd_ctrl_iface_eapol_set(hapd, buf + 10))
3741 reply_len = -1;
3742 } else if (os_strncmp(buf, "LOG_LEVEL", 9) == 0) {
3743 reply_len = hostapd_ctrl_iface_log_level(
3744 hapd, buf + 9, reply, reply_size);
3745 #ifdef NEED_AP_MLME
3746 } else if (os_strcmp(buf, "TRACK_STA_LIST") == 0) {
3747 reply_len = hostapd_ctrl_iface_track_sta_list(
3748 hapd, reply, reply_size);
3749 #endif /* NEED_AP_MLME */
3750 } else if (os_strcmp(buf, "PMKSA") == 0) {
3751 reply_len = hostapd_ctrl_iface_pmksa_list(hapd, reply,
3752 reply_size);
3753 } else if (os_strcmp(buf, "PMKSA_FLUSH") == 0) {
3754 hostapd_ctrl_iface_pmksa_flush(hapd);
3755 } else if (os_strncmp(buf, "PMKSA_ADD ", 10) == 0) {
3756 if (hostapd_ctrl_iface_pmksa_add(hapd, buf + 10) < 0)
3757 reply_len = -1;
3758 } else if (os_strncmp(buf, "SET_NEIGHBOR ", 13) == 0) {
3759 if (hostapd_ctrl_iface_set_neighbor(hapd, buf + 13))
3760 reply_len = -1;
3761 } else if (os_strcmp(buf, "SHOW_NEIGHBOR") == 0) {
3762 reply_len = hostapd_ctrl_iface_show_neighbor(hapd, reply,
3763 reply_size);
3764 } else if (os_strncmp(buf, "REMOVE_NEIGHBOR ", 16) == 0) {
3765 if (hostapd_ctrl_iface_remove_neighbor(hapd, buf + 16))
3766 reply_len = -1;
3767 } else if (os_strncmp(buf, "REQ_LCI ", 8) == 0) {
3768 if (hostapd_ctrl_iface_req_lci(hapd, buf + 8))
3769 reply_len = -1;
3770 } else if (os_strncmp(buf, "REQ_RANGE ", 10) == 0) {
3771 if (hostapd_ctrl_iface_req_range(hapd, buf + 10))
3772 reply_len = -1;
3773 } else if (os_strncmp(buf, "REQ_BEACON ", 11) == 0) {
3774 reply_len = hostapd_ctrl_iface_req_beacon(hapd, buf + 11,
3775 reply, reply_size);
3776 } else if (os_strcmp(buf, "DRIVER_FLAGS") == 0) {
3777 reply_len = hostapd_ctrl_driver_flags(hapd->iface, reply,
3778 reply_size);
3779 } else if (os_strcmp(buf, "DRIVER_FLAGS2") == 0) {
3780 reply_len = hostapd_ctrl_driver_flags2(hapd->iface, reply,
3781 reply_size);
3782 } else if (os_strcmp(buf, "TERMINATE") == 0) {
3783 eloop_terminate();
3784 } else if (os_strncmp(buf, "ACCEPT_ACL ", 11) == 0) {
3785 if (os_strncmp(buf + 11, "ADD_MAC ", 8) == 0) {
3786 if (hostapd_ctrl_iface_acl_add_mac(
3787 &hapd->conf->accept_mac,
3788 &hapd->conf->num_accept_mac, buf + 19) ||
3789 hostapd_set_acl(hapd))
3790 reply_len = -1;
3791 } else if (os_strncmp((buf + 11), "DEL_MAC ", 8) == 0) {
3792 if (hostapd_ctrl_iface_acl_del_mac(
3793 &hapd->conf->accept_mac,
3794 &hapd->conf->num_accept_mac, buf + 19) ||
3795 hostapd_set_acl(hapd) ||
3796 hostapd_disassoc_accept_mac(hapd))
3797 reply_len = -1;
3798 } else if (os_strcmp(buf + 11, "SHOW") == 0) {
3799 reply_len = hostapd_ctrl_iface_acl_show_mac(
3800 hapd->conf->accept_mac,
3801 hapd->conf->num_accept_mac, reply, reply_size);
3802 } else if (os_strcmp(buf + 11, "CLEAR") == 0) {
3803 hostapd_ctrl_iface_acl_clear_list(
3804 &hapd->conf->accept_mac,
3805 &hapd->conf->num_accept_mac);
3806 if (hostapd_set_acl(hapd) ||
3807 hostapd_disassoc_accept_mac(hapd))
3808 reply_len = -1;
3809 } else {
3810 reply_len = -1;
3811 }
3812 } else if (os_strncmp(buf, "DENY_ACL ", 9) == 0) {
3813 if (os_strncmp(buf + 9, "ADD_MAC ", 8) == 0) {
3814 if (hostapd_ctrl_iface_acl_add_mac(
3815 &hapd->conf->deny_mac,
3816 &hapd->conf->num_deny_mac, buf + 17) ||
3817 hostapd_set_acl(hapd) ||
3818 hostapd_disassoc_deny_mac(hapd))
3819 reply_len = -1;
3820 } else if (os_strncmp(buf + 9, "DEL_MAC ", 8) == 0) {
3821 if (hostapd_ctrl_iface_acl_del_mac(
3822 &hapd->conf->deny_mac,
3823 &hapd->conf->num_deny_mac, buf + 17) ||
3824 hostapd_set_acl(hapd))
3825 reply_len = -1;
3826 } else if (os_strcmp(buf + 9, "SHOW") == 0) {
3827 reply_len = hostapd_ctrl_iface_acl_show_mac(
3828 hapd->conf->deny_mac,
3829 hapd->conf->num_deny_mac, reply, reply_size);
3830 } else if (os_strcmp(buf + 9, "CLEAR") == 0) {
3831 hostapd_ctrl_iface_acl_clear_list(
3832 &hapd->conf->deny_mac,
3833 &hapd->conf->num_deny_mac);
3834 if (hostapd_set_acl(hapd))
3835 reply_len = -1;
3836 } else {
3837 reply_len = -1;
3838 }
3839 #ifdef CONFIG_DPP
3840 } else if (os_strncmp(buf, "DPP_QR_CODE ", 12) == 0) {
3841 res = hostapd_dpp_qr_code(hapd, buf + 12);
3842 if (res < 0) {
3843 reply_len = -1;
3844 } else {
3845 reply_len = os_snprintf(reply, reply_size, "%d", res);
3846 if (os_snprintf_error(reply_size, reply_len))
3847 reply_len = -1;
3848 }
3849 } else if (os_strncmp(buf, "DPP_NFC_URI ", 12) == 0) {
3850 res = hostapd_dpp_nfc_uri(hapd, buf + 12);
3851 if (res < 0) {
3852 reply_len = -1;
3853 } else {
3854 reply_len = os_snprintf(reply, reply_size, "%d", res);
3855 if (os_snprintf_error(reply_size, reply_len))
3856 reply_len = -1;
3857 }
3858 } else if (os_strncmp(buf, "DPP_NFC_HANDOVER_REQ ", 21) == 0) {
3859 res = hostapd_dpp_nfc_handover_req(hapd, buf + 20);
3860 if (res < 0) {
3861 reply_len = -1;
3862 } else {
3863 reply_len = os_snprintf(reply, reply_size, "%d", res);
3864 if (os_snprintf_error(reply_size, reply_len))
3865 reply_len = -1;
3866 }
3867 } else if (os_strncmp(buf, "DPP_NFC_HANDOVER_SEL ", 21) == 0) {
3868 res = hostapd_dpp_nfc_handover_sel(hapd, buf + 20);
3869 if (res < 0) {
3870 reply_len = -1;
3871 } else {
3872 reply_len = os_snprintf(reply, reply_size, "%d", res);
3873 if (os_snprintf_error(reply_size, reply_len))
3874 reply_len = -1;
3875 }
3876 } else if (os_strncmp(buf, "DPP_BOOTSTRAP_GEN ", 18) == 0) {
3877 res = dpp_bootstrap_gen(hapd->iface->interfaces->dpp, buf + 18);
3878 if (res < 0) {
3879 reply_len = -1;
3880 } else {
3881 reply_len = os_snprintf(reply, reply_size, "%d", res);
3882 if (os_snprintf_error(reply_size, reply_len))
3883 reply_len = -1;
3884 }
3885 } else if (os_strncmp(buf, "DPP_BOOTSTRAP_REMOVE ", 21) == 0) {
3886 if (dpp_bootstrap_remove(hapd->iface->interfaces->dpp,
3887 buf + 21) < 0)
3888 reply_len = -1;
3889 } else if (os_strncmp(buf, "DPP_BOOTSTRAP_GET_URI ", 22) == 0) {
3890 const char *uri;
3891
3892 uri = dpp_bootstrap_get_uri(hapd->iface->interfaces->dpp,
3893 atoi(buf + 22));
3894 if (!uri) {
3895 reply_len = -1;
3896 } else {
3897 reply_len = os_snprintf(reply, reply_size, "%s", uri);
3898 if (os_snprintf_error(reply_size, reply_len))
3899 reply_len = -1;
3900 }
3901 } else if (os_strncmp(buf, "DPP_BOOTSTRAP_INFO ", 19) == 0) {
3902 reply_len = dpp_bootstrap_info(hapd->iface->interfaces->dpp,
3903 atoi(buf + 19),
3904 reply, reply_size);
3905 } else if (os_strncmp(buf, "DPP_BOOTSTRAP_SET ", 18) == 0) {
3906 if (dpp_bootstrap_set(hapd->iface->interfaces->dpp,
3907 atoi(buf + 18),
3908 os_strchr(buf + 18, ' ')) < 0)
3909 reply_len = -1;
3910 } else if (os_strncmp(buf, "DPP_AUTH_INIT ", 14) == 0) {
3911 if (hostapd_dpp_auth_init(hapd, buf + 13) < 0)
3912 reply_len = -1;
3913 } else if (os_strncmp(buf, "DPP_LISTEN ", 11) == 0) {
3914 if (hostapd_dpp_listen(hapd, buf + 11) < 0)
3915 reply_len = -1;
3916 } else if (os_strcmp(buf, "DPP_STOP_LISTEN") == 0) {
3917 hostapd_dpp_stop(hapd);
3918 hostapd_dpp_listen_stop(hapd);
3919 } else if (os_strncmp(buf, "DPP_CONFIGURATOR_ADD", 20) == 0) {
3920 res = dpp_configurator_add(hapd->iface->interfaces->dpp,
3921 buf + 20);
3922 if (res < 0) {
3923 reply_len = -1;
3924 } else {
3925 reply_len = os_snprintf(reply, reply_size, "%d", res);
3926 if (os_snprintf_error(reply_size, reply_len))
3927 reply_len = -1;
3928 }
3929 } else if (os_strncmp(buf, "DPP_CONFIGURATOR_SET ", 21) == 0) {
3930 if (dpp_configurator_set(hapd->iface->interfaces->dpp,
3931 buf + 20) < 0)
3932 reply_len = -1;
3933 } else if (os_strncmp(buf, "DPP_CONFIGURATOR_REMOVE ", 24) == 0) {
3934 if (dpp_configurator_remove(hapd->iface->interfaces->dpp,
3935 buf + 24) < 0)
3936 reply_len = -1;
3937 } else if (os_strncmp(buf, "DPP_CONFIGURATOR_SIGN ", 22) == 0) {
3938 if (hostapd_dpp_configurator_sign(hapd, buf + 21) < 0)
3939 reply_len = -1;
3940 } else if (os_strncmp(buf, "DPP_CONFIGURATOR_GET_KEY ", 25) == 0) {
3941 reply_len = dpp_configurator_get_key_id(
3942 hapd->iface->interfaces->dpp,
3943 atoi(buf + 25),
3944 reply, reply_size);
3945 } else if (os_strncmp(buf, "DPP_PKEX_ADD ", 13) == 0) {
3946 res = hostapd_dpp_pkex_add(hapd, buf + 12);
3947 if (res < 0) {
3948 reply_len = -1;
3949 } else {
3950 reply_len = os_snprintf(reply, reply_size, "%d", res);
3951 if (os_snprintf_error(reply_size, reply_len))
3952 reply_len = -1;
3953 }
3954 } else if (os_strncmp(buf, "DPP_PKEX_REMOVE ", 16) == 0) {
3955 if (hostapd_dpp_pkex_remove(hapd, buf + 16) < 0)
3956 reply_len = -1;
3957 #ifdef CONFIG_DPP2
3958 } else if (os_strncmp(buf, "DPP_CONTROLLER_START ", 21) == 0) {
3959 if (hostapd_dpp_controller_start(hapd, buf + 20) < 0)
3960 reply_len = -1;
3961 } else if (os_strcmp(buf, "DPP_CONTROLLER_START") == 0) {
3962 if (hostapd_dpp_controller_start(hapd, NULL) < 0)
3963 reply_len = -1;
3964 } else if (os_strcmp(buf, "DPP_CONTROLLER_STOP") == 0) {
3965 dpp_controller_stop(hapd->iface->interfaces->dpp);
3966 } else if (os_strncmp(buf, "DPP_CHIRP ", 10) == 0) {
3967 if (hostapd_dpp_chirp(hapd, buf + 9) < 0)
3968 reply_len = -1;
3969 } else if (os_strcmp(buf, "DPP_STOP_CHIRP") == 0) {
3970 hostapd_dpp_chirp_stop(hapd);
3971 } else if (os_strncmp(buf, "DPP_RELAY_ADD_CONTROLLER ", 25) == 0) {
3972 if (hostapd_dpp_add_controller(hapd, buf + 25) < 0)
3973 reply_len = -1;
3974 } else if (os_strncmp(buf, "DPP_RELAY_REMOVE_CONTROLLER ", 28) == 0) {
3975 hostapd_dpp_remove_controller(hapd, buf + 28);
3976 #endif /* CONFIG_DPP2 */
3977 #ifdef CONFIG_DPP3
3978 } else if (os_strcmp(buf, "DPP_PUSH_BUTTON") == 0) {
3979 if (hostapd_dpp_push_button(hapd, NULL) < 0)
3980 reply_len = -1;
3981 } else if (os_strncmp(buf, "DPP_PUSH_BUTTON ", 16) == 0) {
3982 if (hostapd_dpp_push_button(hapd, buf + 15) < 0)
3983 reply_len = -1;
3984 #endif /* CONFIG_DPP3 */
3985 #endif /* CONFIG_DPP */
3986 #ifdef RADIUS_SERVER
3987 } else if (os_strncmp(buf, "DAC_REQUEST ", 12) == 0) {
3988 if (radius_server_dac_request(hapd->radius_srv, buf + 12) < 0)
3989 reply_len = -1;
3990 #endif /* RADIUS_SERVER */
3991 } else if (os_strncmp(buf, "GET_CAPABILITY ", 15) == 0) {
3992 reply_len = hostapd_ctrl_iface_get_capability(
3993 hapd, buf + 15, reply, reply_size);
3994 #ifdef CONFIG_PASN
3995 } else if (os_strcmp(buf, "PTKSA_CACHE_LIST") == 0) {
3996 reply_len = ptksa_cache_list(hapd->ptksa, reply, reply_size);
3997 #endif /* CONFIG_PASN */
3998 #ifdef ANDROID
3999 } else if (os_strncmp(buf, "DRIVER ", 7) == 0) {
4000 reply_len = hostapd_ctrl_iface_driver_cmd(hapd, buf + 7, reply,
4001 reply_size);
4002 #endif /* ANDROID */
4003 } else {
4004 os_memcpy(reply, "UNKNOWN COMMAND\n", 16);
4005 reply_len = 16;
4006 }
4007
4008 if (reply_len < 0) {
4009 os_memcpy(reply, "FAIL\n", 5);
4010 reply_len = 5;
4011 }
4012
4013 return reply_len;
4014 }
4015
4016
hostapd_ctrl_iface_receive(int sock,void * eloop_ctx,void * sock_ctx)4017 static void hostapd_ctrl_iface_receive(int sock, void *eloop_ctx,
4018 void *sock_ctx)
4019 {
4020 struct hostapd_data *hapd = eloop_ctx;
4021 char buf[4096];
4022 int res;
4023 struct sockaddr_storage from;
4024 socklen_t fromlen = sizeof(from);
4025 char *reply, *pos = buf;
4026 const int reply_size = 4096;
4027 int reply_len;
4028 int level = MSG_DEBUG;
4029 #ifdef CONFIG_CTRL_IFACE_UDP
4030 unsigned char lcookie[CTRL_IFACE_COOKIE_LEN];
4031 #endif /* CONFIG_CTRL_IFACE_UDP */
4032
4033 res = recvfrom(sock, buf, sizeof(buf) - 1, 0,
4034 (struct sockaddr *) &from, &fromlen);
4035 if (res < 0) {
4036 wpa_printf(MSG_ERROR, "recvfrom(ctrl_iface): %s",
4037 strerror(errno));
4038 return;
4039 }
4040 buf[res] = '\0';
4041
4042 reply = os_malloc(reply_size);
4043 if (reply == NULL) {
4044 if (sendto(sock, "FAIL\n", 5, 0, (struct sockaddr *) &from,
4045 fromlen) < 0) {
4046 wpa_printf(MSG_DEBUG, "CTRL: sendto failed: %s",
4047 strerror(errno));
4048 }
4049 return;
4050 }
4051
4052 #ifdef CONFIG_CTRL_IFACE_UDP
4053 if (os_strcmp(buf, "GET_COOKIE") == 0) {
4054 os_memcpy(reply, "COOKIE=", 7);
4055 wpa_snprintf_hex(reply + 7, 2 * CTRL_IFACE_COOKIE_LEN + 1,
4056 hapd->ctrl_iface_cookie,
4057 CTRL_IFACE_COOKIE_LEN);
4058 reply_len = 7 + 2 * CTRL_IFACE_COOKIE_LEN;
4059 goto done;
4060 }
4061
4062 if (os_strncmp(buf, "COOKIE=", 7) != 0 ||
4063 hexstr2bin(buf + 7, lcookie, CTRL_IFACE_COOKIE_LEN) < 0) {
4064 wpa_printf(MSG_DEBUG,
4065 "CTRL: No cookie in the request - drop request");
4066 os_free(reply);
4067 return;
4068 }
4069
4070 if (os_memcmp(hapd->ctrl_iface_cookie, lcookie,
4071 CTRL_IFACE_COOKIE_LEN) != 0) {
4072 wpa_printf(MSG_DEBUG,
4073 "CTRL: Invalid cookie in the request - drop request");
4074 os_free(reply);
4075 return;
4076 }
4077
4078 pos = buf + 7 + 2 * CTRL_IFACE_COOKIE_LEN;
4079 while (*pos == ' ')
4080 pos++;
4081 #endif /* CONFIG_CTRL_IFACE_UDP */
4082
4083 if (os_strcmp(pos, "PING") == 0)
4084 level = MSG_EXCESSIVE;
4085 wpa_hexdump_ascii(level, "RX ctrl_iface", pos, res);
4086
4087 reply_len = hostapd_ctrl_iface_receive_process(hapd, pos,
4088 reply, reply_size,
4089 &from, fromlen);
4090
4091 #ifdef CONFIG_CTRL_IFACE_UDP
4092 done:
4093 #endif /* CONFIG_CTRL_IFACE_UDP */
4094 if (sendto(sock, reply, reply_len, 0, (struct sockaddr *) &from,
4095 fromlen) < 0) {
4096 wpa_printf(MSG_DEBUG, "CTRL: sendto failed: %s",
4097 strerror(errno));
4098 }
4099 os_free(reply);
4100 }
4101
4102
4103 #ifndef CONFIG_CTRL_IFACE_UDP
hostapd_ctrl_iface_path(struct hostapd_data * hapd)4104 static char * hostapd_ctrl_iface_path(struct hostapd_data *hapd)
4105 {
4106 char *buf;
4107 size_t len;
4108
4109 if (hapd->conf->ctrl_interface == NULL)
4110 return NULL;
4111
4112 len = os_strlen(hapd->conf->ctrl_interface) +
4113 os_strlen(hapd->conf->iface) + 2;
4114 buf = os_malloc(len);
4115 if (buf == NULL)
4116 return NULL;
4117
4118 os_snprintf(buf, len, "%s/%s",
4119 hapd->conf->ctrl_interface, hapd->conf->iface);
4120 buf[len - 1] = '\0';
4121 return buf;
4122 }
4123 #endif /* CONFIG_CTRL_IFACE_UDP */
4124
4125
hostapd_ctrl_iface_msg_cb(void * ctx,int level,enum wpa_msg_type type,const char * txt,size_t len)4126 static void hostapd_ctrl_iface_msg_cb(void *ctx, int level,
4127 enum wpa_msg_type type,
4128 const char *txt, size_t len)
4129 {
4130 struct hostapd_data *hapd = ctx;
4131 if (hapd == NULL)
4132 return;
4133 hostapd_ctrl_iface_send(hapd, level, type, txt, len);
4134 }
4135
4136
hostapd_ctrl_iface_init(struct hostapd_data * hapd)4137 int hostapd_ctrl_iface_init(struct hostapd_data *hapd)
4138 {
4139 #ifdef CONFIG_CTRL_IFACE_UDP
4140 int port = HOSTAPD_CTRL_IFACE_PORT;
4141 char p[32] = { 0 };
4142 char port_str[40], *tmp;
4143 char *pos;
4144 struct addrinfo hints = { 0 }, *res, *saveres;
4145 int n;
4146
4147 if (hapd->ctrl_sock > -1) {
4148 wpa_printf(MSG_DEBUG, "ctrl_iface already exists!");
4149 return 0;
4150 }
4151
4152 if (hapd->conf->ctrl_interface == NULL)
4153 return 0;
4154
4155 pos = os_strstr(hapd->conf->ctrl_interface, "udp:");
4156 if (pos) {
4157 pos += 4;
4158 port = atoi(pos);
4159 if (port <= 0) {
4160 wpa_printf(MSG_ERROR, "Invalid ctrl_iface UDP port");
4161 goto fail;
4162 }
4163 }
4164
4165 dl_list_init(&hapd->ctrl_dst);
4166 hapd->ctrl_sock = -1;
4167 os_get_random(hapd->ctrl_iface_cookie, CTRL_IFACE_COOKIE_LEN);
4168
4169 #ifdef CONFIG_CTRL_IFACE_UDP_REMOTE
4170 hints.ai_flags = AI_PASSIVE;
4171 #endif /* CONFIG_CTRL_IFACE_UDP_REMOTE */
4172
4173 #ifdef CONFIG_CTRL_IFACE_UDP_IPV6
4174 hints.ai_family = AF_INET6;
4175 #else /* CONFIG_CTRL_IFACE_UDP_IPV6 */
4176 hints.ai_family = AF_INET;
4177 #endif /* CONFIG_CTRL_IFACE_UDP_IPV6 */
4178 hints.ai_socktype = SOCK_DGRAM;
4179
4180 try_again:
4181 os_snprintf(p, sizeof(p), "%d", port);
4182 n = getaddrinfo(NULL, p, &hints, &res);
4183 if (n) {
4184 wpa_printf(MSG_ERROR, "getaddrinfo(): %s", gai_strerror(n));
4185 goto fail;
4186 }
4187
4188 saveres = res;
4189 hapd->ctrl_sock = socket(res->ai_family, res->ai_socktype,
4190 res->ai_protocol);
4191 if (hapd->ctrl_sock < 0) {
4192 wpa_printf(MSG_ERROR, "socket(PF_INET): %s", strerror(errno));
4193 goto fail;
4194 }
4195
4196 if (bind(hapd->ctrl_sock, res->ai_addr, res->ai_addrlen) < 0) {
4197 port--;
4198 if ((HOSTAPD_CTRL_IFACE_PORT - port) <
4199 HOSTAPD_CTRL_IFACE_PORT_LIMIT && !pos)
4200 goto try_again;
4201 wpa_printf(MSG_ERROR, "bind(AF_INET): %s", strerror(errno));
4202 goto fail;
4203 }
4204
4205 freeaddrinfo(saveres);
4206
4207 os_snprintf(port_str, sizeof(port_str), "udp:%d", port);
4208 tmp = os_strdup(port_str);
4209 if (tmp) {
4210 os_free(hapd->conf->ctrl_interface);
4211 hapd->conf->ctrl_interface = tmp;
4212 }
4213 wpa_printf(MSG_DEBUG, "ctrl_iface_init UDP port: %d", port);
4214
4215 if (eloop_register_read_sock(hapd->ctrl_sock,
4216 hostapd_ctrl_iface_receive, hapd, NULL) <
4217 0) {
4218 hostapd_ctrl_iface_deinit(hapd);
4219 return -1;
4220 }
4221
4222 hapd->msg_ctx = hapd;
4223 wpa_msg_register_cb(hostapd_ctrl_iface_msg_cb);
4224
4225 return 0;
4226
4227 fail:
4228 if (hapd->ctrl_sock >= 0)
4229 close(hapd->ctrl_sock);
4230 return -1;
4231 #else /* CONFIG_CTRL_IFACE_UDP */
4232 struct sockaddr_un addr;
4233 int s = -1;
4234 char *fname = NULL;
4235
4236 if (hapd->ctrl_sock > -1) {
4237 wpa_printf(MSG_DEBUG, "ctrl_iface already exists!");
4238 return 0;
4239 }
4240
4241 dl_list_init(&hapd->ctrl_dst);
4242
4243 if (hapd->conf->ctrl_interface == NULL)
4244 return 0;
4245
4246 if (mkdir(hapd->conf->ctrl_interface, S_IRWXU | S_IRWXG) < 0) {
4247 if (errno == EEXIST) {
4248 wpa_printf(MSG_DEBUG, "Using existing control "
4249 "interface directory.");
4250 } else {
4251 wpa_printf(MSG_ERROR, "mkdir[ctrl_interface]: %s",
4252 strerror(errno));
4253 goto fail;
4254 }
4255 }
4256
4257 if (hapd->conf->ctrl_interface_gid_set &&
4258 lchown(hapd->conf->ctrl_interface, -1,
4259 hapd->conf->ctrl_interface_gid) < 0) {
4260 wpa_printf(MSG_ERROR, "lchown[ctrl_interface]: %s",
4261 strerror(errno));
4262 return -1;
4263 }
4264
4265 if (!hapd->conf->ctrl_interface_gid_set &&
4266 hapd->iface->interfaces->ctrl_iface_group &&
4267 lchown(hapd->conf->ctrl_interface, -1,
4268 hapd->iface->interfaces->ctrl_iface_group) < 0) {
4269 wpa_printf(MSG_ERROR, "lchown[ctrl_interface]: %s",
4270 strerror(errno));
4271 return -1;
4272 }
4273
4274 #ifdef ANDROID
4275 /*
4276 * Android is using umask 0077 which would leave the control interface
4277 * directory without group access. This breaks things since Wi-Fi
4278 * framework assumes that this directory can be accessed by other
4279 * applications in the wifi group. Fix this by adding group access even
4280 * if umask value would prevent this.
4281 */
4282 if (chmod(hapd->conf->ctrl_interface, S_IRWXU | S_IRWXG) < 0) {
4283 wpa_printf(MSG_ERROR, "CTRL: Could not chmod directory: %s",
4284 strerror(errno));
4285 /* Try to continue anyway */
4286 }
4287 #endif /* ANDROID */
4288
4289 if (os_strlen(hapd->conf->ctrl_interface) + 1 +
4290 os_strlen(hapd->conf->iface) >= sizeof(addr.sun_path))
4291 goto fail;
4292
4293 s = socket(PF_UNIX, SOCK_DGRAM, 0);
4294 if (s < 0) {
4295 wpa_printf(MSG_ERROR, "socket(PF_UNIX): %s", strerror(errno));
4296 goto fail;
4297 }
4298
4299 os_memset(&addr, 0, sizeof(addr));
4300 #ifdef __FreeBSD__
4301 addr.sun_len = sizeof(addr);
4302 #endif /* __FreeBSD__ */
4303 addr.sun_family = AF_UNIX;
4304 fname = hostapd_ctrl_iface_path(hapd);
4305 if (fname == NULL)
4306 goto fail;
4307 os_strlcpy(addr.sun_path, fname, sizeof(addr.sun_path));
4308 if (bind(s, (struct sockaddr *) &addr, sizeof(addr)) < 0) {
4309 wpa_printf(MSG_DEBUG, "ctrl_iface bind(PF_UNIX) failed: %s",
4310 strerror(errno));
4311 if (connect(s, (struct sockaddr *) &addr, sizeof(addr)) < 0) {
4312 wpa_printf(MSG_DEBUG, "ctrl_iface exists, but does not"
4313 " allow connections - assuming it was left"
4314 "over from forced program termination");
4315 if (unlink(fname) < 0) {
4316 wpa_printf(MSG_ERROR,
4317 "Could not unlink existing ctrl_iface socket '%s': %s",
4318 fname, strerror(errno));
4319 goto fail;
4320 }
4321 if (bind(s, (struct sockaddr *) &addr, sizeof(addr)) <
4322 0) {
4323 wpa_printf(MSG_ERROR,
4324 "hostapd-ctrl-iface: bind(PF_UNIX): %s",
4325 strerror(errno));
4326 goto fail;
4327 }
4328 wpa_printf(MSG_DEBUG, "Successfully replaced leftover "
4329 "ctrl_iface socket '%s'", fname);
4330 } else {
4331 wpa_printf(MSG_INFO, "ctrl_iface exists and seems to "
4332 "be in use - cannot override it");
4333 wpa_printf(MSG_INFO, "Delete '%s' manually if it is "
4334 "not used anymore", fname);
4335 os_free(fname);
4336 fname = NULL;
4337 goto fail;
4338 }
4339 }
4340
4341 if (hapd->conf->ctrl_interface_gid_set &&
4342 lchown(fname, -1, hapd->conf->ctrl_interface_gid) < 0) {
4343 wpa_printf(MSG_ERROR, "lchown[ctrl_interface/ifname]: %s",
4344 strerror(errno));
4345 goto fail;
4346 }
4347
4348 if (!hapd->conf->ctrl_interface_gid_set &&
4349 hapd->iface->interfaces->ctrl_iface_group &&
4350 lchown(fname, -1, hapd->iface->interfaces->ctrl_iface_group) < 0) {
4351 wpa_printf(MSG_ERROR, "lchown[ctrl_interface/ifname]: %s",
4352 strerror(errno));
4353 goto fail;
4354 }
4355
4356 if (chmod(fname, S_IRWXU | S_IRWXG) < 0) {
4357 wpa_printf(MSG_ERROR, "chmod[ctrl_interface/ifname]: %s",
4358 strerror(errno));
4359 goto fail;
4360 }
4361 os_free(fname);
4362
4363 hapd->ctrl_sock = s;
4364 if (eloop_register_read_sock(s, hostapd_ctrl_iface_receive, hapd,
4365 NULL) < 0) {
4366 hostapd_ctrl_iface_deinit(hapd);
4367 return -1;
4368 }
4369 hapd->msg_ctx = hapd;
4370 wpa_msg_register_cb(hostapd_ctrl_iface_msg_cb);
4371
4372 return 0;
4373
4374 fail:
4375 if (s >= 0)
4376 close(s);
4377 if (fname) {
4378 unlink(fname);
4379 os_free(fname);
4380 }
4381 return -1;
4382 #endif /* CONFIG_CTRL_IFACE_UDP */
4383 }
4384
4385
hostapd_ctrl_iface_deinit(struct hostapd_data * hapd)4386 void hostapd_ctrl_iface_deinit(struct hostapd_data *hapd)
4387 {
4388 struct wpa_ctrl_dst *dst, *prev;
4389
4390 if (hapd->ctrl_sock > -1) {
4391 #ifndef CONFIG_CTRL_IFACE_UDP
4392 char *fname;
4393 #endif /* !CONFIG_CTRL_IFACE_UDP */
4394
4395 eloop_unregister_read_sock(hapd->ctrl_sock);
4396 close(hapd->ctrl_sock);
4397 hapd->ctrl_sock = -1;
4398 #ifndef CONFIG_CTRL_IFACE_UDP
4399 fname = hostapd_ctrl_iface_path(hapd);
4400 if (fname)
4401 unlink(fname);
4402 os_free(fname);
4403
4404 if (hapd->conf->ctrl_interface &&
4405 rmdir(hapd->conf->ctrl_interface) < 0) {
4406 if (errno == ENOTEMPTY) {
4407 wpa_printf(MSG_DEBUG, "Control interface "
4408 "directory not empty - leaving it "
4409 "behind");
4410 } else {
4411 wpa_printf(MSG_ERROR,
4412 "rmdir[ctrl_interface=%s]: %s",
4413 hapd->conf->ctrl_interface,
4414 strerror(errno));
4415 }
4416 }
4417 #endif /* !CONFIG_CTRL_IFACE_UDP */
4418 }
4419
4420 dl_list_for_each_safe(dst, prev, &hapd->ctrl_dst, struct wpa_ctrl_dst,
4421 list)
4422 os_free(dst);
4423
4424 #ifdef CONFIG_TESTING_OPTIONS
4425 l2_packet_deinit(hapd->l2_test);
4426 hapd->l2_test = NULL;
4427 #endif /* CONFIG_TESTING_OPTIONS */
4428 }
4429
4430
hostapd_ctrl_iface_add(struct hapd_interfaces * interfaces,char * buf)4431 static int hostapd_ctrl_iface_add(struct hapd_interfaces *interfaces,
4432 char *buf)
4433 {
4434 if (hostapd_add_iface(interfaces, buf) < 0) {
4435 wpa_printf(MSG_ERROR, "Adding interface %s failed", buf);
4436 return -1;
4437 }
4438 return 0;
4439 }
4440
4441
hostapd_ctrl_iface_remove(struct hapd_interfaces * interfaces,char * buf)4442 static int hostapd_ctrl_iface_remove(struct hapd_interfaces *interfaces,
4443 char *buf)
4444 {
4445 if (hostapd_remove_iface(interfaces, buf) < 0) {
4446 wpa_printf(MSG_ERROR, "Removing interface %s failed", buf);
4447 return -1;
4448 }
4449 return 0;
4450 }
4451
4452
hostapd_global_ctrl_iface_attach(struct hapd_interfaces * interfaces,struct sockaddr_storage * from,socklen_t fromlen,char * input)4453 static int hostapd_global_ctrl_iface_attach(struct hapd_interfaces *interfaces,
4454 struct sockaddr_storage *from,
4455 socklen_t fromlen, char *input)
4456 {
4457 return ctrl_iface_attach(&interfaces->global_ctrl_dst, from, fromlen,
4458 input);
4459 }
4460
4461
hostapd_global_ctrl_iface_detach(struct hapd_interfaces * interfaces,struct sockaddr_storage * from,socklen_t fromlen)4462 static int hostapd_global_ctrl_iface_detach(struct hapd_interfaces *interfaces,
4463 struct sockaddr_storage *from,
4464 socklen_t fromlen)
4465 {
4466 return ctrl_iface_detach(&interfaces->global_ctrl_dst, from, fromlen);
4467 }
4468
4469
hostapd_ctrl_iface_flush(struct hapd_interfaces * interfaces)4470 static void hostapd_ctrl_iface_flush(struct hapd_interfaces *interfaces)
4471 {
4472 #ifdef CONFIG_WPS_TESTING
4473 wps_version_number = 0x20;
4474 wps_testing_stub_cred = 0;
4475 wps_corrupt_pkhash = 0;
4476 #endif /* CONFIG_WPS_TESTING */
4477
4478 #ifdef CONFIG_TESTING_OPTIONS
4479 #ifdef CONFIG_DPP
4480 dpp_test = DPP_TEST_DISABLED;
4481 #ifdef CONFIG_DPP3
4482 dpp_version_override = 3;
4483 #elif defined(CONFIG_DPP2)
4484 dpp_version_override = 2;
4485 #else /* CONFIG_DPP2 */
4486 dpp_version_override = 1;
4487 #endif /* CONFIG_DPP2 */
4488 #endif /* CONFIG_DPP */
4489 #endif /* CONFIG_TESTING_OPTIONS */
4490
4491 #ifdef CONFIG_DPP
4492 dpp_global_clear(interfaces->dpp);
4493 #ifdef CONFIG_DPP3
4494 {
4495 int i;
4496
4497 for (i = 0; i < DPP_PB_INFO_COUNT; i++) {
4498 struct dpp_pb_info *info;
4499
4500 info = &interfaces->dpp_pb[i];
4501 info->rx_time.sec = 0;
4502 info->rx_time.usec = 0;
4503 }
4504 }
4505 #endif /* CONFIG_DPP3 */
4506 #endif /* CONFIG_DPP */
4507 }
4508
4509
4510 #ifdef CONFIG_FST
4511
4512 static int
hostapd_global_ctrl_iface_fst_attach(struct hapd_interfaces * interfaces,const char * cmd)4513 hostapd_global_ctrl_iface_fst_attach(struct hapd_interfaces *interfaces,
4514 const char *cmd)
4515 {
4516 char ifname[IFNAMSIZ + 1];
4517 struct fst_iface_cfg cfg;
4518 struct hostapd_data *hapd;
4519 struct fst_wpa_obj iface_obj;
4520
4521 if (!fst_parse_attach_command(cmd, ifname, sizeof(ifname), &cfg)) {
4522 hapd = hostapd_get_iface(interfaces, ifname);
4523 if (hapd) {
4524 if (hapd->iface->fst) {
4525 wpa_printf(MSG_INFO, "FST: Already attached");
4526 return -1;
4527 }
4528 fst_hostapd_fill_iface_obj(hapd, &iface_obj);
4529 hapd->iface->fst = fst_attach(ifname, hapd->own_addr,
4530 &iface_obj, &cfg);
4531 if (hapd->iface->fst)
4532 return 0;
4533 }
4534 }
4535
4536 return -EINVAL;
4537 }
4538
4539
4540 static int
hostapd_global_ctrl_iface_fst_detach(struct hapd_interfaces * interfaces,const char * cmd)4541 hostapd_global_ctrl_iface_fst_detach(struct hapd_interfaces *interfaces,
4542 const char *cmd)
4543 {
4544 char ifname[IFNAMSIZ + 1];
4545 struct hostapd_data * hapd;
4546
4547 if (!fst_parse_detach_command(cmd, ifname, sizeof(ifname))) {
4548 hapd = hostapd_get_iface(interfaces, ifname);
4549 if (hapd) {
4550 if (!fst_iface_detach(ifname)) {
4551 hapd->iface->fst = NULL;
4552 hapd->iface->fst_ies = NULL;
4553 return 0;
4554 }
4555 }
4556 }
4557
4558 return -EINVAL;
4559 }
4560
4561 #endif /* CONFIG_FST */
4562
4563
4564 static struct hostapd_data *
hostapd_interfaces_get_hapd(struct hapd_interfaces * interfaces,const char * ifname)4565 hostapd_interfaces_get_hapd(struct hapd_interfaces *interfaces,
4566 const char *ifname)
4567 {
4568 size_t i, j;
4569
4570 for (i = 0; i < interfaces->count; i++) {
4571 struct hostapd_iface *iface = interfaces->iface[i];
4572
4573 for (j = 0; j < iface->num_bss; j++) {
4574 struct hostapd_data *hapd;
4575
4576 hapd = iface->bss[j];
4577 if (os_strcmp(ifname, hapd->conf->iface) == 0)
4578 return hapd;
4579 }
4580 }
4581
4582 return NULL;
4583 }
4584
4585
hostapd_ctrl_iface_dup_param(struct hostapd_data * src_hapd,struct hostapd_data * dst_hapd,const char * param)4586 static int hostapd_ctrl_iface_dup_param(struct hostapd_data *src_hapd,
4587 struct hostapd_data *dst_hapd,
4588 const char *param)
4589 {
4590 int res;
4591 char *value;
4592
4593 value = os_zalloc(HOSTAPD_CLI_DUP_VALUE_MAX_LEN);
4594 if (!value) {
4595 wpa_printf(MSG_ERROR,
4596 "DUP: cannot allocate buffer to stringify %s",
4597 param);
4598 goto error_return;
4599 }
4600
4601 if (os_strcmp(param, "wpa") == 0) {
4602 os_snprintf(value, HOSTAPD_CLI_DUP_VALUE_MAX_LEN, "%d",
4603 src_hapd->conf->wpa);
4604 } else if (os_strcmp(param, "wpa_key_mgmt") == 0 &&
4605 src_hapd->conf->wpa_key_mgmt) {
4606 res = hostapd_ctrl_iface_get_key_mgmt(
4607 src_hapd, value, HOSTAPD_CLI_DUP_VALUE_MAX_LEN);
4608 if (os_snprintf_error(HOSTAPD_CLI_DUP_VALUE_MAX_LEN, res))
4609 goto error_stringify;
4610 } else if (os_strcmp(param, "wpa_pairwise") == 0 &&
4611 src_hapd->conf->wpa_pairwise) {
4612 res = wpa_write_ciphers(value,
4613 value + HOSTAPD_CLI_DUP_VALUE_MAX_LEN,
4614 src_hapd->conf->wpa_pairwise, " ");
4615 if (res < 0)
4616 goto error_stringify;
4617 } else if (os_strcmp(param, "rsn_pairwise") == 0 &&
4618 src_hapd->conf->rsn_pairwise) {
4619 res = wpa_write_ciphers(value,
4620 value + HOSTAPD_CLI_DUP_VALUE_MAX_LEN,
4621 src_hapd->conf->rsn_pairwise, " ");
4622 if (res < 0)
4623 goto error_stringify;
4624 } else if (os_strcmp(param, "wpa_passphrase") == 0 &&
4625 src_hapd->conf->ssid.wpa_passphrase) {
4626 os_snprintf(value, HOSTAPD_CLI_DUP_VALUE_MAX_LEN, "%s",
4627 src_hapd->conf->ssid.wpa_passphrase);
4628 } else if (os_strcmp(param, "wpa_psk") == 0 &&
4629 src_hapd->conf->ssid.wpa_psk_set) {
4630 wpa_snprintf_hex(value, HOSTAPD_CLI_DUP_VALUE_MAX_LEN,
4631 src_hapd->conf->ssid.wpa_psk->psk, PMK_LEN);
4632 } else {
4633 wpa_printf(MSG_WARNING, "DUP: %s cannot be duplicated", param);
4634 goto error_return;
4635 }
4636
4637 res = hostapd_set_iface(dst_hapd->iconf, dst_hapd->conf, param, value);
4638 os_free(value);
4639 return res;
4640
4641 error_stringify:
4642 wpa_printf(MSG_ERROR, "DUP: cannot stringify %s", param);
4643 error_return:
4644 os_free(value);
4645 return -1;
4646 }
4647
4648
4649 static int
hostapd_global_ctrl_iface_interfaces(struct hapd_interfaces * interfaces,const char * input,char * reply,int reply_size)4650 hostapd_global_ctrl_iface_interfaces(struct hapd_interfaces *interfaces,
4651 const char *input,
4652 char *reply, int reply_size)
4653 {
4654 size_t i, j;
4655 int res;
4656 char *pos, *end;
4657 struct hostapd_iface *iface;
4658 int show_ctrl = 0;
4659
4660 if (input)
4661 show_ctrl = !!os_strstr(input, "ctrl");
4662
4663 pos = reply;
4664 end = reply + reply_size;
4665
4666 for (i = 0; i < interfaces->count; i++) {
4667 iface = interfaces->iface[i];
4668
4669 for (j = 0; j < iface->num_bss; j++) {
4670 struct hostapd_bss_config *conf;
4671
4672 conf = iface->conf->bss[j];
4673 if (show_ctrl)
4674 res = os_snprintf(pos, end - pos,
4675 "%s ctrl_iface=%s\n",
4676 conf->iface,
4677 conf->ctrl_interface ?
4678 conf->ctrl_interface : "N/A");
4679 else
4680 res = os_snprintf(pos, end - pos, "%s\n",
4681 conf->iface);
4682 if (os_snprintf_error(end - pos, res)) {
4683 *pos = '\0';
4684 return pos - reply;
4685 }
4686 pos += res;
4687 }
4688 }
4689
4690 return pos - reply;
4691 }
4692
4693
4694 static int
hostapd_global_ctrl_iface_dup_network(struct hapd_interfaces * interfaces,char * cmd)4695 hostapd_global_ctrl_iface_dup_network(struct hapd_interfaces *interfaces,
4696 char *cmd)
4697 {
4698 char *p_start = cmd, *p_end;
4699 struct hostapd_data *src_hapd, *dst_hapd;
4700
4701 /* cmd: "<src ifname> <dst ifname> <variable name> */
4702
4703 p_end = os_strchr(p_start, ' ');
4704 if (!p_end) {
4705 wpa_printf(MSG_ERROR, "DUP: no src ifname found in cmd: '%s'",
4706 cmd);
4707 return -1;
4708 }
4709
4710 *p_end = '\0';
4711 src_hapd = hostapd_interfaces_get_hapd(interfaces, p_start);
4712 if (!src_hapd) {
4713 wpa_printf(MSG_ERROR, "DUP: no src ifname found: '%s'",
4714 p_start);
4715 return -1;
4716 }
4717
4718 p_start = p_end + 1;
4719 p_end = os_strchr(p_start, ' ');
4720 if (!p_end) {
4721 wpa_printf(MSG_ERROR, "DUP: no dst ifname found in cmd: '%s'",
4722 cmd);
4723 return -1;
4724 }
4725
4726 *p_end = '\0';
4727 dst_hapd = hostapd_interfaces_get_hapd(interfaces, p_start);
4728 if (!dst_hapd) {
4729 wpa_printf(MSG_ERROR, "DUP: no dst ifname found: '%s'",
4730 p_start);
4731 return -1;
4732 }
4733
4734 p_start = p_end + 1;
4735 return hostapd_ctrl_iface_dup_param(src_hapd, dst_hapd, p_start);
4736 }
4737
4738
hostapd_global_ctrl_iface_ifname(struct hapd_interfaces * interfaces,const char * ifname,char * buf,char * reply,int reply_size,struct sockaddr_storage * from,socklen_t fromlen)4739 static int hostapd_global_ctrl_iface_ifname(struct hapd_interfaces *interfaces,
4740 const char *ifname,
4741 char *buf, char *reply,
4742 int reply_size,
4743 struct sockaddr_storage *from,
4744 socklen_t fromlen)
4745 {
4746 struct hostapd_data *hapd;
4747
4748 hapd = hostapd_interfaces_get_hapd(interfaces, ifname);
4749 if (hapd == NULL) {
4750 int res;
4751
4752 res = os_snprintf(reply, reply_size, "FAIL-NO-IFNAME-MATCH\n");
4753 if (os_snprintf_error(reply_size, res))
4754 return -1;
4755 return res;
4756 }
4757
4758 return hostapd_ctrl_iface_receive_process(hapd, buf, reply,reply_size,
4759 from, fromlen);
4760 }
4761
4762
hostapd_global_ctrl_iface_receive(int sock,void * eloop_ctx,void * sock_ctx)4763 static void hostapd_global_ctrl_iface_receive(int sock, void *eloop_ctx,
4764 void *sock_ctx)
4765 {
4766 struct hapd_interfaces *interfaces = eloop_ctx;
4767 char buffer[256], *buf = buffer;
4768 int res;
4769 struct sockaddr_storage from;
4770 socklen_t fromlen = sizeof(from);
4771 char *reply;
4772 int reply_len;
4773 const int reply_size = 4096;
4774 #ifdef CONFIG_CTRL_IFACE_UDP
4775 unsigned char lcookie[CTRL_IFACE_COOKIE_LEN];
4776 #endif /* CONFIG_CTRL_IFACE_UDP */
4777
4778 res = recvfrom(sock, buffer, sizeof(buffer) - 1, 0,
4779 (struct sockaddr *) &from, &fromlen);
4780 if (res < 0) {
4781 wpa_printf(MSG_ERROR, "recvfrom(ctrl_iface): %s",
4782 strerror(errno));
4783 return;
4784 }
4785 buf[res] = '\0';
4786 wpa_printf(MSG_DEBUG, "Global ctrl_iface command: %s", buf);
4787
4788 reply = os_malloc(reply_size);
4789 if (reply == NULL) {
4790 if (sendto(sock, "FAIL\n", 5, 0, (struct sockaddr *) &from,
4791 fromlen) < 0) {
4792 wpa_printf(MSG_DEBUG, "CTRL: sendto failed: %s",
4793 strerror(errno));
4794 }
4795 return;
4796 }
4797
4798 os_memcpy(reply, "OK\n", 3);
4799 reply_len = 3;
4800
4801 #ifdef CONFIG_CTRL_IFACE_UDP
4802 if (os_strcmp(buf, "GET_COOKIE") == 0) {
4803 os_memcpy(reply, "COOKIE=", 7);
4804 wpa_snprintf_hex(reply + 7, 2 * CTRL_IFACE_COOKIE_LEN + 1,
4805 interfaces->ctrl_iface_cookie,
4806 CTRL_IFACE_COOKIE_LEN);
4807 reply_len = 7 + 2 * CTRL_IFACE_COOKIE_LEN;
4808 goto send_reply;
4809 }
4810
4811 if (os_strncmp(buf, "COOKIE=", 7) != 0 ||
4812 hexstr2bin(buf + 7, lcookie, CTRL_IFACE_COOKIE_LEN) < 0) {
4813 wpa_printf(MSG_DEBUG,
4814 "CTRL: No cookie in the request - drop request");
4815 os_free(reply);
4816 return;
4817 }
4818
4819 if (os_memcmp(interfaces->ctrl_iface_cookie, lcookie,
4820 CTRL_IFACE_COOKIE_LEN) != 0) {
4821 wpa_printf(MSG_DEBUG,
4822 "CTRL: Invalid cookie in the request - drop request");
4823 os_free(reply);
4824 return;
4825 }
4826
4827 buf += 7 + 2 * CTRL_IFACE_COOKIE_LEN;
4828 while (*buf == ' ')
4829 buf++;
4830 #endif /* CONFIG_CTRL_IFACE_UDP */
4831
4832 if (os_strncmp(buf, "IFNAME=", 7) == 0) {
4833 char *pos = os_strchr(buf + 7, ' ');
4834
4835 if (pos) {
4836 *pos++ = '\0';
4837 reply_len = hostapd_global_ctrl_iface_ifname(
4838 interfaces, buf + 7, pos, reply, reply_size,
4839 &from, fromlen);
4840 goto send_reply;
4841 }
4842 }
4843
4844 if (os_strcmp(buf, "PING") == 0) {
4845 os_memcpy(reply, "PONG\n", 5);
4846 reply_len = 5;
4847 } else if (os_strncmp(buf, "RELOG", 5) == 0) {
4848 if (wpa_debug_reopen_file() < 0)
4849 reply_len = -1;
4850 } else if (os_strcmp(buf, "FLUSH") == 0) {
4851 hostapd_ctrl_iface_flush(interfaces);
4852 } else if (os_strncmp(buf, "ADD ", 4) == 0) {
4853 if (hostapd_ctrl_iface_add(interfaces, buf + 4) < 0)
4854 reply_len = -1;
4855 } else if (os_strncmp(buf, "REMOVE ", 7) == 0) {
4856 if (hostapd_ctrl_iface_remove(interfaces, buf + 7) < 0)
4857 reply_len = -1;
4858 } else if (os_strcmp(buf, "ATTACH") == 0) {
4859 if (hostapd_global_ctrl_iface_attach(interfaces, &from,
4860 fromlen, NULL))
4861 reply_len = -1;
4862 } else if (os_strncmp(buf, "ATTACH ", 7) == 0) {
4863 if (hostapd_global_ctrl_iface_attach(interfaces, &from,
4864 fromlen, buf + 7))
4865 reply_len = -1;
4866 } else if (os_strcmp(buf, "DETACH") == 0) {
4867 if (hostapd_global_ctrl_iface_detach(interfaces, &from,
4868 fromlen))
4869 reply_len = -1;
4870 #ifdef CONFIG_MODULE_TESTS
4871 } else if (os_strcmp(buf, "MODULE_TESTS") == 0) {
4872 if (hapd_module_tests() < 0)
4873 reply_len = -1;
4874 #endif /* CONFIG_MODULE_TESTS */
4875 #ifdef CONFIG_FST
4876 } else if (os_strncmp(buf, "FST-ATTACH ", 11) == 0) {
4877 if (!hostapd_global_ctrl_iface_fst_attach(interfaces, buf + 11))
4878 reply_len = os_snprintf(reply, reply_size, "OK\n");
4879 else
4880 reply_len = -1;
4881 } else if (os_strncmp(buf, "FST-DETACH ", 11) == 0) {
4882 if (!hostapd_global_ctrl_iface_fst_detach(interfaces, buf + 11))
4883 reply_len = os_snprintf(reply, reply_size, "OK\n");
4884 else
4885 reply_len = -1;
4886 } else if (os_strncmp(buf, "FST-MANAGER ", 12) == 0) {
4887 reply_len = fst_ctrl_iface_receive(buf + 12, reply, reply_size);
4888 #endif /* CONFIG_FST */
4889 } else if (os_strncmp(buf, "DUP_NETWORK ", 12) == 0) {
4890 if (!hostapd_global_ctrl_iface_dup_network(interfaces,
4891 buf + 12))
4892 reply_len = os_snprintf(reply, reply_size, "OK\n");
4893 else
4894 reply_len = -1;
4895 } else if (os_strncmp(buf, "INTERFACES", 10) == 0) {
4896 reply_len = hostapd_global_ctrl_iface_interfaces(
4897 interfaces, buf + 10, reply, sizeof(buffer));
4898 } else if (os_strcmp(buf, "TERMINATE") == 0) {
4899 eloop_terminate();
4900 } else {
4901 wpa_printf(MSG_DEBUG, "Unrecognized global ctrl_iface command "
4902 "ignored");
4903 reply_len = -1;
4904 }
4905
4906 send_reply:
4907 if (reply_len < 0) {
4908 os_memcpy(reply, "FAIL\n", 5);
4909 reply_len = 5;
4910 }
4911
4912 if (sendto(sock, reply, reply_len, 0, (struct sockaddr *) &from,
4913 fromlen) < 0) {
4914 wpa_printf(MSG_DEBUG, "CTRL: sendto failed: %s",
4915 strerror(errno));
4916 }
4917 os_free(reply);
4918 }
4919
4920
4921 #ifndef CONFIG_CTRL_IFACE_UDP
hostapd_global_ctrl_iface_path(struct hapd_interfaces * interface)4922 static char * hostapd_global_ctrl_iface_path(struct hapd_interfaces *interface)
4923 {
4924 char *buf;
4925 size_t len;
4926
4927 if (interface->global_iface_path == NULL)
4928 return NULL;
4929
4930 len = os_strlen(interface->global_iface_path) +
4931 os_strlen(interface->global_iface_name) + 2;
4932 buf = os_malloc(len);
4933 if (buf == NULL)
4934 return NULL;
4935
4936 os_snprintf(buf, len, "%s/%s", interface->global_iface_path,
4937 interface->global_iface_name);
4938 buf[len - 1] = '\0';
4939 return buf;
4940 }
4941 #endif /* CONFIG_CTRL_IFACE_UDP */
4942
4943
hostapd_global_ctrl_iface_init(struct hapd_interfaces * interface)4944 int hostapd_global_ctrl_iface_init(struct hapd_interfaces *interface)
4945 {
4946 #ifdef CONFIG_CTRL_IFACE_UDP
4947 int port = HOSTAPD_GLOBAL_CTRL_IFACE_PORT;
4948 char p[32] = { 0 };
4949 char *pos;
4950 struct addrinfo hints = { 0 }, *res, *saveres;
4951 int n;
4952
4953 if (interface->global_ctrl_sock > -1) {
4954 wpa_printf(MSG_DEBUG, "ctrl_iface already exists!");
4955 return 0;
4956 }
4957
4958 if (interface->global_iface_path == NULL)
4959 return 0;
4960
4961 pos = os_strstr(interface->global_iface_path, "udp:");
4962 if (pos) {
4963 pos += 4;
4964 port = atoi(pos);
4965 if (port <= 0) {
4966 wpa_printf(MSG_ERROR, "Invalid global ctrl UDP port");
4967 goto fail;
4968 }
4969 }
4970
4971 os_get_random(interface->ctrl_iface_cookie, CTRL_IFACE_COOKIE_LEN);
4972
4973 #ifdef CONFIG_CTRL_IFACE_UDP_REMOTE
4974 hints.ai_flags = AI_PASSIVE;
4975 #endif /* CONFIG_CTRL_IFACE_UDP_REMOTE */
4976
4977 #ifdef CONFIG_CTRL_IFACE_UDP_IPV6
4978 hints.ai_family = AF_INET6;
4979 #else /* CONFIG_CTRL_IFACE_UDP_IPV6 */
4980 hints.ai_family = AF_INET;
4981 #endif /* CONFIG_CTRL_IFACE_UDP_IPV6 */
4982 hints.ai_socktype = SOCK_DGRAM;
4983
4984 try_again:
4985 os_snprintf(p, sizeof(p), "%d", port);
4986 n = getaddrinfo(NULL, p, &hints, &res);
4987 if (n) {
4988 wpa_printf(MSG_ERROR, "getaddrinfo(): %s", gai_strerror(n));
4989 goto fail;
4990 }
4991
4992 saveres = res;
4993 interface->global_ctrl_sock = socket(res->ai_family, res->ai_socktype,
4994 res->ai_protocol);
4995 if (interface->global_ctrl_sock < 0) {
4996 wpa_printf(MSG_ERROR, "socket(PF_INET): %s", strerror(errno));
4997 goto fail;
4998 }
4999
5000 if (bind(interface->global_ctrl_sock, res->ai_addr, res->ai_addrlen) <
5001 0) {
5002 port++;
5003 if ((port - HOSTAPD_GLOBAL_CTRL_IFACE_PORT) <
5004 HOSTAPD_GLOBAL_CTRL_IFACE_PORT_LIMIT && !pos)
5005 goto try_again;
5006 wpa_printf(MSG_ERROR, "bind(AF_INET): %s", strerror(errno));
5007 goto fail;
5008 }
5009
5010 freeaddrinfo(saveres);
5011
5012 wpa_printf(MSG_DEBUG, "global ctrl_iface_init UDP port: %d", port);
5013
5014 if (eloop_register_read_sock(interface->global_ctrl_sock,
5015 hostapd_global_ctrl_iface_receive,
5016 interface, NULL) < 0) {
5017 hostapd_global_ctrl_iface_deinit(interface);
5018 return -1;
5019 }
5020
5021 wpa_msg_register_cb(hostapd_ctrl_iface_msg_cb);
5022
5023 return 0;
5024
5025 fail:
5026 if (interface->global_ctrl_sock >= 0)
5027 close(interface->global_ctrl_sock);
5028 return -1;
5029 #else /* CONFIG_CTRL_IFACE_UDP */
5030 struct sockaddr_un addr;
5031 int s = -1;
5032 char *fname = NULL;
5033
5034 if (interface->global_iface_path == NULL) {
5035 wpa_printf(MSG_DEBUG, "ctrl_iface not configured!");
5036 return 0;
5037 }
5038
5039 if (mkdir(interface->global_iface_path, S_IRWXU | S_IRWXG) < 0) {
5040 if (errno == EEXIST) {
5041 wpa_printf(MSG_DEBUG, "Using existing control "
5042 "interface directory.");
5043 } else {
5044 wpa_printf(MSG_ERROR, "mkdir[ctrl_interface]: %s",
5045 strerror(errno));
5046 goto fail;
5047 }
5048 } else if (interface->ctrl_iface_group &&
5049 lchown(interface->global_iface_path, -1,
5050 interface->ctrl_iface_group) < 0) {
5051 wpa_printf(MSG_ERROR, "lchown[ctrl_interface]: %s",
5052 strerror(errno));
5053 goto fail;
5054 }
5055
5056 if (os_strlen(interface->global_iface_path) + 1 +
5057 os_strlen(interface->global_iface_name) >= sizeof(addr.sun_path))
5058 goto fail;
5059
5060 s = socket(PF_UNIX, SOCK_DGRAM, 0);
5061 if (s < 0) {
5062 wpa_printf(MSG_ERROR, "socket(PF_UNIX): %s", strerror(errno));
5063 goto fail;
5064 }
5065
5066 os_memset(&addr, 0, sizeof(addr));
5067 #ifdef __FreeBSD__
5068 addr.sun_len = sizeof(addr);
5069 #endif /* __FreeBSD__ */
5070 addr.sun_family = AF_UNIX;
5071 fname = hostapd_global_ctrl_iface_path(interface);
5072 if (fname == NULL)
5073 goto fail;
5074 os_strlcpy(addr.sun_path, fname, sizeof(addr.sun_path));
5075 if (bind(s, (struct sockaddr *) &addr, sizeof(addr)) < 0) {
5076 wpa_printf(MSG_DEBUG, "ctrl_iface bind(PF_UNIX) failed: %s",
5077 strerror(errno));
5078 if (connect(s, (struct sockaddr *) &addr, sizeof(addr)) < 0) {
5079 wpa_printf(MSG_DEBUG, "ctrl_iface exists, but does not"
5080 " allow connections - assuming it was left"
5081 "over from forced program termination");
5082 if (unlink(fname) < 0) {
5083 wpa_printf(MSG_ERROR,
5084 "Could not unlink existing ctrl_iface socket '%s': %s",
5085 fname, strerror(errno));
5086 goto fail;
5087 }
5088 if (bind(s, (struct sockaddr *) &addr, sizeof(addr)) <
5089 0) {
5090 wpa_printf(MSG_ERROR, "bind(PF_UNIX): %s",
5091 strerror(errno));
5092 goto fail;
5093 }
5094 wpa_printf(MSG_DEBUG, "Successfully replaced leftover "
5095 "ctrl_iface socket '%s'", fname);
5096 } else {
5097 wpa_printf(MSG_INFO, "ctrl_iface exists and seems to "
5098 "be in use - cannot override it");
5099 wpa_printf(MSG_INFO, "Delete '%s' manually if it is "
5100 "not used anymore", fname);
5101 os_free(fname);
5102 fname = NULL;
5103 goto fail;
5104 }
5105 }
5106
5107 if (interface->ctrl_iface_group &&
5108 lchown(fname, -1, interface->ctrl_iface_group) < 0) {
5109 wpa_printf(MSG_ERROR, "lchown[ctrl_interface]: %s",
5110 strerror(errno));
5111 goto fail;
5112 }
5113
5114 if (chmod(fname, S_IRWXU | S_IRWXG) < 0) {
5115 wpa_printf(MSG_ERROR, "chmod[ctrl_interface/ifname]: %s",
5116 strerror(errno));
5117 goto fail;
5118 }
5119 os_free(fname);
5120
5121 interface->global_ctrl_sock = s;
5122 eloop_register_read_sock(s, hostapd_global_ctrl_iface_receive,
5123 interface, NULL);
5124
5125 wpa_msg_register_cb(hostapd_ctrl_iface_msg_cb);
5126
5127 return 0;
5128
5129 fail:
5130 if (s >= 0)
5131 close(s);
5132 if (fname) {
5133 unlink(fname);
5134 os_free(fname);
5135 }
5136 return -1;
5137 #endif /* CONFIG_CTRL_IFACE_UDP */
5138 }
5139
5140
hostapd_global_ctrl_iface_deinit(struct hapd_interfaces * interfaces)5141 void hostapd_global_ctrl_iface_deinit(struct hapd_interfaces *interfaces)
5142 {
5143 #ifndef CONFIG_CTRL_IFACE_UDP
5144 char *fname = NULL;
5145 #endif /* CONFIG_CTRL_IFACE_UDP */
5146 struct wpa_ctrl_dst *dst, *prev;
5147
5148 if (interfaces->global_ctrl_sock > -1) {
5149 eloop_unregister_read_sock(interfaces->global_ctrl_sock);
5150 close(interfaces->global_ctrl_sock);
5151 interfaces->global_ctrl_sock = -1;
5152 #ifndef CONFIG_CTRL_IFACE_UDP
5153 fname = hostapd_global_ctrl_iface_path(interfaces);
5154 if (fname) {
5155 unlink(fname);
5156 os_free(fname);
5157 }
5158
5159 if (interfaces->global_iface_path &&
5160 rmdir(interfaces->global_iface_path) < 0) {
5161 if (errno == ENOTEMPTY) {
5162 wpa_printf(MSG_DEBUG, "Control interface "
5163 "directory not empty - leaving it "
5164 "behind");
5165 } else {
5166 wpa_printf(MSG_ERROR,
5167 "rmdir[ctrl_interface=%s]: %s",
5168 interfaces->global_iface_path,
5169 strerror(errno));
5170 }
5171 }
5172 #endif /* CONFIG_CTRL_IFACE_UDP */
5173 }
5174
5175 os_free(interfaces->global_iface_path);
5176 interfaces->global_iface_path = NULL;
5177
5178 dl_list_for_each_safe(dst, prev, &interfaces->global_ctrl_dst,
5179 struct wpa_ctrl_dst, list)
5180 os_free(dst);
5181 }
5182
5183
hostapd_ctrl_check_event_enabled(struct wpa_ctrl_dst * dst,const char * buf)5184 static int hostapd_ctrl_check_event_enabled(struct wpa_ctrl_dst *dst,
5185 const char *buf)
5186 {
5187 /* Enable Probe Request events based on explicit request.
5188 * Other events are enabled by default.
5189 */
5190 if (str_starts(buf, RX_PROBE_REQUEST))
5191 return !!(dst->events & WPA_EVENT_RX_PROBE_REQUEST);
5192 return 1;
5193 }
5194
5195
hostapd_ctrl_iface_send_internal(int sock,struct dl_list * ctrl_dst,const char * ifname,int level,const char * buf,size_t len)5196 static void hostapd_ctrl_iface_send_internal(int sock, struct dl_list *ctrl_dst,
5197 const char *ifname, int level,
5198 const char *buf, size_t len)
5199 {
5200 struct wpa_ctrl_dst *dst, *next;
5201 struct msghdr msg;
5202 int idx, res;
5203 struct iovec io[5];
5204 char levelstr[10];
5205
5206 if (sock < 0 || dl_list_empty(ctrl_dst))
5207 return;
5208
5209 res = os_snprintf(levelstr, sizeof(levelstr), "<%d>", level);
5210 if (os_snprintf_error(sizeof(levelstr), res))
5211 return;
5212 idx = 0;
5213 if (ifname) {
5214 io[idx].iov_base = "IFNAME=";
5215 io[idx].iov_len = 7;
5216 idx++;
5217 io[idx].iov_base = (char *) ifname;
5218 io[idx].iov_len = os_strlen(ifname);
5219 idx++;
5220 io[idx].iov_base = " ";
5221 io[idx].iov_len = 1;
5222 idx++;
5223 }
5224 io[idx].iov_base = levelstr;
5225 io[idx].iov_len = os_strlen(levelstr);
5226 idx++;
5227 io[idx].iov_base = (char *) buf;
5228 io[idx].iov_len = len;
5229 idx++;
5230 os_memset(&msg, 0, sizeof(msg));
5231 msg.msg_iov = io;
5232 msg.msg_iovlen = idx;
5233
5234 idx = 0;
5235 dl_list_for_each_safe(dst, next, ctrl_dst, struct wpa_ctrl_dst, list) {
5236 if ((level >= dst->debug_level) &&
5237 hostapd_ctrl_check_event_enabled(dst, buf)) {
5238 sockaddr_print(MSG_DEBUG, "CTRL_IFACE monitor send",
5239 &dst->addr, dst->addrlen);
5240 msg.msg_name = &dst->addr;
5241 msg.msg_namelen = dst->addrlen;
5242 if (sendmsg(sock, &msg, 0) < 0) {
5243 int _errno = errno;
5244 wpa_printf(MSG_INFO, "CTRL_IFACE monitor[%d]: "
5245 "%d - %s",
5246 idx, errno, strerror(errno));
5247 dst->errors++;
5248 if (dst->errors > 10 || _errno == ENOENT) {
5249 ctrl_iface_detach(ctrl_dst,
5250 &dst->addr,
5251 dst->addrlen);
5252 }
5253 } else
5254 dst->errors = 0;
5255 }
5256 idx++;
5257 }
5258 }
5259
5260
hostapd_ctrl_iface_send(struct hostapd_data * hapd,int level,enum wpa_msg_type type,const char * buf,size_t len)5261 static void hostapd_ctrl_iface_send(struct hostapd_data *hapd, int level,
5262 enum wpa_msg_type type,
5263 const char *buf, size_t len)
5264 {
5265 if (type != WPA_MSG_NO_GLOBAL) {
5266 hostapd_ctrl_iface_send_internal(
5267 hapd->iface->interfaces->global_ctrl_sock,
5268 &hapd->iface->interfaces->global_ctrl_dst,
5269 type != WPA_MSG_PER_INTERFACE ?
5270 NULL : hapd->conf->iface,
5271 level, buf, len);
5272 }
5273
5274 if (type != WPA_MSG_ONLY_GLOBAL) {
5275 hostapd_ctrl_iface_send_internal(
5276 hapd->ctrl_sock, &hapd->ctrl_dst,
5277 NULL, level, buf, len);
5278 }
5279 }
5280
5281 #endif /* CONFIG_NATIVE_WINDOWS */
5282