mirror of
https://github.com/vanhoefm/fragattacks.git
synced 2024-11-25 00:38:24 -05:00
wpa_supplicant: Add optional remote access for ctrl_iface
Add new option for ctrl iface: CONFIG_CTRL_IFACE=udp-remote. This enables remote access to control interface via UDP port(s). This should be used for testing purpose only since there is no authentication or access control on the commands. Signed-hostap: Janusz Dziedzic <janusz.dziedzic@tieto.com>
This commit is contained in:
parent
37d428aef9
commit
afadf423db
@ -298,8 +298,11 @@ void wpa_ctrl_cleanup(void);
|
||||
#endif /* ANDROID */
|
||||
|
||||
#ifdef CONFIG_CTRL_IFACE_UDP
|
||||
/* Port range for multiple wpa_supplicant instances and multiple VIFs */
|
||||
#define WPA_CTRL_IFACE_PORT 9877
|
||||
#define WPA_CTRL_IFACE_PORT_LIMIT 50 /* decremented from start */
|
||||
#define WPA_GLOBAL_CTRL_IFACE_PORT 9878
|
||||
#define WPA_GLOBAL_CTRL_IFACE_PORT_LIMIT 20 /* incremented from start */
|
||||
#endif /* CONFIG_CTRL_IFACE_UDP */
|
||||
|
||||
|
||||
|
@ -1151,6 +1151,11 @@ endif
|
||||
ifeq ($(CONFIG_CTRL_IFACE), named_pipe)
|
||||
L_CFLAGS += -DCONFIG_CTRL_IFACE_NAMED_PIPE
|
||||
endif
|
||||
ifeq ($(CONFIG_CTRL_IFACE), udp-remote)
|
||||
CONFIG_CTRL_IFACE=udp
|
||||
L_CFLAGS += -DCONFIG_CTRL_IFACE_UDP
|
||||
L_CFLAGS += -DCONFIG_CTRL_IFACE_UDP_REMOTE
|
||||
endif
|
||||
OBJS += ctrl_iface.c ctrl_iface_$(CONFIG_CTRL_IFACE).c
|
||||
endif
|
||||
|
||||
|
@ -1175,6 +1175,11 @@ endif
|
||||
ifeq ($(CONFIG_CTRL_IFACE), named_pipe)
|
||||
CFLAGS += -DCONFIG_CTRL_IFACE_NAMED_PIPE
|
||||
endif
|
||||
ifeq ($(CONFIG_CTRL_IFACE), udp-remote)
|
||||
CONFIG_CTRL_IFACE=udp
|
||||
CFLAGS += -DCONFIG_CTRL_IFACE_UDP
|
||||
CFLAGS += -DCONFIG_CTRL_IFACE_UDP_REMOTE
|
||||
endif
|
||||
OBJS += ctrl_iface.o ctrl_iface_$(CONFIG_CTRL_IFACE).o
|
||||
endif
|
||||
|
||||
|
@ -163,6 +163,8 @@ static void wpa_supplicant_ctrl_iface_receive(int sock, void *eloop_ctx,
|
||||
perror("recvfrom(ctrl_iface)");
|
||||
return;
|
||||
}
|
||||
|
||||
#ifndef CONFIG_CTRL_IFACE_UDP_REMOTE
|
||||
if (from.sin_addr.s_addr != htonl((127 << 24) | 1)) {
|
||||
/*
|
||||
* The OS networking stack is expected to drop this kind of
|
||||
@ -174,6 +176,8 @@ static void wpa_supplicant_ctrl_iface_receive(int sock, void *eloop_ctx,
|
||||
"source %s", inet_ntoa(from.sin_addr));
|
||||
return;
|
||||
}
|
||||
#endif /* CONFIG_CTRL_IFACE_UDP_REMOTE */
|
||||
|
||||
buf[res] = '\0';
|
||||
|
||||
if (os_strcmp(buf, "GET_COOKIE") == 0) {
|
||||
@ -266,6 +270,7 @@ wpa_supplicant_ctrl_iface_init(struct wpa_supplicant *wpa_s)
|
||||
{
|
||||
struct ctrl_iface_priv *priv;
|
||||
struct sockaddr_in addr;
|
||||
int port = WPA_CTRL_IFACE_PORT;
|
||||
|
||||
priv = os_zalloc(sizeof(*priv));
|
||||
if (priv == NULL)
|
||||
@ -285,13 +290,25 @@ wpa_supplicant_ctrl_iface_init(struct wpa_supplicant *wpa_s)
|
||||
|
||||
os_memset(&addr, 0, sizeof(addr));
|
||||
addr.sin_family = AF_INET;
|
||||
#ifdef CONFIG_CTRL_IFACE_UDP_REMOTE
|
||||
addr.sin_addr.s_addr = INADDR_ANY;
|
||||
#else /* CONFIG_CTRL_IFACE_UDP_REMOTE */
|
||||
addr.sin_addr.s_addr = htonl((127 << 24) | 1);
|
||||
addr.sin_port = htons(WPA_CTRL_IFACE_PORT);
|
||||
#endif /* CONFIG_CTRL_IFACE_UDP_REMOTE */
|
||||
try_again:
|
||||
addr.sin_port = htons(port);
|
||||
if (bind(priv->sock, (struct sockaddr *) &addr, sizeof(addr)) < 0) {
|
||||
port--;
|
||||
if ((WPA_CTRL_IFACE_PORT - port) < WPA_CTRL_IFACE_PORT_LIMIT)
|
||||
goto try_again;
|
||||
perror("bind(AF_INET)");
|
||||
goto fail;
|
||||
}
|
||||
|
||||
#ifdef CONFIG_CTRL_IFACE_UDP_REMOTE
|
||||
wpa_msg(wpa_s, MSG_DEBUG, "ctrl_iface_init UDP port: %d", port);
|
||||
#endif /* CONFIG_CTRL_IFACE_UDP_REMOTE */
|
||||
|
||||
eloop_register_read_sock(priv->sock, wpa_supplicant_ctrl_iface_receive,
|
||||
wpa_s, priv);
|
||||
wpa_msg_register_cb(wpa_supplicant_ctrl_iface_msg_cb);
|
||||
@ -442,6 +459,8 @@ static void wpa_supplicant_global_ctrl_iface_receive(int sock, void *eloop_ctx,
|
||||
perror("recvfrom(ctrl_iface)");
|
||||
return;
|
||||
}
|
||||
|
||||
#ifndef CONFIG_CTRL_IFACE_UDP_REMOTE
|
||||
if (from.sin_addr.s_addr != htonl((127 << 24) | 1)) {
|
||||
/*
|
||||
* The OS networking stack is expected to drop this kind of
|
||||
@ -453,6 +472,8 @@ static void wpa_supplicant_global_ctrl_iface_receive(int sock, void *eloop_ctx,
|
||||
"source %s", inet_ntoa(from.sin_addr));
|
||||
return;
|
||||
}
|
||||
#endif /* CONFIG_CTRL_IFACE_UDP_REMOTE */
|
||||
|
||||
buf[res] = '\0';
|
||||
|
||||
if (os_strcmp(buf, "GET_COOKIE") == 0) {
|
||||
@ -502,6 +523,7 @@ wpa_supplicant_global_ctrl_iface_init(struct wpa_global *global)
|
||||
{
|
||||
struct ctrl_iface_global_priv *priv;
|
||||
struct sockaddr_in addr;
|
||||
int port = WPA_GLOBAL_CTRL_IFACE_PORT;
|
||||
|
||||
priv = os_zalloc(sizeof(*priv));
|
||||
if (priv == NULL)
|
||||
@ -523,13 +545,26 @@ wpa_supplicant_global_ctrl_iface_init(struct wpa_global *global)
|
||||
|
||||
os_memset(&addr, 0, sizeof(addr));
|
||||
addr.sin_family = AF_INET;
|
||||
#ifdef CONFIG_CTRL_IFACE_UDP_REMOTE
|
||||
addr.sin_addr.s_addr = INADDR_ANY;
|
||||
#else /* CONFIG_CTRL_IFACE_UDP_REMOTE */
|
||||
addr.sin_addr.s_addr = htonl((127 << 24) | 1);
|
||||
addr.sin_port = htons(WPA_GLOBAL_CTRL_IFACE_PORT);
|
||||
#endif /* CONFIG_CTRL_IFACE_UDP_REMOTE */
|
||||
try_again:
|
||||
addr.sin_port = htons(port);
|
||||
if (bind(priv->sock, (struct sockaddr *) &addr, sizeof(addr)) < 0) {
|
||||
port++;
|
||||
if ((port - WPA_GLOBAL_CTRL_IFACE_PORT) <
|
||||
WPA_GLOBAL_CTRL_IFACE_PORT_LIMIT)
|
||||
goto try_again;
|
||||
perror("bind(AF_INET)");
|
||||
goto fail;
|
||||
}
|
||||
|
||||
#ifdef CONFIG_CTRL_IFACE_UDP_REMOTE
|
||||
wpa_printf(MSG_DEBUG, "global_ctrl_iface_init UDP port: %d", port);
|
||||
#endif /* CONFIG_CTRL_IFACE_UDP_REMOTE */
|
||||
|
||||
eloop_register_read_sock(priv->sock,
|
||||
wpa_supplicant_global_ctrl_iface_receive,
|
||||
global, priv);
|
||||
|
@ -232,6 +232,7 @@ CONFIG_SMARTCARD=y
|
||||
# unix = UNIX domain sockets (default for Linux/*BSD)
|
||||
# udp = UDP sockets using localhost (127.0.0.1)
|
||||
# named_pipe = Windows Named Pipe (default for Windows)
|
||||
# udp-remote = UDP sockets with remote access (only for tests systems/purpose)
|
||||
# y = use default (backwards compatibility)
|
||||
# If this option is commented out, control interface is not included in the
|
||||
# build.
|
||||
|
Loading…
Reference in New Issue
Block a user