subject:"\[PATCH\] iwinfo\: nl80211\: fix wpa supplicant ctrl socket permissions"

Re: [PATCH] iwinfo: nl80211: fix wpa supplicant ctrl socket permissions

2022-11-18 Thread Andre Heider


I updated the patches and added a few more.

But instead of posting them here again I opened a PR:
https://github.com/openwrt/openwrt/pull/11280

Please let me know if I should post them here again instead.

Thanks,
Andre

___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel

Re: [PATCH] iwinfo: nl80211: fix wpa supplicant ctrl socket permissions

2022-11-15 Thread Christian Marangi

On Tue, Nov 15, 2022 at 05:31:01PM +0100, Andre Heider wrote:
> On 15/11/2022 15:42, Christian Marangi wrote:
> > On Sun, Nov 13, 2022 at 09:33:46PM +0100, Andre Heider wrote:
> > > No data at all can currently be read from the control socket.
> > > Set up the permission exactly like hostapd's wpa_cli utility to fix it.
> > > 
> > > Among other this fixes a mesh's encryption being shown as "None".
> > > 
> > > Signed-off-by: Andre Heider 
> > 
> > I wonder, can we have some tested-by tag for this? Maybe ask some user
> > to test this and check if it does fix the mesh encryption problem?
> 
> Maybe? ;)

Since also 22.03 is affected ideally this should be backported so it
would be good to have an extra check if this is the actual fix :D

Don't know if jow can help but considering this doesn't introduce
anything new, we should be able to just bump the package release (can't
remember if iwinfo use AUTORELEASE) and this should be fixed for 22.03
(when backported)

> 
> Let's see, I asked about it here:
> https://github.com/openwrt/openwrt/issues/10687
> 
> Regards,
> Andre

-- 
Ansuel

___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel

Re: [PATCH] iwinfo: nl80211: fix wpa supplicant ctrl socket permissions

2022-11-15 Thread Andre Heider


On 15/11/2022 15:42, Christian Marangi wrote:

On Sun, Nov 13, 2022 at 09:33:46PM +0100, Andre Heider wrote:

No data at all can currently be read from the control socket.
Set up the permission exactly like hostapd's wpa_cli utility to fix it.

Among other this fixes a mesh's encryption being shown as "None".

Signed-off-by: Andre Heider 


I wonder, can we have some tested-by tag for this? Maybe ask some user
to test this and check if it does fix the mesh encryption problem?


Maybe? ;)

Let's see, I asked about it here:
https://github.com/openwrt/openwrt/issues/10687

Regards,
Andre

___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel

Re: [PATCH] iwinfo: nl80211: fix wpa supplicant ctrl socket permissions

2022-11-15 Thread Christian Marangi

On Sun, Nov 13, 2022 at 09:33:46PM +0100, Andre Heider wrote:
> No data at all can currently be read from the control socket.
> Set up the permission exactly like hostapd's wpa_cli utility to fix it.
> 
> Among other this fixes a mesh's encryption being shown as "None".
> 
> Signed-off-by: Andre Heider 

I wonder, can we have some tested-by tag for this? Maybe ask some user
to test this and check if it does fix the mesh encryption problem?

> ---
>  iwinfo_nl80211.c | 16 
>  1 file changed, 16 insertions(+)
> 
> diff --git a/iwinfo_nl80211.c b/iwinfo_nl80211.c
> index aa92382..77fddee 100644
> --- a/iwinfo_nl80211.c
> +++ b/iwinfo_nl80211.c
> @@ -938,6 +938,18 @@ static int nl80211_wpactl_connect(const char *ifname, 
> struct sockaddr_un *local)
>   sprintf(remote.sun_path, "/var/run/wpa_supplicant-%s/%s",
>   ifname, ifname);
>  
> + /* Set client socket file permissions so that bind() creates the client
> + * socket with these permissions and there is no need to try to change
> + * them with chmod() after bind() which would have potential issues with
> + * race conditions. These permissions are needed to make sure the server
> + * side (wpa_supplicant or hostapd) can reply to the control interface
> + * messages.
> + *
> + * The lchown() calls below after bind() are also part of the needed
> + * operations to allow the response to go through. Those are using the
> + * no-deference-symlinks version to avoid races. */
> + fchmod(sock, S_IRUSR | S_IWUSR | S_IRGRP | S_IWGRP);
> +
>   if (fcntl(sock, F_SETFD, fcntl(sock, F_GETFD) | FD_CLOEXEC) < 0)
>   {
>   close(sock);
> @@ -966,6 +978,10 @@ static int nl80211_wpactl_connect(const char *ifname, 
> struct sockaddr_un *local)
>   return -1;
>   }
>  
> + /* Set group even if we do not have privileges to change owner */
> + lchown(local->sun_path, -1, 101);
> + lchown(local->sun_path, 101, 101);
> +
>   return sock;
>  }
>  
> -- 
> 2.35.1
> 
> 
> ___
> openwrt-devel mailing list
> openwrt-devel@lists.openwrt.org
> https://lists.openwrt.org/mailman/listinfo/openwrt-devel

-- 
Ansuel

___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel

[PATCH] iwinfo: nl80211: fix wpa supplicant ctrl socket permissions

2022-11-13 Thread Andre Heider

No data at all can currently be read from the control socket.
Set up the permission exactly like hostapd's wpa_cli utility to fix it.

Among other this fixes a mesh's encryption being shown as "None".

Signed-off-by: Andre Heider 
---
 iwinfo_nl80211.c | 16 
 1 file changed, 16 insertions(+)

diff --git a/iwinfo_nl80211.c b/iwinfo_nl80211.c
index aa92382..77fddee 100644
--- a/iwinfo_nl80211.c
+++ b/iwinfo_nl80211.c
@@ -938,6 +938,18 @@ static int nl80211_wpactl_connect(const char *ifname, 
struct sockaddr_un *local)
sprintf(remote.sun_path, "/var/run/wpa_supplicant-%s/%s",
ifname, ifname);
 
+   /* Set client socket file permissions so that bind() creates the client
+   * socket with these permissions and there is no need to try to change
+   * them with chmod() after bind() which would have potential issues with
+   * race conditions. These permissions are needed to make sure the server
+   * side (wpa_supplicant or hostapd) can reply to the control interface
+   * messages.
+   *
+   * The lchown() calls below after bind() are also part of the needed
+   * operations to allow the response to go through. Those are using the
+   * no-deference-symlinks version to avoid races. */
+   fchmod(sock, S_IRUSR | S_IWUSR | S_IRGRP | S_IWGRP);
+
if (fcntl(sock, F_SETFD, fcntl(sock, F_GETFD) | FD_CLOEXEC) < 0)
{
close(sock);
@@ -966,6 +978,10 @@ static int nl80211_wpactl_connect(const char *ifname, 
struct sockaddr_un *local)
return -1;
}
 
+   /* Set group even if we do not have privileges to change owner */
+   lchown(local->sun_path, -1, 101);
+   lchown(local->sun_path, 101, 101);
+
return sock;
 }
 
-- 
2.35.1


___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel

Re: [PATCH] iwinfo: nl80211: fix wpa supplicant ctrl socket permissions

Re: [PATCH] iwinfo: nl80211: fix wpa supplicant ctrl socket permissions

Re: [PATCH] iwinfo: nl80211: fix wpa supplicant ctrl socket permissions

Re: [PATCH] iwinfo: nl80211: fix wpa supplicant ctrl socket permissions

[PATCH] iwinfo: nl80211: fix wpa supplicant ctrl socket permissions

5 matches

Site Navigation

Mail list logo

Footer information