Re: [PATCH] iwinfo: nl80211: fix wpa supplicant ctrl socket permissions
I updated the patches and added a few more. But instead of posting them here again I opened a PR: https://github.com/openwrt/openwrt/pull/11280 Please let me know if I should post them here again instead. Thanks, Andre ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/mailman/listinfo/openwrt-devel
Re: [PATCH] iwinfo: nl80211: fix wpa supplicant ctrl socket permissions
On Tue, Nov 15, 2022 at 05:31:01PM +0100, Andre Heider wrote: > On 15/11/2022 15:42, Christian Marangi wrote: > > On Sun, Nov 13, 2022 at 09:33:46PM +0100, Andre Heider wrote: > > > No data at all can currently be read from the control socket. > > > Set up the permission exactly like hostapd's wpa_cli utility to fix it. > > > > > > Among other this fixes a mesh's encryption being shown as "None". > > > > > > Signed-off-by: Andre Heider > > > > I wonder, can we have some tested-by tag for this? Maybe ask some user > > to test this and check if it does fix the mesh encryption problem? > > Maybe? ;) Since also 22.03 is affected ideally this should be backported so it would be good to have an extra check if this is the actual fix :D Don't know if jow can help but considering this doesn't introduce anything new, we should be able to just bump the package release (can't remember if iwinfo use AUTORELEASE) and this should be fixed for 22.03 (when backported) > > Let's see, I asked about it here: > https://github.com/openwrt/openwrt/issues/10687 > > Regards, > Andre -- Ansuel ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/mailman/listinfo/openwrt-devel
Re: [PATCH] iwinfo: nl80211: fix wpa supplicant ctrl socket permissions
On 15/11/2022 15:42, Christian Marangi wrote: On Sun, Nov 13, 2022 at 09:33:46PM +0100, Andre Heider wrote: No data at all can currently be read from the control socket. Set up the permission exactly like hostapd's wpa_cli utility to fix it. Among other this fixes a mesh's encryption being shown as "None". Signed-off-by: Andre Heider I wonder, can we have some tested-by tag for this? Maybe ask some user to test this and check if it does fix the mesh encryption problem? Maybe? ;) Let's see, I asked about it here: https://github.com/openwrt/openwrt/issues/10687 Regards, Andre ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/mailman/listinfo/openwrt-devel
Re: [PATCH] iwinfo: nl80211: fix wpa supplicant ctrl socket permissions
On Sun, Nov 13, 2022 at 09:33:46PM +0100, Andre Heider wrote: > No data at all can currently be read from the control socket. > Set up the permission exactly like hostapd's wpa_cli utility to fix it. > > Among other this fixes a mesh's encryption being shown as "None". > > Signed-off-by: Andre Heider I wonder, can we have some tested-by tag for this? Maybe ask some user to test this and check if it does fix the mesh encryption problem? > --- > iwinfo_nl80211.c | 16 > 1 file changed, 16 insertions(+) > > diff --git a/iwinfo_nl80211.c b/iwinfo_nl80211.c > index aa92382..77fddee 100644 > --- a/iwinfo_nl80211.c > +++ b/iwinfo_nl80211.c > @@ -938,6 +938,18 @@ static int nl80211_wpactl_connect(const char *ifname, > struct sockaddr_un *local) > sprintf(remote.sun_path, "/var/run/wpa_supplicant-%s/%s", > ifname, ifname); > > + /* Set client socket file permissions so that bind() creates the client > + * socket with these permissions and there is no need to try to change > + * them with chmod() after bind() which would have potential issues with > + * race conditions. These permissions are needed to make sure the server > + * side (wpa_supplicant or hostapd) can reply to the control interface > + * messages. > + * > + * The lchown() calls below after bind() are also part of the needed > + * operations to allow the response to go through. Those are using the > + * no-deference-symlinks version to avoid races. */ > + fchmod(sock, S_IRUSR | S_IWUSR | S_IRGRP | S_IWGRP); > + > if (fcntl(sock, F_SETFD, fcntl(sock, F_GETFD) | FD_CLOEXEC) < 0) > { > close(sock); > @@ -966,6 +978,10 @@ static int nl80211_wpactl_connect(const char *ifname, > struct sockaddr_un *local) > return -1; > } > > + /* Set group even if we do not have privileges to change owner */ > + lchown(local->sun_path, -1, 101); > + lchown(local->sun_path, 101, 101); > + > return sock; > } > > -- > 2.35.1 > > > ___ > openwrt-devel mailing list > openwrt-devel@lists.openwrt.org > https://lists.openwrt.org/mailman/listinfo/openwrt-devel -- Ansuel ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/mailman/listinfo/openwrt-devel
[PATCH] iwinfo: nl80211: fix wpa supplicant ctrl socket permissions
No data at all can currently be read from the control socket. Set up the permission exactly like hostapd's wpa_cli utility to fix it. Among other this fixes a mesh's encryption being shown as "None". Signed-off-by: Andre Heider --- iwinfo_nl80211.c | 16 1 file changed, 16 insertions(+) diff --git a/iwinfo_nl80211.c b/iwinfo_nl80211.c index aa92382..77fddee 100644 --- a/iwinfo_nl80211.c +++ b/iwinfo_nl80211.c @@ -938,6 +938,18 @@ static int nl80211_wpactl_connect(const char *ifname, struct sockaddr_un *local) sprintf(remote.sun_path, "/var/run/wpa_supplicant-%s/%s", ifname, ifname); + /* Set client socket file permissions so that bind() creates the client + * socket with these permissions and there is no need to try to change + * them with chmod() after bind() which would have potential issues with + * race conditions. These permissions are needed to make sure the server + * side (wpa_supplicant or hostapd) can reply to the control interface + * messages. + * + * The lchown() calls below after bind() are also part of the needed + * operations to allow the response to go through. Those are using the + * no-deference-symlinks version to avoid races. */ + fchmod(sock, S_IRUSR | S_IWUSR | S_IRGRP | S_IWGRP); + if (fcntl(sock, F_SETFD, fcntl(sock, F_GETFD) | FD_CLOEXEC) < 0) { close(sock); @@ -966,6 +978,10 @@ static int nl80211_wpactl_connect(const char *ifname, struct sockaddr_un *local) return -1; } + /* Set group even if we do not have privileges to change owner */ + lchown(local->sun_path, -1, 101); + lchown(local->sun_path, 101, 101); + return sock; } -- 2.35.1 ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/mailman/listinfo/openwrt-devel