[PATCH] hostapd: allow hostapd under ujail to communicate with hostapd_cli

Mark Mentovai mark at moxienet.com
Tue Nov 23 09:28:55 PST 2021


When procd-ujail is available, 1f785383875a runs hostapd as user
"network", with only limited additional capabilities (CAP_NET_ADMIN and
CAP_NET_RAW).

hostapd_cli (CONFIG_PACKAGE_hostapd-utils) communicates with hostapd
over a named UNIX-domain socket. hostapd_cli is responsible for creating
this socket at /tmp/wpa_ctrl_$pid_$counter. Since it typically runs as
root, this endpoint is normally created with uid root, gid root, mode
0755. As a result, hostapd running as uid network is able to receive
control messages sent through this interface, but is not able to respond
to them. If debug-level logging is enabled (CONFIG_WPA_MSG_MIN_PRIORITY
<= 2 at build, and log_level <= 2 in /etc/config/wireless wifi-device),
this message will appear from hostapd:

CTRL: sendto failed: Permission denied

As a fix, hostapd_cli should create the socket node in the filesystem
with uid network, gid network, mode 0770. This borrows the presently
Android-only strategy already in hostapd intended to solve the same
problem on Android.

If procd-ujail is not available and hostapd falls back to running as
root, it will still be able to read from and write to the socket even if
the node in the filesystem has been restricted to the network user and
group. This matches the logic in
package/network/services/hostapd/files/wpad.init, which sets the uid and
gid of /var/run/hostapd to network regardless of whether procd-ujail is
available.

As it appears that the "network" user and group are statically allocated
uid 101 and gid 101, respectively, per
package/base-files/files/etc/passwd and USERID in
package/network/services/hostapd/Makefile, this patch also uses a
constant 101 for the uid and gid.

Cc: Daniel Golle <daniel at makrotopia.org>
Signed-off-by: Mark Mentovai <mark at moxienet.com>
---
 .../610-hostapd_cli_ujail_permission.patch    | 57 +++++++++++++++++++
 1 file changed, 57 insertions(+)
 create mode 100644 package/network/services/hostapd/patches/610-hostapd_cli_ujail_permission.patch

diff --git a/package/network/services/hostapd/patches/610-hostapd_cli_ujail_permission.patch b/package/network/services/hostapd/patches/610-hostapd_cli_ujail_permission.patch
new file mode 100644
index 000000000000..88a08e2aad0e
--- /dev/null
+++ b/package/network/services/hostapd/patches/610-hostapd_cli_ujail_permission.patch
@@ -0,0 +1,57 @@
+--- a/src/common/wpa_ctrl.c
++++ b/src/common/wpa_ctrl.c
+@@ -130,29 +130,29 @@
+ 				  (int) getpid(), counter);
+ 	}
+ 	if (os_snprintf_error(sizeof(ctrl->local.sun_path), ret)) {
+ 		close(ctrl->s);
+ 		os_free(ctrl);
+ 		return NULL;
+ 	}
+ 	tries++;
+-#ifdef ANDROID
++
+ 	/* Set client socket file permissions so that bind() creates the client
+ 	 * socket with these permissions and there is no need to try to change
+ 	 * them with chmod() after bind() which would have potential issues with
+ 	 * race conditions. These permissions are needed to make sure the server
+ 	 * side (wpa_supplicant or hostapd) can reply to the control interface
+ 	 * messages.
+ 	 *
+ 	 * The lchown() calls below after bind() are also part of the needed
+ 	 * operations to allow the response to go through. Those are using the
+ 	 * no-deference-symlinks version to avoid races. */
+ 	fchmod(ctrl->s, S_IRUSR | S_IWUSR | S_IRGRP | S_IWGRP);
+-#endif /* ANDROID */
++
+ 	if (bind(ctrl->s, (struct sockaddr *) &ctrl->local,
+ 		    sizeof(ctrl->local)) < 0) {
+ 		if (errno == EADDRINUSE && tries < 2) {
+ 			/*
+ 			 * getpid() returns unique identifier for this instance
+ 			 * of wpa_ctrl, so the existing socket file must have
+ 			 * been left by unclean termination of an earlier run.
+ 			 * Remove the file and try again.
+@@ -160,17 +160,21 @@
+ 			unlink(ctrl->local.sun_path);
+ 			goto try_again;
+ 		}
+ 		close(ctrl->s);
+ 		os_free(ctrl);
+ 		return NULL;
+ 	}
+ 
+-#ifdef ANDROID
++#ifndef ANDROID
++	/* Set group even if we do not have privileges to change owner */
++	lchown(ctrl->local.sun_path, -1, 101);
++	lchown(ctrl->local.sun_path, 101, 101);
++#else
+ 	/* Set group even if we do not have privileges to change owner */
+ 	lchown(ctrl->local.sun_path, -1, AID_WIFI);
+ 	lchown(ctrl->local.sun_path, AID_SYSTEM, AID_WIFI);
+ 
+ 	if (os_strncmp(ctrl_path, "@android:", 9) == 0) {
+ 		if (socket_local_client_connect(
+ 			    ctrl->s, ctrl_path + 9,
+ 			    ANDROID_SOCKET_NAMESPACE_RESERVED,
-- 
2.32.0




More information about the openwrt-devel mailing list