131
* ctrl_interface - Directory for UNIX domain sockets
133
* This variable is used to configure where the UNIX domain sockets
134
* for the control interface are created. If UDP-based ctrl_iface is
135
* used, this variable can be set to any string (i.e., %NULL is not
138
char *ctrl_interface;
140
#ifdef CONFIG_CTRL_IFACE
141
#ifndef CONFIG_CTRL_IFACE_UDP
143
* ctrl_interface_gid - Group identity for the UNIX domain sockets
125
* ctrl_interface - Parameters for the control interface
127
* If this is specified, %wpa_supplicant will open a control interface
128
* that is available for external programs to manage %wpa_supplicant.
129
* The meaning of this string depends on which control interface
130
* mechanism is used. For all cases, the existance of this parameter
131
* in configuration is used to determine whether the control interface
134
* For UNIX domain sockets (default on Linux and BSD): This is a
135
* directory that will be created for UNIX domain sockets for listening
136
* to requests from external programs (CLI/GUI, etc.) for status
137
* information and configuration. The socket file will be named based
138
* on the interface name, so multiple %wpa_supplicant processes can be
139
* run at the same time if more than one interface is used.
140
* /var/run/wpa_supplicant is the recommended directory for sockets and
141
* by default, wpa_cli will use it when trying to connect with
145
144
* Access control for the control interface can be configured
146
145
* by setting the directory to allow only members of a group
147
146
* to use sockets. This way, it is possible to run
148
* wpa_supplicant as root (since it needs to change network
147
* %wpa_supplicant as root (since it needs to change network
149
148
* configuration and open raw sockets) and still allow GUI/CLI
150
149
* components to be run as non-root users. However, since the
151
150
* control interface can be used to change the network
152
151
* configuration, this access needs to be protected in many
153
* cases. By default, wpa_supplicant is configured to use gid
152
* cases. By default, %wpa_supplicant is configured to use gid
154
153
* 0 (root). If you want to allow non-root users to use the
155
154
* control interface, add a new group and change this value to
156
155
* match with that group. Add users that should have control
157
156
* interface access to this group.
158
* When configuring both the directory and group, use following format:
159
* DIR=/var/run/wpa_supplicant GROUP=wheel
160
* DIR=/var/run/wpa_supplicant GROUP=0
161
* (group can be either group name or gid)
163
* For UDP connections (default on Windows): The value will be ignored.
164
* This variable is just used to select that the control interface is
165
* to be created. The value can be set to, e.g., udp
166
* (ctrl_interface=udp).
168
* For Windows Named Pipe: This value can be used to set the security
169
* descriptor for controlling access to the control interface. Security
170
* descriptor can be set using Security Descriptor String Format (see
171
* http://msdn.microsoft.com/library/default.asp?url=/library/en-us/secauthz/security/security_descriptor_string_format.asp).
172
* The descriptor string needs to be prefixed with SDDL=. For example,
173
* ctrl_interface=SDDL=D: would set an empty DACL (which will reject
159
gid_t ctrl_interface_gid;
160
#endif /* CONFIG_CTRL_IFACE_UDP */
176
char *ctrl_interface;
162
* ctrl_interface_gid_set - Whether ctrl_interface_gid is used
179
* ctrl_interface_group - Control interface group (DEPRECATED)
164
* If this variable is zero, ctrl_interface_gid value is not used and
165
* group will not be changed from the value it got by default
166
* when the directory or socket was created.
181
* This variable is only used for backwards compatibility. Group for
182
* UNIX domain sockets should now be specified using GROUP=<group> in
183
* ctrl_interface variable.
168
int ctrl_interface_gid_set;
169
#endif /* CONFIG_CTRL_IFACE */
185
char *ctrl_interface_group;
172
188
* fast_reauth - EAP fast re-authentication (session resumption)