Re: ifconfig wpapass

Alexander Hall Mon, 13 Sep 2010 22:41:29 -0700

On 09/14/10 02:14, Alexander Hall wrote:
> Not to mess with ifconfig's wpapsk, this diff does instead introduces
> wpapass and -wpapass.
> 
> Same nwid relation as before:
> - A nwid is required prior to supplying a passphrase to wpapass.
> - If the nwid is changed afterwards, the passkey is not adjusted.
> 
> There has been discussion whether we should clear the wpa key on nwid
> change, but I see that as a separate issue.
> 
> Again, bsd.rd size impact not checked.
> 
> I'd appreciate if someone would comment on the Makefile changes too.


Vi editing artifact snuck in, pointed it out to me by Patrick
Keshishian, thanks.

Proper diff follows.

I'll add the manpage bits after diff is agreed on and bikeshedding
is done.

/Alexander


Index: distrib/special/ifconfig/Makefile
===================================================================
RCS file: /cvs/src/distrib/special/ifconfig/Makefile,v
retrieving revision 1.2
diff -u -p -r1.2 Makefile
--- distrib/special/ifconfig/Makefile   28 Oct 2009 07:36:49 -0000      1.2
+++ distrib/special/ifconfig/Makefile   14 Sep 2010 05:33:42 -0000
@@ -1,8 +1,10 @@
 #      $OpenBSD: Makefile,v 1.2 2009/10/28 07:36:49 deraadt Exp $
 
 PROG=  ifconfig
+SRCS=  ifconfig.c pbkdf2.c
 COPTS+=        -DSMALL
-.PATH:  ${.CURDIR}/../../../sbin/ifconfig
+.PATH:  ${.CURDIR}/../../../sbin/ifconfig ${.CURDIR}/../../../sbin/bioctl
+CFLAGS+=-I${.CURDIR}/../../../sbin/bioctl
 
 CPPFLAGS+=-DINET6
 
Index: sbin/ifconfig/Makefile
===================================================================
RCS file: /cvs/src/sbin/ifconfig/Makefile,v
retrieving revision 1.10
diff -u -p -r1.10 Makefile
--- sbin/ifconfig/Makefile      22 Nov 2009 22:00:24 -0000      1.10
+++ sbin/ifconfig/Makefile      14 Sep 2010 05:33:42 -0000
@@ -1,7 +1,10 @@
 #      $OpenBSD: Makefile,v 1.10 2009/11/22 22:00:24 claudio Exp $
 
+.PATH: ${.CURDIR}/../bioctl
+CFLAGS+=-I${.CURDIR}/../bioctl
+
 PROG=  ifconfig
-SRCS=  ifconfig.c brconfig.c
+SRCS=  ifconfig.c brconfig.c pbkdf2.c
 MAN=   ifconfig.8
 
 CPPFLAGS+=-DINET6
Index: sbin/ifconfig/ifconfig.c
===================================================================
RCS file: /cvs/src/sbin/ifconfig/ifconfig.c,v
retrieving revision 1.239
diff -u -p -r1.239 ifconfig.c
--- sbin/ifconfig/ifconfig.c    3 Jul 2010 04:44:51 -0000       1.239
+++ sbin/ifconfig/ifconfig.c    14 Sep 2010 05:33:44 -0000
@@ -161,6 +161,7 @@ void        setifwpaakms(const char *, int);
 void   setifwpaciphers(const char *, int);
 void   setifwpagroupcipher(const char *, int);
 void   setifwpapsk(const char *, int);
+void   setifwpapass(const char *, int);
 void   setifchan(const char *, int);
 void   setifscan(const char *, int);
 void   setiftxpower(const char *, int);
@@ -319,6 +320,8 @@ const struct        cmd {
        { "wpaprotos",  NEXTARG,        0,              setifwpaprotos },
        { "wpapsk",     NEXTARG,        0,              setifwpapsk },
        { "-wpapsk",    -1,             0,              setifwpapsk },
+       { "wpapass",    NEXTARG,        0,              setifwpapass },
+       { "-wpapass",   -1,             0,              setifwpapass },
        { "chan",       NEXTARG0,       0,              setifchan },
        { "-chan",      -1,             0,              setifchan },
        { "scan",       NEXTARG0,       0,              setifscan },
@@ -1715,6 +1718,44 @@ setifwpapsk(const char *val, int d)
                        errx(1, "wpapsk: invalid pre-shared key");
                if (len != sizeof(psk.i_psk))
                        errx(1, "wpapsk: bad pre-shared key length");
+               psk.i_enabled = 1;
+       } else
+               psk.i_enabled = 0;
+
+       (void)strlcpy(psk.i_name, name, sizeof(psk.i_name));
+       if (ioctl(s, SIOCS80211WPAPSK, (caddr_t)&psk) < 0)
+               err(1, "SIOCS80211WPAPSK");
+}
+
+void
+setifwpapass(const char *val, int d)
+{
+       struct ieee80211_wpapsk psk;
+       struct ieee80211_nwid nwid;
+       int passlen, nwid_len;
+
+       if (d != -1) {
+               memset(&ifr, 0, sizeof(ifr));
+               ifr.ifr_data = (caddr_t)&nwid;
+               strlcpy(ifr.ifr_name, name, sizeof(ifr.ifr_name));
+               if (ioctl(s, SIOCG80211NWID, (caddr_t)&ifr))
+                       err(1, "SIOCG80211NWID");
+
+               passlen = strlen(val);
+               if (passlen < 8 || passlen > 63)
+                       errx(1, "wpapass: passphrase must be between 8 and 63 "
+                           "characters");
+               nwid_len = nwid.i_len;
+               if (nwid_len == 0)
+                       errx(1, "wpapass: nwid not set");
+               else if (nwid_len > IEEE80211_NWID_LEN) {
+                       nwid_len = IEEE80211_NWID_LEN;
+                       warnx("truncating nwid to its first %d characters",
+                           nwid_len);
+               }
+
+               pkcs5_pbkdf2(val, passlen, nwid.i_nwid, nwid_len, psk.i_psk,
+                   sizeof(psk.i_psk), 4096);
                psk.i_enabled = 1;
        } else
                psk.i_enabled = 0;

Re: ifconfig wpapass

Reply via email to