On Mon, Nov 27 2017, Stefan Sperling <s...@stsp.name> wrote:
> On Mon, Nov 27, 2017 at 02:33:59AM +0100, Stefan Sperling wrote:
>> Most people I've talked to seem to be OK with never exposing
>> these secrets to userland in the first place.
Makes sense.
> Better diff for the wireless part.
> WEP keys showed up as 0x00000... instead of '<not displayed>' in
> the previous diff.
Yep. ifconfig(8) already handles EPERM properly. We can also kill dead
code in ifconfig(8) (see diff below). I guess that a bunch of wireless
management scripts, which parse the output of ifconfig(8) ran as root,
won't expect the <> notation, but we can live with this IMO.
ok jca@ (carp, sppp + revised 80211 changes)
Index: ifconfig.c
===================================================================
RCS file: /d/cvs/src/sbin/ifconfig/ifconfig.c,v
retrieving revision 1.351
diff -u -p -p -u -r1.351 ifconfig.c
--- ifconfig.c 17 Nov 2017 18:04:51 -0000 1.351
+++ ifconfig.c 27 Nov 2017 18:56:12 -0000
@@ -2124,70 +2124,12 @@ ieee80211_status(void)
}
}
- if (inwkey == 0 && nwkey.i_wepon > IEEE80211_NWKEY_OPEN) {
- fputs(" nwkey ", stdout);
- /* try to retrieve WEP keys */
- for (i = 0; i < IEEE80211_WEP_NKID; i++) {
- nwkey.i_key[i].i_keydat = keybuf[i];
- nwkey.i_key[i].i_keylen = sizeof(keybuf[i]);
- }
- if (ioctl(s, SIOCG80211NWKEY, (caddr_t)&nwkey) == -1) {
- fputs("<not displayed>", stdout);
- } else {
- nwkey_verbose = 0;
- /*
- * check to see non default key
- * or multiple keys defined
- */
- if (nwkey.i_defkid != 1) {
- nwkey_verbose = 1;
- } else {
- for (i = 1; i < IEEE80211_WEP_NKID; i++) {
- if (nwkey.i_key[i].i_keylen != 0) {
- nwkey_verbose = 1;
- break;
- }
- }
- }
- /* check extra ambiguity with keywords */
- if (!nwkey_verbose) {
- if (nwkey.i_key[0].i_keylen >= 2 &&
- isdigit((unsigned
char)nwkey.i_key[0].i_keydat[0]) &&
- nwkey.i_key[0].i_keydat[1] == ':')
- nwkey_verbose = 1;
- else if (nwkey.i_key[0].i_keylen >= 7 &&
- strncasecmp("persist",
- (char *)nwkey.i_key[0].i_keydat, 7) == 0)
- nwkey_verbose = 1;
- }
- if (nwkey_verbose)
- printf("%d:", nwkey.i_defkid);
- for (i = 0; i < IEEE80211_WEP_NKID; i++) {
- if (i > 0)
- putchar(',');
- if (nwkey.i_key[i].i_keylen < 0) {
- fputs("persist", stdout);
- } else {
- /*
- * XXX
- * sanity check nwkey.i_key[i].i_keylen
- */
- print_string(nwkey.i_key[i].i_keydat,
- nwkey.i_key[i].i_keylen);
- }
- if (!nwkey_verbose)
- break;
- }
- }
- }
+ if (inwkey == 0 && nwkey.i_wepon > IEEE80211_NWKEY_OPEN)
+ fputs(" nwkey <not displayed>", stdout);
+
+ if (ipsk == 0 && psk.i_enabled)
+ fputs(" wpakey <not displayed>", stdout);
- if (ipsk == 0 && psk.i_enabled) {
- fputs(" wpakey ", stdout);
- if (psk.i_enabled == 2)
- fputs("<not displayed>", stdout);
- else
- print_string(psk.i_psk, sizeof(psk.i_psk));
- }
if (iwpa == 0 && wpa.i_enabled) {
const char *sep;
--
jca | PGP : 0x1524E7EE / 5135 92C1 AD36 5293 2BDF DDCC 0DFA 74AE 1524 E7EE
