Re: umb(4) WIP diff and questions

Tue, 14 Jan 2020 15:40:05 -0800 

On Tue, Jan 14, 2020 at 5:11 PM Stefan Sperling <s...@stsp.name> wrote:

> On Tue, Jan 14, 2020 at 12:34:29PM -0700, Theo de Raadt wrote:
> > Channeling a conversation from 15 years ago: "How about wpakeyfile"
>
> ifconfig wpakeyfile would be trivial to add if we really want it.
>

But how will hostname.if will work when using join in netstart, one would
need to:

# cat /etc/hostname.iwm0
join ssid1 wpakeyfile /etc/wpa/ssd1-wpa.key
join ssd2 wpakeyfile /etc/wpa/ssd2-wpa.key
[etc...]

?


>
> The downside is loss of unveil, here handled the same way as for the
> bridge rulesfile. Looks like unveil(argv[i], "r") is considered bad
> practice even for an 'i' that should contain a path?
>
> diff a7540b3fac3fd3a71fd4134709ac4d4f71a3b5a4 /usr/src
> blob - 3fb0780ba7cf1333894f5c3485a95e71885fbd6d
> file + sbin/ifconfig/ifconfig.8
> --- sbin/ifconfig/ifconfig.8
> +++ sbin/ifconfig/ifconfig.8
> @@ -940,6 +940,7 @@ will begin advertising as master.
>  .Op Cm wpaciphers Ar cipher,cipher,...
>  .Op Cm wpagroupcipher Ar cipher
>  .Op Oo Fl Oc Ns Cm wpakey Ar passphrase | hexkey
> +.Op Cm wpakeyfile Ar path
>  .Op Cm wpaprotos Ar proto,proto,...
>  .Ek
>  .nr nS 0
> @@ -990,6 +991,7 @@ the
>  .Cm join
>  list will record
>  .Cm wpakey ,
> +.Cm wpakeyfile ,
>  .Cm wpaprotos ,
>  or
>  .Cm nwkey
> @@ -1209,6 +1211,8 @@ The default value is
>  .Dq psk
>  can only be used if a pre-shared key is configured using the
>  .Cm wpakey
> +or
> +.Cm wpakeyfile
>  option.
>  .It Cm wpaciphers Ar cipher,cipher,...
>  Set the comma-separated list of allowed pairwise ciphers.
> @@ -1268,6 +1272,10 @@ or
>  option must first be specified, since
>  .Nm
>  will hash the nwid along with the passphrase to create the key.
> +.It Cm wpakeyfile Ar path
> +Set the WPA key contained in the file at the specified
> +.Ar path .
> +Trailing whitespace is ignored.
>  .It Cm -wpakey
>  Delete the pre-shared WPA key and disable WPA.
>  .It Cm wpaprotos Ar proto,proto,...
> blob - f242d72cd73e8d50ccf1dd3d96ac62e35fe7025b
> file + sbin/ifconfig/ifconfig.c
> --- sbin/ifconfig/ifconfig.c
> +++ sbin/ifconfig/ifconfig.c
> @@ -63,6 +63,7 @@
>  #include <sys/socket.h>
>  #include <sys/ioctl.h>
>  #include <sys/time.h>
> +#include <sys/stat.h>
>
>  #include <net/if.h>
>  #include <net/if_dl.h>
> @@ -106,6 +107,7 @@
>  #include <resolv.h>
>  #include <util.h>
>  #include <ifaddrs.h>
> +#include <fcntl.h>
>
>  #ifndef SMALL
>  #include <dev/usb/mbim.h>
> @@ -211,6 +213,7 @@ void        setifwpaakms(const char *, int);
>  void   setifwpaciphers(const char *, int);
>  void   setifwpagroupcipher(const char *, int);
>  void   setifwpakey(const char *, int);
> +void   setifwpakeyfile(const char *, int);
>  void   setifchan(const char *, int);
>  void   setifscan(const char *, int);
>  void   setifnwflag(const char *, int);
> @@ -415,6 +418,7 @@ const struct        cmd {
>         { "wpagroupcipher", NEXTARG,    0,
> setifwpagroupcipher },
>         { "wpaprotos",  NEXTARG,        0,              setifwpaprotos },
>         { "wpakey",     NEXTARG,        0,              setifwpakey },
> +       { "wpakeyfile", NEXTARG,        0,              setifwpakeyfile },
>         { "-wpakey",    -1,             0,              setifwpakey },
>         { "chan",       NEXTARG0,       0,              setifchan },
>         { "-chan",      -1,             0,              setifchan },
> @@ -728,7 +732,7 @@ main(int argc, char *argv[])
>         int create = 0;
>         int Cflag = 0;
>         int gflag = 0;
> -       int found_rulefile = 0;
> +       int found_rulefile = 0, found_wpakeyfile = 0, wpafileidx = 0;
>         int i;
>
>         /* If no args at all, print all interfaces.  */
> @@ -785,9 +789,13 @@ main(int argc, char *argv[])
>                         found_rulefile = 1;
>                         break;
>                 }
> +               if (strcmp(argv[i], "wpakeyfile") == 0) {
> +                       found_wpakeyfile = 1;
> +                       break;
> +               }
>         }
>
> -       if (!found_rulefile) {
> +       if (!found_rulefile && !found_wpakeyfile) {
>                 if (unveil(_PATH_RESCONF, "r") == -1)
>                         err(1, "unveil");
>                 if (unveil(_PATH_HOSTS, "r") == -1)
> @@ -2240,6 +2248,40 @@ setifwpakey(const char *val, int d)
>         wpa.i_enabled = psk.i_enabled;
>         if (ioctl(sock, SIOCS80211WPAPARMS, (caddr_t)&wpa) == -1)
>                 err(1, "SIOCS80211WPAPARMS");
> +}
> +
> +void
> +setifwpakeyfile(const char *val, int d)
> +{
> +       char *wpakey;
> +       int fd;
> +       struct stat sb;
> +       ssize_t n;
> +
> +       fd = open(val, O_RDONLY);
> +       if (fd == -1)
> +               err(1, "open %s", val);
> +
> +       if (fstat(fd, &sb) == -1)
> +               err(1, "fstat %s", val);
> +
> +       wpakey = malloc(sb.st_size);
> +       if (wpakey == NULL)
> +               err(1, "malloc");
> +
> +       n = read(fd, wpakey, sb.st_size);
> +       if (n == -1)
> +               err(1, "read %s", val);
> +       if (n != sb.st_size)
> +               errx(1, "failed to read from file %s", val);
> +       close(fd);
> +
> +       while (n > 0 && isspace(wpakey[n - 1])) {
> +               wpakey[n - 1] = '\0';
> +               n--;
> +       }
> +
> +       setifwpakey(wpakey, d);
>  }
>
>  void
>
>
>

Reply via email to