6a7,14
> *
> * modified by dl1tux 2019
> * Improvements:
> * - Messages are written to stderr rather to stdout
> * - ssid will be handled as hexstring if neccessary
> * - addional paramters added
> * If argv[3] equals WPACONFIG AND setuid(0) is successful the new entry will be added to WPACONFIG
> * Setting owner=root and permissions "u+s" (in unix / linux) permits any user to add a network to WPACONFIG
8d15
<
14a22,65
> #define SSIDCHARSET "!\"#$%&()*+,-./:;<\"=>?@[\\]^_`{|}~"
> #define RESTRICTEDCHARSET "@="
>
> #define HEXSSIDLEN 130
> #define OUTSTRLEN 4096
>
> #define WPACONFIG "/etc/wpa_supplicant/wpa_supplicant.conf"
>
> int checkstring(unsigned const char *s,const char *charset)
> {
> unsigned const char *ptr=s;
> while(*ptr) {
> if(!isalnum(*ptr) && !strchr(charset,*ptr)) return -1;
> ptr++;
> }
> return 0;
> }
>
> void makehex(char *out, unsigned const char *in, size_t len)
> {
> int ofs=0;
> *out=0;
> while(*in && len) {
> snprintf(out+ofs,len,"%02X",*in);
> ofs+=2;
> len-=2;
> in++;
> }
> }
>
> void usage(void)
> {
> fprintf(stderr,
> "usage: wpa_passphrase [-secure] <ssid> [<passphrase>] [...]] [" WPACONFIG "]\n"
> "\n"
> " If passphrase is left out, it will be read from stdin.\n"
> " Any additional parameter will be put in the result 'as is it'.\n"
> " The additional parameter are restricted to contain only letters, digits, '=' and '@'.\n"
> " If the last parameter equals the string as shown below all results will be written to this file,\n"
> " otherwise it goes to stdout.\n"
> " If -secure is present the ASCII-form of ssid and psk will be omited.\n"
> );
> }
>
17,19c68,79
< unsigned char psk[32];
< int i;
< char *ssid, *passphrase, buf[64], *pos;
---
> FILE *outf=stdout;
> int argn=1,
> use_wpaconfig=0,
> secmode=0;
> unsigned char psk[32],
> *ssid;
> char hexssid[HEXSSIDLEN],
> hexpass[HEXSSIDLEN],
> outstring[OUTSTRLEN]="",
> *passphrase,
> buf[64],
> *pos;
22,27c82,92
< if (argc < 2) {
< printf("usage: wpa_passphrase <ssid> [passphrase]\n"
< "\nIf passphrase is left out, it will be read from "
< "stdin\n");
< return 1;
< }
---
> if (argc < 2) { usage(); return 1; }
>
> if(!strcmp(argv[argc-1],WPACONFIG)) {
> use_wpaconfig=1;
> argc--;
> }
>
> if(!strcmp(argv[argn],"-secure") || !strcmp(argv[argn],"--secure")) {
> secmode=1;
> argn++;
> }
29c94
< ssid = argv[1];
---
> if (argc <= argn) { usage(); return 1; }
31,32c96,98
< if (argc > 2) {
< passphrase = argv[2];
---
> ssid = (unsigned char*) argv[argn++];
> if (argn < argc) {
> passphrase = argv[argn++];
34c100
< printf("# reading passphrase from stdin\n");
---
> fprintf(stderr," reading passphrase from stdin\n");
36,37c102,103
< printf("Failed to read passphrase\n");
< return 1;
---
> fprintf(stderr,"Failed to read passphrase\n");
> return 2;
50a117,119
> if(checkstring(ssid,SSIDCHARSET) || secmode) makehex(hexssid,ssid,HEXSSIDLEN);
> else *hexssid=0;
>
53,54c122,123
< printf("Passphrase must be 8..63 characters\n");
< return 1;
---
> fprintf(stderr,"Passphrase must be 8..63 characters\n");
> return 3;
57,58c126,127
< printf("Invalid passphrase character\n");
< return 1;
---
> fprintf(stderr,"Invalid passphrase character\n");
> return 4;
61d129
< pbkdf2_sha1(passphrase, (u8 *) ssid, os_strlen(ssid), 4096, psk, 32);
63,70c131
< printf("network={\n");
< printf("\tssid=\"%s\"\n", ssid);
< printf("\t#psk=\"%s\"\n", passphrase);
< printf("\tpsk=");
< for (i = 0; i < 32; i++)
< printf("%02x", psk[i]);
< printf("\n");
< printf("}\n");
---
> pbkdf2_sha1(passphrase, (u8 *) ssid, os_strlen((const char *)ssid), 4096, psk, 32);
71a133,167
> makehex(hexpass,psk,66);
>
> snprintf(outstring+strlen(outstring),OUTSTRLEN-strlen(outstring),"network={\n");
> if(!*hexssid) {
> snprintf(outstring+strlen(outstring),OUTSTRLEN-strlen(outstring),"\tssid=\"%s\"\n",ssid);
> } else {
> if(!secmode) snprintf(outstring+strlen(outstring),OUTSTRLEN-strlen(outstring),"\t#ssid=\"%s\"\n",ssid);
> snprintf(outstring+strlen(outstring),OUTSTRLEN-strlen(outstring),"\tssid=%s\n",hexssid);
> }
> if(!secmode) snprintf(outstring+strlen(outstring),OUTSTRLEN-strlen(outstring),"\t#psk=\"%s\"\n",passphrase);
> snprintf(outstring+strlen(outstring),OUTSTRLEN-strlen(outstring),"\tpsk=%s\n",hexpass);
>
> while(argn < argc) {
> if(checkstring((unsigned char *) argv[argn],RESTRICTEDCHARSET)) {
> fprintf(stderr,"Invalid character in '%s'\n",argv[argn]);
> return 5;
> }
>
> snprintf(outstring+strlen(outstring),OUTSTRLEN-strlen(outstring),"\t%s\n",argv[argn++]);
> }
>
> snprintf(outstring+strlen(outstring),OUTSTRLEN-strlen(outstring),"}\n");
>
> if(use_wpaconfig) {
> if(setuid(0) ) {
> fprintf(stderr,"Permission denied\n");
> return 6;
> }
> outf=fopen(WPACONFIG,"a+b");
> if(!outf) {
> perror(WPACONFIG);
> return 7;
> }
> }
> fputs(outstring,outf);
Improvements: - Messages are written to stderr rather to stdout - ssid will be handled as hexstring if necessary - addional parameters added If last argv equals to WPACONFIG AND setuid(0) is successful the new entry will be added to WPACONFIG Setting owner=root and permissions "u+s" (in unix / linux) permits any user to add a network to WPACONFIG WPACONFIG="/etc/wpa_supplicant/wpa_supplicant.conf" Signed-off-by: Karsten Hannig dl1tux@z14.de