From patchwork Thu Oct 3 07:59:19 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: karsten_h@t-online.de X-Patchwork-Id: 1171862 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=lists.infradead.org (client-ip=2607:7c80:54:e::133; helo=bombadil.infradead.org; envelope-from=hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=t-online.de Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=lists.infradead.org header.i=@lists.infradead.org header.b="IfbLlBGZ"; dkim-atps=neutral Received: from bombadil.infradead.org (bombadil.infradead.org [IPv6:2607:7c80:54:e::133]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 46lBdk0FrMz9sNw for ; Sat, 5 Oct 2019 00:12:09 +1000 (AEST) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20170209; h=Sender:List-Subscribe:List-Help :List-Post:List-Archive:List-Unsubscribe:List-Id:Content-Type:MIME-Version: Date:Message-ID:Subject:From:To:Reply-To:Cc:Content-Transfer-Encoding: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References:List-Owner; bh=axDUwVGjV6Xz40fjAjy6falmI7zKCeDTey+4Ecdg9gw=; b=IfbLlBGZwthFBAwPEPaGEBFq/Z mTLWYmsI9/rLsHp1cHPAPoctGJSoFrB3x+h9J4DL9E3+BVZgGEpftJJxmvg3VODGzO2Opud1NClQ3 c8/8d3qtt6tawqPuCxNf8hJbTD7p0u/CfxU+T5PWFwZenxi+KXs8V+pQhmeKy3ko4XafcttEeMSkR mv/+NnHZLhSJi3N+fT9om7+KT5/WTr6gSD5Wy6AWFWJtoWalwRwb7xWG6gvDsk9w2gH8kABNs5Bcn j/xXDJ7hv4n8r4AnV9eXMMhUJAM8AGlwaPg+9YtM1tT2UmWMegfTDVUsO4SM4U9EKj6u7VrRqe9IB LiiPgGQA==; Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.92.2 #3 (Red Hat Linux)) id 1iGOJQ-0006Pb-4r; Fri, 04 Oct 2019 14:12:04 +0000 Received: from mailout10.t-online.de ([194.25.134.21]) by bombadil.infradead.org with esmtps (Exim 4.92.2 #3 (Red Hat Linux)) id 1iFw1O-0007cl-Gy for hostap@lists.infradead.org; Thu, 03 Oct 2019 07:59:36 +0000 Received: from fwd09.aul.t-online.de (fwd09.aul.t-online.de [172.20.27.151]) by mailout10.t-online.de (Postfix) with SMTP id AEF1A41B5B7D for ; Thu, 3 Oct 2019 09:59:24 +0200 (CEST) Received: from [192.168.0.101] (GET2HBZ-8hsJjoa3I9SzBJ-ICx-zna-yhyKuXigZFIFICIeY1AhTumEoG5xAbENw4r@[80.137.18.193]) by fwd09.t-online.de with (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384 encrypted) esmtp id 1iFw1A-12u5i40; Thu, 3 Oct 2019 09:59:20 +0200 To: hostap@lists.infradead.org From: karsten_h@t-online.de Subject: wpa_passphrase.c.patch Openpgp: preference=signencrypt Autocrypt: addr=dl1tux@z14.de; prefer-encrypt=mutual; keydata= xsFNBFVouF8BEADclDJSd2FpYe70Swjfk24FGgUxbLdANNfGEQtP4z0vKqEe2wBGz9eXWyMa NaFwG2+opisiehI1bkWBivySrVfcHSmk4ZLwRnIfhvPulSndf+mA3JaqtMUApdHsHGXDw6yp wJ6LopXZ8y/cwaGKhVsdS95/7mNuJ59AJPkZ4HRoSoUon9fwcVA8fdGkLTAJyKoUicBRV88t Jufvgff09cCioODrXDVjzyskd+dc627fwGXJgbByq+Z67cA3QxFt4VCQL+2RY2dcQVgdC7Ll CT+b3qkl1/gahfs7qvQlZjhp8os83P5oypwKyP20HjNXCepYCXWC3UVmKAQKot0DgY1V/EcP a4jpd25JPsy3ngu9z4tSLBWy3j7gCQXMYQHyAtIHX53sg96i7EF7vVwDoVRV8erqRIg38Ura EWzUnFWmSOCGmJwLuMha10FJrYpfyNBKRM754FsEhFCs6hMfNii1oBhRqCElzPqHHORljD4/ 7UIucXo8glamoYxHentocwz1+hPR1PoIPLCGh5KcKmdMGHCxtQLt1X09YKG9snfPPKJL5dGt bhecmgGw12ar3XhOjsNUFdre9f2ZpQlZDakgUA1PZ6TvKoWFNvtFScq24SWmedrtTauWCuN5 UmWCRDSmI56MTLRqipt2+LQPLfJHoZqtVA1h4OOnCHbAanhZaQARAQABzRdLYXJzdGVuIDxk bDF0dXhAejE0LmRlPsLBfgQTAQIAKAUCVW8MgQIbIwUJCWYBgAYLCQgHAwIGFQgCCQoLBBYC AwECHgECF4AACgkQCTRQItZksYZ/gA/9HPtmTWBrR9gv1SrvtNBO5VCPiXlKPIluItxPC3VY sZ0tpEaPJFRBRSN5d2wKvukMdC1wjB/yi2KMAb5WnjOLU4fRdxS+dUmdIbk658NwL7TY3VpQ mqKRxjbK+eG+6gA8wi6AB5vnAGFdQ4Z/99HV8h+eyN4xv3zjkV8cx23YfYFSwDX2UECTtaKP GMRU87b2Zzp7sZffH0dzvl1GeSAig3yYPd8qnWztYBQMSKp5RsJwu7GbPis9Lkw5/rM9FxB6 wSHvAEvuBKuZ/gaw7DYQckqy1H9Rm614X58RaoqStyY/aaLIVyzPCmPmSc1Ic28WzX63zk7z jwR/nKkOkP5iuy/ahJBkxLRfp1+6EP5IVugpSORDV/cM8mMv2gOfr3/P5YelnR4NBZ8jOYue BJ6RENfkOS/0RPWfBF5C2ulaGeD0QHVLrvJPUw1879U/74TnA40i++baeOUAPBYPMi0atxca hnY4hf9mRtzmxOyb2lUT9orcAeA/VCagoZufi0/UBO2HYjjPA3lo0OXM/NBZ6/oeVKEUSugs Qsezv63Bht9wvt7vSp8uxbah1dNg1zM8CypRGbcHHw4AttT0EWCtt5wfrL8+dAlWPNpC1fkA BexWbWpLLAyPXVxszlb5H/bti0FF01zqHhFpZZ6MYxiHHw4G2Z1PHN7VC7LtRPoXpCXOwU0E VWi4XwEQALyuZ5StkIV80gNKykd0eZ217qQpGkPf0KqKLza3zHOHbDbesCOq5TgWfjT9cJP9 fI0nl3+qZKsG/kjwo7AwxgUdlCKN4Ywe371gMs9CkwE7Hy2d3pk6G8Fq2KjRV+9ww/uryMia gwz87t0/GHFnN3XRcZC7nn2RC35Cw+ATMMaiO0xwd1WavN2ZtUwWVD67GL71RtUoEp91S98k RU6PtVx47QhVuYkk6wll8pO9uVjHRnnfhjKTTYWO2Ow5a2TSKWAyfLdCi1cCEZ17I2oyaF4H 40YgavgBHge74jvPvoiirsNfvBDrU72sEGPk7Hs2u5KFym0vlK57fMjVEnnPbK3Iz/dPEhoh mEwe3I02o5B5/KI5DobnX17u3vajkXVxWmrCSnaVB3PTsFDrjsbAJ5KvbGeWOqVBEIrXgRSI LQO+U+DGS+x/wRZoK/66ivsPb3Una0B9MnNQUdTOgOfDEO3WIm/ddDBtfh+bHE9Q+XFxvMns +YuWanMf5V/qF/WuKkdjwUDc4F78SajvFxEFS9YdFtTbfYGRlmAWGngtrAhteqfWs1pEa0+g RI07qZSAtRySjwsAvr95jPzhUa+UExR0M3mVJab7dl8qHf6iKDtkdYsRby0BL2f5321csrPQ NarPslD1FQm4uvuB6wdkEF6BnEWFWANH61FBrEWAh6CDABEBAAHCwWUEGAECAA8FAlVouF8C GwwFCQlmAYAACgkQCTRQItZksYbrDBAAkgtQekUIk7rQUY68HdIjcBe4du+B+Z0xIjD/dolW oXdObTtt87O3swGuqGnbP88/FhFNuQcAuzsqoRIOLdU9C/2f0tfJWXIeRZPMtXM8cWWfeDpn vSiC5p1ACuCNQnYZp5XR6oAiIhszBvS+nkwJon2OP3KS/q4Vf+G8Q8srrSSmrLjef2FR0yOk wTiE5cbyaGjfb2fo+WflGTlUw78L8/APp8dBu1fO0gm9GrUCCjWMtDC6MRd4eAwW2jP5KX1l 8MQNQ1eKjhIX3/cNoz0wQTDI67PfPX1oku/DQnt0nmzaoLtA1My1cAym4e6qYfn91btHdWnM zyQghYfo9EQ74vdyLuEPBoly/kHrf62V2vCDnAQ0k+FomBaWgqlDND8a05tDSTHj3lilPGI1 6Ut8xVSqkbHiue+F25oqtAKAYsKrXUikf0C9Q48CPDn21BgM06WVHLSWvQQusLif1lNJsRXA J/Sw21bWgxW4a769gWtNmxKuzz46ln3XnKaOSWsnkv33xouTEyYEa1qhsSzqHsAAZZZxCpWn zAvp7aWhq+ZxVeOlbn3TqznML7cbGlauaJM0Jcs0xzAfgTb/xHFTD4AURUzBJm4FXsp8WyMe 6eV29G+YTQVEaKlFfJz+LhlU3/Vr9UrUXHm1h3wvxrcyI0nr0JvQFMg2PXJ5tQfgKDI= Message-ID: <92e80190-4f46-950a-03b1-1ca15f205063@t-online.de> Date: Thu, 3 Oct 2019 09:59:19 +0200 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.9.1 MIME-Version: 1.0 X-ID: GET2HBZ-8hsJjoa3I9SzBJ-ICx-zna-yhyKuXigZFIFICIeY1AhTumEoG5xAbENw4r X-TOI-MSGID: af888474-ec3f-47df-ac8c-c6c8e3c9bd35 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20191003_005934_902861_5A9DBAAB X-CRM114-Status: GOOD ( 11.06 ) X-Spam-Score: 2.0 (++) X-Spam-Report: SpamAssassin version 3.4.2 on bombadil.infradead.org summary: Content analysis details: (2.0 points) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at https://www.dnswl.org/, no trust [194.25.134.21 listed in list.dnswl.org] 0.0 SPF_NONE SPF: sender does not publish an SPF Record 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider (karsten_h[at]t-online.de) 2.0 SPOOFED_FREEMAIL No description available. X-Mailman-Approved-At: Fri, 04 Oct 2019 07:12:02 -0700 X-BeenThere: hostap@lists.infradead.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "Hostap" Errors-To: hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org Improvements: - Messages are written to stderr rather to stdout - ssid will be handled as hexstring if necessary - addional parameters added         If last argv equals to WPACONFIG AND setuid(0) is successful the new entry will be added to WPACONFIG         Setting owner=root and permissions "u+s" (in unix / linux) permits any user to add a network to WPACONFIG         WPACONFIG="/etc/wpa_supplicant/wpa_supplicant.conf" Signed-off-by: Karsten Hannig dl1tux@z14.de 6a7,14 > * > * modified by dl1tux 2019 > * Improvements: > * - Messages are written to stderr rather to stdout > * - ssid will be handled as hexstring if neccessary > * - addional paramters added > * If argv[3] equals WPACONFIG AND setuid(0) is successful the new entry will be added to WPACONFIG > * Setting owner=root and permissions "u+s" (in unix / linux) permits any user to add a network to WPACONFIG 8d15 < 14a22,65 > #define SSIDCHARSET "!\"#$%&()*+,-./:;<\"=>?@[\\]^_`{|}~" > #define RESTRICTEDCHARSET "@=" > > #define HEXSSIDLEN 130 > #define OUTSTRLEN 4096 > > #define WPACONFIG "/etc/wpa_supplicant/wpa_supplicant.conf" > > int checkstring(unsigned const char *s,const char *charset) > { > unsigned const char *ptr=s; > while(*ptr) { > if(!isalnum(*ptr) && !strchr(charset,*ptr)) return -1; > ptr++; > } > return 0; > } > > void makehex(char *out, unsigned const char *in, size_t len) > { > int ofs=0; > *out=0; > while(*in && len) { > snprintf(out+ofs,len,"%02X",*in); > ofs+=2; > len-=2; > in++; > } > } > > void usage(void) > { > fprintf(stderr, > "usage: wpa_passphrase [-secure] [] [...]] [" WPACONFIG "]\n" > "\n" > " If passphrase is left out, it will be read from stdin.\n" > " Any additional parameter will be put in the result 'as is it'.\n" > " The additional parameter are restricted to contain only letters, digits, '=' and '@'.\n" > " If the last parameter equals the string as shown below all results will be written to this file,\n" > " otherwise it goes to stdout.\n" > " If -secure is present the ASCII-form of ssid and psk will be omited.\n" > ); > } > 17,19c68,79 < unsigned char psk[32]; < int i; < char *ssid, *passphrase, buf[64], *pos; --- > FILE *outf=stdout; > int argn=1, > use_wpaconfig=0, > secmode=0; > unsigned char psk[32], > *ssid; > char hexssid[HEXSSIDLEN], > hexpass[HEXSSIDLEN], > outstring[OUTSTRLEN]="", > *passphrase, > buf[64], > *pos; 22,27c82,92 < if (argc < 2) { < printf("usage: wpa_passphrase [passphrase]\n" < "\nIf passphrase is left out, it will be read from " < "stdin\n"); < return 1; < } --- > if (argc < 2) { usage(); return 1; } > > if(!strcmp(argv[argc-1],WPACONFIG)) { > use_wpaconfig=1; > argc--; > } > > if(!strcmp(argv[argn],"-secure") || !strcmp(argv[argn],"--secure")) { > secmode=1; > argn++; > } 29c94 < ssid = argv[1]; --- > if (argc <= argn) { usage(); return 1; } 31,32c96,98 < if (argc > 2) { < passphrase = argv[2]; --- > ssid = (unsigned char*) argv[argn++]; > if (argn < argc) { > passphrase = argv[argn++]; 34c100 < printf("# reading passphrase from stdin\n"); --- > fprintf(stderr," reading passphrase from stdin\n"); 36,37c102,103 < printf("Failed to read passphrase\n"); < return 1; --- > fprintf(stderr,"Failed to read passphrase\n"); > return 2; 50a117,119 > if(checkstring(ssid,SSIDCHARSET) || secmode) makehex(hexssid,ssid,HEXSSIDLEN); > else *hexssid=0; > 53,54c122,123 < printf("Passphrase must be 8..63 characters\n"); < return 1; --- > fprintf(stderr,"Passphrase must be 8..63 characters\n"); > return 3; 57,58c126,127 < printf("Invalid passphrase character\n"); < return 1; --- > fprintf(stderr,"Invalid passphrase character\n"); > return 4; 61d129 < pbkdf2_sha1(passphrase, (u8 *) ssid, os_strlen(ssid), 4096, psk, 32); 63,70c131 < printf("network={\n"); < printf("\tssid=\"%s\"\n", ssid); < printf("\t#psk=\"%s\"\n", passphrase); < printf("\tpsk="); < for (i = 0; i < 32; i++) < printf("%02x", psk[i]); < printf("\n"); < printf("}\n"); --- > pbkdf2_sha1(passphrase, (u8 *) ssid, os_strlen((const char *)ssid), 4096, psk, 32); 71a133,167 > makehex(hexpass,psk,66); > > snprintf(outstring+strlen(outstring),OUTSTRLEN-strlen(outstring),"network={\n"); > if(!*hexssid) { > snprintf(outstring+strlen(outstring),OUTSTRLEN-strlen(outstring),"\tssid=\"%s\"\n",ssid); > } else { > if(!secmode) snprintf(outstring+strlen(outstring),OUTSTRLEN-strlen(outstring),"\t#ssid=\"%s\"\n",ssid); > snprintf(outstring+strlen(outstring),OUTSTRLEN-strlen(outstring),"\tssid=%s\n",hexssid); > } > if(!secmode) snprintf(outstring+strlen(outstring),OUTSTRLEN-strlen(outstring),"\t#psk=\"%s\"\n",passphrase); > snprintf(outstring+strlen(outstring),OUTSTRLEN-strlen(outstring),"\tpsk=%s\n",hexpass); > > while(argn < argc) { > if(checkstring((unsigned char *) argv[argn],RESTRICTEDCHARSET)) { > fprintf(stderr,"Invalid character in '%s'\n",argv[argn]); > return 5; > } > > snprintf(outstring+strlen(outstring),OUTSTRLEN-strlen(outstring),"\t%s\n",argv[argn++]); > } > > snprintf(outstring+strlen(outstring),OUTSTRLEN-strlen(outstring),"}\n"); > > if(use_wpaconfig) { > if(setuid(0) ) { > fprintf(stderr,"Permission denied\n"); > return 6; > } > outf=fopen(WPACONFIG,"a+b"); > if(!outf) { > perror(WPACONFIG); > return 7; > } > } > fputs(outstring,outf);