Improvements:
- Messages are written to stderr rather to stdout
- ssid will be handled as hexstring if necessary
- addional parameters added
If last argv equals to WPACONFIG AND setuid(0) is successful the new entry will be
added to WPACONFIG
Setting owner=root and permissions "u+s" (in unix / linux) permits any user to add
a network to WPACONFIG
WPACONFIG="/etc/wpa_supplicant/wpa_supplicant.conf"
Signed-off-by: Karsten Hannig dl1tux@xxxxxx
--
Schöne Grüße / Beste 73!
Karsten Hannig aka tuxtrainer
"Intelligence should be used for the benefit of humanity."
"Nichts in der Welt wird so gefürchtet wie der Einfluss von Menschen,
die geistig unabhängig sind. (A.Einstein)"
6a7,14
> *
> * modified by dl1tux 2019
> * Improvements:
> * - Messages are written to stderr rather to stdout
> * - ssid will be handled as hexstring if neccessary
> * - addional paramters added
> * If argv[3] equals WPACONFIG AND setuid(0) is successful the new entry will be added to WPACONFIG
> * Setting owner=root and permissions "u+s" (in unix / linux) permits any user to add a network to WPACONFIG
8d15
<
14a22,65
> #define SSIDCHARSET "!\"#$%&()*+,-./:;<\"=>?@[\\]^_`{|}~"
> #define RESTRICTEDCHARSET "@="
>
> #define HEXSSIDLEN 130
> #define OUTSTRLEN 4096
>
> #define WPACONFIG "/etc/wpa_supplicant/wpa_supplicant.conf"
>
> int checkstring(unsigned const char *s,const char *charset)
> {
> unsigned const char *ptr=s;
> while(*ptr) {
> if(!isalnum(*ptr) && !strchr(charset,*ptr)) return -1;
> ptr++;
> }
> return 0;
> }
>
> void makehex(char *out, unsigned const char *in, size_t len)
> {
> int ofs=0;
> *out=0;
> while(*in && len) {
> snprintf(out+ofs,len,"%02X",*in);
> ofs+=2;
> len-=2;
> in++;
> }
> }
>
> void usage(void)
> {
> fprintf(stderr,
> "usage: wpa_passphrase [-secure] <ssid> [<passphrase>] [...]] [" WPACONFIG "]\n"
> "\n"
> " If passphrase is left out, it will be read from stdin.\n"
> " Any additional parameter will be put in the result 'as is it'.\n"
> " The additional parameter are restricted to contain only letters, digits, '=' and '@'.\n"
> " If the last parameter equals the string as shown below all results will be written to this file,\n"
> " otherwise it goes to stdout.\n"
> " If -secure is present the ASCII-form of ssid and psk will be omited.\n"
> );
> }
>
17,19c68,79
< unsigned char psk[32];
< int i;
< char *ssid, *passphrase, buf[64], *pos;
---
> FILE *outf=stdout;
> int argn=1,
> use_wpaconfig=0,
> secmode=0;
> unsigned char psk[32],
> *ssid;
> char hexssid[HEXSSIDLEN],
> hexpass[HEXSSIDLEN],
> outstring[OUTSTRLEN]="",
> *passphrase,
> buf[64],
> *pos;
22,27c82,92
< if (argc < 2) {
< printf("usage: wpa_passphrase <ssid> [passphrase]\n"
< "\nIf passphrase is left out, it will be read from "
< "stdin\n");
< return 1;
< }
---
> if (argc < 2) { usage(); return 1; }
>
> if(!strcmp(argv[argc-1],WPACONFIG)) {
> use_wpaconfig=1;
> argc--;
> }
>
> if(!strcmp(argv[argn],"-secure") || !strcmp(argv[argn],"--secure")) {
> secmode=1;
> argn++;
> }
29c94
< ssid = argv[1];
---
> if (argc <= argn) { usage(); return 1; }
31,32c96,98
< if (argc > 2) {
< passphrase = argv[2];
---
> ssid = (unsigned char*) argv[argn++];
> if (argn < argc) {
> passphrase = argv[argn++];
34c100
< printf("# reading passphrase from stdin\n");
---
> fprintf(stderr," reading passphrase from stdin\n");
36,37c102,103
< printf("Failed to read passphrase\n");
< return 1;
---
> fprintf(stderr,"Failed to read passphrase\n");
> return 2;
50a117,119
> if(checkstring(ssid,SSIDCHARSET) || secmode) makehex(hexssid,ssid,HEXSSIDLEN);
> else *hexssid=0;
>
53,54c122,123
< printf("Passphrase must be 8..63 characters\n");
< return 1;
---
> fprintf(stderr,"Passphrase must be 8..63 characters\n");
> return 3;
57,58c126,127
< printf("Invalid passphrase character\n");
< return 1;
---
> fprintf(stderr,"Invalid passphrase character\n");
> return 4;
61d129
< pbkdf2_sha1(passphrase, (u8 *) ssid, os_strlen(ssid), 4096, psk, 32);
63,70c131
< printf("network={\n");
< printf("\tssid=\"%s\"\n", ssid);
< printf("\t#psk=\"%s\"\n", passphrase);
< printf("\tpsk=");
< for (i = 0; i < 32; i++)
< printf("%02x", psk[i]);
< printf("\n");
< printf("}\n");
---
> pbkdf2_sha1(passphrase, (u8 *) ssid, os_strlen((const char *)ssid), 4096, psk, 32);
71a133,167
> makehex(hexpass,psk,66);
>
> snprintf(outstring+strlen(outstring),OUTSTRLEN-strlen(outstring),"network={\n");
> if(!*hexssid) {
> snprintf(outstring+strlen(outstring),OUTSTRLEN-strlen(outstring),"\tssid=\"%s\"\n",ssid);
> } else {
> if(!secmode) snprintf(outstring+strlen(outstring),OUTSTRLEN-strlen(outstring),"\t#ssid=\"%s\"\n",ssid);
> snprintf(outstring+strlen(outstring),OUTSTRLEN-strlen(outstring),"\tssid=%s\n",hexssid);
> }
> if(!secmode) snprintf(outstring+strlen(outstring),OUTSTRLEN-strlen(outstring),"\t#psk=\"%s\"\n",passphrase);
> snprintf(outstring+strlen(outstring),OUTSTRLEN-strlen(outstring),"\tpsk=%s\n",hexpass);
>
> while(argn < argc) {
> if(checkstring((unsigned char *) argv[argn],RESTRICTEDCHARSET)) {
> fprintf(stderr,"Invalid character in '%s'\n",argv[argn]);
> return 5;
> }
>
> snprintf(outstring+strlen(outstring),OUTSTRLEN-strlen(outstring),"\t%s\n",argv[argn++]);
> }
>
> snprintf(outstring+strlen(outstring),OUTSTRLEN-strlen(outstring),"}\n");
>
> if(use_wpaconfig) {
> if(setuid(0) ) {
> fprintf(stderr,"Permission denied\n");
> return 6;
> }
> outf=fopen(WPACONFIG,"a+b");
> if(!outf) {
> perror(WPACONFIG);
> return 7;
> }
> }
> fputs(outstring,outf);
_______________________________________________
Hostap mailing list
Hostap@xxxxxxxxxxxxxxxxxxx
http://lists.infradead.org/mailman/listinfo/hostap
