diff options
| author | Łukasz Zemczak <sil2100@vexillium.org> | 2020-03-20 10:27:35 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2020-03-20 10:27:35 +0100 |
| commit | 2427ab267b24daa3504345be4ee6be7f286056a3 (patch) | |
| tree | 4b0970d11ee0bbec59c81632ce139d985cbe9ae1 /src/networkd.c | |
| parent | 261c379619b2128f62f8e8ae5d974fcf35677386 (diff) | |
Fix quotation of WPA PSK 64 hex-digit keys for networkd (#120)
* Fix quotation of WPA PSK hex passthrough for networkd when supplied with a 64 hex-digit string
* Typo, was supposed to be 63
Co-authored-by: Łukasz 'sil2100' Zemczak <lukasz.zemczak@canonical.com>
Diffstat (limited to 'src/networkd.c')
| -rw-r--r-- | src/networkd.c | 27 |
1 files changed, 23 insertions, 4 deletions
diff --git a/src/networkd.c b/src/networkd.c index a91a329..7555db3 100644 --- a/src/networkd.c +++ b/src/networkd.c @@ -16,7 +16,9 @@ */ #include <stdlib.h> +#include <string.h> #include <unistd.h> +#include <ctype.h> #include <errno.h> #include <sys/stat.h> @@ -667,7 +669,7 @@ write_rules_file(net_definition* def, const char* rootdir) } static void -append_wpa_auth_conf(GString* s, const authentication_settings* auth) +append_wpa_auth_conf(GString* s, const authentication_settings* auth, const char* id) { switch (auth->key_management) { case KEY_MANAGEMENT_NONE: @@ -712,7 +714,24 @@ append_wpa_auth_conf(GString* s, const authentication_settings* auth) } if (auth->password) { if (auth->key_management == KEY_MANAGEMENT_WPA_PSK) { - g_string_append_printf(s, " psk=\"%s\"\n", auth->password); + size_t len = strlen(auth->password); + if (len == 64) { + /* must be a hex-digit key representation */ + for (unsigned i = 0; i < 64; ++i) + if (!isxdigit(auth->password[i])) { + g_fprintf(stderr, "ERROR: %s: PSK length of 64 is only supported for hex-digit representation\n", id); + exit(1); + } + /* this is required to be unquoted */ + g_string_append_printf(s, " psk=%s\n", auth->password); + } else if (len < 8 || len > 63) { + /* per wpa_supplicant spec, passphrase needs to be between 8 + and 63 characters */ + g_fprintf(stderr, "ERROR: %s: ASCII passphrase must be between 8 and 63 characters (inclusive)\n", id); + exit(1); + } else { + g_string_append_printf(s, " psk=\"%s\"\n", auth->password); + } } else { if (strncmp(auth->password, "hash:", 5) == 0) { g_string_append_printf(s, " password=%s\n", auth->password); @@ -802,7 +821,7 @@ write_wpa_conf(net_definition* def, const char* rootdir) /* wifi auth trumps netdef auth */ if (ap->has_auth) { - append_wpa_auth_conf(s, &ap->auth); + append_wpa_auth_conf(s, &ap->auth, ap->ssid); } else { g_string_append(s, " key_mgmt=NONE\n"); @@ -813,7 +832,7 @@ write_wpa_conf(net_definition* def, const char* rootdir) else { /* wired 802.1x auth or similar */ g_string_append(s, "network={\n"); - append_wpa_auth_conf(s, &def->auth); + append_wpa_auth_conf(s, &def->auth, def->id); g_string_append(s, "}\n"); } |