summaryrefslogtreecommitdiff
path: root/sys
diff options
context:
space:
mode:
authorStefan Sperling <stsp@cvs.openbsd.org>2017-11-27 20:54:39 +0000
committerStefan Sperling <stsp@cvs.openbsd.org>2017-11-27 20:54:39 +0000
commitdef2e7bd562f959373eded254154792b5a178b05 (patch)
tree73ad7a2473116f72e1f39ec12bc89119cc9012d6 /sys
parent5e92ead8c68aa6b6b6a0d6c361007203e5604890 (diff)
Stop reporting WPA and WEP keys back to userland.
The kernel is not a password database; look your wifi keys up elsewhere. Discussed with several. ok phessler@ jca@
Diffstat (limited to 'sys')
-rw-r--r--sys/net80211/ieee80211_ioctl.c32
1 files changed, 8 insertions, 24 deletions
diff --git a/sys/net80211/ieee80211_ioctl.c b/sys/net80211/ieee80211_ioctl.c
index b33a89fd4cb..e58de33f652 100644
--- a/sys/net80211/ieee80211_ioctl.c
+++ b/sys/net80211/ieee80211_ioctl.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ieee80211_ioctl.c,v 1.57 2017/11/06 11:34:29 phessler Exp $ */
+/* $OpenBSD: ieee80211_ioctl.c,v 1.58 2017/11/27 20:54:38 stsp Exp $ */
/* $NetBSD: ieee80211_ioctl.c,v 1.15 2004/05/06 02:58:16 dyoung Exp $ */
/*-
@@ -252,8 +252,7 @@ static int
ieee80211_ioctl_getnwkeys(struct ieee80211com *ic,
struct ieee80211_nwkey *nwkey)
{
- struct ieee80211_key *k;
- int error, i;
+ int i;
if (ic->ic_flags & IEEE80211_F_WEPON)
nwkey->i_wepon = IEEE80211_NWKEY_WEP;
@@ -265,19 +264,8 @@ ieee80211_ioctl_getnwkeys(struct ieee80211com *ic,
for (i = 0; i < IEEE80211_WEP_NKID; i++) {
if (nwkey->i_key[i].i_keydat == NULL)
continue;
- /* do not show any keys to non-root user */
- if ((error = suser(curproc, 0)) != 0)
- return error;
- k = &ic->ic_nw_keys[i];
- if (k->k_cipher != IEEE80211_CIPHER_WEP40 &&
- k->k_cipher != IEEE80211_CIPHER_WEP104)
- nwkey->i_key[i].i_keylen = 0;
- else
- nwkey->i_key[i].i_keylen = k->k_len;
- error = copyout(k->k_key, nwkey->i_key[i].i_keydat,
- nwkey->i_key[i].i_keylen);
- if (error != 0)
- return error;
+ /* do not show any keys to userland */
+ return EPERM;
}
return 0;
}
@@ -491,14 +479,10 @@ ieee80211_ioctl(struct ifnet *ifp, u_long cmd, caddr_t data)
case SIOCG80211WPAPSK:
psk = (struct ieee80211_wpapsk *)data;
if (ic->ic_flags & IEEE80211_F_PSK) {
- psk->i_enabled = 1;
- /* do not show any keys to non-root user */
- if (suser(curproc, 0) != 0) {
- psk->i_enabled = 2;
- memset(psk->i_psk, 0, sizeof(psk->i_psk));
- break; /* return ok but w/o key */
- }
- memcpy(psk->i_psk, ic->ic_psk, sizeof(psk->i_psk));
+ /* do not show any keys to userland */
+ psk->i_enabled = 2;
+ memset(psk->i_psk, 0, sizeof(psk->i_psk));
+ break; /* return ok but w/o key */
} else
psk->i_enabled = 0;
break;