diff options
author | Stefan Sperling <stsp@cvs.openbsd.org> | 2017-11-27 20:54:39 +0000 |
---|---|---|
committer | Stefan Sperling <stsp@cvs.openbsd.org> | 2017-11-27 20:54:39 +0000 |
commit | def2e7bd562f959373eded254154792b5a178b05 (patch) | |
tree | 73ad7a2473116f72e1f39ec12bc89119cc9012d6 /sys | |
parent | 5e92ead8c68aa6b6b6a0d6c361007203e5604890 (diff) |
Stop reporting WPA and WEP keys back to userland.
The kernel is not a password database; look your wifi keys up elsewhere.
Discussed with several.
ok phessler@ jca@
Diffstat (limited to 'sys')
-rw-r--r-- | sys/net80211/ieee80211_ioctl.c | 32 |
1 files changed, 8 insertions, 24 deletions
diff --git a/sys/net80211/ieee80211_ioctl.c b/sys/net80211/ieee80211_ioctl.c index b33a89fd4cb..e58de33f652 100644 --- a/sys/net80211/ieee80211_ioctl.c +++ b/sys/net80211/ieee80211_ioctl.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ieee80211_ioctl.c,v 1.57 2017/11/06 11:34:29 phessler Exp $ */ +/* $OpenBSD: ieee80211_ioctl.c,v 1.58 2017/11/27 20:54:38 stsp Exp $ */ /* $NetBSD: ieee80211_ioctl.c,v 1.15 2004/05/06 02:58:16 dyoung Exp $ */ /*- @@ -252,8 +252,7 @@ static int ieee80211_ioctl_getnwkeys(struct ieee80211com *ic, struct ieee80211_nwkey *nwkey) { - struct ieee80211_key *k; - int error, i; + int i; if (ic->ic_flags & IEEE80211_F_WEPON) nwkey->i_wepon = IEEE80211_NWKEY_WEP; @@ -265,19 +264,8 @@ ieee80211_ioctl_getnwkeys(struct ieee80211com *ic, for (i = 0; i < IEEE80211_WEP_NKID; i++) { if (nwkey->i_key[i].i_keydat == NULL) continue; - /* do not show any keys to non-root user */ - if ((error = suser(curproc, 0)) != 0) - return error; - k = &ic->ic_nw_keys[i]; - if (k->k_cipher != IEEE80211_CIPHER_WEP40 && - k->k_cipher != IEEE80211_CIPHER_WEP104) - nwkey->i_key[i].i_keylen = 0; - else - nwkey->i_key[i].i_keylen = k->k_len; - error = copyout(k->k_key, nwkey->i_key[i].i_keydat, - nwkey->i_key[i].i_keylen); - if (error != 0) - return error; + /* do not show any keys to userland */ + return EPERM; } return 0; } @@ -491,14 +479,10 @@ ieee80211_ioctl(struct ifnet *ifp, u_long cmd, caddr_t data) case SIOCG80211WPAPSK: psk = (struct ieee80211_wpapsk *)data; if (ic->ic_flags & IEEE80211_F_PSK) { - psk->i_enabled = 1; - /* do not show any keys to non-root user */ - if (suser(curproc, 0) != 0) { - psk->i_enabled = 2; - memset(psk->i_psk, 0, sizeof(psk->i_psk)); - break; /* return ok but w/o key */ - } - memcpy(psk->i_psk, ic->ic_psk, sizeof(psk->i_psk)); + /* do not show any keys to userland */ + psk->i_enabled = 2; + memset(psk->i_psk, 0, sizeof(psk->i_psk)); + break; /* return ok but w/o key */ } else psk->i_enabled = 0; break; |