From 71d52980e1bad002fad823b45b6b8de23ad378d4 Mon Sep 17 00:00:00 2001
From: Theo de Raadt <deraadt@cvs.openbsd.org>
Date: Mon, 18 Oct 2010 04:10:59 +0000
Subject: Add wpakey/-wpakey options.  This was originally written by halex and
 has gone many times around now (it is smaller now).  man page diff coming
 soon.  Fits onto the media that need it. ok halex

---
 sbin/ifconfig/Makefile   |  8 ++++---
 sbin/ifconfig/ifconfig.c | 55 +++++++++++++++++++++++++++++++++++++++++++++++-
 2 files changed, 59 insertions(+), 4 deletions(-)

(limited to 'sbin')

diff --git a/sbin/ifconfig/Makefile b/sbin/ifconfig/Makefile
index 072c8546bec..a3c3381d6eb 100644
--- a/sbin/ifconfig/Makefile
+++ b/sbin/ifconfig/Makefile
@@ -1,9 +1,11 @@
-#	$OpenBSD: Makefile,v 1.10 2009/11/22 22:00:24 claudio Exp $
+#	$OpenBSD: Makefile,v 1.11 2010/10/18 04:10:56 deraadt Exp $
+
+.PATH:	${.CURDIR}/../bioctl
 
 PROG=	ifconfig
-SRCS=	ifconfig.c brconfig.c
+SRCS=	ifconfig.c brconfig.c pbkdf2.c
 MAN=	ifconfig.8
 
-CPPFLAGS+=-DINET6
+CPPFLAGS+=-DINET6 -I${.CURDIR}/../bioctl
 
 .include <bsd.prog.mk>
diff --git a/sbin/ifconfig/ifconfig.c b/sbin/ifconfig/ifconfig.c
index 6f4c012c272..ee0f6483acc 100644
--- a/sbin/ifconfig/ifconfig.c
+++ b/sbin/ifconfig/ifconfig.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: ifconfig.c,v 1.239 2010/07/03 04:44:51 guenther Exp $	*/
+/*	$OpenBSD: ifconfig.c,v 1.240 2010/10/18 04:10:57 deraadt Exp $	*/
 /*	$NetBSD: ifconfig.c,v 1.40 1997/10/01 02:19:43 enami Exp $	*/
 
 /*
@@ -105,6 +105,7 @@
 #include <ifaddrs.h>
 
 #include "brconfig.h"
+#include "pbkdf2.h"
 
 struct	ifreq		ifr, ridreq;
 struct	in_aliasreq	in_addreq;
@@ -160,6 +161,7 @@ void	setifwpaprotos(const char *, int);
 void	setifwpaakms(const char *, int);
 void	setifwpaciphers(const char *, int);
 void	setifwpagroupcipher(const char *, int);
+void	setifwpakey(const char *, int);
 void	setifwpapsk(const char *, int);
 void	setifchan(const char *, int);
 void	setifscan(const char *, int);
@@ -317,6 +319,8 @@ const struct	cmd {
 	{ "wpaciphers",	NEXTARG,	0,		setifwpaciphers },
 	{ "wpagroupcipher", NEXTARG,	0,		setifwpagroupcipher },
 	{ "wpaprotos",	NEXTARG,	0,		setifwpaprotos },
+	{ "wpakey",	NEXTARG,	0,		setifwpakey },
+	{ "-wpakey",	-1,		0,		setifwpakey },
 	{ "wpapsk",	NEXTARG,	0,		setifwpapsk },
 	{ "-wpapsk",	-1,		0,		setifwpapsk },
 	{ "chan",	NEXTARG0,	0,		setifchan },
@@ -1564,6 +1568,7 @@ setifwpa(const char *val, int d)
 {
 	struct ieee80211_wpaparams wpa;
 
+	memset(&wpa, 0, sizeof(wpa));
 	(void)strlcpy(wpa.i_name, name, sizeof(wpa.i_name));
 	if (ioctl(s, SIOCG80211WPAPARMS, (caddr_t)&wpa) < 0)
 		err(1, "SIOCG80211WPAPARMS");
@@ -1594,6 +1599,7 @@ setifwpaprotos(const char *val, int d)
 	}
 	free(optlist);
 
+	memset(&wpa, 0, sizeof(wpa));
 	(void)strlcpy(wpa.i_name, name, sizeof(wpa.i_name));
 	if (ioctl(s, SIOCG80211WPAPARMS, (caddr_t)&wpa) < 0)
 		err(1, "SIOCG80211WPAPARMS");
@@ -1624,6 +1630,7 @@ setifwpaakms(const char *val, int d)
 	}
 	free(optlist);
 
+	memset(&wpa, 0, sizeof(wpa));
 	(void)strlcpy(wpa.i_name, name, sizeof(wpa.i_name));
 	if (ioctl(s, SIOCG80211WPAPARMS, (caddr_t)&wpa) < 0)
 		err(1, "SIOCG80211WPAPARMS");
@@ -1675,6 +1682,7 @@ setifwpaciphers(const char *val, int d)
 	}
 	free(optlist);
 
+	memset(&wpa, 0, sizeof(wpa));
 	(void)strlcpy(wpa.i_name, name, sizeof(wpa.i_name));
 	if (ioctl(s, SIOCG80211WPAPARMS, (caddr_t)&wpa) < 0)
 		err(1, "SIOCG80211WPAPARMS");
@@ -1694,6 +1702,7 @@ setifwpagroupcipher(const char *val, int d)
 	if (cipher == IEEE80211_WPA_CIPHER_NONE)
 		errx(1, "wpagroupcipher: unknown cipher: %s", val);
 
+	memset(&wpa, 0, sizeof(wpa));
 	(void)strlcpy(wpa.i_name, name, sizeof(wpa.i_name));
 	if (ioctl(s, SIOCG80211WPAPARMS, (caddr_t)&wpa) < 0)
 		err(1, "SIOCG80211WPAPARMS");
@@ -1702,6 +1711,50 @@ setifwpagroupcipher(const char *val, int d)
 		err(1, "SIOCS80211WPAPARMS");
 }
 
+void
+setifwpakey(const char *val, int d)
+{
+	struct ieee80211_wpaparams wpa;
+	struct ieee80211_wpapsk psk;
+	struct ieee80211_nwid nwid;
+	int passlen, nwid_len;
+
+	memset(&psk, 0, sizeof(psk));
+	if (d != -1) {
+		memset(&ifr, 0, sizeof(ifr));
+		ifr.ifr_data = (caddr_t)&nwid;
+		strlcpy(ifr.ifr_name, name, sizeof(ifr.ifr_name));
+		if (ioctl(s, SIOCG80211NWID, (caddr_t)&ifr))
+			err(1, "SIOCG80211NWID");
+
+		passlen = strlen(val);
+		if (passlen < 8 || passlen > 63)
+			errx(1, "wpakey: passphrase must be between 8 and 63 "
+			    "characters");
+		nwid_len = nwid.i_len;
+		if (nwid_len == 0)
+			errx(1, "wpakey: nwid not set");
+		if (pkcs5_pbkdf2(val, passlen, nwid.i_nwid, nwid_len, psk.i_psk,
+		    sizeof(psk.i_psk), 4096) != 0)
+			errx(1, "wpakey: passphrase hashing failed");
+		psk.i_enabled = 1;
+	} else
+		psk.i_enabled = 0;
+
+	(void)strlcpy(psk.i_name, name, sizeof(psk.i_name));
+	if (ioctl(s, SIOCS80211WPAPSK, (caddr_t)&psk) < 0)
+		err(1, "SIOCS80211WPAPSK");
+
+	/* And ... automatically enable or disable WPA */
+	memset(&wpa, 0, sizeof(wpa));
+	(void)strlcpy(wpa.i_name, name, sizeof(wpa.i_name));
+	if (ioctl(s, SIOCG80211WPAPARMS, (caddr_t)&wpa) < 0)
+		err(1, "SIOCG80211WPAPARMS");
+	wpa.i_enabled = psk.i_enabled;
+	if (ioctl(s, SIOCS80211WPAPARMS, (caddr_t)&wpa) < 0)
+		err(1, "SIOCS80211WPAPARMS");
+}
+
 void
 setifwpapsk(const char *val, int d)
 {
-- 
cgit v1.2.3