diff options
author | Jim Pryor <profjim@jimpryor.net> | 2009-08-11 14:04:58 +0200 |
---|---|---|
committer | James Rayner <james@archlinux.org> | 2009-08-15 04:28:27 +0200 |
commit | 2b98cb24c8cfdfa08d2f764e90861e82a37c0d36 (patch) | |
tree | 0045e05837ed7a4daecc33d00e368cfd71cfba81 | |
parent | 9f4a6f5c904dc23d3b2752ea362ecc1f24585683 (diff) | |
download | netctl-2b98cb24c8cfdfa08d2f764e90861e82a37c0d36.tar.gz netctl-2b98cb24c8cfdfa08d2f764e90861e82a37c0d36.tar.xz |
More secure temp WPA_CONFIG file
Signed-off-by: Jim Pryor <profjim@jimpryor.net>
-rw-r--r-- | src/connections/wireless | 28 |
1 files changed, 13 insertions, 15 deletions
diff --git a/src/connections/wireless b/src/connections/wireless index 5ec555c..f905756 100644 --- a/src/connections/wireless +++ b/src/connections/wireless @@ -104,28 +104,26 @@ wireless_up() { # Quirk for broken drivers... http://bbs.archlinux.org/viewtopic.php?id=36384 quirk "wpaessid" && eval iwconfig $INTERFACE essid "\"$ESSID\"" - local WPA_CONF="/tmp/wpa.${1// /}" # substitute spaces out - echo "ctrl_interface=/var/run/wpa_supplicant" >> $WPA_CONF - echo "ctrl_interface_group=${WPA_GROUP:-wheel}" >> $WPA_CONF - chmod 600 $WPA_CONF + local WPA_CONF="${TMPDIR:-/tmp}/wpa.${1// /}" # substitute spaces out + # make empty tmp dir with correct permissions, rename it + rm -rf "$WPA_CONF" + mv -f $(mktemp -d) "$WPA_CONF" || return 1 + echo "ctrl_interface=/var/run/wpa_supplicant" >> "$WPA_CONF/wpa.conf" # we know $WPA_CONF now has no spaces, but it may have other nasty chars, so still needs to be quoted + echo "ctrl_interface_group=${WPA_GROUP:-wheel}" >> "$WPA_CONF/wpa.conf" # Generate configuration - if [[ "${#KEY}" == "64" ]]; then - echo -e "network={ \nssid=\"$ESSID\" \npsk=$KEY \n}">> $WPA_CONF - elif ! echo "$KEY" | wpa_passphrase "$ESSID" >> $WPA_CONF; then - report_fail "Configuration generation failed. $(cat $WPA_CONF)" + if [[ "${#KEY}" -eq 64 ]]; then + echo -e "network={ \nssid=\"$ESSID\" \npsk=$KEY \n}">> "$WPA_CONF/wpa.conf" + elif ! echo "$KEY" | wpa_passphrase "$ESSID" >> "$WPA_CONF/wpa.conf"; then + report_fail "Configuration generation failed." + cat "$WPA_CONF/wpa.conf" >&2 return 1 fi # Connect! [[ -z "$WPA_OPTS" ]] && WPA_OPTS="-Dwext" -<<<<<<< Updated upstream - report_debug wireless_up start_wpa "$INTERFACE" "$WPA_CONF" "$WPA_OPTS" - if ! start_wpa $INTERFACE $WPA_CONF $WPA_OPTS; then -======= report_debug wireless_up start_wpa "$INTERFACE" "$WPA_CONF/wpa.conf" "$WPA_OPTS" - if ! start_wpa "$INTERFACE" "$WPA_CONF" "$WPA_OPTS"; then ->>>>>>> Stashed changes + if ! start_wpa "$INTERFACE" "$WPA_CONF/wpa.conf" "$WPA_OPTS"; then report_fail "wpa_supplicant did not start, possible configuration error" return 1 fi @@ -171,7 +169,7 @@ wireless_down() { fi report_debug wireless_down stop_wpa "$INTERFACE" stop_wpa $INTERFACE - [[ "$SECURITY" == "wpa" ]] && rm -f "/tmp/wpa.${PROFILE// /}" # remove wpa config + [[ "$SECURITY" == "wpa" ]] && rm -rf "/tmp/wpa.${PROFILE// /}" # remove tmp wpa config report_debug wireless_down iwconfig "$INTERFACE" essid off key off iwconfig $INTERFACE essid off key off &> /dev/null set_interface down $INTERFACE |