| rev |
line source |
|
al@463
|
1 Various Development Notes
|
|
al@463
|
2 =========================
|
|
al@463
|
3
|
|
al@463
|
4 --------------------------------------------------------------------------------
|
|
al@463
|
5
|
|
al@463
|
6 network.cgi
|
|
al@463
|
7 -----------
|
|
al@463
|
8
|
|
al@463
|
9 Goal: allow ANY symbols in the WPA PSK (Wi-Fi password).
|
|
al@463
|
10 We can find WPA PSK in the different places, and there are different
|
|
al@463
|
11 restrictions to write it.
|
|
al@463
|
12
|
|
al@463
|
13 a) /etc/network.conf: SliTaz system wide networking configuration;
|
|
al@463
|
14 b) /etc/wpa/wpa.conf: wpa_supplicant configuration file;
|
|
al@463
|
15 c) html input form in the TazPanel > Network > Wireless;
|
|
al@463
|
16 d) saved passwords for known networks in the javascript in the same place.
|
|
al@463
|
17
|
|
al@463
|
18 Let's see all that files/places one by one.
|
|
al@463
|
19
|
|
al@463
|
20
|
|
al@463
|
21 a) network.conf
|
|
al@463
|
22
|
|
al@463
|
23 Really "network.conf" is a shell script. It contains variables definitions, and
|
|
al@463
|
24 it sourced into other shell scripts to define all Wi-Fi configuration variables.
|
|
al@463
|
25 By default, we can see variable and its content in the double quotes:
|
|
al@463
|
26
|
|
al@463
|
27 WIFI_KEY="mypassword"
|
|
al@463
|
28
|
|
al@463
|
29 There are many pitfalls if we allow ANY symbols here:
|
|
al@463
|
30
|
|
al@463
|
31 Variable expansion:
|
|
al@463
|
32 WIFI_KEY="123$HOME"
|
|
al@463
|
33 WIFI_KEY="$0$#$? *"
|
|
al@463
|
34
|
|
al@463
|
35 Command expansion:
|
|
al@463
|
36 WIFI_KEY="123$(echo 456)789"
|
|
al@463
|
37 WIFI_KEY="`rm -rf /`"
|
|
al@463
|
38
|
|
al@463
|
39 Quoting problem:
|
|
al@463
|
40 WIFI_KEY="abc"def'ghi"
|
|
al@463
|
41
|
|
al@463
|
42 Seems, we'll solve the problem when escape some symbols:
|
|
al@463
|
43 \ → \\
|
|
al@463
|
44 " → \"
|
|
al@463
|
45 $ → \$
|
|
al@463
|
46 ` → \`
|
|
al@463
|
47
|
|
al@463
|
48 Another solution exists (and currently I stick to it): single quotes. We need no
|
|
al@463
|
49 escape anything but single quotes (') in the single quotes terminated string.
|
|
al@463
|
50 And yes, this quoting is a pain for brain:
|
|
al@463
|
51
|
|
al@463
|
52 Password: abc"def'ghi
|
|
al@463
|
53 String : WIFI_KEY='abc"def'"'"'ghi'
|
|
al@463
|
54 But it is simple work for sed command.
|
|
al@463
|
55
|
|
al@463
|
56
|
|
al@463
|
57 b) wpa.conf
|
|
al@463
|
58
|
|
al@463
|
59 wpa_supplicant actually connects us to our Wi-Fi networks, and it is a file
|
|
al@463
|
60 where we can store all our networks settings, including passwords. It is handy
|
|
al@463
|
61 when you have one network at home, other - at work, and another - at your
|
|
al@463
|
62 friends home. Really, you shouldn't to re-enter all these passwords again.
|
|
al@463
|
63
|
|
al@464
|
64 We can read a lot of useful information in the wpa_supplicant.conf file
|
|
al@463
|
65 (/etc/wpa/wpa_supplicant.conf):
|
|
al@463
|
66
|
|
al@463
|
67 # psk: WPA preshared key; 256-bit pre-shared key
|
|
al@463
|
68 # The key used in WPA-PSK mode can be entered either as 64 hex-digits, i.e.,
|
|
al@463
|
69 # 32 bytes or as an ASCII passphrase (in which case, the real PSK will be
|
|
al@463
|
70 # generated using the passphrase and SSID). ASCII passphrase must be between
|
|
al@463
|
71 # 8 and 63 characters (inclusive). ext:<name of external PSK field> format can
|
|
al@463
|
72 # be used to indicate that the PSK/passphrase is stored in external storage.
|
|
al@463
|
73 # This field is not needed, if WPA-EAP is used.
|
|
al@463
|
74 # Note: Separate tool, wpa_passphrase, can be used to generate 256-bit keys
|
|
al@463
|
75 # from ASCII passphrase. This process uses lot of CPU and wpa_supplicant
|
|
al@463
|
76 # startup and reconfiguration time can be optimized by generating the PSK only
|
|
al@463
|
77 # only when the passphrase or SSID has actually changed.
|
|
al@463
|
78
|
|
al@463
|
79
|
|
al@463
|
80 Interesting and good method to use 64 symbols "passwords", maybe we switch to it
|
|
al@463
|
81 sometimes. Example of using "wpa_passphrase":
|
|
al@463
|
82 Let network name is: my_wifi
|
|
al@463
|
83 Let password is : abc'def"ghi
|
|
al@463
|
84 Let's run utility twice - with different quoting style:
|
|
al@463
|
85
|
|
al@463
|
86 tux@slitaz:~$ wpa_passphrase my_wifi "abc'def\"ghi"
|
|
al@463
|
87 network={
|
|
al@463
|
88 ssid="my_wifi"
|
|
al@463
|
89 #psk="abc'def"ghi"
|
|
al@463
|
90 psk=e99c121a998a0c35419b16fd56beb38d2b471fd5519518c056af933e9daf3e30
|
|
al@463
|
91 }
|
|
al@463
|
92 tux@slitaz:~$ wpa_passphrase my_wifi 'abc'"'"'def"ghi'
|
|
al@463
|
93 network={
|
|
al@463
|
94 ssid="my_wifi"
|
|
al@463
|
95 #psk="abc'def"ghi"
|
|
al@463
|
96 psk=e99c121a998a0c35419b16fd56beb38d2b471fd5519518c056af933e9daf3e30
|
|
al@463
|
97 }
|
|
al@463
|
98
|
|
al@463
|
99 Here psk are identical, so we can use this method.
|
|
al@463
|
100
|
|
al@463
|
101 But I can't find advanced info about quoting style in the wpa_supplicant
|
|
al@463
|
102 configuration file. So, I ended with little experiment. I've created new
|
|
al@463
|
103 network connection in my Android smartphone and viewed my
|
|
al@463
|
104 /data/misc/wifi/wpa_supplicant.conf file using Root Explorer application:
|
|
al@463
|
105
|
|
al@463
|
106 network={
|
|
al@463
|
107 ssid="my_wifi"
|
|
al@463
|
108 scan_ssid=1
|
|
al@463
|
109 psk="abc'def"ghi"
|
|
al@463
|
110 key_mgmt=WPA-PSK
|
|
al@463
|
111 }
|
|
al@463
|
112
|
|
al@463
|
113 Yes, we can see unpaired quotes. Really don't know is it right. Maybe,
|
|
al@463
|
114 wpa_supplicant just readed line content between first and last quotes. Need to
|
|
al@463
|
115 dig into sources... And now I not quote psk in any manner.
|
|
al@463
|
116
|
|
al@463
|
117
|
|
al@463
|
118 c) network.cgi form input
|
|
al@463
|
119
|
|
al@463
|
120 Piece of html code:
|
|
al@463
|
121
|
|
al@463
|
122 <input type="password" name="password" value="$WIFI_KEY" id="password"/>
|
|
al@463
|
123
|
|
al@463
|
124 Here we free to use single quotes or double quotes, but we should escape them
|
|
al@463
|
125 in the html manner:
|
|
al@463
|
126 ' → '
|
|
al@463
|
127 " → "
|
|
al@463
|
128
|
|
al@463
|
129 Also, don't forget about these symbols:
|
|
al@463
|
130 & → &
|
|
al@463
|
131 < → <
|
|
al@463
|
132 > → >
|
|
al@463
|
133
|
|
al@463
|
134
|
|
al@463
|
135 d) network.cgi javascript database
|
|
al@463
|
136
|
|
al@463
|
137 Also, we store passwords in the known networks database in the form of
|
|
al@463
|
138 javascript to gain user experience without page to be reloaded: you can click
|
|
al@463
|
139 Wi-Fi network name and script will fill its password for you.
|
|
al@463
|
140
|
|
al@463
|
141 Here example of that script on the html page:
|
|
al@463
|
142
|
|
al@463
|
143 <script type="text/javascript">
|
|
al@463
|
144 ajax('network.cgi?wifi_list', '1', 'wifiList');
|
|
al@463
|
145 networks = [
|
|
al@463
|
146 {ssid:"my_wifi", scan_ssid:"1", psk:"my_password", key_mgmt:"WPA-PSK",
|
|
al@463
|
147 priority:"1"},
|
|
al@463
|
148 {ssid:"your_wifi", scan_ssid:"1", key_mgmt:"NONE", auth_alg:"OPEN SHARED",
|
|
al@463
|
149 wep_key0:"01234567890123456789abcdef", priority:"3"}
|
|
al@463
|
150 ];
|
|
al@463
|
151 </script>
|
|
al@463
|
152
|
|
al@464
|
153 Here we need to escape ('"&<>) symbols but in the slightly another manner:
|
|
al@464
|
154 \ → \\
|
|
al@464
|
155 " → \"
|
|
al@463
|
156
|
|
al@463
|
157
|
|
al@463
|
158 So, what do you think about this very special password? :=D
|
|
al@463
|
159 a'b"c $(echo 2)=$HOME`date`\t&#x
|
|
al@463
|
160
|
|
al@463
|
161 --------------------------------------------------------------------------------
|