| rev |
line source |
|
al@463
|
1 Various Development Notes
|
|
al@463
|
2 =========================
|
|
al@463
|
3
|
|
al@463
|
4 --------------------------------------------------------------------------------
|
|
al@463
|
5
|
|
al@463
|
6 network.cgi
|
|
al@463
|
7 -----------
|
|
al@463
|
8
|
|
al@463
|
9 Goal: allow ANY symbols in the WPA PSK (Wi-Fi password).
|
|
paul@481
|
10 We can find WPA PSK in all the different places, and there are different
|
|
al@463
|
11 restrictions to write it.
|
|
al@463
|
12
|
|
al@463
|
13 a) /etc/network.conf: SliTaz system wide networking configuration;
|
|
al@463
|
14 b) /etc/wpa/wpa.conf: wpa_supplicant configuration file;
|
|
al@463
|
15 c) html input form in the TazPanel > Network > Wireless;
|
|
al@463
|
16 d) saved passwords for known networks in the javascript in the same place.
|
|
al@463
|
17
|
|
paul@481
|
18 Let's see all those files/places one by one.
|
|
al@463
|
19
|
|
al@463
|
20
|
|
al@463
|
21 a) network.conf
|
|
al@463
|
22
|
|
paul@481
|
23 Really "network.conf" is a shell script. It contains variables definitions and
|
|
paul@481
|
24 is sourced into other shell scripts to define all Wi-Fi configuration variables.
|
|
paul@481
|
25 By default, we can see variables and their contents in the double quotes:
|
|
al@463
|
26
|
|
al@463
|
27 WIFI_KEY="mypassword"
|
|
al@463
|
28 There are many pitfalls if we allow ANY symbols here:
|
|
al@463
|
29
|
|
al@463
|
30 Variable expansion:
|
|
al@463
|
31 WIFI_KEY="123$HOME"
|
|
al@463
|
32 WIFI_KEY="$0$#$? *"
|
|
al@463
|
33
|
|
al@463
|
34 Command expansion:
|
|
al@463
|
35 WIFI_KEY="123$(echo 456)789"
|
|
al@463
|
36 WIFI_KEY="`rm -rf /`"
|
|
al@463
|
37
|
|
al@463
|
38 Quoting problem:
|
|
al@463
|
39 WIFI_KEY="abc"def'ghi"
|
|
al@463
|
40
|
|
paul@481
|
41 Seems, we'll solve the problem when escaping some symbols:
|
|
al@463
|
42 \ → \\
|
|
al@463
|
43 " → \"
|
|
al@463
|
44 $ → \$
|
|
al@463
|
45 ` → \`
|
|
al@463
|
46
|
|
paul@481
|
47 Another solution exists (and currently I stick to it): single quotes. We need not
|
|
al@463
|
48 escape anything but single quotes (') in the single quotes terminated string.
|
|
al@463
|
49 And yes, this quoting is a pain for brain:
|
|
al@463
|
50
|
|
al@463
|
51 Password: abc"def'ghi
|
|
al@463
|
52 String : WIFI_KEY='abc"def'"'"'ghi'
|
|
al@463
|
53 But it is simple work for sed command.
|
|
al@463
|
54
|
|
al@463
|
55
|
|
al@463
|
56 b) wpa.conf
|
|
al@463
|
57
|
|
paul@481
|
58 wpa_supplicant actually connects us to our Wi-Fi networks and it is a file
|
|
al@463
|
59 where we can store all our networks settings, including passwords. It is handy
|
|
al@463
|
60 when you have one network at home, other - at work, and another - at your
|
|
paul@481
|
61 friends home. Really, you shouldn't need to re-enter all these passwords again.
|
|
al@463
|
62
|
|
al@464
|
63 We can read a lot of useful information in the wpa_supplicant.conf file
|
|
al@463
|
64 (/etc/wpa/wpa_supplicant.conf):
|
|
al@463
|
65
|
|
al@463
|
66 # psk: WPA preshared key; 256-bit pre-shared key
|
|
al@463
|
67 # The key used in WPA-PSK mode can be entered either as 64 hex-digits, i.e.,
|
|
al@463
|
68 # 32 bytes or as an ASCII passphrase (in which case, the real PSK will be
|
|
al@463
|
69 # generated using the passphrase and SSID). ASCII passphrase must be between
|
|
al@463
|
70 # 8 and 63 characters (inclusive). ext:<name of external PSK field> format can
|
|
al@463
|
71 # be used to indicate that the PSK/passphrase is stored in external storage.
|
|
al@463
|
72 # This field is not needed, if WPA-EAP is used.
|
|
al@463
|
73 # Note: Separate tool, wpa_passphrase, can be used to generate 256-bit keys
|
|
paul@481
|
74 # from ASCII passphrase. This process uses lots of CPU and wpa_supplicant
|
|
paul@540
|
75 # startup and reconfiguration time can be optimized by generating the PSK
|
|
al@463
|
76 # only when the passphrase or SSID has actually changed.
|
|
al@463
|
77
|
|
al@463
|
78
|
|
paul@481
|
79 Interesting and good method to use 64 symbols "passwords", maybe we can switch to it
|
|
al@463
|
80 sometimes. Example of using "wpa_passphrase":
|
|
paul@481
|
81 Let network name be: my_wifi
|
|
paul@481
|
82 Let password be : abc'def"ghi
|
|
paul@481
|
83 Let's run utility twice - with a different quoting style:
|
|
al@463
|
84
|
|
al@463
|
85 tux@slitaz:~$ wpa_passphrase my_wifi "abc'def\"ghi"
|
|
al@463
|
86 network={
|
|
al@463
|
87 ssid="my_wifi"
|
|
al@463
|
88 #psk="abc'def"ghi"
|
|
al@463
|
89 psk=e99c121a998a0c35419b16fd56beb38d2b471fd5519518c056af933e9daf3e30
|
|
al@463
|
90 }
|
|
al@463
|
91 tux@slitaz:~$ wpa_passphrase my_wifi 'abc'"'"'def"ghi'
|
|
al@463
|
92 network={
|
|
al@463
|
93 ssid="my_wifi"
|
|
al@463
|
94 #psk="abc'def"ghi"
|
|
al@463
|
95 psk=e99c121a998a0c35419b16fd56beb38d2b471fd5519518c056af933e9daf3e30
|
|
al@463
|
96 }
|
|
al@463
|
97
|
|
paul@481
|
98 Here the psk are identical, so we can use this method.
|
|
al@463
|
99
|
|
al@463
|
100 But I can't find advanced info about quoting style in the wpa_supplicant
|
|
paul@481
|
101 configuration file. So, I ended with a little experiment. I've created a new
|
|
al@463
|
102 network connection in my Android smartphone and viewed my
|
|
al@463
|
103 /data/misc/wifi/wpa_supplicant.conf file using Root Explorer application:
|
|
al@463
|
104
|
|
al@463
|
105 network={
|
|
al@463
|
106 ssid="my_wifi"
|
|
al@463
|
107 scan_ssid=1
|
|
al@463
|
108 psk="abc'def"ghi"
|
|
al@463
|
109 key_mgmt=WPA-PSK
|
|
al@463
|
110 }
|
|
al@463
|
111
|
|
paul@481
|
112 Yes, we can see unpaired quotes. Really I don't know if it is right. Maybe,
|
|
paul@481
|
113 wpa_supplicant just reads line content between first and last quotes. Need to
|
|
paul@481
|
114 dig into sources... And now I will not quote psk in any manner.
|
|
al@463
|
115
|
|
al@463
|
116
|
|
al@463
|
117 c) network.cgi form input
|
|
al@463
|
118
|
|
al@463
|
119 Piece of html code:
|
|
al@463
|
120
|
|
al@463
|
121 <input type="password" name="password" value="$WIFI_KEY" id="password"/>
|
|
al@463
|
122
|
|
paul@481
|
123 Here we are free to use single quotes or double quotes, but we should escape them
|
|
al@463
|
124 in the html manner:
|
|
al@463
|
125 ' → '
|
|
al@463
|
126 " → "
|
|
al@463
|
127
|
|
al@463
|
128 Also, don't forget about these symbols:
|
|
al@463
|
129 & → &
|
|
al@463
|
130 < → <
|
|
al@463
|
131 > → >
|
|
al@463
|
132
|
|
al@463
|
133
|
|
al@463
|
134 d) network.cgi javascript database
|
|
al@463
|
135
|
|
al@463
|
136 Also, we store passwords in the known networks database in the form of
|
|
paul@481
|
137 javascript to gain user experience without pages having to be reloaded: you can click
|
|
paul@481
|
138 Wi-Fi network name and the script will fill its password for you.
|
|
al@463
|
139
|
|
paul@540
|
140 Here's an example of that script on the html page:
|
|
al@463
|
141
|
|
al@463
|
142 <script type="text/javascript">
|
|
al@463
|
143 ajax('network.cgi?wifi_list', '1', 'wifiList');
|
|
al@463
|
144 networks = [
|
|
al@463
|
145 {ssid:"my_wifi", scan_ssid:"1", psk:"my_password", key_mgmt:"WPA-PSK",
|
|
al@463
|
146 priority:"1"},
|
|
al@463
|
147 {ssid:"your_wifi", scan_ssid:"1", key_mgmt:"NONE", auth_alg:"OPEN SHARED",
|
|
al@463
|
148 wep_key0:"01234567890123456789abcdef", priority:"3"}
|
|
al@463
|
149 ];
|
|
al@463
|
150 </script>
|
|
al@463
|
151
|
|
paul@481
|
152 Here we need to escape ('"&<>) symbols but in another manner slightly:
|
|
al@464
|
153 \ → \\
|
|
al@464
|
154 " → \"
|
|
al@463
|
155
|
|
al@463
|
156
|
|
al@463
|
157 So, what do you think about this very special password? :=D
|
|
al@463
|
158 a'b"c $(echo 2)=$HOME`date`\t&#x
|
|
al@463
|
159
|
|
al@463
|
160 --------------------------------------------------------------------------------
|