tazpanel view README.devel @ rev 633

Remove vpn.desktop: a ppp extention
author Pascal Bellard <pascal.bellard@slitaz.org>
date Sun Feb 16 11:43:15 2020 +0100 (2020-02-16)
parents 525e6519e66b
children
line source
1 Various Development Notes
2 =========================
4 --------------------------------------------------------------------------------
6 network.cgi
7 -----------
9 Goal: allow ANY symbols in the WPA PSK (Wi-Fi password).
10 We can find WPA PSK in all the different places, and there are different
11 restrictions to write it.
13 a) /etc/network.conf: SliTaz system wide networking configuration;
14 b) /etc/wpa/wpa.conf: wpa_supplicant configuration file;
15 c) html input form in the TazPanel > Network > Wireless;
16 d) saved passwords for known networks in the javascript in the same place.
18 Let's see all those files/places one by one.
21 a) network.conf
23 Really "network.conf" is a shell script. It contains variables definitions and
24 is sourced into other shell scripts to define all Wi-Fi configuration variables.
25 By default, we can see variables and their contents in the double quotes:
27 WIFI_KEY="mypassword"
28 There are many pitfalls if we allow ANY symbols here:
30 Variable expansion:
31 WIFI_KEY="123$HOME"
32 WIFI_KEY="$0$#$? *"
34 Command expansion:
35 WIFI_KEY="123$(echo 456)789"
36 WIFI_KEY="`rm -rf /`"
38 Quoting problem:
39 WIFI_KEY="abc"def'ghi"
41 Seems, we'll solve the problem when escaping some symbols:
42 \ → \\
43 " → \"
44 $ → \$
45 ` → \`
47 Another solution exists (and currently I stick to it): single quotes. We need not
48 escape anything but single quotes (') in the single quotes terminated string.
49 And yes, this quoting is a pain for brain:
51 Password: abc"def'ghi
52 String : WIFI_KEY='abc"def'"'"'ghi'
53 But it is simple work for sed command.
56 b) wpa.conf
58 wpa_supplicant actually connects us to our Wi-Fi networks and it is a file
59 where we can store all our networks settings, including passwords. It is handy
60 when you have one network at home, other - at work, and another - at your
61 friends home. Really, you shouldn't need to re-enter all these passwords again.
63 We can read a lot of useful information in the wpa_supplicant.conf file
64 (/etc/wpa/wpa_supplicant.conf):
66 # psk: WPA preshared key; 256-bit pre-shared key
67 # The key used in WPA-PSK mode can be entered either as 64 hex-digits, i.e.,
68 # 32 bytes or as an ASCII passphrase (in which case, the real PSK will be
69 # generated using the passphrase and SSID). ASCII passphrase must be between
70 # 8 and 63 characters (inclusive). ext:<name of external PSK field> format can
71 # be used to indicate that the PSK/passphrase is stored in external storage.
72 # This field is not needed, if WPA-EAP is used.
73 # Note: Separate tool, wpa_passphrase, can be used to generate 256-bit keys
74 # from ASCII passphrase. This process uses lots of CPU and wpa_supplicant
75 # startup and reconfiguration time can be optimized by generating the PSK
76 # only when the passphrase or SSID has actually changed.
79 Interesting and good method to use 64 symbols "passwords", maybe we can switch to it
80 sometimes. Example of using "wpa_passphrase":
81 Let network name be: my_wifi
82 Let password be : abc'def"ghi
83 Let's run utility twice - with a different quoting style:
85 tux@slitaz:~$ wpa_passphrase my_wifi "abc'def\"ghi"
86 network={
87 ssid="my_wifi"
88 #psk="abc'def"ghi"
89 psk=e99c121a998a0c35419b16fd56beb38d2b471fd5519518c056af933e9daf3e30
90 }
91 tux@slitaz:~$ wpa_passphrase my_wifi 'abc'"'"'def"ghi'
92 network={
93 ssid="my_wifi"
94 #psk="abc'def"ghi"
95 psk=e99c121a998a0c35419b16fd56beb38d2b471fd5519518c056af933e9daf3e30
96 }
98 Here the psk are identical, so we can use this method.
100 But I can't find advanced info about quoting style in the wpa_supplicant
101 configuration file. So, I ended with a little experiment. I've created a new
102 network connection in my Android smartphone and viewed my
103 /data/misc/wifi/wpa_supplicant.conf file using Root Explorer application:
105 network={
106 ssid="my_wifi"
107 scan_ssid=1
108 psk="abc'def"ghi"
109 key_mgmt=WPA-PSK
110 }
112 Yes, we can see unpaired quotes. Really I don't know if it is right. Maybe,
113 wpa_supplicant just reads line content between first and last quotes. Need to
114 dig into sources... And now I will not quote psk in any manner.
117 c) network.cgi form input
119 Piece of html code:
121 <input type="password" name="password" value="$WIFI_KEY" id="password"/>
123 Here we are free to use single quotes or double quotes, but we should escape them
124 in the html manner:
125 ' → &apos;
126 " → &quot;
128 Also, don't forget about these symbols:
129 & → &amp;
130 < → &lt;
131 > → &gt;
134 d) network.cgi javascript database
136 Also, we store passwords in the known networks database in the form of
137 javascript to gain user experience without pages having to be reloaded: you can click
138 Wi-Fi network name and the script will fill its password for you.
140 Here's an example of that script on the html page:
142 <script type="text/javascript">
143 ajax('network.cgi?wifi_list', '1', 'wifiList');
144 networks = [
145 {ssid:"my_wifi", scan_ssid:"1", psk:"my_password", key_mgmt:"WPA-PSK",
146 priority:"1"},
147 {ssid:"your_wifi", scan_ssid:"1", key_mgmt:"NONE", auth_alg:"OPEN SHARED",
148 wep_key0:"01234567890123456789abcdef", priority:"3"}
149 ];
150 </script>
152 Here we need to escape ('"&<>) symbols but in another manner slightly:
153 \ → \\
154 " → \"
157 So, what do you think about this very special password? :=D
158 a'b"c $(echo 2)=$HOME`date`\t&#x
160 --------------------------------------------------------------------------------