wireless networks: Validate any PSKs for WPA*

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

diff --git a/src/functions/functions.wireless b/src/functions/functions.wireless
index 7ddb59cb23b545f4174f70fcccc602eb3b74bda8..d12efc65d7eb1838ab249cf4dcd48032c924f2d5 100644 (file)
--- a/src/functions/functions.wireless
+++ b/src/functions/functions.wireless
@@ -329,6 +329,32 @@ wireless_set_channel() {
        cmd iw dev "${device}" set channel "${channel}"
 }
 
+wireless_pre_shared_key_is_valid() {
+       local encryption_mode="${1}"
+       local psk="${2}"
+
+       # Length of the PSK
+       local l="${#psk}"
+
+       case "${encryption_mode}" in
+               # For WPA*, the key must be between 8 and 63 chars
+               WPA2-PSK|WPA2-PSK-SHA256|WPA-PSK|WPA-PSK-SHA256)
+                       if [ ${l} -ge 8 ] && [ ${l} -le 63 ]; then
+                               return ${EXIT_TRUE}
+                       fi
+
+                       return ${EXIT_FALSE}
+                       ;;
+
+               WEP)
+                       # XXX need to check if the key is entered in
+                       # hex or ascii and then count the bytes
+                       ;;
+       esac
+
+       return ${EXIT_ERROR}
+}
+
 wireless_ibss_join() {
        local device=${1}
        assert isset device

diff --git a/src/functions/functions.wireless-networks b/src/functions/functions.wireless-networks
index e2af14cdc6a87cadf0bc643e96d9fc34d426bd3a..1d39bcda74cc83c5286e186d5d124dded3cf30f5 100644 (file)
--- a/src/functions/functions.wireless-networks
+++ b/src/functions/functions.wireless-networks
@@ -32,7 +32,7 @@ cli_wireless_network() {
                *)
                        local ssid="${1}"
                        local key="${2//-/_}"
-                       shift
+                       shift 2
 
                        if ! wireless_network_exists "${ssid}"; then
                                error "No such wireless network: ${ssid}"
@@ -270,7 +270,23 @@ wireless_network_encryption_mode() {
                return ${EXIT_ERROR}
        fi
 
-       if ! wireless_network_write_config_key "${ssid}" "ENCRYPTION_MODE" ${mode^^}; then
+       local ${WIRELESS_NETWORK_CONFIG_SETTINGS}
+       if ! wireless_network_read_config "${ssid}"; then
+               error "Could not read configuration for ${ssid}"
+               return ${EXIT_ERROR}
+       fi
+
+       # Validate the PSK when changing mode and reset if needed
+       if isset PSK && [ "${mode}" != "NONE" ] && \
+                       ! wireless_pre_shared_key_is_valid "${mode}" "${PSK}"; then
+               log WARNING "The configured pre-shared-key is incompatible with this encryption mode and has been reset"
+               PSK=""
+       fi
+
+       # Save new encryption mode
+       ENCRYPTION_MODE="${mode}"
+
+       if ! wireless_network_write_config "${ssid}"; then
                log ERROR "Could not write configuration settings"
                return ${EXIT_ERROR}
        fi
@@ -284,6 +300,20 @@ wireless_network_pre_shared_key() {
        local ssid="${1}"
        local psk="${2}"
 
+       local ${WIRELESS_NETWORK_CONFIG_SETTINGS}
+       if ! wireless_network_read_config "${ssid}"; then
+               error "Could not read configuration for ${ssid}"
+               return ${EXIT_ERROR}
+       fi
+
+       # Validate the key if encryption mode is known
+       if isset ENCRYPTION_MODE && [ "${ENCRYPTION_MODE}" != "NONE" ]; then
+               if ! wireless_pre_share_key_is_valid "${ENCRYPTION_MODE}" "${psk}"; then
+                       error "The pre-shared-key is invalid for this wireless network: ${psk}"
+                       return ${EXIT_ERROR}
+               fi
+       fi
+
        if ! wireless_network_write_config_key "${ssid}" "PSK" "${psk}"; then
                log ERROR "Could not write configuration settings"
                return ${EXIT_ERROR}