D-Bus support for password=hash:
Jouni Malinen
j
Sun Dec 18 11:27:08 PST 2011
On Mon, Oct 31, 2011 at 03:03:10PM -0700, Evan Broder wrote:
> wpa_supplicant config files support just specifying the NtPasswordHash
> for a MS-CHAPv2 connection instead of providing the password itself by
> setting password=hash:1234deadbeefetc.
>
> However, it does this check before parsing the string value, and the
> D-Bus interfaces will only set the password to either a quoted string
> (if it comes in as a D-Bus string) or an array of hex bytes (if it
> comes in as a byte array), which means there's no way to invoke this
> functionality over D-Bus.
>
> I'd like to fix that, but I'm not really sure of the best way to
> expose it. Does anybody have thoughts on how to do it?
There did not seem to be any discussion on this. Are you still looking
at adding D-Bus support for the NT password hash?
> It seems like the cleanest option would be a new config file
> option/D-Bus key ("password_hash"?), which is checked if "password"
> isn't populated, and is assumed to be a hex byte string (so it would
> come over D-Bus as an array of bytes), but I don't feel that I have a
> good enough sense of hostap/wpa_supplicant's style to dive into
> writing a patch, so I'd appreciated feedback before I start on
> implementation.
I don't think there is need for any struct config_ssid (or well, struct
eap_peer_config) changes for this. It could also be possible to do this
entirely within set_network_properties() in
wpa_supplicant/dbus/dbus_new_handlers.c by using a new key (say,
that "password_hash") and build a suitable string for wpa_config_set()
to parse that. If that turns out being too complex, I could consider a
new ssids_fields parser in wpa_supplicant/config.c (say,
FUNC(password_hash)) to make this easier to handle in the D-Bus
implementation without requiring more special cases there.
--
Jouni Malinen PGP id EFC895FA
More information about the Hostap
mailing list