[PATCH 1/3] Added wpa_config_get_all function

Witold Sowa witold.sowa at gmail.com
Wed Nov 11 17:16:30 EST 2009


Jouni Malinen pisze:
> On Tue, Nov 10, 2009 at 04:18:04PM +0100, Witold Sowa wrote:
> 
>> The original patch doesn't introduce access to full config, but to
>> non-secret config entries only, but it can be easily changed (second
>> argument in wpa_config_get_all).
> 
> Now that I looked at this, the latest version of the new dbus code is
> also using get_keys=0. As such, I don't think WPS would work with this
> version. Am I missing something?

We still have credentials signal which is sent asynchronously when new
credentials are received so the external application like NM will get
WPS credentials.

> I did end up applying the patch to introduce wpa_config_get_all() at
> least for now. However, I may consider a change on this in the future to
> limit the access to only the keys provisioned with WPS (the current
> version seems to limit this anyway with get_keys=0, but it can be
> changed).
> 
> Are there any other missing patches that I would have missed? Is there
> any good way for me to test the new interface?
> 

There is one more short patch (in attachment). DBus signals sent from
wpa_supplicant are readable to anyone. That applies to credentials
signal which contains secret data too. This patch changes DBus policy so
only root will receive signals from wpa_supplicant.

To recap, we finished with:
1. Network configuration is available only to root and without secret
data like PSKs.
2. WPS credentials are sent asynchronously only to root and only once
when received. They are not cashed and cannot we reread later.
jm: Is that secure enought? dcbw: Is that enough for NM requirements?

Here is updated documentation for new API I wrote some time ago:
http://student.agh.edu.pl/~wsowa/new-dbus-api.html
I think, that it should be available somewhere on wpa_supplicant's site.

Witek.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-dbus-Only-root-can-receive-signals.patch
Type: text/x-patch
Size: 0 bytes
Desc: not available
Url : http://lists.shmoo.com/pipermail/hostap/attachments/20091111/103f98ed/attachment.bin 


More information about the HostAP mailing list