D-Bus support for password=hash:

Jouni Malinen j at w1.fi
Sun Dec 18 14:27:08 EST 2011


On Mon, Oct 31, 2011 at 03:03:10PM -0700, Evan Broder wrote:
> wpa_supplicant config files support just specifying the NtPasswordHash
> for a MS-CHAPv2 connection instead of providing the password itself by
> setting password=hash:1234deadbeefetc.
> 
> However, it does this check before parsing the string value, and the
> D-Bus interfaces will only set the password to either a quoted string
> (if it comes in as a D-Bus string) or an array of hex bytes (if it
> comes in as a byte array), which means there's no way to invoke this
> functionality over D-Bus.
> 
> I'd like to fix that, but I'm not really sure of the best way to
> expose it. Does anybody have thoughts on how to do it?

There did not seem to be any discussion on this. Are you still looking
at adding D-Bus support for the NT password hash?

> It seems like the cleanest option would be a new config file
> option/D-Bus key ("password_hash"?), which is checked if "password"
> isn't populated, and is assumed to be a hex byte string (so it would
> come over D-Bus as an array of bytes), but I don't feel that I have a
> good enough sense of hostap/wpa_supplicant's style to dive into
> writing a patch, so I'd appreciated feedback before I start on
> implementation.

I don't think there is need for any struct config_ssid (or well, struct
eap_peer_config) changes for this. It could also be possible to do this
entirely within set_network_properties() in
wpa_supplicant/dbus/dbus_new_handlers.c by using a new key (say,
that "password_hash") and build a suitable string for wpa_config_set()
to parse that. If that turns out being too complex, I could consider a
new ssids_fields parser in wpa_supplicant/config.c (say,
FUNC(password_hash)) to make this easier to handle in the D-Bus
implementation without requiring more special cases there.

-- 
Jouni Malinen                                            PGP id EFC895FA


More information about the HostAP mailing list