6766937 nwam fails to configure wpa secured wireless network (ath) automatically

author: Anurag S. Maskey <Anurag.Maskey@Sun.COM> 2008-12-22 08:25:23 -0500
committer: Anurag S. Maskey <Anurag.Maskey@Sun.COM> 2008-12-22 08:25:23 -0500
commit: a9489f613f667faf21ee68381b627b28ddb22188 (patch)
tree: 0d3ce994a031c6abc30f4750a1d5d2507363699d /usr/src
parent: b8ef3d63f88370c11b7163620bbc1206301d39d5 (diff)
download: illumos-joyent-a9489f613f667faf21ee68381b627b28ddb22188.tar.gz
5 files changed, 63 insertions, 12 deletions
diff --git a/usr/src/cmd/cmd-inet/lib/nwamd/wireless.c b/usr/src/cmd/cmd-inet/lib/nwamd/wireless.c
index 4e739ee61a..1072f43dce 100644
--- a/usr/src/cmd/cmd-inet/lib/nwamd/wireless.c
+++ b/usr/src/cmd/cmd-inet/lib/nwamd/wireless.c
@@ -1232,10 +1232,10 @@ key_string_to_secobj_value(char *buf, uint8_t *obj_val, uint_t *obj_lenp,
 }
 
 /*
- * Print the key format into the appropriate field, then convert any ":"
+ * Print the key name format into the appropriate field, then convert any ":"
  * characters to ".", as ":[1-4]" is the slot indicator, which otherwise
- * would trip us up.  The third parameter is expected to be of size
- * DLADM_SECOBJ_NAME_MAX.
+ * would trip us up.  Invalid characters for secobj names are ignored.
+ * The fourth parameter is expected to be of size DLADM_SECOBJ_NAME_MAX.
  *
  * (Note that much of the system uses DLADM_WLAN_MAX_KEYNAME_LEN, which is 64
  * rather than 32, but that dladm_get_secobj will fail if a length greater than
@@ -1244,16 +1244,37 @@ key_string_to_secobj_value(char *buf, uint8_t *obj_val, uint_t *obj_lenp,
 static void
 set_key_name(const char *essid, const char *bssid, char *name, size_t nsz)
 {
-	int i, rtn, len;
+	int i, j;
+	char secobj_name[DLADM_WLAN_MAX_KEYNAME_LEN];
 
-	if (bssid[0] == '\0')
-		rtn = snprintf(name, nsz, "nwam-%s", essid);
-	else
-		rtn = snprintf(name, nsz, "nwam-%s-%s", essid, bssid);
-	len = (rtn < nsz) ? rtn : nsz - 1;
-	for (i = 0; i < len; i++)
-		if (name[i] == ':')
-			name[i] = '.';
+	/* create a concatenated string with essid and bssid */
+	if (bssid[0] == '\0') {
+		(void) snprintf(secobj_name, sizeof (secobj_name), "nwam-%s",
+		    essid);
+	} else {
+		(void) snprintf(secobj_name, sizeof (secobj_name), "nwam-%s-%s",
+		    essid, bssid);
+	}
+
+	/* copy only valid chars to the return string, terminating with \0 */
+	i = 0; /* index into secobj_name */
+	j = 0; /* index into name */
+	while (secobj_name[i] != '\0') {
+		if (j == nsz - 1)
+			break;
+
+		if (secobj_name[i] == ':') {
+			name[j] = '.';
+			j++;
+		} else if (isalnum(secobj_name[i]) ||
+		    secobj_name[i] == '.' || secobj_name[i] == '-' ||
+		    secobj_name[i] == '_') {
+			name[j] = secobj_name[i];
+			j++;
+		}
+		i++;
+	}
+	name[j] = '\0';
 }
 
 static int
diff --git a/usr/src/cmd/dladm/dladm.c b/usr/src/cmd/dladm/dladm.c
index c845aa59d4..5d2aea069a 100644
--- a/usr/src/cmd/dladm/dladm.c
+++ b/usr/src/cmd/dladm/dladm.c
@@ -6183,6 +6183,9 @@ do_create_secobj(int argc, char **argv, const char *use)
 	if (obj_name == NULL)
 		die("secure object name required");
 
+	if (!dladm_valid_secobj_name(obj_name))
+		die("invalid secure object name '%s'", obj_name);
+
 	success = check_auth(LINK_SEC_AUTH);
 	audit_secobj(LINK_SEC_AUTH, class_name, obj_name, success, B_TRUE);
 	if (!success)
diff --git a/usr/src/lib/libdladm/common/libdllink.h b/usr/src/lib/libdladm/common/libdllink.h
index 29d078470c..22f396c3a6 100644
--- a/usr/src/lib/libdladm/common/libdllink.h
+++ b/usr/src/lib/libdladm/common/libdllink.h
@@ -145,6 +145,7 @@ extern dladm_status_t	dladm_str2secobjclass(const char *,
 
 extern dladm_status_t	dladm_init_linkprop(datalink_id_t, boolean_t);
 extern dladm_status_t	dladm_init_secobj(void);
+extern boolean_t	dladm_valid_secobj_name(const char *);
 
 extern dladm_status_t	dladm_create_datalink_id(const char *, datalink_class_t,
 			    uint_t, uint32_t, datalink_id_t *);
diff --git a/usr/src/lib/libdladm/common/mapfile-vers b/usr/src/lib/libdladm/common/mapfile-vers
index 4d6fdce190..fbdcb31521 100644
--- a/usr/src/lib/libdladm/common/mapfile-vers
+++ b/usr/src/lib/libdladm/common/mapfile-vers
@@ -38,6 +38,7 @@ SUNWprivate_1.1 {
 	dladm_get_linkprop;
 	dladm_set_linkprop;
 	dladm_walk_linkprop;
+	dladm_valid_secobj_name;
 	dladm_init_secobj;
 	dladm_get_secobj;
 	dladm_set_secobj;
diff --git a/usr/src/lib/libdladm/common/secobj.c b/usr/src/lib/libdladm/common/secobj.c
index 6199f32001..cf9b262a9b 100644
--- a/usr/src/lib/libdladm/common/secobj.c
+++ b/usr/src/lib/libdladm/common/secobj.c
@@ -130,6 +130,9 @@ dladm_set_secobj(const char *obj_name, dladm_secobj_class_t class,
 	dld_ioc_secobj_set_t	secobj_set;
 	dld_secobj_t		*objp;
 
+	if (!dladm_valid_secobj_name(obj_name))
+		return (DLADM_STATUS_BADARG);
+
 	if (!dladm_check_secobjclass(class) || flags == 0 ||
 	    obj_name == NULL || strlen(obj_name) > DLD_SECOBJ_NAME_MAX ||
 	    obj_val == NULL || obj_len == 0 || obj_len > DLD_SECOBJ_VAL_MAX)
@@ -651,3 +654,25 @@ dladm_init_secobj(void)
 
 	return (SECOBJ_RW_DB(&state, B_FALSE));
 }
+
+boolean_t
+dladm_valid_secobj_name(const char *secobj_name)
+{
+	size_t len = strlen(secobj_name);
+	const char *cp;
+
+	if (len + 1 > DLADM_SECOBJ_NAME_MAX)
+		return (B_FALSE);
+
+	/*
+	 * The legal characters in a secobj name are:
+	 * alphanumeric (a-z, A-Z, 0-9), '.', '_', '-'.
+	 */
+	for (cp = secobj_name; *cp != '\0'; cp++) {
+		if (!isalnum(*cp) &&
+		    (*cp != '.') && (*cp != '_') && (*cp != '-'))
+			return (B_FALSE);
+	}
+
+	return (B_TRUE);
+}
author	Anurag S. Maskey <Anurag.Maskey@Sun.COM>	2008-12-22 08:25:23 -0500
committer	Anurag S. Maskey <Anurag.Maskey@Sun.COM>	2008-12-22 08:25:23 -0500
commit	a9489f613f667faf21ee68381b627b28ddb22188 (patch)
tree	0d3ce994a031c6abc30f4750a1d5d2507363699d /usr/src
parent	b8ef3d63f88370c11b7163620bbc1206301d39d5 (diff)
download	illumos-joyent-a9489f613f667faf21ee68381b627b28ddb22188.tar.gz