Add a new flag '-k' to ifconfig(8), indicating that it is alright to

print potentially sensitive keying material to stdout. With the new 802.11 support, ifconfig(8) is now capable of printing 802.11 keys, and did by default for the root user, which is undesirable in some environments. Now it will not print keying material unless requested (and available to the user). MFC after: 1 week
svn path=/head/; revision=148001
2005-07-14 18:33:21 +00:00 · 2005-07-14 18:33:21 +00:00 · b7eb47e290 · 2020-12-20 02:59:44 +00:00
commit b7eb47e290
parent 1189affa8b
4 changed files with 18 additions and 2 deletions
--- a/sbin/ifconfig/ifconfig.8
+++ b/sbin/ifconfig/ifconfig.8
@ -37,6 +37,7 @@
 .Sh SYNOPSIS
 .Nm
 .Op Fl L
+.Op Fl k
 .Op Fl m
 .Ar interface
 .Op Cm create
@ -65,6 +66,7 @@
 .Nm
 .Op Fl L
 .Op Fl d
+.Op Fl k
 .Op Fl m
 .Op Fl u
 .Op Fl v
@ -1071,6 +1073,15 @@ flag may be used to list all of the interface cloners available on
 the system, with no additional information.
 Use of this flag is mutually exclusive with all other flags and commands.
 .Pp
+The
+.Fl k
+flag causes keying information for the interface, if available, to be
+printed.
+For example, the values of 802.11 WEP keys will be printed, if accessible to
+the current user.
+This information is not printed by default, as it may be considered
+sensitive.
+.Pp
 Only the super-user may modify the configuration of a network interface.
 .Sh NOTES
 The media selection system is relatively new and only some drivers support
--- a/sbin/ifconfig/ifconfig.c
+++ b/sbin/ifconfig/ifconfig.c
@ -91,6 +91,7 @@ int	newaddr = 1;
 int	verbose;

 int	supmedia = 0;
+int	printkeys = 0;		/* Print keying material for interfaces. */
 int	printname = 0;		/* Print the name of the created interface. */

 static	int ifconfig(int argc, char *const *argv, const struct afswtch *afp);
@ -156,7 +157,7 @@ main(int argc, char *argv[])
 	all = downonly = uponly = namesonly = verbose = 0;

 	/* Parse leading line options */
-	strlcpy(options, "adlmuv", sizeof(options));
+	strlcpy(options, "adklmuv", sizeof(options));
 	for (p = opts; p != NULL; p = p->next)
 		strlcat(options, p->opt, sizeof(options));
 	while ((c = getopt(argc, argv, options)) != -1) {
@ -167,6 +168,9 @@ main(int argc, char *argv[])
 		case 'd':	/* restrict scan to "down" interfaces */
 			downonly++;
 			break;
+		case 'k':
+			printkeys++;
+			break;
 		case 'l':	/* scan interface names only */
 			namesonly++;
 			break;
--- a/sbin/ifconfig/ifconfig.h
+++ b/sbin/ifconfig/ifconfig.h
@ -126,6 +126,7 @@ extern	struct ifreq ifr;
 extern	char name[IFNAMSIZ];	/* name of interface */
 extern	int allmedia;
 extern	int supmedia;
+extern	int printkeys;
 extern	int printname;
 extern	int flags;
 extern	int newaddr;
--- a/sbin/ifconfig/ifieee80211.c
+++ b/sbin/ifconfig/ifieee80211.c
@ -1224,7 +1224,7 @@ printkey(const struct ieee80211req_key *ik)
 	int keylen = ik->ik_keylen;
 	int printcontents;

-	printcontents =
+	printcontents = printkeys &&
 		(memcmp(ik->ik_keydata, zerodata, keylen) != 0 || verbose);
 	if (printcontents)
 		LINE_BREAK();