Merge ifconfig.8:1.98, ifconfig.c:1.115, ifconfig.h:1.17,

ifieee80211.c:1.19 from HEAD to RELENG_6:

  Add a new flag '-k' to ifconfig(8), indicating that it is alright to
  print potentially sensitive keying material to stdout.  With the new
  802.11 support, ifconfig(8) is now capable of printing 802.11 keys,
  and did by default for the root user, which is undesirable in some
  environments.  Now it will not print keying material unless requested
  (and available to the user).

Approved by:	re (kensmith)

sbin/ifconfig/ifconfig.8

@@ -37,6 +37,7 @@
 .Sh SYNOPSIS
 .Nm
 .Op Fl L
+.Op Fl k
 .Op Fl m
 .Ar interface
 .Op Cm create
@@ -65,6 +66,7 @@
 .Nm
 .Op Fl L
 .Op Fl d
+.Op Fl k
 .Op Fl m
 .Op Fl u
 .Op Fl v
@@ -1071,6 +1073,15 @@ flag may be used to list all of the interface cloners available on
 the system, with no additional information.
 Use of this flag is mutually exclusive with all other flags and commands.
 .Pp
+The
+.Fl k
+flag causes keying information for the interface, if available, to be
+printed.
+For example, the values of 802.11 WEP keys will be printed, if accessible to
+the current user.
+This information is not printed by default, as it may be considered
+sensitive.
+.Pp
 Only the super-user may modify the configuration of a network interface.
 .Sh NOTES
 The media selection system is relatively new and only some drivers support

sbin/ifconfig/ifconfig.c

@@ -91,6 +91,7 @@ int	newaddr = 1;
 int	verbose;
 
 int	supmedia = 0;
+int	printkeys = 0;		/* Print keying material for interfaces. */
 int	printname = 0;		/* Print the name of the created interface. */
 
 static	int ifconfig(int argc, char *const *argv, const struct afswtch *afp);
@@ -156,7 +157,7 @@ main(int argc, char *argv[])
 	all = downonly = uponly = namesonly = verbose = 0;
 
 	/* Parse leading line options */
-	strlcpy(options, "adlmuv", sizeof(options));
+	strlcpy(options, "adklmuv", sizeof(options));
 	for (p = opts; p != NULL; p = p->next)
 		strlcat(options, p->opt, sizeof(options));
 	while ((c = getopt(argc, argv, options)) != -1) {
@@ -167,6 +168,9 @@ main(int argc, char *argv[])
 		case 'd':	/* restrict scan to "down" interfaces */
 			downonly++;
 			break;
+		case 'k':
+			printkeys++;
+			break;
 		case 'l':	/* scan interface names only */
 			namesonly++;
 			break;

sbin/ifconfig/ifconfig.h

@@ -126,6 +126,7 @@ extern	struct ifreq ifr;
 extern	char name[IFNAMSIZ];	/* name of interface */
 extern	int allmedia;
 extern	int supmedia;
+extern	int printkeys;
 extern	int printname;
 extern	int flags;
 extern	int newaddr;

sbin/ifconfig/ifieee80211.c

@@ -1224,7 +1224,7 @@ printkey(const struct ieee80211req_key *ik)
 	int keylen = ik->ik_keylen;
 	int printcontents;
 
-	printcontents =
+	printcontents = printkeys &&
 		(memcmp(ik->ik_keydata, zerodata, keylen) != 0 || verbose);
 	if (printcontents)
 		LINE_BREAK();