broken generation of wpa config for hashed passwords
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Netplan |
Fix Released
|
Medium
|
Unassigned | ||
netplan.io (Ubuntu) |
Fix Released
|
Medium
|
Unassigned | ||
Bionic |
Fix Released
|
Undecided
|
Unassigned | ||
Disco |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
[Impact]
netplan users configuring a wireless connection; who would like to use password hashes for the password (ie. they might not know the real password, etc.)
[Test case]
Write configuration for netplan wireless interface:
network:
version: 2
wifis:
wlan0:
access-
password: hash:83d…0b11
Verify that the wireless network can be succesfully connected to.
[Regression Potential]
This has a minimal risk of regression. Passwords do not typically include "hash:" as first characters, and if so may be escaped via quoting. This does not otherwise affect any other feature of netplan, and is limited to allowing users to use the commonly accepted format of hashed passwords to pass to the renderer, for connecting to wifi.
---
Have a look at the netplan.io config file at https:/
This will generate a wpa config file at /run/netplan/
password=
However, this is not correct. It should not have the quotes and should look like
password=
The quotes cause the wpa_suppicant to not detect this is a hashed password and instead think it is a normal password that starts with hash:
This is an important bug because at Cisco we can not store our passwords unhashed on disk and our production network requires 802.1x auth. I think this is simple to fix and I'm glad to send a PR or any other information that helps fix it.
Thank you for looking at this, Cullen
tags: | added: id-5d14ed4981f5ba74a04b0aa9 |
summary: |
- broken genration of wpa config for hashed passwords + broken generation of wpa config for hashed passwords |
Changed in netplan: | |
status: | Triaged → Fix Released |
Changed in netplan.io (Ubuntu): | |
status: | Triaged → In Progress |
description: | updated |
Changed in netplan.io (Ubuntu Disco): | |
status: | New → Fix Committed |
Sound simple and straightforward. I was not aware that such shorthand was possible (in fact, it doesn't seem to be documented in the manpage?)
Marking Triaged / Medium; this should really be quite the simple fix to special-case when the password starts with "hash:".