pyrox.dev / nixpkgs
lol
fork atom

Merge pull request #305689 from rnhmjoj/pr-fix-wpa-secrets

nixos/wireless: correctly handle secrets containing &

authored by Michele Guerini Rocco and committed by GitHub 8b93a430 23fc571c

+10 -3
unified split
+6 -2
nixos/modules/services/networking/wpa_supplicant.nix
··· 132 132 # substitute environment variables 133 133 if [ -f "${configFile}" ]; then 134 134 ${pkgs.gawk}/bin/awk '{ 135 - for(varname in ENVIRON) 136 - gsub("@"varname"@", ENVIRON[varname]) 135 + for(varname in ENVIRON) { 136 + find = "@"varname"@" 137 + repl = ENVIRON[varname] 138 + if (i = index($0, find)) 139 + $0 = substr($0, 1, i-1) repl substr($0, i+length(find)) 140 + } 137 141 print 138 142 }' "${configFile}" > "${finalConfig}" 139 143 else
+4 -1
nixos/tests/wpa_supplicant.nix
··· 102 102 test2.psk = "@PSK_SPECIAL@"; # should be replaced 103 103 test3.psk = "@PSK_MISSING@"; # should not be replaced 104 104 test4.psk = "P@ssowrdWithSome@tSymbol"; # should not be replaced 105 + test5.psk = "@PSK_AWK_REGEX@"; # should be replaced 105 106 }; 106 107 107 108 # secrets 108 109 environmentFile = pkgs.writeText "wpa-secrets" '' 109 110 PSK_VALID="S0m3BadP4ssw0rd"; 110 111 # taken from https://github.com/minimaxir/big-list-of-naughty-strings 111 - PSK_SPECIAL=",./;'[]\-= <>?:\"{}|_+ !@#$%^\&*()`~"; 112 + PSK_SPECIAL=",./;'[]\/\-= <>?:\"{}|_+ !@#$%^&*()`~"; 113 + PSK_AWK_REGEX="PassowrdWith&symbol"; 112 114 ''; 113 115 }; 114 116 }; ··· 186 188 basic.fail(f"grep -q @PSK_SPECIAL@ {config_file}") 187 189 basic.succeed(f"grep -q @PSK_MISSING@ {config_file}") 188 190 basic.succeed(f"grep -q P@ssowrdWithSome@tSymbol {config_file}") 191 + basic.succeed(f"grep -q 'PassowrdWith&symbol' {config_file}") 189 192 190 193 with subtest("WPA2 fallbacks have been generated"): 191 194 assert int(basic.succeed(f"grep -c sae-only {config_file}")) == 1