From d8d2b3a338a18e5f3f5ef82b7279b7c082633f94 Mon Sep 17 00:00:00 2001
From: Maximilian Bosch <maximilian@mbosch.me>
Date: Wed, 5 May 2021 15:53:43 +0200
Subject: [PATCH] Implement read-only mode for SSIDs from the additional config
 (-I)

On NixOS[1] - a Linux distribution which allows to configure a full OS
declaratively - it's possible to configure SSIDs for `wpa_supplicant`
like this:

    networking.wireless.networks = {
      myssid = {
        pskRaw = "<redacted>";
      };
    };

It's also possible to add networks "imperatively" using `wpa_gui` or
`wpa_cli`. However it's not possible to do both because if the first
option is used, NixOS creates a read-only symlink at
`/etc/wpa_supplicant.conf` and then it's not possible for
`wpa_supplicant` anymore to write to it.

This patch aims to help us changing this: while "declarative" SSID
configuration can be quite useful, it's a bad idea for e.g. sensitive
stuff like a WPA2 enterprise network.

The original idea was to use `-I`[2] for immutable configs (including
"declarative" networks) on NixOS and `-c /etc/wpa_supplicant.conf` for
anything "imperative".

However this doesn't really work out because if a wifi network from a
config file specified with `-I` is changed by e.g. `wpa_gui`, it's
silently overwritten in `/etc/wpa_supplicant.conf` (specified with
`-c`) which is IMHO unintuitive (in our case at least). This patch
basically declares each network defined in a config file passed via `-I`
to `wpa_supplicant` as "read-only" and doesn't write these "read-only"
networks to `/etc/wpa_supplicant.conf`.

A bit more context can be found on GitHub in the PR where I implemented
this[3].

[1] https://nixos.org/
[2] Added in e6304cad47251e88d073553042f1ea7805a858d1
[3] https://github.com/NixOS/nixpkgs/pull/113716

Signed-off-by: Maximilian Bosch <maximilian@mbosch.me>
---
 wpa_supplicant/config.h         |  4 +++-
 wpa_supplicant/config_file.c    |  7 +++++--
 wpa_supplicant/config_none.c    |  3 ++-
 wpa_supplicant/config_ssid.h    | 15 +++++++++++++++
 wpa_supplicant/config_winreg.c  |  3 ++-
 wpa_supplicant/eapol_test.c     |  2 +-
 wpa_supplicant/preauth_test.c   |  2 +-
 wpa_supplicant/wpa_supplicant.c |  8 ++++----
 8 files changed, 33 insertions(+), 11 deletions(-)

diff --git a/wpa_supplicant/config.h b/wpa_supplicant/config.h
index 33a609b9f..46b0d1c6f 100644
--- a/wpa_supplicant/config.h
+++ b/wpa_supplicant/config.h
@@ -1840,6 +1840,7 @@ const char * wpa_config_get_global_field_name(unsigned int i, int *no_var);
  * @name: Name of the configuration (e.g., path and file name for the
  * configuration file)
  * @cfgp: Pointer to previously allocated configuration data or %NULL if none
+ * @ro: Whether to mark networks from this configuration as read-only
  * Returns: Pointer to allocated configuration data or %NULL on failure
  *
  * This function reads configuration data, parses its contents, and allocates
@@ -1848,7 +1849,8 @@ const char * wpa_config_get_global_field_name(unsigned int i, int *no_var);
  *
  * Each configuration backend needs to implement this function.
  */
-struct wpa_config * wpa_config_read(const char *name, struct wpa_config *cfgp);
+struct wpa_config * wpa_config_read(const char *name, struct wpa_config *cfgp,
+				    bool ro);
 
 /**
  * wpa_config_write - Write or update configuration data
diff --git a/wpa_supplicant/config_file.c b/wpa_supplicant/config_file.c
index 0b34229a5..4d50f44a8 100644
--- a/wpa_supplicant/config_file.c
+++ b/wpa_supplicant/config_file.c
@@ -296,7 +296,8 @@ static int wpa_config_process_blob(struct wpa_config *config, FILE *f,
 #endif /* CONFIG_NO_CONFIG_BLOBS */
 
 
-struct wpa_config * wpa_config_read(const char *name, struct wpa_config *cfgp)
+struct wpa_config * wpa_config_read(const char *name, struct wpa_config *cfgp,
+				    bool ro)
 {
 	FILE *f;
 	char buf[512], *pos;
@@ -338,6 +339,7 @@ struct wpa_config * wpa_config_read(const char *name, struct wpa_config *cfgp)
 	while (wpa_config_get_line(buf, sizeof(buf), f, &line, &pos)) {
 		if (os_strcmp(pos, "network={") == 0) {
 			ssid = wpa_config_read_network(f, &line, id++);
+			ssid->ro = ro;
 			if (ssid == NULL) {
 				wpa_printf(MSG_ERROR, "Line %d: failed to "
 					   "parse network block.", line);
@@ -1653,7 +1655,8 @@ int wpa_config_write(const char *name, struct wpa_config *config)
 	}
 
 	for (ssid = config->ssid; ssid; ssid = ssid->next) {
-		if (ssid->key_mgmt == WPA_KEY_MGMT_WPS || ssid->temporary)
+		if (ssid->key_mgmt == WPA_KEY_MGMT_WPS || ssid->temporary ||
+		    ssid->ro)
 			continue; /* do not save temporary networks */
 		if (wpa_key_mgmt_wpa_psk_no_sae(ssid->key_mgmt) &&
 		    !ssid->psk_set && !ssid->passphrase)
diff --git a/wpa_supplicant/config_none.c b/wpa_supplicant/config_none.c
index 0bc977e39..01e7aad44 100644
--- a/wpa_supplicant/config_none.c
+++ b/wpa_supplicant/config_none.c
@@ -17,7 +17,8 @@
 #include "base64.h"
 
 
-struct wpa_config * wpa_config_read(const char *name, struct wpa_config *cfgp)
+struct wpa_config * wpa_config_read(const char *name, struct wpa_config *cfgp,
+				    bool ro)
 {
 	struct wpa_config *config;
 
diff --git a/wpa_supplicant/config_ssid.h b/wpa_supplicant/config_ssid.h
index 7bf208237..9c9f869a6 100644
--- a/wpa_supplicant/config_ssid.h
+++ b/wpa_supplicant/config_ssid.h
@@ -107,6 +107,21 @@ struct wpa_ssid {
 	 */
 	int id;
 
+	/**
+	 * ro - Whether a network is declared as read-only
+	 *
+	 * Every network which is defined in a config file that is passed to
+	 * wpa_supplicant using the -I option will be marked as read-only
+	 * using this flag. It has the effect that it won't be written to
+	 * /etc/wpa_supplicant.conf (from -c argument) if, e.g., wpa_gui tells
+	 * the daemon to save all changed configs.
+	 *
+	 * This is necessary because networks from /etc/wpa_supplicant.conf
+	 * have a higher priority and changes from an alternative file would be
+	 * silently overwritten without this.
+	 */
+	bool ro;
+
 	/**
 	 * priority - Priority group
 	 *
diff --git a/wpa_supplicant/config_winreg.c b/wpa_supplicant/config_winreg.c
index b27c6cf34..05e6e3794 100644
--- a/wpa_supplicant/config_winreg.c
+++ b/wpa_supplicant/config_winreg.c
@@ -446,7 +446,8 @@ static int wpa_config_read_networks(struct wpa_config *config, HKEY hk)
 }
 
 
-struct wpa_config * wpa_config_read(const char *name, struct wpa_config *cfgp)
+struct wpa_config * wpa_config_read(const char *name, struct wpa_config *cfgp,
+				    bool ro)
 {
 	TCHAR buf[256];
 	int errors = 0;
diff --git a/wpa_supplicant/eapol_test.c b/wpa_supplicant/eapol_test.c
index efec31c65..9641062fd 100644
--- a/wpa_supplicant/eapol_test.c
+++ b/wpa_supplicant/eapol_test.c
@@ -1472,7 +1472,7 @@ int main(int argc, char *argv[])
 	dl_list_init(&wpa_s.bss);
 	dl_list_init(&wpa_s.bss_id);
 	if (conf)
-		wpa_s.conf = wpa_config_read(conf, NULL);
+		wpa_s.conf = wpa_config_read(conf, NULL, false);
 	else
 		wpa_s.conf = wpa_config_alloc_empty(ctrl_iface, NULL);
 	if (wpa_s.conf == NULL) {
diff --git a/wpa_supplicant/preauth_test.c b/wpa_supplicant/preauth_test.c
index c7b6e2609..3aa667525 100644
--- a/wpa_supplicant/preauth_test.c
+++ b/wpa_supplicant/preauth_test.c
@@ -318,7 +318,7 @@ int main(int argc, char *argv[])
 	}
 
 	os_memset(&wpa_s, 0, sizeof(wpa_s));
-	wpa_s.conf = wpa_config_read(argv[1], NULL);
+	wpa_s.conf = wpa_config_read(argv[1], NULL, false);
 	if (wpa_s.conf == NULL) {
 		printf("Failed to parse configuration file '%s'.\n", argv[1]);
 		return -1;
diff --git a/wpa_supplicant/wpa_supplicant.c b/wpa_supplicant/wpa_supplicant.c
index e29fcc2c3..a09c4e120 100644
--- a/wpa_supplicant/wpa_supplicant.c
+++ b/wpa_supplicant/wpa_supplicant.c
@@ -1157,14 +1157,14 @@ int wpa_supplicant_reload_configuration(struct wpa_supplicant *wpa_s)
 
 	if (wpa_s->confname == NULL)
 		return -1;
-	conf = wpa_config_read(wpa_s->confname, NULL);
+	conf = wpa_config_read(wpa_s->confname, NULL, false);
 	if (conf == NULL) {
 		wpa_msg(wpa_s, MSG_ERROR, "Failed to parse the configuration "
 			"file '%s' - exiting", wpa_s->confname);
 		return -1;
 	}
 	if (wpa_s->confanother &&
-	    !wpa_config_read(wpa_s->confanother, conf)) {
+	    !wpa_config_read(wpa_s->confanother, conf, true)) {
 		wpa_msg(wpa_s, MSG_ERROR,
 			"Failed to parse the configuration file '%s' - exiting",
 			wpa_s->confanother);
@@ -6783,7 +6783,7 @@ static int wpa_supplicant_init_iface(struct wpa_supplicant *wpa_s,
 #else /* CONFIG_BACKEND_FILE */
 		wpa_s->confname = os_strdup(iface->confname);
 #endif /* CONFIG_BACKEND_FILE */
-		wpa_s->conf = wpa_config_read(wpa_s->confname, NULL);
+		wpa_s->conf = wpa_config_read(wpa_s->confname, NULL, false);
 		if (wpa_s->conf == NULL) {
 			wpa_printf(MSG_ERROR, "Failed to read or parse "
 				   "configuration '%s'.", wpa_s->confname);
@@ -6791,7 +6791,7 @@ static int wpa_supplicant_init_iface(struct wpa_supplicant *wpa_s,
 		}
 		wpa_s->confanother = os_rel2abs_path(iface->confanother);
 		if (wpa_s->confanother &&
-		    !wpa_config_read(wpa_s->confanother, wpa_s->conf)) {
+		    !wpa_config_read(wpa_s->confanother, wpa_s->conf, true)) {
 			wpa_printf(MSG_ERROR,
 				   "Failed to read or parse configuration '%s'.",
 				   wpa_s->confanother);