Introduces two new configuration keywords:
- PACFile: PAC (Protected Access Credentials) file for EAP-FAST
- FASTProv: Configure different EAP-FAST provisioning modes, possible values
are:
0 = provisioning disabled
1 = anonymous provisioning only
2 = authenticated provisioning only
3 = both provisioning modes allowed
---
doc/config-format.txt | 24 +++++++++++++++++---
gsupplicant/gsupplicant.h | 2 +
gsupplicant/supplicant.c | 52 +++++++++++++++++++++++++++++++++++++++++++++
plugins/wifi.c | 2 +
src/config.c | 29 +++++++++++++++++++++++++
src/network.c | 14 ++++++++++++
src/service.c | 18 +++++++++++++++
7 files changed, 137 insertions(+), 4 deletions(-)
diff --git a/doc/config-format.txt b/doc/config-format.txt
index f3c8f01..c1d4131 100644
--- a/doc/config-format.txt
+++ b/doc/config-format.txt
@@ -29,7 +29,7 @@ to store the different services into an hash table.
Allowed fields:
- Type: Service type. We currently only support wifi.
- SSID: An hexadecimal or a string representation of a 802.11 SSID.
-- EAP: EAP type. We currently only support tls, ttls or peap.
+- EAP: EAP type. We currently only support tls, ttls, peap or fast.
- CACertFile: File path to CA certificate file (PEM/DER).
- ClientCertFile: File path to client certificate file (PEM/DER).
- PrivateKeyFile: File path to client private key file (PEM/DER/PFX).
@@ -43,13 +43,20 @@ to fsid.
Prefix the value with "EAP-" to indicate the usage of an EAP-based inner
authentication method (should only be used with EAP = TTLS).
- Passphrase: RSN/WPA/WPA2 Passphrase
+- PACFile: PAC (Protected Access Credentials) file for EAP-FAST
+- FASTProv: Configure different EAP-FAST provisioning modes, possible values
+are:
+0 = provisioning disabled
+1 = anonymous provisioning only
+2 = authenticated provisioning only
+3 = both provisioning modes allowed
Example
=======
-This is a configuration file for a network providing EAP-TLS, EAP-TTLS and
-EAP-PEAP services.
+This is a configuration file for a network providing EAP-TLS, EAP-TTLS,
EAP-PEAP
+and EAP-FAST services.
The respective SSIDs are tls_ssid, ttls_ssid and peap_ssid and the file name
is example.config.
Please note that the SSID entry is for hexadecimal encoded SSID (e.g. "SSID =
@@ -76,7 +83,7 @@ Identity = user
Type = wifi
Name = ttls_ssid
EAP = ttls
-CACertFile = /home/user/.cert/ca.pem
+ CACertFile = /home/user/.cert/ca.pem
Phase2 = MSCHAPV2
Identity = user
@@ -87,3 +94,12 @@ EAP = peap
CACertFile = /home/user/.cert/ca.pem
Phase2 = MSCHAPV2
Identity = user
+
+[service_fast]
+Type = wifi
+Name = fast_ssid
+EAP = fast
+PACFile = /etc/wpa_supplicant.eap-fast-pac
+Identity = user
+Passphrase = password
+Phase2 = MSCHAPV2
diff --git a/gsupplicant/gsupplicant.h b/gsupplicant/gsupplicant.h
index 1da9661..ccf8151 100644
--- a/gsupplicant/gsupplicant.h
+++ b/gsupplicant/gsupplicant.h
@@ -110,6 +110,8 @@ struct _GSupplicantSSID {
const char *private_key_path;
const char *private_key_passphrase;
const char *phase2_auth;
+ const char *pac_file;
+ const char *fast_prov;
};
typedef struct _GSupplicantSSID GSupplicantSSID;
diff --git a/gsupplicant/supplicant.c b/gsupplicant/supplicant.c
index 827664b..2b66bcb 100644
--- a/gsupplicant/supplicant.c
+++ b/gsupplicant/supplicant.c
@@ -2361,6 +2361,56 @@ static void add_network_security_peap(DBusMessageIter
*dict,
g_free(phase2_auth);
}
+static void add_network_security_fast(DBusMessageIter *dict,
+ GSupplicantSSID *ssid)
+{
+ char *phase2_auth, *fast_prov = NULL;
+
+ /*
+ * For FAST, we need:
+ * The PAC file
+ * The 2nd phase authentication method
+ * The 2nd phase passphrase
+ *
+ * Provisioning mode for the 1st phase is optional.
+ */
+
+ if (ssid->passphrase == NULL)
+ return;
+
+ if (ssid->phase2_auth == NULL)
+ return;
+
+ if (ssid->pac_file == NULL)
+ return;
+
+ phase2_auth = g_strdup_printf("auth=%s", ssid->phase2_auth);
+
+ if (ssid->fast_prov != NULL)
+ fast_prov = g_strdup_printf("fast_provisioning=%s",
+ ssid->fast_prov);
+
+ supplicant_dbus_dict_append_basic(dict, "password",
+ DBUS_TYPE_STRING,
+ &ssid->passphrase);
+
+ supplicant_dbus_dict_append_basic(dict, "phase2",
+ DBUS_TYPE_STRING,
+ &phase2_auth);
+
+ supplicant_dbus_dict_append_basic(dict, "pac_file",
+ DBUS_TYPE_STRING,
+ &ssid->pac_file);
+
+ if (fast_prov != NULL)
+ supplicant_dbus_dict_append_basic(dict, "phase1",
+ DBUS_TYPE_STRING,
+ &fast_prov);
+
+ g_free(phase2_auth);
+ g_free(fast_prov);
+}
+
static void add_network_security_eap(DBusMessageIter *dict,
GSupplicantSSID *ssid)
{
@@ -2374,6 +2424,8 @@ static void add_network_security_eap(DBusMessageIter
*dict,
} else if (g_strcmp0(ssid->eap, "peap") == 0 ||
g_strcmp0(ssid->eap, "ttls") == 0) {
add_network_security_peap(dict, ssid);
+ } else if (g_strcmp0(ssid->eap, "fast") == 0) {
+ add_network_security_fast(dict, ssid);
} else
return;
diff --git a/plugins/wifi.c b/plugins/wifi.c
index 62d9216..ad7bee6 100644
--- a/plugins/wifi.c
+++ b/plugins/wifi.c
@@ -637,6 +637,8 @@ static void ssid_init(GSupplicantSSID *ssid, struct
connman_network *network)
ssid->private_key_passphrase = connman_network_get_string(network,
"WiFi.PrivateKeyPassphrase");
ssid->phase2_auth = connman_network_get_string(network, "WiFi.Phase2");
+ ssid->pac_file = connman_network_get_string(network, "WiFi.PACFile");
+ ssid->fast_prov = connman_network_get_string(network, "WiFi.FASTProv");
}
diff --git a/src/config.c b/src/config.c
index 9dd0911..9b985d1 100644
--- a/src/config.c
+++ b/src/config.c
@@ -47,6 +47,8 @@ struct connman_config_service {
char *private_key_passphrase_type;
char *phase2;
char *passphrase;
+ char *pac_file;
+ char *fast_prov;
};
struct connman_config {
@@ -79,6 +81,8 @@ static uint inotify_watch = 0;
#define SERVICE_KEY_IDENTITY "Identity"
#define SERVICE_KEY_PHASE2 "Phase2"
#define SERVICE_KEY_PASSPHRASE "Passphrase"
+#define SERVICE_KEY_PAC "PACFile"
+#define SERVICE_KEY_FAST_PROV "FASTProv"
static const char *config_possible_keys[] = {
CONFIG_KEY_NAME,
@@ -99,6 +103,8 @@ static const char *service_possible_keys[] = {
SERVICE_KEY_IDENTITY,
SERVICE_KEY_PHASE2,
SERVICE_KEY_PASSPHRASE,
+ SERVICE_KEY_PAC,
+ SERVICE_KEY_FAST_PROV,
NULL,
};
@@ -135,6 +141,8 @@ static void unregister_service(gpointer data)
g_free(service->private_key_passphrase_type);
g_free(service->phase2);
g_free(service->passphrase);
+ g_free(service->pac_file);
+ g_free(service->fast_prov);
g_free(service);
}
@@ -297,6 +305,19 @@ static int load_service(GKeyFile *keyfile, const char
*group,
service->passphrase = str;
}
+ str = g_key_file_get_string(keyfile, group, SERVICE_KEY_PAC, NULL);
+ if (str != NULL) {
+ g_free(service->pac_file);
+ service->pac_file = str;
+ }
+
+ str = g_key_file_get_string(keyfile, group, SERVICE_KEY_FAST_PROV,
+ NULL);
+ if (str != NULL) {
+ g_free(service->fast_prov);
+ service->fast_prov = str;
+ }
+
g_hash_table_replace(config->service_table, service->ident, service);
connman_info("Adding service configuration %s", service->ident);
@@ -680,6 +701,14 @@ static void provision_service(gpointer key, gpointer
value, gpointer user_data)
if (config->passphrase != NULL)
__connman_service_set_string(service, "Passphrase",
config->passphrase);
+
+ if (config->pac_file != NULL)
+ __connman_service_set_string(service, "PACFile",
+ config->pac_file);
+
+ if (config->fast_prov != NULL)
+ __connman_service_set_string(service, "FASTProv",
+ config->fast_prov);
}
int __connman_config_provision_service(struct connman_service *service)
diff --git a/src/network.c b/src/network.c
index 3130f7c..4317d12 100644
--- a/src/network.c
+++ b/src/network.c
@@ -67,6 +67,8 @@ struct connman_network {
char *private_key_path;
char *private_key_passphrase;
char *phase2_auth;
+ char *pac_file;
+ char *fast_prov;
} wifi;
};
@@ -168,6 +170,8 @@ static void network_destruct(struct connman_element
*element)
g_free(network->wifi.private_key_path);
g_free(network->wifi.private_key_passphrase);
g_free(network->wifi.phase2_auth);
+ g_free(network->wifi.pac_file);
+ g_free(network->wifi.fast_prov);
g_free(network->group);
g_free(network->node);
@@ -1236,6 +1240,12 @@ int connman_network_set_string(struct connman_network
*network,
} else if (g_str_equal(key, "WiFi.Phase2") == TRUE) {
g_free(network->wifi.phase2_auth);
network->wifi.phase2_auth = g_strdup(value);
+ } else if (g_str_equal(key, "WiFi.PACFile") == TRUE) {
+ g_free(network->wifi.pac_file);
+ network->wifi.pac_file = g_strdup(value);
+ } else if (g_str_equal(key, "WiFi.FASTProv") == TRUE) {
+ g_free(network->wifi.fast_prov);
+ network->wifi.fast_prov = g_strdup(value);
}
err = connman_element_set_string(&network->element, key, value);
@@ -1289,6 +1299,10 @@ const char *connman_network_get_string(struct
connman_network *network,
return network->wifi.private_key_passphrase;
else if (g_str_equal(key, "WiFi.Phase2") == TRUE)
return network->wifi.phase2_auth;
+ else if (g_str_equal(key, "WiFi.PACFile") == TRUE)
+ return network->wifi.pac_file;
+ else if (g_str_equal(key, "WiFi.FASTProv") == TRUE)
+ return network->wifi.fast_prov;
return connman_element_get_string(&network->element, key);
}
diff --git a/src/service.c b/src/service.c
index 0002609..bf41365 100644
--- a/src/service.c
+++ b/src/service.c
@@ -95,6 +95,8 @@ struct connman_service {
char *private_key_file;
char *private_key_passphrase;
char *phase2;
+ char *pac_file;
+ char *fast_prov;
DBusMessage *pending;
guint timeout;
struct connman_location *location;
@@ -2641,6 +2643,8 @@ static void service_free(gpointer user_data)
g_free(service->private_key_file);
g_free(service->private_key_passphrase);
g_free(service->phase2);
+ g_free(service->pac_file);
+ g_free(service->fast_prov);
if (service->stats.timer != NULL)
g_timer_destroy(service->stats.timer);
@@ -2999,6 +3003,12 @@ void __connman_service_set_string(struct connman_service
*service,
} else if (g_str_equal(key, "Passphrase") == TRUE) {
g_free(service->passphrase);
service->passphrase = g_strdup(value);
+ } else if (g_str_equal(key, "PACFile") == TRUE) {
+ g_free(service->pac_file);
+ service->pac_file = g_strdup(value);
+ } else if (g_str_equal(key, "FASTProv") == TRUE) {
+ g_free(service->fast_prov);
+ service->fast_prov = g_strdup(value);
}
}
@@ -3268,6 +3278,14 @@ static void prepare_8021x(struct connman_service
*service)
if (service->phase2 != NULL)
connman_network_set_string(service->network, "WiFi.Phase2",
service->phase2);
+
+ if (service->pac_file != NULL)
+ connman_network_set_string(service->network, "WiFi.PACFile",
+ service->pac_file);
+
+ if (service->fast_prov != NULL)
+ connman_network_set_string(service->network, "WiFi.FASTProv",
+ service->fast_prov);
}
int __connman_service_connect(struct connman_service *service)
--
1.7.0.4
_______________________________________________
connman mailing list
[email protected]
http://lists.connman.net/listinfo/connman
