On 2013/01/27 17:33, Stuart Henderson wrote: > I will merge this with my port diff to update to 2.0 and send out a diff soon.
I haven't tested WPA enterprise, but I have tested wired authentication with this version (TP-Link switch / MD5 / freeradius). I made a start at enabling the privilege separation code, but haven't finished that yet, so the diff is in place but it's still disabled for now. This diff also enables smartcard support via pcsc-lite - this could be made a flavour instead if people prefer to avoid it pulling in an LGPL dependency (libusb1) but have kept it simple for now. Index: Makefile =================================================================== RCS file: /cvs/ports/security/wpa_supplicant/Makefile,v retrieving revision 1.5 diff -u -p -r1.5 Makefile --- Makefile 19 Jan 2012 16:14:11 -0000 1.5 +++ Makefile 27 Jan 2013 18:13:11 -0000 @@ -2,7 +2,7 @@ COMMENT= IEEE 802.1X supplicant -DISTNAME= wpa_supplicant-0.7.3 +DISTNAME= wpa_supplicant-2.0 CATEGORIES= security net HOMEPAGE= http://hostap.epitest.fi/wpa_supplicant/ @@ -15,7 +15,9 @@ PERMIT_PACKAGE_FTP= Yes PERMIT_DISTFILES_CDROM= Yes PERMIT_DISTFILES_FTP= Yes -WANTLIB += c ssl crypto pcap +WANTLIB += c ssl crypto pcap pcsclite pthread + +LIB_DEPENDS= security/pcsc-lite MASTER_SITES= http://hostap.epitest.fi/releases/ @@ -26,15 +28,14 @@ MAKE_FLAGS= V=1 WRKSRC= ${WRKDIST}/wpa_supplicant -MAN5= wpa_supplicant.conf.5 -MAN8= wpa_background.8 wpa_cli.8 wpa_passphrase.8 wpa_supplicant.8 - EXAMPLEDIR= ${PREFIX}/share/examples/wpa_supplicant post-extract: - cp ${FILESDIR}/config ${WRKSRC}/.config + @${SUBST_CMD} -c ${FILESDIR}/config ${WRKSRC}/.config + @cp ${FILESDIR}/driver_openbsd.c ${WRKSRC}/../src/drivers/ post-install: + @#${INSTALL_PROGRAM} ${WRKBUILD}/wpa_priv ${PREFIX}/sbin ${INSTALL_MAN} ${WRKBUILD}/doc/docbook/*.5 ${PREFIX}/man/man5/ ${INSTALL_MAN} ${WRKBUILD}/doc/docbook/*.8 ${PREFIX}/man/man8/ ${INSTALL_DATA_DIR} ${EXAMPLEDIR} Index: distinfo =================================================================== RCS file: /cvs/ports/security/wpa_supplicant/distinfo,v retrieving revision 1.2 diff -u -p -r1.2 distinfo --- distinfo 19 Jan 2012 16:14:11 -0000 1.2 +++ distinfo 27 Jan 2013 18:13:11 -0000 @@ -1,5 +1,2 @@ -MD5 (wpa_supplicant-0.7.3.tar.gz) = 9RbxkThKmlRuP1FFwIrd2g== -RMD160 (wpa_supplicant-0.7.3.tar.gz) = 4i8EQNZMlD5LCIbu+jQY516gG2A= -SHA1 (wpa_supplicant-0.7.3.tar.gz) = ylHbiTH6vzhjUsh0IvPmL7RMP+M= -SHA256 (wpa_supplicant-0.7.3.tar.gz) = 0M1QyqhTRszDdtzaXtPCWO7xmpOzyt450ldgEYrVlEM= -SIZE (wpa_supplicant-0.7.3.tar.gz) = 1638224 +SHA256 (wpa_supplicant-2.0.tar.gz) = LBFWCfu1Ij1ROBCEpclERVqK/NqB1YQXP/VbojM3ngk= +SIZE (wpa_supplicant-2.0.tar.gz) = 2044281 Index: files/config =================================================================== RCS file: /cvs/ports/security/wpa_supplicant/files/config,v retrieving revision 1.1 diff -u -p -r1.1 config --- files/config 19 Jan 2012 16:14:11 -0000 1.1 +++ files/config 27 Jan 2013 18:13:11 -0000 @@ -1,19 +1,36 @@ +# $OpenBSD$ +# see defconfig and README for notes + +CFLAGS += -I${LOCALBASE}/include/PCSC +LIBS += -L${LOCALBASE}/lib + +CONFIG_BACKEND=file CONFIG_CTRL_IFACE=y CONFIG_DRIVER_WIRED=y +CONFIG_DRIVER_OPENBSD=y CONFIG_IEEE8021X_EAPOL=y +CONFIG_PEERKEY=y + CONFIG_EAP_MD5=y CONFIG_EAP_MSCHAPV2=y CONFIG_EAP_TLS=y CONFIG_EAP_PEAP=y CONFIG_EAP_TTLS=y +CONFIG_EAP_FAST=y CONFIG_EAP_GTC=y CONFIG_EAP_OTP=y -CONFIG_EAP_AKA=y CONFIG_EAP_PSK=y CONFIG_EAP_SAKE=y CONFIG_EAP_GPSK=y CONFIG_EAP_PAX=y CONFIG_EAP_LEAP=y +CONFIG_EAP_IKEV2=y + +CONFIG_EAP_AKA=y CONFIG_EAP_SIM=y -#CONFIG_EAP_FAST=n -CONFIG_L2_PACKET=freebsd +CONFIG_PCSC=y +CONFIG_SMARTCARD=y + +# privilege separation, see README. +# WIP: not yet tested. +# CONFIG_PRIVSEP=y Index: files/driver_openbsd.c =================================================================== RCS file: files/driver_openbsd.c diff -N files/driver_openbsd.c --- /dev/null 1 Jan 1970 00:00:00 -0000 +++ files/driver_openbsd.c 27 Jan 2013 18:13:11 -0000 @@ -0,0 +1,136 @@ +/* + * Driver interaction with OpenBSD net80211 layer + * Copyright (c) 2013, Mark Kettenis + * + * This software may be distributed under the terms of the BSD license. + * See README for more details. + */ + +#include "includes.h" +#include <sys/ioctl.h> + +#include <net/if.h> +#include <net80211/ieee80211.h> +#include <net80211/ieee80211_crypto.h> +#include <net80211/ieee80211_ioctl.h> + +#include "common.h" +#include "driver.h" + +struct openbsd_driver_data { + char ifname[IFNAMSIZ + 1]; + void *ctx; + + int sock; /* open socket for 802.11 ioctls */ +}; + + +static int +wpa_driver_openbsd_get_ssid(void *priv, u8 *ssid) +{ + struct openbsd_driver_data *drv = priv; + struct ieee80211_nwid nwid; + struct ifreq ifr; + + os_memset(&ifr, 0, sizeof(ifr)); + os_strlcpy(ifr.ifr_name, drv->ifname, sizeof(ifr.ifr_name)); + ifr.ifr_data = (void *)&nwid; + if (ioctl(drv->sock, SIOCG80211NWID, &ifr) < 0 || + nwid.i_len > IEEE80211_NWID_LEN) + return -1; + + os_memcpy(ssid, nwid.i_nwid, nwid.i_len); + return nwid.i_len; +} + +static int +wpa_driver_openbsd_get_bssid(void *priv, u8 *bssid) +{ + struct openbsd_driver_data *drv = priv; + struct ieee80211_bssid id; + + os_strlcpy(id.i_name, drv->ifname, sizeof(id.i_name)); + if (ioctl(drv->sock, SIOCG80211BSSID, &id) < 0) + return -1; + + os_memcpy(bssid, id.i_bssid, IEEE80211_ADDR_LEN); + return 0; +} + + +static int +wpa_driver_openbsd_get_capa(void *priv, struct wpa_driver_capa *capa) +{ + os_memset(capa, 0, sizeof(*capa)); + capa->flags = WPA_DRIVER_FLAGS_4WAY_HANDSHAKE; + return 0; +} + + +static int +wpa_driver_openbsd_set_key(const char *ifname, void *priv, enum wpa_alg alg, + const unsigned char *addr, int key_idx, int set_tx, const u8 *seq, + size_t seq_len, const u8 *key, size_t key_len) +{ + struct openbsd_driver_data *drv = priv; + struct ieee80211_keyavail keyavail; + + if (alg != WPA_ALG_PMK || key_len > IEEE80211_PMK_LEN) + return -1; + + memset(&keyavail, 0, sizeof(keyavail)); + os_strlcpy(keyavail.i_name, drv->ifname, sizeof(keyavail.i_name)); + if (wpa_driver_openbsd_get_bssid(priv, keyavail.i_macaddr) < 0) + return -1; + memcpy(keyavail.i_key, key, key_len); + + if (ioctl(drv->sock, SIOCS80211KEYAVAIL, &keyavail) < 0) + return -1; + + return 0; +} + +static void * +wpa_driver_openbsd_init(void *ctx, const char *ifname) +{ + struct openbsd_driver_data *drv; + + drv = os_zalloc(sizeof(*drv)); + if (drv == NULL) + return NULL; + + drv->sock = socket(PF_INET, SOCK_DGRAM, 0); + if (drv->sock < 0) + goto fail; + + drv->ctx = ctx; + os_strlcpy(drv->ifname, ifname, sizeof(drv->ifname)); + + return drv; + +fail: + os_free(drv); + return NULL; +} + + +static void +wpa_driver_openbsd_deinit(void *priv) +{ + struct openbsd_driver_data *drv = priv; + + close(drv->sock); + os_free(drv); +} + + +const struct wpa_driver_ops wpa_driver_openbsd_ops = { + .name = "openbsd", + .desc = "OpenBSD 802.11 support", + .get_ssid = wpa_driver_openbsd_get_ssid, + .get_bssid = wpa_driver_openbsd_get_bssid, + .get_capa = wpa_driver_openbsd_get_capa, + .set_key = wpa_driver_openbsd_set_key, + .init = wpa_driver_openbsd_init, + .deinit = wpa_driver_openbsd_deinit, +}; Index: files/wpa_supplicant.conf =================================================================== RCS file: /cvs/ports/security/wpa_supplicant/files/wpa_supplicant.conf,v retrieving revision 1.1 diff -u -p -r1.1 wpa_supplicant.conf --- files/wpa_supplicant.conf 1 Jul 2007 19:50:57 -0000 1.1 +++ files/wpa_supplicant.conf 27 Jan 2013 18:13:11 -0000 @@ -6,10 +6,22 @@ ctrl_interface=/var/run/wpa_supplicant ctrl_interface_group=wheel ap_scan=0 -network={ - key_mgmt=IEEE8021X - eap=MD5 - identity="user" - password="password" - eapol_flags=0 -} +# wired network: + +#network={ +# key_mgmt=IEEE8021X +# eap=MD5 +# identity="user" +# password="password" +# eapol_flags=0 +#} + +# wireless network: + +#network={ +# ssid="humppa" +# key_mgmt=WPA-EAP +# eap=TTLS PEAP +# identity="user" +# password="password" +#} Index: patches/patch-os_internal_c =================================================================== RCS file: /cvs/ports/security/wpa_supplicant/patches/patch-os_internal_c,v retrieving revision 1.3 diff -u -p -r1.3 patch-os_internal_c --- patches/patch-os_internal_c 19 Jan 2012 16:14:11 -0000 1.3 +++ patches/patch-os_internal_c 27 Jan 2013 18:13:11 -0000 @@ -1,7 +1,7 @@ $OpenBSD: patch-os_internal_c,v 1.3 2012/01/19 16:14:11 sthen Exp $ ---- src/utils/os_internal.c.orig Tue May 29 03:08:48 2007 -+++ src/utils/os_internal.c Sat Jan 14 12:52:53 2012 -@@ -178,7 +178,7 @@ int os_setenv(const char *name, const char *value, int +--- src/utils/os_internal.c.orig Sat Jan 12 15:42:53 2013 ++++ src/utils/os_internal.c Fri Jan 25 20:18:22 2013 +@@ -190,7 +190,7 @@ int os_setenv(const char *name, const char *value, int int os_unsetenv(const char *name) { Index: patches/patch-src_drivers_drivers_c =================================================================== RCS file: patches/patch-src_drivers_drivers_c diff -N patches/patch-src_drivers_drivers_c --- /dev/null 1 Jan 1970 00:00:00 -0000 +++ patches/patch-src_drivers_drivers_c 27 Jan 2013 18:13:11 -0000 @@ -0,0 +1,23 @@ +$OpenBSD$ +--- src/drivers/drivers.c.orig Sun Jan 27 18:04:16 2013 ++++ src/drivers/drivers.c Sun Jan 27 18:05:04 2013 +@@ -24,6 +24,9 @@ extern struct wpa_driver_ops wpa_driver_madwifi_ops; / + #ifdef CONFIG_DRIVER_BSD + extern struct wpa_driver_ops wpa_driver_bsd_ops; /* driver_bsd.c */ + #endif /* CONFIG_DRIVER_BSD */ ++#ifdef CONFIG_DRIVER_OPENBSD ++extern struct wpa_driver_ops wpa_driver_openbsd_ops; /* driver_openbsd.c */ ++#endif /* CONFIG_DRIVER_OPENBSD */ + #ifdef CONFIG_DRIVER_NDIS + extern struct wpa_driver_ops wpa_driver_ndis_ops; /* driver_ndis.c */ + #endif /* CONFIG_DRIVER_NDIS */ +@@ -62,6 +65,9 @@ struct wpa_driver_ops *wpa_drivers[] = + #ifdef CONFIG_DRIVER_BSD + &wpa_driver_bsd_ops, + #endif /* CONFIG_DRIVER_BSD */ ++#ifdef CONFIG_DRIVER_OPENBSD ++ &wpa_driver_openbsd_ops, ++#endif /* CONFIG_DRIVER_OPENBSD */ + #ifdef CONFIG_DRIVER_NDIS + &wpa_driver_ndis_ops, + #endif /* CONFIG_DRIVER_NDIS */ Index: patches/patch-src_drivers_drivers_mak =================================================================== RCS file: patches/patch-src_drivers_drivers_mak diff -N patches/patch-src_drivers_drivers_mak --- /dev/null 1 Jan 1970 00:00:00 -0000 +++ patches/patch-src_drivers_drivers_mak 27 Jan 2013 18:13:11 -0000 @@ -0,0 +1,18 @@ +$OpenBSD$ +--- src/drivers/drivers.mak.orig Sun Jan 27 18:05:10 2013 ++++ src/drivers/drivers.mak Sun Jan 27 18:05:42 2013 +@@ -55,6 +55,14 @@ CONFIG_L2_FREEBSD=y + CONFIG_DNET_PCAP=y + endif + ++ifdef CONFIG_DRIVER_OPENBSD ++ifndef CONFIG_L2_PACKET ++CONFIG_L2_PACKET=freebsd ++endif ++DRV_CFLAGS += -DCONFIG_DRIVER_OPENBSD ++DRV_OBJS += ../src/drivers/driver_openbsd.o ++endif ++ + ifdef CONFIG_DRIVER_TEST + DRV_CFLAGS += -DCONFIG_DRIVER_TEST + DRV_OBJS += ../src/drivers/driver_test.o Index: patches/patch-src_drivers_drivers_mk =================================================================== RCS file: patches/patch-src_drivers_drivers_mk diff -N patches/patch-src_drivers_drivers_mk --- /dev/null 1 Jan 1970 00:00:00 -0000 +++ patches/patch-src_drivers_drivers_mk 27 Jan 2013 18:13:11 -0000 @@ -0,0 +1,18 @@ +$OpenBSD$ +--- src/drivers/drivers.mk.orig Sun Jan 27 18:05:45 2013 ++++ src/drivers/drivers.mk Sun Jan 27 18:06:11 2013 +@@ -55,6 +55,14 @@ CONFIG_L2_FREEBSD=y + CONFIG_DNET_PCAP=y + endif + ++ifdef CONFIG_DRIVER_OPENBSD ++ifndef CONFIG_L2_PACKET ++CONFIG_L2_PACKET=freebsd ++endif ++DRV_CFLAGS += -DCONFIG_DRIVER_OPENBSD ++DRV_OBJS += src/drivers/driver_openbsd.c ++endif ++ + ifdef CONFIG_DRIVER_TEST + DRV_CFLAGS += -DCONFIG_DRIVER_TEST + DRV_OBJS += src/drivers/driver_test.c Index: patches/patch-src_l2_packet_l2_packet_freebsd_c =================================================================== RCS file: patches/patch-src_l2_packet_l2_packet_freebsd_c diff -N patches/patch-src_l2_packet_l2_packet_freebsd_c --- patches/patch-src_l2_packet_l2_packet_freebsd_c 25 Jun 2012 14:06:26 -0000 1.1 +++ /dev/null 1 Jan 1970 00:00:00 -0000 @@ -1,11 +0,0 @@ -$OpenBSD: patch-src_l2_packet_l2_packet_freebsd_c,v 1.1 2012/06/25 14:06:26 naddy Exp $ ---- src/l2_packet/l2_packet_freebsd.c.orig Mon Jun 25 07:51:11 2012 -+++ src/l2_packet/l2_packet_freebsd.c Mon Jun 25 07:51:32 2012 -@@ -20,6 +20,7 @@ - #include <pcap.h> - - #include <sys/ioctl.h> -+#include <sys/param.h> - #include <sys/sysctl.h> - - #include <net/if.h> Index: patches/patch-wpa_supplicant_Makefile =================================================================== RCS file: patches/patch-wpa_supplicant_Makefile diff -N patches/patch-wpa_supplicant_Makefile --- /dev/null 1 Jan 1970 00:00:00 -0000 +++ patches/patch-wpa_supplicant_Makefile 27 Jan 2013 18:13:11 -0000 @@ -0,0 +1,12 @@ +$OpenBSD$ +--- wpa_supplicant/Makefile.orig Fri Jan 25 23:16:50 2013 ++++ wpa_supplicant/Makefile Fri Jan 25 23:16:53 2013 +@@ -50,7 +50,7 @@ mkconfig: + echo CONFIG_DRIVER_WEXT=y >> .config + + $(DESTDIR)$(BINDIR)/%: % +- install -D $(<) $(@) ++ install $(<) $(@) + + install: $(addprefix $(DESTDIR)$(BINDIR)/,$(BINALL)) + $(MAKE) -C ../src install Index: patches/patch-wpa_supplicant_wpa_priv_c =================================================================== RCS file: patches/patch-wpa_supplicant_wpa_priv_c diff -N patches/patch-wpa_supplicant_wpa_priv_c --- /dev/null 1 Jan 1970 00:00:00 -0000 +++ patches/patch-wpa_supplicant_wpa_priv_c 27 Jan 2013 18:13:11 -0000 @@ -0,0 +1,34 @@ +$OpenBSD$ +--- wpa_supplicant/wpa_priv.c.orig Sat Jan 26 10:49:28 2013 ++++ wpa_supplicant/wpa_priv.c Sat Jan 26 10:50:56 2013 +@@ -92,6 +92,7 @@ static void wpa_priv_cmd_unregister(struct wpa_priv_in + } + + ++#if 0 + static void wpa_priv_cmd_scan(struct wpa_priv_interface *iface, + char *buf, size_t len) + { +@@ -170,6 +171,7 @@ static void wpa_priv_cmd_get_scan_results(struct wpa_p + sendto(iface->fd, "", 0, 0, (struct sockaddr *) from, + sizeof(*from)); + } ++#endif + + + static void wpa_priv_cmd_associate(struct wpa_priv_interface *iface, +@@ -487,12 +489,14 @@ static void wpa_priv_receive(int sock, void *eloop_ctx + case PRIVSEP_CMD_UNREGISTER: + wpa_priv_cmd_unregister(iface, &from); + break; ++#if 0 + case PRIVSEP_CMD_SCAN: + wpa_priv_cmd_scan(iface, cmd_buf, cmd_len); + break; + case PRIVSEP_CMD_GET_SCAN_RESULTS: + wpa_priv_cmd_get_scan_results(iface, &from); + break; ++#endif + case PRIVSEP_CMD_ASSOCIATE: + wpa_priv_cmd_associate(iface, cmd_buf, cmd_len); + break; Index: pkg/PLIST =================================================================== RCS file: /cvs/ports/security/wpa_supplicant/pkg/PLIST,v retrieving revision 1.2 diff -u -p -r1.2 PLIST --- pkg/PLIST 19 Jan 2012 16:14:11 -0000 1.2 +++ pkg/PLIST 27 Jan 2013 18:13:11 -0000 @@ -1,10 +1,11 @@ @comment $OpenBSD: PLIST,v 1.2 2012/01/19 16:14:11 sthen Exp $ +@comment @man man/man8/wpa_priv.8 +@comment @bin sbin/wpa_priv @man man/man5/wpa_supplicant.conf.5 @man man/man8/wpa_background.8 @man man/man8/wpa_cli.8 @comment @man man/man8/wpa_gui.8 @man man/man8/wpa_passphrase.8 -@comment @man man/man8/wpa_priv.8 @man man/man8/wpa_supplicant.8 @bin sbin/wpa_cli @bin sbin/wpa_passphrase
