> Date: Sun, 27 Jan 2013 18:17:13 +0000 > From: Stuart Henderson <[email protected]> > > On 2013/01/27 17:33, Stuart Henderson wrote: > > I will merge this with my port diff to update to 2.0 and send out > > a diff soon. > > I haven't tested WPA enterprise, but I have tested wired authentication > with this version (TP-Link switch / MD5 / freeradius). > > I made a start at enabling the privilege separation code, but haven't > finished that yet, so the diff is in place but it's still disabled > for now. > > This diff also enables smartcard support via pcsc-lite - this could > be made a flavour instead if people prefer to avoid it pulling in an > LGPL dependency (libusb1) but have kept it simple for now.
Looks like you and Gregor duplicated some effort. Anyway, this looks fine with to me. I'll submit my diff upstream later today. > Index: Makefile > =================================================================== > RCS file: /cvs/ports/security/wpa_supplicant/Makefile,v > retrieving revision 1.5 > diff -u -p -r1.5 Makefile > --- Makefile 19 Jan 2012 16:14:11 -0000 1.5 > +++ Makefile 27 Jan 2013 18:13:11 -0000 > @@ -2,7 +2,7 @@ > > COMMENT= IEEE 802.1X supplicant > > -DISTNAME= wpa_supplicant-0.7.3 > +DISTNAME= wpa_supplicant-2.0 > CATEGORIES= security net > > HOMEPAGE= http://hostap.epitest.fi/wpa_supplicant/ > @@ -15,7 +15,9 @@ PERMIT_PACKAGE_FTP= Yes > PERMIT_DISTFILES_CDROM= Yes > PERMIT_DISTFILES_FTP= Yes > > -WANTLIB += c ssl crypto pcap > +WANTLIB += c ssl crypto pcap pcsclite pthread > + > +LIB_DEPENDS= security/pcsc-lite > > MASTER_SITES= http://hostap.epitest.fi/releases/ > > @@ -26,15 +28,14 @@ MAKE_FLAGS= V=1 > > WRKSRC= ${WRKDIST}/wpa_supplicant > > -MAN5= wpa_supplicant.conf.5 > -MAN8= wpa_background.8 wpa_cli.8 wpa_passphrase.8 wpa_supplicant.8 > - > EXAMPLEDIR= ${PREFIX}/share/examples/wpa_supplicant > > post-extract: > - cp ${FILESDIR}/config ${WRKSRC}/.config > + @${SUBST_CMD} -c ${FILESDIR}/config ${WRKSRC}/.config > + @cp ${FILESDIR}/driver_openbsd.c ${WRKSRC}/../src/drivers/ > > post-install: > + @#${INSTALL_PROGRAM} ${WRKBUILD}/wpa_priv ${PREFIX}/sbin > ${INSTALL_MAN} ${WRKBUILD}/doc/docbook/*.5 ${PREFIX}/man/man5/ > ${INSTALL_MAN} ${WRKBUILD}/doc/docbook/*.8 ${PREFIX}/man/man8/ > ${INSTALL_DATA_DIR} ${EXAMPLEDIR} > Index: distinfo > =================================================================== > RCS file: /cvs/ports/security/wpa_supplicant/distinfo,v > retrieving revision 1.2 > diff -u -p -r1.2 distinfo > --- distinfo 19 Jan 2012 16:14:11 -0000 1.2 > +++ distinfo 27 Jan 2013 18:13:11 -0000 > @@ -1,5 +1,2 @@ > -MD5 (wpa_supplicant-0.7.3.tar.gz) = 9RbxkThKmlRuP1FFwIrd2g== > -RMD160 (wpa_supplicant-0.7.3.tar.gz) = 4i8EQNZMlD5LCIbu+jQY516gG2A= > -SHA1 (wpa_supplicant-0.7.3.tar.gz) = ylHbiTH6vzhjUsh0IvPmL7RMP+M= > -SHA256 (wpa_supplicant-0.7.3.tar.gz) = > 0M1QyqhTRszDdtzaXtPCWO7xmpOzyt450ldgEYrVlEM= > -SIZE (wpa_supplicant-0.7.3.tar.gz) = 1638224 > +SHA256 (wpa_supplicant-2.0.tar.gz) = > LBFWCfu1Ij1ROBCEpclERVqK/NqB1YQXP/VbojM3ngk= > +SIZE (wpa_supplicant-2.0.tar.gz) = 2044281 > Index: files/config > =================================================================== > RCS file: /cvs/ports/security/wpa_supplicant/files/config,v > retrieving revision 1.1 > diff -u -p -r1.1 config > --- files/config 19 Jan 2012 16:14:11 -0000 1.1 > +++ files/config 27 Jan 2013 18:13:11 -0000 > @@ -1,19 +1,36 @@ > +# $OpenBSD$ > +# see defconfig and README for notes > + > +CFLAGS += -I${LOCALBASE}/include/PCSC > +LIBS += -L${LOCALBASE}/lib > + > +CONFIG_BACKEND=file > CONFIG_CTRL_IFACE=y > CONFIG_DRIVER_WIRED=y > +CONFIG_DRIVER_OPENBSD=y > CONFIG_IEEE8021X_EAPOL=y > +CONFIG_PEERKEY=y > + > CONFIG_EAP_MD5=y > CONFIG_EAP_MSCHAPV2=y > CONFIG_EAP_TLS=y > CONFIG_EAP_PEAP=y > CONFIG_EAP_TTLS=y > +CONFIG_EAP_FAST=y > CONFIG_EAP_GTC=y > CONFIG_EAP_OTP=y > -CONFIG_EAP_AKA=y > CONFIG_EAP_PSK=y > CONFIG_EAP_SAKE=y > CONFIG_EAP_GPSK=y > CONFIG_EAP_PAX=y > CONFIG_EAP_LEAP=y > +CONFIG_EAP_IKEV2=y > + > +CONFIG_EAP_AKA=y > CONFIG_EAP_SIM=y > -#CONFIG_EAP_FAST=n > -CONFIG_L2_PACKET=freebsd > +CONFIG_PCSC=y > +CONFIG_SMARTCARD=y > + > +# privilege separation, see README. > +# WIP: not yet tested. > +# CONFIG_PRIVSEP=y > Index: files/driver_openbsd.c > =================================================================== > RCS file: files/driver_openbsd.c > diff -N files/driver_openbsd.c > --- /dev/null 1 Jan 1970 00:00:00 -0000 > +++ files/driver_openbsd.c 27 Jan 2013 18:13:11 -0000 > @@ -0,0 +1,136 @@ > +/* > + * Driver interaction with OpenBSD net80211 layer > + * Copyright (c) 2013, Mark Kettenis > + * > + * This software may be distributed under the terms of the BSD license. > + * See README for more details. > + */ > + > +#include "includes.h" > +#include <sys/ioctl.h> > + > +#include <net/if.h> > +#include <net80211/ieee80211.h> > +#include <net80211/ieee80211_crypto.h> > +#include <net80211/ieee80211_ioctl.h> > + > +#include "common.h" > +#include "driver.h" > + > +struct openbsd_driver_data { > + char ifname[IFNAMSIZ + 1]; > + void *ctx; > + > + int sock; /* open socket for 802.11 ioctls */ > +}; > + > + > +static int > +wpa_driver_openbsd_get_ssid(void *priv, u8 *ssid) > +{ > + struct openbsd_driver_data *drv = priv; > + struct ieee80211_nwid nwid; > + struct ifreq ifr; > + > + os_memset(&ifr, 0, sizeof(ifr)); > + os_strlcpy(ifr.ifr_name, drv->ifname, sizeof(ifr.ifr_name)); > + ifr.ifr_data = (void *)&nwid; > + if (ioctl(drv->sock, SIOCG80211NWID, &ifr) < 0 || > + nwid.i_len > IEEE80211_NWID_LEN) > + return -1; > + > + os_memcpy(ssid, nwid.i_nwid, nwid.i_len); > + return nwid.i_len; > +} > + > +static int > +wpa_driver_openbsd_get_bssid(void *priv, u8 *bssid) > +{ > + struct openbsd_driver_data *drv = priv; > + struct ieee80211_bssid id; > + > + os_strlcpy(id.i_name, drv->ifname, sizeof(id.i_name)); > + if (ioctl(drv->sock, SIOCG80211BSSID, &id) < 0) > + return -1; > + > + os_memcpy(bssid, id.i_bssid, IEEE80211_ADDR_LEN); > + return 0; > +} > + > + > +static int > +wpa_driver_openbsd_get_capa(void *priv, struct wpa_driver_capa *capa) > +{ > + os_memset(capa, 0, sizeof(*capa)); > + capa->flags = WPA_DRIVER_FLAGS_4WAY_HANDSHAKE; > + return 0; > +} > + > + > +static int > +wpa_driver_openbsd_set_key(const char *ifname, void *priv, enum wpa_alg alg, > + const unsigned char *addr, int key_idx, int set_tx, const u8 *seq, > + size_t seq_len, const u8 *key, size_t key_len) > +{ > + struct openbsd_driver_data *drv = priv; > + struct ieee80211_keyavail keyavail; > + > + if (alg != WPA_ALG_PMK || key_len > IEEE80211_PMK_LEN) > + return -1; > + > + memset(&keyavail, 0, sizeof(keyavail)); > + os_strlcpy(keyavail.i_name, drv->ifname, sizeof(keyavail.i_name)); > + if (wpa_driver_openbsd_get_bssid(priv, keyavail.i_macaddr) < 0) > + return -1; > + memcpy(keyavail.i_key, key, key_len); > + > + if (ioctl(drv->sock, SIOCS80211KEYAVAIL, &keyavail) < 0) > + return -1; > + > + return 0; > +} > + > +static void * > +wpa_driver_openbsd_init(void *ctx, const char *ifname) > +{ > + struct openbsd_driver_data *drv; > + > + drv = os_zalloc(sizeof(*drv)); > + if (drv == NULL) > + return NULL; > + > + drv->sock = socket(PF_INET, SOCK_DGRAM, 0); > + if (drv->sock < 0) > + goto fail; > + > + drv->ctx = ctx; > + os_strlcpy(drv->ifname, ifname, sizeof(drv->ifname)); > + > + return drv; > + > +fail: > + os_free(drv); > + return NULL; > +} > + > + > +static void > +wpa_driver_openbsd_deinit(void *priv) > +{ > + struct openbsd_driver_data *drv = priv; > + > + close(drv->sock); > + os_free(drv); > +} > + > + > +const struct wpa_driver_ops wpa_driver_openbsd_ops = { > + .name = "openbsd", > + .desc = "OpenBSD 802.11 support", > + .get_ssid = wpa_driver_openbsd_get_ssid, > + .get_bssid = wpa_driver_openbsd_get_bssid, > + .get_capa = wpa_driver_openbsd_get_capa, > + .set_key = wpa_driver_openbsd_set_key, > + .init = wpa_driver_openbsd_init, > + .deinit = wpa_driver_openbsd_deinit, > +}; > Index: files/wpa_supplicant.conf > =================================================================== > RCS file: /cvs/ports/security/wpa_supplicant/files/wpa_supplicant.conf,v > retrieving revision 1.1 > diff -u -p -r1.1 wpa_supplicant.conf > --- files/wpa_supplicant.conf 1 Jul 2007 19:50:57 -0000 1.1 > +++ files/wpa_supplicant.conf 27 Jan 2013 18:13:11 -0000 > @@ -6,10 +6,22 @@ ctrl_interface=/var/run/wpa_supplicant > ctrl_interface_group=wheel > ap_scan=0 > > -network={ > - key_mgmt=IEEE8021X > - eap=MD5 > - identity="user" > - password="password" > - eapol_flags=0 > -} > +# wired network: > + > +#network={ > +# key_mgmt=IEEE8021X > +# eap=MD5 > +# identity="user" > +# password="password" > +# eapol_flags=0 > +#} > + > +# wireless network: > + > +#network={ > +# ssid="humppa" > +# key_mgmt=WPA-EAP > +# eap=TTLS PEAP > +# identity="user" > +# password="password" > +#} > Index: patches/patch-os_internal_c > =================================================================== > RCS file: /cvs/ports/security/wpa_supplicant/patches/patch-os_internal_c,v > retrieving revision 1.3 > diff -u -p -r1.3 patch-os_internal_c > --- patches/patch-os_internal_c 19 Jan 2012 16:14:11 -0000 1.3 > +++ patches/patch-os_internal_c 27 Jan 2013 18:13:11 -0000 > @@ -1,7 +1,7 @@ > $OpenBSD: patch-os_internal_c,v 1.3 2012/01/19 16:14:11 sthen Exp $ > ---- src/utils/os_internal.c.orig Tue May 29 03:08:48 2007 > -+++ src/utils/os_internal.c Sat Jan 14 12:52:53 2012 > -@@ -178,7 +178,7 @@ int os_setenv(const char *name, const char *value, int > +--- src/utils/os_internal.c.orig Sat Jan 12 15:42:53 2013 > ++++ src/utils/os_internal.c Fri Jan 25 20:18:22 2013 > +@@ -190,7 +190,7 @@ int os_setenv(const char *name, const char *value, int > > int os_unsetenv(const char *name) > { > Index: patches/patch-src_drivers_drivers_c > =================================================================== > RCS file: patches/patch-src_drivers_drivers_c > diff -N patches/patch-src_drivers_drivers_c > --- /dev/null 1 Jan 1970 00:00:00 -0000 > +++ patches/patch-src_drivers_drivers_c 27 Jan 2013 18:13:11 -0000 > @@ -0,0 +1,23 @@ > +$OpenBSD$ > +--- src/drivers/drivers.c.orig Sun Jan 27 18:04:16 2013 > ++++ src/drivers/drivers.c Sun Jan 27 18:05:04 2013 > +@@ -24,6 +24,9 @@ extern struct wpa_driver_ops wpa_driver_madwifi_ops; / > + #ifdef CONFIG_DRIVER_BSD > + extern struct wpa_driver_ops wpa_driver_bsd_ops; /* driver_bsd.c */ > + #endif /* CONFIG_DRIVER_BSD */ > ++#ifdef CONFIG_DRIVER_OPENBSD > ++extern struct wpa_driver_ops wpa_driver_openbsd_ops; /* driver_openbsd.c */ > ++#endif /* CONFIG_DRIVER_OPENBSD */ > + #ifdef CONFIG_DRIVER_NDIS > + extern struct wpa_driver_ops wpa_driver_ndis_ops; /* driver_ndis.c */ > + #endif /* CONFIG_DRIVER_NDIS */ > +@@ -62,6 +65,9 @@ struct wpa_driver_ops *wpa_drivers[] = > + #ifdef CONFIG_DRIVER_BSD > + &wpa_driver_bsd_ops, > + #endif /* CONFIG_DRIVER_BSD */ > ++#ifdef CONFIG_DRIVER_OPENBSD > ++ &wpa_driver_openbsd_ops, > ++#endif /* CONFIG_DRIVER_OPENBSD */ > + #ifdef CONFIG_DRIVER_NDIS > + &wpa_driver_ndis_ops, > + #endif /* CONFIG_DRIVER_NDIS */ > Index: patches/patch-src_drivers_drivers_mak > =================================================================== > RCS file: patches/patch-src_drivers_drivers_mak > diff -N patches/patch-src_drivers_drivers_mak > --- /dev/null 1 Jan 1970 00:00:00 -0000 > +++ patches/patch-src_drivers_drivers_mak 27 Jan 2013 18:13:11 -0000 > @@ -0,0 +1,18 @@ > +$OpenBSD$ > +--- src/drivers/drivers.mak.orig Sun Jan 27 18:05:10 2013 > ++++ src/drivers/drivers.mak Sun Jan 27 18:05:42 2013 > +@@ -55,6 +55,14 @@ CONFIG_L2_FREEBSD=y > + CONFIG_DNET_PCAP=y > + endif > + > ++ifdef CONFIG_DRIVER_OPENBSD > ++ifndef CONFIG_L2_PACKET > ++CONFIG_L2_PACKET=freebsd > ++endif > ++DRV_CFLAGS += -DCONFIG_DRIVER_OPENBSD > ++DRV_OBJS += ../src/drivers/driver_openbsd.o > ++endif > ++ > + ifdef CONFIG_DRIVER_TEST > + DRV_CFLAGS += -DCONFIG_DRIVER_TEST > + DRV_OBJS += ../src/drivers/driver_test.o > Index: patches/patch-src_drivers_drivers_mk > =================================================================== > RCS file: patches/patch-src_drivers_drivers_mk > diff -N patches/patch-src_drivers_drivers_mk > --- /dev/null 1 Jan 1970 00:00:00 -0000 > +++ patches/patch-src_drivers_drivers_mk 27 Jan 2013 18:13:11 -0000 > @@ -0,0 +1,18 @@ > +$OpenBSD$ > +--- src/drivers/drivers.mk.orig Sun Jan 27 18:05:45 2013 > ++++ src/drivers/drivers.mk Sun Jan 27 18:06:11 2013 > +@@ -55,6 +55,14 @@ CONFIG_L2_FREEBSD=y > + CONFIG_DNET_PCAP=y > + endif > + > ++ifdef CONFIG_DRIVER_OPENBSD > ++ifndef CONFIG_L2_PACKET > ++CONFIG_L2_PACKET=freebsd > ++endif > ++DRV_CFLAGS += -DCONFIG_DRIVER_OPENBSD > ++DRV_OBJS += src/drivers/driver_openbsd.c > ++endif > ++ > + ifdef CONFIG_DRIVER_TEST > + DRV_CFLAGS += -DCONFIG_DRIVER_TEST > + DRV_OBJS += src/drivers/driver_test.c > Index: patches/patch-src_l2_packet_l2_packet_freebsd_c > =================================================================== > RCS file: patches/patch-src_l2_packet_l2_packet_freebsd_c > diff -N patches/patch-src_l2_packet_l2_packet_freebsd_c > --- patches/patch-src_l2_packet_l2_packet_freebsd_c 25 Jun 2012 14:06:26 > -0000 1.1 > +++ /dev/null 1 Jan 1970 00:00:00 -0000 > @@ -1,11 +0,0 @@ > -$OpenBSD: patch-src_l2_packet_l2_packet_freebsd_c,v 1.1 2012/06/25 14:06:26 > naddy Exp $ > ---- src/l2_packet/l2_packet_freebsd.c.orig Mon Jun 25 07:51:11 2012 > -+++ src/l2_packet/l2_packet_freebsd.c Mon Jun 25 07:51:32 2012 > -@@ -20,6 +20,7 @@ > - #include <pcap.h> > - > - #include <sys/ioctl.h> > -+#include <sys/param.h> > - #include <sys/sysctl.h> > - > - #include <net/if.h> > Index: patches/patch-wpa_supplicant_Makefile > =================================================================== > RCS file: patches/patch-wpa_supplicant_Makefile > diff -N patches/patch-wpa_supplicant_Makefile > --- /dev/null 1 Jan 1970 00:00:00 -0000 > +++ patches/patch-wpa_supplicant_Makefile 27 Jan 2013 18:13:11 -0000 > @@ -0,0 +1,12 @@ > +$OpenBSD$ > +--- wpa_supplicant/Makefile.orig Fri Jan 25 23:16:50 2013 > ++++ wpa_supplicant/Makefile Fri Jan 25 23:16:53 2013 > +@@ -50,7 +50,7 @@ mkconfig: > + echo CONFIG_DRIVER_WEXT=y >> .config > + > + $(DESTDIR)$(BINDIR)/%: % > +- install -D $(<) $(@) > ++ install $(<) $(@) > + > + install: $(addprefix $(DESTDIR)$(BINDIR)/,$(BINALL)) > + $(MAKE) -C ../src install > Index: patches/patch-wpa_supplicant_wpa_priv_c > =================================================================== > RCS file: patches/patch-wpa_supplicant_wpa_priv_c > diff -N patches/patch-wpa_supplicant_wpa_priv_c > --- /dev/null 1 Jan 1970 00:00:00 -0000 > +++ patches/patch-wpa_supplicant_wpa_priv_c 27 Jan 2013 18:13:11 -0000 > @@ -0,0 +1,34 @@ > +$OpenBSD$ > +--- wpa_supplicant/wpa_priv.c.orig Sat Jan 26 10:49:28 2013 > ++++ wpa_supplicant/wpa_priv.c Sat Jan 26 10:50:56 2013 > +@@ -92,6 +92,7 @@ static void wpa_priv_cmd_unregister(struct wpa_priv_in > + } > + > + > ++#if 0 > + static void wpa_priv_cmd_scan(struct wpa_priv_interface *iface, > + char *buf, size_t len) > + { > +@@ -170,6 +171,7 @@ static void wpa_priv_cmd_get_scan_results(struct wpa_p > + sendto(iface->fd, "", 0, 0, (struct sockaddr *) from, > + sizeof(*from)); > + } > ++#endif > + > + > + static void wpa_priv_cmd_associate(struct wpa_priv_interface *iface, > +@@ -487,12 +489,14 @@ static void wpa_priv_receive(int sock, void *eloop_ctx > + case PRIVSEP_CMD_UNREGISTER: > + wpa_priv_cmd_unregister(iface, &from); > + break; > ++#if 0 > + case PRIVSEP_CMD_SCAN: > + wpa_priv_cmd_scan(iface, cmd_buf, cmd_len); > + break; > + case PRIVSEP_CMD_GET_SCAN_RESULTS: > + wpa_priv_cmd_get_scan_results(iface, &from); > + break; > ++#endif > + case PRIVSEP_CMD_ASSOCIATE: > + wpa_priv_cmd_associate(iface, cmd_buf, cmd_len); > + break; > Index: pkg/PLIST > =================================================================== > RCS file: /cvs/ports/security/wpa_supplicant/pkg/PLIST,v > retrieving revision 1.2 > diff -u -p -r1.2 PLIST > --- pkg/PLIST 19 Jan 2012 16:14:11 -0000 1.2 > +++ pkg/PLIST 27 Jan 2013 18:13:11 -0000 > @@ -1,10 +1,11 @@ > @comment $OpenBSD: PLIST,v 1.2 2012/01/19 16:14:11 sthen Exp $ > +@comment @man man/man8/wpa_priv.8 > +@comment @bin sbin/wpa_priv > @man man/man5/wpa_supplicant.conf.5 > @man man/man8/wpa_background.8 > @man man/man8/wpa_cli.8 > @comment @man man/man8/wpa_gui.8 > @man man/man8/wpa_passphrase.8 > -@comment @man man/man8/wpa_priv.8 > @man man/man8/wpa_supplicant.8 > @bin sbin/wpa_cli > @bin sbin/wpa_passphrase > >
