On Sun, Jan 27, 2013 at 06:17:13PM +0000, Stuart Henderson wrote:
> On 2013/01/27 17:33, Stuart Henderson wrote:
> > I will merge this with my port diff to update to 2.0 and send out a diff
> > soon.
>
> I haven't tested WPA enterprise, but I have tested wired authentication
> with this version (TP-Link switch / MD5 / freeradius).
>
> I made a start at enabling the privilege separation code, but haven't
> finished that yet, so the diff is in place but it's still disabled
> for now.
>
> This diff also enables smartcard support via pcsc-lite - this could
> be made a flavour instead if people prefer to avoid it pulling in an
> LGPL dependency (libusb1) but have kept it simple for now.
>
Works for me on my lab's wifi which uses TTLS PAP with:
network={
ssid="whatever"
key_mgmt=WPA-EAP
eap=TTLS PEAP
identity="matthieu"
password="my_passord"
phase2="auth=PAP"
}
Thanks to both kettenis and sthen !
>
> Index: Makefile
> ===================================================================
> RCS file: /cvs/ports/security/wpa_supplicant/Makefile,v
> retrieving revision 1.5
> diff -u -p -r1.5 Makefile
> --- Makefile 19 Jan 2012 16:14:11 -0000 1.5
> +++ Makefile 27 Jan 2013 18:13:11 -0000
> @@ -2,7 +2,7 @@
>
> COMMENT= IEEE 802.1X supplicant
>
> -DISTNAME= wpa_supplicant-0.7.3
> +DISTNAME= wpa_supplicant-2.0
> CATEGORIES= security net
>
> HOMEPAGE= http://hostap.epitest.fi/wpa_supplicant/
> @@ -15,7 +15,9 @@ PERMIT_PACKAGE_FTP= Yes
> PERMIT_DISTFILES_CDROM= Yes
> PERMIT_DISTFILES_FTP= Yes
>
> -WANTLIB += c ssl crypto pcap
> +WANTLIB += c ssl crypto pcap pcsclite pthread
> +
> +LIB_DEPENDS= security/pcsc-lite
>
> MASTER_SITES= http://hostap.epitest.fi/releases/
>
> @@ -26,15 +28,14 @@ MAKE_FLAGS= V=1
>
> WRKSRC= ${WRKDIST}/wpa_supplicant
>
> -MAN5= wpa_supplicant.conf.5
> -MAN8= wpa_background.8 wpa_cli.8 wpa_passphrase.8 wpa_supplicant.8
> -
> EXAMPLEDIR= ${PREFIX}/share/examples/wpa_supplicant
>
> post-extract:
> - cp ${FILESDIR}/config ${WRKSRC}/.config
> + @${SUBST_CMD} -c ${FILESDIR}/config ${WRKSRC}/.config
> + @cp ${FILESDIR}/driver_openbsd.c ${WRKSRC}/../src/drivers/
>
> post-install:
> + @#${INSTALL_PROGRAM} ${WRKBUILD}/wpa_priv ${PREFIX}/sbin
> ${INSTALL_MAN} ${WRKBUILD}/doc/docbook/*.5 ${PREFIX}/man/man5/
> ${INSTALL_MAN} ${WRKBUILD}/doc/docbook/*.8 ${PREFIX}/man/man8/
> ${INSTALL_DATA_DIR} ${EXAMPLEDIR}
> Index: distinfo
> ===================================================================
> RCS file: /cvs/ports/security/wpa_supplicant/distinfo,v
> retrieving revision 1.2
> diff -u -p -r1.2 distinfo
> --- distinfo 19 Jan 2012 16:14:11 -0000 1.2
> +++ distinfo 27 Jan 2013 18:13:11 -0000
> @@ -1,5 +1,2 @@
> -MD5 (wpa_supplicant-0.7.3.tar.gz) = 9RbxkThKmlRuP1FFwIrd2g==
> -RMD160 (wpa_supplicant-0.7.3.tar.gz) = 4i8EQNZMlD5LCIbu+jQY516gG2A=
> -SHA1 (wpa_supplicant-0.7.3.tar.gz) = ylHbiTH6vzhjUsh0IvPmL7RMP+M=
> -SHA256 (wpa_supplicant-0.7.3.tar.gz) =
> 0M1QyqhTRszDdtzaXtPCWO7xmpOzyt450ldgEYrVlEM=
> -SIZE (wpa_supplicant-0.7.3.tar.gz) = 1638224
> +SHA256 (wpa_supplicant-2.0.tar.gz) =
> LBFWCfu1Ij1ROBCEpclERVqK/NqB1YQXP/VbojM3ngk=
> +SIZE (wpa_supplicant-2.0.tar.gz) = 2044281
> Index: files/config
> ===================================================================
> RCS file: /cvs/ports/security/wpa_supplicant/files/config,v
> retrieving revision 1.1
> diff -u -p -r1.1 config
> --- files/config 19 Jan 2012 16:14:11 -0000 1.1
> +++ files/config 27 Jan 2013 18:13:11 -0000
> @@ -1,19 +1,36 @@
> +# $OpenBSD$
> +# see defconfig and README for notes
> +
> +CFLAGS += -I${LOCALBASE}/include/PCSC
> +LIBS += -L${LOCALBASE}/lib
> +
> +CONFIG_BACKEND=file
> CONFIG_CTRL_IFACE=y
> CONFIG_DRIVER_WIRED=y
> +CONFIG_DRIVER_OPENBSD=y
> CONFIG_IEEE8021X_EAPOL=y
> +CONFIG_PEERKEY=y
> +
> CONFIG_EAP_MD5=y
> CONFIG_EAP_MSCHAPV2=y
> CONFIG_EAP_TLS=y
> CONFIG_EAP_PEAP=y
> CONFIG_EAP_TTLS=y
> +CONFIG_EAP_FAST=y
> CONFIG_EAP_GTC=y
> CONFIG_EAP_OTP=y
> -CONFIG_EAP_AKA=y
> CONFIG_EAP_PSK=y
> CONFIG_EAP_SAKE=y
> CONFIG_EAP_GPSK=y
> CONFIG_EAP_PAX=y
> CONFIG_EAP_LEAP=y
> +CONFIG_EAP_IKEV2=y
> +
> +CONFIG_EAP_AKA=y
> CONFIG_EAP_SIM=y
> -#CONFIG_EAP_FAST=n
> -CONFIG_L2_PACKET=freebsd
> +CONFIG_PCSC=y
> +CONFIG_SMARTCARD=y
> +
> +# privilege separation, see README.
> +# WIP: not yet tested.
> +# CONFIG_PRIVSEP=y
> Index: files/driver_openbsd.c
> ===================================================================
> RCS file: files/driver_openbsd.c
> diff -N files/driver_openbsd.c
> --- /dev/null 1 Jan 1970 00:00:00 -0000
> +++ files/driver_openbsd.c 27 Jan 2013 18:13:11 -0000
> @@ -0,0 +1,136 @@
> +/*
> + * Driver interaction with OpenBSD net80211 layer
> + * Copyright (c) 2013, Mark Kettenis
> + *
> + * This software may be distributed under the terms of the BSD license.
> + * See README for more details.
> + */
> +
> +#include "includes.h"
> +#include <sys/ioctl.h>
> +
> +#include <net/if.h>
> +#include <net80211/ieee80211.h>
> +#include <net80211/ieee80211_crypto.h>
> +#include <net80211/ieee80211_ioctl.h>
> +
> +#include "common.h"
> +#include "driver.h"
> +
> +struct openbsd_driver_data {
> + char ifname[IFNAMSIZ + 1];
> + void *ctx;
> +
> + int sock; /* open socket for 802.11 ioctls */
> +};
> +
> +
> +static int
> +wpa_driver_openbsd_get_ssid(void *priv, u8 *ssid)
> +{
> + struct openbsd_driver_data *drv = priv;
> + struct ieee80211_nwid nwid;
> + struct ifreq ifr;
> +
> + os_memset(&ifr, 0, sizeof(ifr));
> + os_strlcpy(ifr.ifr_name, drv->ifname, sizeof(ifr.ifr_name));
> + ifr.ifr_data = (void *)&nwid;
> + if (ioctl(drv->sock, SIOCG80211NWID, &ifr) < 0 ||
> + nwid.i_len > IEEE80211_NWID_LEN)
> + return -1;
> +
> + os_memcpy(ssid, nwid.i_nwid, nwid.i_len);
> + return nwid.i_len;
> +}
> +
> +static int
> +wpa_driver_openbsd_get_bssid(void *priv, u8 *bssid)
> +{
> + struct openbsd_driver_data *drv = priv;
> + struct ieee80211_bssid id;
> +
> + os_strlcpy(id.i_name, drv->ifname, sizeof(id.i_name));
> + if (ioctl(drv->sock, SIOCG80211BSSID, &id) < 0)
> + return -1;
> +
> + os_memcpy(bssid, id.i_bssid, IEEE80211_ADDR_LEN);
> + return 0;
> +}
> +
> +
> +static int
> +wpa_driver_openbsd_get_capa(void *priv, struct wpa_driver_capa *capa)
> +{
> + os_memset(capa, 0, sizeof(*capa));
> + capa->flags = WPA_DRIVER_FLAGS_4WAY_HANDSHAKE;
> + return 0;
> +}
> +
> +
> +static int
> +wpa_driver_openbsd_set_key(const char *ifname, void *priv, enum wpa_alg alg,
> + const unsigned char *addr, int key_idx, int set_tx, const u8 *seq,
> + size_t seq_len, const u8 *key, size_t key_len)
> +{
> + struct openbsd_driver_data *drv = priv;
> + struct ieee80211_keyavail keyavail;
> +
> + if (alg != WPA_ALG_PMK || key_len > IEEE80211_PMK_LEN)
> + return -1;
> +
> + memset(&keyavail, 0, sizeof(keyavail));
> + os_strlcpy(keyavail.i_name, drv->ifname, sizeof(keyavail.i_name));
> + if (wpa_driver_openbsd_get_bssid(priv, keyavail.i_macaddr) < 0)
> + return -1;
> + memcpy(keyavail.i_key, key, key_len);
> +
> + if (ioctl(drv->sock, SIOCS80211KEYAVAIL, &keyavail) < 0)
> + return -1;
> +
> + return 0;
> +}
> +
> +static void *
> +wpa_driver_openbsd_init(void *ctx, const char *ifname)
> +{
> + struct openbsd_driver_data *drv;
> +
> + drv = os_zalloc(sizeof(*drv));
> + if (drv == NULL)
> + return NULL;
> +
> + drv->sock = socket(PF_INET, SOCK_DGRAM, 0);
> + if (drv->sock < 0)
> + goto fail;
> +
> + drv->ctx = ctx;
> + os_strlcpy(drv->ifname, ifname, sizeof(drv->ifname));
> +
> + return drv;
> +
> +fail:
> + os_free(drv);
> + return NULL;
> +}
> +
> +
> +static void
> +wpa_driver_openbsd_deinit(void *priv)
> +{
> + struct openbsd_driver_data *drv = priv;
> +
> + close(drv->sock);
> + os_free(drv);
> +}
> +
> +
> +const struct wpa_driver_ops wpa_driver_openbsd_ops = {
> + .name = "openbsd",
> + .desc = "OpenBSD 802.11 support",
> + .get_ssid = wpa_driver_openbsd_get_ssid,
> + .get_bssid = wpa_driver_openbsd_get_bssid,
> + .get_capa = wpa_driver_openbsd_get_capa,
> + .set_key = wpa_driver_openbsd_set_key,
> + .init = wpa_driver_openbsd_init,
> + .deinit = wpa_driver_openbsd_deinit,
> +};
> Index: files/wpa_supplicant.conf
> ===================================================================
> RCS file: /cvs/ports/security/wpa_supplicant/files/wpa_supplicant.conf,v
> retrieving revision 1.1
> diff -u -p -r1.1 wpa_supplicant.conf
> --- files/wpa_supplicant.conf 1 Jul 2007 19:50:57 -0000 1.1
> +++ files/wpa_supplicant.conf 27 Jan 2013 18:13:11 -0000
> @@ -6,10 +6,22 @@ ctrl_interface=/var/run/wpa_supplicant
> ctrl_interface_group=wheel
> ap_scan=0
>
> -network={
> - key_mgmt=IEEE8021X
> - eap=MD5
> - identity="user"
> - password="password"
> - eapol_flags=0
> -}
> +# wired network:
> +
> +#network={
> +# key_mgmt=IEEE8021X
> +# eap=MD5
> +# identity="user"
> +# password="password"
> +# eapol_flags=0
> +#}
> +
> +# wireless network:
> +
> +#network={
> +# ssid="humppa"
> +# key_mgmt=WPA-EAP
> +# eap=TTLS PEAP
> +# identity="user"
> +# password="password"
> +#}
> Index: patches/patch-os_internal_c
> ===================================================================
> RCS file: /cvs/ports/security/wpa_supplicant/patches/patch-os_internal_c,v
> retrieving revision 1.3
> diff -u -p -r1.3 patch-os_internal_c
> --- patches/patch-os_internal_c 19 Jan 2012 16:14:11 -0000 1.3
> +++ patches/patch-os_internal_c 27 Jan 2013 18:13:11 -0000
> @@ -1,7 +1,7 @@
> $OpenBSD: patch-os_internal_c,v 1.3 2012/01/19 16:14:11 sthen Exp $
> ---- src/utils/os_internal.c.orig Tue May 29 03:08:48 2007
> -+++ src/utils/os_internal.c Sat Jan 14 12:52:53 2012
> -@@ -178,7 +178,7 @@ int os_setenv(const char *name, const char *value, int
> +--- src/utils/os_internal.c.orig Sat Jan 12 15:42:53 2013
> ++++ src/utils/os_internal.c Fri Jan 25 20:18:22 2013
> +@@ -190,7 +190,7 @@ int os_setenv(const char *name, const char *value, int
>
> int os_unsetenv(const char *name)
> {
> Index: patches/patch-src_drivers_drivers_c
> ===================================================================
> RCS file: patches/patch-src_drivers_drivers_c
> diff -N patches/patch-src_drivers_drivers_c
> --- /dev/null 1 Jan 1970 00:00:00 -0000
> +++ patches/patch-src_drivers_drivers_c 27 Jan 2013 18:13:11 -0000
> @@ -0,0 +1,23 @@
> +$OpenBSD$
> +--- src/drivers/drivers.c.orig Sun Jan 27 18:04:16 2013
> ++++ src/drivers/drivers.c Sun Jan 27 18:05:04 2013
> +@@ -24,6 +24,9 @@ extern struct wpa_driver_ops wpa_driver_madwifi_ops; /
> + #ifdef CONFIG_DRIVER_BSD
> + extern struct wpa_driver_ops wpa_driver_bsd_ops; /* driver_bsd.c */
> + #endif /* CONFIG_DRIVER_BSD */
> ++#ifdef CONFIG_DRIVER_OPENBSD
> ++extern struct wpa_driver_ops wpa_driver_openbsd_ops; /* driver_openbsd.c */
> ++#endif /* CONFIG_DRIVER_OPENBSD */
> + #ifdef CONFIG_DRIVER_NDIS
> + extern struct wpa_driver_ops wpa_driver_ndis_ops; /* driver_ndis.c */
> + #endif /* CONFIG_DRIVER_NDIS */
> +@@ -62,6 +65,9 @@ struct wpa_driver_ops *wpa_drivers[] =
> + #ifdef CONFIG_DRIVER_BSD
> + &wpa_driver_bsd_ops,
> + #endif /* CONFIG_DRIVER_BSD */
> ++#ifdef CONFIG_DRIVER_OPENBSD
> ++ &wpa_driver_openbsd_ops,
> ++#endif /* CONFIG_DRIVER_OPENBSD */
> + #ifdef CONFIG_DRIVER_NDIS
> + &wpa_driver_ndis_ops,
> + #endif /* CONFIG_DRIVER_NDIS */
> Index: patches/patch-src_drivers_drivers_mak
> ===================================================================
> RCS file: patches/patch-src_drivers_drivers_mak
> diff -N patches/patch-src_drivers_drivers_mak
> --- /dev/null 1 Jan 1970 00:00:00 -0000
> +++ patches/patch-src_drivers_drivers_mak 27 Jan 2013 18:13:11 -0000
> @@ -0,0 +1,18 @@
> +$OpenBSD$
> +--- src/drivers/drivers.mak.orig Sun Jan 27 18:05:10 2013
> ++++ src/drivers/drivers.mak Sun Jan 27 18:05:42 2013
> +@@ -55,6 +55,14 @@ CONFIG_L2_FREEBSD=y
> + CONFIG_DNET_PCAP=y
> + endif
> +
> ++ifdef CONFIG_DRIVER_OPENBSD
> ++ifndef CONFIG_L2_PACKET
> ++CONFIG_L2_PACKET=freebsd
> ++endif
> ++DRV_CFLAGS += -DCONFIG_DRIVER_OPENBSD
> ++DRV_OBJS += ../src/drivers/driver_openbsd.o
> ++endif
> ++
> + ifdef CONFIG_DRIVER_TEST
> + DRV_CFLAGS += -DCONFIG_DRIVER_TEST
> + DRV_OBJS += ../src/drivers/driver_test.o
> Index: patches/patch-src_drivers_drivers_mk
> ===================================================================
> RCS file: patches/patch-src_drivers_drivers_mk
> diff -N patches/patch-src_drivers_drivers_mk
> --- /dev/null 1 Jan 1970 00:00:00 -0000
> +++ patches/patch-src_drivers_drivers_mk 27 Jan 2013 18:13:11 -0000
> @@ -0,0 +1,18 @@
> +$OpenBSD$
> +--- src/drivers/drivers.mk.orig Sun Jan 27 18:05:45 2013
> ++++ src/drivers/drivers.mk Sun Jan 27 18:06:11 2013
> +@@ -55,6 +55,14 @@ CONFIG_L2_FREEBSD=y
> + CONFIG_DNET_PCAP=y
> + endif
> +
> ++ifdef CONFIG_DRIVER_OPENBSD
> ++ifndef CONFIG_L2_PACKET
> ++CONFIG_L2_PACKET=freebsd
> ++endif
> ++DRV_CFLAGS += -DCONFIG_DRIVER_OPENBSD
> ++DRV_OBJS += src/drivers/driver_openbsd.c
> ++endif
> ++
> + ifdef CONFIG_DRIVER_TEST
> + DRV_CFLAGS += -DCONFIG_DRIVER_TEST
> + DRV_OBJS += src/drivers/driver_test.c
> Index: patches/patch-src_l2_packet_l2_packet_freebsd_c
> ===================================================================
> RCS file: patches/patch-src_l2_packet_l2_packet_freebsd_c
> diff -N patches/patch-src_l2_packet_l2_packet_freebsd_c
> --- patches/patch-src_l2_packet_l2_packet_freebsd_c 25 Jun 2012 14:06:26
> -0000 1.1
> +++ /dev/null 1 Jan 1970 00:00:00 -0000
> @@ -1,11 +0,0 @@
> -$OpenBSD: patch-src_l2_packet_l2_packet_freebsd_c,v 1.1 2012/06/25 14:06:26
> naddy Exp $
> ---- src/l2_packet/l2_packet_freebsd.c.orig Mon Jun 25 07:51:11 2012
> -+++ src/l2_packet/l2_packet_freebsd.c Mon Jun 25 07:51:32 2012
> -@@ -20,6 +20,7 @@
> - #include <pcap.h>
> -
> - #include <sys/ioctl.h>
> -+#include <sys/param.h>
> - #include <sys/sysctl.h>
> -
> - #include <net/if.h>
> Index: patches/patch-wpa_supplicant_Makefile
> ===================================================================
> RCS file: patches/patch-wpa_supplicant_Makefile
> diff -N patches/patch-wpa_supplicant_Makefile
> --- /dev/null 1 Jan 1970 00:00:00 -0000
> +++ patches/patch-wpa_supplicant_Makefile 27 Jan 2013 18:13:11 -0000
> @@ -0,0 +1,12 @@
> +$OpenBSD$
> +--- wpa_supplicant/Makefile.orig Fri Jan 25 23:16:50 2013
> ++++ wpa_supplicant/Makefile Fri Jan 25 23:16:53 2013
> +@@ -50,7 +50,7 @@ mkconfig:
> + echo CONFIG_DRIVER_WEXT=y >> .config
> +
> + $(DESTDIR)$(BINDIR)/%: %
> +- install -D $(<) $(@)
> ++ install $(<) $(@)
> +
> + install: $(addprefix $(DESTDIR)$(BINDIR)/,$(BINALL))
> + $(MAKE) -C ../src install
> Index: patches/patch-wpa_supplicant_wpa_priv_c
> ===================================================================
> RCS file: patches/patch-wpa_supplicant_wpa_priv_c
> diff -N patches/patch-wpa_supplicant_wpa_priv_c
> --- /dev/null 1 Jan 1970 00:00:00 -0000
> +++ patches/patch-wpa_supplicant_wpa_priv_c 27 Jan 2013 18:13:11 -0000
> @@ -0,0 +1,34 @@
> +$OpenBSD$
> +--- wpa_supplicant/wpa_priv.c.orig Sat Jan 26 10:49:28 2013
> ++++ wpa_supplicant/wpa_priv.c Sat Jan 26 10:50:56 2013
> +@@ -92,6 +92,7 @@ static void wpa_priv_cmd_unregister(struct wpa_priv_in
> + }
> +
> +
> ++#if 0
> + static void wpa_priv_cmd_scan(struct wpa_priv_interface *iface,
> + char *buf, size_t len)
> + {
> +@@ -170,6 +171,7 @@ static void wpa_priv_cmd_get_scan_results(struct wpa_p
> + sendto(iface->fd, "", 0, 0, (struct sockaddr *) from,
> + sizeof(*from));
> + }
> ++#endif
> +
> +
> + static void wpa_priv_cmd_associate(struct wpa_priv_interface *iface,
> +@@ -487,12 +489,14 @@ static void wpa_priv_receive(int sock, void *eloop_ctx
> + case PRIVSEP_CMD_UNREGISTER:
> + wpa_priv_cmd_unregister(iface, &from);
> + break;
> ++#if 0
> + case PRIVSEP_CMD_SCAN:
> + wpa_priv_cmd_scan(iface, cmd_buf, cmd_len);
> + break;
> + case PRIVSEP_CMD_GET_SCAN_RESULTS:
> + wpa_priv_cmd_get_scan_results(iface, &from);
> + break;
> ++#endif
> + case PRIVSEP_CMD_ASSOCIATE:
> + wpa_priv_cmd_associate(iface, cmd_buf, cmd_len);
> + break;
> Index: pkg/PLIST
> ===================================================================
> RCS file: /cvs/ports/security/wpa_supplicant/pkg/PLIST,v
> retrieving revision 1.2
> diff -u -p -r1.2 PLIST
> --- pkg/PLIST 19 Jan 2012 16:14:11 -0000 1.2
> +++ pkg/PLIST 27 Jan 2013 18:13:11 -0000
> @@ -1,10 +1,11 @@
> @comment $OpenBSD: PLIST,v 1.2 2012/01/19 16:14:11 sthen Exp $
> +@comment @man man/man8/wpa_priv.8
> +@comment @bin sbin/wpa_priv
> @man man/man5/wpa_supplicant.conf.5
> @man man/man8/wpa_background.8
> @man man/man8/wpa_cli.8
> @comment @man man/man8/wpa_gui.8
> @man man/man8/wpa_passphrase.8
> -@comment @man man/man8/wpa_priv.8
> @man man/man8/wpa_supplicant.8
> @bin sbin/wpa_cli
> @bin sbin/wpa_passphrase
>
--
Matthieu Herrb
