[pkg-wpa-devel] r1135 - in /wpasupplicant/branches/upstream/current: src/ src/common/ src/drivers/ src/eap_common/ src/eap_peer/ src/eap_server/ src/radius/ src/rsn_supp/ src/wps/ wpa_supplicant/ wpa_supplicant/doc/docbook/ wpa_supplicant/wpa_gui-qt4/
kelmo-guest at users.alioth.debian.org
kelmo-guest at users.alioth.debian.org
Sat Feb 23 03:42:37 UTC 2008
Author: kelmo-guest
Date: Sat Feb 23 03:42:35 2008
New Revision: 1135
URL: http://svn.debian.org/wsvn/?sc=1&rev=1135
Log:
[svn-upgrade] Integrating new upstream version, wpasupplicant (0.6.3)
Added:
wpasupplicant/branches/upstream/current/wpa_supplicant/doc/docbook/wpa_background.8
wpasupplicant/branches/upstream/current/wpa_supplicant/doc/docbook/wpa_cli.8
wpasupplicant/branches/upstream/current/wpa_supplicant/doc/docbook/wpa_gui.8
wpasupplicant/branches/upstream/current/wpa_supplicant/doc/docbook/wpa_passphrase.8
wpasupplicant/branches/upstream/current/wpa_supplicant/doc/docbook/wpa_priv.8
wpasupplicant/branches/upstream/current/wpa_supplicant/doc/docbook/wpa_supplicant.8
wpasupplicant/branches/upstream/current/wpa_supplicant/doc/docbook/wpa_supplicant.conf.5
Removed:
wpasupplicant/branches/upstream/current/src/wps/
Modified:
wpasupplicant/branches/upstream/current/src/Makefile
wpasupplicant/branches/upstream/current/src/common/version.h
wpasupplicant/branches/upstream/current/src/common/wpa_ctrl.h
wpasupplicant/branches/upstream/current/src/drivers/Apple80211.h
wpasupplicant/branches/upstream/current/src/drivers/ndis_events.c
wpasupplicant/branches/upstream/current/src/eap_common/eap_defs.h
wpasupplicant/branches/upstream/current/src/eap_common/eap_tlv_common.h
wpasupplicant/branches/upstream/current/src/eap_peer/eap.h
wpasupplicant/branches/upstream/current/src/eap_peer/eap_fast.c
wpasupplicant/branches/upstream/current/src/eap_peer/eap_ikev2.c
wpasupplicant/branches/upstream/current/src/eap_peer/eap_peap.c
wpasupplicant/branches/upstream/current/src/eap_peer/eap_tlv.c
wpasupplicant/branches/upstream/current/src/eap_peer/eap_tlv.h
wpasupplicant/branches/upstream/current/src/eap_server/eap.c
wpasupplicant/branches/upstream/current/src/eap_server/eap.h
wpasupplicant/branches/upstream/current/src/eap_server/eap_fast.c
wpasupplicant/branches/upstream/current/src/eap_server/eap_i.h
wpasupplicant/branches/upstream/current/src/eap_server/eap_ikev2.c
wpasupplicant/branches/upstream/current/src/eap_server/eap_methods.c
wpasupplicant/branches/upstream/current/src/eap_server/eap_peap.c
wpasupplicant/branches/upstream/current/src/eap_server/ikev2.c
wpasupplicant/branches/upstream/current/src/radius/radius_server.c
wpasupplicant/branches/upstream/current/src/radius/radius_server.h
wpasupplicant/branches/upstream/current/src/rsn_supp/wpa.c
wpasupplicant/branches/upstream/current/wpa_supplicant/ChangeLog
wpasupplicant/branches/upstream/current/wpa_supplicant/Makefile
wpasupplicant/branches/upstream/current/wpa_supplicant/ctrl_iface_dbus_handlers.c
wpasupplicant/branches/upstream/current/wpa_supplicant/events.c
wpasupplicant/branches/upstream/current/wpa_supplicant/wpa_gui-qt4/eventhistory.cpp
wpasupplicant/branches/upstream/current/wpa_supplicant/wpa_gui-qt4/eventhistory.ui
wpasupplicant/branches/upstream/current/wpa_supplicant/wpa_supplicant.c
wpasupplicant/branches/upstream/current/wpa_supplicant/wpa_supplicant_i.h
Modified: wpasupplicant/branches/upstream/current/src/Makefile
URL: http://svn.debian.org/wsvn/wpasupplicant/branches/upstream/current/src/Makefile?rev=1135&op=diff
==============================================================================
--- wpasupplicant/branches/upstream/current/src/Makefile (original)
+++ wpasupplicant/branches/upstream/current/src/Makefile Sat Feb 23 03:42:35 2008
@@ -1,4 +1,4 @@
-SUBDIRS=common crypto drivers hlr_auc_gw eapol_supp eap_common eap_peer eap_server l2_packet radius rsn_supp tls utils wps
+SUBDIRS=common crypto drivers hlr_auc_gw eapol_supp eap_common eap_peer eap_server l2_packet radius rsn_supp tls utils
all:
@echo Nothing to be made.
Modified: wpasupplicant/branches/upstream/current/src/common/version.h
URL: http://svn.debian.org/wsvn/wpasupplicant/branches/upstream/current/src/common/version.h?rev=1135&op=diff
==============================================================================
--- wpasupplicant/branches/upstream/current/src/common/version.h (original)
+++ wpasupplicant/branches/upstream/current/src/common/version.h Sat Feb 23 03:42:35 2008
@@ -1,6 +1,6 @@
#ifndef VERSION_H
#define VERSION_H
-#define VERSION_STR "0.6.2"
+#define VERSION_STR "0.6.3"
#endif /* VERSION_H */
Modified: wpasupplicant/branches/upstream/current/src/common/wpa_ctrl.h
URL: http://svn.debian.org/wsvn/wpasupplicant/branches/upstream/current/src/common/wpa_ctrl.h?rev=1135&op=diff
==============================================================================
--- wpasupplicant/branches/upstream/current/src/common/wpa_ctrl.h (original)
+++ wpasupplicant/branches/upstream/current/src/common/wpa_ctrl.h Sat Feb 23 03:42:35 2008
@@ -48,11 +48,6 @@
#define WPA_EVENT_EAP_FAILURE "CTRL-EVENT-EAP-FAILURE "
/** New scan results available */
#define WPA_EVENT_SCAN_RESULTS "CTRL-EVENT-SCAN-RESULTS "
-
-
-/* hostapd control interface - fixed message prefixes */
-#define WPS_EVENT_PIN_NEEDED "WPS-PIN-NEEDED "
-#define WPS_EVENT_NEW_AP_SETTINGS "WPS-NEW-AP-SETTINGS "
/* wpa_supplicant/hostapd control interface access */
Modified: wpasupplicant/branches/upstream/current/src/drivers/Apple80211.h
URL: http://svn.debian.org/wsvn/wpasupplicant/branches/upstream/current/src/drivers/Apple80211.h?rev=1135&op=diff
==============================================================================
--- wpasupplicant/branches/upstream/current/src/drivers/Apple80211.h (original)
+++ wpasupplicant/branches/upstream/current/src/drivers/Apple80211.h Sat Feb 23 03:42:35 2008
@@ -105,13 +105,11 @@
* channel: CFNumber(kCFNumberSInt32Type)
* signal: CFNumber(kCFNumberSInt32Type)
* appleIE: CFData
- * WPSNOPINRequired: CFBoolean
* noise: CFNumber(kCFNumberSInt32Type)
* capability: CFNumber(kCFNumberSInt32Type)
* uniCipher: CFArray of CFNumber(kCFNumberSInt32Type)
* appleIE_Version: CFNumber(kCFNumberSInt32Type)
* appleIE_Robust: CFBoolean
- * WPSConfigured: CFBoolean
* scanWasDirected: CFBoolean
* appleIE_Product: CFNumber(kCFNumberSInt32Type)
* authModes: CFArray of CFNumber(kCFNumberSInt32Type)
Modified: wpasupplicant/branches/upstream/current/src/drivers/ndis_events.c
URL: http://svn.debian.org/wsvn/wpasupplicant/branches/upstream/current/src/drivers/ndis_events.c?rev=1135&op=diff
==============================================================================
--- wpasupplicant/branches/upstream/current/src/drivers/ndis_events.c (original)
+++ wpasupplicant/branches/upstream/current/src/drivers/ndis_events.c Sat Feb 23 03:42:35 2008
@@ -40,6 +40,80 @@
char *ifname; /* {GUID..} */
WCHAR *adapter_desc;
};
+
+#define BstrAlloc(x) (x) ? SysAllocString(x) : NULL
+#define BstrFree(x) if (x) SysFreeString(x)
+
+/* WBEM / WMI wrapper functions, to perform in-place conversion of WCHARs to
+ * BSTRs */
+HRESULT STDMETHODCALLTYPE call_IWbemServices_ExecQuery(
+ IWbemServices *pSvc, LPCWSTR strQueryLanguage, LPCWSTR strQuery,
+ long lFlags, IWbemContext *pCtx, IEnumWbemClassObject **ppEnum)
+{
+ BSTR bsQueryLanguage, bsQuery;
+ HRESULT hr;
+
+ bsQueryLanguage = BstrAlloc(strQueryLanguage);
+ bsQuery = BstrAlloc(strQuery);
+
+ hr = IWbemServices_ExecQuery(pSvc, bsQueryLanguage, bsQuery, lFlags,
+ pCtx, ppEnum);
+
+ BstrFree(bsQueryLanguage);
+ BstrFree(bsQuery);
+
+ return hr;
+}
+
+
+HRESULT STDMETHODCALLTYPE call_IWbemServices_ExecNotificationQueryAsync(
+ IWbemServices *pSvc, LPCWSTR strQueryLanguage, LPCWSTR strQuery,
+ long lFlags, IWbemContext *pCtx, IWbemObjectSink *pResponseHandler)
+{
+ BSTR bsQueryLanguage, bsQuery;
+ HRESULT hr;
+
+ bsQueryLanguage = BstrAlloc(strQueryLanguage);
+ bsQuery = BstrAlloc(strQuery);
+
+ hr = IWbemServices_ExecNotificationQueryAsync(pSvc, bsQueryLanguage,
+ bsQuery, lFlags, pCtx,
+ pResponseHandler);
+
+ BstrFree(bsQueryLanguage);
+ BstrFree(bsQuery);
+
+ return hr;
+}
+
+
+HRESULT STDMETHODCALLTYPE call_IWbemLocator_ConnectServer(
+ IWbemLocator *pLoc, LPCWSTR strNetworkResource, LPCWSTR strUser,
+ LPCWSTR strPassword, LPCWSTR strLocale, long lSecurityFlags,
+ LPCWSTR strAuthority, IWbemContext *pCtx, IWbemServices **ppNamespace)
+{
+ BSTR bsNetworkResource, bsUser, bsPassword, bsLocale, bsAuthority;
+ HRESULT hr;
+
+ bsNetworkResource = BstrAlloc(strNetworkResource);
+ bsUser = BstrAlloc(strUser);
+ bsPassword = BstrAlloc(strPassword);
+ bsLocale = BstrAlloc(strLocale);
+ bsAuthority = BstrAlloc(strAuthority);
+
+ hr = IWbemLocator_ConnectServer(pLoc, bsNetworkResource, bsUser,
+ bsPassword, bsLocale, lSecurityFlags,
+ bsAuthority, pCtx, ppNamespace);
+
+ BstrFree(bsNetworkResource);
+ BstrFree(bsUser);
+ BstrFree(bsPassword);
+ BstrFree(bsLocale);
+ BstrFree(bsAuthority);
+
+ return hr;
+}
+
enum event_types { EVENT_CONNECT, EVENT_DISCONNECT, EVENT_MEDIA_SPECIFIC,
EVENT_ADAPTER_ARRIVAL, EVENT_ADAPTER_REMOVAL };
@@ -332,8 +406,8 @@
_snwprintf(query, 256,
L"SELECT * FROM %S", class_name);
wpa_printf(MSG_DEBUG, "ndis_events: WMI: %S", query);
- hr = IWbemServices_ExecNotificationQueryAsync(pSvc, L"WQL", query, 0,
- 0, pDestSink);
+ hr = call_IWbemServices_ExecNotificationQueryAsync(
+ pSvc, L"WQL", query, 0, 0, pDestSink);
if (FAILED(hr)) {
wpa_printf(MSG_DEBUG, "ExecNotificationQueryAsync for %s "
"failed with hresult of 0x%x",
@@ -434,8 +508,8 @@
os_free(events->adapter_desc);
events->adapter_desc = NULL;
- hr = IWbemLocator_ConnectServer(events->pLoc, L"ROOT\\CIMV2", NULL,
- NULL, 0, 0, 0, 0, &pSvc);
+ hr = call_IWbemLocator_ConnectServer(
+ events->pLoc, L"ROOT\\CIMV2", NULL, NULL, 0, 0, 0, 0, &pSvc);
if (FAILED(hr)) {
wpa_printf(MSG_ERROR, "ndis_events: Could not connect to WMI "
"server (ROOT\\CIMV2) - error 0x%x", (int) hr);
@@ -448,10 +522,10 @@
L"WHERE SettingID='%S'", ifname);
wpa_printf(MSG_DEBUG, "ndis_events: WMI: %S", query);
- hr = IWbemServices_ExecQuery(pSvc, L"WQL", query,
- WBEM_FLAG_FORWARD_ONLY |
- WBEM_FLAG_RETURN_IMMEDIATELY,
- NULL, &pEnumerator);
+ hr = call_IWbemServices_ExecQuery(
+ pSvc, L"WQL", query,
+ WBEM_FLAG_FORWARD_ONLY | WBEM_FLAG_RETURN_IMMEDIATELY,
+ NULL, &pEnumerator);
if (!SUCCEEDED(hr)) {
wpa_printf(MSG_DEBUG, "ndis_events: Failed to query interface "
"GUID from Win32_NetworkAdapterConfiguration: "
@@ -491,10 +565,10 @@
VariantClear(&vt);
IWbemClassObject_Release(pObj);
- hr = IWbemServices_ExecQuery(pSvc, L"WQL", query,
- WBEM_FLAG_FORWARD_ONLY |
- WBEM_FLAG_RETURN_IMMEDIATELY,
- NULL, &pEnumerator);
+ hr = call_IWbemServices_ExecQuery(
+ pSvc, L"WQL", query,
+ WBEM_FLAG_FORWARD_ONLY | WBEM_FLAG_RETURN_IMMEDIATELY,
+ NULL, &pEnumerator);
if (!SUCCEEDED(hr)) {
wpa_printf(MSG_DEBUG, "ndis_events: Failed to query interface "
"from Win32_NetworkAdapter: 0x%x", (int) hr);
@@ -575,10 +649,10 @@
IWbemClassObject_Release(pObj);
wpa_printf(MSG_DEBUG, "ndis_events: WMI: %S", query);
- hr = IWbemServices_ExecQuery(pSvc, L"WQL", query,
- WBEM_FLAG_FORWARD_ONLY |
- WBEM_FLAG_RETURN_IMMEDIATELY,
- NULL, &pEnumerator);
+ hr = call_IWbemServices_ExecQuery(
+ pSvc, L"WQL", query,
+ WBEM_FLAG_FORWARD_ONLY | WBEM_FLAG_RETURN_IMMEDIATELY,
+ NULL, &pEnumerator);
if (!SUCCEEDED(hr)) {
wpa_printf(MSG_DEBUG, "ndis_events: Failed to query interface "
"Name from Win32_PnPEntity: 0x%x", (int) hr);
@@ -695,8 +769,9 @@
wpa_printf(MSG_DEBUG, "ndis_events: use adapter descriptor '%S'",
events->adapter_desc);
- hr = IWbemLocator_ConnectServer(events->pLoc, L"ROOT\\WMI", NULL, NULL,
- 0, 0, 0, 0, &events->pSvc);
+ hr = call_IWbemLocator_ConnectServer(
+ events->pLoc, L"ROOT\\WMI", NULL, NULL,
+ 0, 0, 0, 0, &events->pSvc);
if (FAILED(hr)) {
wpa_printf(MSG_ERROR, "Could not connect to server - error "
"0x%x", (int) hr);
Modified: wpasupplicant/branches/upstream/current/src/eap_common/eap_defs.h
URL: http://svn.debian.org/wsvn/wpasupplicant/branches/upstream/current/src/eap_common/eap_defs.h?rev=1135&op=diff
==============================================================================
--- wpasupplicant/branches/upstream/current/src/eap_common/eap_defs.h (original)
+++ wpasupplicant/branches/upstream/current/src/eap_common/eap_defs.h Sat Feb 23 03:42:35 2008
@@ -65,7 +65,7 @@
EAP_TYPE_PAX = 46 /* RFC 4746 */,
EAP_TYPE_PSK = 47 /* RFC 4764 */,
EAP_TYPE_SAKE = 48 /* RFC 4763 */,
- EAP_TYPE_IKEV2 = 49 /* draft-tschofenig-eap-ikev2-15.txt */,
+ EAP_TYPE_IKEV2 = 49 /* RFC 5106 */,
EAP_TYPE_EXPANDED = 254 /* RFC 3748 */,
EAP_TYPE_GPSK = 255 /* EXPERIMENTAL - type not yet allocated
* draft-ietf-emu-eap-gpsk-01.txt */
Modified: wpasupplicant/branches/upstream/current/src/eap_common/eap_tlv_common.h
URL: http://svn.debian.org/wsvn/wpasupplicant/branches/upstream/current/src/eap_common/eap_tlv_common.h?rev=1135&op=diff
==============================================================================
--- wpasupplicant/branches/upstream/current/src/eap_common/eap_tlv_common.h (original)
+++ wpasupplicant/branches/upstream/current/src/eap_common/eap_tlv_common.h Sat Feb 23 03:42:35 2008
@@ -1,6 +1,6 @@
/*
- * EAP-TLV definitions (draft-josefsson-pppext-eap-tls-eap-07.txt)
- * Copyright (c) 2004-2007, Jouni Malinen <j at w1.fi>
+ * EAP-TLV definitions (draft-josefsson-pppext-eap-tls-eap-10.txt)
+ * Copyright (c) 2004-2008, Jouni Malinen <j at w1.fi>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2 as
@@ -15,11 +15,10 @@
#ifndef EAP_TLV_COMMON_H
#define EAP_TLV_COMMON_H
-/* EAP-TLV TLVs (draft-josefsson-ppext-eap-tls-eap-07.txt) */
+/* EAP-TLV TLVs (draft-josefsson-ppext-eap-tls-eap-10.txt) */
#define EAP_TLV_RESULT_TLV 3 /* Acknowledged Result */
#define EAP_TLV_NAK_TLV 4
-/* Note: RFC 4851, Section 4.2.4 defines 5 as Error TLV */
-#define EAP_TLV_CRYPTO_BINDING_TLV 5
+#define EAP_TLV_ERROR_CODE_TLV 5
#define EAP_TLV_CONNECTION_BINDING_TLV 6
#define EAP_TLV_VENDOR_SPECIFIC_TLV 7
#define EAP_TLV_URI_TLV 8
@@ -27,17 +26,21 @@
#define EAP_TLV_INTERMEDIATE_RESULT_TLV 10
#define EAP_TLV_PAC_TLV 11 /* draft-cam-winget-eap-fast-provisioning-04.txt,
* Section 4.2 */
-#define EAP_TLV_CRYPTO_BINDING_TLV_ 12 /* RFC 4851, Section 4.2.8 */
-/* draft-cam-winget-eap-fast-provisiong-04.txt, Section 4.3.1 */
+#define EAP_TLV_CRYPTO_BINDING_TLV 12
+#define EAP_TLV_CALLING_STATION_ID_TLV 13
+#define EAP_TLV_CALLED_STATION_ID_TLV 14
+#define EAP_TLV_NAS_PORT_TYPE_TLV 15
+#define EAP_TLV_SERVER_IDENTIFIER_TLV 16
+#define EAP_TLV_IDENTITY_TYPE_TLV 17
#define EAP_TLV_SERVER_TRUSTED_ROOT_TLV 18
-#define EAP_TLV_REQUEST_ACTION_TLV 19 /* RFC 4851, Section 4.2.9 */
-/* draft-cam-winget-eap-fast-provisiong-04.txt, Section 4.3.2 */
+#define EAP_TLV_REQUEST_ACTION_TLV 19
#define EAP_TLV_PKCS7_TLV 20
#define EAP_TLV_RESULT_SUCCESS 1
#define EAP_TLV_RESULT_FAILURE 2
#define EAP_TLV_TYPE_MANDATORY 0x8000
+#define EAP_TLV_TYPE_MASK 0x3fff
#ifdef _MSC_VER
#pragma pack(push, 1)
Modified: wpasupplicant/branches/upstream/current/src/eap_peer/eap.h
URL: http://svn.debian.org/wsvn/wpasupplicant/branches/upstream/current/src/eap_peer/eap.h?rev=1135&op=diff
==============================================================================
--- wpasupplicant/branches/upstream/current/src/eap_peer/eap.h (original)
+++ wpasupplicant/branches/upstream/current/src/eap_peer/eap.h Sat Feb 23 03:42:35 2008
@@ -248,7 +248,7 @@
/**
* mac_addr - MAC address of the peer
*
- * This is only used by EAP-WSC and can be left %NULL if not available.
+ * This can be left %NULL if not available.
*/
const u8 *mac_addr;
};
Modified: wpasupplicant/branches/upstream/current/src/eap_peer/eap_fast.c
URL: http://svn.debian.org/wsvn/wpasupplicant/branches/upstream/current/src/eap_peer/eap_fast.c?rev=1135&op=diff
==============================================================================
--- wpasupplicant/branches/upstream/current/src/eap_peer/eap_fast.c (original)
+++ wpasupplicant/branches/upstream/current/src/eap_peer/eap_fast.c Sat Feb 23 03:42:35 2008
@@ -691,7 +691,7 @@
struct eap_tlv_crypto_binding__tlv *_bind, const u8 *cmk)
{
rbind->tlv_type = host_to_be16(EAP_TLV_TYPE_MANDATORY |
- EAP_TLV_CRYPTO_BINDING_TLV_);
+ EAP_TLV_CRYPTO_BINDING_TLV);
rbind->length = host_to_be16(sizeof(*rbind) -
sizeof(struct eap_tlv_hdr));
rbind->version = EAP_FAST_VERSION;
@@ -1230,7 +1230,7 @@
tlv->iresult == EAP_TLV_RESULT_SUCCESS ?
"Success" : "Failure");
break;
- case EAP_TLV_CRYPTO_BINDING_TLV_:
+ case EAP_TLV_CRYPTO_BINDING_TLV:
wpa_hexdump(MSG_MSGDUMP, "EAP-FAST: Crypto-Binding TLV",
pos, len);
tlv->crypto_binding_len = sizeof(struct eap_tlv_hdr) + len;
Modified: wpasupplicant/branches/upstream/current/src/eap_peer/eap_ikev2.c
URL: http://svn.debian.org/wsvn/wpasupplicant/branches/upstream/current/src/eap_peer/eap_ikev2.c?rev=1135&op=diff
==============================================================================
--- wpasupplicant/branches/upstream/current/src/eap_peer/eap_ikev2.c (original)
+++ wpasupplicant/branches/upstream/current/src/eap_peer/eap_ikev2.c Sat Feb 23 03:42:35 2008
@@ -1,5 +1,5 @@
/*
- * EAP-IKEv2 peer (draft-tschofenig-eap-ikev2-15.txt)
+ * EAP-IKEv2 peer (RFC 5106)
* Copyright (c) 2007, Jouni Malinen <j at w1.fi>
*
* This program is free software; you can redistribute it and/or modify
Modified: wpasupplicant/branches/upstream/current/src/eap_peer/eap_peap.c
URL: http://svn.debian.org/wsvn/wpasupplicant/branches/upstream/current/src/eap_peer/eap_peap.c?rev=1135&op=diff
==============================================================================
--- wpasupplicant/branches/upstream/current/src/eap_peer/eap_peap.c (original)
+++ wpasupplicant/branches/upstream/current/src/eap_peer/eap_peap.c Sat Feb 23 03:42:35 2008
@@ -1,5 +1,5 @@
/*
- * EAP peer method: EAP-PEAP (draft-josefsson-pppext-eap-tls-eap-07.txt)
+ * EAP peer method: EAP-PEAP (draft-josefsson-pppext-eap-tls-eap-10.txt)
* Copyright (c) 2004-2008, Jouni Malinen <j at w1.fi>
*
* This program is free software; you can redistribute it and/or modify
@@ -25,7 +25,7 @@
/* Maximum supported PEAP version
* 0 = Microsoft's PEAP version 0; draft-kamath-pppext-peapv0-00.txt
* 1 = draft-josefsson-ppext-eap-tls-eap-05.txt
- * 2 = draft-josefsson-ppext-eap-tls-eap-07.txt
+ * 2 = draft-josefsson-ppext-eap-tls-eap-10.txt
*/
#define EAP_PEAP_VERSION 1
@@ -41,6 +41,8 @@
const struct eap_method *phase2_method;
void *phase2_priv;
int phase2_success;
+ int phase2_eap_success;
+ int phase2_eap_started;
struct eap_method_type phase2_type;
struct eap_method_type *phase2_types;
@@ -152,6 +154,33 @@
}
+static struct wpabuf * eap_peapv2_tlv_eap_payload(struct wpabuf *buf)
+{
+ struct wpabuf *e;
+ struct eap_tlv_hdr *tlv;
+
+ if (buf == NULL)
+ return NULL;
+
+ /* Encapsulate EAP packet in EAP-Payload TLV */
+ wpa_printf(MSG_DEBUG, "EAP-PEAPv2: Add EAP-Payload TLV");
+ e = wpabuf_alloc(sizeof(*tlv) + wpabuf_len(buf));
+ if (e == NULL) {
+ wpa_printf(MSG_DEBUG, "EAP-PEAPv2: Failed to allocate memory "
+ "for TLV encapsulation");
+ wpabuf_free(buf);
+ return NULL;
+ }
+ tlv = wpabuf_put(e, sizeof(*tlv));
+ tlv->tlv_type = host_to_be16(EAP_TLV_TYPE_MANDATORY |
+ EAP_TLV_EAP_PAYLOAD_TLV);
+ tlv->length = host_to_be16(wpabuf_len(buf));
+ wpabuf_put_buf(e, buf);
+ wpabuf_free(buf);
+ return e;
+}
+
+
static int eap_peap_phase2_request(struct eap_sm *sm,
struct eap_peap_data *data,
struct eap_method_ret *ret,
@@ -177,7 +206,9 @@
break;
case EAP_TYPE_TLV:
os_memset(&iret, 0, sizeof(iret));
- if (eap_tlv_process(sm, &iret, req, resp)) {
+ if (eap_tlv_process(sm, &iret, req, resp,
+ data->phase2_eap_started &&
+ !data->phase2_eap_success)) {
ret->methodState = METHOD_DONE;
ret->decision = DECISION_FAIL;
return -1;
@@ -237,6 +268,7 @@
ret->decision = DECISION_FAIL;
return -1;
}
+ data->phase2_eap_started = 1;
os_memset(&iret, 0, sizeof(iret));
*resp = data->phase2_method->process(sm, data->phase2_priv,
&iret, req);
@@ -244,6 +276,7 @@
iret.methodState == METHOD_MAY_CONT) &&
(iret.decision == DECISION_UNCOND_SUCC ||
iret.decision == DECISION_COND_SUCC)) {
+ data->phase2_eap_success = 1;
data->phase2_success = 1;
}
break;
@@ -344,6 +377,50 @@
wpabuf_free(in_decrypted);
in_decrypted = nmsg;
}
+
+ if (data->peap_version >= 2) {
+ struct eap_tlv_hdr *tlv;
+ struct wpabuf *nmsg;
+
+ if (wpabuf_len(in_decrypted) < sizeof(*tlv) + sizeof(*hdr)) {
+ wpa_printf(MSG_INFO, "EAP-PEAPv2: Too short Phase 2 "
+ "EAP TLV");
+ wpabuf_free(in_decrypted);
+ return 0;
+ }
+ tlv = wpabuf_mhead(in_decrypted);
+ if ((be_to_host16(tlv->tlv_type) & 0x3fff) !=
+ EAP_TLV_EAP_PAYLOAD_TLV) {
+ wpa_printf(MSG_INFO, "EAP-PEAPv2: Not an EAP TLV");
+ wpabuf_free(in_decrypted);
+ return 0;
+ }
+ if (sizeof(*tlv) + be_to_host16(tlv->length) >
+ wpabuf_len(in_decrypted)) {
+ wpa_printf(MSG_INFO, "EAP-PEAPv2: Invalid EAP TLV "
+ "length");
+ wpabuf_free(in_decrypted);
+ return 0;
+ }
+ hdr = (struct eap_hdr *) (tlv + 1);
+ if (be_to_host16(hdr->length) > be_to_host16(tlv->length)) {
+ wpa_printf(MSG_INFO, "EAP-PEAPv2: No room for full "
+ "EAP packet in EAP TLV");
+ wpabuf_free(in_decrypted);
+ return 0;
+ }
+
+ nmsg = wpabuf_alloc(be_to_host16(hdr->length));
+ if (nmsg == NULL) {
+ wpabuf_free(in_decrypted);
+ return 0;
+ }
+
+ wpabuf_put_data(nmsg, hdr, be_to_host16(hdr->length));
+ wpabuf_free(in_decrypted);
+ in_decrypted = nmsg;
+ }
+
hdr = wpabuf_mhead(in_decrypted);
if (wpabuf_len(in_decrypted) < sizeof(*hdr)) {
wpa_printf(MSG_INFO, "EAP-PEAP: Too short Phase 2 "
@@ -387,6 +464,17 @@
/* EAP-Success within TLS tunnel is used to indicate
* shutdown of the TLS channel. The authentication has
* been completed. */
+ if (data->phase2_eap_started &&
+ !data->phase2_eap_success) {
+ wpa_printf(MSG_DEBUG, "EAP-PEAP: Phase 2 "
+ "Success used to indicate success, "
+ "but Phase 2 EAP was not yet "
+ "completed successfully");
+ ret->methodState = METHOD_DONE;
+ ret->decision = DECISION_FAIL;
+ wpabuf_free(in_decrypted);
+ return 0;
+ }
wpa_printf(MSG_DEBUG, "EAP-PEAP: Version 1 - "
"EAP-Success within TLS tunnel - "
"authentication completed");
@@ -449,6 +537,11 @@
wpa_hexdump_buf_key(MSG_DEBUG,
"EAP-PEAP: Encrypting Phase 2 data", resp);
/* PEAP version changes */
+ if (data->peap_version >= 2) {
+ resp = eap_peapv2_tlv_eap_payload(resp);
+ if (resp == NULL)
+ return -1;
+ }
if (wpabuf_len(resp) >= 5 &&
wpabuf_head_u8(resp)[0] == EAP_CODE_RESPONSE &&
eap_get_type(resp) == EAP_TYPE_TLV)
@@ -636,6 +729,8 @@
data->phase2_method->init_for_reauth)
data->phase2_method->init_for_reauth(sm, data->phase2_priv);
data->phase2_success = 0;
+ data->phase2_eap_success = 0;
+ data->phase2_eap_started = 0;
data->resuming = 1;
sm->peap_done = FALSE;
return priv;
Modified: wpasupplicant/branches/upstream/current/src/eap_peer/eap_tlv.c
URL: http://svn.debian.org/wsvn/wpasupplicant/branches/upstream/current/src/eap_peer/eap_tlv.c?rev=1135&op=diff
==============================================================================
--- wpasupplicant/branches/upstream/current/src/eap_peer/eap_tlv.c (original)
+++ wpasupplicant/branches/upstream/current/src/eap_peer/eap_tlv.c Sat Feb 23 03:42:35 2008
@@ -1,6 +1,6 @@
/*
* EAP peer method: EAP-TLV (draft-josefsson-pppext-eap-tls-eap-07.txt)
- * Copyright (c) 2004-2006, Jouni Malinen <j at w1.fi>
+ * Copyright (c) 2004-2008, Jouni Malinen <j at w1.fi>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2 as
@@ -85,10 +85,12 @@
* field should be initialized to %NULL before the call. The value will be
* updated if a response message is generated. The caller is responsible for
* freeing the allocated message.
+ * @force_failure: Force negotiation to fail
* Returns: 0 on success, -1 on failure
*/
int eap_tlv_process(struct eap_sm *sm, struct eap_method_ret *ret,
- const struct wpabuf *req, struct wpabuf **resp)
+ const struct wpabuf *req, struct wpabuf **resp,
+ int force_failure)
{
size_t left, tlv_len;
const u8 *pos;
@@ -159,8 +161,15 @@
if (status == EAP_TLV_RESULT_SUCCESS) {
wpa_printf(MSG_INFO, "EAP-TLV: TLV Result - Success "
"- EAP-TLV/Phase2 Completed");
- resp_status = EAP_TLV_RESULT_SUCCESS;
- ret->decision = DECISION_UNCOND_SUCC;
+ if (force_failure) {
+ wpa_printf(MSG_INFO, "EAP-TLV: Earlier failure"
+ " - force failed Phase 2");
+ resp_status = EAP_TLV_RESULT_FAILURE;
+ ret->decision = DECISION_FAIL;
+ } else {
+ resp_status = EAP_TLV_RESULT_SUCCESS;
+ ret->decision = DECISION_UNCOND_SUCC;
+ }
} else if (status == EAP_TLV_RESULT_FAILURE) {
wpa_printf(MSG_INFO, "EAP-TLV: TLV Result - Failure");
resp_status = EAP_TLV_RESULT_FAILURE;
Modified: wpasupplicant/branches/upstream/current/src/eap_peer/eap_tlv.h
URL: http://svn.debian.org/wsvn/wpasupplicant/branches/upstream/current/src/eap_peer/eap_tlv.h?rev=1135&op=diff
==============================================================================
--- wpasupplicant/branches/upstream/current/src/eap_peer/eap_tlv.h (original)
+++ wpasupplicant/branches/upstream/current/src/eap_peer/eap_tlv.h Sat Feb 23 03:42:35 2008
@@ -1,6 +1,6 @@
/*
* EAP peer method: EAP-TLV (draft-josefsson-pppext-eap-tls-eap-07.txt)
- * Copyright (c) 2004-2007, Jouni Malinen <j at w1.fi>
+ * Copyright (c) 2004-2008, Jouni Malinen <j at w1.fi>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2 as
@@ -20,6 +20,7 @@
struct wpabuf * eap_tlv_build_nak(int id, u16 nak_type);
struct wpabuf * eap_tlv_build_result(int id, u16 status);
int eap_tlv_process(struct eap_sm *sm, struct eap_method_ret *ret,
- const struct wpabuf *req, struct wpabuf **resp);
+ const struct wpabuf *req, struct wpabuf **resp,
+ int force_failure);
#endif /* EAP_TLV_H */
Modified: wpasupplicant/branches/upstream/current/src/eap_server/eap.c
URL: http://svn.debian.org/wsvn/wpasupplicant/branches/upstream/current/src/eap_server/eap.c?rev=1135&op=diff
==============================================================================
--- wpasupplicant/branches/upstream/current/src/eap_server/eap.c (original)
+++ wpasupplicant/branches/upstream/current/src/eap_server/eap.c Sat Feb 23 03:42:35 2008
@@ -1154,7 +1154,6 @@
if (conf->eap_fast_a_id)
sm->eap_fast_a_id = os_strdup(conf->eap_fast_a_id);
sm->eap_sim_aka_result_ind = conf->eap_sim_aka_result_ind;
- sm->wps = conf->wps;
wpa_printf(MSG_DEBUG, "EAP: Server state machine created");
Modified: wpasupplicant/branches/upstream/current/src/eap_server/eap.h
URL: http://svn.debian.org/wsvn/wpasupplicant/branches/upstream/current/src/eap_server/eap.h?rev=1135&op=diff
==============================================================================
--- wpasupplicant/branches/upstream/current/src/eap_server/eap.h (original)
+++ wpasupplicant/branches/upstream/current/src/eap_server/eap.h Sat Feb 23 03:42:35 2008
@@ -97,7 +97,6 @@
u8 *pac_opaque_encr_key;
char *eap_fast_a_id;
int eap_sim_aka_result_ind;
- struct wps_context *wps;
};
Modified: wpasupplicant/branches/upstream/current/src/eap_server/eap_fast.c
URL: http://svn.debian.org/wsvn/wpasupplicant/branches/upstream/current/src/eap_server/eap_fast.c?rev=1135&op=diff
==============================================================================
--- wpasupplicant/branches/upstream/current/src/eap_server/eap_fast.c (original)
+++ wpasupplicant/branches/upstream/current/src/eap_server/eap_fast.c Sat Feb 23 03:42:35 2008
@@ -711,7 +711,7 @@
/* Crypto-Binding TLV */
binding = wpabuf_put(buf, sizeof(*binding));
binding->tlv_type = host_to_be16(EAP_TLV_TYPE_MANDATORY |
- EAP_TLV_CRYPTO_BINDING_TLV_);
+ EAP_TLV_CRYPTO_BINDING_TLV);
binding->length = host_to_be16(sizeof(*binding) -
sizeof(struct eap_tlv_hdr));
binding->version = EAP_FAST_VERSION;
@@ -1165,7 +1165,7 @@
tlv->iresult == EAP_TLV_RESULT_SUCCESS ?
"Success" : "Failure");
break;
- case EAP_TLV_CRYPTO_BINDING_TLV_:
+ case EAP_TLV_CRYPTO_BINDING_TLV:
wpa_hexdump(MSG_MSGDUMP, "EAP-FAST: Crypto-Binding TLV",
pos, len);
if (tlv->crypto_binding) {
Modified: wpasupplicant/branches/upstream/current/src/eap_server/eap_i.h
URL: http://svn.debian.org/wsvn/wpasupplicant/branches/upstream/current/src/eap_server/eap_i.h?rev=1135&op=diff
==============================================================================
--- wpasupplicant/branches/upstream/current/src/eap_server/eap_i.h (original)
+++ wpasupplicant/branches/upstream/current/src/eap_server/eap_i.h Sat Feb 23 03:42:35 2008
@@ -172,7 +172,6 @@
u8 *pac_opaque_encr_key;
char *eap_fast_a_id;
int eap_sim_aka_result_ind;
- struct wps_context *wps;
};
int eap_user_get(struct eap_sm *sm, const u8 *identity, size_t identity_len,
Modified: wpasupplicant/branches/upstream/current/src/eap_server/eap_ikev2.c
URL: http://svn.debian.org/wsvn/wpasupplicant/branches/upstream/current/src/eap_server/eap_ikev2.c?rev=1135&op=diff
==============================================================================
--- wpasupplicant/branches/upstream/current/src/eap_server/eap_ikev2.c (original)
+++ wpasupplicant/branches/upstream/current/src/eap_server/eap_ikev2.c Sat Feb 23 03:42:35 2008
@@ -1,5 +1,5 @@
/*
- * EAP-IKEv2 server (draft-tschofenig-eap-ikev2-15.txt)
+ * EAP-IKEv2 server (RFC 5106)
* Copyright (c) 2007, Jouni Malinen <j at w1.fi>
*
* This program is free software; you can redistribute it and/or modify
Modified: wpasupplicant/branches/upstream/current/src/eap_server/eap_methods.c
URL: http://svn.debian.org/wsvn/wpasupplicant/branches/upstream/current/src/eap_server/eap_methods.c?rev=1135&op=diff
==============================================================================
--- wpasupplicant/branches/upstream/current/src/eap_server/eap_methods.c (original)
+++ wpasupplicant/branches/upstream/current/src/eap_server/eap_methods.c Sat Feb 23 03:42:35 2008
@@ -254,13 +254,6 @@
}
#endif /* EAP_FAST */
-#ifdef EAP_WSC
- if (ret == 0) {
- int eap_server_wsc_register(void);
- ret = eap_server_wsc_register();
- }
-#endif /* EAP_WSC */
-
#ifdef EAP_IKEV2
if (ret == 0) {
int eap_server_ikev2_register(void);
Modified: wpasupplicant/branches/upstream/current/src/eap_server/eap_peap.c
URL: http://svn.debian.org/wsvn/wpasupplicant/branches/upstream/current/src/eap_server/eap_peap.c?rev=1135&op=diff
==============================================================================
--- wpasupplicant/branches/upstream/current/src/eap_server/eap_peap.c (original)
+++ wpasupplicant/branches/upstream/current/src/eap_server/eap_peap.c Sat Feb 23 03:42:35 2008
@@ -1,5 +1,5 @@
/*
- * hostapd / EAP-PEAP (draft-josefsson-pppext-eap-tls-eap-07.txt)
+ * hostapd / EAP-PEAP (draft-josefsson-pppext-eap-tls-eap-10.txt)
* Copyright (c) 2004-2008, Jouni Malinen <j at w1.fi>
*
* This program is free software; you can redistribute it and/or modify
@@ -17,13 +17,14 @@
#include "common.h"
#include "eap_i.h"
#include "eap_tls_common.h"
+#include "eap_common/eap_tlv_common.h"
#include "tls.h"
/* Maximum supported PEAP version
* 0 = Microsoft's PEAP version 0; draft-kamath-pppext-peapv0-00.txt
* 1 = draft-josefsson-ppext-eap-tls-eap-05.txt
- * 2 = draft-josefsson-ppext-eap-tls-eap-07.txt
+ * 2 = draft-josefsson-ppext-eap-tls-eap-10.txt
*/
#define EAP_PEAP_VERSION 1
@@ -34,7 +35,8 @@
struct eap_peap_data {
struct eap_ssl_data ssl;
enum {
- START, PHASE1, PHASE2_START, PHASE2_ID, PHASE2_METHOD,
+ START, PHASE1, PHASE1_ID2, PHASE2_START, PHASE2_ID,
+ PHASE2_METHOD,
PHASE2_TLV, SUCCESS_REQ, FAILURE_REQ, SUCCESS, FAILURE
} state;
@@ -53,6 +55,8 @@
return "START";
case PHASE1:
return "PHASE1";
+ case PHASE1_ID2:
+ return "PHASE1_ID2";
case PHASE2_START:
return "PHASE2_START";
case PHASE2_ID:
@@ -84,6 +88,33 @@
}
+static struct wpabuf * eap_peapv2_tlv_eap_payload(struct wpabuf *buf)
+{
+ struct wpabuf *e;
+ struct eap_tlv_hdr *tlv;
+
+ if (buf == NULL)
+ return NULL;
+
+ /* Encapsulate EAP packet in EAP-Payload TLV */
+ wpa_printf(MSG_DEBUG, "EAP-PEAPv2: Add EAP-Payload TLV");
+ e = wpabuf_alloc(sizeof(*tlv) + wpabuf_len(buf));
+ if (e == NULL) {
+ wpa_printf(MSG_DEBUG, "EAP-PEAPv2: Failed to allocate memory "
+ "for TLV encapsulation");
+ wpabuf_free(buf);
+ return NULL;
+ }
+ tlv = wpabuf_put(e, sizeof(*tlv));
+ tlv->tlv_type = host_to_be16(EAP_TLV_TYPE_MANDATORY |
+ EAP_TLV_EAP_PAYLOAD_TLV);
+ tlv->length = host_to_be16(wpabuf_len(buf));
+ wpabuf_put_buf(e, buf);
+ wpabuf_free(buf);
+ return e;
+}
+
+
static EapType eap_peap_req_success(struct eap_sm *sm,
struct eap_peap_data *data)
{
@@ -196,7 +227,8 @@
res = eap_server_tls_buildReq_helper(sm, &data->ssl, EAP_TYPE_PEAP,
data->peap_version, id, &req);
- if (tls_connection_established(sm->ssl_ctx, data->ssl.conn)) {
+ if (data->peap_version < 2 &&
+ tls_connection_established(sm->ssl_ctx, data->ssl.conn)) {
wpa_printf(MSG_DEBUG, "EAP-PEAP: Phase1 done, starting "
"Phase2");
eap_peap_state(data, PHASE2_START);
@@ -253,6 +285,8 @@
size_t req_len;
buf = data->phase2_method->buildReq(sm, data->phase2_priv, id);
+ if (data->peap_version >= 2 && buf)
+ buf = eap_peapv2_tlv_eap_payload(buf);
if (buf == NULL)
return NULL;
@@ -309,6 +343,7 @@
case START:
return eap_peap_build_start(sm, data, id);
case PHASE1:
+ case PHASE1_ID2:
return eap_peap_build_req(sm, data, id);
case PHASE2_ID:
case PHASE2_METHOD:
@@ -425,6 +460,7 @@
}
switch (data->state) {
+ case PHASE1_ID2:
case PHASE2_ID:
if (eap_user_get(sm, sm->identity, sm->identity_len, 1) != 0) {
wpa_hexdump_ascii(MSG_DEBUG, "EAP_PEAP: Phase2 "
@@ -547,7 +583,49 @@
wpabuf_free(in_decrypted);
in_decrypted = nbuf;
- }
+ } else if (data->peap_version >= 2) {
+ struct eap_tlv_hdr *tlv;
+ struct wpabuf *nmsg;
+
+ if (wpabuf_len(in_decrypted) < sizeof(*tlv) + sizeof(*hdr)) {
+ wpa_printf(MSG_INFO, "EAP-PEAPv2: Too short Phase 2 "
+ "EAP TLV");
+ wpabuf_free(in_decrypted);
+ return;
+ }
+ tlv = wpabuf_mhead(in_decrypted);
+ if ((be_to_host16(tlv->tlv_type) & EAP_TLV_TYPE_MASK) !=
+ EAP_TLV_EAP_PAYLOAD_TLV) {
+ wpa_printf(MSG_INFO, "EAP-PEAPv2: Not an EAP TLV");
+ wpabuf_free(in_decrypted);
+ return;
+ }
+ if (sizeof(*tlv) + be_to_host16(tlv->length) >
+ wpabuf_len(in_decrypted)) {
+ wpa_printf(MSG_INFO, "EAP-PEAPv2: Invalid EAP TLV "
+ "length");
+ wpabuf_free(in_decrypted);
+ return;
+ }
+ hdr = (struct eap_hdr *) (tlv + 1);
+ if (be_to_host16(hdr->length) > be_to_host16(tlv->length)) {
+ wpa_printf(MSG_INFO, "EAP-PEAPv2: No room for full "
+ "EAP packet in EAP TLV");
+ wpabuf_free(in_decrypted);
+ return;
+ }
+
+ nmsg = wpabuf_alloc(be_to_host16(hdr->length));
+ if (nmsg == NULL) {
+ wpabuf_free(in_decrypted);
+ return;
+ }
+
+ wpabuf_put_data(nmsg, hdr, be_to_host16(hdr->length));
+ wpabuf_free(in_decrypted);
+ in_decrypted = nmsg;
+ }
+
hdr = wpabuf_head(in_decrypted);
if (wpabuf_len(in_decrypted) < (int) sizeof(*hdr)) {
wpa_printf(MSG_INFO, "EAP-PEAP: Too short Phase 2 "
@@ -591,6 +669,72 @@
}
os_free(in_decrypted);
+}
+
+
+static int eap_peapv2_start_phase2(struct eap_sm *sm,
+ struct eap_peap_data *data)
+{
+ struct wpabuf *buf, *buf2;
+ int res;
+ u8 *tls_out;
+
+ wpa_printf(MSG_DEBUG, "EAP-PEAPv2: Phase1 done, include first Phase2 "
+ "payload in the same message");
+ eap_peap_state(data, PHASE1_ID2);
+ if (eap_peap_phase2_init(sm, data, EAP_TYPE_IDENTITY))
+ return -1;
+
+ /* TODO: which Id to use here? */
+ buf = data->phase2_method->buildReq(sm, data->phase2_priv, 6);
+ if (buf == NULL)
+ return -1;
+
+ buf2 = eap_peapv2_tlv_eap_payload(buf);
+ if (buf2 == NULL)
+ return -1;
+
+ wpa_hexdump_buf(MSG_DEBUG, "EAP-PEAPv2: Identity Request", buf2);
+
+ buf = wpabuf_alloc(data->ssl.tls_out_limit);
+ if (buf == NULL) {
+ wpabuf_free(buf2);
+ return -1;
+ }
+
+ res = tls_connection_encrypt(sm->ssl_ctx, data->ssl.conn,
+ wpabuf_head(buf2), wpabuf_len(buf2),
+ wpabuf_put(buf, 0),
+ data->ssl.tls_out_limit);
+ wpabuf_free(buf2);
+
+ if (res < 0) {
+ wpa_printf(MSG_INFO, "EAP-PEAPv2: Failed to encrypt Phase 2 "
+ "data");
+ wpabuf_free(buf);
+ return -1;
+ }
+
+ wpabuf_put(buf, res);
+ wpa_hexdump_buf(MSG_DEBUG, "EAP-PEAPv2: Encrypted Identity Request",
+ buf);
+
+ /* Append TLS data into the pending buffer after the Server Finished */
+ tls_out = os_realloc(data->ssl.tls_out,
+ data->ssl.tls_out_len + wpabuf_len(buf));
+ if (tls_out == NULL) {
+ wpabuf_free(buf);
+ return -1;
+ }
+
+ os_memcpy(tls_out + data->ssl.tls_out_len, wpabuf_head(buf),
+ wpabuf_len(buf));
+ data->ssl.tls_out = tls_out;
+ data->ssl.tls_out_len += wpabuf_len(buf);
+
+ wpabuf_free(buf);
+
+ return 0;
}
@@ -655,12 +799,22 @@
wpa_printf(MSG_INFO, "EAP-PEAP: TLS processing "
"failed");
eap_peap_state(data, FAILURE);
+ break;
+ }
+
+ if (data->peap_version >= 2 &&
+ tls_connection_established(sm->ssl_ctx, data->ssl.conn)) {
+ if (eap_peapv2_start_phase2(sm, data)) {
+ eap_peap_state(data, FAILURE);
+ break;
+ }
}
break;
case PHASE2_START:
eap_peap_state(data, PHASE2_ID);
eap_peap_phase2_init(sm, data, EAP_TYPE_IDENTITY);
break;
+ case PHASE1_ID2:
case PHASE2_ID:
case PHASE2_METHOD:
case PHASE2_TLV:
Modified: wpasupplicant/branches/upstream/current/src/eap_server/ikev2.c
URL: http://svn.debian.org/wsvn/wpasupplicant/branches/upstream/current/src/eap_server/ikev2.c?rev=1135&op=diff
==============================================================================
--- wpasupplicant/branches/upstream/current/src/eap_server/ikev2.c (original)
+++ wpasupplicant/branches/upstream/current/src/eap_server/ikev2.c Sat Feb 23 03:42:35 2008
@@ -1138,7 +1138,7 @@
if (secret == NULL) {
wpa_printf(MSG_INFO, "IKEV2: Could not get shared secret - "
"use fake value");
- /* draft-tschofenig-eap-ikev2-15.txt, Sect. 7:
+ /* RFC 5106, Sect. 7:
* Use a random key to fake AUTH generation in order to prevent
* probing of user identities.
*/
Modified: wpasupplicant/branches/upstream/current/src/radius/radius_server.c
URL: http://svn.debian.org/wsvn/wpasupplicant/branches/upstream/current/src/radius/radius_server.c?rev=1135&op=diff
==============================================================================
--- wpasupplicant/branches/upstream/current/src/radius/radius_server.c (original)
+++ wpasupplicant/branches/upstream/current/src/radius/radius_server.c Sat Feb 23 03:42:35 2008
@@ -87,7 +87,6 @@
u8 *pac_opaque_encr_key;
char *eap_fast_a_id;
int eap_sim_aka_result_ind;
- struct wps_context *wps;
int ipv6;
struct os_time start_time;
struct radius_server_counters counters;
@@ -312,7 +311,6 @@
eap_conf.pac_opaque_encr_key = data->pac_opaque_encr_key;
eap_conf.eap_fast_a_id = data->eap_fast_a_id;
eap_conf.eap_sim_aka_result_ind = data->eap_sim_aka_result_ind;
- eap_conf.wps = data->wps;
sess->eap = eap_server_sm_init(sess, &radius_server_eapol_cb,
&eap_conf);
if (sess->eap == NULL) {
@@ -1018,7 +1016,6 @@
data->eap_fast_a_id = os_strdup(conf->eap_fast_a_id);
data->get_eap_user = conf->get_eap_user;
data->eap_sim_aka_result_ind = conf->eap_sim_aka_result_ind;
- data->wps = conf->wps;
data->clients = radius_server_read_clients(conf->client_file,
conf->ipv6);
Modified: wpasupplicant/branches/upstream/current/src/radius/radius_server.h
URL: http://svn.debian.org/wsvn/wpasupplicant/branches/upstream/current/src/radius/radius_server.h?rev=1135&op=diff
==============================================================================
--- wpasupplicant/branches/upstream/current/src/radius/radius_server.h (original)
+++ wpasupplicant/branches/upstream/current/src/radius/radius_server.h Sat Feb 23 03:42:35 2008
@@ -27,7 +27,6 @@
u8 *pac_opaque_encr_key;
char *eap_fast_a_id;
int eap_sim_aka_result_ind;
- struct wps_context *wps;
int ipv6;
int (*get_eap_user)(void *ctx, const u8 *identity, size_t identity_len,
int phase2, struct eap_user *user);
Modified: wpasupplicant/branches/upstream/current/src/rsn_supp/wpa.c
URL: http://svn.debian.org/wsvn/wpasupplicant/branches/upstream/current/src/rsn_supp/wpa.c?rev=1135&op=diff
==============================================================================
--- wpasupplicant/branches/upstream/current/src/rsn_supp/wpa.c (original)
+++ wpasupplicant/branches/upstream/current/src/rsn_supp/wpa.c Sat Feb 23 03:42:35 2008
@@ -2187,10 +2187,6 @@
* @wpa_ie: Pointer to buffer for WPA/RSN IE
* @wpa_ie_len: Pointer to the length of the wpa_ie buffer
* Returns: 0 on success, -1 on failure
- *
- * Inform WPA state machine about the WPA/RSN IE used in (Re)Association
- * Request frame. The IE will be used to override the default value generated
- * with wpa_sm_set_assoc_wpa_ie_default().
*/
int wpa_sm_set_assoc_wpa_ie_default(struct wpa_sm *sm, u8 *wpa_ie,
size_t *wpa_ie_len)
Modified: wpasupplicant/branches/upstream/current/wpa_supplicant/ChangeLog
URL: http://svn.debian.org/wsvn/wpasupplicant/branches/upstream/current/wpa_supplicant/ChangeLog?rev=1135&op=diff
==============================================================================
--- wpasupplicant/branches/upstream/current/wpa_supplicant/ChangeLog (original)
+++ wpasupplicant/branches/upstream/current/wpa_supplicant/ChangeLog Sat Feb 23 03:42:35 2008
@@ -1,6 +1,6 @@
ChangeLog for wpa_supplicant
-????-??-?? - v0.6.3
+2008-02-22 - v0.6.3
* removed 'nai' and 'eappsk' network configuration variables that were
previously used for configuring user identity and key for EAP-PSK,
EAP-PAX, EAP-SAKE, and EAP-GPSK. 'identity' field is now used as the
@@ -23,6 +23,7 @@
attributes in EAP-SIM Start/Response when using fast reauthentication
* fixed EAPOL not to end up in infinite loop when processing dynamic
WEP keys with IEEE 802.1X
+ * fixed problems in getting NDIS events from WMI on Windows 2000
2008-01-01 - v0.6.2
* added support for Makefile builds to include debug-log-to-a-file
Modified: wpasupplicant/branches/upstream/current/wpa_supplicant/Makefile
URL: http://svn.debian.org/wsvn/wpasupplicant/branches/upstream/current/wpa_supplicant/Makefile?rev=1135&op=diff
==============================================================================
--- wpasupplicant/branches/upstream/current/wpa_supplicant/Makefile (original)
+++ wpasupplicant/branches/upstream/current/wpa_supplicant/Makefile Sat Feb 23 03:42:35 2008
@@ -823,7 +823,7 @@
CFLAGS += -DCONFIG_NATIVE_WINDOWS
LIBS += -lws2_32 -lgdi32 -lcrypt32
LIBS_c += -lws2_32
-LIBS_p += -lws2_32
+LIBS_p += -lws2_32 -lgdi32
ifeq ($(CONFIG_CRYPTO), cryptoapi)
LIBS_p += -lcrypt32
endif
Modified: wpasupplicant/branches/upstream/current/wpa_supplicant/ctrl_iface_dbus_handlers.c
URL: http://svn.debian.org/wsvn/wpasupplicant/branches/upstream/current/wpa_supplicant/ctrl_iface_dbus_handlers.c?rev=1135&op=diff
==============================================================================
--- wpasupplicant/branches/upstream/current/wpa_supplicant/ctrl_iface_dbus_handlers.c (original)
+++ wpasupplicant/branches/upstream/current/wpa_supplicant/ctrl_iface_dbus_handlers.c Sat Feb 23 03:42:35 2008
@@ -379,15 +379,8 @@
struct wpa_scan_res *res)
{
DBusMessage *reply = NULL;
- char *bssid_data;
DBusMessageIter iter, iter_dict;
const u8 *ie;
- size_t len;
-
- /* dbus needs the address of a pointer to the actual value
- * for array types, not the address of the value itself.
- */
- bssid_data = (char *) &res->bssid;
/* Dump the properties into a dbus message */
reply = dbus_message_new_method_return(message);
@@ -397,37 +390,31 @@
goto error;
if (!wpa_dbus_dict_append_byte_array(&iter_dict, "bssid",
- bssid_data, ETH_ALEN))
+ (const char *) res->bssid,
+ ETH_ALEN))
goto error;
ie = wpa_scan_get_ie(res, WLAN_EID_SSID);
if (ie) {
- const char *ssid_data;
- len = ie[1];
- ie += 2;
- ssid_data = (const char *) &ie;
if (!wpa_dbus_dict_append_byte_array(&iter_dict, "ssid",
- ssid_data, len))
+ (const char *) (ie + 2),
+ ie[1]))
goto error;
}
ie = wpa_scan_get_vendor_ie(res, WPA_IE_VENDOR_TYPE);
if (ie) {
- const char *wpa_ie_data;
- len = 2 + ie[1];
- wpa_ie_data = (const char *) &ie;
if (!wpa_dbus_dict_append_byte_array(&iter_dict, "wpaie",
- wpa_ie_data, len))
+ (const char *) ie,
+ ie[1] + 2))
goto error;
}
ie = wpa_scan_get_ie(res, WLAN_EID_RSN);
if (ie) {
- const char *rsn_ie_data;
- len = 2 + ie[1];
- rsn_ie_data = (const char *) &ie;
if (!wpa_dbus_dict_append_byte_array(&iter_dict, "rsnie",
- rsn_ie_data, len))
+ (const char *) ie,
+ ie[1] + 2))
goto error;
}
Added: wpasupplicant/branches/upstream/current/wpa_supplicant/doc/docbook/wpa_background.8
URL: http://svn.debian.org/wsvn/wpasupplicant/branches/upstream/current/wpa_supplicant/doc/docbook/wpa_background.8?rev=1135&op=file
==============================================================================
--- wpasupplicant/branches/upstream/current/wpa_supplicant/doc/docbook/wpa_background.8 (added)
+++ wpasupplicant/branches/upstream/current/wpa_supplicant/doc/docbook/wpa_background.8 Sat Feb 23 03:42:35 2008
@@ -1,0 +1,84 @@
+.\" This manpage has been automatically generated by docbook2man
+.\" from a DocBook document. This tool can be found at:
+.\" <http://shell.ipoline.com/~elmert/comp/docbook2X/>
+.\" Please send any bug reports, improvements, comments, patches,
+.\" etc. to Steve Cheng <steve at ggi-project.org>.
+.TH "WPA_BACKGROUND" "8" "22 February 2008" "" ""
+
+.SH NAME
+wpa_background \- Background information on Wi-Fi Protected Access and IEEE 802.11i
+.SH "WPA"
+.PP
+The original security mechanism of IEEE 802.11 standard was
+not designed to be strong and has proven to be insufficient for
+most networks that require some kind of security. Task group I
+(Security) of IEEE 802.11 working group
+(http://www.ieee802.org/11/) has worked to address the flaws of
+the base standard and has in practice completed its work in May
+2004. The IEEE 802.11i amendment to the IEEE 802.11 standard was
+approved in June 2004 and published in July 2004.
+.PP
+Wi-Fi Alliance (http://www.wi-fi.org/) used a draft version
+of the IEEE 802.11i work (draft 3.0) to define a subset of the
+security enhancements that can be implemented with existing wlan
+hardware. This is called Wi-Fi Protected Access<TM> (WPA). This
+has now become a mandatory component of interoperability testing
+and certification done by Wi-Fi Alliance. Wi-Fi provides
+information about WPA at its web site
+(http://www.wi-fi.org/OpenSection/protected_access.asp).
+.PP
+IEEE 802.11 standard defined wired equivalent privacy (WEP)
+algorithm for protecting wireless networks. WEP uses RC4 with
+40-bit keys, 24-bit initialization vector (IV), and CRC32 to
+protect against packet forgery. All these choices have proven to
+be insufficient: key space is too small against current attacks,
+RC4 key scheduling is insufficient (beginning of the pseudorandom
+stream should be skipped), IV space is too small and IV reuse
+makes attacks easier, there is no replay protection, and non-keyed
+authentication does not protect against bit flipping packet
+data.
+.PP
+WPA is an intermediate solution for the security issues. It
+uses Temporal Key Integrity Protocol (TKIP) to replace WEP. TKIP
+is a compromise on strong security and possibility to use existing
+hardware. It still uses RC4 for the encryption like WEP, but with
+per-packet RC4 keys. In addition, it implements replay protection,
+keyed packet authentication mechanism (Michael MIC).
+.PP
+Keys can be managed using two different mechanisms. WPA can
+either use an external authentication server (e.g., RADIUS) and
+EAP just like IEEE 802.1X is using or pre-shared keys without need
+for additional servers. Wi-Fi calls these "WPA-Enterprise" and
+"WPA-Personal", respectively. Both mechanisms will generate a
+master session key for the Authenticator (AP) and Supplicant
+(client station).
+.PP
+WPA implements a new key handshake (4-Way Handshake and
+Group Key Handshake) for generating and exchanging data encryption
+keys between the Authenticator and Supplicant. This handshake is
+also used to verify that both Authenticator and Supplicant know
+the master session key. These handshakes are identical regardless
+of the selected key management mechanism (only the method for
+generating master session key changes).
+.SH "IEEE 802.11I / WPA2"
+.PP
+The design for parts of IEEE 802.11i that were not included
+in WPA has finished (May 2004) and this amendment to IEEE 802.11
+was approved in June 2004. Wi-Fi Alliance is using the final IEEE
+802.11i as a new version of WPA called WPA2. This includes, e.g.,
+support for more robust encryption algorithm (CCMP: AES in Counter
+mode with CBC-MAC) to replace TKIP and optimizations for handoff
+(reduced number of messages in initial key handshake,
+pre-authentication, and PMKSA caching).
+.SH "SEE ALSO"
+.PP
+\fBwpa_supplicant\fR(8)
+.SH "LEGAL"
+.PP
+wpa_supplicant is copyright (c) 2003-2007,
+Jouni Malinen <j at w1.fi> and
+contributors.
+All Rights Reserved.
+.PP
+This program is dual-licensed under both the GPL version 2
+and BSD license. Either license may be used at your option.
Added: wpasupplicant/branches/upstream/current/wpa_supplicant/doc/docbook/wpa_cli.8
URL: http://svn.debian.org/wsvn/wpasupplicant/branches/upstream/current/wpa_supplicant/doc/docbook/wpa_cli.8?rev=1135&op=file
==============================================================================
--- wpasupplicant/branches/upstream/current/wpa_supplicant/doc/docbook/wpa_cli.8 (added)
+++ wpasupplicant/branches/upstream/current/wpa_supplicant/doc/docbook/wpa_cli.8 Sat Feb 23 03:42:35 2008
@@ -1,0 +1,209 @@
+.\" This manpage has been automatically generated by docbook2man
+.\" from a DocBook document. This tool can be found at:
+.\" <http://shell.ipoline.com/~elmert/comp/docbook2X/>
+.\" Please send any bug reports, improvements, comments, patches,
+.\" etc. to Steve Cheng <steve at ggi-project.org>.
+.TH "WPA_CLI" "8" "22 February 2008" "" ""
+
+.SH NAME
+wpa_cli \- WPA command line client
+.SH SYNOPSIS
+
+\fBwpa_cli\fR [ \fB-p \fIpath to ctrl sockets\fB\fR ] [ \fB-i \fIifname\fB\fR ] [ \fB-hvB\fR ] [ \fB-a \fIaction file\fB\fR ] [ \fB-P \fIpid file\fB\fR ] [ \fB\fIcommand ...\fB\fR ]
+
+.SH "OVERVIEW"
+.PP
+wpa_cli is a text-based frontend program for interacting
+with wpa_supplicant. It is used to query current status, change
+configuration, trigger events, and request interactive user
+input.
+.PP
+wpa_cli can show the current authentication status, selected
+security mode, dot11 and dot1x MIBs, etc. In addition, it can
+configure some variables like EAPOL state machine parameters and
+trigger events like reassociation and IEEE 802.1X
+logoff/logon. wpa_cli provides a user interface to request
+authentication information, like username and password, if these
+are not included in the configuration. This can be used to
+implement, e.g., one-time-passwords or generic token card
+authentication where the authentication is based on a
+challenge-response that uses an external device for generating the
+response.
+.PP
+The control interface of wpa_supplicant can be configured to
+allow non-root user access (ctrl_interface GROUP= parameter in the
+configuration file). This makes it possible to run wpa_cli with a
+normal user account.
+.PP
+wpa_cli supports two modes: interactive and command
+line. Both modes share the same command set and the main
+difference is in interactive mode providing access to unsolicited
+messages (event messages, username/password requests).
+.PP
+Interactive mode is started when wpa_cli is executed without
+including the command as a command line parameter. Commands are
+then entered on the wpa_cli prompt. In command line mode, the same
+commands are entered as command line arguments for wpa_cli.
+.SH "INTERACTIVE AUTHENTICATION PARAMETERS REQUEST"
+.PP
+When wpa_supplicant need authentication parameters, like
+username and password, which are not present in the configuration
+file, it sends a request message to all attached frontend programs,
+e.g., wpa_cli in interactive mode. wpa_cli shows these requests
+with "CTRL-REQ-<type>-<id>:<text>"
+prefix. <type> is IDENTITY, PASSWORD, or OTP
+(one-time-password). <id> is a unique identifier for the
+current network. <text> is description of the request. In
+case of OTP request, it includes the challenge from the
+authentication server.
+.PP
+The reply to these requests can be given with 'identity',
+'password', and 'otp' commands. <id> needs to be copied from the
+the matching request. 'password' and 'otp' commands can be used
+regardless of whether the request was for PASSWORD or OTP. The
+main difference between these two commands is that values given
+with 'password' are remembered as long as wpa_supplicant is
+running whereas values given with 'otp' are used only once and
+then forgotten, i.e., wpa_supplicant will ask frontend for a new
+value for every use. This can be used to implement
+one-time-password lists and generic token card -based
+authentication.
+.PP
+Example request for password and a matching reply:
+.sp
+.RS
+
+.nf
+CTRL-REQ-PASSWORD-1:Password needed for SSID foobar
+> password 1 mysecretpassword
+.fi
+.RE
+.PP
+Example request for generic token card challenge-response:
+.sp
+.RS
+
+.nf
+CTRL-REQ-OTP-2:Challenge 1235663 needed for SSID foobar
+> otp 2 9876
+.fi
+.RE
+.SH "COMMAND ARGUMENTS"
+.TP
+\fB-p path\fR
+Change the path where control sockets should
+be found.
+.TP
+\fB-i ifname\fR
+Specify the interface that is being
+configured. By default, choose the first interface found with
+a control socket in the socket path.
+.TP
+\fB-h\fR
+Help. Show a usage message.
+.TP
+\fB-v\fR
+Show version information.
+.TP
+\fB-B\fR
+Run as a daemon in the background.
+.TP
+\fB-a file\fR
+Run in daemon mode executing the action file
+based on events from wpa_supplicant. The specified file will
+be executed with the first argument set to interface name and
+second to "CONNECTED" or "DISCONNECTED" depending on the event.
+This can be used to execute networking tools required to configure
+the interface.
+
+Additionally, three environmental variables are available to
+the file: WPA_CTRL_DIR, WPA_ID, and WPA_ID_STR. WPA_CTRL_DIR
+contains the absolute path to the ctrl_interface socket. WPA_ID
+contains the unique network_id identifier assigned to the active
+network, and WPA_ID_STR contains the content of the id_str option.
+.TP
+\fB-P file\fR
+Set the location of the PID
+file.
+.TP
+\fBcommand\fR
+Run a command. The available commands are
+listed in the next section.
+.SH "COMMANDS"
+.PP
+The following commands are available:
+.TP
+\fBstatus\fR
+get current WPA/EAPOL/EAP status
+.TP
+\fBmib\fR
+get MIB variables (dot1x, dot11)
+.TP
+\fBhelp\fR
+show this usage help
+.TP
+\fBinterface [ifname]\fR
+show interfaces/select interface
+.TP
+\fBlevel <debug level>\fR
+change debug level
+.TP
+\fBlicense\fR
+show full wpa_cli license
+.TP
+\fBlogoff\fR
+IEEE 802.1X EAPOL state machine logoff
+.TP
+\fBlogon\fR
+IEEE 802.1X EAPOL state machine logon
+.TP
+\fBset\fR
+set variables (shows list of variables when run without arguments)
+.TP
+\fBpmksa\fR
+show PMKSA cache
+.TP
+\fBreassociate\fR
+force reassociation
+.TP
+\fBreconfigure\fR
+force wpa_supplicant to re-read its configuration file
+.TP
+\fBpreauthenticate <BSSID>\fR
+force preauthentication
+.TP
+\fBidentity <network id> <identity>\fR
+configure identity for an SSID
+.TP
+\fBpassword <network id> <password>\fR
+configure password for an SSID
+.TP
+\fBpin <network id> <pin>\fR
+configure pin for an SSID
+.TP
+\fBotp <network id> <password>\fR
+configure one-time-password for an SSID
+.TP
+\fBbssid <network id> <BSSID>\fR
+set preferred BSSID for an SSID
+.TP
+\fBlist_networks\fR
+list configured networks
+.TP
+\fBterminate\fR
+terminate \fBwpa_supplicant\fR
+.TP
+\fBquit\fR
+exit wpa_cli
+.SH "SEE ALSO"
+.PP
+\fBwpa_supplicant\fR(8)
+.SH "LEGAL"
+.PP
+wpa_supplicant is copyright (c) 2003-2007,
+Jouni Malinen <j at w1.fi> and
+contributors.
+All Rights Reserved.
+.PP
+This program is dual-licensed under both the GPL version 2
+and BSD license. Either license may be used at your option.
Added: wpasupplicant/branches/upstream/current/wpa_supplicant/doc/docbook/wpa_gui.8
URL: http://svn.debian.org/wsvn/wpasupplicant/branches/upstream/current/wpa_supplicant/doc/docbook/wpa_gui.8?rev=1135&op=file
==============================================================================
--- wpasupplicant/branches/upstream/current/wpa_supplicant/doc/docbook/wpa_gui.8 (added)
+++ wpasupplicant/branches/upstream/current/wpa_supplicant/doc/docbook/wpa_gui.8 Sat Feb 23 03:42:35 2008
@@ -1,0 +1,46 @@
+.\" This manpage has been automatically generated by docbook2man
+.\" from a DocBook document. This tool can be found at:
+.\" <http://shell.ipoline.com/~elmert/comp/docbook2X/>
+.\" Please send any bug reports, improvements, comments, patches,
+.\" etc. to Steve Cheng <steve at ggi-project.org>.
+.TH "WPA_GUI" "8" "22 February 2008" "" ""
+
+.SH NAME
+wpa_gui \- WPA Graphical User Interface
+.SH SYNOPSIS
+
+\fBwpa_gui\fR [ \fB-p \fIpath to ctrl sockets\fB\fR ] [ \fB-i \fIifname\fB\fR ]
+
+.SH "OVERVIEW"
+.PP
+wpa_gui is a QT graphical frontend program for interacting
+with wpa_supplicant. It is used to query current status, change
+configuration and request interactive user input.
+.PP
+wpa_gui supports (almost) all of the interactive status and
+configuration features of the command line client, wpa_cli. Refer
+to the wpa_cli manpage for a comprehensive list of the
+interactive mode features.
+.SH "COMMAND ARGUMENTS"
+.TP
+\fB-p path\fR
+Change the path where control sockets should
+be found.
+.TP
+\fB-i ifname\fR
+Specify the interface that is being
+configured. By default, choose the first interface found with
+a control socket in the socket path.
+.SH "SEE ALSO"
+.PP
+\fBwpa_cli\fR(8)
+\fBwpa_supplicant\fR(8)
+.SH "LEGAL"
+.PP
+wpa_supplicant is copyright (c) 2003-2007,
+Jouni Malinen <j at w1.fi> and
+contributors.
+All Rights Reserved.
+.PP
+This program is dual-licensed under both the GPL version 2
+and BSD license. Either license may be used at your option.
Added: wpasupplicant/branches/upstream/current/wpa_supplicant/doc/docbook/wpa_passphrase.8
URL: http://svn.debian.org/wsvn/wpasupplicant/branches/upstream/current/wpa_supplicant/doc/docbook/wpa_passphrase.8?rev=1135&op=file
==============================================================================
--- wpasupplicant/branches/upstream/current/wpa_supplicant/doc/docbook/wpa_passphrase.8 (added)
+++ wpasupplicant/branches/upstream/current/wpa_supplicant/doc/docbook/wpa_passphrase.8 Sat Feb 23 03:42:35 2008
@@ -1,0 +1,40 @@
+.\" This manpage has been automatically generated by docbook2man
+.\" from a DocBook document. This tool can be found at:
+.\" <http://shell.ipoline.com/~elmert/comp/docbook2X/>
+.\" Please send any bug reports, improvements, comments, patches,
+.\" etc. to Steve Cheng <steve at ggi-project.org>.
+.TH "WPA_PASSPHRASE" "8" "22 February 2008" "" ""
+
+.SH NAME
+wpa_passphrase \- Generate a WPA PSK from an ASCII passphrase for a SSID
+.SH SYNOPSIS
+
+\fBwpa_passphrase\fR [ \fB\fIssid\fB\fR ] [ \fB\fIpassphrase\fB\fR ]
+
+.SH "OVERVIEW"
+.PP
+\fBwpa_passphrase\fR pre-computes PSK entries for
+network configuration blocks of a
+\fIwpa_supplicant.conf\fR file. An ASCII passphrase
+and SSID are used to generate a 256-bit PSK.
+.SH "OPTIONS"
+.TP
+\fBssid\fR
+The SSID whose passphrase should be derived.
+.TP
+\fBpassphrase\fR
+The passphrase to use. If not included on the command line,
+passphrase will be read from standard input.
+.SH "SEE ALSO"
+.PP
+\fBwpa_supplicant.conf\fR(5)
+\fBwpa_supplicant\fR(8)
+.SH "LEGAL"
+.PP
+wpa_supplicant is copyright (c) 2003-2007,
+Jouni Malinen <j at w1.fi> and
+contributors.
+All Rights Reserved.
+.PP
+This program is dual-licensed under both the GPL version 2
+and BSD license. Either license may be used at your option.
Added: wpasupplicant/branches/upstream/current/wpa_supplicant/doc/docbook/wpa_priv.8
URL: http://svn.debian.org/wsvn/wpasupplicant/branches/upstream/current/wpa_supplicant/doc/docbook/wpa_priv.8?rev=1135&op=file
==============================================================================
--- wpasupplicant/branches/upstream/current/wpa_supplicant/doc/docbook/wpa_priv.8 (added)
+++ wpasupplicant/branches/upstream/current/wpa_supplicant/doc/docbook/wpa_priv.8 Sat Feb 23 03:42:35 2008
@@ -1,0 +1,120 @@
+.\" This manpage has been automatically generated by docbook2man
+.\" from a DocBook document. This tool can be found at:
+.\" <http://shell.ipoline.com/~elmert/comp/docbook2X/>
+.\" Please send any bug reports, improvements, comments, patches,
+.\" etc. to Steve Cheng <steve at ggi-project.org>.
+.TH "WPA_PRIV" "8" "22 February 2008" "" ""
+
+.SH NAME
+wpa_priv \- wpa_supplicant privilege separation helper
+.SH SYNOPSIS
+
+\fBwpa_priv\fR [ \fB-c \fIctrl path\fB\fR ] [ \fB-Bdd\fR ] [ \fB-P \fIpid file\fB\fR ] [ \fBdriver:ifname \fI[driver:ifname ...]\fB\fR ]
+
+.SH "OVERVIEW"
+.PP
+\fBwpa_priv\fR is a privilege separation helper that
+minimizes the size of \fBwpa_supplicant\fR code that needs
+to be run with root privileges.
+.PP
+If enabled, privileged operations are done in the wpa_priv process
+while leaving rest of the code (e.g., EAP authentication and WPA
+handshakes) to operate in an unprivileged process (wpa_supplicant) that
+can be run as non-root user. Privilege separation restricts the effects
+of potential software errors by containing the majority of the code in an
+unprivileged process to avoid the possibility of a full system
+compromise.
+.PP
+\fBwpa_priv\fR needs to be run with network admin
+privileges (usually, root user). It opens a UNIX domain socket for each
+interface that is included on the command line; any other interface will
+be off limits for \fBwpa_supplicant\fR in this kind of
+configuration. After this, \fBwpa_supplicant\fR can be run as
+a non-root user (e.g., all standard users on a laptop or as a special
+non-privileged user account created just for this purpose to limit access
+to user files even further).
+.SH "EXAMPLE CONFIGURATION"
+.PP
+The following steps are an example of how to configure
+\fBwpa_priv\fR to allow users in the 'wpapriv' group
+to communicate with \fBwpa_supplicant\fR with privilege
+separation:
+.PP
+Create user group (e.g., wpapriv) and assign users that
+should be able to use wpa_supplicant into that group.
+.PP
+Create /var/run/wpa_priv directory for UNIX domain sockets and
+control user access by setting it accessible only for the wpapriv
+group:
+.sp
+.RS
+
+.nf
+mkdir /var/run/wpa_priv
+chown root:wpapriv /var/run/wpa_priv
+chmod 0750 /var/run/wpa_priv
+.fi
+.RE
+.PP
+Start \fBwpa_priv\fR as root (e.g., from system
+startup scripts) with the enabled interfaces configured on the
+command line:
+.sp
+.RS
+
+.nf
+wpa_priv -B -c /var/run/wpa_priv -P /var/run/wpa_priv.pid wext:wlan0
+.fi
+.RE
+.PP
+Run \fBwpa_supplicant\fR as non-root with a user
+that is in the wpapriv group:
+.sp
+.RS
+
+.nf
+wpa_supplicant -i ath0 -c wpa_supplicant.conf
+.fi
+.RE
+.SH "COMMAND ARGUMENTS"
+.TP
+\fB-c ctrl path\fR
+Specify the path to wpa_priv control directory
+(Default: /var/run/wpa_priv/).
+.TP
+\fB-B\fR
+Run as a daemon in the background.
+.TP
+\fB-P file\fR
+Set the location of the PID
+file.
+.TP
+\fBdriver:ifname [driver:ifname ...]\fR
+The <driver> string dictates which of the
+supported \fBwpa_supplicant\fR driver backends is to be
+used. To get a list of supported driver types see wpa_supplicant help
+(e.g, wpa_supplicant -h). The driver backend supported by most good
+drivers is 'wext'.
+
+The <ifname> string specifies which network
+interface is to be managed by \fBwpa_supplicant\fR
+(e.g., wlan0 or ath0).
+
+\fBwpa_priv\fR does not use the network interface
+before \fBwpa_supplicant\fR is started, so it is fine to
+include network interfaces that are not available at the time wpa_priv
+is started. wpa_priv can control multiple interfaces with one process,
+but it is also possible to run multiple \fBwpa_priv\fR
+processes at the same time, if desired.
+.SH "SEE ALSO"
+.PP
+\fBwpa_supplicant\fR(8)
+.SH "LEGAL"
+.PP
+wpa_supplicant is copyright (c) 2003-2007,
+Jouni Malinen <j at w1.fi> and
+contributors.
+All Rights Reserved.
+.PP
+This program is dual-licensed under both the GPL version 2
+and BSD license. Either license may be used at your option.
Added: wpasupplicant/branches/upstream/current/wpa_supplicant/doc/docbook/wpa_supplicant.8
URL: http://svn.debian.org/wsvn/wpasupplicant/branches/upstream/current/wpa_supplicant/doc/docbook/wpa_supplicant.8?rev=1135&op=file
==============================================================================
--- wpasupplicant/branches/upstream/current/wpa_supplicant/doc/docbook/wpa_supplicant.8 (added)
+++ wpasupplicant/branches/upstream/current/wpa_supplicant/doc/docbook/wpa_supplicant.8 Sat Feb 23 03:42:35 2008
@@ -1,0 +1,551 @@
+.\" This manpage has been automatically generated by docbook2man
+.\" from a DocBook document. This tool can be found at:
+.\" <http://shell.ipoline.com/~elmert/comp/docbook2X/>
+.\" Please send any bug reports, improvements, comments, patches,
+.\" etc. to Steve Cheng <steve at ggi-project.org>.
+.TH "WPA_SUPPLICANT" "8" "22 February 2008" "" ""
+
+.SH NAME
+wpa_supplicant \- Wi-Fi Protected Access client and IEEE 802.1X supplicant
+.SH SYNOPSIS
+
+\fBwpa_supplicant\fR [ \fB-BddfhKLqqtuvW\fR ] [ \fB-i\fIifname\fB\fR ] [ \fB-c\fIconfig file\fB\fR ] [ \fB-D\fIdriver\fB\fR ] [ \fB-P\fIPID_file\fB\fR ] [ \fB-f\fIoutput file\fB\fR ]
+
+.SH "OVERVIEW"
+.PP
+Wireless networks do not require physical access to the network equipment
+in the same way as wired networks. This makes it easier for unauthorized
+users to passively monitor a network and capture all transmitted frames.
+In addition, unauthorized use of the network is much easier. In many cases,
+this can happen even without user's explicit knowledge since the wireless
+LAN adapter may have been configured to automatically join any available
+network.
+.PP
+Link-layer encryption can be used to provide a layer of security for
+wireless networks. The original wireless LAN standard, IEEE 802.11,
+included a simple encryption mechanism, WEP. However, that proved to
+be flawed in many areas and network protected with WEP cannot be consider
+secure. IEEE 802.1X authentication and frequently changed dynamic WEP keys
+can be used to improve the network security, but even that has inherited
+security issues due to the use of WEP for encryption. Wi-Fi Protected
+Access and IEEE 802.11i amendment to the wireless LAN standard introduce
+a much improvement mechanism for securing wireless networks. IEEE 802.11i
+enabled networks that are using CCMP (encryption mechanism based on strong
+cryptographic algorithm AES) can finally be called secure used for
+applications which require efficient protection against unauthorized
+access.
+.PP
+\fBwpa_supplicant\fR is an implementation of
+the WPA Supplicant component, i.e., the part that runs in the
+client stations. It implements WPA key negotiation with a WPA
+Authenticator and EAP authentication with Authentication
+Server. In addition, it controls the roaming and IEEE 802.11
+authentication/association of the wireless LAN driver.
+.PP
+\fBwpa_supplicant\fR is designed to be a
+"daemon" program that runs in the background and acts as the
+backend component controlling the wireless
+connection. \fBwpa_supplicant\fR supports separate
+frontend programs and an example text-based frontend,
+\fBwpa_cli\fR, is included with
+wpa_supplicant.
+.PP
+Before wpa_supplicant can do its work, the network interface
+must be available. That means that the physical device must be
+present and enabled, and the driver for the device must have be
+loaded. The daemon will exit immediately if the device is not already
+available.
+.PP
+After \fBwpa_supplicant\fR has configured the
+network device, higher level configuration such as DHCP may
+proceed. There are a variety of ways to integrate wpa_supplicant
+into a machine's networking scripts, a few of which are described
+in sections below.
+.PP
+The following steps are used when associating with an AP
+using WPA:
+.TP 0.2i
+\(bu
+\fBwpa_supplicant\fR requests the kernel
+driver to scan neighboring BSSes
+.TP 0.2i
+\(bu
+\fBwpa_supplicant\fR selects a BSS based on
+its configuration
+.TP 0.2i
+\(bu
+\fBwpa_supplicant\fR requests the kernel
+driver to associate with the chosen BSS
+.TP 0.2i
+\(bu
+If WPA-EAP: integrated IEEE 802.1X Supplicant
+completes EAP authentication with the
+authentication server (proxied by the Authenticator in the
+AP)
+.TP 0.2i
+\(bu
+If WPA-EAP: master key is received from the IEEE 802.1X
+Supplicant
+.TP 0.2i
+\(bu
+If WPA-PSK: \fBwpa_supplicant\fR uses PSK
+as the master session key
+.TP 0.2i
+\(bu
+\fBwpa_supplicant\fR completes WPA 4-Way
+Handshake and Group Key Handshake with the Authenticator
+(AP)
+.TP 0.2i
+\(bu
+\fBwpa_supplicant\fR configures encryption
+keys for unicast and broadcast
+.TP 0.2i
+\(bu
+normal data packets can be transmitted and received
+.SH "SUPPORTED FEATURES"
+.PP
+Supported WPA/IEEE 802.11i features:
+.TP 0.2i
+\(bu
+WPA-PSK ("WPA-Personal")
+.TP 0.2i
+\(bu
+WPA with EAP (e.g., with RADIUS authentication server)
+("WPA-Enterprise") Following authentication methods are
+supported with an integrate IEEE 802.1X Supplicant:
+.RS
+.TP 0.2i
+\(bu
+EAP-TLS
+.RE
+.RS
+.TP 0.2i
+\(bu
+EAP-PEAP/MSCHAPv2 (both PEAPv0 and PEAPv1)
+.TP 0.2i
+\(bu
+EAP-PEAP/TLS (both PEAPv0 and PEAPv1)
+.TP 0.2i
+\(bu
+EAP-PEAP/GTC (both PEAPv0 and PEAPv1)
+.TP 0.2i
+\(bu
+EAP-PEAP/OTP (both PEAPv0 and PEAPv1)
+.TP 0.2i
+\(bu
+EAP-PEAP/MD5-Challenge (both PEAPv0 and PEAPv1)
+.TP 0.2i
+\(bu
+EAP-TTLS/EAP-MD5-Challenge
+.TP 0.2i
+\(bu
+EAP-TTLS/EAP-GTC
+.TP 0.2i
+\(bu
+EAP-TTLS/EAP-OTP
+.TP 0.2i
+\(bu
+EAP-TTLS/EAP-MSCHAPv2
+.TP 0.2i
+\(bu
+EAP-TTLS/EAP-TLS
+.TP 0.2i
+\(bu
+EAP-TTLS/MSCHAPv2
+.TP 0.2i
+\(bu
+EAP-TTLS/MSCHAP
+.TP 0.2i
+\(bu
+EAP-TTLS/PAP
+.TP 0.2i
+\(bu
+EAP-TTLS/CHAP
+.TP 0.2i
+\(bu
+EAP-SIM
+.TP 0.2i
+\(bu
+EAP-AKA
+.TP 0.2i
+\(bu
+EAP-PSK
+.TP 0.2i
+\(bu
+EAP-PAX
+.TP 0.2i
+\(bu
+LEAP (note: requires special support from
+the driver for IEEE 802.11 authentication)
+.TP 0.2i
+\(bu
+(following methods are supported, but since
+they do not generate keying material, they cannot be used
+with WPA or IEEE 802.1X WEP keying)
+.TP 0.2i
+\(bu
+EAP-MD5-Challenge
+.TP 0.2i
+\(bu
+EAP-MSCHAPv2
+.TP 0.2i
+\(bu
+EAP-GTC
+.TP 0.2i
+\(bu
+EAP-OTP
+.RE
+.TP 0.2i
+\(bu
+key management for CCMP, TKIP, WEP104, WEP40
+.TP 0.2i
+\(bu
+RSN/WPA2 (IEEE 802.11i)
+.RS
+.TP 0.2i
+\(bu
+pre-authentication
+.TP 0.2i
+\(bu
+PMKSA caching
+.RE
+.SH "AVAILABLE DRIVERS"
+.PP
+The available drivers to specify with the -D option are:
+.TP
+\fBhostap\fR
+(default) Host AP driver (Intersil Prism2/2.5/3).
+(this can also be used with Linuxant DriverLoader).
+.TP
+\fBhermes\fR
+Agere Systems Inc. driver (Hermes-I/Hermes-II).
+.TP
+\fBmadwifi\fR
+MADWIFI 802.11 support (Atheros, etc.).
+.TP
+\fBatmel\fR
+ATMEL AT76C5XXx (USB, PCMCIA).
+.TP
+\fBwext\fR
+Linux wireless extensions (generic).
+.TP
+\fBndiswrapper\fR
+Linux ndiswrapper.
+.TP
+\fBbroadcom\fR
+Broadcom wl.o driver.
+.TP
+\fBipw\fR
+Intel ipw2100/2200 driver.
+.TP
+\fBwired\fR
+wpa_supplicant wired Ethernet driver
+.TP
+\fBbsd\fR
+BSD 802.11 support (Atheros, etc.).
+.TP
+\fBndis\fR
+Windows NDIS driver.
+.SH "COMMAND LINE OPTIONS"
+.TP
+\fB-b br_ifname\fR
+Optional bridge interface name.
+.TP
+\fB-B\fR
+Run daemon in the background.
+.TP
+\fB-c filename\fR
+Path to configuration file.
+.TP
+\fB-C ctrl_interface\fR
+Path to ctrl_interface socket (only used if -c is not).
+.TP
+\fB-i ifname\fR
+Interface to listen on.
+.TP
+\fB-d\fR
+Increase debugging verbosity (-dd even more).
+.TP
+\fB-D driver\fR
+Driver to use. See the available options below.
+.TP
+\fB-f output file\fR
+Log output to specified file instead of stdout.
+.TP
+\fB-g global ctrl_interface\fR
+Path to global ctrl_interface socket.
+.TP
+\fB-K\fR
+Include keys (passwords, etc.) in debug output.
+.TP
+\fB-t\fR
+Include timestamp in debug messages.
+.TP
+\fB-h\fR
+Help. Show a usage message.
+.TP
+\fB-L\fR
+Show license (GPL and BSD).
+.TP
+\fB-p\fR
+Driver parameters.
+.TP
+\fB-P PID_file\fR
+Path to PID file.
+.TP
+\fB-q\fR
+Decrease debugging verbosity (-qq even less).
+.TP
+\fB-u\fR
+Enabled DBus control interface.
+.TP
+\fB-v\fR
+Show version.
+.TP
+\fB-W\fR
+Wait for a control interface monitor before starting.
+.TP
+\fB-N\fR
+Start describing new interface.
+.SH "EXAMPLES"
+.PP
+In most common cases, \fBwpa_supplicant\fR is
+started with:
+.sp
+.RS
+
+.nf
+wpa_supplicant -B -c/etc/wpa_supplicant.conf -iwlan0
+.fi
+.RE
+.PP
+This makes the process fork into background.
+.PP
+The easiest way to debug problems, and to get debug log for
+bug reports, is to start \fBwpa_supplicant\fR on
+foreground with debugging enabled:
+.sp
+.RS
+
+.nf
+wpa_supplicant -c/etc/wpa_supplicant.conf -iwlan0 -d
+.fi
+.RE
+.PP
+\fBwpa_supplicant\fR can control multiple
+interfaces (radios) either by running one process for each
+interface separately or by running just one process and list of
+options at command line. Each interface is separated with -N
+argument. As an example, following command would start
+wpa_supplicant for two interfaces:
+.sp
+.RS
+
+.nf
+wpa_supplicant \\
+ -c wpa1.conf -i wlan0 -D hostap -N \\
+ -c wpa2.conf -i ath0 -D madwifi
+.fi
+.RE
+.SH "OS REQUIREMENTS"
+.PP
+Current hardware/software requirements:
+.TP 0.2i
+\(bu
+Linux kernel 2.4.x or 2.6.x with Linux Wireless
+Extensions v15 or newer
+.TP 0.2i
+\(bu
+FreeBSD 6-CURRENT
+.TP 0.2i
+\(bu
+Microsoft Windows with WinPcap (at least WinXP, may work
+with other versions)
+.SH "SUPPORTED DRIVERS"
+.TP
+\fBHost AP driver for Prism2/2.5/3 (development snapshot/v0.2.x)\fR
+(http://hostap.epitest.fi/) Driver needs to be set in
+Managed mode ('iwconfig wlan0 mode managed'). Please note
+that station firmware version needs to be 1.7.0 or newer to
+work in WPA mode.
+.TP
+\fBLinuxant DriverLoader\fR
+(http://www.linuxant.com/driverloader/)
+with Windows NDIS driver for your wlan card supporting WPA.
+.TP
+\fBAgere Systems Inc. Linux Driver\fR
+(http://www.agere.com/support/drivers/) Please note
+that the driver interface file (driver_hermes.c) and hardware
+specific include files are not included in the wpa_supplicant
+distribution. You will need to copy these from the source
+package of the Agere driver.
+.TP
+\fBmadwifi driver for cards based on Atheros chip set (ar521x)\fR
+(http://sourceforge.net/projects/madwifi/) Please
+note that you will need to modify the wpa_supplicant .config
+file to use the correct path for the madwifi driver root
+directory (CFLAGS += -I../madwifi/wpa line in example
+defconfig).
+.TP
+\fBATMEL AT76C5XXx driver for USB and PCMCIA cards\fR
+(http://atmelwlandriver.sourceforge.net/).
+.TP
+\fBLinux ndiswrapper\fR
+(http://ndiswrapper.sourceforge.net/) with Windows
+NDIS driver.
+.TP
+\fBBroadcom wl.o driver\fR
+This is a generic Linux driver for Broadcom IEEE
+802.11a/g cards. However, it is proprietary driver that is
+not publicly available except for couple of exceptions, mainly
+Broadcom-based APs/wireless routers that use Linux. The driver
+binary can be downloaded, e.g., from Linksys support site
+(http://www.linksys.com/support/gpl.asp) for Linksys
+WRT54G. The GPL tarball includes cross-compiler and the needed
+header file, wlioctl.h, for compiling wpa_supplicant. This
+driver support in wpa_supplicant is expected to work also with
+other devices based on Broadcom driver (assuming the driver
+includes client mode support).
+.TP
+\fB Intel ipw2100 driver\fR
+(http://sourceforge.net/projects/ipw2100/)
+.TP
+\fBIntel ipw2200 driver\fR
+(http://sourceforge.net/projects/ipw2200/)
+.TP
+\fBLinux wireless extensions\fR
+In theory, any driver that supports Linux wireless
+extensions can be used with IEEE 802.1X (i.e., not WPA) when
+using ap_scan=0 option in configuration file.
+.TP
+\fBWired Ethernet drivers\fR
+Use ap_scan=0.
+.TP
+\fBBSD net80211 layer (e.g., Atheros driver)\fR
+At the moment, this is for FreeBSD 6-CURRENT branch.
+.TP
+\fBWindows NDIS\fR
+The current Windows port requires WinPcap
+(http://winpcap.polito.it/). See README-Windows.txt for more
+information.
+.PP
+wpa_supplicant was designed to be portable for different
+drivers and operating systems. Hopefully, support for more wlan
+cards and OSes will be added in the future. See developer.txt for
+more information about the design of wpa_supplicant and porting to
+other drivers. One main goal is to add full WPA/WPA2 support to
+Linux wireless extensions to allow new drivers to be supported
+without having to implement new driver-specific interface code in
+wpa_supplicant.
+.SH "ARCHITECTURE"
+.PP
+The
+\fBwpa_supplicant\fR system consists of the following
+components:
+.TP
+\fB\fIwpa_supplicant.conf\fB \fR
+the configuration file describing all networks that the
+user wants the computer to connect to.
+.TP
+\fBwpa_supplicant\fR
+the program that directly interacts with the
+network interface.
+.TP
+\fBwpa_cli\fR
+the
+client program that provides a high-level interface to the
+functionality of the daemon.
+.TP
+\fBwpa_passphrase\fR
+a utility needed to construct
+\fIwpa_supplicant.conf\fR files that include
+encrypted passwords.
+.SH "QUICK START"
+.PP
+First, make a configuration file, e.g.
+\fI/etc/wpa_supplicant.conf\fR, that describes the networks
+you are interested in. See \fBwpa_supplicant.conf\fR(5)
+for details.
+.PP
+Once the configuration is ready, you can test whether the
+configuration works by running \fBwpa_supplicant\fR
+with following command to start it on foreground with debugging
+enabled:
+.sp
+.RS
+
+.nf
+wpa_supplicant -iwlan0 -c/etc/wpa_supplicant.conf -d
+
+.fi
+.RE
+.PP
+Assuming everything goes fine, you can start using following
+command to start \fBwpa_supplicant\fR on background
+without debugging:
+.sp
+.RS
+
+.nf
+wpa_supplicant -iwlan0 -c/etc/wpa_supplicant.conf -B
+
+.fi
+.RE
+.PP
+Please note that if you included more than one driver
+interface in the build time configuration (.config), you may need
+to specify which interface to use by including -D<driver
+name> option on the command line.
+.SH "INTERFACE TO PCMCIA-CS/CARDMRG"
+.PP
+For example, following small changes to pcmcia-cs scripts
+can be used to enable WPA support:
+.PP
+Add MODE="Managed" and WPA="y" to the network scheme in
+\fI/etc/pcmcia/wireless.opts\fR\&.
+.PP
+Add the following block to the end of 'start' action handler
+in \fI/etc/pcmcia/wireless\fR:
+.sp
+.RS
+
+.nf
+if [ "$WPA" = "y" -a -x /usr/local/bin/wpa_supplicant ]; then
+ /usr/local/bin/wpa_supplicant -B -c/etc/wpa_supplicant.conf -i$DEVICE
+fi
+
+.fi
+.RE
+.PP
+Add the following block to the end of 'stop' action handler
+(may need to be separated from other actions) in
+\fI/etc/pcmcia/wireless\fR:
+.sp
+.RS
+
+.nf
+if [ "$WPA" = "y" -a -x /usr/local/bin/wpa_supplicant ]; then
+ killall wpa_supplicant
+fi
+
+.fi
+.RE
+.PP
+This will make \fBcardmgr\fR start
+\fBwpa_supplicant\fR when the card is plugged
+in.
+.SH "SEE ALSO"
+.PP
+\fBwpa_background\fR(8)
+\fBwpa_supplicant.conf\fR(5)
+\fBwpa_cli\fR(8)
+\fBwpa_passphrase\fR(8)
+.SH "LEGAL"
+.PP
+wpa_supplicant is copyright (c) 2003-2007,
+Jouni Malinen <j at w1.fi> and
+contributors.
+All Rights Reserved.
+.PP
+This program is dual-licensed under both the GPL version 2
+and BSD license. Either license may be used at your option.
Added: wpasupplicant/branches/upstream/current/wpa_supplicant/doc/docbook/wpa_supplicant.conf.5
URL: http://svn.debian.org/wsvn/wpasupplicant/branches/upstream/current/wpa_supplicant/doc/docbook/wpa_supplicant.conf.5?rev=1135&op=file
==============================================================================
--- wpasupplicant/branches/upstream/current/wpa_supplicant/doc/docbook/wpa_supplicant.conf.5 (added)
+++ wpasupplicant/branches/upstream/current/wpa_supplicant/doc/docbook/wpa_supplicant.conf.5 Sat Feb 23 03:42:35 2008
@@ -1,0 +1,224 @@
+.\" This manpage has been automatically generated by docbook2man
+.\" from a DocBook document. This tool can be found at:
+.\" <http://shell.ipoline.com/~elmert/comp/docbook2X/>
+.\" Please send any bug reports, improvements, comments, patches,
+.\" etc. to Steve Cheng <steve at ggi-project.org>.
+.TH "WPA_SUPPLICANT.CONF" "5" "22 February 2008" "" ""
+
+.SH NAME
+wpa_supplicant.conf \- configuration file for wpa_supplicant
+.SH "OVERVIEW"
+.PP
+\fBwpa_supplicant\fR is configured using a text
+file that lists all accepted networks and security policies,
+including pre-shared keys. See the example configuration file,
+probably in \fB/usr/share/doc/wpa_supplicant/\fR, for
+detailed information about the configuration format and supported
+fields.
+.PP
+All file paths in this configuration file should use full
+(absolute, not relative to working directory) path in order to allow
+working directory to be changed. This can happen if wpa_supplicant is
+run in the background.
+.PP
+Changes to configuration file can be reloaded be sending
+SIGHUP signal to \fBwpa_supplicant\fR ('killall -HUP
+wpa_supplicant'). Similarly, reloading can be triggered with
+the 'wpa_cli reconfigure' command.
+.PP
+Configuration file can include one or more network blocks,
+e.g., one for each used SSID. wpa_supplicant will automatically
+select the best network based on the order of network blocks in
+the configuration file, network security level (WPA/WPA2 is
+preferred), and signal strength.
+.SH "QUICK EXAMPLES"
+.TP 3
+1.
+WPA-Personal (PSK) as home network and WPA-Enterprise with
+EAP-TLS as work network.
+.sp
+.RS
+
+.nf
+# allow frontend (e.g., wpa_cli) to be used by all users in 'wheel' group
+ctrl_interface=DIR=/var/run/wpa_supplicant GROUP=wheel
+#
+# home network; allow all valid ciphers
+network={
+ ssid="home"
+ scan_ssid=1
+ key_mgmt=WPA-PSK
+ psk="very secret passphrase"
+}
+#
+# work network; use EAP-TLS with WPA; allow only CCMP and TKIP ciphers
+network={
+ ssid="work"
+ scan_ssid=1
+ key_mgmt=WPA-EAP
+ pairwise=CCMP TKIP
+ group=CCMP TKIP
+ eap=TLS
+ identity="user at example.com"
+ ca_cert="/etc/cert/ca.pem"
+ client_cert="/etc/cert/user.pem"
+ private_key="/etc/cert/user.prv"
+ private_key_passwd="password"
+}
+.fi
+.RE
+.TP 3
+2.
+WPA-RADIUS/EAP-PEAP/MSCHAPv2 with RADIUS servers that
+use old peaplabel (e.g., Funk Odyssey and SBR, Meetinghouse
+Aegis, Interlink RAD-Series)
+.sp
+.RS
+
+.nf
+ctrl_interface=DIR=/var/run/wpa_supplicant GROUP=wheel
+network={
+ ssid="example"
+ scan_ssid=1
+ key_mgmt=WPA-EAP
+ eap=PEAP
+ identity="user at example.com"
+ password="foobar"
+ ca_cert="/etc/cert/ca.pem"
+ phase1="peaplabel=0"
+ phase2="auth=MSCHAPV2"
+}
+.fi
+.RE
+.TP 3
+3.
+EAP-TTLS/EAP-MD5-Challenge configuration with anonymous
+identity for the unencrypted use. Real identity is sent only
+within an encrypted TLS tunnel.
+.sp
+.RS
+
+.nf
+ctrl_interface=DIR=/var/run/wpa_supplicant GROUP=wheel
+network={
+ ssid="example"
+ scan_ssid=1
+ key_mgmt=WPA-EAP
+ eap=TTLS
+ identity="user at example.com"
+ anonymous_identity="anonymous at example.com"
+ password="foobar"
+ ca_cert="/etc/cert/ca.pem"
+ phase2="auth=MD5"
+}
+.fi
+.RE
+.TP 3
+4.
+IEEE 802.1X (i.e., no WPA) with dynamic WEP keys
+(require both unicast and broadcast); use EAP-TLS for
+authentication
+.sp
+.RS
+
+.nf
+ctrl_interface=DIR=/var/run/wpa_supplicant GROUP=wheel
+network={
+ ssid="1x-test"
+ scan_ssid=1
+ key_mgmt=IEEE8021X
+ eap=TLS
+ identity="user at example.com"
+ ca_cert="/etc/cert/ca.pem"
+ client_cert="/etc/cert/user.pem"
+ private_key="/etc/cert/user.prv"
+ private_key_passwd="password"
+ eapol_flags=3
+}
+.fi
+.RE
+.TP 3
+5.
+Catch all example that allows more or less all
+configuration modes. The configuration options are used based
+on what security policy is used in the selected SSID. This is
+mostly for testing and is not recommended for normal
+use.
+.sp
+.RS
+
+.nf
+ctrl_interface=DIR=/var/run/wpa_supplicant GROUP=wheel
+network={
+ ssid="example"
+ scan_ssid=1
+ key_mgmt=WPA-EAP WPA-PSK IEEE8021X NONE
+ pairwise=CCMP TKIP
+ group=CCMP TKIP WEP104 WEP40
+ psk="very secret passphrase"
+ eap=TTLS PEAP TLS
+ identity="user at example.com"
+ password="foobar"
+ ca_cert="/etc/cert/ca.pem"
+ client_cert="/etc/cert/user.pem"
+ private_key="/etc/cert/user.prv"
+ private_key_passwd="password"
+ phase1="peaplabel=0"
+ ca_cert2="/etc/cert/ca2.pem"
+ client_cert2="/etc/cer/user.pem"
+ private_key2="/etc/cer/user.prv"
+ private_key2_passwd="password"
+}
+.fi
+.RE
+.TP 3
+6.
+Authentication for wired Ethernet. This can be used with
+'wired' interface (-Dwired on command line).
+.sp
+.RS
+
+.nf
+ctrl_interface=DIR=/var/run/wpa_supplicant GROUP=wheel
+ap_scan=0
+network={
+ key_mgmt=IEEE8021X
+ eap=MD5
+ identity="user"
+ password="password"
+ eapol_flags=0
+}
+.fi
+.RE
+.SH "CERTIFICATES"
+.PP
+Some EAP authentication methods require use of
+certificates. EAP-TLS uses both server side and client
+certificates whereas EAP-PEAP and EAP-TTLS only require the server
+side certificate. When client certificate is used, a matching
+private key file has to also be included in configuration. If the
+private key uses a passphrase, this has to be configured in
+wpa_supplicant.conf ("private_key_passwd").
+.PP
+wpa_supplicant supports X.509 certificates in PEM and DER
+formats. User certificate and private key can be included in the
+same file.
+.PP
+If the user certificate and private key is received in
+PKCS#12/PFX format, they need to be converted to suitable PEM/DER
+format for wpa_supplicant. This can be done, e.g., with following
+commands:
+.sp
+.RS
+
+.nf
+# convert client certificate and private key to PEM format
+openssl pkcs12 -in example.pfx -out user.pem -clcerts
+# convert CA certificate (if included in PFX file) to PEM format
+openssl pkcs12 -in example.pfx -out ca.pem -cacerts -nokeys
+.fi
+.RE
+.SH "SEE ALSO"
+.PP
+\fBwpa_supplicant\fR(8)
+\fBopenssl\fR(1)
Modified: wpasupplicant/branches/upstream/current/wpa_supplicant/events.c
URL: http://svn.debian.org/wsvn/wpasupplicant/branches/upstream/current/wpa_supplicant/events.c?rev=1135&op=diff
==============================================================================
--- wpasupplicant/branches/upstream/current/wpa_supplicant/events.c (original)
+++ wpasupplicant/branches/upstream/current/wpa_supplicant/events.c Sat Feb 23 03:42:35 2008
@@ -1,6 +1,6 @@
/*
* WPA Supplicant - Driver event processing
- * Copyright (c) 2003-2007, Jouni Malinen <j at w1.fi>
+ * Copyright (c) 2003-2008, Jouni Malinen <j at w1.fi>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2 as
@@ -40,6 +40,8 @@
if (wpa_s->conf->ap_scan == 1 && wpa_s->current_ssid)
return 0;
+ wpa_printf(MSG_DEBUG, "Select network based on association "
+ "information");
ssid = wpa_supplicant_get_ssid(wpa_s);
if (ssid == NULL) {
wpa_printf(MSG_INFO, "No network configuration found for the "
@@ -100,6 +102,7 @@
if (wpa_s->key_mgmt == WPA_KEY_MGMT_PSK ||
wpa_s->key_mgmt == WPA_KEY_MGMT_FT_PSK)
eapol_sm_notify_eap_success(wpa_s->eapol, FALSE);
+ wpa_s->ap_ies_from_associnfo = 0;
}
@@ -690,6 +693,8 @@
wpa_sm_set_ap_wpa_ie(wpa_s->wpa, NULL, 0);
if (!rsn_found && data->assoc_info.beacon_ies)
wpa_sm_set_ap_rsn_ie(wpa_s->wpa, NULL, 0);
+ if (wpa_found || rsn_found)
+ wpa_s->ap_ies_from_associnfo = 1;
}
Modified: wpasupplicant/branches/upstream/current/wpa_supplicant/wpa_gui-qt4/eventhistory.cpp
URL: http://svn.debian.org/wsvn/wpasupplicant/branches/upstream/current/wpa_supplicant/wpa_gui-qt4/eventhistory.cpp?rev=1135&op=diff
==============================================================================
--- wpasupplicant/branches/upstream/current/wpa_supplicant/wpa_gui-qt4/eventhistory.cpp (original)
+++ wpasupplicant/branches/upstream/current/wpa_supplicant/wpa_gui-qt4/eventhistory.cpp Sat Feb 23 03:42:35 2008
@@ -13,6 +13,7 @@
*/
#include <QHeaderView>
+#include <QScrollBar>
#include "eventhistory.h"
@@ -115,6 +116,15 @@
void EventHistory::addEvent(WpaMsg msg)
{
+ bool scroll = true;
+
+ if (eventListView->verticalScrollBar()->value() <
+ eventListView->verticalScrollBar()->maximum())
+ scroll = false;
+
elm->addEvent(msg.getTimestamp().toString("yyyy-MM-dd hh:mm:ss.zzz"),
msg.getMsg());
+
+ if (scroll)
+ eventListView->scrollToBottom();
}
Modified: wpasupplicant/branches/upstream/current/wpa_supplicant/wpa_gui-qt4/eventhistory.ui
URL: http://svn.debian.org/wsvn/wpasupplicant/branches/upstream/current/wpa_supplicant/wpa_gui-qt4/eventhistory.ui?rev=1135&op=diff
==============================================================================
--- wpasupplicant/branches/upstream/current/wpa_supplicant/wpa_gui-qt4/eventhistory.ui (original)
+++ wpasupplicant/branches/upstream/current/wpa_supplicant/wpa_gui-qt4/eventhistory.ui Sat Feb 23 03:42:35 2008
@@ -1,93 +1,61 @@
-<ui version="4.0" stdsetdef="1" >
- <author></author>
- <comment></comment>
- <exportmacro></exportmacro>
- <class>EventHistory</class>
- <widget class="QDialog" name="EventHistory" >
- <property name="geometry" >
- <rect>
- <x>0</x>
- <y>0</y>
- <width>533</width>
- <height>285</height>
- </rect>
- </property>
- <property name="windowTitle" >
- <string>Event history</string>
- </property>
- <layout class="QVBoxLayout" >
- <item>
- <widget class="QTreeView" name="eventListView" >
- <property name="sizePolicy" >
- <sizepolicy>
- <hsizetype>7</hsizetype>
- <vsizetype>7</vsizetype>
- <horstretch>0</horstretch>
- <verstretch>0</verstretch>
- </sizepolicy>
- </property>
- <property name="selectionMode" >
- <enum>QAbstractItemView::NoSelection</enum>
- </property>
- <column>
- <property name="text" >
- <string>Timestamp</string>
- </property>
- <property name="clickable" >
- <bool>true</bool>
- </property>
- <property name="resizable" >
- <bool>true</bool>
- </property>
- </column>
- <column>
- <property name="text" >
- <string>Message</string>
- </property>
- <property name="clickable" >
- <bool>true</bool>
- </property>
- <property name="resizable" >
- <bool>true</bool>
- </property>
- </column>
- </widget>
- </item>
- <item>
- <layout class="QHBoxLayout" >
- <property name="margin" >
- <number>0</number>
- </property>
- <item>
- <spacer name="spacer3" >
- <property name="sizeHint" >
- <size>
- <width>20</width>
- <height>20</height>
- </size>
- </property>
- <property name="sizeType" >
- <enum>Expanding</enum>
- </property>
- <property name="orientation" >
- <enum>Horizontal</enum>
- </property>
- </spacer>
- </item>
- <item>
- <widget class="QPushButton" name="closeButton" >
- <property name="text" >
- <string>Close</string>
- </property>
- </widget>
- </item>
- </layout>
- </item>
- </layout>
- </widget>
- <layoutdefault spacing="6" margin="11" />
- <pixmapfunction>qPixmapFromMimeSource</pixmapfunction>
- <includes>
- <include location="local" >wpamsg.h</include>
- </includes>
+<ui version="4.0" >
+ <class>EventHistory</class>
+ <widget class="QDialog" name="EventHistory" >
+ <property name="geometry" >
+ <rect>
+ <x>0</x>
+ <y>0</y>
+ <width>533</width>
+ <height>285</height>
+ </rect>
+ </property>
+ <property name="windowTitle" >
+ <string>Event history</string>
+ </property>
+ <layout class="QGridLayout" >
+ <item row="0" column="0" colspan="2" >
+ <widget class="QTreeView" name="eventListView" >
+ <property name="sizePolicy" >
+ <sizepolicy vsizetype="Expanding" hsizetype="Expanding" >
+ <horstretch>0</horstretch>
+ <verstretch>0</verstretch>
+ </sizepolicy>
+ </property>
+ <property name="verticalScrollBarPolicy" >
+ <enum>Qt::ScrollBarAlwaysOn</enum>
+ </property>
+ <property name="selectionMode" >
+ <enum>QAbstractItemView::NoSelection</enum>
+ </property>
+ </widget>
+ </item>
+ <item row="1" column="0" >
+ <spacer>
+ <property name="orientation" >
+ <enum>Qt::Horizontal</enum>
+ </property>
+ <property name="sizeHint" >
+ <size>
+ <width>40</width>
+ <height>20</height>
+ </size>
+ </property>
+ </spacer>
+ </item>
+ <item row="1" column="1" >
+ <widget class="QPushButton" name="closeButton" >
+ <property name="text" >
+ <string>Close</string>
+ </property>
+ </widget>
+ </item>
+ </layout>
+ </widget>
+ <layoutdefault spacing="6" margin="11" />
+ <pixmapfunction>qPixmapFromMimeSource</pixmapfunction>
+ <includes>
+ <include location="local" >wpamsg.h</include>
+ </includes>
+ <resources/>
+ <connections/>
</ui>
Modified: wpasupplicant/branches/upstream/current/wpa_supplicant/wpa_supplicant.c
URL: http://svn.debian.org/wsvn/wpasupplicant/branches/upstream/current/wpa_supplicant/wpa_supplicant.c?rev=1135&op=diff
==============================================================================
--- wpasupplicant/branches/upstream/current/wpa_supplicant/wpa_supplicant.c (original)
+++ wpasupplicant/branches/upstream/current/wpa_supplicant/wpa_supplicant.c Sat Feb 23 03:42:35 2008
@@ -770,11 +770,13 @@
wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_RSN_ENABLED,
!!(ssid->proto & WPA_PROTO_RSN));
- if (wpa_sm_set_ap_wpa_ie(wpa_s->wpa, bss_wpa,
- bss_wpa ? 2 + bss_wpa[1] : 0) ||
- wpa_sm_set_ap_rsn_ie(wpa_s->wpa, bss_rsn,
- bss_rsn ? 2 + bss_rsn[1] : 0))
- return -1;
+ if (bss || !wpa_s->ap_ies_from_associnfo) {
+ if (wpa_sm_set_ap_wpa_ie(wpa_s->wpa, bss_wpa,
+ bss_wpa ? 2 + bss_wpa[1] : 0) ||
+ wpa_sm_set_ap_rsn_ie(wpa_s->wpa, bss_rsn,
+ bss_rsn ? 2 + bss_rsn[1] : 0))
+ return -1;
+ }
sel = ie.group_cipher & ssid->group_cipher;
if (sel & WPA_CIPHER_CCMP) {
Modified: wpasupplicant/branches/upstream/current/wpa_supplicant/wpa_supplicant_i.h
URL: http://svn.debian.org/wsvn/wpasupplicant/branches/upstream/current/wpa_supplicant/wpa_supplicant_i.h?rev=1135&op=diff
==============================================================================
--- wpasupplicant/branches/upstream/current/wpa_supplicant/wpa_supplicant_i.h (original)
+++ wpasupplicant/branches/upstream/current/wpa_supplicant/wpa_supplicant_i.h Sat Feb 23 03:42:35 2008
@@ -281,6 +281,7 @@
int disconnected; /* all connections disabled; i.e., do no reassociate
* before this has been cleared */
struct wpa_ssid *current_ssid;
+ int ap_ies_from_associnfo;
/* Selected configuration (based on Beacon/ProbeResp WPA IE) */
int pairwise_cipher;
More information about the Pkg-wpa-devel
mailing list