[pkg-wpa-devel] r1279 - in /wpasupplicant/branches/upstream/current: src/common/ src/drivers/ src/eap_peer/ src/eap_server/ src/eapol_supp/ src/radius/ src/utils/ wpa_supplicant/ wpa_supplicant/doc/docbook/ wpa_supplicant/vs2005/eapol_test/ wpa_supplicant/vs2005/wpa_supplicant/ wpa_supplicant/vs2005/wpasvc/ wpa_supplicant/wpa_gui-qt4/
kelmo-guest at users.alioth.debian.org
kelmo-guest at users.alioth.debian.org
Sun Nov 2 11:03:55 UTC 2008
Author: kelmo-guest
Date: Sun Nov 2 11:03:54 2008
New Revision: 1279
URL: http://svn.debian.org/wsvn/?sc=1&rev=1279
Log:
[svn-upgrade] Integrating new upstream version, wpasupplicant (0.6.5)
Added:
wpasupplicant/branches/upstream/current/src/common/ieee802_11_common.c
wpasupplicant/branches/upstream/current/src/common/ieee802_11_common.h
wpasupplicant/branches/upstream/current/wpa_supplicant/doc/docbook/wpa_background.8
wpasupplicant/branches/upstream/current/wpa_supplicant/doc/docbook/wpa_cli.8
wpasupplicant/branches/upstream/current/wpa_supplicant/doc/docbook/wpa_gui.8
wpasupplicant/branches/upstream/current/wpa_supplicant/doc/docbook/wpa_passphrase.8
wpasupplicant/branches/upstream/current/wpa_supplicant/doc/docbook/wpa_priv.8
wpasupplicant/branches/upstream/current/wpa_supplicant/doc/docbook/wpa_supplicant.8
wpasupplicant/branches/upstream/current/wpa_supplicant/doc/docbook/wpa_supplicant.conf.5
Modified:
wpasupplicant/branches/upstream/current/src/common/ieee802_11_defs.h
wpasupplicant/branches/upstream/current/src/common/version.h
wpasupplicant/branches/upstream/current/src/drivers/driver_madwifi.c
wpasupplicant/branches/upstream/current/src/drivers/driver_nl80211.c
wpasupplicant/branches/upstream/current/src/eap_peer/eap_fast.c
wpasupplicant/branches/upstream/current/src/eap_peer/eap_fast_pac.c
wpasupplicant/branches/upstream/current/src/eap_peer/tncc.c
wpasupplicant/branches/upstream/current/src/eap_server/eap.c
wpasupplicant/branches/upstream/current/src/eap_server/eap.h
wpasupplicant/branches/upstream/current/src/eap_server/eap_fast.c
wpasupplicant/branches/upstream/current/src/eap_server/eap_gpsk.c
wpasupplicant/branches/upstream/current/src/eap_server/eap_i.h
wpasupplicant/branches/upstream/current/src/eapol_supp/eapol_supp_sm.c
wpasupplicant/branches/upstream/current/src/radius/radius_server.c
wpasupplicant/branches/upstream/current/src/radius/radius_server.h
wpasupplicant/branches/upstream/current/src/utils/os_unix.c
wpasupplicant/branches/upstream/current/wpa_supplicant/ChangeLog
wpasupplicant/branches/upstream/current/wpa_supplicant/Makefile
wpasupplicant/branches/upstream/current/wpa_supplicant/README-Windows.txt
wpasupplicant/branches/upstream/current/wpa_supplicant/ctrl_iface.c
wpasupplicant/branches/upstream/current/wpa_supplicant/mlme.c
wpasupplicant/branches/upstream/current/wpa_supplicant/vs2005/eapol_test/eapol_test.vcproj
wpasupplicant/branches/upstream/current/wpa_supplicant/vs2005/wpa_supplicant/wpa_supplicant.vcproj
wpasupplicant/branches/upstream/current/wpa_supplicant/vs2005/wpasvc/wpasvc.vcproj
wpasupplicant/branches/upstream/current/wpa_supplicant/wpa_cli.c
wpasupplicant/branches/upstream/current/wpa_supplicant/wpa_gui-qt4/networkconfig.cpp
Added: wpasupplicant/branches/upstream/current/src/common/ieee802_11_common.c
URL: http://svn.debian.org/wsvn/wpasupplicant/branches/upstream/current/src/common/ieee802_11_common.c?rev=1279&op=file
==============================================================================
--- wpasupplicant/branches/upstream/current/src/common/ieee802_11_common.c (added)
+++ wpasupplicant/branches/upstream/current/src/common/ieee802_11_common.c Sun Nov 2 11:03:54 2008
@@ -1,0 +1,224 @@
+/*
+ * IEEE 802.11 Common routines
+ * Copyright (c) 2002-2008, Jouni Malinen <j at w1.fi>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ *
+ * Alternatively, this software may be distributed under the terms of BSD
+ * license.
+ *
+ * See README and COPYING for more details.
+ */
+
+#include "includes.h"
+
+#include "common.h"
+#include "ieee802_11_defs.h"
+#include "ieee802_11_common.h"
+
+
+static int ieee802_11_parse_vendor_specific(u8 *pos, size_t elen,
+ struct ieee802_11_elems *elems,
+ int show_errors)
+{
+ unsigned int oui;
+
+ /* first 3 bytes in vendor specific information element are the IEEE
+ * OUI of the vendor. The following byte is used a vendor specific
+ * sub-type. */
+ if (elen < 4) {
+ if (show_errors) {
+ wpa_printf(MSG_MSGDUMP, "short vendor specific "
+ "information element ignored (len=%lu)",
+ (unsigned long) elen);
+ }
+ return -1;
+ }
+
+ oui = WPA_GET_BE24(pos);
+ switch (oui) {
+ case OUI_MICROSOFT:
+ /* Microsoft/Wi-Fi information elements are further typed and
+ * subtyped */
+ switch (pos[3]) {
+ case 1:
+ /* Microsoft OUI (00:50:F2) with OUI Type 1:
+ * real WPA information element */
+ elems->wpa_ie = pos;
+ elems->wpa_ie_len = elen;
+ break;
+ case WME_OUI_TYPE: /* this is a Wi-Fi WME info. element */
+ if (elen < 5) {
+ wpa_printf(MSG_MSGDUMP, "short WME "
+ "information element ignored "
+ "(len=%lu)",
+ (unsigned long) elen);
+ return -1;
+ }
+ switch (pos[4]) {
+ case WME_OUI_SUBTYPE_INFORMATION_ELEMENT:
+ case WME_OUI_SUBTYPE_PARAMETER_ELEMENT:
+ elems->wme = pos;
+ elems->wme_len = elen;
+ break;
+ case WME_OUI_SUBTYPE_TSPEC_ELEMENT:
+ elems->wme_tspec = pos;
+ elems->wme_tspec_len = elen;
+ break;
+ default:
+ wpa_printf(MSG_MSGDUMP, "unknown WME "
+ "information element ignored "
+ "(subtype=%d len=%lu)",
+ pos[4], (unsigned long) elen);
+ return -1;
+ }
+ break;
+ default:
+ wpa_printf(MSG_MSGDUMP, "Unknown Microsoft "
+ "information element ignored "
+ "(type=%d len=%lu)\n",
+ pos[3], (unsigned long) elen);
+ return -1;
+ }
+ break;
+
+ default:
+ wpa_printf(MSG_MSGDUMP, "unknown vendor specific information "
+ "element ignored (vendor OUI %02x:%02x:%02x "
+ "len=%lu)",
+ pos[0], pos[1], pos[2], (unsigned long) elen);
+ return -1;
+ }
+
+ return 0;
+}
+
+
+ParseRes ieee802_11_parse_elems(u8 *start, size_t len,
+ struct ieee802_11_elems *elems,
+ int show_errors)
+{
+ size_t left = len;
+ u8 *pos = start;
+ int unknown = 0;
+
+ os_memset(elems, 0, sizeof(*elems));
+
+ while (left >= 2) {
+ u8 id, elen;
+
+ id = *pos++;
+ elen = *pos++;
+ left -= 2;
+
+ if (elen > left) {
+ if (show_errors) {
+ wpa_printf(MSG_DEBUG, "IEEE 802.11 element "
+ "parse failed (id=%d elen=%d "
+ "left=%lu)",
+ id, elen, (unsigned long) left);
+ wpa_hexdump(MSG_MSGDUMP, "IEs", start, len);
+ }
+ return ParseFailed;
+ }
+
+ switch (id) {
+ case WLAN_EID_SSID:
+ elems->ssid = pos;
+ elems->ssid_len = elen;
+ break;
+ case WLAN_EID_SUPP_RATES:
+ elems->supp_rates = pos;
+ elems->supp_rates_len = elen;
+ break;
+ case WLAN_EID_FH_PARAMS:
+ elems->fh_params = pos;
+ elems->fh_params_len = elen;
+ break;
+ case WLAN_EID_DS_PARAMS:
+ elems->ds_params = pos;
+ elems->ds_params_len = elen;
+ break;
+ case WLAN_EID_CF_PARAMS:
+ elems->cf_params = pos;
+ elems->cf_params_len = elen;
+ break;
+ case WLAN_EID_TIM:
+ elems->tim = pos;
+ elems->tim_len = elen;
+ break;
+ case WLAN_EID_IBSS_PARAMS:
+ elems->ibss_params = pos;
+ elems->ibss_params_len = elen;
+ break;
+ case WLAN_EID_CHALLENGE:
+ elems->challenge = pos;
+ elems->challenge_len = elen;
+ break;
+ case WLAN_EID_ERP_INFO:
+ elems->erp_info = pos;
+ elems->erp_info_len = elen;
+ break;
+ case WLAN_EID_EXT_SUPP_RATES:
+ elems->ext_supp_rates = pos;
+ elems->ext_supp_rates_len = elen;
+ break;
+ case WLAN_EID_VENDOR_SPECIFIC:
+ if (ieee802_11_parse_vendor_specific(pos, elen,
+ elems,
+ show_errors))
+ unknown++;
+ break;
+ case WLAN_EID_RSN:
+ elems->rsn_ie = pos;
+ elems->rsn_ie_len = elen;
+ break;
+ case WLAN_EID_PWR_CAPABILITY:
+ elems->power_cap = pos;
+ elems->power_cap_len = elen;
+ break;
+ case WLAN_EID_SUPPORTED_CHANNELS:
+ elems->supp_channels = pos;
+ elems->supp_channels_len = elen;
+ break;
+ case WLAN_EID_MOBILITY_DOMAIN:
+ elems->mdie = pos;
+ elems->mdie_len = elen;
+ break;
+ case WLAN_EID_FAST_BSS_TRANSITION:
+ elems->ftie = pos;
+ elems->ftie_len = elen;
+ break;
+ case WLAN_EID_HT_CAP:
+ elems->ht_capabilities = pos;
+ elems->ht_capabilities_len = elen;
+ break;
+ case WLAN_EID_HT_OPERATION:
+ elems->ht_operation = pos;
+ elems->ht_operation_len = elen;
+ break;
+ case WLAN_EID_ASSOC_COMEBACK_TIME:
+ elems->assoc_comeback = pos;
+ elems->assoc_comeback_len = elen;
+ break;
+ default:
+ unknown++;
+ if (!show_errors)
+ break;
+ wpa_printf(MSG_MSGDUMP, "IEEE 802.11 element parse "
+ "ignored unknown element (id=%d elen=%d)",
+ id, elen);
+ break;
+ }
+
+ left -= elen;
+ pos += elen;
+ }
+
+ if (left)
+ return ParseFailed;
+
+ return unknown ? ParseUnknown : ParseOK;
+}
Added: wpasupplicant/branches/upstream/current/src/common/ieee802_11_common.h
URL: http://svn.debian.org/wsvn/wpasupplicant/branches/upstream/current/src/common/ieee802_11_common.h?rev=1279&op=file
==============================================================================
--- wpasupplicant/branches/upstream/current/src/common/ieee802_11_common.h (added)
+++ wpasupplicant/branches/upstream/current/src/common/ieee802_11_common.h Sun Nov 2 11:03:54 2008
@@ -1,0 +1,70 @@
+/*
+ * IEEE 802.11 Common routines
+ * Copyright (c) 2002-2008, Jouni Malinen <j at w1.fi>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ *
+ * Alternatively, this software may be distributed under the terms of BSD
+ * license.
+ *
+ * See README and COPYING for more details.
+ */
+
+#ifndef IEEE802_11_COMMON_H
+#define IEEE802_11_COMMON_H
+
+/* Parsed Information Elements */
+struct ieee802_11_elems {
+ u8 *ssid;
+ u8 ssid_len;
+ u8 *supp_rates;
+ u8 supp_rates_len;
+ u8 *fh_params;
+ u8 fh_params_len;
+ u8 *ds_params;
+ u8 ds_params_len;
+ u8 *cf_params;
+ u8 cf_params_len;
+ u8 *tim;
+ u8 tim_len;
+ u8 *ibss_params;
+ u8 ibss_params_len;
+ u8 *challenge;
+ u8 challenge_len;
+ u8 *erp_info;
+ u8 erp_info_len;
+ u8 *ext_supp_rates;
+ u8 ext_supp_rates_len;
+ u8 *wpa_ie;
+ u8 wpa_ie_len;
+ u8 *rsn_ie;
+ u8 rsn_ie_len;
+ u8 *wme;
+ u8 wme_len;
+ u8 *wme_tspec;
+ u8 wme_tspec_len;
+ u8 *power_cap;
+ u8 power_cap_len;
+ u8 *supp_channels;
+ u8 supp_channels_len;
+ u8 *mdie;
+ u8 mdie_len;
+ u8 *ftie;
+ u8 ftie_len;
+ u8 *ht_capabilities;
+ u8 ht_capabilities_len;
+ u8 *ht_operation;
+ u8 ht_operation_len;
+ u8 *assoc_comeback;
+ u8 assoc_comeback_len;
+};
+
+typedef enum { ParseOK = 0, ParseUnknown = 1, ParseFailed = -1 } ParseRes;
+
+ParseRes ieee802_11_parse_elems(u8 *start, size_t len,
+ struct ieee802_11_elems *elems,
+ int show_errors);
+
+#endif /* IEEE802_11_COMMON_H */
Modified: wpasupplicant/branches/upstream/current/src/common/ieee802_11_defs.h
URL: http://svn.debian.org/wsvn/wpasupplicant/branches/upstream/current/src/common/ieee802_11_defs.h?rev=1279&op=diff
==============================================================================
--- wpasupplicant/branches/upstream/current/src/common/ieee802_11_defs.h (original)
+++ wpasupplicant/branches/upstream/current/src/common/ieee802_11_defs.h Sun Nov 2 11:03:54 2008
@@ -556,4 +556,26 @@
u8 mode;
} STRUCT_PACKED;
+
+#define OUI_MICROSOFT 0x0050f2 /* Microsoft (also used in Wi-Fi specs)
+ * 00:50:F2 */
+
+#define WME_OUI_TYPE 2
+#define WME_OUI_SUBTYPE_INFORMATION_ELEMENT 0
+#define WME_OUI_SUBTYPE_PARAMETER_ELEMENT 1
+#define WME_OUI_SUBTYPE_TSPEC_ELEMENT 2
+#define WME_VERSION 1
+
+#define WME_ACTION_CODE_SETUP_REQUEST 0
+#define WME_ACTION_CODE_SETUP_RESPONSE 1
+#define WME_ACTION_CODE_TEARDOWN 2
+
+#define WME_SETUP_RESPONSE_STATUS_ADMISSION_ACCEPTED 0
+#define WME_SETUP_RESPONSE_STATUS_INVALID_PARAMETERS 1
+#define WME_SETUP_RESPONSE_STATUS_REFUSED 3
+
+#define WME_TSPEC_DIRECTION_UPLINK 0
+#define WME_TSPEC_DIRECTION_DOWNLINK 1
+#define WME_TSPEC_DIRECTION_BI_DIRECTIONAL 3
+
#endif /* IEEE802_11_DEFS_H */
Modified: wpasupplicant/branches/upstream/current/src/common/version.h
URL: http://svn.debian.org/wsvn/wpasupplicant/branches/upstream/current/src/common/version.h?rev=1279&op=diff
==============================================================================
--- wpasupplicant/branches/upstream/current/src/common/version.h (original)
+++ wpasupplicant/branches/upstream/current/src/common/version.h Sun Nov 2 11:03:54 2008
@@ -1,6 +1,6 @@
#ifndef VERSION_H
#define VERSION_H
-#define VERSION_STR "0.6.4"
+#define VERSION_STR "0.6.5"
#endif /* VERSION_H */
Modified: wpasupplicant/branches/upstream/current/src/drivers/driver_madwifi.c
URL: http://svn.debian.org/wsvn/wpasupplicant/branches/upstream/current/src/drivers/driver_madwifi.c?rev=1279&op=diff
==============================================================================
--- wpasupplicant/branches/upstream/current/src/drivers/driver_madwifi.c (original)
+++ wpasupplicant/branches/upstream/current/src/drivers/driver_madwifi.c Sun Nov 2 11:03:54 2008
@@ -23,6 +23,11 @@
#include "ieee802_11_defs.h"
#include "wireless_copy.h"
+/*
+ * Avoid conflicts with wpa_supplicant definitions by undefining a definition.
+ */
+#undef WME_OUI_TYPE
+
#include <include/compat.h>
#include <net80211/ieee80211.h>
#ifdef WME_NUM_AC
@@ -32,6 +37,7 @@
#endif /* WME_NUM_AC */
#include <net80211/ieee80211_crypto.h>
#include <net80211/ieee80211_ioctl.h>
+
#ifdef IEEE80211_IOCTL_SETWMMPARAMS
/* Assume this is built against madwifi-ng */
Modified: wpasupplicant/branches/upstream/current/src/drivers/driver_nl80211.c
URL: http://svn.debian.org/wsvn/wpasupplicant/branches/upstream/current/src/drivers/driver_nl80211.c?rev=1279&op=diff
==============================================================================
--- wpasupplicant/branches/upstream/current/src/drivers/driver_nl80211.c (original)
+++ wpasupplicant/branches/upstream/current/src/drivers/driver_nl80211.c Sun Nov 2 11:03:54 2008
@@ -103,6 +103,8 @@
static int finish_handler(struct nl_msg *msg, void *arg)
{
+ int *ret = arg;
+ *ret = 0;
return NL_SKIP;
}
@@ -133,7 +135,7 @@
err = 1;
nl_cb_err(cb, NL_CB_CUSTOM, error_handler, &err);
- nl_cb_set(cb, NL_CB_FINISH, NL_CB_CUSTOM, finish_handler, NULL);
+ nl_cb_set(cb, NL_CB_FINISH, NL_CB_CUSTOM, finish_handler, &err);
nl_cb_set(cb, NL_CB_ACK, NL_CB_CUSTOM, ack_handler, &err);
if (valid_handler)
Modified: wpasupplicant/branches/upstream/current/src/eap_peer/eap_fast.c
URL: http://svn.debian.org/wsvn/wpasupplicant/branches/upstream/current/src/eap_peer/eap_fast.c?rev=1279&op=diff
==============================================================================
--- wpasupplicant/branches/upstream/current/src/eap_peer/eap_fast.c (original)
+++ wpasupplicant/branches/upstream/current/src/eap_peer/eap_fast.c Sun Nov 2 11:03:54 2008
@@ -1194,7 +1194,7 @@
}
if (data->current_pac == NULL && data->provisioning &&
- !data->anon_provisioning) {
+ !data->anon_provisioning && !tlv.pac) {
/*
* Need to request Tunnel PAC when using authenticated
* provisioning.
Modified: wpasupplicant/branches/upstream/current/src/eap_peer/eap_fast_pac.c
URL: http://svn.debian.org/wsvn/wpasupplicant/branches/upstream/current/src/eap_peer/eap_fast_pac.c?rev=1279&op=diff
==============================================================================
--- wpasupplicant/branches/upstream/current/src/eap_peer/eap_fast_pac.c (original)
+++ wpasupplicant/branches/upstream/current/src/eap_peer/eap_fast_pac.c Sun Nov 2 11:03:54 2008
@@ -555,7 +555,12 @@
"file '%s' for writing", pac_file);
return -1;
}
- fwrite(buf, 1, len, f);
+ if (fwrite(buf, 1, len, f) != len) {
+ wpa_printf(MSG_INFO, "EAP-FAST: Failed to write all "
+ "PACs into '%s'", pac_file);
+ fclose(f);
+ return -1;
+ }
os_free(buf);
fclose(f);
}
Modified: wpasupplicant/branches/upstream/current/src/eap_peer/tncc.c
URL: http://svn.debian.org/wsvn/wpasupplicant/branches/upstream/current/src/eap_peer/tncc.c?rev=1279&op=diff
==============================================================================
--- wpasupplicant/branches/upstream/current/src/eap_peer/tncc.c (original)
+++ wpasupplicant/branches/upstream/current/src/eap_peer/tncc.c Sun Nov 2 11:03:54 2008
@@ -1274,10 +1274,11 @@
/* MS-Packet-Info */
wpabuf_put_u8(buf, SSOH_MS_PACKET_INFO);
- /* FIX: What is correct value here? IF-TNCCS-SOH v1.0 r8 claims this
- * field to be: Reserved(4 bits) r(1 bit) Vers(3 bits), but Windows XP
+ /* Note: IF-TNCCS-SOH v1.0 r8 claims this field to be:
+ * Reserved(4 bits) r(1 bit) Vers(3 bits), but Windows XP
* SP3 seems to be sending 0x11 for SSoH, i.e., r(request/response) bit
* would not be in the specified location.
+ * [MS-SOH] 4.0.2: Reserved(3 bits) r(1 bit) Vers(4 bits)
*/
wpabuf_put_u8(buf, 0x11); /* r=request, vers=1 */
Modified: wpasupplicant/branches/upstream/current/src/eap_server/eap.c
URL: http://svn.debian.org/wsvn/wpasupplicant/branches/upstream/current/src/eap_server/eap.c?rev=1279&op=diff
==============================================================================
--- wpasupplicant/branches/upstream/current/src/eap_server/eap.c (original)
+++ wpasupplicant/branches/upstream/current/src/eap_server/eap.c Sun Nov 2 11:03:54 2008
@@ -1151,8 +1151,19 @@
conf->pac_opaque_encr_key, 16);
}
}
- if (conf->eap_fast_a_id)
- sm->eap_fast_a_id = os_strdup(conf->eap_fast_a_id);
+ if (conf->eap_fast_a_id) {
+ sm->eap_fast_a_id = os_malloc(conf->eap_fast_a_id_len);
+ if (sm->eap_fast_a_id) {
+ os_memcpy(sm->eap_fast_a_id, conf->eap_fast_a_id,
+ conf->eap_fast_a_id_len);
+ sm->eap_fast_a_id_len = conf->eap_fast_a_id_len;
+ }
+ }
+ if (conf->eap_fast_a_id_info)
+ sm->eap_fast_a_id_info = os_strdup(conf->eap_fast_a_id_info);
+ sm->eap_fast_prov = conf->eap_fast_prov;
+ sm->pac_key_lifetime = conf->pac_key_lifetime;
+ sm->pac_key_refresh_time = conf->pac_key_refresh_time;
sm->eap_sim_aka_result_ind = conf->eap_sim_aka_result_ind;
sm->tnc = conf->tnc;
@@ -1183,6 +1194,7 @@
os_free(sm->identity);
os_free(sm->pac_opaque_encr_key);
os_free(sm->eap_fast_a_id);
+ os_free(sm->eap_fast_a_id_info);
wpabuf_free(sm->eap_if.aaaEapReqData);
wpabuf_free(sm->eap_if.aaaEapRespData);
os_free(sm->eap_if.aaaEapKeyData);
Modified: wpasupplicant/branches/upstream/current/src/eap_server/eap.h
URL: http://svn.debian.org/wsvn/wpasupplicant/branches/upstream/current/src/eap_server/eap.h?rev=1279&op=diff
==============================================================================
--- wpasupplicant/branches/upstream/current/src/eap_server/eap.h (original)
+++ wpasupplicant/branches/upstream/current/src/eap_server/eap.h Sun Nov 2 11:03:54 2008
@@ -95,7 +95,12 @@
Boolean backend_auth;
int eap_server;
u8 *pac_opaque_encr_key;
- char *eap_fast_a_id;
+ u8 *eap_fast_a_id;
+ size_t eap_fast_a_id_len;
+ char *eap_fast_a_id_info;
+ int eap_fast_prov;
+ int pac_key_lifetime;
+ int pac_key_refresh_time;
int eap_sim_aka_result_ind;
int tnc;
};
Modified: wpasupplicant/branches/upstream/current/src/eap_server/eap_fast.c
URL: http://svn.debian.org/wsvn/wpasupplicant/branches/upstream/current/src/eap_server/eap_fast.c?rev=1279&op=diff
==============================================================================
--- wpasupplicant/branches/upstream/current/src/eap_server/eap_fast.c (original)
+++ wpasupplicant/branches/upstream/current/src/eap_server/eap_fast.c Sun Nov 2 11:03:54 2008
@@ -33,17 +33,6 @@
#define PAC_OPAQUE_TYPE_LIFETIME 2
#define PAC_OPAQUE_TYPE_IDENTITY 3
-/* PAC-Key lifetime in seconds (hard limit) */
-#define PAC_KEY_LIFETIME (7 * 24 * 60 * 60)
-
-/*
- * PAC-Key refresh time in seconds (soft limit on remaining hard limit). The
- * server will generate a new PAC-Key when this number of seconds (or fewer)
- * of the lifetime.
- */
-#define PAC_KEY_REFRESH_TIME (1 * 24 * 60 * 60)
-
-
struct eap_fast_data {
struct eap_ssl_data ssl;
enum {
@@ -67,7 +56,9 @@
int simck_idx;
u8 pac_opaque_encr[16];
- char *srv_id;
+ u8 *srv_id;
+ size_t srv_id_len;
+ char *srv_id_info;
int anon_provisioning;
int send_new_pac; /* server triggered re-keying of Tunnel PAC */
@@ -76,6 +67,9 @@
size_t identity_len;
int eap_seq;
int tnc_started;
+
+ int pac_key_lifetime;
+ int pac_key_refresh_time;
};
@@ -251,7 +245,7 @@
return 0;
}
- if (lifetime - now.sec < PAC_KEY_REFRESH_TIME)
+ if (lifetime - now.sec < data->pac_key_refresh_time)
data->send_new_pac = 1;
eap_fast_derive_master_secret(pac_key, server_random, client_random,
@@ -453,11 +447,34 @@
eap_fast_reset(sm, data);
return NULL;
}
- data->srv_id = os_strdup(sm->eap_fast_a_id);
+ data->srv_id = os_malloc(sm->eap_fast_a_id_len);
if (data->srv_id == NULL) {
eap_fast_reset(sm, data);
return NULL;
}
+ os_memcpy(data->srv_id, sm->eap_fast_a_id, sm->eap_fast_a_id_len);
+ data->srv_id_len = sm->eap_fast_a_id_len;
+
+ if (sm->eap_fast_a_id_info == NULL) {
+ wpa_printf(MSG_INFO, "EAP-FAST: No A-ID-Info configured");
+ eap_fast_reset(sm, data);
+ return NULL;
+ }
+ data->srv_id_info = os_strdup(sm->eap_fast_a_id_info);
+ if (data->srv_id_info == NULL) {
+ eap_fast_reset(sm, data);
+ return NULL;
+ }
+
+ /* PAC-Key lifetime in seconds (hard limit) */
+ data->pac_key_lifetime = sm->pac_key_lifetime;
+
+ /*
+ * PAC-Key refresh time in seconds (soft limit on remaining hard
+ * limit). The server will generate a new PAC-Key when this number of
+ * seconds (or fewer) of the lifetime remains.
+ */
+ data->pac_key_refresh_time = sm->pac_key_refresh_time;
return data;
}
@@ -472,6 +489,7 @@
data->phase2_method->reset(sm, data->phase2_priv);
eap_server_tls_ssl_deinit(sm, &data->ssl);
os_free(data->srv_id);
+ os_free(data->srv_id_info);
os_free(data->key_block_p);
wpabuf_free(data->pending_phase2_resp);
os_free(data->identity);
@@ -483,10 +501,9 @@
struct eap_fast_data *data, u8 id)
{
struct wpabuf *req;
- size_t srv_id_len = os_strlen(data->srv_id);
req = eap_msg_alloc(EAP_VENDOR_IETF, EAP_TYPE_FAST,
- 1 + sizeof(struct pac_tlv_hdr) + srv_id_len,
+ 1 + sizeof(struct pac_tlv_hdr) + data->srv_id_len,
EAP_CODE_REQUEST, id);
if (req == NULL) {
wpa_printf(MSG_ERROR, "EAP-FAST: Failed to allocate memory for"
@@ -498,7 +515,7 @@
wpabuf_put_u8(req, EAP_TLS_FLAGS_START | data->fast_version);
/* RFC 4851, 4.1.1. Authority ID Data */
- eap_fast_put_tlv(req, PAC_TYPE_A_ID, data->srv_id, srv_id_len);
+ eap_fast_put_tlv(req, PAC_TYPE_A_ID, data->srv_id, data->srv_id_len);
eap_fast_state(data, PHASE1);
@@ -646,7 +663,7 @@
u8 *pac_buf, *pac_opaque;
struct wpabuf *buf;
u8 *pos;
- size_t buf_len, srv_id_len, pac_len;
+ size_t buf_len, srv_id_info_len, pac_len;
struct eap_tlv_hdr *pac_tlv;
struct pac_tlv_hdr *pac_info;
struct eap_tlv_result_tlv *result;
@@ -664,7 +681,7 @@
if (pac_buf == NULL)
return NULL;
- srv_id_len = os_strlen(data->srv_id);
+ srv_id_info_len = os_strlen(data->srv_id_info);
pos = pac_buf;
*pos++ = PAC_OPAQUE_TYPE_KEY;
@@ -674,7 +691,7 @@
*pos++ = PAC_OPAQUE_TYPE_LIFETIME;
*pos++ = 4;
- WPA_PUT_BE32(pos, now.sec + PAC_KEY_LIFETIME);
+ WPA_PUT_BE32(pos, now.sec + data->pac_key_lifetime);
pos += 4;
if (sm->identity) {
@@ -710,50 +727,12 @@
buf_len = sizeof(*pac_tlv) +
sizeof(struct pac_tlv_hdr) + EAP_FAST_PAC_KEY_LEN +
sizeof(struct pac_tlv_hdr) + pac_len +
- 2 * srv_id_len + 100 + sizeof(*result);
+ data->srv_id_len + srv_id_info_len + 100 + sizeof(*result);
buf = wpabuf_alloc(buf_len);
if (buf == NULL) {
os_free(pac_opaque);
return NULL;
}
-
- /* PAC TLV */
- wpa_printf(MSG_DEBUG, "EAP-FAST: Add PAC TLV");
- pac_tlv = wpabuf_put(buf, sizeof(*pac_tlv));
- pac_tlv->tlv_type = host_to_be16(EAP_TLV_TYPE_MANDATORY |
- EAP_TLV_PAC_TLV);
-
- /* PAC-Key */
- eap_fast_put_tlv(buf, PAC_TYPE_PAC_KEY, pac_key, EAP_FAST_PAC_KEY_LEN);
-
- /* PAC-Opaque */
- eap_fast_put_tlv(buf, PAC_TYPE_PAC_OPAQUE, pac_opaque, pac_len);
- os_free(pac_opaque);
-
- /* PAC-Info */
- pac_info = wpabuf_put(buf, sizeof(*pac_info));
- pac_info->type = host_to_be16(PAC_TYPE_PAC_INFO);
-
- /* PAC-Lifetime (inside PAC-Info) */
- eap_fast_put_tlv_hdr(buf, PAC_TYPE_CRED_LIFETIME, 4);
- wpabuf_put_be32(buf, now.sec + PAC_KEY_LIFETIME);
-
- /* A-ID (inside PAC-Info) */
- eap_fast_put_tlv(buf, PAC_TYPE_A_ID, data->srv_id, srv_id_len);
-
- /* Note: headers may be misaligned after A-ID */
-
- /* A-ID-Info (inside PAC-Info) */
- eap_fast_put_tlv(buf, PAC_TYPE_A_ID_INFO, data->srv_id, srv_id_len);
-
- /* PAC-Type (inside PAC-Info) */
- eap_fast_put_tlv_hdr(buf, PAC_TYPE_PAC_TYPE, 2);
- wpabuf_put_be16(buf, PAC_TYPE_TUNNEL_PAC);
-
- /* Update PAC-Info and PAC TLV Length fields */
- pos = wpabuf_put(buf, 0);
- pac_info->len = host_to_be16(pos - (u8 *) (pac_info + 1));
- pac_tlv->length = host_to_be16(pos - (u8 *) (pac_tlv + 1));
/* Result TLV */
wpa_printf(MSG_DEBUG, "EAP-FAST: Add Result TLV (status=SUCCESS)");
@@ -762,6 +741,45 @@
EAP_TLV_TYPE_MANDATORY | EAP_TLV_RESULT_TLV);
WPA_PUT_BE16((u8 *) &result->length, 2);
WPA_PUT_BE16((u8 *) &result->status, EAP_TLV_RESULT_SUCCESS);
+
+ /* PAC TLV */
+ wpa_printf(MSG_DEBUG, "EAP-FAST: Add PAC TLV");
+ pac_tlv = wpabuf_put(buf, sizeof(*pac_tlv));
+ pac_tlv->tlv_type = host_to_be16(EAP_TLV_TYPE_MANDATORY |
+ EAP_TLV_PAC_TLV);
+
+ /* PAC-Key */
+ eap_fast_put_tlv(buf, PAC_TYPE_PAC_KEY, pac_key, EAP_FAST_PAC_KEY_LEN);
+
+ /* PAC-Opaque */
+ eap_fast_put_tlv(buf, PAC_TYPE_PAC_OPAQUE, pac_opaque, pac_len);
+ os_free(pac_opaque);
+
+ /* PAC-Info */
+ pac_info = wpabuf_put(buf, sizeof(*pac_info));
+ pac_info->type = host_to_be16(PAC_TYPE_PAC_INFO);
+
+ /* PAC-Lifetime (inside PAC-Info) */
+ eap_fast_put_tlv_hdr(buf, PAC_TYPE_CRED_LIFETIME, 4);
+ wpabuf_put_be32(buf, now.sec + data->pac_key_lifetime);
+
+ /* A-ID (inside PAC-Info) */
+ eap_fast_put_tlv(buf, PAC_TYPE_A_ID, data->srv_id, data->srv_id_len);
+
+ /* Note: headers may be misaligned after A-ID */
+
+ /* A-ID-Info (inside PAC-Info) */
+ eap_fast_put_tlv(buf, PAC_TYPE_A_ID_INFO, data->srv_id_info,
+ srv_id_info_len);
+
+ /* PAC-Type (inside PAC-Info) */
+ eap_fast_put_tlv_hdr(buf, PAC_TYPE_PAC_TYPE, 2);
+ wpabuf_put_be16(buf, PAC_TYPE_TUNNEL_PAC);
+
+ /* Update PAC-Info and PAC TLV Length fields */
+ pos = wpabuf_put(buf, 0);
+ pac_info->len = host_to_be16(pos - (u8 *) (pac_info + 1));
+ pac_tlv->length = host_to_be16(pos - (u8 *) (pac_tlv + 1));
return buf;
}
@@ -1012,20 +1030,21 @@
hdr = (struct eap_hdr *) in_data;
if (in_len < (int) sizeof(*hdr)) {
wpa_printf(MSG_INFO, "EAP-FAST: Too short Phase 2 "
- "EAP frame (len=%d)", in_len);
+ "EAP frame (len=%lu)", (unsigned long) in_len);
eap_fast_req_failure(sm, data);
return;
}
len = be_to_host16(hdr->length);
if (len > in_len) {
wpa_printf(MSG_INFO, "EAP-FAST: Length mismatch in "
- "Phase 2 EAP frame (len=%d hdr->length=%d)",
- in_len, len);
+ "Phase 2 EAP frame (len=%lu hdr->length=%lu)",
+ (unsigned long) in_len, (unsigned long) len);
eap_fast_req_failure(sm, data);
return;
}
wpa_printf(MSG_DEBUG, "EAP-FAST: Received Phase 2: code=%d "
- "identifier=%d length=%d", hdr->code, hdr->identifier, len);
+ "identifier=%d length=%lu", hdr->code, hdr->identifier,
+ (unsigned long) len);
switch (hdr->code) {
case EAP_CODE_RESPONSE:
eap_fast_process_phase2_response(sm, data, (u8 *) hdr, len);
@@ -1239,6 +1258,28 @@
if (data->final_result) {
wpa_printf(MSG_DEBUG, "EAP-FAST: Authentication "
"completed successfully");
+ }
+
+ if (data->anon_provisioning &&
+ sm->eap_fast_prov != ANON_PROV &&
+ sm->eap_fast_prov != BOTH_PROV) {
+ wpa_printf(MSG_DEBUG, "EAP-FAST: Client is trying to "
+ "use unauthenticated provisioning which is "
+ "disabled");
+ eap_fast_state(data, FAILURE);
+ return;
+ }
+
+ if (sm->eap_fast_prov != AUTH_PROV &&
+ sm->eap_fast_prov != BOTH_PROV &&
+ tlv.request_action == EAP_TLV_ACTION_PROCESS_TLV &&
+ eap_fast_pac_type(tlv.pac, tlv.pac_len,
+ PAC_TYPE_TUNNEL_PAC)) {
+ wpa_printf(MSG_DEBUG, "EAP-FAST: Client is trying to "
+ "use authenticated provisioning which is "
+ "disabled");
+ eap_fast_state(data, FAILURE);
+ return;
}
if (data->anon_provisioning ||
Modified: wpasupplicant/branches/upstream/current/src/eap_server/eap_gpsk.c
URL: http://svn.debian.org/wsvn/wpasupplicant/branches/upstream/current/src/eap_server/eap_gpsk.c?rev=1279&op=diff
==============================================================================
--- wpasupplicant/branches/upstream/current/src/eap_server/eap_gpsk.c (original)
+++ wpasupplicant/branches/upstream/current/src/eap_server/eap_gpsk.c Sun Nov 2 11:03:54 2008
@@ -433,7 +433,9 @@
miclen = eap_gpsk_mic_len(data->vendor, data->specifier);
if (end - pos < (int) miclen) {
wpa_printf(MSG_DEBUG, "EAP-GPSK: Message too short for MIC "
- "(left=%d miclen=%d)", end - pos, miclen);
+ "(left=%lu miclen=%lu)",
+ (unsigned long) (end - pos),
+ (unsigned long) miclen);
eap_gpsk_state(data, FAILURE);
return;
}
@@ -454,8 +456,9 @@
pos += miclen;
if (pos != end) {
- wpa_printf(MSG_DEBUG, "EAP-GPSK: Ignored %d bytes of extra "
- "data in the end of GPSK-2", end - pos);
+ wpa_printf(MSG_DEBUG, "EAP-GPSK: Ignored %lu bytes of extra "
+ "data in the end of GPSK-2",
+ (unsigned long) (end - pos));
}
eap_gpsk_state(data, GPSK_3);
@@ -499,7 +502,9 @@
miclen = eap_gpsk_mic_len(data->vendor, data->specifier);
if (end - pos < (int) miclen) {
wpa_printf(MSG_DEBUG, "EAP-GPSK: Message too short for MIC "
- "(left=%d miclen=%d)", end - pos, miclen);
+ "(left=%lu miclen=%lu)",
+ (unsigned long) (end - pos),
+ (unsigned long) miclen);
eap_gpsk_state(data, FAILURE);
return;
}
@@ -520,8 +525,9 @@
pos += miclen;
if (pos != end) {
- wpa_printf(MSG_DEBUG, "EAP-GPSK: Ignored %d bytes of extra "
- "data in the end of GPSK-4", end - pos);
+ wpa_printf(MSG_DEBUG, "EAP-GPSK: Ignored %lu bytes of extra "
+ "data in the end of GPSK-4",
+ (unsigned long) (end - pos));
}
eap_gpsk_state(data, SUCCESS);
Modified: wpasupplicant/branches/upstream/current/src/eap_server/eap_i.h
URL: http://svn.debian.org/wsvn/wpasupplicant/branches/upstream/current/src/eap_server/eap_i.h?rev=1279&op=diff
==============================================================================
--- wpasupplicant/branches/upstream/current/src/eap_server/eap_i.h (original)
+++ wpasupplicant/branches/upstream/current/src/eap_server/eap_i.h Sun Nov 2 11:03:54 2008
@@ -171,7 +171,14 @@
u8 *peer_challenge;
u8 *pac_opaque_encr_key;
- char *eap_fast_a_id;
+ u8 *eap_fast_a_id;
+ size_t eap_fast_a_id_len;
+ char *eap_fast_a_id_info;
+ enum {
+ NO_PROV, ANON_PROV, AUTH_PROV, BOTH_PROV
+ } eap_fast_prov;
+ int pac_key_lifetime;
+ int pac_key_refresh_time;
int eap_sim_aka_result_ind;
int tnc;
};
Modified: wpasupplicant/branches/upstream/current/src/eapol_supp/eapol_supp_sm.c
URL: http://svn.debian.org/wsvn/wpasupplicant/branches/upstream/current/src/eapol_supp/eapol_supp_sm.c?rev=1279&op=diff
==============================================================================
--- wpasupplicant/branches/upstream/current/src/eapol_supp/eapol_supp_sm.c (original)
+++ wpasupplicant/branches/upstream/current/src/eapol_supp/eapol_supp_sm.c Sun Nov 2 11:03:54 2008
@@ -1422,8 +1422,10 @@
{
if (sm == NULL)
return;
+ wpa_printf(MSG_DEBUG, "EAPOL: PMKSA caching was used - skip EAPOL");
sm->SUPP_PAE_state = SUPP_PAE_AUTHENTICATED;
sm->suppPortStatus = Authorized;
+ sm->portValid = TRUE;
eap_notify_success(sm->eap);
eapol_sm_step(sm);
}
Modified: wpasupplicant/branches/upstream/current/src/radius/radius_server.c
URL: http://svn.debian.org/wsvn/wpasupplicant/branches/upstream/current/src/radius/radius_server.c?rev=1279&op=diff
==============================================================================
--- wpasupplicant/branches/upstream/current/src/radius/radius_server.c (original)
+++ wpasupplicant/branches/upstream/current/src/radius/radius_server.c Sun Nov 2 11:03:54 2008
@@ -85,7 +85,12 @@
void *eap_sim_db_priv;
void *ssl_ctx;
u8 *pac_opaque_encr_key;
- char *eap_fast_a_id;
+ u8 *eap_fast_a_id;
+ size_t eap_fast_a_id_len;
+ char *eap_fast_a_id_info;
+ int eap_fast_prov;
+ int pac_key_lifetime;
+ int pac_key_refresh_time;
int eap_sim_aka_result_ind;
int tnc;
int ipv6;
@@ -311,6 +316,11 @@
eap_conf.eap_server = 1;
eap_conf.pac_opaque_encr_key = data->pac_opaque_encr_key;
eap_conf.eap_fast_a_id = data->eap_fast_a_id;
+ eap_conf.eap_fast_a_id_len = data->eap_fast_a_id_len;
+ eap_conf.eap_fast_a_id_info = data->eap_fast_a_id_info;
+ eap_conf.eap_fast_prov = data->eap_fast_prov;
+ eap_conf.pac_key_lifetime = data->pac_key_lifetime;
+ eap_conf.pac_key_refresh_time = data->pac_key_refresh_time;
eap_conf.eap_sim_aka_result_ind = data->eap_sim_aka_result_ind;
eap_conf.tnc = data->tnc;
sess->eap = eap_server_sm_init(sess, &radius_server_eapol_cb,
@@ -1014,8 +1024,19 @@
os_memcpy(data->pac_opaque_encr_key, conf->pac_opaque_encr_key,
16);
}
- if (conf->eap_fast_a_id)
- data->eap_fast_a_id = os_strdup(conf->eap_fast_a_id);
+ if (conf->eap_fast_a_id) {
+ data->eap_fast_a_id = os_malloc(conf->eap_fast_a_id_len);
+ if (data->eap_fast_a_id) {
+ os_memcpy(data->eap_fast_a_id, conf->eap_fast_a_id,
+ conf->eap_fast_a_id_len);
+ data->eap_fast_a_id_len = conf->eap_fast_a_id_len;
+ }
+ }
+ if (conf->eap_fast_a_id_info)
+ data->eap_fast_a_id_info = os_strdup(conf->eap_fast_a_id_info);
+ data->eap_fast_prov = conf->eap_fast_prov;
+ data->pac_key_lifetime = conf->pac_key_lifetime;
+ data->pac_key_refresh_time = conf->pac_key_refresh_time;
data->get_eap_user = conf->get_eap_user;
data->eap_sim_aka_result_ind = conf->eap_sim_aka_result_ind;
data->tnc = conf->tnc;
@@ -1065,6 +1086,7 @@
os_free(data->pac_opaque_encr_key);
os_free(data->eap_fast_a_id);
+ os_free(data->eap_fast_a_id_info);
os_free(data);
}
Modified: wpasupplicant/branches/upstream/current/src/radius/radius_server.h
URL: http://svn.debian.org/wsvn/wpasupplicant/branches/upstream/current/src/radius/radius_server.h?rev=1279&op=diff
==============================================================================
--- wpasupplicant/branches/upstream/current/src/radius/radius_server.h (original)
+++ wpasupplicant/branches/upstream/current/src/radius/radius_server.h Sun Nov 2 11:03:54 2008
@@ -25,7 +25,12 @@
void *eap_sim_db_priv;
void *ssl_ctx;
u8 *pac_opaque_encr_key;
- char *eap_fast_a_id;
+ u8 *eap_fast_a_id;
+ size_t eap_fast_a_id_len;
+ char *eap_fast_a_id_info;
+ int eap_fast_prov;
+ int pac_key_lifetime;
+ int pac_key_refresh_time;
int eap_sim_aka_result_ind;
int tnc;
int ipv6;
Modified: wpasupplicant/branches/upstream/current/src/utils/os_unix.c
URL: http://svn.debian.org/wsvn/wpasupplicant/branches/upstream/current/src/utils/os_unix.c?rev=1279&op=diff
==============================================================================
--- wpasupplicant/branches/upstream/current/src/utils/os_unix.c (original)
+++ wpasupplicant/branches/upstream/current/src/utils/os_unix.c Sun Nov 2 11:03:54 2008
@@ -220,7 +220,12 @@
return NULL;
}
- fread(buf, 1, *len, f);
+ if (fread(buf, 1, *len, f) != *len) {
+ fclose(f);
+ free(buf);
+ return NULL;
+ }
+
fclose(f);
return buf;
Modified: wpasupplicant/branches/upstream/current/wpa_supplicant/ChangeLog
URL: http://svn.debian.org/wsvn/wpasupplicant/branches/upstream/current/wpa_supplicant/ChangeLog?rev=1279&op=diff
==============================================================================
--- wpasupplicant/branches/upstream/current/wpa_supplicant/ChangeLog (original)
+++ wpasupplicant/branches/upstream/current/wpa_supplicant/ChangeLog Sun Nov 2 11:03:54 2008
@@ -1,6 +1,6 @@
ChangeLog for wpa_supplicant
-????-??-?? - v0.6.5
+2008-11-01 - v0.6.5
* added support for SHA-256 as X.509 certificate digest when using the
internal X.509/TLSv1 implementation
* updated management frame protection to use IEEE 802.11w/D6.0
Modified: wpasupplicant/branches/upstream/current/wpa_supplicant/Makefile
URL: http://svn.debian.org/wsvn/wpasupplicant/branches/upstream/current/wpa_supplicant/Makefile?rev=1279&op=diff
==============================================================================
--- wpasupplicant/branches/upstream/current/wpa_supplicant/Makefile (original)
+++ wpasupplicant/branches/upstream/current/wpa_supplicant/Makefile Sun Nov 2 11:03:54 2008
@@ -925,7 +925,7 @@
endif
ifdef CONFIG_CLIENT_MLME
-OBJS += mlme.o
+OBJS += mlme.o ../src/common/ieee802_11_common.o
CFLAGS += -DCONFIG_CLIENT_MLME
endif
Modified: wpasupplicant/branches/upstream/current/wpa_supplicant/README-Windows.txt
URL: http://svn.debian.org/wsvn/wpasupplicant/branches/upstream/current/wpa_supplicant/README-Windows.txt?rev=1279&op=diff
==============================================================================
--- wpasupplicant/branches/upstream/current/wpa_supplicant/README-Windows.txt (original)
+++ wpasupplicant/branches/upstream/current/wpa_supplicant/README-Windows.txt Sun Nov 2 11:03:54 2008
@@ -67,10 +67,11 @@
can also be used by creating a project that includes the files and
defines mentioned in nmake.mak. Example VS2005 solution and project
files are included in vs2005 subdirectory. This can be used as a
-starting point for building the programs with VS2005 IDE.
+starting point for building the programs with VS2005 IDE. Visual Studio
+2008 Express Edition is also able to use these project files.
WinPcap development package is needed for the build and this can be
-downloaded from http://www.winpcap.org/install/bin/WpdPack_3_1.zip. The
+downloaded from http://www.winpcap.org/install/bin/WpdPack_4_0_2.zip. The
default nmake.mak expects this to be unpacked into C:\dev\WpdPack so
that Include and Lib directories are in this directory. The files can be
stored elsewhere as long as the WINPCAPDIR in nmake.mak is updated to
@@ -79,10 +80,10 @@
properties as additional include/library directories.
OpenSSL source package can be downloaded from
-http://www.openssl.org/source/openssl-0.9.8b.tar.gz and built and
+http://www.openssl.org/source/openssl-0.9.8i.tar.gz and built and
installed following instructions in INSTALL.W32. Note that if EAP-FAST
support will be included in the wpa_supplicant, OpenSSL needs to be
-patched to# support it openssl-tls-extensions.patch. The example
+patched to# support it openssl-0.9.8i-tls-extensions.patch. The example
nmake.mak file expects OpenSSL to be installed into C:\dev\openssl, but
this directory can be modified by changing OPENSSLDIR variable in
nmake.mak.
Modified: wpasupplicant/branches/upstream/current/wpa_supplicant/ctrl_iface.c
URL: http://svn.debian.org/wsvn/wpasupplicant/branches/upstream/current/wpa_supplicant/ctrl_iface.c?rev=1279&op=diff
==============================================================================
--- wpasupplicant/branches/upstream/current/wpa_supplicant/ctrl_iface.c (original)
+++ wpasupplicant/branches/upstream/current/wpa_supplicant/ctrl_iface.c Sun Nov 2 11:03:54 2008
@@ -1250,6 +1250,10 @@
char *pos, *end;
const u8 *ie, *ie2;
+ if (wpa_s->scan_res == NULL &&
+ wpa_supplicant_get_scan_results(wpa_s) < 0)
+ return 0;
+
results = wpa_s->scan_res;
if (results == NULL)
return 0;
@@ -1269,32 +1273,32 @@
bss = results->res[i];
pos = buf;
end = buf + buflen;
- ret = snprintf(pos, end - pos,
- "bssid=" MACSTR "\n"
- "freq=%d\n"
- "beacon_int=%d\n"
- "capabilities=0x%04x\n"
- "qual=%d\n"
- "noise=%d\n"
- "level=%d\n"
- "tsf=%016llu\n"
- "ie=",
- MAC2STR(bss->bssid), bss->freq, bss->beacon_int,
- bss->caps, bss->qual, bss->noise, bss->level,
- (unsigned long long) bss->tsf);
+ ret = os_snprintf(pos, end - pos,
+ "bssid=" MACSTR "\n"
+ "freq=%d\n"
+ "beacon_int=%d\n"
+ "capabilities=0x%04x\n"
+ "qual=%d\n"
+ "noise=%d\n"
+ "level=%d\n"
+ "tsf=%016llu\n"
+ "ie=",
+ MAC2STR(bss->bssid), bss->freq, bss->beacon_int,
+ bss->caps, bss->qual, bss->noise, bss->level,
+ (unsigned long long) bss->tsf);
if (ret < 0 || ret >= end - pos)
return pos - buf;
pos += ret;
ie = (const u8 *) (bss + 1);
for (i = 0; i < bss->ie_len; i++) {
- ret = snprintf(pos, end - pos, "%02x", *ie++);
- if (ret < 0 || ret >= end - pos)
- return pos - buf;
- pos += ret;
- }
-
- ret = snprintf(pos, end - pos, "\n");
+ ret = os_snprintf(pos, end - pos, "%02x", *ie++);
+ if (ret < 0 || ret >= end - pos)
+ return pos - buf;
+ pos += ret;
+ }
+
+ ret = os_snprintf(pos, end - pos, "\n");
if (ret < 0 || ret >= end - pos)
return pos - buf;
pos += ret;
@@ -1323,7 +1327,7 @@
pos += ret;
}
- ret = snprintf(pos, end - pos, "\n");
+ ret = os_snprintf(pos, end - pos, "\n");
if (ret < 0 || ret >= end - pos)
return pos - buf;
pos += ret;
Added: wpasupplicant/branches/upstream/current/wpa_supplicant/doc/docbook/wpa_background.8
URL: http://svn.debian.org/wsvn/wpasupplicant/branches/upstream/current/wpa_supplicant/doc/docbook/wpa_background.8?rev=1279&op=file
==============================================================================
--- wpasupplicant/branches/upstream/current/wpa_supplicant/doc/docbook/wpa_background.8 (added)
+++ wpasupplicant/branches/upstream/current/wpa_supplicant/doc/docbook/wpa_background.8 Sun Nov 2 11:03:54 2008
@@ -1,0 +1,84 @@
+.\" This manpage has been automatically generated by docbook2man
+.\" from a DocBook document. This tool can be found at:
+.\" <http://shell.ipoline.com/~elmert/comp/docbook2X/>
+.\" Please send any bug reports, improvements, comments, patches,
+.\" etc. to Steve Cheng <steve at ggi-project.org>.
+.TH "WPA_BACKGROUND" "8" "01 November 2008" "" ""
+
+.SH NAME
+wpa_background \- Background information on Wi-Fi Protected Access and IEEE 802.11i
+.SH "WPA"
+.PP
+The original security mechanism of IEEE 802.11 standard was
+not designed to be strong and has proven to be insufficient for
+most networks that require some kind of security. Task group I
+(Security) of IEEE 802.11 working group
+(http://www.ieee802.org/11/) has worked to address the flaws of
+the base standard and has in practice completed its work in May
+2004. The IEEE 802.11i amendment to the IEEE 802.11 standard was
+approved in June 2004 and published in July 2004.
+.PP
+Wi-Fi Alliance (http://www.wi-fi.org/) used a draft version
+of the IEEE 802.11i work (draft 3.0) to define a subset of the
+security enhancements that can be implemented with existing wlan
+hardware. This is called Wi-Fi Protected Access<TM> (WPA). This
+has now become a mandatory component of interoperability testing
+and certification done by Wi-Fi Alliance. Wi-Fi provides
+information about WPA at its web site
+(http://www.wi-fi.org/OpenSection/protected_access.asp).
+.PP
+IEEE 802.11 standard defined wired equivalent privacy (WEP)
+algorithm for protecting wireless networks. WEP uses RC4 with
+40-bit keys, 24-bit initialization vector (IV), and CRC32 to
+protect against packet forgery. All these choices have proven to
+be insufficient: key space is too small against current attacks,
+RC4 key scheduling is insufficient (beginning of the pseudorandom
+stream should be skipped), IV space is too small and IV reuse
+makes attacks easier, there is no replay protection, and non-keyed
+authentication does not protect against bit flipping packet
+data.
+.PP
+WPA is an intermediate solution for the security issues. It
+uses Temporal Key Integrity Protocol (TKIP) to replace WEP. TKIP
+is a compromise on strong security and possibility to use existing
+hardware. It still uses RC4 for the encryption like WEP, but with
+per-packet RC4 keys. In addition, it implements replay protection,
+keyed packet authentication mechanism (Michael MIC).
+.PP
+Keys can be managed using two different mechanisms. WPA can
+either use an external authentication server (e.g., RADIUS) and
+EAP just like IEEE 802.1X is using or pre-shared keys without need
+for additional servers. Wi-Fi calls these "WPA-Enterprise" and
+"WPA-Personal", respectively. Both mechanisms will generate a
+master session key for the Authenticator (AP) and Supplicant
+(client station).
+.PP
+WPA implements a new key handshake (4-Way Handshake and
+Group Key Handshake) for generating and exchanging data encryption
+keys between the Authenticator and Supplicant. This handshake is
+also used to verify that both Authenticator and Supplicant know
+the master session key. These handshakes are identical regardless
+of the selected key management mechanism (only the method for
+generating master session key changes).
+.SH "IEEE 802.11I / WPA2"
+.PP
+The design for parts of IEEE 802.11i that were not included
+in WPA has finished (May 2004) and this amendment to IEEE 802.11
+was approved in June 2004. Wi-Fi Alliance is using the final IEEE
+802.11i as a new version of WPA called WPA2. This includes, e.g.,
+support for more robust encryption algorithm (CCMP: AES in Counter
+mode with CBC-MAC) to replace TKIP and optimizations for handoff
+(reduced number of messages in initial key handshake,
+pre-authentication, and PMKSA caching).
+.SH "SEE ALSO"
+.PP
+\fBwpa_supplicant\fR(8)
+.SH "LEGAL"
+.PP
+wpa_supplicant is copyright (c) 2003-2007,
+Jouni Malinen <j at w1.fi> and
+contributors.
+All Rights Reserved.
+.PP
+This program is dual-licensed under both the GPL version 2
+and BSD license. Either license may be used at your option.
Added: wpasupplicant/branches/upstream/current/wpa_supplicant/doc/docbook/wpa_cli.8
URL: http://svn.debian.org/wsvn/wpasupplicant/branches/upstream/current/wpa_supplicant/doc/docbook/wpa_cli.8?rev=1279&op=file
==============================================================================
--- wpasupplicant/branches/upstream/current/wpa_supplicant/doc/docbook/wpa_cli.8 (added)
+++ wpasupplicant/branches/upstream/current/wpa_supplicant/doc/docbook/wpa_cli.8 Sun Nov 2 11:03:54 2008
@@ -1,0 +1,210 @@
+.\" This manpage has been automatically generated by docbook2man
+.\" from a DocBook document. This tool can be found at:
+.\" <http://shell.ipoline.com/~elmert/comp/docbook2X/>
+.\" Please send any bug reports, improvements, comments, patches,
+.\" etc. to Steve Cheng <steve at ggi-project.org>.
+.TH "WPA_CLI" "8" "01 November 2008" "" ""
+
+.SH NAME
+wpa_cli \- WPA command line client
+.SH SYNOPSIS
+
+\fBwpa_cli\fR [ \fB-p \fIpath to ctrl sockets\fB\fR ] [ \fB-i \fIifname\fB\fR ] [ \fB-hvB\fR ] [ \fB-a \fIaction file\fB\fR ] [ \fB-P \fIpid file\fB\fR ] [ \fB\fIcommand ...\fB\fR ]
+
+.SH "OVERVIEW"
+.PP
+wpa_cli is a text-based frontend program for interacting
+with wpa_supplicant. It is used to query current status, change
+configuration, trigger events, and request interactive user
+input.
+.PP
+wpa_cli can show the current authentication status, selected
+security mode, dot11 and dot1x MIBs, etc. In addition, it can
+configure some variables like EAPOL state machine parameters and
+trigger events like reassociation and IEEE 802.1X
+logoff/logon. wpa_cli provides a user interface to request
+authentication information, like username and password, if these
+are not included in the configuration. This can be used to
+implement, e.g., one-time-passwords or generic token card
+authentication where the authentication is based on a
+challenge-response that uses an external device for generating the
+response.
+.PP
+The control interface of wpa_supplicant can be configured to
+allow non-root user access (ctrl_interface GROUP= parameter in the
+configuration file). This makes it possible to run wpa_cli with a
+normal user account.
+.PP
+wpa_cli supports two modes: interactive and command
+line. Both modes share the same command set and the main
+difference is in interactive mode providing access to unsolicited
+messages (event messages, username/password requests).
+.PP
+Interactive mode is started when wpa_cli is executed without
+including the command as a command line parameter. Commands are
+then entered on the wpa_cli prompt. In command line mode, the same
+commands are entered as command line arguments for wpa_cli.
+.SH "INTERACTIVE AUTHENTICATION PARAMETERS REQUEST"
+.PP
+When wpa_supplicant need authentication parameters, like
+username and password, which are not present in the configuration
+file, it sends a request message to all attached frontend programs,
+e.g., wpa_cli in interactive mode. wpa_cli shows these requests
+with "CTRL-REQ-<type>-<id>:<text>"
+prefix. <type> is IDENTITY, PASSWORD, or OTP
+(one-time-password). <id> is a unique identifier for the
+current network. <text> is description of the request. In
+case of OTP request, it includes the challenge from the
+authentication server.
+.PP
+The reply to these requests can be given with
+\fBidentity\fR, \fBpassword\fR, and
+\fBotp\fR commands. <id> needs to be copied from
+the matching request. \fBpassword\fR and
+\fBotp\fR commands can be used regardless of whether
+the request was for PASSWORD or OTP. The main difference between these
+two commands is that values given with \fBpassword\fR are
+remembered as long as wpa_supplicant is running whereas values given
+with \fBotp\fR are used only once and then forgotten,
+i.e., wpa_supplicant will ask frontend for a new value for every use.
+This can be used to implement one-time-password lists and generic token
+card -based authentication.
+.PP
+Example request for password and a matching reply:
+.sp
+.RS
+
+.nf
+CTRL-REQ-PASSWORD-1:Password needed for SSID foobar
+> password 1 mysecretpassword
+.fi
+.RE
+.PP
+Example request for generic token card challenge-response:
+.sp
+.RS
+
+.nf
+CTRL-REQ-OTP-2:Challenge 1235663 needed for SSID foobar
+> otp 2 9876
+.fi
+.RE
+.SH "COMMAND ARGUMENTS"
+.TP
+\fB-p path\fR
+Change the path where control sockets should
+be found.
+.TP
+\fB-i ifname\fR
+Specify the interface that is being
+configured. By default, choose the first interface found with
+a control socket in the socket path.
+.TP
+\fB-h\fR
+Help. Show a usage message.
+.TP
+\fB-v\fR
+Show version information.
+.TP
+\fB-B\fR
+Run as a daemon in the background.
+.TP
+\fB-a file\fR
+Run in daemon mode executing the action file
+based on events from wpa_supplicant. The specified file will
+be executed with the first argument set to interface name and
+second to "CONNECTED" or "DISCONNECTED" depending on the event.
+This can be used to execute networking tools required to configure
+the interface.
+
+Additionally, three environmental variables are available to
+the file: WPA_CTRL_DIR, WPA_ID, and WPA_ID_STR. WPA_CTRL_DIR
+contains the absolute path to the ctrl_interface socket. WPA_ID
+contains the unique network_id identifier assigned to the active
+network, and WPA_ID_STR contains the content of the id_str option.
+.TP
+\fB-P file\fR
+Set the location of the PID
+file.
+.TP
+\fBcommand\fR
+Run a command. The available commands are
+listed in the next section.
+.SH "COMMANDS"
+.PP
+The following commands are available:
+.TP
+\fBstatus\fR
+get current WPA/EAPOL/EAP status
+.TP
+\fBmib\fR
+get MIB variables (dot1x, dot11)
+.TP
+\fBhelp\fR
+show this usage help
+.TP
+\fBinterface [ifname]\fR
+show interfaces/select interface
+.TP
+\fBlevel <debug level>\fR
+change debug level
+.TP
+\fBlicense\fR
+show full wpa_cli license
+.TP
+\fBlogoff\fR
+IEEE 802.1X EAPOL state machine logoff
+.TP
+\fBlogon\fR
+IEEE 802.1X EAPOL state machine logon
+.TP
+\fBset\fR
+set variables (shows list of variables when run without arguments)
+.TP
+\fBpmksa\fR
+show PMKSA cache
+.TP
+\fBreassociate\fR
+force reassociation
+.TP
+\fBreconfigure\fR
+force wpa_supplicant to re-read its configuration file
+.TP
+\fBpreauthenticate <BSSID>\fR
+force preauthentication
+.TP
+\fBidentity <network id> <identity>\fR
+configure identity for an SSID
+.TP
+\fBpassword <network id> <password>\fR
+configure password for an SSID
+.TP
+\fBpin <network id> <pin>\fR
+configure pin for an SSID
+.TP
+\fBotp <network id> <password>\fR
+configure one-time-password for an SSID
+.TP
+\fBbssid <network id> <BSSID>\fR
+set preferred BSSID for an SSID
+.TP
+\fBlist_networks\fR
+list configured networks
+.TP
+\fBterminate\fR
+terminate \fBwpa_supplicant\fR
+.TP
+\fBquit\fR
+exit wpa_cli
+.SH "SEE ALSO"
+.PP
+\fBwpa_supplicant\fR(8)
+.SH "LEGAL"
+.PP
+wpa_supplicant is copyright (c) 2003-2007,
+Jouni Malinen <j at w1.fi> and
+contributors.
+All Rights Reserved.
+.PP
+This program is dual-licensed under both the GPL version 2
+and BSD license. Either license may be used at your option.
Added: wpasupplicant/branches/upstream/current/wpa_supplicant/doc/docbook/wpa_gui.8
URL: http://svn.debian.org/wsvn/wpasupplicant/branches/upstream/current/wpa_supplicant/doc/docbook/wpa_gui.8?rev=1279&op=file
==============================================================================
--- wpasupplicant/branches/upstream/current/wpa_supplicant/doc/docbook/wpa_gui.8 (added)
+++ wpasupplicant/branches/upstream/current/wpa_supplicant/doc/docbook/wpa_gui.8 Sun Nov 2 11:03:54 2008
@@ -1,0 +1,51 @@
+.\" This manpage has been automatically generated by docbook2man
+.\" from a DocBook document. This tool can be found at:
+.\" <http://shell.ipoline.com/~elmert/comp/docbook2X/>
+.\" Please send any bug reports, improvements, comments, patches,
+.\" etc. to Steve Cheng <steve at ggi-project.org>.
+.TH "WPA_GUI" "8" "01 November 2008" "" ""
+
+.SH NAME
+wpa_gui \- WPA Graphical User Interface
+.SH SYNOPSIS
+
+\fBwpa_gui\fR [ \fB-p \fIpath to ctrl sockets\fB\fR ] [ \fB-i \fIifname\fB\fR ] [ \fB-t\fR ]
+
+.SH "OVERVIEW"
+.PP
+wpa_gui is a QT graphical frontend program for interacting
+with wpa_supplicant. It is used to query current status, change
+configuration and request interactive user input.
+.PP
+wpa_gui supports (almost) all of the interactive status and
+configuration features of the command line client, wpa_cli. Refer
+to the wpa_cli manpage for a comprehensive list of the
+interactive mode features.
+.SH "COMMAND ARGUMENTS"
+.TP
+\fB-p path\fR
+Change the path where control sockets should
+be found.
+.TP
+\fB-i ifname\fR
+Specify the interface that is being
+configured. By default, choose the first interface found with
+a control socket in the socket path.
+.TP
+\fB-t\fR
+Start program in the system tray only (if the window
+manager supports it). By default the main status window is
+shown.
+.SH "SEE ALSO"
+.PP
+\fBwpa_cli\fR(8)
+\fBwpa_supplicant\fR(8)
+.SH "LEGAL"
+.PP
+wpa_supplicant is copyright (c) 2003-2007,
+Jouni Malinen <j at w1.fi> and
+contributors.
+All Rights Reserved.
+.PP
+This program is dual-licensed under both the GPL version 2
+and BSD license. Either license may be used at your option.
Added: wpasupplicant/branches/upstream/current/wpa_supplicant/doc/docbook/wpa_passphrase.8
URL: http://svn.debian.org/wsvn/wpasupplicant/branches/upstream/current/wpa_supplicant/doc/docbook/wpa_passphrase.8?rev=1279&op=file
==============================================================================
--- wpasupplicant/branches/upstream/current/wpa_supplicant/doc/docbook/wpa_passphrase.8 (added)
+++ wpasupplicant/branches/upstream/current/wpa_supplicant/doc/docbook/wpa_passphrase.8 Sun Nov 2 11:03:54 2008
@@ -1,0 +1,40 @@
+.\" This manpage has been automatically generated by docbook2man
+.\" from a DocBook document. This tool can be found at:
+.\" <http://shell.ipoline.com/~elmert/comp/docbook2X/>
+.\" Please send any bug reports, improvements, comments, patches,
+.\" etc. to Steve Cheng <steve at ggi-project.org>.
+.TH "WPA_PASSPHRASE" "8" "01 November 2008" "" ""
+
+.SH NAME
+wpa_passphrase \- Generate a WPA PSK from an ASCII passphrase for a SSID
+.SH SYNOPSIS
+
+\fBwpa_passphrase\fR [ \fB\fIssid\fB\fR ] [ \fB\fIpassphrase\fB\fR ]
+
+.SH "OVERVIEW"
+.PP
+\fBwpa_passphrase\fR pre-computes PSK entries for
+network configuration blocks of a
+\fIwpa_supplicant.conf\fR file. An ASCII passphrase
+and SSID are used to generate a 256-bit PSK.
+.SH "OPTIONS"
+.TP
+\fBssid\fR
+The SSID whose passphrase should be derived.
+.TP
+\fBpassphrase\fR
+The passphrase to use. If not included on the command line,
+passphrase will be read from standard input.
+.SH "SEE ALSO"
+.PP
+\fBwpa_supplicant.conf\fR(5)
+\fBwpa_supplicant\fR(8)
+.SH "LEGAL"
+.PP
+wpa_supplicant is copyright (c) 2003-2007,
+Jouni Malinen <j at w1.fi> and
+contributors.
+All Rights Reserved.
+.PP
+This program is dual-licensed under both the GPL version 2
+and BSD license. Either license may be used at your option.
Added: wpasupplicant/branches/upstream/current/wpa_supplicant/doc/docbook/wpa_priv.8
URL: http://svn.debian.org/wsvn/wpasupplicant/branches/upstream/current/wpa_supplicant/doc/docbook/wpa_priv.8?rev=1279&op=file
==============================================================================
--- wpasupplicant/branches/upstream/current/wpa_supplicant/doc/docbook/wpa_priv.8 (added)
+++ wpasupplicant/branches/upstream/current/wpa_supplicant/doc/docbook/wpa_priv.8 Sun Nov 2 11:03:54 2008
@@ -1,0 +1,120 @@
+.\" This manpage has been automatically generated by docbook2man
+.\" from a DocBook document. This tool can be found at:
+.\" <http://shell.ipoline.com/~elmert/comp/docbook2X/>
+.\" Please send any bug reports, improvements, comments, patches,
+.\" etc. to Steve Cheng <steve at ggi-project.org>.
+.TH "WPA_PRIV" "8" "01 November 2008" "" ""
+
+.SH NAME
+wpa_priv \- wpa_supplicant privilege separation helper
+.SH SYNOPSIS
+
+\fBwpa_priv\fR [ \fB-c \fIctrl path\fB\fR ] [ \fB-Bdd\fR ] [ \fB-P \fIpid file\fB\fR ] [ \fBdriver:ifname \fI[driver:ifname ...]\fB\fR ]
+
+.SH "OVERVIEW"
+.PP
+\fBwpa_priv\fR is a privilege separation helper that
+minimizes the size of \fBwpa_supplicant\fR code that needs
+to be run with root privileges.
+.PP
+If enabled, privileged operations are done in the wpa_priv process
+while leaving rest of the code (e.g., EAP authentication and WPA
+handshakes) to operate in an unprivileged process (wpa_supplicant) that
+can be run as non-root user. Privilege separation restricts the effects
+of potential software errors by containing the majority of the code in an
+unprivileged process to avoid the possibility of a full system
+compromise.
+.PP
+\fBwpa_priv\fR needs to be run with network admin
+privileges (usually, root user). It opens a UNIX domain socket for each
+interface that is included on the command line; any other interface will
+be off limits for \fBwpa_supplicant\fR in this kind of
+configuration. After this, \fBwpa_supplicant\fR can be run as
+a non-root user (e.g., all standard users on a laptop or as a special
+non-privileged user account created just for this purpose to limit access
+to user files even further).
+.SH "EXAMPLE CONFIGURATION"
+.PP
+The following steps are an example of how to configure
+\fBwpa_priv\fR to allow users in the
+\fBwpapriv\fR group to communicate with
+\fBwpa_supplicant\fR with privilege separation:
+.PP
+Create user group (e.g., wpapriv) and assign users that
+should be able to use wpa_supplicant into that group.
+.PP
+Create /var/run/wpa_priv directory for UNIX domain sockets and
+control user access by setting it accessible only for the wpapriv
+group:
+.sp
+.RS
+
+.nf
+mkdir /var/run/wpa_priv
+chown root:wpapriv /var/run/wpa_priv
+chmod 0750 /var/run/wpa_priv
+.fi
+.RE
+.PP
+Start \fBwpa_priv\fR as root (e.g., from system
+startup scripts) with the enabled interfaces configured on the
+command line:
+.sp
+.RS
+
+.nf
+wpa_priv -B -c /var/run/wpa_priv -P /var/run/wpa_priv.pid wext:wlan0
+.fi
+.RE
+.PP
+Run \fBwpa_supplicant\fR as non-root with a user
+that is in the wpapriv group:
+.sp
+.RS
+
+.nf
+wpa_supplicant -i ath0 -c wpa_supplicant.conf
+.fi
+.RE
+.SH "COMMAND ARGUMENTS"
+.TP
+\fB-c ctrl path\fR
+Specify the path to wpa_priv control directory
+(Default: /var/run/wpa_priv/).
+.TP
+\fB-B\fR
+Run as a daemon in the background.
+.TP
+\fB-P file\fR
+Set the location of the PID
+file.
+.TP
+\fBdriver:ifname [driver:ifname ...]\fR
+The <driver> string dictates which of the
+supported \fBwpa_supplicant\fR driver backends is to be
+used. To get a list of supported driver types see wpa_supplicant help
+(e.g, wpa_supplicant -h). The driver backend supported by most good
+drivers is \fBwext\fR\&.
+
+The <ifname> string specifies which network
+interface is to be managed by \fBwpa_supplicant\fR
+(e.g., wlan0 or ath0).
+
+\fBwpa_priv\fR does not use the network interface
+before \fBwpa_supplicant\fR is started, so it is fine to
+include network interfaces that are not available at the time wpa_priv
+is started. wpa_priv can control multiple interfaces with one process,
+but it is also possible to run multiple \fBwpa_priv\fR
+processes at the same time, if desired.
+.SH "SEE ALSO"
+.PP
+\fBwpa_supplicant\fR(8)
+.SH "LEGAL"
+.PP
+wpa_supplicant is copyright (c) 2003-2007,
+Jouni Malinen <j at w1.fi> and
+contributors.
+All Rights Reserved.
+.PP
+This program is dual-licensed under both the GPL version 2
+and BSD license. Either license may be used at your option.
Added: wpasupplicant/branches/upstream/current/wpa_supplicant/doc/docbook/wpa_supplicant.8
URL: http://svn.debian.org/wsvn/wpasupplicant/branches/upstream/current/wpa_supplicant/doc/docbook/wpa_supplicant.8?rev=1279&op=file
==============================================================================
--- wpasupplicant/branches/upstream/current/wpa_supplicant/doc/docbook/wpa_supplicant.8 (added)
+++ wpasupplicant/branches/upstream/current/wpa_supplicant/doc/docbook/wpa_supplicant.8 Sun Nov 2 11:03:54 2008
@@ -1,0 +1,568 @@
+.\" This manpage has been automatically generated by docbook2man
+.\" from a DocBook document. This tool can be found at:
+.\" <http://shell.ipoline.com/~elmert/comp/docbook2X/>
+.\" Please send any bug reports, improvements, comments, patches,
+.\" etc. to Steve Cheng <steve at ggi-project.org>.
+.TH "WPA_SUPPLICANT" "8" "01 November 2008" "" ""
+
+.SH NAME
+wpa_supplicant \- Wi-Fi Protected Access client and IEEE 802.1X supplicant
+.SH SYNOPSIS
+
+\fBwpa_supplicant\fR [ \fB-BddfhKLqqtuvW\fR ] [ \fB-i\fIifname\fB\fR ] [ \fB-c\fIconfig file\fB\fR ] [ \fB-D\fIdriver\fB\fR ] [ \fB-P\fIPID_file\fB\fR ] [ \fB-f\fIoutput file\fB\fR ]
+
+.SH "OVERVIEW"
+.PP
+Wireless networks do not require physical access to the network equipment
+in the same way as wired networks. This makes it easier for unauthorized
+users to passively monitor a network and capture all transmitted frames.
+In addition, unauthorized use of the network is much easier. In many cases,
+this can happen even without user's explicit knowledge since the wireless
+LAN adapter may have been configured to automatically join any available
+network.
+.PP
+Link-layer encryption can be used to provide a layer of security for
+wireless networks. The original wireless LAN standard, IEEE 802.11,
+included a simple encryption mechanism, WEP. However, that proved to
+be flawed in many areas and network protected with WEP cannot be consider
+secure. IEEE 802.1X authentication and frequently changed dynamic WEP keys
+can be used to improve the network security, but even that has inherited
+security issues due to the use of WEP for encryption. Wi-Fi Protected
+Access and IEEE 802.11i amendment to the wireless LAN standard introduce
+a much improvement mechanism for securing wireless networks. IEEE 802.11i
+enabled networks that are using CCMP (encryption mechanism based on strong
+cryptographic algorithm AES) can finally be called secure used for
+applications which require efficient protection against unauthorized
+access.
+.PP
+\fBwpa_supplicant\fR is an implementation of
+the WPA Supplicant component, i.e., the part that runs in the
+client stations. It implements WPA key negotiation with a WPA
+Authenticator and EAP authentication with Authentication
+Server. In addition, it controls the roaming and IEEE 802.11
+authentication/association of the wireless LAN driver.
+.PP
+\fBwpa_supplicant\fR is designed to be a
+"daemon" program that runs in the background and acts as the
+backend component controlling the wireless
+connection. \fBwpa_supplicant\fR supports separate
+frontend programs and an example text-based frontend,
+\fBwpa_cli\fR, is included with
+wpa_supplicant.
+.PP
+Before wpa_supplicant can do its work, the network interface
+must be available. That means that the physical device must be
+present and enabled, and the driver for the device must have be
+loaded. The daemon will exit immediately if the device is not already
+available.
+.PP
+After \fBwpa_supplicant\fR has configured the
+network device, higher level configuration such as DHCP may
+proceed. There are a variety of ways to integrate wpa_supplicant
+into a machine's networking scripts, a few of which are described
+in sections below.
+.PP
+The following steps are used when associating with an AP
+using WPA:
+.TP 0.2i
+\(bu
+\fBwpa_supplicant\fR requests the kernel
+driver to scan neighboring BSSes
+.TP 0.2i
+\(bu
+\fBwpa_supplicant\fR selects a BSS based on
+its configuration
+.TP 0.2i
+\(bu
+\fBwpa_supplicant\fR requests the kernel
+driver to associate with the chosen BSS
+.TP 0.2i
+\(bu
+If WPA-EAP: integrated IEEE 802.1X Supplicant
+completes EAP authentication with the
+authentication server (proxied by the Authenticator in the
+AP)
+.TP 0.2i
+\(bu
+If WPA-EAP: master key is received from the IEEE 802.1X
+Supplicant
+.TP 0.2i
+\(bu
+If WPA-PSK: \fBwpa_supplicant\fR uses PSK
+as the master session key
+.TP 0.2i
+\(bu
+\fBwpa_supplicant\fR completes WPA 4-Way
+Handshake and Group Key Handshake with the Authenticator
+(AP)
+.TP 0.2i
+\(bu
+\fBwpa_supplicant\fR configures encryption
+keys for unicast and broadcast
+.TP 0.2i
+\(bu
+normal data packets can be transmitted and received
+.SH "SUPPORTED FEATURES"
+.PP
+Supported WPA/IEEE 802.11i features:
+.TP 0.2i
+\(bu
+WPA-PSK ("WPA-Personal")
+.TP 0.2i
+\(bu
+WPA with EAP (e.g., with RADIUS authentication server)
+("WPA-Enterprise") Following authentication methods are
+supported with an integrate IEEE 802.1X Supplicant:
+.RS
+.TP 0.2i
+\(bu
+EAP-TLS
+.RE
+.RS
+.TP 0.2i
+\(bu
+EAP-PEAP/MSCHAPv2 (both PEAPv0 and PEAPv1)
+.TP 0.2i
+\(bu
+EAP-PEAP/TLS (both PEAPv0 and PEAPv1)
+.TP 0.2i
+\(bu
+EAP-PEAP/GTC (both PEAPv0 and PEAPv1)
+.TP 0.2i
+\(bu
+EAP-PEAP/OTP (both PEAPv0 and PEAPv1)
+.TP 0.2i
+\(bu
+EAP-PEAP/MD5-Challenge (both PEAPv0 and PEAPv1)
+.TP 0.2i
+\(bu
+EAP-TTLS/EAP-MD5-Challenge
+.TP 0.2i
+\(bu
+EAP-TTLS/EAP-GTC
+.TP 0.2i
+\(bu
+EAP-TTLS/EAP-OTP
+.TP 0.2i
+\(bu
+EAP-TTLS/EAP-MSCHAPv2
+.TP 0.2i
+\(bu
+EAP-TTLS/EAP-TLS
+.TP 0.2i
+\(bu
+EAP-TTLS/MSCHAPv2
+.TP 0.2i
+\(bu
+EAP-TTLS/MSCHAP
+.TP 0.2i
+\(bu
+EAP-TTLS/PAP
+.TP 0.2i
+\(bu
+EAP-TTLS/CHAP
+.TP 0.2i
+\(bu
+EAP-SIM
+.TP 0.2i
+\(bu
+EAP-AKA
+.TP 0.2i
+\(bu
+EAP-PSK
+.TP 0.2i
+\(bu
+EAP-PAX
+.TP 0.2i
+\(bu
+LEAP (note: requires special support from
+the driver for IEEE 802.11 authentication)
+.TP 0.2i
+\(bu
+(following methods are supported, but since
+they do not generate keying material, they cannot be used
+with WPA or IEEE 802.1X WEP keying)
+.TP 0.2i
+\(bu
+EAP-MD5-Challenge
+.TP 0.2i
+\(bu
+EAP-MSCHAPv2
+.TP 0.2i
+\(bu
+EAP-GTC
+.TP 0.2i
+\(bu
+EAP-OTP
+.RE
+.TP 0.2i
+\(bu
+key management for CCMP, TKIP, WEP104, WEP40
+.TP 0.2i
+\(bu
+RSN/WPA2 (IEEE 802.11i)
+.RS
+.TP 0.2i
+\(bu
+pre-authentication
+.TP 0.2i
+\(bu
+PMKSA caching
+.RE
+.SH "AVAILABLE DRIVERS"
+.PP
+A summary of available driver backends is below. Support for each
+of the driver backends is chosen at wpa_supplicant compile time. For a
+list of supported driver backends that may be used with the -D option on
+your system, refer to the help output of wpa_supplicant
+(\fBwpa_supplicant -h\fR).
+.TP
+\fBhostap\fR
+(default) Host AP driver (Intersil Prism2/2.5/3).
+(this can also be used with Linuxant DriverLoader).
+.TP
+\fBhermes\fR
+Agere Systems Inc. driver (Hermes-I/Hermes-II).
+.TP
+\fBmadwifi\fR
+MADWIFI 802.11 support (Atheros, etc.).
+.TP
+\fBatmel\fR
+ATMEL AT76C5XXx (USB, PCMCIA).
+.TP
+\fBwext\fR
+Linux wireless extensions (generic).
+.TP
+\fBndiswrapper\fR
+Linux ndiswrapper.
+.TP
+\fBbroadcom\fR
+Broadcom wl.o driver.
+.TP
+\fBipw\fR
+Intel ipw2100/2200 driver.
+.TP
+\fBwired\fR
+wpa_supplicant wired Ethernet driver
+.TP
+\fBbsd\fR
+BSD 802.11 support (Atheros, etc.).
+.TP
+\fBndis\fR
+Windows NDIS driver.
+.SH "COMMAND LINE OPTIONS"
+.PP
+Most command line options have global scope. Some are given per
+interface, and are only valid if at least one \fB-i\fR option
+is specified, otherwise they're ignored. Option groups for different
+interfaces must be separated by \fB-N\fR option.
+.TP
+\fB-b br_ifname\fR
+Optional bridge interface name. (Per interface)
+.TP
+\fB-B\fR
+Run daemon in the background.
+.TP
+\fB-c filename\fR
+Path to configuration file. (Per interface)
+.TP
+\fB-C ctrl_interface\fR
+Path to ctrl_interface socket (Per interface. Only used if
+\fB-c\fR is not).
+.TP
+\fB-i ifname\fR
+Interface to listen on. Multiple instances of this option can
+be present, one per interface, separated by \fB-N\fR
+option (see below).
+.TP
+\fB-d\fR
+Increase debugging verbosity (\fB-dd\fR even
+more).
+.TP
+\fB-D driver\fR
+Driver to use. (Per interface, see the available options
+below.)
+.TP
+\fB-f output file\fR
+Log output to specified file instead of stdout.
+.TP
+\fB-g global ctrl_interface\fR
+Path to global ctrl_interface socket. If specified, interface
+definitions may be omitted.
+.TP
+\fB-K\fR
+Include keys (passwords, etc.) in debug output.
+.TP
+\fB-t\fR
+Include timestamp in debug messages.
+.TP
+\fB-h\fR
+Help. Show a usage message.
+.TP
+\fB-L\fR
+Show license (GPL and BSD).
+.TP
+\fB-p\fR
+Driver parameters. (Per interface)
+.TP
+\fB-P PID_file\fR
+Path to PID file.
+.TP
+\fB-q\fR
+Decrease debugging verbosity (\fB-qq\fR even
+less).
+.TP
+\fB-u\fR
+Enabled DBus control interface. If enabled, interface
+definitions may be omitted.
+.TP
+\fB-v\fR
+Show version.
+.TP
+\fB-W\fR
+Wait for a control interface monitor before starting.
+.TP
+\fB-N\fR
+Start describing new interface.
+.SH "EXAMPLES"
+.PP
+In most common cases, \fBwpa_supplicant\fR is
+started with:
+.sp
+.RS
+
+.nf
+wpa_supplicant -B -c/etc/wpa_supplicant.conf -iwlan0
+.fi
+.RE
+.PP
+This makes the process fork into background.
+.PP
+The easiest way to debug problems, and to get debug log for
+bug reports, is to start \fBwpa_supplicant\fR on
+foreground with debugging enabled:
+.sp
+.RS
+
+.nf
+wpa_supplicant -c/etc/wpa_supplicant.conf -iwlan0 -d
+.fi
+.RE
+.PP
+\fBwpa_supplicant\fR can control multiple
+interfaces (radios) either by running one process for each
+interface separately or by running just one process and list of
+options at command line. Each interface is separated with -N
+argument. As an example, following command would start
+wpa_supplicant for two interfaces:
+.sp
+.RS
+
+.nf
+wpa_supplicant \\
+ -c wpa1.conf -i wlan0 -D hostap -N \\
+ -c wpa2.conf -i ath0 -D madwifi
+.fi
+.RE
+.SH "OS REQUIREMENTS"
+.PP
+Current hardware/software requirements:
+.TP 0.2i
+\(bu
+Linux kernel 2.4.x or 2.6.x with Linux Wireless
+Extensions v15 or newer
+.TP 0.2i
+\(bu
+FreeBSD 6-CURRENT
+.TP 0.2i
+\(bu
+Microsoft Windows with WinPcap (at least WinXP, may work
+with other versions)
+.SH "SUPPORTED DRIVERS"
+.TP
+\fBHost AP driver for Prism2/2.5/3 (development snapshot/v0.2.x)\fR
+(http://hostap.epitest.fi/) Driver needs to be set in
+Managed mode (\fBiwconfig wlan0 mode managed\fR).
+Please note that station firmware version needs to be 1.7.0 or
+newer to work in WPA mode.
+.TP
+\fBLinuxant DriverLoader\fR
+(http://www.linuxant.com/driverloader/)
+with Windows NDIS driver for your wlan card supporting WPA.
+.TP
+\fBAgere Systems Inc. Linux Driver\fR
+(http://www.agere.com/support/drivers/) Please note
+that the driver interface file (driver_hermes.c) and hardware
+specific include files are not included in the wpa_supplicant
+distribution. You will need to copy these from the source
+package of the Agere driver.
+.TP
+\fBmadwifi driver for cards based on Atheros chip set (ar521x)\fR
+(http://sourceforge.net/projects/madwifi/) Please
+note that you will need to modify the wpa_supplicant .config
+file to use the correct path for the madwifi driver root
+directory (CFLAGS += -I../madwifi/wpa line in example
+defconfig).
+.TP
+\fBATMEL AT76C5XXx driver for USB and PCMCIA cards\fR
+(http://atmelwlandriver.sourceforge.net/).
+.TP
+\fBLinux ndiswrapper\fR
+(http://ndiswrapper.sourceforge.net/) with Windows
+NDIS driver.
+.TP
+\fBBroadcom wl.o driver\fR
+This is a generic Linux driver for Broadcom IEEE
+802.11a/g cards. However, it is proprietary driver that is
+not publicly available except for couple of exceptions, mainly
+Broadcom-based APs/wireless routers that use Linux. The driver
+binary can be downloaded, e.g., from Linksys support site
+(http://www.linksys.com/support/gpl.asp) for Linksys
+WRT54G. The GPL tarball includes cross-compiler and the needed
+header file, wlioctl.h, for compiling wpa_supplicant. This
+driver support in wpa_supplicant is expected to work also with
+other devices based on Broadcom driver (assuming the driver
+includes client mode support).
+.TP
+\fB Intel ipw2100 driver\fR
+(http://sourceforge.net/projects/ipw2100/)
+.TP
+\fBIntel ipw2200 driver\fR
+(http://sourceforge.net/projects/ipw2200/)
+.TP
+\fBLinux wireless extensions\fR
+In theory, any driver that supports Linux wireless
+extensions can be used with IEEE 802.1X (i.e., not WPA) when
+using ap_scan=0 option in configuration file.
+.TP
+\fBWired Ethernet drivers\fR
+Use ap_scan=0.
+.TP
+\fBBSD net80211 layer (e.g., Atheros driver)\fR
+At the moment, this is for FreeBSD 6-CURRENT branch.
+.TP
+\fBWindows NDIS\fR
+The current Windows port requires WinPcap
+(http://winpcap.polito.it/). See README-Windows.txt for more
+information.
+.PP
+wpa_supplicant was designed to be portable for different
+drivers and operating systems. Hopefully, support for more wlan
+cards and OSes will be added in the future. See developer.txt for
+more information about the design of wpa_supplicant and porting to
+other drivers. One main goal is to add full WPA/WPA2 support to
+Linux wireless extensions to allow new drivers to be supported
+without having to implement new driver-specific interface code in
+wpa_supplicant.
+.SH "ARCHITECTURE"
+.PP
+The
+\fBwpa_supplicant\fR system consists of the following
+components:
+.TP
+\fB\fIwpa_supplicant.conf\fB \fR
+the configuration file describing all networks that the
+user wants the computer to connect to.
+.TP
+\fBwpa_supplicant\fR
+the program that directly interacts with the
+network interface.
+.TP
+\fBwpa_cli\fR
+the
+client program that provides a high-level interface to the
+functionality of the daemon.
+.TP
+\fBwpa_passphrase\fR
+a utility needed to construct
+\fIwpa_supplicant.conf\fR files that include
+encrypted passwords.
+.SH "QUICK START"
+.PP
+First, make a configuration file, e.g.
+\fI/etc/wpa_supplicant.conf\fR, that describes the networks
+you are interested in. See \fBwpa_supplicant.conf\fR(5)
+for details.
+.PP
+Once the configuration is ready, you can test whether the
+configuration works by running \fBwpa_supplicant\fR
+with following command to start it on foreground with debugging
+enabled:
+.sp
+.RS
+
+.nf
+wpa_supplicant -iwlan0 -c/etc/wpa_supplicant.conf -d
+
+.fi
+.RE
+.PP
+Assuming everything goes fine, you can start using following
+command to start \fBwpa_supplicant\fR on background
+without debugging:
+.sp
+.RS
+
+.nf
+wpa_supplicant -iwlan0 -c/etc/wpa_supplicant.conf -B
+
+.fi
+.RE
+.PP
+Please note that if you included more than one driver
+interface in the build time configuration (.config), you may need
+to specify which interface to use by including -D<driver
+name> option on the command line.
+.SH "INTERFACE TO PCMCIA-CS/CARDMRG"
+.PP
+For example, following small changes to pcmcia-cs scripts
+can be used to enable WPA support:
+.PP
+Add MODE="Managed" and WPA="y" to the network scheme in
+\fI/etc/pcmcia/wireless.opts\fR\&.
+.PP
+Add the following block to the end of \fBstart\fR
+action handler in \fI/etc/pcmcia/wireless\fR:
+.sp
+.RS
+
+.nf
+if [ "$WPA" = "y" -a -x /usr/local/bin/wpa_supplicant ]; then
+ /usr/local/bin/wpa_supplicant -B -c/etc/wpa_supplicant.conf -i$DEVICE
+fi
+
+.fi
+.RE
+.PP
+Add the following block to the end of \fBstop\fR
+action handler (may need to be separated from other actions) in
+\fI/etc/pcmcia/wireless\fR:
+.sp
+.RS
+
+.nf
+if [ "$WPA" = "y" -a -x /usr/local/bin/wpa_supplicant ]; then
+ killall wpa_supplicant
+fi
+
+.fi
+.RE
+.PP
+This will make \fBcardmgr\fR start
+\fBwpa_supplicant\fR when the card is plugged
+in.
+.SH "SEE ALSO"
+.PP
+\fBwpa_background\fR(8)
+\fBwpa_supplicant.conf\fR(5)
+\fBwpa_cli\fR(8)
+\fBwpa_passphrase\fR(8)
+.SH "LEGAL"
+.PP
+wpa_supplicant is copyright (c) 2003-2007,
+Jouni Malinen <j at w1.fi> and
+contributors.
+All Rights Reserved.
+.PP
+This program is dual-licensed under both the GPL version 2
+and BSD license. Either license may be used at your option.
Added: wpasupplicant/branches/upstream/current/wpa_supplicant/doc/docbook/wpa_supplicant.conf.5
URL: http://svn.debian.org/wsvn/wpasupplicant/branches/upstream/current/wpa_supplicant/doc/docbook/wpa_supplicant.conf.5?rev=1279&op=file
==============================================================================
--- wpasupplicant/branches/upstream/current/wpa_supplicant/doc/docbook/wpa_supplicant.conf.5 (added)
+++ wpasupplicant/branches/upstream/current/wpa_supplicant/doc/docbook/wpa_supplicant.conf.5 Sun Nov 2 11:03:54 2008
@@ -1,0 +1,224 @@
+.\" This manpage has been automatically generated by docbook2man
+.\" from a DocBook document. This tool can be found at:
+.\" <http://shell.ipoline.com/~elmert/comp/docbook2X/>
+.\" Please send any bug reports, improvements, comments, patches,
+.\" etc. to Steve Cheng <steve at ggi-project.org>.
+.TH "WPA_SUPPLICANT.CONF" "5" "01 November 2008" "" ""
+
+.SH NAME
+wpa_supplicant.conf \- configuration file for wpa_supplicant
+.SH "OVERVIEW"
+.PP
+\fBwpa_supplicant\fR is configured using a text
+file that lists all accepted networks and security policies,
+including pre-shared keys. See the example configuration file,
+probably in \fB/usr/share/doc/wpa_supplicant/\fR, for
+detailed information about the configuration format and supported
+fields.
+.PP
+All file paths in this configuration file should use full
+(absolute, not relative to working directory) path in order to allow
+working directory to be changed. This can happen if wpa_supplicant is
+run in the background.
+.PP
+Changes to configuration file can be reloaded be sending
+SIGHUP signal to \fBwpa_supplicant\fR ('killall -HUP
+wpa_supplicant'). Similarly, reloading can be triggered with
+the \fBwpa_cli reconfigure\fR command.
+.PP
+Configuration file can include one or more network blocks,
+e.g., one for each used SSID. wpa_supplicant will automatically
+select the best network based on the order of network blocks in
+the configuration file, network security level (WPA/WPA2 is
+preferred), and signal strength.
+.SH "QUICK EXAMPLES"
+.TP 3
+1.
+WPA-Personal (PSK) as home network and WPA-Enterprise with
+EAP-TLS as work network.
+.sp
+.RS
+
+.nf
+# allow frontend (e.g., wpa_cli) to be used by all users in 'wheel' group
+ctrl_interface=DIR=/var/run/wpa_supplicant GROUP=wheel
+#
+# home network; allow all valid ciphers
+network={
+ ssid="home"
+ scan_ssid=1
+ key_mgmt=WPA-PSK
+ psk="very secret passphrase"
+}
+#
+# work network; use EAP-TLS with WPA; allow only CCMP and TKIP ciphers
+network={
+ ssid="work"
+ scan_ssid=1
+ key_mgmt=WPA-EAP
+ pairwise=CCMP TKIP
+ group=CCMP TKIP
+ eap=TLS
+ identity="user at example.com"
+ ca_cert="/etc/cert/ca.pem"
+ client_cert="/etc/cert/user.pem"
+ private_key="/etc/cert/user.prv"
+ private_key_passwd="password"
+}
+.fi
+.RE
+.TP 3
+2.
+WPA-RADIUS/EAP-PEAP/MSCHAPv2 with RADIUS servers that
+use old peaplabel (e.g., Funk Odyssey and SBR, Meetinghouse
+Aegis, Interlink RAD-Series)
+.sp
+.RS
+
+.nf
+ctrl_interface=DIR=/var/run/wpa_supplicant GROUP=wheel
+network={
+ ssid="example"
+ scan_ssid=1
+ key_mgmt=WPA-EAP
+ eap=PEAP
+ identity="user at example.com"
+ password="foobar"
+ ca_cert="/etc/cert/ca.pem"
+ phase1="peaplabel=0"
+ phase2="auth=MSCHAPV2"
+}
+.fi
+.RE
+.TP 3
+3.
+EAP-TTLS/EAP-MD5-Challenge configuration with anonymous
+identity for the unencrypted use. Real identity is sent only
+within an encrypted TLS tunnel.
+.sp
+.RS
+
+.nf
+ctrl_interface=DIR=/var/run/wpa_supplicant GROUP=wheel
+network={
+ ssid="example"
+ scan_ssid=1
+ key_mgmt=WPA-EAP
+ eap=TTLS
+ identity="user at example.com"
+ anonymous_identity="anonymous at example.com"
+ password="foobar"
+ ca_cert="/etc/cert/ca.pem"
+ phase2="auth=MD5"
+}
+.fi
+.RE
+.TP 3
+4.
+IEEE 802.1X (i.e., no WPA) with dynamic WEP keys
+(require both unicast and broadcast); use EAP-TLS for
+authentication
+.sp
+.RS
+
+.nf
+ctrl_interface=DIR=/var/run/wpa_supplicant GROUP=wheel
+network={
+ ssid="1x-test"
+ scan_ssid=1
+ key_mgmt=IEEE8021X
+ eap=TLS
+ identity="user at example.com"
+ ca_cert="/etc/cert/ca.pem"
+ client_cert="/etc/cert/user.pem"
+ private_key="/etc/cert/user.prv"
+ private_key_passwd="password"
+ eapol_flags=3
+}
+.fi
+.RE
+.TP 3
+5.
+Catch all example that allows more or less all
+configuration modes. The configuration options are used based
+on what security policy is used in the selected SSID. This is
+mostly for testing and is not recommended for normal
+use.
+.sp
+.RS
+
+.nf
+ctrl_interface=DIR=/var/run/wpa_supplicant GROUP=wheel
+network={
+ ssid="example"
+ scan_ssid=1
+ key_mgmt=WPA-EAP WPA-PSK IEEE8021X NONE
+ pairwise=CCMP TKIP
+ group=CCMP TKIP WEP104 WEP40
+ psk="very secret passphrase"
+ eap=TTLS PEAP TLS
+ identity="user at example.com"
+ password="foobar"
+ ca_cert="/etc/cert/ca.pem"
+ client_cert="/etc/cert/user.pem"
+ private_key="/etc/cert/user.prv"
+ private_key_passwd="password"
+ phase1="peaplabel=0"
+ ca_cert2="/etc/cert/ca2.pem"
+ client_cert2="/etc/cer/user.pem"
+ private_key2="/etc/cer/user.prv"
+ private_key2_passwd="password"
+}
+.fi
+.RE
+.TP 3
+6.
+Authentication for wired Ethernet. This can be used with
+\fBwired\fR interface (-Dwired on command line).
+.sp
+.RS
+
+.nf
+ctrl_interface=DIR=/var/run/wpa_supplicant GROUP=wheel
+ap_scan=0
+network={
+ key_mgmt=IEEE8021X
+ eap=MD5
+ identity="user"
+ password="password"
+ eapol_flags=0
+}
+.fi
+.RE
+.SH "CERTIFICATES"
+.PP
+Some EAP authentication methods require use of
+certificates. EAP-TLS uses both server side and client
+certificates whereas EAP-PEAP and EAP-TTLS only require the server
+side certificate. When client certificate is used, a matching
+private key file has to also be included in configuration. If the
+private key uses a passphrase, this has to be configured in
+wpa_supplicant.conf ("private_key_passwd").
+.PP
+wpa_supplicant supports X.509 certificates in PEM and DER
+formats. User certificate and private key can be included in the
+same file.
+.PP
+If the user certificate and private key is received in
+PKCS#12/PFX format, they need to be converted to suitable PEM/DER
+format for wpa_supplicant. This can be done, e.g., with following
+commands:
+.sp
+.RS
+
+.nf
+# convert client certificate and private key to PEM format
+openssl pkcs12 -in example.pfx -out user.pem -clcerts
+# convert CA certificate (if included in PFX file) to PEM format
+openssl pkcs12 -in example.pfx -out ca.pem -cacerts -nokeys
+.fi
+.RE
+.SH "SEE ALSO"
+.PP
+\fBwpa_supplicant\fR(8)
+\fBopenssl\fR(1)
Modified: wpasupplicant/branches/upstream/current/wpa_supplicant/mlme.c
URL: http://svn.debian.org/wsvn/wpasupplicant/branches/upstream/current/wpa_supplicant/mlme.c?rev=1279&op=diff
==============================================================================
--- wpasupplicant/branches/upstream/current/wpa_supplicant/mlme.c (original)
+++ wpasupplicant/branches/upstream/current/wpa_supplicant/mlme.c Sun Nov 2 11:03:54 2008
@@ -23,6 +23,7 @@
#include "wpa.h"
#include "drivers/driver.h"
#include "ieee802_11_defs.h"
+#include "ieee802_11_common.h"
#include "mlme.h"
@@ -93,169 +94,6 @@
static int ieee80211_sta_wep_configured(struct wpa_supplicant *wpa_s);
static void ieee80211_sta_timer(void *eloop_ctx, void *timeout_ctx);
static void ieee80211_sta_scan_timer(void *eloop_ctx, void *timeout_ctx);
-
-
-/* Parsed Information Elements */
-struct ieee802_11_elems {
- u8 *ssid;
- u8 ssid_len;
- u8 *supp_rates;
- u8 supp_rates_len;
- u8 *fh_params;
- u8 fh_params_len;
- u8 *ds_params;
- u8 ds_params_len;
- u8 *cf_params;
- u8 cf_params_len;
- u8 *tim;
- u8 tim_len;
- u8 *ibss_params;
- u8 ibss_params_len;
- u8 *challenge;
- u8 challenge_len;
- u8 *wpa;
- u8 wpa_len;
- u8 *rsn;
- u8 rsn_len;
- u8 *erp_info;
- u8 erp_info_len;
- u8 *ext_supp_rates;
- u8 ext_supp_rates_len;
- u8 *wmm_info;
- u8 wmm_info_len;
- u8 *wmm_param;
- u8 wmm_param_len;
- u8 *mdie;
- u8 mdie_len;
- u8 *ftie;
- u8 ftie_len;
- u8 *assoc_comeback;
- u8 assoc_comeback_len;
-};
-
-typedef enum { ParseOK = 0, ParseUnknown = 1, ParseFailed = -1 } ParseRes;
-
-
-static ParseRes ieee802_11_parse_elems(u8 *start, size_t len,
- struct ieee802_11_elems *elems)
-{
- size_t left = len;
- u8 *pos = start;
- int unknown = 0;
-
- os_memset(elems, 0, sizeof(*elems));
-
- while (left >= 2) {
- u8 id, elen;
-
- id = *pos++;
- elen = *pos++;
- left -= 2;
-
- if (elen > left) {
-#if 0
- wpa_printf(MSG_MSGDUMP, "MLME: IEEE 802.11 element "
- "parse failed (id=%d elen=%d left=%d)",
- id, elen, left);
-#endif
- return ParseFailed;
- }
-
- switch (id) {
- case WLAN_EID_SSID:
- elems->ssid = pos;
- elems->ssid_len = elen;
- break;
- case WLAN_EID_SUPP_RATES:
- elems->supp_rates = pos;
- elems->supp_rates_len = elen;
- break;
- case WLAN_EID_FH_PARAMS:
- elems->fh_params = pos;
- elems->fh_params_len = elen;
- break;
- case WLAN_EID_DS_PARAMS:
- elems->ds_params = pos;
- elems->ds_params_len = elen;
- break;
- case WLAN_EID_CF_PARAMS:
- elems->cf_params = pos;
- elems->cf_params_len = elen;
- break;
- case WLAN_EID_TIM:
- elems->tim = pos;
- elems->tim_len = elen;
- break;
- case WLAN_EID_IBSS_PARAMS:
- elems->ibss_params = pos;
- elems->ibss_params_len = elen;
- break;
- case WLAN_EID_CHALLENGE:
- elems->challenge = pos;
- elems->challenge_len = elen;
- break;
- case WLAN_EID_VENDOR_SPECIFIC:
- if (elen >= 4 && pos[0] == 0x00 && pos[1] == 0x50 &&
- pos[2] == 0xf2) {
- /* Microsoft OUI (00:50:F2) */
- if (pos[3] == 1) {
- /* OUI Type 1 - WPA IE */
- elems->wpa = pos;
- elems->wpa_len = elen;
- } else if (elen >= 5 && pos[3] == 2) {
- if (pos[4] == 0) {
- elems->wmm_info = pos;
- elems->wmm_info_len = elen;
- } else if (pos[4] == 1) {
- elems->wmm_param = pos;
- elems->wmm_param_len = elen;
- }
- }
- }
- break;
- case WLAN_EID_RSN:
- elems->rsn = pos;
- elems->rsn_len = elen;
- break;
- case WLAN_EID_ERP_INFO:
- elems->erp_info = pos;
- elems->erp_info_len = elen;
- break;
- case WLAN_EID_EXT_SUPP_RATES:
- elems->ext_supp_rates = pos;
- elems->ext_supp_rates_len = elen;
- break;
- case WLAN_EID_MOBILITY_DOMAIN:
- elems->mdie = pos;
- elems->mdie_len = elen;
- break;
- case WLAN_EID_FAST_BSS_TRANSITION:
- elems->ftie = pos;
- elems->ftie_len = elen;
- break;
- case WLAN_EID_ASSOC_COMEBACK_TIME:
- elems->assoc_comeback = pos;
- elems->assoc_comeback_len = elen;
- break;
- default:
-#if 0
- wpa_printf(MSG_MSGDUMP "MLME: IEEE 802.11 element "
- "parse ignored unknown element (id=%d "
- "elen=%d)", id, elen);
-#endif
- unknown++;
- break;
- }
-
- left -= elen;
- pos += elen;
- }
-
- if (left)
- return ParseFailed;
-
- return unknown ? ParseUnknown : ParseOK;
-}
static int ieee80211_sta_set_channel(struct wpa_supplicant *wpa_s,
@@ -906,7 +744,7 @@
wpa_printf(MSG_DEBUG, "MLME: replying to auth challenge");
pos = mgmt->u.auth.variable;
- if (ieee802_11_parse_elems(pos, len - (pos - (u8 *) mgmt), &elems)
+ if (ieee802_11_parse_elems(pos, len - (pos - (u8 *) mgmt), &elems, 0)
== ParseFailed) {
wpa_printf(MSG_DEBUG, "MLME: failed to parse Auth(challenge)");
return;
@@ -1238,7 +1076,7 @@
capab_info, status_code, aid);
pos = mgmt->u.assoc_resp.variable;
- if (ieee802_11_parse_elems(pos, len - (pos - (u8 *) mgmt), &elems)
+ if (ieee802_11_parse_elems(pos, len - (pos - (u8 *) mgmt), &elems, 0)
== ParseFailed) {
wpa_printf(MSG_DEBUG, "MLME: failed to parse AssocResp");
return;
@@ -1336,10 +1174,9 @@
#if 0 /* FIX? */
sta->assoc_ap = 1;
- if (elems.wmm_param && wpa_s->mlme.wmm_enabled) {
+ if (elems.wme && wpa_s->mlme.wmm_enabled) {
sta->flags |= WLAN_STA_WME;
- ieee80211_sta_wmm_params(wpa_s, elems.wmm_param,
- elems.wmm_param_len);
+ ieee80211_sta_wmm_params(wpa_s, elems.wme, elems.wme_len);
}
#endif
@@ -1492,7 +1329,7 @@
ie_pos = mgmt->u.beacon.variable;
ie_len = len - baselen;
- if (ieee802_11_parse_elems(ie_pos, ie_len, &elems) == ParseFailed)
+ if (ieee802_11_parse_elems(ie_pos, ie_len, &elems, 0) == ParseFailed)
invalid = 1;
#if 0 /* FIX */
@@ -1616,52 +1453,52 @@
bss->supp_rates_len += clen;
}
- if (elems.wpa &&
- (bss->wpa_ie == NULL || bss->wpa_ie_len != elems.wpa_len ||
- os_memcmp(bss->wpa_ie, elems.wpa, elems.wpa_len))) {
+ if (elems.wpa_ie &&
+ (bss->wpa_ie == NULL || bss->wpa_ie_len != elems.wpa_ie_len ||
+ os_memcmp(bss->wpa_ie, elems.wpa_ie, elems.wpa_ie_len))) {
os_free(bss->wpa_ie);
- bss->wpa_ie = os_malloc(elems.wpa_len + 2);
+ bss->wpa_ie = os_malloc(elems.wpa_ie_len + 2);
if (bss->wpa_ie) {
- os_memcpy(bss->wpa_ie, elems.wpa - 2,
- elems.wpa_len + 2);
- bss->wpa_ie_len = elems.wpa_len + 2;
+ os_memcpy(bss->wpa_ie, elems.wpa_ie - 2,
+ elems.wpa_ie_len + 2);
+ bss->wpa_ie_len = elems.wpa_ie_len + 2;
} else
bss->wpa_ie_len = 0;
- } else if (!elems.wpa && bss->wpa_ie) {
+ } else if (!elems.wpa_ie && bss->wpa_ie) {
os_free(bss->wpa_ie);
bss->wpa_ie = NULL;
bss->wpa_ie_len = 0;
}
- if (elems.rsn &&
- (bss->rsn_ie == NULL || bss->rsn_ie_len != elems.rsn_len ||
- os_memcmp(bss->rsn_ie, elems.rsn, elems.rsn_len))) {
+ if (elems.rsn_ie &&
+ (bss->rsn_ie == NULL || bss->rsn_ie_len != elems.rsn_ie_len ||
+ os_memcmp(bss->rsn_ie, elems.rsn_ie, elems.rsn_ie_len))) {
os_free(bss->rsn_ie);
- bss->rsn_ie = os_malloc(elems.rsn_len + 2);
+ bss->rsn_ie = os_malloc(elems.rsn_ie_len + 2);
if (bss->rsn_ie) {
- os_memcpy(bss->rsn_ie, elems.rsn - 2,
- elems.rsn_len + 2);
- bss->rsn_ie_len = elems.rsn_len + 2;
+ os_memcpy(bss->rsn_ie, elems.rsn_ie - 2,
+ elems.rsn_ie_len + 2);
+ bss->rsn_ie_len = elems.rsn_ie_len + 2;
} else
bss->rsn_ie_len = 0;
- } else if (!elems.rsn && bss->rsn_ie) {
+ } else if (!elems.rsn_ie && bss->rsn_ie) {
os_free(bss->rsn_ie);
bss->rsn_ie = NULL;
bss->rsn_ie_len = 0;
}
- if (elems.wmm_param &&
- (bss->wmm_ie == NULL || bss->wmm_ie_len != elems.wmm_param_len ||
- os_memcmp(bss->wmm_ie, elems.wmm_param, elems.wmm_param_len))) {
+ if (elems.wme &&
+ (bss->wmm_ie == NULL || bss->wmm_ie_len != elems.wme_len ||
+ os_memcmp(bss->wmm_ie, elems.wme, elems.wme_len))) {
os_free(bss->wmm_ie);
- bss->wmm_ie = os_malloc(elems.wmm_param_len + 2);
+ bss->wmm_ie = os_malloc(elems.wme_len + 2);
if (bss->wmm_ie) {
- os_memcpy(bss->wmm_ie, elems.wmm_param - 2,
- elems.wmm_param_len + 2);
- bss->wmm_ie_len = elems.wmm_param_len + 2;
+ os_memcpy(bss->wmm_ie, elems.wme - 2,
+ elems.wme_len + 2);
+ bss->wmm_ie_len = elems.wme_len + 2;
} else
bss->wmm_ie_len = 0;
- } else if (!elems.wmm_param && bss->wmm_ie) {
+ } else if (!elems.wme && bss->wmm_ie) {
os_free(bss->wmm_ie);
bss->wmm_ie = NULL;
bss->wmm_ie_len = 0;
@@ -1739,7 +1576,7 @@
return;
if (ieee802_11_parse_elems(mgmt->u.beacon.variable, len - baselen,
- &elems) == ParseFailed)
+ &elems, 0) == ParseFailed)
return;
use_protection = 0;
@@ -1757,9 +1594,9 @@
wpa_s->mlme.cts_protect_erp_frames = use_protection;
}
- if (elems.wmm_param && wpa_s->mlme.wmm_enabled) {
- ieee80211_sta_wmm_params(wpa_s, elems.wmm_param,
- elems.wmm_param_len);
+ if (elems.wme && wpa_s->mlme.wmm_enabled) {
+ ieee80211_sta_wmm_params(wpa_s, elems.wme,
+ elems.wme_len);
}
}
Modified: wpasupplicant/branches/upstream/current/wpa_supplicant/vs2005/eapol_test/eapol_test.vcproj
URL: http://svn.debian.org/wsvn/wpasupplicant/branches/upstream/current/wpa_supplicant/vs2005/eapol_test/eapol_test.vcproj?rev=1279&op=diff
==============================================================================
--- wpasupplicant/branches/upstream/current/wpa_supplicant/vs2005/eapol_test/eapol_test.vcproj (original)
+++ wpasupplicant/branches/upstream/current/wpa_supplicant/vs2005/eapol_test/eapol_test.vcproj Sun Nov 2 11:03:54 2008
@@ -263,6 +263,10 @@
>
</File>
<File
+ RelativePath="..\..\..\src\eap_common\eap_peap_common.c"
+ >
+ </File>
+ <File
RelativePath="..\..\..\src\eap_peer\eap_sim.c"
>
</File>
@@ -279,10 +283,6 @@
>
</File>
<File
- RelativePath="..\..\..\src\eap_peer\eap_tlv.c"
- >
- </File>
- <File
RelativePath="..\..\..\src\eap_peer\eap_tnc.c"
>
</File>
@@ -320,6 +320,10 @@
</File>
<File
RelativePath="..\..\..\src\crypto\ms_funcs.c"
+ >
+ </File>
+ <File
+ RelativePath="..\..\..\src\eap_peer\mschapv2.c"
>
</File>
<File
Modified: wpasupplicant/branches/upstream/current/wpa_supplicant/vs2005/wpa_supplicant/wpa_supplicant.vcproj
URL: http://svn.debian.org/wsvn/wpasupplicant/branches/upstream/current/wpa_supplicant/vs2005/wpa_supplicant/wpa_supplicant.vcproj?rev=1279&op=diff
==============================================================================
--- wpasupplicant/branches/upstream/current/wpa_supplicant/vs2005/wpa_supplicant/wpa_supplicant.vcproj (original)
+++ wpasupplicant/branches/upstream/current/wpa_supplicant/vs2005/wpa_supplicant/wpa_supplicant.vcproj Sun Nov 2 11:03:54 2008
@@ -271,6 +271,10 @@
>
</File>
<File
+ RelativePath="..\..\..\src\eap_common\eap_peap_common.c"
+ >
+ </File>
+ <File
RelativePath="..\..\..\src\eap_peer\eap_tls.c"
>
</File>
@@ -279,10 +283,6 @@
>
</File>
<File
- RelativePath="..\..\..\src\eap_peer\eap_tlv.c"
- >
- </File>
- <File
RelativePath="..\..\..\src\eap_peer\eap_tnc.c"
>
</File>
@@ -320,6 +320,10 @@
</File>
<File
RelativePath="..\..\..\src\crypto\ms_funcs.c"
+ >
+ </File>
+ <File
+ RelativePath="..\..\..\src\eap_peer\mschapv2.c"
>
</File>
<File
Modified: wpasupplicant/branches/upstream/current/wpa_supplicant/vs2005/wpasvc/wpasvc.vcproj
URL: http://svn.debian.org/wsvn/wpasupplicant/branches/upstream/current/wpa_supplicant/vs2005/wpasvc/wpasvc.vcproj?rev=1279&op=diff
==============================================================================
--- wpasupplicant/branches/upstream/current/wpa_supplicant/vs2005/wpasvc/wpasvc.vcproj (original)
+++ wpasupplicant/branches/upstream/current/wpa_supplicant/vs2005/wpasvc/wpasvc.vcproj Sun Nov 2 11:03:54 2008
@@ -271,6 +271,10 @@
>
</File>
<File
+ RelativePath="..\..\..\src\eap_common\eap_peap_common.c"
+ >
+ </File>
+ <File
RelativePath="..\..\..\src\eap_peer\eap_tls.c"
>
</File>
@@ -279,10 +283,6 @@
>
</File>
<File
- RelativePath="..\..\..\src\eap_peer\eap_tlv.c"
- >
- </File>
- <File
RelativePath="..\..\..\src\eap_peer\eap_tnc.c"
>
</File>
@@ -320,6 +320,10 @@
</File>
<File
RelativePath="..\..\..\src\crypto\ms_funcs.c"
+ >
+ </File>
+ <File
+ RelativePath="..\..\..\src\eap_peer\mschapv2.c"
>
</File>
<File
Modified: wpasupplicant/branches/upstream/current/wpa_supplicant/wpa_cli.c
URL: http://svn.debian.org/wsvn/wpasupplicant/branches/upstream/current/wpa_supplicant/wpa_cli.c?rev=1279&op=diff
==============================================================================
--- wpasupplicant/branches/upstream/current/wpa_supplicant/wpa_cli.c (original)
+++ wpasupplicant/branches/upstream/current/wpa_supplicant/wpa_cli.c Sun Nov 2 11:03:54 2008
@@ -1152,6 +1152,7 @@
char *cmd;
size_t len;
int res;
+ int ret = 0;
len = os_strlen(program) + os_strlen(arg1) + os_strlen(arg2) + 3;
cmd = os_malloc(len);
@@ -1164,11 +1165,12 @@
}
cmd[len - 1] = '\0';
#ifndef _WIN32_WCE
- system(cmd);
+ if (system(cmd) < 0)
+ ret = -1;
#endif /* _WIN32_WCE */
os_free(cmd);
- return 0;
+ return ret;
}
Modified: wpasupplicant/branches/upstream/current/wpa_supplicant/wpa_gui-qt4/networkconfig.cpp
URL: http://svn.debian.org/wsvn/wpasupplicant/branches/upstream/current/wpa_supplicant/wpa_gui-qt4/networkconfig.cpp?rev=1279&op=diff
==============================================================================
--- wpasupplicant/branches/upstream/current/wpa_supplicant/wpa_gui-qt4/networkconfig.cpp (original)
+++ wpasupplicant/branches/upstream/current/wpa_supplicant/wpa_gui-qt4/networkconfig.cpp Sun Nov 2 11:03:54 2008
@@ -305,7 +305,7 @@
snprintf(phase2, sizeof(phase2), "auth=%s",
inner.toAscii().constData());
} else if (eap.compare("FAST") == 0) {
- char *provisioning = NULL;
+ const char *provisioning = NULL;
if (inner.startsWith("EAP-")) {
snprintf(phase2, sizeof(phase2), "auth=%s",
inner.right(inner.size() - 4).
@@ -316,7 +316,8 @@
snprintf(phase2, sizeof(phase2),
"auth=GTC auth=MSCHAPV2");
provisioning = "fast_provisioning=1";
- }
+ } else
+ provisioning = "fast_provisioning=3";
if (provisioning) {
char blob[32];
setNetworkParam(id, "phase1", provisioning,
More information about the Pkg-wpa-devel
mailing list