From owner-svn-src-head@FreeBSD.ORG Thu Apr 26 17:35:12 2012 Return-Path: Delivered-To: svn-src-head@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 94005106566B; Thu, 26 Apr 2012 17:35:12 +0000 (UTC) (envelope-from bschmidt@FreeBSD.org) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:4f8:fff6::2c]) by mx1.freebsd.org (Postfix) with ESMTP id 7DB138FC14; Thu, 26 Apr 2012 17:35:12 +0000 (UTC) Received: from svn.freebsd.org (localhost [127.0.0.1]) by svn.freebsd.org (8.14.4/8.14.4) with ESMTP id q3QHZCoD060109; Thu, 26 Apr 2012 17:35:12 GMT (envelope-from bschmidt@svn.freebsd.org) Received: (from bschmidt@localhost) by svn.freebsd.org (8.14.4/8.14.4/Submit) id q3QHZCH4060106; Thu, 26 Apr 2012 17:35:12 GMT (envelope-from bschmidt@svn.freebsd.org) Message-Id: <201204261735.q3QHZCH4060106@svn.freebsd.org> From: Bernhard Schmidt Date: Thu, 26 Apr 2012 17:35:12 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org X-SVN-Group: head MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Cc: Subject: svn commit: r234711 - in head/usr.sbin/wpa: . hostapd X-BeenThere: svn-src-head@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: SVN commit messages for the src tree for head/-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 26 Apr 2012 17:35:12 -0000 Author: bschmidt Date: Thu Apr 26 17:35:11 2012 New Revision: 234711 URL: http://svn.freebsd.org/changeset/base/234711 Log: fix EAP server support after the 0.7.3 import: - eap_xxx.c files have been renamed to eap_server_xxx.c - additional crypto files are required for some options - EAP_MD5 and EAP_GTC is now enabled by default to match vendor config - move each file on its own line to hopefully make further diffs easier to read EAP_SERVER is now enabled by default. Fiddling with HOSTAPD_CFLAGS in src.conf is no longer required to get a basic WPA-EAP/radius setup running. Tested by: Johann Hugo MFC after: 2 weeks Modified: head/usr.sbin/wpa/Makefile.inc head/usr.sbin/wpa/hostapd/Makefile Modified: head/usr.sbin/wpa/Makefile.inc ============================================================================== --- head/usr.sbin/wpa/Makefile.inc Thu Apr 26 14:51:12 2012 (r234710) +++ head/usr.sbin/wpa/Makefile.inc Thu Apr 26 17:35:11 2012 (r234711) @@ -7,17 +7,23 @@ WPA_SUPPLICANT_DISTDIR?=${WPA_DISTDIR}/w HOSTAPD_DISTDIR?= ${WPA_DISTDIR}/hostapd .PATH.c:${.CURDIR}/.. \ + ${WPA_DISTDIR}/src/ap \ ${WPA_DISTDIR}/src/common \ ${WPA_DISTDIR}/src/crypto \ + ${WPA_DISTDIR}/src/eapol_auth \ ${WPA_DISTDIR}/src/eap_common \ + ${WPA_DISTDIR}/src/eap_server \ ${WPA_DISTDIR}/src/eapol_supp \ ${WPA_DISTDIR}/src/l2_packet \ + ${WPA_DISTDIR}/src/radius \ ${WPA_DISTDIR}/src/utils CFLAGS+=-I${.CURDIR} +CFLAGS+=-I${HOSTAPD_DISTDIR} CFLAGS+=-I${WPA_DISTDIR}/src CFLAGS+=-I${WPA_DISTDIR}/src/common CFLAGS+=-I${WPA_DISTDIR}/src/crypto +CFLAGS+=-I${WPA_DISTDIR}/src/drivers CFLAGS+=-I${WPA_DISTDIR}/src/l2_packet CFLAGS+=-I${WPA_DISTDIR}/src/utils Modified: head/usr.sbin/wpa/hostapd/Makefile ============================================================================== --- head/usr.sbin/wpa/hostapd/Makefile Thu Apr 26 14:51:12 2012 (r234710) +++ head/usr.sbin/wpa/hostapd/Makefile Thu Apr 26 17:35:11 2012 (r234711) @@ -2,33 +2,59 @@ .include "${.CURDIR}/../Makefile.inc" -.PATH.c:${HOSTAPD_DISTDIR} \ - ${WPA_DISTDIR}/src/ap \ - ${WPA_DISTDIR}/src/eap_server \ - ${WPA_DISTDIR}/src/eap_common \ - ${WPA_DISTDIR}/src/eapol_auth \ - ${WPA_DISTDIR}/src/drivers \ - ${WPA_DISTDIR}/src/radius \ - ${WPA_DISTDIR} +.PATH.c:${WPA_DISTDIR}/src/drivers PROG= hostapd -SRCS= accounting.c aes-wrap.c ap_config.c \ - ap_drv_ops.c ap_mlme.c authsrv.c \ - chap.c common.c config_file.c ctrl_iface.c crypto_openssl.c \ - ctrl_iface_ap.c drivers.c drv_callbacks.c dump_state.c \ - eap_common.c eap_peap_common.c eap_register.c eap_server.c \ - eap_server_gtc.c eap_server_identity.c eap_server_md5.c \ - eap_server_methods.c eap_server_mschapv2.c eap_server_peap.c \ - eap_server_tls.c eap_server_tls_common.c eap_server_ttls.c \ - eapol_auth_dump.c eapol_auth_sm.c eloop.c hostapd.c ieee802_11_auth.c \ - ieee802_11_common.c ieee802_11_ht.c ieee802_1x.c ip_addr.c \ - md5.c main.c ms_funcs.c peerkey_auth.c pmksa_cache_auth.c \ - preauth_auth.c radius.c radius_client.c sta_info.c \ - sha1-pbkdf2.c sha1-tlsprf.c sha1-tprf.c sha1.c \ - tkip_countermeasures.c utils.c \ - vlan_init.c wpa_auth.c wpa_auth_glue.c wpa_auth_ie.c wpa_common.c \ - wpa_debug.c wpabuf.c -SRCS+= l2_packet_freebsd.c driver_freebsd.c os_unix.c +SRCS= accounting.c \ + aes-wrap.c \ + ap_config.c \ + ap_drv_ops.c \ + ap_mlme.c \ + authsrv.c \ + chap.c \ + common.c \ + config_file.c \ + crypto_openssl.c \ + ctrl_iface.c \ + ctrl_iface_ap.c \ + drivers.c \ + drv_callbacks.c \ + eap_common.c \ + eap_peap_common.c \ + eap_register.c \ + eapol_auth_dump.c \ + eapol_auth_sm.c \ + eap_server.c \ + eap_server_methods.c \ + eloop.c \ + hostapd.c \ + ieee802_11_auth.c \ + ieee802_11_common.c \ + ieee802_1x.c \ + ip_addr.c \ + main.c \ + md5.c \ + ms_funcs.c \ + os_unix.c \ + peerkey_auth.c \ + pmksa_cache_auth.c \ + preauth_auth.c \ + radius.c \ + radius_client.c \ + sha1-pbkdf2.c \ + sha1-tlsprf.c \ + sha1.c \ + sta_info.c \ + tkip_countermeasures.c \ + utils.c \ + vlan_init.c \ + wpa_auth.c \ + wpa_auth_glue.c \ + wpa_auth_ie.c \ + wpa_common.c \ + wpa_debug.c \ + wpabuf.c +SRCS+= l2_packet_freebsd.c driver_freebsd.c MAN= hostapd.8 hostapd.conf.5 @@ -38,10 +64,11 @@ FILESDIR= ${SHAREDIR}/examples/hostapd FILES= hostapd.conf hostapd.eap_user hostapd.wpa_psk .endif -CFLAGS+= -I${HOSTAPD_DISTDIR} -I${WPA_DISTDIR}/src/drivers - -CFLAGS+= -DCONFIG_DRIVER_BSD -DHOSTAPD -CFLAGS+= -DCONFIG_DRIVER_RADIUS_ACL +CFLAGS+=-DCONFIG_DRIVER_BSD \ + -DHOSTAPD \ + -DCONFIG_DRIVER_RADIUS_ACL \ + -DCONFIG_RSN_PREAUTH \ + -DCONFIG_PEERKEY .if ${MK_INET6} != "no" CFLAGS+= -DCONFIG_IPV6 .endif @@ -55,51 +82,64 @@ CFLAGS+=${HOSTAPD_CFLAGS} LDADD+=${HOSTAPD_LDADD} #LDFLAGS+=${HOSTAPD_LDFLAGS} -.if !empty(CFLAGS:M*-DEAP_SERVER) -#SRCS+= eap.c eap_methods.c eap_identity.c - .if ${MK_OPENSSL} != "no" && !defined(RELEASE_CRUNCH) -CFLAGS+=-DEAP_TLS -DEAP_PEAP -DEAP_MSCHAPv2 -DEAP_PSK \ - -DEAP_TLS_FUNCS -DEAP_TLS_OPENSSL -SRCS+= crypto_openssl.c -SRCS+= eap_tls.c eap_peap.c eap_peap_common.c eap_mschapv2.c \ - eap_psk.c eap_psk_common.c \ - eap_tls_common.c tls_openssl.c ms_funcs.c chap.c - -CFLAGS+=-DEAP_TTLS -DEAP_MD5 -SRCS+= eap_ttls.c eap_md5.c - -.if !empty(CFLAGS:M*-DEAP_GTC) -SRCS+= eap_gtc.c -.endif +CFLAGS+=-DDPKCS12_FUNCS \ + -DEAP_SERVER \ + -DEAP_SERVER_GTC \ + -DEAP_SERVER_IDENTITY \ + -DEAP_SERVER_MD5 \ + -DEAP_SERVER_MSCHAPV2 \ + -DEAP_SERVER_PEAP \ + -DEAP_SERVER_TLS \ + -DEAP_SERVER_TTLS \ + -DEAP_TLS_FUNCS \ + -DCONFIG_NO_DUMP_STATE +SRCS+= dump_state.c \ + eap_server_gtc.c \ + eap_server_identity.c \ + eap_server_md5.c \ + eap_server_mschapv2.c \ + eap_server_peap.c \ + eap_server_tls.c \ + eap_server_tls_common.c \ + eap_server_ttls.c \ + tls_openssl.c .if !empty(CFLAGS:M*-DEAP_AKA) NEED_SIM_COMMON= true -SRCS+= eap_aka.c +NEED_SHA256= true +SRCS+= eap_server_aka.c .endif .if !empty(CFLAGS:M*-DEAP_SIM) NEED_SIM_COMMON= true -SRCS+= eap_sim.c +SRCS+= eap_server_sim.c .endif .if defined(NEED_SIM_COMMON) -SRCS+= eap_sim_common.c eap_sim_db.c +SRCS+= eap_sim_common.c \ + eap_sim_db.c +NEED_AES_CBC= true +NEED_FIPS186_2_PRF= true .endif .if !empty(CFLAGS:M*-DEAP_GPSK) CFLAGS+=-DEAP_GPSK_SHA256 -SRCS+= eap_gpsk.c eap_gpsk_common.c +SRCS+= eap_server_gpsk.c \ + eap_gpsk_common.c NEED_SHA256= true +NEED_AES_OMAC1= true .endif .if !empty(CFLAGS:M*-DEAP_PAX) -SRCS+= eap_pax.c eap_pax_common.c +SRCS+= eap_server_pax.c \ + eap_pax_common.c .endif .if !empty(CFLAGS:M*-DEAP_SAKE) -SRCS+= eap_sake.c eap_sake_common.c +SRCS+= eap_server_sake.c \ + eap_sake_common.c .endif DPADD+= ${LIBSSL} ${LIBCRYPTO} @@ -108,12 +148,19 @@ LDADD+= -lssl -lcrypto NEED_TLS_NONE= true .endif -.else -NEED_TLS_NONE= true +.if defined(NEED_AES_CBC) +SRCS+= aes-cbc.c +.endif + +.if defined(NEED_AES_OMAC1) +SRCS+= aes-omac1.c +.endif + +.if defined(NEED_FIPS186_2_PRF) +SRCS+= fips_prf_openssl.c .endif .if defined(NEED_SHA256) -CFLAGS+=-DINTERNAL_SHA256 SRCS+= sha256.c .endif