Date: Mon, 9 Apr 2007 16:44:23 GMT From: Sam Leffler <sam@FreeBSD.org> To: Perforce Change Reviews <perforce@freebsd.org> Subject: PERFORCE change 117751 for review Message-ID: <200704091644.l39GiNNv008395@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://perforce.freebsd.org/chv.cgi?CH=117751 Change 117751 by sam@sam_ebb on 2007/04/09 16:43:52 version 0.5.7 Affected files ... .. //depot/projects/wifi/contrib/hostapd/COPYING#2 edit .. //depot/projects/wifi/contrib/hostapd/ChangeLog#4 edit .. //depot/projects/wifi/contrib/hostapd/FREEBSD-Xlist#3 edit .. //depot/projects/wifi/contrib/hostapd/FREEBSD-upgrade#3 edit .. //depot/projects/wifi/contrib/hostapd/Makefile#4 edit .. //depot/projects/wifi/contrib/hostapd/README#3 edit .. //depot/projects/wifi/contrib/hostapd/accounting.c#3 edit .. //depot/projects/wifi/contrib/hostapd/accounting.h#2 edit .. //depot/projects/wifi/contrib/hostapd/aes.c#3 edit .. //depot/projects/wifi/contrib/hostapd/aes_wrap.c#3 edit .. //depot/projects/wifi/contrib/hostapd/aes_wrap.h#3 edit .. //depot/projects/wifi/contrib/hostapd/ap.h#2 edit .. //depot/projects/wifi/contrib/hostapd/common.c#3 edit .. //depot/projects/wifi/contrib/hostapd/common.h#4 edit .. //depot/projects/wifi/contrib/hostapd/config.c#4 edit .. //depot/projects/wifi/contrib/hostapd/config.h#3 edit .. //depot/projects/wifi/contrib/hostapd/config_types.h#2 edit .. //depot/projects/wifi/contrib/hostapd/crypto.c#3 edit .. //depot/projects/wifi/contrib/hostapd/crypto.h#3 edit .. //depot/projects/wifi/contrib/hostapd/ctrl_iface.c#4 edit .. //depot/projects/wifi/contrib/hostapd/ctrl_iface.h#2 edit .. //depot/projects/wifi/contrib/hostapd/defconfig#3 edit .. //depot/projects/wifi/contrib/hostapd/defs.h#3 edit .. //depot/projects/wifi/contrib/hostapd/developer.txt#2 edit .. //depot/projects/wifi/contrib/hostapd/driver.h#3 edit .. //depot/projects/wifi/contrib/hostapd/driver_test.c#3 edit .. //depot/projects/wifi/contrib/hostapd/driver_wired.c#3 edit .. //depot/projects/wifi/contrib/hostapd/eap.c#3 edit .. //depot/projects/wifi/contrib/hostapd/eap.h#3 edit .. //depot/projects/wifi/contrib/hostapd/eap_defs.h#3 edit .. //depot/projects/wifi/contrib/hostapd/eap_gtc.c#2 edit .. //depot/projects/wifi/contrib/hostapd/eap_i.h#3 edit .. //depot/projects/wifi/contrib/hostapd/eap_identity.c#3 edit .. //depot/projects/wifi/contrib/hostapd/eap_md5.c#3 edit .. //depot/projects/wifi/contrib/hostapd/eap_mschapv2.c#2 edit .. //depot/projects/wifi/contrib/hostapd/eap_pax.c#2 edit .. //depot/projects/wifi/contrib/hostapd/eap_pax_common.c#2 edit .. //depot/projects/wifi/contrib/hostapd/eap_pax_common.h#2 edit .. //depot/projects/wifi/contrib/hostapd/eap_peap.c#3 edit .. //depot/projects/wifi/contrib/hostapd/eap_psk.c#2 edit .. //depot/projects/wifi/contrib/hostapd/eap_psk_common.c#2 edit .. //depot/projects/wifi/contrib/hostapd/eap_psk_common.h#2 edit .. //depot/projects/wifi/contrib/hostapd/eap_sim.c#3 edit .. //depot/projects/wifi/contrib/hostapd/eap_sim_common.c#3 edit .. //depot/projects/wifi/contrib/hostapd/eap_sim_common.h#3 edit .. //depot/projects/wifi/contrib/hostapd/eap_sim_db.c#3 edit .. //depot/projects/wifi/contrib/hostapd/eap_sim_db.h#2 edit .. //depot/projects/wifi/contrib/hostapd/eap_tls.c#3 edit .. //depot/projects/wifi/contrib/hostapd/eap_tls_common.c#3 edit .. //depot/projects/wifi/contrib/hostapd/eap_tls_common.h#2 edit .. //depot/projects/wifi/contrib/hostapd/eap_tlv.c#2 edit .. //depot/projects/wifi/contrib/hostapd/eap_ttls.c#3 edit .. //depot/projects/wifi/contrib/hostapd/eap_ttls.h#3 edit .. //depot/projects/wifi/contrib/hostapd/eapol_sm.c#4 edit .. //depot/projects/wifi/contrib/hostapd/eapol_sm.h#4 edit .. //depot/projects/wifi/contrib/hostapd/eloop.c#3 edit .. //depot/projects/wifi/contrib/hostapd/eloop.h#3 edit .. //depot/projects/wifi/contrib/hostapd/hostap_common.h#3 edit .. //depot/projects/wifi/contrib/hostapd/hostapd.8#2 edit .. //depot/projects/wifi/contrib/hostapd/hostapd.accept#2 edit .. //depot/projects/wifi/contrib/hostapd/hostapd.c#3 edit .. //depot/projects/wifi/contrib/hostapd/hostapd.conf#3 edit .. //depot/projects/wifi/contrib/hostapd/hostapd.deny#2 edit .. //depot/projects/wifi/contrib/hostapd/hostapd.eap_user#3 edit .. //depot/projects/wifi/contrib/hostapd/hostapd.h#3 edit .. //depot/projects/wifi/contrib/hostapd/hostapd.radius_clients#2 edit .. //depot/projects/wifi/contrib/hostapd/hostapd.sim_db#2 edit .. //depot/projects/wifi/contrib/hostapd/hostapd.wpa_psk#2 edit .. //depot/projects/wifi/contrib/hostapd/hostapd_cli.1#2 edit .. //depot/projects/wifi/contrib/hostapd/hostapd_cli.c#3 edit .. //depot/projects/wifi/contrib/hostapd/iapp.c#3 edit .. //depot/projects/wifi/contrib/hostapd/iapp.h#2 edit .. //depot/projects/wifi/contrib/hostapd/ieee802_11.c#3 edit .. //depot/projects/wifi/contrib/hostapd/ieee802_11.h#2 edit .. //depot/projects/wifi/contrib/hostapd/ieee802_11_auth.c#3 edit .. //depot/projects/wifi/contrib/hostapd/ieee802_11_auth.h#2 edit .. //depot/projects/wifi/contrib/hostapd/ieee802_1x.c#4 edit .. //depot/projects/wifi/contrib/hostapd/ieee802_1x.h#3 edit .. //depot/projects/wifi/contrib/hostapd/l2_packet.h#3 edit .. //depot/projects/wifi/contrib/hostapd/logwatch/README#2 edit .. //depot/projects/wifi/contrib/hostapd/logwatch/hostapd#2 edit .. //depot/projects/wifi/contrib/hostapd/logwatch/hostapd.conf#2 edit .. //depot/projects/wifi/contrib/hostapd/md5.c#3 edit .. //depot/projects/wifi/contrib/hostapd/md5.h#3 edit .. //depot/projects/wifi/contrib/hostapd/ms_funcs.c#4 edit .. //depot/projects/wifi/contrib/hostapd/ms_funcs.h#3 edit .. //depot/projects/wifi/contrib/hostapd/radius.c#3 edit .. //depot/projects/wifi/contrib/hostapd/radius.h#3 edit .. //depot/projects/wifi/contrib/hostapd/radius_client.c#4 edit .. //depot/projects/wifi/contrib/hostapd/radius_client.h#3 edit .. //depot/projects/wifi/contrib/hostapd/radius_server.c#4 edit .. //depot/projects/wifi/contrib/hostapd/radius_server.h#3 edit .. //depot/projects/wifi/contrib/hostapd/rc4.c#3 edit .. //depot/projects/wifi/contrib/hostapd/rc4.h#3 edit .. //depot/projects/wifi/contrib/hostapd/sha1.c#3 edit .. //depot/projects/wifi/contrib/hostapd/sha1.h#3 edit .. //depot/projects/wifi/contrib/hostapd/sta_info.c#3 edit .. //depot/projects/wifi/contrib/hostapd/sta_info.h#3 edit .. //depot/projects/wifi/contrib/hostapd/tls.h#3 edit .. //depot/projects/wifi/contrib/hostapd/tls_none.c#3 edit .. //depot/projects/wifi/contrib/hostapd/tls_openssl.c#4 edit .. //depot/projects/wifi/contrib/hostapd/version.h#4 edit .. //depot/projects/wifi/contrib/hostapd/wired.conf#3 edit .. //depot/projects/wifi/contrib/hostapd/wpa.c#4 edit .. //depot/projects/wifi/contrib/hostapd/wpa.h#3 edit .. //depot/projects/wifi/contrib/hostapd/wpa_ctrl.c#2 edit .. //depot/projects/wifi/contrib/hostapd/wpa_ctrl.h#2 edit Differences ... ==== //depot/projects/wifi/contrib/hostapd/COPYING#2 (text+ko) ==== @@ -2,7 +2,7 @@ Version 2, June 1991 Copyright (C) 1989, 1991 Free Software Foundation, Inc. - 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA Everyone is permitted to copy and distribute verbatim copies of this license document, but changing it is not allowed. @@ -305,7 +305,7 @@ You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software - Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA Also add information on how to contact you by electronic and paper mail. ==== //depot/projects/wifi/contrib/hostapd/ChangeLog#4 (text+ko) ==== @@ -1,9 +1,124 @@ ChangeLog for hostapd -2006-02-08 - v0.4.8 +2006-12-31 - v0.5.7 + * updated EAP-SAKE to RFC 4763 and the IANA-allocated EAP type 48 + * updated EAP-PSK to use the IANA-allocated EAP type 47 + * fixed EAP-PSK bit ordering of the Flags field + * fixed configuration reloading (SIGHUP) to re-initialize WPA PSKs + by reading wpa_psk_file [Bug 181] + * fixed EAP-TTLS AVP parser processing for too short AVP lengths + * fixed IPv6 connection to RADIUS accounting server + +2006-11-24 - v0.5.6 + * added support for configuring and controlling multiple BSSes per + radio interface (bss=<ifname> in hostapd.conf); this is only + available with Devicescape and test driver interfaces + * fixed PMKSA cache update in the end of successful RSN + pre-authentication + * added support for dynamic VLAN configuration (i.e., selecting VLAN-ID + for each STA based on RADIUS Access-Accept attributes); this requires + VLAN support from the kernel driver/802.11 stack and this is + currently only available with Devicescape and test driver interfaces + * driver_madwifi: fixed configuration of unencrypted modes (plaintext + and IEEE 802.1X without WEP) + * removed STAKey handshake since PeerKey handshake has replaced it in + IEEE 802.11ma and there are no known deployments of STAKey + * updated EAP Generalized Pre-Shared Key (EAP-GPSK) to use the latest + draft (draft-ietf-emu-eap-gpsk-01.txt) + * added preliminary implementation of IEEE 802.11w/D1.0 (management + frame protection) + (Note: this requires driver support to work properly.) + (Note2: IEEE 802.11w is an unapproved draft and subject to change.) + * hlr_auc_gw: added support for GSM-Milenage (for EAP-SIM) + * hlr_auc_gw: added support for reading per-IMSI Milenage keys and + parameters from a text file to make it possible to implement proper + GSM/UMTS authentication server for multiple SIM/USIM cards using + EAP-SIM/EAP-AKA + * fixed session timeout processing with drivers that do not use + ieee802_11.c (e.g., madwifi) + +2006-08-27 - v0.5.5 + * added 'hostapd_cli new_sta <addr>' command for adding a new STA into + hostapd (e.g., to initialize wired network authentication based on an + external signal) + * fixed hostapd to add PMKID KDE into 4-Way Handshake Message 1 when + using WPA2 even if PMKSA caching is not used + * added -P<pid file> argument for hostapd to write the current process + id into a file + * added support for RADIUS Authentication Server MIB (RFC 2619) + +2006-06-20 - v0.5.4 + * fixed nt_password_hash build [Bug 144] + * added PeerKey handshake implementation for IEEE 802.11e + direct link setup (DLS) to replace STAKey handshake + * added support for EAP Generalized Pre-Shared Key (EAP-GPSK, + draft-clancy-emu-eap-shared-secret-00.txt) + * fixed a segmentation fault when RSN pre-authentication was completed + successfully [Bug 152] + +2006-04-27 - v0.5.3 + * do not build nt_password_hash and hlr_auc_gw by default to avoid + requiring a TLS library for a successful build; these programs can be + build with 'make nt_password_hash' and 'make hlr_auc_gw' + * added a new configuration option, eapol_version, that can be used to + set EAPOL version to 1 (default is 2) to work around broken client + implementations that drop EAPOL frames which use version number 2 + [Bug 89] + * added support for EAP-SAKE (no EAP method number allocated yet, so + this is using the same experimental type 255 as EAP-PSK) + * fixed EAP-MSCHAPv2 message length validation + +2006-03-19 - v0.5.2 * fixed stdarg use in hostapd_logger(): if both stdout and syslog logging was enabled, hostapd could trigger a segmentation fault in vsyslog on some CPU -- C library combinations + * moved HLR/AuC gateway implementation for EAP-SIM/AKA into an external + program to make it easier to use for implementing real SS7 gateway; + eap_sim_db is not anymore used as a file name for GSM authentication + triplets; instead, it is path to UNIX domain socket that will be used + to communicate with the external gateway program (e.g., hlr_auc_gw) + * added example HLR/AuC gateway implementation, hlr_auc_gw, that uses + local information (GSM authentication triplets from a text file and + hardcoded AKA authentication data); this can be used to test EAP-SIM + and EAP-AKA + * added Milenage algorithm (example 3GPP AKA algorithm) to hlr_auc_gw + to make it possible to test EAP-AKA with real USIM cards (this is + disabled by default; define AKA_USE_MILENAGE when building hlr_auc_gw + to enable this) + * driver_madwifi: added support for getting station RSN IE from + madwifi-ng svn r1453 and newer; this fixes RSN that was apparently + broken with earlier change (r1357) in the driver + * changed EAP method registration to use a dynamic list of methods + instead of a static list generated at build time + * fixed WPA message 3/4 not to encrypt Key Data field (WPA IE) + [Bug 125] + * added ap_max_inactivity configuration parameter + +2006-01-29 - v0.5.1 + * driver_test: added better support for multiple APs and STAs by using + a directory with sockets that include MAC address for each device in + the name (test_socket=DIR:/tmp/test) + * added support for EAP expanded type (vendor specific EAP methods) + +2005-12-18 - v0.5.0 (beginning of 0.5.x development releases) + * added experimental STAKey handshake implementation for IEEE 802.11e + direct link setup (DLS); note: this is disabled by default in both + build and runtime configuration (can be enabled with CONFIG_STAKEY=y + and stakey=1) + * added support for EAP methods to use callbacks to external programs + by buffering a pending request and processing it after the EAP method + is ready to continue + * improved EAP-SIM database interface to allow external request to GSM + HLR/AuC without blocking hostapd process + * added support for using EAP-SIM pseudonyms and fast re-authentication + * added support for EAP-AKA in the integrated EAP authenticator + * added support for matching EAP identity prefixes (e.g., "1"*) in EAP + user database to allow EAP-SIM/AKA selection without extra roundtrip + for EAP-Nak negotiation + * added support for storing EAP user password as NtPasswordHash instead + of plaintext password when using MSCHAP or MSCHAPv2 for + authentication (hash:<16-octet hex value>); added nt_password_hash + tool for hashing password to generate NtPasswordHash 2005-11-20 - v0.4.7 (beginning of 0.4.x stable releases) * driver_wired: fixed EAPOL sending to optionally use PAE group address ==== //depot/projects/wifi/contrib/hostapd/FREEBSD-Xlist#3 (text+ko) ==== @@ -4,9 +4,14 @@ driver_bsd.c driver_madwifi.c driver_prism54.c +driver_devicescape.c l2_packet_freebsd.c l2_packet_linux.c l2_packet_pcap.c +madwifi.conf +os_internal.c +os_none.c +os_win32.c prism54.h priv_netlink.h wireless_copy.h ==== //depot/projects/wifi/contrib/hostapd/FREEBSD-upgrade#3 (text+ko) ==== ==== //depot/projects/wifi/contrib/hostapd/Makefile#4 (text+ko) ==== @@ -1,6 +1,5 @@ CC=gcc DIR_WPA_SUPPLICANT=. -DIR_HOSTAP=. ifndef CFLAGS CFLAGS = -MMD -O2 -Wall -g @@ -11,18 +10,41 @@ CFLAGS += -DHOSTAPD_DUMP_STATE # Include directories for CVS version -CFLAGS += -I. -I$(DIR_HOSTAP) -I../utils -I$(DIR_WPA_SUPPLICANT) +CFLAGS += -I. -I../utils -I$(DIR_WPA_SUPPLICANT) # Uncomment following line and set the path to your kernel tree include # directory if your C library does not include all header files. # CFLAGS += -DUSE_KERNEL_HEADERS -I/usr/src/linux/include -OBJS = hostapd.o eloop.o ieee802_1x.o eapol_sm.o radius.o md5.o rc4.o \ +-include .config + +ifndef CONFIG_OS +ifdef CONFIG_NATIVE_WINDOWS +CONFIG_OS=win32 +else +CONFIG_OS=unix +endif +endif + +ifeq ($(CONFIG_OS), internal) +CFLAGS += -DOS_NO_C_LIB_DEFINES +endif + +ifdef CONFIG_NATIVE_WINDOWS +CFLAGS += -DCONFIG_NATIVE_WINDOWS +LIBS += -lws2_32 +endif + +OBJS = hostapd.o eloop.o ieee802_1x.o eapol_sm.o radius.o md5.o rc4.o md4.o \ common.o ieee802_11.o config.o ieee802_11_auth.o accounting.o \ sta_info.o radius_client.o sha1.o wpa.o aes_wrap.o ctrl_iface.o \ - driver_conf.o + driver_conf.o os_$(CONFIG_OS).o preauth.o pmksa_cache.o beacon.o \ + hw_features.o wme.o ap_list.o reconfig.o \ + mlme.o vlan_init.o ieee802_11h.o + +HOBJS=hlr_auc_gw.o common.o os_$(CONFIG_OS).o milenage.o aes_wrap.o --include .config +CFLAGS += -DCONFIG_CTRL_IFACE -DCONFIG_CTRL_IFACE_UNIX ifdef CONFIG_IAPP CFLAGS += -DCONFIG_IAPP @@ -34,6 +56,15 @@ CONFIG_L2_PACKET=y endif +ifdef CONFIG_PEERKEY +CFLAGS += -DCONFIG_PEERKEY +endif + +ifdef CONFIG_IEEE80211W +CFLAGS += -DCONFIG_IEEE80211W +NEED_SHA256=y +endif + ifdef CONFIG_DRIVER_HOSTAP CFLAGS += -DCONFIG_DRIVER_HOSTAP OBJS += driver.o @@ -55,6 +86,11 @@ OBJS += driver_prism54.o endif +ifdef CONFIG_DRIVER_DEVICESCAPE +CFLAGS += -DCONFIG_DRIVER_DEVICESCAPE +OBJS += driver_devicescape.o +endif + ifdef CONFIG_DRIVER_BSD CFLAGS += -DCONFIG_DRIVER_BSD OBJS += driver_bsd.o @@ -70,7 +106,6 @@ ifdef CONFIG_L2_PACKET ifdef CONFIG_DNET_PCAP -CFLAGS += -DUSE_DNET_PCAP ifdef CONFIG_L2_FREEBSD LIBS += -lpcap OBJS += $(DIR_WPA_SUPPLICANT)/l2_packet_freebsd.o @@ -122,9 +157,21 @@ ifdef CONFIG_EAP_SIM CFLAGS += -DEAP_SIM -OBJS += eap_sim.o $(DIR_WPA_SUPPLICANT)/eap_sim_common.o -# Example EAP-SIM interface for GSM authentication. This can be replaced with -# another file implementating the interface specified in eap_sim_db.h. +OBJS += eap_sim.o +CONFIG_EAP_SIM_COMMON=y +endif + +ifdef CONFIG_EAP_AKA +CFLAGS += -DEAP_AKA +OBJS += eap_aka.o +CONFIG_EAP_SIM_COMMON=y +endif + +ifdef CONFIG_EAP_SIM_COMMON +OBJS += $(DIR_WPA_SUPPLICANT)/eap_sim_common.o +# Example EAP-SIM/AKA interface for GSM/UMTS authentication. This can be +# replaced with another file implementating the interface specified in +# eap_sim_db.h. OBJS += eap_sim_db.o endif @@ -138,6 +185,25 @@ OBJS += eap_psk.o $(DIR_WPA_SUPPLICANT)/eap_psk_common.o endif +ifdef CONFIG_EAP_SAKE +CFLAGS += -DEAP_SAKE +OBJS += eap_sake.o $(DIR_WPA_SUPPLICANT)/eap_sake_common.o +endif + +ifdef CONFIG_EAP_GPSK +CFLAGS += -DEAP_GPSK +OBJS += eap_gpsk.o $(DIR_WPA_SUPPLICANT)/eap_gpsk_common.o +ifdef CONFIG_EAP_GPSK_SHA256 +CFLAGS += -DEAP_GPSK_SHA256 +NEED_SHA256=y +endif +endif + +ifdef CONFIG_EAP_VENDOR_TEST +CFLAGS += -DEAP_VENDOR_TEST +OBJS += eap_vendor_test.o +endif + ifdef CONFIG_EAP_TLV CFLAGS += -DEAP_TLV OBJS += eap_tlv.o @@ -145,15 +211,34 @@ ifdef CONFIG_EAP CFLAGS += -DEAP_SERVER -OBJS += eap.o eap_identity.o +OBJS += eap.o eap_methods.o eap_identity.o +endif + +ifndef CONFIG_TLS +CONFIG_TLS=openssl endif ifdef TLS_FUNCS # Shared TLS functions (needed for EAP_TLS, EAP_PEAP, and EAP_TTLS) CFLAGS += -DEAP_TLS_FUNCS -OBJS += eap_tls_common.o $(DIR_WPA_SUPPLICANT)/tls_openssl.o +OBJS += eap_tls_common.o +ifeq ($(CONFIG_TLS), openssl) +OBJS += $(DIR_WPA_SUPPLICANT)/tls_openssl.o LIBS += -lssl -lcrypto LIBS_p += -lcrypto +LIBS_h += -lcrypto +endif +ifeq ($(CONFIG_TLS), gnutls) +OBJS += $(DIR_WPA_SUPPLICANT)/tls_gnutls.o +LIBS += -lgnutls -lgcrypt -lgpg-error +LIBS_p += -lgcrypt +LIBS_h += -lgcrypt +endif +ifdef CONFIG_GNUTLS_EXTRA +CFLAGS += -DCONFIG_GNUTLS_EXTRA +LIBS += -lgnutls-extra +endif +NEED_CRYPTO=y else OBJS += $(DIR_WPA_SUPPLICANT)/tls_none.o endif @@ -163,10 +248,60 @@ endif ifdef MS_FUNCS +OBJS += $(DIR_WPA_SUPPLICANT)/ms_funcs.o +NEED_CRYPTO=y +endif + +ifdef NEED_CRYPTO ifndef TLS_FUNCS +ifeq ($(CONFIG_TLS), openssl) LIBS += -lcrypto +LIBS_p += -lcrypto +LIBS_h += -lcrypto +endif +ifeq ($(CONFIG_TLS), gnutls) +LIBS += -lgcrypt +LIBS_p += -lgcrypt +LIBS_h += -lgcrypt +endif +endif +ifeq ($(CONFIG_TLS), openssl) +OBJS += $(DIR_WPA_SUPPLICANT)/crypto.o +OBJS_p += $(DIR_WPA_SUPPLICANT)/crypto.o +HOBJS += $(DIR_WPA_SUPPLICANT)/crypto.o +CONFIG_INTERNAL_SHA256=y +endif +ifeq ($(CONFIG_TLS), gnutls) +OBJS += $(DIR_WPA_SUPPLICANT)/crypto_gnutls.o +OBJS_p += $(DIR_WPA_SUPPLICANT)/crypto_gnutls.o +HOBJS += $(DIR_WPA_SUPPLICANT)/crypto_gnutls.o +CONFIG_INTERNAL_SHA256=y endif -OBJS += $(DIR_WPA_SUPPLICANT)/ms_funcs.o $(DIR_WPA_SUPPLICANT)/crypto.o +else +CONFIG_INTERNAL_AES=y +CONFIG_INTERNAL_SHA1=y +CONFIG_INTERNAL_MD5=y +CONFIG_INTERNAL_SHA256=y +endif + +ifdef CONFIG_INTERNAL_AES +CFLAGS += -DINTERNAL_AES +endif +ifdef CONFIG_INTERNAL_SHA1 +CFLAGS += -DINTERNAL_SHA1 +endif +ifdef CONFIG_INTERNAL_SHA256 +CFLAGS += -DINTERNAL_SHA256 +endif +ifdef CONFIG_INTERNAL_MD5 +CFLAGS += -DINTERNAL_MD5 +endif +ifdef CONFIG_INTERNAL_MD4 +CFLAGS += -DINTERNAL_MD4 +endif + +ifdef NEED_SHA256 +OBJS += sha256.o endif ifdef CONFIG_RADIUS_SERVER @@ -178,6 +313,12 @@ CFLAGS += -DCONFIG_IPV6 endif +ifdef CONFIG_FULL_DYNAMIC_VLAN +# define CONFIG_FULL_DYNAMIC_VLAN to have hostapd manipulate bridges +# and vlan interfaces for the vlan feature. +CFLAGS += -DCONFIG_FULL_DYNAMIC_VLAN +endif + ALL=hostapd hostapd_cli all: verify_config $(ALL) @@ -201,10 +342,7 @@ rm -f driver_conf.c echo '/* THIS FILE AUTOMATICALLY GENERATED, DO NOT EDIT! */' \ > driver_conf.c - echo '#include <stdlib.h>' >> driver_conf.c - echo '#include <stdio.h>' >> driver_conf.c - echo '#include <sys/types.h>' >> driver_conf.c - echo '#include <netinet/in.h>' >> driver_conf.c + echo '#include "includes.h"' >> driver_conf.c echo '#include "hostapd.h"' >> driver_conf.c echo '#include "driver.h"' >> driver_conf.c ifdef CONFIG_DRIVER_HOSTAP @@ -219,6 +357,9 @@ ifdef CONFIG_DRIVER_PRISM54 echo "void prism54_driver_register(void);" >> driver_conf.c endif +ifdef CONFIG_DRIVER_DEVICESCAPE + echo "void devicescape_driver_register(void);" >> driver_conf.c +endif ifdef CONFIG_DRIVER_BSD echo "void bsd_driver_register(void);" >> driver_conf.c endif @@ -238,6 +379,9 @@ ifdef CONFIG_DRIVER_PRISM54 echo "prism54_driver_register();" >> driver_conf.c endif +ifdef CONFIG_DRIVER_DEVICESCAPE + echo "devicescape_driver_register();" >> driver_conf.c +endif ifdef CONFIG_DRIVER_BSD echo "bsd_driver_register();" >> driver_conf.c endif @@ -249,7 +393,48 @@ hostapd_cli: hostapd_cli.o $(DIR_WPA_SUPPLICANT)/wpa_ctrl.o $(CC) -o hostapd_cli hostapd_cli.o $(DIR_WPA_SUPPLICANT)/wpa_ctrl.o +NOBJS = nt_password_hash.o $(DIR_WPA_SUPPLICANT)/ms_funcs.o sha1.o rc4.o md5.o +NOBJS += $(DIR_WPA_SUPPLICANT)/crypto.o os_$(CONFIG_OS).o +ifdef TLS_FUNCS +LIBS_n += -lcrypto +endif + +nt_password_hash: $(NOBJS) + $(CC) -o nt_password_hash $(NOBJS) $(LIBS_n) + +hlr_auc_gw: $(HOBJS) + $(CC) -o hlr_auc_gw $(HOBJS) $(LIBS_h) + clean: - rm -f core *~ *.o hostapd hostapd_cli *.d driver_conf.c + rm -f core *~ *.o hostapd hostapd_cli nt_password_hash hlr_auc_gw + rm -f *.d driver_conf.c + +%.eps: %.fig + fig2dev -L eps $*.fig $*.eps + +%.png: %.fig + fig2dev -L png -m 3 $*.fig | pngtopnm | pnmscale 0.4 | pnmtopng \ + > $*.png + +docs-pics: doc/hostapd.png doc/hostapd.eps + +docs: docs-pics + doxygen doc/doxygen.full + $(MAKE) -C doc/latex + cp doc/latex/refman.pdf hostapd-devel.pdf + +docs-fast: docs-pics + doxygen doc/doxygen.fast + +clean-docs: + rm -rf doc/latex doc/html + rm -f doc/hosta.d{eps,png} hostapd-devel.pdf + +TEST_SRC_MILENAGE = milenage.c aes_wrap.c common.c os_$(CONFIG_OS).c +test-milenage: $(TEST_SRC_MILENAGE) + $(CC) -o test-milenage -Wall -Werror $(TEST_SRC_MILENAGE) \ + -DTEST_MAIN_MILENAGE -I. -I../wpa_supplicant -DINTERNAL_AES + ./test-milenage + rm test-milenage -include $(OBJS:%.o=%.d) ==== //depot/projects/wifi/contrib/hostapd/README#3 (text+ko) ==== @@ -27,13 +27,13 @@ You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software -Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA +Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA (this copy of the license is in COPYING file) -Alternatively, this software may be distributed under the terms of BSD -license: +Alternatively, this software may be distributed, used, and modified +under the terms of BSD license: Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are @@ -92,9 +92,9 @@ madwifi driver for cards based on Atheros chip set (ar521x) (http://sourceforge.net/projects/madwifi/) - Please note that you will need to modify the hostapd Makefile - to use correct path for madwifi driver root directory - (CFLAGS += -I../head line in Makefile). + Please note that you will need to add the correct path for + madwifi driver root directory in .config (see defconfig file for + an example: CFLAGS += -I<path>) Prism54 driver for Intersil/Conexant Prism GT/Duette/Indigo (http://www.prism54.org/) @@ -158,14 +158,6 @@ device that is also used with IEEE 802.11 management frames. The frames to the Supplicant are sent using the same device. -hostapd includes a minimal colocated Authentication Server for testing -purposes. It only requests the identity of the Supplicant and -authorizes any host that is able to send a valid EAP Response -frame. This can be used for quick testing since it does not require an -external Authentication Server, but it should not be used for any real -authentication purposes since no keys are required and anyone can -authenticate. - The normal configuration of the Authenticator would use an external Authentication Server. hostapd supports RADIUS encapsulation of EAP packets, so the Authentication Server should be a RADIUS server, like ==== //depot/projects/wifi/contrib/hostapd/accounting.c#3 (text+ko) ==== @@ -1,6 +1,5 @@ /* - * Host AP (software wireless LAN access point) user space daemon for - * Host AP kernel driver / Accounting + * hostapd / RADIUS Accounting * Copyright (c) 2002-2005, Jouni Malinen <jkmaline@cc.hut.fi> * * This program is free software; you can redistribute it and/or modify @@ -13,18 +12,8 @@ * See README and COPYING for more details. */ -#include <stdlib.h> -#include <stdio.h> -#include <unistd.h> -#include <netinet/in.h> -#include <string.h> -#include <sys/ioctl.h> -#include <signal.h> +#include "includes.h" #include <assert.h> -#include <time.h> -#include <sys/time.h> -#include <sys/socket.h> - #include "hostapd.h" #include "radius.h" @@ -40,7 +29,13 @@ * input/output octets and updates Acct-{Input,Output}-Gigawords. */ #define ACCT_DEFAULT_UPDATE_INTERVAL 300 -static struct radius_msg * accounting_msg(hostapd *hapd, struct sta_info *sta, +/* from ieee802_1x.c */ +const char *radius_mode_txt(struct hostapd_data *hapd); +int radius_sta_rate(struct hostapd_data *hapd, struct sta_info *sta); + + +static struct radius_msg * accounting_msg(struct hostapd_data *hapd, + struct sta_info *sta, int status_type) { struct radius_msg *msg; @@ -131,7 +126,7 @@ } snprintf(buf, sizeof(buf), RADIUS_802_1X_ADDR_FORMAT ":%s", - MAC2STR(hapd->own_addr), hapd->conf->ssid); + MAC2STR(hapd->own_addr), hapd->conf->ssid.ssid); if (!radius_msg_add_attr(msg, RADIUS_ATTR_CALLED_STATION_ID, (u8 *) buf, strlen(buf))) { printf("Could not add Called-Station-Id\n"); @@ -154,7 +149,10 @@ goto fail; } - snprintf(buf, sizeof(buf), "CONNECT 11Mbps 802.11b"); + snprintf(buf, sizeof(buf), "CONNECT %d%sMbps %s", + radius_sta_rate(hapd, sta) / 2, + (radius_sta_rate(hapd, sta) & 1) ? ".5" : "", + radius_mode_txt(hapd)); if (!radius_msg_add_attr(msg, RADIUS_ATTR_CONNECT_INFO, (u8 *) buf, strlen(buf))) { printf("Could not add Connect-Info\n"); @@ -211,7 +209,7 @@ static void accounting_interim_update(void *eloop_ctx, void *timeout_ctx) { - hostapd *hapd = eloop_ctx; + struct hostapd_data *hapd = eloop_ctx; struct sta_info *sta = timeout_ctx; int interval; @@ -229,11 +227,11 @@ } -void accounting_sta_start(hostapd *hapd, struct sta_info *sta) +void accounting_sta_start(struct hostapd_data *hapd, struct sta_info *sta) { struct radius_msg *msg; int interval; - + if (sta->acct_session_started) return; @@ -260,7 +258,8 @@ } -void accounting_sta_report(hostapd *hapd, struct sta_info *sta, int stop) +void accounting_sta_report(struct hostapd_data *hapd, struct sta_info *sta, + int stop) { struct radius_msg *msg; int cause = sta->acct_terminate_cause; @@ -360,14 +359,14 @@ } -void accounting_sta_interim(hostapd *hapd, struct sta_info *sta) +void accounting_sta_interim(struct hostapd_data *hapd, struct sta_info *sta) { if (sta->acct_session_started) accounting_sta_report(hapd, sta, 0); } -void accounting_sta_stop(hostapd *hapd, struct sta_info *sta) +void accounting_sta_stop(struct hostapd_data *hapd, struct sta_info *sta) { if (sta->acct_session_started) { accounting_sta_report(hapd, sta, 1); @@ -435,7 +434,7 @@ } -int accounting_init(hostapd *hapd) +int accounting_init(struct hostapd_data *hapd) { /* Acct-Session-Id should be unique over reboots. If reliable clock is * not available, this could be replaced with reboot counter, etc. */ @@ -451,7 +450,18 @@ } -void accounting_deinit(hostapd *hapd) +void accounting_deinit(struct hostapd_data *hapd) { accounting_report_state(hapd, 0); } + + +int accounting_reconfig(struct hostapd_data *hapd, + struct hostapd_config *oldconf) +{ + if (!hapd->radius_client_reconfigured) + return 0; + + accounting_deinit(hapd); + return accounting_init(hapd); +} ==== //depot/projects/wifi/contrib/hostapd/accounting.h#2 (text+ko) ==== @@ -1,13 +1,27 @@ +/* + * hostapd / RADIUS Accounting + * Copyright (c) 2002-2005, Jouni Malinen <jkmaline@cc.hut.fi> + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2 as + * published by the Free Software Foundation. + * + * Alternatively, this software may be distributed under the terms of BSD + * license. + * + * See README and COPYING for more details. + */ + #ifndef ACCOUNTING_H #define ACCOUNTING_H - -void accounting_sta_start(hostapd *hapd, struct sta_info *sta); -void accounting_sta_interim(hostapd *hapd, struct sta_info *sta); -void accounting_sta_stop(hostapd *hapd, struct sta_info *sta); +void accounting_sta_start(struct hostapd_data *hapd, struct sta_info *sta); +void accounting_sta_interim(struct hostapd_data *hapd, struct sta_info *sta); +void accounting_sta_stop(struct hostapd_data *hapd, struct sta_info *sta); void accounting_sta_get_id(struct hostapd_data *hapd, struct sta_info *sta); -int accounting_init(hostapd *hapd); -void accounting_deinit(hostapd *hapd); - +int accounting_init(struct hostapd_data *hapd); +void accounting_deinit(struct hostapd_data *hapd); +int accounting_reconfig(struct hostapd_data *hapd, + struct hostapd_config *oldconf); #endif /* ACCOUNTING_H */ ==== //depot/projects/wifi/contrib/hostapd/aes.c#3 (text+ko) ==== @@ -21,6 +21,8 @@ * See README and COPYING for more details. */ +#include "includes.h" + /* * rijndael-alg-fst.c * @@ -1060,7 +1062,7 @@ u32 *rk; if (len != 16) return NULL; - rk = malloc(4 * 44); + rk = os_malloc(4 * 44); if (rk == NULL) return NULL; rijndaelKeySetupEnc(rk, key); @@ -1076,7 +1078,7 @@ void aes_encrypt_deinit(void *ctx) { - free(ctx); + os_free(ctx); } @@ -1085,7 +1087,7 @@ u32 *rk; if (len != 16) return NULL; - rk = malloc(4 * 44); + rk = os_malloc(4 * 44); if (rk == NULL) return NULL; rijndaelKeySetupDec(rk, key); @@ -1101,5 +1103,5 @@ void aes_decrypt_deinit(void *ctx) { - free(ctx); + os_free(ctx); } ==== //depot/projects/wifi/contrib/hostapd/aes_wrap.c#3 (text+ko) ==== @@ -19,17 +19,18 @@ * See README and COPYING for more details. */ -#include <stdlib.h> -#include <stdio.h> -#include <string.h> +#include "includes.h" + #include "common.h" #include "aes_wrap.h" #include "crypto.h" -#ifndef EAP_TLS_FUNCS +#ifdef INTERNAL_AES #include "aes.c" -#endif /* EAP_TLS_FUNCS */ +#endif /* INTERNAL_AES */ + +#ifndef CONFIG_NO_AES_WRAP /** * aes_wrap - Wrap keys with AES Key Wrap Algorithm (128-bit KEK) (RFC3394) @@ -49,8 +50,8 @@ r = cipher + 8; /* 1) Initialize variables. */ - memset(a, 0xa6, 8); - memcpy(r, plain, 8 * n); + os_memset(a, 0xa6, 8); + os_memcpy(r, plain, 8 * n); ctx = aes_encrypt_init(kek, 16); if (ctx == NULL) @@ -66,12 +67,12 @@ for (j = 0; j <= 5; j++) { r = cipher + 8; for (i = 1; i <= n; i++) { - memcpy(b, a, 8); - memcpy(b + 8, r, 8); + os_memcpy(b, a, 8); + os_memcpy(b + 8, r, 8); aes_encrypt(ctx, b, b); - memcpy(a, b, 8); + os_memcpy(a, b, 8); a[7] ^= n * j + i; - memcpy(r, b + 8, 8); + os_memcpy(r, b + 8, 8); r += 8; } } @@ -86,7 +87,9 @@ return 0; } +#endif /* CONFIG_NO_AES_WRAP */ + /** * aes_unwrap - Unwrap key with AES Key Wrap Algorithm (128-bit KEK) (RFC3394) * @kek: Key encryption key (KEK) @@ -102,9 +105,9 @@ void *ctx; /* 1) Initialize variables. */ - memcpy(a, cipher, 8); + os_memcpy(a, cipher, 8); r = plain; - memcpy(r, cipher + 8, 8 * n); + os_memcpy(r, cipher + 8, 8 * n); ctx = aes_decrypt_init(kek, 16); if (ctx == NULL) @@ -120,13 +123,13 @@ for (j = 5; j >= 0; j--) { r = plain + (n - 1) * 8; for (i = n; i >= 1; i--) { - memcpy(b, a, 8); + os_memcpy(b, a, 8); b[7] ^= n * j + i; - memcpy(b + 8, r, 8); + os_memcpy(b + 8, r, 8); aes_decrypt(ctx, b, b); - memcpy(a, b, 8); - memcpy(r, b + 8, 8); + os_memcpy(a, b, 8); + os_memcpy(r, b + 8, 8); r -= 8; } } @@ -148,6 +151,8 @@ #define BLOCK_SIZE 16 >>> TRUNCATED FOR MAIL (1000 lines) <<<
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200704091644.l39GiNNv008395>