Date: Thu, 6 Sep 2007 19:38:55 GMT From: Scot Hetzel <swhetzel@gmail.com> To: freebsd-gnats-submit@FreeBSD.org Subject: bin/116164: wpa_supplicant: add non-standard EAP Methods Message-ID: <200709061938.l86JcttV048665@www.freebsd.org> Resent-Message-ID: <200709061940.l86Je8Y0086565@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 116164 >Category: bin >Synopsis: wpa_supplicant: add non-standard EAP Methods >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Thu Sep 06 19:40:08 GMT 2007 >Closed-Date: >Last-Modified: >Originator: Scot Hetzel >Release: 7.0-CURRENT >Organization: >Environment: >Description: wpa_supplicant supports many types of EAP authentication alogorithms, but not all of them are included in FreeBSD. >How-To-Repeat: Try to use wpa_supplicant at a site that is not using one of the default EAP methods. >Fix: To add additional EAP methods, just set WPA_SUPPLICANT_CFLAGS to one or more of these methods: -DEAP_AKA, -DEAP_SIM, -DEAP_GTC, -DEAP_OTP, -DEAP_GPSK, -DEAP_PAX, -DEAP_SAKE The EAP_AKA and EAP_SIM methods can be configured to use devel/pcsc-lite, by adding: WPA_SUPPLICANT_CFLAGS=-DEAP_AKA -DPCSC_FUNCS -I/usr/local/include/PCSC WPA_SUPPLICANT_LDADD=-L/usr/local/lib to src.conf. This is similar to how sendmail added SASL support. Patch attached with submission follows: Index: Makefile =================================================================== RCS file: /home/ncvs/src/usr.sbin/wpa/wpa_supplicant/Makefile,v retrieving revision 1.9 diff -u -r1.9 Makefile --- Makefile 11 Jul 2007 16:04:08 -0000 1.9 +++ Makefile 6 Sep 2007 19:35:30 -0000 @@ -35,7 +35,7 @@ .if ${MK_OPENSSL} != "no" && !defined(RELEASE_CRUNCH) CFLAGS+=-DEAP_TLS -DEAP_PEAP -DEAP_MSCHAPv2 -DEAP_LEAP -DEAP_PSK \ - -DEAP_TLV -DEAP_TLS_FUNCS + -DEAP_TLV -DEAP_TLS_FUNCS -DEAP_TLS_OPENSSL SRCS+= eap_tls.c eap_peap.c eap_mschapv2.c eap_leap.c \ eap_psk.c eap_psk_common.c \ eap_tlv.c eap_tls_common.c tls_openssl.c ms_funcs.c crypto.c @@ -43,6 +43,60 @@ CFLAGS+=-DEAP_TTLS -DEAP_MD5 SRCS+= eap_ttls.c eap_md5.c +# User customizations to the wpa_supplicant build environment +CFLAGS+=${WPA_SUPPLICANT_CFLAGS} +#DPADD+=${WPA_SUPPLICANT_DPADD} +LDADD+=${WPA_SUPPLICANT_LDADD} +#LDFLAGS+=${WPA_SUPPLICANT_LDFLAGS} + +.if !empty(CFLAGS:M*-DEAP_GTC) +SRCS+= eap_gtc.c +.endif + +.if !empty(CFLAGS:M*-DEAP_OTP) +SRCS+= eap_otp.c +.endif + +.if !empty(CFLAGS:M*-DEAP_AKA) +NEED_SIM_COMMON= true +SRCS+= eap_aka.c +.endif + +.if !empty(CFLAGS:M*-DEAP_SIM) +NEED_SIM_COMMON= true +SRCS+= eap_sim.c +.endif + +.if defined(NEED_SIM_COMMON) +SRCS+= eap_sim_common.c + +# PC/SC interface for smartcards (USIM, GSM SIM) +# GSM/UMTS authentication algorithm (for EAP-SIM/EAP-AKA) +# NB: requires devel/pcsc-lite +# +# WPA_SUPPLICANT_CFLAGS=-DEAP_AKA -DPCSC_FUNCS -I/usr/local/include/PCSC +# WPA_SUPPLICANT_LDADD=-L/usr/local/lib +# +.if !empty(CFLAGS:M*-DPCSC_FUNCS) +SRCS+= pcsc_funcs.c +DPADD+=${LIBPTHREAD} +LDADD+=-lpcsclite -lpthread +.endif +.endif + +.if !empty(CFLAGS:M*-DEAP_GPSK) +CFLAGS+=-DEAP_GPSK_SHA256 -DINTERNAL_SHA256 +SRCS+= eap_gpsk.c eap_gpsk_common.c sha256.c +.endif + +.if !empty(CFLAGS:M*-DEAP_PAX) +SRCS+= eap_pax.c eap_pax_common.c +.endif + +.if !empty(CFLAGS:M*-DEAP_SAKE) +SRCS+= eap_sake.c eap_sake_common.c +.endif + # NB: requires patch to openssl #CFLAGS+= -DEAP_FAST #SRCS+= eap_fast.c @@ -50,6 +104,7 @@ DPADD+= ${LIBSSL} ${LIBCRYPTO} LDADD+= -lssl -lcrypto .else +CFLAGS+= -DEAP_TLS_NONE SRCS+= tls_none.c .endif >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200709061938.l86JcttV048665>