From owner-freebsd-bugs@FreeBSD.ORG Thu Sep 6 19:40:08 2007 Return-Path: Delivered-To: freebsd-bugs@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id B669516A420 for ; Thu, 6 Sep 2007 19:40:08 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id 981B513C458 for ; Thu, 6 Sep 2007 19:40:08 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) by freefall.freebsd.org (8.14.1/8.14.1) with ESMTP id l86Je8P5086567 for ; Thu, 6 Sep 2007 19:40:08 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.1/8.14.1/Submit) id l86Je8Y0086565; Thu, 6 Sep 2007 19:40:08 GMT (envelope-from gnats) Resent-Date: Thu, 6 Sep 2007 19:40:08 GMT Resent-Message-Id: <200709061940.l86Je8Y0086565@freefall.freebsd.org> Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer) Resent-To: freebsd-bugs@FreeBSD.org Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org, Scot Hetzel Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 975F416A41B for ; Thu, 6 Sep 2007 19:38:55 +0000 (UTC) (envelope-from nobody@FreeBSD.org) Received: from www.freebsd.org (www.freebsd.org [IPv6:2001:4f8:fff6::21]) by mx1.freebsd.org (Postfix) with ESMTP id 7C6C413C45B for ; Thu, 6 Sep 2007 19:38:55 +0000 (UTC) (envelope-from nobody@FreeBSD.org) Received: from www.freebsd.org (localhost [127.0.0.1]) by www.freebsd.org (8.14.1/8.14.1) with ESMTP id l86JctQE048666 for ; Thu, 6 Sep 2007 19:38:55 GMT (envelope-from nobody@www.freebsd.org) Received: (from nobody@localhost) by www.freebsd.org (8.14.1/8.14.1/Submit) id l86JcttV048665; Thu, 6 Sep 2007 19:38:55 GMT (envelope-from nobody) Message-Id: <200709061938.l86JcttV048665@www.freebsd.org> Date: Thu, 6 Sep 2007 19:38:55 GMT From: Scot Hetzel To: freebsd-gnats-submit@FreeBSD.org X-Send-Pr-Version: www-3.1 Cc: Subject: bin/116164: wpa_supplicant: add non-standard EAP Methods X-BeenThere: freebsd-bugs@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 06 Sep 2007 19:40:08 -0000 >Number: 116164 >Category: bin >Synopsis: wpa_supplicant: add non-standard EAP Methods >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Thu Sep 06 19:40:08 GMT 2007 >Closed-Date: >Last-Modified: >Originator: Scot Hetzel >Release: 7.0-CURRENT >Organization: >Environment: >Description: wpa_supplicant supports many types of EAP authentication alogorithms, but not all of them are included in FreeBSD. >How-To-Repeat: Try to use wpa_supplicant at a site that is not using one of the default EAP methods. >Fix: To add additional EAP methods, just set WPA_SUPPLICANT_CFLAGS to one or more of these methods: -DEAP_AKA, -DEAP_SIM, -DEAP_GTC, -DEAP_OTP, -DEAP_GPSK, -DEAP_PAX, -DEAP_SAKE The EAP_AKA and EAP_SIM methods can be configured to use devel/pcsc-lite, by adding: WPA_SUPPLICANT_CFLAGS=-DEAP_AKA -DPCSC_FUNCS -I/usr/local/include/PCSC WPA_SUPPLICANT_LDADD=-L/usr/local/lib to src.conf. This is similar to how sendmail added SASL support. Patch attached with submission follows: Index: Makefile =================================================================== RCS file: /home/ncvs/src/usr.sbin/wpa/wpa_supplicant/Makefile,v retrieving revision 1.9 diff -u -r1.9 Makefile --- Makefile 11 Jul 2007 16:04:08 -0000 1.9 +++ Makefile 6 Sep 2007 19:35:30 -0000 @@ -35,7 +35,7 @@ .if ${MK_OPENSSL} != "no" && !defined(RELEASE_CRUNCH) CFLAGS+=-DEAP_TLS -DEAP_PEAP -DEAP_MSCHAPv2 -DEAP_LEAP -DEAP_PSK \ - -DEAP_TLV -DEAP_TLS_FUNCS + -DEAP_TLV -DEAP_TLS_FUNCS -DEAP_TLS_OPENSSL SRCS+= eap_tls.c eap_peap.c eap_mschapv2.c eap_leap.c \ eap_psk.c eap_psk_common.c \ eap_tlv.c eap_tls_common.c tls_openssl.c ms_funcs.c crypto.c @@ -43,6 +43,60 @@ CFLAGS+=-DEAP_TTLS -DEAP_MD5 SRCS+= eap_ttls.c eap_md5.c +# User customizations to the wpa_supplicant build environment +CFLAGS+=${WPA_SUPPLICANT_CFLAGS} +#DPADD+=${WPA_SUPPLICANT_DPADD} +LDADD+=${WPA_SUPPLICANT_LDADD} +#LDFLAGS+=${WPA_SUPPLICANT_LDFLAGS} + +.if !empty(CFLAGS:M*-DEAP_GTC) +SRCS+= eap_gtc.c +.endif + +.if !empty(CFLAGS:M*-DEAP_OTP) +SRCS+= eap_otp.c +.endif + +.if !empty(CFLAGS:M*-DEAP_AKA) +NEED_SIM_COMMON= true +SRCS+= eap_aka.c +.endif + +.if !empty(CFLAGS:M*-DEAP_SIM) +NEED_SIM_COMMON= true +SRCS+= eap_sim.c +.endif + +.if defined(NEED_SIM_COMMON) +SRCS+= eap_sim_common.c + +# PC/SC interface for smartcards (USIM, GSM SIM) +# GSM/UMTS authentication algorithm (for EAP-SIM/EAP-AKA) +# NB: requires devel/pcsc-lite +# +# WPA_SUPPLICANT_CFLAGS=-DEAP_AKA -DPCSC_FUNCS -I/usr/local/include/PCSC +# WPA_SUPPLICANT_LDADD=-L/usr/local/lib +# +.if !empty(CFLAGS:M*-DPCSC_FUNCS) +SRCS+= pcsc_funcs.c +DPADD+=${LIBPTHREAD} +LDADD+=-lpcsclite -lpthread +.endif +.endif + +.if !empty(CFLAGS:M*-DEAP_GPSK) +CFLAGS+=-DEAP_GPSK_SHA256 -DINTERNAL_SHA256 +SRCS+= eap_gpsk.c eap_gpsk_common.c sha256.c +.endif + +.if !empty(CFLAGS:M*-DEAP_PAX) +SRCS+= eap_pax.c eap_pax_common.c +.endif + +.if !empty(CFLAGS:M*-DEAP_SAKE) +SRCS+= eap_sake.c eap_sake_common.c +.endif + # NB: requires patch to openssl #CFLAGS+= -DEAP_FAST #SRCS+= eap_fast.c @@ -50,6 +104,7 @@ DPADD+= ${LIBSSL} ${LIBCRYPTO} LDADD+= -lssl -lcrypto .else +CFLAGS+= -DEAP_TLS_NONE SRCS+= tls_none.c .endif >Release-Note: >Audit-Trail: >Unformatted: