[pkg-wpa-devel] r1342 - in /wpasupplicant/trunk: debian/ src/common/ src/crypto/ src/drivers/ src/eap_common/ src/eap_peer/ src/eap_server/ src/eapol_supp/ src/l2_packet/ src/rsn_supp/ src/tls/ src/wps/ wpa_supplicant/
kelmo-guest at users.alioth.debian.org
kelmo-guest at users.alioth.debian.org
Mon Mar 23 15:40:04 UTC 2009
Author: kelmo-guest
Date: Mon Mar 23 15:40:04 2009
New Revision: 1342
URL: http://svn.debian.org/wsvn/pkg-wpa/?sc=1&rev=1342
Log:
New upstream release
Modified:
wpasupplicant/trunk/debian/changelog
wpasupplicant/trunk/src/common/ieee802_11_defs.h
wpasupplicant/trunk/src/common/nl80211_copy.h
wpasupplicant/trunk/src/common/version.h
wpasupplicant/trunk/src/common/wpa_common.c
wpasupplicant/trunk/src/crypto/crypto_gnutls.c
wpasupplicant/trunk/src/crypto/crypto_internal.c
wpasupplicant/trunk/src/crypto/sha256.c
wpasupplicant/trunk/src/crypto/tls_gnutls.c
wpasupplicant/trunk/src/drivers/driver_bsd.c
wpasupplicant/trunk/src/drivers/driver_ndis.c
wpasupplicant/trunk/src/eap_common/eap_defs.h
wpasupplicant/trunk/src/eap_common/eap_fast_common.h
wpasupplicant/trunk/src/eap_common/eap_tlv_common.h
wpasupplicant/trunk/src/eap_peer/eap_fast.c
wpasupplicant/trunk/src/eap_peer/eap_gpsk.c
wpasupplicant/trunk/src/eap_peer/eap_tnc.c
wpasupplicant/trunk/src/eap_server/eap.c
wpasupplicant/trunk/src/eap_server/eap_gpsk.c
wpasupplicant/trunk/src/eap_server/eap_i.h
wpasupplicant/trunk/src/eap_server/eap_tnc.c
wpasupplicant/trunk/src/eap_server/eap_ttls.c
wpasupplicant/trunk/src/eapol_supp/eapol_supp_sm.c
wpasupplicant/trunk/src/l2_packet/l2_packet_linux.c
wpasupplicant/trunk/src/rsn_supp/wpa.c
wpasupplicant/trunk/src/tls/tlsv1_client.c
wpasupplicant/trunk/src/wps/wps.h
wpasupplicant/trunk/src/wps/wps_enrollee.c
wpasupplicant/trunk/src/wps/wps_registrar.c
wpasupplicant/trunk/src/wps/wps_upnp.c
wpasupplicant/trunk/src/wps/wps_upnp_ssdp.c
wpasupplicant/trunk/wpa_supplicant/ChangeLog
wpasupplicant/trunk/wpa_supplicant/Makefile
wpasupplicant/trunk/wpa_supplicant/ctrl_iface_unix.c
wpasupplicant/trunk/wpa_supplicant/eapol_test.c
wpasupplicant/trunk/wpa_supplicant/events.c
wpasupplicant/trunk/wpa_supplicant/wps_supplicant.c
Modified: wpasupplicant/trunk/debian/changelog
URL: http://svn.debian.org/wsvn/pkg-wpa/wpasupplicant/trunk/debian/changelog?rev=1342&op=diff
==============================================================================
--- wpasupplicant/trunk/debian/changelog (original)
+++ wpasupplicant/trunk/debian/changelog Mon Mar 23 15:40:04 2009
@@ -1,6 +1,6 @@
-wpasupplicant (0.6.8-1) unstable; urgency=low
-
- * New upstream release.
+wpasupplicant (0.6.9-1) unstable; urgency=low
+
+ * New upstream release
* Drop patches applied upstream:
- 10_wpa_gui_qt4_wps_tab_cleanups.patch
- 11_wpa_gui_qt4_qsession.patch
Modified: wpasupplicant/trunk/src/common/ieee802_11_defs.h
URL: http://svn.debian.org/wsvn/pkg-wpa/wpasupplicant/trunk/src/common/ieee802_11_defs.h?rev=1342&op=diff
==============================================================================
--- wpasupplicant/trunk/src/common/ieee802_11_defs.h (original)
+++ wpasupplicant/trunk/src/common/ieee802_11_defs.h Mon Mar 23 15:40:04 2009
@@ -134,10 +134,9 @@
#define WLAN_STATUS_ASSOC_DENIED_LISTEN_INT_TOO_LARGE 51
/* IEEE 802.11r */
#define WLAN_STATUS_INVALID_FT_ACTION_FRAME_COUNT 52
-#define WLAN_STATUS_EXPECTED_RESOURCE_REQ_FT 53
-#define WLAN_STATUS_INVALID_PMKID 54
-#define WLAN_STATUS_INVALID_MDIE 55
-#define WLAN_STATUS_INVALID_FTIE 56
+#define WLAN_STATUS_INVALID_PMKID 53
+#define WLAN_STATUS_INVALID_MDIE 54
+#define WLAN_STATUS_INVALID_FTIE 55
/* Reason codes (IEEE 802.11-2007, 7.3.1.7, Table 7-22) */
#define WLAN_REASON_UNSPECIFIED 1
Modified: wpasupplicant/trunk/src/common/nl80211_copy.h
URL: http://svn.debian.org/wsvn/pkg-wpa/wpasupplicant/trunk/src/common/nl80211_copy.h?rev=1342&op=diff
==============================================================================
--- wpasupplicant/trunk/src/common/nl80211_copy.h (original)
+++ wpasupplicant/trunk/src/common/nl80211_copy.h Mon Mar 23 15:40:04 2009
@@ -526,6 +526,9 @@
* @NL80211_STA_INFO_SIGNAL: signal strength of last received PPDU (u8, dBm)
* @NL80211_STA_INFO_TX_BITRATE: current unicast tx rate, nested attribute
* containing info as possible, see &enum nl80211_sta_info_txrate.
+ * @NL80211_STA_INFO_RX_PACKETS: total received packet (u32, from this station)
+ * @NL80211_STA_INFO_TX_PACKETS: total transmitted packets (u32, to this
+ * station)
*/
enum nl80211_sta_info {
__NL80211_STA_INFO_INVALID,
@@ -537,6 +540,8 @@
NL80211_STA_INFO_PLINK_STATE,
NL80211_STA_INFO_SIGNAL,
NL80211_STA_INFO_TX_BITRATE,
+ NL80211_STA_INFO_RX_PACKETS,
+ NL80211_STA_INFO_TX_PACKETS,
/* keep last */
__NL80211_STA_INFO_AFTER_LAST,
Modified: wpasupplicant/trunk/src/common/version.h
URL: http://svn.debian.org/wsvn/pkg-wpa/wpasupplicant/trunk/src/common/version.h?rev=1342&op=diff
==============================================================================
--- wpasupplicant/trunk/src/common/version.h (original)
+++ wpasupplicant/trunk/src/common/version.h Mon Mar 23 15:40:04 2009
@@ -1,6 +1,6 @@
#ifndef VERSION_H
#define VERSION_H
-#define VERSION_STR "0.6.8"
+#define VERSION_STR "0.6.9"
#endif /* VERSION_H */
Modified: wpasupplicant/trunk/src/common/wpa_common.c
URL: http://svn.debian.org/wsvn/pkg-wpa/wpasupplicant/trunk/src/common/wpa_common.c?rev=1342&op=diff
==============================================================================
--- wpasupplicant/trunk/src/common/wpa_common.c (original)
+++ wpasupplicant/trunk/src/common/wpa_common.c Mon Mar 23 15:40:04 2009
@@ -56,10 +56,10 @@
hmac_sha1(key, 16, buf, len, hash);
os_memcpy(mic, hash, MD5_MAC_LEN);
break;
-#ifdef CONFIG_IEEE80211R
+#if defined(CONFIG_IEEE80211R) || defined(CONFIG_IEEE80211W)
case WPA_KEY_INFO_TYPE_AES_128_CMAC:
return omac1_aes_128(key, buf, len, mic);
-#endif /* CONFIG_IEEE80211R */
+#endif /* CONFIG_IEEE80211R || CONFIG_IEEE80211W */
default:
return -1;
}
Modified: wpasupplicant/trunk/src/crypto/crypto_gnutls.c
URL: http://svn.debian.org/wsvn/pkg-wpa/wpasupplicant/trunk/src/crypto/crypto_gnutls.c?rev=1342&op=diff
==============================================================================
--- wpasupplicant/trunk/src/crypto/crypto_gnutls.c (original)
+++ wpasupplicant/trunk/src/crypto/crypto_gnutls.c Mon Mar 23 15:40:04 2009
@@ -57,7 +57,6 @@
}
-#ifdef EAP_TLS_FUNCS
void md5_vector(size_t num_elem, const u8 *addr[], const size_t *len, u8 *mac)
{
gcry_md_hd_t hd;
@@ -162,7 +161,6 @@
gcry_cipher_hd_t hd = ctx;
gcry_cipher_close(hd);
}
-#endif /* EAP_TLS_FUNCS */
int crypto_mod_exp(const u8 *base, size_t base_len,
Modified: wpasupplicant/trunk/src/crypto/crypto_internal.c
URL: http://svn.debian.org/wsvn/pkg-wpa/wpasupplicant/trunk/src/crypto/crypto_internal.c?rev=1342&op=diff
==============================================================================
--- wpasupplicant/trunk/src/crypto/crypto_internal.c (original)
+++ wpasupplicant/trunk/src/crypto/crypto_internal.c Mon Mar 23 15:40:04 2009
@@ -25,7 +25,7 @@
#include "tls/asn1.h"
-#ifdef EAP_TLS_FUNCS
+#ifdef CONFIG_CRYPTO_INTERNAL
#ifdef CONFIG_TLS_INTERNAL
@@ -788,6 +788,7 @@
void crypto_global_deinit(void)
{
}
+#endif /* CONFIG_TLS_INTERNAL */
#if defined(EAP_FAST) || defined(CONFIG_WPS)
@@ -830,6 +831,4 @@
#endif /* EAP_FAST || CONFIG_WPS */
-#endif /* CONFIG_TLS_INTERNAL */
-
-#endif /* EAP_TLS_FUNCS */
+#endif /* CONFIG_CRYPTO_INTERNAL */
Modified: wpasupplicant/trunk/src/crypto/sha256.c
URL: http://svn.debian.org/wsvn/pkg-wpa/wpasupplicant/trunk/src/crypto/sha256.c?rev=1342&op=diff
==============================================================================
--- wpasupplicant/trunk/src/crypto/sha256.c (original)
+++ wpasupplicant/trunk/src/crypto/sha256.c Mon Mar 23 15:40:04 2009
@@ -122,7 +122,7 @@
void sha256_prf(const u8 *key, size_t key_len, const char *label,
const u8 *data, size_t data_len, u8 *buf, size_t buf_len)
{
- u16 counter = 0;
+ u16 counter = 1;
size_t pos, plen;
u8 hash[SHA256_MAC_LEN];
const u8 *addr[4];
Modified: wpasupplicant/trunk/src/crypto/tls_gnutls.c
URL: http://svn.debian.org/wsvn/pkg-wpa/wpasupplicant/trunk/src/crypto/tls_gnutls.c?rev=1342&op=diff
==============================================================================
--- wpasupplicant/trunk/src/crypto/tls_gnutls.c (original)
+++ wpasupplicant/trunk/src/crypto/tls_gnutls.c Mon Mar 23 15:40:04 2009
@@ -989,11 +989,13 @@
return NULL;
}
+#ifdef CONFIG_GNUTLS_EXTRA
if (conn->tls_ia && !gnutls_ia_handshake_p(conn->session)) {
wpa_printf(MSG_INFO, "TLS: No TLS/IA negotiation");
conn->failed++;
return NULL;
}
+#endif /* CONFIG_GNUTLS_EXTRA */
if (conn->tls_ia)
wpa_printf(MSG_DEBUG, "TLS: Start TLS/IA handshake");
Modified: wpasupplicant/trunk/src/drivers/driver_bsd.c
URL: http://svn.debian.org/wsvn/pkg-wpa/wpasupplicant/trunk/src/drivers/driver_bsd.c?rev=1342&op=diff
==============================================================================
--- wpasupplicant/trunk/src/drivers/driver_bsd.c (original)
+++ wpasupplicant/trunk/src/drivers/driver_bsd.c Mon Mar 23 15:40:04 2009
@@ -177,7 +177,7 @@
}
static int
-wpa_driver_bsd_set_ssid(void *priv, const char *ssid,
+wpa_driver_bsd_set_ssid(void *priv, const u8 *ssid,
size_t ssid_len)
{
struct wpa_driver_bsd_data *drv = priv;
@@ -187,7 +187,7 @@
static int
wpa_driver_bsd_set_wpa_ie(struct wpa_driver_bsd_data *drv,
- const char *wpa_ie, size_t wpa_ie_len)
+ const u8 *wpa_ie, size_t wpa_ie_len)
{
return set80211var(drv, IEEE80211_IOC_OPTIE, wpa_ie, wpa_ie_len);
}
Modified: wpasupplicant/trunk/src/drivers/driver_ndis.c
URL: http://svn.debian.org/wsvn/pkg-wpa/wpasupplicant/trunk/src/drivers/driver_ndis.c?rev=1342&op=diff
==============================================================================
--- wpasupplicant/trunk/src/drivers/driver_ndis.c (original)
+++ wpasupplicant/trunk/src/drivers/driver_ndis.c Mon Mar 23 15:40:04 2009
@@ -54,6 +54,10 @@
static int wpa_driver_ndis_adapter_init(struct wpa_driver_ndis_data *drv);
static int wpa_driver_ndis_adapter_open(struct wpa_driver_ndis_data *drv);
static void wpa_driver_ndis_adapter_close(struct wpa_driver_ndis_data *drv);
+
+
+static const u8 pae_group_addr[ETH_ALEN] =
+{ 0x01, 0x80, 0xc2, 0x00, 0x00, 0x03 };
/* FIX: to be removed once this can be compiled with the complete NDIS
@@ -610,12 +614,7 @@
* Report PAE group address as the "BSSID" for wired
* connection.
*/
- bssid[0] = 0x01;
- bssid[1] = 0x80;
- bssid[2] = 0xc2;
- bssid[3] = 0x00;
- bssid[4] = 0x00;
- bssid[5] = 0x03;
+ os_memcpy(bssid, pae_group_addr, ETH_ALEN);
return 0;
}
@@ -2704,6 +2703,19 @@
}
+static int ndis_add_multicast(struct wpa_driver_ndis_data *drv)
+{
+ if (ndis_set_oid(drv, OID_802_3_MULTICAST_LIST,
+ (const char *) pae_group_addr, ETH_ALEN) < 0) {
+ wpa_printf(MSG_DEBUG, "NDIS: Failed to add PAE group address "
+ "to the multicast list");
+ return -1;
+ }
+
+ return 0;
+}
+
+
static void * wpa_driver_ndis_init(void *ctx, const char *ifname)
{
struct wpa_driver_ndis_data *drv;
@@ -2799,6 +2811,7 @@
"any wireless capabilities - assume it is "
"a wired interface");
drv->wired = 1;
+ ndis_add_multicast(drv);
}
}
Modified: wpasupplicant/trunk/src/eap_common/eap_defs.h
URL: http://svn.debian.org/wsvn/pkg-wpa/wpasupplicant/trunk/src/eap_common/eap_defs.h?rev=1342&op=diff
==============================================================================
--- wpasupplicant/trunk/src/eap_common/eap_defs.h (original)
+++ wpasupplicant/trunk/src/eap_common/eap_defs.h Mon Mar 23 15:40:04 2009
@@ -67,7 +67,7 @@
EAP_TYPE_SAKE = 48 /* RFC 4763 */,
EAP_TYPE_IKEV2 = 49 /* RFC 5106 */,
EAP_TYPE_AKA_PRIME = 50 /* draft-arkko-eap-aka-kdf-10.txt */,
- EAP_TYPE_GPSK = 51 /* draft-ietf-emu-eap-gpsk-17.txt */,
+ EAP_TYPE_GPSK = 51 /* RFC 5433 */,
EAP_TYPE_EXPANDED = 254 /* RFC 3748 */
} EapType;
Modified: wpasupplicant/trunk/src/eap_common/eap_fast_common.h
URL: http://svn.debian.org/wsvn/pkg-wpa/wpasupplicant/trunk/src/eap_common/eap_fast_common.h?rev=1342&op=diff
==============================================================================
--- wpasupplicant/trunk/src/eap_common/eap_fast_common.h (original)
+++ wpasupplicant/trunk/src/eap_common/eap_fast_common.h Mon Mar 23 15:40:04 2009
@@ -24,8 +24,7 @@
#define TLS_EXT_PAC_OPAQUE 35
/*
- * draft-cam-winget-eap-fast-provisioning-04.txt:
- * Section 4.2.1 - Formats for PAC TLV Attributes / Type Field
+ * RFC 5422: Section 4.2.1 - Formats for PAC TLV Attributes / Type Field
* Note: bit 0x8000 (Mandatory) and bit 0x4000 (Reserved) are also defined
* in the general PAC TLV format (Section 4.2).
*/
@@ -59,10 +58,7 @@
#define EAP_FAST_PAC_KEY_LEN 32
-/* draft-cam-winget-eap-fast-provisioning-04.txt: 4.2.6 PAC-Type TLV
- * Note: Machine Authentication PAC and User Authorization PAC were removed in
- * draft-cam-winget-eap-fast-provisioning-03.txt
- */
+/* RFC 5422: 4.2.6 PAC-Type TLV */
#define PAC_TYPE_TUNNEL_PAC 1
/* Application Specific Short Lived PACs (only in volatile storage) */
/* User Authorization PAC */
@@ -73,8 +69,8 @@
/*
- * draft-cam-winget-eap-fast-provisioning-04.txt:
- * Section 3.4 - Key Derivations Used in the EAP-FAST Provisioning Exchange
+ * RFC 5422:
+ * Section 3.3 - Key Derivations Used in the EAP-FAST Provisioning Exchange
*/
struct eap_fast_key_block_provisioning {
/* Extra key material after TLS key_block */
Modified: wpasupplicant/trunk/src/eap_common/eap_tlv_common.h
URL: http://svn.debian.org/wsvn/pkg-wpa/wpasupplicant/trunk/src/eap_common/eap_tlv_common.h?rev=1342&op=diff
==============================================================================
--- wpasupplicant/trunk/src/eap_common/eap_tlv_common.h (original)
+++ wpasupplicant/trunk/src/eap_common/eap_tlv_common.h Mon Mar 23 15:40:04 2009
@@ -24,8 +24,7 @@
#define EAP_TLV_URI_TLV 8
#define EAP_TLV_EAP_PAYLOAD_TLV 9
#define EAP_TLV_INTERMEDIATE_RESULT_TLV 10
-#define EAP_TLV_PAC_TLV 11 /* draft-cam-winget-eap-fast-provisioning-04.txt,
- * Section 4.2 */
+#define EAP_TLV_PAC_TLV 11 /* RFC 5422, Section 4.2 */
#define EAP_TLV_CRYPTO_BINDING_TLV 12
#define EAP_TLV_CALLING_STATION_ID_TLV 13
#define EAP_TLV_CALLED_STATION_ID_TLV 14
@@ -99,7 +98,7 @@
be16 action;
} STRUCT_PACKED;
-/* draft-cam-winget-eap-fast-provisiong-04.txt, Section 4.2.6 - PAC-Type TLV */
+/* RFC 5422, Section 4.2.6 - PAC-Type TLV */
struct eap_tlv_pac_type_tlv {
be16 tlv_type; /* PAC_TYPE_PAC_TYPE */
be16 length;
Modified: wpasupplicant/trunk/src/eap_peer/eap_fast.c
URL: http://svn.debian.org/wsvn/pkg-wpa/wpasupplicant/trunk/src/eap_peer/eap_fast.c?rev=1342&op=diff
==============================================================================
--- wpasupplicant/trunk/src/eap_peer/eap_fast.c (original)
+++ wpasupplicant/trunk/src/eap_peer/eap_fast.c Mon Mar 23 15:40:04 2009
@@ -918,10 +918,7 @@
entry->a_id_info_len = len;
break;
case PAC_TYPE_PAC_TYPE:
- /*
- * draft-cam-winget-eap-fast-provisioning-04.txt,
- * Section 4.2.6 - PAC-Type TLV
- */
+ /* RFC 5422, Section 4.2.6 - PAC-Type TLV */
if (len != 2) {
wpa_printf(MSG_INFO, "EAP-FAST: Invalid PAC-Type "
"length %lu (expected 2)",
@@ -961,7 +958,7 @@
size_t left, len;
int type;
- /* draft-cam-winget-eap-fast-provisioning-04.txt, Section 4.2.4 */
+ /* RFC 5422, Section 4.2.4 */
/* PAC-Type defaults to Tunnel PAC (Type 1) */
entry->pac_type = PAC_TYPE_TUNNEL_PAC;
Modified: wpasupplicant/trunk/src/eap_peer/eap_gpsk.c
URL: http://svn.debian.org/wsvn/pkg-wpa/wpasupplicant/trunk/src/eap_peer/eap_gpsk.c?rev=1342&op=diff
==============================================================================
--- wpasupplicant/trunk/src/eap_peer/eap_gpsk.c (original)
+++ wpasupplicant/trunk/src/eap_peer/eap_gpsk.c Mon Mar 23 15:40:04 2009
@@ -1,5 +1,5 @@
/*
- * EAP peer method: EAP-GPSK (draft-ietf-emu-eap-gpsk-08.txt)
+ * EAP peer method: EAP-GPSK (RFC 5433)
* Copyright (c) 2006-2008, Jouni Malinen <j at w1.fi>
*
* This program is free software; you can redistribute it and/or modify
Modified: wpasupplicant/trunk/src/eap_peer/eap_tnc.c
URL: http://svn.debian.org/wsvn/pkg-wpa/wpasupplicant/trunk/src/eap_peer/eap_tnc.c?rev=1342&op=diff
==============================================================================
--- wpasupplicant/trunk/src/eap_peer/eap_tnc.c (original)
+++ wpasupplicant/trunk/src/eap_peer/eap_tnc.c Mon Mar 23 15:40:04 2009
@@ -295,7 +295,7 @@
wpa_printf(MSG_DEBUG, "EAP-TNC: Server did not use "
"start flag in the first message");
ret->ignore = TRUE;
- return NULL;
+ goto fail;
}
tncc_init_connection(data->tncc);
@@ -308,7 +308,7 @@
wpa_printf(MSG_DEBUG, "EAP-TNC: Server used start "
"flag again");
ret->ignore = TRUE;
- return NULL;
+ goto fail;
}
res = tncc_process_if_tnccs(data->tncc,
@@ -317,7 +317,7 @@
switch (res) {
case TNCCS_PROCESS_ERROR:
ret->ignore = TRUE;
- return NULL;
+ goto fail;
case TNCCS_PROCESS_OK_NO_RECOMMENDATION:
case TNCCS_RECOMMENDATION_ERROR:
wpa_printf(MSG_DEBUG, "EAP-TNC: No "
@@ -404,6 +404,11 @@
data->out_buf = resp;
data->state = PROC_MSG;
return eap_tnc_build_msg(data, ret, id);
+
+fail:
+ if (data->in_buf == &tmpbuf)
+ data->in_buf = NULL;
+ return NULL;
}
Modified: wpasupplicant/trunk/src/eap_server/eap.c
URL: http://svn.debian.org/wsvn/pkg-wpa/wpasupplicant/trunk/src/eap_server/eap.c?rev=1342&op=diff
==============================================================================
--- wpasupplicant/trunk/src/eap_server/eap.c (original)
+++ wpasupplicant/trunk/src/eap_server/eap.c Mon Mar 23 15:40:04 2009
@@ -573,6 +573,13 @@
}
sm->eap_if.eapSuccess = TRUE;
+
+ /*
+ * Start reauthentication with identity request even though we know the
+ * previously used identity. This is needed to get reauthentication
+ * started properly.
+ */
+ sm->start_reauth = TRUE;
}
@@ -1070,7 +1077,7 @@
static int eap_sm_Policy_getDecision(struct eap_sm *sm)
{
- if (!sm->eap_server && sm->identity) {
+ if (!sm->eap_server && sm->identity && !sm->start_reauth) {
wpa_printf(MSG_DEBUG, "EAP: getDecision: -> PASSTHROUGH");
return DECISION_PASSTHROUGH;
}
@@ -1091,7 +1098,8 @@
return DECISION_FAILURE;
}
- if ((sm->user == NULL || sm->update_user) && sm->identity) {
+ if ((sm->user == NULL || sm->update_user) && sm->identity &&
+ !sm->start_reauth) {
/*
* Allow Identity method to be started once to allow identity
* selection hint to be sent from the authentication server,
@@ -1118,6 +1126,7 @@
}
sm->update_user = FALSE;
}
+ sm->start_reauth = FALSE;
if (sm->user && sm->user_eap_method_index < EAP_MAX_METHODS &&
(sm->user->methods[sm->user_eap_method_index].vendor !=
Modified: wpasupplicant/trunk/src/eap_server/eap_gpsk.c
URL: http://svn.debian.org/wsvn/pkg-wpa/wpasupplicant/trunk/src/eap_server/eap_gpsk.c?rev=1342&op=diff
==============================================================================
--- wpasupplicant/trunk/src/eap_server/eap_gpsk.c (original)
+++ wpasupplicant/trunk/src/eap_server/eap_gpsk.c Mon Mar 23 15:40:04 2009
@@ -1,5 +1,5 @@
/*
- * hostapd / EAP-GPSK (draft-ietf-emu-eap-gpsk-08.txt) server
+ * hostapd / EAP-GPSK (RFC 5433) server
* Copyright (c) 2006-2007, Jouni Malinen <j at w1.fi>
*
* This program is free software; you can redistribute it and/or modify
Modified: wpasupplicant/trunk/src/eap_server/eap_i.h
URL: http://svn.debian.org/wsvn/pkg-wpa/wpasupplicant/trunk/src/eap_server/eap_i.h?rev=1342&op=diff
==============================================================================
--- wpasupplicant/trunk/src/eap_server/eap_i.h (original)
+++ wpasupplicant/trunk/src/eap_server/eap_i.h Mon Mar 23 15:40:04 2009
@@ -183,6 +183,8 @@
int tnc;
struct wps_context *wps;
struct wpabuf *assoc_wps_ie;
+
+ Boolean start_reauth;
};
int eap_user_get(struct eap_sm *sm, const u8 *identity, size_t identity_len,
Modified: wpasupplicant/trunk/src/eap_server/eap_tnc.c
URL: http://svn.debian.org/wsvn/pkg-wpa/wpasupplicant/trunk/src/eap_server/eap_tnc.c?rev=1342&op=diff
==============================================================================
--- wpasupplicant/trunk/src/eap_server/eap_tnc.c (original)
+++ wpasupplicant/trunk/src/eap_server/eap_tnc.c Mon Mar 23 15:40:04 2009
@@ -500,7 +500,7 @@
static Boolean eap_tnc_isDone(struct eap_sm *sm, void *priv)
{
struct eap_tnc_data *data = priv;
- return data->state == DONE;
+ return data->state == DONE || data->state == FAIL;
}
Modified: wpasupplicant/trunk/src/eap_server/eap_ttls.c
URL: http://svn.debian.org/wsvn/pkg-wpa/wpasupplicant/trunk/src/eap_server/eap_ttls.c?rev=1342&op=diff
==============================================================================
--- wpasupplicant/trunk/src/eap_server/eap_ttls.c (original)
+++ wpasupplicant/trunk/src/eap_server/eap_ttls.c Mon Mar 23 15:40:04 2009
@@ -954,7 +954,7 @@
sm->init_phase2 = 1;
data->phase2_priv = data->phase2_method->init(sm);
sm->init_phase2 = 0;
- return 0;
+ return data->phase2_priv == NULL ? -1 : 0;
}
@@ -1045,6 +1045,11 @@
next_type = sm->user->methods[0].method;
sm->user_eap_method_index = 1;
wpa_printf(MSG_DEBUG, "EAP-TTLS: try EAP type %d", next_type);
+ if (eap_ttls_phase2_eap_init(sm, data, next_type)) {
+ wpa_printf(MSG_DEBUG, "EAP-TTLS: Failed to initialize "
+ "EAP type %d", next_type);
+ eap_ttls_state(data, FAILURE);
+ }
break;
case PHASE2_METHOD:
if (data->ttls_version > 0) {
@@ -1065,12 +1070,6 @@
wpa_printf(MSG_DEBUG, "EAP-TTLS: %s - unexpected state %d",
__func__, data->state);
break;
- }
-
- if (eap_ttls_phase2_eap_init(sm, data, next_type)) {
- wpa_printf(MSG_DEBUG, "EAP-TTLS: Failed to initialize EAP "
- "type %d", next_type);
- eap_ttls_state(data, FAILURE);
}
}
Modified: wpasupplicant/trunk/src/eapol_supp/eapol_supp_sm.c
URL: http://svn.debian.org/wsvn/pkg-wpa/wpasupplicant/trunk/src/eapol_supp/eapol_supp_sm.c?rev=1342&op=diff
==============================================================================
--- wpasupplicant/trunk/src/eapol_supp/eapol_supp_sm.c (original)
+++ wpasupplicant/trunk/src/eapol_supp/eapol_supp_sm.c Mon Mar 23 15:40:04 2009
@@ -282,7 +282,12 @@
* delay authentication. Use a short timeout to send the first
* EAPOL-Start if Authenticator does not start authentication.
*/
+#ifdef CONFIG_WPS
+ /* Reduce latency on starting WPS negotiation. */
+ sm->startWhen = 1;
+#else /* CONFIG_WPS */
sm->startWhen = 3;
+#endif /* CONFIG_WPS */
}
eapol_enable_timer_tick(sm);
sm->eapolEap = FALSE;
Modified: wpasupplicant/trunk/src/l2_packet/l2_packet_linux.c
URL: http://svn.debian.org/wsvn/pkg-wpa/wpasupplicant/trunk/src/l2_packet/l2_packet_linux.c?rev=1342&op=diff
==============================================================================
--- wpasupplicant/trunk/src/l2_packet/l2_packet_linux.c (original)
+++ wpasupplicant/trunk/src/l2_packet/l2_packet_linux.c Mon Mar 23 15:40:04 2009
@@ -115,6 +115,7 @@
os_free(l2);
return NULL;
}
+ os_memset(&ifr, 0, sizeof(ifr));
os_strlcpy(ifr.ifr_name, l2->ifname, sizeof(ifr.ifr_name));
if (ioctl(l2->fd, SIOCGIFINDEX, &ifr) < 0) {
perror("ioctl[SIOCGIFINDEX]");
Modified: wpasupplicant/trunk/src/rsn_supp/wpa.c
URL: http://svn.debian.org/wsvn/pkg-wpa/wpasupplicant/trunk/src/rsn_supp/wpa.c?rev=1342&op=diff
==============================================================================
--- wpasupplicant/trunk/src/rsn_supp/wpa.c (original)
+++ wpasupplicant/trunk/src/rsn_supp/wpa.c Mon Mar 23 15:40:04 2009
@@ -1468,9 +1468,9 @@
key_info = WPA_GET_BE16(key->key_info);
ver = key_info & WPA_KEY_INFO_TYPE_MASK;
if (ver != WPA_KEY_INFO_TYPE_HMAC_MD5_RC4 &&
-#ifdef CONFIG_IEEE80211R
+#if defined(CONFIG_IEEE80211R) || defined(CONFIG_IEEE80211W)
ver != WPA_KEY_INFO_TYPE_AES_128_CMAC &&
-#endif /* CONFIG_IEEE80211R */
+#endif /* CONFIG_IEEE80211R || CONFIG_IEEE80211W */
ver != WPA_KEY_INFO_TYPE_HMAC_SHA1_AES) {
wpa_printf(MSG_INFO, "WPA: Unsupported EAPOL-Key descriptor "
"version %d.", ver);
Modified: wpasupplicant/trunk/src/tls/tlsv1_client.c
URL: http://svn.debian.org/wsvn/pkg-wpa/wpasupplicant/trunk/src/tls/tlsv1_client.c?rev=1342&op=diff
==============================================================================
--- wpasupplicant/trunk/src/tls/tlsv1_client.c (original)
+++ wpasupplicant/trunk/src/tls/tlsv1_client.c Mon Mar 23 15:40:04 2009
@@ -620,6 +620,17 @@
suites[count++] = TLS_DH_anon_WITH_3DES_EDE_CBC_SHA;
suites[count++] = TLS_DH_anon_WITH_RC4_128_MD5;
suites[count++] = TLS_DH_anon_WITH_DES_CBC_SHA;
+
+ /*
+ * Cisco AP (at least 350 and 1200 series) local authentication
+ * server does not know how to search cipher suites from the
+ * list and seem to require that the last entry in the list is
+ * the one that it wants to use. However, TLS specification
+ * requires the list to be in the client preference order. As a
+ * workaround, ass anon-DH AES-128-SHA1 again at the end of the
+ * list to allow the Cisco code to find it.
+ */
+ suites[count++] = TLS_DH_anon_WITH_AES_128_CBC_SHA;
conn->num_cipher_suites = count;
}
Modified: wpasupplicant/trunk/src/wps/wps.h
URL: http://svn.debian.org/wsvn/pkg-wpa/wpasupplicant/trunk/src/wps/wps.h?rev=1342&op=diff
==============================================================================
--- wpasupplicant/trunk/src/wps/wps.h (original)
+++ wpasupplicant/trunk/src/wps/wps.h Mon Mar 23 15:40:04 2009
@@ -266,6 +266,11 @@
* to be set with a suitable Credential and skip_cred_build being used.
*/
int disable_auto_conf;
+
+ /**
+ * static_wep_only - Whether the BSS supports only static WEP
+ */
+ int static_wep_only;
};
Modified: wpasupplicant/trunk/src/wps/wps_enrollee.c
URL: http://svn.debian.org/wsvn/pkg-wpa/wpasupplicant/trunk/src/wps/wps_enrollee.c?rev=1342&op=diff
==============================================================================
--- wpasupplicant/trunk/src/wps/wps_enrollee.c (original)
+++ wpasupplicant/trunk/src/wps/wps_enrollee.c Mon Mar 23 15:40:04 2009
@@ -41,7 +41,7 @@
state);
wpabuf_put_be16(msg, ATTR_WPS_STATE);
wpabuf_put_be16(msg, 1);
- wpabuf_put_u8(msg, WPS_STATE_NOT_CONFIGURED);
+ wpabuf_put_u8(msg, state);
return 0;
}
Modified: wpasupplicant/trunk/src/wps/wps_registrar.c
URL: http://svn.debian.org/wsvn/pkg-wpa/wpasupplicant/trunk/src/wps/wps_registrar.c?rev=1342&op=diff
==============================================================================
--- wpasupplicant/trunk/src/wps/wps_registrar.c (original)
+++ wpasupplicant/trunk/src/wps/wps_registrar.c Mon Mar 23 15:40:04 2009
@@ -98,6 +98,7 @@
int disable_auto_conf;
int sel_reg_dev_password_id_override;
int sel_reg_config_methods_override;
+ int static_wep_only;
};
@@ -376,6 +377,7 @@
reg->disable_auto_conf = cfg->disable_auto_conf;
reg->sel_reg_dev_password_id_override = -1;
reg->sel_reg_config_methods_override = -1;
+ reg->static_wep_only = cfg->static_wep_only;
if (wps_set_ie(reg)) {
wps_registrar_deinit(reg);
@@ -775,6 +777,28 @@
wpabuf_free(beacon);
wpabuf_free(probe);
return -1;
+ }
+
+ if (reg->static_wep_only) {
+ /*
+ * Windows XP and Vista clients can get confused about
+ * EAP-Identity/Request when they probe the network with
+ * EAPOL-Start. In such a case, they may assume the network is
+ * using IEEE 802.1X and prompt user for a certificate while
+ * the correct (non-WPS) behavior would be to ask for the
+ * static WEP key. As a workaround, use Microsoft Provisioning
+ * IE to advertise that legacy 802.1X is not supported.
+ */
+ const u8 ms_wps[7] = {
+ WLAN_EID_VENDOR_SPECIFIC, 5,
+ /* Microsoft Provisioning IE (00:50:f2:5) */
+ 0x00, 0x50, 0xf2, 5,
+ 0x00 /* no legacy 802.1X or MS WPS */
+ };
+ wpa_printf(MSG_DEBUG, "WPS: Add Microsoft Provisioning IE "
+ "into Beacon/Probe Response frames");
+ wpabuf_put_data(beacon, ms_wps, sizeof(ms_wps));
+ wpabuf_put_data(probe, ms_wps, sizeof(ms_wps));
}
ret = wps_cb_set_ie(reg, beacon, probe);
@@ -2401,7 +2425,6 @@
* wps_registrar_set_selected_registrar - Notification of SetSelectedRegistrar
* @reg: Registrar data from wps_registrar_init()
* @msg: Received message from SetSelectedRegistrar
- * @msg_len: Length of msg in octets
* Returns: 0 on success, -1 on failure
*
* This function is called when an AP receives a SetSelectedRegistrar UPnP
Modified: wpasupplicant/trunk/src/wps/wps_upnp.c
URL: http://svn.debian.org/wsvn/pkg-wpa/wpasupplicant/trunk/src/wps/wps_upnp.c?rev=1342&op=diff
==============================================================================
--- wpasupplicant/trunk/src/wps/wps_upnp.c (original)
+++ wpasupplicant/trunk/src/wps/wps_upnp.c Mon Mar 23 15:40:04 2009
@@ -832,6 +832,50 @@
}
+#ifdef __FreeBSD__
+#include <sys/sysctl.h>
+#include <net/route.h>
+#include <net/if_dl.h>
+
+static int eth_get(const char *device, u8 ea[ETH_ALEN])
+{
+ struct if_msghdr *ifm;
+ struct sockaddr_dl *sdl;
+ u_char *p, *buf;
+ size_t len;
+ int mib[] = { CTL_NET, AF_ROUTE, 0, AF_LINK, NET_RT_IFLIST, 0 };
+
+ if (sysctl(mib, 6, NULL, &len, NULL, 0) < 0)
+ return -1;
+ if ((buf = os_malloc(len)) == NULL)
+ return -1;
+ if (sysctl(mib, 6, buf, &len, NULL, 0) < 0) {
+ os_free(buf);
+ return -1;
+ }
+ for (p = buf; p < buf + len; p += ifm->ifm_msglen) {
+ ifm = (struct if_msghdr *)p;
+ sdl = (struct sockaddr_dl *)(ifm + 1);
+ if (ifm->ifm_type != RTM_IFINFO ||
+ (ifm->ifm_addrs & RTA_IFP) == 0)
+ continue;
+ if (sdl->sdl_family != AF_LINK || sdl->sdl_nlen == 0 ||
+ os_memcmp(sdl->sdl_data, device, sdl->sdl_nlen) != 0)
+ continue;
+ os_memcpy(ea, LLADDR(sdl), sdl->sdl_alen);
+ break;
+ }
+ os_free(buf);
+
+ if (p >= buf + len) {
+ errno = ESRCH;
+ return -1;
+ }
+ return 0;
+}
+#endif /* __FreeBSD__ */
+
+
/**
* get_netif_info - Get hw and IP addresses for network device
* @net_if: Selected network interface name
@@ -870,6 +914,7 @@
in_addr.s_addr = *ip_addr;
os_snprintf(*ip_addr_text, 16, "%s", inet_ntoa(in_addr));
+#ifdef __linux__
os_strlcpy(req.ifr_name, net_if, sizeof(req.ifr_name));
if (ioctl(sock, SIOCGIFHWADDR, &req) < 0) {
wpa_printf(MSG_ERROR, "WPS UPnP: SIOCGIFHWADDR failed: "
@@ -877,6 +922,14 @@
goto fail;
}
os_memcpy(mac, req.ifr_addr.sa_data, 6);
+#elif defined(__FreeBSD__)
+ if (eth_get(net_if, mac) < 0) {
+ wpa_printf(MSG_ERROR, "WPS UPnP: Failed to get MAC address");
+ goto fail;
+ }
+#else
+#error MAC address fetch not implemented
+#endif
os_snprintf(*mac_addr_text, 18, MACSTR, MAC2STR(req.ifr_addr.sa_data));
close(sock);
Modified: wpasupplicant/trunk/src/wps/wps_upnp_ssdp.c
URL: http://svn.debian.org/wsvn/pkg-wpa/wpasupplicant/trunk/src/wps/wps_upnp_ssdp.c?rev=1342&op=diff
==============================================================================
--- wpasupplicant/trunk/src/wps/wps_upnp_ssdp.c (original)
+++ wpasupplicant/trunk/src/wps/wps_upnp_ssdp.c Mon Mar 23 15:40:04 2009
@@ -784,6 +784,7 @@
*/
int add_ssdp_network(char *net_if)
{
+#ifdef __linux__
int ret = -1;
int sock = -1;
struct rtentry rt;
@@ -826,6 +827,9 @@
close(sock);
return ret;
+#else /* __linux__ */
+ return 0;
+#endif /* __linux__ */
}
Modified: wpasupplicant/trunk/wpa_supplicant/ChangeLog
URL: http://svn.debian.org/wsvn/pkg-wpa/wpasupplicant/trunk/wpa_supplicant/ChangeLog?rev=1342&op=diff
==============================================================================
--- wpasupplicant/trunk/wpa_supplicant/ChangeLog (original)
+++ wpasupplicant/trunk/wpa_supplicant/ChangeLog Mon Mar 23 15:40:04 2009
@@ -1,4 +1,10 @@
ChangeLog for wpa_supplicant
+
+2009-03-23 - v0.6.9
+ * driver_ndis: add PAE group address to the multicast address list to
+ fix wired IEEE 802.1X authentication
+ * fixed IEEE 802.11r key derivation function to match with the standard
+ (note: this breaks interoperability with previous version) [Bug 303]
2009-02-15 - v0.6.8
* increased wpa_cli ping interval to 5 seconds and made this
Modified: wpasupplicant/trunk/wpa_supplicant/Makefile
URL: http://svn.debian.org/wsvn/pkg-wpa/wpasupplicant/trunk/wpa_supplicant/Makefile?rev=1342&op=diff
==============================================================================
--- wpasupplicant/trunk/wpa_supplicant/Makefile (original)
+++ wpasupplicant/trunk/wpa_supplicant/Makefile Mon Mar 23 15:40:04 2009
@@ -461,6 +461,7 @@
OBJS_h += ../src/eap_server/eap_fast.o
endif
TLS_FUNCS=y
+CONFIG_IEEE8021X_EAPOL=y
NEED_T_PRF=y
endif
@@ -526,6 +527,7 @@
NEED_DH_GROUPS=y
NEED_SHA256=y
NEED_BASE64=y
+NEED_CRYPTO=y
ifdef CONFIG_WPS_UPNP
CFLAGS += -DCONFIG_WPS_UPNP
@@ -574,7 +576,9 @@
OBJS += ../src/eap_peer/tncc.o
NEED_BASE64=y
ifndef CONFIG_NATIVE_WINDOWS
+ifndef CONFIG_DRIVER_BSD
LIBS += -ldl
+endif
endif
endif
@@ -691,23 +695,14 @@
OBJS += ../src/tls/tlsv1_common.o ../src/tls/tlsv1_record.o
OBJS += ../src/tls/tlsv1_cred.o ../src/tls/tlsv1_client.o
OBJS += ../src/tls/tlsv1_client_write.o ../src/tls/tlsv1_client_read.o
-OBJS += ../src/tls/asn1.o ../src/tls/x509v3.o
-OBJS_p += ../src/tls/asn1.o
+OBJS += ../src/tls/asn1.o ../src/tls/rsa.o ../src/tls/x509v3.o
+OBJS_p += ../src/tls/asn1.o ../src/tls/rsa.o
OBJS_p += ../src/crypto/rc4.o ../src/crypto/aes_wrap.o ../src/crypto/aes.o
NEED_BASE64=y
NEED_TLS_PRF=y
CFLAGS += -DCONFIG_TLS_INTERNAL
CFLAGS += -DCONFIG_TLS_INTERNAL_CLIENT
ifeq ($(CONFIG_CRYPTO), internal)
-ifdef CONFIG_INTERNAL_LIBTOMMATH
-CFLAGS += -DCONFIG_INTERNAL_LIBTOMMATH
-ifdef CONFIG_INTERNAL_LIBTOMMATH_FAST
-CFLAGS += -DLTM_FAST
-endif
-else
-LIBS += -ltommath
-LIBS_p += -ltommath
-endif
endif
ifeq ($(CONFIG_CRYPTO), libtomcrypt)
LIBS += -ltomcrypt -ltfm
@@ -792,9 +787,18 @@
CONFIG_INTERNAL_SHA256=y
endif
ifeq ($(CONFIG_CRYPTO), internal)
-OBJS += ../src/crypto/crypto_internal.o ../src/tls/rsa.o ../src/tls/bignum.o
-OBJS_p += ../src/crypto/crypto_internal.o ../src/tls/rsa.o ../src/tls/bignum.o
+OBJS += ../src/crypto/crypto_internal.o ../src/tls/bignum.o
+OBJS_p += ../src/crypto/crypto_internal.o ../src/tls/bignum.o
CFLAGS += -DCONFIG_CRYPTO_INTERNAL
+ifdef CONFIG_INTERNAL_LIBTOMMATH
+CFLAGS += -DCONFIG_INTERNAL_LIBTOMMATH
+ifdef CONFIG_INTERNAL_LIBTOMMATH_FAST
+CFLAGS += -DLTM_FAST
+endif
+else
+LIBS += -ltommath
+LIBS_p += -ltommath
+endif
CONFIG_INTERNAL_AES=y
CONFIG_INTERNAL_DES=y
CONFIG_INTERNAL_SHA1=y
Modified: wpasupplicant/trunk/wpa_supplicant/ctrl_iface_unix.c
URL: http://svn.debian.org/wsvn/pkg-wpa/wpasupplicant/trunk/wpa_supplicant/ctrl_iface_unix.c?rev=1342&op=diff
==============================================================================
--- wpasupplicant/trunk/wpa_supplicant/ctrl_iface_unix.c (original)
+++ wpasupplicant/trunk/wpa_supplicant/ctrl_iface_unix.c Mon Mar 23 15:40:04 2009
@@ -16,6 +16,7 @@
#include <sys/un.h>
#include <sys/stat.h>
#include <grp.h>
+#include <stddef.h>
#include "common.h"
#include "eloop.h"
@@ -69,7 +70,8 @@
dst->next = priv->ctrl_dst;
priv->ctrl_dst = dst;
wpa_hexdump(MSG_DEBUG, "CTRL_IFACE monitor attached",
- (u8 *) from->sun_path, fromlen - sizeof(from->sun_family));
+ (u8 *) from->sun_path,
+ fromlen - offsetof(struct sockaddr_un, sun_path));
return 0;
}
@@ -84,7 +86,8 @@
while (dst) {
if (fromlen == dst->addrlen &&
os_memcmp(from->sun_path, dst->addr.sun_path,
- fromlen - sizeof(from->sun_family)) == 0) {
+ fromlen - offsetof(struct sockaddr_un, sun_path))
+ == 0) {
if (prev == NULL)
priv->ctrl_dst = dst->next;
else
@@ -92,7 +95,8 @@
os_free(dst);
wpa_hexdump(MSG_DEBUG, "CTRL_IFACE monitor detached",
(u8 *) from->sun_path,
- fromlen - sizeof(from->sun_family));
+ fromlen -
+ offsetof(struct sockaddr_un, sun_path));
return 0;
}
prev = dst;
@@ -115,10 +119,12 @@
while (dst) {
if (fromlen == dst->addrlen &&
os_memcmp(from->sun_path, dst->addr.sun_path,
- fromlen - sizeof(from->sun_family)) == 0) {
+ fromlen - offsetof(struct sockaddr_un, sun_path))
+ == 0) {
wpa_hexdump(MSG_DEBUG, "CTRL_IFACE changed monitor "
"level", (u8 *) from->sun_path,
- fromlen - sizeof(from->sun_family));
+ fromlen -
+ offsetof(struct sockaddr_un, sun_path));
dst->debug_level = atoi(level);
return 0;
}
@@ -339,6 +345,9 @@
}
os_memset(&addr, 0, sizeof(addr));
+#ifdef __FreeBSD__
+ addr.sun_len = sizeof(addr);
+#endif /* __FreeBSD__ */
addr.sun_family = AF_UNIX;
fname = wpa_supplicant_ctrl_iface_path(wpa_s);
if (fname == NULL)
@@ -510,13 +519,16 @@
if (level >= dst->debug_level) {
wpa_hexdump(MSG_DEBUG, "CTRL_IFACE monitor send",
(u8 *) dst->addr.sun_path, dst->addrlen -
- sizeof(dst->addr.sun_family));
+ offsetof(struct sockaddr_un, sun_path));
msg.msg_name = (void *) &dst->addr;
msg.msg_namelen = dst->addrlen;
if (sendmsg(priv->sock, &msg, 0) < 0) {
- perror("sendmsg(CTRL_IFACE monitor)");
+ int _errno = errno;
+ wpa_printf(MSG_INFO, "CTRL_IFACE monitor[%d]: "
+ "%d - %s",
+ idx, errno, strerror(errno));
dst->errors++;
- if (dst->errors > 10) {
+ if (dst->errors > 10 || _errno == ENOENT) {
wpa_supplicant_ctrl_iface_detach(
priv, &dst->addr,
dst->addrlen);
@@ -637,6 +649,9 @@
}
os_memset(&addr, 0, sizeof(addr));
+#ifdef __FreeBSD__
+ addr.sun_len = sizeof(addr);
+#endif /* __FreeBSD__ */
addr.sun_family = AF_UNIX;
os_strlcpy(addr.sun_path, global->params.ctrl_interface,
sizeof(addr.sun_path));
Modified: wpasupplicant/trunk/wpa_supplicant/eapol_test.c
URL: http://svn.debian.org/wsvn/pkg-wpa/wpasupplicant/trunk/wpa_supplicant/eapol_test.c?rev=1342&op=diff
==============================================================================
--- wpasupplicant/trunk/wpa_supplicant/eapol_test.c (original)
+++ wpasupplicant/trunk/wpa_supplicant/eapol_test.c Mon Mar 23 15:40:04 2009
@@ -617,7 +617,8 @@
static void ieee802_1x_get_keys(struct eapol_test_data *e,
struct radius_msg *msg, struct radius_msg *req,
- u8 *shared_secret, size_t shared_secret_len)
+ const u8 *shared_secret,
+ size_t shared_secret_len)
{
struct radius_ms_mppe_keys *keys;
@@ -664,7 +665,7 @@
/* Process the RADIUS frames from Authentication Server */
static RadiusRxResult
ieee802_1x_receive_auth(struct radius_msg *msg, struct radius_msg *req,
- u8 *shared_secret, size_t shared_secret_len,
+ const u8 *shared_secret, size_t shared_secret_len,
void *data)
{
struct eapol_test_data *e = data;
Modified: wpasupplicant/trunk/wpa_supplicant/events.c
URL: http://svn.debian.org/wsvn/pkg-wpa/wpasupplicant/trunk/wpa_supplicant/events.c?rev=1342&op=diff
==============================================================================
--- wpasupplicant/trunk/wpa_supplicant/events.c (original)
+++ wpasupplicant/trunk/wpa_supplicant/events.c Mon Mar 23 15:40:04 2009
@@ -250,6 +250,11 @@
if (ssid->mixed_cell)
return 1;
+
+#ifdef CONFIG_WPS
+ if (ssid->key_mgmt & WPA_KEY_MGMT_WPS)
+ return 1;
+#endif /* CONFIG_WPS */
for (i = 0; i < NUM_WEP_KEYS; i++) {
if (ssid->wep_key_len[i]) {
Modified: wpasupplicant/trunk/wpa_supplicant/wps_supplicant.c
URL: http://svn.debian.org/wsvn/pkg-wpa/wpasupplicant/trunk/wpa_supplicant/wps_supplicant.c?rev=1342&op=diff
==============================================================================
--- wpasupplicant/trunk/wpa_supplicant/wps_supplicant.c (original)
+++ wpasupplicant/trunk/wpa_supplicant/wps_supplicant.c Mon Mar 23 15:40:04 2009
@@ -26,6 +26,7 @@
#include "ctrl_iface_dbus.h"
#include "eap_common/eap_wsc_common.h"
#include "blacklist.h"
+#include "wpa.h"
#include "wps_supplicant.h"
#define WPS_PIN_SCAN_IGNORE_SEL_REG 3
@@ -83,11 +84,108 @@
}
+static void wpas_wps_security_workaround(struct wpa_supplicant *wpa_s,
+ struct wpa_ssid *ssid,
+ const struct wps_credential *cred)
+{
+ struct wpa_driver_capa capa;
+ size_t i;
+ struct wpa_scan_res *bss;
+ const u8 *ie;
+ struct wpa_ie_data adv;
+ int wpa2 = 0, ccmp = 0;
+
+ /*
+ * Many existing WPS APs do not know how to negotiate WPA2 or CCMP in
+ * case they are configured for mixed mode operation (WPA+WPA2 and
+ * TKIP+CCMP). Try to use scan results to figure out whether the AP
+ * actually supports stronger security and select that if the client
+ * has support for it, too.
+ */
+
+ if (wpa_drv_get_capa(wpa_s, &capa))
+ return; /* Unknown what driver supports */
+
+ if (wpa_supplicant_get_scan_results(wpa_s) || wpa_s->scan_res == NULL)
+ return; /* Could not get scan results for checking advertised
+ * parameters */
+
+ for (i = 0; i < wpa_s->scan_res->num; i++) {
+ bss = wpa_s->scan_res->res[i];
+ if (os_memcmp(bss->bssid, cred->mac_addr, ETH_ALEN) != 0)
+ continue;
+ ie = wpa_scan_get_ie(bss, WLAN_EID_SSID);
+ if (ie == NULL)
+ continue;
+ if (ie[1] != ssid->ssid_len || ssid->ssid == NULL ||
+ os_memcmp(ie + 2, ssid->ssid, ssid->ssid_len) != 0)
+ continue;
+
+ wpa_printf(MSG_DEBUG, "WPS: AP found from scan results");
+ break;
+ }
+
+ if (i == wpa_s->scan_res->num) {
+ wpa_printf(MSG_DEBUG, "WPS: The AP was not found from scan "
+ "results - use credential as-is");
+ return;
+ }
+
+ ie = wpa_scan_get_ie(bss, WLAN_EID_RSN);
+ if (ie && wpa_parse_wpa_ie(ie, 2 + ie[1], &adv) == 0) {
+ wpa2 = 1;
+ if (adv.pairwise_cipher & WPA_CIPHER_CCMP)
+ ccmp = 1;
+ } else {
+ ie = wpa_scan_get_vendor_ie(bss, WPA_IE_VENDOR_TYPE);
+ if (ie && wpa_parse_wpa_ie(ie, 2 + ie[1], &adv) == 0 &&
+ adv.pairwise_cipher & WPA_CIPHER_CCMP)
+ ccmp = 1;
+ }
+
+ if (ie == NULL && (ssid->proto & WPA_PROTO_WPA) &&
+ (ssid->pairwise_cipher & WPA_CIPHER_TKIP)) {
+ /*
+ * TODO: This could be the initial AP configuration and the
+ * Beacon contents could change shortly. Should request a new
+ * scan and delay addition of the network until the updated
+ * scan results are available.
+ */
+ wpa_printf(MSG_DEBUG, "WPS: The AP did not yet advertise WPA "
+ "support - use credential as-is");
+ return;
+ }
+
+ if (ccmp && !(ssid->pairwise_cipher & WPA_CIPHER_CCMP) &&
+ (ssid->pairwise_cipher & WPA_CIPHER_TKIP) &&
+ (capa.key_mgmt & WPA_DRIVER_CAPA_KEY_MGMT_WPA2_PSK)) {
+ wpa_printf(MSG_DEBUG, "WPS: Add CCMP into the credential "
+ "based on scan results");
+ if (wpa_s->conf->ap_scan == 1)
+ ssid->pairwise_cipher |= WPA_CIPHER_CCMP;
+ else
+ ssid->pairwise_cipher = WPA_CIPHER_CCMP;
+ }
+
+ if (wpa2 && !(ssid->proto & WPA_PROTO_RSN) &&
+ (ssid->proto & WPA_PROTO_WPA) &&
+ (capa.enc & WPA_DRIVER_CAPA_ENC_CCMP)) {
+ wpa_printf(MSG_DEBUG, "WPS: Add WPA2 into the credential "
+ "based on scan results");
+ if (wpa_s->conf->ap_scan == 1)
+ ssid->proto |= WPA_PROTO_RSN;
+ else
+ ssid->proto = WPA_PROTO_RSN;
+ }
+}
+
+
static int wpa_supplicant_wps_cred(void *ctx,
const struct wps_credential *cred)
{
struct wpa_supplicant *wpa_s = ctx;
struct wpa_ssid *ssid = wpa_s->current_ssid;
+ u8 key_idx = 0;
if ((wpa_s->conf->wps_cred_processing == 1 ||
wpa_s->conf->wps_cred_processing == 2) && cred->cred_attr) {
@@ -151,13 +249,36 @@
case WPS_ENCR_NONE:
break;
case WPS_ENCR_WEP:
- if (cred->key_len > 0 && cred->key_len <= MAX_WEP_KEY_LEN &&
- cred->key_idx < NUM_WEP_KEYS) {
- os_memcpy(ssid->wep_key[cred->key_idx], cred->key,
+ if (cred->key_len <= 0)
+ break;
+ if (cred->key_len != 5 && cred->key_len != 13 &&
+ cred->key_len != 10 && cred->key_len != 26) {
+ wpa_printf(MSG_ERROR, "WPS: Invalid WEP Key length "
+ "%lu", (unsigned long) cred->key_len);
+ return -1;
+ }
+ if (cred->key_idx > NUM_WEP_KEYS) {
+ wpa_printf(MSG_ERROR, "WPS: Invalid WEP Key index %d",
+ cred->key_idx);
+ return -1;
+ }
+ if (cred->key_idx)
+ key_idx = cred->key_idx - 1;
+ if (cred->key_len == 10 || cred->key_len == 26) {
+ if (hexstr2bin((char *) cred->key,
+ ssid->wep_key[key_idx],
+ cred->key_len / 2) < 0) {
+ wpa_printf(MSG_ERROR, "WPS: Invalid WEP Key "
+ "%d", key_idx);
+ return -1;
+ }
+ ssid->wep_key_len[key_idx] = cred->key_len / 2;
+ } else {
+ os_memcpy(ssid->wep_key[key_idx], cred->key,
cred->key_len);
- ssid->wep_key_len[cred->key_idx] = cred->key_len;
- ssid->wep_tx_keyidx = cred->key_idx;
- }
+ ssid->wep_key_len[key_idx] = cred->key_len;
+ }
+ ssid->wep_tx_keyidx = key_idx;
break;
case WPS_ENCR_TKIP:
ssid->pairwise_cipher = WPA_CIPHER_TKIP;
@@ -225,6 +346,8 @@
}
}
+ wpas_wps_security_workaround(wpa_s, ssid, cred);
+
#ifndef CONFIG_NO_CONFIG_WRITE
if (wpa_s->conf->update_config &&
wpa_config_write(wpa_s->confname, wpa_s->conf)) {
More information about the Pkg-wpa-devel
mailing list