diff options
-rw-r--r-- | MOVED | 1 | ||||
-rw-r--r-- | security/Makefile | 1 | ||||
-rw-r--r-- | security/wpa_supplicant/Makefile | 159 | ||||
-rw-r--r-- | security/wpa_supplicant/distinfo | 2 | ||||
-rw-r--r-- | security/wpa_supplicant/files/Packet32.c | 366 | ||||
-rw-r--r-- | security/wpa_supplicant/files/Packet32.h | 65 | ||||
-rw-r--r-- | security/wpa_supplicant/files/ntddndis.h | 28 | ||||
-rw-r--r-- | security/wpa_supplicant/files/patch-src-l2_packet-l2_packet_freebsd.c | 14 | ||||
-rw-r--r-- | security/wpa_supplicant/files/patch-src_drivers_driver__privsep.c | 20 | ||||
-rw-r--r-- | security/wpa_supplicant/files/patch-src_utils_os__unix.c | 62 | ||||
-rw-r--r-- | security/wpa_supplicant/files/patch-src_wps_wps__upnp.c | 22 | ||||
-rw-r--r-- | security/wpa_supplicant/files/patch-wpa__supplicant_Makefile | 14 | ||||
-rw-r--r-- | security/wpa_supplicant/files/patch-wpa__supplicant_scan.c | 31 | ||||
-rw-r--r-- | security/wpa_supplicant/files/patch-wpa__supplicant_wpa__priv.c | 37 | ||||
-rw-r--r-- | security/wpa_supplicant/files/pkg-message.in | 6 | ||||
-rw-r--r-- | security/wpa_supplicant/pkg-descr | 14 |
16 files changed, 841 insertions, 1 deletions
@@ -130,7 +130,6 @@ misc/kde3-i18n-id||2008-04-25|Has expired: Distfile no longer available, outdate net/dhcp-agent||2008-04-25|Has expired: Dhcp-agent has not been updated since 2003, it does not build with guile-1.8, and it is unmaintained net/ocaml-netclient||2008-04-25|Has expired: is part of ocaml-net graphics/entice||2008-04-25|Has expired: Broken and unmaintained -security/wpa_supplicant||2008-04-26|Obsolete, newer version in base games/glpuzzle|games/jigzo|2008-04-28|Project renamed ftp/greed||2008-04-29|Has expired: No longer maintained x11-themes/gnome-industrial-theme||2008-04-29|Has expired: gnome-themes-extras no longer has industrial engine diff --git a/security/Makefile b/security/Makefile index c45081f4bb89..46a7b122b350 100644 --- a/security/Makefile +++ b/security/Makefile @@ -1011,6 +1011,7 @@ SUBDIR += webshag SUBDIR += whatweb SUBDIR += wipe + SUBDIR += wpa_supplicant SUBDIR += xca SUBDIR += xinetd SUBDIR += xml-security diff --git a/security/wpa_supplicant/Makefile b/security/wpa_supplicant/Makefile new file mode 100644 index 000000000000..52468a0052c2 --- /dev/null +++ b/security/wpa_supplicant/Makefile @@ -0,0 +1,159 @@ +# $FreeBSD$ + +PORTNAME= wpa_supplicant +PORTVERSION= 2.3 +CATEGORIES= security net +MASTER_SITES= http://w1.fi/releases/ + +MAINTAINER= marino@FreeBSD.org +COMMENT= Supplicant (client) for WPA/802.1x protocols + +USES= gmake readline +USE_OPENSSL= yes +BUILD_WRKSRC= ${WRKSRC}/wpa_supplicant +INSTALL_WRKSRC= ${WRKSRC}/src +LDFLAGS= -lutil + +SUB_FILES= pkg-message +PLIST_FILES= sbin/wpa_supplicant \ + sbin/wpa_passphrase \ + sbin/wpa_cli \ + sbin/wpa_priv \ + "@sample etc/wpa_supplicant.conf.sample" +PORTDOCS= README ChangeLog + +CFG= ${BUILD_WRKSRC}/.config + +OPTIONS_MULTI= DRV EAP +OPTIONS_MULTI_DRV= BSD WIRED NDIS TEST NONE #ROBOSWITCH +OPTIONS_MULTI_EAP= TLS PEAP TTLS MD5 MSCHAPv2 GTC LEAP OTP PSK FAST \ + SIM PWD PAX AKA AKA_PRIME SAKE GPSK TNC IKEv2 EKE +OPTIONS_DEFINE= WPS WPS_ER WPS_NOREG WPS_NFC PKCS12 SMARTCARD \ + HT_OVERRIDES VHT_OVERRIDES TLSV12 IEEE80211W \ + IEEE80211R DEBUG_FILE DEBUG_SYSLOG PRIVSEP \ + DELAYED_MIC IEEE80211N IEEE80211AC INTERWORKING \ + HS20 NO_ROAMING P2P TDLS +OPTIONS_DEFAULT= BSD WIRED NDIS \ + TLS PEAP TTLS MD5 MSCHAPv2 GTC LEAP OTP PSK \ + WPS PKCS12 SMARTCARD IEEE80211R DEBUG_SYSLOG PRIVSEP \ + INTERWORKING HS20 + +WPS_DESC= Wi-Fi Protected Setup +WPS_ER_DESC= Enable WPS External Registrar +WPS_NOREG_DESC= Disable open network credentials when registrar +WPS_NFC_DESC= Near Field Communication (NFC) configuration +PKCS12_DESC= PKCS\#12 (PFS) support +SMARTCARD_DESC= Private key on smartcard support +HT_OVERRIDES_DESC= Disable HT/HT40, mask MCS rates, etc +VHT_OVERRIDES_DESC= Disable VHT, mask MCS rates, etc +TLSV12_DESC= Build with TLS v1.2 instead of TLS v1.0 +IEEE80211AC_DESC= Very High Throughput, AP mode (IEEE 802.11ac) +IEEE80211N_DESC= High Throughput, AP mode (IEEE 802.11n) +IEEE80211R_DESC= Fast BSS Transition (IEEE 802.11r-2008) +IEEE80211W_DESC= Management Frame Protection (IEEE 802.11w) +DEBUG_FILE_DESC= Support for writing debug log to a file +DEBUG_SYSLOG_DESC= Send debug messages to syslog instead of stdout +PRIVSEP_DESC= Privilege separation +DELAYED_MIC_DESC= Mitigate TKIP attack, random delay on MIC errors +INTERWORKING_DESC= Improve ext. network interworking (IEEE 802.11u) +HS20_DESC= Hotspot 2.0 +NO_ROAMING_DESC= Disable roaming +P2P_DESC= Peer-to-Peer support +TDLS_DESC= Tunneled Direct Link Setup + +DRV_DESC= Driver options +BSD_DESC= BSD net80211 interface +NDIS_DESC= Windows NDIS interface +WIRED_DESC= Wired ethernet interface +ROBOSWITCH_DESC= Broadcom Roboswitch interface +TEST_DESC= Development testing interface +NONE_DESC= The 'no driver' interface, e.g. WPS ER only + +EAP_DESC= Extensible Authentication Protocols +TLS_DESC= Transport Layer Security +PEAP_DESC= Protected Extensible Authentication Protocol +TTLS_DESC= Tunneled Transport Layer Security +MD5_DESC= MD5 hash (deprecated, no key generation) +MSCHAPv2_DESC= Microsoft CHAP version 2 (RFC 2759) +GTC_DESC= Generic Token Card +LEAP_DESC= Lightweight Extensible Authentication Protocol +OTP_DESC= One-Time Password +PSK_DESC= Pre-Shared key +FAST_DESC= Flexible Authentication via Secure Tunneling +AKA_DESC= Autentication and Key Agreement (UMTS) +AKA_PRIME_DESC= AKA Prime variant (RFC 5448) +EKE_DESC= Encrypted Key Exchange +SIM_DESC= Subscriber Identity Module +IKEv2_DESC= Internet Key Exchange version 2 +PWD_DESC= Shared password (RFC 5931) +PAX_DESC= Password Authenticated Exchange +SAKE_DESC= Shared-Secret Authentication & Key Establishment +GPSK_DESC= Generalized Pre-Shared Key +TNC_DESC= Trusted Network Connect + +.include <bsd.port.options.mk> + +.if ${PORT_OPTIONS:MSIM} || ${PORT_OPTIONS:MAKA} || ${PORT_OPTIONS:MAKA_PRIME} +LIB_DEPENDS+= libpcsclite.so:${PORTSDIR}/devel/pcsc-lite +CFLAGS+= -I${LOCALBASE}/include/PCSC +LDFLAGS+= -L${LOCALBASE}/lib +.endif + +post-patch: + ${CP} ${FILESDIR}/Packet32.[ch] ${FILESDIR}/ntddndis.h \ + ${WRKSRC}/src/utils + # Set driver(s) +.for item in BSD NDIS WIRED ROBOSWITCH TEST NONE +. if ${PORT_OPTIONS:M${item}} + @${ECHO} CONFIG_DRIVER_${item}=y >> ${CFG} +. endif +.endfor + # Set EAP protocol(s) +.for item in MD5 MSCHAPv2 TLS PEAP TTLS FAST GTC OTP PSK PWD PAX LEAP SIM \ + AKA AKA_PRIME SAKE GPSK TNC IKEv2 EKE +. if ${PORT_OPTIONS:M${item}} + @${ECHO} CONFIG_EAP_${item:tu}=y >> ${CFG} +. endif +.endfor +.if ${PORT_OPTIONS:MSIM} || ${PORT_OPTIONS:MAKA} || ${PORT_OPTIONS:MAKA_PRIME} + @${ECHO} CONFIG_PCSC=y >> ${CFG} +.endif +.for simple in WPS WPS_ER WPS_NFC PKCS12 SMARTCARD HT_OVERRIDES \ + VHT_OVERRIDES TLSV12 IEEE80211AC IEEE80211N IEEE80211R IEEE80211W \ + INTERWORKING DEBUG_FILE DEBUG_SYSLOG HS20 NO_ROAMING PRIVSEP P2P TDLS +. if ${PORT_OPTIONS:M${simple}} + @${ECHO} CONFIG_${simple}=y >> ${CFG} +. endif +.endfor +.for item in READLINE PEERKEY + @${ECHO} CONFIG_${item}=y >> ${CFG} +.endfor +.if ${PORT_OPTIONS:MIEEE80211AC} || ${PORT_OPTIONS:MIEEE80211N} + @${ECHO} CONFIG_AP=y >> ${CFG} +.endif +.if ${PORT_OPTIONS:MGPSK} + # GPSK desired, assume highest SHA desired too + @${ECHO} CONFIG_EAP_GPSK_SHA256=y >> ${CFG} +.endif +.if ${PORT_OPTIONS:MWPS_NOREG} + @${ECHO} CONFIG_WPS_REG_DISABLE_OPEN=y >> ${CFG} +.endif +.if ${PORT_OPTIONS:MDELAYED_MIC} + @${ECHO} CONFIG_DELAYED_MIC_ERROR_REPORT=y >> ${CFG} +.endif + @${ECHO} CONFIG_OS=unix >> ${CFG} + @${ECHO} CONFIG_CTRL_IFACE=unix >> ${CFG} + @${ECHO} CONFIG_BACKEND=file >> ${CFG} + @${ECHO} CONFIG_L2_PACKET=freebsd >> ${CFG} + @${ECHO} CONFIG_TLS=openssl >> ${CFG} + +do-install: + @${MKDIR} ${STAGEDIR}${DOCSDIR} + (cd ${BUILD_WRKSRC} && ${INSTALL_PROGRAM} wpa_supplicant wpa_cli \ + wpa_passphrase wpa_priv ${STAGEDIR}${PREFIX}/sbin) + ${INSTALL_DATA} ${BUILD_WRKSRC}/wpa_supplicant.conf \ + ${STAGEDIR}${PREFIX}/etc/wpa_supplicant.conf.sample + (cd ${BUILD_WRKSRC} && \ + ${INSTALL_DATA} ${PORTDOCS} ${STAGEDIR}${DOCSDIR}) + +.include <bsd.port.mk> diff --git a/security/wpa_supplicant/distinfo b/security/wpa_supplicant/distinfo new file mode 100644 index 000000000000..0da8b57d35df --- /dev/null +++ b/security/wpa_supplicant/distinfo @@ -0,0 +1,2 @@ +SHA256 (wpa_supplicant-2.3.tar.gz) = eaaa5bf3055270e521b2dff64f2d203ec8040f71958b8588269a82c00c9d7b6a +SIZE (wpa_supplicant-2.3.tar.gz) = 2398722 diff --git a/security/wpa_supplicant/files/Packet32.c b/security/wpa_supplicant/files/Packet32.c new file mode 100644 index 000000000000..95cae8c5c975 --- /dev/null +++ b/security/wpa_supplicant/files/Packet32.c @@ -0,0 +1,366 @@ +/*- + * Copyright (c) 2005 + * Bill Paul <wpaul@windriver.com>. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by Bill Paul. + * 4. Neither the name of the author nor the names of any co-contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY Bill Paul AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL Bill Paul OR THE VOICES IN HIS HEAD + * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF + * THE POSSIBILITY OF SUCH DAMAGE. + */ + +/* + * This file implements a small portion of the Winpcap API for the + * Windows NDIS interface in wpa_supplicant. It provides just enough + * routines to fool wpa_supplicant into thinking it's really running + * in a Windows environment. + */ + +#include <sys/types.h> +#include <sys/param.h> +#include <sys/socket.h> +#include <sys/ioctl.h> +#include <sys/errno.h> +#include <sys/sysctl.h> +#include <sys/fcntl.h> +#include <net/if.h> +#include <net/if_dl.h> +#include <net/if_var.h> + +#include <netinet/in.h> +#include <arpa/inet.h> +#include <netdb.h> +#include <net/route.h> + +#ifdef __FreeBSD__ +#include <net80211/ieee80211_ioctl.h> +#endif +#ifdef __DragonFly__ +#include <netproto/802_11/ieee80211_ioctl.h> +#endif + +#include <stdio.h> +#include <string.h> +#include <stdlib.h> +#include <unistd.h> +#include <pcap.h> + +#include "Packet32.h" + +#define OID_802_11_ADD_KEY 0x0d01011D + +typedef ULONGLONG NDIS_802_11_KEY_RSC; +typedef UCHAR NDIS_802_11_MAC_ADDRESS[6]; + +typedef struct NDIS_802_11_KEY { + ULONG Length; + ULONG KeyIndex; + ULONG KeyLength; + NDIS_802_11_MAC_ADDRESS BSSID; + NDIS_802_11_KEY_RSC KeyRSC; + UCHAR KeyMaterial[1]; +} NDIS_802_11_KEY; + +typedef struct NDIS_802_11_KEY_COMPAT { + ULONG Length; + ULONG KeyIndex; + ULONG KeyLength; + NDIS_802_11_MAC_ADDRESS BSSID; + UCHAR Pad[6]; /* Make struct layout match Windows. */ + NDIS_802_11_KEY_RSC KeyRSC; +#ifdef notdef + UCHAR KeyMaterial[1]; +#endif +} NDIS_802_11_KEY_COMPAT; + +#define TRUE 1 +#define FALSE 0 + +struct adapter { + int socket; + char name[IFNAMSIZ]; + int prev_roaming; +}; + +PCHAR +PacketGetVersion(void) +{ + return("FreeBSD WinPcap compatibility shim v1.0"); +} + +void * +PacketOpenAdapter(CHAR *iface) +{ + struct adapter *a; + int s; + int ifflags; + struct ifreq ifr; + struct ieee80211req ireq; + + s = socket(PF_INET, SOCK_DGRAM, 0); + + if (s == -1) + return(NULL); + + a = malloc(sizeof(struct adapter)); + if (a == NULL) + return(NULL); + + a->socket = s; + if (strncmp(iface, "\\Device\\NPF_", 12) == 0) + iface += 12; + else if (strncmp(iface, "\\DEVICE\\", 8) == 0) + iface += 8; + snprintf(a->name, IFNAMSIZ, "%s", iface); + + /* Turn off net80211 roaming */ + bzero((char *)&ireq, sizeof(ireq)); + strncpy(ireq.i_name, iface, sizeof (ifr.ifr_name)); + ireq.i_type = IEEE80211_IOC_ROAMING; + if (ioctl(a->socket, SIOCG80211, &ireq) == 0) { + a->prev_roaming = ireq.i_val; + ireq.i_val = IEEE80211_ROAMING_MANUAL; + if (ioctl(a->socket, SIOCS80211, &ireq) < 0) + fprintf(stderr, + "Could not set IEEE80211_ROAMING_MANUAL\n"); + } + + bzero((char *)&ifr, sizeof(ifr)); + strncpy(ifr.ifr_name, iface, sizeof (ifr.ifr_name)); + if (ioctl(a->socket, SIOCGIFFLAGS, (caddr_t)&ifr) < 0) { + free(a); + close(s); + return(NULL); + } + ifr.ifr_flags |= IFF_UP; + if (ioctl(a->socket, SIOCSIFFLAGS, (caddr_t)&ifr) < 0) { + free(a); + close(s); + return(NULL); + } + + return(a); +} + +int +PacketRequest(void *iface, BOOLEAN set, PACKET_OID_DATA *oid) +{ + struct adapter *a; + uint32_t retval; + struct ifreq ifr; + NDIS_802_11_KEY *old; + NDIS_802_11_KEY_COMPAT *new; + PACKET_OID_DATA *o = NULL; + + if (iface == NULL) + return(-1); + + a = iface; + bzero((char *)&ifr, sizeof(ifr)); + + /* + * This hack is necessary to work around a difference + * betwee the GNU C and Microsoft C compilers. The NDIS_802_11_KEY + * structure has a uint64_t in it, right after an array of + * chars. The Microsoft compiler inserts padding right before + * the 64-bit value to align it on a 64-bit boundary, but + * GCC only aligns it on a 32-bit boundary. Trying to pass + * the GCC-formatted structure to an NDIS binary driver + * fails because some of the fields appear to be at the + * wrong offsets. + * + * To get around this, if we detect someone is trying to do + * a set operation on OID_802_11_ADD_KEY, we shuffle the data + * into a properly padded structure and pass that into the + * driver instead. This allows the driver_ndis.c code supplied + * with wpa_supplicant to work unmodified. + */ + + if (set == TRUE && oid->Oid == OID_802_11_ADD_KEY) { + old = (NDIS_802_11_KEY *)&oid->Data; + o = malloc(sizeof(PACKET_OID_DATA) + + sizeof(NDIS_802_11_KEY_COMPAT) + old->KeyLength); + if (o == NULL) + return(0); + bzero((char *)o, sizeof(PACKET_OID_DATA) + + sizeof(NDIS_802_11_KEY_COMPAT) + old->KeyLength); + o->Oid = oid->Oid; + o->Length = sizeof(NDIS_802_11_KEY_COMPAT) + old->KeyLength; + new = (NDIS_802_11_KEY_COMPAT *)&o->Data; + new->KeyRSC = old->KeyRSC; + new->Length = o->Length; + new->KeyIndex = old->KeyIndex; + new->KeyLength = old->KeyLength; + bcopy(old->BSSID, new->BSSID, sizeof(NDIS_802_11_MAC_ADDRESS)); + bcopy(old->KeyMaterial, (char *)new + + sizeof(NDIS_802_11_KEY_COMPAT), new->KeyLength); + ifr.ifr_data = (caddr_t)o; + } else + ifr.ifr_data = (caddr_t)oid; + + strlcpy(ifr.ifr_name, a->name, sizeof(ifr.ifr_name)); + + if (set == TRUE) + retval = ioctl(a->socket, SIOCSDRVSPEC, &ifr); + else + retval = ioctl(a->socket, SIOCGDRVSPEC, &ifr); + + if (o != NULL) + free(o); + + if (retval) + return(0); + + return(1); +} + +int +PacketGetAdapterNames(CHAR *namelist, ULONG *len) +{ + int mib[6]; + size_t needed; + struct if_msghdr *ifm; + struct sockaddr_dl *sdl; + char *buf, *lim, *next; + char *plist; + int spc; + int i, ifcnt = 0; + + plist = namelist; + spc = 0; + + bzero(plist, *len); + + needed = 0; + mib[0] = CTL_NET; + mib[1] = PF_ROUTE; + mib[2] = 0; /* protocol */ + mib[3] = 0; /* wildcard address family */ + mib[4] = NET_RT_IFLIST; + mib[5] = 0; /* no flags */ + + if (sysctl (mib, 6, NULL, &needed, NULL, 0) < 0) + return(FALSE); + + buf = malloc (needed); + if (buf == NULL) + return(FALSE); + + if (sysctl (mib, 6, buf, &needed, NULL, 0) < 0) { + free(buf); + return(FALSE); + } + + lim = buf + needed; + + /* Generate interface name list. */ + + next = buf; + while (next < lim) { + ifm = (struct if_msghdr *)next; + if (ifm->ifm_type == RTM_IFINFO) { + sdl = (struct sockaddr_dl *)(ifm + 1); + if (strnstr(sdl->sdl_data, "wlan", sdl->sdl_nlen)) { + if ((spc + sdl->sdl_nlen) > *len) { + free(buf); + return(FALSE); + } + strncpy(plist, sdl->sdl_data, sdl->sdl_nlen); + plist += (sdl->sdl_nlen + 1); + spc += (sdl->sdl_nlen + 1); + ifcnt++; + } + } + next += ifm->ifm_msglen; + } + + + /* Insert an extra "" as a spacer */ + + plist++; + spc++; + + /* + * Now generate the interface description list. There + * must be a unique description for each interface, and + * they have to match what the ndis_events program will + * feed in later. To keep this simple, we just repeat + * the interface list over again. + */ + + next = buf; + while (next < lim) { + ifm = (struct if_msghdr *)next; + if (ifm->ifm_type == RTM_IFINFO) { + sdl = (struct sockaddr_dl *)(ifm + 1); + if (strnstr(sdl->sdl_data, "wlan", sdl->sdl_nlen)) { + if ((spc + sdl->sdl_nlen) > *len) { + free(buf); + return(FALSE); + } + strncpy(plist, sdl->sdl_data, sdl->sdl_nlen); + plist += (sdl->sdl_nlen + 1); + spc += (sdl->sdl_nlen + 1); + ifcnt++; + } + } + next += ifm->ifm_msglen; + } + + free (buf); + + *len = spc + 1; + + return(TRUE); +} + +void +PacketCloseAdapter(void *iface) +{ + struct adapter *a; + struct ifreq ifr; + struct ieee80211req ireq; + + if (iface == NULL) + return; + + a = iface; + + /* Reset net80211 roaming */ + bzero((char *)&ireq, sizeof(ireq)); + strncpy(ireq.i_name, a->name, sizeof (ifr.ifr_name)); + ireq.i_type = IEEE80211_IOC_ROAMING; + ireq.i_val = a->prev_roaming; + ioctl(a->socket, SIOCS80211, &ireq); + + bzero((char *)&ifr, sizeof(ifr)); + strncpy(ifr.ifr_name, a->name, sizeof (ifr.ifr_name)); + ioctl(a->socket, SIOCGIFFLAGS, (caddr_t)&ifr); + ifr.ifr_flags &= ~IFF_UP; + ioctl(a->socket, SIOCSIFFLAGS, (caddr_t)&ifr); + close(a->socket); + free(a); + + return; +} diff --git a/security/wpa_supplicant/files/Packet32.h b/security/wpa_supplicant/files/Packet32.h new file mode 100644 index 000000000000..c75e5f9dfe91 --- /dev/null +++ b/security/wpa_supplicant/files/Packet32.h @@ -0,0 +1,65 @@ +/*- + * Copyright (c) 2005 + * Bill Paul <wpaul@windriver.com>. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by Bill Paul. + * 4. Neither the name of the author nor the names of any co-contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY Bill Paul AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL Bill Paul OR THE VOICES IN HIS HEAD + * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF + * THE POSSIBILITY OF SUCH DAMAGE. + */ + +#ifndef _PACKET32_H_ +#define _PACKET32_H_ + +#include <sys/types.h> +#include <ntddndis.h> + +struct PACKET_OID_DATA { + uint32_t Oid; + uint32_t Length; + uint8_t Data[1]; +}; + + +typedef struct PACKET_OID_DATA PACKET_OID_DATA; + +extern PCHAR PacketGetVersion(void); +extern void *PacketOpenAdapter(CHAR *); +extern int PacketRequest(void *, BOOLEAN, PACKET_OID_DATA *); +extern int PacketGetAdapterNames(CHAR *, ULONG *); +extern void PacketCloseAdapter(void *); + +/* + * This is for backwards compatibility on FreeBSD 5. + */ + +#ifndef SIOCGDRVSPEC +#define SIOCSDRVSPEC _IOW('i', 123, struct ifreq) /* set driver-specific + parameters */ +#define SIOCGDRVSPEC _IOWR('i', 123, struct ifreq) /* get driver-specific + parameters */ +#endif + +#endif /* _PACKET32_H_ */ diff --git a/security/wpa_supplicant/files/ntddndis.h b/security/wpa_supplicant/files/ntddndis.h new file mode 100644 index 000000000000..0d7cde88e7ca --- /dev/null +++ b/security/wpa_supplicant/files/ntddndis.h @@ -0,0 +1,28 @@ +#ifndef _NTDDNDIS_H_ +#define _NTDDNDIS_H_ + +/* + * Fake up some of the Windows type definitions so that the NDIS + * interface module in wpa_supplicant will build. + */ + +#define ULONG uint32_t +#define USHORT uint16_t +#define UCHAR uint8_t +#define LONG int32_t +#define SHORT int16_t +#define CHAR int8_t +#define ULONGLONG uint64_t +#define LONGLONG int64_t +#define BOOLEAN uint8_t +typedef void * LPADAPTER; +typedef char * PTSTR; +typedef char * PCHAR; + +#define TRUE 1 +#define FALSE 0 + +#define OID_802_3_CURRENT_ADDRESS 0x01010102 +#define OID_802_3_MULTICAST_LIST 0x01010103 + +#endif /* _NTDDNDIS_H_ */ diff --git a/security/wpa_supplicant/files/patch-src-l2_packet-l2_packet_freebsd.c b/security/wpa_supplicant/files/patch-src-l2_packet-l2_packet_freebsd.c new file mode 100644 index 000000000000..8b34e0fbdd89 --- /dev/null +++ b/security/wpa_supplicant/files/patch-src-l2_packet-l2_packet_freebsd.c @@ -0,0 +1,14 @@ +--- src/l2_packet/l2_packet_freebsd.c.orig 2014-06-04 13:26:14 UTC ++++ src/l2_packet/l2_packet_freebsd.c +@@ -8,7 +8,10 @@ + */ + + #include "includes.h" +-#if defined(__APPLE__) || defined(__GLIBC__) ++#if defined(__FreeBSD__) \ ++ || defined(__DragonFly__) \ ++ || defined(__APPLE__) \ ++ || defined(__GLIBC__) + #include <net/bpf.h> + #endif /* __APPLE__ */ + #include <pcap.h> diff --git a/security/wpa_supplicant/files/patch-src_drivers_driver__privsep.c b/security/wpa_supplicant/files/patch-src_drivers_driver__privsep.c new file mode 100644 index 000000000000..e712ea305728 --- /dev/null +++ b/security/wpa_supplicant/files/patch-src_drivers_driver__privsep.c @@ -0,0 +1,20 @@ +--- src/drivers/driver_privsep.c.orig 2014-10-09 14:41:31 UTC ++++ src/drivers/driver_privsep.c +@@ -228,7 +228,7 @@ static int wpa_driver_privsep_associate( + + wpa_printf(MSG_DEBUG, "%s: priv=%p freq=%d pairwise_suite=%d " + "group_suite=%d key_mgmt_suite=%d auth_alg=%d mode=%d", +- __func__, priv, params->freq, params->pairwise_suite, ++ __func__, priv, params->freq.freq, params->pairwise_suite, + params->group_suite, params->key_mgmt_suite, + params->auth_alg, params->mode); + +@@ -241,7 +241,7 @@ static int wpa_driver_privsep_associate( + os_memcpy(data->bssid, params->bssid, ETH_ALEN); + os_memcpy(data->ssid, params->ssid, params->ssid_len); + data->ssid_len = params->ssid_len; +- data->freq = params->freq; ++ data->freq = params->freq.freq; + data->pairwise_suite = params->pairwise_suite; + data->group_suite = params->group_suite; + data->key_mgmt_suite = params->key_mgmt_suite; diff --git a/security/wpa_supplicant/files/patch-src_utils_os__unix.c b/security/wpa_supplicant/files/patch-src_utils_os__unix.c new file mode 100644 index 000000000000..2ddeeb3ceacf --- /dev/null +++ b/security/wpa_supplicant/files/patch-src_utils_os__unix.c @@ -0,0 +1,62 @@ +--- src/utils/os_unix.c.orig 2014-10-09 14:41:31 UTC ++++ src/utils/os_unix.c +@@ -190,17 +190,42 @@ static int os_daemon(int nochdir, int no + #define os_daemon daemon + #endif /* __APPLE__ */ + ++#if defined(__FreeBSD__) || defined(__DragonFly__) ++#define FREE_DRAGON ++#include <err.h> ++#include <libutil.h> ++#include <stdint.h> ++#endif /* __FreeBSD__ || __DragonFly__ */ + + int os_daemonize(const char *pid_file) + { + #if defined(__uClinux__) || defined(__sun__) + return -1; + #else /* defined(__uClinux__) || defined(__sun__) */ ++#ifdef FREE_DRAGON ++ pid_t otherpid; ++ struct pidfh *pfh; ++ ++ pfh = pidfile_open(pid_file, 0600, &otherpid); ++ if (pfh == NULL) { ++ if (errno == EEXIST) { ++ errx(1, "Daemon already running, pid: %jd.", ++ (intmax_t)otherpid); ++ } ++ warn("Cannot open or create pidfile."); ++ } ++#endif /* FREE_DRAGON */ + if (os_daemon(0, 0)) { + perror("daemon"); ++#ifdef FREE_DRAGON ++ pidfile_remove(pfh); ++#endif /* FREE_DRAGON */ + return -1; + } + ++#ifdef FREE_DRAGON ++ pidfile_write(pfh); ++#else + if (pid_file) { + FILE *f = fopen(pid_file, "w"); + if (f) { +@@ -208,6 +233,7 @@ int os_daemonize(const char *pid_file) + fclose(f); + } + } ++#endif /* FREE_DRAGON */ + + return -0; + #endif /* defined(__uClinux__) || defined(__sun__) */ +@@ -360,7 +386,7 @@ int os_setenv(const char *name, const ch + + int os_unsetenv(const char *name) + { +-#if defined(__FreeBSD__) || defined(__NetBSD__) || defined(__APPLE__) || \ ++#if defined(FREE_DRAGON) || defined(__NetBSD__) || defined(__APPLE__) || \ + defined(__OpenBSD__) + unsetenv(name); + return 0; diff --git a/security/wpa_supplicant/files/patch-src_wps_wps__upnp.c b/security/wpa_supplicant/files/patch-src_wps_wps__upnp.c new file mode 100644 index 000000000000..c8e6ed1eed27 --- /dev/null +++ b/security/wpa_supplicant/files/patch-src_wps_wps__upnp.c @@ -0,0 +1,22 @@ +--- src/wps/wps_upnp.c.orig 2014-10-09 14:41:31 UTC ++++ src/wps/wps_upnp.c +@@ -829,7 +829,8 @@ fail: + } + + +-#if defined(__FreeBSD__) || defined(__FreeBSD_kernel__) ++#if defined(__FreeBSD__) || defined(__FreeBSD_kernel__) \ ++ || defined(__DragonFly__) + #include <sys/sysctl.h> + #include <net/route.h> + #include <net/if_dl.h> +@@ -916,7 +917,8 @@ int get_netif_info(const char *net_if, u + goto fail; + } + os_memcpy(mac, req.ifr_addr.sa_data, 6); +-#elif defined(__FreeBSD__) || defined(__FreeBSD_kernel__) ++#elif defined(__FreeBSD__) || defined(__FreeBSD_kernel__) \ ++ || defined(__DragonFly__) + if (eth_get(net_if, mac) < 0) { + wpa_printf(MSG_ERROR, "WPS UPnP: Failed to get MAC address"); + goto fail; diff --git a/security/wpa_supplicant/files/patch-wpa__supplicant_Makefile b/security/wpa_supplicant/files/patch-wpa__supplicant_Makefile new file mode 100644 index 000000000000..ecadd5ea713f --- /dev/null +++ b/security/wpa_supplicant/files/patch-wpa__supplicant_Makefile @@ -0,0 +1,14 @@ +--- wpa_supplicant/Makefile.orig 2014-10-09 14:41:31 UTC ++++ wpa_supplicant/Makefile +@@ -97,6 +97,11 @@ OBJS += ../src/utils/os_$(CONFIG_OS).o + OBJS_p += ../src/utils/os_$(CONFIG_OS).o + OBJS_c += ../src/utils/os_$(CONFIG_OS).o + ++ifdef CONFIG_DRIVER_NDIS ++OBJS += ../src/utils/Packet32.o ../src/drivers/driver_ndis.o ++OBJS_priv += ../src/utils/Packet32.o ++endif ++ + ifdef CONFIG_WPA_TRACE + CFLAGS += -DWPA_TRACE + OBJS += ../src/utils/trace.o diff --git a/security/wpa_supplicant/files/patch-wpa__supplicant_scan.c b/security/wpa_supplicant/files/patch-wpa__supplicant_scan.c new file mode 100644 index 000000000000..45f7272eddab --- /dev/null +++ b/security/wpa_supplicant/files/patch-wpa__supplicant_scan.c @@ -0,0 +1,31 @@ +--- wpa_supplicant/scan.c.orig 2014-10-09 14:41:31 UTC ++++ wpa_supplicant/scan.c +@@ -1548,7 +1548,7 @@ struct wpabuf * wpa_scan_get_vendor_ie_m + static int wpa_scan_result_compar(const void *a, const void *b) + { + #define IS_5GHZ(n) (n > 4000) +-#define MIN(a,b) a < b ? a : b ++#define MINAB(a,b) a < b ? a : b + struct wpa_scan_res **_wa = (void *) a; + struct wpa_scan_res **_wb = (void *) b; + struct wpa_scan_res *wa = *_wa; +@@ -1577,8 +1577,8 @@ static int wpa_scan_result_compar(const + + if ((wa->flags & wb->flags & WPA_SCAN_LEVEL_DBM) && + !((wa->flags | wb->flags) & WPA_SCAN_NOISE_INVALID)) { +- snr_a = MIN(wa->level - wa->noise, GREAT_SNR); +- snr_b = MIN(wb->level - wb->noise, GREAT_SNR); ++ snr_a = MINAB(wa->level - wa->noise, GREAT_SNR); ++ snr_b = MINAB(wb->level - wb->noise, GREAT_SNR); + } else { + /* Not suitable information to calculate SNR, so use level */ + snr_a = wa->level; +@@ -1604,7 +1604,7 @@ static int wpa_scan_result_compar(const + if (snr_b == snr_a) + return wb->qual - wa->qual; + return snr_b - snr_a; +-#undef MIN ++#undef MINAB + #undef IS_5GHZ + } + diff --git a/security/wpa_supplicant/files/patch-wpa__supplicant_wpa__priv.c b/security/wpa_supplicant/files/patch-wpa__supplicant_wpa__priv.c new file mode 100644 index 000000000000..17b78d4fac3d --- /dev/null +++ b/security/wpa_supplicant/files/patch-wpa__supplicant_wpa__priv.c @@ -0,0 +1,37 @@ +--- wpa_supplicant/wpa_priv.c.orig 2014-10-09 14:41:31 UTC ++++ wpa_supplicant/wpa_priv.c +@@ -202,7 +202,7 @@ static void wpa_priv_cmd_associate(struc + if (assoc->ssid_len > 32) + return; + params.ssid_len = assoc->ssid_len; +- params.freq = assoc->freq; ++ params.freq.freq = assoc->freq; + if (assoc->wpa_ie_len) { + params.wpa_ie = (u8 *) (assoc + 1); + params.wpa_ie_len = assoc->wpa_ie_len; +@@ -947,6 +947,7 @@ static void usage(void) + int main(int argc, char *argv[]) + { + int c, i; ++ int eloop_initialized = 0; + int ret = -1; + char *pid_file = NULL; + int daemonize = 0; +@@ -992,6 +993,7 @@ int main(int argc, char *argv[]) + wpa_printf(MSG_ERROR, "Failed to initialize event loop"); + goto out; + } ++ else eloop_initialized = 1; + + for (i = optind; i < argc; i++) { + wpa_printf(MSG_DEBUG, "Adding driver:interface %s", argv[i]); +@@ -1018,7 +1020,8 @@ out: + wpa_priv_interface_deinit(prev); + } + +- eloop_destroy(); ++ if (eloop_initialized) ++ eloop_destroy(); + + os_daemonize_terminate(pid_file); + os_free(pid_file); diff --git a/security/wpa_supplicant/files/pkg-message.in b/security/wpa_supplicant/files/pkg-message.in new file mode 100644 index 000000000000..74fb68a295ec --- /dev/null +++ b/security/wpa_supplicant/files/pkg-message.in @@ -0,0 +1,6 @@ +To use the ports version of WPA Supplicant instead of the base, add: + + hostapd_program="%%PREFIX%%/sbin/wpa_supplicant" + +to /etc/rc.conf + diff --git a/security/wpa_supplicant/pkg-descr b/security/wpa_supplicant/pkg-descr new file mode 100644 index 000000000000..9eb5f45eea94 --- /dev/null +++ b/security/wpa_supplicant/pkg-descr @@ -0,0 +1,14 @@ +wpa_supplicant is a client (supplicant) with support for WPA and WPA2 +(IEEE 802.11i / RSN). It is suitable for both desktop/laptop computers and +embedded systems. Supplicant is the IEEE 802.1X/WPA component that is used +in the client stations. It implements key negotiation with a WPA +Authenticator and it controls the roaming and IEEE 802.11 authentication/ +association of the wlan driver. + +wpa_supplicant is designed to be a "daemon" program that runs in the +background and acts as the backend component controlling the wireless +connection. wpa_supplicant supports separate frontend programs and a +text-based frontend (wpa_cli) and a GUI (wpa_gui) are included with +wpa_supplicant. + +WWW: http://w1.fi/wpa_supplicant/ |