aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--MOVED1
-rw-r--r--security/Makefile1
-rw-r--r--security/wpa_supplicant/Makefile159
-rw-r--r--security/wpa_supplicant/distinfo2
-rw-r--r--security/wpa_supplicant/files/Packet32.c366
-rw-r--r--security/wpa_supplicant/files/Packet32.h65
-rw-r--r--security/wpa_supplicant/files/ntddndis.h28
-rw-r--r--security/wpa_supplicant/files/patch-src-l2_packet-l2_packet_freebsd.c14
-rw-r--r--security/wpa_supplicant/files/patch-src_drivers_driver__privsep.c20
-rw-r--r--security/wpa_supplicant/files/patch-src_utils_os__unix.c62
-rw-r--r--security/wpa_supplicant/files/patch-src_wps_wps__upnp.c22
-rw-r--r--security/wpa_supplicant/files/patch-wpa__supplicant_Makefile14
-rw-r--r--security/wpa_supplicant/files/patch-wpa__supplicant_scan.c31
-rw-r--r--security/wpa_supplicant/files/patch-wpa__supplicant_wpa__priv.c37
-rw-r--r--security/wpa_supplicant/files/pkg-message.in6
-rw-r--r--security/wpa_supplicant/pkg-descr14
16 files changed, 841 insertions, 1 deletions
diff --git a/MOVED b/MOVED
index 454ea98da583..3b55f776f4f0 100644
--- a/MOVED
+++ b/MOVED
@@ -130,7 +130,6 @@ misc/kde3-i18n-id||2008-04-25|Has expired: Distfile no longer available, outdate
net/dhcp-agent||2008-04-25|Has expired: Dhcp-agent has not been updated since 2003, it does not build with guile-1.8, and it is unmaintained
net/ocaml-netclient||2008-04-25|Has expired: is part of ocaml-net
graphics/entice||2008-04-25|Has expired: Broken and unmaintained
-security/wpa_supplicant||2008-04-26|Obsolete, newer version in base
games/glpuzzle|games/jigzo|2008-04-28|Project renamed
ftp/greed||2008-04-29|Has expired: No longer maintained
x11-themes/gnome-industrial-theme||2008-04-29|Has expired: gnome-themes-extras no longer has industrial engine
diff --git a/security/Makefile b/security/Makefile
index c45081f4bb89..46a7b122b350 100644
--- a/security/Makefile
+++ b/security/Makefile
@@ -1011,6 +1011,7 @@
SUBDIR += webshag
SUBDIR += whatweb
SUBDIR += wipe
+ SUBDIR += wpa_supplicant
SUBDIR += xca
SUBDIR += xinetd
SUBDIR += xml-security
diff --git a/security/wpa_supplicant/Makefile b/security/wpa_supplicant/Makefile
new file mode 100644
index 000000000000..52468a0052c2
--- /dev/null
+++ b/security/wpa_supplicant/Makefile
@@ -0,0 +1,159 @@
+# $FreeBSD$
+
+PORTNAME= wpa_supplicant
+PORTVERSION= 2.3
+CATEGORIES= security net
+MASTER_SITES= http://w1.fi/releases/
+
+MAINTAINER= marino@FreeBSD.org
+COMMENT= Supplicant (client) for WPA/802.1x protocols
+
+USES= gmake readline
+USE_OPENSSL= yes
+BUILD_WRKSRC= ${WRKSRC}/wpa_supplicant
+INSTALL_WRKSRC= ${WRKSRC}/src
+LDFLAGS= -lutil
+
+SUB_FILES= pkg-message
+PLIST_FILES= sbin/wpa_supplicant \
+ sbin/wpa_passphrase \
+ sbin/wpa_cli \
+ sbin/wpa_priv \
+ "@sample etc/wpa_supplicant.conf.sample"
+PORTDOCS= README ChangeLog
+
+CFG= ${BUILD_WRKSRC}/.config
+
+OPTIONS_MULTI= DRV EAP
+OPTIONS_MULTI_DRV= BSD WIRED NDIS TEST NONE #ROBOSWITCH
+OPTIONS_MULTI_EAP= TLS PEAP TTLS MD5 MSCHAPv2 GTC LEAP OTP PSK FAST \
+ SIM PWD PAX AKA AKA_PRIME SAKE GPSK TNC IKEv2 EKE
+OPTIONS_DEFINE= WPS WPS_ER WPS_NOREG WPS_NFC PKCS12 SMARTCARD \
+ HT_OVERRIDES VHT_OVERRIDES TLSV12 IEEE80211W \
+ IEEE80211R DEBUG_FILE DEBUG_SYSLOG PRIVSEP \
+ DELAYED_MIC IEEE80211N IEEE80211AC INTERWORKING \
+ HS20 NO_ROAMING P2P TDLS
+OPTIONS_DEFAULT= BSD WIRED NDIS \
+ TLS PEAP TTLS MD5 MSCHAPv2 GTC LEAP OTP PSK \
+ WPS PKCS12 SMARTCARD IEEE80211R DEBUG_SYSLOG PRIVSEP \
+ INTERWORKING HS20
+
+WPS_DESC= Wi-Fi Protected Setup
+WPS_ER_DESC= Enable WPS External Registrar
+WPS_NOREG_DESC= Disable open network credentials when registrar
+WPS_NFC_DESC= Near Field Communication (NFC) configuration
+PKCS12_DESC= PKCS\#12 (PFS) support
+SMARTCARD_DESC= Private key on smartcard support
+HT_OVERRIDES_DESC= Disable HT/HT40, mask MCS rates, etc
+VHT_OVERRIDES_DESC= Disable VHT, mask MCS rates, etc
+TLSV12_DESC= Build with TLS v1.2 instead of TLS v1.0
+IEEE80211AC_DESC= Very High Throughput, AP mode (IEEE 802.11ac)
+IEEE80211N_DESC= High Throughput, AP mode (IEEE 802.11n)
+IEEE80211R_DESC= Fast BSS Transition (IEEE 802.11r-2008)
+IEEE80211W_DESC= Management Frame Protection (IEEE 802.11w)
+DEBUG_FILE_DESC= Support for writing debug log to a file
+DEBUG_SYSLOG_DESC= Send debug messages to syslog instead of stdout
+PRIVSEP_DESC= Privilege separation
+DELAYED_MIC_DESC= Mitigate TKIP attack, random delay on MIC errors
+INTERWORKING_DESC= Improve ext. network interworking (IEEE 802.11u)
+HS20_DESC= Hotspot 2.0
+NO_ROAMING_DESC= Disable roaming
+P2P_DESC= Peer-to-Peer support
+TDLS_DESC= Tunneled Direct Link Setup
+
+DRV_DESC= Driver options
+BSD_DESC= BSD net80211 interface
+NDIS_DESC= Windows NDIS interface
+WIRED_DESC= Wired ethernet interface
+ROBOSWITCH_DESC= Broadcom Roboswitch interface
+TEST_DESC= Development testing interface
+NONE_DESC= The 'no driver' interface, e.g. WPS ER only
+
+EAP_DESC= Extensible Authentication Protocols
+TLS_DESC= Transport Layer Security
+PEAP_DESC= Protected Extensible Authentication Protocol
+TTLS_DESC= Tunneled Transport Layer Security
+MD5_DESC= MD5 hash (deprecated, no key generation)
+MSCHAPv2_DESC= Microsoft CHAP version 2 (RFC 2759)
+GTC_DESC= Generic Token Card
+LEAP_DESC= Lightweight Extensible Authentication Protocol
+OTP_DESC= One-Time Password
+PSK_DESC= Pre-Shared key
+FAST_DESC= Flexible Authentication via Secure Tunneling
+AKA_DESC= Autentication and Key Agreement (UMTS)
+AKA_PRIME_DESC= AKA Prime variant (RFC 5448)
+EKE_DESC= Encrypted Key Exchange
+SIM_DESC= Subscriber Identity Module
+IKEv2_DESC= Internet Key Exchange version 2
+PWD_DESC= Shared password (RFC 5931)
+PAX_DESC= Password Authenticated Exchange
+SAKE_DESC= Shared-Secret Authentication & Key Establishment
+GPSK_DESC= Generalized Pre-Shared Key
+TNC_DESC= Trusted Network Connect
+
+.include <bsd.port.options.mk>
+
+.if ${PORT_OPTIONS:MSIM} || ${PORT_OPTIONS:MAKA} || ${PORT_OPTIONS:MAKA_PRIME}
+LIB_DEPENDS+= libpcsclite.so:${PORTSDIR}/devel/pcsc-lite
+CFLAGS+= -I${LOCALBASE}/include/PCSC
+LDFLAGS+= -L${LOCALBASE}/lib
+.endif
+
+post-patch:
+ ${CP} ${FILESDIR}/Packet32.[ch] ${FILESDIR}/ntddndis.h \
+ ${WRKSRC}/src/utils
+ # Set driver(s)
+.for item in BSD NDIS WIRED ROBOSWITCH TEST NONE
+. if ${PORT_OPTIONS:M${item}}
+ @${ECHO} CONFIG_DRIVER_${item}=y >> ${CFG}
+. endif
+.endfor
+ # Set EAP protocol(s)
+.for item in MD5 MSCHAPv2 TLS PEAP TTLS FAST GTC OTP PSK PWD PAX LEAP SIM \
+ AKA AKA_PRIME SAKE GPSK TNC IKEv2 EKE
+. if ${PORT_OPTIONS:M${item}}
+ @${ECHO} CONFIG_EAP_${item:tu}=y >> ${CFG}
+. endif
+.endfor
+.if ${PORT_OPTIONS:MSIM} || ${PORT_OPTIONS:MAKA} || ${PORT_OPTIONS:MAKA_PRIME}
+ @${ECHO} CONFIG_PCSC=y >> ${CFG}
+.endif
+.for simple in WPS WPS_ER WPS_NFC PKCS12 SMARTCARD HT_OVERRIDES \
+ VHT_OVERRIDES TLSV12 IEEE80211AC IEEE80211N IEEE80211R IEEE80211W \
+ INTERWORKING DEBUG_FILE DEBUG_SYSLOG HS20 NO_ROAMING PRIVSEP P2P TDLS
+. if ${PORT_OPTIONS:M${simple}}
+ @${ECHO} CONFIG_${simple}=y >> ${CFG}
+. endif
+.endfor
+.for item in READLINE PEERKEY
+ @${ECHO} CONFIG_${item}=y >> ${CFG}
+.endfor
+.if ${PORT_OPTIONS:MIEEE80211AC} || ${PORT_OPTIONS:MIEEE80211N}
+ @${ECHO} CONFIG_AP=y >> ${CFG}
+.endif
+.if ${PORT_OPTIONS:MGPSK}
+ # GPSK desired, assume highest SHA desired too
+ @${ECHO} CONFIG_EAP_GPSK_SHA256=y >> ${CFG}
+.endif
+.if ${PORT_OPTIONS:MWPS_NOREG}
+ @${ECHO} CONFIG_WPS_REG_DISABLE_OPEN=y >> ${CFG}
+.endif
+.if ${PORT_OPTIONS:MDELAYED_MIC}
+ @${ECHO} CONFIG_DELAYED_MIC_ERROR_REPORT=y >> ${CFG}
+.endif
+ @${ECHO} CONFIG_OS=unix >> ${CFG}
+ @${ECHO} CONFIG_CTRL_IFACE=unix >> ${CFG}
+ @${ECHO} CONFIG_BACKEND=file >> ${CFG}
+ @${ECHO} CONFIG_L2_PACKET=freebsd >> ${CFG}
+ @${ECHO} CONFIG_TLS=openssl >> ${CFG}
+
+do-install:
+ @${MKDIR} ${STAGEDIR}${DOCSDIR}
+ (cd ${BUILD_WRKSRC} && ${INSTALL_PROGRAM} wpa_supplicant wpa_cli \
+ wpa_passphrase wpa_priv ${STAGEDIR}${PREFIX}/sbin)
+ ${INSTALL_DATA} ${BUILD_WRKSRC}/wpa_supplicant.conf \
+ ${STAGEDIR}${PREFIX}/etc/wpa_supplicant.conf.sample
+ (cd ${BUILD_WRKSRC} && \
+ ${INSTALL_DATA} ${PORTDOCS} ${STAGEDIR}${DOCSDIR})
+
+.include <bsd.port.mk>
diff --git a/security/wpa_supplicant/distinfo b/security/wpa_supplicant/distinfo
new file mode 100644
index 000000000000..0da8b57d35df
--- /dev/null
+++ b/security/wpa_supplicant/distinfo
@@ -0,0 +1,2 @@
+SHA256 (wpa_supplicant-2.3.tar.gz) = eaaa5bf3055270e521b2dff64f2d203ec8040f71958b8588269a82c00c9d7b6a
+SIZE (wpa_supplicant-2.3.tar.gz) = 2398722
diff --git a/security/wpa_supplicant/files/Packet32.c b/security/wpa_supplicant/files/Packet32.c
new file mode 100644
index 000000000000..95cae8c5c975
--- /dev/null
+++ b/security/wpa_supplicant/files/Packet32.c
@@ -0,0 +1,366 @@
+/*-
+ * Copyright (c) 2005
+ * Bill Paul <wpaul@windriver.com>. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by Bill Paul.
+ * 4. Neither the name of the author nor the names of any co-contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY Bill Paul AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL Bill Paul OR THE VOICES IN HIS HEAD
+ * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
+ * THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/*
+ * This file implements a small portion of the Winpcap API for the
+ * Windows NDIS interface in wpa_supplicant. It provides just enough
+ * routines to fool wpa_supplicant into thinking it's really running
+ * in a Windows environment.
+ */
+
+#include <sys/types.h>
+#include <sys/param.h>
+#include <sys/socket.h>
+#include <sys/ioctl.h>
+#include <sys/errno.h>
+#include <sys/sysctl.h>
+#include <sys/fcntl.h>
+#include <net/if.h>
+#include <net/if_dl.h>
+#include <net/if_var.h>
+
+#include <netinet/in.h>
+#include <arpa/inet.h>
+#include <netdb.h>
+#include <net/route.h>
+
+#ifdef __FreeBSD__
+#include <net80211/ieee80211_ioctl.h>
+#endif
+#ifdef __DragonFly__
+#include <netproto/802_11/ieee80211_ioctl.h>
+#endif
+
+#include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
+#include <unistd.h>
+#include <pcap.h>
+
+#include "Packet32.h"
+
+#define OID_802_11_ADD_KEY 0x0d01011D
+
+typedef ULONGLONG NDIS_802_11_KEY_RSC;
+typedef UCHAR NDIS_802_11_MAC_ADDRESS[6];
+
+typedef struct NDIS_802_11_KEY {
+ ULONG Length;
+ ULONG KeyIndex;
+ ULONG KeyLength;
+ NDIS_802_11_MAC_ADDRESS BSSID;
+ NDIS_802_11_KEY_RSC KeyRSC;
+ UCHAR KeyMaterial[1];
+} NDIS_802_11_KEY;
+
+typedef struct NDIS_802_11_KEY_COMPAT {
+ ULONG Length;
+ ULONG KeyIndex;
+ ULONG KeyLength;
+ NDIS_802_11_MAC_ADDRESS BSSID;
+ UCHAR Pad[6]; /* Make struct layout match Windows. */
+ NDIS_802_11_KEY_RSC KeyRSC;
+#ifdef notdef
+ UCHAR KeyMaterial[1];
+#endif
+} NDIS_802_11_KEY_COMPAT;
+
+#define TRUE 1
+#define FALSE 0
+
+struct adapter {
+ int socket;
+ char name[IFNAMSIZ];
+ int prev_roaming;
+};
+
+PCHAR
+PacketGetVersion(void)
+{
+ return("FreeBSD WinPcap compatibility shim v1.0");
+}
+
+void *
+PacketOpenAdapter(CHAR *iface)
+{
+ struct adapter *a;
+ int s;
+ int ifflags;
+ struct ifreq ifr;
+ struct ieee80211req ireq;
+
+ s = socket(PF_INET, SOCK_DGRAM, 0);
+
+ if (s == -1)
+ return(NULL);
+
+ a = malloc(sizeof(struct adapter));
+ if (a == NULL)
+ return(NULL);
+
+ a->socket = s;
+ if (strncmp(iface, "\\Device\\NPF_", 12) == 0)
+ iface += 12;
+ else if (strncmp(iface, "\\DEVICE\\", 8) == 0)
+ iface += 8;
+ snprintf(a->name, IFNAMSIZ, "%s", iface);
+
+ /* Turn off net80211 roaming */
+ bzero((char *)&ireq, sizeof(ireq));
+ strncpy(ireq.i_name, iface, sizeof (ifr.ifr_name));
+ ireq.i_type = IEEE80211_IOC_ROAMING;
+ if (ioctl(a->socket, SIOCG80211, &ireq) == 0) {
+ a->prev_roaming = ireq.i_val;
+ ireq.i_val = IEEE80211_ROAMING_MANUAL;
+ if (ioctl(a->socket, SIOCS80211, &ireq) < 0)
+ fprintf(stderr,
+ "Could not set IEEE80211_ROAMING_MANUAL\n");
+ }
+
+ bzero((char *)&ifr, sizeof(ifr));
+ strncpy(ifr.ifr_name, iface, sizeof (ifr.ifr_name));
+ if (ioctl(a->socket, SIOCGIFFLAGS, (caddr_t)&ifr) < 0) {
+ free(a);
+ close(s);
+ return(NULL);
+ }
+ ifr.ifr_flags |= IFF_UP;
+ if (ioctl(a->socket, SIOCSIFFLAGS, (caddr_t)&ifr) < 0) {
+ free(a);
+ close(s);
+ return(NULL);
+ }
+
+ return(a);
+}
+
+int
+PacketRequest(void *iface, BOOLEAN set, PACKET_OID_DATA *oid)
+{
+ struct adapter *a;
+ uint32_t retval;
+ struct ifreq ifr;
+ NDIS_802_11_KEY *old;
+ NDIS_802_11_KEY_COMPAT *new;
+ PACKET_OID_DATA *o = NULL;
+
+ if (iface == NULL)
+ return(-1);
+
+ a = iface;
+ bzero((char *)&ifr, sizeof(ifr));
+
+ /*
+ * This hack is necessary to work around a difference
+ * betwee the GNU C and Microsoft C compilers. The NDIS_802_11_KEY
+ * structure has a uint64_t in it, right after an array of
+ * chars. The Microsoft compiler inserts padding right before
+ * the 64-bit value to align it on a 64-bit boundary, but
+ * GCC only aligns it on a 32-bit boundary. Trying to pass
+ * the GCC-formatted structure to an NDIS binary driver
+ * fails because some of the fields appear to be at the
+ * wrong offsets.
+ *
+ * To get around this, if we detect someone is trying to do
+ * a set operation on OID_802_11_ADD_KEY, we shuffle the data
+ * into a properly padded structure and pass that into the
+ * driver instead. This allows the driver_ndis.c code supplied
+ * with wpa_supplicant to work unmodified.
+ */
+
+ if (set == TRUE && oid->Oid == OID_802_11_ADD_KEY) {
+ old = (NDIS_802_11_KEY *)&oid->Data;
+ o = malloc(sizeof(PACKET_OID_DATA) +
+ sizeof(NDIS_802_11_KEY_COMPAT) + old->KeyLength);
+ if (o == NULL)
+ return(0);
+ bzero((char *)o, sizeof(PACKET_OID_DATA) +
+ sizeof(NDIS_802_11_KEY_COMPAT) + old->KeyLength);
+ o->Oid = oid->Oid;
+ o->Length = sizeof(NDIS_802_11_KEY_COMPAT) + old->KeyLength;
+ new = (NDIS_802_11_KEY_COMPAT *)&o->Data;
+ new->KeyRSC = old->KeyRSC;
+ new->Length = o->Length;
+ new->KeyIndex = old->KeyIndex;
+ new->KeyLength = old->KeyLength;
+ bcopy(old->BSSID, new->BSSID, sizeof(NDIS_802_11_MAC_ADDRESS));
+ bcopy(old->KeyMaterial, (char *)new +
+ sizeof(NDIS_802_11_KEY_COMPAT), new->KeyLength);
+ ifr.ifr_data = (caddr_t)o;
+ } else
+ ifr.ifr_data = (caddr_t)oid;
+
+ strlcpy(ifr.ifr_name, a->name, sizeof(ifr.ifr_name));
+
+ if (set == TRUE)
+ retval = ioctl(a->socket, SIOCSDRVSPEC, &ifr);
+ else
+ retval = ioctl(a->socket, SIOCGDRVSPEC, &ifr);
+
+ if (o != NULL)
+ free(o);
+
+ if (retval)
+ return(0);
+
+ return(1);
+}
+
+int
+PacketGetAdapterNames(CHAR *namelist, ULONG *len)
+{
+ int mib[6];
+ size_t needed;
+ struct if_msghdr *ifm;
+ struct sockaddr_dl *sdl;
+ char *buf, *lim, *next;
+ char *plist;
+ int spc;
+ int i, ifcnt = 0;
+
+ plist = namelist;
+ spc = 0;
+
+ bzero(plist, *len);
+
+ needed = 0;
+ mib[0] = CTL_NET;
+ mib[1] = PF_ROUTE;
+ mib[2] = 0; /* protocol */
+ mib[3] = 0; /* wildcard address family */
+ mib[4] = NET_RT_IFLIST;
+ mib[5] = 0; /* no flags */
+
+ if (sysctl (mib, 6, NULL, &needed, NULL, 0) < 0)
+ return(FALSE);
+
+ buf = malloc (needed);
+ if (buf == NULL)
+ return(FALSE);
+
+ if (sysctl (mib, 6, buf, &needed, NULL, 0) < 0) {
+ free(buf);
+ return(FALSE);
+ }
+
+ lim = buf + needed;
+
+ /* Generate interface name list. */
+
+ next = buf;
+ while (next < lim) {
+ ifm = (struct if_msghdr *)next;
+ if (ifm->ifm_type == RTM_IFINFO) {
+ sdl = (struct sockaddr_dl *)(ifm + 1);
+ if (strnstr(sdl->sdl_data, "wlan", sdl->sdl_nlen)) {
+ if ((spc + sdl->sdl_nlen) > *len) {
+ free(buf);
+ return(FALSE);
+ }
+ strncpy(plist, sdl->sdl_data, sdl->sdl_nlen);
+ plist += (sdl->sdl_nlen + 1);
+ spc += (sdl->sdl_nlen + 1);
+ ifcnt++;
+ }
+ }
+ next += ifm->ifm_msglen;
+ }
+
+
+ /* Insert an extra "" as a spacer */
+
+ plist++;
+ spc++;
+
+ /*
+ * Now generate the interface description list. There
+ * must be a unique description for each interface, and
+ * they have to match what the ndis_events program will
+ * feed in later. To keep this simple, we just repeat
+ * the interface list over again.
+ */
+
+ next = buf;
+ while (next < lim) {
+ ifm = (struct if_msghdr *)next;
+ if (ifm->ifm_type == RTM_IFINFO) {
+ sdl = (struct sockaddr_dl *)(ifm + 1);
+ if (strnstr(sdl->sdl_data, "wlan", sdl->sdl_nlen)) {
+ if ((spc + sdl->sdl_nlen) > *len) {
+ free(buf);
+ return(FALSE);
+ }
+ strncpy(plist, sdl->sdl_data, sdl->sdl_nlen);
+ plist += (sdl->sdl_nlen + 1);
+ spc += (sdl->sdl_nlen + 1);
+ ifcnt++;
+ }
+ }
+ next += ifm->ifm_msglen;
+ }
+
+ free (buf);
+
+ *len = spc + 1;
+
+ return(TRUE);
+}
+
+void
+PacketCloseAdapter(void *iface)
+{
+ struct adapter *a;
+ struct ifreq ifr;
+ struct ieee80211req ireq;
+
+ if (iface == NULL)
+ return;
+
+ a = iface;
+
+ /* Reset net80211 roaming */
+ bzero((char *)&ireq, sizeof(ireq));
+ strncpy(ireq.i_name, a->name, sizeof (ifr.ifr_name));
+ ireq.i_type = IEEE80211_IOC_ROAMING;
+ ireq.i_val = a->prev_roaming;
+ ioctl(a->socket, SIOCS80211, &ireq);
+
+ bzero((char *)&ifr, sizeof(ifr));
+ strncpy(ifr.ifr_name, a->name, sizeof (ifr.ifr_name));
+ ioctl(a->socket, SIOCGIFFLAGS, (caddr_t)&ifr);
+ ifr.ifr_flags &= ~IFF_UP;
+ ioctl(a->socket, SIOCSIFFLAGS, (caddr_t)&ifr);
+ close(a->socket);
+ free(a);
+
+ return;
+}
diff --git a/security/wpa_supplicant/files/Packet32.h b/security/wpa_supplicant/files/Packet32.h
new file mode 100644
index 000000000000..c75e5f9dfe91
--- /dev/null
+++ b/security/wpa_supplicant/files/Packet32.h
@@ -0,0 +1,65 @@
+/*-
+ * Copyright (c) 2005
+ * Bill Paul <wpaul@windriver.com>. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by Bill Paul.
+ * 4. Neither the name of the author nor the names of any co-contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY Bill Paul AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL Bill Paul OR THE VOICES IN HIS HEAD
+ * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
+ * THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#ifndef _PACKET32_H_
+#define _PACKET32_H_
+
+#include <sys/types.h>
+#include <ntddndis.h>
+
+struct PACKET_OID_DATA {
+ uint32_t Oid;
+ uint32_t Length;
+ uint8_t Data[1];
+};
+
+
+typedef struct PACKET_OID_DATA PACKET_OID_DATA;
+
+extern PCHAR PacketGetVersion(void);
+extern void *PacketOpenAdapter(CHAR *);
+extern int PacketRequest(void *, BOOLEAN, PACKET_OID_DATA *);
+extern int PacketGetAdapterNames(CHAR *, ULONG *);
+extern void PacketCloseAdapter(void *);
+
+/*
+ * This is for backwards compatibility on FreeBSD 5.
+ */
+
+#ifndef SIOCGDRVSPEC
+#define SIOCSDRVSPEC _IOW('i', 123, struct ifreq) /* set driver-specific
+ parameters */
+#define SIOCGDRVSPEC _IOWR('i', 123, struct ifreq) /* get driver-specific
+ parameters */
+#endif
+
+#endif /* _PACKET32_H_ */
diff --git a/security/wpa_supplicant/files/ntddndis.h b/security/wpa_supplicant/files/ntddndis.h
new file mode 100644
index 000000000000..0d7cde88e7ca
--- /dev/null
+++ b/security/wpa_supplicant/files/ntddndis.h
@@ -0,0 +1,28 @@
+#ifndef _NTDDNDIS_H_
+#define _NTDDNDIS_H_
+
+/*
+ * Fake up some of the Windows type definitions so that the NDIS
+ * interface module in wpa_supplicant will build.
+ */
+
+#define ULONG uint32_t
+#define USHORT uint16_t
+#define UCHAR uint8_t
+#define LONG int32_t
+#define SHORT int16_t
+#define CHAR int8_t
+#define ULONGLONG uint64_t
+#define LONGLONG int64_t
+#define BOOLEAN uint8_t
+typedef void * LPADAPTER;
+typedef char * PTSTR;
+typedef char * PCHAR;
+
+#define TRUE 1
+#define FALSE 0
+
+#define OID_802_3_CURRENT_ADDRESS 0x01010102
+#define OID_802_3_MULTICAST_LIST 0x01010103
+
+#endif /* _NTDDNDIS_H_ */
diff --git a/security/wpa_supplicant/files/patch-src-l2_packet-l2_packet_freebsd.c b/security/wpa_supplicant/files/patch-src-l2_packet-l2_packet_freebsd.c
new file mode 100644
index 000000000000..8b34e0fbdd89
--- /dev/null
+++ b/security/wpa_supplicant/files/patch-src-l2_packet-l2_packet_freebsd.c
@@ -0,0 +1,14 @@
+--- src/l2_packet/l2_packet_freebsd.c.orig 2014-06-04 13:26:14 UTC
++++ src/l2_packet/l2_packet_freebsd.c
+@@ -8,7 +8,10 @@
+ */
+
+ #include "includes.h"
+-#if defined(__APPLE__) || defined(__GLIBC__)
++#if defined(__FreeBSD__) \
++ || defined(__DragonFly__) \
++ || defined(__APPLE__) \
++ || defined(__GLIBC__)
+ #include <net/bpf.h>
+ #endif /* __APPLE__ */
+ #include <pcap.h>
diff --git a/security/wpa_supplicant/files/patch-src_drivers_driver__privsep.c b/security/wpa_supplicant/files/patch-src_drivers_driver__privsep.c
new file mode 100644
index 000000000000..e712ea305728
--- /dev/null
+++ b/security/wpa_supplicant/files/patch-src_drivers_driver__privsep.c
@@ -0,0 +1,20 @@
+--- src/drivers/driver_privsep.c.orig 2014-10-09 14:41:31 UTC
++++ src/drivers/driver_privsep.c
+@@ -228,7 +228,7 @@ static int wpa_driver_privsep_associate(
+
+ wpa_printf(MSG_DEBUG, "%s: priv=%p freq=%d pairwise_suite=%d "
+ "group_suite=%d key_mgmt_suite=%d auth_alg=%d mode=%d",
+- __func__, priv, params->freq, params->pairwise_suite,
++ __func__, priv, params->freq.freq, params->pairwise_suite,
+ params->group_suite, params->key_mgmt_suite,
+ params->auth_alg, params->mode);
+
+@@ -241,7 +241,7 @@ static int wpa_driver_privsep_associate(
+ os_memcpy(data->bssid, params->bssid, ETH_ALEN);
+ os_memcpy(data->ssid, params->ssid, params->ssid_len);
+ data->ssid_len = params->ssid_len;
+- data->freq = params->freq;
++ data->freq = params->freq.freq;
+ data->pairwise_suite = params->pairwise_suite;
+ data->group_suite = params->group_suite;
+ data->key_mgmt_suite = params->key_mgmt_suite;
diff --git a/security/wpa_supplicant/files/patch-src_utils_os__unix.c b/security/wpa_supplicant/files/patch-src_utils_os__unix.c
new file mode 100644
index 000000000000..2ddeeb3ceacf
--- /dev/null
+++ b/security/wpa_supplicant/files/patch-src_utils_os__unix.c
@@ -0,0 +1,62 @@
+--- src/utils/os_unix.c.orig 2014-10-09 14:41:31 UTC
++++ src/utils/os_unix.c
+@@ -190,17 +190,42 @@ static int os_daemon(int nochdir, int no
+ #define os_daemon daemon
+ #endif /* __APPLE__ */
+
++#if defined(__FreeBSD__) || defined(__DragonFly__)
++#define FREE_DRAGON
++#include <err.h>
++#include <libutil.h>
++#include <stdint.h>
++#endif /* __FreeBSD__ || __DragonFly__ */
+
+ int os_daemonize(const char *pid_file)
+ {
+ #if defined(__uClinux__) || defined(__sun__)
+ return -1;
+ #else /* defined(__uClinux__) || defined(__sun__) */
++#ifdef FREE_DRAGON
++ pid_t otherpid;
++ struct pidfh *pfh;
++
++ pfh = pidfile_open(pid_file, 0600, &otherpid);
++ if (pfh == NULL) {
++ if (errno == EEXIST) {
++ errx(1, "Daemon already running, pid: %jd.",
++ (intmax_t)otherpid);
++ }
++ warn("Cannot open or create pidfile.");
++ }
++#endif /* FREE_DRAGON */
+ if (os_daemon(0, 0)) {
+ perror("daemon");
++#ifdef FREE_DRAGON
++ pidfile_remove(pfh);
++#endif /* FREE_DRAGON */
+ return -1;
+ }
+
++#ifdef FREE_DRAGON
++ pidfile_write(pfh);
++#else
+ if (pid_file) {
+ FILE *f = fopen(pid_file, "w");
+ if (f) {
+@@ -208,6 +233,7 @@ int os_daemonize(const char *pid_file)
+ fclose(f);
+ }
+ }
++#endif /* FREE_DRAGON */
+
+ return -0;
+ #endif /* defined(__uClinux__) || defined(__sun__) */
+@@ -360,7 +386,7 @@ int os_setenv(const char *name, const ch
+
+ int os_unsetenv(const char *name)
+ {
+-#if defined(__FreeBSD__) || defined(__NetBSD__) || defined(__APPLE__) || \
++#if defined(FREE_DRAGON) || defined(__NetBSD__) || defined(__APPLE__) || \
+ defined(__OpenBSD__)
+ unsetenv(name);
+ return 0;
diff --git a/security/wpa_supplicant/files/patch-src_wps_wps__upnp.c b/security/wpa_supplicant/files/patch-src_wps_wps__upnp.c
new file mode 100644
index 000000000000..c8e6ed1eed27
--- /dev/null
+++ b/security/wpa_supplicant/files/patch-src_wps_wps__upnp.c
@@ -0,0 +1,22 @@
+--- src/wps/wps_upnp.c.orig 2014-10-09 14:41:31 UTC
++++ src/wps/wps_upnp.c
+@@ -829,7 +829,8 @@ fail:
+ }
+
+
+-#if defined(__FreeBSD__) || defined(__FreeBSD_kernel__)
++#if defined(__FreeBSD__) || defined(__FreeBSD_kernel__) \
++ || defined(__DragonFly__)
+ #include <sys/sysctl.h>
+ #include <net/route.h>
+ #include <net/if_dl.h>
+@@ -916,7 +917,8 @@ int get_netif_info(const char *net_if, u
+ goto fail;
+ }
+ os_memcpy(mac, req.ifr_addr.sa_data, 6);
+-#elif defined(__FreeBSD__) || defined(__FreeBSD_kernel__)
++#elif defined(__FreeBSD__) || defined(__FreeBSD_kernel__) \
++ || defined(__DragonFly__)
+ if (eth_get(net_if, mac) < 0) {
+ wpa_printf(MSG_ERROR, "WPS UPnP: Failed to get MAC address");
+ goto fail;
diff --git a/security/wpa_supplicant/files/patch-wpa__supplicant_Makefile b/security/wpa_supplicant/files/patch-wpa__supplicant_Makefile
new file mode 100644
index 000000000000..ecadd5ea713f
--- /dev/null
+++ b/security/wpa_supplicant/files/patch-wpa__supplicant_Makefile
@@ -0,0 +1,14 @@
+--- wpa_supplicant/Makefile.orig 2014-10-09 14:41:31 UTC
++++ wpa_supplicant/Makefile
+@@ -97,6 +97,11 @@ OBJS += ../src/utils/os_$(CONFIG_OS).o
+ OBJS_p += ../src/utils/os_$(CONFIG_OS).o
+ OBJS_c += ../src/utils/os_$(CONFIG_OS).o
+
++ifdef CONFIG_DRIVER_NDIS
++OBJS += ../src/utils/Packet32.o ../src/drivers/driver_ndis.o
++OBJS_priv += ../src/utils/Packet32.o
++endif
++
+ ifdef CONFIG_WPA_TRACE
+ CFLAGS += -DWPA_TRACE
+ OBJS += ../src/utils/trace.o
diff --git a/security/wpa_supplicant/files/patch-wpa__supplicant_scan.c b/security/wpa_supplicant/files/patch-wpa__supplicant_scan.c
new file mode 100644
index 000000000000..45f7272eddab
--- /dev/null
+++ b/security/wpa_supplicant/files/patch-wpa__supplicant_scan.c
@@ -0,0 +1,31 @@
+--- wpa_supplicant/scan.c.orig 2014-10-09 14:41:31 UTC
++++ wpa_supplicant/scan.c
+@@ -1548,7 +1548,7 @@ struct wpabuf * wpa_scan_get_vendor_ie_m
+ static int wpa_scan_result_compar(const void *a, const void *b)
+ {
+ #define IS_5GHZ(n) (n > 4000)
+-#define MIN(a,b) a < b ? a : b
++#define MINAB(a,b) a < b ? a : b
+ struct wpa_scan_res **_wa = (void *) a;
+ struct wpa_scan_res **_wb = (void *) b;
+ struct wpa_scan_res *wa = *_wa;
+@@ -1577,8 +1577,8 @@ static int wpa_scan_result_compar(const
+
+ if ((wa->flags & wb->flags & WPA_SCAN_LEVEL_DBM) &&
+ !((wa->flags | wb->flags) & WPA_SCAN_NOISE_INVALID)) {
+- snr_a = MIN(wa->level - wa->noise, GREAT_SNR);
+- snr_b = MIN(wb->level - wb->noise, GREAT_SNR);
++ snr_a = MINAB(wa->level - wa->noise, GREAT_SNR);
++ snr_b = MINAB(wb->level - wb->noise, GREAT_SNR);
+ } else {
+ /* Not suitable information to calculate SNR, so use level */
+ snr_a = wa->level;
+@@ -1604,7 +1604,7 @@ static int wpa_scan_result_compar(const
+ if (snr_b == snr_a)
+ return wb->qual - wa->qual;
+ return snr_b - snr_a;
+-#undef MIN
++#undef MINAB
+ #undef IS_5GHZ
+ }
+
diff --git a/security/wpa_supplicant/files/patch-wpa__supplicant_wpa__priv.c b/security/wpa_supplicant/files/patch-wpa__supplicant_wpa__priv.c
new file mode 100644
index 000000000000..17b78d4fac3d
--- /dev/null
+++ b/security/wpa_supplicant/files/patch-wpa__supplicant_wpa__priv.c
@@ -0,0 +1,37 @@
+--- wpa_supplicant/wpa_priv.c.orig 2014-10-09 14:41:31 UTC
++++ wpa_supplicant/wpa_priv.c
+@@ -202,7 +202,7 @@ static void wpa_priv_cmd_associate(struc
+ if (assoc->ssid_len > 32)
+ return;
+ params.ssid_len = assoc->ssid_len;
+- params.freq = assoc->freq;
++ params.freq.freq = assoc->freq;
+ if (assoc->wpa_ie_len) {
+ params.wpa_ie = (u8 *) (assoc + 1);
+ params.wpa_ie_len = assoc->wpa_ie_len;
+@@ -947,6 +947,7 @@ static void usage(void)
+ int main(int argc, char *argv[])
+ {
+ int c, i;
++ int eloop_initialized = 0;
+ int ret = -1;
+ char *pid_file = NULL;
+ int daemonize = 0;
+@@ -992,6 +993,7 @@ int main(int argc, char *argv[])
+ wpa_printf(MSG_ERROR, "Failed to initialize event loop");
+ goto out;
+ }
++ else eloop_initialized = 1;
+
+ for (i = optind; i < argc; i++) {
+ wpa_printf(MSG_DEBUG, "Adding driver:interface %s", argv[i]);
+@@ -1018,7 +1020,8 @@ out:
+ wpa_priv_interface_deinit(prev);
+ }
+
+- eloop_destroy();
++ if (eloop_initialized)
++ eloop_destroy();
+
+ os_daemonize_terminate(pid_file);
+ os_free(pid_file);
diff --git a/security/wpa_supplicant/files/pkg-message.in b/security/wpa_supplicant/files/pkg-message.in
new file mode 100644
index 000000000000..74fb68a295ec
--- /dev/null
+++ b/security/wpa_supplicant/files/pkg-message.in
@@ -0,0 +1,6 @@
+To use the ports version of WPA Supplicant instead of the base, add:
+
+ hostapd_program="%%PREFIX%%/sbin/wpa_supplicant"
+
+to /etc/rc.conf
+
diff --git a/security/wpa_supplicant/pkg-descr b/security/wpa_supplicant/pkg-descr
new file mode 100644
index 000000000000..9eb5f45eea94
--- /dev/null
+++ b/security/wpa_supplicant/pkg-descr
@@ -0,0 +1,14 @@
+wpa_supplicant is a client (supplicant) with support for WPA and WPA2
+(IEEE 802.11i / RSN). It is suitable for both desktop/laptop computers and
+embedded systems. Supplicant is the IEEE 802.1X/WPA component that is used
+in the client stations. It implements key negotiation with a WPA
+Authenticator and it controls the roaming and IEEE 802.11 authentication/
+association of the wlan driver.
+
+wpa_supplicant is designed to be a "daemon" program that runs in the
+background and acts as the backend component controlling the wireless
+connection. wpa_supplicant supports separate frontend programs and a
+text-based frontend (wpa_cli) and a GUI (wpa_gui) are included with
+wpa_supplicant.
+
+WWW: http://w1.fi/wpa_supplicant/