1
0
mirror of https://git.FreeBSD.org/ports.git synced 2025-01-23 09:10:43 +00:00

*/*: Bring back wpa_supplicant29 and hostapd29 as new ports

The current wpa_supplicant and hostapd have an issue with AR9285.
For the time being bring back wpa_supplicant 2.9 as
security/wpa_supplicant29 and hostpd 2.9 as net/hostapd29 for those
cases that have an issue with wpa_supplicant/hostpad2.10 (in base and
in ports)

PR:		264238
MFH:		2022Q2
This commit is contained in:
Cy Schubert 2022-06-19 09:15:44 -07:00
parent bcb90c294a
commit 7150a0c9b1
32 changed files with 1661 additions and 0 deletions

View File

@ -246,6 +246,7 @@
SUBDIR += hlmaster
SUBDIR += honeyd
SUBDIR += hostapd
SUBDIR += hostapd29
SUBDIR += hostapd-devel
SUBDIR += hping3
SUBDIR += hsflowd

46
net/hostapd29/Makefile Normal file
View File

@ -0,0 +1,46 @@
# Created by: Craig Leres <leres@FreeBSD.org>
PORTNAME= hostapd
PORTVERSION= 2.9
PORTREVISION= 4
CATEGORIES= net
MASTER_SITES= https://w1.fi/releases/
PATCH_SITES= https://w1.fi/security/2020-1/
PATCHFILES= 0001-WPS-UPnP-Do-not-allow-event-subscriptions-with-URLs-.patch:-p1 \
0002-WPS-UPnP-Fix-event-message-generation-using-a-long-U.patch:-p1 \
0003-WPS-UPnP-Handle-HTTP-initiation-failures-for-events-.patch:-p1
MAINTAINER= cy@FreeBSD.org
COMMENT= IEEE 802.11 AP, IEEE 802.1X/WPA/WPA2/EAP/RADIUS Authenticator
LICENSE= BSD3CLAUSE
USES= cpe gmake ssl
CPE_VENDOR= w1.fi
BUILD_WRKSRC= ${WRKSRC}/hostapd
CFLAGS+= -I${OPENSSLINC}
LDFLAGS+= -L${OPENSSLLIB}
PLIST_FILES= sbin/hostapd sbin/hostapd_cli man/man1/hostapd_cli.1.gz \
man/man8/hostapd.8.gz
.if !exists(/etc/rc.d/hostapd)
USE_RC_SUBR= hostapd
.endif
post-patch:
@${REINPLACE_CMD} -e 's|@$$(E) " CC " $$<|@$$(E) " $$(CC) " $$<|' \
${BUILD_WRKSRC}/Makefile
@${SED} -e 's|@PREFIX@|${PREFIX}|g' ${FILESDIR}/config \
>> ${WRKSRC}/hostapd/.config
do-install:
${INSTALL_PROGRAM} ${WRKSRC}/hostapd/hostapd ${STAGEDIR}${PREFIX}/sbin
${INSTALL_PROGRAM} ${WRKSRC}/hostapd/hostapd_cli \
${STAGEDIR}${PREFIX}/sbin
${INSTALL_MAN} ${WRKSRC}/hostapd/hostapd_cli.1 \
${STAGEDIR}${MANPREFIX}/man/man1
${INSTALL_MAN} ${WRKSRC}/hostapd/hostapd.8 \
${STAGEDIR}${MANPREFIX}/man/man8
.include <bsd.port.mk>

9
net/hostapd29/distinfo Normal file
View File

@ -0,0 +1,9 @@
TIMESTAMP = 1591652140
SHA256 (hostapd-2.9.tar.gz) = 881d7d6a90b2428479288d64233151448f8990ab4958e0ecaca7eeb3c9db2bd7
SIZE (hostapd-2.9.tar.gz) = 2244312
SHA256 (0001-WPS-UPnP-Do-not-allow-event-subscriptions-with-URLs-.patch) = 2d9a5b9d616f1b4aa4a22b967cee866e2f69b798b0b46803a7928c8559842bd7
SIZE (0001-WPS-UPnP-Do-not-allow-event-subscriptions-with-URLs-.patch) = 5909
SHA256 (0002-WPS-UPnP-Fix-event-message-generation-using-a-long-U.patch) = 49feb35a5276279b465f6836d6fa2c6b34d94dc979e8b840d1918865c04260de
SIZE (0002-WPS-UPnP-Fix-event-message-generation-using-a-long-U.patch) = 2284
SHA256 (0003-WPS-UPnP-Handle-HTTP-initiation-failures-for-events-.patch) = a8212a2d89a5bab2824d22b6047e7740553df163114fcec94832bfa9c5c5d78a
SIZE (0003-WPS-UPnP-Handle-HTTP-initiation-failures-for-events-.patch) = 1553

316
net/hostapd29/files/config Normal file
View File

@ -0,0 +1,316 @@
# FreeBSD hostapd build time configuration
#
# This file lists the configuration options that are used when building the
# hostapd binary. All lines starting with # are ignored. Configuration option
# lines must be commented out complete, if they are not to be included, i.e.,
# just setting VARIABLE=n is not disabling that variable.
#
# This file is included in Makefile, so variables like CFLAGS and LIBS can also
# be modified from here. In most cass, these lines should use += in order not
# to override previous values of the variables.
# Driver interface for Host AP driver
#CONFIG_DRIVER_HOSTAP=y
# Driver interface for wired authenticator
#CONFIG_DRIVER_WIRED=y
# Driver interface for madwifi driver
#CONFIG_DRIVER_MADWIFI=y
#CFLAGS += -I../../madwifi # change to the madwifi source directory
# Driver interface for drivers using the nl80211 kernel interface
#CONFIG_DRIVER_NL80211=y
# driver_nl80211.c requires libnl. If you are compiling it yourself
# you may need to point hostapd to your version of libnl.
#
#CFLAGS += -I$<path to libnl include files>
#LIBS += -L$<path to libnl library files>
# Use libnl v2.0 (or 3.0) libraries.
#CONFIG_LIBNL20=y
# Use libnl 3.2 libraries (if this is selected, CONFIG_LIBNL20 is ignored)
#CONFIG_LIBNL32=y
# Driver interface for FreeBSD net80211 layer (e.g., Atheros driver)
CONFIG_DRIVER_BSD=y
CFLAGS += -I@PREFIX@/include
LIBS += -L@PREFIX@/lib
LIBS_p += -L@PREFIX@/lib
LIBS_c += -L@PREFIX@/lib
# Driver interface for no driver (e.g., RADIUS server only)
#CONFIG_DRIVER_NONE=y
# IEEE 802.11F/IAPP
#CONFIG_IAPP=y
# WPA2/IEEE 802.11i RSN pre-authentication
CONFIG_RSN_PREAUTH=y
# PeerKey handshake for Station to Station Link (IEEE 802.11e DLS)
#CONFIG_PEERKEY=y
# IEEE 802.11w (management frame protection)
#CONFIG_IEEE80211W=y
# Integrated EAP server
CONFIG_EAP=y
# EAP-MD5 for the integrated EAP server
CONFIG_EAP_MD5=y
# EAP-TLS for the integrated EAP server
CONFIG_EAP_TLS=y
# EAP-MSCHAPv2 for the integrated EAP server
CONFIG_EAP_MSCHAPV2=y
# EAP-PEAP for the integrated EAP server
CONFIG_EAP_PEAP=y
# EAP-GTC for the integrated EAP server
CONFIG_EAP_GTC=y
# EAP-TTLS for the integrated EAP server
CONFIG_EAP_TTLS=y
# EAP-SIM for the integrated EAP server
#CONFIG_EAP_SIM=y
# EAP-AKA for the integrated EAP server
#CONFIG_EAP_AKA=y
# EAP-AKA' for the integrated EAP server
# This requires CONFIG_EAP_AKA to be enabled, too.
#CONFIG_EAP_AKA_PRIME=y
# EAP-PAX for the integrated EAP server
#CONFIG_EAP_PAX=y
# EAP-PSK for the integrated EAP server (this is _not_ needed for WPA-PSK)
#CONFIG_EAP_PSK=y
# EAP-pwd for the integrated EAP server (secure authentication with a password)
#CONFIG_EAP_PWD=y
# EAP-SAKE for the integrated EAP server
#CONFIG_EAP_SAKE=y
# EAP-GPSK for the integrated EAP server
#CONFIG_EAP_GPSK=y
# Include support for optional SHA256 cipher suite in EAP-GPSK
#CONFIG_EAP_GPSK_SHA256=y
# EAP-FAST for the integrated EAP server
# Note: If OpenSSL is used as the TLS library, OpenSSL 1.0 or newer is needed
# for EAP-FAST support. Older OpenSSL releases would need to be patched, e.g.,
# with openssl-0.9.8x-tls-extensions.patch, to add the needed functions.
#CONFIG_EAP_FAST=y
# Wi-Fi Protected Setup (WPS)
#CONFIG_WPS=y
# Enable UPnP support for external WPS Registrars
#CONFIG_WPS_UPNP=y
# Enable WPS support with NFC config method
#CONFIG_WPS_NFC=y
# EAP-IKEv2
#CONFIG_EAP_IKEV2=y
# Trusted Network Connect (EAP-TNC)
#CONFIG_EAP_TNC=y
# EAP-EKE for the integrated EAP server
#CONFIG_EAP_EKE=y
# PKCS#12 (PFX) support (used to read private key and certificate file from
# a file that usually has extension .p12 or .pfx)
CONFIG_PKCS12=y
# RADIUS authentication server. This provides access to the integrated EAP
# server from external hosts using RADIUS.
#CONFIG_RADIUS_SERVER=y
# Build IPv6 support for RADIUS operations
CONFIG_IPV6=y
# IEEE Std 802.11r-2008 (Fast BSS Transition)
#CONFIG_IEEE80211R=y
# Use the hostapd's IEEE 802.11 authentication (ACL), but without
# the IEEE 802.11 Management capability (e.g., madwifi or FreeBSD/net80211)
CONFIG_DRIVER_RADIUS_ACL=y
# IEEE 802.11n (High Throughput) support
#CONFIG_IEEE80211N=y
# Wireless Network Management (IEEE Std 802.11v-2011)
# Note: This is experimental and not complete implementation.
#CONFIG_WNM=y
# IEEE 802.11ac (Very High Throughput) support
#CONFIG_IEEE80211AC=y
# Remove debugging code that is printing out debug messages to stdout.
# This can be used to reduce the size of the hostapd considerably if debugging
# code is not needed.
#CONFIG_NO_STDOUT_DEBUG=y
# Add support for writing debug log to a file: -f /tmp/hostapd.log
# Disabled by default.
#CONFIG_DEBUG_FILE=y
# Add support for sending all debug messages (regardless of debug verbosity)
# to the Linux kernel tracing facility. This helps debug the entire stack by
# making it easy to record everything happening from the driver up into the
# same file, e.g., using trace-cmd.
#CONFIG_DEBUG_LINUX_TRACING=y
# Remove support for RADIUS accounting
#CONFIG_NO_ACCOUNTING=y
# Remove support for RADIUS
#CONFIG_NO_RADIUS=y
# Remove support for VLANs
#CONFIG_NO_VLAN=y
# Enable support for fully dynamic VLANs. This enables hostapd to
# automatically create bridge and VLAN interfaces if necessary.
#CONFIG_FULL_DYNAMIC_VLAN=y
# Use netlink-based kernel API for VLAN operations instead of ioctl()
# Note: This requires libnl 3.1 or newer.
#CONFIG_VLAN_NETLINK=y
# Remove support for dumping internal state through control interface commands
# This can be used to reduce binary size at the cost of disabling a debugging
# option.
#CONFIG_NO_DUMP_STATE=y
# Enable tracing code for developer debugging
# This tracks use of memory allocations and other registrations and reports
# incorrect use with a backtrace of call (or allocation) location.
#CONFIG_WPA_TRACE=y
# For BSD, comment out these.
#LIBS += -lexecinfo
#LIBS_p += -lexecinfo
#LIBS_c += -lexecinfo
# Use libbfd to get more details for developer debugging
# This enables use of libbfd to get more detailed symbols for the backtraces
# generated by CONFIG_WPA_TRACE=y.
#CONFIG_WPA_TRACE_BFD=y
# For BSD, comment out these.
#LIBS += -lbfd -liberty -lz
#LIBS_p += -lbfd -liberty -lz
#LIBS_c += -lbfd -liberty -lz
# hostapd depends on strong random number generation being available from the
# operating system. os_get_random() function is used to fetch random data when
# needed, e.g., for key generation. On Linux and BSD systems, this works by
# reading /dev/urandom. It should be noted that the OS entropy pool needs to be
# properly initialized before hostapd is started. This is important especially
# on embedded devices that do not have a hardware random number generator and
# may by default start up with minimal entropy available for random number
# generation.
#
# As a safety net, hostapd is by default trying to internally collect
# additional entropy for generating random data to mix in with the data
# fetched from the OS. This by itself is not considered to be very strong, but
# it may help in cases where the system pool is not initialized properly.
# However, it is very strongly recommended that the system pool is initialized
# with enough entropy either by using hardware assisted random number
# generator or by storing state over device reboots.
#
# hostapd can be configured to maintain its own entropy store over restarts to
# enhance random number generation. This is not perfect, but it is much more
# secure than using the same sequence of random numbers after every reboot.
# This can be enabled with -e<entropy file> command line option. The specified
# file needs to be readable and writable by hostapd.
#
# If the os_get_random() is known to provide strong random data (e.g., on
# Linux/BSD, the board in question is known to have reliable source of random
# data from /dev/urandom), the internal hostapd random pool can be disabled.
# This will save some in binary size and CPU use. However, this should only be
# considered for builds that are known to be used on devices that meet the
# requirements described above.
#CONFIG_NO_RANDOM_POOL=y
# Select TLS implementation
# openssl = OpenSSL (default)
# gnutls = GnuTLS
# internal = Internal TLSv1 implementation (experimental)
# none = Empty template
#CONFIG_TLS=openssl
# TLS-based EAP methods require at least TLS v1.0. Newer version of TLS (v1.1)
# can be enabled to get a stronger construction of messages when block ciphers
# are used.
#CONFIG_TLSV11=y
# TLS-based EAP methods require at least TLS v1.0. Newer version of TLS (v1.2)
# can be enabled to enable use of stronger crypto algorithms.
#CONFIG_TLSV12=y
# If CONFIG_TLS=internal is used, additional library and include paths are
# needed for LibTomMath. Alternatively, an integrated, minimal version of
# LibTomMath can be used. See beginning of libtommath.c for details on benefits
# and drawbacks of this option.
#CONFIG_INTERNAL_LIBTOMMATH=y
#ifndef CONFIG_INTERNAL_LIBTOMMATH
#LTM_PATH=/usr/src/libtommath-0.39
#CFLAGS += -I$(LTM_PATH)
#LIBS += -L$(LTM_PATH)
#LIBS_p += -L$(LTM_PATH)
#endif
# At the cost of about 4 kB of additional binary size, the internal LibTomMath
# can be configured to include faster routines for exptmod, sqr, and div to
# speed up DH and RSA calculation considerably
#CONFIG_INTERNAL_LIBTOMMATH_FAST=y
# Interworking (IEEE 802.11u)
# This can be used to enable functionality to improve interworking with
# external networks.
#CONFIG_INTERWORKING=y
# Hotspot 2.0
#CONFIG_HS20=y
# Enable SQLite database support in hlr_auc_gw, EAP-SIM DB, and eap_user_file
#CONFIG_SQLITE=y
# Testing options
# This can be used to enable some testing options (see also the example
# configuration file) that are really useful only for testing clients that
# connect to this hostapd. These options allow, for example, to drop a
# certain percentage of probe requests or auth/(re)assoc frames.
#
#CONFIG_TESTING_OPTIONS=y
# Automatic Channel Selection
# This will allow hostapd to pick the channel automatically when channel is set
# to "acs_survey" or "0". Eventually, other ACS algorithms can be added in
# similar way.
#
# Automatic selection is currently only done through initialization, later on
# we hope to do background checks to keep us moving to more ideal channels as
# time goes by. ACS is currently only supported through the nl80211 driver and
# your driver must have survey dump capability that is filled by the driver
# during scanning.
#
# You can customize the ACS survey algorithm with the hostapd.conf variable
# acs_num_scans.
#
# Supported ACS drivers:
# * ath9k
# * ath5k
# * ath10k
#
# For more details refer to:
# http://wireless.kernel.org/en/users/Documentation/acs
#
#CONFIG_ACS=y

View File

@ -0,0 +1,39 @@
#!/bin/sh
# PROVIDE: hostapd
# REQUIRE: mountcritremote
# KEYWORD: nojail shutdown
. /etc/rc.subr
name="hostapd"
desc="Authenticator for IEEE 802.11 networks"
#
# This portion of this rc.script is different from base.
case ${command} in
/usr/sbin/hostapd) # Assume user does not want base hostapd because
# user specified WITHOUT_WIRELESS in make.conf
# and /etc/defaults/rc.conf contains this value.
unset command;;
esac
command=${hostapd_program:-%%PREFIX%%/sbin/hostapd}
# End of differences from base. The rest of the file should remain the same.
ifn="$2"
if [ -z "$ifn" ]; then
rcvar="hostapd_enable"
conf_file="/etc/${name}.conf"
pidfile="/var/run/${name}.pid"
else
rcvar=
conf_file="/etc/${name}-${ifn}.conf"
pidfile="/var/run/${name}-${ifn}.pid"
fi
command_args="-P ${pidfile} -B ${conf_file}"
required_files="${conf_file}"
required_modules="wlan_xauth wlan_wep wlan_tkip wlan_ccmp"
extra_commands="reload"
load_rc_config ${name}
run_rc_command "$1"

View File

@ -0,0 +1,14 @@
--- src/l2_packet/l2_packet_freebsd.c.orig 2014-06-04 13:26:14 UTC
+++ src/l2_packet/l2_packet_freebsd.c
@@ -8,7 +8,10 @@
*/
#include "includes.h"
-#if defined(__APPLE__) || defined(__GLIBC__)
+#if defined(__FreeBSD__) \
+ || defined(__DragonFly__) \
+ || defined(__APPLE__) \
+ || defined(__GLIBC__)
#include <net/bpf.h>
#endif /* __APPLE__ */
#include <pcap.h>

View File

@ -0,0 +1,25 @@
--- src/common/dhcp.h.orig 2018-12-02 11:34:59.000000000 -0800
+++ src/common/dhcp.h 2018-12-06 00:01:11.429254000 -0800
@@ -9,6 +9,22 @@
#ifndef DHCP_H
#define DHCP_H
+/*
+ * Translate Linux to FreeBSD
+ */
+#define iphdr ip
+#define ihl ip_hl
+#define verson ip_v
+#define tos ip_tos
+#define tot_len ip_len
+#define id ip_id
+#define frag_off ip_off
+#define ttl ip_ttl
+#define protocol ip_p
+#define check ip_sum
+#define saddr ip_src
+#define daddr ip_dst
+
#include <netinet/ip.h>
#if __FAVOR_BSD
#include <netinet/udp.h>

View File

@ -0,0 +1,60 @@
--- src/drivers/driver_bsd.c.orig 2019-08-07 06:25:25.000000000 -0700
+++ src/drivers/driver_bsd.c 2021-06-13 23:10:12.570253000 -0700
@@ -649,7 +649,7 @@
len = 2048;
}
- return len;
+ return (len == 0) ? 2048 : len;
}
#ifdef HOSTAPD
@@ -665,7 +665,11 @@
static int bsd_sta_deauth(void *priv, const u8 *own_addr, const u8 *addr,
u16 reason_code);
+#ifdef __DragonFly__
+const char *
+#else
static const char *
+#endif
ether_sprintf(const u8 *addr)
{
static char buf[sizeof(MACSTR)];
@@ -1080,7 +1084,14 @@
mode = 0 /* STA */;
break;
case IEEE80211_MODE_IBSS:
+ /*
+ * Ref bin/203086 - FreeBSD's net80211 currently uses
+ * IFM_IEEE80211_ADHOC.
+ */
+#if 0
mode = IFM_IEEE80211_IBSS;
+#endif
+ mode = IFM_IEEE80211_ADHOC;
break;
case IEEE80211_MODE_AP:
mode = IFM_IEEE80211_HOSTAP;
@@ -1336,14 +1347,18 @@
drv = bsd_get_drvindex(global, ifm->ifm_index);
if (drv == NULL)
return;
- if ((ifm->ifm_flags & IFF_UP) == 0 &&
- (drv->flags & IFF_UP) != 0) {
+ if (((ifm->ifm_flags & IFF_UP) == 0 ||
+ (ifm->ifm_flags & IFF_RUNNING) == 0) &&
+ (drv->flags & IFF_UP) != 0 &&
+ (drv->flags & IFF_RUNNING) != 0) {
wpa_printf(MSG_DEBUG, "RTM_IFINFO: Interface '%s' DOWN",
drv->ifname);
wpa_supplicant_event(drv->ctx, EVENT_INTERFACE_DISABLED,
NULL);
} else if ((ifm->ifm_flags & IFF_UP) != 0 &&
- (drv->flags & IFF_UP) == 0) {
+ (ifm->ifm_flags & IFF_RUNNING) != 0 &&
+ ((drv->flags & IFF_UP) == 0 ||
+ (drv->flags & IFF_RUNNING) == 0)) {
wpa_printf(MSG_DEBUG, "RTM_IFINFO: Interface '%s' UP",
drv->ifname);
wpa_supplicant_event(drv->ctx, EVENT_INTERFACE_ENABLED,

View File

@ -0,0 +1,17 @@
--- src/utils/os.h.orig 2016-09-17 20:36:13 UTC
+++ src/utils/os.h
@@ -246,12 +246,14 @@ char * os_readfile(const char *name, siz
*/
int os_file_exists(const char *fname);
+#if !defined __FreeBSD__ && !defined __DragonFly__
/**
* os_fdatasync - Sync a file's (for a given stream) state with storage device
* @stream: the stream to be flushed
* Returns: 0 if the operation succeeded or -1 on failure
*/
int os_fdatasync(FILE *stream);
+#endif
/**
* os_zalloc - Allocate and zero memory

View File

@ -0,0 +1,18 @@
--- src/utils/os_unix.c.orig 2015-09-27 19:02:05 UTC
+++ src/utils/os_unix.c
@@ -442,6 +442,7 @@ int os_file_exists(const char *fname)
}
+#if !defined __FreeBSD__ && !defined __DragonFly__
int os_fdatasync(FILE *stream)
{
if (!fflush(stream)) {
@@ -459,6 +460,7 @@ int os_fdatasync(FILE *stream)
return -1;
}
+#endif
#ifndef WPA_TRACE

View File

@ -0,0 +1,20 @@
--- src/wps/wps_upnp.c.orig 2015-03-15 17:30:39 UTC
+++ src/wps/wps_upnp.c
@@ -837,7 +837,7 @@ fail:
}
-#if defined(__FreeBSD__) || defined(__FreeBSD_kernel__)
+#if defined(__FreeBSD__) || defined(__FreeBSD_kernel__) || defined(__DragonFly__)
#include <sys/sysctl.h>
#include <net/route.h>
#include <net/if_dl.h>
@@ -924,7 +924,7 @@ int get_netif_info(const char *net_if, u
goto fail;
}
os_memcpy(mac, req.ifr_addr.sa_data, 6);
-#elif defined(__FreeBSD__) || defined(__FreeBSD_kernel__)
+#elif defined(__FreeBSD__) || defined(__FreeBSD_kernel__) || defined(__DragonFly__)
if (eth_get(net_if, mac) < 0) {
wpa_printf(MSG_ERROR, "WPS UPnP: Failed to get MAC address");
goto fail;

12
net/hostapd29/pkg-descr Normal file
View File

@ -0,0 +1,12 @@
hostapd is a user space daemon for access point and authentication
servers. It implements IEEE 802.11 access point management, IEEE
802.1X/WPA/WPA2/EAP Authenticators, RADIUS client, EAP server, and
RADIUS authentication server. The current version supports Linux
(Host AP, madwifi, mac80211-based drivers) and FreeBSD (net80211).
Add the following to /etc/rc.conf to use the ports version instead
of the base version:
hostapd_program="/usr/local/sbin/hostapd"
WWW: https://w1.fi/hostapd/

10
net/hostapd29/pkg-message Normal file
View File

@ -0,0 +1,10 @@
[
{ type: install
message: <<EOM
Add the following to /etc/rc.conf to use the ports version instead
of the base version:
hostapd_program="/usr/local/sbin/hostapd"
EOM
}
]

View File

@ -1275,6 +1275,7 @@
SUBDIR += wolfssh
SUBDIR += wolfssl
SUBDIR += wpa_supplicant
SUBDIR += wpa_supplicant29
SUBDIR += wpa_supplicant-devel
SUBDIR += xca
SUBDIR += xinetd

View File

@ -0,0 +1,229 @@
PORTNAME= wpa_supplicant
PORTVERSION= 2.9
PORTREVISION= 11
CATEGORIES= security net
MASTER_SITES= https://w1.fi/releases/
PATCH_SITES= https://w1.fi/security/2020-1/ \
https://w1.fi/security/2021-1/
PATCHFILES= 0001-WPS-UPnP-Do-not-allow-event-subscriptions-with-URLs-.patch:-p1 \
0002-WPS-UPnP-Fix-event-message-generation-using-a-long-U.patch:-p1 \
0003-WPS-UPnP-Handle-HTTP-initiation-failures-for-events-.patch:-p1 \
0001-P2P-Fix-a-corner-case-in-peer-addition-based-on-PD-R.patch:-p1
MAINTAINER= cy@FreeBSD.org
COMMENT= Supplicant (client) for WPA/802.1x protocols
LICENSE= BSD3CLAUSE
LICENSE_FILE= ${WRKSRC}/README
USES= cpe gmake pkgconfig:build readline ssl
BUILD_WRKSRC= ${WRKSRC}/wpa_supplicant
INSTALL_WRKSRC= ${WRKSRC}/src
CFLAGS+= ${CPPFLAGS} # USES=readline only augments CPPFLAGS and LDFLAGS
CFLAGS+= -I${OPENSSLINC}
LDFLAGS+= -L${OPENSSLLIB} -lutil
MAKE_ENV= V=1
SUB_FILES= pkg-message
PORTDOCS= README ChangeLog
CFG= ${BUILD_WRKSRC}/.config
.if !exists(/etc/rc.d/wpa_supplicant)
USE_RC_SUBR= wpa_supplicant
.endif
OPTIONS_MULTI= DRV EAP
OPTIONS_MULTI_DRV= BSD WIRED NDIS TEST NONE #ROBOSWITCH
OPTIONS_MULTI_EAP= TLS PEAP TTLS MD5 MSCHAPV2 GTC LEAP OTP PSK FAST \
SIM PWD PAX AKA AKA_PRIME SAKE GPSK TNC IKEV2 EKE
OPTIONS_DEFINE= WPS WPS_ER WPS_NOREG WPS_NFC WPS_UPNP PKCS12 SMARTCARD \
HT_OVERRIDES VHT_OVERRIDES TLSV12 IEEE80211W \
IEEE80211R DEBUG_FILE DEBUG_SYSLOG PRIVSEP \
DELAYED_MIC IEEE80211N IEEE80211AC INTERWORKING \
IEEE8021X_EAPOL EAPOL_TEST \
HS20 NO_ROAMING P2P TDLS DBUS MATCH DOCS \
SIM_SIMULATOR USIM_SIMULATOR
OPTIONS_DEFAULT= BSD WIRED \
TLS PEAP TTLS MD5 MSCHAPV2 GTC LEAP OTP PSK \
WPS PKCS12 SMARTCARD IEEE80211R DEBUG_SYSLOG \
INTERWORKING HS20 DBUS MATCH IEEE80211R IEEE80211W \
IEEE8021X_EAPOL WPS_ER WPS_NFC WPS_UPNP \
FAST PWD PAX SAKE GPSK TNC IKEV2 EKE
OPTIONS_SUB=
WPS_DESC= Wi-Fi Protected Setup
WPS_ER_DESC= Enable WPS External Registrar
WPS_NOREG_DESC= Disable open network credentials when registrar
WPS_NFC_DESC= Near Field Communication (NFC) configuration
WPS_UPNP_DESC= Universal Plug and Play support
PKCS12_DESC= PKCS\#12 (PFS) support
SMARTCARD_DESC= Private key on smartcard support
HT_OVERRIDES_DESC= Disable HT/HT40, mask MCS rates, etc
VHT_OVERRIDES_DESC= Disable VHT, mask MCS rates, etc
TLSV12_DESC= Build with TLS v1.2 instead of TLS v1.0
IEEE80211AC_DESC= Very High Throughput, AP mode (IEEE 802.11ac)
IEEE80211N_DESC= High Throughput, AP mode (IEEE 802.11n)
IEEE80211R_DESC= Fast BSS Transition (IEEE 802.11r-2008)
IEEE80211W_DESC= Management Frame Protection (IEEE 802.11w)
IEEE8021X_EAPOL_DESC= EAP over LAN support
EAPOL_TEST_DESC= Development testing
DEBUG_FILE_DESC= Support for writing debug log to a file
DEBUG_SYSLOG_DESC= Send debug messages to syslog instead of stdout
PRIVSEP_DESC= Privilege separation
DELAYED_MIC_DESC= Mitigate TKIP attack, random delay on MIC errors
INTERWORKING_DESC= Improve ext. network interworking (IEEE 802.11u)
HS20_DESC= Hotspot 2.0
NO_ROAMING_DESC= Disable roaming
P2P_DESC= Peer-to-Peer support
TDLS_DESC= Tunneled Direct Link Setup
MATCH_DESC= Interface match mode
DRV_DESC= Driver options
BSD_DESC= BSD net80211 interface
NDIS_DESC= Windows NDIS interface
WIRED_DESC= Wired ethernet interface
ROBOSWITCH_DESC= Broadcom Roboswitch interface
TEST_DESC= Development testing interface
NONE_DESC= The 'no driver' interface, e.g. WPS ER only
EAP_DESC= Extensible Authentication Protocols
TLS_DESC= Transport Layer Security
PEAP_DESC= Protected Extensible Authentication Protocol
TTLS_DESC= Tunneled Transport Layer Security
MD5_DESC= MD5 hash (deprecated, no key generation)
MSCHAPV2_DESC= Microsoft CHAP version 2 (RFC 2759)
GTC_DESC= Generic Token Card
LEAP_DESC= Lightweight Extensible Authentication Protocol
OTP_DESC= One-Time Password
PSK_DESC= Pre-Shared key
FAST_DESC= Flexible Authentication via Secure Tunneling
AKA_DESC= Autentication and Key Agreement (UMTS)
AKA_PRIME_DESC= AKA Prime variant (RFC 5448)
EKE_DESC= Encrypted Key Exchange
SIM_DESC= Subscriber Identity Module
SIM_SIMULATOR_DESC= SIM simulator (Milenage) for EAP-SIM
USIM_SIMULATOR_DESC= SIM simulator (Milenage) for EAP-AKA
IKEV2_DESC= Internet Key Exchange version 2
PWD_DESC= Shared password (RFC 5931)
PAX_DESC= Password Authenticated Exchange
SAKE_DESC= Shared-Secret Authentication & Key Establishment
GPSK_DESC= Generalized Pre-Shared Key
TNC_DESC= Trusted Network Connect
PRIVSEP_PLIST_FILES= sbin/wpa_priv
DBUS_PLIST_FILES= share/dbus-1/system-services/fi.w1.wpa_supplicant1.service \
etc/dbus-1/system.d/dbus-wpa_supplicant.conf
.include <bsd.port.pre.mk>
.if ${PORT_OPTIONS:MNDIS} && ${PORT_OPTIONS:MPRIVSEP}
BROKEN= Fails to compile with both NDIS and PRIVSEP
.endif
.if ${PORT_OPTIONS:MIEEE80211AC} && ${PORT_OPTIONS:MIEEE80211N}
BROKEN= Fails to compile with both IEEE80211AC and IEEE80211N
.endif
.if ${PORT_OPTIONS:MSIM} || ${PORT_OPTIONS:MAKA} || ${PORT_OPTIONS:MAKA_PRIME}
LIB_DEPENDS+= libpcsclite.so:devel/pcsc-lite
CFLAGS+= -I${LOCALBASE}/include/PCSC
LDFLAGS+= -L${LOCALBASE}/lib
.endif
.if ${PORT_OPTIONS:MDBUS}
LIB_DEPENDS+= libdbus-1.so:devel/dbus
.endif
post-patch:
@${CP} ${FILESDIR}/Packet32.[ch] ${FILESDIR}/ntddndis.h \
${WRKSRC}/src/utils
# Set driver(s)
.for item in BSD NDIS WIRED ROBOSWITCH TEST NONE
. if ${PORT_OPTIONS:M${item}}
@${ECHO_CMD} CONFIG_DRIVER_${item}=y >> ${CFG}
. endif
.endfor
# Set EAP protocol(s)
.for item in MD5 MSCHAPV2 TLS PEAP TTLS FAST GTC OTP PSK PWD PAX LEAP SIM \
AKA AKA_PRIME SAKE GPSK TNC IKEV2 EKE
. if ${PORT_OPTIONS:M${item}}
@${ECHO_CMD} CONFIG_EAP_${item:tu}=y >> ${CFG}
. endif
.endfor
.if ${PORT_OPTIONS:MSIM} || ${PORT_OPTIONS:MAKA} || ${PORT_OPTIONS:MAKA_PRIME}
@${ECHO_CMD} CONFIG_PCSC=y >> ${CFG}
.endif
.for simple in WPS WPS_ER WPS_NFC WPS_UPNP PKCS12 SMARTCARD HT_OVERRIDES \
VHT_OVERRIDES TLSV12 IEEE80211AC IEEE80211N IEEE80211R IEEE80211W \
IEEE8021X_EAPOL EAPOL_TEST \
INTERWORKING DEBUG_FILE DEBUG_SYSLOG HS20 NO_ROAMING PRIVSEP P2P TDLS
. if ${PORT_OPTIONS:M${simple}}
@${ECHO_CMD} CONFIG_${simple}=y >> ${CFG}
. endif
.endfor
.for item in READLINE PEERKEY
@${ECHO_CMD} CONFIG_${item}=y >> ${CFG}
.endfor
.if ${PORT_OPTIONS:MIEEE80211AC} || ${PORT_OPTIONS:MIEEE80211N}
@${ECHO_CMD} CONFIG_AP=y >> ${CFG}
.endif
.if ${PORT_OPTIONS:MGPSK}
# GPSK desired, assume highest SHA desired too
@${ECHO_CMD} CONFIG_EAP_GPSK_SHA256=y >> ${CFG}
.endif
.if ${PORT_OPTIONS:MWPS_NOREG}
@${ECHO_CMD} CONFIG_WPS_REG_DISABLE_OPEN=y >> ${CFG}
.endif
.if ${PORT_OPTIONS:MDELAYED_MIC}
@${ECHO_CMD} CONFIG_DELAYED_MIC_ERROR_REPORT=y >> ${CFG}
.endif
.if ${PORT_OPTIONS:MDBUS}
@${ECHO_CMD} CONFIG_CTRL_IFACE_DBUS_NEW=y >> ${CFG}
@${ECHO_CMD} CONFIG_CTRL_IFACE_DBUS_INTRO=y >> ${CFG}
.endif
.if ${PORT_OPTIONS:MMATCH}
@${ECHO_CMD} CONFIG_MATCH_IFACE=y >> ${CFG}
.endif
.if ${PORT_OPTIONS:MUSIM_SIMULATOR}
@${ECHO_CMD} CONFIG_USIM_SIMULATOR=y >> ${CFG}
.endif
.if ${PORT_OPTIONS:MSIM_SIMULATOR}
@${ECHO_CMD} CONFIG_SIM_SIMULATOR=y >> ${CFG}
.endif
@${ECHO_CMD} CONFIG_OS=unix >> ${CFG}
@${ECHO_CMD} CONFIG_CTRL_IFACE=unix >> ${CFG}
@${ECHO_CMD} CONFIG_BACKEND=file >> ${CFG}
@${ECHO_CMD} CONFIG_L2_PACKET=freebsd >> ${CFG}
@${ECHO_CMD} CONFIG_TLS=openssl >> ${CFG}
post-build-EAPOL_TEST-on:
cd ${BUILD_WRKSRC} && ${GMAKE} eapol_test
do-install:
(cd ${BUILD_WRKSRC} && ${INSTALL_PROGRAM} wpa_supplicant wpa_cli \
wpa_passphrase ${STAGEDIR}${PREFIX}/sbin)
${INSTALL_DATA} ${BUILD_WRKSRC}/wpa_supplicant.conf \
${STAGEDIR}${PREFIX}/etc/wpa_supplicant.conf.sample
do-install-EAPOL_TEST-on:
${INSTALL_PROGRAM} ${BUILD_WRKSRC}/eapol_test ${STAGEDIR}${PREFIX}/sbin
do-install-DOCS-on:
@${MKDIR} ${STAGEDIR}${DOCSDIR}
(cd ${BUILD_WRKSRC} && \
${INSTALL_DATA} ${PORTDOCS} ${STAGEDIR}${DOCSDIR})
do-install-PRIVSEP-on:
${INSTALL_PROGRAM} ${BUILD_WRKSRC}/wpa_priv ${STAGEDIR}${PREFIX}/sbin
do-install-DBUS-on:
@${MKDIR} ${STAGEDIR}${PREFIX}/share/dbus-1/system-services/
@${MKDIR} ${STAGEDIR}${PREFIX}/etc/dbus-1/system.d/
${INSTALL_DATA} ${BUILD_WRKSRC}/dbus/fi.w1.wpa_supplicant1.service \
${STAGEDIR}${PREFIX}/share/dbus-1/system-services/
${INSTALL_DATA} ${BUILD_WRKSRC}/dbus/dbus-wpa_supplicant.conf \
${STAGEDIR}${PREFIX}/etc/dbus-1/system.d/
.include <bsd.port.post.mk>

View File

@ -0,0 +1,11 @@
TIMESTAMP = 1615939959
SHA256 (wpa_supplicant-2.9.tar.gz) = fcbdee7b4a64bea8177973299c8c824419c413ec2e3a95db63dd6a5dc3541f17
SIZE (wpa_supplicant-2.9.tar.gz) = 3231785
SHA256 (0001-WPS-UPnP-Do-not-allow-event-subscriptions-with-URLs-.patch) = 2d9a5b9d616f1b4aa4a22b967cee866e2f69b798b0b46803a7928c8559842bd7
SIZE (0001-WPS-UPnP-Do-not-allow-event-subscriptions-with-URLs-.patch) = 5909
SHA256 (0002-WPS-UPnP-Fix-event-message-generation-using-a-long-U.patch) = 49feb35a5276279b465f6836d6fa2c6b34d94dc979e8b840d1918865c04260de
SIZE (0002-WPS-UPnP-Fix-event-message-generation-using-a-long-U.patch) = 2284
SHA256 (0003-WPS-UPnP-Handle-HTTP-initiation-failures-for-events-.patch) = a8212a2d89a5bab2824d22b6047e7740553df163114fcec94832bfa9c5c5d78a
SIZE (0003-WPS-UPnP-Handle-HTTP-initiation-failures-for-events-.patch) = 1553
SHA256 (0001-P2P-Fix-a-corner-case-in-peer-addition-based-on-PD-R.patch) = 7f40cfec5faf5e927ea9028ab9392cd118685bde7229ad24210caf0a8f6e9611
SIZE (0001-P2P-Fix-a-corner-case-in-peer-addition-based-on-PD-R.patch) = 1751

View File

@ -0,0 +1,366 @@
/*-
* Copyright (c) 2005
* Bill Paul <wpaul@windriver.com>. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. All advertising materials mentioning features or use of this software
* must display the following acknowledgement:
* This product includes software developed by Bill Paul.
* 4. Neither the name of the author nor the names of any co-contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY Bill Paul AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL Bill Paul OR THE VOICES IN HIS HEAD
* BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
* CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
* SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
* CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
* THE POSSIBILITY OF SUCH DAMAGE.
*/
/*
* This file implements a small portion of the Winpcap API for the
* Windows NDIS interface in wpa_supplicant. It provides just enough
* routines to fool wpa_supplicant into thinking it's really running
* in a Windows environment.
*/
#include <sys/types.h>
#include <sys/param.h>
#include <sys/socket.h>
#include <sys/ioctl.h>
#include <sys/errno.h>
#include <sys/sysctl.h>
#include <sys/fcntl.h>
#include <net/if.h>
#include <net/if_dl.h>
#include <net/if_var.h>
#include <netinet/in.h>
#include <arpa/inet.h>
#include <netdb.h>
#include <net/route.h>
#ifdef __FreeBSD__
#include <net80211/ieee80211_ioctl.h>
#endif
#ifdef __DragonFly__
#include <netproto/802_11/ieee80211_ioctl.h>
#endif
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
#include <unistd.h>
#include <pcap.h>
#include "Packet32.h"
#define OID_802_11_ADD_KEY 0x0d01011D
typedef ULONGLONG NDIS_802_11_KEY_RSC;
typedef UCHAR NDIS_802_11_MAC_ADDRESS[6];
typedef struct NDIS_802_11_KEY {
ULONG Length;
ULONG KeyIndex;
ULONG KeyLength;
NDIS_802_11_MAC_ADDRESS BSSID;
NDIS_802_11_KEY_RSC KeyRSC;
UCHAR KeyMaterial[1];
} NDIS_802_11_KEY;
typedef struct NDIS_802_11_KEY_COMPAT {
ULONG Length;
ULONG KeyIndex;
ULONG KeyLength;
NDIS_802_11_MAC_ADDRESS BSSID;
UCHAR Pad[6]; /* Make struct layout match Windows. */
NDIS_802_11_KEY_RSC KeyRSC;
#ifdef notdef
UCHAR KeyMaterial[1];
#endif
} NDIS_802_11_KEY_COMPAT;
#define TRUE 1
#define FALSE 0
struct adapter {
int socket;
char name[IFNAMSIZ];
int prev_roaming;
};
PCHAR
PacketGetVersion(void)
{
return("FreeBSD WinPcap compatibility shim v1.0");
}
void *
PacketOpenAdapter(CHAR *iface)
{
struct adapter *a;
int s;
int ifflags;
struct ifreq ifr;
struct ieee80211req ireq;
s = socket(PF_INET, SOCK_DGRAM, 0);
if (s == -1)
return(NULL);
a = malloc(sizeof(struct adapter));
if (a == NULL)
return(NULL);
a->socket = s;
if (strncmp(iface, "\\Device\\NPF_", 12) == 0)
iface += 12;
else if (strncmp(iface, "\\DEVICE\\", 8) == 0)
iface += 8;
snprintf(a->name, IFNAMSIZ, "%s", iface);
/* Turn off net80211 roaming */
bzero((char *)&ireq, sizeof(ireq));
strncpy(ireq.i_name, iface, sizeof (ifr.ifr_name));
ireq.i_type = IEEE80211_IOC_ROAMING;
if (ioctl(a->socket, SIOCG80211, &ireq) == 0) {
a->prev_roaming = ireq.i_val;
ireq.i_val = IEEE80211_ROAMING_MANUAL;
if (ioctl(a->socket, SIOCS80211, &ireq) < 0)
fprintf(stderr,
"Could not set IEEE80211_ROAMING_MANUAL\n");
}
bzero((char *)&ifr, sizeof(ifr));
strncpy(ifr.ifr_name, iface, sizeof (ifr.ifr_name));
if (ioctl(a->socket, SIOCGIFFLAGS, (caddr_t)&ifr) < 0) {
free(a);
close(s);
return(NULL);
}
ifr.ifr_flags |= IFF_UP;
if (ioctl(a->socket, SIOCSIFFLAGS, (caddr_t)&ifr) < 0) {
free(a);
close(s);
return(NULL);
}
return(a);
}
int
PacketRequest(void *iface, BOOLEAN set, PACKET_OID_DATA *oid)
{
struct adapter *a;
uint32_t retval;
struct ifreq ifr;
NDIS_802_11_KEY *old;
NDIS_802_11_KEY_COMPAT *new;
PACKET_OID_DATA *o = NULL;
if (iface == NULL)
return(-1);
a = iface;
bzero((char *)&ifr, sizeof(ifr));
/*
* This hack is necessary to work around a difference
* betwee the GNU C and Microsoft C compilers. The NDIS_802_11_KEY
* structure has a uint64_t in it, right after an array of
* chars. The Microsoft compiler inserts padding right before
* the 64-bit value to align it on a 64-bit boundary, but
* GCC only aligns it on a 32-bit boundary. Trying to pass
* the GCC-formatted structure to an NDIS binary driver
* fails because some of the fields appear to be at the
* wrong offsets.
*
* To get around this, if we detect someone is trying to do
* a set operation on OID_802_11_ADD_KEY, we shuffle the data
* into a properly padded structure and pass that into the
* driver instead. This allows the driver_ndis.c code supplied
* with wpa_supplicant to work unmodified.
*/
if (set == TRUE && oid->Oid == OID_802_11_ADD_KEY) {
old = (NDIS_802_11_KEY *)&oid->Data;
o = malloc(sizeof(PACKET_OID_DATA) +
sizeof(NDIS_802_11_KEY_COMPAT) + old->KeyLength);
if (o == NULL)
return(0);
bzero((char *)o, sizeof(PACKET_OID_DATA) +
sizeof(NDIS_802_11_KEY_COMPAT) + old->KeyLength);
o->Oid = oid->Oid;
o->Length = sizeof(NDIS_802_11_KEY_COMPAT) + old->KeyLength;
new = (NDIS_802_11_KEY_COMPAT *)&o->Data;
new->KeyRSC = old->KeyRSC;
new->Length = o->Length;
new->KeyIndex = old->KeyIndex;
new->KeyLength = old->KeyLength;
bcopy(old->BSSID, new->BSSID, sizeof(NDIS_802_11_MAC_ADDRESS));
bcopy(old->KeyMaterial, (char *)new +
sizeof(NDIS_802_11_KEY_COMPAT), new->KeyLength);
ifr.ifr_data = (caddr_t)o;
} else
ifr.ifr_data = (caddr_t)oid;
strlcpy(ifr.ifr_name, a->name, sizeof(ifr.ifr_name));
if (set == TRUE)
retval = ioctl(a->socket, SIOCSDRVSPEC, &ifr);
else
retval = ioctl(a->socket, SIOCGDRVSPEC, &ifr);
if (o != NULL)
free(o);
if (retval)
return(0);
return(1);
}
int
PacketGetAdapterNames(CHAR *namelist, ULONG *len)
{
int mib[6];
size_t needed;
struct if_msghdr *ifm;
struct sockaddr_dl *sdl;
char *buf, *lim, *next;
char *plist;
int spc;
int i, ifcnt = 0;
plist = namelist;
spc = 0;
bzero(plist, *len);
needed = 0;
mib[0] = CTL_NET;
mib[1] = PF_ROUTE;
mib[2] = 0; /* protocol */
mib[3] = 0; /* wildcard address family */
mib[4] = NET_RT_IFLIST;
mib[5] = 0; /* no flags */
if (sysctl (mib, 6, NULL, &needed, NULL, 0) < 0)
return(FALSE);
buf = malloc (needed);
if (buf == NULL)
return(FALSE);
if (sysctl (mib, 6, buf, &needed, NULL, 0) < 0) {
free(buf);
return(FALSE);
}
lim = buf + needed;
/* Generate interface name list. */
next = buf;
while (next < lim) {
ifm = (struct if_msghdr *)next;
if (ifm->ifm_type == RTM_IFINFO) {
sdl = (struct sockaddr_dl *)(ifm + 1);
if (strnstr(sdl->sdl_data, "wlan", sdl->sdl_nlen)) {
if ((spc + sdl->sdl_nlen) > *len) {
free(buf);
return(FALSE);
}
strncpy(plist, sdl->sdl_data, sdl->sdl_nlen);
plist += (sdl->sdl_nlen + 1);
spc += (sdl->sdl_nlen + 1);
ifcnt++;
}
}
next += ifm->ifm_msglen;
}
/* Insert an extra "" as a spacer */
plist++;
spc++;
/*
* Now generate the interface description list. There
* must be a unique description for each interface, and
* they have to match what the ndis_events program will
* feed in later. To keep this simple, we just repeat
* the interface list over again.
*/
next = buf;
while (next < lim) {
ifm = (struct if_msghdr *)next;
if (ifm->ifm_type == RTM_IFINFO) {
sdl = (struct sockaddr_dl *)(ifm + 1);
if (strnstr(sdl->sdl_data, "wlan", sdl->sdl_nlen)) {
if ((spc + sdl->sdl_nlen) > *len) {
free(buf);
return(FALSE);
}
strncpy(plist, sdl->sdl_data, sdl->sdl_nlen);
plist += (sdl->sdl_nlen + 1);
spc += (sdl->sdl_nlen + 1);
ifcnt++;
}
}
next += ifm->ifm_msglen;
}
free (buf);
*len = spc + 1;
return(TRUE);
}
void
PacketCloseAdapter(void *iface)
{
struct adapter *a;
struct ifreq ifr;
struct ieee80211req ireq;
if (iface == NULL)
return;
a = iface;
/* Reset net80211 roaming */
bzero((char *)&ireq, sizeof(ireq));
strncpy(ireq.i_name, a->name, sizeof (ifr.ifr_name));
ireq.i_type = IEEE80211_IOC_ROAMING;
ireq.i_val = a->prev_roaming;
ioctl(a->socket, SIOCS80211, &ireq);
bzero((char *)&ifr, sizeof(ifr));
strncpy(ifr.ifr_name, a->name, sizeof (ifr.ifr_name));
ioctl(a->socket, SIOCGIFFLAGS, (caddr_t)&ifr);
ifr.ifr_flags &= ~IFF_UP;
ioctl(a->socket, SIOCSIFFLAGS, (caddr_t)&ifr);
close(a->socket);
free(a);
return;
}

View File

@ -0,0 +1,65 @@
/*-
* Copyright (c) 2005
* Bill Paul <wpaul@windriver.com>. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. All advertising materials mentioning features or use of this software
* must display the following acknowledgement:
* This product includes software developed by Bill Paul.
* 4. Neither the name of the author nor the names of any co-contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY Bill Paul AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL Bill Paul OR THE VOICES IN HIS HEAD
* BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
* CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
* SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
* CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
* THE POSSIBILITY OF SUCH DAMAGE.
*/
#ifndef _PACKET32_H_
#define _PACKET32_H_
#include <sys/types.h>
#include <ntddndis.h>
struct PACKET_OID_DATA {
uint32_t Oid;
uint32_t Length;
uint8_t Data[1];
};
typedef struct PACKET_OID_DATA PACKET_OID_DATA;
extern PCHAR PacketGetVersion(void);
extern void *PacketOpenAdapter(CHAR *);
extern int PacketRequest(void *, BOOLEAN, PACKET_OID_DATA *);
extern int PacketGetAdapterNames(CHAR *, ULONG *);
extern void PacketCloseAdapter(void *);
/*
* This is for backwards compatibility on FreeBSD 5.
*/
#ifndef SIOCGDRVSPEC
#define SIOCSDRVSPEC _IOW('i', 123, struct ifreq) /* set driver-specific
parameters */
#define SIOCGDRVSPEC _IOWR('i', 123, struct ifreq) /* get driver-specific
parameters */
#endif
#endif /* _PACKET32_H_ */

View File

@ -0,0 +1,32 @@
#ifndef _NTDDNDIS_H_
#define _NTDDNDIS_H_
/*
* Fake up some of the Windows type definitions so that the NDIS
* interface module in wpa_supplicant will build.
*/
#define ULONG uint32_t
#define USHORT uint16_t
#define UCHAR uint8_t
#define LONG int32_t
#define SHORT int16_t
#if __FreeBSD__
#define CHAR char
#else
#define CHAR int8_t
#endif
#define ULONGLONG uint64_t
#define LONGLONG int64_t
#define BOOLEAN uint8_t
typedef void * LPADAPTER;
typedef char * PTSTR;
typedef char * PCHAR;
#define TRUE 1
#define FALSE 0
#define OID_802_3_CURRENT_ADDRESS 0x01010102
#define OID_802_3_MULTICAST_LIST 0x01010103
#endif /* _NTDDNDIS_H_ */

View File

@ -0,0 +1,25 @@
--- src/common/dhcp.h.orig 2018-12-02 11:34:59.000000000 -0800
+++ src/common/dhcp.h 2018-12-06 00:01:11.429254000 -0800
@@ -9,6 +9,22 @@
#ifndef DHCP_H
#define DHCP_H
+/*
+ * Translate Linux to FreeBSD
+ */
+#define iphdr ip
+#define ihl ip_hl
+#define verson ip_v
+#define tos ip_tos
+#define tot_len ip_len
+#define id ip_id
+#define frag_off ip_off
+#define ttl ip_ttl
+#define protocol ip_p
+#define check ip_sum
+#define saddr ip_src
+#define daddr ip_dst
+
#include <netinet/ip.h>
#if __FAVOR_BSD
#include <netinet/udp.h>

View File

@ -0,0 +1,48 @@
--- src/drivers/driver_bsd.c.orig 2019-08-07 06:25:25.000000000 -0700
+++ src/drivers/driver_bsd.c 2021-06-13 23:07:14.016849000 -0700
@@ -649,7 +649,7 @@
len = 2048;
}
- return len;
+ return (len == 0) ? 2048 : len;
}
#ifdef HOSTAPD
@@ -1080,7 +1080,14 @@
mode = 0 /* STA */;
break;
case IEEE80211_MODE_IBSS:
+ /*
+ * Ref bin/203086 - FreeBSD's net80211 currently uses
+ * IFM_IEEE80211_ADHOC.
+ */
+#if 0
mode = IFM_IEEE80211_IBSS;
+#endif
+ mode = IFM_IEEE80211_ADHOC;
break;
case IEEE80211_MODE_AP:
mode = IFM_IEEE80211_HOSTAP;
@@ -1336,14 +1343,18 @@
drv = bsd_get_drvindex(global, ifm->ifm_index);
if (drv == NULL)
return;
- if ((ifm->ifm_flags & IFF_UP) == 0 &&
- (drv->flags & IFF_UP) != 0) {
+ if (((ifm->ifm_flags & IFF_UP) == 0 ||
+ (ifm->ifm_flags & IFF_RUNNING) == 0) &&
+ (drv->flags & IFF_UP) != 0 &&
+ (drv->flags & IFF_RUNNING) != 0) {
wpa_printf(MSG_DEBUG, "RTM_IFINFO: Interface '%s' DOWN",
drv->ifname);
wpa_supplicant_event(drv->ctx, EVENT_INTERFACE_DISABLED,
NULL);
} else if ((ifm->ifm_flags & IFF_UP) != 0 &&
- (drv->flags & IFF_UP) == 0) {
+ (ifm->ifm_flags & IFF_RUNNING) != 0 &&
+ ((drv->flags & IFF_UP) == 0 ||
+ (drv->flags & IFF_RUNNING) == 0)) {
wpa_printf(MSG_DEBUG, "RTM_IFINFO: Interface '%s' UP",
drv->ifname);
wpa_supplicant_event(drv->ctx, EVENT_INTERFACE_ENABLED,

View File

@ -0,0 +1,89 @@
--- src/drivers/driver_ndis.c.orig 2019-08-07 13:25:25 UTC
+++ src/drivers/driver_ndis.c
@@ -504,13 +504,13 @@ static int ndis_get_oid(struct wpa_drive
o->Length = len;
if (!PacketRequest(drv->adapter, FALSE, o)) {
- wpa_printf(MSG_DEBUG, "%s: oid=0x%x len (%d) failed",
+ wpa_printf(MSG_DEBUG, "%s: oid=0x%x len (%lu) failed",
__func__, oid, len);
os_free(buf);
return -1;
}
if (o->Length > len) {
- wpa_printf(MSG_DEBUG, "%s: oid=0x%x Length (%d) > len (%d)",
+ wpa_printf(MSG_DEBUG, "%s: oid=0x%x Length (%d) > len (%lu)",
__func__, oid, (unsigned int) o->Length, len);
os_free(buf);
return -1;
@@ -573,7 +573,7 @@ static int ndis_set_oid(struct wpa_drive
os_memcpy(o->Data, data, len);
if (!PacketRequest(drv->adapter, TRUE, o)) {
- wpa_printf(MSG_DEBUG, "%s: oid=0x%x len (%d) failed",
+ wpa_printf(MSG_DEBUG, "%s: oid=0x%x len (%lu) failed",
__func__, oid, len);
os_free(buf);
return -1;
@@ -1531,7 +1531,7 @@ static void wpa_driver_ndis_event_auth(s
if (data_len < sizeof(*req)) {
wpa_printf(MSG_DEBUG, "NDIS: Too short Authentication Request "
- "Event (len=%d)", data_len);
+ "Event (len=%lu)", data_len);
return;
}
req = (NDIS_802_11_AUTHENTICATION_REQUEST *) data;
@@ -1565,7 +1565,7 @@ static void wpa_driver_ndis_event_pmkid(
if (data_len < 8) {
wpa_printf(MSG_DEBUG, "NDIS: Too short PMKID Candidate List "
- "Event (len=%d)", data_len);
+ "Event (len=%lu)", data_len);
return;
}
pmkid = (NDIS_802_11_PMKID_CANDIDATE_LIST *) data;
@@ -1587,7 +1587,7 @@ static void wpa_driver_ndis_event_pmkid(
os_memset(&event, 0, sizeof(event));
for (i = 0; i < pmkid->NumCandidates; i++) {
PMKID_CANDIDATE *p = &pmkid->CandidateList[i];
- wpa_printf(MSG_DEBUG, "NDIS: %d: " MACSTR " Flags 0x%x",
+ wpa_printf(MSG_DEBUG, "NDIS: %lu: " MACSTR " Flags 0x%x",
i, MAC2STR(p->BSSID), (int) p->Flags);
os_memcpy(event.pmkid_candidate.bssid, p->BSSID, ETH_ALEN);
event.pmkid_candidate.index = i;
@@ -1778,7 +1778,7 @@ static void wpa_driver_ndis_get_capabili
"overflow");
break;
}
- wpa_printf(MSG_MSGDUMP, "NDIS: %d - auth %d encr %d",
+ wpa_printf(MSG_MSGDUMP, "NDIS: %lu - auth %d encr %d",
i, (int) ae->AuthModeSupported,
(int) ae->EncryptStatusSupported);
switch (ae->AuthModeSupported) {
@@ -2106,7 +2106,11 @@ static int wpa_driver_ndis_get_names(str
dlen = dpos - desc;
else
dlen = os_strlen(desc);
- drv->adapter_desc = dup_binstr(desc, dlen);
+ drv->adapter_desc = os_malloc(dlen + 1);
+ if (drv->adapter_desc) {
+ os_memcpy(drv->adapter_desc, desc, dlen);
+ drv->adapter_desc[dlen] = '\0';
+ }
os_free(b);
if (drv->adapter_desc == NULL)
return -1;
@@ -2274,7 +2278,11 @@ static int wpa_driver_ndis_get_names(str
} else {
dlen = os_strlen(desc[i]);
}
- drv->adapter_desc = dup_binstr(desc[i], dlen);
+ drv->adapter_desc = os_malloc(dlen + 1);
+ if (drv->adapter_desc) {
+ os_memcpy(drv->adapter_desc, desc[i], dlen);
+ drv->adapter_desc[dlen] = '\0';
+ }
os_free(names);
if (drv->adapter_desc == NULL)
return -1;

View File

@ -0,0 +1,12 @@
--- src/l2_packet/l2_packet_freebsd.c.orig 2018-12-02 11:34:59.000000000 -0800
+++ src/l2_packet/l2_packet_freebsd.c 2018-12-05 23:18:27.612433000 -0800
@@ -8,7 +8,8 @@
*/
#include "includes.h"
-#if defined(__APPLE__) || defined(__GLIBC__)
+#include <sys/param.h>
+#if defined(__APPLE__) || defined(__GLIBC__) || defined(__FreeBSD_version)
#include <net/bpf.h>
#endif /* __APPLE__ */
#include <pcap.h>

View File

@ -0,0 +1,12 @@
--- src/radius/radius_client.c.orig 2019-08-07 06:25:25.000000000 -0700
+++ src/radius/radius_client.c 2021-01-11 08:35:20.860835000 -0800
@@ -814,6 +814,9 @@
{
struct radius_client_data *radius = eloop_ctx;
struct hostapd_radius_servers *conf = radius->conf;
+#if defined(__clang_major__) && __clang_major__ >= 11
+#pragma GCC diagnostic ignored "-Wvoid-pointer-to-enum-cast"
+#endif
RadiusType msg_type = (RadiusType) sock_ctx;
int len, roundtrip;
unsigned char buf[3000];

View File

@ -0,0 +1,34 @@
--- src/wps/wps_upnp.c.orig 2020-06-08 14:40:50.402529000 -0700
+++ src/wps/wps_upnp.c 2020-06-08 15:48:08.294830000 -0700
@@ -861,7 +861,8 @@
}
-#if defined(__FreeBSD__) || defined(__FreeBSD_kernel__)
+#if defined(__FreeBSD__) || defined(__FreeBSD_kernel__) \
+ || defined(__DragonFly__)
#include <sys/sysctl.h>
#include <net/route.h>
#include <net/if_dl.h>
@@ -950,7 +951,11 @@
errno, strerror(errno));
goto fail;
}
+#if defined(__FreeBSD__) || defined(__FreeBSD_kernel__)
+ addr = (struct sockaddr_in *) &req.ifr_addr;
+#else
addr = (struct sockaddr_in *) &req.ifr_netmask;
+#endif
netmask->s_addr = addr->sin_addr.s_addr;
}
@@ -962,7 +967,8 @@
goto fail;
}
os_memcpy(mac, req.ifr_addr.sa_data, 6);
-#elif defined(__FreeBSD__) || defined(__FreeBSD_kernel__)
+#elif defined(__FreeBSD__) || defined(__FreeBSD_kernel__) \
+ || defined(__DragonFly__)
if (eth_get(net_if, mac) < 0) {
wpa_printf(MSG_ERROR, "WPS UPnP: Failed to get MAC address");
goto fail;

View File

@ -0,0 +1,17 @@
--- wpa_supplicant/Makefile.orig 2015-03-15 17:30:39 UTC
+++ wpa_supplicant/Makefile
@@ -99,6 +99,14 @@ OBJS += ../src/utils/os_$(CONFIG_OS).o
OBJS_p += ../src/utils/os_$(CONFIG_OS).o
OBJS_c += ../src/utils/os_$(CONFIG_OS).o
+ifdef CONFIG_DRIVER_NDIS
+OBJS += ../src/utils/Packet32.o
+ifdef CONFIG_PRIVSEP
+OBJS += ../src/drivers/driver_ndis.o
+endif
+OBJS_priv += ../src/utils/Packet32.o
+endif
+
ifdef CONFIG_WPA_TRACE
CFLAGS += -DWPA_TRACE
OBJS += ../src/utils/trace.o

View File

@ -0,0 +1,33 @@
--- wpa_supplicant/main.c.orig 2016-11-05 20:56:30 UTC
+++ wpa_supplicant/main.c
@@ -66,7 +66,7 @@ static void usage(void)
" -c = Configuration file\n"
" -C = ctrl_interface parameter (only used if -c is not)\n"
" -d = increase debugging verbosity (-dd even more)\n"
- " -D = driver name (can be multiple drivers: nl80211,wext)\n"
+ " -D = driver name (can be multiple drivers: bsd,wired)\n"
" -e = entropy file\n"
#ifdef CONFIG_DEBUG_FILE
" -f = log output to debug file instead of stdout\n"
@@ -105,8 +105,7 @@ static void usage(void)
" -W = wait for a control interface monitor before starting\n");
printf("example:\n"
- " wpa_supplicant -D%s -iwlan0 -c/etc/wpa_supplicant.conf\n",
- wpa_drivers[0] ? wpa_drivers[0]->name : "nl80211");
+ " wpa_supplicant -Dbsd -iwlan0 -c/etc/wpa_supplicant.conf\n");
#endif /* CONFIG_NO_STDOUT_DEBUG */
}
@@ -199,6 +198,11 @@ int main(int argc, char *argv[])
wpa_supplicant_fd_workaround(1);
+#ifdef CONFIG_DRIVER_NDIS
+ void driver_ndis_init_ops(void);
+ driver_ndis_init_ops();
+#endif /* CONFIG_DRIVER_NDIS */
+
for (;;) {
c = getopt(argc, argv,
"b:Bc:C:D:de:f:g:G:hi:I:KLMm:No:O:p:P:qsTtuvW");

View File

@ -0,0 +1,16 @@
--- wpa_supplicant/wpa_supplicant.c.orig 2019-04-21 03:10:22.000000000 -0400
+++ wpa_supplicant/wpa_supplicant.c 2019-05-15 22:44:44.919859000 -0400
@@ -6357,13 +6357,6 @@
if (params == NULL)
return NULL;
-#ifdef CONFIG_DRIVER_NDIS
- {
- void driver_ndis_init_ops(void);
- driver_ndis_init_ops();
- }
-#endif /* CONFIG_DRIVER_NDIS */
-
#ifndef CONFIG_NO_WPA_MSG
wpa_msg_register_ifname_cb(wpa_supplicant_msg_ifname_cb);
#endif /* CONFIG_NO_WPA_MSG */

View File

@ -0,0 +1,11 @@
[
{ type: install
message: <<EOM
To use the ports version of WPA Supplicant instead of the base, add:
wpa_supplicant_program="%%PREFIX%%/sbin/wpa_supplicant"
to /etc/rc.conf
EOM
}
]

View File

@ -0,0 +1,54 @@
#!/bin/sh
# PROVIDE: wpa_supplicant
# REQUIRE: mountcritremote
# KEYWORD: nojail nostart
. /etc/rc.subr
. /etc/network.subr
name="wpa_supplicant"
desc="WPA/802.11i Supplicant for wireless network devices"
rcvar=
ifn="$2"
if [ -z "$ifn" ]; then
return 1
fi
is_ndis_interface()
{
case `sysctl -n net.wlan.${1#wlan}.%parent 2>/dev/null` in
ndis*) true ;;
*) false ;;
esac
}
if is_wired_interface ${ifn} ; then
driver="wired"
elif is_ndis_interface ${ifn} ; then
driver="ndis"
else
driver="bsd"
fi
load_rc_config $name
#
# This portion of this rc.script is different from base.
case ${command} in
/usr/sbin/wpa_supplicant) # Assume user does not want base hostapd because
# user specified WITHOUT_WIRELESS in make.conf
# and /etc/defaults/rc.conf contains this value.
unset command;;
esac
command=${wpa_supplicant_program:-%%PREFIX%%/sbin/wpa_supplicant}
# End of differences from base. The rest of the file should remain the same.
conf_file=${wpa_supplicant_conf_file}
pidfile="/var/run/${name}/${ifn}.pid"
command_args="-B -i $ifn -c $conf_file -D $driver -P $pidfile"
required_files=$conf_file
required_modules="wlan_wep wlan_tkip wlan_ccmp"
run_rc_command "$1"

View File

@ -0,0 +1,14 @@
wpa_supplicant is a client (supplicant) with support for WPA and WPA2
(IEEE 802.11i / RSN). It is suitable for both desktop/laptop computers and
embedded systems. Supplicant is the IEEE 802.1X/WPA component that is used
in the client stations. It implements key negotiation with a WPA
Authenticator and it controls the roaming and IEEE 802.11 authentication/
association of the wlan driver.
wpa_supplicant is designed to be a "daemon" program that runs in the
background and acts as the backend component controlling the wireless
connection. wpa_supplicant supports separate frontend programs and a
text-based frontend (wpa_cli) and a GUI (wpa_gui) are included with
wpa_supplicant.
WWW: http://w1.fi/wpa_supplicant/

View File

@ -0,0 +1,5 @@
%%EAPOL_TEST%%sbin/eapol_test
sbin/wpa_supplicant
sbin/wpa_passphrase
sbin/wpa_cli
@sample etc/wpa_supplicant.conf.sample