diff options
author | Cy Schubert <cy@FreeBSD.org> | 2022-06-19 09:15:44 -0700 |
---|---|---|
committer | Cy Schubert <cy@FreeBSD.org> | 2022-06-20 08:11:55 -0700 |
commit | c82d2efea691ec4d8eac6a875eb0fe182106bf99 (patch) | |
tree | bd3e766172e5f0c9ad9f16e7f46ed64a646cebcc | |
parent | sysutils/cbsd: Update 13.1.1 (diff) |
*/*: Bring back wpa_supplicant29 and hostapd29 as new ports
The current wpa_supplicant and hostapd have an issue with AR9285.
For the time being bring back wpa_supplicant 2.9 as
security/wpa_supplicant29 and hostpd 2.9 as net/hostapd29 for those
cases that have an issue with wpa_supplicant/hostpad2.10 (in base and
in ports)
PR: 264238
(cherry picked from commit 7150a0c9b1014e445a8266c9080d0bf4738dcc9c)
32 files changed, 1661 insertions, 0 deletions
diff --git a/net/Makefile b/net/Makefile index 501e316e38d6..544d5137d2c8 100644 --- a/net/Makefile +++ b/net/Makefile @@ -248,6 +248,7 @@ SUBDIR += hlmaster SUBDIR += honeyd SUBDIR += hostapd + SUBDIR += hostapd29 SUBDIR += hostapd-devel SUBDIR += hping3 SUBDIR += hsflowd diff --git a/net/hostapd29/Makefile b/net/hostapd29/Makefile new file mode 100644 index 000000000000..a87a8ed33515 --- /dev/null +++ b/net/hostapd29/Makefile @@ -0,0 +1,46 @@ +# Created by: Craig Leres <leres@FreeBSD.org> + +PORTNAME= hostapd +PORTVERSION= 2.9 +PORTREVISION= 4 +CATEGORIES= net +MASTER_SITES= https://w1.fi/releases/ + +PATCH_SITES= https://w1.fi/security/2020-1/ +PATCHFILES= 0001-WPS-UPnP-Do-not-allow-event-subscriptions-with-URLs-.patch:-p1 \ + 0002-WPS-UPnP-Fix-event-message-generation-using-a-long-U.patch:-p1 \ + 0003-WPS-UPnP-Handle-HTTP-initiation-failures-for-events-.patch:-p1 + +MAINTAINER= cy@FreeBSD.org +COMMENT= IEEE 802.11 AP, IEEE 802.1X/WPA/WPA2/EAP/RADIUS Authenticator + +LICENSE= BSD3CLAUSE + +USES= cpe gmake ssl +CPE_VENDOR= w1.fi +BUILD_WRKSRC= ${WRKSRC}/hostapd +CFLAGS+= -I${OPENSSLINC} +LDFLAGS+= -L${OPENSSLLIB} + +PLIST_FILES= sbin/hostapd sbin/hostapd_cli man/man1/hostapd_cli.1.gz \ + man/man8/hostapd.8.gz +.if !exists(/etc/rc.d/hostapd) +USE_RC_SUBR= hostapd +.endif + +post-patch: + @${REINPLACE_CMD} -e 's|@$$(E) " CC " $$<|@$$(E) " $$(CC) " $$<|' \ + ${BUILD_WRKSRC}/Makefile + @${SED} -e 's|@PREFIX@|${PREFIX}|g' ${FILESDIR}/config \ + >> ${WRKSRC}/hostapd/.config + +do-install: + ${INSTALL_PROGRAM} ${WRKSRC}/hostapd/hostapd ${STAGEDIR}${PREFIX}/sbin + ${INSTALL_PROGRAM} ${WRKSRC}/hostapd/hostapd_cli \ + ${STAGEDIR}${PREFIX}/sbin + ${INSTALL_MAN} ${WRKSRC}/hostapd/hostapd_cli.1 \ + ${STAGEDIR}${MANPREFIX}/man/man1 + ${INSTALL_MAN} ${WRKSRC}/hostapd/hostapd.8 \ + ${STAGEDIR}${MANPREFIX}/man/man8 + +.include <bsd.port.mk> diff --git a/net/hostapd29/distinfo b/net/hostapd29/distinfo new file mode 100644 index 000000000000..c6fd159e26c4 --- /dev/null +++ b/net/hostapd29/distinfo @@ -0,0 +1,9 @@ +TIMESTAMP = 1591652140 +SHA256 (hostapd-2.9.tar.gz) = 881d7d6a90b2428479288d64233151448f8990ab4958e0ecaca7eeb3c9db2bd7 +SIZE (hostapd-2.9.tar.gz) = 2244312 +SHA256 (0001-WPS-UPnP-Do-not-allow-event-subscriptions-with-URLs-.patch) = 2d9a5b9d616f1b4aa4a22b967cee866e2f69b798b0b46803a7928c8559842bd7 +SIZE (0001-WPS-UPnP-Do-not-allow-event-subscriptions-with-URLs-.patch) = 5909 +SHA256 (0002-WPS-UPnP-Fix-event-message-generation-using-a-long-U.patch) = 49feb35a5276279b465f6836d6fa2c6b34d94dc979e8b840d1918865c04260de +SIZE (0002-WPS-UPnP-Fix-event-message-generation-using-a-long-U.patch) = 2284 +SHA256 (0003-WPS-UPnP-Handle-HTTP-initiation-failures-for-events-.patch) = a8212a2d89a5bab2824d22b6047e7740553df163114fcec94832bfa9c5c5d78a +SIZE (0003-WPS-UPnP-Handle-HTTP-initiation-failures-for-events-.patch) = 1553 diff --git a/net/hostapd29/files/config b/net/hostapd29/files/config new file mode 100644 index 000000000000..de05f3384a1a --- /dev/null +++ b/net/hostapd29/files/config @@ -0,0 +1,316 @@ +# FreeBSD hostapd build time configuration +# +# This file lists the configuration options that are used when building the +# hostapd binary. All lines starting with # are ignored. Configuration option +# lines must be commented out complete, if they are not to be included, i.e., +# just setting VARIABLE=n is not disabling that variable. +# +# This file is included in Makefile, so variables like CFLAGS and LIBS can also +# be modified from here. In most cass, these lines should use += in order not +# to override previous values of the variables. + +# Driver interface for Host AP driver +#CONFIG_DRIVER_HOSTAP=y + +# Driver interface for wired authenticator +#CONFIG_DRIVER_WIRED=y + +# Driver interface for madwifi driver +#CONFIG_DRIVER_MADWIFI=y +#CFLAGS += -I../../madwifi # change to the madwifi source directory + +# Driver interface for drivers using the nl80211 kernel interface +#CONFIG_DRIVER_NL80211=y + +# driver_nl80211.c requires libnl. If you are compiling it yourself +# you may need to point hostapd to your version of libnl. +# +#CFLAGS += -I$<path to libnl include files> +#LIBS += -L$<path to libnl library files> + +# Use libnl v2.0 (or 3.0) libraries. +#CONFIG_LIBNL20=y + +# Use libnl 3.2 libraries (if this is selected, CONFIG_LIBNL20 is ignored) +#CONFIG_LIBNL32=y + +# Driver interface for FreeBSD net80211 layer (e.g., Atheros driver) +CONFIG_DRIVER_BSD=y +CFLAGS += -I@PREFIX@/include +LIBS += -L@PREFIX@/lib +LIBS_p += -L@PREFIX@/lib +LIBS_c += -L@PREFIX@/lib + +# Driver interface for no driver (e.g., RADIUS server only) +#CONFIG_DRIVER_NONE=y + +# IEEE 802.11F/IAPP +#CONFIG_IAPP=y + +# WPA2/IEEE 802.11i RSN pre-authentication +CONFIG_RSN_PREAUTH=y + +# PeerKey handshake for Station to Station Link (IEEE 802.11e DLS) +#CONFIG_PEERKEY=y + +# IEEE 802.11w (management frame protection) +#CONFIG_IEEE80211W=y + +# Integrated EAP server +CONFIG_EAP=y + +# EAP-MD5 for the integrated EAP server +CONFIG_EAP_MD5=y + +# EAP-TLS for the integrated EAP server +CONFIG_EAP_TLS=y + +# EAP-MSCHAPv2 for the integrated EAP server +CONFIG_EAP_MSCHAPV2=y + +# EAP-PEAP for the integrated EAP server +CONFIG_EAP_PEAP=y + +# EAP-GTC for the integrated EAP server +CONFIG_EAP_GTC=y + +# EAP-TTLS for the integrated EAP server +CONFIG_EAP_TTLS=y + +# EAP-SIM for the integrated EAP server +#CONFIG_EAP_SIM=y + +# EAP-AKA for the integrated EAP server +#CONFIG_EAP_AKA=y + +# EAP-AKA' for the integrated EAP server +# This requires CONFIG_EAP_AKA to be enabled, too. +#CONFIG_EAP_AKA_PRIME=y + +# EAP-PAX for the integrated EAP server +#CONFIG_EAP_PAX=y + +# EAP-PSK for the integrated EAP server (this is _not_ needed for WPA-PSK) +#CONFIG_EAP_PSK=y + +# EAP-pwd for the integrated EAP server (secure authentication with a password) +#CONFIG_EAP_PWD=y + +# EAP-SAKE for the integrated EAP server +#CONFIG_EAP_SAKE=y + +# EAP-GPSK for the integrated EAP server +#CONFIG_EAP_GPSK=y +# Include support for optional SHA256 cipher suite in EAP-GPSK +#CONFIG_EAP_GPSK_SHA256=y + +# EAP-FAST for the integrated EAP server +# Note: If OpenSSL is used as the TLS library, OpenSSL 1.0 or newer is needed +# for EAP-FAST support. Older OpenSSL releases would need to be patched, e.g., +# with openssl-0.9.8x-tls-extensions.patch, to add the needed functions. +#CONFIG_EAP_FAST=y + +# Wi-Fi Protected Setup (WPS) +#CONFIG_WPS=y +# Enable UPnP support for external WPS Registrars +#CONFIG_WPS_UPNP=y +# Enable WPS support with NFC config method +#CONFIG_WPS_NFC=y + +# EAP-IKEv2 +#CONFIG_EAP_IKEV2=y + +# Trusted Network Connect (EAP-TNC) +#CONFIG_EAP_TNC=y + +# EAP-EKE for the integrated EAP server +#CONFIG_EAP_EKE=y + +# PKCS#12 (PFX) support (used to read private key and certificate file from +# a file that usually has extension .p12 or .pfx) +CONFIG_PKCS12=y + +# RADIUS authentication server. This provides access to the integrated EAP +# server from external hosts using RADIUS. +#CONFIG_RADIUS_SERVER=y + +# Build IPv6 support for RADIUS operations +CONFIG_IPV6=y + +# IEEE Std 802.11r-2008 (Fast BSS Transition) +#CONFIG_IEEE80211R=y + +# Use the hostapd's IEEE 802.11 authentication (ACL), but without +# the IEEE 802.11 Management capability (e.g., madwifi or FreeBSD/net80211) +CONFIG_DRIVER_RADIUS_ACL=y + +# IEEE 802.11n (High Throughput) support +#CONFIG_IEEE80211N=y + +# Wireless Network Management (IEEE Std 802.11v-2011) +# Note: This is experimental and not complete implementation. +#CONFIG_WNM=y + +# IEEE 802.11ac (Very High Throughput) support +#CONFIG_IEEE80211AC=y + +# Remove debugging code that is printing out debug messages to stdout. +# This can be used to reduce the size of the hostapd considerably if debugging +# code is not needed. +#CONFIG_NO_STDOUT_DEBUG=y + +# Add support for writing debug log to a file: -f /tmp/hostapd.log +# Disabled by default. +#CONFIG_DEBUG_FILE=y + +# Add support for sending all debug messages (regardless of debug verbosity) +# to the Linux kernel tracing facility. This helps debug the entire stack by +# making it easy to record everything happening from the driver up into the +# same file, e.g., using trace-cmd. +#CONFIG_DEBUG_LINUX_TRACING=y + +# Remove support for RADIUS accounting +#CONFIG_NO_ACCOUNTING=y + +# Remove support for RADIUS +#CONFIG_NO_RADIUS=y + +# Remove support for VLANs +#CONFIG_NO_VLAN=y + +# Enable support for fully dynamic VLANs. This enables hostapd to +# automatically create bridge and VLAN interfaces if necessary. +#CONFIG_FULL_DYNAMIC_VLAN=y + +# Use netlink-based kernel API for VLAN operations instead of ioctl() +# Note: This requires libnl 3.1 or newer. +#CONFIG_VLAN_NETLINK=y + +# Remove support for dumping internal state through control interface commands +# This can be used to reduce binary size at the cost of disabling a debugging +# option. +#CONFIG_NO_DUMP_STATE=y + +# Enable tracing code for developer debugging +# This tracks use of memory allocations and other registrations and reports +# incorrect use with a backtrace of call (or allocation) location. +#CONFIG_WPA_TRACE=y +# For BSD, comment out these. +#LIBS += -lexecinfo +#LIBS_p += -lexecinfo +#LIBS_c += -lexecinfo + +# Use libbfd to get more details for developer debugging +# This enables use of libbfd to get more detailed symbols for the backtraces +# generated by CONFIG_WPA_TRACE=y. +#CONFIG_WPA_TRACE_BFD=y +# For BSD, comment out these. +#LIBS += -lbfd -liberty -lz +#LIBS_p += -lbfd -liberty -lz +#LIBS_c += -lbfd -liberty -lz + +# hostapd depends on strong random number generation being available from the +# operating system. os_get_random() function is used to fetch random data when +# needed, e.g., for key generation. On Linux and BSD systems, this works by +# reading /dev/urandom. It should be noted that the OS entropy pool needs to be +# properly initialized before hostapd is started. This is important especially +# on embedded devices that do not have a hardware random number generator and +# may by default start up with minimal entropy available for random number +# generation. +# +# As a safety net, hostapd is by default trying to internally collect +# additional entropy for generating random data to mix in with the data +# fetched from the OS. This by itself is not considered to be very strong, but +# it may help in cases where the system pool is not initialized properly. +# However, it is very strongly recommended that the system pool is initialized +# with enough entropy either by using hardware assisted random number +# generator or by storing state over device reboots. +# +# hostapd can be configured to maintain its own entropy store over restarts to +# enhance random number generation. This is not perfect, but it is much more +# secure than using the same sequence of random numbers after every reboot. +# This can be enabled with -e<entropy file> command line option. The specified +# file needs to be readable and writable by hostapd. +# +# If the os_get_random() is known to provide strong random data (e.g., on +# Linux/BSD, the board in question is known to have reliable source of random +# data from /dev/urandom), the internal hostapd random pool can be disabled. +# This will save some in binary size and CPU use. However, this should only be +# considered for builds that are known to be used on devices that meet the +# requirements described above. +#CONFIG_NO_RANDOM_POOL=y + +# Select TLS implementation +# openssl = OpenSSL (default) +# gnutls = GnuTLS +# internal = Internal TLSv1 implementation (experimental) +# none = Empty template +#CONFIG_TLS=openssl + +# TLS-based EAP methods require at least TLS v1.0. Newer version of TLS (v1.1) +# can be enabled to get a stronger construction of messages when block ciphers +# are used. +#CONFIG_TLSV11=y + +# TLS-based EAP methods require at least TLS v1.0. Newer version of TLS (v1.2) +# can be enabled to enable use of stronger crypto algorithms. +#CONFIG_TLSV12=y + +# If CONFIG_TLS=internal is used, additional library and include paths are +# needed for LibTomMath. Alternatively, an integrated, minimal version of +# LibTomMath can be used. See beginning of libtommath.c for details on benefits +# and drawbacks of this option. +#CONFIG_INTERNAL_LIBTOMMATH=y +#ifndef CONFIG_INTERNAL_LIBTOMMATH +#LTM_PATH=/usr/src/libtommath-0.39 +#CFLAGS += -I$(LTM_PATH) +#LIBS += -L$(LTM_PATH) +#LIBS_p += -L$(LTM_PATH) +#endif +# At the cost of about 4 kB of additional binary size, the internal LibTomMath +# can be configured to include faster routines for exptmod, sqr, and div to +# speed up DH and RSA calculation considerably +#CONFIG_INTERNAL_LIBTOMMATH_FAST=y + +# Interworking (IEEE 802.11u) +# This can be used to enable functionality to improve interworking with +# external networks. +#CONFIG_INTERWORKING=y + +# Hotspot 2.0 +#CONFIG_HS20=y + +# Enable SQLite database support in hlr_auc_gw, EAP-SIM DB, and eap_user_file +#CONFIG_SQLITE=y + +# Testing options +# This can be used to enable some testing options (see also the example +# configuration file) that are really useful only for testing clients that +# connect to this hostapd. These options allow, for example, to drop a +# certain percentage of probe requests or auth/(re)assoc frames. +# +#CONFIG_TESTING_OPTIONS=y + +# Automatic Channel Selection +# This will allow hostapd to pick the channel automatically when channel is set +# to "acs_survey" or "0". Eventually, other ACS algorithms can be added in +# similar way. +# +# Automatic selection is currently only done through initialization, later on +# we hope to do background checks to keep us moving to more ideal channels as +# time goes by. ACS is currently only supported through the nl80211 driver and +# your driver must have survey dump capability that is filled by the driver +# during scanning. +# +# You can customize the ACS survey algorithm with the hostapd.conf variable +# acs_num_scans. +# +# Supported ACS drivers: +# * ath9k +# * ath5k +# * ath10k +# +# For more details refer to: +# http://wireless.kernel.org/en/users/Documentation/acs +# +#CONFIG_ACS=y diff --git a/net/hostapd29/files/hostapd.in b/net/hostapd29/files/hostapd.in new file mode 100644 index 000000000000..b6e717098472 --- /dev/null +++ b/net/hostapd29/files/hostapd.in @@ -0,0 +1,39 @@ +#!/bin/sh + +# PROVIDE: hostapd +# REQUIRE: mountcritremote +# KEYWORD: nojail shutdown + +. /etc/rc.subr + +name="hostapd" +desc="Authenticator for IEEE 802.11 networks" +# +# This portion of this rc.script is different from base. +case ${command} in +/usr/sbin/hostapd) # Assume user does not want base hostapd because + # user specified WITHOUT_WIRELESS in make.conf + # and /etc/defaults/rc.conf contains this value. + unset command;; +esac +command=${hostapd_program:-%%PREFIX%%/sbin/hostapd} +# End of differences from base. The rest of the file should remain the same. + +ifn="$2" +if [ -z "$ifn" ]; then + rcvar="hostapd_enable" + conf_file="/etc/${name}.conf" + pidfile="/var/run/${name}.pid" +else + rcvar= + conf_file="/etc/${name}-${ifn}.conf" + pidfile="/var/run/${name}-${ifn}.pid" +fi + +command_args="-P ${pidfile} -B ${conf_file}" +required_files="${conf_file}" +required_modules="wlan_xauth wlan_wep wlan_tkip wlan_ccmp" +extra_commands="reload" + +load_rc_config ${name} +run_rc_command "$1" diff --git a/net/hostapd29/files/patch-src-l2_packet-l2_packet_freebsd.c b/net/hostapd29/files/patch-src-l2_packet-l2_packet_freebsd.c new file mode 100644 index 000000000000..8b34e0fbdd89 --- /dev/null +++ b/net/hostapd29/files/patch-src-l2_packet-l2_packet_freebsd.c @@ -0,0 +1,14 @@ +--- src/l2_packet/l2_packet_freebsd.c.orig 2014-06-04 13:26:14 UTC ++++ src/l2_packet/l2_packet_freebsd.c +@@ -8,7 +8,10 @@ + */ + + #include "includes.h" +-#if defined(__APPLE__) || defined(__GLIBC__) ++#if defined(__FreeBSD__) \ ++ || defined(__DragonFly__) \ ++ || defined(__APPLE__) \ ++ || defined(__GLIBC__) + #include <net/bpf.h> + #endif /* __APPLE__ */ + #include <pcap.h> diff --git a/net/hostapd29/files/patch-src_common_dhcp.h b/net/hostapd29/files/patch-src_common_dhcp.h new file mode 100644 index 000000000000..f88d1921a380 --- /dev/null +++ b/net/hostapd29/files/patch-src_common_dhcp.h @@ -0,0 +1,25 @@ +--- src/common/dhcp.h.orig 2018-12-02 11:34:59.000000000 -0800 ++++ src/common/dhcp.h 2018-12-06 00:01:11.429254000 -0800 +@@ -9,6 +9,22 @@ + #ifndef DHCP_H + #define DHCP_H + ++/* ++ * Translate Linux to FreeBSD ++ */ ++#define iphdr ip ++#define ihl ip_hl ++#define verson ip_v ++#define tos ip_tos ++#define tot_len ip_len ++#define id ip_id ++#define frag_off ip_off ++#define ttl ip_ttl ++#define protocol ip_p ++#define check ip_sum ++#define saddr ip_src ++#define daddr ip_dst ++ + #include <netinet/ip.h> + #if __FAVOR_BSD + #include <netinet/udp.h> diff --git a/net/hostapd29/files/patch-src_drivers_driver__bsd.c b/net/hostapd29/files/patch-src_drivers_driver__bsd.c new file mode 100644 index 000000000000..fe3064586710 --- /dev/null +++ b/net/hostapd29/files/patch-src_drivers_driver__bsd.c @@ -0,0 +1,60 @@ +--- src/drivers/driver_bsd.c.orig 2019-08-07 06:25:25.000000000 -0700 ++++ src/drivers/driver_bsd.c 2021-06-13 23:10:12.570253000 -0700 +@@ -649,7 +649,7 @@ + len = 2048; + } + +- return len; ++ return (len == 0) ? 2048 : len; + } + + #ifdef HOSTAPD +@@ -665,7 +665,11 @@ + static int bsd_sta_deauth(void *priv, const u8 *own_addr, const u8 *addr, + u16 reason_code); + ++#ifdef __DragonFly__ ++const char * ++#else + static const char * ++#endif + ether_sprintf(const u8 *addr) + { + static char buf[sizeof(MACSTR)]; +@@ -1080,7 +1084,14 @@ + mode = 0 /* STA */; + break; + case IEEE80211_MODE_IBSS: ++ /* ++ * Ref bin/203086 - FreeBSD's net80211 currently uses ++ * IFM_IEEE80211_ADHOC. ++ */ ++#if 0 + mode = IFM_IEEE80211_IBSS; ++#endif ++ mode = IFM_IEEE80211_ADHOC; + break; + case IEEE80211_MODE_AP: + mode = IFM_IEEE80211_HOSTAP; +@@ -1336,14 +1347,18 @@ + drv = bsd_get_drvindex(global, ifm->ifm_index); + if (drv == NULL) + return; +- if ((ifm->ifm_flags & IFF_UP) == 0 && +- (drv->flags & IFF_UP) != 0) { ++ if (((ifm->ifm_flags & IFF_UP) == 0 || ++ (ifm->ifm_flags & IFF_RUNNING) == 0) && ++ (drv->flags & IFF_UP) != 0 && ++ (drv->flags & IFF_RUNNING) != 0) { + wpa_printf(MSG_DEBUG, "RTM_IFINFO: Interface '%s' DOWN", + drv->ifname); + wpa_supplicant_event(drv->ctx, EVENT_INTERFACE_DISABLED, + NULL); + } else if ((ifm->ifm_flags & IFF_UP) != 0 && +- (drv->flags & IFF_UP) == 0) { ++ (ifm->ifm_flags & IFF_RUNNING) != 0 && ++ ((drv->flags & IFF_UP) == 0 || ++ (drv->flags & IFF_RUNNING) == 0)) { + wpa_printf(MSG_DEBUG, "RTM_IFINFO: Interface '%s' UP", + drv->ifname); + wpa_supplicant_event(drv->ctx, EVENT_INTERFACE_ENABLED, diff --git a/net/hostapd29/files/patch-src_utils_os.h b/net/hostapd29/files/patch-src_utils_os.h new file mode 100644 index 000000000000..e92661256d5f --- /dev/null +++ b/net/hostapd29/files/patch-src_utils_os.h @@ -0,0 +1,17 @@ +--- src/utils/os.h.orig 2016-09-17 20:36:13 UTC ++++ src/utils/os.h +@@ -246,12 +246,14 @@ char * os_readfile(const char *name, siz + */ + int os_file_exists(const char *fname); + ++#if !defined __FreeBSD__ && !defined __DragonFly__ + /** + * os_fdatasync - Sync a file's (for a given stream) state with storage device + * @stream: the stream to be flushed + * Returns: 0 if the operation succeeded or -1 on failure + */ + int os_fdatasync(FILE *stream); ++#endif + + /** + * os_zalloc - Allocate and zero memory diff --git a/net/hostapd29/files/patch-src_utils_os__unix.c b/net/hostapd29/files/patch-src_utils_os__unix.c new file mode 100644 index 000000000000..c56eee136a44 --- /dev/null +++ b/net/hostapd29/files/patch-src_utils_os__unix.c @@ -0,0 +1,18 @@ +--- src/utils/os_unix.c.orig 2015-09-27 19:02:05 UTC ++++ src/utils/os_unix.c +@@ -442,6 +442,7 @@ int os_file_exists(const char *fname) + } + + ++#if !defined __FreeBSD__ && !defined __DragonFly__ + int os_fdatasync(FILE *stream) + { + if (!fflush(stream)) { +@@ -459,6 +460,7 @@ int os_fdatasync(FILE *stream) + + return -1; + } ++#endif + + + #ifndef WPA_TRACE diff --git a/net/hostapd29/files/patch-src_wps_wps__upnp.c b/net/hostapd29/files/patch-src_wps_wps__upnp.c new file mode 100644 index 000000000000..1e3651d33162 --- /dev/null +++ b/net/hostapd29/files/patch-src_wps_wps__upnp.c @@ -0,0 +1,20 @@ +--- src/wps/wps_upnp.c.orig 2015-03-15 17:30:39 UTC ++++ src/wps/wps_upnp.c +@@ -837,7 +837,7 @@ fail: + } + + +-#if defined(__FreeBSD__) || defined(__FreeBSD_kernel__) ++#if defined(__FreeBSD__) || defined(__FreeBSD_kernel__) || defined(__DragonFly__) + #include <sys/sysctl.h> + #include <net/route.h> + #include <net/if_dl.h> +@@ -924,7 +924,7 @@ int get_netif_info(const char *net_if, u + goto fail; + } + os_memcpy(mac, req.ifr_addr.sa_data, 6); +-#elif defined(__FreeBSD__) || defined(__FreeBSD_kernel__) ++#elif defined(__FreeBSD__) || defined(__FreeBSD_kernel__) || defined(__DragonFly__) + if (eth_get(net_if, mac) < 0) { + wpa_printf(MSG_ERROR, "WPS UPnP: Failed to get MAC address"); + goto fail; diff --git a/net/hostapd29/pkg-descr b/net/hostapd29/pkg-descr new file mode 100644 index 000000000000..a3c019c9df0e --- /dev/null +++ b/net/hostapd29/pkg-descr @@ -0,0 +1,12 @@ +hostapd is a user space daemon for access point and authentication +servers. It implements IEEE 802.11 access point management, IEEE +802.1X/WPA/WPA2/EAP Authenticators, RADIUS client, EAP server, and +RADIUS authentication server. The current version supports Linux +(Host AP, madwifi, mac80211-based drivers) and FreeBSD (net80211). + +Add the following to /etc/rc.conf to use the ports version instead +of the base version: + + hostapd_program="/usr/local/sbin/hostapd" + +WWW: https://w1.fi/hostapd/ diff --git a/net/hostapd29/pkg-message b/net/hostapd29/pkg-message new file mode 100644 index 000000000000..43d22d9a1e7d --- /dev/null +++ b/net/hostapd29/pkg-message @@ -0,0 +1,10 @@ +[ +{ type: install + message: <<EOM +Add the following to /etc/rc.conf to use the ports version instead +of the base version: + + hostapd_program="/usr/local/sbin/hostapd" +EOM +} +] diff --git a/security/Makefile b/security/Makefile index d8393de07c7f..3f898cfbdebe 100644 --- a/security/Makefile +++ b/security/Makefile @@ -1258,6 +1258,7 @@ SUBDIR += wolfssh SUBDIR += wolfssl SUBDIR += wpa_supplicant + SUBDIR += wpa_supplicant29 SUBDIR += wpa_supplicant-devel SUBDIR += xca SUBDIR += xinetd diff --git a/security/wpa_supplicant29/Makefile b/security/wpa_supplicant29/Makefile new file mode 100644 index 000000000000..7b23c34cd7cb --- /dev/null +++ b/security/wpa_supplicant29/Makefile @@ -0,0 +1,229 @@ +PORTNAME= wpa_supplicant +PORTVERSION= 2.9 +PORTREVISION= 11 +CATEGORIES= security net +MASTER_SITES= https://w1.fi/releases/ + +PATCH_SITES= https://w1.fi/security/2020-1/ \ + https://w1.fi/security/2021-1/ +PATCHFILES= 0001-WPS-UPnP-Do-not-allow-event-subscriptions-with-URLs-.patch:-p1 \ + 0002-WPS-UPnP-Fix-event-message-generation-using-a-long-U.patch:-p1 \ + 0003-WPS-UPnP-Handle-HTTP-initiation-failures-for-events-.patch:-p1 \ + 0001-P2P-Fix-a-corner-case-in-peer-addition-based-on-PD-R.patch:-p1 + +MAINTAINER= cy@FreeBSD.org +COMMENT= Supplicant (client) for WPA/802.1x protocols + +LICENSE= BSD3CLAUSE +LICENSE_FILE= ${WRKSRC}/README + +USES= cpe gmake pkgconfig:build readline ssl +BUILD_WRKSRC= ${WRKSRC}/wpa_supplicant +INSTALL_WRKSRC= ${WRKSRC}/src +CFLAGS+= ${CPPFLAGS} # USES=readline only augments CPPFLAGS and LDFLAGS +CFLAGS+= -I${OPENSSLINC} +LDFLAGS+= -L${OPENSSLLIB} -lutil +MAKE_ENV= V=1 + +SUB_FILES= pkg-message +PORTDOCS= README ChangeLog + +CFG= ${BUILD_WRKSRC}/.config + +.if !exists(/etc/rc.d/wpa_supplicant) +USE_RC_SUBR= wpa_supplicant +.endif + +OPTIONS_MULTI= DRV EAP +OPTIONS_MULTI_DRV= BSD WIRED NDIS TEST NONE #ROBOSWITCH +OPTIONS_MULTI_EAP= TLS PEAP TTLS MD5 MSCHAPV2 GTC LEAP OTP PSK FAST \ + SIM PWD PAX AKA AKA_PRIME SAKE GPSK TNC IKEV2 EKE +OPTIONS_DEFINE= WPS WPS_ER WPS_NOREG WPS_NFC WPS_UPNP PKCS12 SMARTCARD \ + HT_OVERRIDES VHT_OVERRIDES TLSV12 IEEE80211W \ + IEEE80211R DEBUG_FILE DEBUG_SYSLOG PRIVSEP \ + DELAYED_MIC IEEE80211N IEEE80211AC INTERWORKING \ + IEEE8021X_EAPOL EAPOL_TEST \ + HS20 NO_ROAMING P2P TDLS DBUS MATCH DOCS \ + SIM_SIMULATOR USIM_SIMULATOR +OPTIONS_DEFAULT= BSD WIRED \ + TLS PEAP TTLS MD5 MSCHAPV2 GTC LEAP OTP PSK \ + WPS PKCS12 SMARTCARD IEEE80211R DEBUG_SYSLOG \ + INTERWORKING HS20 DBUS MATCH IEEE80211R IEEE80211W \ + IEEE8021X_EAPOL WPS_ER WPS_NFC WPS_UPNP \ + FAST PWD PAX SAKE GPSK TNC IKEV2 EKE +OPTIONS_SUB= + +WPS_DESC= Wi-Fi Protected Setup +WPS_ER_DESC= Enable WPS External Registrar +WPS_NOREG_DESC= Disable open network credentials when registrar +WPS_NFC_DESC= Near Field Communication (NFC) configuration +WPS_UPNP_DESC= Universal Plug and Play support +PKCS12_DESC= PKCS\#12 (PFS) support +SMARTCARD_DESC= Private key on smartcard support +HT_OVERRIDES_DESC= Disable HT/HT40, mask MCS rates, etc +VHT_OVERRIDES_DESC= Disable VHT, mask MCS rates, etc +TLSV12_DESC= Build with TLS v1.2 instead of TLS v1.0 +IEEE80211AC_DESC= Very High Throughput, AP mode (IEEE 802.11ac) +IEEE80211N_DESC= High Throughput, AP mode (IEEE 802.11n) +IEEE80211R_DESC= Fast BSS Transition (IEEE 802.11r-2008) +IEEE80211W_DESC= Management Frame Protection (IEEE 802.11w) +IEEE8021X_EAPOL_DESC= EAP over LAN support +EAPOL_TEST_DESC= Development testing +DEBUG_FILE_DESC= Support for writing debug log to a file +DEBUG_SYSLOG_DESC= Send debug messages to syslog instead of stdout +PRIVSEP_DESC= Privilege separation +DELAYED_MIC_DESC= Mitigate TKIP attack, random delay on MIC errors +INTERWORKING_DESC= Improve ext. network interworking (IEEE 802.11u) +HS20_DESC= Hotspot 2.0 +NO_ROAMING_DESC= Disable roaming +P2P_DESC= Peer-to-Peer support +TDLS_DESC= Tunneled Direct Link Setup +MATCH_DESC= Interface match mode + +DRV_DESC= Driver options +BSD_DESC= BSD net80211 interface +NDIS_DESC= Windows NDIS interface +WIRED_DESC= Wired ethernet interface +ROBOSWITCH_DESC= Broadcom Roboswitch interface +TEST_DESC= Development testing interface +NONE_DESC= The 'no driver' interface, e.g. WPS ER only + +EAP_DESC= Extensible Authentication Protocols +TLS_DESC= Transport Layer Security +PEAP_DESC= Protected Extensible Authentication Protocol +TTLS_DESC= Tunneled Transport Layer Security +MD5_DESC= MD5 hash (deprecated, no key generation) +MSCHAPV2_DESC= Microsoft CHAP version 2 (RFC 2759) +GTC_DESC= Generic Token Card +LEAP_DESC= Lightweight Extensible Authentication Protocol +OTP_DESC= One-Time Password +PSK_DESC= Pre-Shared key +FAST_DESC= Flexible Authentication via Secure Tunneling +AKA_DESC= Autentication and Key Agreement (UMTS) +AKA_PRIME_DESC= AKA Prime variant (RFC 5448) +EKE_DESC= Encrypted Key Exchange +SIM_DESC= Subscriber Identity Module +SIM_SIMULATOR_DESC= SIM simulator (Milenage) for EAP-SIM +USIM_SIMULATOR_DESC= SIM simulator (Milenage) for EAP-AKA +IKEV2_DESC= Internet Key Exchange version 2 +PWD_DESC= Shared password (RFC 5931) +PAX_DESC= Password Authenticated Exchange +SAKE_DESC= Shared-Secret Authentication & Key Establishment +GPSK_DESC= Generalized Pre-Shared Key +TNC_DESC= Trusted Network Connect + +PRIVSEP_PLIST_FILES= sbin/wpa_priv +DBUS_PLIST_FILES= share/dbus-1/system-services/fi.w1.wpa_supplicant1.service \ + etc/dbus-1/system.d/dbus-wpa_supplicant.conf + +.include <bsd.port.pre.mk> + +.if ${PORT_OPTIONS:MNDIS} && ${PORT_OPTIONS:MPRIVSEP} +BROKEN= Fails to compile with both NDIS and PRIVSEP +.endif + +.if ${PORT_OPTIONS:MIEEE80211AC} && ${PORT_OPTIONS:MIEEE80211N} +BROKEN= Fails to compile with both IEEE80211AC and IEEE80211N +.endif + +.if ${PORT_OPTIONS:MSIM} || ${PORT_OPTIONS:MAKA} || ${PORT_OPTIONS:MAKA_PRIME} +LIB_DEPENDS+= libpcsclite.so:devel/pcsc-lite +CFLAGS+= -I${LOCALBASE}/include/PCSC +LDFLAGS+= -L${LOCALBASE}/lib +.endif + +.if ${PORT_OPTIONS:MDBUS} +LIB_DEPENDS+= libdbus-1.so:devel/dbus +.endif + +post-patch: + @${CP} ${FILESDIR}/Packet32.[ch] ${FILESDIR}/ntddndis.h \ + ${WRKSRC}/src/utils + # Set driver(s) +.for item in BSD NDIS WIRED ROBOSWITCH TEST NONE +. if ${PORT_OPTIONS:M${item}} + @${ECHO_CMD} CONFIG_DRIVER_${item}=y >> ${CFG} +. endif +.endfor + # Set EAP protocol(s) +.for item in MD5 MSCHAPV2 TLS PEAP TTLS FAST GTC OTP PSK PWD PAX LEAP SIM \ + AKA AKA_PRIME SAKE GPSK TNC IKEV2 EKE +. if ${PORT_OPTIONS:M${item}} + @${ECHO_CMD} CONFIG_EAP_${item:tu}=y >> ${CFG} +. endif +.endfor +.if ${PORT_OPTIONS:MSIM} || ${PORT_OPTIONS:MAKA} || ${PORT_OPTIONS:MAKA_PRIME} + @${ECHO_CMD} CONFIG_PCSC=y >> ${CFG} +.endif +.for simple in WPS WPS_ER WPS_NFC WPS_UPNP PKCS12 SMARTCARD HT_OVERRIDES \ + VHT_OVERRIDES TLSV12 IEEE80211AC IEEE80211N IEEE80211R IEEE80211W \ + IEEE8021X_EAPOL EAPOL_TEST \ + INTERWORKING DEBUG_FILE DEBUG_SYSLOG HS20 NO_ROAMING PRIVSEP P2P TDLS +. if ${PORT_OPTIONS:M${simple}} + @${ECHO_CMD} CONFIG_${simple}=y >> ${CFG} +. endif +.endfor +.for item in READLINE PEERKEY + @${ECHO_CMD} CONFIG_${item}=y >> ${CFG} +.endfor +.if ${PORT_OPTIONS:MIEEE80211AC} || ${PORT_OPTIONS:MIEEE80211N} + @${ECHO_CMD} CONFIG_AP=y >> ${CFG} +.endif +.if ${PORT_OPTIONS:MGPSK} + # GPSK desired, assume highest SHA desired too + @${ECHO_CMD} CONFIG_EAP_GPSK_SHA256=y >> ${CFG} +.endif +.if ${PORT_OPTIONS:MWPS_NOREG} + @${ECHO_CMD} CONFIG_WPS_REG_DISABLE_OPEN=y >> ${CFG} +.endif +.if ${PORT_OPTIONS:MDELAYED_MIC} + @${ECHO_CMD} CONFIG_DELAYED_MIC_ERROR_REPORT=y >> ${CFG} +.endif +.if ${PORT_OPTIONS:MDBUS} + @${ECHO_CMD} CONFIG_CTRL_IFACE_DBUS_NEW=y >> ${CFG} + @${ECHO_CMD} CONFIG_CTRL_IFACE_DBUS_INTRO=y >> ${CFG} +.endif +.if ${PORT_OPTIONS:MMATCH} + @${ECHO_CMD} CONFIG_MATCH_IFACE=y >> ${CFG} +.endif +.if ${PORT_OPTIONS:MUSIM_SIMULATOR} + @${ECHO_CMD} CONFIG_USIM_SIMULATOR=y >> ${CFG} +.endif +.if ${PORT_OPTIONS:MSIM_SIMULATOR} + @${ECHO_CMD} CONFIG_SIM_SIMULATOR=y >> ${CFG} +.endif + @${ECHO_CMD} CONFIG_OS=unix >> ${CFG} + @${ECHO_CMD} CONFIG_CTRL_IFACE=unix >> ${CFG} + @${ECHO_CMD} CONFIG_BACKEND=file >> ${CFG} + @${ECHO_CMD} CONFIG_L2_PACKET=freebsd >> ${CFG} + @${ECHO_CMD} CONFIG_TLS=openssl >> ${CFG} + +post-build-EAPOL_TEST-on: + cd ${BUILD_WRKSRC} && ${GMAKE} eapol_test + +do-install: + (cd ${BUILD_WRKSRC} && ${INSTALL_PROGRAM} wpa_supplicant wpa_cli \ + wpa_passphrase ${STAGEDIR}${PREFIX}/sbin) + ${INSTALL_DATA} ${BUILD_WRKSRC}/wpa_supplicant.conf \ + ${STAGEDIR}${PREFIX}/etc/wpa_supplicant.conf.sample + +do-install-EAPOL_TEST-on: + ${INSTALL_PROGRAM} ${BUILD_WRKSRC}/eapol_test ${STAGEDIR}${PREFIX}/sbin + +do-install-DOCS-on: + @${MKDIR} ${STAGEDIR}${DOCSDIR} + (cd ${BUILD_WRKSRC} && \ + ${INSTALL_DATA} ${PORTDOCS} ${STAGEDIR}${DOCSDIR}) + +do-install-PRIVSEP-on: + ${INSTALL_PROGRAM} ${BUILD_WRKSRC}/wpa_priv ${STAGEDIR}${PREFIX}/sbin + +do-install-DBUS-on: + @${MKDIR} ${STAGEDIR}${PREFIX}/share/dbus-1/system-services/ + @${MKDIR} ${STAGEDIR}${PREFIX}/etc/dbus-1/system.d/ + ${INSTALL_DATA} ${BUILD_WRKSRC}/dbus/fi.w1.wpa_supplicant1.service \ + ${STAGEDIR}${PREFIX}/share/dbus-1/system-services/ + ${INSTALL_DATA} ${BUILD_WRKSRC}/dbus/dbus-wpa_supplicant.conf \ + ${STAGEDIR}${PREFIX}/etc/dbus-1/system.d/ + +.include <bsd.port.post.mk> diff --git a/security/wpa_supplicant29/distinfo b/security/wpa_supplicant29/distinfo new file mode 100644 index 000000000000..ecea4c5cfca6 --- /dev/null +++ b/security/wpa_supplicant29/distinfo @@ -0,0 +1,11 @@ +TIMESTAMP = 1615939959 +SHA256 (wpa_supplicant-2.9.tar.gz) = fcbdee7b4a64bea8177973299c8c824419c413ec2e3a95db63dd6a5dc3541f17 +SIZE (wpa_supplicant-2.9.tar.gz) = 3231785 +SHA256 (0001-WPS-UPnP-Do-not-allow-event-subscriptions-with-URLs-.patch) = 2d9a5b9d616f1b4aa4a22b967cee866e2f69b798b0b46803a7928c8559842bd7 +SIZE (0001-WPS-UPnP-Do-not-allow-event-subscriptions-with-URLs-.patch) = 5909 +SHA256 (0002-WPS-UPnP-Fix-event-message-generation-using-a-long-U.patch) = 49feb35a5276279b465f6836d6fa2c6b34d94dc979e8b840d1918865c04260de +SIZE (0002-WPS-UPnP-Fix-event-message-generation-using-a-long-U.patch) = 2284 +SHA256 (0003-WPS-UPnP-Handle-HTTP-initiation-failures-for-events-.patch) = a8212a2d89a5bab2824d22b6047e7740553df163114fcec94832bfa9c5c5d78a +SIZE (0003-WPS-UPnP-Handle-HTTP-initiation-failures-for-events-.patch) = 1553 +SHA256 (0001-P2P-Fix-a-corner-case-in-peer-addition-based-on-PD-R.patch) = 7f40cfec5faf5e927ea9028ab9392cd118685bde7229ad24210caf0a8f6e9611 +SIZE (0001-P2P-Fix-a-corner-case-in-peer-addition-based-on-PD-R.patch) = 1751 diff --git a/security/wpa_supplicant29/files/Packet32.c b/security/wpa_supplicant29/files/Packet32.c new file mode 100644 index 000000000000..95cae8c5c975 --- /dev/null +++ b/security/wpa_supplicant29/files/Packet32.c @@ -0,0 +1,366 @@ +/*- + * Copyright (c) 2005 + * Bill Paul <wpaul@windriver.com>. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by Bill Paul. + * 4. Neither the name of the author nor the names of any co-contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY Bill Paul AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL Bill Paul OR THE VOICES IN HIS HEAD + * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF + * THE POSSIBILITY OF SUCH DAMAGE. + */ + +/* + * This file implements a small portion of the Winpcap API for the + * Windows NDIS interface in wpa_supplicant. It provides just enough + * routines to fool wpa_supplicant into thinking it's really running + * in a Windows environment. + */ + +#include <sys/types.h> +#include <sys/param.h> +#include <sys/socket.h> +#include <sys/ioctl.h> +#include <sys/errno.h> +#include <sys/sysctl.h> +#include <sys/fcntl.h> +#include <net/if.h> +#include <net/if_dl.h> +#include <net/if_var.h> + +#include <netinet/in.h> +#include <arpa/inet.h> +#include <netdb.h> +#include <net/route.h> + +#ifdef __FreeBSD__ +#include <net80211/ieee80211_ioctl.h> +#endif +#ifdef __DragonFly__ +#include <netproto/802_11/ieee80211_ioctl.h> +#endif + +#include <stdio.h> +#include <string.h> +#include <stdlib.h> +#include <unistd.h> +#include <pcap.h> + +#include "Packet32.h" + +#define OID_802_11_ADD_KEY 0x0d01011D + +typedef ULONGLONG NDIS_802_11_KEY_RSC; +typedef UCHAR NDIS_802_11_MAC_ADDRESS[6]; + +typedef struct NDIS_802_11_KEY { + ULONG Length; + ULONG KeyIndex; + ULONG KeyLength; + NDIS_802_11_MAC_ADDRESS BSSID; + NDIS_802_11_KEY_RSC KeyRSC; + UCHAR KeyMaterial[1]; +} NDIS_802_11_KEY; + +typedef struct NDIS_802_11_KEY_COMPAT { + ULONG Length; + ULONG KeyIndex; + ULONG KeyLength; + NDIS_802_11_MAC_ADDRESS BSSID; + UCHAR Pad[6]; /* Make struct layout match Windows. */ + NDIS_802_11_KEY_RSC KeyRSC; +#ifdef notdef + UCHAR KeyMaterial[1]; +#endif +} NDIS_802_11_KEY_COMPAT; + +#define TRUE 1 +#define FALSE 0 + +struct adapter { + int socket; + char name[IFNAMSIZ]; + int prev_roaming; +}; + +PCHAR +PacketGetVersion(void) +{ + return("FreeBSD WinPcap compatibility shim v1.0"); +} + +void * +PacketOpenAdapter(CHAR *iface) +{ + struct adapter *a; + int s; + int ifflags; + struct ifreq ifr; + struct ieee80211req ireq; + + s = socket(PF_INET, SOCK_DGRAM, 0); + + if (s == -1) + return(NULL); + + a = malloc(sizeof(struct adapter)); + if (a == NULL) + return(NULL); + + a->socket = s; + if (strncmp(iface, "\\Device\\NPF_", 12) == 0) + iface += 12; + else if (strncmp(iface, "\\DEVICE\\", 8) == 0) + iface += 8; + snprintf(a->name, IFNAMSIZ, "%s", iface); + + /* Turn off net80211 roaming */ + bzero((char *)&ireq, sizeof(ireq)); + strncpy(ireq.i_name, iface, sizeof (ifr.ifr_name)); + ireq.i_type = IEEE80211_IOC_ROAMING; + if (ioctl(a->socket, SIOCG80211, &ireq) == 0) { + a->prev_roaming = ireq.i_val; + ireq.i_val = IEEE80211_ROAMING_MANUAL; + if (ioctl(a->socket, SIOCS80211, &ireq) < 0) + fprintf(stderr, + "Could not set IEEE80211_ROAMING_MANUAL\n"); + } + + bzero((char *)&ifr, sizeof(ifr)); + strncpy(ifr.ifr_name, iface, sizeof (ifr.ifr_name)); + if (ioctl(a->socket, SIOCGIFFLAGS, (caddr_t)&ifr) < 0) { + free(a); + close(s); + return(NULL); + } + ifr.ifr_flags |= IFF_UP; + if (ioctl(a->socket, SIOCSIFFLAGS, (caddr_t)&ifr) < 0) { + free(a); + close(s); + return(NULL); + } + + return(a); +} + +int +PacketRequest(void *iface, BOOLEAN set, PACKET_OID_DATA *oid) +{ + struct adapter *a; + uint32_t retval; + struct ifreq ifr; + NDIS_802_11_KEY *old; + NDIS_802_11_KEY_COMPAT *new; + PACKET_OID_DATA *o = NULL; + + if (iface == NULL) + return(-1); + + a = iface; + bzero((char *)&ifr, sizeof(ifr)); + + /* + * This hack is necessary to work around a difference + * betwee the GNU C and Microsoft C compilers. The NDIS_802_11_KEY + * structure has a uint64_t in it, right after an array of + * chars. The Microsoft compiler inserts padding right before + * the 64-bit value to align it on a 64-bit boundary, but + * GCC only aligns it on a 32-bit boundary. Trying to pass + * the GCC-formatted structure to an NDIS binary driver + * fails because some of the fields appear to be at the + * wrong offsets. + * + * To get around this, if we detect someone is trying to do + * a set operation on OID_802_11_ADD_KEY, we shuffle the data + * into a properly padded structure and pass that into the + * driver instead. This allows the driver_ndis.c code supplied + * with wpa_supplicant to work unmodified. + */ + + if (set == TRUE && oid->Oid == OID_802_11_ADD_KEY) { + old = (NDIS_802_11_KEY *)&oid->Data; + o = malloc(sizeof(PACKET_OID_DATA) + + sizeof(NDIS_802_11_KEY_COMPAT) + old->KeyLength); + if (o == NULL) + return(0); + bzero((char *)o, sizeof(PACKET_OID_DATA) + + sizeof(NDIS_802_11_KEY_COMPAT) + old->KeyLength); + o->Oid = oid->Oid; + o->Length = sizeof(NDIS_802_11_KEY_COMPAT) + old->KeyLength; + new = (NDIS_802_11_KEY_COMPAT *)&o->Data; + new->KeyRSC = old->KeyRSC; + new->Length = o->Length; + new->KeyIndex = old->KeyIndex; + new->KeyLength = old->KeyLength; + bcopy(old->BSSID, new->BSSID, sizeof(NDIS_802_11_MAC_ADDRESS)); + bcopy(old->KeyMaterial, (char *)new + + sizeof(NDIS_802_11_KEY_COMPAT), new->KeyLength); + ifr.ifr_data = (caddr_t)o; + } else + ifr.ifr_data = (caddr_t)oid; + + strlcpy(ifr.ifr_name, a->name, sizeof(ifr.ifr_name)); + + if (set == TRUE) + retval = ioctl(a->socket, SIOCSDRVSPEC, &ifr); + else + retval = ioctl(a->socket, SIOCGDRVSPEC, &ifr); + + if (o != NULL) + free(o); + + if (retval) + return(0); + + return(1); +} + +int +PacketGetAdapterNames(CHAR *namelist, ULONG *len) +{ + int mib[6]; + size_t needed; + struct if_msghdr *ifm; + struct sockaddr_dl *sdl; + char *buf, *lim, *next; + char *plist; + int spc; + int i, ifcnt = 0; + + plist = namelist; + spc = 0; + + bzero(plist, *len); + + needed = 0; + mib[0] = CTL_NET; + mib[1] = PF_ROUTE; + mib[2] = 0; /* protocol */ + mib[3] = 0; /* wildcard address family */ + mib[4] = NET_RT_IFLIST; + mib[5] = 0; /* no flags */ + + if (sysctl (mib, 6, NULL, &needed, NULL, 0) < 0) + return(FALSE); + + buf = malloc (needed); + if (buf == NULL) + return(FALSE); + + if (sysctl (mib, 6, buf, &needed, NULL, 0) < 0) { + free(buf); + return(FALSE); + } + + lim = buf + needed; + + /* Generate interface name list. */ + + next = buf; + while (next < lim) { + ifm = (struct if_msghdr *)next; + if (ifm->ifm_type == RTM_IFINFO) { + sdl = (struct sockaddr_dl *)(ifm + 1); + if (strnstr(sdl->sdl_data, "wlan", sdl->sdl_nlen)) { + if ((spc + sdl->sdl_nlen) > *len) { + free(buf); + return(FALSE); + } + strncpy(plist, sdl->sdl_data, sdl->sdl_nlen); + plist += (sdl->sdl_nlen + 1); + spc += (sdl->sdl_nlen + 1); + ifcnt++; + } + } + next += ifm->ifm_msglen; + } + + + /* Insert an extra "" as a spacer */ + + plist++; + spc++; + + /* + * Now generate the interface description list. There + * must be a unique description for each interface, and + * they have to match what the ndis_events program will + * feed in later. To keep this simple, we just repeat + * the interface list over again. + */ + + next = buf; + while (next < lim) { + ifm = (struct if_msghdr *)next; + if (ifm->ifm_type == RTM_IFINFO) { + sdl = (struct sockaddr_dl *)(ifm + 1); + if (strnstr(sdl->sdl_data, "wlan", sdl->sdl_nlen)) { + if ((spc + sdl->sdl_nlen) > *len) { + free(buf); + return(FALSE); + } + strncpy(plist, sdl->sdl_data, sdl->sdl_nlen); + plist += (sdl->sdl_nlen + 1); + spc += (sdl->sdl_nlen + 1); + ifcnt++; + } + } + next += ifm->ifm_msglen; + } + + free (buf); + + *len = spc + 1; + + return(TRUE); +} + +void +PacketCloseAdapter(void *iface) +{ + struct adapter *a; + struct ifreq ifr; + struct ieee80211req ireq; + + if (iface == NULL) + return; + + a = iface; + + /* Reset net80211 roaming */ + bzero((char *)&ireq, sizeof(ireq)); + strncpy(ireq.i_name, a->name, sizeof (ifr.ifr_name)); + ireq.i_type = IEEE80211_IOC_ROAMING; + ireq.i_val = a->prev_roaming; + ioctl(a->socket, SIOCS80211, &ireq); + + bzero((char *)&ifr, sizeof(ifr)); + strncpy(ifr.ifr_name, a->name, sizeof (ifr.ifr_name)); + ioctl(a->socket, SIOCGIFFLAGS, (caddr_t)&ifr); + ifr.ifr_flags &= ~IFF_UP; + ioctl(a->socket, SIOCSIFFLAGS, (caddr_t)&ifr); + close(a->socket); + free(a); + + return; +} diff --git a/security/wpa_supplicant29/files/Packet32.h b/security/wpa_supplicant29/files/Packet32.h new file mode 100644 index 000000000000..c75e5f9dfe91 --- /dev/null +++ b/security/wpa_supplicant29/files/Packet32.h @@ -0,0 +1,65 @@ +/*- + * Copyright (c) 2005 + * Bill Paul <wpaul@windriver.com>. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by Bill Paul. + * 4. Neither the name of the author nor the names of any co-contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY Bill Paul AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL Bill Paul OR THE VOICES IN HIS HEAD + * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF + * THE POSSIBILITY OF SUCH DAMAGE. + */ + +#ifndef _PACKET32_H_ +#define _PACKET32_H_ + +#include <sys/types.h> +#include <ntddndis.h> + +struct PACKET_OID_DATA { + uint32_t Oid; + uint32_t Length; + uint8_t Data[1]; +}; + + +typedef struct PACKET_OID_DATA PACKET_OID_DATA; + +extern PCHAR PacketGetVersion(void); +extern void *PacketOpenAdapter(CHAR *); +extern int PacketRequest(void *, BOOLEAN, PACKET_OID_DATA *); +extern int PacketGetAdapterNames(CHAR *, ULONG *); +extern void PacketCloseAdapter(void *); + +/* + * This is for backwards compatibility on FreeBSD 5. + */ + +#ifndef SIOCGDRVSPEC +#define SIOCSDRVSPEC _IOW('i', 123, struct ifreq) /* set driver-specific + parameters */ +#define SIOCGDRVSPEC _IOWR('i', 123, struct ifreq) /* get driver-specific + parameters */ +#endif + +#endif /* _PACKET32_H_ */ diff --git a/security/wpa_supplicant29/files/ntddndis.h b/security/wpa_supplicant29/files/ntddndis.h new file mode 100644 index 000000000000..0af0ce858b03 --- /dev/null +++ b/security/wpa_supplicant29/files/ntddndis.h @@ -0,0 +1,32 @@ +#ifndef _NTDDNDIS_H_ +#define _NTDDNDIS_H_ + +/* + * Fake up some of the Windows type definitions so that the NDIS + * interface module in wpa_supplicant will build. + */ + +#define ULONG uint32_t +#define USHORT uint16_t +#define UCHAR uint8_t +#define LONG int32_t +#define SHORT int16_t +#if __FreeBSD__ +#define CHAR char +#else +#define CHAR int8_t +#endif +#define ULONGLONG uint64_t +#define LONGLONG int64_t +#define BOOLEAN uint8_t +typedef void * LPADAPTER; +typedef char * PTSTR; +typedef char * PCHAR; + +#define TRUE 1 +#define FALSE 0 + +#define OID_802_3_CURRENT_ADDRESS 0x01010102 +#define OID_802_3_MULTICAST_LIST 0x01010103 + +#endif /* _NTDDNDIS_H_ */ diff --git a/security/wpa_supplicant29/files/patch-src_common_dhcp.h b/security/wpa_supplicant29/files/patch-src_common_dhcp.h new file mode 100644 index 000000000000..f88d1921a380 --- /dev/null +++ b/security/wpa_supplicant29/files/patch-src_common_dhcp.h @@ -0,0 +1,25 @@ +--- src/common/dhcp.h.orig 2018-12-02 11:34:59.000000000 -0800 ++++ src/common/dhcp.h 2018-12-06 00:01:11.429254000 -0800 +@@ -9,6 +9,22 @@ + #ifndef DHCP_H + #define DHCP_H + ++/* ++ * Translate Linux to FreeBSD ++ */ ++#define iphdr ip ++#define ihl ip_hl ++#define verson ip_v ++#define tos ip_tos ++#define tot_len ip_len ++#define id ip_id ++#define frag_off ip_off ++#define ttl ip_ttl ++#define protocol ip_p ++#define check ip_sum ++#define saddr ip_src ++#define daddr ip_dst ++ + #include <netinet/ip.h> + #if __FAVOR_BSD + #include <netinet/udp.h> diff --git a/security/wpa_supplicant29/files/patch-src_drivers_driver__bsd.c b/security/wpa_supplicant29/files/patch-src_drivers_driver__bsd.c new file mode 100644 index 000000000000..7c452ece7476 --- /dev/null +++ b/security/wpa_supplicant29/files/patch-src_drivers_driver__bsd.c @@ -0,0 +1,48 @@ +--- src/drivers/driver_bsd.c.orig 2019-08-07 06:25:25.000000000 -0700 ++++ src/drivers/driver_bsd.c 2021-06-13 23:07:14.016849000 -0700 +@@ -649,7 +649,7 @@ + len = 2048; + } + +- return len; ++ return (len == 0) ? 2048 : len; + } + + #ifdef HOSTAPD +@@ -1080,7 +1080,14 @@ + mode = 0 /* STA */; + break; + case IEEE80211_MODE_IBSS: ++ /* ++ * Ref bin/203086 - FreeBSD's net80211 currently uses ++ * IFM_IEEE80211_ADHOC. ++ */ ++#if 0 + mode = IFM_IEEE80211_IBSS; ++#endif ++ mode = IFM_IEEE80211_ADHOC; + break; + case IEEE80211_MODE_AP: + mode = IFM_IEEE80211_HOSTAP; +@@ -1336,14 +1343,18 @@ + drv = bsd_get_drvindex(global, ifm->ifm_index); + if (drv == NULL) + return; +- if ((ifm->ifm_flags & IFF_UP) == 0 && +- (drv->flags & IFF_UP) != 0) { ++ if (((ifm->ifm_flags & IFF_UP) == 0 || ++ (ifm->ifm_flags & IFF_RUNNING) == 0) && ++ (drv->flags & IFF_UP) != 0 && ++ (drv->flags & IFF_RUNNING) != 0) { + wpa_printf(MSG_DEBUG, "RTM_IFINFO: Interface '%s' DOWN", + drv->ifname); + wpa_supplicant_event(drv->ctx, EVENT_INTERFACE_DISABLED, + NULL); + } else if ((ifm->ifm_flags & IFF_UP) != 0 && +- (drv->flags & IFF_UP) == 0) { ++ (ifm->ifm_flags & IFF_RUNNING) != 0 && ++ ((drv->flags & IFF_UP) == 0 || ++ (drv->flags & IFF_RUNNING) == 0)) { + wpa_printf(MSG_DEBUG, "RTM_IFINFO: Interface '%s' UP", + drv->ifname); + wpa_supplicant_event(drv->ctx, EVENT_INTERFACE_ENABLED, diff --git a/security/wpa_supplicant29/files/patch-src_drivers_driver__ndis.c b/security/wpa_supplicant29/files/patch-src_drivers_driver__ndis.c new file mode 100644 index 000000000000..5c58337c4b3d --- /dev/null +++ b/security/wpa_supplicant29/files/patch-src_drivers_driver__ndis.c @@ -0,0 +1,89 @@ +--- src/drivers/driver_ndis.c.orig 2019-08-07 13:25:25 UTC ++++ src/drivers/driver_ndis.c +@@ -504,13 +504,13 @@ static int ndis_get_oid(struct wpa_drive + o->Length = len; + + if (!PacketRequest(drv->adapter, FALSE, o)) { +- wpa_printf(MSG_DEBUG, "%s: oid=0x%x len (%d) failed", ++ wpa_printf(MSG_DEBUG, "%s: oid=0x%x len (%lu) failed", + __func__, oid, len); + os_free(buf); + return -1; + } + if (o->Length > len) { +- wpa_printf(MSG_DEBUG, "%s: oid=0x%x Length (%d) > len (%d)", ++ wpa_printf(MSG_DEBUG, "%s: oid=0x%x Length (%d) > len (%lu)", + __func__, oid, (unsigned int) o->Length, len); + os_free(buf); + return -1; +@@ -573,7 +573,7 @@ static int ndis_set_oid(struct wpa_drive + os_memcpy(o->Data, data, len); + + if (!PacketRequest(drv->adapter, TRUE, o)) { +- wpa_printf(MSG_DEBUG, "%s: oid=0x%x len (%d) failed", ++ wpa_printf(MSG_DEBUG, "%s: oid=0x%x len (%lu) failed", + __func__, oid, len); + os_free(buf); + return -1; +@@ -1531,7 +1531,7 @@ static void wpa_driver_ndis_event_auth(s + + if (data_len < sizeof(*req)) { + wpa_printf(MSG_DEBUG, "NDIS: Too short Authentication Request " +- "Event (len=%d)", data_len); ++ "Event (len=%lu)", data_len); + return; + } + req = (NDIS_802_11_AUTHENTICATION_REQUEST *) data; +@@ -1565,7 +1565,7 @@ static void wpa_driver_ndis_event_pmkid( + + if (data_len < 8) { + wpa_printf(MSG_DEBUG, "NDIS: Too short PMKID Candidate List " +- "Event (len=%d)", data_len); ++ "Event (len=%lu)", data_len); + return; + } + pmkid = (NDIS_802_11_PMKID_CANDIDATE_LIST *) data; +@@ -1587,7 +1587,7 @@ static void wpa_driver_ndis_event_pmkid( + os_memset(&event, 0, sizeof(event)); + for (i = 0; i < pmkid->NumCandidates; i++) { + PMKID_CANDIDATE *p = &pmkid->CandidateList[i]; +- wpa_printf(MSG_DEBUG, "NDIS: %d: " MACSTR " Flags 0x%x", ++ wpa_printf(MSG_DEBUG, "NDIS: %lu: " MACSTR " Flags 0x%x", + i, MAC2STR(p->BSSID), (int) p->Flags); + os_memcpy(event.pmkid_candidate.bssid, p->BSSID, ETH_ALEN); + event.pmkid_candidate.index = i; +@@ -1778,7 +1778,7 @@ static void wpa_driver_ndis_get_capabili + "overflow"); + break; + } +- wpa_printf(MSG_MSGDUMP, "NDIS: %d - auth %d encr %d", ++ wpa_printf(MSG_MSGDUMP, "NDIS: %lu - auth %d encr %d", + i, (int) ae->AuthModeSupported, + (int) ae->EncryptStatusSupported); + switch (ae->AuthModeSupported) { +@@ -2106,7 +2106,11 @@ static int wpa_driver_ndis_get_names(str + dlen = dpos - desc; + else + dlen = os_strlen(desc); +- drv->adapter_desc = dup_binstr(desc, dlen); ++ drv->adapter_desc = os_malloc(dlen + 1); ++ if (drv->adapter_desc) { ++ os_memcpy(drv->adapter_desc, desc, dlen); ++ drv->adapter_desc[dlen] = '\0'; ++ } + os_free(b); + if (drv->adapter_desc == NULL) + return -1; +@@ -2274,7 +2278,11 @@ static int wpa_driver_ndis_get_names(str + } else { + dlen = os_strlen(desc[i]); + } +- drv->adapter_desc = dup_binstr(desc[i], dlen); ++ drv->adapter_desc = os_malloc(dlen + 1); ++ if (drv->adapter_desc) { ++ os_memcpy(drv->adapter_desc, desc[i], dlen); ++ drv->adapter_desc[dlen] = '\0'; ++ } + os_free(names); + if (drv->adapter_desc == NULL) + return -1; diff --git a/security/wpa_supplicant29/files/patch-src_l2__packet_l2__packet__freebsd.c b/security/wpa_supplicant29/files/patch-src_l2__packet_l2__packet__freebsd.c new file mode 100644 index 000000000000..5bce58b36950 --- /dev/null +++ b/security/wpa_supplicant29/files/patch-src_l2__packet_l2__packet__freebsd.c @@ -0,0 +1,12 @@ +--- src/l2_packet/l2_packet_freebsd.c.orig 2018-12-02 11:34:59.000000000 -0800 ++++ src/l2_packet/l2_packet_freebsd.c 2018-12-05 23:18:27.612433000 -0800 +@@ -8,7 +8,8 @@ + */ + + #include "includes.h" +-#if defined(__APPLE__) || defined(__GLIBC__) ++#include <sys/param.h> ++#if defined(__APPLE__) || defined(__GLIBC__) || defined(__FreeBSD_version) + #include <net/bpf.h> + #endif /* __APPLE__ */ + #include <pcap.h> diff --git a/security/wpa_supplicant29/files/patch-src_radius_radius__client.c b/security/wpa_supplicant29/files/patch-src_radius_radius__client.c new file mode 100644 index 000000000000..de86947f57b2 --- /dev/null +++ b/security/wpa_supplicant29/files/patch-src_radius_radius__client.c @@ -0,0 +1,12 @@ +--- src/radius/radius_client.c.orig 2019-08-07 06:25:25.000000000 -0700 ++++ src/radius/radius_client.c 2021-01-11 08:35:20.860835000 -0800 +@@ -814,6 +814,9 @@ + { + struct radius_client_data *radius = eloop_ctx; + struct hostapd_radius_servers *conf = radius->conf; ++#if defined(__clang_major__) && __clang_major__ >= 11 ++#pragma GCC diagnostic ignored "-Wvoid-pointer-to-enum-cast" ++#endif + RadiusType msg_type = (RadiusType) sock_ctx; + int len, roundtrip; + unsigned char buf[3000]; diff --git a/security/wpa_supplicant29/files/patch-src_wps_wps__upnp.c b/security/wpa_supplicant29/files/patch-src_wps_wps__upnp.c new file mode 100644 index 000000000000..1c7035e9a77d --- /dev/null +++ b/security/wpa_supplicant29/files/patch-src_wps_wps__upnp.c @@ -0,0 +1,34 @@ +--- src/wps/wps_upnp.c.orig 2020-06-08 14:40:50.402529000 -0700 ++++ src/wps/wps_upnp.c 2020-06-08 15:48:08.294830000 -0700 +@@ -861,7 +861,8 @@ + } + + +-#if defined(__FreeBSD__) || defined(__FreeBSD_kernel__) ++#if defined(__FreeBSD__) || defined(__FreeBSD_kernel__) \ ++ || defined(__DragonFly__) + #include <sys/sysctl.h> + #include <net/route.h> + #include <net/if_dl.h> +@@ -950,7 +951,11 @@ + errno, strerror(errno)); + goto fail; + } ++#if defined(__FreeBSD__) || defined(__FreeBSD_kernel__) ++ addr = (struct sockaddr_in *) &req.ifr_addr; ++#else + addr = (struct sockaddr_in *) &req.ifr_netmask; ++#endif + netmask->s_addr = addr->sin_addr.s_addr; + } + +@@ -962,7 +967,8 @@ + goto fail; + } + os_memcpy(mac, req.ifr_addr.sa_data, 6); +-#elif defined(__FreeBSD__) || defined(__FreeBSD_kernel__) ++#elif defined(__FreeBSD__) || defined(__FreeBSD_kernel__) \ ++ || defined(__DragonFly__) + if (eth_get(net_if, mac) < 0) { + wpa_printf(MSG_ERROR, "WPS UPnP: Failed to get MAC address"); + goto fail; diff --git a/security/wpa_supplicant29/files/patch-wpa__supplicant_Makefile b/security/wpa_supplicant29/files/patch-wpa__supplicant_Makefile new file mode 100644 index 000000000000..9f1393fb85da --- /dev/null +++ b/security/wpa_supplicant29/files/patch-wpa__supplicant_Makefile @@ -0,0 +1,17 @@ +--- wpa_supplicant/Makefile.orig 2015-03-15 17:30:39 UTC ++++ wpa_supplicant/Makefile +@@ -99,6 +99,14 @@ OBJS += ../src/utils/os_$(CONFIG_OS).o + OBJS_p += ../src/utils/os_$(CONFIG_OS).o + OBJS_c += ../src/utils/os_$(CONFIG_OS).o + ++ifdef CONFIG_DRIVER_NDIS ++OBJS += ../src/utils/Packet32.o ++ifdef CONFIG_PRIVSEP ++OBJS += ../src/drivers/driver_ndis.o ++endif ++OBJS_priv += ../src/utils/Packet32.o ++endif ++ + ifdef CONFIG_WPA_TRACE + CFLAGS += -DWPA_TRACE + OBJS += ../src/utils/trace.o diff --git a/security/wpa_supplicant29/files/patch-wpa__supplicant_main.c b/security/wpa_supplicant29/files/patch-wpa__supplicant_main.c new file mode 100644 index 000000000000..3042768f44d9 --- /dev/null +++ b/security/wpa_supplicant29/files/patch-wpa__supplicant_main.c @@ -0,0 +1,33 @@ +--- wpa_supplicant/main.c.orig 2016-11-05 20:56:30 UTC ++++ wpa_supplicant/main.c +@@ -66,7 +66,7 @@ static void usage(void) + " -c = Configuration file\n" + " -C = ctrl_interface parameter (only used if -c is not)\n" + " -d = increase debugging verbosity (-dd even more)\n" +- " -D = driver name (can be multiple drivers: nl80211,wext)\n" ++ " -D = driver name (can be multiple drivers: bsd,wired)\n" + " -e = entropy file\n" + #ifdef CONFIG_DEBUG_FILE + " -f = log output to debug file instead of stdout\n" +@@ -105,8 +105,7 @@ static void usage(void) + " -W = wait for a control interface monitor before starting\n"); + + printf("example:\n" +- " wpa_supplicant -D%s -iwlan0 -c/etc/wpa_supplicant.conf\n", +- wpa_drivers[0] ? wpa_drivers[0]->name : "nl80211"); ++ " wpa_supplicant -Dbsd -iwlan0 -c/etc/wpa_supplicant.conf\n"); + #endif /* CONFIG_NO_STDOUT_DEBUG */ + } + +@@ -199,6 +198,11 @@ int main(int argc, char *argv[]) + + wpa_supplicant_fd_workaround(1); + ++#ifdef CONFIG_DRIVER_NDIS ++ void driver_ndis_init_ops(void); ++ driver_ndis_init_ops(); ++#endif /* CONFIG_DRIVER_NDIS */ ++ + for (;;) { + c = getopt(argc, argv, + "b:Bc:C:D:de:f:g:G:hi:I:KLMm:No:O:p:P:qsTtuvW"); diff --git a/security/wpa_supplicant29/files/patch-wpa__supplicant_wpa__supplicant.c b/security/wpa_supplicant29/files/patch-wpa__supplicant_wpa__supplicant.c new file mode 100644 index 000000000000..42f150b3595c --- /dev/null +++ b/security/wpa_supplicant29/files/patch-wpa__supplicant_wpa__supplicant.c @@ -0,0 +1,16 @@ +--- wpa_supplicant/wpa_supplicant.c.orig 2019-04-21 03:10:22.000000000 -0400 ++++ wpa_supplicant/wpa_supplicant.c 2019-05-15 22:44:44.919859000 -0400 +@@ -6357,13 +6357,6 @@ + if (params == NULL) + return NULL; + +-#ifdef CONFIG_DRIVER_NDIS +- { +- void driver_ndis_init_ops(void); +- driver_ndis_init_ops(); +- } +-#endif /* CONFIG_DRIVER_NDIS */ +- + #ifndef CONFIG_NO_WPA_MSG + wpa_msg_register_ifname_cb(wpa_supplicant_msg_ifname_cb); + #endif /* CONFIG_NO_WPA_MSG */ diff --git a/security/wpa_supplicant29/files/pkg-message.in b/security/wpa_supplicant29/files/pkg-message.in new file mode 100644 index 000000000000..e7b8d25b652d --- /dev/null +++ b/security/wpa_supplicant29/files/pkg-message.in @@ -0,0 +1,11 @@ +[ +{ type: install + message: <<EOM +To use the ports version of WPA Supplicant instead of the base, add: + + wpa_supplicant_program="%%PREFIX%%/sbin/wpa_supplicant" + +to /etc/rc.conf +EOM +} +] diff --git a/security/wpa_supplicant29/files/wpa_supplicant.in b/security/wpa_supplicant29/files/wpa_supplicant.in new file mode 100644 index 000000000000..c79c7ee119a9 --- /dev/null +++ b/security/wpa_supplicant29/files/wpa_supplicant.in @@ -0,0 +1,54 @@ +#!/bin/sh + +# PROVIDE: wpa_supplicant +# REQUIRE: mountcritremote +# KEYWORD: nojail nostart + +. /etc/rc.subr +. /etc/network.subr + +name="wpa_supplicant" +desc="WPA/802.11i Supplicant for wireless network devices" +rcvar= + +ifn="$2" +if [ -z "$ifn" ]; then + return 1 +fi + +is_ndis_interface() +{ + case `sysctl -n net.wlan.${1#wlan}.%parent 2>/dev/null` in + ndis*) true ;; + *) false ;; + esac +} + +if is_wired_interface ${ifn} ; then + driver="wired" +elif is_ndis_interface ${ifn} ; then + driver="ndis" +else + driver="bsd" +fi + +load_rc_config $name + +# +# This portion of this rc.script is different from base. +case ${command} in +/usr/sbin/wpa_supplicant) # Assume user does not want base hostapd because + # user specified WITHOUT_WIRELESS in make.conf + # and /etc/defaults/rc.conf contains this value. + unset command;; +esac +command=${wpa_supplicant_program:-%%PREFIX%%/sbin/wpa_supplicant} +# End of differences from base. The rest of the file should remain the same. + +conf_file=${wpa_supplicant_conf_file} +pidfile="/var/run/${name}/${ifn}.pid" +command_args="-B -i $ifn -c $conf_file -D $driver -P $pidfile" +required_files=$conf_file +required_modules="wlan_wep wlan_tkip wlan_ccmp" + +run_rc_command "$1" diff --git a/security/wpa_supplicant29/pkg-descr b/security/wpa_supplicant29/pkg-descr new file mode 100644 index 000000000000..9eb5f45eea94 --- /dev/null +++ b/security/wpa_supplicant29/pkg-descr @@ -0,0 +1,14 @@ +wpa_supplicant is a client (supplicant) with support for WPA and WPA2 +(IEEE 802.11i / RSN). It is suitable for both desktop/laptop computers and +embedded systems. Supplicant is the IEEE 802.1X/WPA component that is used +in the client stations. It implements key negotiation with a WPA +Authenticator and it controls the roaming and IEEE 802.11 authentication/ +association of the wlan driver. + +wpa_supplicant is designed to be a "daemon" program that runs in the +background and acts as the backend component controlling the wireless +connection. wpa_supplicant supports separate frontend programs and a +text-based frontend (wpa_cli) and a GUI (wpa_gui) are included with +wpa_supplicant. + +WWW: http://w1.fi/wpa_supplicant/ diff --git a/security/wpa_supplicant29/pkg-plist b/security/wpa_supplicant29/pkg-plist new file mode 100644 index 000000000000..9c7a743d7dea --- /dev/null +++ b/security/wpa_supplicant29/pkg-plist @@ -0,0 +1,5 @@ +%%EAPOL_TEST%%sbin/eapol_test +sbin/wpa_supplicant +sbin/wpa_passphrase +sbin/wpa_cli +@sample etc/wpa_supplicant.conf.sample |