mirror of
https://github.com/freebsd/freebsd-src
synced 2024-10-15 21:05:08 +00:00
wpa: Import wpa 2.10.
The long awaited hostapd 2.10 is finally here. MFC after: 3 weeks
This commit is contained in:
parent
64e33c5cb1
commit
ec080394e2
|
@ -143,7 +143,7 @@ The license terms used for hostap.git files
|
||||||
|
|
||||||
Modified BSD license (no advertisement clause):
|
Modified BSD license (no advertisement clause):
|
||||||
|
|
||||||
Copyright (c) 2002-2021, Jouni Malinen <j@w1.fi> and contributors
|
Copyright (c) 2002-2022, Jouni Malinen <j@w1.fi> and contributors
|
||||||
All Rights Reserved.
|
All Rights Reserved.
|
||||||
|
|
||||||
Redistribution and use in source and binary forms, with or without
|
Redistribution and use in source and binary forms, with or without
|
||||||
|
|
|
@ -1,7 +1,7 @@
|
||||||
wpa_supplicant and hostapd
|
wpa_supplicant and hostapd
|
||||||
--------------------------
|
--------------------------
|
||||||
|
|
||||||
Copyright (c) 2002-2019, Jouni Malinen <j@w1.fi> and contributors
|
Copyright (c) 2002-2022, Jouni Malinen <j@w1.fi> and contributors
|
||||||
All Rights Reserved.
|
All Rights Reserved.
|
||||||
|
|
||||||
|
|
||||||
|
|
|
@ -1,7 +1,7 @@
|
||||||
wpa_supplicant and hostapd
|
wpa_supplicant and hostapd
|
||||||
--------------------------
|
--------------------------
|
||||||
|
|
||||||
Copyright (c) 2002-2019, Jouni Malinen <j@w1.fi> and contributors
|
Copyright (c) 2002-2022, Jouni Malinen <j@w1.fi> and contributors
|
||||||
All Rights Reserved.
|
All Rights Reserved.
|
||||||
|
|
||||||
These programs are licensed under the BSD license (the one with
|
These programs are licensed under the BSD license (the one with
|
||||||
|
|
|
@ -1,5 +1,48 @@
|
||||||
ChangeLog for hostapd
|
ChangeLog for hostapd
|
||||||
|
|
||||||
|
2022-01-16 - v2.10
|
||||||
|
* SAE changes
|
||||||
|
- improved protection against side channel attacks
|
||||||
|
[https://w1.fi/security/2022-1/]
|
||||||
|
- added option send SAE Confirm immediately (sae_config_immediate=1)
|
||||||
|
after SAE Commit
|
||||||
|
- added support for the hash-to-element mechanism (sae_pwe=1 or
|
||||||
|
sae_pwe=2)
|
||||||
|
- fixed PMKSA caching with OKC
|
||||||
|
- added support for SAE-PK
|
||||||
|
* EAP-pwd changes
|
||||||
|
- improved protection against side channel attacks
|
||||||
|
[https://w1.fi/security/2022-1/]
|
||||||
|
* fixed WPS UPnP SUBSCRIBE handling of invalid operations
|
||||||
|
[https://w1.fi/security/2020-1/]
|
||||||
|
* fixed PMF disconnection protection bypass
|
||||||
|
[https://w1.fi/security/2019-7/]
|
||||||
|
* added support for using OpenSSL 3.0
|
||||||
|
* fixed various issues in experimental support for EAP-TEAP server
|
||||||
|
* added configuration (max_auth_rounds, max_auth_rounds_short) to
|
||||||
|
increase the maximum number of EAP message exchanges (mainly to
|
||||||
|
support cases with very large certificates) for the EAP server
|
||||||
|
* added support for DPP release 2 (Wi-Fi Device Provisioning Protocol)
|
||||||
|
* extended HE (IEEE 802.11ax) support, including 6 GHz support
|
||||||
|
* removed obsolete IAPP functionality
|
||||||
|
* fixed EAP-FAST server with TLS GCM/CCM ciphers
|
||||||
|
* dropped support for libnl 1.1
|
||||||
|
* added support for nl80211 control port for EAPOL frame TX/RX
|
||||||
|
* fixed OWE key derivation with groups 20 and 21; this breaks backwards
|
||||||
|
compatibility for these groups while the default group 19 remains
|
||||||
|
backwards compatible; owe_ptk_workaround=1 can be used to enabled a
|
||||||
|
a workaround for the group 20/21 backwards compatibility
|
||||||
|
* added support for Beacon protection
|
||||||
|
* added support for Extended Key ID for pairwise keys
|
||||||
|
* removed WEP support from the default build (CONFIG_WEP=y can be used
|
||||||
|
to enable it, if really needed)
|
||||||
|
* added a build option to remove TKIP support (CONFIG_NO_TKIP=y)
|
||||||
|
* added support for Transition Disable mechanism to allow the AP to
|
||||||
|
automatically disable transition mode to improve security
|
||||||
|
* added support for PASN
|
||||||
|
* added EAP-TLS server support for TLS 1.3 (disabled by default for now)
|
||||||
|
* a large number of other fixes, cleanup, and extensions
|
||||||
|
|
||||||
2019-08-07 - v2.9
|
2019-08-07 - v2.9
|
||||||
* SAE changes
|
* SAE changes
|
||||||
- disable use of groups using Brainpool curves
|
- disable use of groups using Brainpool curves
|
||||||
|
|
|
@ -2,7 +2,7 @@ hostapd - user space IEEE 802.11 AP and IEEE 802.1X/WPA/WPA2/EAP
|
||||||
Authenticator and RADIUS authentication server
|
Authenticator and RADIUS authentication server
|
||||||
================================================================
|
================================================================
|
||||||
|
|
||||||
Copyright (c) 2002-2019, Jouni Malinen <j@w1.fi> and contributors
|
Copyright (c) 2002-2022, Jouni Malinen <j@w1.fi> and contributors
|
||||||
All Rights Reserved.
|
All Rights Reserved.
|
||||||
|
|
||||||
This program is licensed under the BSD license (the one with
|
This program is licensed under the BSD license (the one with
|
||||||
|
|
|
@ -1,6 +1,6 @@
|
||||||
/*
|
/*
|
||||||
* hostapd - command line interface for hostapd daemon
|
* hostapd - command line interface for hostapd daemon
|
||||||
* Copyright (c) 2004-2019, Jouni Malinen <j@w1.fi>
|
* Copyright (c) 2004-2022, Jouni Malinen <j@w1.fi>
|
||||||
*
|
*
|
||||||
* This software may be distributed under the terms of the BSD license.
|
* This software may be distributed under the terms of the BSD license.
|
||||||
* See README for more details.
|
* See README for more details.
|
||||||
|
@ -21,7 +21,7 @@
|
||||||
|
|
||||||
static const char *const hostapd_cli_version =
|
static const char *const hostapd_cli_version =
|
||||||
"hostapd_cli v" VERSION_STR "\n"
|
"hostapd_cli v" VERSION_STR "\n"
|
||||||
"Copyright (c) 2004-2019, Jouni Malinen <j@w1.fi> and contributors";
|
"Copyright (c) 2004-2022, Jouni Malinen <j@w1.fi> and contributors";
|
||||||
|
|
||||||
static struct wpa_ctrl *ctrl_conn;
|
static struct wpa_ctrl *ctrl_conn;
|
||||||
static int hostapd_cli_quit = 0;
|
static int hostapd_cli_quit = 0;
|
||||||
|
|
|
@ -1,6 +1,6 @@
|
||||||
/*
|
/*
|
||||||
* hostapd / main()
|
* hostapd / main()
|
||||||
* Copyright (c) 2002-2019, Jouni Malinen <j@w1.fi>
|
* Copyright (c) 2002-2022, Jouni Malinen <j@w1.fi>
|
||||||
*
|
*
|
||||||
* This software may be distributed under the terms of the BSD license.
|
* This software may be distributed under the terms of the BSD license.
|
||||||
* See README for more details.
|
* See README for more details.
|
||||||
|
@ -454,7 +454,7 @@ static void show_version(void)
|
||||||
"hostapd v%s\n"
|
"hostapd v%s\n"
|
||||||
"User space daemon for IEEE 802.11 AP management,\n"
|
"User space daemon for IEEE 802.11 AP management,\n"
|
||||||
"IEEE 802.1X/WPA/WPA2/EAP/RADIUS Authenticator\n"
|
"IEEE 802.1X/WPA/WPA2/EAP/RADIUS Authenticator\n"
|
||||||
"Copyright (c) 2002-2019, Jouni Malinen <j@w1.fi> "
|
"Copyright (c) 2002-2022, Jouni Malinen <j@w1.fi> "
|
||||||
"and contributors\n",
|
"and contributors\n",
|
||||||
VERSION_STR);
|
VERSION_STR);
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,42 +0,0 @@
|
||||||
ALL=hs20_spp_server
|
|
||||||
|
|
||||||
include ../../src/build.rules
|
|
||||||
|
|
||||||
CFLAGS += -I../../src
|
|
||||||
CFLAGS += -I../../src/utils
|
|
||||||
CFLAGS += -I../../src/crypto
|
|
||||||
|
|
||||||
LIBS += -lsqlite3
|
|
||||||
|
|
||||||
# Using glibc < 2.17 requires -lrt for clock_gettime()
|
|
||||||
LIBS += -lrt
|
|
||||||
|
|
||||||
ifndef CONFIG_NO_GITVER
|
|
||||||
# Add VERSION_STR postfix for builds from a git repository
|
|
||||||
ifeq ($(wildcard ../../.git),../../.git)
|
|
||||||
GITVER := $(shell git describe --dirty=+)
|
|
||||||
ifneq ($(GITVER),)
|
|
||||||
CFLAGS += -DGIT_VERSION_STR_POSTFIX=\"-$(GITVER)\"
|
|
||||||
endif
|
|
||||||
endif
|
|
||||||
endif
|
|
||||||
|
|
||||||
OBJS=spp_server.o
|
|
||||||
OBJS += hs20_spp_server.o
|
|
||||||
OBJS += ../../src/utils/xml-utils.o
|
|
||||||
OBJS += ../../src/utils/base64.o
|
|
||||||
OBJS += ../../src/utils/common.o
|
|
||||||
OBJS += ../../src/utils/os_unix.o
|
|
||||||
OBJS += ../../src/utils/wpa_debug.o
|
|
||||||
OBJS += ../../src/crypto/md5-internal.o
|
|
||||||
CFLAGS += $(shell xml2-config --cflags)
|
|
||||||
LIBS += $(shell xml2-config --libs)
|
|
||||||
OBJS += ../../src/utils/xml_libxml2.o
|
|
||||||
|
|
||||||
_OBJS_VAR := OBJS
|
|
||||||
include ../../src/objs.mk
|
|
||||||
hs20_spp_server: $(OBJS)
|
|
||||||
$(LDO) $(LDFLAGS) -o hs20_spp_server $(OBJS) $(LIBS)
|
|
||||||
|
|
||||||
clean: common-clean
|
|
||||||
rm -f core *~
|
|
|
@ -1,13 +0,0 @@
|
||||||
#!/bin/sh
|
|
||||||
|
|
||||||
for i in server-client server server-revoked user ocsp; do
|
|
||||||
rm -f $i.csr $i.key $i.pem
|
|
||||||
done
|
|
||||||
|
|
||||||
rm -f openssl.cnf.tmp
|
|
||||||
if [ -d demoCA ]; then
|
|
||||||
rm -r demoCA
|
|
||||||
fi
|
|
||||||
rm -f ca.pem logo.asn1 logo.der server.der ocsp-server-cache.der
|
|
||||||
rm -f my-openssl.cnf my-openssl-root.cnf
|
|
||||||
#rm -r rootCA
|
|
|
@ -1,17 +0,0 @@
|
||||||
asn1 = SEQUENCE:attrs
|
|
||||||
|
|
||||||
[attrs]
|
|
||||||
#oid1 = OID:challengePassword
|
|
||||||
attr1 = SEQUENCE:extreq
|
|
||||||
oid2 = OID:sha256WithRSAEncryption
|
|
||||||
|
|
||||||
[extreq]
|
|
||||||
oid = OID:extensionRequest
|
|
||||||
vals = SET:extreqvals
|
|
||||||
|
|
||||||
[extreqvals]
|
|
||||||
|
|
||||||
oid1 = OID:macAddress
|
|
||||||
#oid2 = OID:imei
|
|
||||||
#oid3 = OID:meid
|
|
||||||
#oid4 = OID:DevId
|
|
|
@ -1,4 +0,0 @@
|
||||||
#!/bin/sh
|
|
||||||
|
|
||||||
openssl asn1parse -genconf est-csrattrs.cnf -out est-csrattrs.der -oid hs20.oid
|
|
||||||
base64 est-csrattrs.der > est-attrs.b64
|
|
|
@ -1,7 +0,0 @@
|
||||||
1.3.6.1.1.1.1.22 macAddress
|
|
||||||
1.2.840.113549.1.9.14 extensionRequest
|
|
||||||
1.3.6.1.4.1.40808.1.1.1 id-wfa-hotspot-friendlyName
|
|
||||||
1.3.6.1.4.1.40808.1.1.2 id-kp-HS2.0Auth
|
|
||||||
1.3.6.1.4.1.40808.1.1.3 imei
|
|
||||||
1.3.6.1.4.1.40808.1.1.4 meid
|
|
||||||
1.3.6.1.4.1.40808.1.1.5 DevId
|
|
|
@ -1,11 +0,0 @@
|
||||||
#!/bin/sh
|
|
||||||
|
|
||||||
for i in *.pem; do
|
|
||||||
echo "===[ $i ]==================="
|
|
||||||
openssl ocsp -text -CAfile ca.pem -verify_other demoCA/cacert.pem -trust_other -issuer demoCA/cacert.pem -cert $i -url http://localhost:8888/
|
|
||||||
|
|
||||||
# openssl ocsp -text -CAfile rootCA/cacert.pem -issuer demoCA/cacert.pem -cert $i -url http://localhost:8888/
|
|
||||||
|
|
||||||
# openssl ocsp -text -CAfile rootCA/cacert.pem -verify_other demoCA/cacert.pem -trust_other -issuer demoCA/cacert.pem -cert $i -url http://localhost:8888/
|
|
||||||
# openssl ocsp -text -CAfile rootCA/cacert.pem -VAfile ca.pem -trust_other -issuer demoCA/cacert.pem -cert $i -url http://localhost:8888/
|
|
||||||
done
|
|
|
@ -1,3 +0,0 @@
|
||||||
#!/bin/sh
|
|
||||||
|
|
||||||
openssl ocsp -index demoCA/index.txt -port 8888 -nmin 5 -rsigner demoCA/cacert.pem -rkey demoCA/private/cakey-plain.pem -CA demoCA/cacert.pem -resp_no_certs -text
|
|
|
@ -1,3 +0,0 @@
|
||||||
#!/bin/sh
|
|
||||||
|
|
||||||
openssl ocsp -index demoCA/index.txt -port 8888 -nmin 5 -rsigner ocsp.pem -rkey ocsp.key -CA demoCA/cacert.pem -text -ignore_err
|
|
|
@ -1,11 +0,0 @@
|
||||||
#!/bin/sh
|
|
||||||
|
|
||||||
# NOTE: You may need to replace 'localhost' with your OCSP server hostname.
|
|
||||||
openssl ocsp \
|
|
||||||
-no_nonce \
|
|
||||||
-CAfile ca.pem \
|
|
||||||
-verify_other demoCA/cacert.pem \
|
|
||||||
-issuer demoCA/cacert.pem \
|
|
||||||
-cert server.pem \
|
|
||||||
-url http://localhost:8888/ \
|
|
||||||
-respout ocsp-server-cache.der
|
|
|
@ -1,125 +0,0 @@
|
||||||
# OpenSSL configuration file for Hotspot 2.0 PKI (Root CA)
|
|
||||||
|
|
||||||
HOME = .
|
|
||||||
RANDFILE = $ENV::HOME/.rnd
|
|
||||||
oid_section = new_oids
|
|
||||||
|
|
||||||
[ new_oids ]
|
|
||||||
|
|
||||||
#logotypeoid=1.3.6.1.5.5.7.1.12
|
|
||||||
|
|
||||||
####################################################################
|
|
||||||
[ ca ]
|
|
||||||
default_ca = CA_default # The default ca section
|
|
||||||
|
|
||||||
####################################################################
|
|
||||||
[ CA_default ]
|
|
||||||
|
|
||||||
dir = ./rootCA # Where everything is kept
|
|
||||||
certs = $dir/certs # Where the issued certs are kept
|
|
||||||
crl_dir = $dir/crl # Where the issued crl are kept
|
|
||||||
database = $dir/index.txt # database index file.
|
|
||||||
#unique_subject = no # Set to 'no' to allow creation of
|
|
||||||
# several certificates with same subject
|
|
||||||
new_certs_dir = $dir/newcerts # default place for new certs.
|
|
||||||
|
|
||||||
certificate = $dir/cacert.pem # The CA certificate
|
|
||||||
serial = $dir/serial # The current serial number
|
|
||||||
crlnumber = $dir/crlnumber # the current crl number
|
|
||||||
# must be commented out to leave a V1 CRL
|
|
||||||
crl = $dir/crl.pem # The current CRL
|
|
||||||
private_key = $dir/private/cakey.pem# The private key
|
|
||||||
RANDFILE = $dir/private/.rand # private random number file
|
|
||||||
|
|
||||||
x509_extensions = usr_cert # The extentions to add to the cert
|
|
||||||
|
|
||||||
name_opt = ca_default # Subject Name options
|
|
||||||
cert_opt = ca_default # Certificate field options
|
|
||||||
|
|
||||||
default_days = 365 # how long to certify for
|
|
||||||
default_crl_days= 30 # how long before next CRL
|
|
||||||
default_md = default # use public key default MD
|
|
||||||
preserve = no # keep passed DN ordering
|
|
||||||
|
|
||||||
policy = policy_match
|
|
||||||
|
|
||||||
# For the CA policy
|
|
||||||
[ policy_match ]
|
|
||||||
countryName = match
|
|
||||||
stateOrProvinceName = optional
|
|
||||||
organizationName = match
|
|
||||||
organizationalUnitName = optional
|
|
||||||
commonName = supplied
|
|
||||||
emailAddress = optional
|
|
||||||
|
|
||||||
[ policy_anything ]
|
|
||||||
countryName = optional
|
|
||||||
stateOrProvinceName = optional
|
|
||||||
localityName = optional
|
|
||||||
organizationName = optional
|
|
||||||
organizationalUnitName = optional
|
|
||||||
commonName = supplied
|
|
||||||
emailAddress = optional
|
|
||||||
|
|
||||||
####################################################################
|
|
||||||
[ req ]
|
|
||||||
default_bits = 2048
|
|
||||||
default_keyfile = privkey.pem
|
|
||||||
distinguished_name = req_distinguished_name
|
|
||||||
attributes = req_attributes
|
|
||||||
x509_extensions = v3_ca # The extentions to add to the self signed cert
|
|
||||||
|
|
||||||
input_password = @PASSWORD@
|
|
||||||
output_password = @PASSWORD@
|
|
||||||
|
|
||||||
string_mask = utf8only
|
|
||||||
|
|
||||||
[ req_distinguished_name ]
|
|
||||||
countryName = Country Name (2 letter code)
|
|
||||||
countryName_default = US
|
|
||||||
countryName_min = 2
|
|
||||||
countryName_max = 2
|
|
||||||
|
|
||||||
localityName = Locality Name (eg, city)
|
|
||||||
localityName_default = Tuusula
|
|
||||||
|
|
||||||
0.organizationName = Organization Name (eg, company)
|
|
||||||
0.organizationName_default = WFA Hotspot 2.0
|
|
||||||
|
|
||||||
##organizationalUnitName = Organizational Unit Name (eg, section)
|
|
||||||
#organizationalUnitName_default =
|
|
||||||
#@OU@
|
|
||||||
|
|
||||||
commonName = Common Name (e.g. server FQDN or YOUR name)
|
|
||||||
#@CN@
|
|
||||||
commonName_max = 64
|
|
||||||
|
|
||||||
emailAddress = Email Address
|
|
||||||
emailAddress_max = 64
|
|
||||||
|
|
||||||
[ req_attributes ]
|
|
||||||
|
|
||||||
[ v3_req ]
|
|
||||||
|
|
||||||
# Extensions to add to a certificate request
|
|
||||||
basicConstraints = CA:FALSE
|
|
||||||
keyUsage = nonRepudiation, digitalSignature, keyEncipherment
|
|
||||||
subjectAltName=DNS:example.com,DNS:another.example.com
|
|
||||||
|
|
||||||
[ v3_ca ]
|
|
||||||
|
|
||||||
# Hotspot 2.0 PKI requirements
|
|
||||||
subjectKeyIdentifier=hash
|
|
||||||
basicConstraints = critical,CA:true
|
|
||||||
keyUsage = critical, cRLSign, keyCertSign
|
|
||||||
|
|
||||||
[ crl_ext ]
|
|
||||||
|
|
||||||
# issuerAltName=issuer:copy
|
|
||||||
authorityKeyIdentifier=keyid:always
|
|
||||||
|
|
||||||
[ v3_OCSP ]
|
|
||||||
|
|
||||||
basicConstraints = CA:FALSE
|
|
||||||
keyUsage = nonRepudiation, digitalSignature, keyEncipherment
|
|
||||||
extendedKeyUsage = OCSPSigning
|
|
|
@ -1,200 +0,0 @@
|
||||||
# OpenSSL configuration file for Hotspot 2.0 PKI (Intermediate CA)
|
|
||||||
|
|
||||||
HOME = .
|
|
||||||
RANDFILE = $ENV::HOME/.rnd
|
|
||||||
oid_section = new_oids
|
|
||||||
|
|
||||||
[ new_oids ]
|
|
||||||
|
|
||||||
#logotypeoid=1.3.6.1.5.5.7.1.12
|
|
||||||
|
|
||||||
####################################################################
|
|
||||||
[ ca ]
|
|
||||||
default_ca = CA_default # The default ca section
|
|
||||||
|
|
||||||
####################################################################
|
|
||||||
[ CA_default ]
|
|
||||||
|
|
||||||
dir = ./demoCA # Where everything is kept
|
|
||||||
certs = $dir/certs # Where the issued certs are kept
|
|
||||||
crl_dir = $dir/crl # Where the issued crl are kept
|
|
||||||
database = $dir/index.txt # database index file.
|
|
||||||
#unique_subject = no # Set to 'no' to allow creation of
|
|
||||||
# several certificates with same subject
|
|
||||||
new_certs_dir = $dir/newcerts # default place for new certs.
|
|
||||||
|
|
||||||
certificate = $dir/cacert.pem # The CA certificate
|
|
||||||
serial = $dir/serial # The current serial number
|
|
||||||
crlnumber = $dir/crlnumber # the current crl number
|
|
||||||
# must be commented out to leave a V1 CRL
|
|
||||||
crl = $dir/crl.pem # The current CRL
|
|
||||||
private_key = $dir/private/cakey.pem# The private key
|
|
||||||
RANDFILE = $dir/private/.rand # private random number file
|
|
||||||
|
|
||||||
x509_extensions = ext_client # The extentions to add to the cert
|
|
||||||
|
|
||||||
name_opt = ca_default # Subject Name options
|
|
||||||
cert_opt = ca_default # Certificate field options
|
|
||||||
|
|
||||||
# Extension copying option: use with caution.
|
|
||||||
copy_extensions = copy
|
|
||||||
|
|
||||||
default_days = 365 # how long to certify for
|
|
||||||
default_crl_days= 30 # how long before next CRL
|
|
||||||
default_md = default # use public key default MD
|
|
||||||
preserve = no # keep passed DN ordering
|
|
||||||
|
|
||||||
policy = policy_match
|
|
||||||
|
|
||||||
# For the CA policy
|
|
||||||
[ policy_match ]
|
|
||||||
countryName = supplied
|
|
||||||
stateOrProvinceName = optional
|
|
||||||
organizationName = supplied
|
|
||||||
organizationalUnitName = optional
|
|
||||||
commonName = supplied
|
|
||||||
emailAddress = optional
|
|
||||||
|
|
||||||
[ policy_osu_server ]
|
|
||||||
countryName = match
|
|
||||||
stateOrProvinceName = optional
|
|
||||||
organizationName = match
|
|
||||||
organizationalUnitName = supplied
|
|
||||||
commonName = supplied
|
|
||||||
emailAddress = optional
|
|
||||||
|
|
||||||
[ policy_anything ]
|
|
||||||
countryName = optional
|
|
||||||
stateOrProvinceName = optional
|
|
||||||
localityName = optional
|
|
||||||
organizationName = optional
|
|
||||||
organizationalUnitName = optional
|
|
||||||
commonName = supplied
|
|
||||||
emailAddress = optional
|
|
||||||
|
|
||||||
####################################################################
|
|
||||||
[ req ]
|
|
||||||
default_bits = 2048
|
|
||||||
default_keyfile = privkey.pem
|
|
||||||
distinguished_name = req_distinguished_name
|
|
||||||
attributes = req_attributes
|
|
||||||
x509_extensions = v3_ca # The extentions to add to the self signed cert
|
|
||||||
|
|
||||||
input_password = @PASSWORD@
|
|
||||||
output_password = @PASSWORD@
|
|
||||||
|
|
||||||
string_mask = utf8only
|
|
||||||
|
|
||||||
[ req_distinguished_name ]
|
|
||||||
countryName = Country Name (2 letter code)
|
|
||||||
countryName_default = FI
|
|
||||||
countryName_min = 2
|
|
||||||
countryName_max = 2
|
|
||||||
|
|
||||||
localityName = Locality Name (eg, city)
|
|
||||||
localityName_default = Tuusula
|
|
||||||
|
|
||||||
0.organizationName = Organization Name (eg, company)
|
|
||||||
0.organizationName_default = @DOMAIN@
|
|
||||||
|
|
||||||
##organizationalUnitName = Organizational Unit Name (eg, section)
|
|
||||||
#organizationalUnitName_default =
|
|
||||||
#@OU@
|
|
||||||
|
|
||||||
commonName = Common Name (e.g. server FQDN or YOUR name)
|
|
||||||
#@CN@
|
|
||||||
commonName_max = 64
|
|
||||||
|
|
||||||
emailAddress = Email Address
|
|
||||||
emailAddress_max = 64
|
|
||||||
|
|
||||||
[ req_attributes ]
|
|
||||||
|
|
||||||
[ v3_ca ]
|
|
||||||
|
|
||||||
# Hotspot 2.0 PKI requirements
|
|
||||||
subjectKeyIdentifier=hash
|
|
||||||
authorityKeyIdentifier=keyid:always,issuer
|
|
||||||
basicConstraints = critical, CA:true, pathlen:0
|
|
||||||
keyUsage = critical, cRLSign, keyCertSign
|
|
||||||
authorityInfoAccess = OCSP;URI:@OCSP_URI@
|
|
||||||
# For SP intermediate CA
|
|
||||||
#subjectAltName=critical,otherName:1.3.6.1.4.1.40808.1.1.1;UTF8String:engExample OSU
|
|
||||||
#nameConstraints=permitted;DNS:.@DOMAIN@
|
|
||||||
#1.3.6.1.5.5.7.1.12=ASN1:SEQUENCE:LogotypeExtn
|
|
||||||
|
|
||||||
[ v3_osu_server ]
|
|
||||||
|
|
||||||
basicConstraints = critical, CA:true, pathlen:0
|
|
||||||
keyUsage = critical, keyEncipherment
|
|
||||||
#@ALTNAME@
|
|
||||||
|
|
||||||
#logotypeoid=ASN1:SEQUENCE:LogotypeExtn
|
|
||||||
1.3.6.1.5.5.7.1.12=ASN1:SEQUENCE:LogotypeExtn
|
|
||||||
[LogotypeExtn]
|
|
||||||
communityLogos=EXP:0,SEQUENCE:LogotypeInfo
|
|
||||||
[LogotypeInfo]
|
|
||||||
# note: implicit tag converted to explicit for CHOICE
|
|
||||||
direct=EXP:0,SEQUENCE:LogotypeData
|
|
||||||
[LogotypeData]
|
|
||||||
image=SEQUENCE:LogotypeImage
|
|
||||||
[LogotypeImage]
|
|
||||||
imageDetails=SEQUENCE:LogotypeDetails
|
|
||||||
imageInfo=SEQUENCE:LogotypeImageInfo
|
|
||||||
[LogotypeDetails]
|
|
||||||
mediaType=IA5STRING:image/png
|
|
||||||
logotypeHash=SEQUENCE:HashAlgAndValues
|
|
||||||
logotypeURI=SEQUENCE:URI
|
|
||||||
[HashAlgAndValues]
|
|
||||||
value1=SEQUENCE:HashAlgAndValueSHA256
|
|
||||||
#value2=SEQUENCE:HashAlgAndValueSHA1
|
|
||||||
[HashAlgAndValueSHA256]
|
|
||||||
hashAlg=SEQUENCE:sha256_alg
|
|
||||||
hashValue=FORMAT:HEX,OCTETSTRING:@LOGO_HASH256@
|
|
||||||
[HashAlgAndValueSHA1]
|
|
||||||
hashAlg=SEQUENCE:sha1_alg
|
|
||||||
hashValue=FORMAT:HEX,OCTETSTRING:@LOGO_HASH1@
|
|
||||||
[sha256_alg]
|
|
||||||
algorithm=OID:sha256
|
|
||||||
[sha1_alg]
|
|
||||||
algorithm=OID:sha1
|
|
||||||
[URI]
|
|
||||||
uri=IA5STRING:@LOGO_URI@
|
|
||||||
[LogotypeImageInfo]
|
|
||||||
# default value color(1), component optional
|
|
||||||
#type=IMP:0,INTEGER:1
|
|
||||||
fileSize=INTEGER:7549
|
|
||||||
xSize=INTEGER:128
|
|
||||||
ySize=INTEGER:80
|
|
||||||
language=IMP:4,IA5STRING:zxx
|
|
||||||
|
|
||||||
[ crl_ext ]
|
|
||||||
|
|
||||||
# issuerAltName=issuer:copy
|
|
||||||
authorityKeyIdentifier=keyid:always
|
|
||||||
|
|
||||||
[ v3_OCSP ]
|
|
||||||
|
|
||||||
basicConstraints = CA:FALSE
|
|
||||||
keyUsage = nonRepudiation, digitalSignature, keyEncipherment
|
|
||||||
extendedKeyUsage = OCSPSigning
|
|
||||||
|
|
||||||
[ ext_client ]
|
|
||||||
|
|
||||||
basicConstraints=CA:FALSE
|
|
||||||
subjectKeyIdentifier=hash
|
|
||||||
authorityKeyIdentifier=keyid,issuer
|
|
||||||
authorityInfoAccess = OCSP;URI:@OCSP_URI@
|
|
||||||
#@ALTNAME@
|
|
||||||
extendedKeyUsage = clientAuth
|
|
||||||
|
|
||||||
[ ext_server ]
|
|
||||||
|
|
||||||
# Hotspot 2.0 PKI requirements
|
|
||||||
basicConstraints=critical, CA:FALSE
|
|
||||||
subjectKeyIdentifier=hash
|
|
||||||
authorityKeyIdentifier=keyid,issuer
|
|
||||||
authorityInfoAccess = OCSP;URI:@OCSP_URI@
|
|
||||||
#@ALTNAME@
|
|
||||||
extendedKeyUsage = critical, serverAuth
|
|
||||||
keyUsage = critical, keyEncipherment
|
|
|
@ -1,209 +0,0 @@
|
||||||
#!/bin/sh
|
|
||||||
|
|
||||||
if [ -z "$OPENSSL" ]; then
|
|
||||||
OPENSSL=openssl
|
|
||||||
fi
|
|
||||||
export OPENSSL_CONF=$PWD/openssl.cnf
|
|
||||||
PASS=whatever
|
|
||||||
if [ -z "$DOMAIN" ]; then
|
|
||||||
DOMAIN=w1.fi
|
|
||||||
fi
|
|
||||||
COMPANY=w1.fi
|
|
||||||
OPER_ENG="engw1.fi TESTING USE"
|
|
||||||
OPER_FI="finw1.fi TESTIKÄYTTÖ"
|
|
||||||
CNR="Hotspot 2.0 Trust Root CA - 99"
|
|
||||||
CNO="ocsp.$DOMAIN"
|
|
||||||
CNV="osu-revoked.$DOMAIN"
|
|
||||||
CNOC="osu-client.$DOMAIN"
|
|
||||||
OSU_SERVER_HOSTNAME="osu.$DOMAIN"
|
|
||||||
DEBUG=0
|
|
||||||
OCSP_URI="http://$CNO:8888/"
|
|
||||||
LOGO_URI="http://osu.w1.fi/w1fi_logo.png"
|
|
||||||
LOGO_HASH256="4532f7ec36424381617c03c6ce87b55a51d6e7177ffafda243cebf280a68954d"
|
|
||||||
LOGO_HASH1="5e1d5085676eede6b02da14d31c523ec20ffba0b"
|
|
||||||
|
|
||||||
# Command line overrides
|
|
||||||
USAGE=$( cat <<EOF
|
|
||||||
Usage:\n
|
|
||||||
# -c: Company name, used to generate Subject name CN for Intermediate CA\n
|
|
||||||
# -C: Subject name CN of the Root CA ($CNR)\n
|
|
||||||
# -D: Enable debugging (set -x, etc)\n
|
|
||||||
# -g: Logo sha1 hash ($LOGO_HASH1)\n
|
|
||||||
# -G: Logo sha256 hash ($LOGO_HASH256)\n
|
|
||||||
# -h: Show this help message\n
|
|
||||||
# -l: Logo URI ($LOGO_URI)\n
|
|
||||||
# -m: Domain ($DOMAIN)\n
|
|
||||||
# -o: Subject name CN for OSU-Client Server ($CNOC)\n
|
|
||||||
# -O: Subject name CN for OCSP Server ($CNO)\n
|
|
||||||
# -p: passphrase for private keys ($PASS)\n
|
|
||||||
# -r: Operator-english ($OPER_ENG)\n
|
|
||||||
# -R: Operator-finish ($OPER_FI)\n
|
|
||||||
# -S: OSU Server name ($OSU_SERVER_HOSTNAME)\n
|
|
||||||
# -u: OCSP-URI ($OCSP_URI)\n
|
|
||||||
# -V: Subject name CN for OSU-Revoked Server ($CNV)\n
|
|
||||||
EOF
|
|
||||||
)
|
|
||||||
|
|
||||||
while getopts "c:C:Dg:G:l:m:o:O:p:r:R:S:u:V:h" flag
|
|
||||||
do
|
|
||||||
case $flag in
|
|
||||||
c) COMPANY=$OPTARG;;
|
|
||||||
C) CNR=$OPTARG;;
|
|
||||||
D) DEBUG=1;;
|
|
||||||
g) LOGO_HASH1=$OPTARG;;
|
|
||||||
G) LOGO_HASH256=$OPTARG;;
|
|
||||||
h) echo -e $USAGE; exit 0;;
|
|
||||||
l) LOGO_URI=$OPTARG;;
|
|
||||||
m) DOMAIN=$OPTARG;;
|
|
||||||
o) CNOC=$OPTARG;;
|
|
||||||
O) CNO=$OPTARG;;
|
|
||||||
p) PASS=$OPTARG;;
|
|
||||||
r) OPER_ENG=$OPTARG;;
|
|
||||||
R) OPER_FI=$OPTARG;;
|
|
||||||
S) OSU_SERVER_HOSTNAME=$OPTARG;;
|
|
||||||
u) OCSP_URI=$OPTARG;;
|
|
||||||
V) CNV=$OPTARG;;
|
|
||||||
*) echo "Unknown flag: $flag"; echo -e $USAGE; exit 1;;
|
|
||||||
esac
|
|
||||||
done
|
|
||||||
|
|
||||||
fail()
|
|
||||||
{
|
|
||||||
echo "$*"
|
|
||||||
exit 1
|
|
||||||
}
|
|
||||||
|
|
||||||
echo
|
|
||||||
echo "---[ Root CA ]----------------------------------------------------------"
|
|
||||||
echo
|
|
||||||
|
|
||||||
if [ $DEBUG = 1 ]
|
|
||||||
then
|
|
||||||
set -x
|
|
||||||
fi
|
|
||||||
|
|
||||||
# Set the passphrase and some other common config accordingly.
|
|
||||||
cat openssl-root.cnf | sed "s/@PASSWORD@/$PASS/" \
|
|
||||||
> my-openssl-root.cnf
|
|
||||||
|
|
||||||
cat openssl.cnf | sed "s/@PASSWORD@/$PASS/" |
|
|
||||||
sed "s,@OCSP_URI@,$OCSP_URI," |
|
|
||||||
sed "s,@LOGO_URI@,$LOGO_URI," |
|
|
||||||
sed "s,@LOGO_HASH1@,$LOGO_HASH1," |
|
|
||||||
sed "s,@LOGO_HASH256@,$LOGO_HASH256," |
|
|
||||||
sed "s/@DOMAIN@/$DOMAIN/" \
|
|
||||||
> my-openssl.cnf
|
|
||||||
|
|
||||||
|
|
||||||
cat my-openssl-root.cnf | sed "s/#@CN@/commonName_default = $CNR/" > openssl.cnf.tmp
|
|
||||||
mkdir -p rootCA/certs rootCA/crl rootCA/newcerts rootCA/private
|
|
||||||
touch rootCA/index.txt
|
|
||||||
if [ -e rootCA/private/cakey.pem ]; then
|
|
||||||
echo " * Use existing Root CA"
|
|
||||||
else
|
|
||||||
echo " * Generate Root CA private key"
|
|
||||||
$OPENSSL req -config openssl.cnf.tmp -batch -new -newkey rsa:4096 -keyout rootCA/private/cakey.pem -out rootCA/careq.pem || fail "Failed to generate Root CA private key"
|
|
||||||
echo " * Sign Root CA certificate"
|
|
||||||
$OPENSSL ca -config openssl.cnf.tmp -md sha256 -create_serial -out rootCA/cacert.pem -days 10957 -batch -keyfile rootCA/private/cakey.pem -passin pass:$PASS -selfsign -extensions v3_ca -outdir rootCA/newcerts -infiles rootCA/careq.pem || fail "Failed to sign Root CA certificate"
|
|
||||||
$OPENSSL x509 -in rootCA/cacert.pem -out rootCA/cacert.der -outform DER || fail "Failed to create rootCA DER"
|
|
||||||
sha256sum rootCA/cacert.der > rootCA/cacert.fingerprint || fail "Failed to create rootCA fingerprint"
|
|
||||||
fi
|
|
||||||
if [ ! -e rootCA/crlnumber ]; then
|
|
||||||
echo 00 > rootCA/crlnumber
|
|
||||||
fi
|
|
||||||
|
|
||||||
echo
|
|
||||||
echo "---[ Intermediate CA ]--------------------------------------------------"
|
|
||||||
echo
|
|
||||||
|
|
||||||
cat my-openssl.cnf | sed "s/#@CN@/commonName_default = $COMPANY Hotspot 2.0 Intermediate CA/" > openssl.cnf.tmp
|
|
||||||
mkdir -p demoCA/certs demoCA/crl demoCA/newcerts demoCA/private
|
|
||||||
touch demoCA/index.txt
|
|
||||||
if [ -e demoCA/private/cakey.pem ]; then
|
|
||||||
echo " * Use existing Intermediate CA"
|
|
||||||
else
|
|
||||||
echo " * Generate Intermediate CA private key"
|
|
||||||
$OPENSSL req -config openssl.cnf.tmp -batch -new -newkey rsa:2048 -keyout demoCA/private/cakey.pem -out demoCA/careq.pem || fail "Failed to generate Intermediate CA private key"
|
|
||||||
echo " * Sign Intermediate CA certificate"
|
|
||||||
$OPENSSL ca -config openssl.cnf.tmp -md sha256 -create_serial -out demoCA/cacert.pem -days 3652 -batch -keyfile rootCA/private/cakey.pem -cert rootCA/cacert.pem -passin pass:$PASS -extensions v3_ca -infiles demoCA/careq.pem || fail "Failed to sign Intermediate CA certificate"
|
|
||||||
# horrible from security view point, but for testing purposes since OCSP responder does not seem to support -passin
|
|
||||||
openssl rsa -in demoCA/private/cakey.pem -out demoCA/private/cakey-plain.pem -passin pass:$PASS
|
|
||||||
$OPENSSL x509 -in demoCA/cacert.pem -out demoCA/cacert.der -outform DER || fail "Failed to create demoCA DER."
|
|
||||||
sha256sum demoCA/cacert.der > demoCA/cacert.fingerprint || fail "Failed to create demoCA fingerprint"
|
|
||||||
fi
|
|
||||||
if [ ! -e demoCA/crlnumber ]; then
|
|
||||||
echo 00 > demoCA/crlnumber
|
|
||||||
fi
|
|
||||||
|
|
||||||
echo
|
|
||||||
echo "OCSP responder"
|
|
||||||
echo
|
|
||||||
|
|
||||||
cat my-openssl.cnf | sed "s/#@CN@/commonName_default = $CNO/" > openssl.cnf.tmp
|
|
||||||
$OPENSSL req -config $PWD/openssl.cnf.tmp -batch -new -newkey rsa:2048 -nodes -out ocsp.csr -keyout ocsp.key -extensions v3_OCSP
|
|
||||||
$OPENSSL ca -config $PWD/openssl.cnf.tmp -batch -md sha256 -keyfile demoCA/private/cakey.pem -passin pass:$PASS -in ocsp.csr -out ocsp.pem -days 730 -extensions v3_OCSP || fail "Could not generate ocsp.pem"
|
|
||||||
|
|
||||||
echo
|
|
||||||
echo "---[ Server - to be revoked ] ------------------------------------------"
|
|
||||||
echo
|
|
||||||
|
|
||||||
cat my-openssl.cnf | sed "s/#@CN@/commonName_default = $CNV/" > openssl.cnf.tmp
|
|
||||||
$OPENSSL req -config $PWD/openssl.cnf.tmp -batch -new -newkey rsa:2048 -nodes -out server-revoked.csr -keyout server-revoked.key
|
|
||||||
$OPENSSL ca -config $PWD/openssl.cnf.tmp -batch -md sha256 -in server-revoked.csr -out server-revoked.pem -key $PASS -days 730 -extensions ext_server
|
|
||||||
$OPENSSL ca -revoke server-revoked.pem -key $PASS
|
|
||||||
|
|
||||||
echo
|
|
||||||
echo "---[ Server - with client ext key use ] ---------------------------------"
|
|
||||||
echo "---[ Only used for negative-testing for OSU-client implementation ] -----"
|
|
||||||
echo
|
|
||||||
|
|
||||||
cat my-openssl.cnf | sed "s/#@CN@/commonName_default = $CNOC/" > openssl.cnf.tmp
|
|
||||||
$OPENSSL req -config $PWD/openssl.cnf.tmp -batch -new -newkey rsa:2048 -nodes -out server-client.csr -keyout server-client.key || fail "Could not create server-client.key"
|
|
||||||
$OPENSSL ca -config $PWD/openssl.cnf.tmp -batch -md sha256 -in server-client.csr -out server-client.pem -key $PASS -days 730 -extensions ext_client || fail "Could not create server-client.pem"
|
|
||||||
|
|
||||||
echo
|
|
||||||
echo "---[ User ]-------------------------------------------------------------"
|
|
||||||
echo
|
|
||||||
|
|
||||||
cat my-openssl.cnf | sed "s/#@CN@/commonName_default = User/" > openssl.cnf.tmp
|
|
||||||
$OPENSSL req -config $PWD/openssl.cnf.tmp -batch -new -newkey rsa:2048 -nodes -out user.csr -keyout user.key || fail "Could not create user.key"
|
|
||||||
$OPENSSL ca -config $PWD/openssl.cnf.tmp -batch -md sha256 -in user.csr -out user.pem -key $PASS -days 730 -extensions ext_client || fail "Could not create user.pem"
|
|
||||||
|
|
||||||
echo
|
|
||||||
echo "---[ Server ]-----------------------------------------------------------"
|
|
||||||
echo
|
|
||||||
|
|
||||||
ALT="DNS:$OSU_SERVER_HOSTNAME"
|
|
||||||
ALT="$ALT,otherName:1.3.6.1.4.1.40808.1.1.1;UTF8String:$OPER_ENG"
|
|
||||||
ALT="$ALT,otherName:1.3.6.1.4.1.40808.1.1.1;UTF8String:$OPER_FI"
|
|
||||||
|
|
||||||
cat my-openssl.cnf |
|
|
||||||
sed "s/#@CN@/commonName_default = $OSU_SERVER_HOSTNAME/" |
|
|
||||||
sed "s/^##organizationalUnitName/organizationalUnitName/" |
|
|
||||||
sed "s/#@OU@/organizationalUnitName_default = Hotspot 2.0 Online Sign Up Server/" |
|
|
||||||
sed "s/#@ALTNAME@/subjectAltName=critical,$ALT/" \
|
|
||||||
> openssl.cnf.tmp
|
|
||||||
echo $OPENSSL req -config $PWD/openssl.cnf.tmp -batch -sha256 -new -newkey rsa:2048 -nodes -out server.csr -keyout server.key -reqexts v3_osu_server
|
|
||||||
$OPENSSL req -config $PWD/openssl.cnf.tmp -batch -sha256 -new -newkey rsa:2048 -nodes -out server.csr -keyout server.key -reqexts v3_osu_server || fail "Failed to generate server request"
|
|
||||||
$OPENSSL ca -config $PWD/openssl.cnf.tmp -batch -md sha256 -in server.csr -out server.pem -key $PASS -days 730 -extensions ext_server -policy policy_osu_server || fail "Failed to sign server certificate"
|
|
||||||
|
|
||||||
#dump logotype details for debugging
|
|
||||||
$OPENSSL x509 -in server.pem -out server.der -outform DER
|
|
||||||
openssl asn1parse -in server.der -inform DER | grep HEX | tail -1 | sed 's/.*://' | xxd -r -p > logo.der
|
|
||||||
openssl asn1parse -in logo.der -inform DER > logo.asn1
|
|
||||||
|
|
||||||
|
|
||||||
echo
|
|
||||||
echo "---[ CRL ]---------------------------------------------------------------"
|
|
||||||
echo
|
|
||||||
|
|
||||||
$OPENSSL ca -config $PWD/my-openssl.cnf -gencrl -md sha256 -out demoCA/crl/crl.pem -passin pass:$PASS
|
|
||||||
|
|
||||||
echo
|
|
||||||
echo "---[ Verify ]------------------------------------------------------------"
|
|
||||||
echo
|
|
||||||
|
|
||||||
$OPENSSL verify -CAfile rootCA/cacert.pem demoCA/cacert.pem
|
|
||||||
$OPENSSL verify -CAfile rootCA/cacert.pem -untrusted demoCA/cacert.pem *.pem
|
|
||||||
|
|
||||||
cat rootCA/cacert.pem demoCA/cacert.pem > ca.pem
|
|
Binary file not shown.
Before Width: | Height: | Size: 7.4 KiB |
|
@ -1,262 +0,0 @@
|
||||||
Hotspot 2.0 OSU server
|
|
||||||
======================
|
|
||||||
|
|
||||||
The information in this document is based on the assumption that Ubuntu
|
|
||||||
16.04 server (64-bit) distribution is used and the web server is
|
|
||||||
Apache2. Neither of these are requirements for the installation, but if
|
|
||||||
other combinations are used, the package names and configuration
|
|
||||||
parameters may need to be adjusted.
|
|
||||||
|
|
||||||
NOTE: This implementation and the example configuration here is meant
|
|
||||||
only for testing purposes in a lab environment. This design is not
|
|
||||||
secure to be installed in a publicly available Internet server without
|
|
||||||
considerable amount of modification and review for security issues.
|
|
||||||
|
|
||||||
|
|
||||||
Build dependencies
|
|
||||||
------------------
|
|
||||||
|
|
||||||
Ubuntu 16.04 server
|
|
||||||
- default installation
|
|
||||||
- upgraded to latest package versions
|
|
||||||
sudo apt-get update
|
|
||||||
sudo apt-get upgrade
|
|
||||||
|
|
||||||
Packages needed for running the service:
|
|
||||||
sudo apt-get install sqlite3
|
|
||||||
sudo apt-get install apache2
|
|
||||||
sudo apt-get install php-sqlite3 php-xml libapache2-mod-php
|
|
||||||
|
|
||||||
Additional packages needed for building the components:
|
|
||||||
sudo apt-get install build-essential
|
|
||||||
sudo apt-get install libsqlite3-dev
|
|
||||||
sudo apt-get install libssl-dev
|
|
||||||
sudo apt-get install libxml2-dev
|
|
||||||
|
|
||||||
|
|
||||||
Installation location
|
|
||||||
---------------------
|
|
||||||
|
|
||||||
Select a location for the installation root directory. The example here
|
|
||||||
assumes /home/user/hs20-server to be used, but this can be changed by
|
|
||||||
editing couple of files as indicated below.
|
|
||||||
|
|
||||||
sudo mkdir -p /home/user/hs20-server
|
|
||||||
sudo chown $USER /home/user/hs20-server
|
|
||||||
mkdir -p /home/user/hs20-server/spp
|
|
||||||
mkdir -p /home/user/hs20-server/AS
|
|
||||||
|
|
||||||
|
|
||||||
Build
|
|
||||||
-----
|
|
||||||
|
|
||||||
# hostapd as RADIUS server
|
|
||||||
cd hostapd
|
|
||||||
|
|
||||||
#example build configuration
|
|
||||||
cat > .config <<EOF
|
|
||||||
CONFIG_DRIVER_NONE=y
|
|
||||||
CONFIG_PKCS12=y
|
|
||||||
CONFIG_RADIUS_SERVER=y
|
|
||||||
CONFIG_EAP=y
|
|
||||||
CONFIG_EAP_TLS=y
|
|
||||||
CONFIG_EAP_MSCHAPV2=y
|
|
||||||
CONFIG_EAP_PEAP=y
|
|
||||||
CONFIG_EAP_GTC=y
|
|
||||||
CONFIG_EAP_TTLS=y
|
|
||||||
CONFIG_EAP_SIM=y
|
|
||||||
CONFIG_EAP_AKA=y
|
|
||||||
CONFIG_EAP_AKA_PRIME=y
|
|
||||||
CONFIG_SQLITE=y
|
|
||||||
CONFIG_HS20=y
|
|
||||||
EOF
|
|
||||||
|
|
||||||
make hostapd hlr_auc_gw
|
|
||||||
cp hostapd hlr_auc_gw /home/user/hs20-server/AS
|
|
||||||
|
|
||||||
# build hs20_spp_server
|
|
||||||
cd ../hs20/server
|
|
||||||
make clean
|
|
||||||
make
|
|
||||||
cp hs20_spp_server /home/user/hs20-server/spp
|
|
||||||
# prepare database (web server user/group needs to have write access)
|
|
||||||
mkdir -p /home/user/hs20-server/AS/DB
|
|
||||||
sudo chgrp www-data /home/user/hs20-server/AS/DB
|
|
||||||
sudo chmod g+w /home/user/hs20-server/AS/DB
|
|
||||||
sqlite3 /home/user/hs20-server/AS/DB/eap_user.db < sql.txt
|
|
||||||
sudo chgrp www-data /home/user/hs20-server/AS/DB/eap_user.db
|
|
||||||
sudo chmod g+w /home/user/hs20-server/AS/DB/eap_user.db
|
|
||||||
# add example configuration (note: need to update URLs to match the system)
|
|
||||||
sqlite3 /home/user/hs20-server/AS/DB/eap_user.db < sql-example.txt
|
|
||||||
|
|
||||||
# copy PHP scripts
|
|
||||||
# Modify config.php if different installation directory is used.
|
|
||||||
# Modify PHP scripts to get the desired behavior for user interaction (or use
|
|
||||||
# the examples as-is for initial testing).
|
|
||||||
cp -r www /home/user/hs20-server
|
|
||||||
|
|
||||||
# Create /home/user/hs20-server/terms-and-conditions file (HTML segment to be
|
|
||||||
# inserted within the BODY section of the page).
|
|
||||||
cat > /home/user/hs20-server/terms-and-conditions <<EOF
|
|
||||||
<P>Terms and conditions..</P>
|
|
||||||
EOF
|
|
||||||
|
|
||||||
# Build local keys and certs
|
|
||||||
cd ca
|
|
||||||
# Display help options.
|
|
||||||
./setup.sh -h
|
|
||||||
|
|
||||||
# Remove old keys, fill in appropriate values, and generate your keys.
|
|
||||||
# For instance:
|
|
||||||
./clean.sh
|
|
||||||
rm -fr rootCA"
|
|
||||||
old_hostname=myserver.local
|
|
||||||
./setup.sh -C "Hotspot 2.0 Trust Root CA - CT" \
|
|
||||||
-o $old_hostname-osu-client \
|
|
||||||
-O $old_hostname-oscp -p lanforge -S $old_hostname \
|
|
||||||
-V $old_hostname-osu-revoked \
|
|
||||||
-m local -u http://$old_hostname:8888/
|
|
||||||
|
|
||||||
# Configure subscription policies
|
|
||||||
mkdir -p /home/user/hs20-server/spp/policy
|
|
||||||
cat > /home/user/hs20-server/spp/policy/default.xml <<EOF
|
|
||||||
<Policy>
|
|
||||||
<PolicyUpdate>
|
|
||||||
<UpdateInterval>30</UpdateInterval>
|
|
||||||
<UpdateMethod>ClientInitiated</UpdateMethod>
|
|
||||||
<Restriction>Unrestricted</Restriction>
|
|
||||||
<URI>https://policy-server.osu.example.com/hs20/spp.php</URI>
|
|
||||||
</PolicyUpdate>
|
|
||||||
</Policy>
|
|
||||||
EOF
|
|
||||||
|
|
||||||
|
|
||||||
# Install Hotspot 2.0 SPP and OMA DM XML schema/DTD files
|
|
||||||
|
|
||||||
# XML schema for SPP
|
|
||||||
# Copy the latest XML schema into /home/user/hs20-server/spp/spp.xsd
|
|
||||||
|
|
||||||
# OMA DM Device Description Framework DTD
|
|
||||||
# Copy into /home/user/hs20-server/spp/dm_ddf-v1_2.dtd
|
|
||||||
# http://www.openmobilealliance.org/tech/DTD/dm_ddf-v1_2.dtd
|
|
||||||
|
|
||||||
|
|
||||||
# Configure RADIUS authentication service
|
|
||||||
# Note: Change the URL to match the setup
|
|
||||||
# Note: Install AAA server key/certificate and root CA in Key directory
|
|
||||||
|
|
||||||
cat > /home/user/hs20-server/AS/as-sql.conf <<EOF
|
|
||||||
driver=none
|
|
||||||
radius_server_clients=as.radius_clients
|
|
||||||
eap_server=1
|
|
||||||
eap_user_file=sqlite:DB/eap_user.db
|
|
||||||
ca_cert=Key/ca.pem
|
|
||||||
server_cert=Key/server.pem
|
|
||||||
private_key=Key/server.key
|
|
||||||
private_key_passwd=passphrase
|
|
||||||
eap_sim_db=unix:/tmp/hlr_auc_gw.sock db=eap_sim.db
|
|
||||||
subscr_remediation_url=https://subscription-server.osu.example.com/hs20/spp.php
|
|
||||||
EOF
|
|
||||||
|
|
||||||
# Set RADIUS passphrase for the APs
|
|
||||||
# Note: Modify to match the setup
|
|
||||||
cat > /home/user/hs20-server/AS/as.radius_clients <<EOF
|
|
||||||
0.0.0.0/0 radius
|
|
||||||
EOF
|
|
||||||
|
|
||||||
|
|
||||||
Start RADIUS authentication server
|
|
||||||
----------------------------------
|
|
||||||
|
|
||||||
cd /home/user/hs20-server/AS
|
|
||||||
./hostapd -B as-sql.conf
|
|
||||||
|
|
||||||
|
|
||||||
OSEN RADIUS server configuration notes
|
|
||||||
|
|
||||||
The OSEN RADIUS server config file should have the 'ocsp_stapling_response'
|
|
||||||
configuration in it. For example:
|
|
||||||
|
|
||||||
# hostapd-radius config for the radius used by the OSEN AP
|
|
||||||
interface=eth0#0
|
|
||||||
driver=none
|
|
||||||
logger_syslog=-1
|
|
||||||
logger_syslog_level=2
|
|
||||||
logger_stdout=-1
|
|
||||||
logger_stdout_level=2
|
|
||||||
ctrl_interface=/var/run/hostapd
|
|
||||||
ctrl_interface_group=0
|
|
||||||
eap_server=1
|
|
||||||
eap_user_file=/home/user/hs20-server/AS/hostapd-osen.eap_user
|
|
||||||
server_id=ben-ota-2-osen
|
|
||||||
radius_server_auth_port=1811
|
|
||||||
radius_server_clients=/home/user/hs20-server/AS/hostap.radius_clients
|
|
||||||
|
|
||||||
ca_cert=/home/user/hs20-server/ca/ca.pem
|
|
||||||
server_cert=/home/user/hs20-server/ca/server.pem
|
|
||||||
private_key=/home/user/hs20-server/ca/server.key
|
|
||||||
private_key_passwd=whatever
|
|
||||||
|
|
||||||
ocsp_stapling_response=/home/user/hs20-server/ca/ocsp-server-cache.der
|
|
||||||
|
|
||||||
The /home/user/hs20-server/AS/hostapd-osen.eap_user file should look
|
|
||||||
similar to this, and should coorelate with the osu_nai entry in
|
|
||||||
the non-OSEN VAP config file. For instance:
|
|
||||||
|
|
||||||
# cat hostapd-osen.eap_user
|
|
||||||
# For OSEN authentication (Hotspot 2.0 Release 2)
|
|
||||||
"osen@w1.fi" WFA-UNAUTH-TLS
|
|
||||||
|
|
||||||
|
|
||||||
# Run OCSP server:
|
|
||||||
cd /home/user/hs20-server/ca
|
|
||||||
./ocsp-responder.sh&
|
|
||||||
|
|
||||||
# Update cache (This should be run periodically)
|
|
||||||
./ocsp-update-cache.sh
|
|
||||||
|
|
||||||
|
|
||||||
Configure web server
|
|
||||||
--------------------
|
|
||||||
|
|
||||||
Edit /etc/apache2/sites-available/default-ssl
|
|
||||||
|
|
||||||
Add following block just before "SSL Engine Switch" line":
|
|
||||||
|
|
||||||
Alias /hs20/ "/home/user/hs20-server/www/"
|
|
||||||
<Directory "/home/user/hs20-server/www/">
|
|
||||||
Options Indexes MultiViews FollowSymLinks
|
|
||||||
AllowOverride None
|
|
||||||
Require all granted
|
|
||||||
SSLOptions +StdEnvVars
|
|
||||||
</Directory>
|
|
||||||
|
|
||||||
Update SSL configuration to use the OSU server certificate/key.
|
|
||||||
They keys and certs are called 'server.key' and 'server.pem' from
|
|
||||||
ca/setup.sh.
|
|
||||||
|
|
||||||
To support subscription remediation using client certificates, set
|
|
||||||
"SSLVerifyClient optional" and configure the trust root CA(s) for the
|
|
||||||
client certificates with SSLCACertificateFile.
|
|
||||||
|
|
||||||
Enable default-ssl site and restart Apache2:
|
|
||||||
sudo a2ensite default-ssl
|
|
||||||
sudo a2enmod ssl
|
|
||||||
sudo service apache2 restart
|
|
||||||
|
|
||||||
|
|
||||||
Management UI
|
|
||||||
-------------
|
|
||||||
|
|
||||||
The sample PHP scripts include a management UI for testing
|
|
||||||
purposes. That is available at https://<server>/hs20/users.php
|
|
||||||
|
|
||||||
|
|
||||||
AP configuration
|
|
||||||
----------------
|
|
||||||
|
|
||||||
APs can now be configured to use the OSU server as the RADIUS
|
|
||||||
authentication server. In addition, the OSU Provider List ANQP element
|
|
||||||
should be configured to use the SPP (SOAP+XML) option and with the
|
|
||||||
following Server URL:
|
|
||||||
https://<server>/hs20/spp.php/signup?realm=example.com
|
|
|
@ -1,207 +0,0 @@
|
||||||
/*
|
|
||||||
* Hotspot 2.0 SPP server - standalone version
|
|
||||||
* Copyright (c) 2012-2013, Qualcomm Atheros, Inc.
|
|
||||||
*
|
|
||||||
* This software may be distributed under the terms of the BSD license.
|
|
||||||
* See README for more details.
|
|
||||||
*/
|
|
||||||
|
|
||||||
#include "includes.h"
|
|
||||||
#include <time.h>
|
|
||||||
#include <sqlite3.h>
|
|
||||||
|
|
||||||
#include "common.h"
|
|
||||||
#include "common/version.h"
|
|
||||||
#include "xml-utils.h"
|
|
||||||
#include "spp_server.h"
|
|
||||||
|
|
||||||
|
|
||||||
static void write_timestamp(FILE *f)
|
|
||||||
{
|
|
||||||
time_t t;
|
|
||||||
struct tm *tm;
|
|
||||||
|
|
||||||
time(&t);
|
|
||||||
tm = localtime(&t);
|
|
||||||
|
|
||||||
fprintf(f, "%04u-%02u-%02u %02u:%02u:%02u ",
|
|
||||||
tm->tm_year + 1900, tm->tm_mon + 1, tm->tm_mday,
|
|
||||||
tm->tm_hour, tm->tm_min, tm->tm_sec);
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
void debug_print(struct hs20_svc *ctx, int print, const char *fmt, ...)
|
|
||||||
{
|
|
||||||
va_list ap;
|
|
||||||
|
|
||||||
if (ctx->debug_log == NULL)
|
|
||||||
return;
|
|
||||||
|
|
||||||
write_timestamp(ctx->debug_log);
|
|
||||||
va_start(ap, fmt);
|
|
||||||
vfprintf(ctx->debug_log, fmt, ap);
|
|
||||||
va_end(ap);
|
|
||||||
|
|
||||||
fprintf(ctx->debug_log, "\n");
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
void debug_dump_node(struct hs20_svc *ctx, const char *title, xml_node_t *node)
|
|
||||||
{
|
|
||||||
char *str;
|
|
||||||
|
|
||||||
if (ctx->debug_log == NULL)
|
|
||||||
return;
|
|
||||||
str = xml_node_to_str(ctx->xml, node);
|
|
||||||
if (str == NULL)
|
|
||||||
return;
|
|
||||||
|
|
||||||
write_timestamp(ctx->debug_log);
|
|
||||||
fprintf(ctx->debug_log, "%s: '%s'\n", title, str);
|
|
||||||
os_free(str);
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
static int process(struct hs20_svc *ctx)
|
|
||||||
{
|
|
||||||
int dmacc = 0;
|
|
||||||
xml_node_t *soap, *spp, *resp;
|
|
||||||
char *user, *realm, *post, *str;
|
|
||||||
|
|
||||||
ctx->addr = getenv("HS20ADDR");
|
|
||||||
if (ctx->addr)
|
|
||||||
debug_print(ctx, 1, "Connection from %s", ctx->addr);
|
|
||||||
ctx->test = getenv("HS20TEST");
|
|
||||||
if (ctx->test)
|
|
||||||
debug_print(ctx, 1, "Requested test functionality: %s",
|
|
||||||
ctx->test);
|
|
||||||
|
|
||||||
user = getenv("HS20USER");
|
|
||||||
if (user && strlen(user) == 0)
|
|
||||||
user = NULL;
|
|
||||||
realm = getenv("HS20REALM");
|
|
||||||
if (realm == NULL) {
|
|
||||||
debug_print(ctx, 1, "HS20REALM not set");
|
|
||||||
return -1;
|
|
||||||
}
|
|
||||||
post = getenv("HS20POST");
|
|
||||||
if (post == NULL) {
|
|
||||||
debug_print(ctx, 1, "HS20POST not set");
|
|
||||||
return -1;
|
|
||||||
}
|
|
||||||
|
|
||||||
ctx->imsi = getenv("HS20IMSI");
|
|
||||||
if (ctx->imsi)
|
|
||||||
debug_print(ctx, 1, "IMSI %s", ctx->imsi);
|
|
||||||
|
|
||||||
ctx->eap_method = getenv("HS20EAPMETHOD");
|
|
||||||
if (ctx->eap_method)
|
|
||||||
debug_print(ctx, 1, "EAP method %s", ctx->eap_method);
|
|
||||||
|
|
||||||
ctx->id_hash = getenv("HS20IDHASH");
|
|
||||||
if (ctx->id_hash)
|
|
||||||
debug_print(ctx, 1, "ID-HASH %s", ctx->id_hash);
|
|
||||||
|
|
||||||
soap = xml_node_from_buf(ctx->xml, post);
|
|
||||||
if (soap == NULL) {
|
|
||||||
debug_print(ctx, 1, "Could not parse SOAP data");
|
|
||||||
return -1;
|
|
||||||
}
|
|
||||||
debug_dump_node(ctx, "Received SOAP message", soap);
|
|
||||||
spp = soap_get_body(ctx->xml, soap);
|
|
||||||
if (spp == NULL) {
|
|
||||||
debug_print(ctx, 1, "Could not get SPP message");
|
|
||||||
xml_node_free(ctx->xml, soap);
|
|
||||||
return -1;
|
|
||||||
}
|
|
||||||
debug_dump_node(ctx, "Received SPP message", spp);
|
|
||||||
|
|
||||||
resp = hs20_spp_server_process(ctx, spp, user, realm, dmacc);
|
|
||||||
xml_node_free(ctx->xml, soap);
|
|
||||||
if (resp == NULL && user == NULL) {
|
|
||||||
debug_print(ctx, 1, "Request HTTP authentication");
|
|
||||||
return 2; /* Request authentication */
|
|
||||||
}
|
|
||||||
if (resp == NULL) {
|
|
||||||
debug_print(ctx, 1, "No response");
|
|
||||||
return -1;
|
|
||||||
}
|
|
||||||
|
|
||||||
soap = soap_build_envelope(ctx->xml, resp);
|
|
||||||
if (soap == NULL) {
|
|
||||||
debug_print(ctx, 1, "SOAP envelope building failed");
|
|
||||||
return -1;
|
|
||||||
}
|
|
||||||
str = xml_node_to_str(ctx->xml, soap);
|
|
||||||
xml_node_free(ctx->xml, soap);
|
|
||||||
if (str == NULL) {
|
|
||||||
debug_print(ctx, 1, "Could not get node string");
|
|
||||||
return -1;
|
|
||||||
}
|
|
||||||
printf("%s", str);
|
|
||||||
free(str);
|
|
||||||
|
|
||||||
return 0;
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
static void usage(void)
|
|
||||||
{
|
|
||||||
printf("usage:\n"
|
|
||||||
"hs20_spp_server -r<root directory> [-f<debug log>]\n");
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
int main(int argc, char *argv[])
|
|
||||||
{
|
|
||||||
struct hs20_svc ctx;
|
|
||||||
int ret;
|
|
||||||
|
|
||||||
os_memset(&ctx, 0, sizeof(ctx));
|
|
||||||
for (;;) {
|
|
||||||
int c = getopt(argc, argv, "f:r:v");
|
|
||||||
if (c < 0)
|
|
||||||
break;
|
|
||||||
switch (c) {
|
|
||||||
case 'f':
|
|
||||||
if (ctx.debug_log)
|
|
||||||
break;
|
|
||||||
ctx.debug_log = fopen(optarg, "a");
|
|
||||||
if (ctx.debug_log == NULL) {
|
|
||||||
printf("Could not write to %s\n", optarg);
|
|
||||||
return -1;
|
|
||||||
}
|
|
||||||
break;
|
|
||||||
case 'r':
|
|
||||||
ctx.root_dir = optarg;
|
|
||||||
break;
|
|
||||||
case 'v':
|
|
||||||
printf("hs20_spp_server v%s\n", VERSION_STR);
|
|
||||||
return 0;
|
|
||||||
default:
|
|
||||||
usage();
|
|
||||||
return -1;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
if (ctx.root_dir == NULL) {
|
|
||||||
usage();
|
|
||||||
return -1;
|
|
||||||
}
|
|
||||||
ctx.xml = xml_node_init_ctx(&ctx, NULL);
|
|
||||||
if (ctx.xml == NULL)
|
|
||||||
return -1;
|
|
||||||
if (hs20_spp_server_init(&ctx) < 0) {
|
|
||||||
xml_node_deinit_ctx(ctx.xml);
|
|
||||||
return -1;
|
|
||||||
}
|
|
||||||
|
|
||||||
ret = process(&ctx);
|
|
||||||
debug_print(&ctx, 1, "process() --> %d", ret);
|
|
||||||
|
|
||||||
xml_node_deinit_ctx(ctx.xml);
|
|
||||||
hs20_spp_server_deinit(&ctx);
|
|
||||||
if (ctx.debug_log)
|
|
||||||
fclose(ctx.debug_log);
|
|
||||||
|
|
||||||
return ret;
|
|
||||||
}
|
|
File diff suppressed because it is too large
Load diff
|
@ -1,36 +0,0 @@
|
||||||
/*
|
|
||||||
* Hotspot 2.0 SPP server
|
|
||||||
* Copyright (c) 2012-2013, Qualcomm Atheros, Inc.
|
|
||||||
*
|
|
||||||
* This software may be distributed under the terms of the BSD license.
|
|
||||||
* See README for more details.
|
|
||||||
*/
|
|
||||||
|
|
||||||
#ifndef SPP_SERVER_H
|
|
||||||
#define SPP_SERVER_H
|
|
||||||
|
|
||||||
struct hs20_svc {
|
|
||||||
const void *ctx;
|
|
||||||
struct xml_node_ctx *xml;
|
|
||||||
char *root_dir;
|
|
||||||
FILE *debug_log;
|
|
||||||
sqlite3 *db;
|
|
||||||
const char *addr;
|
|
||||||
const char *test;
|
|
||||||
const char *imsi;
|
|
||||||
const char *eap_method;
|
|
||||||
const char *id_hash;
|
|
||||||
};
|
|
||||||
|
|
||||||
|
|
||||||
void debug_print(struct hs20_svc *ctx, int print, const char *fmt, ...)
|
|
||||||
__attribute__ ((format (printf, 3, 4)));
|
|
||||||
void debug_dump_node(struct hs20_svc *ctx, const char *title, xml_node_t *node);
|
|
||||||
|
|
||||||
xml_node_t * hs20_spp_server_process(struct hs20_svc *ctx, xml_node_t *node,
|
|
||||||
const char *auth_user,
|
|
||||||
const char *auth_realm, int dmacc);
|
|
||||||
int hs20_spp_server_init(struct hs20_svc *ctx);
|
|
||||||
void hs20_spp_server_deinit(struct hs20_svc *ctx);
|
|
||||||
|
|
||||||
#endif /* SPP_SERVER_H */
|
|
|
@ -1,17 +0,0 @@
|
||||||
INSERT INTO osu_config(realm,field,value) VALUES('example.com','fqdn','example.com');
|
|
||||||
INSERT INTO osu_config(realm,field,value) VALUES('example.com','friendly_name','Example Operator');
|
|
||||||
INSERT INTO osu_config(realm,field,value) VALUES('example.com','spp_http_auth_url','https://subscription-server.osu.example.com/hs20/spp.php?realm=example.com');
|
|
||||||
INSERT INTO osu_config(realm,field,value) VALUES('example.com','trust_root_cert_url','https://osu-server.osu.example.com/hs20/files/spp-root-ca.der');
|
|
||||||
INSERT INTO osu_config(realm,field,value) VALUES('example.com','trust_root_cert_fingerprint','5b393a9246865569485c2605c3304e48212b449367858299beba9384c4cf4647');
|
|
||||||
INSERT INTO osu_config(realm,field,value) VALUES('example.com','aaa_trust_root_cert_url','https://osu-server.osu.example.com/hs20/files/aaa-root-ca.der');
|
|
||||||
INSERT INTO osu_config(realm,field,value) VALUES('example.com','aaa_trust_root_cert_fingerprint','5b393a9246865569485c2605c3304e48212b449367858299beba9384c4cf4647');
|
|
||||||
INSERT INTO osu_config(realm,field,value) VALUES('example.com','free_account','free');
|
|
||||||
INSERT INTO osu_config(realm,field,value) VALUES('example.com','policy_url','https://subscription-server.osu.example.com/hs20/spp.php?realm=example.com');
|
|
||||||
INSERT INTO osu_config(realm,field,value) VALUES('example.com','remediation_url','https://subscription-server.osu.example.com/hs20/remediation.php?session_id=');
|
|
||||||
INSERT INTO osu_config(realm,field,value) VALUES('example.com','free_remediation_url','https://subscription-server.osu.example.com/hs20/free-remediation.php?session_id=');
|
|
||||||
INSERT INTO osu_config(realm,field,value) VALUES('example.com','signup_url','https://subscription-server.osu.example.com/hs20/signup.php?session_id=');
|
|
||||||
|
|
||||||
|
|
||||||
INSERT INTO users(identity,realm,methods,password,phase2,shared) VALUES('free','example.com','TTLS-MSCHAPV2','free',1,1);
|
|
||||||
|
|
||||||
INSERT INTO wildcards(identity,methods) VALUES('','TTLS,TLS');
|
|
|
@ -1,108 +0,0 @@
|
||||||
CREATE TABLE eventlog(
|
|
||||||
user TEXT,
|
|
||||||
realm TEXT,
|
|
||||||
sessionid TEXT COLLATE NOCASE,
|
|
||||||
timestamp TEXT,
|
|
||||||
notes TEXT,
|
|
||||||
dump TEXT,
|
|
||||||
addr TEXT
|
|
||||||
);
|
|
||||||
|
|
||||||
CREATE TABLE sessions(
|
|
||||||
timestamp TEXT,
|
|
||||||
id TEXT COLLATE NOCASE,
|
|
||||||
user TEXT,
|
|
||||||
realm TEXT,
|
|
||||||
password TEXT,
|
|
||||||
machine_managed BOOLEAN,
|
|
||||||
operation INTEGER,
|
|
||||||
type TEXT,
|
|
||||||
pps TEXT,
|
|
||||||
redirect_uri TEXT,
|
|
||||||
devinfo TEXT,
|
|
||||||
devdetail TEXT,
|
|
||||||
cert TEXT,
|
|
||||||
cert_pem TEXT,
|
|
||||||
mac_addr TEXT,
|
|
||||||
osu_user TEXT,
|
|
||||||
osu_password TEXT,
|
|
||||||
eap_method TEXT,
|
|
||||||
mobile_identifier_hash TEXT,
|
|
||||||
test TEXT
|
|
||||||
);
|
|
||||||
|
|
||||||
CREATE index sessions_id_index ON sessions(id);
|
|
||||||
|
|
||||||
CREATE TABLE osu_config(
|
|
||||||
realm TEXT,
|
|
||||||
field TEXT,
|
|
||||||
value TEXT
|
|
||||||
);
|
|
||||||
|
|
||||||
CREATE TABLE users(
|
|
||||||
identity TEXT PRIMARY KEY,
|
|
||||||
methods TEXT,
|
|
||||||
password TEXT,
|
|
||||||
machine_managed BOOLEAN,
|
|
||||||
remediation TEXT,
|
|
||||||
phase2 INTEGER,
|
|
||||||
realm TEXT,
|
|
||||||
policy TEXT,
|
|
||||||
devinfo TEXT,
|
|
||||||
devdetail TEXT,
|
|
||||||
pps TEXT,
|
|
||||||
fetch_pps INTEGER,
|
|
||||||
osu_user TEXT,
|
|
||||||
osu_password TEXT,
|
|
||||||
shared INTEGER,
|
|
||||||
cert TEXT,
|
|
||||||
cert_pem TEXT,
|
|
||||||
t_c_timestamp INTEGER,
|
|
||||||
mac_addr TEXT,
|
|
||||||
last_msk TEXT,
|
|
||||||
polupd_done TEXT,
|
|
||||||
subrem TEXT
|
|
||||||
);
|
|
||||||
|
|
||||||
CREATE TABLE wildcards(
|
|
||||||
identity TEXT PRIMARY KEY,
|
|
||||||
methods TEXT
|
|
||||||
);
|
|
||||||
|
|
||||||
CREATE TABLE authlog(
|
|
||||||
timestamp TEXT,
|
|
||||||
session TEXT,
|
|
||||||
nas_ip TEXT,
|
|
||||||
username TEXT,
|
|
||||||
note TEXT
|
|
||||||
);
|
|
||||||
|
|
||||||
CREATE TABLE pending_tc(
|
|
||||||
mac_addr TEXT PRIMARY KEY,
|
|
||||||
identity TEXT
|
|
||||||
);
|
|
||||||
|
|
||||||
CREATE TABLE current_sessions(
|
|
||||||
mac_addr TEXT PRIMARY KEY,
|
|
||||||
identity TEXT,
|
|
||||||
start_time TEXT,
|
|
||||||
nas TEXT,
|
|
||||||
hs20_t_c_filtering BOOLEAN,
|
|
||||||
waiting_coa_ack BOOLEAN,
|
|
||||||
coa_ack_received BOOLEAN
|
|
||||||
);
|
|
||||||
|
|
||||||
CREATE TABLE cert_enroll(
|
|
||||||
mac_addr TEXT PRIMARY KEY,
|
|
||||||
user TEXT,
|
|
||||||
realm TEXT,
|
|
||||||
serialnum TEXT
|
|
||||||
);
|
|
||||||
|
|
||||||
CREATE TABLE sim_provisioning(
|
|
||||||
mobile_identifier_hash TEXT PRIMARY KEY,
|
|
||||||
imsi TEXT,
|
|
||||||
mac_addr TEXT,
|
|
||||||
eap_method TEXT,
|
|
||||||
timestamp TEXT
|
|
||||||
);
|
|
|
@ -1,50 +0,0 @@
|
||||||
<?php
|
|
||||||
|
|
||||||
require('config.php');
|
|
||||||
|
|
||||||
$db = new PDO($osu_db);
|
|
||||||
if (!$db) {
|
|
||||||
die($sqliteerror);
|
|
||||||
}
|
|
||||||
|
|
||||||
if (isset($_POST["id"]))
|
|
||||||
$id = preg_replace("/[^a-fA-F0-9]/", "", $_POST["id"]);
|
|
||||||
else
|
|
||||||
die("Missing session id");
|
|
||||||
if (strlen($id) < 32)
|
|
||||||
die("Invalid session id");
|
|
||||||
|
|
||||||
$row = $db->query("SELECT rowid,* FROM sessions WHERE id='$id'")->fetch();
|
|
||||||
if ($row == false) {
|
|
||||||
die("Session not found");
|
|
||||||
}
|
|
||||||
|
|
||||||
$uri = $row['redirect_uri'];
|
|
||||||
$rowid = $row['rowid'];
|
|
||||||
$realm = $row['realm'];
|
|
||||||
|
|
||||||
$row = $db->query("SELECT value FROM osu_config WHERE realm='$realm' AND field='free_account'")->fetch();
|
|
||||||
if (!$row || strlen($row['value']) == 0) {
|
|
||||||
die("Free account disabled");
|
|
||||||
}
|
|
||||||
|
|
||||||
$user = $row['value'];
|
|
||||||
|
|
||||||
$row = $db->query("SELECT password FROM users WHERE identity='$user' AND realm='$realm'")->fetch();
|
|
||||||
if (!$row)
|
|
||||||
die("Free account not found");
|
|
||||||
|
|
||||||
$pw = $row['password'];
|
|
||||||
|
|
||||||
if (!$db->exec("UPDATE sessions SET user='$user', password='$pw', realm='$realm', machine_managed='1' WHERE rowid=$rowid")) {
|
|
||||||
die("Failed to update session database");
|
|
||||||
}
|
|
||||||
|
|
||||||
$db->exec("INSERT INTO eventlog(user,realm,sessionid,timestamp,notes) " .
|
|
||||||
"VALUES ('$user', '$realm', '$id', " .
|
|
||||||
"strftime('%Y-%m-%d %H:%M:%f','now'), " .
|
|
||||||
"'completed user input response for a new PPS MO')");
|
|
||||||
|
|
||||||
header("Location: $uri", true, 302);
|
|
||||||
|
|
||||||
?>
|
|
|
@ -1,56 +0,0 @@
|
||||||
<?php
|
|
||||||
|
|
||||||
require('config.php');
|
|
||||||
|
|
||||||
$db = new PDO($osu_db);
|
|
||||||
if (!$db) {
|
|
||||||
die($sqliteerror);
|
|
||||||
}
|
|
||||||
|
|
||||||
if (isset($_POST["id"]))
|
|
||||||
$id = preg_replace("/[^a-fA-F0-9]/", "", $_POST["id"]);
|
|
||||||
else
|
|
||||||
die("Missing session id");
|
|
||||||
|
|
||||||
$user = $_POST["user"];
|
|
||||||
$pw = $_POST["password"];
|
|
||||||
if (strlen($id) < 32 || !isset($user) || !isset($pw)) {
|
|
||||||
die("Invalid POST data");
|
|
||||||
}
|
|
||||||
|
|
||||||
if (strlen($user) < 1 || strncasecmp($user, "cert-", 5) == 0) {
|
|
||||||
echo "<html><body><p><red>Invalid username</red></p>\n";
|
|
||||||
echo "<a href=\"signup.php?session_id=$id\">Try again</a>\n";
|
|
||||||
echo "</body></html>\n";
|
|
||||||
exit;
|
|
||||||
}
|
|
||||||
|
|
||||||
$row = $db->query("SELECT rowid,* FROM sessions WHERE id='$id'")->fetch();
|
|
||||||
if ($row == false) {
|
|
||||||
die("Session not found");
|
|
||||||
}
|
|
||||||
$realm = $row['realm'];
|
|
||||||
|
|
||||||
$userrow = $db->query("SELECT identity FROM users WHERE identity='$user' AND realm='$realm'")->fetch();
|
|
||||||
if ($userrow) {
|
|
||||||
echo "<html><body><p><red>Selected username is not available</red></p>\n";
|
|
||||||
echo "<a href=\"signup.php?session_id=$id\">Try again</a>\n";
|
|
||||||
echo "</body></html>\n";
|
|
||||||
exit;
|
|
||||||
}
|
|
||||||
|
|
||||||
$uri = $row['redirect_uri'];
|
|
||||||
$rowid = $row['rowid'];
|
|
||||||
|
|
||||||
if (!$db->exec("UPDATE sessions SET user='$user', password='$pw', realm='$realm', type='password' WHERE rowid=$rowid")) {
|
|
||||||
die("Failed to update session database");
|
|
||||||
}
|
|
||||||
|
|
||||||
$db->exec("INSERT INTO eventlog(user,realm,sessionid,timestamp,notes) " .
|
|
||||||
"VALUES ('$user', '$realm', '$id', " .
|
|
||||||
"strftime('%Y-%m-%d %H:%M:%f','now'), " .
|
|
||||||
"'completed user input response for a new PPS MO')");
|
|
||||||
|
|
||||||
header("Location: $uri", true, 302);
|
|
||||||
|
|
||||||
?>
|
|
|
@ -1,39 +0,0 @@
|
||||||
<?php
|
|
||||||
|
|
||||||
require('config.php');
|
|
||||||
|
|
||||||
$db = new PDO($osu_db);
|
|
||||||
if (!$db) {
|
|
||||||
die($sqliteerror);
|
|
||||||
}
|
|
||||||
|
|
||||||
if (isset($_GET["id"]))
|
|
||||||
$id = preg_replace("/[^a-fA-F0-9]/", "", $_GET["id"]);
|
|
||||||
else
|
|
||||||
die("Missing session id");
|
|
||||||
if (strlen($id) < 32)
|
|
||||||
die("Invalid session id");
|
|
||||||
|
|
||||||
$row = $db->query("SELECT rowid,* FROM sessions WHERE id='$id'")->fetch();
|
|
||||||
if ($row == false) {
|
|
||||||
die("Session not found");
|
|
||||||
}
|
|
||||||
|
|
||||||
$uri = $row['redirect_uri'];
|
|
||||||
$rowid = $row['rowid'];
|
|
||||||
$realm = $row['realm'];
|
|
||||||
|
|
||||||
$user = sha1(mt_rand());
|
|
||||||
|
|
||||||
if (!$db->exec("UPDATE sessions SET user='$user', type='cert' WHERE rowid=$rowid")) {
|
|
||||||
die("Failed to update session database");
|
|
||||||
}
|
|
||||||
|
|
||||||
$db->exec("INSERT INTO eventlog(user,realm,sessionid,timestamp,notes) " .
|
|
||||||
"VALUES ('', '$realm', '$id', " .
|
|
||||||
"strftime('%Y-%m-%d %H:%M:%f','now'), " .
|
|
||||||
"'completed user input response for client certificate enrollment')");
|
|
||||||
|
|
||||||
header("Location: $uri", true, 302);
|
|
||||||
|
|
||||||
?>
|
|
|
@ -1,7 +0,0 @@
|
||||||
<?php
|
|
||||||
$osu_root = "/home/user/hs20-server";
|
|
||||||
$osu_db = "sqlite:$osu_root/AS/DB/eap_user.db";
|
|
||||||
$t_c_file = "$osu_root/terms-and-conditions";
|
|
||||||
$t_c_timestamp = 123456789;
|
|
||||||
$hostapd_ctrl = "udg:///home/user/hs20-server/AS/ctrl/as"
|
|
||||||
?>
|
|
|
@ -1,232 +0,0 @@
|
||||||
<?php
|
|
||||||
|
|
||||||
require('config.php');
|
|
||||||
|
|
||||||
$params = explode("/", $_SERVER["PATH_INFO"], 3);
|
|
||||||
$realm = $params[1];
|
|
||||||
$cmd = $params[2];
|
|
||||||
$method = $_SERVER["REQUEST_METHOD"];
|
|
||||||
|
|
||||||
unset($user);
|
|
||||||
unset($rowid);
|
|
||||||
|
|
||||||
$db = new PDO($osu_db);
|
|
||||||
if (!$db) {
|
|
||||||
error_log("EST: Could not access database");
|
|
||||||
die("Could not access database");
|
|
||||||
}
|
|
||||||
|
|
||||||
if (!empty($_SERVER['PHP_AUTH_DIGEST'])) {
|
|
||||||
$needed = array('nonce'=>1, 'nc'=>1, 'cnonce'=>1, 'qop'=>1, 'username'=>1,
|
|
||||||
'uri'=>1, 'response'=>1);
|
|
||||||
$data = array();
|
|
||||||
$keys = implode('|', array_keys($needed));
|
|
||||||
preg_match_all('@(' . $keys . ')=(?:([\'"])([^\2]+?)\2|([^\s,]+))@',
|
|
||||||
$_SERVER['PHP_AUTH_DIGEST'], $matches, PREG_SET_ORDER);
|
|
||||||
foreach ($matches as $m) {
|
|
||||||
$data[$m[1]] = $m[3] ? $m[3] : $m[4];
|
|
||||||
unset($needed[$m[1]]);
|
|
||||||
}
|
|
||||||
if ($needed) {
|
|
||||||
error_log("EST: Missing auth parameter");
|
|
||||||
die('Authentication failed');
|
|
||||||
}
|
|
||||||
$user = $data['username'];
|
|
||||||
if (strlen($user) < 1) {
|
|
||||||
error_log("EST: Empty username");
|
|
||||||
die('Authentication failed');
|
|
||||||
}
|
|
||||||
|
|
||||||
$sql = "SELECT rowid,password,operation FROM sessions " .
|
|
||||||
"WHERE user='$user' AND realm='$realm'";
|
|
||||||
$q = $db->query($sql);
|
|
||||||
if (!$q) {
|
|
||||||
error_log("EST: Session not found for user=$user realm=$realm");
|
|
||||||
die("Session not found");
|
|
||||||
}
|
|
||||||
$row = $q->fetch();
|
|
||||||
if (!$row) {
|
|
||||||
error_log("EST: Session fetch failed for user=$user realm=$realm");
|
|
||||||
die('Session not found');
|
|
||||||
}
|
|
||||||
$rowid = $row['rowid'];
|
|
||||||
|
|
||||||
$oper = $row['operation'];
|
|
||||||
if ($oper != '5') {
|
|
||||||
error_log("EST: Unexpected operation $oper for user=$user realm=$realm");
|
|
||||||
die("Session not found");
|
|
||||||
}
|
|
||||||
$pw = $row['password'];
|
|
||||||
if (strlen($pw) < 1) {
|
|
||||||
error_log("EST: Empty password for user=$user realm=$realm");
|
|
||||||
die('Authentication failed');
|
|
||||||
}
|
|
||||||
|
|
||||||
$A1 = md5($user . ':' . $realm . ':' . $pw);
|
|
||||||
$A2 = md5($method . ':' . $data['uri']);
|
|
||||||
$resp = md5($A1 . ':' . $data['nonce'] . ':' . $data['nc'] . ':' .
|
|
||||||
$data['cnonce'] . ':' . $data['qop'] . ':' . $A2);
|
|
||||||
if ($data['response'] != $resp) {
|
|
||||||
error_log("EST: Incorrect authentication response for user=$user realm=$realm");
|
|
||||||
die('Authentication failed');
|
|
||||||
}
|
|
||||||
} else if (isset($_SERVER["SSL_CLIENT_VERIFY"]) &&
|
|
||||||
$_SERVER["SSL_CLIENT_VERIFY"] == "SUCCESS" &&
|
|
||||||
isset($_SERVER["SSL_CLIENT_M_SERIAL"])) {
|
|
||||||
$user = "cert-" . $_SERVER["SSL_CLIENT_M_SERIAL"];
|
|
||||||
$sql = "SELECT rowid,password,operation FROM sessions " .
|
|
||||||
"WHERE user='$user' AND realm='$realm'";
|
|
||||||
$q = $db->query($sql);
|
|
||||||
if (!$q) {
|
|
||||||
error_log("EST: Session not found for user=$user realm=$realm");
|
|
||||||
die("Session not found");
|
|
||||||
}
|
|
||||||
$row = $q->fetch();
|
|
||||||
if (!$row) {
|
|
||||||
error_log("EST: Session fetch failed for user=$user realm=$realm");
|
|
||||||
die('Session not found');
|
|
||||||
}
|
|
||||||
$rowid = $row['rowid'];
|
|
||||||
|
|
||||||
$oper = $row['operation'];
|
|
||||||
if ($oper != '10') {
|
|
||||||
error_log("EST: Unexpected operation $oper for user=$user realm=$realm");
|
|
||||||
die("Session not found");
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
if ($method == "GET" && $cmd == "cacerts") {
|
|
||||||
$fname = "$osu_root/est/$realm-cacerts.pkcs7";
|
|
||||||
if (!file_exists($fname)) {
|
|
||||||
error_log("EST: cacerts - unknown realm $realm");
|
|
||||||
die("Unknown realm");
|
|
||||||
}
|
|
||||||
|
|
||||||
header("Content-Transfer-Encoding: base64");
|
|
||||||
header("Content-Type: application/pkcs7-mime");
|
|
||||||
|
|
||||||
$data = file_get_contents($fname);
|
|
||||||
echo wordwrap(base64_encode($data), 72, "\n", true);
|
|
||||||
echo "\n";
|
|
||||||
error_log("EST: cacerts");
|
|
||||||
} else if ($method == "GET" && $cmd == "csrattrs") {
|
|
||||||
header("Content-Transfer-Encoding: base64");
|
|
||||||
header("Content-Type: application/csrattrs");
|
|
||||||
readfile("$osu_root/est/est-attrs.b64");
|
|
||||||
error_log("EST: csrattrs");
|
|
||||||
} else if ($method == "POST" &&
|
|
||||||
($cmd == "simpleenroll" || $cmd == "simplereenroll")) {
|
|
||||||
$reenroll = $cmd == "simplereenroll";
|
|
||||||
if (!$reenroll && (!isset($user) || strlen($user) == 0)) {
|
|
||||||
header('HTTP/1.1 401 Unauthorized');
|
|
||||||
header('WWW-Authenticate: Digest realm="'.$realm.
|
|
||||||
'",qop="auth",nonce="'.uniqid().'",opaque="'.md5($realm).'"');
|
|
||||||
error_log("EST: simpleenroll - require authentication");
|
|
||||||
die('Authentication required');
|
|
||||||
}
|
|
||||||
if ($reenroll &&
|
|
||||||
(!isset($user) ||
|
|
||||||
!isset($_SERVER["SSL_CLIENT_VERIFY"]) ||
|
|
||||||
$_SERVER["SSL_CLIENT_VERIFY"] != "SUCCESS")) {
|
|
||||||
header('HTTP/1.1 403 Forbidden');
|
|
||||||
error_log("EST: simplereenroll - require certificate authentication");
|
|
||||||
die('Authentication required');
|
|
||||||
}
|
|
||||||
if (!isset($_SERVER["CONTENT_TYPE"])) {
|
|
||||||
error_log("EST: simpleenroll without Content-Type");
|
|
||||||
die("Missing Content-Type");
|
|
||||||
}
|
|
||||||
if (!stristr($_SERVER["CONTENT_TYPE"], "application/pkcs10")) {
|
|
||||||
error_log("EST: simpleenroll - unexpected Content-Type: " .
|
|
||||||
$_SERVER["CONTENT_TYPE"]);
|
|
||||||
die("Unexpected Content-Type");
|
|
||||||
}
|
|
||||||
|
|
||||||
$data = file_get_contents("php://input");
|
|
||||||
error_log("EST: simpleenroll - POST data from php://input: " . $data);
|
|
||||||
$req = base64_decode($data);
|
|
||||||
if ($req == FALSE) {
|
|
||||||
error_log("EST: simpleenroll - Invalid base64-encoded PKCS#10 data");
|
|
||||||
die("Invalid base64-encoded PKCS#10 data");
|
|
||||||
}
|
|
||||||
$cadir = "$osu_root/est";
|
|
||||||
$reqfile = "$cadir/tmp/cert-req.pkcs10";
|
|
||||||
$f = fopen($reqfile, "wb");
|
|
||||||
fwrite($f, $req);
|
|
||||||
fclose($f);
|
|
||||||
|
|
||||||
$req_pem = "$reqfile.pem";
|
|
||||||
if (file_exists($req_pem))
|
|
||||||
unlink($req_pem);
|
|
||||||
exec("openssl req -in $reqfile -inform DER -out $req_pem -outform PEM");
|
|
||||||
if (!file_exists($req_pem)) {
|
|
||||||
error_log("EST: simpleenroll - Failed to parse certificate request");
|
|
||||||
die("Failed to parse certificate request");
|
|
||||||
}
|
|
||||||
|
|
||||||
/* FIX: validate request and add HS 2.0 extensions to cert */
|
|
||||||
$cert_pem = "$cadir/tmp/req-signed.pem";
|
|
||||||
if (file_exists($cert_pem))
|
|
||||||
unlink($cert_pem);
|
|
||||||
exec("openssl x509 -req -in $req_pem -CAkey $cadir/cakey.pem -out $cert_pem -CA $cadir/cacert.pem -CAserial $cadir/serial -days 365 -text");
|
|
||||||
if (!file_exists($cert_pem)) {
|
|
||||||
error_log("EST: simpleenroll - Failed to sign certificate");
|
|
||||||
die("Failed to sign certificate");
|
|
||||||
}
|
|
||||||
|
|
||||||
$cert = file_get_contents($cert_pem);
|
|
||||||
$handle = popen("openssl x509 -in $cert_pem -serial -noout", "r");
|
|
||||||
$serial = fread($handle, 200);
|
|
||||||
pclose($handle);
|
|
||||||
$pattern = "/serial=(?P<snhex>[0-9a-fA-F:]*)/m";
|
|
||||||
preg_match($pattern, $serial, $matches);
|
|
||||||
if (!isset($matches['snhex']) || strlen($matches['snhex']) < 1) {
|
|
||||||
error_log("EST: simpleenroll - Could not get serial number");
|
|
||||||
die("Could not get serial number");
|
|
||||||
}
|
|
||||||
$sn = str_replace(":", "", strtoupper($matches['snhex']));
|
|
||||||
|
|
||||||
$user = "cert-$sn";
|
|
||||||
error_log("EST: user = $user");
|
|
||||||
|
|
||||||
$cert_der = "$cadir/tmp/req-signed.der";
|
|
||||||
if (file_exists($cert_der))
|
|
||||||
unlink($cert_der);
|
|
||||||
exec("openssl x509 -in $cert_pem -inform PEM -out $cert_der -outform DER");
|
|
||||||
if (!file_exists($cert_der)) {
|
|
||||||
error_log("EST: simpleenroll - Failed to convert certificate");
|
|
||||||
die("Failed to convert certificate");
|
|
||||||
}
|
|
||||||
$der = file_get_contents($cert_der);
|
|
||||||
$fingerprint = hash("sha256", $der);
|
|
||||||
error_log("EST: sha256(DER cert): $fingerprint");
|
|
||||||
|
|
||||||
$pkcs7 = "$cadir/tmp/est-client.pkcs7";
|
|
||||||
if (file_exists($pkcs7))
|
|
||||||
unlink($pkcs7);
|
|
||||||
exec("openssl crl2pkcs7 -nocrl -certfile $cert_pem -out $pkcs7 -outform DER");
|
|
||||||
if (!file_exists($pkcs7)) {
|
|
||||||
error_log("EST: simpleenroll - Failed to prepare PKCS#7 file");
|
|
||||||
die("Failed to prepare PKCS#7 file");
|
|
||||||
}
|
|
||||||
|
|
||||||
if (!$db->exec("UPDATE sessions SET user='$user', cert='$fingerprint', cert_pem='$cert' WHERE rowid=$rowid")) {
|
|
||||||
error_log("EST: simpleenroll - Failed to update session database");
|
|
||||||
die("Failed to update session database");
|
|
||||||
}
|
|
||||||
|
|
||||||
header("Content-Transfer-Encoding: base64");
|
|
||||||
header("Content-Type: application/pkcs7-mime");
|
|
||||||
|
|
||||||
$data = file_get_contents($pkcs7);
|
|
||||||
$resp = wordwrap(base64_encode($data), 72, "\n", true);
|
|
||||||
echo $resp . "\n";
|
|
||||||
error_log("EST: simpleenroll - PKCS#7 response: " . $resp);
|
|
||||||
} else {
|
|
||||||
header("HTTP/1.0 404 Not Found");
|
|
||||||
error_log("EST: Unexpected method or path");
|
|
||||||
die("Unexpected method or path");
|
|
||||||
}
|
|
||||||
|
|
||||||
?>
|
|
|
@ -1,19 +0,0 @@
|
||||||
<html>
|
|
||||||
<head>
|
|
||||||
<title>Hotspot 2.0 - public and free hotspot - remediation</title>
|
|
||||||
</head>
|
|
||||||
<body>
|
|
||||||
|
|
||||||
<h3>Hotspot 2.0 - public and free hotspot</h3>
|
|
||||||
|
|
||||||
<p>Terms and conditions have changed. You need to accept the new terms
|
|
||||||
to continue using this network.</p>
|
|
||||||
|
|
||||||
<p>Terms and conditions..</p>
|
|
||||||
|
|
||||||
<?php
|
|
||||||
echo "<a href=\"redirect.php?id=" . $_GET["session_id"] . "\">Accept</a><br>\n";
|
|
||||||
?>
|
|
||||||
|
|
||||||
</body>
|
|
||||||
</html>
|
|
|
@ -1,23 +0,0 @@
|
||||||
<html>
|
|
||||||
<head>
|
|
||||||
<title>Hotspot 2.0 - public and free hotspot</title>
|
|
||||||
</head>
|
|
||||||
<body>
|
|
||||||
|
|
||||||
<?php
|
|
||||||
|
|
||||||
$id = $_GET["session_id"];
|
|
||||||
|
|
||||||
echo "<h3>Hotspot 2.0 - public and free hotspot</h3>\n";
|
|
||||||
|
|
||||||
echo "<form action=\"add-free.php\" method=\"POST\">\n";
|
|
||||||
echo "<input type=\"hidden\" name=\"id\" value=\"$id\">\n";
|
|
||||||
|
|
||||||
?>
|
|
||||||
|
|
||||||
<p>Terms and conditions..</p>
|
|
||||||
<input type="submit" value="Accept">
|
|
||||||
</form>
|
|
||||||
|
|
||||||
</body>
|
|
||||||
</html>
|
|
|
@ -1,32 +0,0 @@
|
||||||
<?php
|
|
||||||
|
|
||||||
require('config.php');
|
|
||||||
|
|
||||||
$db = new PDO($osu_db);
|
|
||||||
if (!$db) {
|
|
||||||
die($sqliteerror);
|
|
||||||
}
|
|
||||||
|
|
||||||
if (isset($_GET["id"]))
|
|
||||||
$id = preg_replace("/[^a-fA-F0-9]/", "", $_GET["id"]);
|
|
||||||
else
|
|
||||||
$id = 0;
|
|
||||||
|
|
||||||
$row = $db->query("SELECT rowid,* FROM sessions WHERE id='$id'")->fetch();
|
|
||||||
if ($row == false) {
|
|
||||||
die("Session not found");
|
|
||||||
}
|
|
||||||
|
|
||||||
$uri = $row['redirect_uri'];
|
|
||||||
|
|
||||||
header("Location: $uri", true, 302);
|
|
||||||
|
|
||||||
$user = $row['user'];
|
|
||||||
$realm = $row['realm'];
|
|
||||||
|
|
||||||
$db->exec("INSERT INTO eventlog(user,realm,sessionid,timestamp,notes) " .
|
|
||||||
"VALUES ('$user', '$realm', '$id', " .
|
|
||||||
"strftime('%Y-%m-%d %H:%M:%f','now'), " .
|
|
||||||
"'redirected after user input')");
|
|
||||||
|
|
||||||
?>
|
|
|
@ -1,41 +0,0 @@
|
||||||
<?php
|
|
||||||
|
|
||||||
require('config.php');
|
|
||||||
|
|
||||||
$db = new PDO($osu_db);
|
|
||||||
if (!$db) {
|
|
||||||
die($sqliteerror);
|
|
||||||
}
|
|
||||||
|
|
||||||
if (isset($_POST["id"]))
|
|
||||||
$id = preg_replace("/[^a-fA-F0-9]/", "", $_POST["id"]);
|
|
||||||
else
|
|
||||||
die("Missing session id");
|
|
||||||
|
|
||||||
$pw = $_POST["password"];
|
|
||||||
if (strlen($id) < 32 || !isset($pw)) {
|
|
||||||
die("Invalid POST data");
|
|
||||||
}
|
|
||||||
|
|
||||||
$row = $db->query("SELECT rowid,* FROM sessions WHERE id='$id'")->fetch();
|
|
||||||
if ($row == false) {
|
|
||||||
die("Session not found");
|
|
||||||
}
|
|
||||||
$user = $row['user'];
|
|
||||||
$realm = $row['realm'];
|
|
||||||
|
|
||||||
$uri = $row['redirect_uri'];
|
|
||||||
$rowid = $row['rowid'];
|
|
||||||
|
|
||||||
if (!$db->exec("UPDATE sessions SET password='$pw' WHERE rowid=$rowid")) {
|
|
||||||
die("Failed to update session database");
|
|
||||||
}
|
|
||||||
|
|
||||||
$db->exec("INSERT INTO eventlog(user,realm,sessionid,timestamp,notes) " .
|
|
||||||
"VALUES ('$user', '$realm', '$id', " .
|
|
||||||
"strftime('%Y-%m-%d %H:%M:%f','now'), " .
|
|
||||||
"'completed user input response for subscription remediation')");
|
|
||||||
|
|
||||||
header("Location: $uri", true, 302);
|
|
||||||
|
|
||||||
?>
|
|
|
@ -1,55 +0,0 @@
|
||||||
<html>
|
|
||||||
<head>
|
|
||||||
<title>Hotspot 2.0 subscription remediation</title>
|
|
||||||
</head>
|
|
||||||
<body>
|
|
||||||
|
|
||||||
<?php
|
|
||||||
|
|
||||||
require('config.php');
|
|
||||||
|
|
||||||
$db = new PDO($osu_db);
|
|
||||||
if (!$db) {
|
|
||||||
die($sqliteerror);
|
|
||||||
}
|
|
||||||
|
|
||||||
if (isset($_GET["session_id"]))
|
|
||||||
$id = preg_replace("/[^a-fA-F0-9]/", "", $_GET["session_id"]);
|
|
||||||
else
|
|
||||||
$id = 0;
|
|
||||||
echo "SessionID: " . $id . "<br>\n";
|
|
||||||
|
|
||||||
$row = $db->query("SELECT * FROM sessions WHERE id='$id'")->fetch();
|
|
||||||
if ($row == false) {
|
|
||||||
die("Session not found");
|
|
||||||
}
|
|
||||||
|
|
||||||
$username = $row['user'];
|
|
||||||
echo "User: " . $username . "@" . $row['realm'] . "<br>\n";
|
|
||||||
|
|
||||||
$user = $db->query("SELECT machine_managed,methods FROM users WHERE identity='$username'")->fetch();
|
|
||||||
if ($user == false) {
|
|
||||||
die("User not found");
|
|
||||||
}
|
|
||||||
|
|
||||||
echo "<hr><br>\n";
|
|
||||||
|
|
||||||
$cert = $user['methods'] == "TLS" || strncmp($username, "cert-", 5) == 0;
|
|
||||||
|
|
||||||
if ($cert) {
|
|
||||||
echo "<a href=\"redirect.php?id=" . $_GET["session_id"] . "\">Complete user subscription remediation</a><br>\n";
|
|
||||||
} else if ($user['machine_managed'] == "1") {
|
|
||||||
echo "<a href=\"redirect.php?id=" . $_GET["session_id"] . "\">Complete user subscription remediation</a><br>\n";
|
|
||||||
echo "This will provide a new machine-generated password.<br>\n";
|
|
||||||
} else {
|
|
||||||
echo "<form action=\"remediation-pw.php\" method=\"POST\">\n";
|
|
||||||
echo "<input type=\"hidden\" name=\"id\" value=\"$id\">\n";
|
|
||||||
echo "New password: <input type=\"password\" name=\"password\"><br>\n";
|
|
||||||
echo "<input type=\"submit\" value=\"Change password\">\n";
|
|
||||||
echo "</form>\n";
|
|
||||||
}
|
|
||||||
|
|
||||||
?>
|
|
||||||
|
|
||||||
</body>
|
|
||||||
</html>
|
|
|
@ -1,59 +0,0 @@
|
||||||
<html>
|
|
||||||
<head>
|
|
||||||
<title>Hotspot 2.0 signup</title>
|
|
||||||
</head>
|
|
||||||
<body>
|
|
||||||
|
|
||||||
<?php
|
|
||||||
|
|
||||||
$id = $_GET["session_id"];
|
|
||||||
|
|
||||||
require('config.php');
|
|
||||||
|
|
||||||
$db = new PDO($osu_db);
|
|
||||||
if (!$db) {
|
|
||||||
die($sqliteerror);
|
|
||||||
}
|
|
||||||
|
|
||||||
$row = $db->query("SELECT realm,test FROM sessions WHERE id='$id'")->fetch();
|
|
||||||
if ($row == false) {
|
|
||||||
die("Session not found for id: $id");
|
|
||||||
}
|
|
||||||
$realm = $row['realm'];
|
|
||||||
$test = $row['test'];
|
|
||||||
|
|
||||||
if (strlen($test) > 0) {
|
|
||||||
echo "<p style=\"color:#FF0000\">Special test functionality: $test</red></big></p>\n";
|
|
||||||
}
|
|
||||||
|
|
||||||
echo "<h3>Sign up for a subscription - $realm</h3>\n";
|
|
||||||
|
|
||||||
echo "<p>This page can be used to select between three different types of subscriptions for testing purposes.</p>\n";
|
|
||||||
|
|
||||||
echo "<h4>Option 1 - shared free access credential</h4>\n";
|
|
||||||
|
|
||||||
$row = $db->query("SELECT value FROM osu_config WHERE realm='$realm' AND field='free_account'")->fetch();
|
|
||||||
if ($row && strlen($row['value']) > 0) {
|
|
||||||
echo "<p><a href=\"free.php?session_id=$id\">Sign up for free access</a></p>\n";
|
|
||||||
}
|
|
||||||
|
|
||||||
echo "<h4>Option 2 - username/password credential</h4>\n";
|
|
||||||
|
|
||||||
echo "<form action=\"add-mo.php\" method=\"POST\">\n";
|
|
||||||
echo "<input type=\"hidden\" name=\"id\" value=\"$id\">\n";
|
|
||||||
?>
|
|
||||||
Select a username and password. Leave password empty to get automatically
|
|
||||||
generated and machine managed password.<br>
|
|
||||||
Username: <input type="text" name="user"><br>
|
|
||||||
Password: <input type="password" name="password"><br>
|
|
||||||
<input type="submit" value="Complete subscription registration">
|
|
||||||
</form>
|
|
||||||
|
|
||||||
<?php
|
|
||||||
echo "<h4>Option 3 - client certificate credential</h4>\n";
|
|
||||||
|
|
||||||
echo "<p><a href=\"cert-enroll.php?id=$id\">Enroll a client certificate</a></p>\n"
|
|
||||||
?>
|
|
||||||
|
|
||||||
</body>
|
|
||||||
</html>
|
|
|
@ -1,168 +0,0 @@
|
||||||
<?php
|
|
||||||
|
|
||||||
require('config.php');
|
|
||||||
|
|
||||||
if (!stristr($_SERVER["CONTENT_TYPE"], "application/soap+xml")) {
|
|
||||||
error_log("spp.php - Unexpected Content-Type " . $_SERVER["CONTENT_TYPE"]);
|
|
||||||
die("Unexpected Content-Type");
|
|
||||||
}
|
|
||||||
|
|
||||||
if ($_SERVER["REQUEST_METHOD"] != "POST") {
|
|
||||||
error_log("spp.php - Unexpected method " . $_SERVER["REQUEST_METHOD"]);
|
|
||||||
die("Unexpected method");
|
|
||||||
}
|
|
||||||
|
|
||||||
if (isset($_GET["realm"])) {
|
|
||||||
$realm = $_GET["realm"];
|
|
||||||
$realm = PREG_REPLACE("/[^0-9a-zA-Z\.\-]/i", '', $realm);
|
|
||||||
} else {
|
|
||||||
error_log("spp.php - Realm not specified");
|
|
||||||
die("Realm not specified");
|
|
||||||
}
|
|
||||||
|
|
||||||
if (isset($_GET["test"]))
|
|
||||||
$test = PREG_REPLACE("/[^0-9a-zA-Z\_\-]/i", '', $_GET["test"]);
|
|
||||||
else
|
|
||||||
$test = "";
|
|
||||||
|
|
||||||
unset($user);
|
|
||||||
putenv("HS20CERT");
|
|
||||||
|
|
||||||
if (!empty($_SERVER['PHP_AUTH_DIGEST'])) {
|
|
||||||
$needed = array('nonce'=>1, 'nc'=>1, 'cnonce'=>1, 'qop'=>1, 'username'=>1,
|
|
||||||
'uri'=>1, 'response'=>1);
|
|
||||||
$data = array();
|
|
||||||
$keys = implode('|', array_keys($needed));
|
|
||||||
preg_match_all('@(' . $keys . ')=(?:([\'"])([^\2]+?)\2|([^\s,]+))@',
|
|
||||||
$_SERVER['PHP_AUTH_DIGEST'], $matches, PREG_SET_ORDER);
|
|
||||||
foreach ($matches as $m) {
|
|
||||||
$data[$m[1]] = $m[3] ? $m[3] : $m[4];
|
|
||||||
unset($needed[$m[1]]);
|
|
||||||
}
|
|
||||||
if ($needed) {
|
|
||||||
error_log("spp.php - Authentication failed - missing: " . print_r($needed));
|
|
||||||
die('Authentication failed');
|
|
||||||
}
|
|
||||||
$user = $data['username'];
|
|
||||||
if (strlen($user) < 1) {
|
|
||||||
error_log("spp.php - Authentication failed - empty username");
|
|
||||||
die('Authentication failed');
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
$db = new PDO($osu_db);
|
|
||||||
if (!$db) {
|
|
||||||
error_log("spp.php - Could not access database");
|
|
||||||
die("Could not access database");
|
|
||||||
}
|
|
||||||
$row = $db->query("SELECT password FROM users " .
|
|
||||||
"WHERE identity='$user' AND realm='$realm'")->fetch();
|
|
||||||
if (!$row) {
|
|
||||||
$row = $db->query("SELECT osu_password FROM users " .
|
|
||||||
"WHERE osu_user='$user' AND realm='$realm'")->fetch();
|
|
||||||
$pw = $row['osu_password'];
|
|
||||||
} else
|
|
||||||
$pw = $row['password'];
|
|
||||||
if (!$row) {
|
|
||||||
error_log("spp.php - Authentication failed - user '$user' not found");
|
|
||||||
die('Authentication failed');
|
|
||||||
}
|
|
||||||
if (strlen($pw) < 1) {
|
|
||||||
error_log("spp.php - Authentication failed - empty password");
|
|
||||||
die('Authentication failed');
|
|
||||||
}
|
|
||||||
|
|
||||||
$A1 = md5($user . ':' . $realm . ':' . $pw);
|
|
||||||
$A2 = md5($_SERVER['REQUEST_METHOD'] . ':' . $data['uri']);
|
|
||||||
$resp = md5($A1 . ':' . $data['nonce'] . ':' . $data['nc'] . ':' .
|
|
||||||
$data['cnonce'] . ':' . $data['qop'] . ':' . $A2);
|
|
||||||
if ($data['response'] != $resp) {
|
|
||||||
error_log("Authentication failure - response mismatch");
|
|
||||||
die('Authentication failed');
|
|
||||||
}
|
|
||||||
} else if (isset($_SERVER["SSL_CLIENT_VERIFY"]) &&
|
|
||||||
$_SERVER["SSL_CLIENT_VERIFY"] == "SUCCESS" &&
|
|
||||||
isset($_SERVER["SSL_CLIENT_M_SERIAL"])) {
|
|
||||||
$user = "cert-" . $_SERVER["SSL_CLIENT_M_SERIAL"];
|
|
||||||
putenv("HS20CERT=yes");
|
|
||||||
} else if (isset($_GET["hotspot2dot0-mobile-identifier-hash"])) {
|
|
||||||
$id_hash = $_GET["hotspot2dot0-mobile-identifier-hash"];
|
|
||||||
$id_hash = PREG_REPLACE("/[^0-9a-h]/i", '', $id_hash);
|
|
||||||
|
|
||||||
$db = new PDO($osu_db);
|
|
||||||
if (!$db) {
|
|
||||||
error_log("spp.php - Could not access database");
|
|
||||||
die("Could not access database");
|
|
||||||
}
|
|
||||||
|
|
||||||
$row = $db->query("SELECT * FROM sim_provisioning " .
|
|
||||||
"WHERE mobile_identifier_hash='$id_hash'")->fetch();
|
|
||||||
if (!$row) {
|
|
||||||
error_log("spp.php - SIM provisioning failed - mobile_identifier_hash not found");
|
|
||||||
die('SIM provisioning failed - mobile_identifier_hash not found');
|
|
||||||
}
|
|
||||||
|
|
||||||
$imsi = $row['imsi'];
|
|
||||||
$mac_addr = $row['mac_addr'];
|
|
||||||
$eap_method = $row['eap_method'];
|
|
||||||
|
|
||||||
$row = $db->query("SELECT COUNT(*) FROM osu_config " .
|
|
||||||
"WHERE realm='$realm'")->fetch();
|
|
||||||
if (!$row || intval($row[0]) < 1) {
|
|
||||||
error_log("spp.php - SIM provisioning failed - realm $realm not found");
|
|
||||||
die('SIM provisioning failed');
|
|
||||||
}
|
|
||||||
|
|
||||||
error_log("spp.php - SIM provisioning for IMSI $imsi");
|
|
||||||
putenv("HS20SIMPROV=yes");
|
|
||||||
putenv("HS20IMSI=$imsi");
|
|
||||||
putenv("HS20MACADDR=$mac_addr");
|
|
||||||
putenv("HS20EAPMETHOD=$eap_method");
|
|
||||||
putenv("HS20IDHASH=$id_hash");
|
|
||||||
} else if (!isset($_SERVER["PATH_INFO"]) ||
|
|
||||||
$_SERVER["PATH_INFO"] != "/signup") {
|
|
||||||
header('HTTP/1.1 401 Unauthorized');
|
|
||||||
header('WWW-Authenticate: Digest realm="'.$realm.
|
|
||||||
'",qop="auth",nonce="'.uniqid().'",opaque="'.md5($realm).'"');
|
|
||||||
error_log("spp.php - Authentication required (not signup)");
|
|
||||||
die('Authentication required (not signup)');
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
if (isset($user) && strlen($user) > 0)
|
|
||||||
putenv("HS20USER=$user");
|
|
||||||
else
|
|
||||||
putenv("HS20USER");
|
|
||||||
|
|
||||||
putenv("HS20REALM=$realm");
|
|
||||||
$postdata = file_get_contents("php://input");
|
|
||||||
putenv("HS20POST=$postdata");
|
|
||||||
$addr = $_SERVER["REMOTE_ADDR"];
|
|
||||||
putenv("HS20ADDR=$addr");
|
|
||||||
putenv("HS20TEST=$test");
|
|
||||||
|
|
||||||
$last = exec("$osu_root/spp/hs20_spp_server -r$osu_root -f/tmp/hs20_spp_server.log", $output, $ret);
|
|
||||||
|
|
||||||
if ($ret == 2) {
|
|
||||||
if (empty($_SERVER['PHP_AUTH_DIGEST'])) {
|
|
||||||
header('HTTP/1.1 401 Unauthorized');
|
|
||||||
header('WWW-Authenticate: Digest realm="'.$realm.
|
|
||||||
'",qop="auth",nonce="'.uniqid().'",opaque="'.md5($realm).'"');
|
|
||||||
error_log("spp.php - Authentication required (ret 2)");
|
|
||||||
die('Authentication required');
|
|
||||||
} else {
|
|
||||||
error_log("spp.php - Unexpected authentication error");
|
|
||||||
die("Unexpected authentication error");
|
|
||||||
}
|
|
||||||
}
|
|
||||||
if ($ret != 0) {
|
|
||||||
error_log("spp.php - Failed to process SPP request");
|
|
||||||
die("Failed to process SPP request");
|
|
||||||
}
|
|
||||||
//error_log("spp.php: Response: " . implode($output));
|
|
||||||
|
|
||||||
header("Content-Type: application/soap+xml");
|
|
||||||
|
|
||||||
echo implode($output);
|
|
||||||
|
|
||||||
?>
|
|
|
@ -1,87 +0,0 @@
|
||||||
<?php
|
|
||||||
|
|
||||||
require('config.php');
|
|
||||||
|
|
||||||
function print_header()
|
|
||||||
{
|
|
||||||
echo "<html>\n";
|
|
||||||
echo "<head><title>HS 2.0 Terms and Conditions</title></head>\n";
|
|
||||||
echo "<body>\n";
|
|
||||||
}
|
|
||||||
|
|
||||||
$db = new PDO($osu_db);
|
|
||||||
if (!$db) {
|
|
||||||
die($sqliteerror);
|
|
||||||
}
|
|
||||||
|
|
||||||
if (!isset($_GET["addr"])) {
|
|
||||||
die("Missing addr parameter");
|
|
||||||
}
|
|
||||||
$addr = $_GET["addr"];
|
|
||||||
|
|
||||||
$accept = isset($_GET["accept"]) && $_GET["accept"] == "yes";
|
|
||||||
|
|
||||||
$res = $db->prepare("SELECT identity FROM pending_tc WHERE mac_addr=?");
|
|
||||||
$res->execute(array($addr));
|
|
||||||
$row = $res->fetch();
|
|
||||||
if (!$row) {
|
|
||||||
die("No pending session for the specified MAC address");
|
|
||||||
}
|
|
||||||
$identity = $row[0];
|
|
||||||
|
|
||||||
if (!$accept) {
|
|
||||||
print_header();
|
|
||||||
|
|
||||||
echo "<p>Accept the following terms and conditions by clicking here: <a href=\"terms.php?addr=$addr&accept=yes\">Accept</a></p>\n<hr>\n";
|
|
||||||
readfile($t_c_file);
|
|
||||||
} else {
|
|
||||||
$res = $db->prepare("UPDATE users SET t_c_timestamp=? WHERE identity=?");
|
|
||||||
if (!$res->execute(array($t_c_timestamp, $identity))) {
|
|
||||||
die("Failed to update user account.");
|
|
||||||
}
|
|
||||||
|
|
||||||
$res = $db->prepare("DELETE FROM pending_tc WHERE mac_addr=?");
|
|
||||||
$res->execute(array($addr));
|
|
||||||
|
|
||||||
$fp = fsockopen($hostapd_ctrl);
|
|
||||||
if (!$fp) {
|
|
||||||
die("Could not connect to hostapd(AS)");
|
|
||||||
}
|
|
||||||
|
|
||||||
fwrite($fp, "DAC_REQUEST coa $addr t_c_clear");
|
|
||||||
fclose($fp);
|
|
||||||
|
|
||||||
$waiting = true;
|
|
||||||
$ack = false;
|
|
||||||
for ($i = 1; $i <= 10; $i++) {
|
|
||||||
$res = $db->prepare("SELECT waiting_coa_ack,coa_ack_received FROM current_sessions WHERE mac_addr=?");
|
|
||||||
$res->execute(array($addr));
|
|
||||||
$row = $res->fetch();
|
|
||||||
if (!$row) {
|
|
||||||
die("No current session for the specified MAC address");
|
|
||||||
}
|
|
||||||
if (strlen($row[0]) > 0)
|
|
||||||
$waiting = $row[0] == 1;
|
|
||||||
if (strlen($row[1]) > 0)
|
|
||||||
$ack = $row[1] == 1;
|
|
||||||
$res->closeCursor();
|
|
||||||
if (!$waiting)
|
|
||||||
break;
|
|
||||||
sleep(1);
|
|
||||||
}
|
|
||||||
if ($ack) {
|
|
||||||
header('X-WFA-Hotspot20-Filtering: removed');
|
|
||||||
print_header();
|
|
||||||
echo "<p>Terms and conditions were accepted.</p>\n";
|
|
||||||
|
|
||||||
echo "<P>Filtering disabled.</P>\n";
|
|
||||||
} else {
|
|
||||||
print_header();
|
|
||||||
echo "<P>Failed to disable filtering.</P>\n";
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
?>
|
|
||||||
|
|
||||||
</body>
|
|
||||||
</html>
|
|
|
@ -1,377 +0,0 @@
|
||||||
<?php
|
|
||||||
|
|
||||||
require('config.php');
|
|
||||||
|
|
||||||
$db = new PDO($osu_db);
|
|
||||||
if (!$db) {
|
|
||||||
die($sqliteerror);
|
|
||||||
}
|
|
||||||
|
|
||||||
if (isset($_GET["id"])) {
|
|
||||||
$id = $_GET["id"];
|
|
||||||
if (!is_numeric($id))
|
|
||||||
$id = 0;
|
|
||||||
} else
|
|
||||||
$id = 0;
|
|
||||||
if (isset($_GET["cmd"]))
|
|
||||||
$cmd = $_GET["cmd"];
|
|
||||||
else
|
|
||||||
$cmd = '';
|
|
||||||
|
|
||||||
if ($cmd == 'eventlog' && $id > 0) {
|
|
||||||
$row = $db->query("SELECT dump FROM eventlog WHERE rowid=$id")->fetch();
|
|
||||||
$dump = $row['dump'];
|
|
||||||
if ($dump[0] == '<') {
|
|
||||||
header("Content-type: text/xml");
|
|
||||||
echo "<?xml version=\"1.0\"?>\n";
|
|
||||||
echo $dump;
|
|
||||||
} else {
|
|
||||||
header("Content-type: text/plain");
|
|
||||||
echo $dump;
|
|
||||||
}
|
|
||||||
exit;
|
|
||||||
}
|
|
||||||
|
|
||||||
if ($cmd == 'mo' && $id > 0) {
|
|
||||||
$mo = $_GET["mo"];
|
|
||||||
if (!isset($mo))
|
|
||||||
exit;
|
|
||||||
if ($mo != "devinfo" && $mo != "devdetail" && $mo != "pps")
|
|
||||||
exit;
|
|
||||||
$row = $db->query("SELECT $mo FROM users WHERE rowid=$id")->fetch();
|
|
||||||
header("Content-type: text/xml");
|
|
||||||
echo "<?xml version=\"1.0\"?>\n";
|
|
||||||
echo $row[$mo];
|
|
||||||
exit;
|
|
||||||
}
|
|
||||||
|
|
||||||
if ($cmd == 'cert' && $id > 0) {
|
|
||||||
$row = $db->query("SELECT cert_pem FROM users WHERE rowid=$id")->fetch();
|
|
||||||
header("Content-type: text/plain");
|
|
||||||
echo $row['cert_pem'];
|
|
||||||
exit;
|
|
||||||
}
|
|
||||||
|
|
||||||
?>
|
|
||||||
|
|
||||||
<html>
|
|
||||||
<head><title>HS 2.0 users</title></head>
|
|
||||||
<body>
|
|
||||||
|
|
||||||
<?php
|
|
||||||
|
|
||||||
if ($cmd == 'subrem-clear' && $id > 0) {
|
|
||||||
$db->exec("UPDATE users SET remediation='' WHERE rowid=$id");
|
|
||||||
}
|
|
||||||
if ($cmd == 'subrem-add-user' && $id > 0) {
|
|
||||||
$db->exec("UPDATE users SET remediation='user' WHERE rowid=$id");
|
|
||||||
}
|
|
||||||
if ($cmd == 'subrem-add-machine' && $id > 0) {
|
|
||||||
$db->exec("UPDATE users SET remediation='machine' WHERE rowid=$id");
|
|
||||||
}
|
|
||||||
if ($cmd == 'subrem-add-reenroll' && $id > 0) {
|
|
||||||
$db->exec("UPDATE users SET remediation='reenroll' WHERE rowid=$id");
|
|
||||||
}
|
|
||||||
if ($cmd == 'subrem-add-policy' && $id > 0) {
|
|
||||||
$db->exec("UPDATE users SET remediation='policy' WHERE rowid=$id");
|
|
||||||
}
|
|
||||||
if ($cmd == 'subrem-add-free' && $id > 0) {
|
|
||||||
$db->exec("UPDATE users SET remediation='free' WHERE rowid=$id");
|
|
||||||
}
|
|
||||||
if ($cmd == 'fetch-pps-on' && $id > 0) {
|
|
||||||
$db->exec("UPDATE users SET fetch_pps=1 WHERE rowid=$id");
|
|
||||||
}
|
|
||||||
if ($cmd == 'fetch-pps-off' && $id > 0) {
|
|
||||||
$db->exec("UPDATE users SET fetch_pps=0 WHERE rowid=$id");
|
|
||||||
}
|
|
||||||
if ($cmd == 'reset-pw' && $id > 0) {
|
|
||||||
$db->exec("UPDATE users SET password='ChangeMe' WHERE rowid=$id");
|
|
||||||
}
|
|
||||||
if ($cmd == "policy" && $id > 0 && isset($_GET["policy"])) {
|
|
||||||
$policy = $_GET["policy"];
|
|
||||||
if ($policy == "no-policy" ||
|
|
||||||
is_readable("$osu_root/spp/policy/$policy.xml")) {
|
|
||||||
$db->exec("UPDATE users SET policy='$policy' WHERE rowid=$id");
|
|
||||||
}
|
|
||||||
}
|
|
||||||
if ($cmd == "account-type" && $id > 0 && isset($_GET["type"])) {
|
|
||||||
$type = $_GET["type"];
|
|
||||||
if ($type == "shared")
|
|
||||||
$db->exec("UPDATE users SET shared=1 WHERE rowid=$id");
|
|
||||||
if ($type == "default")
|
|
||||||
$db->exec("UPDATE users SET shared=0 WHERE rowid=$id");
|
|
||||||
}
|
|
||||||
|
|
||||||
if ($cmd == "set-osu-cred" && $id > 0) {
|
|
||||||
$osu_user = $_POST["osu_user"];
|
|
||||||
$osu_password = $_POST["osu_password"];
|
|
||||||
if (strlen($osu_user) == 0)
|
|
||||||
$osu_password = "";
|
|
||||||
$db->exec("UPDATE users SET osu_user='$osu_user', osu_password='$osu_password' WHERE rowid=$id");
|
|
||||||
}
|
|
||||||
|
|
||||||
if ($cmd == 'clear-t-c' && $id > 0) {
|
|
||||||
$db->exec("UPDATE users SET t_c_timestamp=NULL WHERE rowid=$id");
|
|
||||||
}
|
|
||||||
|
|
||||||
$dump = 0;
|
|
||||||
|
|
||||||
if ($id > 0) {
|
|
||||||
|
|
||||||
if (isset($_GET["dump"])) {
|
|
||||||
$dump = $_GET["dump"];
|
|
||||||
if (!is_numeric($dump))
|
|
||||||
$dump = 0;
|
|
||||||
} else
|
|
||||||
$dump = 0;
|
|
||||||
|
|
||||||
echo "[<a href=\"users.php\">All users</a>] ";
|
|
||||||
if ($dump == 0)
|
|
||||||
echo "[<a href=\"users.php?id=$id&dump=1\">Include debug dump</a>] ";
|
|
||||||
else
|
|
||||||
echo "[<a href=\"users.php?id=$id\">Without debug dump</a>] ";
|
|
||||||
echo "<br>\n";
|
|
||||||
|
|
||||||
$row = $db->query("SELECT rowid,* FROM users WHERE rowid=$id")->fetch();
|
|
||||||
|
|
||||||
echo "<H3>" . $row['identity'] . "@" . $row['realm'] . "</H3>\n";
|
|
||||||
|
|
||||||
echo "MO: ";
|
|
||||||
if (strlen($row['devinfo']) > 0) {
|
|
||||||
echo "[<a href=\"users.php?cmd=mo&id=$id&mo=devinfo\">DevInfo</a>]\n";
|
|
||||||
}
|
|
||||||
if (strlen($row['devdetail']) > 0) {
|
|
||||||
echo "[<a href=\"users.php?cmd=mo&id=$id&mo=devdetail\">DevDetail</a>]\n";
|
|
||||||
}
|
|
||||||
if (strlen($row['pps']) > 0) {
|
|
||||||
echo "[<a href=\"users.php?cmd=mo&id=$id&mo=pps\">PPS</a>]\n";
|
|
||||||
}
|
|
||||||
if (strlen($row['cert_pem']) > 0) {
|
|
||||||
echo "[<a href=\"users.php?cmd=cert&id=$id\">Certificate</a>]\n";
|
|
||||||
}
|
|
||||||
echo "<BR>\n";
|
|
||||||
|
|
||||||
echo "Fetch PPS MO: ";
|
|
||||||
if ($row['fetch_pps'] == "1") {
|
|
||||||
echo "On next connection " .
|
|
||||||
"[<a href=\"users.php?cmd=fetch-pps-off&id=$id\">" .
|
|
||||||
"do not fetch</a>]<br>\n";
|
|
||||||
} else {
|
|
||||||
echo "Do not fetch " .
|
|
||||||
"[<a href=\"users.php?cmd=fetch-pps-on&id=$id\">" .
|
|
||||||
"request fetch</a>]<br>\n";
|
|
||||||
}
|
|
||||||
|
|
||||||
$cert = $row['cert'];
|
|
||||||
if (strlen($cert) > 0) {
|
|
||||||
echo "Certificate fingerprint: $cert<br>\n";
|
|
||||||
}
|
|
||||||
|
|
||||||
echo "Remediation: ";
|
|
||||||
$rem = $row['remediation'];
|
|
||||||
if ($rem == "") {
|
|
||||||
echo "Not required";
|
|
||||||
echo " [<a href=\"users.php?cmd=subrem-add-user&id=" .
|
|
||||||
$row['rowid'] . "\">add:user</a>]";
|
|
||||||
echo " [<a href=\"users.php?cmd=subrem-add-machine&id=" .
|
|
||||||
$row['rowid'] . "\">add:machine</a>]";
|
|
||||||
if ($row['methods'] == 'TLS') {
|
|
||||||
echo " [<a href=\"users.php?cmd=subrem-add-reenroll&id=" .
|
|
||||||
$row['rowid'] . "\">add:reenroll</a>]";
|
|
||||||
}
|
|
||||||
echo " [<a href=\"users.php?cmd=subrem-add-policy&id=" .
|
|
||||||
$row['rowid'] . "\">add:policy</a>]";
|
|
||||||
echo " [<a href=\"users.php?cmd=subrem-add-free&id=" .
|
|
||||||
$row['rowid'] . "\">add:free</a>]";
|
|
||||||
} else if ($rem == "user") {
|
|
||||||
echo "User [<a href=\"users.php?cmd=subrem-clear&id=" .
|
|
||||||
$row['rowid'] . "\">clear</a>]";
|
|
||||||
} else if ($rem == "policy") {
|
|
||||||
echo "Policy [<a href=\"users.php?cmd=subrem-clear&id=" .
|
|
||||||
$row['rowid'] . "\">clear</a>]";
|
|
||||||
} else if ($rem == "free") {
|
|
||||||
echo "Free [<a href=\"users.php?cmd=subrem-clear&id=" .
|
|
||||||
$row['rowid'] . "\">clear</a>]";
|
|
||||||
} else if ($rem == "reenroll") {
|
|
||||||
echo "Reenroll [<a href=\"users.php?cmd=subrem-clear&id=" .
|
|
||||||
$row['rowid'] . "\">clear</a>]";
|
|
||||||
} else {
|
|
||||||
echo "Machine [<a href=\"users.php?cmd=subrem-clear&id=" .
|
|
||||||
$row['rowid'] . "\">clear</a>]";
|
|
||||||
}
|
|
||||||
echo "<br>\n";
|
|
||||||
|
|
||||||
if (strncmp($row['identity'], "cert-", 5) != 0)
|
|
||||||
echo "Machine managed: " . ($row['machine_managed'] == "1" ? "TRUE" : "FALSE") . "<br>\n";
|
|
||||||
|
|
||||||
echo "<form>Policy: <select name=\"policy\" " .
|
|
||||||
"onChange=\"window.location='users.php?cmd=policy&id=" .
|
|
||||||
$row['rowid'] . "&policy=' + this.value;\">\n";
|
|
||||||
echo "<option value=\"" . $row['policy'] . "\" selected>" . $row['policy'] .
|
|
||||||
"</option>\n";
|
|
||||||
$files = scandir("$osu_root/spp/policy");
|
|
||||||
foreach ($files as $file) {
|
|
||||||
if (!preg_match("/.xml$/", $file))
|
|
||||||
continue;
|
|
||||||
if ($file == $row['policy'] . ".xml")
|
|
||||||
continue;
|
|
||||||
$p = substr($file, 0, -4);
|
|
||||||
echo "<option value=\"$p\">$p</option>\n";
|
|
||||||
}
|
|
||||||
echo "<option value=\"no-policy\">no policy</option>\n";
|
|
||||||
echo "</select></form>\n";
|
|
||||||
|
|
||||||
echo "<form>Account type: <select name=\"type\" " .
|
|
||||||
"onChange=\"window.location='users.php?cmd=account-type&id=" .
|
|
||||||
$row['rowid'] . "&type=' + this.value;\">\n";
|
|
||||||
if ($row['shared'] > 0) {
|
|
||||||
$default_sel = "";
|
|
||||||
$shared_sel = " selected";
|
|
||||||
} else {
|
|
||||||
$default_sel = " selected";
|
|
||||||
$shared_sel = "";
|
|
||||||
}
|
|
||||||
echo "<option value=\"default\"$default_sel>default</option>\n";
|
|
||||||
echo "<option value=\"shared\"$shared_sel>shared</option>\n";
|
|
||||||
echo "</select></form>\n";
|
|
||||||
|
|
||||||
echo "Phase 2 method(s): " . $row['methods'] . "<br>\n";
|
|
||||||
|
|
||||||
echo "<br>\n";
|
|
||||||
echo "<a href=\"users.php?cmd=reset-pw&id=" .
|
|
||||||
$row['rowid'] . "\">Reset AAA password</a><br>\n";
|
|
||||||
|
|
||||||
echo "<br>\n";
|
|
||||||
echo "<form action=\"users.php?cmd=set-osu-cred&id=" . $row['rowid'] .
|
|
||||||
"\" method=\"POST\">\n";
|
|
||||||
echo "OSU credentials (if username empty, AAA credentials are used):<br>\n";
|
|
||||||
echo "username: <input type=\"text\" name=\"osu_user\" value=\"" .
|
|
||||||
$row['osu_user'] . "\">\n";
|
|
||||||
echo "password: <input type=\"password\" name=\"osu_password\">\n";
|
|
||||||
echo "<input type=\"submit\" value=\"Set OSU credentials\">\n";
|
|
||||||
echo "</form>\n";
|
|
||||||
|
|
||||||
if (strlen($row['t_c_timestamp']) > 0) {
|
|
||||||
echo "<br>\n";
|
|
||||||
echo "<a href=\"users.php?cmd=clear-t-c&id=" .
|
|
||||||
$row['rowid'] .
|
|
||||||
"\">Clear Terms and Conditions acceptance</a><br>\n";
|
|
||||||
}
|
|
||||||
|
|
||||||
echo "<hr>\n";
|
|
||||||
|
|
||||||
$user = $row['identity'];
|
|
||||||
$osu_user = $row['osu_user'];
|
|
||||||
$realm = $row['realm'];
|
|
||||||
}
|
|
||||||
|
|
||||||
if ($id > 0 || ($id == 0 && $cmd == 'eventlog')) {
|
|
||||||
|
|
||||||
if ($id == 0) {
|
|
||||||
echo "[<a href=\"users.php\">All users</a>] ";
|
|
||||||
echo "<br>\n";
|
|
||||||
}
|
|
||||||
|
|
||||||
echo "<table border=1>\n";
|
|
||||||
echo "<tr>";
|
|
||||||
if ($id == 0) {
|
|
||||||
echo "<th>user<th>realm";
|
|
||||||
}
|
|
||||||
echo "<th>time<th>address<th>sessionID<th>notes";
|
|
||||||
if ($dump > 0)
|
|
||||||
echo "<th>dump";
|
|
||||||
echo "\n";
|
|
||||||
if (isset($_GET["limit"])) {
|
|
||||||
$limit = $_GET["limit"];
|
|
||||||
if (!is_numeric($limit))
|
|
||||||
$limit = 20;
|
|
||||||
} else
|
|
||||||
$limit = 20;
|
|
||||||
if ($id == 0)
|
|
||||||
$res = $db->query("SELECT rowid,* FROM eventlog ORDER BY timestamp DESC LIMIT $limit");
|
|
||||||
else if (strlen($osu_user) > 0)
|
|
||||||
$res = $db->query("SELECT rowid,* FROM eventlog WHERE (user='$user' OR user='$osu_user') AND realm='$realm' ORDER BY timestamp DESC LIMIT $limit");
|
|
||||||
else
|
|
||||||
$res = $db->query("SELECT rowid,* FROM eventlog WHERE user='$user' AND realm='$realm' ORDER BY timestamp DESC LIMIT $limit");
|
|
||||||
foreach ($res as $row) {
|
|
||||||
echo "<tr>";
|
|
||||||
if ($id == 0) {
|
|
||||||
echo "<td>" . $row['user'] . "\n";
|
|
||||||
echo "<td>" . $row['realm'] . "\n";
|
|
||||||
}
|
|
||||||
echo "<td>" . $row['timestamp'] . "\n";
|
|
||||||
echo "<td>" . $row['addr'] . "\n";
|
|
||||||
echo "<td>" . $row['sessionid'] . "\n";
|
|
||||||
echo "<td>" . $row['notes'] . "\n";
|
|
||||||
$d = $row['dump'];
|
|
||||||
if (strlen($d) > 0) {
|
|
||||||
echo "[<a href=\"users.php?cmd=eventlog&id=" . $row['rowid'] .
|
|
||||||
"\">";
|
|
||||||
if ($d[0] == '<')
|
|
||||||
echo "XML";
|
|
||||||
else
|
|
||||||
echo "txt";
|
|
||||||
echo "</a>]\n";
|
|
||||||
if ($dump > 0)
|
|
||||||
echo "<td>" . htmlspecialchars($d) . "\n";
|
|
||||||
}
|
|
||||||
}
|
|
||||||
echo "</table>\n";
|
|
||||||
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
if ($id == 0 && $cmd != 'eventlog') {
|
|
||||||
|
|
||||||
echo "[<a href=\"users.php?cmd=eventlog&limit=50\">Eventlog</a>] ";
|
|
||||||
echo "<br>\n";
|
|
||||||
|
|
||||||
echo "<table border=1 cellspacing=0 cellpadding=0>\n";
|
|
||||||
echo "<tr><th>User<th>Realm<th><small>Remediation</small><th>Policy<th><small>Account type</small><th><small>Phase 2 method(s)</small><th>DevId<th>MAC Address<th>T&C\n";
|
|
||||||
|
|
||||||
$res = $db->query('SELECT rowid,* FROM users WHERE (phase2=1 OR methods=\'TLS\') ORDER BY identity');
|
|
||||||
foreach ($res as $row) {
|
|
||||||
echo "<tr><td><a href=\"users.php?id=" . $row['rowid'] . "\"> " .
|
|
||||||
$row['identity'] . " </a>";
|
|
||||||
echo "<td>" . $row['realm'];
|
|
||||||
$rem = $row['remediation'];
|
|
||||||
echo "<td>";
|
|
||||||
if ($rem == "") {
|
|
||||||
echo "-";
|
|
||||||
} else if ($rem == "user") {
|
|
||||||
echo "User";
|
|
||||||
} else if ($rem == "policy") {
|
|
||||||
echo "Policy";
|
|
||||||
} else if ($rem == "free") {
|
|
||||||
echo "Free";
|
|
||||||
} else if ($rem == "reenroll") {
|
|
||||||
echo "Reenroll";
|
|
||||||
} else {
|
|
||||||
echo "Machine";
|
|
||||||
}
|
|
||||||
echo "<td>" . $row['policy'];
|
|
||||||
if ($row['shared'] > 0)
|
|
||||||
echo "<td>shared";
|
|
||||||
else
|
|
||||||
echo "<td>default";
|
|
||||||
echo "<td><small>" . $row['methods'] . "</small>";
|
|
||||||
echo "<td>";
|
|
||||||
$xml = xml_parser_create();
|
|
||||||
xml_parse_into_struct($xml, $row['devinfo'], $devinfo);
|
|
||||||
foreach($devinfo as $k) {
|
|
||||||
if ($k['tag'] == 'DEVID') {
|
|
||||||
echo "<small>" . $k['value'] . "</small>";
|
|
||||||
break;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
echo "<td><small>" . $row['mac_addr'] . "</small>";
|
|
||||||
echo "<td><small>" . $row['t_c_timestamp'] . "</small>";
|
|
||||||
echo "\n";
|
|
||||||
}
|
|
||||||
echo "</table>\n";
|
|
||||||
|
|
||||||
}
|
|
||||||
|
|
||||||
?>
|
|
||||||
|
|
||||||
</html>
|
|
|
@ -213,3 +213,37 @@ int dragonfly_generate_scalar(const struct crypto_bignum *order,
|
||||||
"dragonfly: Unable to get randomness for own scalar");
|
"dragonfly: Unable to get randomness for own scalar");
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
/* res = sqrt(val) */
|
||||||
|
int dragonfly_sqrt(struct crypto_ec *ec, const struct crypto_bignum *val,
|
||||||
|
struct crypto_bignum *res)
|
||||||
|
{
|
||||||
|
const struct crypto_bignum *prime;
|
||||||
|
struct crypto_bignum *tmp, *one;
|
||||||
|
int ret = 0;
|
||||||
|
u8 prime_bin[DRAGONFLY_MAX_ECC_PRIME_LEN];
|
||||||
|
size_t prime_len;
|
||||||
|
|
||||||
|
/* For prime p such that p = 3 mod 4, sqrt(w) = w^((p+1)/4) mod p */
|
||||||
|
|
||||||
|
prime = crypto_ec_get_prime(ec);
|
||||||
|
prime_len = crypto_ec_prime_len(ec);
|
||||||
|
tmp = crypto_bignum_init();
|
||||||
|
one = crypto_bignum_init_uint(1);
|
||||||
|
|
||||||
|
if (crypto_bignum_to_bin(prime, prime_bin, sizeof(prime_bin),
|
||||||
|
prime_len) < 0 ||
|
||||||
|
(prime_bin[prime_len - 1] & 0x03) != 3 ||
|
||||||
|
!tmp || !one ||
|
||||||
|
/* tmp = (p+1)/4 */
|
||||||
|
crypto_bignum_add(prime, one, tmp) < 0 ||
|
||||||
|
crypto_bignum_rshift(tmp, 2, tmp) < 0 ||
|
||||||
|
/* res = sqrt(val) */
|
||||||
|
crypto_bignum_exptmod(val, tmp, prime, res) < 0)
|
||||||
|
ret = -1;
|
||||||
|
|
||||||
|
crypto_bignum_deinit(tmp, 0);
|
||||||
|
crypto_bignum_deinit(one, 0);
|
||||||
|
return ret;
|
||||||
|
}
|
||||||
|
|
|
@ -27,5 +27,7 @@ int dragonfly_generate_scalar(const struct crypto_bignum *order,
|
||||||
struct crypto_bignum *_rand,
|
struct crypto_bignum *_rand,
|
||||||
struct crypto_bignum *_mask,
|
struct crypto_bignum *_mask,
|
||||||
struct crypto_bignum *scalar);
|
struct crypto_bignum *scalar);
|
||||||
|
int dragonfly_sqrt(struct crypto_ec *ec, const struct crypto_bignum *val,
|
||||||
|
struct crypto_bignum *res);
|
||||||
|
|
||||||
#endif /* DRAGONFLY_H */
|
#endif /* DRAGONFLY_H */
|
||||||
|
|
|
@ -1462,6 +1462,11 @@ enum qca_wlan_vendor_attr_p2p_listen_offload {
|
||||||
* Used with event to notify the puncture pattern selected in ACS operation.
|
* Used with event to notify the puncture pattern selected in ACS operation.
|
||||||
* Encoding for this attribute will follow the convention used in the Disabled
|
* Encoding for this attribute will follow the convention used in the Disabled
|
||||||
* Subchannel Bitmap field of the EHT Operation IE.
|
* Subchannel Bitmap field of the EHT Operation IE.
|
||||||
|
*
|
||||||
|
* @QCA_WLAN_VENDOR_ATTR_ACS_EHT_ENABLED: Flag attribute.
|
||||||
|
* Used with command to configure ACS operation for EHT mode.
|
||||||
|
* Disable (flag attribute not present) - EHT disabled and
|
||||||
|
* Enable (flag attribute present) - EHT enabled.
|
||||||
*/
|
*/
|
||||||
enum qca_wlan_vendor_attr_acs_offload {
|
enum qca_wlan_vendor_attr_acs_offload {
|
||||||
QCA_WLAN_VENDOR_ATTR_ACS_CHANNEL_INVALID = 0,
|
QCA_WLAN_VENDOR_ATTR_ACS_CHANNEL_INVALID = 0,
|
||||||
|
@ -1483,6 +1488,7 @@ enum qca_wlan_vendor_attr_acs_offload {
|
||||||
QCA_WLAN_VENDOR_ATTR_ACS_EDMG_ENABLED = 16,
|
QCA_WLAN_VENDOR_ATTR_ACS_EDMG_ENABLED = 16,
|
||||||
QCA_WLAN_VENDOR_ATTR_ACS_EDMG_CHANNEL = 17,
|
QCA_WLAN_VENDOR_ATTR_ACS_EDMG_CHANNEL = 17,
|
||||||
QCA_WLAN_VENDOR_ATTR_ACS_PUNCTURE_BITMAP = 18,
|
QCA_WLAN_VENDOR_ATTR_ACS_PUNCTURE_BITMAP = 18,
|
||||||
|
QCA_WLAN_VENDOR_ATTR_ACS_EHT_ENABLED = 19,
|
||||||
|
|
||||||
/* keep last */
|
/* keep last */
|
||||||
QCA_WLAN_VENDOR_ATTR_ACS_AFTER_LAST,
|
QCA_WLAN_VENDOR_ATTR_ACS_AFTER_LAST,
|
||||||
|
@ -1788,36 +1794,53 @@ enum qca_access_policy {
|
||||||
};
|
};
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* enum qca_vendor_attr_get_tsf: Vendor attributes for TSF capture
|
* enum qca_vendor_attr_tsf_cmd: Vendor attributes for TSF capture
|
||||||
* @QCA_WLAN_VENDOR_ATTR_TSF_CMD: enum qca_tsf_operation (u32)
|
* @QCA_WLAN_VENDOR_ATTR_TSF_CMD: Required (u32)
|
||||||
* @QCA_WLAN_VENDOR_ATTR_TSF_TIMER_VALUE: Unsigned 64 bit TSF timer value
|
* Specify the TSF command. Possible values are defined in
|
||||||
* @QCA_WLAN_VENDOR_ATTR_TSF_SOC_TIMER_VALUE: Unsigned 64 bit Synchronized
|
* &enum qca_tsf_cmd.
|
||||||
* SOC timer value at TSF capture
|
* @QCA_WLAN_VENDOR_ATTR_TSF_TIMER_VALUE: Optional (u64)
|
||||||
|
* This attribute contains TSF timer value. This attribute is only available
|
||||||
|
* in %QCA_TSF_GET or %QCA_TSF_SYNC_GET response.
|
||||||
|
* @QCA_WLAN_VENDOR_ATTR_TSF_SOC_TIMER_VALUE: Optional (u64)
|
||||||
|
* This attribute contains SOC timer value at TSF capture. This attribute is
|
||||||
|
* only available in %QCA_TSF_GET or %QCA_TSF_SYNC_GET response.
|
||||||
|
* @QCA_WLAN_VENDOR_ATTR_TSF_SYNC_INTERVAL: Optional (u32)
|
||||||
|
* This attribute is used to provide TSF sync interval and only applicable when
|
||||||
|
* TSF command is %QCA_TSF_SYNC_START. If this attribute is not provided, the
|
||||||
|
* driver will use the default value. Time unit is in milliseconds.
|
||||||
*/
|
*/
|
||||||
enum qca_vendor_attr_tsf_cmd {
|
enum qca_vendor_attr_tsf_cmd {
|
||||||
QCA_WLAN_VENDOR_ATTR_TSF_INVALID = 0,
|
QCA_WLAN_VENDOR_ATTR_TSF_INVALID = 0,
|
||||||
QCA_WLAN_VENDOR_ATTR_TSF_CMD,
|
QCA_WLAN_VENDOR_ATTR_TSF_CMD,
|
||||||
QCA_WLAN_VENDOR_ATTR_TSF_TIMER_VALUE,
|
QCA_WLAN_VENDOR_ATTR_TSF_TIMER_VALUE,
|
||||||
QCA_WLAN_VENDOR_ATTR_TSF_SOC_TIMER_VALUE,
|
QCA_WLAN_VENDOR_ATTR_TSF_SOC_TIMER_VALUE,
|
||||||
|
QCA_WLAN_VENDOR_ATTR_TSF_SYNC_INTERVAL,
|
||||||
QCA_WLAN_VENDOR_ATTR_TSF_AFTER_LAST,
|
QCA_WLAN_VENDOR_ATTR_TSF_AFTER_LAST,
|
||||||
QCA_WLAN_VENDOR_ATTR_TSF_MAX =
|
QCA_WLAN_VENDOR_ATTR_TSF_MAX =
|
||||||
QCA_WLAN_VENDOR_ATTR_TSF_AFTER_LAST - 1
|
QCA_WLAN_VENDOR_ATTR_TSF_AFTER_LAST - 1
|
||||||
};
|
};
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* enum qca_tsf_operation: TSF driver commands
|
* enum qca_tsf_cmd: TSF driver commands
|
||||||
* @QCA_TSF_CAPTURE: Initiate TSF Capture
|
* @QCA_TSF_CAPTURE: Initiate TSF Capture
|
||||||
* @QCA_TSF_GET: Get TSF capture value
|
* @QCA_TSF_GET: Get TSF capture value
|
||||||
* @QCA_TSF_SYNC_GET: Initiate TSF capture and return with captured value
|
* @QCA_TSF_SYNC_GET: Initiate TSF capture and return with captured value
|
||||||
* @QCA_TSF_AUTO_REPORT_ENABLE: Used in STA mode only. Once set, the target
|
* @QCA_TSF_AUTO_REPORT_ENABLE: Used in STA mode only. Once set, the target
|
||||||
* will automatically send TSF report to the host. To query
|
* will automatically send TSF report to the host. To query
|
||||||
* QCA_WLAN_VENDOR_ATTR_GET_STA_INFO_UPLINK_DELAY, this operation needs to be
|
* %QCA_WLAN_VENDOR_ATTR_GET_STA_INFO_UPLINK_DELAY, this operation needs to be
|
||||||
* initiated first.
|
* initiated first.
|
||||||
* @QCA_TSF_AUTO_REPORT_DISABLE: Used in STA mode only. Once set, the target
|
* @QCA_TSF_AUTO_REPORT_DISABLE: Used in STA mode only. Once set, the target
|
||||||
* will not automatically send TSF report to the host. If
|
* will not automatically send TSF report to the host. If
|
||||||
* QCA_TSF_AUTO_REPORT_ENABLE is initiated and
|
* %QCA_TSF_AUTO_REPORT_ENABLE is initiated and
|
||||||
* QCA_WLAN_VENDOR_ATTR_GET_STA_INFO_UPLINK_DELAY is not queried anymore, this
|
* %QCA_WLAN_VENDOR_ATTR_GET_STA_INFO_UPLINK_DELAY is not queried anymore, this
|
||||||
* operation needs to be initiated.
|
* operation needs to be initiated.
|
||||||
|
* @QCA_TSF_SYNC_START: Start periodic TSF sync feature. The driver periodically
|
||||||
|
* fetches TSF and host time mapping from the firmware with interval configured
|
||||||
|
* through the %QCA_WLAN_VENDOR_ATTR_TSF_SYNC_INTERVAL attribute. If the
|
||||||
|
* interval value is not provided the driver will use the default value. The
|
||||||
|
* userspace can query the TSF and host time mapping via the %QCA_TSF_GET
|
||||||
|
* command.
|
||||||
|
* @QCA_TSF_SYNC_STOP: Stop periodic TSF sync feature.
|
||||||
*/
|
*/
|
||||||
enum qca_tsf_cmd {
|
enum qca_tsf_cmd {
|
||||||
QCA_TSF_CAPTURE,
|
QCA_TSF_CAPTURE,
|
||||||
|
@ -1825,6 +1848,8 @@ enum qca_tsf_cmd {
|
||||||
QCA_TSF_SYNC_GET,
|
QCA_TSF_SYNC_GET,
|
||||||
QCA_TSF_AUTO_REPORT_ENABLE,
|
QCA_TSF_AUTO_REPORT_ENABLE,
|
||||||
QCA_TSF_AUTO_REPORT_DISABLE,
|
QCA_TSF_AUTO_REPORT_DISABLE,
|
||||||
|
QCA_TSF_SYNC_START,
|
||||||
|
QCA_TSF_SYNC_STOP,
|
||||||
};
|
};
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
|
|
@ -290,14 +290,16 @@ static int sae_derive_pwe_ecc(struct sae_data *sae, const u8 *addr1,
|
||||||
int pwd_seed_odd = 0;
|
int pwd_seed_odd = 0;
|
||||||
u8 prime[SAE_MAX_ECC_PRIME_LEN];
|
u8 prime[SAE_MAX_ECC_PRIME_LEN];
|
||||||
size_t prime_len;
|
size_t prime_len;
|
||||||
struct crypto_bignum *x = NULL, *qr = NULL, *qnr = NULL;
|
struct crypto_bignum *x = NULL, *y = NULL, *qr = NULL, *qnr = NULL;
|
||||||
u8 x_bin[SAE_MAX_ECC_PRIME_LEN];
|
u8 x_bin[SAE_MAX_ECC_PRIME_LEN];
|
||||||
u8 x_cand_bin[SAE_MAX_ECC_PRIME_LEN];
|
u8 x_cand_bin[SAE_MAX_ECC_PRIME_LEN];
|
||||||
u8 qr_bin[SAE_MAX_ECC_PRIME_LEN];
|
u8 qr_bin[SAE_MAX_ECC_PRIME_LEN];
|
||||||
u8 qnr_bin[SAE_MAX_ECC_PRIME_LEN];
|
u8 qnr_bin[SAE_MAX_ECC_PRIME_LEN];
|
||||||
|
u8 x_y[2 * SAE_MAX_ECC_PRIME_LEN];
|
||||||
int res = -1;
|
int res = -1;
|
||||||
u8 found = 0; /* 0 (false) or 0xff (true) to be used as const_time_*
|
u8 found = 0; /* 0 (false) or 0xff (true) to be used as const_time_*
|
||||||
* mask */
|
* mask */
|
||||||
|
unsigned int is_eq;
|
||||||
|
|
||||||
os_memset(x_bin, 0, sizeof(x_bin));
|
os_memset(x_bin, 0, sizeof(x_bin));
|
||||||
|
|
||||||
|
@ -396,25 +398,42 @@ static int sae_derive_pwe_ecc(struct sae_data *sae, const u8 *addr1,
|
||||||
goto fail;
|
goto fail;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (!sae->tmp->pwe_ecc)
|
/* y = sqrt(x^3 + ax + b) mod p
|
||||||
sae->tmp->pwe_ecc = crypto_ec_point_init(sae->tmp->ec);
|
* if LSB(save) == LSB(y): PWE = (x, y)
|
||||||
if (!sae->tmp->pwe_ecc)
|
* else: PWE = (x, p - y)
|
||||||
res = -1;
|
*
|
||||||
else
|
* Calculate y and the two possible values for PWE and after that,
|
||||||
res = crypto_ec_point_solve_y_coord(sae->tmp->ec,
|
* use constant time selection to copy the correct alternative.
|
||||||
sae->tmp->pwe_ecc, x,
|
|
||||||
pwd_seed_odd);
|
|
||||||
if (res < 0) {
|
|
||||||
/*
|
|
||||||
* This should not happen since we already checked that there
|
|
||||||
* is a result.
|
|
||||||
*/
|
*/
|
||||||
|
y = crypto_ec_point_compute_y_sqr(sae->tmp->ec, x);
|
||||||
|
if (!y ||
|
||||||
|
dragonfly_sqrt(sae->tmp->ec, y, y) < 0 ||
|
||||||
|
crypto_bignum_to_bin(y, x_y, SAE_MAX_ECC_PRIME_LEN,
|
||||||
|
prime_len) < 0 ||
|
||||||
|
crypto_bignum_sub(sae->tmp->prime, y, y) < 0 ||
|
||||||
|
crypto_bignum_to_bin(y, x_y + SAE_MAX_ECC_PRIME_LEN,
|
||||||
|
SAE_MAX_ECC_PRIME_LEN, prime_len) < 0) {
|
||||||
wpa_printf(MSG_DEBUG, "SAE: Could not solve y");
|
wpa_printf(MSG_DEBUG, "SAE: Could not solve y");
|
||||||
|
goto fail;
|
||||||
|
}
|
||||||
|
|
||||||
|
is_eq = const_time_eq(pwd_seed_odd, x_y[prime_len - 1] & 0x01);
|
||||||
|
const_time_select_bin(is_eq, x_y, x_y + SAE_MAX_ECC_PRIME_LEN,
|
||||||
|
prime_len, x_y + prime_len);
|
||||||
|
os_memcpy(x_y, x_bin, prime_len);
|
||||||
|
wpa_hexdump_key(MSG_DEBUG, "SAE: PWE", x_y, 2 * prime_len);
|
||||||
|
crypto_ec_point_deinit(sae->tmp->pwe_ecc, 1);
|
||||||
|
sae->tmp->pwe_ecc = crypto_ec_point_from_bin(sae->tmp->ec, x_y);
|
||||||
|
if (!sae->tmp->pwe_ecc) {
|
||||||
|
wpa_printf(MSG_DEBUG, "SAE: Could not generate PWE");
|
||||||
|
res = -1;
|
||||||
}
|
}
|
||||||
|
|
||||||
fail:
|
fail:
|
||||||
|
forced_memzero(x_y, sizeof(x_y));
|
||||||
crypto_bignum_deinit(qr, 0);
|
crypto_bignum_deinit(qr, 0);
|
||||||
crypto_bignum_deinit(qnr, 0);
|
crypto_bignum_deinit(qnr, 0);
|
||||||
|
crypto_bignum_deinit(y, 1);
|
||||||
os_free(stub_password);
|
os_free(stub_password);
|
||||||
bin_clear_free(tmp_password, password_len);
|
bin_clear_free(tmp_password, password_len);
|
||||||
crypto_bignum_deinit(x, 1);
|
crypto_bignum_deinit(x, 1);
|
||||||
|
@ -747,19 +766,9 @@ static struct crypto_ec_point * sswu(struct crypto_ec *ec, int group,
|
||||||
const_time_select_bin(is_qr, bin1, bin2, prime_len, x_y);
|
const_time_select_bin(is_qr, bin1, bin2, prime_len, x_y);
|
||||||
wpa_hexdump_key(MSG_DEBUG, "SSWU: x = CSEL(l, x1, x2)", x_y, prime_len);
|
wpa_hexdump_key(MSG_DEBUG, "SSWU: x = CSEL(l, x1, x2)", x_y, prime_len);
|
||||||
|
|
||||||
/* y = sqrt(v)
|
/* y = sqrt(v) */
|
||||||
* For prime p such that p = 3 mod 4 --> v^((p+1)/4) */
|
|
||||||
if (crypto_bignum_to_bin(prime, bin1, sizeof(bin1), prime_len) < 0)
|
|
||||||
goto fail;
|
|
||||||
if ((bin1[prime_len - 1] & 0x03) != 3) {
|
|
||||||
wpa_printf(MSG_DEBUG, "SSWU: prime does not have p = 3 mod 4");
|
|
||||||
goto fail;
|
|
||||||
}
|
|
||||||
y = crypto_bignum_init();
|
y = crypto_bignum_init();
|
||||||
if (!y ||
|
if (!y || dragonfly_sqrt(ec, v, y) < 0)
|
||||||
crypto_bignum_add(prime, one, t1) < 0 ||
|
|
||||||
crypto_bignum_rshift(t1, 2, t1) < 0 ||
|
|
||||||
crypto_bignum_exptmod(v, t1, prime, y) < 0)
|
|
||||||
goto fail;
|
goto fail;
|
||||||
debug_print_bignum("SSWU: y = sqrt(v)", y, prime_len);
|
debug_print_bignum("SSWU: y = sqrt(v)", y, prime_len);
|
||||||
|
|
||||||
|
|
|
@ -9,6 +9,6 @@
|
||||||
#define GIT_VERSION_STR_POSTFIX ""
|
#define GIT_VERSION_STR_POSTFIX ""
|
||||||
#endif /* GIT_VERSION_STR_POSTFIX */
|
#endif /* GIT_VERSION_STR_POSTFIX */
|
||||||
|
|
||||||
#define VERSION_STR "2.10-devel" VERSION_STR_POSTFIX GIT_VERSION_STR_POSTFIX
|
#define VERSION_STR "2.10" VERSION_STR_POSTFIX GIT_VERSION_STR_POSTFIX
|
||||||
|
|
||||||
#endif /* VERSION_H */
|
#endif /* VERSION_H */
|
||||||
|
|
|
@ -882,18 +882,6 @@ int crypto_ec_point_mul(struct crypto_ec *e, const struct crypto_ec_point *p,
|
||||||
*/
|
*/
|
||||||
int crypto_ec_point_invert(struct crypto_ec *e, struct crypto_ec_point *p);
|
int crypto_ec_point_invert(struct crypto_ec *e, struct crypto_ec_point *p);
|
||||||
|
|
||||||
/**
|
|
||||||
* crypto_ec_point_solve_y_coord - Solve y coordinate for an x coordinate
|
|
||||||
* @e: EC context from crypto_ec_init()
|
|
||||||
* @p: EC point to use for the returning the result
|
|
||||||
* @x: x coordinate
|
|
||||||
* @y_bit: y-bit (0 or 1) for selecting the y value to use
|
|
||||||
* Returns: 0 on success, -1 on failure
|
|
||||||
*/
|
|
||||||
int crypto_ec_point_solve_y_coord(struct crypto_ec *e,
|
|
||||||
struct crypto_ec_point *p,
|
|
||||||
const struct crypto_bignum *x, int y_bit);
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* crypto_ec_point_compute_y_sqr - Compute y^2 = x^3 + ax + b
|
* crypto_ec_point_compute_y_sqr - Compute y^2 = x^3 + ax + b
|
||||||
* @e: EC context from crypto_ec_init()
|
* @e: EC context from crypto_ec_init()
|
||||||
|
|
|
@ -24,6 +24,9 @@
|
||||||
#include <openssl/x509.h>
|
#include <openssl/x509.h>
|
||||||
#include <openssl/pem.h>
|
#include <openssl/pem.h>
|
||||||
#endif /* CONFIG_ECC */
|
#endif /* CONFIG_ECC */
|
||||||
|
#if OPENSSL_VERSION_NUMBER >= 0x30000000L
|
||||||
|
#include <openssl/provider.h>
|
||||||
|
#endif /* OpenSSL version >= 3.0 */
|
||||||
|
|
||||||
#include "common.h"
|
#include "common.h"
|
||||||
#include "utils/const_time.h"
|
#include "utils/const_time.h"
|
||||||
|
@ -117,6 +120,26 @@ static const unsigned char * ASN1_STRING_get0_data(const ASN1_STRING *x)
|
||||||
}
|
}
|
||||||
#endif /* OpenSSL version < 1.1.0 */
|
#endif /* OpenSSL version < 1.1.0 */
|
||||||
|
|
||||||
|
|
||||||
|
void openssl_load_legacy_provider(void)
|
||||||
|
{
|
||||||
|
#if OPENSSL_VERSION_NUMBER >= 0x30000000L
|
||||||
|
static bool loaded = false;
|
||||||
|
OSSL_PROVIDER *legacy;
|
||||||
|
|
||||||
|
if (loaded)
|
||||||
|
return;
|
||||||
|
|
||||||
|
legacy = OSSL_PROVIDER_load(NULL, "legacy");
|
||||||
|
|
||||||
|
if (legacy) {
|
||||||
|
OSSL_PROVIDER_load(NULL, "default");
|
||||||
|
loaded = true;
|
||||||
|
}
|
||||||
|
#endif /* OpenSSL version >= 3.0 */
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
static BIGNUM * get_group5_prime(void)
|
static BIGNUM * get_group5_prime(void)
|
||||||
{
|
{
|
||||||
#if OPENSSL_VERSION_NUMBER >= 0x10100000L && \
|
#if OPENSSL_VERSION_NUMBER >= 0x10100000L && \
|
||||||
|
@ -223,6 +246,7 @@ static int openssl_digest_vector(const EVP_MD *type, size_t num_elem,
|
||||||
#ifndef CONFIG_FIPS
|
#ifndef CONFIG_FIPS
|
||||||
int md4_vector(size_t num_elem, const u8 *addr[], const size_t *len, u8 *mac)
|
int md4_vector(size_t num_elem, const u8 *addr[], const size_t *len, u8 *mac)
|
||||||
{
|
{
|
||||||
|
openssl_load_legacy_provider();
|
||||||
return openssl_digest_vector(EVP_md4(), num_elem, addr, len, mac);
|
return openssl_digest_vector(EVP_md4(), num_elem, addr, len, mac);
|
||||||
}
|
}
|
||||||
#endif /* CONFIG_FIPS */
|
#endif /* CONFIG_FIPS */
|
||||||
|
@ -234,6 +258,8 @@ int des_encrypt(const u8 *clear, const u8 *key, u8 *cypher)
|
||||||
int i, plen, ret = -1;
|
int i, plen, ret = -1;
|
||||||
EVP_CIPHER_CTX *ctx;
|
EVP_CIPHER_CTX *ctx;
|
||||||
|
|
||||||
|
openssl_load_legacy_provider();
|
||||||
|
|
||||||
/* Add parity bits to the key */
|
/* Add parity bits to the key */
|
||||||
next = 0;
|
next = 0;
|
||||||
for (i = 0; i < 7; i++) {
|
for (i = 0; i < 7; i++) {
|
||||||
|
@ -271,6 +297,8 @@ int rc4_skip(const u8 *key, size_t keylen, size_t skip,
|
||||||
int res = -1;
|
int res = -1;
|
||||||
unsigned char skip_buf[16];
|
unsigned char skip_buf[16];
|
||||||
|
|
||||||
|
openssl_load_legacy_provider();
|
||||||
|
|
||||||
ctx = EVP_CIPHER_CTX_new();
|
ctx = EVP_CIPHER_CTX_new();
|
||||||
if (!ctx ||
|
if (!ctx ||
|
||||||
!EVP_CipherInit_ex(ctx, EVP_rc4(), NULL, NULL, NULL, 1) ||
|
!EVP_CipherInit_ex(ctx, EVP_rc4(), NULL, NULL, NULL, 1) ||
|
||||||
|
@ -1923,48 +1951,27 @@ int crypto_ec_point_invert(struct crypto_ec *e, struct crypto_ec_point *p)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
int crypto_ec_point_solve_y_coord(struct crypto_ec *e,
|
|
||||||
struct crypto_ec_point *p,
|
|
||||||
const struct crypto_bignum *x, int y_bit)
|
|
||||||
{
|
|
||||||
if (TEST_FAIL())
|
|
||||||
return -1;
|
|
||||||
if (!EC_POINT_set_compressed_coordinates_GFp(e->group, (EC_POINT *) p,
|
|
||||||
(const BIGNUM *) x, y_bit,
|
|
||||||
e->bnctx) ||
|
|
||||||
!EC_POINT_is_on_curve(e->group, (EC_POINT *) p, e->bnctx))
|
|
||||||
return -1;
|
|
||||||
return 0;
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
struct crypto_bignum *
|
struct crypto_bignum *
|
||||||
crypto_ec_point_compute_y_sqr(struct crypto_ec *e,
|
crypto_ec_point_compute_y_sqr(struct crypto_ec *e,
|
||||||
const struct crypto_bignum *x)
|
const struct crypto_bignum *x)
|
||||||
{
|
{
|
||||||
BIGNUM *tmp, *tmp2, *y_sqr = NULL;
|
BIGNUM *tmp;
|
||||||
|
|
||||||
if (TEST_FAIL())
|
if (TEST_FAIL())
|
||||||
return NULL;
|
return NULL;
|
||||||
|
|
||||||
tmp = BN_new();
|
tmp = BN_new();
|
||||||
tmp2 = BN_new();
|
|
||||||
|
|
||||||
/* y^2 = x^3 + ax + b */
|
/* y^2 = x^3 + ax + b = (x^2 + a)x + b */
|
||||||
if (tmp && tmp2 &&
|
if (tmp &&
|
||||||
BN_mod_sqr(tmp, (const BIGNUM *) x, e->prime, e->bnctx) &&
|
BN_mod_sqr(tmp, (const BIGNUM *) x, e->prime, e->bnctx) &&
|
||||||
|
BN_mod_add_quick(tmp, e->a, tmp, e->prime) &&
|
||||||
BN_mod_mul(tmp, tmp, (const BIGNUM *) x, e->prime, e->bnctx) &&
|
BN_mod_mul(tmp, tmp, (const BIGNUM *) x, e->prime, e->bnctx) &&
|
||||||
BN_mod_mul(tmp2, e->a, (const BIGNUM *) x, e->prime, e->bnctx) &&
|
BN_mod_add_quick(tmp, tmp, e->b, e->prime))
|
||||||
BN_mod_add_quick(tmp2, tmp2, tmp, e->prime) &&
|
return (struct crypto_bignum *) tmp;
|
||||||
BN_mod_add_quick(tmp2, tmp2, e->b, e->prime)) {
|
|
||||||
y_sqr = tmp2;
|
|
||||||
tmp2 = NULL;
|
|
||||||
}
|
|
||||||
|
|
||||||
BN_clear_free(tmp);
|
BN_clear_free(tmp);
|
||||||
BN_clear_free(tmp2);
|
return NULL;
|
||||||
|
|
||||||
return (struct crypto_bignum *) y_sqr;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
@ -2480,12 +2487,13 @@ struct crypto_ec_key * crypto_ec_key_gen(int group)
|
||||||
goto fail;
|
goto fail;
|
||||||
}
|
}
|
||||||
|
|
||||||
eckey = EVP_PKEY_get0_EC_KEY(key);
|
eckey = EVP_PKEY_get1_EC_KEY(key);
|
||||||
if (!eckey) {
|
if (!eckey) {
|
||||||
key = NULL;
|
key = NULL;
|
||||||
goto fail;
|
goto fail;
|
||||||
}
|
}
|
||||||
EC_KEY_set_conv_form(eckey, POINT_CONVERSION_COMPRESSED);
|
EC_KEY_set_conv_form(eckey, POINT_CONVERSION_COMPRESSED);
|
||||||
|
EC_KEY_free(eckey);
|
||||||
|
|
||||||
fail:
|
fail:
|
||||||
EC_KEY_free(ec_params);
|
EC_KEY_free(ec_params);
|
||||||
|
@ -2595,12 +2603,34 @@ struct wpabuf * crypto_ec_key_get_subject_public_key(struct crypto_ec_key *key)
|
||||||
unsigned char *der = NULL;
|
unsigned char *der = NULL;
|
||||||
int der_len;
|
int der_len;
|
||||||
struct wpabuf *buf;
|
struct wpabuf *buf;
|
||||||
|
EC_KEY *eckey;
|
||||||
|
#if OPENSSL_VERSION_NUMBER >= 0x30000000L
|
||||||
|
EVP_PKEY *tmp;
|
||||||
|
#endif /* OpenSSL version >= 3.0 */
|
||||||
|
|
||||||
|
eckey = EVP_PKEY_get1_EC_KEY((EVP_PKEY *) key);
|
||||||
|
if (!eckey)
|
||||||
|
return NULL;
|
||||||
|
|
||||||
/* For now, all users expect COMPRESSED form */
|
/* For now, all users expect COMPRESSED form */
|
||||||
EC_KEY_set_conv_form(EVP_PKEY_get0_EC_KEY((EVP_PKEY *) key),
|
EC_KEY_set_conv_form(eckey, POINT_CONVERSION_COMPRESSED);
|
||||||
POINT_CONVERSION_COMPRESSED);
|
|
||||||
|
#if OPENSSL_VERSION_NUMBER >= 0x30000000L
|
||||||
|
tmp = EVP_PKEY_new();
|
||||||
|
if (!tmp)
|
||||||
|
return NULL;
|
||||||
|
if (EVP_PKEY_set1_EC_KEY(tmp, eckey) != 1) {
|
||||||
|
EVP_PKEY_free(tmp);
|
||||||
|
return NULL;
|
||||||
|
}
|
||||||
|
key = (struct crypto_ec_key *) tmp;
|
||||||
|
#endif /* OpenSSL version >= 3.0 */
|
||||||
|
|
||||||
der_len = i2d_PUBKEY((EVP_PKEY *) key, &der);
|
der_len = i2d_PUBKEY((EVP_PKEY *) key, &der);
|
||||||
|
EC_KEY_free(eckey);
|
||||||
|
#if OPENSSL_VERSION_NUMBER >= 0x30000000L
|
||||||
|
EVP_PKEY_free(tmp);
|
||||||
|
#endif /* OpenSSL version >= 3.0 */
|
||||||
if (der_len <= 0) {
|
if (der_len <= 0) {
|
||||||
wpa_printf(MSG_INFO, "OpenSSL: i2d_PUBKEY() failed: %s",
|
wpa_printf(MSG_INFO, "OpenSSL: i2d_PUBKEY() failed: %s",
|
||||||
ERR_error_string(ERR_get_error(), NULL));
|
ERR_error_string(ERR_get_error(), NULL));
|
||||||
|
@ -2623,7 +2653,7 @@ struct wpabuf * crypto_ec_key_get_ecprivate_key(struct crypto_ec_key *key,
|
||||||
struct wpabuf *buf;
|
struct wpabuf *buf;
|
||||||
unsigned int key_flags;
|
unsigned int key_flags;
|
||||||
|
|
||||||
eckey = EVP_PKEY_get0_EC_KEY((EVP_PKEY *) key);
|
eckey = EVP_PKEY_get1_EC_KEY((EVP_PKEY *) key);
|
||||||
if (!eckey)
|
if (!eckey)
|
||||||
return NULL;
|
return NULL;
|
||||||
|
|
||||||
|
@ -2637,6 +2667,7 @@ struct wpabuf * crypto_ec_key_get_ecprivate_key(struct crypto_ec_key *key,
|
||||||
EC_KEY_set_conv_form(eckey, POINT_CONVERSION_UNCOMPRESSED);
|
EC_KEY_set_conv_form(eckey, POINT_CONVERSION_UNCOMPRESSED);
|
||||||
|
|
||||||
der_len = i2d_ECPrivateKey(eckey, &der);
|
der_len = i2d_ECPrivateKey(eckey, &der);
|
||||||
|
EC_KEY_free(eckey);
|
||||||
if (der_len <= 0)
|
if (der_len <= 0)
|
||||||
return NULL;
|
return NULL;
|
||||||
buf = wpabuf_alloc_copy(der, der_len);
|
buf = wpabuf_alloc_copy(der, der_len);
|
||||||
|
@ -2697,7 +2728,7 @@ struct wpabuf * crypto_ec_key_get_pubkey_point(struct crypto_ec_key *key,
|
||||||
const struct crypto_ec_point *
|
const struct crypto_ec_point *
|
||||||
crypto_ec_key_get_public_key(struct crypto_ec_key *key)
|
crypto_ec_key_get_public_key(struct crypto_ec_key *key)
|
||||||
{
|
{
|
||||||
EC_KEY *eckey;
|
const EC_KEY *eckey;
|
||||||
|
|
||||||
eckey = EVP_PKEY_get0_EC_KEY((EVP_PKEY *) key);
|
eckey = EVP_PKEY_get0_EC_KEY((EVP_PKEY *) key);
|
||||||
if (!eckey)
|
if (!eckey)
|
||||||
|
@ -2709,7 +2740,7 @@ crypto_ec_key_get_public_key(struct crypto_ec_key *key)
|
||||||
const struct crypto_bignum *
|
const struct crypto_bignum *
|
||||||
crypto_ec_key_get_private_key(struct crypto_ec_key *key)
|
crypto_ec_key_get_private_key(struct crypto_ec_key *key)
|
||||||
{
|
{
|
||||||
EC_KEY *eckey;
|
const EC_KEY *eckey;
|
||||||
|
|
||||||
eckey = EVP_PKEY_get0_EC_KEY((EVP_PKEY *) key);
|
eckey = EVP_PKEY_get0_EC_KEY((EVP_PKEY *) key);
|
||||||
if (!eckey)
|
if (!eckey)
|
||||||
|
|
|
@ -1630,30 +1630,6 @@ int crypto_ec_point_invert(struct crypto_ec *e, struct crypto_ec_point *p)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
int crypto_ec_point_solve_y_coord(struct crypto_ec *e,
|
|
||||||
struct crypto_ec_point *p,
|
|
||||||
const struct crypto_bignum *x, int y_bit)
|
|
||||||
{
|
|
||||||
byte buf[1 + 2 * MAX_ECC_BYTES];
|
|
||||||
int ret;
|
|
||||||
int prime_len = crypto_ec_prime_len(e);
|
|
||||||
|
|
||||||
if (TEST_FAIL())
|
|
||||||
return -1;
|
|
||||||
|
|
||||||
buf[0] = y_bit ? ECC_POINT_COMP_ODD : ECC_POINT_COMP_EVEN;
|
|
||||||
ret = crypto_bignum_to_bin(x, buf + 1, prime_len, prime_len);
|
|
||||||
if (ret <= 0)
|
|
||||||
return -1;
|
|
||||||
ret = wc_ecc_import_point_der(buf, 1 + 2 * ret, e->key.idx,
|
|
||||||
(ecc_point *) p);
|
|
||||||
if (ret != 0)
|
|
||||||
return -1;
|
|
||||||
|
|
||||||
return 0;
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
struct crypto_bignum *
|
struct crypto_bignum *
|
||||||
crypto_ec_point_compute_y_sqr(struct crypto_ec *e,
|
crypto_ec_point_compute_y_sqr(struct crypto_ec *e,
|
||||||
const struct crypto_bignum *x)
|
const struct crypto_bignum *x)
|
||||||
|
|
|
@ -957,6 +957,10 @@ void * tls_init(const struct tls_config *conf)
|
||||||
const char *ciphers;
|
const char *ciphers;
|
||||||
|
|
||||||
if (tls_openssl_ref_count == 0) {
|
if (tls_openssl_ref_count == 0) {
|
||||||
|
void openssl_load_legacy_provider(void);
|
||||||
|
|
||||||
|
openssl_load_legacy_provider();
|
||||||
|
|
||||||
tls_global = context = tls_context_new(conf);
|
tls_global = context = tls_context_new(conf);
|
||||||
if (context == NULL)
|
if (context == NULL)
|
||||||
return NULL;
|
return NULL;
|
||||||
|
@ -3019,13 +3023,23 @@ static int tls_set_conn_flags(struct tls_connection *conn, unsigned int flags,
|
||||||
#if OPENSSL_VERSION_NUMBER >= 0x10100000L && \
|
#if OPENSSL_VERSION_NUMBER >= 0x10100000L && \
|
||||||
!defined(LIBRESSL_VERSION_NUMBER) && \
|
!defined(LIBRESSL_VERSION_NUMBER) && \
|
||||||
!defined(OPENSSL_IS_BORINGSSL)
|
!defined(OPENSSL_IS_BORINGSSL)
|
||||||
if ((flags & (TLS_CONN_ENABLE_TLSv1_0 | TLS_CONN_ENABLE_TLSv1_1)) &&
|
{
|
||||||
SSL_get_security_level(ssl) >= 2) {
|
#if OPENSSL_VERSION_NUMBER >= 0x30000000L
|
||||||
|
int need_level = 0;
|
||||||
|
#else
|
||||||
|
int need_level = 1;
|
||||||
|
#endif
|
||||||
|
|
||||||
|
if ((flags &
|
||||||
|
(TLS_CONN_ENABLE_TLSv1_0 | TLS_CONN_ENABLE_TLSv1_1)) &&
|
||||||
|
SSL_get_security_level(ssl) > need_level) {
|
||||||
/*
|
/*
|
||||||
* Need to drop to security level 1 to allow TLS versions older
|
* Need to drop to security level 1 (or 0 with OpenSSL
|
||||||
* than 1.2 to be used when explicitly enabled in configuration.
|
* 3.0) to allow TLS versions older than 1.2 to be used
|
||||||
|
* when explicitly enabled in configuration.
|
||||||
*/
|
*/
|
||||||
SSL_set_security_level(conn->ssl, 1);
|
SSL_set_security_level(conn->ssl, need_level);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
|
|
@ -127,7 +127,8 @@ int compute_password_element(EAP_PWD_group *grp, u16 num,
|
||||||
u8 qr_or_qnr_bin[MAX_ECC_PRIME_LEN];
|
u8 qr_or_qnr_bin[MAX_ECC_PRIME_LEN];
|
||||||
u8 x_bin[MAX_ECC_PRIME_LEN];
|
u8 x_bin[MAX_ECC_PRIME_LEN];
|
||||||
u8 prime_bin[MAX_ECC_PRIME_LEN];
|
u8 prime_bin[MAX_ECC_PRIME_LEN];
|
||||||
struct crypto_bignum *tmp2 = NULL;
|
u8 x_y[2 * MAX_ECC_PRIME_LEN];
|
||||||
|
struct crypto_bignum *tmp2 = NULL, *y = NULL;
|
||||||
struct crypto_hash *hash;
|
struct crypto_hash *hash;
|
||||||
unsigned char pwe_digest[SHA256_MAC_LEN], *prfbuf = NULL, ctr;
|
unsigned char pwe_digest[SHA256_MAC_LEN], *prfbuf = NULL, ctr;
|
||||||
int ret = 0, res;
|
int ret = 0, res;
|
||||||
|
@ -139,6 +140,7 @@ int compute_password_element(EAP_PWD_group *grp, u16 num,
|
||||||
u8 found_ctr = 0, is_odd = 0;
|
u8 found_ctr = 0, is_odd = 0;
|
||||||
int cmp_prime;
|
int cmp_prime;
|
||||||
unsigned int in_range;
|
unsigned int in_range;
|
||||||
|
unsigned int is_eq;
|
||||||
|
|
||||||
if (grp->pwe)
|
if (grp->pwe)
|
||||||
return -1;
|
return -1;
|
||||||
|
@ -151,11 +153,6 @@ int compute_password_element(EAP_PWD_group *grp, u16 num,
|
||||||
if (crypto_bignum_to_bin(prime, prime_bin, sizeof(prime_bin),
|
if (crypto_bignum_to_bin(prime, prime_bin, sizeof(prime_bin),
|
||||||
primebytelen) < 0)
|
primebytelen) < 0)
|
||||||
return -1;
|
return -1;
|
||||||
grp->pwe = crypto_ec_point_init(grp->group);
|
|
||||||
if (!grp->pwe) {
|
|
||||||
wpa_printf(MSG_INFO, "EAP-pwd: unable to create bignums");
|
|
||||||
goto fail;
|
|
||||||
}
|
|
||||||
|
|
||||||
if ((prfbuf = os_malloc(primebytelen)) == NULL) {
|
if ((prfbuf = os_malloc(primebytelen)) == NULL) {
|
||||||
wpa_printf(MSG_INFO, "EAP-pwd: unable to malloc space for prf "
|
wpa_printf(MSG_INFO, "EAP-pwd: unable to malloc space for prf "
|
||||||
|
@ -261,10 +258,37 @@ int compute_password_element(EAP_PWD_group *grp, u16 num,
|
||||||
*/
|
*/
|
||||||
crypto_bignum_deinit(x_candidate, 1);
|
crypto_bignum_deinit(x_candidate, 1);
|
||||||
x_candidate = crypto_bignum_init_set(x_bin, primebytelen);
|
x_candidate = crypto_bignum_init_set(x_bin, primebytelen);
|
||||||
if (!x_candidate ||
|
if (!x_candidate)
|
||||||
crypto_ec_point_solve_y_coord(grp->group, grp->pwe, x_candidate,
|
goto fail;
|
||||||
is_odd) != 0) {
|
|
||||||
wpa_printf(MSG_INFO, "EAP-pwd: Could not solve for y");
|
/* y = sqrt(x^3 + ax + b) mod p
|
||||||
|
* if LSB(y) == LSB(pwd-seed): PWE = (x, y)
|
||||||
|
* else: PWE = (x, p - y)
|
||||||
|
*
|
||||||
|
* Calculate y and the two possible values for PWE and after that,
|
||||||
|
* use constant time selection to copy the correct alternative.
|
||||||
|
*/
|
||||||
|
y = crypto_ec_point_compute_y_sqr(grp->group, x_candidate);
|
||||||
|
if (!y ||
|
||||||
|
dragonfly_sqrt(grp->group, y, y) < 0 ||
|
||||||
|
crypto_bignum_to_bin(y, x_y, MAX_ECC_PRIME_LEN, primebytelen) < 0 ||
|
||||||
|
crypto_bignum_sub(prime, y, y) < 0 ||
|
||||||
|
crypto_bignum_to_bin(y, x_y + MAX_ECC_PRIME_LEN,
|
||||||
|
MAX_ECC_PRIME_LEN, primebytelen) < 0) {
|
||||||
|
wpa_printf(MSG_DEBUG, "SAE: Could not solve y");
|
||||||
|
goto fail;
|
||||||
|
}
|
||||||
|
|
||||||
|
/* Constant time selection of the y coordinate from the two
|
||||||
|
* options */
|
||||||
|
is_eq = const_time_eq(is_odd, x_y[primebytelen - 1] & 0x01);
|
||||||
|
const_time_select_bin(is_eq, x_y, x_y + MAX_ECC_PRIME_LEN,
|
||||||
|
primebytelen, x_y + primebytelen);
|
||||||
|
os_memcpy(x_y, x_bin, primebytelen);
|
||||||
|
wpa_hexdump_key(MSG_DEBUG, "EAP-pwd: PWE", x_y, 2 * primebytelen);
|
||||||
|
grp->pwe = crypto_ec_point_from_bin(grp->group, x_y);
|
||||||
|
if (!grp->pwe) {
|
||||||
|
wpa_printf(MSG_DEBUG, "EAP-pwd: Could not generate PWE");
|
||||||
goto fail;
|
goto fail;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -289,6 +313,7 @@ int compute_password_element(EAP_PWD_group *grp, u16 num,
|
||||||
/* cleanliness and order.... */
|
/* cleanliness and order.... */
|
||||||
crypto_bignum_deinit(x_candidate, 1);
|
crypto_bignum_deinit(x_candidate, 1);
|
||||||
crypto_bignum_deinit(tmp2, 1);
|
crypto_bignum_deinit(tmp2, 1);
|
||||||
|
crypto_bignum_deinit(y, 1);
|
||||||
crypto_bignum_deinit(qr, 1);
|
crypto_bignum_deinit(qr, 1);
|
||||||
crypto_bignum_deinit(qnr, 1);
|
crypto_bignum_deinit(qnr, 1);
|
||||||
bin_clear_free(prfbuf, primebytelen);
|
bin_clear_free(prfbuf, primebytelen);
|
||||||
|
@ -296,6 +321,7 @@ int compute_password_element(EAP_PWD_group *grp, u16 num,
|
||||||
os_memset(qnr_bin, 0, sizeof(qnr_bin));
|
os_memset(qnr_bin, 0, sizeof(qnr_bin));
|
||||||
os_memset(qr_or_qnr_bin, 0, sizeof(qr_or_qnr_bin));
|
os_memset(qr_or_qnr_bin, 0, sizeof(qr_or_qnr_bin));
|
||||||
os_memset(pwe_digest, 0, sizeof(pwe_digest));
|
os_memset(pwe_digest, 0, sizeof(pwe_digest));
|
||||||
|
forced_memzero(x_y, sizeof(x_y));
|
||||||
|
|
||||||
return ret;
|
return ret;
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,5 +1,58 @@
|
||||||
ChangeLog for wpa_supplicant
|
ChangeLog for wpa_supplicant
|
||||||
|
|
||||||
|
2022-01-16 - v2.10
|
||||||
|
* SAE changes
|
||||||
|
- improved protection against side channel attacks
|
||||||
|
[https://w1.fi/security/2022-1/]
|
||||||
|
- added support for the hash-to-element mechanism (sae_pwe=1 or
|
||||||
|
sae_pwe=2); this is currently disabled by default, but will likely
|
||||||
|
get enabled by default in the future
|
||||||
|
- fixed PMKSA caching with OKC
|
||||||
|
- added support for SAE-PK
|
||||||
|
* EAP-pwd changes
|
||||||
|
- improved protection against side channel attacks
|
||||||
|
[https://w1.fi/security/2022-1/]
|
||||||
|
* fixed P2P provision discovery processing of a specially constructed
|
||||||
|
invalid frame
|
||||||
|
[https://w1.fi/security/2021-1/]
|
||||||
|
* fixed P2P group information processing of a specially constructed
|
||||||
|
invalid frame
|
||||||
|
[https://w1.fi/security/2020-2/]
|
||||||
|
* fixed PMF disconnection protection bypass in AP mode
|
||||||
|
[https://w1.fi/security/2019-7/]
|
||||||
|
* added support for using OpenSSL 3.0
|
||||||
|
* increased the maximum number of EAP message exchanges (mainly to
|
||||||
|
support cases with very large certificates)
|
||||||
|
* fixed various issues in experimental support for EAP-TEAP peer
|
||||||
|
* added support for DPP release 2 (Wi-Fi Device Provisioning Protocol)
|
||||||
|
* a number of MKA/MACsec fixes and extensions
|
||||||
|
* added support for SAE (WPA3-Personal) AP mode configuration
|
||||||
|
* added P2P support for EDMG (IEEE 802.11ay) channels
|
||||||
|
* fixed EAP-FAST peer with TLS GCM/CCM ciphers
|
||||||
|
* improved throughput estimation and BSS selection
|
||||||
|
* dropped support for libnl 1.1
|
||||||
|
* added support for nl80211 control port for EAPOL frame TX/RX
|
||||||
|
* fixed OWE key derivation with groups 20 and 21; this breaks backwards
|
||||||
|
compatibility for these groups while the default group 19 remains
|
||||||
|
backwards compatible
|
||||||
|
* added support for Beacon protection
|
||||||
|
* added support for Extended Key ID for pairwise keys
|
||||||
|
* removed WEP support from the default build (CONFIG_WEP=y can be used
|
||||||
|
to enable it, if really needed)
|
||||||
|
* added a build option to remove TKIP support (CONFIG_NO_TKIP=y)
|
||||||
|
* added support for Transition Disable mechanism to allow the AP to
|
||||||
|
automatically disable transition mode to improve security
|
||||||
|
* extended D-Bus interface
|
||||||
|
* added support for PASN
|
||||||
|
* added a file-based backend for external password storage to allow
|
||||||
|
secret information to be moved away from the main configuration file
|
||||||
|
without requiring external tools
|
||||||
|
* added EAP-TLS peer support for TLS 1.3 (disabled by default for now)
|
||||||
|
* added support for SCS, MSCS, DSCP policy
|
||||||
|
* changed driver interface selection to default to automatic fallback
|
||||||
|
to other compiled in options
|
||||||
|
* a large number of other fixes, cleanup, and extensions
|
||||||
|
|
||||||
2019-08-07 - v2.9
|
2019-08-07 - v2.9
|
||||||
* SAE changes
|
* SAE changes
|
||||||
- disable use of groups using Brainpool curves
|
- disable use of groups using Brainpool curves
|
||||||
|
|
|
@ -1,7 +1,7 @@
|
||||||
wpa_supplicant
|
wpa_supplicant
|
||||||
==============
|
==============
|
||||||
|
|
||||||
Copyright (c) 2003-2019, Jouni Malinen <j@w1.fi> and contributors
|
Copyright (c) 2003-2022, Jouni Malinen <j@w1.fi> and contributors
|
||||||
All Rights Reserved.
|
All Rights Reserved.
|
||||||
|
|
||||||
This program is licensed under the BSD license (the one with
|
This program is licensed under the BSD license (the one with
|
||||||
|
|
|
@ -1,16 +0,0 @@
|
||||||
/*
|
|
||||||
* binder interface for wpa_supplicant daemon
|
|
||||||
* Copyright (c) 2004-2016, Jouni Malinen <j@w1.fi>
|
|
||||||
* Copyright (c) 2004-2016, Roshan Pius <rpius@google.com>
|
|
||||||
*
|
|
||||||
* This software may be distributed under the terms of the BSD license.
|
|
||||||
* See README for more details.
|
|
||||||
*/
|
|
||||||
|
|
||||||
package fi.w1.wpa_supplicant;
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Interface exposed by wpa_supplicant for each network interface it controls.
|
|
||||||
*/
|
|
||||||
interface IIface {
|
|
||||||
}
|
|
|
@ -1,59 +0,0 @@
|
||||||
/*
|
|
||||||
* WPA Supplicant - binder interface for wpa_supplicant daemon
|
|
||||||
* Copyright (c) 2004-2016, Jouni Malinen <j@w1.fi>
|
|
||||||
* Copyright (c) 2004-2016, Roshan Pius <rpius@google.com>
|
|
||||||
*
|
|
||||||
* This software may be distributed under the terms of the BSD license.
|
|
||||||
* See README for more details.
|
|
||||||
*/
|
|
||||||
|
|
||||||
package fi.w1.wpa_supplicant;
|
|
||||||
|
|
||||||
import android.os.PersistableBundle;
|
|
||||||
import fi.w1.wpa_supplicant.IIface;
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Interface exposed by the wpa_supplicant binder service registered
|
|
||||||
* with the service manager with name: fi.w1.wpa_supplicant.
|
|
||||||
*/
|
|
||||||
interface ISupplicant {
|
|
||||||
/* Error values returned by the service to RPC method calls. */
|
|
||||||
const int ERROR_INVALID_ARGS = 1;
|
|
||||||
const int ERROR_UNKNOWN = 2;
|
|
||||||
const int ERROR_IFACE_EXISTS = 3;
|
|
||||||
const int ERROR_IFACE_UNKNOWN = 4;
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Registers a wireless interface in wpa_supplicant.
|
|
||||||
*
|
|
||||||
* @param args A dictionary with arguments used to add the interface to
|
|
||||||
* wpa_supplicant.
|
|
||||||
* The dictionary may contain the following entries:
|
|
||||||
* Ifname(String) Name of the network interface to control, e.g.,
|
|
||||||
* wlan0.
|
|
||||||
* BridgeIfname(String) Name of the bridge interface to control, e.g.,
|
|
||||||
* br0.
|
|
||||||
* Driver(String) Driver name which the interface uses, e.g., nl80211.
|
|
||||||
* ConfigFile(String) Configuration file path.
|
|
||||||
*
|
|
||||||
* @return Binder object representing the interface.
|
|
||||||
*/
|
|
||||||
IIface CreateInterface(in PersistableBundle args);
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Deregisters a wireless interface from wpa_supplicant.
|
|
||||||
*
|
|
||||||
* @param ifname Name of the network interface, e.g., wlan0
|
|
||||||
*/
|
|
||||||
void RemoveInterface(in @utf8InCpp String ifname);
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Gets a binder object for the interface corresponding to ifname
|
|
||||||
* which wpa_supplicant already controls.
|
|
||||||
*
|
|
||||||
* @param ifname Name of the network interface, e.g., wlan0
|
|
||||||
*
|
|
||||||
* @return Binder object representing the interface.
|
|
||||||
*/
|
|
||||||
IIface GetInterface(in @utf8InCpp String ifname);
|
|
||||||
}
|
|
|
@ -1,20 +0,0 @@
|
||||||
/*
|
|
||||||
* binder interface for wpa_supplicant daemon
|
|
||||||
* Copyright (c) 2004-2016, Jouni Malinen <j@w1.fi>
|
|
||||||
* Copyright (c) 2004-2016, Roshan Pius <rpius@google.com>
|
|
||||||
*
|
|
||||||
* This software may be distributed under the terms of the BSD license.
|
|
||||||
* See README for more details.
|
|
||||||
*/
|
|
||||||
|
|
||||||
package fi.w1.wpa_supplicant;
|
|
||||||
|
|
||||||
import android.os.PersistableBundle;
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Callback Interface exposed by the wpa_supplicant service. Clients need
|
|
||||||
* to host an instance of this binder object and pass a reference of the object
|
|
||||||
* to wpa_supplicant via the registerCallbacksObject method.
|
|
||||||
*/
|
|
||||||
interface ISupplicantCallbacks {
|
|
||||||
}
|
|
|
@ -1780,6 +1780,7 @@ DBusMessage * wpas_dbus_handler_remove_all_creds(DBusMessage *message,
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
#ifdef CONFIG_INTERWORKING
|
||||||
DBusMessage *
|
DBusMessage *
|
||||||
wpas_dbus_handler_interworking_select(DBusMessage *message,
|
wpas_dbus_handler_interworking_select(DBusMessage *message,
|
||||||
struct wpa_supplicant *wpa_s)
|
struct wpa_supplicant *wpa_s)
|
||||||
|
@ -1800,6 +1801,7 @@ wpas_dbus_handler_interworking_select(DBusMessage *message,
|
||||||
|
|
||||||
return reply;
|
return reply;
|
||||||
}
|
}
|
||||||
|
#endif /* CONFIG_INTERWORKING */
|
||||||
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
|
|
@ -198,7 +198,7 @@ eapol_test -ctest.conf -a127.0.0.1 -p1812 -ssecret -r1
|
||||||
</refsect1>
|
</refsect1>
|
||||||
<refsect1>
|
<refsect1>
|
||||||
<title>Legal</title>
|
<title>Legal</title>
|
||||||
<para>wpa_supplicant is copyright (c) 2003-2019,
|
<para>wpa_supplicant is copyright (c) 2003-2022,
|
||||||
Jouni Malinen <email>j@w1.fi</email> and
|
Jouni Malinen <email>j@w1.fi</email> and
|
||||||
contributors.
|
contributors.
|
||||||
All Rights Reserved.</para>
|
All Rights Reserved.</para>
|
||||||
|
|
|
@ -94,7 +94,7 @@
|
||||||
|
|
||||||
<refsect1>
|
<refsect1>
|
||||||
<title>Legal</title>
|
<title>Legal</title>
|
||||||
<para>wpa_supplicant is copyright (c) 2003-2019,
|
<para>wpa_supplicant is copyright (c) 2003-2022,
|
||||||
Jouni Malinen <email>j@w1.fi</email> and
|
Jouni Malinen <email>j@w1.fi</email> and
|
||||||
contributors.
|
contributors.
|
||||||
All Rights Reserved.</para>
|
All Rights Reserved.</para>
|
||||||
|
|
|
@ -349,7 +349,7 @@ CTRL-REQ-OTP-2:Challenge 1235663 needed for SSID foobar
|
||||||
</refsect1>
|
</refsect1>
|
||||||
<refsect1>
|
<refsect1>
|
||||||
<title>Legal</title>
|
<title>Legal</title>
|
||||||
<para>wpa_supplicant is copyright (c) 2003-2019,
|
<para>wpa_supplicant is copyright (c) 2003-2022,
|
||||||
Jouni Malinen <email>j@w1.fi</email> and
|
Jouni Malinen <email>j@w1.fi</email> and
|
||||||
contributors.
|
contributors.
|
||||||
All Rights Reserved.</para>
|
All Rights Reserved.</para>
|
||||||
|
|
|
@ -95,7 +95,7 @@
|
||||||
</refsect1>
|
</refsect1>
|
||||||
<refsect1>
|
<refsect1>
|
||||||
<title>Legal</title>
|
<title>Legal</title>
|
||||||
<para>wpa_supplicant is copyright (c) 2003-2019,
|
<para>wpa_supplicant is copyright (c) 2003-2022,
|
||||||
Jouni Malinen <email>j@w1.fi</email> and
|
Jouni Malinen <email>j@w1.fi</email> and
|
||||||
contributors.
|
contributors.
|
||||||
All Rights Reserved.</para>
|
All Rights Reserved.</para>
|
||||||
|
|
|
@ -66,7 +66,7 @@
|
||||||
</refsect1>
|
</refsect1>
|
||||||
<refsect1>
|
<refsect1>
|
||||||
<title>Legal</title>
|
<title>Legal</title>
|
||||||
<para>wpa_supplicant is copyright (c) 2003-2019,
|
<para>wpa_supplicant is copyright (c) 2003-2022,
|
||||||
Jouni Malinen <email>j@w1.fi</email> and
|
Jouni Malinen <email>j@w1.fi</email> and
|
||||||
contributors.
|
contributors.
|
||||||
All Rights Reserved.</para>
|
All Rights Reserved.</para>
|
||||||
|
|
|
@ -141,7 +141,7 @@ wpa_supplicant -i ath0 -c wpa_supplicant.conf
|
||||||
</refsect1>
|
</refsect1>
|
||||||
<refsect1>
|
<refsect1>
|
||||||
<title>Legal</title>
|
<title>Legal</title>
|
||||||
<para>wpa_supplicant is copyright (c) 2003-2019,
|
<para>wpa_supplicant is copyright (c) 2003-2022,
|
||||||
Jouni Malinen <email>j@w1.fi</email> and
|
Jouni Malinen <email>j@w1.fi</email> and
|
||||||
contributors.
|
contributors.
|
||||||
All Rights Reserved.</para>
|
All Rights Reserved.</para>
|
||||||
|
|
|
@ -753,7 +753,7 @@ fi
|
||||||
</refsect1>
|
</refsect1>
|
||||||
<refsect1>
|
<refsect1>
|
||||||
<title>Legal</title>
|
<title>Legal</title>
|
||||||
<para>wpa_supplicant is copyright (c) 2003-2019,
|
<para>wpa_supplicant is copyright (c) 2003-2022,
|
||||||
Jouni Malinen <email>j@w1.fi</email> and
|
Jouni Malinen <email>j@w1.fi</email> and
|
||||||
contributors.
|
contributors.
|
||||||
All Rights Reserved.</para>
|
All Rights Reserved.</para>
|
||||||
|
|
|
@ -946,6 +946,9 @@ static void sme_auth_start_cb(struct wpa_radio_work *work, int deinit)
|
||||||
struct wpa_supplicant *wpa_s = work->wpa_s;
|
struct wpa_supplicant *wpa_s = work->wpa_s;
|
||||||
|
|
||||||
wpa_s->roam_in_progress = false;
|
wpa_s->roam_in_progress = false;
|
||||||
|
#ifdef CONFIG_WNM
|
||||||
|
wpa_s->bss_trans_mgmt_in_progress = false;
|
||||||
|
#endif /* CONFIG_WNM */
|
||||||
|
|
||||||
if (deinit) {
|
if (deinit) {
|
||||||
if (work->started)
|
if (work->started)
|
||||||
|
@ -992,6 +995,13 @@ void sme_authenticate(struct wpa_supplicant *wpa_s,
|
||||||
"SME: Reject sme_authenticate() in favor of explicit roam request");
|
"SME: Reject sme_authenticate() in favor of explicit roam request");
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
#ifdef CONFIG_WNM
|
||||||
|
if (wpa_s->bss_trans_mgmt_in_progress) {
|
||||||
|
wpa_dbg(wpa_s, MSG_DEBUG,
|
||||||
|
"SME: Reject sme_authenticate() in favor of BSS transition management request");
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
#endif /* CONFIG_WNM */
|
||||||
if (radio_work_pending(wpa_s, "sme-connect")) {
|
if (radio_work_pending(wpa_s, "sme-connect")) {
|
||||||
/*
|
/*
|
||||||
* The previous sme-connect work might no longer be valid due to
|
* The previous sme-connect work might no longer be valid due to
|
||||||
|
|
|
@ -1,477 +0,0 @@
|
||||||
<?xml version="1.0" encoding="Windows-1252"?>
|
|
||||||
<VisualStudioProject
|
|
||||||
ProjectType="Visual C++"
|
|
||||||
Version="8.00"
|
|
||||||
Name="eapol_test"
|
|
||||||
ProjectGUID="{0E3F2C6D-1372-48D6-BCAB-E584917C4DE3}"
|
|
||||||
RootNamespace="eapol_test"
|
|
||||||
Keyword="Win32Proj"
|
|
||||||
>
|
|
||||||
<Platforms>
|
|
||||||
<Platform
|
|
||||||
Name="Win32"
|
|
||||||
/>
|
|
||||||
</Platforms>
|
|
||||||
<ToolFiles>
|
|
||||||
</ToolFiles>
|
|
||||||
<Configurations>
|
|
||||||
<Configuration
|
|
||||||
Name="Debug|Win32"
|
|
||||||
OutputDirectory="$(SolutionDir)$(ConfigurationName)"
|
|
||||||
IntermediateDirectory="$(ConfigurationName)"
|
|
||||||
ConfigurationType="1"
|
|
||||||
CharacterSet="1"
|
|
||||||
>
|
|
||||||
<Tool
|
|
||||||
Name="VCPreBuildEventTool"
|
|
||||||
/>
|
|
||||||
<Tool
|
|
||||||
Name="VCCustomBuildTool"
|
|
||||||
/>
|
|
||||||
<Tool
|
|
||||||
Name="VCXMLDataGeneratorTool"
|
|
||||||
/>
|
|
||||||
<Tool
|
|
||||||
Name="VCWebServiceProxyGeneratorTool"
|
|
||||||
/>
|
|
||||||
<Tool
|
|
||||||
Name="VCMIDLTool"
|
|
||||||
/>
|
|
||||||
<Tool
|
|
||||||
Name="VCCLCompilerTool"
|
|
||||||
Optimization="0"
|
|
||||||
AdditionalIncludeDirectories="..\..;..\..\..\src;..\..\..\src\utils;C:\dev\WpdPack\include;C:\dev\openssl\include"
|
|
||||||
PreprocessorDefinitions="WIN32;_DEBUG;_CONSOLE;CONFIG_WIN32_DEFAULTS"
|
|
||||||
MinimalRebuild="true"
|
|
||||||
BasicRuntimeChecks="3"
|
|
||||||
RuntimeLibrary="3"
|
|
||||||
UsePrecompiledHeader="0"
|
|
||||||
WarningLevel="3"
|
|
||||||
Detect64BitPortabilityProblems="true"
|
|
||||||
DebugInformationFormat="4"
|
|
||||||
DisableSpecificWarnings="4244;4267;4311"
|
|
||||||
/>
|
|
||||||
<Tool
|
|
||||||
Name="VCManagedResourceCompilerTool"
|
|
||||||
/>
|
|
||||||
<Tool
|
|
||||||
Name="VCResourceCompilerTool"
|
|
||||||
/>
|
|
||||||
<Tool
|
|
||||||
Name="VCPreLinkEventTool"
|
|
||||||
/>
|
|
||||||
<Tool
|
|
||||||
Name="VCLinkerTool"
|
|
||||||
AdditionalDependencies="ws2_32.lib Crypt32.lib Winscard.lib Packet.lib wpcap.lib libeay32MT.lib ssleay32Mt.lib"
|
|
||||||
LinkIncremental="2"
|
|
||||||
AdditionalLibraryDirectories="C:\dev\WpdPack\lib;C:\dev\openssl\lib"
|
|
||||||
GenerateDebugInformation="true"
|
|
||||||
SubSystem="1"
|
|
||||||
TargetMachine="1"
|
|
||||||
/>
|
|
||||||
<Tool
|
|
||||||
Name="VCALinkTool"
|
|
||||||
/>
|
|
||||||
<Tool
|
|
||||||
Name="VCManifestTool"
|
|
||||||
/>
|
|
||||||
<Tool
|
|
||||||
Name="VCXDCMakeTool"
|
|
||||||
/>
|
|
||||||
<Tool
|
|
||||||
Name="VCBscMakeTool"
|
|
||||||
/>
|
|
||||||
<Tool
|
|
||||||
Name="VCFxCopTool"
|
|
||||||
/>
|
|
||||||
<Tool
|
|
||||||
Name="VCAppVerifierTool"
|
|
||||||
/>
|
|
||||||
<Tool
|
|
||||||
Name="VCWebDeploymentTool"
|
|
||||||
/>
|
|
||||||
<Tool
|
|
||||||
Name="VCPostBuildEventTool"
|
|
||||||
/>
|
|
||||||
</Configuration>
|
|
||||||
<Configuration
|
|
||||||
Name="Release|Win32"
|
|
||||||
OutputDirectory="$(SolutionDir)$(ConfigurationName)"
|
|
||||||
IntermediateDirectory="$(ConfigurationName)"
|
|
||||||
ConfigurationType="1"
|
|
||||||
CharacterSet="1"
|
|
||||||
WholeProgramOptimization="1"
|
|
||||||
>
|
|
||||||
<Tool
|
|
||||||
Name="VCPreBuildEventTool"
|
|
||||||
/>
|
|
||||||
<Tool
|
|
||||||
Name="VCCustomBuildTool"
|
|
||||||
/>
|
|
||||||
<Tool
|
|
||||||
Name="VCXMLDataGeneratorTool"
|
|
||||||
/>
|
|
||||||
<Tool
|
|
||||||
Name="VCWebServiceProxyGeneratorTool"
|
|
||||||
/>
|
|
||||||
<Tool
|
|
||||||
Name="VCMIDLTool"
|
|
||||||
/>
|
|
||||||
<Tool
|
|
||||||
Name="VCCLCompilerTool"
|
|
||||||
AdditionalIncludeDirectories="..\..;..\..\..\src;..\..\..\src\utils;C:\dev\WpdPack\include;C:\dev\openssl\include"
|
|
||||||
PreprocessorDefinitions="WIN32;NDEBUG;_CONSOLE;CONFIG_WIN32_DEFAULTS"
|
|
||||||
RuntimeLibrary="2"
|
|
||||||
UsePrecompiledHeader="0"
|
|
||||||
WarningLevel="3"
|
|
||||||
Detect64BitPortabilityProblems="true"
|
|
||||||
DebugInformationFormat="3"
|
|
||||||
DisableSpecificWarnings="4244;4267;4311"
|
|
||||||
/>
|
|
||||||
<Tool
|
|
||||||
Name="VCManagedResourceCompilerTool"
|
|
||||||
/>
|
|
||||||
<Tool
|
|
||||||
Name="VCResourceCompilerTool"
|
|
||||||
/>
|
|
||||||
<Tool
|
|
||||||
Name="VCPreLinkEventTool"
|
|
||||||
/>
|
|
||||||
<Tool
|
|
||||||
Name="VCLinkerTool"
|
|
||||||
AdditionalDependencies="ws2_32.lib Crypt32.lib Winscard.lib Packet.lib wpcap.lib libeay32MT.lib ssleay32Mt.lib"
|
|
||||||
LinkIncremental="1"
|
|
||||||
AdditionalLibraryDirectories="C:\dev\WpdPack\lib;C:\dev\openssl\lib"
|
|
||||||
GenerateDebugInformation="true"
|
|
||||||
SubSystem="1"
|
|
||||||
OptimizeReferences="2"
|
|
||||||
EnableCOMDATFolding="2"
|
|
||||||
TargetMachine="1"
|
|
||||||
/>
|
|
||||||
<Tool
|
|
||||||
Name="VCALinkTool"
|
|
||||||
/>
|
|
||||||
<Tool
|
|
||||||
Name="VCManifestTool"
|
|
||||||
/>
|
|
||||||
<Tool
|
|
||||||
Name="VCXDCMakeTool"
|
|
||||||
/>
|
|
||||||
<Tool
|
|
||||||
Name="VCBscMakeTool"
|
|
||||||
/>
|
|
||||||
<Tool
|
|
||||||
Name="VCFxCopTool"
|
|
||||||
/>
|
|
||||||
<Tool
|
|
||||||
Name="VCAppVerifierTool"
|
|
||||||
/>
|
|
||||||
<Tool
|
|
||||||
Name="VCWebDeploymentTool"
|
|
||||||
/>
|
|
||||||
<Tool
|
|
||||||
Name="VCPostBuildEventTool"
|
|
||||||
/>
|
|
||||||
</Configuration>
|
|
||||||
</Configurations>
|
|
||||||
<References>
|
|
||||||
</References>
|
|
||||||
<Files>
|
|
||||||
<Filter
|
|
||||||
Name="Source Files"
|
|
||||||
Filter="cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx"
|
|
||||||
UniqueIdentifier="{4FC737F1-C7A5-4376-A066-2A32D752A2FF}"
|
|
||||||
>
|
|
||||||
<File
|
|
||||||
RelativePath="..\..\..\src\crypto\aes-cbc.c"
|
|
||||||
>
|
|
||||||
</File>
|
|
||||||
<File
|
|
||||||
RelativePath="..\..\..\src\crypto\aes-ctr.c"
|
|
||||||
>
|
|
||||||
</File>
|
|
||||||
<File
|
|
||||||
RelativePath="..\..\..\src\crypto\aes-eax.c"
|
|
||||||
>
|
|
||||||
</File>
|
|
||||||
<File
|
|
||||||
RelativePath="..\..\..\src\crypto\aes-encblock.c"
|
|
||||||
>
|
|
||||||
</File>
|
|
||||||
<File
|
|
||||||
RelativePath="..\..\..\src\crypto\aes-omac1.c"
|
|
||||||
>
|
|
||||||
</File>
|
|
||||||
<File
|
|
||||||
RelativePath="..\..\..\src\crypto\aes-unwrap.c"
|
|
||||||
>
|
|
||||||
</File>
|
|
||||||
<File
|
|
||||||
RelativePath="..\..\..\src\crypto\aes-wrap.c"
|
|
||||||
>
|
|
||||||
</File>
|
|
||||||
<File
|
|
||||||
RelativePath="..\..\..\src\utils\base64.c"
|
|
||||||
>
|
|
||||||
</File>
|
|
||||||
<File
|
|
||||||
RelativePath="..\..\bssid_ignore.c"
|
|
||||||
>
|
|
||||||
</File>
|
|
||||||
<File
|
|
||||||
RelativePath="..\..\bss.c"
|
|
||||||
>
|
|
||||||
</File>
|
|
||||||
<File
|
|
||||||
RelativePath="..\..\..\src\eap_common\chap.c"
|
|
||||||
>
|
|
||||||
</File>
|
|
||||||
<File
|
|
||||||
RelativePath="..\..\..\src\utils\common.c"
|
|
||||||
>
|
|
||||||
</File>
|
|
||||||
<File
|
|
||||||
RelativePath="..\..\..\src\utils\config.c"
|
|
||||||
>
|
|
||||||
</File>
|
|
||||||
<File
|
|
||||||
RelativePath="..\..\config.c"
|
|
||||||
>
|
|
||||||
</File>
|
|
||||||
<File
|
|
||||||
RelativePath="..\..\config_file.c"
|
|
||||||
>
|
|
||||||
</File>
|
|
||||||
<File
|
|
||||||
RelativePath="..\..\..\src\crypto\crypto_openssl.c"
|
|
||||||
>
|
|
||||||
</File>
|
|
||||||
<File
|
|
||||||
RelativePath="..\..\ctrl_iface.c"
|
|
||||||
>
|
|
||||||
</File>
|
|
||||||
<File
|
|
||||||
RelativePath="..\..\ctrl_iface_named_pipe.c"
|
|
||||||
>
|
|
||||||
</File>
|
|
||||||
<File
|
|
||||||
RelativePath="..\..\..\src\drivers\driver_common.c"
|
|
||||||
>
|
|
||||||
</File>
|
|
||||||
<File
|
|
||||||
RelativePath="..\..\..\src\eap_peer\eap.c"
|
|
||||||
>
|
|
||||||
</File>
|
|
||||||
<File
|
|
||||||
RelativePath="..\..\..\src\eap_peer\eap_aka.c"
|
|
||||||
>
|
|
||||||
</File>
|
|
||||||
<File
|
|
||||||
RelativePath="..\..\..\src\eap_common\eap_common.c"
|
|
||||||
>
|
|
||||||
</File>
|
|
||||||
<File
|
|
||||||
RelativePath="..\..\..\src\eap_peer\eap_gtc.c"
|
|
||||||
>
|
|
||||||
</File>
|
|
||||||
<File
|
|
||||||
RelativePath="..\..\..\src\eap_peer\eap_leap.c"
|
|
||||||
>
|
|
||||||
</File>
|
|
||||||
<File
|
|
||||||
RelativePath="..\..\..\src\eap_peer\eap_md5.c"
|
|
||||||
>
|
|
||||||
</File>
|
|
||||||
<File
|
|
||||||
RelativePath="..\..\..\src\eap_peer\eap_methods.c"
|
|
||||||
>
|
|
||||||
</File>
|
|
||||||
<File
|
|
||||||
RelativePath="..\..\..\src\eap_peer\eap_mschapv2.c"
|
|
||||||
>
|
|
||||||
</File>
|
|
||||||
<File
|
|
||||||
RelativePath="..\..\..\src\eap_peer\eap_otp.c"
|
|
||||||
>
|
|
||||||
</File>
|
|
||||||
<File
|
|
||||||
RelativePath="..\..\..\src\eap_peer\eap_peap.c"
|
|
||||||
>
|
|
||||||
</File>
|
|
||||||
<File
|
|
||||||
RelativePath="..\..\..\src\eap_common\eap_peap_common.c"
|
|
||||||
>
|
|
||||||
</File>
|
|
||||||
<File
|
|
||||||
RelativePath="..\..\eap_register.c"
|
|
||||||
>
|
|
||||||
</File>
|
|
||||||
<File
|
|
||||||
RelativePath="..\..\..\src\eap_peer\eap_sim.c"
|
|
||||||
>
|
|
||||||
</File>
|
|
||||||
<File
|
|
||||||
RelativePath="..\..\..\src\eap_common\eap_sim_common.c"
|
|
||||||
>
|
|
||||||
</File>
|
|
||||||
<File
|
|
||||||
RelativePath="..\..\..\src\eap_peer\eap_tls.c"
|
|
||||||
>
|
|
||||||
</File>
|
|
||||||
<File
|
|
||||||
RelativePath="..\..\..\src\eap_peer\eap_tls_common.c"
|
|
||||||
>
|
|
||||||
</File>
|
|
||||||
<File
|
|
||||||
RelativePath="..\..\..\src\eap_peer\eap_tnc.c"
|
|
||||||
>
|
|
||||||
</File>
|
|
||||||
<File
|
|
||||||
RelativePath="..\..\..\src\eap_peer\eap_ttls.c"
|
|
||||||
>
|
|
||||||
</File>
|
|
||||||
<File
|
|
||||||
RelativePath="..\..\..\src\eapol_supp\eapol_supp_sm.c"
|
|
||||||
>
|
|
||||||
</File>
|
|
||||||
<File
|
|
||||||
RelativePath="..\..\eapol_test.c"
|
|
||||||
>
|
|
||||||
</File>
|
|
||||||
<File
|
|
||||||
RelativePath="..\..\..\src\utils\eloop_win.c"
|
|
||||||
>
|
|
||||||
</File>
|
|
||||||
<File
|
|
||||||
RelativePath="..\..\events.c"
|
|
||||||
>
|
|
||||||
</File>
|
|
||||||
<File
|
|
||||||
RelativePath="..\..\..\src\crypto\fips_prf_openssl.c"
|
|
||||||
>
|
|
||||||
</File>
|
|
||||||
<File
|
|
||||||
RelativePath="..\..\..\src\utils\ip_addr.c"
|
|
||||||
>
|
|
||||||
</File>
|
|
||||||
<File
|
|
||||||
RelativePath="..\..\..\src\l2_packet\l2_packet_winpcap.c"
|
|
||||||
>
|
|
||||||
</File>
|
|
||||||
<File
|
|
||||||
RelativePath="..\..\..\src\crypto\md5.c"
|
|
||||||
>
|
|
||||||
</File>
|
|
||||||
<File
|
|
||||||
RelativePath="..\..\..\src\crypto\ms_funcs.c"
|
|
||||||
>
|
|
||||||
</File>
|
|
||||||
<File
|
|
||||||
RelativePath="..\..\..\src\eap_peer\mschapv2.c"
|
|
||||||
>
|
|
||||||
</File>
|
|
||||||
<File
|
|
||||||
RelativePath="..\..\notify.c"
|
|
||||||
>
|
|
||||||
</File>
|
|
||||||
<File
|
|
||||||
RelativePath="..\..\..\src\utils\os_win32.c"
|
|
||||||
>
|
|
||||||
</File>
|
|
||||||
<File
|
|
||||||
RelativePath="..\..\..\src\utils\pcsc_funcs.c"
|
|
||||||
>
|
|
||||||
</File>
|
|
||||||
<File
|
|
||||||
RelativePath="..\..\..\src\rsn_supp\peerkey.c"
|
|
||||||
>
|
|
||||||
</File>
|
|
||||||
<File
|
|
||||||
RelativePath="..\..\..\src\rsn_supp\pmksa_cache.c"
|
|
||||||
>
|
|
||||||
</File>
|
|
||||||
<File
|
|
||||||
RelativePath="..\..\..\src\rsn_supp\preauth.c"
|
|
||||||
>
|
|
||||||
</File>
|
|
||||||
<File
|
|
||||||
RelativePath="..\..\..\src\radius\radius.c"
|
|
||||||
>
|
|
||||||
</File>
|
|
||||||
<File
|
|
||||||
RelativePath="..\..\..\src\radius\radius_client.c"
|
|
||||||
>
|
|
||||||
</File>
|
|
||||||
<File
|
|
||||||
RelativePath="..\..\scan.c"
|
|
||||||
>
|
|
||||||
</File>
|
|
||||||
<File
|
|
||||||
RelativePath="..\..\..\src\crypto\sha1.c"
|
|
||||||
>
|
|
||||||
</File>
|
|
||||||
<File
|
|
||||||
RelativePath="..\..\..\src\crypto\sha1-pbkdf2.c"
|
|
||||||
>
|
|
||||||
</File>
|
|
||||||
<File
|
|
||||||
RelativePath="..\..\..\src\crypto\sha1-prf.c"
|
|
||||||
>
|
|
||||||
</File>
|
|
||||||
<File
|
|
||||||
RelativePath="..\..\..\src\crypto\sha1-tlsprf.c"
|
|
||||||
>
|
|
||||||
</File>
|
|
||||||
<File
|
|
||||||
RelativePath="..\..\..\src\crypto\tls_openssl.c"
|
|
||||||
>
|
|
||||||
</File>
|
|
||||||
<File
|
|
||||||
RelativePath="..\..\..\src\eap_peer\tncc.c"
|
|
||||||
>
|
|
||||||
</File>
|
|
||||||
<File
|
|
||||||
RelativePath="..\..\..\src\rsn_supp\wpa.c"
|
|
||||||
>
|
|
||||||
</File>
|
|
||||||
<File
|
|
||||||
RelativePath="..\..\..\src\common\wpa_common.c"
|
|
||||||
>
|
|
||||||
</File>
|
|
||||||
<File
|
|
||||||
RelativePath="..\..\..\src\utils\wpa_debug.c"
|
|
||||||
>
|
|
||||||
</File>
|
|
||||||
<File
|
|
||||||
RelativePath="..\..\..\src\rsn_supp\wpa_ie.c"
|
|
||||||
>
|
|
||||||
</File>
|
|
||||||
<File
|
|
||||||
RelativePath="..\..\wpa_supplicant.c"
|
|
||||||
>
|
|
||||||
</File>
|
|
||||||
<File
|
|
||||||
RelativePath="..\..\..\src\utils\wpabuf.c"
|
|
||||||
>
|
|
||||||
</File>
|
|
||||||
<File
|
|
||||||
RelativePath="..\..\wpas_glue.c"
|
|
||||||
>
|
|
||||||
</File>
|
|
||||||
</Filter>
|
|
||||||
<Filter
|
|
||||||
Name="Header Files"
|
|
||||||
Filter="h;hpp;hxx;hm;inl;inc;xsd"
|
|
||||||
UniqueIdentifier="{93995380-89BD-4b04-88EB-625FBE52EBFB}"
|
|
||||||
>
|
|
||||||
</Filter>
|
|
||||||
<Filter
|
|
||||||
Name="Resource Files"
|
|
||||||
Filter="rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav"
|
|
||||||
UniqueIdentifier="{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}"
|
|
||||||
>
|
|
||||||
</Filter>
|
|
||||||
</Files>
|
|
||||||
<Globals>
|
|
||||||
</Globals>
|
|
||||||
</VisualStudioProject>
|
|
|
@ -1,215 +0,0 @@
|
||||||
<?xml version="1.0" encoding="Windows-1252"?>
|
|
||||||
<VisualStudioProject
|
|
||||||
ProjectType="Visual C++"
|
|
||||||
Version="8.00"
|
|
||||||
Name="wpa_cli"
|
|
||||||
ProjectGUID="{E3A7B181-22CC-4DA3-8410-6AD69879A9EC}"
|
|
||||||
RootNamespace="wpa_cli"
|
|
||||||
Keyword="Win32Proj"
|
|
||||||
>
|
|
||||||
<Platforms>
|
|
||||||
<Platform
|
|
||||||
Name="Win32"
|
|
||||||
/>
|
|
||||||
</Platforms>
|
|
||||||
<ToolFiles>
|
|
||||||
</ToolFiles>
|
|
||||||
<Configurations>
|
|
||||||
<Configuration
|
|
||||||
Name="Debug|Win32"
|
|
||||||
OutputDirectory="$(SolutionDir)$(ConfigurationName)"
|
|
||||||
IntermediateDirectory="$(ConfigurationName)"
|
|
||||||
ConfigurationType="1"
|
|
||||||
CharacterSet="0"
|
|
||||||
>
|
|
||||||
<Tool
|
|
||||||
Name="VCPreBuildEventTool"
|
|
||||||
/>
|
|
||||||
<Tool
|
|
||||||
Name="VCCustomBuildTool"
|
|
||||||
/>
|
|
||||||
<Tool
|
|
||||||
Name="VCXMLDataGeneratorTool"
|
|
||||||
/>
|
|
||||||
<Tool
|
|
||||||
Name="VCWebServiceProxyGeneratorTool"
|
|
||||||
/>
|
|
||||||
<Tool
|
|
||||||
Name="VCMIDLTool"
|
|
||||||
/>
|
|
||||||
<Tool
|
|
||||||
Name="VCCLCompilerTool"
|
|
||||||
Optimization="0"
|
|
||||||
AdditionalIncludeDirectories="..\..\..\src;..\..\..\src\utils"
|
|
||||||
PreprocessorDefinitions="WIN32;_DEBUG;_CONSOLE;CONFIG_WIN32_DEFAULTS"
|
|
||||||
MinimalRebuild="true"
|
|
||||||
BasicRuntimeChecks="3"
|
|
||||||
RuntimeLibrary="3"
|
|
||||||
UsePrecompiledHeader="0"
|
|
||||||
WarningLevel="3"
|
|
||||||
Detect64BitPortabilityProblems="true"
|
|
||||||
DebugInformationFormat="4"
|
|
||||||
DisableSpecificWarnings="4244;4267"
|
|
||||||
/>
|
|
||||||
<Tool
|
|
||||||
Name="VCManagedResourceCompilerTool"
|
|
||||||
/>
|
|
||||||
<Tool
|
|
||||||
Name="VCResourceCompilerTool"
|
|
||||||
/>
|
|
||||||
<Tool
|
|
||||||
Name="VCPreLinkEventTool"
|
|
||||||
/>
|
|
||||||
<Tool
|
|
||||||
Name="VCLinkerTool"
|
|
||||||
AdditionalDependencies="ws2_32.lib"
|
|
||||||
LinkIncremental="2"
|
|
||||||
GenerateDebugInformation="true"
|
|
||||||
SubSystem="1"
|
|
||||||
TargetMachine="1"
|
|
||||||
/>
|
|
||||||
<Tool
|
|
||||||
Name="VCALinkTool"
|
|
||||||
/>
|
|
||||||
<Tool
|
|
||||||
Name="VCManifestTool"
|
|
||||||
/>
|
|
||||||
<Tool
|
|
||||||
Name="VCXDCMakeTool"
|
|
||||||
/>
|
|
||||||
<Tool
|
|
||||||
Name="VCBscMakeTool"
|
|
||||||
/>
|
|
||||||
<Tool
|
|
||||||
Name="VCFxCopTool"
|
|
||||||
/>
|
|
||||||
<Tool
|
|
||||||
Name="VCAppVerifierTool"
|
|
||||||
/>
|
|
||||||
<Tool
|
|
||||||
Name="VCWebDeploymentTool"
|
|
||||||
/>
|
|
||||||
<Tool
|
|
||||||
Name="VCPostBuildEventTool"
|
|
||||||
/>
|
|
||||||
</Configuration>
|
|
||||||
<Configuration
|
|
||||||
Name="Release|Win32"
|
|
||||||
OutputDirectory="$(SolutionDir)$(ConfigurationName)"
|
|
||||||
IntermediateDirectory="$(ConfigurationName)"
|
|
||||||
ConfigurationType="1"
|
|
||||||
CharacterSet="0"
|
|
||||||
WholeProgramOptimization="1"
|
|
||||||
>
|
|
||||||
<Tool
|
|
||||||
Name="VCPreBuildEventTool"
|
|
||||||
/>
|
|
||||||
<Tool
|
|
||||||
Name="VCCustomBuildTool"
|
|
||||||
/>
|
|
||||||
<Tool
|
|
||||||
Name="VCXMLDataGeneratorTool"
|
|
||||||
/>
|
|
||||||
<Tool
|
|
||||||
Name="VCWebServiceProxyGeneratorTool"
|
|
||||||
/>
|
|
||||||
<Tool
|
|
||||||
Name="VCMIDLTool"
|
|
||||||
/>
|
|
||||||
<Tool
|
|
||||||
Name="VCCLCompilerTool"
|
|
||||||
AdditionalIncludeDirectories="..\..\..\src;..\..\..\src\utils"
|
|
||||||
PreprocessorDefinitions="WIN32;NDEBUG;_CONSOLE;CONFIG_WIN32_DEFAULTS"
|
|
||||||
RuntimeLibrary="2"
|
|
||||||
UsePrecompiledHeader="0"
|
|
||||||
WarningLevel="3"
|
|
||||||
Detect64BitPortabilityProblems="true"
|
|
||||||
DebugInformationFormat="3"
|
|
||||||
DisableSpecificWarnings="4244;4267"
|
|
||||||
/>
|
|
||||||
<Tool
|
|
||||||
Name="VCManagedResourceCompilerTool"
|
|
||||||
/>
|
|
||||||
<Tool
|
|
||||||
Name="VCResourceCompilerTool"
|
|
||||||
/>
|
|
||||||
<Tool
|
|
||||||
Name="VCPreLinkEventTool"
|
|
||||||
/>
|
|
||||||
<Tool
|
|
||||||
Name="VCLinkerTool"
|
|
||||||
AdditionalDependencies="ws2_32.lib"
|
|
||||||
LinkIncremental="1"
|
|
||||||
GenerateDebugInformation="true"
|
|
||||||
SubSystem="1"
|
|
||||||
OptimizeReferences="2"
|
|
||||||
EnableCOMDATFolding="2"
|
|
||||||
TargetMachine="1"
|
|
||||||
/>
|
|
||||||
<Tool
|
|
||||||
Name="VCALinkTool"
|
|
||||||
/>
|
|
||||||
<Tool
|
|
||||||
Name="VCManifestTool"
|
|
||||||
/>
|
|
||||||
<Tool
|
|
||||||
Name="VCXDCMakeTool"
|
|
||||||
/>
|
|
||||||
<Tool
|
|
||||||
Name="VCBscMakeTool"
|
|
||||||
/>
|
|
||||||
<Tool
|
|
||||||
Name="VCFxCopTool"
|
|
||||||
/>
|
|
||||||
<Tool
|
|
||||||
Name="VCAppVerifierTool"
|
|
||||||
/>
|
|
||||||
<Tool
|
|
||||||
Name="VCWebDeploymentTool"
|
|
||||||
/>
|
|
||||||
<Tool
|
|
||||||
Name="VCPostBuildEventTool"
|
|
||||||
/>
|
|
||||||
</Configuration>
|
|
||||||
</Configurations>
|
|
||||||
<References>
|
|
||||||
</References>
|
|
||||||
<Files>
|
|
||||||
<Filter
|
|
||||||
Name="Source Files"
|
|
||||||
Filter="cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx"
|
|
||||||
UniqueIdentifier="{4FC737F1-C7A5-4376-A066-2A32D752A2FF}"
|
|
||||||
>
|
|
||||||
<File
|
|
||||||
RelativePath="..\..\..\src\utils\common.c"
|
|
||||||
>
|
|
||||||
</File>
|
|
||||||
<File
|
|
||||||
RelativePath="..\..\..\src\utils\os_win32.c"
|
|
||||||
>
|
|
||||||
</File>
|
|
||||||
<File
|
|
||||||
RelativePath="..\..\wpa_cli.c"
|
|
||||||
>
|
|
||||||
</File>
|
|
||||||
<File
|
|
||||||
RelativePath="..\..\..\src\common\wpa_ctrl.c"
|
|
||||||
>
|
|
||||||
</File>
|
|
||||||
</Filter>
|
|
||||||
<Filter
|
|
||||||
Name="Header Files"
|
|
||||||
Filter="h;hpp;hxx;hm;inl;inc;xsd"
|
|
||||||
UniqueIdentifier="{93995380-89BD-4b04-88EB-625FBE52EBFB}"
|
|
||||||
>
|
|
||||||
</Filter>
|
|
||||||
<Filter
|
|
||||||
Name="Resource Files"
|
|
||||||
Filter="rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav"
|
|
||||||
UniqueIdentifier="{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}"
|
|
||||||
>
|
|
||||||
</Filter>
|
|
||||||
</Files>
|
|
||||||
<Globals>
|
|
||||||
</Globals>
|
|
||||||
</VisualStudioProject>
|
|
|
@ -1,236 +0,0 @@
|
||||||
<?xml version="1.0" encoding="Windows-1252"?>
|
|
||||||
<VisualStudioProject
|
|
||||||
ProjectType="Visual C++"
|
|
||||||
Version="8.00"
|
|
||||||
Name="wpa_passphrase"
|
|
||||||
ProjectGUID="{ADBE4EA8-F0C5-40C2-AE89-C56D0F2EC1DF}"
|
|
||||||
RootNamespace="wpa_passphrase"
|
|
||||||
Keyword="Win32Proj"
|
|
||||||
>
|
|
||||||
<Platforms>
|
|
||||||
<Platform
|
|
||||||
Name="Win32"
|
|
||||||
/>
|
|
||||||
</Platforms>
|
|
||||||
<ToolFiles>
|
|
||||||
</ToolFiles>
|
|
||||||
<Configurations>
|
|
||||||
<Configuration
|
|
||||||
Name="Debug|Win32"
|
|
||||||
OutputDirectory="$(SolutionDir)$(ConfigurationName)"
|
|
||||||
IntermediateDirectory="$(ConfigurationName)"
|
|
||||||
ConfigurationType="1"
|
|
||||||
CharacterSet="0"
|
|
||||||
>
|
|
||||||
<Tool
|
|
||||||
Name="VCPreBuildEventTool"
|
|
||||||
/>
|
|
||||||
<Tool
|
|
||||||
Name="VCCustomBuildTool"
|
|
||||||
/>
|
|
||||||
<Tool
|
|
||||||
Name="VCXMLDataGeneratorTool"
|
|
||||||
/>
|
|
||||||
<Tool
|
|
||||||
Name="VCWebServiceProxyGeneratorTool"
|
|
||||||
/>
|
|
||||||
<Tool
|
|
||||||
Name="VCMIDLTool"
|
|
||||||
/>
|
|
||||||
<Tool
|
|
||||||
Name="VCCLCompilerTool"
|
|
||||||
Optimization="0"
|
|
||||||
AdditionalIncludeDirectories="..\..\..\src;..\..\..\src\utils;C:\dev\openssl\include"
|
|
||||||
PreprocessorDefinitions="WIN32;_DEBUG;_CONSOLE;CONFIG_WIN32_DEFAULTS"
|
|
||||||
MinimalRebuild="true"
|
|
||||||
BasicRuntimeChecks="3"
|
|
||||||
RuntimeLibrary="3"
|
|
||||||
UsePrecompiledHeader="0"
|
|
||||||
WarningLevel="3"
|
|
||||||
Detect64BitPortabilityProblems="true"
|
|
||||||
DebugInformationFormat="4"
|
|
||||||
DisableSpecificWarnings="4244;4267"
|
|
||||||
/>
|
|
||||||
<Tool
|
|
||||||
Name="VCManagedResourceCompilerTool"
|
|
||||||
/>
|
|
||||||
<Tool
|
|
||||||
Name="VCResourceCompilerTool"
|
|
||||||
/>
|
|
||||||
<Tool
|
|
||||||
Name="VCPreLinkEventTool"
|
|
||||||
/>
|
|
||||||
<Tool
|
|
||||||
Name="VCLinkerTool"
|
|
||||||
AdditionalDependencies="ws2_32.lib"
|
|
||||||
LinkIncremental="2"
|
|
||||||
AdditionalLibraryDirectories=""
|
|
||||||
GenerateDebugInformation="true"
|
|
||||||
SubSystem="1"
|
|
||||||
TargetMachine="1"
|
|
||||||
/>
|
|
||||||
<Tool
|
|
||||||
Name="VCALinkTool"
|
|
||||||
/>
|
|
||||||
<Tool
|
|
||||||
Name="VCManifestTool"
|
|
||||||
/>
|
|
||||||
<Tool
|
|
||||||
Name="VCXDCMakeTool"
|
|
||||||
/>
|
|
||||||
<Tool
|
|
||||||
Name="VCBscMakeTool"
|
|
||||||
/>
|
|
||||||
<Tool
|
|
||||||
Name="VCFxCopTool"
|
|
||||||
/>
|
|
||||||
<Tool
|
|
||||||
Name="VCAppVerifierTool"
|
|
||||||
/>
|
|
||||||
<Tool
|
|
||||||
Name="VCWebDeploymentTool"
|
|
||||||
/>
|
|
||||||
<Tool
|
|
||||||
Name="VCPostBuildEventTool"
|
|
||||||
/>
|
|
||||||
</Configuration>
|
|
||||||
<Configuration
|
|
||||||
Name="Release|Win32"
|
|
||||||
OutputDirectory="$(SolutionDir)$(ConfigurationName)"
|
|
||||||
IntermediateDirectory="$(ConfigurationName)"
|
|
||||||
ConfigurationType="1"
|
|
||||||
CharacterSet="0"
|
|
||||||
WholeProgramOptimization="1"
|
|
||||||
>
|
|
||||||
<Tool
|
|
||||||
Name="VCPreBuildEventTool"
|
|
||||||
/>
|
|
||||||
<Tool
|
|
||||||
Name="VCCustomBuildTool"
|
|
||||||
/>
|
|
||||||
<Tool
|
|
||||||
Name="VCXMLDataGeneratorTool"
|
|
||||||
/>
|
|
||||||
<Tool
|
|
||||||
Name="VCWebServiceProxyGeneratorTool"
|
|
||||||
/>
|
|
||||||
<Tool
|
|
||||||
Name="VCMIDLTool"
|
|
||||||
/>
|
|
||||||
<Tool
|
|
||||||
Name="VCCLCompilerTool"
|
|
||||||
AdditionalIncludeDirectories="..\..\..\src;..\..\..\src\utils;C:\dev\openssl\include"
|
|
||||||
PreprocessorDefinitions="WIN32;NDEBUG;_CONSOLE;CONFIG_WIN32_DEFAULTS"
|
|
||||||
RuntimeLibrary="2"
|
|
||||||
UsePrecompiledHeader="0"
|
|
||||||
WarningLevel="3"
|
|
||||||
Detect64BitPortabilityProblems="true"
|
|
||||||
DebugInformationFormat="3"
|
|
||||||
DisableSpecificWarnings="4244;4267"
|
|
||||||
/>
|
|
||||||
<Tool
|
|
||||||
Name="VCManagedResourceCompilerTool"
|
|
||||||
/>
|
|
||||||
<Tool
|
|
||||||
Name="VCResourceCompilerTool"
|
|
||||||
/>
|
|
||||||
<Tool
|
|
||||||
Name="VCPreLinkEventTool"
|
|
||||||
/>
|
|
||||||
<Tool
|
|
||||||
Name="VCLinkerTool"
|
|
||||||
AdditionalDependencies="ws2_32.lib"
|
|
||||||
LinkIncremental="1"
|
|
||||||
GenerateDebugInformation="true"
|
|
||||||
SubSystem="1"
|
|
||||||
OptimizeReferences="2"
|
|
||||||
EnableCOMDATFolding="2"
|
|
||||||
TargetMachine="1"
|
|
||||||
/>
|
|
||||||
<Tool
|
|
||||||
Name="VCALinkTool"
|
|
||||||
/>
|
|
||||||
<Tool
|
|
||||||
Name="VCManifestTool"
|
|
||||||
/>
|
|
||||||
<Tool
|
|
||||||
Name="VCXDCMakeTool"
|
|
||||||
/>
|
|
||||||
<Tool
|
|
||||||
Name="VCBscMakeTool"
|
|
||||||
/>
|
|
||||||
<Tool
|
|
||||||
Name="VCFxCopTool"
|
|
||||||
/>
|
|
||||||
<Tool
|
|
||||||
Name="VCAppVerifierTool"
|
|
||||||
/>
|
|
||||||
<Tool
|
|
||||||
Name="VCWebDeploymentTool"
|
|
||||||
/>
|
|
||||||
<Tool
|
|
||||||
Name="VCPostBuildEventTool"
|
|
||||||
/>
|
|
||||||
</Configuration>
|
|
||||||
</Configurations>
|
|
||||||
<References>
|
|
||||||
</References>
|
|
||||||
<Files>
|
|
||||||
<Filter
|
|
||||||
Name="Source Files"
|
|
||||||
Filter="cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx"
|
|
||||||
UniqueIdentifier="{4FC737F1-C7A5-4376-A066-2A32D752A2FF}"
|
|
||||||
>
|
|
||||||
<File
|
|
||||||
RelativePath="..\..\..\src\utils\common.c"
|
|
||||||
>
|
|
||||||
</File>
|
|
||||||
<File
|
|
||||||
RelativePath="..\..\..\src\crypto\md5.c"
|
|
||||||
>
|
|
||||||
</File>
|
|
||||||
<File
|
|
||||||
RelativePath="..\..\..\src\crypto\md5-internal.c"
|
|
||||||
>
|
|
||||||
</File>
|
|
||||||
<File
|
|
||||||
RelativePath="..\..\..\src\utils\os_win32.c"
|
|
||||||
>
|
|
||||||
</File>
|
|
||||||
<File
|
|
||||||
RelativePath="..\..\..\src\crypto\sha1.c"
|
|
||||||
>
|
|
||||||
</File>
|
|
||||||
<File
|
|
||||||
RelativePath="..\..\..\src\crypto\sha1-internal.c"
|
|
||||||
>
|
|
||||||
</File>
|
|
||||||
<File
|
|
||||||
RelativePath="..\..\..\src\crypto\sha1-prf.c"
|
|
||||||
>
|
|
||||||
</File>
|
|
||||||
<File
|
|
||||||
RelativePath="..\..\..\src\crypto\sha1-pbkdf2.c"
|
|
||||||
>
|
|
||||||
</File>
|
|
||||||
<File
|
|
||||||
RelativePath="..\..\wpa_passphrase.c"
|
|
||||||
>
|
|
||||||
</File>
|
|
||||||
</Filter>
|
|
||||||
<Filter
|
|
||||||
Name="Header Files"
|
|
||||||
Filter="h;hpp;hxx;hm;inl;inc;xsd"
|
|
||||||
UniqueIdentifier="{93995380-89BD-4b04-88EB-625FBE52EBFB}"
|
|
||||||
>
|
|
||||||
</Filter>
|
|
||||||
<Filter
|
|
||||||
Name="Resource Files"
|
|
||||||
Filter="rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav"
|
|
||||||
UniqueIdentifier="{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}"
|
|
||||||
>
|
|
||||||
</Filter>
|
|
||||||
</Files>
|
|
||||||
<Globals>
|
|
||||||
</Globals>
|
|
||||||
</VisualStudioProject>
|
|
|
@ -1,465 +0,0 @@
|
||||||
<?xml version="1.0" encoding="Windows-1252"?>
|
|
||||||
<VisualStudioProject
|
|
||||||
ProjectType="Visual C++"
|
|
||||||
Version="8.00"
|
|
||||||
Name="wpa_supplicant"
|
|
||||||
ProjectGUID="{8BCFDA77-AEDC-4168-8897-5B73105BBB87}"
|
|
||||||
RootNamespace="wpa_supplicant"
|
|
||||||
Keyword="Win32Proj"
|
|
||||||
>
|
|
||||||
<Platforms>
|
|
||||||
<Platform
|
|
||||||
Name="Win32"
|
|
||||||
/>
|
|
||||||
</Platforms>
|
|
||||||
<ToolFiles>
|
|
||||||
</ToolFiles>
|
|
||||||
<Configurations>
|
|
||||||
<Configuration
|
|
||||||
Name="Debug|Win32"
|
|
||||||
OutputDirectory="$(SolutionDir)$(ConfigurationName)"
|
|
||||||
IntermediateDirectory="$(ConfigurationName)"
|
|
||||||
ConfigurationType="1"
|
|
||||||
CharacterSet="0"
|
|
||||||
>
|
|
||||||
<Tool
|
|
||||||
Name="VCPreBuildEventTool"
|
|
||||||
/>
|
|
||||||
<Tool
|
|
||||||
Name="VCCustomBuildTool"
|
|
||||||
/>
|
|
||||||
<Tool
|
|
||||||
Name="VCXMLDataGeneratorTool"
|
|
||||||
/>
|
|
||||||
<Tool
|
|
||||||
Name="VCWebServiceProxyGeneratorTool"
|
|
||||||
/>
|
|
||||||
<Tool
|
|
||||||
Name="VCMIDLTool"
|
|
||||||
/>
|
|
||||||
<Tool
|
|
||||||
Name="VCCLCompilerTool"
|
|
||||||
Optimization="0"
|
|
||||||
AdditionalIncludeDirectories="..\..;..\..\..\src;..\..\..\src\utils;C:\dev\WpdPack\include;C:\dev\openssl\include"
|
|
||||||
PreprocessorDefinitions="WIN32;_DEBUG;_CONSOLE;CONFIG_WIN32_DEFAULTS"
|
|
||||||
MinimalRebuild="true"
|
|
||||||
BasicRuntimeChecks="3"
|
|
||||||
RuntimeLibrary="3"
|
|
||||||
UsePrecompiledHeader="0"
|
|
||||||
WarningLevel="3"
|
|
||||||
Detect64BitPortabilityProblems="true"
|
|
||||||
DebugInformationFormat="4"
|
|
||||||
DisableSpecificWarnings="4244;4267;4311"
|
|
||||||
/>
|
|
||||||
<Tool
|
|
||||||
Name="VCManagedResourceCompilerTool"
|
|
||||||
/>
|
|
||||||
<Tool
|
|
||||||
Name="VCResourceCompilerTool"
|
|
||||||
/>
|
|
||||||
<Tool
|
|
||||||
Name="VCPreLinkEventTool"
|
|
||||||
/>
|
|
||||||
<Tool
|
|
||||||
Name="VCLinkerTool"
|
|
||||||
AdditionalDependencies="wbemuuid.lib ws2_32.lib Crypt32.lib Winscard.lib Packet.lib wpcap.lib libeay32MT.lib ssleay32Mt.lib"
|
|
||||||
LinkIncremental="2"
|
|
||||||
AdditionalLibraryDirectories="C:\dev\WpdPack\lib;C:\dev\openssl\lib"
|
|
||||||
GenerateDebugInformation="true"
|
|
||||||
SubSystem="1"
|
|
||||||
TargetMachine="1"
|
|
||||||
/>
|
|
||||||
<Tool
|
|
||||||
Name="VCALinkTool"
|
|
||||||
/>
|
|
||||||
<Tool
|
|
||||||
Name="VCManifestTool"
|
|
||||||
/>
|
|
||||||
<Tool
|
|
||||||
Name="VCXDCMakeTool"
|
|
||||||
/>
|
|
||||||
<Tool
|
|
||||||
Name="VCBscMakeTool"
|
|
||||||
/>
|
|
||||||
<Tool
|
|
||||||
Name="VCFxCopTool"
|
|
||||||
/>
|
|
||||||
<Tool
|
|
||||||
Name="VCAppVerifierTool"
|
|
||||||
/>
|
|
||||||
<Tool
|
|
||||||
Name="VCWebDeploymentTool"
|
|
||||||
/>
|
|
||||||
<Tool
|
|
||||||
Name="VCPostBuildEventTool"
|
|
||||||
/>
|
|
||||||
</Configuration>
|
|
||||||
<Configuration
|
|
||||||
Name="Release|Win32"
|
|
||||||
OutputDirectory="$(SolutionDir)$(ConfigurationName)"
|
|
||||||
IntermediateDirectory="$(ConfigurationName)"
|
|
||||||
ConfigurationType="1"
|
|
||||||
CharacterSet="0"
|
|
||||||
WholeProgramOptimization="1"
|
|
||||||
>
|
|
||||||
<Tool
|
|
||||||
Name="VCPreBuildEventTool"
|
|
||||||
/>
|
|
||||||
<Tool
|
|
||||||
Name="VCCustomBuildTool"
|
|
||||||
/>
|
|
||||||
<Tool
|
|
||||||
Name="VCXMLDataGeneratorTool"
|
|
||||||
/>
|
|
||||||
<Tool
|
|
||||||
Name="VCWebServiceProxyGeneratorTool"
|
|
||||||
/>
|
|
||||||
<Tool
|
|
||||||
Name="VCMIDLTool"
|
|
||||||
/>
|
|
||||||
<Tool
|
|
||||||
Name="VCCLCompilerTool"
|
|
||||||
AdditionalIncludeDirectories="..\..;..\..\..\src;..\..\..\src\utils;C:\dev\WpdPack\include;C:\dev\openssl\include"
|
|
||||||
PreprocessorDefinitions="WIN32;NDEBUG;_CONSOLE;CONFIG_WIN32_DEFAULTS"
|
|
||||||
RuntimeLibrary="2"
|
|
||||||
UsePrecompiledHeader="0"
|
|
||||||
WarningLevel="3"
|
|
||||||
Detect64BitPortabilityProblems="true"
|
|
||||||
DebugInformationFormat="3"
|
|
||||||
DisableSpecificWarnings="4244;4267;4311"
|
|
||||||
/>
|
|
||||||
<Tool
|
|
||||||
Name="VCManagedResourceCompilerTool"
|
|
||||||
/>
|
|
||||||
<Tool
|
|
||||||
Name="VCResourceCompilerTool"
|
|
||||||
/>
|
|
||||||
<Tool
|
|
||||||
Name="VCPreLinkEventTool"
|
|
||||||
/>
|
|
||||||
<Tool
|
|
||||||
Name="VCLinkerTool"
|
|
||||||
AdditionalDependencies="wbemuuid.lib ws2_32.lib Crypt32.lib Winscard.lib Packet.lib wpcap.lib libeay32MT.lib ssleay32Mt.lib"
|
|
||||||
LinkIncremental="1"
|
|
||||||
AdditionalLibraryDirectories="C:\dev\WpdPack\lib;C:\dev\openssl\lib"
|
|
||||||
GenerateDebugInformation="true"
|
|
||||||
SubSystem="1"
|
|
||||||
OptimizeReferences="2"
|
|
||||||
EnableCOMDATFolding="2"
|
|
||||||
TargetMachine="1"
|
|
||||||
/>
|
|
||||||
<Tool
|
|
||||||
Name="VCALinkTool"
|
|
||||||
/>
|
|
||||||
<Tool
|
|
||||||
Name="VCManifestTool"
|
|
||||||
/>
|
|
||||||
<Tool
|
|
||||||
Name="VCXDCMakeTool"
|
|
||||||
/>
|
|
||||||
<Tool
|
|
||||||
Name="VCBscMakeTool"
|
|
||||||
/>
|
|
||||||
<Tool
|
|
||||||
Name="VCFxCopTool"
|
|
||||||
/>
|
|
||||||
<Tool
|
|
||||||
Name="VCAppVerifierTool"
|
|
||||||
/>
|
|
||||||
<Tool
|
|
||||||
Name="VCWebDeploymentTool"
|
|
||||||
/>
|
|
||||||
<Tool
|
|
||||||
Name="VCPostBuildEventTool"
|
|
||||||
/>
|
|
||||||
</Configuration>
|
|
||||||
</Configurations>
|
|
||||||
<References>
|
|
||||||
</References>
|
|
||||||
<Files>
|
|
||||||
<Filter
|
|
||||||
Name="Source Files"
|
|
||||||
Filter="cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx"
|
|
||||||
UniqueIdentifier="{4FC737F1-C7A5-4376-A066-2A32D752A2FF}"
|
|
||||||
>
|
|
||||||
<File
|
|
||||||
RelativePath="..\..\..\src\crypto\aes-cbc.c"
|
|
||||||
>
|
|
||||||
</File>
|
|
||||||
<File
|
|
||||||
RelativePath="..\..\..\src\crypto\aes-ctr.c"
|
|
||||||
>
|
|
||||||
</File>
|
|
||||||
<File
|
|
||||||
RelativePath="..\..\..\src\crypto\aes-eax.c"
|
|
||||||
>
|
|
||||||
</File>
|
|
||||||
<File
|
|
||||||
RelativePath="..\..\..\src\crypto\aes-encblock.c"
|
|
||||||
>
|
|
||||||
</File>
|
|
||||||
<File
|
|
||||||
RelativePath="..\..\..\src\crypto\aes-omac1.c"
|
|
||||||
>
|
|
||||||
</File>
|
|
||||||
<File
|
|
||||||
RelativePath="..\..\..\src\crypto\aes-unwrap.c"
|
|
||||||
>
|
|
||||||
</File>
|
|
||||||
<File
|
|
||||||
RelativePath="..\..\..\src\crypto\aes-wrap.c"
|
|
||||||
>
|
|
||||||
</File>
|
|
||||||
<File
|
|
||||||
RelativePath="..\..\..\src\utils\base64.c"
|
|
||||||
>
|
|
||||||
</File>
|
|
||||||
<File
|
|
||||||
RelativePath="..\..\bssid_ignore.c"
|
|
||||||
>
|
|
||||||
</File>
|
|
||||||
<File
|
|
||||||
RelativePath="..\..\bss.c"
|
|
||||||
>
|
|
||||||
</File>
|
|
||||||
<File
|
|
||||||
RelativePath="..\..\..\src\eap_common\chap.c"
|
|
||||||
>
|
|
||||||
</File>
|
|
||||||
<File
|
|
||||||
RelativePath="..\..\..\src\utils\common.c"
|
|
||||||
>
|
|
||||||
</File>
|
|
||||||
<File
|
|
||||||
RelativePath="..\..\..\src\utils\config.c"
|
|
||||||
>
|
|
||||||
</File>
|
|
||||||
<File
|
|
||||||
RelativePath="..\..\config.c"
|
|
||||||
>
|
|
||||||
</File>
|
|
||||||
<File
|
|
||||||
RelativePath="..\..\config_file.c"
|
|
||||||
>
|
|
||||||
</File>
|
|
||||||
<File
|
|
||||||
RelativePath="..\..\..\src\crypto\crypto_openssl.c"
|
|
||||||
>
|
|
||||||
</File>
|
|
||||||
<File
|
|
||||||
RelativePath="..\..\ctrl_iface.c"
|
|
||||||
>
|
|
||||||
</File>
|
|
||||||
<File
|
|
||||||
RelativePath="..\..\ctrl_iface_named_pipe.c"
|
|
||||||
>
|
|
||||||
</File>
|
|
||||||
<File
|
|
||||||
RelativePath="..\..\..\src\drivers\driver_common.c"
|
|
||||||
>
|
|
||||||
</File>
|
|
||||||
<File
|
|
||||||
RelativePath="..\..\..\src\drivers\driver_ndis.c"
|
|
||||||
>
|
|
||||||
</File>
|
|
||||||
<File
|
|
||||||
RelativePath="..\..\..\src\drivers\driver_ndis_.c"
|
|
||||||
>
|
|
||||||
</File>
|
|
||||||
<File
|
|
||||||
RelativePath="..\..\..\src\drivers\drivers.c"
|
|
||||||
>
|
|
||||||
</File>
|
|
||||||
<File
|
|
||||||
RelativePath="..\..\..\src\eap_peer\eap.c"
|
|
||||||
>
|
|
||||||
</File>
|
|
||||||
<File
|
|
||||||
RelativePath="..\..\..\src\eap_common\eap_common.c"
|
|
||||||
>
|
|
||||||
</File>
|
|
||||||
<File
|
|
||||||
RelativePath="..\..\..\src\eap_peer\eap_gtc.c"
|
|
||||||
>
|
|
||||||
</File>
|
|
||||||
<File
|
|
||||||
RelativePath="..\..\..\src\eap_peer\eap_leap.c"
|
|
||||||
>
|
|
||||||
</File>
|
|
||||||
<File
|
|
||||||
RelativePath="..\..\..\src\eap_peer\eap_md5.c"
|
|
||||||
>
|
|
||||||
</File>
|
|
||||||
<File
|
|
||||||
RelativePath="..\..\..\src\eap_peer\eap_methods.c"
|
|
||||||
>
|
|
||||||
</File>
|
|
||||||
<File
|
|
||||||
RelativePath="..\..\..\src\eap_peer\eap_mschapv2.c"
|
|
||||||
>
|
|
||||||
</File>
|
|
||||||
<File
|
|
||||||
RelativePath="..\..\..\src\eap_peer\eap_otp.c"
|
|
||||||
>
|
|
||||||
</File>
|
|
||||||
<File
|
|
||||||
RelativePath="..\..\..\src\eap_peer\eap_peap.c"
|
|
||||||
>
|
|
||||||
</File>
|
|
||||||
<File
|
|
||||||
RelativePath="..\..\..\src\eap_common\eap_peap_common.c"
|
|
||||||
>
|
|
||||||
</File>
|
|
||||||
<File
|
|
||||||
RelativePath="..\..\eap_register.c"
|
|
||||||
>
|
|
||||||
</File>
|
|
||||||
<File
|
|
||||||
RelativePath="..\..\..\src\eap_peer\eap_tls.c"
|
|
||||||
>
|
|
||||||
</File>
|
|
||||||
<File
|
|
||||||
RelativePath="..\..\..\src\eap_peer\eap_tls_common.c"
|
|
||||||
>
|
|
||||||
</File>
|
|
||||||
<File
|
|
||||||
RelativePath="..\..\..\src\eap_peer\eap_tnc.c"
|
|
||||||
>
|
|
||||||
</File>
|
|
||||||
<File
|
|
||||||
RelativePath="..\..\..\src\eap_peer\eap_ttls.c"
|
|
||||||
>
|
|
||||||
</File>
|
|
||||||
<File
|
|
||||||
RelativePath="..\..\..\src\eapol_supp\eapol_supp_sm.c"
|
|
||||||
>
|
|
||||||
</File>
|
|
||||||
<File
|
|
||||||
RelativePath="..\..\..\src\utils\eloop_win.c"
|
|
||||||
>
|
|
||||||
</File>
|
|
||||||
<File
|
|
||||||
RelativePath="..\..\events.c"
|
|
||||||
>
|
|
||||||
</File>
|
|
||||||
<File
|
|
||||||
RelativePath="..\..\..\src\l2_packet\l2_packet_winpcap.c"
|
|
||||||
>
|
|
||||||
</File>
|
|
||||||
<File
|
|
||||||
RelativePath="..\..\main.c"
|
|
||||||
>
|
|
||||||
</File>
|
|
||||||
<File
|
|
||||||
RelativePath="..\..\..\src\crypto\md5.c"
|
|
||||||
>
|
|
||||||
</File>
|
|
||||||
<File
|
|
||||||
RelativePath="..\..\..\src\crypto\ms_funcs.c"
|
|
||||||
>
|
|
||||||
</File>
|
|
||||||
<File
|
|
||||||
RelativePath="..\..\..\src\eap_peer\mschapv2.c"
|
|
||||||
>
|
|
||||||
</File>
|
|
||||||
<File
|
|
||||||
RelativePath="..\..\..\src\drivers\ndis_events.c"
|
|
||||||
>
|
|
||||||
</File>
|
|
||||||
<File
|
|
||||||
RelativePath="..\..\notify.c"
|
|
||||||
>
|
|
||||||
</File>
|
|
||||||
<File
|
|
||||||
RelativePath="..\..\..\src\utils\os_win32.c"
|
|
||||||
>
|
|
||||||
</File>
|
|
||||||
<File
|
|
||||||
RelativePath="..\..\..\src\utils\pcsc_funcs.c"
|
|
||||||
>
|
|
||||||
</File>
|
|
||||||
<File
|
|
||||||
RelativePath="..\..\..\src\rsn_supp\peerkey.c"
|
|
||||||
>
|
|
||||||
</File>
|
|
||||||
<File
|
|
||||||
RelativePath="..\..\..\src\rsn_supp\pmksa_cache.c"
|
|
||||||
>
|
|
||||||
</File>
|
|
||||||
<File
|
|
||||||
RelativePath="..\..\..\src\rsn_supp\preauth.c"
|
|
||||||
>
|
|
||||||
</File>
|
|
||||||
<File
|
|
||||||
RelativePath="..\..\scan.c"
|
|
||||||
>
|
|
||||||
</File>
|
|
||||||
<File
|
|
||||||
RelativePath="..\..\..\src\crypto\sha1.c"
|
|
||||||
>
|
|
||||||
</File>
|
|
||||||
<File
|
|
||||||
RelativePath="..\..\..\src\crypto\sha1-pbkdf2.c"
|
|
||||||
>
|
|
||||||
</File>
|
|
||||||
<File
|
|
||||||
RelativePath="..\..\..\src\crypto\sha1-prf.c"
|
|
||||||
>
|
|
||||||
</File>
|
|
||||||
<File
|
|
||||||
RelativePath="..\..\..\src\crypto\sha1-tlsprf.c"
|
|
||||||
>
|
|
||||||
</File>
|
|
||||||
<File
|
|
||||||
RelativePath="..\..\..\src\crypto\tls_openssl.c"
|
|
||||||
>
|
|
||||||
</File>
|
|
||||||
<File
|
|
||||||
RelativePath="..\..\..\src\eap_peer\tncc.c"
|
|
||||||
>
|
|
||||||
</File>
|
|
||||||
<File
|
|
||||||
RelativePath="..\..\..\src\rsn_supp\wpa.c"
|
|
||||||
>
|
|
||||||
</File>
|
|
||||||
<File
|
|
||||||
RelativePath="..\..\..\src\common\wpa_common.c"
|
|
||||||
>
|
|
||||||
</File>
|
|
||||||
<File
|
|
||||||
RelativePath="..\..\..\src\utils\wpa_debug.c"
|
|
||||||
>
|
|
||||||
</File>
|
|
||||||
<File
|
|
||||||
RelativePath="..\..\..\src\rsn_supp\wpa_ie.c"
|
|
||||||
>
|
|
||||||
</File>
|
|
||||||
<File
|
|
||||||
RelativePath="..\..\wpa_supplicant.c"
|
|
||||||
>
|
|
||||||
</File>
|
|
||||||
<File
|
|
||||||
RelativePath="..\..\..\src\utils\wpabuf.c"
|
|
||||||
>
|
|
||||||
</File>
|
|
||||||
<File
|
|
||||||
RelativePath="..\..\wpas_glue.c"
|
|
||||||
>
|
|
||||||
</File>
|
|
||||||
</Filter>
|
|
||||||
<Filter
|
|
||||||
Name="Header Files"
|
|
||||||
Filter="h;hpp;hxx;hm;inl;inc;xsd"
|
|
||||||
UniqueIdentifier="{93995380-89BD-4b04-88EB-625FBE52EBFB}"
|
|
||||||
>
|
|
||||||
</Filter>
|
|
||||||
<Filter
|
|
||||||
Name="Resource Files"
|
|
||||||
Filter="rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav"
|
|
||||||
UniqueIdentifier="{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}"
|
|
||||||
>
|
|
||||||
</Filter>
|
|
||||||
</Files>
|
|
||||||
<Globals>
|
|
||||||
</Globals>
|
|
||||||
</VisualStudioProject>
|
|
|
@ -1097,6 +1097,8 @@ static void wnm_bss_tm_connect(struct wpa_supplicant *wpa_s,
|
||||||
struct wpa_bss *bss, struct wpa_ssid *ssid,
|
struct wpa_bss *bss, struct wpa_ssid *ssid,
|
||||||
int after_new_scan)
|
int after_new_scan)
|
||||||
{
|
{
|
||||||
|
struct wpa_radio_work *already_connecting;
|
||||||
|
|
||||||
wpa_dbg(wpa_s, MSG_DEBUG,
|
wpa_dbg(wpa_s, MSG_DEBUG,
|
||||||
"WNM: Transition to BSS " MACSTR
|
"WNM: Transition to BSS " MACSTR
|
||||||
" based on BSS Transition Management Request (old BSSID "
|
" based on BSS Transition Management Request (old BSSID "
|
||||||
|
@ -1121,9 +1123,18 @@ static void wnm_bss_tm_connect(struct wpa_supplicant *wpa_s,
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
already_connecting = radio_work_pending(wpa_s, "sme-connect");
|
||||||
wpa_s->reassociate = 1;
|
wpa_s->reassociate = 1;
|
||||||
wpa_printf(MSG_DEBUG, "WNM: Issuing connect");
|
wpa_printf(MSG_DEBUG, "WNM: Issuing connect");
|
||||||
wpa_supplicant_connect(wpa_s, bss, ssid);
|
wpa_supplicant_connect(wpa_s, bss, ssid);
|
||||||
|
|
||||||
|
/*
|
||||||
|
* Indicate that a BSS transition is in progress so scan results that
|
||||||
|
* come in before the 'sme-connect' radio work gets executed do not
|
||||||
|
* override the original connection attempt.
|
||||||
|
*/
|
||||||
|
if (!already_connecting && radio_work_pending(wpa_s, "sme-connect"))
|
||||||
|
wpa_s->bss_trans_mgmt_in_progress = true;
|
||||||
wnm_deallocate_memory(wpa_s);
|
wnm_deallocate_memory(wpa_s);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -1,6 +1,6 @@
|
||||||
/*
|
/*
|
||||||
* WPA Supplicant - command line interface for wpa_supplicant daemon
|
* WPA Supplicant - command line interface for wpa_supplicant daemon
|
||||||
* Copyright (c) 2004-2019, Jouni Malinen <j@w1.fi>
|
* Copyright (c) 2004-2022, Jouni Malinen <j@w1.fi>
|
||||||
*
|
*
|
||||||
* This software may be distributed under the terms of the BSD license.
|
* This software may be distributed under the terms of the BSD license.
|
||||||
* See README for more details.
|
* See README for more details.
|
||||||
|
@ -29,7 +29,7 @@
|
||||||
|
|
||||||
static const char *const wpa_cli_version =
|
static const char *const wpa_cli_version =
|
||||||
"wpa_cli v" VERSION_STR "\n"
|
"wpa_cli v" VERSION_STR "\n"
|
||||||
"Copyright (c) 2004-2019, Jouni Malinen <j@w1.fi> and contributors";
|
"Copyright (c) 2004-2022, Jouni Malinen <j@w1.fi> and contributors";
|
||||||
|
|
||||||
#define VENDOR_ELEM_FRAME_ID \
|
#define VENDOR_ELEM_FRAME_ID \
|
||||||
" 0: Probe Req (P2P), 1: Probe Resp (P2P) , 2: Probe Resp (GO), " \
|
" 0: Probe Req (P2P), 1: Probe Resp (P2P) , 2: Probe Resp (GO), " \
|
||||||
|
|
|
@ -1,6 +1,6 @@
|
||||||
/*
|
/*
|
||||||
* WPA Supplicant
|
* WPA Supplicant
|
||||||
* Copyright (c) 2003-2019, Jouni Malinen <j@w1.fi>
|
* Copyright (c) 2003-2022, Jouni Malinen <j@w1.fi>
|
||||||
*
|
*
|
||||||
* This software may be distributed under the terms of the BSD license.
|
* This software may be distributed under the terms of the BSD license.
|
||||||
* See README for more details.
|
* See README for more details.
|
||||||
|
@ -71,7 +71,7 @@
|
||||||
|
|
||||||
const char *const wpa_supplicant_version =
|
const char *const wpa_supplicant_version =
|
||||||
"wpa_supplicant v" VERSION_STR "\n"
|
"wpa_supplicant v" VERSION_STR "\n"
|
||||||
"Copyright (c) 2003-2019, Jouni Malinen <j@w1.fi> and contributors";
|
"Copyright (c) 2003-2022, Jouni Malinen <j@w1.fi> and contributors";
|
||||||
|
|
||||||
const char *const wpa_supplicant_license =
|
const char *const wpa_supplicant_license =
|
||||||
"This software may be distributed under the terms of the BSD license.\n"
|
"This software may be distributed under the terms of the BSD license.\n"
|
||||||
|
@ -3621,6 +3621,11 @@ static void wpas_start_assoc_cb(struct wpa_radio_work *work, int deinit)
|
||||||
struct ieee80211_vht_capabilities vhtcaps_mask;
|
struct ieee80211_vht_capabilities vhtcaps_mask;
|
||||||
#endif /* CONFIG_VHT_OVERRIDES */
|
#endif /* CONFIG_VHT_OVERRIDES */
|
||||||
|
|
||||||
|
wpa_s->roam_in_progress = false;
|
||||||
|
#ifdef CONFIG_WNM
|
||||||
|
wpa_s->bss_trans_mgmt_in_progress = false;
|
||||||
|
#endif /* CONFIG_WNM */
|
||||||
|
|
||||||
if (deinit) {
|
if (deinit) {
|
||||||
if (work->started) {
|
if (work->started) {
|
||||||
wpa_s->connect_work = NULL;
|
wpa_s->connect_work = NULL;
|
||||||
|
@ -8173,6 +8178,10 @@ void wpas_request_disconnection(struct wpa_supplicant *wpa_s)
|
||||||
eloop_cancel_timeout(wpas_network_reenabled, wpa_s, NULL);
|
eloop_cancel_timeout(wpas_network_reenabled, wpa_s, NULL);
|
||||||
radio_remove_works(wpa_s, "connect", 0);
|
radio_remove_works(wpa_s, "connect", 0);
|
||||||
radio_remove_works(wpa_s, "sme-connect", 0);
|
radio_remove_works(wpa_s, "sme-connect", 0);
|
||||||
|
wpa_s->roam_in_progress = false;
|
||||||
|
#ifdef CONFIG_WNM
|
||||||
|
wpa_s->bss_trans_mgmt_in_progress = false;
|
||||||
|
#endif /* CONFIG_WNM */
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
|
|
@ -1286,6 +1286,7 @@ struct wpa_supplicant {
|
||||||
struct os_reltime wnm_cand_valid_until;
|
struct os_reltime wnm_cand_valid_until;
|
||||||
u8 wnm_cand_from_bss[ETH_ALEN];
|
u8 wnm_cand_from_bss[ETH_ALEN];
|
||||||
enum bss_trans_mgmt_status_code bss_tm_status;
|
enum bss_trans_mgmt_status_code bss_tm_status;
|
||||||
|
bool bss_trans_mgmt_in_progress;
|
||||||
struct wpabuf *coloc_intf_elems;
|
struct wpabuf *coloc_intf_elems;
|
||||||
u8 coloc_intf_dialog_token;
|
u8 coloc_intf_dialog_token;
|
||||||
u8 coloc_intf_auto_report;
|
u8 coloc_intf_auto_report;
|
||||||
|
|
Loading…
Reference in a new issue