bin/116164: wpa_supplicant: add non-standard EAP Methods
Scot Hetzel
swhetzel at gmail.com
Thu Sep 6 12:40:08 PDT 2007
>Number: 116164
>Category: bin
>Synopsis: wpa_supplicant: add non-standard EAP Methods
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Thu Sep 06 19:40:08 GMT 2007
>Closed-Date:
>Last-Modified:
>Originator: Scot Hetzel
>Release: 7.0-CURRENT
>Organization:
>Environment:
>Description:
wpa_supplicant supports many types of EAP authentication alogorithms, but not all of them are included in FreeBSD.
>How-To-Repeat:
Try to use wpa_supplicant at a site that is not using one of the default EAP methods.
>Fix:
To add additional EAP methods, just set WPA_SUPPLICANT_CFLAGS to one or more of these methods:
-DEAP_AKA, -DEAP_SIM, -DEAP_GTC, -DEAP_OTP, -DEAP_GPSK, -DEAP_PAX, -DEAP_SAKE
The EAP_AKA and EAP_SIM methods can be configured to use devel/pcsc-lite, by adding:
WPA_SUPPLICANT_CFLAGS=-DEAP_AKA -DPCSC_FUNCS -I/usr/local/include/PCSC
WPA_SUPPLICANT_LDADD=-L/usr/local/lib
to src.conf. This is similar to how sendmail added SASL support.
Patch attached with submission follows:
Index: Makefile
===================================================================
RCS file: /home/ncvs/src/usr.sbin/wpa/wpa_supplicant/Makefile,v
retrieving revision 1.9
diff -u -r1.9 Makefile
--- Makefile 11 Jul 2007 16:04:08 -0000 1.9
+++ Makefile 6 Sep 2007 19:35:30 -0000
@@ -35,7 +35,7 @@
.if ${MK_OPENSSL} != "no" && !defined(RELEASE_CRUNCH)
CFLAGS+=-DEAP_TLS -DEAP_PEAP -DEAP_MSCHAPv2 -DEAP_LEAP -DEAP_PSK \
- -DEAP_TLV -DEAP_TLS_FUNCS
+ -DEAP_TLV -DEAP_TLS_FUNCS -DEAP_TLS_OPENSSL
SRCS+= eap_tls.c eap_peap.c eap_mschapv2.c eap_leap.c \
eap_psk.c eap_psk_common.c \
eap_tlv.c eap_tls_common.c tls_openssl.c ms_funcs.c crypto.c
@@ -43,6 +43,60 @@
CFLAGS+=-DEAP_TTLS -DEAP_MD5
SRCS+= eap_ttls.c eap_md5.c
+# User customizations to the wpa_supplicant build environment
+CFLAGS+=${WPA_SUPPLICANT_CFLAGS}
+#DPADD+=${WPA_SUPPLICANT_DPADD}
+LDADD+=${WPA_SUPPLICANT_LDADD}
+#LDFLAGS+=${WPA_SUPPLICANT_LDFLAGS}
+
+.if !empty(CFLAGS:M*-DEAP_GTC)
+SRCS+= eap_gtc.c
+.endif
+
+.if !empty(CFLAGS:M*-DEAP_OTP)
+SRCS+= eap_otp.c
+.endif
+
+.if !empty(CFLAGS:M*-DEAP_AKA)
+NEED_SIM_COMMON= true
+SRCS+= eap_aka.c
+.endif
+
+.if !empty(CFLAGS:M*-DEAP_SIM)
+NEED_SIM_COMMON= true
+SRCS+= eap_sim.c
+.endif
+
+.if defined(NEED_SIM_COMMON)
+SRCS+= eap_sim_common.c
+
+# PC/SC interface for smartcards (USIM, GSM SIM)
+# GSM/UMTS authentication algorithm (for EAP-SIM/EAP-AKA)
+# NB: requires devel/pcsc-lite
+#
+# WPA_SUPPLICANT_CFLAGS=-DEAP_AKA -DPCSC_FUNCS -I/usr/local/include/PCSC
+# WPA_SUPPLICANT_LDADD=-L/usr/local/lib
+#
+.if !empty(CFLAGS:M*-DPCSC_FUNCS)
+SRCS+= pcsc_funcs.c
+DPADD+=${LIBPTHREAD}
+LDADD+=-lpcsclite -lpthread
+.endif
+.endif
+
+.if !empty(CFLAGS:M*-DEAP_GPSK)
+CFLAGS+=-DEAP_GPSK_SHA256 -DINTERNAL_SHA256
+SRCS+= eap_gpsk.c eap_gpsk_common.c sha256.c
+.endif
+
+.if !empty(CFLAGS:M*-DEAP_PAX)
+SRCS+= eap_pax.c eap_pax_common.c
+.endif
+
+.if !empty(CFLAGS:M*-DEAP_SAKE)
+SRCS+= eap_sake.c eap_sake_common.c
+.endif
+
# NB: requires patch to openssl
#CFLAGS+= -DEAP_FAST
#SRCS+= eap_fast.c
@@ -50,6 +104,7 @@
DPADD+= ${LIBSSL} ${LIBCRYPTO}
LDADD+= -lssl -lcrypto
.else
+CFLAGS+= -DEAP_TLS_NONE
SRCS+= tls_none.c
.endif
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-bugs
mailing list