bin/116164: wpa_supplicant: add non-standard EAP Methods

Scot Hetzel swhetzel at gmail.com
Thu Sep 6 12:40:08 PDT 2007 

>Number:         116164
>Category:       bin
>Synopsis:       wpa_supplicant: add non-standard EAP Methods
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Thu Sep 06 19:40:08 GMT 2007
>Closed-Date:
>Last-Modified:
>Originator:     Scot Hetzel
>Release:        7.0-CURRENT
>Organization:
>Environment:
>Description:
wpa_supplicant supports many types of EAP authentication alogorithms, but not all of them are included in FreeBSD.
>How-To-Repeat:
Try to use wpa_supplicant at a site that is not using one of the default EAP methods.
>Fix:
To add additional EAP methods, just set WPA_SUPPLICANT_CFLAGS to one or more of these methods:

 -DEAP_AKA, -DEAP_SIM, -DEAP_GTC, -DEAP_OTP, -DEAP_GPSK, -DEAP_PAX, -DEAP_SAKE

The EAP_AKA and EAP_SIM methods can be configured to use devel/pcsc-lite, by adding:

WPA_SUPPLICANT_CFLAGS=-DEAP_AKA -DPCSC_FUNCS -I/usr/local/include/PCSC
WPA_SUPPLICANT_LDADD=-L/usr/local/lib

to src.conf. This is similar to how sendmail added SASL support.


Patch attached with submission follows:

Index: Makefile
===================================================================
RCS file: /home/ncvs/src/usr.sbin/wpa/wpa_supplicant/Makefile,v
retrieving revision 1.9
diff -u -r1.9 Makefile
--- Makefile	11 Jul 2007 16:04:08 -0000	1.9
+++ Makefile	6 Sep 2007 19:35:30 -0000
@@ -35,7 +35,7 @@
 
 .if ${MK_OPENSSL} != "no" && !defined(RELEASE_CRUNCH)
 CFLAGS+=-DEAP_TLS -DEAP_PEAP -DEAP_MSCHAPv2 -DEAP_LEAP -DEAP_PSK \
-	-DEAP_TLV -DEAP_TLS_FUNCS
+	-DEAP_TLV -DEAP_TLS_FUNCS -DEAP_TLS_OPENSSL
 SRCS+=	eap_tls.c eap_peap.c eap_mschapv2.c eap_leap.c \
 	eap_psk.c eap_psk_common.c \
 	eap_tlv.c eap_tls_common.c tls_openssl.c ms_funcs.c crypto.c
@@ -43,6 +43,60 @@
 CFLAGS+=-DEAP_TTLS -DEAP_MD5
 SRCS+=	eap_ttls.c eap_md5.c
 
+# User customizations to the wpa_supplicant build environment
+CFLAGS+=${WPA_SUPPLICANT_CFLAGS}
+#DPADD+=${WPA_SUPPLICANT_DPADD}
+LDADD+=${WPA_SUPPLICANT_LDADD}
+#LDFLAGS+=${WPA_SUPPLICANT_LDFLAGS}
+
+.if !empty(CFLAGS:M*-DEAP_GTC)
+SRCS+=	eap_gtc.c
+.endif
+
+.if !empty(CFLAGS:M*-DEAP_OTP)
+SRCS+=	eap_otp.c
+.endif
+
+.if !empty(CFLAGS:M*-DEAP_AKA)
+NEED_SIM_COMMON=	true
+SRCS+=	eap_aka.c
+.endif
+
+.if !empty(CFLAGS:M*-DEAP_SIM)
+NEED_SIM_COMMON=	true
+SRCS+=	eap_sim.c
+.endif
+
+.if defined(NEED_SIM_COMMON)
+SRCS+=	eap_sim_common.c
+
+# PC/SC interface for smartcards (USIM, GSM SIM)
+# GSM/UMTS authentication algorithm (for EAP-SIM/EAP-AKA)
+# NB: requires devel/pcsc-lite
+#
+# WPA_SUPPLICANT_CFLAGS=-DEAP_AKA -DPCSC_FUNCS -I/usr/local/include/PCSC
+# WPA_SUPPLICANT_LDADD=-L/usr/local/lib
+#
+.if !empty(CFLAGS:M*-DPCSC_FUNCS)
+SRCS+=	pcsc_funcs.c
+DPADD+=${LIBPTHREAD}
+LDADD+=-lpcsclite -lpthread
+.endif
+.endif
+
+.if !empty(CFLAGS:M*-DEAP_GPSK)
+CFLAGS+=-DEAP_GPSK_SHA256 -DINTERNAL_SHA256
+SRCS+=	eap_gpsk.c eap_gpsk_common.c sha256.c
+.endif
+
+.if !empty(CFLAGS:M*-DEAP_PAX)
+SRCS+=	eap_pax.c eap_pax_common.c
+.endif
+
+.if !empty(CFLAGS:M*-DEAP_SAKE)
+SRCS+=	eap_sake.c eap_sake_common.c
+.endif
+
 # NB: requires patch to openssl
 #CFLAGS+= -DEAP_FAST
 #SRCS+=	eap_fast.c
@@ -50,6 +104,7 @@
 DPADD+= ${LIBSSL} ${LIBCRYPTO}
 LDADD+= -lssl -lcrypto
 .else
+CFLAGS+= -DEAP_TLS_NONE
 SRCS+=	tls_none.c
 .endif
 


>Release-Note:
>Audit-Trail:
>Unformatted:

More information about the freebsd-bugs mailing list