diff --git a/net-wireless/hostapd/Manifest b/net-wireless/hostapd/Manifest index b24234707..6c93eb1c2 100644 --- a/net-wireless/hostapd/Manifest +++ b/net-wireless/hostapd/Manifest @@ -5,10 +5,16 @@ AUX hostapd-1.0-karma-0.2.patch 39202 SHA256 ce40eb1f2a205ef9ec5d0ff87c9df85a86c AUX hostapd-1.0-karma.patch 15724 SHA256 9f4d853c2974607aed7accb5785df224e3abdce4baf4dee787ca45421c85ec87 SHA512 694e8e03db5e3577359b0cc5c530ef528dd2bbeb64351060113fe67ee4446495999330edc5f38c3206c8525c5f401e35ca8a3c0f372f5c8e3205172680cf7fd9 WHIRLPOOL 36f6a45310a642fb2b1c2225d560ac85b1c08074c08108682fbb638ad27f8d01858ba48a2b64ffaa01832a52185afe5c39b521635b8767abdfaefb6c84a0a903 AUX hostapd-1.0-libnl_path_fix.patch 892 SHA256 7ec9489fed14b7f3916d0aab63e34886bcf39d07c257101df53e16ef4db2b95d SHA512 10b1db56ec2bb8a2ab04dcd50b5a0442efdd4814ef6a4effc50d0157d61fc993ebb6f2f6775566fc0341668ad314dd2d4ec4e91177d59d76c59b8ceb2bf4c2f4 WHIRLPOOL ae16d72eb649d7267191a2542c204da92493279f3d09dc9de4349ca4a8db9d7e5f46d3d824e4b22900ad257e1bdcf86b26fb46eee63cbb8af48bd739b0d27ea0 AUX hostapd-1.0-tls_length_fix.patch 1859 SHA256 bbca0422a0babbf9d7fad2b758ecddaae45624db1b2db6d7663292548e25906a SHA512 e354e9352605003101cba296735232d11ac685f1db8718e5d59b55de1b86b55144e4871afe85cae4374f52af1b42df3ebd4747e109c86e0750ef9eb5345453d7 WHIRLPOOL 6a9379b09ffb73d13ea813952e2b39b5ab90ec98a27ed211ff2904d52e346c9e6273fe99e8ae6509773597afa352d9e77f3081103c5e5c55c86e12f8176a5419 +AUX hostapd-2.0-cui.patch 12848 SHA256 86f3eeab008901c3f7f59d7a6a27f94292b9fdd58b41ef84170ba40b5fa83397 SHA512 20b1f89773e3bb1630c554f28803f0b5b6adfbbb969428a88ed6d1cba4ba21c36946048ac16672a2378d2ae85ca7ccb0a77b0df7d56a99c013054421cdae7fa3 WHIRLPOOL 77ee4d3c386fb4da275da05d5acad30bc98a3212301da68df7af6261d23ca7e5c3f85ee805ab70c68cc833e92afd290f845c0320d7af90ff0feb7579cf14342e +AUX hostapd-2.0-karma.patch 38791 SHA256 bfaca51b2b03e11277debb452b0a52b5078115ed8967ddfbd7874a4e3ad26afc SHA512 269fbe1b420177b63c5c24321f2a435ef3338db36ee534c3e205f5c6f1e85df1b89ce6fb5de1ae363c5ff8965ec719fa2e0b80f0a2be3d1cc9ed84eecca8cce6 WHIRLPOOL cf69a9ea51bc94095fe89bb379436c305972a6675439683ff457a1c6853eebf7e77bf580f2624494cd48f39c45b82d1f7ff937728cd2527e4a307cbbfa14a2a1 +AUX hostapd-2.0-tls_length_fix.patch 1859 SHA256 bbca0422a0babbf9d7fad2b758ecddaae45624db1b2db6d7663292548e25906a SHA512 e354e9352605003101cba296735232d11ac685f1db8718e5d59b55de1b86b55144e4871afe85cae4374f52af1b42df3ebd4747e109c86e0750ef9eb5345453d7 WHIRLPOOL 6a9379b09ffb73d13ea813952e2b39b5ab90ec98a27ed211ff2904d52e346c9e6273fe99e8ae6509773597afa352d9e77f3081103c5e5c55c86e12f8176a5419 +AUX hostapd-2.0-wpe.patch 15067 SHA256 4fbdbf3f0e09702aba7205b3f6cac2fe63579d3da40f337075e1ffc4d10ef303 SHA512 3b8cc6217ca4285a2d2d790b353bffdf0e9b5170048823134230b857f3587fa5991b85496849110e90466c02a858fe22a75301c76764a486f1af10a7828d62f1 WHIRLPOOL 6d6086d01a6a1957066fdfbd02151745bfd6c494010d48e48ade7c76a19da0940216d1348d7c03e0ce905b458c663202e4dee009e348dbfae02969c5f8bb30d6 AUX hostapd-conf.d 245 SHA256 916f4b14095ee4ec8a510391c883e9f01868e18d79a3d5cbeb13a104a793d45d SHA512 f07a6cd209eca351b8545017c5f025282c3fdea838ca3df49e362571ded43973281ce4ff83984b1299db15ea9b5c21a42cbda91432220af9146bf034e2265c30 WHIRLPOOL 0ab1dbd8e04df9e7b8ae875dfdfdcdd770e4fcb62197bb81e47588a9ecf0b8bb715adbde34f2be82d630fdd536e9f888f463dd12cab0c06220c345b0093a3dd5 AUX hostapd-init.d 1022 SHA256 a220058841e66a11603df8e968ccc68945f01e1d11c1ae498922d0e01f6fa804 SHA512 0d9d3c69c7b4c50ab08a7633b3b0b2f770647045ba967de628c34bf37644dcae6ef8288cab0fd0508b8ee8eafa8f48bda0d378c5aadbbbc5cde9f5441f7c97a1 WHIRLPOOL e86f507cff5712ff2590f39c58989a379b81feb40cedcd424188e055ac38f772a7bb9c1089efabd6ff104078257aa2a20a82790e17b085c03264d35b6f4e274d DIST hostapd-1.0.tar.gz 1327943 SHA256 002e9dcb7e46cf82b5900a2fcf92b30fc8cdfd32a72d7fd4488588f1c013dfcc SHA512 2f189ef3d52099ee249a96820b257f331e0cb601e89dc01c583ec697d5e9a68f6b80c2913bbb4b37f18dc4a218f34ed9deb0357d55509de9d0f58dd60df33a8b WHIRLPOOL 79f0fd8b7f256d69771f8b022e74ee9908a6a613c875392cf151bdada86c077bbf8e88213547efa64c240daf9fb5e5f9bffe2fa5f7f98d5ca27d5d7058f5995a +DIST hostapd-2.0.tar.gz 1376203 SHA256 262ce394b930bccc3d65fb99ee380f28d36444978f524c845a98e8e29f4e9d35 SHA512 25fddaaddb22903078cfaae29a1e955b60955f9f5542b52962a6a8d4c65146ca102e9ac085118ce422843c55349a74a019220dfd4926895e301d506dbc97b967 WHIRLPOOL e5ae2e760770d2f307b1c4235c9b0c9d25e1719a1d174efa30ce6bbbc07b5c46d5f7babc087b8f450f3b485fb640728ddd23761fb292bcd535ef38dc10ac1d45 EBUILD hostapd-1.0-r4.ebuild 5519 SHA256 c911846537d95e6ce101988af1157ec772d03ce34da0ec6aa657580e4b497852 SHA512 7e01750d68513e33c0ee8848dd6ee851a32cfb500aa0cfae802b7aabaf86b32c2992b229f1f94f345ecc8dc0b4f220483f4b05f9f87b89b6fca8d37b6af0543b WHIRLPOOL 5dffe8e9070db5c2d71b4df1cedf52a7bf3f57308f76b4a13d2c11f6083c0e611c42c389ba9a75e4d15dba93534d18054a4b662b7223cf278de45e3362ca00cd EBUILD hostapd-1.0-r5.ebuild 5523 SHA256 61d713f72dae5f93b4cdaf9328edc29bb589ac67221b7ca220e544ae44abebac SHA512 ec9d9a96dcc3ea31529c827fbbe0095fb2e14125c1c35820a588352ecd44c7cef4ce6e590773294501f4d79e7d5ca0ebd2dc3cdf29e221bfc10bab19231d26f8 WHIRLPOOL ba48f2800633aaeb903cacca4830254b80a79079bc89333555dca325654ba94dc74af0e8c83e99f1d0b19c41cdd902a7b209c32dc6c618ed012460c0a037080b +EBUILD hostapd-2.0.ebuild 5604 SHA256 7ce368dd8ad524d64d4ae31ae9dd041998d96771deae351f935e58628f8001b2 SHA512 16ad471fdebf5f9e2e5e92d42f75722c449b291090a6482672b9c9e7bacb00937b142f4071aace93aef26e0f6d43fd246c544f1e23cf783715517146f75d566a WHIRLPOOL f641b6c62bc6d75306c4dd98774ec02460ff031bd1cd5580aa8d0b9c0ebbe6cd5be8b60f6f895d1df1fbf9117e339434dae24299d6b6002fbc23974597add598 MISC ChangeLog 20312 SHA256 4a1673cde56f1b7ea1dfd20f0ac702ad3e7e916b84cfdf4f5aa0448d01b13659 SHA512 1c03ba7921beb21500e160aa5abfb867967777f0c4a36e220524bde419a30663a03d38b757c97405a88e1a5a2baf91e27b8022514ae99bdd1b4768ad520ec15e WHIRLPOOL 3c0df927502c29770fcac11fad0a5c655ff05674fc7444fef1e4a68cdbb55b1690efd3b89d3240a978f045d33029be036961a44095173660cfe4d20c3a05918b MISC metadata.xml 752 SHA256 78c8bab11c00f4988d677b1f4bf5a66c3221c0f9a3c46cfaf333a8857f250662 SHA512 c9e8749a721896e4b91ee76b9008e8a3e0d58496d804a6ce103fa501ccd0322b18b28f69432babc506a4c97a22c993da11c34946d6b44517b3cbb45f80bf6bde WHIRLPOOL c8cc369fa5d5725617c4143053bef31f34fdc40b9a7c36a082765d5e9afcd12f5b45d567e7ea3e2431dfbbf3378daf05b73aead94978e650e012652e1928d7aa diff --git a/net-wireless/hostapd/files/hostapd-2.0-cui.patch b/net-wireless/hostapd/files/hostapd-2.0-cui.patch new file mode 100644 index 000000000..39b905e78 --- /dev/null +++ b/net-wireless/hostapd/files/hostapd-2.0-cui.patch @@ -0,0 +1,448 @@ +diff -urN hostapd-2.0.orig/src/ap/accounting.c hostapd-2.0/src/ap/accounting.c +--- hostapd-2.0.orig/src/ap/accounting.c 2013-01-12 23:42:53.000000000 +0800 ++++ hostapd-2.0/src/ap/accounting.c 2013-04-29 10:16:25.982059247 +0800 +@@ -19,6 +19,7 @@ + #include "sta_info.h" + #include "ap_drv_ops.h" + #include "accounting.h" ++/*#include "eapol_auth/eapol_auth_sm_i.h"*/ + + + /* Default interval in seconds for polling TX/RX octets from the driver if +@@ -40,6 +41,9 @@ + size_t len; + int i; + struct wpabuf *b; ++ u8 *cui; /*Define CUI Attribute*/ ++ size_t cui_len; /*Define CUI Attribute length*/ ++ struct eapol_state_machine *sm = sta->eapol_sm; + + msg = radius_msg_new(RADIUS_CODE_ACCOUNTING_REQUEST, + radius_client_get_id(hapd->radius)); +@@ -81,6 +85,7 @@ + if (sta) { + /* Use 802.1X identity if available */ + val = ieee802_1x_get_identity(sta->eapol_sm, &len); ++ printf("GOT ID\n"); + + /* Use RADIUS ACL identity if 802.1X provides no identity */ + if (!val && sta->identity) { +@@ -102,6 +107,30 @@ + printf("Could not add User-Name\n"); + goto fail; + } ++ ++ ++ /*Check if the CUI attribute is set, if so returns the TRUE or FALSE accordingly**************/ ++ if (getSetCui(sta->eapol_sm)){ ++ cui=get_CUI (sta->eapol_sm, &cui_len); ++ printf("GOT CUI\n"); ++ ++ if (!cui) { ++ ++ os_snprintf(buf, sizeof(buf), RADIUS_ADDR_FORMAT, ++ MAC2STR(sta->addr)); ++ cui = (u8 *) buf; ++ cui_len = os_strlen(buf); ++ } ++ if (!radius_msg_add_attr(msg, RADIUS_ATTR_CHARGEABLE_USER_IDENTITY, cui, ++ cui_len)) { /*Add CUI attribute to the Accounting Request Message*/ ++ printf("Could not add CUI\n"); ++ goto fail; ++ } ++ /********************/ ++ } ++ /*else { */ ++ /* printf ("PROBLEM IN IF\n");*/ ++ /*}*/ + } + + if (add_common_radius_attr(hapd, hapd->conf->radius_acct_req_attr, sta, +diff -urN hostapd-2.0.orig/src/ap/accounting.h hostapd-2.0/src/ap/accounting.h +--- hostapd-2.0.orig/src/ap/accounting.h 2013-01-12 23:42:53.000000000 +0800 ++++ hostapd-2.0/src/ap/accounting.h 2013-04-29 10:13:06.594045862 +0800 +@@ -20,6 +20,7 @@ + { + } + ++ + static inline void accounting_sta_stop(struct hostapd_data *hapd, + struct sta_info *sta) + { +diff -urN hostapd-2.0.orig/src/ap/ieee802_1x.c hostapd-2.0/src/ap/ieee802_1x.c +--- hostapd-2.0.orig/src/ap/ieee802_1x.c 2013-01-12 23:42:53.000000000 +0800 ++++ hostapd-2.0/src/ap/ieee802_1x.c 2013-04-29 10:18:45.037068583 +0800 +@@ -1051,6 +1051,7 @@ + * re-authentication without having to wait for the + * Supplicant to send EAPOL-Start. + */ ++ printf("REAUTHENTICATION-EAPOL"); + sta->eapol_sm->reAuthenticate = TRUE; + } + eapol_auth_step(sta->eapol_sm); +@@ -1316,6 +1317,68 @@ + sm->radius_cui = cui; + } + ++/* This method is used to Set the CUI attribute Value**************************************/ ++static void set_cui(struct hostapd_data *hapd, ++ struct sta_info *sta, ++ struct radius_msg *msg) ++ ++{ ++ u8 *buf,*cui_identity; ++ size_t len; ++ struct eapol_state_machine *sm = sta->eapol_sm; ++ ++ if (sm == NULL) ++ return; ++ ++ if (radius_msg_get_attr_ptr(msg, RADIUS_ATTR_CHARGEABLE_USER_IDENTITY, &buf, &len, ++ NULL) < 0) ++ return; ++ cui_identity = os_malloc(len + 1); ++ if (cui_identity == NULL) ++ return; ++ os_memcpy(cui_identity, buf, len); ++ cui_identity[len] = '\0'; ++ ++ sm->cui = cui_identity; ++ sm->cui_len = len; ++ printf(" SET CUI %s",(char *) cui_identity); ++ ++ ++} ++ ++ ++/* **************************************/ ++ ++/*check CUI attribute is available in Access Accept */ ++static void check_cuiAttr (struct radius_msg *msg,struct sta_info *sta, struct hostapd_data *hapd) ++{ ++ ++ struct eapol_state_machine *sm = sta->eapol_sm; /*Define a pointer to eapol_state_machine*/ ++ ++ ++ size_t i; ++ ++ for (i = 0;iattr_used;i++) ++ { struct radius_attr_hdr *attr = radius_get_attr_hdr(msg, i); ++ if (attr->type == RADIUS_ATTR_CHARGEABLE_USER_IDENTITY) /*check CUI attribute is availabe in Access-Accept packet*/ ++ { ++ printf("CUI Attribute is Available"); ++ sm->cuiAvailable = TRUE; ++ set_cui(hapd, sta, msg); ++ break; ++ ++ } ++ else { ++ sm->cuiAvailable = FALSE; ++ printf ("CUI is not available in this packet"); ++ ++ } ++ ++ ++ } ++ ++} ++ + + struct sta_id_search { + u8 identifier; +@@ -1477,6 +1540,8 @@ + ieee802_1x_store_radius_class(hapd, sta, msg); + ieee802_1x_update_sta_identity(hapd, sta, msg); + ieee802_1x_update_sta_cui(hapd, sta, msg); ++ /*set_cui(hapd, sta, msg);*/ ++ check_cuiAttr(msg,sta,hapd); + if (sm->eap_if->eapKeyAvailable && + wpa_auth_pmksa_add(sta->wpa_sm, sm->eapol_key_crypt, + session_timeout_set ? +@@ -1981,6 +2046,27 @@ + } + + ++ ++u8 * get_CUI(struct eapol_state_machine *sm, size_t *len) /* return CUI Attribute Value ******************************/ ++{ ++ if (sm == NULL || sm->identity == NULL) ++ return NULL; ++ ++ *len = sm->cui_len; ++ return sm->cui; ++} ++ ++Boolean getSetCui (struct eapol_state_machine *sm) /*Check if the CUI value is set or not, and returns TRUE or FALSE accordingly*/ ++ ++{ if (sm->cuiAvailable) ++ return TRUE; ++else ++ return FALSE; ++ } ++ ++/*****************************/ ++ ++ + u8 * ieee802_1x_get_radius_class(struct eapol_state_machine *sm, size_t *len, + int idx) + { +diff -urN hostapd-2.0.orig/src/ap/ieee802_1x.h hostapd-2.0/src/ap/ieee802_1x.h +--- hostapd-2.0.orig/src/ap/ieee802_1x.h 2013-01-12 23:42:53.000000000 +0800 ++++ hostapd-2.0/src/ap/ieee802_1x.h 2013-04-29 10:13:07.019045890 +0800 +@@ -35,6 +35,13 @@ + int ieee802_1x_eapol_tx_status(struct hostapd_data *hapd, struct sta_info *sta, + const u8 *data, int len, int ack); + u8 * ieee802_1x_get_identity(struct eapol_state_machine *sm, size_t *len); ++ ++/** definig CUI get function */ ++u8 * get_CUI(struct eapol_state_machine *sm, size_t *len); ++Boolean getSetCui (struct eapol_state_machine *sm); ++ ++/*********************/ ++ + u8 * ieee802_1x_get_radius_class(struct eapol_state_machine *sm, size_t *len, + int idx); + struct wpabuf * ieee802_1x_get_radius_cui(struct eapol_state_machine *sm); +diff -urN hostapd-2.0.orig/src/ap/pmksa_cache_auth.c hostapd-2.0/src/ap/pmksa_cache_auth.c +--- hostapd-2.0.orig/src/ap/pmksa_cache_auth.c 2013-01-12 23:42:53.000000000 +0800 ++++ hostapd-2.0/src/ap/pmksa_cache_auth.c 2013-04-29 10:13:07.020045890 +0800 +@@ -138,6 +138,20 @@ + if (eapol->radius_cui) + entry->cui = wpabuf_dup(eapol->radius_cui); + ++/*set to cui in to cache*/ ++ ++ if (eapol ->cui) { ++ ++ entry ->cui = os_malloc(eapol->cui_len); /*Allocate memory for CUI attribute*/ ++ if (entry->cui) { ++ entry->cui_len = eapol->cui_len; ++ os_memcpy(entry->cui, eapol->cui, ++ eapol->cui_len); ++ } ++ } ++ ++/*set to cui in to cache*/ ++ + #ifndef CONFIG_NO_RADIUS + radius_copy_class(&entry->radius_class, &eapol->radius_class); + #endif /* CONFIG_NO_RADIUS */ +@@ -170,6 +184,25 @@ + eapol->radius_cui = wpabuf_dup(entry->cui); + } + ++/*Added to get CUI from the cache*/ ++ ++ ++ if (entry->cui) { ++ os_free(eapol->cui); ++ ++ eapol->cui = os_malloc(entry->cui_len); ++ eapol->cuiAvailable=TRUE; ++ if (eapol->cui) { ++ eapol->cui_len = entry->cui_len; ++ os_memcpy(eapol->cui, entry->cui, ++ entry->cui_len); /*copy the CUI attribute value to EAPOL data structure*/ ++ } ++ wpa_hexdump_ascii(MSG_DEBUG, "CUIfrom PMKSA", ++ eapol->cui, eapol->cui_len); ++ } ++ ++ /*Added to get CUI from the cache*/ ++ + #ifndef CONFIG_NO_RADIUS + radius_free_class(&eapol->radius_class); + radius_copy_class(&eapol->radius_class, &entry->radius_class); +@@ -181,6 +214,7 @@ + + eapol->eap_type_authsrv = entry->eap_type_authsrv; + ((struct sta_info *) eapol->sta)->vlan_id = entry->vlan_id; ++ printf ("GETTING CACHE ENTRY\n"); + } + + +diff -urN hostapd-2.0.orig/src/ap/pmksa_cache_auth.h hostapd-2.0/src/ap/pmksa_cache_auth.h +--- hostapd-2.0.orig/src/ap/pmksa_cache_auth.h 2013-01-12 23:42:53.000000000 +0800 ++++ hostapd-2.0/src/ap/pmksa_cache_auth.h 2013-04-29 10:20:09.925074282 +0800 +@@ -26,6 +26,8 @@ + u8 *identity; + size_t identity_len; + struct wpabuf *cui; ++ u8 *cui; /* cui by me*/ ++ size_t cui_len; /*Size of the cached cui by me*/ + struct radius_class_data radius_class; + u8 eap_type_authsrv; + int vlan_id; +diff -urN hostapd-2.0.orig/src/common/ieee802_11_common.c hostapd-2.0/src/common/ieee802_11_common.c +--- hostapd-2.0.orig/src/common/ieee802_11_common.c 2013-01-12 23:42:53.000000000 +0800 ++++ hostapd-2.0/src/common/ieee802_11_common.c 2013-04-29 10:13:07.061045893 +0800 +@@ -25,8 +25,8 @@ + if (elen < 4) { + if (show_errors) { + wpa_printf(MSG_MSGDUMP, "short vendor specific " +- "information element ignored (len=%lu)", +- (unsigned long) elen); ++ "information element ignored (len=%lu)", ++ (unsigned long) elen); + } + return -1; + } +diff -urN hostapd-2.0.orig/src/eapol_auth/eapol_auth_sm_i.h hostapd-2.0/src/eapol_auth/eapol_auth_sm_i.h +--- hostapd-2.0.orig/src/eapol_auth/eapol_auth_sm_i.h 2013-01-12 23:42:53.000000000 +0800 ++++ hostapd-2.0/src/eapol_auth/eapol_auth_sm_i.h 2013-04-29 10:13:07.062045893 +0800 +@@ -69,6 +69,7 @@ + /* variables */ + Boolean eapolLogoff; + Boolean eapolStart; ++ Boolean cuiAvailable; /*to check CUI is available in AcessAccept*/ + PortTypes portMode; + unsigned int reAuthCount; + /* constants */ +@@ -153,6 +154,8 @@ + u8 last_eap_id; /* last used EAP Identifier */ + u8 *identity; + size_t identity_len; ++ u8 *cui; /*Define CUI Attribute*/ ++ size_t cui_len; /*Define CUI attribute length*/ + u8 eap_type_authsrv; /* EAP type of the last EAP packet from + * Authentication server */ + u8 eap_type_supp; /* EAP type of the last EAP packet from Supplicant */ +diff -urN hostapd-2.0.orig/src/radius/radius.c hostapd-2.0/src/radius/radius.c +--- hostapd-2.0.orig/src/radius/radius.c 2013-01-12 23:42:53.000000000 +0800 ++++ hostapd-2.0/src/radius/radius.c 2013-04-29 10:13:07.062045893 +0800 +@@ -18,16 +18,16 @@ + /** + * struct radius_msg - RADIUS message structure for new and parsed messages + */ +-struct radius_msg { ++//struct radius_msg { + /** + * buf - Allocated buffer for RADIUS message + */ +- struct wpabuf *buf; ++ //struct wpabuf *buf; + + /** + * hdr - Pointer to the RADIUS header in buf + */ +- struct radius_hdr *hdr; ++ //struct radius_hdr *hdr; + + /** + * attr_pos - Array of indexes to attributes +@@ -35,18 +35,18 @@ + * The values are number of bytes from buf to the beginning of + * struct radius_attr_hdr. + */ +- size_t *attr_pos; ++ //size_t *attr_pos; + + /** + * attr_size - Total size of the attribute pointer array + */ +- size_t attr_size; ++ //size_t attr_size; + + /** + * attr_used - Total number of attributes in the array + */ +- size_t attr_used; +-}; ++ //size_t attr_used; ++//}; + + + struct radius_hdr * radius_msg_get_hdr(struct radius_msg *msg) +@@ -60,7 +60,7 @@ + return msg->buf; + } + +- ++/* + static struct radius_attr_hdr * + radius_get_attr_hdr(struct radius_msg *msg, int idx) + { +@@ -68,7 +68,7 @@ + (wpabuf_mhead_u8(msg->buf) + msg->attr_pos[idx]); + } + +- ++*/ + static void radius_msg_set_hdr(struct radius_msg *msg, u8 code, u8 identifier) + { + msg->hdr->code = code; +diff -urN hostapd-2.0.orig/src/radius/radius.h hostapd-2.0/src/radius/radius.h +--- hostapd-2.0.orig/src/radius/radius.h 2013-01-12 23:42:53.000000000 +0800 ++++ hostapd-2.0/src/radius/radius.h 2013-04-29 10:13:07.064045893 +0800 +@@ -15,6 +15,45 @@ + #pragma pack(push, 1) + #endif /* _MSC_VER */ + ++/************************/ ++struct radius_msg { ++ /** ++ * buf - Allocated buffer for RADIUS message ++ */ ++ struct wpabuf *buf; ++ ++ /** ++ * hdr - Pointer to the RADIUS header in buf ++ */ ++ struct radius_hdr *hdr; ++ ++ /** ++ * attr_pos - Array of indexes to attributes ++ * ++ * The values are number of bytes from buf to the beginning of ++ * struct radius_attr_hdr. ++ */ ++ size_t *attr_pos; ++ ++ /** ++ * attr_size - Total size of the attribute pointer array ++ */ ++ size_t attr_size; ++ ++ /** ++ * attr_used - Total number of attributes in the array ++ */ ++ size_t attr_used; ++}; ++ ++ ++ ++ ++/***********************/ ++ ++ ++ ++ + struct radius_hdr { + u8 code; + u8 identifier; +@@ -210,6 +249,10 @@ + size_t secret_len); + struct radius_attr_hdr * radius_msg_add_attr(struct radius_msg *msg, u8 type, + const u8 *data, size_t data_len); ++ ++/****************************/ ++ ++/*****************************/ + struct radius_msg * radius_msg_parse(const u8 *data, size_t len); + int radius_msg_add_eap(struct radius_msg *msg, const u8 *data, + size_t data_len); +@@ -250,7 +293,13 @@ + u32 val = htonl(value); + return radius_msg_add_attr(msg, type, (u8 *) &val, 4) != NULL; + } +- ++/**********************/ ++static struct radius_attr_hdr * radius_get_attr_hdr(struct radius_msg *msg, int idx) ++{ ++ return (struct radius_attr_hdr *) ++ (wpabuf_mhead_u8(msg->buf) + msg->attr_pos[idx]); ++} ++/**************************/ + static inline int radius_msg_get_attr_int32(struct radius_msg *msg, u8 type, + u32 *value) + { diff --git a/net-wireless/hostapd/files/hostapd-2.0-karma.patch b/net-wireless/hostapd/files/hostapd-2.0-karma.patch new file mode 100644 index 000000000..a69f137c0 --- /dev/null +++ b/net-wireless/hostapd/files/hostapd-2.0-karma.patch @@ -0,0 +1,1185 @@ +diff -urN hostapd-2.0.orig/hostapd/.config hostapd-2.0/hostapd/.config +--- hostapd-2.0.orig/hostapd/.config 1970-01-01 07:30:00.000000000 +0730 ++++ hostapd-2.0/hostapd/.config 2013-04-29 22:28:50.212434072 +0800 +@@ -0,0 +1,246 @@ ++# Example hostapd build time configuration ++# ++# This file lists the configuration options that are used when building the ++# hostapd binary. All lines starting with # are ignored. Configuration option ++# lines must be commented out complete, if they are not to be included, i.e., ++# just setting VARIABLE=n is not disabling that variable. ++# ++# This file is included in Makefile, so variables like CFLAGS and LIBS can also ++# be modified from here. In most cass, these lines should use += in order not ++# to override previous values of the variables. ++ ++# Driver interface for Host AP driver ++CONFIG_DRIVER_HOSTAP=y ++ ++# Driver interface for wired authenticator ++#CONFIG_DRIVER_WIRED=y ++ ++# Driver interface for madwifi driver ++#CONFIG_DRIVER_MADWIFI=y ++#CFLAGS += -I../../madwifi # change to the madwifi source directory ++ ++# Driver interface for drivers using the nl80211 kernel interface ++CONFIG_DRIVER_NL80211=y ++ ++# Driver interface for FreeBSD net80211 layer (e.g., Atheros driver) ++#CONFIG_DRIVER_BSD=y ++#CFLAGS += -I/usr/local/include ++#LIBS += -L/usr/local/lib ++#LIBS_p += -L/usr/local/lib ++#LIBS_c += -L/usr/local/lib ++ ++# Driver interface for no driver (e.g., RADIUS server only) ++#CONFIG_DRIVER_NONE=y ++ ++# IEEE 802.11F/IAPP ++CONFIG_IAPP=y ++ ++# WPA2/IEEE 802.11i RSN pre-authentication ++CONFIG_RSN_PREAUTH=y ++ ++# PeerKey handshake for Station to Station Link (IEEE 802.11e DLS) ++CONFIG_PEERKEY=y ++ ++# IEEE 802.11w (management frame protection) ++# This version is an experimental implementation based on IEEE 802.11w/D1.0 ++# draft and is subject to change since the standard has not yet been finalized. ++# Driver support is also needed for IEEE 802.11w. ++#CONFIG_IEEE80211W=y ++ ++# Integrated EAP server ++CONFIG_EAP=y ++ ++# EAP-MD5 for the integrated EAP server ++CONFIG_EAP_MD5=y ++ ++# EAP-TLS for the integrated EAP server ++CONFIG_EAP_TLS=y ++ ++# EAP-MSCHAPv2 for the integrated EAP server ++CONFIG_EAP_MSCHAPV2=y ++ ++# EAP-PEAP for the integrated EAP server ++CONFIG_EAP_PEAP=y ++ ++# EAP-GTC for the integrated EAP server ++CONFIG_EAP_GTC=y ++ ++# EAP-TTLS for the integrated EAP server ++CONFIG_EAP_TTLS=y ++ ++# EAP-SIM for the integrated EAP server ++#CONFIG_EAP_SIM=y ++ ++# EAP-AKA for the integrated EAP server ++#CONFIG_EAP_AKA=y ++ ++# EAP-AKA' for the integrated EAP server ++# This requires CONFIG_EAP_AKA to be enabled, too. ++#CONFIG_EAP_AKA_PRIME=y ++ ++# EAP-PAX for the integrated EAP server ++#CONFIG_EAP_PAX=y ++ ++# EAP-PSK for the integrated EAP server (this is _not_ needed for WPA-PSK) ++#CONFIG_EAP_PSK=y ++ ++# EAP-pwd for the integrated EAP server (secure authentication with a password) ++#CONFIG_EAP_PWD=y ++ ++# EAP-SAKE for the integrated EAP server ++#CONFIG_EAP_SAKE=y ++ ++# EAP-GPSK for the integrated EAP server ++#CONFIG_EAP_GPSK=y ++# Include support for optional SHA256 cipher suite in EAP-GPSK ++#CONFIG_EAP_GPSK_SHA256=y ++ ++# EAP-FAST for the integrated EAP server ++# Note: Default OpenSSL package does not include support for all the ++# functionality needed for EAP-FAST. If EAP-FAST is enabled with OpenSSL, ++# the OpenSSL library must be patched (openssl-0.9.9-session-ticket.patch) ++# to add the needed functions. ++#CONFIG_EAP_FAST=y ++ ++# Wi-Fi Protected Setup (WPS) ++#CONFIG_WPS=y ++# Enable WSC 2.0 support ++#CONFIG_WPS2=y ++# Enable UPnP support for external WPS Registrars ++#CONFIG_WPS_UPNP=y ++ ++# EAP-IKEv2 ++#CONFIG_EAP_IKEV2=y ++ ++# Trusted Network Connect (EAP-TNC) ++#CONFIG_EAP_TNC=y ++ ++# PKCS#12 (PFX) support (used to read private key and certificate file from ++# a file that usually has extension .p12 or .pfx) ++CONFIG_PKCS12=y ++ ++# RADIUS authentication server. This provides access to the integrated EAP ++# server from external hosts using RADIUS. ++#CONFIG_RADIUS_SERVER=y ++ ++# Build IPv6 support for RADIUS operations ++CONFIG_IPV6=y ++ ++# IEEE Std 802.11r-2008 (Fast BSS Transition) ++#CONFIG_IEEE80211R=y ++ ++# Use the hostapd's IEEE 802.11 authentication (ACL), but without ++# the IEEE 802.11 Management capability (e.g., madwifi or FreeBSD/net80211) ++#CONFIG_DRIVER_RADIUS_ACL=y ++ ++# IEEE 802.11n (High Throughput) support ++#CONFIG_IEEE80211N=y ++ ++# Remove debugging code that is printing out debug messages to stdout. ++# This can be used to reduce the size of the hostapd considerably if debugging ++# code is not needed. ++#CONFIG_NO_STDOUT_DEBUG=y ++ ++# Add support for writing debug log to a file: -f /tmp/hostapd.log ++# Disabled by default. ++CONFIG_DEBUG_FILE=y ++ ++# Remove support for RADIUS accounting ++#CONFIG_NO_ACCOUNTING=y ++ ++# Remove support for RADIUS ++#CONFIG_NO_RADIUS=y ++ ++# Remove support for VLANs ++#CONFIG_NO_VLAN=y ++ ++# Enable support for fully dynamic VLANs. This enables hostapd to ++# automatically create bridge and VLAN interfaces if necessary. ++#CONFIG_FULL_DYNAMIC_VLAN=y ++ ++# Remove support for dumping state into a file on SIGUSR1 signal ++# This can be used to reduce binary size at the cost of disabling a debugging ++# option. ++#CONFIG_NO_DUMP_STATE=y ++ ++# Enable tracing code for developer debugging ++# This tracks use of memory allocations and other registrations and reports ++# incorrect use with a backtrace of call (or allocation) location. ++#CONFIG_WPA_TRACE=y ++# For BSD, comment out these. ++#LIBS += -lexecinfo ++#LIBS_p += -lexecinfo ++#LIBS_c += -lexecinfo ++ ++# Use libbfd to get more details for developer debugging ++# This enables use of libbfd to get more detailed symbols for the backtraces ++# generated by CONFIG_WPA_TRACE=y. ++#CONFIG_WPA_TRACE_BFD=y ++# For BSD, comment out these. ++#LIBS += -lbfd -liberty -lz ++#LIBS_p += -lbfd -liberty -lz ++#LIBS_c += -lbfd -liberty -lz ++ ++# hostapd depends on strong random number generation being available from the ++# operating system. os_get_random() function is used to fetch random data when ++# needed, e.g., for key generation. On Linux and BSD systems, this works by ++# reading /dev/urandom. It should be noted that the OS entropy pool needs to be ++# properly initialized before hostapd is started. This is important especially ++# on embedded devices that do not have a hardware random number generator and ++# may by default start up with minimal entropy available for random number ++# generation. ++# ++# As a safety net, hostapd is by default trying to internally collect ++# additional entropy for generating random data to mix in with the data ++# fetched from the OS. This by itself is not considered to be very strong, but ++# it may help in cases where the system pool is not initialized properly. ++# However, it is very strongly recommended that the system pool is initialized ++# with enough entropy either by using hardware assisted random number ++# generator or by storing state over device reboots. ++# ++# hostapd can be configured to maintain its own entropy store over restarts to ++# enhance random number generation. This is not perfect, but it is much more ++# secure than using the same sequence of random numbers after every reboot. ++# This can be enabled with -e command line option. The specified ++# file needs to be readable and writable by hostapd. ++# ++# If the os_get_random() is known to provide strong random data (e.g., on ++# Linux/BSD, the board in question is known to have reliable source of random ++# data from /dev/urandom), the internal hostapd random pool can be disabled. ++# This will save some in binary size and CPU use. However, this should only be ++# considered for builds that are known to be used on devices that meet the ++# requirements described above. ++#CONFIG_NO_RANDOM_POOL=y ++ ++# Select TLS implementation ++# openssl = OpenSSL (default) ++# gnutls = GnuTLS ++# internal = Internal TLSv1 implementation (experimental) ++# none = Empty template ++#CONFIG_TLS=openssl ++ ++# TLS-based EAP methods require at least TLS v1.0. Newer version of TLS (v1.1) ++# can be enabled to get a stronger construction of messages when block ciphers ++# are used. ++#CONFIG_TLSV11=y ++ ++# If CONFIG_TLS=internal is used, additional library and include paths are ++# needed for LibTomMath. Alternatively, an integrated, minimal version of ++# LibTomMath can be used. See beginning of libtommath.c for details on benefits ++# and drawbacks of this option. ++#CONFIG_INTERNAL_LIBTOMMATH=y ++#ifndef CONFIG_INTERNAL_LIBTOMMATH ++#LTM_PATH=/usr/src/libtommath-0.39 ++#CFLAGS += -I$(LTM_PATH) ++#LIBS += -L$(LTM_PATH) ++#LIBS_p += -L$(LTM_PATH) ++#endif ++# At the cost of about 4 kB of additional binary size, the internal LibTomMath ++# can be configured to include faster routines for exptmod, sqr, and div to ++# speed up DH and RSA calculation considerably ++#CONFIG_INTERNAL_LIBTOMMATH_FAST=y ++ ++# Interworking (IEEE 802.11u) ++# This can be used to enable functionality to improve interworking with ++# external networks. ++#CONFIG_INTERWORKING=y +diff -urN hostapd-2.0.orig/hostapd/config_file.c hostapd-2.0/hostapd/config_file.c +--- hostapd-2.0.orig/hostapd/config_file.c 2013-01-12 23:42:53.000000000 +0800 ++++ hostapd-2.0/hostapd/config_file.c 2013-04-29 22:28:50.213434072 +0800 +@@ -116,6 +116,63 @@ + } + + ++// KARMA ++static int hostapd_config_read_karma_ssid(const char *fname, struct hostapd_config *conf) { ++ FILE *f; ++ char buf[33], *pos; ++ int line = 0; ++ karma_ssid_t *karma_ssid; ++ ++ if (!fname) ++ return 0; ++ ++ f = fopen(fname, "r"); ++ if (!f) { ++ wpa_printf(MSG_ERROR, "MAC list file '%s' not found.", fname); ++ return -1; ++ } ++ ++ while (fgets(buf, sizeof(buf), f)) { ++ line++; ++ ++ if (buf[0] == '#') ++ continue; ++ pos = buf; ++ while (*pos != '\0') { ++ if (*pos == '\n') { ++ *pos = '\0'; ++ break; ++ } ++ pos++; ++ } ++ if (buf[0] == '\0') ++ continue; ++ ++ wpa_printf(MSG_DEBUG, "Found ssid in file: %s", buf); ++ ++ if (strlen (buf) > HOSTAPD_MAX_SSID_LEN) { ++ wpa_printf(MSG_ERROR, "ESSID too long '%s' at " ++ "line %d in '%s'", buf, line, fname); ++ fclose(f); ++ return -1; ++ } ++ ++ karma_ssid = os_malloc (sizeof (karma_ssid_t)); ++ karma_ssid->length = strlen(buf); ++ karma_ssid->ssid = os_malloc (karma_ssid->length + 1); ++ os_memcpy(karma_ssid->ssid, buf, strlen(buf) + 1); ++ karma_ssid->next = conf->karma_list; ++ conf->karma_list = karma_ssid; ++ wpa_printf(MSG_DEBUG, "CTRL_IFACE KARMA ADDED SUCCESSFULLY"); ++ } ++ ++ fclose(f); ++ ++ return 0; ++} ++ ++// END KARMA ++ + static int hostapd_config_read_maclist(const char *fname, + struct mac_acl_entry **acl, int *num) + { +@@ -1752,6 +1809,30 @@ + bss->logger_syslog = atoi(pos); + } else if (os_strcmp(buf, "logger_stdout") == 0) { + bss->logger_stdout = atoi(pos); ++ // KARMA START ++ } else if (os_strcmp(buf, "karma_ssid_file") == 0) { ++ if (hostapd_config_read_karma_ssid (pos, conf)) ++ { ++ wpa_printf(MSG_ERROR, "Line %d: Failed to " ++ "read karma_ssid_file '%s'", ++ line, pos); ++ errors++; ++ } ++ } else if (os_strcmp(buf, "karma_black_white") == 0) { ++ int val = atoi(pos); ++ conf->karma_black_white = (val != 0); ++ if (conf->karma_black_white == 0) { ++ wpa_printf(MSG_DEBUG, "KARMA: White list mode"); ++ } else { ++ wpa_printf(MSG_DEBUG, "KARMA: Black list mode"); ++ } ++ } else if (os_strcmp(buf, "enable_karma") == 0) { ++ int val = atoi(pos); ++ conf->enable_karma = (val != 0); ++ if (conf->enable_karma) { ++ wpa_printf(MSG_DEBUG, "KARMA: Enabled"); ++ } ++ // KARMA END + } else if (os_strcmp(buf, "dump_file") == 0) { + bss->dump_log_name = os_strdup(pos); + } else if (os_strcmp(buf, "ssid") == 0) { +@@ -3047,6 +3128,17 @@ + + bss = conf->last_bss = conf->bss; + ++ // KARMA ++ // default Karma to off ++ conf->enable_karma = 0; ++ ++ // default to black list so everything is accepted ++ conf->karma_black_white = 1; ++ ++ // Nothing in the black/white list to start with ++ conf->karma_list = NULL; ++ // KARMA END ++ + while (fgets(buf, sizeof(buf), f)) { + bss = conf->last_bss; + line++; +diff -urN hostapd-2.0.orig/hostapd/ctrl_iface.c hostapd-2.0/hostapd/ctrl_iface.c +--- hostapd-2.0.orig/hostapd/ctrl_iface.c 2013-01-12 23:42:53.000000000 +0800 ++++ hostapd-2.0/hostapd/ctrl_iface.c 2013-04-29 22:28:50.214434072 +0800 +@@ -33,6 +33,7 @@ + #include "wps/wps.h" + #include "config_file.h" + #include "ctrl_iface.h" ++#include "ap/beacon.h" + + + struct wpa_ctrl_dst { +@@ -249,6 +250,170 @@ + return ret; + } + ++// KARMA START ++ ++static int hostapd_ctrl_iface_karma_get_black_white (struct hostapd_data *hapd) ++{ ++ wpa_printf(MSG_DEBUG, "KARMA CTRL_IFACE BLACK/WHITE QUERY (%i) x", hapd->iconf->karma_black_white); ++ return hapd->iconf->karma_black_white; ++} ++static int hostapd_ctrl_iface_karma_get_state (struct hostapd_data *hapd) ++{ ++ wpa_printf(MSG_DEBUG, "KARMA CTRL_IFACE STATUS QUERY"); ++ return hapd->iconf->enable_karma; ++} ++static int hostapd_ctrl_iface_karma_del_ssid (struct hostapd_data *hapd, ++ const char *ssid) { ++ wpa_printf(MSG_DEBUG, "KARMA CTRL_IFACE DEL SSID %s", ssid); ++ ++ karma_ssid_t *karma_ssid; ++ karma_ssid_t *previous_ssid; ++ ++ if (strlen(ssid) > HOSTAPD_MAX_SSID_LEN || strlen(ssid) == 0) { ++ return -1; ++ } ++ ++ karma_ssid = hapd->iconf->karma_list; ++ previous_ssid = NULL; ++ ++ while (karma_ssid != NULL) { ++// wpa_printf(MSG_DEBUG, "KARMA CTRL_IFACE Checking ssid %s against %s", karma_ssid->ssid, ssid); ++ ++ if (strncmp(karma_ssid->ssid, ssid, karma_ssid->length) == 0) { ++ wpa_printf(MSG_DEBUG, "KARMA CTRL_IFACE Match found, deleting and returning early"); ++ if (previous_ssid == NULL) { ++ hapd->iconf->karma_list = karma_ssid->next; ++ } else { ++ previous_ssid->next = karma_ssid->next; ++ } ++ os_free (karma_ssid); ++ return 0; ++ } ++ previous_ssid = karma_ssid; ++ karma_ssid = karma_ssid->next; ++ } ++ wpa_printf(MSG_DEBUG, "KARMA SCTRL_IFACE No match found"); ++ return 0; ++} ++// Used in the hostapd_ctrl_iface_karma_add_mac function to sort the MAC ACL list ++static int hostapd_acl_comp(const void *a, const void *b) ++{ ++ const struct mac_acl_entry *aa = a; ++ const struct mac_acl_entry *bb = b; ++ return os_memcmp(aa->addr, bb->addr, sizeof(macaddr)); ++} ++ ++static int hostapd_ctrl_iface_karma_add_mac (struct hostapd_data *hapd, ++ const char *mac, int black) { ++ ++ u8 addr[ETH_ALEN]; ++ struct mac_acl_entry *newacl; ++ struct hostapd_bss_config *bss; ++ char buf[128]; ++ struct mac_acl_entry **acl; ++ int *num; ++ // for now we don't care about VLANs so just hardcoding 0 ++ int vlan_id = 0; ++ ++ if (hwaddr_aton(mac, addr)) { ++ wpa_printf(MSG_ERROR, "Invalid MAC address '%s'", buf); ++ return -1; ++ } ++ ++ bss = hapd->iconf->last_bss; ++ if (black) { ++ hostapd_ctrl_iface_deauthenticate(hapd, buf); ++ num = &bss->num_deny_mac; ++ acl = &bss->deny_mac; ++ } else { ++ num = &bss->num_accept_mac; ++ acl = &bss->accept_mac; ++ } ++ ++ newacl = os_realloc(*acl, (*num + 1) * sizeof(**acl)); ++ if (newacl == NULL) { ++ wpa_printf(MSG_ERROR, "MAC list reallocation failed"); ++ return -1; ++ } ++ ++ *acl = newacl; ++ os_memcpy((*acl)[*num].addr, addr, ETH_ALEN); ++ (*acl)[*num].vlan_id = vlan_id; ++ (*num)++; ++ ++ qsort(*acl, *num, sizeof(**acl), hostapd_acl_comp); ++ ++ //num = &bss->num_deny_mac; ++ wpa_printf(MSG_DEBUG, "There are now %i MAC addresses in the list", *num); ++ ++ return 0; ++} ++ ++static int hostapd_ctrl_iface_karma_add_ssid (struct hostapd_data *hapd, ++ const char *ssid) { ++ wpa_printf(MSG_DEBUG, "KARMA CTRL_IFACE ADD SSID %s", ssid); ++ ++ karma_ssid_t *karma_ssid; ++ ++ if (strlen(ssid) > HOSTAPD_MAX_SSID_LEN || strlen(ssid) == 0) { ++ return -1; ++ } ++ ++ karma_ssid = os_malloc (sizeof (karma_ssid_t)); ++ karma_ssid->length = strlen(ssid); ++ karma_ssid->ssid = os_malloc (karma_ssid->length + 1); ++ os_memcpy(karma_ssid->ssid, ssid, strlen(ssid) + 1); ++ karma_ssid->next = hapd->iconf->karma_list; ++ hapd->iconf->karma_list = karma_ssid; ++ wpa_printf(MSG_DEBUG, "CTRL_IFACE KARMA ADDED SUCCESSFULLY"); ++ return 0; ++} ++ ++static int hostapd_ctrl_iface_karma_change_ssid (struct hostapd_data *hapd, ++ const char *ssid) { ++ wpa_printf(MSG_DEBUG, "KARMA CTRL_IFACE CHANGE SSID %s", ssid); ++ ++ if (strlen(ssid) > HOSTAPD_MAX_SSID_LEN || strlen(ssid) == 0) { ++ return -1; ++ } ++ ++ hapd->conf->ssid.ssid_len = strlen(ssid); ++ // Not sure if the +1 is needed here or not ++ os_memcpy(hapd->conf->ssid.ssid, ssid, strlen(ssid) + 1); ++ ieee802_11_set_beacon(hapd); ++ wpa_printf(MSG_DEBUG, "CTRL_IFACE KARMA Default SSID Changed"); ++ return 0; ++} ++ ++static int hostapd_ctrl_iface_karma_black_white (struct hostapd_data *hapd, ++ int status) ++{ ++ // 0 = white ++ if (status == 0) { ++ wpa_printf(MSG_DEBUG, "KARMA CTRL_IFACE White List"); ++ } else { ++ wpa_printf(MSG_DEBUG, "KARMA CTRL_IFACE Black List"); ++ } ++ hapd->iconf->karma_black_white = status; ++ wpa_printf(MSG_DEBUG, "KARMA CTRL_IFACE list passed in %i value %i", status, hapd->iconf->karma_black_white ); ++ ++ return 0; ++} ++ ++static int hostapd_ctrl_iface_karma_enable_disable (struct hostapd_data *hapd, ++ int status) ++{ ++ if (status) { ++ wpa_printf(MSG_DEBUG, "KARMA CTRL_IFACE ENABLED"); ++ } else { ++ wpa_printf(MSG_DEBUG, "KARMA CTRL_IFACE DISABLED"); ++ } ++ hapd->iconf->enable_karma = status; ++ ++ return 0; ++} ++ ++// KARMA END + + #ifdef CONFIG_WPS_NFC + static int hostapd_ctrl_iface_wps_nfc_tag_read(struct hostapd_data *hapd, +@@ -978,6 +1143,78 @@ + } else if (os_strncmp(buf, "DISABLE", 7) == 0) { + if (hostapd_ctrl_iface_disable(hapd->iface)) + reply_len = -1; ++ // KARMA ++ } else if (os_strcmp(buf, "KARMA_BLACK_WHITE") == 0) { ++ if (hostapd_ctrl_iface_karma_get_black_white(hapd)) { ++ os_memcpy(reply, "BLACK\n", 6); ++ reply_len = 6; ++ } else { ++ os_memcpy(reply, "WHITE\n", 6); ++ reply_len = 6; ++ } ++ } else if (os_strcmp(buf, "KARMA_STATE") == 0) { ++ if (hostapd_ctrl_iface_karma_get_state(hapd)) { ++ os_memcpy(reply, "ENABLED\n", 8); ++ reply_len = 8; ++ } else { ++ os_memcpy(reply, "DISABLED\n", 9); ++ reply_len = 9; ++ } ++ } else if (os_strncmp(buf, "KARMA_DEL_SSID ", 15) == 0) { ++ if (hostapd_ctrl_iface_karma_del_ssid (hapd, buf + 15)) { ++ reply_len = -1; ++ } else { ++ os_memcpy(reply, "DELETED\n", 8); ++ reply_len = 8; ++ } ++ } else if (os_strncmp(buf, "KARMA_ADD_SSID ", 15) == 0) { ++ if (hostapd_ctrl_iface_karma_add_ssid (hapd, buf + 15)) { ++ reply_len = -1; ++ } else { ++ os_memcpy(reply, "ADDED\n", 6); ++ reply_len = 6; ++ } ++ } else if (os_strncmp(buf, "KARMA_ADD_WHITE_MAC ", 20) == 0) { ++ if (hostapd_ctrl_iface_karma_add_mac (hapd, buf + 20, 0)) { ++ reply_len = -1; ++ } else { ++ os_memcpy(reply, "ADDED\n", 6); ++ reply_len = 6; ++ } ++ } else if (os_strncmp(buf, "KARMA_ADD_BLACK_MAC ", 20) == 0) { ++ if (hostapd_ctrl_iface_karma_add_mac (hapd, buf + 20, 1)) { ++ reply_len = -1; ++ } else { ++ os_memcpy(reply, "ADDED\n", 6); ++ reply_len = 6; ++ } ++ } else if (os_strcmp(buf, "KARMA_GET_SSID") == 0) { ++ wpa_printf(MSG_DEBUG, "KARMA CTRL_IFACE GET SSID"); ++ size_t len; ++ // +2 for the new line and the null byte terminator ++ len = hapd->conf->ssid.ssid_len + 2; ++ os_snprintf(reply, len, "%s\n", hapd->conf->ssid.ssid); ++ reply_len = len; ++ } else if (os_strncmp(buf, "KARMA_CHANGE_SSID ", 18) == 0) { ++ if (hostapd_ctrl_iface_karma_change_ssid (hapd, buf + 18)) { ++ reply_len = -1; ++ } else { ++ os_memcpy(reply, "CHANGED\n", 8); ++ reply_len = 8; ++ } ++ } else if (os_strcmp(buf, "KARMA_WHITE") == 0) { ++ if (hostapd_ctrl_iface_karma_black_white(hapd, 0)) ++ reply_len = -1; ++ } else if (os_strcmp(buf, "KARMA_BLACK") == 0) { ++ if (hostapd_ctrl_iface_karma_black_white(hapd, 1)) ++ reply_len = -1; ++ } else if (os_strcmp(buf, "KARMA_DISABLE") == 0) { ++ if (hostapd_ctrl_iface_karma_enable_disable(hapd, 0)) ++ reply_len = -1; ++ } else if (os_strcmp(buf, "KARMA_ENABLE") == 0) { ++ if (hostapd_ctrl_iface_karma_enable_disable(hapd, 1)) ++ reply_len = -1; ++ // END KARMA + } else { + os_memcpy(reply, "UNKNOWN COMMAND\n", 16); + reply_len = 16; +diff -urN hostapd-2.0.orig/hostapd/hostapd.conf hostapd-2.0/hostapd/hostapd.conf +--- hostapd-2.0.orig/hostapd/hostapd.conf 2013-01-12 23:42:53.000000000 +0800 ++++ hostapd-2.0/hostapd/hostapd.conf 2013-04-29 22:28:50.240434074 +0800 +@@ -1,3 +1,12 @@ ++# 0 = disabled ++# 1 = enabled ++enable_karma=1 ++ ++# 0 = white ++# 1 = black ++karma_black_white=1 ++#karma_ssid_file=/etc/hostapd_karma_ssid ++ + ##### hostapd configuration file ############################################## + # Empty lines and lines starting with # are ignored + +@@ -47,9 +56,9 @@ + # 4 = warning + # + logger_syslog=-1 +-logger_syslog_level=2 ++logger_syslog_level=0 + logger_stdout=-1 +-logger_stdout_level=2 ++logger_stdout_level=0 + + # Dump file for state information (on SIGUSR1) + dump_file=/tmp/hostapd.dump +@@ -1192,13 +1201,9 @@ + # in the AP). + #pbc_in_m1=1 + +-# Static access point PIN for initial configuration and adding Registrars ++# Access point PIN for initial configuration and adding Registrars + # If not set, hostapd will not allow external WPS Registrars to control the +-# access point. The AP PIN can also be set at runtime with hostapd_cli +-# wps_ap_pin command. Use of temporary (enabled by user action) and random +-# AP PIN is much more secure than configuring a static AP PIN here. As such, +-# use of the ap_pin parameter is not recommended if the AP device has means for +-# displaying a random PIN. ++# access point. + #ap_pin=12345670 + + # Skip building of automatic WPS credential +@@ -1525,8 +1530,13 @@ + # as the defaults for the following BSSes. However, it is recommended that all + # BSSes include explicit configuration of all relevant configuration items. + # +-#bss=wlan0_0 ++#bss=wlan10 + #ssid=test2 ++#bssid=02:21:91:01:11:31 ++# ++#bss=wlan11 ++#ssid=test3 ++#bssid=02:21:91:01:11:32 + # most of the above items can be used here (apart from radio interface specific + # items, like channel) + +diff -urN hostapd-2.0.orig/hostapd/hostapd_cli.c hostapd-2.0/hostapd/hostapd_cli.c +--- hostapd-2.0.orig/hostapd/hostapd_cli.c 2013-01-12 23:42:53.000000000 +0800 ++++ hostapd-2.0/hostapd/hostapd_cli.c 2013-04-29 22:28:50.236434074 +0800 +@@ -15,6 +15,9 @@ + #include "utils/edit.h" + #include "common/version.h" + ++// Added this here as it is in an include file that isn't normally included ++// by the cli ++#define HOSTAPD_MAX_SSID_LEN 32 + + static const char *hostapd_cli_version = + "hostapd_cli v" VERSION_STR "\n" +@@ -58,20 +61,20 @@ + + static const char *commands_help = + "Commands:\n" +-" mib get MIB variables (dot1x, dot11, radius)\n" +-" sta get MIB variables for one station\n" +-" all_sta get MIB variables for all stations\n" +-" new_sta add a new station\n" ++" mib get MIB variables (dot1x, dot11, radius)\n" ++" sta get MIB variables for one station\n" ++" all_sta get MIB variables for all stations\n" ++" new_sta add a new station\n" + " deauthenticate deauthenticate a station\n" +-" disassociate disassociate a station\n" ++" disassociate disassociate a station\n" + #ifdef CONFIG_IEEE80211W +-" sa_query send SA Query to a station\n" ++" sa_query send SA Query to a station\n" + #endif /* CONFIG_IEEE80211W */ + #ifdef CONFIG_WPS + " wps_pin [timeout] [addr] add WPS Enrollee PIN\n" +-" wps_check_pin verify PIN checksum\n" +-" wps_pbc indicate button pushed to initiate PBC\n" +-" wps_cancel cancel the pending WPS operation\n" ++" wps_check_pin verify PIN checksum\n" ++" wps_pbc indicate button pushed to initiate PBC\n" ++" wps_cancel cancel the pending WPS operation\n" + #ifdef CONFIG_WPS_NFC + " wps_nfc_tag_read report read NFC tag with WPS data\n" + " wps_nfc_config_token build NFC configuration token\n" +@@ -80,11 +83,24 @@ + " wps_ap_pin [params..] enable/disable AP PIN\n" + " wps_config configure AP\n" + #endif /* CONFIG_WPS */ +-" get_config show current configuration\n" +-" help show this usage help\n" +-" interface [ifname] show interfaces/select interface\n" +-" level change debug level\n" +-" license show full hostapd_cli license\n" ++" get_config show current configuration\n" ++" help show this usage help\n" ++" interface [ifname] show interfaces/select interface\n" ++" level change debug level\n" ++" license show full hostapd_cli license\n" ++" ping send a ping, get a pong\n" ++" karma_change_ssid change the default SSID for when Karma is off\n" ++" karma_get_ssid get the default SSID for when Karma is off\n" ++" karma_enable enable Karma\n" ++" karma_disable disable Karma\n" ++" karma_black blacklist Karma\n" ++" karma_white whitelist Karma\n" ++" karma_get_black_white get the black/whitelist state of Karma\n" ++" karma_add_ssid add an SSID to the black/white list\n" ++" karma_del_ssid delete an SSID from the black/white list\n" ++" karma_get_state get the state of Karma\n" ++" karma_add_black_mac add a MAC to the black list\n" ++" karma_add_white_mac add a MAC to the white list\n" + " quit exit hostapd_cli\n"; + + static struct wpa_ctrl *ctrl_conn; +@@ -323,6 +339,129 @@ + return wpa_ctrl_command(ctrl, buf); + } + ++// KARMA ++ ++static int hostapd_cli_cmd_karma_del_ssid(struct wpa_ctrl *ctrl, int argc, ++ char *argv[]) ++{ ++ char buf[50]; ++ if (argc < 1) { ++ printf("Invalid 'delete Karma SSID' command - exactly one " ++ "argument, SSID, is required.\n"); ++ return -1; ++ } ++ os_snprintf(buf, sizeof(buf), "KARMA_DEL_SSID %s", argv[0]); ++ return wpa_ctrl_command(ctrl, buf); ++} ++ ++static int hostapd_cli_cmd_karma_change_ssid(struct wpa_ctrl *ctrl, int argc, ++ char *argv[]) ++{ ++ // Max length of SSID is 32 chars + the command and the null byte ++ char buf[50]; ++ if (argc < 1) { ++ printf("Invalid 'change Karma SSID' command - exactly one " ++ "argument, SSID, is required.\n"); ++ return -1; ++ } ++ if (strlen(argv[0]) > HOSTAPD_MAX_SSID_LEN) { ++ printf("The max length of an SSID is %i\n", HOSTAPD_MAX_SSID_LEN); ++ return -1; ++ } ++ os_snprintf(buf, sizeof(buf), "KARMA_CHANGE_SSID %s", argv[0]); ++ return wpa_ctrl_command(ctrl, buf); ++} ++static int hostapd_cli_cmd_karma_get_ssid(struct wpa_ctrl *ctrl, int argc, ++ char *argv[]) ++{ ++ return wpa_ctrl_command(ctrl, "KARMA_GET_SSID"); ++} ++static int hostapd_cli_cmd_karma_add_white_mac(struct wpa_ctrl *ctrl, int argc, ++ char *argv[]) ++{ ++ // Max length of MAC is 17 chars + the command and the null byte ++ char buf[50]; ++ if (argc < 1) { ++ printf("Invalid 'add white MAC' command - exactly one " ++ "argument, MAC, is required.\n"); ++ return -1; ++ } ++ // Can't find a define for the length of a MAC address as a string ++ // ETH_ALEN is the number of individual bytes ++ if (strlen(argv[0]) != 17) { ++ printf("The MAC should be in the format 00:11:22:33:44:55\n"); ++ return -1; ++ } ++ os_snprintf(buf, sizeof(buf), "KARMA_ADD_WHITE_MAC %s", argv[0]); ++ return wpa_ctrl_command(ctrl, buf); ++} ++ ++static int hostapd_cli_cmd_karma_add_black_mac(struct wpa_ctrl *ctrl, int argc, ++ char *argv[]) ++{ ++ // Max length of MAC is 17 chars + the command and the null byte ++ char buf[50]; ++ if (argc < 1) { ++ printf("Invalid 'add black MAC' command - exactly one " ++ "argument, MAC, is required.\n"); ++ return -1; ++ } ++ // Can't find a define for the length of a MAC address as a string ++ // ETH_ALEN is the number of individual bytes ++ if (strlen(argv[0]) != 17) { ++ printf("The MAC should be in the format 00:11:22:33:44:55\n"); ++ return -1; ++ } ++ os_snprintf(buf, sizeof(buf), "KARMA_ADD_BLACK_MAC %s", argv[0]); ++ return wpa_ctrl_command(ctrl, buf); ++} ++ ++static int hostapd_cli_cmd_karma_add_ssid(struct wpa_ctrl *ctrl, int argc, ++ char *argv[]) ++{ ++ // Max length of SSID is 32 chars + the command and the null byte ++ char buf[50]; ++ if (argc < 1) { ++ printf("Invalid 'added Karma SSID' command - exactly one " ++ "argument, SSID, is required.\n"); ++ return -1; ++ } ++ if (strlen(argv[0]) > HOSTAPD_MAX_SSID_LEN) { ++ printf("The max length of an SSID is %i\n", HOSTAPD_MAX_SSID_LEN); ++ return -1; ++ } ++ os_snprintf(buf, sizeof(buf), "KARMA_ADD_SSID %s", argv[0]); ++ return wpa_ctrl_command(ctrl, buf); ++} ++ ++// These should be one function with a parameter ++ ++static int hostapd_cli_cmd_karma_disable(struct wpa_ctrl *ctrl, int argc, char *argv[]) ++{ ++ return wpa_ctrl_command(ctrl, "KARMA_DISABLE"); ++} ++static int hostapd_cli_cmd_karma_black(struct wpa_ctrl *ctrl, int argc, char *argv[]) ++{ ++ return wpa_ctrl_command(ctrl, "KARMA_BLACK"); ++} ++static int hostapd_cli_cmd_karma_white(struct wpa_ctrl *ctrl, int argc, char *argv[]) ++{ ++ return wpa_ctrl_command(ctrl, "KARMA_WHITE"); ++} ++static int hostapd_cli_cmd_karma_get_black_white(struct wpa_ctrl *ctrl, int argc, char *argv[]) ++{ ++ return wpa_ctrl_command(ctrl, "KARMA_BLACK_WHITE"); ++} ++static int hostapd_cli_cmd_karma_enable(struct wpa_ctrl *ctrl, int argc, char *argv[]) ++{ ++ return wpa_ctrl_command(ctrl, "KARMA_ENABLE"); ++} ++static int hostapd_cli_cmd_karma_get_state(struct wpa_ctrl *ctrl, int argc, char *argv[]) ++{ ++ return wpa_ctrl_command(ctrl, "KARMA_STATE"); ++} ++// END KARMA ++ + + #ifdef CONFIG_IEEE80211W + static int hostapd_cli_cmd_sa_query(struct wpa_ctrl *ctrl, int argc, +@@ -805,6 +944,22 @@ + { "quit", hostapd_cli_cmd_quit }, + { "set", hostapd_cli_cmd_set }, + { "get", hostapd_cli_cmd_get }, ++// KARMA ++// Because I always type ? first ++ { "?", hostapd_cli_cmd_help }, ++ { "karma_del_ssid", hostapd_cli_cmd_karma_del_ssid}, ++ { "karma_add_ssid", hostapd_cli_cmd_karma_add_ssid}, ++ { "karma_add_black_mac", hostapd_cli_cmd_karma_add_black_mac}, ++ { "karma_add_white_mac", hostapd_cli_cmd_karma_add_white_mac}, ++ { "karma_change_ssid", hostapd_cli_cmd_karma_change_ssid}, ++ { "karma_get_ssid", hostapd_cli_cmd_karma_get_ssid}, ++ { "karma_get_state", hostapd_cli_cmd_karma_get_state}, ++ { "karma_disable", hostapd_cli_cmd_karma_disable}, ++ { "karma_enable", hostapd_cli_cmd_karma_enable}, ++ { "karma_white", hostapd_cli_cmd_karma_white}, ++ { "karma_black", hostapd_cli_cmd_karma_black}, ++ { "karma_get_black_white", hostapd_cli_cmd_karma_get_black_white}, ++// END KARMA + { NULL, NULL } + }; + +diff -urN hostapd-2.0.orig/hostapd/main.c hostapd-2.0/hostapd/main.c +--- hostapd-2.0.orig/hostapd/main.c 2013-01-12 23:42:53.000000000 +0800 ++++ hostapd-2.0/hostapd/main.c 2013-04-29 22:28:50.241434074 +0800 +@@ -469,7 +469,8 @@ + "User space daemon for IEEE 802.11 AP management,\n" + "IEEE 802.1X/WPA/WPA2/EAP/RADIUS Authenticator\n" + "Copyright (c) 2002-2012, Jouni Malinen " +- "and contributors\n"); ++ "and contributors\n" ++ "Karma patches by Robin Wood - robin@digininja.org\n"); + } + + +diff -urN hostapd-2.0.orig/src/ap/ap_config.h hostapd-2.0/src/ap/ap_config.h +--- hostapd-2.0.orig/src/ap/ap_config.h 2013-01-12 23:42:53.000000000 +0800 ++++ hostapd-2.0/src/ap/ap_config.h 2013-04-29 22:28:50.241434074 +0800 +@@ -458,6 +458,19 @@ + }; + + ++/* ++* KARMA STUFF ++* ++* A structure to hold the black/white list ++* ++*/ ++typedef struct karma_ssid{ ++ int length; ++ char *ssid; ++ struct karma_ssid *next; ++} karma_ssid_t; ++// END KARMA ++ + /** + * struct hostapd_config - Per-radio interface configuration + */ +@@ -465,6 +478,14 @@ + struct hostapd_bss_config *bss, *last_bss; + size_t num_bss; + ++ // KARMA ++ int enable_karma; ++ // 0 = white ++ int karma_black_white; /* KARMA black or white list*/ ++ karma_ssid_t *karma_list; ++ ++ // KARMA END ++ + u16 beacon_int; + int rts_threshold; + int fragm_threshold; +diff -urN hostapd-2.0.orig/src/ap/beacon.c hostapd-2.0/src/ap/beacon.c +--- hostapd-2.0.orig/src/ap/beacon.c 2013-01-12 23:42:53.000000000 +0800 ++++ hostapd-2.0/src/ap/beacon.c 2013-04-29 22:33:38.536453428 +0800 +@@ -362,6 +362,11 @@ + size_t i, resp_len; + int noack; + enum ssid_match_result res; ++ // KARMA ++ karma_ssid_t *karma_ssid; ++ int found; ++ char *ssid = NULL; size_t ssid_len = 0; int free_ssid = 0; ++ // END KARMA + + ie = mgmt->u.probe_req.variable; + if (len < IEEE80211_HDRLEN + sizeof(mgmt->u.probe_req)) +@@ -436,24 +441,85 @@ + } + #endif /* CONFIG_P2P */ + +- res = ssid_match(hapd, elems.ssid, elems.ssid_len, +- elems.ssid_list, elems.ssid_list_len); +- if (res != NO_SSID_MATCH) { +- if (sta) +- sta->ssid_probe = &hapd->conf->ssid; +- } else { +- if (!(mgmt->da[0] & 0x01)) { ++ // KARMA ++ if (hapd->iconf->enable_karma) { ++ wpa_printf(MSG_MSGDUMP, "KARMA CTRL_IFACE Karam is enabled for handling probe request\n"); ++ // Max length for SSID is 32 chars ++ if (elems.ssid_len > 0 && elems.ssid_len <= 32) { ++ ++ char myssid_txt[33]; ++ ieee802_11_print_ssid(myssid_txt, elems.ssid, elems.ssid_len); ++ ++ wpa_printf(MSG_DEBUG, "KARMA CTRL_IFACE Requested ESSID is %s", myssid_txt); ++ ++ karma_ssid = hapd->iconf->karma_list; ++ ++ found = 0; ++ ++ while (karma_ssid != NULL) { ++ wpa_printf(MSG_DEBUG, "KARMA CTRL_IFACE Checking ESSID %s against %s", karma_ssid->ssid, myssid_txt); ++ ++ if (strlen(myssid_txt) == karma_ssid->length && strncmp(karma_ssid->ssid, myssid_txt, karma_ssid->length) == 0) { ++ wpa_printf(MSG_DEBUG, "KARMA CTRL_IFACE Match found, leaving loop"); ++ found = 1; ++ break; ++ } ++ karma_ssid = karma_ssid->next; ++ } ++ ++ if (hapd->iconf->karma_black_white == 0 && found == 0) { ++ // white list ++ wpa_printf(MSG_MSGDUMP, "KARMA: ESSID not found in white list mode so not accepting probe"); ++ return; ++ } ++ if (hapd->iconf->karma_black_white == 1 && found == 1) { ++ // black list ++ wpa_printf(MSG_MSGDUMP, "KARMA: ESSID found in black list mode so not accepting the probe"); ++ return; ++ } ++ ++ ssid = os_malloc(elems.ssid_len + 1); ++ free_ssid = 1; ++ ++ memcpy (ssid, elems.ssid, elems.ssid_len + 1); ++ ssid_len = elems.ssid_len; ++ if (sta) ++ sta->ssid_probe = &hapd->conf->ssid; ++ } ++ ++ if (elems.ssid_len != 0) { + char ssid_txt[33]; + ieee802_11_print_ssid(ssid_txt, elems.ssid, + elems.ssid_len); +- wpa_printf(MSG_MSGDUMP, "Probe Request from " MACSTR +- " for foreign SSID '%s' (DA " MACSTR ")%s", +- MAC2STR(mgmt->sa), ssid_txt, +- MAC2STR(mgmt->da), +- elems.ssid_list ? " (SSID list)" : ""); ++ wpa_printf(MSG_MSGDUMP, "KARMA: Probe Request from " MACSTR ++ " for SSID '%s'", ++ MAC2STR(mgmt->sa), ssid_txt); ++ } ++ } else { ++ wpa_printf(MSG_MSGDUMP, "KARMA is disabled when handling probe request\n"); ++ if (elems.ssid_len == 0 || ++ (elems.ssid_len == hapd->conf->ssid.ssid_len && ++ os_memcmp(elems.ssid, hapd->conf->ssid.ssid, elems.ssid_len) == ++ 0)) { ++ ssid = hapd->conf->ssid.ssid; ++ ssid_len = hapd->conf->ssid.ssid_len; ++ if (sta) ++ sta->ssid_probe = &hapd->conf->ssid; ++ } ++ ++ if (!ssid) { ++ if (!(mgmt->da[0] & 0x01)) { ++ char ssid_txt[33]; ++ ieee802_11_print_ssid(ssid_txt, elems.ssid, ++ elems.ssid_len); ++ wpa_printf(MSG_MSGDUMP, "Probe Request from " MACSTR ++ " for foreign SSID '%s'", ++ MAC2STR(mgmt->sa), ssid_txt); ++ } ++ return; + } +- return; + } ++ // KARMA END + + #ifdef CONFIG_INTERWORKING + if (elems.interworking && elems.interworking_len >= 1) { +@@ -468,14 +534,14 @@ + } + + if (elems.interworking && +- (elems.interworking_len == 7 || elems.interworking_len == 9)) { ++ (elems.interworking_len == 7 || elems.interworking_len == 9)) { + const u8 *hessid; + if (elems.interworking_len == 7) + hessid = elems.interworking + 1; + else + hessid = elems.interworking + 1 + 2; + if (!is_broadcast_ether_addr(hessid) && +- os_memcmp(hessid, hapd->conf->hessid, ETH_ALEN) != 0) { ++ os_memcmp(hessid, hapd->conf->hessid, ETH_ALEN) != 0) { + wpa_printf(MSG_MSGDUMP, "Probe Request from " MACSTR + " for mismatching HESSID " MACSTR + " ignored", +@@ -508,6 +574,13 @@ + wpa_printf(MSG_EXCESSIVE, "STA " MACSTR " sent probe request for %s " + "SSID", MAC2STR(mgmt->sa), + elems.ssid_len == 0 ? "broadcast" : "our"); ++ ++ // KARMA ++ if (free_ssid) { ++// wpa_printf(MSG_MSGDUMP, "KARMA ssid malloc'd so free it\n"); ++ os_free (ssid); ++ } ++ // END KARMA + } + + +diff -urN hostapd-2.0.orig/src/ap/ieee802_11.c hostapd-2.0/src/ap/ieee802_11.c +--- hostapd-2.0.orig/src/ap/ieee802_11.c 2013-01-12 23:42:53.000000000 +0800 ++++ hostapd-2.0/src/ap/ieee802_11.c 2013-04-29 22:28:50.242434074 +0800 +@@ -698,18 +698,28 @@ + if (ssid_ie == NULL) + return WLAN_STATUS_UNSPECIFIED_FAILURE; + +- if (ssid_ie_len != hapd->conf->ssid.ssid_len || +- os_memcmp(ssid_ie, hapd->conf->ssid.ssid, ssid_ie_len) != 0) { ++ // KARMA ++ if (hapd->iconf->enable_karma) { + char ssid_txt[33]; + ieee802_11_print_ssid(ssid_txt, ssid_ie, ssid_ie_len); +- hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211, +- HOSTAPD_LEVEL_INFO, +- "Station tried to associate with unknown SSID " +- "'%s'", ssid_txt); +- return WLAN_STATUS_UNSPECIFIED_FAILURE; +- } ++ wpa_printf(MSG_MSGDUMP, "KARMA: Checking SSID for start of association, pass through %s", ssid_txt); + +- return WLAN_STATUS_SUCCESS; ++ return WLAN_STATUS_SUCCESS; ++ } else { ++ if (ssid_ie_len != hapd->conf->ssid.ssid_len || ++ os_memcmp(ssid_ie, hapd->conf->ssid.ssid, ssid_ie_len) != 0) { ++ char ssid_txt[33]; ++ ieee802_11_print_ssid(ssid_txt, ssid_ie, ssid_ie_len); ++ hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211, ++ HOSTAPD_LEVEL_INFO, ++ "Station tried to associate with unknown SSID " ++ "'%s'", ssid_txt); ++ return WLAN_STATUS_UNSPECIFIED_FAILURE; ++ } ++ ++ return WLAN_STATUS_SUCCESS; ++ } ++ // KARMA END + } + + +@@ -1758,6 +1768,21 @@ + * step. + */ + ap_sta_set_authorized(hapd, sta, 1); ++ ++ // KARMA ++ // Print that it has associated and give the MAC and AP ++ // Doesn't currently work though as can't find ESSID ++ if (hapd->iconf->enable_karma) { ++ // This gives the ESSID of the AP and not the one from the probe. ++ //struct hostapd_ssid *ssid = sta->ssid; ++ ++ // printf("KARMA: Successful association of " MACSTR " to ESSID '%s'\n", ++ // MAC2STR(mgmt->da), ssid->ssid); ++ printf("KARMA: Successful association of " MACSTR "\n", ++ MAC2STR(mgmt->da)); ++ } ++ ++ // KARMA END + } + + if (reassoc) +diff -urN hostapd-2.0.orig/src/crypto/random.c hostapd-2.0/src/crypto/random.c +--- hostapd-2.0.orig/src/crypto/random.c 2013-01-12 23:42:53.000000000 +0800 ++++ hostapd-2.0/src/crypto/random.c 2013-04-29 22:28:50.243434074 +0800 +@@ -136,8 +136,8 @@ + */ + return; + } +- wpa_printf(MSG_EXCESSIVE, "Add randomness: count=%u entropy=%u", +- count, entropy); ++ //wpa_printf(MSG_EXCESSIVE, "Add randomness: count=%u entropy=%u", ++ // count, entropy); + + os_get_time(&t); + wpa_hexdump_key(MSG_EXCESSIVE, "random pool", diff --git a/net-wireless/hostapd/files/hostapd-2.0-tls_length_fix.patch b/net-wireless/hostapd/files/hostapd-2.0-tls_length_fix.patch new file mode 100644 index 000000000..bda92cf40 --- /dev/null +++ b/net-wireless/hostapd/files/hostapd-2.0-tls_length_fix.patch @@ -0,0 +1,48 @@ +From 586c446e0ff42ae00315b014924ec669023bd8de Mon Sep 17 00:00:00 2001 +From: Jouni Malinen +Date: Sun, 7 Oct 2012 20:06:29 +0300 +Subject: [PATCH] EAP-TLS server: Fix TLS Message Length validation + +EAP-TLS/PEAP/TTLS/FAST server implementation did not validate TLS +Message Length value properly and could end up trying to store more +information into the message buffer than the allocated size if the first +fragment is longer than the indicated size. This could result in hostapd +process terminating in wpabuf length validation. Fix this by rejecting +messages that have invalid TLS Message Length value. + +This would affect cases that use the internal EAP authentication server +in hostapd either directly with IEEE 802.1X or when using hostapd as a +RADIUS authentication server and when receiving an incorrectly +constructed EAP-TLS message. Cases where hostapd uses an external +authentication are not affected. + +Thanks to Timo Warns for finding and reporting this issue. + +Signed-hostap: Jouni Malinen +intended-for: hostap-1 +--- + src/eap_server/eap_server_tls_common.c | 8 ++++++++ + 1 files changed, 8 insertions(+), 0 deletions(-) + +diff --git a/src/eap_server/eap_server_tls_common.c b/src/eap_server/eap_server_tls_common.c +index 31be2ec..46f282b 100644 +--- a/src/eap_server/eap_server_tls_common.c ++++ b/src/eap_server/eap_server_tls_common.c +@@ -228,6 +228,14 @@ static int eap_server_tls_process_fragment(struct eap_ssl_data *data, + return -1; + } + ++ if (len > message_length) { ++ wpa_printf(MSG_INFO, "SSL: Too much data (%d bytes) in " ++ "first fragment of frame (TLS Message " ++ "Length %d bytes)", ++ (int) len, (int) message_length); ++ return -1; ++ } ++ + data->tls_in = wpabuf_alloc(message_length); + if (data->tls_in == NULL) { + wpa_printf(MSG_DEBUG, "SSL: No memory for message"); +-- +1.7.4-rc1 + diff --git a/net-wireless/hostapd/hostapd-2.0.ebuild b/net-wireless/hostapd/hostapd-2.0.ebuild new file mode 100644 index 000000000..e7fbdfa87 --- /dev/null +++ b/net-wireless/hostapd/hostapd-2.0.ebuild @@ -0,0 +1,208 @@ +# Copyright 1999-2013 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/net-wireless/hostapd/hostapd-2.0.ebuild,v 1.1 2013/01/21 10:42:21 gurligebis Exp $ + +EAPI="4" + +inherit toolchain-funcs eutils + +DESCRIPTION="IEEE 802.11 wireless LAN Host AP daemon" +HOMEPAGE="http://hostap.epitest.fi" +SRC_URI="http://hostap.epitest.fi/releases/${P}.tar.gz" + +LICENSE="|| ( GPL-2 BSD )" +SLOT="0" +KEYWORDS="~amd64 ~mips ~ppc ~x86" +IUSE="debug ipv6 +karma logwatch madwifi +ssl +wps +crda" + +DEPEND="ssl? ( dev-libs/openssl ) + kernel_linux? ( + dev-libs/libnl:3 + crda? ( net-wireless/crda ) + ) + madwifi? ( || + ( >net-wireless/madwifi-ng-tools-0.9.3 + net-wireless/madwifi-old ) )" +RDEPEND="${DEPEND}" + +S="${S}/${PN}" + +src_prepare() { + cd .. + epatch "${FILESDIR}/${P}-tls_length_fix.patch" +#there is initial cui support in that version. Do we still need it? +# use cui && epatch "${FILESDIR}/${P}-cui.patch" + use karma && epatch "${FILESDIR}/${P}-karma.patch" +#this patch is coming +# use wpe && epatch "${FILESDIR}/${P}-wpe.patch" + sed -i -e "s:/etc/hostapd:/etc/hostapd/hostapd:g" \ + "${S}/hostapd.conf" || die +} + +src_configure() { + local CONFIG="${S}/.config" + + # toolchain setup + echo "CC = $(tc-getCC)" > ${CONFIG} + + # EAP authentication methods + echo "CONFIG_EAP=y" >> ${CONFIG} + echo "CONFIG_EAP_MD5=y" >> ${CONFIG} + + if use ssl; then + # SSL authentication methods + echo "CONFIG_EAP_TLS=y" >> ${CONFIG} + echo "CONFIG_EAP_TTLS=y" >> ${CONFIG} + echo "CONFIG_EAP_MSCHAPV2=y" >> ${CONFIG} + echo "CONFIG_EAP_PEAP=y" >> ${CONFIG} + fi + + if use wps; then + # Enable Wi-Fi Protected Setup + echo "CONFIG_WPS=y" >> ${CONFIG} + echo "CONFIG_WPS2=y" >> ${CONFIG} + echo "CONFIG_WPS_UPNP=y" >> ${CONFIG} + einfo "Enabling Wi-Fi Protected Setup support" + fi + + echo "CONFIG_EAP_GTC=y" >> ${CONFIG} + echo "CONFIG_EAP_SIM=y" >> ${CONFIG} + echo "CONFIG_EAP_AKA=y" >> ${CONFIG} + echo "CONFIG_EAP_PAX=y" >> ${CONFIG} + echo "CONFIG_EAP_PSK=y" >> ${CONFIG} + echo "CONFIG_EAP_SAKE=y" >> ${CONFIG} + echo "CONFIG_EAP_GPSK=y" >> ${CONFIG} + echo "CONFIG_EAP_GPSK_SHA256=y" >> ${CONFIG} + + einfo "Enabling drivers: " + + # drivers + echo "CONFIG_DRIVER_HOSTAP=y" >> ${CONFIG} + einfo " HostAP driver enabled" + echo "CONFIG_DRIVER_WIRED=y" >> ${CONFIG} + einfo " Wired driver enabled" + echo "CONFIG_DRIVER_PRISM54=y" >> ${CONFIG} + einfo " Prism54 driver enabled" + echo "CONFIG_DRIVER_NONE=y" >> ${CONFIG} + einfo " None driver enabled" + + if use madwifi; then + # Add include path for madwifi-driver headers + einfo " Madwifi driver enabled" + echo "CFLAGS += -I/usr/include/madwifi" >> ${CONFIG} + echo "CONFIG_DRIVER_MADWIFI=y" >> ${CONFIG} + else + einfo " Madwifi driver disabled" + fi + + einfo " nl80211 driver enabled" + echo "CONFIG_DRIVER_NL80211=y" >> ${CONFIG} + echo "CFLAGS += -I/usr/include/netlink" >> ${CONFIG} + echo "LIBS += -L/usr/lib" >> ${CONFIG} + + # misc + echo "CONFIG_PKCS12=y" >> ${CONFIG} + echo "CONFIG_RADIUS_SERVER=y" >> ${CONFIG} + echo "CONFIG_IAPP=y" >> ${CONFIG} + echo "CONFIG_IEEE80211R=y" >> ${CONFIG} + echo "CONFIG_IEEE80211W=y" >> ${CONFIG} + echo "CONFIG_IEEE80211N=y" >> ${CONFIG} + echo "CONFIG_PEERKEY=y" >> ${CONFIG} + echo "CONFIG_RSN_PREAUTH=y" >> ${CONFIG} + echo "CONFIG_INTERWORKING=y" >> ${CONFIG} + + if use ipv6; then + # IPv6 support + echo "CONFIG_IPV6=y" >> ${CONFIG} + fi + + if ! use debug; then + echo "CONFIG_NO_STDOUT_DEBUG=y" >> ${CONFIG} + fi + + # If we are using libnl 2.0 and above, enable support for it + # Removed for now, since the 3.2 version is broken, and we don't + # support it. + if has_version ">=dev-libs/libnl-3.2"; then + echo "CONFIG_LIBNL32=y" >> .config + fi + + # TODO: Add support for BSD drivers + + default_src_configure +} + +src_compile() { + emake V=1 + + if use ssl; then + emake V=1 nt_password_hash + emake V=1 hlr_auc_gw + fi +} + +src_install() { + insinto /etc/${PN} + doins ${PN}.{conf,accept,deny,eap_user,radius_clients,sim_db,wpa_psk} + + fperms -R 600 /etc/${PN} + + dosbin ${PN} + dobin ${PN}_cli + + use ssl && dobin nt_password_hash hlr_auc_gw + + newinitd "${FILESDIR}"/${PN}-init.d ${PN} + newconfd "${FILESDIR}"/${PN}-conf.d ${PN} + + doman ${PN}{.8,_cli.1} + + dodoc ChangeLog README + use wps && dodoc README-WPS + + docinto examples + dodoc wired.conf + + if use logwatch; then + insinto /etc/log.d/conf/services/ + doins logwatch/${PN}.conf + + exeinto /etc/log.d/scripts/services/ + doexe logwatch/${PN} + fi +} + +pkg_postinst() { + einfo + einfo "In order to use ${PN} you need to set up your wireless card" + einfo "for master mode in /etc/conf.d/net and then start" + einfo "/etc/init.d/${PN}." + einfo + einfo "Example configuration:" + einfo + einfo "config_wlan0=( \"192.168.1.1/24\" )" + einfo "channel_wlan0=\"6\"" + einfo "essid_wlan0=\"test\"" + einfo "mode_wlan0=\"master\"" + einfo + if use madwifi; then + einfo "This package compiles against the headers installed by" + einfo "madwifi-old, madwifi-ng or madwifi-ng-tools." + einfo "You should remerge ${PN} after upgrading these packages." + einfo + einfo "Since you are using the madwifi-ng driver, you should disable or" + einfo "comment out wme_enabled from ${PN}.conf, since it will" + einfo "cause problems otherwise (see bug #260377" + fi + #if [ -e "${KV_DIR}"/net/mac80211 ]; then + # einfo "This package now compiles against the headers installed by" + # einfo "the kernel source for the mac80211 driver. You should " + # einfo "re-emerge ${PN} after upgrading your kernel source." + #fi + + if use wps; then + einfo "You have enabled Wi-Fi Protected Setup support, please" + einfo "read the README-WPS file in /usr/share/doc/${P}" + einfo "for info on how to use WPS" + fi +}