Skip to content
Browse files

FL-598: hostapd, support for netif

  • Loading branch information...
1 parent 155ae8c commit 7ada6e5b09483de37a8a82a5c7018ca8b58e364b @angryvincent angryvincent committed Jun 24, 2013
View
1 net-wireless/hostapd/Manifest
@@ -0,0 +1 @@
+DIST hostapd-2.0.tar.gz 1376203 SHA256 262ce394b930bccc3d65fb99ee380f28d36444978f524c845a98e8e29f4e9d35 SHA512 25fddaaddb22903078cfaae29a1e955b60955f9f5542b52962a6a8d4c65146ca102e9ac085118ce422843c55349a74a019220dfd4926895e301d506dbc97b967 WHIRLPOOL e5ae2e760770d2f307b1c4235c9b0c9d25e1719a1d174efa30ce6bbbc07b5c46d5f7babc087b8f450f3b485fb640728ddd23761fb292bcd535ef38dc10ac1d45
View
48 net-wireless/hostapd/files/hostapd-2.0-tls_length_fix.patch
@@ -0,0 +1,48 @@
+From 586c446e0ff42ae00315b014924ec669023bd8de Mon Sep 17 00:00:00 2001
+From: Jouni Malinen <j@w1.fi>
+Date: Sun, 7 Oct 2012 20:06:29 +0300
+Subject: [PATCH] EAP-TLS server: Fix TLS Message Length validation
+
+EAP-TLS/PEAP/TTLS/FAST server implementation did not validate TLS
+Message Length value properly and could end up trying to store more
+information into the message buffer than the allocated size if the first
+fragment is longer than the indicated size. This could result in hostapd
+process terminating in wpabuf length validation. Fix this by rejecting
+messages that have invalid TLS Message Length value.
+
+This would affect cases that use the internal EAP authentication server
+in hostapd either directly with IEEE 802.1X or when using hostapd as a
+RADIUS authentication server and when receiving an incorrectly
+constructed EAP-TLS message. Cases where hostapd uses an external
+authentication are not affected.
+
+Thanks to Timo Warns for finding and reporting this issue.
+
+Signed-hostap: Jouni Malinen <j@w1.fi>
+intended-for: hostap-1
+---
+ src/eap_server/eap_server_tls_common.c | 8 ++++++++
+ 1 files changed, 8 insertions(+), 0 deletions(-)
+
+diff --git a/src/eap_server/eap_server_tls_common.c b/src/eap_server/eap_server_tls_common.c
+index 31be2ec..46f282b 100644
+--- a/src/eap_server/eap_server_tls_common.c
++++ b/src/eap_server/eap_server_tls_common.c
+@@ -228,6 +228,14 @@ static int eap_server_tls_process_fragment(struct eap_ssl_data *data,
+ return -1;
+ }
+
++ if (len > message_length) {
++ wpa_printf(MSG_INFO, "SSL: Too much data (%d bytes) in "
++ "first fragment of frame (TLS Message "
++ "Length %d bytes)",
++ (int) len, (int) message_length);
++ return -1;
++ }
++
+ data->tls_in = wpabuf_alloc(message_length);
+ if (data->tls_in == NULL) {
+ wpa_printf(MSG_DEBUG, "SSL: No memory for message");
+--
+1.7.4-rc1
+
View
9 net-wireless/hostapd/files/hostapd-conf.d
@@ -0,0 +1,9 @@
+# Space separated List of interfaces which needs to be started before
+# hostapd
+INTERFACES="wlan0"
+
+# Space separated list of configuration files
+CONFIGS="/etc/hostapd/hostapd.conf"
+
+# Extra options to pass to hostapd, see hostapd(8)
+OPTIONS=""
View
48 net-wireless/hostapd/files/hostapd-init.d
@@ -0,0 +1,48 @@
+#!/sbin/runscript
+# Distributed under the terms of the GNU General Public License v2
+
+extra_started_commands="reload"
+
+depend() {
+ local myneeds=
+ for iface in ${INTERFACES}; do
+ myneeds="${myneeds} netif.${iface}"
+ done
+
+ [ -n "${myneeds}" ] && need ${myneeds}
+ use logger
+}
+
+checkconfig() {
+ local file
+
+ for file in ${CONFIGS}; do
+ if [ ! -r "${file}" ]; then
+ eerror "hostapd configuration file (${CONFIG}) not found"
+ return 1
+ fi
+ done
+}
+
+start() {
+ checkconfig || return 1
+
+ ebegin "Starting ${SVCNAME}"
+ start-stop-daemon --start --exec /usr/sbin/hostapd \
+ -- -B ${OPTIONS} ${CONFIGS}
+ eend $?
+}
+
+stop() {
+ ebegin "Stopping ${SVCNAME}"
+ start-stop-daemon --stop --exec /usr/sbin/hostapd
+ eend $?
+}
+
+reload() {
+ checkconfig || return 1
+
+ ebegin "Reloading ${SVCNAME} configuration"
+ kill -HUP $(pidof /usr/sbin/hostapd) > /dev/null 2>&1
+ eend $?
+}
View
197 net-wireless/hostapd/hostapd-2.0.ebuild
@@ -0,0 +1,197 @@
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="4"
+
+inherit toolchain-funcs eutils
+
+DESCRIPTION="IEEE 802.11 wireless LAN Host AP daemon"
+HOMEPAGE="http://hostap.epitest.fi"
+SRC_URI="http://hostap.epitest.fi/releases/${P}.tar.gz"
+
+LICENSE="|| ( GPL-2 BSD )"
+SLOT="0"
+KEYWORDS="*"
+IUSE="ipv6 logwatch madwifi +ssl +wps +crda"
+
+DEPEND="ssl? ( dev-libs/openssl )
+ kernel_linux? (
+ dev-libs/libnl:3
+ crda? ( net-wireless/crda )
+ )
+ madwifi? ( ||
+ ( >net-wireless/madwifi-ng-tools-0.9.3
+ net-wireless/madwifi-old ) )"
+RDEPEND="${DEPEND}"
+
+S="${S}/${PN}"
+
+src_prepare() {
+ cd ..
+ epatch "${FILESDIR}/${P}-tls_length_fix.patch"
+
+ sed -i -e "s:/etc/hostapd:/etc/hostapd/hostapd:g" \
+ "${S}/hostapd.conf" || die
+}
+
+src_configure() {
+ local CONFIG="${S}/.config"
+
+ # toolchain setup
+ echo "CC = $(tc-getCC)" > ${CONFIG}
+
+ # EAP authentication methods
+ echo "CONFIG_EAP=y" >> ${CONFIG}
+ echo "CONFIG_EAP_MD5=y" >> ${CONFIG}
+
+ if use ssl; then
+ # SSL authentication methods
+ echo "CONFIG_EAP_TLS=y" >> ${CONFIG}
+ echo "CONFIG_EAP_TTLS=y" >> ${CONFIG}
+ echo "CONFIG_EAP_MSCHAPV2=y" >> ${CONFIG}
+ echo "CONFIG_EAP_PEAP=y" >> ${CONFIG}
+ fi
+
+ if use wps; then
+ # Enable Wi-Fi Protected Setup
+ echo "CONFIG_WPS=y" >> ${CONFIG}
+ echo "CONFIG_WPS2=y" >> ${CONFIG}
+ echo "CONFIG_WPS_UPNP=y" >> ${CONFIG}
+ einfo "Enabling Wi-Fi Protected Setup support"
+ fi
+
+ echo "CONFIG_EAP_GTC=y" >> ${CONFIG}
+ echo "CONFIG_EAP_SIM=y" >> ${CONFIG}
+ echo "CONFIG_EAP_AKA=y" >> ${CONFIG}
+ echo "CONFIG_EAP_PAX=y" >> ${CONFIG}
+ echo "CONFIG_EAP_PSK=y" >> ${CONFIG}
+ echo "CONFIG_EAP_SAKE=y" >> ${CONFIG}
+ echo "CONFIG_EAP_GPSK=y" >> ${CONFIG}
+ echo "CONFIG_EAP_GPSK_SHA256=y" >> ${CONFIG}
+
+ einfo "Enabling drivers: "
+
+ # drivers
+ echo "CONFIG_DRIVER_HOSTAP=y" >> ${CONFIG}
+ einfo " HostAP driver enabled"
+ echo "CONFIG_DRIVER_WIRED=y" >> ${CONFIG}
+ einfo " Wired driver enabled"
+ echo "CONFIG_DRIVER_PRISM54=y" >> ${CONFIG}
+ einfo " Prism54 driver enabled"
+ echo "CONFIG_DRIVER_NONE=y" >> ${CONFIG}
+ einfo " None driver enabled"
+
+ if use madwifi; then
+ # Add include path for madwifi-driver headers
+ einfo " Madwifi driver enabled"
+ echo "CFLAGS += -I/usr/include/madwifi" >> ${CONFIG}
+ echo "CONFIG_DRIVER_MADWIFI=y" >> ${CONFIG}
+ else
+ einfo " Madwifi driver disabled"
+ fi
+
+ einfo " nl80211 driver enabled"
+ echo "CONFIG_DRIVER_NL80211=y" >> ${CONFIG}
+ echo "LIBS += -L/usr/lib" >> ${CONFIG}
+
+ # misc
+ echo "CONFIG_PKCS12=y" >> ${CONFIG}
+ echo "CONFIG_RADIUS_SERVER=y" >> ${CONFIG}
+ echo "CONFIG_IAPP=y" >> ${CONFIG}
+ echo "CONFIG_IEEE80211R=y" >> ${CONFIG}
+ echo "CONFIG_IEEE80211W=y" >> ${CONFIG}
+ echo "CONFIG_IEEE80211N=y" >> ${CONFIG}
+ echo "CONFIG_PEERKEY=y" >> ${CONFIG}
+ echo "CONFIG_RSN_PREAUTH=y" >> ${CONFIG}
+ echo "CONFIG_INTERWORKING=y" >> ${CONFIG}
+
+ if use ipv6; then
+ # IPv6 support
+ echo "CONFIG_IPV6=y" >> ${CONFIG}
+ fi
+
+ # If we are using libnl 2.0 and above, enable support for it
+ # Removed for now, since the 3.2 version is broken, and we don't
+ # support it.
+ if has_version ">=dev-libs/libnl-3.2"; then
+ echo "CONFIG_LIBNL32=y" >> .config
+ fi
+
+ # TODO: Add support for BSD drivers
+
+ default_src_configure
+}
+
+src_compile() {
+ emake V=1
+
+ if use ssl; then
+ emake V=1 nt_password_hash
+ emake V=1 hlr_auc_gw
+ fi
+}
+
+src_install() {
+ insinto /etc/${PN}
+ doins ${PN}.{conf,accept,deny,eap_user,radius_clients,sim_db,wpa_psk}
+
+ fperms -R 600 /etc/${PN}
+
+ dosbin ${PN}
+ dobin ${PN}_cli
+
+ use ssl && dobin nt_password_hash hlr_auc_gw
+
+ newinitd "${FILESDIR}"/${PN}-init.d ${PN}
+ newconfd "${FILESDIR}"/${PN}-conf.d ${PN}
+
+ doman ${PN}{.8,_cli.1}
+
+ dodoc ChangeLog README
+ use wps && dodoc README-WPS
+
+ docinto examples
+ dodoc wired.conf
+
+ if use logwatch; then
+ insinto /etc/log.d/conf/services/
+ doins logwatch/${PN}.conf
+
+ exeinto /etc/log.d/scripts/services/
+ doexe logwatch/${PN}
+ fi
+}
+
+pkg_postinst() {
+ einfo
+ einfo "In order to use ${PN} you need to set up your wireless card"
+ einfo "for master mode in /etc/conf.d/net and then start"
+ einfo "/etc/init.d/${PN}."
+ einfo
+ einfo "Example configuration:"
+ einfo
+ einfo "config_wlan0=( \"192.168.1.1/24\" )"
+ einfo "channel_wlan0=\"6\""
+ einfo "essid_wlan0=\"test\""
+ einfo "mode_wlan0=\"master\""
+ einfo
+ if use madwifi; then
+ einfo "This package compiles against the headers installed by"
+ einfo "madwifi-old, madwifi-ng or madwifi-ng-tools."
+ einfo "You should remerge ${PN} after upgrading these packages."
+ einfo
+ einfo "Since you are using the madwifi-ng driver, you should disable or"
+ einfo "comment out wme_enabled from ${PN}.conf, since it will"
+ einfo "cause problems otherwise (see bug #260377"
+ fi
+ #if [ -e "${KV_DIR}"/net/mac80211 ]; then
+ # einfo "This package now compiles against the headers installed by"
+ # einfo "the kernel source for the mac80211 driver. You should "
+ # einfo "re-emerge ${PN} after upgrading your kernel source."
+ #fi
+
+ if use wps; then
+ einfo "You have enabled Wi-Fi Protected Setup support, please"
+ einfo "read the README-WPS file in /usr/share/doc/${P}"
+ einfo "for info on how to use WPS"
+ fi
+}

0 comments on commit 7ada6e5

Please sign in to comment.
Something went wrong with that request. Please try again.