From 08c4dd71c10d950e3dbdacec19b4a4d9fc406d645560d80c2cbc9e7d7a683d7a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ismail=20D=C3=B6nmez?= Date: Tue, 10 Jan 2012 09:45:39 +0000 Subject: [PATCH] Accepting request 99552 from home:gary_lin:branches:hardware - Add wpa_supplicant-probed-cert-dbus-signal.patch to emit a D-Bus signal when the AP returned the certificate of the RADIUS server (bnc#574266) OBS-URL: https://build.opensuse.org/request/show/99552 OBS-URL: https://build.opensuse.org/package/show/hardware/wpa_supplicant?expand=0&rev=21 --- wpa_supplicant-probed-cert-dbus-signal.patch | 373 +++++++++++++++++++ wpa_supplicant.changes | 7 + wpa_supplicant.spec | 9 +- 3 files changed, 386 insertions(+), 3 deletions(-) create mode 100644 wpa_supplicant-probed-cert-dbus-signal.patch diff --git a/wpa_supplicant-probed-cert-dbus-signal.patch b/wpa_supplicant-probed-cert-dbus-signal.patch new file mode 100644 index 0000000..e1f2634 --- /dev/null +++ b/wpa_supplicant-probed-cert-dbus-signal.patch @@ -0,0 +1,373 @@ +commit ade74830b45466abb41b8e8dbc2f595d8bacb793 +Author: Michael Chang +Date: Tue Jul 5 12:22:32 2011 +0300 + + Add dbus signal for information about server certification + + In general, this patch attemps to extend commit + 00468b4650998144f794762206c695c962c54734 with dbus support. + + This can be used by dbus client to implement subject match text + entry with preset value probed from server. This preset value, if + user accepts it, is remembered and passed to subject_match config + for any future authentication. + + Signed-off-by: Michael Chang + +Index: wpa_supplicant-0.7.3/src/eap_peer/eap.c +=================================================================== +--- wpa_supplicant-0.7.3.orig/src/eap_peer/eap.c ++++ wpa_supplicant-0.7.3/src/eap_peer/eap.c +@@ -1206,6 +1206,13 @@ static void eap_peer_sm_tls_event(void * + data->peer_cert.subject, + cert_hex); + } ++ if (sm->eapol_cb->notify_cert) { ++ sm->eapol_cb->notify_cert(sm->eapol_ctx, ++ data->peer_cert.depth, ++ data->peer_cert.subject, ++ hash_hex, ++ data->peer_cert.cert); ++ } + break; + } + +Index: wpa_supplicant-0.7.3/src/eap_peer/eap.h +=================================================================== +--- wpa_supplicant-0.7.3.orig/src/eap_peer/eap.h ++++ wpa_supplicant-0.7.3/src/eap_peer/eap.h +@@ -221,6 +221,17 @@ struct eapol_callbacks { + */ + void (*eap_param_needed)(void *ctx, const char *field, + const char *txt); ++ ++ /** ++ * notify_cert - Notification of a peer certificate ++ * @ctx: eapol_ctx from eap_peer_sm_init() call ++ * @depth: Depth in certificate chain (0 = server) ++ * @subject: Subject of the peer certificate ++ * @cert_hash: SHA-256 hash of the certificate ++ * @cert: Peer certificate ++ */ ++ void (*notify_cert)(void *ctx, int depth, const char *subject, ++ const char *cert_hash, const struct wpabuf *cert); + }; + + /** +Index: wpa_supplicant-0.7.3/src/eapol_supp/eapol_supp_sm.c +=================================================================== +--- wpa_supplicant-0.7.3.orig/src/eapol_supp/eapol_supp_sm.c ++++ wpa_supplicant-0.7.3/src/eapol_supp/eapol_supp_sm.c +@@ -1810,6 +1810,15 @@ static void eapol_sm_eap_param_needed(vo + #define eapol_sm_eap_param_needed NULL + #endif /* CONFIG_CTRL_IFACE || !CONFIG_NO_STDOUT_DEBUG */ + ++static void eapol_sm_notify_cert(void *ctx, int depth, const char *subject, ++ const char *cert_hash, ++ const struct wpabuf *cert) ++{ ++ struct eapol_sm *sm = ctx; ++ if (sm->ctx->cert_cb) ++ sm->ctx->cert_cb(sm->ctx->ctx, depth, subject, ++ cert_hash, cert); ++} + + static struct eapol_callbacks eapol_cb = + { +@@ -1822,7 +1831,8 @@ static struct eapol_callbacks eapol_cb = + eapol_sm_set_config_blob, + eapol_sm_get_config_blob, + eapol_sm_notify_pending, +- eapol_sm_eap_param_needed ++ eapol_sm_eap_param_needed, ++ eapol_sm_notify_cert + }; + + +Index: wpa_supplicant-0.7.3/src/eapol_supp/eapol_supp_sm.h +=================================================================== +--- wpa_supplicant-0.7.3.orig/src/eapol_supp/eapol_supp_sm.h ++++ wpa_supplicant-0.7.3/src/eapol_supp/eapol_supp_sm.h +@@ -220,6 +220,17 @@ struct eapol_ctx { + * @authorized: Whether the supplicant port is now in authorized state + */ + void (*port_cb)(void *ctx, int authorized); ++ ++ /** ++ * cert_cb - Notification of a peer certificate ++ * @ctx: Callback context (ctx) ++ * @depth: Depth in certificate chain (0 = server) ++ * @subject: Subject of the peer certificate ++ * @cert_hash: SHA-256 hash of the certificate ++ * @cert: Peer certificate ++ */ ++ void (*cert_cb)(void *ctx, int depth, const char *subject, ++ const char *cert_hash, const struct wpabuf *cert); + }; + + +Index: wpa_supplicant-0.7.3/wpa_supplicant/dbus/dbus_new.c +=================================================================== +--- wpa_supplicant-0.7.3.orig/wpa_supplicant/dbus/dbus_new.c ++++ wpa_supplicant-0.7.3/wpa_supplicant/dbus/dbus_new.c +@@ -650,6 +650,53 @@ nomem: + + #endif /* CONFIG_WPS */ + ++void wpas_dbus_signal_certification(struct wpa_supplicant *wpa_s, ++ int depth, const char *subject, ++ const char *cert_hash, ++ const struct wpabuf *cert) ++{ ++ struct wpas_dbus_priv *iface; ++ DBusMessage *msg; ++ DBusMessageIter iter, dict_iter; ++ ++ iface = wpa_s->global->dbus; ++ ++ /* Do nothing if the control interface is not turned on */ ++ if (iface == NULL) ++ return; ++ ++ msg = dbus_message_new_signal(wpa_s->dbus_new_path, ++ WPAS_DBUS_NEW_IFACE_INTERFACE, ++ "Certification"); ++ if (msg == NULL) ++ return; ++ ++ dbus_message_iter_init_append(msg, &iter); ++ if (!wpa_dbus_dict_open_write(&iter, &dict_iter)) ++ goto nomem; ++ ++ if (!wpa_dbus_dict_append_uint32(&dict_iter, "depth", depth) || ++ !wpa_dbus_dict_append_string(&dict_iter, "subject", subject)) ++ goto nomem; ++ ++ if (cert_hash && ++ !wpa_dbus_dict_append_string(&dict_iter, "cert_hash", cert_hash)) ++ goto nomem; ++ ++ if (cert && ++ !wpa_dbus_dict_append_byte_array(&dict_iter, "cert", ++ wpabuf_head(cert), ++ wpabuf_len(cert))) ++ goto nomem; ++ ++ if (!wpa_dbus_dict_close_write(&iter, &dict_iter)) ++ goto nomem; ++ ++ dbus_connection_send(iface->con, msg, NULL); ++ ++nomem: ++ dbus_message_unref(msg); ++} + + /** + * wpas_dbus_signal_prop_changed - Signals change of property +@@ -1488,6 +1535,12 @@ static const struct wpa_dbus_signal_desc + } + }, + #endif /* CONFIG_WPS */ ++ { "Certification", WPAS_DBUS_NEW_IFACE_INTERFACE, ++ { ++ { "certification", "a{sv}", ARG_OUT }, ++ END_ARGS ++ } ++ }, + { NULL, NULL, { END_ARGS } } + }; + +Index: wpa_supplicant-0.7.3/wpa_supplicant/dbus/dbus_new.h +=================================================================== +--- wpa_supplicant-0.7.3.orig/wpa_supplicant/dbus/dbus_new.h ++++ wpa_supplicant-0.7.3/wpa_supplicant/dbus/dbus_new.h +@@ -120,6 +120,10 @@ void wpas_dbus_signal_blob_removed(struc + void wpas_dbus_signal_debug_level_changed(struct wpa_global *global); + void wpas_dbus_signal_debug_timestamp_changed(struct wpa_global *global); + void wpas_dbus_signal_debug_show_keys_changed(struct wpa_global *global); ++void wpas_dbus_signal_certification(struct wpa_supplicant *wpa_s, ++ int depth, const char *subject, ++ const char *cert_hash, ++ const struct wpabuf *cert); + + #else /* CONFIG_CTRL_IFACE_DBUS_NEW */ + +@@ -230,6 +234,14 @@ static inline void wpas_dbus_signal_debu + { + } + ++static inline void wpas_dbus_signal_certification(struct wpa_supplicant *wpa_s, ++ int depth, ++ const char *subject, ++ const char *cert_hash, ++ const struct wpabuf *cert) ++{ ++} ++ + #endif /* CONFIG_CTRL_IFACE_DBUS_NEW */ + + #endif /* CTRL_IFACE_DBUS_H_NEW */ +Index: wpa_supplicant-0.7.3/wpa_supplicant/dbus/dbus_old.c +=================================================================== +--- wpa_supplicant-0.7.3.orig/wpa_supplicant/dbus/dbus_old.c ++++ wpa_supplicant-0.7.3/wpa_supplicant/dbus/dbus_old.c +@@ -547,6 +547,59 @@ void wpa_supplicant_dbus_notify_wps_cred + } + #endif /* CONFIG_WPS */ + ++void wpa_supplicant_dbus_notify_certification(struct wpa_supplicant *wpa_s, ++ int depth, const char *subject, ++ const char *cert_hash, ++ const struct wpabuf *cert) ++{ ++ struct wpas_dbus_priv *iface; ++ DBusMessage *_signal = NULL; ++ const char *hash; ++ const char *cert_hex; ++ int cert_hex_len; ++ ++ /* Do nothing if the control interface is not turned on */ ++ if (wpa_s->global == NULL) ++ return; ++ iface = wpa_s->global->dbus; ++ if (iface == NULL) ++ return; ++ ++ _signal = dbus_message_new_signal(wpa_s->dbus_path, ++ WPAS_DBUS_IFACE_INTERFACE, ++ "Certification"); ++ if (_signal == NULL) { ++ wpa_printf(MSG_ERROR, ++ "dbus: wpa_supplicant_dbus_notify_certification: " ++ "Could not create dbus signal; likely out of " ++ "memory"); ++ return; ++ } ++ ++ hash = cert_hash ? cert_hash : ""; ++ cert_hex = cert ? wpabuf_head(cert) : ""; ++ cert_hex_len = cert ? wpabuf_len(cert) : 0; ++ ++ if (!dbus_message_append_args(_signal, ++ DBUS_TYPE_INT32,&depth, ++ DBUS_TYPE_STRING, &subject, ++ DBUS_TYPE_STRING, &hash, ++ DBUS_TYPE_ARRAY, DBUS_TYPE_BYTE, ++ &cert_hex, cert_hex_len, ++ DBUS_TYPE_INVALID)) { ++ wpa_printf(MSG_ERROR, ++ "dbus: wpa_supplicant_dbus_notify_certification: " ++ "Not enough memory to construct signal"); ++ goto out; ++ } ++ ++ dbus_connection_send(iface->con, _signal, NULL); ++ ++out: ++ dbus_message_unref(_signal); ++ ++} ++ + + /** + * wpa_supplicant_dbus_ctrl_iface_init - Initialize dbus control interface +Index: wpa_supplicant-0.7.3/wpa_supplicant/dbus/dbus_old.h +=================================================================== +--- wpa_supplicant-0.7.3.orig/wpa_supplicant/dbus/dbus_old.h ++++ wpa_supplicant-0.7.3/wpa_supplicant/dbus/dbus_old.h +@@ -82,6 +82,10 @@ void wpa_supplicant_dbus_notify_state_ch + enum wpa_states old_state); + void wpa_supplicant_dbus_notify_wps_cred(struct wpa_supplicant *wpa_s, + const struct wps_credential *cred); ++void wpa_supplicant_dbus_notify_certification(struct wpa_supplicant *wpa_s, ++ int depth, const char *subject, ++ const char *cert_hash, ++ const struct wpabuf *cert); + + char * wpas_dbus_decompose_object_path(const char *path, char **network, + char **bssid); +@@ -114,6 +118,14 @@ wpa_supplicant_dbus_notify_wps_cred(stru + { + } + ++static inline void ++void wpa_supplicant_dbus_notify_certification(struct wpa_supplicant *wpa_s, ++ int depth, const char *subject, ++ const char *cert_hash, ++ const struct wpabuf *cert) ++{ ++} ++ + static inline int + wpas_dbus_register_iface(struct wpa_supplicant *wpa_s) + { +Index: wpa_supplicant-0.7.3/wpa_supplicant/notify.c +=================================================================== +--- wpa_supplicant-0.7.3.orig/wpa_supplicant/notify.c ++++ wpa_supplicant-0.7.3/wpa_supplicant/notify.c +@@ -337,3 +337,15 @@ void wpas_notify_resume(struct wpa_globa + wpa_supplicant_req_scan(wpa_s, 0, 100000); + } + } ++ ++ ++void wpas_notify_certification(struct wpa_supplicant *wpa_s, int depth, ++ const char *subject, const char *cert_hash, ++ const struct wpabuf *cert) ++{ ++ /* notify the old DBus API */ ++ wpa_supplicant_dbus_notify_certification(wpa_s, depth, subject, ++ cert_hash, cert); ++ /* notify the new DBus API */ ++ wpas_dbus_signal_certification(wpa_s, depth, subject, cert_hash, cert); ++} +Index: wpa_supplicant-0.7.3/wpa_supplicant/notify.h +=================================================================== +--- wpa_supplicant-0.7.3.orig/wpa_supplicant/notify.h ++++ wpa_supplicant-0.7.3/wpa_supplicant/notify.h +@@ -78,4 +78,8 @@ void wpas_notify_debug_show_keys_changed + void wpas_notify_suspend(struct wpa_global *global); + void wpas_notify_resume(struct wpa_global *global); + ++void wpas_notify_certification(struct wpa_supplicant *wpa_s, int depth, ++ const char *subject, const char *cert_hash, ++ const struct wpabuf *cert); ++ + #endif /* NOTIFY_H */ +Index: wpa_supplicant-0.7.3/wpa_supplicant/wpas_glue.c +=================================================================== +--- wpa_supplicant-0.7.3.orig/wpa_supplicant/wpas_glue.c ++++ wpa_supplicant-0.7.3/wpa_supplicant/wpas_glue.c +@@ -32,6 +32,7 @@ + #include "wps_supplicant.h" + #include "bss.h" + #include "scan.h" ++#include "notify.h" + + + #ifndef CONFIG_NO_CONFIG_BLOBS +@@ -572,6 +573,16 @@ static void wpa_supplicant_port_cb(void + authorized ? "Authorized" : "Unauthorized"); + wpa_drv_set_supp_port(wpa_s, authorized); + } ++ ++ ++static void wpa_supplicant_cert_cb(void *ctx, int depth, const char *subject, ++ const char *cert_hash, ++ const struct wpabuf *cert) ++{ ++ struct wpa_supplicant *wpa_s = ctx; ++ ++ wpas_notify_certification(wpa_s, depth, subject, cert_hash, cert); ++} + #endif /* IEEE8021X_EAPOL */ + + +@@ -602,6 +613,7 @@ int wpa_supplicant_init_eapol(struct wpa + ctx->eap_param_needed = wpa_supplicant_eap_param_needed; + ctx->port_cb = wpa_supplicant_port_cb; + ctx->cb = wpa_supplicant_eapol_cb; ++ ctx->cert_cb = wpa_supplicant_cert_cb; + ctx->cb_ctx = wpa_s; + wpa_s->eapol = eapol_sm_init(ctx); + if (wpa_s->eapol == NULL) { diff --git a/wpa_supplicant.changes b/wpa_supplicant.changes index bacda39..6555b27 100644 --- a/wpa_supplicant.changes +++ b/wpa_supplicant.changes @@ -1,3 +1,10 @@ +------------------------------------------------------------------- +Tue Jan 10 08:08:15 UTC 2012 - glin@suse.com + +- Add wpa_supplicant-probed-cert-dbus-signal.patch to emit a D-Bus + signal when the AP returned the certificate of the RADIUS server + (bnc#574266) + ------------------------------------------------------------------- Mon Oct 10 13:28:43 UTC 2011 - lnussel@suse.de diff --git a/wpa_supplicant.spec b/wpa_supplicant.spec index 031bda4..6e3060c 100644 --- a/wpa_supplicant.spec +++ b/wpa_supplicant.spec @@ -1,7 +1,7 @@ # # spec file for package wpa_supplicant # -# Copyright (c) 2011 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2012 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -28,7 +28,7 @@ BuildRequires: libnl-devel Url: http://hostap.epitest.fi/wpa_supplicant/ Version: 0.7.3 Release: 6 -License: BSD3c(or similar) ; GPLv2+ +License: BSD-3-Clause ; GPL-2.0+ Group: Productivity/Networking/Other Summary: WPA supplicant implementation Source: http://hostap.epitest.fi/releases/wpa_supplicant-%{version}.tar.bz2 @@ -47,6 +47,8 @@ Patch2: wpa_supplicant-sigusr1-changes-debuglevel.patch Patch4: wpa_supplicant-errormsg.patch # PATCH-FIX-UPSTREAM wpa_supplicant-dbus-events.patch dimstar@opensuse.org -- dbus: Emit property changed events when adding/removing BSSes, taken from git. Patch5: wpa_supplicant-dbus-events.patch +# PATCH-FIX-UPSTREAM wpa_supplicant-probed-cert-dbus-signal.patch bnc#574266 glin@suse.com -- emit a D-Bus signal when the AP returned the certificate of the RADIUS server +Patch6: wpa_supplicant-probed-cert-dbus-signal.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build Requires: logrotate @@ -62,7 +64,7 @@ Authors: Jouni Malinen %package gui -License: BSD3c(or similar) ; GPLv2+ +License: BSD-3-Clause ; GPL-2.0+ Summary: WPA supplicant graphical front-end Requires: wpa_supplicant Group: System/Monitoring @@ -85,6 +87,7 @@ cp %{SOURCE1} wpa_supplicant/.config %patch2 -p0 %patch4 -p0 %patch5 -p1 +%patch6 -p1 %build cd wpa_supplicant