Accepting request 99552 from home:gary_lin:branches:hardware

- Add wpa_supplicant-probed-cert-dbus-signal.patch to emit a D-Bus signal when the AP returned the certificate of the RADIUS server (bnc#574266) OBS-URL: https://build.opensuse.org/request/show/99552 OBS-URL: https://build.opensuse.org/package/show/hardware/wpa_supplicant?expand=0&rev=21
2012-01-10 09:45:39 +00:00 · 2012-01-10 09:45:39 +00:00 · 08c4dd71c1
commit 08c4dd71c1
parent 8476d82d25
3 changed files with 386 additions and 3 deletions
--- a/wpa_supplicant-probed-cert-dbus-signal.patch
+++ b/wpa_supplicant-probed-cert-dbus-signal.patch
@ -0,0 +1,373 @@
 commit ade74830b45466abb41b8e8dbc2f595d8bacb793
 Author: Michael Chang <mchang@novell.com>
 Date:   Tue Jul 5 12:22:32 2011 +0300
    Add dbus signal for information about server certification
    In general, this patch attemps to extend commit
    00468b4650998144f794762206c695c962c54734 with dbus support.
    This can be used by dbus client to implement subject match text
    entry with preset value probed from server. This preset value, if
    user accepts it, is remembered and passed to subject_match config
    for any future authentication.
    Signed-off-by: Michael Chang <mchang@novell.com>
 Index: wpa_supplicant-0.7.3/src/eap_peer/eap.c
 ===================================================================
 --- wpa_supplicant-0.7.3.orig/src/eap_peer/eap.c
 +++ wpa_supplicant-0.7.3/src/eap_peer/eap.c
@@ -1206,6 +1206,13 @@ static void eap_peer_sm_tls_event(void *
 				     data->peer_cert.subject,
 				     cert_hex);
 		}
 +		if (sm->eapol_cb->notify_cert) {
 +			sm->eapol_cb->notify_cert(sm->eapol_ctx,
 +						  data->peer_cert.depth,
 +						  data->peer_cert.subject,
 +						  hash_hex,
 +						  data->peer_cert.cert);
 +		}
 		break;
 	}
 Index: wpa_supplicant-0.7.3/src/eap_peer/eap.h
 ===================================================================
 --- wpa_supplicant-0.7.3.orig/src/eap_peer/eap.h
 +++ wpa_supplicant-0.7.3/src/eap_peer/eap.h
@@ -221,6 +221,17 @@ struct eapol_callbacks {
 	 */
 	void (*eap_param_needed)(void *ctx, const char *field,
 				 const char *txt);
 +
 +	/**
 +	 * notify_cert - Notification of a peer certificate
 +	 * @ctx: eapol_ctx from eap_peer_sm_init() call
 +	 * @depth: Depth in certificate chain (0 = server)
 +	 * @subject: Subject of the peer certificate
 +	 * @cert_hash: SHA-256 hash of the certificate
 +	 * @cert: Peer certificate
 +	 */
 +	void (*notify_cert)(void *ctx, int depth, const char *subject,
 +			    const char *cert_hash, const struct wpabuf *cert);
 };
 /**
 Index: wpa_supplicant-0.7.3/src/eapol_supp/eapol_supp_sm.c
 ===================================================================
 --- wpa_supplicant-0.7.3.orig/src/eapol_supp/eapol_supp_sm.c
 +++ wpa_supplicant-0.7.3/src/eapol_supp/eapol_supp_sm.c
@@ -1810,6 +1810,15 @@ static void eapol_sm_eap_param_needed(vo
 #define eapol_sm_eap_param_needed NULL
 #endif /* CONFIG_CTRL_IFACE || !CONFIG_NO_STDOUT_DEBUG */
 +static void eapol_sm_notify_cert(void *ctx, int depth, const char *subject,
 +				 const char *cert_hash,
 +				 const struct wpabuf *cert)
 +{
 +	struct eapol_sm *sm = ctx;
 +	if (sm->ctx->cert_cb)
 +		sm->ctx->cert_cb(sm->ctx->ctx, depth, subject,
 +				 cert_hash, cert);
 +}
 static struct eapol_callbacks eapol_cb =
 {
@@ -1822,7 +1831,8 @@ static struct eapol_callbacks eapol_cb =
 	eapol_sm_set_config_blob,
 	eapol_sm_get_config_blob,
 	eapol_sm_notify_pending,
 -	eapol_sm_eap_param_needed
 +	eapol_sm_eap_param_needed,
 +	eapol_sm_notify_cert
 };
 Index: wpa_supplicant-0.7.3/src/eapol_supp/eapol_supp_sm.h
 ===================================================================
 --- wpa_supplicant-0.7.3.orig/src/eapol_supp/eapol_supp_sm.h
 +++ wpa_supplicant-0.7.3/src/eapol_supp/eapol_supp_sm.h
@@ -220,6 +220,17 @@ struct eapol_ctx {
 	 * @authorized: Whether the supplicant port is now in authorized state
 	 */
 	void (*port_cb)(void *ctx, int authorized);
 +
 +	/**
 +	 * cert_cb - Notification of a peer certificate
 +	 * @ctx: Callback context (ctx)
 +	 * @depth: Depth in certificate chain (0 = server)
 +	 * @subject: Subject of the peer certificate
 +	 * @cert_hash: SHA-256 hash of the certificate
 +	 * @cert: Peer certificate
 +	 */
 +	void (*cert_cb)(void *ctx, int depth, const char *subject,
 +			const char *cert_hash, const struct wpabuf *cert);
 };
 Index: wpa_supplicant-0.7.3/wpa_supplicant/dbus/dbus_new.c
 ===================================================================
 --- wpa_supplicant-0.7.3.orig/wpa_supplicant/dbus/dbus_new.c
 +++ wpa_supplicant-0.7.3/wpa_supplicant/dbus/dbus_new.c
@@ -650,6 +650,53 @@ nomem:
 #endif /* CONFIG_WPS */
 +void wpas_dbus_signal_certification(struct wpa_supplicant *wpa_s,
 +				    int depth, const char *subject,
 +				    const char *cert_hash,
 +				    const struct wpabuf *cert)
 +{
 +	struct wpas_dbus_priv *iface;
 +	DBusMessage *msg;
 +	DBusMessageIter iter, dict_iter;
 +
 +	iface = wpa_s->global->dbus;
 +
 +	/* Do nothing if the control interface is not turned on */
 +	if (iface == NULL)
 +		return;
 +
 +	msg = dbus_message_new_signal(wpa_s->dbus_new_path,
 +				      WPAS_DBUS_NEW_IFACE_INTERFACE,
 +				      "Certification");
 +	if (msg == NULL)
 +		return;
 +
 +	dbus_message_iter_init_append(msg, &iter);
 +	if (!wpa_dbus_dict_open_write(&iter, &dict_iter))
 +		goto nomem;
 +
 +	if (!wpa_dbus_dict_append_uint32(&dict_iter, "depth", depth) ||
 +	    !wpa_dbus_dict_append_string(&dict_iter, "subject", subject))
 +		goto nomem;
 +
 +	if (cert_hash &&
 +	    !wpa_dbus_dict_append_string(&dict_iter, "cert_hash", cert_hash))
 +		goto nomem;
 +
 +	if (cert &&
 +	    !wpa_dbus_dict_append_byte_array(&dict_iter, "cert",
 +					     wpabuf_head(cert),
 +					     wpabuf_len(cert)))
 +		goto nomem;
 +
 +	if (!wpa_dbus_dict_close_write(&iter, &dict_iter))
 +		goto nomem;
 +
 +	dbus_connection_send(iface->con, msg, NULL);
 +
 +nomem:
 +	dbus_message_unref(msg);
 +}
 /**
  * wpas_dbus_signal_prop_changed - Signals change of property
@@ -1488,6 +1535,12 @@ static const struct wpa_dbus_signal_desc
 	  }
 	},
 #endif /* CONFIG_WPS */
 +	{ "Certification", WPAS_DBUS_NEW_IFACE_INTERFACE,
 +	  {
 +		  { "certification", "a{sv}", ARG_OUT },
 +		  END_ARGS
 +	  }
 +	},
 	{ NULL, NULL, { END_ARGS } }
 };
 Index: wpa_supplicant-0.7.3/wpa_supplicant/dbus/dbus_new.h
 ===================================================================
 --- wpa_supplicant-0.7.3.orig/wpa_supplicant/dbus/dbus_new.h
 +++ wpa_supplicant-0.7.3/wpa_supplicant/dbus/dbus_new.h
@@ -120,6 +120,10 @@ void wpas_dbus_signal_blob_removed(struc
 void wpas_dbus_signal_debug_level_changed(struct wpa_global *global);
 void wpas_dbus_signal_debug_timestamp_changed(struct wpa_global *global);
 void wpas_dbus_signal_debug_show_keys_changed(struct wpa_global *global);
 +void wpas_dbus_signal_certification(struct wpa_supplicant *wpa_s,
 +				    int depth, const char *subject,
 +				    const char *cert_hash,
 +				    const struct wpabuf *cert);
 #else /* CONFIG_CTRL_IFACE_DBUS_NEW */
@@ -230,6 +234,14 @@ static inline void wpas_dbus_signal_debu
 {
 }
 +static inline void wpas_dbus_signal_certification(struct wpa_supplicant *wpa_s,
 +						  int depth,
 +						  const char *subject,
 +						  const char *cert_hash,
 +						  const struct wpabuf *cert)
 +{
 +}
 +
 #endif /* CONFIG_CTRL_IFACE_DBUS_NEW */
 #endif /* CTRL_IFACE_DBUS_H_NEW */
 Index: wpa_supplicant-0.7.3/wpa_supplicant/dbus/dbus_old.c
 ===================================================================
 --- wpa_supplicant-0.7.3.orig/wpa_supplicant/dbus/dbus_old.c
 +++ wpa_supplicant-0.7.3/wpa_supplicant/dbus/dbus_old.c
@@ -547,6 +547,59 @@ void wpa_supplicant_dbus_notify_wps_cred
 }
 #endif /* CONFIG_WPS */
 +void wpa_supplicant_dbus_notify_certification(struct wpa_supplicant *wpa_s,
 +					      int depth, const char *subject,
 +					      const char *cert_hash,
 +					      const struct wpabuf *cert)
 +{
 +	struct wpas_dbus_priv *iface;
 +	DBusMessage *_signal = NULL;
 +	const char *hash;
 +	const char *cert_hex;
 +	int cert_hex_len;
 +
 +	/* Do nothing if the control interface is not turned on */
 +	if (wpa_s->global == NULL)
 +		return;
 +	iface = wpa_s->global->dbus;
 +	if (iface == NULL)
 +		return;
 +
 +	_signal = dbus_message_new_signal(wpa_s->dbus_path,
 +					  WPAS_DBUS_IFACE_INTERFACE,
 +					  "Certification");
 +	if (_signal == NULL) {
 +		wpa_printf(MSG_ERROR,
 +		           "dbus: wpa_supplicant_dbus_notify_certification: "
 +		           "Could not create dbus signal; likely out of "
 +		           "memory");
 +		return;
 +	}
 +
 +	hash = cert_hash ? cert_hash : "";
 +	cert_hex = cert ? wpabuf_head(cert) : "";
 +	cert_hex_len = cert ? wpabuf_len(cert) : 0;
 +
 +	if (!dbus_message_append_args(_signal,
 +				      DBUS_TYPE_INT32,&depth,
 +				      DBUS_TYPE_STRING, &subject,
 +	                              DBUS_TYPE_STRING, &hash,
 +	                              DBUS_TYPE_ARRAY, DBUS_TYPE_BYTE,
 +				      &cert_hex, cert_hex_len,
 +	                              DBUS_TYPE_INVALID)) {
 +		wpa_printf(MSG_ERROR,
 +		           "dbus: wpa_supplicant_dbus_notify_certification: "
 +		           "Not enough memory to construct signal");
 +		goto out;
 +	}
 +
 +	dbus_connection_send(iface->con, _signal, NULL);
 +
 +out:
 +	dbus_message_unref(_signal);
 +
 +}
 +
 /**
  * wpa_supplicant_dbus_ctrl_iface_init - Initialize dbus control interface
 Index: wpa_supplicant-0.7.3/wpa_supplicant/dbus/dbus_old.h
 ===================================================================
 --- wpa_supplicant-0.7.3.orig/wpa_supplicant/dbus/dbus_old.h
 +++ wpa_supplicant-0.7.3/wpa_supplicant/dbus/dbus_old.h
@@ -82,6 +82,10 @@ void wpa_supplicant_dbus_notify_state_ch
 					     enum wpa_states old_state);
 void wpa_supplicant_dbus_notify_wps_cred(struct wpa_supplicant *wpa_s,
 					 const struct wps_credential *cred);
 +void wpa_supplicant_dbus_notify_certification(struct wpa_supplicant *wpa_s,
 +					      int depth, const char *subject,
 +					      const char *cert_hash,
 +					      const struct wpabuf *cert);
 char * wpas_dbus_decompose_object_path(const char *path, char **network,
                                        char **bssid);
@@ -114,6 +118,14 @@ wpa_supplicant_dbus_notify_wps_cred(stru
 {
 }
 +static inline void
 +void wpa_supplicant_dbus_notify_certification(struct wpa_supplicant *wpa_s,
 +					      int depth, const char *subject,
 +					      const char *cert_hash,
 +					      const struct wpabuf *cert)
 +{
 +}
 +
 static inline int
 wpas_dbus_register_iface(struct wpa_supplicant *wpa_s)
 {
 Index: wpa_supplicant-0.7.3/wpa_supplicant/notify.c
 ===================================================================
 --- wpa_supplicant-0.7.3.orig/wpa_supplicant/notify.c
 +++ wpa_supplicant-0.7.3/wpa_supplicant/notify.c
@@ -337,3 +337,15 @@ void wpas_notify_resume(struct wpa_globa
 			wpa_supplicant_req_scan(wpa_s, 0, 100000);
 	}
 }
 +
 +
 +void wpas_notify_certification(struct wpa_supplicant *wpa_s, int depth,
 +			       const char *subject, const char *cert_hash,
 +			       const struct wpabuf *cert)
 +{
 +	/* notify the old DBus API */
 +	wpa_supplicant_dbus_notify_certification(wpa_s, depth, subject,
 +						 cert_hash, cert);
 +	/* notify the new DBus API */
 +	wpas_dbus_signal_certification(wpa_s, depth, subject, cert_hash, cert);
 +}
 Index: wpa_supplicant-0.7.3/wpa_supplicant/notify.h
 ===================================================================
 --- wpa_supplicant-0.7.3.orig/wpa_supplicant/notify.h
 +++ wpa_supplicant-0.7.3/wpa_supplicant/notify.h
@@ -78,4 +78,8 @@ void wpas_notify_debug_show_keys_changed
 void wpas_notify_suspend(struct wpa_global *global);
 void wpas_notify_resume(struct wpa_global *global);
 +void wpas_notify_certification(struct wpa_supplicant *wpa_s, int depth,
 +			       const char *subject, const char *cert_hash,
 +			       const struct wpabuf *cert);
 +
 #endif /* NOTIFY_H */
 Index: wpa_supplicant-0.7.3/wpa_supplicant/wpas_glue.c
 ===================================================================
 --- wpa_supplicant-0.7.3.orig/wpa_supplicant/wpas_glue.c
 +++ wpa_supplicant-0.7.3/wpa_supplicant/wpas_glue.c
@@ -32,6 +32,7 @@
 #include "wps_supplicant.h"
 #include "bss.h"
 #include "scan.h"
 +#include "notify.h"
 #ifndef CONFIG_NO_CONFIG_BLOBS
@@ -572,6 +573,16 @@ static void wpa_supplicant_port_cb(void
 		   authorized ? "Authorized" : "Unauthorized");
 	wpa_drv_set_supp_port(wpa_s, authorized);
 }
 +
 +
 +static void wpa_supplicant_cert_cb(void *ctx, int depth, const char *subject,
 +				   const char *cert_hash,
 +				   const struct wpabuf *cert)
 +{
 +	struct wpa_supplicant *wpa_s = ctx;
 +
 +	wpas_notify_certification(wpa_s, depth, subject, cert_hash, cert);
 +}
 #endif /* IEEE8021X_EAPOL */
@@ -602,6 +613,7 @@ int wpa_supplicant_init_eapol(struct wpa
 	ctx->eap_param_needed = wpa_supplicant_eap_param_needed;
 	ctx->port_cb = wpa_supplicant_port_cb;
 	ctx->cb = wpa_supplicant_eapol_cb;
 +	ctx->cert_cb = wpa_supplicant_cert_cb;
 	ctx->cb_ctx = wpa_s;
 	wpa_s->eapol = eapol_sm_init(ctx);
 	if (wpa_s->eapol == NULL) {
--- a/wpa_supplicant.changes
+++ b/wpa_supplicant.changes
@ -1,3 +1,10 @@
 -------------------------------------------------------------------
 Tue Jan 10 08:08:15 UTC 2012 - glin@suse.com
 - Add wpa_supplicant-probed-cert-dbus-signal.patch to emit a D-Bus
  signal when the AP returned the certificate of the RADIUS server
  (bnc#574266)
 -------------------------------------------------------------------
 Mon Oct 10 13:28:43 UTC 2011 - lnussel@suse.de
--- a/wpa_supplicant.spec
+++ b/wpa_supplicant.spec
@ -1,7 +1,7 @@
 #
 # spec file for package wpa_supplicant
 #
-# Copyright (c) 2011 SUSE LINUX Products GmbH, Nuernberg, Germany.
+# Copyright (c) 2012 SUSE LINUX Products GmbH, Nuernberg, Germany.
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@ -28,7 +28,7 @@ BuildRequires:  libnl-devel
 Url:            http://hostap.epitest.fi/wpa_supplicant/
 Version:        0.7.3
 Release:        6
-License:        BSD3c(or similar) ; GPLv2+
+License:        BSD-3-Clause ; GPL-2.0+
 Group:          Productivity/Networking/Other
 Summary:        WPA supplicant implementation
 Source:         http://hostap.epitest.fi/releases/wpa_supplicant-%{version}.tar.bz2
@ -47,6 +47,8 @@ Patch2:         wpa_supplicant-sigusr1-changes-debuglevel.patch
 Patch4:         wpa_supplicant-errormsg.patch
 # PATCH-FIX-UPSTREAM wpa_supplicant-dbus-events.patch dimstar@opensuse.org -- dbus: Emit property changed events when adding/removing BSSes, taken from git.
 Patch5:         wpa_supplicant-dbus-events.patch
 # PATCH-FIX-UPSTREAM wpa_supplicant-probed-cert-dbus-signal.patch bnc#574266 glin@suse.com -- emit a D-Bus signal when the AP returned the certificate of the RADIUS server
 Patch6:         wpa_supplicant-probed-cert-dbus-signal.patch
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 Requires:       logrotate
@ -62,7 +64,7 @@ Authors:
    Jouni Malinen <jkmaline@cc.hut.fi>
 %package gui
-License:        BSD3c(or similar) ; GPLv2+
+License:        BSD-3-Clause ; GPL-2.0+
 Summary:        WPA supplicant graphical front-end
 Requires:       wpa_supplicant
 Group:          System/Monitoring
@ -85,6 +87,7 @@ cp %{SOURCE1} wpa_supplicant/.config
 %patch2 -p0
 %patch4 -p0
 %patch5 -p1
 %patch6 -p1
 %build
 cd wpa_supplicant