Accepting request 99552 from home:gary_lin:branches:hardware

- Add wpa_supplicant-probed-cert-dbus-signal.patch to emit a D-Bus signal when the AP returned the certificate of the RADIUS server (bnc#574266) OBS-URL: https://build.opensuse.org/request/show/99552 OBS-URL: https://build.opensuse.org/package/show/hardware/wpa_supplicant?expand=0&rev=21
2012-01-10 09:45:39 +00:00 · 2012-01-10 09:45:39 +00:00 · 08c4dd71c1
commit 08c4dd71c1
parent 8476d82d25
3 changed files with 386 additions and 3 deletions
--- a/wpa_supplicant-probed-cert-dbus-signal.patch
+++ b/wpa_supplicant-probed-cert-dbus-signal.patch
@ -0,0 +1,373 @@
+commit ade74830b45466abb41b8e8dbc2f595d8bacb793
+Author: Michael Chang <mchang@novell.com>
+Date:   Tue Jul 5 12:22:32 2011 +0300
+
+    Add dbus signal for information about server certification
+    
+    In general, this patch attemps to extend commit
+    00468b4650998144f794762206c695c962c54734 with dbus support.
+    
+    This can be used by dbus client to implement subject match text
+    entry with preset value probed from server. This preset value, if
+    user accepts it, is remembered and passed to subject_match config
+    for any future authentication.
+    
+    Signed-off-by: Michael Chang <mchang@novell.com>
+
+Index: wpa_supplicant-0.7.3/src/eap_peer/eap.c
+===================================================================
+--- wpa_supplicant-0.7.3.orig/src/eap_peer/eap.c
+++ wpa_supplicant-0.7.3/src/eap_peer/eap.c
+@@ -1206,6 +1206,13 @@ static void eap_peer_sm_tls_event(void *
+ 				     data->peer_cert.subject,
+ 				     cert_hex);
+ 		}
+		if (sm->eapol_cb->notify_cert) {
+			sm->eapol_cb->notify_cert(sm->eapol_ctx,
+						  data->peer_cert.depth,
+						  data->peer_cert.subject,
+						  hash_hex,
+						  data->peer_cert.cert);
+		}
+ 		break;
+ 	}
+ 
+Index: wpa_supplicant-0.7.3/src/eap_peer/eap.h
+===================================================================
+--- wpa_supplicant-0.7.3.orig/src/eap_peer/eap.h
+++ wpa_supplicant-0.7.3/src/eap_peer/eap.h
+@@ -221,6 +221,17 @@ struct eapol_callbacks {
+ 	 */
+ 	void (*eap_param_needed)(void *ctx, const char *field,
+ 				 const char *txt);
+
+	/**
+	 * notify_cert - Notification of a peer certificate
+	 * @ctx: eapol_ctx from eap_peer_sm_init() call
+	 * @depth: Depth in certificate chain (0 = server)
+	 * @subject: Subject of the peer certificate
+	 * @cert_hash: SHA-256 hash of the certificate
+	 * @cert: Peer certificate
+	 */
+	void (*notify_cert)(void *ctx, int depth, const char *subject,
+			    const char *cert_hash, const struct wpabuf *cert);
+ };
+ 
+ /**
+Index: wpa_supplicant-0.7.3/src/eapol_supp/eapol_supp_sm.c
+===================================================================
+--- wpa_supplicant-0.7.3.orig/src/eapol_supp/eapol_supp_sm.c
+++ wpa_supplicant-0.7.3/src/eapol_supp/eapol_supp_sm.c
+@@ -1810,6 +1810,15 @@ static void eapol_sm_eap_param_needed(vo
+ #define eapol_sm_eap_param_needed NULL
+ #endif /* CONFIG_CTRL_IFACE || !CONFIG_NO_STDOUT_DEBUG */
+ 
+static void eapol_sm_notify_cert(void *ctx, int depth, const char *subject,
+				 const char *cert_hash,
+				 const struct wpabuf *cert)
+{
+	struct eapol_sm *sm = ctx;
+	if (sm->ctx->cert_cb)
+		sm->ctx->cert_cb(sm->ctx->ctx, depth, subject,
+				 cert_hash, cert);
+}
+ 
+ static struct eapol_callbacks eapol_cb =
+ {
+@@ -1822,7 +1831,8 @@ static struct eapol_callbacks eapol_cb =
+ 	eapol_sm_set_config_blob,
+ 	eapol_sm_get_config_blob,
+ 	eapol_sm_notify_pending,
+-	eapol_sm_eap_param_needed
+	eapol_sm_eap_param_needed,
+	eapol_sm_notify_cert
+ };
+ 
+ 
+Index: wpa_supplicant-0.7.3/src/eapol_supp/eapol_supp_sm.h
+===================================================================
+--- wpa_supplicant-0.7.3.orig/src/eapol_supp/eapol_supp_sm.h
+++ wpa_supplicant-0.7.3/src/eapol_supp/eapol_supp_sm.h
+@@ -220,6 +220,17 @@ struct eapol_ctx {
+ 	 * @authorized: Whether the supplicant port is now in authorized state
+ 	 */
+ 	void (*port_cb)(void *ctx, int authorized);
+
+	/**
+	 * cert_cb - Notification of a peer certificate
+	 * @ctx: Callback context (ctx)
+	 * @depth: Depth in certificate chain (0 = server)
+	 * @subject: Subject of the peer certificate
+	 * @cert_hash: SHA-256 hash of the certificate
+	 * @cert: Peer certificate
+	 */
+	void (*cert_cb)(void *ctx, int depth, const char *subject,
+			const char *cert_hash, const struct wpabuf *cert);
+ };
+ 
+ 
+Index: wpa_supplicant-0.7.3/wpa_supplicant/dbus/dbus_new.c
+===================================================================
+--- wpa_supplicant-0.7.3.orig/wpa_supplicant/dbus/dbus_new.c
+++ wpa_supplicant-0.7.3/wpa_supplicant/dbus/dbus_new.c
+@@ -650,6 +650,53 @@ nomem:
+ 
+ #endif /* CONFIG_WPS */
+ 
+void wpas_dbus_signal_certification(struct wpa_supplicant *wpa_s,
+				    int depth, const char *subject,
+				    const char *cert_hash,
+				    const struct wpabuf *cert)
+{
+	struct wpas_dbus_priv *iface;
+	DBusMessage *msg;
+	DBusMessageIter iter, dict_iter;
+
+	iface = wpa_s->global->dbus;
+
+	/* Do nothing if the control interface is not turned on */
+	if (iface == NULL)
+		return;
+
+	msg = dbus_message_new_signal(wpa_s->dbus_new_path,
+				      WPAS_DBUS_NEW_IFACE_INTERFACE,
+				      "Certification");
+	if (msg == NULL)
+		return;
+
+	dbus_message_iter_init_append(msg, &iter);
+	if (!wpa_dbus_dict_open_write(&iter, &dict_iter))
+		goto nomem;
+
+	if (!wpa_dbus_dict_append_uint32(&dict_iter, "depth", depth) ||
+	    !wpa_dbus_dict_append_string(&dict_iter, "subject", subject))
+		goto nomem;
+
+	if (cert_hash &&
+	    !wpa_dbus_dict_append_string(&dict_iter, "cert_hash", cert_hash))
+		goto nomem;
+
+	if (cert &&
+	    !wpa_dbus_dict_append_byte_array(&dict_iter, "cert",
+					     wpabuf_head(cert),
+					     wpabuf_len(cert)))
+		goto nomem;
+
+	if (!wpa_dbus_dict_close_write(&iter, &dict_iter))
+		goto nomem;
+
+	dbus_connection_send(iface->con, msg, NULL);
+
+nomem:
+	dbus_message_unref(msg);
+}
+ 
+ /**
+  * wpas_dbus_signal_prop_changed - Signals change of property
+@@ -1488,6 +1535,12 @@ static const struct wpa_dbus_signal_desc
+ 	  }
+ 	},
+ #endif /* CONFIG_WPS */
+	{ "Certification", WPAS_DBUS_NEW_IFACE_INTERFACE,
+	  {
+		  { "certification", "a{sv}", ARG_OUT },
+		  END_ARGS
+	  }
+	},
+ 	{ NULL, NULL, { END_ARGS } }
+ };
+ 
+Index: wpa_supplicant-0.7.3/wpa_supplicant/dbus/dbus_new.h
+===================================================================
+--- wpa_supplicant-0.7.3.orig/wpa_supplicant/dbus/dbus_new.h
+++ wpa_supplicant-0.7.3/wpa_supplicant/dbus/dbus_new.h
+@@ -120,6 +120,10 @@ void wpas_dbus_signal_blob_removed(struc
+ void wpas_dbus_signal_debug_level_changed(struct wpa_global *global);
+ void wpas_dbus_signal_debug_timestamp_changed(struct wpa_global *global);
+ void wpas_dbus_signal_debug_show_keys_changed(struct wpa_global *global);
+void wpas_dbus_signal_certification(struct wpa_supplicant *wpa_s,
+				    int depth, const char *subject,
+				    const char *cert_hash,
+				    const struct wpabuf *cert);
+ 
+ #else /* CONFIG_CTRL_IFACE_DBUS_NEW */
+ 
+@@ -230,6 +234,14 @@ static inline void wpas_dbus_signal_debu
+ {
+ }
+ 
+static inline void wpas_dbus_signal_certification(struct wpa_supplicant *wpa_s,
+						  int depth,
+						  const char *subject,
+						  const char *cert_hash,
+						  const struct wpabuf *cert)
+{
+}
+
+ #endif /* CONFIG_CTRL_IFACE_DBUS_NEW */
+ 
+ #endif /* CTRL_IFACE_DBUS_H_NEW */
+Index: wpa_supplicant-0.7.3/wpa_supplicant/dbus/dbus_old.c
+===================================================================
+--- wpa_supplicant-0.7.3.orig/wpa_supplicant/dbus/dbus_old.c
+++ wpa_supplicant-0.7.3/wpa_supplicant/dbus/dbus_old.c
+@@ -547,6 +547,59 @@ void wpa_supplicant_dbus_notify_wps_cred
+ }
+ #endif /* CONFIG_WPS */
+ 
+void wpa_supplicant_dbus_notify_certification(struct wpa_supplicant *wpa_s,
+					      int depth, const char *subject,
+					      const char *cert_hash,
+					      const struct wpabuf *cert)
+{
+	struct wpas_dbus_priv *iface;
+	DBusMessage *_signal = NULL;
+	const char *hash;
+	const char *cert_hex;
+	int cert_hex_len;
+
+	/* Do nothing if the control interface is not turned on */
+	if (wpa_s->global == NULL)
+		return;
+	iface = wpa_s->global->dbus;
+	if (iface == NULL)
+		return;
+
+	_signal = dbus_message_new_signal(wpa_s->dbus_path,
+					  WPAS_DBUS_IFACE_INTERFACE,
+					  "Certification");
+	if (_signal == NULL) {
+		wpa_printf(MSG_ERROR,
+		           "dbus: wpa_supplicant_dbus_notify_certification: "
+		           "Could not create dbus signal; likely out of "
+		           "memory");
+		return;
+	}
+
+	hash = cert_hash ? cert_hash : "";
+	cert_hex = cert ? wpabuf_head(cert) : "";
+	cert_hex_len = cert ? wpabuf_len(cert) : 0;
+
+	if (!dbus_message_append_args(_signal,
+				      DBUS_TYPE_INT32,&depth,
+				      DBUS_TYPE_STRING, &subject,
+	                              DBUS_TYPE_STRING, &hash,
+	                              DBUS_TYPE_ARRAY, DBUS_TYPE_BYTE,
+				      &cert_hex, cert_hex_len,
+	                              DBUS_TYPE_INVALID)) {
+		wpa_printf(MSG_ERROR,
+		           "dbus: wpa_supplicant_dbus_notify_certification: "
+		           "Not enough memory to construct signal");
+		goto out;
+	}
+
+	dbus_connection_send(iface->con, _signal, NULL);
+
+out:
+	dbus_message_unref(_signal);
+
+}
+
+ 
+ /**
+  * wpa_supplicant_dbus_ctrl_iface_init - Initialize dbus control interface
+Index: wpa_supplicant-0.7.3/wpa_supplicant/dbus/dbus_old.h
+===================================================================
+--- wpa_supplicant-0.7.3.orig/wpa_supplicant/dbus/dbus_old.h
+++ wpa_supplicant-0.7.3/wpa_supplicant/dbus/dbus_old.h
+@@ -82,6 +82,10 @@ void wpa_supplicant_dbus_notify_state_ch
+ 					     enum wpa_states old_state);
+ void wpa_supplicant_dbus_notify_wps_cred(struct wpa_supplicant *wpa_s,
+ 					 const struct wps_credential *cred);
+void wpa_supplicant_dbus_notify_certification(struct wpa_supplicant *wpa_s,
+					      int depth, const char *subject,
+					      const char *cert_hash,
+					      const struct wpabuf *cert);
+ 
+ char * wpas_dbus_decompose_object_path(const char *path, char **network,
+                                        char **bssid);
+@@ -114,6 +118,14 @@ wpa_supplicant_dbus_notify_wps_cred(stru
+ {
+ }
+ 
+static inline void
+void wpa_supplicant_dbus_notify_certification(struct wpa_supplicant *wpa_s,
+					      int depth, const char *subject,
+					      const char *cert_hash,
+					      const struct wpabuf *cert)
+{
+}
+
+ static inline int
+ wpas_dbus_register_iface(struct wpa_supplicant *wpa_s)
+ {
+Index: wpa_supplicant-0.7.3/wpa_supplicant/notify.c
+===================================================================
+--- wpa_supplicant-0.7.3.orig/wpa_supplicant/notify.c
+++ wpa_supplicant-0.7.3/wpa_supplicant/notify.c
+@@ -337,3 +337,15 @@ void wpas_notify_resume(struct wpa_globa
+ 			wpa_supplicant_req_scan(wpa_s, 0, 100000);
+ 	}
+ }
+
+
+void wpas_notify_certification(struct wpa_supplicant *wpa_s, int depth,
+			       const char *subject, const char *cert_hash,
+			       const struct wpabuf *cert)
+{
+	/* notify the old DBus API */
+	wpa_supplicant_dbus_notify_certification(wpa_s, depth, subject,
+						 cert_hash, cert);
+	/* notify the new DBus API */
+	wpas_dbus_signal_certification(wpa_s, depth, subject, cert_hash, cert);
+}
+Index: wpa_supplicant-0.7.3/wpa_supplicant/notify.h
+===================================================================
+--- wpa_supplicant-0.7.3.orig/wpa_supplicant/notify.h
+++ wpa_supplicant-0.7.3/wpa_supplicant/notify.h
+@@ -78,4 +78,8 @@ void wpas_notify_debug_show_keys_changed
+ void wpas_notify_suspend(struct wpa_global *global);
+ void wpas_notify_resume(struct wpa_global *global);
+ 
+void wpas_notify_certification(struct wpa_supplicant *wpa_s, int depth,
+			       const char *subject, const char *cert_hash,
+			       const struct wpabuf *cert);
+
+ #endif /* NOTIFY_H */
+Index: wpa_supplicant-0.7.3/wpa_supplicant/wpas_glue.c
+===================================================================
+--- wpa_supplicant-0.7.3.orig/wpa_supplicant/wpas_glue.c
+++ wpa_supplicant-0.7.3/wpa_supplicant/wpas_glue.c
+@@ -32,6 +32,7 @@
+ #include "wps_supplicant.h"
+ #include "bss.h"
+ #include "scan.h"
+#include "notify.h"
+ 
+ 
+ #ifndef CONFIG_NO_CONFIG_BLOBS
+@@ -572,6 +573,16 @@ static void wpa_supplicant_port_cb(void
+ 		   authorized ? "Authorized" : "Unauthorized");
+ 	wpa_drv_set_supp_port(wpa_s, authorized);
+ }
+
+
+static void wpa_supplicant_cert_cb(void *ctx, int depth, const char *subject,
+				   const char *cert_hash,
+				   const struct wpabuf *cert)
+{
+	struct wpa_supplicant *wpa_s = ctx;
+
+	wpas_notify_certification(wpa_s, depth, subject, cert_hash, cert);
+}
+ #endif /* IEEE8021X_EAPOL */
+ 
+ 
+@@ -602,6 +613,7 @@ int wpa_supplicant_init_eapol(struct wpa
+ 	ctx->eap_param_needed = wpa_supplicant_eap_param_needed;
+ 	ctx->port_cb = wpa_supplicant_port_cb;
+ 	ctx->cb = wpa_supplicant_eapol_cb;
+	ctx->cert_cb = wpa_supplicant_cert_cb;
+ 	ctx->cb_ctx = wpa_s;
+ 	wpa_s->eapol = eapol_sm_init(ctx);
+ 	if (wpa_s->eapol == NULL) {
--- a/wpa_supplicant.changes
+++ b/wpa_supplicant.changes
@ -1,3 +1,10 @@
+-------------------------------------------------------------------
+Tue Jan 10 08:08:15 UTC 2012 - glin@suse.com
+
+- Add wpa_supplicant-probed-cert-dbus-signal.patch to emit a D-Bus
+  signal when the AP returned the certificate of the RADIUS server
+  (bnc#574266)
+
 -------------------------------------------------------------------
 Mon Oct 10 13:28:43 UTC 2011 - lnussel@suse.de

--- a/wpa_supplicant.spec
+++ b/wpa_supplicant.spec
@ -1,7 +1,7 @@
 #
 # spec file for package wpa_supplicant
 #
-# Copyright (c) 2011 SUSE LINUX Products GmbH, Nuernberg, Germany.
+# Copyright (c) 2012 SUSE LINUX Products GmbH, Nuernberg, Germany.
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@ -28,7 +28,7 @@ BuildRequires:  libnl-devel
 Url:            http://hostap.epitest.fi/wpa_supplicant/
 Version:        0.7.3
 Release:        6
-License:        BSD3c(or similar) ; GPLv2+
+License:        BSD-3-Clause ; GPL-2.0+
 Group:          Productivity/Networking/Other
 Summary:        WPA supplicant implementation
 Source:         http://hostap.epitest.fi/releases/wpa_supplicant-%{version}.tar.bz2
@ -47,6 +47,8 @@ Patch2:         wpa_supplicant-sigusr1-changes-debuglevel.patch
 Patch4:         wpa_supplicant-errormsg.patch
 # PATCH-FIX-UPSTREAM wpa_supplicant-dbus-events.patch dimstar@opensuse.org -- dbus: Emit property changed events when adding/removing BSSes, taken from git.
 Patch5:         wpa_supplicant-dbus-events.patch
+# PATCH-FIX-UPSTREAM wpa_supplicant-probed-cert-dbus-signal.patch bnc#574266 glin@suse.com -- emit a D-Bus signal when the AP returned the certificate of the RADIUS server
+Patch6:         wpa_supplicant-probed-cert-dbus-signal.patch
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 Requires:       logrotate

@ -62,7 +64,7 @@ Authors:
    Jouni Malinen <jkmaline@cc.hut.fi>

 %package gui
-License:        BSD3c(or similar) ; GPLv2+
+License:        BSD-3-Clause ; GPL-2.0+
 Summary:        WPA supplicant graphical front-end
 Requires:       wpa_supplicant
 Group:          System/Monitoring
@ -85,6 +87,7 @@ cp %{SOURCE1} wpa_supplicant/.config
 %patch2 -p0
 %patch4 -p0
 %patch5 -p1
+%patch6 -p1

 %build
 cd wpa_supplicant