From 7eaf650bbd550d84d812a331a3e54d8064de58f9628a44a727e81d71f44fe29a Mon Sep 17 00:00:00 2001 From: OBS User unknown Date: Tue, 11 Nov 2008 15:10:34 +0000 Subject: [PATCH] OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/wpa_supplicant?expand=0&rev=17 --- wpa_supplicant-dbus-reset-eapol.patch | 14 ++ wpa_supplicant-pkcs11-init-args.patch | 279 ++++++++++++++++++++++++++ wpa_supplicant.changes | 7 + wpa_supplicant.spec | 10 +- 4 files changed, 309 insertions(+), 1 deletion(-) create mode 100644 wpa_supplicant-dbus-reset-eapol.patch create mode 100644 wpa_supplicant-pkcs11-init-args.patch diff --git a/wpa_supplicant-dbus-reset-eapol.patch b/wpa_supplicant-dbus-reset-eapol.patch new file mode 100644 index 0000000..6941b40 --- /dev/null +++ b/wpa_supplicant-dbus-reset-eapol.patch @@ -0,0 +1,14 @@ +Index: wpa_supplicant-0.6.4/wpa_supplicant/ctrl_iface_dbus_handlers.c +=================================================================== +--- wpa_supplicant-0.6.4.orig/wpa_supplicant/ctrl_iface_dbus_handlers.c ++++ wpa_supplicant-0.6.4/wpa_supplicant/ctrl_iface_dbus_handlers.c +@@ -1239,7 +1239,9 @@ DBusMessage * wpas_dbus_iface_set_smartc + #endif /* EAP_TLS_OPENSSL */ + + eapol_sm_deinit(wpa_s->eapol); ++ wpa_s->eapol = NULL; + wpa_supplicant_init_eapol(wpa_s); ++ wpa_sm_set_eapol(wpa_s->wpa, wpa_s->eapol); + + return wpas_dbus_new_success_reply(message); + diff --git a/wpa_supplicant-pkcs11-init-args.patch b/wpa_supplicant-pkcs11-init-args.patch new file mode 100644 index 0000000..473fffb --- /dev/null +++ b/wpa_supplicant-pkcs11-init-args.patch @@ -0,0 +1,279 @@ +Index: wpa_supplicant-0.6.4/src/crypto/tls.h +=================================================================== +--- wpa_supplicant-0.6.4.orig/src/crypto/tls.h ++++ wpa_supplicant-0.6.4/src/crypto/tls.h +@@ -32,6 +32,7 @@ struct tls_config { + const char *opensc_engine_path; + const char *pkcs11_engine_path; + const char *pkcs11_module_path; ++ const char *pkcs11_module_init_args; + }; + + /** +Index: wpa_supplicant-0.6.4/src/crypto/tls_openssl.c +=================================================================== +--- wpa_supplicant-0.6.4.orig/src/crypto/tls_openssl.c ++++ wpa_supplicant-0.6.4/src/crypto/tls_openssl.c +@@ -653,9 +653,11 @@ static int tls_engine_load_dynamic_gener + * tls_engine_load_dynamic_pkcs11 - load the pkcs11 engine provided by opensc + * @pkcs11_so_path: pksc11_so_path from the configuration + * @pcks11_module_path: pkcs11_module_path from the configuration ++ * @pkcs11_module_init_args: pkcs11_module_init_args from the configuration + */ + static int tls_engine_load_dynamic_pkcs11(const char *pkcs11_so_path, +- const char *pkcs11_module_path) ++ const char *pkcs11_module_path, ++ const char *pkcs11_module_init_args) + { + char *engine_id = "pkcs11"; + const char *pre_cmd[] = { +@@ -668,6 +670,7 @@ static int tls_engine_load_dynamic_pkcs1 + }; + const char *post_cmd[] = { + "MODULE_PATH", NULL /* pkcs11_module_path */, ++ "INIT_ARGS", NULL /* pkcs11_module_init_args */, + NULL, NULL + }; + +@@ -678,6 +681,9 @@ static int tls_engine_load_dynamic_pkcs1 + pre_cmd[3] = engine_id; + post_cmd[1] = pkcs11_module_path; + ++ if (pkcs11_module_init_args) ++ post_cmd[3] = pkcs11_module_init_args; ++ + wpa_printf(MSG_DEBUG, "ENGINE: Loading pkcs11 Engine from %s", + pkcs11_so_path); + +@@ -747,7 +753,8 @@ void * tls_init(const struct tls_config + + if (tls_engine_load_dynamic_opensc(conf->opensc_engine_path) || + tls_engine_load_dynamic_pkcs11(conf->pkcs11_engine_path, +- conf->pkcs11_module_path)) { ++ conf->pkcs11_module_path, ++ conf->pkcs11_module_init_args)) { + tls_deinit(ssl); + return NULL; + } +Index: wpa_supplicant-0.6.4/src/eap_peer/eap.c +=================================================================== +--- wpa_supplicant-0.6.4.orig/src/eap_peer/eap.c ++++ wpa_supplicant-0.6.4/src/eap_peer/eap.c +@@ -1169,6 +1169,7 @@ struct eap_sm * eap_peer_sm_init(void *e + tlsconf.opensc_engine_path = conf->opensc_engine_path; + tlsconf.pkcs11_engine_path = conf->pkcs11_engine_path; + tlsconf.pkcs11_module_path = conf->pkcs11_module_path; ++ tlsconf.pkcs11_module_init_args = conf->pkcs11_module_init_args; + sm->ssl_ctx = tls_init(&tlsconf); + if (sm->ssl_ctx == NULL) { + wpa_printf(MSG_WARNING, "SSL: Failed to initialize TLS " +Index: wpa_supplicant-0.6.4/src/eap_peer/eap.h +=================================================================== +--- wpa_supplicant-0.6.4.orig/src/eap_peer/eap.h ++++ wpa_supplicant-0.6.4/src/eap_peer/eap.h +@@ -246,6 +246,13 @@ struct eap_config { + */ + const char *pkcs11_module_path; + /** ++ * pkcs11_module_init_args - OpenSC PKCS#11 module initialization ++ * arguments for OpenSSL engine. ++ * ++ * Usually, NULL. ++ */ ++ const char *pkcs11_module_init_args; ++ /** + * mac_addr - MAC address of the peer + * + * This can be left %NULL if not available. +Index: wpa_supplicant-0.6.4/src/eapol_supp/eapol_supp_sm.c +=================================================================== +--- wpa_supplicant-0.6.4.orig/src/eapol_supp/eapol_supp_sm.c ++++ wpa_supplicant-0.6.4/src/eapol_supp/eapol_supp_sm.c +@@ -1801,6 +1801,7 @@ struct eapol_sm *eapol_sm_init(struct ea + conf.opensc_engine_path = ctx->opensc_engine_path; + conf.pkcs11_engine_path = ctx->pkcs11_engine_path; + conf.pkcs11_module_path = ctx->pkcs11_module_path; ++ conf.pkcs11_module_init_args = ctx->pkcs11_module_init_args; + #endif /* EAP_TLS_OPENSSL */ + + sm->eap = eap_peer_sm_init(sm, &eapol_cb, sm->ctx->msg_ctx, &conf); +Index: wpa_supplicant-0.6.4/src/eapol_supp/eapol_supp_sm.h +=================================================================== +--- wpa_supplicant-0.6.4.orig/src/eapol_supp/eapol_supp_sm.h ++++ wpa_supplicant-0.6.4/src/eapol_supp/eapol_supp_sm.h +@@ -198,6 +198,15 @@ struct eapol_ctx { + * module is not loaded. + */ + const char *pkcs11_module_path; ++ ++ /** ++ * pkcs11_module_init_args - The initialization arguments to the OpenSSL ++ * OpenSC/PKCS#11 module. ++ * ++ * This is an OpenSSL specific configuration option for configuring ++ * the initialization arguments of the PKCS#11 module. ++ */ ++ const char *pkcs11_module_init_args; + #endif /* EAP_TLS_OPENSSL */ + + /** +Index: wpa_supplicant-0.6.4/wpa_supplicant/config.c +=================================================================== +--- wpa_supplicant-0.6.4.orig/wpa_supplicant/config.c ++++ wpa_supplicant-0.6.4/wpa_supplicant/config.c +@@ -1526,6 +1526,7 @@ void wpa_config_free(struct wpa_config * + os_free(config->opensc_engine_path); + os_free(config->pkcs11_engine_path); + os_free(config->pkcs11_module_path); ++ os_free(config->pkcs11_module_init_args); + #endif /* EAP_TLS_OPENSSL */ + os_free(config->driver_param); + os_free(config->pssid); +Index: wpa_supplicant-0.6.4/wpa_supplicant/config.h +=================================================================== +--- wpa_supplicant-0.6.4.orig/wpa_supplicant/config.h ++++ wpa_supplicant-0.6.4/wpa_supplicant/config.h +@@ -194,6 +194,15 @@ struct wpa_config { + * module is not loaded. + */ + char *pkcs11_module_path; ++ ++ /** ++ * pkcs11_module_init_args - The initialization arguments to the OpenSSL ++ * OpenSC/PKCS#11 module. ++ * ++ * This is an OpenSSL specific configuration option for configuring ++ * the initialization arguments of the PKCS#11 module. ++ */ ++ char *pkcs11_module_init_args; + #endif /* EAP_TLS_OPENSSL */ + + /** +Index: wpa_supplicant-0.6.4/wpa_supplicant/config_file.c +=================================================================== +--- wpa_supplicant-0.6.4.orig/wpa_supplicant/config_file.c ++++ wpa_supplicant-0.6.4/wpa_supplicant/config_file.c +@@ -355,6 +355,16 @@ static int wpa_config_process_pkcs11_mod + return 0; + } + ++static int wpa_config_process_pkcs11_module_init_args(struct wpa_config *config, ++ char *pos) ++{ ++ os_free(config->pkcs11_module_init_args); ++ config->pkcs11_module_init_args = os_strdup(pos); ++ wpa_printf(MSG_DEBUG, "pkcs11_module_init_args='%s'", ++ config->pkcs11_module_init_args); ++ return 0; ++} ++ + #endif /* EAP_TLS_OPENSSL */ + + +@@ -457,6 +467,9 @@ static int wpa_config_process_global(str + + if (os_strncmp(pos, "pkcs11_module_path=", 19) == 0) + return wpa_config_process_pkcs11_module_path(config, pos + 19); ++ ++ if (os_strncmp(pos, "pkcs11_module_init_args=", 24) == 0) ++ return wpa_config_process_pkcs11_module_init_args(config, pos + 24); + #endif /* EAP_TLS_OPENSSL */ + + if (os_strncmp(pos, "driver_param=", 13) == 0) +@@ -827,6 +840,9 @@ static void wpa_config_write_global(FILE + if (config->pkcs11_module_path) + fprintf(f, "pkcs11_module_path=%s\n", + config->pkcs11_module_path); ++ if (config->pkcs11_module_init_args) ++ fprintf(f, "pkcs11_module_init_args=%s\n", ++ config->pkcs11_module_init_args); + #endif /* EAP_TLS_OPENSSL */ + if (config->driver_param) + fprintf(f, "driver_param=%s\n", config->driver_param); +Index: wpa_supplicant-0.6.4/wpa_supplicant/ctrl_iface_dbus_handlers.c +=================================================================== +--- wpa_supplicant-0.6.4.orig/wpa_supplicant/ctrl_iface_dbus_handlers.c ++++ wpa_supplicant-0.6.4/wpa_supplicant/ctrl_iface_dbus_handlers.c +@@ -858,7 +858,7 @@ out: + static const char *dont_quote[] = { + "key_mgmt", "proto", "pairwise", "auth_alg", "group", "eap", + "opensc_engine_path", "pkcs11_engine_path", "pkcs11_module_path", +- "bssid", NULL ++ "pkcs11_module_init_args", "bssid", NULL + }; + + static dbus_bool_t should_quote_opt(const char *key) +@@ -1196,6 +1196,7 @@ DBusMessage * wpas_dbus_iface_set_smartc + char *opensc_engine_path = NULL; + char *pkcs11_engine_path = NULL; + char *pkcs11_module_path = NULL; ++ char *pkcs11_module_init_args = NULL; + struct wpa_dbus_dict_entry entry; + + if (!dbus_message_iter_init(message, &iter)) +@@ -1222,6 +1223,11 @@ DBusMessage * wpas_dbus_iface_set_smartc + pkcs11_module_path = os_strdup(entry.str_value); + if (pkcs11_module_path == NULL) + goto error; ++ } else if (!strcmp(entry.key, "pkcs11_module_init_args") && ++ (entry.type == DBUS_TYPE_STRING)) { ++ pkcs11_module_init_args = os_strdup(entry.str_value); ++ if (pkcs11_module_init_args == NULL) ++ goto error; + } else { + wpa_dbus_dict_entry_clear(&entry); + goto error; +@@ -1236,6 +1242,8 @@ DBusMessage * wpas_dbus_iface_set_smartc + wpa_s->conf->pkcs11_engine_path = pkcs11_engine_path; + os_free(wpa_s->conf->pkcs11_module_path); + wpa_s->conf->pkcs11_module_path = pkcs11_module_path; ++ os_free(wpa_s->conf->pkcs11_module_init_args); ++ wpa_s->conf->pkcs11_module_init_args = pkcs11_module_init_args; + #endif /* EAP_TLS_OPENSSL */ + + eapol_sm_deinit(wpa_s->eapol); +@@ -1247,6 +1255,7 @@ error: + os_free(opensc_engine_path); + os_free(pkcs11_engine_path); + os_free(pkcs11_module_path); ++ os_free(pkcs11_module_init_args); + return wpas_dbus_new_invalid_opts_error(message, NULL); + } + +Index: wpa_supplicant-0.6.4/wpa_supplicant/eapol_test.c +=================================================================== +--- wpa_supplicant-0.6.4.orig/wpa_supplicant/eapol_test.c ++++ wpa_supplicant-0.6.4/wpa_supplicant/eapol_test.c +@@ -335,6 +335,7 @@ static int test_eapol(struct eapol_test_ + ctx->opensc_engine_path = wpa_s->conf->opensc_engine_path; + ctx->pkcs11_engine_path = wpa_s->conf->pkcs11_engine_path; + ctx->pkcs11_module_path = wpa_s->conf->pkcs11_module_path; ++ ctx->pkcs11_module_init_args = wpa_s->conf->pkcs11_module_init_args; + #endif /* EAP_TLS_OPENSSL */ + + wpa_s->eapol = eapol_sm_init(ctx); +Index: wpa_supplicant-0.6.4/wpa_supplicant/wpa_supplicant.c +=================================================================== +--- wpa_supplicant-0.6.4.orig/wpa_supplicant/wpa_supplicant.c ++++ wpa_supplicant-0.6.4/wpa_supplicant/wpa_supplicant.c +@@ -560,7 +560,7 @@ int wpa_supplicant_reload_configuration( + wpa_s->current_ssid = NULL; + /* + * TODO: should notify EAPOL SM about changes in opensc_engine_path, +- * pkcs11_engine_path, pkcs11_module_path. ++ * pkcs11_engine_path, pkcs11_module_path, pkcs11_module_init_args. + */ + if (wpa_s->key_mgmt == WPA_KEY_MGMT_PSK || + wpa_s->key_mgmt == WPA_KEY_MGMT_FT_PSK) { +Index: wpa_supplicant-0.6.4/wpa_supplicant/wpas_glue.c +=================================================================== +--- wpa_supplicant-0.6.4.orig/wpa_supplicant/wpas_glue.c ++++ wpa_supplicant-0.6.4/wpa_supplicant/wpas_glue.c +@@ -535,6 +535,7 @@ int wpa_supplicant_init_eapol(struct wpa + ctx->opensc_engine_path = wpa_s->conf->opensc_engine_path; + ctx->pkcs11_engine_path = wpa_s->conf->pkcs11_engine_path; + ctx->pkcs11_module_path = wpa_s->conf->pkcs11_module_path; ++ ctx->pkcs11_module_init_args = wpa_s->conf->pkcs11_module_init_args; + #endif /* EAP_TLS_OPENSSL */ + ctx->eap_param_needed = wpa_supplicant_eap_param_needed; + ctx->cb = wpa_supplicant_eapol_cb; diff --git a/wpa_supplicant.changes b/wpa_supplicant.changes index 0d462c3..8109a66 100644 --- a/wpa_supplicant.changes +++ b/wpa_supplicant.changes @@ -1,3 +1,10 @@ +------------------------------------------------------------------- +Mon Nov 10 17:35:43 EET 2008 - tambet@novell.com + +- Fix a bug where authentication would always fail using PKCS#11 + interface from DBus control interface. +- Add support for PKCS#11 module initialization arguments. + ------------------------------------------------------------------- Mon Oct 13 15:11:54 CEST 2008 - hschaa@gmail.com diff --git a/wpa_supplicant.spec b/wpa_supplicant.spec index 4e9673c..1c8eb03 100644 --- a/wpa_supplicant.spec +++ b/wpa_supplicant.spec @@ -22,7 +22,7 @@ Name: wpa_supplicant BuildRequires: dbus-1-devel libqt4 libqt4-devel openssl-devel pkg-config readline-devel Url: http://hostap.epitest.fi/wpa_supplicant/ Version: 0.6.4 -Release: 14 +Release: 15 License: BSD 3-Clause; GPL v2 or later Group: Productivity/Networking/Other Summary: WPA supplicant implementation @@ -39,6 +39,8 @@ Patch5: wpa_supplicant-roaming.patch Patch6: wpa_supplicant-restore_scan_request_setting.patch Patch7: wpa_supplicant-dont_report_empty_initial_scan.patch Patch8: wpa_supplicant-fix_set_mode.patch +Patch9: wpa_supplicant-pkcs11-init-args.patch +Patch10: wpa_supplicant-dbus-reset-eapol.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build %description @@ -81,6 +83,8 @@ cp %{SOURCE1} wpa_supplicant/.config %patch7 -p1 %patch8 -p1 %patch5 -p1 +%patch9 -p1 +%patch10 -p1 %build cd wpa_supplicant @@ -125,6 +129,10 @@ install -m 755 wpa_supplicant/wpa_gui-qt4/wpa_gui %{buildroot}%{_sbindir} /usr/sbin/wpa_gui %changelog +* Mon Nov 10 2008 tambet@novell.com +- Fix a bug where authentication would always fail using PKCS#11 + interface from DBus control interface. +- Add support for PKCS#11 module initialization arguments. * Mon Oct 13 2008 hschaa@gmail.com - update wpa_supplicant-roaming.patch which enables roaming by default for some cards