hostapd: Update vendor branch to 0.6.10 vendor/HOSTAPD
authorJan Lentfer <Jan.Lentfer@web.de>
Thu, 4 Feb 2010 12:26:03 +0000 (13:26 +0100)
committerJan Lentfer <Jan.Lentfer@web.de>
Thu, 4 Feb 2010 12:26:03 +0000 (13:26 +0100)
377 files changed:
contrib/hostapd/README
contrib/hostapd/README.DELETE [deleted file]
contrib/hostapd/README.DELETED [new file with mode: 0644]
contrib/hostapd/README.DRAGONFLY
contrib/hostapd/aes_wrap.h [deleted file]
contrib/hostapd/config.c [deleted file]
contrib/hostapd/eap.h [deleted file]
contrib/hostapd/eap_peap.c [deleted file]
contrib/hostapd/eap_tls_common.c [deleted file]
contrib/hostapd/eap_tls_common.h [deleted file]
contrib/hostapd/eap_tlv.c [deleted file]
contrib/hostapd/hlr_auc_gw.milenage_db [deleted file]
contrib/hostapd/hostapd.accept [deleted file]
contrib/hostapd/hostapd.conf [deleted file]
contrib/hostapd/hostapd.deny [deleted file]
contrib/hostapd/hostapd.eap_user [deleted file]
contrib/hostapd/hostapd.radius_clients [deleted file]
contrib/hostapd/hostapd.sim_db [deleted file]
contrib/hostapd/hostapd.vlan [deleted file]
contrib/hostapd/hostapd.wpa_psk [deleted file]
contrib/hostapd/hostapd/ChangeLog [new file with mode: 0644]
contrib/hostapd/hostapd/README [copied from contrib/hostapd/README with 98% similarity]
contrib/hostapd/hostapd/README-WPS [new file with mode: 0644]
contrib/hostapd/hostapd/accounting.c [moved from contrib/hostapd/accounting.c with 80% similarity]
contrib/hostapd/hostapd/accounting.h [moved from contrib/hostapd/accounting.h with 92% similarity]
contrib/hostapd/hostapd/ap.h [moved from contrib/hostapd/ap.h with 77% similarity]
contrib/hostapd/hostapd/ap_list.c [moved from contrib/hostapd/ap_list.c with 81% similarity]
contrib/hostapd/hostapd/ap_list.h [moved from contrib/hostapd/ap_list.h with 90% similarity]
contrib/hostapd/hostapd/beacon.c [moved from contrib/hostapd/beacon.c with 58% similarity]
contrib/hostapd/hostapd/beacon.h [moved from contrib/hostapd/beacon.h with 100% similarity]
contrib/hostapd/hostapd/config.c [new file with mode: 0644]
contrib/hostapd/hostapd/config.h [moved from contrib/hostapd/config.h with 73% similarity]
contrib/hostapd/hostapd/ctrl_iface.c [moved from contrib/hostapd/ctrl_iface.c with 63% similarity]
contrib/hostapd/hostapd/ctrl_iface.h [moved from contrib/hostapd/ctrl_iface.h with 86% similarity]
contrib/hostapd/hostapd/driver.h [moved from contrib/hostapd/driver.h with 64% similarity]
contrib/hostapd/hostapd/driver_atheros.c [new file with mode: 0644]
contrib/hostapd/hostapd/driver_bsd.c [new file with mode: 0644]
contrib/hostapd/hostapd/driver_hostap.c [moved from contrib/hostapd/driver.c with 85% similarity]
contrib/hostapd/hostapd/driver_madwifi.c [new file with mode: 0644]
contrib/hostapd/hostapd/driver_nl80211.c [new file with mode: 0644]
contrib/hostapd/hostapd/driver_none.c [new file with mode: 0644]
contrib/hostapd/hostapd/driver_prism54.c [new file with mode: 0644]
contrib/hostapd/hostapd/driver_test.c [new file with mode: 0644]
contrib/hostapd/hostapd/driver_wired.c [moved from contrib/hostapd/driver_wired.c with 82% similarity]
contrib/hostapd/hostapd/drivers.c [new file with mode: 0644]
contrib/hostapd/hostapd/eapol_sm.c [moved from contrib/hostapd/eapol_sm.c with 62% similarity]
contrib/hostapd/hostapd/eapol_sm.h [moved from contrib/hostapd/eapol_sm.h with 65% similarity]
contrib/hostapd/hostapd/hostap_common.h [copied from contrib/hostapd/hostap_common.h with 97% similarity]
contrib/hostapd/hostapd/hostapd.c [moved from contrib/hostapd/hostapd.c with 61% similarity]
contrib/hostapd/hostapd/hostapd.h [moved from contrib/hostapd/hostapd.h with 73% similarity]
contrib/hostapd/hostapd/hostapd_cli.c [moved from contrib/hostapd/hostapd_cli.c with 88% similarity]
contrib/hostapd/hostapd/hw_features.c [new file with mode: 0644]
contrib/hostapd/hostapd/hw_features.h [moved from contrib/hostapd/hw_features.h with 84% similarity]
contrib/hostapd/hostapd/iapp.c [moved from contrib/hostapd/iapp.c with 94% similarity]
contrib/hostapd/hostapd/iapp.h [moved from contrib/hostapd/iapp.h with 100% similarity]
contrib/hostapd/hostapd/ieee802_11.c [moved from contrib/hostapd/ieee802_11.c with 53% similarity]
contrib/hostapd/hostapd/ieee802_11.h [new file with mode: 0644]
contrib/hostapd/hostapd/ieee802_11_auth.c [moved from contrib/hostapd/ieee802_11_auth.c with 64% similarity]
contrib/hostapd/hostapd/ieee802_11_auth.h [moved from contrib/hostapd/ieee802_11_auth.h with 100% similarity]
contrib/hostapd/hostapd/ieee802_1x.c [moved from contrib/hostapd/ieee802_1x.c with 59% similarity]
contrib/hostapd/hostapd/ieee802_1x.h [moved from contrib/hostapd/ieee802_1x.h with 82% similarity]
contrib/hostapd/hostapd/logwatch/README [new file with mode: 0644]
contrib/hostapd/hostapd/mlme.c [moved from contrib/hostapd/mlme.c with 94% similarity]
contrib/hostapd/hostapd/mlme.h [moved from contrib/hostapd/mlme.h with 100% similarity]
contrib/hostapd/hostapd/nt_password_hash.c [new file with mode: 0644]
contrib/hostapd/hostapd/peerkey.c [new file with mode: 0644]
contrib/hostapd/hostapd/pmksa_cache.c [moved from contrib/hostapd/pmksa_cache.c with 70% similarity]
contrib/hostapd/hostapd/pmksa_cache.h [moved from contrib/hostapd/pmksa_cache.h with 76% similarity]
contrib/hostapd/hostapd/preauth.c [moved from contrib/hostapd/preauth.c with 77% similarity]
contrib/hostapd/hostapd/preauth.h [moved from contrib/hostapd/preauth.h with 100% similarity]
contrib/hostapd/hostapd/prism54.h [moved from contrib/hostapd/prism54.h with 100% similarity]
contrib/hostapd/hostapd/priv_netlink.h [copied from contrib/hostapd/priv_netlink.h with 100% similarity]
contrib/hostapd/hostapd/radiotap.c [new file with mode: 0644]
contrib/hostapd/hostapd/radiotap.h [new file with mode: 0644]
contrib/hostapd/hostapd/radiotap_iter.h [new file with mode: 0644]
contrib/hostapd/hostapd/sta_info.c [moved from contrib/hostapd/sta_info.c with 71% similarity]
contrib/hostapd/hostapd/sta_info.h [moved from contrib/hostapd/sta_info.h with 84% similarity]
contrib/hostapd/hostapd/vlan_init.c [moved from contrib/hostapd/vlan_init.c with 88% similarity]
contrib/hostapd/hostapd/vlan_init.h [moved from contrib/hostapd/vlan_init.h with 100% similarity]
contrib/hostapd/hostapd/wme.c [new file with mode: 0644]
contrib/hostapd/hostapd/wme.h [new file with mode: 0644]
contrib/hostapd/hostapd/wpa.c [new file with mode: 0644]
contrib/hostapd/hostapd/wpa.h [new file with mode: 0644]
contrib/hostapd/hostapd/wpa_auth_i.h [new file with mode: 0644]
contrib/hostapd/hostapd/wpa_auth_ie.c [new file with mode: 0644]
contrib/hostapd/hostapd/wpa_auth_ie.h [new file with mode: 0644]
contrib/hostapd/hostapd/wpa_ft.c [new file with mode: 0644]
contrib/hostapd/hostapd/wps_hostapd.c [new file with mode: 0644]
contrib/hostapd/hostapd/wps_hostapd.h [new file with mode: 0644]
contrib/hostapd/hw_features.c [deleted file]
contrib/hostapd/ieee802_11.h [deleted file]
contrib/hostapd/patches/openssl-0.9.8-tls-extensions.patch [new file with mode: 0644]
contrib/hostapd/patches/openssl-0.9.8d-tls-extensions.patch [new file with mode: 0644]
contrib/hostapd/patches/openssl-0.9.8e-tls-extensions.patch [new file with mode: 0644]
contrib/hostapd/patches/openssl-0.9.8g-tls-extensions.patch [new file with mode: 0644]
contrib/hostapd/patches/openssl-0.9.8h-tls-extensions.patch [new file with mode: 0644]
contrib/hostapd/patches/openssl-0.9.8i-tls-extensions.patch [new file with mode: 0644]
contrib/hostapd/patches/openssl-0.9.9-session-ticket.patch [new file with mode: 0644]
contrib/hostapd/reconfig.c [deleted file]
contrib/hostapd/src/common/defs.h [moved from contrib/hostapd/defs.h with 73% similarity]
contrib/hostapd/src/common/eapol_common.h [moved from contrib/hostapd/wpa_common.h with 69% similarity]
contrib/hostapd/src/common/ieee802_11_common.c [new file with mode: 0644]
contrib/hostapd/src/common/ieee802_11_common.h [new file with mode: 0644]
contrib/hostapd/src/common/ieee802_11_defs.h [new file with mode: 0644]
contrib/hostapd/src/common/nl80211_copy.h [new file with mode: 0644]
contrib/hostapd/src/common/privsep_commands.h [new file with mode: 0644]
contrib/hostapd/src/common/version.h [moved from contrib/hostapd/version.h with 67% similarity]
contrib/hostapd/src/common/wireless_copy.h [moved from contrib/hostapd/wireless_copy.h with 99% similarity]
contrib/hostapd/src/common/wpa_common.c [new file with mode: 0644]
contrib/hostapd/src/common/wpa_common.h [new file with mode: 0644]
contrib/hostapd/src/common/wpa_ctrl.c [moved from contrib/hostapd/wpa_ctrl.c with 86% similarity]
contrib/hostapd/src/common/wpa_ctrl.h [moved from contrib/hostapd/wpa_ctrl.h with 85% similarity]
contrib/hostapd/src/crypto/aes.c [moved from contrib/hostapd/aes.c with 98% similarity]
contrib/hostapd/src/crypto/aes.h [moved from contrib/hostapd/aes.h with 100% similarity]
contrib/hostapd/src/crypto/aes_wrap.c [moved from contrib/hostapd/aes_wrap.c with 78% similarity]
contrib/hostapd/src/crypto/aes_wrap.h [new file with mode: 0644]
contrib/hostapd/src/crypto/crypto.h [moved from contrib/hostapd/crypto.h with 88% similarity]
contrib/hostapd/src/crypto/crypto_cryptoapi.c [new file with mode: 0644]
contrib/hostapd/src/crypto/crypto_gnutls.c [new file with mode: 0644]
contrib/hostapd/src/crypto/crypto_internal.c [new file with mode: 0644]
contrib/hostapd/src/crypto/crypto_libtomcrypt.c [new file with mode: 0644]
contrib/hostapd/src/crypto/crypto_none.c [copied from contrib/hostapd/rc4.h with 50% similarity]
contrib/hostapd/src/crypto/crypto_openssl.c [moved from contrib/hostapd/crypto.c with 54% similarity]
contrib/hostapd/src/crypto/des.c [moved from contrib/hostapd/des.c with 99% similarity]
contrib/hostapd/src/crypto/dh_groups.c [new file with mode: 0644]
contrib/hostapd/src/crypto/dh_groups.h [new file with mode: 0644]
contrib/hostapd/src/crypto/md4.c [moved from contrib/hostapd/md4.c with 100% similarity]
contrib/hostapd/src/crypto/md5.c [moved from contrib/hostapd/md5.c with 100% similarity]
contrib/hostapd/src/crypto/md5.h [moved from contrib/hostapd/md5.h with 100% similarity]
contrib/hostapd/src/crypto/ms_funcs.c [moved from contrib/hostapd/ms_funcs.c with 93% similarity]
contrib/hostapd/src/crypto/ms_funcs.h [moved from contrib/hostapd/ms_funcs.h with 85% similarity]
contrib/hostapd/src/crypto/rc4.c [moved from contrib/hostapd/rc4.c with 80% similarity]
contrib/hostapd/src/crypto/rc4.h [copied from contrib/hostapd/rc4.h with 89% similarity]
contrib/hostapd/src/crypto/sha1.c [moved from contrib/hostapd/sha1.c with 96% similarity]
contrib/hostapd/src/crypto/sha1.h [moved from contrib/hostapd/sha1.h with 90% similarity]
contrib/hostapd/src/crypto/sha256.c [moved from contrib/hostapd/sha256.c with 94% similarity]
contrib/hostapd/src/crypto/sha256.h [moved from contrib/hostapd/sha256.h with 100% similarity]
contrib/hostapd/src/crypto/tls.h [moved from contrib/hostapd/tls.h with 86% similarity]
contrib/hostapd/src/crypto/tls_gnutls.c [moved from contrib/hostapd/tls_gnutls.c with 93% similarity]
contrib/hostapd/src/crypto/tls_internal.c [new file with mode: 0644]
contrib/hostapd/src/crypto/tls_none.c [moved from contrib/hostapd/tls_none.c with 96% similarity]
contrib/hostapd/src/crypto/tls_openssl.c [moved from contrib/hostapd/tls_openssl.c with 79% similarity]
contrib/hostapd/src/crypto/tls_schannel.c [new file with mode: 0644]
contrib/hostapd/src/drivers/Apple80211.h [new file with mode: 0644]
contrib/hostapd/src/drivers/MobileApple80211.c [new file with mode: 0644]
contrib/hostapd/src/drivers/MobileApple80211.h [new file with mode: 0644]
contrib/hostapd/src/drivers/driver.h [new file with mode: 0644]
contrib/hostapd/src/drivers/driver_atmel.c [new file with mode: 0644]
contrib/hostapd/src/drivers/driver_broadcom.c [new file with mode: 0644]
contrib/hostapd/src/drivers/driver_bsd.c [new file with mode: 0644]
contrib/hostapd/src/drivers/driver_hostap.c [new file with mode: 0644]
contrib/hostapd/src/drivers/driver_hostap.h [moved from contrib/hostapd/hostap_common.h with 57% similarity]
contrib/hostapd/src/drivers/driver_ipw.c [new file with mode: 0644]
contrib/hostapd/src/drivers/driver_madwifi.c [new file with mode: 0644]
contrib/hostapd/src/drivers/driver_ndis.c [new file with mode: 0644]
contrib/hostapd/src/drivers/driver_ndis.h [new file with mode: 0644]
contrib/hostapd/src/drivers/driver_ndis_.c [new file with mode: 0644]
contrib/hostapd/src/drivers/driver_ndiswrapper.c [new file with mode: 0644]
contrib/hostapd/src/drivers/driver_nl80211.c [new file with mode: 0644]
contrib/hostapd/src/drivers/driver_prism54.c [new file with mode: 0644]
contrib/hostapd/src/drivers/driver_privsep.c [new file with mode: 0644]
contrib/hostapd/src/drivers/driver_ps3.c [new file with mode: 0644]
contrib/hostapd/src/drivers/driver_ralink.c [new file with mode: 0644]
contrib/hostapd/src/drivers/driver_ralink.h [new file with mode: 0644]
contrib/hostapd/src/drivers/driver_roboswitch.c [new file with mode: 0644]
contrib/hostapd/src/drivers/driver_test.c [new file with mode: 0644]
contrib/hostapd/src/drivers/driver_wext.c [new file with mode: 0644]
contrib/hostapd/src/drivers/driver_wext.h [new file with mode: 0644]
contrib/hostapd/src/drivers/driver_wired.c [new file with mode: 0644]
contrib/hostapd/src/drivers/drivers.c [new file with mode: 0644]
contrib/hostapd/src/drivers/ndis_events.c [new file with mode: 0644]
contrib/hostapd/src/drivers/priv_netlink.h [moved from contrib/hostapd/priv_netlink.h with 58% similarity]
contrib/hostapd/src/drivers/radiotap.c [new file with mode: 0644]
contrib/hostapd/src/drivers/radiotap.h [new file with mode: 0644]
contrib/hostapd/src/drivers/radiotap_iter.h [new file with mode: 0644]
contrib/hostapd/src/drivers/scan_helpers.c [new file with mode: 0644]
contrib/hostapd/src/eap_common/chap.c [moved from contrib/hostapd/ieee802_11h.c with 50% similarity]
contrib/hostapd/src/eap_common/chap.h [moved from contrib/hostapd/ieee802_11h.h with 51% similarity]
contrib/hostapd/src/eap_common/eap_common.c [new file with mode: 0644]
contrib/hostapd/src/eap_common/eap_common.h [new file with mode: 0644]
contrib/hostapd/src/eap_common/eap_defs.h [moved from contrib/hostapd/eap_defs.h with 71% similarity]
contrib/hostapd/src/eap_common/eap_fast_common.c [new file with mode: 0644]
contrib/hostapd/src/eap_common/eap_fast_common.h [new file with mode: 0644]
contrib/hostapd/src/eap_common/eap_gpsk_common.c [moved from contrib/hostapd/eap_gpsk_common.c with 60% similarity]
contrib/hostapd/src/eap_common/eap_gpsk_common.h [moved from contrib/hostapd/eap_gpsk_common.h with 96% similarity]
contrib/hostapd/src/eap_common/eap_ikev2_common.c [new file with mode: 0644]
contrib/hostapd/src/eap_common/eap_ikev2_common.h [new file with mode: 0644]
contrib/hostapd/src/eap_common/eap_pax_common.c [moved from contrib/hostapd/eap_pax_common.c with 100% similarity]
contrib/hostapd/src/eap_common/eap_pax_common.h [moved from contrib/hostapd/eap_pax_common.h with 93% similarity]
contrib/hostapd/src/eap_common/eap_peap_common.c [new file with mode: 0644]
contrib/hostapd/src/eap_common/eap_peap_common.h [copied from contrib/hostapd/rc4.h with 52% similarity]
contrib/hostapd/src/eap_common/eap_psk_common.c [moved from contrib/hostapd/eap_psk_common.c with 65% similarity]
contrib/hostapd/src/eap_common/eap_psk_common.h [moved from contrib/hostapd/eap_psk_common.h with 67% similarity]
contrib/hostapd/src/eap_common/eap_sake_common.c [moved from contrib/hostapd/eap_sake_common.c with 96% similarity]
contrib/hostapd/src/eap_common/eap_sake_common.h [moved from contrib/hostapd/eap_sake_common.h with 94% similarity]
contrib/hostapd/src/eap_common/eap_sim_common.c [moved from contrib/hostapd/eap_sim_common.c with 59% similarity]
contrib/hostapd/src/eap_common/eap_sim_common.h [moved from contrib/hostapd/eap_sim_common.h with 68% similarity]
contrib/hostapd/src/eap_common/eap_tlv_common.h [new file with mode: 0644]
contrib/hostapd/src/eap_common/eap_ttls.h [moved from contrib/hostapd/eap_ttls.h with 82% similarity]
contrib/hostapd/src/eap_common/eap_wsc_common.c [new file with mode: 0644]
contrib/hostapd/src/eap_common/eap_wsc_common.h [new file with mode: 0644]
contrib/hostapd/src/eap_common/ikev2_common.c [new file with mode: 0644]
contrib/hostapd/src/eap_common/ikev2_common.h [new file with mode: 0644]
contrib/hostapd/src/eap_peer/eap.c [new file with mode: 0644]
contrib/hostapd/src/eap_peer/eap.h [new file with mode: 0644]
contrib/hostapd/src/eap_peer/eap_aka.c [new file with mode: 0644]
contrib/hostapd/src/eap_peer/eap_config.h [new file with mode: 0644]
contrib/hostapd/src/eap_peer/eap_fast.c [new file with mode: 0644]
contrib/hostapd/src/eap_peer/eap_fast_pac.c [new file with mode: 0644]
contrib/hostapd/src/eap_peer/eap_fast_pac.h [new file with mode: 0644]
contrib/hostapd/src/eap_peer/eap_gpsk.c [new file with mode: 0644]
contrib/hostapd/src/eap_peer/eap_gtc.c [new file with mode: 0644]
contrib/hostapd/src/eap_peer/eap_i.h [new file with mode: 0644]
contrib/hostapd/src/eap_peer/eap_ikev2.c [new file with mode: 0644]
contrib/hostapd/src/eap_peer/eap_leap.c [new file with mode: 0644]
contrib/hostapd/src/eap_peer/eap_md5.c [new file with mode: 0644]
contrib/hostapd/src/eap_peer/eap_methods.c [new file with mode: 0644]
contrib/hostapd/src/eap_peer/eap_methods.h [new file with mode: 0644]
contrib/hostapd/src/eap_peer/eap_mschapv2.c [new file with mode: 0644]
contrib/hostapd/src/eap_peer/eap_otp.c [new file with mode: 0644]
contrib/hostapd/src/eap_peer/eap_pax.c [new file with mode: 0644]
contrib/hostapd/src/eap_peer/eap_peap.c [new file with mode: 0644]
contrib/hostapd/src/eap_peer/eap_psk.c [new file with mode: 0644]
contrib/hostapd/src/eap_peer/eap_sake.c [new file with mode: 0644]
contrib/hostapd/src/eap_peer/eap_sim.c [new file with mode: 0644]
contrib/hostapd/src/eap_peer/eap_tls.c [new file with mode: 0644]
contrib/hostapd/src/eap_peer/eap_tls_common.c [new file with mode: 0644]
contrib/hostapd/src/eap_peer/eap_tls_common.h [new file with mode: 0644]
contrib/hostapd/src/eap_peer/eap_tnc.c [new file with mode: 0644]
contrib/hostapd/src/eap_peer/eap_ttls.c [new file with mode: 0644]
contrib/hostapd/src/eap_peer/eap_vendor_test.c [new file with mode: 0644]
contrib/hostapd/src/eap_peer/eap_wsc.c [new file with mode: 0644]
contrib/hostapd/src/eap_peer/ikev2.c [new file with mode: 0644]
contrib/hostapd/src/eap_peer/ikev2.h [new file with mode: 0644]
contrib/hostapd/src/eap_peer/mschapv2.c [new file with mode: 0644]
contrib/hostapd/src/eap_peer/mschapv2.h [new file with mode: 0644]
contrib/hostapd/src/eap_peer/tncc.c [new file with mode: 0644]
contrib/hostapd/src/eap_peer/tncc.h [new file with mode: 0644]
contrib/hostapd/src/eap_server/eap.c [moved from contrib/hostapd/eap.c with 55% similarity]
contrib/hostapd/src/eap_server/eap.h [new file with mode: 0644]
contrib/hostapd/src/eap_server/eap_aka.c [moved from contrib/hostapd/eap_aka.c with 52% similarity]
contrib/hostapd/src/eap_server/eap_fast.c [new file with mode: 0644]
contrib/hostapd/src/eap_server/eap_gpsk.c [moved from contrib/hostapd/eap_gpsk.c with 72% similarity]
contrib/hostapd/src/eap_server/eap_gtc.c [moved from contrib/hostapd/eap_gtc.c with 50% similarity]
contrib/hostapd/src/eap_server/eap_i.h [moved from contrib/hostapd/eap_i.h with 75% similarity]
contrib/hostapd/src/eap_server/eap_identity.c [moved from contrib/hostapd/eap_identity.c with 82% similarity]
contrib/hostapd/src/eap_server/eap_ikev2.c [new file with mode: 0644]
contrib/hostapd/src/eap_server/eap_md5.c [moved from contrib/hostapd/eap_md5.c with 66% similarity]
contrib/hostapd/src/eap_server/eap_methods.c [moved from contrib/hostapd/eap_methods.c with 83% similarity]
contrib/hostapd/src/eap_server/eap_methods.h [moved from contrib/hostapd/eap_methods.h with 64% similarity]
contrib/hostapd/src/eap_server/eap_mschapv2.c [moved from contrib/hostapd/eap_mschapv2.c with 73% similarity]
contrib/hostapd/src/eap_server/eap_pax.c [moved from contrib/hostapd/eap_pax.c with 75% similarity]
contrib/hostapd/src/eap_server/eap_peap.c [new file with mode: 0644]
contrib/hostapd/src/eap_server/eap_psk.c [moved from contrib/hostapd/eap_psk.c with 67% similarity]
contrib/hostapd/src/eap_server/eap_sake.c [moved from contrib/hostapd/eap_sake.c with 72% similarity]
contrib/hostapd/src/eap_server/eap_sim.c [moved from contrib/hostapd/eap_sim.c with 70% similarity]
contrib/hostapd/src/eap_server/eap_sim_db.c [moved from contrib/hostapd/eap_sim_db.c with 81% similarity]
contrib/hostapd/src/eap_server/eap_sim_db.h [moved from contrib/hostapd/eap_sim_db.h with 86% similarity]
contrib/hostapd/src/eap_server/eap_tls.c [moved from contrib/hostapd/eap_tls.c with 52% similarity]
contrib/hostapd/src/eap_server/eap_tls_common.c [new file with mode: 0644]
contrib/hostapd/src/eap_server/eap_tls_common.h [new file with mode: 0644]
contrib/hostapd/src/eap_server/eap_tnc.c [new file with mode: 0644]
contrib/hostapd/src/eap_server/eap_ttls.c [moved from contrib/hostapd/eap_ttls.c with 75% similarity]
contrib/hostapd/src/eap_server/eap_vendor_test.c [new file with mode: 0644]
contrib/hostapd/src/eap_server/eap_wsc.c [new file with mode: 0644]
contrib/hostapd/src/eap_server/ikev2.c [new file with mode: 0644]
contrib/hostapd/src/eap_server/ikev2.h [new file with mode: 0644]
contrib/hostapd/src/eap_server/tncs.c [new file with mode: 0644]
contrib/hostapd/src/eap_server/tncs.h [new file with mode: 0644]
contrib/hostapd/src/eapol_supp/eapol_supp_sm.c [new file with mode: 0644]
contrib/hostapd/src/eapol_supp/eapol_supp_sm.h [new file with mode: 0644]
contrib/hostapd/src/hlr_auc_gw/hlr_auc_gw.c [moved from contrib/hostapd/hlr_auc_gw.c with 76% similarity]
contrib/hostapd/src/hlr_auc_gw/milenage.c [moved from contrib/hostapd/milenage.c with 89% similarity]
contrib/hostapd/src/hlr_auc_gw/milenage.h [moved from contrib/hostapd/milenage.h with 72% similarity]
contrib/hostapd/src/l2_packet/l2_packet.h [moved from contrib/hostapd/l2_packet.h with 95% similarity]
contrib/hostapd/src/l2_packet/l2_packet_freebsd.c [new file with mode: 0644]
contrib/hostapd/src/l2_packet/l2_packet_linux.c [new file with mode: 0644]
contrib/hostapd/src/l2_packet/l2_packet_ndis.c [new file with mode: 0644]
contrib/hostapd/src/l2_packet/l2_packet_none.c [new file with mode: 0644]
contrib/hostapd/src/l2_packet/l2_packet_pcap.c [new file with mode: 0644]
contrib/hostapd/src/l2_packet/l2_packet_privsep.c [new file with mode: 0644]
contrib/hostapd/src/l2_packet/l2_packet_winpcap.c [new file with mode: 0644]
contrib/hostapd/src/radius/radius.c [moved from contrib/hostapd/radius.c with 89% similarity]
contrib/hostapd/src/radius/radius.h [moved from contrib/hostapd/radius.h with 92% similarity]
contrib/hostapd/src/radius/radius_client.c [moved from contrib/hostapd/radius_client.c with 90% similarity]
contrib/hostapd/src/radius/radius_client.h [moved from contrib/hostapd/radius_client.h with 96% similarity]
contrib/hostapd/src/radius/radius_server.c [moved from contrib/hostapd/radius_server.c with 72% similarity]
contrib/hostapd/src/radius/radius_server.h [moved from contrib/hostapd/radius_server.h with 73% similarity]
contrib/hostapd/src/rsn_supp/peerkey.c [new file with mode: 0644]
contrib/hostapd/src/rsn_supp/peerkey.h [new file with mode: 0644]
contrib/hostapd/src/rsn_supp/pmksa_cache.c [new file with mode: 0644]
contrib/hostapd/src/rsn_supp/pmksa_cache.h [new file with mode: 0644]
contrib/hostapd/src/rsn_supp/preauth.c [new file with mode: 0644]
contrib/hostapd/src/rsn_supp/preauth.h [new file with mode: 0644]
contrib/hostapd/src/rsn_supp/wpa.c [new file with mode: 0644]
contrib/hostapd/src/rsn_supp/wpa.h [new file with mode: 0644]
contrib/hostapd/src/rsn_supp/wpa_ft.c [new file with mode: 0644]
contrib/hostapd/src/rsn_supp/wpa_i.h [new file with mode: 0644]
contrib/hostapd/src/rsn_supp/wpa_ie.c [new file with mode: 0644]
contrib/hostapd/src/rsn_supp/wpa_ie.h [new file with mode: 0644]
contrib/hostapd/src/tls/asn1.c [new file with mode: 0644]
contrib/hostapd/src/tls/asn1.h [new file with mode: 0644]
contrib/hostapd/src/tls/asn1_test.c [new file with mode: 0644]
contrib/hostapd/src/tls/bignum.c [new file with mode: 0644]
contrib/hostapd/src/tls/bignum.h [new file with mode: 0644]
contrib/hostapd/src/tls/libtommath.c [new file with mode: 0644]
contrib/hostapd/src/tls/rsa.c [new file with mode: 0644]
contrib/hostapd/src/tls/rsa.h [new file with mode: 0644]
contrib/hostapd/src/tls/tlsv1_client.c [new file with mode: 0644]
contrib/hostapd/src/tls/tlsv1_client.h [new file with mode: 0644]
contrib/hostapd/src/tls/tlsv1_client_i.h [new file with mode: 0644]
contrib/hostapd/src/tls/tlsv1_client_read.c [new file with mode: 0644]
contrib/hostapd/src/tls/tlsv1_client_write.c [new file with mode: 0644]
contrib/hostapd/src/tls/tlsv1_common.c [new file with mode: 0644]
contrib/hostapd/src/tls/tlsv1_common.h [new file with mode: 0644]
contrib/hostapd/src/tls/tlsv1_cred.c [new file with mode: 0644]
contrib/hostapd/src/tls/tlsv1_cred.h [new file with mode: 0644]
contrib/hostapd/src/tls/tlsv1_record.c [new file with mode: 0644]
contrib/hostapd/src/tls/tlsv1_record.h [new file with mode: 0644]
contrib/hostapd/src/tls/tlsv1_server.c [new file with mode: 0644]
contrib/hostapd/src/tls/tlsv1_server.h [new file with mode: 0644]
contrib/hostapd/src/tls/tlsv1_server_i.h [new file with mode: 0644]
contrib/hostapd/src/tls/tlsv1_server_read.c [new file with mode: 0644]
contrib/hostapd/src/tls/tlsv1_server_write.c [new file with mode: 0644]
contrib/hostapd/src/tls/x509v3.c [new file with mode: 0644]
contrib/hostapd/src/tls/x509v3.h [new file with mode: 0644]
contrib/hostapd/src/utils/base64.c [new file with mode: 0644]
contrib/hostapd/src/utils/base64.h [moved from contrib/hostapd/rc4.h with 50% similarity]
contrib/hostapd/src/utils/build_config.h [moved from contrib/hostapd/build_config.h with 58% similarity]
contrib/hostapd/src/utils/common.c [moved from contrib/hostapd/common.c with 51% similarity]
contrib/hostapd/src/utils/common.h [moved from contrib/hostapd/common.h with 52% similarity]
contrib/hostapd/src/utils/eloop.c [moved from contrib/hostapd/eloop.c with 90% similarity]
contrib/hostapd/src/utils/eloop.h [moved from contrib/hostapd/eloop.h with 96% similarity]
contrib/hostapd/src/utils/eloop_none.c [moved from contrib/hostapd/eloop_none.c with 95% similarity]
contrib/hostapd/src/utils/eloop_win.c [moved from contrib/hostapd/eloop_win.c with 97% similarity]
contrib/hostapd/src/utils/includes.h [moved from contrib/hostapd/includes.h with 91% similarity]
contrib/hostapd/src/utils/ip_addr.c [new file with mode: 0644]
contrib/hostapd/src/utils/ip_addr.h [moved from contrib/hostapd/config_types.h with 56% similarity]
contrib/hostapd/src/utils/os.h [moved from contrib/hostapd/os.h with 96% similarity]
contrib/hostapd/src/utils/os_internal.c [moved from contrib/hostapd/os_internal.c with 93% similarity]
contrib/hostapd/src/utils/os_none.c [moved from contrib/hostapd/os_none.c with 97% similarity]
contrib/hostapd/src/utils/os_unix.c [moved from contrib/hostapd/os_unix.c with 66% similarity]
contrib/hostapd/src/utils/os_win32.c [new file with mode: 0644]
contrib/hostapd/src/utils/pcsc_funcs.c [new file with mode: 0644]
contrib/hostapd/src/utils/pcsc_funcs.h [new file with mode: 0644]
contrib/hostapd/src/utils/state_machine.h [moved from contrib/hostapd/state_machine.h with 96% similarity]
contrib/hostapd/src/utils/uuid.c [new file with mode: 0644]
contrib/hostapd/src/utils/uuid.h [new file with mode: 0644]
contrib/hostapd/src/utils/wpa_debug.c [new file with mode: 0644]
contrib/hostapd/src/utils/wpa_debug.h [new file with mode: 0644]
contrib/hostapd/src/utils/wpabuf.c [new file with mode: 0644]
contrib/hostapd/src/utils/wpabuf.h [new file with mode: 0644]
contrib/hostapd/src/wps/httpread.c [new file with mode: 0644]
contrib/hostapd/src/wps/httpread.h [new file with mode: 0644]
contrib/hostapd/src/wps/wps.c [new file with mode: 0644]
contrib/hostapd/src/wps/wps.h [new file with mode: 0644]
contrib/hostapd/src/wps/wps_attr_build.c [new file with mode: 0644]
contrib/hostapd/src/wps/wps_attr_parse.c [new file with mode: 0644]
contrib/hostapd/src/wps/wps_attr_process.c [new file with mode: 0644]
contrib/hostapd/src/wps/wps_common.c [new file with mode: 0644]
contrib/hostapd/src/wps/wps_defs.h [new file with mode: 0644]
contrib/hostapd/src/wps/wps_dev_attr.c [new file with mode: 0644]
contrib/hostapd/src/wps/wps_dev_attr.h [new file with mode: 0644]
contrib/hostapd/src/wps/wps_enrollee.c [new file with mode: 0644]
contrib/hostapd/src/wps/wps_i.h [new file with mode: 0644]
contrib/hostapd/src/wps/wps_registrar.c [new file with mode: 0644]
contrib/hostapd/src/wps/wps_upnp.c [new file with mode: 0644]
contrib/hostapd/src/wps/wps_upnp.h [new file with mode: 0644]
contrib/hostapd/src/wps/wps_upnp_event.c [new file with mode: 0644]
contrib/hostapd/src/wps/wps_upnp_i.h [new file with mode: 0644]
contrib/hostapd/src/wps/wps_upnp_ssdp.c [new file with mode: 0644]
contrib/hostapd/src/wps/wps_upnp_web.c [new file with mode: 0644]
contrib/hostapd/wired.conf [deleted file]
contrib/hostapd/wme.c [deleted file]
contrib/hostapd/wme.h [deleted file]
contrib/hostapd/wpa.c [deleted file]
contrib/hostapd/wpa.h [deleted file]

index 541fac4..9c6be85 100644 (file)
-hostapd - user space IEEE 802.11 AP and IEEE 802.1X/WPA/WPA2/EAP
-         Authenticator and RADIUS authentication server
-================================================================
+wpa_supplicant and hostapd v0.6.x
+---------------------------------
 
 Copyright (c) 2002-2007, Jouni Malinen <j@w1.fi> and contributors
 All Rights Reserved.
 
-This program is dual-licensed under both the GPL version 2 and BSD
+These program is dual-licensed under both the GPL version 2 and BSD
 license. Either license may be used at your option.
 
 
+This package may include either wpa_supplicant, hostapd, or both. See
+README file respective subdirectories (wpa_supplicant/README or
+hostapd/README) for more details.
 
-License
--------
-
-GPL v2:
-
-This program is free software; you can redistribute it and/or modify
-it under the terms of the GNU General Public License version 2 as
-published by the Free Software Foundation.
-
-This program is distributed in the hope that it will be useful,
-but WITHOUT ANY WARRANTY; without even the implied warranty of
-MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-GNU General Public License for more details.
-
-You should have received a copy of the GNU General Public License
-along with this program; if not, write to the Free Software
-Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
-
-(this copy of the license is in COPYING file)
-
-
-Alternatively, this software may be distributed, used, and modified
-under the terms of BSD license:
-
-Redistribution and use in source and binary forms, with or without
-modification, are permitted provided that the following conditions are
-met:
-
-1. Redistributions of source code must retain the above copyright
-   notice, this list of conditions and the following disclaimer.
-
-2. Redistributions in binary form must reproduce the above copyright
-   notice, this list of conditions and the following disclaimer in the
-   documentation and/or other materials provided with the distribution.
-
-3. Neither the name(s) of the above-listed copyright holder(s) nor the
-   names of its contributors may be used to endorse or promote products
-   derived from this software without specific prior written permission.
-
-THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
-"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
-LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
-A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
-OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
-LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
-DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
-THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
-(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
-OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-
-
-
-Introduction
-============
-
-Originally, hostapd was an optional user space component for Host AP
-driver. It adds more features to the basic IEEE 802.11 management
-included in the kernel driver: using external RADIUS authentication
-server for MAC address based access control, IEEE 802.1X Authenticator
-and dynamic WEP keying, RADIUS accounting, WPA/WPA2 (IEEE 802.11i/RSN)
-Authenticator and dynamic TKIP/CCMP keying.
-
-The current version includes support for other drivers, an integrated
-EAP server (i.e., allow full authentication without requiring
-an external RADIUS authentication server), and RADIUS authentication
-server for EAP authentication.
-
-
-Requirements
-------------
-
-Current hardware/software requirements:
-- drivers:
-       Host AP driver for Prism2/2.5/3.
-       (http://hostap.epitest.fi/)
-       Please note that station firmware version needs to be 1.7.0 or newer
-       to work in WPA mode.
-
-       madwifi driver for cards based on Atheros chip set (ar521x)
-       (http://sourceforge.net/projects/madwifi/)
-       Please note that you will need to add the correct path for
-       madwifi driver root directory in .config (see defconfig file for
-       an example: CFLAGS += -I<path>)
-
-       Prism54 driver for Intersil/Conexant Prism GT/Duette/Indigo
-       (http://www.prism54.org/)
-
-       Any wired Ethernet driver for wired IEEE 802.1X authentication
-       (experimental code)
-
-       FreeBSD -current (with some kernel mods that have not yet been
-       committed when hostapd v0.3.0 was released)
-       BSD net80211 layer (e.g., Atheros driver)
-
-
-Build configuration
--------------------
-
-In order to be able to build hostapd, you will need to create a build
-time configuration file, .config that selects which optional
-components are included. See defconfig file for example configuration
-and list of available options.
-
-
-
-IEEE 802.1X
-===========
-
-IEEE Std 802.1X-2001 is a standard for port-based network access
-control. In case of IEEE 802.11 networks, a "virtual port" is used
-between each associated station and the AP. IEEE 802.11 specifies
-minimal authentication mechanism for stations, whereas IEEE 802.1X
-introduces a extensible mechanism for authenticating and authorizing
-users.
-
-IEEE 802.1X uses elements called Supplicant, Authenticator, Port
-Access Entity, and Authentication Server. Supplicant is a component in
-a station and it performs the authentication with the Authentication
-Server. An access point includes an Authenticator that relays the packets
-between a Supplicant and an Authentication Server. In addition, it has a
-Port Access Entity (PAE) with Authenticator functionality for
-controlling the virtual port authorization, i.e., whether to accept
-packets from or to the station.
-
-IEEE 802.1X uses Extensible Authentication Protocol (EAP). The frames
-between a Supplicant and an Authenticator are sent using EAP over LAN
-(EAPOL) and the Authenticator relays these frames to the Authentication
-Server (and similarly, relays the messages from the Authentication
-Server to the Supplicant). The Authentication Server can be colocated with the
-Authenticator, in which case there is no need for additional protocol
-for EAP frame transmission. However, a more common configuration is to
-use an external Authentication Server and encapsulate EAP frame in the
-frames used by that server. RADIUS is suitable for this, but IEEE
-802.1X would also allow other mechanisms.
-
-Host AP driver includes PAE functionality in the kernel driver. It
-is a relatively simple mechanism for denying normal frames going to
-or coming from an unauthorized port. PAE allows IEEE 802.1X related
-frames to be passed between the Supplicant and the Authenticator even
-on an unauthorized port.
-
-User space daemon, hostapd, includes Authenticator functionality. It
-receives 802.1X (EAPOL) frames from the Supplicant using the wlan#ap
-device that is also used with IEEE 802.11 management frames. The
-frames to the Supplicant are sent using the same device.
-
-The normal configuration of the Authenticator would use an external
-Authentication Server. hostapd supports RADIUS encapsulation of EAP
-packets, so the Authentication Server should be a RADIUS server, like
-FreeRADIUS (http://www.freeradius.org/). The Authenticator in hostapd
-relays the frames between the Supplicant and the Authentication
-Server. It also controls the PAE functionality in the kernel driver by
-controlling virtual port authorization, i.e., station-AP
-connection, based on the IEEE 802.1X state.
-
-When a station would like to use the services of an access point, it
-will first perform IEEE 802.11 authentication. This is normally done
-with open systems authentication, so there is no security. After
-this, IEEE 802.11 association is performed. If IEEE 802.1X is
-configured to be used, the virtual port for the station is set in
-Unauthorized state and only IEEE 802.1X frames are accepted at this
-point. The Authenticator will then ask the Supplicant to authenticate
-with the Authentication Server. After this is completed successfully,
-the virtual port is set to Authorized state and frames from and to the
-station are accepted.
-
-Host AP configuration for IEEE 802.1X
--------------------------------------
-
-The user space daemon has its own configuration file that can be used to
-define AP options. Distribution package contains an example
-configuration file (hostapd/hostapd.conf) that can be used as a basis
-for configuration. It includes examples of all supported configuration
-options and short description of each option. hostapd should be started
-with full path to the configuration file as the command line argument,
-e.g., './hostapd /etc/hostapd.conf'. If you have more that one wireless
-LAN card, you can use one hostapd process for multiple interfaces by
-giving a list of configuration files (one per interface) in the command
-line.
-
-hostapd includes a minimal co-located IEEE 802.1X server which can be
-used to test IEEE 802.1X authentication. However, it should not be
-used in normal use since it does not provide any security. This can be
-configured by setting ieee8021x and minimal_eap options in the
-configuration file.
-
-An external Authentication Server (RADIUS) is configured with
-auth_server_{addr,port,shared_secret} options. In addition,
-ieee8021x and own_ip_addr must be set for this mode. With such
-configuration, the co-located Authentication Server is not used and EAP
-frames will be relayed using EAPOL between the Supplicant and the
-Authenticator and RADIUS encapsulation between the Authenticator and
-the Authentication Server. Other than this, the functionality is similar
-to the case with the co-located Authentication Server.
-
-Authentication Server and Supplicant
-------------------------------------
-
-Any RADIUS server supporting EAP should be usable as an IEEE 802.1X
-Authentication Server with hostapd Authenticator. FreeRADIUS
-(http://www.freeradius.org/) has been successfully tested with hostapd
-Authenticator and both Xsupplicant (http://www.open1x.org) and Windows
-XP Supplicants. EAP/TLS was used with Xsupplicant and
-EAP/MD5-Challenge with Windows XP.
-
-http://www.missl.cs.umd.edu/wireless/eaptls/ has useful information
-about using EAP/TLS with FreeRADIUS and Xsupplicant (just replace
-Cisco access point with Host AP driver, hostapd daemon, and a Prism2
-card ;-). http://www.freeradius.org/doc/EAP-MD5.html has information
-about using EAP/MD5 with FreeRADIUS, including instructions for WinXP
-configuration. http://www.denobula.com/EAPTLS.pdf has a HOWTO on
-EAP/TLS use with WinXP Supplicant.
-
-Automatic WEP key configuration
--------------------------------
-
-EAP/TLS generates a session key that can be used to send WEP keys from
-an AP to authenticated stations. The Authenticator in hostapd can be
-configured to automatically select a random default/broadcast key
-(shared by all authenticated stations) with wep_key_len_broadcast
-option (5 for 40-bit WEP or 13 for 104-bit WEP). In addition,
-wep_key_len_unicast option can be used to configure individual unicast
-keys for stations. This requires support for individual keys in the
-station driver.
-
-WEP keys can be automatically updated by configuring rekeying. This
-will improve security of the network since same WEP key will only be
-used for a limited period of time. wep_rekey_period option sets the
-interval for rekeying in seconds.
-
-
-WPA/WPA2
-========
-
-Features
---------
-
-Supported WPA/IEEE 802.11i features:
-- WPA-PSK ("WPA-Personal")
-- WPA with EAP (e.g., with RADIUS authentication server) ("WPA-Enterprise")
-- key management for CCMP, TKIP, WEP104, WEP40
-- RSN/WPA2 (IEEE 802.11i), including PMKSA caching and pre-authentication
-
-WPA
----
-
-The original security mechanism of IEEE 802.11 standard was not
-designed to be strong and has proved to be insufficient for most
-networks that require some kind of security. Task group I (Security)
-of IEEE 802.11 working group (http://www.ieee802.org/11/) has worked
-to address the flaws of the base standard and has in practice
-completed its work in May 2004. The IEEE 802.11i amendment to the IEEE
-802.11 standard was approved in June 2004 and this amendment is likely
-to be published in July 2004.
-
-Wi-Fi Alliance (http://www.wi-fi.org/) used a draft version of the
-IEEE 802.11i work (draft 3.0) to define a subset of the security
-enhancements that can be implemented with existing wlan hardware. This
-is called Wi-Fi Protected Access<TM> (WPA). This has now become a
-mandatory component of interoperability testing and certification done
-by Wi-Fi Alliance. Wi-Fi provides information about WPA at its web
-site (http://www.wi-fi.org/OpenSection/protected_access.asp).
-
-IEEE 802.11 standard defined wired equivalent privacy (WEP) algorithm
-for protecting wireless networks. WEP uses RC4 with 40-bit keys,
-24-bit initialization vector (IV), and CRC32 to protect against packet
-forgery. All these choices have proven to be insufficient: key space is
-too small against current attacks, RC4 key scheduling is insufficient
-(beginning of the pseudorandom stream should be skipped), IV space is
-too small and IV reuse makes attacks easier, there is no replay
-protection, and non-keyed authentication does not protect against bit
-flipping packet data.
-
-WPA is an intermediate solution for the security issues. It uses
-Temporal Key Integrity Protocol (TKIP) to replace WEP. TKIP is a
-compromise on strong security and possibility to use existing
-hardware. It still uses RC4 for the encryption like WEP, but with
-per-packet RC4 keys. In addition, it implements replay protection,
-keyed packet authentication mechanism (Michael MIC).
-
-Keys can be managed using two different mechanisms. WPA can either use
-an external authentication server (e.g., RADIUS) and EAP just like
-IEEE 802.1X is using or pre-shared keys without need for additional
-servers. Wi-Fi calls these "WPA-Enterprise" and "WPA-Personal",
-respectively. Both mechanisms will generate a master session key for
-the Authenticator (AP) and Supplicant (client station).
-
-WPA implements a new key handshake (4-Way Handshake and Group Key
-Handshake) for generating and exchanging data encryption keys between
-the Authenticator and Supplicant. This handshake is also used to
-verify that both Authenticator and Supplicant know the master session
-key. These handshakes are identical regardless of the selected key
-management mechanism (only the method for generating master session
-key changes).
-
-
-IEEE 802.11i / WPA2
--------------------
-
-The design for parts of IEEE 802.11i that were not included in WPA has
-finished (May 2004) and this amendment to IEEE 802.11 was approved in
-June 2004. Wi-Fi Alliance is using the final IEEE 802.11i as a new
-version of WPA called WPA2. This includes, e.g., support for more
-robust encryption algorithm (CCMP: AES in Counter mode with CBC-MAC)
-to replace TKIP and optimizations for handoff (reduced number of
-messages in initial key handshake, pre-authentication, and PMKSA caching).
-
-Some wireless LAN vendors are already providing support for CCMP in
-their WPA products. There is no "official" interoperability
-certification for CCMP and/or mixed modes using both TKIP and CCMP, so
-some interoperability issues can be expected even though many
-combinations seem to be working with equipment from different vendors.
-Testing for WPA2 is likely to start during the second half of 2004.
-
-hostapd configuration for WPA/WPA2
-----------------------------------
-
-TODO
-
-# Enable WPA. Setting this variable configures the AP to require WPA (either
-# WPA-PSK or WPA-RADIUS/EAP based on other configuration). For WPA-PSK, either
-# wpa_psk or wpa_passphrase must be set and wpa_key_mgmt must include WPA-PSK.
-# For WPA-RADIUS/EAP, ieee8021x must be set (but without dynamic WEP keys),
-# RADIUS authentication server must be configured, and WPA-EAP must be included
-# in wpa_key_mgmt.
-# This field is a bit field that can be used to enable WPA (IEEE 802.11i/D3.0)
-# and/or WPA2 (full IEEE 802.11i/RSN):
-# bit0 = WPA
-# bit1 = IEEE 802.11i/RSN (WPA2)
-#wpa=1
-
-# WPA pre-shared keys for WPA-PSK. This can be either entered as a 256-bit
-# secret in hex format (64 hex digits), wpa_psk, or as an ASCII passphrase
-# (8..63 characters) that will be converted to PSK. This conversion uses SSID
-# so the PSK changes when ASCII passphrase is used and the SSID is changed.
-#wpa_psk=0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef
-#wpa_passphrase=secret passphrase
-
-# Set of accepted key management algorithms (WPA-PSK, WPA-EAP, or both). The
-# entries are separated with a space.
-#wpa_key_mgmt=WPA-PSK WPA-EAP
-
-# Set of accepted cipher suites (encryption algorithms) for pairwise keys
-# (unicast packets). This is a space separated list of algorithms:
-# CCMP = AES in Counter mode with CBC-MAC [RFC 3610, IEEE 802.11i]
-# TKIP = Temporal Key Integrity Protocol [IEEE 802.11i]
-# Group cipher suite (encryption algorithm for broadcast and multicast frames)
-# is automatically selected based on this configuration. If only CCMP is
-# allowed as the pairwise cipher, group cipher will also be CCMP. Otherwise,
-# TKIP will be used as the group cipher.
-#wpa_pairwise=TKIP CCMP
-
-# Time interval for rekeying GTK (broadcast/multicast encryption keys) in
-# seconds.
-#wpa_group_rekey=600
-
-# Time interval for rekeying GMK (master key used internally to generate GTKs
-# (in seconds).
-#wpa_gmk_rekey=86400
-
-# Enable IEEE 802.11i/RSN/WPA2 pre-authentication. This is used to speed up
-# roaming be pre-authenticating IEEE 802.1X/EAP part of the full RSN
-# authentication and key handshake before actually associating with a new AP.
-#rsn_preauth=1
-#
-# Space separated list of interfaces from which pre-authentication frames are
-# accepted (e.g., 'eth0' or 'eth0 wlan0wds0'. This list should include all
-# interface that are used for connections to other APs. This could include
-# wired interfaces and WDS links. The normal wireless data interface towards
-# associated stations (e.g., wlan0) should not be added, since
-# pre-authentication is only used with APs other than the currently associated
-# one.
-#rsn_preauth_interfaces=eth0
+Source code files have been moved around in v0.6.x releases and
+compared to earlier releases, the programs are now build by first
+going to a subdirectory (wpa_supplicant or hostapd) and creating
+build configuration (.config) and running 'make' there (for
+Linux/BSD/cygwin builds).
diff --git a/contrib/hostapd/README.DELETE b/contrib/hostapd/README.DELETE
deleted file mode 100644 (file)
index 194d442..0000000
+++ /dev/null
@@ -1,36 +0,0 @@
-.cvsignore
-ChangeLog
-Makefile
-defconfig
-developer.txt
-doc/.cvsignore
-doc/code_structure.doxygen
-doc/ctrl_iface.doxygen
-doc/doxygen.fast
-doc/doxygen.full
-doc/driver_wrapper.doxygen
-doc/eap.doxygen
-doc/hostapd.fig
-doc/kerneldoc2doxygen.pl
-doc/mainpage.doxygen
-doc/porting.doxygen
-driver_bsd.c
-driver_devicescape.c
-driver_madwifi.c
-driver_prism54.c
-driver_test.c
-eap_vendor_test.c
-hostapd.8
-hostapd_cli.1
-l2_packet_freebsd.c
-l2_packet_linux.c
-l2_packet_ndis.c
-l2_packet_none.c
-l2_packet_pcap.c
-l2_packet_winpcap.c
-logwatch/README
-logwatch/hostapd
-logwatch/hostapd.conf
-madwifi.conf
-nt_password_hash.c
-os_win32.c
diff --git a/contrib/hostapd/README.DELETED b/contrib/hostapd/README.DELETED
new file mode 100644 (file)
index 0000000..ff95c0c
--- /dev/null
@@ -0,0 +1,36 @@
+hostapd/.gitignore
+hostapd/Makefile
+hostapd/defconfig
+hostapd/doc/
+hostapd/eap_testing.txt
+hostapd/hostapd.8
+hostapd/hostapd.accept
+hostapd/hostapd.conf
+hostapd/hostapd.deny
+hostapd/hostapd.eap_user
+hostapd/hostapd.radius_clients
+hostapd/hostapd.sim_db
+hostapd/hostapd.vlan
+hostapd/hostapd.wpa_psk
+hostapd/hostapd_cli.1
+hostapd/logwatch/hostapd
+hostapd/logwatch/hostapd.conf
+hostapd/wired.conf
+src/Makefile
+src/common/Makefile
+src/crypto/Makefile
+src/drivers/Makefile
+src/drivers/driver_iphone.m
+src/drivers/driver_osx.m
+src/eap_common/Makefile
+src/eap_peer/Makefile
+src/eap_server/Makefile
+src/eapol_supp/Makefile
+src/hlr_auc_gw/Makefile
+src/hlr_auc_gw/hlr_auc_gw.milenage_db
+src/l2_packet/Makefile
+src/radius/Makefile
+src/rsn_supp/Makefile
+src/tls/Makefile
+src/utils/Makefile
+src/wps/Makefile
index d14626e..2764448 100644 (file)
@@ -1,4 +1,23 @@
-Original source can be downloaded at:
-<http://hostap.epitest.fi/releases/hostapd-0.5.8.tar.gz>
+       HOSTAPD-0.6.10 AS USED BY DRAGONFLY
 
-A list of deleted files is in README.DELETED.
+    This directory contains a selected set of files from the
+    hostapd-6.10.tar.gz distribution.  No files have been moved
+    or modified from their extracted position.
+
+    This distribution was downloaded from the following site:
+
+       http://hostap.epitest.fi/hostapd/
+
+       MD5 (hostapd-0.6.10.tar.gz) = 1ac442d1f984273f108b3de579c1b70d
+       SHA1 (hostapd-0.6.10.tar.gz) = 2cacf994abd3cebad36679d32f64c9e9906ccff8
+
+
+    DO NOT CREATE OR EDIT ANY FILES IN THIS DIRECTORY HIERARCHY!  THIS
+    HIERARCHY REPRESENTS AN EXACT COPY, MINUS UNNEEDED FILES, OF THE
+    ORIGINAL ARCHIVE.  All modifications are made on the master branch or in
+    src/usr.sbin/802_11.
+
+    The only additional files added to this directory are README.DRAGONFLY
+    and README.DELETED.
+
+    For mor information, check development(7).
diff --git a/contrib/hostapd/aes_wrap.h b/contrib/hostapd/aes_wrap.h
deleted file mode 100644 (file)
index 1bc6971..0000000
+++ /dev/null
@@ -1,42 +0,0 @@
-/*
- * AES-based functions
- *
- * - AES Key Wrap Algorithm (128-bit KEK) (RFC3394)
- * - One-Key CBC MAC (OMAC1) hash with AES-128
- * - AES-128 CTR mode encryption
- * - AES-128 EAX mode encryption/decryption
- * - AES-128 CBC
- *
- * Copyright (c) 2003-2005, Jouni Malinen <j@w1.fi>
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License version 2 as
- * published by the Free Software Foundation.
- *
- * Alternatively, this software may be distributed under the terms of BSD
- * license.
- *
- * See README and COPYING for more details.
- */
-
-#ifndef AES_WRAP_H
-#define AES_WRAP_H
-
-int aes_wrap(const u8 *kek, int n, const u8 *plain, u8 *cipher);
-int aes_unwrap(const u8 *kek, int n, const u8 *cipher, u8 *plain);
-int omac1_aes_128(const u8 *key, const u8 *data, size_t data_len, u8 *mac);
-int aes_128_encrypt_block(const u8 *key, const u8 *in, u8 *out);
-int aes_128_ctr_encrypt(const u8 *key, const u8 *nonce,
-                       u8 *data, size_t data_len);
-int aes_128_eax_encrypt(const u8 *key, const u8 *nonce, size_t nonce_len,
-                       const u8 *hdr, size_t hdr_len,
-                       u8 *data, size_t data_len, u8 *tag);
-int aes_128_eax_decrypt(const u8 *key, const u8 *nonce, size_t nonce_len,
-                       const u8 *hdr, size_t hdr_len,
-                       u8 *data, size_t data_len, const u8 *tag);
-int aes_128_cbc_encrypt(const u8 *key, const u8 *iv, u8 *data,
-                       size_t data_len);
-int aes_128_cbc_decrypt(const u8 *key, const u8 *iv, u8 *data,
-                       size_t data_len);
-
-#endif /* AES_WRAP_H */
diff --git a/contrib/hostapd/config.c b/contrib/hostapd/config.c
deleted file mode 100644 (file)
index d1b2ba3..0000000
+++ /dev/null
@@ -1,1994 +0,0 @@
-/*
- * hostapd / Configuration file
- * Copyright (c) 2003-2006, Jouni Malinen <j@w1.fi>
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License version 2 as
- * published by the Free Software Foundation.
- *
- * Alternatively, this software may be distributed under the terms of BSD
- * license.
- *
- * See README and COPYING for more details.
- */
-
-#include "includes.h"
-#ifndef CONFIG_NATIVE_WINDOWS
-#include <grp.h>
-#endif /* CONFIG_NATIVE_WINDOWS */
-
-#include "hostapd.h"
-#include "driver.h"
-#include "sha1.h"
-#include "eap.h"
-#include "radius_client.h"
-#include "wpa_common.h"
-
-
-#define MAX_STA_COUNT 2007
-
-
-static int hostapd_config_read_vlan_file(struct hostapd_bss_config *bss,
-                                        const char *fname)
-{
-       FILE *f;
-       char buf[128], *pos, *pos2;
-       int line = 0, vlan_id;
-       struct hostapd_vlan *vlan;
-
-       f = fopen(fname, "r");
-       if (!f) {
-               printf("VLAN file '%s' not readable.\n", fname);
-               return -1;
-       }
-
-       while (fgets(buf, sizeof(buf), f)) {
-               line++;
-
-               if (buf[0] == '#')
-                       continue;
-               pos = buf;
-               while (*pos != '\0') {
-                       if (*pos == '\n') {
-                               *pos = '\0';
-                               break;
-                       }
-                       pos++;
-               }
-               if (buf[0] == '\0')
-                       continue;
-
-               if (buf[0] == '*') {
-                       vlan_id = VLAN_ID_WILDCARD;
-                       pos = buf + 1;
-               } else {
-                       vlan_id = strtol(buf, &pos, 10);
-                       if (buf == pos || vlan_id < 1 ||
-                           vlan_id > MAX_VLAN_ID) {
-                               printf("Invalid VLAN ID at line %d in '%s'\n",
-                                      line, fname);
-                               fclose(f);
-                               return -1;
-                       }
-               }
-
-               while (*pos == ' ' || *pos == '\t')
-                       pos++;
-               pos2 = pos;
-               while (*pos2 != ' ' && *pos2 != '\t' && *pos2 != '\0')
-                       pos2++;
-               *pos2 = '\0';
-               if (*pos == '\0' || strlen(pos) > IFNAMSIZ) {
-                       printf("Invalid VLAN ifname at line %d in '%s'\n",
-                              line, fname);
-                       fclose(f);
-                       return -1;
-               }
-
-               vlan = malloc(sizeof(*vlan));
-               if (vlan == NULL) {
-                       printf("Out of memory while reading VLAN interfaces "
-                              "from '%s'\n", fname);
-                       fclose(f);
-                       return -1;
-               }
-
-               memset(vlan, 0, sizeof(*vlan));
-               vlan->vlan_id = vlan_id;
-               strncpy(vlan->ifname, pos, sizeof(vlan->ifname));
-               if (bss->vlan_tail)
-                       bss->vlan_tail->next = vlan;
-               else
-                       bss->vlan = vlan;
-               bss->vlan_tail = vlan;
-       }
-
-       fclose(f);
-
-       return 0;
-}
-
-
-static void hostapd_config_free_vlan(struct hostapd_bss_config *bss)
-{
-       struct hostapd_vlan *vlan, *prev;
-
-       vlan = bss->vlan;
-       prev = NULL;
-       while (vlan) {
-               prev = vlan;
-               vlan = vlan->next;
-               free(prev);
-       }
-
-       bss->vlan = NULL;
-}
-
-
-/* convert floats with one decimal place to value*10 int, i.e.,
- * "1.5" will return 15 */
-static int hostapd_config_read_int10(const char *value)
-{
-       int i, d;
-       char *pos;
-
-       i = atoi(value);
-       pos = strchr(value, '.');
-       d = 0;
-       if (pos) {
-               pos++;
-               if (*pos >= '0' && *pos <= '9')
-                       d = *pos - '0';
-       }
-
-       return i * 10 + d;
-}
-
-
-static void hostapd_config_defaults_bss(struct hostapd_bss_config *bss)
-{
-       bss->logger_syslog_level = HOSTAPD_LEVEL_INFO;
-       bss->logger_stdout_level = HOSTAPD_LEVEL_INFO;
-       bss->logger_syslog = (unsigned int) -1;
-       bss->logger_stdout = (unsigned int) -1;
-
-       bss->auth_algs = HOSTAPD_AUTH_OPEN | HOSTAPD_AUTH_SHARED_KEY;
-
-       bss->wep_rekeying_period = 300;
-       /* use key0 in individual key and key1 in broadcast key */
-       bss->broadcast_key_idx_min = 1;
-       bss->broadcast_key_idx_max = 2;
-       bss->eap_reauth_period = 3600;
-
-       bss->wpa_group_rekey = 600;
-       bss->wpa_gmk_rekey = 86400;
-       bss->wpa_key_mgmt = WPA_KEY_MGMT_PSK;
-       bss->wpa_pairwise = WPA_CIPHER_TKIP;
-       bss->wpa_group = WPA_CIPHER_TKIP;
-
-       bss->max_num_sta = MAX_STA_COUNT;
-
-       bss->dtim_period = 2;
-
-       bss->radius_server_auth_port = 1812;
-       bss->ap_max_inactivity = AP_MAX_INACTIVITY;
-       bss->eapol_version = EAPOL_VERSION;
-}
-
-
-static struct hostapd_config * hostapd_config_defaults(void)
-{
-       struct hostapd_config *conf;
-       struct hostapd_bss_config *bss;
-       int i;
-       const int aCWmin = 15, aCWmax = 1024;
-       const struct hostapd_wme_ac_params ac_bk =
-               { aCWmin, aCWmax, 7, 0, 0 }; /* background traffic */
-       const struct hostapd_wme_ac_params ac_be =
-               { aCWmin, aCWmax, 3, 0, 0 }; /* best effort traffic */
-       const struct hostapd_wme_ac_params ac_vi = /* video traffic */
-               { aCWmin >> 1, aCWmin, 2, 3000 / 32, 1 };
-       const struct hostapd_wme_ac_params ac_vo = /* voice traffic */
-               { aCWmin >> 2, aCWmin >> 1, 2, 1500 / 32, 1 };
-
-       conf = wpa_zalloc(sizeof(*conf));
-       bss = wpa_zalloc(sizeof(*bss));
-       if (conf == NULL || bss == NULL) {
-               printf("Failed to allocate memory for configuration data.\n");
-               free(conf);
-               free(bss);
-               return NULL;
-       }
-
-       /* set default driver based on configuration */
-       conf->driver = driver_lookup("default");
-       if (conf->driver == NULL) {
-               printf("No default driver registered!\n");
-               free(conf);
-               free(bss);
-               return NULL;
-       }
-
-       bss->radius = wpa_zalloc(sizeof(*bss->radius));
-       if (bss->radius == NULL) {
-               free(conf);
-               free(bss);
-               return NULL;
-       }
-
-       hostapd_config_defaults_bss(bss);
-
-       conf->num_bss = 1;
-       conf->bss = bss;
-
-       conf->beacon_int = 100;
-       conf->rts_threshold = -1; /* use driver default: 2347 */
-       conf->fragm_threshold = -1; /* user driver default: 2346 */
-       conf->send_probe_response = 1;
-       conf->bridge_packets = INTERNAL_BRIDGE_DO_NOT_CONTROL;
-
-       memcpy(conf->country, "US ", 3);
-
-       for (i = 0; i < NUM_TX_QUEUES; i++)
-               conf->tx_queue[i].aifs = -1; /* use hw default */
-
-       conf->wme_ac_params[0] = ac_be;
-       conf->wme_ac_params[1] = ac_bk;
-       conf->wme_ac_params[2] = ac_vi;
-       conf->wme_ac_params[3] = ac_vo;
-
-       return conf;
-}
-
-
-static int hostapd_parse_ip_addr(const char *txt, struct hostapd_ip_addr *addr)
-{
-       if (inet_aton(txt, &addr->u.v4)) {
-               addr->af = AF_INET;
-               return 0;
-       }
-
-#ifdef CONFIG_IPV6
-       if (inet_pton(AF_INET6, txt, &addr->u.v6) > 0) {
-               addr->af = AF_INET6;
-               return 0;
-       }
-#endif /* CONFIG_IPV6 */
-
-       return -1;
-}
-
-
-int hostapd_mac_comp(const void *a, const void *b)
-{
-       return memcmp(a, b, sizeof(macaddr));
-}
-
-
-int hostapd_mac_comp_empty(const void *a)
-{
-       macaddr empty = { 0 };
-       return memcmp(a, empty, sizeof(macaddr));
-}
-
-
-static int hostapd_config_read_maclist(const char *fname, macaddr **acl,
-                                      int *num)
-{
-       FILE *f;
-       char buf[128], *pos;
-       int line = 0;
-       u8 addr[ETH_ALEN];
-       macaddr *newacl;
-
-       if (!fname)
-               return 0;
-
-       f = fopen(fname, "r");
-       if (!f) {
-               printf("MAC list file '%s' not found.\n", fname);
-               return -1;
-       }
-
-       while (fgets(buf, sizeof(buf), f)) {
-               line++;
-
-               if (buf[0] == '#')
-                       continue;
-               pos = buf;
-               while (*pos != '\0') {
-                       if (*pos == '\n') {
-                               *pos = '\0';
-                               break;
-                       }
-                       pos++;
-               }
-               if (buf[0] == '\0')
-                       continue;
-
-               if (hwaddr_aton(buf, addr)) {
-                       printf("Invalid MAC address '%s' at line %d in '%s'\n",
-                              buf, line, fname);
-                       fclose(f);
-                       return -1;
-               }
-
-               newacl = (macaddr *) realloc(*acl, (*num + 1) * ETH_ALEN);
-               if (newacl == NULL) {
-                       printf("MAC list reallocation failed\n");
-                       fclose(f);
-                       return -1;
-               }
-
-               *acl = newacl;
-               memcpy((*acl)[*num], addr, ETH_ALEN);
-               (*num)++;
-       }
-
-       fclose(f);
-
-       qsort(*acl, *num, sizeof(macaddr), hostapd_mac_comp);
-
-       return 0;
-}
-
-
-static int hostapd_config_read_wpa_psk(const char *fname,
-                                      struct hostapd_ssid *ssid)
-{
-       FILE *f;
-       char buf[128], *pos;
-       int line = 0, ret = 0, len, ok;
-       u8 addr[ETH_ALEN];
-       struct hostapd_wpa_psk *psk;
-
-       if (!fname)
-               return 0;
-
-       f = fopen(fname, "r");
-       if (!f) {
-               printf("WPA PSK file '%s' not found.\n", fname);
-               return -1;
-       }
-
-       while (fgets(buf, sizeof(buf), f)) {
-               line++;
-
-               if (buf[0] == '#')
-                       continue;
-               pos = buf;
-               while (*pos != '\0') {
-                       if (*pos == '\n') {
-                               *pos = '\0';
-                               break;
-                       }
-                       pos++;
-               }
-               if (buf[0] == '\0')
-                       continue;
-
-               if (hwaddr_aton(buf, addr)) {
-                       printf("Invalid MAC address '%s' on line %d in '%s'\n",
-                              buf, line, fname);
-                       ret = -1;
-                       break;
-               }
-
-               psk = wpa_zalloc(sizeof(*psk));
-               if (psk == NULL) {
-                       printf("WPA PSK allocation failed\n");
-                       ret = -1;
-                       break;
-               }
-               if (memcmp(addr, "\x00\x00\x00\x00\x00\x00", ETH_ALEN) == 0)
-                       psk->group = 1;
-               else
-                       memcpy(psk->addr, addr, ETH_ALEN);
-
-               pos = buf + 17;
-               if (pos == '\0') {
-                       printf("No PSK on line %d in '%s'\n", line, fname);
-                       free(psk);
-                       ret = -1;
-                       break;
-               }
-               pos++;
-
-               ok = 0;
-               len = strlen(pos);
-               if (len == 64 && hexstr2bin(pos, psk->psk, PMK_LEN) == 0)
-                       ok = 1;
-               else if (len >= 8 && len < 64) {
-                       pbkdf2_sha1(pos, ssid->ssid, ssid->ssid_len,
-                                   4096, psk->psk, PMK_LEN);
-                       ok = 1;
-               }
-               if (!ok) {
-                       printf("Invalid PSK '%s' on line %d in '%s'\n",
-                              pos, line, fname);
-                       free(psk);
-                       ret = -1;
-                       break;
-               }
-
-               psk->next = ssid->wpa_psk;
-               ssid->wpa_psk = psk;
-       }
-
-       fclose(f);
-
-       return ret;
-}
-
-
-int hostapd_setup_wpa_psk(struct hostapd_bss_config *conf)
-{
-       struct hostapd_ssid *ssid = &conf->ssid;
-
-       if (ssid->wpa_passphrase != NULL) {
-               if (ssid->wpa_psk != NULL) {
-                       printf("Warning: both WPA PSK and passphrase set. "
-                              "Using passphrase.\n");
-                       free(ssid->wpa_psk);
-               }
-               ssid->wpa_psk = wpa_zalloc(sizeof(struct hostapd_wpa_psk));
-               if (ssid->wpa_psk == NULL) {
-                       printf("Unable to alloc space for PSK\n");
-                       return -1;
-               }
-               wpa_hexdump_ascii(MSG_DEBUG, "SSID",
-                                 (u8 *) ssid->ssid, ssid->ssid_len);
-               wpa_hexdump_ascii(MSG_DEBUG, "PSK (ASCII passphrase)",
-                                 (u8 *) ssid->wpa_passphrase,
-                                 strlen(ssid->wpa_passphrase));
-               pbkdf2_sha1(ssid->wpa_passphrase,
-                           ssid->ssid, ssid->ssid_len,
-                           4096, ssid->wpa_psk->psk, PMK_LEN);
-               wpa_hexdump(MSG_DEBUG, "PSK (from passphrase)",
-                           ssid->wpa_psk->psk, PMK_LEN);
-               ssid->wpa_psk->group = 1;
-
-               memset(ssid->wpa_passphrase, 0,
-                      strlen(ssid->wpa_passphrase));
-               free(ssid->wpa_passphrase);
-               ssid->wpa_passphrase = NULL;
-       }
-
-       if (ssid->wpa_psk_file) {
-               if (hostapd_config_read_wpa_psk(ssid->wpa_psk_file,
-                                               &conf->ssid))
-                       return -1;
-               free(ssid->wpa_psk_file);
-               ssid->wpa_psk_file = NULL;
-       }
-
-       return 0;
-}
-
-
-#ifdef EAP_SERVER
-static int hostapd_config_read_eap_user(const char *fname,
-                                       struct hostapd_bss_config *conf)
-{
-       FILE *f;
-       char buf[512], *pos, *start, *pos2;
-       int line = 0, ret = 0, num_methods;
-       struct hostapd_eap_user *user, *tail = NULL;
-
-       if (!fname)
-               return 0;
-
-       f = fopen(fname, "r");
-       if (!f) {
-               printf("EAP user file '%s' not found.\n", fname);
-               return -1;
-       }
-
-       /* Lines: "user" METHOD,METHOD2 "password" (password optional) */
-       while (fgets(buf, sizeof(buf), f)) {
-               line++;
-
-               if (buf[0] == '#')
-                       continue;
-               pos = buf;
-               while (*pos != '\0') {
-                       if (*pos == '\n') {
-                               *pos = '\0';
-                               break;
-                       }
-                       pos++;
-               }
-               if (buf[0] == '\0')
-                       continue;
-
-               user = NULL;
-
-               if (buf[0] != '"' && buf[0] != '*') {
-                       printf("Invalid EAP identity (no \" in start) on "
-                              "line %d in '%s'\n", line, fname);
-                       goto failed;
-               }
-
-               user = wpa_zalloc(sizeof(*user));
-               if (user == NULL) {
-                       printf("EAP user allocation failed\n");
-                       goto failed;
-               }
-               user->force_version = -1;
-
-               if (buf[0] == '*') {
-                       pos = buf;
-               } else {
-                       pos = buf + 1;
-                       start = pos;
-                       while (*pos != '"' && *pos != '\0')
-                               pos++;
-                       if (*pos == '\0') {
-                               printf("Invalid EAP identity (no \" in end) on"
-                                      " line %d in '%s'\n", line, fname);
-                               goto failed;
-                       }
-
-                       user->identity = malloc(pos - start);
-                       if (user->identity == NULL) {
-                               printf("Failed to allocate memory for EAP "
-                                      "identity\n");
-                               goto failed;
-                       }
-                       memcpy(user->identity, start, pos - start);
-                       user->identity_len = pos - start;
-
-                       if (pos[0] == '"' && pos[1] == '*') {
-                               user->wildcard_prefix = 1;
-                               pos++;
-                       }
-               }
-               pos++;
-               while (*pos == ' ' || *pos == '\t')
-                       pos++;
-
-               if (*pos == '\0') {
-                       printf("No EAP method on line %d in '%s'\n",
-                              line, fname);
-                       goto failed;
-               }
-
-               start = pos;
-               while (*pos != ' ' && *pos != '\t' && *pos != '\0')
-                       pos++;
-               if (*pos == '\0') {
-                       pos = NULL;
-               } else {
-                       *pos = '\0';
-                       pos++;
-               }
-               num_methods = 0;
-               while (*start) {
-                       char *pos3 = strchr(start, ',');
-                       if (pos3) {
-                               *pos3++ = '\0';
-                       }
-                       user->methods[num_methods].method =
-                               eap_get_type(start, &user->methods[num_methods]
-                                            .vendor);
-                       if (user->methods[num_methods].vendor ==
-                           EAP_VENDOR_IETF &&
-                           user->methods[num_methods].method == EAP_TYPE_NONE)
-                       {
-                               printf("Unsupported EAP type '%s' on line %d "
-                                      "in '%s'\n", start, line, fname);
-                               goto failed;
-                       }
-
-                       num_methods++;
-                       if (num_methods >= EAP_USER_MAX_METHODS)
-                               break;
-                       if (pos3 == NULL)
-                               break;
-                       start = pos3;
-               }
-               if (num_methods == 0) {
-                       printf("No EAP types configured on line %d in '%s'\n",
-                              line, fname);
-                       goto failed;
-               }
-
-               if (pos == NULL)
-                       goto done;
-
-               while (*pos == ' ' || *pos == '\t')
-                       pos++;
-               if (*pos == '\0')
-                       goto done;
-
-               if (strncmp(pos, "[ver=0]", 7) == 0) {
-                       user->force_version = 0;
-                       goto done;
-               }
-
-               if (strncmp(pos, "[ver=1]", 7) == 0) {
-                       user->force_version = 1;
-                       goto done;
-               }
-
-               if (strncmp(pos, "[2]", 3) == 0) {
-                       user->phase2 = 1;
-                       goto done;
-               }
-
-               if (*pos == '"') {
-                       pos++;
-                       start = pos;
-                       while (*pos != '"' && *pos != '\0')
-                               pos++;
-                       if (*pos == '\0') {
-                               printf("Invalid EAP password (no \" in end) "
-                                      "on line %d in '%s'\n", line, fname);
-                               goto failed;
-                       }
-
-                       user->password = malloc(pos - start);
-                       if (user->password == NULL) {
-                               printf("Failed to allocate memory for EAP "
-                                      "password\n");
-                               goto failed;
-                       }
-                       memcpy(user->password, start, pos - start);
-                       user->password_len = pos - start;
-
-                       pos++;
-               } else if (strncmp(pos, "hash:", 5) == 0) {
-                       pos += 5;
-                       pos2 = pos;
-                       while (*pos2 != '\0' && *pos2 != ' ' &&
-                              *pos2 != '\t' && *pos2 != '#')
-                               pos2++;
-                       if (pos2 - pos != 32) {
-                               printf("Invalid password hash on line %d in "
-                                      "'%s'\n", line, fname);
-                               goto failed;
-                       }
-                       user->password = malloc(16);
-                       if (user->password == NULL) {
-                               printf("Failed to allocate memory for EAP "
-                                      "password hash\n");
-                               goto failed;
-                       }
-                       if (hexstr2bin(pos, user->password, 16) < 0) {
-                               printf("Invalid hash password on line %d in "
-                                      "'%s'\n", line, fname);
-                               goto failed;
-                       }
-                       user->password_len = 16;
-                       user->password_hash = 1;
-                       pos = pos2;
-               } else {
-                       pos2 = pos;
-                       while (*pos2 != '\0' && *pos2 != ' ' &&
-                              *pos2 != '\t' && *pos2 != '#')
-                               pos2++;
-                       if ((pos2 - pos) & 1) {
-                               printf("Invalid hex password on line %d in "
-                                      "'%s'\n", line, fname);
-                               goto failed;
-                       }
-                       user->password = malloc((pos2 - pos) / 2);
-                       if (user->password == NULL) {
-                               printf("Failed to allocate memory for EAP "
-                                      "password\n");
-                               goto failed;
-                       }
-                       if (hexstr2bin(pos, user->password,
-                                      (pos2 - pos) / 2) < 0) {
-                               printf("Invalid hex password on line %d in "
-                                      "'%s'\n", line, fname);
-                               goto failed;
-                       }
-                       user->password_len = (pos2 - pos) / 2;
-                       pos = pos2;
-               }
-
-               while (*pos == ' ' || *pos == '\t')
-                       pos++;
-               if (strncmp(pos, "[2]", 3) == 0) {
-                       user->phase2 = 1;
-               }
-
-       done:
-               if (tail == NULL) {
-                       tail = conf->eap_user = user;
-               } else {
-                       tail->next = user;
-                       tail = user;
-               }
-               continue;
-
-       failed:
-               if (user) {
-                       free(user->password);
-                       free(user->identity);
-                       free(user);
-               }
-               ret = -1;
-               break;
-       }
-
-       fclose(f);
-
-       return ret;
-}
-#endif /* EAP_SERVER */
-
-
-static int
-hostapd_config_read_radius_addr(struct hostapd_radius_server **server,
-                               int *num_server, const char *val, int def_port,
-                               struct hostapd_radius_server **curr_serv)
-{
-       struct hostapd_radius_server *nserv;
-       int ret;
-       static int server_index = 1;
-
-       nserv = realloc(*server, (*num_server + 1) * sizeof(*nserv));
-       if (nserv == NULL)
-               return -1;
-
-       *server = nserv;
-       nserv = &nserv[*num_server];
-       (*num_server)++;
-       (*curr_serv) = nserv;
-
-       memset(nserv, 0, sizeof(*nserv));
-       nserv->port = def_port;
-       ret = hostapd_parse_ip_addr(val, &nserv->addr);
-       nserv->index = server_index++;
-
-       return ret;
-}
-
-
-static int hostapd_config_parse_key_mgmt(int line, const char *value)
-{
-       int val = 0, last;
-       char *start, *end, *buf;
-
-       buf = strdup(value);
-       if (buf == NULL)
-               return -1;
-       start = buf;
-
-       while (start != '\0') {
-               while (*start == ' ' || *start == '\t')
-                       start++;
-               if (*start == '\0')
-                       break;
-               end = start;
-               while (*end != ' ' && *end != '\t' && *end != '\0')
-                       end++;
-               last = *end == '\0';
-               *end = '\0';
-               if (strcmp(start, "WPA-PSK") == 0)
-                       val |= WPA_KEY_MGMT_PSK;
-               else if (strcmp(start, "WPA-EAP") == 0)
-                       val |= WPA_KEY_MGMT_IEEE8021X;
-               else {
-                       printf("Line %d: invalid key_mgmt '%s'\n",
-                              line, start);
-                       free(buf);
-                       return -1;
-               }
-
-               if (last)
-                       break;
-               start = end + 1;
-       }
-
-       free(buf);
-       if (val == 0) {
-               printf("Line %d: no key_mgmt values configured.\n", line);
-               return -1;
-       }
-
-       return val;
-}
-
-
-static int hostapd_config_parse_cipher(int line, const char *value)
-{
-       int val = 0, last;
-       char *start, *end, *buf;
-
-       buf = strdup(value);
-       if (buf == NULL)
-               return -1;
-       start = buf;
-
-       while (start != '\0') {
-               while (*start == ' ' || *start == '\t')
-                       start++;
-               if (*start == '\0')
-                       break;
-               end = start;
-               while (*end != ' ' && *end != '\t' && *end != '\0')
-                       end++;
-               last = *end == '\0';
-               *end = '\0';
-               if (strcmp(start, "CCMP") == 0)
-                       val |= WPA_CIPHER_CCMP;
-               else if (strcmp(start, "TKIP") == 0)
-                       val |= WPA_CIPHER_TKIP;
-               else if (strcmp(start, "WEP104") == 0)
-                       val |= WPA_CIPHER_WEP104;
-               else if (strcmp(start, "WEP40") == 0)
-                       val |= WPA_CIPHER_WEP40;
-               else if (strcmp(start, "NONE") == 0)
-                       val |= WPA_CIPHER_NONE;
-               else {
-                       printf("Line %d: invalid cipher '%s'.", line, start);
-                       free(buf);
-                       return -1;
-               }
-
-               if (last)
-                       break;
-               start = end + 1;
-       }
-       free(buf);
-
-       if (val == 0) {
-               printf("Line %d: no cipher values configured.", line);
-               return -1;
-       }
-       return val;
-}
-
-
-static int hostapd_config_check_bss(struct hostapd_bss_config *bss,
-                                   struct hostapd_config *conf)
-{
-       if (bss->ieee802_1x && !bss->eap_server &&
-           !bss->radius->auth_servers) {
-               printf("Invalid IEEE 802.1X configuration (no EAP "
-                      "authenticator configured).\n");
-               return -1;
-       }
-
-       if (bss->wpa && (bss->wpa_key_mgmt & WPA_KEY_MGMT_PSK) &&
-           bss->ssid.wpa_psk == NULL && bss->ssid.wpa_passphrase == NULL &&
-           bss->ssid.wpa_psk_file == NULL) {
-               printf("WPA-PSK enabled, but PSK or passphrase is not "
-                      "configured.\n");
-               return -1;
-       }
-
-       if (hostapd_mac_comp_empty(bss->bssid) != 0) {
-               size_t i;
-
-               for (i = 0; i < conf->num_bss; i++) {
-                       if ((&conf->bss[i] != bss) &&
-                           (hostapd_mac_comp(conf->bss[i].bssid,
-                                             bss->bssid) == 0)) {
-                               printf("Duplicate BSSID " MACSTR
-                                      " on interface '%s' and '%s'.\n",
-                                      MAC2STR(bss->bssid),
-                                      conf->bss[i].iface, bss->iface);
-                               return -1;
-                       }
-               }
-       }
-
-       return 0;
-}
-
-
-static int hostapd_config_check(struct hostapd_config *conf)
-{
-       size_t i;
-
-       for (i = 0; i < conf->num_bss; i++) {
-               if (hostapd_config_check_bss(&conf->bss[i], conf))
-                       return -1;
-       }
-
-       return 0;
-}
-
-
-static int hostapd_config_read_wep(struct hostapd_wep_keys *wep, int keyidx,
-                                  char *val)
-{
-       size_t len = strlen(val);
-
-       if (keyidx < 0 || keyidx > 3 || wep->key[keyidx] != NULL)
-               return -1;
-
-       if (val[0] == '"') {
-               if (len < 2 || val[len - 1] != '"')
-                       return -1;
-               len -= 2;
-               wep->key[keyidx] = malloc(len);
-               if (wep->key[keyidx] == NULL)
-                       return -1;
-               memcpy(wep->key[keyidx], val + 1, len);
-               wep->len[keyidx] = len;
-       } else {
-               if (len & 1)
-                       return -1;
-               len /= 2;
-               wep->key[keyidx] = malloc(len);
-               if (wep->key[keyidx] == NULL)
-                       return -1;
-               wep->len[keyidx] = len;
-               if (hexstr2bin(val, wep->key[keyidx], len) < 0)
-                       return -1;
-       }
-
-       wep->keys_set++;
-
-       return 0;
-}
-
-
-static int hostapd_parse_rates(int **rate_list, char *val)
-{
-       int *list;
-       int count;
-       char *pos, *end;
-
-       free(*rate_list);
-       *rate_list = NULL;
-
-       pos = val;
-       count = 0;
-       while (*pos != '\0') {
-               if (*pos == ' ')
-                       count++;
-               pos++;
-       }
-
-       list = malloc(sizeof(int) * (count + 2));
-       if (list == NULL)
-               return -1;
-       pos = val;
-       count = 0;
-       while (*pos != '\0') {
-               end = strchr(pos, ' ');
-               if (end)
-                       *end = '\0';
-
-               list[count++] = atoi(pos);
-               if (!end)
-                       break;
-               pos = end + 1;
-       }
-       list[count] = -1;
-
-       *rate_list = list;
-       return 0;
-}
-
-
-static int hostapd_config_bss(struct hostapd_config *conf, const char *ifname)
-{
-       struct hostapd_bss_config *bss;
-
-       if (*ifname == '\0')
-               return -1;
-
-       bss = realloc(conf->bss, (conf->num_bss + 1) *
-                     sizeof(struct hostapd_bss_config));
-       if (bss == NULL) {
-               printf("Failed to allocate memory for multi-BSS entry\n");
-               return -1;
-       }
-       conf->bss = bss;
-
-       bss = &(conf->bss[conf->num_bss]);
-       memset(bss, 0, sizeof(*bss));
-       bss->radius = wpa_zalloc(sizeof(*bss->radius));
-       if (bss->radius == NULL) {
-               printf("Failed to allocate memory for multi-BSS RADIUS "
-                      "data\n");
-               return -1;
-       }
-
-       conf->num_bss++;
-       conf->last_bss = bss;
-
-       hostapd_config_defaults_bss(bss);
-       snprintf(bss->iface, sizeof(bss->iface), "%s", ifname);
-       memcpy(bss->ssid.vlan, bss->iface, IFNAMSIZ + 1);
-
-       return 0;
-}
-
-
-static int valid_cw(int cw)
-{
-       return (cw == 1 || cw == 3 || cw == 7 || cw == 15 || cw == 31 ||
-               cw == 63 || cw == 127 || cw == 255 || cw == 511 || cw == 1023);
-}
-
-
-enum {
-       IEEE80211_TX_QUEUE_DATA0 = 0, /* used for EDCA AC_VO data */
-       IEEE80211_TX_QUEUE_DATA1 = 1, /* used for EDCA AC_VI data */
-       IEEE80211_TX_QUEUE_DATA2 = 2, /* used for EDCA AC_BE data */
-       IEEE80211_TX_QUEUE_DATA3 = 3, /* used for EDCA AC_BK data */
-       IEEE80211_TX_QUEUE_DATA4 = 4,
-       IEEE80211_TX_QUEUE_AFTER_BEACON = 6,
-       IEEE80211_TX_QUEUE_BEACON = 7
-};
-
-static int hostapd_config_tx_queue(struct hostapd_config *conf, char *name,
-                                  char *val)
-{
-       int num;
-       char *pos;
-       struct hostapd_tx_queue_params *queue;
-
-       /* skip 'tx_queue_' prefix */
-       pos = name + 9;
-       if (strncmp(pos, "data", 4) == 0 &&
-           pos[4] >= '0' && pos[4] <= '9' && pos[5] == '_') {
-               num = pos[4] - '0';
-               pos += 6;
-       } else if (strncmp(pos, "after_beacon_", 13) == 0) {
-               num = IEEE80211_TX_QUEUE_AFTER_BEACON;
-               pos += 13;
-       } else if (strncmp(pos, "beacon_", 7) == 0) {
-               num = IEEE80211_TX_QUEUE_BEACON;
-               pos += 7;
-       } else {
-               printf("Unknown tx_queue name '%s'\n", pos);
-               return -1;
-       }
-
-       queue = &conf->tx_queue[num];
-
-       if (strcmp(pos, "aifs") == 0) {
-               queue->aifs = atoi(val);
-               if (queue->aifs < 0 || queue->aifs > 255) {
-                       printf("Invalid AIFS value %d\n", queue->aifs);
-                       return -1;
-               }
-       } else if (strcmp(pos, "cwmin") == 0) {
-               queue->cwmin = atoi(val);
-               if (!valid_cw(queue->cwmin)) {
-                       printf("Invalid cwMin value %d\n", queue->cwmin);
-                       return -1;
-               }
-       } else if (strcmp(pos, "cwmax") == 0) {
-               queue->cwmax = atoi(val);
-               if (!valid_cw(queue->cwmax)) {
-                       printf("Invalid cwMax value %d\n", queue->cwmax);
-                       return -1;
-               }
-       } else if (strcmp(pos, "burst") == 0) {
-               queue->burst = hostapd_config_read_int10(val);
-       } else {
-               printf("Unknown tx_queue field '%s'\n", pos);
-               return -1;
-       }
-
-       queue->configured = 1;
-
-       return 0;
-}
-
-
-static int hostapd_config_wme_ac(struct hostapd_config *conf, char *name,
-                                  char *val)
-{
-       int num, v;
-       char *pos;
-       struct hostapd_wme_ac_params *ac;
-
-       /* skip 'wme_ac_' prefix */
-       pos = name + 7;
-       if (strncmp(pos, "be_", 3) == 0) {
-               num = 0;
-               pos += 3;
-       } else if (strncmp(pos, "bk_", 3) == 0) {
-               num = 1;
-               pos += 3;
-       } else if (strncmp(pos, "vi_", 3) == 0) {
-               num = 2;
-               pos += 3;
-       } else if (strncmp(pos, "vo_", 3) == 0) {
-               num = 3;
-               pos += 3;
-       } else {
-               printf("Unknown wme name '%s'\n", pos);
-               return -1;
-       }
-
-       ac = &conf->wme_ac_params[num];
-
-       if (strcmp(pos, "aifs") == 0) {
-               v = atoi(val);
-               if (v < 1 || v > 255) {
-                       printf("Invalid AIFS value %d\n", v);
-                       return -1;
-               }
-               ac->aifs = v;
-       } else if (strcmp(pos, "cwmin") == 0) {
-               v = atoi(val);
-               if (v < 0 || v > 12) {
-                       printf("Invalid cwMin value %d\n", v);
-                       return -1;
-               }
-               ac->cwmin = v;
-       } else if (strcmp(pos, "cwmax") == 0) {
-               v = atoi(val);
-               if (v < 0 || v > 12) {
-                       printf("Invalid cwMax value %d\n", v);
-                       return -1;
-               }
-               ac->cwmax = v;
-       } else if (strcmp(pos, "txop_limit") == 0) {
-               v = atoi(val);
-               if (v < 0 || v > 0xffff) {
-                       printf("Invalid txop value %d\n", v);
-                       return -1;
-               }
-               ac->txopLimit = v;
-       } else if (strcmp(pos, "acm") == 0) {
-               v = atoi(val);
-               if (v < 0 || v > 1) {
-                       printf("Invalid acm value %d\n", v);
-                       return -1;
-               }
-               ac->admission_control_mandatory = v;
-       } else {
-               printf("Unknown wme_ac_ field '%s'\n", pos);
-               return -1;
-       }
-
-       return 0;
-}
-
-
-struct hostapd_config * hostapd_config_read(const char *fname)
-{
-       struct hostapd_config *conf;
-       struct hostapd_bss_config *bss;
-       FILE *f;
-       char buf[256], *pos;
-       int line = 0;
-       int errors = 0;
-       size_t i;
-
-       f = fopen(fname, "r");
-       if (f == NULL) {
-               printf("Could not open configuration file '%s' for reading.\n",
-                      fname);
-               return NULL;
-       }
-
-       conf = hostapd_config_defaults();
-       if (conf == NULL) {
-               fclose(f);
-               return NULL;
-       }
-       bss = conf->last_bss = conf->bss;
-
-       while (fgets(buf, sizeof(buf), f)) {
-               bss = conf->last_bss;
-               line++;
-
-               if (buf[0] == '#')
-                       continue;
-               pos = buf;
-               while (*pos != '\0') {
-                       if (*pos == '\n') {
-                               *pos = '\0';
-                               break;
-                       }
-                       pos++;
-               }
-               if (buf[0] == '\0')
-                       continue;
-
-               pos = strchr(buf, '=');
-               if (pos == NULL) {
-                       printf("Line %d: invalid line '%s'\n", line, buf);
-                       errors++;
-                       continue;
-               }
-               *pos = '\0';
-               pos++;
-
-               if (strcmp(buf, "interface") == 0) {
-                       snprintf(conf->bss[0].iface,
-                                sizeof(conf->bss[0].iface), "%s", pos);
-               } else if (strcmp(buf, "bridge") == 0) {
-                       snprintf(bss->bridge, sizeof(bss->bridge), "%s", pos);
-               } else if (strcmp(buf, "driver") == 0) {
-                       conf->driver = driver_lookup(pos);
-                       if (conf->driver == NULL) {
-                               printf("Line %d: invalid/unknown driver "
-                                      "'%s'\n", line, pos);
-                               errors++;
-                       }
-               } else if (strcmp(buf, "debug") == 0) {
-                       bss->debug = atoi(pos);
-               } else if (strcmp(buf, "logger_syslog_level") == 0) {
-                       bss->logger_syslog_level = atoi(pos);
-               } else if (strcmp(buf, "logger_stdout_level") == 0) {
-                       bss->logger_stdout_level = atoi(pos);
-               } else if (strcmp(buf, "logger_syslog") == 0) {
-                       bss->logger_syslog = atoi(pos);
-               } else if (strcmp(buf, "logger_stdout") == 0) {
-                       bss->logger_stdout = atoi(pos);
-               } else if (strcmp(buf, "dump_file") == 0) {
-                       bss->dump_log_name = strdup(pos);
-               } else if (strcmp(buf, "ssid") == 0) {
-                       bss->ssid.ssid_len = strlen(pos);
-                       if (bss->ssid.ssid_len > HOSTAPD_MAX_SSID_LEN ||
-                           bss->ssid.ssid_len < 1) {
-                               printf("Line %d: invalid SSID '%s'\n", line,
-                                      pos);
-                               errors++;
-                       } else {
-                               memcpy(bss->ssid.ssid, pos,
-                                      bss->ssid.ssid_len);
-                               bss->ssid.ssid[bss->ssid.ssid_len] = '\0';
-                               bss->ssid.ssid_set = 1;
-                       }
-               } else if (strcmp(buf, "macaddr_acl") == 0) {
-                       bss->macaddr_acl = atoi(pos);
-                       if (bss->macaddr_acl != ACCEPT_UNLESS_DENIED &&
-                           bss->macaddr_acl != DENY_UNLESS_ACCEPTED &&
-                           bss->macaddr_acl != USE_EXTERNAL_RADIUS_AUTH) {
-                               printf("Line %d: unknown macaddr_acl %d\n",
-                                      line, bss->macaddr_acl);
-                       }
-               } else if (strcmp(buf, "accept_mac_file") == 0) {
-                       if (hostapd_config_read_maclist(pos, &bss->accept_mac,
-                                                       &bss->num_accept_mac))
-                       {
-                               printf("Line %d: Failed to read "
-                                      "accept_mac_file '%s'\n",
-                                      line, pos);
-                               errors++;
-                       }
-               } else if (strcmp(buf, "deny_mac_file") == 0) {
-                       if (hostapd_config_read_maclist(pos, &bss->deny_mac,
-                                                       &bss->num_deny_mac))
-                       {
-                               printf("Line %d: Failed to read "
-                                      "deny_mac_file '%s'\n",
-                                      line, pos);
-                               errors++;
-                       }
-               } else if (strcmp(buf, "ap_max_inactivity") == 0) {
-                       bss->ap_max_inactivity = atoi(pos);
-               } else if (strcmp(buf, "country_code") == 0) {
-                       memcpy(conf->country, pos, 2);
-                       /* FIX: make this configurable */
-                       conf->country[2] = ' ';
-               } else if (strcmp(buf, "ieee80211d") == 0) {
-                       conf->ieee80211d = atoi(pos);
-               } else if (strcmp(buf, "ieee80211h") == 0) {
-                       conf->ieee80211h = atoi(pos);
-               } else if (strcmp(buf, "assoc_ap_addr") == 0) {
-                       if (hwaddr_aton(pos, bss->assoc_ap_addr)) {
-                               printf("Line %d: invalid MAC address '%s'\n",
-                                      line, pos);
-                               errors++;
-                       }
-                       bss->assoc_ap = 1;
-               } else if (strcmp(buf, "ieee8021x") == 0) {
-                       bss->ieee802_1x = atoi(pos);
-               } else if (strcmp(buf, "eapol_version") == 0) {
-                       bss->eapol_version = atoi(pos);
-                       if (bss->eapol_version < 1 ||
-                           bss->eapol_version > 2) {
-                               printf("Line %d: invalid EAPOL "
-                                      "version (%d): '%s'.\n",
-                                      line, bss->eapol_version, pos);
-                               errors++;
-                       } else
-                               wpa_printf(MSG_DEBUG, "eapol_version=%d",
-                                          bss->eapol_version);
-#ifdef EAP_SERVER
-               } else if (strcmp(buf, "eap_authenticator") == 0) {
-                       bss->eap_server = atoi(pos);
-                       printf("Line %d: obsolete eap_authenticator used; "
-                              "this has been renamed to eap_server\n", line);
-               } else if (strcmp(buf, "eap_server") == 0) {
-                       bss->eap_server = atoi(pos);
-               } else if (strcmp(buf, "eap_user_file") == 0) {
-                       if (hostapd_config_read_eap_user(pos, bss))
-                               errors++;
-               } else if (strcmp(buf, "ca_cert") == 0) {
-                       free(bss->ca_cert);
-                       bss->ca_cert = strdup(pos);
-               } else if (strcmp(buf, "server_cert") == 0) {
-                       free(bss->server_cert);
-                       bss->server_cert = strdup(pos);
-               } else if (strcmp(buf, "private_key") == 0) {
-                       free(bss->private_key);
-                       bss->private_key = strdup(pos);
-               } else if (strcmp(buf, "private_key_passwd") == 0) {
-                       free(bss->private_key_passwd);
-                       bss->private_key_passwd = strdup(pos);
-               } else if (strcmp(buf, "check_crl") == 0) {
-                       bss->check_crl = atoi(pos);
-#ifdef EAP_SIM
-               } else if (strcmp(buf, "eap_sim_db") == 0) {
-                       free(bss->eap_sim_db);
-                       bss->eap_sim_db = strdup(pos);
-#endif /* EAP_SIM */
-#endif /* EAP_SERVER */
-               } else if (strcmp(buf, "eap_message") == 0) {
-                       char *term;
-                       bss->eap_req_id_text = strdup(pos);
-                       if (bss->eap_req_id_text == NULL) {
-                               printf("Line %d: Failed to allocate memory "
-                                      "for eap_req_id_text\n", line);
-                               errors++;
-                               continue;
-                       }
-                       bss->eap_req_id_text_len =
-                               strlen(bss->eap_req_id_text);
-                       term = strstr(bss->eap_req_id_text, "\\0");
-                       if (term) {
-                               *term++ = '\0';
-                               memmove(term, term + 1,
-                                       bss->eap_req_id_text_len -
-                                       (term - bss->eap_req_id_text) - 1);
-                               bss->eap_req_id_text_len--;
-                       }
-               } else if (strcmp(buf, "wep_key_len_broadcast") == 0) {
-                       bss->default_wep_key_len = atoi(pos);
-                       if (bss->default_wep_key_len > 13) {
-                               printf("Line %d: invalid WEP key len %lu "
-                                      "(= %lu bits)\n", line,
-                                      (unsigned long)
-                                      bss->default_wep_key_len,
-                                      (unsigned long)
-                                      bss->default_wep_key_len * 8);
-                               errors++;
-                       }
-               } else if (strcmp(buf, "wep_key_len_unicast") == 0) {
-                       bss->individual_wep_key_len = atoi(pos);
-                       if (bss->individual_wep_key_len < 0 ||
-                           bss->individual_wep_key_len > 13) {
-                               printf("Line %d: invalid WEP key len %d "
-                                      "(= %d bits)\n", line,
-                                      bss->individual_wep_key_len,
-                                      bss->individual_wep_key_len * 8);
-                               errors++;
-                       }
-               } else if (strcmp(buf, "wep_rekey_period") == 0) {
-                       bss->wep_rekeying_period = atoi(pos);
-                       if (bss->wep_rekeying_period < 0) {
-                               printf("Line %d: invalid period %d\n",
-                                      line, bss->wep_rekeying_period);
-                               errors++;
-                       }
-               } else if (strcmp(buf, "eap_reauth_period") == 0) {
-                       bss->eap_reauth_period = atoi(pos);
-                       if (bss->eap_reauth_period < 0) {
-                               printf("Line %d: invalid period %d\n",
-                                      line, bss->eap_reauth_period);
-                               errors++;
-                       }
-               } else if (strcmp(buf, "eapol_key_index_workaround") == 0) {
-                       bss->eapol_key_index_workaround = atoi(pos);
-#ifdef CONFIG_IAPP
-               } else if (strcmp(buf, "iapp_interface") == 0) {
-                       bss->ieee802_11f = 1;
-                       snprintf(bss->iapp_iface, sizeof(bss->iapp_iface),
-                                "%s", pos);
-#endif /* CONFIG_IAPP */
-               } else if (strcmp(buf, "own_ip_addr") == 0) {
-                       if (hostapd_parse_ip_addr(pos, &bss->own_ip_addr)) {
-                               printf("Line %d: invalid IP address '%s'\n",
-                                      line, pos);
-                               errors++;
-                       }
-               } else if (strcmp(buf, "nas_identifier") == 0) {
-                       bss->nas_identifier = strdup(pos);
-               } else if (strcmp(buf, "auth_server_addr") == 0) {
-                       if (hostapd_config_read_radius_addr(
-                                   &bss->radius->auth_servers,
-                                   &bss->radius->num_auth_servers, pos, 1812,
-                                   &bss->radius->auth_server)) {
-                               printf("Line %d: invalid IP address '%s'\n",
-                                      line, pos);
-                               errors++;
-                       }
-               } else if (bss->radius->auth_server &&
-                          strcmp(buf, "auth_server_port") == 0) {
-                       bss->radius->auth_server->port = atoi(pos);
-               } else if (bss->radius->auth_server &&
-                          strcmp(buf, "auth_server_shared_secret") == 0) {
-                       int len = strlen(pos);
-                       if (len == 0) {
-                               /* RFC 2865, Ch. 3 */
-                               printf("Line %d: empty shared secret is not "
-                                      "allowed.\n", line);
-                               errors++;
-                       }
-                       bss->radius->auth_server->shared_secret =
-                               (u8 *) strdup(pos);
-                       bss->radius->auth_server->shared_secret_len = len;
-               } else if (strcmp(buf, "acct_server_addr") == 0) {
-                       if (hostapd_config_read_radius_addr(
-                                   &bss->radius->acct_servers,
-                                   &bss->radius->num_acct_servers, pos, 1813,
-                                   &bss->radius->acct_server)) {
-                               printf("Line %d: invalid IP address '%s'\n",
-                                      line, pos);
-                               errors++;
-                       }
-               } else if (bss->radius->acct_server &&
-                          strcmp(buf, "acct_server_port") == 0) {
-                       bss->radius->acct_server->port = atoi(pos);
-               } else if (bss->radius->acct_server &&
-                          strcmp(buf, "acct_server_shared_secret") == 0) {
-                       int len = strlen(pos);
-                       if (len == 0) {
-                               /* RFC 2865, Ch. 3 */
-                               printf("Line %d: empty shared secret is not "
-                                      "allowed.\n", line);
-                               errors++;
-                       }
-                       bss->radius->acct_server->shared_secret =
-                               (u8 *) strdup(pos);
-                       bss->radius->acct_server->shared_secret_len = len;
-               } else if (strcmp(buf, "radius_retry_primary_interval") == 0) {
-                       bss->radius->retry_primary_interval = atoi(pos);
-               } else if (strcmp(buf, "radius_acct_interim_interval") == 0) {
-                       bss->radius->acct_interim_interval = atoi(pos);
-               } else if (strcmp(buf, "auth_algs") == 0) {
-                       bss->auth_algs = atoi(pos);
-                       if (bss->auth_algs == 0) {
-                               printf("Line %d: no authentication algorithms "
-                                      "allowed\n",
-                                      line);
-                               errors++;
-                       }
-               } else if (strcmp(buf, "max_num_sta") == 0) {
-                       bss->max_num_sta = atoi(pos);
-                       if (bss->max_num_sta < 0 ||
-                           bss->max_num_sta > MAX_STA_COUNT) {
-                               printf("Line %d: Invalid max_num_sta=%d; "
-                                      "allowed range 0..%d\n", line,
-                                      bss->max_num_sta, MAX_STA_COUNT);
-                               errors++;
-                       }
-               } else if (strcmp(buf, "wpa") == 0) {
-                       bss->wpa = atoi(pos);
-               } else if (strcmp(buf, "wpa_group_rekey") == 0) {
-                       bss->wpa_group_rekey = atoi(pos);
-               } else if (strcmp(buf, "wpa_strict_rekey") == 0) {
-                       bss->wpa_strict_rekey = atoi(pos);
-               } else if (strcmp(buf, "wpa_gmk_rekey") == 0) {
-                       bss->wpa_gmk_rekey = atoi(pos);
-               } else if (strcmp(buf, "wpa_passphrase") == 0) {
-                       int len = strlen(pos);
-                       if (len < 8 || len > 63) {
-                               printf("Line %d: invalid WPA passphrase length"
-                                      " %d (expected 8..63)\n", line, len);
-                               errors++;
-                       } else {
-                               free(bss->ssid.wpa_passphrase);
-                               bss->ssid.wpa_passphrase = strdup(pos);
-                       }
-               } else if (strcmp(buf, "wpa_psk") == 0) {
-                       free(bss->ssid.wpa_psk);
-                       bss->ssid.wpa_psk =
-                               wpa_zalloc(sizeof(struct hostapd_wpa_psk));
-                       if (bss->ssid.wpa_psk == NULL)
-                               errors++;
-                       else if (hexstr2bin(pos, bss->ssid.wpa_psk->psk,
-                                           PMK_LEN) ||
-                                pos[PMK_LEN * 2] != '\0') {
-                               printf("Line %d: Invalid PSK '%s'.\n", line,
-                                      pos);
-                               errors++;
-                       } else {
-                               bss->ssid.wpa_psk->group = 1;
-                       }
-               } else if (strcmp(buf, "wpa_psk_file") == 0) {
-                       free(bss->ssid.wpa_psk_file);
-                       bss->ssid.wpa_psk_file = strdup(pos);
-                       if (!bss->ssid.wpa_psk_file) {
-                               printf("Line %d: allocation failed\n", line);
-                               errors++;
-                       }
-               } else if (strcmp(buf, "wpa_key_mgmt") == 0) {
-                       bss->wpa_key_mgmt =
-                               hostapd_config_parse_key_mgmt(line, pos);
-                       if (bss->wpa_key_mgmt == -1)
-                               errors++;
-               } else if (strcmp(buf, "wpa_pairwise") == 0) {
-                       bss->wpa_pairwise =
-                               hostapd_config_parse_cipher(line, pos);
-                       if (bss->wpa_pairwise == -1 ||
-                           bss->wpa_pairwise == 0)
-                               errors++;
-                       else if (bss->wpa_pairwise &
-                                (WPA_CIPHER_NONE | WPA_CIPHER_WEP40 |
-                                 WPA_CIPHER_WEP104)) {
-                               printf("Line %d: unsupported pairwise "
-                                      "cipher suite '%s'\n",
-                                      bss->wpa_pairwise, pos);
-                               errors++;
-                       } else {
-                               if (bss->wpa_pairwise & WPA_CIPHER_TKIP)
-                                       bss->wpa_group = WPA_CIPHER_TKIP;
-                               else
-                                       bss->wpa_group = WPA_CIPHER_CCMP;
-                       }
-#ifdef CONFIG_RSN_PREAUTH
-               } else if (strcmp(buf, "rsn_preauth") == 0) {
-                       bss->rsn_preauth = atoi(pos);
-               } else if (strcmp(buf, "rsn_preauth_interfaces") == 0) {
-                       bss->rsn_preauth_interfaces = strdup(pos);
-#endif /* CONFIG_RSN_PREAUTH */
-#ifdef CONFIG_PEERKEY
-               } else if (strcmp(buf, "peerkey") == 0) {
-                       bss->peerkey = atoi(pos);
-#endif /* CONFIG_PEERKEY */
-               } else if (strcmp(buf, "ctrl_interface") == 0) {
-                       free(bss->ctrl_interface);
-                       bss->ctrl_interface = strdup(pos);
-               } else if (strcmp(buf, "ctrl_interface_group") == 0) {
-#ifndef CONFIG_NATIVE_WINDOWS
-                       struct group *grp;
-                       char *endp;
-                       const char *group = pos;
-
-                       grp = getgrnam(group);
-                       if (grp) {
-                               bss->ctrl_interface_gid = grp->gr_gid;
-                               bss->ctrl_interface_gid_set = 1;
-                               wpa_printf(MSG_DEBUG, "ctrl_interface_group=%d"
-                                          " (from group name '%s')",
-                                          bss->ctrl_interface_gid, group);
-                               continue;
-                       }
-
-                       /* Group name not found - try to parse this as gid */
-                       bss->ctrl_interface_gid = strtol(group, &endp, 10);
-                       if (*group == '\0' || *endp != '\0') {
-                               wpa_printf(MSG_DEBUG, "Line %d: Invalid group "
-                                          "'%s'", line, group);
-                               errors++;
-                               continue;
-                       }
-                       bss->ctrl_interface_gid_set = 1;
-                       wpa_printf(MSG_DEBUG, "ctrl_interface_group=%d",
-                                  bss->ctrl_interface_gid);
-#endif /* CONFIG_NATIVE_WINDOWS */
-#ifdef RADIUS_SERVER
-               } else if (strcmp(buf, "radius_server_clients") == 0) {
-                       free(bss->radius_server_clients);
-                       bss->radius_server_clients = strdup(pos);
-               } else if (strcmp(buf, "radius_server_auth_port") == 0) {
-                       bss->radius_server_auth_port = atoi(pos);
-               } else if (strcmp(buf, "radius_server_ipv6") == 0) {
-                       bss->radius_server_ipv6 = atoi(pos);
-#endif /* RADIUS_SERVER */
-               } else if (strcmp(buf, "test_socket") == 0) {
-                       free(bss->test_socket);
-                       bss->test_socket = strdup(pos);
-               } else if (strcmp(buf, "use_pae_group_addr") == 0) {
-                       bss->use_pae_group_addr = atoi(pos);
-               } else if (strcmp(buf, "hw_mode") == 0) {
-                       if (strcmp(pos, "a") == 0)
-                               conf->hw_mode = HOSTAPD_MODE_IEEE80211A;
-                       else if (strcmp(pos, "b") == 0)
-                               conf->hw_mode = HOSTAPD_MODE_IEEE80211B;
-                       else if (strcmp(pos, "g") == 0)
-                               conf->hw_mode = HOSTAPD_MODE_IEEE80211G;
-                       else {
-                               printf("Line %d: unknown hw_mode '%s'\n",
-                                      line, pos);
-                               errors++;
-                       }
-               } else if (strcmp(buf, "channel") == 0) {
-                       conf->channel = atoi(pos);
-               } else if (strcmp(buf, "beacon_int") == 0) {
-                       int val = atoi(pos);
-                       /* MIB defines range as 1..65535, but very small values
-                        * cause problems with the current implementation.
-                        * Since it is unlikely that this small numbers are
-                        * useful in real life scenarios, do not allow beacon
-                        * period to be set below 15 TU. */
-                       if (val < 15 || val > 65535) {
-                               printf("Line %d: invalid beacon_int %d "
-                                      "(expected 15..65535)\n",
-                                      line, val);
-                               errors++;
-                       } else
-                               conf->beacon_int = val;
-               } else if (strcmp(buf, "dtim_period") == 0) {
-                       bss->dtim_period = atoi(pos);
-                       if (bss->dtim_period < 1 || bss->dtim_period > 255) {
-                               printf("Line %d: invalid dtim_period %d\n",
-                                      line, bss->dtim_period);
-                               errors++;
-                       }
-               } else if (strcmp(buf, "rts_threshold") == 0) {
-                       conf->rts_threshold = atoi(pos);
-                       if (conf->rts_threshold < 0 ||
-                           conf->rts_threshold > 2347) {
-                               printf("Line %d: invalid rts_threshold %d\n",
-                                      line, conf->rts_threshold);
-                               errors++;
-                       }
-               } else if (strcmp(buf, "fragm_threshold") == 0) {
-                       conf->fragm_threshold = atoi(pos);
-                       if (conf->fragm_threshold < 256 ||
-                           conf->fragm_threshold > 2346) {
-                               printf("Line %d: invalid fragm_threshold %d\n",
-                                      line, conf->fragm_threshold);
-                               errors++;
-                       }
-               } else if (strcmp(buf, "send_probe_response") == 0) {
-                       int val = atoi(pos);
-                       if (val != 0 && val != 1) {
-                               printf("Line %d: invalid send_probe_response "
-                                      "%d (expected 0 or 1)\n", line, val);
-                       } else
-                               conf->send_probe_response = val;
-               } else if (strcmp(buf, "supported_rates") == 0) {
-                       if (hostapd_parse_rates(&conf->supported_rates, pos)) {
-                               printf("Line %d: invalid rate list\n", line);
-                               errors++;
-                       }
-               } else if (strcmp(buf, "basic_rates") == 0) {
-                       if (hostapd_parse_rates(&conf->basic_rates, pos)) {
-                               printf("Line %d: invalid rate list\n", line);
-                               errors++;
-                       }
-               } else if (strcmp(buf, "ignore_broadcast_ssid") == 0) {
-                       bss->ignore_broadcast_ssid = atoi(pos);
-               } else if (strcmp(buf, "bridge_packets") == 0) {
-                       conf->bridge_packets = atoi(pos);
-               } else if (strcmp(buf, "wep_default_key") == 0) {
-                       bss->ssid.wep.idx = atoi(pos);
-                       if (bss->ssid.wep.idx > 3) {
-                               printf("Invalid wep_default_key index %d\n",
-                                      bss->ssid.wep.idx);
-                               errors++;
-                       }
-               } else if (strcmp(buf, "wep_key0") == 0 ||
-                          strcmp(buf, "wep_key1") == 0 ||
-                          strcmp(buf, "wep_key2") == 0 ||
-                          strcmp(buf, "wep_key3") == 0) {
-                       if (hostapd_config_read_wep(&bss->ssid.wep,
-                                                   buf[7] - '0', pos)) {
-                               printf("Line %d: invalid WEP key '%s'\n",
-                                      line, buf);
-                               errors++;
-                       }
-               } else if (strcmp(buf, "dynamic_vlan") == 0) {
-                       bss->ssid.dynamic_vlan = atoi(pos);
-               } else if (strcmp(buf, "vlan_file") == 0) {
-                       if (hostapd_config_read_vlan_file(bss, pos)) {
-                               printf("Line %d: failed to read VLAN file "
-                                      "'%s'\n", line, pos);
-                               errors++;
-                       }
-#ifdef CONFIG_FULL_DYNAMIC_VLAN
-               } else if (strcmp(buf, "vlan_tagged_interface") == 0) {
-                       bss->ssid.vlan_tagged_interface = strdup(pos);
-#endif /* CONFIG_FULL_DYNAMIC_VLAN */
-               } else if (strcmp(buf, "passive_scan_interval") == 0) {
-                       conf->passive_scan_interval = atoi(pos);
-               } else if (strcmp(buf, "passive_scan_listen") == 0) {
-                       conf->passive_scan_listen = atoi(pos);
-               } else if (strcmp(buf, "passive_scan_mode") == 0) {
-                       conf->passive_scan_mode = atoi(pos);
-               } else if (strcmp(buf, "ap_table_max_size") == 0) {
-                       conf->ap_table_max_size = atoi(pos);
-               } else if (strcmp(buf, "ap_table_expiration_time") == 0) {
-                       conf->ap_table_expiration_time = atoi(pos);
-               } else if (strncmp(buf, "tx_queue_", 9) == 0) {
-                       if (hostapd_config_tx_queue(conf, buf, pos)) {
-                               printf("Line %d: invalid TX queue item\n",
-                                      line);
-                               errors++;
-                       }
-               } else if (strcmp(buf, "wme_enabled") == 0) {
-                       bss->wme_enabled = atoi(pos);
-               } else if (strncmp(buf, "wme_ac_", 7) == 0) {
-                       if (hostapd_config_wme_ac(conf, buf, pos)) {
-                               printf("Line %d: invalid wme ac item\n",
-                                      line);
-                               errors++;
-                       }
-               } else if (strcmp(buf, "bss") == 0) {
-                       if (hostapd_config_bss(conf, pos)) {
-                               printf("Line %d: invalid bss item\n", line);
-                               errors++;
-                       }
-               } else if (strcmp(buf, "bssid") == 0) {
-                       if (bss == conf->bss) {
-                               printf("Line %d: bssid item not allowed "
-                                      "for the default interface\n", line);
-                               errors++;
-                       } else if (hwaddr_aton(pos, bss->bssid)) {
-                               printf("Line %d: invalid bssid item\n", line);
-                               errors++;
-                       }
-#ifdef CONFIG_IEEE80211W
-               } else if (strcmp(buf, "ieee80211w") == 0) {
-                       bss->ieee80211w = atoi(pos);
-#endif /* CONFIG_IEEE80211W */
-               } else {
-                       printf("Line %d: unknown configuration item '%s'\n",
-                              line, buf);
-                       errors++;
-               }
-       }
-
-       fclose(f);
-
-       if (bss->individual_wep_key_len == 0) {
-               /* individual keys are not use; can use key idx0 for broadcast
-                * keys */
-               bss->broadcast_key_idx_min = 0;
-       }
-
-       for (i = 0; i < conf->num_bss; i++) {
-               bss = &conf->bss[i];
-
-               bss->radius->auth_server = bss->radius->auth_servers;
-               bss->radius->acct_server = bss->radius->acct_servers;
-
-               if (bss->wpa && bss->ieee802_1x) {
-                       bss->ssid.security_policy = SECURITY_WPA;
-               } else if (bss->wpa) {
-                       bss->ssid.security_policy = SECURITY_WPA_PSK;
-               } else if (bss->ieee802_1x) {
-                       bss->ssid.security_policy = SECURITY_IEEE_802_1X;
-                       bss->ssid.wep.default_len = bss->default_wep_key_len;
-               } else if (bss->ssid.wep.keys_set)
-                       bss->ssid.security_policy = SECURITY_STATIC_WEP;
-               else
-                       bss->ssid.security_policy = SECURITY_PLAINTEXT;
-       }
-
-       if (hostapd_config_check(conf))
-               errors++;
-
-       if (errors) {
-               printf("%d errors found in configuration file '%s'\n",
-                      errors, fname);
-               hostapd_config_free(conf);
-               conf = NULL;
-       }
-
-       return conf;
-}
-
-
-int hostapd_wep_key_cmp(struct hostapd_wep_keys *a, struct hostapd_wep_keys *b)
-{
-       int i;
-
-       if (a->idx != b->idx || a->default_len != b->default_len)
-               return 1;
-       for (i = 0; i < NUM_WEP_KEYS; i++)
-               if (a->len[i] != b->len[i] ||
-                   memcmp(a->key[i], b->key[i], a->len[i]) != 0)
-                       return 1;
-       return 0;
-}
-
-
-static void hostapd_config_free_radius(struct hostapd_radius_server *servers,
-                                      int num_servers)
-{
-       int i;
-
-       for (i = 0; i < num_servers; i++) {
-               free(servers[i].shared_secret);
-       }
-       free(servers);
-}
-
-
-static void hostapd_config_free_eap_user(struct hostapd_eap_user *user)
-{
-       free(user->identity);
-       free(user->password);
-       free(user);
-}
-
-
-static void hostapd_config_free_wep(struct hostapd_wep_keys *keys)
-{
-       int i;
-       for (i = 0; i < NUM_WEP_KEYS; i++) {
-               free(keys->key[i]);
-               keys->key[i] = NULL;
-       }
-}
-
-
-static void hostapd_config_free_bss(struct hostapd_bss_config *conf)
-{
-       struct hostapd_wpa_psk *psk, *prev;
-       struct hostapd_eap_user *user, *prev_user;
-
-       if (conf == NULL)
-               return;
-
-       psk = conf->ssid.wpa_psk;
-       while (psk) {
-               prev = psk;
-               psk = psk->next;
-               free(prev);
-       }
-
-       free(conf->ssid.wpa_passphrase);
-       free(conf->ssid.wpa_psk_file);
-#ifdef CONFIG_FULL_DYNAMIC_VLAN
-       free(conf->ssid.vlan_tagged_interface);
-#endif /* CONFIG_FULL_DYNAMIC_VLAN */
-
-       user = conf->eap_user;
-       while (user) {
-               prev_user = user;
-               user = user->next;
-               hostapd_config_free_eap_user(prev_user);
-       }
-
-       free(conf->dump_log_name);
-       free(conf->eap_req_id_text);
-       free(conf->accept_mac);
-       free(conf->deny_mac);
-       free(conf->nas_identifier);
-       hostapd_config_free_radius(conf->radius->auth_servers,
-                                  conf->radius->num_auth_servers);
-       hostapd_config_free_radius(conf->radius->acct_servers,
-                                  conf->radius->num_acct_servers);
-       free(conf->rsn_preauth_interfaces);
-       free(conf->ctrl_interface);
-       free(conf->ca_cert);
-       free(conf->server_cert);
-       free(conf->private_key);
-       free(conf->private_key_passwd);
-       free(conf->eap_sim_db);
-       free(conf->radius_server_clients);
-       free(conf->test_socket);
-       free(conf->radius);
-       hostapd_config_free_vlan(conf);
-       if (conf->ssid.dyn_vlan_keys) {
-               struct hostapd_ssid *ssid = &conf->ssid;
-               size_t i;
-               for (i = 0; i <= ssid->max_dyn_vlan_keys; i++) {
-                       if (ssid->dyn_vlan_keys[i] == NULL)
-                               continue;
-                       hostapd_config_free_wep(ssid->dyn_vlan_keys[i]);
-                       free(ssid->dyn_vlan_keys[i]);
-               }
-               free(ssid->dyn_vlan_keys);
-               ssid->dyn_vlan_keys = NULL;
-       }
-}
-
-
-void hostapd_config_free(struct hostapd_config *conf)
-{
-       size_t i;
-
-       if (conf == NULL)
-               return;
-
-       for (i = 0; i < conf->num_bss; i++)
-               hostapd_config_free_bss(&conf->bss[i]);
-       free(conf->bss);
-
-       free(conf);
-}
-
-
-/* Perform a binary search for given MAC address from a pre-sorted list.
- * Returns 1 if address is in the list or 0 if not. */
-int hostapd_maclist_found(macaddr *list, int num_entries, const u8 *addr)
-{
-       int start, end, middle, res;
-
-       start = 0;
-       end = num_entries - 1;
-
-       while (start <= end) {
-               middle = (start + end) / 2;
-               res = memcmp(list[middle], addr, ETH_ALEN);
-               if (res == 0)
-                       return 1;
-               if (res < 0)
-                       start = middle + 1;
-               else
-                       end = middle - 1;
-       }
-
-       return 0;
-}
-
-
-int hostapd_rate_found(int *list, int rate)
-{
-       int i;
-
-       if (list == NULL)
-               return 0;
-
-       for (i = 0; list[i] >= 0; i++)
-               if (list[i] == rate)
-                       return 1;
-
-       return 0;
-}
-
-
-const char * hostapd_get_vlan_id_ifname(struct hostapd_vlan *vlan, int vlan_id)
-{
-       struct hostapd_vlan *v = vlan;
-       while (v) {
-               if (v->vlan_id == vlan_id || v->vlan_id == VLAN_ID_WILDCARD)
-                       return v->ifname;
-               v = v->next;
-       }
-       return NULL;
-}
-
-
-const u8 * hostapd_get_psk(const struct hostapd_bss_config *conf,
-                          const u8 *addr, const u8 *prev_psk)
-{
-       struct hostapd_wpa_psk *psk;
-       int next_ok = prev_psk == NULL;
-
-       for (psk = conf->ssid.wpa_psk; psk != NULL; psk = psk->next) {
-               if (next_ok &&
-                   (psk->group || memcmp(psk->addr, addr, ETH_ALEN) == 0))
-                       return psk->psk;
-
-               if (psk->psk == prev_psk)
-                       next_ok = 1;
-       }
-
-       return NULL;
-}
-
-
-const struct hostapd_eap_user *
-hostapd_get_eap_user(const struct hostapd_bss_config *conf, const u8 *identity,
-                    size_t identity_len, int phase2)
-{
-       struct hostapd_eap_user *user = conf->eap_user;
-
-       while (user) {
-               if (!phase2 && user->identity == NULL) {
-                       /* Wildcard match */
-                       break;
-               }
-
-               if (!phase2 && user->wildcard_prefix &&
-                   identity_len >= user->identity_len &&
-                   memcmp(user->identity, identity, user->identity_len) == 0)
-               {
-                       /* Wildcard prefix match */
-                       break;
-               }
-
-               if (user->phase2 == !!phase2 &&
-                   user->identity_len == identity_len &&
-                   memcmp(user->identity, identity, identity_len) == 0)
-                       break;
-               user = user->next;
-       }
-
-       return user;
-}
diff --git a/contrib/hostapd/eap.h b/contrib/hostapd/eap.h
deleted file mode 100644 (file)
index 1377191..0000000
+++ /dev/null
@@ -1,115 +0,0 @@
-/*
- * hostapd / EAP Standalone Authenticator state machine (RFC 4137)
- * Copyright (c) 2004-2005, Jouni Malinen <j@w1.fi>
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License version 2 as
- * published by the Free Software Foundation.
- *
- * Alternatively, this software may be distributed under the terms of BSD
- * license.
- *
- * See README and COPYING for more details.
- */
-
-#ifndef EAP_H
-#define EAP_H
-
-#include "defs.h"
-#include "eap_defs.h"
-#include "eap_methods.h"
-
-struct eap_sm;
-
-#define EAP_MAX_METHODS 8
-struct eap_user {
-       struct {
-               int vendor;
-               u32 method;
-       } methods[EAP_MAX_METHODS];
-       u8 *password;
-       size_t password_len;
-       int password_hash; /* whether password is hashed with
-                           * nt_password_hash() */
-       int phase2;
-       int force_version;
-};
-
-enum eapol_bool_var {
-       EAPOL_eapSuccess, EAPOL_eapRestart, EAPOL_eapFail, EAPOL_eapResp,
-       EAPOL_eapReq, EAPOL_eapNoReq, EAPOL_portEnabled, EAPOL_eapTimeout
-};
-
-struct eapol_callbacks {
-       Boolean (*get_bool)(void *ctx, enum eapol_bool_var variable);
-       void (*set_bool)(void *ctx, enum eapol_bool_var variable,
-                        Boolean value);
-       void (*set_eapReqData)(void *ctx, const u8 *eapReqData,
-                              size_t eapReqDataLen);
-       void (*set_eapKeyData)(void *ctx, const u8 *eapKeyData,
-                              size_t eapKeyDataLen);
-       int (*get_eap_user)(void *ctx, const u8 *identity, size_t identity_len,
-                           int phase2, struct eap_user *user);
-       const char * (*get_eap_req_id_text)(void *ctx, size_t *len);
-};
-
-struct eap_config {
-       void *ssl_ctx;
-       void *eap_sim_db_priv;
-       Boolean backend_auth;
-};
-
-
-#ifdef EAP_SERVER
-
-struct eap_sm * eap_sm_init(void *eapol_ctx, struct eapol_callbacks *eapol_cb,
-                           struct eap_config *eap_conf);
-void eap_sm_deinit(struct eap_sm *sm);
-int eap_sm_step(struct eap_sm *sm);
-void eap_set_eapRespData(struct eap_sm *sm, const u8 *eapRespData,
-                        size_t eapRespDataLen);
-void eap_sm_notify_cached(struct eap_sm *sm);
-void eap_sm_pending_cb(struct eap_sm *sm);
-int eap_sm_method_pending(struct eap_sm *sm);
-
-#else /* EAP_SERVER */
-
-static inline struct eap_sm * eap_sm_init(void *eapol_ctx,
-                                         struct eapol_callbacks *eapol_cb,
-                                         struct eap_config *eap_conf)
-{
-       return NULL;
-}
-
-static inline void eap_sm_deinit(struct eap_sm *sm)
-{
-}
-
-static inline int eap_sm_step(struct eap_sm *sm)
-{
-       return 0;
-}
-
-
-static inline void eap_set_eapRespData(struct eap_sm *sm,
-                                      const u8 *eapRespData,
-                                      size_t eapRespDataLen)
-{
-}
-
-static inline void eap_sm_notify_cached(struct eap_sm *sm)
-{
-}
-
-static inline void eap_sm_pending_cb(struct eap_sm *sm)
-{
-}
-
-static inline int eap_sm_method_pending(struct eap_sm *sm)
-{
-       return 0;
-}
-
-#endif /* EAP_SERVER */
-
-#endif /* EAP_H */
diff --git a/contrib/hostapd/eap_peap.c b/contrib/hostapd/eap_peap.c
deleted file mode 100644 (file)
index 6ea1f61..0000000
+++ /dev/null
@@ -1,731 +0,0 @@
-/*
- * hostapd / EAP-PEAP (draft-josefsson-pppext-eap-tls-eap-07.txt)
- * Copyright (c) 2004-2007, Jouni Malinen <j@w1.fi>
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License version 2 as
- * published by the Free Software Foundation.
- *
- * Alternatively, this software may be distributed under the terms of BSD
- * license.
- *
- * See README and COPYING for more details.
- */
-
-#include "includes.h"
-
-#include "hostapd.h"
-#include "common.h"
-#include "eap_i.h"
-#include "eap_tls_common.h"
-#include "tls.h"
-
-
-/* Maximum supported PEAP version
- * 0 = Microsoft's PEAP version 0; draft-kamath-pppext-peapv0-00.txt
- * 1 = draft-josefsson-ppext-eap-tls-eap-05.txt
- * 2 = draft-josefsson-ppext-eap-tls-eap-07.txt
- */
-#define EAP_PEAP_VERSION 1
-
-
-static void eap_peap_reset(struct eap_sm *sm, void *priv);
-
-
-struct eap_peap_data {
-       struct eap_ssl_data ssl;
-       enum {
-               START, PHASE1, PHASE2_START, PHASE2_ID, PHASE2_METHOD,
-               PHASE2_TLV, SUCCESS_REQ, FAILURE_REQ, SUCCESS, FAILURE
-       } state;
-
-       int peap_version;
-       const struct eap_method *phase2_method;
-       void *phase2_priv;
-       int force_version;
-};
-
-
-static const char * eap_peap_state_txt(int state)
-{
-       switch (state) {
-       case START:
-               return "START";
-       case PHASE1:
-               return "PHASE1";
-       case PHASE2_START:
-               return "PHASE2_START";
-       case PHASE2_ID:
-               return "PHASE2_ID";
-       case PHASE2_METHOD:
-               return "PHASE2_METHOD";
-       case PHASE2_TLV:
-               return "PHASE2_TLV";
-       case SUCCESS_REQ:
-               return "SUCCESS_REQ";
-       case FAILURE_REQ:
-               return "FAILURE_REQ";
-       case SUCCESS:
-               return "SUCCESS";
-       case FAILURE:
-               return "FAILURE";
-       default:
-               return "Unknown?!";
-       }
-}
-
-
-static void eap_peap_state(struct eap_peap_data *data, int state)
-{
-       wpa_printf(MSG_DEBUG, "EAP-PEAP: %s -> %s",
-                  eap_peap_state_txt(data->state),
-                  eap_peap_state_txt(state));
-       data->state = state;
-}
-
-
-static EapType eap_peap_req_success(struct eap_sm *sm,
-                                   struct eap_peap_data *data)
-{
-       if (data->state == FAILURE || data->state == FAILURE_REQ) {
-               eap_peap_state(data, FAILURE);
-               return EAP_TYPE_NONE;
-       }
-
-       if (data->peap_version == 0) {
-               sm->tlv_request = TLV_REQ_SUCCESS;
-               eap_peap_state(data, PHASE2_TLV);
-               return EAP_TYPE_TLV;
-       } else {
-               eap_peap_state(data, SUCCESS_REQ);
-               return EAP_TYPE_NONE;
-       }
-}
-
-
-static EapType eap_peap_req_failure(struct eap_sm *sm,
-                                   struct eap_peap_data *data)
-{
-       if (data->state == FAILURE || data->state == FAILURE_REQ ||
-           data->state == SUCCESS_REQ ||
-           (data->phase2_method &&
-            data->phase2_method->method == EAP_TYPE_TLV)) {
-               eap_peap_state(data, FAILURE);
-               return EAP_TYPE_NONE;
-       }
-
-       if (data->peap_version == 0) {
-               sm->tlv_request = TLV_REQ_FAILURE;
-               eap_peap_state(data, PHASE2_TLV);
-               return EAP_TYPE_TLV;
-       } else {
-               eap_peap_state(data, FAILURE_REQ);
-               return EAP_TYPE_NONE;
-       }
-}
-
-
-static void * eap_peap_init(struct eap_sm *sm)
-{
-       struct eap_peap_data *data;
-
-       data = wpa_zalloc(sizeof(*data));
-       if (data == NULL)
-               return NULL;
-       data->peap_version = EAP_PEAP_VERSION;
-       data->force_version = -1;
-       if (sm->user && sm->user->force_version >= 0) {
-               data->force_version = sm->user->force_version;
-               wpa_printf(MSG_DEBUG, "EAP-PEAP: forcing version %d",
-                          data->force_version);
-               data->peap_version = data->force_version;
-       }
-       data->state = START;
-
-       if (eap_tls_ssl_init(sm, &data->ssl, 0)) {
-               wpa_printf(MSG_INFO, "EAP-PEAP: Failed to initialize SSL.");
-               eap_peap_reset(sm, data);
-               return NULL;
-       }
-
-       return data;
-}
-
-
-static void eap_peap_reset(struct eap_sm *sm, void *priv)
-{
-       struct eap_peap_data *data = priv;
-       if (data == NULL)
-               return;
-       if (data->phase2_priv && data->phase2_method)
-               data->phase2_method->reset(sm, data->phase2_priv);
-       eap_tls_ssl_deinit(sm, &data->ssl);
-       free(data);
-}
-
-
-static u8 * eap_peap_build_start(struct eap_sm *sm, struct eap_peap_data *data,
-                                int id, size_t *reqDataLen)
-{
-       struct eap_hdr *req;
-       u8 *pos;
-
-       *reqDataLen = sizeof(*req) + 2;
-       req = malloc(*reqDataLen);
-       if (req == NULL) {
-               wpa_printf(MSG_ERROR, "EAP-PEAP: Failed to allocate memory for"
-                          " request");
-               eap_peap_state(data, FAILURE);
-               return NULL;
-       }
-
-       req->code = EAP_CODE_REQUEST;
-       req->identifier = id;
-       req->length = htons(*reqDataLen);
-       pos = (u8 *) (req + 1);
-       *pos++ = EAP_TYPE_PEAP;
-       *pos = EAP_TLS_FLAGS_START | data->peap_version;
-
-       eap_peap_state(data, PHASE1);
-
-       return (u8 *) req;
-}
-
-
-static u8 * eap_peap_build_req(struct eap_sm *sm, struct eap_peap_data *data,
-                              int id, size_t *reqDataLen)
-{
-       int res;
-       u8 *req;
-
-       res = eap_tls_buildReq_helper(sm, &data->ssl, EAP_TYPE_PEAP,
-                                     data->peap_version, id, &req,
-                                     reqDataLen);
-
-       if (tls_connection_established(sm->ssl_ctx, data->ssl.conn)) {
-               wpa_printf(MSG_DEBUG, "EAP-PEAP: Phase1 done, starting "
-                          "Phase2");
-               eap_peap_state(data, PHASE2_START);
-       }
-
-       if (res == 1)
-               return eap_tls_build_ack(reqDataLen, id, EAP_TYPE_PEAP,
-                                        data->peap_version);
-       return req;
-}
-
-
-static u8 * eap_peap_encrypt(struct eap_sm *sm, struct eap_peap_data *data,
-                            int id, u8 *plain, size_t plain_len,
-                            size_t *out_len)
-{
-       int res;
-       u8 *pos;
-       struct eap_hdr *req;
-
-       /* TODO: add support for fragmentation, if needed. This will need to
-        * add TLS Message Length field, if the frame is fragmented. */
-       req = malloc(sizeof(struct eap_hdr) + 2 + data->ssl.tls_out_limit);
-       if (req == NULL)
-               return NULL;
-
-       req->code = EAP_CODE_REQUEST;
-       req->identifier = id;
-
-       pos = (u8 *) (req + 1);
-       *pos++ = EAP_TYPE_PEAP;
-       *pos++ = data->peap_version;
-
-       res = tls_connection_encrypt(sm->ssl_ctx, data->ssl.conn,
-                                    plain, plain_len,
-                                    pos, data->ssl.tls_out_limit);
-       if (res < 0) {
-               wpa_printf(MSG_INFO, "EAP-PEAP: Failed to encrypt Phase 2 "
-                          "data");
-               free(req);
-               return NULL;
-       }
-
-       *out_len = sizeof(struct eap_hdr) + 2 + res;
-       req->length = host_to_be16(*out_len);
-       return (u8 *) req;
-}
-
-
-static u8 * eap_peap_build_phase2_req(struct eap_sm *sm,
-                                     struct eap_peap_data *data,
-                                     int id, size_t *reqDataLen)
-{
-       u8 *req, *buf, *encr_req;
-       size_t req_len;
-
-       buf = req = data->phase2_method->buildReq(sm, data->phase2_priv, id,
-                                                 &req_len);
-       if (req == NULL)
-               return NULL;
-
-       wpa_hexdump_key(MSG_DEBUG, "EAP-PEAP: Encrypting Phase 2 data",
-                       req, req_len);
-
-       if (data->peap_version == 0 &&
-           data->phase2_method->method != EAP_TYPE_TLV) {
-               req += sizeof(struct eap_hdr);
-               req_len -= sizeof(struct eap_hdr);
-       }
-
-       encr_req = eap_peap_encrypt(sm, data, id, req, req_len, reqDataLen);
-       free(buf);
-
-       return encr_req;
-}
-
-
-static u8 * eap_peap_build_phase2_term(struct eap_sm *sm,
-                                      struct eap_peap_data *data,
-                                      int id, size_t *reqDataLen, int success)
-{
-       u8 *encr_req;
-       size_t req_len;
-       struct eap_hdr *hdr;
-
-       req_len = sizeof(*hdr);
-       hdr = wpa_zalloc(req_len);
-       if (hdr == NULL)
-               return NULL;
-
-       hdr->code = success ? EAP_CODE_SUCCESS : EAP_CODE_FAILURE;
-       hdr->identifier = id;
-       hdr->length = htons(req_len);
-
-       wpa_hexdump_key(MSG_DEBUG, "EAP-PEAP: Encrypting Phase 2 data",
-                       (u8 *) hdr, req_len);
-
-       encr_req = eap_peap_encrypt(sm, data, id, (u8 *) hdr, req_len,
-                                   reqDataLen);
-       free(hdr);
-
-       return encr_req;
-}
-
-
-static u8 * eap_peap_buildReq(struct eap_sm *sm, void *priv, int id,
-                             size_t *reqDataLen)
-{
-       struct eap_peap_data *data = priv;
-
-       switch (data->state) {
-       case START:
-               return eap_peap_build_start(sm, data, id, reqDataLen);
-       case PHASE1:
-               return eap_peap_build_req(sm, data, id, reqDataLen);
-       case PHASE2_ID:
-       case PHASE2_METHOD:
-       case PHASE2_TLV:
-               return eap_peap_build_phase2_req(sm, data, id, reqDataLen);
-       case SUCCESS_REQ:
-               return eap_peap_build_phase2_term(sm, data, id, reqDataLen, 1);
-       case FAILURE_REQ:
-               return eap_peap_build_phase2_term(sm, data, id, reqDataLen, 0);
-       default:
-               wpa_printf(MSG_DEBUG, "EAP-PEAP: %s - unexpected state %d",
-                          __func__, data->state);
-               return NULL;
-       }
-}
-
-
-static Boolean eap_peap_check(struct eap_sm *sm, void *priv,
-                             u8 *respData, size_t respDataLen)
-{
-       struct eap_hdr *resp;
-       u8 *pos;
-
-       resp = (struct eap_hdr *) respData;
-       pos = (u8 *) (resp + 1);
-       if (respDataLen < sizeof(*resp) + 2 || *pos != EAP_TYPE_PEAP ||
-           (ntohs(resp->length)) > respDataLen) {
-               wpa_printf(MSG_INFO, "EAP-PEAP: Invalid frame");
-               return TRUE;
-       }
-
-       return FALSE;
-}
-
-
-static int eap_peap_phase2_init(struct eap_sm *sm, struct eap_peap_data *data,
-                               EapType eap_type)
-{
-       if (data->phase2_priv && data->phase2_method) {
-               data->phase2_method->reset(sm, data->phase2_priv);
-               data->phase2_method = NULL;
-               data->phase2_priv = NULL;
-       }
-       data->phase2_method = eap_sm_get_eap_methods(EAP_VENDOR_IETF,
-                                                    eap_type);
-       if (!data->phase2_method)
-               return -1;
-
-       sm->init_phase2 = 1;
-       data->phase2_priv = data->phase2_method->init(sm);
-       sm->init_phase2 = 0;
-       return 0;
-}
-
-
-static void eap_peap_process_phase2_response(struct eap_sm *sm,
-                                            struct eap_peap_data *data,
-                                            u8 *in_data, size_t in_len)
-{
-       u8 next_type = EAP_TYPE_NONE;
-       struct eap_hdr *hdr;
-       u8 *pos;
-       size_t left;
-
-       if (data->phase2_priv == NULL) {
-               wpa_printf(MSG_DEBUG, "EAP-PEAP: %s - Phase2 not "
-                          "initialized?!", __func__);
-               return;
-       }
-
-       hdr = (struct eap_hdr *) in_data;
-       pos = (u8 *) (hdr + 1);
-
-       if (in_len > sizeof(*hdr) && *pos == EAP_TYPE_NAK) {
-               left = in_len - sizeof(*hdr);
-               wpa_hexdump(MSG_DEBUG, "EAP-PEAP: Phase2 type Nak'ed; "
-                           "allowed types", pos + 1, left - 1);
-               eap_sm_process_nak(sm, pos + 1, left - 1);
-               if (sm->user && sm->user_eap_method_index < EAP_MAX_METHODS &&
-                   sm->user->methods[sm->user_eap_method_index].method !=
-                   EAP_TYPE_NONE) {
-                       next_type = sm->user->methods[
-                               sm->user_eap_method_index++].method;
-                       wpa_printf(MSG_DEBUG, "EAP-PEAP: try EAP type %d",
-                                  next_type);
-               } else {
-                       next_type = eap_peap_req_failure(sm, data);
-               }
-               eap_peap_phase2_init(sm, data, next_type);
-               return;
-       }
-
-       if (data->phase2_method->check(sm, data->phase2_priv, in_data,
-                                      in_len)) {
-               wpa_printf(MSG_DEBUG, "EAP-PEAP: Phase2 check() asked to "
-                          "ignore the packet");
-               return;
-       }
-
-       data->phase2_method->process(sm, data->phase2_priv, in_data, in_len);
-
-       if (!data->phase2_method->isDone(sm, data->phase2_priv))
-               return;
-
-
-       if (!data->phase2_method->isSuccess(sm, data->phase2_priv)) {
-               wpa_printf(MSG_DEBUG, "EAP-PEAP: Phase2 method failed");
-               next_type = eap_peap_req_failure(sm, data);
-               eap_peap_phase2_init(sm, data, next_type);
-               return;
-       }
-
-       switch (data->state) {
-       case PHASE2_ID:
-               if (eap_user_get(sm, sm->identity, sm->identity_len, 1) != 0) {
-                       wpa_hexdump_ascii(MSG_DEBUG, "EAP_PEAP: Phase2 "
-                                         "Identity not found in the user "
-                                         "database",
-                                         sm->identity, sm->identity_len);
-                       next_type = eap_peap_req_failure(sm, data);
-                       break;
-               }
-
-               eap_peap_state(data, PHASE2_METHOD);
-               next_type = sm->user->methods[0].method;
-               sm->user_eap_method_index = 1;
-               wpa_printf(MSG_DEBUG, "EAP-PEAP: try EAP type %d", next_type);
-               break;
-       case PHASE2_METHOD:
-               next_type = eap_peap_req_success(sm, data);
-               break;
-       case PHASE2_TLV:
-               if (sm->tlv_request == TLV_REQ_SUCCESS ||
-                   data->state == SUCCESS_REQ) {
-                       eap_peap_state(data, SUCCESS);
-               } else {
-                       eap_peap_state(data, FAILURE);
-               }
-               break;
-       case FAILURE:
-               break;
-       default:
-               wpa_printf(MSG_DEBUG, "EAP-PEAP: %s - unexpected state %d",
-                          __func__, data->state);
-               break;
-       }
-
-       eap_peap_phase2_init(sm, data, next_type);
-}
-
-
-static void eap_peap_process_phase2(struct eap_sm *sm,
-                                   struct eap_peap_data *data,
-                                   struct eap_hdr *resp,
-                                   u8 *in_data, size_t in_len)
-{
-       u8 *in_decrypted;
-       int len_decrypted, len, res;
-       struct eap_hdr *hdr;
-       size_t buf_len;
-
-       wpa_printf(MSG_DEBUG, "EAP-PEAP: received %lu bytes encrypted data for"
-                  " Phase 2", (unsigned long) in_len);
-
-       res = eap_tls_data_reassemble(sm, &data->ssl, &in_data, &in_len);
-       if (res < 0 || res == 1)
-               return;
-
-       buf_len = in_len;
-       if (data->ssl.tls_in_total > buf_len)
-               buf_len = data->ssl.tls_in_total;
-       in_decrypted = malloc(buf_len);
-       if (in_decrypted == NULL) {
-               free(data->ssl.tls_in);
-               data->ssl.tls_in = NULL;
-               data->ssl.tls_in_len = 0;
-               wpa_printf(MSG_WARNING, "EAP-PEAP: failed to allocate memory "
-                          "for decryption");
-               return;
-       }
-
-       len_decrypted = tls_connection_decrypt(sm->ssl_ctx, data->ssl.conn,
-                                              in_data, in_len,
-                                              in_decrypted, buf_len);
-       free(data->ssl.tls_in);
-       data->ssl.tls_in = NULL;
-       data->ssl.tls_in_len = 0;
-       if (len_decrypted < 0) {
-               wpa_printf(MSG_INFO, "EAP-PEAP: Failed to decrypt Phase 2 "
-                          "data");
-               free(in_decrypted);
-               eap_peap_state(data, FAILURE);
-               return;
-       }
-
-       wpa_hexdump_key(MSG_DEBUG, "EAP-PEAP: Decrypted Phase 2 EAP",
-                       in_decrypted, len_decrypted);
-
-       hdr = (struct eap_hdr *) in_decrypted;
-
-       if (data->peap_version == 0 && data->state != PHASE2_TLV) {
-               struct eap_hdr *nhdr = malloc(sizeof(struct eap_hdr) +
-                                             len_decrypted);
-               if (nhdr == NULL) {
-                       free(in_decrypted);
-                       return;
-               }
-               memcpy((u8 *) (nhdr + 1), in_decrypted, len_decrypted);
-               free(in_decrypted);
-               nhdr->code = resp->code;
-               nhdr->identifier = resp->identifier;
-               nhdr->length = host_to_be16(sizeof(struct eap_hdr) +
-                                           len_decrypted);
-
-               len_decrypted += sizeof(struct eap_hdr);
-               in_decrypted = (u8 *) nhdr;
-       }
-       hdr = (struct eap_hdr *) in_decrypted;
-       if (len_decrypted < (int) sizeof(*hdr)) {
-               free(in_decrypted);
-               wpa_printf(MSG_INFO, "EAP-PEAP: Too short Phase 2 "
-                          "EAP frame (len=%d)", len_decrypted);
-               eap_peap_req_failure(sm, data);
-               return;
-       }
-       len = be_to_host16(hdr->length);
-       if (len > len_decrypted) {
-               free(in_decrypted);
-               wpa_printf(MSG_INFO, "EAP-PEAP: Length mismatch in "
-                          "Phase 2 EAP frame (len=%d hdr->length=%d)",
-                          len_decrypted, len);
-               eap_peap_req_failure(sm, data);
-               return;
-       }
-       wpa_printf(MSG_DEBUG, "EAP-PEAP: received Phase 2: code=%d "
-                  "identifier=%d length=%d", hdr->code, hdr->identifier, len);
-       switch (hdr->code) {
-       case EAP_CODE_RESPONSE:
-               eap_peap_process_phase2_response(sm, data, (u8 *) hdr, len);
-               break;
-       case EAP_CODE_SUCCESS:
-               wpa_printf(MSG_DEBUG, "EAP-PEAP: Phase 2 Success");
-               if (data->state == SUCCESS_REQ) {
-                       eap_peap_state(data, SUCCESS);
-               }
-               break;
-       case EAP_CODE_FAILURE:
-               wpa_printf(MSG_DEBUG, "EAP-PEAP: Phase 2 Failure");
-               eap_peap_state(data, FAILURE);
-               break;
-       default:
-               wpa_printf(MSG_INFO, "EAP-PEAP: Unexpected code=%d in "
-                          "Phase 2 EAP header", hdr->code);
-               break;
-       }
-
-       free(in_decrypted);
- }
-
-
-static void eap_peap_process(struct eap_sm *sm, void *priv,
-                            u8 *respData, size_t respDataLen)
-{
-       struct eap_peap_data *data = priv;
-       struct eap_hdr *resp;
-       u8 *pos, flags;
-       int left;
-       unsigned int tls_msg_len;
-       int peer_version;
-
-       resp = (struct eap_hdr *) respData;
-       pos = (u8 *) (resp + 1);
-       pos++;
-       flags = *pos++;
-       left = htons(resp->length) - sizeof(struct eap_hdr) - 2;
-       wpa_printf(MSG_DEBUG, "EAP-PEAP: Received packet(len=%lu) - "
-                  "Flags 0x%02x", (unsigned long) respDataLen, flags);
-       peer_version = flags & EAP_PEAP_VERSION_MASK;
-       if (data->force_version >= 0 && peer_version != data->force_version) {
-               wpa_printf(MSG_INFO, "EAP-PEAP: peer did not select the forced"
-                          " version (forced=%d peer=%d) - reject",
-                          data->force_version, peer_version);
-               eap_peap_state(data, FAILURE);
-               return;
-       }
-       if (peer_version < data->peap_version) {
-               wpa_printf(MSG_DEBUG, "EAP-PEAP: peer ver=%d, own ver=%d; "
-                          "use version %d",
-                          peer_version, data->peap_version, peer_version);
-               data->peap_version = peer_version;
-       }
-       if (flags & EAP_TLS_FLAGS_LENGTH_INCLUDED) {
-               if (left < 4) {
-                       wpa_printf(MSG_INFO, "EAP-PEAP: Short frame with TLS "
-                                  "length");
-                       eap_peap_state(data, FAILURE);
-                       return;
-               }
-               tls_msg_len = (pos[0] << 24) | (pos[1] << 16) | (pos[2] << 8) |
-                       pos[3];
-               wpa_printf(MSG_DEBUG, "EAP-PEAP: TLS Message Length: %d",
-                          tls_msg_len);
-               if (data->ssl.tls_in_left == 0) {
-                       data->ssl.tls_in_total = tls_msg_len;
-                       data->ssl.tls_in_left = tls_msg_len;
-                       free(data->ssl.tls_in);
-                       data->ssl.tls_in = NULL;
-                       data->ssl.tls_in_len = 0;
-               }
-               pos += 4;
-               left -= 4;
-       }
-
-       switch (data->state) {
-       case PHASE1:
-               if (eap_tls_process_helper(sm, &data->ssl, pos, left) < 0) {
-                       wpa_printf(MSG_INFO, "EAP-PEAP: TLS processing "
-                                  "failed");
-                       eap_peap_state(data, FAILURE);
-               }
-               break;
-       case PHASE2_START:
-               eap_peap_state(data, PHASE2_ID);
-               eap_peap_phase2_init(sm, data, EAP_TYPE_IDENTITY);
-               break;
-       case PHASE2_ID:
-       case PHASE2_METHOD:
-       case PHASE2_TLV:
-               eap_peap_process_phase2(sm, data, resp, pos, left);
-               break;
-       case SUCCESS_REQ:
-               eap_peap_state(data, SUCCESS);
-               break;
-       case FAILURE_REQ:
-               eap_peap_state(data, FAILURE);
-               break;
-       default:
-               wpa_printf(MSG_DEBUG, "EAP-PEAP: Unexpected state %d in %s",
-                          data->state, __func__);
-               break;
-       }
-
-       if (tls_connection_get_write_alerts(sm->ssl_ctx, data->ssl.conn) > 1) {
-               wpa_printf(MSG_INFO, "EAP-PEAP: Locally detected fatal error "
-                          "in TLS processing");
-               eap_peap_state(data, FAILURE);
-       }
-}
-
-
-static Boolean eap_peap_isDone(struct eap_sm *sm, void *priv)
-{
-       struct eap_peap_data *data = priv;
-       return data->state == SUCCESS || data->state == FAILURE;
-}
-
-
-static u8 * eap_peap_getKey(struct eap_sm *sm, void *priv, size_t *len)
-{
-       struct eap_peap_data *data = priv;
-       u8 *eapKeyData;
-
-       if (data->state != SUCCESS)
-               return NULL;
-
-       /* TODO: PEAPv1 - different label in some cases */
-       eapKeyData = eap_tls_derive_key(sm, &data->ssl,
-                                       "client EAP encryption",
-                                       EAP_TLS_KEY_LEN);
-       if (eapKeyData) {
-               *len = EAP_TLS_KEY_LEN;
-               wpa_hexdump(MSG_DEBUG, "EAP-PEAP: Derived key",
-                           eapKeyData, EAP_TLS_KEY_LEN);
-       } else {
-               wpa_printf(MSG_DEBUG, "EAP-PEAP: Failed to derive key");
-       }
-
-       return eapKeyData;
-}
-
-
-static Boolean eap_peap_isSuccess(struct eap_sm *sm, void *priv)
-{
-       struct eap_peap_data *data = priv;
-       return data->state == SUCCESS;
-}
-
-
-int eap_server_peap_register(void)
-{
-       struct eap_method *eap;
-       int ret;
-
-       eap = eap_server_method_alloc(EAP_SERVER_METHOD_INTERFACE_VERSION,
-                                     EAP_VENDOR_IETF, EAP_TYPE_PEAP, "PEAP");
-       if (eap == NULL)
-               return -1;
-
-       eap->init = eap_peap_init;
-       eap->reset = eap_peap_reset;
-       eap->buildReq = eap_peap_buildReq;
-       eap->check = eap_peap_check;
-       eap->process = eap_peap_process;
-       eap->isDone = eap_peap_isDone;
-       eap->getKey = eap_peap_getKey;
-       eap->isSuccess = eap_peap_isSuccess;
-
-       ret = eap_server_method_register(eap);
-       if (ret)
-               eap_server_method_free(eap);
-       return ret;
-}
diff --git a/contrib/hostapd/eap_tls_common.c b/contrib/hostapd/eap_tls_common.c
deleted file mode 100644 (file)
index 2a089d4..0000000
+++ /dev/null
@@ -1,296 +0,0 @@
-/*
- * hostapd / EAP-TLS/PEAP/TTLS common functions
- * Copyright (c) 2004-2006, Jouni Malinen <j@w1.fi>
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License version 2 as
- * published by the Free Software Foundation.
- *
- * Alternatively, this software may be distributed under the terms of BSD
- * license.
- *
- * See README and COPYING for more details.
- */
-
-#include "includes.h"
-
-#include "hostapd.h"
-#include "common.h"
-#include "eap_i.h"
-#include "eap_tls_common.h"
-#include "sha1.h"
-#include "tls.h"
-
-
-int eap_tls_ssl_init(struct eap_sm *sm, struct eap_ssl_data *data,
-                    int verify_peer)
-{
-       data->eap = sm;
-       data->phase2 = sm->init_phase2;
-
-       data->conn = tls_connection_init(sm->ssl_ctx);
-       if (data->conn == NULL) {
-               wpa_printf(MSG_INFO, "SSL: Failed to initialize new TLS "
-                          "connection");
-               return -1;
-       }
-
-       if (tls_connection_set_verify(sm->ssl_ctx, data->conn, verify_peer)) {
-               wpa_printf(MSG_INFO, "SSL: Failed to configure verification "
-                          "of TLS peer certificate");
-               tls_connection_deinit(sm->ssl_ctx, data->conn);
-               data->conn = NULL;
-               return -1;
-       }
-
-       /* TODO: make this configurable */
-       data->tls_out_limit = 1398;
-       if (data->phase2) {
-               /* Limit the fragment size in the inner TLS authentication
-                * since the outer authentication with EAP-PEAP does not yet
-                * support fragmentation */
-               if (data->tls_out_limit > 100)
-                       data->tls_out_limit -= 100;
-       }
-       return 0;
-}
-
-
-void eap_tls_ssl_deinit(struct eap_sm *sm, struct eap_ssl_data *data)
-{
-       tls_connection_deinit(sm->ssl_ctx, data->conn);
-       free(data->tls_in);
-       free(data->tls_out);
-}
-
-
-u8 * eap_tls_derive_key(struct eap_sm *sm, struct eap_ssl_data *data,
-                       char *label, size_t len)
-{
-       struct tls_keys keys;
-       u8 *rnd = NULL, *out;
-
-       out = malloc(len);
-       if (out == NULL)
-               return NULL;
-
-       if (tls_connection_prf(sm->ssl_ctx, data->conn, label, 0, out, len) ==
-           0)
-               return out;
-
-       if (tls_connection_get_keys(sm->ssl_ctx, data->conn, &keys))
-               goto fail;
-
-       if (keys.client_random == NULL || keys.server_random == NULL ||
-           keys.master_key == NULL)
-               goto fail;
-
-       rnd = malloc(keys.client_random_len + keys.server_random_len);
-       if (rnd == NULL)
-               goto fail;
-       memcpy(rnd, keys.client_random, keys.client_random_len);
-       memcpy(rnd + keys.client_random_len, keys.server_random,
-              keys.server_random_len);
-
-       if (tls_prf(keys.master_key, keys.master_key_len,
-                   label, rnd, keys.client_random_len +
-                   keys.server_random_len, out, len))
-               goto fail;
-
-       free(rnd);
-       return out;
-
-fail:
-       free(out);
-       free(rnd);
-       return NULL;
-}
-
-
-int eap_tls_data_reassemble(struct eap_sm *sm, struct eap_ssl_data *data,
-                           u8 **in_data, size_t *in_len)
-{
-       u8 *buf;
-
-       if (data->tls_in_left > *in_len || data->tls_in) {
-               if (data->tls_in_len + *in_len > 65536) {
-                       /* Limit length to avoid rogue peers from causing large
-                        * memory allocations. */
-                       free(data->tls_in);
-                       data->tls_in = NULL;
-                       data->tls_in_len = 0;
-                       wpa_printf(MSG_INFO, "SSL: Too long TLS fragment (size"
-                                  " over 64 kB)");
-                       return -1;
-               }
-               buf = realloc(data->tls_in, data->tls_in_len + *in_len);
-               if (buf == NULL) {
-                       free(data->tls_in);
-                       data->tls_in = NULL;
-                       data->tls_in_len = 0;
-                       wpa_printf(MSG_INFO, "SSL: Could not allocate memory "
-                                  "for TLS data");
-                       return -1;
-               }
-               memcpy(buf + data->tls_in_len, *in_data, *in_len);
-               data->tls_in = buf;
-               data->tls_in_len += *in_len;
-               if (*in_len > data->tls_in_left) {
-                       wpa_printf(MSG_INFO, "SSL: more data than TLS message "
-                                  "length indicated");
-                       data->tls_in_left = 0;
-                       return -1;
-               }
-               data->tls_in_left -= *in_len;
-               if (data->tls_in_left > 0) {
-                       wpa_printf(MSG_DEBUG, "SSL: Need %lu bytes more input "
-                                  "data", (unsigned long) data->tls_in_left);
-                       return 1;
-               }
-
-               *in_data = data->tls_in;
-               *in_len = data->tls_in_len;
-       } else
-               data->tls_in_left = 0;
-
-       return 0;
-}
-
-
-int eap_tls_process_helper(struct eap_sm *sm, struct eap_ssl_data *data,
-                          u8 *in_data, size_t in_len)
-{
-       WPA_ASSERT(data->tls_out_len == 0 || in_len == 0);
-
-       if (data->tls_out_len == 0) {
-               /* No more data to send out - expect to receive more data from
-                * the peer. */
-               int res = eap_tls_data_reassemble(sm, data, &in_data, &in_len);
-               if (res < 0 || res == 1) {
-                       wpa_printf(MSG_DEBUG, "SSL: data reassembly failed");
-                       return res;
-               }
-               /* Full TLS message reassembled - continue handshake processing
-                */
-               if (data->tls_out) {
-                       /* This should not happen.. */
-                       wpa_printf(MSG_INFO, "SSL: eap_tls_process_helper - "
-                                  "pending tls_out data even though "
-                                  "tls_out_len = 0");
-                       free(data->tls_out);
-                       WPA_ASSERT(data->tls_out == NULL);
-               }
-               data->tls_out = tls_connection_server_handshake(
-                       sm->ssl_ctx, data->conn, in_data, in_len,
-                       &data->tls_out_len);
-
-               /* Clear reassembled input data (if the buffer was needed). */
-               data->tls_in_left = data->tls_in_total = data->tls_in_len = 0;
-               free(data->tls_in);
-               data->tls_in = NULL;
-       }
-
-       if (data->tls_out == NULL) {
-               wpa_printf(MSG_DEBUG, "SSL: failed to generate output data");
-               data->tls_out_len = 0;
-               return -1;
-       }
-       if (data->tls_out_len == 0) {
-               /* TLS negotiation should now be complete since all other cases
-                * needing more that should have been catched above based on
-                * the TLS Message Length field. */
-               wpa_printf(MSG_DEBUG, "SSL: No data to be sent out");
-               free(data->tls_out);
-               data->tls_out = NULL;
-
-               if (tls_connection_get_read_alerts(sm->ssl_ctx, data->conn)) {
-                       wpa_printf(MSG_DEBUG, "SSL: Remote end sent a fatal "
-                                  "alert - abort handshake");
-                       return -1;
-               }
-
-               return 1;
-       }
-
-       wpa_printf(MSG_DEBUG, "SSL: %lu bytes left to be sent out (of total "
-                  "%lu bytes)",
-                  (unsigned long) data->tls_out_len - data->tls_out_pos,
-                  (unsigned long) data->tls_out_len);
-
-       return 0;
-}
-
-
-int eap_tls_buildReq_helper(struct eap_sm *sm, struct eap_ssl_data *data,
-                           int eap_type, int peap_version, u8 id,
-                           u8 **out_data, size_t *out_len)
-{
-       size_t len;
-       u8 *pos, *flags;
-       struct eap_hdr *req;
-
-       *out_len = 0;
-
-       req = malloc(sizeof(struct eap_hdr) + 2 + 4 + data->tls_out_limit);
-       if (req == NULL) {
-               *out_data = NULL;
-               return -1;
-       }
-       req->code = EAP_CODE_REQUEST;
-       req->identifier = id;
-       pos = (u8 *) (req + 1);
-       *pos++ = eap_type;
-       flags = pos++;
-       *flags = peap_version;
-       if (data->tls_out_pos == 0 &&
-           data->tls_out_len > data->tls_out_limit) {
-               *flags |= EAP_TLS_FLAGS_LENGTH_INCLUDED;
-               *pos++ = (data->tls_out_len >> 24) & 0xff;
-               *pos++ = (data->tls_out_len >> 16) & 0xff;
-               *pos++ = (data->tls_out_len >> 8) & 0xff;
-               *pos++ = data->tls_out_len & 0xff;
-       }
-
-       len = data->tls_out_len - data->tls_out_pos;
-       if (len > data->tls_out_limit) {
-               *flags |= EAP_TLS_FLAGS_MORE_FRAGMENTS;
-               len = data->tls_out_limit;
-               wpa_printf(MSG_DEBUG, "SSL: sending %lu bytes, more fragments "
-                          "will follow", (unsigned long) len);
-       }
-       memcpy(pos, &data->tls_out[data->tls_out_pos], len);
-       data->tls_out_pos += len;
-       *out_len = (pos - (u8 *) req) + len;
-       req->length = htons(*out_len);
-       *out_data = (u8 *) req;
-
-       if (!(*flags & EAP_TLS_FLAGS_MORE_FRAGMENTS)) {
-               data->tls_out_len = 0;
-               data->tls_out_pos = 0;
-               free(data->tls_out);
-               data->tls_out = NULL;
-       }
-
-       return 0;
-}
-
-
-u8 * eap_tls_build_ack(size_t *reqDataLen, u8 id, int eap_type,
-                      int peap_version)
-{
-       struct eap_hdr *req;
-       u8 *pos;
-
-       *reqDataLen = sizeof(struct eap_hdr) + 2;
-       req = malloc(*reqDataLen);
-       if (req == NULL)
-               return NULL;
-       wpa_printf(MSG_DEBUG, "SSL: Building ACK");
-       req->code = EAP_CODE_REQUEST;
-       req->identifier = id;
-       req->length = htons(*reqDataLen);
-       pos = (u8 *) (req + 1);
-       *pos++ = eap_type; /* Type */
-       *pos = peap_version; /* Flags */
-       return (u8 *) req;
-}
diff --git a/contrib/hostapd/eap_tls_common.h b/contrib/hostapd/eap_tls_common.h
deleted file mode 100644 (file)
index 6c9d696..0000000
+++ /dev/null
@@ -1,61 +0,0 @@
-/*
- * hostapd / EAP-TLS/PEAP/TTLS common functions
- * Copyright (c) 2004-2005, Jouni Malinen <j@w1.fi>
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License version 2 as
- * published by the Free Software Foundation.
- *
- * Alternatively, this software may be distributed under the terms of BSD
- * license.
- *
- * See README and COPYING for more details.
- */
-
-#ifndef EAP_TLS_COMMON_H
-#define EAP_TLS_COMMON_H
-
-struct eap_ssl_data {
-       struct tls_connection *conn;
-
-       u8 *tls_out;
-       size_t tls_out_len;
-       size_t tls_out_pos;
-       size_t tls_out_limit;
-       u8 *tls_in;
-       size_t tls_in_len;
-       size_t tls_in_left;
-       size_t tls_in_total;
-
-       int phase2;
-
-       struct eap_sm *eap;
-};
-
-
-/* EAP TLS Flags */
-#define EAP_TLS_FLAGS_LENGTH_INCLUDED 0x80
-#define EAP_TLS_FLAGS_MORE_FRAGMENTS 0x40
-#define EAP_TLS_FLAGS_START 0x20
-#define EAP_PEAP_VERSION_MASK 0x07
-
- /* could be up to 128 bytes, but only the first 64 bytes are used */
-#define EAP_TLS_KEY_LEN 64
-
-
-int eap_tls_ssl_init(struct eap_sm *sm, struct eap_ssl_data *data,
-                    int verify_peer);
-void eap_tls_ssl_deinit(struct eap_sm *sm, struct eap_ssl_data *data);
-u8 * eap_tls_derive_key(struct eap_sm *sm, struct eap_ssl_data *data,
-                       char *label, size_t len);
-int eap_tls_data_reassemble(struct eap_sm *sm, struct eap_ssl_data *data,
-                           u8 **in_data, size_t *in_len);
-int eap_tls_process_helper(struct eap_sm *sm, struct eap_ssl_data *data,
-                          u8 *in_data, size_t in_len);
-int eap_tls_buildReq_helper(struct eap_sm *sm, struct eap_ssl_data *data,
-                           int eap_type, int peap_version, u8 id,
-                           u8 **out_data, size_t *out_len);
-u8 * eap_tls_build_ack(size_t *reqDataLen, u8 id, int eap_type,
-                      int peap_version);
-
-#endif /* EAP_TLS_COMMON_H */
diff --git a/contrib/hostapd/eap_tlv.c b/contrib/hostapd/eap_tlv.c
deleted file mode 100644 (file)
index b48e186..0000000
+++ /dev/null
@@ -1,252 +0,0 @@
-/*
- * hostapd / EAP-TLV (draft-josefsson-pppext-eap-tls-eap-07.txt)
- * Copyright (c) 2004-2007, Jouni Malinen <j@w1.fi>
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License version 2 as
- * published by the Free Software Foundation.
- *
- * Alternatively, this software may be distributed under the terms of BSD
- * license.
- *
- * See README and COPYING for more details.
- */
-
-#include "includes.h"
-
-#include "hostapd.h"
-#include "common.h"
-#include "eap_i.h"
-
-
-/* EAP-TLV TLVs (draft-josefsson-ppext-eap-tls-eap-07.txt) */
-#define EAP_TLV_RESULT_TLV 3 /* Acknowledged Result */
-#define EAP_TLV_NAK_TLV 4
-#define EAP_TLV_CRYPTO_BINDING_TLV 5
-#define EAP_TLV_CONNECTION_BINDING_TLV 6
-#define EAP_TLV_VENDOR_SPECIFIC_TLV 7
-#define EAP_TLV_URI_TLV 8
-#define EAP_TLV_EAP_PAYLOAD_TLV 9
-#define EAP_TLV_INTERMEDIATE_RESULT_TLV 10
-
-#define EAP_TLV_RESULT_SUCCESS 1
-#define EAP_TLV_RESULT_FAILURE 2
-
-
-struct eap_tlv_data {
-       enum { CONTINUE, SUCCESS, FAILURE } state;
-};
-
-
-static void * eap_tlv_init(struct eap_sm *sm)
-{
-       struct eap_tlv_data *data;
-
-       data = wpa_zalloc(sizeof(*data));
-       if (data == NULL)
-               return NULL;
-       data->state = CONTINUE;
-
-       return data;
-}
-
-
-static void eap_tlv_reset(struct eap_sm *sm, void *priv)
-{
-       struct eap_tlv_data *data = priv;
-       free(data);
-}
-
-
-static u8 * eap_tlv_buildReq(struct eap_sm *sm, void *priv, int id,
-                            size_t *reqDataLen)
-{
-       struct eap_hdr *req;
-       u8 *pos;
-       u16 status;
-
-       if (sm->tlv_request == TLV_REQ_SUCCESS) {
-               status = EAP_TLV_RESULT_SUCCESS;
-       } else {
-               status = EAP_TLV_RESULT_FAILURE;
-       }
-
-       *reqDataLen = sizeof(struct eap_hdr) + 1 + 6;
-       req = malloc(*reqDataLen);
-       if (req == NULL)
-               return NULL;
-
-       req->code = EAP_CODE_REQUEST;
-       req->identifier = id;
-       req->length = host_to_be16(*reqDataLen);
-       pos = (u8 *) (req + 1);
-       *pos++ = EAP_TYPE_TLV;
-       *pos++ = 0x80; /* Mandatory */
-       *pos++ = EAP_TLV_RESULT_TLV;
-       /* Length */
-       *pos++ = 0;
-       *pos++ = 2;
-       /* Status */
-       *pos++ = status >> 8;
-       *pos++ = status & 0xff;
-
-       return (u8 *) req;
-}
-
-
-static Boolean eap_tlv_check(struct eap_sm *sm, void *priv,
-                            u8 *respData, size_t respDataLen)
-{
-       struct eap_hdr *resp;
-       u8 *pos;
-
-       resp = (struct eap_hdr *) respData;
-       pos = (u8 *) (resp + 1);
-       if (respDataLen < sizeof(*resp) + 1 || *pos != EAP_TYPE_TLV ||
-           (ntohs(resp->length)) > respDataLen) {
-               wpa_printf(MSG_INFO, "EAP-TLV: Invalid frame");
-               return TRUE;
-       }
-
-       return FALSE;
-}
-
-
-static void eap_tlv_process(struct eap_sm *sm, void *priv,
-                           u8 *respData, size_t respDataLen)
-{
-       struct eap_tlv_data *data = priv;
-       struct eap_hdr *resp;
-       u8 *pos;
-       size_t left;
-       u8 *result_tlv = NULL;
-       size_t result_tlv_len = 0;
-       int tlv_type, mandatory, tlv_len;
-
-       resp = (struct eap_hdr *) respData;
-       pos = (u8 *) (resp + 1);
-
-       /* Parse TLVs */
-       left = be_to_host16(resp->length) - sizeof(struct eap_hdr) - 1;
-       pos = (u8 *) (resp + 1);
-       pos++;
-       wpa_hexdump(MSG_DEBUG, "EAP-TLV: Received TLVs", pos, left);
-       while (left >= 4) {
-               mandatory = !!(pos[0] & 0x80);
-               tlv_type = pos[0] & 0x3f;
-               tlv_type = (tlv_type << 8) | pos[1];
-               tlv_len = ((int) pos[2] << 8) | pos[3];
-               pos += 4;
-               left -= 4;
-               if ((size_t) tlv_len > left) {
-                       wpa_printf(MSG_DEBUG, "EAP-TLV: TLV underrun "
-                                  "(tlv_len=%d left=%lu)", tlv_len,
-                                  (unsigned long) left);
-                       data->state = FAILURE;
-                       return;
-               }
-               switch (tlv_type) {
-               case EAP_TLV_RESULT_TLV:
-                       result_tlv = pos;
-                       result_tlv_len = tlv_len;
-                       break;
-               default:
-                       wpa_printf(MSG_DEBUG, "EAP-TLV: Unsupported TLV Type "
-                                  "%d%s", tlv_type,
-                                  mandatory ? " (mandatory)" : "");
-                       if (mandatory) {
-                               data->state = FAILURE;
-                               return;
-                       }
-                       /* Ignore this TLV, but process other TLVs */
-                       break;
-               }
-
-               pos += tlv_len;
-               left -= tlv_len;
-       }
-       if (left) {
-               wpa_printf(MSG_DEBUG, "EAP-TLV: Last TLV too short in "
-                          "Request (left=%lu)", (unsigned long) left);
-               data->state = FAILURE;
-               return;
-       }
-
-       /* Process supported TLVs */
-       if (result_tlv) {
-               int status;
-               const char *requested;
-
-               wpa_hexdump(MSG_DEBUG, "EAP-TLV: Result TLV",
-                           result_tlv, result_tlv_len);
-               if (result_tlv_len < 2) {
-                       wpa_printf(MSG_INFO, "EAP-TLV: Too short Result TLV "
-                                  "(len=%lu)",
-                                  (unsigned long) result_tlv_len);
-                       data->state = FAILURE;
-                       return;
-               }
-               requested = sm->tlv_request == TLV_REQ_SUCCESS ? "Success" :
-                       "Failure";
-               status = ((int) result_tlv[0] << 8) | result_tlv[1];
-               if (status == EAP_TLV_RESULT_SUCCESS) {
-                       wpa_printf(MSG_INFO, "EAP-TLV: TLV Result - Success "
-                                  "- requested %s", requested);
-                       if (sm->tlv_request == TLV_REQ_SUCCESS)
-                               data->state = SUCCESS;
-                       else
-                               data->state = FAILURE;
-                       
-               } else if (status == EAP_TLV_RESULT_FAILURE) {
-                       wpa_printf(MSG_INFO, "EAP-TLV: TLV Result - Failure - "
-                                  "requested %s", requested);
-                       if (sm->tlv_request == TLV_REQ_FAILURE)
-                               data->state = SUCCESS;
-                       else
-                               data->state = FAILURE;
-               } else {
-                       wpa_printf(MSG_INFO, "EAP-TLV: Unknown TLV Result "
-                                  "Status %d", status);
-                       data->state = FAILURE;
-               }
-       }
-}
-
-
-static Boolean eap_tlv_isDone(struct eap_sm *sm, void *priv)
-{
-       struct eap_tlv_data *data = priv;
-       return data->state != CONTINUE;
-}
-
-
-static Boolean eap_tlv_isSuccess(struct eap_sm *sm, void *priv)
-{
-       struct eap_tlv_data *data = priv;
-       return data->state == SUCCESS;
-}
-
-
-int eap_server_tlv_register(void)
-{
-       struct eap_method *eap;
-       int ret;
-
-       eap = eap_server_method_alloc(EAP_SERVER_METHOD_INTERFACE_VERSION,
-                                     EAP_VENDOR_IETF, EAP_TYPE_TLV, "TLV");
-       if (eap == NULL)
-               return -1;
-
-       eap->init = eap_tlv_init;
-       eap->reset = eap_tlv_reset;
-       eap->buildReq = eap_tlv_buildReq;
-       eap->check = eap_tlv_check;
-       eap->process = eap_tlv_process;
-       eap->isDone = eap_tlv_isDone;
-       eap->isSuccess = eap_tlv_isSuccess;
-
-       ret = eap_server_method_register(eap);
-       if (ret)
-               eap_server_method_free(eap);
-       return ret;
-}
diff --git a/contrib/hostapd/hlr_auc_gw.milenage_db b/contrib/hostapd/hlr_auc_gw.milenage_db
deleted file mode 100644 (file)
index fa15d53..0000000
+++ /dev/null
@@ -1,9 +0,0 @@
-# Parameters for Milenage (Example algorithms for AKA).
-# The example Ki, OPc, and AMF values here are from 3GPP TS 35.208 v6.0.0
-# 4.3.20 Test Set 20. SQN is the last used SQN value.
-# These values can be used for both UMTS (EAP-AKA) and GSM (EAP-SIM)
-# authentication. In case of GSM/EAP-SIM, AMF and SQN values are not used, but
-# dummy values will need to be included in this file.
-
-# IMSI Ki OPc AMF SQN
-232010000000000 90dca4eda45b53cf0f12d7c9c3bc6a89 cb9cccc4b9258e6dca4760379fb82581 61df 000000000000
diff --git a/contrib/hostapd/hostapd.accept b/contrib/hostapd/hostapd.accept
deleted file mode 100644 (file)
index 57122b6..0000000
+++ /dev/null
@@ -1,5 +0,0 @@
-# List of MAC addresses that are allowed to authenticate (IEEE 802.11)
-# with the AP.
-00:11:22:33:44:55
-00:66:77:88:99:aa
-00:00:22:33:44:55
diff --git a/contrib/hostapd/hostapd.conf b/contrib/hostapd/hostapd.conf
deleted file mode 100644 (file)
index 986ca26..0000000
+++ /dev/null
@@ -1,715 +0,0 @@
-##### hostapd configuration file ##############################################
-# Empty lines and lines starting with # are ignored
-
-# AP netdevice name (without 'ap' postfix, i.e., wlan0 uses wlan0ap for
-# management frames); ath0 for madwifi
-interface=wlan0
-
-# In case of madwifi driver, an additional configuration parameter, bridge,
-# must be used to notify hostapd if the interface is included in a bridge. This
-# parameter is not used with Host AP driver.
-#bridge=br0
-
-# Driver interface type (hostap/wired/madwifi/prism54; default: hostap)
-# driver=hostap
-
-# hostapd event logger configuration
-#
-# Two output method: syslog and stdout (only usable if not forking to
-# background).
-#
-# Module bitfield (ORed bitfield of modules that will be logged; -1 = all
-# modules):
-# bit 0 (1) = IEEE 802.11
-# bit 1 (2) = IEEE 802.1X
-# bit 2 (4) = RADIUS
-# bit 3 (8) = WPA
-# bit 4 (16) = driver interface
-# bit 5 (32) = IAPP
-# bit 6 (64) = MLME
-#
-# Levels (minimum value for logged events):
-#  0 = verbose debugging
-#  1 = debugging
-#  2 = informational messages
-#  3 = notification
-#  4 = warning
-#
-logger_syslog=-1
-logger_syslog_level=2
-logger_stdout=-1
-logger_stdout_level=2
-
-# Debugging: 0 = no, 1 = minimal, 2 = verbose, 3 = msg dumps, 4 = excessive
-debug=0
-
-# Dump file for state information (on SIGUSR1)
-dump_file=/tmp/hostapd.dump
-
-# Interface for separate control program. If this is specified, hostapd
-# will create this directory and a UNIX domain socket for listening to requests
-# from external programs (CLI/GUI, etc.) for status information and
-# configuration. The socket file will be named based on the interface name, so
-# multiple hostapd processes/interfaces can be run at the same time if more
-# than one interface is used.
-# /var/run/hostapd is the recommended directory for sockets and by default,
-# hostapd_cli will use it when trying to connect with hostapd.
-ctrl_interface=/var/run/hostapd
-
-# Access control for the control interface can be configured by setting the
-# directory to allow only members of a group to use sockets. This way, it is
-# possible to run hostapd as root (since it needs to change network
-# configuration and open raw sockets) and still allow GUI/CLI components to be
-# run as non-root users. However, since the control interface can be used to
-# change the network configuration, this access needs to be protected in many
-# cases. By default, hostapd is configured to use gid 0 (root). If you
-# want to allow non-root users to use the contron interface, add a new group
-# and change this value to match with that group. Add users that should have
-# control interface access to this group.
-#
-# This variable can be a group name or gid.
-#ctrl_interface_group=wheel
-ctrl_interface_group=0
-
-
-##### IEEE 802.11 related configuration #######################################
-
-# SSID to be used in IEEE 802.11 management frames
-ssid=test
-
-# Country code (ISO/IEC 3166-1).  Used to set regulatory domain.
-# Modify as needed to indicate country in which device is operating.
-# This can limit available channels and transmit power.
-# (default: US)
-#country_code=US
-
-# Enable IEEE 802.11d. This advertises the country_code and the set of allowed
-# channels and transmit power levels based on the regulatory limits. The
-# country_code setting must be configured with the correct country for
-# IEEE 802.11d functions.
-# (default: 0 = disabled)
-#ieee80211d=1
-
-# Enable IEEE 802.11h. This enables the TPC and DFS services when operating
-# in a regulatory domain which requires them.  Once enabled it will be 
-# operational only when working in hw_mode a and in countries where it is
-# required. The end user should not be allowed to disable this.
-# The country_code setting must be configured with the correct country for
-# IEEE 802.11h to function. 
-# When IEEE 802.11h is operational, the channel_policy and configured channel 
-# settings will be ignored but will behave as though the channel_policy is
-# set to "3" (automatic channel selection). When IEEE 802.11h is enabled but
-# not operational (for example, if the radio mode is changed from "a" to "b")
-# the channel_policy and channel settings take effect again. 
-# (default: 1 = enabled)
-#ieee80211h=1
-
-# Operation mode (a = IEEE 802.11a, b = IEEE 802.11b, g = IEEE 802.11g,
-# Default: IEEE 802.11b
-hw_mode=a
-
-# Channel number (IEEE 802.11)
-# (default: 0, i.e., not set, used with channel_policy=2)
-channel=60
-
-# Beacon interval in kus (1.024 ms) (default: 100; range 15..65535)
-beacon_int=100
-
-# DTIM (delivery trafic information message) period (range 1..255):
-# number of beacons between DTIMs (1 = every beacon includes DTIM element)
-# (default: 2)
-dtim_period=2
-
-# Maximum number of stations allowed in station table. New stations will be
-# rejected after the station table is full. IEEE 802.11 has a limit of 2007
-# different association IDs, so this number should not be larger than that.
-# (default: 2007)
-max_num_sta=255
-
-# RTS/CTS threshold; 2347 = disabled (default); range 0..2347
-# If this field is not included in hostapd.conf, hostapd will not control
-# RTS threshold and 'iwconfig wlan# rts <val>' can be used to set it.
-rts_threshold=2347
-
-# Fragmentation threshold; 2346 = disabled (default); range 256..2346
-# If this field is not included in hostapd.conf, hostapd will not control
-# fragmentation threshold and 'iwconfig wlan# frag <val>' can be used to set
-# it.
-fragm_threshold=2346
-
-# Rate configuration
-# Default is to enable all rates supported by the hardware. This configuration
-# item allows this list be filtered so that only the listed rates will be left
-# in the list. If the list is empty, all rates are used. This list can have
-# entries that are not in the list of rates the hardware supports (such entries
-# are ignored). The entries in this list are in 100 kbps, i.e., 11 Mbps = 110.
-# If this item is present, at least one rate have to be matching with the rates
-# hardware supports.
-# default: use the most common supported rate setting for the selected
-# hw_mode (i.e., this line can be removed from configuration file in most
-# cases)
-#supported_rates=10 20 55 110 60 90 120 180 240 360 480 540
-
-# Basic rate set configuration
-# List of rates (in 100 kbps) that are included in the basic rate set.
-# If this item is not included, usually reasonable default set is used.
-#basic_rates=10 20
-#basic_rates=10 20 55 110
-#basic_rates=60 120 240
-
-# Station MAC address -based authentication
-# Please note that this kind of access control requires a driver that uses
-# hostapd to take care of management frame processing and as such, this can be
-# used with driver=hostap or driver=devicescape, but not with driver=madwifi.
-# 0 = accept unless in deny list
-# 1 = deny unless in accept list
-# 2 = use external RADIUS server (accept/deny lists are searched first)
-macaddr_acl=0
-
-# Accept/deny lists are read from separate files (containing list of
-# MAC addresses, one per line). Use absolute path name to make sure that the
-# files can be read on SIGHUP configuration reloads.
-#accept_mac_file=/etc/hostapd.accept
-#deny_mac_file=/etc/hostapd.deny
-
-# IEEE 802.11 specifies two authentication algorithms. hostapd can be
-# configured to allow both of these or only one. Open system authentication
-# should be used with IEEE 802.1X.
-# Bit fields of allowed authentication algorithms:
-# bit 0 = Open System Authentication
-# bit 1 = Shared Key Authentication (requires WEP)
-auth_algs=3
-
-# Send empty SSID in beacons and ignore probe request frames that do not
-# specify full SSID, i.e., require stations to know SSID.
-# default: disabled (0)
-# 1 = send empty (length=0) SSID in beacon and ignore probe request for
-#     broadcast SSID
-# 2 = clear SSID (ASCII 0), but keep the original length (this may be required
-#     with some clients that do not support empty SSID) and ignore probe
-#     requests for broadcast SSID
-ignore_broadcast_ssid=0
-
-# TX queue parameters (EDCF / bursting)
-# default for all these fields: not set, use hardware defaults
-# tx_queue_<queue name>_<param>
-# queues: data0, data1, data2, data3, after_beacon, beacon
-#              (data0 is the highest priority queue)
-# parameters:
-#   aifs: AIFS (default 2)
-#   cwmin: cwMin (1, 3, 7, 15, 31, 63, 127, 255, 511, 1023)
-#   cwmax: cwMax (1, 3, 7, 15, 31, 63, 127, 255, 511, 1023); cwMax >= cwMin
-#   burst: maximum length (in milliseconds with precision of up to 0.1 ms) for
-#          bursting
-#
-# Default WMM parameters (IEEE 802.11 draft; 11-03-0504-03-000e):
-# These parameters are used by the access point when transmitting frames
-# to the clients.
-#
-# Low priority / AC_BK = background
-#tx_queue_data3_aifs=7
-#tx_queue_data3_cwmin=15
-#tx_queue_data3_cwmax=1023
-#tx_queue_data3_burst=0
-# Note: for IEEE 802.11b mode: cWmin=31 cWmax=1023 burst=0
-#
-# Normal priority / AC_BE = best effort
-#tx_queue_data2_aifs=3
-#tx_queue_data2_cwmin=15
-#tx_queue_data2_cwmax=63
-#tx_queue_data2_burst=0
-# Note: for IEEE 802.11b mode: cWmin=31 cWmax=127 burst=0
-#
-# High priority / AC_VI = video
-#tx_queue_data1_aifs=1
-#tx_queue_data1_cwmin=7
-#tx_queue_data1_cwmax=15
-#tx_queue_data1_burst=3.0
-# Note: for IEEE 802.11b mode: cWmin=15 cWmax=31 burst=6.0
-#
-# Highest priority / AC_VO = voice
-#tx_queue_data0_aifs=1
-#tx_queue_data0_cwmin=3
-#tx_queue_data0_cwmax=7
-#tx_queue_data0_burst=1.5
-# Note: for IEEE 802.11b mode: cWmin=7 cWmax=15 burst=3.3
-#
-# Special queues; normally not user configurable
-#
-#tx_queue_after_beacon_aifs=2
-#tx_queue_after_beacon_cwmin=15
-#tx_queue_after_beacon_cwmax=1023
-#tx_queue_after_beacon_burst=0
-#
-#tx_queue_beacon_aifs=2
-#tx_queue_beacon_cwmin=3
-#tx_queue_beacon_cwmax=7
-#tx_queue_beacon_burst=1.5
-
-# 802.1D Tag to AC mappings
-# WMM specifies following mapping of data frames to different ACs. This mapping
-# can be configured using Linux QoS/tc and sch_pktpri.o module.
-# 802.1D Tag   802.1D Designation      Access Category WMM Designation
-# 1            BK                      AC_BK           Background
-# 2            -                       AC_BK           Background
-# 0            BE                      AC_BE           Best Effort
-# 3            EE                      AC_VI           Video
-# 4            CL                      AC_VI           Video
-# 5            VI                      AC_VI           Video
-# 6            VO                      AC_VO           Voice
-# 7            NC                      AC_VO           Voice
-# Data frames with no priority information: AC_BE
-# Management frames: AC_VO
-# PS-Poll frames: AC_BE
-
-# Default WMM parameters (IEEE 802.11 draft; 11-03-0504-03-000e):
-# for 802.11a or 802.11g networks
-# These parameters are sent to WMM clients when they associate.
-# The parameters will be used by WMM clients for frames transmitted to the
-# access point.
-#
-# note - txop_limit is in units of 32microseconds
-# note - acm is admission control mandatory flag. 0 = admission control not
-# required, 1 = mandatory
-# note - here cwMin and cmMax are in exponent form. the actual cw value used
-# will be (2^n)-1 where n is the value given here
-#
-wme_enabled=1
-#
-# Low priority / AC_BK = background
-wme_ac_bk_cwmin=4
-wme_ac_bk_cwmax=10
-wme_ac_bk_aifs=7
-wme_ac_bk_txop_limit=0
-wme_ac_bk_acm=0
-# Note: for IEEE 802.11b mode: cWmin=5 cWmax=10
-#
-# Normal priority / AC_BE = best effort
-wme_ac_be_aifs=3
-wme_ac_be_cwmin=4
-wme_ac_be_cwmax=10
-wme_ac_be_txop_limit=0
-wme_ac_be_acm=0
-# Note: for IEEE 802.11b mode: cWmin=5 cWmax=7
-#
-# High priority / AC_VI = video
-wme_ac_vi_aifs=2
-wme_ac_vi_cwmin=3
-wme_ac_vi_cwmax=4
-wme_ac_vi_txop_limit=94
-wme_ac_vi_acm=0
-# Note: for IEEE 802.11b mode: cWmin=4 cWmax=5 txop_limit=188
-#
-# Highest priority / AC_VO = voice
-wme_ac_vo_aifs=2
-wme_ac_vo_cwmin=2
-wme_ac_vo_cwmax=3
-wme_ac_vo_txop_limit=47
-wme_ac_vo_acm=0
-# Note: for IEEE 802.11b mode: cWmin=3 cWmax=4 burst=102
-
-# Associate as a station to another AP while still acting as an AP on the same
-# channel.
-#assoc_ap_addr=00:12:34:56:78:9a
-
-# Static WEP key configuration
-#
-# The key number to use when transmitting.
-# It must be between 0 and 3, and the corresponding key must be set.
-# default: not set
-#wep_default_key=0
-# The WEP keys to use.
-# A key may be a quoted string or unquoted hexadecimal digits.
-# The key length should be 5, 13, or 16 characters, or 10, 26, or 32
-# digits, depending on whether 40-bit (64-bit), 104-bit (128-bit), or
-# 128-bit (152-bit) WEP is used.
-# Only the default key must be supplied; the others are optional.
-# default: not set
-#wep_key0=123456789a
-#wep_key1="vwxyz"
-#wep_key2=0102030405060708090a0b0c0d
-#wep_key3=".2.4.6.8.0.23"
-
-# Station inactivity limit
-#
-# If a station does not send anything in ap_max_inactivity seconds, an
-# empty data frame is sent to it in order to verify whether it is
-# still in range. If this frame is not ACKed, the station will be
-# disassociated and then deauthenticated. This feature is used to
-# clear station table of old entries when the STAs move out of the
-# range.
-#
-# The station can associate again with the AP if it is still in range;
-# this inactivity poll is just used as a nicer way of verifying
-# inactivity; i.e., client will not report broken connection because
-# disassociation frame is not sent immediately without first polling
-# the STA with a data frame.
-# default: 300 (i.e., 5 minutes)
-#ap_max_inactivity=300
-
-# Enable/disable internal bridge for packets between associated stations.
-#
-# When IEEE 802.11 is used in managed mode, packets are usually send through
-# the AP even if they are from a wireless station to another wireless station.
-# This functionality requires that the AP has a bridge functionality that sends
-# frames back to the same interface if their destination is another associated
-# station. In addition, broadcast/multicast frames from wireless stations will
-# be sent both to the host system net stack (e.g., to eventually wired network)
-# and back to the wireless interface.
-#
-# The internal bridge is implemented within the wireless kernel module and it
-# bypasses kernel filtering (netfilter/iptables/ebtables). If direct
-# communication between the stations needs to be prevented, the internal
-# bridge can be disabled by setting bridge_packets=0.
-#
-# Note: If this variable is not included in hostapd.conf, hostapd does not
-# change the configuration and iwpriv can be used to set the value with
-# 'iwpriv wlan# param 10 0' command. If the variable is in hostapd.conf,
-# hostapd will override possible iwpriv configuration whenever configuration
-# file is reloaded.
-#
-# default: do not control from hostapd (80211.o defaults to 1=enabled)
-#bridge_packets=1
-
-
-##### IEEE 802.1X-2004 related configuration ##################################
-
-# Require IEEE 802.1X authorization
-#ieee8021x=1
-
-# IEEE 802.1X/EAPOL version
-# hostapd is implemented based on IEEE Std 802.1X-2004 which defines EAPOL
-# version 2. However, there are many client implementations that do not handle
-# the new version number correctly (they seem to drop the frames completely).
-# In order to make hostapd interoperate with these clients, the version number
-# can be set to the older version (1) with this configuration value.
-#eapol_version=2
-
-# Optional displayable message sent with EAP Request-Identity. The first \0
-# in this string will be converted to ASCII-0 (nul). This can be used to
-# separate network info (comma separated list of attribute=value pairs); see,
-# e.g., draft-adrangi-eap-network-discovery-07.txt.
-#eap_message=hello
-#eap_message=hello\0networkid=netw,nasid=foo,portid=0,NAIRealms=example.com
-
-# WEP rekeying (disabled if key lengths are not set or are set to 0)
-# Key lengths for default/broadcast and individual/unicast keys:
-# 5 = 40-bit WEP (also known as 64-bit WEP with 40 secret bits)
-# 13 = 104-bit WEP (also known as 128-bit WEP with 104 secret bits)
-#wep_key_len_broadcast=5
-#wep_key_len_unicast=5
-# Rekeying period in seconds. 0 = do not rekey (i.e., set keys only once)
-#wep_rekey_period=300
-
-# EAPOL-Key index workaround (set bit7) for WinXP Supplicant (needed only if
-# only broadcast keys are used)
-eapol_key_index_workaround=0
-
-# EAP reauthentication period in seconds (default: 3600 seconds; 0 = disable
-# reauthentication).
-#eap_reauth_period=3600
-
-# Use PAE group address (01:80:c2:00:00:03) instead of individual target
-# address when sending EAPOL frames with driver=wired. This is the most common
-# mechanism used in wired authentication, but it also requires that the port
-# is only used by one station.
-#use_pae_group_addr=1
-
-##### Integrated EAP server ###################################################
-
-# Optionally, hostapd can be configured to use an integrated EAP server
-# to process EAP authentication locally without need for an external RADIUS
-# server. This functionality can be used both as a local authentication server
-# for IEEE 802.1X/EAPOL and as a RADIUS server for other devices.
-
-# Use integrated EAP server instead of external RADIUS authentication
-# server. This is also needed if hostapd is configured to act as a RADIUS
-# authentication server.
-eap_server=0
-
-# Path for EAP server user database
-#eap_user_file=/etc/hostapd.eap_user
-
-# CA certificate (PEM or DER file) for EAP-TLS/PEAP/TTLS
-#ca_cert=/etc/hostapd.ca.pem
-
-# Server certificate (PEM or DER file) for EAP-TLS/PEAP/TTLS
-#server_cert=/etc/hostapd.server.pem
-
-# Private key matching with the server certificate for EAP-TLS/PEAP/TTLS
-# This may point to the same file as server_cert if both certificate and key
-# are included in a single file. PKCS#12 (PFX) file (.p12/.pfx) can also be
-# used by commenting out server_cert and specifying the PFX file as the
-# private_key.
-#private_key=/etc/hostapd.server.prv
-
-# Passphrase for private key
-#private_key_passwd=secret passphrase
-
-# Enable CRL verification.
-# Note: hostapd does not yet support CRL downloading based on CDP. Thus, a
-# valid CRL signed by the CA is required to be included in the ca_cert file.
-# This can be done by using PEM format for CA certificate and CRL and
-# concatenating these into one file. Whenever CRL changes, hostapd needs to be
-# restarted to take the new CRL into use.
-# 0 = do not verify CRLs (default)
-# 1 = check the CRL of the user certificate
-# 2 = check all CRLs in the certificate path
-#check_crl=1
-
-# Configuration data for EAP-SIM database/authentication gateway interface.
-# This is a text string in implementation specific format. The example
-# implementation in eap_sim_db.c uses this as the UNIX domain socket name for
-# the HLR/AuC gateway (e.g., hlr_auc_gw). In this case, the path uses "unix:"
-# prefix.
-#eap_sim_db=unix:/tmp/hlr_auc_gw.sock
-
-
-##### IEEE 802.11f - Inter-Access Point Protocol (IAPP) #######################
-
-# Interface to be used for IAPP broadcast packets
-#iapp_interface=eth0
-
-
-##### RADIUS client configuration #############################################
-# for IEEE 802.1X with external Authentication Server, IEEE 802.11
-# authentication with external ACL for MAC addresses, and accounting
-
-# The own IP address of the access point (used as NAS-IP-Address)
-own_ip_addr=127.0.0.1
-
-# Optional NAS-Identifier string for RADIUS messages. When used, this should be
-# a unique to the NAS within the scope of the RADIUS server. For example, a
-# fully qualified domain name can be used here.
-#nas_identifier=ap.example.com
-
-# RADIUS authentication server
-#auth_server_addr=127.0.0.1
-#auth_server_port=1812
-#auth_server_shared_secret=secret
-
-# RADIUS accounting server
-#acct_server_addr=127.0.0.1
-#acct_server_port=1813
-#acct_server_shared_secret=secret
-
-# Secondary RADIUS servers; to be used if primary one does not reply to
-# RADIUS packets. These are optional and there can be more than one secondary
-# server listed.
-#auth_server_addr=127.0.0.2
-#auth_server_port=1812
-#auth_server_shared_secret=secret2
-#
-#acct_server_addr=127.0.0.2
-#acct_server_port=1813
-#acct_server_shared_secret=secret2
-
-# Retry interval for trying to return to the primary RADIUS server (in
-# seconds). RADIUS client code will automatically try to use the next server
-# when the current server is not replying to requests. If this interval is set,
-# primary server will be retried after configured amount of time even if the
-# currently used secondary server is still working.
-#radius_retry_primary_interval=600
-
-
-# Interim accounting update interval
-# If this is set (larger than 0) and acct_server is configured, hostapd will
-# send interim accounting updates every N seconds. Note: if set, this overrides
-# possible Acct-Interim-Interval attribute in Access-Accept message. Thus, this
-# value should not be configured in hostapd.conf, if RADIUS server is used to
-# control the interim interval.
-# This value should not be less 600 (10 minutes) and must not be less than
-# 60 (1 minute).
-#radius_acct_interim_interval=600
-
-# Dynamic VLAN mode; allow RADIUS authentication server to decide which VLAN
-# is used for the stations. This information is parsed from following RADIUS
-# attributes based on RFC 3580 and RFC 2868: Tunnel-Type (value 13 = VLAN),
-# Tunnel-Medium-Type (value 6 = IEEE 802), Tunnel-Private-Group-ID (value
-# VLANID as a string). vlan_file option below must be configured if dynamic
-# VLANs are used.
-# 0 = disabled (default)
-# 1 = option; use default interface if RADIUS server does not include VLAN ID
-# 2 = required; reject authentication if RADIUS server does not include VLAN ID
-#dynamic_vlan=0
-
-# VLAN interface list for dynamic VLAN mode is read from a separate text file.
-# This list is used to map VLAN ID from the RADIUS server to a network
-# interface. Each station is bound to one interface in the same way as with
-# multiple BSSIDs or SSIDs. Each line in this text file is defining a new
-# interface and the line must include VLAN ID and interface name separated by
-# white space (space or tab).
-#vlan_file=/etc/hostapd.vlan
-
-# Interface where 802.1q tagged packets should appear when a RADIUS server is
-# used to determine which VLAN a station is on.  hostapd creates a bridge for
-# each VLAN.  Then hostapd adds a VLAN interface (associated with the interface
-# indicated by 'vlan_tagged_interface') and the appropriate wireless interface
-# to the bridge.
-#vlan_tagged_interface=eth0
-
-
-##### RADIUS authentication server configuration ##############################
-
-# hostapd can be used as a RADIUS authentication server for other hosts. This
-# requires that the integrated EAP authenticator is also enabled and both
-# authentication services are sharing the same configuration.
-
-# File name of the RADIUS clients configuration for the RADIUS server. If this
-# commented out, RADIUS server is disabled.
-#radius_server_clients=/etc/hostapd.radius_clients
-
-# The UDP port number for the RADIUS authentication server
-#radius_server_auth_port=1812
-
-# Use IPv6 with RADIUS server (IPv4 will also be supported using IPv6 API)
-#radius_server_ipv6=1
-
-
-##### WPA/IEEE 802.11i configuration ##########################################
-
-# Enable WPA. Setting this variable configures the AP to require WPA (either
-# WPA-PSK or WPA-RADIUS/EAP based on other configuration). For WPA-PSK, either
-# wpa_psk or wpa_passphrase must be set and wpa_key_mgmt must include WPA-PSK.
-# For WPA-RADIUS/EAP, ieee8021x must be set (but without dynamic WEP keys),
-# RADIUS authentication server must be configured, and WPA-EAP must be included
-# in wpa_key_mgmt.
-# This field is a bit field that can be used to enable WPA (IEEE 802.11i/D3.0)
-# and/or WPA2 (full IEEE 802.11i/RSN):
-# bit0 = WPA
-# bit1 = IEEE 802.11i/RSN (WPA2) (dot11RSNAEnabled)
-#wpa=1
-
-# WPA pre-shared keys for WPA-PSK. This can be either entered as a 256-bit
-# secret in hex format (64 hex digits), wpa_psk, or as an ASCII passphrase
-# (8..63 characters) that will be converted to PSK. This conversion uses SSID
-# so the PSK changes when ASCII passphrase is used and the SSID is changed.
-# wpa_psk (dot11RSNAConfigPSKValue)
-# wpa_passphrase (dot11RSNAConfigPSKPassPhrase)
-#wpa_psk=0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef
-#wpa_passphrase=secret passphrase
-
-# Optionally, WPA PSKs can be read from a separate text file (containing list
-# of (PSK,MAC address) pairs. This allows more than one PSK to be configured.
-# Use absolute path name to make sure that the files can be read on SIGHUP
-# configuration reloads.
-#wpa_psk_file=/etc/hostapd.wpa_psk
-
-# Set of accepted key management algorithms (WPA-PSK, WPA-EAP, or both). The
-# entries are separated with a space.
-# (dot11RSNAConfigAuthenticationSuitesTable)
-#wpa_key_mgmt=WPA-PSK WPA-EAP
-
-# Set of accepted cipher suites (encryption algorithms) for pairwise keys
-# (unicast packets). This is a space separated list of algorithms:
-# CCMP = AES in Counter mode with CBC-MAC [RFC 3610, IEEE 802.11i/D7.0]
-# TKIP = Temporal Key Integrity Protocol [IEEE 802.11i/D7.0]
-# Group cipher suite (encryption algorithm for broadcast and multicast frames)
-# is automatically selected based on this configuration. If only CCMP is
-# allowed as the pairwise cipher, group cipher will also be CCMP. Otherwise,
-# TKIP will be used as the group cipher.
-# (dot11RSNAConfigPairwiseCiphersTable)
-#wpa_pairwise=TKIP CCMP
-
-# Time interval for rekeying GTK (broadcast/multicast encryption keys) in
-# seconds. (dot11RSNAConfigGroupRekeyTime)
-#wpa_group_rekey=600
-
-# Rekey GTK when any STA that possesses the current GTK is leaving the BSS.
-# (dot11RSNAConfigGroupRekeyStrict)
-#wpa_strict_rekey=1
-
-# Time interval for rekeying GMK (master key used internally to generate GTKs
-# (in seconds).
-#wpa_gmk_rekey=86400
-
-# Enable IEEE 802.11i/RSN/WPA2 pre-authentication. This is used to speed up
-# roaming be pre-authenticating IEEE 802.1X/EAP part of the full RSN
-# authentication and key handshake before actually associating with a new AP.
-# (dot11RSNAPreauthenticationEnabled)
-#rsn_preauth=1
-#
-# Space separated list of interfaces from which pre-authentication frames are
-# accepted (e.g., 'eth0' or 'eth0 wlan0wds0'. This list should include all
-# interface that are used for connections to other APs. This could include
-# wired interfaces and WDS links. The normal wireless data interface towards
-# associated stations (e.g., wlan0) should not be added, since
-# pre-authentication is only used with APs other than the currently associated
-# one.
-#rsn_preauth_interfaces=eth0
-
-# peerkey: Whether PeerKey negotiation for direct links (IEEE 802.11e) is
-# allowed. This is only used with RSN/WPA2.
-# 0 = disabled (default)
-# 1 = enabled
-#peerkey=1
-
-# ieee80211w: Whether management frame protection is enabled
-# 0 = disabled (default)
-# 1 = optional
-# 2 = required
-#ieee80211w=0
-
-##### Passive scanning ########################################################
-# Scan different channels every N seconds. 0 = disable passive scanning.
-#passive_scan_interval=60
-
-# Listen N usecs on each channel when doing passive scanning.
-# This value plus the time needed for changing channels should be less than
-# 32 milliseconds (i.e. 32000 usec) to avoid interruptions to normal
-# operations. Time needed for channel changing varies based on the used wlan
-# hardware.
-# default: disabled (0)
-#passive_scan_listen=10000
-
-# Passive scanning mode:
-# 0 = scan all supported modes (802.11a/b/g/Turbo) (default)
-# 1 = scan only the mode that is currently used for normal operations
-#passive_scan_mode=1
-
-# Maximum number of entries kept in AP table (either for passive scanning or
-# for detecting Overlapping Legacy BSS Condition). The oldest entry will be
-# removed when adding a new entry that would make the list grow over this
-# limit. Note! Wi-Fi certification for IEEE 802.11g requires that OLBC is
-# enabled, so this field should not be set to 0 when using IEEE 802.11g.
-# default: 255
-#ap_table_max_size=255
-
-# Number of seconds of no frames received after which entries may be deleted
-# from the AP table. Since passive scanning is not usually performed frequently
-# this should not be set to very small value. In addition, there is no
-# guarantee that every scan cycle will receive beacon frames from the
-# neighboring APs.
-# default: 60
-#ap_table_expiration_time=3600
-
-# Multiple BSSID support
-#
-# Above configuration is using the default interface (wlan#, or multi-SSID VLAN
-# interfaces). Other BSSIDs can be added by using separator 'bss' with
-# default interface name to be allocated for the data packets of the new BSS.
-#
-# hostapd will generate BSSID mask based on the BSSIDs that are
-# configured. hostapd will verify that dev_addr & MASK == dev_addr. If this is
-# not the case, the MAC address of the radio must be changed before starting
-# hostapd (ifconfig wlan0 hw ether <MAC addr>).
-#
-# BSSIDs are assigned in order to each BSS, unless an explicit BSSID is
-# specified using the 'bssid' parameter.
-# If an explicit BSSID is specified, it must be chosen such that it:
-# - results in a valid MASK that covers it and the dev_addr
-# - is not the same as the MAC address of the radio
-# - is not the same as any other explicitly specified BSSID
-#
-# Please note that hostapd uses some of the values configured for the first BSS
-# as the defaults for the following BSSes. However, it is recommended that all
-# BSSes include explicit configuration of all relevant configuration items.
-#
-#bss=wlan0_0
-#ssid=test2
-# most of the above items can be used here (apart from radio interface specific
-# items, like channel)
-
-#bss=wlan0_1
-#bssid=00:13:10:95:fe:0b
-# ...
diff --git a/contrib/hostapd/hostapd.deny b/contrib/hostapd/hostapd.deny
deleted file mode 100644 (file)
index 1616678..0000000
+++ /dev/null
@@ -1,5 +0,0 @@
-# List of MAC addresses that are not allowed to authenticate (IEEE 802.11)
-# with the AP.
-00:20:30:40:50:60
-00:ab:cd:ef:12:34
-00:00:30:40:50:60
diff --git a/contrib/hostapd/hostapd.eap_user b/contrib/hostapd/hostapd.eap_user
deleted file mode 100644 (file)
index b9d7f8b..0000000
+++ /dev/null
@@ -1,74 +0,0 @@
-# hostapd user database for integrated EAP authenticator
-
-# Each line must contain an identity, EAP method(s), and an optional password
-# separated with whitespace (space or tab). The identity and password must be
-# double quoted ("user"). Password can alternatively be stored as
-# NtPasswordHash (16-byte MD4 hash of the unicode presentation of the password
-# in unicode) if it is used for MSCHAP or MSCHAPv2 authentication. This means
-# that the plaintext password does not need to be included in the user file.
-# Password hash is stored as hash:<16-octets of hex data> without quotation
-# marks.
-
-# [2] flag in the end of the line can be used to mark users for tunneled phase
-# 2 authentication (e.g., within EAP-PEAP). In these cases, an anonymous
-# identity can be used in the unencrypted phase 1 and the real user identity
-# is transmitted only within the encrypted tunnel in phase 2. If non-anonymous
-# access is needed, two user entries is needed, one for phase 1 and another
-# with the same username for phase 2.
-#
-# EAP-TLS, EAP-PEAP, EAP-TTLS, EAP-SIM, and EAP-AKA do not use password option.
-# EAP-MD5, EAP-MSCHAPV2, EAP-GTC, EAP-PAX, EAP-PSK, and EAP-SAKE require a
-# password.
-# EAP-PEAP and EAP-TTLS require Phase 2 configuration.
-#
-# * can be used as a wildcard to match any user identity. The main purposes for
-# this are to set anonymous phase 1 identity for EAP-PEAP and EAP-TTLS and to
-# avoid having to configure every certificate for EAP-TLS authentication. The
-# first matching entry is selected, so * should be used as the last phase 1
-# user entry.
-#
-# "prefix"* can be used to match the given prefix and anything after this. The
-# main purpose for this is to be able to avoid EAP method negotiation when the
-# method is using known prefix in identities (e.g., EAP-SIM and EAP-AKA). This
-# is only allowed for phase 1 identities.
-#
-# Multiple methods can be configured to make the authenticator try them one by
-# one until the peer accepts one. The method names are separated with a
-# comma (,).
-#
-# [ver=0] and [ver=1] flags after EAP type PEAP can be used to force PEAP
-# version based on the Phase 1 identity. Without this flag, the EAP
-# authenticator advertises the highest supported version and select the version
-# based on the first PEAP packet from the supplicant.
-
-# Phase 1 users
-"user"         MD5     "password"
-"test user"    MD5     "secret"
-"example user" TLS
-"DOMAIN\user"  MSCHAPV2        "password"
-"gtc user"     GTC     "password"
-"pax user"     PAX     "unknown"
-"pax.user@example.com" PAX     0123456789abcdef0123456789abcdef
-"psk user"     PSK     "unknown"
-"psk.user@example.com" PSK     0123456789abcdef0123456789abcdef
-"sake.user@example.com"        SAKE    0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef
-"ttls"         TTLS
-"not anonymous"        PEAP
-# Default to EAP-SIM and EAP-AKA based on fixed identity prefixes
-"0"*           AKA,TTLS,TLS,PEAP,SIM
-"1"*           SIM,TTLS,TLS,PEAP,AKA
-"2"*           AKA,TTLS,TLS,PEAP,SIM
-"3"*           SIM,TTLS,TLS,PEAP,AKA
-"4"*           AKA,TTLS,TLS,PEAP,SIM
-"5"*           SIM,TTLS,TLS,PEAP,AKA
-
-# Wildcard for all other identities
-*              PEAP,TTLS,TLS,SIM,AKA
-
-# Phase 2 (tunnelled within EAP-PEAP or EAP-TTLS) users
-"t-md5"                MD5     "password"      [2]
-"DOMAIN\t-mschapv2"    MSCHAPV2        "password"      [2]
-"t-gtc"                GTC     "password"      [2]
-"not anonymous"        MSCHAPV2        "password"      [2]
-"user"         MD5,GTC,MSCHAPV2        "password"      [2]
-"test user"    MSCHAPV2        hash:000102030405060708090a0b0c0d0e0f   [2]
diff --git a/contrib/hostapd/hostapd.radius_clients b/contrib/hostapd/hostapd.radius_clients
deleted file mode 100644 (file)
index 3980427..0000000
+++ /dev/null
@@ -1,4 +0,0 @@
-# RADIUS client configuration for the RADIUS server
-10.1.2.3       secret passphrase
-192.168.1.0/24 another very secret passphrase
-0.0.0.0/0      radius
diff --git a/contrib/hostapd/hostapd.sim_db b/contrib/hostapd/hostapd.sim_db
deleted file mode 100644 (file)
index 01c593d..0000000
+++ /dev/null
@@ -1,9 +0,0 @@
-# Example GSM authentication triplet file for EAP-SIM authenticator
-# IMSI:Kc:SRES:RAND
-# IMSI: ASCII string (numbers)
-# Kc: hex, 8 octets
-# SRES: hex, 4 octets
-# RAND: hex, 16 octets
-234567898765432:A0A1A2A3A4A5A6A7:D1D2D3D4:AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
-234567898765432:B0B1B2B3B4B5B6B7:E1E2E3E4:BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB
-234567898765432:C0C1C2C3C4C5C6C7:F1F2F3F4:CCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC
diff --git a/contrib/hostapd/hostapd.vlan b/contrib/hostapd/hostapd.vlan
deleted file mode 100644 (file)
index 98254fa..0000000
+++ /dev/null
@@ -1,9 +0,0 @@
-# VLAN ID to network interface mapping
-1      vlan1
-2      vlan2
-3      vlan3
-100    guest
-# Optional wildcard entry matching all VLAN IDs. The first # in the interface
-# name will be replaced with the VLAN ID. The network interfaces are created
-# (and removed) dynamically based on the use.
-*      vlan#
diff --git a/contrib/hostapd/hostapd.wpa_psk b/contrib/hostapd/hostapd.wpa_psk
deleted file mode 100644 (file)
index 0a9499a..0000000
+++ /dev/null
@@ -1,9 +0,0 @@
-# List of WPA PSKs. Each line, except for empty lines and lines starting
-# with #, must contain a MAC address and PSK separated with a space.
-# Special MAC address 00:00:00:00:00:00 can be used to configure PSKs that
-# anyone can use. PSK can be configured as an ASCII passphrase of 8..63
-# characters or as a 256-bit hex PSK (64 hex digits).
-00:00:00:00:00:00 secret passphrase
-00:11:22:33:44:55 another passphrase
-00:22:33:44:55:66 0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef
-00:00:00:00:00:00 another passphrase for all STAs
diff --git a/contrib/hostapd/hostapd/ChangeLog b/contrib/hostapd/hostapd/ChangeLog
new file mode 100644 (file)
index 0000000..18af4b1
--- /dev/null
@@ -0,0 +1,597 @@
+ChangeLog for hostapd
+
+2010-01-12 - v0.6.10
+       * fixed SHA-256 based key derivation function to match with the
+         standard when using CCMP (for IEEE 802.11r and IEEE 802.11w)
+         (note: this breaks interoperability with previous version) [Bug 307]
+       * fixed WPS selected registrar expiration for internal PIN registrar
+       * disable PMTU discovery for RADIUS packets
+       * fixed WPS UPnP SSDP on 32-bit targets
+       * fixed WPS AP reconfiguration with drivers that do not use hostapd
+         MLME
+       * fixed RSN parameter setting for multi-BSS case
+       * added WPS workarounds for known interoperability issues with broken,
+         deployed implementation
+       * update IEEE 802.11w implementation to match with the published
+         standard
+       * fixed OpCode when proxying WSC_ACK or WSC_NACK from WPS ER
+       * fixed proxying of WSC_NACK to WPS ER
+       * fixed compilation with newer GnuTLS versions
+       * added support for defining timeout for WPS PINs
+       * fixed WPS Probe Request processing to handle missing required
+         attribute
+       * fixed PKCS#12 use with OpenSSL 1.0.0
+
+2009-03-23 - v0.6.9
+       * driver_nl80211: fixed STA accounting data collection (TX/RX bytes
+         reported correctly; TX/RX packets not yet available from kernel)
+       * fixed EAPOL/EAP reauthentication when using an external RADIUS
+         authentication server
+       * driver_prism54: fixed segmentation fault on initialization
+       * fixed TNC with EAP-TTLS
+       * fixed IEEE 802.11r key derivation function to match with the standard
+         (note: this breaks interoperability with previous version) [Bug 303]
+
+2009-02-15 - v0.6.8
+       * increased hostapd_cli ping interval to 5 seconds and made this
+         configurable with a new command line options (-G<seconds>)
+       * driver_nl80211: use Linux socket filter to improve performance
+       * added support for external Registrars with WPS (UPnP transport)
+
+2009-01-06 - v0.6.7
+       * added support for Wi-Fi Protected Setup (WPS)
+         (hostapd can now be configured to act as an integrated WPS Registrar
+         and provision credentials for WPS Enrollees using PIN and PBC
+         methods; external wireless Registrar can configure the AP, but
+         external WLAN Manager Registrars are not supported); WPS support can
+         be enabled by adding CONFIG_WPS=y into .config and setting the
+         runtime configuration variables in hostapd.conf (see WPS section in
+         the example configuration file); new hostapd_cli commands wps_pin and
+         wps_pbc are used to configure WPS negotiation; see README-WPS for
+         more details
+       * added IEEE 802.11n HT capability configuration (ht_capab)
+       * added support for generating Country IE based on nl80211 regulatory
+         information (added if ieee80211d=1 in configuration)
+       * fixed WEP authentication (both Open System and Shared Key) with
+         mac80211
+       * added support for EAP-AKA' (draft-arkko-eap-aka-kdf)
+       * added support for using driver_test over UDP socket
+       * changed EAP-GPSK to use the IANA assigned EAP method type 51
+       * updated management frame protection to use IEEE 802.11w/D7.0
+       * fixed retransmission of EAP requests if no response is received
+
+2008-11-23 - v0.6.6
+       * added a new configuration option, wpa_ptk_rekey, that can be used to
+         enforce frequent PTK rekeying, e.g., to mitigate some attacks against
+         TKIP deficiencies
+       * updated OpenSSL code for EAP-FAST to use an updated version of the
+         session ticket overriding API that was included into the upstream
+         OpenSSL 0.9.9 tree on 2008-11-15 (no additional OpenSSL patch is
+         needed with that version anymore)
+       * changed channel flags configuration to read the information from
+         the driver (e.g., via driver_nl80211 when using mac80211) instead of
+         using hostapd as the source of the regulatory information (i.e.,
+         information from CRDA is now used with mac80211); this allows 5 GHz
+         channels to be used with hostapd (if allowed in the current
+         regulatory domain)
+       * fixed EAP-TLS message processing for the last TLS message if it is
+         large enough to require fragmentation (e.g., if a large Session
+         Ticket data is included)
+       * fixed listen interval configuration for nl80211 drivers
+
+2008-11-01 - v0.6.5
+       * added support for SHA-256 as X.509 certificate digest when using the
+         internal X.509/TLSv1 implementation
+       * fixed EAP-FAST PAC-Opaque padding (0.6.4 broke this for some peer
+         identity lengths)
+       * fixed internal TLSv1 implementation for abbreviated handshake (used
+         by EAP-FAST server)
+       * added support for setting VLAN ID for STAs based on local MAC ACL
+         (accept_mac_file) as an alternative for RADIUS server-based
+         configuration
+       * updated management frame protection to use IEEE 802.11w/D6.0
+         (adds a new association ping to protect against unauthenticated
+         authenticate or (re)associate request frames dropping association)
+       * added support for using SHA256-based stronger key derivation for WPA2
+         (IEEE 802.11w)
+       * added new "driver wrapper" for RADIUS-only configuration
+         (driver=none in hostapd.conf; CONFIG_DRIVER_NONE=y in .config)
+       * fixed WPA/RSN IE validation to verify that the proto (WPA vs. WPA2)
+         is enabled in configuration
+       * changed EAP-FAST configuration to use separate fields for A-ID and
+         A-ID-Info (eap_fast_a_id_info) to allow A-ID to be set to a fixed
+         16-octet len binary value for better interoperability with some peer
+         implementations; eap_fast_a_id is now configured as a hex string
+       * driver_nl80211: Updated to match the current Linux mac80211 AP mode
+         configuration (wireless-testing.git and Linux kernel releases
+         starting from 2.6.29)
+
+2008-08-10 - v0.6.4
+       * added peer identity into EAP-FAST PAC-Opaque and skip Phase 2
+         Identity Request if identity is already known
+       * added support for EAP Sequences in EAP-FAST Phase 2
+       * added support for EAP-TNC (Trusted Network Connect)
+         (this version implements the EAP-TNC method and EAP-TTLS/EAP-FAST
+         changes needed to run two methods in sequence (IF-T) and the IF-IMV
+         and IF-TNCCS interfaces from TNCS)
+       * added support for optional cryptobinding with PEAPv0
+       * added fragmentation support for EAP-TNC
+       * added support for fragmenting EAP-TTLS/PEAP/FAST Phase 2 (tunneled)
+         data
+       * added support for opportunistic key caching (OKC)
+
+2008-02-22 - v0.6.3
+       * fixed Reassociation Response callback processing when using internal
+         MLME (driver_{hostap,nl80211,test}.c)
+       * updated FT support to use the latest draft, IEEE 802.11r/D9.0
+       * copy optional Proxy-State attributes into RADIUS response when acting
+         as a RADIUS authentication server
+       * fixed EAPOL state machine to handle a case in which no response is
+         received from the RADIUS authentication server; previous version
+         could have triggered a crash in some cases after a timeout
+       * fixed EAP-SIM/AKA realm processing to allow decorated usernames to
+         be used
+       * added a workaround for EAP-SIM/AKA peers that include incorrect null
+         termination in the username
+       * fixed EAP-SIM/AKA protected result indication to include AT_COUNTER
+         attribute in notification messages only when using fast
+         reauthentication
+       * fixed EAP-SIM Start response processing for fast reauthentication
+         case
+       * added support for pending EAP processing in EAP-{PEAP,TTLS,FAST}
+         phase 2 to allow EAP-SIM and EAP-AKA to be used as the Phase 2 method
+
+2008-01-01 - v0.6.2
+       * fixed EAP-SIM and EAP-AKA message parser to validate attribute
+         lengths properly to avoid potential crash caused by invalid messages
+       * added data structure for storing allocated buffers (struct wpabuf);
+         this does not affect hostapd usage, but many of the APIs changed
+         and various interfaces (e.g., EAP) is not compatible with old
+         versions
+       * added support for protecting EAP-AKA/Identity messages with
+         AT_CHECKCODE (optional feature in RFC 4187)
+       * added support for protected result indication with AT_RESULT_IND for
+         EAP-SIM and EAP-AKA (eap_sim_aka_result_ind=1)
+       * added support for configuring EAP-TTLS phase 2 non-EAP methods in
+         EAP server configuration; previously all four were enabled for every
+         phase 2 user, now all four are disabled by default and need to be
+         enabled with new method names TTLS-PAP, TTLS-CHAP, TTLS-MSCHAP,
+         TTLS-MSCHAPV2
+       * removed old debug printing mechanism and the related 'debug'
+         parameter in the configuration file; debug verbosity is now set with
+         -d (or -dd) command line arguments
+       * added support for EAP-IKEv2 (draft-tschofenig-eap-ikev2-15.txt);
+         only shared key/password authentication is supported in this version
+
+2007-11-24 - v0.6.1
+       * added experimental, integrated TLSv1 server implementation with the
+         needed X.509/ASN.1/RSA/bignum processing (this can be enabled by
+         setting CONFIG_TLS=internal and CONFIG_INTERNAL_LIBTOMMATH=y in
+         .config); this can be useful, e.g., if the target system does not
+         have a suitable TLS library and a minimal code size is required
+       * added support for EAP-FAST server method to the integrated EAP
+         server
+       * updated EAP Generalized Pre-Shared Key (EAP-GPSK) to use the latest
+         draft (draft-ietf-emu-eap-gpsk-07.txt)
+       * added a new configuration parameter, rsn_pairwise, to allow different
+         pairwise cipher suites to be enabled for WPA and RSN/WPA2
+         (note: if wpa_pairwise differs from rsn_pairwise, the driver will
+         either need to support this or will have to use the WPA/RSN IEs from
+         hostapd; currently, the included madwifi and bsd driver interfaces do
+         not have support for this)
+       * updated FT support to use the latest draft, IEEE 802.11r/D8.0
+
+2007-05-28 - v0.6.0
+       * added experimental IEEE 802.11r/D6.0 support
+       * updated EAP-SAKE to RFC 4763 and the IANA-allocated EAP type 48
+       * updated EAP-PSK to use the IANA-allocated EAP type 47
+       * fixed EAP-PSK bit ordering of the Flags field
+       * fixed configuration reloading (SIGHUP) to re-initialize WPA PSKs
+         by reading wpa_psk_file [Bug 181]
+       * fixed EAP-TTLS AVP parser processing for too short AVP lengths
+       * fixed IPv6 connection to RADIUS accounting server
+       * updated EAP Generalized Pre-Shared Key (EAP-GPSK) to use the latest
+         draft (draft-ietf-emu-eap-gpsk-04.txt)
+       * hlr_auc_gw: read GSM triplet file into memory and rotate through the
+         entries instead of only using the same three triplets every time
+         (this does not work properly with tests using multiple clients, but
+         provides bit better triplet data for testing a single client; anyway,
+         if a better quality triplets are needed, GSM-Milenage should be used
+         instead of hardcoded triplet file)
+       * fixed EAP-MSCHAPv2 server to use a space between S and M parameters
+         in Success Request [Bug 203]
+       * added support for sending EAP-AKA Notifications in error cases
+       * updated to use IEEE 802.11w/D2.0 for management frame protection
+         (still experimental)
+       * RADIUS server: added support for processing duplicate messages
+         (retransmissions from RADIUS client) by replying with the previous
+         reply
+
+2006-11-24 - v0.5.6
+       * added support for configuring and controlling multiple BSSes per
+         radio interface (bss=<ifname> in hostapd.conf); this is only
+         available with Devicescape and test driver interfaces
+       * fixed PMKSA cache update in the end of successful RSN
+         pre-authentication
+       * added support for dynamic VLAN configuration (i.e., selecting VLAN-ID
+         for each STA based on RADIUS Access-Accept attributes); this requires
+         VLAN support from the kernel driver/802.11 stack and this is
+         currently only available with Devicescape and test driver interfaces
+       * driver_madwifi: fixed configuration of unencrypted modes (plaintext
+         and IEEE 802.1X without WEP)
+       * removed STAKey handshake since PeerKey handshake has replaced it in
+         IEEE 802.11ma and there are no known deployments of STAKey
+       * updated EAP Generalized Pre-Shared Key (EAP-GPSK) to use the latest
+         draft (draft-ietf-emu-eap-gpsk-01.txt)
+       * added preliminary implementation of IEEE 802.11w/D1.0 (management
+         frame protection)
+         (Note: this requires driver support to work properly.)
+         (Note2: IEEE 802.11w is an unapproved draft and subject to change.)
+       * hlr_auc_gw: added support for GSM-Milenage (for EAP-SIM)
+       * hlr_auc_gw: added support for reading per-IMSI Milenage keys and
+         parameters from a text file to make it possible to implement proper
+         GSM/UMTS authentication server for multiple SIM/USIM cards using
+         EAP-SIM/EAP-AKA
+       * fixed session timeout processing with drivers that do not use
+         ieee802_11.c (e.g., madwifi)
+
+2006-08-27 - v0.5.5
+       * added 'hostapd_cli new_sta <addr>' command for adding a new STA into
+         hostapd (e.g., to initialize wired network authentication based on an
+         external signal)
+       * fixed hostapd to add PMKID KDE into 4-Way Handshake Message 1 when
+         using WPA2 even if PMKSA caching is not used
+       * added -P<pid file> argument for hostapd to write the current process
+         id into a file
+       * added support for RADIUS Authentication Server MIB (RFC 2619)
+
+2006-06-20 - v0.5.4
+       * fixed nt_password_hash build [Bug 144]
+       * added PeerKey handshake implementation for IEEE 802.11e
+         direct link setup (DLS) to replace STAKey handshake
+       * added support for EAP Generalized Pre-Shared Key (EAP-GPSK,
+         draft-clancy-emu-eap-shared-secret-00.txt)
+       * fixed a segmentation fault when RSN pre-authentication was completed
+         successfully [Bug 152]
+
+2006-04-27 - v0.5.3
+       * do not build nt_password_hash and hlr_auc_gw by default to avoid
+         requiring a TLS library for a successful build; these programs can be
+         build with 'make nt_password_hash' and 'make hlr_auc_gw'
+       * added a new configuration option, eapol_version, that can be used to
+         set EAPOL version to 1 (default is 2) to work around broken client
+         implementations that drop EAPOL frames which use version number 2
+         [Bug 89]
+       * added support for EAP-SAKE (no EAP method number allocated yet, so
+         this is using the same experimental type 255 as EAP-PSK)
+       * fixed EAP-MSCHAPv2 message length validation
+
+2006-03-19 - v0.5.2
+       * fixed stdarg use in hostapd_logger(): if both stdout and syslog
+         logging was enabled, hostapd could trigger a segmentation fault in
+         vsyslog on some CPU -- C library combinations
+       * moved HLR/AuC gateway implementation for EAP-SIM/AKA into an external
+         program to make it easier to use for implementing real SS7 gateway;
+         eap_sim_db is not anymore used as a file name for GSM authentication
+         triplets; instead, it is path to UNIX domain socket that will be used
+         to communicate with the external gateway program (e.g., hlr_auc_gw)
+       * added example HLR/AuC gateway implementation, hlr_auc_gw, that uses
+         local information (GSM authentication triplets from a text file and
+         hardcoded AKA authentication data); this can be used to test EAP-SIM
+         and EAP-AKA
+       * added Milenage algorithm (example 3GPP AKA algorithm) to hlr_auc_gw
+         to make it possible to test EAP-AKA with real USIM cards (this is
+         disabled by default; define AKA_USE_MILENAGE when building hlr_auc_gw
+         to enable this)
+       * driver_madwifi: added support for getting station RSN IE from
+         madwifi-ng svn r1453 and newer; this fixes RSN that was apparently
+         broken with earlier change (r1357) in the driver
+       * changed EAP method registration to use a dynamic list of methods
+         instead of a static list generated at build time
+       * fixed WPA message 3/4 not to encrypt Key Data field (WPA IE)
+         [Bug 125]
+       * added ap_max_inactivity configuration parameter
+
+2006-01-29 - v0.5.1
+       * driver_test: added better support for multiple APs and STAs by using
+         a directory with sockets that include MAC address for each device in
+         the name (test_socket=DIR:/tmp/test)
+       * added support for EAP expanded type (vendor specific EAP methods)
+
+2005-12-18 - v0.5.0 (beginning of 0.5.x development releases)
+       * added experimental STAKey handshake implementation for IEEE 802.11e
+         direct link setup (DLS); note: this is disabled by default in both
+         build and runtime configuration (can be enabled with CONFIG_STAKEY=y
+         and stakey=1)
+       * added support for EAP methods to use callbacks to external programs
+         by buffering a pending request and processing it after the EAP method
+         is ready to continue
+       * improved EAP-SIM database interface to allow external request to GSM
+         HLR/AuC without blocking hostapd process
+       * added support for using EAP-SIM pseudonyms and fast re-authentication
+       * added support for EAP-AKA in the integrated EAP authenticator
+       * added support for matching EAP identity prefixes (e.g., "1"*) in EAP
+         user database to allow EAP-SIM/AKA selection without extra roundtrip
+         for EAP-Nak negotiation
+       * added support for storing EAP user password as NtPasswordHash instead
+         of plaintext password when using MSCHAP or MSCHAPv2 for
+         authentication (hash:<16-octet hex value>); added nt_password_hash
+         tool for hashing password to generate NtPasswordHash
+
+2005-11-20 - v0.4.7 (beginning of 0.4.x stable releases)
+       * driver_wired: fixed EAPOL sending to optionally use PAE group address
+         as the destination instead of supplicant MAC address; this is
+         disabled by default, but should be enabled with use_pae_group_addr=1
+         in configuration file if the wired interface is used by only one
+         device at the time (common switch configuration)
+       * driver_madwifi: configure driver to use TKIP countermeasures in order
+         to get correct behavior (IEEE 802.11 association failing; previously,
+         association succeeded, but hostpad forced disassociation immediately)
+       * driver_madwifi: added support for madwifi-ng
+
+2005-10-27 - v0.4.6
+       * added support for replacing user identity from EAP with RADIUS
+         User-Name attribute from Access-Accept message, if that is included,
+         for the RADIUS accounting messages (e.g., for EAP-PEAP/TTLS to get
+         tunneled identity into accounting messages when the RADIUS server
+         does not support better way of doing this with Class attribute)
+       * driver_madwifi: fixed EAPOL packet receive for configuration where
+         ath# is part of a bridge interface
+       * added a configuration file and log analyzer script for logwatch
+       * fixed EAPOL state machine step function to process all state
+         transitions before processing new events; this resolves a race
+         condition in which EAPOL-Start message could trigger hostapd to send
+         two EAP-Response/Identity frames to the authentication server
+
+2005-09-25 - v0.4.5
+       * added client CA list to the TLS certificate request in order to make
+         it easier for the client to select which certificate to use
+       * added experimental support for EAP-PSK
+       * added support for WE-19 (hostap, madwifi)
+
+2005-08-21 - v0.4.4
+       * fixed build without CONFIG_RSN_PREAUTH
+       * fixed FreeBSD build
+
+2005-06-26 - v0.4.3
+       * fixed PMKSA caching to copy User-Name and Class attributes so that
+         RADIUS accounting gets correct information
+       * start RADIUS accounting only after successful completion of WPA
+         4-Way Handshake if WPA-PSK is used
+       * fixed PMKSA caching for the case where STA (re)associates without
+         first disassociating
+
+2005-06-12 - v0.4.2
+       * EAP-PAX is now registered as EAP type 46
+       * fixed EAP-PAX MAC calculation
+       * fixed EAP-PAX CK and ICK key derivation
+       * renamed eap_authenticator configuration variable to eap_server to
+         better match with RFC 3748 (EAP) terminology
+       * driver_test: added support for testing hostapd with wpa_supplicant
+         by using test driver interface without any kernel drivers or network
+         cards
+
+2005-05-22 - v0.4.1
+       * fixed RADIUS server initialization when only auth or acct server
+         is configured and the other one is left empty
+       * driver_madwifi: added support for RADIUS accounting
+       * driver_madwifi: added preliminary support for compiling against 'BSD'
+         branch of madwifi CVS tree
+       * driver_madwifi: fixed pairwise key removal to allow WPA reauth
+         without disassociation
+       * added support for reading additional certificates from PKCS#12 files
+         and adding them to the certificate chain
+       * fixed RADIUS Class attribute processing to only use Access-Accept
+         packets to update Class; previously, other RADIUS authentication
+         packets could have cleared Class attribute
+       * added support for more than one Class attribute in RADIUS packets
+       * added support for verifying certificate revocation list (CRL) when
+         using integrated EAP authenticator for EAP-TLS; new hostapd.conf
+         options 'check_crl'; CRL must be included in the ca_cert file for now
+
+2005-04-25 - v0.4.0 (beginning of 0.4.x development releases)
+       * added support for including network information into
+         EAP-Request/Identity message (ASCII-0 (nul) in eap_message)
+         (e.g., to implement draft-adrange-eap-network-discovery-07.txt)
+       * fixed a bug which caused some RSN pre-authentication cases to use
+         freed memory and potentially crash hostapd
+       * fixed private key loading for cases where passphrase is not set
+       * added support for sending TLS alerts and aborting authentication
+         when receiving a TLS alert
+       * fixed WPA2 to add PMKSA cache entry when using integrated EAP
+         authenticator
+       * fixed PMKSA caching (EAP authentication was not skipped correctly
+         with the new state machine changes from IEEE 802.1X draft)
+       * added support for RADIUS over IPv6; own_ip_addr, auth_server_addr,
+         and acct_server_addr can now be IPv6 addresses (CONFIG_IPV6=y needs
+         to be added to .config to include IPv6 support); for RADIUS server,
+         radius_server_ipv6=1 needs to be set in hostapd.conf and addresses
+         in RADIUS clients file can then use IPv6 format
+       * added experimental support for EAP-PAX
+       * replaced hostapd control interface library (hostapd_ctrl.[ch]) with
+         the same implementation that wpa_supplicant is using (wpa_ctrl.[ch])
+
+2005-02-12 - v0.3.7 (beginning of 0.3.x stable releases)
+
+2005-01-23 - v0.3.5
+       * added support for configuring a forced PEAP version based on the
+         Phase 1 identity
+       * fixed PEAPv1 to use tunneled EAP-Success/Failure instead of EAP-TLV
+         to terminate authentication
+       * fixed EAP identifier duplicate processing with the new IEEE 802.1X
+         draft
+       * clear accounting data in the driver when starting a new accounting
+         session
+       * driver_madwifi: filter wireless events based on ifindex to allow more
+         than one network interface to be used
+       * fixed WPA message 2/4 processing not to cancel timeout for TimeoutEvt
+         setting if the packet does not pass MIC verification (e.g., due to
+         incorrect PSK); previously, message 1/4 was not tried again if an
+         invalid message 2/4 was received
+       * fixed reconfiguration of RADIUS client retransmission timer when
+         adding a new message to the pending list; previously, timer was not
+         updated at this point and if there was a pending message with long
+         time for the next retry, the new message needed to wait that long for
+         its first retry, too
+
+2005-01-09 - v0.3.4
+       * added support for configuring multiple allowed EAP types for Phase 2
+         authentication (EAP-PEAP, EAP-TTLS)
+       * fixed EAPOL-Start processing to trigger WPA reauthentication
+         (previously, only EAPOL authentication was done)
+
+2005-01-02 - v0.3.3
+       * added support for EAP-PEAP in the integrated EAP authenticator
+       * added support for EAP-GTC in the integrated EAP authenticator
+       * added support for configuring list of EAP methods for Phase 1 so that
+         the integrated EAP authenticator can, e.g., use the wildcard entry
+         for EAP-TLS and EAP-PEAP
+       * added support for EAP-TTLS in the integrated EAP authenticator
+       * added support for EAP-SIM in the integrated EAP authenticator
+       * added support for using hostapd as a RADIUS authentication server
+         with the integrated EAP authenticator taking care of EAP
+         authentication (new hostapd.conf options: radius_server_clients and
+         radius_server_auth_port); this is not included in default build; use
+         CONFIG_RADIUS_SERVER=y in .config to include
+
+2004-12-19 - v0.3.2
+       * removed 'daemonize' configuration file option since it has not really
+         been used at all for more than year
+       * driver_madwifi: fixed group key setup and added get_ssid method
+       * added support for EAP-MSCHAPv2 in the integrated EAP authenticator
+
+2004-12-12 - v0.3.1
+       * added support for integrated EAP-TLS authentication (new hostapd.conf
+         variables: ca_cert, server_cert, private_key, private_key_passwd);
+         this enabled dynamic keying (WPA2/WPA/IEEE 802.1X/WEP) without
+         external RADIUS server
+       * added support for reading PKCS#12 (PFX) files (as a replacement for
+         PEM/DER) to get certificate and private key (CONFIG_PKCS12)
+
+2004-12-05 - v0.3.0 (beginning of 0.3.x development releases)
+       * added support for Acct-{Input,Output}-Gigawords
+       * added support for Event-Timestamp (in RADIUS Accounting-Requests)
+       * added support for RADIUS Authentication Client MIB (RFC2618)
+       * added support for RADIUS Accounting Client MIB (RFC2620)
+       * made EAP re-authentication period configurable (eap_reauth_period)
+       * fixed EAPOL reauthentication to trigger WPA/WPA2 reauthentication
+       * fixed EAPOL state machine to stop if STA is removed during
+         eapol_sm_step(); this fixes at least one segfault triggering bug with
+         IEEE 802.11i pre-authentication
+       * added support for multiple WPA pre-shared keys (e.g., one for each
+         client MAC address or keys shared by a group of clients);
+         new hostapd.conf field wpa_psk_file for setting path to a text file
+         containing PSKs, see hostapd.wpa_psk for an example
+       * added support for multiple driver interfaces to allow hostapd to be
+         used with other drivers
+       * added wired authenticator driver interface (driver=wired in
+         hostapd.conf, see wired.conf for example configuration)
+       * added madwifi driver interface (driver=madwifi in hostapd.conf, see
+         madwifi.conf for example configuration; Note: include files from
+         madwifi project is needed for building and a configuration file,
+         .config, needs to be created in hostapd directory with
+         CONFIG_DRIVER_MADWIFI=y to include this driver interface in hostapd
+         build)
+       * fixed an alignment issue that could cause SHA-1 to fail on some
+         platforms (e.g., Intel ixp425 with a compiler that does not 32-bit
+         align variables)
+       * fixed RADIUS reconnection after an error in sending interim
+         accounting packets
+       * added hostapd control interface for external programs and an example
+         CLI, hostapd_cli (like wpa_cli for wpa_supplicant)
+       * started adding dot11, dot1x, radius MIBs ('hostapd_cli mib',
+         'hostapd_cli sta <addr>')
+       * finished update from IEEE 802.1X-2001 to IEEE 802.1X-REV (now d11)
+       * added support for strict GTK rekeying (wpa_strict_rekey in
+         hostapd.conf)
+       * updated IAPP to use UDP port 3517 and multicast address 224.0.1.178
+         (instead of broadcast) for IAPP ADD-notify (moved from draft 3 to
+         IEEE 802.11F-2003)
+       * added Prism54 driver interface (driver=prism54 in hostapd.conf;
+         note: .config needs to be created in hostapd directory with
+         CONFIG_DRIVER_PRISM54=y to include this driver interface in hostapd
+         build)
+       * dual-licensed hostapd (GPLv2 and BSD licenses)
+       * fixed RADIUS accounting to generate a new session id for cases where
+         a station reassociates without first being complete deauthenticated
+       * fixed STA disassociation handler to mark next timeout state to
+         deauthenticate the station, i.e., skip long wait for inactivity poll
+         and extra disassociation, if the STA disassociates without
+         deauthenticating
+       * added integrated EAP authenticator that can be used instead of
+         external RADIUS authentication server; currently, only EAP-MD5 is
+         supported, so this cannot yet be used for key distribution; the EAP
+         method interface is generic, though, so adding new EAP methods should
+         be straightforward; new hostapd.conf variables: 'eap_authenticator'
+         and 'eap_user_file'; this obsoletes "minimal authentication server"
+         ('minimal_eap' in hostapd.conf) which is now removed
+       * added support for FreeBSD and driver interface for the BSD net80211
+         layer (driver=bsd in hostapd.conf and CONFIG_DRIVER_BSD=y in
+         .config); please note that some of the required kernel mods have not
+         yet been committed
+
+2004-07-17 - v0.2.4 (beginning of 0.2.x stable releases)
+       * fixed some accounting cases where Accounting-Start was sent when
+         IEEE 802.1X port was being deauthorized
+
+2004-06-20 - v0.2.3
+       * modified RADIUS client to re-connect the socket in case of certain
+         error codes that are generated when a network interface state is
+         changes (e.g., when IP address changes or the interface is set UP)
+       * fixed couple of cases where EAPOL state for a station was freed
+         twice causing a segfault for hostapd
+       * fixed couple of bugs in processing WPA deauthentication (freed data
+         was used)
+
+2004-05-31 - v0.2.2
+       * fixed WPA/WPA2 group rekeying to use key index correctly (GN/GM)
+       * fixed group rekeying to send zero TSC in EAPOL-Key messages to fix
+         cases where STAs dropped multicast frames as replay attacks
+       * added support for copying RADIUS Attribute 'Class' from
+         authentication messages into accounting messages
+       * send canned EAP failure if RADIUS server sends Access-Reject without
+         EAP message (previously, Supplicant was not notified in this case)
+       * fixed mixed WPA-PSK and WPA-EAP mode to work with WPA-PSK (i.e., do
+         not start EAPOL state machines if the STA selected to use WPA-PSK)
+
+2004-05-06 - v0.2.1
+       * added WPA and IEEE 802.11i/RSN (WPA2) Authenticator functionality
+         - based on IEEE 802.11i/D10.0 but modified to interoperate with WPA
+           (i.e., IEEE 802.11i/D3.0)
+         - supports WPA-only, RSN-only, and mixed WPA/RSN mode
+         - both WPA-PSK and WPA-RADIUS/EAP are supported
+         - PMKSA caching and pre-authentication
+         - new hostapd.conf variables: wpa, wpa_psk, wpa_passphrase,
+           wpa_key_mgmt, wpa_pairwise, wpa_group_rekey, wpa_gmk_rekey,
+           rsn_preauth, rsn_preauth_interfaces
+       * fixed interim accounting to remove any pending accounting messages
+         to the STA before sending a new one
+
+2004-02-15 - v0.2.0
+       * added support for Acct-Interim-Interval:
+         - draft-ietf-radius-acct-interim-01.txt
+         - use Acct-Interim-Interval attribute from Access-Accept if local
+           'radius_acct_interim_interval' is not set
+         - allow different update intervals for each STA
+       * fixed event loop to call signal handlers only after returning from
+         the real signal handler
+       * reset sta->timeout_next after successful association to make sure
+         that the previously registered inactivity timer will not remove the
+         STA immediately (e.g., if STA deauthenticates and re-associates
+         before the timer is triggered).
+       * added new hostapd.conf variable, nas_identifier, that can be used to
+         add an optional RADIUS Attribute, NAS-Identifier, into authentication
+         and accounting messages
+       * added support for Accounting-On and Accounting-Off messages
+       * fixed accounting session handling to send Accounting-Start only once
+         per session and not to send Accounting-Stop if the session was not
+         initialized properly
+       * fixed Accounting-Stop statistics in cases where the message was
+         previously sent after the kernel entry for the STA (and/or IEEE
+         802.1X data) was removed
+
+
+Note:
+
+Older changes up to and including v0.1.0 are included in the ChangeLog
+of the Host AP driver.
similarity index 98%
copy from contrib/hostapd/README
copy to contrib/hostapd/hostapd/README
index 541fac4..eb9aa48 100644 (file)
@@ -2,7 +2,7 @@ hostapd - user space IEEE 802.11 AP and IEEE 802.1X/WPA/WPA2/EAP
          Authenticator and RADIUS authentication server
 ================================================================
 
-Copyright (c) 2002-2007, Jouni Malinen <j@w1.fi> and contributors
+Copyright (c) 2002-2009, Jouni Malinen <j@w1.fi> and contributors
 All Rights Reserved.
 
 This program is dual-licensed under both the GPL version 2 and BSD
@@ -98,6 +98,10 @@ Current hardware/software requirements:
        Prism54 driver for Intersil/Conexant Prism GT/Duette/Indigo
        (http://www.prism54.org/)
 
+       mac80211-based drivers that support AP mode (with driver=nl80211).
+       This includes drivers for Atheros (ath9k) and Broadcom (b43)
+       chipsets.
+
        Any wired Ethernet driver for wired IEEE 802.1X authentication
        (experimental code)
 
diff --git a/contrib/hostapd/hostapd/README-WPS b/contrib/hostapd/hostapd/README-WPS
new file mode 100644 (file)
index 0000000..e0e370b
--- /dev/null
@@ -0,0 +1,239 @@
+hostapd and Wi-Fi Protected Setup (WPS)
+=======================================
+
+This document describes how the WPS implementation in hostapd can be
+configured and how an external component on an AP (e.g., web UI) is
+used to enable enrollment of client devices.
+
+
+Introduction to WPS
+-------------------
+
+Wi-Fi Protected Setup (WPS) is a mechanism for easy configuration of a
+wireless network. It allows automated generation of random keys (WPA
+passphrase/PSK) and configuration of an access point and client
+devices. WPS includes number of methods for setting up connections
+with PIN method and push-button configuration (PBC) being the most
+commonly deployed options.
+
+While WPS can enable more home networks to use encryption in the
+wireless network, it should be noted that the use of the PIN and
+especially PBC mechanisms for authenticating the initial key setup is
+not very secure. As such, use of WPS may not be suitable for
+environments that require secure network access without chance for
+allowing outsiders to gain access during the setup phase.
+
+WPS uses following terms to describe the entities participating in the
+network setup:
+- access point: the WLAN access point
+- Registrar: a device that control a network and can authorize
+  addition of new devices); this may be either in the AP ("internal
+  Registrar") or in an external device, e.g., a laptop, ("external
+  Registrar")
+- Enrollee: a device that is being authorized to use the network
+
+It should also be noted that the AP and a client device may change
+roles (i.e., AP acts as an Enrollee and client device as a Registrar)
+when WPS is used to configure the access point.
+
+
+More information about WPS is available from Wi-Fi Alliance:
+http://www.wi-fi.org/wifi-protected-setup
+
+
+hostapd implementation
+----------------------
+
+hostapd includes an optional WPS component that can be used as an
+internal WPS Registrar to manage addition of new WPS enabled clients
+to the network. In addition, WPS Enrollee functionality in hostapd can
+be used to allow external WPS Registrars to configure the access
+point, e.g., for initial network setup. In addition, hostapd can proxy a
+WPS registration between a wireless Enrollee and an external Registrar
+(e.g., Microsoft Vista or Atheros JumpStart) with UPnP.
+
+
+hostapd configuration
+---------------------
+
+WPS is an optional component that needs to be enabled in hostapd build
+configuration (.config). Here is an example configuration that
+includes WPS support and uses madwifi driver interface:
+
+CONFIG_DRIVER_MADWIFI=y
+CFLAGS += -I/usr/src/madwifi-0.9.3
+CONFIG_EAP=y
+CONFIG_WPS=y
+CONFIG_WPS_UPNP=y
+
+
+Following section shows an example runtime configuration
+(hostapd.conf) that enables WPS:
+
+# Configure the driver and network interface
+driver=madwifi
+interface=ath0
+
+# WPA2-Personal configuration for the AP
+ssid=wps-test
+wpa=2
+wpa_key_mgmt=WPA-PSK
+wpa_pairwise=CCMP
+# Default WPA passphrase for legacy (non-WPS) clients
+wpa_passphrase=12345678
+# Enable random per-device PSK generation for WPS clients
+# Please note that the file has to exists for hostapd to start (i.e., create an
+# empty file as a starting point).
+wpa_psk_file=/etc/hostapd.psk
+
+# Enable control interface for PBC/PIN entry
+ctrl_interface=/var/run/hostapd
+
+# Enable internal EAP server for EAP-WSC (part of Wi-Fi Protected Setup)
+eap_server=1
+
+# WPS configuration (AP configured, do not allow external WPS Registrars)
+wps_state=2
+ap_setup_locked=1
+# If UUID is not configured, it will be generated based on local MAC address.
+uuid=87654321-9abc-def0-1234-56789abc0000
+wps_pin_requests=/var/run/hostapd.pin-req
+device_name=Wireless AP
+manufacturer=Company
+model_name=WAP
+model_number=123
+serial_number=12345
+device_type=6-0050F204-1
+os_version=01020300
+config_methods=label display push_button keypad
+
+# if external Registrars are allowed, UPnP support could be added:
+#upnp_iface=br0
+#friendly_name=WPS Access Point
+
+
+External operations
+-------------------
+
+WPS requires either a device PIN code (usually, 8-digit number) or a
+pushbutton event (for PBC) to allow a new WPS Enrollee to join the
+network. hostapd uses the control interface as an input channel for
+these events.
+
+When a client device (WPS Enrollee) connects to hostapd (WPS
+Registrar) in order to start PIN mode negotiation for WPS, an
+identifier (Enrollee UUID) is sent. hostapd will need to be configured
+with a device password (PIN) for this Enrollee. This is an operation
+that requires user interaction (assuming there are no pre-configured
+PINs on the AP for a set of Enrollee).
+
+The PIN request with information about the device is appended to the
+wps_pin_requests file (/var/run/hostapd.pin-req in this example). In
+addition, hostapd control interface event is sent as a notification of
+a new device. The AP could use, e.g., a web UI for showing active
+Enrollees to the user and request a PIN for an Enrollee.
+
+The PIN request file has one line for every Enrollee that connected to
+the AP, but for which there was no PIN. Following information is
+provided for each Enrollee (separated with tabulators):
+- timestamp (seconds from 1970-01-01)
+- Enrollee UUID
+- MAC address
+- Device name
+- Manufacturer
+- Model Name
+- Model Number
+- Serial Number
+- Device category
+
+Example line in the /var/run/hostapd.pin-req file:
+1200188391     53b63a98-d29e-4457-a2ed-094d7e6a669c    Intel(R) Centrino(R)    Intel Corporation       Intel(R) Centrino(R)    -       -       1-0050F204-1
+
+Control interface data:
+WPS-PIN-NEEDED [UUID-E|MAC Address|Device Name|Manufacturer|Model Name|Model Number|Serial Number|Device Category]
+For example:
+<2>WPS-PIN-NEEDED [53b63a98-d29e-4457-a2ed-094d7e6a669c|02:12:34:56:78:9a|Device|Manuf|Model|Model Number|Serial Number|1-0050F204-1]
+
+When the user enters a PIN for a pending Enrollee, e.g., on the web
+UI), hostapd needs to be notified of the new PIN over the control
+interface. This can be done either by using the UNIX domain socket
+-based control interface directly (src/common/wpa_ctrl.c provides
+helper functions for using the interface) or by calling hostapd_cli.
+
+Example command to add a PIN (12345670) for an Enrollee:
+
+hostapd_cli wps_pin 53b63a98-d29e-4457-a2ed-094d7e6a669c 12345670
+
+If the UUID-E is not available (e.g., Enrollee waits for the Registrar
+to be selected before connecting), wildcard UUID may be used to allow
+the PIN to be used once with any UUID:
+
+hostapd_cli wps_pin any 12345670
+
+To reduce likelihood of PIN being used with other devices or of
+forgetting an active PIN available for potential attackers, expiration
+time can be set for the new PIN:
+
+hostapd_cli wps_pin any 12345670 300
+
+
+After this, the Enrollee can connect to the AP again and complete WPS
+negotiation. At that point, a new, random WPA PSK is generated for the
+client device and the client can then use that key to connect to the
+AP to access the network.
+
+
+If the AP includes a pushbutton, WPS PBC mode can be used. It is
+enabled by pushing a button on both the AP and the client at about the
+same time (2 minute window). hostapd needs to be notified about the AP
+button pushed event over the control interface, e.g., by calling
+hostapd_cli:
+
+hostapd_cli wps_pbc
+
+At this point, the client has two minutes to complete WPS negotiation
+which will generate a new WPA PSK in the same way as the PIN method
+described above.
+
+
+Credential generation and configuration changes
+-----------------------------------------------
+
+By default, hostapd generates credentials for Enrollees and processing
+AP configuration updates internally. However, it is possible to
+control these operations from external programs, if desired.
+
+The internal credential generation can be disabled with
+skip_cred_build=1 option in the configuration. extra_cred option will
+then need to be used to provide pre-configured Credential attribute(s)
+for hostapd to use. The exact data from this binary file will be sent,
+i.e., it will have to include valid WPS attributes. extra_cred can
+also be used to add additional networks if the Registrar is used to
+configure credentials for multiple networks.
+
+Processing of received configuration updates can be disabled with
+wps_cred_processing=1 option. When this is used, an external program
+is responsible for creating hostapd configuration files and processing
+configuration updates based on messages received from hostapd over
+control interface. This will also include the initial configuration on
+first successful registration if the AP is initially set in
+unconfigured state.
+
+Following control interface messages are sent out for external programs:
+
+WPS-REG-SUCCESS <Enrollee MAC address <UUID-E>
+For example:
+<2>WPS-REG-SUCCESS 02:66:a0:ee:17:27 2b7093f1-d6fb-5108-adbb-bea66bb87333
+
+This can be used to tricker change from unconfigured to configured
+state (random configuration based on the first successful WPS
+registration). In addition, this can be used to update AP UI about the
+status of WPS registration progress.
+
+
+WPS-NEW-AP-SETTINGS <hexdump of AP Setup attributes>
+For example:
+<2>WPS-NEW-AP-SETTINGS 10260001011045000c6a6b6d2d7770732d74657374100300020020100f00020008102700403065346230343536633236366665306433396164313535346131663462663731323433376163666462376633393965353466316631623032306164343438623510200006024231cede15101e000844
+
+This can be used to update the externally stored AP configuration and
+then update hostapd configuration (followed by restarting of hostapd).
similarity index 80%
rename from contrib/hostapd/accounting.c
rename to contrib/hostapd/hostapd/accounting.c
index b22347b..ce71678 100644 (file)
@@ -1,6 +1,6 @@
 /*
  * hostapd / RADIUS Accounting
- * Copyright (c) 2002-2005, Jouni Malinen <j@w1.fi>
+ * Copyright (c) 2002-2008, Jouni Malinen <j@w1.fi>
  *
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License version 2 as
  */
 
 #include "includes.h"
-#include <assert.h>
 
 #include "hostapd.h"
-#include "radius.h"
-#include "radius_client.h"
+#include "radius/radius.h"
+#include "radius/radius_client.h"
 #include "eloop.h"
 #include "accounting.h"
 #include "ieee802_1x.h"
@@ -29,9 +28,8 @@
  * input/output octets and updates Acct-{Input,Output}-Gigawords. */
 #define ACCT_DEFAULT_UPDATE_INTERVAL 300
 
-/* from ieee802_1x.c */
-const char *radius_mode_txt(struct hostapd_data *hapd);
-int radius_sta_rate(struct hostapd_data *hapd, struct sta_info *sta);
+static void accounting_sta_get_id(struct hostapd_data *hapd,
+                                 struct sta_info *sta);
 
 
 static struct radius_msg * accounting_msg(struct hostapd_data *hapd,
@@ -54,10 +52,10 @@ static struct radius_msg * accounting_msg(struct hostapd_data *hapd,
        if (sta) {
                radius_msg_make_authenticator(msg, (u8 *) sta, sizeof(*sta));
 
-               snprintf(buf, sizeof(buf), "%08X-%08X",
-                        sta->acct_session_id_hi, sta->acct_session_id_lo);
+               os_snprintf(buf, sizeof(buf), "%08X-%08X",
+                           sta->acct_session_id_hi, sta->acct_session_id_lo);
                if (!radius_msg_add_attr(msg, RADIUS_ATTR_ACCT_SESSION_ID,
-                                        (u8 *) buf, strlen(buf))) {
+                                        (u8 *) buf, os_strlen(buf))) {
                        printf("Could not add Acct-Session-Id\n");
                        goto fail;
                }
@@ -82,10 +80,10 @@ static struct radius_msg * accounting_msg(struct hostapd_data *hapd,
        if (sta) {
                val = ieee802_1x_get_identity(sta->eapol_sm, &len);
                if (!val) {
-                       snprintf(buf, sizeof(buf), RADIUS_ADDR_FORMAT,
-                                MAC2STR(sta->addr));
+                       os_snprintf(buf, sizeof(buf), RADIUS_ADDR_FORMAT,
+                                   MAC2STR(sta->addr));
                        val = (u8 *) buf;
-                       len = strlen(buf);
+                       len = os_strlen(buf);
                }
 
                if (!radius_msg_add_attr(msg, RADIUS_ATTR_USER_NAME, val,
@@ -114,7 +112,7 @@ static struct radius_msg * accounting_msg(struct hostapd_data *hapd,
        if (hapd->conf->nas_identifier &&
            !radius_msg_add_attr(msg, RADIUS_ATTR_NAS_IDENTIFIER,
                                 (u8 *) hapd->conf->nas_identifier,
-                                strlen(hapd->conf->nas_identifier))) {
+                                os_strlen(hapd->conf->nas_identifier))) {
                printf("Could not add NAS-Identifier\n");
                goto fail;
        }
@@ -125,19 +123,19 @@ static struct radius_msg * accounting_msg(struct hostapd_data *hapd,
                goto fail;
        }
 
-       snprintf(buf, sizeof(buf), RADIUS_802_1X_ADDR_FORMAT ":%s",
-                MAC2STR(hapd->own_addr), hapd->conf->ssid.ssid);
+       os_snprintf(buf, sizeof(buf), RADIUS_802_1X_ADDR_FORMAT ":%s",
+                   MAC2STR(hapd->own_addr), hapd->conf->ssid.ssid);
        if (!radius_msg_add_attr(msg, RADIUS_ATTR_CALLED_STATION_ID,
-                                (u8 *) buf, strlen(buf))) {
+                                (u8 *) buf, os_strlen(buf))) {
                printf("Could not add Called-Station-Id\n");
                goto fail;
        }
 
        if (sta) {
-               snprintf(buf, sizeof(buf), RADIUS_802_1X_ADDR_FORMAT,
-                        MAC2STR(sta->addr));
+               os_snprintf(buf, sizeof(buf), RADIUS_802_1X_ADDR_FORMAT,
+                           MAC2STR(sta->addr));
                if (!radius_msg_add_attr(msg, RADIUS_ATTR_CALLING_STATION_ID,
-                                        (u8 *) buf, strlen(buf))) {
+                                        (u8 *) buf, os_strlen(buf))) {
                        printf("Could not add Calling-Station-Id\n");
                        goto fail;
                }
@@ -149,12 +147,12 @@ static struct radius_msg * accounting_msg(struct hostapd_data *hapd,
                        goto fail;
                }
 
-               snprintf(buf, sizeof(buf), "CONNECT %d%sMbps %s",
-                        radius_sta_rate(hapd, sta) / 2,
-                        (radius_sta_rate(hapd, sta) & 1) ? ".5" : "",
-                        radius_mode_txt(hapd));
+               os_snprintf(buf, sizeof(buf), "CONNECT %d%sMbps %s",
+                           radius_sta_rate(hapd, sta) / 2,
+                           (radius_sta_rate(hapd, sta) & 1) ? ".5" : "",
+                           radius_mode_txt(hapd));
                if (!radius_msg_add_attr(msg, RADIUS_ATTR_CONNECT_INFO,
-                                        (u8 *) buf, strlen(buf))) {
+                                        (u8 *) buf, os_strlen(buf))) {
                        printf("Could not add Connect-Info\n");
                        goto fail;
                }
@@ -177,7 +175,7 @@ static struct radius_msg * accounting_msg(struct hostapd_data *hapd,
 
  fail:
        radius_msg_free(msg);
-       free(msg);
+       os_free(msg);
        return NULL;
 }
 
@@ -227,6 +225,11 @@ static void accounting_interim_update(void *eloop_ctx, void *timeout_ctx)
 }
 
 
+/**
+ * accounting_sta_start - Start STA accounting
+ * @hapd: hostapd BSS data
+ * @sta: The station
+ */
 void accounting_sta_start(struct hostapd_data *hapd, struct sta_info *sta)
 {
        struct radius_msg *msg;
@@ -235,6 +238,12 @@ void accounting_sta_start(struct hostapd_data *hapd, struct sta_info *sta)
        if (sta->acct_session_started)
                return;
 
+       accounting_sta_get_id(hapd, sta);
+       hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_RADIUS,
+                      HOSTAPD_LEVEL_INFO,
+                      "starting accounting session %08X-%08X",
+                      sta->acct_session_id_hi, sta->acct_session_id_lo);
+
        time(&sta->acct_session_start);
        sta->last_rx_bytes = sta->last_tx_bytes = 0;
        sta->acct_input_gigawords = sta->acct_output_gigawords = 0;
@@ -258,8 +267,8 @@ void accounting_sta_start(struct hostapd_data *hapd, struct sta_info *sta)
 }
 
 
-void accounting_sta_report(struct