From: Jan Lentfer <Jan.Lentfer@web.de>
Date: Thu, 4 Feb 2010 15:57:55 +0000 (+0100)
Subject: wpa_supplicant/hostapd: Update to 0.6.10
X-Git-Tag: v2.7.1~146^2~2
X-Git-Url: https://gitweb.dragonflybsd.org/dragonfly.git/commitdiff_plain/8a529442d17a2834fb5efc3687ad12ecd598c12c

wpa_supplicant/hostapd: Update to 0.6.10
---

diff --git a/usr.sbin/802_11/Makefile.inc b/usr.sbin/802_11/Makefile.inc
index 5b4af7a2f1..b5b07da336 100644
--- a/usr.sbin/802_11/Makefile.inc
+++ b/usr.sbin/802_11/Makefile.inc
@@ -1,5 +1,27 @@
 # $DragonFly: src/usr.sbin/802_11/Makefile.inc,v 1.1 2006/06/24 07:29:44 sephe Exp $
 
+CONTRIBDIR= ${.CURDIR}/../../../contrib
+WPA_DISTDIR=${CONTRIBDIR}/wpa_supplicant
+HOSTAPD_DISTDIR=${CONTRIBDIR}/hostapd
+
+.PATH.c:	${.CURDIR}/.. \
+		${WPA_DISTDIR}/src/common \
+		${WPA_DISTDIR}/src/crypto \
+		${WPA_DISTDIR}/src/eap_common \
+		${WPA_DISTDIR}/src/eapol_supp \
+		${WPA_DISTDIR}/src/l2_packet \
+		${WPA_DISTDIR}/src/utils
+
+CFLAGS+=-I${.CURDIR}
+CFLAGS+=-I${WPA_DISTDIR}/src
+CFLAGS+=-I${WPA_DISTDIR}/src/common
+CFLAGS+=-I${WPA_DISTDIR}/src/crypto
+CFLAGS+=-I${WPA_DISTDIR}/src/l2_packet
+CFLAGS+=-I${WPA_DISTDIR}/src/utils
+
+CFLAGS+= -DCONFIG_CTRL_IFACE
+CFLAGS+= -DCONFIG_CTRL_IFACE_UNIX
+
 WARNS?=	0
 
 .include "../Makefile.inc"
diff --git a/usr.sbin/802_11/hostapd/Makefile b/usr.sbin/802_11/hostapd/Makefile
index 03581c3f3e..990a8ed5c5 100644
--- a/usr.sbin/802_11/hostapd/Makefile
+++ b/usr.sbin/802_11/hostapd/Makefile
@@ -1,25 +1,33 @@
 # $FreeBSD: src/usr.sbin/wpa/hostapd/Makefile,v 1.3 2007/07/09 16:26:48 sam Exp $
 # $DragonFly: src/usr.sbin/802_11/hostapd/Makefile,v 1.2 2007/08/07 11:25:36 sephe Exp $
 
-CONTRIBDIR= ${.CURDIR}/../../../contrib/hostapd
-.PATH: ${.CURDIR}/.. ${CONTRIBDIR}
+.include "${.CURDIR}/../Makefile.inc"
+.PATH.c:	${.CURDIR}/.. ${HOSTAPD_DISTDIR}/hostapd \
+		${HOSTAPD_DISTDIR}/src/eap_server \
+		${HOSTAPD_DISTDIR}/src/radius
+
 
 PROG=	hostapd
-SRCS=	hostapd.c eloop.c ieee802_1x.c eapol_sm.c radius.c md5.c rc4.c \
-	common.c ieee802_11.c config.c ieee802_11_auth.c accounting.c \
-	sta_info.c radius_client.c sha1.c wpa.c aes_wrap.c tls_none.c \
-	ctrl_iface.c driver_conf.c os_unix.c preauth.c pmksa_cache.c \
-	beacon.c hw_features.c wme.c ap_list.c reconfig.c mlme.c \
-	vlan_init.c ieee802_11h.c l2_packet.c driver_dragonfly.c
-SRCS+=	os_unix.c.patch
+SRCS=	accounting.c aes.c aes_wrap.c ap_list.c beacon.c common.c \
+	config.c ctrl_iface.c drivers.c eapol_sm.c eap.c eap_common.c \
+	eap_identity.c eap_methods.c eloop.c hostapd.c \
+	hw_features.c ieee802_11.c ieee802_11_common.c ieee802_11_auth.c \
+	ieee802_1x.c ip_addr.c md5.c mlme.c pmksa_cache.c radius.c \
+	radius_client.c rc4.c sha1.c sta_info.c vlan_init.c wme.c \
+	wpa.c wpa_auth_ie.c wpa_common.c wpa_debug.c wpabuf.c
+SRCS+=	l2_packet.c driver_dragonfly.c os_unix.c
+SRCS+=	tls_none.c
+
 CLEANFILES=driver_conf.c
 
 MAN=	hostapd.8 hostapd.conf.5
 
-CFLAGS+= -I${CONTRIBDIR}
+CFLAGS+= -I${HOSTAPD_DISTDIR}/hostapd
+CFLAGS+= -I${HOSTAPD_DISTDIR}/src/radius
 CFLAGS+= -DCONFIG_DRIVER_BSD
 CFLAGS+= -DCONFIG_CTRL_IFACE
 CFLAGS+= -DCONFIG_CTRL_IFACE_UNIX
+CFLAGS+= -DEAP_TLS_NONE
 CFLAGS+= -DINTERNAL_AES
 CFLAGS+= -DINTERNAL_SHA1
 CFLAGS+= -DINTERNAL_MD5
diff --git a/usr.sbin/802_11/hostapd/driver_dragonfly.c b/usr.sbin/802_11/hostapd/driver_dragonfly.c
index dc401bc5c5..552fbb5094 100644
--- a/usr.sbin/802_11/hostapd/driver_dragonfly.c
+++ b/usr.sbin/802_11/hostapd/driver_dragonfly.c
@@ -12,10 +12,8 @@
  *
  * See README and COPYING for more details.
  *
- * $FreeBSD: src/usr.sbin/wpa/hostapd/driver_freebsd.c,v 1.6 2007/07/09 16:26:48 sam Exp $
- * $DragonFly: src/usr.sbin/802_11/hostapd/driver_dragonfly.c,v 1.3 2007/08/07 11:25:36 sephe Exp $
+ * $FreeBSD: src/usr.sbin/wpa/hostapd/driver_freebsd.c,v 1.8 2009/03/02 02:28:22 sam Exp $
  */
-#include <sys/endian.h>
 #include <stdlib.h>
 #include <stdio.h>
 #include <unistd.h>
@@ -27,35 +25,39 @@
 #include <net/if.h>
 #include <netinet/in.h>
 
-#include <netproto/802_11/ieee80211.h>
-#include <netproto/802_11/ieee80211_crypto.h>
 #include <netproto/802_11/ieee80211_ioctl.h>
 
+#undef RSN_VERSION
+#undef WPA_VERSION
+#undef WPA_OUI_TYPE
+#undef WME_OUI_TYPE
+
 #include "hostapd.h"
 #include "driver.h"
 #include "ieee802_1x.h"
+#include "ieee802_11_auth.h"
 #include "eloop.h"
 #include "sta_info.h"
-#include "l2_packet.h"
+#include "l2_packet/l2_packet.h"
 
 #include "eapol_sm.h"
 #include "wpa.h"
-#include "radius.h"
+#include "radius/radius.h"
 #include "ieee802_11.h"
 #include "common.h"
 #include "hostap_common.h"
 
 struct bsd_driver_data {
-	struct driver_ops ops;			/* base class */
 	struct hostapd_data *hapd;		/* back pointer */
 
 	char	iface[IFNAMSIZ + 1];
+	unsigned int ifindex;			/* interface index */
 	struct l2_packet_data *sock_xmit;	/* raw packet xmit socket */
 	int	ioctl_sock;			/* socket for ioctl() use */
 	int	wext_sock;			/* socket for wireless events */
 };
 
-static const struct driver_ops bsd_driver_ops;
+static const struct wpa_driver_ops bsd_driver_ops;
 
 static int bsd_sta_deauth(void *priv, const u8 *addr, int reason_code);
 
@@ -124,107 +126,14 @@ ether_sprintf(const u8 *addr)
 	return buf;
 }
 
-/*
- * Configure WPA parameters.
- */
 static int
-bsd_configure_wpa(struct bsd_driver_data *drv)
-{
-	static const char *ciphernames[] =
-	    { "WEP", "TKIP", "AES-OCB", "AES-CCM", "*BAD*", "CKIP", "NONE" };
-	struct hostapd_data *hapd = drv->hapd;
-	struct hostapd_bss_config *conf = hapd->conf;
-	int v;
-
-	switch (conf->wpa_group) {
-	case WPA_CIPHER_CCMP:
-		v = IEEE80211_CIPHER_AES_CCM;
-		break;
-	case WPA_CIPHER_TKIP:
-		v = IEEE80211_CIPHER_TKIP;
-		break;
-	case WPA_CIPHER_WEP104:
-		v = IEEE80211_CIPHER_WEP;
-		break;
-	case WPA_CIPHER_WEP40:
-		v = IEEE80211_CIPHER_WEP;
-		break;
-	case WPA_CIPHER_NONE:
-		v = IEEE80211_CIPHER_NONE;
-		break;
-	default:
-		printf("Unknown group key cipher %u\n",
-			conf->wpa_group);
-		return -1;
-	}
-	HOSTAPD_DEBUG(HOSTAPD_DEBUG_MINIMAL,
-		"%s: group key cipher=%s (%u)\n", __func__, ciphernames[v], v);
-	if (set80211param(drv, IEEE80211_IOC_MCASTCIPHER, v)) {
-		printf("Unable to set group key cipher to %u (%s)\n",
-			v, ciphernames[v]);
-		return -1;
-	}
-	if (v == IEEE80211_CIPHER_WEP) {
-		/* key length is done only for specific ciphers */
-		v = (conf->wpa_group == WPA_CIPHER_WEP104 ? 13 : 5);
-		if (set80211param(drv, IEEE80211_IOC_MCASTKEYLEN, v)) {
-			printf("Unable to set group key length to %u\n", v);
-			return -1;
-		}
-	}
-
-	v = 0;
-	if (conf->wpa_pairwise & WPA_CIPHER_CCMP)
-		v |= 1<<IEEE80211_CIPHER_AES_CCM;
-	if (conf->wpa_pairwise & WPA_CIPHER_TKIP)
-		v |= 1<<IEEE80211_CIPHER_TKIP;
-	if (conf->wpa_pairwise & WPA_CIPHER_NONE)
-		v |= 1<<IEEE80211_CIPHER_NONE;
-	HOSTAPD_DEBUG(HOSTAPD_DEBUG_MINIMAL,
-		"%s: pairwise key ciphers=0x%x\n", __func__, v);
-	if (set80211param(drv, IEEE80211_IOC_UCASTCIPHERS, v)) {
-		printf("Unable to set pairwise key ciphers to 0x%x\n", v);
-		return -1;
-	}
-
-	HOSTAPD_DEBUG(HOSTAPD_DEBUG_MINIMAL,
-		"%s: key management algorithms=0x%x\n",
-		__func__, conf->wpa_key_mgmt);
-	if (set80211param(drv, IEEE80211_IOC_KEYMGTALGS, conf->wpa_key_mgmt)) {
-		printf("Unable to set key management algorithms to 0x%x\n",
-			conf->wpa_key_mgmt);
-		return -1;
-	}
-
-	v = 0;
-	if (conf->rsn_preauth)
-		v |= BIT(0);
-	HOSTAPD_DEBUG(HOSTAPD_DEBUG_MINIMAL,
-		"%s: rsn capabilities=0x%x\n", __func__, conf->rsn_preauth);
-	if (set80211param(drv, IEEE80211_IOC_RSNCAPS, v)) {
-		printf("Unable to set RSN capabilities to 0x%x\n", v);
-		return -1;
-	}
-
-	HOSTAPD_DEBUG(HOSTAPD_DEBUG_MINIMAL,
-		"%s: enable WPA= 0x%x\n", __func__, conf->wpa);
-	if (set80211param(drv, IEEE80211_IOC_WPA, conf->wpa)) {
-		printf("Unable to set WPA to %u\n", conf->wpa);
-		return -1;
-	}
-	return 0;
-}
-
-
-static int
-bsd_set_iface_flags(void *priv, int dev_up)
+bsd_set_iface_flags(void *priv, int flags)
 {
 	struct bsd_driver_data *drv = priv;
 	struct hostapd_data *hapd = drv->hapd;
 	struct ifreq ifr;
 
-	HOSTAPD_DEBUG(HOSTAPD_DEBUG_VERBOSE,
-		"%s: dev_up=%d\n", __func__, dev_up);
+	wpa_printf(MSG_DEBUG, "%s: flags=0x%x\n", __func__, flags);
 
 	if (drv->ioctl_sock < 0)
 		return -1;
@@ -237,17 +146,23 @@ bsd_set_iface_flags(void *priv, int dev_up)
 		return -1;
 	}
 
-	if (dev_up)
-		ifr.ifr_flags |= IFF_UP;
-	else
-		ifr.ifr_flags &= ~IFF_UP;
+	if (flags < 0) {
+		flags = -flags;
+		if ((ifr.ifr_flags & flags) == 0)
+			return 0;
+		ifr.ifr_flags &= ~flags;
+	} else {
+		if ((ifr.ifr_flags & flags) == flags)
+			return 0;
+		ifr.ifr_flags |= flags;
+	}
 
 	if (ioctl(drv->ioctl_sock, SIOCSIFFLAGS, &ifr) != 0) {
 		perror("ioctl[SIOCSIFFLAGS]");
 		return -1;
 	}
 
-	if (dev_up) {
+	if (flags > 0) {
 		memset(&ifr, 0, sizeof(ifr));
 		snprintf(ifr.ifr_name, IFNAMSIZ, "%s", drv->iface);
 		ifr.ifr_mtu = HOSTAPD_MTU;
@@ -261,6 +176,12 @@ bsd_set_iface_flags(void *priv, int dev_up)
 	return 0;
 }
 
+static int
+bsd_commit(void *priv)
+{
+	return bsd_set_iface_flags(priv, IFF_UP);
+}
+
 static int
 bsd_set_ieee8021x(const char *ifname, void *priv, int enabled)
 {
@@ -268,8 +189,7 @@ bsd_set_ieee8021x(const char *ifname, void *priv, int enabled)
 	struct hostapd_data *hapd = drv->hapd;
 	struct hostapd_bss_config *conf = hapd->conf;
 
-	HOSTAPD_DEBUG(HOSTAPD_DEBUG_VERBOSE,
-		"%s: enabled=%d\n", __func__, enabled);
+	wpa_printf(MSG_DEBUG, "%s: enabled=%d\n", __func__, enabled);
 
 	if (!enabled) {
 		/* XXX restore state */
@@ -281,7 +201,7 @@ bsd_set_ieee8021x(const char *ifname, void *priv, int enabled)
 			HOSTAPD_LEVEL_WARNING, "No 802.1X or WPA enabled!");
 		return -1;
 	}
-	if (conf->wpa && bsd_configure_wpa(drv) != 0) {
+	if (conf->wpa && set80211param(drv, IEEE80211_IOC_WPA, conf->wpa)) {
 		hostapd_logger(hapd, NULL, HOSTAPD_MODULE_DRIVER,
 			HOSTAPD_LEVEL_WARNING, "Error configuring WPA state!");
 		return -1;
@@ -292,7 +212,7 @@ bsd_set_ieee8021x(const char *ifname, void *priv, int enabled)
 			HOSTAPD_LEVEL_WARNING, "Error enabling WPA/802.1X!");
 		return -1;
 	}
-	return bsd_set_iface_flags(priv, 1);
+	return 0;
 }
 
 static int
@@ -301,8 +221,7 @@ bsd_set_privacy(const char *ifname, void *priv, int enabled)
 	struct bsd_driver_data *drv = priv;
 	struct hostapd_data *hapd = drv->hapd;
 
-	HOSTAPD_DEBUG(HOSTAPD_DEBUG_MINIMAL,
-		"%s: enabled=%d\n", __func__, enabled);
+	wpa_printf(MSG_DEBUG, "%s: enabled=%d\n", __func__, enabled);
 
 	return set80211param(priv, IEEE80211_IOC_PRIVACY, enabled);
 }
@@ -314,8 +233,7 @@ bsd_set_sta_authorized(void *priv, const u8 *addr, int authorized)
 	struct hostapd_data *hapd = drv->hapd;
 	struct ieee80211req_mlme mlme;
 
-	HOSTAPD_DEBUG(HOSTAPD_DEBUG_VERBOSE,
-		"%s: addr=%s authorized=%d\n",
+	wpa_printf(MSG_DEBUG, "%s: addr=%s authorized=%d\n",
 		__func__, ether_sprintf(addr), authorized);
 
 	if (authorized)
@@ -328,7 +246,8 @@ bsd_set_sta_authorized(void *priv, const u8 *addr, int authorized)
 }
 
 static int
-bsd_sta_set_flags(void *priv, const u8 *addr, int flags_or, int flags_and)
+bsd_sta_set_flags(void *priv, const u8 *addr, int total_flags,
+	int flags_or, int flags_and)
 {
 	/* For now, only support setting Authorized flag */
 	if (flags_or & WLAN_STA_AUTHORIZED)
@@ -345,8 +264,7 @@ bsd_del_key(void *priv, const unsigned char *addr, int key_idx)
 	struct hostapd_data *hapd = drv->hapd;
 	struct ieee80211req_del_key wk;
 
-	HOSTAPD_DEBUG(HOSTAPD_DEBUG_MINIMAL,
-		"%s: addr=%s key_idx=%d\n",
+	wpa_printf(MSG_DEBUG, "%s: addr=%s key_idx=%d\n",
 		__func__, ether_sprintf(addr), key_idx);
 
 	memset(&wk, 0, sizeof(wk));
@@ -373,8 +291,7 @@ bsd_set_key(const char *ifname, void *priv, const char *alg,
 	if (strcmp(alg, "none") == 0)
 		return bsd_del_key(priv, addr, key_idx);
 
-	HOSTAPD_DEBUG(HOSTAPD_DEBUG_MINIMAL,
-		"%s: alg=%s addr=%s key_idx=%d\n",
+	wpa_printf(MSG_DEBUG, "%s: alg=%s addr=%s key_idx=%d\n",
 		__func__, alg, ether_sprintf(addr), key_idx);
 
 	if (strcmp(alg, "WEP") == 0)
@@ -396,14 +313,16 @@ bsd_set_key(const char *ifname, void *priv, const char *alg,
 
 	memset(&wk, 0, sizeof(wk));
 	wk.ik_type = cipher;
-	wk.ik_flags = IEEE80211_KEY_RECV | IEEE80211_KEY_XMIT;
 	if (addr == NULL) {
 		memset(wk.ik_macaddr, 0xff, IEEE80211_ADDR_LEN);
 		wk.ik_keyix = key_idx;
-		wk.ik_flags |= IEEE80211_KEY_DEFAULT | IEEE80211_KEY_GROUP;
+		wk.ik_flags = IEEE80211_KEY_XMIT
+			    | IEEE80211_KEY_GROUP
+			    | IEEE80211_KEY_DEFAULT;
 	} else {
 		memcpy(wk.ik_macaddr, addr, IEEE80211_ADDR_LEN);
 		wk.ik_keyix = IEEE80211_KEYIX_NONE;
+		wk.ik_flags = IEEE80211_KEY_RECV | IEEE80211_KEY_XMIT;
 	}
 	wk.ik_keylen = key_len;
 	memcpy(wk.ik_keydata, key, key_len);
@@ -420,8 +339,8 @@ bsd_get_seqnum(const char *ifname, void *priv, const u8 *addr, int idx,
 	struct hostapd_data *hapd = drv->hapd;
 	struct ieee80211req_key wk;
 
-	HOSTAPD_DEBUG(HOSTAPD_DEBUG_MINIMAL,
-		"%s: addr=%s idx=%d\n", __func__, ether_sprintf(addr), idx);
+	wpa_printf(MSG_DEBUG, "%s: addr=%s idx=%d\n",
+	    __func__, ether_sprintf(addr), idx);
 
 	memset(&wk, 0, sizeof(wk));
 	if (addr == NULL)
@@ -477,8 +396,7 @@ bsd_sta_clear_stats(void *priv, const u8 *addr)
 	struct hostapd_data *hapd = drv->hapd;
 	struct ieee80211req_sta_stats stats;
 	
-	HOSTAPD_DEBUG(HOSTAPD_DEBUG_MINIMAL, "%s: addr=%s\n",
-		      __func__, ether_sprintf(addr));
+	wpa_printf(MSG_DEBUG, "%s: addr=%s\n", __func__, ether_sprintf(addr));
 
 	/* zero station statistics */
 	memset(&stats, 0, sizeof(stats));
@@ -489,11 +407,11 @@ bsd_sta_clear_stats(void *priv, const u8 *addr)
 static int
 bsd_set_opt_ie(const char *ifname, void *priv, const u8 *ie, size_t ie_len)
 {
-	/*
-	 * Do nothing; we setup parameters at startup that define the
-	 * contents of the beacon information element.
-	 */
-	return 0;
+        /*
+         * Do nothing; we setup parameters at startup that define the
+         * contents of the beacon information element.
+         */
+        return 0;
 }
 
 static int
@@ -503,8 +421,7 @@ bsd_sta_deauth(void *priv, const u8 *addr, int reason_code)
 	struct hostapd_data *hapd = drv->hapd;
 	struct ieee80211req_mlme mlme;
 
-	HOSTAPD_DEBUG(HOSTAPD_DEBUG_MINIMAL,
-		"%s: addr=%s reason_code=%d\n",
+	wpa_printf(MSG_DEBUG, "%s: addr=%s reason_code=%d\n",
 		__func__, ether_sprintf(addr), reason_code);
 
 	mlme.im_op = IEEE80211_MLME_DEAUTH;
@@ -520,8 +437,7 @@ bsd_sta_disassoc(void *priv, const u8 *addr, int reason_code)
 	struct hostapd_data *hapd = drv->hapd;
 	struct ieee80211req_mlme mlme;
 
-	HOSTAPD_DEBUG(HOSTAPD_DEBUG_MINIMAL,
-		"%s: addr=%s reason_code=%d\n",
+	wpa_printf(MSG_DEBUG, "%s: addr=%s reason_code=%d\n",
 		__func__, ether_sprintf(addr), reason_code);
 
 	mlme.im_reason = reason_code;
@@ -589,7 +505,7 @@ bsd_new_sta(struct bsd_driver_data *drv, u8 addr[IEEE80211_ADDR_LEN])
 		}
 		ielen = 2 + ie.wpa_ie[1];
 		res = wpa_validate_wpa_ie(hapd->wpa_auth, sta->wpa_sm,
-					  ie.wpa_ie, ielen);
+					  ie.wpa_ie, ielen, NULL, 0);
 		if (res != WPA_IE_OK) {
 			printf("WPA/RSN information element rejected? "
 				"(res %u)\n", res);
@@ -624,6 +540,9 @@ bsd_wireless_event_receive(int sock, void *ctx, void *sock_ctx)
 	struct ieee80211_michael_event *mic;
 	struct ieee80211_join_event *join;
 	struct ieee80211_leave_event *leave;
+#ifdef CONFIG_DRIVER_RADIUS_ACL
+	struct ieee80211_auth_event *auth;
+#endif
 	int n;
 
 	n = read(sock, buf, sizeof(buf));
@@ -640,6 +559,12 @@ bsd_wireless_event_receive(int sock, void *ctx, void *sock_ctx)
 		return;
 	}
 	ifan = (struct if_announcemsghdr *) rtm;
+	if (ifan->ifan_index != drv->ifindex) {
+		wpa_printf(MSG_DEBUG, "Discard routing message to if#%d "
+			"(not for us %d)\n",
+			ifan->ifan_index, drv->ifindex);
+		return;
+	}
 	switch (rtm->rtm_type) {
 	case RTM_IEEE80211:
 		switch (ifan->ifan_what) {
@@ -670,6 +595,32 @@ bsd_wireless_event_receive(int sock, void *ctx, void *sock_ctx)
 				MAC2STR(mic->iev_src));
 			ieee80211_michael_mic_failure(hapd, mic->iev_src, 1);
 			break;
+#ifdef CONFIG_DRIVER_RADIUS_ACL
+		case RTM_IEEE80211_AUTH:
+			auth = (struct ieee80211_auth_event *) &ifan[1];
+			wpa_printf(MSG_DEBUG, "802.11 AUTH, STA = " MACSTR,
+			    MAC2STR(auth->iev_addr));
+			n = hostapd_allowed_address(hapd, auth->iev_addr,
+				NULL, 0, NULL, NULL, NULL);
+			switch (n) {
+			case HOSTAPD_ACL_ACCEPT:
+			case HOSTAPD_ACL_REJECT:
+				hostapd_set_radius_acl_auth(hapd,
+				    auth->iev_addr, n, 0);
+				wpa_printf(MSG_DEBUG,
+				    "802.11 AUTH, STA = " MACSTR " hostapd says: %s",
+				    MAC2STR(auth->iev_addr),
+				    (n == HOSTAPD_ACL_ACCEPT ?
+					"ACCEPT" : "REJECT" ));
+				break;
+			case HOSTAPD_ACL_PENDING:
+				wpa_printf(MSG_DEBUG,
+				    "802.11 AUTH, STA = " MACSTR " pending",
+				    MAC2STR(auth->iev_addr));
+				break;
+			}
+			break;
+#endif /* CONFIG_DRIVER_RADIUS_ACL */
 		}
 		break;
 	}
@@ -775,8 +726,7 @@ bsd_get_ssid(const char *ifname, void *priv, u8 *buf, int len)
 	struct hostapd_data *hapd = drv->hapd;
 	int ssid_len = get80211var(priv, IEEE80211_IOC_SSID, buf, len);
 
-	HOSTAPD_DEBUG(HOSTAPD_DEBUG_MINIMAL, "%s: ssid=\"%.*s\"\n",
-		__func__, ssid_len, buf);
+	wpa_printf(MSG_DEBUG, "%s: ssid=\"%.*s\"\n", __func__, ssid_len, buf);
 
 	return ssid_len;
 }
@@ -787,8 +737,7 @@ bsd_set_ssid(const char *ifname, void *priv, const u8 *buf, int len)
 	struct bsd_driver_data *drv = priv;
 	struct hostapd_data *hapd = drv->hapd;
 
-	HOSTAPD_DEBUG(HOSTAPD_DEBUG_MINIMAL, "%s: ssid=\"%.*s\"\n",
-		__func__, len, buf);
+	wpa_printf(MSG_DEBUG, "%s: ssid=\"%.*s\"\n", __func__, len, buf);
 
 	return set80211var(priv, IEEE80211_IOC_SSID, buf, len);
 }
@@ -802,7 +751,68 @@ bsd_set_countermeasures(void *priv, int enabled)
 	return set80211param(drv, IEEE80211_IOC_COUNTERMEASURES, enabled);
 }
 
+#ifdef CONFIG_DRIVER_RADIUS_ACL
+static int 
+bsd_set_radius_acl_auth(void *priv, const u8 *mac, int accepted, 
+	u32 session_timeout)
+{
+	struct bsd_driver_data *drv = priv;
+	struct hostapd_data *hapd = drv->hapd;
+	struct ieee80211req_mlme mlme;
+
+	switch (accepted) {
+	case HOSTAPD_ACL_ACCEPT_TIMEOUT:
+		wpa_printf(MSG_DEBUG, "[%s] STA " MACSTR 
+			" has been accepted by RADIUS ACL with timeout "
+			"of %d.\n", hapd->conf->iface, MAC2STR(mac), 
+			session_timeout);
+		mlme.im_reason = IEEE80211_STATUS_SUCCESS;
+		break;
+	case HOSTAPD_ACL_ACCEPT:
+		wpa_printf(MSG_DEBUG, "[%s] STA " MACSTR 
+			" has been accepted by RADIUS ACL.\n", 
+			hapd->conf->iface, MAC2STR(mac));
+		mlme.im_reason = IEEE80211_STATUS_SUCCESS;
+		break;
+	case HOSTAPD_ACL_REJECT:
+		wpa_printf(MSG_DEBUG, "[%s] STA " MACSTR 
+			" has been rejected by RADIUS ACL.\n", 
+			hapd->conf->iface, MAC2STR(mac));
+		mlme.im_reason = IEEE80211_STATUS_UNSPECIFIED;
+		break;
+	default:
+		wpa_printf(MSG_ERROR, "[%s] STA " MACSTR 
+			" has unknown status (%d) by RADIUS ACL.  "
+			"Nothing to do...\n", hapd->conf->iface, 
+			MAC2STR(mac), accepted);
+		return 0;
+	}
+	memset(&mlme, 0, sizeof(mlme));
+	mlme.im_op = IEEE80211_MLME_AUTH;
+	memcpy(mlme.im_macaddr, mac, IEEE80211_ADDR_LEN);
+	return set80211var(drv, IEEE80211_IOC_MLME, &mlme, sizeof(mlme));
+}
+
 static int
+bsd_set_radius_acl_expire(void *priv, const u8 *mac)
+{
+	struct bsd_driver_data *drv = priv;
+	struct hostapd_data *hapd = drv->hapd;
+
+	/*
+	 * The expiry of the MAC address from RADIUS ACL cache doesn't mean 
+	 * that we should kick off the client.  Our current approach doesn't 
+	 * require adding/removing entries from an allow/deny list; so this
+	 * function is likely unecessary
+	 */
+	wpa_printf(MSG_DEBUG, "[%s] STA " MACSTR " radius acl cache "
+		"expired; nothing to do...", hapd->conf->iface, 
+		MAC2STR(mac));
+	return 0;
+}
+#endif /* CONFIG_DRIVER_RADIUS_ACL */
+
+static void *
 bsd_init(struct hostapd_data *hapd)
 {
 	struct bsd_driver_data *drv;
@@ -814,7 +824,6 @@ bsd_init(struct hostapd_data *hapd)
 	}
 
 	memset(drv, 0, sizeof(*drv));
-	drv->ops = bsd_driver_ops;
 	drv->hapd = hapd;
 	drv->ioctl_sock = socket(PF_INET, SOCK_DGRAM, 0);
 	if (drv->ioctl_sock < 0) {
@@ -822,6 +831,18 @@ bsd_init(struct hostapd_data *hapd)
 		goto bad;
 	}
 	memcpy(drv->iface, hapd->conf->iface, sizeof(drv->iface));
+	/*
+	 * NB: We require the interface name be mappable to an index.
+	 *     This implies we do not support having wpa_supplicant
+	 *     wait for an interface to appear.  This seems ok; that
+	 *     doesn't belong here; it's really the job of devd.
+	 *     XXXSCW: devd is FreeBSD-specific.
+	 */
+	drv->ifindex = if_nametoindex(drv->iface);
+	if (drv->ifindex == 0) {
+		printf("%s: interface %s does not exist", __func__, drv->iface);
+		goto bad;
+	}
 
 	drv->sock_xmit = l2_packet_init(drv->iface, NULL, ETH_P_EAPOL,
 					handle_read, drv, 1);
@@ -830,10 +851,9 @@ bsd_init(struct hostapd_data *hapd)
 	if (l2_packet_get_own_addr(drv->sock_xmit, hapd->own_addr))
 		goto bad;
 
-	bsd_set_iface_flags(drv, 0);	/* mark down during setup */
+	bsd_set_iface_flags(drv, -IFF_UP);	/* mark down during setup */
 
-	hapd->driver = &drv->ops;
-	return 0;
+	return drv;
 bad:
 	if (drv != NULL) {
 		if (drv->sock_xmit != NULL)
@@ -842,7 +862,7 @@ bad:
 			close(drv->ioctl_sock);
 		free(drv);
 	}
-	return -1;
+	return NULL;
 }
 
 
@@ -851,9 +871,7 @@ bsd_deinit(void *priv)
 {
 	struct bsd_driver_data *drv = priv;
 
-	drv->hapd->driver = NULL;
-
-	(void) bsd_set_iface_flags(drv, 0);
+	(void) bsd_set_iface_flags(drv, -IFF_UP);
 	if (drv->ioctl_sock >= 0)
 		close(drv->ioctl_sock);
 	if (drv->sock_xmit != NULL)
@@ -861,7 +879,7 @@ bsd_deinit(void *priv)
 	free(drv);
 }
 
-static const struct driver_ops bsd_driver_ops = {
+const struct wpa_driver_ops wpa_driver_bsd_ops = {
 	.name			= "bsd",
 	.init			= bsd_init,
 	.deinit			= bsd_deinit,
@@ -882,9 +900,9 @@ static const struct driver_ops bsd_driver_ops = {
 	.get_ssid		= bsd_get_ssid,
 	.set_countermeasures	= bsd_set_countermeasures,
 	.sta_clear_stats        = bsd_sta_clear_stats,
+	.commit			= bsd_commit,
+#ifdef CONFIG_DRIVER_RADIUS_ACL
+	.set_radius_acl_auth	= bsd_set_radius_acl_auth,
+	.set_radius_acl_expire	= bsd_set_radius_acl_expire,
+#endif
 };
-
-void bsd_driver_register(void)
-{
-	driver_register(bsd_driver_ops.name, &bsd_driver_ops);
-}
diff --git a/usr.sbin/802_11/hostapd_cli/Makefile b/usr.sbin/802_11/hostapd_cli/Makefile
index 36311836ff..a5b92cccc7 100644
--- a/usr.sbin/802_11/hostapd_cli/Makefile
+++ b/usr.sbin/802_11/hostapd_cli/Makefile
@@ -1,10 +1,11 @@
 # $FreeBSD: src/usr.sbin/wpa/hostapd_cli/Makefile,v 1.4 2007/07/09 16:26:48 sam Exp $
 # $DragonFly: src/usr.sbin/802_11/hostapd_cli/Makefile,v 1.2 2007/08/07 11:25:36 sephe Exp $
 
-.PATH: ${.CURDIR}/../../../contrib/hostapd
+.include "${.CURDIR}/../Makefile.inc"
+.PATH.c:        ${.CURDIR}/.. ${HOSTAPD_DISTDIR}/hostapd
 
 PROG=	hostapd_cli
-SRCS=	hostapd_cli.c wpa_ctrl.c
+SRCS=	hostapd_cli.c wpa_ctrl.c os_unix.c
 
 CFLAGS+= -DCONFIG_CTRL_IFACE
 CFLAGS+= -DCONFIG_CTRL_IFACE_UNIX
diff --git a/usr.sbin/802_11/os_unix.c.patch b/usr.sbin/802_11/os_unix.c.patch
deleted file mode 100644
index 137117ce82..0000000000
--- a/usr.sbin/802_11/os_unix.c.patch
+++ /dev/null
@@ -1,13 +0,0 @@
-$DragonFly: src/usr.sbin/802_11/os_unix.c.patch,v 1.1 2007/08/07 11:25:36 sephe Exp $
-diff -urp hostapd-0.5.8/os_unix.c /usr/src/contrib/hostapd-0.5.8/os_unix.c
---- os_unix.c	2007-03-25 10:09:43.000000000 +0800
-+++ os_unix.c	2007-07-22 12:17:04.000000000 +0800
-@@ -171,7 +171,7 @@ int os_setenv(const char *name, const ch
- 
- int os_unsetenv(const char *name)
- {
--#if defined(__FreeBSD__) || defined(__NetBSD__)
-+#if defined(__FreeBSD__) || defined(__NetBSD__) || defined(__DragonFly__)
- 	unsetenv(name);
- 	return 0;
- #else
diff --git a/usr.sbin/802_11/wpa_cli/Makefile b/usr.sbin/802_11/wpa_cli/Makefile
index a8f1fbc5e8..d44ac253d3 100644
--- a/usr.sbin/802_11/wpa_cli/Makefile
+++ b/usr.sbin/802_11/wpa_cli/Makefile
@@ -1,14 +1,14 @@
 # $FreeBSD: src/usr.sbin/wpa/wpa_cli/Makefile,v 1.3 2007/07/11 16:04:07 sam Exp $
 # $DragonFly: src/usr.sbin/802_11/wpa_cli/Makefile,v 1.2 2007/08/07 11:25:36 sephe Exp $
 
-CONTRIBDIR= ${.CURDIR}/../../../contrib/wpa_supplicant
-.PATH: ${.CURDIR}/.. ${CONTRIBDIR}
+.include "${.CURDIR}/../Makefile.inc"
 
+.PATH.c:	${.CURDIR}/..  \
+		${WPA_DISTDIR}/wpa_supplicant
 PROG=	wpa_cli
 SRCS=	wpa_cli.c wpa_ctrl.c os_unix.c
-SRCS+=	os_unix.c.patch
 
-CFLAGS+= -I${CONTRIBDIR}
+CFLAGS+= -I${WPA_DISTDIR}
 CFLAGS+= -DCONFIG_CTRL_IFACE
 CFLAGS+= -DCONFIG_CTRL_IFACE_UNIX
 
diff --git a/usr.sbin/802_11/wpa_supplicant/Makefile b/usr.sbin/802_11/wpa_supplicant/Makefile
index 08e18d70d5..e32d5a7b3c 100644
--- a/usr.sbin/802_11/wpa_supplicant/Makefile
+++ b/usr.sbin/802_11/wpa_supplicant/Makefile
@@ -1,26 +1,34 @@
 # $FreeBSD: src/usr.sbin/wpa/wpa_supplicant/Makefile,v 1.9 2007/07/11 16:04:08 sam Exp $
 # $DragonFly: src/usr.sbin/802_11/wpa_supplicant/Makefile,v 1.2 2007/08/07 11:25:36 sephe Exp $
 
-CONTRIBDIR= ${.CURDIR}/../../../contrib/wpa_supplicant
-.PATH:	${.CURDIR}/.. ${CONTRIBDIR}
+.include "${.CURDIR}/../Makefile.inc"
+
+.PATH.c:	${WPA_DISTDIR}/wpa_supplicant \
+		${WPA_DISTDIR}/src/drivers \
+		${WPA_DISTDIR}/src/eap_peer \
+		${WPA_DISTDIR}/src/rsn_supp
 
 PROG=	wpa_supplicant
-SRCS=	config.c eloop.c common.c md5.c rc4.c sha1.c aes_wrap.c \
-	wpa_supplicant.c events.c wpa.c preauth.c pmksa_cache.c \
-	ctrl_iface.c ctrl_iface_unix.c l2_packet.c main.c drivers.c \
-	Packet32.c os_unix.c
-SRCS+=	driver_dragonfly.c driver_wired.c driver_ndis.c
-SRCS+=	os_unix.c.patch driver_wired.c.patch events.c.patch
+SRCS=	aes.c aes_wrap.c blacklist.c common.c config.c ctrl_iface.c \
+	ctrl_iface_unix.c drivers.c eloop.c events.c l2_packet.c main.c \
+	md5.c preauth.c pmksa_cache.c rc4.c scan.c scan_helpers.c sha1.c \
+	wpa.c wpa_common.c wpa_debug.c wpa_ie.c wpa_supplicant.c \
+	wpabuf.c wpas_glue.c \
+	driver_ndis.c Packet32.c \
+	driver_wired.c \
+	driver_dragonfly.c os_unix.c
+#SRCS+=	driver_wired.c.patch events.c.patch
 
 MAN=	wpa_supplicant.8 wpa_supplicant.conf.5
 
-CFLAGS+= -I${.CURDIR} -I${CONTRIBDIR}
+CFLAGS+= -I${.CURDIR} -I${WPA_DISTDIR}
+CFLAGS+= -I${WPA_DISTDIR}/src/drivers
+CFLAGS+= -I${WPA_DISTDIR}/src/rsn_supp
 CFLAGS+= -DCONFIG_DRIVER_BSD
 CFLAGS+= -DCONFIG_DRIVER_NDIS
 CFLAGS+= -DCONFIG_DRIVER_WIRED
-CFLAGS+= -DCONFIG_CTRL_IFACE
-CFLAGS+= -DCONFIG_CTRL_IFACE_UNIX
 CFLAGS+= -DCONFIG_TERMINATE_ONLASTIF
+CFLAGS+= -g
 DPADD+=	${LIBPCAP}
 LDADD+=	-lpcap
 
@@ -29,19 +37,31 @@ SRCS+=	config_file.c base64.c
 CFLAGS+=-DCONFIG_BACKEND_FILE
 
 .if !defined(NO_WPA_SUPPLICANT_EAPOL)
-SRCS+=	eapol_sm.c eap.c eap_methods.c
+.PATH: ${.CURDIR}/.. ${WPA_DISTDIR}/src/eapol_supp
+.PATH: ${.CURDIR}/.. ${WPA_DISTDIR}/src/eap_peer
+SRCS+=	eapol_supp_sm.c eap.c eap_common.c eap_methods.c
 CFLAGS+= -DIEEE8021X_EAPOL
 
 .if !defined(NO_CRYPT) && !defined(NO_OPENSSL)
+.PATH:  ${.CURDIR}/.. ${WPA_DISTDIR}/src/eap_common
+.PATH:  ${.CURDIR}/.. ${WPA_DISTDIR}/eap_peer/
 CFLAGS+=-DEAP_TLS -DEAP_PEAP -DEAP_MSCHAPv2 -DEAP_LEAP -DEAP_PSK \
 	-DEAP_TLV -DEAP_TLS_FUNCS
-SRCS+=	eap_tls.c eap_peap.c eap_mschapv2.c eap_leap.c \
+SRCS+=	chap.c crypto_openssl.c \
+	eap_leap.c \
+	eap_mschapv2.c \
+	eap_peap.c eap_peap_common.c \
 	eap_psk.c eap_psk_common.c \
-	eap_tlv.c eap_tls_common.c tls_openssl.c ms_funcs.c crypto.c
+	eap_tls.c eap_tls_common.c \
+	mschapv2.c ms_funcs.c tls_openssl.c
 
 CFLAGS+=-DEAP_TTLS -DEAP_MD5
 SRCS+=	eap_ttls.c eap_md5.c
 
+.if !empty(CFLAGS:M*-DEAP_GTC)
+SRCS+=	eap_gtc.c
+.endif
+
 # NB: requires patch to openssl
 #CFLAGS+= -DEAP_FAST
 #SRCS+=	eap_fast.c
diff --git a/usr.sbin/802_11/wpa_supplicant/driver_dragonfly.c b/usr.sbin/802_11/wpa_supplicant/driver_dragonfly.c
index e43d45ede3..736fc4ac61 100644
--- a/usr.sbin/802_11/wpa_supplicant/driver_dragonfly.c
+++ b/usr.sbin/802_11/wpa_supplicant/driver_dragonfly.c
@@ -25,9 +25,8 @@
 #include "common.h"
 #include "driver.h"
 #include "eloop.h"
-#include "wpa_supplicant.h"
 #include "l2_packet.h"
-#include "wpa.h"			/* XXX for RSN_INFO_ELEM */
+#include "ieee802_11_defs.h"
 
 #include <sys/socket.h>
 #include <net/if.h>
@@ -403,7 +402,7 @@ wpa_driver_bsd_associate(void *priv, struct wpa_driver_associate_params *params)
 
 	if (params->wpa_ie_len &&
 	    set80211param(drv, IEEE80211_IOC_WPA,
-			  params->wpa_ie[0] == RSN_INFO_ELEM ? 2 : 1) < 0)
+			  params->wpa_ie[0] == WLAN_EID_RSN ? 2 : 1) < 0)
 		return -1;
 
 	memset(&mlme, 0, sizeof(mlme));
diff --git a/usr.sbin/802_11/wpa_supplicant/ntddndis.h b/usr.sbin/802_11/wpa_supplicant/ntddndis.h
index 1cfb20198c..e6336b1973 100644
--- a/usr.sbin/802_11/wpa_supplicant/ntddndis.h
+++ b/usr.sbin/802_11/wpa_supplicant/ntddndis.h
@@ -28,5 +28,7 @@ typedef char * PCHAR;
 #define FALSE 0
 
 #define OID_802_3_CURRENT_ADDRESS               0x01010102
+#define	OID_802_3_MULTICAST_LIST		0x01010103
+
 
 #endif /* _NTDDNDIS_H_ */