openkylin
/
wpa
mirror of https://gitee.com/openkylin/wpa.git
9
0
Fork 0
Code Issues Projects Releases Wiki Activity

merge debian connect

This commit is contained in:
武丹 2023-03-31 11:27:43 +08:00
parent ba53ce4933
commit 010bc19ccb
67 changed files with 6157 additions and 21 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

39
debian/NEWS vendored Normal file
View File

@ -0,0 +1,39 @@
wpasupplicant (2:2.6-19) unstable; urgency=medium
With this release, wpasupplicant no longer respects the system
default minimum TLS version, defaulting to TLSv1.0, not TLSv1.2. If
you're sure you will never connect to EAP networks requiring anything less
than 1.2, add this to your wpasupplicant configuration:
tls_disable_tlsv1_0=1
tls_disable_tlsv1_1=1
wpasupplicant also defaults to a security level 1, instead of the system
default 2. Should you need to change that, change this setting in your
wpasupplicant configuration:
openssl_ciphers=DEFAULT@SECLEVEL=2
Unlike wpasupplicant, hostapd still respects system defaults.
-- Andrej Shadura <andrewsh@debian.org> Sat, 15 Dec 2018 14:22:18 +0100
wpasupplicant (0.6.2-1) unstable; urgency=low
The -w (wait for network interface to exist) command line option no longer
exists. If you have scripts that require this option, it is time to change
them, or use one of the two supported modes of operation explained at
/usr/share/doc/wpasupplicant/README.modes.gz.
ifupdown supports hot-plugged network devices via the "allow-hotplug" class
of operation. An example /etc/network/interfaces configuration stanza would
look like:
allow-hotplug wlan0
iface wlan0 inet dhcp
wpa-ssid myssid
wpa-psk mysecretpassphrase
network-manager is also able to handle hot-plugged network devices.
-- Kel Modderman <kel@otaku42.de> Mon, 14 Jan 2008 18:02:17 +1000

9
debian/NetworkManager/no-mac-addr-change.conf vendored Normal file
View File

@ -0,0 +1,9 @@
# Certain drivers are known not to support changing the MAC address.
# Disable touching the MAC address on such devices.
#
# See man NetworkManager.conf
#
# https://bugzilla.gnome.org/show_bug.cgi?id=777523
[device-31-mac-addr-change]
match-device=driver:eagle_sdio,driver:wl
wifi.scan-rand-mac-address=no

130
debian/README.source vendored Normal file
View File

@ -0,0 +1,130 @@
"wpa" sources for Debian
------------------------
**WARNING**: THIS IS OUTDATED; check debian/watch for the actual URLs.
This "wpa" source package merges wpa_supplicant and hostapd sources, which are
maintained in one source repository[1] upstream and share considerable/
duplicate amounts of source. Starting with the 1.x branch, both wpa_supplicant
and hostapd are built from this common source package for Debian, while not
released together as tarball by upstream, the source can be obtained from the
upstream git repositories.
The preferred way to generate the orig.tar.gz is by calling
$ debian/rules get-orig-source
which will clone the upstream git repository under $TMPDIR, using mktemp(1),
and create a new tarball based on the git tag corresponding to the top most
entry in debian/changelog. This newly generated tarball will be stored as
../wpa_${VERSION}.orig.tar.gz or ../tarballs/wpa_${VERSION}.orig.tar.gz, if
a directory called ../tarballs/ exists. Eventually existing tarballs
corresponding to the current version will not be overwritten.
Required dependencies to generate a new orig.tar.gz:
- a SUSv3 compatible shell, like dash or bash
- dpkg-parsechangelog, available from dpkg-dev
- git
- xz, available from xz-utils or busybox
- mktemp and rm, available from coreutils or busybox
- sed, available from sed or busybox
- tar, available from tar or busybox
It is recommended to base tarballs for development snapshots of "wpa" on
according git tags from the upstream git repository, the available git tags
can be queried by:
$ git clone git://w1.fi/srv/git/hostap-1.git # 1.x branch
or
$ git clone git://w1.fi/srv/git/hostap.git # >= 2.x branches
changing into the corresponding directory (hostap-1 or hostapd) and calling
git tag.
$ cd hostapd-1
$ git tag
hostap_0_6_3
[…]
hostap_1_0
[…]
hostap_1_0_rc3
[…]
The Debian versions for these tags would be 0.6.3-1, 1.0 or 1.0~rc3 in
debian/changelog. Intermediate states between tags or HEAD are usually best
dealt with by creating a patch series based on the newest matching tag.
Exporting commits between "hostap_1_0" and the current git HEAD:
$ git format-patch hostap_1_0..HEAD
Exporting commits between "hostap_1_0_rc3" and "hostap_1_0":
$ git format-patch hostap_1_0_rc3..hostap_1_0
In both cases numbered patches will be dropped in the base directory of the
git clone. These numbered patches can be imported to the Debian package using
standard procedures for "3.0 (quilt)" source packages.
Tarballs can also be created manually from the upstream git repository:
$ git clone git://w1.fi/srv/git/hostap-1.git
$ cd hostap-1
$ git archive \
--format=tar \
--prefix="wpa-1.0/" \
hostap_1_0 \
README COPYING patches src wpa_supplicant hostapd | \
xz -c6 > wpa_1.0.orig.tar.gz
Arbitrary git tags or commit IDs can be used for this purpose.
Upstream git snapshots can be exported by using a specially crafted version
syntax used in the top most (pending) changelog entry. The required syntax for
correctly parsing this is:
<upstream_version>+git<date>.<revision>+<git_hash>-<debian_revision>
upstream_version := [0-9\.]* --> 2.0
date := [0-9]* --> 20131120 (YYYYMMDD)
revision := [0-9]* --> 1
git_hash := [0-9a-f]* --> 594516b
debian_revision := [0-9*] --> 1
e.g.:
2.0+git20131120.1+594516b-1
Technically any incrementing number can be used for <date>, but it's strongly
recommended to use YYYYMMDD (date --utc +%Y%m%d) and follow it by an
strictly incrementing arbitrary revision number (typically '.1'). The supplied
git hash can be abbreviated, but must be unique (see git describe, without
leading 'g').
The debian/rules get-orig-source target will automatically switch between
hostapd-1.git and hostapd.git (for >= 2.0) as needed, but it will only fetch
the explicitly specified version from a properly formatted, top most,
debian/changelog entry; it will not fetch the last upstream release or git
HEAD automatically.
The Debian packaging for wpa_supplicant/ hostapd is maintained in a subversion
repository at:
Vcs-Svn: svn://anonscm.debian.org/svn/pkg-wpa/wpa/trunk/
Vcs-Browser: http://anonscm.debian.org/viewvc/pkg-wpa/wpa/trunk/
The development mailing list and its mailing list archive is located at:
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-wpa-devel
Work for the wpa package can be coordinated on this mailing list through:
Debian wpasupplicant Maintainers <pkg-wpa-devel@lists.alioth.debian.org>
-- Stefan Lippers-Hollmann <s.l-h@gmx.de> Sat, 28 Dec 2013 22:37:03 +0100
[1] http://hostap.epitest.fi/gitweb/gitweb.cgi?p=hostap-1.git [1.x branch]
http://hostap.epitest.fi/gitweb/gitweb.cgi?p=hostap.git [development]

483
debian/changelog.hostapd vendored Normal file
View File

@ -0,0 +1,483 @@
hostapd (1:0.7.3-5) UNRELEASED; urgency=low
* NOT RELEASED YET
* bump standards version to 3.9.3, no changes necessary.
* update dep-5 version to final 1.0:
- add format qualifier
- s/Upstream-Maintainer/Upstream-Contact/
- s/Upstream-Source/Source/
- use "or" instead of "BSD | GPL-2" for dual-licensed sources
- order licenses alphabetically.
- fix lists of copyright holders for the final syntax
- fix license continuation.
-- Stefan Lippers-Hollmann <s.l-h@gmx.de> Mon, 27 Feb 2012 22:07:19 +0100
hostapd (1:0.7.3-4) unstable; urgency=low
* add myself to uploaders.
* add "hostap: Allow linking with libnl-3" from Ben Greear
<greearb@candelatech.com> to allow building against libnl3 3.2.
* switch build dependency from libnl-dev (libnl1) to libnl-3-dev &&
libnl-genl-3-dev accordingly.
* add libpcap-dev and libbsd-dev to kFreeBSD specific build-depends.
* disable IAPP on kFreeBSD, to avoid FTBS.
* restrict hostapd to linux-any and kfreebsd-any, hurd lacks kernel support.
* raise versioned build-dependency to (>= 3.2.3-2~), we need
libnl-genl-3-200-udeb and expect it in /lib/.
* add "For MS-CHAP, convert the password from UTF-8 to UCS-2" from
Evan Broder <ebroder@mokafive.com>, accepted upstream into hostap-1.git
* fix long description, driver_madwifi is no longer enabled, while driver_bsd
got enabled.
-- Stefan Lippers-Hollmann <s.l-h@gmx.de> Tue, 20 Dec 2011 02:51:49 +0100
hostapd (1:0.7.3-3) unstable; urgency=low
[ Kel Modderman ]
* Use /run/sendsigs.omit.d/ for sendsigs omission pid file and depend on
initscripts (>= 2.88dsf-13.3). (Closes: #633026)
* Migrate existing sendsigs omission pid files from /lib/init/rw to /run.
* Add a loop to ifupdown.sh to wait for creation of hostapd pid file before
attempting creation of sensigs omission pid file, in some cases hostapd
daemon can return before creation of the pid file has been written to disk.
* Adjust standards version to 3.9.2, no further changes required to
satisfy that.
* Only test that DAEMON_CONF is set in init.d script, do not test if what is
set is readable (which assumes only one configuration file is being used).
(Closes: #615821)
[ Stefan Lippers-Hollmann ]
* use new anonscm URIs for alioth.
-- Kel Modderman <kel@otaku42.de> Sun, 11 Dec 2011 20:32:06 +1000
hostapd (1:0.7.3-2) unstable; urgency=low
* upload to unstable
-- Jan Dittberner <jandd@debian.org> Sun, 06 Feb 2011 13:20:42 +0100
hostapd (1:0.7.3-1) experimental; urgency=low
* New upstream release, upstream declares this as the new stable release.
* debian/control: update Standards-Version to 3.9.1 (no changes
necessary)
* debian/copyright: include license text of the BSD license variant,
add myself to the list of copyright holders for the debian/* files
* add debian/hostapd.lintian-overrides and install it as
/usr/share/lintian/overrides/hostapd to fix possible-gpl-code-linked-
with-openssl Lintian error
-- Jan Dittberner <jandd@debian.org> Tue, 07 Sep 2010 20:43:01 +0200
hostapd (1:0.7.2-2) experimental; urgency=low
* disable madwifi driver
- remove debian/driver_madwifi
- disable madwifi driver in debian/config/linux
-- Jan Dittberner <jandd@debian.org> Tue, 27 Apr 2010 21:09:08 +0200
hostapd (1:0.7.2-1) experimental; urgency=low
* New upstream release
* debian/control: add myself to Uploaders
* update debian/watch to track version 0.7.x
* disable debian/patches/DTIM.patch that does not apply to current upstream
sources
-- Jan Dittberner <jandd@debian.org> Mon, 26 Apr 2010 20:21:00 +0200
hostapd (1:0.6.10-2) unstable; urgency=low
* Switch to source format 3.0 (quilt).
* Add DTIM.patch, cherry picked from upstream, which works around
problem setting DTIM period too early causing hostapd to bail out
unceremoniously. (Closes: #570116)
* Fix syntax error in ifupdown.sh. (Closes: #571029)
-- Kel Modderman <kel@otaku42.de> Wed, 24 Feb 2010 19:36:11 +1000
hostapd (1:0.6.10-1) unstable; urgency=low
* New upstream release.
- drop all patches applied upstream
* Install hostapd_cli to /usr/sbin/ from /usr/bin/, as it requires
explicit permissions to be usable by non-admin.
* Support the status command in init.d script. Depend on lsb-base (>=
3.2-13) for status_of_proc. Patch thanks to Peter Eisentraut.
(Closes: #535633)
* Add debian/README.source to describe use of quilt patch system.
* Increase Standards-Version to 3.8.4 without extra changes.
* Reduce debian/rules by tweaking the sequence of a few things and
using the --sourcedirectory option of dh in debhelper (>= 7.3.7~).
Build-Depend on that debhelper version.
* No longer install /etc/hostapd/hostapd.conf per default as there are
no sane defaults. Instead provide the configuration as an example
only and take care to remove previously installed conffiles which
remain unedited on upgrade.
* Clean up init.d script a bit by using existence of hostapd daemon
configuration file as defined in /etc/default/hostapd as conditional
for starting instead of magic RUN_DAEMON variable.
* Update README.Debian to contain information about the example
hostapd.conf file.
* Remove Reinhard Tartler from uploaders at his request. Thanks for
past contribution.
* Remove uupdate command from debian/watch, unused by maintainer.
* Adjust debian/watch to scan for the 0.6.X stable releases only.
-- Kel Modderman <kel@otaku42.de> Thu, 11 Feb 2010 14:49:44 +1000
hostapd (1:0.6.9-3) unstable; urgency=low
* Change Maintainer to pkg-wpa-devel team and add Reinhard and myself
to Uploaders to better reflect the organisation which makes the package
available.
* Import upstream patches:
- hostap_reuse_existing_ctrl_iface_socket.patch allows to reuse ctrl
interface sockets left over as result of unclean shutdown
- hostap_reject_conf_without_channel_nl80211.patch adds code to reject
configurations which use nl80211 driver without setting a channel
because this will always fail for the time being
* Build-Depend on quilt >= 0.46-7 for dh integration.
* Update debian/control long description to mention mac80211 based
drivers. Thanks to Jan Braunisch for noticing.
* Also remove reference to the Prism54 driver in package long
description, we do not support it.
-- Kel Modderman <kel@otaku42.de> Sun, 17 May 2009 04:35:12 +1000
hostapd (1:0.6.9-2) unstable; urgency=low
* Enable CONFIG_IEEE80211W, IEEE 802.11w (management frame
protection). (Closes: #522328)
-- Kel Modderman <kel@otaku42.de> Fri, 03 Apr 2009 07:07:06 +1000
hostapd (1:0.6.9-1) unstable; urgency=low
[ Kel Modderman ]
* New upstream release. (Closes: #521142)
* Document copyright errata of hostapd/driver_atheros.c in
debian/copyright.
- activate nl80211 driver backend (Closes: #429734)
- deactivate prism54 driver, it is now working. Do not mention it
in README.Debian (Closes: #475451)
* Add build dependency of libnl-dev (>= 1.1) for the nl80211 driver
backend.
* Remove need for patch system.
- ship madwifi headers in debian/driver_madwifi
- use sed to patch hostapd.conf in order to change /etc/hostapd.* to
/etc/hostapd/*
- copy in build configuration from debian/config/$(DEB_HOST_ARCH_OS)
to hostapd/.config rather than using a patch
* Add support for kfreebsd build by providing debian/config/kfreebsd
without Linux specific build options.
* Use dh-centric debian/rules and build-depend on debhelper (>= 7.0.50)
in order to take advantage of the override_dh_* feature.
* Bump debian/compat to 7.
* Adjust Standards-Version to 3.8.0, no further changes needed.
* Use machine parsable debian/copyright format.
* Add debian/manpages instead of using explicit dh_installmanpages
command in debian/rules.
* Rename debian/lintian-overrides to debian/hostapd.lintian-overrides
so that dh_lintian automatically picks it up.
* Bump Standards-Version to 3.8.1, no other changes required.
* Remove var/run/hostapd and usr/share/lintian/overrides from
debian/dirs. hostapd is able to create its own directory for unix
sockets (and that may be anywhere admin decides) and lintian stuff
is taken care of by debhelper now.
* Update copyright information in debian/ifupdown.sh
[ Faidon Liambotis ]
* Switch Maintainer/Uploaders roles with Kel; he's the de facto maintainer
nowadays, he may as well listed as such.
-- Faidon Liambotis <paravoid@debian.org> Sun, 29 Mar 2009 21:37:22 +0300
hostapd (1:0.5.10-1) unstable; urgency=low
* New upstream release.
* Document the two methods of managing hostapd in README.Debian. Also add a
hint to /etc/default/hostapd to consult README.Debian for more
information. (Closes: #443786)
* Cleanup of debian/rules, actually honor nostrip by specifying default
CFLAGS when invoking make. Remove redundant commented out content.
* Fix incorrect LSB dependency information, hostapd now requires $remote_fs
virtual facility for start and stop. Thanks to Petter Reinholdtsen.
(Closes: #466283)
-- Kel Modderman <kel@otaku42.de> Tue, 11 Mar 2008 12:36:03 +1000
hostapd (1:0.5.9-1) unstable; urgency=low
* New upstream release.
* Bumped to Standards-Version 3.7.3, no changed needed.
* Switched to Vcs-* instead of XS-Vcs.
* Added Homepage field.
* Refer to GPL-2 explicitely, as this is a GPL v2-only software.
* Remove remnants of patches for dscape/mac80211.
* Update to madwifi 0.9.3.3 headers; no functional changes.
-- Faidon Liambotis <paravoid@debian.org> Wed, 12 Dec 2007 03:43:13 +0200
hostapd (1:0.5.8-1) unstable; urgency=low
[ Kel Modderman ]
* New upstream release.
* Add bash script to prepare madwifi_headers.patch.
* patches/20_madwifi_headers.dpatch made from madwifi 0.9.3, which is what
is currently in the archive, and stable upstream release.
(Closes: #408642)
* Rename 21_madwifi_includes.dpatch to 21_madwifi_enable.dpatch.
* Make our new mac80211 header dpatches similar to that of madwifi; keep
upstream include directory tree intact and modify CFLAGS.
* Refresh our build config with upstreams current defconfig.
* CONFIG_STAKEY is deprecated in favour of CONFIG_PEERKEY.
[ Faidon Liambotis ]
* Remove upgrade paths from pre-etch versions, we only support incremental
updates. Fix a lintian error in the process.
* Don't ignore "make clean" errors, if they exist; fixes a lintian warning.
-- Faidon Liambotis <paravoid@debian.org> Tue, 24 Jul 2007 17:43:44 +0300
hostapd (1:0.5.7-1) unstable; urgency=low
* New upstream release.
* Drop backported code included in this upstream release.
* Bump debhelper compat level to 5, no other changes required.
* Include ifupdown integration; it is now possible to start
hostapd via a /etc/network/interfaces line such as:
'hostapd /etc/hostapd/hostapd.conf'
for any given interface. The daemon will start in pre-up phase of ifup,
and be killed in post-down phase of ifdown. A pidfile of
/var/run/hostapd.$IFACE.pid will be created for each interface's daemon.
* Add XS-Vcs fields to debian/control.
* Change of Uploader email address in debian/control.
* Update madwifi includes to r2157 upstream madwifi.org/trunk.
* Update debian/copyright with new upstream URL, contact information and
copyright years.
* Modify debian/watch file for new upstream release URL.
* Make debian/watch version 3, remove useless comments from file.
-- Kel Modderman <kel@otaku42.de> Mon, 09 Apr 2007 18:31:22 +1000
hostapd (1:0.5.5-3.1) unstable; urgency=high
* Non-maintainer upload.
* Urgency high for RC bugfix.
* Backport hostapd.c fix from CVS: (Closes: #398466)
- Allow hostapd_flush_old_stations to fail, otherwise configuration
of unencrypted modes failed with madwifi. (1.168)
The correct setup is handled by the backported fixes in the
previous revision.
-- Matt Brown <mattb@debian.org> Sat, 9 Dec 2006 11:03:47 +1300
hostapd (1:0.5.5-3) unstable; urgency=medium
* Update madwifi headers to r1757.
* Backport driver_madwifi.c fixes from CVS:
- Set forgotten im_op for sta_disassoc handlers (1.49)
- Fixed configuration of unencrypted modes (plaintext and IEEE 802.1X
without WEP) (1.51)
* Urgency medium because of a bugfix revision.
-- Faidon Liambotis <paravoid@debian.org> Sun, 12 Nov 2006 02:37:43 +0200
hostapd (1:0.5.5-2) unstable; urgency=low
* Versioned dependency on lsb-base (>= 3.0-3) for log_daemon_message used in
hostapd init script. (Closes: #386156)
-- Kel Modderman <kelrin@tpg.com.au> Wed, 6 Sep 2006 14:31:14 +1000
hostapd (1:0.5.5-1) unstable; urgency=low
[ Kel Modderman ]
* New upstream release.
* Allow hostapd to install, by first checking for existence of
/etc/hostapd/hostapd.conf before attempting to change permissions.
[ Faidon Liambotis ]
* Also fix ownership of hostapd.conf on upgrades.
-- Faidon Liambotis <paravoid@debian.org> Tue, 29 Aug 2006 15:29:47 +0300
hostapd (1:0.5.4-1) unstable; urgency=low
[ Kel Modderman ]
* New upstream release. (Closes: #378703)
* Add LSB INIT info header to init script, as per specs. Source lsb-base
init functions, use them to report daemon status in a standard way.
(Closes: #376327)
* Add dpatch (30_hostapd_pidfile) to allow hostapd process to create a pid
file when daemonized.
* The init daemon now creates a pid file at /var/run/hostapd.pid.
* Allow multiple configuration files to be given to hostapd via
/etc/default/hostapd, enabling the possibility of managing multiple
interfaces with one process. If the configuration files are not specified
use /etc/hostapd/hostapd.conf to preserve backwards compatability.
This also allows the user to use a single configuration file !=
/etc/hostapd/hostapd.conf. (Closes: #377054)
* Add 'reload' option to init script. Send HUP signal to hostapd, causing it
to reload its configuration file.
* Add some extra DAEMON_OPTIONS hints to the /etc/default/hostapd file.
* Set hostapd.conf permissions to 0600, it may contain sensitive details.
(Closes: #380632)
* Update madwifi headers to r1705. This should ensure maximum compatibility
with the madwifi-source package currently available. (Closes: #384504)
* Slightly change the way madwifi is activated, add an extra CFLAG instead of
hardcoding the paths to the headers in driver_madwifi.c.
* Add myself to uploaders.
[ Faidon Liambotis ]
* Fixes a potential DoS fix in RSN preauthentication (upstream bug #152).
* Add lintian override for hostapd.conf unusual permissions.
* Exclude hostapd.conf from dh_fixperms.
* Fix permissions of hostapd.conf retroactively in upgrades.
-- Faidon Liambotis <paravoid@debian.org> Fri, 25 Aug 2006 04:28:00 +0300
hostapd (1:0.5.3-1) unstable; urgency=low
* New upstream release
- Fix some warnings when compiling with GCC 4.1.
- Adapt 12_conf_etc_hostapd.dpatch to the new hostapd.conf.
* Include the test driver, for debugging purposes. (Closes: #372107)
* Delete unmodified obsolete conffiles when upgrading from a previous
version (namely, hostapd.{accept,deny}).
Thanks to Lars Wirzenius and piuparts! (Closes: #353191)
* Update madwifi-ng headers to version 0.9.0.
* Remove the suggestion of hostap-modules, hostap is merged to the latest
2.6 kernels and it's one of the many options anyway.
* Changed maintainer's e-mail address.
* Updated Standards-Version to 3.7.2, no changes needed.
-- Faidon Liambotis <paravoid@debian.org> Fri, 9 Jun 2006 03:23:23 +0300
hostapd (1:0.5.0-1) unstable; urgency=low
* New upstream release
- Removed patch 01-prism54-hostap_common, merged upstream.
* Update madwifi headers to madwifi-ng, rev1390.
* Updated 'Standards-Version' to 3.6.2.2 (no changes).
-- Faidon Liambotis <faidon@cube.gr> Thu, 5 Jan 2006 02:13:17 +0200
hostapd (1:0.4.5-2) unstable; urgency=low
* No changes, previous version appeared as an NMU.
-- Faidon Liambotis <faidon@cube.gr> Tue, 11 Oct 2005 19:15:27 +0300
hostapd (1:0.4.5-1) unstable; urgency=low
* New upstream release
- added experimental support for EAP-PSK
- added support for WE-19
* Update madwifi headers to the latest CVS. (Closes: #326893)
* README.Debian:
- Document that in-kernel versions of prism54 won't work. (Closes: #315852)
- Mention Prism2/2.5/3.0's STA firmware limitations.
* Updated 'Standards-Version' to 3.6.2.1 (no changes).
-- Faidon Liambotis <faidon@cube.gr> Mon, 10 Oct 2005 15:55:13 +0300
hostapd (1:0.4.2-1) unstable; urgency=low
* New upstream release
- Manpages incorporated upstream.
- Removed patches 01_makefile, 02_conf_wpa_to_hostapd, 03_usage_cleanup,
accepted upstream.
- Adapted patch 21_madwifi_includes
- Added support for RADIUS over IPv6
- Added support for EAP-PAX
* Removed /etc/hostapd/hostapd.accept & hostapd.deny, now shipping all
example configuration files to /usr/share/doc/hostapd/examples/
-- Faidon Liambotis <faidon@cube.gr> Wed, 15 Jun 2005 18:23:33 +0300
hostapd (1:0.3.7-2) unstable; urgency=medium
* Better handling of patching upstream using dpatch.
* Added madwifi support.
Hack stolen from wpasupplicant, thanks to Kyle McMartin.
* Changed hostapd_cli path to /usr/bin/ from /usr/sbin/.
* Report failed start of hostapd when starting from the init.d script.
(Closes: #303206).
* Added hostapd(8) and hostapd_cli(1) manpages.
Now lintian & linda clean ;)
* Cleaned-up hostapd/hostapd_cli usage information.
-- Faidon Liambotis <faidon@cube.gr> Mon, 11 Apr 2005 11:53:58 +0300
hostapd (1:0.3.7-1) unstable; urgency=medium
* New upstream release
- Changed license to Dual GPL/BSD.
- New tool hostapd_cli for command-line administration.
* Adapt description to reflect new features.
* Now Suggesting instead of Recommending hostap-modules, hostapd can now
work with other drivers.
-- Faidon Liambotis <faidon@cube.gr> Wed, 23 Feb 2005 10:12:06 +0200
hostapd (1:0.2.6-1) unstable; urgency=low
* New upstream release.
* Modified description to match v0.2.x features.
* Modified debian/rules to use 'dh_install'.
* Removed source code documentation from /usr/share/doc/.
-- Faidon Liambotis <faidon@cube.gr> Tue, 28 Dec 2004 19:01:26 +0200
hostapd (1:0.2.5-1) unstable; urgency=low
* Adopted by new maintainer (Closes: #265332).
* New upstream release (Closes: #255302).
* Create init.d script disabled by default
via /etc/default/hostapd (Closes: #208027).
* Updated 'Standards-Version' to 3.6.1.
* Other minor bugfixes.
-- Faidon Liambotis <faidon@cube.gr> Thu, 18 Nov 2004 18:11:57 +0200
hostapd (1:0.1.3-2) unstable; urgency=low
* Orphaned
-- Francois Gurin <matrix@debian.org> Thu, 12 Aug 2004 14:18:11 -0400
hostapd (1:0.1.3-1) unstable; urgency=low
* New upstream release
-- Francois Gurin <matrix@debian.org> Sun, 4 Apr 2004 19:05:28 -0400
hostapd (1:0.1.0-4) unstable; urgency=low
* changed depends to recommends.
-- Francois Gurin <matrix@debian.org> Mon, 8 Dec 2003 15:12:45 -0500
hostapd (1:0.1.0-3) unstable; urgency=low
* fixed a pebcak issue with upload
-- Francois Gurin <matrix@debian.org> Mon, 27 Oct 2003 01:37:06 -0500
hostapd (1:0.1.0-2) unstable; urgency=low
* fixed version epoch
-- Francois Gurin <matrix@debian.org> Mon, 27 Oct 2003 00:52:01 -0500
hostapd (0.1.0-1) unstable; urgency=low
* Initial Release.
-- Francois Gurin <matrix@debian.org> Sun, 26 Oct 2003 04:55:36 -0500

3
debian/clean vendored Normal file
View File

@ -0,0 +1,3 @@
wpa_supplicant/.config
hostapd/.config
wpa_supplicant/wpa_supplicant-udeb

401
debian/config/hostapd/kfreebsd vendored Normal file
View File

@ -0,0 +1,401 @@
# Debian hostapd build time configuration
#
# This file lists the configuration options that are used when building the
# hostapd binary. All lines starting with # are ignored. Configuration option
# lines must be commented out complete, if they are not to be included, i.e.,
# just setting VARIABLE=n is not disabling that variable.
#
# This file is included in Makefile, so variables like CFLAGS and LIBS can also
# be modified from here. In most cass, these lines should use += in order not
# to override previous values of the variables.
# Driver interface for Host AP driver
#CONFIG_DRIVER_HOSTAP=y
# Driver interface for wired authenticator
CONFIG_DRIVER_WIRED=y
# Driver interface for drivers using the nl80211 kernel interface
#CONFIG_DRIVER_NL80211=y
# QCA vendor extensions to nl80211
#CONFIG_DRIVER_NL80211_QCA=y
# driver_nl80211.c requires libnl. If you are compiling it yourself
# you may need to point hostapd to your version of libnl.
#
#CFLAGS += -I$<path to libnl include files>
#LIBS += -L$<path to libnl library files>
# Use libnl v2.0 (or 3.0) libraries.
#CONFIG_LIBNL20=y
# Use libnl 3.2 libraries (if this is selected, CONFIG_LIBNL20 is ignored)
#CONFIG_LIBNL32=y
# Driver interface for FreeBSD net80211 layer (e.g., Atheros driver)
CONFIG_DRIVER_BSD=y
#CFLAGS += -I/usr/local/include
#LIBS += -L/usr/local/lib
#LIBS_p += -L/usr/local/lib
#LIBS_c += -L/usr/local/lib
# Driver interface for no driver (e.g., RADIUS server only)
CONFIG_DRIVER_NONE=y
# IEEE 802.11F/IAPP
#CONFIG_IAPP=y
# WPA2/IEEE 802.11i RSN pre-authentication
CONFIG_RSN_PREAUTH=y
# IEEE 802.11w (management frame protection)
CONFIG_IEEE80211W=y
# Support Operating Channel Validation
#CONFIG_OCV=y
# Integrated EAP server
CONFIG_EAP=y
# EAP Re-authentication Protocol (ERP) in integrated EAP server
CONFIG_ERP=y
# EAP-MD5 for the integrated EAP server
CONFIG_EAP_MD5=y
# EAP-TLS for the integrated EAP server
CONFIG_EAP_TLS=y
# EAP-MSCHAPv2 for the integrated EAP server
CONFIG_EAP_MSCHAPV2=y
# EAP-PEAP for the integrated EAP server
CONFIG_EAP_PEAP=y
# EAP-GTC for the integrated EAP server
CONFIG_EAP_GTC=y
# EAP-TTLS for the integrated EAP server
CONFIG_EAP_TTLS=y
# EAP-SIM for the integrated EAP server
CONFIG_EAP_SIM=y
# EAP-AKA for the integrated EAP server
CONFIG_EAP_AKA=y
# EAP-AKA' for the integrated EAP server
# This requires CONFIG_EAP_AKA to be enabled, too.
CONFIG_EAP_AKA_PRIME=y
# EAP-PAX for the integrated EAP server
CONFIG_EAP_PAX=y
# EAP-PSK for the integrated EAP server (this is _not_ needed for WPA-PSK)
CONFIG_EAP_PSK=y
# EAP-pwd for the integrated EAP server (secure authentication with a password)
CONFIG_EAP_PWD=y
# EAP-SAKE for the integrated EAP server
CONFIG_EAP_SAKE=y
# EAP-GPSK for the integrated EAP server
CONFIG_EAP_GPSK=y
# Include support for optional SHA256 cipher suite in EAP-GPSK
CONFIG_EAP_GPSK_SHA256=y
# EAP-FAST for the integrated EAP server
# Note: If OpenSSL is used as the TLS library, OpenSSL 1.0 or newer is needed
# for EAP-FAST support. Older OpenSSL releases would need to be patched, e.g.,
# with openssl-0.9.8x-tls-extensions.patch, to add the needed functions.
CONFIG_EAP_FAST=y
# Wi-Fi Protected Setup (WPS)
CONFIG_WPS=y
# Enable UPnP support for external WPS Registrars
CONFIG_WPS_UPNP=y
# Enable WPS support with NFC config method
CONFIG_WPS_NFC=y
# EAP-IKEv2
CONFIG_EAP_IKEV2=y
# Trusted Network Connect (EAP-TNC)
CONFIG_EAP_TNC=y
# EAP-EKE for the integrated EAP server
CONFIG_EAP_EKE=y
# PKCS#12 (PFX) support (used to read private key and certificate file from
# a file that usually has extension .p12 or .pfx)
CONFIG_PKCS12=y
# RADIUS authentication server. This provides access to the integrated EAP
# server from external hosts using RADIUS.
CONFIG_RADIUS_SERVER=y
# Build IPv6 support for RADIUS operations
CONFIG_IPV6=y
# IEEE Std 802.11r-2008 (Fast BSS Transition)
CONFIG_IEEE80211R=y
# Use the hostapd's IEEE 802.11 authentication (ACL), but without
# the IEEE 802.11 Management capability (e.g., FreeBSD/net80211)
#CONFIG_DRIVER_RADIUS_ACL=y
# IEEE 802.11n (High Throughput) support
CONFIG_IEEE80211N=y
# Wireless Network Management (IEEE Std 802.11v-2011)
# Note: This is experimental and not complete implementation.
CONFIG_WNM=y
# IEEE 802.11ac (Very High Throughput) support
CONFIG_IEEE80211AC=y
# IEEE 802.11ax HE support
# Note: This is experimental and work in progress. The definitions are still
# subject to change and this should not be expected to interoperate with the
# final IEEE 802.11ax version.
#CONFIG_IEEE80211AX=y
# Remove debugging code that is printing out debug messages to stdout.
# This can be used to reduce the size of the hostapd considerably if debugging
# code is not needed.
#CONFIG_NO_STDOUT_DEBUG=y
# Add support for writing debug log to a file: -f /tmp/hostapd.log
# Disabled by default.
CONFIG_DEBUG_FILE=y
# Send debug messages to syslog instead of stdout
#CONFIG_DEBUG_SYSLOG=y
# Add support for sending all debug messages (regardless of debug verbosity)
# to the Linux kernel tracing facility. This helps debug the entire stack by
# making it easy to record everything happening from the driver up into the
# same file, e.g., using trace-cmd.
#CONFIG_DEBUG_LINUX_TRACING=y
# Remove support for RADIUS accounting
#CONFIG_NO_ACCOUNTING=y
# Remove support for RADIUS
#CONFIG_NO_RADIUS=y
# Remove support for VLANs
#CONFIG_NO_VLAN=y
# Enable support for fully dynamic VLANs. This enables hostapd to
# automatically create bridge and VLAN interfaces if necessary.
#CONFIG_FULL_DYNAMIC_VLAN=y
# Use netlink-based kernel API for VLAN operations instead of ioctl()
# Note: This requires libnl 3.1 or newer.
CONFIG_VLAN_NETLINK=y
# Remove support for dumping internal state through control interface commands
# This can be used to reduce binary size at the cost of disabling a debugging
# option.
#CONFIG_NO_DUMP_STATE=y
# Enable tracing code for developer debugging
# This tracks use of memory allocations and other registrations and reports
# incorrect use with a backtrace of call (or allocation) location.
#CONFIG_WPA_TRACE=y
# For BSD, comment out these.
#LIBS += -lexecinfo
#LIBS_p += -lexecinfo
#LIBS_c += -lexecinfo
# Use libbfd to get more details for developer debugging
# This enables use of libbfd to get more detailed symbols for the backtraces
# generated by CONFIG_WPA_TRACE=y.
#CONFIG_WPA_TRACE_BFD=y
# For BSD, comment out these.
#LIBS += -lbfd -liberty -lz
#LIBS_p += -lbfd -liberty -lz
#LIBS_c += -lbfd -liberty -lz
# hostapd depends on strong random number generation being available from the
# operating system. os_get_random() function is used to fetch random data when
# needed, e.g., for key generation. On Linux and BSD systems, this works by
# reading /dev/urandom. It should be noted that the OS entropy pool needs to be
# properly initialized before hostapd is started. This is important especially
# on embedded devices that do not have a hardware random number generator and
# may by default start up with minimal entropy available for random number
# generation.
#
# As a safety net, hostapd is by default trying to internally collect
# additional entropy for generating random data to mix in with the data
# fetched from the OS. This by itself is not considered to be very strong, but
# it may help in cases where the system pool is not initialized properly.
# However, it is very strongly recommended that the system pool is initialized
# with enough entropy either by using hardware assisted random number
# generator or by storing state over device reboots.
#
# hostapd can be configured to maintain its own entropy store over restarts to
# enhance random number generation. This is not perfect, but it is much more
# secure than using the same sequence of random numbers after every reboot.
# This can be enabled with -e<entropy file> command line option. The specified
# file needs to be readable and writable by hostapd.
#
# If the os_get_random() is known to provide strong random data (e.g., on
# Linux/BSD, the board in question is known to have reliable source of random
# data from /dev/urandom), the internal hostapd random pool can be disabled.
# This will save some in binary size and CPU use. However, this should only be
# considered for builds that are known to be used on devices that meet the
# requirements described above.
#CONFIG_NO_RANDOM_POOL=y
# Should we attempt to use the getrandom(2) call that provides more reliable
# yet secure randomness source than /dev/random on Linux 3.17 and newer.
# Requires glibc 2.25 to build, falls back to /dev/random if unavailable.
#CONFIG_GETRANDOM=y
# Should we use poll instead of select? Select is used by default.
#CONFIG_ELOOP_POLL=y
# Should we use epoll instead of select? Select is used by default.
#CONFIG_ELOOP_EPOLL=y
# Should we use kqueue instead of select? Select is used by default.
#CONFIG_ELOOP_KQUEUE=y
# Select TLS implementation
# openssl = OpenSSL (default)
# gnutls = GnuTLS
# internal = Internal TLSv1 implementation (experimental)
# linux = Linux kernel AF_ALG and internal TLSv1 implementation (experimental)
# none = Empty template
CONFIG_TLS=openssl
# TLS-based EAP methods require at least TLS v1.0. Newer version of TLS (v1.1)
# can be enabled to get a stronger construction of messages when block ciphers
# are used.
CONFIG_TLSV11=y
# TLS-based EAP methods require at least TLS v1.0. Newer version of TLS (v1.2)
# can be enabled to enable use of stronger crypto algorithms.
CONFIG_TLSV12=y
# Select which ciphers to use by default with OpenSSL if the user does not
# specify them.
#CONFIG_TLS_DEFAULT_CIPHERS="DEFAULT:!EXP:!LOW"
# If CONFIG_TLS=internal is used, additional library and include paths are
# needed for LibTomMath. Alternatively, an integrated, minimal version of
# LibTomMath can be used. See beginning of libtommath.c for details on benefits
# and drawbacks of this option.
#CONFIG_INTERNAL_LIBTOMMATH=y
#ifndef CONFIG_INTERNAL_LIBTOMMATH
#LTM_PATH=/usr/src/libtommath-0.39
#CFLAGS += -I$(LTM_PATH)
#LIBS += -L$(LTM_PATH)
#LIBS_p += -L$(LTM_PATH)
#endif
# At the cost of about 4 kB of additional binary size, the internal LibTomMath
# can be configured to include faster routines for exptmod, sqr, and div to
# speed up DH and RSA calculation considerably
#CONFIG_INTERNAL_LIBTOMMATH_FAST=y
# Interworking (IEEE 802.11u)
# This can be used to enable functionality to improve interworking with
# external networks.
CONFIG_INTERWORKING=y
# Hotspot 2.0
CONFIG_HS20=y
# Enable SQLite database support in hlr_auc_gw, EAP-SIM DB, and eap_user_file
#CONFIG_SQLITE=y
# Enable Fast Session Transfer (FST)
CONFIG_FST=y
# Enable CLI commands for FST testing
#CONFIG_FST_TEST=y
# Testing options
# This can be used to enable some testing options (see also the example
# configuration file) that are really useful only for testing clients that
# connect to this hostapd. These options allow, for example, to drop a
# certain percentage of probe requests or auth/(re)assoc frames.
#
CONFIG_TESTING_OPTIONS=y
# Automatic Channel Selection
# This will allow hostapd to pick the channel automatically when channel is set
# to "acs_survey" or "0". Eventually, other ACS algorithms can be added in
# similar way.
#
# Automatic selection is currently only done through initialization, later on
# we hope to do background checks to keep us moving to more ideal channels as
# time goes by. ACS is currently only supported through the nl80211 driver and
# your driver must have survey dump capability that is filled by the driver
# during scanning.
#
# You can customize the ACS survey algorithm with the hostapd.conf variable
# acs_num_scans.
#
# Supported ACS drivers:
# * ath9k
# * ath5k
# * ath10k
#
# For more details refer to:
# http://wireless.kernel.org/en/users/Documentation/acs
#
CONFIG_ACS=y
# XXX: Debian #737465
# fix FTBS using gcc-4.8 by linking with -ldl on kfreebsd-any. This is
# already accounted for by the upstream Makefile, however wrongly depending
# on !CONFIG_DRIVER_BSD, while it is actually depending on the target libc
# rather than the kernel.
LIBS += -ldl
# Multiband Operation support
# These extentions facilitate efficient use of multiple frequency bands
# available to the AP and the devices that may associate with it.
CONFIG_MBO=y
# Client Taxonomy
# Has the AP retain the Probe Request and (Re)Association Request frames from
# a client, from which a signature can be produced which can identify the model
# of client device like "Nexus 6P" or "iPhone 5s".
#CONFIG_TAXONOMY=y
# Fast Initial Link Setup (FILS) (IEEE 802.11ai)
CONFIG_FILS=y
# FILS shared key authentication with PFS
CONFIG_FILS_SK_PFS=y
# Include internal line edit mode in hostapd_cli. This can be used to provide
# limited command line editing and history support.
#CONFIG_WPA_CLI_EDIT=y
# Opportunistic Wireless Encryption (OWE)
# Experimental implementation of draft-harkins-owe-07.txt
CONFIG_OWE=y
# Airtime policy support
CONFIG_AIRTIME_POLICY=y
# Device Provisioning Protocol (DPP)
CONFIG_DPP=y
# Simultaneous Authentication of Equals (SAE)
CONFIG_SAE=y
# WPA3-Enterprise (SuiteB-192)
CONFIG_SUITEB=y
CONFIG_SUITEB192=y
# Override default value for the wpa_disable_eapol_key_retries configuration
# parameter. See that parameter in hostapd.conf for more details.
#CFLAGS += -DDEFAULT_WPA_DISABLE_EAPOL_KEY_RETRIES=1

419
debian/config/hostapd/linux vendored Normal file
View File

@ -0,0 +1,419 @@
# Debian hostapd build time configuration
#
# This file lists the configuration options that are used when building the
# hostapd binary. All lines starting with # are ignored. Configuration option
# lines must be commented out complete, if they are not to be included, i.e.,
# just setting VARIABLE=n is not disabling that variable.
#
# This file is included in Makefile, so variables like CFLAGS and LIBS can also
# be modified from here. In most cass, these lines should use += in order not
# to override previous values of the variables.
# Driver interface for Host AP driver
CONFIG_DRIVER_HOSTAP=y
# Driver interface for wired authenticator
CONFIG_DRIVER_WIRED=y
# Driver interface for drivers using the nl80211 kernel interface
CONFIG_DRIVER_NL80211=y
# QCA vendor extensions to nl80211
#CONFIG_DRIVER_NL80211_QCA=y
# driver_nl80211.c requires libnl. If you are compiling it yourself
# you may need to point hostapd to your version of libnl.
#
#CFLAGS += -I$<path to libnl include files>
#LIBS += -L$<path to libnl library files>
# Use libnl v2.0 (or 3.0) libraries.
#CONFIG_LIBNL20=y
# Use libnl 3.2 libraries (if this is selected, CONFIG_LIBNL20 is ignored)
CONFIG_LIBNL32=y
# Driver interface for FreeBSD net80211 layer (e.g., Atheros driver)
#CONFIG_DRIVER_BSD=y
#CFLAGS += -I/usr/local/include
#LIBS += -L/usr/local/lib
#LIBS_p += -L/usr/local/lib
#LIBS_c += -L/usr/local/lib
# Driver interface for no driver (e.g., RADIUS server only)
CONFIG_DRIVER_NONE=y
# IEEE 802.11F/IAPP
CONFIG_IAPP=y
# WPA2/IEEE 802.11i RSN pre-authentication
CONFIG_RSN_PREAUTH=y
# IEEE 802.11w (management frame protection)
CONFIG_IEEE80211W=y
# Support Operating Channel Validation
#CONFIG_OCV=y
# Integrated EAP server
CONFIG_EAP=y
# EAP Re-authentication Protocol (ERP) in integrated EAP server
CONFIG_ERP=y
# EAP-MD5 for the integrated EAP server
CONFIG_EAP_MD5=y
# EAP-TLS for the integrated EAP server
CONFIG_EAP_TLS=y
# EAP-MSCHAPv2 for the integrated EAP server
CONFIG_EAP_MSCHAPV2=y
# EAP-PEAP for the integrated EAP server
CONFIG_EAP_PEAP=y
# EAP-GTC for the integrated EAP server
CONFIG_EAP_GTC=y
# EAP-TTLS for the integrated EAP server
CONFIG_EAP_TTLS=y
# EAP-SIM for the integrated EAP server
CONFIG_EAP_SIM=y
# EAP-AKA for the integrated EAP server
CONFIG_EAP_AKA=y
# EAP-AKA' for the integrated EAP server
# This requires CONFIG_EAP_AKA to be enabled, too.
CONFIG_EAP_AKA_PRIME=y
# EAP-PAX for the integrated EAP server
CONFIG_EAP_PAX=y
# EAP-PSK for the integrated EAP server (this is _not_ needed for WPA-PSK)
CONFIG_EAP_PSK=y
# EAP-pwd for the integrated EAP server (secure authentication with a password)
CONFIG_EAP_PWD=y
# EAP-SAKE for the integrated EAP server
CONFIG_EAP_SAKE=y
# EAP-GPSK for the integrated EAP server
CONFIG_EAP_GPSK=y
# Include support for optional SHA256 cipher suite in EAP-GPSK
CONFIG_EAP_GPSK_SHA256=y
# EAP-FAST for the integrated EAP server
CONFIG_EAP_FAST=y
# EAP-TEAP for the integrated EAP server
# Note: The current EAP-TEAP implementation is experimental and should not be
# enabled for production use. The IETF RFC 7170 that defines EAP-TEAP has number
# of conflicting statements and missing details and the implementation has
# vendor specific workarounds for those and as such, may not interoperate with
# any other implementation. This should not be used for anything else than
# experimentation and interoperability testing until those issues has been
# resolved.
#CONFIG_EAP_TEAP=y
# Wi-Fi Protected Setup (WPS)
CONFIG_WPS=y
# Enable UPnP support for external WPS Registrars
CONFIG_WPS_UPNP=y
# Enable WPS support with NFC config method
CONFIG_WPS_NFC=y
# EAP-IKEv2
CONFIG_EAP_IKEV2=y
# Trusted Network Connect (EAP-TNC)
CONFIG_EAP_TNC=y
# EAP-EKE for the integrated EAP server
CONFIG_EAP_EKE=y
# PKCS#12 (PFX) support (used to read private key and certificate file from
# a file that usually has extension .p12 or .pfx)
CONFIG_PKCS12=y
# RADIUS authentication server. This provides access to the integrated EAP
# server from external hosts using RADIUS.
CONFIG_RADIUS_SERVER=y
# Build IPv6 support for RADIUS operations
CONFIG_IPV6=y
# IEEE Std 802.11r-2008 (Fast BSS Transition)
CONFIG_IEEE80211R=y
# Use the hostapd's IEEE 802.11 authentication (ACL), but without
# the IEEE 802.11 Management capability (e.g., FreeBSD/net80211)
#CONFIG_DRIVER_RADIUS_ACL=y
# IEEE 802.11n (High Throughput) support
CONFIG_IEEE80211N=y
# Wireless Network Management (IEEE Std 802.11v-2011)
# Note: This is experimental and not complete implementation.
CONFIG_WNM=y
# IEEE 802.11ac (Very High Throughput) support
CONFIG_IEEE80211AC=y
# IEEE 802.11ax HE support
# Note: This is experimental and work in progress. The definitions are still
# subject to change and this should not be expected to interoperate with the
# final IEEE 802.11ax version.
#CONFIG_IEEE80211AX=y
# Remove debugging code that is printing out debug messages to stdout.
# This can be used to reduce the size of the hostapd considerably if debugging
# code is not needed.
#CONFIG_NO_STDOUT_DEBUG=y
# Add support for writing debug log to a file: -f /tmp/hostapd.log
# Disabled by default.
CONFIG_DEBUG_FILE=y
# Send debug messages to syslog instead of stdout
#CONFIG_DEBUG_SYSLOG=y
# Add support for sending all debug messages (regardless of debug verbosity)
# to the Linux kernel tracing facility. This helps debug the entire stack by
# making it easy to record everything happening from the driver up into the
# same file, e.g., using trace-cmd.
CONFIG_DEBUG_LINUX_TRACING=y
# Remove support for RADIUS accounting
#CONFIG_NO_ACCOUNTING=y
# Remove support for RADIUS
#CONFIG_NO_RADIUS=y
# Remove support for VLANs
#CONFIG_NO_VLAN=y
# Enable support for fully dynamic VLANs. This enables hostapd to
# automatically create bridge and VLAN interfaces if necessary.
CONFIG_FULL_DYNAMIC_VLAN=y
# Use netlink-based kernel API for VLAN operations instead of ioctl()
# Note: This requires libnl 3.1 or newer.
CONFIG_VLAN_NETLINK=y
# Remove support for dumping internal state through control interface commands
# This can be used to reduce binary size at the cost of disabling a debugging
# option.
#CONFIG_NO_DUMP_STATE=y
# Enable tracing code for developer debugging
# This tracks use of memory allocations and other registrations and reports
# incorrect use with a backtrace of call (or allocation) location.
#CONFIG_WPA_TRACE=y
# For BSD, comment out these.
#LIBS += -lexecinfo
#LIBS_p += -lexecinfo
#LIBS_c += -lexecinfo
# Use libbfd to get more details for developer debugging
# This enables use of libbfd to get more detailed symbols for the backtraces
# generated by CONFIG_WPA_TRACE=y.
#CONFIG_WPA_TRACE_BFD=y
# For BSD, comment out these.
#LIBS += -lbfd -liberty -lz
#LIBS_p += -lbfd -liberty -lz
#LIBS_c += -lbfd -liberty -lz
# hostapd depends on strong random number generation being available from the
# operating system. os_get_random() function is used to fetch random data when
# needed, e.g., for key generation. On Linux and BSD systems, this works by
# reading /dev/urandom. It should be noted that the OS entropy pool needs to be
# properly initialized before hostapd is started. This is important especially
# on embedded devices that do not have a hardware random number generator and
# may by default start up with minimal entropy available for random number
# generation.
#
# As a safety net, hostapd is by default trying to internally collect
# additional entropy for generating random data to mix in with the data
# fetched from the OS. This by itself is not considered to be very strong, but
# it may help in cases where the system pool is not initialized properly.
# However, it is very strongly recommended that the system pool is initialized
# with enough entropy either by using hardware assisted random number
# generator or by storing state over device reboots.
#
# hostapd can be configured to maintain its own entropy store over restarts to
# enhance random number generation. This is not perfect, but it is much more
# secure than using the same sequence of random numbers after every reboot.
# This can be enabled with -e<entropy file> command line option. The specified
# file needs to be readable and writable by hostapd.
#
# If the os_get_random() is known to provide strong random data (e.g., on
# Linux/BSD, the board in question is known to have reliable source of random
# data from /dev/urandom), the internal hostapd random pool can be disabled.
# This will save some in binary size and CPU use. However, this should only be
# considered for builds that are known to be used on devices that meet the
# requirements described above.
#CONFIG_NO_RANDOM_POOL=y
# Should we attempt to use the getrandom(2) call that provides more reliable
# yet secure randomness source than /dev/random on Linux 3.17 and newer.
# Requires glibc 2.25 to build, falls back to /dev/random if unavailable.
CONFIG_GETRANDOM=y
# Should we use poll instead of select? Select is used by default.
#CONFIG_ELOOP_POLL=y
# Should we use epoll instead of select? Select is used by default.
#CONFIG_ELOOP_EPOLL=y
# Should we use kqueue instead of select? Select is used by default.
#CONFIG_ELOOP_KQUEUE=y
# Select TLS implementation
# openssl = OpenSSL (default)
# gnutls = GnuTLS
# internal = Internal TLSv1 implementation (experimental)
# linux = Linux kernel AF_ALG and internal TLSv1 implementation (experimental)
# none = Empty template
CONFIG_TLS=openssl
# TLS-based EAP methods require at least TLS v1.0. Newer version of TLS (v1.1)
# can be enabled to get a stronger construction of messages when block ciphers
# are used.
CONFIG_TLSV11=y
# TLS-based EAP methods require at least TLS v1.0. Newer version of TLS (v1.2)
# can be enabled to enable use of stronger crypto algorithms.
CONFIG_TLSV12=y
# Select which ciphers to use by default with OpenSSL if the user does not
# specify them.
#CONFIG_TLS_DEFAULT_CIPHERS="DEFAULT:!EXP:!LOW"
# If CONFIG_TLS=internal is used, additional library and include paths are
# needed for LibTomMath. Alternatively, an integrated, minimal version of
# LibTomMath can be used. See beginning of libtommath.c for details on benefits
# and drawbacks of this option.
#CONFIG_INTERNAL_LIBTOMMATH=y
#ifndef CONFIG_INTERNAL_LIBTOMMATH
#LTM_PATH=/usr/src/libtommath-0.39
#CFLAGS += -I$(LTM_PATH)
#LIBS += -L$(LTM_PATH)
#LIBS_p += -L$(LTM_PATH)
#endif
# At the cost of about 4 kB of additional binary size, the internal LibTomMath
# can be configured to include faster routines for exptmod, sqr, and div to
# speed up DH and RSA calculation considerably
#CONFIG_INTERNAL_LIBTOMMATH_FAST=y
# Interworking (IEEE 802.11u)
# This can be used to enable functionality to improve interworking with
# external networks.
CONFIG_INTERWORKING=y
# Hotspot 2.0
CONFIG_HS20=y
# Enable SQLite database support in hlr_auc_gw, EAP-SIM DB, and eap_user_file
#CONFIG_SQLITE=y
# Enable Fast Session Transfer (FST)
CONFIG_FST=y
# Enable CLI commands for FST testing
#CONFIG_FST_TEST=y
# Testing options
# This can be used to enable some testing options (see also the example
# configuration file) that are really useful only for testing clients that
# connect to this hostapd. These options allow, for example, to drop a
# certain percentage of probe requests or auth/(re)assoc frames.
#
CONFIG_TESTING_OPTIONS=y
# Automatic Channel Selection
# This will allow hostapd to pick the channel automatically when channel is set
# to "acs_survey" or "0". Eventually, other ACS algorithms can be added in
# similar way.
#
# Automatic selection is currently only done through initialization, later on
# we hope to do background checks to keep us moving to more ideal channels as
# time goes by. ACS is currently only supported through the nl80211 driver and
# your driver must have survey dump capability that is filled by the driver
# during scanning.
#
# You can customize the ACS survey algorithm with the hostapd.conf variable
# acs_num_scans.
#
# Supported ACS drivers:
# * ath9k
# * ath5k
# * ath10k
#
# For more details refer to:
# http://wireless.kernel.org/en/users/Documentation/acs
#
CONFIG_ACS=y
# Multiband Operation support
# These extensions facilitate efficient use of multiple frequency bands
# available to the AP and the devices that may associate with it.
CONFIG_MBO=y
# Client Taxonomy
# Has the AP retain the Probe Request and (Re)Association Request frames from
# a client, from which a signature can be produced which can identify the model
# of client device like "Nexus 6P" or "iPhone 5s".
#CONFIG_TAXONOMY=y
# Fast Initial Link Setup (FILS) (IEEE 802.11ai)
CONFIG_FILS=y
# FILS shared key authentication with PFS
CONFIG_FILS_SK_PFS=y
# Include internal line edit mode in hostapd_cli. This can be used to provide
# limited command line editing and history support.
#CONFIG_WPA_CLI_EDIT=y
# Opportunistic Wireless Encryption (OWE)
# Experimental implementation of draft-harkins-owe-07.txt
CONFIG_OWE=y
# Airtime policy support
CONFIG_AIRTIME_POLICY=y
# Device Provisioning Protocol (DPP)
CONFIG_DPP=y
# Simultaneous Authentication of Equals (SAE)
CONFIG_SAE=y
# WPA3-Enterprise (SuiteB-192)
CONFIG_SUITEB=y
CONFIG_SUITEB192=y
# Airtime policy support
#CONFIG_AIRTIME_POLICY=y
# Override default value for the wpa_disable_eapol_key_retries configuration
# parameter. See that parameter in hostapd.conf for more details.
#CFLAGS += -DDEFAULT_WPA_DISABLE_EAPOL_KEY_RETRIES=1
# Wired equivalent privacy (WEP)
# WEP is an obsolete cryptographic data confidentiality algorithm that is not
# considered secure. It should not be used for anything anymore. The
# functionality needed to use WEP is available in the current hostapd
# release under this optional build parameter. This functionality is subject to
# be completely removed in a future release.
#CONFIG_WEP=y
# Remove all TKIP functionality
# TKIP is an old cryptographic data confidentiality algorithm that is not
# considered secure. It should not be used anymore. For now, the default hostapd
# build includes this to allow mixed mode WPA+WPA2 networks to be enabled, but
# that functionality is subject to be removed in the future.
#CONFIG_NO_TKIP=y

616
debian/config/wpasupplicant/kfreebsd vendored Normal file
View File

@ -0,0 +1,616 @@
# Debian wpa_supplicant build time configuration
#
# This file lists the configuration options that are used when building the
# wpa_supplicant binary. All lines starting with # are ignored. Configuration
# option lines must be commented out complete, if they are not to be included,
# i.e., just setting VARIABLE=n is not disabling that variable.
#
# This file is included in Makefile, so variables like CFLAGS and LIBS can also
# be modified from here. In most cases, these lines should use += in order not
# to override previous values of the variables.
# Uncomment following two lines and fix the paths if you have installed OpenSSL
# or GnuTLS in non-default location
#CFLAGS += -I/usr/local/openssl/include
#LIBS += -L/usr/local/openssl/lib
# Some Red Hat versions seem to include kerberos header files from OpenSSL, but
# the kerberos files are not in the default include path. Following line can be
# used to fix build issues on such systems (krb5.h not found).
#CFLAGS += -I/usr/include/kerberos
# Driver interface for generic Linux wireless extensions
# Note: WEXT is deprecated in the current Linux kernel version and no new
# functionality is added to it. nl80211-based interface is the new
# replacement for WEXT and its use allows wpa_supplicant to properly control
# the driver to improve existing functionality like roaming and to support new
# functionality.
#CONFIG_DRIVER_WEXT=y
# Driver interface for Linux drivers using the nl80211 kernel interface
#CONFIG_DRIVER_NL80211=y
# QCA vendor extensions to nl80211
#CONFIG_DRIVER_NL80211_QCA=y
# driver_nl80211.c requires libnl. If you are compiling it yourself
# you may need to point hostapd to your version of libnl.
#
#CFLAGS += -I$<path to libnl include files>
#LIBS += -L$<path to libnl library files>
# Use libnl v2.0 (or 3.0) libraries.
#CONFIG_LIBNL20=y
# Use libnl 3.2 libraries (if this is selected, CONFIG_LIBNL20 is ignored)
#CONFIG_LIBNL32=y
# Driver interface for FreeBSD net80211 layer (e.g., Atheros driver)
CONFIG_DRIVER_BSD=y
#CFLAGS += -I/usr/local/include
#LIBS += -L/usr/local/lib
#LIBS_p += -L/usr/local/lib
#LIBS_c += -L/usr/local/lib
# Driver interface for Windows NDIS
#CONFIG_DRIVER_NDIS=y
#CFLAGS += -I/usr/include/w32api/ddk
#LIBS += -L/usr/local/lib
# For native build using mingw
#CONFIG_NATIVE_WINDOWS=y
# Additional directories for cross-compilation on Linux host for mingw target
#CFLAGS += -I/opt/mingw/mingw32/include/ddk
#LIBS += -L/opt/mingw/mingw32/lib
#CC=mingw32-gcc
# By default, driver_ndis uses WinPcap for low-level operations. This can be
# replaced with the following option which replaces WinPcap calls with NDISUIO.
# However, this requires that WZC is disabled (net stop wzcsvc) before starting
# wpa_supplicant.
# CONFIG_USE_NDISUIO=y
# Driver interface for wired Ethernet drivers
CONFIG_DRIVER_WIRED=y
# Driver interface for MACsec capable Qualcomm Atheros drivers
#CONFIG_DRIVER_MACSEC_QCA=y
# Driver interface for Linux MACsec drivers
#CONFIG_DRIVER_MACSEC_LINUX=y
# Driver interface for the Broadcom RoboSwitch family
#CONFIG_DRIVER_ROBOSWITCH=y
# Driver interface for no driver (e.g., WPS ER only)
CONFIG_DRIVER_NONE=y
# Solaris libraries
#LIBS += -lsocket -ldlpi -lnsl
#LIBS_c += -lsocket
# Enable IEEE 802.1X Supplicant (automatically included if any EAP method or
# MACsec is included)
CONFIG_IEEE8021X_EAPOL=y
# EAP-MD5
CONFIG_EAP_MD5=y
# EAP-MSCHAPv2
CONFIG_EAP_MSCHAPV2=y
# EAP-TLS
CONFIG_EAP_TLS=y
# EAL-PEAP
CONFIG_EAP_PEAP=y
# EAP-TTLS
CONFIG_EAP_TTLS=y
# EAP-FAST
CONFIG_EAP_FAST=y
# EAP-GTC
CONFIG_EAP_GTC=y
# EAP-OTP
CONFIG_EAP_OTP=y
# EAP-SIM (enable CONFIG_PCSC, if EAP-SIM is used)
CONFIG_EAP_SIM=y
# EAP-PSK (experimental; this is _not_ needed for WPA-PSK)
CONFIG_EAP_PSK=y
# EAP-pwd (secure authentication using only a password)
CONFIG_EAP_PWD=y
# EAP-PAX
CONFIG_EAP_PAX=y
# LEAP
CONFIG_EAP_LEAP=y
# EAP-AKA (enable CONFIG_PCSC, if EAP-AKA is used)
CONFIG_EAP_AKA=y
# EAP-AKA' (enable CONFIG_PCSC, if EAP-AKA' is used).
# This requires CONFIG_EAP_AKA to be enabled, too.
CONFIG_EAP_AKA_PRIME=y
# Enable USIM simulator (Milenage) for EAP-AKA
#CONFIG_USIM_SIMULATOR=y
# EAP-SAKE
CONFIG_EAP_SAKE=y
# EAP-GPSK
CONFIG_EAP_GPSK=y
# Include support for optional SHA256 cipher suite in EAP-GPSK
CONFIG_EAP_GPSK_SHA256=y
# EAP-TNC and related Trusted Network Connect support (experimental)
CONFIG_EAP_TNC=y
# Wi-Fi Protected Setup (WPS)
CONFIG_WPS=y
# Enable WPS external registrar functionality
CONFIG_WPS_ER=y
# Disable credentials for an open network by default when acting as a WPS
# registrar.
CONFIG_WPS_REG_DISABLE_OPEN=y
# Enable WPS support with NFC config method
CONFIG_WPS_NFC=y
# EAP-IKEv2
CONFIG_EAP_IKEV2=y
# EAP-EKE
CONFIG_EAP_EKE=y
# MACsec
#CONFIG_MACSEC=y
# PKCS#12 (PFX) support (used to read private key and certificate file from
# a file that usually has extension .p12 or .pfx)
CONFIG_PKCS12=y
# Smartcard support (i.e., private key on a smartcard), e.g., with openssl
# engine.
CONFIG_SMARTCARD=y
# PC/SC interface for smartcards (USIM, GSM SIM)
# Enable this if EAP-SIM or EAP-AKA is included
CONFIG_PCSC=y
# Support HT overrides (disable HT/HT40, mask MCS rates, etc.)
CONFIG_HT_OVERRIDES=y
# Support VHT overrides (disable VHT, mask MCS rates, etc.)
CONFIG_VHT_OVERRIDES=y
# Development testing
CONFIG_EAPOL_TEST=y
# Select control interface backend for external programs, e.g, wpa_cli:
# unix = UNIX domain sockets (default for Linux/*BSD)
# udp = UDP sockets using localhost (127.0.0.1)
# udp6 = UDP IPv6 sockets using localhost (::1)
# named_pipe = Windows Named Pipe (default for Windows)
# udp-remote = UDP sockets with remote access (only for tests systems/purpose)
# udp6-remote = UDP IPv6 sockets with remote access (only for tests purpose)
# y = use default (backwards compatibility)
# If this option is commented out, control interface is not included in the
# build.
CONFIG_CTRL_IFACE=y
# Include support for GNU Readline and History Libraries in wpa_cli.
# When building a wpa_cli binary for distribution, please note that these
# libraries are licensed under GPL and as such, BSD license may not apply for
# the resulting binary.
CONFIG_READLINE=y
# Include internal line edit mode in wpa_cli. This can be used as a replacement
# for GNU Readline to provide limited command line editing and history support.
#CONFIG_WPA_CLI_EDIT=y
# Remove debugging code that is printing out debug message to stdout.
# This can be used to reduce the size of the wpa_supplicant considerably
# if debugging code is not needed. The size reduction can be around 35%
# (e.g., 90 kB).
#CONFIG_NO_STDOUT_DEBUG=y
# Remove WPA support, e.g., for wired-only IEEE 802.1X supplicant, to save
# 35-50 kB in code size.
#CONFIG_NO_WPA=y
# Remove IEEE 802.11i/WPA-Personal ASCII passphrase support
# This option can be used to reduce code size by removing support for
# converting ASCII passphrases into PSK. If this functionality is removed, the
# PSK can only be configured as the 64-octet hexstring (e.g., from
# wpa_passphrase). This saves about 0.5 kB in code size.
#CONFIG_NO_WPA_PASSPHRASE=y
# Simultaneous Authentication of Equals (SAE), WPA3-Personal
CONFIG_SAE=y
# WPA3-Enterprise (SuiteB-192)
CONFIG_SUITEB=y
CONFIG_SUITEB192=y
# Disable scan result processing (ap_mode=1) to save code size by about 1 kB.
# This can be used if ap_scan=1 mode is never enabled.
#CONFIG_NO_SCAN_PROCESSING=y
# Select configuration backend:
# file = text file (e.g., wpa_supplicant.conf; note: the configuration file
# path is given on command line, not here; this option is just used to
# select the backend that allows configuration files to be used)
# winreg = Windows registry (see win_example.reg for an example)
CONFIG_BACKEND=file
# Remove configuration write functionality (i.e., to allow the configuration
# file to be updated based on runtime configuration changes). The runtime
# configuration can still be changed, the changes are just not going to be
# persistent over restarts. This option can be used to reduce code size by
# about 3.5 kB.
#CONFIG_NO_CONFIG_WRITE=y
# Remove support for configuration blobs to reduce code size by about 1.5 kB.
#CONFIG_NO_CONFIG_BLOBS=y
# Select program entry point implementation:
# main = UNIX/POSIX like main() function (default)
# main_winsvc = Windows service (read parameters from registry)
# main_none = Very basic example (development use only)
CONFIG_MAIN=main
# Select wrapper for operating system and C library specific functions
# unix = UNIX/POSIX like systems (default)
# win32 = Windows systems
# none = Empty template
CONFIG_OS=unix
# Select event loop implementation
# eloop = select() loop (default)
# eloop_win = Windows events and WaitForMultipleObject() loop
CONFIG_ELOOP=eloop
# Should we use poll instead of select? Select is used by default.
#CONFIG_ELOOP_POLL=y
# Should we use epoll instead of select? Select is used by default.
#CONFIG_ELOOP_EPOLL=y
# Should we use kqueue instead of select? Select is used by default.
#CONFIG_ELOOP_KQUEUE=y
# Select layer 2 packet implementation
# linux = Linux packet socket (default)
# pcap = libpcap/libdnet/WinPcap
# freebsd = FreeBSD libpcap
# winpcap = WinPcap with receive thread
# ndis = Windows NDISUIO (note: requires CONFIG_USE_NDISUIO=y)
# none = Empty template
CONFIG_L2_PACKET=freebsd
# Disable Linux packet socket workaround applicable for station interface
# in a bridge for EAPOL frames. This should be uncommented only if the kernel
# is known to not have the regression issue in packet socket behavior with
# bridge interfaces (commit 'bridge: respect RFC2863 operational state')').
#CONFIG_NO_LINUX_PACKET_SOCKET_WAR=y
# IEEE 802.11w (management frame protection), also known as PMF
# Driver support is also needed for IEEE 802.11w.
CONFIG_IEEE80211W=y
# Support Operating Channel Validation
#CONFIG_OCV=y
# Select TLS implementation
# openssl = OpenSSL (default)
# gnutls = GnuTLS
# internal = Internal TLSv1 implementation (experimental)
# linux = Linux kernel AF_ALG and internal TLSv1 implementation (experimental)
# none = Empty template
CONFIG_TLS=openssl
# TLS-based EAP methods require at least TLS v1.0. Newer version of TLS (v1.1)
# can be enabled to get a stronger construction of messages when block ciphers
# are used. It should be noted that some existing TLS v1.0 -based
# implementation may not be compatible with TLS v1.1 message (ClientHello is
# sent prior to negotiating which version will be used)
CONFIG_TLSV11=y
# TLS-based EAP methods require at least TLS v1.0. Newer version of TLS (v1.2)
# can be enabled to enable use of stronger crypto algorithms. It should be
# noted that some existing TLS v1.0 -based implementation may not be compatible
# with TLS v1.2 message (ClientHello is sent prior to negotiating which version
# will be used)
CONFIG_TLSV12=y
# Select which ciphers to use by default with OpenSSL if the user does not
# specify them.
CONFIG_TLS_DEFAULT_CIPHERS="DEFAULT@SECLEVEL=1"
# If CONFIG_TLS=internal is used, additional library and include paths are
# needed for LibTomMath. Alternatively, an integrated, minimal version of
# LibTomMath can be used. See beginning of libtommath.c for details on benefits
# and drawbacks of this option.
#CONFIG_INTERNAL_LIBTOMMATH=y
#ifndef CONFIG_INTERNAL_LIBTOMMATH
#LTM_PATH=/usr/src/libtommath-0.39
#CFLAGS += -I$(LTM_PATH)
#LIBS += -L$(LTM_PATH)
#LIBS_p += -L$(LTM_PATH)
#endif
# At the cost of about 4 kB of additional binary size, the internal LibTomMath
# can be configured to include faster routines for exptmod, sqr, and div to
# speed up DH and RSA calculation considerably
#CONFIG_INTERNAL_LIBTOMMATH_FAST=y
# Include NDIS event processing through WMI into wpa_supplicant/wpasvc.
# This is only for Windows builds and requires WMI-related header files and
# WbemUuid.Lib from Platform SDK even when building with MinGW.
#CONFIG_NDIS_EVENTS_INTEGRATED=y
#PLATFORMSDKLIB="/opt/Program Files/Microsoft Platform SDK/Lib"
# Add support for new DBus control interface
# (fi.w1.hostap.wpa_supplicant1)
CONFIG_CTRL_IFACE_DBUS_NEW=y
# Add introspection support for new DBus control interface
CONFIG_CTRL_IFACE_DBUS_INTRO=y
# Add support for loading EAP methods dynamically as shared libraries.
# When this option is enabled, each EAP method can be either included
# statically (CONFIG_EAP_<method>=y) or dynamically (CONFIG_EAP_<method>=dyn).
# Dynamic EAP methods are build as shared objects (eap_*.so) and they need to
# be loaded in the beginning of the wpa_supplicant configuration file
# (see load_dynamic_eap parameter in the example file) before being used in
# the network blocks.
#
# Note that some shared parts of EAP methods are included in the main program
# and in order to be able to use dynamic EAP methods using these parts, the
# main program must have been build with the EAP method enabled (=y or =dyn).
# This means that EAP-TLS/PEAP/TTLS/FAST cannot be added as dynamic libraries
# unless at least one of them was included in the main build to force inclusion
# of the shared code. Similarly, at least one of EAP-SIM/AKA must be included
# in the main build to be able to load these methods dynamically.
#
# Please also note that using dynamic libraries will increase the total binary
# size. Thus, it may not be the best option for targets that have limited
# amount of memory/flash.
#CONFIG_DYNAMIC_EAP_METHODS=y
# IEEE Std 802.11r-2008 (Fast BSS Transition) for station mode
CONFIG_IEEE80211R=y
# Add support for writing debug log to a file (/tmp/wpa_supplicant-log-#.txt)
CONFIG_DEBUG_FILE=y
# Send debug messages to syslog instead of stdout
CONFIG_DEBUG_SYSLOG=y
# Set syslog facility for debug messages
CONFIG_DEBUG_SYSLOG_FACILITY=LOG_DAEMON
# Add support for sending all debug messages (regardless of debug verbosity)
# to the Linux kernel tracing facility. This helps debug the entire stack by
# making it easy to record everything happening from the driver up into the
# same file, e.g., using trace-cmd.
#CONFIG_DEBUG_LINUX_TRACING=y
# Add support for writing debug log to Android logcat instead of standard
# output
#CONFIG_ANDROID_LOG=y
# Enable privilege separation (see README 'Privilege separation' for details)
#CONFIG_PRIVSEP=y
# Enable mitigation against certain attacks against TKIP by delaying Michael
# MIC error reports by a random amount of time between 0 and 60 seconds
CONFIG_DELAYED_MIC_ERROR_REPORT=y
# Enable tracing code for developer debugging
# This tracks use of memory allocations and other registrations and reports
# incorrect use with a backtrace of call (or allocation) location.
#CONFIG_WPA_TRACE=y
# For BSD, uncomment these.
#LIBS += -lexecinfo
#LIBS_p += -lexecinfo
#LIBS_c += -lexecinfo
# Use libbfd to get more details for developer debugging
# This enables use of libbfd to get more detailed symbols for the backtraces
# generated by CONFIG_WPA_TRACE=y.
#CONFIG_WPA_TRACE_BFD=y
# For BSD, uncomment these.
#LIBS += -lbfd -liberty -lz
#LIBS_p += -lbfd -liberty -lz
#LIBS_c += -lbfd -liberty -lz
# wpa_supplicant depends on strong random number generation being available
# from the operating system. os_get_random() function is used to fetch random
# data when needed, e.g., for key generation. On Linux and BSD systems, this
# works by reading /dev/urandom. It should be noted that the OS entropy pool
# needs to be properly initialized before wpa_supplicant is started. This is
# important especially on embedded devices that do not have a hardware random
# number generator and may by default start up with minimal entropy available
# for random number generation.
#
# As a safety net, wpa_supplicant is by default trying to internally collect
# additional entropy for generating random data to mix in with the data fetched
# from the OS. This by itself is not considered to be very strong, but it may
# help in cases where the system pool is not initialized properly. However, it
# is very strongly recommended that the system pool is initialized with enough
# entropy either by using hardware assisted random number generator or by
# storing state over device reboots.
#
# wpa_supplicant can be configured to maintain its own entropy store over
# restarts to enhance random number generation. This is not perfect, but it is
# much more secure than using the same sequence of random numbers after every
# reboot. This can be enabled with -e<entropy file> command line option. The
# specified file needs to be readable and writable by wpa_supplicant.
#
# If the os_get_random() is known to provide strong random data (e.g., on
# Linux/BSD, the board in question is known to have reliable source of random
# data from /dev/urandom), the internal wpa_supplicant random pool can be
# disabled. This will save some in binary size and CPU use. However, this
# should only be considered for builds that are known to be used on devices
# that meet the requirements described above.
#CONFIG_NO_RANDOM_POOL=y
# Should we attempt to use the getrandom(2) call that provides more reliable
# yet secure randomness source than /dev/random on Linux 3.17 and newer.
# Requires glibc 2.25 to build, falls back to /dev/random if unavailable.
#CONFIG_GETRANDOM=y
# IEEE 802.11n (High Throughput) support (mainly for AP mode)
CONFIG_IEEE80211N=y
# IEEE 802.11ac (Very High Throughput) support (mainly for AP mode)
# (depends on CONFIG_IEEE80211N)
CONFIG_IEEE80211AC=y
# Wireless Network Management (IEEE Std 802.11v-2011)
# Note: This is experimental and not complete implementation.
CONFIG_WNM=y
# Interworking (IEEE 802.11u)
# This can be used to enable functionality to improve interworking with
# external networks (GAS/ANQP to learn more about the networks and network
# selection based on available credentials).
CONFIG_INTERWORKING=y
# Hotspot 2.0
CONFIG_HS20=y
# Enable interface matching in wpa_supplicant
#CONFIG_MATCH_IFACE=y
# Disable roaming in wpa_supplicant
#CONFIG_NO_ROAMING=y
# AP mode operations with wpa_supplicant
# This can be used for controlling AP mode operations with wpa_supplicant. It
# should be noted that this is mainly aimed at simple cases like
# WPA2-Personal while more complex configurations like WPA2-Enterprise with an
# external RADIUS server can be supported with hostapd.
CONFIG_AP=y
# P2P (Wi-Fi Direct)
# This can be used to enable P2P support in wpa_supplicant. See README-P2P for
# more information on P2P operations.
CONFIG_P2P=y
# Enable TDLS support
CONFIG_TDLS=y
# Wi-Fi Display
# This can be used to enable Wi-Fi Display extensions for P2P using an external
# program to control the additional information exchanges in the messages.
CONFIG_WIFI_DISPLAY=y
# Autoscan
# This can be used to enable automatic scan support in wpa_supplicant.
# See wpa_supplicant.conf for more information on autoscan usage.
#
# Enabling directly a module will enable autoscan support.
# For exponential module:
CONFIG_AUTOSCAN_EXPONENTIAL=y
# For periodic module:
CONFIG_AUTOSCAN_PERIODIC=y
# Password (and passphrase, etc.) backend for external storage
# These optional mechanisms can be used to add support for storing passwords
# and other secrets in external (to wpa_supplicant) location. This allows, for
# example, operating system specific key storage to be used
#
# External password backend for testing purposes (developer use)
#CONFIG_EXT_PASSWORD_TEST=y
# Enable Fast Session Transfer (FST)
CONFIG_FST=y
# Enable CLI commands for FST testing
#CONFIG_FST_TEST=y
# OS X builds. This is only for building eapol_test.
#CONFIG_OSX=y
# Automatic Channel Selection
# This will allow wpa_supplicant to pick the channel automatically when channel
# is set to "0".
#
# TODO: Extend parser to be able to parse "channel=acs_survey" as an alternative
# to "channel=0". This would enable us to eventually add other ACS algorithms in
# similar way.
#
# Automatic selection is currently only done through initialization, later on
# we hope to do background checks to keep us moving to more ideal channels as
# time goes by. ACS is currently only supported through the nl80211 driver and
# your driver must have survey dump capability that is filled by the driver
# during scanning.
#
# TODO: In analogy to hostapd be able to customize the ACS survey algorithm with
# a newly to create wpa_supplicant.conf variable acs_num_scans.
#
# Supported ACS drivers:
# * ath9k
# * ath5k
# * ath10k
#
# For more details refer to:
# http://wireless.kernel.org/en/users/Documentation/acs
CONFIG_ACS=y
# XXX: Debian #737465
# fix FTBS using gcc-4.8 by linking with -ldl on kfreebsd-any. This is
# already accounted for by the upstream Makefile, however wrongly depending
# on !CONFIG_DRIVER_BSD, while it is actually depending on the target libc
# rather than the kernel.
LIBS += -ldl
# Support Multi Band Operation
CONFIG_MBO=y
# Fast Initial Link Setup (FILS) (IEEE 802.11ai)
CONFIG_FILS=y
# FILS shared key authentication with PFS
CONFIG_FILS_SK_PFS=y
# Support RSN on IBSS networks
# This is needed to be able to use mode=1 network profile with proto=RSN and
# key_mgmt=WPA-PSK (i.e., full key management instead of WPA-None).
CONFIG_IBSS_RSN=y
# External PMKSA cache control
# This can be used to enable control interface commands that allow the current
# PMKSA cache entries to be fetched and new entries to be added.
CONFIG_PMKSA_CACHE_EXTERNAL=y
# Mesh Networking (IEEE 802.11s)
CONFIG_MESH=y
# Background scanning modules
# These can be used to request wpa_supplicant to perform background scanning
# operations for roaming within an ESS (same SSID). See the bgscan parameter in
# the wpa_supplicant.conf file for more details.
# Periodic background scans based on signal strength
CONFIG_BGSCAN_SIMPLE=y
# Learn channels used by the network and try to avoid bgscans on other
# channels (experimental)
CONFIG_BGSCAN_LEARN=y
# Opportunistic Wireless Encryption (OWE)
# Experimental implementation of draft-harkins-owe-07.txt
CONFIG_OWE=y
# Device Provisioning Protocol (DPP)
# This requires CONFIG_IEEE80211W=y to be enabled, too. (see
# wpa_supplicant/README-DPP for details)
CONFIG_DPP=y
# Used by eapol_test only, see #985912
CONFIG_IPV6=y

13
debian/config/wpasupplicant/kfreebsd-udeb vendored Normal file
View File

@ -0,0 +1,13 @@
# Debian's wpa_supplicant build time configuration
CONFIG_DRIVER_BSD=y
LIBS += -ldl
CONFIG_CTRL_IFACE=y
CONFIG_BACKEND=file
CONFIG_MAIN=main
CONFIG_OS=unix
CONFIG_ELOOP=eloop
CONFIG_L2_PACKET=freebsd
# enable syslog support, as requested by d-i/ netcfg
CONFIG_DEBUG_SYSLOG=y
CONFIG_DEBUG_SYSLOG_FACILITY=LOG_DAEMON

622
debian/config/wpasupplicant/linux vendored Normal file
View File

@ -0,0 +1,622 @@
# Debian wpa_supplicant build time configuration
#
# This file lists the configuration options that are used when building the
# wpa_supplicant binary. All lines starting with # are ignored. Configuration
# option lines must be commented out complete, if they are not to be included,
# i.e., just setting VARIABLE=n is not disabling that variable.
#
# This file is included in Makefile, so variables like CFLAGS and LIBS can also
# be modified from here. In most cases, these lines should use += in order not
# to override previous values of the variables.
# Uncomment following two lines and fix the paths if you have installed OpenSSL
# or GnuTLS in non-default location
#CFLAGS += -I/usr/local/openssl/include
#LIBS += -L/usr/local/openssl/lib
# Some Red Hat versions seem to include kerberos header files from OpenSSL, but
# the kerberos files are not in the default include path. Following line can be
# used to fix build issues on such systems (krb5.h not found).
#CFLAGS += -I/usr/include/kerberos
# Driver interface for generic Linux wireless extensions
# Note: WEXT is deprecated in the current Linux kernel version and no new
# functionality is added to it. nl80211-based interface is the new
# replacement for WEXT and its use allows wpa_supplicant to properly control
# the driver to improve existing functionality like roaming and to support new
# functionality.
CONFIG_DRIVER_WEXT=y
# Driver interface for Linux drivers using the nl80211 kernel interface
CONFIG_DRIVER_NL80211=y
# QCA vendor extensions to nl80211
CONFIG_DRIVER_NL80211_QCA=y
# driver_nl80211.c requires libnl. If you are compiling it yourself
# you may need to point hostapd to your version of libnl.
#
#CFLAGS += -I$<path to libnl include files>
#LIBS += -L$<path to libnl library files>
# Use libnl v2.0 (or 3.0) libraries.
#CONFIG_LIBNL20=y
# Use libnl 3.2 libraries (if this is selected, CONFIG_LIBNL20 is ignored)
CONFIG_LIBNL32=y
# Driver interface for FreeBSD net80211 layer (e.g., Atheros driver)
#CONFIG_DRIVER_BSD=y
#CFLAGS += -I/usr/local/include
#LIBS += -L/usr/local/lib
#LIBS_p += -L/usr/local/lib
#LIBS_c += -L/usr/local/lib
# Driver interface for Windows NDIS
#CONFIG_DRIVER_NDIS=y
#CFLAGS += -I/usr/include/w32api/ddk
#LIBS += -L/usr/local/lib
# For native build using mingw
#CONFIG_NATIVE_WINDOWS=y
# Additional directories for cross-compilation on Linux host for mingw target
#CFLAGS += -I/opt/mingw/mingw32/include/ddk
#LIBS += -L/opt/mingw/mingw32/lib
#CC=mingw32-gcc
# By default, driver_ndis uses WinPcap for low-level operations. This can be
# replaced with the following option which replaces WinPcap calls with NDISUIO.
# However, this requires that WZC is disabled (net stop wzcsvc) before starting
# wpa_supplicant.
# CONFIG_USE_NDISUIO=y
# Driver interface for wired Ethernet drivers
CONFIG_DRIVER_WIRED=y
# Driver interface for MACsec capable Qualcomm Atheros drivers
#CONFIG_DRIVER_MACSEC_QCA=y
# Driver interface for Linux MACsec drivers
CONFIG_DRIVER_MACSEC_LINUX=y
# Driver interface for the Broadcom RoboSwitch family
#CONFIG_DRIVER_ROBOSWITCH=y
# Driver interface for no driver (e.g., WPS ER only)
CONFIG_DRIVER_NONE=y
# Solaris libraries
#LIBS += -lsocket -ldlpi -lnsl
#LIBS_c += -lsocket
# Enable IEEE 802.1X Supplicant (automatically included if any EAP method or
# MACsec is included)
CONFIG_IEEE8021X_EAPOL=y
# EAP-MD5
CONFIG_EAP_MD5=y
# EAP-MSCHAPv2
CONFIG_EAP_MSCHAPV2=y
# EAP-TLS
CONFIG_EAP_TLS=y
# EAL-PEAP
CONFIG_EAP_PEAP=y
# EAP-TTLS
CONFIG_EAP_TTLS=y
# EAP-FAST
CONFIG_EAP_FAST=y
# EAP-TEAP
# Note: The current EAP-TEAP implementation is experimental and should not be
# enabled for production use. The IETF RFC 7170 that defines EAP-TEAP has number
# of conflicting statements and missing details and the implementation has
# vendor specific workarounds for those and as such, may not interoperate with
# any other implementation. This should not be used for anything else than
# experimentation and interoperability testing until those issues has been
# resolved.
#CONFIG_EAP_TEAP=y
# EAP-GTC
CONFIG_EAP_GTC=y
# EAP-OTP
CONFIG_EAP_OTP=y
# EAP-SIM (enable CONFIG_PCSC, if EAP-SIM is used)
CONFIG_EAP_SIM=y
# Enable SIM simulator (Milenage) for EAP-SIM
#CONFIG_SIM_SIMULATOR=y
# EAP-PSK (experimental; this is _not_ needed for WPA-PSK)
CONFIG_EAP_PSK=y
# EAP-pwd (secure authentication using only a password)
CONFIG_EAP_PWD=y
# EAP-PAX
CONFIG_EAP_PAX=y
# LEAP
CONFIG_EAP_LEAP=y
# EAP-AKA (enable CONFIG_PCSC, if EAP-AKA is used)
CONFIG_EAP_AKA=y
# EAP-AKA' (enable CONFIG_PCSC, if EAP-AKA' is used).
# This requires CONFIG_EAP_AKA to be enabled, too.
CONFIG_EAP_AKA_PRIME=y
# Enable USIM simulator (Milenage) for EAP-AKA
#CONFIG_USIM_SIMULATOR=y
# EAP-SAKE
CONFIG_EAP_SAKE=y
# EAP-GPSK
CONFIG_EAP_GPSK=y
# Include support for optional SHA256 cipher suite in EAP-GPSK
CONFIG_EAP_GPSK_SHA256=y
# EAP-TNC and related Trusted Network Connect support (experimental)
CONFIG_EAP_TNC=y
# Wi-Fi Protected Setup (WPS)
CONFIG_WPS=y
# Enable WPS external registrar functionality
CONFIG_WPS_ER=y
# Disable credentials for an open network by default when acting as a WPS
# registrar.
CONFIG_WPS_REG_DISABLE_OPEN=y
# Enable WPS support with NFC config method
CONFIG_WPS_NFC=y
# EAP-IKEv2
CONFIG_EAP_IKEV2=y
# EAP-EKE
CONFIG_EAP_EKE=y
# MACsec
CONFIG_MACSEC=y
# PKCS#12 (PFX) support (used to read private key and certificate file from
# a file that usually has extension .p12 or .pfx)
CONFIG_PKCS12=y
# Smartcard support (i.e., private key on a smartcard), e.g., with openssl
# engine.
CONFIG_SMARTCARD=y
# PC/SC interface for smartcards (USIM, GSM SIM)
# Enable this if EAP-SIM or EAP-AKA is included
CONFIG_PCSC=y
# Support HT overrides (disable HT/HT40, mask MCS rates, etc.)
CONFIG_HT_OVERRIDES=y
# Support VHT overrides (disable VHT, mask MCS rates, etc.)
CONFIG_VHT_OVERRIDES=y
# Development testing
CONFIG_EAPOL_TEST=y
# Select control interface backend for external programs, e.g, wpa_cli:
# unix = UNIX domain sockets (default for Linux/*BSD)
# udp = UDP sockets using localhost (127.0.0.1)
# udp6 = UDP IPv6 sockets using localhost (::1)
# named_pipe = Windows Named Pipe (default for Windows)
# udp-remote = UDP sockets with remote access (only for tests systems/purpose)
# udp6-remote = UDP IPv6 sockets with remote access (only for tests purpose)
# y = use default (backwards compatibility)
# If this option is commented out, control interface is not included in the
# build.
CONFIG_CTRL_IFACE=y
# Include support for GNU Readline and History Libraries in wpa_cli.
# When building a wpa_cli binary for distribution, please note that these
# libraries are licensed under GPL and as such, BSD license may not apply for
# the resulting binary.
CONFIG_READLINE=y
# Include internal line edit mode in wpa_cli. This can be used as a replacement
# for GNU Readline to provide limited command line editing and history support.
#CONFIG_WPA_CLI_EDIT=y
# Remove debugging code that is printing out debug message to stdout.
# This can be used to reduce the size of the wpa_supplicant considerably
# if debugging code is not needed. The size reduction can be around 35%
# (e.g., 90 kB).
#CONFIG_NO_STDOUT_DEBUG=y
# Remove WPA support, e.g., for wired-only IEEE 802.1X supplicant, to save
# 35-50 kB in code size.
#CONFIG_NO_WPA=y
# Remove IEEE 802.11i/WPA-Personal ASCII passphrase support
# This option can be used to reduce code size by removing support for
# converting ASCII passphrases into PSK. If this functionality is removed, the
# PSK can only be configured as the 64-octet hexstring (e.g., from
# wpa_passphrase). This saves about 0.5 kB in code size.
#CONFIG_NO_WPA_PASSPHRASE=y
# Simultaneous Authentication of Equals (SAE), WPA3-Personal
CONFIG_SAE=y
# WPA3-Enterprise (SuiteB-192)
CONFIG_SUITEB=y
CONFIG_SUITEB192=y
# Disable scan result processing (ap_scan=1) to save code size by about 1 kB.
# This can be used if ap_scan=1 mode is never enabled.
#CONFIG_NO_SCAN_PROCESSING=y
# Select configuration backend:
# file = text file (e.g., wpa_supplicant.conf; note: the configuration file
# path is given on command line, not here; this option is just used to
# select the backend that allows configuration files to be used)
# winreg = Windows registry (see win_example.reg for an example)
CONFIG_BACKEND=file
# Remove configuration write functionality (i.e., to allow the configuration
# file to be updated based on runtime configuration changes). The runtime
# configuration can still be changed, the changes are just not going to be
# persistent over restarts. This option can be used to reduce code size by
# about 3.5 kB.
#CONFIG_NO_CONFIG_WRITE=y
# Remove support for configuration blobs to reduce code size by about 1.5 kB.
#CONFIG_NO_CONFIG_BLOBS=y
# Select program entry point implementation:
# main = UNIX/POSIX like main() function (default)
# main_winsvc = Windows service (read parameters from registry)
# main_none = Very basic example (development use only)
CONFIG_MAIN=main
# Select wrapper for operating system and C library specific functions
# unix = UNIX/POSIX like systems (default)
# win32 = Windows systems
# none = Empty template
CONFIG_OS=unix
# Select event loop implementation
# eloop = select() loop (default)
# eloop_win = Windows events and WaitForMultipleObject() loop
CONFIG_ELOOP=eloop
# Should we use poll instead of select? Select is used by default.
#CONFIG_ELOOP_POLL=y
# Should we use epoll instead of select? Select is used by default.
#CONFIG_ELOOP_EPOLL=y
# Should we use kqueue instead of select? Select is used by default.
#CONFIG_ELOOP_KQUEUE=y
# Select layer 2 packet implementation
# linux = Linux packet socket (default)
# pcap = libpcap/libdnet/WinPcap
# freebsd = FreeBSD libpcap
# winpcap = WinPcap with receive thread
# ndis = Windows NDISUIO (note: requires CONFIG_USE_NDISUIO=y)
# none = Empty template
CONFIG_L2_PACKET=linux
# Disable Linux packet socket workaround applicable for station interface
# in a bridge for EAPOL frames. This should be uncommented only if the kernel
# is known to not have the regression issue in packet socket behavior with
# bridge interfaces (commit 'bridge: respect RFC2863 operational state')').
#CONFIG_NO_LINUX_PACKET_SOCKET_WAR=y
# IEEE 802.11w (management frame protection), also known as PMF
# Driver support is also needed for IEEE 802.11w.
CONFIG_IEEE80211W=y
# Support Operating Channel Validation
#CONFIG_OCV=y
# Select TLS implementation
# openssl = OpenSSL (default)
# gnutls = GnuTLS
# internal = Internal TLSv1 implementation (experimental)
# linux = Linux kernel AF_ALG and internal TLSv1 implementation (experimental)
# none = Empty template
CONFIG_TLS=openssl
# TLS-based EAP methods require at least TLS v1.0. Newer version of TLS (v1.1)
# can be enabled to get a stronger construction of messages when block ciphers
# are used. It should be noted that some existing TLS v1.0 -based
# implementation may not be compatible with TLS v1.1 message (ClientHello is
# sent prior to negotiating which version will be used)
CONFIG_TLSV11=y
# TLS-based EAP methods require at least TLS v1.0. Newer version of TLS (v1.2)
# can be enabled to enable use of stronger crypto algorithms. It should be
# noted that some existing TLS v1.0 -based implementation may not be compatible
# with TLS v1.2 message (ClientHello is sent prior to negotiating which version
# will be used)
CONFIG_TLSV12=y
# Select which ciphers to use by default with OpenSSL if the user does not
# specify them.
CONFIG_TLS_DEFAULT_CIPHERS="DEFAULT@SECLEVEL=1"
# If CONFIG_TLS=internal is used, additional library and include paths are
# needed for LibTomMath. Alternatively, an integrated, minimal version of
# LibTomMath can be used. See beginning of libtommath.c for details on benefits
# and drawbacks of this option.
#CONFIG_INTERNAL_LIBTOMMATH=y
#ifndef CONFIG_INTERNAL_LIBTOMMATH
#LTM_PATH=/usr/src/libtommath-0.39
#CFLAGS += -I$(LTM_PATH)
#LIBS += -L$(LTM_PATH)
#LIBS_p += -L$(LTM_PATH)
#endif
# At the cost of about 4 kB of additional binary size, the internal LibTomMath
# can be configured to include faster routines for exptmod, sqr, and div to
# speed up DH and RSA calculation considerably
#CONFIG_INTERNAL_LIBTOMMATH_FAST=y
# Include NDIS event processing through WMI into wpa_supplicant/wpasvc.
# This is only for Windows builds and requires WMI-related header files and
# WbemUuid.Lib from Platform SDK even when building with MinGW.
#CONFIG_NDIS_EVENTS_INTEGRATED=y
#PLATFORMSDKLIB="/opt/Program Files/Microsoft Platform SDK/Lib"
# Add support for new DBus control interface
# (fi.w1.wpa_supplicant1)
CONFIG_CTRL_IFACE_DBUS_NEW=y
# Add introspection support for new DBus control interface
CONFIG_CTRL_IFACE_DBUS_INTRO=y
# Add support for loading EAP methods dynamically as shared libraries.
# When this option is enabled, each EAP method can be either included
# statically (CONFIG_EAP_<method>=y) or dynamically (CONFIG_EAP_<method>=dyn).
# Dynamic EAP methods are build as shared objects (eap_*.so) and they need to
# be loaded in the beginning of the wpa_supplicant configuration file
# (see load_dynamic_eap parameter in the example file) before being used in
# the network blocks.
#
# Note that some shared parts of EAP methods are included in the main program
# and in order to be able to use dynamic EAP methods using these parts, the
# main program must have been build with the EAP method enabled (=y or =dyn).
# This means that EAP-TLS/PEAP/TTLS/FAST cannot be added as dynamic libraries
# unless at least one of them was included in the main build to force inclusion
# of the shared code. Similarly, at least one of EAP-SIM/AKA must be included
# in the main build to be able to load these methods dynamically.
#
# Please also note that using dynamic libraries will increase the total binary
# size. Thus, it may not be the best option for targets that have limited
# amount of memory/flash.
#CONFIG_DYNAMIC_EAP_METHODS=y
# IEEE Std 802.11r-2008 (Fast BSS Transition) for station mode
CONFIG_IEEE80211R=y
# Add support for writing debug log to a file (/tmp/wpa_supplicant-log-#.txt)
CONFIG_DEBUG_FILE=y
# Send debug messages to syslog instead of stdout
CONFIG_DEBUG_SYSLOG=y
# Set syslog facility for debug messages
CONFIG_DEBUG_SYSLOG_FACILITY=LOG_DAEMON
# Add support for sending all debug messages (regardless of debug verbosity)
# to the Linux kernel tracing facility. This helps debug the entire stack by
# making it easy to record everything happening from the driver up into the
# same file, e.g., using trace-cmd.
CONFIG_DEBUG_LINUX_TRACING=y
# Add support for writing debug log to Android logcat instead of standard
# output
#CONFIG_ANDROID_LOG=y
# Enable privilege separation (see README 'Privilege separation' for details)
#CONFIG_PRIVSEP=y
# Enable mitigation against certain attacks against TKIP by delaying Michael
# MIC error reports by a random amount of time between 0 and 60 seconds
CONFIG_DELAYED_MIC_ERROR_REPORT=y
# Enable tracing code for developer debugging
# This tracks use of memory allocations and other registrations and reports
# incorrect use with a backtrace of call (or allocation) location.
#CONFIG_WPA_TRACE=y
# For BSD, uncomment these.
#LIBS += -lexecinfo
#LIBS_p += -lexecinfo
#LIBS_c += -lexecinfo
# Use libbfd to get more details for developer debugging
# This enables use of libbfd to get more detailed symbols for the backtraces
# generated by CONFIG_WPA_TRACE=y.
#CONFIG_WPA_TRACE_BFD=y
# For BSD, uncomment these.
#LIBS += -lbfd -liberty -lz
#LIBS_p += -lbfd -liberty -lz
#LIBS_c += -lbfd -liberty -lz
# wpa_supplicant depends on strong random number generation being available
# from the operating system. os_get_random() function is used to fetch random
# data when needed, e.g., for key generation. On Linux and BSD systems, this
# works by reading /dev/urandom. It should be noted that the OS entropy pool
# needs to be properly initialized before wpa_supplicant is started. This is
# important especially on embedded devices that do not have a hardware random
# number generator and may by default start up with minimal entropy available
# for random number generation.
#
# As a safety net, wpa_supplicant is by default trying to internally collect
# additional entropy for generating random data to mix in with the data fetched
# from the OS. This by itself is not considered to be very strong, but it may
# help in cases where the system pool is not initialized properly. However, it
# is very strongly recommended that the system pool is initialized with enough
# entropy either by using hardware assisted random number generator or by
# storing state over device reboots.
#
# wpa_supplicant can be configured to maintain its own entropy store over
# restarts to enhance random number generation. This is not perfect, but it is
# much more secure than using the same sequence of random numbers after every
# reboot. This can be enabled with -e<entropy file> command line option. The
# specified file needs to be readable and writable by wpa_supplicant.
#
# If the os_get_random() is known to provide strong random data (e.g., on
# Linux/BSD, the board in question is known to have reliable source of random
# data from /dev/urandom), the internal wpa_supplicant random pool can be
# disabled. This will save some in binary size and CPU use. However, this
# should only be considered for builds that are known to be used on devices
# that meet the requirements described above.
#CONFIG_NO_RANDOM_POOL=y
# Should we attempt to use the getrandom(2) call that provides more reliable
# yet secure randomness source than /dev/random on Linux 3.17 and newer.
# Requires glibc 2.25 to build, falls back to /dev/random if unavailable.
CONFIG_GETRANDOM=y
# IEEE 802.11n (High Throughput) support (mainly for AP mode)
CONFIG_IEEE80211N=y
# IEEE 802.11ac (Very High Throughput) support (mainly for AP mode)
# (depends on CONFIG_IEEE80211N)
CONFIG_IEEE80211AC=y
# Wireless Network Management (IEEE Std 802.11v-2011)
# Note: This is experimental and not complete implementation.
CONFIG_WNM=y
# Interworking (IEEE 802.11u)
# This can be used to enable functionality to improve interworking with
# external networks (GAS/ANQP to learn more about the networks and network
# selection based on available credentials).
CONFIG_INTERWORKING=y
# Hotspot 2.0
CONFIG_HS20=y
# Enable interface matching in wpa_supplicant
#CONFIG_MATCH_IFACE=y
# Disable roaming in wpa_supplicant
#CONFIG_NO_ROAMING=y
# AP mode operations with wpa_supplicant
# This can be used for controlling AP mode operations with wpa_supplicant. It
# should be noted that this is mainly aimed at simple cases like
# WPA2-Personal while more complex configurations like WPA2-Enterprise with an
# external RADIUS server can be supported with hostapd.
CONFIG_AP=y
# P2P (Wi-Fi Direct)
# This can be used to enable P2P support in wpa_supplicant. See README-P2P for
# more information on P2P operations.
CONFIG_P2P=y
# Enable TDLS support
CONFIG_TDLS=y
# Wi-Fi Display
# This can be used to enable Wi-Fi Display extensions for P2P using an external
# program to control the additional information exchanges in the messages.
CONFIG_WIFI_DISPLAY=y
# Autoscan
# This can be used to enable automatic scan support in wpa_supplicant.
# See wpa_supplicant.conf for more information on autoscan usage.
#
# Enabling directly a module will enable autoscan support.
# For exponential module:
CONFIG_AUTOSCAN_EXPONENTIAL=y
# For periodic module:
CONFIG_AUTOSCAN_PERIODIC=y
# Password (and passphrase, etc.) backend for external storage
# These optional mechanisms can be used to add support for storing passwords
# and other secrets in external (to wpa_supplicant) location. This allows, for
# example, operating system specific key storage to be used
#
# External password backend for testing purposes (developer use)
#CONFIG_EXT_PASSWORD_TEST=y
# Enable Fast Session Transfer (FST)
CONFIG_FST=y
# Enable CLI commands for FST testing
#CONFIG_FST_TEST=y
# OS X builds. This is only for building eapol_test.
#CONFIG_OSX=y
# Automatic Channel Selection
# This will allow wpa_supplicant to pick the channel automatically when channel
# is set to "0".
#
# TODO: Extend parser to be able to parse "channel=acs_survey" as an alternative
# to "channel=0". This would enable us to eventually add other ACS algorithms in
# similar way.
#
# Automatic selection is currently only done through initialization, later on
# we hope to do background checks to keep us moving to more ideal channels as
# time goes by. ACS is currently only supported through the nl80211 driver and
# your driver must have survey dump capability that is filled by the driver
# during scanning.
#
# TODO: In analogy to hostapd be able to customize the ACS survey algorithm with
# a newly to create wpa_supplicant.conf variable acs_num_scans.
#
# Supported ACS drivers:
# * ath9k
# * ath5k
# * ath10k
#
# For more details refer to:
# http://wireless.kernel.org/en/users/Documentation/acs
CONFIG_ACS=y
# Support Multi Band Operation
CONFIG_MBO=y
# Fast Initial Link Setup (FILS) (IEEE 802.11ai)
CONFIG_FILS=y
# FILS shared key authentication with PFS
CONFIG_FILS_SK_PFS=y
# Support RSN on IBSS networks
# This is needed to be able to use mode=1 network profile with proto=RSN and
# key_mgmt=WPA-PSK (i.e., full key management instead of WPA-None).
CONFIG_IBSS_RSN=y
# External PMKSA cache control
# This can be used to enable control interface commands that allow the current
# PMKSA cache entries to be fetched and new entries to be added.
CONFIG_PMKSA_CACHE_EXTERNAL=y
# Mesh Networking (IEEE 802.11s)
CONFIG_MESH=y
# Background scanning modules
# These can be used to request wpa_supplicant to perform background scanning
# operations for roaming within an ESS (same SSID). See the bgscan parameter in
# the wpa_supplicant.conf file for more details.
# Periodic background scans based on signal strength
CONFIG_BGSCAN_SIMPLE=y
# Learn channels used by the network and try to avoid bgscans on other
# channels (experimental)
CONFIG_BGSCAN_LEARN=y
# Opportunistic Wireless Encryption (OWE)
# Experimental implementation of draft-harkins-owe-07.txt
CONFIG_OWE=y
# Device Provisioning Protocol (DPP)
# This requires CONFIG_IEEE80211W=y to be enabled, too. (see
# wpa_supplicant/README-DPP for details)
CONFIG_DPP=y
# Used by eapol_test only, see #985912
CONFIG_IPV6=y

20
debian/config/wpasupplicant/linux-udeb vendored Normal file
View File

@ -0,0 +1,20 @@
# Debian's wpa_supplicant build time configuration
CONFIG_DRIVER_WEXT=y
CONFIG_DRIVER_NL80211=y
CONFIG_LIBNL32=y
CONFIG_CTRL_IFACE=y
CONFIG_BACKEND=file
CONFIG_MAIN=main
CONFIG_OS=unix
CONFIG_ELOOP=eloop
CONFIG_L2_PACKET=linux
# At least one of these two is needed to get
# the netlink driver working, why this is the case
# is currently mysterious
#CONFIG_IEEE8021X_EAPOL=y
CONFIG_WPS=y
# enable syslog support, as requested by d-i/ netcfg
CONFIG_DEBUG_SYSLOG=y
CONFIG_DEBUG_SYSLOG_FACILITY=LOG_DAEMON

68
debian/control vendored
View File

@ -6,9 +6,10 @@ Uploaders:
Section: net
Priority: optional
Build-Depends: debhelper-compat (= 12),
dh-exec,
libdbus-1-dev,
libssl-dev,
qtbase5-dev,
qtbase5-dev <!pkg.wpa.nogui>,
libncurses5-dev,
libpcsclite-dev,
libnl-3-dev (>= 3.4.0~) [linux-any],
@ -17,13 +18,14 @@ Build-Depends: debhelper-compat (= 12),
libpcap-dev [kfreebsd-any],
libbsd-dev [kfreebsd-any],
libreadline-dev,
pkg-config,
pkgconf | pkg-config,
docbook-to-man,
docbook-utils
Standards-Version: 4.3.0
Vcs-Browser: https://salsa.debian.org/debian/wpa.git
Standards-Version: 4.4.1
Rules-Requires-Root: no
Vcs-Browser: https://salsa.debian.org/debian/wpa
Vcs-Git: https://salsa.debian.org/debian/wpa.git
Homepage: http://w1.fi/wpa_supplicant/
Homepage: https://w1.fi/wpa_supplicant/
Package: hostapd
Architecture: linux-any kfreebsd-any
@ -32,13 +34,15 @@ Pre-Depends: ${misc:Pre-Depends}
Depends: ${shlibs:Depends},
${misc:Depends},
lsb-base
Breaks: initscripts (<< 2.88dsf-0)
Description: IEEE 802.11 AP and IEEE 802.1X/WPA/WPA2/EAP Authenticator
Breaks: initscripts (<< 2.88dsf-13.3)
Description: access point and authentication server for Wi-Fi and Ethernet
IEEE 802.11 AP and IEEE 802.1X/WPA/WPA2/WPA3/EAP Authenticator
.
Originally, hostapd was an optional user space component for Host AP
driver. It adds more features to the basic IEEE 802.11 management
included in the kernel driver: using external RADIUS authentication
server for MAC address based access control, IEEE 802.1X Authenticator
and dynamic WEP keying, RADIUS accounting, WPA/WPA2 (IEEE 802.11i/RSN)
and dynamic WEP keying, RADIUS accounting, WPA/WPA2/WPA3 (IEEE 802.11i/RSN)
Authenticator and dynamic TKIP/CCMP keying.
.
The current version includes support for other drivers, an integrated
@ -55,12 +59,12 @@ Description: IEEE 802.11 AP and IEEE 802.1X/WPA/WPA2/EAP Authenticator
Package: wpagui
Architecture: linux-any kfreebsd-any
Build-Profiles: <!pkg.wpa.nogui>
Multi-Arch: foreign
Depends: ${shlibs:Depends},
${misc:Depends},
wpasupplicant (>= 0.7.3~),
libqt5svg5
Recommends: menu
Description: graphical user interface for wpa_supplicant
wpagui provides a Qt interface for choosing which configured network
to connect to. It also provides a method for browsing 802.11 SSID scan
@ -76,25 +80,51 @@ Depends: ${shlibs:Depends},
adduser
Suggests: wpagui,
libengine-pkcs11-openssl
Breaks: initscripts (<< 2.88dsf-0)
Breaks: initscripts (<< 2.88dsf-13.3)
Description: client support for WPA and WPA2 (IEEE 802.11i)
WPA and WPA2 are methods for securing wireless networks, the former
using IEEE 802.1X, and the latter using IEEE 802.11i. This software
provides key negotiation with the WPA Authenticator, and controls
association with IEEE 802.11i networks.
wpa-supplicant is a userspace daemon handling connection and authentication
in wireless and wired networks, primarily secured with the WPA/WPA2/WPA3
protocols. This software provides key negotiation with the access point
(WPA Authenticator), and controls association with IEEE 802.11i networks.
Package: wpasupplicant-udeb
Architecture: linux-any
Build-Profiles: <!noudeb>
Section: debian-installer
Priority: standard
Depends: ${shlibs:Depends},
${misc:Depends},
busybox-udeb
Package-Type: udeb
Description: Client support for WPA and WPA2 (IEEE 802.11i)
WPA and WPA2 are methods for securing wireless networks, the former
using IEEE 802.1X, and the latter using IEEE 802.11i. This software
provides key negotiation with the WPA Authenticator, and controls
association with IEEE 802.11i networks.
Description: client support for WPA and WPA2 (IEEE 802.11i)
wpa-supplicant is a userspace daemon handling connection and authentication
in wireless and wired networks, primarily secured with the WPA/WPA2/WPA3
protocols. This software provides key negotiation with the access point
(WPA Authenticator), and controls association with IEEE 802.11i networks.
.
This is a udeb of wpasupplicant for use by the debian-installer.
Package: eapoltest
Architecture: linux-any kfreebsd-any
Depends: ${shlibs:Depends},
${misc:Depends}
Description: EAPoL testing utility
eapol_test allows testing EAP authentication methods without using
a full 802.1X connection. It is frequently used to test the EAP
configuration of RADIUS systems. It is an administrator tool and not
required for standard 802.1X authentication.
Package: libwpa-client-dev
Section: libdevel
Architecture: linux-any kfreebsd-any
Multi-Arch: same
Depends: ${shlibs:Depends}, ${misc:Depends}
Replaces: libwpa-dev
Breaks: libwpa-dev
Description: development files for WPA/WPA2 client support (IEEE 802.11i)
wpa-supplicant is a userspace daemon handling connection and authentication
in wireless and wired networks, primarily secured with the WPA/WPA2/WPA3
protocols. This software provides key negotiation with the access point
(WPA Authenticator), and controls association with IEEE 802.11i networks.
.
This package contains static libwpa_client library and header files.

422
debian/copyright vendored Normal file
View File

@ -0,0 +1,422 @@
Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/
Upstream-Name: hostapd
Upstream-Contact: Jouni Malinen <j@w1.fi>
Source: git://w1.fi/srv/git/hostap.git
Files-Excluded:
doc/*
eap_example/*
mac80211_hwsim/*
radius_example/*
tests/*
wlantest/*
wpadebug/*
wpaspy/*
Android.mk
build_release
Files: *
Copyright: 2002-2021, Jouni Malinen <j@w1.fi>
License: BSD-3-clause
Files: hostapd/logwatch/*
Copyright: 2005, Henrik Brix Andersen <brix@gentoo.org>
License: BSD-3-clause or GPL-2
Files: hostapd/Android.mk
Copyright: 2008, The Android Open Source Project
License: BSD-3-clause
Files: hostapd/hostapd.8
hostapd/hostapd_cli.1
Copyright: 2005, Faidon Liambotis <faidon@cube.gr>
License: BSD-3-clause
Files: hs20/*
Copyright: 2012-2014, Qualcomm Atheros, Inc.
License: BSD-3-clause
Files: src/ap/acs.*
Copyright: 2011, Atheros Communications
2013, Qualcomm Atheros, Inc.
License: BSD-3-clause
Files: src/ap/ap_list.*
src/ap/ap_mlme.*
src/ap/beacon.*
src/ap/hw_features.*
src/ap/vlan_init.*
src/ap/wmm.*
Copyright: 2002-2009, Jouni Malinen <j@w1.fi>
2002-2004, Instant802 Networks, Inc.
2005-2006, Devicescape Software, Inc.
License: BSD-3-clause
Files: src/ap/dfs.*
Copyright: 2002-2013, Jouni Malinen <j@w1.fi>
2013, Qualcomm Atheros, Inc.
License: BSD-3-clause
Files: src/ap/gas_serv.*
src/ap/wnm_ap.*
src/common/ieee802_1x_defs.h
src/common/qca-vendor*
Copyright: 2011-2014, Qualcomm Atheros, Inc.
License: BSD-3-clause
Files: src/ap/hs20.*
wpa_supplicant/hs20_supplicant.*
Copyright: 2009, Atheros Communications, Inc.
2011-2013, Qualcomm Atheros, Inc.
License: BSD-3-clause
Files: src/ap/ieee802_11_ht.c
Copyright: 2002-2009, Jouni Malinen <j@w1.fi>
2007-2008, Intel Corporation
License: BSD-3-clause
Files: src/ap/p2p_hostapd.*
Copyright: 2009-2010, Atheros Communications
License: BSD-3-clause
Files: src/ap/vlan_util.*
Copyright: 2012, Michael Braun <michael-dev@fami-braun.de>
License: BSD-3-clause
Files: src/common/gas.*
Copyright: 2009, Atheros Communications
2011-2012, Qualcomm Atheros
License: BSD-3-clause
Files: src/common/ieee802_11_defs.h
Copyright: 2002-2009, Jouni Malinen <j@w1.fi>
2007-2008, Intel Corporation
License: BSD-3-clause
Files: src/common/wpa_helpers.*
Copyright: 2010-2011, Atheros Communications, Inc.
2011-2012, Qualcomm Atheros, Inc.
License: BSD-3-clause
Files: src/crypto/aes-internal*
Copyright: 2000, Vincent Rijmen <vincent.rijmen@esat.kuleuven.ac.be>
2000, Antoon Bosselaers <antoon.bosselaers@esat.kuleuven.ac.be>
2000, Paulo Barreto <paulo.barreto@terra.com.br>
2003-2012, Jouni Malinen <j@w1.fi>
License: BSD-3-clause
Files: src/crypto/des-internal.c
Copyright: 2005, Tom St Denis <tomstdenis@gmail.com>
2006-2009, Jouni Malinen <j@w1.fi>
License: BSD-3-clause
Files: src/crypto/md4-internal.c
Copyright: 1993, Colin Plumb
2004, Todd C. Miller
2006, Jouni Malinen <j@w1.fi>
License: BSD-3-clause
Files: src/crypto/md5-internal.c
Copyright: 1993, Colin Plumb
2003-2005, Jouni Malinen <j@w1.fi>
License: BSD-3-clause
Files: src/crypto/sha1-internal.c
Copyright: 1998, Steve Reid <sreid@sea-to-sky.net>
1998, James H. Brown <jbrown@burgoyne.com>
2001, Saul Kravitz <Saul.Kravitz@celera.com>
2001-2005, Jouni Malinen <j@w1.fi>
License: BSD-3-clause
Files: src/drivers/driver_atheros.c
Copyright: 2004, Sam Leffler <sam@errno.com>
2004, Video54 Technologies
2005-2007, Jouni Malinen <j@w1.fi>
2009, Atheros Communications
License: BSD-3-clause
Files: src/drivers/driver_bsd.c
Copyright: 2004, Sam Leffler <sam@errno.com>
2004, 2Wire, Inc
License: BSD-3-clause
Files: src/drivers/driver_macsec_qca.c
Copyright: 2004, Gunter Burchardt <tira@isx.de>
2005-2009, Jouni Malinen <j@w1.fi>
2013-2014, Qualcomm Atheros, Inc.
License: BSD-3-clause
Files: src/drivers/driver_nl80211.c
Copyright: 2002-2014, Jouni Malinen <j@w1.fi>
2003-2004, Instant802 Networks, Inc.
2005-2006, Devicescape Software, Inc.
2007, Johannes Berg <johannes@sipsolutions.net>
2009-2010, Atheros Communications
License: BSD-3-clause
Files: src/drivers/driver_none.c
Copyright: 2008, Atheros Communications
License: BSD-3-clause
Files: src/drivers/driver_openbsd.c
Copyright: 2013, Mark Kettenis <mark.kettenis@xs4all.nl>
License: BSD-3-clause
Files: src/drivers/driver_roboswitch.c
Copyright: 2008-2009, Jouke Witteveen
License: BSD-3-clause
Files: src/drivers/driver_wired.c
Copyright: 2005-2009, Jouni Malinen <j@w1.fi>
2004, Gunter Burchardt <tira@isx.de>
License: BSD-3-clause
Files: src/drivers/nl80211_copy.h
Copyright: 2006-2010, Johannes Berg <johannes@sipsolutions.net>
2008, Michael Wu <flamingice@sourmilk.net>
2008, Luis Carlos Cobo <luisca@cozybit.com>
2008, Michael Buesch <m@bues.ch>
2008-2009, Luis R. Rodriguez <lrodriguez@atheros.com>
2008, Jouni Malinen <jouni.malinen@atheros.com>
2008, Colin McCabe <colin@cozybit.com>
License: ISC
Files: src/eap_common/eap_pwd_common.*
src/eap_peer/eap_pwd.c
src/eap_server/eap_server_pwd.c
Copyright: 2010, Dan Harkins <dharkins@lounge.org>
License: BSD-3-clause
Files: src/eap_peer/eap_proxy*
Copyright: 2011-2013 Qualcomm Atheros, Inc.
License: BSD-3-clause
Files: src/l2_packet/l2_packet_freebsd.c
Copyright: 2003-2005, Jouni Malinen <j@w1.fi>
2005, Sam Leffler <sam@errno.com>
License: BSD-3-clause
Files: src/p2p/*
Copyright: 2009-2010, Atheros Communications
License: BSD-3-clause
Files: src/pae/*
Copyright: 2013-2014, Qualcomm Atheros, Inc.
License: BSD-3-clause
Files: src/rsn_supp/tdls.c
Copyright: 2010-2011, Atheros Communications
License: BSD-3-clause
Files: src/tls/libtommath.c
Copyright: 2005-2007, Tom St Denis <tomstdenis@gmail.com>
License: public-domain
Files: src/utils/browser*
src/utils/http*
src/utils/xml*
Copyright: 2012-2014, Qualcomm Atheros, Inc.
License: BSD-3-clause
Files: src/utils/radiotap.c
Copyright: 2007, Andy Green <andy@warmcat.com>
2009, Johannes Berg <johannes@sipsolutions.net>
License: BSD-3-clause
Files: src/utils/radiotap.h
Copyright: 2003-2004, David Young
License: BSD-3-clause
Files: src/wps/http.h
src/wps/upnp_xml.*
src/wps/wps_upnp.*
src/wps/wps_upnp_event.c
src/wps/wps_upnp_i.h
src/wps/wps_upnp_ssdp.c
src/wps/wps_upnp_web.c
Copyright: 2000-2003, Intel Corporation
2006-2007, Sony Corporation
2008-2009, Atheros Communications
2009, Jouni Malinen <j@w1.fi>
License: BSD-3-clause
Files: src/wps/httpread.*
Copyright: 2008, Ted Merrill, Atheros Communications
License: BSD-3-clause
Files: src/wps/ndef.c
Copyright: 2009-2012, Masashi Honma <honma@ictec.co.jp>
License: BSD-3-clause
Files: src/wps/wps_validate.c
Copyright: 2010, Atheros Communications, Inc.
License: BSD-3-clause
Files: wpa_supplicant/dbus/dbus_common.*
wpa_supplicant/dbus/dbus_common_i.h
wpa_supplicant/dbus/dbus_new.*
wpa_supplicant/dbus/dbus_new_handlers.*
wpa_supplicant/dbus/dbus_new_handlers_wps.c
wpa_supplicant/dbus/dbus_new_helpers.*
wpa_supplicant/dbus/dbus_new_introspect.c
Copyright: 2006, Dan Williams <dcbw@redhat.com> and Red Hat, Inc.
2009-2010, Witold Sowa <witold.sowa@gmail.com>
2009-2010, Jouni Malinen <j@w1.fi>
License: BSD-3-clause
Files: wpa_supplicant/dbus/dbus_dict_helpers.*
Copyright: 2006, Dan Williams <dcbw@redhat.com> and Red Hat, Inc.
License: BSD-3-clause
Files: wpa_supplicant/dbus/dbus_new_handlers_p2p.*
wpa_supplicant/examples/p2p/*
wpa_supplicant/examples/dbus-listen-preq.py
Copyright: 2011-2012, Intel Corporation
License: BSD-3-clause
Files: wpa_supplicant/utils/log2pcap.py
Copyright: Johannes Berg <johannes@sipsolutions.net>, Intel Corporation
License: BSD-3-clause
Files: wpa_supplicant/wpa_gui-qt4/icons/ap.svg
Copyright: 2008, mystica
License: public-domain
Files: wpa_supplicant/wpa_gui-qt4/icons/group.svg
Copyright: 2009, Andrew Fitzsimon / Anonymous
License: public-domain
Files: wpa_supplicant/wpa_gui-qt4/icons/invitation.svg
Copyright: 2009, Jean Victor Balin
License: public-domain
Files: wpa_supplicant/wpa_gui-qt4/icons/laptop.svg
Copyright: 2008, metalmarious
License: public-domain
Files: wpa_supplicant/wpa_gui-qt4/icons/wpa_gui.svg
Copyright: 2008, Bernard Gray <bernard.gray@gmail.com>
License: BSD-3-clause or GPL-2
Files: wpa_supplicant/wpa_gui-qt4/peers.*
wpa_supplicant/wpa_gui-qt4/stringquery.*
Copyright: 2009-2010, Atheros Communications
License: BSD-3-clause
Files: wpa_supplicant/wpa_gui-qt4/signalbar.*
Copyright: 2011, Kel Modderman <kel@otaku42.de>
License: BSD-3-clause
Files: wpa_supplicant/Android.mk
wpa_supplicant/wpa_supplicant_conf.*
Copyright: 2008-2010, The Android Open Source Project
License: BSD-3-clause
Files: wpa_supplicant/ap.*
Copyright: 2003-2009, Jouni Malinen <j@w1.fi>
2009, Atheros Communications
License: BSD-3-clause
Files: wpa_supplicant/autoscan*
Copyright: 2012, Intel Corporation
License: BSD-3-clause
Files: wpa_supplicant/gas_query.*
wpa_supplicant/offchannel.*
wpa_supplicant/p2p_supplicant.*
wpa_supplicant/wifi_display.*
Copyright: 2009-2011, Atheros Communications
2011-2014, Qualcomm Atheros
2011-2014, Jouni Malinen <j@w1.fi>
License: BSD-3-clause
Files: wpa_supplicant/interworking.*
wpa_supplicant/wnm_sta.*
wpa_supplicant/wpas_kay.*
Copyright: 2011-2014, Qualcomm Atheros
2011-2014, Jouni Malinen <j@w1.fi>
License: BSD-3-clause
Files: debian/*
Copyright: 2004-2006, Kyle McMartin <kyle@debian.org>
2005-2009, Faidon Liambotis <paravoid@debian.org>
2006-2008, Reinhard Tartler <siretart@tauware.de>
2006-2012, Kel Modderman <kel@otaku42.de>
2010, Jan Dittberner <jandd@debian.org>
2010-2014, Stefan Lippers-Hollmann <s.l-h@gmx.de>
2016-2021, Andrej Shadura <andrewsh@debian.org>
License: BSD-3-clause
License: BSD-3-clause
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions are
met:
.
1. Redistributions of source code must retain the above copyright
notice, this list of conditions and the following disclaimer.
.
2. Redistributions in binary form must reproduce the above copyright
notice, this list of conditions and the following disclaimer in the
documentation and/or other materials provided with the distribution.
.
3. Neither the name(s) of the above-listed copyright holder(s) nor the
names of its contributors may be used to endorse or promote products
derived from this software without specific prior written permission.
.
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
License: GPL-2
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License version 2 as
published by the Free Software Foundation.
.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
.
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
.
On Debian GNU/Linux systems, the complete text of the GNU General Public
License version 2 can be found in `/usr/share/common-licenses/GPL-2'.
.
Note that this distribution of hostapd comes with configuration options that
link it to the OpenSSL library. The OpenSSL license is GPL-incompatible,
therefore in this distribution only the BSD license applies.
License: ISC
Permission to use, copy, modify, and/or distribute this software for any
purpose with or without fee is hereby granted, provided that the above
copyright notice and this permission notice appear in all copies.
.
THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
License: public-domain
Minimal code for RSA support from LibTomMath 0.41
http://libtom.org/
http://libtom.org/files/ltm-0.41.tar.bz2
This library was released in public domain by Tom St Denis.
.
The combination in this file may not use all of the optimized algorithms
from LibTomMath and may be considerable slower than the LibTomMath with its
default settings. The main purpose of having this version here is to make it
easier to build bignum.c wrapper without having to install and build an
external library.

1
debian/eapoltest.install vendored Normal file
View File

@ -0,0 +1 @@
wpa_supplicant/eapol_test usr/bin/

3
debian/eapoltest.lintian-overrides vendored Normal file
View File

@ -0,0 +1,3 @@
# We distribute the package under the terms of the BSD license due to the
# openssl issue, tell lintian to not complain:
eapoltest: possible-gpl-code-linked-with-openssl

1
debian/eapoltest.manpages vendored Normal file
View File

@ -0,0 +1 @@
wpa_supplicant/doc/docbook/eapol_test.8

85
debian/examples/wpa-roam.conf vendored Normal file
View File

@ -0,0 +1,85 @@
######################## Debian wpa-roam Template #############################
#
# Template configuration for wpa-roam mode of Debian's wpasupplicant package.
# wpa-roam mode is described in detail in the wpa_action(8) manpage, and also
# at /usr/share/doc/wpasupplicant/README.modes.gz. Please read these documents
# to get an overview of how to setup this mode.
#
# For a detailed set of configuration examples for different networks, refer to
# /usr/share/doc/wpasupplicant/README.wpa_supplicant.conf.gz
#
# Also see the other files in /usr/share/doc/wpasupplicant/examples/ for
# specific network configuration examples.
#
# Empty lines and lines starting with # are ignored
#
# NOTE! This file may contain password information and should be made readable
# only by root user or netdev group on multiuser systems.
#
######################## Global Configuration Options #########################
#
# The update_config option can be used to allow wpa_supplicant to overwrite
# configuration file whenever configuration is changed (e.g., new network block
# is added with wpa_cli or wpa_gui, or a password is changed). This is required
# for wpa_cli/wpa_gui to be able to store the configuration changes
# permanently.
#
# NOTE! Any comments will be removed from the configuration file when the
# update_config option is used.
#
#update_config=1
# The ctrl_interface specifies the path to a unix socket through which the
# supplicant may be controlled and interacted with.
#
# DIR= Path to UNIX socket control interface, mandatory for wpa-roam mode
# GROUP= Users in this group to control wpa_supplicant via wpa_cli/wpa_gui
#
ctrl_interface=DIR=/run/wpa_supplicant GROUP=netdev
#
######################## Network Block Configurations #########################
#
# Each network is configured as a separate block in this configuration file.
# The network blocks are listed in preference of order, the top most network
# to be found in scan results is used.
#
# By default, all networks will get same priority (0). If some of the networks
# are more desirable, the "priority=" network parameter can be used to change
# the order in which wpa_supplicant goes through the network blocks when
# selecting what network will be used. The priority groups will be iterated
# in decreasing priority, the network with the highest priority value will be
# considered for selection first and the network with the lowest priority value
# will be considered last.
#
# NOTE! The scan_ssid=1 and ap_scan=2 modes ignore the priority field. Instead,
# the networks will be considered in the order specified in this configuration
# file.
#
# The "id_str=" network identifier string parameter is given to wpa_action when
# a network has been selected, and contains this field in its configuration
# block. The given id_str string will be used to select a logical interfaces
# from ifupdown's /etc/network/interfaces file.
#
###############################################################################
#network={
# ssid="Example WEP Network"
# key_mgmt=NONE
# wep_key0=6162636465
# wep_tx_keyidx=0
# id_str="johns_house"
#}
#network={
# ssid="Example WPA Network"
# psk="mysecretpassphrase"
# id_str="home"
#}
###############################################################################
# Default behaviour is to associate with any open access point, further
# networks can be configured with wpa_cli/wpa_gui.
#
network={
key_mgmt=NONE
}

3
debian/gbp.conf vendored Normal file
View File

@ -0,0 +1,3 @@
[DEFAULT]
debian-branch=debian/unstable
upstream-branch=upstream/latest

3
debian/gitlab-ci.yml vendored Normal file
View File

@ -0,0 +1,3 @@
include:
- https://salsa.debian.org/salsa-ci-team/pipeline/raw/master/salsa-ci.yml
- https://salsa.debian.org/salsa-ci-team/pipeline/raw/master/pipeline-jobs.yml

29
debian/hostapd.NEWS vendored Normal file
View File

@ -0,0 +1,29 @@
wpa (2:2.7-3) unstable; urgency=medium
Starting from this version, the init script of hostapd will display
a warning if DAEMON_CONF is set to a value different from
/etc/hostapd/hostapd.conf. A future upload will also attempt
to migrate the configuration file to the new location.
-- Andrej Shadura <andrewsh@debian.org> Thu, 10 Jan 2019 21:29:31 +0100
wpa (2:2.6-10) unstable; urgency=medium
The hostapd .service file is now automatically masked every time the
package is upgraded with no valid configuration.
The plan is to deprecate /etc/default/hostapd at some point, making
/etc/hostapd/hostapd.conf the standard location for the configuration
file.
-- Andrew Shadura <andrewsh@debian.org> Tue, 28 Nov 2017 12:29:21 +0100
wpa (2:2.6-8) unstable; urgency=medium
Since 2:2.6-6, hostapd ships a systemd .service file. As hostapd comes
with /etc/default/hostapd file, which by default doesn't specify any
config file, to prevent installation or boot failures, the package's
postinst script masks the hostapd.service unit on the first install.
After editing the default file, users need to unmask it themselves.
-- Andrew Shadura <andrewsh@debian.org> Sun, 26 Nov 2017 19:25:50 +0000

43
debian/hostapd.README.Debian vendored Normal file
View File

@ -0,0 +1,43 @@
hostapd for Debian
------------------
This package provides two methods for managing hostapd process(es); an
initscript and an ifupdown hook. Both methods require creation of a
hostapd daemon configuration file (/etc/hostapd/hostapd.conf) to
function correctly.
An example hostapd.conf may be used as a template but _must_ be edited
to suit your local configuration. An example is located at:
/usr/share/doc/hostapd/examples/hostapd.conf.gz
To use the example as a template:
# zcat /usr/share/doc/hostapd/examples/hostapd.conf.gz > \
/etc/hostapd/hostapd.conf
# $EDITOR /etc/hostapd/hostapd.conf
If you're running systemd, you need to unmask the hostapd unit by running:
systemctl unmask hostapd
If you want to run multiple instances of hostapd with different
configurations, consider using a service template hostapd@.service
shipped with the package. E.g. for a hostapd configuration file named
/etc/hostapd/wifi.conf, the service name will be hostapd@wifi.service.
The previously supported configuration setting DAEMON_CONF in
/etc/default/hostapd is deprecated and its support will be removed.
To use the ifupdown method, the path to hostapd configuration file can
be specified in a network interfaces configuration stanza in
/etc/network/interfaces like so:
iface eth1 inet static
hostapd /etc/hostapd/hostapd.conf
...
The hostapd process will be started in the pre-up phase of ifup, and be
terminated in the post-down phase of ifdown.
Please note:
* If you want to use hostapd with a Prism2/2.5/3 card in WPA mode, you'll need
STA firmware version >= 1.7.0.

23
debian/hostapd.default vendored Normal file
View File

@ -0,0 +1,23 @@
# Defaults for hostapd initscript
#
# WARNING: The DAEMON_CONF setting has been deprecated and will be removed
# in future package releases.
#
# See /usr/share/doc/hostapd/README.Debian for information about alternative
# methods of managing hostapd.
#
# Uncomment and set DAEMON_CONF to the absolute path of a hostapd configuration
# file and hostapd will be started during system boot. An example configuration
# file can be found at /usr/share/doc/hostapd/examples/hostapd.conf.gz
#
#DAEMON_CONF=""
# Additional daemon options to be appended to hostapd command:-
# -d show more debug messages (-dd for even more)
# -K include key data in debug messages
# -t include timestamps in some debug messages
#
# Note that -B (daemon mode) and -P (pidfile) options are automatically
# configured by the init.d script and must not be added to DAEMON_OPTS.
#
#DAEMON_OPTS=""

3
debian/hostapd.docs vendored Normal file
View File

@ -0,0 +1,3 @@
hostapd/README
hostapd/README-MULTI-AP
hostapd/README-WPS

6
debian/hostapd.examples vendored Normal file
View File

@ -0,0 +1,6 @@
hostapd/hostapd.accept
hostapd/hostapd.conf
hostapd/hostapd.deny
hostapd/hostapd.eap_user
hostapd/hostapd.radius_clients
hostapd/hostapd.wpa_psk

80
debian/hostapd.init vendored Normal file
View File

@ -0,0 +1,80 @@
#!/bin/sh
### BEGIN INIT INFO
# Provides: hostapd
# Required-Start: $remote_fs
# Required-Stop: $remote_fs
# Should-Start: $network
# Should-Stop:
# Default-Start: 2 3 4 5
# Default-Stop: 0 1 6
# Short-Description: Access point and authentication server for Wi-Fi and Ethernet
# Description: Access point and authentication server for Wi-Fi and Ethernet
# Userspace IEEE 802.11 AP and IEEE 802.1X/WPA/WPA2/EAP Authenticator
### END INIT INFO
PATH=/sbin:/bin:/usr/sbin:/usr/bin
DAEMON_SBIN=/usr/sbin/hostapd
DAEMON_DEFS=/etc/default/hostapd
DAEMON_CONF=/etc/hostapd/hostapd.conf
NAME=hostapd
DESC="advanced IEEE 802.11 management"
PIDFILE=/run/hostapd.pid
[ -x "$DAEMON_SBIN" ] || exit 0
[ -s "$DAEMON_DEFS" ] && . /etc/default/hostapd
[ -n "$DAEMON_CONF" ] || exit 0
DAEMON_OPTS="-B -P $PIDFILE $DAEMON_OPTS $DAEMON_CONF"
. /lib/lsb/init-functions
for conf in $DAEMON_CONF
do
if [ ! -r "$conf" ]
then
log_action_msg "hostapd config $conf not found, not starting hostapd."
exit 0
fi
done
case "$1" in
start)
if [ "$DAEMON_CONF" != /etc/hostapd/hostapd.conf ]
then
log_warning_msg "hostapd config not in /etc/hostapd/hostapd.conf -- please read /usr/share/doc/hostapd/NEWS.Debian.gz"
fi
log_daemon_msg "Starting $DESC" "$NAME"
start-stop-daemon --start --oknodo --quiet --exec "$DAEMON_SBIN" \
--pidfile "$PIDFILE" -- $DAEMON_OPTS >/dev/null
log_end_msg "$?"
;;
stop)
log_daemon_msg "Stopping $DESC" "$NAME"
start-stop-daemon --stop --oknodo --quiet --exec "$DAEMON_SBIN" \
--pidfile "$PIDFILE"
log_end_msg "$?"
;;
reload)
log_daemon_msg "Reloading $DESC" "$NAME"
start-stop-daemon --stop --signal HUP --exec "$DAEMON_SBIN" \
--pidfile "$PIDFILE"
log_end_msg "$?"
;;
restart|force-reload)
$0 stop
sleep 8
$0 start
;;
status)
status_of_proc "$DAEMON_SBIN" "$NAME"
exit $?
;;
*)
N=/etc/init.d/$NAME
echo "Usage: $N {start|stop|restart|force-reload|reload|status}" >&2
exit 1
;;
esac
exit 0

3
debian/hostapd.install vendored Normal file
View File

@ -0,0 +1,3 @@
debian/ifupdown/hostapd/ifupdown.sh etc/hostapd/
hostapd/hostapd usr/sbin/
hostapd/hostapd_cli usr/sbin/

2
debian/hostapd.links vendored Normal file
View File

@ -0,0 +1,2 @@
etc/hostapd/ifupdown.sh /etc/network/if-pre-up.d/hostapd
etc/hostapd/ifupdown.sh /etc/network/if-post-down.d/hostapd

9
debian/hostapd.lintian-overrides vendored Normal file
View File

@ -0,0 +1,9 @@
# We distribute the package under the terms of the BSD license due to the
# openssl issue, tell lintian to not complain:
hostapd binary: possible-gpl-code-linked-with-openssl
# no need for per-interface init scripts since hostapd has ifupdown integration
hostapd: package-supports-alternative-init-but-no-init.d-script lib/systemd/system/hostapd@.service
# we want to call systemctl and not anything else to mask a unit
hostapd: maintainer-script-calls-systemctl

2
debian/hostapd.manpages vendored Normal file
View File

@ -0,0 +1,2 @@
hostapd/hostapd.8
hostapd/hostapd_cli.1

19
debian/hostapd.postinst vendored Executable file
View File

@ -0,0 +1,19 @@
#!/bin/sh
set -e
: ${DPKG_ROOT=}
#DEBHELPER#
if [ -d /run/systemd/system ] && [ -x /bin/systemctl ] && [ "$1" = configure ] && [ -z "$DPKG_ROOT" ]
then
DAEMON_CONF=
. /etc/default/hostapd
if [ -z "$DAEMON_CONF" ] && [ ! -r /etc/hostapd/hostapd.conf ] && ! systemctl --quiet is-active hostapd.service
then
systemctl mask hostapd.service
fi
fi
exit 0

11
debian/hostapd.postrm vendored Executable file
View File

@ -0,0 +1,11 @@
#!/bin/sh
set -e
if [ -d /run/systemd/system ] && [ "$1" = purge ]
then
systemctl unmask hostapd.service
fi
#DEBHELPER#
exit 0

16
debian/hostapd.service vendored Normal file
View File

@ -0,0 +1,16 @@
[Unit]
Description=Access point and authentication server for Wi-Fi and Ethernet
Documentation=man:hostapd(8)
After=network.target
[Service]
Type=forking
PIDFile=/run/hostapd.pid
Restart=on-failure
RestartSec=2
Environment=DAEMON_CONF=/etc/hostapd/hostapd.conf
EnvironmentFile=-/etc/default/hostapd
ExecStart=/usr/sbin/hostapd -B -P /run/hostapd.pid $DAEMON_OPTS ${DAEMON_CONF}
[Install]
WantedBy=multi-user.target

16
debian/hostapd@.service vendored Normal file
View File

@ -0,0 +1,16 @@
[Unit]
Description=Access point and authentication server for Wi-Fi and Ethernet (%I)
Documentation=man:hostapd(8)
After=network.target
BindsTo=sys-subsystem-net-devices-%i.device
[Service]
Type=forking
PIDFile=/run/hostapd.%i.pid
Restart=on-failure
RestartSec=2
EnvironmentFile=-/etc/default/hostapd
ExecStart=/usr/sbin/hostapd -B -P /run/hostapd.%i.pid $DAEMON_OPTS /etc/hostapd/%i.conf
[Install]
WantedBy=multi-user.target sys-subsystem-net-devices-%i.device

50
debian/ifupdown/action_wpa.sh vendored Executable file
View File

@ -0,0 +1,50 @@
#!/bin/sh
# Action script to enable/disable wpa-roam interfaces in reaction to
# ifplugd events.
#
# Copyright: Copyright (c) 2008-2010, Kel Modderman <kel@otaku42.de>
# License: GPL-2
#
PATH=/sbin:/usr/sbin:/bin:/usr/bin
if [ ! -x /sbin/wpa_action ]; then
exit 0
fi
# ifplugd(8) - <iface> <action>
#
# If an ifplugd managed interface is brought up, disconnect any
# wpa-roam managed interfaces so that only one "roaming" interface
# remains active on the system.
IFPLUGD_IFACE="${1}"
case "${2}" in
up)
COMMAND=disconnect
;;
down)
COMMAND=reconnect
;;
*)
echo "$0: unknown arguments: ${@}" >&2
exit 1
;;
esac
for CTRL in /run/wpa_supplicant/*; do
[ -S "${CTRL}" ] || continue
IFACE="${CTRL#/run/wpa_supplicant/}"
# skip if ifplugd is managing this interface
if [ "${IFPLUGD_IFACE}" = "${IFACE}" ]; then
continue
fi
if wpa_action "${IFACE}" check; then
wpa_cli -i "${IFACE}" "${COMMAND}"
fi
done

993
debian/ifupdown/functions.sh vendored Normal file
View File

@ -0,0 +1,993 @@
#!/bin/sh
#####################################################################
## Purpose
# This file contains common shell functions used by scripts of the
# wpasupplicant package to allow ifupdown to manage wpa_supplicant.
# It also contains some functions used by wpa_action(8) that allow
# ifupdown to be managed by wpa_cli(8) action events.
#
# This file is provided by the wpasupplicant package.
#####################################################################
# Copyright (C) 2006 - 2009 Debian/Ubuntu wpasupplicant Maintainers
# <pkg-wpa-devel@lists.alioth.debian.org>
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# On Debian GNU/Linux systems, the text of the GPL license,
# version 2, can be found in /usr/share/common-licenses/GPL-2.
#####################################################################
## global variables
# wpa_supplicant variables
WPA_SUP_BIN="/sbin/wpa_supplicant"
WPA_SUP_PNAME="wpa_supplicant"
WPA_SUP_PIDFILE="/run/wpa_supplicant.${WPA_IFACE}.pid"
WPA_SUP_OMIT_DIR="/run/sendsigs.omit.d"
WPA_SUP_OMIT_PIDFILE="${WPA_SUP_OMIT_DIR}/wpasupplicant.wpa_supplicant.${WPA_IFACE}.pid"
# wpa_cli variables
WPA_CLI_BIN="/sbin/wpa_cli"
WPA_CLI_PNAME="wpa_cli"
WPA_CLI_PIDFILE="/run/wpa_action.${WPA_IFACE}.pid"
WPA_CLI_TIMESTAMP="/run/wpa_action.${WPA_IFACE}.timestamp"
WPA_CLI_IFUPDOWN="/run/wpa_action.${WPA_IFACE}.ifupdown"
# default ctrl_interface socket directory
if [ -z "$WPA_CTRL_DIR" ]; then
WPA_CTRL_DIR="/run/wpa_supplicant"
fi
# verbosity variables
if [ -n "$IF_WPA_VERBOSITY" ] || [ "$VERBOSITY" = "1" ]; then
TO_NULL="/dev/stdout"
DAEMON_VERBOSITY="--verbose"
else
TO_NULL="/dev/null"
DAEMON_VERBOSITY="--quiet"
fi
#####################################################################
## wpa_cli wrapper
# Path to common ctrl_interface socket and iface supplied.
# NB: WPA_CTRL_DIR cannot be used for interactive commands, it is
# set only in the environment that wpa_cli provides when processing
# action events.
#
wpa_cli () {
"$WPA_CLI_BIN" -p "$WPA_CTRL_DIR" -i "$WPA_IFACE" "$@"
return "$?"
}
#####################################################################
## verbose and stderr message wrapper
# Ensures a standard and easily identifiable message is printed by
# scripts using this function library.
#
# log Log a message to syslog when called non-interactively
# by wpa_action
#
# verbose To stdout when IF_WPA_VERBOSITY or VERBOSITY is true
#
# action Same as verbose but without newline
# Useful for allowing wpa_cli commands to echo result
# value of 'OK' or 'FAILED'
#
# stderr Echo warning or error messages to stderr
#
# NB: when called by wpa_action, there is no redirection (verbose)
#
wpa_msg () {
if [ "$1" = "log" ]; then
shift
case "$WPA_ACTION" in
"CONNECTED"|"DISCONNECTED")
[ -x /usr/bin/logger ] || return
if [ "$#" -gt 0 ]; then
logger -t "wpa_action" "$@"
else
logger -t "wpa_action"
fi
;;
*)
[ "$#" -gt 0 ] && echo "wpa_action: $@"
;;
esac
return
fi
case "$1" in
"verbose")
shift
echo "$WPA_SUP_PNAME: $@" >$TO_NULL
;;
"action")
shift
echo -n "$WPA_SUP_PNAME: $@ -- " >$TO_NULL
;;
"stderr")
shift
echo "$WPA_SUP_PNAME: $@" >/dev/stderr
;;
*)
;;
esac
}
#####################################################################
## validate daemon pid files
# Test daemon process ID files via start-stop-daemon with a signal 0
# given the exec binary and pidfile location.
#
# $1 daemon
# $2 pidfile
#
# Returns true when pidfile exists, the process ID exists _and_ was
# created by the exec binary.
#
# If the test fails, but the pidfile exists, it is stale
#
test_daemon_pidfile () {
local DAEMON
local PIDFILE
if [ -n "$1" ]; then
DAEMON="$1"
fi
if [ -f "$2" ]; then
PIDFILE="$2"
fi
if [ -n "$DAEMON" ] && [ -f "$PIDFILE" ]; then
if start-stop-daemon --stop --quiet --signal 0 \
--exec "$DAEMON" --pidfile "$PIDFILE"; then
return 0
else
rm -f "$PIDFILE"
return 1
fi
else
return 1
fi
}
# validate wpa_supplicant pidfile
test_wpa_supplicant () {
test_daemon_pidfile "$WPA_SUP_BIN" "$WPA_SUP_PIDFILE"
}
# validate wpa_cli pidfile
test_wpa_cli () {
test_daemon_pidfile "$WPA_CLI_BIN" "$WPA_CLI_PIDFILE"
}
#####################################################################
## daemonize wpa_supplicant
# Start wpa_supplicant via start-stop-dameon with all required
# options. Will start if environment variable WPA_SUP_CONF is present
#
# Default options:
# -B dameonize/background process
# -D driver backend ('wext' if none given)
# -P process ID file
# -C path to ctrl_interface socket directory
# -s log to syslog
#
# Conditional options:
# -c configuration file
# -W wait for wpa_cli to attach to ctrl_interface socket
# -b bridge interface name
# -f path to log file
#
init_wpa_supplicant () {
[ -n "$WPA_SUP_CONF" ] || return 0
local WPA_SUP_OPTIONS
WPA_SUP_OPTIONS="-s -B -P $WPA_SUP_PIDFILE -i $WPA_IFACE"
if [ -n "$WPA_ACTION_SCRIPT" ]; then
if [ -x "$WPA_ACTION_SCRIPT" ]; then
WPA_SUP_OPTIONS="$WPA_SUP_OPTIONS -W"
wpa_msg verbose "wait for wpa_cli to attach"
else
wpa_msg stderr "action script \"$WPA_ACTION_SCRIPT\" not executable"
return 1
fi
fi
if [ -n "$IF_WPA_BRIDGE" ]; then
WPA_SUP_OPTIONS="$WPA_SUP_OPTIONS -b $IF_WPA_BRIDGE"
wpa_msg verbose "wpa-bridge $IF_WPA_BRIDGE"
fi
if [ -n "$IF_WPA_DRIVER" ]; then
wpa_msg verbose "wpa-driver $IF_WPA_DRIVER"
case "$IF_WPA_DRIVER" in
hostap|ipw|madwifi|ndiswrapper)
WPA_SUP_OPTIONS="$WPA_SUP_OPTIONS -D nl80211,wext"
wpa_msg stderr "\"$IF_WPA_DRIVER\" wpa-driver is unsupported"
wpa_msg stderr "using \"nl80211,wext\" wpa-driver instead ..."
;;
*)
WPA_SUP_OPTIONS="$WPA_SUP_OPTIONS -D $IF_WPA_DRIVER"
;;
esac
else
WPA_SUP_OPTIONS="$WPA_SUP_OPTIONS -D nl80211,wext"
wpa_msg verbose "wpa-driver nl80211,wext (default)"
fi
if [ -n "$IF_WPA_DEBUG_LEVEL" ]; then
case "$IF_WPA_DEBUG_LEVEL" in
3)
WPA_SUP_OPTIONS="$WPA_SUP_OPTIONS -t -ddd"
;;
2)
WPA_SUP_OPTIONS="$WPA_SUP_OPTIONS -t -dd"
;;
1)
WPA_SUP_OPTIONS="$WPA_SUP_OPTIONS -t -d"
;;
0)
# wpa_supplicant default verbosity
;;
-1)
WPA_SUP_OPTIONS="$WPA_SUP_OPTIONS -q"
;;
-2)
WPA_SUP_OPTIONS="$WPA_SUP_OPTIONS -qq"
;;
esac
wpa_msg verbose "using debug level: $IF_WPA_DEBUG_LEVEL"
fi
if [ -n "$IF_WPA_LOGFILE" ]; then
# custom log file
WPA_SUP_OPTIONS="$WPA_SUP_OPTIONS -f $IF_WPA_LOGFILE"
WPA_SUP_LOGFILE="$IF_WPA_LOGFILE"
wpa_msg verbose "logging to $IF_WPA_LOGFILE"
fi
wpa_msg verbose "$WPA_SUP_BIN $WPA_SUP_OPTIONS $WPA_SUP_CONF"
start-stop-daemon --start --oknodo $DAEMON_VERBOSITY \
--name $WPA_SUP_PNAME --startas $WPA_SUP_BIN --pidfile $WPA_SUP_PIDFILE \
-- $WPA_SUP_OPTIONS $WPA_SUP_CONF
if [ "$?" -ne 0 ]; then
wpa_msg stderr "$WPA_SUP_BIN daemon failed to start"
return 1
fi
local WPA_PIDFILE_WAIT
local MAX_WPA_PIDFILE_WAIT
WPA_PIDFILE_WAIT="0"
MAX_WPA_PIDFILE_WAIT="5"
until [ -s "$WPA_SUP_PIDFILE" ]; do
if [ "$WPA_PIDFILE_WAIT" -ge "$MAX_WPA_PIDFILE_WAIT" ]; then
wpa_msg stderr "timed out waiting for creation of $WPA_SUP_PIDFILE"
return 1
else
wpa_msg verbose "waiting for \"$WPA_SUP_PIDFILE\": " \
"$WPA_PIDFILE_WAIT (max. $MAX_WPA_PIDFILE_WAIT)"
fi
WPA_PIDFILE_WAIT=$(($WPA_PIDFILE_WAIT + 1))
sleep 1
done
if [ -d "${WPA_SUP_OMIT_DIR}" ]; then
wpa_msg verbose "creating sendsigs omission pidfile: $WPA_SUP_OMIT_PIDFILE"
cat "$WPA_SUP_PIDFILE" > "$WPA_SUP_OMIT_PIDFILE"
fi
local WPA_SOCKET_WAIT
local MAX_WPA_SOCKET_WAIT
WPA_SOCKET_WAIT="0"
MAX_WPA_SOCKET_WAIT="5"
until [ -S "$WPA_CTRL_DIR/$WPA_IFACE" ]; do
if [ "$WPA_SOCKET_WAIT" -ge "$MAX_WPA_SOCKET_WAIT" ]; then
wpa_msg stderr "ctrl_interface socket not found at $WPA_CTRL_DIR/$WPA_IFACE"
return 1
else
wpa_msg verbose "waiting for \"$WPA_CTRL_DIR/$WPA_IFACE\": " \
"$WPA_SOCKET_WAIT (max. $MAX_WPA_SOCKET_WAIT)"
fi
WPA_SOCKET_WAIT=$(($WPA_SOCKET_WAIT + 1))
sleep 1
done
wpa_msg verbose "ctrl_interface socket located at $WPA_CTRL_DIR/$WPA_IFACE"
}
#####################################################################
## stop wpa_supplicant process
# Kill wpa_supplicant via start-stop-daemon, given the location of
# the pidfile or ctrl_interface socket path and interface name
#
kill_wpa_supplicant () {
test_wpa_supplicant || return 0
wpa_msg verbose "terminating $WPA_SUP_PNAME daemon via pidfile $WPA_SUP_PIDFILE"
start-stop-daemon --stop --oknodo $DAEMON_VERBOSITY \
--exec $WPA_SUP_BIN --pidfile $WPA_SUP_PIDFILE
if [ -f "$WPA_SUP_PIDFILE" ]; then
rm -f "$WPA_SUP_PIDFILE"
fi
if [ -f "$WPA_SUP_OMIT_PIDFILE" ]; then
wpa_msg verbose "removing $WPA_SUP_OMIT_PIDFILE"
rm -f "$WPA_SUP_OMIT_PIDFILE"
fi
}
#####################################################################
## reload wpa_supplicant process
# Sending a HUP signal causes wpa_supplicant to reparse its
# configuration file
#
reload_wpa_supplicant () {
if test_wpa_supplicant; then
wpa_msg verbose "reloading wpa_supplicant configuration file via HUP signal"
start-stop-daemon --stop --signal HUP \
--name "$WPA_SUP_PNAME" --pidfile "$WPA_SUP_PIDFILE"
else
wpa_msg verbose "cannot $WPA_ACTION, $WPA_SUP_PIDFILE does not exist"
fi
}
#####################################################################
## daemonize wpa_cli and action script
# If environment variable WPA_ACTION_SCRIPT is present, wpa_cli will
# be spawned via start-stop-daemon
#
# Required options:
# -a action script => wpa_action
# -P process ID file
# -B background process
#
init_wpa_cli () {
[ -n "$WPA_ACTION_SCRIPT" ] || return 0
local WPA_CLI_OPTIONS
WPA_CLI_OPTIONS="-B -P $WPA_CLI_PIDFILE -i $WPA_IFACE"
wpa_msg verbose "$WPA_CLI_BIN $WPA_CLI_OPTIONS -p $WPA_CTRL_DIR -a $WPA_ACTION_SCRIPT"
start-stop-daemon --start --oknodo $DAEMON_VERBOSITY \
--name $WPA_CLI_PNAME --startas $WPA_CLI_BIN --pidfile $WPA_CLI_PIDFILE \
-- $WPA_CLI_OPTIONS -p $WPA_CTRL_DIR -a $WPA_ACTION_SCRIPT
if [ "$?" -ne 0 ]; then
wpa_msg stderr "$WPA_CLI_BIN daemon failed to start"
return 1
fi
}
#####################################################################
## stop wpa_cli process
# Kill wpa_cli via start-stop-daemon, given the location of the
# pidfile
#
kill_wpa_cli () {
test_wpa_cli || return 0
wpa_msg verbose "terminating $WPA_CLI_PNAME daemon via pidfile $WPA_CLI_PIDFILE"
start-stop-daemon --stop --oknodo $DAEMON_VERBOSITY \
--exec $WPA_CLI_BIN --pidfile $WPA_CLI_PIDFILE
if [ -f "$WPA_CLI_PIDFILE" ]; then
rm -f "$WPA_CLI_PIDFILE"
fi
if [ -f "$WPA_CLI_TIMESTAMP" ]; then
rm -f "$WPA_CLI_TIMESTAMP"
fi
if [ -L "$WPA_CLI_IFUPDOWN" ]; then
rm -f "$WPA_CLI_IFUPDOWN"
fi
}
#####################################################################
## higher level wpa_cli wrapper for variable and set_network commands
# wpa_cli_do <value> <type> <variable> [set_network variable] <desc>
#
# $1 envorinment variable
# $2 data type of variable {raw|ascii}
# $3 wpa_cli variable, if $3 is set_network, shift and take
# set_network subvariable
# $4 wpa-* string as it would appear in interfaces file, enhances
# verbose messages
#
wpa_cli_do () {
if [ -z "$1" ]; then
return 0
fi
local WPACLISET_VALUE
local WPACLISET_VARIABLE
local WPACLISET_DESC
case "$2" in
ascii)
# Double quote
WPACLISET_VALUE="\"$1\""
;;
raw|*)
# Provide raw value
WPACLISET_VALUE="$1"
;;
esac
case "$3" in
set_network)
if [ -z "$WPA_ID" ]; then
return 1
fi
shift
WPACLISET_VARIABLE="set_network $WPA_ID $3"
;;
*)
WPACLISET_VARIABLE="$3"
;;
esac
case "$4" in
*-psk|*-passphrase|*-passwd*|*-password*|*-wep-key*)
WPACLISET_DESC="$4 *****"
;;
*)
WPACLISET_DESC="$4 $WPACLISET_VALUE"
;;
esac
wpa_msg action "$WPACLISET_DESC"
wpa_cli $WPACLISET_VARIABLE "$WPACLISET_VALUE" >$TO_NULL
if [ "$?" -ne 0 ]; then
wpa_msg stderr "$WPACLISET_DESC failed!"
fi
}
#####################################################################
## check value data type in plaintext or hex
# returns 0 if input consists of hexadecimal digits only, 1 otherwise
#
ishex () {
if [ -z "$1" ]; then
return 0
fi
case "$1" in
*[!0-9a-fA-F]*)
# plaintext
return 1
;;
*)
# hexadecimal
return 0
;;
esac
}
#####################################################################
## sanity check and set psk|passphrase
# Warn about strange psk|passphrase values
#
# $1 psk or passphrase value
#
# If psk is surrounded by quotes strip them.
#
# If psk contains all hexadecimal characters and string length is 64:
# is 256bit hexadecimal
# else:
# is plaintext
#
# plaintext passphrases must be 8 - 63 characters in length
# 256-bit hexadecimal key must be 64 characters in length
#
wpa_key_check_and_set () {
if [ "$#" -ne 3 ]; then
return 0
fi
local KEY
local KEY_LEN
local KEY_TYPE
local ENC_TYPE
case "$1" in
'"'*'"')
# Strip surrounding quotation marks
KEY=$(echo -n "$1" | sed 's/^"//;s/"$//')
;;
*)
KEY="$1"
;;
esac
KEY_LEN="${#KEY}"
case "$2" in
wep_key*)
ENC_TYPE="WEP"
;;
psk)
ENC_TYPE="WPA"
;;
*)
return 0
;;
esac
if [ "$ENC_TYPE" = "WEP" ]; then
if ishex "$KEY"; then
case "$KEY_LEN" in
10|26|32|58)
# 64/128/152/256-bit WEP
KEY_TYPE="raw"
;;
*)
KEY_TYPE="ascii"
;;
esac
else
KEY_TYPE="ascii"
fi
if [ "$KEY_TYPE" = "ascii" ]; then
if [ "$KEY_LEN" -lt "5" ]; then
wpa_msg stderr "WARNING: plaintext or ascii WEP key has $KEY_LEN characters,"
wpa_msg stderr "it must have at least 5 to be valid."
fi
fi
elif [ "$ENC_TYPE" = "WPA" ]; then
if ishex "$KEY"; then
case "$KEY_LEN" in
64)
# 256-bit WPA
KEY_TYPE="raw"
;;
*)
KEY_TYPE="ascii"
;;
esac
else
KEY_TYPE="ascii"
fi
if [ "$KEY_TYPE" = "ascii" ]; then
if [ "$KEY_LEN" -lt "8" ] || [ "$KEY_LEN" -gt "63" ]; then
wpa_msg stderr "WARNING: plaintext or ascii WPA key has $KEY_LEN characters,"
wpa_msg stderr "it must have between 8 and 63 to be valid."
wpa_msg stderr "If the WPA key is a 256-bit hexadecimal key, it must have"
wpa_msg stderr "exactly 64 characters."
fi
fi
fi
wpa_cli_do "$KEY" "$KEY_TYPE" set_network "$2" "$3"
}
#####################################################################
## formulate a usable configuration from interfaces(5) wpa- lines
# A series of wpa_cli commands corresponding to environment variables
# created as a result of wpa- lines in an interfaces stanza.
#
# NB: no-act when roaming daemon is used (to avoid prematurely
# attaching to ctrl_interface socket)
#
conf_wpa_supplicant () {
if [ -n "$WPA_ACTION_SCRIPT" ]; then
return 0
fi
if [ "$IF_WPA_DRIVER" = "wired" ]; then
IF_WPA_AP_SCAN="0"
wpa_msg verbose "forcing ap_scan=0 (required for wired IEEE8021X auth)"
fi
if [ -n "$IF_WPA_ESSID" ]; then
# #403316, be similar to wireless tools
IF_WPA_SSID="$IF_WPA_ESSID"
fi
wpa_cli_do "$IF_WPA_AP_SCAN" raw \
ap_scan wpa-ap-scan
wpa_cli_do "$IF_WPA_PREAUTHENTICATE" raw \
preauthenticate wpa-preauthenticate
if [ -n "$IF_WPA_SSID" ] || [ "$IF_WPA_DRIVER" = "wired" ] || \
[ -n "$IF_WPA_KEY_MGMT" ]; then
case "$IF_WPA_SSID" in
'"'*'"')
IF_WPA_SSID=$(echo -n "$IF_WPA_SSID" | sed 's/^"//;s/"$//')
;;
*)
;;
esac
WPA_ID=$(wpa_cli add_network)
wpa_msg verbose "configuring network block -- $WPA_ID"
wpa_cli_do "$IF_WPA_SSID" ascii \
set_network ssid wpa-ssid
wpa_cli_do "$IF_WPA_PRIORITY" raw \
set_network priority wpa-priority
wpa_cli_do "$IF_WPA_BSSID" raw \
set_network bssid wpa-bssid
if [ -s "$IF_WPA_PSK_FILE" ]; then
IF_WPA_PSK=$(cat "$IF_WPA_PSK_FILE")
fi
# remain compat with wpa-passphrase-file
if [ -s "$IF_WPA_PASSPHRASE_FILE" ]; then
IF_WPA_PSK=$(cat "$IF_WPA_PASSPHRASE_FILE")
fi
# remain compat with wpa-passphrase
if [ -n "$IF_WPA_PASSPHRASE" ]; then
IF_WPA_PSK="$IF_WPA_PASSPHRASE"
fi
if [ -n "$IF_WPA_PSK" ]; then
wpa_key_check_and_set "$IF_WPA_PSK" \
psk wpa-psk
fi
wpa_cli_do "$IF_WPA_PAIRWISE" raw \
set_network pairwise wpa-pairwise
wpa_cli_do "$IF_WPA_GROUP" raw \
set_network group wpa-group
wpa_cli_do "$IF_WPA_MODE" raw \
set_network mode wpa-mode
wpa_cli_do "$IF_WPA_FREQUENCY" raw \
set_network frequency wpa-frequency
wpa_cli_do "$IF_WPA_SCAN_FREQ" raw \
set_network scan_freq wpa-scan-freq
wpa_cli_do "$IF_WPA_FREQ_LIST" raw \
set_network freq_list wpa-freq-list
wpa_cli_do "$IF_WPA_KEY_MGMT" raw \
set_network key_mgmt wpa-key-mgmt
wpa_cli_do "$IF_WPA_PROTO" raw \
set_network proto wpa-proto
wpa_cli_do "$IF_WPA_AUTH_ALG" raw \
set_network auth_alg wpa-auth-alg
wpa_cli_do "$IF_WPA_SCAN_SSID" raw \
set_network scan_ssid wpa-scan-ssid
wpa_cli_do "$IF_WPA_IDENTITY" ascii \
set_network identity wpa-identity
wpa_cli_do "$IF_WPA_ANONYMOUS_IDENTITY" ascii \
set_network anonymous_identity wpa-anonymous-identity
wpa_cli_do "$IF_WPA_EAP" raw \
set_network eap wpa-eap
wpa_cli_do "$IF_WPA_EAPPSK" raw \
set_network eappsk wpa-eappsk
wpa_cli_do "$IF_WPA_NAI" ascii \
set_network nai wpa-nai
wpa_cli_do "$IF_WPA_PASSWORD" ascii \
set_network password wpa-password
wpa_cli_do "$IF_WPA_CA_CERT" ascii \
set_network ca_cert wpa-ca-cert
wpa_cli_do "$IF_WPA_CA_PATH" ascii \
set_network ca_path wpa-ca-path
wpa_cli_do "$IF_WPA_CLIENT_CERT" ascii \
set_network client_cert wpa-client-cert
wpa_cli_do "$IF_WPA_PRIVATE_KEY" ascii \
set_network private_key wpa-private-key
wpa_cli_do "$IF_WPA_PRIVATE_KEY_PASSWD" ascii \
set_network private_key_passwd wpa-private-key-passwd
wpa_cli_do "$IF_WPA_DH_FILE" ascii \
set_network dh_file wpa-dh-file
wpa_cli_do "$IF_WPA_SUBJECT_MATCH" ascii \
set_network subject_match wpa-subject-match
wpa_cli_do "$IF_WPA_ALTSUBJECT_MATCH" ascii \
set_network altsubject_match wpa-altsubject-match
wpa_cli_do "$IF_WPA_CA_CERT2" ascii \
set_network ca_cert2 wpa-ca-cert2
wpa_cli_do "$IF_WPA_CA_PATH2" ascii \
set_network ca_path2 wpa-ca-path2
wpa_cli_do "$IF_WPA_CLIENT_CERT2" ascii \
set_network client_cert2 wpa-client-cert2
wpa_cli_do "$IF_WPA_PRIVATE_KEY2" ascii \
set_network private_key2 wpa-private-key2
wpa_cli_do "$IF_WPA_PRIVATE_KEY_PASSWD2" ascii \
set_network private_key_passwd2 wpa-private-key-passwd2
wpa_cli_do "$IF_WPA_DH_FILE2" ascii \
set_network dh_file2 wpa-dh-file2
wpa_cli_do "$IF_WPA_SUBJECT_MATCH2" ascii \
set_network subject_match2 wpa-subject-match2
wpa_cli_do "$IF_WPA_ALTSUBJECT_MATCH2" ascii \
set_network altsubject_match2 wpa-altsubject-match2
wpa_cli_do "$IF_WPA_EAP_METHODS" raw \
set_network eap_methods wpa-eap-methods
wpa_cli_do "$IF_WPA_PHASE1" ascii \
set_network phase1 wpa-phase1
wpa_cli_do "$IF_WPA_PHASE2" ascii \
set_network phase2 wpa-phase2
wpa_cli_do "$IF_WPA_PCSC" raw \
set_network pcsc wpa-pcsc
wpa_cli_do "$IF_WPA_PIN" ascii \
set_network pin wpa-pin
wpa_cli_do "$IF_WPA_ENGINE" raw \
set_network engine wpa-engine
wpa_cli_do "$IF_WPA_ENGINE_ID" ascii \
set_network engine_id wpa-engine-id
wpa_cli_do "$IF_WPA_KEY_ID" ascii \
set_network key_id wpa-key-id
wpa_cli_do "$IF_WPA_EAPOL_FLAGS" raw \
set_network eapol_flags wpa-eapol-flags
if [ -n "$IF_WPA_WEP_KEY0" ]; then
wpa_key_check_and_set "$IF_WPA_WEP_KEY0" \
wep_key0 wpa-wep-key0
fi
if [ -n "$IF_WPA_WEP_KEY1" ]; then
wpa_key_check_and_set "$IF_WPA_WEP_KEY1" \
wep_key1 wpa-wep-key1
fi
if [ -n "$IF_WPA_WEP_KEY2" ]; then
wpa_key_check_and_set "$IF_WPA_WEP_KEY2" \
wep_key2 wpa-wep-key2
fi
if [ -n "$IF_WPA_WEP_KEY3" ]; then
wpa_key_check_and_set "$IF_WPA_WEP_KEY3" \
wep_key3 wpa-wep-key3
fi
wpa_cli_do "$IF_WPA_WEP_TX_KEYIDX" raw \
set_network wep_tx_keyidx wpa-wep-tx-keyidx
wpa_cli_do "$IF_WPA_PROACTIVE_KEY_CACHING" raw \
set_network proactive_key_caching wpa-proactive-key-caching
wpa_cli_do "$IF_WPA_PAC_FILE" ascii \
set_network pac_file wpa-pac-file
wpa_cli_do "$IF_WPA_PEERKEY" raw \
set_network peerkey wpa-peerkey
wpa_cli_do "$IF_FRAGMENT_SIZE" raw \
set_network fragment_size wpa-fragment-size
wpa_cli_do "$IF_WPA_ID_STR" ascii \
set_network id_str wpa-id-str
wpa_cli_do "$WPA_ID" raw \
enable_network "enabling network block"
fi
}
#####################################################################
## Log wpa_cli environment variables
wpa_log_env () {
wpa_msg log "WPA_IFACE=$WPA_IFACE WPA_ACTION=$WPA_ACTION"
wpa_msg log "WPA_ID=$WPA_ID WPA_ID_STR=$WPA_ID_STR WPA_CTRL_DIR=$WPA_CTRL_DIR"
}
#####################################################################
## hysteresis checking
# Networking tools such as dhcp clients used with ifupdown can
# synthesize artificial ACTION events, particularly just after a
# DISCONNECTED/CONNECTED events are experienced in quick succession.
# This can lead to infinite event loops, and in extreme cases has the
# potential to cause system instability.
#
wpa_hysteresis_event () {
echo "$(date +%s)" > "$WPA_CLI_TIMESTAMP" 2>/dev/null
}
wpa_hysteresis_check () {
if [ -f "$WPA_CLI_TIMESTAMP" ]; then
local TIME
local TIMESTAMP
local TIMEWAIT
TIME=$(date +%s)
# current time minus 4 second event buffer
TIMEWAIT=$(($TIME-4))
# get time of last event
TIMESTAMP=$(cat $WPA_CLI_TIMESTAMP)
# compare values, allowing new action to be processed
# only if last action was more than 4 seconds ago
if [ "$TIMEWAIT" -le "$TIMESTAMP" ]; then
wpa_msg log "$WPA_ACTION event blocked by hysteresis check"
return 1
fi
fi
return 0
}
#####################################################################
## ifupdown locking functions
# A collection of rudimentary locking functions to lock ifup/ifdown
# actions.
#
ifupdown_lock () {
ln -s lock "$WPA_CLI_IFUPDOWN"
}
ifupdown_locked () {
[ -L "$WPA_CLI_IFUPDOWN" ] && return 0
return 1
}
ifupdown_unlock () {
rm -f "$WPA_CLI_IFUPDOWN"
}
#####################################################################
## apply mapping logic and ifup logical interface
# Apply mapping logic via id_str or external mapping script, check
# state of IFACE with respect to ifupdown and ifup logical interaface
#
ifup () {
local INTERFACES_FILE
local IFUP_RETVAL
local WPA_LOGICAL_IFACE
if [ -e /etc/network/interfaces ]; then
INTERFACES_FILE="/etc/network/interfaces"
else
wpa_msg log "/etc/network/interfaces does not exist, $WPA_IFACE will not be configured"
return 1
fi
if [ -z "$IF_WPA_MAPPING_SCRIPT_PRIORITY" ] && [ -n "$WPA_ID_STR" ]; then
WPA_LOGICAL_IFACE="$WPA_ID_STR"
fi
if [ -z "$WPA_LOGICAL_IFACE" ] && [ -n "$IF_WPA_MAPPING_SCRIPT" ]; then
local WPA_MAP_STDIN
WPA_MAP_STDIN=$(set | sed -n 's/^\(IF_WPA_MAP[0-9]*\)=.*/echo \$\1/p')
if [ -n "$WPA_MAP_STDIN" ]; then
WPA_LOGICAL_IFACE=$(eval "$WPA_MAP_STDIN" | "$IF_WPA_MAPPING_SCRIPT" "$WPA_IFACE")
else
WPA_LOGICAL_IFACE=$("$IF_WPA_MAPPING_SCRIPT" "$WPA_IFACE")
fi
if [ -n "$WPA_LOGICAL_IFACE" ]; then
wpa_msg log "mapping script result: $WPA_LOGICAL_IFACE"
else
wpa_msg log "mapping script failed."
fi
fi
if [ -z "$WPA_LOGICAL_IFACE" ]; then
if [ -n "$IF_WPA_ROAM_DEFAULT_IFACE" ]; then
WPA_LOGICAL_IFACE="$IF_WPA_ROAM_DEFAULT_IFACE"
else
WPA_LOGICAL_IFACE="default"
fi
fi
if [ -n "$WPA_LOGICAL_IFACE" ]; then
if ! /sbin/ifquery "${WPA_LOGICAL_IFACE}" > /dev/null 2>&1; then
wpa_msg log "network settings not defined for $WPA_LOGICAL_IFACE in $INTERFACES_FILE and included files."
WPA_LOGICAL_IFACE="default"
fi
wpa_msg log "ifup $WPA_IFACE=$WPA_LOGICAL_IFACE"
ifupdown_lock
if /sbin/ifquery "$WPA_IFACE" | grep -q '^wpa-roam: ' ; then
# Force settings over the unconfigured "master" IFACE
/sbin/ifup -v --force "$WPA_IFACE=$WPA_LOGICAL_IFACE"
else
/sbin/ifup -v "$WPA_IFACE=$WPA_LOGICAL_IFACE"
fi
IFUP_RETVAL="$?"
ifupdown_unlock
fi
if [ -d "${WPA_SUP_OMIT_DIR}" ]; then
wpa_msg log "creating sendsigs omission pidfile: $WPA_SUP_OMIT_PIDFILE"
cat "$WPA_SUP_PIDFILE" > "$WPA_SUP_OMIT_PIDFILE"
fi
return "$IFUP_RETVAL"
}
#####################################################################
## ifdown IFACE
# Check IFACE state and ifdown as requested.
#
ifdown () {
wpa_msg log "ifdown $WPA_IFACE"
ifupdown_lock
/sbin/ifdown -v "$WPA_IFACE"
ifupdown_unlock
wpa_msg log "removing sendsigs omission pidfile: $WPA_SUP_OMIT_PIDFILE"
rm -f "$WPA_SUP_OMIT_PIDFILE"
}
#####################################################################
## keep IFACE scanning
# After ifdown, the IFACE may be left "down", and inhibits
# wpa_supplicant's ability to continue roaming.
#
# NB: use iproute if present, flushing the IFACE first
#
if_post_down_up () {
if [ -x /bin/ip ]; then
ip addr flush dev "$WPA_IFACE" 2>/dev/null
ip link set "$WPA_IFACE" up
else
ifconfig "$WPA_IFACE" up
fi
}

146
debian/ifupdown/hostapd/ifupdown.sh vendored Executable file
View File

@ -0,0 +1,146 @@
#!/bin/sh
# Copyright (C) 2006-2009 Debian hostapd maintainers
# Faidon Liambotis <paravoid@debian.org>
# Kel Modderman <kel@otaku42.de>
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# On Debian GNU/Linux systems, the text of the GPL license,
# version 2, can be found in /usr/share/common-licenses/GPL-2.
# quit if we're called for lo
if [ "$IFACE" = lo ]; then
exit 0
fi
if [ -n "$IF_HOSTAPD" ]; then
HOSTAPD_CONF="$IF_HOSTAPD"
else
exit 0
fi
HOSTAPD_BIN="/usr/sbin/hostapd"
HOSTAPD_PNAME="hostapd"
HOSTAPD_PIDFILE="/run/hostapd.$IFACE.pid"
HOSTAPD_OMIT_PIDFILE="/run/sendsigs.omit.d/hostapd.$IFACE.pid"
if [ ! -x "$HOSTAPD_BIN" ]; then
exit 0
fi
if [ "$VERBOSITY" = "1" ]; then
TO_NULL="/dev/stdout"
else
TO_NULL="/dev/null"
fi
hostapd_msg () {
case "$1" in
verbose)
shift
echo "$HOSTAPD_PNAME: $@" > "$TO_NULL"
;;
stderr)
shift
echo "$HOSTAPD_PNAME: $@" > /dev/stderr
;;
*)
;;
esac
}
test_hostapd_pidfile () {
if [ -n "$1" ] && [ -f "$2" ]; then
if start-stop-daemon --stop --quiet --signal 0 \
--exec "$1" --pidfile "$2"; then
return 0
else
rm -f "$2"
return 1
fi
else
return 1
fi
}
init_hostapd () {
HOSTAPD_OPTIONS="-B -P $HOSTAPD_PIDFILE $HOSTAPD_CONF"
HOSTAPD_MESSAGE="$HOSTAPD_BIN $HOSTAPD_OPTIONS"
test_hostapd_pidfile "$HOSTAPD_BIN" "$HOSTAPD_PIDFILE" && return 0
hostapd_msg verbose "$HOSTAPD_MESSAGE"
start-stop-daemon --start --oknodo --quiet --exec "$HOSTAPD_BIN" \
--pidfile "$HOSTAPD_PIDFILE" -- $HOSTAPD_OPTIONS > "$TO_NULL"
if [ "$?" -ne 0 ]; then
return "$?"
fi
HOSTAPD_PIDFILE_WAIT=0
until [ -s "$HOSTAPD_PIDFILE" ]; do
if [ "$HOSTAPD_PIDFILE_WAIT" -ge 5 ]; then
hostapd_msg stderr \
"timeout waiting for pid file creation"
return 1
fi
HOSTAPD_PIDFILE_WAIT=$(($HOSTAPD_PIDFILE_WAIT + 1))
sleep 1
done
cat "$HOSTAPD_PIDFILE" > "$HOSTAPD_OMIT_PIDFILE"
return 0
}
kill_hostapd () {
HOSTAPD_MESSAGE="stopping $HOSTAPD_PNAME via pidfile: $HOSTAPD_PIDFILE"
test_hostapd_pidfile "$HOSTAPD_BIN" "$HOSTAPD_PIDFILE" || return 0
hostapd_msg verbose "$HOSTAPD_MESSAGE"
start-stop-daemon --stop --oknodo --quiet --exec "$HOSTAPD_BIN" \
--pidfile "$HOSTAPD_PIDFILE" > "$TO_NULL"
[ "$HOSTAPD_OMIT_PIDFILE" ] && rm -f "$HOSTAPD_OMIT_PIDFILE"
}
case "$MODE" in
start)
case "$PHASE" in
pre-up)
init_hostapd || exit 1
;;
*)
hostapd_msg stderr "unknown phase: \"$PHASE\""
exit 1
;;
esac
;;
stop)
case "$PHASE" in
post-down)
kill_hostapd
;;
*)
hostapd_msg stderr "unknown phase: \"$PHASE\""
exit 1
;;
esac
;;
*)
hostapd_msg stderr "unknown mode: \"$MODE\""
exit 1
;;
esac
exit 0

81
debian/ifupdown/wpa_action vendored Executable file
View File

@ -0,0 +1,81 @@
#!/bin/sh
# Copyright (C) 2006 - 2009 Debian/Ubuntu wpasupplicant Maintainers
# <pkg-wpa-devel@lists.alioth.debian.org>
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# On Debian GNU/Linux systems, the text of the GPL license,
# version 2, can be found in /usr/share/common-licenses/GPL-2.
if [ -n "$IF_WPA_ROAM_MAINT_DEBUG" ]; then
set -x
fi
if [ -z "$1" ] || [ -z "$2" ]; then
echo "Usage: $0 IFACE ACTION"
exit 1
fi
# network interface
WPA_IFACE="$1"
# [CONNECTED|DISCONNECTED|stop|reload|check]
WPA_ACTION="$2"
if [ -f /etc/wpa_supplicant/functions.sh ]; then
. /etc/wpa_supplicant/functions.sh
else
exit 0
fi
case "$WPA_ACTION" in
"CONNECTED")
wpa_log_env
wpa_hysteresis_check || exit 1
wpa_hysteresis_event
if ifup; then
wpa_cli status | wpa_msg log
else
wpa_cli status | wpa_msg log
wpa_cli reassociate
fi
;;
"DISCONNECTED")
wpa_log_env
wpa_hysteresis_check || exit 1
ifdown
if_post_down_up
;;
"stop"|"down")
test_wpa_cli && kill_wpa_cli
ifdown
test_wpa_supplicant && kill_wpa_supplicant
;;
"restart"|"reload")
test_wpa_supplicant || exit 1
reload_wpa_supplicant
;;
"check")
test_wpa_supplicant || exit 1
test_wpa_cli || exit 1
;;
*)
echo "Unknown action: \"$WPA_ACTION\""
exit 1
;;
esac
exit 0

148
debian/ifupdown/wpa_action.8 vendored Normal file
View File

@ -0,0 +1,148 @@
.TH WPA_ACTION "8" "26 May 2006" "" ""
.SH NAME
wpa_action \- wpa_cli action script
.SH SYNOPSIS
\fBwpa_action\fR \fIIFACE ACTION\fR
.SH "DESCRIPTION"
\fBwpa_action\fR is a shell script designed to control the \fBifupdown\fR
framework according to \fIACTION\fR events received from \fBwpa_supplicant\fR.
\fBwpa_cli\fR receives \fICONNECTED\fR and \fIDISCONNECTED\fR events from
\fBwpa_supplicant\fR via the crtl_iface socket and gives the \fIACTION\fR event
to the \fBwpa_action\fR script as an argument, along with the \fIIFACE\fR to be
acted upon.
.PP
\fBwpa_action\fR also receives an environment variable from \fBwpa_cli\fR,
\fIWPA_ID_STR\fR, containing an alphanumeric identification string for the
\fICURRENT\fR network block. \fIWPA_ID_STR\fR is provided by the 'id_str'
network block option of \fBwpa_supplicant.conf\fR, and provides a means to map
the \fIACTION\fR to a \fILOGICAL\fR interface configured in the \fBinterfaces\fR
file.
.PP
If either the ifupdown \fBinterfaces\fR or \fIifstate\fR file cannot be found,
\fBwpa_action\fR will exit silently (status 0). \fBwpa_action\fR will search
the following locations for their existence:
.nf
/etc/network/run/ifstate
/run/network/ifstate
/etc/network/interfaces
.fi
.PP
.SH IFACE
Network interface to be acted upon, for example 'eth1' or 'wlan0'.
.SH ACTION
An \fIACTION\fR to be performed on the \fIIFACE\fR.
.TP
\fBCONNECTED\fR
\fBwpa_supplicant\fR has completed authentication.
\fBifup\fR \fIIFACE=WPA_ID_STR\fR is invoked and the action is logged to
syslog. Network settings for the \fILOGICAL\fR interface \fIWPA_ID_STR\fR
are applied.
.TP
\fBDISCONNECTED\fR
\fBwpa_supplicant\fR has detected disconnection.
\fBifdown\fR \fIIFACE=WPA_ID_STR\fR is invoked and the action is logged to
syslog. Network settings for the \fILOGICAL\fR interface \fIWPA_ID_STR\fR
are undone.
.TP
\fBstop\fR
The 'stop' \fIACTION\fR is a called manually by the user, to stop the
\fBwpa_cli\fR daemon, invoke \fBifdown\fR \fIIFACE\fR (if the \fIIFACE\fR is
present in the \fIifstate\fR file) and stop the \fBwpa_supplicant\fR daemon.
.TP
\fBreload\fR
The 'reload' \fIACTION\fR can be used to reload the \fBwpa_supplicant\fR
configuration file specified by \fIwpa-roam\fR . 'restart' is a synonym
for 'reload' and can be used equally. The action is logged to
\fI/var/log/wpa_action.log\fR.
.SH ENVIRONMENT
An alphanumeric identification string provided by the 'id_str' network block
option of \fBwpa_supplicant.conf\fR is exported to \fBwpa_action\fR as an
environment variable, \fIWPA_ID_STR\fR. When 'id_str' is not configured for the
\fICURRENT\fR network block, 'default' is substituted for the absent
\fIWPA_ID_STR\fR environment variable.
.PP
A unique network identifier, \fIWPA_ID\fR, is exported to \fBwpa_action\fR. It
is the number assigned to the \fICURRENT\fR \fBwpa_supplicant\fR network block
(network_id).
.SH USAGE
The only reasons for \fBwpa_action\fR to be explicitly executed by the user is
to stop \fBwpa_cli\fR from controlling \fBifupdown\fR or reload the
\fIwpa_supplicant.conf\fR file after editing.
.PP
.RS
\fBwpa_action\fR \fIeth1 stop\fR
.RE
.PP
Otherwise, \fBwpa_action\fR is given as an argument to a \fBwpa_cli\fR
daemon.
.PP
.RS
\fBwpa_cli\fR \fI-i eth1 -a /sbin/wpa_action -B\fR
.RE
.PP
This can be done by using the \fIwpa-roam\fR option in the \fBinterfaces\fR
file. \fIwpa-roam\fR takes one argument, a user provided
\fBwpa_supplicant.conf\fR file.
.PP
The inet \fIMETHOD\fR must be 'manual' for this interface, as it will
be configured according to \fBwpa_cli\fR action events. Also supply a 'default'
\fBinterfaces\fR stanza using the dhcp inet \fIMETHOD\fR so that networks
without an 'id_str' option can fallback to attempting to receive an ip via
dhcp. If one or more networks requires additional network configuration,
provide an unique 'id_str' for each network, and an \fBinterfaces\fR stanza
using the 'id_str' value as a \fILOGICAL\fR interface. The following interfaces
file is configured to use dhcp for any network without an 'id_str', a static ip
for the network with an 'id_str' of 'home_static' and dhcp plus an additional
post-up command for the network with an 'id_str' of 'uni'.
.PP
An example wpa_supplicant.conf configured to roam between 3 different networks:
.PP
.RS
.nf
network={
ssid="foo"
id_str="uni"
key_mgmt=NONE
}
network={
ssid="bar"
id_str="home_static"
psk=123456789...
}
network={
ssid=""
key_mgmt=NONE
}
.fi
.RE
.PP
The corresponding \fBinterfaces\fR file would contain \fILOGICAL\fR interfaces,
that correlate to each unique 'id_str' provided by the configuration file:
.PP
.RS
.nf
iface eth1 inet manual
wpa-driver wext
wpa-roam /etc/wpa_supplicant/wpa_supplicant.conf
iface default inet dhcp
iface uni inet dhcp
iface home_static inet static
address 192.168.0.20
netmask 255.255.255.0
network 192.168.0.0
broadcast 192.168.0.255
gateway 192.168.0.1
.fi
.RE
.PP
.SH SEE ALSO
\fBwpa_cli(8)\fR, \fBwpa_supplicant(8)\fR, \fBwpa_supplicant.conf(5)\fR,
\fBifup(8)\fR, \fBinterfaces(5)\fR
.SH AUTHOR
This manual page was written by Kel Modderman <kel@otaku42.de> for
the Debian GNU system (but may be used by others).

172
debian/ifupdown/wpasupplicant/ifupdown.sh vendored Executable file
View File

@ -0,0 +1,172 @@
#!/bin/sh
#####################################################################
## Purpose
# This file is executed by ifupdown in pre-up, post-up, pre-down and
# post-down phases of network interface configuration. It allows
# ifup(8), and ifdown(8) to manage wpa_supplicant(8) and wpa_cli(8)
# processes running in daemon mode.
#
# /etc/wpa_supplicant/functions.sh is sourced by this file.
#
# This file is provided by the wpasupplicant package.
#####################################################################
# Copyright (C) 2006 - 2009 Debian/Ubuntu wpasupplicant Maintainers
# <pkg-wpa-devel@lists.alioth.debian.org>
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# On Debian GNU/Linux systems, the text of the GPL license,
# version 2, can be found in /usr/share/common-licenses/GPL-2.
if [ -n "$IF_WPA_MAINT_DEBUG" ]; then
set -x
fi
# quit if we're called for the loopback
if [ "$IFACE" = lo ]; then
exit 0
fi
# allow wpa_supplicant interface to be specified via wpa-iface
# useful for starting wpa_supplicant on one interface of a bridge
if [ -n "$IF_WPA_IFACE" ]; then
WPA_IFACE="$IF_WPA_IFACE"
else
WPA_IFACE="$IFACE"
fi
# source functions
if [ -f /etc/wpa_supplicant/functions.sh ]; then
. /etc/wpa_supplicant/functions.sh
else
exit 0
fi
# quit if executables are not installed
if [ ! -x "$WPA_SUP_BIN" ] || [ ! -x "$WPA_CLI_BIN" ]; then
exit 0
fi
do_start () {
if test_wpa_cli; then
# if wpa_action is active for this IFACE, do nothing
ifupdown_locked && exit 0
# if the administrator is calling ifup, say something useful
if [ "$PHASE" = "pre-up" ]; then
wpa_msg stderr "wpa_action is managing ifup/ifdown state of $WPA_IFACE"
wpa_msg stderr "execute \`ifdown --force $WPA_IFACE' to stop wpa_action"
fi
exit 1
elif ! set | grep -q "^IF_WPA"; then
# no wpa- option defined for IFACE, do nothing
exit 0
fi
# ensure stale ifupdown_lock marker is purged
ifupdown_unlock
# preliminary sanity checks for roaming daemon
if [ -n "$IF_WPA_ROAM" ]; then
if [ "$METHOD" != "manual" ]; then
wpa_msg stderr "wpa-roam can only be used with the \"manual\" inet METHOD"
exit 1
fi
if [ -n "$IF_WPA_MAPPING_SCRIPT" ]; then
if ! type "$IF_WPA_MAPPING_SCRIPT" >/dev/null; then
wpa_msg stderr "wpa-mapping-script \"$IF_WPA_MAPPING_SCRIPT\" is not valid"
exit 1
fi
fi
if [ -n "$IF_WPA_MAPPING_SCRIPT_PRIORITY" ] && [ -z "$IF_WPA_MAPPING_SCRIPT" ]; then
wpa_msg stderr "\"wpa-mapping-script-priority 1\" is invalid without a wpa-mapping-script"
exit 1
fi
IF_WPA_CONF="$IF_WPA_ROAM"
WPA_ACTION_SCRIPT="/sbin/wpa_action"
fi
# master function; determines if ifupdown.sh should do something or not
if [ -n "$IF_WPA_CONF" ] && [ "$IF_WPA_CONF" != "managed" ]; then
if [ ! -s "$IF_WPA_CONF" ]; then
wpa_msg stderr "cannot read contents of $IF_WPA_CONF"
exit 1
fi
WPA_SUP_CONF_CTRL_DIR=$(sed -n -e 's/[[:space:]]*#.*//g' -e 's/[[:space:]]\+.*$//g' \
-e 's/^ctrl_interface=\(DIR=\)\?\(.*\)/\2/p' "$IF_WPA_CONF")
if [ -n "$WPA_SUP_CONF_CTRL_DIR" ]; then
WPA_CTRL_DIR="$WPA_SUP_CONF_CTRL_DIR"
WPA_SUP_CONF="-c $IF_WPA_CONF"
else
# specify the default ctrl_interface since none was defined in
# the given IF_WPA_CONF
WPA_SUP_CONF="-c $IF_WPA_CONF -C $WPA_CTRL_DIR"
fi
else
# specify the default ctrl_interface
WPA_SUP_CONF="-C $WPA_CTRL_DIR"
fi
}
do_stop () {
if test_wpa_cli; then
# if wpa_action is active for this IFACE and calling ifdown,
# do nothing
ifupdown_locked && exit 0
elif test_wpa_supplicant; then
# wpa_supplicant process exists for this IFACE, but wpa_cli
# process does not. Allow stop mode to kill this process.
:
else
exit 0
fi
}
case "$MODE" in
start)
do_start
case "$PHASE" in
pre-up)
kill_wpa_supplicant
init_wpa_supplicant || exit 1
conf_wpa_supplicant || { kill_wpa_supplicant; exit 1; }
;;
post-up)
init_wpa_cli || { kill_wpa_supplicant; exit 1; }
;;
esac
;;
stop)
do_stop
case "$PHASE" in
pre-down)
kill_wpa_cli
;;
post-down)
kill_wpa_supplicant
;;
*)
wpa_msg stderr "unknown phase: \"$PHASE\""
exit 1
;;
esac
;;
*)
wpa_msg stderr "unknown mode: \"$MODE\""
exit 1
;;
esac
exit 0

1
debian/libwpa-client-dev.examples vendored Normal file
View File

@ -0,0 +1 @@
wpa_supplicant/libwpa_test.c

3
debian/libwpa-client-dev.install vendored Executable file
View File

@ -0,0 +1,3 @@
#!/usr/bin/dh-exec
wpa_supplicant/libwpa_client.a /usr/lib/${DEB_HOST_MULTIARCH}/
src/common/wpa_ctrl.h usr/include

29
debian/patches/02_dbus_group_policy.patch vendored Normal file
View File

@ -0,0 +1,29 @@
From: Michael Biebl <biebl@debian.org>
Date: Thu, 8 Mar 2007 03:23:51 +1000
Subject: Add D-Bus group policy
Debian does not use pam_console but uses group membership
to control access to D-Bus. Activating both options in the conf file
makes it work on Debian and Ubuntu.
Bug-Debian: http://bugs.debian.org/cgi-bin/bugreport.cgi?msg=15;bug=412179
---
wpa_supplicant/dbus/dbus-wpa_supplicant.conf | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/wpa_supplicant/dbus/dbus-wpa_supplicant.conf b/wpa_supplicant/dbus/dbus-wpa_supplicant.conf
index e81b495..413c049 100644
--- a/wpa_supplicant/dbus/dbus-wpa_supplicant.conf
+++ b/wpa_supplicant/dbus/dbus-wpa_supplicant.conf
@@ -9,6 +9,11 @@
<allow send_interface="fi.w1.wpa_supplicant1"/>
<allow receive_sender="fi.w1.wpa_supplicant1" receive_type="signal"/>
</policy>
+ <policy group="netdev">
+ <allow send_destination="fi.w1.wpa_supplicant1"/>
+ <allow send_interface="fi.w1.wpa_supplicant1"/>
+ <allow receive_sender="fi.w1.wpa_supplicant1" receive_type="signal"/>
+ </policy>
<policy context="default">
<deny own="fi.w1.wpa_supplicant1"/>
<deny send_destination="fi.w1.wpa_supplicant1"/>

36
debian/patches/07_dbus_service_syslog.patch vendored Normal file
View File

@ -0,0 +1,36 @@
From: Kel Modderman <kel@otaku42.de>
Date: Sat, 21 Apr 2012 15:59:32 +1000
Subject: Tweak D-Bus/systemd service activation configuration files:
* log wpa_supplicant messages to syslog
* activate control socket interface so that wpa_cli can be used by D-Bus
activated wpa_supplicant daemon
---
wpa_supplicant/dbus/fi.w1.wpa_supplicant1.service.in | 2 +-
wpa_supplicant/systemd/wpa_supplicant.service.in | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/wpa_supplicant/dbus/fi.w1.wpa_supplicant1.service.in b/wpa_supplicant/dbus/fi.w1.wpa_supplicant1.service.in
index d97ff39..3b0af67 100644
--- a/wpa_supplicant/dbus/fi.w1.wpa_supplicant1.service.in
+++ b/wpa_supplicant/dbus/fi.w1.wpa_supplicant1.service.in
@@ -1,5 +1,5 @@
[D-BUS Service]
Name=fi.w1.wpa_supplicant1
-Exec=@BINDIR@/wpa_supplicant -u
+Exec=@BINDIR@/wpa_supplicant -u -s -O /run/wpa_supplicant
User=root
SystemdService=wpa_supplicant.service
diff --git a/wpa_supplicant/systemd/wpa_supplicant.service.in b/wpa_supplicant/systemd/wpa_supplicant.service.in
index 58a6228..bc0688a 100644
--- a/wpa_supplicant/systemd/wpa_supplicant.service.in
+++ b/wpa_supplicant/systemd/wpa_supplicant.service.in
@@ -7,7 +7,7 @@ Wants=network.target
[Service]
Type=dbus
BusName=fi.w1.wpa_supplicant1
-ExecStart=@BINDIR@/wpa_supplicant -u
+ExecStart=@BINDIR@/wpa_supplicant -u -s -O /run/wpa_supplicant
[Install]
WantedBy=multi-user.target

28
debian/patches/allow-tlsv1.patch vendored Normal file
View File

@ -0,0 +1,28 @@
From: Andrej Shadura <andrewsh@debian.org>
Date: Sat, 15 Dec 2018 14:19:22 +0100
Subject: Enable TLSv1.0 by default
OpenSSL 1.1.1 disables TLSv1.0 by default and sets the security level to 2.
Some older networks may support for TLSv1.0 and less secure cyphers.
---
src/crypto/tls_openssl.c | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/src/crypto/tls_openssl.c b/src/crypto/tls_openssl.c
index c9e00b3..273e5cb 100644
--- a/src/crypto/tls_openssl.c
+++ b/src/crypto/tls_openssl.c
@@ -1040,6 +1040,13 @@ void * tls_init(const struct tls_config *conf)
os_free(data);
return NULL;
}
+
+#ifndef EAP_SERVER_TLS
+ /* Enable TLSv1.0 by default to allow connecting to legacy
+ * networks since Debian OpenSSL is set to minimum TLSv1.2 and SECLEVEL=2. */
+ SSL_CTX_set_min_proto_version(ssl, TLS1_VERSION);
+#endif
+
data->ssl = ssl;
if (conf) {
data->tls_session_lifetime = conf->tls_session_lifetime;

25
debian/patches/disable-eapol-werror.patch vendored Normal file
View File

@ -0,0 +1,25 @@
From: Andrej Shadura <andrew.shadura@collabora.co.uk>
Date: Fri, 12 Feb 2021 14:28:19 +0100
Subject: Disable -Werror for eapol_test
This may make sense for the upstream, but we just want to build
the tool to be useful to our users; dealing with build errors due
to issues normally manifesting themselves as warnings is burdening
for Debian and its downstreams.
---
wpa_supplicant/Makefile | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/wpa_supplicant/Makefile b/wpa_supplicant/Makefile
index cb66def..26b0c93 100644
--- a/wpa_supplicant/Makefile
+++ b/wpa_supplicant/Makefile
@@ -170,7 +170,7 @@ CFLAGS += -DCONFIG_ELOOP_KQUEUE
endif
ifdef CONFIG_EAPOL_TEST
-CFLAGS += -Werror -DEAPOL_TEST
+CFLAGS += -DEAPOL_TEST
endif
ifdef CONFIG_CODE_COVERAGE

5
debian/patches/series vendored Normal file
View File

@ -0,0 +1,5 @@
02_dbus_group_policy.patch
07_dbus_service_syslog.patch
allow-tlsv1.patch
disable-eapol-werror.patch
wpa_service_ignore-on-isolate.patch

36
debian/patches/wpa_service_ignore-on-isolate.patch vendored Normal file
View File

@ -0,0 +1,36 @@
From: Mathieu Trudel-Lapierre <cyphermox@ubuntu.com>
Date: Mon, 13 Mar 2017 13:46:12 -0400
Subject: Add IgnoreOnIsolate=yes to keep wpa-supplicant running while
systemctl isolate
> Add IgnoreOnIsolate=yes so that when switching "runlevels" in
> oem-config will not kill off wpa and cause wireless to be
> unavailable on first boot. (LP: #1576024)
Also happens when running systemctl isolate default.target:
> NM should be detecting that wpasupplicant is not running and start
> it -- this should already have been working by way of wpasupplicant
> being dbus-activated.
[...]
> It seems to me like IgnoreOnIsolate for wpasupplicant would be the
> right thing to do, or to figure out why it isn't being properly
> started when NM tries to use it.
Bug-Ubuntu: https://bugs.launchpad.net/bugs/1576024
---
wpa_supplicant/systemd/wpa_supplicant.service.in | 1 +
1 file changed, 1 insertion(+)
diff --git a/wpa_supplicant/systemd/wpa_supplicant.service.in b/wpa_supplicant/systemd/wpa_supplicant.service.in
index bc0688a..561ae8f 100644
--- a/wpa_supplicant/systemd/wpa_supplicant.service.in
+++ b/wpa_supplicant/systemd/wpa_supplicant.service.in
@@ -3,6 +3,7 @@ Description=WPA supplicant
Before=network.target
After=dbus.service
Wants=network.target
+IgnoreOnIsolate=true
[Service]
Type=dbus

111
debian/rules vendored Executable file
View File

@ -0,0 +1,111 @@
#!/usr/bin/make -f
export QT_SELECT=qt5
export DEB_BUILD_MAINT_OPTIONS=hardening=+all
DPKG_EXPORT_BUILDFLAGS = 1
include /usr/share/dpkg/default.mk
# The build system doesn't use CPPFLAGS, pass them to CFLAGS/CXXFLAGS to
# enable the missing (hardening) flags
DEB_CFLAGS_MAINT_APPEND = -MMD -Wall $(shell dpkg-buildflags --get CPPFLAGS) -Wno-error=array-bounds $(warning WARNING: Building with -Wno-error=array-bounds)
DEB_CXXFLAGS_MAINT_APPEND = $(shell dpkg-buildflags --get CPPFLAGS)
DEB_LDFLAGS_MAINT_APPEND = -Wl,--as-needed
export DEB_CFLAGS_MAINT_APPEND DEB_CXXFLAGS_MAINT_APPEND DEB_LDFLAGS_MAINT_APPEND
UCFLAGS = -MMD -Wall -fPIC $(shell dpkg-buildflags --get CPPFLAGS) $(shell dpkg-buildflags --get CFLAGS)
BINDIR = /sbin
V = 1
PKG_CONFIG ?= $(DEB_HOST_GNU_TYPE)-pkg-config
export BINDIR V PKG_CONFIG
include /usr/share/dpkg/architecture.mk
HOSTAPD_DOT_CONFIG := debian/config/hostapd/$(DEB_HOST_ARCH_OS)
WPASUPPLICANT_DOT_CONFIG := debian/config/wpasupplicant/$(DEB_HOST_ARCH_OS)
WPASUPPLICANT_UDEB_DOT_CONFIG := debian/config/wpasupplicant/$(DEB_HOST_ARCH_OS)-udeb
### start dh overrides
override_dh_auto_configure:
ifeq (,$(filter pkg.wpa.nogui,$(DEB_BUILD_PROFILES)))
dh_auto_configure --sourcedirectory=wpa_supplicant/wpa_gui-qt4 \
--buildsystem=qmake
endif
override_dh_auto_build:
# build documentation
dh_auto_build --sourcedirectory=wpa_supplicant/doc/docbook \
--buildsystem=makefile \
-- man
ifeq (,$(filter noudeb,$(DEB_BUILD_PROFILES)))
# build wpasupplicant-udeb
cp -v --remove-destination $(WPASUPPLICANT_UDEB_DOT_CONFIG) wpa_supplicant/.config
CFLAGS="$(UCFLAGS)" dh_auto_build --sourcedirectory=wpa_supplicant \
--buildsystem=makefile
mv -v wpa_supplicant/wpa_supplicant wpa_supplicant/wpa_supplicant-udeb
dh_auto_clean --sourcedirectory=wpa_supplicant \
--buildsystem=makefile
endif
# build wpasupplicant, libwpa_client and eapol_test
cp -v --remove-destination $(WPASUPPLICANT_DOT_CONFIG) wpa_supplicant/.config
dh_auto_build --sourcedirectory=wpa_supplicant \
--buildsystem=makefile -- all libwpa_client.a eapol_test
ifeq (,$(filter pkg.wpa.nogui,$(DEB_BUILD_PROFILES)))
# build wpa_gui-qt4
dh_auto_build --sourcedirectory=wpa_supplicant/wpa_gui-qt4 \
--buildsystem=qmake
endif
dh_auto_clean --sourcedirectory=src --buildsystem=makefile
# build hostapd
cp -v --remove-destination $(HOSTAPD_DOT_CONFIG) hostapd/.config
dh_auto_build --sourcedirectory=hostapd \
--buildsystem=makefile
dh_auto_clean --sourcedirectory=src --buildsystem=makefile
override_dh_auto_clean:
dh_auto_clean --sourcedirectory=wpa_supplicant/doc/docbook \
--buildsystem=makefile
dh_auto_clean --sourcedirectory=wpa_supplicant \
--buildsystem=makefile
ifeq (,$(filter pkg.wpa.nogui,$(DEB_BUILD_PROFILES)))
dh_auto_clean --sourcedirectory=wpa_supplicant/wpa_gui-qt4 \
--buildsystem=qmake
-find wpa_supplicant/wpa_gui-qt4 -type d -name \.moc -exec rm -rf {} \;
-find wpa_supplicant/wpa_gui-qt4 -type d -name \.ui -exec rm -rf {} \;
-find wpa_supplicant/wpa_gui-qt4 -type d -name \.obj -exec rm -rf {} \;
endif
dh_auto_clean --sourcedirectory=hostapd \
--buildsystem=makefile
override_dh_auto_install:
$(info Skip dh_auto_install ...)
execute_before_dh_clean:
# make sure to remove the staging directory for the udeb
rm -rf debian/wpasupplicant-udeb
execute_after_dh_install:
# install D-Bus service activation files & configuration
install --mode=644 -D wpa_supplicant/dbus/dbus-wpa_supplicant.conf \
debian/wpasupplicant/etc/dbus-1/system.d/wpa_supplicant.conf
ifeq (,$(filter noudeb,$(DEB_BUILD_PROFILES)))
# Install udeb
install --mode=755 -D wpa_supplicant/wpa_supplicant-udeb \
debian/wpasupplicant-udeb/sbin/wpa_supplicant
endif
override_dh_installchangelogs:
dh_installchangelogs --package=hostapd hostapd/ChangeLog
dh_installchangelogs --package=wpasupplicant wpa_supplicant/ChangeLog
ifeq (,$(filter pkg.wpa.nogui,$(DEB_BUILD_PROFILES)))
dh_installchangelogs --package=wpagui wpa_supplicant/ChangeLog
endif
dh_installchangelogs --remaining-packages
### end dh overrides
execute_after_dh_installexamples:
sed -e 's="includes.h"=<stddef.h>=' -e 's="common/wpa_ctrl.h"=<wpa_ctrl.h>=' -i debian/*/usr/share/doc/*/examples/*.c
%:
dh $@

1
debian/source/format vendored Normal file
View File

@ -0,0 +1 @@
3.0 (quilt)

3
debian/source/lintian-overrides vendored Normal file
View File

@ -0,0 +1,3 @@
# there are no upstream tarballs for the hostapd.git branch at the moment,
# please use debian/rules' get-orig-source target instead
wpa source: debian-watch-file-is-missing

9
debian/tests/build-libwpa-test vendored Executable file
View File

@ -0,0 +1,9 @@
#!/bin/sh
set -ex
cc -o /tmp/libwpa_test /usr/share/doc/libwpa-client-dev/examples/libwpa_test.c -lwpa_client
ls -l /tmp/libwpa_test
objdump -t /tmp/libwpa_test

5
debian/tests/control vendored Normal file
View File

@ -0,0 +1,5 @@
Tests: build-libwpa-test
Depends:
build-essential,
@
Restrictions: allow-stderr

36
debian/upstream/signing-key.asc vendored Normal file
View File

@ -0,0 +1,36 @@
-----BEGIN PGP PUBLIC KEY BLOCK-----
mQGiBDoydw4RBAC9vfqCsU+dgrxUSdGf70zrEAIBxcjeqHusovztR65XOWE0ccjm
QS2TVgJM+OzYg9FJG7DuLQZDwhR10BZKJfG97fNyZVBCoO90bEcTufn96oceJlz/
MHmy99+i6wYdIKYzvmaxcC1QPhENr1scgin9nMiW1MTPJ7sSgjDqd0QPVwCgmaZU
pzhKRusR5E/MmgI2kz73Ui0D/03lVNypkQTbuBp1q71YqT9qjO8+5kXU5QXJhel0
qUgJHcu3rdnIVaiANw1qauMM0DtnRKOtcaZntn03sFNnaJRx0JlmLa/cMP0nm1kP
nR6Q3Cruz7InJnJZDXGsGH/ku4OcYLUJ8UgqzaO0J5o66j7pxQQDo1UAs4PQaoYq
/ECbA/9B6b3TzuHdqUgS/g2AYTc5MU+i92ydrBv2g9SPuH78m/X4YicGR1HF7yNi
J/hiVa/axBUHpXE4vW0Bndj1bN4sctFeGGezGRaLiiggZkBBNnL8nF5eZebLvPrv
4kr8Cchz+lGF5UFNVyLWwi/I5CSUqUtSXOD1Q9WcXoqJcrE2brQXSm91bmkgTWFs
aW5lbiA8akB3MS5maT6IYgQTEQIAIgIbIwYLCQgHAwIEFQIIAwMWAgECHgECF4AF
AkZbB/QCGQEACgkQK270Mu/IlfpuGACfd0WargWDeja0VW+R9TSKjRIfO1cAn1A8
nkiso1bg/CvU56wSvpU4MpF6tBlKb3VuaSBNYWxpbmVuIDxqbUBraXIubnU+iF8E
ExECAB8FAkZbB5sCGyMGCwkIBwMCBBUCCAMDFgIBAh4BAheAAAoJECtu9DLvyJX6
BmAAnRSeK5z2ClLwuV5i1CtP9w2v85TkAJ9XLkaqrNqX4yDxoHqbEpHkHZ6d17Qg
Sm91bmkgTWFsaW5lbiA8am1Aam0uZXBpdGVzdC5maT6IVwQTEQIAFwUCOjJ3DgUL
BwoDBAMVAwIDFgIBAheAAAoJECtu9DLvyJX6jS8AnixjTt+aerNHx8woqO7WGGqQ
h15YAJ4iIDUXZ/vQZny1FG/ewzE/rdUVmrQiSm91bmkgTWFsaW5lbiA8amttYWxp
bmVAY2MuaHV0LmZpPohXBBMRAgAXBQI6Mn1JBQsHCgMEAxUDAgMWAgECF4AACgkQ
K270Mu/IlfqZmQCeN9xC1eqSD3xiUa/z+SMA2Gd5NvkAnRuwbogLyTyBb8HqC1Lx
ISWkTSBvuQINBDoyd1sQCAC8qbv50m22q9hhs54GMD+Xemg0dHiHuuTtVPYugJqT
SlhSS8QJBdulR8hYYDGHbTzjB/ksiQFOcISZZ+zQRIGqLbNldf6taGUTIhZkIh09
0RYLXCYoMFB8XLBOaLVRy7SMwsPXdbIRkT9v9CzMjZcTUVjwObQKRpTie0JZhc//
CUmY76scpRY5ifDXT9NOr5uMA3W5FI1AFc3d856BYhdnhcuJn+QQS+Xsj3r2vpVz
YHoS+nT0nQ9iwmqPtRHep+t1cudqEouaWT8tpXkSB0Y0MjOPyGnNDkg9om3gj5QK
zMDcQCxCVTHjqVUrmW6Bs2Rm2YVMBu/TIG4E9hEK8Ma/AAMFB/4pOot8lGbAJcov
gtSEvna6WyOnFtmC8UCXJyf1MnzzLAO6Fvf8cz16ig2o+7bgKiQeWxwd7LJEicv2
kD33fZl3OqSZbNdfsOxB9g+jtWC+vOXGKzr6Pi7fIBXgkhxF/eWbhFg7Kj4rd+jB
I9F7uK/wPyY8JivH8vy2w6Boipc3S7qcUn5Gk58w0EuZrAHSGKt9QWd/p7ppIfgg
mbc77YFWzM/z9fiMWp4+YIJkEH6unz3+91qQXUC4JGL6QMnsIoieqoAk/6rHMCTf
hFSvQxuhxpLUI+PT9sAvIBZLZta6hvIiYVpSTzZxiVmuioVHUhPVQdcpO5Mrr1VH
DwC+ZH8miEYEGBECAAYFAjoyd1sACgkQK270Mu/IlfrRCACfWEtm3et85knJeUK2
ApdQ54Evxn4AoIYi35jctzD/SfJzPiE15zTRS8NN
=UdTW
-----END PGP PUBLIC KEY BLOCK-----

13
debian/watch vendored Normal file
View File

@ -0,0 +1,13 @@
# Find hostapd tarball in http://w1.fi/releases/.
# We need to generate a merged wpa tarball from wpa_supplicant and hostapd,
# so use our own script instead of uupdate.
version=4
#opts=pgpmode=auto http://w1.fi/releases/hostapd-([\.0-9]+)\.tar\.gz debian debian/uscan-hook
opts="mode=git, pgpmode=none, repack, compression=xz" \
git://w1.fi/hostap.git \
refs/tags/hostap_([\d]+)_([\d]+)
opts="mode=git, pgpmode=none, pretty=2.9.0+git%cd+%h, repack, compression=xz" \
git://w1.fi/hostap.git \
HEAD

3
debian/wpagui.install vendored Normal file
View File

@ -0,0 +1,3 @@
wpa_supplicant/wpa_gui-qt4/wpa_gui usr/bin/
wpa_supplicant/wpa_gui-qt4/wpa_gui.desktop usr/share/applications/
wpa_supplicant/wpa_gui-qt4/icons/wpa_gui.svg usr/share/icons/hicolor/scalable/apps/

1
debian/wpagui.links vendored Normal file
View File

@ -0,0 +1 @@
/usr/bin/wpa_gui usr/sbin/wpa_gui

1
debian/wpagui.manpages vendored Normal file
View File

@ -0,0 +1 @@
wpa_supplicant/doc/docbook/wpa_gui.8

555
debian/wpasupplicant.README.Debian vendored Normal file
View File

@ -0,0 +1,555 @@
Modes of Operation in wpasupplicant for Debian
==============================================
The Debian wpasupplicant package provides two (2) convenient modes of operation
that are closely integrated to the core networking infrastructure; ifupdown.
Apart from that, wpa_supplicant supports D-Bus-activated operation, when the
daemon is spawned on demand by software needing it, e.g. NetworkManager or connman.
When used in that mode, wpa_supplicant does't require any manual configuration and
is configured using its D-Bus API.
Table of Contents
=================
1. Specifying the wpa_supplicant driver backend
- Table of supported drivers
- Choosing driver backend
2. Mode #1: Managed Mode
- Examples
- Table of Common Options
- Important Notes About Managed Mode
- How It Works
3. Mode #2: Roaming Mode
- wpa_supplicant.conf
- /etc/network/interfaces
- Interacting with wpa_supplicant with wpa_cli and wpa_gui
- Controlling the Roaming Daemon with wpa_action
- Fine Tuning the Roaming Setup
- Using External Mapping Scripts (e.g. guessnet)
- /etc/network/interfaces with external mapping
4. Troubleshooting
- Hidden ssids
5. Security Considerations
- Configuration File Permissions
1. Specifying the wpa_supplicant driver backend
===============================================
The wext driver backend will be used for all interfaces that do not explicitly
set 'wpa-driver' to the driver type required for that device. Users of linux
2.4 kernels, or 2.6 kernels less than 2.6.14 will be required to specify a
wpa-driver type.
Table of supported drivers
==========================
A summary of supported drivers follows:
Driver Description
====== ===========
nl80211 Linux 802.11 netlink interface
wext Linux wireless extensions (generic)
wired driver for wired Ethernet
Choosing driver backend
=======================
Set the driver type in the interfaces(5) stanza for your device with the
'wpa-driver' option. For example:
iface eth0 inet dhcp
wpa-driver wext
. . . . . more options
If no wpa-driver configuration is supplied, the wext backend is used.
2. Mode #1: Managed Mode
========================
This mode provides the ability to establish a connection via wpa_supplicant to
one known network. It is similar to how the wireless-tools package works. Each
element required to establish the connection via wpa_supplicant is prefixed
with 'wpa-' and followed by the value that will be used for that element.
Examples
========
NOTE: the 'wpa-psk' value is only valid if:
1) It is a plaintext (ascii) string between 8 and 63 characters in
length
2) It is a hexadecimal string of 64 characters
# Connect to access point of ssid 'NyNetWork' with an encryption type of
# WPA-PSK/WPA2-PSK. It assumes the driver will use the 'wext' driver backend
# of wpa_supplicant because no wpa-driver option has been specified.
# The passphrase is given as a ASCII (plaintext) string. DHCP is used to
# obtain a network address.
#
iface wlan0 inet dhcp
wpa-ssid MyNetWork
# plaintext passphrase
wpa-psk plaintextsecret
# Connect to access point of ssid 'homezone' with an encryption type of
# WPA-PSK/WPA2-PSK, using the 'wext' driver backend of wpa_supplicant.
# The psk is given as an encoded hexadecimal string. DHCP is used to obtain
# a network address.
#
iface wlan0 inet dhcp
wpa-driver wext
wpa-ssid homezone
# hexadecimal psk is encoded from a plaintext passphrase
wpa-psk 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f
# Connect to access point of ssid 'HotSpot1' and bssid of '00:1a:2b:3c:4d:5e'
# with an encryption type of WPA-PSK/WPA2-PSK, using the 'nl80211' driver
# backend of wpa_supplicant. The passphrase is given as a plaintext string.
# A static network address assignment is used.
#
iface wlan0 inet static
wpa-driver nl80211
wpa-ssid HotSpot1
wpa-bssid 00:1a:2b:3c:4d:5e
# plaintext passphrase
wpa-psk madhotspot
wpa-key-mgmt WPA-PSK
wpa-pairwise TKIP CCMP
wpa-group TKIP CCMP
wpa-proto WPA RSN
# static ip settings
address 192.168.0.100
netmask 255.255.255.0
network 192.168.0.0
broadcast 192.168.0.255
gateway 192.168.0.1
# User supplied wpa_supplicant.conf is used for eth1. All network information
# is contained within the user supplied wpa_supplicant.conf. No wpa-driver type
# is specified, so wext is used. DHCP is used to obtain a network address.
#
iface eth1 inet dhcp
wpa-conf /path/to/wpa_supplicant.conf
Table of Common Options
=======================
A brief summary of common 'wpa-' options that may be used in the
/etc/network/interfaces stanza for a wireless device. See the
'Important Notes About Managed Mode' section for information about
valid and invalid 'wpa-' values.
NOTE: ALL values are CASE SeNsItVe
Element Example Value Description
======= ============= ===========
wpa-ssid plaintextstring sets the ssid of your network
wpa-bssid 00:1a:2b:3c:4d:5e the bssid of your AP
wpa-psk 0123456789...... your preshared wpa key. Use
wpa_passphrase(8) to generate your psk
from a passphrase and ssid pair
wpa-key-mgmt NONE, WPA-PSK, WPA-EAP, list of accepted authenticated key
IEEE8021X management protocols
wpa-group CCMP, TKIP, WEP104, list of accepted group ciphers for WPA
WEP40
wpa-pairwise CCMP, TKIP, NONE list of accepted pairwise ciphers for
WPA
wpa-auth-alg OPEN, SHARED, LEAP list of allowed IEEE 802.11
authentication algorithms
wpa-proto WPA, RSN list of accepted protocols
wpa-identity myplaintextname administrator provided username
(EAP authentication)
wpa-password myplaintextpassword your password (EAP authentication)
wpa-scan-ssid 0 or 1 toggles scanning of ssid with specific
Probe Request frames
wpa-ap-scan 0 or 1 or 2 adjusts the scanning logic of
wpa_supplicant
The complete functionality of wpa_cli(8) should be implemented. Anything
missing is considered a bug and should be reported as such. Patches are always
welcome.
Important Notes About Managed Mode
==================================
Almost all 'wpa-' options require there is at least a ssid specified. Only a
handful of options have a global effect. These are: 'wpa-ap-scan' and
'wpa-preauthenticate'.
Any 'wpa-' option given for a device in the interfaces(5) file is sufficient to
trigger the wpa_supplicant daemon into action.
The wpasupplicant ifupdown script makes assumptions about the 'type' of input
that is valid for each option. For example, it assumes that some input is
plaintext and wraps quotation marks around the input before passing it on
to wpa_cli, which then adds the input to the network block being formed via
the wpa_supplicant ctrl_interface socket. Running ifup manually with the
'--verbose' option will reveal all of the commands used to form the network
block via wpa_cli. If the value you used for any wpa-* option in
/etc/network/interfaces is surrounded by double quotes, than it has been
assumed to be of "plaintext" or "ascii" type input.
Some input is assumed to be a hexadecimal string (eg. wpa-wep-key*). The value
'type' of the wpa-psk option however, is determined via a simple check for more
than one non hexadecimal character.
How It Works
============
As mentioned earlier, each wpa_supplicant specific element is prefixed with
'wpa-'. Each element correlates to a property of wpa_supplicant described in
the wpa_supplicant.conf(5), wpa_supplicant(8) and wpa_cli(8) manpages. The
supplicant is launched without any pre-configuration whatsoever, and wpa_cli
forms a network configuration from the input provided by the 'wpa-*' lines.
Initially, wpa_supplicant/wpa_cli does not directly set the properties of the
device (like setting an essid with iwconfig, for example), rather it informs
the device of what access point is suitable to associate with. Once the device
has scanned the area, and found that the suitable access point is available for
use, these properties are set.
The scripts that do all the work are located at:
/etc/wpa_supplicant/ifupdown.sh
/etc/wpa_supplicant/functions.sh
ifupdown.sh is executed by run-parts, which in turn is invoked by ifupdown
during the 'pre-up', 'pre-down' and 'post-down' phases.
In the 'pre-up' phase, a wpa_supplicant daemon is launched followed by a series
of wpa_cli commands that set up a network configuration according to what
'wpa-' options were used in /etc/network/interfaces for the physical device.
If wpa-roam is used, a wpa_cli daemon is launched in the 'post-up' phase.
In the 'pre-down' phase, the wpa_cli daemon is terminated.
In the 'post-down' phase, the wpa_supplicant daemon is terminated.
3. Mode #2: Roaming Mode
========================
A self contained, simplistic roaming mechanism is provided by this package. It
is in the form of a wpa_cli action script, /sbin/wpa_action, and it assumes
control of ifupdown once activated. The wpa_action(8) manpage describes its
technical details in great depth.
To activate a roaming interface, adapt the following example interfaces(5)
stanza:
iface eth1 inet manual
wpa-driver wext
wpa-roam /etc/wpa_supplicant/wpa_supplicant.conf
Two daemons are spawned from the above example; wpa_supplicant and wpa_cli. It
is required to provide a wpa_supplicant.conf containing a minimal amount of
global options, and any known network blocks that should be connected to
without interaction. A good starting point is provided by an example
configuration file:
# copy the template to /etc/wpa_supplicant/
cp /usr/share/doc/wpasupplicant/examples/wpa-roam.conf \
/etc/wpa_supplicant/wpa_supplicant.conf
# allow only root to read and write to file
chmod 0600 /etc/wpa_supplicant/wpa_supplicant.conf
NOTE: it is critical that the used wpa_supplicant.conf defines the location of
the 'ctrl_interface' so that a communication socket is created for the
wpa_cli (wpa-roam daemon) to attach. The mentioned example configuration,
/usr/share/doc/wpasupplicant/examples/wpa-roam.conf, has been set to a
sane default.
It is required to edit this configuration file, and add the network blocks for
all known networks. If you do not understand what this means, start reading the
wpa_supplicant.conf(5) manpage now.
For each network, you may specify a special option 'id_str'. It should be set to
a simple text string. This text string forms the basis for network profiling; it
correlates to a logical interface defined in the interfaces(5) file. When no
'id_str' is given for a network, wpa_action assumes it will use the 'default'
logical interface as fallback. The fallback interface can be chosen via the
'wpa-roam-default-iface' option.
So what does all this mean? Lets illustrate it with a small example taken from
the wpa_action(8) manpage.
wpa_supplicant.conf
===================
network={
ssid="foo"
key_mgmt=NONE
# this id_str will notify /sbin/wpa_action to 'ifup uni'
id_str="uni"
}
network={
ssid="bar"
psk=123456789...
# this id_str will notify /sbin/wpa_action to 'ifup home_static'
id_str="home_static"
}
network={
ssid=""
key_mgmt=NONE
# no 'id_str' parameter is given, /sbin/wpa_action will 'ifup default'
}
/etc/network/interfaces
=======================
# the roaming interface MUST use the manual inet method
# 'allow-hotplug' or 'auto' ensures the daemon starts automatically
allow-hotplug eth1
iface eth1 inet manual
wpa-driver wext
wpa-roam /etc/wpa_supplicant/wpa_supplicant.conf
# no id_str, 'default' is used as the fallback mapping target
iface default inet dhcp
# id_str="uni"
iface uni inet dhcp
# id_str="home_static"
iface home_static inet static
address 192.168.0.20
netmask 255.255.255.0
network 192.168.0.0
broadcast 192.168.0.255
gateway 192.168.0.1
A logical interface is brought up via ifup, and taken down via ifdown, as
wpa_supplicant associates and de-associates with the network associated
to it by the 'id_str' option used in the wpa_supplicant.conf configuration file.
/sbin/wpa_action's actions are logged to syslog.
Interacting with wpa_supplicant with wpa_cli and wpa_gui
========================================================
The wpa_supplicant process can be interacted with by members of the "netdev"
group if the example roaming configuration was used as is (or by whatever
group or gid specified by the GROUP= crtl_interface parameter).
# the default ctrl_interface option used in the example file
# /usr/share/doc/wpasupplicant/examples/wpa-roam.conf
ctrl_interface=DIR=/run/wpa_supplicant GROUP=netdev
To interact with the supplicant, the wpa_cli (command line) and wpa_gui (QT)
have been provided. With these you may connect, disconnect, add/delete new
network blocks, provide required interactive security information and so on.
Controlling the Roaming Daemon with wpa_action
==============================================
Once the roaming daemon is started, it assumes control of ifupdown. That is;
wpa_cli calls ifup when wpa_supplicant has successfully associated with an
access point, and calls ifdown when the connection is lost or terminated.
While the roaming daemon is active, ifupdown should not be controlled directly
by manually issued commands, rather /sbin/wpa_action is supplied to stop and
reload the roaming daemon. For example, to stop the
romaing daemon on the device 'eth1':
wpa_action eth1 stop
When it is required to update the roaming daemon with a new networks details,
it can be done without stopping it. Edit the wpa_supplicant.conf file that is
being used by the daemon with the new networks details, add optional network
settings to /etc/network/interfaces that are specific to the new network
(linked by the 'id_str') and then 'reload' the daemon like so:
wpa_action eth1 reload
For the complete technical details of what wpa_action can do, read the
wpa_action(8) manpage.
Fine Tuning the Roaming Setup
=============================
You may face situations where multiple known access points are in close
proximity. You can choose which one is preferred manually, with wpa_cli or
wpa_gui, or you can give each network its own priority. This is provided by the
'priority' option of wpa_supplicant.conf.
Using External Mapping Scripts (e.g. guessnet)
==============================================
In addition to the internal mapping of logical interfaces via 'id_str',
wpa_action can call external mapping scripts. A mapping script should return
the name of the logical interface which should be brought up. Any mapping
script that works from ifupdowns mapping mechanism (see man interfaces) should
also work when called from wpa_action.
To call a mapping script add a line 'wpa-mapping-script name-of-the-script' to
the interfaces stanza of the physical roaming device. (You may have to specify
the absolute path to the mapping script.)
The contents of lines starting with wpa-map are passed to stdin of the mapping
script. Since ifupdown allows only one wpa-map line you can append any number
to wpa-map for additional lines. For example:
iface wlan0 inet manual
wpa-driver wext
wpa-roam /etc/wpa_supplicant/wpa_supplicant.conf
wpa-mapping-script guessnet-ifupdown
wpa-map0 home
wpa-map1 work
wpa-map2 school
# ... additional wpa-mapX lines as required
By default the mapping script will only be used when no 'id_str' is available
for the current network. If you want to completely disable 'id_str' matching
and use only an external mapping script, use the
'wpa-mapping-script-priority 1' option to override default behaviour.
If the mapping script returns an empty string wpa_action will fallback to using
the 'default' interface, unless an alternative is defined by the
'wpa-roam-default-iface' option.
Below is an advanced example, using guessnet-ifupdown as the external mapping
script.
/etc/network/interfaces with external mapping
=============================================
allow-hotplug wlan0
iface wlan0 inet manual
wpa-driver wext
wpa-roam /etc/wpa_supplicant/wpa_supplicant.conf
wpa-roam-default-iface default-wparoam
wpa-mapping-script guessnet-ifupdown
wpa-map default: default-guessnet
wpa-map0 home_static
wpa-map1 work_static
# school can only be chosen via 'id_str' matching
iface school inet dhcp
# resolvconf
dns-nameservers 11.22.33.44 55.66.77.88
iface home_static inet static
address 192.168.0.20
netmask 255.255.255.0
network 192.168.0.0
broadcast 192.168.0.255
gateway 192.168.0.1
test peer address 192.168.0.1 mac 00:01:02:03:04:05
iface work_static inet static
address 192.168.3.200
netmask 255.255.255.0
network 192.168.3.0
broadcast 192.168.3.255
gateway 192.168.3.1
test peer address 192.168.3.1 mac 00:01:02:03:04:05
iface default-guessnet inet dhcp
iface default-wparoam inet dhcp
In this example wpa_action will use guessnet for the selection of a suitable
logical interface only when no 'id_str' option has been provided for the
current network in the provided wpa_supplicant.conf.
The 'wpa-map' lines provide guessnet with the logical interfaces that are to be
tested as well as the default interface to be used when all tests fail. The
'test' lines of each logical interface are used by guessnet to determine if
we are actually connected to that network. For instance, guessnet will choose
the logical interface 'home_static' if there's a device with an IP address of
192.168.0.1 and MAC of 00:01:02:03:04:05 on the current network. If all tests
fail, the 'default-guessnet' interface will be configured.
Please, read the guessnet(8) manpage for more information.
4. Troubleshooting
==================
In order to debug connection, association and authentication problems,
increase the verbosity level of wpa_supplicant to log debug output by
adding the wpa-debug-level option to /etc/network/interfaces like in
the following example:
iface eth1 inet dhcp
wpa-debug-level 3
...
Debug level number 3 starts the supplicant with the -ddd command line option,
level 2 with -dd an level 1 with -d. Values of -1 and -2 will cause
wpa_supplicant to be started with -q and -qq options respectively (quiet mode).
Any other wpa-debug-level value will cause the supplicant to be started
with default debug level.
If wpa_supplicant is started via D-Bus, then you must edit
/usr/share/dbus-1/system-services/fi.epitest.hostap.WPASupplicant.service and
add the debugging command line option to the Exec field.
It is also possible to have wpa_supplicant write all debug output to a text
file with the -f command line option. You may specify a file to log to with
the wpa-logfile in /etc/network/interfaces if starting wpa_supplicant via
ifupdown.
Another method is to start `wpa_cli -i <interface>` in another shell before
starting the interface. Use the command 'level 0' first, to get all debug
messages sent to the control socket by wpa_supplicant.
To debug the ifupdown scripts that start wpa_supplicant and friends, use
`ifup --verbose <interface>` to get verbose messages, or set
wpa-maint-debug to any value to see shell code execution (set -x).
Hidden ssids
============
For reference, see #358137 [1]. In order to be able to associate to hidden
ssids, please try to set the option 'ap_scan=1' in the global section, and
'scan_ssid=1' in your network block section of your wpa_supplicant.conf file.
If you are using the managed mode, you can do so by these stanzas:
iface eth1 inet dhcp
wpa-ap-scan 1
wpa-scan-ssid 1
# ... additional options for your setup
According to #368770 [2], association can take a very long time under certain
circumstances. In some cases, setting the parameter 'ap_scan=2' in the
config file, (or using a 'wpa-ap-scan 2' stanza, which is equivalent) can
greatly help to speed up association. Please note that setting ap_scan to the
value of 2 also requires that all networks have a precisely defined security
policy for key_mgmt, pairwise, group and proto network policy variables.
[1] http://bugs.debian.org/358137
[2] http://bugs.debian.org/368770
5. Security Considerations
==========================
Configuration File Permissions
==============================
It is important to keep PSK's and other sensitive information concerning your
network settings private, therefore ensure that important configuration files
containing such data are only readable by their owner. For example:
chmod 0600 /etc/network/interfaces
chmod 0600 /etc/wpa_supplicant/wpa_supplicant.conf
By default, /etc/network/interfaces is world readable, and thus unsuitable for
containing secret keys and passwords.

5
debian/wpasupplicant.docs vendored Normal file
View File

@ -0,0 +1,5 @@
wpa_supplicant/README
wpa_supplicant/README-DPP
wpa_supplicant/README-HS20
wpa_supplicant/README-WPS
wpa_supplicant/README-P2P

3
debian/wpasupplicant.examples vendored Normal file
View File

@ -0,0 +1,3 @@
wpa_supplicant/wpa_supplicant.conf
wpa_supplicant/examples/*.conf
debian/examples/*.conf

11
debian/wpasupplicant.install vendored Normal file
View File

@ -0,0 +1,11 @@
debian/ifupdown/wpa_action sbin/
debian/ifupdown/action_wpa.sh etc/wpa_supplicant/
debian/ifupdown/functions.sh etc/wpa_supplicant/
debian/ifupdown/wpasupplicant/ifupdown.sh etc/wpa_supplicant/
wpa_supplicant/dbus/fi.*.service usr/share/dbus-1/system-services/
wpa_supplicant/examples/60_wpa_supplicant usr/lib/pm-utils/sleep.d/
wpa_supplicant/systemd/*.service lib/systemd/system/
wpa_supplicant/wpa_cli sbin/
wpa_supplicant/wpa_passphrase usr/bin/
wpa_supplicant/wpa_supplicant sbin/
debian/NetworkManager/no-mac-addr-change.conf usr/lib/NetworkManager/conf.d/

7
debian/wpasupplicant.links vendored Normal file
View File

@ -0,0 +1,7 @@
etc/wpa_supplicant/ifupdown.sh etc/network/if-pre-up.d/wpasupplicant
etc/wpa_supplicant/ifupdown.sh etc/network/if-up.d/wpasupplicant
etc/wpa_supplicant/ifupdown.sh etc/network/if-down.d/wpasupplicant
etc/wpa_supplicant/ifupdown.sh etc/network/if-post-down.d/wpasupplicant
etc/wpa_supplicant/action_wpa.sh etc/ifplugd/action.d/action_wpa
usr/share/doc/wpasupplicant usr/share/doc/wpa_supplicant
usr/share/doc/wpasupplicant/README.Debian usr/share/doc/wpasupplicant/README.modes

12
debian/wpasupplicant.lintian-overrides vendored Normal file
View File

@ -0,0 +1,12 @@
# We distribute the package under the terms of the BSD license due to the
# openssl issue, tell lintian to not complain:
wpasupplicant binary: possible-gpl-code-linked-with-openssl
# false positive spelling complaints
wpasupplicant binary: spelling-error-in-binary sbin/wpa_supplicant ment meant
# no need for init scripts since wpa-supplicant has NM and ifupdown integration
wpasupplicant: package-supports-alternative-init-but-no-init.d-script
# this is a library
wpasupplicant: script-not-executable etc/wpa_supplicant/functions.sh

6
debian/wpasupplicant.manpages vendored Normal file
View File

@ -0,0 +1,6 @@
debian/ifupdown/wpa_action.8
wpa_supplicant/doc/docbook/wpa_background.8
wpa_supplicant/doc/docbook/wpa_cli.8
wpa_supplicant/doc/docbook/wpa_passphrase.8
wpa_supplicant/doc/docbook/wpa_supplicant.8
wpa_supplicant/doc/docbook/wpa_supplicant.conf.5

36
debian/wpasupplicant.postinst vendored Executable file
View File

@ -0,0 +1,36 @@
#!/bin/sh
# This script can be called in the following ways:
#
# After the package was installed:
# <postinst> configure <old-version>
#
#
# If prerm fails during upgrade or fails on failed upgrade:
# <old-postinst> abort-upgrade <new-version>
#
# If prerm fails during deconfiguration of a package:
# <postinst> abort-deconfigure in-favour <new-package> <version>
# removing <old-package> <version>
#
# If prerm fails during replacement due to conflict:
# <postinst> abort-remove in-favour <new-package> <version>
set -e
case "$1" in
configure)
# Add the netdev group unless it's already there
if ! getent group netdev >/dev/null; then
addgroup --quiet --system netdev || true
fi
;;
abort-upgrade|abort-deconfigure|abort-remove)
;;
*)
echo "$0 called with unknown argument \`$1'" 1>&2
exit 1
;;
esac
#DEBHELPER#
exit 0

2
wpa_supplicant/systemd/wpa_supplicant.service.arg.in
View File

@ -9,7 +9,7 @@ Wants=network.target
[Service]
Type=simple
ExecStart=@BINDIR@/wpa_supplicant -c/etc/wpa_supplicant/wpa_supplicant-%I.conf -Dnl80211,wext -i%I
ExecStart=@BINDIR@/wpa_supplicant -c/etc/wpa_supplicant/wpa_supplicant-%I.conf -i%I
[Install]
WantedBy=multi-user.target

2
wpa_supplicant/wpa_gui-qt4/wpa_gui.desktop
View File

@ -2,7 +2,7 @@
Version=1.0
Name=wpa_gui
Comment=Graphical user interface for wpa_supplicant
Exec=/usr/sbin/wpa_gui
Exec=wpa_gui
Icon=wpa_gui
GenericName=wpa_supplicant user interface
Terminal=false