tech-net: Experimental EAP support for Aironet

Subject: Experimental EAP support for Aironet
To: None <tech-net@netbsd.org>
From: Atsushi Onoe <onoe@sm.sony.co.jp>
List: tech-net
Date: 06/29/2001 20:39:03
--NextPart-20010629203822-0068501
Content-Type: Text/Plain; charset=us-ascii

I've commit experimental EAP support for aironet 'an' driver.
It requires the firmware revision at least 4.23 (342/352),
Cisco's AP-350 access point, and CiscoSecure ACS 2.6 RADIUS server
product to enable LEAP.

If any of you can use such environment, please test the implementation
and send the result to me or the list.

To enable EAP, update the ifconfig.c with the attached patch, and
specify eap as the argument of nwkey as follows:
	ifconfig an0 nwkey eap:USERNAME,PASSWORD

Regards,

Atsushi Onoe

> Module Name:	syssrc
> Committed By:	onoe
> Date:		Fri Jun 29 11:24:43 UTC 2001
> 
> Modified Files:
> 	syssrc/sys/dev/ic: an.c anreg.h anvar.h
> 
> Log Message:
> Experimental support for LEAP, which is cisco's implementation of IEEE802.11
> EAP in aironet firmware.  Currently it seems that only cisco's RADIUS server
> implements EAP for IEEE802.11, and the function is not tested at all.
> 
> 
> To generate a diff of this commit:
> cvs rdiff -r1.16 -r1.17 syssrc/sys/dev/ic/an.c
> cvs rdiff -r1.7 -r1.8 syssrc/sys/dev/ic/anreg.h
> cvs rdiff -r1.6 -r1.7 syssrc/sys/dev/ic/anvar.h
> 
> Please note that diffs are not public domain; they are subject to the
> copyright notices on the relevant files.
> 
> 

--NextPart-20010629203822-0068501
Content-Type: text/plain; charset=us-ascii
Content-Disposition: attachment; filename="ifconfig.c.EAP.patch"

Index: ifconfig.c
===================================================================
RCS file: /cvsroot/basesrc/sbin/ifconfig/ifconfig.c,v
retrieving revision 1.109
diff -u -r1.109 ifconfig.c
--- ifconfig.c	2001/06/21 13:36:24	1.109
+++ ifconfig.c	2001/06/27 01:36:17
@@ -1322,6 +1322,17 @@
 		/* program keys in persistent memory */
 		nwkey.i_wepon |= IEEE80211_NWKEY_PERSIST;
 		goto set_nwkey;
+	} else if (strncasecmp("eap:", val, 4) == 0) {
+		val += 4;
+		nwkey.i_wepon = IEEE80211_NWKEY_EAP;
+		for (i = 0; i < 2; i++) {
+			nwkey.i_key[i].i_keylen = sizeof(keybuf[0]) * 2;
+			nwkey.i_key[i].i_keydat = keybuf[i*2];
+			val = get_string(val, ",", keybuf[i*2],
+			    &nwkey.i_key[i].i_keylen);
+			if (val == NULL)
+				return;
+		}
 	} else {
   set_nwkey:
 		if (isdigit(val[0]) && val[1] == ':') {
@@ -1424,7 +1435,9 @@
 		nwkey.i_key[i].i_keydat = keybuf[i];
 		nwkey.i_key[i].i_keylen = sizeof(keybuf[i]);
 	}
-	if (ioctl(s, SIOCG80211NWKEY, (caddr_t)&nwkey) != 0) {
+	if (nwkey.i_wepon == IEEE80211_NWKEY_EAP) {
+		printf("eap:*****");
+	} else if (ioctl(s, SIOCG80211NWKEY, (caddr_t)&nwkey) != 0) {
 		printf("*****");
 	} else {
 		nwkey_verbose = 0;
@@ -1447,6 +1460,10 @@
 				nwkey_verbose = 1;
 			else if (nwkey.i_key[0].i_keylen >= 7 &&
 			    strncasecmp("persist", nwkey.i_key[0].i_keydat, 7)
+			    == 0)
+				nwkey_verbose = 1;
+			else if (nwkey.i_key[0].i_keylen >= 3 &&
+			    strncasecmp("eap", nwkey.i_key[0].i_keydat, 3)
 			    == 0)
 				nwkey_verbose = 1;
 		}

--NextPart-20010629203822-0068501--