- Add BLOB support to the D-Bus interface

- Fix D-Bus interface permissions so that only root can use the
    wpa_supplicant D-Bus interface

wpa_supplicant-0.5.7-dbus-blobs.patch

@@ -0,0 +1,165 @@
+diff --git a/wpa_supplicant/ctrl_iface_dbus.c b/wpa_supplicant/ctrl_iface_dbus.c
+index 1d66c96..8e236e8 100644
+--- a/wpa_supplicant/ctrl_iface_dbus.c
++++ b/wpa_supplicant/ctrl_iface_dbus.c
+@@ -536,6 +536,10 @@ static DBusHandlerResult wpas_iface_message_handler(DBusConnection *connection,
+ 			reply = wpas_dbus_iface_set_ap_scan(message, wpa_s);
+ 		else if (!strcmp(method, "state"))
+ 			reply = wpas_dbus_iface_get_state(message, wpa_s);
++		else if (!strcmp(method, "setBlobs"))
++			reply = wpas_dbus_iface_set_blobs(message, wpa_s);
++		else if (!strcmp(method, "removeBlobs"))
++			reply = wpas_dbus_iface_remove_blobs(message, wpa_s);
+ 	}
+ 
+ 	/* If the message was handled, send back the reply */
+diff --git a/wpa_supplicant/ctrl_iface_dbus_handlers.c b/wpa_supplicant/ctrl_iface_dbus_handlers.c
+index 5e952ec..3ece2fe 100644
+--- a/wpa_supplicant/ctrl_iface_dbus_handlers.c
++++ b/wpa_supplicant/ctrl_iface_dbus_handlers.c
+@@ -1203,3 +1203,128 @@ DBusMessage * wpas_dbus_iface_get_state(DBusMessage *message,
+ 
+ 	return reply;
+ }
++
++
++/**
++ * wpas_dbus_iface_set_blobs - Store named binary blobs (ie, for certificates)
++ * @message: Pointer to incoming dbus message
++ * @global: %wpa_supplicant global data structure
++ * Returns: A dbus message containing a UINT32 indicating success (1) or
++ *          failure (0)
++ *
++ * Asks wpa_supplicant to internally store a one or more binary blobs.
++ */
++DBusMessage * wpas_dbus_iface_set_blobs(DBusMessage *message,
++				       struct wpa_supplicant *wpa_s)
++{
++	DBusMessage *reply = NULL;
++	struct wpa_dbus_dict_entry entry = { .type = DBUS_TYPE_STRING };
++	DBusMessageIter	iter, iter_dict;
++
++	dbus_message_iter_init(message, &iter);
++
++	if (!wpa_dbus_dict_open_read(&iter, &iter_dict))
++		return wpas_dbus_new_invalid_opts_error(message, NULL);
++
++	while (wpa_dbus_dict_has_dict_entry(&iter_dict)) {
++		struct wpa_config_blob *blob;
++
++		if (!wpa_dbus_dict_get_entry(&iter_dict, &entry)) {
++			reply = wpas_dbus_new_invalid_opts_error(message, NULL);
++			break;
++		}
++
++		if (entry.type != DBUS_TYPE_ARRAY ||
++		    entry.array_type != DBUS_TYPE_BYTE) {
++			reply = wpas_dbus_new_invalid_opts_error(message,
++					"Byte array expected.");
++			break;
++		}
++
++		if (   (entry.array_len <= 0)
++		    || (entry.array_len > 65536)
++		    || !strlen(entry.key)) {
++			reply = wpas_dbus_new_invalid_opts_error(message,
++					"Invalid array size.");
++			break;
++		}
++
++		blob = os_zalloc(sizeof(*blob));
++		if (blob == NULL) {
++			reply = dbus_message_new_error(message,
++					WPAS_ERROR_ADD_ERROR,
++					"Not enough memory to add blob.");
++			break;
++		}
++		blob->data = os_zalloc(entry.array_len);
++		if (blob->data == NULL) {
++			reply = dbus_message_new_error(message,
++					WPAS_ERROR_ADD_ERROR,
++					"Not enough memory to add blob data.");
++			os_free(blob);
++			break;
++		}
++
++		blob->name = os_strdup(entry.key);
++		os_memcpy(blob->data, (u8 *) entry.bytearray_value,
++				entry.array_len);
++		if (blob->name == NULL || blob->data == NULL) {
++			wpa_config_free_blob(blob);
++			reply = dbus_message_new_error(message,
++					WPAS_ERROR_ADD_ERROR,
++					"Error adding blob.");
++			break;
++		}
++
++		/* Success */
++		wpa_config_remove_blob(wpa_s->conf, blob->name);
++		wpa_config_set_blob(wpa_s->conf, blob);
++		wpa_dbus_dict_entry_clear(&entry);
++	}
++	wpa_dbus_dict_entry_clear(&entry);
++
++	return reply ? reply : wpas_dbus_new_success_reply(message);;
++}
++
++/**
++ * wpas_dbus_iface_remove_blob - Remove named binary blobs
++ * @message: Pointer to incoming dbus message
++ * @global: %wpa_supplicant global data structure
++ * Returns: A dbus message containing a UINT32 indicating success (1) or
++ *          failure (0)
++ *
++ * Asks wpa_supplicant to remove one or more previously stored binary blobs.
++ */
++DBusMessage * wpas_dbus_iface_remove_blobs(DBusMessage *message,
++					  struct wpa_supplicant *wpa_s)
++{
++	DBusMessageIter iter, array;
++	char *err_msg = NULL;
++
++	dbus_message_iter_init(message, &iter);
++
++	if ((dbus_message_iter_get_arg_type (&iter) != DBUS_TYPE_ARRAY)
++	    || (dbus_message_iter_get_element_type (&iter) != DBUS_TYPE_STRING))
++		return wpas_dbus_new_invalid_opts_error(message, NULL);
++
++	dbus_message_iter_recurse(&iter, &array);
++	while (dbus_message_iter_get_arg_type(&array) == DBUS_TYPE_STRING) {
++		const char *name;
++
++		dbus_message_iter_get_basic(&array, &name);
++		if (!strlen(name))
++			err_msg = "Invalid blob name.";
++
++		if (wpa_config_remove_blob(wpa_s->conf, name) != 0)
++			err_msg = "Error removing blob.";
++		dbus_message_iter_next(&array);
++	}
++
++	if (err_msg) {
++		return dbus_message_new_error(message, WPAS_ERROR_REMOVE_ERROR,
++					err_msg);
++	}
++
++	return wpas_dbus_new_success_reply(message);
++}
++
+diff --git a/wpa_supplicant/ctrl_iface_dbus_handlers.h b/wpa_supplicant/ctrl_iface_dbus_handlers.h
+index 0fd1d31..0ae94c4 100644
+--- a/wpa_supplicant/ctrl_iface_dbus_handlers.h
++++ b/wpa_supplicant/ctrl_iface_dbus_handlers.h
+@@ -71,6 +71,12 @@ DBusMessage * wpas_dbus_iface_set_ap_scan(DBusMessage *message,
+ DBusMessage * wpas_dbus_iface_get_state(DBusMessage *message,
+ 					struct wpa_supplicant *wpa_s);
+ 
++DBusMessage * wpas_dbus_iface_set_blobs(DBusMessage *message,
++				        struct wpa_supplicant *wpa_s);
++
++DBusMessage * wpas_dbus_iface_remove_blobs(DBusMessage *message,
++					   struct wpa_supplicant *wpa_s);
++
+ #endif /* CONFIG_CTRL_IFACE_DBUS */
+ 
+ #endif /* CTRL_IFACE_DBUS_HANDLERS_H */

wpa_supplicant-0.5.7-dbus-permissions-fix.patch

@@ -0,0 +1,14 @@
+diff -up wpa_supplicant-0.5.7/dbus-wpa_supplicant.conf.permfix wpa_supplicant-0.5.7/dbus-wpa_supplicant.conf
+--- wpa_supplicant-0.5.7/dbus-wpa_supplicant.conf.permfix	2007-10-20 07:42:01.000000000 -0400
++++ wpa_supplicant-0.5.7/dbus-wpa_supplicant.conf	2007-10-20 07:42:22.000000000 -0400
+@@ -8,10 +8,6 @@
+                 <allow send_destination="fi.epitest.hostap.WPASupplicant"/>
+                 <allow send_interface="fi.epitest.hostap.WPASupplicant"/>
+         </policy>
+-        <policy at_console="true">
+-                <allow send_destination="fi.epitest.hostap.WPASupplicant"/>
+-                <allow send_interface="fi.epitest.hostap.WPASupplicant"/>
+-        </policy>
+         <policy context="default">
+                 <deny own="fi.epitest.hostap.WPASupplicant"/>
+                 <deny send_destination="fi.epitest.hostap.WPASupplicant"/>

wpa_supplicant.spec

@@ -2,7 +2,7 @@ Summary: WPA/WPA2/IEEE 802.1X Supplicant
 Name: wpa_supplicant
 Epoch: 1
 Version: 0.5.7
-Release: 10%{?dist}
+Release: 11%{?dist}
 License: GPLv2
 Group: System Environment/Base
 Source0: http://hostap.epitest.fi/releases/%{name}-%{version}.tar.gz
@@ -23,6 +23,8 @@ Patch6: wpa_supplicant-0.5.7-flush-debug-output.patch
 Patch7: wpa_supplicant-0.5.7-sigusr1-changes-debuglevel.patch
 Patch8: wpa_supplicant-0.5.7-always-scan.patch
 Patch9: wpa_supplicant-0.5.7-dbus-iface-segfault-fix.patch
+Patch10: wpa_supplicant-0.5.7-dbus-blobs.patch
+Patch11: wpa_supplicant-0.5.7-dbus-permissions-fix.patch
 URL: http://w1.fi/wpa_supplicant/
 BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
 
@@ -59,6 +61,8 @@ Graphical User Interface for wpa_supplicant written using QT3
 %patch7 -p1 -b .sigusr1-changes-debuglevel
 %patch8 -p1 -b .always-scan
 %patch9 -p1 -b .dbus-iface-segfault-fix
+%patch10 -p2 -b .dbus-blobs
+%patch11 -p1 -b .dbus-permissions-fix
 
 %build
 cp %{SOURCE1} ./.config
@@ -144,6 +148,11 @@ fi
 %{_bindir}/wpa_gui
 
 %changelog
+* Sat Oct 20 2007 Dan Williams <dcbw@redhat.com> - 0.5.7-11
+- Add BLOB support to the D-Bus interface
+- Fix D-Bus interface permissions so that only root can use the wpa_supplicant
+    D-Bus interface
+
 * Tue Oct  9 2007 Dan Williams <dcbw@redhat.com> - 0.5.7-10
 - Don't segfault with dbus control interface enabled and invalid network
     interface (rh #310531)