Nelze vybrat více než 25 témat Téma musí začínat písmenem nebo číslem, může obsahovat pomlčky („-“) a může být dlouhé až 35 znaků.

README-Windows.txt 19KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450
  1. wpa_supplicant for Windows
  2. ==========================
  3. Copyright (c) 2003-2009, Jouni Malinen <j@w1.fi> and contributors
  4. All Rights Reserved.
  5. This program is dual-licensed under both the GPL version 2 and BSD
  6. license. Either license may be used at your option.
  7. This product includes software developed by the OpenSSL Project
  8. for use in the OpenSSL Toolkit (http://www.openssl.org/). This
  9. product includes cryptographic software written by Eric Young
  10. (eay@cryptsoft.com).
  11. wpa_supplicant has support for being used as a WPA/WPA2/IEEE 802.1X
  12. Supplicant on Windows. The current port requires that WinPcap
  13. (http://winpcap.polito.it/) is installed for accessing packets and the
  14. driver interface. Both release versions 3.0 and 3.1 are supported.
  15. The current port is still somewhat experimental. It has been tested
  16. mainly on Windows XP (SP2) with limited set of NDIS drivers. In
  17. addition, the current version has been reported to work with Windows
  18. 2000.
  19. All security modes have been verified to work (at least complete
  20. authentication and successfully ping a wired host):
  21. - plaintext
  22. - static WEP / open system authentication
  23. - static WEP / shared key authentication
  24. - IEEE 802.1X with dynamic WEP keys
  25. - WPA-PSK, TKIP, CCMP, TKIP+CCMP
  26. - WPA-EAP, TKIP, CCMP, TKIP+CCMP
  27. - WPA2-PSK, TKIP, CCMP, TKIP+CCMP
  28. - WPA2-EAP, TKIP, CCMP, TKIP+CCMP
  29. Binary version
  30. --------------
  31. Compiled binary version of the wpa_supplicant and additional tools is
  32. available from http://w1.fi/wpa_supplicant/. These binaries can be
  33. used after installing WinPcap.
  34. wpa_gui uses Qt 4 framework and may need additional dynamic libraries
  35. (DLLs). These libraries are available from
  36. http://w1.fi/wpa_supplicant/qt4/wpa_gui-qt433-windows-dll.zip
  37. You can copy the DLL files from this ZIP package into the same directory
  38. with wpa_gui.exe to allow wpa_gui to be started.
  39. Building wpa_supplicant with mingw
  40. ----------------------------------
  41. The default build setup for wpa_supplicant is to use MinGW and
  42. cross-compiling from Linux to MinGW/Windows. It should also be
  43. possible to build this under Windows using the MinGW tools, but that
  44. is not tested nor supported and is likely to require some changes to
  45. the Makefile unless cygwin is used.
  46. Building wpa_supplicant with MSVC
  47. ---------------------------------
  48. wpa_supplicant can be built with Microsoft Visual C++ compiler. This
  49. has been tested with Microsoft Visual C++ Toolkit 2003 and Visual
  50. Studio 2005 using the included nmake.mak as a Makefile for nmake. IDE
  51. can also be used by creating a project that includes the files and
  52. defines mentioned in nmake.mak. Example VS2005 solution and project
  53. files are included in vs2005 subdirectory. This can be used as a
  54. starting point for building the programs with VS2005 IDE. Visual Studio
  55. 2008 Express Edition is also able to use these project files.
  56. WinPcap development package is needed for the build and this can be
  57. downloaded from http://www.winpcap.org/install/bin/WpdPack_4_0_2.zip. The
  58. default nmake.mak expects this to be unpacked into C:\dev\WpdPack so
  59. that Include and Lib directories are in this directory. The files can be
  60. stored elsewhere as long as the WINPCAPDIR in nmake.mak is updated to
  61. match with the selected directory. In case a project file in the IDE is
  62. used, these Include and Lib directories need to be added to project
  63. properties as additional include/library directories.
  64. OpenSSL source package can be downloaded from
  65. http://www.openssl.org/source/openssl-0.9.8i.tar.gz and built and
  66. installed following instructions in INSTALL.W32. Note that if EAP-FAST
  67. support will be included in the wpa_supplicant, OpenSSL needs to be
  68. patched to# support it openssl-0.9.8i-tls-extensions.patch. The example
  69. nmake.mak file expects OpenSSL to be installed into C:\dev\openssl, but
  70. this directory can be modified by changing OPENSSLDIR variable in
  71. nmake.mak.
  72. If you do not need EAP-FAST support, you may also be able to use Win32
  73. binary installation package of OpenSSL from
  74. http://www.slproweb.com/products/Win32OpenSSL.html instead of building
  75. the library yourself. In this case, you will need to copy Include and
  76. Lib directories in suitable directory, e.g., C:\dev\openssl for the
  77. default nmake.mak. Copy {Win32OpenSSLRoot}\include into
  78. C:\dev\openssl\include and make C:\dev\openssl\lib subdirectory with
  79. files from {Win32OpenSSLRoot}\VC (i.e., libeay*.lib and ssleay*.lib).
  80. This will end up using dynamically linked OpenSSL (i.e., .dll files are
  81. needed) for it. Alternative, you can copy files from
  82. {Win32OpenSSLRoot}\VC\static to create a static build (no OpenSSL .dll
  83. files needed).
  84. Building wpa_supplicant for cygwin
  85. ----------------------------------
  86. wpa_supplicant can be built for cygwin by installing the needed
  87. development packages for cygwin. This includes things like compiler,
  88. make, openssl development package, etc. In addition, developer's pack
  89. for WinPcap (WPdpack.zip) from
  90. http://winpcap.polito.it/install/default.htm is needed.
  91. .config file should enable only one driver interface,
  92. CONFIG_DRIVER_NDIS. In addition, include directories may need to be
  93. added to match the system. An example configuration is available in
  94. defconfig. The library and include files for WinPcap will either need
  95. to be installed in compiler/linker default directories or their
  96. location will need to be adding to .config when building
  97. wpa_supplicant.
  98. Othen than this, the build should be more or less identical to Linux
  99. version, i.e., just run make after having created .config file. An
  100. additional tool, win_if_list.exe, can be built by running "make
  101. win_if_list".
  102. Building wpa_gui
  103. ----------------
  104. wpa_gui uses Qt application framework from Trolltech. It can be built
  105. with the open source version of Qt4 and MinGW. Following commands can
  106. be used to build the binary in the Qt 4 Command Prompt:
  107. # go to the root directory of wpa_supplicant source code
  108. cd wpa_gui-qt4
  109. qmake -o Makefile wpa_gui.pro
  110. make
  111. # the wpa_gui.exe binary is created into 'release' subdirectory
  112. Using wpa_supplicant for Windows
  113. --------------------------------
  114. wpa_supplicant, wpa_cli, and wpa_gui behave more or less identically to
  115. Linux version, so instructions in README and example wpa_supplicant.conf
  116. should be applicable for most parts. In addition, there is another
  117. version of wpa_supplicant, wpasvc.exe, which can be used as a Windows
  118. service and which reads its configuration from registry instead of
  119. text file.
  120. When using access points in "hidden SSID" mode, ap_scan=2 mode need to
  121. be used (see wpa_supplicant.conf for more information).
  122. Windows NDIS/WinPcap uses quite long interface names, so some care
  123. will be needed when starting wpa_supplicant. Alternatively, the
  124. adapter description can be used as the interface name which may be
  125. easier since it is usually in more human-readable
  126. format. win_if_list.exe can be used to find out the proper interface
  127. name.
  128. Example steps in starting up wpa_supplicant:
  129. # win_if_list.exe
  130. ifname: \Device\NPF_GenericNdisWanAdapter
  131. description: Generic NdisWan adapter
  132. ifname: \Device\NPF_{769E012B-FD17-4935-A5E3-8090C38E25D2}
  133. description: Atheros Wireless Network Adapter (Microsoft's Packet Scheduler)
  134. ifname: \Device\NPF_{732546E7-E26C-48E3-9871-7537B020A211}
  135. description: Intel 8255x-based Integrated Fast Ethernet (Microsoft's Packet Scheduler)
  136. Since the example configuration used Atheros WLAN card, the middle one
  137. is the correct interface in this case. The interface name for -i
  138. command line option is the full string following "ifname:" (the
  139. "\Device\NPF_" prefix can be removed). In other words, wpa_supplicant
  140. would be started with the following command:
  141. # wpa_supplicant.exe -i'{769E012B-FD17-4935-A5E3-8090C38E25D2}' -c wpa_supplicant.conf -d
  142. -d optional enables some more debugging (use -dd for even more, if
  143. needed). It can be left out if debugging information is not needed.
  144. With the alternative mechanism for selecting the interface, this
  145. command has identical results in this case:
  146. # wpa_supplicant.exe -iAtheros -c wpa_supplicant.conf -d
  147. Simple configuration example for WPA-PSK:
  148. #ap_scan=2
  149. ctrl_interface=
  150. network={
  151. ssid="test"
  152. key_mgmt=WPA-PSK
  153. proto=WPA
  154. pairwise=TKIP
  155. psk="secret passphrase"
  156. }
  157. (remove '#' from the comment out ap_scan line to enable mode in which
  158. wpa_supplicant tries to associate with the SSID without doing
  159. scanning; this allows APs with hidden SSIDs to be used)
  160. wpa_cli.exe and wpa_gui.exe can be used to interact with the
  161. wpa_supplicant.exe program in the same way as with Linux. Note that
  162. ctrl_interface is using UNIX domain sockets when built for cygwin, but
  163. the native build for Windows uses named pipes and the contents of the
  164. ctrl_interface configuration item is used to control access to the
  165. interface. Anyway, this variable has to be included in the configuration
  166. to enable the control interface.
  167. Example SDDL string formats:
  168. (local admins group has permission, but nobody else):
  169. ctrl_interface=SDDL=D:(A;;GA;;;BA)
  170. ("A" == "access allowed", "GA" == GENERIC_ALL == all permissions, and
  171. "BA" == "builtin administrators" == the local admins. The empty fields
  172. are for flags and object GUIDs, none of which should be required in this
  173. case.)
  174. (local admins and the local "power users" group have permissions,
  175. but nobody else):
  176. ctrl_interface=SDDL=D:(A;;GA;;;BA)(A;;GA;;;PU)
  177. (One ACCESS_ALLOWED ACE for GENERIC_ALL for builtin administrators, and
  178. one ACCESS_ALLOWED ACE for GENERIC_ALL for power users.)
  179. (close to wide open, but you have to be a valid user on
  180. the machine):
  181. ctrl_interface=SDDL=D:(A;;GA;;;AU)
  182. (One ACCESS_ALLOWED ACE for GENERIC_ALL for the "authenticated users"
  183. group.)
  184. This one would allow absolutely everyone (including anonymous
  185. users) -- this is *not* recommended, since named pipes can be attached
  186. to from anywhere on the network (i.e. there's no "this machine only"
  187. like there is with 127.0.0.1 sockets):
  188. ctrl_interface=SDDL=D:(A;;GA;;;BU)(A;;GA;;;AN)
  189. (BU == "builtin users", "AN" == "anonymous")
  190. See also [1] for the format of ACEs, and [2] for the possible strings
  191. that can be used for principal names.
  192. [1]
  193. http://msdn.microsoft.com/library/default.asp?url=/library/en-us/secauthz/security/ace_strings.asp
  194. [2]
  195. http://msdn.microsoft.com/library/default.asp?url=/library/en-us/secauthz/security/sid_strings.asp
  196. Starting wpa_supplicant as a Windows service (wpasvc.exe)
  197. ---------------------------------------------------------
  198. wpa_supplicant can be started as a Windows service by using wpasvc.exe
  199. program that is alternative build of wpa_supplicant.exe. Most of the
  200. core functionality of wpasvc.exe is identical to wpa_supplicant.exe,
  201. but it is using Windows registry for configuration information instead
  202. of a text file and command line parameters. In addition, it can be
  203. registered as a service that can be started automatically or manually
  204. like any other Windows service.
  205. The root of wpa_supplicant configuration in registry is
  206. HKEY_LOCAL_MACHINE\SOFTWARE\wpa_supplicant. This level includes global
  207. parameters and a 'interfaces' subkey with all the interface configuration
  208. (adapter to confname mapping). Each such mapping is a subkey that has
  209. 'adapter', 'config', and 'ctrl_interface' values.
  210. This program can be run either as a normal command line application,
  211. e.g., for debugging, with 'wpasvc.exe app' or as a Windows service.
  212. Service need to be registered with 'wpasvc.exe reg <full path to
  213. wpasvc.exe>'. Alternatively, 'wpasvc.exe reg' can be used to register
  214. the service with the current location of wpasvc.exe. After this, wpasvc
  215. can be started like any other Windows service (e.g., 'net start wpasvc')
  216. or it can be configured to start automatically through the Services tool
  217. in administrative tasks. The service can be unregistered with
  218. 'wpasvc.exe unreg'.
  219. If the service is set to start during system bootup to make the
  220. network connection available before any user has logged in, there may
  221. be a long (half a minute or so) delay in starting up wpa_supplicant
  222. due to WinPcap needing a driver called "Network Monitor Driver" which
  223. is started by default on demand.
  224. To speed up wpa_supplicant start during system bootup, "Network
  225. Monitor Driver" can be configured to be started sooner by setting its
  226. startup type to System instead of the default Demand. To do this, open
  227. up Device Manager, select Show Hidden Devices, expand the "Non
  228. Plug-and-Play devices" branch, double click "Network Monitor Driver",
  229. go to the Driver tab, and change the Demand setting to System instead.
  230. Configuration data is in HKEY_LOCAL_MACHINE\SOFTWARE\wpa_supplicant\configs
  231. key. Each configuration profile has its own key under this. In terms of text
  232. files, each profile would map to a separate text file with possibly multiple
  233. networks. Under each profile, there is a networks key that lists all
  234. networks as a subkey. Each network has set of values in the same way as
  235. network block in the configuration file. In addition, blobs subkey has
  236. possible blobs as values.
  237. HKEY_LOCAL_MACHINE\SOFTWARE\wpa_supplicant\configs\test\networks\0000
  238. ssid="example"
  239. key_mgmt=WPA-PSK
  240. See win_example.reg for an example on how to setup wpasvc.exe
  241. parameters in registry. It can also be imported to registry as a
  242. starting point for the configuration.
  243. License information for third party software used in this product:
  244. OpenSSL License
  245. ---------------
  246. /* ====================================================================
  247. * Copyright (c) 1998-2004 The OpenSSL Project. All rights reserved.
  248. *
  249. * Redistribution and use in source and binary forms, with or without
  250. * modification, are permitted provided that the following conditions
  251. * are met:
  252. *
  253. * 1. Redistributions of source code must retain the above copyright
  254. * notice, this list of conditions and the following disclaimer.
  255. *
  256. * 2. Redistributions in binary form must reproduce the above copyright
  257. * notice, this list of conditions and the following disclaimer in
  258. * the documentation and/or other materials provided with the
  259. * distribution.
  260. *
  261. * 3. All advertising materials mentioning features or use of this
  262. * software must display the following acknowledgment:
  263. * "This product includes software developed by the OpenSSL Project
  264. * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
  265. *
  266. * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
  267. * endorse or promote products derived from this software without
  268. * prior written permission. For written permission, please contact
  269. * openssl-core@openssl.org.
  270. *
  271. * 5. Products derived from this software may not be called "OpenSSL"
  272. * nor may "OpenSSL" appear in their names without prior written
  273. * permission of the OpenSSL Project.
  274. *
  275. * 6. Redistributions of any form whatsoever must retain the following
  276. * acknowledgment:
  277. * "This product includes software developed by the OpenSSL Project
  278. * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
  279. *
  280. * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
  281. * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  282. * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
  283. * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
  284. * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
  285. * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
  286. * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
  287. * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
  288. * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
  289. * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
  290. * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
  291. * OF THE POSSIBILITY OF SUCH DAMAGE.
  292. * ====================================================================
  293. *
  294. * This product includes cryptographic software written by Eric Young
  295. * (eay@cryptsoft.com). This product includes software written by Tim
  296. * Hudson (tjh@cryptsoft.com).
  297. *
  298. */
  299. Original SSLeay License
  300. -----------------------
  301. /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  302. * All rights reserved.
  303. *
  304. * This package is an SSL implementation written
  305. * by Eric Young (eay@cryptsoft.com).
  306. * The implementation was written so as to conform with Netscapes SSL.
  307. *
  308. * This library is free for commercial and non-commercial use as long as
  309. * the following conditions are aheared to. The following conditions
  310. * apply to all code found in this distribution, be it the RC4, RSA,
  311. * lhash, DES, etc., code; not just the SSL code. The SSL documentation
  312. * included with this distribution is covered by the same copyright terms
  313. * except that the holder is Tim Hudson (tjh@cryptsoft.com).
  314. *
  315. * Copyright remains Eric Young's, and as such any Copyright notices in
  316. * the code are not to be removed.
  317. * If this package is used in a product, Eric Young should be given attribution
  318. * as the author of the parts of the library used.
  319. * This can be in the form of a textual message at program startup or
  320. * in documentation (online or textual) provided with the package.
  321. *
  322. * Redistribution and use in source and binary forms, with or without
  323. * modification, are permitted provided that the following conditions
  324. * are met:
  325. * 1. Redistributions of source code must retain the copyright
  326. * notice, this list of conditions and the following disclaimer.
  327. * 2. Redistributions in binary form must reproduce the above copyright
  328. * notice, this list of conditions and the following disclaimer in the
  329. * documentation and/or other materials provided with the distribution.
  330. * 3. All advertising materials mentioning features or use of this software
  331. * must display the following acknowledgement:
  332. * "This product includes cryptographic software written by
  333. * Eric Young (eay@cryptsoft.com)"
  334. * The word 'cryptographic' can be left out if the rouines from the library
  335. * being used are not cryptographic related :-).
  336. * 4. If you include any Windows specific code (or a derivative thereof) from
  337. * the apps directory (application code) you must include an acknowledgement:
  338. * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
  339. *
  340. * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
  341. * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  342. * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
  343. * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
  344. * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
  345. * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
  346. * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
  347. * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
  348. * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  349. * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  350. * SUCH DAMAGE.
  351. *
  352. * The licence and distribution terms for any publically available version or
  353. * derivative of this code cannot be changed. i.e. this code cannot simply be
  354. * copied and put under another distribution licence
  355. * [including the GNU Public Licence.]
  356. */
  357. Qt Open Source Edition
  358. ----------------------
  359. The Qt GUI Toolkit is Copyright (C) 1994-2007 Trolltech ASA.
  360. Qt Open Source Edition is licensed under GPL version 2.
  361. Source code for the library is available at
  362. http://w1.fi/wpa_supplicant/qt4/qt-win-opensource-src-4.3.3.zip