Close PR# 21843 and PR# 21864. This adds support for WEP and updates some

of the data structures to include new members that weren't defined in the
manual I have.

I opted to use Doug Ambrisko's WEP patches since David Cornejo's patches
did not include the necessary changes to ancontrol(8) to actually enable
and use WEP.

NOTE: I don't currently have access to an Aironet card, so I can't test
any of this. Everything compiles and close scrutiny doesn't reveal any
obvious problems, but Murphy's Law applies. This means I will probably
leave these changes in -current for a bit longer than usual until I'm
sure they work right.

2 files changed, 164 insertions, 13 deletions

diff --git a/usr.sbin/ancontrol/ancontrol.8 b/usr.sbin/ancontrol/ancontrol.8
index 2b22981..85c6428 100644
--- a/usr.sbin/ancontrol/ancontrol.8
+++ b/usr.sbin/ancontrol/ancontrol.8
@@ -54,13 +54,27 @@
 .Nm ancontrol
 .Fl i Ar iface Fl s Ar 0|1|2|3
 .Nm ancontrol
-.Fl i Ar iface Fl a Ar AP
+.Fl i Ar iface 
 .Op Fl v Ar 1|2|3|4
+.Fl a Ar AP
 .Nm ancontrol
 .Fl i Ar iface Fl b Ar beacon period
 .Nm ancontrol
-.Fl i Ar iface Fl d Ar 0|1|2|3
+.Fl i Ar iface 
 .Op v Ar 0|1
+.Fl d Ar 0|1|2|3
+.Nm ancontrol
+.Fl i Ar iface Fl e Ar 0|1
+.Nm ancontrol
+.Fl i Ar iface 
+.Op Fl v Ar 0|1
+.Fl k Ar key
+.Nm ancontrol
+.Fl i Ar iface 
+.Fl K Ar mode
+.Nm ancontrol
+.Fl i Ar iface 
+.Fl W Ar mode
 .Nm ancontrol
 .Fl i Ar iface Fl j Ar netjoin timeout
 .Nm ancontrol
@@ -68,8 +82,9 @@
 .Nm ancontrol
 .Fl i Ar iface Fl m Ar mac address
 .Nm ancontrol
-.Fl i Ar iface Fl n Ar SSID
+.Fl i Ar iface 
 .Op Fl v Ar 1|2|3
+.Fl n Ar SSID
 .Nm ancontrol
 .Fl i Ar iface Fl o Ar 0|1
 .Nm ancontrol
@@ -184,7 +199,7 @@ Valid selections are as follows:
 .Pp
 Note that for IBSS (ad-hoc) mode, only PSP mode is supported, and only
 if the ATIM window is non-zero.
-.It Fl i Ar iface Fl a Ar AP "[-v 1|2|3|4]"
+.It Fl i Ar iface "[-v 1|2|3|4]" Fl a Ar AP 
 Set prefered access point.
 The
 .Ar AP
@@ -205,7 +220,7 @@ Set the ad-hoc mode beacon period.
 The becon period is specified in
 milliseconds.
 The default is 100ms.
-.It Fl i Ar iface Fl d Ar 0|1|2|3 "-v 0|1"
+.It Fl i Ar iface "-v 0|1" Fl d Ar 0|1|2|3 
 Select the antenna diversity.
 Aironet devices can be configured with up
 to two antennas, and transmit and receive diversity can be configured
@@ -230,6 +245,16 @@ option: selection
 sets the receive diversity and
 .Ar 1
 sets the transmit diversity.
+.It Fl i Ar iface "[ -v 0|1 ]" Fl k Ar key
+Set the WEP key.  For 40 bit prefix 10 hex character with 0x.
+For 128 bit prefix 26 hex character with 0x.
+Supports 4 keys, use even numbers are permanet and odd number 
+are temporary keys for example "-v 1" sets the first temporary key.
+.It Fl i Ar iface Fl K Ar 0|1|2|4
+Set authorization type. Use 0 for none, 1 for "Open", 
+2 for "Shared Key", 4 for "Exclude unencrypted".
+.It Fl i Ar iface Fl W Ar 0|1
+Enable WEP. Use 1 to enable, 0 for disable.
 .It Fl i Ar iface Fl j Ar netjoin timeout
 Set the ad-hoc network join timeout.
 When a station is first activated
@@ -257,7 +282,7 @@ is specified as a series of six hexadecimal values separated by colons,
 e.g.: 00:60:1d:12:34:56.
 This programs the new address into the card
 and updates the interface as well.
-.It Fl i Ar iface Fl n Ar SSID "[-v 1|2|3]"
+.It Fl i Ar iface "[-v 1|2|3]" Fl n Ar SSID 
 Set the desired SSID (network name). There are three SSIDs which allows
 the NIC to work with access points at several locations without needing
 to be reconfigured.
diff --git a/usr.sbin/ancontrol/ancontrol.c b/usr.sbin/ancontrol/ancontrol.c
index 22a2323..22ef82e 100644
--- a/usr.sbin/ancontrol/ancontrol.c
+++ b/usr.sbin/ancontrol/ancontrol.c
@@ -118,6 +118,10 @@ int main			__P((int, char **));
 #define ACT_DUMPCACHE 31
 #define ACT_ZEROCACHE 32
 
+#define ACT_ENABLE_WEP 33
+#define ACT_SET_KEY_TYPE 34
+#define ACT_SET_KEYS 35
+
 static void an_getval(iface, areq)
 	char			*iface;
 	struct an_req		*areq;
@@ -240,6 +244,8 @@ static void an_printhex(ptr, len)
 	return;
 }
 
+
+
 static void an_dumpstatus(iface)
 	char			*iface;
 {
@@ -681,14 +687,20 @@ static void an_dumpconfig(iface)
 	an_printwords(&cfg->an_ibss_join_net_timeout, 1);
 	printf("\nAuthentication timeout:\t\t\t");
 	an_printwords(&cfg->an_auth_timeout, 1);
+	printf("\nWEP enabled:\t\t\t\t[ ");
+	if (cfg->an_authtype & AN_AUTHTYPE_ENABLE)
+		printf("yes");
+	else
+		printf("no");
+	printf(" ]");
 	printf("\nAuthentication type:\t\t\t[ ");
-	if (cfg->an_authtype == AN_AUTHTYPE_NONE)
-		printf("no auth");
-	if (cfg->an_authtype == AN_AUTHTYPE_OPEN)
+	if ((cfg->an_authtype & AN_AUTHTYPE_MASK) == AN_AUTHTYPE_NONE)
+		printf("none");
+	if ((cfg->an_authtype & AN_AUTHTYPE_MASK) == AN_AUTHTYPE_OPEN)
 		printf("open");
-	if (cfg->an_authtype == AN_AUTHTYPE_SHAREDKEY)
+	if ((cfg->an_authtype & AN_AUTHTYPE_MASK) == AN_AUTHTYPE_SHAREDKEY)
 		printf("shared key");
-	if (cfg->an_authtype == AN_AUTHTYPE_EXCLUDE_UNENCRYPTED)
+	if ((cfg->an_authtype & AN_AUTHTYPE_MASK) == AN_AUTHTYPE_EXCLUDE_UNENCRYPTED)
 		printf("exclude unencrypted");
 	printf(" ]");
 	printf("\nAssociation timeout:\t\t\t");
@@ -795,6 +807,9 @@ static void usage(p)
 	fprintf(stderr, "\t%s -i iface -b val (set beacon period)\n", p);
 	fprintf(stderr, "\t%s -i iface [-v 0|1] -d val (set diversity)\n", p);
 	fprintf(stderr, "\t%s -i iface -j val (set netjoin timeout)\n", p);
+	fprintf(stderr, "\t%s -i iface [-v 0|1|2|3|4|5|6|7] -k key (set key)\n", p);
+	fprintf(stderr, "\t%s -i iface -K 0|1|2|4 (set auth type 2=shared secret)\n", p);
+	fprintf(stderr, "\t%s -i iface -W 0|1 (enable WEP)\n", p);
 	fprintf(stderr, "\t%s -i iface -l val (set station name)\n", p);
 	fprintf(stderr, "\t%s -i iface -m val (set MAC address)\n", p);
 	fprintf(stderr, "\t%s -i iface [-v 1|2|3] -n SSID "
@@ -918,6 +933,14 @@ static void an_setconfig(iface, act, arg)
 		bzero(cfg->an_macaddr, ETHER_ADDR_LEN);
 		bcopy((char *)addr, (char *)&cfg->an_macaddr, ETHER_ADDR_LEN);
 		break;
+	case ACT_ENABLE_WEP:
+		cfg->an_authtype = (cfg->an_authtype & AN_AUTHTYPE_MASK)
+		        | atoi(arg) * AN_AUTHTYPE_ENABLE;
+		break;
+	case ACT_SET_KEY_TYPE:
+		cfg->an_authtype = (cfg->an_authtype & ~AN_AUTHTYPE_MASK) 
+		        | atoi(arg);
+		break;
 	default:
 		errx(1, "unknown action");
 		break;
@@ -1122,6 +1145,92 @@ static void an_readcache(iface)
 }
 #endif
 
+static int an_hex2int(c)
+	char			c;
+{
+	if (c >= '0' && c <= '9')
+		return (c - '0');
+	if (c >= 'A' && c <= 'F')
+		return (c - 'A' + 10);
+	if (c >= 'a' && c <= 'f')
+		return (c - 'a' + 10);
+
+	return (0); 
+}
+
+static void an_str2key(s, k)
+	char			*s;
+	struct an_ltv_key	*k;
+{
+	int			n, i;
+	char			*p;
+
+	/* Is this a hex string? */
+	if (s[0] == '0' && (s[1] == 'x' || s[1] == 'X')) {
+		/* Yes, convert to int. */
+		n = 0;
+		p = (char *)&k->key[0];
+		for (i = 2; i < strlen(s); i+= 2) {
+			*p++ = (an_hex2int(s[i]) << 4) + an_hex2int(s[i + 1]);
+			n++;
+		}
+		k->klen = n;
+	} else {
+		/* No, just copy it in. */
+		bcopy(s, k->key, strlen(s));
+		k->klen = strlen(s);
+	}
+
+	return;
+}
+
+static void an_setkeys(iface, key, keytype)
+	char			*iface;
+	char			*key;
+	int			keytype;
+{
+	struct an_req		areq;
+	struct an_ltv_key	*k;
+
+	bzero((char *)&areq, sizeof(areq));
+	k = (struct an_ltv_key *)&areq;
+
+	if (strlen(key) > 28) {
+		err(1, "encryption key must be no "
+		    "more than 18 characters long");
+	}
+
+	an_str2key(key, k);
+	
+	k->kindex=keytype/2;
+
+	if (!(k->klen==0 || k->klen==5 || k->klen==13)) {
+		err(1, "encryption key must be 0, 5 or 13 bytes long");
+	}
+
+	/* default mac and only valid one (from manual) 1.0.0.0.0.0 */
+	k->mac[0]=1;
+	k->mac[1]=0;
+	k->mac[2]=0;
+	k->mac[3]=0;
+	k->mac[4]=0;
+	k->mac[5]=0;
+
+	switch(keytype & 1){
+	case 0:
+	  areq.an_len = sizeof(struct an_ltv_key);
+	  areq.an_type = AN_RID_WEP_PERM;
+	  an_setval(iface, &areq);
+	  break;
+	case 1:
+	  areq.an_len = sizeof(struct an_ltv_key);
+	  areq.an_type = AN_RID_WEP_TEMP;
+	  an_setval(iface, &areq);
+	  break;
+	}
+	  
+	return;
+}
 
 int main(argc, argv)
 	int			argc;
@@ -1131,6 +1240,7 @@ int main(argc, argv)
 	int			act = 0;
 	char			*iface = NULL;
 	int			modifier = 0;
+	char			*key = NULL;
 	void			*arg = NULL;
 	char			*p = argv[0];
 
@@ -1147,7 +1257,7 @@ int main(argc, argv)
 	opterr = 1;
 
 	while ((ch = getopt(argc, argv,
-	    "ANISCTht:a:o:s:n:v:d:j:b:c:r:p:w:m:l:QZ")) != -1) {
+	    "ANISCTht:a:o:s:n:v:d:j:b:c:r:p:w:m:l:k:K:W:QZ")) != -1) {
 		switch(ch) {
 		case 'Z':
 #ifdef ANCACHE
@@ -1282,6 +1392,18 @@ int main(argc, argv)
 			act = ACT_SET_FRAG_THRESH;
 			arg = optarg;
 			break;
+		case 'W':
+			act = ACT_ENABLE_WEP;
+			arg = optarg;
+			break;
+		case 'K':
+			act = ACT_SET_KEY_TYPE;
+			arg = optarg;
+			break;
+		case 'k':
+			act = ACT_SET_KEYS;
+			key = optarg;
+			break;
 		case 'q':
 			act = ACT_SET_RTS_RETRYLIM;
 			arg = optarg;
@@ -1300,7 +1422,7 @@ int main(argc, argv)
 		}
 	}
 
-	if (iface == NULL || !act)
+	if (iface == NULL || (!act && !key))
 		usage(p);
 
 	switch(act) {
@@ -1343,7 +1465,11 @@ int main(argc, argv)
 	case ACT_DUMPCACHE:
 		an_readcache(iface);
 		break;
+
 #endif
+	case ACT_SET_KEYS:
+		an_setkeys(iface, key, modifier);
+		break;
 	default:
 		an_setconfig(iface, act, arg);
 		break;