[people/pmueller/ipfire-2.x.git] / src / initscripts / system / wlanclient

#!/bin/sh
###############################################################################
#                                                                             #
# IPFire.org - A linux based firewall                                         #
# Copyright (C) 2007-2022  IPFire Team  <info@ipfire.org>                     #
#                                                                             #
# This program is free software: you can redistribute it and/or modify        #
# it under the terms of the GNU General Public License as published by        #
# the Free Software Foundation, either version 3 of the License, or           #
# (at your option) any later version.                                         #
#                                                                             #
# This program is distributed in the hope that it will be useful,             #
# but WITHOUT ANY WARRANTY; without even the implied warranty of              #
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the               #
# GNU General Public License for more details.                                #
#                                                                             #
# You should have received a copy of the GNU General Public License           #
# along with this program.  If not, see <http://www.gnu.org/licenses/>.       #
#                                                                             #
###############################################################################

. /etc/sysconfig/rc
. ${rc_functions}

eval $(/usr/local/bin/readhash /var/ipfire/ethernet/settings)

WIRELESS_CONFIG="/var/ipfire/ethernet/wireless"

function device_is_wireless() {
	local device=${1}

	if [ -d "/sys/class/net/${device}/wireless" ]; then
		return 0
	fi

	return 1
}

function wpa_supplicant_make_config() {
	local device=${1}
	local config=${2}
	shift 2

	# Check if device is wireless.
	local wireless="false"
	if device_is_wireless ${device}; then
		wireless="true"
	fi

	# Write a configuration file header.
	(
		echo "#"
		echo "# THIS FILE IS AUTOMATICALLY GENERATED AND"
		echo "# ANY CUSTOM CHANGES WILL BE OVERWRITTEN!"
		echo "#"
		echo
		echo "ctrl_interface=/var/run/wpa_supplicant"
		echo
	) > ${config}

	local items=0

	local line
	while IFS="," read -ra line; do
		# Skip commented lines.
		[ "${line:0:1}" = "#" ] && continue

		# Skip disabled entries.
		[ "${line[2]}" = "on" ] || continue

		wpa_supplicant_config_line \
			${device} ${config} \
			--wireless="${wireless}" \
			--mode="${line[3]}" \
			--wpa-mode="${line[4]}" \
			--ssid="${line[5]}" \
			--psk="${line[6]}" \
			--priority="${line[7]}" \
			--auth-mode="${line[8]}" \
			--anonymous-identity="${line[9]}" \
			--identity="${line[10]}" \
			--password="${line[11]}"

		items=$(( ${items} + 1 ))

	done < ${WIRELESS_CONFIG}

	# Return exit code 2, when there are no entries in the
	# configuration file.
	if [ "${items}" = "0" ]; then
		return 2
	fi

	return 0
}

function wpa_supplicant_config_line() {
	local device=${1}
	local config=${2}
	shift 2

	local ieee80211w
	local anonymous_identity
	local auth_alg
	local auth_mode
	local identity
	local proto
	local key_mgmt
	local pairwise
	local group
	local mode
	local password
	local priority
	local psk
	local ssid
	local wep_tx_keyidx
	local wep_key0
	local wireless="true"
	local wpa_mode

	while [ $# -gt 0 ]; do
		case "${1}" in
			--anonymous-identity=*)
				anonymous_identity=${1#--anonymous-identity=}
				;;
			--auth-mode=*)
				auth_mode=${1#--auth-mode=}
				;;
			--identity=*)
				identity=${1#--identity=}
				;;
			--mode=*)
				mode=${1#--mode=}
				;;
			--password=*)
				password=${1#--password=}
				;;
			--priority=*)
				priority=${1#--priority=}
				;;
			--psk=*)
				psk=${1#--psk=}
				;;
			--ssid=*)
				ssid=${1#--ssid=}
				;;
			--wireless=*)
				wireless=${1#--wireless=}
				;;
			--wpa-mode=*)
				wpa_mode=${1#--wpa-mode=}
				;;
		esac
		shift
	done

	case "${mode}" in
		EAP)
			key_mgmt="WPA-EAP-SHA256 WPA-EAP"
			;;
		WPA3)
			key_mgmt="SAE"

			ieee80211w="2"
			;;
		WPA2)
			auth_alg="OPEN"
			proto="RSN"
			key_mgmt="WPA-PSK-SHA256 WPA-PSK"
			;;
		WPA)
			auth_alg="OPEN"
			proto="WPA"
			key_mgmt="WPA-PSK-SHA256 WPA-PSK"
			;;
		WEP)
			auth_alg="SHARED"
			key_mgmt="NONE"

			wep_tx_keyidx=0
			wep_key0=${psk}
			psk=""
			;;
		NONE)
			auth_alg="OPEN"
			key_mgmt="NONE"
			;;
		*)
			# Unsupported mode.
			return 1
			;;
	esac

	if [ "${mode}" = "EAP" -o "${mode}" = "WPA" -o "${mode}" = "WPA2" ]; then
		case "${wpa_mode}" in
			CCMP-CCMP)
				pairwise="CCMP"
				group="CCMP"
				;;
			CCMP-TKIP)
				pairwise="CCMP"
				group="TKIP"
				;;
			TKIP-TKIP)
				pairwise="TKIP"
				group="TKIP"
				;;
			*)
				pairwise="CCMP TKIP"
				group="CCMP TKIP"
				;;
		esac
	fi

	(
		echo "network={"

		if [ -n "${ssid}" ]; then
			echo "	ssid=\"${ssid}\""
		fi
		if [ "${wireless}" = "true" ]; then
			echo "	scan_ssid=1"
		fi
		if [ -n "${auth_alg}" ]; then
			echo "	auth_alg=${auth_alg}"
		fi
		if [ -n "${key_mgmt}" ]; then
			echo "	key_mgmt=${key_mgmt}"
		fi
		if [ -n "${psk}" ]; then
			if [ "${key_mgmt}" = "SAE" ]; then
				echo "	sae_password=\"${psk}\""
			else
				echo "	psk=\"${psk}\""
			fi
		fi
		if [ -n "${wep_tx_keyidx}" ]; then
			echo "	wep_tx_keyidx=${wep_tx_keyidx}"
		fi
		if [ -n "${wep_key0}" ]; then
			echo "	wep_key0=\"${wep_key0}\""
		fi
		if [ -n "${proto}" ]; then
			echo "	proto=${proto}"
		fi
		if [ -n "${pairwise}" -a -n "${group}" ]; then
			echo "	pairwise=${pairwise}"
			echo "	group=${group}"
		fi
		if [ -n "${priority}" ]; then
			echo "	priority=${priority}"
		fi
		if [ -n "${ieee80211w}" ]; then
			echo "	ieee80211w=${ieee80211w}"
		fi

		# EAP
		if [ "${mode}" = "EAP" ]; then
			if [ -n "${auth_mode}" ]; then
				echo "	eap=${auth_mode}"
			else
				echo "	eap=PEAP TTLS"
			fi

			if [ "${auth_mode}" = "TTLS" -a -n "${anonymous_identity}" ]; then
				echo "	anonymous_identity=\"${anonymous_identity}\""
			fi

			if [ -n "${identity}" -a -n "${password}" ]; then
				echo "	identity=\"${identity}\""
				echo "	password=\"${password}\""
			fi
		fi

		echo "}"
		echo
	) >> ${config}
}

function wpa_supplicant_start() {
	local device=${1}
	local config="/etc/wpa_supplicant.conf"

	# Write configuration file.
	wpa_supplicant_make_config ${device} ${config}
	[ $? -eq 0 ] || return 0

	# Build wpa_supplicant command line.
	local wpa_suppl_cmd="wpa_supplicant -B -qqq -i${device} -c${config}"

	if ! device_is_wireless ${device}; then
		wpa_suppl_cmd="${wpa_suppl_cmd} -Dwired"
	fi

	# Run the shiz.
	boot_mesg "Starting wireless client on ${RED_DEV}..."
	loadproc ${wpa_suppl_cmd}

	# Run wpa_cli to handle reconnection events.
	boot_mesg "Starting wireless event handler on ${RED_DEV}..."
	wpa_cli -B -a /etc/rc.d/init.d/networking/wpa_supplicant.exe
}

function wpa_supplicant_stop() {
	boot_mesg "Stopping wireless event handler on ${RED_DEV}..."
	killproc wpa_cli

	# wpa_cli does not send a disconnect event when get stopped.
	# So we manually have to send it to the wpa_supplicant.exe.
	/etc/rc.d/init.d/networking/wpa_supplicant.exe "${RED_DEV}" DISCONNECTED

	boot_mesg "Stopping wireless client on ${RED_DEV}..."
	killproc wpa_supplicant

	# Tidy up /tmp directory.
	rm -f /tmp/wpa_ctrl_*
}

case "${1}" in
	start)
		if [ -n "${RED_DEV}" ] && device_is_wireless ${RED_DEV}; then
			wpa_supplicant_start ${RED_DEV}
		fi
		;;

	stop)
		if [ -n "${RED_DEV}" ] && device_is_wireless ${RED_DEV}; then
			wpa_supplicant_stop
		fi
		;;

	restart)
		${0} stop
		sleep 1
		${0} start
		;;

	status)
		statusproc wpa_supplicant
		;;

	*)
		echo "Usage: ${0} {start|stop|restart|status}"
		exit 1
		;;
esac
Commit	Line	Data
61027579	1	#!/bin/sh
66c36198 PM	2	###############################################################################
	3	# #
	4	# IPFire.org - A linux based firewall #
	5	# Copyright (C) 2007-2022 IPFire Team <info@ipfire.org> #
	6	# #
	7	# This program is free software: you can redistribute it and/or modify #
	8	# it under the terms of the GNU General Public License as published by #
	9	# the Free Software Foundation, either version 3 of the License, or #
	10	# (at your option) any later version. #
	11	# #
	12	# This program is distributed in the hope that it will be useful, #
	13	# but WITHOUT ANY WARRANTY; without even the implied warranty of #
	14	# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
	15	# GNU General Public License for more details. #
	16	# #
	17	# You should have received a copy of the GNU General Public License #
	18	# along with this program. If not, see <http://www.gnu.org/licenses/>. #
	19	# #
	20	###############################################################################
61027579 MT	21
	22	. /etc/sysconfig/rc
	23	. ${rc_functions}
	24
	25	eval $(/usr/local/bin/readhash /var/ipfire/ethernet/settings)
	26
	27	WIRELESS_CONFIG="/var/ipfire/ethernet/wireless"
	28
	29	function device_is_wireless() {
	30	local device=${1}
	31
	32	if [ -d "/sys/class/net/${device}/wireless" ]; then
	33	return 0
	34	fi
	35
	36	return 1
	37	}
	38
	39	function wpa_supplicant_make_config() {
	40	local device=${1}
	41	local config=${2}
	42	shift 2
	43
	44	# Check if device is wireless.
	45	local wireless="false"
	46	if device_is_wireless ${device}; then
	47	wireless="true"
	48	fi
	49
	50	# Write a configuration file header.
	51	(
	52	echo "#"
	53	echo "# THIS FILE IS AUTOMATICALLY GENERATED AND"
	54	echo "# ANY CUSTOM CHANGES WILL BE OVERWRITTEN!"
	55	echo "#"
	56	echo
	57	echo "ctrl_interface=/var/run/wpa_supplicant"
	58	echo
	59	) > ${config}
	60
	61	local items=0
	62
	63	local line
	64	while IFS="," read -ra line; do
	65	# Skip commented lines.
	66	[ "${line:0:1}" = "#" ] && continue
	67
	68	# Skip disabled entries.
	69	[ "${line[2]}" = "on" ] \|\| continue
	70
	71	wpa_supplicant_config_line \
	72	${device} ${config} \
	73	--wireless="${wireless}" \
	74	--mode="${line[3]}" \
	75	--wpa-mode="${line[4]}" \
	76	--ssid="${line[5]}" \
	77	--psk="${line[6]}" \
f2c94780 MT	78	--priority="${line[7]}" \
	79	--auth-mode="${line[8]}" \
	80	--anonymous-identity="${line[9]}" \
	81	--identity="${line[10]}" \
	82	--password="${line[11]}"
61027579 MT	83
	84	items=$(( ${items} + 1 ))
	85
	86	done < ${WIRELESS_CONFIG}
	87
	88	# Return exit code 2, when there are no entries in the
	89	# configuration file.
	90	if [ "${items}" = "0" ]; then
	91	return 2
	92	fi
	93
	94	return 0
	95	}
	96
	97	function wpa_supplicant_config_line() {
	98	local device=${1}
	99	local config=${2}
	100	shift 2
	101
5addf347	102	local ieee80211w
f2c94780	103	local anonymous_identity
61027579	104	local auth_alg
f2c94780 MT	105	local auth_mode
f2c94780 MT	106	local identity
61027579 MT	107	local proto
	108	local key_mgmt
	109	local pairwise
	110	local group
	111	local mode
f2c94780	112	local password
61027579 MT	113	local priority
	114	local psk
	115	local ssid
	116	local wep_tx_keyidx
	117	local wep_key0
	118	local wireless="true"
	119	local wpa_mode
	120
	121	while [ $# -gt 0 ]; do
	122	case "${1}" in
f2c94780 MT	123	--anonymous-identity=*)
	124	anonymous_identity=${1#--anonymous-identity=}
	125	;;
	126	--auth-mode=*)
	127	auth_mode=${1#--auth-mode=}
	128	;;
	129	--identity=*)
	130	identity=${1#--identity=}
	131	;;
61027579 MT	132	--mode=*)
	133	mode=${1#--mode=}
	134	;;
f2c94780 MT	135	--password=*)
	136	password=${1#--password=}
	137	;;
61027579 MT	138	--priority=*)
	139	priority=${1#--priority=}
	140	;;
	141	--psk=*)
	142	psk=${1#--psk=}
	143	;;
	144	--ssid=*)
	145	ssid=${1#--ssid=}
	146	;;
	147	--wireless=*)
	148	wireless=${1#--wireless=}
	149	;;
	150	--wpa-mode=*)
	151	wpa_mode=${1#--wpa-mode=}
	152	;;
	153	esac
	154	shift
	155	done
	156
	157	case "${mode}" in
f2c94780	158	EAP)
3403eb30	159	key_mgmt="WPA-EAP-SHA256 WPA-EAP"
f2c94780	160	;;
5addf347 MT	161	WPA3)
	162	key_mgmt="SAE"
	163
	164	ieee80211w="2"
	165	;;
61027579 MT	166	WPA2)
	167	auth_alg="OPEN"
	168	proto="RSN"
3403eb30	169	key_mgmt="WPA-PSK-SHA256 WPA-PSK"
61027579 MT	170	;;
	171	WPA)
	172	auth_alg="OPEN"
	173	proto="WPA"
3403eb30	174	key_mgmt="WPA-PSK-SHA256 WPA-PSK"
61027579 MT	175	;;
	176	WEP)
	177	auth_alg="SHARED"
	178	key_mgmt="NONE"
	179
	180	wep_tx_keyidx=0
	181	wep_key0=${psk}
	182	psk=""
	183	;;
	184	NONE)
	185	auth_alg="OPEN"
	186	key_mgmt="NONE"
	187	;;
	188	*)
	189	# Unsupported mode.
	190	return 1
	191	;;
	192	esac
	193
f2c94780	194	if [ "${mode}" = "EAP" -o "${mode}" = "WPA" -o "${mode}" = "WPA2" ]; then
61027579 MT	195	case "${wpa_mode}" in
	196	CCMP-CCMP)
	197	pairwise="CCMP"
	198	group="CCMP"
	199	;;
	200	CCMP-TKIP)
	201	pairwise="CCMP"
	202	group="TKIP"
	203	;;
	204	TKIP-TKIP)
	205	pairwise="TKIP"
	206	group="TKIP"
	207	;;
	208	*)
	209	pairwise="CCMP TKIP"
	210	group="CCMP TKIP"
	211	;;
	212	esac
	213	fi
	214
	215	(
	216	echo "network={"
	217
	218	if [ -n "${ssid}" ]; then
	219	echo " ssid=\"${ssid}\""
	220	fi
	221	if [ "${wireless}" = "true" ]; then
	222	echo " scan_ssid=1"
	223	fi
	224	if [ -n "${auth_alg}" ]; then
	225	echo " auth_alg=${auth_alg}"
	226	fi
	227	if [ -n "${key_mgmt}" ]; then
	228	echo " key_mgmt=${key_mgmt}"
	229	fi
	230	if [ -n "${psk}" ]; then
5addf347 MT	231	if [ "${key_mgmt}" = "SAE" ]; then
	232	echo " sae_password=\"${psk}\""
	233	else
	234	echo " psk=\"${psk}\""
	235	fi
61027579 MT	236	fi
	237	if [ -n "${wep_tx_keyidx}" ]; then
	238	echo " wep_tx_keyidx=${wep_tx_keyidx}"
	239	fi
	240	if [ -n "${wep_key0}" ]; then
	241	echo " wep_key0=\"${wep_key0}\""
	242	fi
	243	if [ -n "${proto}" ]; then
	244	echo " proto=${proto}"
	245	fi
	246	if [ -n "${pairwise}" -a -n "${group}" ]; then
	247	echo " pairwise=${pairwise}"
	248	echo " group=${group}"
	249	fi
	250	if [ -n "${priority}" ]; then
	251	echo " priority=${priority}"
	252	fi
5addf347 MT	253	if [ -n "${ieee80211w}" ]; then
	254	echo " ieee80211w=${ieee80211w}"
	255	fi
61027579	256
f2c94780 MT	257	# EAP
	258	if [ "${mode}" = "EAP" ]; then
	259	if [ -n "${auth_mode}" ]; then
	260	echo " eap=${auth_mode}"
	261	else
	262	echo " eap=PEAP TTLS"
	263	fi
	264
	265	if [ "${auth_mode}" = "TTLS" -a -n "${anonymous_identity}" ]; then
	266	echo " anonymous_identity=\"${anonymous_identity}\""
	267	fi
	268
	269	if [ -n "${identity}" -a -n "${password}" ]; then
	270	echo " identity=\"${identity}\""
	271	echo " password=\"${password}\""
	272	fi
	273	fi
	274
61027579 MT	275	echo "}"
	276	echo
	277	) >> ${config}
	278	}
	279
	280	function wpa_supplicant_start() {
	281	local device=${1}
	282	local config="/etc/wpa_supplicant.conf"
	283
	284	# Write configuration file.
	285	wpa_supplicant_make_config ${device} ${config}
	286	[ $? -eq 0 ] \|\| return 0
	287
	288	# Build wpa_supplicant command line.
	289	local wpa_suppl_cmd="wpa_supplicant -B -qqq -i${device} -c${config}"
	290
55209df3	291	if ! device_is_wireless ${device}; then
61027579 MT	292	wpa_suppl_cmd="${wpa_suppl_cmd} -Dwired"
	293	fi
	294
	295	# Run the shiz.
	296	boot_mesg "Starting wireless client on ${RED_DEV}..."
	297	loadproc ${wpa_suppl_cmd}
	298
	299	# Run wpa_cli to handle reconnection events.
	300	boot_mesg "Starting wireless event handler on ${RED_DEV}..."
	301	wpa_cli -B -a /etc/rc.d/init.d/networking/wpa_supplicant.exe
	302	}
	303
	304	function wpa_supplicant_stop() {
	305	boot_mesg "Stopping wireless event handler on ${RED_DEV}..."
	306	killproc wpa_cli
	307
71ea0d68 SS	308	# wpa_cli does not send a disconnect event when get stopped.
	309	# So we manually have to send it to the wpa_supplicant.exe.
	310	/etc/rc.d/init.d/networking/wpa_supplicant.exe "${RED_DEV}" DISCONNECTED
	311
61027579 MT	312	boot_mesg "Stopping wireless client on ${RED_DEV}..."
61027579 MT	313	killproc wpa_supplicant
66c36198	314
71ea0d68 SS	315	# Tidy up /tmp directory.
71ea0d68 SS	316	rm -f /tmp/wpa_ctrl_*
61027579 MT	317	}
	318
	319	case "${1}" in
	320	start)
	321	if [ -n "${RED_DEV}" ] && device_is_wireless ${RED_DEV}; then
	322	wpa_supplicant_start ${RED_DEV}
	323	fi
	324	;;
	325
	326	stop)
	327	if [ -n "${RED_DEV}" ] && device_is_wireless ${RED_DEV}; then
	328	wpa_supplicant_stop
	329	fi
	330	;;
	331
	332	restart)
	333	${0} stop
	334	sleep 1
	335	${0} start
	336	;;
	337
	338	status)
	339	statusproc wpa_supplicant
	340	;;
	341
	342	*)
	343	echo "Usage: ${0} {start\|stop\|restart\|status}"
	344	exit 1
	345	;;
	346	esac