]>
Commit | Line | Data |
---|---|---|
61027579 | 1 | #!/bin/sh |
66c36198 PM |
2 | ############################################################################### |
3 | # # | |
4 | # IPFire.org - A linux based firewall # | |
5 | # Copyright (C) 2007-2022 IPFire Team <info@ipfire.org> # | |
6 | # # | |
7 | # This program is free software: you can redistribute it and/or modify # | |
8 | # it under the terms of the GNU General Public License as published by # | |
9 | # the Free Software Foundation, either version 3 of the License, or # | |
10 | # (at your option) any later version. # | |
11 | # # | |
12 | # This program is distributed in the hope that it will be useful, # | |
13 | # but WITHOUT ANY WARRANTY; without even the implied warranty of # | |
14 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # | |
15 | # GNU General Public License for more details. # | |
16 | # # | |
17 | # You should have received a copy of the GNU General Public License # | |
18 | # along with this program. If not, see <http://www.gnu.org/licenses/>. # | |
19 | # # | |
20 | ############################################################################### | |
61027579 MT |
21 | |
22 | . /etc/sysconfig/rc | |
23 | . ${rc_functions} | |
24 | ||
25 | eval $(/usr/local/bin/readhash /var/ipfire/ethernet/settings) | |
26 | ||
27 | WIRELESS_CONFIG="/var/ipfire/ethernet/wireless" | |
28 | ||
29 | function device_is_wireless() { | |
30 | local device=${1} | |
31 | ||
32 | if [ -d "/sys/class/net/${device}/wireless" ]; then | |
33 | return 0 | |
34 | fi | |
35 | ||
36 | return 1 | |
37 | } | |
38 | ||
39 | function wpa_supplicant_make_config() { | |
40 | local device=${1} | |
41 | local config=${2} | |
42 | shift 2 | |
43 | ||
44 | # Check if device is wireless. | |
45 | local wireless="false" | |
46 | if device_is_wireless ${device}; then | |
47 | wireless="true" | |
48 | fi | |
49 | ||
50 | # Write a configuration file header. | |
51 | ( | |
52 | echo "#" | |
53 | echo "# THIS FILE IS AUTOMATICALLY GENERATED AND" | |
54 | echo "# ANY CUSTOM CHANGES WILL BE OVERWRITTEN!" | |
55 | echo "#" | |
56 | echo | |
57 | echo "ctrl_interface=/var/run/wpa_supplicant" | |
58 | echo | |
59 | ) > ${config} | |
60 | ||
61 | local items=0 | |
62 | ||
63 | local line | |
64 | while IFS="," read -ra line; do | |
65 | # Skip commented lines. | |
66 | [ "${line:0:1}" = "#" ] && continue | |
67 | ||
68 | # Skip disabled entries. | |
69 | [ "${line[2]}" = "on" ] || continue | |
70 | ||
71 | wpa_supplicant_config_line \ | |
72 | ${device} ${config} \ | |
73 | --wireless="${wireless}" \ | |
74 | --mode="${line[3]}" \ | |
75 | --wpa-mode="${line[4]}" \ | |
76 | --ssid="${line[5]}" \ | |
77 | --psk="${line[6]}" \ | |
f2c94780 MT |
78 | --priority="${line[7]}" \ |
79 | --auth-mode="${line[8]}" \ | |
80 | --anonymous-identity="${line[9]}" \ | |
81 | --identity="${line[10]}" \ | |
82 | --password="${line[11]}" | |
61027579 MT |
83 | |
84 | items=$(( ${items} + 1 )) | |
85 | ||
86 | done < ${WIRELESS_CONFIG} | |
87 | ||
88 | # Return exit code 2, when there are no entries in the | |
89 | # configuration file. | |
90 | if [ "${items}" = "0" ]; then | |
91 | return 2 | |
92 | fi | |
93 | ||
94 | return 0 | |
95 | } | |
96 | ||
97 | function wpa_supplicant_config_line() { | |
98 | local device=${1} | |
99 | local config=${2} | |
100 | shift 2 | |
101 | ||
5addf347 | 102 | local ieee80211w |
f2c94780 | 103 | local anonymous_identity |
61027579 | 104 | local auth_alg |
f2c94780 MT |
105 | local auth_mode |
106 | local identity | |
61027579 MT |
107 | local proto |
108 | local key_mgmt | |
109 | local pairwise | |
110 | local group | |
111 | local mode | |
f2c94780 | 112 | local password |
61027579 MT |
113 | local priority |
114 | local psk | |
115 | local ssid | |
116 | local wep_tx_keyidx | |
117 | local wep_key0 | |
118 | local wireless="true" | |
119 | local wpa_mode | |
120 | ||
121 | while [ $# -gt 0 ]; do | |
122 | case "${1}" in | |
f2c94780 MT |
123 | --anonymous-identity=*) |
124 | anonymous_identity=${1#--anonymous-identity=} | |
125 | ;; | |
126 | --auth-mode=*) | |
127 | auth_mode=${1#--auth-mode=} | |
128 | ;; | |
129 | --identity=*) | |
130 | identity=${1#--identity=} | |
131 | ;; | |
61027579 MT |
132 | --mode=*) |
133 | mode=${1#--mode=} | |
134 | ;; | |
f2c94780 MT |
135 | --password=*) |
136 | password=${1#--password=} | |
137 | ;; | |
61027579 MT |
138 | --priority=*) |
139 | priority=${1#--priority=} | |
140 | ;; | |
141 | --psk=*) | |
142 | psk=${1#--psk=} | |
143 | ;; | |
144 | --ssid=*) | |
145 | ssid=${1#--ssid=} | |
146 | ;; | |
147 | --wireless=*) | |
148 | wireless=${1#--wireless=} | |
149 | ;; | |
150 | --wpa-mode=*) | |
151 | wpa_mode=${1#--wpa-mode=} | |
152 | ;; | |
153 | esac | |
154 | shift | |
155 | done | |
156 | ||
157 | case "${mode}" in | |
f2c94780 | 158 | EAP) |
3403eb30 | 159 | key_mgmt="WPA-EAP-SHA256 WPA-EAP" |
f2c94780 | 160 | ;; |
5addf347 MT |
161 | WPA3) |
162 | key_mgmt="SAE" | |
163 | ||
164 | ieee80211w="2" | |
165 | ;; | |
61027579 MT |
166 | WPA2) |
167 | auth_alg="OPEN" | |
168 | proto="RSN" | |
3403eb30 | 169 | key_mgmt="WPA-PSK-SHA256 WPA-PSK" |
61027579 MT |
170 | ;; |
171 | WPA) | |
172 | auth_alg="OPEN" | |
173 | proto="WPA" | |
3403eb30 | 174 | key_mgmt="WPA-PSK-SHA256 WPA-PSK" |
61027579 MT |
175 | ;; |
176 | WEP) | |
177 | auth_alg="SHARED" | |
178 | key_mgmt="NONE" | |
179 | ||
180 | wep_tx_keyidx=0 | |
181 | wep_key0=${psk} | |
182 | psk="" | |
183 | ;; | |
184 | NONE) | |
185 | auth_alg="OPEN" | |
186 | key_mgmt="NONE" | |
187 | ;; | |
188 | *) | |
189 | # Unsupported mode. | |
190 | return 1 | |
191 | ;; | |
192 | esac | |
193 | ||
f2c94780 | 194 | if [ "${mode}" = "EAP" -o "${mode}" = "WPA" -o "${mode}" = "WPA2" ]; then |
61027579 MT |
195 | case "${wpa_mode}" in |
196 | CCMP-CCMP) | |
197 | pairwise="CCMP" | |
198 | group="CCMP" | |
199 | ;; | |
200 | CCMP-TKIP) | |
201 | pairwise="CCMP" | |
202 | group="TKIP" | |
203 | ;; | |
204 | TKIP-TKIP) | |
205 | pairwise="TKIP" | |
206 | group="TKIP" | |
207 | ;; | |
208 | *) | |
209 | pairwise="CCMP TKIP" | |
210 | group="CCMP TKIP" | |
211 | ;; | |
212 | esac | |
213 | fi | |
214 | ||
215 | ( | |
216 | echo "network={" | |
217 | ||
218 | if [ -n "${ssid}" ]; then | |
219 | echo " ssid=\"${ssid}\"" | |
220 | fi | |
221 | if [ "${wireless}" = "true" ]; then | |
222 | echo " scan_ssid=1" | |
223 | fi | |
224 | if [ -n "${auth_alg}" ]; then | |
225 | echo " auth_alg=${auth_alg}" | |
226 | fi | |
227 | if [ -n "${key_mgmt}" ]; then | |
228 | echo " key_mgmt=${key_mgmt}" | |
229 | fi | |
230 | if [ -n "${psk}" ]; then | |
5addf347 MT |
231 | if [ "${key_mgmt}" = "SAE" ]; then |
232 | echo " sae_password=\"${psk}\"" | |
233 | else | |
234 | echo " psk=\"${psk}\"" | |
235 | fi | |
61027579 MT |
236 | fi |
237 | if [ -n "${wep_tx_keyidx}" ]; then | |
238 | echo " wep_tx_keyidx=${wep_tx_keyidx}" | |
239 | fi | |
240 | if [ -n "${wep_key0}" ]; then | |
241 | echo " wep_key0=\"${wep_key0}\"" | |
242 | fi | |
243 | if [ -n "${proto}" ]; then | |
244 | echo " proto=${proto}" | |
245 | fi | |
246 | if [ -n "${pairwise}" -a -n "${group}" ]; then | |
247 | echo " pairwise=${pairwise}" | |
248 | echo " group=${group}" | |
249 | fi | |
250 | if [ -n "${priority}" ]; then | |
251 | echo " priority=${priority}" | |
252 | fi | |
5addf347 MT |
253 | if [ -n "${ieee80211w}" ]; then |
254 | echo " ieee80211w=${ieee80211w}" | |
255 | fi | |
61027579 | 256 | |
f2c94780 MT |
257 | # EAP |
258 | if [ "${mode}" = "EAP" ]; then | |
259 | if [ -n "${auth_mode}" ]; then | |
260 | echo " eap=${auth_mode}" | |
261 | else | |
262 | echo " eap=PEAP TTLS" | |
263 | fi | |
264 | ||
265 | if [ "${auth_mode}" = "TTLS" -a -n "${anonymous_identity}" ]; then | |
266 | echo " anonymous_identity=\"${anonymous_identity}\"" | |
267 | fi | |
268 | ||
269 | if [ -n "${identity}" -a -n "${password}" ]; then | |
270 | echo " identity=\"${identity}\"" | |
271 | echo " password=\"${password}\"" | |
272 | fi | |
273 | fi | |
274 | ||
61027579 MT |
275 | echo "}" |
276 | echo | |
277 | ) >> ${config} | |
278 | } | |
279 | ||
280 | function wpa_supplicant_start() { | |
281 | local device=${1} | |
282 | local config="/etc/wpa_supplicant.conf" | |
283 | ||
284 | # Write configuration file. | |
285 | wpa_supplicant_make_config ${device} ${config} | |
286 | [ $? -eq 0 ] || return 0 | |
287 | ||
288 | # Build wpa_supplicant command line. | |
289 | local wpa_suppl_cmd="wpa_supplicant -B -qqq -i${device} -c${config}" | |
290 | ||
55209df3 | 291 | if ! device_is_wireless ${device}; then |
61027579 MT |
292 | wpa_suppl_cmd="${wpa_suppl_cmd} -Dwired" |
293 | fi | |
294 | ||
295 | # Run the shiz. | |
296 | boot_mesg "Starting wireless client on ${RED_DEV}..." | |
297 | loadproc ${wpa_suppl_cmd} | |
298 | ||
299 | # Run wpa_cli to handle reconnection events. | |
300 | boot_mesg "Starting wireless event handler on ${RED_DEV}..." | |
301 | wpa_cli -B -a /etc/rc.d/init.d/networking/wpa_supplicant.exe | |
302 | } | |
303 | ||
304 | function wpa_supplicant_stop() { | |
305 | boot_mesg "Stopping wireless event handler on ${RED_DEV}..." | |
306 | killproc wpa_cli | |
307 | ||
71ea0d68 SS |
308 | # wpa_cli does not send a disconnect event when get stopped. |
309 | # So we manually have to send it to the wpa_supplicant.exe. | |
310 | /etc/rc.d/init.d/networking/wpa_supplicant.exe "${RED_DEV}" DISCONNECTED | |
311 | ||
61027579 MT |
312 | boot_mesg "Stopping wireless client on ${RED_DEV}..." |
313 | killproc wpa_supplicant | |
66c36198 | 314 | |
71ea0d68 SS |
315 | # Tidy up /tmp directory. |
316 | rm -f /tmp/wpa_ctrl_* | |
61027579 MT |
317 | } |
318 | ||
319 | case "${1}" in | |
320 | start) | |
321 | if [ -n "${RED_DEV}" ] && device_is_wireless ${RED_DEV}; then | |
322 | wpa_supplicant_start ${RED_DEV} | |
323 | fi | |
324 | ;; | |
325 | ||
326 | stop) | |
327 | if [ -n "${RED_DEV}" ] && device_is_wireless ${RED_DEV}; then | |
328 | wpa_supplicant_stop | |
329 | fi | |
330 | ;; | |
331 | ||
332 | restart) | |
333 | ${0} stop | |
334 | sleep 1 | |
335 | ${0} start | |
336 | ;; | |
337 | ||
338 | status) | |
339 | statusproc wpa_supplicant | |
340 | ;; | |
341 | ||
342 | *) | |
343 | echo "Usage: ${0} {start|stop|restart|status}" | |
344 | exit 1 | |
345 | ;; | |
346 | esac |