[people/stevee/network.git] / src / functions / functions.wireless-networks

#!/bin/bash
###############################################################################
#                                                                             #
# IPFire.org - A linux based firewall                                         #
# Copyright (C) 2017  IPFire Network Development Team                         #
#                                                                             #
# This program is free software: you can redistribute it and/or modify        #
# it under the terms of the GNU General Public License as published by        #
# the Free Software Foundation, either version 3 of the License, or           #
# (at your option) any later version.                                         #
#                                                                             #
# This program is distributed in the hope that it will be useful,             #
# but WITHOUT ANY WARRANTY; without even the implied warranty of              #
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the               #
# GNU General Public License for more details.                                #
#                                                                             #
# You should have received a copy of the GNU General Public License           #
# along with this program.  If not, see <http://www.gnu.org/licenses/>.       #
#                                                                             #
###############################################################################

WIRELESS_NETWORK_SUPPORTED_PSK_MODES="WPA2-PSK-SHA256 WPA2-PSK WPA-PSK-SHA256 WPA-PSK"

WIRELESS_NETWORK_SUPPORTED_MODES="${WIRELESS_NETWORK_SUPPORTED_PSK_MODES} 802.1X NONE"

WIRELESS_NETWORK_CONFIG_SETTINGS="ANONYMOUS_IDENTITY EAP_MODES IDENTITY \
	MODES PASSWORD PRIORITY PSK SSID"

cli_wireless_network() {
	case "${1}" in
		new)
			wireless_network_new "${@:2}"
			;;
		destroy)
			wireless_network_destroy "${@:2}"
			;;
		*)
			local ssid="${1}"
			local key="${2//-/_}"
			shift 2

			if ! wireless_network_exists "${ssid}"; then
				error "No such wireless network: ${ssid}"
				return ${EXIT_ERROR}
			fi

			# Convert SSID into usable format
			local handle="$(wireless_network_hash "${ssid}")"

			case "${key}" in
				encryption_mode|pre_shared_key|priority)
					wireless_network_${key} "${handle}" "$@"
					;;
				show)
					wireless_network_show "${handle}"
					exit $?
					;;
				*)
					error "Unrecognized argument: ${key}"
					exit ${EXIT_ERROR}
					;;
			esac
			;;
	esac
}

wireless_network_list() {
	list_directory "${NETWORK_WIRELESS_NETWORKS_DIR}"
}

wireless_network_list_ssids() {
	local handle
	for handle in $(wireless_network_list); do
		local ${WIRELESS_NETWORK_CONFIG_SETTINGS}
		if ! wireless_network_read_config "${handle}"; then
			continue
		fi

		print "${SSID}"
	done
}

# This function writes all values to a via ${ssid} specificated wireless network configuration file
wireless_network_write_config() {
	assert [ $# -ge 1 ]

	local handle="${1}"

	local path="${NETWORK_WIRELESS_NETWORKS_DIR}/${handle}/settings"

	if ! settings_write "${path}" ${WIRELESS_NETWORK_CONFIG_SETTINGS}; then
		log ERROR "Could not write configuration"
		return ${EXIT_ERROR}
	fi

	# When we get here the writing of the config file was successful
	return ${EXIT_OK}
}

# This funtion writes the value for one key to a via ${ssid} specificated
# wireless network configuration file
wireless_network_write_config_key() {
	assert [ $# -ge 3 ]

	local handle="${1}"
	local key="${2}"
	shift 2

	local value="$@"

	local ${WIRELESS_NETWORK_CONFIG_SETTINGS}

	# Read the config settings
	if ! wireless_network_read_config "${handle}"; then
		return ${EXIT_ERROR}
	fi

	log DEBUG "Set '${key}' to new value '${value}' in wireless network '${SSID}'"

	# Set the key to a new value
	assign "${key}" "${value}"

	if ! wireless_network_write_config "${handle}"; then
		return ${EXIT_ERROR}
	fi

	return ${EXIT_OK}
}

# Reads one or more keys out of a settings file or all if no key is provided.
wireless_network_read_config() {
	assert [ $# -ge 1 ]

	local handle="${1}"
	shift

	local args
	if [ $# -eq 0 ] && [ -n "${WIRELESS_NETWORK_CONFIG_SETTINGS}" ]; then
		list_append args ${WIRELESS_NETWORK_CONFIG_SETTINGS}
	else
		list_append args "$@"
	fi

	local path="${NETWORK_WIRELESS_NETWORKS_DIR}/${handle}/settings"

	if ! settings_read "${path}" ${args}; then
		log ERROR "Could not read settings for wireless network ${handle}"
		return ${EXIT_ERROR}
	fi
}

# This function checks if a wireless network exists
# Returns True when yes and false when not
wireless_network_exists() {
	local ssid="${1}"

	local handle="$(wireless_network_hash "${ssid}")"
	assert isset handle

	# We cannot use wireless_network_read_config here beacuse we would end in a loop
	local SSID
	if ! settings_read "${NETWORK_WIRELESS_NETWORKS_DIR}/${handle}/settings" SSID; then
		return ${EXIT_FALSE}
	fi

	if [ "${SSID}" = "${ssid}" ]; then
		return ${EXIT_TRUE}
	else
		return ${EXIT_FALSE}
	fi
}

wireless_network_hash() {
	assert [ $# -eq 1 ]

	local string="${1}"

	local hash=$(echo -n "${string}" | md5sum )
	hash=${hash%%  -}

	local path="${NETWORK_WIRELESS_NETWORKS_DIR}/*${hash}"

	if [ -d "${path}" ]; then
		basename "${path}"
	else
		local normalized=$(normalize "${string}")
		normalized=${normalized%-}
		echo "${normalized}-${hash}"
	fi
}

wireless_network_new() {
	if [ $# -gt 1 ]; then
		error "Too many arguments"
		return ${EXIT_ERROR}
	fi

	local ssid="${1}"

	if ! isset ssid; then
		error "Please provide a SSID"
		return ${EXIT_ERROR}
	fi

	# Check for duplicates
	if wireless_network_exists "${ssid}"; then
		error "The wireless network ${ssid} already exists"
		return ${EXIT_ERROR}
	fi

	local handle="$(wireless_network_hash "${ssid}")"
	assert isset handle

	log DEBUG "Creating wireless network '${ssid}'"

	if ! mkdir -p "${NETWORK_WIRELESS_NETWORKS_DIR}/${handle}"; then
		log ERROR "Could not create config directory for wireless network ${ssid}"
		return ${EXIT_ERROR}
	fi

	local ${WIRELESS_NETWORK_CONFIG_SETTINGS}
	ENCRYPTION_MODE="${WIRELESS_DEFAULT_ENCRYPTION_MODE}"
	SSID="${ssid}"
	PRIORITY=500

	if ! wireless_network_write_config "${handle}"; then
		log ERROR "Could not write new config file"
		return ${EXIT_ERROR}
	fi
}

# Deletes a wireless network
wireless_network_destroy() {
	local ssid="${1}"

	if ! wireless_network_exists "${ssid}"; then
		error "No such wireless network: ${ssid}"
		return ${EXIT_ERROR}
	fi

	local handle="$(wireless_network_hash "${ssid}")"
	assert isset handle

	if ! rm -rf "${NETWORK_WIRELESS_NETWORKS_DIR}/${handle}"; then
		error "Could not delete the wireless network"
		return ${EXIT_ERROR}
	fi

	log INFO "Successfully destroyed wireless network ${ssid}"
	return ${EXIT_OK}
}

wireless_network_encryption_mode() {
	if [ ! $# -eq 2 ]; then
		log ERROR "Not enough arguments"
		return ${EXIT_ERROR}
	fi
	local handle="${1}"
	local mode="${2}"

	if ! isoneof mode ${WIRELESS_VALID_ENCRYPTION_MODES}; then
		log ERROR "Encryption mode '${mode}' is invalid"
		return ${EXIT_ERROR}
	fi

	local ${WIRELESS_NETWORK_CONFIG_SETTINGS}
	if ! wireless_network_read_config "${handle}"; then
		error "Could not read configuration"
		return ${EXIT_ERROR}
	fi

	# Validate the PSK when changing mode and reset if needed
	if isset PSK && [ "${mode}" != "NONE" ] && \
			! wireless_pre_shared_key_is_valid "${mode}" "${PSK}"; then
		log WARNING "The configured pre-shared-key is incompatible with this encryption mode and has been reset"
		PSK=""
	fi

	# Save new encryption mode
	ENCRYPTION_MODE="${mode}"

	if ! wireless_network_write_config "${handle}"; then
		log ERROR "Could not write configuration settings"
		return ${EXIT_ERROR}
	fi
}

wireless_network_pre_shared_key() {
	if [ ! $# -eq 2 ]; then
		log ERROR "Not enough arguments"
		return ${EXIT_ERROR}
	fi

	local handle="${1}"
	local psk="${2}"

	local ${WIRELESS_NETWORK_CONFIG_SETTINGS}
	if ! wireless_network_read_config "${handle}"; then
		error "Could not read configuration"
		return ${EXIT_ERROR}
	fi

	# Validate the key if encryption mode is known
	if isset ENCRYPTION_MODE && [ "${ENCRYPTION_MODE}" != "NONE" ]; then
		if ! wireless_pre_share_key_is_valid "${ENCRYPTION_MODE}" "${psk}"; then
			error "The pre-shared-key is invalid for this wireless network: ${psk}"
			return ${EXIT_ERROR}
		fi
	fi

	if ! wireless_network_write_config_key "${handle}" "PSK" "${psk}"; then
		log ERROR "Could not write configuration settings"
		return ${EXIT_ERROR}
	fi
}

wireless_network_priority() {
	if [ ! $# -eq 2 ]; then
		log ERROR "Not enough arguments"
		return ${EXIT_ERROR}
	fi

	local handle="${1}"
	local priority=${2}

	if ! isinteger priority && [ ! ${priority} -ge 0 ]; then
		log ERROR "The priority must be an integer greater or eqal zero"
		return ${EXIT_ERROR}
	fi

	if ! wireless_network_write_config_key "${handle}" "PRIORITY" "${priority}"; then
		log ERROR "Could not write configuration settings"
		return ${EXIT_ERROR}
	fi
}

wireless_networks_write_wpa_supplicant_configuration() {
	local device="${1}"

	local file="${WPA_SUPPLICANT_CONF_DIR}/${device}.conf"

	# Ensure we can write the file
	make_parent_directory "${file}"

	(
		# Write a config header
		wpa_supplicant_config_header

		wireless_networks_to_wpa_supplicant
	) > ${file}
}

wireless_networks_to_wpa_supplicant() {
	local handle
	for handle in $(wireless_network_list); do
		wireless_network_to_wpa_supplicant "${handle}"
	done
}

wireless_network_to_wpa_supplicant() {
	local handle="${1}"

	local ${WIRELESS_NETWORK_CONFIG_SETTINGS}
	if ! wireless_network_read_config "${handle}"; then
		error "Could not read configuration for ${handle}"
		return ${EXIT_ERROR}
	fi

	local auth_alg
	local group
	local key_mgmt
	local pairwise
	local proto

	local mode
	for mode in ${WIRELESS_NETWORK_SUPPORTED_MODES}; do
		# Skip any disabled modes
		if isset MODES && ! list_match "${mode}" ${MODES}; then
			continue
		fi

		case "${mode}" in
			# WPA2 (802.11i)
			WPA2-PSK|WPA2-PSK-SHA256)
				list_append_unique auth_alg	"OPEN"
				list_append_unique key_mgmt	"${mode/WPA2/WPA}"
				list_append_unique proto	"RSN"

				local p
				for p in CCMP TKIP; do
					list_append_unique pairwise "${p}"
				done

				local g
				for g in CCMP TKIP WEP104 WEP40; do
					list_append_unique group "${g}"
				done
				;;

			# WPA
			WPA-PSK|WPA-PSK-SHA256)
				list_append_unique auth_alg	"OPEN"
				list_append_unique key_mgmt	"${mode}"
				list_append_unique proto	"WPA"

				local p
				for p in CCMP TKIP; do
					list_append_unique pairwise "${p}"
				done

				local g
				for g in CCMP TKIP WEP104 WEP40; do
					list_append_unique group "${g}"
				done
				;;

			# 802.1X
			802.1X)
				list_append_unique key_mgmt	"IEEE8021X"
				;;

			# No encryption. DANGEROUS!
			NONE)
				list_append_unique auth_alg "OPEN"
				list_append_unique key_mgmt "NONE"
				;;
		esac
	done

	assert isset auth_alg
	assert isset key_mgmt

	print_indent 0 "# ${SSID}"
	print_indent 0 "network={"
	print_indent 1 "ssid=\"${SSID}\""

	# Priority
	if isinteger PRIORITY; then
		print_indent 1 "priority=${PRIORITY}"
	fi
	print

	# Authentication
	print_indent 1 "# Authentication"
	print_indent 1 "auth_alg=${auth_alg}"
	print_indent 1 "key_mgmt=${key_mgmt}"

	local i
	for i in proto pairwise group; do
		print_indent 1 "${i}=${!i}"
	done
	print

	# PSK
	if isset PSK; then
		print_indent 1 "# Pre Shared Key"
		print_indent 1 "psk=\"${PSK}\""
	fi

	if isset EAP_MODES; then
		print_indent 1 "# EAP"
		print_indent 1 "eap=${EAP_MODES}"
		print
	fi

	if isset IDENTITY; then
		print_indent 1 "# Credentials"
		print_indent 1 "identity=\"${IDENTITY}\""

		if isset PASSWORD; then
			print_indent 1 "password=\"${PASSWORD}\""
		fi

		if isset ANONYMOUS_IDENTITY; then
			print_indent 1 "anonymous_identity=\"${ANONYMOUS_IDENTITY}\""
		fi
		print
	fi

	print_indent 0 "}"
	print
}
Commit	Line	Data
49958b8c MT	1	#!/bin/bash
	2	###############################################################################
	3	# #
	4	# IPFire.org - A linux based firewall #
	5	# Copyright (C) 2017 IPFire Network Development Team #
	6	# #
	7	# This program is free software: you can redistribute it and/or modify #
	8	# it under the terms of the GNU General Public License as published by #
	9	# the Free Software Foundation, either version 3 of the License, or #
	10	# (at your option) any later version. #
	11	# #
	12	# This program is distributed in the hope that it will be useful, #
	13	# but WITHOUT ANY WARRANTY; without even the implied warranty of #
	14	# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
	15	# GNU General Public License for more details. #
	16	# #
	17	# You should have received a copy of the GNU General Public License #
	18	# along with this program. If not, see <http://www.gnu.org/licenses/>. #
	19	# #
	20	###############################################################################
	21
790ab927 MT	22	WIRELESS_NETWORK_SUPPORTED_PSK_MODES="WPA2-PSK-SHA256 WPA2-PSK WPA-PSK-SHA256 WPA-PSK"
790ab927 MT	23
fa25d793	24	WIRELESS_NETWORK_SUPPORTED_MODES="${WIRELESS_NETWORK_SUPPORTED_PSK_MODES} 802.1X NONE"
790ab927	25
26078fa1 MT	26	WIRELESS_NETWORK_CONFIG_SETTINGS="ANONYMOUS_IDENTITY EAP_MODES IDENTITY \
26078fa1 MT	27	MODES PASSWORD PRIORITY PSK SSID"
49958b8c	28
49958b8c	29	cli_wireless_network() {
479b2273 MT	30	case "${1}" in
	31	new)
	32	wireless_network_new "${@:2}"
	33	;;
	34	destroy)
	35	wireless_network_destroy "${@:2}"
	36	;;
	37	*)
	38	local ssid="${1}"
	39	local key="${2//-/_}"
549c5b97	40	shift 2
49958b8c	41
479b2273 MT	42	if ! wireless_network_exists "${ssid}"; then
	43	error "No such wireless network: ${ssid}"
	44	return ${EXIT_ERROR}
	45	fi
49958b8c	46
2f64ac44 MT	47	# Convert SSID into usable format
	48	local handle="$(wireless_network_hash "${ssid}")"
	49
479b2273	50	case "${key}" in
364da6f4	51	encryption_mode\|pre_shared_key\|priority)
2f64ac44	52	wireless_network_${key} "${handle}" "$@"
479b2273 MT	53	;;
479b2273 MT	54	show)
2f64ac44	55	wireless_network_show "${handle}"
479b2273 MT	56	exit $?
	57	;;
	58	*)
	59	error "Unrecognized argument: ${key}"
	60	exit ${EXIT_ERROR}
	61	;;
	62	esac
	63	;;
	64	esac
49958b8c MT	65	}
49958b8c MT	66
d86b2dee MT	67	wireless_network_list() {
	68	list_directory "${NETWORK_WIRELESS_NETWORKS_DIR}"
	69	}
	70
	71	wireless_network_list_ssids() {
	72	local handle
	73	for handle in $(wireless_network_list); do
	74	local ${WIRELESS_NETWORK_CONFIG_SETTINGS}
2f64ac44	75	if ! wireless_network_read_config "${handle}"; then
d86b2dee MT	76	continue
	77	fi
	78
	79	print "${SSID}"
	80	done
	81	}
	82
49958b8c MT	83	# This function writes all values to a via ${ssid} specificated wireless network configuration file
	84	wireless_network_write_config() {
	85	assert [ $# -ge 1 ]
	86
2f64ac44	87	local handle="${1}"
49958b8c	88
2f64ac44	89	local path="${NETWORK_WIRELESS_NETWORKS_DIR}/${handle}/settings"
49958b8c MT	90
49958b8c MT	91	if ! settings_write "${path}" ${WIRELESS_NETWORK_CONFIG_SETTINGS}; then
2f64ac44	92	log ERROR "Could not write configuration"
49958b8c MT	93	return ${EXIT_ERROR}
	94	fi
	95
	96	# When we get here the writing of the config file was successful
	97	return ${EXIT_OK}
	98	}
	99
	100	# This funtion writes the value for one key to a via ${ssid} specificated
	101	# wireless network configuration file
	102	wireless_network_write_config_key() {
	103	assert [ $# -ge 3 ]
	104
2f64ac44	105	local handle="${1}"
49958b8c MT	106	local key="${2}"
	107	shift 2
	108
	109	local value="$@"
	110
49958b8c MT	111	local ${WIRELESS_NETWORK_CONFIG_SETTINGS}
	112
	113	# Read the config settings
2f64ac44	114	if ! wireless_network_read_config "${handle}"; then
49958b8c MT	115	return ${EXIT_ERROR}
	116	fi
	117
2f64ac44 MT	118	log DEBUG "Set '${key}' to new value '${value}' in wireless network '${SSID}'"
2f64ac44 MT	119
49958b8c MT	120	# Set the key to a new value
	121	assign "${key}" "${value}"
	122
2f64ac44	123	if ! wireless_network_write_config "${handle}"; then
49958b8c MT	124	return ${EXIT_ERROR}
	125	fi
	126
	127	return ${EXIT_OK}
	128	}
	129
d86b2dee	130	# Reads one or more keys out of a settings file or all if no key is provided.
2f64ac44	131	wireless_network_read_config() {
d86b2dee MT	132	assert [ $# -ge 1 ]
	133
	134	local handle="${1}"
	135	shift
	136
49958b8c MT	137	local args
	138	if [ $# -eq 0 ] && [ -n "${WIRELESS_NETWORK_CONFIG_SETTINGS}" ]; then
	139	list_append args ${WIRELESS_NETWORK_CONFIG_SETTINGS}
	140	else
	141	list_append args "$@"
	142	fi
	143
d86b2dee	144	local path="${NETWORK_WIRELESS_NETWORKS_DIR}/${handle}/settings"
49958b8c MT	145
49958b8c MT	146	if ! settings_read "${path}" ${args}; then
d86b2dee	147	log ERROR "Could not read settings for wireless network ${handle}"
49958b8c MT	148	return ${EXIT_ERROR}
	149	fi
	150	}
	151
	152	# This function checks if a wireless network exists
	153	# Returns True when yes and false when not
	154	wireless_network_exists() {
49958b8c	155	local ssid="${1}"
49958b8c	156
2f64ac44 MT	157	local handle="$(wireless_network_hash "${ssid}")"
2f64ac44 MT	158	assert isset handle
49958b8c MT	159
	160	# We cannot use wireless_network_read_config here beacuse we would end in a loop
	161	local SSID
2f64ac44	162	if ! settings_read "${NETWORK_WIRELESS_NETWORKS_DIR}/${handle}/settings" SSID; then
49958b8c MT	163	return ${EXIT_FALSE}
	164	fi
	165
2f64ac44	166	if [ "${SSID}" = "${ssid}" ]; then
49958b8c MT	167	return ${EXIT_TRUE}
	168	else
	169	return ${EXIT_FALSE}
	170	fi
	171	}
	172
	173	wireless_network_hash() {
	174	assert [ $# -eq 1 ]
	175
	176	local string="${1}"
	177
	178	local hash=$(echo -n "${string}" \| md5sum )
	179	hash=${hash%% -}
	180
	181	local path="${NETWORK_WIRELESS_NETWORKS_DIR}/*${hash}"
	182
	183	if [ -d "${path}" ]; then
	184	basename "${path}"
	185	else
	186	local normalized=$(normalize "${string}")
	187	normalized=${normalized%-}
	188	echo "${normalized}-${hash}"
	189	fi
	190	}
	191
	192	wireless_network_new() {
	193	if [ $# -gt 1 ]; then
	194	error "Too many arguments"
	195	return ${EXIT_ERROR}
	196	fi
	197
	198	local ssid="${1}"
2f64ac44	199
49958b8c MT	200	if ! isset ssid; then
	201	error "Please provide a SSID"
	202	return ${EXIT_ERROR}
	203	fi
	204
49958b8c MT	205	# Check for duplicates
	206	if wireless_network_exists "${ssid}"; then
	207	error "The wireless network ${ssid} already exists"
	208	return ${EXIT_ERROR}
	209	fi
	210
2f64ac44 MT	211	local handle="$(wireless_network_hash "${ssid}")"
	212	assert isset handle
	213
49958b8c MT	214	log DEBUG "Creating wireless network '${ssid}'"
49958b8c MT	215
2f64ac44	216	if ! mkdir -p "${NETWORK_WIRELESS_NETWORKS_DIR}/${handle}"; then
49958b8c MT	217	log ERROR "Could not create config directory for wireless network ${ssid}"
	218	return ${EXIT_ERROR}
	219	fi
	220
49958b8c	221	local ${WIRELESS_NETWORK_CONFIG_SETTINGS}
1c9e2fa8	222	ENCRYPTION_MODE="${WIRELESS_DEFAULT_ENCRYPTION_MODE}"
49958b8c MT	223	SSID="${ssid}"
	224	PRIORITY=500
	225
2f64ac44	226	if ! wireless_network_write_config "${handle}"; then
49958b8c MT	227	log ERROR "Could not write new config file"
	228	return ${EXIT_ERROR}
	229	fi
	230	}
	231
4b08d574	232	# Deletes a wireless network
49958b8c	233	wireless_network_destroy() {
4b08d574 MT	234	local ssid="${1}"
	235
	236	if ! wireless_network_exists "${ssid}"; then
	237	error "No such wireless network: ${ssid}"
	238	return ${EXIT_ERROR}
	239	fi
	240
2f64ac44 MT	241	local handle="$(wireless_network_hash "${ssid}")"
2f64ac44 MT	242	assert isset handle
4b08d574	243
2f64ac44	244	if ! rm -rf "${NETWORK_WIRELESS_NETWORKS_DIR}/${handle}"; then
4b08d574 MT	245	error "Could not delete the wireless network"
	246	return ${EXIT_ERROR}
	247	fi
	248
	249	log INFO "Successfully destroyed wireless network ${ssid}"
	250	return ${EXIT_OK}
49958b8c MT	251	}
	252
	253	wireless_network_encryption_mode() {
	254	if [ ! $# -eq 2 ]; then
	255	log ERROR "Not enough arguments"
	256	return ${EXIT_ERROR}
	257	fi
2f64ac44	258	local handle="${1}"
49958b8c MT	259	local mode="${2}"
49958b8c MT	260
1c9e2fa8	261	if ! isoneof mode ${WIRELESS_VALID_ENCRYPTION_MODES}; then
49958b8c MT	262	log ERROR "Encryption mode '${mode}' is invalid"
	263	return ${EXIT_ERROR}
	264	fi
	265
549c5b97	266	local ${WIRELESS_NETWORK_CONFIG_SETTINGS}
2f64ac44 MT	267	if ! wireless_network_read_config "${handle}"; then
2f64ac44 MT	268	error "Could not read configuration"
549c5b97 MT	269	return ${EXIT_ERROR}
	270	fi
	271
	272	# Validate the PSK when changing mode and reset if needed
	273	if isset PSK && [ "${mode}" != "NONE" ] && \
	274	! wireless_pre_shared_key_is_valid "${mode}" "${PSK}"; then
	275	log WARNING "The configured pre-shared-key is incompatible with this encryption mode and has been reset"
	276	PSK=""
	277	fi
	278
	279	# Save new encryption mode
	280	ENCRYPTION_MODE="${mode}"
	281
2f64ac44	282	if ! wireless_network_write_config "${handle}"; then
49958b8c MT	283	log ERROR "Could not write configuration settings"
	284	return ${EXIT_ERROR}
	285	fi
	286	}
	287
364da6f4	288	wireless_network_pre_shared_key() {
49958b8c MT	289	if [ ! $# -eq 2 ]; then
	290	log ERROR "Not enough arguments"
	291	return ${EXIT_ERROR}
	292	fi
2f64ac44 MT	293
2f64ac44 MT	294	local handle="${1}"
364da6f4	295	local psk="${2}"
49958b8c	296
549c5b97	297	local ${WIRELESS_NETWORK_CONFIG_SETTINGS}
2f64ac44 MT	298	if ! wireless_network_read_config "${handle}"; then
2f64ac44 MT	299	error "Could not read configuration"
549c5b97 MT	300	return ${EXIT_ERROR}
	301	fi
	302
	303	# Validate the key if encryption mode is known
	304	if isset ENCRYPTION_MODE && [ "${ENCRYPTION_MODE}" != "NONE" ]; then
	305	if ! wireless_pre_share_key_is_valid "${ENCRYPTION_MODE}" "${psk}"; then
	306	error "The pre-shared-key is invalid for this wireless network: ${psk}"
	307	return ${EXIT_ERROR}
	308	fi
	309	fi
	310
2f64ac44	311	if ! wireless_network_write_config_key "${handle}" "PSK" "${psk}"; then
49958b8c MT	312	log ERROR "Could not write configuration settings"
	313	return ${EXIT_ERROR}
	314	fi
	315	}
	316
	317	wireless_network_priority() {
	318	if [ ! $# -eq 2 ]; then
	319	log ERROR "Not enough arguments"
	320	return ${EXIT_ERROR}
	321	fi
2f64ac44 MT	322
2f64ac44 MT	323	local handle="${1}"
49958b8c MT	324	local priority=${2}
	325
	326	if ! isinteger priority && [ ! ${priority} -ge 0 ]; then
	327	log ERROR "The priority must be an integer greater or eqal zero"
	328	return ${EXIT_ERROR}
	329	fi
	330
2f64ac44	331	if ! wireless_network_write_config_key "${handle}" "PRIORITY" "${priority}"; then
49958b8c MT	332	log ERROR "Could not write configuration settings"
	333	return ${EXIT_ERROR}
	334	fi
	335	}
d86b2dee	336
e66e539b MT	337	wireless_networks_write_wpa_supplicant_configuration() {
	338	local device="${1}"
	339
	340	local file="${WPA_SUPPLICANT_CONF_DIR}/${device}.conf"
	341
	342	# Ensure we can write the file
	343	make_parent_directory "${file}"
	344
e66e539b	345	(
f1b49125 MT	346	# Write a config header
f1b49125 MT	347	wpa_supplicant_config_header
e66e539b MT	348
	349	wireless_networks_to_wpa_supplicant
	350	) > ${file}
	351	}
	352
d86b2dee	353	wireless_networks_to_wpa_supplicant() {
2f64ac44 MT	354	local handle
	355	for handle in $(wireless_network_list); do
	356	wireless_network_to_wpa_supplicant "${handle}"
d86b2dee MT	357	done
	358	}
	359
	360	wireless_network_to_wpa_supplicant() {
2f64ac44	361	local handle="${1}"
d86b2dee MT	362
d86b2dee MT	363	local ${WIRELESS_NETWORK_CONFIG_SETTINGS}
2f64ac44 MT	364	if ! wireless_network_read_config "${handle}"; then
2f64ac44 MT	365	error "Could not read configuration for ${handle}"
d86b2dee MT	366	return ${EXIT_ERROR}
	367	fi
	368
	369	local auth_alg
	370	local group
	371	local key_mgmt
	372	local pairwise
	373	local proto
	374
790ab927 MT	375	local mode
	376	for mode in ${WIRELESS_NETWORK_SUPPORTED_MODES}; do
	377	# Skip any disabled modes
0afdbac2	378	if isset MODES && ! list_match "${mode}" ${MODES}; then
790ab927 MT	379	continue
790ab927 MT	380	fi
d86b2dee	381
790ab927 MT	382	case "${mode}" in
	383	# WPA2 (802.11i)
	384	WPA2-PSK\|WPA2-PSK-SHA256)
	385	list_append_unique auth_alg "OPEN"
	386	list_append_unique key_mgmt "${mode/WPA2/WPA}"
	387	list_append_unique proto "RSN"
	388
	389	local p
	390	for p in CCMP TKIP; do
	391	list_append_unique pairwise "${p}"
	392	done
	393
	394	local g
	395	for g in CCMP TKIP WEP104 WEP40; do
	396	list_append_unique group "${g}"
	397	done
	398	;;
	399
	400	# WPA
	401	WPA-PSK\|WPA-PSK-SHA256)
	402	list_append_unique auth_alg "OPEN"
	403	list_append_unique key_mgmt "${mode}"
	404	list_append_unique proto "WPA"
	405
	406	local p
	407	for p in CCMP TKIP; do
	408	list_append_unique pairwise "${p}"
	409	done
	410
	411	local g
	412	for g in CCMP TKIP WEP104 WEP40; do
	413	list_append_unique group "${g}"
	414	done
	415	;;
	416
fa25d793 MT	417	# 802.1X
	418	802.1X)
	419	list_append_unique key_mgmt "IEEE8021X"
	420	;;
	421
790ab927 MT	422	# No encryption. DANGEROUS!
	423	NONE)
	424	list_append_unique auth_alg "OPEN"
	425	list_append_unique key_mgmt "NONE"
	426	;;
	427	esac
	428	done
d86b2dee	429
790ab927 MT	430	assert isset auth_alg
790ab927 MT	431	assert isset key_mgmt
d86b2dee MT	432
d86b2dee MT	433	print_indent 0 "# ${SSID}"
d8d0eefc	434	print_indent 0 "network={"
2f64ac44	435	print_indent 1 "ssid=\"${SSID}\""
028a39d1 MT	436
	437	# Priority
	438	if isinteger PRIORITY; then
	439	print_indent 1 "priority=${PRIORITY}"
	440	fi
d86b2dee MT	441	print
	442
	443	# Authentication
	444	print_indent 1 "# Authentication"
	445	print_indent 1 "auth_alg=${auth_alg}"
	446	print_indent 1 "key_mgmt=${key_mgmt}"
	447
790ab927 MT	448	local i
	449	for i in proto pairwise group; do
	450	print_indent 1 "${i}=${!i}"
	451	done
	452	print
d86b2dee	453
790ab927 MT	454	# PSK
	455	if isset PSK; then
	456	print_indent 1 "# Pre Shared Key"
	457	print_indent 1 "psk=\"${PSK}\""
	458	fi
d86b2dee	459
54948d3c MT	460	if isset EAP_MODES; then
	461	print_indent 1 "# EAP"
	462	print_indent 1 "eap=${EAP_MODES}"
	463	print
	464	fi
	465
26078fa1 MT	466	if isset IDENTITY; then
	467	print_indent 1 "# Credentials"
	468	print_indent 1 "identity=\"${IDENTITY}\""
	469
	470	if isset PASSWORD; then
	471	print_indent 1 "password=\"${PASSWORD}\""
	472	fi
	473
	474	if isset ANONYMOUS_IDENTITY; then
	475	print_indent 1 "anonymous_identity=\"${ANONYMOUS_IDENTITY}\""
	476	fi
	477	print
	478	fi
	479
d86b2dee MT	480	print_indent 0 "}"
	481	print
	482	}