[people/stevee/network.git] / src / functions / functions.wpa_supplicant

#!/bin/bash
###############################################################################
#                                                                             #
# IPFire.org - A linux based firewall                                         #
# Copyright (C) 2012  IPFire Network Development Team                         #
#                                                                             #
# This program is free software: you can redistribute it and/or modify        #
# it under the terms of the GNU General Public License as published by        #
# the Free Software Foundation, either version 3 of the License, or           #
# (at your option) any later version.                                         #
#                                                                             #
# This program is distributed in the hope that it will be useful,             #
# but WITHOUT ANY WARRANTY; without even the implied warranty of              #
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the               #
# GNU General Public License for more details.                                #
#                                                                             #
# You should have received a copy of the GNU General Public License           #
# along with this program.  If not, see <http://www.gnu.org/licenses/>.       #
#                                                                             #
###############################################################################

WPA_SUPPLICANT_SOCKET_DIR="${RUN_DIR}/wpa_supplicant/ctrl"

wpa_supplicant_config_write() {
	local device="${1}"
	shift

	assert isset device

	local file="${WPA_SUPPLICANT_CONF_DIR}/${device}.conf"

	local ap_scan=1 mode key ssid
	local channel

	local arg
	for arg in "$@"; do
		case "${arg}" in
			--ap-scan=*)
				ap_scan=$(cli_get_val "${arg}")
				;;
			--channel=*)
				channel=$(cli_get_val "${arg}")
				;;
			--mode=*)
				mode=$(cli_get_val "${arg}")

				# Empty signals no encryption.
				isset mode || mode="NONE"
				;;
			--ssid=*)
				ssid=$(cli_get_val "${arg}")
				;;
			--key=*)
				key=$(cli_get_val "${arg}")
				;;
			*)
				error "Unrecognized argument: ${arg}"
				return ${EXIT_ERROR}
				;;
		esac
	done

	assert isinteger ap_scan
	assert isset mode

	local auth_alg key_mgmt proto ssid psk wep_key0 wep_tx_keyidx
	local operation_mode
	local country_code="$(wireless_get_reg_domain)"

	case "${mode}" in
		# Normal WPA.
		WPA-PSK)
			auth_alg="OPEN"
			key_mgmt="WPA-PSK"
			proto="WPA"
			pairwise="CCMP TKIP"
			group="CCMP TKIP WEP104 WEP40"
			;;

		# WPA with stronger algorithms.
		WPA-PSK-SHA256)
			auth_alg="OPEN"
			key_mgmt="WPA-PSK-SHA256"
			proto="WPA"
			pairwise="CCMP TKIP"
			group="CCMP TKIP WEP104 WEP40"
			;;

		# Normal WPA2 (802.11i).
		WPA2-PSK)
			auth_alg="OPEN"
			key_mgmt="WPA-PSK"
			proto="RSN"
			pairwise="CCMP TKIP"
			group="CCMP TKIP WEP104 WEP40"
			;;

		# WPA2 with stronger algorithms.
		WPA2-PSK-SHA256)
			auth_alg="OPEN"
			key_mgmt="WPA-PSK-SHA256"
			proto="RSN"
			pairwise="CCMP TKIP"
			group="CCMP TKIP WEP104 WEP40"
			;;

		# WEP.
		WEP)
			auth_alg="SHARED"
			wep_key0="${key}"
			wep_tx_keyidx="0"

			# Reset PSK.
			psk=""
			;;

		# IEEE 802.1X
		8021X)
			key_mgmt="IEEE8021X"
			;;

		# IEEE 802.11s without authentication
		802.11s)
			operation_mode="mesh"

			# Use SAE when we got a PSK
			if isset key; then
				key_mgmt="SAE"
			else
				key_mgmt="NONE"
			fi
			;;

		# No encryption. DANGEROUS!
		NONE)
			auth_alg="OPEN"
			key_mgmt="NONE"
			;;
		*)
			log ERROR "Unknown mode: ${mode}"
			return ${EXIT_ERROR}
			;;
	esac

	# Ensure we can write the file
	make_parent_directory "${file}"

	config_header "WPA supplicant configuration file" > ${file}

	# AP scanning/selection
	print "ap_scan=${ap_scan}" >> ${file}

	# Set country code, if known.
	if isset country_code; then
		print "country=\"${country_code}\"" >> ${file}
	fi

	# Set control socket directory.
	print "ctrl_interface=${WPA_SUPPLICANT_SOCKET_DIR}" >> ${file}

	(
		print # Network section
		print "network={"

		if isset auth_alg; then
			print "	auth_alg=${auth_alg}"
		fi

		if isset key_mgmt; then
			print "	key_mgmt=${key_mgmt}"
		fi

		if isset proto; then
			print "	proto=${proto}"
		fi

		if isset ssid; then
			print "	ssid=\"${ssid}\""
		fi

		if isset key; then
			print "	psk=\"${key}\""
		fi

		# Operation Mode
		case "${operation_mode}" in
			ibss)
				print "	mode=1"
				;;
			mesh)
				print "	mode=5"
				;;
		esac

		# Frequency
		if isset channel; then
			print "	frequency=$(wireless_channel_to_frequency "${channel}")"
		fi

		if isset wep_key0; then
			print "	wep_key0=\"${wep_key0}\""
		fi

		if isset wep_tx_keyidx; then
			print "	wep_tx_keyidx=${wep_tx_keyidx}"
		fi

		print "}"
	) >> ${file}

	return ${EXIT_OK}
}

wpa_supplicant_config_destroy() {
	local device="${1}"
	assert isset device

	file_delete "${WPA_SUPPLICANT_CONF_DIR}/${device}.conf"
}

wpa_supplicant_start() {
	local device=${1}
	assert isset device

	service_start "wpa_supplicant@${device}.service"
}

wpa_supplicant_stop() {
	local device=${1}
	assert isset device

	service_stop "wpa_supplicant@${device}.service"
}

wpa_supplicant_client() {
	local device=${1}
	assert isset device
	shift

	local cmd="$@"
	assert isset cmd

	# Run the command and return the output.
	cmd wpa_cli -p${WPA_SUPPLICANT_SOCKET_DIR} -i${device} ${cmd}
}

wpa_cli_status() {
	local device=${1}
	assert isset device

	wpa_supplicant_client ${device} status verbose
}

wpa_cli_status_get() {
	local device=${1}
	assert isset device

	local arg=${2}
	assert isset arg

	local line key
	while read -r line; do
		key=$(cli_get_key ${line})

		if [ "${key}" = "${arg}" ]; then
			cli_get_val "${line}"
			return ${EXIT_OK}
		fi
	done <<< "$(wpa_cli_status ${device})"

	return ${EXIT_ERROR}
}

wpa_cli_bss() {
	local device=${1}
	assert isset device

	local bss=${2}
	assert isset bss

	wpa_supplicant_client ${device} bss ${bss}
}

wpa_cli_bss_get() {
	local device=${1}
	assert isset device

	local bss=${2}
	assert isset bss

	local arg=${3}
	assert isset arg

	local line key
	while read -r line; do
		key=$(cli_get_key ${line})

		if [ "${key}" = "${arg}" ]; then
			cli_get_val "${line}"
			return ${EXIT_OK}
		fi
	done <<< "$(wpa_cli_bss ${device} ${bss})"

	return ${EXIT_ERROR}
}

wpa_cli_bss_get_frequency() {
	local device=${1}
	assert isset device

	local bssid=${2}
	assert isset bssid

	wpa_cli_bss_get ${device} ${bssid} freq
}

wpa_cli_bss_get_noise() {
	local device=${1}
	assert isset device

	local bssid=${2}
	assert isset bssid

	wpa_cli_bss_get ${device} ${bssid} noise
}

wpa_cli_bss_get_quality() {
	local device=${1}
	assert isset device

	local bssid=${2}
	assert isset bssid

	local quality=$(wpa_cli_bss_get ${device} ${bssid} qual)

	# Convert to percent
	print $(( ${quality} * 100 / 70 ))
}

wpa_cli_bss_get_flags() {
	local device=${1}
	assert isset device

	local bssid=${2}
	assert isset bssid

	wpa_cli_bss_get ${device} ${bssid} flags
}
Commit	Line	Data
6d4eec4c MT	1	#!/bin/bash
	2	###############################################################################
	3	# #
	4	# IPFire.org - A linux based firewall #
	5	# Copyright (C) 2012 IPFire Network Development Team #
	6	# #
	7	# This program is free software: you can redistribute it and/or modify #
	8	# it under the terms of the GNU General Public License as published by #
	9	# the Free Software Foundation, either version 3 of the License, or #
	10	# (at your option) any later version. #
	11	# #
	12	# This program is distributed in the hope that it will be useful, #
	13	# but WITHOUT ANY WARRANTY; without even the implied warranty of #
	14	# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
	15	# GNU General Public License for more details. #
	16	# #
	17	# You should have received a copy of the GNU General Public License #
	18	# along with this program. If not, see <http://www.gnu.org/licenses/>. #
	19	# #
	20	###############################################################################
	21
22a61046 MT	22	WPA_SUPPLICANT_SOCKET_DIR="${RUN_DIR}/wpa_supplicant/ctrl"
22a61046 MT	23
1c6a4e30	24	wpa_supplicant_config_write() {
02807ad2 MT	25	local device="${1}"
02807ad2 MT	26	shift
6d4eec4c	27
02807ad2	28	assert isset device
6d4eec4c	29
231bce76	30	local file="${WPA_SUPPLICANT_CONF_DIR}/${device}.conf"
22a61046	31
31670741	32	local ap_scan=1 mode key ssid
4c1a5e6d	33	local channel
22a61046 MT	34
	35	local arg
	36	for arg in "$@"; do
	37	case "${arg}" in
	38	--ap-scan=*)
2212045f	39	ap_scan=$(cli_get_val "${arg}")
22a61046	40	;;
4c1a5e6d MT	41	--channel=*)
	42	channel=$(cli_get_val "${arg}")
	43	;;
22a61046	44	--mode=*)
2212045f	45	mode=$(cli_get_val "${arg}")
22a61046 MT	46
	47	# Empty signals no encryption.
	48	isset mode \|\| mode="NONE"
6d4eec4c	49	;;
22a61046	50	--ssid=*)
2212045f	51	ssid=$(cli_get_val "${arg}")
6d4eec4c MT	52	;;
6d4eec4c MT	53	--key=*)
2212045f	54	key=$(cli_get_val "${arg}")
22a61046 MT	55	;;
	56	*)
	57	error "Unrecognized argument: ${arg}"
	58	return ${EXIT_ERROR}
6d4eec4c MT	59	;;
6d4eec4c MT	60	esac
6d4eec4c MT	61	done
6d4eec4c MT	62
22a61046 MT	63	assert isinteger ap_scan
	64	assert isset mode
	65
	66	local auth_alg key_mgmt proto ssid psk wep_key0 wep_tx_keyidx
4c1a5e6d	67	local operation_mode
31670741	68	local country_code="$(wireless_get_reg_domain)"
22a61046 MT	69
	70	case "${mode}" in
	71	# Normal WPA.
	72	WPA-PSK)
	73	auth_alg="OPEN"
	74	key_mgmt="WPA-PSK"
	75	proto="WPA"
	76	pairwise="CCMP TKIP"
	77	group="CCMP TKIP WEP104 WEP40"
	78	;;
	79
	80	# WPA with stronger algorithms.
	81	WPA-PSK-SHA256)
	82	auth_alg="OPEN"
	83	key_mgmt="WPA-PSK-SHA256"
	84	proto="WPA"
	85	pairwise="CCMP TKIP"
	86	group="CCMP TKIP WEP104 WEP40"
	87	;;
	88
	89	# Normal WPA2 (802.11i).
	90	WPA2-PSK)
	91	auth_alg="OPEN"
	92	key_mgmt="WPA-PSK"
	93	proto="RSN"
	94	pairwise="CCMP TKIP"
	95	group="CCMP TKIP WEP104 WEP40"
	96	;;
	97
	98	# WPA2 with stronger algorithms.
	99	WPA2-PSK-SHA256)
	100	auth_alg="OPEN"
	101	key_mgmt="WPA-PSK-SHA256"
	102	proto="RSN"
	103	pairwise="CCMP TKIP"
	104	group="CCMP TKIP WEP104 WEP40"
	105	;;
	106
	107	# WEP.
	108	WEP)
	109	auth_alg="SHARED"
	110	wep_key0="${key}"
	111	wep_tx_keyidx="0"
	112
	113	# Reset PSK.
	114	psk=""
	115	;;
	116
	117	# IEEE 802.1X
	118	8021X)
	119	key_mgmt="IEEE8021X"
	120	;;
	121
4c1a5e6d MT	122	# IEEE 802.11s without authentication
	123	802.11s)
	124	operation_mode="mesh"
	125
	126	# Use SAE when we got a PSK
b7b18ba3	127	if isset key; then
4c1a5e6d MT	128	key_mgmt="SAE"
	129	else
	130	key_mgmt="NONE"
	131	fi
	132	;;
	133
22a61046 MT	134	# No encryption. DANGEROUS!
	135	NONE)
	136	auth_alg="OPEN"
	137	key_mgmt="NONE"
	138	;;
	139	*)
	140	log ERROR "Unknown mode: ${mode}"
	141	return ${EXIT_ERROR}
	142	;;
	143	esac
	144
231bce76	145	# Ensure we can write the file
46954be3	146	make_parent_directory "${file}"
22a61046 MT	147
	148	config_header "WPA supplicant configuration file" > ${file}
	149
	150	# AP scanning/selection
	151	print "ap_scan=${ap_scan}" >> ${file}
	152
	153	# Set country code, if known.
	154	if isset country_code; then
	155	print "country=\"${country_code}\"" >> ${file}
	156	fi
	157
	158	# Set control socket directory.
	159	print "ctrl_interface=${WPA_SUPPLICANT_SOCKET_DIR}" >> ${file}
	160
	161	(
	162	print # Network section
	163	print "network={"
	164
	165	if isset auth_alg; then
	166	print " auth_alg=${auth_alg}"
	167	fi
	168
	169	if isset key_mgmt; then
	170	print " key_mgmt=${key_mgmt}"
	171	fi
	172
	173	if isset proto; then
	174	print " proto=${proto}"
	175	fi
6d4eec4c	176
22a61046	177	if isset ssid; then
aaf34099	178	print " ssid=\"${ssid}\""
22a61046 MT	179	fi
	180
	181	if isset key; then
	182	print " psk=\"${key}\""
	183	fi
	184
4c1a5e6d MT	185	# Operation Mode
	186	case "${operation_mode}" in
	187	ibss)
	188	print " mode=1"
	189	;;
	190	mesh)
	191	print " mode=5"
	192	;;
	193	esac
	194
	195	# Frequency
	196	if isset channel; then
	197	print " frequency=$(wireless_channel_to_frequency "${channel}")"
	198	fi
	199
22a61046 MT	200	if isset wep_key0; then
	201	print " wep_key0=\"${wep_key0}\""
	202	fi
	203
	204	if isset wep_tx_keyidx; then
	205	print " wep_tx_keyidx=${wep_tx_keyidx}"
	206	fi
	207
	208	print "}"
	209	) >> ${file}
	210
	211	return ${EXIT_OK}
6d4eec4c MT	212	}
6d4eec4c MT	213
02807ad2 MT	214	wpa_supplicant_config_destroy() {
	215	local device="${1}"
	216	assert isset device
	217
231bce76	218	file_delete "${WPA_SUPPLICANT_CONF_DIR}/${device}.conf"
6d4eec4c MT	219	}
6d4eec4c MT	220
1c6a4e30	221	wpa_supplicant_start() {
6d4eec4c	222	local device=${1}
22a61046	223	assert isset device
6d4eec4c	224
22a61046 MT	225	service_start "wpa_supplicant@${device}.service"
22a61046 MT	226	}
6d4eec4c	227
1c6a4e30	228	wpa_supplicant_stop() {
22a61046 MT	229	local device=${1}
22a61046 MT	230	assert isset device
6d4eec4c	231
22a61046 MT	232	service_stop "wpa_supplicant@${device}.service"
	233	}
	234
1c6a4e30	235	wpa_supplicant_client() {
22a61046 MT	236	local device=${1}
	237	assert isset device
	238	shift
6d4eec4c	239
22a61046 MT	240	local cmd="$@"
	241	assert isset cmd
	242
	243	# Run the command and return the output.
	244	cmd wpa_cli -p${WPA_SUPPLICANT_SOCKET_DIR} -i${device} ${cmd}
6d4eec4c MT	245	}
6d4eec4c MT	246
1c6a4e30	247	wpa_cli_status() {
6d4eec4c	248	local device=${1}
22a61046 MT	249	assert isset device
	250
	251	wpa_supplicant_client ${device} status verbose
	252	}
6d4eec4c	253
1c6a4e30	254	wpa_cli_status_get() {
22a61046	255	local device=${1}
6d4eec4c MT	256	assert isset device
6d4eec4c MT	257
22a61046 MT	258	local arg=${2}
22a61046 MT	259	assert isset arg
6d4eec4c	260
22a61046 MT	261	local line key
	262	while read -r line; do
	263	key=$(cli_get_key ${line})
6d4eec4c	264
22a61046 MT	265	if [ "${key}" = "${arg}" ]; then
	266	cli_get_val "${line}"
	267	return ${EXIT_OK}
	268	fi
	269	done <<< "$(wpa_cli_status ${device})"
	270
	271	return ${EXIT_ERROR}
6d4eec4c MT	272	}
6d4eec4c MT	273
1c6a4e30	274	wpa_cli_bss() {
6d4eec4c	275	local device=${1}
22a61046 MT	276	assert isset device
	277
	278	local bss=${2}
	279	assert isset bss
6d4eec4c	280
22a61046 MT	281	wpa_supplicant_client ${device} bss ${bss}
	282	}
	283
1c6a4e30	284	wpa_cli_bss_get() {
22a61046	285	local device=${1}
6d4eec4c MT	286	assert isset device
6d4eec4c MT	287
22a61046 MT	288	local bss=${2}
22a61046 MT	289	assert isset bss
6d4eec4c	290
22a61046 MT	291	local arg=${3}
22a61046 MT	292	assert isset arg
6d4eec4c	293
22a61046 MT	294	local line key
	295	while read -r line; do
	296	key=$(cli_get_key ${line})
	297
	298	if [ "${key}" = "${arg}" ]; then
	299	cli_get_val "${line}"
	300	return ${EXIT_OK}
	301	fi
	302	done <<< "$(wpa_cli_bss ${device} ${bss})"
	303
	304	return ${EXIT_ERROR}
6d4eec4c MT	305	}
6d4eec4c MT	306
1c6a4e30	307	wpa_cli_bss_get_frequency() {
6d4eec4c	308	local device=${1}
6d4eec4c MT	309	assert isset device
6d4eec4c MT	310
22a61046 MT	311	local bssid=${2}
22a61046 MT	312	assert isset bssid
6d4eec4c	313
22a61046 MT	314	wpa_cli_bss_get ${device} ${bssid} freq
22a61046 MT	315	}
6d4eec4c	316
1c6a4e30	317	wpa_cli_bss_get_noise() {
22a61046 MT	318	local device=${1}
	319	assert isset device
	320
	321	local bssid=${2}
	322	assert isset bssid
	323
	324	wpa_cli_bss_get ${device} ${bssid} noise
6d4eec4c MT	325	}
6d4eec4c MT	326
1c6a4e30	327	wpa_cli_bss_get_quality() {
22a61046 MT	328	local device=${1}
22a61046 MT	329	assert isset device
6d4eec4c	330
22a61046 MT	331	local bssid=${2}
	332	assert isset bssid
	333
324c09bc MT	334	local quality=$(wpa_cli_bss_get ${device} ${bssid} qual)
	335
	336	# Convert to percent
	337	print $(( ${quality} * 100 / 70 ))
6d4eec4c MT	338	}
6d4eec4c MT	339
1c6a4e30	340	wpa_cli_bss_get_flags() {
22a61046 MT	341	local device=${1}
	342	assert isset device
	343
	344	local bssid=${2}
	345	assert isset bssid
6d4eec4c	346
22a61046	347	wpa_cli_bss_get ${device} ${bssid} flags
6d4eec4c	348	}