WIRELESS_NETWORK_SUPPORTED_PSK_MODES="WPA2-PSK-SHA256 WPA2-PSK WPA-PSK-SHA256 WPA-PSK"
-WIRELESS_NETWORK_SUPPORTED_MODES="${WIRELESS_NETWORK_SUPPORTED_PSK_MODES} 802.1X NONE"
+WIRELESS_NETWORK_SUPPORTED_MODES="${WIRELESS_NETWORK_SUPPORTED_PSK_MODES} \
+ 802.1X WPA-EAP NONE"
-WIRELESS_NETWORK_CONFIG_SETTINGS="EAP_MODES ENCRYPTION_MODES PRIORITY PSK SSID"
+WIRELESS_NETWORK_CONFIG_SETTINGS="ANONYMOUS_IDENTITY EAP_MODES HIDDEN \
+ IDENTITY MODES PASSWORD PRIORITY PSK SSID"
cli_wireless_network() {
case "${1}" in
local handle="$(wireless_network_hash "${ssid}")"
case "${key}" in
- encryption_mode|pre_shared_key|priority)
+ modes|pre_shared_key|priority)
wireless_network_${key} "${handle}" "$@"
;;
show)
fi
local ${WIRELESS_NETWORK_CONFIG_SETTINGS}
- ENCRYPTION_MODE="${WIRELESS_DEFAULT_ENCRYPTION_MODE}"
+ MODES="${WIRELESS_NETWORK_SUPPORTED_MODES}"
SSID="${ssid}"
- PRIORITY=500
+ PRIORITY=0
if ! wireless_network_write_config "${handle}"; then
log ERROR "Could not write new config file"
return ${EXIT_OK}
}
-wireless_network_encryption_mode() {
- if [ ! $# -eq 2 ]; then
+wireless_networks_mode_is_valid() {
+ assert [ $# -eq 1 ]
+ local mode=${1}
+
+ if isoneof mode ${WIRELESS_NETWORK_SUPPORTED_MODES}; then
+ return ${EXIT_TRUE}
+ else
+ return ${EXIT_FALSE}
+ fi
+
+}
+
+# WIRELESS_NETWORK_SUPPORTED_MODES
+wireless_network_modes() {
+ if [ ! $# -ge 2 ]; then
log ERROR "Not enough arguments"
return ${EXIT_ERROR}
fi
local handle="${1}"
- local mode="${2}"
+ shift
- if ! isoneof mode ${WIRELESS_VALID_ENCRYPTION_MODES}; then
- log ERROR "Encryption mode '${mode}' is invalid"
+ if [ $# -eq 0 ]; then
+ log ERROR "You must pass at least one value after mode"
return ${EXIT_ERROR}
fi
return ${EXIT_ERROR}
fi
- # Validate the PSK when changing mode and reset if needed
- if isset PSK && [ "${mode}" != "NONE" ] && \
- ! wireless_pre_shared_key_is_valid "${mode}" "${PSK}"; then
- log WARNING "The configured pre-shared-key is incompatible with this encryption mode and has been reset"
- PSK=""
+ # Remove duplicated entries to proceed the list safely
+ MODES="$(list_unique ${MODES})"
+
+ local modes_added
+ local modes_removed
+ local modes_set
+
+ while [ $# -gt 0 ]; do
+ local arg="${1}"
+
+ case "${arg}" in
+ +*)
+ list_append modes_added "${arg:1}"
+ ;;
+ -*)
+ list_append modes_removed "${arg:1}"
+ ;;
+ [A-Z0-9]*)
+ list_append modes_set "${arg}"
+ ;;
+ *)
+ error "Invalid argument: ${arg}"
+ return ${EXIT_ERROR}
+ ;;
+ esac
+ shift
+ done
+
+ # Check if the user is trying a mixed operation
+ if ! list_is_empty modes_set && (! list_is_empty modes_added || ! list_is_empty modes_removed); then
+ error "You cannot reset the modes list and add or remove modes at the same time"
+ return ${EXIT_ERROR}
fi
- # Save new encryption mode
- ENCRYPTION_MODE="${mode}"
+ # Set new modes list
+ if ! list_is_empty modes_set; then
+ # Check if all modes are valid
+ local mode
+ for mode in ${modes_set}; do
+ if ! wireless_networks_mode_is_valid ${mode}; then
+ error "Unsupported mode: ${mode}"
+ return ${EXIT_ERROR}
+ fi
+ done
+
+ MODES="${modes_set}"
+
+ # Perform incremental updates
+ else
+ local modes
+
+ # Perform all removals
+ for mode in ${modes_removed}; do
+ if ! list_remove MODES ${mode}; then
+ warning "${mode} was not on the list and could not be removed"
+ fi
+ done
+
+ for mode in ${modes_added}; do
+ if wireless_networks_mode_is_valid ${mode}; then
+ if ! list_append_unique MODES ${mode}; then
+ warning "${mode} is already on the modes list"
+ fi
+ else
+ warning "${mode} is unknown or unsupported and could not be added"
+ fi
+ done
+ fi
+
+ # Check if the list contain at least one valid mode
+ if list_is_empty MODES; then
+ error "Cannot save an empty mode list"
+ return ${EXIT_ERROR}
+ fi
if ! wireless_network_write_config "${handle}"; then
log ERROR "Could not write configuration settings"
fi
}
+wireless_networks_priority_is_valid() {
+ assert [ $# -eq 1 ]
+
+ local priority=${1}
+
+ if ! isinteger priority || [ ! ${priority} -ge 0 ] || [ ! ${priority} -le 999 ]; then
+ return ${EXIT_FALSE}
+ fi
+
+ return ${EXIT_TRUE}
+}
+
wireless_network_priority() {
if [ ! $# -eq 2 ]; then
log ERROR "Not enough arguments"
local handle="${1}"
local priority=${2}
- if ! isinteger priority && [ ! ${priority} -ge 0 ]; then
- log ERROR "The priority must be an integer greater or eqal zero"
+ if ! wireless_networks_priority_is_valid ${priority}; then
+ error "The priority must be an integer greater or eqal zero and and less then 1000"
return ${EXIT_ERROR}
fi
local mode
for mode in ${WIRELESS_NETWORK_SUPPORTED_MODES}; do
# Skip any disabled modes
- if isset ENCRYPTION_MODES && ! list_match "${mode}" ${ENCRYPTION_MODES}; then
+ if isset MODES && ! list_match "${mode}" ${MODES}; then
continue
fi
assert isset auth_alg
assert isset key_mgmt
+ # Certificate Paths
+ local ca_cert_path="${NETWORK_WIRELESS_NETWORKS_DIR}/${handle}/ca.pem"
+ local client_cert_path="${NETWORK_WIRELESS_NETWORKS_DIR}/${handle}/client.pem"
+ local client_key_path="${NETWORK_WIRELESS_NETWORKS_DIR}/${handle}/client.key"
+
print_indent 0 "# ${SSID}"
print_indent 0 "network={"
print_indent 1 "ssid=\"${SSID}\""
+ # Actively scan for hidden networks
+ if enabled HIDDEN; then
+ print_indent 1 "scan_ssid=1"
+ fi
+
# Priority
if isinteger PRIORITY; then
print_indent 1 "priority=${PRIORITY}"
print
fi
+ if isset IDENTITY; then
+ print_indent 1 "# Credentials"
+ print_indent 1 "identity=\"${IDENTITY}\""
+
+ if isset PASSWORD; then
+ print_indent 1 "password=\"${PASSWORD}\""
+ fi
+
+ if isset ANONYMOUS_IDENTITY; then
+ print_indent 1 "anonymous_identity=\"${ANONYMOUS_IDENTITY}\""
+ fi
+ print
+ fi
+
+ # Client Certificate
+ if file_exists "${client_cert_path}" && file_exists "${client_key_path}"; then
+ print_indent 1 "# Client Certificate"
+ print_indent 1 "client_cert=\"${client_cert_path}\""
+ print_indent 1 "private_key=\"${client_key_path}\""
+ print
+ fi
+
+ # Validate server certificates
+ if file_exists "${ca_cert_path}"; then
+ print_indent 1 "ca_cert=\"${ca_cert_path}\""
+
+ elif isset CA_BUNDLE; then
+ print_indent 1 "ca_cert=\"${CA_BUNDLE}\""
+ fi
+
print_indent 0 "}"
print
}