]> git.ipfire.org Git - ipfire-2.x.git/blob - src/initscripts/system/wlanclient
projects / ipfire-2.x.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
suricata: Change midstream policy to "pass-flow"
[ipfire-2.x.git] / src / initscripts / system / wlanclient
1 #!/bin/sh
2 ###############################################################################
3 # #
4 # IPFire.org - A linux based firewall #
5 # Copyright (C) 2007-2022 IPFire Team <info@ipfire.org> #
6 # #
7 # This program is free software: you can redistribute it and/or modify #
8 # it under the terms of the GNU General Public License as published by #
9 # the Free Software Foundation, either version 3 of the License, or #
10 # (at your option) any later version. #
11 # #
12 # This program is distributed in the hope that it will be useful, #
13 # but WITHOUT ANY WARRANTY; without even the implied warranty of #
14 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
15 # GNU General Public License for more details. #
16 # #
17 # You should have received a copy of the GNU General Public License #
18 # along with this program. If not, see <http://www.gnu.org/licenses/>. #
19 # #
20 ###############################################################################
21
22 . /etc/sysconfig/rc
23 . ${rc_functions}
24
25 eval $(/usr/local/bin/readhash /var/ipfire/ethernet/settings)
26
27 WIRELESS_CONFIG="/var/ipfire/ethernet/wireless"
28
29 function device_is_wireless() {
30 local device=${1}
31
32 if [ -d "/sys/class/net/${device}/wireless" ]; then
33 return 0
34 fi
35
36 return 1
37 }
38
39 function wpa_supplicant_make_config() {
40 local device=${1}
41 local config=${2}
42 shift 2
43
44 # Check if device is wireless.
45 local wireless="false"
46 if device_is_wireless ${device}; then
47 wireless="true"
48 fi
49
50 # Write a configuration file header.
51 (
52 echo "#"
53 echo "# THIS FILE IS AUTOMATICALLY GENERATED AND"
54 echo "# ANY CUSTOM CHANGES WILL BE OVERWRITTEN!"
55 echo "#"
56 echo
57 echo "ctrl_interface=/var/run/wpa_supplicant"
58 echo
59 ) > ${config}
60
61 local items=0
62
63 local line
64 while IFS="," read -ra line; do
65 # Skip commented lines.
66 [ "${line:0:1}" = "#" ] && continue
67
68 # Skip disabled entries.
69 [ "${line[2]}" = "on" ] || continue
70
71 wpa_supplicant_config_line \
72 ${device} ${config} \
73 --wireless="${wireless}" \
74 --mode="${line[3]}" \
75 --wpa-mode="${line[4]}" \
76 --ssid="${line[5]}" \
77 --psk="${line[6]}" \
78 --priority="${line[7]}" \
79 --auth-mode="${line[8]}" \
80 --anonymous-identity="${line[9]}" \
81 --identity="${line[10]}" \
82 --password="${line[11]}"
83
84 items=$(( ${items} + 1 ))
85
86 done < ${WIRELESS_CONFIG}
87
88 # Return exit code 2, when there are no entries in the
89 # configuration file.
90 if [ "${items}" = "0" ]; then
91 return 2
92 fi
93
94 return 0
95 }
96
97 function wpa_supplicant_config_line() {
98 local device=${1}
99 local config=${2}
100 shift 2
101
102 local ieee80211w
103 local anonymous_identity
104 local auth_alg
105 local auth_mode
106 local identity
107 local proto
108 local key_mgmt
109 local pairwise
110 local group
111 local mode
112 local password
113 local priority
114 local psk
115 local ssid
116 local wep_tx_keyidx
117 local wep_key0
118 local wireless="true"
119 local wpa_mode
120
121 while [ $# -gt 0 ]; do
122 case "${1}" in
123 --anonymous-identity=*)
124 anonymous_identity=${1#--anonymous-identity=}
125 ;;
126 --auth-mode=*)
127 auth_mode=${1#--auth-mode=}
128 ;;
129 --identity=*)
130 identity=${1#--identity=}
131 ;;
132 --mode=*)
133 mode=${1#--mode=}
134 ;;
135 --password=*)
136 password=${1#--password=}
137 ;;
138 --priority=*)
139 priority=${1#--priority=}
140 ;;
141 --psk=*)
142 psk=${1#--psk=}
143 ;;
144 --ssid=*)
145 ssid=${1#--ssid=}
146 ;;
147 --wireless=*)
148 wireless=${1#--wireless=}
149 ;;
150 --wpa-mode=*)
151 wpa_mode=${1#--wpa-mode=}
152 ;;
153 esac
154 shift
155 done
156
157 case "${mode}" in
158 EAP)
159 key_mgmt="WPA-EAP-SHA256 WPA-EAP"
160 ;;
161 WPA3)
162 key_mgmt="SAE"
163
164 ieee80211w="2"
165 ;;
166 WPA2)
167 auth_alg="OPEN"
168 proto="RSN"
169 key_mgmt="WPA-PSK-SHA256 WPA-PSK"
170 ;;
171 WPA)
172 auth_alg="OPEN"
173 proto="WPA"
174 key_mgmt="WPA-PSK-SHA256 WPA-PSK"
175 ;;
176 WEP)
177 auth_alg="SHARED"
178 key_mgmt="NONE"
179
180 wep_tx_keyidx=0
181 wep_key0=${psk}
182 psk=""
183 ;;
184 NONE)
185 auth_alg="OPEN"
186 key_mgmt="NONE"
187 ;;
188 *)
189 # Unsupported mode.
190 return 1
191 ;;
192 esac
193
194 if [ "${mode}" = "EAP" -o "${mode}" = "WPA" -o "${mode}" = "WPA2" ]; then
195 case "${wpa_mode}" in
196 CCMP-CCMP)
197 pairwise="CCMP"
198 group="CCMP"
199 ;;
200 CCMP-TKIP)
201 pairwise="CCMP"
202 group="TKIP"
203 ;;
204 TKIP-TKIP)
205 pairwise="TKIP"
206 group="TKIP"
207 ;;
208 *)
209 pairwise="CCMP TKIP"
210 group="CCMP TKIP"
211 ;;
212 esac
213 fi
214
215 (
216 echo "network={"
217
218 if [ -n "${ssid}" ]; then
219 echo " ssid=\"${ssid}\""
220 fi
221 if [ "${wireless}" = "true" ]; then
222 echo " scan_ssid=1"
223 fi
224 if [ -n "${auth_alg}" ]; then
225 echo " auth_alg=${auth_alg}"
226 fi
227 if [ -n "${key_mgmt}" ]; then
228 echo " key_mgmt=${key_mgmt}"
229 fi
230 if [ -n "${psk}" ]; then
231 if [ "${key_mgmt}" = "SAE" ]; then
232 echo " sae_password=\"${psk}\""
233 else
234 echo " psk=\"${psk}\""
235 fi
236 fi
237 if [ -n "${wep_tx_keyidx}" ]; then
238 echo " wep_tx_keyidx=${wep_tx_keyidx}"
239 fi
240 if [ -n "${wep_key0}" ]; then
241 echo " wep_key0=\"${wep_key0}\""
242 fi
243 if [ -n "${proto}" ]; then
244 echo " proto=${proto}"
245 fi
246 if [ -n "${pairwise}" -a -n "${group}" ]; then
247 echo " pairwise=${pairwise}"
248 echo " group=${group}"
249 fi
250 if [ -n "${priority}" ]; then
251 echo " priority=${priority}"
252 fi
253 if [ -n "${ieee80211w}" ]; then
254 echo " ieee80211w=${ieee80211w}"
255 fi
256
257 # EAP
258 if [ "${mode}" = "EAP" ]; then
259 if [ -n "${auth_mode}" ]; then
260 echo " eap=${auth_mode}"
261 else
262 echo " eap=PEAP TTLS"
263 fi
264
265 if [ "${auth_mode}" = "TTLS" -a -n "${anonymous_identity}" ]; then
266 echo " anonymous_identity=\"${anonymous_identity}\""
267 fi
268
269 if [ -n "${identity}" -a -n "${password}" ]; then
270 echo " identity=\"${identity}\""
271 echo " password=\"${password}\""
272 fi
273 fi
274
275 echo "}"
276 echo
277 ) >> ${config}
278 }
279
280 function wpa_supplicant_start() {
281 local device=${1}
282 local config="/etc/wpa_supplicant.conf"
283
284 # Write configuration file.
285 wpa_supplicant_make_config ${device} ${config}
286 [ $? -eq 0 ] || return 0
287
288 # Build wpa_supplicant command line.
289 local wpa_suppl_cmd="wpa_supplicant -B -qqq -i${device} -c${config}"
290
291 if ! device_is_wireless ${device}; then
292 wpa_suppl_cmd="${wpa_suppl_cmd} -Dwired"
293 fi
294
295 # Run the shiz.
296 boot_mesg "Starting wireless client on ${RED_DEV}..."
297 loadproc ${wpa_suppl_cmd}
298
299 # Run wpa_cli to handle reconnection events.
300 boot_mesg "Starting wireless event handler on ${RED_DEV}..."
301 wpa_cli -B -a /etc/rc.d/init.d/networking/wpa_supplicant.exe
302 }
303
304 function wpa_supplicant_stop() {
305 boot_mesg "Stopping wireless event handler on ${RED_DEV}..."
306 killproc wpa_cli
307
308 # wpa_cli does not send a disconnect event when get stopped.
309 # So we manually have to send it to the wpa_supplicant.exe.
310 /etc/rc.d/init.d/networking/wpa_supplicant.exe "${RED_DEV}" DISCONNECTED
311
312 boot_mesg "Stopping wireless client on ${RED_DEV}..."
313 killproc wpa_supplicant
314
315 # Tidy up /tmp directory.
316 rm -f /tmp/wpa_ctrl_*
317 }
318
319 case "${1}" in
320 start)
321 if [ -n "${RED_DEV}" ] && device_is_wireless ${RED_DEV}; then
322 wpa_supplicant_start ${RED_DEV}
323 fi
324 ;;
325
326 stop)
327 if [ -n "${RED_DEV}" ] && device_is_wireless ${RED_DEV}; then
328 wpa_supplicant_stop
329 fi
330 ;;
331
332 restart)
333 ${0} stop
334 sleep 1
335 ${0} start
336 ;;
337
338 status)
339 statusproc wpa_supplicant
340 ;;
341
342 *)
343 echo "Usage: ${0} {start|stop|restart|status}"
344 exit 1
345 ;;
346 esac
IPFire 2.x development tree