#!/bin/bash ############################################################################### # # # IPFire.org - A linux based firewall # # Copyright (C) 2010 Michael Tremer & Christian Schmidt # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # # the Free Software Foundation, either version 3 of the License, or # # (at your option) any later version. # # # # This program is distributed in the hope that it will be useful, # # but WITHOUT ANY WARRANTY; without even the implied warranty of # # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # # GNU General Public License for more details. # # # # You should have received a copy of the GNU General Public License # # along with this program. If not, see . # # # ############################################################################### . /usr/lib/network/header-port HOOK_PORT_PATTERN="${PORT_PATTERN_ACCESSPOINT}" HOOK_SETTINGS=( "ADDRESS" "BROADCAST_SSID" "CHANNEL" "CHANNEL_BANDWIDTH" "DFS" "ENVIRONMENT" "MFP" "MODE" "PHY" "SECRET" "SSID" "WPA3_PERSONAL" "WPA2_PERSONAL" ) # Disable WPA3+2 by default DEFAULT_WPA3_PERSONAL="off" DEFAULT_WPA2_PERSONAL="off" # Broadcast SSID by default DEFAULT_BROADCAST_SSID="on" # Perform radar detection by default when possible DEFAULT_DFS="on" # 802.11w - Management Frame Protection DEFAULT_MFP="on" DEFAULT_ENVIRONMENT="${WIRELESS_DEFAULT_ENVIRONMENT}" hook_check_settings() { assert isset ADDRESS assert ismac ADDRESS assert isset BROADCAST_SSID assert isbool BROADCAST_SSID assert isset CHANNEL assert isbool DFS assert isbool MFP assert isset MODE assert isoneof MODE ${HOSTAPD_SUPPORTED_MODES} assert isset PHY assert ismac PHY assert isset SSID assert wireless_environment_is_valid "${ENVIRONMENT}" } hook_parse_cmdline() { while [ $# -gt 0 ]; do case "${1}" in --broadcast-ssid=*) BROADCAST_SSID=$(cli_get_val "${1}") ;; --channel=*) CHANNEL=$(cli_get_val "${1}") ;; --channel-bandwidth=*) CHANNEL_BANDWIDTH="$(cli_get_val "${1}")" ;; --dfs=*) DFS="$(cli_get_bool "${1}")" ;; --environment=*) ENVIRONMENT="$(cli_get_val "${1}")" if ! wireless_environment_is_valid "${ENVIRONMENT}"; then error "Invalid wireless environment: ${ENVIRONMENT}" return ${EXIT_ERROR} fi ;; --mac=*) ADDRESS=$(cli_get_val "${1}") ;; --mfp=*) MFP="$(cli_get_bool "${1}")" ;; --mode=*) MODE=$(cli_get_val "${1}") if ! isoneof MODE ${HOSTAPD_SUPPORTED_MODES}; then error "Unsupported mode: ${MODE}" error "Mode must be one of ${HOSTAPD_SUPPORTED_MODES}" return ${EXIT_ERROR} fi ;; --phy=*) PHY=$(cli_get_val "${1}") ;; --secret=*) SECRET="$(cli_get_val "${1}")" ;; --ssid=*) SSID=$(cli_get_val "${1}") ;; --wpa2-personal=*) WPA2_PERSONAL="$(cli_get_bool "${1}")" ;; --wpa3-personal=*) WPA3_PERSONAL="$(cli_get_bool "${1}")" ;; *) warning "Ignoring unknown argument '${1}'" ;; esac shift done # Generate a random MAC address if none is set if ! isset ADDRESS; then ADDRESS="$(mac_generate)" fi # MODE must be set if ! isset MODE; then error "--mode is not set" return ${EXIT_ERROR} fi # Automatically enable ACS if no channel is set and ACS is available if ! isset CHANNEL && phy_supports_acs "${PHY}"; then CHANNEL="0" log INFO "Automatic Channel Selection (ACS) enabled" fi # Channel bandwidth must match the mode if isset CHANNEL_BANDWIDTH && ! wireless_channel_bandwidth_is_valid "${MODE}" "${CHANNEL_BANDWIDTH}"; then error "Channel Bandwidth '${CHANNEL_BANDWIDTH}' is not supported for ${MODE}" return ${EXIT_ERROR} fi # Check if SECRET is set when WPA* is enabled if enabled WPA3_PERSONAL || enabled WPA2_PERSONAL; then if ! isset SECRET; then error "Secret is not set when PSK authentication is enabled" return ${EXIT_ERROR} fi # Check if SECRET is valid if ! wireless_pre_shared_key_is_valid "${SECRET}"; then error "The secret is in an invalid format" return ${EXIT_ERROR} fi fi # Save address of phy do identify it again PHY=$(phy_get ${PHY}) PHY=$(phy_get_address ${PHY}) } hook_edit() { local port=${1} assert isset port if ! hook_default_edit "$@"; then return ${EXIT_ERROR} fi # To apply all changes, we need to restart the port port_restart "${port}" } hook_create() { local port="${1}" assert isset port device_exists "${port}" && exit ${EXIT_OK} port_settings_read "${port}" # Check if the PHY is present. local phy=$(phy_get ${PHY}) if ! isset phy; then log DEBUG "phy '${PHY}' is not present" exit ${EXIT_ERROR} fi # Create the wireless device wireless_create "${port}" \ --phy="${phy}" \ --type="ap" \ --address="${ADDRESS}" exit ${EXIT_OK} } hook_remove() { local port="${1}" assert isset port # Remove the device if present if device_exists "${port}"; then wireless_remove "${port}" fi exit ${EXIT_OK} } hook_up() { local port="${1}" assert isset port # The port must already exist before # hostapd is started. Otherwise it will # fail horribly over and over again. assert device_exists "${port}" hostapd_start "${port}" } hook_down() { local port="${1}" assert isset port hostapd_stop "${port}" } hook_hotplug() { local port="${1}" assert isset port case "$(hotplug_action)" in add) # Create the port when the phy is plugged in if hotplug_event_port_uses_phy "${port}"; then hook_create "${port}" fi ;; remove) # Stop hostapd if hotplug_event_port_is_interface "${port}"; then hostapd_stop "${port}" exit ${EXIT_OK} fi ;; esac exit ${EXIT_NOT_HANDLED} }