[people/stevee/network.git] / src / functions / functions.wireless-networks

#!/bin/bash
###############################################################################
#                                                                             #
# IPFire.org - A linux based firewall                                         #
# Copyright (C) 2017  IPFire Network Development Team                         #
#                                                                             #
# This program is free software: you can redistribute it and/or modify        #
# it under the terms of the GNU General Public License as published by        #
# the Free Software Foundation, either version 3 of the License, or           #
# (at your option) any later version.                                         #
#                                                                             #
# This program is distributed in the hope that it will be useful,             #
# but WITHOUT ANY WARRANTY; without even the implied warranty of              #
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the               #
# GNU General Public License for more details.                                #
#                                                                             #
# You should have received a copy of the GNU General Public License           #
# along with this program.  If not, see <http://www.gnu.org/licenses/>.       #
#                                                                             #
###############################################################################

WIRELESS_NETWORK_SUPPORTED_PSK_MODES="WPA2-PSK-SHA256 WPA2-PSK WPA-PSK-SHA256 WPA-PSK"

WIRELESS_NETWORK_SUPPORTED_MODES="${WIRELESS_NETWORK_SUPPORTED_PSK_MODES} \
	802.1X WPA-EAP NONE"

WIRELESS_NETWORK_CONFIG_SETTINGS="ANONYMOUS_IDENTITY EAP_MODES HIDDEN \
	IDENTITY MODES PASSWORD PRIORITY PSK SSID"

cli_wireless_network() {
	case "${1}" in
		new)
			wireless_network_new "${@:2}"
			;;
		destroy)
			wireless_network_destroy "${@:2}"
			;;
		*)
			local ssid="${1}"
			local key="${2//-/_}"
			shift 2

			if ! wireless_network_exists "${ssid}"; then
				error "No such wireless network: ${ssid}"
				return ${EXIT_ERROR}
			fi

			# Convert SSID into usable format
			local handle="$(wireless_network_hash "${ssid}")"

			case "${key}" in
				modes|pre_shared_key|priority)
					wireless_network_${key} "${handle}" "$@"
					;;
				show)
					wireless_network_show "${handle}"
					exit $?
					;;
				*)
					error "Unrecognized argument: ${key}"
					exit ${EXIT_ERROR}
					;;
			esac
			;;
	esac
}

wireless_network_list() {
	list_directory "${NETWORK_WIRELESS_NETWORKS_DIR}"
}

wireless_network_list_ssids() {
	local handle
	for handle in $(wireless_network_list); do
		local ${WIRELESS_NETWORK_CONFIG_SETTINGS}
		if ! wireless_network_read_config "${handle}"; then
			continue
		fi

		print "${SSID}"
	done
}

# This function writes all values to a via ${ssid} specificated wireless network configuration file
wireless_network_write_config() {
	assert [ $# -ge 1 ]

	local handle="${1}"

	local path="${NETWORK_WIRELESS_NETWORKS_DIR}/${handle}/settings"

	if ! settings_write "${path}" ${WIRELESS_NETWORK_CONFIG_SETTINGS}; then
		log ERROR "Could not write configuration"
		return ${EXIT_ERROR}
	fi

	# When we get here the writing of the config file was successful
	return ${EXIT_OK}
}

# This funtion writes the value for one key to a via ${ssid} specificated
# wireless network configuration file
wireless_network_write_config_key() {
	assert [ $# -ge 3 ]

	local handle="${1}"
	local key="${2}"
	shift 2

	local value="$@"

	local ${WIRELESS_NETWORK_CONFIG_SETTINGS}

	# Read the config settings
	if ! wireless_network_read_config "${handle}"; then
		return ${EXIT_ERROR}
	fi

	log DEBUG "Set '${key}' to new value '${value}' in wireless network '${SSID}'"

	# Set the key to a new value
	assign "${key}" "${value}"

	if ! wireless_network_write_config "${handle}"; then
		return ${EXIT_ERROR}
	fi

	return ${EXIT_OK}
}

# Reads one or more keys out of a settings file or all if no key is provided.
wireless_network_read_config() {
	assert [ $# -ge 1 ]

	local handle="${1}"
	shift

	local args
	if [ $# -eq 0 ] && [ -n "${WIRELESS_NETWORK_CONFIG_SETTINGS}" ]; then
		list_append args ${WIRELESS_NETWORK_CONFIG_SETTINGS}
	else
		list_append args "$@"
	fi

	local path="${NETWORK_WIRELESS_NETWORKS_DIR}/${handle}/settings"

	if ! settings_read "${path}" ${args}; then
		log ERROR "Could not read settings for wireless network ${handle}"
		return ${EXIT_ERROR}
	fi
}

# This function checks if a wireless network exists
# Returns True when yes and false when not
wireless_network_exists() {
	local ssid="${1}"

	local handle="$(wireless_network_hash "${ssid}")"
	assert isset handle

	# We cannot use wireless_network_read_config here beacuse we would end in a loop
	local SSID
	if ! settings_read "${NETWORK_WIRELESS_NETWORKS_DIR}/${handle}/settings" SSID; then
		return ${EXIT_FALSE}
	fi

	if [ "${SSID}" = "${ssid}" ]; then
		return ${EXIT_TRUE}
	else
		return ${EXIT_FALSE}
	fi
}

wireless_network_hash() {
	assert [ $# -eq 1 ]

	local string="${1}"

	local hash=$(echo -n "${string}" | md5sum )
	hash=${hash%%  -}

	local path="${NETWORK_WIRELESS_NETWORKS_DIR}/*${hash}"

	if [ -d "${path}" ]; then
		basename "${path}"
	else
		local normalized=$(normalize "${string}")
		normalized=${normalized%-}
		echo "${normalized}-${hash}"
	fi
}

wireless_network_new() {
	if [ $# -gt 1 ]; then
		error "Too many arguments"
		return ${EXIT_ERROR}
	fi

	local ssid="${1}"

	if ! isset ssid; then
		error "Please provide a SSID"
		return ${EXIT_ERROR}
	fi

	# Check for duplicates
	if wireless_network_exists "${ssid}"; then
		error "The wireless network ${ssid} already exists"
		return ${EXIT_ERROR}
	fi

	local handle="$(wireless_network_hash "${ssid}")"
	assert isset handle

	log DEBUG "Creating wireless network '${ssid}'"

	if ! mkdir -p "${NETWORK_WIRELESS_NETWORKS_DIR}/${handle}"; then
		log ERROR "Could not create config directory for wireless network ${ssid}"
		return ${EXIT_ERROR}
	fi

	local ${WIRELESS_NETWORK_CONFIG_SETTINGS}
	MODES="${WIRELESS_NETWORK_SUPPORTED_MODES}"
	SSID="${ssid}"
	PRIORITY=0

	if ! wireless_network_write_config "${handle}"; then
		log ERROR "Could not write new config file"
		return ${EXIT_ERROR}
	fi
}

# Deletes a wireless network
wireless_network_destroy() {
	local ssid="${1}"

	if ! wireless_network_exists "${ssid}"; then
		error "No such wireless network: ${ssid}"
		return ${EXIT_ERROR}
	fi

	local handle="$(wireless_network_hash "${ssid}")"
	assert isset handle

	if ! rm -rf "${NETWORK_WIRELESS_NETWORKS_DIR}/${handle}"; then
		error "Could not delete the wireless network"
		return ${EXIT_ERROR}
	fi

	log INFO "Successfully destroyed wireless network ${ssid}"
	return ${EXIT_OK}
}

wireless_networks_mode_is_valid() {
	assert [ $# -eq 1 ]
	local mode=${1}

	if isoneof mode ${WIRELESS_NETWORK_SUPPORTED_MODES}; then
		return ${EXIT_TRUE}
	else
		return ${EXIT_FALSE}
	fi

}

# WIRELESS_NETWORK_SUPPORTED_MODES
wireless_network_modes() {
	if [ ! $# -ge 2 ]; then
		log ERROR "Not enough arguments"
		return ${EXIT_ERROR}
	fi
	local handle="${1}"
	shift

	if [ $# -eq 0 ]; then
		log ERROR "You must pass at least one value after mode"
		return ${EXIT_ERROR}
	fi

	local ${WIRELESS_NETWORK_CONFIG_SETTINGS}
	if ! wireless_network_read_config "${handle}"; then
		error "Could not read configuration"
		return ${EXIT_ERROR}
	fi

	# Remove duplicated entries to proceed the list safely
	MODES="$(list_unique ${MODES})"

	local modes_added
	local modes_removed
	local modes_set

	while [ $# -gt 0 ]; do
		local arg="${1}"

		case "${arg}" in
			+*)
				list_append modes_added "${arg:1}"
				;;
			-*)
				list_append modes_removed "${arg:1}"
				;;
			[A-Z0-9]*)
				list_append modes_set "${arg}"
				;;
			*)
				error "Invalid argument: ${arg}"
				return ${EXIT_ERROR}
				;;
		esac
		shift
	done

	# Check if the user is trying a mixed operation
	if ! list_is_empty modes_set && (! list_is_empty modes_added || ! list_is_empty modes_removed); then
		error "You cannot reset the modes list and add or remove modes at the same time"
		return ${EXIT_ERROR}
	fi

	# Set new modes list
	if ! list_is_empty modes_set; then
		# Check if all modes are valid
		local mode
		for mode in ${modes_set}; do
			if ! wireless_networks_mode_is_valid ${mode}; then
				error "Unsupported mode: ${mode}"
				return ${EXIT_ERROR}
			fi
		done

		MODES="${modes_set}"

	# Perform incremental updates
	else
		local modes

		# Perform all removals
		for mode in ${modes_removed}; do
			if ! list_remove MODES ${mode}; then
				warning "${mode} was not on the list and could not be removed"
			fi
		done

		for mode in ${modes_added}; do
			if wireless_networks_mode_is_valid ${mode}; then
				if ! list_append_unique MODES ${mode}; then
					warning "${mode} is already on the modes list"
				fi
			else
				warning "${mode} is unknown or unsupported and could not be added"
			fi
		done
	fi

	# Check if the list contain at least one valid mode
	if list_is_empty MODES; then
		error "Cannot save an empty mode list"
		return ${EXIT_ERROR}
	fi

	if ! wireless_network_write_config "${handle}"; then
		log ERROR "Could not write configuration settings"
		return ${EXIT_ERROR}
	fi
}

wireless_network_pre_shared_key() {
	if [ ! $# -eq 2 ]; then
		log ERROR "Not enough arguments"
		return ${EXIT_ERROR}
	fi

	local handle="${1}"
	local psk="${2}"

	local ${WIRELESS_NETWORK_CONFIG_SETTINGS}
	if ! wireless_network_read_config "${handle}"; then
		error "Could not read configuration"
		return ${EXIT_ERROR}
	fi

	# Validate the key if encryption mode is known
	if isset ENCRYPTION_MODE && [ "${ENCRYPTION_MODE}" != "NONE" ]; then
		if ! wireless_pre_share_key_is_valid "${ENCRYPTION_MODE}" "${psk}"; then
			error "The pre-shared-key is invalid for this wireless network: ${psk}"
			return ${EXIT_ERROR}
		fi
	fi

	if ! wireless_network_write_config_key "${handle}" "PSK" "${psk}"; then
		log ERROR "Could not write configuration settings"
		return ${EXIT_ERROR}
	fi
}

wireless_networks_priority_is_valid() {
	assert [ $# -eq 1 ]

	local priority=${1}

	if ! isinteger priority || [ ! ${priority} -ge 0 ] || [ ! ${priority} -le 999 ]; then
		return ${EXIT_FALSE}
	fi

	return ${EXIT_TRUE}
}

wireless_network_priority() {
	if [ ! $# -eq 2 ]; then
		log ERROR "Not enough arguments"
		return ${EXIT_ERROR}
	fi

	local handle="${1}"
	local priority=${2}

	if ! wireless_networks_priority_is_valid ${priority}; then
		error "The priority must be an integer greater or eqal zero and and less then 1000"
		return ${EXIT_ERROR}
	fi

	if ! wireless_network_write_config_key "${handle}" "PRIORITY" "${priority}"; then
		log ERROR "Could not write configuration settings"
		return ${EXIT_ERROR}
	fi
}

wireless_networks_write_wpa_supplicant_configuration() {
	local device="${1}"

	local file="${WPA_SUPPLICANT_CONF_DIR}/${device}.conf"

	# Ensure we can write the file
	make_parent_directory "${file}"

	(
		# Write a config header
		wpa_supplicant_config_header

		wireless_networks_to_wpa_supplicant
	) > ${file}
}

wireless_networks_to_wpa_supplicant() {
	local handle
	for handle in $(wireless_network_list); do
		wireless_network_to_wpa_supplicant "${handle}"
	done
}

wireless_network_to_wpa_supplicant() {
	local handle="${1}"

	local ${WIRELESS_NETWORK_CONFIG_SETTINGS}
	if ! wireless_network_read_config "${handle}"; then
		error "Could not read configuration for ${handle}"
		return ${EXIT_ERROR}
	fi

	local auth_alg
	local group
	local key_mgmt
	local pairwise
	local proto

	local mode
	for mode in ${WIRELESS_NETWORK_SUPPORTED_MODES}; do
		# Skip any disabled modes
		if isset MODES && ! list_match "${mode}" ${MODES}; then
			continue
		fi

		case "${mode}" in
			# WPA2 (802.11i)
			WPA2-PSK|WPA2-PSK-SHA256)
				list_append_unique auth_alg	"OPEN"
				list_append_unique key_mgmt	"${mode/WPA2/WPA}"
				list_append_unique proto	"RSN"

				local p
				for p in CCMP TKIP; do
					list_append_unique pairwise "${p}"
				done

				local g
				for g in CCMP TKIP WEP104 WEP40; do
					list_append_unique group "${g}"
				done
				;;

			# WPA
			WPA-PSK|WPA-PSK-SHA256)
				list_append_unique auth_alg	"OPEN"
				list_append_unique key_mgmt	"${mode}"
				list_append_unique proto	"WPA"

				local p
				for p in CCMP TKIP; do
					list_append_unique pairwise "${p}"
				done

				local g
				for g in CCMP TKIP WEP104 WEP40; do
					list_append_unique group "${g}"
				done
				;;

			# 802.1X
			802.1X)
				list_append_unique key_mgmt	"IEEE8021X"
				;;

			# No encryption. DANGEROUS!
			NONE)
				list_append_unique auth_alg "OPEN"
				list_append_unique key_mgmt "NONE"
				;;
		esac
	done

	assert isset auth_alg
	assert isset key_mgmt

	# Certificate Paths
	local ca_cert_path="${NETWORK_WIRELESS_NETWORKS_DIR}/${handle}/ca.pem"
	local client_cert_path="${NETWORK_WIRELESS_NETWORKS_DIR}/${handle}/client.pem"
	local client_key_path="${NETWORK_WIRELESS_NETWORKS_DIR}/${handle}/client.key"

	print_indent 0 "# ${SSID}"
	print_indent 0 "network={"
	print_indent 1 "ssid=\"${SSID}\""

	# Actively scan for hidden networks
	if enabled HIDDEN; then
		print_indent 1 "scan_ssid=1"
	fi

	# Priority
	if isinteger PRIORITY; then
		print_indent 1 "priority=${PRIORITY}"
	fi
	print

	# Authentication
	print_indent 1 "# Authentication"
	print_indent 1 "auth_alg=${auth_alg}"
	print_indent 1 "key_mgmt=${key_mgmt}"

	local i
	for i in proto pairwise group; do
		print_indent 1 "${i}=${!i}"
	done
	print

	# PSK
	if isset PSK; then
		print_indent 1 "# Pre Shared Key"
		print_indent 1 "psk=\"${PSK}\""
	fi

	if isset EAP_MODES; then
		print_indent 1 "# EAP"
		print_indent 1 "eap=${EAP_MODES}"
		print
	fi

	if isset IDENTITY; then
		print_indent 1 "# Credentials"
		print_indent 1 "identity=\"${IDENTITY}\""

		if isset PASSWORD; then
			print_indent 1 "password=\"${PASSWORD}\""
		fi

		if isset ANONYMOUS_IDENTITY; then
			print_indent 1 "anonymous_identity=\"${ANONYMOUS_IDENTITY}\""
		fi
		print
	fi

	# Client Certificate
	if file_exists "${client_cert_path}" && file_exists "${client_key_path}"; then
		print_indent 1 "# Client Certificate"
		print_indent 1 "client_cert=\"${client_cert_path}\""
		print_indent 1 "private_key=\"${client_key_path}\""
		print
	fi

	# Validate server certificates
	if file_exists "${ca_cert_path}"; then
		print_indent 1 "ca_cert=\"${ca_cert_path}\""

	elif isset CA_BUNDLE; then
		print_indent 1 "ca_cert=\"${CA_BUNDLE}\""
	fi

	print_indent 0 "}"
	print
}
Commit	Line	Data
49958b8c MT	1	#!/bin/bash
	2	###############################################################################
	3	# #
	4	# IPFire.org - A linux based firewall #
	5	# Copyright (C) 2017 IPFire Network Development Team #
	6	# #
	7	# This program is free software: you can redistribute it and/or modify #
	8	# it under the terms of the GNU General Public License as published by #
	9	# the Free Software Foundation, either version 3 of the License, or #
	10	# (at your option) any later version. #
	11	# #
	12	# This program is distributed in the hope that it will be useful, #
	13	# but WITHOUT ANY WARRANTY; without even the implied warranty of #
	14	# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
	15	# GNU General Public License for more details. #
	16	# #
	17	# You should have received a copy of the GNU General Public License #
	18	# along with this program. If not, see <http://www.gnu.org/licenses/>. #
	19	# #
	20	###############################################################################
	21
790ab927 MT	22	WIRELESS_NETWORK_SUPPORTED_PSK_MODES="WPA2-PSK-SHA256 WPA2-PSK WPA-PSK-SHA256 WPA-PSK"
790ab927 MT	23
8225ab51 MT	24	WIRELESS_NETWORK_SUPPORTED_MODES="${WIRELESS_NETWORK_SUPPORTED_PSK_MODES} \
8225ab51 MT	25	802.1X WPA-EAP NONE"
790ab927	26
71afcc9d MT	27	WIRELESS_NETWORK_CONFIG_SETTINGS="ANONYMOUS_IDENTITY EAP_MODES HIDDEN \
71afcc9d MT	28	IDENTITY MODES PASSWORD PRIORITY PSK SSID"
49958b8c	29
49958b8c	30	cli_wireless_network() {
479b2273 MT	31	case "${1}" in
	32	new)
	33	wireless_network_new "${@:2}"
	34	;;
	35	destroy)
	36	wireless_network_destroy "${@:2}"
	37	;;
	38	*)
	39	local ssid="${1}"
	40	local key="${2//-/_}"
549c5b97	41	shift 2
49958b8c	42
479b2273 MT	43	if ! wireless_network_exists "${ssid}"; then
	44	error "No such wireless network: ${ssid}"
	45	return ${EXIT_ERROR}
	46	fi
49958b8c	47
2f64ac44 MT	48	# Convert SSID into usable format
	49	local handle="$(wireless_network_hash "${ssid}")"
	50
479b2273	51	case "${key}" in
77a710b0	52	modes\|pre_shared_key\|priority)
2f64ac44	53	wireless_network_${key} "${handle}" "$@"
479b2273 MT	54	;;
479b2273 MT	55	show)
2f64ac44	56	wireless_network_show "${handle}"
479b2273 MT	57	exit $?
	58	;;
	59	*)
	60	error "Unrecognized argument: ${key}"
	61	exit ${EXIT_ERROR}
	62	;;
	63	esac
	64	;;
	65	esac
49958b8c MT	66	}
49958b8c MT	67
d86b2dee MT	68	wireless_network_list() {
	69	list_directory "${NETWORK_WIRELESS_NETWORKS_DIR}"
	70	}
	71
	72	wireless_network_list_ssids() {
	73	local handle
	74	for handle in $(wireless_network_list); do
	75	local ${WIRELESS_NETWORK_CONFIG_SETTINGS}
2f64ac44	76	if ! wireless_network_read_config "${handle}"; then
d86b2dee MT	77	continue
	78	fi
	79
	80	print "${SSID}"
	81	done
	82	}
	83
49958b8c MT	84	# This function writes all values to a via ${ssid} specificated wireless network configuration file
	85	wireless_network_write_config() {
	86	assert [ $# -ge 1 ]
	87
2f64ac44	88	local handle="${1}"
49958b8c	89
2f64ac44	90	local path="${NETWORK_WIRELESS_NETWORKS_DIR}/${handle}/settings"
49958b8c MT	91
49958b8c MT	92	if ! settings_write "${path}" ${WIRELESS_NETWORK_CONFIG_SETTINGS}; then
2f64ac44	93	log ERROR "Could not write configuration"
49958b8c MT	94	return ${EXIT_ERROR}
	95	fi
	96
	97	# When we get here the writing of the config file was successful
	98	return ${EXIT_OK}
	99	}
	100
	101	# This funtion writes the value for one key to a via ${ssid} specificated
	102	# wireless network configuration file
	103	wireless_network_write_config_key() {
	104	assert [ $# -ge 3 ]
	105
2f64ac44	106	local handle="${1}"
49958b8c MT	107	local key="${2}"
	108	shift 2
	109
	110	local value="$@"
	111
49958b8c MT	112	local ${WIRELESS_NETWORK_CONFIG_SETTINGS}
	113
	114	# Read the config settings
2f64ac44	115	if ! wireless_network_read_config "${handle}"; then
49958b8c MT	116	return ${EXIT_ERROR}
	117	fi
	118
2f64ac44 MT	119	log DEBUG "Set '${key}' to new value '${value}' in wireless network '${SSID}'"
2f64ac44 MT	120
49958b8c MT	121	# Set the key to a new value
	122	assign "${key}" "${value}"
	123
2f64ac44	124	if ! wireless_network_write_config "${handle}"; then
49958b8c MT	125	return ${EXIT_ERROR}
	126	fi
	127
	128	return ${EXIT_OK}
	129	}
	130
d86b2dee	131	# Reads one or more keys out of a settings file or all if no key is provided.
2f64ac44	132	wireless_network_read_config() {
d86b2dee MT	133	assert [ $# -ge 1 ]
	134
	135	local handle="${1}"
	136	shift
	137
49958b8c MT	138	local args
	139	if [ $# -eq 0 ] && [ -n "${WIRELESS_NETWORK_CONFIG_SETTINGS}" ]; then
	140	list_append args ${WIRELESS_NETWORK_CONFIG_SETTINGS}
	141	else
	142	list_append args "$@"
	143	fi
	144
d86b2dee	145	local path="${NETWORK_WIRELESS_NETWORKS_DIR}/${handle}/settings"
49958b8c MT	146
49958b8c MT	147	if ! settings_read "${path}" ${args}; then
d86b2dee	148	log ERROR "Could not read settings for wireless network ${handle}"
49958b8c MT	149	return ${EXIT_ERROR}
	150	fi
	151	}
	152
	153	# This function checks if a wireless network exists
	154	# Returns True when yes and false when not
	155	wireless_network_exists() {
49958b8c	156	local ssid="${1}"
49958b8c	157
2f64ac44 MT	158	local handle="$(wireless_network_hash "${ssid}")"
2f64ac44 MT	159	assert isset handle
49958b8c MT	160
	161	# We cannot use wireless_network_read_config here beacuse we would end in a loop
	162	local SSID
2f64ac44	163	if ! settings_read "${NETWORK_WIRELESS_NETWORKS_DIR}/${handle}/settings" SSID; then
49958b8c MT	164	return ${EXIT_FALSE}
	165	fi
	166
2f64ac44	167	if [ "${SSID}" = "${ssid}" ]; then
49958b8c MT	168	return ${EXIT_TRUE}
	169	else
	170	return ${EXIT_FALSE}
	171	fi
	172	}
	173
	174	wireless_network_hash() {
	175	assert [ $# -eq 1 ]
	176
	177	local string="${1}"
	178
	179	local hash=$(echo -n "${string}" \| md5sum )
	180	hash=${hash%% -}
	181
	182	local path="${NETWORK_WIRELESS_NETWORKS_DIR}/*${hash}"
	183
	184	if [ -d "${path}" ]; then
	185	basename "${path}"
	186	else
	187	local normalized=$(normalize "${string}")
	188	normalized=${normalized%-}
	189	echo "${normalized}-${hash}"
	190	fi
	191	}
	192
	193	wireless_network_new() {
	194	if [ $# -gt 1 ]; then
	195	error "Too many arguments"
	196	return ${EXIT_ERROR}
	197	fi
	198
	199	local ssid="${1}"
2f64ac44	200
49958b8c MT	201	if ! isset ssid; then
	202	error "Please provide a SSID"
	203	return ${EXIT_ERROR}
	204	fi
	205
49958b8c MT	206	# Check for duplicates
	207	if wireless_network_exists "${ssid}"; then
	208	error "The wireless network ${ssid} already exists"
	209	return ${EXIT_ERROR}
	210	fi
	211
2f64ac44 MT	212	local handle="$(wireless_network_hash "${ssid}")"
	213	assert isset handle
	214
49958b8c MT	215	log DEBUG "Creating wireless network '${ssid}'"
49958b8c MT	216
2f64ac44	217	if ! mkdir -p "${NETWORK_WIRELESS_NETWORKS_DIR}/${handle}"; then
49958b8c MT	218	log ERROR "Could not create config directory for wireless network ${ssid}"
	219	return ${EXIT_ERROR}
	220	fi
	221
49958b8c	222	local ${WIRELESS_NETWORK_CONFIG_SETTINGS}
e83e2636	223	MODES="${WIRELESS_NETWORK_SUPPORTED_MODES}"
49958b8c	224	SSID="${ssid}"
a8c26c3d	225	PRIORITY=0
49958b8c	226
2f64ac44	227	if ! wireless_network_write_config "${handle}"; then
49958b8c MT	228	log ERROR "Could not write new config file"
	229	return ${EXIT_ERROR}
	230	fi
	231	}
	232
4b08d574	233	# Deletes a wireless network
49958b8c	234	wireless_network_destroy() {
4b08d574 MT	235	local ssid="${1}"
	236
	237	if ! wireless_network_exists "${ssid}"; then
	238	error "No such wireless network: ${ssid}"
	239	return ${EXIT_ERROR}
	240	fi
	241
2f64ac44 MT	242	local handle="$(wireless_network_hash "${ssid}")"
2f64ac44 MT	243	assert isset handle
4b08d574	244
2f64ac44	245	if ! rm -rf "${NETWORK_WIRELESS_NETWORKS_DIR}/${handle}"; then
4b08d574 MT	246	error "Could not delete the wireless network"
	247	return ${EXIT_ERROR}
	248	fi
	249
	250	log INFO "Successfully destroyed wireless network ${ssid}"
	251	return ${EXIT_OK}
49958b8c MT	252	}
49958b8c MT	253
77a710b0 JS	254	wireless_networks_mode_is_valid() {
	255	assert [ $# -eq 1 ]
	256	local mode=${1}
	257
	258	if isoneof mode ${WIRELESS_NETWORK_SUPPORTED_MODES}; then
	259	return ${EXIT_TRUE}
	260	else
	261	return ${EXIT_FALSE}
	262	fi
	263
	264	}
	265
	266	# WIRELESS_NETWORK_SUPPORTED_MODES
	267	wireless_network_modes() {
	268	if [ ! $# -ge 2 ]; then
49958b8c MT	269	log ERROR "Not enough arguments"
	270	return ${EXIT_ERROR}
	271	fi
2f64ac44	272	local handle="${1}"
77a710b0	273	shift
49958b8c	274
77a710b0 JS	275	if [ $# -eq 0 ]; then
77a710b0 JS	276	log ERROR "You must pass at least one value after mode"
49958b8c MT	277	return ${EXIT_ERROR}
	278	fi
	279
549c5b97	280	local ${WIRELESS_NETWORK_CONFIG_SETTINGS}
2f64ac44 MT	281	if ! wireless_network_read_config "${handle}"; then
2f64ac44 MT	282	error "Could not read configuration"
549c5b97 MT	283	return ${EXIT_ERROR}
	284	fi
	285
77a710b0 JS	286	# Remove duplicated entries to proceed the list safely
	287	MODES="$(list_unique ${MODES})"
	288
	289	local modes_added
	290	local modes_removed
	291	local modes_set
	292
	293	while [ $# -gt 0 ]; do
	294	local arg="${1}"
	295
	296	case "${arg}" in
	297	+*)
	298	list_append modes_added "${arg:1}"
	299	;;
	300	-*)
	301	list_append modes_removed "${arg:1}"
	302	;;
	303	[A-Z0-9]*)
	304	list_append modes_set "${arg}"
	305	;;
	306	*)
	307	error "Invalid argument: ${arg}"
	308	return ${EXIT_ERROR}
	309	;;
	310	esac
	311	shift
	312	done
	313
	314	# Check if the user is trying a mixed operation
	315	if ! list_is_empty modes_set && (! list_is_empty modes_added \|\| ! list_is_empty modes_removed); then
	316	error "You cannot reset the modes list and add or remove modes at the same time"
	317	return ${EXIT_ERROR}
549c5b97 MT	318	fi
549c5b97 MT	319
77a710b0 JS	320	# Set new modes list
	321	if ! list_is_empty modes_set; then
	322	# Check if all modes are valid
	323	local mode
	324	for mode in ${modes_set}; do
	325	if ! wireless_networks_mode_is_valid ${mode}; then
	326	error "Unsupported mode: ${mode}"
	327	return ${EXIT_ERROR}
	328	fi
	329	done
	330
	331	MODES="${modes_set}"
	332
	333	# Perform incremental updates
	334	else
	335	local modes
	336
	337	# Perform all removals
	338	for mode in ${modes_removed}; do
	339	if ! list_remove MODES ${mode}; then
	340	warning "${mode} was not on the list and could not be removed"
	341	fi
	342	done
	343
	344	for mode in ${modes_added}; do
	345	if wireless_networks_mode_is_valid ${mode}; then
	346	if ! list_append_unique MODES ${mode}; then
	347	warning "${mode} is already on the modes list"
	348	fi
	349	else
	350	warning "${mode} is unknown or unsupported and could not be added"
	351	fi
	352	done
	353	fi
	354
	355	# Check if the list contain at least one valid mode
	356	if list_is_empty MODES; then
	357	error "Cannot save an empty mode list"
	358	return ${EXIT_ERROR}
	359	fi
549c5b97	360
2f64ac44	361	if ! wireless_network_write_config "${handle}"; then
49958b8c MT	362	log ERROR "Could not write configuration settings"
	363	return ${EXIT_ERROR}
	364	fi
	365	}
	366
364da6f4	367	wireless_network_pre_shared_key() {
49958b8c MT	368	if [ ! $# -eq 2 ]; then
	369	log ERROR "Not enough arguments"
	370	return ${EXIT_ERROR}
	371	fi
2f64ac44 MT	372
2f64ac44 MT	373	local handle="${1}"
364da6f4	374	local psk="${2}"
49958b8c	375
549c5b97	376	local ${WIRELESS_NETWORK_CONFIG_SETTINGS}
2f64ac44 MT	377	if ! wireless_network_read_config "${handle}"; then
2f64ac44 MT	378	error "Could not read configuration"
549c5b97 MT	379	return ${EXIT_ERROR}
	380	fi
	381
	382	# Validate the key if encryption mode is known
	383	if isset ENCRYPTION_MODE && [ "${ENCRYPTION_MODE}" != "NONE" ]; then
	384	if ! wireless_pre_share_key_is_valid "${ENCRYPTION_MODE}" "${psk}"; then
	385	error "The pre-shared-key is invalid for this wireless network: ${psk}"
	386	return ${EXIT_ERROR}
	387	fi
	388	fi
	389
2f64ac44	390	if ! wireless_network_write_config_key "${handle}" "PSK" "${psk}"; then
49958b8c MT	391	log ERROR "Could not write configuration settings"
	392	return ${EXIT_ERROR}
	393	fi
	394	}
	395
3a987fa6 JS	396	wireless_networks_priority_is_valid() {
	397	assert [ $# -eq 1 ]
	398
	399	local priority=${1}
	400
	401	if ! isinteger priority \|\| [ ! ${priority} -ge 0 ] \|\| [ ! ${priority} -le 999 ]; then
	402	return ${EXIT_FALSE}
	403	fi
	404
	405	return ${EXIT_TRUE}
	406	}
	407
49958b8c MT	408	wireless_network_priority() {
	409	if [ ! $# -eq 2 ]; then
	410	log ERROR "Not enough arguments"
	411	return ${EXIT_ERROR}
	412	fi
2f64ac44 MT	413
2f64ac44 MT	414	local handle="${1}"
49958b8c MT	415	local priority=${2}
49958b8c MT	416
3a987fa6 JS	417	if ! wireless_networks_priority_is_valid ${priority}; then
3a987fa6 JS	418	error "The priority must be an integer greater or eqal zero and and less then 1000"
49958b8c MT	419	return ${EXIT_ERROR}
	420	fi
	421
2f64ac44	422	if ! wireless_network_write_config_key "${handle}" "PRIORITY" "${priority}"; then
49958b8c MT	423	log ERROR "Could not write configuration settings"
	424	return ${EXIT_ERROR}
	425	fi
	426	}
d86b2dee	427
e66e539b MT	428	wireless_networks_write_wpa_supplicant_configuration() {
	429	local device="${1}"
	430
	431	local file="${WPA_SUPPLICANT_CONF_DIR}/${device}.conf"
	432
	433	# Ensure we can write the file
	434	make_parent_directory "${file}"
	435
e66e539b	436	(
f1b49125 MT	437	# Write a config header
f1b49125 MT	438	wpa_supplicant_config_header
e66e539b MT	439
	440	wireless_networks_to_wpa_supplicant
	441	) > ${file}
	442	}
	443
d86b2dee	444	wireless_networks_to_wpa_supplicant() {
2f64ac44 MT	445	local handle
	446	for handle in $(wireless_network_list); do
	447	wireless_network_to_wpa_supplicant "${handle}"
d86b2dee MT	448	done
	449	}
	450
	451	wireless_network_to_wpa_supplicant() {
2f64ac44	452	local handle="${1}"
d86b2dee MT	453
d86b2dee MT	454	local ${WIRELESS_NETWORK_CONFIG_SETTINGS}
2f64ac44 MT	455	if ! wireless_network_read_config "${handle}"; then
2f64ac44 MT	456	error "Could not read configuration for ${handle}"
d86b2dee MT	457	return ${EXIT_ERROR}
	458	fi
	459
	460	local auth_alg
	461	local group
	462	local key_mgmt
	463	local pairwise
	464	local proto
	465
790ab927 MT	466	local mode
	467	for mode in ${WIRELESS_NETWORK_SUPPORTED_MODES}; do
	468	# Skip any disabled modes
0afdbac2	469	if isset MODES && ! list_match "${mode}" ${MODES}; then
790ab927 MT	470	continue
790ab927 MT	471	fi
d86b2dee	472
790ab927 MT	473	case "${mode}" in
	474	# WPA2 (802.11i)
	475	WPA2-PSK\|WPA2-PSK-SHA256)
	476	list_append_unique auth_alg "OPEN"
	477	list_append_unique key_mgmt "${mode/WPA2/WPA}"
	478	list_append_unique proto "RSN"
	479
	480	local p
	481	for p in CCMP TKIP; do
	482	list_append_unique pairwise "${p}"
	483	done
	484
	485	local g
	486	for g in CCMP TKIP WEP104 WEP40; do
	487	list_append_unique group "${g}"
	488	done
	489	;;
	490
	491	# WPA
	492	WPA-PSK\|WPA-PSK-SHA256)
	493	list_append_unique auth_alg "OPEN"
	494	list_append_unique key_mgmt "${mode}"
	495	list_append_unique proto "WPA"
	496
	497	local p
	498	for p in CCMP TKIP; do
	499	list_append_unique pairwise "${p}"
	500	done
	501
	502	local g
	503	for g in CCMP TKIP WEP104 WEP40; do
	504	list_append_unique group "${g}"
	505	done
	506	;;
	507
fa25d793 MT	508	# 802.1X
	509	802.1X)
	510	list_append_unique key_mgmt "IEEE8021X"
	511	;;
	512
790ab927 MT	513	# No encryption. DANGEROUS!
	514	NONE)
	515	list_append_unique auth_alg "OPEN"
	516	list_append_unique key_mgmt "NONE"
	517	;;
	518	esac
	519	done
d86b2dee	520
790ab927 MT	521	assert isset auth_alg
790ab927 MT	522	assert isset key_mgmt
d86b2dee	523
0da7d566	524	# Certificate Paths
a7dadb04	525	local ca_cert_path="${NETWORK_WIRELESS_NETWORKS_DIR}/${handle}/ca.pem"
0da7d566 MT	526	local client_cert_path="${NETWORK_WIRELESS_NETWORKS_DIR}/${handle}/client.pem"
0da7d566 MT	527	local client_key_path="${NETWORK_WIRELESS_NETWORKS_DIR}/${handle}/client.key"
a7dadb04	528
d86b2dee	529	print_indent 0 "# ${SSID}"
d8d0eefc	530	print_indent 0 "network={"
2f64ac44	531	print_indent 1 "ssid=\"${SSID}\""
028a39d1	532
71afcc9d MT	533	# Actively scan for hidden networks
	534	if enabled HIDDEN; then
	535	print_indent 1 "scan_ssid=1"
	536	fi
	537
028a39d1 MT	538	# Priority
	539	if isinteger PRIORITY; then
	540	print_indent 1 "priority=${PRIORITY}"
	541	fi
d86b2dee MT	542	print
	543
	544	# Authentication
	545	print_indent 1 "# Authentication"
	546	print_indent 1 "auth_alg=${auth_alg}"
	547	print_indent 1 "key_mgmt=${key_mgmt}"
	548
790ab927 MT	549	local i
	550	for i in proto pairwise group; do
	551	print_indent 1 "${i}=${!i}"
	552	done
	553	print
d86b2dee	554
790ab927 MT	555	# PSK
	556	if isset PSK; then
	557	print_indent 1 "# Pre Shared Key"
	558	print_indent 1 "psk=\"${PSK}\""
	559	fi
d86b2dee	560
54948d3c MT	561	if isset EAP_MODES; then
	562	print_indent 1 "# EAP"
	563	print_indent 1 "eap=${EAP_MODES}"
	564	print
	565	fi
	566
26078fa1 MT	567	if isset IDENTITY; then
	568	print_indent 1 "# Credentials"
	569	print_indent 1 "identity=\"${IDENTITY}\""
	570
	571	if isset PASSWORD; then
	572	print_indent 1 "password=\"${PASSWORD}\""
	573	fi
	574
	575	if isset ANONYMOUS_IDENTITY; then
	576	print_indent 1 "anonymous_identity=\"${ANONYMOUS_IDENTITY}\""
	577	fi
	578	print
	579	fi
	580
0da7d566 MT	581	# Client Certificate
	582	if file_exists "${client_cert_path}" && file_exists "${client_key_path}"; then
	583	print_indent 1 "# Client Certificate"
	584	print_indent 1 "client_cert=\"${client_cert_path}\""
	585	print_indent 1 "private_key=\"${client_key_path}\""
	586	print
	587	fi
	588
4ed1b754	589	# Validate server certificates
a7dadb04 MT	590	if file_exists "${ca_cert_path}"; then
	591	print_indent 1 "ca_cert=\"${ca_cert_path}\""
	592
	593	elif isset CA_BUNDLE; then
	594	print_indent 1 "ca_cert=\"${CA_BUNDLE}\""
4ed1b754 MT	595	fi
4ed1b754 MT	596
d86b2dee MT	597	print_indent 0 "}"
	598	print
	599	}