[people/stevee/network.git] / src / functions / functions.wpa_supplicant

#!/bin/bash
###############################################################################
#                                                                             #
# IPFire.org - A linux based firewall                                         #
# Copyright (C) 2012  IPFire Network Development Team                         #
#                                                                             #
# This program is free software: you can redistribute it and/or modify        #
# it under the terms of the GNU General Public License as published by        #
# the Free Software Foundation, either version 3 of the License, or           #
# (at your option) any later version.                                         #
#                                                                             #
# This program is distributed in the hope that it will be useful,             #
# but WITHOUT ANY WARRANTY; without even the implied warranty of              #
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the               #
# GNU General Public License for more details.                                #
#                                                                             #
# You should have received a copy of the GNU General Public License           #
# along with this program.  If not, see <http://www.gnu.org/licenses/>.       #
#                                                                             #
###############################################################################

WPA_SUPPLICANT_SOCKET_DIR="${RUN_DIR}/wpa_supplicant/ctrl"

wpa_supplicant_config_write() {
	local device="${1}"
	shift

	assert isset device

	local file="$(wpa_supplicant_config_dir "${device}")/wpa_supplicant.conf"

	local ap_scan=1 mode key ssid
	local channel

	local arg
	for arg in "$@"; do
		case "${arg}" in
			--ap-scan=*)
				ap_scan=$(cli_get_val "${arg}")
				;;
			--channel=*)
				channel=$(cli_get_val "${arg}")
				;;
			--mode=*)
				mode=$(cli_get_val "${arg}")

				# Empty signals no encryption.
				isset mode || mode="NONE"
				;;
			--ssid=*)
				ssid=$(cli_get_val "${arg}")
				;;
			--key=*)
				key=$(cli_get_val "${arg}")
				;;
			*)
				error "Unrecognized argument: ${arg}"
				return ${EXIT_ERROR}
				;;
		esac
	done

	assert isinteger ap_scan
	assert isset mode

	local auth_alg key_mgmt proto ssid psk wep_key0 wep_tx_keyidx
	local operation_mode
	local country_code="$(wireless_get_reg_domain)"

	case "${mode}" in
		# Normal WPA.
		WPA-PSK)
			auth_alg="OPEN"
			key_mgmt="WPA-PSK"
			proto="WPA"
			pairwise="CCMP TKIP"
			group="CCMP TKIP WEP104 WEP40"
			;;

		# WPA with stronger algorithms.
		WPA-PSK-SHA256)
			auth_alg="OPEN"
			key_mgmt="WPA-PSK-SHA256"
			proto="WPA"
			pairwise="CCMP TKIP"
			group="CCMP TKIP WEP104 WEP40"
			;;

		# Normal WPA2 (802.11i).
		WPA2-PSK)
			auth_alg="OPEN"
			key_mgmt="WPA-PSK"
			proto="RSN"
			pairwise="CCMP TKIP"
			group="CCMP TKIP WEP104 WEP40"
			;;

		# WPA2 with stronger algorithms.
		WPA2-PSK-SHA256)
			auth_alg="OPEN"
			key_mgmt="WPA-PSK-SHA256"
			proto="RSN"
			pairwise="CCMP TKIP"
			group="CCMP TKIP WEP104 WEP40"
			;;

		# WEP.
		WEP)
			auth_alg="SHARED"
			wep_key0="${key}"
			wep_tx_keyidx="0"

			# Reset PSK.
			psk=""
			;;

		# IEEE 802.1X
		8021X)
			key_mgmt="IEEE8021X"
			;;

		# IEEE 802.11s without authentication
		802.11s)
			operation_mode="mesh"

			# Use SAE when we got a PSK
			if isset psk; then
				key_mgmt="SAE"
			else
				key_mgmt="NONE"
			fi
			;;

		# No encryption. DANGEROUS!
		NONE)
			auth_alg="OPEN"
			key_mgmt="NONE"
			;;
		*)
			log ERROR "Unknown mode: ${mode}"
			return ${EXIT_ERROR}
			;;
	esac

	local config_dir=$(dirname ${file})
	mkdir -p ${config_dir} 2>/dev/null

	config_header "WPA supplicant configuration file" > ${file}

	# AP scanning/selection
	print "ap_scan=${ap_scan}" >> ${file}

	# Set country code, if known.
	if isset country_code; then
		print "country=\"${country_code}\"" >> ${file}
	fi

	# Set control socket directory.
	print "ctrl_interface=${WPA_SUPPLICANT_SOCKET_DIR}" >> ${file}

	(
		print # Network section
		print "network={"

		if isset auth_alg; then
			print "	auth_alg=${auth_alg}"
		fi

		if isset key_mgmt; then
			print "	key_mgmt=${key_mgmt}"
		fi

		if isset proto; then
			print "	proto=${proto}"
		fi

		if isset ssid; then
			print "	ssid=\"${ssid}\""
		fi

		if isset key; then
			print "	psk=\"${key}\""
		fi

		# Operation Mode
		case "${operation_mode}" in
			ibss)
				print "	mode=1"
				;;
			mesh)
				print "	mode=5"
				;;
		esac

		# Frequency
		if isset channel; then
			print "	frequency=$(wireless_channel_to_frequency "${channel}")"
		fi

		if isset wep_key0; then
			print "	wep_key0=\"${wep_key0}\""
		fi

		if isset wep_tx_keyidx; then
			print "	wep_tx_keyidx=${wep_tx_keyidx}"
		fi

		print "}"
	) >> ${file}

	return ${EXIT_OK}
}

wpa_supplicant_config_destroy() {
	local device="${1}"
	assert isset device

	local file="$(wpa_supplicant_config_dir "${device}")/wpa_supplicant.conf"

	file_delete "${file}"
}

wpa_supplicant_config_dir() {
	local device=${1}
	assert isset device

	echo "${RUN_DIR}/wpa_supplicant/${device}"
}

wpa_supplicant_start() {
	local device=${1}
	assert isset device

	service_start "wpa_supplicant@${device}.service"
}

wpa_supplicant_stop() {
	local device=${1}
	assert isset device

	service_stop "wpa_supplicant@${device}.service"
}

wpa_supplicant_client() {
	local device=${1}
	assert isset device
	shift

	local cmd="$@"
	assert isset cmd

	# Run the command and return the output.
	cmd wpa_cli -p${WPA_SUPPLICANT_SOCKET_DIR} -i${device} ${cmd}
}

wpa_cli_status() {
	local device=${1}
	assert isset device

	wpa_supplicant_client ${device} status verbose
}

wpa_cli_status_get() {
	local device=${1}
	assert isset device

	local arg=${2}
	assert isset arg

	local line key
	while read -r line; do
		key=$(cli_get_key ${line})

		if [ "${key}" = "${arg}" ]; then
			cli_get_val "${line}"
			return ${EXIT_OK}
		fi
	done <<< "$(wpa_cli_status ${device})"

	return ${EXIT_ERROR}
}

wpa_cli_bss() {
	local device=${1}
	assert isset device

	local bss=${2}
	assert isset bss

	wpa_supplicant_client ${device} bss ${bss}
}

wpa_cli_bss_get() {
	local device=${1}
	assert isset device

	local bss=${2}
	assert isset bss

	local arg=${3}
	assert isset arg

	local line key
	while read -r line; do
		key=$(cli_get_key ${line})

		if [ "${key}" = "${arg}" ]; then
			cli_get_val "${line}"
			return ${EXIT_OK}
		fi
	done <<< "$(wpa_cli_bss ${device} ${bss})"

	return ${EXIT_ERROR}
}

wpa_cli_bss_get_frequency() {
	local device=${1}
	assert isset device

	local bssid=${2}
	assert isset bssid

	wpa_cli_bss_get ${device} ${bssid} freq
}

wpa_cli_bss_get_noise() {
	local device=${1}
	assert isset device

	local bssid=${2}
	assert isset bssid

	wpa_cli_bss_get ${device} ${bssid} noise
}

wpa_cli_bss_get_quality() {
	local device=${1}
	assert isset device

	local bssid=${2}
	assert isset bssid

	local quality=$(wpa_cli_bss_get ${device} ${bssid} qual)

	# Convert to percent
	print $(( ${quality} * 100 / 70 ))
}

wpa_cli_bss_get_flags() {
	local device=${1}
	assert isset device

	local bssid=${2}
	assert isset bssid

	wpa_cli_bss_get ${device} ${bssid} flags
}
Commit	Line	Data
6d4eec4c MT	1	#!/bin/bash
	2	###############################################################################
	3	# #
	4	# IPFire.org - A linux based firewall #
	5	# Copyright (C) 2012 IPFire Network Development Team #
	6	# #
	7	# This program is free software: you can redistribute it and/or modify #
	8	# it under the terms of the GNU General Public License as published by #
	9	# the Free Software Foundation, either version 3 of the License, or #
	10	# (at your option) any later version. #
	11	# #
	12	# This program is distributed in the hope that it will be useful, #
	13	# but WITHOUT ANY WARRANTY; without even the implied warranty of #
	14	# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
	15	# GNU General Public License for more details. #
	16	# #
	17	# You should have received a copy of the GNU General Public License #
	18	# along with this program. If not, see <http://www.gnu.org/licenses/>. #
	19	# #
	20	###############################################################################
	21
22a61046 MT	22	WPA_SUPPLICANT_SOCKET_DIR="${RUN_DIR}/wpa_supplicant/ctrl"
22a61046 MT	23
1c6a4e30	24	wpa_supplicant_config_write() {
02807ad2 MT	25	local device="${1}"
02807ad2 MT	26	shift
6d4eec4c	27
02807ad2	28	assert isset device
6d4eec4c	29
02807ad2	30	local file="$(wpa_supplicant_config_dir "${device}")/wpa_supplicant.conf"
22a61046	31
31670741	32	local ap_scan=1 mode key ssid
4c1a5e6d	33	local channel
22a61046 MT	34
	35	local arg
	36	for arg in "$@"; do
	37	case "${arg}" in
	38	--ap-scan=*)
2212045f	39	ap_scan=$(cli_get_val "${arg}")
22a61046	40	;;
4c1a5e6d MT	41	--channel=*)
	42	channel=$(cli_get_val "${arg}")
	43	;;
22a61046	44	--mode=*)
2212045f	45	mode=$(cli_get_val "${arg}")
22a61046 MT	46
	47	# Empty signals no encryption.
	48	isset mode \|\| mode="NONE"
6d4eec4c	49	;;
22a61046	50	--ssid=*)
2212045f	51	ssid=$(cli_get_val "${arg}")
6d4eec4c MT	52	;;
6d4eec4c MT	53	--key=*)
2212045f	54	key=$(cli_get_val "${arg}")
22a61046 MT	55	;;
	56	*)
	57	error "Unrecognized argument: ${arg}"
	58	return ${EXIT_ERROR}
6d4eec4c MT	59	;;
6d4eec4c MT	60	esac
6d4eec4c MT	61	done
6d4eec4c MT	62
22a61046 MT	63	assert isinteger ap_scan
	64	assert isset mode
	65
	66	local auth_alg key_mgmt proto ssid psk wep_key0 wep_tx_keyidx
4c1a5e6d	67	local operation_mode
31670741	68	local country_code="$(wireless_get_reg_domain)"
22a61046 MT	69
	70	case "${mode}" in
	71	# Normal WPA.
	72	WPA-PSK)
	73	auth_alg="OPEN"
	74	key_mgmt="WPA-PSK"
	75	proto="WPA"
	76	pairwise="CCMP TKIP"
	77	group="CCMP TKIP WEP104 WEP40"
	78	;;
	79
	80	# WPA with stronger algorithms.
	81	WPA-PSK-SHA256)
	82	auth_alg="OPEN"
	83	key_mgmt="WPA-PSK-SHA256"
	84	proto="WPA"
	85	pairwise="CCMP TKIP"
	86	group="CCMP TKIP WEP104 WEP40"
	87	;;
	88
	89	# Normal WPA2 (802.11i).
	90	WPA2-PSK)
	91	auth_alg="OPEN"
	92	key_mgmt="WPA-PSK"
	93	proto="RSN"
	94	pairwise="CCMP TKIP"
	95	group="CCMP TKIP WEP104 WEP40"
	96	;;
	97
	98	# WPA2 with stronger algorithms.
	99	WPA2-PSK-SHA256)
	100	auth_alg="OPEN"
	101	key_mgmt="WPA-PSK-SHA256"
	102	proto="RSN"
	103	pairwise="CCMP TKIP"
	104	group="CCMP TKIP WEP104 WEP40"
	105	;;
	106
	107	# WEP.
	108	WEP)
	109	auth_alg="SHARED"
	110	wep_key0="${key}"
	111	wep_tx_keyidx="0"
	112
	113	# Reset PSK.
	114	psk=""
	115	;;
	116
	117	# IEEE 802.1X
	118	8021X)
	119	key_mgmt="IEEE8021X"
	120	;;
	121
4c1a5e6d MT	122	# IEEE 802.11s without authentication
	123	802.11s)
	124	operation_mode="mesh"
	125
	126	# Use SAE when we got a PSK
	127	if isset psk; then
	128	key_mgmt="SAE"
	129	else
	130	key_mgmt="NONE"
	131	fi
	132	;;
	133
22a61046 MT	134	# No encryption. DANGEROUS!
	135	NONE)
	136	auth_alg="OPEN"
	137	key_mgmt="NONE"
	138	;;
	139	*)
	140	log ERROR "Unknown mode: ${mode}"
	141	return ${EXIT_ERROR}
	142	;;
	143	esac
	144
	145	local config_dir=$(dirname ${file})
	146	mkdir -p ${config_dir} 2>/dev/null
	147
	148	config_header "WPA supplicant configuration file" > ${file}
	149
	150	# AP scanning/selection
	151	print "ap_scan=${ap_scan}" >> ${file}
	152
	153	# Set country code, if known.
	154	if isset country_code; then
	155	print "country=\"${country_code}\"" >> ${file}
	156	fi
	157
	158	# Set control socket directory.
	159	print "ctrl_interface=${WPA_SUPPLICANT_SOCKET_DIR}" >> ${file}
	160
	161	(
	162	print # Network section
	163	print "network={"
	164
	165	if isset auth_alg; then
	166	print " auth_alg=${auth_alg}"
	167	fi
	168
	169	if isset key_mgmt; then
	170	print " key_mgmt=${key_mgmt}"
	171	fi
	172
	173	if isset proto; then
	174	print " proto=${proto}"
	175	fi
6d4eec4c	176
22a61046	177	if isset ssid; then
aaf34099	178	print " ssid=\"${ssid}\""
22a61046 MT	179	fi
	180
	181	if isset key; then
	182	print " psk=\"${key}\""
	183	fi
	184
4c1a5e6d MT	185	# Operation Mode
	186	case "${operation_mode}" in
	187	ibss)
	188	print " mode=1"
	189	;;
	190	mesh)
	191	print " mode=5"
	192	;;
	193	esac
	194
	195	# Frequency
	196	if isset channel; then
	197	print " frequency=$(wireless_channel_to_frequency "${channel}")"
	198	fi
	199
22a61046 MT	200	if isset wep_key0; then
	201	print " wep_key0=\"${wep_key0}\""
	202	fi
	203
	204	if isset wep_tx_keyidx; then
	205	print " wep_tx_keyidx=${wep_tx_keyidx}"
	206	fi
	207
	208	print "}"
	209	) >> ${file}
	210
	211	return ${EXIT_OK}
6d4eec4c MT	212	}
6d4eec4c MT	213
02807ad2 MT	214	wpa_supplicant_config_destroy() {
	215	local device="${1}"
	216	assert isset device
	217
	218	local file="$(wpa_supplicant_config_dir "${device}")/wpa_supplicant.conf"
	219
	220	file_delete "${file}"
	221	}
	222
1c6a4e30	223	wpa_supplicant_config_dir() {
6d4eec4c	224	local device=${1}
6d4eec4c MT	225	assert isset device
6d4eec4c MT	226
22a61046	227	echo "${RUN_DIR}/wpa_supplicant/${device}"
6d4eec4c MT	228	}
6d4eec4c MT	229
1c6a4e30	230	wpa_supplicant_start() {
6d4eec4c	231	local device=${1}
22a61046	232	assert isset device
6d4eec4c	233
22a61046 MT	234	service_start "wpa_supplicant@${device}.service"
22a61046 MT	235	}
6d4eec4c	236
1c6a4e30	237	wpa_supplicant_stop() {
22a61046 MT	238	local device=${1}
22a61046 MT	239	assert isset device
6d4eec4c	240
22a61046 MT	241	service_stop "wpa_supplicant@${device}.service"
	242	}
	243
1c6a4e30	244	wpa_supplicant_client() {
22a61046 MT	245	local device=${1}
	246	assert isset device
	247	shift
6d4eec4c	248
22a61046 MT	249	local cmd="$@"
	250	assert isset cmd
	251
	252	# Run the command and return the output.
	253	cmd wpa_cli -p${WPA_SUPPLICANT_SOCKET_DIR} -i${device} ${cmd}
6d4eec4c MT	254	}
6d4eec4c MT	255
1c6a4e30	256	wpa_cli_status() {
6d4eec4c	257	local device=${1}
22a61046 MT	258	assert isset device
	259
	260	wpa_supplicant_client ${device} status verbose
	261	}
6d4eec4c	262
1c6a4e30	263	wpa_cli_status_get() {
22a61046	264	local device=${1}
6d4eec4c MT	265	assert isset device
6d4eec4c MT	266
22a61046 MT	267	local arg=${2}
22a61046 MT	268	assert isset arg
6d4eec4c	269
22a61046 MT	270	local line key
	271	while read -r line; do
	272	key=$(cli_get_key ${line})
6d4eec4c	273
22a61046 MT	274	if [ "${key}" = "${arg}" ]; then
	275	cli_get_val "${line}"
	276	return ${EXIT_OK}
	277	fi
	278	done <<< "$(wpa_cli_status ${device})"
	279
	280	return ${EXIT_ERROR}
6d4eec4c MT	281	}
6d4eec4c MT	282
1c6a4e30	283	wpa_cli_bss() {
6d4eec4c	284	local device=${1}
22a61046 MT	285	assert isset device
	286
	287	local bss=${2}
	288	assert isset bss
6d4eec4c	289
22a61046 MT	290	wpa_supplicant_client ${device} bss ${bss}
	291	}
	292
1c6a4e30	293	wpa_cli_bss_get() {
22a61046	294	local device=${1}
6d4eec4c MT	295	assert isset device
6d4eec4c MT	296
22a61046 MT	297	local bss=${2}
22a61046 MT	298	assert isset bss
6d4eec4c	299
22a61046 MT	300	local arg=${3}
22a61046 MT	301	assert isset arg
6d4eec4c	302
22a61046 MT	303	local line key
	304	while read -r line; do
	305	key=$(cli_get_key ${line})
	306
	307	if [ "${key}" = "${arg}" ]; then
	308	cli_get_val "${line}"
	309	return ${EXIT_OK}
	310	fi
	311	done <<< "$(wpa_cli_bss ${device} ${bss})"
	312
	313	return ${EXIT_ERROR}
6d4eec4c MT	314	}
6d4eec4c MT	315
1c6a4e30	316	wpa_cli_bss_get_frequency() {
6d4eec4c	317	local device=${1}
6d4eec4c MT	318	assert isset device
6d4eec4c MT	319
22a61046 MT	320	local bssid=${2}
22a61046 MT	321	assert isset bssid
6d4eec4c	322
22a61046 MT	323	wpa_cli_bss_get ${device} ${bssid} freq
22a61046 MT	324	}
6d4eec4c	325
1c6a4e30	326	wpa_cli_bss_get_noise() {
22a61046 MT	327	local device=${1}
	328	assert isset device
	329
	330	local bssid=${2}
	331	assert isset bssid
	332
	333	wpa_cli_bss_get ${device} ${bssid} noise
6d4eec4c MT	334	}
6d4eec4c MT	335
1c6a4e30	336	wpa_cli_bss_get_quality() {
22a61046 MT	337	local device=${1}
22a61046 MT	338	assert isset device
6d4eec4c	339
22a61046 MT	340	local bssid=${2}
	341	assert isset bssid
	342
324c09bc MT	343	local quality=$(wpa_cli_bss_get ${device} ${bssid} qual)
	344
	345	# Convert to percent
	346	print $(( ${quality} * 100 / 70 ))
6d4eec4c MT	347	}
6d4eec4c MT	348
1c6a4e30	349	wpa_cli_bss_get_flags() {
22a61046 MT	350	local device=${1}
	351	assert isset device
	352
	353	local bssid=${2}
	354	assert isset bssid
6d4eec4c	355
22a61046	356	wpa_cli_bss_get ${device} ${bssid} flags
6d4eec4c	357	}