[people/stevee/network.git] / src / functions / functions.wpa_supplicant

#!/bin/bash
###############################################################################
#                                                                             #
# IPFire.org - A linux based firewall                                         #
# Copyright (C) 2012  IPFire Network Development Team                         #
#                                                                             #
# This program is free software: you can redistribute it and/or modify        #
# it under the terms of the GNU General Public License as published by        #
# the Free Software Foundation, either version 3 of the License, or           #
# (at your option) any later version.                                         #
#                                                                             #
# This program is distributed in the hope that it will be useful,             #
# but WITHOUT ANY WARRANTY; without even the implied warranty of              #
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the               #
# GNU General Public License for more details.                                #
#                                                                             #
# You should have received a copy of the GNU General Public License           #
# along with this program.  If not, see <http://www.gnu.org/licenses/>.       #
#                                                                             #
###############################################################################

WPA_SUPPLICANT_SOCKET_DIR="${RUN_DIR}/wpa_supplicant/ctrl"

wpa_supplicant_config_write() {
	local device=${1}
	assert isset device

	local file=${2}
	assert isset file

	shift 2

	local ap_scan=1 mode key ssid
	local channel

	local arg
	for arg in "$@"; do
		case "${arg}" in
			--ap-scan=*)
				ap_scan=$(cli_get_val "${arg}")
				;;
			--channel=*)
				channel=$(cli_get_val "${arg}")
				;;
			--mode=*)
				mode=$(cli_get_val "${arg}")

				# Empty signals no encryption.
				isset mode || mode="NONE"
				;;
			--ssid=*)
				ssid=$(cli_get_val "${arg}")
				;;
			--key=*)
				key=$(cli_get_val "${arg}")
				;;
			*)
				error "Unrecognized argument: ${arg}"
				return ${EXIT_ERROR}
				;;
		esac
	done

	assert isinteger ap_scan
	assert isset mode

	local auth_alg key_mgmt proto ssid psk wep_key0 wep_tx_keyidx
	local operation_mode
	local country_code="$(wireless_get_reg_domain)"

	case "${mode}" in
		# Normal WPA.
		WPA-PSK)
			auth_alg="OPEN"
			key_mgmt="WPA-PSK"
			proto="WPA"
			pairwise="CCMP TKIP"
			group="CCMP TKIP WEP104 WEP40"
			;;

		# WPA with stronger algorithms.
		WPA-PSK-SHA256)
			auth_alg="OPEN"
			key_mgmt="WPA-PSK-SHA256"
			proto="WPA"
			pairwise="CCMP TKIP"
			group="CCMP TKIP WEP104 WEP40"
			;;

		# Normal WPA2 (802.11i).
		WPA2-PSK)
			auth_alg="OPEN"
			key_mgmt="WPA-PSK"
			proto="RSN"
			pairwise="CCMP TKIP"
			group="CCMP TKIP WEP104 WEP40"
			;;

		# WPA2 with stronger algorithms.
		WPA2-PSK-SHA256)
			auth_alg="OPEN"
			key_mgmt="WPA-PSK-SHA256"
			proto="RSN"
			pairwise="CCMP TKIP"
			group="CCMP TKIP WEP104 WEP40"
			;;

		# WEP.
		WEP)
			auth_alg="SHARED"
			wep_key0="${key}"
			wep_tx_keyidx="0"

			# Reset PSK.
			psk=""
			;;

		# IEEE 802.1X
		8021X)
			key_mgmt="IEEE8021X"
			;;

		# IEEE 802.11s without authentication
		802.11s)
			operation_mode="mesh"

			# Use SAE when we got a PSK
			if isset psk; then
				key_mgmt="SAE"
			else
				key_mgmt="NONE"
			fi
			;;

		# No encryption. DANGEROUS!
		NONE)
			auth_alg="OPEN"
			key_mgmt="NONE"
			;;
		*)
			log ERROR "Unknown mode: ${mode}"
			return ${EXIT_ERROR}
			;;
	esac

	local config_dir=$(dirname ${file})
	mkdir -p ${config_dir} 2>/dev/null

	config_header "WPA supplicant configuration file" > ${file}

	# AP scanning/selection
	print "ap_scan=${ap_scan}" >> ${file}

	# Set country code, if known.
	if isset country_code; then
		print "country=\"${country_code}\"" >> ${file}
	fi

	# Set control socket directory.
	print "ctrl_interface=${WPA_SUPPLICANT_SOCKET_DIR}" >> ${file}

	(
		print # Network section
		print "network={"

		if isset auth_alg; then
			print "	auth_alg=${auth_alg}"
		fi

		if isset key_mgmt; then
			print "	key_mgmt=${key_mgmt}"
		fi

		if isset proto; then
			print "	proto=${proto}"
		fi

		if isset ssid; then
			print "	ssid=\"${ssid}\""
		fi

		if isset key; then
			print "	psk=\"${key}\""
		fi

		# Operation Mode
		case "${operation_mode}" in
			ibss)
				print "	mode=1"
				;;
			mesh)
				print "	mode=5"
				;;
		esac

		# Frequency
		if isset channel; then
			print "	frequency=$(wireless_channel_to_frequency "${channel}")"
		fi

		if isset wep_key0; then
			print "	wep_key0=\"${wep_key0}\""
		fi

		if isset wep_tx_keyidx; then
			print "	wep_tx_keyidx=${wep_tx_keyidx}"
		fi

		print "}"
	) >> ${file}

	return ${EXIT_OK}
}

wpa_supplicant_config_dir() {
	local device=${1}
	assert isset device

	echo "${RUN_DIR}/wpa_supplicant/${device}"
}

wpa_supplicant_start() {
	local device=${1}
	assert isset device

	service_start "wpa_supplicant@${device}.service"
}

wpa_supplicant_stop() {
	local device=${1}
	assert isset device

	service_stop "wpa_supplicant@${device}.service"
}

wpa_supplicant_client() {
	local device=${1}
	assert isset device
	shift

	local cmd="$@"
	assert isset cmd

	# Run the command and return the output.
	cmd wpa_cli -p${WPA_SUPPLICANT_SOCKET_DIR} -i${device} ${cmd}
}

wpa_cli_status() {
	local device=${1}
	assert isset device

	wpa_supplicant_client ${device} status verbose
}

wpa_cli_status_get() {
	local device=${1}
	assert isset device

	local arg=${2}
	assert isset arg

	local line key
	while read -r line; do
		key=$(cli_get_key ${line})

		if [ "${key}" = "${arg}" ]; then
			cli_get_val "${line}"
			return ${EXIT_OK}
		fi
	done <<< "$(wpa_cli_status ${device})"

	return ${EXIT_ERROR}
}

wpa_cli_bss() {
	local device=${1}
	assert isset device

	local bss=${2}
	assert isset bss

	wpa_supplicant_client ${device} bss ${bss}
}

wpa_cli_bss_get() {
	local device=${1}
	assert isset device

	local bss=${2}
	assert isset bss

	local arg=${3}
	assert isset arg

	local line key
	while read -r line; do
		key=$(cli_get_key ${line})

		if [ "${key}" = "${arg}" ]; then
			cli_get_val "${line}"
			return ${EXIT_OK}
		fi
	done <<< "$(wpa_cli_bss ${device} ${bss})"

	return ${EXIT_ERROR}
}

wpa_cli_bss_get_frequency() {
	local device=${1}
	assert isset device

	local bssid=${2}
	assert isset bssid

	wpa_cli_bss_get ${device} ${bssid} freq
}

wpa_cli_bss_get_noise() {
	local device=${1}
	assert isset device

	local bssid=${2}
	assert isset bssid

	wpa_cli_bss_get ${device} ${bssid} noise
}

wpa_cli_bss_get_quality() {
	local device=${1}
	assert isset device

	local bssid=${2}
	assert isset bssid

	local quality=$(wpa_cli_bss_get ${device} ${bssid} qual)

	# Convert to percent
	print $(( ${quality} * 100 / 70 ))
}

wpa_cli_bss_get_flags() {
	local device=${1}
	assert isset device

	local bssid=${2}
	assert isset bssid

	wpa_cli_bss_get ${device} ${bssid} flags
}
Commit	Line	Data
6d4eec4c MT	1	#!/bin/bash
	2	###############################################################################
	3	# #
	4	# IPFire.org - A linux based firewall #
	5	# Copyright (C) 2012 IPFire Network Development Team #
	6	# #
	7	# This program is free software: you can redistribute it and/or modify #
	8	# it under the terms of the GNU General Public License as published by #
	9	# the Free Software Foundation, either version 3 of the License, or #
	10	# (at your option) any later version. #
	11	# #
	12	# This program is distributed in the hope that it will be useful, #
	13	# but WITHOUT ANY WARRANTY; without even the implied warranty of #
	14	# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
	15	# GNU General Public License for more details. #
	16	# #
	17	# You should have received a copy of the GNU General Public License #
	18	# along with this program. If not, see <http://www.gnu.org/licenses/>. #
	19	# #
	20	###############################################################################
	21
22a61046 MT	22	WPA_SUPPLICANT_SOCKET_DIR="${RUN_DIR}/wpa_supplicant/ctrl"
22a61046 MT	23
1c6a4e30	24	wpa_supplicant_config_write() {
6d4eec4c	25	local device=${1}
6d4eec4c MT	26	assert isset device
6d4eec4c MT	27
22a61046 MT	28	local file=${2}
22a61046 MT	29	assert isset file
6d4eec4c	30
22a61046 MT	31	shift 2
22a61046 MT	32
31670741	33	local ap_scan=1 mode key ssid
4c1a5e6d	34	local channel
22a61046 MT	35
	36	local arg
	37	for arg in "$@"; do
	38	case "${arg}" in
	39	--ap-scan=*)
2212045f	40	ap_scan=$(cli_get_val "${arg}")
22a61046	41	;;
4c1a5e6d MT	42	--channel=*)
	43	channel=$(cli_get_val "${arg}")
	44	;;
22a61046	45	--mode=*)
2212045f	46	mode=$(cli_get_val "${arg}")
22a61046 MT	47
	48	# Empty signals no encryption.
	49	isset mode \|\| mode="NONE"
6d4eec4c	50	;;
22a61046	51	--ssid=*)
2212045f	52	ssid=$(cli_get_val "${arg}")
6d4eec4c MT	53	;;
6d4eec4c MT	54	--key=*)
2212045f	55	key=$(cli_get_val "${arg}")
22a61046 MT	56	;;
	57	*)
	58	error "Unrecognized argument: ${arg}"
	59	return ${EXIT_ERROR}
6d4eec4c MT	60	;;
6d4eec4c MT	61	esac
6d4eec4c MT	62	done
6d4eec4c MT	63
22a61046 MT	64	assert isinteger ap_scan
	65	assert isset mode
	66
	67	local auth_alg key_mgmt proto ssid psk wep_key0 wep_tx_keyidx
4c1a5e6d	68	local operation_mode
31670741	69	local country_code="$(wireless_get_reg_domain)"
22a61046 MT	70
	71	case "${mode}" in
	72	# Normal WPA.
	73	WPA-PSK)
	74	auth_alg="OPEN"
	75	key_mgmt="WPA-PSK"
	76	proto="WPA"
	77	pairwise="CCMP TKIP"
	78	group="CCMP TKIP WEP104 WEP40"
	79	;;
	80
	81	# WPA with stronger algorithms.
	82	WPA-PSK-SHA256)
	83	auth_alg="OPEN"
	84	key_mgmt="WPA-PSK-SHA256"
	85	proto="WPA"
	86	pairwise="CCMP TKIP"
	87	group="CCMP TKIP WEP104 WEP40"
	88	;;
	89
	90	# Normal WPA2 (802.11i).
	91	WPA2-PSK)
	92	auth_alg="OPEN"
	93	key_mgmt="WPA-PSK"
	94	proto="RSN"
	95	pairwise="CCMP TKIP"
	96	group="CCMP TKIP WEP104 WEP40"
	97	;;
	98
	99	# WPA2 with stronger algorithms.
	100	WPA2-PSK-SHA256)
	101	auth_alg="OPEN"
	102	key_mgmt="WPA-PSK-SHA256"
	103	proto="RSN"
	104	pairwise="CCMP TKIP"
	105	group="CCMP TKIP WEP104 WEP40"
	106	;;
	107
	108	# WEP.
	109	WEP)
	110	auth_alg="SHARED"
	111	wep_key0="${key}"
	112	wep_tx_keyidx="0"
	113
	114	# Reset PSK.
	115	psk=""
	116	;;
	117
	118	# IEEE 802.1X
	119	8021X)
	120	key_mgmt="IEEE8021X"
	121	;;
	122
4c1a5e6d MT	123	# IEEE 802.11s without authentication
	124	802.11s)
	125	operation_mode="mesh"
	126
	127	# Use SAE when we got a PSK
	128	if isset psk; then
	129	key_mgmt="SAE"
	130	else
	131	key_mgmt="NONE"
	132	fi
	133	;;
	134
22a61046 MT	135	# No encryption. DANGEROUS!
	136	NONE)
	137	auth_alg="OPEN"
	138	key_mgmt="NONE"
	139	;;
	140	*)
	141	log ERROR "Unknown mode: ${mode}"
	142	return ${EXIT_ERROR}
	143	;;
	144	esac
	145
	146	local config_dir=$(dirname ${file})
	147	mkdir -p ${config_dir} 2>/dev/null
	148
	149	config_header "WPA supplicant configuration file" > ${file}
	150
	151	# AP scanning/selection
	152	print "ap_scan=${ap_scan}" >> ${file}
	153
	154	# Set country code, if known.
	155	if isset country_code; then
	156	print "country=\"${country_code}\"" >> ${file}
	157	fi
	158
	159	# Set control socket directory.
	160	print "ctrl_interface=${WPA_SUPPLICANT_SOCKET_DIR}" >> ${file}
	161
	162	(
	163	print # Network section
	164	print "network={"
	165
	166	if isset auth_alg; then
	167	print " auth_alg=${auth_alg}"
	168	fi
	169
	170	if isset key_mgmt; then
	171	print " key_mgmt=${key_mgmt}"
	172	fi
	173
	174	if isset proto; then
	175	print " proto=${proto}"
	176	fi
6d4eec4c	177
22a61046	178	if isset ssid; then
aaf34099	179	print " ssid=\"${ssid}\""
22a61046 MT	180	fi
	181
	182	if isset key; then
	183	print " psk=\"${key}\""
	184	fi
	185
4c1a5e6d MT	186	# Operation Mode
	187	case "${operation_mode}" in
	188	ibss)
	189	print " mode=1"
	190	;;
	191	mesh)
	192	print " mode=5"
	193	;;
	194	esac
	195
	196	# Frequency
	197	if isset channel; then
	198	print " frequency=$(wireless_channel_to_frequency "${channel}")"
	199	fi
	200
22a61046 MT	201	if isset wep_key0; then
	202	print " wep_key0=\"${wep_key0}\""
	203	fi
	204
	205	if isset wep_tx_keyidx; then
	206	print " wep_tx_keyidx=${wep_tx_keyidx}"
	207	fi
	208
	209	print "}"
	210	) >> ${file}
	211
	212	return ${EXIT_OK}
6d4eec4c MT	213	}
6d4eec4c MT	214
1c6a4e30	215	wpa_supplicant_config_dir() {
6d4eec4c	216	local device=${1}
6d4eec4c MT	217	assert isset device
6d4eec4c MT	218
22a61046	219	echo "${RUN_DIR}/wpa_supplicant/${device}"
6d4eec4c MT	220	}
6d4eec4c MT	221
1c6a4e30	222	wpa_supplicant_start() {
6d4eec4c	223	local device=${1}
22a61046	224	assert isset device
6d4eec4c	225
22a61046 MT	226	service_start "wpa_supplicant@${device}.service"
22a61046 MT	227	}
6d4eec4c	228
1c6a4e30	229	wpa_supplicant_stop() {
22a61046 MT	230	local device=${1}
22a61046 MT	231	assert isset device
6d4eec4c	232
22a61046 MT	233	service_stop "wpa_supplicant@${device}.service"
	234	}
	235
1c6a4e30	236	wpa_supplicant_client() {
22a61046 MT	237	local device=${1}
	238	assert isset device
	239	shift
6d4eec4c	240
22a61046 MT	241	local cmd="$@"
	242	assert isset cmd
	243
	244	# Run the command and return the output.
	245	cmd wpa_cli -p${WPA_SUPPLICANT_SOCKET_DIR} -i${device} ${cmd}
6d4eec4c MT	246	}
6d4eec4c MT	247
1c6a4e30	248	wpa_cli_status() {
6d4eec4c	249	local device=${1}
22a61046 MT	250	assert isset device
	251
	252	wpa_supplicant_client ${device} status verbose
	253	}
6d4eec4c	254
1c6a4e30	255	wpa_cli_status_get() {
22a61046	256	local device=${1}
6d4eec4c MT	257	assert isset device
6d4eec4c MT	258
22a61046 MT	259	local arg=${2}
22a61046 MT	260	assert isset arg
6d4eec4c	261
22a61046 MT	262	local line key
	263	while read -r line; do
	264	key=$(cli_get_key ${line})
6d4eec4c	265
22a61046 MT	266	if [ "${key}" = "${arg}" ]; then
	267	cli_get_val "${line}"
	268	return ${EXIT_OK}
	269	fi
	270	done <<< "$(wpa_cli_status ${device})"
	271
	272	return ${EXIT_ERROR}
6d4eec4c MT	273	}
6d4eec4c MT	274
1c6a4e30	275	wpa_cli_bss() {
6d4eec4c	276	local device=${1}
22a61046 MT	277	assert isset device
	278
	279	local bss=${2}
	280	assert isset bss
6d4eec4c	281
22a61046 MT	282	wpa_supplicant_client ${device} bss ${bss}
	283	}
	284
1c6a4e30	285	wpa_cli_bss_get() {
22a61046	286	local device=${1}
6d4eec4c MT	287	assert isset device
6d4eec4c MT	288
22a61046 MT	289	local bss=${2}
22a61046 MT	290	assert isset bss
6d4eec4c	291
22a61046 MT	292	local arg=${3}
22a61046 MT	293	assert isset arg
6d4eec4c	294
22a61046 MT	295	local line key
	296	while read -r line; do
	297	key=$(cli_get_key ${line})
	298
	299	if [ "${key}" = "${arg}" ]; then
	300	cli_get_val "${line}"
	301	return ${EXIT_OK}
	302	fi
	303	done <<< "$(wpa_cli_bss ${device} ${bss})"
	304
	305	return ${EXIT_ERROR}
6d4eec4c MT	306	}
6d4eec4c MT	307
1c6a4e30	308	wpa_cli_bss_get_frequency() {
6d4eec4c	309	local device=${1}
6d4eec4c MT	310	assert isset device
6d4eec4c MT	311
22a61046 MT	312	local bssid=${2}
22a61046 MT	313	assert isset bssid
6d4eec4c	314
22a61046 MT	315	wpa_cli_bss_get ${device} ${bssid} freq
22a61046 MT	316	}
6d4eec4c	317
1c6a4e30	318	wpa_cli_bss_get_noise() {
22a61046 MT	319	local device=${1}
	320	assert isset device
	321
	322	local bssid=${2}
	323	assert isset bssid
	324
	325	wpa_cli_bss_get ${device} ${bssid} noise
6d4eec4c MT	326	}
6d4eec4c MT	327
1c6a4e30	328	wpa_cli_bss_get_quality() {
22a61046 MT	329	local device=${1}
22a61046 MT	330	assert isset device
6d4eec4c	331
22a61046 MT	332	local bssid=${2}
	333	assert isset bssid
	334
324c09bc MT	335	local quality=$(wpa_cli_bss_get ${device} ${bssid} qual)
	336
	337	# Convert to percent
	338	print $(( ${quality} * 100 / 70 ))
6d4eec4c MT	339	}
6d4eec4c MT	340
1c6a4e30	341	wpa_cli_bss_get_flags() {
22a61046 MT	342	local device=${1}
	343	assert isset device
	344
	345	local bssid=${2}
	346	assert isset bssid
6d4eec4c	347
22a61046	348	wpa_cli_bss_get ${device} ${bssid} flags
6d4eec4c	349	}