2 ###############################################################################
4 # IPFire.org - A linux based firewall #
5 # Copyright (C) 2017 IPFire Network Development Team #
7 # This program is free software: you can redistribute it and/or modify #
8 # it under the terms of the GNU General Public License as published by #
9 # the Free Software Foundation, either version 3 of the License, or #
10 # (at your option) any later version. #
12 # This program is distributed in the hope that it will be useful, #
13 # but WITHOUT ANY WARRANTY; without even the implied warranty of #
14 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
15 # GNU General Public License for more details. #
17 # You should have received a copy of the GNU General Public License #
18 # along with this program. If not, see <http://www.gnu.org/licenses/>. #
20 ###############################################################################
22 WIRELESS_NETWORK_SUPPORTED_PSK_MODES
="WPA2-PSK-SHA256 WPA2-PSK WPA-PSK-SHA256 WPA-PSK"
24 WIRELESS_NETWORK_SUPPORTED_MODES
="${WIRELESS_NETWORK_SUPPORTED_PSK_MODES} NONE"
26 WIRELESS_NETWORK_CONFIG_SETTINGS
="EAP_MODES ENCRYPTION_MODES PRIORITY PSK SSID"
28 cli_wireless_network
() {
31 wireless_network_new
"${@:2}"
34 wireless_network_destroy
"${@:2}"
41 if ! wireless_network_exists
"${ssid}"; then
42 error
"No such wireless network: ${ssid}"
46 # Convert SSID into usable format
47 local handle
="$(wireless_network_hash "${ssid}")"
50 encryption_mode|pre_shared_key|priority
)
51 wireless_network_
${key} "${handle}" "$@"
54 wireless_network_show
"${handle}"
58 error
"Unrecognized argument: ${key}"
66 wireless_network_list
() {
67 list_directory
"${NETWORK_WIRELESS_NETWORKS_DIR}"
70 wireless_network_list_ssids
() {
72 for handle
in $
(wireless_network_list
); do
73 local ${WIRELESS_NETWORK_CONFIG_SETTINGS}
74 if ! wireless_network_read_config
"${handle}"; then
82 # This function writes all values to a via ${ssid} specificated wireless network configuration file
83 wireless_network_write_config
() {
88 local path
="${NETWORK_WIRELESS_NETWORKS_DIR}/${handle}/settings"
90 if ! settings_write
"${path}" ${WIRELESS_NETWORK_CONFIG_SETTINGS}; then
91 log ERROR
"Could not write configuration"
95 # When we get here the writing of the config file was successful
99 # This funtion writes the value for one key to a via ${ssid} specificated
100 # wireless network configuration file
101 wireless_network_write_config_key
() {
110 local ${WIRELESS_NETWORK_CONFIG_SETTINGS}
112 # Read the config settings
113 if ! wireless_network_read_config
"${handle}"; then
117 log DEBUG
"Set '${key}' to new value '${value}' in wireless network '${SSID}'"
119 # Set the key to a new value
120 assign
"${key}" "${value}"
122 if ! wireless_network_write_config
"${handle}"; then
129 # Reads one or more keys out of a settings file or all if no key is provided.
130 wireless_network_read_config
() {
137 if [ $# -eq 0 ] && [ -n "${WIRELESS_NETWORK_CONFIG_SETTINGS}" ]; then
138 list_append args
${WIRELESS_NETWORK_CONFIG_SETTINGS}
140 list_append args
"$@"
143 local path
="${NETWORK_WIRELESS_NETWORKS_DIR}/${handle}/settings"
145 if ! settings_read
"${path}" ${args}; then
146 log ERROR
"Could not read settings for wireless network ${handle}"
151 # This function checks if a wireless network exists
152 # Returns True when yes and false when not
153 wireless_network_exists
() {
156 local handle
="$(wireless_network_hash "${ssid}")"
159 # We cannot use wireless_network_read_config here beacuse we would end in a loop
161 if ! settings_read
"${NETWORK_WIRELESS_NETWORKS_DIR}/${handle}/settings" SSID
; then
165 if [ "${SSID}" = "${ssid}" ]; then
172 wireless_network_hash
() {
177 local hash=$
(echo -n "${string}" |
md5sum )
180 local path
="${NETWORK_WIRELESS_NETWORKS_DIR}/*${hash}"
182 if [ -d "${path}" ]; then
185 local normalized
=$
(normalize
"${string}")
186 normalized
=${normalized%-}
187 echo "${normalized}-${hash}"
191 wireless_network_new
() {
192 if [ $# -gt 1 ]; then
193 error
"Too many arguments"
199 if ! isset ssid
; then
200 error
"Please provide a SSID"
204 # Check for duplicates
205 if wireless_network_exists
"${ssid}"; then
206 error
"The wireless network ${ssid} already exists"
210 local handle
="$(wireless_network_hash "${ssid}")"
213 log DEBUG
"Creating wireless network '${ssid}'"
215 if ! mkdir
-p "${NETWORK_WIRELESS_NETWORKS_DIR}/${handle}"; then
216 log ERROR
"Could not create config directory for wireless network ${ssid}"
220 local ${WIRELESS_NETWORK_CONFIG_SETTINGS}
221 ENCRYPTION_MODE
="${WIRELESS_DEFAULT_ENCRYPTION_MODE}"
225 if ! wireless_network_write_config
"${handle}"; then
226 log ERROR
"Could not write new config file"
231 # Deletes a wireless network
232 wireless_network_destroy
() {
235 if ! wireless_network_exists
"${ssid}"; then
236 error
"No such wireless network: ${ssid}"
240 local handle
="$(wireless_network_hash "${ssid}")"
243 if ! rm -rf "${NETWORK_WIRELESS_NETWORKS_DIR}/${handle}"; then
244 error
"Could not delete the wireless network"
248 log INFO
"Successfully destroyed wireless network ${ssid}"
252 wireless_network_encryption_mode
() {
253 if [ ! $# -eq 2 ]; then
254 log ERROR
"Not enough arguments"
260 if ! isoneof mode
${WIRELESS_VALID_ENCRYPTION_MODES}; then
261 log ERROR
"Encryption mode '${mode}' is invalid"
265 local ${WIRELESS_NETWORK_CONFIG_SETTINGS}
266 if ! wireless_network_read_config
"${handle}"; then
267 error
"Could not read configuration"
271 # Validate the PSK when changing mode and reset if needed
272 if isset PSK
&& [ "${mode}" != "NONE" ] && \
273 ! wireless_pre_shared_key_is_valid
"${mode}" "${PSK}"; then
274 log WARNING
"The configured pre-shared-key is incompatible with this encryption mode and has been reset"
278 # Save new encryption mode
279 ENCRYPTION_MODE
="${mode}"
281 if ! wireless_network_write_config
"${handle}"; then
282 log ERROR
"Could not write configuration settings"
287 wireless_network_pre_shared_key
() {
288 if [ ! $# -eq 2 ]; then
289 log ERROR
"Not enough arguments"
296 local ${WIRELESS_NETWORK_CONFIG_SETTINGS}
297 if ! wireless_network_read_config
"${handle}"; then
298 error
"Could not read configuration"
302 # Validate the key if encryption mode is known
303 if isset ENCRYPTION_MODE
&& [ "${ENCRYPTION_MODE}" != "NONE" ]; then
304 if ! wireless_pre_share_key_is_valid
"${ENCRYPTION_MODE}" "${psk}"; then
305 error
"The pre-shared-key is invalid for this wireless network: ${psk}"
310 if ! wireless_network_write_config_key
"${handle}" "PSK" "${psk}"; then
311 log ERROR
"Could not write configuration settings"
316 wireless_network_priority
() {
317 if [ ! $# -eq 2 ]; then
318 log ERROR
"Not enough arguments"
325 if ! isinteger priority
&& [ ! ${priority} -ge 0 ]; then
326 log ERROR
"The priority must be an integer greater or eqal zero"
330 if ! wireless_network_write_config_key
"${handle}" "PRIORITY" "${priority}"; then
331 log ERROR
"Could not write configuration settings"
336 wireless_networks_to_wpa_supplicant
() {
338 for handle
in $
(wireless_network_list
); do
339 wireless_network_to_wpa_supplicant
"${handle}"
343 wireless_network_to_wpa_supplicant
() {
346 local ${WIRELESS_NETWORK_CONFIG_SETTINGS}
347 if ! wireless_network_read_config
"${handle}"; then
348 error
"Could not read configuration for ${handle}"
359 for mode
in ${WIRELESS_NETWORK_SUPPORTED_MODES}; do
360 # Skip any disabled modes
361 if isset ENCRYPTION_MODES
&& ! list_match
"${mode}" ${ENCRYPTION_MODES}; then
367 WPA2-PSK|WPA2-PSK-SHA256
)
368 list_append_unique auth_alg
"OPEN"
369 list_append_unique key_mgmt
"${mode/WPA2/WPA}"
370 list_append_unique proto
"RSN"
373 for p
in CCMP TKIP
; do
374 list_append_unique pairwise
"${p}"
378 for g
in CCMP TKIP WEP104 WEP40
; do
379 list_append_unique group
"${g}"
384 WPA-PSK|WPA-PSK-SHA256
)
385 list_append_unique auth_alg
"OPEN"
386 list_append_unique key_mgmt
"${mode}"
387 list_append_unique proto
"WPA"
390 for p
in CCMP TKIP
; do
391 list_append_unique pairwise
"${p}"
395 for g
in CCMP TKIP WEP104 WEP40
; do
396 list_append_unique group
"${g}"
400 # No encryption. DANGEROUS!
402 list_append_unique auth_alg
"OPEN"
403 list_append_unique key_mgmt
"NONE"
408 assert isset auth_alg
409 assert isset key_mgmt
411 print_indent
0 "# ${SSID}"
412 print_indent
0 "network = {"
413 print_indent
1 "ssid=\"${SSID}\""
417 print_indent
1 "# Authentication"
418 print_indent
1 "auth_alg=${auth_alg}"
419 print_indent
1 "key_mgmt=${key_mgmt}"
422 for i
in proto pairwise group
; do
423 print_indent
1 "${i}=${!i}"
429 print_indent
1 "# Pre Shared Key"
430 print_indent
1 "psk=\"${PSK}\""
433 if isset EAP_MODES
; then
434 print_indent
1 "# EAP"
435 print_indent
1 "eap=${EAP_MODES}"