From f6ee6bb1189ddc779cb24fb9a77c8a6c3fcb0b23 Mon Sep 17 00:00:00 2001 From: Arne Fitzenreiter Date: Sun, 3 Apr 2011 14:04:22 +0000 Subject: [PATCH] Initial support for encrypted wireless networks. Done at the developer meeting at Erkrath. --- functions.routing | 2 + functions.util | 2 + functions.wireless | 126 ++++++++++++++++++ hooks/zones/wireless | 157 +++++++++++++++++++++++ hooks/zones/wireless.configs/ipv4-static | 1 + 5 files changed, 288 insertions(+) create mode 100755 hooks/zones/wireless create mode 120000 hooks/zones/wireless.configs/ipv4-static diff --git a/functions.routing b/functions.routing index 1733edef..fc4210f7 100644 --- a/functions.routing +++ b/functions.routing @@ -50,6 +50,8 @@ function routing_default_update() { fi done + log INFO "Setting default route: ${routes}" + if [ -z "${routes}" ]; then if routing_has_default; then ip route del default diff --git a/functions.util b/functions.util index 8b207870..e63cb76e 100644 --- a/functions.util +++ b/functions.util @@ -93,6 +93,8 @@ function listlength() { function config_read() { local config_file=${1} + log DEBUG "Reading configuration: ${config_file}" + if [ -e "${config_file}" ]; then . ${config_file} config_check diff --git a/functions.wireless b/functions.wireless index 07a2ee09..114e217a 100644 --- a/functions.wireless +++ b/functions.wireless @@ -294,3 +294,129 @@ function hostapd_is_running() { return ${EXIT_ERROR} } + +function wpa_supplicant_config_write() { + local device=${1} + shift + + assert isset device + + local ssid + local encryption + local key + + while [ $# -gt 0 ]; do + case "${1}" in + --ssid=*) + ssid=${1#--ssid=} + ;; + --encryption=*) + encryption=${1#--encryption=} + ;; + --key=*) + key=${1#--key=} + ;; + esac + shift + done + + assert isset ssid + assert isset encryption + assert isset key + + cat < ${config_file} + + wpa_supplicant -i ${device} -D wext -B -c ${config_file} \ + -P ${config_dir}/pid +} + +function wpa_supplicant_stop() { + local device=${1} + + assert isset device + + local pid=$(wpa_supplicant_get_pid ${device}) + + if isset pid; then + process_kill ${pid} + else + warning_log "Could not find pid file for wpa_supplicant process running for ${device}." + fi + + rm -rf $(wpa_supplicant_config_dir ${device}) +} + +function wpa_supplicant_get_pid() { + local device=${1} + + assert isset device + + local pid_file="$(wpa_supplicant_config_dir ${device})/pid" + + [ -e "${pid_file}" ] || return ${EXIT_ERROR} + + cat ${pid_file} 2>/dev/null + return ${EXIT_OK} +} + +function wpa_supplicant_is_running() { + local device=${1} + + assert isset device + + local pid=$(wpa_supplicant_get_pid ${device}) + + if isset pid && [ -d "/proc/${pid}" ]; then + return ${EXIT_OK} + fi + + return ${EXIT_ERROR} +} + +function wpa_supplicant_get_pid() { + local zone=${1} + shift + + +} + +function wpa_supplicant_stop() { + local zone=${1} + shift + + killall wpa_supplicant +} diff --git a/hooks/zones/wireless b/hooks/zones/wireless new file mode 100755 index 00000000..a9f62386 --- /dev/null +++ b/hooks/zones/wireless @@ -0,0 +1,157 @@ +#!/bin/bash +############################################################################### +# # +# IPFire.org - A linux based firewall # +# Copyright (C) 2010 Michael Tremer & Christian Schmidt # +# # +# This program is free software: you can redistribute it and/or modify # +# it under the terms of the GNU General Public License as published by # +# the Free Software Foundation, either version 3 of the License, or # +# (at your option) any later version. # +# # +# This program is distributed in the hope that it will be useful, # +# but WITHOUT ANY WARRANTY; without even the implied warranty of # +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # +# GNU General Public License for more details. # +# # +# You should have received a copy of the GNU General Public License # +# along with this program. If not, see . # +# # +############################################################################### + +. /lib/network/header-zone + +HOOK_SETTINGS="HOOK PHY MAC MTU SSID KEY ENCRYPTION" + +# Default values +MAC=$(mac_generate) +PHY= +MTU=1500 +SSID= +KEY= +ENCRYPTION="WPA-PSK" + +function _check() { + assert isset SSID + assert ismac MAC + assert isinteger MTU + assert ismac PHY + + if [ -n "${ENCRYPTION}" ]; then + assert isset KEY + fi +} + +function _parse_cmdline() { + while [ $# -gt 0 ]; do + case "${1}" in + --phy=*) + PHY=${1#--phy=} + ;; + --ssid=*) + SSID=${1#--ssid=} + ;; + --key=*) + KEY=${1#--key=} + ;; + *) + warning "Ignoring unknown option '${1}'" + ;; + esac + shift + done + + PHY=$(phy_get ${PHY}) + PHY=$(phy_get_address ${PHY}) +} + +function _up() { + local zone=${1} + shift + + assert isset zone + + zone_config_read ${zone} + + wireless_create ${zone} ${PHY} managed ${MAC} + + [ -n "${MAC}" ] && device_set_address ${zone} ${MAC} + [ -n "${MTU}" ] && device_set_mtu ${zone} ${MTU} + + # Create WPA supplicant configuration. + wpa_supplicant_start ${zone} --ssid=${SSID} \ + --encryption=${ENCRYPTION} --key=${KEY} + + #device_set_up ${zone} + + zone_configs_up ${zone} + + event_interface_up ${zone} + + exit ${EXIT_OK} +} + +function _down() { + local zone=${1} + shift + + if ! device_is_up ${zone}; then + warning "Zone '${zone}' is not up" + exit ${EXIT_OK} + fi + + event_interface_down ${zone} + + zone_configs_down ${zone} + + wpa_supplicant_stop ${zone} + + #device_set_down ${zone} + + wireless_remove ${zone} + + exit ${EXIT_OK} +} + +function _status() { + local zone=${1} + + cli_status_headline ${zone} + + # Exit if zone is down + if ! zone_is_up ${zone}; then + echo # Empty line + exit ${EXIT_ERROR} + fi + + # XXX Add bridge stp priority here + # brctl does not give any information about that + + cli_headline " Spanning Tree Protocol information:" + printf "${DEVICE_PRINT_LINE1}" "ID:" $(stp_bridge_get_id ${zone}) + printf "${DEVICE_PRINT_LINE1}" "Priority:" $(stp_bridge_get_priority ${zone}) + + if stp_bridge_is_root ${zone}; then + echo -e " ${COLOUR_BOLD}This bridge is root.${COLOUR_NORMAL}" + else + printf "${DEVICE_PRINT_LINE1}" "Designated root:" $(stp_bridge_get_designated_root ${zone}) + printf "${DEVICE_PRINT_LINE1}" "Root path cost:" $(stp_bridge_get_root_path_cost ${zone}) + fi + echo # Empty line + + # Topology information + printf "${DEVICE_PRINT_LINE1}" "Topology changing:" $(stp_bridge_get_topology_change_detected ${zone}) + printf "${DEVICE_PRINT_LINE1}" "Topology change time:" $(beautify_time $(stp_bridge_get_topology_change_timer ${zone})) + printf "${DEVICE_PRINT_LINE1}" "Topology change count:" $(stp_bridge_get_topology_change_count ${zone}) + + cli_headline " Ports:" + zone_ports_status ${zone} + + cli_headline " Configurations:" + zone_configs_cmd status ${zone} + + echo # Empty line + exit ${EXIT_OK} +} + +run $@ diff --git a/hooks/zones/wireless.configs/ipv4-static b/hooks/zones/wireless.configs/ipv4-static new file mode 120000 index 00000000..d81c3af3 --- /dev/null +++ b/hooks/zones/wireless.configs/ipv4-static @@ -0,0 +1 @@ +../bridge.configs/ipv4-static \ No newline at end of file -- 2.47.2