~ubuntu-branches/ubuntu/lucid/wpasupplicant/lucid-updates

« back to all changes in this revision

Viewing changes to debian/functions.sh

  • Committer: Bazaar Package Importer
  • Author(s): Kel Modderman
  • Date: 2006-10-05 08:04:01 UTC
  • mfrom: (1.1.5 upstream) (3 etch)
  • mto: This revision was merged to the branch mainline in revision 4.
  • Revision ID: james.westby@ubuntu.com-20061005080401-r8lqlix4390yos7b
Tags: 0.5.5-2
* Update madwifi headers to latest SVN. (Closes: #388316)
* Remove failed attempt at action locking. [debian/functions.sh,
  debian/wpa_action.sh]
* Add hysteresis checking functions, to avoid "event loops" while
  using wpa-roam. [debian/functions.sh, debian/wpa_action.sh]
* Change of co-maintainer email address.
* Add ishex() function to functions.sh to determine wpa-psk value type in
  plaintext or hex. This effectively eliminates the need for the bogus and
  somewhat confusing wpa-passphrase contruct specific to our scripts and
  allows wpa-psk to work with either a 8 to 63 character long plaintext
  string or 64 character long hex string.
* Adjust README.modes to not refer to the redundant wpa-passphrase stuff.
* Add big fat NOTE about acceptable wpa-psk's to top of example gallery.
* Strip surrounding quotes from wpa-ssid if present, instead of just whining
  about them.
* Update email address in copyright blurb of functions.sh, ifupdown.sh and
  wpa_action.sh.  

Show diffs side-by-side

added added

removed removed

Lines of Context:
 
1
#!/bin/sh
 
2
 
 
3
# Copyright (C) 2006 Kel Modderman <kelmo@kanotixguide>
 
4
#
 
5
# This program is free software; you can redistribute it and/or
 
6
# modify it under the terms of the GNU General Public License
 
7
# as published by the Free Software Foundation; either version 2
 
8
# of the License, or (at your option) any later version.
 
9
#
 
10
# This program is distributed in the hope that it will be useful,
 
11
# but WITHOUT ANY WARRANTY; without even the implied warranty of
 
12
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 
13
# GNU General Public License for more details.
 
14
#
 
15
# On Debian GNU/Linux systems, the text of the GPL license can be
 
16
# found in /usr/share/common-licenses/GPL.
 
17
 
 
18
#####################################################################
 
19
## global variables
 
20
# wpa_supplicant variables
 
21
WPA_SUP_BIN="/sbin/wpa_supplicant"
 
22
WPA_SUP_PNAME="wpa_supplicant"
 
23
WPA_SUP_PIDFILE="/var/run/wpa_supplicant.$IFACE.pid"
 
24
 
 
25
# wpa_cli variables
 
26
WPA_CLI_BIN="/sbin/wpa_cli"
 
27
WPA_CLI_PNAME="wpa_cli"
 
28
WPA_CLI_PIDFILE="/var/run/wpa_action.$IFACE.pid"
 
29
WPA_CLI_LOGFILE="/var/log/wpa_action.log"
 
30
WPA_CLI_TIMESTAMP="/var/run/wpa_action.$IFACE.timestamp"
 
31
 
 
32
# default ctrl_interface socket directory
 
33
if [ -z "$WPA_CTRL_DIR" ]; then
 
34
        WPA_CTRL_DIR="/var/run/wpa_supplicant"
 
35
fi
 
36
 
 
37
# verbosity variables
 
38
if [ -n "$IF_WPA_VERBOSITY" ] || [ "$VERBOSITY" = "1" ]; then
 
39
        TO_NULL="/dev/stdout"
 
40
        DAEMON_VERBOSITY="--verbose"
 
41
else
 
42
        TO_NULL="/dev/null"
 
43
        DAEMON_VERBOSITY="--quiet"
 
44
fi
 
45
 
 
46
#####################################################################
 
47
## wpa_cli wrapper
 
48
# Path to common ctrl_interface socket and iface supplied.
 
49
# NB: WPA_CTRL_DIR cannot be used for interactive commands.
 
50
#
 
51
wpa_cli () {
 
52
        $WPA_CLI_BIN -p $WPA_CTRL_DIR -i $IFACE "$@"
 
53
}
 
54
 
 
55
#####################################################################
 
56
## verbose and stderr message wrapper
 
57
# Ensures a standard and easily identifiable message is printed by
 
58
# scripts using this function library.
 
59
#
 
60
# verbose       To stdout when IF_WPA_VERBOSITY or VERBOSITY is true
 
61
#
 
62
# action        Same as verbose but without newline
 
63
#               Useful for allowing wpa_cli commands to echo result
 
64
#               value of 'OK' or 'FAILED'
 
65
#
 
66
# stderr        Echo warning or error messages to stderr
 
67
#
 
68
# NB: when called by wpa_action, there is no redirection (verbose)
 
69
#
 
70
wpa_msg () {
 
71
        
 
72
        if [ -n "$WPA_ACTION" ]; then
 
73
                shift
 
74
                echo "wpa_action: $@"
 
75
                return
 
76
        fi
 
77
        
 
78
        case "$1" in 
 
79
                "verbose")
 
80
                        shift
 
81
                        echo "$WPA_SUP_PNAME: $@" >$TO_NULL
 
82
                        ;;
 
83
                "action")
 
84
                        shift
 
85
                        echo -n "$WPA_SUP_PNAME: $@ -- " >$TO_NULL
 
86
                        ;;
 
87
                "stderr")
 
88
                        shift
 
89
                        echo "$WPA_SUP_PNAME: $@" >/dev/stderr
 
90
                        ;;
 
91
                *)
 
92
                        ;;
 
93
        esac
 
94
}
 
95
 
 
96
#####################################################################
 
97
## validate daemon pid files
 
98
# Test daemon process ID files via start-stop-daemon with a signal 0
 
99
# given the exec binary and pdfile location.
 
100
#
 
101
# Returns true when pidfile exists, the process ID exists _and_ was
 
102
# created by the exec binary.
 
103
#
 
104
# If the test fails, but the pidfile exists, it is stale
 
105
#
 
106
test_daemon_pidfile () {
 
107
        local DAEMON PIDFILE
 
108
        
 
109
        if [ -n "$1" ]; then
 
110
                DAEMON="$1"
 
111
        fi
 
112
        
 
113
        if [ -f "$2" ]; then
 
114
                PIDFILE="$2"
 
115
        fi
 
116
        
 
117
        if [ -n "$DAEMON" -a -f "$PIDFILE" ]; then
 
118
                if start-stop-daemon --stop --quiet --signal 0 \
 
119
                        --exec "$DAEMON" --pidfile "$PIDFILE"; then
 
120
                        return 0
 
121
                else
 
122
                        rm -f "$PIDFILE"
 
123
                        return 1
 
124
                fi
 
125
        else
 
126
                return 1
 
127
        fi
 
128
}
 
129
 
 
130
# validate wpa_supplicant pidfile
 
131
test_wpa_supplicant () {
 
132
        test_daemon_pidfile "$WPA_SUP_BIN" "$WPA_SUP_PIDFILE"
 
133
}
 
134
 
 
135
# validate wpa_cli pidfile
 
136
test_wpa_cli () {
 
137
        test_daemon_pidfile "$WPA_CLI_BIN" "$WPA_CLI_PIDFILE"
 
138
}
 
139
 
 
140
#####################################################################
 
141
## daemonize wpa_supplicant
 
142
# Start wpa_supplicant via start-stop-dameon with all required
 
143
# options. Will start if environment variable WPA_SUP_CONF is present
 
144
#
 
145
# Required options:
 
146
# -B    dameonize/background process
 
147
# -D    driver backend ('wext' if none given)
 
148
# -P    process ID file
 
149
# -C    path to ctrl_interface socket directory
 
150
#
 
151
# Optional options:
 
152
# -c    configuration file
 
153
# -W    wait for wpa_cli to attach to ctrl_interface socket
 
154
# -b    bridge interface name
 
155
#
 
156
init_wpa_supplicant () {
 
157
        if [ -n "$WPA_SUP_CONF" ]; then
 
158
                # wpa-action was removed, point to wpa-roam
 
159
                if [ -n "$IF_WPA_ACTION" ]; then
 
160
                        wpa_msg stderr "wpa-action support has been removed"
 
161
                        wpa_msg stderr "refer to /usr/share/doc/wpasupplicant/README.modes.gz"
 
162
                        return 1
 
163
                fi
 
164
 
 
165
                local WPA_SUP_DRIVER WPA_SUP_OPTIONS
 
166
 
 
167
                if [ -n "$WPA_ACTION_SCRIPT" ]; then
 
168
                        if [ -x "$WPA_ACTION_SCRIPT" ]; then
 
169
                                WPA_SUP_OPTIONS="-W -B -P $WPA_SUP_PIDFILE -i $IFACE"
 
170
                                wpa_msg verbose "wait for wpa_cli to attach"
 
171
                        else
 
172
                                wpa_msg stderr "action script \"$WPA_ACTION_SCRIPT\" not executable"
 
173
                                return 1
 
174
                        fi
 
175
                else
 
176
                        WPA_SUP_OPTIONS="-B -P $WPA_SUP_PIDFILE -i $IFACE"
 
177
                fi
 
178
 
 
179
                if [ -n "$IF_WPA_BRIDGE" ]; then
 
180
                        WPA_SUP_OPTIONS="$WPA_SUP_OPTIONS -b $IF_WPA_BRIDGE"
 
181
                        wpa_msg verbose "wpa-bridge $IF_WPA_BRIDGE"
 
182
                fi
 
183
 
 
184
                if [ -n "$IF_WPA_DRIVER" ]; then
 
185
                        WPA_SUP_DRIVER="$IF_WPA_DRIVER"
 
186
                        wpa_msg verbose "wpa-driver $WPA_SUP_DRIVER"
 
187
                else
 
188
                        WPA_SUP_DRIVER="wext"
 
189
                        wpa_msg verbose "using default driver type: wpa-driver $WPA_SUP_DRIVER"
 
190
                fi
 
191
 
 
192
                wpa_msg verbose "$WPA_SUP_BIN $WPA_SUP_OPTIONS -D $WPA_SUP_DRIVER $WPA_SUP_CONF"
 
193
                        
 
194
                start-stop-daemon --start --oknodo $DAEMON_VERBOSITY \
 
195
                        --name $WPA_SUP_PNAME --startas $WPA_SUP_BIN --pidfile $WPA_SUP_PIDFILE \
 
196
                        -- $WPA_SUP_OPTIONS -D $WPA_SUP_DRIVER $WPA_SUP_CONF
 
197
 
 
198
                if [ "$?" != "0" ]; then
 
199
                        wpa_msg stderr "$WPA_SUP_BIN daemon failed to start"
 
200
                        return 1
 
201
                fi
 
202
                
 
203
                local WPA_SOCKET_WAIT="0" MAX_WPA_SOCKET_WAIT="5"
 
204
                until [ -S "$WPA_CTRL_DIR/$IFACE" ]; do
 
205
                        if [ "$WPA_SOCKET_WAIT" -ge "$MAX_WPA_SOCKET_WAIT" ]; then
 
206
                                wpa_msg stderr "ctrl_interface socket not found at $WPA_CTRL_DIR/$IFACE"
 
207
                                return 1
 
208
                        else
 
209
                                wpa_msg verbose "waiting for \"$WPA_CTRL_DIR/$IFACE\": $WPA_SOCKET_WAIT (max. $MAX_WPA_SOCKET_WAIT)"
 
210
                        fi
 
211
                        
 
212
                        WPA_SOCKET_WAIT=$(($WPA_SOCKET_WAIT + 1))
 
213
                        sleep 1
 
214
                done
 
215
                
 
216
                wpa_msg verbose "ctrl_interface socket located at $WPA_CTRL_DIR/$IFACE"
 
217
        else
 
218
                wpa_msg stderr "init_wpa_supplicant() called without WPA_SUP_CONF"
 
219
                return 1
 
220
        fi
 
221
}
 
222
 
 
223
#####################################################################
 
224
## stop wpa_supplicant process
 
225
# Kill wpa_supplicant via start-stop-daemon, given the location of
 
226
# the pidfile or ctrl_interface socket path and interface name
 
227
#
 
228
kill_wpa_supplicant () {
 
229
        if test_wpa_supplicant; then
 
230
                
 
231
                wpa_msg verbose "terminating $WPA_SUP_PNAME daemon via pidfile $WPA_SUP_PIDFILE"
 
232
 
 
233
                start-stop-daemon --stop --oknodo $DAEMON_VERBOSITY \
 
234
                        --exec $WPA_SUP_BIN --pidfile $WPA_SUP_PIDFILE
 
235
        
 
236
                if [ -f "$WPA_SUP_PIDFILE" ]; then
 
237
                        rm -f "$WPA_SUP_PIDFILE"
 
238
                fi
 
239
        elif [ -S "$WPA_CTRL_DIR/$IFACE" ]; then
 
240
 
 
241
                wpa_msg action "terminating via ctrl_interface socket $WPA_CTRL_DIR/$IFACE"
 
242
 
 
243
                wpa_cli terminate >$TO_NULL
 
244
                
 
245
                if [ -S "$WPA_CTRL_DIR/$IFACE" ]; then
 
246
                        rm -f "$WPA_CTRL_DIR/$IFACE"
 
247
                fi
 
248
        fi
 
249
}
 
250
 
 
251
#####################################################################
 
252
## reload wpa_supplicant process
 
253
# Sending a HUP signal causes wpa_supplicant to reparse its
 
254
# configuration file
 
255
#
 
256
reload_wpa_supplicant () {
 
257
        if test_wpa_supplicant; then
 
258
                wpa_msg verbose "reloading wpa_supplicant configuration file via HUP signal"
 
259
                start-stop-daemon --stop --signal HUP \
 
260
                        --name "$WPA_SUP_PNAME" --pidfile "$WPA_SUP_PIDFILE"
 
261
        else
 
262
                wpa_msg verbose "cannot $WPA_ACTION, $WPA_SUP_PIDFILE does not exist"
 
263
        fi
 
264
}
 
265
 
 
266
#####################################################################
 
267
## daemonize wpa_cli and action script
 
268
# If environment variable WPA_ACTION_SCRIPT is present, wpa_cli will
 
269
# be spawned via start-stop-daemon
 
270
#
 
271
# Required options:
 
272
# -a    action script => wpa_action
 
273
# -P    process ID file
 
274
# -B    background process
 
275
#
 
276
init_wpa_cli () {
 
277
        if [ -n "$WPA_ACTION_SCRIPT" ]; then
 
278
                WPA_CLI_OPTIONS="-B -P $WPA_CLI_PIDFILE -i $IFACE"
 
279
 
 
280
                wpa_msg verbose "$WPA_CLI_BIN $WPA_CLI_OPTIONS -p $WPA_CTRL_DIR -a $WPA_ACTION_SCRIPT"
 
281
                        
 
282
                start-stop-daemon --start --oknodo $DAEMON_VERBOSITY \
 
283
                        --name $WPA_CLI_PNAME --startas $WPA_CLI_BIN --pidfile $WPA_CLI_PIDFILE \
 
284
                        -- $WPA_CLI_OPTIONS -p $WPA_CTRL_DIR -a $WPA_ACTION_SCRIPT
 
285
 
 
286
                if [ "$?" != "0" ]; then
 
287
                        wpa_msg stderr "$WPA_CLI_BIN daemon failed to start"
 
288
                        return 1
 
289
                fi
 
290
        fi
 
291
}
 
292
 
 
293
#####################################################################
 
294
## stop wpa_cli process
 
295
# Kill wpa_cli via start-stop-daemon, given the location of the
 
296
# pidfile
 
297
#
 
298
kill_wpa_cli () {
 
299
        if test_wpa_cli; then
 
300
                
 
301
                wpa_msg verbose "terminating $WPA_CLI_PNAME daemon via pidfile $WPA_CLI_PIDFILE"
 
302
                
 
303
                start-stop-daemon --stop --oknodo $DAEMON_VERBOSITY \
 
304
                        --exec $WPA_CLI_BIN --pidfile $WPA_CLI_PIDFILE
 
305
                
 
306
                if [ -f "$WPA_CLI_PIDFILE" ]; then
 
307
                        rm -f "$WPA_CLI_PIDFILE"
 
308
                fi
 
309
        fi
 
310
}
 
311
 
 
312
#####################################################################
 
313
## higher level wpa_cli wrapper for variable and set_network commands
 
314
# wpa_cli_do <value> <type> <variable> [set_network variable] <desc>
 
315
#
 
316
# $1    envorinment variable
 
317
# $2    data type of variable {raw|ascii}
 
318
# $3    wpa_cli variable, if $3 is set_network, shift and take 
 
319
#       set_network subvariable
 
320
# $4    wpa-* string as it would appear in interfaces file, enhances
 
321
#       verbose messages
 
322
#
 
323
wpa_cli_do () {
 
324
        if [ -z "$1" ]; then
 
325
                return 0
 
326
        fi
 
327
        
 
328
        local WPACLISET_VALUE WPACLISET_VARIABLE WPACLISET_DESC
 
329
        
 
330
        case "$2" in
 
331
                ascii)
 
332
                        # Double quote
 
333
                        WPACLISET_VALUE="\"$1\""
 
334
                        ;;
 
335
                raw|*)
 
336
                        # Provide raw value
 
337
                        WPACLISET_VALUE="$1"
 
338
                        ;;
 
339
        esac
 
340
        
 
341
        case "$3" in
 
342
                set_network)
 
343
                        if [ -z "$WPA_ID" ]; then
 
344
                                return 1
 
345
                        fi
 
346
                        shift
 
347
                        WPACLISET_VARIABLE="set_network $WPA_ID $3"
 
348
                        ;;
 
349
                *)
 
350
                        WPACLISET_VARIABLE="$3"
 
351
                        ;;
 
352
        esac
 
353
        
 
354
        case "$4" in
 
355
                *-psk|*-passphrase|*-passwd*|*-wep-key*)
 
356
                        WPACLISET_DESC="$4 *****"
 
357
                        ;;
 
358
                *)
 
359
                        WPACLISET_DESC="$4 $WPACLISET_VALUE"
 
360
                        ;;
 
361
        esac
 
362
 
 
363
        wpa_msg action "$WPACLISET_DESC"
 
364
        
 
365
        wpa_cli $WPACLISET_VARIABLE "$WPACLISET_VALUE" >$TO_NULL
 
366
}
 
367
 
 
368
#####################################################################
 
369
## check value data type in plaintext or hex
 
370
# returns 0 if input consists of hexadecimal digits only, 1 otherwise
 
371
#
 
372
ishex () {
 
373
        if [ -z "$1" ]; then 
 
374
                return 0
 
375
        fi
 
376
        
 
377
        case "$1" in
 
378
                *[!0-9a-fA-F]*)
 
379
                        # plaintext
 
380
                        return 1
 
381
                        ;;
 
382
                *)
 
383
                        # hexadecimal
 
384
                        return 0
 
385
                        ;;
 
386
        esac
 
387
}
 
388
 
 
389
#####################################################################
 
390
## sanity check and set psk|passphrase
 
391
# Warn about strange psk|passphrase values
 
392
#
 
393
# $1    psk or passphrase value
 
394
 
395
# If psk is surrounded by quotes strip them.
 
396
#
 
397
# If psk contains all hexadecimal characters and string length is 64:
 
398
#       is 256bit hexadecimal
 
399
# else:
 
400
#       is plaintext
 
401
#
 
402
# plaintext passphrases must be 8 - 63 characters in length
 
403
# 256-bit hexadecimal key must be 64 characters in length
 
404
#
 
405
wpa_key_check_and_set () {
 
406
        if [ -z "$1" ]; then
 
407
                return 0
 
408
        fi
 
409
 
 
410
        local KEY KEY_TYPE
 
411
        
 
412
        case "$1" in
 
413
                '"'*'"')
 
414
                        # Strip surrounding quotation marks
 
415
                        KEY=$(echo -n "$1" | sed 's/^"//;s/"$//')
 
416
                        ;;
 
417
                *)
 
418
                        KEY="$1"
 
419
                        ;;
 
420
        esac
 
421
 
 
422
        if ishex "$KEY" && [ "${#KEY}" -eq "64" ]; then
 
423
                KEY_TYPE="raw"
 
424
        else
 
425
                KEY_TYPE="ascii"
 
426
                if [ "${#KEY}" -lt "8" ] || [ "${#KEY}" -gt "63" ]; then
 
427
                        wpa_msg stderr \
 
428
                                "plaintext or ascii wpa-psk has ${#KEY} characters, it must have between 8 and 63"
 
429
                        wpa_msg stderr \
 
430
                                "if wpa-psk truly is a 256-bit hexadecimal key, it must have 64 characters"
 
431
                fi
 
432
        fi
 
433
        
 
434
        wpa_cli_do "$KEY" "$KEY_TYPE" \
 
435
                set_network psk wpa-psk
 
436
}
 
437
 
 
438
#####################################################################
 
439
## formulate a usable configuration from interfaces(5) wpa- lines
 
440
# A series of wpa_cli commands corresponding to environment variables
 
441
# created as a result of wpa- lines in an interfaces stanza.
 
442
#
 
443
# NB: no-act when roaming daemon is used (to avoid prematurely
 
444
# attaching to ctrl_interface socket)
 
445
#
 
446
conf_wpa_supplicant () {
 
447
        if [ -n "$WPA_ACTION_SCRIPT" ]; then
 
448
                return 0
 
449
        fi
 
450
        
 
451
        wpa_cli_do "$IF_WPA_AP_SCAN" raw \
 
452
                ap_scan wpa-ap-scan
 
453
        
 
454
        wpa_cli_do "$IF_WPA_PREAUTHENTICATE" raw \
 
455
                preauthenticate wpa-preauthenticate
 
456
                
 
457
        if [ -n "$IF_WPA_SSID" ]; then
 
458
                
 
459
                case "$IF_WPA_SSID" in
 
460
                        '"'*'"')
 
461
                                IF_WPA_SSID=$(echo -n "$IF_WPA_SSID" | sed 's/^"//;s/"$//')
 
462
                                ;;
 
463
                        *)
 
464
                                ;;
 
465
                esac
 
466
                
 
467
                WPA_ID=$(wpa_cli add_network)
 
468
 
 
469
                wpa_msg verbose "configuring network block -- $WPA_ID"
 
470
                
 
471
                wpa_cli_do "$IF_WPA_SSID" ascii \
 
472
                        set_network ssid wpa-ssid
 
473
                
 
474
                wpa_cli_do "$IF_WPA_PRIORITY" raw \
 
475
                        set_network priority wpa-priority
 
476
                
 
477
                wpa_cli_do "$IF_WPA_BSSID" raw \
 
478
                        set_network bssid wpa-bssid
 
479
                
 
480
                if [ -s "$IF_WPA_PSK_FILE" ]; then
 
481
                        IF_WPA_PSK=$(cat "$IF_WPA_PSK_FILE")
 
482
                fi
 
483
                
 
484
                # remain compat with wpa-passphrase-file
 
485
                if [ -s "$IF_WPA_PASSPHRASE_FILE" ]; then
 
486
                        IF_WPA_PSK=$(cat "$IF_WPA_PASSPHRASE_FILE")
 
487
                fi
 
488
                
 
489
                # remain compat with wpa-passphrase
 
490
                if [ -n "$IF_WPA_PASSPHRASE" ]; then
 
491
                        IF_WPA_PSK="$IF_WPA_PASSPHRASE"
 
492
                fi
 
493
        
 
494
                if [ -n "$IF_WPA_PSK" ]; then
 
495
                        wpa_key_check_and_set "$IF_WPA_PSK"
 
496
                fi
 
497
                
 
498
                wpa_cli_do "$IF_WPA_PAIRWISE" raw \
 
499
                        set_network pairwise wpa-pairwise
 
500
                
 
501
                wpa_cli_do "$IF_WPA_GROUP" raw \
 
502
                        set_network group wpa-group
 
503
                
 
504
                wpa_cli_do "$IF_WPA_KEY_MGMT" raw \
 
505
                        set_network key_mgmt wpa-key-mgmt
 
506
                
 
507
                wpa_cli_do "$IF_WPA_PROTO" raw \
 
508
                        set_network proto wpa-proto
 
509
                
 
510
                wpa_cli_do "$IF_WPA_AUTH_ALG" raw \
 
511
                        set_network auth_alg wpa-auth-alg
 
512
                
 
513
                wpa_cli_do "$IF_WPA_SCAN_SSID" raw \
 
514
                        set_network scan_ssid wpa-scan-ssid
 
515
                
 
516
                wpa_cli_do "$IF_WPA_IDENTITY" ascii \
 
517
                        set_network identity wpa-identity
 
518
                
 
519
                wpa_cli_do "$IF_WPA_ANONYMOUS_IDENTITY" ascii \
 
520
                        set_network anonymous_identity wpa-anonymous-identity
 
521
                
 
522
                wpa_cli_do "$IF_WPA_EAP" raw \
 
523
                        set_network eap wpa-eap
 
524
                
 
525
                wpa_cli_do "$IF_WPA_EAPPSK" raw \
 
526
                        set_network eappsk wpa-eappsk
 
527
 
 
528
                wpa_cli_do "$IF_WPA_NAI" ascii \
 
529
                        set_network nai wpa-nai
 
530
 
 
531
                wpa_cli_do "$IF_WPA_PASSWORD" ascii \
 
532
                        set_network password wpa-password
 
533
 
 
534
                wpa_cli_do "$IF_WPA_CA_CERT" ascii \
 
535
                        set_network ca_cert wpa-ca-cert
 
536
 
 
537
                wpa_cli_do "$IF_WPA_CA_PATH" ascii \
 
538
                        set_network ca_path wpa-ca-path
 
539
 
 
540
                wpa_cli_do "$IF_WPA_CLIENT_CERT" ascii \
 
541
                        set_network client_cert wpa-client-cert
 
542
 
 
543
                wpa_cli_do "$IF_WPA_PRIVATE_KEY" ascii \
 
544
                        set_network private_key wpa-private-key
 
545
 
 
546
                wpa_cli_do "$IF_WPA_PRIVATE_KEY_PASSWD" ascii \
 
547
                        set_network private_key_passwd wpa-private-key-passwd
 
548
                
 
549
                wpa_cli_do "$IF_WPA_DH_FILE" ascii \
 
550
                        set_network dh_file wpa-dh-file
 
551
 
 
552
                wpa_cli_do "$IF_WPA_SUBJECT_MATCH" ascii \
 
553
                        set_network subject_match wpa-subject-match
 
554
 
 
555
                wpa_cli_do "$IF_WPA_ALTSUBJECT_MATCH" ascii \
 
556
                        set_network altsubject_match wpa-altsubject-match
 
557
 
 
558
                wpa_cli_do "$IF_WPA_CA_CERT2" ascii \
 
559
                        set_network ca_cert2 wpa-ca-cert2
 
560
 
 
561
                wpa_cli_do "$IF_WPA_CA_PATH2" ascii \
 
562
                        set_network ca_path2 wpa-ca-path2
 
563
 
 
564
                wpa_cli_do "$IF_WPA_CLIENT_CERT2" ascii \
 
565
                        set_network client_cert2 wpa-client-cert2
 
566
 
 
567
                wpa_cli_do "$IF_WPA_PRIVATE_KEY2" ascii \
 
568
                        set_network private_key2 wpa-private-key2
 
569
 
 
570
                wpa_cli_do "$IF_WPA_PRIVATE_KEY_PASSWD2" ascii \
 
571
                        set_network private_key_passwd2 wpa-private-key-passwd2
 
572
                
 
573
                wpa_cli_do "$IF_WPA_DH_FILE2" ascii \
 
574
                        set_network dh_file2 wpa-dh-file2
 
575
 
 
576
                wpa_cli_do "$IF_WPA_SUBJECT_MATCH2" ascii \
 
577
                        set_network subject_match2 wpa-subject-match2
 
578
 
 
579
                wpa_cli_do "$IF_WPA_ALTSUBJECT_MATCH2" ascii \
 
580
                        set_network altsubject_match2 wpa-altsubject-match2
 
581
                
 
582
                wpa_cli_do "$IF_WPA_EAP_METHODS" raw \
 
583
                        set_network eap_methods wpa-eap-methods
 
584
 
 
585
                wpa_cli_do "$IF_WPA_PHASE1" ascii \
 
586
                        set_network phase1 wpa-phase1
 
587
 
 
588
                wpa_cli_do "$IF_WPA_PHASE2" ascii \
 
589
                        set_network phase2 wpa-phase2
 
590
 
 
591
                wpa_cli_do "$IF_WPA_PCSC" raw \
 
592
                        set_network pcsc wpa-pcsc
 
593
 
 
594
                wpa_cli_do "$IF_WPA_PIN" ascii \
 
595
                        set_network pin wpa-pin
 
596
 
 
597
                wpa_cli_do "$IF_WPA_ENGINE" raw \
 
598
                        set_network engine wpa-engine
 
599
 
 
600
                wpa_cli_do "$IF_WPA_ENGINE_ID" ascii \
 
601
                        set_network engine_id wpa-engine-id
 
602
 
 
603
                wpa_cli_do "$IF_WPA_KEY_ID" ascii \
 
604
                        set_network key_id wpa-key-id
 
605
 
 
606
                wpa_cli_do "$IF_WPA_EAPOL_FLAGS" raw \
 
607
                        set_network eapol_flags wpa-eapol-flags
 
608
                
 
609
                wpa_cli_do "$IF_WPA_WEP_KEY0" raw \
 
610
                        set_network wep_key0 wpa-wep-key0
 
611
                
 
612
                wpa_cli_do "$IF_WPA_WEP_KEY1" raw \
 
613
                        set_network wep_key1 wpa-wep-key1
 
614
                
 
615
                wpa_cli_do "$IF_WPA_WEP_KEY2" raw \
 
616
                        set_network wep_key2 wpa-wep-key2
 
617
                
 
618
                wpa_cli_do "$IF_WPA_WEP_KEY3" raw \
 
619
                        set_network wep_key3 wpa-wep-key3
 
620
                
 
621
                wpa_cli_do "$IF_WPA_WEP_TX_KEYIDX" raw \
 
622
                        set_network wep_tx_keyidx wpa-wep-tx-keyidx
 
623
                
 
624
                wpa_cli_do "$IF_WPA_PROACTIVE_KEY_CACHING" raw \
 
625
                        set_network proactive_key_caching wpa-proactive-key-caching
 
626
                        
 
627
                wpa_cli_do "$IF_WPA_PAC_FILE" ascii \
 
628
                        set_network pac_file wpa-pac-file
 
629
                
 
630
                wpa_cli_do "$IF_WPA_MODE" raw \
 
631
                        set_network mode wpa-mode
 
632
                
 
633
                wpa_cli_do "$IF_WPA_STAKEY" raw \
 
634
                        set_network stakey wpa-stakey
 
635
                
 
636
                wpa_cli_do "$IF_WPA_PEERKEY" raw \
 
637
                        set_network peerkey wpa-peerkey
 
638
                        
 
639
                wpa_cli_do "$IF_FRAGMENT_SIZE" raw \
 
640
                        set_network fragment_size wpa-fragment-size
 
641
 
 
642
                wpa_cli_do "$IF_WPA_ID_STR" ascii \
 
643
                        set_network id_str wpa-id-str
 
644
                
 
645
                wpa_cli_do "$WPA_ID" raw \
 
646
                        enable_network "enabling network block"
 
647
        fi
 
648
}
 
649
 
 
650
#####################################################################
 
651
## wpa_action basic logging
 
652
# Log actions to file, test to see if it is writeable first
 
653
#
 
654
wpa_log_init () {
 
655
        if touch "$WPA_CLI_LOGFILE" 2>/dev/null; then
 
656
                exec >> "$WPA_CLI_LOGFILE" 2>&1
 
657
        fi
 
658
}
 
659
 
 
660
# log timestamp and wpa_action arguments
 
661
wpa_log_action () {
 
662
        echo "########## $(date +"%H:%M:%S  %Y-%m-%d") ##########"
 
663
        echo "IFACE=$IFACE ACTION=$WPA_ACTION"
 
664
}
 
665
 
 
666
# log wpa_cli environment variables
 
667
wpa_log_environment () {
 
668
        echo "WPA_ID=$WPA_ID WPA_ID_STR=$WPA_ID_STR"
 
669
        echo "WPA_CTRL_DIR=$WPA_CTRL_DIR"
 
670
}
 
671
 
 
672
#####################################################################
 
673
## hysteresis checking
 
674
# Networking tools such as dhcp clients used with ifupdown can
 
675
# synthesize artificial ACTION events, particuarly just after a 
 
676
# DISCONNECTED/CONNECTED events are experienced in quick succession.
 
677
# This can lead to infinite event loops, and in extreme cases has the
 
678
# potential to cause system instability.
 
679
#
 
680
wpa_hysteresis_event () {
 
681
        echo "$(date +%s)" > "$WPA_CLI_TIMESTAMP"
 
682
}
 
683
 
 
684
wpa_hysteresis_check () {
 
685
        if [ -f "$WPA_CLI_TIMESTAMP" ]; then
 
686
                local TIME="$(date +%s)" TIMESTAMP TIMEWAIT
 
687
                # current time minus 4 second event buffer
 
688
                TIMEWAIT=$(($TIME-4))
 
689
                # get time of last event
 
690
                TIMESTAMP=$(cat $WPA_CLI_TIMESTAMP)
 
691
                # compare values, allowing new action to be processed 
 
692
                # only if last action was more than 4 seconds ago
 
693
                if [ "$TIMEWAIT" -le "$TIMESTAMP" ]; then
 
694
                        echo "Ignoring $WPA_ACTION event, too soon after previous event"
 
695
                        return 1
 
696
                fi
 
697
        fi
 
698
        return 0
 
699
}
 
700
 
 
701
#####################################################################
 
702
## identify ifupdown files
 
703
# Identify ifupdown core files, so that state of the interface can be
 
704
# checked. This is the weakest part of the wpa_action roaming scheme,
 
705
# it would be _much_ better if stateless ifupdown capabilities were
 
706
# a reality.
 
707
#
 
708
ifupdown_check () {
 
709
        if [ -e /etc/network/interfaces ]; then
 
710
                INTERFACES_FILE="/etc/network/interfaces"
 
711
        else
 
712
                echo "Cannot locate ifupdown's \"interfaces\" file, $IFACE will not be configured"
 
713
                return 1
 
714
        fi
 
715
 
 
716
        if [ -e /etc/network/run/ifstate ]; then
 
717
                # debian's ifupdown
 
718
                IFSTATE_FILE="/etc/network/run/ifstate"
 
719
        elif [ -e /var/run/network/ifstate ]; then
 
720
                # ubuntu's
 
721
                IFSTATE_FILE="/var/run/network/ifstate"
 
722
        else
 
723
                echo "Cannot locate ifupdown's \"ifstate\" file, $IFACE will not be configured"
 
724
                return 1
 
725
        fi
 
726
 
 
727
        return 0
 
728
}
 
729
 
 
730
#####################################################################
 
731
## apply mapping logic and ifup logical interface
 
732
# Apply mapping logic via id_str or external mapping script, check
 
733
# state of IFACE with respect to ifupdown and ifup logical interaface
 
734
#
 
735
ifup () {
 
736
        local WPA_LOGICAL_IFACE
 
737
        
 
738
        if [ -z "$IF_WPA_MAPPING_SCRIPT_PRIORITY" ] && [ -n "$WPA_ID_STR" ]; then
 
739
                WPA_LOGICAL_IFACE="$WPA_ID_STR"
 
740
                echo "Mapping logical interface via id_str: $WPA_LOGICAL_IFACE"
 
741
        fi
 
742
        
 
743
        if [ -z "$WPA_LOGICAL_IFACE" ] && [ -n "$IF_WPA_MAPPING_SCRIPT" ]; then
 
744
                echo "Mapping logical interface via wpa-mapping-script: $IF_WPA_MAPPING_SCRIPT"
 
745
                
 
746
                local WPA_MAP_STDIN
 
747
                
 
748
                WPA_MAP_STDIN=$(set | sed --quiet 's/^\(IF_WPA_MAP[0-9]*\)=.*/echo \$\1/p')
 
749
                
 
750
                if [ -n "$WPA_MAP_STDIN" ]; then
 
751
                        WPA_LOGICAL_IFACE=$(eval "$WPA_MAP_STDIN" | "$IF_WPA_MAPPING_SCRIPT" "$IFACE")
 
752
                else            
 
753
                        WPA_LOGICAL_IFACE=$("$IF_WPA_MAPPING_SCRIPT" "$IFACE")
 
754
                fi
 
755
                
 
756
                if [ -n "$WPA_LOGICAL_IFACE" ]; then
 
757
                        echo "Mapping script result: $WPA_LOGICAL_IFACE"
 
758
                else
 
759
                        echo "Mapping script failed."
 
760
                fi
 
761
        fi
 
762
 
 
763
        if [ -z "$WPA_LOGICAL_IFACE" ]; then
 
764
                if [ -n "$IF_WPA_ROAM_DEFAULT_IFACE" ]; then
 
765
                        WPA_LOGICAL_IFACE="$IF_WPA_ROAM_DEFAULT_IFACE"
 
766
                        echo "Using wpa-roam-default-iface: $WPA_LOGICAL_IFACE"
 
767
                else
 
768
                        WPA_LOGICAL_IFACE="default"
 
769
                        echo "Using fallback logical interface: $WPA_LOGICAL_IFACE"
 
770
                fi
 
771
        fi
 
772
 
 
773
        if [ -n "$WPA_LOGICAL_IFACE" ]; then
 
774
                if egrep --quiet "^iface[[:space:]]+$WPA_LOGICAL_IFACE[[:space:]]+inet" "$INTERFACES_FILE"; then
 
775
                        
 
776
                        echo "ifup $IFACE=$WPA_LOGICAL_IFACE"
 
777
                        
 
778
                        if grep --quiet "^$IFACE=$IFACE" "$IFSTATE_FILE"; then
 
779
                                # Force settings over the unconfigured "master" IFACE
 
780
                                /sbin/ifup --force "$IFACE=$WPA_LOGICAL_IFACE"
 
781
                        else
 
782
                                /sbin/ifup "$IFACE=$WPA_LOGICAL_IFACE"
 
783
                        fi
 
784
                else
 
785
                        echo "No network defined for \"$WPA_LOGICAL_IFACE\" in \"$INTERFACES_FILE\""
 
786
                fi
 
787
        else
 
788
                echo "No suitable logical interface mapping for ifupdown to configure"
 
789
        fi
 
790
}
 
791
 
 
792
#####################################################################
 
793
## ifdown IFACE
 
794
# Check IFACE state and ifdown as requested.
 
795
#
 
796
ifdown () {
 
797
        if grep --quiet "^$IFACE" "$IFSTATE_FILE"; then
 
798
                echo "ifdown $IFACE"
 
799
                /sbin/ifdown "$IFACE"
 
800
        else
 
801
                echo "Ignoring request to take \"$IFACE\" down, it is not up"
 
802
        fi
 
803
}
 
804
 
 
805
#####################################################################
 
806
## keep IFACE scanning
 
807
# After ifdown, the IFACE may left "down", and inhibits its ability
 
808
# to continue roaming. Keep it in an up operstate.
 
809
#
 
810
# NB: use iproute if present, flushing the IFACE first
 
811
#
 
812
if_post_down_up () {
 
813
        if [ -x /sbin/ip ]; then
 
814
                /sbin/ip addr flush dev "$IFACE" 2>/dev/null
 
815
                /sbin/ip link set "$IFACE" up
 
816
        else
 
817
                /sbin/ifconfig "$IFACE" up
 
818
        fi
 
819
}