/mandos/release

To get this branch, use:
bzr branch http://bzr.recompile.se/loggerhead/mandos/release

« back to all changes in this revision

Viewing changes to network-hooks.d/wireless

Merge new wireless network hook.  Fix bridge network hook to use
hardware addresses instead of interface names.  Implement and document
new "CONNECT" environment variable for network hooks.

Show diffs side-by-side

added added

removed removed

Lines of Context:
 
1
#!/bin/sh
 
2
#
 
3
# This is an example of a Mandos client network hook.  This hook
 
4
# brings up a wireless interface as specified in a separate
 
5
# configuration file.  To be used, this file and any needed
 
6
# configuration file(s) should be copied into the
 
7
# /etc/mandos/network-hooks.d directory.
 
8
 
9
# Copying and distribution of this file, with or without modification,
 
10
# are permitted in any medium without royalty provided the copyright
 
11
# notice and this notice are preserved.  This file is offered as-is,
 
12
# without any warranty.
 
13
 
 
14
set -e
 
15
 
 
16
RUNDIR="/run"
 
17
CTRL="$RUNDIR/wpa_supplicant-global"
 
18
CTRLDIR="$RUNDIR/wpa_supplicant"
 
19
PIDFILE="$RUNDIR/wpa_supplicant-mandos.pid"
 
20
 
 
21
CONFIG="$MANDOSNETHOOKDIR/wireless.conf"
 
22
 
 
23
addrtoif(){
 
24
    grep -liFe "$1" /sys/class/net/*/address \
 
25
        | sed -e 's,.*/\([^/]*\)/[^/]*,\1,'
 
26
}
 
27
 
 
28
# Read config file
 
29
if [ -e "$CONFIG" ]; then
 
30
    . "$CONFIG"
 
31
else
 
32
    exit
 
33
fi
 
34
 
 
35
ifkeys=`env | sed -n -e 's/^ADDRESS_\([^=]*\)=.*/\1/p' "$CONFIG" \
 
36
    | sort -u`
 
37
 
 
38
# Exit if DEVICE is set and is not any of the wireless interfaces
 
39
if [ -n "$DEVICE" ]; then
 
40
    while :; do
 
41
        for KEY in $ifkeys; do
 
42
            ADDRESS=`eval 'echo "$ADDRESS_'"$KEY"\"`
 
43
            INTERFACE=`addrtoif "$ADDRESS"`
 
44
            if [ "$INTERFACE" = "$DEVICE" ]; then
 
45
                break 2
 
46
            fi
 
47
        done
 
48
        exit
 
49
    done
 
50
fi
 
51
 
 
52
wpa_supplicant=/sbin/wpa_supplicant
 
53
wpa_cli=/sbin/wpa_cli
 
54
ip=/bin/ip
 
55
 
 
56
# Used by the wpa_interface_* functions in the wireless.conf file
 
57
wpa_cli_set(){
 
58
    case "$1" in
 
59
        ssid|psk) arg="\"$2\"" ;;
 
60
        *) arg="$2" ;;
 
61
    esac
 
62
    "$wpa_cli" -p "$CTRLDIR" -i "$INTERFACE" set_network "$NETWORK" \
 
63
        "$1" "$arg" 2>&1 | sed -e '/^OK$/d'
 
64
}
 
65
 
 
66
if [ $VERBOSITY -gt 0 ]; then
 
67
    WPAS_OPTIONS="-d $WPAS_OPTIONS"
 
68
fi
 
69
if [ -n "$PIDFILE" ]; then
 
70
    WPAS_OPTIONS="-P$PIDFILE $WPAS_OPTIONS"
 
71
fi
 
72
 
 
73
case "${MODE:-$1}" in
 
74
    start)
 
75
        mkdir -m u=rwx,go= -p "$CTRLDIR"
 
76
        "$wpa_supplicant" -B -g "$CTRL" -p "$CTRLDIR" $WPAS_OPTIONS
 
77
        for KEY in $ifkeys; do
 
78
            ADDRESS=`eval 'echo "$ADDRESS_'"$KEY"\"`
 
79
            INTERFACE=`addrtoif "$ADDRESS"`
 
80
            DRIVER=`eval 'echo "$WPA_DRIVER_'"$KEY"\"`
 
81
            IFDELAY=`eval 'echo "$DELAY_'"$KEY"\"`
 
82
            "$wpa_cli" -g "$CTRL" interface_add "$INTERFACE" "" \
 
83
                "${DRIVER:-wext}" "$CTRLDIR" > /dev/null \
 
84
                | sed -e '/^OK$/d'
 
85
            NETWORK=`"$wpa_cli" -p "$CTRLDIR" -i "$INTERFACE" \
 
86
                add_network`
 
87
            eval wpa_interface_"$KEY"
 
88
            "$wpa_cli" -p "$CTRLDIR" -i "$INTERFACE" enable_network \
 
89
                "$NETWORK" | sed -e '/^OK$/d'
 
90
            sleep "${IFDELAY:-$DELAY}" &
 
91
            sleep=$!
 
92
            while :; do
 
93
                kill -0 $sleep 2>/dev/null || break
 
94
                STATE=`"$wpa_cli" -p "$CTRLDIR" -i "$INTERFACE" \
 
95
                    status | sed -n -e 's/^wpa_state=//p'`
 
96
                if [ "$STATE" = COMPLETED ]; then
 
97
                    while :; do
 
98
                        kill -0 $sleep 2>/dev/null || break 2
 
99
                        UP=`cat /sys/class/net/"$INTERFACE"/operstate`
 
100
                        if [ "$UP" = up ]; then
 
101
                            kill $sleep 2>/dev/null
 
102
                            break 2
 
103
                        fi
 
104
                        sleep 1
 
105
                    done
 
106
                fi
 
107
                sleep 1
 
108
            done &
 
109
            wait $sleep || :
 
110
            IPADDRS=`eval 'echo "$IPADDRS_'"$KEY"\"`
 
111
            if [ -n "$IPADDRS" ]; then
 
112
                if [ "$IPADDRS" = dhcp ]; then
 
113
                    ipconfig -c dhcp -d "$INTERFACE" || :
 
114
                    #dhclient "$INTERFACE"
 
115
                else
 
116
                    for ipaddr in $IPADDRS; do
 
117
                        "$ip" addr add "$ipaddr" dev "$INTERFACE"
 
118
                    done
 
119
                fi
 
120
            fi
 
121
            ROUTES=`eval 'echo "$ROUTES_'"$KEY"\"`
 
122
            if [ -n "$ROUTES" ]; then
 
123
                for route in $ROUTES; do
 
124
                    "$ip" route add "$route" dev "$BRIDGE"
 
125
                done
 
126
            fi
 
127
        done
 
128
        ;;
 
129
    stop)
 
130
        "$wpa_cli" -g "$CTRL" terminate 2>&1 | sed -e '/^OK$/d'
 
131
        for KEY in $ifkeys; do
 
132
            ADDRESS=`eval 'echo "$ADDRESS_'"$KEY"\"`
 
133
            INTERFACE=`addrtoif "$ADDRESS"`
 
134
            "$ip" addr show scope global permanent dev "$INTERFACE" \
 
135
                | while read type addr rest; do
 
136
                case "$type" in
 
137
                    inet|inet6)
 
138
                        "$ip" addr del "$addr" dev "$INTERFACE"
 
139
                        ;;
 
140
                esac
 
141
            done
 
142
            "$ip" link set dev "$INTERFACE" down
 
143
        done
 
144
        ;;
 
145
    files)
 
146
        echo "$wpa_supplicant"
 
147
        echo "$wpa_cli"
 
148
        echo "$ip"
 
149
        ;;
 
150
    modules)
 
151
        if [ "$IPADDRS" = dhcp ]; then
 
152
            echo af_packet
 
153
        fi
 
154
        sed -n -e 's/#.*$//' -e 's/[    ]*$//' \
 
155
            -e 's/^MODULE_[^=]\+=//p' "$CONFIG"
 
156
        ;;
 
157
esac