/mandos/trunk : contents of network-hooks.d/wireless at revision 544

: (revision 544)

To get this branch, use:

bzr branch
http://bzr.recompile.se/loggerhead/mandos/trunk

#!/bin/sh
#
# This is an example of a Mandos client network hook.  This hook
# brings up a wireless interface as specified in a separate
# configuration file.  To be used, this file and any needed
# configuration file(s) should be copied into the
# /etc/mandos/network-hooks.d directory.
# 
# Copying and distribution of this file, with or without modification,
# are permitted in any medium without royalty provided the copyright
# notice and this notice are preserved.  This file is offered as-is,
# without any warranty.

set -e

RUNDIR="/run"
CTRL="$RUNDIR/wpa_supplicant-global"
CTRLDIR="$RUNDIR/wpa_supplicant"
PIDFILE="$RUNDIR/wpa_supplicant-mandos.pid"

CONFIG="$MANDOSNETHOOKDIR/wireless.conf"

addrtoif(){
    grep -liFe "$1" /sys/class/net/*/address \
	| sed -e 's,.*/\([^/]*\)/[^/]*,\1,'
}

# Read config file
if [ -e "$CONFIG" ]; then
    . "$CONFIG"
else
    exit
fi

ifkeys=`env | sed -n -e 's/^ADDRESS_\([^=]*\)=.*/\1/p' "$CONFIG" \
    | sort -u`

# Exit if DEVICE is set and is not any of the wireless interfaces
if [ -n "$DEVICE" ]; then
    while :; do
	for KEY in $ifkeys; do
	    ADDRESS=`eval 'echo "$ADDRESS_'"$KEY"\"`
	    INTERFACE=`addrtoif "$ADDRESS"`
	    if [ "$INTERFACE" = "$DEVICE" ]; then
		break 2
	    fi
	done
	exit
    done
fi

wpa_supplicant=/sbin/wpa_supplicant
wpa_cli=/sbin/wpa_cli
ip=/bin/ip

# Used by the wpa_interface_* functions in the wireless.conf file
wpa_cli_set(){
    case "$1" in
        ssid|psk) arg="\"$2\"" ;;
        *) arg="$2" ;;
    esac
    "$wpa_cli" -p "$CTRLDIR" -i "$INTERFACE" set_network "$NETWORK" \
	"$1" "$arg" 2>&1 | sed -e '/^OK$/d'
}

if [ $VERBOSITY -gt 0 ]; then
    WPAS_OPTIONS="-d $WPAS_OPTIONS"
fi
if [ -n "$PIDFILE" ]; then
    WPAS_OPTIONS="-P$PIDFILE $WPAS_OPTIONS"
fi

case "${MODE:-$1}" in
    start)
	mkdir -m u=rwx,go= -p "$CTRLDIR"
	"$wpa_supplicant" -B -g "$CTRL" -p "$CTRLDIR" $WPAS_OPTIONS
        for KEY in $ifkeys; do
	    ADDRESS=`eval 'echo "$ADDRESS_'"$KEY"\"`
	    INTERFACE=`addrtoif "$ADDRESS"`
	    DRIVER=`eval 'echo "$WPA_DRIVER_'"$KEY"\"`
	    IFDELAY=`eval 'echo "$DELAY_'"$KEY"\"`
	    "$wpa_cli" -g "$CTRL" interface_add "$INTERFACE" "" \
		"${DRIVER:-wext}" "$CTRLDIR" > /dev/null \
		| sed -e '/^OK$/d'
	    NETWORK=`"$wpa_cli" -p "$CTRLDIR" -i "$INTERFACE" \
		add_network`
	    eval wpa_interface_"$KEY"
	    "$wpa_cli" -p "$CTRLDIR" -i "$INTERFACE" enable_network \
		"$NETWORK" | sed -e '/^OK$/d'
	    sleep "${IFDELAY:-$DELAY}" &
	    sleep=$!
	    while :; do
		kill -0 $sleep 2>/dev/null || break
		STATE=`"$wpa_cli" -p "$CTRLDIR" -i "$INTERFACE" \
		    status | sed -n -e 's/^wpa_state=//p'`
		if [ "$STATE" = COMPLETED ]; then
		    while :; do
			kill -0 $sleep 2>/dev/null || break 2
			UP=`cat /sys/class/net/"$INTERFACE"/operstate`
			if [ "$UP" = up ]; then
			    kill $sleep 2>/dev/null
			    break 2
			fi
			sleep 1
		    done
		fi
		sleep 1
	    done &
	    wait $sleep || :
	    IPADDRS=`eval 'echo "$IPADDRS_'"$KEY"\"`
	    if [ -n "$IPADDRS" ]; then
		if [ "$IPADDRS" = dhcp ]; then
		    ipconfig -c dhcp -d "$INTERFACE" || :
		    #dhclient "$INTERFACE"
		else
		    for ipaddr in $IPADDRS; do
			"$ip" addr add "$ipaddr" dev "$INTERFACE"
		    done
		fi
	    fi
	    ROUTES=`eval 'echo "$ROUTES_'"$KEY"\"`
	    if [ -n "$ROUTES" ]; then
		for route in $ROUTES; do
		    "$ip" route add "$route" dev "$BRIDGE"
		done
	    fi
        done
	;;
    stop)
	"$wpa_cli" -g "$CTRL" terminate 2>&1 | sed -e '/^OK$/d'
        for KEY in $ifkeys; do
	    ADDRESS=`eval 'echo "$ADDRESS_'"$KEY"\"`
	    INTERFACE=`addrtoif "$ADDRESS"`
	    "$ip" addr show scope global permanent dev "$INTERFACE" \
		| while read type addr rest; do
		case "$type" in
		    inet|inet6)
			"$ip" addr del "$addr" dev "$INTERFACE"
			;;
		esac
	    done
	    "$ip" link set dev "$INTERFACE" down
	done
	;;
    files)
	echo "$wpa_supplicant"
	echo "$wpa_cli"
	echo "$ip"
	;;
    modules)
	if [ "$IPADDRS" = dhcp ]; then
	    echo af_packet
	fi
	sed -n -e 's/#.*$//' -e 's/[ 	]*$//' \
	    -e 's/^MODULE_[^=]\+=//p' "$CONFIG"
	;;
esac

535.1.1 by teddy at recompile Add wireless network hook	1	#!/bin/sh
	2	#
	3	# This is an example of a Mandos client network hook. This hook
	4	# brings up a wireless interface as specified in a separate
	5	# configuration file. To be used, this file and any needed
	6	# configuration file(s) should be copied into the
	7	# /etc/mandos/network-hooks.d directory.
	8	#
	9	# Copying and distribution of this file, with or without modification,
	10	# are permitted in any medium without royalty provided the copyright
	11	# notice and this notice are preserved. This file is offered as-is,
	12	# without any warranty.
	13
	14	set -e
	15
	16	RUNDIR="/run"
	17	CTRL="$RUNDIR/wpa_supplicant-global"
	18	CTRLDIR="$RUNDIR/wpa_supplicant"
	19	PIDFILE="$RUNDIR/wpa_supplicant-mandos.pid"
	20
	21	CONFIG="$MANDOSNETHOOKDIR/wireless.conf"
	22
535.1.8 by teddy at recompile * network-hooks.s/bridge: Don't use interface names directly; search	23	addrtoif(){
535.1.9 by teddy at recompile * network-hooks.s/bridge: Don't use interface names directly; search	24	grep -liFe "$1" /sys/class/net/*/address \
	25	\| sed -e 's,./\([^/]\)/[^/]*,\1,'
535.1.8 by teddy at recompile * network-hooks.s/bridge: Don't use interface names directly; search	26	}
	27
535.1.1 by teddy at recompile Add wireless network hook	28	# Read config file
	29	if [ -e "$CONFIG" ]; then
	30	. "$CONFIG"
	31	else
	32	exit
	33	fi
	34
535.1.9 by teddy at recompile * network-hooks.s/bridge: Don't use interface names directly; search	35	ifkeys=`env \| sed -n -e 's/^ADDRESS_\([^=]\)=./\1/p' "$CONFIG" \
	36	\| sort -u`
535.1.1 by teddy at recompile Add wireless network hook	37
	38	# Exit if DEVICE is set and is not any of the wireless interfaces
	39	if [ -n "$DEVICE" ]; then
	40	while :; do
535.1.8 by teddy at recompile * network-hooks.s/bridge: Don't use interface names directly; search	41	for KEY in $ifkeys; do
	42	ADDRESS=`eval 'echo "$ADDRESS_'"$KEY"\"`
	43	INTERFACE=`addrtoif "$ADDRESS"`
	44	if [ "$INTERFACE" = "$DEVICE" ]; then
535.1.1 by teddy at recompile Add wireless network hook	45	break 2
	46	fi
	47	done
	48	exit
	49	done
	50	fi
	51
	52	wpa_supplicant=/sbin/wpa_supplicant
	53	wpa_cli=/sbin/wpa_cli
	54	ip=/bin/ip
	55
	56	# Used by the wpa_interface_* functions in the wireless.conf file
	57	wpa_cli_set(){
	58	case "$1" in
	59	ssid\|psk) arg="\"$2\"" ;;
	60	*) arg="$2" ;;
	61	esac
	62	"$wpa_cli" -p "$CTRLDIR" -i "$INTERFACE" set_network "$NETWORK" \
	63	"$1" "$arg" 2>&1 \| sed -e '/^OK$/d'
	64	}
	65
	66	if [ $VERBOSITY -gt 0 ]; then
	67	WPAS_OPTIONS="-d $WPAS_OPTIONS"
	68	fi
	69	if [ -n "$PIDFILE" ]; then
	70	WPAS_OPTIONS="-P$PIDFILE $WPAS_OPTIONS"
	71	fi
	72
	73	case "${MODE:-$1}" in
	74	start)
	75	mkdir -m u=rwx,go= -p "$CTRLDIR"
	76	"$wpa_supplicant" -B -g "$CTRL" -p "$CTRLDIR" $WPAS_OPTIONS
535.1.8 by teddy at recompile * network-hooks.s/bridge: Don't use interface names directly; search	77	for KEY in $ifkeys; do
	78	ADDRESS=`eval 'echo "$ADDRESS_'"$KEY"\"`
	79	INTERFACE=`addrtoif "$ADDRESS"`
	80	DRIVER=`eval 'echo "$WPA_DRIVER_'"$KEY"\"`
	81	IFDELAY=`eval 'echo "$DELAY_'"$KEY"\"`
535.1.1 by teddy at recompile Add wireless network hook	82	"$wpa_cli" -g "$CTRL" interface_add "$INTERFACE" "" \
	83	"${DRIVER:-wext}" "$CTRLDIR" > /dev/null \
	84	\| sed -e '/^OK$/d'
535.1.9 by teddy at recompile * network-hooks.s/bridge: Don't use interface names directly; search	85	NETWORK=`"$wpa_cli" -p "$CTRLDIR" -i "$INTERFACE" \
	86	add_network`
535.1.8 by teddy at recompile * network-hooks.s/bridge: Don't use interface names directly; search	87	eval wpa_interface_"$KEY"
535.1.1 by teddy at recompile Add wireless network hook	88	"$wpa_cli" -p "$CTRLDIR" -i "$INTERFACE" enable_network \
535.1.1 by teddy at recompile Add wireless network hook	89	"$NETWORK" \| sed -e '/^OK$/d'
535.1.5 by Teddy Hogeborn * network-hooks.d/wireless (start): Bug fix: background "sleep"	90	sleep "${IFDELAY:-$DELAY}" &
535.1.1 by teddy at recompile Add wireless network hook	91	sleep=$!
535.1.1 by teddy at recompile Add wireless network hook	92	while :; do
535.1.3 by Teddy Hogeborn * network-hooks.d/wireless (start): Bug fixes: Don't shadow "$DELAY".	93	kill -0 $sleep 2>/dev/null \|\| break
535.1.9 by teddy at recompile * network-hooks.s/bridge: Don't use interface names directly; search	94	STATE=`"$wpa_cli" -p "$CTRLDIR" -i "$INTERFACE" \
	95	status \| sed -n -e 's/^wpa_state=//p'`
535.1.1 by teddy at recompile Add wireless network hook	96	if [ "$STATE" = COMPLETED ]; then
535.1.7 by teddy at recompile * network-hooks.s/wireless (start): Wait until interface is up.	97	while :; do
	98	kill -0 $sleep 2>/dev/null \|\| break 2
	99	UP=`cat /sys/class/net/"$INTERFACE"/operstate`
	100	if [ "$UP" = up ]; then
	101	kill $sleep 2>/dev/null
	102	break 2
	103	fi
	104	sleep 1
	105	done
535.1.1 by teddy at recompile Add wireless network hook	106	fi
	107	sleep 1
	108	done &
	109	wait $sleep \|\| :
535.1.8 by teddy at recompile * network-hooks.s/bridge: Don't use interface names directly; search	110	IPADDRS=`eval 'echo "$IPADDRS_'"$KEY"\"`
535.1.1 by teddy at recompile Add wireless network hook	111	if [ -n "$IPADDRS" ]; then
	112	if [ "$IPADDRS" = dhcp ]; then
	113	ipconfig -c dhcp -d "$INTERFACE" \|\| :
	114	#dhclient "$INTERFACE"
	115	else
	116	for ipaddr in $IPADDRS; do
	117	"$ip" addr add "$ipaddr" dev "$INTERFACE"
	118	done
	119	fi
	120	fi
535.1.8 by teddy at recompile * network-hooks.s/bridge: Don't use interface names directly; search	121	ROUTES=`eval 'echo "$ROUTES_'"$KEY"\"`
535.1.1 by teddy at recompile Add wireless network hook	122	if [ -n "$ROUTES" ]; then
	123	for route in $ROUTES; do
	124	"$ip" route add "$route" dev "$BRIDGE"
	125	done
	126	fi
	127	done
	128	;;
	129	stop)
	130	"$wpa_cli" -g "$CTRL" terminate 2>&1 \| sed -e '/^OK$/d'
535.1.8 by teddy at recompile * network-hooks.s/bridge: Don't use interface names directly; search	131	for KEY in $ifkeys; do
	132	ADDRESS=`eval 'echo "$ADDRESS_'"$KEY"\"`
	133	INTERFACE=`addrtoif "$ADDRESS"`
535.1.1 by teddy at recompile Add wireless network hook	134	"$ip" addr show scope global permanent dev "$INTERFACE" \
	135	\| while read type addr rest; do
	136	case "$type" in
	137	inet\|inet6)
	138	"$ip" addr del "$addr" dev "$INTERFACE"
	139	;;
	140	esac
	141	done
	142	"$ip" link set dev "$INTERFACE" down
	143	done
	144	;;
	145	files)
	146	echo "$wpa_supplicant"
	147	echo "$wpa_cli"
	148	echo "$ip"
	149	;;
	150	modules)
	151	if [ "$IPADDRS" = dhcp ]; then
	152	echo af_packet
	153	fi
535.1.3 by Teddy Hogeborn * network-hooks.d/wireless (start): Bug fixes: Don't shadow "$DELAY".	154	sed -n -e 's/#.$//' -e 's/[ ]$//' \
	155	-e 's/^MODULE_[^=]\+=//p' "$CONFIG"
535.1.1 by teddy at recompile Add wireless network hook	156	;;
535.1.1 by teddy at recompile Add wireless network hook	157	esac