1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
|
#!/bin/sh
#
# This is an example of a Mandos client network hook. This hook
# brings up a wireless interface as specified in a separate
# configuration file. To be used, this file and any needed
# configuration file(s) should be copied into the
# /etc/mandos/network-hooks.d directory.
#
# Copyright © 2012-2018 Teddy Hogeborn
# Copyright © 2012-2018 Björn Påhlsson
#
# Copying and distribution of this file, with or without modification,
# are permitted in any medium without royalty provided the copyright
# notice and this notice are preserved. This file is offered as-is,
# without any warranty.
set -e
RUNDIR="/run"
CTRL="$RUNDIR/wpa_supplicant-global"
CTRLDIR="$RUNDIR/wpa_supplicant"
PIDFILE="$RUNDIR/wpa_supplicant-mandos.pid"
CONFIG="$MANDOSNETHOOKDIR/wireless.conf"
addrtoif(){
grep -liFe "$1" /sys/class/net/*/address \
| sed -e 's,.*/\([^/]*\)/[^/]*,\1,'
}
# Read config file
if [ -e "$CONFIG" ]; then
. "$CONFIG"
else
exit
fi
ifkeys=`sed -n -e 's/^ADDRESS_\([^=]*\)=.*/\1/p' "$CONFIG" | sort -u`
# Exit if DEVICE is set and is not any of the wireless interfaces
if [ -n "$DEVICE" ]; then
while :; do
for KEY in $ifkeys; do
ADDRESS=`eval 'echo "$ADDRESS_'"$KEY"\"`
INTERFACE=`addrtoif "$ADDRESS"`
case "$DEVICE" in
*,"$INTERFACE"|*,"$INTERFACE",*|"$INTERFACE",*|"$INTERFACE")
break 2;;
esac
done
exit
done
fi
wpa_supplicant=/sbin/wpa_supplicant
wpa_cli=/sbin/wpa_cli
ip=/bin/ip
# Used by the wpa_interface_* functions in the wireless.conf file
wpa_cli_set(){
case "$1" in
ssid|psk) arg="\"$2\"" ;;
*) arg="$2" ;;
esac
"$wpa_cli" -p "$CTRLDIR" -i "$INTERFACE" set_network "$NETWORK" \
"$1" "$arg" 2>&1 | sed -e '/^OK$/d'
}
if [ $VERBOSITY -gt 0 ]; then
WPAS_OPTIONS="-d $WPAS_OPTIONS"
fi
if [ -n "$PIDFILE" ]; then
WPAS_OPTIONS="-P$PIDFILE $WPAS_OPTIONS"
fi
do_start(){
mkdir -m u=rwx,go= -p "$CTRLDIR"
"$wpa_supplicant" -B -g "$CTRL" -p "$CTRLDIR" $WPAS_OPTIONS
for KEY in $ifkeys; do
ADDRESS=`eval 'echo "$ADDRESS_'"$KEY"\"`
INTERFACE=`addrtoif "$ADDRESS"`
DRIVER=`eval 'echo "$WPA_DRIVER_'"$KEY"\"`
IFDELAY=`eval 'echo "$DELAY_'"$KEY"\"`
"$wpa_cli" -g "$CTRL" interface_add "$INTERFACE" "" \
"${DRIVER:-wext}" "$CTRLDIR" > /dev/null \
| sed -e '/^OK$/d'
NETWORK=`"$wpa_cli" -p "$CTRLDIR" -i "$INTERFACE" add_network`
eval wpa_interface_"$KEY"
"$wpa_cli" -p "$CTRLDIR" -i "$INTERFACE" enable_network \
"$NETWORK" | sed -e '/^OK$/d'
sleep "${IFDELAY:-$DELAY}" &
sleep=$!
while :; do
kill -0 $sleep 2>/dev/null || break
STATE=`"$wpa_cli" -p "$CTRLDIR" -i "$INTERFACE" status \
| sed -n -e 's/^wpa_state=//p'`
if [ "$STATE" = COMPLETED ]; then
while :; do
kill -0 $sleep 2>/dev/null || break 2
UP=`cat /sys/class/net/"$INTERFACE"/operstate`
if [ "$UP" = up ]; then
kill $sleep 2>/dev/null
break 2
fi
sleep 1
done
fi
sleep 1
done &
wait $sleep || :
IPADDRS=`eval 'echo "$IPADDRS_'"$KEY"\"`
if [ -n "$IPADDRS" ]; then
if [ "$IPADDRS" = dhcp ]; then
ipconfig -c dhcp -d "$INTERFACE" || :
#dhclient "$INTERFACE"
else
for ipaddr in $IPADDRS; do
"$ip" addr add "$ipaddr" dev "$INTERFACE"
done
fi
fi
ROUTES=`eval 'echo "$ROUTES_'"$KEY"\"`
if [ -n "$ROUTES" ]; then
for route in $ROUTES; do
"$ip" route add "$route" dev "$INTERFACE"
done
fi
done
}
do_stop(){
"$wpa_cli" -g "$CTRL" terminate 2>&1 | sed -e '/^OK$/d'
for KEY in $ifkeys; do
ADDRESS=`eval 'echo "$ADDRESS_'"$KEY"\"`
INTERFACE=`addrtoif "$ADDRESS"`
"$ip" addr show scope global permanent dev "$INTERFACE" \
| while read type addr rest; do
case "$type" in
inet|inet6)
"$ip" addr del "$addr" dev "$INTERFACE"
;;
esac
done
"$ip" link set dev "$INTERFACE" down
done
}
case "${MODE:-$1}" in
start|stop)
do_"${MODE:-$1}"
;;
files)
echo "$wpa_supplicant"
echo "$wpa_cli"
echo "$ip"
;;
modules)
if [ "$IPADDRS" = dhcp ]; then
echo af_packet
fi
sed -n -e 's/#.*$//' -e 's/[ ]*$//' \
-e 's/^MODULE_[^=]\+=//p' "$CONFIG"
;;
esac
|