bzr branch
http://bzr.recompile.se/loggerhead/mandos/trunk
|
535.1.1
by teddy at recompile
Add wireless network hook |
1 |
#!/bin/sh
|
2 |
#
|
|
3 |
# This is an example of a Mandos client network hook. This hook
|
|
4 |
# brings up a wireless interface as specified in a separate
|
|
5 |
# configuration file. To be used, this file and any needed
|
|
6 |
# configuration file(s) should be copied into the
|
|
7 |
# /etc/mandos/network-hooks.d directory.
|
|
8 |
#
|
|
|
923
by Teddy Hogeborn
Update copyright year to 2018 |
9 |
# Copyright © 2012-2018 Teddy Hogeborn
|
10 |
# Copyright © 2012-2018 Björn Påhlsson
|
|
|
549
by teddy at recompile
* Makefile (install-server): Add intro(8mandos) man page. |
11 |
#
|
|
535.1.1
by teddy at recompile
Add wireless network hook |
12 |
# Copying and distribution of this file, with or without modification,
|
13 |
# are permitted in any medium without royalty provided the copyright
|
|
14 |
# notice and this notice are preserved. This file is offered as-is,
|
|
15 |
# without any warranty.
|
|
16 |
||
17 |
set -e |
|
18 |
||
19 |
RUNDIR="/run" |
|
20 |
CTRL="$RUNDIR/wpa_supplicant-global" |
|
21 |
CTRLDIR="$RUNDIR/wpa_supplicant" |
|
22 |
PIDFILE="$RUNDIR/wpa_supplicant-mandos.pid" |
|
23 |
||
24 |
CONFIG="$MANDOSNETHOOKDIR/wireless.conf" |
|
25 |
||
|
535.1.8
by teddy at recompile
* network-hooks.s/bridge: Don't use interface names directly; search |
26 |
addrtoif(){
|
|
535.1.9
by teddy at recompile
* network-hooks.s/bridge: Don't use interface names directly; search |
27 |
grep -liFe "$1" /sys/class/net/*/address \ |
28 |
| sed -e 's,.*/\([^/]*\)/[^/]*,\1,' |
|
|
535.1.8
by teddy at recompile
* network-hooks.s/bridge: Don't use interface names directly; search |
29 |
}
|
30 |
||
|
535.1.1
by teddy at recompile
Add wireless network hook |
31 |
# Read config file
|
32 |
if [ -e "$CONFIG" ]; then |
|
33 |
. "$CONFIG" |
|
34 |
else
|
|
35 |
exit |
|
36 |
fi
|
|
37 |
||
|
589
by Teddy Hogeborn
* network-hooks.d/wireless: Read from config file, so don't run "env". |
38 |
ifkeys=`sed -n -e 's/^ADDRESS_\([^=]*\)=.*/\1/p' "$CONFIG" | sort -u` |
|
535.1.1
by teddy at recompile
Add wireless network hook |
39 |
|
40 |
# Exit if DEVICE is set and is not any of the wireless interfaces
|
|
41 |
if [ -n "$DEVICE" ]; then |
|
42 |
while :; do |
|
|
535.1.8
by teddy at recompile
* network-hooks.s/bridge: Don't use interface names directly; search |
43 |
for KEY in $ifkeys; do |
44 |
ADDRESS=`eval 'echo "$ADDRESS_'"$KEY"\"` |
|
45 |
INTERFACE=`addrtoif "$ADDRESS"` |
|
|
594.1.4
by Teddy Hogeborn
* plugins.d/mandos-client.c (get_flags): Don't clobber errno. |
46 |
|
47 |
case "$DEVICE" in |
|
48 |
*,"$INTERFACE"|*,"$INTERFACE",*|"$INTERFACE",*|"$INTERFACE") |
|
49 |
break 2;; |
|
50 |
esac |
|
|
535.1.1
by teddy at recompile
Add wireless network hook |
51 |
done |
52 |
exit |
|
53 |
done |
|
54 |
fi
|
|
55 |
||
56 |
wpa_supplicant=/sbin/wpa_supplicant |
|
57 |
wpa_cli=/sbin/wpa_cli |
|
58 |
ip=/bin/ip |
|
59 |
||
60 |
# Used by the wpa_interface_* functions in the wireless.conf file
|
|
61 |
wpa_cli_set(){
|
|
62 |
case "$1" in |
|
63 |
ssid|psk) arg="\"$2\"" ;; |
|
64 |
*) arg="$2" ;; |
|
65 |
esac |
|
66 |
"$wpa_cli" -p "$CTRLDIR" -i "$INTERFACE" set_network "$NETWORK" \ |
|
67 |
"$1" "$arg" 2>&1 | sed -e '/^OK$/d' |
|
68 |
}
|
|
69 |
||
70 |
if [ $VERBOSITY -gt 0 ]; then |
|
71 |
WPAS_OPTIONS="-d $WPAS_OPTIONS" |
|
72 |
fi
|
|
73 |
if [ -n "$PIDFILE" ]; then |
|
74 |
WPAS_OPTIONS="-P$PIDFILE $WPAS_OPTIONS" |
|
75 |
fi
|
|
76 |
||
|
563
by Teddy Hogeborn
* network-hooks.d/bridge: Move "start" and "stop" commands to separate |
77 |
do_start(){
|
78 |
mkdir -m u=rwx,go= -p "$CTRLDIR" |
|
79 |
"$wpa_supplicant" -B -g "$CTRL" -p "$CTRLDIR" $WPAS_OPTIONS |
|
80 |
for KEY in $ifkeys; do |
|
81 |
ADDRESS=`eval 'echo "$ADDRESS_'"$KEY"\"` |
|
82 |
INTERFACE=`addrtoif "$ADDRESS"` |
|
83 |
DRIVER=`eval 'echo "$WPA_DRIVER_'"$KEY"\"` |
|
84 |
IFDELAY=`eval 'echo "$DELAY_'"$KEY"\"` |
|
85 |
"$wpa_cli" -g "$CTRL" interface_add "$INTERFACE" "" \ |
|
86 |
"${DRIVER:-wext}" "$CTRLDIR" > /dev/null \ |
|
87 |
| sed -e '/^OK$/d' |
|
88 |
NETWORK=`"$wpa_cli" -p "$CTRLDIR" -i "$INTERFACE" add_network` |
|
89 |
eval wpa_interface_"$KEY" |
|
90 |
"$wpa_cli" -p "$CTRLDIR" -i "$INTERFACE" enable_network \ |
|
91 |
"$NETWORK" | sed -e '/^OK$/d' |
|
92 |
sleep "${IFDELAY:-$DELAY}" & |
|
93 |
sleep=$! |
|
94 |
while :; do |
|
95 |
kill -0 $sleep 2>/dev/null || break |
|
96 |
STATE=`"$wpa_cli" -p "$CTRLDIR" -i "$INTERFACE" status \ |
|
97 |
| sed -n -e 's/^wpa_state=//p'` |
|
98 |
if [ "$STATE" = COMPLETED ]; then |
|
99 |
while :; do |
|
100 |
kill -0 $sleep 2>/dev/null || break 2 |
|
101 |
UP=`cat /sys/class/net/"$INTERFACE"/operstate` |
|
102 |
if [ "$UP" = up ]; then |
|
103 |
kill $sleep 2>/dev/null |
|
104 |
break 2 |
|
105 |
fi |
|
106 |
sleep 1 |
|
107 |
done |
|
108 |
fi |
|
109 |
sleep 1 |
|
110 |
done & |
|
111 |
wait $sleep || : |
|
112 |
IPADDRS=`eval 'echo "$IPADDRS_'"$KEY"\"` |
|
113 |
if [ -n "$IPADDRS" ]; then |
|
114 |
if [ "$IPADDRS" = dhcp ]; then |
|
115 |
ipconfig -c dhcp -d "$INTERFACE" || : |
|
116 |
#dhclient "$INTERFACE" |
|
117 |
else |
|
118 |
for ipaddr in $IPADDRS; do |
|
119 |
"$ip" addr add "$ipaddr" dev "$INTERFACE" |
|
120 |
done |
|
121 |
fi |
|
122 |
fi |
|
123 |
ROUTES=`eval 'echo "$ROUTES_'"$KEY"\"` |
|
124 |
if [ -n "$ROUTES" ]; then |
|
125 |
for route in $ROUTES; do |
|
|
594.1.4
by Teddy Hogeborn
* plugins.d/mandos-client.c (get_flags): Don't clobber errno. |
126 |
"$ip" route add "$route" dev "$INTERFACE" |
|
563
by Teddy Hogeborn
* network-hooks.d/bridge: Move "start" and "stop" commands to separate |
127 |
done |
128 |
fi |
|
129 |
done |
|
130 |
}
|
|
131 |
||
132 |
do_stop(){
|
|
133 |
"$wpa_cli" -g "$CTRL" terminate 2>&1 | sed -e '/^OK$/d' |
|
134 |
for KEY in $ifkeys; do |
|
135 |
ADDRESS=`eval 'echo "$ADDRESS_'"$KEY"\"` |
|
136 |
INTERFACE=`addrtoif "$ADDRESS"` |
|
137 |
"$ip" addr show scope global permanent dev "$INTERFACE" \ |
|
138 |
| while read type addr rest; do |
|
|
535.1.1
by teddy at recompile
Add wireless network hook |
139 |
case "$type" in |
140 |
inet|inet6) |
|
141 |
"$ip" addr del "$addr" dev "$INTERFACE" |
|
142 |
;; |
|
143 |
esac |
|
144 |
done |
|
|
563
by Teddy Hogeborn
* network-hooks.d/bridge: Move "start" and "stop" commands to separate |
145 |
"$ip" link set dev "$INTERFACE" down |
146 |
done |
|
147 |
}
|
|
148 |
||
149 |
case "${MODE:-$1}" in |
|
150 |
start|stop) |
|
151 |
do_"${MODE:-$1}" |
|
|
535.1.1
by teddy at recompile
Add wireless network hook |
152 |
;; |
153 |
files) |
|
154 |
echo "$wpa_supplicant" |
|
155 |
echo "$wpa_cli" |
|
156 |
echo "$ip" |
|
157 |
;; |
|
158 |
modules) |
|
159 |
if [ "$IPADDRS" = dhcp ]; then |
|
160 |
echo af_packet |
|
161 |
fi |
|
|
535.1.3
by Teddy Hogeborn
* network-hooks.d/wireless (start): Bug fixes: Don't shadow "$DELAY". |
162 |
sed -n -e 's/#.*$//' -e 's/[ ]*$//' \ |
163 |
-e 's/^MODULE_[^=]\+=//p' "$CONFIG" |
|
|
535.1.1
by teddy at recompile
Add wireless network hook |
164 |
;; |
165 |
esac
|