/mandos/trunk

To get this branch, use:
bzr branch /loggerhead/mandos/trunk
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
#!/bin/sh
#
# This is an example of a Mandos client network hook.  This hook
# brings up a wireless interface as specified in a separate
# configuration file.  To be used, this file and any needed
# configuration file(s) should be copied into the
# /etc/mandos/network-hooks.d directory.
# 
# Copyright © 2012-2018 Teddy Hogeborn
# Copyright © 2012-2018 Björn Påhlsson
# 
# Copying and distribution of this file, with or without modification,
# are permitted in any medium without royalty provided the copyright
# notice and this notice are preserved.  This file is offered as-is,
# without any warranty.

set -e

RUNDIR="/run"
CTRL="$RUNDIR/wpa_supplicant-global"
CTRLDIR="$RUNDIR/wpa_supplicant"
PIDFILE="$RUNDIR/wpa_supplicant-mandos.pid"

CONFIG="$MANDOSNETHOOKDIR/wireless.conf"

addrtoif(){
    grep -liFe "$1" /sys/class/net/*/address \
	| sed -e 's,.*/\([^/]*\)/[^/]*,\1,'
}

# Read config file
if [ -e "$CONFIG" ]; then
    . "$CONFIG"
else
    exit
fi

ifkeys=`sed -n -e 's/^ADDRESS_\([^=]*\)=.*/\1/p' "$CONFIG" | sort -u`

# Exit if DEVICE is set and is not any of the wireless interfaces
if [ -n "$DEVICE" ]; then
    while :; do
	for KEY in $ifkeys; do
	    ADDRESS=`eval 'echo "$ADDRESS_'"$KEY"\"`
	    INTERFACE=`addrtoif "$ADDRESS"`
	    
	    case "$DEVICE" in
		*,"$INTERFACE"|*,"$INTERFACE",*|"$INTERFACE",*|"$INTERFACE")
		    break 2;;
	    esac
	done
	exit
    done
fi

wpa_supplicant=/sbin/wpa_supplicant
wpa_cli=/sbin/wpa_cli
ip=/bin/ip

# Used by the wpa_interface_* functions in the wireless.conf file
wpa_cli_set(){
    case "$1" in
        ssid|psk) arg="\"$2\"" ;;
        *) arg="$2" ;;
    esac
    "$wpa_cli" -p "$CTRLDIR" -i "$INTERFACE" set_network "$NETWORK" \
	"$1" "$arg" 2>&1 | sed -e '/^OK$/d'
}

if [ $VERBOSITY -gt 0 ]; then
    WPAS_OPTIONS="-d $WPAS_OPTIONS"
fi
if [ -n "$PIDFILE" ]; then
    WPAS_OPTIONS="-P$PIDFILE $WPAS_OPTIONS"
fi

do_start(){
    mkdir -m u=rwx,go= -p "$CTRLDIR"
    "$wpa_supplicant" -B -g "$CTRL" -p "$CTRLDIR" $WPAS_OPTIONS
    for KEY in $ifkeys; do
	ADDRESS=`eval 'echo "$ADDRESS_'"$KEY"\"`
	INTERFACE=`addrtoif "$ADDRESS"`
	DRIVER=`eval 'echo "$WPA_DRIVER_'"$KEY"\"`
	IFDELAY=`eval 'echo "$DELAY_'"$KEY"\"`
	"$wpa_cli" -g "$CTRL" interface_add "$INTERFACE" "" \
	    "${DRIVER:-wext}" "$CTRLDIR" > /dev/null \
	    | sed -e '/^OK$/d'
        NETWORK=`"$wpa_cli" -p "$CTRLDIR" -i "$INTERFACE" add_network`
	eval wpa_interface_"$KEY"
	"$wpa_cli" -p "$CTRLDIR" -i "$INTERFACE" enable_network \
	    "$NETWORK" | sed -e '/^OK$/d'
	sleep "${IFDELAY:-$DELAY}" &
	sleep=$!
	while :; do
	    kill -0 $sleep 2>/dev/null || break
	    STATE=`"$wpa_cli" -p "$CTRLDIR" -i "$INTERFACE" status \
		| sed -n -e 's/^wpa_state=//p'`
	    if [ "$STATE" = COMPLETED ]; then
		while :; do
		    kill -0 $sleep 2>/dev/null || break 2
		    UP=`cat /sys/class/net/"$INTERFACE"/operstate`
		    if [ "$UP" = up ]; then
			kill $sleep 2>/dev/null
			break 2
		    fi
		    sleep 1
		done
	    fi
	    sleep 1
	done &
	wait $sleep || :
	IPADDRS=`eval 'echo "$IPADDRS_'"$KEY"\"`
	if [ -n "$IPADDRS" ]; then
	    if [ "$IPADDRS" = dhcp ]; then
		ipconfig -c dhcp -d "$INTERFACE" || :
		#dhclient "$INTERFACE"
	    else
		for ipaddr in $IPADDRS; do
		    "$ip" addr add "$ipaddr" dev "$INTERFACE"
		done
	    fi
	fi
	ROUTES=`eval 'echo "$ROUTES_'"$KEY"\"`
	if [ -n "$ROUTES" ]; then
	    for route in $ROUTES; do
		"$ip" route add "$route" dev "$INTERFACE"
	    done
	fi
    done
}

do_stop(){
    "$wpa_cli" -g "$CTRL" terminate 2>&1 | sed -e '/^OK$/d'
    for KEY in $ifkeys; do
	ADDRESS=`eval 'echo "$ADDRESS_'"$KEY"\"`
	INTERFACE=`addrtoif "$ADDRESS"`
	"$ip" addr show scope global permanent dev "$INTERFACE" \
	    | while read type addr rest; do
		case "$type" in
		    inet|inet6)
			"$ip" addr del "$addr" dev "$INTERFACE"
			;;
		esac
	    done
	"$ip" link set dev "$INTERFACE" down
    done
}

case "${MODE:-$1}" in
    start|stop)
	do_"${MODE:-$1}"
	;;
    files)
	echo "$wpa_supplicant"
	echo "$wpa_cli"
	echo "$ip"
	;;
    modules)
	if [ "$IPADDRS" = dhcp ]; then
	    echo af_packet
	fi
	sed -n -e 's/#.*$//' -e 's/[ 	]*$//' \
	    -e 's/^MODULE_[^=]\+=//p' "$CONFIG"
	;;
esac