3 #####################################################################
5 # This file contains common shell functions used by scripts of the
6 # wpasupplicant package to allow ifupdown to manage wpa_supplicant.
7 # It also contains some functions used by wpa_action(8) that allow
8 # ifupdown to be managed by wpa_cli(8) action events.
10 # This file is provided by the wpasupplicant package.
12 #####################################################################
13 # Copyright (C) 2006 - 2008 Debian/Ubuntu wpasupplicant Maintainers
14 # <pkg-wpa-devel@lists.alioth.debian.org>
16 # This program is free software; you can redistribute it and/or
17 # modify it under the terms of the GNU General Public License
18 # as published by the Free Software Foundation; either version 2
19 # of the License, or (at your option) any later version.
21 # This program is distributed in the hope that it will be useful,
22 # but WITHOUT ANY WARRANTY; without even the implied warranty of
23 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
24 # GNU General Public License for more details.
26 # On Debian GNU/Linux systems, the text of the GPL license can be
27 # found in /usr/share/common-licenses/GPL.
29 #####################################################################
31 # wpa_supplicant variables
32 WPA_SUP_BIN="/sbin/wpa_supplicant"
33 WPA_SUP_PNAME="wpa_supplicant"
34 WPA_SUP_PIDFILE="/var/run/wpa_supplicant.${WPA_IFACE}.pid"
35 WPA_SUP_LOGFILE="/var/log/wpa_supplicant.${WPA_IFACE}.log"
38 WPA_CLI_BIN="/sbin/wpa_cli"
39 WPA_CLI_PNAME="wpa_cli"
40 WPA_CLI_PIDFILE="/var/run/wpa_action.${WPA_IFACE}.pid"
41 WPA_CLI_LOGFILE="/var/log/wpa_action.${WPA_IFACE}.log"
42 WPA_CLI_TIMESTAMP="/var/run/wpa_action.${WPA_IFACE}.timestamp"
43 WPA_CLI_IFUPDOWN="/var/run/wpa_action.${WPA_IFACE}.ifupdown"
45 # sendsigs omission interface, present in initscripts (>= 2.86.ds1-48)
46 if [ -d /lib/init/rw/sendsigs.omit.d/ ]; then
48 WPA_SUP_OMIT_PIDFILE="/lib/init/rw/sendsigs.omit.d/wpasupplicant.wpa_supplicant.${WPA_IFACE}.pid"
49 WPA_CLI_OMIT_PIDFILE="/lib/init/rw/sendsigs.omit.d/wpasupplicant.wpa_action.${WPA_IFACE}.pid"
50 elif [ -d /var/run/sendsigs.omit.d/ ]; then
51 # Ubuntu, see https://launchpad.net/bugs/181541 for status
52 WPA_SUP_OMIT_PIDFILE="/var/run/sendsigs.omit.d/wpasupplicant.wpa_supplicant.${WPA_IFACE}.pid"
53 WPA_CLI_OMIT_PIDFILE="/var/run/sendsigs.omit.d/wpasupplicant.wpa_action.${WPA_IFACE}.pid"
59 # default ctrl_interface socket directory
60 if [ -z "$WPA_CTRL_DIR" ]; then
61 WPA_CTRL_DIR="/var/run/wpa_supplicant"
65 if [ -n "$IF_WPA_VERBOSITY" ] || [ "$VERBOSITY" = "1" ]; then
67 DAEMON_VERBOSITY="--verbose"
70 DAEMON_VERBOSITY="--quiet"
73 #####################################################################
75 # Path to common ctrl_interface socket and iface supplied.
76 # NB: WPA_CTRL_DIR cannot be used for interactive commands, it is
77 # set only in the environment that wpa_cli provides when processing
81 "$WPA_CLI_BIN" -p "$WPA_CTRL_DIR" -i "$WPA_IFACE" "$@"
86 #####################################################################
87 ## verbose and stderr message wrapper
88 # Ensures a standard and easily identifiable message is printed by
89 # scripts using this function library.
91 # verbose To stdout when IF_WPA_VERBOSITY or VERBOSITY is true
93 # action Same as verbose but without newline
94 # Useful for allowing wpa_cli commands to echo result
95 # value of 'OK' or 'FAILED'
97 # stderr Echo warning or error messages to stderr
99 # NB: when called by wpa_action, there is no redirection (verbose)
102 if [ -n "$WPA_ACTION" ]; then
104 echo "wpa_action: $@"
111 echo "$WPA_SUP_PNAME: $@" >$TO_NULL
115 echo -n "$WPA_SUP_PNAME: $@ -- " >$TO_NULL
119 echo "$WPA_SUP_PNAME: $@" >/dev/stderr
126 #####################################################################
127 ## validate daemon pid files
128 # Test daemon process ID files via start-stop-daemon with a signal 0
129 # given the exec binary and pidfile location.
134 # Returns true when pidfile exists, the process ID exists _and_ was
135 # created by the exec binary.
137 # If the test fails, but the pidfile exists, it is stale
139 test_daemon_pidfile () {
151 if [ -n "$DAEMON" ] && [ -f "$PIDFILE" ]; then
152 if start-stop-daemon --stop --quiet --signal 0 \
153 --exec "$DAEMON" --pidfile "$PIDFILE"; then
164 # validate wpa_supplicant pidfile
165 test_wpa_supplicant () {
166 test_daemon_pidfile "$WPA_SUP_BIN" "$WPA_SUP_PIDFILE"
169 # validate wpa_cli pidfile
171 test_daemon_pidfile "$WPA_CLI_BIN" "$WPA_CLI_PIDFILE"
174 #####################################################################
175 ## daemonize wpa_supplicant
176 # Start wpa_supplicant via start-stop-dameon with all required
177 # options. Will start if environment variable WPA_SUP_CONF is present
180 # -B dameonize/background process
181 # -D driver backend ('wext' if none given)
183 # -C path to ctrl_interface socket directory
186 # -c configuration file
187 # -W wait for wpa_cli to attach to ctrl_interface socket
188 # -b bridge interface name
189 # -f path to log file
191 init_wpa_supplicant () {
192 [ -n "$WPA_SUP_CONF" ] || return 0
194 local WPA_SUP_OPTIONS
196 if [ -n "$WPA_ACTION_SCRIPT" ]; then
197 if [ -x "$WPA_ACTION_SCRIPT" ]; then
198 WPA_SUP_OPTIONS="-W -B -P $WPA_SUP_PIDFILE -i $WPA_IFACE"
199 wpa_msg verbose "wait for wpa_cli to attach"
201 wpa_msg stderr "action script \"$WPA_ACTION_SCRIPT\" not executable"
205 WPA_SUP_OPTIONS="-B -P $WPA_SUP_PIDFILE -i $WPA_IFACE"
208 if [ -n "$IF_WPA_BRIDGE" ]; then
209 WPA_SUP_OPTIONS="$WPA_SUP_OPTIONS -b $IF_WPA_BRIDGE"
210 wpa_msg verbose "wpa-bridge $IF_WPA_BRIDGE"
213 if [ -n "$IF_WPA_DRIVER" ]; then
214 wpa_msg verbose "wpa-driver $IF_WPA_DRIVER"
215 case "$IF_WPA_DRIVER" in
216 hostap|ipw|madwifi|ndiswrapper)
217 WPA_SUP_OPTIONS="$WPA_SUP_OPTIONS -D wext"
218 wpa_msg stderr "\"$IF_WPA_DRIVER\" wpa-driver is unsupported"
219 wpa_msg stderr "using \"wext\" wpa-driver instead ..."
222 WPA_SUP_OPTIONS="$WPA_SUP_OPTIONS -D $IF_WPA_DRIVER"
226 WPA_SUP_OPTIONS="$WPA_SUP_OPTIONS -D wext"
227 wpa_msg verbose "using default driver type: wpa-driver wext"
230 if [ -n "$IF_WPA_DEBUG_LEVEL" ]; then
231 case "$IF_WPA_DEBUG_LEVEL" in
233 WPA_SUP_OPTIONS="$WPA_SUP_OPTIONS -t -ddd"
236 WPA_SUP_OPTIONS="$WPA_SUP_OPTIONS -t -dd"
239 WPA_SUP_OPTIONS="$WPA_SUP_OPTIONS -t -d"
242 # wpa_supplicant default verbosity
245 WPA_SUP_OPTIONS="$WPA_SUP_OPTIONS -q"
248 WPA_SUP_OPTIONS="$WPA_SUP_OPTIONS -qq"
251 wpa_msg verbose "using debug level: $IF_WPA_DEBUG_LEVEL"
253 # log warnings only by default
254 WPA_SUP_OPTIONS="$WPA_SUP_OPTIONS -q"
257 if [ -n "$IF_WPA_LOGFILE" ]; then
259 WPA_SUP_LOGFILE="$IF_WPA_LOGFILE"
260 wpa_msg verbose "logging to $IF_WPA_LOGFILE"
263 if [ -d "${WPA_SUP_LOGFILE%/*}" ]; then
264 WPA_SUP_OPTIONS="$WPA_SUP_OPTIONS -f $WPA_SUP_LOGFILE"
266 wpa_msg stderr "unable to log output to $WPA_SUP_LOGFILE"
269 wpa_msg verbose "$WPA_SUP_BIN $WPA_SUP_OPTIONS $WPA_SUP_CONF"
271 start-stop-daemon --start --oknodo $DAEMON_VERBOSITY \
272 --name $WPA_SUP_PNAME --startas $WPA_SUP_BIN --pidfile $WPA_SUP_PIDFILE \
273 -- $WPA_SUP_OPTIONS $WPA_SUP_CONF
275 if [ "$?" -ne 0 ]; then
276 wpa_msg stderr "$WPA_SUP_BIN daemon failed to start"
280 if [ -n "$WPA_SUP_OMIT_PIDFILE" ]; then
281 local WPA_PIDFILE_WAIT
282 local MAX_WPA_PIDFILE_WAIT
284 MAX_WPA_PIDFILE_WAIT="5"
285 until [ -s "$WPA_SUP_PIDFILE" ]; do
286 if [ "$WPA_PIDFILE_WAIT" -ge "$MAX_WPA_PIDFILE_WAIT" ]; then
287 wpa_msg stderr "timed out waiting for creation of $WPA_SUP_PIDFILE"
290 wpa_msg verbose "waiting for \"$WPA_SUP_PIDFILE\": " \
291 "$WPA_PIDFILE_WAIT (max. $MAX_WPA_PIDFILE_WAIT)"
294 WPA_PIDFILE_WAIT=$(($WPA_PIDFILE_WAIT + 1))
297 wpa_msg verbose "creating sendsigs omission pidfile: $WPA_SUP_OMIT_PIDFILE"
298 cat "$WPA_SUP_PIDFILE" > "$WPA_SUP_OMIT_PIDFILE"
300 wpa_msg verbose "sendsigs omission pidfile not created"
303 local WPA_SOCKET_WAIT
304 local MAX_WPA_SOCKET_WAIT
306 MAX_WPA_SOCKET_WAIT="5"
307 until [ -S "$WPA_CTRL_DIR/$WPA_IFACE" ]; do
308 if [ "$WPA_SOCKET_WAIT" -ge "$MAX_WPA_SOCKET_WAIT" ]; then
309 wpa_msg stderr "ctrl_interface socket not found at $WPA_CTRL_DIR/$WPA_IFACE"
312 wpa_msg verbose "waiting for \"$WPA_CTRL_DIR/$WPA_IFACE\": " \
313 "$WPA_SOCKET_WAIT (max. $MAX_WPA_SOCKET_WAIT)"
316 WPA_SOCKET_WAIT=$(($WPA_SOCKET_WAIT + 1))
320 wpa_msg verbose "ctrl_interface socket located at $WPA_CTRL_DIR/$WPA_IFACE"
323 #####################################################################
324 ## stop wpa_supplicant process
325 # Kill wpa_supplicant via start-stop-daemon, given the location of
326 # the pidfile or ctrl_interface socket path and interface name
328 kill_wpa_supplicant () {
329 test_wpa_supplicant || return 0
331 wpa_msg verbose "terminating $WPA_SUP_PNAME daemon via pidfile $WPA_SUP_PIDFILE"
333 start-stop-daemon --stop --oknodo $DAEMON_VERBOSITY \
334 --exec $WPA_SUP_BIN --pidfile $WPA_SUP_PIDFILE
336 if [ -f "$WPA_SUP_PIDFILE" ]; then
337 rm -f "$WPA_SUP_PIDFILE"
340 if [ -f "$WPA_SUP_OMIT_PIDFILE" ]; then
341 wpa_msg verbose "removing $WPA_SUP_OMIT_PIDFILE"
342 rm -f "$WPA_SUP_OMIT_PIDFILE"
346 #####################################################################
347 ## reload wpa_supplicant process
348 # Sending a HUP signal causes wpa_supplicant to reparse its
351 reload_wpa_supplicant () {
352 if test_wpa_supplicant; then
353 wpa_msg verbose "reloading wpa_supplicant configuration file via HUP signal"
354 start-stop-daemon --stop --signal HUP \
355 --name "$WPA_SUP_PNAME" --pidfile "$WPA_SUP_PIDFILE"
357 wpa_msg verbose "cannot $WPA_ACTION, $WPA_SUP_PIDFILE does not exist"
361 #####################################################################
362 ## daemonize wpa_cli and action script
363 # If environment variable WPA_ACTION_SCRIPT is present, wpa_cli will
364 # be spawned via start-stop-daemon
367 # -a action script => wpa_action
369 # -B background process
372 [ -n "$WPA_ACTION_SCRIPT" ] || return 0
374 local WPA_CLI_OPTIONS
375 WPA_CLI_OPTIONS="-B -P $WPA_CLI_PIDFILE -i $WPA_IFACE"
377 wpa_msg verbose "$WPA_CLI_BIN $WPA_CLI_OPTIONS -p $WPA_CTRL_DIR -a $WPA_ACTION_SCRIPT"
379 start-stop-daemon --start --oknodo $DAEMON_VERBOSITY \
380 --name $WPA_CLI_PNAME --startas $WPA_CLI_BIN --pidfile $WPA_CLI_PIDFILE \
381 -- $WPA_CLI_OPTIONS -p $WPA_CTRL_DIR -a $WPA_ACTION_SCRIPT
383 if [ "$?" -ne 0 ]; then
384 wpa_msg stderr "$WPA_CLI_BIN daemon failed to start"
388 if [ -n "$WPA_CLI_OMIT_PIDFILE" ]; then
389 local WPA_PIDFILE_WAIT
390 local MAX_WPA_PIDFILE_WAIT
392 MAX_WPA_PIDFILE_WAIT="5"
393 until [ -s "$WPA_CLI_PIDFILE" ]; do
394 if [ "$WPA_PIDFILE_WAIT" -ge "$MAX_WPA_PIDFILE_WAIT" ]; then
395 wpa_msg stderr "timed out waiting for creation of $WPA_CLI_PIDFILE"
398 wpa_msg verbose "waiting for \"$WPA_CLI_PIDFILE\": " \
399 "$WPA_PIDFILE_WAIT (max. $MAX_WPA_PIDFILE_WAIT)"
402 WPA_PIDFILE_WAIT=$(($WPA_PIDFILE_WAIT + 1))
405 wpa_msg verbose "creating sendsigs omission pidfile: $WPA_CLI_OMIT_PIDFILE"
406 cat "$WPA_CLI_PIDFILE" > "$WPA_CLI_OMIT_PIDFILE"
408 wpa_msg verbose "sendsigs omission pidfile not created"
412 #####################################################################
413 ## stop wpa_cli process
414 # Kill wpa_cli via start-stop-daemon, given the location of the
418 test_wpa_cli || return 0
420 wpa_msg verbose "terminating $WPA_CLI_PNAME daemon via pidfile $WPA_CLI_PIDFILE"
422 start-stop-daemon --stop --oknodo $DAEMON_VERBOSITY \
423 --exec $WPA_CLI_BIN --pidfile $WPA_CLI_PIDFILE
425 if [ -f "$WPA_CLI_PIDFILE" ]; then
426 rm -f "$WPA_CLI_PIDFILE"
429 if [ -f "$WPA_CLI_OMIT_PIDFILE" ]; then
430 rm -f "$WPA_CLI_OMIT_PIDFILE"
433 if [ -f "$WPA_CLI_TIMESTAMP" ]; then
434 rm -f "$WPA_CLI_TIMESTAMP"
437 if [ -L "$WPA_CLI_IFUPDOWN" ]; then
438 rm -f "$WPA_CLI_IFUPDOWN"
442 #####################################################################
443 ## higher level wpa_cli wrapper for variable and set_network commands
444 # wpa_cli_do <value> <type> <variable> [set_network variable] <desc>
446 # $1 envorinment variable
447 # $2 data type of variable {raw|ascii}
448 # $3 wpa_cli variable, if $3 is set_network, shift and take
449 # set_network subvariable
450 # $4 wpa-* string as it would appear in interfaces file, enhances
458 local WPACLISET_VALUE
459 local WPACLISET_VARIABLE
465 WPACLISET_VALUE="\"$1\""
475 if [ -z "$WPA_ID" ]; then
479 WPACLISET_VARIABLE="set_network $WPA_ID $3"
482 WPACLISET_VARIABLE="$3"
487 *-psk|*-passphrase|*-passwd*|*-wep-key*)
488 WPACLISET_DESC="$4 *****"
491 WPACLISET_DESC="$4 $WPACLISET_VALUE"
495 wpa_msg action "$WPACLISET_DESC"
497 wpa_cli $WPACLISET_VARIABLE "$WPACLISET_VALUE" >$TO_NULL
499 if [ "$?" -ne 0 ]; then
500 wpa_msg stderr "$WPACLISET_DESC failed!"
504 #####################################################################
505 ## check value data type in plaintext or hex
506 # returns 0 if input consists of hexadecimal digits only, 1 otherwise
525 #####################################################################
526 ## sanity check and set psk|passphrase
527 # Warn about strange psk|passphrase values
529 # $1 psk or passphrase value
531 # If psk is surrounded by quotes strip them.
533 # If psk contains all hexadecimal characters and string length is 64:
534 # is 256bit hexadecimal
538 # plaintext passphrases must be 8 - 63 characters in length
539 # 256-bit hexadecimal key must be 64 characters in length
541 wpa_key_check_and_set () {
542 if [ "$#" -ne 3 ]; then
553 # Strip surrounding quotation marks
554 KEY=$(echo -n "$1" | sed 's/^"//;s/"$//')
575 if [ "$ENC_TYPE" = "WEP" ]; then
576 if ishex "$KEY"; then
579 # 64/128/152/256-bit WEP
590 if [ "$KEY_TYPE" = "ascii" ]; then
591 if [ "$KEY_LEN" -lt "5" ]; then
592 wpa_msg stderr "WARNING: plaintext or ascii WEP key has $KEY_LEN characters,"
593 wpa_msg stderr "it must have at least 5 to be valid."
596 elif [ "$ENC_TYPE" = "WPA" ]; then
597 if ishex "$KEY"; then
611 if [ "$KEY_TYPE" = "ascii" ]; then
612 if [ "$KEY_LEN" -lt "8" ] || [ "$KEY_LEN" -gt "63" ]; then
613 wpa_msg stderr "WARNING: plaintext or ascii WPA key has $KEY_LEN characters,"
614 wpa_msg stderr "it must have between 8 and 63 to be valid."
615 wpa_msg stderr "If the WPA key is a 256-bit hexadecimal key, it must have"
616 wpa_msg stderr "exactly 64 characters."
621 wpa_cli_do "$KEY" "$KEY_TYPE" set_network "$2" "$3"
624 #####################################################################
625 ## formulate a usable configuration from interfaces(5) wpa- lines
626 # A series of wpa_cli commands corresponding to environment variables
627 # created as a result of wpa- lines in an interfaces stanza.
629 # NB: no-act when roaming daemon is used (to avoid prematurely
630 # attaching to ctrl_interface socket)
632 conf_wpa_supplicant () {
633 if [ -n "$WPA_ACTION_SCRIPT" ]; then
637 if [ "$IF_WPA_DRIVER" = "wired" ]; then
639 wpa_msg verbose "forcing ap_scan=0 (required for wired IEEE8021X auth)"
642 if [ -n "$IF_WPA_ESSID" ]; then
643 # #403316, be similar to wireless tools
644 IF_WPA_SSID="$IF_WPA_ESSID"
647 wpa_cli_do "$IF_WPA_AP_SCAN" raw \
650 wpa_cli_do "$IF_WPA_PREAUTHENTICATE" raw \
651 preauthenticate wpa-preauthenticate
653 if [ -n "$IF_WPA_SSID" ] || [ "$IF_WPA_DRIVER" = "wired" ] || \
654 [ -n "$IF_WPA_KEY_MGMT" ]; then
656 case "$IF_WPA_SSID" in
658 IF_WPA_SSID=$(echo -n "$IF_WPA_SSID" | sed 's/^"//;s/"$//')
664 WPA_ID=$(wpa_cli add_network)
666 wpa_msg verbose "configuring network block -- $WPA_ID"
668 wpa_cli_do "$IF_WPA_SSID" ascii \
669 set_network ssid wpa-ssid
671 wpa_cli_do "$IF_WPA_PRIORITY" raw \
672 set_network priority wpa-priority
674 wpa_cli_do "$IF_WPA_BSSID" raw \
675 set_network bssid wpa-bssid
677 if [ -s "$IF_WPA_PSK_FILE" ]; then
678 IF_WPA_PSK=$(cat "$IF_WPA_PSK_FILE")
681 # remain compat with wpa-passphrase-file
682 if [ -s "$IF_WPA_PASSPHRASE_FILE" ]; then
683 IF_WPA_PSK=$(cat "$IF_WPA_PASSPHRASE_FILE")
686 # remain compat with wpa-passphrase
687 if [ -n "$IF_WPA_PASSPHRASE" ]; then
688 IF_WPA_PSK="$IF_WPA_PASSPHRASE"
691 if [ -n "$IF_WPA_PSK" ]; then
692 wpa_key_check_and_set "$IF_WPA_PSK" \
696 wpa_cli_do "$IF_WPA_PAIRWISE" raw \
697 set_network pairwise wpa-pairwise
699 wpa_cli_do "$IF_WPA_GROUP" raw \
700 set_network group wpa-group
702 wpa_cli_do "$IF_WPA_MODE" raw \
703 set_network mode wpa-mode
705 wpa_cli_do "$IF_WPA_FREQUENCY" raw \
706 set_network frequency wpa-frequency
708 wpa_cli_do "$IF_WPA_KEY_MGMT" raw \
709 set_network key_mgmt wpa-key-mgmt
711 wpa_cli_do "$IF_WPA_PROTO" raw \
712 set_network proto wpa-proto
714 wpa_cli_do "$IF_WPA_AUTH_ALG" raw \
715 set_network auth_alg wpa-auth-alg
717 wpa_cli_do "$IF_WPA_SCAN_SSID" raw \
718 set_network scan_ssid wpa-scan-ssid
720 wpa_cli_do "$IF_WPA_IDENTITY" ascii \
721 set_network identity wpa-identity
723 wpa_cli_do "$IF_WPA_ANONYMOUS_IDENTITY" ascii \
724 set_network anonymous_identity wpa-anonymous-identity
726 wpa_cli_do "$IF_WPA_EAP" raw \
727 set_network eap wpa-eap
729 wpa_cli_do "$IF_WPA_EAPPSK" raw \
730 set_network eappsk wpa-eappsk
732 wpa_cli_do "$IF_WPA_NAI" ascii \
733 set_network nai wpa-nai
735 wpa_cli_do "$IF_WPA_PASSWORD" ascii \
736 set_network password wpa-password
738 wpa_cli_do "$IF_WPA_CA_CERT" ascii \
739 set_network ca_cert wpa-ca-cert
741 wpa_cli_do "$IF_WPA_CA_PATH" ascii \
742 set_network ca_path wpa-ca-path
744 wpa_cli_do "$IF_WPA_CLIENT_CERT" ascii \
745 set_network client_cert wpa-client-cert
747 wpa_cli_do "$IF_WPA_PRIVATE_KEY" ascii \
748 set_network private_key wpa-private-key
750 wpa_cli_do "$IF_WPA_PRIVATE_KEY_PASSWD" ascii \
751 set_network private_key_passwd wpa-private-key-passwd
753 wpa_cli_do "$IF_WPA_DH_FILE" ascii \
754 set_network dh_file wpa-dh-file
756 wpa_cli_do "$IF_WPA_SUBJECT_MATCH" ascii \
757 set_network subject_match wpa-subject-match
759 wpa_cli_do "$IF_WPA_ALTSUBJECT_MATCH" ascii \
760 set_network altsubject_match wpa-altsubject-match
762 wpa_cli_do "$IF_WPA_CA_CERT2" ascii \
763 set_network ca_cert2 wpa-ca-cert2
765 wpa_cli_do "$IF_WPA_CA_PATH2" ascii \
766 set_network ca_path2 wpa-ca-path2
768 wpa_cli_do "$IF_WPA_CLIENT_CERT2" ascii \
769 set_network client_cert2 wpa-client-cert2
771 wpa_cli_do "$IF_WPA_PRIVATE_KEY2" ascii \
772 set_network private_key2 wpa-private-key2
774 wpa_cli_do "$IF_WPA_PRIVATE_KEY_PASSWD2" ascii \
775 set_network private_key_passwd2 wpa-private-key-passwd2
777 wpa_cli_do "$IF_WPA_DH_FILE2" ascii \
778 set_network dh_file2 wpa-dh-file2
780 wpa_cli_do "$IF_WPA_SUBJECT_MATCH2" ascii \
781 set_network subject_match2 wpa-subject-match2
783 wpa_cli_do "$IF_WPA_ALTSUBJECT_MATCH2" ascii \
784 set_network altsubject_match2 wpa-altsubject-match2
786 wpa_cli_do "$IF_WPA_EAP_METHODS" raw \
787 set_network eap_methods wpa-eap-methods
789 wpa_cli_do "$IF_WPA_PHASE1" ascii \
790 set_network phase1 wpa-phase1
792 wpa_cli_do "$IF_WPA_PHASE2" ascii \
793 set_network phase2 wpa-phase2
795 wpa_cli_do "$IF_WPA_PCSC" raw \
796 set_network pcsc wpa-pcsc
798 wpa_cli_do "$IF_WPA_PIN" ascii \
799 set_network pin wpa-pin
801 wpa_cli_do "$IF_WPA_ENGINE" raw \
802 set_network engine wpa-engine
804 wpa_cli_do "$IF_WPA_ENGINE_ID" ascii \
805 set_network engine_id wpa-engine-id
807 wpa_cli_do "$IF_WPA_KEY_ID" ascii \
808 set_network key_id wpa-key-id
810 wpa_cli_do "$IF_WPA_EAPOL_FLAGS" raw \
811 set_network eapol_flags wpa-eapol-flags
813 if [ -n "$IF_WPA_WEP_KEY0" ]; then
814 wpa_key_check_and_set "$IF_WPA_WEP_KEY0" \
815 wep_key0 wpa-wep-key0
818 if [ -n "$IF_WPA_WEP_KEY1" ]; then
819 wpa_key_check_and_set "$IF_WPA_WEP_KEY1" \
820 wep_key1 wpa-wep-key1
823 if [ -n "$IF_WPA_WEP_KEY2" ]; then
824 wpa_key_check_and_set "$IF_WPA_WEP_KEY2" \
825 wep_key2 wpa-wep-key2
828 if [ -n "$IF_WPA_WEP_KEY3" ]; then
829 wpa_key_check_and_set "$IF_WPA_WEP_KEY3" \
830 wep_key3 wpa-wep-key3
833 wpa_cli_do "$IF_WPA_WEP_TX_KEYIDX" raw \
834 set_network wep_tx_keyidx wpa-wep-tx-keyidx
836 wpa_cli_do "$IF_WPA_PROACTIVE_KEY_CACHING" raw \
837 set_network proactive_key_caching wpa-proactive-key-caching
839 wpa_cli_do "$IF_WPA_PAC_FILE" ascii \
840 set_network pac_file wpa-pac-file
842 wpa_cli_do "$IF_WPA_MODE" raw \
843 set_network mode wpa-mode
845 wpa_cli_do "$IF_WPA_PEERKEY" raw \
846 set_network peerkey wpa-peerkey
848 wpa_cli_do "$IF_FRAGMENT_SIZE" raw \
849 set_network fragment_size wpa-fragment-size
851 wpa_cli_do "$IF_WPA_ID_STR" ascii \
852 set_network id_str wpa-id-str
854 wpa_cli_do "$WPA_ID" raw \
855 enable_network "enabling network block"
859 #####################################################################
860 ## wpa_action basic logging
861 # Log actions to file
864 exec >> "$WPA_CLI_LOGFILE" 2>&1
867 # log timestamp and wpa_action arguments
871 DATE=$(date +"%H:%M:%S %Y-%m-%d")
872 echo "########## $DATE ##########"
873 echo "IFACE=$WPA_IFACE ACTION=$WPA_ACTION"
876 # log wpa_cli environment variables
877 wpa_log_environment () {
878 echo "WPA_ID=$WPA_ID WPA_ID_STR=$WPA_ID_STR"
879 echo "WPA_CTRL_DIR=$WPA_CTRL_DIR"
882 #####################################################################
883 ## hysteresis checking
884 # Networking tools such as dhcp clients used with ifupdown can
885 # synthesize artificial ACTION events, particuarly just after a
886 # DISCONNECTED/CONNECTED events are experienced in quick succession.
887 # This can lead to infinite event loops, and in extreme cases has the
888 # potential to cause system instability.
890 wpa_hysteresis_event () {
894 echo "$TIME" > "$WPA_CLI_TIMESTAMP"
897 wpa_hysteresis_check () {
898 if [ -f "$WPA_CLI_TIMESTAMP" ]; then
903 # current time minus 4 second event buffer
904 TIMEWAIT=$(($TIME-4))
905 # get time of last event
906 TIMESTAMP=$(cat $WPA_CLI_TIMESTAMP)
907 # compare values, allowing new action to be processed
908 # only if last action was more than 4 seconds ago
909 if [ "$TIMEWAIT" -le "$TIMESTAMP" ]; then
910 echo "Ignoring $WPA_ACTION event, too soon after previous event"
918 #####################################################################
919 ## identify ifupdown files
920 # Identify ifupdown core files, so that state of the interface can be
921 # checked. This is the weakest part of the wpa_action roaming scheme,
922 # it would be _much_ better if stateless ifupdown capabilities were
926 if [ -e /etc/network/interfaces ]; then
927 INTERFACES_FILE="/etc/network/interfaces"
929 echo "Cannot locate ifupdown's \"interfaces\" file, $WPA_IFACE will not be configured"
933 if [ -e /etc/network/run/ifstate ]; then
935 IFSTATE_FILE="/etc/network/run/ifstate"
936 elif [ -e /var/run/network/ifstate ]; then
938 IFSTATE_FILE="/var/run/network/ifstate"
940 echo "Cannot locate ifupdown's \"ifstate\" file, $WPA_IFACE will not be configured"
948 if grep -s -q "^${WPA_IFACE}=${WPA_LOGICAL_IFACE}" "$IFSTATE_FILE"; then
952 echo "Interface \"$WPA_IFACE\" failed to establish a connection."
953 echo "Attempting reassociation..."
958 ln -s lock "$WPA_CLI_IFUPDOWN"
962 [ -L "$WPA_CLI_IFUPDOWN" ] && return 0
968 rm -f "$WPA_CLI_IFUPDOWN"
971 #####################################################################
972 ## apply mapping logic and ifup logical interface
973 # Apply mapping logic via id_str or external mapping script, check
974 # state of IFACE with respect to ifupdown and ifup logical interaface
977 local WPA_LOGICAL_IFACE
979 if [ -z "$IF_WPA_MAPPING_SCRIPT_PRIORITY" ] && [ -n "$WPA_ID_STR" ]; then
980 WPA_LOGICAL_IFACE="$WPA_ID_STR"
981 echo "Mapping logical interface via id_str: $WPA_LOGICAL_IFACE"
984 if [ -z "$WPA_LOGICAL_IFACE" ] && [ -n "$IF_WPA_MAPPING_SCRIPT" ]; then
985 echo "Mapping logical interface via wpa-mapping-script: $IF_WPA_MAPPING_SCRIPT"
989 WPA_MAP_STDIN=$(set | sed -n 's/^\(IF_WPA_MAP[0-9]*\)=.*/echo \$\1/p')
991 if [ -n "$WPA_MAP_STDIN" ]; then
992 WPA_LOGICAL_IFACE=$(eval "$WPA_MAP_STDIN" | "$IF_WPA_MAPPING_SCRIPT" "$WPA_IFACE")
994 WPA_LOGICAL_IFACE=$("$IF_WPA_MAPPING_SCRIPT" "$WPA_IFACE")
997 if [ -n "$WPA_LOGICAL_IFACE" ]; then
998 echo "Mapping script result: $WPA_LOGICAL_IFACE"
1000 echo "Mapping script failed."
1004 if [ -z "$WPA_LOGICAL_IFACE" ]; then
1005 if [ -n "$IF_WPA_ROAM_DEFAULT_IFACE" ]; then
1006 WPA_LOGICAL_IFACE="$IF_WPA_ROAM_DEFAULT_IFACE"
1007 echo "Using wpa-roam-default-iface: $WPA_LOGICAL_IFACE"
1009 WPA_LOGICAL_IFACE="default"
1010 echo "Using fallback logical interface: $WPA_LOGICAL_IFACE"
1014 if [ -n "$WPA_LOGICAL_IFACE" ]; then
1015 if egrep -q "^iface[[:space:]]+${WPA_LOGICAL_IFACE}[[:space:]]+inet" "$INTERFACES_FILE"; then
1016 : # logical network is defined
1018 echo "No network defined for \"$WPA_LOGICAL_IFACE\" in \"$INTERFACES_FILE\""
1019 echo "Trying to configure the \"default\" network instead ..."
1020 WPA_LOGICAL_IFACE="default"
1023 echo "ifup $WPA_IFACE=$WPA_LOGICAL_IFACE"
1027 if grep -q "^$WPA_IFACE=$WPA_IFACE" "$IFSTATE_FILE"; then
1028 # Force settings over the unconfigured "master" IFACE
1029 /sbin/ifup -v --force "$WPA_IFACE=$WPA_LOGICAL_IFACE"
1031 /sbin/ifup -v "$WPA_IFACE=$WPA_LOGICAL_IFACE"
1036 echo "No suitable logical interface mapping for ifupdown to configure"
1040 #####################################################################
1042 # Check IFACE state and ifdown as requested.
1045 if grep -q "^$WPA_IFACE" "$IFSTATE_FILE"; then
1048 echo "ifdown $WPA_IFACE"
1049 /sbin/ifdown -v "$WPA_IFACE"
1053 echo "Ignoring request to take \"$WPA_IFACE\" down, it is not up"
1057 #####################################################################
1058 ## keep IFACE scanning
1059 # After ifdown, the IFACE may be left "down", and inhibits
1060 # wpa_supplicant's ability to continue roaming.
1062 # NB: use iproute if present, flushing the IFACE first
1064 if_post_down_up () {
1065 if type ip >/dev/null; then
1066 ip addr flush dev "$WPA_IFACE" 2>/dev/null
1067 ip link set "$WPA_IFACE" up
1069 ifconfig "$WPA_IFACE" up