diff options
author | KatolaZ <katolaz@freaknet.org> | 2017-01-20 22:53:09 +0000 |
---|---|---|
committer | KatolaZ <katolaz@freaknet.org> | 2017-01-20 22:53:09 +0000 |
commit | 6c412a8782bac4efaf1f90e8d379ddbb64f9a4cd (patch) | |
tree | 7c770e909df0aa5e95230b437920a7d947eb0c0a | |
parent | 0e317a2a12aed0b4080b9872dacbfb1bcab9063f (diff) |
added EAP/PEAP and EAP/TLS -- still to be testedEAP-support
-rw-r--r-- | ChangeLog | 3 | ||||
-rwxr-xr-x | setnet.sh | 81 |
2 files changed, 81 insertions, 3 deletions
@@ -5,6 +5,9 @@ * implemented workaround for zsh -- now fully supported * added chk_out and chk_exit * all direct commands (e.g., ip, wpa_cli) are now checked + * added support for EAP/PEAP + * added support for EAP/TLS + 2017-01-07 KatolaZ <katolaz@freaknet.org> @@ -629,7 +629,79 @@ wifi_network_list(){ ##function wpa_authenticate_EAP_TLS(){ - unimplemented "wpa_authenticate_EAP_TLS" + ##unimplemented "wpa_authenticate_EAP_TLS" + ##return 1 + + + DEVNAME=$1 + W_ESSID=$2 + + ## We first add the new network + NET_NUM=$(wpa_cli -i ${DEVNAME} add_network | tail -1) + + log "wifi_authenticate_EAP_PEAP" "NET_NUM: ${NET_NUM}" + chk_out "OK" wpa_cli -i ${DEVNAME} set_network ${NET_NUM} ssid "\"${W_ESSID}\"" + + + ## we get the needed information, namely: + ## + ## - identity + ## - server certificate (ca_cert) + ## - client certificate + ## - + ## + + eval "${DIALOG} --form 'PEAP parameters:' \ + ${FORM_HEIGHT} ${FORM_WIDTH} 3 \ + 'identity' 1 1 '' 1 20 30 80 \ + 'server certificate' 2 1 '' 2 20 30 200 \ + 'client certificate' 3 1 '' 3 20 30 200 \ + 'private key' 4 1 '' 4 20 30 200 \ + 'private key password' 5 1 '' 5 30 30 80 \ + " 2>${TMPFILE} + + if [ $? != "0" ]; then + log "wifi_authenticate_EAP_TLS" "Aborting EAP/TLS authentication" + wpa_cli -i ${DEVNAME} remove_network ${NET_NUM} + return 1 + fi + + ## + ## Now, this is not super-clean, but seems necessary to maintain + ## POSIX shell compatibility + ## + cat ${TMPFILE} | tr '\n' ' ' >${TMPFILE}_2 + read EAP_IDENTITY EAP_SERV_CERT EAP_CLIENT_CERT EAP_PRIV_KEY EAP_PRIV_KEY_PWD <${TMPFILE}_2 + rm -f ${TMPFILE}_2 + ## Remove everything from the temp file + echo "" > ${TMPFILE} + + + chk_out "OK" wpa_cli -i ${DEVNAME} set_network ${NET_NUM} key_mgmt WPA-EAP + + ## Set eap to PEAP + chk_out "OK" wpa_cli -i ${DEVNAME} set_network ${NET_NUM} eap TLS + ## Set identity + chk_out "OK" wpa_cli -i ${DEVNAME} set_network ${NET_NUM} identity "\"${EAP_IDENTITY}\"" + + chk_out "OK" wpa_cli -i ${DEVNAME} set_network ${NET_NUM} ca_cert "\"${EAP_SERV_CERT}\"" + chk_out "OK" wpa_cli -i ${DEVNAME} set_network ${NET_NUM} client_cert "\"${EAP_CLIENT_CERT}\"" + chk_out "OK" wpa_cli -i ${DEVNAME} set_network ${NET_NUM} private_key "\"${EAP_PRIV_KEY}\"" + chk_out "OK" wpa_cli -i ${DEVNAME} set_network ${NET_NUM} private_key_passwd "\"${EAP_PRIV_KEY_PWD}\"" + + eval "${DIALOG} --defaultno --yesno \ + 'Network \"${W_ESSID}\" configured\nSave configuration file?' \ + ${INFO_HEIGHT} ${INFO_WIDTH} " 2> ${TMPFILE} + if [ $? -eq 0 ]; then + ## Save the config file + wifi_save_file ${DEVNAME} + fi + + ## We can now enable the network + chk_out "OK" wpa_cli -i ${DEVNAME} enable_network ${NET_NUM} + + return 0 + } @@ -668,7 +740,10 @@ wpa_authenticate_EAP_PEAP(){ return 1 fi - + ## + ## Now, this is not super-clean, but seems necessary to maintain + ## POSIX shell compatibility + ## cat ${TMPFILE} | tr '\n' ' ' >${TMPFILE}_2 read EAP_IDENTITY EAP_PASSWORD EAP_CERT <${TMPFILE}_2 rm -f ${TMPFILE}_2 @@ -687,7 +762,7 @@ wpa_authenticate_EAP_PEAP(){ chk_out "OK" wpa_cli -i ${DEVNAME} set_network ${NET_NUM} identity "\"${EAP_IDENTITY}\"" chk_out "OK" wpa_cli -i ${DEVNAME} set_network ${NET_NUM} password "\"${EAP_PASSWORD}\"" if [ -n "${EAP_CERT}" ]; then - chk_out "OK" wpa_cli -i ${DEVNAME} set_network ${NET_NUM} ca_cert ${EAP_CERT} + chk_out "OK" wpa_cli -i ${DEVNAME} set_network ${NET_NUM} ca_cert "\"${EAP_CERT}\"" fi eval "${DIALOG} --defaultno --yesno \ |