From 6c412a8782bac4efaf1f90e8d379ddbb64f9a4cd Mon Sep 17 00:00:00 2001
From: KatolaZ <katolaz@freaknet.org>
Date: Fri, 20 Jan 2017 22:53:09 +0000
Subject: added EAP/PEAP and EAP/TLS -- still to be tested
---
ChangeLog | 3 +++
setnet.sh | 81 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++---
2 files changed, 81 insertions(+), 3 deletions(-)
diff --git a/ChangeLog b/ChangeLog
index 6ecc229..6d2d9a6 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -5,6 +5,9 @@
* implemented workaround for zsh -- now fully supported
* added chk_out and chk_exit
* all direct commands (e.g., ip, wpa_cli) are now checked
+ * added support for EAP/PEAP
+ * added support for EAP/TLS
+
2017-01-07 KatolaZ <katolaz@freaknet.org>
diff --git a/setnet.sh b/setnet.sh
index c302485..c89a839 100755
--- a/setnet.sh
+++ b/setnet.sh
@@ -629,7 +629,79 @@ wifi_network_list(){
##function
wpa_authenticate_EAP_TLS(){
- unimplemented "wpa_authenticate_EAP_TLS"
+ ##unimplemented "wpa_authenticate_EAP_TLS"
+ ##return 1
+
+
+ DEVNAME=$1
+ W_ESSID=$2
+
+ ## We first add the new network
+ NET_NUM=$(wpa_cli -i ${DEVNAME} add_network | tail -1)
+
+ log "wifi_authenticate_EAP_PEAP" "NET_NUM: ${NET_NUM}"
+ chk_out "OK" wpa_cli -i ${DEVNAME} set_network ${NET_NUM} ssid "\"${W_ESSID}\""
+
+
+ ## we get the needed information, namely:
+ ##
+ ## - identity
+ ## - server certificate (ca_cert)
+ ## - client certificate
+ ## -
+ ##
+
+ eval "${DIALOG} --form 'PEAP parameters:' \
+ ${FORM_HEIGHT} ${FORM_WIDTH} 3 \
+ 'identity' 1 1 '' 1 20 30 80 \
+ 'server certificate' 2 1 '' 2 20 30 200 \
+ 'client certificate' 3 1 '' 3 20 30 200 \
+ 'private key' 4 1 '' 4 20 30 200 \
+ 'private key password' 5 1 '' 5 30 30 80 \
+ " 2>${TMPFILE}
+
+ if [ $? != "0" ]; then
+ log "wifi_authenticate_EAP_TLS" "Aborting EAP/TLS authentication"
+ wpa_cli -i ${DEVNAME} remove_network ${NET_NUM}
+ return 1
+ fi
+
+ ##
+ ## Now, this is not super-clean, but seems necessary to maintain
+ ## POSIX shell compatibility
+ ##
+ cat ${TMPFILE} | tr '\n' ' ' >${TMPFILE}_2
+ read EAP_IDENTITY EAP_SERV_CERT EAP_CLIENT_CERT EAP_PRIV_KEY EAP_PRIV_KEY_PWD <${TMPFILE}_2
+ rm -f ${TMPFILE}_2
+ ## Remove everything from the temp file
+ echo "" > ${TMPFILE}
+
+
+ chk_out "OK" wpa_cli -i ${DEVNAME} set_network ${NET_NUM} key_mgmt WPA-EAP
+
+ ## Set eap to PEAP
+ chk_out "OK" wpa_cli -i ${DEVNAME} set_network ${NET_NUM} eap TLS
+ ## Set identity
+ chk_out "OK" wpa_cli -i ${DEVNAME} set_network ${NET_NUM} identity "\"${EAP_IDENTITY}\""
+
+ chk_out "OK" wpa_cli -i ${DEVNAME} set_network ${NET_NUM} ca_cert "\"${EAP_SERV_CERT}\""
+ chk_out "OK" wpa_cli -i ${DEVNAME} set_network ${NET_NUM} client_cert "\"${EAP_CLIENT_CERT}\""
+ chk_out "OK" wpa_cli -i ${DEVNAME} set_network ${NET_NUM} private_key "\"${EAP_PRIV_KEY}\""
+ chk_out "OK" wpa_cli -i ${DEVNAME} set_network ${NET_NUM} private_key_passwd "\"${EAP_PRIV_KEY_PWD}\""
+
+ eval "${DIALOG} --defaultno --yesno \
+ 'Network \"${W_ESSID}\" configured\nSave configuration file?' \
+ ${INFO_HEIGHT} ${INFO_WIDTH} " 2> ${TMPFILE}
+ if [ $? -eq 0 ]; then
+ ## Save the config file
+ wifi_save_file ${DEVNAME}
+ fi
+
+ ## We can now enable the network
+ chk_out "OK" wpa_cli -i ${DEVNAME} enable_network ${NET_NUM}
+
+ return 0
+
}
@@ -668,7 +740,10 @@ wpa_authenticate_EAP_PEAP(){
return 1
fi
-
+ ##
+ ## Now, this is not super-clean, but seems necessary to maintain
+ ## POSIX shell compatibility
+ ##
cat ${TMPFILE} | tr '\n' ' ' >${TMPFILE}_2
read EAP_IDENTITY EAP_PASSWORD EAP_CERT <${TMPFILE}_2
rm -f ${TMPFILE}_2
@@ -687,7 +762,7 @@ wpa_authenticate_EAP_PEAP(){
chk_out "OK" wpa_cli -i ${DEVNAME} set_network ${NET_NUM} identity "\"${EAP_IDENTITY}\""
chk_out "OK" wpa_cli -i ${DEVNAME} set_network ${NET_NUM} password "\"${EAP_PASSWORD}\""
if [ -n "${EAP_CERT}" ]; then
- chk_out "OK" wpa_cli -i ${DEVNAME} set_network ${NET_NUM} ca_cert ${EAP_CERT}
+ chk_out "OK" wpa_cli -i ${DEVNAME} set_network ${NET_NUM} ca_cert "\"${EAP_CERT}\""
fi
eval "${DIALOG} --defaultno --yesno \
--
cgit v1.2.3