#!/usr/bin/env bash
# Author: Dubravko Penezic, 2011
#
# Skripta za instalaciju skripte za autentikaciju putem 802.1x na mrezni
# prikljucak.
#
# Ocekuje se da je na sustavu instalirana slijedeca programska podrska
# ifconfig
# wpa_supplicant
# dhclient
# awk
# sed
#
# te da postoji barem jedan mrezni adapter za zicnu mrezu i da je isti
# u funkciji
#
# verzija 1.0.1
#
# Nastala nadogradnjom i prilagodbom:
#
# eduroam configuration utility for Linux
# Version 0.4-1
# Written by Tomasz Wolniewicz (twoln@umk.pl)
# with contributions from Andrzej Angowski
# German locale provided by Torsten Kersting
# varijable
ver="1.0.1"
_8021x_CONF_PATH="/etc/8021x_wired"
_8021x_SBIN_PATH="/sbin"
_8021x_BIN_PATH="/usr/bin"
# xterm oznake teksta bold
if [ "$TERM" = "xterm" ] ; then
bf="[1m";
n="[0m";
fi
# functions
# ispis teksta na ekran, lprint samo tekst, lprintln cijeli redak
# s prelaskom u novi red
#
lprint() {
echo -n $1;
}
lprintln() {
lprint "$1"
echo ""
}
# ask user for confirmation
# the first argument is the user prompt
# if the second argument is 0 then the first element of yes_no array
# will be the default value prompted to the user
ask() {
yes=`lprint DA`
no=`lprint NE`
if [ $2 == "0" ]; then
def=$yes
else
def=$no
fi
while true
do
read -p "${bf}${1} ${yes}/${no}? [${def}]:$n " answer
if [ -z "$answer" ] ; then
answer=${def}
else
answer=`echo $answer | awk '{ print toupper($0) }'`
fi
case "$answer" in
${yes})
return 0
;;
${no})
return 1
;;
esac
done
}
atn=`lprint "UPOZORENJE"`
attention="${bf}${atn}!${n} "
# Ispisivanje pozdravne poruke
echo ""
lprintln "8021x_config ${ver}"
lprintln "================================"
echo ""
lprintln "Ova skripta obavlja instalaciju skripte i konfiguraciju klijenta"
lprintln "za pristup zicnoj mrezi putem autentikacijske infrastrukture ${bf}802.1x$n"
echo ""
echo "------------------------------------------------------------------------"
lprintln "${attention}Skripta podesava parametre koje mogu koristiti samo korisnici"
lprintln "institucije ${bf}FER$n cija korisnicka oznaka ima oblik"
lprintln "<uid>@fer.hr (pero@fer.hr)"
echo "------------------------------------------------------------------------"
echo ""
# Provjera parametara pri pozivanju skripte
set -- `getopt ih $*`
for i
do
case "$i" in
-h)
lprintn "Uporaba"; echo " $0 [-i]"
echo ""
echo ""
exit 2 ;;
-i)
flag="i"; shift;;
--)
shift; break;;
esac
done
user=`whoami`
if [ "$user" != "root" ]; then
echo -n "${attention} "
lprintln "Ova skripta mora biti pokrenuta s root administrativnim ovlastima"
exit
fi
if ! ask "`lprint 'Nastavak'`" 0 ; then exit; fi
clear
# locate ifconfig
#
if [ -x /sbin/ifconfig ]; then
IWCONFIG="/sbin/ifconfig"
elif [ -x /usr/sbin/ifconfig ]; then
IWCONFIG="/usr/sbin/ifconfig"
elif [ "$flag" != "-i" ] ; then
lprint "Nemoguce pronaci"; echo " ifconfig"
prompt=`lprint "unesite putanju do"`
read -p "$prompt ifconfig: " IWCONFIG
if [ ! -x $IWCONFIG ] ; then
lprint "Nemoguce pronaci"; echo " $IWCONFIG";
exit
fi
fi
if [ "$flag" = "i" ] ; then
read -p "ifconfig: [${IWCONFIG}] " iwcfg
if [ "$iwcfg" ] ; then
IWCONFIG=$iwcfg
fi
if [ ! -x $IWCONFIG ] ; then
lprint "Nemoguce pronaci";echo " $IWCONFIG";
exit
fi
fi
# locate wired interface
iface=`${IWCONFIG} 2>/dev/null | awk '/^[a-z]/ {print $1 }'`
if [ -z "${iface}" ] ; then
lprintln "Nije pronadjena niti jedan aktivni mrezni adapter za zicnu mrezu. Skripta prekida izvrsenje."
exit
fi
# locate wpa_supplicant
#
if which wpa_supplicant 1>/dev/null 2>&1 ; then
WPA_SUPPLICANT=`which wpa_supplicant`
elif [ -x /sbin/wpa_supplicant ]; then
WPA_SUPPLICANT="/sbin/wpa_supplicant"
elif [ -x /usr/sbin/wpa_supplicant ]; then
WPA_SUPPLICANT="/usr/sbin/wpa_supplicant"
elif [ "$flag" != "-i" ] ; then
while [ ! -x "$WPA_SUPPLICANT" -o "$WPA_SUPPLICANT" = "" ]
do
lprint "Nemoguce pronaci";echo " wpa_supplicant"
prompt=`lprint "unesite putanju do"`
read -p "$prompt wpa_supplicant: " WPA_SUPPLICANT
done
fi
if [ "$flag" = "i" ] ; then
read -p "wpa_supplicant: [${WPA_SUPPLICANT}] " iwcfg
if [ "$iwcfg" ] ; then
WPA_SUPPLICANT=$iwcfg
fi
while [ ! -x "$WPA_SUPPLICANT" -o "$WPA_SUPPLICANT" = "" ]
do
lprint 101 "Nemoguce pronaci"; echo " wpa_supplicant"
read -p "$prompt wpa_supplicant: " WPA_SUPPLICANT
done
fi
# locate wpa_cli
#
if which wpa_cli 1>/dev/null 2>&1 ; then
WPA_CLI=`which wpa_cli`
fi
# select the wired interface
#
iface_count=`${IWCONFIG} 2>/dev/null | awk '/^[a-z]/ {print $1 }'| wc -l`
if [ $iface_count -gt 1 ] ; then
lprintln "Pronadjeni slijedeci mrezni adapteri za zicnu mrezu:"
echo "$bf${iface}$n"
else
lprint "Pronadjen mrezni adapter za zicnu mrezu"
echo ": $bf${iface}$n"
fi
if [ $iface_count -gt 1 ] ; then
lprintln "molim odaberite jedan"
ifc=""
while [ -z $ifc ]
do
read -p "${n}interface: ${bf}" ifc
done
iface=$ifc
elif [ "$flag" = "i" ] ; then
read -p "adapter: [${iface}] " ifc
if [ "$ifc" ] ; then
iface=$ifc
fi
fi
# select wired driver
#
driver="wired"
if [ -x /sbin/dhcpcd ] ; then
dhclient="/sbin/dhcpcd"
fi
if [ -x /sbin/dhclient ] ; then
dhclient="/sbin/dhclient"
fi
if [ -x /sbin/pump ] ; then
dhclient="/sbin/pump -i"
fi
# check for gksu
GKSU=""
if which gksu 1>/dev/null 2>&1 ; then
GKSU=`which gksu`
fi
# check for kdesu
KDESU=""
if which kdesu 1>/dev/null 2>&1 ; then
KDESU=`which kdesu`
fi
found=`lprint "pronadjen"`;
echo ""
lprintln "--------------------------------------------------------------------"
lprint "Podesava 802.1x na"; echo " $bf$iface$n"
echo " ${found} $bf$WPA_SUPPLICANT$n"
echo " ${found} $bf$IWCONFIG$n"
echo " ${found} $bf$dhclient$n"
echo -n " "; lprint "podesavam drajver"; echo " $bf$driver$n"
echo -n " "; lprint "kreiranje direktorija"; echo " $bf$_8021x_CONF_PATH$n"
echo -n " "; lprintln "kreiranje naredbe:"
echo " $bf${_8021x_SBIN_PATH}/8021x_wired$n"
echo " $bf${_8021x_BIN_PATH}/8021x_wired-start$n"
echo " $bf${_8021x_BIN_PATH}/8021x_wired-stop$n"
if [ -n "$GKSU" -o -n "$KDESU" ] ; then
echo -n " "; lprintln "i kreiranje pomocne naredbe:"
echo " $bf${_8021x_BIN_PATH}/x8021x_wired-start$n"
echo " $bf${_8021x_BIN_PATH}/x8021x_wired-stop$n"
fi
echo "--------------------------------------------------------------------"
echo ""
lprintln "Ako zelite promjeniti pojedine parametre, zaustavite instalaciju"
lprintln "i pokrenite skriptu s paramterom -i"
echo ""
if ! ask "`lprint 'Nastavak'`" 1 ; then exit; fi
if [ -z "$GKSU" -a -z "$KDESU" ]; then
if which sudo 1>/dev/null 2>&1 ; then
SUDO=`which sudo`
prompt=`lprintln "zelite li koristiti ${n}sudo${bf} za pokretanje spajanja na 802.1x"`
if ask "$prompt" 1; then
lprint "Da, koristit cu"
echo " ${bf}${SUDO}$n"
else
lprint "Da, koristit cu"
echo " ${bf}su${n}"
SUDO=""
fi
fi
fi
if [ -d "$_8021x_CONF_PATH" ] ; then
echo -n "${attention} "
lprint "Direktorij"; echo -n " $_8021x_CONF_PATH "; lprintln "postoji"
lprintln "neke datoteke ce biti modificirane"
if ! ask "`lprint 'Nastavak'`" 1 ; then exit; fi
else
lprint 20 "kreiranje"; echo " $_8021x_CONF_PATH"
if ! mkdir $_8021x_CONF_PATH ; then
lprint 21 "problem u kreiranju direktorija"; echo " $_8021x_CONF_PATH"
exit
fi
fi
PASSWORD="a"
PASSWORD1="b"
prompt=`lprint "Unesite svoju korisnicku oznaku u obliku <uid>@fer.hr (pero@fer.hr)"`
read -p "${prompt}: " USER
while [ "$PASSWORD" != "$PASSWORD1" ]
do
prompt=`lprint "unesite svoju lozinku"`
read -s -r -p "${prompt}: " PASSWORD
echo ""
prompt=`lprint "ponovno unesite svoju lozinku"`
read -s -r -p "${prompt}: " PASSWORD1
echo ""
if [ "$PASSWORD" != "$PASSWORD1" ] ; then
lprint "unesene lozinke se ne podudaraju"
fi
done
eap="TTLS
password=\"${PASSWORD}\"
phase2=\"auth=PAP\""
echo "ctrl_interface=/var/run/wpa_supplicant
network={
key_mgmt=IEEE8021X
ca_cert=\"${_8021x_CONF_PATH}/8021x_wired_fer.hr_CA.pem\"
subject_match=\"freeradius.fer.hr\"
identity=\"${USER}\"
eapol_flags=0
eap=$eap
}
" > ${_8021x_CONF_PATH}/wpa_supplicant.conf
#INCLUDE_CERT
chown root ${_8021x_CONF_PATH}/wpa_supplicant.conf
chmod 600 ${_8021x_CONF_PATH}/wpa_supplicant.conf
starting=`lprintln "pokretanje mrezne povezanosti"`
stopping=`lprintln "zaustavljanje mrezne povezanosti"`
waiting=`lprintln "cekanje na povezivanje"`
connected=`lprintln "povezano na"`
restarting=`lprintln "restartanje"`
assinging_ip=`lprintln "podesavanje IP adrese"`
msg=`lprint "Koristenje"`
echo "#!/bin/sh
WPA_SUPPLICANT=\"$WPA_SUPPLICANT\"" > ${_8021x_SBIN_PATH}/8021x_wired
if [ "$WPA_CLI" ] ; then
echo "WPA_CLI=\"$WPA_CLI\"" >> ${_8021x_SBIN_PATH}/8021x_wired
fi
echo "DRIVER=\"${driver}\"
WPA_CONF=\"${_8021x_CONF_PATH}/wpa_supplicant.conf\"
DHCPD=\"${dhclient}\"
INTERFACE=\"${iface}\"
REAUTH_TIMEOUT=\"120\"
# end of configuration section
dhclient=\`basename \$DHCPD\`
case \"\$1\" in
start)
echo \"$starting \${INTERFACE}\"
pkill wpa_supplicant
kill \`ps -ef | awk \"/\$dhclient/ && /${iface}/ && ! /awk/ {print \$2}\"\` 1>/dev/null 2>&1
\${WPA_SUPPLICANT} -B -D \${DRIVER} -c \${WPA_CONF} -i \${INTERFACE} -P /var/run/wpa_supplicant.pid 1>/dev/null 2>&1
if [ \"\$WPA_CLI\" ] ; then
i=1
echo \"$waiting\"
while ! \$WPA_CLI status | grep -q AUTHENTICATED ; do
sleep 1
i=\`expr \$i + 1\`
if [ \$i -gt 40 ] ; then
echo \"$restarting wpa_supplicant\"
echo \"$waiting\"
pkill wpa_supplicant
sleep 1
\${WPA_SUPPLICANT} -B -D \${DRIVER} -c \${WPA_CONF} -i \${INTERFACE} -P /var/run/wpa_supplicant.pid 1>/dev/null 2>&1
i=1
sleep 1
fi
done
echo \"$connected 802.1x\"
else
sleep 10
fi
echo \"$assinging_ip\"
\${DHCPD} \${INTERFACE}
;;
stop)
echo \"$stopping \${INTERFACE}\"
pkill wpa_supplicant
kill \`ps -ef | awk \"/\$dhclient/ && /${iface}/ && ! /awk/ {print \$2}\"\` 1>/dev/null 2>&1
;;
*)
echo \"$msg \$0 {start|stop}\"
exit 1
;;
esac
" >> ${_8021x_SBIN_PATH}/8021x_wired
chmod 755 ${_8021x_SBIN_PATH}/8021x_wired
if [ -n "$GKSU" -o -n "$KDESU" ]; then
msg=`lprint "izvrseno"; echo -n " ${_8021x_SBIN_PATH}/8021x_wired start "; lprint "kao root"`
echo "#!/bin/sh
xterm -geometry 80x5 -T '8021x_wired start' -e '${_8021x_SBIN_PATH}/8021x_wired start; sleep 2'
" > ${_8021x_BIN_PATH}/x8021x_wired-start
echo "#!/bin/sh
xterm -geometry 80x5 -T '8021x_wired stop' -e '${_8021x_SBIN_PATH}/8021x_wired stop; sleep 2'
" > ${_8021x_BIN_PATH}/x8021x_wired-stop
chmod 755 ${_8021x_BIN_PATH}/x8021x_wired-*
echo "#!/bin/sh
if [ -n \"\$DISPLAY\" ] ; then
if env | grep -q GNOME ; then
if which gksu 1>/dev/null 2>&1 ; then
SSSU=\`which gksu\`
fi
fi
if env | grep -q KDE ; then
if which kdesu 1>/dev/null 2>&1 ; then
SSSU=\`which kdesu\`
fi
fi
if [ -n \"\$SSSU\" ] ; then
\$SSSU x8021x_wired-start 1>/dev/null 2>&1
else
echo $msg
fi
else
echo $msg
fi
" > ${_8021x_BIN_PATH}/8021x_wired-start
msg=`lprint "pokrenuto"; echo -n " ${_8021x_SBIN_PATH}/8021x_wired stop "; lprint "kao root"`
echo "#!/bin/sh
if [ -n \"\$DISPLAY\" ] ; then
if env | grep -q GNOME ; then
if which gksu 1>/dev/null 2>&1 ; then
SSSU=\`which gksu\`
fi
fi
if env | grep -q KDE ; then
if which kdesu 1>/dev/null 2>&1 ; then
SSSU=\`which kdesu\`
fi
fi
if [ -n \"\$SSSU\" ] ; then
\$SSSU x8021x_wired-stop 1>/dev/null 2>&1
else
echo $msg
fi
else
echo $msg
fi
" > ${_8021x_BIN_PATH}/8021x_wired-stop
else
if [ -n "$SUDO" ]; then
echo "#!/bin/sh
if [ -n \"\$DISPLAY\" ] ; then
xterm -geometry 80x4 -T '8021x_wired start' -e \"${SUDO} ${_8021x_SBIN_PATH}/8021x_wired start\"
else
${SUDO} ${_8021x_SBIN_PATH}/8021x_wired start
fi
" > ${_8021x_BIN_PATH}/8021x_wired-start
echo "#!/bin/sh
if [ -n \"\$DISPLAY\" ] ; then
xterm -geometry 80x4 -T '8021x_wired stop' -e \"${SUDO} ${_8021x_SBIN_PATH}/8021x_wired stop\"
else
${SUDO} ${_8021x_SBIN_PATH}/8021x_wired stop
fi
" > ${_8021x_BIN_PATH}/8021x_wired-stop
else
echo "#!/bin/sh
if [ -n \"\$DISPLAY\" ] ; then
xterm -geometry 80x4 -T '8021x_wired start' -e \"su -c '${_8021x_SBIN_PATH}/8021x_wired start'\"
else
su -c '${_8021x_SBIN_PATH}/8021x_wired start'
fi
" > ${_8021x_BIN_PATH}/8021x_wired-start
echo "#!/bin/sh
if [ -n \"\$DISPLAY\" ] ; then
xterm -geometry 80x4 -T '8021x_wired stop' -e \"su -c '${_8021x_SBIN_PATH}/8021x_wired stop'\"
else
su -c '${_8021x_SBIN_PATH}/8021x_wired stop'
fi
" > ${_8021x_BIN_PATH}/8021x_wired-stop
fi
fi
chmod 755 ${_8021x_BIN_PATH}/8021x_wired-*
cp 8021x_wired_fer.hr_CA.pem ${_8021x_CONF_PATH}
echo ""
lprintln "${bf}Uspjesno dovrseno konfiguriranje$n"
echo ""
echo ""
lprintln "${bf}Koristenje${n}"
echo "------------------------"
echo ""
lprint "Pokretanje mrezne povezanosti"; echo " ${bf}8021x_wired-start${n}"
lprint "Zaustavljanje mrezne povezanosti"; echo " ${bf}8021x_wired-stop${n}"
echo ""