#!/bin/bash
#
# eduroam configuration utility for Linux
#
# Version 0.4-1
# Depending on the name with witch the script is called
# it will configure eduroam for TLS, TTLS-PAP or PEAP
# We assume that the wireless card is already installed ie. visible under
# iwconfig.
# Successfully tested under the following list of Linux distributions
# Aurox 10.2
# Fedora Core 5
# Fedora Core 6
# Knoppix 5.0.1
# Mandriva 2007.0
# Suse 10.0
# Suse 10.1
# Ubuntu 6.06
# Ubuntu 6.10
#
# Written by Tomasz Wolniewicz (twoln@umk.pl)
# with contributions from Andrzej Angowski
# German locale provided by Torsten Kersting
#
#
# When setting up TLS we assume that the user certificate is in p12 format
# and it makes life easier if the certificates have the extension defined
# below as p12_ext
#
#
# This script has been generated by the prepare_eduroam_config utility
#
tls_script_name='eduroam_config_tls'
peap_script_name='eduroam_config_peap'
p12_ext='p12'
EDUROAM_CONF_PATH='/etc/eduroam'
EDUROAM_SBIN_PATH='/sbin'
EDUROAM_BIN_PATH='/usr/bin'
#
# The LANG variable is used to choose the correct language settings.
# Full LANG and the LANG prefix can me matched.
# New laguages can be easily added.
# If LANG does not match any of predefined vauses, English will be used.
#
l=`echo $LANG | sed -e 's/\..*$//'`
if [ "$TERM" = "xterm" ] ; then
bf="�[1m";
n="�[0m";
fi
case "$LANG" in
pl_PL.ISO-8859-2|pl_PL.iso-8859-2|pl_PL.ISO88593|pl_PL.iso88592)
MSG[101]="Nie mog� odnale��"
MSG[102]="Wprowad� pe�n� scie�k� do"
MSG[103]="nie znalaz�em aktywnego interfejsu bezprzewodowego, nie mo�na kontynuowa�"
MSG[104]="znalaz�em"
MSG[105]="UWAGA"
MSG[106]="Kontynuowa�"
MSG[107]="U�ycie"
MSG[110]="podstawowy sterownik jadra"
MSG[111]="karty na uk�adzie Atheros"
MSG[112]="karty Intel 2100/2200 - obecnie zazwyczaj stosuje si� wext"
MSG[113]="sterownik Windows XP i ndiswrapper - obecnie zazwyczaj stosuje si� wext"
MSG[1]="Ten skrypt powinien byc uruchamiany pod jedna z nazw:"
MSG[2]="ten skrypt powinien byc uruchomiony z uprawnieniami administratora"
MSG[3]="Znalaz�em aktywne interfejsy bezprzewodowe:"
MSG[4]="Znalaz�em aktywny interfejs bezprzewodowy"
MSG[5]="wybierz jeden z nich"
MSG[6]="dost�pne sterowniki:"
MSG[7]="sterownik"
MSG[8]="Konfiguruj� sie� dla"
MSG[9]="ustawiam sterownik"
MSG[10]="utworz� katalog"
MSG[11]="utworz� polecenia"
MSG[12]="oraz polecenia pomocnicze:"
MSG[13]="Je�eli chcesz co� zmieni� w tych ustawieniach, to przerwij instalacj�"
MSG[14]="i uruchom skrypt ponownie z opcj� -i"
MSG[15]="czy chcesz u�ywa� ${n}sudo${bf} przy uruchamianiu eduroam"
MSG[16]="OK, u�yj�"
MSG[17]="Katalog"
MSG[18]="istnieje"
MSG[19]="niekt�re pliki mog� zosta� zmodyfikowane"
MSG[20]="tworz�"
MSG[21]="b��d tworzenia katalogu"
MSG[22]="nazwa pliku z certyfikatem indywidualnym"
MSG[23]="nie mog� kontynuowa� bez poprawnej nazwy pliku"
MSG[24]="wprowad� has�o do pliku z certyfikatem"
MSG[25]="niepoprawne has�o"
MSG[26]="wprowad� sw�j identyfikator pocztowy w postaci id@domena"
MSG[27]="wprowad� swoje has�o"
MSG[28]="powt�rz swoje has�o"
MSG[29]="niezgodne has�a"
MSG[30]="start sieci na"
MSG[31]="zatrzymanie sieci na"
MSG[32]="czekam na uwierzytelnienie"
MSG[33]="polaczono z "
MSG[34]="ponowny start"
MSG[35]="pobieram adres IP"
MSG[36]="uruchom"
MSG[37]="jako root"
MSG[38]="Konfiguracja zako�czona"
MSG[39]="Sie� mo�esz uruchomi� poleceniem"
MSG[40]="Sie� mo�esz zatrzyma� poleceniem"
MSG[41]="T"
MSG[42]="N"
welcome[0]="Skrypt konfiguruj�cy dost�p do sieci ${bf}eduroam$n"
welcome[1]="${bf}UWAGA!$n przeznaczony dla pracownik�w i student�w ${bf}PL$n"
welcome[2]="W przypadu problem�w prosimy o kontakt z adresem admins@pluton.pol.lublin.pl z podaniem"
welcome[3]="dystrybucji linuxa z kt�r� by� problem"
welcome[4]=""
;;
pl_PL.UTF8|pl_PL.UTF-8)
MSG[101]="Nie mogę odnaleźć"
MSG[102]="Wprowadć pełną scieżkę do"
MSG[103]="nie znalazłem aktywnego interfejsu bezprzewodowego, nie można kontynuować"
MSG[104]="znalazłem"
MSG[105]="UWAGA"
MSG[106]="Kontynuować"
MSG[107]="Użycie"
MSG[110]="podstawowy sterownik jadra"
MSG[111]="karty na układzie Atheros"
MSG[112]="karty Intel 2100/2200 - obecnie zazwyczaj stosuje się wext"
MSG[113]="sterownik Windows XP i ndiswrapper - obecnie zazwyczaj stosuje się wext"
MSG[1]="Ten skrypt powinien byc uruchamiany pod jedna z nazw:"
MSG[2]="ten skrypt powinien byc uruchomiony z uprawnieniami administratora"
MSG[3]="Znalazłem aktywne interfejsy bezprzewodowe:"
MSG[4]="Znalazłem aktywny interfejs bezprzewodowy"
MSG[5]="wybierz jeden z nich"
MSG[6]="dostępne sterowniki:"
MSG[7]="sterownik"
MSG[8]="Konfiguruję sieć dla"
MSG[9]="ustawiam sterownik"
MSG[10]="utworzę katalog"
MSG[11]="utworzę polecenia"
MSG[12]="oraz polecenia pomocnicze:"
MSG[13]="Jeżeli chcesz coś zmienić w tych ustawieniach, to przerwij instalację"
MSG[14]="i uruchom skrypt ponownie z opcją -i"
MSG[15]="czy chcesz używać ${n}sudo${bf} przy uruchamianiu eduroam"
MSG[16]="OK, użyję"
MSG[17]="Katalog"
MSG[18]="istnieje"
MSG[19]="niektóre pliki mogą zostać zmodyfikowane"
MSG[20]="tworzę"
MSG[21]="błąd tworzenia katalogu"
MSG[22]="nazwa pliku z certyfikatem indywidualnym"
MSG[23]="nie mogę kontynuować bez poprawnej nazwy pliku"
MSG[24]="wprowadź hasło do pliku z certyfikatem"
MSG[25]="niepoprawne hasło"
MSG[26]="wprowadź swój identyfikator pocztowy w postaci id@domena"
MSG[27]="wprowadź swoje hasło"
MSG[28]="powtórz swoje hasło"
MSG[29]="niezgodne hasła"
MSG[30]="start sieci na"
MSG[31]="zatrzymanie sieci na"
MSG[32]="czekam na uwierzytelnienie"
MSG[33]="polaczono z "
MSG[34]="ponowny start"
MSG[35]="pobieram adres IP"
MSG[36]="uruchom"
MSG[37]="jako root"
MSG[38]="Konfiguracja zakończona"
MSG[39]="Sieć możesz uruchomić poleceniem"
MSG[40]="Sieć możesz zatrzymać poleceniem"
MSG[41]="T"
MSG[42]="N"
welcome[0]="Skrypt konfigurujący dostęp do sieci ${bf}eduroam$n"
welcome[1]="${bf}UWAGA!$n przeznaczony dla pracowników i studentów ${bf}PL$n"
welcome[2]="W przypadu problemów prosimy o kontakt z adresem admins@pluton.pol.lublin.pl z podaniem"
welcome[3]="dystrybucji linuxa z którą był problem"
welcome[4]=""
;;
pl_PL*)
MSG[101]="Nie moge odnalezc"
MSG[102]="Wprowadz pelna sciezke do"
MSG[103]="nie znalazlem aktywnego interfejsu bezprzewodowego, nie mozna kontynuowac"
MSG[104]="znalazlem"
MSG[105]="UWAGA"
MSG[106]="Kontynuowac"
MSG[107]="Uzycie"
MSG[110]="podstawowy sterownik jadra"
MSG[111]="karty na ukladzie Atheros"
MSG[112]="karty Intel 2100/2200 - obecnie zazwyczaj stosuje sie wext"
MSG[113]="sterownik Windows XP i ndiswrapper - obecnie zazwyczaj stosuje si� wext"
MSG[1]="Ten skrypt powinien byc uruchamiany pod jedna z nazw:"
MSG[2]="ten skrypt powinien byc uruchomiony z uprawnieniami administratora"
MSG[3]="Znalazlem aktywne interfejsy bezprzewodowe:"
MSG[4]="Znalazlem aktywny interfejs bezprzewodowy"
MSG[5]="wybierz jeden z nich"
MSG[6]="dostepne sterowniki:"
MSG[7]="sterownik"
MSG[8]="Konfiguruje siec dla"
MSG[9]="ustawiam sterownik"
MSG[10]="utworze katalog"
MSG[11]="utworze polecenia"
MSG[12]="oraz polecenia pomocnicze:"
MSG[13]="Jezeli chcesz cos zmienic w tych ustawieniach, to przerwij instalacje"
MSG[14]="i uruchom skrypt ponownie z opcja -i"
MSG[15]="czy chcesz uzywac ${n}sudo${bf} przy uruchamianiu eduroam"
MSG[16]="OK, uzyje"
MSG[17]="Katalog"
MSG[18]="istnieje"
MSG[19]="niektore pliki moga zostac zmodyfikowane"
MSG[20]="tworze"
MSG[21]="blad tworzenia katalogu"
MSG[22]="nazwa pliku z certyfikatem indywidualnym"
MSG[23]="nie moge kontynuowac bez poprawnej nazwy pliku"
MSG[24]="wprowadz haslo do pliku z certyfikatem"
MSG[25]="niepoprawne haslo"
MSG[26]="wprowadz swoj identyfikator pocztowy w postaci id@domena"
MSG[27]="wprowadz swoje haslo"
MSG[28]="powtorz swoje haslo"
MSG[29]="niezgodne hasla"
MSG[30]="start sieci na"
MSG[31]="zatrzymanie sieci na"
MSG[32]="czekam na uwierzytelnienie"
MSG[33]="polaczono z "
MSG[34]="ponowny start"
MSG[35]="pobieram adres IP"
MSG[36]="uruchom"
MSG[37]="jako root"
MSG[38]="Konfiguracja zakonczona"
MSG[39]="Siec mozesz uruchomic poleceniem"
MSG[40]="Siec mozesz zatrzymac poleceniem"
MSG[41]="T"
MSG[42]="N"
welcome[0]="Skrypt konfigurujacy dostep do sieci ${bf}eduroam$n"
welcome[1]="${bf}UWAGA!$n przeznaczony tylko dla pracownikow i studentow ${bf}PL$n"
welcome[2]="W przypadu problemow prosimy o kontakt z adresem admins@pluton.pol.lublin.pl z podaniem"
welcome[3]="dystrybucji linuxa z ktora byl problem"
;;
*)
MSG[1]="This script should be named one of the following:"
MSG[2]="this script must be started with administrator rights"
MSG[3]="Found the following active wireless interfaces:"
MSG[4]="Found active wireless interface"
MSG[5]="please choose one"
MSG[6]="available drivers:"
MSG[7]="driver"
MSG[8]="Configuring eduroam on"
MSG[9]="setting driver"
MSG[10]="will create directory"
MSG[11]="will create commands:"
MSG[12]="continue auxiliary commands:"
MSG[13]="If you would like to change some settings, then stop the installation"
MSG[14]="and start the script with -i option"
MSG[15]="would you like to use ${n}sudo${bf} for starting eduroam"
MSG[16]="OK, will use"
MSG[17]="Directory"
MSG[18]="exists"
MSG[19]="some files can be modified"
MSG[20]="creating"
MSG[21]="directory creation error for"
MSG[22]="personal certificate file"
MSG[23]="cannot continue without the correct filename"
MSG[24]="enter the password for the certificate file"
MSG[25]="wrong password"
MSG[26]="enter your userid in the form id@domain"
MSG[27]="enter your password"
MSG[28]="repeat your password"
MSG[29]="passwords do not match"
MSG[30]="starting network on"
MSG[31]="stopping network on"
MSG[32]="waiting for connection"
MSG[33]="connected to"
MSG[34]="restarting"
MSG[35]="setting IP"
MSG[36]="execute"
MSG[37]="as root"
MSG[38]="Configuration successful"
MSG[39]="You can start the network by"
MSG[40]="You can stop the network by"
MSG[41]="Y"
MSG[42]="N"
MSG[101]="Cannot locate"
MSG[102]="enter the path to"
MSG[103]="Could not find any active wireless interfaces, cannot continue"
MSG[104]="found"
MSG[105]="ATTENTION"
MSG[106]="Continue"
MSG[107]="Usage"
MSG[110]="basic kernel driver"
MSG[111]="Atheros based cards"
MSG[112]="Intel 2100/2200 - currently wext is normally used"
MSG[113]="Windows XP driver and ndiswrapper - currently wext is normally used"
welcome[0]="This script will configure access to ${bf}eduroam$n"
welcome[1]="${bf}ATTENTION!$n to be used only by students and staff of ${bf}PL$n"
;;
esac
drivers=("wext" "madwifi" "ipw" "ndiswrapper")
# functions
#
# lprint takes two string aguments, prints the first if the script
# is running within the preferred language envitonment and the second otherwise
#
lprintn() {
if [ -n "${MSG[$1]}" ]; then
echo -n "${MSG[$1]}"
else
echo -n $2;
fi
}
lprint() {
lprintn "$1" "$2"
echo ""
}
# ask user for confirmation
# the first argument is the user prompt
# if the second argument is 0 then the first element of yes_no array
# will be the default value prompted to the user
ask() {
yes=`lprintn 41 Y`
no=`lprintn 42 N`
if [ $2 == "0" ]; then
def=$yes
else
def=$no
fi
while true
do
read -p "${bf}${1} ${yes}/${no}? [${def}]:$n " answer
if [ -z "$answer" ] ; then
answer=${def}
else
answer=`echo $answer | awk '{ print toupper($0) }'`
fi
case "$answer" in
${yes})
return 0
;;
${no})
return 1
;;
esac
done
}
atn=`lprintn 105 "ATTENTION"`
attention="${bf}${atn}!${n}"
myname=`basename $0`
case "$myname" in
"$tls_script_name")
tls=1
ttls=0
;;
"$ttls_script_name")
tls=0
ttls=1
;;
"$peap_script_name")
tls=0
ttls=0
;;
*)
lprint 1 "This script should be named one of the following:"
echo "$tls_script_name, $peap_script_name, $ttls_script_name"
exit
esac
clear
echo ""
for m in "${welcome[@]}"
do
echo "$m"
done
echo ""
set -- `getopt ih $*`
for i
do
case "$i" in
-h)
lprintn 107 "Usage"; echo " $0 [-i]"
echo ""
echo ""
exit 2 ;;
-i)
flag="i"; shift;;
--)
shift; break;;
esac
done
user=`whoami`
if [ "$user" != "root" ]; then
echo -n "�${attention} "
lprint 2 "this script must be started with administrator rights"
exit
fi
if ! ask "`lprintn 106 'Continue'`" 0 ; then exit; fi
clear
# locate iwconfig
#
if [ -x /sbin/iwconfig ]; then
IWCONFIG="/sbin/iwconfig"
elif [ -x /usr/sbin/iwconfig ]; then
IWCONFIG="/usr/sbin/iwconfig"
elif [ "$flag" ! = "-i" ] ; then
lprintn 101 "Cannot locate"; echo " iwconfig"
prompt=`lprintn 102 "enter the path to"`
read -p "$prompt iwconfig: " IWCONFIG
if [ ! -x $IWCONFIG ] ; then
lprintn 101 "Cannot locate"; echo " $IWCONFIG";
exit
fi
fi
if [ "$flag" = "i" ] ; then
read -p "iwconfig: [${IWCONFIG}] " iwcfg
if [ "$iwcfg" ] ; then
IWCONFIG=$iwcfg
fi
if [ ! -x $IWCONFIG ] ; then
lprintn 101 "Cannot locate";echo " $IWCONFIG";
exit
fi
fi
# locate wireless interface
iface=`${IWCONFIG} 2>/dev/null | awk '/^[a-z]/ {print $1 }'`
if [ -z "${iface}" ] ; then
lprint 103 "Could not find any active wirelerss interfaces, cannot continue"
exit
fi
# locate wpa_supplicant
#
if which wpa_supplicant 1>/dev/null 2>&1 ; then
WPA_SUPPLICANT=`which wpa_supplicant`
elif [ -x /sbin/wpa_supplicant ]; then
WPA_SUPPLICANT="/sbin/wpa_supplicant"
elif [ -x /usr/sbin/wpa_supplicant ]; then
WPA_SUPPLICANT="/usr/sbin/wpa_supplicant"
elif [ "$flag" != "-i" ] ; then
while [ ! -x "$WPA_SUPPLICANT" -o "$WPA_SUPPLICANT" = "" ]
do
lprintn 101 "Cannot locate";echo " wpa_supplicant"
prompt=`lprintn 102 "enter the path to"`
read -p "$prompt wpa_supplicant: " WPA_SUPPLICANT
done
fi
if [ "$flag" = "i" ] ; then
read -p "wpa_supplicant: [${WPA_SUPPLICANT}] " iwcfg
if [ "$iwcfg" ] ; then
WPA_SUPPLICANT=$iwcfg
fi
while [ ! -x "$WPA_SUPPLICANT" -o "$WPA_SUPPLICANT" = "" ]
do
lprintn 101 "Cannot locate"; echo " wpa_supplicant"
read -p "$prompt wpa_supplicant: " WPA_SUPPLICANT
done
fi
# locate wpa_cli
#
if which wpa_cli 1>/dev/null 2>&1 ; then
WPA_CLI=`which wpa_cli`
fi
# select the wireless interface
#
iface_count=`${IWCONFIG} 2>/dev/null | awk '/^[a-z]/ {print $1 }'| wc -l`
if [ $iface_count -gt 1 ] ; then
lprint 3 "Found the following active wirelerss interfaces:"
echo "$bf${iface}$n"
else
lprintn 4 "Found active wirelerss interface"
echo ": $bf${iface}$n"
fi
if [ $iface_count -gt 1 ] ; then
lprint 5 "please choose one"
ifc=""
while [ -z $ifc ]
do
read -p "${n}interface: ${bf}" ifc
done
iface=$ifc
elif [ "$flag" = "i" ] ; then
read -p "interface: [${iface}] " ifc
if [ "$ifc" ] ; then
iface=$ifc
fi
fi
# select wireless driver
#
case $iface in
ath[0-9])
driver="madwifi"
;;
eth[0-9] | wlan[0-9])
driver="wext"
;;
esac
if [ "$flag" = "i" ] ; then
lprint 6 "available drivers:"
i=0
j=110
for ifs in ${drivers[*]}
do
printf " %-19s - %s\n" "${bf}$ifs${n}" "${MSG[$j]}"
let i++
let j++
done
prompt=`lprint 7 "driver"`
read -p "${prompt}: [${driver}] " dr
if [ "$dr" ] ; then
driver=$dr
fi
fi
if [ -x /sbin/dhcpcd ] ; then
dhclient="/sbin/dhcpcd"
fi
if [ -x /sbin/dhclient ] ; then
dhclient="/sbin/dhclient"
fi
if [ -x /sbin/pump ] ; then
dhclient="/sbin/pump -i"
fi
# check for gksu
GKSU=""
if which gksu 1>/dev/null 2>&1 ; then
GKSU=`which gksu`
fi
# check for kdesu
KDESU=""
if which kdesu 1>/dev/null 2>&1 ; then
KDESU=`which kdesu`
fi
found=`lprintn 104 "found"`;
echo ""
echo "--------------------------------------------------------------------"
lprintn 8 "Configuring eduroam on"; echo " $bf$iface$n"
echo " ${found} $bf$WPA_SUPPLICANT$n"
echo " ${found} $bf$IWCONFIG$n"
echo " ${found} $bf$dhclient$n"
echo -n " "; lprintn 9 "setting driver"; echo " $bf$driver$n"
echo -n " "; lprintn 10 "will create directory"; echo " $bf$EDUROAM_CONF_PATH$n"
echo -n " "; lprint 11 "will create commands:"
echo " $bf${EDUROAM_SBIN_PATH}/eduroam$n"
echo " $bf${EDUROAM_BIN_PATH}/eduroam-start$n"
echo " $bf${EDUROAM_BIN_PATH}/eduroam-stop$n"
if [ -n "$GKSU" -o -n "$KDESU" ] ; then
echo -n " "; lprint 12 "and auxilary commands:"
echo " $bf${EDUROAM_BIN_PATH}/xeduroam-start$n"
echo " $bf${EDUROAM_BIN_PATH}/xeduroam-stop$n"
fi
echo "--------------------------------------------------------------------"
echo ""
lprint 13 "If you would like to change some settings, then stop the installation"
lprint 14 "and start the script with -i option"
echo ""
if ! ask "`lprintn 106 'Continue'`" 1 ; then exit; fi
if [ -z "$GKSU" -a -z "$KDESU" ]; then
if which sudo 1>/dev/null 2>&1 ; then
SUDO=`which sudo`
prompt=`lprint 15 "would you like to use ${n}sudo${bf} for starting eduroam"`
if ask "$prompt" 1; then
lprintn 16 "OK, will use"
echo " ${bf}${SUDO}$n"
else
lprintn 16 "OK, will use"
echo " ${bf}su${n}"
SUDO=""
fi
fi
fi
if [ -d "$EDUROAM_CONF_PATH" ] ; then
echo -n "${attention} "
lprintn 17 "Directory"; echo -n " $EDUROAM_CONF_PATH "; lprint 18 "exists"
lprint 19 "some files can be modified"
if ! ask "`lprintn 106 'Continue'`" 1 ; then exit; fi
else
lprintn 20 "creating"; echo " $EDUROAM_CONF_PATH"
if ! mkdir $EDUROAM_CONF_PATH ; then
lprintn 21 "directory creation error for"; echo " $EDUROAM_CONF_PATH"
exit
fi
fi
if [ $tls -eq 1 ] ; then
cert=`ls *[0-9][0-9].${p12_ext} 2>/dev/null `
prompt=`lprint 22 "personal certificate file"`
read -p "personal certificate file [$bf$cert${n}]" pfx
if [ "$pfx" ] ; then
cert=$pfx
fi
if [ ! "$cert" -o ! -f $cert ] ; then
lprint 23 "cannot conntinue without the correct filename"
exit;
fi
PASSWORD=""
prompt=`lprint 24 "enter the password for the certificate file"`
while [ ! "$PASSWORD" ]
do
read -s -r -p "${prompt}: " PASSWORD
echo ""
if openssl pkcs12 -in $cert -passin pass:"$PASSWORD" -noout 2>/dev/null; then
USER=`openssl pkcs12 -in $cert -passin pass:"$PASSWORD" -nokeys 2>/dev/null | awk -F/ '/subject=/ {print $7}' | sed -e 's/^cn=//i'`
lid=`echo $USER | sed -e 's/\@.*//i'`
openssl pkcs12 -in $cert -passin pass:"$PASSWORD" -passout pass:"$PASSWORD" -nocerts -out $lid.key 1>/dev/null 2>&1
openssl pkcs12 -in $cert -passin pass:"$PASSWORD" -nokeys -out $lid.crt 1>/dev/null 2>&1
else
lprint 25 "wrong password"
PASSWORD=""
fi
done
eap="TLS
client_cert=\"${EDUROAM_CONF_PATH}/${lid}.crt\"
private_key=\"${EDUROAM_CONF_PATH}/${lid}.key\"
private_key_passwd=\"${PASSWORD}\""
else
PASSWORD="a"
PASSWORD1="b"
prompt=`lprint 26 "enter your userid in the form id@domain"`
read -p "${prompt}: " USER
while [ "$PASSWORD" != "$PASSWORD1" ]
do
prompt=`lprint 27 "enter your password"`
read -s -r -p "${prompt}: " PASSWORD
echo ""
prompt=`lprint 28 "repeat your password"`
read -s -r -p "${prompt}: " PASSWORD1
echo ""
if [ "$PASSWORD" != "$PASSWORD1" ] ; then
lprint 29 "passwords do not match"
fi
done
if [ $ttls -eq 1 ] ; then
eap="TTLS
password=\"${PASSWORD}\"
phase2=\"auth=PAP\""
else
eap="PEAP
password=\"${PASSWORD}\"
phase2=\"auth=MSCHAPV2\""
fi
fi
echo "ctrl_interface=/var/run/wpa_supplicant
network={
ssid=\"${ssid:-eduroam}\"
key_mgmt=WPA-EAP
ca_cert=\"${EDUROAM_CONF_PATH}/ca.cer\"
identity=\"${USER}\"
eap=$eap
}
network={
ssid=\"${ssid:-eduroam}\"
key_mgmt=IEEE8021X
ca_cert=\"${EDUROAM_CONF_PATH}/ca.cer\"
identity=\"${USER}\"
eap=$eap
}
" > ${EDUROAM_CONF_PATH}/wpa_supplicant.conf
echo "-----BEGIN CERTIFICATE-----
MIIFWDCCBECgAwIBAgIJANVy+CxpSDRHMA0GCSqGSIb3DQEBBQUAMIHNMQswCQYD
VQQGEwJQTDEXMBUGA1UECBMOd29qLiBMdWJlbHNraWUxDzANBgNVBAcTBkx1Ymxp
bjEeMBwGA1UEChMVUG9saXRlY2huaWthIEx1YmVsc2thMR0wGwYDVQQLExRJbnN0
eXR1dCBJbmZvcm1hdHlraTEqMCgGA1UEAxMhSUkgLSBXRWlJIC0gUG9saXRlY2hu
aWthIEx1YmVsc2thMSkwJwYJKoZIhvcNAQkBFhphZG1pbnNAcGx1dG9uLmNzLnBv
bGx1Yi5wbDAeFw0wOTA1MjgxMTEwNTRaFw0xOTA1MjYxMTEwNTRaMIHNMQswCQYD
VQQGEwJQTDEXMBUGA1UECBMOd29qLiBMdWJlbHNraWUxDzANBgNVBAcTBkx1Ymxp
bjEeMBwGA1UEChMVUG9saXRlY2huaWthIEx1YmVsc2thMR0wGwYDVQQLExRJbnN0
eXR1dCBJbmZvcm1hdHlraTEqMCgGA1UEAxMhSUkgLSBXRWlJIC0gUG9saXRlY2hu
aWthIEx1YmVsc2thMSkwJwYJKoZIhvcNAQkBFhphZG1pbnNAcGx1dG9uLmNzLnBv
bGx1Yi5wbDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMcqg/NgtxZ1
jeorFBb3uBP294J8tiNBM3Dg7Bktz8x1s+06cz1rg8h5LrP1GR/19zmZAKNRjkST
ZJ7+NQ+41QJoutWJneBnTj7nvWAU8Qd9S+9qZxVf25+lv4NJVQxkVfZWpmi9LCLc
q+X7xhzbPC6elL7HnJ54cbv7UCeKugLVUDfgYyp+fYiI09BIttKhniI5KfC/Gpuy
LrO+v1gRhbezhDvHemfQ62uMVL6RG1NpZ9QuZT1rrU0ApiKpF5qpNuIAS1wOOp9H
rssMlGkHh2FDVVTSmMV0HKvx6RnFTZhYGL+EepxI31lhYkav9vYVQ8rvls0cjE5x
h4wv+IIIWyECAwEAAaOCATcwggEzMB0GA1UdDgQWBBQct0Je2H3AInP/SiS8M/zV
CAo1vTCCAQIGA1UdIwSB+jCB94AUHLdCXth9wCJz/0okvDP81QgKNb2hgdOkgdAw
gc0xCzAJBgNVBAYTAlBMMRcwFQYDVQQIEw53b2ouIEx1YmVsc2tpZTEPMA0GA1UE
BxMGTHVibGluMR4wHAYDVQQKExVQb2xpdGVjaG5pa2EgTHViZWxza2ExHTAbBgNV
BAsTFEluc3R5dHV0IEluZm9ybWF0eWtpMSowKAYDVQQDEyFJSSAtIFdFaUkgLSBQ
b2xpdGVjaG5pa2EgTHViZWxza2ExKTAnBgkqhkiG9w0BCQEWGmFkbWluc0BwbHV0
b24uY3MucG9sbHViLnBsggkA1XL4LGlINEcwDAYDVR0TBAUwAwEB/zANBgkqhkiG
9w0BAQUFAAOCAQEAqFihBjXpQuSO/ZyJevFecTQE0W9gFx7WQ2ZuTWJJEIMfy5ck
FIM/mOYdgzZHfSXbAJ/j88Y01t2GsBdenvzdOOj/kYFoC2hywEy22b+8Sh1HiDPx
xJMlxWwquMU6MUu6j6qoEqyz2BQHtoPdRJJXjfqyi9LluMfK2xKFVJxrEUsVG8nl
ympUDoVDJx6psInfbNM/x4Q696dJgXRYS/BN4omSt7DpYb8qVy0e1eAfcH9Ad84N
mYNV62xaHq/QxQaCdmYK0DgwLcHrAkPj7QWVIvPbYjkHYlWvvUQOIWHwiZo1Bcc1
eAuMeFRxLJB858UNj2ZyqG/ensucQiQLy0NzIw==
-----END CERTIFICATE-----
" > ${EDUROAM_CONF_PATH}/ca.cer
chown root ${EDUROAM_CONF_PATH}/wpa_supplicant.conf
chmod 600 ${EDUROAM_CONF_PATH}/wpa_supplicant.conf
starting=`lprint 30 "starting network on"`
stopping=`lprint 31 "stopping network on"`
waiting=`lprint 32 "waiting for connection"`
connected=`lprint 33 "connected to"`
restarting=`lprint 34 "restarting"`
assinging_ip=`lprint 35 "setting IP"`
msg=`lprintn 107 "Usage"`
echo "#!/bin/sh
WPA_SUPPLICANT=\"$WPA_SUPPLICANT\"" > ${EDUROAM_SBIN_PATH}/eduroam
if [ "$WPA_CLI" ] ; then
echo "WPA_CLI=\"$WPA_CLI\"" >> ${EDUROAM_SBIN_PATH}/eduroam
fi
echo "DRIVER=\"${driver}\"
WPA_CONF=\"${EDUROAM_CONF_PATH}/wpa_supplicant.conf\"
DHCPD=\"${dhclient}\"
INTERFACE=\"${iface}\"
REAUTH_TIMEOUT=\"${REAUTH_TIMEOUT:-40}\"
# end of configuration section
dhclient=\`basename \$DHCPD\`
case \"\$1\" in
start)
echo \"$starting \${INTERFACE}\"
pkill wpa_supplicant
kill \`ps -ef | awk \"/\$dhclient/ && /${iface}/ && ! /awk/ {print \$2}\"\` 1>/dev/null 2>&1
\${WPA_SUPPLICANT} -B -D \${DRIVER} -c \${WPA_CONF} -i \${INTERFACE} -P /var/run/wpa_supplicant.pid 1>/dev/null 2>&1
if [ \"\$WPA_CLI\" ] ; then
i=1
echo \"$waiting\"
while ! \$WPA_CLI status | grep -q AUTHENTICATED ; do
sleep 1
i=\`expr \$i + 1\`
if [ \$i -gt 40 ] ; then
echo \"$restarting wpa_supplicant\"
echo \"$waiting\"
pkill wpa_supplicant
sleep 1
\${WPA_SUPPLICANT} -B -D \${DRIVER} -c \${WPA_CONF} -i \${INTERFACE} -P /var/run/wpa_supplicant.pid 1>/dev/null 2>&1
i=1
sleep 1
fi
done
echo \"$connected eduroam\"
else
sleep 10
fi
echo \"$assinging_ip\"
\${DHCPD} \${INTERFACE}
;;
stop)
echo \"$stopping \${INTERFACE}\"
pkill wpa_supplicant
kill \`ps -ef | awk '/dhclient/ && /${iface}/ && ! /awk/ {print \$2}'\` 1>/dev/null 2>&1
;;
*)
echo \"$msg \$0 {start|stop}\"
exit 1
;;
esac
" >> ${EDUROAM_SBIN_PATH}/eduroam
chmod 755 ${EDUROAM_SBIN_PATH}/eduroam
if [ -n "$GKSU" -o -n "$KDESU" ]; then
msg=`lprintn 36 "execute"; echo -n " ${EDUROAM_SBIN_PATH}/eduroam start "; lprintn 37 "as root"`
echo "#!/bin/sh
xterm -geometry 80x5 -T 'eduroam start' -e '${EDUROAM_SBIN_PATH}/eduroam start; sleep 2'
" > ${EDUROAM_BIN_PATH}/xeduroam-start
echo "#!/bin/sh
xterm -geometry 80x5 -T 'eduroam stop' -e '${EDUROAM_SBIN_PATH}/eduroam stop; sleep 2'
" > ${EDUROAM_BIN_PATH}/xeduroam-stop
chmod 755 ${EDUROAM_BIN_PATH}/xeduroam-*
echo "#!/bin/sh
if [ -n \"\$DISPLAY\" ] ; then
if env | grep -q GNOME ; then
if which gksu 1>/dev/null 2>&1 ; then
SSSU=`which gksu`
fi
fi
if env | grep -q KDE ; then
if which kdesu 1>/dev/null 2>&1 ; then
SSSU=`which kdesu`
fi
fi
if [ -n \"\$SSSU\" ] ; then
\$SSSU xeduroam-start 1>/dev/null 2>&1
else
echo $msg
fi
else
echo $msg
fi
" > ${EDUROAM_BIN_PATH}/eduroam-start
msg=`lprintn 36 "execute"; echo -n " ${EDUROAM_SBIN_PATH}/eduroam stop "; lprintn 37 "as root"`
echo "#!/bin/sh
if [ -n \"\$DISPLAY\" ] ; then
if env | grep -q GNOME ; then
if which gksu 1>/dev/null 2>&1 ; then
SSSU=`which gksu`
fi
fi
if env | grep -q KDE ; then
if which kdesu 1>/dev/null 2>&1 ; then
SSSU=`which kdesu`
fi
fi
if [ -n \"\$SSSU\" ] ; then
\$SSSU xeduroam-stop 1>/dev/null 2>&1
else
echo $msg
fi
else
echo $msg
fi
" > ${EDUROAM_BIN_PATH}/eduroam-stop
else
if [ -n "$SUDO" ]; then
echo "#!/bin/sh
if [ -n \"\$DISPLAY\" ] ; then
xterm -geometry 80x4 -T 'eduroam start' -e \"${SUDO} ${EDUROAM_SBIN_PATH}/eduroam start\"
else
${SUDO} ${EDUROAM_SBIN_PATH}/eduroam start
fi
" > ${EDUROAM_BIN_PATH}/eduroam-start
echo "#!/bin/sh
if [ -n \"\$DISPLAY\" ] ; then
xterm -geometry 80x4 -T 'eduroam stop' -e \"${SUDO} ${EDUROAM_SBIN_PATH}/eduroam stop\"
else
${SUDO} ${EDUROAM_SBIN_PATH}/eduroam stop
fi
" > ${EDUROAM_BIN_PATH}/eduroam-stop
else
echo "#!/bin/sh
if [ -n \"\$DISPLAY\" ] ; then
xterm -geometry 80x4 -T 'eduroam start' -e \"su -c '${EDUROAM_SBIN_PATH}/eduroam start'\"
else
su -c '${EDUROAM_SBIN_PATH}/eduroam start'
fi
" > ${EDUROAM_BIN_PATH}/eduroam-start
echo "#!/bin/sh
if [ -n \"\$DISPLAY\" ] ; then
xterm -geometry 80x4 -T 'eduroam stop' -e \"su -c '${EDUROAM_SBIN_PATH}/eduroam stop'\"
else
su -c '${EDUROAM_SBIN_PATH}/eduroam stop'
fi
" > ${EDUROAM_BIN_PATH}/eduroam-stop
fi
fi
chmod 755 ${EDUROAM_BIN_PATH}/eduroam-*
if [ $tls -eq 1 ] ; then
mv ${lid}.crt ${EDUROAM_CONF_PATH}
mv ${lid}.key ${EDUROAM_CONF_PATH}
fi
echo ""
lprint 38 "Configuration successful"
lprintn 39 "You can start the network by"; echo " ${bf}eduroam-start$n"
lprintn 40 "You can stop the network by"; echo " ${bf}eduroam-stop$n"
echo ""