#!/bin/bash # # eduroam configuration utility for Linux # # Version 0.4-1 # Depending on the name with witch the script is called # it will configure eduroam for TLS, TTLS-PAP or PEAP # We assume that the wireless card is already installed ie. visible under # iwconfig. # Successfully tested under the following list of Linux distributions # Aurox 10.2 # Fedora Core 5 # Fedora Core 6 # Knoppix 5.0.1 # Mandriva 2007.0 # Suse 10.0 # Suse 10.1 # Ubuntu 6.06 # Ubuntu 6.10 # # Written by Tomasz Wolniewicz (twoln@umk.pl) # with contributions from Andrzej Angowski # German locale provided by Torsten Kersting # # # When setting up TLS we assume that the user certificate is in p12 format # and it makes life easier if the certificates have the extension defined # below as p12_ext # # # This script has been generated by the prepare_eduroam_config utility # tls_script_name='eduroam_config_tls' peap_script_name='eduroam_config_peap' p12_ext='p12' EDUROAM_CONF_PATH='/etc/eduroam' EDUROAM_SBIN_PATH='/sbin' EDUROAM_BIN_PATH='/usr/bin' # # The LANG variable is used to choose the correct language settings. # Full LANG and the LANG prefix can me matched. # New laguages can be easily added. # If LANG does not match any of predefined vauses, English will be used. # l=`echo $LANG | sed -e 's/\..*$//'` if [ "$TERM" = "xterm" ] ; then bf=""; n=""; fi case "$LANG" in pl_PL.ISO-8859-2|pl_PL.iso-8859-2|pl_PL.ISO88593|pl_PL.iso88592) MSG[101]="Nie mogę odnaleĽć" MSG[102]="Wprowadć pełn± scieżkę do" MSG[103]="nie znalazłem aktywnego interfejsu bezprzewodowego, nie można kontynuować" MSG[104]="znalazłem" MSG[105]="UWAGA" MSG[106]="Kontynuować" MSG[107]="Użycie" MSG[110]="podstawowy sterownik jadra" MSG[111]="karty na układzie Atheros" MSG[112]="karty Intel 2100/2200 - obecnie zazwyczaj stosuje się wext" MSG[113]="sterownik Windows XP i ndiswrapper - obecnie zazwyczaj stosuje się wext" MSG[1]="Ten skrypt powinien byc uruchamiany pod jedna z nazw:" MSG[2]="ten skrypt powinien byc uruchomiony z uprawnieniami administratora" MSG[3]="Znalazłem aktywne interfejsy bezprzewodowe:" MSG[4]="Znalazłem aktywny interfejs bezprzewodowy" MSG[5]="wybierz jeden z nich" MSG[6]="dostępne sterowniki:" MSG[7]="sterownik" MSG[8]="Konfiguruję sieć dla" MSG[9]="ustawiam sterownik" MSG[10]="utworzę katalog" MSG[11]="utworzę polecenia" MSG[12]="oraz polecenia pomocnicze:" MSG[13]="Jeżeli chcesz co¶ zmienić w tych ustawieniach, to przerwij instalację" MSG[14]="i uruchom skrypt ponownie z opcj± -i" MSG[15]="czy chcesz używać ${n}sudo${bf} przy uruchamianiu eduroam" MSG[16]="OK, użyję" MSG[17]="Katalog" MSG[18]="istnieje" MSG[19]="niektóre pliki mog± zostać zmodyfikowane" MSG[20]="tworzę" MSG[21]="bł±d tworzenia katalogu" MSG[22]="nazwa pliku z certyfikatem indywidualnym" MSG[23]="nie mogę kontynuować bez poprawnej nazwy pliku" MSG[24]="wprowadĽ hasło do pliku z certyfikatem" MSG[25]="niepoprawne hasło" MSG[26]="wprowadĽ swój identyfikator pocztowy w postaci id@domena" MSG[27]="wprowadĽ swoje hasło" MSG[28]="powtórz swoje hasło" MSG[29]="niezgodne hasła" MSG[30]="start sieci na" MSG[31]="zatrzymanie sieci na" MSG[32]="czekam na uwierzytelnienie" MSG[33]="polaczono z " MSG[34]="ponowny start" MSG[35]="pobieram adres IP" MSG[36]="uruchom" MSG[37]="jako root" MSG[38]="Konfiguracja zakończona" MSG[39]="Sieć możesz uruchomić poleceniem" MSG[40]="Sieć możesz zatrzymać poleceniem" MSG[41]="T" MSG[42]="N" welcome[0]="Skrypt konfiguruj±cy dostęp do sieci ${bf}eduroam$n" welcome[1]="${bf}UWAGA!$n przeznaczony dla pracowników i studentów ${bf}PL$n" welcome[2]="W przypadu problemów prosimy o kontakt z adresem admins@pluton.pol.lublin.pl z podaniem" welcome[3]="dystrybucji linuxa z któr± był problem" welcome[4]="" ;; pl_PL.UTF8|pl_PL.UTF-8) MSG[101]="Nie mogÄ™ odnaleźć" MSG[102]="Wprowadć peĹ‚nÄ… scieĹĽkÄ™ do" MSG[103]="nie znalazĹ‚em aktywnego interfejsu bezprzewodowego, nie moĹĽna kontynuować" MSG[104]="znalazĹ‚em" MSG[105]="UWAGA" MSG[106]="Kontynuować" MSG[107]="UĹĽycie" MSG[110]="podstawowy sterownik jadra" MSG[111]="karty na ukĹ‚adzie Atheros" MSG[112]="karty Intel 2100/2200 - obecnie zazwyczaj stosuje siÄ™ wext" MSG[113]="sterownik Windows XP i ndiswrapper - obecnie zazwyczaj stosuje siÄ™ wext" MSG[1]="Ten skrypt powinien byc uruchamiany pod jedna z nazw:" MSG[2]="ten skrypt powinien byc uruchomiony z uprawnieniami administratora" MSG[3]="ZnalazĹ‚em aktywne interfejsy bezprzewodowe:" MSG[4]="ZnalazĹ‚em aktywny interfejs bezprzewodowy" MSG[5]="wybierz jeden z nich" MSG[6]="dostÄ™pne sterowniki:" MSG[7]="sterownik" MSG[8]="KonfigurujÄ™ sieć dla" MSG[9]="ustawiam sterownik" MSG[10]="utworzÄ™ katalog" MSG[11]="utworzÄ™ polecenia" MSG[12]="oraz polecenia pomocnicze:" MSG[13]="JeĹĽeli chcesz coĹ› zmienić w tych ustawieniach, to przerwij instalacjÄ™" MSG[14]="i uruchom skrypt ponownie z opcjÄ… -i" MSG[15]="czy chcesz uĹĽywać ${n}sudo${bf} przy uruchamianiu eduroam" MSG[16]="OK, uĹĽyjÄ™" MSG[17]="Katalog" MSG[18]="istnieje" MSG[19]="niektĂłre pliki mogÄ… zostać zmodyfikowane" MSG[20]="tworzÄ™" MSG[21]="bĹ‚Ä…d tworzenia katalogu" MSG[22]="nazwa pliku z certyfikatem indywidualnym" MSG[23]="nie mogÄ™ kontynuować bez poprawnej nazwy pliku" MSG[24]="wprowadĹş hasĹ‚o do pliku z certyfikatem" MSG[25]="niepoprawne hasĹ‚o" MSG[26]="wprowadĹş swĂłj identyfikator pocztowy w postaci id@domena" MSG[27]="wprowadĹş swoje hasĹ‚o" MSG[28]="powtĂłrz swoje hasĹ‚o" MSG[29]="niezgodne hasĹ‚a" MSG[30]="start sieci na" MSG[31]="zatrzymanie sieci na" MSG[32]="czekam na uwierzytelnienie" MSG[33]="polaczono z " MSG[34]="ponowny start" MSG[35]="pobieram adres IP" MSG[36]="uruchom" MSG[37]="jako root" MSG[38]="Konfiguracja zakoĹ„czona" MSG[39]="Sieć moĹĽesz uruchomić poleceniem" MSG[40]="Sieć moĹĽesz zatrzymać poleceniem" MSG[41]="T" MSG[42]="N" welcome[0]="Skrypt konfigurujÄ…cy dostÄ™p do sieci ${bf}eduroam$n" welcome[1]="${bf}UWAGA!$n przeznaczony dla pracownikĂłw i studentĂłw ${bf}PL$n" welcome[2]="W przypadu problemĂłw prosimy o kontakt z adresem admins@pluton.pol.lublin.pl z podaniem" welcome[3]="dystrybucji linuxa z ktĂłrÄ… byĹ‚ problem" welcome[4]="" ;; pl_PL*) MSG[101]="Nie moge odnalezc" MSG[102]="Wprowadz pelna sciezke do" MSG[103]="nie znalazlem aktywnego interfejsu bezprzewodowego, nie mozna kontynuowac" MSG[104]="znalazlem" MSG[105]="UWAGA" MSG[106]="Kontynuowac" MSG[107]="Uzycie" MSG[110]="podstawowy sterownik jadra" MSG[111]="karty na ukladzie Atheros" MSG[112]="karty Intel 2100/2200 - obecnie zazwyczaj stosuje sie wext" MSG[113]="sterownik Windows XP i ndiswrapper - obecnie zazwyczaj stosuje się wext" MSG[1]="Ten skrypt powinien byc uruchamiany pod jedna z nazw:" MSG[2]="ten skrypt powinien byc uruchomiony z uprawnieniami administratora" MSG[3]="Znalazlem aktywne interfejsy bezprzewodowe:" MSG[4]="Znalazlem aktywny interfejs bezprzewodowy" MSG[5]="wybierz jeden z nich" MSG[6]="dostepne sterowniki:" MSG[7]="sterownik" MSG[8]="Konfiguruje siec dla" MSG[9]="ustawiam sterownik" MSG[10]="utworze katalog" MSG[11]="utworze polecenia" MSG[12]="oraz polecenia pomocnicze:" MSG[13]="Jezeli chcesz cos zmienic w tych ustawieniach, to przerwij instalacje" MSG[14]="i uruchom skrypt ponownie z opcja -i" MSG[15]="czy chcesz uzywac ${n}sudo${bf} przy uruchamianiu eduroam" MSG[16]="OK, uzyje" MSG[17]="Katalog" MSG[18]="istnieje" MSG[19]="niektore pliki moga zostac zmodyfikowane" MSG[20]="tworze" MSG[21]="blad tworzenia katalogu" MSG[22]="nazwa pliku z certyfikatem indywidualnym" MSG[23]="nie moge kontynuowac bez poprawnej nazwy pliku" MSG[24]="wprowadz haslo do pliku z certyfikatem" MSG[25]="niepoprawne haslo" MSG[26]="wprowadz swoj identyfikator pocztowy w postaci id@domena" MSG[27]="wprowadz swoje haslo" MSG[28]="powtorz swoje haslo" MSG[29]="niezgodne hasla" MSG[30]="start sieci na" MSG[31]="zatrzymanie sieci na" MSG[32]="czekam na uwierzytelnienie" MSG[33]="polaczono z " MSG[34]="ponowny start" MSG[35]="pobieram adres IP" MSG[36]="uruchom" MSG[37]="jako root" MSG[38]="Konfiguracja zakonczona" MSG[39]="Siec mozesz uruchomic poleceniem" MSG[40]="Siec mozesz zatrzymac poleceniem" MSG[41]="T" MSG[42]="N" welcome[0]="Skrypt konfigurujacy dostep do sieci ${bf}eduroam$n" welcome[1]="${bf}UWAGA!$n przeznaczony tylko dla pracownikow i studentow ${bf}PL$n" welcome[2]="W przypadu problemow prosimy o kontakt z adresem admins@pluton.pol.lublin.pl z podaniem" welcome[3]="dystrybucji linuxa z ktora byl problem" ;; *) MSG[1]="This script should be named one of the following:" MSG[2]="this script must be started with administrator rights" MSG[3]="Found the following active wireless interfaces:" MSG[4]="Found active wireless interface" MSG[5]="please choose one" MSG[6]="available drivers:" MSG[7]="driver" MSG[8]="Configuring eduroam on" MSG[9]="setting driver" MSG[10]="will create directory" MSG[11]="will create commands:" MSG[12]="continue auxiliary commands:" MSG[13]="If you would like to change some settings, then stop the installation" MSG[14]="and start the script with -i option" MSG[15]="would you like to use ${n}sudo${bf} for starting eduroam" MSG[16]="OK, will use" MSG[17]="Directory" MSG[18]="exists" MSG[19]="some files can be modified" MSG[20]="creating" MSG[21]="directory creation error for" MSG[22]="personal certificate file" MSG[23]="cannot continue without the correct filename" MSG[24]="enter the password for the certificate file" MSG[25]="wrong password" MSG[26]="enter your userid in the form id@domain" MSG[27]="enter your password" MSG[28]="repeat your password" MSG[29]="passwords do not match" MSG[30]="starting network on" MSG[31]="stopping network on" MSG[32]="waiting for connection" MSG[33]="connected to" MSG[34]="restarting" MSG[35]="setting IP" MSG[36]="execute" MSG[37]="as root" MSG[38]="Configuration successful" MSG[39]="You can start the network by" MSG[40]="You can stop the network by" MSG[41]="Y" MSG[42]="N" MSG[101]="Cannot locate" MSG[102]="enter the path to" MSG[103]="Could not find any active wireless interfaces, cannot continue" MSG[104]="found" MSG[105]="ATTENTION" MSG[106]="Continue" MSG[107]="Usage" MSG[110]="basic kernel driver" MSG[111]="Atheros based cards" MSG[112]="Intel 2100/2200 - currently wext is normally used" MSG[113]="Windows XP driver and ndiswrapper - currently wext is normally used" welcome[0]="This script will configure access to ${bf}eduroam$n" welcome[1]="${bf}ATTENTION!$n to be used only by students and staff of ${bf}PL$n" ;; esac drivers=("wext" "madwifi" "ipw" "ndiswrapper") # functions # # lprint takes two string aguments, prints the first if the script # is running within the preferred language envitonment and the second otherwise # lprintn() { if [ -n "${MSG[$1]}" ]; then echo -n "${MSG[$1]}" else echo -n $2; fi } lprint() { lprintn "$1" "$2" echo "" } # ask user for confirmation # the first argument is the user prompt # if the second argument is 0 then the first element of yes_no array # will be the default value prompted to the user ask() { yes=`lprintn 41 Y` no=`lprintn 42 N` if [ $2 == "0" ]; then def=$yes else def=$no fi while true do read -p "${bf}${1} ${yes}/${no}? [${def}]:$n " answer if [ -z "$answer" ] ; then answer=${def} else answer=`echo $answer | awk '{ print toupper($0) }'` fi case "$answer" in ${yes}) return 0 ;; ${no}) return 1 ;; esac done } atn=`lprintn 105 "ATTENTION"` attention="${bf}${atn}!${n}" myname=`basename $0` case "$myname" in "$tls_script_name") tls=1 ttls=0 ;; "$ttls_script_name") tls=0 ttls=1 ;; "$peap_script_name") tls=0 ttls=0 ;; *) lprint 1 "This script should be named one of the following:" echo "$tls_script_name, $peap_script_name, $ttls_script_name" exit esac clear echo "" for m in "${welcome[@]}" do echo "$m" done echo "" set -- `getopt ih $*` for i do case "$i" in -h) lprintn 107 "Usage"; echo " $0 [-i]" echo "" echo "" exit 2 ;; -i) flag="i"; shift;; --) shift; break;; esac done user=`whoami` if [ "$user" != "root" ]; then echo -n "${attention} " lprint 2 "this script must be started with administrator rights" exit fi if ! ask "`lprintn 106 'Continue'`" 0 ; then exit; fi clear # locate iwconfig # if [ -x /sbin/iwconfig ]; then IWCONFIG="/sbin/iwconfig" elif [ -x /usr/sbin/iwconfig ]; then IWCONFIG="/usr/sbin/iwconfig" elif [ "$flag" ! = "-i" ] ; then lprintn 101 "Cannot locate"; echo " iwconfig" prompt=`lprintn 102 "enter the path to"` read -p "$prompt iwconfig: " IWCONFIG if [ ! -x $IWCONFIG ] ; then lprintn 101 "Cannot locate"; echo " $IWCONFIG"; exit fi fi if [ "$flag" = "i" ] ; then read -p "iwconfig: [${IWCONFIG}] " iwcfg if [ "$iwcfg" ] ; then IWCONFIG=$iwcfg fi if [ ! -x $IWCONFIG ] ; then lprintn 101 "Cannot locate";echo " $IWCONFIG"; exit fi fi # locate wireless interface iface=`${IWCONFIG} 2>/dev/null | awk '/^[a-z]/ {print $1 }'` if [ -z "${iface}" ] ; then lprint 103 "Could not find any active wirelerss interfaces, cannot continue" exit fi # locate wpa_supplicant # if which wpa_supplicant 1>/dev/null 2>&1 ; then WPA_SUPPLICANT=`which wpa_supplicant` elif [ -x /sbin/wpa_supplicant ]; then WPA_SUPPLICANT="/sbin/wpa_supplicant" elif [ -x /usr/sbin/wpa_supplicant ]; then WPA_SUPPLICANT="/usr/sbin/wpa_supplicant" elif [ "$flag" != "-i" ] ; then while [ ! -x "$WPA_SUPPLICANT" -o "$WPA_SUPPLICANT" = "" ] do lprintn 101 "Cannot locate";echo " wpa_supplicant" prompt=`lprintn 102 "enter the path to"` read -p "$prompt wpa_supplicant: " WPA_SUPPLICANT done fi if [ "$flag" = "i" ] ; then read -p "wpa_supplicant: [${WPA_SUPPLICANT}] " iwcfg if [ "$iwcfg" ] ; then WPA_SUPPLICANT=$iwcfg fi while [ ! -x "$WPA_SUPPLICANT" -o "$WPA_SUPPLICANT" = "" ] do lprintn 101 "Cannot locate"; echo " wpa_supplicant" read -p "$prompt wpa_supplicant: " WPA_SUPPLICANT done fi # locate wpa_cli # if which wpa_cli 1>/dev/null 2>&1 ; then WPA_CLI=`which wpa_cli` fi # select the wireless interface # iface_count=`${IWCONFIG} 2>/dev/null | awk '/^[a-z]/ {print $1 }'| wc -l` if [ $iface_count -gt 1 ] ; then lprint 3 "Found the following active wirelerss interfaces:" echo "$bf${iface}$n" else lprintn 4 "Found active wirelerss interface" echo ": $bf${iface}$n" fi if [ $iface_count -gt 1 ] ; then lprint 5 "please choose one" ifc="" while [ -z $ifc ] do read -p "${n}interface: ${bf}" ifc done iface=$ifc elif [ "$flag" = "i" ] ; then read -p "interface: [${iface}] " ifc if [ "$ifc" ] ; then iface=$ifc fi fi # select wireless driver # case $iface in ath[0-9]) driver="madwifi" ;; eth[0-9] | wlan[0-9]) driver="wext" ;; esac if [ "$flag" = "i" ] ; then lprint 6 "available drivers:" i=0 j=110 for ifs in ${drivers[*]} do printf " %-19s - %s\n" "${bf}$ifs${n}" "${MSG[$j]}" let i++ let j++ done prompt=`lprint 7 "driver"` read -p "${prompt}: [${driver}] " dr if [ "$dr" ] ; then driver=$dr fi fi if [ -x /sbin/dhcpcd ] ; then dhclient="/sbin/dhcpcd" fi if [ -x /sbin/dhclient ] ; then dhclient="/sbin/dhclient" fi if [ -x /sbin/pump ] ; then dhclient="/sbin/pump -i" fi # check for gksu GKSU="" if which gksu 1>/dev/null 2>&1 ; then GKSU=`which gksu` fi # check for kdesu KDESU="" if which kdesu 1>/dev/null 2>&1 ; then KDESU=`which kdesu` fi found=`lprintn 104 "found"`; echo "" echo "--------------------------------------------------------------------" lprintn 8 "Configuring eduroam on"; echo " $bf$iface$n" echo " ${found} $bf$WPA_SUPPLICANT$n" echo " ${found} $bf$IWCONFIG$n" echo " ${found} $bf$dhclient$n" echo -n " "; lprintn 9 "setting driver"; echo " $bf$driver$n" echo -n " "; lprintn 10 "will create directory"; echo " $bf$EDUROAM_CONF_PATH$n" echo -n " "; lprint 11 "will create commands:" echo " $bf${EDUROAM_SBIN_PATH}/eduroam$n" echo " $bf${EDUROAM_BIN_PATH}/eduroam-start$n" echo " $bf${EDUROAM_BIN_PATH}/eduroam-stop$n" if [ -n "$GKSU" -o -n "$KDESU" ] ; then echo -n " "; lprint 12 "and auxilary commands:" echo " $bf${EDUROAM_BIN_PATH}/xeduroam-start$n" echo " $bf${EDUROAM_BIN_PATH}/xeduroam-stop$n" fi echo "--------------------------------------------------------------------" echo "" lprint 13 "If you would like to change some settings, then stop the installation" lprint 14 "and start the script with -i option" echo "" if ! ask "`lprintn 106 'Continue'`" 1 ; then exit; fi if [ -z "$GKSU" -a -z "$KDESU" ]; then if which sudo 1>/dev/null 2>&1 ; then SUDO=`which sudo` prompt=`lprint 15 "would you like to use ${n}sudo${bf} for starting eduroam"` if ask "$prompt" 1; then lprintn 16 "OK, will use" echo " ${bf}${SUDO}$n" else lprintn 16 "OK, will use" echo " ${bf}su${n}" SUDO="" fi fi fi if [ -d "$EDUROAM_CONF_PATH" ] ; then echo -n "${attention} " lprintn 17 "Directory"; echo -n " $EDUROAM_CONF_PATH "; lprint 18 "exists" lprint 19 "some files can be modified" if ! ask "`lprintn 106 'Continue'`" 1 ; then exit; fi else lprintn 20 "creating"; echo " $EDUROAM_CONF_PATH" if ! mkdir $EDUROAM_CONF_PATH ; then lprintn 21 "directory creation error for"; echo " $EDUROAM_CONF_PATH" exit fi fi if [ $tls -eq 1 ] ; then cert=`ls *[0-9][0-9].${p12_ext} 2>/dev/null ` prompt=`lprint 22 "personal certificate file"` read -p "personal certificate file [$bf$cert${n}]" pfx if [ "$pfx" ] ; then cert=$pfx fi if [ ! "$cert" -o ! -f $cert ] ; then lprint 23 "cannot conntinue without the correct filename" exit; fi PASSWORD="" prompt=`lprint 24 "enter the password for the certificate file"` while [ ! "$PASSWORD" ] do read -s -r -p "${prompt}: " PASSWORD echo "" if openssl pkcs12 -in $cert -passin pass:"$PASSWORD" -noout 2>/dev/null; then USER=`openssl pkcs12 -in $cert -passin pass:"$PASSWORD" -nokeys 2>/dev/null | awk -F/ '/subject=/ {print $7}' | sed -e 's/^cn=//i'` lid=`echo $USER | sed -e 's/\@.*//i'` openssl pkcs12 -in $cert -passin pass:"$PASSWORD" -passout pass:"$PASSWORD" -nocerts -out $lid.key 1>/dev/null 2>&1 openssl pkcs12 -in $cert -passin pass:"$PASSWORD" -nokeys -out $lid.crt 1>/dev/null 2>&1 else lprint 25 "wrong password" PASSWORD="" fi done eap="TLS client_cert=\"${EDUROAM_CONF_PATH}/${lid}.crt\" private_key=\"${EDUROAM_CONF_PATH}/${lid}.key\" private_key_passwd=\"${PASSWORD}\"" else PASSWORD="a" PASSWORD1="b" prompt=`lprint 26 "enter your userid in the form id@domain"` read -p "${prompt}: " USER while [ "$PASSWORD" != "$PASSWORD1" ] do prompt=`lprint 27 "enter your password"` read -s -r -p "${prompt}: " PASSWORD echo "" prompt=`lprint 28 "repeat your password"` read -s -r -p "${prompt}: " PASSWORD1 echo "" if [ "$PASSWORD" != "$PASSWORD1" ] ; then lprint 29 "passwords do not match" fi done if [ $ttls -eq 1 ] ; then eap="TTLS password=\"${PASSWORD}\" phase2=\"auth=PAP\"" else eap="PEAP password=\"${PASSWORD}\" phase2=\"auth=MSCHAPV2\"" fi fi echo "ctrl_interface=/var/run/wpa_supplicant network={ ssid=\"${ssid:-eduroam}\" key_mgmt=WPA-EAP ca_cert=\"${EDUROAM_CONF_PATH}/ca.cer\" identity=\"${USER}\" eap=$eap } network={ ssid=\"${ssid:-eduroam}\" key_mgmt=IEEE8021X ca_cert=\"${EDUROAM_CONF_PATH}/ca.cer\" identity=\"${USER}\" eap=$eap } " > ${EDUROAM_CONF_PATH}/wpa_supplicant.conf echo "-----BEGIN CERTIFICATE----- MIIFWDCCBECgAwIBAgIJANVy+CxpSDRHMA0GCSqGSIb3DQEBBQUAMIHNMQswCQYD VQQGEwJQTDEXMBUGA1UECBMOd29qLiBMdWJlbHNraWUxDzANBgNVBAcTBkx1Ymxp bjEeMBwGA1UEChMVUG9saXRlY2huaWthIEx1YmVsc2thMR0wGwYDVQQLExRJbnN0 eXR1dCBJbmZvcm1hdHlraTEqMCgGA1UEAxMhSUkgLSBXRWlJIC0gUG9saXRlY2hu aWthIEx1YmVsc2thMSkwJwYJKoZIhvcNAQkBFhphZG1pbnNAcGx1dG9uLmNzLnBv bGx1Yi5wbDAeFw0wOTA1MjgxMTEwNTRaFw0xOTA1MjYxMTEwNTRaMIHNMQswCQYD VQQGEwJQTDEXMBUGA1UECBMOd29qLiBMdWJlbHNraWUxDzANBgNVBAcTBkx1Ymxp bjEeMBwGA1UEChMVUG9saXRlY2huaWthIEx1YmVsc2thMR0wGwYDVQQLExRJbnN0 eXR1dCBJbmZvcm1hdHlraTEqMCgGA1UEAxMhSUkgLSBXRWlJIC0gUG9saXRlY2hu aWthIEx1YmVsc2thMSkwJwYJKoZIhvcNAQkBFhphZG1pbnNAcGx1dG9uLmNzLnBv bGx1Yi5wbDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMcqg/NgtxZ1 jeorFBb3uBP294J8tiNBM3Dg7Bktz8x1s+06cz1rg8h5LrP1GR/19zmZAKNRjkST ZJ7+NQ+41QJoutWJneBnTj7nvWAU8Qd9S+9qZxVf25+lv4NJVQxkVfZWpmi9LCLc q+X7xhzbPC6elL7HnJ54cbv7UCeKugLVUDfgYyp+fYiI09BIttKhniI5KfC/Gpuy LrO+v1gRhbezhDvHemfQ62uMVL6RG1NpZ9QuZT1rrU0ApiKpF5qpNuIAS1wOOp9H rssMlGkHh2FDVVTSmMV0HKvx6RnFTZhYGL+EepxI31lhYkav9vYVQ8rvls0cjE5x h4wv+IIIWyECAwEAAaOCATcwggEzMB0GA1UdDgQWBBQct0Je2H3AInP/SiS8M/zV CAo1vTCCAQIGA1UdIwSB+jCB94AUHLdCXth9wCJz/0okvDP81QgKNb2hgdOkgdAw gc0xCzAJBgNVBAYTAlBMMRcwFQYDVQQIEw53b2ouIEx1YmVsc2tpZTEPMA0GA1UE BxMGTHVibGluMR4wHAYDVQQKExVQb2xpdGVjaG5pa2EgTHViZWxza2ExHTAbBgNV BAsTFEluc3R5dHV0IEluZm9ybWF0eWtpMSowKAYDVQQDEyFJSSAtIFdFaUkgLSBQ b2xpdGVjaG5pa2EgTHViZWxza2ExKTAnBgkqhkiG9w0BCQEWGmFkbWluc0BwbHV0 b24uY3MucG9sbHViLnBsggkA1XL4LGlINEcwDAYDVR0TBAUwAwEB/zANBgkqhkiG 9w0BAQUFAAOCAQEAqFihBjXpQuSO/ZyJevFecTQE0W9gFx7WQ2ZuTWJJEIMfy5ck FIM/mOYdgzZHfSXbAJ/j88Y01t2GsBdenvzdOOj/kYFoC2hywEy22b+8Sh1HiDPx xJMlxWwquMU6MUu6j6qoEqyz2BQHtoPdRJJXjfqyi9LluMfK2xKFVJxrEUsVG8nl ympUDoVDJx6psInfbNM/x4Q696dJgXRYS/BN4omSt7DpYb8qVy0e1eAfcH9Ad84N mYNV62xaHq/QxQaCdmYK0DgwLcHrAkPj7QWVIvPbYjkHYlWvvUQOIWHwiZo1Bcc1 eAuMeFRxLJB858UNj2ZyqG/ensucQiQLy0NzIw== -----END CERTIFICATE----- " > ${EDUROAM_CONF_PATH}/ca.cer chown root ${EDUROAM_CONF_PATH}/wpa_supplicant.conf chmod 600 ${EDUROAM_CONF_PATH}/wpa_supplicant.conf starting=`lprint 30 "starting network on"` stopping=`lprint 31 "stopping network on"` waiting=`lprint 32 "waiting for connection"` connected=`lprint 33 "connected to"` restarting=`lprint 34 "restarting"` assinging_ip=`lprint 35 "setting IP"` msg=`lprintn 107 "Usage"` echo "#!/bin/sh WPA_SUPPLICANT=\"$WPA_SUPPLICANT\"" > ${EDUROAM_SBIN_PATH}/eduroam if [ "$WPA_CLI" ] ; then echo "WPA_CLI=\"$WPA_CLI\"" >> ${EDUROAM_SBIN_PATH}/eduroam fi echo "DRIVER=\"${driver}\" WPA_CONF=\"${EDUROAM_CONF_PATH}/wpa_supplicant.conf\" DHCPD=\"${dhclient}\" INTERFACE=\"${iface}\" REAUTH_TIMEOUT=\"${REAUTH_TIMEOUT:-40}\" # end of configuration section dhclient=\`basename \$DHCPD\` case \"\$1\" in start) echo \"$starting \${INTERFACE}\" pkill wpa_supplicant kill \`ps -ef | awk \"/\$dhclient/ && /${iface}/ && ! /awk/ {print \$2}\"\` 1>/dev/null 2>&1 \${WPA_SUPPLICANT} -B -D \${DRIVER} -c \${WPA_CONF} -i \${INTERFACE} -P /var/run/wpa_supplicant.pid 1>/dev/null 2>&1 if [ \"\$WPA_CLI\" ] ; then i=1 echo \"$waiting\" while ! \$WPA_CLI status | grep -q AUTHENTICATED ; do sleep 1 i=\`expr \$i + 1\` if [ \$i -gt 40 ] ; then echo \"$restarting wpa_supplicant\" echo \"$waiting\" pkill wpa_supplicant sleep 1 \${WPA_SUPPLICANT} -B -D \${DRIVER} -c \${WPA_CONF} -i \${INTERFACE} -P /var/run/wpa_supplicant.pid 1>/dev/null 2>&1 i=1 sleep 1 fi done echo \"$connected eduroam\" else sleep 10 fi echo \"$assinging_ip\" \${DHCPD} \${INTERFACE} ;; stop) echo \"$stopping \${INTERFACE}\" pkill wpa_supplicant kill \`ps -ef | awk '/dhclient/ && /${iface}/ && ! /awk/ {print \$2}'\` 1>/dev/null 2>&1 ;; *) echo \"$msg \$0 {start|stop}\" exit 1 ;; esac " >> ${EDUROAM_SBIN_PATH}/eduroam chmod 755 ${EDUROAM_SBIN_PATH}/eduroam if [ -n "$GKSU" -o -n "$KDESU" ]; then msg=`lprintn 36 "execute"; echo -n " ${EDUROAM_SBIN_PATH}/eduroam start "; lprintn 37 "as root"` echo "#!/bin/sh xterm -geometry 80x5 -T 'eduroam start' -e '${EDUROAM_SBIN_PATH}/eduroam start; sleep 2' " > ${EDUROAM_BIN_PATH}/xeduroam-start echo "#!/bin/sh xterm -geometry 80x5 -T 'eduroam stop' -e '${EDUROAM_SBIN_PATH}/eduroam stop; sleep 2' " > ${EDUROAM_BIN_PATH}/xeduroam-stop chmod 755 ${EDUROAM_BIN_PATH}/xeduroam-* echo "#!/bin/sh if [ -n \"\$DISPLAY\" ] ; then if env | grep -q GNOME ; then if which gksu 1>/dev/null 2>&1 ; then SSSU=`which gksu` fi fi if env | grep -q KDE ; then if which kdesu 1>/dev/null 2>&1 ; then SSSU=`which kdesu` fi fi if [ -n \"\$SSSU\" ] ; then \$SSSU xeduroam-start 1>/dev/null 2>&1 else echo $msg fi else echo $msg fi " > ${EDUROAM_BIN_PATH}/eduroam-start msg=`lprintn 36 "execute"; echo -n " ${EDUROAM_SBIN_PATH}/eduroam stop "; lprintn 37 "as root"` echo "#!/bin/sh if [ -n \"\$DISPLAY\" ] ; then if env | grep -q GNOME ; then if which gksu 1>/dev/null 2>&1 ; then SSSU=`which gksu` fi fi if env | grep -q KDE ; then if which kdesu 1>/dev/null 2>&1 ; then SSSU=`which kdesu` fi fi if [ -n \"\$SSSU\" ] ; then \$SSSU xeduroam-stop 1>/dev/null 2>&1 else echo $msg fi else echo $msg fi " > ${EDUROAM_BIN_PATH}/eduroam-stop else if [ -n "$SUDO" ]; then echo "#!/bin/sh if [ -n \"\$DISPLAY\" ] ; then xterm -geometry 80x4 -T 'eduroam start' -e \"${SUDO} ${EDUROAM_SBIN_PATH}/eduroam start\" else ${SUDO} ${EDUROAM_SBIN_PATH}/eduroam start fi " > ${EDUROAM_BIN_PATH}/eduroam-start echo "#!/bin/sh if [ -n \"\$DISPLAY\" ] ; then xterm -geometry 80x4 -T 'eduroam stop' -e \"${SUDO} ${EDUROAM_SBIN_PATH}/eduroam stop\" else ${SUDO} ${EDUROAM_SBIN_PATH}/eduroam stop fi " > ${EDUROAM_BIN_PATH}/eduroam-stop else echo "#!/bin/sh if [ -n \"\$DISPLAY\" ] ; then xterm -geometry 80x4 -T 'eduroam start' -e \"su -c '${EDUROAM_SBIN_PATH}/eduroam start'\" else su -c '${EDUROAM_SBIN_PATH}/eduroam start' fi " > ${EDUROAM_BIN_PATH}/eduroam-start echo "#!/bin/sh if [ -n \"\$DISPLAY\" ] ; then xterm -geometry 80x4 -T 'eduroam stop' -e \"su -c '${EDUROAM_SBIN_PATH}/eduroam stop'\" else su -c '${EDUROAM_SBIN_PATH}/eduroam stop' fi " > ${EDUROAM_BIN_PATH}/eduroam-stop fi fi chmod 755 ${EDUROAM_BIN_PATH}/eduroam-* if [ $tls -eq 1 ] ; then mv ${lid}.crt ${EDUROAM_CONF_PATH} mv ${lid}.key ${EDUROAM_CONF_PATH} fi echo "" lprint 38 "Configuration successful" lprintn 39 "You can start the network by"; echo " ${bf}eduroam-start$n" lprintn 40 "You can stop the network by"; echo " ${bf}eduroam-stop$n" echo ""