summaryrefslogtreecommitdiff
path: root/packages/wpa-supplicant/files
diff options
context:
space:
mode:
authorMatthias Hentges <oe@hentges.net>2007-06-03 16:14:30 +0000
committerMatthias Hentges <oe@hentges.net>2007-06-03 16:14:30 +0000
commit40c44c63416e2aa92344d18c5f7e6d1be8884821 (patch)
tree98609d69fe861942fbfde37a66db1f8a7708d733 /packages/wpa-supplicant/files
parent65f4f9a4f9e79a26d86899ec2cecb4a46cdb79aa (diff)
wpa-supplicant: Replace /etc/wpa_supplicant.conf with the Debian way to handle WPA:
- All configuration is done via /etc/network/interfaces (similiar to WEP) - /etc/init.d/wpa is no longer needed - wpa_supplicant is launched on ifup with the settings from /e/n/interfaces
Diffstat (limited to 'packages/wpa-supplicant/files')
-rwxr-xr-xpackages/wpa-supplicant/files/functions.sh841
-rwxr-xr-xpackages/wpa-supplicant/files/ifupdown.sh132
2 files changed, 973 insertions, 0 deletions
diff --git a/packages/wpa-supplicant/files/functions.sh b/packages/wpa-supplicant/files/functions.sh
new file mode 100755
index 0000000000..5132fbbca4
--- /dev/null
+++ b/packages/wpa-supplicant/files/functions.sh
@@ -0,0 +1,841 @@
+#!/bin/sh
+
+# Copyright (C) 2006 Debian/Ubuntu wpasupplicant Maintainers
+# <pkg-wpa-devel@lists.alioth.debian.org>
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License
+# as published by the Free Software Foundation; either version 2
+# of the License, or (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# On Debian GNU/Linux systems, the text of the GPL license can be
+# found in /usr/share/common-licenses/GPL.
+
+#####################################################################
+## global variables
+# wpa_supplicant variables
+WPA_SUP_BIN="/usr/sbin/wpa_supplicant"
+WPA_SUP_PNAME="wpa_supplicant"
+WPA_SUP_PIDFILE="/var/run/wpa_supplicant.$WPA_IFACE.pid"
+
+# wpa_cli variables
+WPA_CLI_BIN="/usr/sbin/wpa_cli"
+WPA_CLI_PNAME="wpa_cli"
+WPA_CLI_PIDFILE="/var/run/wpa_action.$WPA_IFACE.pid"
+WPA_CLI_LOGFILE="/var/log/wpa_action.log"
+WPA_CLI_TIMESTAMP="/var/run/wpa_action.$WPA_IFACE.timestamp"
+
+# default ctrl_interface socket directory
+if [ -z "$WPA_CTRL_DIR" ]; then
+ WPA_CTRL_DIR="/var/run/wpa_supplicant"
+fi
+
+# verbosity variables
+if [ -n "$IF_WPA_VERBOSITY" ] || [ "$VERBOSITY" = "1" ]; then
+ TO_NULL="/dev/stdout"
+ DAEMON_VERBOSITY="--verbose"
+else
+ TO_NULL="/dev/null"
+ DAEMON_VERBOSITY="--quiet"
+fi
+
+#####################################################################
+## wpa_cli wrapper
+# Path to common ctrl_interface socket and iface supplied.
+# NB: WPA_CTRL_DIR cannot be used for interactive commands.
+#
+wpa_cli () {
+ $WPA_CLI_BIN -p $WPA_CTRL_DIR -i $WPA_IFACE "$@"
+}
+
+#####################################################################
+## verbose and stderr message wrapper
+# Ensures a standard and easily identifiable message is printed by
+# scripts using this function library.
+#
+# verbose To stdout when IF_WPA_VERBOSITY or VERBOSITY is true
+#
+# action Same as verbose but without newline
+# Useful for allowing wpa_cli commands to echo result
+# value of 'OK' or 'FAILED'
+#
+# stderr Echo warning or error messages to stderr
+#
+# NB: when called by wpa_action, there is no redirection (verbose)
+#
+wpa_msg () {
+
+ if [ -n "$WPA_ACTION" ]; then
+ shift
+ echo "wpa_action: $@"
+ return
+ fi
+
+ case "$1" in
+ "verbose")
+ shift
+ echo "$WPA_SUP_PNAME: $@" >$TO_NULL
+ ;;
+ "action")
+ shift
+ echo -n "$WPA_SUP_PNAME: $@ -- " >$TO_NULL
+ ;;
+ "stderr")
+ shift
+ echo "$WPA_SUP_PNAME: $@" >/dev/stderr
+ ;;
+ *)
+ ;;
+ esac
+}
+
+#####################################################################
+## validate daemon pid files
+# Test daemon process ID files via start-stop-daemon with a signal 0
+# given the exec binary and pidfile location.
+#
+# $1 daemon
+# $2 pidfile
+#
+# Returns true when pidfile exists, the process ID exists _and_ was
+# created by the exec binary.
+#
+# If the test fails, but the pidfile exists, it is stale
+#
+test_daemon_pidfile () {
+ local DAEMON PIDFILE
+
+ if [ -n "$1" ]; then
+ DAEMON="$1"
+ fi
+
+ if [ -f "$2" ]; then
+ PIDFILE="$2"
+ fi
+
+ if [ -n "$DAEMON" ] && [ -f "$PIDFILE" ]; then
+ if start-stop-daemon --stop --quiet --signal 0 \
+ --exec "$DAEMON" --pidfile "$PIDFILE"; then
+ return 0
+ else
+ rm -f "$PIDFILE"
+ return 1
+ fi
+ else
+ return 1
+ fi
+}
+
+# validate wpa_supplicant pidfile
+test_wpa_supplicant () {
+ test_daemon_pidfile "$WPA_SUP_BIN" "$WPA_SUP_PIDFILE"
+}
+
+# validate wpa_cli pidfile
+test_wpa_cli () {
+ test_daemon_pidfile "$WPA_CLI_BIN" "$WPA_CLI_PIDFILE"
+}
+
+#####################################################################
+## daemonize wpa_supplicant
+# Start wpa_supplicant via start-stop-dameon with all required
+# options. Will start if environment variable WPA_SUP_CONF is present
+#
+# Required options:
+# -B dameonize/background process
+# -D driver backend ('wext' if none given)
+# -P process ID file
+# -C path to ctrl_interface socket directory
+#
+# Optional options:
+# -c configuration file
+# -W wait for wpa_cli to attach to ctrl_interface socket
+# -b bridge interface name
+#
+init_wpa_supplicant () {
+ if [ -n "$WPA_SUP_CONF" ]; then
+ # wpa-action was removed, point to wpa-roam
+ if [ -n "$IF_WPA_ACTION" ]; then
+ wpa_msg stderr "wpa-action support has been removed"
+ wpa_msg stderr "refer to /usr/share/doc/wpasupplicant/README.modes.gz"
+ return 1
+ fi
+
+ local WPA_SUP_DRIVER WPA_SUP_OPTIONS
+
+ if [ -n "$WPA_ACTION_SCRIPT" ]; then
+ if [ -x "$WPA_ACTION_SCRIPT" ]; then
+ WPA_SUP_OPTIONS="-W -B -P $WPA_SUP_PIDFILE -i $WPA_IFACE"
+ wpa_msg verbose "wait for wpa_cli to attach"
+ else
+ wpa_msg stderr "action script \"$WPA_ACTION_SCRIPT\" not executable"
+ return 1
+ fi
+ else
+ WPA_SUP_OPTIONS="-B -P $WPA_SUP_PIDFILE -i $WPA_IFACE"
+ fi
+
+ if [ -n "$IF_WPA_BRIDGE" ]; then
+ WPA_SUP_OPTIONS="$WPA_SUP_OPTIONS -b $IF_WPA_BRIDGE"
+ wpa_msg verbose "wpa-bridge $IF_WPA_BRIDGE"
+ fi
+
+ if [ -n "$IF_WPA_DRIVER" ]; then
+ WPA_SUP_DRIVER="$IF_WPA_DRIVER"
+ wpa_msg verbose "wpa-driver $WPA_SUP_DRIVER"
+ else
+ WPA_SUP_DRIVER="wext"
+ wpa_msg verbose "using default driver type: wpa-driver $WPA_SUP_DRIVER"
+ fi
+
+ wpa_msg verbose "$WPA_SUP_BIN $WPA_SUP_OPTIONS -D $WPA_SUP_DRIVER $WPA_SUP_CONF"
+
+ start-stop-daemon --start --oknodo $DAEMON_VERBOSITY \
+ --name $WPA_SUP_PNAME --startas $WPA_SUP_BIN --pidfile $WPA_SUP_PIDFILE \
+ -- $WPA_SUP_OPTIONS -D $WPA_SUP_DRIVER $WPA_SUP_CONF
+
+ if [ "$?" != "0" ]; then
+ wpa_msg stderr "$WPA_SUP_BIN daemon failed to start"
+ return 1
+ fi
+
+ local WPA_SOCKET_WAIT MAX_WPA_SOCKET_WAIT
+ WPA_SOCKET_WAIT="0"
+ MAX_WPA_SOCKET_WAIT="5"
+ until [ -S "$WPA_CTRL_DIR/$WPA_IFACE" ]; do
+ if [ "$WPA_SOCKET_WAIT" -ge "$MAX_WPA_SOCKET_WAIT" ]; then
+ wpa_msg stderr "ctrl_interface socket not found at $WPA_CTRL_DIR/$WPA_IFACE"
+ return 1
+ else
+ wpa_msg verbose "waiting for \"$WPA_CTRL_DIR/$WPA_IFACE\": $WPA_SOCKET_WAIT (max. $MAX_WPA_SOCKET_WAIT)"
+ fi
+
+ WPA_SOCKET_WAIT=$(($WPA_SOCKET_WAIT + 1))
+ sleep 1
+ done
+
+ wpa_msg verbose "ctrl_interface socket located at $WPA_CTRL_DIR/$WPA_IFACE"
+ else
+ wpa_msg stderr "init_wpa_supplicant() called without WPA_SUP_CONF"
+ return 1
+ fi
+}
+
+#####################################################################
+## stop wpa_supplicant process
+# Kill wpa_supplicant via start-stop-daemon, given the location of
+# the pidfile or ctrl_interface socket path and interface name
+#
+kill_wpa_supplicant () {
+ if test_wpa_supplicant; then
+
+ wpa_msg verbose "terminating $WPA_SUP_PNAME daemon via pidfile $WPA_SUP_PIDFILE"
+
+ start-stop-daemon --stop --oknodo $DAEMON_VERBOSITY \
+ --exec $WPA_SUP_BIN --pidfile $WPA_SUP_PIDFILE
+
+ if [ -f "$WPA_SUP_PIDFILE" ]; then
+ rm -f "$WPA_SUP_PIDFILE"
+ fi
+ elif [ -S "$WPA_CTRL_DIR/$WPA_IFACE" ]; then
+
+ wpa_msg action "terminating via ctrl_interface socket $WPA_CTRL_DIR/$WPA_IFACE"
+
+ wpa_cli terminate >$TO_NULL
+
+ if [ -S "$WPA_CTRL_DIR/$WPA_IFACE" ]; then
+ rm -f "$WPA_CTRL_DIR/$WPA_IFACE"
+ fi
+ fi
+}
+
+#####################################################################
+## reload wpa_supplicant process
+# Sending a HUP signal causes wpa_supplicant to reparse its
+# configuration file
+#
+reload_wpa_supplicant () {
+ if test_wpa_supplicant; then
+ wpa_msg verbose "reloading wpa_supplicant configuration file via HUP signal"
+ start-stop-daemon --stop --signal HUP \
+ --name "$WPA_SUP_PNAME" --pidfile "$WPA_SUP_PIDFILE"
+ else
+ wpa_msg verbose "cannot $WPA_ACTION, $WPA_SUP_PIDFILE does not exist"
+ fi
+}
+
+#####################################################################
+## daemonize wpa_cli and action script
+# If environment variable WPA_ACTION_SCRIPT is present, wpa_cli will
+# be spawned via start-stop-daemon
+#
+# Required options:
+# -a action script => wpa_action
+# -P process ID file
+# -B background process
+#
+init_wpa_cli () {
+ if [ -n "$WPA_ACTION_SCRIPT" ]; then
+ local WPA_CLI_OPTIONS
+ WPA_CLI_OPTIONS="-B -P $WPA_CLI_PIDFILE -i $WPA_IFACE"
+
+ wpa_msg verbose "$WPA_CLI_BIN $WPA_CLI_OPTIONS -p $WPA_CTRL_DIR -a $WPA_ACTION_SCRIPT"
+
+ start-stop-daemon --start --oknodo $DAEMON_VERBOSITY \
+ --name $WPA_CLI_PNAME --startas $WPA_CLI_BIN --pidfile $WPA_CLI_PIDFILE \
+ -- $WPA_CLI_OPTIONS -p $WPA_CTRL_DIR -a $WPA_ACTION_SCRIPT
+
+ if [ "$?" != "0" ]; then
+ wpa_msg stderr "$WPA_CLI_BIN daemon failed to start"
+ return 1
+ fi
+ fi
+}
+
+#####################################################################
+## stop wpa_cli process
+# Kill wpa_cli via start-stop-daemon, given the location of the
+# pidfile
+#
+kill_wpa_cli () {
+ if test_wpa_cli; then
+
+ wpa_msg verbose "terminating $WPA_CLI_PNAME daemon via pidfile $WPA_CLI_PIDFILE"
+
+ start-stop-daemon --stop --oknodo $DAEMON_VERBOSITY \
+ --exec $WPA_CLI_BIN --pidfile $WPA_CLI_PIDFILE
+
+ if [ -f "$WPA_CLI_PIDFILE" ]; then
+ rm -f "$WPA_CLI_PIDFILE"
+ fi
+ fi
+}
+
+#####################################################################
+## higher level wpa_cli wrapper for variable and set_network commands
+# wpa_cli_do <value> <type> <variable> [set_network variable] <desc>
+#
+# $1 envorinment variable
+# $2 data type of variable {raw|ascii}
+# $3 wpa_cli variable, if $3 is set_network, shift and take
+# set_network subvariable
+# $4 wpa-* string as it would appear in interfaces file, enhances
+# verbose messages
+#
+wpa_cli_do () {
+ if [ -z "$1" ]; then
+ return 0
+ fi
+
+ local WPACLISET_VALUE WPACLISET_VARIABLE WPACLISET_DESC
+
+ case "$2" in
+ ascii)
+ # Double quote
+ WPACLISET_VALUE="\"$1\""
+ ;;
+ raw|*)
+ # Provide raw value
+ WPACLISET_VALUE="$1"
+ ;;
+ esac
+
+ case "$3" in
+ set_network)
+ if [ -z "$WPA_ID" ]; then
+ return 1
+ fi
+ shift
+ WPACLISET_VARIABLE="set_network $WPA_ID $3"
+ ;;
+ *)
+ WPACLISET_VARIABLE="$3"
+ ;;
+ esac
+
+ case "$4" in
+ *-psk|*-passphrase|*-passwd*|*-wep-key*)
+ WPACLISET_DESC="$4 *****"
+ ;;
+ *)
+ WPACLISET_DESC="$4 $WPACLISET_VALUE"
+ ;;
+ esac
+
+ wpa_msg action "$WPACLISET_DESC"
+
+ wpa_cli $WPACLISET_VARIABLE "$WPACLISET_VALUE" >$TO_NULL
+}
+
+#####################################################################
+## check value data type in plaintext or hex
+# returns 0 if input consists of hexadecimal digits only, 1 otherwise
+#
+ishex () {
+ if [ -z "$1" ]; then
+ return 0
+ fi
+
+ case "$1" in
+ *[!0-9a-fA-F]*)
+ # plaintext
+ return 1
+ ;;
+ *)
+ # hexadecimal
+ return 0
+ ;;
+ esac
+}
+
+#####################################################################
+## sanity check and set psk|passphrase
+# Warn about strange psk|passphrase values
+#
+# $1 psk or passphrase value
+#
+# If psk is surrounded by quotes strip them.
+#
+# If psk contains all hexadecimal characters and string length is 64:
+# is 256bit hexadecimal
+# else:
+# is plaintext
+#
+# plaintext passphrases must be 8 - 63 characters in length
+# 256-bit hexadecimal key must be 64 characters in length
+#
+wpa_key_check_and_set () {
+ if [ -z "$1" ]; then
+ return 0
+ fi
+
+ local KEY KEY_TYPE
+
+ case "$1" in
+ '"'*'"')
+ # Strip surrounding quotation marks
+ KEY=$(echo -n "$1" | sed 's/^"//;s/"$//')
+ ;;
+ *)
+ KEY="$1"
+ ;;
+ esac
+
+ if ishex "$KEY" && [ "${#KEY}" -eq "64" ]; then
+ KEY_TYPE="raw"
+ else
+ KEY_TYPE="ascii"
+ if [ "${#KEY}" -lt "8" ] || [ "${#KEY}" -gt "63" ]; then
+ wpa_msg stderr \
+ "plaintext or ascii wpa-psk has ${#KEY} characters, it must have between 8 and 63"
+ wpa_msg stderr \
+ "if wpa-psk truly is a 256-bit hexadecimal key, it must have 64 characters"
+ fi
+ fi
+
+ wpa_cli_do "$KEY" "$KEY_TYPE" \
+ set_network psk wpa-psk
+}
+
+#####################################################################
+## formulate a usable configuration from interfaces(5) wpa- lines
+# A series of wpa_cli commands corresponding to environment variables
+# created as a result of wpa- lines in an interfaces stanza.
+#
+# NB: no-act when roaming daemon is used (to avoid prematurely
+# attaching to ctrl_interface socket)
+#
+conf_wpa_supplicant () {
+ if [ -n "$WPA_ACTION_SCRIPT" ]; then
+ return 0
+ fi
+
+ if [ "$IF_WPA_DRIVER" = "wired" ]; then
+ IF_WPA_AP_SCAN="0"
+ wpa_msg verbose "forcing ap_scan=0 (required for wired IEEE8021X auth)"
+ fi
+
+ if [ -n "$IF_WPA_ESSID" ]; then
+ # #403316, be similar to wireless tools
+ IF_WPA_SSID="$IF_WPA_ESSID"
+ fi
+
+ wpa_cli_do "$IF_WPA_AP_SCAN" raw \
+ ap_scan wpa-ap-scan
+
+ wpa_cli_do "$IF_WPA_PREAUTHENTICATE" raw \
+ preauthenticate wpa-preauthenticate
+
+ if [ -n "$IF_WPA_SSID" ] || [ "$IF_WPA_DRIVER" = "wired" ]; then
+
+ case "$IF_WPA_SSID" in
+ '"'*'"')
+ IF_WPA_SSID=$(echo -n "$IF_WPA_SSID" | sed 's/^"//;s/"$//')
+ ;;
+ *)
+ ;;
+ esac
+
+ WPA_ID=$(wpa_cli add_network)
+
+ wpa_msg verbose "configuring network block -- $WPA_ID"
+
+ wpa_cli_do "$IF_WPA_SSID" ascii \
+ set_network ssid wpa-ssid
+
+ wpa_cli_do "$IF_WPA_PRIORITY" raw \
+ set_network priority wpa-priority
+
+ wpa_cli_do "$IF_WPA_BSSID" raw \
+ set_network bssid wpa-bssid
+
+ if [ -s "$IF_WPA_PSK_FILE" ]; then
+ IF_WPA_PSK=$(cat "$IF_WPA_PSK_FILE")
+ fi
+
+ # remain compat with wpa-passphrase-file
+ if [ -s "$IF_WPA_PASSPHRASE_FILE" ]; then
+ IF_WPA_PSK=$(cat "$IF_WPA_PASSPHRASE_FILE")
+ fi
+
+ # remain compat with wpa-passphrase
+ if [ -n "$IF_WPA_PASSPHRASE" ]; then
+ IF_WPA_PSK="$IF_WPA_PASSPHRASE"
+ fi
+
+ if [ -n "$IF_WPA_PSK" ]; then
+ wpa_key_check_and_set "$IF_WPA_PSK"
+ fi
+
+ wpa_cli_do "$IF_WPA_PAIRWISE" raw \
+ set_network pairwise wpa-pairwise
+
+ wpa_cli_do "$IF_WPA_GROUP" raw \
+ set_network group wpa-group
+
+ wpa_cli_do "$IF_WPA_MODE" raw \
+ set_network mode wpa-mode
+
+ wpa_cli_do "$IF_WPA_FREQUENCY" raw \
+ set_network frequency wpa-frequency
+
+ wpa_cli_do "$IF_WPA_KEY_MGMT" raw \
+ set_network key_mgmt wpa-key-mgmt
+
+ wpa_cli_do "$IF_WPA_PROTO" raw \
+ set_network proto wpa-proto
+
+ wpa_cli_do "$IF_WPA_AUTH_ALG" raw \
+ set_network auth_alg wpa-auth-alg
+
+ wpa_cli_do "$IF_WPA_SCAN_SSID" raw \
+ set_network scan_ssid wpa-scan-ssid
+
+ wpa_cli_do "$IF_WPA_IDENTITY" ascii \
+ set_network identity wpa-identity
+
+ wpa_cli_do "$IF_WPA_ANONYMOUS_IDENTITY" ascii \
+ set_network anonymous_identity wpa-anonymous-identity
+
+ wpa_cli_do "$IF_WPA_EAP" raw \
+ set_network eap wpa-eap
+
+ wpa_cli_do "$IF_WPA_EAPPSK" raw \
+ set_network eappsk wpa-eappsk
+
+ wpa_cli_do "$IF_WPA_NAI" ascii \
+ set_network nai wpa-nai
+
+ wpa_cli_do "$IF_WPA_PASSWORD" ascii \
+ set_network password wpa-password
+
+ wpa_cli_do "$IF_WPA_CA_CERT" ascii \
+ set_network ca_cert wpa-ca-cert
+
+ wpa_cli_do "$IF_WPA_CA_PATH" ascii \
+ set_network ca_path wpa-ca-path
+
+ wpa_cli_do "$IF_WPA_CLIENT_CERT" ascii \
+ set_network client_cert wpa-client-cert
+
+ wpa_cli_do "$IF_WPA_PRIVATE_KEY" ascii \
+ set_network private_key wpa-private-key
+
+ wpa_cli_do "$IF_WPA_PRIVATE_KEY_PASSWD" ascii \
+ set_network private_key_passwd wpa-private-key-passwd
+
+ wpa_cli_do "$IF_WPA_DH_FILE" ascii \
+ set_network dh_file wpa-dh-file
+
+ wpa_cli_do "$IF_WPA_SUBJECT_MATCH" ascii \
+ set_network subject_match wpa-subject-match
+
+ wpa_cli_do "$IF_WPA_ALTSUBJECT_MATCH" ascii \
+ set_network altsubject_match wpa-altsubject-match
+
+ wpa_cli_do "$IF_WPA_CA_CERT2" ascii \
+ set_network ca_cert2 wpa-ca-cert2
+
+ wpa_cli_do "$IF_WPA_CA_PATH2" ascii \
+ set_network ca_path2 wpa-ca-path2
+
+ wpa_cli_do "$IF_WPA_CLIENT_CERT2" ascii \
+ set_network client_cert2 wpa-client-cert2
+
+ wpa_cli_do "$IF_WPA_PRIVATE_KEY2" ascii \
+ set_network private_key2 wpa-private-key2
+
+ wpa_cli_do "$IF_WPA_PRIVATE_KEY_PASSWD2" ascii \
+ set_network private_key_passwd2 wpa-private-key-passwd2
+
+ wpa_cli_do "$IF_WPA_DH_FILE2" ascii \
+ set_network dh_file2 wpa-dh-file2
+
+ wpa_cli_do "$IF_WPA_SUBJECT_MATCH2" ascii \
+ set_network subject_match2 wpa-subject-match2
+
+ wpa_cli_do "$IF_WPA_ALTSUBJECT_MATCH2" ascii \
+ set_network altsubject_match2 wpa-altsubject-match2
+
+ wpa_cli_do "$IF_WPA_EAP_METHODS" raw \
+ set_network eap_methods wpa-eap-methods
+
+ wpa_cli_do "$IF_WPA_PHASE1" ascii \
+ set_network phase1 wpa-phase1
+
+ wpa_cli_do "$IF_WPA_PHASE2" ascii \
+ set_network phase2 wpa-phase2
+
+ wpa_cli_do "$IF_WPA_PCSC" raw \
+ set_network pcsc wpa-pcsc
+
+ wpa_cli_do "$IF_WPA_PIN" ascii \
+ set_network pin wpa-pin
+
+ wpa_cli_do "$IF_WPA_ENGINE" raw \
+ set_network engine wpa-engine
+
+ wpa_cli_do "$IF_WPA_ENGINE_ID" ascii \
+ set_network engine_id wpa-engine-id
+
+ wpa_cli_do "$IF_WPA_KEY_ID" ascii \
+ set_network key_id wpa-key-id
+
+ wpa_cli_do "$IF_WPA_EAPOL_FLAGS" raw \
+ set_network eapol_flags wpa-eapol-flags
+
+ wpa_cli_do "$IF_WPA_WEP_KEY0" raw \
+ set_network wep_key0 wpa-wep-key0
+
+ wpa_cli_do "$IF_WPA_WEP_KEY1" raw \
+ set_network wep_key1 wpa-wep-key1
+
+ wpa_cli_do "$IF_WPA_WEP_KEY2" raw \
+ set_network wep_key2 wpa-wep-key2
+
+ wpa_cli_do "$IF_WPA_WEP_KEY3" raw \
+ set_network wep_key3 wpa-wep-key3
+
+ wpa_cli_do "$IF_WPA_WEP_TX_KEYIDX" raw \
+ set_network wep_tx_keyidx wpa-wep-tx-keyidx
+
+ wpa_cli_do "$IF_WPA_PROACTIVE_KEY_CACHING" raw \
+ set_network proactive_key_caching wpa-proactive-key-caching
+
+ wpa_cli_do "$IF_WPA_PAC_FILE" ascii \
+ set_network pac_file wpa-pac-file
+
+ wpa_cli_do "$IF_WPA_MODE" raw \
+ set_network mode wpa-mode
+
+ wpa_cli_do "$IF_WPA_PEERKEY" raw \
+ set_network peerkey wpa-peerkey
+
+ wpa_cli_do "$IF_FRAGMENT_SIZE" raw \
+ set_network fragment_size wpa-fragment-size
+
+ wpa_cli_do "$IF_WPA_ID_STR" ascii \
+ set_network id_str wpa-id-str
+
+ wpa_cli_do "$WPA_ID" raw \
+ enable_network "enabling network block"
+ fi
+}
+
+#####################################################################
+## wpa_action basic logging
+# Log actions to file, test to see if it is writeable first
+#
+wpa_log_init () {
+ if touch "$WPA_CLI_LOGFILE" 2>/dev/null; then
+ exec >> "$WPA_CLI_LOGFILE" 2>&1
+ fi
+}
+
+# log timestamp and wpa_action arguments
+wpa_log_action () {
+ echo "########## $(date +"%H:%M:%S %Y-%m-%d") ##########"
+ echo "IFACE=$WPA_IFACE ACTION=$WPA_ACTION"
+}
+
+# log wpa_cli environment variables
+wpa_log_environment () {
+ echo "WPA_ID=$WPA_ID WPA_ID_STR=$WPA_ID_STR"
+ echo "WPA_CTRL_DIR=$WPA_CTRL_DIR"
+}
+
+#####################################################################
+## hysteresis checking
+# Networking tools such as dhcp clients used with ifupdown can
+# synthesize artificial ACTION events, particuarly just after a
+# DISCONNECTED/CONNECTED events are experienced in quick succession.
+# This can lead to infinite event loops, and in extreme cases has the
+# potential to cause system instability.
+#
+wpa_hysteresis_event () {
+ echo "$(date +%s)" > "$WPA_CLI_TIMESTAMP"
+}
+
+wpa_hysteresis_check () {
+ if [ -f "$WPA_CLI_TIMESTAMP" ]; then
+ local TIME TIMESTAMP TIMEWAIT
+ TIME=$(date +%s)
+ # current time minus 4 second event buffer
+ TIMEWAIT=$(($TIME-4))
+ # get time of last event
+ TIMESTAMP=$(cat $WPA_CLI_TIMESTAMP)
+ # compare values, allowing new action to be processed
+ # only if last action was more than 4 seconds ago
+ if [ "$TIMEWAIT" -le "$TIMESTAMP" ]; then
+ echo "Ignoring $WPA_ACTION event, too soon after previous event"
+ return 1
+ fi
+ fi
+
+ return 0
+}
+
+#####################################################################
+## identify ifupdown files
+# Identify ifupdown core files, so that state of the interface can be
+# checked. This is the weakest part of the wpa_action roaming scheme,
+# it would be _much_ better if stateless ifupdown capabilities were
+# a reality.
+#
+ifupdown_check () {
+ if [ -e /etc/network/interfaces ]; then
+ INTERFACES_FILE="/etc/network/interfaces"
+ else
+ echo "Cannot locate ifupdown's \"interfaces\" file, $WPA_IFACE will not be configured"
+ return 1
+ fi
+
+ if [ -e /etc/network/run/ifstate ]; then
+ # debian's ifupdown
+ IFSTATE_FILE="/etc/network/run/ifstate"
+ elif [ -e /var/run/network/ifstate ]; then
+ # ubuntu's
+ IFSTATE_FILE="/var/run/network/ifstate"
+ else
+ echo "Cannot locate ifupdown's \"ifstate\" file, $WPA_IFACE will not be configured"
+ return 1
+ fi
+
+ return 0
+}
+
+#####################################################################
+## apply mapping logic and ifup logical interface
+# Apply mapping logic via id_str or external mapping script, check
+# state of IFACE with respect to ifupdown and ifup logical interaface
+#
+ifup () {
+ local WPA_LOGICAL_IFACE
+
+ if [ -z "$IF_WPA_MAPPING_SCRIPT_PRIORITY" ] && [ -n "$WPA_ID_STR" ]; then
+ WPA_LOGICAL_IFACE="$WPA_ID_STR"
+ echo "Mapping logical interface via id_str: $WPA_LOGICAL_IFACE"
+ fi
+
+ if [ -z "$WPA_LOGICAL_IFACE" ] && [ -n "$IF_WPA_MAPPING_SCRIPT" ]; then
+ echo "Mapping logical interface via wpa-mapping-script: $IF_WPA_MAPPING_SCRIPT"
+
+ local WPA_MAP_STDIN
+
+ WPA_MAP_STDIN=$(set | sed --quiet 's/^\(IF_WPA_MAP[0-9]*\)=.*/echo \$\1/p')
+
+ if [ -n "$WPA_MAP_STDIN" ]; then
+ WPA_LOGICAL_IFACE=$(eval "$WPA_MAP_STDIN" | "$IF_WPA_MAPPING_SCRIPT" "$WPA_IFACE")
+ else
+ WPA_LOGICAL_IFACE=$("$IF_WPA_MAPPING_SCRIPT" "$WPA_IFACE")
+ fi
+
+ if [ -n "$WPA_LOGICAL_IFACE" ]; then
+ echo "Mapping script result: $WPA_LOGICAL_IFACE"
+ else
+ echo "Mapping script failed."
+ fi
+ fi
+
+ if [ -z "$WPA_LOGICAL_IFACE" ]; then
+ if [ -n "$IF_WPA_ROAM_DEFAULT_IFACE" ]; then
+ WPA_LOGICAL_IFACE="$IF_WPA_ROAM_DEFAULT_IFACE"
+ echo "Using wpa-roam-default-iface: $WPA_LOGICAL_IFACE"
+ else
+ WPA_LOGICAL_IFACE="default"
+ echo "Using fallback logical interface: $WPA_LOGICAL_IFACE"
+ fi
+ fi
+
+ if [ -n "$WPA_LOGICAL_IFACE" ]; then
+ if egrep -q "^iface[[:space:]]+$WPA_LOGICAL_IFACE[[:space:]]+inet" "$INTERFACES_FILE"; then
+
+ echo "ifup $WPA_IFACE=$WPA_LOGICAL_IFACE"
+
+ if grep --quiet "^$WPA_IFACE=$WPA_IFACE" "$IFSTATE_FILE"; then
+ # Force settings over the unconfigured "master" IFACE
+ /sbin/ifup --force "$WPA_IFACE=$WPA_LOGICAL_IFACE"
+ else
+ /sbin/ifup "$WPA_IFACE=$WPA_LOGICAL_IFACE"
+ fi
+ else
+ echo "No network defined for \"$WPA_LOGICAL_IFACE\" in \"$INTERFACES_FILE\""
+ fi
+ else
+ echo "No suitable logical interface mapping for ifupdown to configure"
+ fi
+}
+
+#####################################################################
+## ifdown IFACE
+# Check IFACE state and ifdown as requested.
+#
+ifdown () {
+ if grep --quiet "^$WPA_IFACE" "$IFSTATE_FILE"; then
+ echo "ifdown $WPA_IFACE"
+ /sbin/ifdown "$WPA_IFACE"
+ else
+ echo "Ignoring request to take \"$WPA_IFACE\" down, it is not up"
+ fi
+}
+
+#####################################################################
+## keep IFACE scanning
+# After ifdown, the IFACE may be left "down", and inhibits
+# wpa_supplicant's ability to continue roaming.
+#
+# NB: use iproute if present, flushing the IFACE first
+#
+if_post_down_up () {
+ if [ -x /sbin/ip ]; then
+ /sbin/ip addr flush dev "$WPA_IFACE" 2>/dev/null
+ /sbin/ip link set "$WPA_IFACE" up
+ else
+ /sbin/ifconfig "$WPA_IFACE" up
+ fi
+}
diff --git a/packages/wpa-supplicant/files/ifupdown.sh b/packages/wpa-supplicant/files/ifupdown.sh
new file mode 100755
index 0000000000..71486f7648
--- /dev/null
+++ b/packages/wpa-supplicant/files/ifupdown.sh
@@ -0,0 +1,132 @@
+#!/bin/sh
+
+# Copyright (C) 2006 Debian/Ubuntu wpasupplicant Maintainers
+# <pkg-wpa-devel@lists.alioth.debian.org>
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License
+# as published by the Free Software Foundation; either version 2
+# of the License, or (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# On Debian GNU/Linux systems, the text of the GPL license can be
+# found in /usr/share/common-licenses/GPL.
+
+if [ -n "$IF_WPA_MAINT_DEBUG" ]; then
+ set -x
+fi
+
+# quit if we're called for the loopback
+if [ "$IFACE" = lo ]; then
+ exit 0
+fi
+
+# allow wpa_supplicant interface to be specified via wpa-iface
+# useful for starting wpa_supplicant on one interface of a bridge
+if [ -n "$IF_WPA_IFACE" ]; then
+ WPA_IFACE="$IF_WPA_IFACE"
+else
+ WPA_IFACE="$IFACE"
+fi
+
+# source functions
+if [ -f /etc/wpa_supplicant/functions.sh ]; then
+ . /etc/wpa_supplicant/functions.sh
+else
+ exit 0
+fi
+
+# quit if executables are not installed
+if [ ! -x "$WPA_SUP_BIN" ] || [ ! -x "$WPA_CLI_BIN" ]; then
+ exit 0
+fi
+
+# quit if wpa_action is active
+if test_wpa_cli; then
+ exit 0
+fi
+
+#echo "Initial WPA Checks Pass"
+
+# preliminary sanity checks for roaming daemon
+if [ -n "$IF_WPA_ROAM" ]; then
+ if [ "$METHOD" != "manual" ]; then
+ wpa_msg stderr "wpa-roam can only be used with the \"manual\" inet METHOD"
+ exit 1
+ fi
+ if [ -n "$IF_WPA_MAPPING_SCRIPT" ]; then
+ if ! type "$IF_WPA_MAPPING_SCRIPT" >/dev/null; then
+ wpa_msg stderr "wpa-mapping-script \"$IF_WPA_MAPPING_SCRIPT\" is not valid"
+ exit 1
+ fi
+ fi
+ if [ -n "$IF_WPA_MAPPING_SCRIPT_PRIORITY" ] && [ -z "$IF_WPA_MAPPING_SCRIPT" ]; then
+ wpa_msg stderr "\"wpa-mapping-script-priority 1\" is invalid without a wpa-mapping-script"
+ exit 1
+ fi
+ IF_WPA_CONF="$IF_WPA_ROAM"
+ WPA_ACTION_SCRIPT="/sbin/wpa_action"
+fi
+
+# master function; determines if ifupdown.sh should do something or not
+if [ -n "$IF_WPA_CONF" ]; then
+ if [ ! -s "$IF_WPA_CONF" ]; then
+ wpa_msg stderr "cannot read contents of $IF_WPA_CONF"
+ exit 1
+ fi
+ WPA_SUP_CONF_CTRL_DIR=$(sed --quiet \
+ 's/[[:space:]]*#.*//g;s/[[:space:]]\+.*$//g;s/^\(ctrl_interface\|DIR\)=\(.*\)/\2/p' "$IF_WPA_CONF")
+ if [ -n "$WPA_SUP_CONF_CTRL_DIR" ]; then
+ WPA_CTRL_DIR="$WPA_SUP_CONF_CTRL_DIR"
+ fi
+ WPA_SUP_CONF="-c $IF_WPA_CONF -C $WPA_CTRL_DIR"
+elif set | grep -q "^IF_WPA"; then
+ WPA_SUP_CONF="-C $WPA_CTRL_DIR"
+else
+ exit 0
+fi
+
+case "$MODE" in
+ start)
+ PHASE="pre-up"
+ echo "WPA: Configuring Interface"
+ case "$PHASE" in
+ pre-up)
+ kill_wpa_supplicant
+ init_wpa_supplicant || echo "FAILED"
+ conf_wpa_supplicant || { kill_wpa_supplicant; exit 1; }
+ ;;
+ post-up)
+ init_wpa_cli || { kill_wpa_supplicant; exit 1; }
+ ;;
+ esac
+ ;;
+
+ stop)
+ PHASE="post-down"
+ echo "WPA: Terminating"
+ case "$PHASE" in
+ pre-down)
+ kill_wpa_cli
+ ;;
+ post-down)
+ kill_wpa_supplicant
+ ;;
+ *)
+ wpa_msg stderr "unknown phase: \"$PHASE\""
+ exit 1
+ ;;
+ esac
+ ;;
+
+ *)
+ wpa_msg stderr "unknown mode: \"$MODE\""
+ exit 1
+ ;;
+esac
+
+exit 0