From 7505f0d6f316796c9250c74aee1323def35942b4 Mon Sep 17 00:00:00 2001 From: Mikael Fangel <34864484+MikaelFangel@users.noreply.github.com> Date: Sun, 25 Feb 2024 21:22:00 +0000 Subject: [PATCH] Support eduroam on IWD clients (#24) * moved certificate to separate file * initial eduroam support for iwd * flake update * added iwd function calls * unindented message * made iwd and nmcli act similar * fix small issues with gettings credentials * updated system messages * uppercased letter in autoconnect * change indentation to 2 spaces * added offline fallback for the certificate * used fail fast with curl for better error handling * corrected spelling and grammar * removed awk used for profile check * change strategy for checking state * fixed mistake in nmcli command * updated logic for checking network manager * corrected spelling mistake * corrected certificate placment * corrected mistake in iwd profile * moved cert to satisfy perms --- ca_eduroam.pem | 108 +++++++++++++++ flake.lock | 12 +- flake.nix | 1 - iwd.sh | 42 ------ setup.sh | 353 +++++++++++++++++++++++-------------------------- 5 files changed, 279 insertions(+), 237 deletions(-) create mode 100644 ca_eduroam.pem delete mode 100755 iwd.sh diff --git a/ca_eduroam.pem b/ca_eduroam.pem new file mode 100644 index 0000000..3184cb5 --- /dev/null +++ b/ca_eduroam.pem @@ -0,0 +1,108 @@ +-----BEGIN CERTIFICATE----- +MIIFszCCA5ugAwIBAgIQGPyTPfToyJJPRg/BlCoZMjANBgkqhkiG9w0BAQsFADBO +MQswCQYDVQQGEwJESzEmMCQGA1UEChMdRGFubWFya3MgVGVrbmlza2UgVW5pdmVy +c2l0ZXQxFzAVBgNVBAMTDkRUVSBST09UIENBIDAxMB4XDTE1MTIwMjExMDQ0OFoX +DTQwMTIwMjExMTQ0OFowTjELMAkGA1UEBhMCREsxJjAkBgNVBAoTHURhbm1hcmtz +IFRla25pc2tlIFVuaXZlcnNpdGV0MRcwFQYDVQQDEw5EVFUgUk9PVCBDQSAwMTCC +AiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBANDKEUG7jDTxJW9L2FeE4nV7 +5ejarzkrkRz8wpmK+jpA/IqowG1yi/TDk77yastCBLnt0J7GhbUestDx27QcgpmS +kVNM3F6JAxCFSmswmtOTHRwC1Vp9q7RunVi3fH5NZB8n5d/KnRmS6qpq9xoNxR+1 +B+J1dd5EopqfYynwCimyYdXVmuJSeRC/mLm7N5/8PPiggrQSboHc1hA1S63s4oow +ME7mFogdS5tn4k+TBgT75q48zGEzJ2p8HeoMH5h/t+t7UJWuM7valf0dyjKvtIYu +Fe9hdPIX6mtFmhBJBZR3a82UG8Vc1WOKBVZtvAA+YjXgSFyPOIfTtTLSideS0dbV +Hs5fSIIkLsQo+qZ+BOBIwgVj8KH4Tzds/c7YKLeXLQAzZn3hJ8ShZb77ZTn5YAMw +sUmJPRUWyMJZxuBhLNty4GfX58D628ELgZdk8gCxr8okt0G8gMMWiFGNbXPM+p1e +z2qla8toHNvz4FKjbV1Wo303Qk0VPxT5iIF7l4voAIFwRmdlrYy1aU9auvE+E3km +84kzkY68V8Rxt/Ig+1dUmngSFyS81VWndpbPzKZtwMHlaFrtxPVlAQiI7y4vvUtU +GYUdscHe736/itpipfyOk8Y+bvtdKei2AFynUu7nfe1ylz21jZ4LFZ4ICxXldCHJ +eW4EuAll5JBRdOJ09G0vAgMBAAGjgYwwgYkwCwYDVR0PBAQDAgGGMA8GA1UdEwEB +/wQFMAMBAf8wHQYDVR0OBBYEFEGHGrJtr9H49tSOY1yMgdi7Pk7FMBIGCSsGAQQB +gjcVAQQFAgMBAAEwEQYDVR0gBAowCDAGBgRVHSAAMCMGCSsGAQQBgjcVAgQWBBTB +yFfc2YDjEQRdRBoMdYAnYLCu1DANBgkqhkiG9w0BAQsFAAOCAgEAb1L5CcG3w+rd +WHsjxtu19tsLJjwjhfYezADbw8HXKnOcaP9fLrPDRP3YHIJK/LSOYHn2z2Ltb6wl +rDB+0l1WhTyUIVluNXKmbeeQ7KhmvAhZXnCbZ2ibodaRndSHRc62c4jIoUtyHgzb +2PT4nGXZ3UAfSJUhpIDXf9d/B8HVD4PBbqCHeB+16Dd4DusxC+n8jW9yCLWqFfrp +C/7D3nueSOzBAqc0hx5f9zWffI99AN9hNSUn9u9TsFOhyvbYtVAelO+cQeN5uXjc +vMJu44j6tbaJJCmZir9cvst//fRQKe/FW7E4xpQ/PYI4/OhY++xY3VtDFKk8YWwj +kPVX14ZThvFgLTUIpfc6XCDGJD1QYbdXoONKsdzVngv5KSPXxDGR7E85q/HKExvm +8bJteqBMEr9brBjVpT4SJruSoEwT1DU7mITJU0s84SMPgGX0W0Z04EgavJgfwb8V +3dVcdOSfRGI9O3P9u7TFHDLXFBkOcbJEq9+q7fZ2NWQ+ahV/0Vp0XOLxsueRk1J8 +WaW2hKLjhHMEAvIq4fvID+CwOaKwa91Q9e4QjffG385IAA2St2iYV1qfC7Gw9rnG +G0If+819pZ0HnHtKUlzOAz4Yh7gbPIQFNObDKQTT6rZrL2fJLoZ5kk0/g4BKfGFd +3mihppQSBG7qQF84ErbTO80Pn2Il7L8= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIGdzCCBF+gAwIBAgIKYRCS3AABAAAACTANBgkqhkiG9w0BAQsFADBOMQswCQYD +VQQGEwJESzEmMCQGA1UEChMdRGFubWFya3MgVGVrbmlza2UgVW5pdmVyc2l0ZXQx +FzAVBgNVBAMTDkRUVSBST09UIENBIDAxMB4XDTE1MTIwMjExMTkxMVoXDTI3MTIw +MjExMjkxMVowcDESMBAGCgmSJomT8ixkARkWAmRrMRMwEQYKCZImiZPyLGQBGRYD +ZHR1MRMwEQYKCZImiZPyLGQBGRYDd2luMTAwLgYDVQQDEydBZmRlbGluZ2VuIGZv +ciBJVCBTZXJ2aWNlIElzc3VpbmcgQ0EgMDIwggEiMA0GCSqGSIb3DQEBAQUAA4IB +DwAwggEKAoIBAQCjfR055ycQHow0JsvgrywYMFnrf0ETzBQ3qhyW4R87m/KOQgBv +Mn/q3lFGMpFabSxv2auTBe4ZKwOyVbIW1dLNtwBDUZ0Ix1LUUdOlwi83YqmGBObe +rT7hUmNFvaykDjnizszjLpHIxydsdK368u4oclCTPS2Lb5eMMhanwRNVpDtyeoPB +TA3hw/yq9yaDqv49D7diqCPxAC6rwTkjTirs4On8y6WSqiRSDP656XMo6NhTk8f1 +dy+8zCvHih7tgzvrAReReR3bbPVx8v3ZIRcRSoKXLXP3wU3bPjHBuOJgSZoI7U+b +tFq9XIwxWG77PDe7OyGx11297d995CL8CrU7AgMBAAGjggIzMIICLzASBgkrBgEE +AYI3FQEEBQIDAQABMCMGCSsGAQQBgjcVAgQWBBTMZ8ENgxEXj672axmHA73ZdGc6 +vTAdBgNVHQ4EFgQUBhPbV1NxrI24r7VdZ487d3Ld3D8wgdoGA1UdIASB0jCBzzCB +xAYLKwYBBAHYXIN9AwEwgbQwgYYGCCsGAQUFBwICMHoeeABEAGEAbgBtAGEAcgBr +AHMAIABUAGUAawBuAGkAcwBrAGUAIABVAG4AaQB2AGUAcgBzAGkAdABlAHQAIABD +AGUAcgB0AGkAZgBpAGMAYQB0AGUAIABQAHIAYQBjAHQAaQBjAGUAIABTAHQAYQB0 +AGUAbQBlAG4AdDApBggrBgEFBQcCARYdaHR0cDovL3BraS53aW4uZHR1LmRrL3Bv +bGljeS8wBgYEVR0gADAZBgkrBgEEAYI3FAIEDB4KAFMAdQBiAEMAQTALBgNVHQ8E +BAMCAYYwDwYDVR0TAQH/BAUwAwEB/zAfBgNVHSMEGDAWgBRBhxqyba/R+PbUjmNc +jIHYuz5OxTBCBgNVHR8EOzA5MDegNaAzhjFodHRwOi8vcGtpLndpbi5kdHUuZGsv +RFRVJTIwUk9PVCUyMENBJTIwMDEoMSkuY3JsMFoGCCsGAQUFBwEBBE4wTDBKBggr +BgEFBQcwAoY+aHR0cDovL3BraS53aW4uZHR1LmRrL1dJTi1ST09UQ0EwMV9EVFUl +MjBST09UJTIwQ0ElMjAwMSgxKS5jcnQwDQYJKoZIhvcNAQELBQADggIBAK62o90Z +QCDB4hsFRi9IoyrgL8fTJS3PTTXSsdnyRoXAQJzzAsWvvg4iTIMjJmpnYffB07Ax +mAmfJ7mueWVqZ7S0TwZjqgIZJmzzYV44eLn6CUq5Ua5UwaLCv+gsVnz/lR43BWCT +/heKHq6W64ST2whi4f/uhlaQj5zgsMXPtBgLDRsEvXUlrVHilaU7/4PtheeRGdbY +hAXnN6qCJlOeZIrgVtvBqG8hoe4f5pqXsJ4hPRKYxBcA1RI1tb6Z20L3f5+ppqNM +MbOqBTbtRL1IZl0ktLouiOo9/s9rTnDxaFotWp370mGbTqaOuNIxHfhuJC/koaTf +Z3MyMBduQKRh8UzTrM+vkkYww8kG2+ZvAvUl3v6Co27kl37MGleJtxjNsejLx9A5 +XKSU29pMG/dHtPWRjlBOZXKuGzcs6TzY1i/HPxmGXn2xmXe4Zxt3akJTZJStZ5xu +4afLprlCYR9Wc7w5FUG6WkrvWBZD9r6UYuQQSknK5KqdL2rymI/4Dp0IYE1ykZXX +P6DFULwVXIypQVwRY2L+JxBJ8EeUEc8LciJjhKFHf2zYwh2B27zDTIcEMXZPvZ42 +JaWb94x0JkaiKwPGwTO/Qf//yLhpkhTTat1HmfpsQsd8GQosAdG7DmGT2b84Ps5T +mj11TwBgoKu/qe7tW3wijRQABbjO7EUCtRYq +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIGkTCCBHmgAwIBAgITEwAAAAtIGAItF3lvPQABAAAACzANBgkqhkiG9w0BAQsF +ADBOMQswCQYDVQQGEwJESzEmMCQGA1UEChMdRGFubWFya3MgVGVrbmlza2UgVW5p +dmVyc2l0ZXQxFzAVBgNVBAMTDkRUVSBST09UIENBIDAxMB4XDTIyMTAwMzEyMDEx +M1oXDTM0MTAwMzEyMTExM1owcDESMBAGCgmSJomT8ixkARkWAmRrMRMwEQYKCZIm +iZPyLGQBGRYDZHR1MRMwEQYKCZImiZPyLGQBGRYDd2luMTAwLgYDVQQDEydBZmRl +bGluZ2VuIGZvciBJVCBTZXJ2aWNlIElzc3VpbmcgQ0EgMDMwggIiMA0GCSqGSIb3 +DQEBAQUAA4ICDwAwggIKAoICAQCnr3H0nthghzIccgBx0tyPbPk6HM+plbCfeWpV +ATTBALAtP02j9KYYujm3HLV5Bmo+flWqBZRx237SKoTQEEHFE/bbkNuX1Np/U/HP +TyNeY3Hz6v25FrdgcGrrlmaZWA7b3UByV2Iyhe/vSFnGuBOBuUOXlohINnfORCtp +kK3IUfYgefMwNNL0/j8wepYSP/FEb81RBD4Rbas8mVbNczBhvrqxFeifYivTXOg8 +PeqL6BbhjNLvNza9EfSunFZdeLzhuIX7KaRgUp06ltBI1pKybJSbuA7cmMos/T/D +Dxk6AX4MrWCF8mbxqjcEU5bAcopAoSjt1zFtC//W8j3QU134ehOszJkog9cXjLl5 +Y7hhzmH20mwo3ZVqdPfE2hUrXJPIzzDocsfJzimMxo3D/YqOKbMw9hy1k2a1Q63G +lvRiYte/1at0YlmDbqtpxjH2eZiWzkzIOXvFGlk3AvkwWmMU3IHNgMEwUnPqjczi +LYwfahq75vFOvg5wJkDfChn4wws34BnRpcZQfeP5c3zlKwXALricnf4NDXBXstn/ +/sSKXsWcE8O1aFCjBHhEklZfmgP87hQA+owLixWZsXYGV2AbOYut7wMp2slZhpB9 +jRCpJ3ux90doJhiFj5XlYmg0cKdUK6VfhhuUDow1I3303eqSui+3q6qo4PbVkOOO +tmOJuQIDAQABo4IBRDCCAUAwEAYJKwYBBAGCNxUBBAMCAQAwHQYDVR0OBBYEFH8x +Erzof/fcUmXmp9PGeUji0vwRMBEGA1UdIAQKMAgwBgYEVR0gADAZBgkrBgEEAYI3 +FAIEDB4KAFMAdQBiAEMAQTALBgNVHQ8EBAMCAYYwEgYDVR0TAQH/BAgwBgEB/wIB +ADAfBgNVHSMEGDAWgBRBhxqyba/R+PbUjmNcjIHYuz5OxTBCBgNVHR8EOzA5MDeg +NaAzhjFodHRwOi8vcGtpLndpbi5kdHUuZGsvRFRVJTIwUk9PVCUyMENBJTIwMDEo +MSkuY3JsMFkGCCsGAQUFBwEBBE0wSzBJBggrBgEFBQcwAoY9aHR0cDovL3BraS53 +aW4uZHR1LmRrL2FpdC1wcm9vdGNhX0RUVSUyMFJPT1QlMjBDQSUyMDAxKDEpLmNy +dDANBgkqhkiG9w0BAQsFAAOCAgEAVUkOay5rKJcBZCcw3OjnZOT0AhlR8FOTDyzB +CEpmTNGw+6o03jxzRDw2htx6CUKg0rcqu42ajWfMpznD+45BkTBUfBcwdVGvQ0A5 +fagKpdZJqjX8h0AubIiVQT+WEVIXLXWYqzLjHKZAOPjh3/c1wXnpfcupMiqUfHyW +PuyQuWk3e2ffD8fqQkXmm5kGhxnYRVwdjBRI1OgwHu+g9y+aMPxDjy6UV9dszbzG +rzp0WUfYP5Po5Q20WisuSP2cslCLWEA1puJ9eoQbolX0lU4akir2+BeeFOymJ4Zr +0sJDV07NiJFQek0KvYQTJ2AoHomSxuMK4JnovfUy5CkSv/c79TT4YCM+j/XMvktT +7JNMhw7RI/+pNLksDDp4G2y4sUR8F6rP9taHfNbrf9hCei7e6+ZV9iP2esWGRy0m +9soeZ0I6PdnFowhlIPI9IiL5oJn9MSS/IS8kJtQi+GEJAZi1skMQwe1JPKdwBlMX +6+N4zcymRlFSxzP9Ff9zsc4eOyw6VrKuVol+5+YzOFC1mjpTrKmNsnQoyLPbaDM+ +iLI/+waFbFu1yqTnfOuue/P8+TEfujz/4bwZq3s25mLQH/puEI7ueb1XTxVcJzj6 +GF8PvBE+A6iD8oAg+h+3AqsWqGp+3Lr1kGK/5JKw2CXV3SwA3v827uOQ731lwbTK +wQA2RQg= +-----END CERTIFICATE----- diff --git a/flake.lock b/flake.lock index f054a3d..b554cff 100644 --- a/flake.lock +++ b/flake.lock @@ -5,11 +5,11 @@ "systems": "systems" }, "locked": { - "lastModified": 1694529238, - "narHash": "sha256-zsNZZGTGnMOf9YpHKJqMSsa0dXbfmxeoJ7xHlrt+xmY=", + "lastModified": 1705309234, + "narHash": "sha256-uNRRNRKmJyCRC/8y1RqBkqWBLM034y4qN7EprSdmgyA=", "owner": "numtide", "repo": "flake-utils", - "rev": "ff7b65b44d01cf9ba6a71320833626af21126384", + "rev": "1ef2e671c3b0c19053962c07dbda38332dcebf26", "type": "github" }, "original": { @@ -20,11 +20,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1696019113, - "narHash": "sha256-X3+DKYWJm93DRSdC5M6K5hLqzSya9BjibtBsuARoPco=", + "lastModified": 1706732774, + "narHash": "sha256-hqJlyJk4MRpcItGYMF+3uHe8HvxNETWvlGtLuVpqLU0=", "owner": "nixos", "repo": "nixpkgs", - "rev": "f5892ddac112a1e9b3612c39af1b72987ee5783a", + "rev": "b8b232ae7b8b144397fdb12d20f592e5e7c1a64d", "type": "github" }, "original": { diff --git a/flake.nix b/flake.nix index 87c8c90..3eb6bd0 100644 --- a/flake.nix +++ b/flake.nix @@ -17,7 +17,6 @@ buildInputs = builtins.attrValues { inherit (pkgs) gawk ; }; installPhase = '' - install -Dm 755 "iwd.sh" "$out/bin/iwd.sh" install -Dm 755 "setup.sh" "$out/bin/dtuconnect" ''; diff --git a/iwd.sh b/iwd.sh deleted file mode 100755 index 29ff06a..0000000 --- a/iwd.sh +++ /dev/null @@ -1,42 +0,0 @@ -#!/bin/env bash - -# Make sure the user is root -if [ "$EUID" -ne 0 ] - then echo "Permission denied... Run as root." - exit 1 -fi - -config_path=/var/lib/iwd/ -config_filename=DTUsecure.8021x - -read -r -p "Username: " username -read -r -p "Password: " -s password -echo - -write_config() { - echo "[Security] -EAP-Method=PEAP -EAP-Identity=anonymous@dtu.dk -EAP-PEAP-Phase2-Method=MSCHAPV2 -EAP-PEAP-Phase2-Identity=$username -EAP-PEAP-Phase2-Password=$password - -[Settings] -AutoConnect=true" > $config_path$config_filename -} - -# Create config folder if missing -if [ ! -d "$config_path" ]; then - mkdir -p "$config_path" -fi - -if [ -f "$config_path$config_filename" ]; then - read -r -p "$config_filename connection profile already exists. -Do you wish to delete your old configuration profile for $config_filename? [y/N] " answer - - if [[ $answer == "y" || $answer == "Y" ]]; then - write_config - fi -else - write_config -fi diff --git a/setup.sh b/setup.sh index 9483917..6ef9596 100755 --- a/setup.sh +++ b/setup.sh @@ -1,216 +1,193 @@ #!/bin/bash -if command -v iwctl &>/dev/null; then - ./iwd.sh - exit $? -fi +skipstep=1 +credsload=1 +iwd=1 -# Check if nmcli is installed before running the script -if ! command -v nmcli &> /dev/null; then +iwd_config_path=/var/lib/iwd/ +iwd_config_filename_secure=DTUsecure.8021x +iwd_config_filename_eduroam=eduroam.8021x + +if command -v iwctl &>/dev/null; then + # Make sure the user is root + if [ "$EUID" -ne 0 ] + then echo "Permission denied... Run as root." + exit 1 + fi + + iwd=0 + if [ ! -d "$iwd_config_path" ]; then + mkdir -p "$iwd_config_path" + fi +elif ! command -v nmcli &> /dev/null; then echo "nmcli/iwd is not installed. Exiting script..." - exit 0 + exit 0 fi -# Skips a setup step if true -skipstep=1 - -# Check if creds have been taken already -credsload=1 - # Checks if the connection profile already exists -function check_profile_exist() { - if [[ $(echo "$1" | awk 'NF{ print $NF }') == 0 ]]; then - read -r -p "$2 Connection profile already exists. -Do you wish to delete your old configuration profile for $2? [y/N] " answer - - if [[ $answer == "y" || $answer == "Y" ]]; then - nmcli connection delete id "$2" - skipstep=1 - else - skipstep=0 - fi - else - skipstep=1 +check_nmcli_profile_exist() { + if [[ $1 == 0 ]]; then + read -r -p "The $2 connection profile already exists. +Do you wish to delete it? [y/N] " answer + + if [[ $answer == "y" || $answer == "Y" ]]; then + nmcli connection delete id "$2" + skipstep=1 + else + skipstep=0 fi + else + skipstep=1 + fi } -function get_creds() { - # Get user credentials - if [[ credsload -ne 0 ]]; then - read -r -p "Username: " username - read -r -p "Password: " -s password - echo - credsload=0 +check_iwd_profile_exist() { + if [ -f "$iwd_config_path$1" ]; then + read -r -p "The $1 connection profile already exists. +Do you wish to delete it? [y/N] " answer + + if [[ $answer == "y" || $answer == "Y" ]]; then + skipstep=1 + else + skipstep=0 fi + else + skipstep=1 + fi +} + +get_creds() { + # Get user credentials + if [[ credsload -ne 0 ]]; then + read -r -p "Username: " username + read -r -p "Password: " -s password + echo + credsload=0 + fi +} + +create_cert() { + echo "Creating certificate at $HOME/.config/ca_eduroam.pem" + + mkdir -p "$HOME/.config" + if ! curl -f "https://raw.githubusercontent.com/MikaelFangel/DTUConnect/main/ca_eduroam.pem" > "$HOME"/.config/ca_edu.pem; then + echo "Network issue... The script now uses an offline fallback method" + cat ./ca_eduroam.pem > "$HOME"/.config/ca_eduroam.pem + fi } -function create_secure() { - echo "Creating connection profile for DTUsecure..." - - get_creds - - # Creates connection profile - nmcli connection add \ - type wifi con-name "DTUsecure" ifname "$interface" ssid "DTUsecure" -- \ - wifi-sec.key-mgmt wpa-eap 802-1x.eap peap 802-1x.phase2-auth mschapv2 \ - 802-1x.identity "$username" 802-1x.password "$password" \ - 802-1x.anonymous-identity "anonymous@dtu.dk" +create_secure_nmcli() { + echo "Creating connection profile for DTUsecure..." + + get_creds + + # Creates connection profile + nmcli connection add \ + type wifi con-name "DTUsecure" ifname "$interface" ssid "DTUsecure" -- \ + wifi-sec.key-mgmt wpa-eap 802-1x.eap peap 802-1x.phase2-auth mschapv2 \ + 802-1x.identity "$username" 802-1x.password "$password" \ + 802-1x.anonymous-identity "anonymous@dtu.dk" } -function create_cert() { -mkdir -p "$HOME/.config" -echo "-----BEGIN CERTIFICATE----- -MIIFszCCA5ugAwIBAgIQGPyTPfToyJJPRg/BlCoZMjANBgkqhkiG9w0BAQsFADBO -MQswCQYDVQQGEwJESzEmMCQGA1UEChMdRGFubWFya3MgVGVrbmlza2UgVW5pdmVy -c2l0ZXQxFzAVBgNVBAMTDkRUVSBST09UIENBIDAxMB4XDTE1MTIwMjExMDQ0OFoX -DTQwMTIwMjExMTQ0OFowTjELMAkGA1UEBhMCREsxJjAkBgNVBAoTHURhbm1hcmtz -IFRla25pc2tlIFVuaXZlcnNpdGV0MRcwFQYDVQQDEw5EVFUgUk9PVCBDQSAwMTCC -AiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBANDKEUG7jDTxJW9L2FeE4nV7 -5ejarzkrkRz8wpmK+jpA/IqowG1yi/TDk77yastCBLnt0J7GhbUestDx27QcgpmS -kVNM3F6JAxCFSmswmtOTHRwC1Vp9q7RunVi3fH5NZB8n5d/KnRmS6qpq9xoNxR+1 -B+J1dd5EopqfYynwCimyYdXVmuJSeRC/mLm7N5/8PPiggrQSboHc1hA1S63s4oow -ME7mFogdS5tn4k+TBgT75q48zGEzJ2p8HeoMH5h/t+t7UJWuM7valf0dyjKvtIYu -Fe9hdPIX6mtFmhBJBZR3a82UG8Vc1WOKBVZtvAA+YjXgSFyPOIfTtTLSideS0dbV -Hs5fSIIkLsQo+qZ+BOBIwgVj8KH4Tzds/c7YKLeXLQAzZn3hJ8ShZb77ZTn5YAMw -sUmJPRUWyMJZxuBhLNty4GfX58D628ELgZdk8gCxr8okt0G8gMMWiFGNbXPM+p1e -z2qla8toHNvz4FKjbV1Wo303Qk0VPxT5iIF7l4voAIFwRmdlrYy1aU9auvE+E3km -84kzkY68V8Rxt/Ig+1dUmngSFyS81VWndpbPzKZtwMHlaFrtxPVlAQiI7y4vvUtU -GYUdscHe736/itpipfyOk8Y+bvtdKei2AFynUu7nfe1ylz21jZ4LFZ4ICxXldCHJ -eW4EuAll5JBRdOJ09G0vAgMBAAGjgYwwgYkwCwYDVR0PBAQDAgGGMA8GA1UdEwEB -/wQFMAMBAf8wHQYDVR0OBBYEFEGHGrJtr9H49tSOY1yMgdi7Pk7FMBIGCSsGAQQB -gjcVAQQFAgMBAAEwEQYDVR0gBAowCDAGBgRVHSAAMCMGCSsGAQQBgjcVAgQWBBTB -yFfc2YDjEQRdRBoMdYAnYLCu1DANBgkqhkiG9w0BAQsFAAOCAgEAb1L5CcG3w+rd -WHsjxtu19tsLJjwjhfYezADbw8HXKnOcaP9fLrPDRP3YHIJK/LSOYHn2z2Ltb6wl -rDB+0l1WhTyUIVluNXKmbeeQ7KhmvAhZXnCbZ2ibodaRndSHRc62c4jIoUtyHgzb -2PT4nGXZ3UAfSJUhpIDXf9d/B8HVD4PBbqCHeB+16Dd4DusxC+n8jW9yCLWqFfrp -C/7D3nueSOzBAqc0hx5f9zWffI99AN9hNSUn9u9TsFOhyvbYtVAelO+cQeN5uXjc -vMJu44j6tbaJJCmZir9cvst//fRQKe/FW7E4xpQ/PYI4/OhY++xY3VtDFKk8YWwj -kPVX14ZThvFgLTUIpfc6XCDGJD1QYbdXoONKsdzVngv5KSPXxDGR7E85q/HKExvm -8bJteqBMEr9brBjVpT4SJruSoEwT1DU7mITJU0s84SMPgGX0W0Z04EgavJgfwb8V -3dVcdOSfRGI9O3P9u7TFHDLXFBkOcbJEq9+q7fZ2NWQ+ahV/0Vp0XOLxsueRk1J8 -WaW2hKLjhHMEAvIq4fvID+CwOaKwa91Q9e4QjffG385IAA2St2iYV1qfC7Gw9rnG -G0If+819pZ0HnHtKUlzOAz4Yh7gbPIQFNObDKQTT6rZrL2fJLoZ5kk0/g4BKfGFd -3mihppQSBG7qQF84ErbTO80Pn2Il7L8= ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIGdzCCBF+gAwIBAgIKYRCS3AABAAAACTANBgkqhkiG9w0BAQsFADBOMQswCQYD -VQQGEwJESzEmMCQGA1UEChMdRGFubWFya3MgVGVrbmlza2UgVW5pdmVyc2l0ZXQx -FzAVBgNVBAMTDkRUVSBST09UIENBIDAxMB4XDTE1MTIwMjExMTkxMVoXDTI3MTIw -MjExMjkxMVowcDESMBAGCgmSJomT8ixkARkWAmRrMRMwEQYKCZImiZPyLGQBGRYD -ZHR1MRMwEQYKCZImiZPyLGQBGRYDd2luMTAwLgYDVQQDEydBZmRlbGluZ2VuIGZv -ciBJVCBTZXJ2aWNlIElzc3VpbmcgQ0EgMDIwggEiMA0GCSqGSIb3DQEBAQUAA4IB -DwAwggEKAoIBAQCjfR055ycQHow0JsvgrywYMFnrf0ETzBQ3qhyW4R87m/KOQgBv -Mn/q3lFGMpFabSxv2auTBe4ZKwOyVbIW1dLNtwBDUZ0Ix1LUUdOlwi83YqmGBObe -rT7hUmNFvaykDjnizszjLpHIxydsdK368u4oclCTPS2Lb5eMMhanwRNVpDtyeoPB -TA3hw/yq9yaDqv49D7diqCPxAC6rwTkjTirs4On8y6WSqiRSDP656XMo6NhTk8f1 -dy+8zCvHih7tgzvrAReReR3bbPVx8v3ZIRcRSoKXLXP3wU3bPjHBuOJgSZoI7U+b -tFq9XIwxWG77PDe7OyGx11297d995CL8CrU7AgMBAAGjggIzMIICLzASBgkrBgEE -AYI3FQEEBQIDAQABMCMGCSsGAQQBgjcVAgQWBBTMZ8ENgxEXj672axmHA73ZdGc6 -vTAdBgNVHQ4EFgQUBhPbV1NxrI24r7VdZ487d3Ld3D8wgdoGA1UdIASB0jCBzzCB -xAYLKwYBBAHYXIN9AwEwgbQwgYYGCCsGAQUFBwICMHoeeABEAGEAbgBtAGEAcgBr -AHMAIABUAGUAawBuAGkAcwBrAGUAIABVAG4AaQB2AGUAcgBzAGkAdABlAHQAIABD -AGUAcgB0AGkAZgBpAGMAYQB0AGUAIABQAHIAYQBjAHQAaQBjAGUAIABTAHQAYQB0 -AGUAbQBlAG4AdDApBggrBgEFBQcCARYdaHR0cDovL3BraS53aW4uZHR1LmRrL3Bv -bGljeS8wBgYEVR0gADAZBgkrBgEEAYI3FAIEDB4KAFMAdQBiAEMAQTALBgNVHQ8E -BAMCAYYwDwYDVR0TAQH/BAUwAwEB/zAfBgNVHSMEGDAWgBRBhxqyba/R+PbUjmNc -jIHYuz5OxTBCBgNVHR8EOzA5MDegNaAzhjFodHRwOi8vcGtpLndpbi5kdHUuZGsv -RFRVJTIwUk9PVCUyMENBJTIwMDEoMSkuY3JsMFoGCCsGAQUFBwEBBE4wTDBKBggr -BgEFBQcwAoY+aHR0cDovL3BraS53aW4uZHR1LmRrL1dJTi1ST09UQ0EwMV9EVFUl -MjBST09UJTIwQ0ElMjAwMSgxKS5jcnQwDQYJKoZIhvcNAQELBQADggIBAK62o90Z -QCDB4hsFRi9IoyrgL8fTJS3PTTXSsdnyRoXAQJzzAsWvvg4iTIMjJmpnYffB07Ax -mAmfJ7mueWVqZ7S0TwZjqgIZJmzzYV44eLn6CUq5Ua5UwaLCv+gsVnz/lR43BWCT -/heKHq6W64ST2whi4f/uhlaQj5zgsMXPtBgLDRsEvXUlrVHilaU7/4PtheeRGdbY -hAXnN6qCJlOeZIrgVtvBqG8hoe4f5pqXsJ4hPRKYxBcA1RI1tb6Z20L3f5+ppqNM -MbOqBTbtRL1IZl0ktLouiOo9/s9rTnDxaFotWp370mGbTqaOuNIxHfhuJC/koaTf -Z3MyMBduQKRh8UzTrM+vkkYww8kG2+ZvAvUl3v6Co27kl37MGleJtxjNsejLx9A5 -XKSU29pMG/dHtPWRjlBOZXKuGzcs6TzY1i/HPxmGXn2xmXe4Zxt3akJTZJStZ5xu -4afLprlCYR9Wc7w5FUG6WkrvWBZD9r6UYuQQSknK5KqdL2rymI/4Dp0IYE1ykZXX -P6DFULwVXIypQVwRY2L+JxBJ8EeUEc8LciJjhKFHf2zYwh2B27zDTIcEMXZPvZ42 -JaWb94x0JkaiKwPGwTO/Qf//yLhpkhTTat1HmfpsQsd8GQosAdG7DmGT2b84Ps5T -mj11TwBgoKu/qe7tW3wijRQABbjO7EUCtRYq ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIGkTCCBHmgAwIBAgITEwAAAAtIGAItF3lvPQABAAAACzANBgkqhkiG9w0BAQsF -ADBOMQswCQYDVQQGEwJESzEmMCQGA1UEChMdRGFubWFya3MgVGVrbmlza2UgVW5p -dmVyc2l0ZXQxFzAVBgNVBAMTDkRUVSBST09UIENBIDAxMB4XDTIyMTAwMzEyMDEx -M1oXDTM0MTAwMzEyMTExM1owcDESMBAGCgmSJomT8ixkARkWAmRrMRMwEQYKCZIm -iZPyLGQBGRYDZHR1MRMwEQYKCZImiZPyLGQBGRYDd2luMTAwLgYDVQQDEydBZmRl -bGluZ2VuIGZvciBJVCBTZXJ2aWNlIElzc3VpbmcgQ0EgMDMwggIiMA0GCSqGSIb3 -DQEBAQUAA4ICDwAwggIKAoICAQCnr3H0nthghzIccgBx0tyPbPk6HM+plbCfeWpV -ATTBALAtP02j9KYYujm3HLV5Bmo+flWqBZRx237SKoTQEEHFE/bbkNuX1Np/U/HP -TyNeY3Hz6v25FrdgcGrrlmaZWA7b3UByV2Iyhe/vSFnGuBOBuUOXlohINnfORCtp -kK3IUfYgefMwNNL0/j8wepYSP/FEb81RBD4Rbas8mVbNczBhvrqxFeifYivTXOg8 -PeqL6BbhjNLvNza9EfSunFZdeLzhuIX7KaRgUp06ltBI1pKybJSbuA7cmMos/T/D -Dxk6AX4MrWCF8mbxqjcEU5bAcopAoSjt1zFtC//W8j3QU134ehOszJkog9cXjLl5 -Y7hhzmH20mwo3ZVqdPfE2hUrXJPIzzDocsfJzimMxo3D/YqOKbMw9hy1k2a1Q63G -lvRiYte/1at0YlmDbqtpxjH2eZiWzkzIOXvFGlk3AvkwWmMU3IHNgMEwUnPqjczi -LYwfahq75vFOvg5wJkDfChn4wws34BnRpcZQfeP5c3zlKwXALricnf4NDXBXstn/ -/sSKXsWcE8O1aFCjBHhEklZfmgP87hQA+owLixWZsXYGV2AbOYut7wMp2slZhpB9 -jRCpJ3ux90doJhiFj5XlYmg0cKdUK6VfhhuUDow1I3303eqSui+3q6qo4PbVkOOO -tmOJuQIDAQABo4IBRDCCAUAwEAYJKwYBBAGCNxUBBAMCAQAwHQYDVR0OBBYEFH8x -Erzof/fcUmXmp9PGeUji0vwRMBEGA1UdIAQKMAgwBgYEVR0gADAZBgkrBgEEAYI3 -FAIEDB4KAFMAdQBiAEMAQTALBgNVHQ8EBAMCAYYwEgYDVR0TAQH/BAgwBgEB/wIB -ADAfBgNVHSMEGDAWgBRBhxqyba/R+PbUjmNcjIHYuz5OxTBCBgNVHR8EOzA5MDeg -NaAzhjFodHRwOi8vcGtpLndpbi5kdHUuZGsvRFRVJTIwUk9PVCUyMENBJTIwMDEo -MSkuY3JsMFkGCCsGAQUFBwEBBE0wSzBJBggrBgEFBQcwAoY9aHR0cDovL3BraS53 -aW4uZHR1LmRrL2FpdC1wcm9vdGNhX0RUVSUyMFJPT1QlMjBDQSUyMDAxKDEpLmNy -dDANBgkqhkiG9w0BAQsFAAOCAgEAVUkOay5rKJcBZCcw3OjnZOT0AhlR8FOTDyzB -CEpmTNGw+6o03jxzRDw2htx6CUKg0rcqu42ajWfMpznD+45BkTBUfBcwdVGvQ0A5 -fagKpdZJqjX8h0AubIiVQT+WEVIXLXWYqzLjHKZAOPjh3/c1wXnpfcupMiqUfHyW -PuyQuWk3e2ffD8fqQkXmm5kGhxnYRVwdjBRI1OgwHu+g9y+aMPxDjy6UV9dszbzG -rzp0WUfYP5Po5Q20WisuSP2cslCLWEA1puJ9eoQbolX0lU4akir2+BeeFOymJ4Zr -0sJDV07NiJFQek0KvYQTJ2AoHomSxuMK4JnovfUy5CkSv/c79TT4YCM+j/XMvktT -7JNMhw7RI/+pNLksDDp4G2y4sUR8F6rP9taHfNbrf9hCei7e6+ZV9iP2esWGRy0m -9soeZ0I6PdnFowhlIPI9IiL5oJn9MSS/IS8kJtQi+GEJAZi1skMQwe1JPKdwBlMX -6+N4zcymRlFSxzP9Ff9zsc4eOyw6VrKuVol+5+YzOFC1mjpTrKmNsnQoyLPbaDM+ -iLI/+waFbFu1yqTnfOuue/P8+TEfujz/4bwZq3s25mLQH/puEI7ueb1XTxVcJzj6 -GF8PvBE+A6iD8oAg+h+3AqsWqGp+3Lr1kGK/5JKw2CXV3SwA3v827uOQ731lwbTK -wQA2RQg= ------END CERTIFICATE----- -" > "$HOME"/.config/ca_edu.pem +create_eduroam_nmcli() { + echo "Creating connection profile for eduroam..." + + get_creds + + create_cert + + nmcli connection add \ + type wifi con-name "eduroam" ifname "$interface" ssid "eduroam" -- \ + connection.permissions "user:$USER" wifi-sec.key-mgmt wpa-eap 802-1x.eap peap 802-1x.phase2-auth mschapv2 \ + wifi-sec.proto rsn wifi-sec.pairwise ccmp wifi-sec.group "ccmp,tkip" \ + 802-1x.identity "$username" 802-1x.password "$password" 802-1x.ca-cert "$HOME"/.config/ca_eduroam.pem \ + 802-1x.anonymous-identity "anonymous@dtu.dk" \ + 802-1x.altsubject-matches "DNS:ait-pisepsn03.win.dtu.dk,DNS:ait-pisepsn04.win.dtu.dk" } -function create_eduroam() { - echo "Creating connection profile for eduroam..." +create_secure_iwd() { + echo "Creating connection profile for DTUsecure..." - get_creds + get_creds - echo "Creating certificate at $HOME/.config/ca_edu.pem" - create_cert + echo "[Security] +EAP-Method=PEAP +EAP-Identity=anonymous@dtu.dk +EAP-PEAP-Phase2-Method=MSCHAPV2 +EAP-PEAP-Phase2-Identity=$username +EAP-PEAP-Phase2-Password=$password - echo "Adding connection profile for eduroam..." - nmcli connection add \ - type wifi con-name "eduroam" ifname "$interface" ssid "eduroam" -- \ - connection.permissions "user:$USER" wifi-sec.key-mgmt wpa-eap 802-1x.eap peap 802-1x.phase2-auth mschapv2 \ - wifi-sec.proto rsn wifi-sec.pairwise ccmp wifi-sec.group "ccmp,tkip" \ - 802-1x.identity "$username" 802-1x.password "$password" 802-1x.ca-cert "$HOME"/.config/ca_edu.pem \ - 802-1x.anonymous-identity "anonymous@dtu.dk" \ - 802-1x.altsubject-matches "DNS:ait-pisepsn03.win.dtu.dk,DNS:ait-pisepsn04.win.dtu.dk" +[Settings] +AutoConnect=true" > $iwd_config_path$iwd_config_filename_secure } -function main() { - nwid="DTUsecure" - state=$(nmcli -f GENERAL.STATE con show $nwid; echo $?) - # Gets the name of the wireless interface using nmcli - interface=$(nmcli dev status | grep -E "(^| )wifi( |$)" | awk '{print $1}') - check_profile_exist "$state" "$nwid" +create_eduroam_iwd() { + echo "Creating connection profile for eduroam..." - if [[ $skipstep -ne 0 ]]; then - create_secure - fi + get_creds + + create_cert + cp "$HOME"/.config/ca_eduroam.pem /var/lib/iwd/ca_eduroam.pem + + echo "[Security] +EAP-Method=PEAP +EAP-Identity=anonymous@dtu.dk +EAP-PEAP-CACert=/var/lib/iwd/ca_eduroam.pem +EAP-PEAP-ServerDomainMask=ait-pisepsn03.win.dtu.dk +EAP-PEAP-Phase2-Method=MSCHAPV2 +EAP-PEAP-Phase2-Identity=$username +EAP-PEAP-Phase2-Password=$password - nwid="eduroam" - state=$(nmcli -f GENERAL.STATE con show $nwid; echo $?) - check_profile_exist "$state" "$nwid" - - if [[ $skipstep -ne 0 ]]; then - read -r -p "Do you want to setup $nwid also? [Y/n]" continue - if [[ $continue != "n" && $continue != "N" ]]; then - create_eduroam - fi +[Settings] +AutoConnect=true" > $iwd_config_path$iwd_config_filename_eduroam +} + +nmcli_main() { + nwid="DTUsecure" + nmcli -f GENERAL.STATE con show $nwid &> /dev/null + state=$? + # Gets the name of the wireless interface using nmcli + interface=$(nmcli dev status | grep -E "(^| )wifi( |$)" | awk '{print $1}') + check_nmcli_profile_exist "$state" "$nwid" + + if [[ $skipstep -ne 0 ]]; then + create_secure_nmcli + fi + + nwid="eduroam" + nmcli -f GENERAL.STATE con show $nwid &> /dev/null + state=$? + check_nmcli_profile_exist "$state" "$nwid" + + if [[ $skipstep -ne 0 ]]; then + read -r -p "Do you want to install $nwid? [Y/n]" continue + if [[ $continue != "n" && $continue != "N" ]]; then + create_eduroam_nmcli fi + fi +} + +iwd_main() { + check_iwd_profile_exist $iwd_config_filename_secure - echo "Exiting script..." + if [[ $skipstep -ne 0 ]]; then + create_secure_iwd + fi + + check_iwd_profile_exist $iwd_config_filename_eduroam + if [[ $skipstep -ne 0 ]]; then + read -r -p "Do you want to install eduroam? [Y/n]" continue + if [[ $continue != "n" && $continue != "N" ]]; then + create_eduroam_iwd + fi + fi } -main +# Initiate the main suitable for the system +if [[ $iwd -ne 0 ]]; then + nmcli_main +else + iwd_main +fi + +echo "Exiting script..."