forked from CERTCC/tapioca
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathhostapd.sh
executable file
·214 lines (168 loc) · 6.23 KB
/
hostapd.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
#!/bin/bash
# BEGIN LICENSE #
#
# CERT Tapioca
#
# Copyright 2018 Carnegie Mellon University. All Rights Reserved.
#
# NO WARRANTY. THIS CARNEGIE MELLON UNIVERSITY AND SOFTWARE
# ENGINEERING INSTITUTE MATERIAL IS FURNISHED ON AN "AS-IS" BASIS.
# CARNEGIE MELLON UNIVERSITY MAKES NO WARRANTIES OF ANY KIND, EITHER
# EXPRESSED OR IMPLIED, AS TO ANY MATTER INCLUDING, BUT NOT LIMITED
# TO, WARRANTY OF FITNESS FOR PURPOSE OR MERCHANTABILITY, EXCLUSIVITY,
# OR RESULTS OBTAINED FROM USE OF THE MATERIAL. CARNEGIE MELLON
# UNIVERSITY DOES NOT MAKE ANY WARRANTY OF ANY KIND WITH RESPECT TO
# FREEDOM FROM PATENT, TRADEMARK, OR COPYRIGHT INFRINGEMENT.
#
# Released under a BSD (SEI)-style license, please see license.txt or
# contact [email protected] for full terms.
#
# [DISTRIBUTION STATEMENT A] This material has been approved for
# public release and unlimited distribution. Please see Copyright
# notice for non-US Government use and distribution.
# CERT(R) is registered in the U.S. Patent and Trademark Office by
# Carnegie Mellon University.
#
# DM18-0637
#
# END LICENSE #
source ./tapioca.cfg
unset_pass=`grep PASSWORD_HERE hostapd.conf`
unset_LAN=`grep LAN_DEVICE tapioca.cfg`
ssid=`grep ssid= hostapd.conf | awk -F= '{print $NF}'`
nmclimajor=`nmcli --version | awk '{print $NF}' | awk -F. '{print $1}'`
ethtool_bin=`which ethtool 2> /dev/null`
if [ -z "$ethtool_bin" ]; then
# Raspbian minimial install doesn't set up path
ethtool_bin=/sbin/ethtool
fi
if [ ! -f "$ethtool_bin" ]; then
# Try other path
ethtool_bin=/usr/sbin/ethtool
fi
hostapd_bin=`which hostapd 2> /dev/null`
if [ -z "$hostapd_bin" ]; then
# Raspbian minimial install doesn't set up path
hostapd_bin=/usr/sbin/hostapd
fi
if [ ! -z "$unset_pass" ]; then
echo "*** You must set the wireless password in hostapd.conf ***"
sleep 5
mousepad hostapd.conf
fi
source ./tapioca.cfg
unset_pass=`grep PASSWORD_HERE hostapd.conf`
unset_LAN=`grep LAN_DEVICE tapioca.cfg`
ssid=`grep ssid= hostapd.conf | awk -F= '{print $NF}'`
if [ ! -z "$unset_pass" ]; then
echo "*** You must set the wireless password in hostapd.conf ***"
sleep 5
exit 1
fi
network_up=`nmcli device status | grep " connected " | head -n1`
if [ -z "$network_up" ]; then
# Ubuntu 20.04 doesn't use NetworkManager. Possibly others as well.
# Fall back to just ip link
network_up=`ip link | grep "state UP"`
fi
if [ -z "$network_up" ]; then
echo "*** No network connection appears to be up ***"
echo "Please make sure your upstream network is working"
echo "before proceeding with a soft AP"
nmcli dev status
sleep 10
nm-connection-editor
exit 1
fi
eth_count=`nmcli device status | awk '{print $2}' | egrep "ethernet|wifi|wireless" | wc -l`
if [ "$eth_count" -lt 2 ]; then
nmcli device status
echo "*** Ethernet devices detected: $eth_count. Cannot proceed. ***"
sleep 10
exit 1
fi
free_wifi=`nmcli device status | egrep " wifi | 802-11-wireless " | grep -v " connected " | head -n1`
if [ -z "$free_wifi" ]; then
nmcli device status
echo "*** No unconfigured wireless adapter detected ***"
sleep 10
exit 1
else
wifi_adapter=`echo $free_wifi | awk '{print $1}'`
wifi_state=`echo $free_wifi | awk '{print $3}'`
if [ "$nmclimajor" -gt 0 ]; then
# Old nmcli doesn't support checking wifi properties it seems
ap_supported=`nmcli -f WIFI-PROPERTIES dev show $wifi_adapter | grep WIFI-PROPERTIES.AP | awk '{print $NF}'`
if [ "$ap_supported" == "no" ]; then
echo "*** Wireless device $wifi_adapter is available, but it does not appear to support AP mode. ***"
sleep 10
exit 1
fi
fi
if [ "$wifi_state" == "disconnected" ]; then
echo "Wireless device $wifi_adapter is available, but it is managed by NetworkManager."
echo "Reconfiguring $wifi_adapter to be unmanaged..."
ap_mac=`$ethtool_bin -P $wifi_adapter | awk '{print $NF}'`
keyfile_present=`grep '\[keyfile\]' /etc/NetworkManager/NetworkManager.conf`
if [ -z "$keyfile_present" ]; then
sudo sh -c "echo '[keyfile]' >> /etc/NetworkManager/NetworkManager.conf"
fi
sudo sh -c "echo unmanaged-devices=mac:$ap_mac >> /etc/NetworkManager/NetworkManager.conf"
sudo systemctl restart NetworkManager.service
sleep 10
free_wifi=`nmcli device status | grep " wifi " | grep -v " connected " | head -n1`
wifi_state=`echo $free_wifi | awk '{print $3}'`
if [ "$wifi_state" == "disconnected" ]; then
echo "*** Please reboot to activate network changes. ***"
sleep 10
exit 1
fi
fi
fi
echo "Detected internal wireless AP adapter: $wifi_adapter"
sed -i.bak -e "s/internal_net=.*/internal_net=$wifi_adapter/" tapioca.cfg
source ./tapioca.cfg
# Get hostapd adapter IP address via internal_subnet
# e.g. "10.0.0.0/24" -> "10.0.0.1/24"
ip_mask=`echo $internal_subnet | sed "s/0\//1\//"`
# Replace wireless adapter in hostapd.conf file
sed -i.bak -e "s/interface=.*/interface=$internal_net/" hostapd.conf
# Copy customized hostapd.conf to system-wide location
if [ -d /etc/hostapd ]; then
sudo cp hostapd.conf /etc/hostapd/
else
sudo cp hostapd.conf /etc/
fi
# Set static IP address and subnet for hostapd adapter
sudo ip a flush dev $internal_net
sudo ip a add $ip_mask dev $internal_net
# Start hostapd
sudo service hostapd restart
if [ $? -ne 0 ]; then
# Assume that hostapd was started manually. Kill manually.
sudo killall $hostapd_bin
fi
sleep 5
# Some OS versions like Raspbian will kill off the internal_net adapter
# Check if hostapd is really running
hostapd_running=`ps aux | grep $hostapd_bin | grep -v grep`
if [ -z "$hostapd_running" ]; then
echo Restarting hostapd...
sudo service hostapd restart
fi
# Maybe hostapd service runner isn't working (Ubuntu 17.10)
hostapd_running=`ps aux | grep $hostapd_bin | grep -v grep`
if [ -z "$hostapd_running" ]; then
echo Starting hostapd manually...
sudo $hostapd_bin -B -P /run/hostapd.pid /etc/hostapd/hostapd.conf
fi
sleep 5
# Start dhcpd
sudo service dhcpd restart
sudo service isc-dhcp-server restart
sudo service dnsmasq restart
sudo ./iptables_noproxy.sh
if [ $? -eq 0 ]; then
echo "*** WiFi SSID $ssid should now be available! ***"
fi
sleep 8