#!/usr/bin/env bashif [ -z "$BASH" ] ; then bash $0 exitfim

1. #!/usr/bin/env bash
2. if [ -z "$BASH" ] ; then
3. bash $0
4. exit
5. fi
6.  
7.  
8.  
9. my_name=$0
10.  
11.  
12. function setup_environment {
13. bf=""
14. n=""
15. ORGANISATION="Fachhochschule Münster"
16. URL="https://www.fh-muenster.de/dvz/index.php"
17. SUPPORT="it-support@fh-muenster.de"
18. if [ ! -z "$DISPLAY" ] ; then
19. if which zenity 1>/dev/null 2>&1 ; then
20. ZENITY=`which zenity`
21. elif which kdialog 1>/dev/null 2>&1 ; then
22. KDIALOG=`which kdialog`
23. else
24. if tty > /dev/null 2>&1 ; then
25. if echo $TERM | grep -E -q "xterm|gnome-terminal|lxterminal" ; then
26. bf="";
27. n="";
28. fi
29. else
30. find_xterm
31. if [ -n "$XT" ] ; then
32. $XT -e $my_name
33. fi
34. fi
35. fi
36. fi
37. }
38.  
39. function split_line {
40. echo $1 | awk -F '\\\\n' 'END { for(i=1; i <= NF; i++) print $i }'
41. }
42.  
43. function find_xterm {
44. terms="xterm aterm wterm lxterminal rxvt gnome-terminal konsole"
45. for t in $terms
46. do
47. if which $t > /dev/null 2>&1 ; then
48. XT=$t
49. break
50. fi
51. done
52. }
53.  
54.  
55. function ask {
56. T="DFN eduroam CAT"
57. # if ! [ -z "$3" ] ; then
58. # T="$T: $3"
59. # fi
60. if [ ! -z $KDIALOG ] ; then
61. if $KDIALOG --yesno "${1}\n${2}?" --title "$T" ; then
62. return 0
63. else
64. return 1
65. fi
66. fi
67. if [ ! -z $ZENITY ] ; then
68. text=`echo "${1}" | fmt -w60`
69. if $ZENITY --no-wrap --question --text="${text}\n${2}?" --title="$T" 2>/dev/null ; then
70. return 0
71. else
72. return 1
73. fi
74. fi
75.  
76. yes=J
77. no=N
78. yes1=`echo $yes | awk '{ print toupper($0) }'`
79. no1=`echo $no | awk '{ print toupper($0) }'`
80.  
81. if [ $3 == "0" ]; then
82. def=$yes
83. else
84. def=$no
85. fi
86.  
87. echo "";
88. while true
89. do
90. split_line "$1"
91. read -p "${bf}$2 ${yes}/${no}? [${def}]:$n " answer
92. if [ -z "$answer" ] ; then
93. answer=${def}
94. fi
95. answer=`echo $answer | awk '{ print toupper($0) }'`
96. case "$answer" in
97. ${yes1})
98. return 0
99. ;;
100. ${no1})
101. return 1
102. ;;
103. esac
104. done
105. }
106.  
107. function alert {
108. if [ ! -z $KDIALOG ] ; then
109. $KDIALOG --sorry "${1}"
110. return
111. fi
112. if [ ! -z $ZENITY ] ; then
113. $ZENITY --warning --text="$1" 2>/dev/null
114. return
115. fi
116. echo "$1"
117.  
118. }
119.  
120. function show_info {
121. if [ ! -z $KDIALOG ] ; then
122. $KDIALOG --msgbox "${1}"
123. return
124. fi
125. if [ ! -z $ZENITY ] ; then
126. $ZENITY --info --width=500 --text="$1" 2>/dev/null
127. return
128. fi
129. split_line "$1"
130. }
131.  
132. function confirm_exit {
133. if [ ! -z $KDIALOG ] ; then
134. if $KDIALOG --yesno "Wirklich beenden?" ; then
135. exit 1
136. fi
137. fi
138. if [ ! -z $ZENITY ] ; then
139. if $ZENITY --question --text="Wirklich beenden?" 2>/dev/null ; then
140. exit 1
141. fi
142. fi
143. }
144.  
145.  
146.  
147. function prompt_nonempty_string {
148. prompt=$2
149. if [ ! -z $ZENITY ] ; then
150. if [ $1 -eq 0 ] ; then
151. H="--hide-text "
152. fi
153. if ! [ -z "$3" ] ; then
154. D="--entry-text=$3"
155. fi
156. elif [ ! -z $KDIALOG ] ; then
157. if [ $1 -eq 0 ] ; then
158. H="--password"
159. else
160. H="--inputbox"
161. fi
162. fi
163.  
164.  
165. out_s="";
166. if [ ! -z $ZENITY ] ; then
167. while [ ! "$out_s" ] ; do
168. out_s=`$ZENITY --entry --width=300 $H $D --text "$prompt" 2>/dev/null`
169. if [ $? -ne 0 ] ; then
170. confirm_exit
171. fi
172. done
173. elif [ ! -z $KDIALOG ] ; then
174. while [ ! "$out_s" ] ; do
175. out_s=`$KDIALOG $H "$prompt" "$3"`
176. if [ $? -ne 0 ] ; then
177. confirm_exit
178. fi
179. done
180. else
181. while [ ! "$out_s" ] ; do
182. read -p "${prompt}: " out_s
183. done
184. fi
185. echo "$out_s";
186. }
187.  
188. function user_cred {
189. PASSWORD="a"
190. PASSWORD1="b"
191.  
192. if ! USER_NAME=`prompt_nonempty_string 1 "Geben Sie ihre Benutzerkennung ein"` ; then
193. exit 1
194. fi
195.  
196. while [ "$PASSWORD" != "$PASSWORD1" ]
197. do
198. if ! PASSWORD=`prompt_nonempty_string 0 "Geben Sie ihr Passwort ein"` ; then
199. exit 1
200. fi
201. if ! PASSWORD1=`prompt_nonempty_string 0 "Wiederholen Sie das Passwort"` ; then
202. exit 1
203. fi
204. if [ "$PASSWORD" != "$PASSWORD1" ] ; then
205. alert "Die Passwörter stimmen nicht überein"
206. fi
207. done
208. }
209. setup_environment
210. show_info "Dieses Installationsprogramm wurde für ${ORGANISATION} hergestellt.\n\nMehr Informationen und Kommentare:\n\nEMAIL: ${SUPPORT}\nWWW: ${URL}\n\nDas Installationsprogramm wurde mit Software vom GEANT Projekt erstellt."
211. if ! ask "Dieses Installationsprogramm funktioniert nur für Anwender von ${bf}Fachhochschule Münster${n} in der Benutzergruppe: ${bf}eduroam FH-Münster.${n}" "Weiter" 1 ; then exit; fi
212. if [ -d $HOME/.cat_installer ] ; then
213. if ! ask "Das Verzeichnis $HOME/.cat_installer existiert bereits; einige Dateien darin könnten überschrieben werden." "Weiter" 1 ; then exit; fi
214. else
215. mkdir $HOME/.cat_installer
216. fi
217. # save certificates
218. echo "-----BEGIN CERTIFICATE-----
219. MIIDwzCCAqugAwIBAgIBATANBgkqhkiG9w0BAQsFADCBgjELMAkGA1UEBhMCREUx
220. KzApBgNVBAoMIlQtU3lzdGVtcyBFbnRlcnByaXNlIFNlcnZpY2VzIEdtYkgxHzAd
221. BgNVBAsMFlQtU3lzdGVtcyBUcnVzdCBDZW50ZXIxJTAjBgNVBAMMHFQtVGVsZVNl
222. YyBHbG9iYWxSb290IENsYXNzIDIwHhcNMDgxMDAxMTA0MDE0WhcNMzMxMDAxMjM1
223. OTU5WjCBgjELMAkGA1UEBhMCREUxKzApBgNVBAoMIlQtU3lzdGVtcyBFbnRlcnBy
224. aXNlIFNlcnZpY2VzIEdtYkgxHzAdBgNVBAsMFlQtU3lzdGVtcyBUcnVzdCBDZW50
225. ZXIxJTAjBgNVBAMMHFQtVGVsZVNlYyBHbG9iYWxSb290IENsYXNzIDIwggEiMA0G
226. CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCqX9obX+hzkeXaXPSi5kfl82hVYAUd
227. AqSzm1nzHoqvNK38DcLZSBnuaY/JIPwhqgcZ7bBcrGXHX+0CfHt8LRvWurmAwhiC
228. FoT6ZrAIxlQjgeTNuUk/9k9uN0goOA/FvudocP05l03Sx5iRUKrERLMjfTlH6VJi
229. 1hKTXrcxlkIF+3anHqP1wvzpesVsqXFP6st4vGCvx9702cu+fjOlbpSD8DT6Iavq
230. jnKgP6TeMFvvhk1qlVtDRKgQFRzlAVfFmPHmBiiRqiDFt1MmUUOyCxGVWOHAD3bZ
231. wI18gfNycJ5v/hqO2V81xrJvNHy+SE/iWjnX2J14np+GPgNeGYtEotXHAgMBAAGj
232. QjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBS/
233. WSA2AHmgoCJrjNXyYdK4LMuCSjANBgkqhkiG9w0BAQsFAAOCAQEAMQOiYQsfdOhy
234. NsZt+U2e+iKo4YFWz827n+qrkRk4r6p8FU3ztqONpfSO9kSpp+ghla0+AGIWiPAC
235. uvxhI+YzmzB6azZie60EI4RYZeLbK4rnJVM3YlNfvNoBYimipidx5joifsFvHZVw
236. IEoHNN/q/xWA5brXethbdXwFeilHfkCoMRN3zUA7tFFHei4R40cR3p1m0IvVVGb6
237. g1XqfMIpiRvpb7PO4gWEyS8+eIVibslfwXhjdFjASBgMmTnrpMwatXlajRWc2BQN
238. 9noHV8cigwUtPJslJj0Ys6lDfMjIq2SPDqO/nBudMNva0Bkuqjzx+zOAduTNrRlP
239. BSeOE6Fuwg==
240. -----END CERTIFICATE-----
241.  
242. " > $HOME/.cat_installer/ca.pem
243. function run_python_script {
244. PASSWORD=$( echo "$PASSWORD" | sed "s/'/\\\'/g" )
245. if python << EEE1 > /dev/null 2>&1
246. import dbus
247. EEE1
248. then
249. PYTHON=python
250. elif python3 << EEE2 > /dev/null 2>&1
251. import dbus
252. EEE2
253. then
254. PYTHON=python3
255. else
256. PYTHON=none
257. return 1
258. fi
259.  
260. $PYTHON << EOF > /dev/null 2>&1
261. #-*- coding: utf-8 -*-
262. import dbus
263. import re
264. import sys
265. import uuid
266. import os
267.  
268. class EduroamNMConfigTool:
269.  
270. def connect_to_NM(self):
271. #connect to DBus
272. try:
273. self.bus = dbus.SystemBus()
274. except dbus.exceptions.DBusException:
275. print("Can't connect to DBus")
276. sys.exit(2)
277. #main service name
278. self.system_service_name = "org.freedesktop.NetworkManager"
279. #check NM version
280. self.check_nm_version()
281. if self.nm_version == "0.9" or self.nm_version == "1.0":
282. self.settings_service_name = self.system_service_name
283. self.connection_interface_name = "org.freedesktop.NetworkManager.Settings.Connection"
284. #settings proxy
285. sysproxy = self.bus.get_object(self.settings_service_name, "/org/freedesktop/NetworkManager/Settings")
286. #settings intrface
287. self.settings = dbus.Interface(sysproxy, "org.freedesktop.NetworkManager.Settings")
288. elif self.nm_version == "0.8":
289. #self.settings_service_name = "org.freedesktop.NetworkManagerUserSettings"
290. self.settings_service_name = "org.freedesktop.NetworkManager"
291. self.connection_interface_name = "org.freedesktop.NetworkManagerSettings.Connection"
292. #settings proxy
293. sysproxy = self.bus.get_object(self.settings_service_name, "/org/freedesktop/NetworkManagerSettings")
294. #settings intrface
295. self.settings = dbus.Interface(sysproxy, "org.freedesktop.NetworkManagerSettings")
296. else:
297. print("This Network Manager version is not supported")
298. sys.exit(2)
299.  
300. def check_opts(self):
301. self.cacert_file = '${HOME}/.cat_installer/ca.pem'
302. self.pfx_file = '${HOME}/.cat_installer/user.p12'
303. if not os.path.isfile(self.cacert_file):
304. print("Certificate file not found, looks like a CAT error")
305. sys.exit(2)
306.  
307. def check_nm_version(self):
308. try:
309. proxy = self.bus.get_object(self.system_service_name, "/org/freedesktop/NetworkManager")
310. props = dbus.Interface(proxy, "org.freedesktop.DBus.Properties")
311. version = props.Get("org.freedesktop.NetworkManager", "Version")
312. except dbus.exceptions.DBusException:
313. version = "0.8"
314. if re.match(r'^1\.', version):
315. self.nm_version = "1.0"
316. return
317. if re.match(r'^0\.9', version):
318. self.nm_version = "0.9"
319. return
320. if re.match(r'^0\.8', version):
321. self.nm_version = "0.8"
322. return
323. else:
324. self.nm_version = "Unknown version"
325. return
326.  
327. def byte_to_string(self, barray):
328. return "".join([chr(x) for x in barray])
329.  
330.  
331. def delete_existing_connections(self, ssid):
332. "checks and deletes earlier connections"
333. try:
334. conns = self.settings.ListConnections()
335. except dbus.exceptions.DBusException:
336. print("DBus connection problem, a sudo might help")
337. exit(3)
338. for each in conns:
339. con_proxy = self.bus.get_object(self.system_service_name, each)
340. connection = dbus.Interface(con_proxy, "org.freedesktop.NetworkManager.Settings.Connection")
341. try:
342. connection_settings = connection.GetSettings()
343. if connection_settings['connection']['type'] == '802-11-wireless':
344. conn_ssid = self.byte_to_string(connection_settings['802-11-wireless']['ssid'])
345. if conn_ssid == ssid:
346. connection.Delete()
347. except dbus.exceptions.DBusException:
348. pass
349.  
350. def add_connection(self,ssid):
351. server_alt_subject_name_list = dbus.Array({'DNS:radius2.fh-muenster.de','DNS:cisco-ise.fh-muenster.de','DNS:cisco-ise-standby.fh-muenster.de'})
352. server_name = 'fh-muenster.de'
353. if self.nm_version == "0.9" or self.nm_version == "1.0":
354. match_key = 'altsubject-matches'
355. match_value = server_alt_subject_name_list
356. else:
357. match_key = 'subject-match'
358. match_value = server_name
359.  
360. s_con = dbus.Dictionary({
361. 'type': '802-11-wireless',
362. 'uuid': str(uuid.uuid4()),
363. 'permissions': ['user:$USER'],
364. 'id': ssid
365. })
366. s_wifi = dbus.Dictionary({
367. 'ssid': dbus.ByteArray(ssid.encode('utf8')),
368. 'security': '802-11-wireless-security'
369. })
370. s_wsec = dbus.Dictionary({
371. 'key-mgmt': 'wpa-eap',
372. 'proto': ['rsn',],
373. 'pairwise': ['ccmp',],
374. 'group': ['ccmp', 'tkip']
375. })
376. s_8021x = dbus.Dictionary({
377. 'eap': ['peap'],
378. 'identity': '$USER_NAME',
379. 'ca-cert': dbus.ByteArray("file://{0}\0".format(self.cacert_file).encode('utf8')),
380. match_key: match_value,
381. 'password': '$PASSWORD',
382. 'phase2-auth': 'mschapv2',
383. 'anonymous-identity': 'newpki@fh-muenster.de',
384. })
385. s_ip4 = dbus.Dictionary({'method': 'auto'})
386. s_ip6 = dbus.Dictionary({'method': 'auto'})
387. con = dbus.Dictionary({
388. 'connection': s_con,
389. '802-11-wireless': s_wifi,
390. '802-11-wireless-security': s_wsec,
391. '802-1x': s_8021x,
392. 'ipv4': s_ip4,
393. 'ipv6': s_ip6
394. })
395. self.settings.AddConnection(con)
396.  
397. def main(self):
398. self.check_opts()
399. ver = self.connect_to_NM()
400. self.delete_existing_connections('eduroam')
401. self.add_connection('eduroam')
402.  
403. if __name__ == "__main__":
404. ENMCT = EduroamNMConfigTool()
405. ENMCT.main()
406. EOF
407. }
408. function create_wpa_conf {
409. cat << EOFW >> $HOME/.cat_installer/cat_installer.conf
410.  
411. network={
412. ssid="eduroam"
413. key_mgmt=WPA-EAP
414. pairwise=CCMP
415. group=CCMP TKIP
416. eap=PEAP
417. ca_cert="${HOME}/.cat_installer/ca.pem"
418. identity="${USER_NAME}"
419. domain_suffix_match="fh-muenster.de"
420. phase2="auth=MSCHAPV2"
421. password="${PASSWORD}"
422. anonymous_identity="newpki@fh-muenster.de"
423. }
424. EOFW
425. chmod 600 $HOME/.cat_installer/cat_installer.conf
426. }
427. #prompt user for credentials
428. user_cred
429. if run_python_script ; then
430. show_info "Installation erfolgreich"
431. else
432. show_info "Konfiguration von NetworkManager fehlgeschlagen, erzeuge nun wpa_supplicant.conf Datei"
433. if ! ask "Network Manager configuration failed, but we may generate a wpa_supplicant configuration file if you wish. Be warned that your connection password will be saved in this file as clear text." "Datei schreiben" 1 ; then exit ; fi
434.  
435. if [ -f $HOME/.cat_installer/cat_installer.conf ] ; then
436. if ! ask "Datei $HOME/.cat_installer/cat_installer.conf existiert bereits, sie wird überschrieben." "Weiter" 1 ; then confirm_exit; fi
437. rm $HOME/.cat_installer/cat_installer.conf
438. fi
439. create_wpa_conf
440. show_info "Ausgabe nach $HOME/.cat_installer/cat_installer.conf geschrieben"
441. fi