[arch-projects] [PATCH 1/2] Ensure all variables are unset before loading profile
There is a possible leak of profile info from one to the next if profiles are loaded in sequence, due to the fact that we are running all of this in a shared environment. Unset all currently known variables at the start of load_profile(). This is most apparent in several functions in `src/network` which do looping calls of profile_up or profile_down (which in turn call load_profile). The script `wpa_actiond/netcfg-wpa_actiond` is safe due to its use of subshells. Signed-off-by: Dan McGee <dan@archlinux.org> --- This sucks a bit, but is a big failing of netcfg I found when writing my next patch. It screams "there must be a better way", but at the moment I'm not sure what that may be. The biggest problem is there is no central collection of these variables which I had to scrape from the various setup scripts. Thoughts? -Dan src-wireless/netcfg-auto-wireless | 1 - src/network | 9 ++++++++- 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/src-wireless/netcfg-auto-wireless b/src-wireless/netcfg-auto-wireless index a3e3fb9..671d34e 100644 --- a/src-wireless/netcfg-auto-wireless +++ b/src-wireless/netcfg-auto-wireless @@ -37,7 +37,6 @@ wifi_auto() while read ap essid; do echo $AUTO_PROFILES | while read network; do ( - unset CONNECTION INTERFACE AP ESSID load_profile "$network" case "$CONNECTION" in wireless-old|wireless|wireless-dbus) diff --git a/src/network b/src/network index 87c0e77..316183e 100644 --- a/src/network +++ b/src/network @@ -8,6 +8,13 @@ # source profile, checking whether it exists and is usable load_profile() { + unset ADDR AP AUTH8021X CONNECTION DESCRIPTION + unset DHCP_OPTIONS DHCP_TIMEOUT DHCLIENT DNS DNS1 DNS2 DOMAIN + unset ESSID GATEWAY HIDDEN IFOPTS INTERFACE IP IPCFG + unset IWCONFIG + unset KEY NETMASK RFKILL RFKILL_NAME SCAN SEARCH TIMEOUT + unset VLAN_ID VLAN_PHYS_DEV + unset WPA_CONF WPA_COUNTRY WPA_DRIVER WPA_GROUP WPA_OPTS [[ -z "$1" ]] && return 1 if [[ ! -f "$PROFILE_DIR/$1" ]]; then report_err "Profile \"$1\" does not exist" @@ -24,7 +31,7 @@ load_profile() report_debug "Interface level configuration enabled: $IFACE_DIR/$INTERFACE" . "$IFACE_DIR/$INTERFACE" fi - . "$PROFILE_DIR/$1" # we want profile settings to override, so need to source profile again + . "$PROFILE_DIR/$1" if [[ ! -f "$CONN_DIR/$CONNECTION" ]]; then report_err "$CONNECTION is not a valid connection, check spelling or look at examples" return 1 -- 1.7.5.2
When using the net-auto-wireless profile, it can be very helpful to prefer certain connections over others. Signed-off-by: Dan McGee <dan@archlinux.org> --- This seemed like an obvious addition to me when I was trying to replace a box with a static wpa_supplicant.conf configuration and couldn't reproduce it faithfully. This also makes me wonder if the 'wpa-configsection' option is all too restrictive, or if we should always append a CONFIGSECTION variable if it is present in a profile. This would allow people to do the HIDDEN (existing) and PRIORITY option (introduced here) in a more ad-hoc fashion as well as allowing any other WPA options we don't currently support without having to special-case each one. -Dan docs/wireless | 4 +++- src/8021x | 4 ++++ src/network | 2 +- 3 files changed, 8 insertions(+), 2 deletions(-) diff --git a/docs/wireless b/docs/wireless index 2e466c7..bfe3c40 100644 --- a/docs/wireless +++ b/docs/wireless @@ -18,13 +18,15 @@ ESSID (this or AP is required) AP (this or ESSID is required) : AP (BSSID) of the network to connect to. HIDDEN (optional) -: Define this to connect to hidden ESSIDs. +: Assume the SSID of this network might not be broadcast and probe for it instead. Can be 'yes' or 'no', defaults to 'no'. ADHOC (optional) : Define this to use ad-hoc mode for wireless. TIMEOUT (optional) : Time to wait for association. Defaults to 15 seconds. SCAN (optional) : yes/no Scan for a wireless network rather than blindly attempting to connect. Hidden SSID networks do not appear in a scan. +PRIORITY (optional) +: Integer value to use as the wpa_supplicant priority value for this network. The default is '0'. IWCONFIG (optional, deprecated) : Run iwconfig with these options before attempting to configure the connection. diff --git a/src/8021x b/src/8021x index 267a358..73a4ceb 100644 --- a/src/8021x +++ b/src/8021x @@ -222,6 +222,10 @@ make_wpa_config() { if checkyesno ${HIDDEN:-no}; then echo "scan_ssid=1" fi + + if [ ${PRIORITY:-0} -gt 0]; then + echo "priority=$PRIORITY" + fi } # vim: ft=sh ts=4 et sw=4 tw=0: diff --git a/src/network b/src/network index 316183e..953e502 100644 --- a/src/network +++ b/src/network @@ -10,7 +10,7 @@ load_profile() { unset ADDR AP AUTH8021X CONNECTION DESCRIPTION unset DHCP_OPTIONS DHCP_TIMEOUT DHCLIENT DNS DNS1 DNS2 DOMAIN - unset ESSID GATEWAY HIDDEN IFOPTS INTERFACE IP IPCFG + unset ESSID GATEWAY HIDDEN IFOPTS INTERFACE IP IPCFG PRIORITY unset IWCONFIG unset KEY NETMASK RFKILL RFKILL_NAME SCAN SEARCH TIMEOUT unset VLAN_ID VLAN_PHYS_DEV -- 1.7.5.2
On Sun, Jun 19, 2011 at 10:03:38PM -0500, Dan McGee wrote:
When using the net-auto-wireless profile, it can be very helpful to prefer certain connections over others.
Signed-off-by: Dan McGee <dan@archlinux.org> ---
This seemed like an obvious addition to me when I was trying to replace a box with a static wpa_supplicant.conf configuration and couldn't reproduce it faithfully.
This also makes me wonder if the 'wpa-configsection' option is all too restrictive, or if we should always append a CONFIGSECTION variable if it is present in a profile. This would allow people to do the HIDDEN (existing) and PRIORITY option (introduced here) in a more ad-hoc fashion as well as allowing any other WPA options we don't currently support without having to special-case each one.
-Dan
docs/wireless | 4 +++- src/8021x | 4 ++++ src/network | 2 +- 3 files changed, 8 insertions(+), 2 deletions(-)
diff --git a/docs/wireless b/docs/wireless index 2e466c7..bfe3c40 100644 --- a/docs/wireless +++ b/docs/wireless @@ -18,13 +18,15 @@ ESSID (this or AP is required) AP (this or ESSID is required) : AP (BSSID) of the network to connect to. HIDDEN (optional) -: Define this to connect to hidden ESSIDs. +: Assume the SSID of this network might not be broadcast and probe for it instead. Can be 'yes' or 'no', defaults to 'no'. ADHOC (optional) : Define this to use ad-hoc mode for wireless. TIMEOUT (optional) : Time to wait for association. Defaults to 15 seconds. SCAN (optional) : yes/no Scan for a wireless network rather than blindly attempting to connect. Hidden SSID networks do not appear in a scan. +PRIORITY (optional) +: Integer value to use as the wpa_supplicant priority value for this network. The default is '0'. IWCONFIG (optional, deprecated) : Run iwconfig with these options before attempting to configure the connection.
diff --git a/src/8021x b/src/8021x index 267a358..73a4ceb 100644 --- a/src/8021x +++ b/src/8021x @@ -222,6 +222,10 @@ make_wpa_config() { if checkyesno ${HIDDEN:-no}; then echo "scan_ssid=1" fi + + if [ ${PRIORITY:-0} -gt 0]; then
If you use proper bash syntax here, you don't have to worry about the default assigment: if (( PRIORITY > 0 )); then
+ echo "priority=$PRIORITY" + fi }
# vim: ft=sh ts=4 et sw=4 tw=0: diff --git a/src/network b/src/network index 316183e..953e502 100644 --- a/src/network +++ b/src/network @@ -10,7 +10,7 @@ load_profile() { unset ADDR AP AUTH8021X CONNECTION DESCRIPTION unset DHCP_OPTIONS DHCP_TIMEOUT DHCLIENT DNS DNS1 DNS2 DOMAIN - unset ESSID GATEWAY HIDDEN IFOPTS INTERFACE IP IPCFG + unset ESSID GATEWAY HIDDEN IFOPTS INTERFACE IP IPCFG PRIORITY unset IWCONFIG unset KEY NETMASK RFKILL RFKILL_NAME SCAN SEARCH TIMEOUT unset VLAN_ID VLAN_PHYS_DEV -- 1.7.5.2
Am 20.06.2011 05:03, schrieb Dan McGee:
+PRIORITY (optional) +: Integer value to use as the wpa_supplicant priority value for this network. The default is '0'.
ACK. Keep in mind though that setting priority overrides wpa_supplicants internal preferences (WPA over open networks and so on).
When using the net-auto-wireless profile, it can be very helpful to prefer certain connections over others. Signed-off-by: Dan McGee <dan@archlinux.org> --- docs/wireless | 4 +++- src/8021x | 5 ++++- src/network | 2 +- 3 files changed, 8 insertions(+), 3 deletions(-) diff --git a/docs/wireless b/docs/wireless index 2e466c7..8bda63b 100644 --- a/docs/wireless +++ b/docs/wireless @@ -18,13 +18,15 @@ ESSID (this or AP is required) AP (this or ESSID is required) : AP (BSSID) of the network to connect to. HIDDEN (optional) -: Define this to connect to hidden ESSIDs. +: Assume the SSID of this network might not be broadcast and probe for it instead. Can be 'yes' or 'no', defaults to 'no'. ADHOC (optional) : Define this to use ad-hoc mode for wireless. TIMEOUT (optional) : Time to wait for association. Defaults to 15 seconds. SCAN (optional) : yes/no Scan for a wireless network rather than blindly attempting to connect. Hidden SSID networks do not appear in a scan. +PRIORITY (optional) +: Integer value to use as the wpa_supplicant priority value for this network. The default is '0'. This will override the default internal preferences of wpa_supplicant. IWCONFIG (optional, deprecated) : Run iwconfig with these options before attempting to configure the connection. diff --git a/src/8021x b/src/8021x index 267a358..a371ff8 100644 --- a/src/8021x +++ b/src/8021x @@ -222,7 +222,10 @@ make_wpa_config() { if checkyesno ${HIDDEN:-no}; then echo "scan_ssid=1" fi + + if (( $PRIORITY > 0 )); then + echo "priority=$PRIORITY" + fi } # vim: ft=sh ts=4 et sw=4 tw=0: - diff --git a/src/network b/src/network index 316183e..953e502 100644 --- a/src/network +++ b/src/network @@ -10,7 +10,7 @@ load_profile() { unset ADDR AP AUTH8021X CONNECTION DESCRIPTION unset DHCP_OPTIONS DHCP_TIMEOUT DHCLIENT DNS DNS1 DNS2 DOMAIN - unset ESSID GATEWAY HIDDEN IFOPTS INTERFACE IP IPCFG + unset ESSID GATEWAY HIDDEN IFOPTS INTERFACE IP IPCFG PRIORITY unset IWCONFIG unset KEY NETMASK RFKILL RFKILL_NAME SCAN SEARCH TIMEOUT unset VLAN_ID VLAN_PHYS_DEV -- 1.7.5.2
On Thu, Jun 23, 2011 at 11:37 PM, Dan McGee <dan@archlinux.org> wrote:
When using the net-auto-wireless profile, it can be very helpful to prefer certain connections over others.
Ping?
Signed-off-by: Dan McGee <dan@archlinux.org> --- docs/wireless | 4 +++- src/8021x | 5 ++++- src/network | 2 +- 3 files changed, 8 insertions(+), 3 deletions(-)
diff --git a/docs/wireless b/docs/wireless index 2e466c7..8bda63b 100644 --- a/docs/wireless +++ b/docs/wireless @@ -18,13 +18,15 @@ ESSID (this or AP is required) AP (this or ESSID is required) : AP (BSSID) of the network to connect to. HIDDEN (optional) -: Define this to connect to hidden ESSIDs. +: Assume the SSID of this network might not be broadcast and probe for it instead. Can be 'yes' or 'no', defaults to 'no'. ADHOC (optional) : Define this to use ad-hoc mode for wireless. TIMEOUT (optional) : Time to wait for association. Defaults to 15 seconds. SCAN (optional) : yes/no Scan for a wireless network rather than blindly attempting to connect. Hidden SSID networks do not appear in a scan. +PRIORITY (optional) +: Integer value to use as the wpa_supplicant priority value for this network. The default is '0'. This will override the default internal preferences of wpa_supplicant. IWCONFIG (optional, deprecated) : Run iwconfig with these options before attempting to configure the connection.
diff --git a/src/8021x b/src/8021x index 267a358..a371ff8 100644 --- a/src/8021x +++ b/src/8021x @@ -222,7 +222,10 @@ make_wpa_config() { if checkyesno ${HIDDEN:-no}; then echo "scan_ssid=1" fi + + if (( $PRIORITY > 0 )); then + echo "priority=$PRIORITY" + fi }
# vim: ft=sh ts=4 et sw=4 tw=0: - diff --git a/src/network b/src/network index 316183e..953e502 100644 --- a/src/network +++ b/src/network @@ -10,7 +10,7 @@ load_profile() { unset ADDR AP AUTH8021X CONNECTION DESCRIPTION unset DHCP_OPTIONS DHCP_TIMEOUT DHCLIENT DNS DNS1 DNS2 DOMAIN - unset ESSID GATEWAY HIDDEN IFOPTS INTERFACE IP IPCFG + unset ESSID GATEWAY HIDDEN IFOPTS INTERFACE IP IPCFG PRIORITY unset IWCONFIG unset KEY NETMASK RFKILL RFKILL_NAME SCAN SEARCH TIMEOUT unset VLAN_ID VLAN_PHYS_DEV -- 1.7.5.2
On 2011/6/20 Dan McGee <dan@archlinux.org> wrote:
This sucks a bit, but is a big failing of netcfg I found when writing my next patch. It screams "there must be a better way", but at the moment I'm not sure what that may be. The biggest problem is there is no central collection of these variables which I had to scrape from the various setup scripts. Thoughts?
I'd better say we should enforce the use of subshells whenever multiple profiles are expected to be loaded in a sequence. For example; by making load_profile a hard failure if $DESCRIPTION (or any other common variable) is already set. Rémy.
On 2011/6/20 Dan McGee <dan@archlinux.org> wrote:
This sucks a bit, but is a big failing of netcfg I found when writing my next patch. It screams "there must be a better way", but at the moment I'm not sure what that may be. The biggest problem is there is no central collection of these variables which I had to scrape from the various setup scripts. Thoughts?
I'd better say we should enforce the use of subshells whenever multiple profiles are expected to be loaded in a sequence. Of course now it appears all calls are in subshells; this was old work, I'm not sure if something changed in the last 4 months I've had
On Mon, Jun 20, 2011 at 1:06 AM, Rémy Oudompheng <remyoudompheng@gmail.com> wrote: this sitting around but I swear I had a reproducible test case at the time.
For example; by making load_profile a hard failure if $DESCRIPTION (or any other common variable) is already set. $CONNECTION is probably your best variable choice here.
-Dan
participants (4)
-
Dan McGee
-
Dave Reisner
-
Rémy Oudompheng
-
Thomas Bächler