Cool things to do with Network Manager

Here are two nifty little things that I’ve got Network Manager to do for me, by means of dispatcher scripts.

ok wait, what are dispatcher scripts? Dispatcher scripts are shell scripts that Network Manager executes whenever a connection comes up or goes down.

They live in /etc/NetworkManager/dispatcher.d (on openSUSE), and get called in alphabetical order with the name of the interface as first, and the “action” as second parameter.

So for example a script would get called as “/etc/NetworkManager/dispatcher.d/zz-amihome.sh eth0 pre-up” before eth0 would come up.

The first one detects (by checking if there’s a 192.168.238.1 pingable, and has the right mac address) if my laptop is in my home network, and then enables or disables several things.

The script is called zz-amihome.sh and looks like this:

#!/bin/bash
 
IF=$1
STATUS=$2
sleep 5

# Do not do anything for interfaces other than ethenet or wifi
[ "${IF}" != "eth0" -a "${IF}" != "wlan0" ] && exit 0

arping -I ${IF} -c 5 -q 192.168.238.1
test -n "$(ip neigh show 192.168.238.1 | grep 28:92:4a:34:53:0f.REACHABLE)" 
IAMHOME=$?

case "$STATUS" in
        up)
        logger -s "NM Script up triggered with $1 and $2";
 	if [ ${IAMHOME} -ne 0 ]; then 
 		logger -s "turning off NIS and autofs";
 		yast2 nis disable
 		systemctl restart autofs
 		logger -s "turning on 2FA";
 		ln -sf /etc/pam.d/common-auth.pam_google_authenticator.on /etc/pam.d/common-auth.pam_google_authenticator 
 		nmcli con up eregion.home.vpn
# 		systemctl restart display-manager
	else
                logger -s "turning on NIS and autofs";
		yast2 nis enable server=192.168.238.1 domain=eregion.home automounter=yes broadcast=no
                logger -s "turning off 2FA";
                ln -sf /etc/pam.d/common-auth.pam_google_authenticator.off /etc/pam.d/common-auth.pam_google_authenticator
                timedatectl set-timezone Europe/Berlin
#               systemctl restart display-manager
	fi
        ;;
        down)
	        logger -s "NM Script down triggered with $1 and $2"
        ;;
        pre-up)
	        logger -s "NM Script pre-up triggered with $1 and $2"
        ;;
        post-down)
        	logger -s "NM Script post-down triggered with $1 and $2"
		logger -s "turning off NIS";
		systemctl stop ypbind;
	 	systemctl restart autofs;
	 	logger -s "turning on 2FA";
	 	ln -sf /etc/pam.d/common-auth.pam_google_authenticator.on /etc/pam.d/common-auth.pam_google_authenticator 
        ;;
        *)
        ;;
esac

#
# reload chrony
#
chronyc offline; sleep 2; chronyc online

The second one is here:

#------------------------------ 
# By Mathias Homann, based on a script by Fahad Alduraibi
#------------------------------

export LC_ALL=C

# The parameters that get passed to the script are:
# $1 = The interface name ( eth0, wlan0 ...etc)
# $2 = Interface status ( "up" or "down" )

# Check if wireless status is up
# I have two wifi cards in my laptop, named "wlan0 and wlan1"
# so I use regular expression "wlan[01]" to match both of them.
if [[ "$1" =~ wlan0 && $2 == "up" ]]; then

       # Get the network name from "iwconfig" or (can also locate the network based on IP or MAC address if needed)
       ESSID=$(/usr/sbin/iwconfig $1 | grep ESSID | cut -d'"' -f2)

       # Record the date and time for debugging purposes only
       logger -p info "[`date`] ESSID=($ESSID)"

       [ -x /etc/wifiaccess.d/${ESSID}.py ] && {
               python /etc/wifiaccess.d/${ESSID}.py
       }
fi

#if [[ "$1" =~ wlan[01] && $2 == "down" ]]; then
##If you want to do somehting when the network is down
#fi

exit 0

What this does is, it gets the ESSID of the wifi network we’re on, and if there is a python script with a matching name in /etc/wifiaccess.d/ it runs it… and that python script then does an automated login to the captive portal of that wifi (originally from here: https://fadvisor.net/blog/autologin-to-open-wifi/). The python scripts use the mechanize module, and depends a LOT on how the captive portal works – but once you figure it out it is quite reliable.

 

 

Leave a Reply

Your email address will not be published.

%d bloggers like this: