New subject: [arch-projects] [netctl][PATCH] Set-up authentication settings for mobile_ppp

7 Sep 2013

Unfortunately, my ISP only accepts PAP authentication and as a result of
PPPD's
natural behaviour, I am rendered unable to connect with my USB 3G modem onto
the network.

This patch is supposed to introduce a new configuration option for the
'mobile_ppp'
connection type:

Auth=

It is an array of authentication methods, those prefaced with '!' will
become 'refuse-opt',
and otherwise will become 'require', in the resulting 'options' file.

Something I've patched up that works, cheers!
---

diff --git a/docs/examples/mobile_ppp b/docs/examples/mobile_ppp
index f3b0b8a..02be7a4 100644
--- a/docs/examples/mobile_ppp
+++ b/docs/examples/mobile_ppp
@@ -10,6 +10,9 @@ Connection=mobile_ppp
 # Use DNS provided by the peer (default: true)
 #UsePeerDNS=true

+# Force authentication method
+#Auth=('pap')
+
 # The user and password are not always required
 #User='example@yourprovider.com'
 #Password='very secret'
diff --git a/docs/netctl.profile.5.txt b/docs/netctl.profile.5.txt
index b1ccde1..5b05ec7 100644
--- a/docs/netctl.profile.5.txt
+++ b/docs/netctl.profile.5.txt
@@ -361,6 +361,12 @@ type:
 'UsePeerDNS='::
     Use the DNS provided by the peer (defaults to `true')

+'Auth='::
+    Define disallowed and allowed authentication methods.
+    Those prefaced with ! will be refused, and specified will be
+    required. E.g. `Auth=('!chap' 'eap')' will refuse CHAP, but require
+    EAP.
+
 'User=' and 'Password='::
     The username and password to connect with. These are unset by
     default, as they are often not required.
diff --git a/src/lib/connections/mobile_ppp b/src/lib/connections/mobile_ppp
index b966390..daac9e5 100644
--- a/src/lib/connections/mobile_ppp
+++ b/src/lib/connections/mobile_ppp
@@ -13,6 +13,10 @@ quote_word() {
 mobile_ppp_up() {
     local cfg
     local chat
+    local auth_require=('chap' 'mppe' 'mppe-40' 'mppe-128' 'mschap' \
+                        'mschap-v2' 'eap' 'pap')
+    local auth_refuse=('chap' 'mschap' 'mschap-v2' 'eap' 'pap')
+

     mkdir -p "$STATE_DIR/mobile_ppp.${Interface}.${Profile}/"
     chmod 700 "$STATE_DIR/mobile_ppp.${Interface}.${Profile}/"
@@ -48,6 +52,21 @@ EOF
         echo "usepeerdns" >> "${cfg}"
     fi

+    # Generate authentication settings
+    for opt in ${Auth[@]}; do
+        for authmeth in ${auth_require[@]}; do
+            if [[ $opt = "$authmeth" ]]; then
+                echo "require-$authmeth" >> "${cfg}"
+            fi
+        done
+
+        for authmeth in ${auth_refuse[@]}; do
+            if [[ $opt = "!$authmeth" ]]; then
+                echo "refuse-$authmeth" >> "${cfg}"
+            fi
+        done
+    done
+
     # Writes username and password
     echo "noauth" >> "${cfg}"
     echo "hide-password" >> ${cfg}
--

    

[arch-projects] [netctl][PATCH] Set-up authentication settings for mobile_ppp

Normal Ra

Jouke Witteveen

Normal Ra

tags

participants (2)