[arch-projects] [netctl][PATCH] Set-up authentication settings for mobile_ppp
Jouke Witteveen
j.witteveen at gmail.com
Sun Oct 27 10:19:51 EDT 2013
With commit 120d9, which will be included in the next version of
netctl, you can do these kind of things in a separate options file.
For instance, you write:
require-chap
refuse-pap
in /etc/ppp/my-extra-options, and add
OptionsFile=/etc/ppp/my-extra-options
to your profile.
Thanks for the suggestion,
- Jouke
On Sat, Sep 7, 2013 at 7:35 PM, Normal Ra <normalrawr at gmail.com> wrote:
> Unfortunately, my ISP only accepts PAP authentication and as a result of
> PPPD's
> natural behaviour, I am rendered unable to connect with my USB 3G modem onto
> the network.
>
> This patch is supposed to introduce a new configuration option for the
> 'mobile_ppp'
> connection type:
>
> Auth=
>
> It is an array of authentication methods, those prefaced with '!' will
> become 'refuse-opt',
> and otherwise will become 'require', in the resulting 'options' file.
>
> Something I've patched up that works, cheers!
> ---
> diff --git a/docs/examples/mobile_ppp b/docs/examples/mobile_ppp
> index f3b0b8a..02be7a4 100644
> --- a/docs/examples/mobile_ppp
> +++ b/docs/examples/mobile_ppp
> @@ -10,6 +10,9 @@ Connection=mobile_ppp
> # Use DNS provided by the peer (default: true)
> #UsePeerDNS=true
>
> +# Force authentication method
> +#Auth=('pap')
> +
> # The user and password are not always required
> #User='example at yourprovider.com'
> #Password='very secret'
> diff --git a/docs/netctl.profile.5.txt b/docs/netctl.profile.5.txt
> index b1ccde1..5b05ec7 100644
> --- a/docs/netctl.profile.5.txt
> +++ b/docs/netctl.profile.5.txt
> @@ -361,6 +361,12 @@ type:
> 'UsePeerDNS='::
> Use the DNS provided by the peer (defaults to `true')
>
> +'Auth='::
> + Define disallowed and allowed authentication methods.
> + Those prefaced with ! will be refused, and specified will be
> + required. E.g. `Auth=('!chap' 'eap')' will refuse CHAP, but require
> + EAP.
> +
> 'User=' and 'Password='::
> The username and password to connect with. These are unset by
> default, as they are often not required.
> diff --git a/src/lib/connections/mobile_ppp b/src/lib/connections/mobile_ppp
> index b966390..daac9e5 100644
> --- a/src/lib/connections/mobile_ppp
> +++ b/src/lib/connections/mobile_ppp
> @@ -13,6 +13,10 @@ quote_word() {
> mobile_ppp_up() {
> local cfg
> local chat
> + local auth_require=('chap' 'mppe' 'mppe-40' 'mppe-128' 'mschap' \
> + 'mschap-v2' 'eap' 'pap')
> + local auth_refuse=('chap' 'mschap' 'mschap-v2' 'eap' 'pap')
> +
>
> mkdir -p "$STATE_DIR/mobile_ppp.${Interface}.${Profile}/"
> chmod 700 "$STATE_DIR/mobile_ppp.${Interface}.${Profile}/"
> @@ -48,6 +52,21 @@ EOF
> echo "usepeerdns" >> "${cfg}"
> fi
>
> + # Generate authentication settings
> + for opt in ${Auth[@]}; do
> + for authmeth in ${auth_require[@]}; do
> + if [[ $opt = "$authmeth" ]]; then
> + echo "require-$authmeth" >> "${cfg}"
> + fi
> + done
> +
> + for authmeth in ${auth_refuse[@]}; do
> + if [[ $opt = "!$authmeth" ]]; then
> + echo "refuse-$authmeth" >> "${cfg}"
> + fi
> + done
> + done
> +
> # Writes username and password
> echo "noauth" >> "${cfg}"
> echo "hide-password" >> ${cfg}
> --
More information about the arch-projects
mailing list