[arch-projects] [netctl][PATCH] Set-up authentication settings for mobile_ppp
Normal Ra
normalrawr at gmail.com
Mon Oct 28 15:45:23 EDT 2013
Excellent, thank you!
On 27/10/2013, Jouke Witteveen <j.witteveen at gmail.com> wrote:
> With commit 120d9, which will be included in the next version of
> netctl, you can do these kind of things in a separate options file.
> For instance, you write:
>
> require-chap
> refuse-pap
>
> in /etc/ppp/my-extra-options, and add
>
> OptionsFile=/etc/ppp/my-extra-options
>
> to your profile.
>
> Thanks for the suggestion,
> - Jouke
>
>
> On Sat, Sep 7, 2013 at 7:35 PM, Normal Ra <normalrawr at gmail.com> wrote:
>> Unfortunately, my ISP only accepts PAP authentication and as a result of
>> PPPD's
>> natural behaviour, I am rendered unable to connect with my USB 3G modem
>> onto
>> the network.
>>
>> This patch is supposed to introduce a new configuration option for the
>> 'mobile_ppp'
>> connection type:
>>
>> Auth=
>>
>> It is an array of authentication methods, those prefaced with '!' will
>> become 'refuse-opt',
>> and otherwise will become 'require', in the resulting 'options' file.
>>
>> Something I've patched up that works, cheers!
>> ---
>> diff --git a/docs/examples/mobile_ppp b/docs/examples/mobile_ppp
>> index f3b0b8a..02be7a4 100644
>> --- a/docs/examples/mobile_ppp
>> +++ b/docs/examples/mobile_ppp
>> @@ -10,6 +10,9 @@ Connection=mobile_ppp
>> # Use DNS provided by the peer (default: true)
>> #UsePeerDNS=true
>>
>> +# Force authentication method
>> +#Auth=('pap')
>> +
>> # The user and password are not always required
>> #User='example at yourprovider.com'
>> #Password='very secret'
>> diff --git a/docs/netctl.profile.5.txt b/docs/netctl.profile.5.txt
>> index b1ccde1..5b05ec7 100644
>> --- a/docs/netctl.profile.5.txt
>> +++ b/docs/netctl.profile.5.txt
>> @@ -361,6 +361,12 @@ type:
>> 'UsePeerDNS='::
>> Use the DNS provided by the peer (defaults to `true')
>>
>> +'Auth='::
>> + Define disallowed and allowed authentication methods.
>> + Those prefaced with ! will be refused, and specified will be
>> + required. E.g. `Auth=('!chap' 'eap')' will refuse CHAP, but require
>> + EAP.
>> +
>> 'User=' and 'Password='::
>> The username and password to connect with. These are unset by
>> default, as they are often not required.
>> diff --git a/src/lib/connections/mobile_ppp
>> b/src/lib/connections/mobile_ppp
>> index b966390..daac9e5 100644
>> --- a/src/lib/connections/mobile_ppp
>> +++ b/src/lib/connections/mobile_ppp
>> @@ -13,6 +13,10 @@ quote_word() {
>> mobile_ppp_up() {
>> local cfg
>> local chat
>> + local auth_require=('chap' 'mppe' 'mppe-40' 'mppe-128' 'mschap' \
>> + 'mschap-v2' 'eap' 'pap')
>> + local auth_refuse=('chap' 'mschap' 'mschap-v2' 'eap' 'pap')
>> +
>>
>> mkdir -p "$STATE_DIR/mobile_ppp.${Interface}.${Profile}/"
>> chmod 700 "$STATE_DIR/mobile_ppp.${Interface}.${Profile}/"
>> @@ -48,6 +52,21 @@ EOF
>> echo "usepeerdns" >> "${cfg}"
>> fi
>>
>> + # Generate authentication settings
>> + for opt in ${Auth[@]}; do
>> + for authmeth in ${auth_require[@]}; do
>> + if [[ $opt = "$authmeth" ]]; then
>> + echo "require-$authmeth" >> "${cfg}"
>> + fi
>> + done
>> +
>> + for authmeth in ${auth_refuse[@]}; do
>> + if [[ $opt = "!$authmeth" ]]; then
>> + echo "refuse-$authmeth" >> "${cfg}"
>> + fi
>> + done
>> + done
>> +
>> # Writes username and password
>> echo "noauth" >> "${cfg}"
>> echo "hide-password" >> ${cfg}
>> --
>
More information about the arch-projects
mailing list