[arch-projects] [netctl][PATCH] Set-up authentication settings for mobile_ppp
Normal Ra
normalrawr at gmail.com
Sat Sep 7 13:35:42 EDT 2013
Unfortunately, my ISP only accepts PAP authentication and as a result of
PPPD's
natural behaviour, I am rendered unable to connect with my USB 3G modem onto
the network.
This patch is supposed to introduce a new configuration option for the
'mobile_ppp'
connection type:
Auth=
It is an array of authentication methods, those prefaced with '!' will
become 'refuse-opt',
and otherwise will become 'require', in the resulting 'options' file.
Something I've patched up that works, cheers!
---
diff --git a/docs/examples/mobile_ppp b/docs/examples/mobile_ppp
index f3b0b8a..02be7a4 100644
--- a/docs/examples/mobile_ppp
+++ b/docs/examples/mobile_ppp
@@ -10,6 +10,9 @@ Connection=mobile_ppp
# Use DNS provided by the peer (default: true)
#UsePeerDNS=true
+# Force authentication method
+#Auth=('pap')
+
# The user and password are not always required
#User='example at yourprovider.com'
#Password='very secret'
diff --git a/docs/netctl.profile.5.txt b/docs/netctl.profile.5.txt
index b1ccde1..5b05ec7 100644
--- a/docs/netctl.profile.5.txt
+++ b/docs/netctl.profile.5.txt
@@ -361,6 +361,12 @@ type:
'UsePeerDNS='::
Use the DNS provided by the peer (defaults to `true')
+'Auth='::
+ Define disallowed and allowed authentication methods.
+ Those prefaced with ! will be refused, and specified will be
+ required. E.g. `Auth=('!chap' 'eap')' will refuse CHAP, but require
+ EAP.
+
'User=' and 'Password='::
The username and password to connect with. These are unset by
default, as they are often not required.
diff --git a/src/lib/connections/mobile_ppp b/src/lib/connections/mobile_ppp
index b966390..daac9e5 100644
--- a/src/lib/connections/mobile_ppp
+++ b/src/lib/connections/mobile_ppp
@@ -13,6 +13,10 @@ quote_word() {
mobile_ppp_up() {
local cfg
local chat
+ local auth_require=('chap' 'mppe' 'mppe-40' 'mppe-128' 'mschap' \
+ 'mschap-v2' 'eap' 'pap')
+ local auth_refuse=('chap' 'mschap' 'mschap-v2' 'eap' 'pap')
+
mkdir -p "$STATE_DIR/mobile_ppp.${Interface}.${Profile}/"
chmod 700 "$STATE_DIR/mobile_ppp.${Interface}.${Profile}/"
@@ -48,6 +52,21 @@ EOF
echo "usepeerdns" >> "${cfg}"
fi
+ # Generate authentication settings
+ for opt in ${Auth[@]}; do
+ for authmeth in ${auth_require[@]}; do
+ if [[ $opt = "$authmeth" ]]; then
+ echo "require-$authmeth" >> "${cfg}"
+ fi
+ done
+
+ for authmeth in ${auth_refuse[@]}; do
+ if [[ $opt = "!$authmeth" ]]; then
+ echo "refuse-$authmeth" >> "${cfg}"
+ fi
+ done
+ done
+
# Writes username and password
echo "noauth" >> "${cfg}"
echo "hide-password" >> ${cfg}
--
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.archlinux.org/pipermail/arch-projects/attachments/20130907/0c298bb7/attachment-0001.html>
More information about the arch-projects
mailing list