diff options
| author | Aleksander Morgado <aleksander@aleksander.es> | 2020-05-05 15:04:04 +0200 |
|---|---|---|
| committer | Aleksander Morgado <aleksander@aleksander.es> | 2020-05-14 09:19:54 +0200 |
| commit | c5c5620f20b59a79425f3878785831c01a005dda (patch) | |
| tree | e54ce33f6a434ec511c7987d862f2173d3b07b58 /net/modemmanager | |
| parent | ba2c714aa8cd1fc7bd9166d0d383cb271ee46062 (diff) | |
modemmanager: allow specifying list of authentication protocols
ModemManager allows specifying which are the authentication protocols
to be used during the user/password context authentication with the
peer.
This protocol update allows users to provide a new 'allowedauth'
option in the interface configuration, which is then used in two
different places:
* It is sent to ModemManager in the --simple-connect call so that
modems with a network interface can perform the authentication
using their own vendor-specific protocol.
* If the connection is done using PPP, this list of protocols is used
to configure the pppd call.
If the new 'allowedauth' option is not given, all auth protocols are
implicitly allowed.
Signed-off-by: Aleksander Morgado <aleksander@aleksander.es>
Diffstat (limited to 'net/modemmanager')
| -rw-r--r-- | net/modemmanager/Makefile | 2 | ||||
| -rwxr-xr-x | net/modemmanager/files/modemmanager.proto | 46 |
2 files changed, 42 insertions, 6 deletions
diff --git a/net/modemmanager/Makefile b/net/modemmanager/Makefile index f38e3abf8..5092ccd5c 100644 --- a/net/modemmanager/Makefile +++ b/net/modemmanager/Makefile @@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=modemmanager PKG_VERSION:=1.12.10 -PKG_RELEASE:=1 +PKG_RELEASE:=2 PKG_SOURCE:=ModemManager-$(PKG_VERSION).tar.xz PKG_SOURCE_URL:=https://www.freedesktop.org/software/ModemManager diff --git a/net/modemmanager/files/modemmanager.proto b/net/modemmanager/files/modemmanager.proto index 536073dce..870542417 100755 --- a/net/modemmanager/files/modemmanager.proto +++ b/net/modemmanager/files/modemmanager.proto @@ -116,6 +116,35 @@ modemmanager_connected_method_ppp_ipv4() { local ttyname="$2" local username="$3" local password="$4" + local allowedauth="$5" + + # all auth types are allowed unless a user given list is given + local authopts + local pap=1 + local chap=1 + local mschap=1 + local mschapv2=1 + local eap=1 + + [ -n "$allowedauth" ] && { + pap=0 chap=0 mschap=0 mschapv2=0 eap=0 + for auth in $allowedauth; do + case $auth in + "pap") pap=1 ;; + "chap") chap=1 ;; + "mschap") mschap=1 ;; + "mschapv2") mschapv2=1 ;; + "eap") eap=1 ;; + *) ;; + esac + done + } + + [ $pap -eq 1 ] || append authopts "refuse-pap" + [ $chap -eq 1 ] || append authopts "refuse-chap" + [ $mschap -eq 1 ] || append authopts "refuse-mschap" + [ $mschapv2 -eq 1 ] || append authopts "refuse-mschap-v2" + [ $eap -eq 1 ] || append authopts "refuse-eap" proto_run_command "${interface}" /usr/sbin/pppd \ "${ttyname}" \ @@ -126,6 +155,7 @@ modemmanager_connected_method_ppp_ipv4() { nopcomp \ novj \ noauth \ + $authopts \ ${username:+ user $username} \ ${password:+ password $password} \ lcp-echo-failure 5 \ @@ -308,6 +338,7 @@ proto_modemmanager_init_config() { no_device=1 proto_config_add_string device proto_config_add_string apn + proto_config_add_string 'allowedauth:list(string)' proto_config_add_string username proto_config_add_string password proto_config_add_string pincode @@ -320,14 +351,14 @@ proto_modemmanager_setup() { local interface="$1" local modempath modemstatus bearercount bearerpath connectargs bearerstatus beareriface - local bearermethod_ipv4 bearermethod_ipv6 + local bearermethod_ipv4 bearermethod_ipv6 auth cliauth local operatorname operatorid registration accesstech signalquality - local device apn username password pincode iptype metric + local device apn allowedauth username password pincode iptype metric local address prefix gateway mtu dns1 dns2 - json_get_vars device apn username password pincode iptype metric + json_get_vars device apn allowedauth username password pincode iptype metric # validate sysfs path given in config [ -n "${device}" ] || { @@ -356,9 +387,14 @@ proto_modemmanager_setup() { # always cleanup before attempting a new connection, just in case modemmanager_cleanup_connection "${modemstatus}" + # if allowedauth list given, build option string + for auth in $allowedauth; do + cliauth="${cliauth}${cliauth:+|}$auth" + done + # setup connect args; APN mandatory (even if it may be empty) echo "starting connection with apn '${apn}'..." - connectargs="apn=${apn}${iptype:+,ip-type=${iptype}}${username:+,user=${username}}${password:+,password=${password}}${pincode:+,pin=${pincode}}" + connectargs="apn=${apn}${iptype:+,ip-type=${iptype}}${cliauth:+,allowed-auth=${cliauth}}${username:+,user=${username}}${password:+,password=${password}}${pincode:+,pin=${pincode}}" mmcli --modem="${device}" --timeout 120 --simple-connect="${connectargs}" || { proto_notify_error "${interface}" CONNECT_FAILED proto_block_restart "${interface}" @@ -412,7 +448,7 @@ proto_modemmanager_setup() { modemmanager_connected_method_static_ipv4 "${interface}" "${beareriface}" "${address}" "${prefix}" "${gateway}" "${mtu}" "${dns1}" "${dns2}" "${metric}" ;; "ppp") - modemmanager_connected_method_ppp_ipv4 "${interface}" "${beareriface}" "${username}" "${password}" + modemmanager_connected_method_ppp_ipv4 "${interface}" "${beareriface}" "${username}" "${password}" "${allowedauth}" ;; *) proto_notify_error "${interface}" UNKNOWN_METHOD |