Difuse/packages
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

modemmanager: allow specifying list of authentication protocols

Browse source 
ModemManager allows specifying which are the authentication protocols
to be used during the user/password context authentication with the
peer.

This protocol update allows users to provide a new 'allowedauth'
option in the interface configuration, which is then used in two
different places:
 * It is sent to ModemManager in the --simple-connect call so that
   modems with a network interface can perform the authentication
   using their own vendor-specific protocol.
 * If the connection is done using PPP, this list of protocols is used
   to configure the pppd call.

If the new 'allowedauth' option is not given, all auth protocols are
implicitly allowed.

Signed-off-by: Aleksander Morgado <aleksander@aleksander.es>
This commit is contained in:
Aleksander Morgado 2020-05-05 15:04:04 +02:00
parent ba2c714aa8
commit c5c5620f20
2 changed files with 42 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
net/modemmanager/Makefile
View file

@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk
PKG_NAME:=modemmanager PKG_NAME:=modemmanager
PKG_VERSION:=1.12.10 PKG_VERSION:=1.12.10
PKG_RELEASE:=1 PKG_RELEASE:=2
PKG_SOURCE:=ModemManager-$(PKG_VERSION).tar.xz PKG_SOURCE:=ModemManager-$(PKG_VERSION).tar.xz
PKG_SOURCE_URL:=https://www.freedesktop.org/software/ModemManager PKG_SOURCE_URL:=https://www.freedesktop.org/software/ModemManager

46
net/modemmanager/files/modemmanager.proto
View file

@ -116,6 +116,35 @@ modemmanager_connected_method_ppp_ipv4() {
local ttyname="$2" local ttyname="$2"
local username="$3" local username="$3"
local password="$4" local password="$4"
local allowedauth="$5"
# all auth types are allowed unless a user given list is given
local authopts
local pap=1
local chap=1
local mschap=1
local mschapv2=1
local eap=1
[ -n "$allowedauth" ] && {
pap=0 chap=0 mschap=0 mschapv2=0 eap=0
for auth in $allowedauth; do
case $auth in
"pap") pap=1 ;;
"chap") chap=1 ;;
"mschap") mschap=1 ;;
"mschapv2") mschapv2=1 ;;
"eap") eap=1 ;;
*) ;;
esac
done
}
[ $pap -eq 1 ] || append authopts "refuse-pap"
[ $chap -eq 1 ] || append authopts "refuse-chap"
[ $mschap -eq 1 ] || append authopts "refuse-mschap"
[ $mschapv2 -eq 1 ] || append authopts "refuse-mschap-v2"
[ $eap -eq 1 ] || append authopts "refuse-eap"
proto_run_command "${interface}" /usr/sbin/pppd \ proto_run_command "${interface}" /usr/sbin/pppd \
"${ttyname}" \ "${ttyname}" \
@ -126,6 +155,7 @@ modemmanager_connected_method_ppp_ipv4() {
nopcomp \ nopcomp \
novj \ novj \
noauth \ noauth \
$authopts \
${username:+ user $username} \ ${username:+ user $username} \
${password:+ password $password} \ ${password:+ password $password} \
lcp-echo-failure 5 \ lcp-echo-failure 5 \
@ -308,6 +338,7 @@ proto_modemmanager_init_config() {
no_device=1 no_device=1
proto_config_add_string device proto_config_add_string device
proto_config_add_string apn proto_config_add_string apn
proto_config_add_string 'allowedauth:list(string)'
proto_config_add_string username proto_config_add_string username
proto_config_add_string password proto_config_add_string password
proto_config_add_string pincode proto_config_add_string pincode
@ -320,14 +351,14 @@ proto_modemmanager_setup() {
local interface="$1" local interface="$1"
local modempath modemstatus bearercount bearerpath connectargs bearerstatus beareriface local modempath modemstatus bearercount bearerpath connectargs bearerstatus beareriface
local bearermethod_ipv4 bearermethod_ipv6 local bearermethod_ipv4 bearermethod_ipv6 auth cliauth
local operatorname operatorid registration accesstech signalquality local operatorname operatorid registration accesstech signalquality
local device apn username password pincode iptype metric local device apn allowedauth username password pincode iptype metric
local address prefix gateway mtu dns1 dns2 local address prefix gateway mtu dns1 dns2
json_get_vars device apn username password pincode iptype metric json_get_vars device apn allowedauth username password pincode iptype metric
# validate sysfs path given in config # validate sysfs path given in config
[ -n "${device}" ] || { [ -n "${device}" ] || {
@ -356,9 +387,14 @@ proto_modemmanager_setup() {
# always cleanup before attempting a new connection, just in case # always cleanup before attempting a new connection, just in case
modemmanager_cleanup_connection "${modemstatus}" modemmanager_cleanup_connection "${modemstatus}"
# if allowedauth list given, build option string
for auth in $allowedauth; do
cliauth="${cliauth}${cliauth:+|}$auth"
done
# setup connect args; APN mandatory (even if it may be empty) # setup connect args; APN mandatory (even if it may be empty)
echo "starting connection with apn '${apn}'..." echo "starting connection with apn '${apn}'..."
connectargs="apn=${apn}${iptype:+,ip-type=${iptype}}${username:+,user=${username}}${password:+,password=${password}}${pincode:+,pin=${pincode}}" connectargs="apn=${apn}${iptype:+,ip-type=${iptype}}${cliauth:+,allowed-auth=${cliauth}}${username:+,user=${username}}${password:+,password=${password}}${pincode:+,pin=${pincode}}"
mmcli --modem="${device}" --timeout 120 --simple-connect="${connectargs}" || { mmcli --modem="${device}" --timeout 120 --simple-connect="${connectargs}" || {
proto_notify_error "${interface}" CONNECT_FAILED proto_notify_error "${interface}" CONNECT_FAILED
proto_block_restart "${interface}" proto_block_restart "${interface}"
@ -412,7 +448,7 @@ proto_modemmanager_setup() {
modemmanager_connected_method_static_ipv4 "${interface}" "${beareriface}" "${address}" "${prefix}" "${gateway}" "${mtu}" "${dns1}" "${dns2}" "${metric}" modemmanager_connected_method_static_ipv4 "${interface}" "${beareriface}" "${address}" "${prefix}" "${gateway}" "${mtu}" "${dns1}" "${dns2}" "${metric}"
;; ;;
"ppp") "ppp")
modemmanager_connected_method_ppp_ipv4 "${interface}" "${beareriface}" "${username}" "${password}" modemmanager_connected_method_ppp_ipv4 "${interface}" "${beareriface}" "${username}" "${password}" "${allowedauth}"
;; ;;
*) *)
proto_notify_error "${interface}" UNKNOWN_METHOD proto_notify_error "${interface}" UNKNOWN_METHOD