Browse Source

Merge pull request #12086 from aleksander0m/aleksander/mm-auth

Authentication protocol setup in ModemManager
lilik-openwrt-22.03
Rosen Penev 4 years ago
committed by GitHub
parent
commit
8a965ca029
No known key found for this signature in database GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 66 additions and 16 deletions
  1. +25
    -11
      net/modemmanager/README.md
  2. +41
    -5
      net/modemmanager/files/modemmanager.proto

+ 25
- 11
net/modemmanager/README.md View File

@ -4,19 +4,33 @@
Cellular modem control and connectivity
Optional libraries libmbim and libqmi are available. Optional mbim-utils and qmi-utils are available.
Your modem may require additional kernel modules.
Optional libraries libmbim and libqmi are available.
Your modem may require additional kernel modules and/or the usb-modeswitch
package.
## Usage
# Once installed, you can configure the 2G/3G/4G modem connections directly in
/etc/config/network as in the following example:
Once installed, you can configure the 2G/3G/4G modem connections directly in
/etc/config/network as in the following example:
config interface 'broadband'
option device '/sys/devices/platform/soc/20980000.usb/usb1/1-1/1-1.2/1-1.2.1'
option proto 'modemmanager'
option apn 'ac.vodafone.es'
option username 'vodafone'
option password 'vodafone'
option pincode '7423'
option lowpower '1'
option device '/sys/devices/platform/soc/20980000.usb/usb1/1-1/1-1.2/1-1.2.1'
option proto 'modemmanager'
option apn 'ac.vodafone.es'
option allowedauth 'pap chap'
option username 'vodafone'
option password 'vodafone'
option pincode '7423'
option iptype 'ipv4'
option lowpower '1'
Only 'device' and 'proto' are mandatory options, the remaining ones are all
optional.
The 'allowedauth' option allows limiting the list of authentication protocols.
It is given as a space-separated list of values, including any of the
following: 'pap', 'chap', 'mschap', 'mschapv2' or 'eap'. It will default to
allowing all protocols.
The 'iptype' option supports any of these values: 'ipv4', 'ipv6' or 'ipv4v6'.
It will default to 'ipv4' if not given.

+ 41
- 5
net/modemmanager/files/modemmanager.proto View File

@ -116,6 +116,35 @@ modemmanager_connected_method_ppp_ipv4() {
local ttyname="$2"
local username="$3"
local password="$4"
local allowedauth="$5"
# all auth types are allowed unless a user given list is given
local authopts
local pap=1
local chap=1
local mschap=1
local mschapv2=1
local eap=1
[ -n "$allowedauth" ] && {
pap=0 chap=0 mschap=0 mschapv2=0 eap=0
for auth in $allowedauth; do
case $auth in
"pap") pap=1 ;;
"chap") chap=1 ;;
"mschap") mschap=1 ;;
"mschapv2") mschapv2=1 ;;
"eap") eap=1 ;;
*) ;;
esac
done
}
[ $pap -eq 1 ] || append authopts "refuse-pap"
[ $chap -eq 1 ] || append authopts "refuse-chap"
[ $mschap -eq 1 ] || append authopts "refuse-mschap"
[ $mschapv2 -eq 1 ] || append authopts "refuse-mschap-v2"
[ $eap -eq 1 ] || append authopts "refuse-eap"
proto_run_command "${interface}" /usr/sbin/pppd \
"${ttyname}" \
@ -126,6 +155,7 @@ modemmanager_connected_method_ppp_ipv4() {
nopcomp \
novj \
noauth \
$authopts \
${username:+ user $username} \
${password:+ password $password} \
lcp-echo-failure 5 \
@ -307,6 +337,7 @@ proto_modemmanager_init_config() {
no_device=1
proto_config_add_string device
proto_config_add_string apn
proto_config_add_string 'allowedauth:list(string)'
proto_config_add_string username
proto_config_add_string password
proto_config_add_string pincode
@ -319,14 +350,14 @@ proto_modemmanager_setup() {
local interface="$1"
local modempath modemstatus bearercount bearerpath connectargs bearerstatus beareriface
local bearermethod_ipv4 bearermethod_ipv6
local bearermethod_ipv4 bearermethod_ipv6 auth cliauth
local operatorname operatorid registration accesstech signalquality
local device apn username password pincode iptype metric
local device apn allowedauth username password pincode iptype metric
local address prefix gateway mtu dns1 dns2
json_get_vars device apn username password pincode iptype metric
json_get_vars device apn allowedauth username password pincode iptype metric
# validate sysfs path given in config
[ -n "${device}" ] || {
@ -355,9 +386,14 @@ proto_modemmanager_setup() {
# always cleanup before attempting a new connection, just in case
modemmanager_cleanup_connection "${modemstatus}"
# if allowedauth list given, build option string
for auth in $allowedauth; do
cliauth="${cliauth}${cliauth:+|}$auth"
done
# setup connect args; APN mandatory (even if it may be empty)
echo "starting connection with apn '${apn}'..."
connectargs="apn=${apn}${iptype:+,ip-type=${iptype}}${username:+,user=${username}}${password:+,password=${password}}${pincode:+,pin=${pincode}}"
connectargs="apn=${apn}${iptype:+,ip-type=${iptype}}${cliauth:+,allowed-auth=${cliauth}}${username:+,user=${username}}${password:+,password=${password}}${pincode:+,pin=${pincode}}"
mmcli --modem="${device}" --timeout 120 --simple-connect="${connectargs}" || {
proto_notify_error "${interface}" CONNECT_FAILED
proto_block_restart "${interface}"
@ -411,7 +447,7 @@ proto_modemmanager_setup() {
modemmanager_connected_method_static_ipv4 "${interface}" "${beareriface}" "${address}" "${prefix}" "${gateway}" "${mtu}" "${dns1}" "${dns2}" "${metric}"
;;
"ppp")
modemmanager_connected_method_ppp_ipv4 "${interface}" "${beareriface}" "${username}" "${password}"
modemmanager_connected_method_ppp_ipv4 "${interface}" "${beareriface}" "${username}" "${password}" "${allowedauth}"
;;
*)
proto_notify_error "${interface}" UNKNOWN_METHOD


Loading…
Cancel
Save