From e342e013b22ea1fa348618d0cfbc4ba0bbb545c6 Mon Sep 17 00:00:00 2001 From: DmitriyEshenko Date: Thu, 23 Apr 2020 19:27:58 +0000 Subject: pppoe-server: T2373: Implement CLI commands for auth protocols --- data/templates/accel-ppp/pppoe.config.tmpl | 7 +++--- interface-definitions/service_pppoe-server.xml.in | 28 +++++++++++++++++++++++ src/conf_mode/service_pppoe-server.py | 16 ++++++++++++- 3 files changed, 46 insertions(+), 5 deletions(-) diff --git a/data/templates/accel-ppp/pppoe.config.tmpl b/data/templates/accel-ppp/pppoe.config.tmpl index b6a239fad..99b3923b2 100644 --- a/data/templates/accel-ppp/pppoe.config.tmpl +++ b/data/templates/accel-ppp/pppoe.config.tmpl @@ -12,10 +12,9 @@ ipv6pool ipv6_nd ipv6_dhcp {% endif %} -auth_pap -auth_chap_md5 -auth_mschap_v1 -auth_mschap_v2 +{% for proto in auth_proto: %} +{{proto}} +{% endfor%} shaper {% if snmp %} net-snmp diff --git a/interface-definitions/service_pppoe-server.xml.in b/interface-definitions/service_pppoe-server.xml.in index 6b09b3db4..c7ba2617a 100644 --- a/interface-definitions/service_pppoe-server.xml.in +++ b/interface-definitions/service_pppoe-server.xml.in @@ -137,6 +137,34 @@ + + + Authentication protocol + + pap + Allow PAP authentication [Password Authentication Protocol] + + + chap + Allow CHAP authentication [Challenge Handshake Authentication Protocol] + + + mschap + Allow MS-CHAP authentication [Microsoft Challenge Handshake Authentication Protocol, Version 1] + + + mschap-v2 + Allow MS-CHAPv2 authentication [Microsoft Challenge Handshake Authentication Protocol, Version 2] + + + (pap|chap|mschap|mschap-v2) + + + pap chap mschap mschap-v2 + + + + diff --git a/src/conf_mode/service_pppoe-server.py b/src/conf_mode/service_pppoe-server.py index 95cb066d8..64890c992 100755 --- a/src/conf_mode/service_pppoe-server.py +++ b/src/conf_mode/service_pppoe-server.py @@ -23,7 +23,7 @@ from sys import exit from vyos.config import Config from vyos.template import render -from vyos.util import call, get_half_cpus() +from vyos.util import call, get_half_cpus from vyos.validate import is_ipv4 from vyos import ConfigError @@ -32,6 +32,7 @@ pppoe_chap_secrets = r'/run/accel-pppd/pppoe.chap-secrets' default_config_data = { 'auth_mode': 'local', + 'auth_proto': ['auth_mschap_v2', 'auth_mschap_v1', 'auth_chap_md5', 'auth_pap'], 'chap_secrets_file': pppoe_chap_secrets, # used in Jinja2 template 'client_ip_pool': '', 'client_ip_subnets': [], @@ -216,6 +217,19 @@ def get_config(): pppoe['local_users'].append(user) conf.set_level(base_path) + + if conf.exists(['authentication', 'protocols']): + auth_mods = { + 'mschap-v2': 'auth_mschap_v2', + 'mschap': 'auth_mschap_v1', + 'chap': 'auth_chap_md5', + 'pap': 'auth_pap' + } + + pppoe['auth_proto'] = [] + for proto in conf.return_values(['authentication', 'protocols']): + pppoe['auth_proto'].append(auth_mods[proto]) + # # authentication mode radius servers and settings if conf.exists(['authentication', 'mode', 'radius']): -- cgit v1.2.3