diff options
author | DmitriyEshenko <dmitriy.eshenko@vyos.io> | 2020-04-23 19:27:58 +0000 |
---|---|---|
committer | DmitriyEshenko <dmitriy.eshenko@vyos.io> | 2020-04-23 19:27:58 +0000 |
commit | e342e013b22ea1fa348618d0cfbc4ba0bbb545c6 (patch) | |
tree | 684e69feacfa2264b4f53d20c7ed88cf549e7807 | |
parent | 1ca8fc0b3f75d63f0751305d8d2d6e6a5f72c5e3 (diff) | |
download | vyos-1x-e342e013b22ea1fa348618d0cfbc4ba0bbb545c6.tar.gz vyos-1x-e342e013b22ea1fa348618d0cfbc4ba0bbb545c6.zip |
pppoe-server: T2373: Implement CLI commands for auth protocols
-rw-r--r-- | data/templates/accel-ppp/pppoe.config.tmpl | 7 | ||||
-rw-r--r-- | interface-definitions/service_pppoe-server.xml.in | 28 | ||||
-rwxr-xr-x | src/conf_mode/service_pppoe-server.py | 16 |
3 files changed, 46 insertions, 5 deletions
diff --git a/data/templates/accel-ppp/pppoe.config.tmpl b/data/templates/accel-ppp/pppoe.config.tmpl index b6a239fad..99b3923b2 100644 --- a/data/templates/accel-ppp/pppoe.config.tmpl +++ b/data/templates/accel-ppp/pppoe.config.tmpl @@ -12,10 +12,9 @@ ipv6pool ipv6_nd ipv6_dhcp {% endif %} -auth_pap -auth_chap_md5 -auth_mschap_v1 -auth_mschap_v2 +{% for proto in auth_proto: %} +{{proto}} +{% endfor%} shaper {% if snmp %} net-snmp diff --git a/interface-definitions/service_pppoe-server.xml.in b/interface-definitions/service_pppoe-server.xml.in index 6b09b3db4..c7ba2617a 100644 --- a/interface-definitions/service_pppoe-server.xml.in +++ b/interface-definitions/service_pppoe-server.xml.in @@ -137,6 +137,34 @@ </node> </children> </node> + <leafNode name="protocols"> + <properties> + <help>Authentication protocol</help> + <valueHelp> + <format>pap</format> + <description>Allow PAP authentication [Password Authentication Protocol]</description> + </valueHelp> + <valueHelp> + <format>chap</format> + <description>Allow CHAP authentication [Challenge Handshake Authentication Protocol]</description> + </valueHelp> + <valueHelp> + <format>mschap</format> + <description>Allow MS-CHAP authentication [Microsoft Challenge Handshake Authentication Protocol, Version 1]</description> + </valueHelp> + <valueHelp> + <format>mschap-v2</format> + <description>Allow MS-CHAPv2 authentication [Microsoft Challenge Handshake Authentication Protocol, Version 2]</description> + </valueHelp> + <constraint> + <regex>(pap|chap|mschap|mschap-v2)</regex> + </constraint> + <completionHelp> + <list>pap chap mschap mschap-v2</list> + </completionHelp> + <multi /> + </properties> + </leafNode> </children> </node> <node name="client-ip-pool"> diff --git a/src/conf_mode/service_pppoe-server.py b/src/conf_mode/service_pppoe-server.py index 95cb066d8..64890c992 100755 --- a/src/conf_mode/service_pppoe-server.py +++ b/src/conf_mode/service_pppoe-server.py @@ -23,7 +23,7 @@ from sys import exit from vyos.config import Config from vyos.template import render -from vyos.util import call, get_half_cpus() +from vyos.util import call, get_half_cpus from vyos.validate import is_ipv4 from vyos import ConfigError @@ -32,6 +32,7 @@ pppoe_chap_secrets = r'/run/accel-pppd/pppoe.chap-secrets' default_config_data = { 'auth_mode': 'local', + 'auth_proto': ['auth_mschap_v2', 'auth_mschap_v1', 'auth_chap_md5', 'auth_pap'], 'chap_secrets_file': pppoe_chap_secrets, # used in Jinja2 template 'client_ip_pool': '', 'client_ip_subnets': [], @@ -216,6 +217,19 @@ def get_config(): pppoe['local_users'].append(user) conf.set_level(base_path) + + if conf.exists(['authentication', 'protocols']): + auth_mods = { + 'mschap-v2': 'auth_mschap_v2', + 'mschap': 'auth_mschap_v1', + 'chap': 'auth_chap_md5', + 'pap': 'auth_pap' + } + + pppoe['auth_proto'] = [] + for proto in conf.return_values(['authentication', 'protocols']): + pppoe['auth_proto'].append(auth_mods[proto]) + # # authentication mode radius servers and settings if conf.exists(['authentication', 'mode', 'radius']): |