summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorChristian Poessinger <christian@poessinger.com>2020-04-23 21:56:19 +0200
committerGitHub <noreply@github.com>2020-04-23 21:56:19 +0200
commit4ff1bc23d40c53fc27e0b1f4c33cda0c18783d12 (patch)
treed765789f75b74b190067fc65666cab24f58b1f1e
parentbbac02cf9a93dc33c5a4d5ae6db57319780d5579 (diff)
parente342e013b22ea1fa348618d0cfbc4ba0bbb545c6 (diff)
downloadvyos-1x-4ff1bc23d40c53fc27e0b1f4c33cda0c18783d12.tar.gz
vyos-1x-4ff1bc23d40c53fc27e0b1f4c33cda0c18783d12.zip
Merge pull request #374 from DmitriyEshenko/pppoe-impl-auth-proto
pppoe-server: T2373: Implement CLI commands for auth protocols
-rw-r--r--data/templates/accel-ppp/pppoe.config.tmpl7
-rw-r--r--interface-definitions/service_pppoe-server.xml.in28
-rwxr-xr-xsrc/conf_mode/service_pppoe-server.py16
3 files changed, 46 insertions, 5 deletions
diff --git a/data/templates/accel-ppp/pppoe.config.tmpl b/data/templates/accel-ppp/pppoe.config.tmpl
index b6a239fad..99b3923b2 100644
--- a/data/templates/accel-ppp/pppoe.config.tmpl
+++ b/data/templates/accel-ppp/pppoe.config.tmpl
@@ -12,10 +12,9 @@ ipv6pool
ipv6_nd
ipv6_dhcp
{% endif %}
-auth_pap
-auth_chap_md5
-auth_mschap_v1
-auth_mschap_v2
+{% for proto in auth_proto: %}
+{{proto}}
+{% endfor%}
shaper
{% if snmp %}
net-snmp
diff --git a/interface-definitions/service_pppoe-server.xml.in b/interface-definitions/service_pppoe-server.xml.in
index 6b09b3db4..c7ba2617a 100644
--- a/interface-definitions/service_pppoe-server.xml.in
+++ b/interface-definitions/service_pppoe-server.xml.in
@@ -137,6 +137,34 @@
</node>
</children>
</node>
+ <leafNode name="protocols">
+ <properties>
+ <help>Authentication protocol</help>
+ <valueHelp>
+ <format>pap</format>
+ <description>Allow PAP authentication [Password Authentication Protocol]</description>
+ </valueHelp>
+ <valueHelp>
+ <format>chap</format>
+ <description>Allow CHAP authentication [Challenge Handshake Authentication Protocol]</description>
+ </valueHelp>
+ <valueHelp>
+ <format>mschap</format>
+ <description>Allow MS-CHAP authentication [Microsoft Challenge Handshake Authentication Protocol, Version 1]</description>
+ </valueHelp>
+ <valueHelp>
+ <format>mschap-v2</format>
+ <description>Allow MS-CHAPv2 authentication [Microsoft Challenge Handshake Authentication Protocol, Version 2]</description>
+ </valueHelp>
+ <constraint>
+ <regex>(pap|chap|mschap|mschap-v2)</regex>
+ </constraint>
+ <completionHelp>
+ <list>pap chap mschap mschap-v2</list>
+ </completionHelp>
+ <multi />
+ </properties>
+ </leafNode>
</children>
</node>
<node name="client-ip-pool">
diff --git a/src/conf_mode/service_pppoe-server.py b/src/conf_mode/service_pppoe-server.py
index 95cb066d8..64890c992 100755
--- a/src/conf_mode/service_pppoe-server.py
+++ b/src/conf_mode/service_pppoe-server.py
@@ -23,7 +23,7 @@ from sys import exit
from vyos.config import Config
from vyos.template import render
-from vyos.util import call, get_half_cpus()
+from vyos.util import call, get_half_cpus
from vyos.validate import is_ipv4
from vyos import ConfigError
@@ -32,6 +32,7 @@ pppoe_chap_secrets = r'/run/accel-pppd/pppoe.chap-secrets'
default_config_data = {
'auth_mode': 'local',
+ 'auth_proto': ['auth_mschap_v2', 'auth_mschap_v1', 'auth_chap_md5', 'auth_pap'],
'chap_secrets_file': pppoe_chap_secrets, # used in Jinja2 template
'client_ip_pool': '',
'client_ip_subnets': [],
@@ -216,6 +217,19 @@ def get_config():
pppoe['local_users'].append(user)
conf.set_level(base_path)
+
+ if conf.exists(['authentication', 'protocols']):
+ auth_mods = {
+ 'mschap-v2': 'auth_mschap_v2',
+ 'mschap': 'auth_mschap_v1',
+ 'chap': 'auth_chap_md5',
+ 'pap': 'auth_pap'
+ }
+
+ pppoe['auth_proto'] = []
+ for proto in conf.return_values(['authentication', 'protocols']):
+ pppoe['auth_proto'].append(auth_mods[proto])
+
#
# authentication mode radius servers and settings
if conf.exists(['authentication', 'mode', 'radius']):