I've got a need to detect when authentication fails, the patch I'll attach in a second adds this functionality to the current pppd (2.4.4). It can probably do with some more work, so any feedback welcome. For one, I'd like to see the username we tried to authenticate as being passed through to the script somehow (I can take a guess by doing awk '$2 == ${IFACE} { print $1 }' but that _may_ just be inaccurate. Reproducible: Always Steps to Reproduce:
Created attachment 120582 [details, diff] ppp-2.4.4-auth_fail.patch Also available from http://www.kroon.co.za/patches.php
(In reply to comment #0) > For one, I'd like to see the username we tried to authenticate as being passed > through to the script somehow (I can take a guess by doing awk '$2 == ${IFACE} > { print $1 }' but that _may_ just be inaccurate. Isn't $PEERNAME environment variable what you are looking for?
Ah, I see... You wanna see it in auth-fail. In this case you should tinker auth_peer_fail(), using auth_peer_success() as model. Don't forget to document changes in man page.
Environment + parameters as follows (and the script that generated it): xacatecas ~ # cat /tmp/auth-fail param 1: ppp1 param 2: param 3: root param 4: exteth param 5: 0 PPPD_PID=23210 PPPLOGNAME=root IFNAME=ppp1 PWD=/ LINKNAME=ppp1 SHLVL=1 DEVICE=exteth ORIG_UID=0 _=/usr/bin/env xacatecas ~ # cat /etc/ppp/auth-fail #! /bin/bash ( i=0; for p in "${@}"; do echo "param $((++i)): $p" done env ) > /tmp/$(basename $0) xacatecas ~ # So no, the username that I passed to the peer isn't anywhere in there. The linkname however is the first parameter, and no, that doesn't help me that much. Basically I do something like this: username_ppp0=("$(/usr/bin/awk '$2 == "ppp0" { print $1; exit }' < /etc/ppp/chap-secrets)") in /etc/conf.d/net ... some other external control procedures then updates /etc/ppp/chap-secrets as needed. Now, at some point the username I'm trying to connect with may be removed from the chap-secrets file. So doing the awk thing may not be the best of ideas. I actually had this same problem with ip-up and there I've just decided to go with the awk solution since it's the first one in the list (and as such would have been the one I used to auth and as such would not be removed, new accounts always gets added onto the end of the list), but I would prefer to "know for sure" :). The changes done so far is documented in the manpage (part of the attached patch). I reckon exporting LOCALNAME as an environment variable to all scripts would imho be a good change. Would anybody else back that?
Created attachment 120663 [details, diff] ppp-2.4.4-LOCALNAME.patch Ok, exports LOCALNAME to scripts.
auth-fail.patch has been included into patches used by net-dialup/ppp-2.4.4-r6.
There are some English grammar mistakes in the patches: s/is execute /is executed /g s/accounts is available/accounts are available/ As I'm not a native speaker either, someone should check them for more.
I take it I should file a seperate bug for the LOCALNAME patch? I've just asked a friend to take a look at them, he's english is much better than my own. Will post updated patches this evening.
Created attachment 121807 [details, diff] ppp-2.4.4-auth_fail.patch Improved the grammar used in the man page.
Created attachment 121809 [details, diff] ppp-2.4.4-LOCALNAME.patch Improved grammar in man-page part of the patch.
I unified those patches (see r6). Please do the same.
Created attachment 121887 [details, diff] ppp-2.4.4-LOCALNAME-auth_fail.patch Unified LOCALNAME and auth_fail patch.
Fixed in -r7
There's still (at least) one to correct, which I also mentioned before: s/accounts is available/accounts are available/
Fixed in -r8.
