[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Hiding all copies of your PPP password (cont'd)



Following Shachar Tal's suggestion, I wrote a wrapper script.
It is attached to this E-mail message.

Before using it, you have to edit the script in the following:
1. Your username
2. Your ISP phone number
3. The details of your ISP's expected prompts.

If I receive suggestions and prompt information for other ISPs, I'm
willing to make the script more general-purpose.
I also realize that the script is not 100% bullet-proof.  If there'll be
demand for this, I'll invest in making it more rugged.
                                                     --- Omer
WARNING:  if you send me unsolicited
commercial/religious/political/MailPush E-mail messages, this means that 
you irrevocably agreed to pay me US$500.- (plus any legal fees incurred by
my trying to collect this money) per unsolicited
commercial/religious/political/MailPush E-mail message which you send to
me - for the service of my receiving it.
#!/usr/bin/perl
#
# Perl script to start a PPP session, without having
# to rely upon any files which contain a permanent password.
#
# Copyright (C) 1998 by Omer Zak
# Licensed for general use under the GPL (version 2 or later).
#
#
######### Parameters ################################################
$secrets = "/tmp/alternate-pap-secrets";
$chatscript = "/tmp/startppp-chat-script";
$username = "yourusername";       # !!! Change it
$phone = "yourISPphone";          # !!! Change it

$chattemplate =
  "ABORT   \"NO CARRIER\"\n"
. "ABORT   BUSY\n"
. "ABORT   \"NO DIALTONE\"\n"
. "ABORT   VOICE\n"
. "\"\"      ATZ\n"
. "TIMEOUT 5         OK      ATDT%s\n"            # 1st parameter = phone
. "TIMEOUT 40        CONNECT \"\"\n"
. "TIMEOUT 40        ctcom.co.il> login\n"
. "TIMEOUT 40        Username:  %s\n"             # 2nd parameter = username
. "TIMEOUT 5         word:   \q%s\n"              # 3rd parameter = password
. "TIMEOUT 15        ctcom.co.il> ppp\n";

######### Validate ##################################################
$who = `whoami`;
die "Only the superuser is permitted to run this script!\n" unless ($who eq "root\n");

######### Obtain user's password ####################################
system 'stty', '-echo';
print "Password: ";
chop($password = <STDIN>);
print "\n";
system 'stty', 'echo';

# NOTE:  !!! The above is not protected against signals.
#        !!! Aborting the script file at this point will
#        !!! cause the terminal to enter Helen Keller mode.

######### Write secrets file ########################################
$old_umask = umask(0177);

die "Failed to open the alternate PAP secrets file!\n" unless open(SECRETS,">$secrets");
print SECRETS "$username * $password\n";
die "Failed to close the alternate PAP secrets file!\n" unless close(SECRETS);

######### Write chat script file ####################################
die "Failed to open the alternate chat script file!\n" unless open(CHATSCR,">$chatscript");
printf CHATSCR $chattemplate,$phone,$username,$password;
die "Failed to close the chat script file!\n" unless close(CHATSCR);

######### Now can start the PPP connection ##########################
`/usr/sbin/pppd /dev/ttyS3 38400 modem crtscts name $username connect '/usr/sbin/chat -vf $chatscript' lock defaultroute netmask 255.255.255.0 lcp-echo-interval 15 lcp-echo-failure 30`;

# NOTE:  !!! We made no attempt to validate that /etc/ppp/pap-secrets is
#        !!! indeed a soft link to $secrets.

######### Get rid of the password-containing files ##################
print "Sleeping for 100 seconds before erasing the secret files.\n";

sleep(100);
die "Failed to erase the alternate PAP secrets file!\n" unless unlink($secrets);
die "Failed to erase the alternate chat script file!\n" unless unlink($chatscript);

umask($old_umask);

print "Attempt to start PPP connection was made, secret files were removed.\n";
exit(0);

# End of startppp.pl script file.