[MERGED] openbsc[master]: SGSN: prevent starting with inconsistent config

This is merely a historical archive of years 2008-2021, before the migration to mailman3.

A maintained and still updated list archive can be found at https://lists.osmocom.org/hyperkitty/list/gerrit-log@lists.osmocom.org/.

Harald Welte gerrit-no-reply at lists.osmocom.org
Mon Jul 11 19:18:17 UTC 2016 

Harald Welte has submitted this change and it was merged.

Change subject: SGSN: prevent starting with inconsistent config
......................................................................


SGSN: prevent starting with inconsistent config

Previously it was possible to start osmo-sgsn with "auth-policy remote"
but without "gsup remote-*" which resulted in broken setup: no MS could
perform GPRS ATTACH. Add consistency check to vty code to fix this.

Related: OS#1582
Change-Id: Ie4296e7d99d7833f7d828b0196435ea81097cf6e
---
M debian/changelog
M openbsc/src/gprs/sgsn_vty.c
M openbsc/tests/vty_test_runner.py
3 files changed, 18 insertions(+), 3 deletions(-)

Approvals:
  Harald Welte: Looks good to me, approved
  Jenkins Builder: Verified



diff --git a/debian/changelog b/debian/changelog
index 6a0362a..e9a4212 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,6 +1,8 @@
 openbsc (0.15.1) UNRELEASED; urgency=medium
 
   * Move forward toward a new release.
+  * Prevent SGSN starting with 'auth-policy remote' when no 'gsup remote-*' are configured.
+    Note: such configs are broken without extra workarounds anyway.
 
  -- Holger Hans Peter Freyther <holger at moiji-mobile.com>  Tue, 24 May 2016 23:14:31 +0200
 
diff --git a/openbsc/src/gprs/sgsn_vty.c b/openbsc/src/gprs/sgsn_vty.c
index ac08bed..e6dc68d 100644
--- a/openbsc/src/gprs/sgsn_vty.c
+++ b/openbsc/src/gprs/sgsn_vty.c
@@ -210,9 +210,6 @@
 	for (server = sgsn->ares_servers; server; server = server->next)
 		vty_out(vty, " grx-dns-add %s%s", inet_ntoa(server->addr.addr4), VTY_NEWLINE);
 
-	vty_out(vty, " auth-policy %s%s",
-		get_value_string(sgsn_auth_pol_strs, g_cfg->auth_policy),
-		VTY_NEWLINE);
 	if (g_cfg->cipher != GPRS_ALGO_GEA0)
 		vty_out(vty, " encryption %s%s",
 			get_value_string(gprs_cipher_names, g_cfg->cipher),
@@ -223,6 +220,9 @@
 	if (g_cfg->gsup_server_port)
 		vty_out(vty, " gsup remote-port %d%s",
 			g_cfg->gsup_server_port, VTY_NEWLINE);
+	vty_out(vty, " auth-policy %s%s",
+		get_value_string(sgsn_auth_pol_strs, g_cfg->auth_policy),
+		VTY_NEWLINE);
 
 	vty_out(vty, " gsup oap-id %d%s",
 		(int)g_cfg->oap.client_id, VTY_NEWLINE);
@@ -591,6 +591,17 @@
 {
 	int val = get_string_value(sgsn_auth_pol_strs, argv[0]);
 	OSMO_ASSERT(val >= SGSN_AUTH_POLICY_OPEN && val <= SGSN_AUTH_POLICY_REMOTE);
+	if (val == SGSN_AUTH_POLICY_REMOTE) {
+		const char *err = "%% auth-policy remote requires";
+		if (!g_cfg->gsup_server_addr.sin_addr.s_addr) {
+			vty_out(vty, "%s 'gsup remote-ip'%s", err, VTY_NEWLINE);
+			return CMD_WARNING;
+		}
+		if (!g_cfg->gsup_server_port) {
+			vty_out(vty, "%s 'gsup remote-port'%s", err, VTY_NEWLINE);
+			return CMD_WARNING;
+		}
+	}
 	g_cfg->auth_policy = val;
 	g_cfg->require_authentication = (val == SGSN_AUTH_POLICY_REMOTE);
 	g_cfg->require_update_location = (val == SGSN_AUTH_POLICY_REMOTE);
diff --git a/openbsc/tests/vty_test_runner.py b/openbsc/tests/vty_test_runner.py
index 23939e8..00eae70 100644
--- a/openbsc/tests/vty_test_runner.py
+++ b/openbsc/tests/vty_test_runner.py
@@ -1086,6 +1086,8 @@
         self.assertTrue(self.vty.verify('auth-policy closed', ['']))
         res = self.vty.command("show running-config")
         self.assert_(res.find('auth-policy closed') > 0)
+        self.assertTrue(self.vty.verify('gsup remote-ip 127.0.0.4', ['']))
+        self.assertTrue(self.vty.verify('gsup remote-port 2222', ['']))
         self.assertTrue(self.vty.verify('auth-policy remote', ['']))
         res = self.vty.command("show running-config")
         self.assert_(res.find('auth-policy remote') > 0)

-- 
To view, visit https://gerrit.osmocom.org/437
To unsubscribe, visit https://gerrit.osmocom.org/settings

Gerrit-MessageType: merged
Gerrit-Change-Id: Ie4296e7d99d7833f7d828b0196435ea81097cf6e
Gerrit-PatchSet: 5
Gerrit-Project: openbsc
Gerrit-Branch: master
Gerrit-Owner: Max <msuraev at sysmocom.de>
Gerrit-Reviewer: Harald Welte <laforge at gnumonks.org>
Gerrit-Reviewer: Holger Freyther <holger at freyther.de>
Gerrit-Reviewer: Jenkins Builder

More information about the gerrit-log mailing list