[MERGED] osmo-msc[master]: vty: make auth tuple reuse configurable

This is merely a historical archive of years 2008-2021, before the migration to mailman3.

A maintained and still updated list archive can be found at https://lists.osmocom.org/hyperkitty/list/gerrit-log@lists.osmocom.org/.

Neels Hofmeyr gerrit-no-reply at lists.osmocom.org
Tue Oct 31 01:03:46 UTC 2017


Neels Hofmeyr has submitted this change and it was merged.

Change subject: vty: make auth tuple reuse configurable
......................................................................


vty: make auth tuple reuse configurable

Change-Id: Iba6253d9bf8d4a9d9f6f26ba045e6c7f0dc7f8f2
---
M doc/examples/osmo-msc/osmo-msc.cfg
M src/libmsc/msc_vty.c
2 files changed, 33 insertions(+), 0 deletions(-)

Approvals:
  Harald Welte: Looks good to me, approved



diff --git a/doc/examples/osmo-msc/osmo-msc.cfg b/doc/examples/osmo-msc/osmo-msc.cfg
index 1b1d192..fff964b 100644
--- a/doc/examples/osmo-msc/osmo-msc.cfg
+++ b/doc/examples/osmo-msc/osmo-msc.cfg
@@ -17,3 +17,5 @@
 msc
  mgcpgw remote-ip 10.23.24.1
  assign-tmsi
+ auth-tuple-max-reuse-count 3
+ auth-tuple-reuse-on-error 1
diff --git a/src/libmsc/msc_vty.c b/src/libmsc/msc_vty.c
index 5c9539d..c19666f 100644
--- a/src/libmsc/msc_vty.c
+++ b/src/libmsc/msc_vty.c
@@ -88,6 +88,27 @@
 	return CMD_SUCCESS;
 }
 
+DEFUN(cfg_msc_auth_tuple_max_reuse_count, cfg_msc_auth_tuple_max_reuse_count_cmd,
+      "auth-tuple-max-reuse-count <-1-2147483647>",
+      "Configure authentication tuple re-use\n"
+      "0 to use each auth tuple at most once (default), >0 to limit re-use, -1 to re-use infinitely (vulnerable!).\n")
+{
+	struct gsm_network *gsmnet = gsmnet_from_vty(vty);
+	gsmnet->vlr->cfg.auth_tuple_max_reuse_count = atoi(argv[0]);
+	return CMD_SUCCESS;
+}
+
+DEFUN(cfg_msc_auth_tuple_reuse_on_error, cfg_msc_auth_tuple_reuse_on_error_cmd,
+      "auth-tuple-reuse-on-error (0|1)",
+      "Configure authentication tuple re-use when HLR is not responsive\n"
+      "0 = never re-use auth tuples beyond auth-tuple-max-reuse-count (default)\n"
+      "1 = if the HLR does not deliver new tuples, do re-use already available old ones.\n")
+{
+	struct gsm_network *gsmnet = gsmnet_from_vty(vty);
+	gsmnet->vlr->cfg.auth_reuse_old_sets_on_error = atoi(argv[0]) ? true : false;
+	return CMD_SUCCESS;
+}
+
 static int config_write_msc(struct vty *vty)
 {
 	struct gsm_network *gsmnet = gsmnet_from_vty(vty);
@@ -100,6 +121,14 @@
 		VTY_NEWLINE);
 	vty_out(vty, " cs7-instance-iu %u%s", gsmnet->iu.cs7_instance,
 		VTY_NEWLINE);
+
+	if (gsmnet->vlr->cfg.auth_tuple_max_reuse_count)
+		vty_out(vty, " auth-tuple-max-reuse-count %d%s",
+			OSMO_MAX(-1, gsmnet->vlr->cfg.auth_tuple_max_reuse_count),
+			VTY_NEWLINE);
+	if (gsmnet->vlr->cfg.auth_reuse_old_sets_on_error)
+		vty_out(vty, " auth-tuple-reuse-on-error 1%s",
+			VTY_NEWLINE);
 
 	mgcp_client_config_write(vty, " ");
 #ifdef BUILD_IU
@@ -152,6 +181,8 @@
 	vty_install_default(MSC_NODE);
 	install_element(MSC_NODE, &cfg_msc_assign_tmsi_cmd);
 	install_element(MSC_NODE, &cfg_msc_no_assign_tmsi_cmd);
+	install_element(MSC_NODE, &cfg_msc_auth_tuple_max_reuse_count_cmd);
+	install_element(MSC_NODE, &cfg_msc_auth_tuple_reuse_on_error_cmd);
 	install_element(MSC_NODE, &cfg_msc_cs7_instance_a_cmd);
 	install_element(MSC_NODE, &cfg_msc_cs7_instance_iu_cmd);
 

-- 
To view, visit https://gerrit.osmocom.org/4554
To unsubscribe, visit https://gerrit.osmocom.org/settings

Gerrit-MessageType: merged
Gerrit-Change-Id: Iba6253d9bf8d4a9d9f6f26ba045e6c7f0dc7f8f2
Gerrit-PatchSet: 2
Gerrit-Project: osmo-msc
Gerrit-Branch: master
Gerrit-Owner: Neels Hofmeyr <nhofmeyr at sysmocom.de>
Gerrit-Reviewer: Harald Welte <laforge at gnumonks.org>
Gerrit-Reviewer: Jenkins Builder



More information about the gerrit-log mailing list