This is merely a historical archive of years 2008-2021, before the migration to mailman3.
A maintained and still updated list archive can be found at https://lists.osmocom.org/hyperkitty/list/OpenBSC@lists.osmocom.org/.
Pau Espin Pedrol pespin at sysmocom.deHi Vadim, On 6/14/19 6:39 AM, Vadim Yanitskiy wrote: >> doc/manuals/vty/sgsn_vty_reference.xml >> Allow MS to attach via GERAN without authentication >> (default and only possible value for non-remote auth-policy) > > Actually, no. My motivation for introducing this VTY parameter > was exactly the ability to use remote auth-policy (i.e. OsmoHLR) > to check if a subscriber is known, but not to require > authentication, just like we can do in CS-domain. In other words, > 'authentication optional' should work with 'auth-policy remote'. > I think you are reading it wrong / too quickly, or perhaps it's me not expressing it correctly, but to me what you say and what I say there is the same. In there I'm saying auth-policy DIFFERENT THAN "remote" (non-remote) can only take the value "optional". Hence, I'm NOT stating that "remote" cannot take the value "optional". As a result, optional is a possible value for "remote". So the important thing here is: If you are using any auth-policy other than "remote", you MUST use this authentication value (even implicitly since anyway it doesn't make sense and doesn't really apply). If you are using remote, use whichever you want. >> src/gprs/sgsn_vty.c >> DEFUN(cfg_authentication, cfg_authentication_cmd, >> [...] >> Allow MS to attach via GERAN without authentication >> (default and only possible value for non-remote auth-policy) > > Same here. It *is* possible for 'auth-policy remote' too. Same string as above, not repeating. > >> src/gprs/gprs_sgsn.c >> struct sgsn_instance *sgsn_instance_alloc(void *talloc_ctx) >> [...] >> inst->cfg.auth_policy = SGSN_AUTH_POLICY_CLOSED; >> /* only applies if auth_policy is REMOTE */ >> inst->cfg.require_authentication = true; >> [...] > > Are you sure this wouldn't break non-remote auth-policy use cases? > > AFAIR, the GMM layer requests authentication regardless of the > 'auth-policy', so then in 'gprs/sgsn_auth.c' we conditionally > perform authentication or immediately return SGSN_AUTH_ACCEPTED. > Only places where "require_authentication" is checked are: src/gprs/sgsn_auth.c:115 src/gprs/sgsn_auth.c:177 And both are code paths only executed under condition that auth_policy is SGSN_AUTH_POLICY_REMOTE. Which means "require_authentication" is not checked/used at all for other auth_policy scenarios. So we are safe, the change is not affecting other auth_policy. So I think my patch is fine and actually simplifies older state. I'm happy to rework stuff it you can find any flaw I didn't see. Regards, Pau -- - Pau Espin Pedrol <pespin at sysmocom.de> http://www.sysmocom.de/ ======================================================================= * sysmocom - systems for mobile communications GmbH * Alt-Moabit 93 * 10559 Berlin, Germany * Sitz / Registered office: Berlin, HRB 134158 B * Geschaeftsfuehrer / Managing Director: Harald Welte