SGSN: prevent starting with inconsistent config
Previously it was possible to start osmo-sgsn with "auth-policy remote" but without "gsup remote-*" which resulted in broken setup: no MS could perform GPRS ATTACH. Add consistency check to vty code to fix this. Related: OS#1582 Change-Id: Ie4296e7d99d7833f7d828b0196435ea81097cf6e
This commit is contained in:
parent
e6052c4cc7
commit
176b62a80c
|
@ -1,6 +1,8 @@
|
||||||
openbsc (0.15.1) UNRELEASED; urgency=medium
|
openbsc (0.15.1) UNRELEASED; urgency=medium
|
||||||
|
|
||||||
* Move forward toward a new release.
|
* Move forward toward a new release.
|
||||||
|
* Prevent SGSN starting with 'auth-policy remote' when no 'gsup remote-*' are configured.
|
||||||
|
Note: such configs are broken without extra workarounds anyway.
|
||||||
|
|
||||||
-- Holger Hans Peter Freyther <holger@moiji-mobile.com> Tue, 24 May 2016 23:14:31 +0200
|
-- Holger Hans Peter Freyther <holger@moiji-mobile.com> Tue, 24 May 2016 23:14:31 +0200
|
||||||
|
|
||||||
|
|
|
@ -210,9 +210,6 @@ static int config_write_sgsn(struct vty *vty)
|
||||||
for (server = sgsn->ares_servers; server; server = server->next)
|
for (server = sgsn->ares_servers; server; server = server->next)
|
||||||
vty_out(vty, " grx-dns-add %s%s", inet_ntoa(server->addr.addr4), VTY_NEWLINE);
|
vty_out(vty, " grx-dns-add %s%s", inet_ntoa(server->addr.addr4), VTY_NEWLINE);
|
||||||
|
|
||||||
vty_out(vty, " auth-policy %s%s",
|
|
||||||
get_value_string(sgsn_auth_pol_strs, g_cfg->auth_policy),
|
|
||||||
VTY_NEWLINE);
|
|
||||||
if (g_cfg->cipher != GPRS_ALGO_GEA0)
|
if (g_cfg->cipher != GPRS_ALGO_GEA0)
|
||||||
vty_out(vty, " encryption %s%s",
|
vty_out(vty, " encryption %s%s",
|
||||||
get_value_string(gprs_cipher_names, g_cfg->cipher),
|
get_value_string(gprs_cipher_names, g_cfg->cipher),
|
||||||
|
@ -223,6 +220,9 @@ static int config_write_sgsn(struct vty *vty)
|
||||||
if (g_cfg->gsup_server_port)
|
if (g_cfg->gsup_server_port)
|
||||||
vty_out(vty, " gsup remote-port %d%s",
|
vty_out(vty, " gsup remote-port %d%s",
|
||||||
g_cfg->gsup_server_port, VTY_NEWLINE);
|
g_cfg->gsup_server_port, VTY_NEWLINE);
|
||||||
|
vty_out(vty, " auth-policy %s%s",
|
||||||
|
get_value_string(sgsn_auth_pol_strs, g_cfg->auth_policy),
|
||||||
|
VTY_NEWLINE);
|
||||||
|
|
||||||
vty_out(vty, " gsup oap-id %d%s",
|
vty_out(vty, " gsup oap-id %d%s",
|
||||||
(int)g_cfg->oap.client_id, VTY_NEWLINE);
|
(int)g_cfg->oap.client_id, VTY_NEWLINE);
|
||||||
|
@ -591,6 +591,17 @@ DEFUN(cfg_auth_policy, cfg_auth_policy_cmd,
|
||||||
{
|
{
|
||||||
int val = get_string_value(sgsn_auth_pol_strs, argv[0]);
|
int val = get_string_value(sgsn_auth_pol_strs, argv[0]);
|
||||||
OSMO_ASSERT(val >= SGSN_AUTH_POLICY_OPEN && val <= SGSN_AUTH_POLICY_REMOTE);
|
OSMO_ASSERT(val >= SGSN_AUTH_POLICY_OPEN && val <= SGSN_AUTH_POLICY_REMOTE);
|
||||||
|
if (val == SGSN_AUTH_POLICY_REMOTE) {
|
||||||
|
const char *err = "%% auth-policy remote requires";
|
||||||
|
if (!g_cfg->gsup_server_addr.sin_addr.s_addr) {
|
||||||
|
vty_out(vty, "%s 'gsup remote-ip'%s", err, VTY_NEWLINE);
|
||||||
|
return CMD_WARNING;
|
||||||
|
}
|
||||||
|
if (!g_cfg->gsup_server_port) {
|
||||||
|
vty_out(vty, "%s 'gsup remote-port'%s", err, VTY_NEWLINE);
|
||||||
|
return CMD_WARNING;
|
||||||
|
}
|
||||||
|
}
|
||||||
g_cfg->auth_policy = val;
|
g_cfg->auth_policy = val;
|
||||||
g_cfg->require_authentication = (val == SGSN_AUTH_POLICY_REMOTE);
|
g_cfg->require_authentication = (val == SGSN_AUTH_POLICY_REMOTE);
|
||||||
g_cfg->require_update_location = (val == SGSN_AUTH_POLICY_REMOTE);
|
g_cfg->require_update_location = (val == SGSN_AUTH_POLICY_REMOTE);
|
||||||
|
|
|
@ -1086,6 +1086,8 @@ class TestVTYSGSN(TestVTYGenericBSC):
|
||||||
self.assertTrue(self.vty.verify('auth-policy closed', ['']))
|
self.assertTrue(self.vty.verify('auth-policy closed', ['']))
|
||||||
res = self.vty.command("show running-config")
|
res = self.vty.command("show running-config")
|
||||||
self.assert_(res.find('auth-policy closed') > 0)
|
self.assert_(res.find('auth-policy closed') > 0)
|
||||||
|
self.assertTrue(self.vty.verify('gsup remote-ip 127.0.0.4', ['']))
|
||||||
|
self.assertTrue(self.vty.verify('gsup remote-port 2222', ['']))
|
||||||
self.assertTrue(self.vty.verify('auth-policy remote', ['']))
|
self.assertTrue(self.vty.verify('auth-policy remote', ['']))
|
||||||
res = self.vty.command("show running-config")
|
res = self.vty.command("show running-config")
|
||||||
self.assert_(res.find('auth-policy remote') > 0)
|
self.assert_(res.find('auth-policy remote') > 0)
|
||||||
|
|
Loading…
Reference in New Issue