vty: Introduce encryption cipher-plugin-path command

The load of plugins will eventually be moved to libosmo-gprs implementation, and path will be passed as a parameter. Once it's moved inside libosmo-gprs, it will be more strict on load failures, which can cause internally if the path doesn't exist (unless NULL is passed). Hence, add a VTY config to allow configuring the right path, and have it disabled by default. Change-Id: I4f965c7afafa193f4d7486750dd3e43cca22bb65
2023-01-09 18:29:21 +01:00 · 2023-01-09 18:29:21 +01:00 · 86b630cfe1
parent 93bc518b53
commit 86b630cfe1
4 changed files with 30 additions and 2 deletions
--- a/include/osmocom/sgsn/sgsn.h
+++ b/include/osmocom/sgsn/sgsn.h
@ -77,6 +77,7 @@ struct sgsn_config {
 	/* misc */
 	struct gprs_ns2_inst *nsi;

+	char *crypt_cipher_plugin_path;
 	enum sgsn_auth_policy auth_policy;
 	uint8_t gea_encryption_mask;
 	uint8_t uea_encryption_mask;
--- a/src/sgsn/sgsn_main.c
+++ b/src/sgsn/sgsn_main.c
@ -413,8 +413,6 @@ int main(int argc, char **argv)
 	sgsn->cfg.nsi = sgsn_nsi;
 	bssgp_set_bssgp_callback(sgsn_bssgp_dispatch_ns_unitdata_req_cb, sgsn_nsi);

-	gprs_llc_init("/usr/local/lib/osmocom/crypt/");
-
 	gprs_ns2_vty_init(sgsn_nsi);
 	bssgp_vty_init();
 	gprs_llc_vty_init();
@ -449,6 +447,8 @@ int main(int argc, char **argv)
 	if (rc < 0)
 		exit(1);

+	gprs_llc_init(sgsn->cfg.crypt_cipher_plugin_path);
+
 	rc = sgsn_gtp_init(sgsn);
 	if (rc) {
 		LOGP(DGPRS, LOGL_FATAL, "Cannot bind/listen on GTP socket\n");
--- a/src/sgsn/sgsn_vty.c
+++ b/src/sgsn/sgsn_vty.c
@ -282,6 +282,8 @@ static int config_write_sgsn(struct vty *vty)

 		vty_out(vty, "%s", VTY_NEWLINE);
 	}
+	if (g_cfg->crypt_cipher_plugin_path)
+		vty_out(vty, "encryption cipher-plugin-path %s%s", g_cfg->crypt_cipher_plugin_path, VTY_NEWLINE);
 	if (g_cfg->sgsn_ipa_name)
 		vty_out(vty, " gsup ipa-name %s%s", g_cfg->sgsn_ipa_name, VTY_NEWLINE);
 	if (g_cfg->gsup_server_addr.sin_addr.s_addr)
@ -839,6 +841,27 @@ DEFUN(cfg_encrypt2, cfg_encrypt2_cmd,
 	return CMD_SUCCESS;
 }

+DEFUN(cfg_encrypt_cipher_plugin_path, cfg_encrypt_cipher_plugin_path_cmd,
+	"encryption cipher-plugin-path PATH",
+	ENCRYPTION_STR
+	"Path to gprs encryption cipher plugin directory\n"
+	"Plugin path\n")
+{
+	osmo_talloc_replace_string(sgsn, &sgsn->cfg.crypt_cipher_plugin_path, argv[0]);
+
+	return CMD_SUCCESS;
+}
+
+DEFUN(cfg_no_encrypt_cipher_plugin_path, cfg_no_encrypt_cipher_plugin_path_cmd,
+	"no encryption cipher-plugin-path PATH",
+	NO_STR ENCRYPTION_STR
+	"Path to gprs encryption cipher plugin directory\n"
+	"Plugin path\n")
+{
+	TALLOC_FREE(sgsn->cfg.crypt_cipher_plugin_path);
+	return CMD_SUCCESS;
+}
+
 DEFUN(cfg_authentication, cfg_authentication_cmd,
      "authentication (optional|required)",
      "Whether to enforce MS authentication in GERAN (only with auth-policy remote)\n"
@ -1773,6 +1796,8 @@ int sgsn_vty_init(struct sgsn_config *cfg)
 	install_element(SGSN_NODE, &cfg_encrypt2_cmd);
 	install_element(SGSN_NODE, &cfg_encrypt_cmd);
 	install_element(SGSN_NODE, &cfg_encryption_uea_cmd);
+	install_element(SGSN_NODE, &cfg_encrypt_cipher_plugin_path_cmd);
+	install_element(SGSN_NODE, &cfg_no_encrypt_cipher_plugin_path_cmd);

 	install_element(SGSN_NODE, &cfg_gsup_ipa_name_cmd);
 	install_element(SGSN_NODE, &cfg_gsup_remote_ip_cmd);
--- a/tests/osmo-sgsn_test-nodes.vty
+++ b/tests/osmo-sgsn_test-nodes.vty
@ -37,6 +37,8 @@ OsmoSGSN(config-sgsn)# list
  authentication (optional|required)
  encryption gea <0-4> [<0-4>] [<0-4>] [<0-4>] [<0-4>]
  encryption uea <0-2> [<0-2>] [<0-2>]
+  encryption cipher-plugin-path PATH
+  no encryption cipher-plugin-path PATH
  gsup ipa-name NAME
  gsup remote-ip A.B.C.D
  gsup remote-port <0-65535>