aboutsummaryrefslogtreecommitdiffstats
path: root/src/gprs/sgsn_vty.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/gprs/sgsn_vty.c')
-rw-r--r--src/gprs/sgsn_vty.c37
1 files changed, 36 insertions, 1 deletions
diff --git a/src/gprs/sgsn_vty.c b/src/gprs/sgsn_vty.c
index 6389d92ac..29c97718e 100644
--- a/src/gprs/sgsn_vty.c
+++ b/src/gprs/sgsn_vty.c
@@ -211,6 +211,8 @@ static int config_write_sgsn(struct vty *vty)
if (g_cfg->gsup_server_port)
vty_out(vty, " gsup remote-port %d%s",
g_cfg->gsup_server_port, VTY_NEWLINE);
+ vty_out(vty, " authentication %s%s",
+ g_cfg->require_authentication ? "required" : "optional", VTY_NEWLINE);
vty_out(vty, " auth-policy %s%s",
get_value_string(sgsn_auth_pol_strs, g_cfg->auth_policy),
VTY_NEWLINE);
@@ -693,6 +695,27 @@ DEFUN(cfg_encrypt, cfg_encrypt_cmd,
return CMD_SUCCESS;
}
+DEFUN(cfg_authentication, cfg_authentication_cmd,
+ "authentication (optional|required)",
+ "Whether to enforce MS authentication in GERAN\n"
+ "Allow MS to attach via GERAN without authentication\n"
+ "Always require authentication\n")
+{
+ int required = (argv[0][0] == 'r');
+
+ if (vty->type != VTY_FILE) {
+ if (g_cfg->auth_policy != SGSN_AUTH_POLICY_REMOTE && required) {
+ vty_out(vty, "%% Authentication is not possible without HLR, "
+ "consider setting 'auth-policy' to 'remote'%s",
+ VTY_NEWLINE);
+ return CMD_WARNING;
+ }
+ }
+
+ g_cfg->require_authentication = required;
+ return CMD_SUCCESS;
+}
+
DEFUN(cfg_auth_policy, cfg_auth_policy_cmd,
"auth-policy (accept-all|closed|acl-only|remote)",
"Configure the Authorization policy of the SGSN. This setting determines which subscribers are"
@@ -705,9 +728,12 @@ DEFUN(cfg_auth_policy, cfg_auth_policy_cmd,
int val = get_string_value(sgsn_auth_pol_strs, argv[0]);
OSMO_ASSERT(val >= SGSN_AUTH_POLICY_OPEN && val <= SGSN_AUTH_POLICY_REMOTE);
g_cfg->auth_policy = val;
- g_cfg->require_authentication = (val == SGSN_AUTH_POLICY_REMOTE);
g_cfg->require_update_location = (val == SGSN_AUTH_POLICY_REMOTE);
+ /* Authentication is not possible without HLR */
+ if (val != SGSN_AUTH_POLICY_REMOTE)
+ g_cfg->require_authentication = 0;
+
return CMD_SUCCESS;
}
@@ -1391,6 +1417,7 @@ int sgsn_vty_init(struct sgsn_config *cfg)
install_element(SGSN_NODE, &cfg_ggsn_no_echo_interval_cmd);
install_element(SGSN_NODE, &cfg_imsi_acl_cmd);
install_element(SGSN_NODE, &cfg_auth_policy_cmd);
+ install_element(SGSN_NODE, &cfg_authentication_cmd);
install_element(SGSN_NODE, &cfg_encrypt_cmd);
install_element(SGSN_NODE, &cfg_gsup_ipa_name_cmd);
install_element(SGSN_NODE, &cfg_gsup_remote_ip_cmd);
@@ -1462,6 +1489,14 @@ int sgsn_parse_config(const char *config_file)
return rc;
}
+ if (g_cfg->auth_policy != SGSN_AUTH_POLICY_REMOTE
+ && g_cfg->require_authentication) {
+ fprintf(stderr, "Configuration error:"
+ " authentication is not possible without HLR."
+ " Consider setting 'auth-policy' to 'remote'\n");
+ return -EINVAL;
+ }
+
if (g_cfg->auth_policy == SGSN_AUTH_POLICY_REMOTE
&& !(g_cfg->gsup_server_addr.sin_addr.s_addr
&& g_cfg->gsup_server_port)) {