aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorNeels Hofmeyr <neels@hofmeyr.de>2017-10-29 02:10:38 +0100
committerNeels Hofmeyr <neels@hofmeyr.de>2017-10-31 02:02:44 +0100
commit97ce015f58b90a51fa87128da4b14383b71025c8 (patch)
tree7d75db79ed2b356a4289077708cfc37fef72673a
parent7b1418e6fc8ae21b179de89e1045a89457525f73 (diff)
vty: make auth tuple reuse configurable
-rw-r--r--doc/examples/osmo-msc/osmo-msc.cfg2
-rw-r--r--src/libmsc/msc_vty.c31
2 files changed, 33 insertions, 0 deletions
diff --git a/doc/examples/osmo-msc/osmo-msc.cfg b/doc/examples/osmo-msc/osmo-msc.cfg
index 1b1d19258..fff964b3d 100644
--- a/doc/examples/osmo-msc/osmo-msc.cfg
+++ b/doc/examples/osmo-msc/osmo-msc.cfg
@@ -17,3 +17,5 @@ network
msc
mgcpgw remote-ip 10.23.24.1
assign-tmsi
+ auth-tuple-max-reuse-count 3
+ auth-tuple-reuse-on-error 1
diff --git a/src/libmsc/msc_vty.c b/src/libmsc/msc_vty.c
index 5c9539d90..c19666f3b 100644
--- a/src/libmsc/msc_vty.c
+++ b/src/libmsc/msc_vty.c
@@ -88,6 +88,27 @@ DEFUN(cfg_msc_cs7_instance_iu,
return CMD_SUCCESS;
}
+DEFUN(cfg_msc_auth_tuple_max_reuse_count, cfg_msc_auth_tuple_max_reuse_count_cmd,
+ "auth-tuple-max-reuse-count <-1-2147483647>",
+ "Configure authentication tuple re-use\n"
+ "0 to use each auth tuple at most once (default), >0 to limit re-use, -1 to re-use infinitely (vulnerable!).\n")
+{
+ struct gsm_network *gsmnet = gsmnet_from_vty(vty);
+ gsmnet->vlr->cfg.auth_tuple_max_reuse_count = atoi(argv[0]);
+ return CMD_SUCCESS;
+}
+
+DEFUN(cfg_msc_auth_tuple_reuse_on_error, cfg_msc_auth_tuple_reuse_on_error_cmd,
+ "auth-tuple-reuse-on-error (0|1)",
+ "Configure authentication tuple re-use when HLR is not responsive\n"
+ "0 = never re-use auth tuples beyond auth-tuple-max-reuse-count (default)\n"
+ "1 = if the HLR does not deliver new tuples, do re-use already available old ones.\n")
+{
+ struct gsm_network *gsmnet = gsmnet_from_vty(vty);
+ gsmnet->vlr->cfg.auth_reuse_old_sets_on_error = atoi(argv[0]) ? true : false;
+ return CMD_SUCCESS;
+}
+
static int config_write_msc(struct vty *vty)
{
struct gsm_network *gsmnet = gsmnet_from_vty(vty);
@@ -101,6 +122,14 @@ static int config_write_msc(struct vty *vty)
vty_out(vty, " cs7-instance-iu %u%s", gsmnet->iu.cs7_instance,
VTY_NEWLINE);
+ if (gsmnet->vlr->cfg.auth_tuple_max_reuse_count)
+ vty_out(vty, " auth-tuple-max-reuse-count %d%s",
+ OSMO_MAX(-1, gsmnet->vlr->cfg.auth_tuple_max_reuse_count),
+ VTY_NEWLINE);
+ if (gsmnet->vlr->cfg.auth_reuse_old_sets_on_error)
+ vty_out(vty, " auth-tuple-reuse-on-error 1%s",
+ VTY_NEWLINE);
+
mgcp_client_config_write(vty, " ");
#ifdef BUILD_IU
ranap_iu_vty_config_write(vty, " ");
@@ -152,6 +181,8 @@ void msc_vty_init(struct gsm_network *msc_network)
vty_install_default(MSC_NODE);
install_element(MSC_NODE, &cfg_msc_assign_tmsi_cmd);
install_element(MSC_NODE, &cfg_msc_no_assign_tmsi_cmd);
+ install_element(MSC_NODE, &cfg_msc_auth_tuple_max_reuse_count_cmd);
+ install_element(MSC_NODE, &cfg_msc_auth_tuple_reuse_on_error_cmd);
install_element(MSC_NODE, &cfg_msc_cs7_instance_a_cmd);
install_element(MSC_NODE, &cfg_msc_cs7_instance_iu_cmd);