Change in ...osmo-ggsn[master]: ggsn: Add minimalistic PAP support
pespin has submitted this change and it was merged. (
https://gerrit.osmocom.org/c/osmo-ggsn/+/13608 )
Change subject: ggsn: Add minimalistic PAP support
..
ggsn: Add minimalistic PAP support
Some modems are configured to use PAP as an additional authentication
mechanism beyond the GSM authentication that's part of GMM. Let's
handle such PAP authentication requests by simply acknowledging them
all, without actually checking any credentials database.
This is the most sane thing we can do for now, without adding external
requirements / interfaces like radius servers or the like.
Closes: OS#3914
Change-Id: I81875f30f9f1497199253497f84718510747f731
---
M ggsn/ggsn.c
1 file changed, 86 insertions(+), 1 deletion(-)
Approvals:
Jenkins Builder: Verified
fixeria: Looks good to me, approved
diff --git a/ggsn/ggsn.c b/ggsn/ggsn.c
index c559923..e95471a 100644
--- a/ggsn/ggsn.c
+++ b/ggsn/ggsn.c
@@ -1,7 +1,7 @@
/*
* OsmoGGSN - Gateway GPRS Support Node
* Copyright (C) 2002, 2003, 2004 Mondru AB.
- * Copyright (C) 2017 by Harald Welte
+ * Copyright (C) 2017-2019 by Harald Welte
*
* The contents of this file may be used under the terms of the GNU
* General Public License Version 2, provided that the above copyright
@@ -47,6 +47,7 @@
#include
#include
#include
+#include
#include
#include
#include
@@ -499,6 +500,87 @@
return NULL;
}
+/* RFC 1334, section 3.2. Packet Format */
+struct pap_element {
+ uint8_t code;
+ uint8_t id;
+ uint16_t len; /* length including header */
+ uint8_t data[0];
+} __attribute__((packed));
+
+enum pap_code {
+ PAP_CODE_AUTH_REQ = 1,
+ PAP_CODE_AUTH_ACK = 2,
+ PAP_CODE_AUTH_NAK = 3,
+};
+
+static const char *pap_welcome = "Welcome to OsmoGGSN " PACKAGE_VERSION;
+
+/* Handle PAP protocol according to RFC 1334 */
+static void process_pco_element_pap(const struct pco_element *pco_in, struct
msgb *resp,
+ const struct apn_ctx *apn, struct pdp_t
*pdp)
+{
+ const struct pap_element *pap_in = (const struct pap_element *)
pco_in->data;
+ uint16_t pap_in_len;
+ uint8_t peer_id_len;
+ const uint8_t *peer_id;
+ unsigned int pap_welcome_len;
+ uint8_t pap_out_size;
+ struct pap_element *pap_out;
+
+ if (pco_in->length < sizeof(struct pap_element))
+ goto ret_broken;
+
+ pap_in_len = osmo_load16be(&pap_in->len);
+ if (pco_in->length < pap_in_len)
+ goto ret_broken;
+ /* "pco_in->length > pap_in_len" is allowed: RFC1334 2.2 states:
+ "Octets outside the range of the Length field should be treated as
+ Data Link Layer padding and should be ignored on reception."
+*/
+
+ switch (pap_in->code) {
+ case PAP_CODE_AUTH_REQ:
+ if (pap_in_len < sizeof(struct pap_element) + 1)
+ goto ret_broken_auth;
+ peer_id_len = pap_in->data[0];
+ if (pap_in_len < sizeof(struct pap_element) + 1 + peer_id_len)
+ goto ret_broken_auth;
+ peer_id = &pap_in->data[1];
+ LOGPPDP(LOGL_DEBUG, pdp, "PCO PAP PeerId = %s, ACKing\n",
+ osmo_quote_str((const char *)peer_id, peer_id_len));
+ /* Password-Length + Password following here, but we don't care
*/
+
+ /* Prepare response, we ACK all of them: */
+ pap_welcome_len = strlen(pap_welcome);
+ /* +1: Length field of pap_welcome Message */
+ pap_out_size = sizeof(struct pap_element) + 1 + pap_welcome_len;
+ pap_out = alloca(pap_out_size);
+ pap_out->code = PAP_CODE_AUTH_ACK;
+ pap_out->id = pap_in->id;
+ pap_out->len = htons(pap_out_size);
+ pap_out->data[0] = pap_welcome_len;
+ memcpy(pap_out->data+1, pap_welcome, pap_welcome_len);
+ msgb_t16lv_put(resp, PCO_P_PAP, pap_out_size, (uint8_t *)
pap_out);
+ break;
+ case PAP_CODE_AUTH_ACK:
+ case PAP_CODE_AUTH_NAK:
+ default:
+ LOGPPDP(LOGL_NOTICE, pdp, "Unsupported PAP PCO Code %u,
ignoring\n", pap_in->code);
+ break;
+ }
+ return;
+
+ret_broken_auth:
+ LOGPPDP(LOGL_NOTICE, pdp, "Invalid PAP AuthenticateReq: %s, ignoring\n",
+ osmo_hexdump_nospc((const uint8_t *)pco_in, pco_in->length));
+ return;
+
+ret_broken:
+ LOGPPDP(LOGL_NOTICE, pdp, "Invalid PAP PCO Length: %s, ignoring\n",
+ osmo_hexdump_nospc((const uint8_t *)pco_in, pco_in->length));
+}
+
static void process_pco_element_ipcp(const struct pco_element *pco_elem,
struct msgb *resp,
const struct apn_ctx *apn, struct pdp_t
*pdp)
{
@@ -580,6 +662,9 @@
const struct apn_ctx *apn, s
Change in ...osmo-ggsn[master]: ggsn: Add minimalistic PAP support
fixeria has posted comments on this change. ( https://gerrit.osmocom.org/c/osmo-ggsn/+/13608 ) Change subject: ggsn: Add minimalistic PAP support .. Patch Set 6: Code-Review+2 -- To view, visit https://gerrit.osmocom.org/c/osmo-ggsn/+/13608 To unsubscribe, or for help writing mail filters, visit https://gerrit.osmocom.org/settings Gerrit-Project: osmo-ggsn Gerrit-Branch: master Gerrit-Change-Id: I81875f30f9f1497199253497f84718510747f731 Gerrit-Change-Number: 13608 Gerrit-PatchSet: 6 Gerrit-Owner: laforge Gerrit-Reviewer: Jenkins Builder Gerrit-Reviewer: fixeria Gerrit-Reviewer: laforge Gerrit-Reviewer: pespin Gerrit-CC: msuraev Gerrit-Comment-Date: Mon, 01 Jul 2019 10:18:07 + Gerrit-HasComments: No Gerrit-Has-Labels: Yes Gerrit-MessageType: comment
Change in ...osmo-ggsn[master]: ggsn: Add minimalistic PAP support
pespin has uploaded a new patch set (#6) to the change originally created by laforge. ( https://gerrit.osmocom.org/c/osmo-ggsn/+/13608 ) Change subject: ggsn: Add minimalistic PAP support .. ggsn: Add minimalistic PAP support Some modems are configured to use PAP as an additional authentication mechanism beyond the GSM authentication that's part of GMM. Let's handle such PAP authentication requests by simply acknowledging them all, without actually checking any credentials database. This is the most sane thing we can do for now, without adding external requirements / interfaces like radius servers or the like. Closes: OS#3914 Change-Id: I81875f30f9f1497199253497f84718510747f731 --- M ggsn/ggsn.c 1 file changed, 86 insertions(+), 1 deletion(-) git pull ssh://gerrit.osmocom.org:29418/osmo-ggsn refs/changes/08/13608/6 -- To view, visit https://gerrit.osmocom.org/c/osmo-ggsn/+/13608 To unsubscribe, or for help writing mail filters, visit https://gerrit.osmocom.org/settings Gerrit-Project: osmo-ggsn Gerrit-Branch: master Gerrit-Change-Id: I81875f30f9f1497199253497f84718510747f731 Gerrit-Change-Number: 13608 Gerrit-PatchSet: 6 Gerrit-Owner: laforge Gerrit-Reviewer: Jenkins Builder Gerrit-Reviewer: fixeria Gerrit-Reviewer: laforge Gerrit-Reviewer: pespin Gerrit-CC: msuraev Gerrit-MessageType: newpatchset
Change in ...osmo-ggsn[master]: ggsn: Add minimalistic PAP support
fixeria has posted comments on this change. ( https://gerrit.osmocom.org/c/osmo-ggsn/+/13608 ) Change subject: ggsn: Add minimalistic PAP support .. Patch Set 5: Code-Review+2 (1 comment) https://gerrit.osmocom.org/#/c/13608/5/ggsn/ggsn.c File ggsn/ggsn.c: https://gerrit.osmocom.org/#/c/13608/5/ggsn/ggsn.c@503 PS5, Line 503: struct pap_element I think it makes sense to add the spec. reference here too: /* RFC 1334, section 3.2. Packet Format */ -- To view, visit https://gerrit.osmocom.org/c/osmo-ggsn/+/13608 To unsubscribe, or for help writing mail filters, visit https://gerrit.osmocom.org/settings Gerrit-Project: osmo-ggsn Gerrit-Branch: master Gerrit-Change-Id: I81875f30f9f1497199253497f84718510747f731 Gerrit-Change-Number: 13608 Gerrit-PatchSet: 5 Gerrit-Owner: laforge Gerrit-Reviewer: Jenkins Builder Gerrit-Reviewer: fixeria Gerrit-Reviewer: laforge Gerrit-Reviewer: pespin Gerrit-CC: msuraev Gerrit-Comment-Date: Mon, 01 Jul 2019 10:10:36 + Gerrit-HasComments: Yes Gerrit-Has-Labels: Yes Gerrit-MessageType: comment
Change in ...osmo-ggsn[master]: ggsn: Add minimalistic PAP support
laforge has posted comments on this change. ( https://gerrit.osmocom.org/c/osmo-ggsn/+/13608 ) Change subject: ggsn: Add minimalistic PAP support .. Patch Set 5: Code-Review+1 -- To view, visit https://gerrit.osmocom.org/c/osmo-ggsn/+/13608 To unsubscribe, or for help writing mail filters, visit https://gerrit.osmocom.org/settings Gerrit-Project: osmo-ggsn Gerrit-Branch: master Gerrit-Change-Id: I81875f30f9f1497199253497f84718510747f731 Gerrit-Change-Number: 13608 Gerrit-PatchSet: 5 Gerrit-Owner: laforge Gerrit-Reviewer: Jenkins Builder Gerrit-Reviewer: laforge Gerrit-Reviewer: pespin Gerrit-CC: msuraev Gerrit-Comment-Date: Fri, 28 Jun 2019 21:12:02 + Gerrit-HasComments: No Gerrit-Has-Labels: Yes Gerrit-MessageType: comment
Change in ...osmo-ggsn[master]: ggsn: Add minimalistic PAP support
pespin has uploaded a new patch set (#5) to the change originally created by laforge. ( https://gerrit.osmocom.org/c/osmo-ggsn/+/13608 ) Change subject: ggsn: Add minimalistic PAP support .. ggsn: Add minimalistic PAP support Some modems are configured to use PAP as an additional authentication mechanism beyond the GSM authentication that's part of GMM. Let's handle such PAP authentication requests by simply acknowledging them all, without actually checking any credentials database. This is the most sane thing we can do for now, without adding external requirements / interfaces like radius servers or the like. Closes: OS#3914 Change-Id: I81875f30f9f1497199253497f84718510747f731 --- M ggsn/ggsn.c 1 file changed, 85 insertions(+), 1 deletion(-) git pull ssh://gerrit.osmocom.org:29418/osmo-ggsn refs/changes/08/13608/5 -- To view, visit https://gerrit.osmocom.org/c/osmo-ggsn/+/13608 To unsubscribe, or for help writing mail filters, visit https://gerrit.osmocom.org/settings Gerrit-Project: osmo-ggsn Gerrit-Branch: master Gerrit-Change-Id: I81875f30f9f1497199253497f84718510747f731 Gerrit-Change-Number: 13608 Gerrit-PatchSet: 5 Gerrit-Owner: laforge Gerrit-Reviewer: Jenkins Builder Gerrit-Reviewer: laforge Gerrit-Reviewer: pespin Gerrit-CC: msuraev Gerrit-MessageType: newpatchset
Change in osmo-ggsn[master]: ggsn: Add minimalistic PAP support
Max has posted comments on this change. ( https://gerrit.osmocom.org/13608 ) Change subject: ggsn: Add minimalistic PAP support .. Patch Set 4: (1 comment) https://gerrit.osmocom.org/#/c/13608/4/ggsn/ggsn.c File ggsn/ggsn.c: https://gerrit.osmocom.org/#/c/13608/4/ggsn/ggsn.c@511 PS4, Line 511: static const char *pap_welcome = "Welcome to OsmoGGSN"; Maybe add version to make it even more informative? -- To view, visit https://gerrit.osmocom.org/13608 To unsubscribe, or for help writing mail filters, visit https://gerrit.osmocom.org/settings Gerrit-Project: osmo-ggsn Gerrit-Branch: master Gerrit-MessageType: comment Gerrit-Change-Id: I81875f30f9f1497199253497f84718510747f731 Gerrit-Change-Number: 13608 Gerrit-PatchSet: 4 Gerrit-Owner: Harald Welte Gerrit-Reviewer: Harald Welte Gerrit-Reviewer: Jenkins Builder (102) Gerrit-Reviewer: Pau Espin Pedrol Gerrit-CC: Max Gerrit-Comment-Date: Fri, 26 Apr 2019 11:23:54 + Gerrit-HasComments: Yes Gerrit-HasLabels: No
Change in osmo-ggsn[master]: ggsn: Add minimalistic PAP support
Pau Espin Pedrol has posted comments on this change. ( https://gerrit.osmocom.org/13608 ) Change subject: ggsn: Add minimalistic PAP support .. Patch Set 4: (2 comments) https://gerrit.osmocom.org/#/c/13608/4/ggsn/ggsn.c File ggsn/ggsn.c: https://gerrit.osmocom.org/#/c/13608/4/ggsn/ggsn.c@531 PS4, Line 531: if (pap_in->len < 1) That's wrong, because len includes header according to line 501. Also, you are accessing data[0] and data[1], so you miss one byte len. if (pap_in->len < sizeof(*pap_in) + 2) https://gerrit.osmocom.org/#/c/13608/4/ggsn/ggsn.c@535 PS4, Line 535: if (pap_in->len < 1 + peer_id_len) if (pap_in->len < sizeof(*pap_in) + 2 + peer_id_len) -- To view, visit https://gerrit.osmocom.org/13608 To unsubscribe, or for help writing mail filters, visit https://gerrit.osmocom.org/settings Gerrit-Project: osmo-ggsn Gerrit-Branch: master Gerrit-MessageType: comment Gerrit-Change-Id: I81875f30f9f1497199253497f84718510747f731 Gerrit-Change-Number: 13608 Gerrit-PatchSet: 4 Gerrit-Owner: Harald Welte Gerrit-Reviewer: Harald Welte Gerrit-Reviewer: Jenkins Builder (102) Gerrit-Reviewer: Pau Espin Pedrol Gerrit-Comment-Date: Fri, 12 Apr 2019 13:16:19 + Gerrit-HasComments: Yes Gerrit-HasLabels: No
Change in osmo-ggsn[master]: ggsn: Add minimalistic PAP support
Hello Pau Espin Pedrol, Jenkins Builder, I'd like you to reexamine a change. Please visit https://gerrit.osmocom.org/13608 to look at the new patch set (#4). Change subject: ggsn: Add minimalistic PAP support .. ggsn: Add minimalistic PAP support Some modems are configured to use PAP as an additional authentication mechanism beyond the GSM authentication that's part of GMM. Let's handle such PAP authentication requests by simply acknowledging them all, without actually checking any credentials database. This is the most sane thing we can do for now, without adding external requirements / interfaces like radius servers or the like. Closes: OS#3914 Change-Id: I81875f30f9f1497199253497f84718510747f731 --- M ggsn/ggsn.c 1 file changed, 72 insertions(+), 1 deletion(-) git pull ssh://gerrit.osmocom.org:29418/osmo-ggsn refs/changes/08/13608/4 -- To view, visit https://gerrit.osmocom.org/13608 To unsubscribe, or for help writing mail filters, visit https://gerrit.osmocom.org/settings Gerrit-Project: osmo-ggsn Gerrit-Branch: master Gerrit-MessageType: newpatchset Gerrit-Change-Id: I81875f30f9f1497199253497f84718510747f731 Gerrit-Change-Number: 13608 Gerrit-PatchSet: 4 Gerrit-Owner: Harald Welte Gerrit-Reviewer: Harald Welte Gerrit-Reviewer: Jenkins Builder (102) Gerrit-Reviewer: Pau Espin Pedrol
Change in osmo-ggsn[master]: ggsn: Add minimalistic PAP support
Harald Welte has posted comments on this change. ( https://gerrit.osmocom.org/13608 ) Change subject: ggsn: Add minimalistic PAP support .. Patch Set 3: (5 comments) https://gerrit.osmocom.org/#/c/13608/3//COMMIT_MSG Commit Message: https://gerrit.osmocom.org/#/c/13608/3//COMMIT_MSG@12 PS3, Line 12: all, without actually checking any credentials database. > So the MS is expected to send inside PAP the values you configure your APN > with? (the User+Password […] yes, if you add username/password, the MS/UE should send those values in PAP. https://gerrit.osmocom.org/#/c/13608/3/ggsn/ggsn.c File ggsn/ggsn.c: https://gerrit.osmocom.org/#/c/13608/3/ggsn/ggsn.c@518 PS3, Line 518: unsigned int pap_welcome_len = strlen(pap_welcome); > "ARRAY_SIZE(pap_welcome) -1" would make sense too :) I think gcc is smart enough to do the strlen at compile-time these days. It's much more readable, for sure. https://gerrit.osmocom.org/#/c/13608/3/ggsn/ggsn.c@519 PS3, Line 519: uint8_t pap_out_size = sizeof(struct pap_element) + 1 + pap_welcome_len; > Is that +1 for the NULL chat of pap_welcome? please add comment (and add +1 > to the end). the one bytes is for the *length* byte. There is no requirement for NUL termination https://gerrit.osmocom.org/#/c/13608/3/ggsn/ggsn.c@520 PS3, Line 520: struct pap_element *pap_out = alloca(pap_out_size); > nice, didn't know about alloca() you can also use runtime-computed size for arrays these days. So something like having the length passed in as a function argument and then putting "char foo[len_arg];" on the stack works. However, in this case we don't want to allocate an array but 'struct pcap_element' with some extra bytes at the end, and hence I went for alloca. https://gerrit.osmocom.org/#/c/13608/3/ggsn/ggsn.c@526 PS3, Line 526: if (htons(pap_in->len) > pco_in->length) > is htons() fine alignment-access wise? […] ACK, will update. -- To view, visit https://gerrit.osmocom.org/13608 To unsubscribe, or for help writing mail filters, visit https://gerrit.osmocom.org/settings Gerrit-Project: osmo-ggsn Gerrit-Branch: master Gerrit-MessageType: comment Gerrit-Change-Id: I81875f30f9f1497199253497f84718510747f731 Gerrit-Change-Number: 13608 Gerrit-PatchSet: 3 Gerrit-Owner: Harald Welte Gerrit-Reviewer: Harald Welte Gerrit-Reviewer: Jenkins Builder (102) Gerrit-Reviewer: Pau Espin Pedrol Gerrit-Comment-Date: Fri, 12 Apr 2019 10:21:45 + Gerrit-HasComments: Yes Gerrit-HasLabels: No
Change in osmo-ggsn[master]: ggsn: Add minimalistic PAP support
Pau Espin Pedrol has posted comments on this change. ( https://gerrit.osmocom.org/13608 ) Change subject: ggsn: Add minimalistic PAP support .. Patch Set 3: Code-Review-1 (7 comments) -1 because it should be ntohs. https://gerrit.osmocom.org/#/c/13608/3//COMMIT_MSG Commit Message: https://gerrit.osmocom.org/#/c/13608/3//COMMIT_MSG@12 PS3, Line 12: all, without actually checking any credentials database. So the MS is expected to send inside PAP the values you configure your APN with? (the User+Password fields in the APN menu of android phones). https://gerrit.osmocom.org/#/c/13608/3/ggsn/ggsn.c File ggsn/ggsn.c: https://gerrit.osmocom.org/#/c/13608/3/ggsn/ggsn.c@511 PS3, Line 511: "Welcome to OsmoGGSN" > btw, I think this will be an easy way to figure out remotely if somebody is > using OsmoGGSN or not: S […] If it was AGPL then it'd be funny answering that in osmo-sgsn with a message "go free you code!" and a copy of the license ;) https://gerrit.osmocom.org/#/c/13608/3/ggsn/ggsn.c@518 PS3, Line 518: unsigned int pap_welcome_len = strlen(pap_welcome); "ARRAY_SIZE(pap_welcome) -1" would make sense too :) https://gerrit.osmocom.org/#/c/13608/3/ggsn/ggsn.c@519 PS3, Line 519: uint8_t pap_out_size = sizeof(struct pap_element) + 1 + pap_welcome_len; Is that +1 for the NULL chat of pap_welcome? please add comment (and add +1 to the end). https://gerrit.osmocom.org/#/c/13608/3/ggsn/ggsn.c@520 PS3, Line 520: struct pap_element *pap_out = alloca(pap_out_size); nice, didn't know about alloca() https://gerrit.osmocom.org/#/c/13608/3/ggsn/ggsn.c@526 PS3, Line 526: if (htons(pap_in->len) > pco_in->length) is htons() fine alignment-access wise? And actually it should be ntohs. https://gerrit.osmocom.org/#/c/13608/3/ggsn/ggsn.c@531 PS3, Line 531: peer_id_len = pap_in->data[0]; I think you are not covering case sizeof(*pap_in) == ntohs(pap_in->len), that is, pap_in->data is empty. In that case you shoul avoid accessing pap_in->data and returning broken. -- To view, visit https://gerrit.osmocom.org/13608 To unsubscribe, or for help writing mail filters, visit https://gerrit.osmocom.org/settings Gerrit-Project: osmo-ggsn Gerrit-Branch: master Gerrit-MessageType: comment Gerrit-Change-Id: I81875f30f9f1497199253497f84718510747f731 Gerrit-Change-Number: 13608 Gerrit-PatchSet: 3 Gerrit-Owner: Harald Welte Gerrit-Reviewer: Harald Welte Gerrit-Reviewer: Jenkins Builder (102) Gerrit-Reviewer: Pau Espin Pedrol Gerrit-Comment-Date: Thu, 11 Apr 2019 19:57:42 + Gerrit-HasComments: Yes Gerrit-HasLabels: Yes
Change in osmo-ggsn[master]: ggsn: Add minimalistic PAP support
Harald Welte has posted comments on this change. ( https://gerrit.osmocom.org/13608 ) Change subject: ggsn: Add minimalistic PAP support .. Patch Set 3: (1 comment) https://gerrit.osmocom.org/#/c/13608/3/ggsn/ggsn.c File ggsn/ggsn.c: https://gerrit.osmocom.org/#/c/13608/3/ggsn/ggsn.c@511 PS3, Line 511: "Welcome to OsmoGGSN" btw, I think this will be an easy way to figure out remotely if somebody is using OsmoGGSN or not: Simply send PAP in the PDP CTX ACT REQ and the message in the response will tell you ;) -- To view, visit https://gerrit.osmocom.org/13608 To unsubscribe, or for help writing mail filters, visit https://gerrit.osmocom.org/settings Gerrit-Project: osmo-ggsn Gerrit-Branch: master Gerrit-MessageType: comment Gerrit-Change-Id: I81875f30f9f1497199253497f84718510747f731 Gerrit-Change-Number: 13608 Gerrit-PatchSet: 3 Gerrit-Owner: Harald Welte Gerrit-Reviewer: Harald Welte Gerrit-Reviewer: Jenkins Builder (102) Gerrit-Comment-Date: Thu, 11 Apr 2019 17:42:27 + Gerrit-HasComments: Yes Gerrit-HasLabels: No
Change in osmo-ggsn[master]: ggsn: Add minimalistic PAP support
Harald Welte has uploaded a new patch set (#2). ( https://gerrit.osmocom.org/13608 ) Change subject: ggsn: Add minimalistic PAP support .. ggsn: Add minimalistic PAP support Some modems are configured to use PAP as an additional authentication mechanism beyond the GSM authentication that's part of GMM. Let's handle such PAP authentication requests by simply acknowledging them all, without actually checking any credentials database. This is the most sane thing we can do for now, without adding external requirements / interfaces like radius servers or the like. Closes: OS#3914 Change-Id: I81875f30f9f1497199253497f84718510747f731 --- M ggsn/ggsn.c 1 file changed, 63 insertions(+), 1 deletion(-) git pull ssh://gerrit.osmocom.org:29418/osmo-ggsn refs/changes/08/13608/2 -- To view, visit https://gerrit.osmocom.org/13608 To unsubscribe, or for help writing mail filters, visit https://gerrit.osmocom.org/settings Gerrit-Project: osmo-ggsn Gerrit-Branch: master Gerrit-MessageType: newpatchset Gerrit-Change-Id: I81875f30f9f1497199253497f84718510747f731 Gerrit-Change-Number: 13608 Gerrit-PatchSet: 2 Gerrit-Owner: Harald Welte
Change in osmo-ggsn[master]: ggsn: Add minimalistic PAP support
Harald Welte has uploaded this change for review. (
https://gerrit.osmocom.org/13608
Change subject: ggsn: Add minimalistic PAP support
..
ggsn: Add minimalistic PAP support
Some modems are configured to use PAP as an additional authentication
mechanism beyond the GSM authentication that's part of GMM. Let's
handle such PAP authentication requests by simply acknowledging them
all, without actually checking any credentials database.
This is the most sane thing we can do for now, without adding external
requirements / interfaces like radius servers or the like.
Change-Id: I81875f30f9f1497199253497f84718510747f731
---
M ggsn/ggsn.c
1 file changed, 63 insertions(+), 1 deletion(-)
git pull ssh://gerrit.osmocom.org:29418/osmo-ggsn refs/changes/08/13608/1
diff --git a/ggsn/ggsn.c b/ggsn/ggsn.c
index f46436f..d079efe 100644
--- a/ggsn/ggsn.c
+++ b/ggsn/ggsn.c
@@ -1,7 +1,7 @@
/*
* OsmoGGSN - Gateway GPRS Support Node
* Copyright (C) 2002, 2003, 2004 Mondru AB.
- * Copyright (C) 2017 by Harald Welte
+ * Copyright (C) 2017-2019 by Harald Welte
*
* The contents of this file may be used under the terms of the GNU
* General Public License Version 2, provided that the above copyright
@@ -47,6 +47,7 @@
#include
#include
#include
+#include
#include
#include
#include
@@ -494,6 +495,64 @@
return NULL;
}
+struct pap_element {
+ uint8_t code;
+ uint8_t id;
+ uint16_t len; /* length including header */
+ uint8_t data[0];
+} __attribute__((packed));
+
+enum pap_code {
+ PAP_CODE_AUTH_REQ = 1,
+ PAP_CODE_AUTH_ACK = 2,
+ PAP_CODE_AUTH_NAK = 3,
+};
+
+static const char *pap_welcome = "Welcome to OsmoGGSN";
+
+/* Handle PAP protocol according to RFC 1334 */
+static void process_pco_element_pap(const struct pco_element *pco_in, struct
msgb *resp,
+ const struct apn_ctx *apn, struct pdp_t
*pdp)
+{
+ const struct pap_element *pap_in = (const struct pap_element *)
pco_in->data;
+ unsigned int pap_welcome_len = strlen(pap_welcome);
+ uint8_t pap_out_size = sizeof(struct pap_element) + 1 + pap_welcome_len;
+ struct pap_element *pap_out = alloca(pap_out_size);
+ uint8_t peer_id_len;
+ const uint8_t *peer_id;
+
+ if (sizeof(*pap_in) > pco_in->length)
+ goto ret_broken;
+ if (htons(pap_in->len) > pco_in->length)
+ goto ret_broken;
+
+ switch (pap_in->code) {
+ case PAP_CODE_AUTH_REQ:
+ peer_id_len = pap_in->data[0];
+ peer_id = &pap_in->data[1];
+ LOGPPDP(LOGL_DEBUG, pdp, "PCO PAP PeerId = %s, ACKing\n",
+ osmo_quote_str((const char *)peer_id, peer_id_len));
+ /* Password-Length + Password following here, but we don't care
*/
+ pap_out->code = PAP_CODE_AUTH_ACK;
+ pap_out->id = pap_in->id;
+ pap_out->len = htons(pap_out_size);
+ pap_out->data[0] = pap_welcome_len;
+ memcpy(pap_out->data+1, pap_welcome, pap_welcome_len);
+ msgb_t16lv_put(resp, PCO_P_PAP, pap_out_size, (uint8_t *)
pap_out);
+ break;
+ case PAP_CODE_AUTH_ACK:
+ case PAP_CODE_AUTH_NAK:
+ default:
+ LOGPPDP(LOGL_NOTICE, pdp, "Unsupported PAP PCO Code %u,
ignoring\n", pap_in->code);
+ break;
+ }
+ return;
+
+ret_broken:
+ LOGPPDP(LOGL_NOTICE, pdp, "Invalid PAP PCO Length: %s, ignoring\n",
+ osmo_hexdump_nospc((const uint8_t *)pco_in, pco_in->length));
+}
+
static void process_pco_element_ipcp(const struct pco_element *pco_elem,
struct msgb *resp,
const struct apn_ctx *apn, struct pdp_t
*pdp)
{
@@ -575,6 +634,9 @@
const struct apn_ctx *apn, struct pdp_t *pdp)
{
switch (ntohs(pco_elem->protocol_id)) {
+ case PCO_P_PAP:
+ process_pco_element_pap(pco_elem, resp, apn, pdp);
+ break;
case PCO_P_IPCP:
process_pco_element_ipcp(pco_elem, resp, apn, pdp);
break;
--
To view, visit https://gerrit.osmocom.org/13608
To unsubscribe, or for help writing mail filters, visit
https://gerrit.osmocom.org/settings
Gerrit-Project: osmo-ggsn
Gerrit-Branch: master
Gerrit-MessageType: newchange
Gerrit-Change-Id: I81875f30f9f1497199253497f84718510747f731
Gerrit-Change-Number: 13608
Gerrit-PatchSet: 1
Gerrit-Owner: Harald Welte
