Added new auth policy blacklist.

In this mode by default we set authorized = 1 for all new subscribers. BSC accepts all MS, except subscribers not authorized in DB. All subscribers with authorized = 0 are part of the blacklist and not accepted.
author: Ivan Kluchnikov <kluchnikovi@gmail.com> 2013-10-17 14:58:02 +0400
committer: Ivan Kluchnikov <kluchnikovi@gmail.com> 2013-10-17 14:58:02 +0400
commit: 8c806541a874bb4b0ecd6974c38a4958e25d59f6 (patch)
tree: 072384ffd4924a36a1d2a424ff91182a7ef7f433
parent: e75fec60d025f3f5c40d2ec6c26b277fc33e8c34 (diff)
5 files changed, 14 insertions, 3 deletions
diff --git a/openbsc/include/openbsc/gsm_data.h b/openbsc/include/openbsc/gsm_data.h
index 874150535..71a878d59 100644
--- a/openbsc/include/openbsc/gsm_data.h
+++ b/openbsc/include/openbsc/gsm_data.h
@@ -194,6 +194,7 @@ enum gsm_auth_policy {
 	GSM_AUTH_POLICY_CLOSED, /* only subscribers authorized in DB */
 	GSM_AUTH_POLICY_ACCEPT_ALL, /* accept everyone, even if not authorized in DB */
 	GSM_AUTH_POLICY_TOKEN, /* accept first, send token per sms, then revoke authorization */
+	GSM_AUTH_POLICY_BLACKLIST /* accept everyone, except subscribers not authorized in DB */
 };
 
 #define GSM_T3101_DEFAULT 10
diff --git a/openbsc/src/libbsc/bsc_vty.c b/openbsc/src/libbsc/bsc_vty.c
index 5d03b2ad4..e3cb917f1 100644
--- a/openbsc/src/libbsc/bsc_vty.c
+++ b/openbsc/src/libbsc/bsc_vty.c
@@ -1214,12 +1214,13 @@ DEFUN(cfg_net_name_long,
 
 DEFUN(cfg_net_auth_policy,
       cfg_net_auth_policy_cmd,
-      "auth policy (closed|accept-all|token)",
+      "auth policy (closed|accept-all|token|blacklist)",
 	"Authentication (not cryptographic)\n"
 	"Set the GSM network authentication policy\n"
 	"Require the MS to be activated in HLR\n"
 	"Accept all MS, whether in HLR or not\n"
-	"Use SMS-token based authentication\n")
+	"Use SMS-token based authentication\n"
+	"Accept all MS, except not authorized in HLR\n")
 {
 	enum gsm_auth_policy policy = gsm_auth_policy_parse(argv[0]);
 	struct gsm_network *gsmnet = gsmnet_from_vty(vty);
diff --git a/openbsc/src/libcommon/gsm_data.c b/openbsc/src/libcommon/gsm_data.c
index 5f7e32e73..4c2d8e732 100644
--- a/openbsc/src/libcommon/gsm_data.c
+++ b/openbsc/src/libcommon/gsm_data.c
@@ -256,6 +256,7 @@ static const struct value_string auth_policy_names[] = {
 	{ GSM_AUTH_POLICY_CLOSED,	"closed" },
 	{ GSM_AUTH_POLICY_ACCEPT_ALL,	"accept-all" },
 	{ GSM_AUTH_POLICY_TOKEN,	"token" },
+	{ GSM_AUTH_POLICY_BLACKLIST,	"blacklist"},
 	{ 0,				NULL }
 };
 
diff --git a/openbsc/src/libmsc/gsm_04_08.c b/openbsc/src/libmsc/gsm_04_08.c
index c41443eb4..addacda50 100644
--- a/openbsc/src/libmsc/gsm_04_08.c
+++ b/openbsc/src/libmsc/gsm_04_08.c
@@ -241,6 +241,8 @@ static int authorize_subscriber(struct gsm_loc_updating_operation *loc,
 		return (subscriber->flags & GSM_SUBSCRIBER_FIRST_CONTACT);
 	case GSM_AUTH_POLICY_ACCEPT_ALL:
 		return 1;
+	case GSM_AUTH_POLICY_BLACKLIST:
+		return subscriber->authorized;
 	default:
 		return 0;
 	}
diff --git a/openbsc/src/libmsc/gsm_subscriber.c b/openbsc/src/libmsc/gsm_subscriber.c
index bc6f3cf55..d417b9f8b 100644
--- a/openbsc/src/libmsc/gsm_subscriber.c
+++ b/openbsc/src/libmsc/gsm_subscriber.c
@@ -279,8 +279,14 @@ struct gsm_subscriber *subscr_create_subscriber(struct gsm_network *net,
 					const char *imsi)
 {
 	struct gsm_subscriber *subscr = db_create_subscriber(imsi);
-	if (subscr)
+	if (subscr) {
 		subscr->net = net;
+		if (subscr->net->auth_policy == GSM_AUTH_POLICY_BLACKLIST) {
+			subscr->authorized = 1;
+			db_sync_subscriber(subscr);	
+		}
+	}
+
 	return subscr;
 }
author	Ivan Kluchnikov <kluchnikovi@gmail.com>	2013-10-17 14:58:02 +0400
committer	Ivan Kluchnikov <kluchnikovi@gmail.com>	2013-10-17 14:58:02 +0400
commit	8c806541a874bb4b0ecd6974c38a4958e25d59f6 (patch)
tree	072384ffd4924a36a1d2a424ff91182a7ef7f433
parent	e75fec60d025f3f5c40d2ec6c26b277fc33e8c34 (diff)