summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorHarald Welte <laforge@gnumonks.org>2013-03-19 11:48:54 +0100
committerHarald Welte <laforge@gnumonks.org>2013-07-21 15:44:28 +0800
commit3dfb549a6f31ea2252014db1075a7195da2d4ff7 (patch)
tree0284d314ab9f4b4322983a061cd8dbd7de0d478d
parent7f6da485f5af0ad5a5a5176c2fc3fe0550beac14 (diff)
sgsn: Add "auth-policy" VTY command to enable/disable ACL
-rw-r--r--openbsc/include/openbsc/sgsn.h1
-rw-r--r--openbsc/src/gprs/gprs_gmm.c3
-rw-r--r--openbsc/src/gprs/sgsn_vty.c17
3 files changed, 20 insertions, 1 deletions
diff --git a/openbsc/include/openbsc/sgsn.h b/openbsc/include/openbsc/sgsn.h
index 447bd2f..f7af750 100644
--- a/openbsc/include/openbsc/sgsn.h
+++ b/openbsc/include/openbsc/sgsn.h
@@ -16,6 +16,7 @@ struct sgsn_config {
/* misc */
struct gprs_ns_inst *nsi;
+ int acl_enabled;
struct llist_head imsi_acl;
};
diff --git a/openbsc/src/gprs/gprs_gmm.c b/openbsc/src/gprs/gprs_gmm.c
index 36798e0..2f309a5 100644
--- a/openbsc/src/gprs/gprs_gmm.c
+++ b/openbsc/src/gprs/gprs_gmm.c
@@ -699,7 +699,8 @@ static int gsm48_rx_gmm_att_req(struct sgsn_mm_ctx *ctx, struct msgb *msg,
char mccmnc[16];
snprintf(mccmnc, sizeof(mccmnc), "%03d%02d", ra_id.mcc, ra_id.mnc);
if (strncmp(mccmnc, mi_string, 5) &&
- !sgsn_acl_lookup(mi_string)) {
+ (sgsn->cfg.acl_enabled &&
+ !sgsn_acl_lookup(mi_string))) {
LOGP(DMM, LOGL_INFO, "Rejecting ATTACH REQUESET IMSI=%s\n",
mi_string);
return gsm48_tx_gmm_att_rej_oldmsg(msg,
diff --git a/openbsc/src/gprs/sgsn_vty.c b/openbsc/src/gprs/sgsn_vty.c
index ce3b4da..a4ba280 100644
--- a/openbsc/src/gprs/sgsn_vty.c
+++ b/openbsc/src/gprs/sgsn_vty.c
@@ -131,6 +131,8 @@ static int config_write_sgsn(struct vty *vty)
gctx->gtp_version, VTY_NEWLINE);
}
+ vty_out(vty, " auth-policy %s%s",
+ g_cfg->acl_enabled ? "closed" : "accept-all", VTY_NEWLINE);
llist_for_each_entry(acl, &g_cfg->imsi_acl, list)
vty_out(vty, " imsi-acl add %s%s", acl->imsi, VTY_NEWLINE);
@@ -392,6 +394,20 @@ DEFUN(imsi_acl, cfg_imsi_acl_cmd,
return CMD_SUCCESS;
}
+DEFUN(cfg_auth_policy, cfg_auth_policy_cmd,
+ "auth-policy (accept-all|closed)",
+ "Autorization Policy of SGSN\n"
+ "Accept all IMSIs (DANGEROUS\n"
+ "Accept only home network subscribers or those in ACL\n")
+{
+ if (!strcmp(argv[0], "accept-all"))
+ g_cfg->acl_enabled = 0;
+ else
+ g_cfg->acl_enabled = 1;
+
+ return CMD_SUCCESS;
+}
+
int sgsn_vty_init(void)
{
install_element_ve(&show_sgsn_cmd);
@@ -410,6 +426,7 @@ int sgsn_vty_init(void)
//install_element(SGSN_NODE, &cfg_ggsn_remote_port_cmd);
install_element(SGSN_NODE, &cfg_ggsn_gtp_version_cmd);
install_element(SGSN_NODE, &cfg_imsi_acl_cmd);
+ install_element(SGSN_NODE, &cfg_auth_policy_cmd);
return 0;
}