summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorIvan Kluchnikov <kluchnikovi@gmail.com>2013-09-11 18:33:18 +0400
committerIvan Kluchnikov <kluchnikovi@gmail.com>2013-09-11 18:33:18 +0400
commita706f4de43f65cc88bba2de981398eacdd46e1a2 (patch)
tree8b6814c32405422e1337944a411084fed9376122
parent3ffd9bc0a4efe03022d87513dbde3efc7b4fb8e6 (diff)
Added new auth policy black-list.
In this mode by default we set authorized = 1 for all new subscribers. BSC accepts all MS, except subscribers not authorized in DB. All subscribers with authorized = 0 are part of the black list and not accepted.
-rw-r--r--openbsc/include/openbsc/gsm_data.h1
-rw-r--r--openbsc/src/libbsc/bsc_vty.c5
-rw-r--r--openbsc/src/libcommon/gsm_data.c1
-rw-r--r--openbsc/src/libmsc/db.c12
-rw-r--r--openbsc/src/libmsc/gsm_04_08.c2
5 files changed, 16 insertions, 5 deletions
diff --git a/openbsc/include/openbsc/gsm_data.h b/openbsc/include/openbsc/gsm_data.h
index 8741505..99e9b27 100644
--- a/openbsc/include/openbsc/gsm_data.h
+++ b/openbsc/include/openbsc/gsm_data.h
@@ -194,6 +194,7 @@ enum gsm_auth_policy {
GSM_AUTH_POLICY_CLOSED, /* only subscribers authorized in DB */
GSM_AUTH_POLICY_ACCEPT_ALL, /* accept everyone, even if not authorized in DB */
GSM_AUTH_POLICY_TOKEN, /* accept first, send token per sms, then revoke authorization */
+ GSM_AUTH_POLICY_BLACK_LIST /* accept everyone, except subscribers not authorized in DB */
};
#define GSM_T3101_DEFAULT 10
diff --git a/openbsc/src/libbsc/bsc_vty.c b/openbsc/src/libbsc/bsc_vty.c
index 5748945..7a89ca6 100644
--- a/openbsc/src/libbsc/bsc_vty.c
+++ b/openbsc/src/libbsc/bsc_vty.c
@@ -1186,12 +1186,13 @@ DEFUN(cfg_net_name_long,
DEFUN(cfg_net_auth_policy,
cfg_net_auth_policy_cmd,
- "auth policy (closed|accept-all|token)",
+ "auth policy (closed|accept-all|token|black-list)",
"Authentication (not cryptographic)\n"
"Set the GSM network authentication policy\n"
"Require the MS to be activated in HLR\n"
"Accept all MS, whether in HLR or not\n"
- "Use SMS-token based authentication\n")
+ "Use SMS-token based authentication\n"
+ "Accept all MS, except not authorized in HLR\n")
{
enum gsm_auth_policy policy = gsm_auth_policy_parse(argv[0]);
struct gsm_network *gsmnet = gsmnet_from_vty(vty);
diff --git a/openbsc/src/libcommon/gsm_data.c b/openbsc/src/libcommon/gsm_data.c
index 5f7e32e..31b65ee 100644
--- a/openbsc/src/libcommon/gsm_data.c
+++ b/openbsc/src/libcommon/gsm_data.c
@@ -256,6 +256,7 @@ static const struct value_string auth_policy_names[] = {
{ GSM_AUTH_POLICY_CLOSED, "closed" },
{ GSM_AUTH_POLICY_ACCEPT_ALL, "accept-all" },
{ GSM_AUTH_POLICY_TOKEN, "token" },
+ { GSM_AUTH_POLICY_BLACK_LIST, "black-list"},
{ 0, NULL }
};
diff --git a/openbsc/src/libmsc/db.c b/openbsc/src/libmsc/db.c
index 21abce9..440509a 100644
--- a/openbsc/src/libmsc/db.c
+++ b/openbsc/src/libmsc/db.c
@@ -319,6 +319,7 @@ struct gsm_subscriber *db_create_subscriber(struct gsm_network *net, char *imsi)
{
dbi_result result;
struct gsm_subscriber *subscr;
+ int authorized = 0;
/* Is this subscriber known in the db? */
subscr = db_get_subscriber(net, GSM_SUBSCRIBER_IMSI, imsi);
@@ -337,17 +338,22 @@ struct gsm_subscriber *db_create_subscriber(struct gsm_network *net, char *imsi)
if (!subscr)
return NULL;
subscr->flags |= GSM_SUBSCRIBER_FIRST_CONTACT;
+
+ if (net->auth_policy == GSM_AUTH_POLICY_BLACK_LIST)
+ authorized = 1;
+
result = dbi_conn_queryf(conn,
"INSERT INTO Subscriber "
- "(imsi, created, updated) "
+ "(imsi, created, updated, authorized) "
"VALUES "
- "(%s, datetime('now'), datetime('now')) ",
- imsi
+ "(%s, datetime('now'), datetime('now'), %d) ",
+ imsi, authorized
);
if (!result)
LOGP(DDB, LOGL_ERROR, "Failed to create Subscriber by IMSI.\n");
subscr->net = net;
subscr->id = dbi_conn_sequence_last(conn, NULL);
+ subscr->authorized = authorized;
strncpy(subscr->imsi, imsi, GSM_IMSI_LENGTH-1);
dbi_result_free(result);
LOGP(DDB, LOGL_INFO, "New Subscriber: ID %llu, IMSI %s\n", subscr->id, subscr->imsi);
diff --git a/openbsc/src/libmsc/gsm_04_08.c b/openbsc/src/libmsc/gsm_04_08.c
index d81dab9..8f8eaa9 100644
--- a/openbsc/src/libmsc/gsm_04_08.c
+++ b/openbsc/src/libmsc/gsm_04_08.c
@@ -241,6 +241,8 @@ static int authorize_subscriber(struct gsm_loc_updating_operation *loc,
return (subscriber->flags & GSM_SUBSCRIBER_FIRST_CONTACT);
case GSM_AUTH_POLICY_ACCEPT_ALL:
return 1;
+ case GSM_AUTH_POLICY_BLACK_LIST:
+ return subscriber->authorized;
default:
return 0;
}