summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorNeels Hofmeyr <nhofmeyr@sysmocom.de>2016-03-07 17:19:19 +0100
committerNeels Hofmeyr <nhofmeyr@sysmocom.de>2016-06-17 21:56:08 +0200
commitf5e0c6c9f1a82a51d2e9e470bb3db1f05e7ef2a1 (patch)
tree6fea9b758060761255e51f81d3a60415aafa6007
parentf8e02aa4e3d87bbdc66819d3a56380881e24ce5a (diff)
Remove unused auth code and add commentneels/auth_failed
The GSM_SECURITY_AUTH_FAILED path is never invoked by the gsm48_secure_channel() function as it is today. Keep the GSM_SECURITY_AUTH_FAILED case, since the upcoming Iu auth will use it. But rather return an error, which will lead to a timeout, and a LU Reject will be sent. If the GSM_SECURITY_AUTH_FAILED code path removed by this patch were invoked, it would never send out a LU Reject, since a call to release_loc_updating_req() only releases the connection. To reject, a call to gsm0408_loc_upd_rej() would be necessary, as seen in loc_upd_rej_cb(). Arguably, it may be desirable to omit a LU Reject in case of an auth failure, to be less friendly to auth attackers? So far that was not the case (since that code path was never used), so not adding this behavior now. Change-Id: I44aac24811785c4b6f95f830b8b35d5fbe644e0f
-rw-r--r--openbsc/src/libmsc/gsm_04_08.c17
1 files changed, 13 insertions, 4 deletions
diff --git a/openbsc/src/libmsc/gsm_04_08.c b/openbsc/src/libmsc/gsm_04_08.c
index 6704497..5e4b466 100644
--- a/openbsc/src/libmsc/gsm_04_08.c
+++ b/openbsc/src/libmsc/gsm_04_08.c
@@ -361,10 +361,6 @@ static int _gsm0408_authorize_sec_cb(unsigned int hooknum, unsigned int event,
int rc = 0;
switch (event) {
- case GSM_SECURITY_AUTH_FAILED:
- release_loc_updating_req(conn, 1);
- break;
-
case GSM_SECURITY_ALREADY:
LOGP(DMM, LOGL_ERROR, "We don't expect LOCATION "
"UPDATING after CM SERVICE REQUEST\n");
@@ -375,6 +371,19 @@ static int _gsm0408_authorize_sec_cb(unsigned int hooknum, unsigned int event,
rc = finish_lu(conn);
break;
+ case GSM_SECURITY_AUTH_FAILED:
+ /*
+ * gsm48_secure_channel() will pass only
+ * GSM_SECURITY_NOAVAIL in case of failure. If future
+ * code should add a GSM_SECURITY_AUTH_FAILED status in
+ * this code path, letting the Location Update time out
+ * will do all necessary error messaging and logging,
+ * see loc_upd_rej_cb().
+ */
+ LOGP(DMM, LOGL_ERROR,
+ "Authorization failed for subscriber %s\n",
+ subscr_name(conn->subscr));
+ /* fall through */
default:
rc = -EINVAL;
};