summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorNeels Hofmeyr <nhofmeyr@sysmocom.de>2016-03-07 17:19:19 +0100
committerNeels Hofmeyr <nhofmeyr@sysmocom.de>2016-03-14 23:58:23 +0100
commit9e8e0e6a2930afbf3e156e3be945f17c117086ea (patch)
treec6c1169a2afc5407eb796447fc285fa9053791f8
parentcf3d2a1fad3de8a7d914282f2b1f9eee319910c3 (diff)
Remove unused auth code and add comment
As commented in the code, the GSM_SECURITY_AUTH_FAILED path is never invoked by the gsm48_secure_channel() function as it is today. Note that the upcoming Iu auth will probably add a GSM_SECURITY_AUTH_FAILED status. In that case, sending a LU Reject immediately may be desirable, but arguably a bit of timeout could make life harder for auth attackers. The code removed by this patch doesn't send out a LU Reject ever, since a call to release_loc_updating_req() only releases the connection. To reject, a call to gsm0408_loc_upd_rej() would be necessary, as seen in loc_upd_rej_cb(). And finally, if _gsm0408_authorize_sec_cb() doesn't do anything about anything, the same loc_upd_rej_cb() will be run by a timeout and send a LU Reject properly (as commented in the code).
-rw-r--r--openbsc/src/libmsc/gsm_04_08.c17
1 files changed, 13 insertions, 4 deletions
diff --git a/openbsc/src/libmsc/gsm_04_08.c b/openbsc/src/libmsc/gsm_04_08.c
index 1d06c69ff..e502db523 100644
--- a/openbsc/src/libmsc/gsm_04_08.c
+++ b/openbsc/src/libmsc/gsm_04_08.c
@@ -300,10 +300,6 @@ static int _gsm0408_authorize_sec_cb(unsigned int hooknum, unsigned int event,
int rc = 0;
switch (event) {
- case GSM_SECURITY_AUTH_FAILED:
- release_loc_updating_req(conn, 1);
- break;
-
case GSM_SECURITY_ALREADY:
LOGP(DMM, LOGL_ERROR, "We don't expect LOCATION "
"UPDATING after CM SERVICE REQUEST\n");
@@ -314,6 +310,19 @@ static int _gsm0408_authorize_sec_cb(unsigned int hooknum, unsigned int event,
rc = finish_lu(conn);
break;
+ case GSM_SECURITY_AUTH_FAILED:
+ /*
+ * gsm48_secure_channel() will pass only
+ * GSM_SECURITY_NOAVAIL in case of failure. If future
+ * code should add a GSM_SECURITY_AUTH_FAILED status in
+ * this code path, letting the Location Update time out
+ * will do all necessary error messaging and logging,
+ * see loc_upd_rej_cb().
+ */
+ LOGP(DMM, LOGL_ERROR,
+ "Authorization failed for subscriber %s\n",
+ subscr_name(conn->subscr));
+ /* fall through */
default:
rc = -EINVAL;
};