aboutsummaryrefslogtreecommitdiffstats
path: root/openbsc/src/libmsc
diff options
context:
space:
mode:
authorIvan Kluchnikov <kluchnikovi@gmail.com>2015-12-11 19:24:07 +0300
committerIvan Kluchnikov <kluchnikovi@gmail.com>2017-02-07 18:59:54 +0300
commitdb0e216845a7859bf878a891e2a210dbef6395df (patch)
tree0b8be144ed907f777298ec18c68328913f82c202 /openbsc/src/libmsc
parent2d9f39ec43254589c6487698d067774199ae7bcd (diff)
msc: Implement 'remote-closed' authentication policy
This mode is modified version of 'remote' policy. Osmo-nitb uses remote subscription data only if the MS is activated in local HLR, otherwise osmo-nitb rejects subscriber.
Diffstat (limited to 'openbsc/src/libmsc')
-rw-r--r--openbsc/src/libmsc/auth.c6
-rw-r--r--openbsc/src/libmsc/gsm_04_08.c7
2 files changed, 10 insertions, 3 deletions
diff --git a/openbsc/src/libmsc/auth.c b/openbsc/src/libmsc/auth.c
index 90376744c..edd6f58fc 100644
--- a/openbsc/src/libmsc/auth.c
+++ b/openbsc/src/libmsc/auth.c
@@ -89,7 +89,8 @@ int auth_get_tuple_for_subscr(enum gsm_auth_policy auth_policy,
struct gsm_auth_info ainfo;
int rc;
- if (auth_policy != GSM_AUTH_POLICY_REMOTE) {
+ if (auth_policy != GSM_AUTH_POLICY_REMOTE &&
+ auth_policy != GSM_AUTH_POLICY_REMOTE_CLOSED) {
/* Get subscriber info (if any) */
rc = db_get_authinfo_for_subscr(&ainfo, subscr);
if (rc < 0) {
@@ -112,7 +113,8 @@ int auth_get_tuple_for_subscr(enum gsm_auth_policy auth_policy,
return AUTH_DO_CIPH;
}
- if (auth_policy == GSM_AUTH_POLICY_REMOTE) {
+ if (auth_policy == GSM_AUTH_POLICY_REMOTE ||
+ auth_policy == GSM_AUTH_POLICY_REMOTE_CLOSED) {
/* Request a new tuple from remote HLR */
return 0;
}
diff --git a/openbsc/src/libmsc/gsm_04_08.c b/openbsc/src/libmsc/gsm_04_08.c
index 5126c986b..14eade9c6 100644
--- a/openbsc/src/libmsc/gsm_04_08.c
+++ b/openbsc/src/libmsc/gsm_04_08.c
@@ -214,7 +214,8 @@ int gsm48_secure_channel(struct gsm_subscriber_connection *conn, int key_seq,
/* If not done yet, try to get info for this user */
if (status < 0) {
rc = auth_get_tuple_for_subscr(net->auth_policy, &atuple, subscr, key_seq);
- if ((rc == 0) && (net->auth_policy == GSM_AUTH_POLICY_REMOTE)) {
+ if ((rc == 0) && (net->auth_policy == GSM_AUTH_POLICY_REMOTE ||
+ net->auth_policy == GSM_AUTH_POLICY_REMOTE_CLOSED)) {
allocate_security_operation(conn);
conn->sec_operation->cb = cb;
conn->sec_operation->cb_data = cb_data;
@@ -297,6 +298,10 @@ static int authorize_subscriber(struct gsm_loc_updating_operation *loc,
return (subscriber->flags & GSM_SUBSCRIBER_FIRST_CONTACT);
case GSM_AUTH_POLICY_ACCEPT_ALL:
return 1;
+ case GSM_AUTH_POLICY_REMOTE_CLOSED:
+ if (!subscriber->authorized) {
+ return subscriber->authorized;
+ }
case GSM_AUTH_POLICY_REMOTE:
if (loc->waiting_for_remote_accept) {
subscr_location_update(subscriber);
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-08 12:36:44 +0000