diff options
author | Ivan Kluchnikov <kluchnikovi@gmail.com> | 2015-12-11 19:24:07 +0300 |
---|---|---|
committer | Ivan Kluchnikov <kluchnikovi@gmail.com> | 2017-02-07 18:59:54 +0300 |
commit | db0e216845a7859bf878a891e2a210dbef6395df (patch) | |
tree | 0b8be144ed907f777298ec18c68328913f82c202 /openbsc/src/libmsc | |
parent | 2d9f39ec43254589c6487698d067774199ae7bcd (diff) |
msc: Implement 'remote-closed' authentication policy
This mode is modified version of 'remote' policy.
Osmo-nitb uses remote subscription data only if the MS is activated in local HLR, otherwise osmo-nitb rejects subscriber.
Diffstat (limited to 'openbsc/src/libmsc')
-rw-r--r-- | openbsc/src/libmsc/auth.c | 6 | ||||
-rw-r--r-- | openbsc/src/libmsc/gsm_04_08.c | 7 |
2 files changed, 10 insertions, 3 deletions
diff --git a/openbsc/src/libmsc/auth.c b/openbsc/src/libmsc/auth.c index 90376744c..edd6f58fc 100644 --- a/openbsc/src/libmsc/auth.c +++ b/openbsc/src/libmsc/auth.c @@ -89,7 +89,8 @@ int auth_get_tuple_for_subscr(enum gsm_auth_policy auth_policy, struct gsm_auth_info ainfo; int rc; - if (auth_policy != GSM_AUTH_POLICY_REMOTE) { + if (auth_policy != GSM_AUTH_POLICY_REMOTE && + auth_policy != GSM_AUTH_POLICY_REMOTE_CLOSED) { /* Get subscriber info (if any) */ rc = db_get_authinfo_for_subscr(&ainfo, subscr); if (rc < 0) { @@ -112,7 +113,8 @@ int auth_get_tuple_for_subscr(enum gsm_auth_policy auth_policy, return AUTH_DO_CIPH; } - if (auth_policy == GSM_AUTH_POLICY_REMOTE) { + if (auth_policy == GSM_AUTH_POLICY_REMOTE || + auth_policy == GSM_AUTH_POLICY_REMOTE_CLOSED) { /* Request a new tuple from remote HLR */ return 0; } diff --git a/openbsc/src/libmsc/gsm_04_08.c b/openbsc/src/libmsc/gsm_04_08.c index 5126c986b..14eade9c6 100644 --- a/openbsc/src/libmsc/gsm_04_08.c +++ b/openbsc/src/libmsc/gsm_04_08.c @@ -214,7 +214,8 @@ int gsm48_secure_channel(struct gsm_subscriber_connection *conn, int key_seq, /* If not done yet, try to get info for this user */ if (status < 0) { rc = auth_get_tuple_for_subscr(net->auth_policy, &atuple, subscr, key_seq); - if ((rc == 0) && (net->auth_policy == GSM_AUTH_POLICY_REMOTE)) { + if ((rc == 0) && (net->auth_policy == GSM_AUTH_POLICY_REMOTE || + net->auth_policy == GSM_AUTH_POLICY_REMOTE_CLOSED)) { allocate_security_operation(conn); conn->sec_operation->cb = cb; conn->sec_operation->cb_data = cb_data; @@ -297,6 +298,10 @@ static int authorize_subscriber(struct gsm_loc_updating_operation *loc, return (subscriber->flags & GSM_SUBSCRIBER_FIRST_CONTACT); case GSM_AUTH_POLICY_ACCEPT_ALL: return 1; + case GSM_AUTH_POLICY_REMOTE_CLOSED: + if (!subscriber->authorized) { + return subscriber->authorized; + } case GSM_AUTH_POLICY_REMOTE: if (loc->waiting_for_remote_accept) { subscr_location_update(subscriber); |