path: root/openbsc/tests
diff options
authorMax <msuraev@sysmocom.de>2016-05-24 14:23:27 +0200
committerHarald Welte <laforge@gnumonks.org>2016-06-05 09:36:37 +0000
commitddee01fa8fe3b71d39b1e0b9e9ceb93366d56242 (patch)
tree13e0c96154a1158d740d3a607a0d04362baf598d /openbsc/tests
parentd7df7ae39276e825af2a1b7ac82eb74b42ec7775 (diff)
Add regexp authorization policy for IMSI
* extend "auth policy" vty command with new option "regexp" * add vty command "authorized-regexp" for setting arbitrary POSIX regular expression * add basic vty test * add optional "regexp" argument to subscriber-create-on-demand vty command With those in place we can now set the regexp against which MS's IMSI will be matched. If IMSI match the regexp than MS is allowed to access the network. If subscriber is already marked as authorized in HLR than it'll be allowed regardless of IMSI matching. The same way we can decide whether to create subscribers on-demand basesd on IMSI regexp match. Similar to authorization this restriction can be overridden by manually creating subscriber via vty, ctrl interface or directly in HLR. Change-Id: I525f4b80676de47d1d422686da2ca012301b0129 Fixes: OS#1647
Diffstat (limited to 'openbsc/tests')
1 files changed, 16 insertions, 0 deletions
diff --git a/openbsc/tests/vty_test_runner.py b/openbsc/tests/vty_test_runner.py
index c0888559e..c264328a9 100644
--- a/openbsc/tests/vty_test_runner.py
+++ b/openbsc/tests/vty_test_runner.py
@@ -231,6 +231,22 @@ class TestVTYNITB(TestVTYGenericBSC):
self.assertEquals(self.vty.node(), 'config-mncc-int')
+ def testVtyAuthorization(self):
+ self.vty.enable()
+ self.vty.command("configure terminal")
+ self.vty.command("network")
+ self.assertTrue(self.vty.verify("auth policy closed", ['']))
+ self.assertTrue(self.vty.verify("auth policy regexp", ['']))
+ self.assertTrue(self.vty.verify("authorized-regexp ^001", ['']))
+ self.assertTrue(self.vty.verify("authorized-regexp 02$", ['']))
+ self.assertTrue(self.vty.verify("authorized-regexp *123.*", ['']))
+ self.vty.command("end")
+ self.vty.command("configure terminal")
+ self.vty.command("nitb")
+ self.assertTrue(self.vty.verify("subscriber-create-on-demand", ['']))
+ self.assertTrue(self.vty.verify("subscriber-create-on-demand regexp", ['']))
+ self.vty.command("end")
def testSi2Q(self):
self.vty.command("configure terminal")