From 3f7958f08b05d251ecbc88ac2988650308e23f3b Mon Sep 17 00:00:00 2001
From: Neels Hofmeyr <nhofmeyr@sysmocom.de>
Date: Mon, 30 May 2016 15:06:55 +0200
Subject: move subscr auth check to gsm_subscriber.c

add subscr_authorized(), subscr_authorized_imsi()

Change-Id: If2ef06b1229351127c61477ca14653d6ae4cb6bb
---
 openbsc/include/openbsc/gsm_subscriber.h |  3 ++
 openbsc/src/libmsc/gsm_04_08.c           | 37 ++---------------------
 openbsc/src/libmsc/gsm_subscriber.c      | 50 ++++++++++++++++++++++++++++++++
 3 files changed, 56 insertions(+), 34 deletions(-)

diff --git a/openbsc/include/openbsc/gsm_subscriber.h b/openbsc/include/openbsc/gsm_subscriber.h
index 7c4a0205f..6fe3cf9b0 100644
--- a/openbsc/include/openbsc/gsm_subscriber.h
+++ b/openbsc/include/openbsc/gsm_subscriber.h
@@ -131,6 +131,9 @@ void subscr_update_from_db(struct gsm_subscriber *subscr);
 void subscr_expire(struct gsm_subscriber_group *sgrp);
 int subscr_update_expire_lu(struct gsm_subscriber *subscr);
 
+bool subscr_authorized_imsi(const struct gsm_network *net, const char *imsi);
+bool subscr_authorized(struct gsm_subscriber *subsc);
+
 /*
  * Paging handling with authentication
  */
diff --git a/openbsc/src/libmsc/gsm_04_08.c b/openbsc/src/libmsc/gsm_04_08.c
index 2068f7d2f..8c9328703 100644
--- a/openbsc/src/libmsc/gsm_04_08.c
+++ b/openbsc/src/libmsc/gsm_04_08.c
@@ -29,8 +29,6 @@
 #include <errno.h>
 #include <time.h>
 #include <netinet/in.h>
-#include <regex.h>
-#include <sys/types.h>
 #include <openssl/rand.h>
 
 #include "bscconfig.h"
@@ -298,19 +296,8 @@ int gsm48_secure_channel(struct gsm_subscriber_connection *conn, int key_seq,
 	return -EINVAL; /* not reached */
 }
 
-static bool subscr_regexp_check(const struct gsm_network *net, const char *imsi)
-{
-	if (!net->authorized_reg_str)
-		return false;
-
-	if (regexec(&net->authorized_regexp, imsi, 0, NULL, 0) != REG_NOMATCH)
-		return true;
-
-	return false;
-}
-
 static bool authorize_subscriber(struct gsm_loc_updating_operation *loc,
-				struct gsm_subscriber *subscriber)
+				 struct gsm_subscriber *subscriber)
 {
 	if (!subscriber) {
 		LOGP(DMM, LOGL_DEBUG, "authorize_subscriber() on NULL subscriber\n");
@@ -331,25 +318,7 @@ static bool authorize_subscriber(struct gsm_loc_updating_operation *loc,
 		return false;
 	}
 
-	switch (subscriber->group->net->auth_policy) {
-	case GSM_AUTH_POLICY_CLOSED:
-		return subscriber->authorized;
-	case GSM_AUTH_POLICY_REGEXP:
-		if (subscriber->authorized)
-			return true;
-		if (subscr_regexp_check(subscriber->group->net,
-					subscriber->imsi))
-			subscriber->authorized = 1;
-		return subscriber->authorized;
-	case GSM_AUTH_POLICY_TOKEN:
-		if (subscriber->authorized)
-			return subscriber->authorized;
-		return (subscriber->flags & GSM_SUBSCRIBER_FIRST_CONTACT);
-	case GSM_AUTH_POLICY_ACCEPT_ALL:
-		return true;
-	default:
-		return false;
-	}
+	return subscr_authorized(subscriber);
 }
 
 static void release_loc_updating_req(struct gsm_subscriber_connection *conn, int release)
@@ -597,7 +566,7 @@ static struct gsm_subscriber *subscr_create(const struct gsm_network *net,
 	if (!net->auto_create_subscr)
 		return NULL;
 
-	if (!subscr_regexp_check(net, imsi))
+	if (!subscr_authorized_imsi(net, imsi))
 		return NULL;
 
 	return subscr_create_subscriber(net->subscr_group, imsi);
diff --git a/openbsc/src/libmsc/gsm_subscriber.c b/openbsc/src/libmsc/gsm_subscriber.c
index 56ffc2f08..c3ded61ca 100644
--- a/openbsc/src/libmsc/gsm_subscriber.c
+++ b/openbsc/src/libmsc/gsm_subscriber.c
@@ -27,6 +27,8 @@
 #include <assert.h>
 #include <time.h>
 #include <stdbool.h>
+#include <regex.h>
+#include <sys/types.h>
 
 #include <osmocom/core/talloc.h>
 
@@ -386,3 +388,51 @@ struct gsm_subscriber_connection *connection_for_subscr(struct gsm_subscriber *s
 
 	return NULL;
 }
+
+/*! Validate IMSI against the authorized IMSI regexp.
+ * \returns true if IMSI matches the configured authorized_regexp.
+ */
+bool subscr_authorized_imsi(const struct gsm_network *net, const char *imsi)
+{
+	if (!net->authorized_reg_str)
+		return false;
+
+	if (regexec(&net->authorized_regexp, imsi, 0, NULL, 0) != REG_NOMATCH)
+		return true;
+
+	return false;
+}
+
+bool subscr_authorized(struct gsm_subscriber *subscriber)
+{
+	switch (subscriber->group->net->auth_policy) {
+	case GSM_AUTH_POLICY_CLOSED:
+		LOGP(DMM, LOGL_DEBUG, "subscriber %s authorized = %d\n",
+		     subscr_name(subscriber), subscriber->authorized);
+		return subscriber->authorized ? true : false;
+	case GSM_AUTH_POLICY_REGEXP:
+		if (subscriber->authorized)
+			return true;
+		if (subscr_authorized_imsi(subscriber->group->net,
+					   subscriber->imsi))
+			subscriber->authorized = true;
+		return subscriber->authorized;
+	case GSM_AUTH_POLICY_TOKEN:
+		if (subscriber->authorized) {
+			LOGP(DMM, LOGL_DEBUG,
+			     "subscriber %s authorized = %d\n",
+			     subscr_name(subscriber), subscriber->authorized);
+			return subscriber->authorized;
+		}
+		LOGP(DMM, LOGL_DEBUG, "subscriber %s first contact = %d\n",
+		     subscr_name(subscriber),
+		     (int)(subscriber->flags & GSM_SUBSCRIBER_FIRST_CONTACT));
+		return (subscriber->flags & GSM_SUBSCRIBER_FIRST_CONTACT);
+	case GSM_AUTH_POLICY_ACCEPT_ALL:
+		return true;
+	default:
+		LOGP(DMM, LOGL_DEBUG, "unknown auth_policy, rejecting"
+		     " subscriber %s\n", subscr_name(subscriber));
+		return false;
+	}
+}
-- 
cgit v1.2.3