diff options
| author | Ivan Kluchnikov <kluchnikovi@gmail.com> | 2015-08-11 07:52:42 +0300 |
|---|---|---|
| committer | Ivan Kluchnikov <kluchnikovi@gmail.com> | 2017-02-07 18:59:52 +0300 |
| commit | b96f1912da38c5fd62e1065faf0c84e54eb62ba4 (patch) | |
| tree | a4a2131a4f9b088fbb29e76bb7c2a6ae6df0e88f /openbsc/src/libmsc | |
| parent | adc681331e188c9b228f17a093cea9c60516a26b (diff) | |
msc: Implement 'remote' authentication policy
- All location update requests should be send to the remote HLR and accepted.
- Authentication info should be also received from remote HLR.
- SUP is used for sending/handling subscription data to/from remote HLR.
Diffstat (limited to 'openbsc/src/libmsc')
| -rw-r--r-- | openbsc/src/libmsc/Makefile.am | 5 | ||||
| -rw-r--r-- | openbsc/src/libmsc/auth.c | 23 | ||||
| -rw-r--r-- | openbsc/src/libmsc/gsm_04_08.c | 24 |
3 files changed, 40 insertions, 12 deletions
diff --git a/openbsc/src/libmsc/Makefile.am b/openbsc/src/libmsc/Makefile.am index 9d966dbc1..f9bcf2f37 100644 --- a/openbsc/src/libmsc/Makefile.am +++ b/openbsc/src/libmsc/Makefile.am @@ -28,6 +28,11 @@ libmsc_a_SOURCES = \ gsm_04_08.c \ gsm_04_11.c \ gsm_04_80.c \ + ../gprs/gsm_04_08_gprs.c \ + ../gprs/gprs_utils.c \ + ../gprs/gprs_gsup_messages.c \ + ../gprs/gprs_gsup_client.c \ + gsm_sup.c \ gsm_subscriber.c \ mncc.c \ mncc_builtin.c \ diff --git a/openbsc/src/libmsc/auth.c b/openbsc/src/libmsc/auth.c index 19def1ec1..90376744c 100644 --- a/openbsc/src/libmsc/auth.c +++ b/openbsc/src/libmsc/auth.c @@ -82,19 +82,21 @@ _use_comp128_v1(struct gsm_auth_info *ainfo, struct gsm_auth_tuple *atuple) * 1 -> Tuple returned, need to do auth, then enable cipher * 2 -> Tuple returned, need to enable cipher */ -int auth_get_tuple_for_subscr(struct gsm_auth_tuple *atuple, +int auth_get_tuple_for_subscr(enum gsm_auth_policy auth_policy, + struct gsm_auth_tuple *atuple, struct gsm_subscriber *subscr, int key_seq) { struct gsm_auth_info ainfo; int rc; - /* Get subscriber info (if any) */ - rc = db_get_authinfo_for_subscr(&ainfo, subscr); - if (rc < 0) { - LOGP(DMM, LOGL_NOTICE, - "No retrievable Ki for subscriber %s, skipping auth\n", - subscr_name(subscr)); - return rc == -ENOENT ? AUTH_NOT_AVAIL : AUTH_ERROR; + if (auth_policy != GSM_AUTH_POLICY_REMOTE) { + /* Get subscriber info (if any) */ + rc = db_get_authinfo_for_subscr(&ainfo, subscr); + if (rc < 0) { + LOGP(DMM, LOGL_NOTICE, + "No retrievable Ki for subscriber %s, skipping auth\n"); + return rc == -ENOENT ? AUTH_NOT_AVAIL : AUTH_ERROR; + } } /* If possible, re-use the last tuple and skip auth */ @@ -110,6 +112,11 @@ int auth_get_tuple_for_subscr(struct gsm_auth_tuple *atuple, return AUTH_DO_CIPH; } + if (auth_policy == GSM_AUTH_POLICY_REMOTE) { + /* Request a new tuple from remote HLR */ + return 0; + } + /* Generate a new one */ if (rc != 0) { /* If db_get_lastauthtuple_for_subscr() returned nothing, make diff --git a/openbsc/src/libmsc/gsm_04_08.c b/openbsc/src/libmsc/gsm_04_08.c index e5402d0a6..ab1330c23 100644 --- a/openbsc/src/libmsc/gsm_04_08.c +++ b/openbsc/src/libmsc/gsm_04_08.c @@ -56,6 +56,7 @@ #include <openbsc/osmo_msc.h> #include <openbsc/handover.h> #include <openbsc/mncc_int.h> +#include <openbsc/gsm_sup.h> #include <osmocom/abis/e1_input.h> #include <osmocom/core/bitvec.h> @@ -212,9 +213,15 @@ int gsm48_secure_channel(struct gsm_subscriber_connection *conn, int key_seq, /* If not done yet, try to get info for this user */ if (status < 0) { - rc = auth_get_tuple_for_subscr(&atuple, subscr, key_seq); - if (rc <= 0) + rc = auth_get_tuple_for_subscr(net->auth_policy, &atuple, subscr, key_seq); + if ((rc == 0) && (net->auth_policy == GSM_AUTH_POLICY_REMOTE)) { + allocate_security_operation(conn); + conn->sec_operation->cb = cb; + conn->sec_operation->cb_data = cb_data; + return subscr_query_auth_info(subscr); + } else if (rc <= 0) { status = GSM_SECURITY_NOAVAIL; + } } /* Are we done yet ? */ @@ -290,12 +297,19 @@ static int authorize_subscriber(struct gsm_loc_updating_operation *loc, return (subscriber->flags & GSM_SUBSCRIBER_FIRST_CONTACT); case GSM_AUTH_POLICY_ACCEPT_ALL: return 1; + case GSM_AUTH_POLICY_REMOTE: + if (loc->waiting_for_remote_accept) { + subscr_location_update(subscriber); + return 0; + } else { + return 1; + } default: return 0; } } -static void release_loc_updating_req(struct gsm_subscriber_connection *conn, int release) +void release_loc_updating_req(struct gsm_subscriber_connection *conn, int release) { if (!conn->loc_operation) return; @@ -384,7 +398,7 @@ static int _gsm0408_authorize_sec_cb(unsigned int hooknum, unsigned int event, return rc; } -static int gsm0408_authorize(struct gsm_subscriber_connection *conn, struct msgb *msg) +int gsm0408_authorize(struct gsm_subscriber_connection *conn, struct msgb *msg) { if (!conn->loc_operation) return 0; @@ -712,6 +726,8 @@ static int mm_rx_loc_upd_req(struct gsm_subscriber_connection *conn, struct msgb conn->subscr = subscr; conn->subscr->equipment.classmark1 = lu->classmark1; + conn->loc_operation->waiting_for_remote_accept = 1; + /* check if we can let the subscriber into our network immediately * or if we need to wait for identity responses. */ return gsm0408_authorize(conn, msg); |