diff options
| author | Max <msuraev@sysmocom.de> | 2016-05-24 14:23:27 +0200 |
|---|---|---|
| committer | Harald Welte <laforge@gnumonks.org> | 2016-06-05 09:36:37 +0000 |
| commit | ddee01fa8fe3b71d39b1e0b9e9ceb93366d56242 (patch) | |
| tree | 13e0c96154a1158d740d3a607a0d04362baf598d /openbsc/include/openbsc/gsm_data.h | |
| parent | d7df7ae39276e825af2a1b7ac82eb74b42ec7775 (diff) | |
Add regexp authorization policy for IMSI
* extend "auth policy" vty command with new option "regexp"
* add vty command "authorized-regexp" for setting arbitrary POSIX
regular expression
* add basic vty test
* add optional "regexp" argument to subscriber-create-on-demand vty
command
With those in place we can now set the regexp against which MS's IMSI
will be matched.
If IMSI match the regexp than MS is allowed to access the network. If
subscriber is already marked as authorized in HLR than it'll be allowed
regardless of IMSI matching.
The same way we can decide whether to create subscribers on-demand
basesd on IMSI regexp match. Similar to authorization this restriction
can be overridden by manually creating subscriber via vty, ctrl
interface or directly in HLR.
Change-Id: I525f4b80676de47d1d422686da2ca012301b0129
Fixes: OS#1647
Diffstat (limited to 'openbsc/include/openbsc/gsm_data.h')
| -rw-r--r-- | openbsc/include/openbsc/gsm_data.h | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/openbsc/include/openbsc/gsm_data.h b/openbsc/include/openbsc/gsm_data.h index a08938c36..31a4ed5bd 100644 --- a/openbsc/include/openbsc/gsm_data.h +++ b/openbsc/include/openbsc/gsm_data.h @@ -2,6 +2,8 @@ #define _GSM_DATA_H #include <stdint.h> +#include <regex.h> +#include <sys/types.h> #include <osmocom/core/timer.h> #include <osmocom/core/select.h> @@ -22,6 +24,7 @@ struct gsm_subscriber_group; enum gsm_subscr_creation_mode { GSM_SUBSCR_DONT_CREATE = 0, GSM_SUBSCR_CREAT_W_RAND_EXT = 1, + GSM_SUBSCR_CREAT_W_REGEXP = 2, }; enum gsm_security_event { @@ -205,6 +208,7 @@ enum gsm_auth_policy { GSM_AUTH_POLICY_CLOSED, /* only subscribers authorized in DB */ GSM_AUTH_POLICY_ACCEPT_ALL, /* accept everyone, even if not authorized in DB */ GSM_AUTH_POLICY_TOKEN, /* accept first, send token per sms, then revoke authorization */ + GSM_AUTH_POLICY_REGEXP, /* accept IMSIs matching given regexp */ }; #define GSM_T3101_DEFAULT 10 @@ -219,6 +223,8 @@ struct gsm_network { char *name_long; char *name_short; enum gsm_auth_policy auth_policy; + regex_t authorized_regexp; + char *authorized_reg_str; enum gsm48_reject_value reject_cause; int a5_encryption; int neci; |