diff options
author | Harald Welte <laforge@gnumonks.org> | 2013-03-19 11:48:54 +0100 |
---|---|---|
committer | Harald Welte <laforge@gnumonks.org> | 2013-07-21 15:44:28 +0800 |
commit | 3dfb549a6f31ea2252014db1075a7195da2d4ff7 (patch) | |
tree | 0284d314ab9f4b4322983a061cd8dbd7de0d478d /openbsc/src/gprs | |
parent | 7f6da485f5af0ad5a5a5176c2fc3fe0550beac14 (diff) |
sgsn: Add "auth-policy" VTY command to enable/disable ACL
Diffstat (limited to 'openbsc/src/gprs')
-rw-r--r-- | openbsc/src/gprs/gprs_gmm.c | 3 | ||||
-rw-r--r-- | openbsc/src/gprs/sgsn_vty.c | 17 |
2 files changed, 19 insertions, 1 deletions
diff --git a/openbsc/src/gprs/gprs_gmm.c b/openbsc/src/gprs/gprs_gmm.c index 36798e0ac..2f309a558 100644 --- a/openbsc/src/gprs/gprs_gmm.c +++ b/openbsc/src/gprs/gprs_gmm.c @@ -699,7 +699,8 @@ static int gsm48_rx_gmm_att_req(struct sgsn_mm_ctx *ctx, struct msgb *msg, char mccmnc[16]; snprintf(mccmnc, sizeof(mccmnc), "%03d%02d", ra_id.mcc, ra_id.mnc); if (strncmp(mccmnc, mi_string, 5) && - !sgsn_acl_lookup(mi_string)) { + (sgsn->cfg.acl_enabled && + !sgsn_acl_lookup(mi_string))) { LOGP(DMM, LOGL_INFO, "Rejecting ATTACH REQUESET IMSI=%s\n", mi_string); return gsm48_tx_gmm_att_rej_oldmsg(msg, diff --git a/openbsc/src/gprs/sgsn_vty.c b/openbsc/src/gprs/sgsn_vty.c index ce3b4da9e..a4ba2802e 100644 --- a/openbsc/src/gprs/sgsn_vty.c +++ b/openbsc/src/gprs/sgsn_vty.c @@ -131,6 +131,8 @@ static int config_write_sgsn(struct vty *vty) gctx->gtp_version, VTY_NEWLINE); } + vty_out(vty, " auth-policy %s%s", + g_cfg->acl_enabled ? "closed" : "accept-all", VTY_NEWLINE); llist_for_each_entry(acl, &g_cfg->imsi_acl, list) vty_out(vty, " imsi-acl add %s%s", acl->imsi, VTY_NEWLINE); @@ -392,6 +394,20 @@ DEFUN(imsi_acl, cfg_imsi_acl_cmd, return CMD_SUCCESS; } +DEFUN(cfg_auth_policy, cfg_auth_policy_cmd, + "auth-policy (accept-all|closed)", + "Autorization Policy of SGSN\n" + "Accept all IMSIs (DANGEROUS\n" + "Accept only home network subscribers or those in ACL\n") +{ + if (!strcmp(argv[0], "accept-all")) + g_cfg->acl_enabled = 0; + else + g_cfg->acl_enabled = 1; + + return CMD_SUCCESS; +} + int sgsn_vty_init(void) { install_element_ve(&show_sgsn_cmd); @@ -410,6 +426,7 @@ int sgsn_vty_init(void) //install_element(SGSN_NODE, &cfg_ggsn_remote_port_cmd); install_element(SGSN_NODE, &cfg_ggsn_gtp_version_cmd); install_element(SGSN_NODE, &cfg_imsi_acl_cmd); + install_element(SGSN_NODE, &cfg_auth_policy_cmd); return 0; } |