diff options
Diffstat (limited to 'openbsc/src')
-rw-r--r-- | openbsc/src/libmsc/gsm_04_08.c | 37 | ||||
-rw-r--r-- | openbsc/src/libmsc/gsm_subscriber.c | 50 |
2 files changed, 53 insertions, 34 deletions
diff --git a/openbsc/src/libmsc/gsm_04_08.c b/openbsc/src/libmsc/gsm_04_08.c index 2068f7d2f..8c9328703 100644 --- a/openbsc/src/libmsc/gsm_04_08.c +++ b/openbsc/src/libmsc/gsm_04_08.c @@ -29,8 +29,6 @@ #include <errno.h> #include <time.h> #include <netinet/in.h> -#include <regex.h> -#include <sys/types.h> #include <openssl/rand.h> #include "bscconfig.h" @@ -298,19 +296,8 @@ int gsm48_secure_channel(struct gsm_subscriber_connection *conn, int key_seq, return -EINVAL; /* not reached */ } -static bool subscr_regexp_check(const struct gsm_network *net, const char *imsi) -{ - if (!net->authorized_reg_str) - return false; - - if (regexec(&net->authorized_regexp, imsi, 0, NULL, 0) != REG_NOMATCH) - return true; - - return false; -} - static bool authorize_subscriber(struct gsm_loc_updating_operation *loc, - struct gsm_subscriber *subscriber) + struct gsm_subscriber *subscriber) { if (!subscriber) { LOGP(DMM, LOGL_DEBUG, "authorize_subscriber() on NULL subscriber\n"); @@ -331,25 +318,7 @@ static bool authorize_subscriber(struct gsm_loc_updating_operation *loc, return false; } - switch (subscriber->group->net->auth_policy) { - case GSM_AUTH_POLICY_CLOSED: - return subscriber->authorized; - case GSM_AUTH_POLICY_REGEXP: - if (subscriber->authorized) - return true; - if (subscr_regexp_check(subscriber->group->net, - subscriber->imsi)) - subscriber->authorized = 1; - return subscriber->authorized; - case GSM_AUTH_POLICY_TOKEN: - if (subscriber->authorized) - return subscriber->authorized; - return (subscriber->flags & GSM_SUBSCRIBER_FIRST_CONTACT); - case GSM_AUTH_POLICY_ACCEPT_ALL: - return true; - default: - return false; - } + return subscr_authorized(subscriber); } static void release_loc_updating_req(struct gsm_subscriber_connection *conn, int release) @@ -597,7 +566,7 @@ static struct gsm_subscriber *subscr_create(const struct gsm_network *net, if (!net->auto_create_subscr) return NULL; - if (!subscr_regexp_check(net, imsi)) + if (!subscr_authorized_imsi(net, imsi)) return NULL; return subscr_create_subscriber(net->subscr_group, imsi); diff --git a/openbsc/src/libmsc/gsm_subscriber.c b/openbsc/src/libmsc/gsm_subscriber.c index 56ffc2f08..c3ded61ca 100644 --- a/openbsc/src/libmsc/gsm_subscriber.c +++ b/openbsc/src/libmsc/gsm_subscriber.c @@ -27,6 +27,8 @@ #include <assert.h> #include <time.h> #include <stdbool.h> +#include <regex.h> +#include <sys/types.h> #include <osmocom/core/talloc.h> @@ -386,3 +388,51 @@ struct gsm_subscriber_connection *connection_for_subscr(struct gsm_subscriber *s return NULL; } + +/*! Validate IMSI against the authorized IMSI regexp. + * \returns true if IMSI matches the configured authorized_regexp. + */ +bool subscr_authorized_imsi(const struct gsm_network *net, const char *imsi) +{ + if (!net->authorized_reg_str) + return false; + + if (regexec(&net->authorized_regexp, imsi, 0, NULL, 0) != REG_NOMATCH) + return true; + + return false; +} + +bool subscr_authorized(struct gsm_subscriber *subscriber) +{ + switch (subscriber->group->net->auth_policy) { + case GSM_AUTH_POLICY_CLOSED: + LOGP(DMM, LOGL_DEBUG, "subscriber %s authorized = %d\n", + subscr_name(subscriber), subscriber->authorized); + return subscriber->authorized ? true : false; + case GSM_AUTH_POLICY_REGEXP: + if (subscriber->authorized) + return true; + if (subscr_authorized_imsi(subscriber->group->net, + subscriber->imsi)) + subscriber->authorized = true; + return subscriber->authorized; + case GSM_AUTH_POLICY_TOKEN: + if (subscriber->authorized) { + LOGP(DMM, LOGL_DEBUG, + "subscriber %s authorized = %d\n", + subscr_name(subscriber), subscriber->authorized); + return subscriber->authorized; + } + LOGP(DMM, LOGL_DEBUG, "subscriber %s first contact = %d\n", + subscr_name(subscriber), + (int)(subscriber->flags & GSM_SUBSCRIBER_FIRST_CONTACT)); + return (subscriber->flags & GSM_SUBSCRIBER_FIRST_CONTACT); + case GSM_AUTH_POLICY_ACCEPT_ALL: + return true; + default: + LOGP(DMM, LOGL_DEBUG, "unknown auth_policy, rejecting" + " subscriber %s\n", subscr_name(subscriber)); + return false; + } +} |