diff options
Diffstat (limited to 'openbsc/src')
| -rw-r--r-- | openbsc/src/libcommon-cs/common_cs_vty.c | 5 | ||||
| -rw-r--r-- | openbsc/src/libcommon/gsm_data.c | 1 | ||||
| -rw-r--r-- | openbsc/src/libmsc/Makefile.am | 5 | ||||
| -rw-r--r-- | openbsc/src/libmsc/auth.c | 23 | ||||
| -rw-r--r-- | openbsc/src/libmsc/gsm_04_08.c | 24 |
5 files changed, 44 insertions, 14 deletions
diff --git a/openbsc/src/libcommon-cs/common_cs_vty.c b/openbsc/src/libcommon-cs/common_cs_vty.c index 08a758151..1d7e28f3a 100644 --- a/openbsc/src/libcommon-cs/common_cs_vty.c +++ b/openbsc/src/libcommon-cs/common_cs_vty.c @@ -105,13 +105,14 @@ DEFUN(cfg_net_name_long, DEFUN(cfg_net_auth_policy, cfg_net_auth_policy_cmd, - "auth policy (closed|accept-all|regexp|token)", + "auth policy (closed|accept-all|regexp|token|remote)", "Authentication (not cryptographic)\n" "Set the GSM network authentication policy\n" "Require the MS to be activated in HLR\n" "Accept all MS, whether in HLR or not\n" "Use regular expression for IMSI authorization decision\n" - "Use SMS-token based authentication\n") + "Use SMS-token based authentication\n" + "Use remote subscription data only (HLR)\n") { enum gsm_auth_policy policy = gsm_auth_policy_parse(argv[0]); struct gsm_network *gsmnet = gsmnet_from_vty(vty); diff --git a/openbsc/src/libcommon/gsm_data.c b/openbsc/src/libcommon/gsm_data.c index 75475db09..6419e1932 100644 --- a/openbsc/src/libcommon/gsm_data.c +++ b/openbsc/src/libcommon/gsm_data.c @@ -163,6 +163,7 @@ static const struct value_string auth_policy_names[] = { { GSM_AUTH_POLICY_ACCEPT_ALL, "accept-all" }, { GSM_AUTH_POLICY_TOKEN, "token" }, { GSM_AUTH_POLICY_REGEXP, "regexp" }, + { GSM_AUTH_POLICY_REMOTE, "remote" }, { 0, NULL } }; diff --git a/openbsc/src/libmsc/Makefile.am b/openbsc/src/libmsc/Makefile.am index 9d966dbc1..f9bcf2f37 100644 --- a/openbsc/src/libmsc/Makefile.am +++ b/openbsc/src/libmsc/Makefile.am @@ -28,6 +28,11 @@ libmsc_a_SOURCES = \ gsm_04_08.c \ gsm_04_11.c \ gsm_04_80.c \ + ../gprs/gsm_04_08_gprs.c \ + ../gprs/gprs_utils.c \ + ../gprs/gprs_gsup_messages.c \ + ../gprs/gprs_gsup_client.c \ + gsm_sup.c \ gsm_subscriber.c \ mncc.c \ mncc_builtin.c \ diff --git a/openbsc/src/libmsc/auth.c b/openbsc/src/libmsc/auth.c index 19def1ec1..90376744c 100644 --- a/openbsc/src/libmsc/auth.c +++ b/openbsc/src/libmsc/auth.c @@ -82,19 +82,21 @@ _use_comp128_v1(struct gsm_auth_info *ainfo, struct gsm_auth_tuple *atuple) * 1 -> Tuple returned, need to do auth, then enable cipher * 2 -> Tuple returned, need to enable cipher */ -int auth_get_tuple_for_subscr(struct gsm_auth_tuple *atuple, +int auth_get_tuple_for_subscr(enum gsm_auth_policy auth_policy, + struct gsm_auth_tuple *atuple, struct gsm_subscriber *subscr, int key_seq) { struct gsm_auth_info ainfo; int rc; - /* Get subscriber info (if any) */ - rc = db_get_authinfo_for_subscr(&ainfo, subscr); - if (rc < 0) { - LOGP(DMM, LOGL_NOTICE, - "No retrievable Ki for subscriber %s, skipping auth\n", - subscr_name(subscr)); - return rc == -ENOENT ? AUTH_NOT_AVAIL : AUTH_ERROR; + if (auth_policy != GSM_AUTH_POLICY_REMOTE) { + /* Get subscriber info (if any) */ + rc = db_get_authinfo_for_subscr(&ainfo, subscr); + if (rc < 0) { + LOGP(DMM, LOGL_NOTICE, + "No retrievable Ki for subscriber %s, skipping auth\n"); + return rc == -ENOENT ? AUTH_NOT_AVAIL : AUTH_ERROR; + } } /* If possible, re-use the last tuple and skip auth */ @@ -110,6 +112,11 @@ int auth_get_tuple_for_subscr(struct gsm_auth_tuple *atuple, return AUTH_DO_CIPH; } + if (auth_policy == GSM_AUTH_POLICY_REMOTE) { + /* Request a new tuple from remote HLR */ + return 0; + } + /* Generate a new one */ if (rc != 0) { /* If db_get_lastauthtuple_for_subscr() returned nothing, make diff --git a/openbsc/src/libmsc/gsm_04_08.c b/openbsc/src/libmsc/gsm_04_08.c index e5402d0a6..ab1330c23 100644 --- a/openbsc/src/libmsc/gsm_04_08.c +++ b/openbsc/src/libmsc/gsm_04_08.c @@ -56,6 +56,7 @@ #include <openbsc/osmo_msc.h> #include <openbsc/handover.h> #include <openbsc/mncc_int.h> +#include <openbsc/gsm_sup.h> #include <osmocom/abis/e1_input.h> #include <osmocom/core/bitvec.h> @@ -212,9 +213,15 @@ int gsm48_secure_channel(struct gsm_subscriber_connection *conn, int key_seq, /* If not done yet, try to get info for this user */ if (status < 0) { - rc = auth_get_tuple_for_subscr(&atuple, subscr, key_seq); - if (rc <= 0) + rc = auth_get_tuple_for_subscr(net->auth_policy, &atuple, subscr, key_seq); + if ((rc == 0) && (net->auth_policy == GSM_AUTH_POLICY_REMOTE)) { + allocate_security_operation(conn); + conn->sec_operation->cb = cb; + conn->sec_operation->cb_data = cb_data; + return subscr_query_auth_info(subscr); + } else if (rc <= 0) { status = GSM_SECURITY_NOAVAIL; + } } /* Are we done yet ? */ @@ -290,12 +297,19 @@ static int authorize_subscriber(struct gsm_loc_updating_operation *loc, return (subscriber->flags & GSM_SUBSCRIBER_FIRST_CONTACT); case GSM_AUTH_POLICY_ACCEPT_ALL: return 1; + case GSM_AUTH_POLICY_REMOTE: + if (loc->waiting_for_remote_accept) { + subscr_location_update(subscriber); + return 0; + } else { + return 1; + } default: return 0; } } -static void release_loc_updating_req(struct gsm_subscriber_connection *conn, int release) +void release_loc_updating_req(struct gsm_subscriber_connection *conn, int release) { if (!conn->loc_operation) return; @@ -384,7 +398,7 @@ static int _gsm0408_authorize_sec_cb(unsigned int hooknum, unsigned int event, return rc; } -static int gsm0408_authorize(struct gsm_subscriber_connection *conn, struct msgb *msg) +int gsm0408_authorize(struct gsm_subscriber_connection *conn, struct msgb *msg) { if (!conn->loc_operation) return 0; @@ -712,6 +726,8 @@ static int mm_rx_loc_upd_req(struct gsm_subscriber_connection *conn, struct msgb conn->subscr = subscr; conn->subscr->equipment.classmark1 = lu->classmark1; + conn->loc_operation->waiting_for_remote_accept = 1; + /* check if we can let the subscriber into our network immediately * or if we need to wait for identity responses. */ return gsm0408_authorize(conn, msg); |