From a706f4de43f65cc88bba2de981398eacdd46e1a2 Mon Sep 17 00:00:00 2001
From: Ivan Kluchnikov <kluchnikovi@gmail.com>
Date: Wed, 11 Sep 2013 18:33:18 +0400
Subject: Added new auth policy black-list.

In this mode by default we set authorized = 1 for all new subscribers.
BSC accepts all MS, except subscribers not authorized in DB.
All subscribers with authorized = 0 are part of the black list and not accepted.
---
 openbsc/include/openbsc/gsm_data.h |  1 +
 openbsc/src/libbsc/bsc_vty.c       |  5 +++--
 openbsc/src/libcommon/gsm_data.c   |  1 +
 openbsc/src/libmsc/db.c            | 12 +++++++++---
 openbsc/src/libmsc/gsm_04_08.c     |  2 ++
 5 files changed, 16 insertions(+), 5 deletions(-)

diff --git a/openbsc/include/openbsc/gsm_data.h b/openbsc/include/openbsc/gsm_data.h
index 874150535..99e9b273a 100644
--- a/openbsc/include/openbsc/gsm_data.h
+++ b/openbsc/include/openbsc/gsm_data.h
@@ -194,6 +194,7 @@ enum gsm_auth_policy {
 	GSM_AUTH_POLICY_CLOSED, /* only subscribers authorized in DB */
 	GSM_AUTH_POLICY_ACCEPT_ALL, /* accept everyone, even if not authorized in DB */
 	GSM_AUTH_POLICY_TOKEN, /* accept first, send token per sms, then revoke authorization */
+	GSM_AUTH_POLICY_BLACK_LIST /* accept everyone, except subscribers not authorized in DB */
 };
 
 #define GSM_T3101_DEFAULT 10
diff --git a/openbsc/src/libbsc/bsc_vty.c b/openbsc/src/libbsc/bsc_vty.c
index 57489450b..7a89ca6e9 100644
--- a/openbsc/src/libbsc/bsc_vty.c
+++ b/openbsc/src/libbsc/bsc_vty.c
@@ -1186,12 +1186,13 @@ DEFUN(cfg_net_name_long,
 
 DEFUN(cfg_net_auth_policy,
       cfg_net_auth_policy_cmd,
-      "auth policy (closed|accept-all|token)",
+      "auth policy (closed|accept-all|token|black-list)",
 	"Authentication (not cryptographic)\n"
 	"Set the GSM network authentication policy\n"
 	"Require the MS to be activated in HLR\n"
 	"Accept all MS, whether in HLR or not\n"
-	"Use SMS-token based authentication\n")
+	"Use SMS-token based authentication\n"
+	"Accept all MS, except not authorized in HLR\n")
 {
 	enum gsm_auth_policy policy = gsm_auth_policy_parse(argv[0]);
 	struct gsm_network *gsmnet = gsmnet_from_vty(vty);
diff --git a/openbsc/src/libcommon/gsm_data.c b/openbsc/src/libcommon/gsm_data.c
index 5f7e32e73..31b65ee70 100644
--- a/openbsc/src/libcommon/gsm_data.c
+++ b/openbsc/src/libcommon/gsm_data.c
@@ -256,6 +256,7 @@ static const struct value_string auth_policy_names[] = {
 	{ GSM_AUTH_POLICY_CLOSED,	"closed" },
 	{ GSM_AUTH_POLICY_ACCEPT_ALL,	"accept-all" },
 	{ GSM_AUTH_POLICY_TOKEN,	"token" },
+	{ GSM_AUTH_POLICY_BLACK_LIST,	"black-list"},
 	{ 0,				NULL }
 };
 
diff --git a/openbsc/src/libmsc/db.c b/openbsc/src/libmsc/db.c
index 21abce9de..440509ac2 100644
--- a/openbsc/src/libmsc/db.c
+++ b/openbsc/src/libmsc/db.c
@@ -319,6 +319,7 @@ struct gsm_subscriber *db_create_subscriber(struct gsm_network *net, char *imsi)
 {
 	dbi_result result;
 	struct gsm_subscriber *subscr;
+	int authorized = 0;
 
 	/* Is this subscriber known in the db? */
 	subscr = db_get_subscriber(net, GSM_SUBSCRIBER_IMSI, imsi);
@@ -337,17 +338,22 @@ struct gsm_subscriber *db_create_subscriber(struct gsm_network *net, char *imsi)
 	if (!subscr)
 		return NULL;
 	subscr->flags |= GSM_SUBSCRIBER_FIRST_CONTACT;
+
+	if (net->auth_policy == GSM_AUTH_POLICY_BLACK_LIST)
+		authorized = 1;
+
 	result = dbi_conn_queryf(conn,
 		"INSERT INTO Subscriber "
-		"(imsi, created, updated) "
+		"(imsi, created, updated, authorized) "
 		"VALUES "
-		"(%s, datetime('now'), datetime('now')) ",
-		imsi
+		"(%s, datetime('now'), datetime('now'), %d) ",
+		imsi, authorized
 	);
 	if (!result)
 		LOGP(DDB, LOGL_ERROR, "Failed to create Subscriber by IMSI.\n");
 	subscr->net = net;
 	subscr->id = dbi_conn_sequence_last(conn, NULL);
+	subscr->authorized = authorized;
 	strncpy(subscr->imsi, imsi, GSM_IMSI_LENGTH-1);
 	dbi_result_free(result);
 	LOGP(DDB, LOGL_INFO, "New Subscriber: ID %llu, IMSI %s\n", subscr->id, subscr->imsi);
diff --git a/openbsc/src/libmsc/gsm_04_08.c b/openbsc/src/libmsc/gsm_04_08.c
index d81dab901..8f8eaa933 100644
--- a/openbsc/src/libmsc/gsm_04_08.c
+++ b/openbsc/src/libmsc/gsm_04_08.c
@@ -241,6 +241,8 @@ static int authorize_subscriber(struct gsm_loc_updating_operation *loc,
 		return (subscriber->flags & GSM_SUBSCRIBER_FIRST_CONTACT);
 	case GSM_AUTH_POLICY_ACCEPT_ALL:
 		return 1;
+	case GSM_AUTH_POLICY_BLACK_LIST:
+		return subscriber->authorized;
 	default:
 		return 0;
 	}
-- 
cgit v1.2.3