[PATCH] openbsc[master]: Remove unused auth code and add comment

This is merely a historical archive of years 2008-2021, before the migration to mailman3.

A maintained and still updated list archive can be found at https://lists.osmocom.org/hyperkitty/list/gerrit-log@lists.osmocom.org/.

Neels Hofmeyr gerrit-no-reply at lists.osmocom.org
Fri Jun 17 20:07:11 UTC 2016 

Review at  https://gerrit.osmocom.org/331

Remove unused auth code and add comment

The GSM_SECURITY_AUTH_FAILED path is never invoked by the
gsm48_secure_channel() function as it is today.

Keep the GSM_SECURITY_AUTH_FAILED case, since the upcoming Iu auth will use it.
But rather return an error, which will lead to a timeout, and a LU Reject will
be sent.

If the GSM_SECURITY_AUTH_FAILED code path removed by this patch were invoked,
it would never send out a LU Reject, since a call to release_loc_updating_req()
only releases the connection. To reject, a call to gsm0408_loc_upd_rej() would
be necessary, as seen in loc_upd_rej_cb(). Arguably, it may be desirable to
omit a LU Reject in case of an auth failure, to be less friendly to auth
attackers? So far that was not the case (since that code path was never used),
so not adding this behavior now.

Change-Id: I44aac24811785c4b6f95f830b8b35d5fbe644e0f
---
M openbsc/src/libmsc/gsm_04_08.c
1 file changed, 13 insertions(+), 4 deletions(-)


  git pull ssh://gerrit.osmocom.org:29418/openbsc refs/changes/31/331/1

diff --git a/openbsc/src/libmsc/gsm_04_08.c b/openbsc/src/libmsc/gsm_04_08.c
index 6704497..5e4b466 100644
--- a/openbsc/src/libmsc/gsm_04_08.c
+++ b/openbsc/src/libmsc/gsm_04_08.c
@@ -361,10 +361,6 @@
 	int rc = 0;
 
 	switch (event) {
-		case GSM_SECURITY_AUTH_FAILED:
-			release_loc_updating_req(conn, 1);
-			break;
-
 		case GSM_SECURITY_ALREADY:
 			LOGP(DMM, LOGL_ERROR, "We don't expect LOCATION "
 				"UPDATING after CM SERVICE REQUEST\n");
@@ -375,6 +371,19 @@
 			rc = finish_lu(conn);
 			break;
 
+		case GSM_SECURITY_AUTH_FAILED:
+			/*
+			 * gsm48_secure_channel() will pass only
+			 * GSM_SECURITY_NOAVAIL in case of failure. If future
+			 * code should add a GSM_SECURITY_AUTH_FAILED status in
+			 * this code path, letting the Location Update time out
+			 * will do all necessary error messaging and logging,
+			 * see loc_upd_rej_cb().
+			 */
+			LOGP(DMM, LOGL_ERROR,
+			     "Authorization failed for subscriber %s\n",
+			     subscr_name(conn->subscr));
+			/* fall through */
 		default:
 			rc = -EINVAL;
 	};

-- 
To view, visit https://gerrit.osmocom.org/331
To unsubscribe, visit https://gerrit.osmocom.org/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: I44aac24811785c4b6f95f830b8b35d5fbe644e0f
Gerrit-PatchSet: 1
Gerrit-Project: openbsc
Gerrit-Branch: master
Gerrit-Owner: Neels Hofmeyr <nhofmeyr at sysmocom.de>

More information about the gerrit-log mailing list