[PATCH 1/2] Added new auth policy blacklist.

This is merely a historical archive of years 2008-2021, before the migration to mailman3.

A maintained and still updated list archive can be found at https://lists.osmocom.org/hyperkitty/list/OpenBSC@lists.osmocom.org/.

Ivan Kluchnikov kluchnikovi at gmail.com
Fri Oct 18 08:37:42 UTC 2013 

In this mode by default we set authorized = 1 for all new subscribers.
BSC accepts all MS, except subscribers not authorized in DB.
All subscribers with authorized = 0 are part of the blacklist and not accepted.
---
 openbsc/include/openbsc/gsm_data.h  |    1 +
 openbsc/src/libbsc/bsc_vty.c        |    5 +++--
 openbsc/src/libcommon/gsm_data.c    |    1 +
 openbsc/src/libmsc/gsm_04_08.c      |    2 ++
 openbsc/src/libmsc/gsm_subscriber.c |    8 +++++++-
 5 files changed, 14 insertions(+), 3 deletions(-)

diff --git a/openbsc/include/openbsc/gsm_data.h b/openbsc/include/openbsc/gsm_data.h
index 8741505..71a878d 100644
--- a/openbsc/include/openbsc/gsm_data.h
+++ b/openbsc/include/openbsc/gsm_data.h
@@ -194,6 +194,7 @@ enum gsm_auth_policy {
 	GSM_AUTH_POLICY_CLOSED, /* only subscribers authorized in DB */
 	GSM_AUTH_POLICY_ACCEPT_ALL, /* accept everyone, even if not authorized in DB */
 	GSM_AUTH_POLICY_TOKEN, /* accept first, send token per sms, then revoke authorization */
+	GSM_AUTH_POLICY_BLACKLIST /* accept everyone, except subscribers not authorized in DB */
 };
 
 #define GSM_T3101_DEFAULT 10
diff --git a/openbsc/src/libbsc/bsc_vty.c b/openbsc/src/libbsc/bsc_vty.c
index 5d03b2a..e3cb917 100644
--- a/openbsc/src/libbsc/bsc_vty.c
+++ b/openbsc/src/libbsc/bsc_vty.c
@@ -1214,12 +1214,13 @@ DEFUN(cfg_net_name_long,
 
 DEFUN(cfg_net_auth_policy,
       cfg_net_auth_policy_cmd,
-      "auth policy (closed|accept-all|token)",
+      "auth policy (closed|accept-all|token|blacklist)",
 	"Authentication (not cryptographic)\n"
 	"Set the GSM network authentication policy\n"
 	"Require the MS to be activated in HLR\n"
 	"Accept all MS, whether in HLR or not\n"
-	"Use SMS-token based authentication\n")
+	"Use SMS-token based authentication\n"
+	"Accept all MS, except not authorized in HLR\n")
 {
 	enum gsm_auth_policy policy = gsm_auth_policy_parse(argv[0]);
 	struct gsm_network *gsmnet = gsmnet_from_vty(vty);
diff --git a/openbsc/src/libcommon/gsm_data.c b/openbsc/src/libcommon/gsm_data.c
index 5f7e32e..4c2d8e7 100644
--- a/openbsc/src/libcommon/gsm_data.c
+++ b/openbsc/src/libcommon/gsm_data.c
@@ -256,6 +256,7 @@ static const struct value_string auth_policy_names[] = {
 	{ GSM_AUTH_POLICY_CLOSED,	"closed" },
 	{ GSM_AUTH_POLICY_ACCEPT_ALL,	"accept-all" },
 	{ GSM_AUTH_POLICY_TOKEN,	"token" },
+	{ GSM_AUTH_POLICY_BLACKLIST,	"blacklist"},
 	{ 0,				NULL }
 };
 
diff --git a/openbsc/src/libmsc/gsm_04_08.c b/openbsc/src/libmsc/gsm_04_08.c
index c41443e..addacda 100644
--- a/openbsc/src/libmsc/gsm_04_08.c
+++ b/openbsc/src/libmsc/gsm_04_08.c
@@ -241,6 +241,8 @@ static int authorize_subscriber(struct gsm_loc_updating_operation *loc,
 		return (subscriber->flags & GSM_SUBSCRIBER_FIRST_CONTACT);
 	case GSM_AUTH_POLICY_ACCEPT_ALL:
 		return 1;
+	case GSM_AUTH_POLICY_BLACKLIST:
+		return subscriber->authorized;
 	default:
 		return 0;
 	}
diff --git a/openbsc/src/libmsc/gsm_subscriber.c b/openbsc/src/libmsc/gsm_subscriber.c
index bc6f3cf..d417b9f 100644
--- a/openbsc/src/libmsc/gsm_subscriber.c
+++ b/openbsc/src/libmsc/gsm_subscriber.c
@@ -279,8 +279,14 @@ struct gsm_subscriber *subscr_create_subscriber(struct gsm_network *net,
 					const char *imsi)
 {
 	struct gsm_subscriber *subscr = db_create_subscriber(imsi);
-	if (subscr)
+	if (subscr) {
 		subscr->net = net;
+		if (subscr->net->auth_policy == GSM_AUTH_POLICY_BLACKLIST) {
+			subscr->authorized = 1;
+			db_sync_subscriber(subscr);	
+		}
+	}
+
 	return subscr;
 }
 
-- 
1.7.9.5

More information about the OpenBSC mailing list