[PATCH] Added new auth policy black-list.

This is merely a historical archive of years 2008-2021, before the migration to mailman3.

A maintained and still updated list archive can be found at https://lists.osmocom.org/hyperkitty/list/OpenBSC@lists.osmocom.org/.

Ivan Kluchnikov Ivan.Kluchnikov at fairwaves.ru
Wed Sep 11 14:57:44 UTC 2013


In this mode by default we set authorized = 1 for all new subscribers.
BSC accepts all MS, except subscribers not authorized in DB.
All subscribers with authorized = 0 are part of the black list and not accepted.
---
 openbsc/include/openbsc/gsm_data.h |    1 +
 openbsc/src/libbsc/bsc_vty.c       |    5 +++--
 openbsc/src/libcommon/gsm_data.c   |    1 +
 openbsc/src/libmsc/db.c            |   12 +++++++++---
 openbsc/src/libmsc/gsm_04_08.c     |    2 ++
 5 files changed, 16 insertions(+), 5 deletions(-)

diff --git a/openbsc/include/openbsc/gsm_data.h
b/openbsc/include/openbsc/gsm_data.h
index 8741505..99e9b27 100644
--- a/openbsc/include/openbsc/gsm_data.h
+++ b/openbsc/include/openbsc/gsm_data.h
@@ -194,6 +194,7 @@ enum gsm_auth_policy {
     GSM_AUTH_POLICY_CLOSED, /* only subscribers authorized in DB */
     GSM_AUTH_POLICY_ACCEPT_ALL, /* accept everyone, even if not
authorized in DB */
     GSM_AUTH_POLICY_TOKEN, /* accept first, send token per sms, then
revoke authorization */
+    GSM_AUTH_POLICY_BLACK_LIST /* accept everyone, except subscribers
not authorized in DB */
 };

 #define GSM_T3101_DEFAULT 10
diff --git a/openbsc/src/libbsc/bsc_vty.c b/openbsc/src/libbsc/bsc_vty.c
index 5748945..7a89ca6 100644
--- a/openbsc/src/libbsc/bsc_vty.c
+++ b/openbsc/src/libbsc/bsc_vty.c
@@ -1186,12 +1186,13 @@ DEFUN(cfg_net_name_long,

 DEFUN(cfg_net_auth_policy,
       cfg_net_auth_policy_cmd,
-      "auth policy (closed|accept-all|token)",
+      "auth policy (closed|accept-all|token|black-list)",
     "Authentication (not cryptographic)\n"
     "Set the GSM network authentication policy\n"
     "Require the MS to be activated in HLR\n"
     "Accept all MS, whether in HLR or not\n"
-    "Use SMS-token based authentication\n")
+    "Use SMS-token based authentication\n"
+    "Accept all MS, except not authorized in HLR\n")
 {
     enum gsm_auth_policy policy = gsm_auth_policy_parse(argv[0]);
     struct gsm_network *gsmnet = gsmnet_from_vty(vty);
diff --git a/openbsc/src/libcommon/gsm_data.c b/openbsc/src/libcommon/gsm_data.c
index 5f7e32e..31b65ee 100644
--- a/openbsc/src/libcommon/gsm_data.c
+++ b/openbsc/src/libcommon/gsm_data.c
@@ -256,6 +256,7 @@ static const struct value_string auth_policy_names[] = {
     { GSM_AUTH_POLICY_CLOSED,    "closed" },
     { GSM_AUTH_POLICY_ACCEPT_ALL,    "accept-all" },
     { GSM_AUTH_POLICY_TOKEN,    "token" },
+    { GSM_AUTH_POLICY_BLACK_LIST,    "black-list"},
     { 0,                NULL }
 };

diff --git a/openbsc/src/libmsc/db.c b/openbsc/src/libmsc/db.c
index 21abce9..440509a 100644
--- a/openbsc/src/libmsc/db.c
+++ b/openbsc/src/libmsc/db.c
@@ -319,6 +319,7 @@ struct gsm_subscriber *db_create_subscriber(struct
gsm_network *net, char *imsi)
 {
     dbi_result result;
     struct gsm_subscriber *subscr;
+    int authorized = 0;

     /* Is this subscriber known in the db? */
     subscr = db_get_subscriber(net, GSM_SUBSCRIBER_IMSI, imsi);
@@ -337,17 +338,22 @@ struct gsm_subscriber
*db_create_subscriber(struct gsm_network *net, char *imsi)
     if (!subscr)
         return NULL;
     subscr->flags |= GSM_SUBSCRIBER_FIRST_CONTACT;
+
+    if (net->auth_policy == GSM_AUTH_POLICY_BLACK_LIST)
+        authorized = 1;
+
     result = dbi_conn_queryf(conn,
         "INSERT INTO Subscriber "
-        "(imsi, created, updated) "
+        "(imsi, created, updated, authorized) "
         "VALUES "
-        "(%s, datetime('now'), datetime('now')) ",
-        imsi
+        "(%s, datetime('now'), datetime('now'), %d) ",
+        imsi, authorized
     );
     if (!result)
         LOGP(DDB, LOGL_ERROR, "Failed to create Subscriber by IMSI.\n");
     subscr->net = net;
     subscr->id = dbi_conn_sequence_last(conn, NULL);
+    subscr->authorized = authorized;
     strncpy(subscr->imsi, imsi, GSM_IMSI_LENGTH-1);
     dbi_result_free(result);
     LOGP(DDB, LOGL_INFO, "New Subscriber: ID %llu, IMSI %s\n",
subscr->id, subscr->imsi);
diff --git a/openbsc/src/libmsc/gsm_04_08.c b/openbsc/src/libmsc/gsm_04_08.c
index d81dab9..8f8eaa9 100644
--- a/openbsc/src/libmsc/gsm_04_08.c
+++ b/openbsc/src/libmsc/gsm_04_08.c
@@ -241,6 +241,8 @@ static int authorize_subscriber(struct
gsm_loc_updating_operation *loc,
         return (subscriber->flags & GSM_SUBSCRIBER_FIRST_CONTACT);
     case GSM_AUTH_POLICY_ACCEPT_ALL:
         return 1;
+    case GSM_AUTH_POLICY_BLACK_LIST:
+        return subscriber->authorized;
     default:
         return 0;
     }
-- 
1.7.9.5


-- 
Regards,
Ivan Kluchnikov.
http://fairwaves.ru




More information about the OpenBSC mailing list