In this mode by default we set authorized = 1 for all new subscribers.
BSC accepts all MS, except subscribers not authorized in DB.
All subscribers with authorized = 0 are part of the blacklist and not accepted.
---
openbsc/include/openbsc/gsm_data.h | 1 +
openbsc/src/libbsc/bsc_vty.c | 5 +++--
openbsc/src/libcommon/gsm_data.c | 1 +
openbsc/src/libmsc/gsm_04_08.c | 2 ++
openbsc/src/libmsc/gsm_subscriber.c | 8 +++++++-
5 files changed, 14 insertions(+), 3 deletions(-)
diff --git a/openbsc/include/openbsc/gsm_data.h
b/openbsc/include/openbsc/gsm_data.h
index 8741505..71a878d 100644
--- a/openbsc/include/openbsc/gsm_data.h
+++ b/openbsc/include/openbsc/gsm_data.h
@@ -194,6 +194,7 @@ enum gsm_auth_policy {
GSM_AUTH_POLICY_CLOSED, /* only subscribers authorized in DB */
GSM_AUTH_POLICY_ACCEPT_ALL, /* accept everyone, even if not authorized
in DB */
GSM_AUTH_POLICY_TOKEN, /* accept first, send token per sms, then revoke
authorization */
+ GSM_AUTH_POLICY_BLACKLIST /* accept everyone, except subscribers not
authorized in DB */
};
#define GSM_T3101_DEFAULT 10
diff --git a/openbsc/src/libbsc/bsc_vty.c b/openbsc/src/libbsc/bsc_vty.c
index 5d03b2a..e3cb917 100644
--- a/openbsc/src/libbsc/bsc_vty.c
+++ b/openbsc/src/libbsc/bsc_vty.c
@@ -1214,12 +1214,13 @@ DEFUN(cfg_net_name_long,
DEFUN(cfg_net_auth_policy,
cfg_net_auth_policy_cmd,
- "auth policy (closed|accept-all|token)",
+ "auth policy (closed|accept-all|token|blacklist)",
"Authentication (not cryptographic)\n"
"Set the GSM network authentication policy\n"
"Require the MS to be activated in HLR\n"
"Accept all MS, whether in HLR or not\n"
- "Use SMS-token based authentication\n")
+ "Use SMS-token based authentication\n"
+ "Accept all MS, except not authorized in HLR\n")
{
enum gsm_auth_policy policy = gsm_auth_policy_parse(argv[0]);
struct gsm_network *gsmnet = gsmnet_from_vty(vty);
diff --git a/openbsc/src/libcommon/gsm_data.c b/openbsc/src/libcommon/gsm_data.c
index 5f7e32e..4c2d8e7 100644
--- a/openbsc/src/libcommon/gsm_data.c
+++ b/openbsc/src/libcommon/gsm_data.c
@@ -256,6 +256,7 @@ static const struct value_string auth_policy_names[] = {
{ GSM_AUTH_POLICY_CLOSED, "closed" },
{ GSM_AUTH_POLICY_ACCEPT_ALL, "accept-all" },
{ GSM_AUTH_POLICY_TOKEN, "token" },
+ { GSM_AUTH_POLICY_BLACKLIST, "blacklist"},
{ 0, NULL }
};
diff --git a/openbsc/src/libmsc/gsm_04_08.c b/openbsc/src/libmsc/gsm_04_08.c
index c41443e..addacda 100644
--- a/openbsc/src/libmsc/gsm_04_08.c
+++ b/openbsc/src/libmsc/gsm_04_08.c
@@ -241,6 +241,8 @@ static int authorize_subscriber(struct
gsm_loc_updating_operation *loc,
return (subscriber->flags & GSM_SUBSCRIBER_FIRST_CONTACT);
case GSM_AUTH_POLICY_ACCEPT_ALL:
return 1;
+ case GSM_AUTH_POLICY_BLACKLIST:
+ return subscriber->authorized;
default:
return 0;
}
diff --git a/openbsc/src/libmsc/gsm_subscriber.c
b/openbsc/src/libmsc/gsm_subscriber.c
index bc6f3cf..d417b9f 100644
--- a/openbsc/src/libmsc/gsm_subscriber.c
+++ b/openbsc/src/libmsc/gsm_subscriber.c
@@ -279,8 +279,14 @@ struct gsm_subscriber *subscr_create_subscriber(struct
gsm_network *net,
const char *imsi)
{
struct gsm_subscriber *subscr = db_create_subscriber(imsi);
- if (subscr)
+ if (subscr) {
subscr->net = net;
+ if (subscr->net->auth_policy == GSM_AUTH_POLICY_BLACKLIST) {
+ subscr->authorized = 1;
+ db_sync_subscriber(subscr);
+ }
+ }
+
return subscr;
}
--
1.7.9.5
