sgsn: Move IMSI authorization to gsm48_gmm_authorize
Currently the IMSI is only checked immediately when an Attach Request
is received that contains an IMSI IE. If it contains a P-TMSI
instead, access is always granted.
This commit moves the IMSI check to gsm48_gmm_authorize where it is
applied when IMSI and IMEI have been acquired. This fixes the
authorization when the Attach Accept doesn't contain an IMSI.
Sponsored-by: On-Waves ehf
diff --git a/openbsc/src/gprs/gprs_gmm.c b/openbsc/src/gprs/gprs_gmm.c
index 575ad79..95bf73b 100644
--- a/openbsc/src/gprs/gprs_gmm.c
+++ b/openbsc/src/gprs/gprs_gmm.c
@@ -640,9 +640,30 @@
}
/* All information required for authentication is available */
-
ctx->t3370_id_type = GSM_MI_TYPE_NONE;
+ if (!ctx->is_authorized) {
+ /* As a temorary hack, we simply assume that the IMSI exists,
+ * as long as it is part of 'our' network */
+ char mccmnc[16];
+ int rc;
+ snprintf(mccmnc, sizeof(mccmnc), "%03d%02d",
+ ctx->ra.mcc, ctx->ra.mnc);
+ if (strncmp(mccmnc, ctx->imsi, 5) &&
+ (sgsn->cfg.acl_enabled &&
+ !sgsn_acl_lookup(ctx->imsi, &sgsn->cfg))) {
+ LOGP(DMM, LOGL_NOTICE, "Rejecting ATTACH REQUEST IMSI=%s\n",
+ ctx->imsi);
+ rc = gsm48_tx_gmm_att_rej(ctx,
+ GMM_CAUSE_GPRS_NOTALLOWED);
+ mm_ctx_cleanup_free(ctx, "ATTACH REJECT");
+ return rc;
+ }
+ ctx->is_authorized = 1;
+ }
+
+ /* The MS is authorized */
+
switch (ctx->pending_req) {
case 0:
LOGMMCTXP(LOGL_INFO, ctx,
@@ -799,18 +820,6 @@
#if 0
return gsm48_tx_gmm_att_rej(msg, GMM_CAUSE_IMSI_UNKNOWN);
#else
- /* As a temorary hack, we simply assume that the IMSI exists,
- * as long as it is part of 'our' network */
- char mccmnc[16];
- snprintf(mccmnc, sizeof(mccmnc), "%03d%02d", ra_id.mcc, ra_id.mnc);
- if (strncmp(mccmnc, mi_string, 5) &&
- (sgsn->cfg.acl_enabled &&
- !sgsn_acl_lookup(mi_string, &sgsn->cfg))) {
- LOGP(DMM, LOGL_NOTICE, "Rejecting ATTACH REQUEST IMSI=%s\n",
- mi_string);
- return gsm48_tx_gmm_att_rej_oldmsg(msg,
- GMM_CAUSE_GPRS_NOTALLOWED);
- }
ctx = sgsn_mm_ctx_alloc(0, &ra_id);
if (!ctx)
return gsm48_tx_gmm_att_rej_oldmsg(msg, GMM_CAUSE_NET_FAIL);