sgsn: Integrate subscriber handling into the SGSN
This commit adds a new authorization policy 'remote' and uses
the subscriber cache for authorization when this policy is being used.
Note that there is no remote backend implemented yet. After the
IMSI/IMEI have been acquired, a request would be sent to the remote
peer. The attach/auth-ciph procedure continues when authorization
info has been received from the peer. This means, that
gprs_subscr_update() must be called then to tell the GMM layer
that it can proceed. A later commit will add VTY commands to do this
manually.
Sponsored-by: On-Waves ehf
diff --git a/openbsc/src/gprs/sgsn_vty.c b/openbsc/src/gprs/sgsn_vty.c
index 6381671..5fb230f 100644
--- a/openbsc/src/gprs/sgsn_vty.c
+++ b/openbsc/src/gprs/sgsn_vty.c
@@ -45,6 +45,7 @@
{ SGSN_AUTH_POLICY_OPEN, "accept-all" },
{ SGSN_AUTH_POLICY_CLOSED, "closed" },
{ SGSN_AUTH_POLICY_ACL_ONLY, "acl-only" },
+ { SGSN_AUTH_POLICY_REMOTE, "remote" },
{ 0, NULL }
};
@@ -358,14 +359,15 @@
}
DEFUN(cfg_auth_policy, cfg_auth_policy_cmd,
- "auth-policy (accept-all|closed|acl-only)",
+ "auth-policy (accept-all|closed|acl-only|remote)",
"Autorization Policy of SGSN\n"
"Accept all IMSIs (DANGEROUS)\n"
"Accept only home network subscribers or those in the ACL\n"
- "Accept only subscribers in the ACL\n")
+ "Accept only subscribers in the ACL\n"
+ "Use remote subscription data only (HLR)\n")
{
int val = get_string_value(sgsn_auth_pol_strs, argv[0]);
- OSMO_ASSERT(val >= SGSN_AUTH_POLICY_OPEN && val <= SGSN_AUTH_POLICY_ACL_ONLY);
+ OSMO_ASSERT(val >= SGSN_AUTH_POLICY_OPEN && val <= SGSN_AUTH_POLICY_REMOTE);
g_cfg->auth_policy = val;
return CMD_SUCCESS;