sgsn: Replace subscr.authenticate by global require_authentication flag
Currently the flag 'authenticate' is managed per subscriber.
This patch replaces that flag by a global cfg.require_authentication
flag that enables/disables the use of the Auth & Ciph procedure for
every subscriber. The flag is set by the VTY, if and only if the
authorization policy is 'remote'.
The VTY command
- update-subscriber imsi IMSI insert authenticate <0-1>
is removed.
Sponsored-by: On-Waves ehf
diff --git a/openbsc/include/openbsc/sgsn.h b/openbsc/include/openbsc/sgsn.h
index 71be1ce..798bfde 100644
--- a/openbsc/include/openbsc/sgsn.h
+++ b/openbsc/include/openbsc/sgsn.h
@@ -30,6 +30,8 @@
struct sockaddr_in gsup_server_addr;
int gsup_server_port;
+
+ int require_authentication;
};
struct sgsn_instance {
diff --git a/openbsc/src/gprs/sgsn_auth.c b/openbsc/src/gprs/sgsn_auth.c
index 3755a51..83372e8 100644
--- a/openbsc/src/gprs/sgsn_auth.c
+++ b/openbsc/src/gprs/sgsn_auth.c
@@ -110,7 +110,7 @@
if (mmctx->subscr->flags & GPRS_SUBSCRIBER_UPDATE_PENDING_MASK)
return mmctx->auth_state;
- if (mmctx->subscr->sgsn_data->authenticate &&
+ if (sgsn->cfg.require_authentication &&
(!mmctx->is_authenticated ||
mmctx->subscr->sgsn_data->auth_triplets_updated))
return SGSN_AUTH_AUTHENTICATE;
@@ -171,7 +171,7 @@
OSMO_ASSERT(mmctx->subscr != NULL);
- if (mmctx->subscr->sgsn_data->authenticate && !mmctx->is_authenticated) {
+ if (sgsn->cfg.require_authentication && !mmctx->is_authenticated) {
/* Find next tuple */
at = sgsn_auth_get_tuple(mmctx, mmctx->auth_triplet.key_seq);
diff --git a/openbsc/src/gprs/sgsn_vty.c b/openbsc/src/gprs/sgsn_vty.c
index e9333f5..3ca1570 100644
--- a/openbsc/src/gprs/sgsn_vty.c
+++ b/openbsc/src/gprs/sgsn_vty.c
@@ -376,6 +376,7 @@
int val = get_string_value(sgsn_auth_pol_strs, argv[0]);
OSMO_ASSERT(val >= SGSN_AUTH_POLICY_OPEN && val <= SGSN_AUTH_POLICY_REMOTE);
g_cfg->auth_policy = val;
+ g_cfg->require_authentication = (val == SGSN_AUTH_POLICY_REMOTE);
return CMD_SUCCESS;
}
@@ -472,15 +473,14 @@
#define UPDATE_SUBSCR_INSERT_HELP "Insert data into the subscriber record\n"
DEFUN(update_subscr_insert, update_subscr_insert_cmd,
- UPDATE_SUBSCR_STR "insert (authorized|authenticate) (0|1)",
+ UPDATE_SUBSCR_STR "insert authorized <0-1>)",
UPDATE_SUBSCR_HELP
UPDATE_SUBSCR_INSERT_HELP
"Authorize the subscriber to attach\n"
"New option value\n")
{
const char *imsi = argv[0];
- const char *option = argv[1];
- const char *value = argv[2];
+ const char *value = argv[1];
struct gsm_subscriber *subscr;
@@ -490,10 +490,7 @@
return CMD_WARNING;
}
- if (!strcmp(option, "authorized"))
- subscr->authorized = atoi(value);
- else
- subscr->sgsn_data->authenticate = atoi(value);
+ subscr->authorized = atoi(value);
subscr_put(subscr);
diff --git a/openbsc/tests/sgsn/sgsn_test.c b/openbsc/tests/sgsn/sgsn_test.c
index ebe12c9..7c48eef 100644
--- a/openbsc/tests/sgsn/sgsn_test.c
+++ b/openbsc/tests/sgsn/sgsn_test.c
@@ -876,7 +876,7 @@
subscr = gprs_subscr_get_or_create("123456789012345");
subscr->authorized = 1;
- subscr->sgsn_data->authenticate = 1;
+ sgsn->cfg.require_authentication = 1;
subscr_put(subscr);
printf("Auth policy 'remote', auth faked: ");
@@ -918,7 +918,7 @@
subscr = gprs_subscr_get_or_create("123456789012345");
subscr->authorized = 1;
- subscr->sgsn_data->authenticate = 1;
+ sgsn->cfg.require_authentication = 1;
subscr_put(subscr);
printf("Auth policy 'remote', triplet based auth: ");