sgsn: Add "auth-policy" VTY command to enable/disable ACL
diff --git a/openbsc/include/openbsc/sgsn.h b/openbsc/include/openbsc/sgsn.h
index 447bd2f..f7af750 100644
--- a/openbsc/include/openbsc/sgsn.h
+++ b/openbsc/include/openbsc/sgsn.h
@@ -16,6 +16,7 @@
/* misc */
struct gprs_ns_inst *nsi;
+ int acl_enabled;
struct llist_head imsi_acl;
};
diff --git a/openbsc/src/gprs/gprs_gmm.c b/openbsc/src/gprs/gprs_gmm.c
index 36798e0..2f309a5 100644
--- a/openbsc/src/gprs/gprs_gmm.c
+++ b/openbsc/src/gprs/gprs_gmm.c
@@ -699,7 +699,8 @@
char mccmnc[16];
snprintf(mccmnc, sizeof(mccmnc), "%03d%02d", ra_id.mcc, ra_id.mnc);
if (strncmp(mccmnc, mi_string, 5) &&
- !sgsn_acl_lookup(mi_string)) {
+ (sgsn->cfg.acl_enabled &&
+ !sgsn_acl_lookup(mi_string))) {
LOGP(DMM, LOGL_INFO, "Rejecting ATTACH REQUESET IMSI=%s\n",
mi_string);
return gsm48_tx_gmm_att_rej_oldmsg(msg,
diff --git a/openbsc/src/gprs/sgsn_vty.c b/openbsc/src/gprs/sgsn_vty.c
index ce3b4da..a4ba280 100644
--- a/openbsc/src/gprs/sgsn_vty.c
+++ b/openbsc/src/gprs/sgsn_vty.c
@@ -131,6 +131,8 @@
gctx->gtp_version, VTY_NEWLINE);
}
+ vty_out(vty, " auth-policy %s%s",
+ g_cfg->acl_enabled ? "closed" : "accept-all", VTY_NEWLINE);
llist_for_each_entry(acl, &g_cfg->imsi_acl, list)
vty_out(vty, " imsi-acl add %s%s", acl->imsi, VTY_NEWLINE);
@@ -392,6 +394,20 @@
return CMD_SUCCESS;
}
+DEFUN(cfg_auth_policy, cfg_auth_policy_cmd,
+ "auth-policy (accept-all|closed)",
+ "Autorization Policy of SGSN\n"
+ "Accept all IMSIs (DANGEROUS\n"
+ "Accept only home network subscribers or those in ACL\n")
+{
+ if (!strcmp(argv[0], "accept-all"))
+ g_cfg->acl_enabled = 0;
+ else
+ g_cfg->acl_enabled = 1;
+
+ return CMD_SUCCESS;
+}
+
int sgsn_vty_init(void)
{
install_element_ve(&show_sgsn_cmd);
@@ -410,6 +426,7 @@
//install_element(SGSN_NODE, &cfg_ggsn_remote_port_cmd);
install_element(SGSN_NODE, &cfg_ggsn_gtp_version_cmd);
install_element(SGSN_NODE, &cfg_imsi_acl_cmd);
+ install_element(SGSN_NODE, &cfg_auth_policy_cmd);
return 0;
}