commit f951a01bb227e524eb369051c95fbebace7570d0
author Jacob Erlbeck <jerlbeck@sysmocom.de> Fri Nov 07 14:17:44 2014 +0100
committer Holger Hans Peter Freyther <holger@moiji-mobile.com> Fri Nov 14 10:23:54 2014 +0100
tree 9a01dc28a3675f95e4b43ab70e05da8a25eb442f
parent f6e7d99d54cc75fdc19433011afb5eaaa8a2a002

sgsn: Refactor sgsn_auth to separate request and authorization

Currently the authorization is done in sgsn_auth_request for ACL
based authorization. This doesn't match the way remote authorization
would work, so that there is a second call to sgsn_auth_state already
present in sgsn_auth_update.

This patch removes the autorization check completely from
sgsn_auth_request which in turn calls sgsn_auth_update directly now.

Sponsored-by: On-Waves ehf

openbsc/src/gprs/sgsn_auth.c

diff --git a/openbsc/src/gprs/sgsn_auth.c b/openbsc/src/gprs/sgsn_auth.c
index d2d4913..0407e9e 100644
--- a/openbsc/src/gprs/sgsn_auth.c
+++ b/openbsc/src/gprs/sgsn_auth.c
@@ -32,6 +32,8 @@
 	{ 0, NULL }
 };
 
+const struct value_string *sgsn_auth_state_names = auth_state_names;
+
 void sgsn_auth_init(struct sgsn_instance *sgi)
 {
 	INIT_LLIST_HEAD(&sgi->cfg.imsi_acl);
@@ -125,29 +127,37 @@
 
 int sgsn_auth_request(struct sgsn_mm_ctx *mmctx, struct sgsn_config *cfg)
 {
-	struct sgsn_subscriber_data sd = {0};
+	/* TODO: Add remote subscriber update requests here */
 
-	sd.auth_state = sgsn_auth_state(mmctx, cfg);
+	sgsn_auth_update(mmctx, sgsn);
 
-	if (sd.auth_state == SGSN_AUTH_UNKNOWN) {
-		LOGMMCTXP(LOGL_ERROR, mmctx,
-			  "Missing information, authorization not possible\n");
-		sd.auth_state = SGSN_AUTH_REJECTED;
-	}
-
-	/* This will call sgsn_auth_update if auth_state has changed */
-	sgsn_update_subscriber_data(mmctx, &sd);
 	return 0;
 }
 
-void sgsn_auth_update(struct sgsn_mm_ctx *mmctx, struct sgsn_subscriber_data *sd)
+void sgsn_auth_update(struct sgsn_mm_ctx *mmctx, struct sgsn_instance *sgi)
 {
-	LOGMMCTXP(LOGL_INFO, mmctx, "Got authorization update: state %s\n",
-		  get_value_string(auth_state_names, sd->auth_state));
+	enum sgsn_auth_state auth_state;
 
-	mmctx->auth_state = sd->auth_state;
+	LOGMMCTXP(LOGL_DEBUG, mmctx, "Updating authorization\n");
 
-	switch (sd->auth_state) {
+	auth_state = sgsn_auth_state(mmctx, &sgi->cfg);
+	if (auth_state == SGSN_AUTH_UNKNOWN) {
+		/* Reject requests since remote updates are NYI */
+		LOGMMCTXP(LOGL_ERROR, mmctx,
+			  "Missing information, authorization not possible\n");
+		auth_state = SGSN_AUTH_REJECTED;
+	}
+
+	if (mmctx->auth_state == auth_state)
+		return;
+
+	LOGMMCTXP(LOGL_INFO, mmctx, "Got authorization update: state %s -> %s\n",
+		  get_value_string(sgsn_auth_state_names, mmctx->auth_state),
+		  get_value_string(sgsn_auth_state_names, auth_state));
+
+	mmctx->auth_state = auth_state;
+
+	switch (auth_state) {
 	case SGSN_AUTH_ACCEPTED:
 		gsm0408_gprs_access_granted(mmctx);
 		break;