Blame - openbsc/src/gprs/sgsn_auth.c - osmo-sgsn

blob: eb85d45fbbfd566d67a08124eb2bfb39aca83ace [file] [log] [blame]

Jacob Erlbeck	3b5d407	2014-10-24 15:11:03 +0200	[diff] [blame]	1	/* MS authorization and subscriber data handling */
				2
				3	/* (C) 2009-2010 by Harald Welte <laforge@gnumonks.org>
				4	*
				5	* All Rights Reserved
				6	*
				7	* This program is free software; you can redistribute it and/or modify
				8	* it under the terms of the GNU Affero General Public License as published by
				9	* the Free Software Foundation; either version 3 of the License, or
				10	* (at your option) any later version.
				11	*
				12	* This program is distributed in the hope that it will be useful,
				13	* but WITHOUT ANY WARRANTY; without even the implied warranty of
				14	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
				15	* GNU Affero General Public License for more details.
				16	*
				17	* You should have received a copy of the GNU Affero General Public License
				18	* along with this program. If not, see <http://www.gnu.org/licenses/>.
				19	*
				20	*/
				21
				22	#include <openbsc/sgsn.h>
				23	#include <openbsc/gprs_sgsn.h>
Jacob Erlbeck	423f8bf	2014-10-24 18:09:54 +0200	[diff] [blame]	24	#include <openbsc/gprs_gmm.h>
				25
				26	#include <openbsc/debug.h>
				27
				28	const struct value_string auth_state_names[] = {
				29	{ SGSN_AUTH_ACCEPTED, "accepted"},
				30	{ SGSN_AUTH_REJECTED, "rejected"},
				31	{ SGSN_AUTH_UNKNOWN, "unknown"},
				32	{ 0, NULL }
				33	};
Jacob Erlbeck	3b5d407	2014-10-24 15:11:03 +0200	[diff] [blame]	34
Jacob Erlbeck	f951a01	2014-11-07 14:17:44 +0100	[diff] [blame]	35	const struct value_string *sgsn_auth_state_names = auth_state_names;
				36
Jacob Erlbeck	a0b6efb	2014-11-13 10:48:39 +0100	[diff] [blame^]	37	void sgsn_auth_init(void)
Jacob Erlbeck	3b5d407	2014-10-24 15:11:03 +0200	[diff] [blame]	38	{
Jacob Erlbeck	a0b6efb	2014-11-13 10:48:39 +0100	[diff] [blame^]	39	INIT_LLIST_HEAD(&sgsn->cfg.imsi_acl);
Jacob Erlbeck	3b5d407	2014-10-24 15:11:03 +0200	[diff] [blame]	40	}
				41
				42	/* temporary IMSI ACL hack */
				43	struct imsi_acl_entry sgsn_acl_lookup(const char imsi, struct sgsn_config *cfg)
				44	{
				45	struct imsi_acl_entry *acl;
				46	llist_for_each_entry(acl, &cfg->imsi_acl, list) {
				47	if (!strcmp(imsi, acl->imsi))
				48	return acl;
				49	}
				50	return NULL;
				51	}
				52
				53	int sgsn_acl_add(const char imsi, struct sgsn_config cfg)
				54	{
				55	struct imsi_acl_entry *acl;
				56
				57	if (sgsn_acl_lookup(imsi, cfg))
				58	return -EEXIST;
				59
				60	acl = talloc_zero(NULL, struct imsi_acl_entry);
				61	if (!acl)
				62	return -ENOMEM;
				63	strncpy(acl->imsi, imsi, sizeof(acl->imsi));
				64
				65	llist_add(&acl->list, &cfg->imsi_acl);
				66
				67	return 0;
				68	}
				69
				70	int sgsn_acl_del(const char imsi, struct sgsn_config cfg)
				71	{
				72	struct imsi_acl_entry *acl;
				73
				74	acl = sgsn_acl_lookup(imsi, cfg);
				75	if (!acl)
				76	return -ENODEV;
				77
				78	llist_del(&acl->list);
				79	talloc_free(acl);
				80
				81	return 0;
				82	}
				83
Jacob Erlbeck	a0b6efb	2014-11-13 10:48:39 +0100	[diff] [blame^]	84	enum sgsn_auth_state sgsn_auth_state(struct sgsn_mm_ctx *mmctx)
Jacob Erlbeck	423f8bf	2014-10-24 18:09:54 +0200	[diff] [blame]	85	{
				86	char mccmnc[16];
Jacob Erlbeck	106f547	2014-11-04 10:08:37 +0100	[diff] [blame]	87	int check_net = 0;
				88	int check_acl = 0;
Jacob Erlbeck	423f8bf	2014-10-24 18:09:54 +0200	[diff] [blame]	89
				90	OSMO_ASSERT(mmctx);
				91
Jacob Erlbeck	106f547	2014-11-04 10:08:37 +0100	[diff] [blame]	92	switch (sgsn->cfg.auth_policy) {
				93	case SGSN_AUTH_POLICY_OPEN:
Jacob Erlbeck	423f8bf	2014-10-24 18:09:54 +0200	[diff] [blame]	94	return SGSN_AUTH_ACCEPTED;
				95
Jacob Erlbeck	106f547	2014-11-04 10:08:37 +0100	[diff] [blame]	96	case SGSN_AUTH_POLICY_CLOSED:
				97	check_net = 1;
				98	check_acl = 1;
				99	break;
				100
				101	case SGSN_AUTH_POLICY_ACL_ONLY:
				102	check_acl = 1;
				103	break;
				104	}
				105
Jacob Erlbeck	423f8bf	2014-10-24 18:09:54 +0200	[diff] [blame]	106	if (!strlen(mmctx->imsi)) {
				107	LOGMMCTXP(LOGL_NOTICE, mmctx,
				108	"Missing IMSI, authorization state not known\n");
				109	return SGSN_AUTH_UNKNOWN;
				110	}
				111
Jacob Erlbeck	106f547	2014-11-04 10:08:37 +0100	[diff] [blame]	112	if (check_net) {
				113	/* We simply assume that the IMSI exists, as long as it is part
				114	* of 'our' network */
				115	snprintf(mccmnc, sizeof(mccmnc), "%03d%02d",
				116	mmctx->ra.mcc, mmctx->ra.mnc);
				117	if (strncmp(mccmnc, mmctx->imsi, 5) == 0)
				118	return SGSN_AUTH_ACCEPTED;
				119	}
Jacob Erlbeck	423f8bf	2014-10-24 18:09:54 +0200	[diff] [blame]	120
Jacob Erlbeck	106f547	2014-11-04 10:08:37 +0100	[diff] [blame]	121	if (check_acl && sgsn_acl_lookup(mmctx->imsi, &sgsn->cfg))
Jacob Erlbeck	423f8bf	2014-10-24 18:09:54 +0200	[diff] [blame]	122	return SGSN_AUTH_ACCEPTED;
				123
				124	return SGSN_AUTH_REJECTED;
				125	}
				126
Jacob Erlbeck	a0b6efb	2014-11-13 10:48:39 +0100	[diff] [blame^]	127	int sgsn_auth_request(struct sgsn_mm_ctx *mmctx)
Jacob Erlbeck	423f8bf	2014-10-24 18:09:54 +0200	[diff] [blame]	128	{
Jacob Erlbeck	f951a01	2014-11-07 14:17:44 +0100	[diff] [blame]	129	/* TODO: Add remote subscriber update requests here */
Jacob Erlbeck	423f8bf	2014-10-24 18:09:54 +0200	[diff] [blame]	130
Jacob Erlbeck	a0b6efb	2014-11-13 10:48:39 +0100	[diff] [blame^]	131	sgsn_auth_update(mmctx);
Jacob Erlbeck	423f8bf	2014-10-24 18:09:54 +0200	[diff] [blame]	132
Jacob Erlbeck	423f8bf	2014-10-24 18:09:54 +0200	[diff] [blame]	133	return 0;
				134	}
				135
Jacob Erlbeck	a0b6efb	2014-11-13 10:48:39 +0100	[diff] [blame^]	136	void sgsn_auth_update(struct sgsn_mm_ctx *mmctx)
Jacob Erlbeck	423f8bf	2014-10-24 18:09:54 +0200	[diff] [blame]	137	{
Jacob Erlbeck	f951a01	2014-11-07 14:17:44 +0100	[diff] [blame]	138	enum sgsn_auth_state auth_state;
Jacob Erlbeck	423f8bf	2014-10-24 18:09:54 +0200	[diff] [blame]	139
Jacob Erlbeck	f951a01	2014-11-07 14:17:44 +0100	[diff] [blame]	140	LOGMMCTXP(LOGL_DEBUG, mmctx, "Updating authorization\n");
Jacob Erlbeck	423f8bf	2014-10-24 18:09:54 +0200	[diff] [blame]	141
Jacob Erlbeck	a0b6efb	2014-11-13 10:48:39 +0100	[diff] [blame^]	142	auth_state = sgsn_auth_state(mmctx);
Jacob Erlbeck	f951a01	2014-11-07 14:17:44 +0100	[diff] [blame]	143	if (auth_state == SGSN_AUTH_UNKNOWN) {
				144	/* Reject requests since remote updates are NYI */
				145	LOGMMCTXP(LOGL_ERROR, mmctx,
				146	"Missing information, authorization not possible\n");
				147	auth_state = SGSN_AUTH_REJECTED;
				148	}
				149
				150	if (mmctx->auth_state == auth_state)
				151	return;
				152
				153	LOGMMCTXP(LOGL_INFO, mmctx, "Got authorization update: state %s -> %s\n",
				154	get_value_string(sgsn_auth_state_names, mmctx->auth_state),
				155	get_value_string(sgsn_auth_state_names, auth_state));
				156
				157	mmctx->auth_state = auth_state;
				158
				159	switch (auth_state) {
Jacob Erlbeck	423f8bf	2014-10-24 18:09:54 +0200	[diff] [blame]	160	case SGSN_AUTH_ACCEPTED:
				161	gsm0408_gprs_access_granted(mmctx);
				162	break;
				163	case SGSN_AUTH_REJECTED:
				164	gsm0408_gprs_access_denied(mmctx);
				165	break;
				166	default:
				167	break;
				168	}
				169	}