sgsn: Move IMSI authorization to gsm48_gmm_authorize

Currently the IMSI is only checked immediately when an Attach Request is received that contains an IMSI IE. If it contains a P-TMSI instead, access is always granted. This commit moves the IMSI check to gsm48_gmm_authorize where it is applied when IMSI and IMEI have been acquired. This fixes the authorization when the Attach Accept doesn't contain an IMSI. Sponsored-by: On-Waves ehf
2014-10-29 22:12:20 +01:00 · 2014-10-29 22:12:20 +01:00 · 0c06f98ced
parent b1c074f62c
commit 0c06f98ced
3 changed files with 28 additions and 16 deletions
--- a/openbsc/include/openbsc/gprs_sgsn.h
+++ b/openbsc/include/openbsc/gprs_sgsn.h
@ -117,6 +117,8 @@ struct sgsn_mm_ctx {
 	 * (refers to the timer) and pending_req (refers to the procedure),
 	 * where mm->T == 3350 => mm->t3350_mode == f(mm->pending_req). Check
 	 * whether one of them can be dropped. */
+
+	int			is_authorized;
 };

 #define LOGMMCTXP(level, mm, fmt, args...) \
--- a/openbsc/src/gprs/gprs_gmm.c
+++ b/openbsc/src/gprs/gprs_gmm.c
@ -640,9 +640,30 @@ static int gsm48_gmm_authorize(struct sgsn_mm_ctx *ctx)
 	}

 	/* All information required for authentication is available */
-
 	ctx->t3370_id_type = GSM_MI_TYPE_NONE;

+	if (!ctx->is_authorized) {
+		/* As a temorary hack, we simply assume that the IMSI exists,
+		 * as long as it is part of 'our' network */
+		char mccmnc[16];
+		int rc;
+		snprintf(mccmnc, sizeof(mccmnc), "%03d%02d",
+			 ctx->ra.mcc, ctx->ra.mnc);
+		if (strncmp(mccmnc, ctx->imsi, 5) &&
+		    (sgsn->cfg.acl_enabled &&
+		     !sgsn_acl_lookup(ctx->imsi, &sgsn->cfg))) {
+			LOGP(DMM, LOGL_NOTICE, "Rejecting ATTACH REQUEST IMSI=%s\n",
+			     ctx->imsi);
+			rc = gsm48_tx_gmm_att_rej(ctx,
+						  GMM_CAUSE_GPRS_NOTALLOWED);
+			mm_ctx_cleanup_free(ctx, "ATTACH REJECT");
+			return rc;
+		}
+		ctx->is_authorized = 1;
+	}
+
+	/* The MS is authorized */
+
 	switch (ctx->pending_req) {
 	case 0:
 		LOGMMCTXP(LOGL_INFO, ctx,
@ -799,18 +820,6 @@ static int gsm48_rx_gmm_att_req(struct sgsn_mm_ctx *ctx, struct msgb *msg,
 #if 0
 			return gsm48_tx_gmm_att_rej(msg, GMM_CAUSE_IMSI_UNKNOWN);
 #else
-			/* As a temorary hack, we simply assume that the IMSI exists,
-			 * as long as it is part of 'our' network */
-			char mccmnc[16];
-			snprintf(mccmnc, sizeof(mccmnc), "%03d%02d", ra_id.mcc, ra_id.mnc);
-			if (strncmp(mccmnc, mi_string, 5) &&
-			    (sgsn->cfg.acl_enabled &&
-			     !sgsn_acl_lookup(mi_string, &sgsn->cfg))) {
-				LOGP(DMM, LOGL_NOTICE, "Rejecting ATTACH REQUEST IMSI=%s\n",
-				     mi_string);
-				return gsm48_tx_gmm_att_rej_oldmsg(msg,
-								GMM_CAUSE_GPRS_NOTALLOWED);
-			}
 			ctx = sgsn_mm_ctx_alloc(0, &ra_id);
 			if (!ctx)
 				return gsm48_tx_gmm_att_rej_oldmsg(msg, GMM_CAUSE_NET_FAIL);
--- a/openbsc/tests/sgsn/sgsn_test.c
+++ b/openbsc/tests/sgsn/sgsn_test.c
@ -340,6 +340,8 @@ static void test_gmm_attach(void)
 	/* reset the PRNG used by sgsn_alloc_ptmsi */
 	srand(1);

+	sgsn_acl_add("123456789012345", &sgsn->cfg);
+
 	foreign_tlli = gprs_tmsi2tlli(0xc0000023, TLLI_FOREIGN);

 	/* Create a LLE/LLME */
@ -369,9 +371,6 @@ static void test_gmm_attach(void)
 	send_0408_message(ctx->llme, foreign_tlli,
 			  ident_resp_imsi, ARRAY_SIZE(ident_resp_imsi));

-	/* FIXME: We are not authorized and should get an Attach Reject, fix
-	 * authorization in gprs_gmm.c */
-
 	/* check that the MM context has not been removed due to a failed
 	 * authorization */
 	OSMO_ASSERT(ctx == sgsn_mm_ctx_by_tlli(foreign_tlli, &raid));
@ -401,6 +400,8 @@ static void test_gmm_attach(void)
 	OSMO_ASSERT(count(gprs_llme_list()) == 0);
 	ictx = sgsn_mm_ctx_by_tlli(local_tlli, &raid);
 	OSMO_ASSERT(!ictx);
+
+	sgsn_acl_del("123456789012345", &sgsn->cfg);
 }

 static struct log_info_cat gprs_categories[] = {