sgsn: Replace subscr.authenticate by global require_authentication flag

Currently the flag 'authenticate' is managed per subscriber. This patch replaces that flag by a global cfg.require_authentication flag that enables/disables the use of the Auth & Ciph procedure for every subscriber. The flag is set by the VTY, if and only if the authorization policy is 'remote'. The VTY command - update-subscriber imsi IMSI insert authenticate <0-1> is removed. Sponsored-by: On-Waves ehf
2014-12-17 13:20:08 +01:00 · 2014-12-17 13:20:08 +01:00 · 9d4f46c975
parent 39f040d62b
commit 9d4f46c975
4 changed files with 10 additions and 11 deletions
--- a/openbsc/include/openbsc/sgsn.h
+++ b/openbsc/include/openbsc/sgsn.h
@ -30,6 +30,8 @@ struct sgsn_config {

 	struct sockaddr_in gsup_server_addr;
 	int gsup_server_port;
+
+	int require_authentication;
 };

 struct sgsn_instance {
--- a/openbsc/src/gprs/sgsn_auth.c
+++ b/openbsc/src/gprs/sgsn_auth.c
@ -110,7 +110,7 @@ enum sgsn_auth_state sgsn_auth_state(struct sgsn_mm_ctx *mmctx)
 		if (mmctx->subscr->flags & GPRS_SUBSCRIBER_UPDATE_PENDING_MASK)
 			return mmctx->auth_state;

-		if (mmctx->subscr->sgsn_data->authenticate &&
+		if (sgsn->cfg.require_authentication &&
 		    (!mmctx->is_authenticated ||
 		     mmctx->subscr->sgsn_data->auth_triplets_updated))
 			return SGSN_AUTH_AUTHENTICATE;
@ -171,7 +171,7 @@ int sgsn_auth_request(struct sgsn_mm_ctx *mmctx)

 	OSMO_ASSERT(mmctx->subscr != NULL);

-	if (mmctx->subscr->sgsn_data->authenticate && !mmctx->is_authenticated) {
+	if (sgsn->cfg.require_authentication && !mmctx->is_authenticated) {
 		/* Find next tuple */
 		at = sgsn_auth_get_tuple(mmctx, mmctx->auth_triplet.key_seq);

--- a/openbsc/src/gprs/sgsn_vty.c
+++ b/openbsc/src/gprs/sgsn_vty.c
@ -376,6 +376,7 @@ DEFUN(cfg_auth_policy, cfg_auth_policy_cmd,
 	int val = get_string_value(sgsn_auth_pol_strs, argv[0]);
 	OSMO_ASSERT(val >= SGSN_AUTH_POLICY_OPEN && val <= SGSN_AUTH_POLICY_REMOTE);
 	g_cfg->auth_policy = val;
+	g_cfg->require_authentication = (val == SGSN_AUTH_POLICY_REMOTE);

 	return CMD_SUCCESS;
 }
@ -472,15 +473,14 @@ DEFUN(show_subscr_cache,
 #define UPDATE_SUBSCR_INSERT_HELP "Insert data into the subscriber record\n"

 DEFUN(update_subscr_insert, update_subscr_insert_cmd,
-	UPDATE_SUBSCR_STR "insert (authorized|authenticate) (0|1)",
+	UPDATE_SUBSCR_STR "insert authorized <0-1>)",
 	UPDATE_SUBSCR_HELP
 	UPDATE_SUBSCR_INSERT_HELP
 	"Authorize the subscriber to attach\n"
 	"New option value\n")
 {
 	const char *imsi = argv[0];
-	const char *option = argv[1];
-	const char *value = argv[2];
+	const char *value = argv[1];

 	struct gsm_subscriber *subscr;

@ -490,10 +490,7 @@ DEFUN(update_subscr_insert, update_subscr_insert_cmd,
 		return CMD_WARNING;
 	}

-	if (!strcmp(option, "authorized"))
-		subscr->authorized = atoi(value);
-	else
-		subscr->sgsn_data->authenticate = atoi(value);
+	subscr->authorized = atoi(value);

 	subscr_put(subscr);

--- a/openbsc/tests/sgsn/sgsn_test.c
+++ b/openbsc/tests/sgsn/sgsn_test.c
@ -876,7 +876,7 @@ static void test_gmm_attach_subscr_fake_auth(void)

 	subscr = gprs_subscr_get_or_create("123456789012345");
 	subscr->authorized = 1;
-	subscr->sgsn_data->authenticate = 1;
+	sgsn->cfg.require_authentication = 1;
 	subscr_put(subscr);

 	printf("Auth policy 'remote', auth faked: ");
@ -918,7 +918,7 @@ static void test_gmm_attach_subscr_real_auth(void)

 	subscr = gprs_subscr_get_or_create("123456789012345");
 	subscr->authorized = 1;
-	subscr->sgsn_data->authenticate = 1;
+	sgsn->cfg.require_authentication = 1;
 	subscr_put(subscr);

 	printf("Auth policy 'remote', triplet based auth: ");