sgsn: Replace subscr.authenticate by global require_authentication flag
Currently the flag 'authenticate' is managed per subscriber. This patch replaces that flag by a global cfg.require_authentication flag that enables/disables the use of the Auth & Ciph procedure for every subscriber. The flag is set by the VTY, if and only if the authorization policy is 'remote'. The VTY command - update-subscriber imsi IMSI insert authenticate <0-1> is removed. Sponsored-by: On-Waves ehf
This commit is contained in:
parent
39f040d62b
commit
9d4f46c975
|
@ -30,6 +30,8 @@ struct sgsn_config {
|
|||
|
||||
struct sockaddr_in gsup_server_addr;
|
||||
int gsup_server_port;
|
||||
|
||||
int require_authentication;
|
||||
};
|
||||
|
||||
struct sgsn_instance {
|
||||
|
|
|
@ -110,7 +110,7 @@ enum sgsn_auth_state sgsn_auth_state(struct sgsn_mm_ctx *mmctx)
|
|||
if (mmctx->subscr->flags & GPRS_SUBSCRIBER_UPDATE_PENDING_MASK)
|
||||
return mmctx->auth_state;
|
||||
|
||||
if (mmctx->subscr->sgsn_data->authenticate &&
|
||||
if (sgsn->cfg.require_authentication &&
|
||||
(!mmctx->is_authenticated ||
|
||||
mmctx->subscr->sgsn_data->auth_triplets_updated))
|
||||
return SGSN_AUTH_AUTHENTICATE;
|
||||
|
@ -171,7 +171,7 @@ int sgsn_auth_request(struct sgsn_mm_ctx *mmctx)
|
|||
|
||||
OSMO_ASSERT(mmctx->subscr != NULL);
|
||||
|
||||
if (mmctx->subscr->sgsn_data->authenticate && !mmctx->is_authenticated) {
|
||||
if (sgsn->cfg.require_authentication && !mmctx->is_authenticated) {
|
||||
/* Find next tuple */
|
||||
at = sgsn_auth_get_tuple(mmctx, mmctx->auth_triplet.key_seq);
|
||||
|
||||
|
|
|
@ -376,6 +376,7 @@ DEFUN(cfg_auth_policy, cfg_auth_policy_cmd,
|
|||
int val = get_string_value(sgsn_auth_pol_strs, argv[0]);
|
||||
OSMO_ASSERT(val >= SGSN_AUTH_POLICY_OPEN && val <= SGSN_AUTH_POLICY_REMOTE);
|
||||
g_cfg->auth_policy = val;
|
||||
g_cfg->require_authentication = (val == SGSN_AUTH_POLICY_REMOTE);
|
||||
|
||||
return CMD_SUCCESS;
|
||||
}
|
||||
|
@ -472,15 +473,14 @@ DEFUN(show_subscr_cache,
|
|||
#define UPDATE_SUBSCR_INSERT_HELP "Insert data into the subscriber record\n"
|
||||
|
||||
DEFUN(update_subscr_insert, update_subscr_insert_cmd,
|
||||
UPDATE_SUBSCR_STR "insert (authorized|authenticate) (0|1)",
|
||||
UPDATE_SUBSCR_STR "insert authorized <0-1>)",
|
||||
UPDATE_SUBSCR_HELP
|
||||
UPDATE_SUBSCR_INSERT_HELP
|
||||
"Authorize the subscriber to attach\n"
|
||||
"New option value\n")
|
||||
{
|
||||
const char *imsi = argv[0];
|
||||
const char *option = argv[1];
|
||||
const char *value = argv[2];
|
||||
const char *value = argv[1];
|
||||
|
||||
struct gsm_subscriber *subscr;
|
||||
|
||||
|
@ -490,10 +490,7 @@ DEFUN(update_subscr_insert, update_subscr_insert_cmd,
|
|||
return CMD_WARNING;
|
||||
}
|
||||
|
||||
if (!strcmp(option, "authorized"))
|
||||
subscr->authorized = atoi(value);
|
||||
else
|
||||
subscr->sgsn_data->authenticate = atoi(value);
|
||||
subscr->authorized = atoi(value);
|
||||
|
||||
subscr_put(subscr);
|
||||
|
||||
|
|
|
@ -876,7 +876,7 @@ static void test_gmm_attach_subscr_fake_auth(void)
|
|||
|
||||
subscr = gprs_subscr_get_or_create("123456789012345");
|
||||
subscr->authorized = 1;
|
||||
subscr->sgsn_data->authenticate = 1;
|
||||
sgsn->cfg.require_authentication = 1;
|
||||
subscr_put(subscr);
|
||||
|
||||
printf("Auth policy 'remote', auth faked: ");
|
||||
|
@ -918,7 +918,7 @@ static void test_gmm_attach_subscr_real_auth(void)
|
|||
|
||||
subscr = gprs_subscr_get_or_create("123456789012345");
|
||||
subscr->authorized = 1;
|
||||
subscr->sgsn_data->authenticate = 1;
|
||||
sgsn->cfg.require_authentication = 1;
|
||||
subscr_put(subscr);
|
||||
|
||||
printf("Auth policy 'remote', triplet based auth: ");
|
||||
|
|
Loading…
Reference in New Issue