Allow to set nam_ps and nam_cs from this same function, by adding the is_ps
arg.
Combine both NAM_PS stmts to DB_STMT_UPD_NAM_PS_BY_IMSI, add another such stmt
for CS. Use named parameters instead of parameter indexes.
Improve error return values as well as error logging to clearly indicate
whether the operation could not find the requested IMSI, or other errors
occured.
Adjust the single caller.
This prepares for upcoming VTY and possibly CTRL commands, and the error
handling introduced here has been or will be adopted by other functions in
previous or subsequent patches.
Change-Id: I6e70e15228f5bb10bee6758ae5dc9687d65839bd
Factor out the selected SQL columns as SEL_COLUMNS macro, so that each of the
new DB_STMTs will select identical columns: the old DB_STMT_SEL_BY_IMSI as well
as the new DB_STMT_SEL_BY_MSISDN and DB_STMT_SEL_BY_ID.
Add the new functions db_subscr_get_by_msisdn() and db_subscr_get_by_id() and
factor out common parts with db_subscr_get_by_imsi() to static db_sel().
Change-Id: I6d0ddd1b7e3f6b180b4b1b2663c5725d2a4a9428
The SQLite db does not support uint64_t, and we are always binding the uint64_t
id actually as signed int64_t. Hence be consistent and actually handle it as
int64_t in the code as well.
This means that if we ever see a negative subscriber ID in the SQL database
(however unlikely), we will also see it negative in our log output.
The SQN handled in osmo_auth* is actually of unsigned type, and, unless we
store the SQN as 64bit hex string, we are forced to feed this unsigned value as
signed int64_t to the SQLite API. The upcoming db regression test for SQN in
change-id I0d870d405e2e0a830360d9ad19f0a3f9e09d8cf2 verifies that the SQN
uint64_t translates to signed int64_t and back as expected.
Change-Id: I83a47289a48ac37da0f712845d422e897a5e8171
db_remove_reset() needs to be called after each stmt run, whether it succeeded
or not.
In case sqlite3_clear_bindings() would fail to unbind a stmt, we would anyway
be beyond recovery. There seem to be no plausible situations where such failure
would occur, unless there have been no bindings in the first place.
In case there was an SQL stmt failure, sqlite3_reset() will re-barf the same
error message, we will always have logged it earlier already in the proper
context.
We are never evaluating the return value, nor would we know how to recover from
non-success.
The conclusions:
- db_remove_reset() does not need to log any errors.
- db_remove_reset() does not need to return success.
Change-Id: I21678463e59f607f5f5c5732963e274392f0fffd
These will be needed by VTY commands to create, delete and modify subscribers.
Auth data editing will follow in another patch.
The FIXME "also remove authentication data from auc_2g and auc_3g" will get
fixed in change-id Icb11b5e059fb920447a9aa414db1819a0c020529.
Change-Id: I725273d36234331093e7fff7d5f12f6be6ab2623
Will be used in upcoming patches, e.g. change-IDs
- I6e70e15228f5bb10bee6758ae5dc9687d65839bd
- I83a47289a48ac37da0f712845d422e897a5e8171
Change-Id: I705a15eef242c98feb6e95a883916f6cf8173d70
SQLite3 seems to be commonly compiled without log callback support. It is then
misleading to see a seeming error message about this on each osmo-hlr startup.
Avoid the impression that we would miss out on important logging: query
sqlit3_compileoption_get() whether SQLITE_CONFIG_SQLLOG is enabled. Try to
register the callback only if present, if not, say so on DEBUG log.
See https://sqlite.org/compile.html "SQLITE_ENABLE_SQLLOG"
Change-Id: I78d75dc351eb587b0a022f82f147e9a31c0324c5
Before, it looked like the nul term was within the if () body (despite no body
being present).
While at it, also remove one of the two tabs of indenting and put the opening
'do {' on its own line.
Change-Id: I8d03433b6fba90f4e46814bc54636bc3a444cc46
In LOGHLR and LOGAUC, log IMSI='<imsi>' instead of just <imsi>:
In the log, it is not always obvious to the reader that the printed number
refers to an IMSI (vs. an MSISDN or in the future an IMEI).
In db_get_auth_data(), log "No such subscriber" instead of just "Unknown", to
clarify what exactly is meant.
Change-Id: I2ec8ab5e67d4e95083f6e39232fc91ebaa080cb8
In multiple lines, the statement becomes more readable.
I'd like to get this change out of the way before upcoming SQL statement edits
and additions.
Change-Id: Icf09f4bbb298a516aa52c81e3ca67d9d91d8c7c2
There are more uses for a generalized db_bind_text(), and in an upcoming patch
there will be similar functions like db_bind_int().
Also, add argument param_name, optionally indicating a named SQL parameter to
bind to, which will be used in subsequent patches. So far, all callers pass
NULL to yield previous db_bind_imsi() behavior of binding to the first param.
Change-Id: I87bc46a23a724677e8319d6a4b032976b7ba9394
There will be more additions, _by_msisdn() and _by_id(), to serve the upcoming
VTY commands, to allow flexibly selecting subscribers as in the old OsmoNITB.
Change-Id: I32fa676ccc5c10eba834c4390c8a42476b9c1961
There are upcoming additions, and some seem too general without a proper common
prefix in the identifiers, like 'CREATE'.
Change-Id: I51b677db31a1ebbbc45dc7925074de7493fbde1f
Add ind_bitlen column to auc_3g to record each USIM's IND size according to
3GPP TS 33.102 -- default is 5 bits, as suggested by the spec.
Introduce auc_3g_ind to each connecting GSUP client to use as IND index for
generating auth tuples sent to this client.
With osmo_gsup_server_add_conn(), implement a scheme where clients receive
fixed auc_3g_ind indexes based on the order in which they connect; each new
connection takes the lowest unused auc_3g_ind, so in case one of the clients
restarts, it will most likely receive the same auc_3g_ind, and if one client
disconnects, no other clients' auc_3g_ind are affected.
Add gsup_server_test.c to test the auc_3g_ind index distribution scheme.
Depends: libosmocore I4eac5be0c0b2cede04464c4c3a0873102d952453 for llist_first
Related: OS#1969
Change-Id: If4501ed4ff8e923fa6fe8b80c44c5ad647a8ed60
We can no longer accurately print the SQN from AUTS resync, since the SQN is
incremented after AUTS. Instead, always print the SQN from the generated tuple,
i.e. exactly the one left in auth data *after* the tuple was generated.
This change was forgotten in recent adjustments to the new SQN incrementing
scheme from libosmocore, in change-id I4ec5a578537acb1d9e1ebfe00a72417fc3ca5894
for libosmocore change-id Iadf43f21e0605e9e85f7e8026c40985f7ceff1a3.
It should have been obvious that something was missing in the previous patch
from the auc_test output: the SQN in the output changed while the AUTN remained
the same. That slipped by without being noticed :/
Change-Id: I0e1e828da931a3d22c75306c55bdb7f44df6512f
Add commands to enable/disable Packet Service for a given IMSI. Changes
are synced to DB and propagated at runtime to SGSN (in case of disable
command).
Change-Id: I23163ce8667292443ed61cb15c928357dba4b4be
Related: OS#1645
This allows to check for subscriber's presence in DB without the need to
bother with unused structure allocation.
While at it also call to db_remove_reset() and return explicitly instead
of using goto to make it a bit easier to follow the code.
Change-Id: I83b0f4a5dacb97614721690ef55bc1311624a58e
Introduce g_hlr of type 'struct hlr' which holds pointers to all
globally accessible variables.
Change-Id: I275d3d54482f696e3378606b2406c7e0ad939e0f
Related: OS#1645
Fix bug where AUTS was fed to each vector generation and thus each vector was
generated with the same SQN. In auc_3g_test, adjust the bug indicating test
expectations to now expect the proper results.
Depends: libosmocore change-id If943731a78089f0aac3d55245de80596d01314a4
Change-Id: I425a1d92c85896227341f565f5361c0d830ce866
Make the generation logic easier to understand (hopefully).
Massively extend debug logging, which serves to illustrate the current AUTS
failure shown by auc_3g_test.
Since DAUC now logs the vectors, there is no need to print the vectors in
VEC_IS() in auc_3g_test and auc_ts_55_205_test_sets anymore. Adjust testlog
expectations accordingly.
Change-Id: Ifb36d010a4ac64c765517e15b9074424ec19cc60
In auc_gen_vectors(), add various checks that the auth data arguments passed
make sense, and add unit test to verify that they work. (Caught a segfault due
to NULL dereference with this.)
Change-Id: I775652b6a91d382707ce32176a3fe4ef547cbca7
Also, fix log formatting: SQL statements do not have '\n' at the end.
Note: sqlite should be compiled with SQLITE_ENABLE_SQLLOG for this code
to work at all.
Change-Id: I5e53de54ad1b9da18e1f414932cfd21be71ab154
* move common cleanup code into separate function
* add helper function for IMSI binding
* use errno.h instead of numbers
Change-Id: Iec81b56ab1ccc948807854a3947b04355a555c10
Create luop.(c|h) and move lu_operation and corresponding TX
functions there to facilitate re-use in upcoming control interface.
Change-Id: Ic55a45d56b37be2ba43d96f7da2af43b46af9813
Related: OS#1645
* move common copy-pasted code to initialize GSUP message into static
function
* use osmo_strlcpy() to copy imsi for added safety
Change-Id: Icd6e2479aa111ff820d53711222d46c6522033e6
According to libosmocore change-id I0dcbd49759fc32d3b8974102dbd1d6703364ebf4
this argument ordering will not result in successful AUTS. Pass in order
auts, auts_rand so that these are passed correctly to our milenage code.
Change-Id: I6aa19004ec27bad5e9c2bf688d9bbc55d697ccb0
Add config file, mainly for logging control.
Open VTY on the OMSO_VTY_PORT_HLR added to libosmocore in
commit 92fa18e6b800a27aa064a5fb8321cddd7383ae20
aka change-id I08cb52d9399a27e6876e45da36f434708c4fddef.
Add hlr_vty.h/c for standard VTY setup.
Add -c option to pass config file.
Add --version option.
Change-Id: Iedb884345a597371a337b0c67eb6013b7d5d1ce1
Parse commandline options, supporting general Osmocom options as copied from
osmo-nitb (bsc_hack.c): version, logging and daemonize options.
Set the HLR database file from cmdline option, log the filename in db_open().
(VTY config file in next patch.)
Change-Id: I279d517e1310e398b0a2382349e62be8e65364c1
Create hlr_ctx and pass on to DB and GSUP server code.
Add call msgb_talloc_ctx_init(hlr_ctx).
Instead of printing the entire talloc context on exit, just print the hlr_ctx
upon SIGUSR1 (like our other binaries do). Otherwise we will get pages of
talloc output on each program exit as soon as we add a VTY (next patch).
Change-Id: I3c64cb4ad7a681b88c7409296ad3afeb8000e2a4
Add APN '*' to PDP info part of GSUP response to make it possible to
test SGSN 'auth-policy remote'.
Change-Id: I95d69508aafc13e82f5f51fc6fe8f56cd7f45e2b
Related: OS#1794
DLGSUP must no longer be added to applications' logging category arrays after
change-id Id974c7be158e4d60421a98110f5c807aefd31119 in libosmocore.
Todo: once above change is merged to libosmocore, bump the required libosmocore
version in configure.ac.
Change-Id: I74ab1a031d1ed144468b016294d2965eba5e7d1d
Add configure.ac and Makefile.ams to build with
autoreconf && ./configure && make
like most other Osmocom projects.
Add jenkins.sh for a gerrit build job to verify patches.
Change-Id: I6b4419dd519f3d0a75235d0c22bf899f075347a3
Using this procedure, the VLR/SGSN can set the cs/ps purged
flag for the subscriber. We might not even need to store this
persistent in the database according to spec, but let's do it anyway, at
least until it turns out to be a performance issue.
The database stores the key material as hex-ascii, we thus need to go
through osmo_hexparse() when reading. We could also store the material
as BLOB in the database. That would however complicate matters, as it
would basically mean using the sqlite3 command to manually
inspect/modify data from the console would no longer be easily possible.
Using this commit I have 2G authentication working against osmo-sgsn
with GSUP and 'auth policy remote'.
When responding to a SendAuthInfo.req, we need to differentiate
an error case caused by an unknown IMSI, or an error caused by
an error regarding accessing the database or data integrity.
It currently creates a database with 1 million subscribers, all of which
are provisioned for both 2G and 3G authentication using the same key
material.
We also introduce a 'gsup_router' which enables us to route
a transaction to a given VLR. It works based on the SERIAL attribute
communicated at time of the IPA multiplex setup as part of the CCM
sub-protocol.
Neels Hofmeyr
Neels Hofmeyr
Pau Espin
Harald Welte