Adopt the error handling of the other db functions: return -ENOENT on unknown
subscriber and -EIO on SQL failure. Return 0 for no error, instead of the
number of rows modified.
Adjust the single caller: db_get_auc()
(and db_test.c).
Change-Id: I006f471962bdad95d00a3a4c41a28ebbc9740884
Add ability to add and remove auc_2g and auc_3g table rows with
db_subscr_update_aud_by_id().
In db_subscr_delete_by_id(), make sure that when deleting a subscriber, also
all auth data associated with that user ID is removed as well. A newly created
subscriber must not obtain the same auth tokens just by getting the same id.
Depends: libosmocore Idf75946eb0a84e145adad13fc7c78bb7a267aa0a
Change-Id: Icb11b5e059fb920447a9aa414db1819a0c020529
Use named parameters in the SQL statements.
Use db_bind_* functions to drop some code dup.
Adopt error handling (rc and logging) to match the other db functions: return
-ENOENT for unknown subscriber, -EIO for SQL failures.
Change-Id: Iad49d29b90a708c6cf55bfb3bcc02d9e29001a15
Use named parameters in the SQL statement.
Use db_bind_* functions to drop some code dup.
Use explicit subscriber id arg instead of subscriber struct.
Match return values and error logging to other db functions.
Change-Id: I35665e84ddbe54a6f218b24033df969ad2e669a0
Allow to set nam_ps and nam_cs from this same function, by adding the is_ps
arg.
Combine both NAM_PS stmts to DB_STMT_UPD_NAM_PS_BY_IMSI, add another such stmt
for CS. Use named parameters instead of parameter indexes.
Improve error return values as well as error logging to clearly indicate
whether the operation could not find the requested IMSI, or other errors
occured.
Adjust the single caller.
This prepares for upcoming VTY and possibly CTRL commands, and the error
handling introduced here has been or will be adopted by other functions in
previous or subsequent patches.
Change-Id: I6e70e15228f5bb10bee6758ae5dc9687d65839bd
Factor out the selected SQL columns as SEL_COLUMNS macro, so that each of the
new DB_STMTs will select identical columns: the old DB_STMT_SEL_BY_IMSI as well
as the new DB_STMT_SEL_BY_MSISDN and DB_STMT_SEL_BY_ID.
Add the new functions db_subscr_get_by_msisdn() and db_subscr_get_by_id() and
factor out common parts with db_subscr_get_by_imsi() to static db_sel().
Change-Id: I6d0ddd1b7e3f6b180b4b1b2663c5725d2a4a9428
The SQLite db does not support uint64_t, and we are always binding the uint64_t
id actually as signed int64_t. Hence be consistent and actually handle it as
int64_t in the code as well.
This means that if we ever see a negative subscriber ID in the SQL database
(however unlikely), we will also see it negative in our log output.
The SQN handled in osmo_auth* is actually of unsigned type, and, unless we
store the SQN as 64bit hex string, we are forced to feed this unsigned value as
signed int64_t to the SQLite API. The upcoming db regression test for SQN in
change-id I0d870d405e2e0a830360d9ad19f0a3f9e09d8cf2 verifies that the SQN
uint64_t translates to signed int64_t and back as expected.
Change-Id: I83a47289a48ac37da0f712845d422e897a5e8171
db_remove_reset() needs to be called after each stmt run, whether it succeeded
or not.
In case sqlite3_clear_bindings() would fail to unbind a stmt, we would anyway
be beyond recovery. There seem to be no plausible situations where such failure
would occur, unless there have been no bindings in the first place.
In case there was an SQL stmt failure, sqlite3_reset() will re-barf the same
error message, we will always have logged it earlier already in the proper
context.
We are never evaluating the return value, nor would we know how to recover from
non-success.
The conclusions:
- db_remove_reset() does not need to log any errors.
- db_remove_reset() does not need to return success.
Change-Id: I21678463e59f607f5f5c5732963e274392f0fffd
These will be needed by VTY commands to create, delete and modify subscribers.
Auth data editing will follow in another patch.
The FIXME "also remove authentication data from auc_2g and auc_3g" will get
fixed in change-id Icb11b5e059fb920447a9aa414db1819a0c020529.
Change-Id: I725273d36234331093e7fff7d5f12f6be6ab2623
Will be used in upcoming patches, e.g. change-IDs
- I6e70e15228f5bb10bee6758ae5dc9687d65839bd
- I83a47289a48ac37da0f712845d422e897a5e8171
Change-Id: I705a15eef242c98feb6e95a883916f6cf8173d70
SQLite3 seems to be commonly compiled without log callback support. It is then
misleading to see a seeming error message about this on each osmo-hlr startup.
Avoid the impression that we would miss out on important logging: query
sqlit3_compileoption_get() whether SQLITE_CONFIG_SQLLOG is enabled. Try to
register the callback only if present, if not, say so on DEBUG log.
See https://sqlite.org/compile.html "SQLITE_ENABLE_SQLLOG"
Change-Id: I78d75dc351eb587b0a022f82f147e9a31c0324c5
Before, it looked like the nul term was within the if () body (despite no body
being present).
While at it, also remove one of the two tabs of indenting and put the opening
'do {' on its own line.
Change-Id: I8d03433b6fba90f4e46814bc54636bc3a444cc46
In LOGHLR and LOGAUC, log IMSI='<imsi>' instead of just <imsi>:
In the log, it is not always obvious to the reader that the printed number
refers to an IMSI (vs. an MSISDN or in the future an IMEI).
In db_get_auth_data(), log "No such subscriber" instead of just "Unknown", to
clarify what exactly is meant.
Change-Id: I2ec8ab5e67d4e95083f6e39232fc91ebaa080cb8
In multiple lines, the statement becomes more readable.
I'd like to get this change out of the way before upcoming SQL statement edits
and additions.
Change-Id: Icf09f4bbb298a516aa52c81e3ca67d9d91d8c7c2
There are more uses for a generalized db_bind_text(), and in an upcoming patch
there will be similar functions like db_bind_int().
Also, add argument param_name, optionally indicating a named SQL parameter to
bind to, which will be used in subsequent patches. So far, all callers pass
NULL to yield previous db_bind_imsi() behavior of binding to the first param.
Change-Id: I87bc46a23a724677e8319d6a4b032976b7ba9394
There will be more additions, _by_msisdn() and _by_id(), to serve the upcoming
VTY commands, to allow flexibly selecting subscribers as in the old OsmoNITB.
Change-Id: I32fa676ccc5c10eba834c4390c8a42476b9c1961
There are upcoming additions, and some seem too general without a proper common
prefix in the identifiers, like 'CREATE'.
Change-Id: I51b677db31a1ebbbc45dc7925074de7493fbde1f
The previous efforts have failed: python3 does not supply
/usr/bin/python symlink. Let's use python-minimal dependency.
Change-Id: If9e3f31622efae132b25683c54ce09c83ce43415
After recent switch to legacy python2 .deb fails on OBS. Let's put
known-to-work python3 dependency back but keep the script itself on
python without version specifier as it seems to work fine with both
versions.
This, in turn, causes tests to fail on FreeBSD so disable them for now.
Change-Id: I4a87252d411d840fca7362736a8c7877efa6ff52
Related: SYS#3322
It depends on the cards whether you have op or opc, but the most cards in use
for 3G are using the opc. Change the example to reflect that.
Change-Id: I8f6051ea9b285ff6261bfe346cfc29d1167921f5
In particular I need this to start a fresh osmo-hlr instance on the
osmo-gsm-tester. Might also come in handy during packaging?
Change-Id: I08e48375814ab93691892299d34909c6d0bf12a2
Add ind_bitlen column to auc_3g to record each USIM's IND size according to
3GPP TS 33.102 -- default is 5 bits, as suggested by the spec.
Introduce auc_3g_ind to each connecting GSUP client to use as IND index for
generating auth tuples sent to this client.
With osmo_gsup_server_add_conn(), implement a scheme where clients receive
fixed auc_3g_ind indexes based on the order in which they connect; each new
connection takes the lowest unused auc_3g_ind, so in case one of the clients
restarts, it will most likely receive the same auc_3g_ind, and if one client
disconnects, no other clients' auc_3g_ind are affected.
Add gsup_server_test.c to test the auc_3g_ind index distribution scheme.
Depends: libosmocore I4eac5be0c0b2cede04464c4c3a0873102d952453 for llist_first
Related: OS#1969
Change-Id: If4501ed4ff8e923fa6fe8b80c44c5ad647a8ed60
We can no longer accurately print the SQN from AUTS resync, since the SQN is
incremented after AUTS. Instead, always print the SQN from the generated tuple,
i.e. exactly the one left in auth data *after* the tuple was generated.
This change was forgotten in recent adjustments to the new SQN incrementing
scheme from libosmocore, in change-id I4ec5a578537acb1d9e1ebfe00a72417fc3ca5894
for libosmocore change-id Iadf43f21e0605e9e85f7e8026c40985f7ceff1a3.
It should have been obvious that something was missing in the previous patch
from the auc_test output: the SQN in the output changed while the AUTN remained
the same. That slipped by without being noticed :/
Change-Id: I0e1e828da931a3d22c75306c55bdb7f44df6512f
In change-id Iadf43f21e0605e9e85f7e8026c40985f7ceff1a3, libosmocore changes
from incrementing SQN after tuple generation to incrementing SQN before tuple
generation. Thus we now need to pass desired_sqn - 1 to get the same tuples.
Adjust all regression tests, showing that the tuples as well as the SQNs used
to generate the tuples remain unchanged, and only the SQN before and after
generating reflect different values.
Related: OS#1968 OS#1969
Change-Id: I4ec5a578537acb1d9e1ebfe00a72417fc3ca5894
The current auc tests test a lot with SQN == 0. An upcoming change in the SQN
algorithms from libosmocore [1] will require us to pass desired_sqn - 1,
because the tuple generation will increment the SQN before calculating. Later
on [2] we will also want to employ ind_bits and ind in the test. In order to
have some room in the number range, cosmetically adjust the current SQN tested
for from 0 to 32, changing the generated AUTN. The upcoming adjustment to the
new situation will then be able to show that only the SQN values before and
after vector generation change while the auth tuples as well as the SQNs used
for generation remain the same (without having to trick around with wrapping
SQN past its maximum value).
Note that the TS 55.205 test sets include neither SQN nor AUTN. While AUTN
changes with changing SQN, all the other values are invariant of the SQN used.
So we can simply choose a different SQN and ignore the difference in the AUTN.
[1] change-id Iadf43f21e0605e9e85f7e8026c40985f7ceff1a3 "store last sqn"
[2] change-id Ibc97e1736a797ffcbf8c1f7d41c5c4518f4e41bf "fix SQN increment"
Related: OS#1969
Change-Id: I45d1866cde1b3e777460df76100af2fe4767c678
Add explicit dependency on python3 which is necessary for 'make check'
stage. While at it, add DH_VERBOSE option for debian/control to
facilitate future troubleshooting.
Change-Id: I0ed0bb0f889d4569c9229f3f12ad8bdb11cc1e7c
Related: OS#1948
Add commands to enable/disable Packet Service for a given IMSI. Changes
are synced to DB and propagated at runtime to SGSN (in case of disable
command).
Change-Id: I23163ce8667292443ed61cb15c928357dba4b4be
Related: OS#1645