| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
|
|
|
|
In handle_paging_response(), don't check conn against NULL after using it all
the time anyway.
To ensure beyond doubt that it is actually never NULL, assert conn further up
in the call stack, i.e. in gsm0408_dispatch(), the main entry point for
receiving data from the BSC/RNC level. Also assert msg while at it.
Fixes: CID#93769
|
|
In gsm_04_08.c, add a static handle_paging_resp() to take over from the libbsc
function gsm48_handle_paging_resp(). Use the subscr->requests listing to handle
a Paging Response and call the pending cbfn.
In NITB, this used to be done via BTS, and I haven't entirely resolved yet how
exactly to rewire this in standalone libmsc. So far, this "works for me", but
is worth another visit.
Still missing: enable Integrity Protection.
|
|
|
|
|
|
|
|
Factor out hardcoded-Ki and auth tuple creation into a static function.
Add generation of fresh random bytes and generate a valid auth tuple so that
the authentication token is different for every MM Auth.
|
|
This involves removing the openbsc_vty_print_statistics() from
vty_interface_layer3.c, as this would link across the MSC/BSC border.
|
|
|
|
Add iu_page_cs() and iu_page_ps() API, also add to libiudummy for linking in
tests.
Implement msc_paging_request() by calling iu_page_cs().
|
|
|
|
Add lac argument to gsm0408_rcvmsg_iucs(), to record the LAC in newly
allocated gsm_subscriber_connections.
In effect, fix the LAC sent to UE during Location Updating Accept message.
Before, 0 was stored as LAC and sent to the UE, regardless of the actual
LAC in use.
|
|
|
|
|
|
|
|
Conflicts:
openbsc/src/libmsc/auth.c
openbsc/src/libmsc/gsm_04_08.c
openbsc/src/osmo-bsc/osmo_bsc_vty.c
openbsc/tests/Makefile.am
|
|
Make sure a new auth tuple is initialized after
db_get_lastauthtuple_for_subscr() returns an error, i.e. if no tuple is present
for the subscriber yet.
Before this patch, the first key_seq depended on the typically uninitialized
value that was present in auth tuple's key_seq upon calling
auth_get_tuple_for_subscr().
The very first key_seq used for a new subscriber will now always be 0. Before,
it used to be mostly 1 ("(0 + 1) % 7"), but depended on whether the key_seq was
indeed initialized with 0, actually by random.
|
|
In auth_get_tuple_for_subscr(), add missing condition to match incoming
key_seq with stored key_seq, so that re-authentication is requested for
mismatching key_seqs.
Add test for this issue.
|
|
AUTH_NOT_AVAIL == 0, so this is no functional change.
|
|
Instead of using hardcoded -1 for errors, include -1 in the enum auth_action
type; apply its use.
In the mm_auth test, the string output changes from '(internal error)' to
'AUTH_ERROR', since now the proper enum value is used in auth_action_names[].
|
|
Add basic MM Authentication test setup, with fake DB access and RAND_bytes().
So far implement simple tests for IO error during DB access and missing auth
entry.
To print the auth action during tests, add struct auth_action_names and
auth_action_str() inline function in auth.[hc].
|
|
|
|
Upon authentication response, initiate integrity protection for Iu by sending a
Security Mode Command (IK), with hardcoded auth tuple so far.
Implement RANAP event handling to receive Security Mode Complete message,
adding stubs for the other events; in new files osmo-cscn/iucs_ranap.[hc] to
keep RANAP dependencies separate, and particularly out of libmsc.
Upon receiving Security Mode Complete, call the security operation callback
(conn->sec_operation->cb) to complete the Location Update.
Introduce enum integrity_protection_state constants to indicate integrity
protection, record in gsm_subscriber_conn.iu.integrity_protection.
Make subscr_conn_lookup_iu() non-static and declare in iu_cs.h to be able to
call from iucs_ranap.c's Security Mode Complete event.
Implement dummy iu_tx_sec_mode_cmd() to allow tests to build without RANAP
dependencies.
In cscn_main.c, call iucs_rx_ranap_event(), to populate the struct gsm_network
struct with cscn_network explicitly (don't share cscn_network across
compilation scopes because it's ugly).
|
|
directly
|
|
sgsn_libgtp.c: missing include, for asn1str_to_u32()
iu_cs.c: missing include, for subscr_name()
osmo_bsc_vty.c: int/pointer conversions
(note: this was discussed on the list to be solved by passing a pointer
instead. Until then...)
iudummy.c: opaque struct declarations
|
|
Prepares for calling from IuCS RANAP events.
|
|
|
|
gprs_gmm.c: remove extraneous debug print arg.
iu_cs.c: increment should not be in debug statement.
Fixes at least one coverity warning.
|
|
|
|
|
|
This reverts commit 044fbe6568f82a12bf4e3addc7e3d6db529b6548.
|
|
In OpenBSC, we traditionally displayed a TMSI in its integer
representation, which is quite unusual in the telecom world. A TMSI is
normally printed as a series of 8 hex digits.
This patch aligns OpenBSC with the telecom industry standard.
Signed-off-by: Vadim Yanitskiy <axilirator@gmail.com>
|
|
|
|
libosmocore recently added inline functions to relieve callers from applying
bitmasks and bit shifts to access the transaction id of a GSM 04.08 header.
Apply these functions.
|
|
Replace hardcoded protocol discriminator and message type bitmasks with
function calls recently introduced in libosmocore.
Note that the release 98 bitmasks slightly differ from the release 99 bitmasks.
This patch uses the "default" gsm48_hdr_msg_type invocation, thus it depends on
libosmocore whether 98 or 99 bitmasks are used.
In some places, use of the bitmask was erratic. Fix these implicitly by
employing the bitmask functions:
* silent_call.c: silent_call_reroute(): add missing bitmask for MM.
* bsc_msg_filter.c: bsc_msg_filter_initial(): RR vs. MM messages.
* osmo_bsc_filter.c: bsc_find_msc() and bsc_scan_bts_msg(): RR vs. MM
messages.
* bsc_nat_rewrite.c: bsc_nat_rewrite_msg(): SMS vs. CC messages.
* bsc_ussd.c: no bitmask is applicable for the message types used here.
* gb_proxy.c: gbproxy_imsi_acquisition(): missing bit mask for pdisc.
In gprs_gb_parse.c: gprs_gb_parse_dtap(), add a log notice for unexpected
message types.
|
|
libosmocore recently added inline functions to relieve callers from applying
bitmasks and bit shifts to access the transaction id of a GSM 04.08 header.
Apply these functions.
|
|
Replace hardcoded protocol discriminator and message type bitmasks with
function calls recently introduced in libosmocore.
Note that the release 98 bitmasks slightly differ from the release 99 bitmasks.
This patch uses the "default" gsm48_hdr_msg_type invocation, thus it depends on
libosmocore whether 98 or 99 bitmasks are used.
In some places, use of the bitmask was erratic. Fix these implicitly by
employing the bitmask functions:
* silent_call.c: silent_call_reroute(): add missing bitmask for MM.
* bsc_msg_filter.c: bsc_msg_filter_initial(): RR vs. MM messages.
* osmo_bsc_filter.c: bsc_find_msc() and bsc_scan_bts_msg(): RR vs. MM
messages.
* bsc_nat_rewrite.c: bsc_nat_rewrite_msg(): SMS vs. CC messages.
* bsc_ussd.c: no bitmask is applicable for the message types used here.
* gb_proxy.c: gbproxy_imsi_acquisition(): missing bit mask for pdisc.
In gprs_gb_parse.c: gprs_gb_parse_dtap(), add a log notice for unexpected
message types.
|
|
|
|
So far the code did only auth+ciph or none. Add case handling for only
authentication without ciphering (basically just fill in the blanks).
|
|
|
|
|
|
Depending on conn->via_iface, fail upon missing auth for 3G.
Move the log notice saying "skipping auth" to gsm48_secure_channel() where
conn->via_iface is actually known.
|
|
|
|
|
|
As commented in the code, the GSM_SECURITY_AUTH_FAILED path is never invoked by
the gsm48_secure_channel() function as it is today.
Note that the upcoming Iu auth will probably add a GSM_SECURITY_AUTH_FAILED
status. In that case, sending a LU Reject immediately may be desirable, but
arguably a bit of timeout could make life harder for auth attackers.
The code removed by this patch doesn't send out a LU Reject ever, since a call
to release_loc_updating_req() only releases the connection. To reject, a call
to gsm0408_loc_upd_rej() would be necessary, as seen in loc_upd_rej_cb().
And finally, if _gsm0408_authorize_sec_cb() doesn't do anything about anything,
the same loc_upd_rej_cb() will be run by a timeout and send a LU Reject
properly (as commented in the code).
|
|
Have two separate gsm0480_send_ussdNotify() and gsm0480_send_releaseComplete()
for each of libbsc and libmsc. Move their core into libxsc as generator
functions returning a msgb.
Add src/libbsc/gsm_04_80_utils.c (note, not 04_08) to implement the libbsc
side of it.
The code is identical, but the linked structs and functions differ in each
case. There could be a common source file built for both, but I decided against
it, for more clarity I hope.
|
|
|
|
Also change the signature to avoid using gsm_subscriber_connection, which
has different members in libbsc and libmsc.
|
|
|
