neels has submitted this change. (
https://gerrit.osmocom.org/c/osmo-msc/+/29699 )
Change subject: vlr: implement fallback to no-auth
......................................................................
vlr: implement fallback to no-auth
When the HLR fails to return auth info and authentication and ciphering
are configured to be optional, fall back to no-auth.
This patch concludes a series of preparatory patches and implements the
actual functional change.
Related: OS#4830
Change-Id: I5feda196fa481dd8a46b0e4721c64b7c6600f0d1
---
M include/osmocom/msc/vlr.h
M src/libvlr/vlr_access_req_fsm.c
M src/libvlr/vlr_lu_fsm.c
M tests/msc_vlr/msc_vlr_test_hlr_reject.err
4 files changed, 46 insertions(+), 10 deletions(-)
Approvals:
neels: Looks good to me, approved
Jenkins Builder: Verified
diff --git a/include/osmocom/msc/vlr.h b/include/osmocom/msc/vlr.h
index 499aa37..86a72f2 100644
--- a/include/osmocom/msc/vlr.h
+++ b/include/osmocom/msc/vlr.h
@@ -68,6 +68,7 @@
VLR_ULA_E_SEND_ID_ACK, /* Result of Send-ID from PVLR */
VLR_ULA_E_SEND_ID_NACK, /* Result of Send-ID from PVLR */
VLR_ULA_E_AUTH_SUCCESS, /* Successful result of auth procedure */
+ VLR_ULA_E_AUTH_NO_INFO, /* HLR returned SAI NACK, possibly continue
without auth */
VLR_ULA_E_AUTH_FAILURE, /* Auth procedure failed */
VLR_ULA_E_CIPH_RES, /* Result of Ciphering Mode Command */
VLR_ULA_E_ID_IMSI, /* IMSI received from MS */
@@ -438,6 +439,7 @@
PR_ARQ_E_START,
PR_ARQ_E_ID_IMSI,
PR_ARQ_E_AUTH_RES,
+ PR_ARQ_E_AUTH_NO_INFO,
PR_ARQ_E_AUTH_FAILURE,
PR_ARQ_E_CIPH_RES,
PR_ARQ_E_UPD_LOC_RES,
diff --git a/src/libvlr/vlr_access_req_fsm.c b/src/libvlr/vlr_access_req_fsm.c
index 2c9009e..629625e 100644
--- a/src/libvlr/vlr_access_req_fsm.c
+++ b/src/libvlr/vlr_access_req_fsm.c
@@ -40,6 +40,7 @@
OSMO_VALUE_STRING(PR_ARQ_E_START),
OSMO_VALUE_STRING(PR_ARQ_E_ID_IMSI),
OSMO_VALUE_STRING(PR_ARQ_E_AUTH_RES),
+ OSMO_VALUE_STRING(PR_ARQ_E_AUTH_NO_INFO),
OSMO_VALUE_STRING(PR_ARQ_E_AUTH_FAILURE),
OSMO_VALUE_STRING(PR_ARQ_E_CIPH_RES),
OSMO_VALUE_STRING(PR_ARQ_E_UPD_LOC_RES),
@@ -289,7 +290,10 @@
LOGPFSM(fi, "%s()\n", __func__);
- if (!is_cmc_smc_to_be_attempted(par)) {
+ /* Continue with ciphering, if enabled.
+ * If auth/ciph is optional and the HLR returned no auth info, continue
without ciphering. */
+ if (!is_cmc_smc_to_be_attempted(par)
+ || (vsub->sec_ctx == VLR_SEC_CTX_NONE &&
!par->is_ciphering_required)) {
_proc_arq_vlr_node2_post_ciph(fi);
return;
}
@@ -345,7 +349,7 @@
0, 0);
vsub->auth_fsm = auth_fsm_start(vsub, fi,
PR_ARQ_E_AUTH_RES,
- PR_ARQ_E_AUTH_FAILURE,
+ PR_ARQ_E_AUTH_NO_INFO,
PR_ARQ_E_AUTH_FAILURE,
par->is_r99,
par->is_utran);
@@ -439,6 +443,7 @@
static void proc_arq_vlr_fn_w_auth(struct osmo_fsm_inst *fi,
uint32_t event, void *data)
{
+ struct proc_arq_priv *par = fi->priv;
enum gsm48_reject_value *cause = data;
switch (event) {
@@ -448,7 +453,19 @@
return;
case PR_ARQ_E_AUTH_FAILURE:
- proc_arq_fsm_done(fi, cause? *cause :
GSM48_REJECT_NETWORK_FAILURE);
+ proc_arq_fsm_done(fi, cause ? *cause :
GSM48_REJECT_NETWORK_FAILURE);
+ return;
+
+ case PR_ARQ_E_AUTH_NO_INFO:
+ /* HLR returned no auth info for the subscriber. Continue only
if authentication is optional. */
+ if (par->authentication_required) {
+ proc_arq_fsm_done(fi, cause ? *cause :
GSM48_REJECT_NETWORK_FAILURE);
+ return;
+ }
+ LOGPFSML(fi, LOGL_INFO,
+ "Attaching subscriber without auth (auth is optional,
and no auth info received from HLR)\n");
+ /* Node 2 */
+ _proc_arq_vlr_node2(fi);
return;
default:
@@ -559,6 +576,7 @@
[PR_ARQ_S_WAIT_AUTH] = {
.name = OSMO_STRINGIFY(PR_ARQ_S_WAIT_AUTH),
.in_event_mask = S(PR_ARQ_E_AUTH_RES) |
+ S(PR_ARQ_E_AUTH_NO_INFO) |
S(PR_ARQ_E_AUTH_FAILURE),
.out_state_mask = S(PR_ARQ_S_DONE) |
S(PR_ARQ_S_WAIT_CIPH) |
diff --git a/src/libvlr/vlr_lu_fsm.c b/src/libvlr/vlr_lu_fsm.c
index a65421c..7500c86 100644
--- a/src/libvlr/vlr_lu_fsm.c
+++ b/src/libvlr/vlr_lu_fsm.c
@@ -643,6 +643,7 @@
OSMO_VALUE_STRING(VLR_ULA_E_SEND_ID_ACK),
OSMO_VALUE_STRING(VLR_ULA_E_SEND_ID_NACK),
OSMO_VALUE_STRING(VLR_ULA_E_AUTH_SUCCESS),
+ OSMO_VALUE_STRING(VLR_ULA_E_AUTH_NO_INFO),
OSMO_VALUE_STRING(VLR_ULA_E_AUTH_FAILURE),
OSMO_VALUE_STRING(VLR_ULA_E_CIPH_RES),
OSMO_VALUE_STRING(VLR_ULA_E_ID_IMSI),
@@ -861,7 +862,10 @@
OSMO_ASSERT(vsub);
- if (!is_cmc_smc_to_be_attempted(lfp)) {
+ /* Continue with ciphering, if enabled.
+ * If auth/ciph is optional and the HLR returned no auth info, continue
without ciphering. */
+ if (!is_cmc_smc_to_be_attempted(lfp)
+ || (vsub->sec_ctx == VLR_SEC_CTX_NONE &&
!lfp->is_ciphering_required)) {
vlr_loc_upd_post_ciph(fi);
return;
}
@@ -913,7 +917,7 @@
vsub->auth_fsm = auth_fsm_start(lfp->vsub,
fi,
VLR_ULA_E_AUTH_SUCCESS,
- VLR_ULA_E_AUTH_FAILURE,
+ VLR_ULA_E_AUTH_NO_INFO,
VLR_ULA_E_AUTH_FAILURE,
lfp->is_r99,
lfp->is_utran);
@@ -1156,7 +1160,18 @@
return;
case VLR_ULA_E_AUTH_FAILURE:
- lu_fsm_failure(fi, res? *res : GSM48_REJECT_NETWORK_FAILURE);
+ lu_fsm_failure(fi, res ? *res : GSM48_REJECT_NETWORK_FAILURE);
+ return;
+
+ case VLR_ULA_E_AUTH_NO_INFO:
+ /* HLR returned no auth info for the subscriber. Continue only
if authentication is optional. */
+ if (lfp->authentication_required || lfp->is_ciphering_required)
{
+ lu_fsm_failure(fi, res ? *res :
GSM48_REJECT_NETWORK_FAILURE);
+ return;
+ }
+ LOGPFSML(fi, LOGL_INFO,
+ "Attaching subscriber without auth (auth is optional,
and no auth info received from HLR)\n");
+ vlr_loc_upd_post_auth(fi);
return;
default:
@@ -1377,6 +1392,7 @@
},
[VLR_ULA_S_WAIT_AUTH] = {
.in_event_mask = S(VLR_ULA_E_AUTH_SUCCESS) |
+ S(VLR_ULA_E_AUTH_NO_INFO) |
S(VLR_ULA_E_AUTH_FAILURE),
.out_state_mask = S(VLR_ULA_S_WAIT_CIPH) |
S(VLR_ULA_S_WAIT_LU_COMPL) |
diff --git a/tests/msc_vlr/msc_vlr_test_hlr_reject.err
b/tests/msc_vlr/msc_vlr_test_hlr_reject.err
index 45a92ca..26d5736 100644
--- a/tests/msc_vlr/msc_vlr_test_hlr_reject.err
+++ b/tests/msc_vlr/msc_vlr_test_hlr_reject.err
@@ -47,7 +47,7 @@
DVLR
VLR_Authenticate(IMSI-901700000004620:GERAN-A:LU){VLR_SUB_AS_NEEDS_AUTH_WAIT_AI}:
state_chg to VLR_SUB_AS_AUTH_FAILED
DVLR
VLR_Authenticate(IMSI-901700000004620:GERAN-A:LU){VLR_SUB_AS_AUTH_FAILED}:
Terminating (cause = OSMO_FSM_TERM_REGULAR)
DVLR
VLR_Authenticate(IMSI-901700000004620:GERAN-A:LU){VLR_SUB_AS_AUTH_FAILED}:
Removing from parent vlr_lu_fsm(IMSI-901700000004620:GERAN-A:LU)
-DVLR vlr_lu_fsm(IMSI-901700000004620:GERAN-A:LU){VLR_ULA_S_WAIT_AUTH}:
Received Event VLR_ULA_E_AUTH_FAILURE
+DVLR vlr_lu_fsm(IMSI-901700000004620:GERAN-A:LU){VLR_ULA_S_WAIT_AUTH}:
Received Event VLR_ULA_E_AUTH_NO_INFO
- sending LU Reject for IMSI-901700000004620:GERAN-A:LU, cause 2
DVLR vlr_lu_fsm(IMSI-901700000004620:GERAN-A:LU){VLR_ULA_S_WAIT_AUTH}:
state_chg to VLR_ULA_S_DONE
DMSC msc_a(IMSI-901700000004620:GERAN-A:LU){MSC_A_ST_AUTH_CIPH}: Received
Event MSC_A_EV_CN_CLOSE
@@ -146,7 +146,7 @@
DVLR
VLR_Authenticate(IMSI-901700000004620:GERAN-A:LU){VLR_SUB_AS_NEEDS_AUTH_WAIT_AI}:
state_chg to VLR_SUB_AS_AUTH_FAILED
DVLR
VLR_Authenticate(IMSI-901700000004620:GERAN-A:LU){VLR_SUB_AS_AUTH_FAILED}:
Terminating (cause = OSMO_FSM_TERM_REGULAR)
DVLR
VLR_Authenticate(IMSI-901700000004620:GERAN-A:LU){VLR_SUB_AS_AUTH_FAILED}:
Removing from parent vlr_lu_fsm(IMSI-901700000004620:GERAN-A:LU)
-DVLR vlr_lu_fsm(IMSI-901700000004620:GERAN-A:LU){VLR_ULA_S_WAIT_AUTH}:
Received Event VLR_ULA_E_AUTH_FAILURE
+DVLR vlr_lu_fsm(IMSI-901700000004620:GERAN-A:LU){VLR_ULA_S_WAIT_AUTH}:
Received Event VLR_ULA_E_AUTH_NO_INFO
- sending LU Reject for IMSI-901700000004620:GERAN-A:LU, cause 17
DVLR vlr_lu_fsm(IMSI-901700000004620:GERAN-A:LU){VLR_ULA_S_WAIT_AUTH}:
state_chg to VLR_ULA_S_DONE
DMSC msc_a(IMSI-901700000004620:GERAN-A:LU){MSC_A_ST_AUTH_CIPH}: Received
Event MSC_A_EV_CN_CLOSE
@@ -742,7 +742,7 @@
DVLR
VLR_Authenticate(IMSI-901700000004620:MSISDN-46071:GERAN-A:LU){VLR_SUB_AS_NEEDS_AUTH_WAIT_AI}:
state_chg to VLR_SUB_AS_AUTH_FAILED
DVLR
VLR_Authenticate(IMSI-901700000004620:MSISDN-46071:GERAN-A:LU){VLR_SUB_AS_AUTH_FAILED}:
Terminating (cause = OSMO_FSM_TERM_REGULAR)
DVLR
VLR_Authenticate(IMSI-901700000004620:MSISDN-46071:GERAN-A:LU){VLR_SUB_AS_AUTH_FAILED}:
Removing from parent vlr_lu_fsm(IMSI-901700000004620:MSISDN-46071:GERAN-A:LU)
-DVLR
vlr_lu_fsm(IMSI-901700000004620:MSISDN-46071:GERAN-A:LU){VLR_ULA_S_WAIT_AUTH}:
Received Event VLR_ULA_E_AUTH_FAILURE
+DVLR
vlr_lu_fsm(IMSI-901700000004620:MSISDN-46071:GERAN-A:LU){VLR_ULA_S_WAIT_AUTH}:
Received Event VLR_ULA_E_AUTH_NO_INFO
- sending LU Reject for IMSI-901700000004620:MSISDN-46071:GERAN-A:LU, cause 17
DVLR
vlr_lu_fsm(IMSI-901700000004620:MSISDN-46071:GERAN-A:LU){VLR_ULA_S_WAIT_AUTH}:
state_chg to VLR_ULA_S_DONE
DMSC msc_a(IMSI-901700000004620:MSISDN-46071:GERAN-A:LU){MSC_A_ST_AUTH_CIPH}:
Received Event MSC_A_EV_CN_CLOSE
@@ -1010,7 +1010,7 @@
DVLR
VLR_Authenticate(IMSI-901700000004620:MSISDN-46071:GERAN-A:LU){VLR_SUB_AS_NEEDS_AUTH_WAIT_AI}:
state_chg to VLR_SUB_AS_AUTH_FAILED
DVLR
VLR_Authenticate(IMSI-901700000004620:MSISDN-46071:GERAN-A:LU){VLR_SUB_AS_AUTH_FAILED}:
Terminating (cause = OSMO_FSM_TERM_REGULAR)
DVLR
VLR_Authenticate(IMSI-901700000004620:MSISDN-46071:GERAN-A:LU){VLR_SUB_AS_AUTH_FAILED}:
Removing from parent vlr_lu_fsm(IMSI-901700000004620:MSISDN-46071:GERAN-A:LU)
-DVLR
vlr_lu_fsm(IMSI-901700000004620:MSISDN-46071:GERAN-A:LU){VLR_ULA_S_WAIT_AUTH}:
Received Event VLR_ULA_E_AUTH_FAILURE
+DVLR
vlr_lu_fsm(IMSI-901700000004620:MSISDN-46071:GERAN-A:LU){VLR_ULA_S_WAIT_AUTH}:
Received Event VLR_ULA_E_AUTH_NO_INFO
- sending LU Reject for IMSI-901700000004620:MSISDN-46071:GERAN-A:LU, cause 2
DVLR
vlr_lu_fsm(IMSI-901700000004620:MSISDN-46071:GERAN-A:LU){VLR_ULA_S_WAIT_AUTH}:
state_chg to VLR_ULA_S_DONE
DMSC msc_a(IMSI-901700000004620:MSISDN-46071:GERAN-A:LU){MSC_A_ST_AUTH_CIPH}:
Received Event MSC_A_EV_CN_CLOSE
--
To view, visit https://gerrit.osmocom.org/c/osmo-msc/+/29699
To unsubscribe, or for help writing mail filters, visit
https://gerrit.osmocom.org/settings
Gerrit-Project: osmo-msc
Gerrit-Branch: master
Gerrit-Change-Id: I5feda196fa481dd8a46b0e4721c64b7c6600f0d1
Gerrit-Change-Number: 29699
Gerrit-PatchSet: 4
Gerrit-Owner: neels <nhofm...@sysmocom.de>
Gerrit-Reviewer: Jenkins Builder
Gerrit-Reviewer: laforge <lafo...@osmocom.org>
Gerrit-Reviewer: neels <nhofm...@sysmocom.de>
Gerrit-Reviewer: pespin <pes...@sysmocom.de>
Gerrit-MessageType: merged
