sgsn: Integrate subscriber handling into the SGSN This commit adds a new authorization policy 'remote' and uses the subscriber cache for authorization when this policy is being used. Note that there is no remote backend implemented yet. After the IMSI/IMEI have been acquired, a request would be sent to the remote peer. The attach/auth-ciph procedure continues when authorization info has been received from the peer. This means, that gprs_subscr_update() must be called then to tell the GMM layer that it can proceed. A later commit will add VTY commands to do this manually. Sponsored-by: On-Waves ehf

commit: be2c8d9358084092281e7d02dc7ae0b7e4c0b4f8 [log] [tgz]
author: Jacob Erlbeck <jerlbeck@sysmocom.de> Wed Nov 12 10:18:09 2014 +0100
committer: Holger Hans Peter Freyther <holger@moiji-mobile.com> Tue Dec 09 09:27:20 2014 +0100
tree: 447342f2c1aac8287c5538c22191e1cd06baf9b3
parent: 33b6dadc884ec1060e401ba097523086ac34b552 [diff]
diff --git a/openbsc/tests/sgsn/Makefile.am b/openbsc/tests/sgsn/Makefile.am
index 0e5d009..970311d 100644
--- a/openbsc/tests/sgsn/Makefile.am
+++ b/openbsc/tests/sgsn/Makefile.am

@@ -7,7 +7,8 @@
 
 sgsn_test_SOURCES = sgsn_test.c
 sgsn_test_LDFLAGS = \
-	-Wl,--wrap=sgsn_update_subscriber_data
+	-Wl,--wrap=sgsn_update_subscriber_data \
+	-Wl,--wrap=gprs_subscr_request_update
 
 sgsn_test_LDADD = \
 	$(top_builddir)/src/gprs/gprs_llc_parse.o \

diff --git a/openbsc/tests/sgsn/sgsn_test.c b/openbsc/tests/sgsn/sgsn_test.c
index 2eb6f38..981a557 100644
--- a/openbsc/tests/sgsn/sgsn_test.c
+++ b/openbsc/tests/sgsn/sgsn_test.c

@@ -67,6 +67,14 @@
 	(*update_subscriber_data_cb)(mmctx, subscr);
 }
 
+/* override, requires '-Wl,--wrap=gprs_subscr_request_update' */
+int __real_gprs_subscr_request_update(struct sgsn_mm_ctx *mmctx);
+int (*subscr_request_update_cb)(struct sgsn_mm_ctx *mmctx) =
+	&__real_gprs_subscr_request_update;
+
+int __wrap_gprs_subscr_request_update(struct sgsn_mm_ctx *mmctx) {
+	return (*subscr_request_update_cb)(mmctx);
+};
 
 static int count(struct llist_head *head)
 {
@@ -477,8 +485,6 @@
 	 * again */
 	srand(1);
 
-	sgsn_acl_add("123456789012345", &sgsn->cfg);
-
 	foreign_tlli = gprs_tmsi2tlli(0xc0000023, TLLI_FOREIGN);
 
 	/* Create a LLE/LLME */
@@ -537,8 +543,52 @@
 	OSMO_ASSERT(count(gprs_llme_list()) == 0);
 	ictx = sgsn_mm_ctx_by_tlli(local_tlli, &raid);
 	OSMO_ASSERT(!ictx);
+}
 
+static void test_gmm_attach_acl(void)
+{
+	const enum sgsn_auth_policy saved_auth_policy = sgsn->cfg.auth_policy;
+
+	sgsn_inst.cfg.auth_policy = SGSN_AUTH_POLICY_CLOSED;
+	sgsn_acl_add("123456789012345", &sgsn->cfg);
+	printf("Auth policy 'closed': ");
+	test_gmm_attach();
 	sgsn_acl_del("123456789012345", &sgsn->cfg);
+
+	sgsn->cfg.auth_policy = saved_auth_policy;
+}
+
+int my_subscr_request_update(struct sgsn_mm_ctx *mmctx) {
+	int rc;
+	rc = __real_gprs_subscr_request_update(mmctx);
+	if (rc == -ENOTSUP) {
+		OSMO_ASSERT(mmctx->subscr);
+		gprs_subscr_update(mmctx->subscr);
+	}
+	return rc;
+};
+
+static void test_gmm_attach_subscr(void)
+{
+	const enum sgsn_auth_policy saved_auth_policy = sgsn->cfg.auth_policy;
+	struct gsm_subscriber *subscr;
+
+	sgsn_inst.cfg.auth_policy = SGSN_AUTH_POLICY_REMOTE;
+	subscr_request_update_cb = my_subscr_request_update;
+
+	subscr = gprs_subscr_get_or_create("123456789012345");
+	subscr->authorized = 1;
+	subscr_put(subscr);
+
+	printf("Auth policy 'remote': ");
+	test_gmm_attach();
+
+	subscr = gprs_subscr_get_by_imsi("123456789012345");
+	OSMO_ASSERT(subscr != NULL);
+	gprs_subscr_delete(subscr);
+
+	sgsn->cfg.auth_policy = saved_auth_policy;
+	subscr_request_update_cb = __real_gprs_subscr_request_update;
 }
 
 /*
@@ -944,7 +994,8 @@
 	test_gmm_detach_no_mmctx();
 	test_gmm_detach_accept_unexpected();
 	test_gmm_status_no_mmctx();
-	test_gmm_attach();
+	test_gmm_attach_acl();
+	test_gmm_attach_subscr();
 	test_gmm_reject();
 	test_gmm_ptmsi_allocation();
 	printf("Done\n");

diff --git a/openbsc/tests/sgsn/sgsn_test.ok b/openbsc/tests/sgsn/sgsn_test.ok
index 1ee80be..86dd0a2 100644
--- a/openbsc/tests/sgsn/sgsn_test.ok
+++ b/openbsc/tests/sgsn/sgsn_test.ok

@@ -5,7 +5,8 @@
 Testing GMM detach (no MMCTX)
 Testing GMM detach accept (unexpected)
 Testing GMM Status (no MMCTX)
-Testing GMM attach
+Auth policy 'closed': Testing GMM attach
+Auth policy 'remote': Testing GMM attach
 Testing GMM reject
   - Attach Request (invalid MI length)
   - Attach Request (invalid MI type)

diff --git a/openbsc/tests/vty_test_runner.py b/openbsc/tests/vty_test_runner.py
index 40053e3..64437a1 100644
--- a/openbsc/tests/vty_test_runner.py
+++ b/openbsc/tests/vty_test_runner.py

@@ -752,6 +752,9 @@
         self.assertTrue(self.vty.verify('auth-policy closed', ['']))
         res = self.vty.command("show running-config")
         self.assert_(res.find('auth-policy closed') > 0)
+        self.assertTrue(self.vty.verify('auth-policy remote', ['']))
+        res = self.vty.command("show running-config")
+        self.assert_(res.find('auth-policy remote') > 0)
 
 def add_nat_test(suite, workdir):
     if not os.path.isfile(os.path.join(workdir, "src/osmo-bsc_nat/osmo-bsc_nat")):
commit	be2c8d9358084092281e7d02dc7ae0b7e4c0b4f8	[log] [tgz]
author	Jacob Erlbeck <jerlbeck@sysmocom.de>	Wed Nov 12 10:18:09 2014 +0100
committer	Holger Hans Peter Freyther <holger@moiji-mobile.com>	Tue Dec 09 09:27:20 2014 +0100
tree	447342f2c1aac8287c5538c22191e1cd06baf9b3
parent	33b6dadc884ec1060e401ba097523086ac34b552 [diff]