vlr: implement fallback to no-auth
When the HLR fails to return auth info and authentication and ciphering
are configured to be optional, fall back to no-auth.
This patch concludes a series of preparatory patches and implements the
actual functional change.
Related: OS#4830
Change-Id: I5feda196fa481dd8a46b0e4721c64b7c6600f0d1
diff --git a/src/libvlr/vlr_lu_fsm.c b/src/libvlr/vlr_lu_fsm.c
index a65421c..7500c86 100644
--- a/src/libvlr/vlr_lu_fsm.c
+++ b/src/libvlr/vlr_lu_fsm.c
@@ -643,6 +643,7 @@
OSMO_VALUE_STRING(VLR_ULA_E_SEND_ID_ACK),
OSMO_VALUE_STRING(VLR_ULA_E_SEND_ID_NACK),
OSMO_VALUE_STRING(VLR_ULA_E_AUTH_SUCCESS),
+ OSMO_VALUE_STRING(VLR_ULA_E_AUTH_NO_INFO),
OSMO_VALUE_STRING(VLR_ULA_E_AUTH_FAILURE),
OSMO_VALUE_STRING(VLR_ULA_E_CIPH_RES),
OSMO_VALUE_STRING(VLR_ULA_E_ID_IMSI),
@@ -861,7 +862,10 @@
OSMO_ASSERT(vsub);
- if (!is_cmc_smc_to_be_attempted(lfp)) {
+ /* Continue with ciphering, if enabled.
+ * If auth/ciph is optional and the HLR returned no auth info, continue without ciphering. */
+ if (!is_cmc_smc_to_be_attempted(lfp)
+ || (vsub->sec_ctx == VLR_SEC_CTX_NONE && !lfp->is_ciphering_required)) {
vlr_loc_upd_post_ciph(fi);
return;
}
@@ -913,7 +917,7 @@
vsub->auth_fsm = auth_fsm_start(lfp->vsub,
fi,
VLR_ULA_E_AUTH_SUCCESS,
- VLR_ULA_E_AUTH_FAILURE,
+ VLR_ULA_E_AUTH_NO_INFO,
VLR_ULA_E_AUTH_FAILURE,
lfp->is_r99,
lfp->is_utran);
@@ -1156,7 +1160,18 @@
return;
case VLR_ULA_E_AUTH_FAILURE:
- lu_fsm_failure(fi, res? *res : GSM48_REJECT_NETWORK_FAILURE);
+ lu_fsm_failure(fi, res ? *res : GSM48_REJECT_NETWORK_FAILURE);
+ return;
+
+ case VLR_ULA_E_AUTH_NO_INFO:
+ /* HLR returned no auth info for the subscriber. Continue only if authentication is optional. */
+ if (lfp->authentication_required || lfp->is_ciphering_required) {
+ lu_fsm_failure(fi, res ? *res : GSM48_REJECT_NETWORK_FAILURE);
+ return;
+ }
+ LOGPFSML(fi, LOGL_INFO,
+ "Attaching subscriber without auth (auth is optional, and no auth info received from HLR)\n");
+ vlr_loc_upd_post_auth(fi);
return;
default:
@@ -1377,6 +1392,7 @@
},
[VLR_ULA_S_WAIT_AUTH] = {
.in_event_mask = S(VLR_ULA_E_AUTH_SUCCESS) |
+ S(VLR_ULA_E_AUTH_NO_INFO) |
S(VLR_ULA_E_AUTH_FAILURE),
.out_state_mask = S(VLR_ULA_S_WAIT_CIPH) |
S(VLR_ULA_S_WAIT_LU_COMPL) |