pespin has uploaded this change for review. ( https://gerrit.osmocom.org/c/erlang/osmo-epdg/+/36173?usp=email )

Change subject: Avoid propagating full diameter Swx MAA message to epdg gsup module ......................................................................

Avoid propagating full diameter Swx MAA message to epdg gsup module

Keep diameter specific stuff in the diameter module.

Change-Id: I4a787649cf970fc08e32cfb27e846598515482ef --- M include/conv.hrl M src/aaa_diameter_swx_cb.erl M src/aaa_ue_fsm.erl M src/epdg_diameter_swm.erl M src/epdg_ue_fsm.erl M src/gsup_server.erl 6 files changed, 59 insertions(+), 31 deletions(-)

git pull ssh://gerrit.osmocom.org:29418/erlang/osmo-epdg refs/changes/73/36173/1

diff --git a/include/conv.hrl b/include/conv.hrl index a3e147d..80b7e5b 100644 --- a/include/conv.hrl +++ b/include/conv.hrl @@ -42,4 +42,12 @@ remote_teid :: non_neg_integer(), eua :: epdg_eua, peer_addr :: binary() +}). + +-record(epdg_auth_tuple, { + rand :: binary(), + autn :: binary(), + res :: binary(), + ik :: binary(), + ck :: binary() }). \ No newline at end of file diff --git a/src/aaa_diameter_swx_cb.erl b/src/aaa_diameter_swx_cb.erl index 5dd00ef..0457259 100644 --- a/src/aaa_diameter_swx_cb.erl +++ b/src/aaa_diameter_swx_cb.erl @@ -5,6 +5,7 @@

-include_lib("diameter/include/diameter.hrl"). -include_lib("diameter_3gpp_ts29_273_swx.hrl"). +-include("conv.hrl").

%% diameter callbacks -export([peer_up/3, peer_down/3, pick_peer/4, pick_peer/5, prepare_request/3, prepare_request/4, @@ -69,7 +70,10 @@ %% handle_answer/4 handle_answer(#diameter_packet{msg = Msg, errors = Errors}, _Request, _SvcName, Peer, ReqPid) when is_record(Msg, 'MAA') -> lager:info("SWx Rx MAA ~p: ~p/ Errors ~p ~n", [Peer, Msg, Errors]), - aaa_ue_fsm:ev_rx_swx_maa(ReqPid, Msg), + #'MAA'{'SIP-Auth-Data-Item' = SipAuthTuples} = Msg, + AuthTuples = lists:map(fun dia_sip2epdg_auth_tuple/1, SipAuthTuples), + % TODO: handle error case.... + aaa_ue_fsm:ev_rx_swx_maa(ReqPid, {ok, AuthTuples}), {ok, Msg}; handle_answer(#diameter_packet{msg = Msg, errors = Errors}, Request, _SvcName, Peer, ReqPid) when is_record(Msg, 'SAA') -> lager:info("SWx Rx SAA ~p: ~p/ Errors ~p ~n", [Peer, Msg, Errors]), @@ -121,6 +125,20 @@ result_code_success(2002) -> ok; result_code_success(_) -> invalid_result_code.

+dia_sip2epdg_auth_tuple(#'SIP-Auth-Data-Item'{'SIP-Authenticate' = [Authenticate], + 'SIP-Authorization' = [Authorization], + 'Confidentiality-Key' = [CKey], + 'Integrity-Key' = [IKey]}) -> + lager:info("dia_sip2gsup: auth ~p authz ~p ~n", [Authenticate, Authorization]), + lager:info(" rand ~p autn ~p ~n", [lists:sublist(Authenticate, 1, 16), lists:sublist(Authenticate, 17, 16)]), + #epdg_auth_tuple{ + rand = list_to_binary(lists:sublist(Authenticate, 1, 16)), + autn = list_to_binary(lists:sublist(Authenticate, 17, 16)), + res = list_to_binary(Authorization), + ik = list_to_binary(IKey), + ck =list_to_binary(CKey) + }. + parse_pgw_addr_from_MIP6_Agent_Info([]) -> undefined; parse_pgw_addr_from_MIP6_Agent_Info([AgentInfo]) -> diff --git a/src/aaa_ue_fsm.erl b/src/aaa_ue_fsm.erl index 9fa868e..9e41756 100644 --- a/src/aaa_ue_fsm.erl +++ b/src/aaa_ue_fsm.erl @@ -93,10 +93,10 @@ {error, Err} end.

-ev_rx_swx_maa(Pid, MAA) -> +ev_rx_swx_maa(Pid, Result) -> lager:info("ue_fsm ev_rx_swx_maa~n", []), try - gen_statem:call(Pid, {rx_swx_maa, MAA}) + gen_statem:call(Pid, {rx_swx_maa, Result}) catch exit:Err -> {error, Err} @@ -172,9 +172,9 @@ state_wait_swx_maa(enter, _OldState, Data) -> {keep_state, Data};

-state_wait_swx_maa({call, From}, {rx_swx_maa, MAA}, Data) -> +state_wait_swx_maa({call, From}, {rx_swx_maa, Result}, Data) -> lager:info("ue_fsm state_wait_swx_maa event=rx_swx_maa, ~p~n", [Data]), - aaa_diameter_swm:auth_response(Data#ue_fsm_data.imsi, {ok, MAA}), + aaa_diameter_swm:auth_response(Data#ue_fsm_data.imsi, Result), % TODO: don't transit if SAS returned error code. {next_state, state_new, Data, [{reply,From,ok}]}.

diff --git a/src/epdg_diameter_swm.erl b/src/epdg_diameter_swm.erl index 9b010d9..54626cf 100644 --- a/src/epdg_diameter_swm.erl +++ b/src/epdg_diameter_swm.erl @@ -41,7 +41,7 @@ % Apn: SWm Diameter AVP "Service-Selection" Result = gen_server:call(?SERVER, {epdg_auth_req, ImsiStr, PdpTypeNr, Apn}), case Result of - {ok, _Mar} -> + {ok, _AuthTuples} -> epdg_ue_fsm:received_swm_auth_response(self(), Result), ok; _ -> Result diff --git a/src/epdg_ue_fsm.erl b/src/epdg_ue_fsm.erl index c6358fd..b729cc8 100644 --- a/src/epdg_ue_fsm.erl +++ b/src/epdg_ue_fsm.erl @@ -208,10 +208,10 @@ state_wait_auth_resp(enter, _OldState, Data) -> {keep_state, Data};

-state_wait_auth_resp({call, From}, {received_swm_auth_response, Auth}, Data) -> - lager:info("ue_fsm state_wait_auth_resp event=received_swm_auth_response, ~p~n", [Data]), - gsup_server:auth_response(Data#ue_fsm_data.imsi, Auth), - case Auth of +state_wait_auth_resp({call, From}, {received_swm_auth_response, Result}, Data) -> + lager:info("ue_fsm state_wait_auth_resp event=received_swm_auth_response Result=~p, ~p~n", [Result, Data]), + gsup_server:auth_response(Data#ue_fsm_data.imsi, Result), + case Result of {ok, _} -> {next_state, state_authenticating, Data, [{reply,From,ok}]}; {error, Err} -> diff --git a/src/gsup_server.erl b/src/gsup_server.erl index 3b69849..e340cc6 100644 --- a/src/gsup_server.erl +++ b/src/gsup_server.erl @@ -36,7 +36,6 @@

-behaviour(gen_server).

--include_lib("diameter_3gpp_ts29_273_swx.hrl"). -include_lib("osmo_ss7/include/ipa.hrl"). -include_lib("osmo_gsup/include/gsup_protocol.hrl"). -include("gtp_utils.hrl"). @@ -65,16 +64,9 @@ -export([code_change/3, terminate/2]). -export([auth_response/2, lu_response/2, tunnel_response/2, purge_ms_response/2, cancel_location_request/1]).

-% TODO: -spec dia_sip2gsup('SIP-Auth-Data-Item'()) -> #'GSUPAuthTuple'{}. -dia_sip2gsup(#'SIP-Auth-Data-Item'{'SIP-Authenticate' = [Authenticate], 'SIP-Authorization' = [Authorization], - 'Confidentiality-Key' = [CKey], 'Integrity-Key' = [IKey]}) -> - lager:info("dia_sip2gsup: auth ~p authz ~p ~n", [Authenticate, Authorization]), - lager:info(" rand ~p autn ~p ~n", [lists:sublist(Authenticate, 1, 16), lists:sublist(Authenticate, 17, 16)]), - #{rand => list_to_binary(lists:sublist(Authenticate, 1, 16)), - autn=> list_to_binary(lists:sublist(Authenticate, 17, 16)), - res=> list_to_binary(Authorization), - ik=> list_to_binary(IKey), - ck=> list_to_binary(CKey)}. +% TODO: -spec dia_sip2gsup(#epdg_auth_tuple{}) -> map(). +epdg_auth_tuple2gsup(#epdg_auth_tuple{rand = Rand, autn = Autn, res = Res, ck = Ck, ik = Ik}) -> + #{rand => Rand, autn => Autn, res => Res, ik => Ik, ck => Ck}.

%% ------------------------------------------------------------------ %% our exported API @@ -119,16 +111,15 @@ error_logger:error_report(["unknown handle_call", {module, ?MODULE}, {info, Info}, {state, State}]), {reply, error, not_implemented}.

-handle_cast({auth_response, {Imsi, Auth}}, State) -> - lager:info("auth_response for ~p: ~p~n", [Imsi, Auth]), +handle_cast({auth_response, {Imsi, Result}}, State) -> + lager:info("auth_response for ~p: ~p~n", [Imsi, Result]), Socket = State#gsups_state.socket, - case Auth of - {ok, Mar} -> SipAuthTuples = Mar#'MAA'.'SIP-Auth-Data-Item', - % AuthTuples = dia_sip2gsup(SipAuthTuples), + case Result of + {ok, AuthTuples} -> Resp = #{message_type => send_auth_info_res, message_class => 5, - imsi => list_to_binary(Mar#'MAA'.'User-Name'), - auth_tuples => lists:map(fun dia_sip2gsup/1, SipAuthTuples) + imsi => Imsi, + auth_tuples => lists:map(fun epdg_auth_tuple2gsup/1, AuthTuples) }; {error, _} -> Resp = #{message_type => send_auth_info_err, imsi => Imsi, message_class => 5, cause => ?GSUP_CAUSE_NET_FAIL} end, @@ -359,9 +350,9 @@ code_change(_OldVsn, State, _Extra) -> {ok, State}.

-auth_response(Imsi, Auth) -> - lager:info("auth_response(~p): ~p~n", [Imsi, Auth]), - gen_server:cast(?SERVER, {auth_response, {Imsi, Auth}}). +auth_response(Imsi, Result) -> + lager:info("auth_response(~p): ~p~n", [Imsi, Result]), + gen_server:cast(?SERVER, {auth_response, {Imsi, Result}}).

lu_response(Imsi, Result) -> lager:info("lu_response(~p): ~p~n", [Imsi, Result]),