OpenBSC November 2014

openbsc@lists.osmocom.org

6 participants
17 discussions

[PATCH] Configure the auth token sms text in the database

by Ruben Pollan

--- openbsc/include/openbsc/db.h | 2 ++ openbsc/src/libmsc/db.c | 77 +++++++++++++++++++++++++++++++++++++++- openbsc/src/libmsc/token_auth.c | 7 ++-- openbsc/src/osmo-nitb/bsc_hack.c | 5 +++ 4 files changed, 86 insertions(+), 5 deletions(-) diff --git a/openbsc/include/openbsc/db.h b/openbsc/include/openbsc/db.h index 6699a86..348a627 100644 --- a/openbsc/include/openbsc/db.h +++ b/openbsc/include/openbsc/db.h @@ -79,4 +79,6 @@ int db_store_counter(struct osmo_counter *ctr); struct rate_ctr_group; int db_store_rate_ctr_group(struct rate_ctr_group *ctrg); +char * db_get_text(const char *key); + #endif /* _DB_H */ diff --git a/openbsc/src/libmsc/db.c b/openbsc/src/libmsc/db.c index 656c661..1e8f000 100644 --- a/openbsc/src/libmsc/db.c +++ b/openbsc/src/libmsc/db.c @@ -45,11 +45,13 @@ static char *db_basename = NULL; static char *db_dirname = NULL; static dbi_conn conn; -#define SCHEMA_REVISION "4" +#define SCHEMA_REVISION "5" enum { SCHEMA_META, INSERT_META, + SCHEMA_TEXT, + INSERT_TEXT, SCHEMA_SUBSCRIBER, SCHEMA_AUTH, SCHEMA_EQUIPMENT, @@ -73,6 +75,16 @@ static const char *create_stmts[] = { "(key, value) " "VALUES " "('revision', " SCHEMA_REVISION ")", + [SCHEMA_TEXT] = "CREATE TABLE IF NOT EXISTS Text (" + "id INTEGER PRIMARY KEY AUTOINCREMENT, " + "key TEXT UNIQUE NOT NULL, " + "value TEXT NOT NULL" + ")", + [INSERT_TEXT] = "INSERT OR IGNORE INTO Text " + "(key, value) " + "VALUES " + "('auth_token_sms', 'Welcome to the GSM network. " + "Your IMSI is %s, auth token is %08X, phone no is %s.')", [SCHEMA_SUBSCRIBER] = "CREATE TABLE IF NOT EXISTS Subscriber (" "id INTEGER PRIMARY KEY AUTOINCREMENT, " "created TIMESTAMP NOT NULL, " @@ -367,6 +379,40 @@ rollback: return -EINVAL; } +static int update_db_revision_4(void) +{ + dbi_result result; + + result = dbi_conn_query(conn, create_stmts[SCHEMA_TEXT]); + if (!result) { + LOGP(DDB, LOGL_ERROR, + "Failed to create Text table (upgrade from rev 4).\n"); + return -EINVAL; + } + dbi_result_free(result); + + result = dbi_conn_query(conn, create_stmts[INSERT_TEXT]); + if (!result) { + LOGP(DDB, LOGL_ERROR, + "Failed to inserting Text (upgrade from rev 4).\n"); + return -EINVAL; + } + dbi_result_free(result); + + result = dbi_conn_query(conn, + "UPDATE Meta " + "SET value = '5' " + "WHERE key = 'revision'"); + if (!result) { + LOGP(DDB, LOGL_ERROR, + "Failed to update DB schema revision (upgrade from rev 4).\n"); + return -EINVAL; + } + dbi_result_free(result); + + return 0; +} + static int check_db_revision(void) { dbi_result result; @@ -398,6 +444,12 @@ static int check_db_revision(void) dbi_result_free(result); return -EINVAL; } + } else if (!strcmp(rev_s, "4")) { + if (update_db_revision_4()) { + LOGP(DDB, LOGL_FATAL, "Failed to update database from schema revision '%s'.\n", rev_s); + dbi_result_free(result); + return -EINVAL; + } } else if (!strcmp(rev_s, SCHEMA_REVISION)) { /* everything is fine */ } else { @@ -498,6 +550,29 @@ int db_fini(void) return 0; } +char * db_get_text(const char *key) { + dbi_result result; + const char * string; + char * text; + unsigned int len; + + result = dbi_conn_queryf(conn, + "SELECT value FROM Text WHERE key='%s'", key); + if (!result) + return NULL; + + if (!dbi_result_next_row(result)) { + dbi_result_free(result); + return NULL; + } + string = dbi_result_get_string(result, "value"); + text = talloc_strdup(NULL, string); + + dbi_result_free(result); + + return text; +} + struct gsm_subscriber *db_create_subscriber(const char *imsi) { dbi_result result; diff --git a/openbsc/src/libmsc/token_auth.c b/openbsc/src/libmsc/token_auth.c index 45b5a8e..3ee8564 100644 --- a/openbsc/src/libmsc/token_auth.c +++ b/openbsc/src/libmsc/token_auth.c @@ -29,20 +29,19 @@ #include <openbsc/chan_alloc.h> #include <openbsc/db.h> -#define TOKEN_SMS_TEXT "HAR 2009 GSM. Register at http://har2009.gnumonks.org/ " \ - "Your IMSI is %s, auth token is %08X, phone no is %s." +extern char * auth_token_sms_text; static char *build_sms_string(struct gsm_subscriber *subscr, uint32_t token) { char *sms_str; unsigned int len; - len = strlen(subscr->imsi) + 8 + strlen(TOKEN_SMS_TEXT); + len = strlen(subscr->imsi) + 8 + strlen(auth_token_sms_text) + strlen(subscr->extension); sms_str = talloc_size(tall_bsc_ctx, len); if (!sms_str) return NULL; - snprintf(sms_str, len, TOKEN_SMS_TEXT, subscr->imsi, token, + snprintf(sms_str, len, auth_token_sms_text, subscr->imsi, token, subscr->extension); sms_str[len-1] = '\0'; diff --git a/openbsc/src/osmo-nitb/bsc_hack.c b/openbsc/src/osmo-nitb/bsc_hack.c index 031cb99..9d552c2 100644 --- a/openbsc/src/osmo-nitb/bsc_hack.c +++ b/openbsc/src/osmo-nitb/bsc_hack.c @@ -67,6 +67,9 @@ static int use_db_counter = 1; #define DB_SYNC_INTERVAL 60, 0 #define EXPIRE_INTERVAL 10, 0 +/* for token auth */ +char * auth_token_sms_text = ""; + static struct osmo_timer_list db_sync_timer; static void create_pcap_file(char *file) @@ -322,6 +325,8 @@ int main(int argc, char **argv) } printf("DB: Database prepared.\n"); + auth_token_sms_text = db_get_text("auth_token_sms"); + /* setup the timer */ db_sync_timer.cb = db_sync_timer_cb; db_sync_timer.data = NULL; -- 2.1.1

10 years, 9 months

Failing test suite (gbproxy)

by Ciaby

I'm trying to build debian packages of OpenBSC. The test suite is failing on the gbproxy test (core dump). Attached is the testsuite.log file. Cheers Ciaby

10 years, 9 months

[PATCH] Fix debian packaging

by Ciaby

- Added debian/libosmosim0.install - Added libosmosim definition in debian/control --- debian/control | 6 ++++++ debian/libosmosim0.install | 1 + 2 files changed, 7 insertions(+) create mode 100644 debian/libosmosim0.install diff --git a/debian/control b/debian/control index cde3713..ccc7331 100644 --- a/debian/control +++ b/debian/control @@ -50,6 +50,12 @@ Architecture: any Depends: ${shlibs:Depends}, ${misc:Depends} Description: Osmo control library +Package: libosmosim0 +Section: libs +Architecture: any +Depends: ${shlibs:Depends}, ${misc:Depends} +Description: Osmo SIM library + Package: libosmocore-dev Section: libdevel Architecture: any diff --git a/debian/libosmosim0.install b/debian/libosmosim0.install new file mode 100644 index 0000000..8f29c4d --- /dev/null +++ b/debian/libosmosim0.install @@ -0,0 +1 @@ +usr/lib/libosmosim*.so.* -- 1.7.9.5

10 years, 9 months

Possible crash/malfunction in the handover code

by Ciaby

We have been experiencing problems with osmo-nitb since we enabled handover. Sometimes osmo-nitb crashes, and our users have reported the fact that sometimes they end up listening to someone's else conversation. This started to happen since we enabled handover. This is the backtrace i got from a core dump of osmo-nitb: (gdb) bt #0 subscr_name (subscr=0x0) at gsm_subscriber_base.c:47 #1 0x00000000004079e3 in ho_gsm48_ho_compl (new_lchan=0x7fb1a80dd0b0) at handover_logic.c:259 #2 ho_logic_sig_cb (signal_data=<optimized out>, signal=<optimized out>, subsys=<optimized out>, handler_data=<optimized out>) at handover_logic.c:353 #3 ho_logic_sig_cb (subsys=<optimized out>, signal=<optimized out>, handler_data=<optimized out>, signal_data=<optimized out>) at handover_logic.c:335 #4 0x00007fb1a76dccec in osmo_signal_dispatch (subsys=4, signal=3, signal_data=0x7ffffe668090) at signal.c:105 #5 0x0000000000408d25 in handle_rr_ho_compl (msg=<optimized out>) at bsc_api.c:524 #6 dispatch_dtap (msg=0x2436980, link_id=<optimized out>, conn=0xc8e070) at bsc_api.c:583 #7 gsm0408_rcvmsg (msg=0x2436980, link_id=<optimized out>) at bsc_api.c:657 #8 0x000000000041fde1 in abis_rsl_rx_rll (msg=0x2436980) at abis_rsl.c:1682 #9 abis_rsl_rcvmsg (msg=0x2436980) at abis_rsl.c:2093 #10 0x00007fb1a74cce5a in handle_ts1_read (bfd=0x90d6b8) at input/ipaccess.c:469 #11 ipaccess_fd_cb (bfd=0x90d6b8, what=1) at input/ipaccess.c:603 #12 0x00007fb1a76dca11 in osmo_select_main (polling=0) at select.c:158 #13 0x0000000000406e34 in main (argc=<optimized out>, argv=0x7ffffe6684f8) at bsc_hack.c:354 Any clue about why this is happening? Cheers Ciaby

10 years, 9 months

Possible crash/malfunction in the handover code

by Ciaby

10 years, 9 months

[PATCH] bsc: Fix use-after-free on OML NM messages from the BTS

by Jacob Erlbeck

Currently the sign_link pointer is dereferenced after a call to osmo_signal_dispatch, which can indirectly call e1inp_sign_link_destroy. If that happens, accessing *sign_link is illegal and can lead to a segmentation violation. Since only the bts pointer is needed from sign_link after the call to osmo_signal_dispatch, this patch changes abis_nm_rcvmsg_fom to save that pointer to a local variable earlier. Addresses: <0019> input/ipa.c:250 accept()ed new link from 192.168.1.101 to port 3002 SET ATTR NACK CAUSE=Message cannot be performed <0005> bsc_init.c:52 Got a NACK going to drop the OML links. <001b> bsc_init.c:319 Lost some E1 TEI link: 1 0xb351a830 ================================================================= ==13198== ERROR: AddressSanitizer: heap-use-after-free on address 0xb5d1bc70 at pc 0x80a6e3d bp 0xbfbb33d8 sp 0xbfbb33cc Sponsored-by: On-Waves ehf --- openbsc/src/libbsc/abis_nm.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/openbsc/src/libbsc/abis_nm.c b/openbsc/src/libbsc/abis_nm.c index 3bf55ec..89ffea4 100644 --- a/openbsc/src/libbsc/abis_nm.c +++ b/openbsc/src/libbsc/abis_nm.c @@ -565,6 +565,8 @@ static int abis_nm_rcvmsg_fom(struct msgb *mb) struct abis_om_fom_hdr *foh = msgb_l3(mb); struct e1inp_sign_link *sign_link = mb->dst; uint8_t mt = foh->msg_type; + /* sign_link might get deleted via osmo_signal_dispatch -> save bts */ + struct gsm_bts *bts = sign_link->trx->bts; int ret = 0; /* check for unsolicited message */ @@ -593,7 +595,7 @@ static int abis_nm_rcvmsg_fom(struct msgb *mb) nack_data.mt = mt; nack_data.bts = sign_link->trx->bts; osmo_signal_dispatch(SS_NM, S_NM_NACK, &nack_data); - abis_nm_queue_send_next(sign_link->trx->bts); + abis_nm_queue_send_next(bts); return 0; } #if 0 @@ -636,7 +638,7 @@ static int abis_nm_rcvmsg_fom(struct msgb *mb) break; } - abis_nm_queue_send_next(sign_link->trx->bts); + abis_nm_queue_send_next(bts); return ret; } -- 1.9.1

10 years, 9 months

[PATCH] bssgp: Fix VTY command 'show bssgp nsei N'

by Jacob Erlbeck

Currently this command segfaults (at least when ASAN is enabled), because when getting the NSEI the index to argv is wrong and out of bounds. This patch fixes the offset. Sponsored-by: On-Waves ehf --- src/gb/gprs_bssgp_vty.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/gb/gprs_bssgp_vty.c b/src/gb/gprs_bssgp_vty.c index 656c05e..88ae49f 100644 --- a/src/gb/gprs_bssgp_vty.c +++ b/src/gb/gprs_bssgp_vty.c @@ -135,7 +135,7 @@ DEFUN(show_bvc, show_bvc_cmd, "show bssgp nsei <0-65535> [stats]", "The NSEI\n" "Include Statistics\n") { struct bssgp_bvc_ctx *bvc; - uint16_t nsei = atoi(argv[1]); + uint16_t nsei = atoi(argv[0]); int show_stats = 0; if (argc >= 2) -- 1.9.1

10 years, 9 months

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

OpenBSC November 2014