Merge pull request #202 from solar224/fix/amf-oauth2-callback-token

fix(notifier): add OAuth2 token to namf-callback outbound calls; fix SCTP EBADF teardown

Author: Alonza0314

internal/ngap/service/service.go

@@ -210,6 +210,9 @@ func handleConnection(conn *sctp.SCTPConn, bufsize uint32, handler NGAPHandler)
 			case syscall.EINTR:
 				logger.NgapLog.Debugf("SCTPRead: %+v", err)
 				continue
+			case syscall.EBADF:
+				logger.NgapLog.Debugln("SCTP connection already closed")
+				return
 			default:
 				logger.NgapLog.Errorf(
 					"Handle connection[addr: %+v] error: %+v",

internal/sbi/processor/callback.go

@@ -292,6 +292,24 @@ func (p *Processor) N1MessageNotifyProcedure(n1MessageNotify models.N1MessageNot
 		return problemDetails
 	}
 
+	if registrationCtxtContainer.RanNodeId == nil {
+		problemDetails := &models.ProblemDetails{
+			Status: http.StatusBadRequest,
+			Cause:  "MANDATORY_IE_MISSING",
+			Detail: "Missing IE [RanNodeId] in RegistrationCtxtContainer",
+		}
+		return problemDetails
+	}
+
+	if registrationCtxtContainer.UserLocation == nil {
+		problemDetails := &models.ProblemDetails{
+			Status: http.StatusBadRequest,
+			Cause:  "MANDATORY_IE_MISSING",
+			Detail: "Missing IE [UserLocation] in RegistrationCtxtContainer",
+		}
+		return problemDetails
+	}
+
 	ran, ok := amfSelf.AmfRanFindByRanID(*registrationCtxtContainer.RanNodeId)
 	if !ok {
 		logger.CallbackLog.Warnln("AmfRanFindByRanID not found: ", *registrationCtxtContainer.RanNodeId)
@@ -337,10 +355,16 @@ func (p *Processor) N1MessageNotifyProcedure(n1MessageNotify models.N1MessageNot
 
 		amfUe.CopyDataFromUeContextModel(ueContext)
 
-		ranUe.Location = *registrationCtxtContainer.UserLocation
+		currentRanUe := ran.RanUeFindByRanUeNgapID(int64(registrationCtxtContainer.AnN2ApId))
+		if currentRanUe == nil {
+			logger.CallbackLog.Warnf("RanUe not found for AnN2ApId: %d", registrationCtxtContainer.AnN2ApId)
+			return
+		}
+
+		currentRanUe.Location = *registrationCtxtContainer.UserLocation
 		amfUe.Location = *registrationCtxtContainer.UserLocation
-		ranUe.UeContextRequest = registrationCtxtContainer.UeContextRequest
-		ranUe.OldAmfName = registrationCtxtContainer.InitialAmfName
+		currentRanUe.UeContextRequest = registrationCtxtContainer.UeContextRequest
+		currentRanUe.OldAmfName = registrationCtxtContainer.InitialAmfName
 
 		if registrationCtxtContainer.AllowedNssai != nil {
 			allowedNssai := registrationCtxtContainer.AllowedNssai
@@ -351,9 +375,9 @@ func (p *Processor) N1MessageNotifyProcedure(n1MessageNotify models.N1MessageNot
 			amfUe.ConfiguredNssai = registrationCtxtContainer.ConfiguredNssai
 		}
 
-		gmm_common.AttachRanUeToAmfUeAndReleaseOldIfAny(amfUe, ranUe)
+		gmm_common.AttachRanUeToAmfUeAndReleaseOldIfAny(amfUe, currentRanUe)
 
-		amf_nas.HandleNAS(ranUe, ngapType.ProcedureCodeInitialUEMessage, n1MessageNotify.BinaryDataN1Message, true)
+		amf_nas.HandleNAS(currentRanUe, ngapType.ProcedureCodeInitialUEMessage, n1MessageNotify.BinaryDataN1Message, true)
 	}()
 	return nil
 }

internal/sbi/processor/notifier/n1n2message.go

@@ -1,7 +1,6 @@
 package callback
 
 import (
-	"context"
 	"strconv"
 
 	"github.com/sirupsen/logrus"
@@ -35,8 +34,15 @@ func SendN1N2TransferFailureNotification(ue *amf_context.AmfUe, cause models.N1N
 			},
 		}
 
-		_, err := client.N1N2MessageCollectionCollectionApi.
-			N1N2TransferFailureNotification(context.Background(), uri, &n1N2MsgTxfrFailureNotificationReq)
+		ctx, pd, err := amf_context.GetSelf().GetTokenCtx(
+			models.ServiceName("namf-callback"), models.NrfNfManagementNfType_SMF)
+		if err != nil {
+			HttpLog.Warnf("SendN1N2TransferFailureNotification get token failed: %+v", pd)
+			return
+		}
+
+		_, err = client.N1N2MessageCollectionCollectionApi.
+			N1N2TransferFailureNotification(ctx, uri, &n1N2MsgTxfrFailureNotificationReq)
 
 		if err != nil {
 			HttpLog.Errorln(err.Error())
@@ -73,8 +79,16 @@ func SendN1MessageNotify(ue *amf_context.AmfUe, n1class models.N1MessageClass, n
 			n1MessageNotifyReq := Namf_Communication.N1MessageNotifyRequest{
 				N1MessageNotifyRequest: &n1MessageNotify,
 			}
-			_, err := client.N1N2SubscriptionsCollectionForIndividualUEContextsCollectionApi.
-				N1MessageNotify(context.Background(), subscription.N1NotifyCallbackUri, &n1MessageNotifyReq)
+
+			ctx, pd, err := amf_context.GetSelf().GetTokenCtx(
+				models.ServiceName("namf-callback"), models.NrfNfManagementNfType_SMF)
+			if err != nil {
+				HttpLog.Warnf("SendN1MessageNotify get token failed: %+v", pd)
+				return false
+			}
+
+			_, err = client.N1N2SubscriptionsCollectionForIndividualUEContextsCollectionApi.
+				N1MessageNotify(ctx, subscription.N1NotifyCallbackUri, &n1MessageNotifyReq)
 			if err != nil {
 				HttpLog.Errorln(err.Error())
 			}
@@ -117,8 +131,15 @@ func SendN1MessageNotifyAtAMFReAllocation(
 		}
 	}
 
-	_, err := client.N1N2SubscriptionsCollectionForIndividualUEContextsCollectionApi.
-		N1MessageNotify(context.Background(), callbackUri, &n1MessageNotifyReq)
+	ctx, pd, err := amf_context.GetSelf().GetTokenCtx(
+		models.ServiceName("namf-callback"), models.NrfNfManagementNfType_AMF)
+	if err != nil {
+		HttpLog.Warnf("SendN1MessageNotifyAtAMFReAllocation get token failed: %+v", pd)
+		return err
+	}
+
+	_, err = client.N1N2SubscriptionsCollectionForIndividualUEContextsCollectionApi.
+		N1MessageNotify(ctx, callbackUri, &n1MessageNotifyReq)
 	if err != nil {
 		HttpLog.Errorln(err.Error())
 		return err
@@ -187,8 +208,15 @@ func SendN2InfoNotify(ue *amf_context.AmfUe, n2class models.N2InformationClass,
 				N2InfoNotifyRequest: &n2InformationNotify,
 			}
 
-			_, err := client.N1N2SubscriptionsCollectionForIndividualUEContextsCollectionApi.
-				N2InfoNotify(context.Background(), subscription.N2NotifyCallbackUri, &n2InformationNotifyReq)
+			ctx, pd, err := amf_context.GetSelf().GetTokenCtx(
+				models.ServiceName("namf-callback"), models.NrfNfManagementNfType_SMF)
+			if err != nil {
+				HttpLog.Warnf("SendN2InfoNotify get token failed: %+v", pd)
+				return false
+			}
+
+			_, err = client.N1N2SubscriptionsCollectionForIndividualUEContextsCollectionApi.
+				N2InfoNotify(ctx, subscription.N2NotifyCallbackUri, &n2InformationNotifyReq)
 			if err != nil {
 				HttpLog.Errorln(err.Error())
 			}

internal/sbi/processor/notifier/subscription.go

@@ -1,15 +1,33 @@
 package callback
 
 import (
-	"context"
+	"net/url"
 	"reflect"
+	"strings"
 
 	amf_context "github.com/free5gc/amf/internal/context"
 	"github.com/free5gc/amf/internal/logger"
 	Namf_Communication "github.com/free5gc/openapi/amf/Communication"
 	"github.com/free5gc/openapi/models"
 )
 
+func callbackServiceNfType(svcName string) (models.NrfNfManagementNfType, bool) {
+	switch {
+	case strings.HasPrefix(svcName, "npcf"):
+		return models.NrfNfManagementNfType_PCF, true
+	case strings.HasPrefix(svcName, "nsmf"):
+		return models.NrfNfManagementNfType_SMF, true
+	case strings.HasPrefix(svcName, "nudm"):
+		return models.NrfNfManagementNfType_UDM, true
+	case strings.HasPrefix(svcName, "nausf"):
+		return models.NrfNfManagementNfType_AUSF, true
+	case strings.HasPrefix(svcName, "namf"):
+		return models.NrfNfManagementNfType_AMF, true
+	default:
+		return "", false
+	}
+}
+
 func SendAmfStatusChangeNotify(amfStatus string, guamiList []models.Guami) {
 	amfSelf := amf_context.GetSelf()
 
@@ -42,9 +60,26 @@ func SendAmfStatusChangeNotify(amfStatus string, guamiList []models.Guami) {
 		amfStatusNotificationReq := Namf_Communication.AmfStatusChangeNotifyRequest{
 			AmfStatusChangeNotification: &amfStatusNotification,
 		}
+
+		var callbackSvcName models.ServiceName
+		var targetNFType models.NrfNfManagementNfType
+		if parsedURI, err := url.Parse(uri); err == nil {
+			seg := strings.SplitN(strings.TrimPrefix(parsedURI.Path, "/"), "/", 2)[0]
+			if nfType, ok := callbackServiceNfType(seg); ok {
+				callbackSvcName = models.ServiceName(seg)
+				targetNFType = nfType
+			}
+		}
+
+		ctx, pd, err := amfSelf.GetTokenCtx(callbackSvcName, targetNFType)
+		if err != nil {
+			HttpLog.Warnf("SendAmfStatusChangeNotify get token failed: %+v", pd)
+			return false
+		}
+
 		logger.ProducerLog.Infof("[AMF] Send Amf Status Change Notify to %s", uri)
-		_, err := client.IndividualSubscriptionDocumentApi.
-			AmfStatusChangeNotify(context.Background(), uri, &amfStatusNotificationReq)
+		_, err = client.IndividualSubscriptionDocumentApi.
+			AmfStatusChangeNotify(ctx, uri, &amfStatusNotificationReq)
 		if err != nil {
 			HttpLog.Errorln(err.Error())
 		}

internal/sbi/processor/notifier/ue_context.go

@@ -1,7 +1,6 @@
 package callback
 
 import (
-	"context"
 	"fmt"
 
 	amf_context "github.com/free5gc/amf/internal/context"
@@ -26,8 +25,15 @@ func SendN2InfoNotifyN2Handover(ue *amf_context.AmfUe, releaseList []int32) erro
 		N2InformationNotification: &n2InformationNotification,
 	}
 
-	_, err := client.IndividualUeContextDocumentApi.
-		N2InfoNotifyHandoverComplete(context.Background(), ue.HandoverNotifyUri, &n2InformationNotificationReq)
+	ctx, pd, err := amf_context.GetSelf().GetTokenCtx(
+		models.ServiceName("namf-callback"), models.NrfNfManagementNfType_AMF)
+	if err != nil {
+		HttpLog.Warnf("SendN2InfoNotifyN2Handover get token failed: %+v", pd)
+		return err
+	}
+
+	_, err = client.IndividualUeContextDocumentApi.
+		N2InfoNotifyHandoverComplete(ctx, ue.HandoverNotifyUri, &n2InformationNotificationReq)
 
 	if err == nil {
 		// TODO: handle Msg

internal/sbi/server.go

@@ -71,6 +71,10 @@ func newRouter(s *Server) *gin.Engine {
 	router.Use(metrics.InboundMetrics())
 	amfHttpCallBackGroup := router.Group(factory.AmfCallbackResUriPrefix)
 	amfHttpCallBackRoutes := s.getHttpCallBackRoutes()
+	callbackAuthCheck := util_oauth.NewRouterAuthorizationCheck(models.ServiceName("namf-callback"))
+	amfHttpCallBackGroup.Use(func(c *gin.Context) {
+		callbackAuthCheck.Check(c, amf_context.GetSelf())
+	})
 	applyRoutes(amfHttpCallBackGroup, amfHttpCallBackRoutes)
 
 	for _, serverName := range factory.AmfConfig.Configuration.ServiceNameList {

pkg/factory/config.go

@@ -158,9 +158,10 @@ func (c *Configuration) validate() (bool, error) {
 	if c.ServiceNameList != nil {
 		var errs govalidator.Errors
 		for _, v := range c.ServiceNameList {
-			if v != "namf-comm" && v != "namf-evts" && v != "namf-mt" && v != "namf-loc" && v != "namf-oam" {
-				err := fmt.Errorf("invalid ServiceNameList: %s,"+
-					" value should be namf-comm or namf-evts or namf-mt or namf-loc or namf-oam", v)
+			if v != "namf-comm" && v != "namf-evts" && v != "namf-mt" &&
+				v != "namf-loc" && v != "namf-oam" && v != "namf-callback" {
+				err := fmt.Errorf("invalid ServiceNameList: %s, "+
+					"value should be namf-comm, namf-evts, namf-mt, namf-loc, namf-oam or namf-callback", v)
 				errs = append(errs, err)
 			}
 		}

pkg/service/init.go

@@ -291,15 +291,6 @@ func (a *AmfApp) WaitRoutineStopped() {
 func (a *AmfApp) terminateProcedure() {
 	logger.MainLog.Infof("Terminating AMF...")
 	a.CallServerStop()
-	// deregister with NRF
-	problemDetails, err_deg := a.Consumer().SendDeregisterNFInstance()
-	if problemDetails != nil {
-		logger.MainLog.Errorf("Deregister NF instance Failed Problem[%+v]", problemDetails)
-	} else if err_deg != nil {
-		logger.MainLog.Errorf("Deregister NF instance Error[%+v]", err_deg)
-	} else {
-		logger.MainLog.Infof("[AMF] Deregister from NRF successfully")
-	}
 
 	// TODO: forward registered UE contexts to target AMF in the same AMF set if there is one
 
@@ -319,5 +310,17 @@ func (a *AmfApp) terminateProcedure() {
 	ngap.ShutdownScheduler()
 
 	ngap_service.Stop()
+
+	// notify SBI subscribers before deregistering so NRF still recognizes AMF as a valid OAuth client
 	callback.SendAmfStatusChangeNotify((string)(models.StatusChange_UNAVAILABLE), amfSelf.ServedGuamiList)
+
+	// deregister with NRF
+	problemDetails, err_deg := a.Consumer().SendDeregisterNFInstance()
+	if problemDetails != nil {
+		logger.MainLog.Errorf("Deregister NF instance Failed Problem[%+v]", problemDetails)
+	} else if err_deg != nil {
+		logger.MainLog.Errorf("Deregister NF instance Error[%+v]", err_deg)
+	} else {
+		logger.MainLog.Infof("[AMF] Deregister from NRF successfully")
+	}
 }