channels/sip/security_events.c File Reference
Generate security events in the SIP channel. More...
#include "asterisk.h"
#include "include/sip.h"
#include "include/security_events.h"
Go to the source code of this file.
Functions | |
| static enum ast_security_event_transport_type | security_event_get_transport (const struct sip_pvt *p) |
| Determine transport type used to receive request. | |
| void | sip_report_auth_success (const struct sip_pvt *p, uint32_t *using_password) |
| void | sip_report_chal_sent (const struct sip_pvt *p) |
| void | sip_report_failed_acl (const struct sip_pvt *p, const char *aclname) |
| void | sip_report_failed_challenge_response (const struct sip_pvt *p, const char *response, const char *expected_response) |
| void | sip_report_inval_password (const struct sip_pvt *p, const char *response_challenge, const char *response_hash) |
| void | sip_report_inval_transport (const struct sip_pvt *p, const char *transport) |
| void | sip_report_invalid_peer (const struct sip_pvt *p) |
| int | sip_report_security_event (const struct sip_pvt *p, const struct sip_request *req, const int res) |
| void | sip_report_session_limit (const struct sip_pvt *p) |
Detailed Description
Generate security events in the SIP channel.
Definition in file channels/sip/security_events.c.
Function Documentation
| static enum ast_security_event_transport_type security_event_get_transport | ( | const struct sip_pvt * | p | ) | [static] |
Determine transport type used to receive request.
Definition at line 36 of file channels/sip/security_events.c.
References AST_SECURITY_EVENT_TRANSPORT_TCP, AST_SECURITY_EVENT_TRANSPORT_TLS, and AST_SECURITY_EVENT_TRANSPORT_UDP.
Referenced by sip_report_auth_success(), sip_report_chal_sent(), sip_report_failed_acl(), sip_report_failed_challenge_response(), sip_report_inval_password(), sip_report_inval_transport(), sip_report_invalid_peer(), and sip_report_session_limit().
00037 { 00038 int res = 0; 00039 00040 switch (p->socket.type) { 00041 case SIP_TRANSPORT_UDP: 00042 return AST_SECURITY_EVENT_TRANSPORT_UDP; 00043 case SIP_TRANSPORT_TCP: 00044 return AST_SECURITY_EVENT_TRANSPORT_TCP; 00045 case SIP_TRANSPORT_TLS: 00046 return AST_SECURITY_EVENT_TRANSPORT_TLS; 00047 } 00048 00049 return res; 00050 }
| void sip_report_auth_success | ( | const struct sip_pvt * | p, | |
| uint32_t * | using_password | |||
| ) |
Definition at line 132 of file channels/sip/security_events.c.
References AST_SEC_EVT, ast_security_event_report(), AST_SECURITY_EVENT_SUCCESSFUL_AUTH, AST_SECURITY_EVENT_SUCCESSFUL_AUTH_VERSION, ast_security_event_successful_auth::common, ast_security_event_common::event_type, and security_event_get_transport().
Referenced by sip_report_security_event().
00133 { 00134 char session_id[32]; 00135 00136 struct ast_security_event_successful_auth successful_auth = { 00137 .common.event_type = AST_SECURITY_EVENT_SUCCESSFUL_AUTH, 00138 .common.version = AST_SECURITY_EVENT_SUCCESSFUL_AUTH_VERSION, 00139 .common.service = "SIP", 00140 .common.account_id = p->exten, 00141 .common.local_addr = { 00142 .addr = &p->ourip, 00143 .transport = security_event_get_transport(p) 00144 }, 00145 .common.remote_addr = { 00146 .addr = &p->sa, 00147 .transport = security_event_get_transport(p) 00148 }, 00149 .common.session_id = session_id, 00150 .using_password = using_password, 00151 }; 00152 00153 snprintf(session_id, sizeof(session_id), "%p", p); 00154 00155 ast_security_event_report(AST_SEC_EVT(&successful_auth)); 00156 }
| void sip_report_chal_sent | ( | const struct sip_pvt * | p | ) |
Definition at line 219 of file channels/sip/security_events.c.
References ast_copy_string(), AST_SEC_EVT, AST_SECURITY_EVENT_CHAL_SENT, AST_SECURITY_EVENT_CHAL_SENT_VERSION, ast_security_event_report(), ast_strlen_zero(), ast_security_event_chal_sent::common, ast_security_event_common::event_type, and security_event_get_transport().
Referenced by sip_report_security_event().
00220 { 00221 char session_id[32]; 00222 char account_id[256]; 00223 00224 struct ast_security_event_chal_sent chal_sent = { 00225 .common.event_type = AST_SECURITY_EVENT_CHAL_SENT, 00226 .common.version = AST_SECURITY_EVENT_CHAL_SENT_VERSION, 00227 .common.service = "SIP", 00228 .common.account_id = account_id, 00229 .common.local_addr = { 00230 .addr = &p->ourip, 00231 .transport = security_event_get_transport(p) 00232 }, 00233 .common.remote_addr = { 00234 .addr = &p->sa, 00235 .transport = security_event_get_transport(p) 00236 }, 00237 .common.session_id = session_id, 00238 00239 .challenge = p->randdata, 00240 }; 00241 00242 if (!ast_strlen_zero(p->from)) { /* When dialing, show account making call */ 00243 ast_copy_string(account_id, p->from, sizeof(account_id)); 00244 } else { 00245 ast_copy_string(account_id, p->exten, sizeof(account_id)); 00246 } 00247 00248 snprintf(session_id, sizeof(session_id), "%p", p); 00249 00250 ast_security_event_report(AST_SEC_EVT(&chal_sent)); 00251 }
| void sip_report_failed_acl | ( | const struct sip_pvt * | p, | |
| const char * | aclname | |||
| ) |
Definition at line 77 of file channels/sip/security_events.c.
References AST_SEC_EVT, AST_SECURITY_EVENT_FAILED_ACL, AST_SECURITY_EVENT_FAILED_ACL_VERSION, ast_security_event_report(), ast_security_event_failed_acl::common, ast_security_event_common::event_type, and security_event_get_transport().
Referenced by sip_report_security_event().
00078 { 00079 char session_id[32]; 00080 00081 struct ast_security_event_failed_acl failed_acl_event = { 00082 .common.event_type = AST_SECURITY_EVENT_FAILED_ACL, 00083 .common.version = AST_SECURITY_EVENT_FAILED_ACL_VERSION, 00084 .common.service = "SIP", 00085 .common.account_id = p->exten, 00086 .common.local_addr = { 00087 .addr = &p->ourip, 00088 .transport = security_event_get_transport(p) 00089 }, 00090 .common.remote_addr = { 00091 .addr = &p->sa, 00092 .transport = security_event_get_transport(p) 00093 }, 00094 .common.session_id = session_id, 00095 .acl_name = aclname, 00096 }; 00097 00098 snprintf(session_id, sizeof(session_id), "%p", p); 00099 00100 ast_security_event_report(AST_SEC_EVT(&failed_acl_event)); 00101 }
| void sip_report_failed_challenge_response | ( | const struct sip_pvt * | p, | |
| const char * | response, | |||
| const char * | expected_response | |||
| ) |
Definition at line 183 of file channels/sip/security_events.c.
References ast_copy_string(), AST_SEC_EVT, AST_SECURITY_EVENT_CHAL_RESP_FAILED, AST_SECURITY_EVENT_CHAL_RESP_FAILED_VERSION, ast_security_event_report(), ast_strlen_zero(), ast_security_event_chal_resp_failed::common, ast_security_event_common::event_type, and security_event_get_transport().
Referenced by sip_report_security_event().
00184 { 00185 char session_id[32]; 00186 char account_id[256]; 00187 00188 struct ast_security_event_chal_resp_failed chal_resp_failed = { 00189 .common.event_type = AST_SECURITY_EVENT_CHAL_RESP_FAILED, 00190 .common.version = AST_SECURITY_EVENT_CHAL_RESP_FAILED_VERSION, 00191 .common.service = "SIP", 00192 .common.account_id = account_id, 00193 .common.local_addr = { 00194 .addr = &p->ourip, 00195 .transport = security_event_get_transport(p) 00196 }, 00197 .common.remote_addr = { 00198 .addr = &p->sa, 00199 .transport = security_event_get_transport(p) 00200 }, 00201 .common.session_id = session_id, 00202 00203 .challenge = p->randdata, 00204 .response = response, 00205 .expected_response = expected_response, 00206 }; 00207 00208 if (!ast_strlen_zero(p->from)) { /* When dialing, show account making call */ 00209 ast_copy_string(account_id, p->from, sizeof(account_id)); 00210 } else { 00211 ast_copy_string(account_id, p->exten, sizeof(account_id)); 00212 } 00213 00214 snprintf(session_id, sizeof(session_id), "%p", p); 00215 00216 ast_security_event_report(AST_SEC_EVT(&chal_resp_failed)); 00217 }
| void sip_report_inval_password | ( | const struct sip_pvt * | p, | |
| const char * | response_challenge, | |||
| const char * | response_hash | |||
| ) |
Definition at line 103 of file channels/sip/security_events.c.
References AST_SEC_EVT, AST_SECURITY_EVENT_INVAL_PASSWORD, AST_SECURITY_EVENT_INVAL_PASSWORD_VERSION, ast_security_event_report(), ast_security_event_inval_password::common, ast_security_event_common::event_type, and security_event_get_transport().
Referenced by sip_report_security_event().
00104 { 00105 char session_id[32]; 00106 00107 struct ast_security_event_inval_password inval_password = { 00108 .common.event_type = AST_SECURITY_EVENT_INVAL_PASSWORD, 00109 .common.version = AST_SECURITY_EVENT_INVAL_PASSWORD_VERSION, 00110 .common.service = "SIP", 00111 .common.account_id = p->exten, 00112 .common.local_addr = { 00113 .addr = &p->ourip, 00114 .transport = security_event_get_transport(p) 00115 }, 00116 .common.remote_addr = { 00117 .addr = &p->sa, 00118 .transport = security_event_get_transport(p) 00119 }, 00120 .common.session_id = session_id, 00121 00122 .challenge = p->randdata, 00123 .received_challenge = response_challenge, 00124 .received_hash = response_hash, 00125 }; 00126 00127 snprintf(session_id, sizeof(session_id), "%p", p); 00128 00129 ast_security_event_report(AST_SEC_EVT(&inval_password)); 00130 }
| void sip_report_inval_transport | ( | const struct sip_pvt * | p, | |
| const char * | transport | |||
| ) |
Definition at line 253 of file channels/sip/security_events.c.
References AST_SEC_EVT, AST_SECURITY_EVENT_INVAL_TRANSPORT, AST_SECURITY_EVENT_INVAL_TRANSPORT_VERSION, ast_security_event_report(), ast_security_event_inval_transport::common, ast_security_event_common::event_type, and security_event_get_transport().
Referenced by sip_report_security_event().
00254 { 00255 char session_id[32]; 00256 00257 struct ast_security_event_inval_transport inval_transport = { 00258 .common.event_type = AST_SECURITY_EVENT_INVAL_TRANSPORT, 00259 .common.version = AST_SECURITY_EVENT_INVAL_TRANSPORT_VERSION, 00260 .common.service = "SIP", 00261 .common.account_id = p->exten, 00262 .common.local_addr = { 00263 .addr = &p->ourip, 00264 .transport = security_event_get_transport(p) 00265 }, 00266 .common.remote_addr = { 00267 .addr = &p->sa, 00268 .transport = security_event_get_transport(p) 00269 }, 00270 .common.session_id = session_id, 00271 00272 .transport = transport, 00273 }; 00274 00275 snprintf(session_id, sizeof(session_id), "%p", p); 00276 00277 ast_security_event_report(AST_SEC_EVT(&inval_transport)); 00278 }
| void sip_report_invalid_peer | ( | const struct sip_pvt * | p | ) |
Definition at line 52 of file channels/sip/security_events.c.
References AST_SEC_EVT, AST_SECURITY_EVENT_INVAL_ACCT_ID, AST_SECURITY_EVENT_INVAL_ACCT_ID_VERSION, ast_security_event_report(), ast_security_event_inval_acct_id::common, ast_security_event_common::event_type, and security_event_get_transport().
Referenced by sip_report_security_event().
00053 { 00054 char session_id[32]; 00055 00056 struct ast_security_event_inval_acct_id inval_acct_id = { 00057 .common.event_type = AST_SECURITY_EVENT_INVAL_ACCT_ID, 00058 .common.version = AST_SECURITY_EVENT_INVAL_ACCT_ID_VERSION, 00059 .common.service = "SIP", 00060 .common.account_id = p->exten, 00061 .common.local_addr = { 00062 .addr = &p->ourip, 00063 .transport = security_event_get_transport(p) 00064 }, 00065 .common.remote_addr = { 00066 .addr = &p->sa, 00067 .transport = security_event_get_transport(p) 00068 }, 00069 .common.session_id = session_id, 00070 }; 00071 00072 snprintf(session_id, sizeof(session_id), "%p", p); 00073 00074 ast_security_event_report(AST_SEC_EVT(&inval_acct_id)); 00075 }
| int sip_report_security_event | ( | const struct sip_pvt * | p, | |
| const struct sip_request * | req, | |||
| const int | res | |||
| ) |
Definition at line 280 of file channels/sip/security_events.c.
References ast_str_set(), ast_str_thread_get(), ast_strlen_zero(), FALSE, sip_auth_headers(), sip_digest_parser(), sip_find_peer(), sip_get_header(), sip_get_transport(), sip_report_auth_success(), sip_report_chal_sent(), sip_report_failed_acl(), sip_report_failed_challenge_response(), sip_report_inval_password(), sip_report_inval_transport(), sip_report_invalid_peer(), sip_report_session_limit(), sip_unref_peer(), and TRUE.
Referenced by handle_incoming().
00280 { 00281 00282 struct sip_peer *peer_report; 00283 enum check_auth_result res_report = res; 00284 struct ast_str *buf; 00285 char *c; 00286 const char *authtoken; 00287 char *reqheader, *respheader; 00288 int result = 0; 00289 char aclname[256]; 00290 struct digestkeys keys[] = { 00291 [K_RESP] = { "response=", "" }, 00292 [K_URI] = { "uri=", "" }, 00293 [K_USER] = { "username=", "" }, 00294 [K_NONCE] = { "nonce=", "" }, 00295 [K_LAST] = { NULL, NULL} 00296 }; 00297 00298 peer_report = sip_find_peer(p->exten, NULL, TRUE, FINDPEERS, FALSE, 0); 00299 00300 switch(res_report) { 00301 case AUTH_DONT_KNOW: 00302 break; 00303 case AUTH_SUCCESSFUL: 00304 if (peer_report) { 00305 if (ast_strlen_zero(peer_report->secret) && ast_strlen_zero(peer_report->md5secret)) { 00306 sip_report_auth_success(p, (uint32_t *) 0); 00307 } else { 00308 sip_report_auth_success(p, (uint32_t *) 1); 00309 } 00310 } 00311 break; 00312 case AUTH_CHALLENGE_SENT: 00313 sip_report_chal_sent(p); 00314 break; 00315 case AUTH_SECRET_FAILED: 00316 case AUTH_USERNAME_MISMATCH: 00317 sip_auth_headers(WWW_AUTH, &respheader, &reqheader); 00318 authtoken = sip_get_header(req, reqheader); 00319 buf = ast_str_thread_get(&check_auth_buf, CHECK_AUTH_BUF_INITLEN); 00320 ast_str_set(&buf, 0, "%s", authtoken); 00321 c = buf->str; 00322 00323 sip_digest_parser(c, keys); 00324 00325 if (res_report == AUTH_SECRET_FAILED) { 00326 sip_report_inval_password(p, keys[K_NONCE].s, keys[K_RESP].s); 00327 } else { 00328 if (peer_report) { 00329 sip_report_failed_challenge_response(p, keys[K_USER].s, peer_report->username); 00330 } 00331 } 00332 break; 00333 case AUTH_NOT_FOUND: 00334 /* with sip_cfg.alwaysauthreject on, generates 2 events */ 00335 sip_report_invalid_peer(p); 00336 break; 00337 case AUTH_FAKE_AUTH: 00338 sip_report_invalid_peer(p); 00339 break; 00340 case AUTH_UNKNOWN_DOMAIN: 00341 snprintf(aclname, sizeof(aclname), "domain_must_match"); 00342 sip_report_failed_acl(p, aclname); 00343 break; 00344 case AUTH_PEER_NOT_DYNAMIC: 00345 snprintf(aclname, sizeof(aclname), "peer_not_dynamic"); 00346 sip_report_failed_acl(p, aclname); 00347 break; 00348 case AUTH_ACL_FAILED: 00349 /* with sip_cfg.alwaysauthreject on, generates 2 events */ 00350 snprintf(aclname, sizeof(aclname), "device_must_match_acl"); 00351 sip_report_failed_acl(p, aclname); 00352 break; 00353 case AUTH_BAD_TRANSPORT: 00354 sip_report_inval_transport(p, sip_get_transport(req->socket.type)); 00355 break; 00356 case AUTH_RTP_FAILED: 00357 break; 00358 case AUTH_SESSION_LIMIT: 00359 sip_report_session_limit(p); 00360 break; 00361 } 00362 00363 if (peer_report) { 00364 sip_unref_peer(peer_report, "sip_report_security_event: sip_unref_peer: from handle_incoming"); 00365 } 00366 00367 return result; 00368 }
| void sip_report_session_limit | ( | const struct sip_pvt * | p | ) |
Definition at line 158 of file channels/sip/security_events.c.
References AST_SEC_EVT, ast_security_event_report(), AST_SECURITY_EVENT_SESSION_LIMIT, AST_SECURITY_EVENT_SESSION_LIMIT_VERSION, ast_security_event_session_limit::common, ast_security_event_common::event_type, and security_event_get_transport().
Referenced by sip_report_security_event().
00159 { 00160 char session_id[32]; 00161 00162 struct ast_security_event_session_limit session_limit = { 00163 .common.event_type = AST_SECURITY_EVENT_SESSION_LIMIT, 00164 .common.version = AST_SECURITY_EVENT_SESSION_LIMIT_VERSION, 00165 .common.service = "SIP", 00166 .common.account_id = p->exten, 00167 .common.local_addr = { 00168 .addr = &p->ourip, 00169 .transport = security_event_get_transport(p) 00170 }, 00171 .common.remote_addr = { 00172 .addr = &p->sa, 00173 .transport = security_event_get_transport(p) 00174 }, 00175 .common.session_id = session_id, 00176 }; 00177 00178 snprintf(session_id, sizeof(session_id), "%p", p); 00179 00180 ast_security_event_report(AST_SEC_EVT(&session_limit)); 00181 }
