Sun May 20 06:34:00 2012

Asterisk developer's documentation

main/security_events.c

Go to the documentation of this file.
00001 /*
00002  * Asterisk -- An open source telephony toolkit.
00003  *
00004  * Copyright (C) 2012, Digium, Inc.
00005  *
00006  * Russell Bryant <russell@digium.com>
00007  *
00008  * See http://www.asterisk.org for more information about
00009  * the Asterisk project. Please do not directly contact
00010  * any of the maintainers of this project for assistance;
00011  * the project provides a web site, mailing lists and IRC
00012  * channels for your use.
00013  *
00014  * This program is free software, distributed under the terms of
00015  * the GNU General Public License Version 2. See the LICENSE file
00016  * at the top of the source tree.
00017  */
00018 
00019 /*!
00020  * \file
00021  *
00022  * \brief Security Event Reporting Helpers
00023  *
00024  * \author Russell Bryant <russell@digium.com>
00025  */
00026 
00027 #include "asterisk.h"
00028 
00029 ASTERISK_FILE_VERSION(__FILE__, "$Revision: 362200 $")
00030 
00031 #include "asterisk/utils.h"
00032 #include "asterisk/strings.h"
00033 #include "asterisk/network.h"
00034 #include "asterisk/security_events.h"
00035 #include "asterisk/netsock2.h"
00036 
00037 static const size_t TIMESTAMP_STR_LEN = 32;
00038 
00039 static const struct {
00040    const char *name;
00041    uint32_t version;
00042    enum ast_security_event_severity severity;
00043 #define MAX_SECURITY_IES 12
00044    struct ast_security_event_ie_type required_ies[MAX_SECURITY_IES];
00045    struct ast_security_event_ie_type optional_ies[MAX_SECURITY_IES];
00046 #undef MAX_SECURITY_IES
00047 } sec_events[AST_SECURITY_EVENT_NUM_TYPES] = {
00048 
00049 #define SEC_EVT_FIELD(e, field) (offsetof(struct ast_security_event_##e, field))
00050 
00051 [AST_SECURITY_EVENT_FAILED_ACL] = {
00052    .name     = "FailedACL",
00053    .version  = AST_SECURITY_EVENT_FAILED_ACL_VERSION,
00054    .severity = AST_SECURITY_EVENT_SEVERITY_ERROR,
00055    .required_ies = {
00056       { AST_EVENT_IE_EVENT_TV, 0 },
00057       { AST_EVENT_IE_SEVERITY, 0 },
00058       { AST_EVENT_IE_SERVICE, SEC_EVT_FIELD(common, service) },
00059       { AST_EVENT_IE_EVENT_VERSION, SEC_EVT_FIELD(common, version) },
00060       { AST_EVENT_IE_ACCOUNT_ID, SEC_EVT_FIELD(common, account_id) },
00061       { AST_EVENT_IE_SESSION_ID, SEC_EVT_FIELD(common, session_id) },
00062       { AST_EVENT_IE_LOCAL_ADDR, SEC_EVT_FIELD(common, local_addr) },
00063       { AST_EVENT_IE_REMOTE_ADDR, SEC_EVT_FIELD(common, remote_addr) },
00064       { AST_EVENT_IE_END, 0 }
00065    },
00066    .optional_ies = {
00067       { AST_EVENT_IE_MODULE, SEC_EVT_FIELD(common, module) },
00068       { AST_EVENT_IE_ACL_NAME, SEC_EVT_FIELD(failed_acl, acl_name) },
00069       { AST_EVENT_IE_SESSION_TV, SEC_EVT_FIELD(common, session_tv) },
00070       { AST_EVENT_IE_END, 0 }
00071    },
00072 },
00073 
00074 [AST_SECURITY_EVENT_INVAL_ACCT_ID] = {
00075    .name     = "InvalidAccountID",
00076    .version  = AST_SECURITY_EVENT_INVAL_ACCT_ID_VERSION,
00077    .severity = AST_SECURITY_EVENT_SEVERITY_ERROR,
00078    .required_ies = {
00079       { AST_EVENT_IE_EVENT_TV, 0 },
00080       { AST_EVENT_IE_SEVERITY, 0 },
00081       { AST_EVENT_IE_SERVICE, SEC_EVT_FIELD(common, service) },
00082       { AST_EVENT_IE_EVENT_VERSION, SEC_EVT_FIELD(common, version) },
00083       { AST_EVENT_IE_ACCOUNT_ID, SEC_EVT_FIELD(common, account_id) },
00084       { AST_EVENT_IE_SESSION_ID, SEC_EVT_FIELD(common, session_id) },
00085       { AST_EVENT_IE_LOCAL_ADDR, SEC_EVT_FIELD(common, local_addr) },
00086       { AST_EVENT_IE_REMOTE_ADDR, SEC_EVT_FIELD(common, remote_addr) },
00087       { AST_EVENT_IE_END, 0 }
00088    },
00089    .optional_ies = {
00090       { AST_EVENT_IE_MODULE, SEC_EVT_FIELD(common, module) },
00091       { AST_EVENT_IE_SESSION_TV, SEC_EVT_FIELD(common, session_tv) },
00092       { AST_EVENT_IE_END, 0 }
00093    },
00094 },
00095 
00096 [AST_SECURITY_EVENT_SESSION_LIMIT] = {
00097    .name     = "SessionLimit",
00098    .version  = AST_SECURITY_EVENT_SESSION_LIMIT_VERSION,
00099    .severity = AST_SECURITY_EVENT_SEVERITY_ERROR,
00100    .required_ies = {
00101       { AST_EVENT_IE_EVENT_TV, 0 },
00102       { AST_EVENT_IE_SEVERITY, 0 },
00103       { AST_EVENT_IE_SERVICE, SEC_EVT_FIELD(common, service) },
00104       { AST_EVENT_IE_EVENT_VERSION, SEC_EVT_FIELD(common, version) },
00105       { AST_EVENT_IE_ACCOUNT_ID, SEC_EVT_FIELD(common, account_id) },
00106       { AST_EVENT_IE_SESSION_ID, SEC_EVT_FIELD(common, session_id) },
00107       { AST_EVENT_IE_LOCAL_ADDR, SEC_EVT_FIELD(common, local_addr) },
00108       { AST_EVENT_IE_REMOTE_ADDR, SEC_EVT_FIELD(common, remote_addr) },
00109       { AST_EVENT_IE_END, 0 }
00110    },
00111    .optional_ies = {
00112       { AST_EVENT_IE_MODULE, SEC_EVT_FIELD(common, module) },
00113       { AST_EVENT_IE_SESSION_TV, SEC_EVT_FIELD(common, session_tv) },
00114       { AST_EVENT_IE_END, 0 }
00115    },
00116 },
00117 
00118 [AST_SECURITY_EVENT_MEM_LIMIT] = {
00119    .name     = "MemoryLimit",
00120    .version  = AST_SECURITY_EVENT_MEM_LIMIT_VERSION,
00121    .severity = AST_SECURITY_EVENT_SEVERITY_ERROR,
00122    .required_ies = {
00123       { AST_EVENT_IE_EVENT_TV, 0 },
00124       { AST_EVENT_IE_SEVERITY, 0 },
00125       { AST_EVENT_IE_SERVICE, SEC_EVT_FIELD(common, service) },
00126       { AST_EVENT_IE_EVENT_VERSION, SEC_EVT_FIELD(common, version) },
00127       { AST_EVENT_IE_ACCOUNT_ID, SEC_EVT_FIELD(common, account_id) },
00128       { AST_EVENT_IE_SESSION_ID, SEC_EVT_FIELD(common, session_id) },
00129       { AST_EVENT_IE_LOCAL_ADDR, SEC_EVT_FIELD(common, local_addr) },
00130       { AST_EVENT_IE_REMOTE_ADDR, SEC_EVT_FIELD(common, remote_addr) },
00131       { AST_EVENT_IE_END, 0 }
00132    },
00133    .optional_ies = {
00134       { AST_EVENT_IE_MODULE, SEC_EVT_FIELD(common, module) },
00135       { AST_EVENT_IE_SESSION_TV, SEC_EVT_FIELD(common, session_tv) },
00136       { AST_EVENT_IE_END, 0 }
00137    },
00138 },
00139 
00140 [AST_SECURITY_EVENT_LOAD_AVG] = {
00141    .name     = "LoadAverageLimit",
00142    .version  = AST_SECURITY_EVENT_LOAD_AVG_VERSION,
00143    .severity = AST_SECURITY_EVENT_SEVERITY_ERROR,
00144    .required_ies = {
00145       { AST_EVENT_IE_EVENT_TV, 0 },
00146       { AST_EVENT_IE_SEVERITY, 0 },
00147       { AST_EVENT_IE_SERVICE, SEC_EVT_FIELD(common, service) },
00148       { AST_EVENT_IE_EVENT_VERSION, SEC_EVT_FIELD(common, version) },
00149       { AST_EVENT_IE_ACCOUNT_ID, SEC_EVT_FIELD(common, account_id) },
00150       { AST_EVENT_IE_SESSION_ID, SEC_EVT_FIELD(common, session_id) },
00151       { AST_EVENT_IE_LOCAL_ADDR, SEC_EVT_FIELD(common, local_addr) },
00152       { AST_EVENT_IE_REMOTE_ADDR, SEC_EVT_FIELD(common, remote_addr) },
00153       { AST_EVENT_IE_END, 0 }
00154    },
00155    .optional_ies = {
00156       { AST_EVENT_IE_MODULE, SEC_EVT_FIELD(common, module) },
00157       { AST_EVENT_IE_SESSION_TV, SEC_EVT_FIELD(common, session_tv) },
00158       { AST_EVENT_IE_END, 0 }
00159    },
00160 },
00161 
00162 [AST_SECURITY_EVENT_REQ_NO_SUPPORT] = {
00163    .name     = "RequestNotSupported",
00164    .version  = AST_SECURITY_EVENT_REQ_NO_SUPPORT_VERSION,
00165    .severity = AST_SECURITY_EVENT_SEVERITY_ERROR,
00166    .required_ies = {
00167       { AST_EVENT_IE_EVENT_TV, 0 },
00168       { AST_EVENT_IE_SEVERITY, 0 },
00169       { AST_EVENT_IE_SERVICE, SEC_EVT_FIELD(common, service) },
00170       { AST_EVENT_IE_EVENT_VERSION, SEC_EVT_FIELD(common, version) },
00171       { AST_EVENT_IE_ACCOUNT_ID, SEC_EVT_FIELD(common, account_id) },
00172       { AST_EVENT_IE_SESSION_ID, SEC_EVT_FIELD(common, session_id) },
00173       { AST_EVENT_IE_LOCAL_ADDR, SEC_EVT_FIELD(common, local_addr) },
00174       { AST_EVENT_IE_REMOTE_ADDR, SEC_EVT_FIELD(common, remote_addr) },
00175       { AST_EVENT_IE_REQUEST_TYPE, SEC_EVT_FIELD(req_no_support, request_type) },
00176       { AST_EVENT_IE_END, 0 }
00177    },
00178    .optional_ies = {
00179       { AST_EVENT_IE_MODULE, SEC_EVT_FIELD(common, module) },
00180       { AST_EVENT_IE_SESSION_TV, SEC_EVT_FIELD(common, session_tv) },
00181       { AST_EVENT_IE_END, 0 }
00182    },
00183 },
00184 
00185 [AST_SECURITY_EVENT_REQ_NOT_ALLOWED] = {
00186    .name     = "RequestNotAllowed",
00187    .version  = AST_SECURITY_EVENT_REQ_NOT_ALLOWED_VERSION,
00188    .severity = AST_SECURITY_EVENT_SEVERITY_ERROR,
00189    .required_ies = {
00190       { AST_EVENT_IE_EVENT_TV, 0 },
00191       { AST_EVENT_IE_SEVERITY, 0 },
00192       { AST_EVENT_IE_SERVICE, SEC_EVT_FIELD(common, service) },
00193       { AST_EVENT_IE_EVENT_VERSION, SEC_EVT_FIELD(common, version) },
00194       { AST_EVENT_IE_ACCOUNT_ID, SEC_EVT_FIELD(common, account_id) },
00195       { AST_EVENT_IE_SESSION_ID, SEC_EVT_FIELD(common, session_id) },
00196       { AST_EVENT_IE_LOCAL_ADDR, SEC_EVT_FIELD(common, local_addr) },
00197       { AST_EVENT_IE_REMOTE_ADDR, SEC_EVT_FIELD(common, remote_addr) },
00198       { AST_EVENT_IE_REQUEST_TYPE, SEC_EVT_FIELD(req_not_allowed, request_type) },
00199       { AST_EVENT_IE_END, 0 }
00200    },
00201    .optional_ies = {
00202       { AST_EVENT_IE_MODULE, SEC_EVT_FIELD(common, module) },
00203       { AST_EVENT_IE_SESSION_TV, SEC_EVT_FIELD(common, session_tv) },
00204       { AST_EVENT_IE_REQUEST_PARAMS, SEC_EVT_FIELD(req_not_allowed, request_params) },
00205       { AST_EVENT_IE_END, 0 }
00206    },
00207 },
00208 
00209 [AST_SECURITY_EVENT_AUTH_METHOD_NOT_ALLOWED] = {
00210    .name     = "AuthMethodNotAllowed",
00211    .version  = AST_SECURITY_EVENT_AUTH_METHOD_NOT_ALLOWED_VERSION,
00212    .severity = AST_SECURITY_EVENT_SEVERITY_ERROR,
00213    .required_ies = {
00214       { AST_EVENT_IE_EVENT_TV, 0 },
00215       { AST_EVENT_IE_SEVERITY, 0 },
00216       { AST_EVENT_IE_SERVICE, SEC_EVT_FIELD(common, service) },
00217       { AST_EVENT_IE_EVENT_VERSION, SEC_EVT_FIELD(common, version) },
00218       { AST_EVENT_IE_ACCOUNT_ID, SEC_EVT_FIELD(common, account_id) },
00219       { AST_EVENT_IE_SESSION_ID, SEC_EVT_FIELD(common, session_id) },
00220       { AST_EVENT_IE_LOCAL_ADDR, SEC_EVT_FIELD(common, local_addr) },
00221       { AST_EVENT_IE_REMOTE_ADDR, SEC_EVT_FIELD(common, remote_addr) },
00222       { AST_EVENT_IE_AUTH_METHOD, SEC_EVT_FIELD(auth_method_not_allowed, auth_method) },
00223       { AST_EVENT_IE_END, 0 }
00224    },
00225    .optional_ies = {
00226       { AST_EVENT_IE_MODULE, SEC_EVT_FIELD(common, module) },
00227       { AST_EVENT_IE_SESSION_TV, SEC_EVT_FIELD(common, session_tv) },
00228       { AST_EVENT_IE_END, 0 }
00229    },
00230 },
00231 
00232 [AST_SECURITY_EVENT_REQ_BAD_FORMAT] = {
00233    .name     = "RequestBadFormat",
00234    .version  = AST_SECURITY_EVENT_REQ_BAD_FORMAT_VERSION,
00235    .severity = AST_SECURITY_EVENT_SEVERITY_ERROR,
00236    .required_ies = {
00237       { AST_EVENT_IE_EVENT_TV, 0 },
00238       { AST_EVENT_IE_SEVERITY, 0 },
00239       { AST_EVENT_IE_SERVICE, SEC_EVT_FIELD(common, service) },
00240       { AST_EVENT_IE_EVENT_VERSION, SEC_EVT_FIELD(common, version) },
00241       { AST_EVENT_IE_SESSION_ID, SEC_EVT_FIELD(common, session_id) },
00242       { AST_EVENT_IE_LOCAL_ADDR, SEC_EVT_FIELD(common, local_addr) },
00243       { AST_EVENT_IE_REMOTE_ADDR, SEC_EVT_FIELD(common, remote_addr) },
00244       { AST_EVENT_IE_REQUEST_TYPE, SEC_EVT_FIELD(req_bad_format, request_type) },
00245       { AST_EVENT_IE_END, 0 }
00246    },
00247    .optional_ies = {
00248       { AST_EVENT_IE_MODULE, SEC_EVT_FIELD(common, module) },
00249       { AST_EVENT_IE_SESSION_TV, SEC_EVT_FIELD(common, session_tv) },
00250       { AST_EVENT_IE_ACCOUNT_ID, SEC_EVT_FIELD(common, account_id) },
00251       { AST_EVENT_IE_REQUEST_PARAMS, SEC_EVT_FIELD(req_bad_format, request_params) },
00252       { AST_EVENT_IE_END, 0 }
00253    },
00254 },
00255 
00256 [AST_SECURITY_EVENT_SUCCESSFUL_AUTH] = {
00257    .name     = "SuccessfulAuth",
00258    .version  = AST_SECURITY_EVENT_SUCCESSFUL_AUTH_VERSION,
00259    .severity = AST_SECURITY_EVENT_SEVERITY_INFO,
00260    .required_ies = {
00261       { AST_EVENT_IE_EVENT_TV, 0 },
00262       { AST_EVENT_IE_SEVERITY, 0 },
00263       { AST_EVENT_IE_SERVICE, SEC_EVT_FIELD(common, service) },
00264       { AST_EVENT_IE_EVENT_VERSION, SEC_EVT_FIELD(common, version) },
00265       { AST_EVENT_IE_ACCOUNT_ID, SEC_EVT_FIELD(common, account_id) },
00266       { AST_EVENT_IE_SESSION_ID, SEC_EVT_FIELD(common, session_id) },
00267       { AST_EVENT_IE_LOCAL_ADDR, SEC_EVT_FIELD(common, local_addr) },
00268       { AST_EVENT_IE_REMOTE_ADDR, SEC_EVT_FIELD(common, remote_addr) },
00269       { AST_EVENT_IE_USING_PASSWORD, SEC_EVT_FIELD(successful_auth, using_password) },
00270       { AST_EVENT_IE_END, 0 }
00271    },
00272    .optional_ies = {
00273       { AST_EVENT_IE_MODULE, SEC_EVT_FIELD(common, module) },
00274       { AST_EVENT_IE_SESSION_TV, SEC_EVT_FIELD(common, session_tv) },
00275       { AST_EVENT_IE_END, 0 }
00276    },
00277 },
00278 
00279 [AST_SECURITY_EVENT_UNEXPECTED_ADDR] = {
00280    .name     = "UnexpectedAddress",
00281    .version  = AST_SECURITY_EVENT_UNEXPECTED_ADDR_VERSION,
00282    .severity = AST_SECURITY_EVENT_SEVERITY_ERROR,
00283    .required_ies = {
00284       { AST_EVENT_IE_EVENT_TV, 0 },
00285       { AST_EVENT_IE_SEVERITY, 0 },
00286       { AST_EVENT_IE_SERVICE, SEC_EVT_FIELD(common, service) },
00287       { AST_EVENT_IE_EVENT_VERSION, SEC_EVT_FIELD(common, version) },
00288       { AST_EVENT_IE_ACCOUNT_ID, SEC_EVT_FIELD(common, account_id) },
00289       { AST_EVENT_IE_SESSION_ID, SEC_EVT_FIELD(common, session_id) },
00290       { AST_EVENT_IE_LOCAL_ADDR, SEC_EVT_FIELD(common, local_addr) },
00291       { AST_EVENT_IE_REMOTE_ADDR, SEC_EVT_FIELD(common, remote_addr) },
00292       { AST_EVENT_IE_EXPECTED_ADDR, SEC_EVT_FIELD(unexpected_addr, expected_addr) },
00293       { AST_EVENT_IE_END, 0 }
00294    },
00295    .optional_ies = {
00296       { AST_EVENT_IE_MODULE, SEC_EVT_FIELD(common, module) },
00297       { AST_EVENT_IE_SESSION_TV, SEC_EVT_FIELD(common, session_tv) },
00298       { AST_EVENT_IE_END, 0 }
00299    },
00300 },
00301 
00302 [AST_SECURITY_EVENT_CHAL_RESP_FAILED] = {
00303    .name     = "ChallengeResponseFailed",
00304    .version  = AST_SECURITY_EVENT_CHAL_RESP_FAILED_VERSION,
00305    .severity = AST_SECURITY_EVENT_SEVERITY_ERROR,
00306    .required_ies = {
00307       { AST_EVENT_IE_EVENT_TV, 0 },
00308       { AST_EVENT_IE_SEVERITY, 0 },
00309       { AST_EVENT_IE_SERVICE, SEC_EVT_FIELD(common, service) },
00310       { AST_EVENT_IE_EVENT_VERSION, SEC_EVT_FIELD(common, version) },
00311       { AST_EVENT_IE_ACCOUNT_ID, SEC_EVT_FIELD(common, account_id) },
00312       { AST_EVENT_IE_SESSION_ID, SEC_EVT_FIELD(common, session_id) },
00313       { AST_EVENT_IE_LOCAL_ADDR, SEC_EVT_FIELD(common, local_addr) },
00314       { AST_EVENT_IE_REMOTE_ADDR, SEC_EVT_FIELD(common, remote_addr) },
00315       { AST_EVENT_IE_CHALLENGE, SEC_EVT_FIELD(chal_resp_failed, challenge) },
00316       { AST_EVENT_IE_RESPONSE, SEC_EVT_FIELD(chal_resp_failed, response) },
00317       { AST_EVENT_IE_EXPECTED_RESPONSE, SEC_EVT_FIELD(chal_resp_failed, expected_response) },
00318       { AST_EVENT_IE_END, 0 }
00319    },
00320    .optional_ies = {
00321       { AST_EVENT_IE_MODULE, SEC_EVT_FIELD(common, module) },
00322       { AST_EVENT_IE_SESSION_TV, SEC_EVT_FIELD(common, session_tv) },
00323       { AST_EVENT_IE_END, 0 }
00324    },
00325 },
00326 
00327 [AST_SECURITY_EVENT_INVAL_PASSWORD] = {
00328    .name     = "InvalidPassword",
00329    .version  = AST_SECURITY_EVENT_INVAL_PASSWORD_VERSION,
00330    .severity = AST_SECURITY_EVENT_SEVERITY_ERROR,
00331    .required_ies = {
00332       { AST_EVENT_IE_EVENT_TV, 0 },
00333       { AST_EVENT_IE_SEVERITY, 0 },
00334       { AST_EVENT_IE_SERVICE, SEC_EVT_FIELD(common, service) },
00335       { AST_EVENT_IE_EVENT_VERSION, SEC_EVT_FIELD(common, version) },
00336       { AST_EVENT_IE_ACCOUNT_ID, SEC_EVT_FIELD(common, account_id) },
00337       { AST_EVENT_IE_SESSION_ID, SEC_EVT_FIELD(common, session_id) },
00338       { AST_EVENT_IE_LOCAL_ADDR, SEC_EVT_FIELD(common, local_addr) },
00339       { AST_EVENT_IE_REMOTE_ADDR, SEC_EVT_FIELD(common, remote_addr) },
00340       { AST_EVENT_IE_CHALLENGE, SEC_EVT_FIELD(inval_password, challenge) },
00341       { AST_EVENT_IE_RECEIVED_CHALLENGE, SEC_EVT_FIELD(inval_password, received_challenge) },
00342       { AST_EVENT_IE_RECEIVED_HASH, SEC_EVT_FIELD(inval_password, received_hash) },
00343       { AST_EVENT_IE_END, 0 }
00344    },
00345    .optional_ies = {
00346       { AST_EVENT_IE_MODULE, SEC_EVT_FIELD(common, module) },
00347       { AST_EVENT_IE_SESSION_TV, SEC_EVT_FIELD(common, session_tv) },
00348       { AST_EVENT_IE_END, 0 }
00349    },
00350 },
00351 
00352 [AST_SECURITY_EVENT_CHAL_SENT] = {
00353    .name     = "ChallengeSent",
00354    .version  = AST_SECURITY_EVENT_CHAL_SENT_VERSION,
00355    .severity = AST_SECURITY_EVENT_SEVERITY_INFO,
00356    .required_ies = {
00357       { AST_EVENT_IE_EVENT_TV, 0 },
00358       { AST_EVENT_IE_SEVERITY, 0 },
00359       { AST_EVENT_IE_SERVICE, SEC_EVT_FIELD(common, service) },
00360       { AST_EVENT_IE_EVENT_VERSION, SEC_EVT_FIELD(common, version) },
00361       { AST_EVENT_IE_ACCOUNT_ID, SEC_EVT_FIELD(common, account_id) },
00362       { AST_EVENT_IE_SESSION_ID, SEC_EVT_FIELD(common, session_id) },
00363       { AST_EVENT_IE_LOCAL_ADDR, SEC_EVT_FIELD(common, local_addr) },
00364       { AST_EVENT_IE_REMOTE_ADDR, SEC_EVT_FIELD(common, remote_addr) },
00365       { AST_EVENT_IE_CHALLENGE, SEC_EVT_FIELD(chal_sent, challenge) },
00366       { AST_EVENT_IE_END, 0 }
00367    },
00368    .optional_ies = {
00369       { AST_EVENT_IE_MODULE, SEC_EVT_FIELD(common, module) },
00370       { AST_EVENT_IE_SESSION_TV, SEC_EVT_FIELD(common, session_tv) },
00371       { AST_EVENT_IE_END, 0 }
00372    },
00373 },
00374 
00375 [AST_SECURITY_EVENT_INVAL_TRANSPORT] = {
00376    .name     = "InvalidTransport",
00377    .version  = AST_SECURITY_EVENT_INVAL_TRANSPORT_VERSION,
00378    .severity = AST_SECURITY_EVENT_SEVERITY_ERROR,
00379    .required_ies = {
00380       { AST_EVENT_IE_EVENT_TV, 0 },
00381       { AST_EVENT_IE_SEVERITY, 0 },
00382       { AST_EVENT_IE_SERVICE, SEC_EVT_FIELD(common, service) },
00383       { AST_EVENT_IE_EVENT_VERSION, SEC_EVT_FIELD(common, version) },
00384       { AST_EVENT_IE_ACCOUNT_ID, SEC_EVT_FIELD(common, account_id) },
00385       { AST_EVENT_IE_SESSION_ID, SEC_EVT_FIELD(common, session_id) },
00386       { AST_EVENT_IE_LOCAL_ADDR, SEC_EVT_FIELD(common, local_addr) },
00387       { AST_EVENT_IE_REMOTE_ADDR, SEC_EVT_FIELD(common, remote_addr) },
00388       { AST_EVENT_IE_ATTEMPTED_TRANSPORT, SEC_EVT_FIELD(inval_transport, transport) },
00389       { AST_EVENT_IE_END, 0 }
00390    },
00391    .optional_ies = {
00392       { AST_EVENT_IE_MODULE, SEC_EVT_FIELD(common, module) },
00393       { AST_EVENT_IE_SESSION_TV, SEC_EVT_FIELD(common, session_tv) },
00394       { AST_EVENT_IE_END, 0 }
00395    },
00396 },
00397 
00398 #undef SEC_EVT_FIELD
00399 
00400 };
00401 
00402 static const struct {
00403    enum ast_security_event_severity severity;
00404    const char *str;
00405 } severities[] = {
00406    { AST_SECURITY_EVENT_SEVERITY_INFO,  "Informational" },
00407    { AST_SECURITY_EVENT_SEVERITY_ERROR, "Error" },
00408 };
00409 
00410 const char *ast_security_event_severity_get_name(
00411       const enum ast_security_event_severity severity)
00412 {
00413    unsigned int i;
00414 
00415    for (i = 0; i < ARRAY_LEN(severities); i++) {
00416       if (severities[i].severity == severity) {
00417          return severities[i].str;
00418       }
00419    }
00420 
00421    return NULL;
00422 }
00423 
00424 static int check_event_type(const enum ast_security_event_type event_type)
00425 {
00426    if (event_type < 0 || event_type >= AST_SECURITY_EVENT_NUM_TYPES) {
00427       ast_log(LOG_ERROR, "Invalid security event type %u\n", event_type);
00428       return -1;
00429    }
00430 
00431    return 0;
00432 }
00433 
00434 const char *ast_security_event_get_name(const enum ast_security_event_type event_type)
00435 {
00436    if (check_event_type(event_type)) {
00437       return NULL;
00438    }
00439 
00440    return sec_events[event_type].name;
00441 }
00442 
00443 const struct ast_security_event_ie_type *ast_security_event_get_required_ies(
00444       const enum ast_security_event_type event_type)
00445 {
00446    if (check_event_type(event_type)) {
00447       return NULL;
00448    }
00449 
00450    return sec_events[event_type].required_ies;
00451 }
00452 
00453 const struct ast_security_event_ie_type *ast_security_event_get_optional_ies(
00454       const enum ast_security_event_type event_type)
00455 {
00456    if (check_event_type(event_type)) {
00457       return NULL;
00458    }
00459 
00460    return sec_events[event_type].optional_ies;
00461 }
00462 
00463 static void encode_timestamp(struct ast_str **str, const struct timeval *tv)
00464 {
00465    ast_str_set(str, 0, "%u-%u",
00466          (unsigned int) tv->tv_sec,
00467          (unsigned int) tv->tv_usec);
00468 }
00469 
00470 static struct ast_event *alloc_event(const struct ast_security_event_common *sec)
00471 {
00472    struct ast_str *str = ast_str_alloca(TIMESTAMP_STR_LEN);
00473    struct timeval tv = ast_tvnow();
00474    const char *severity_str;
00475 
00476    if (check_event_type(sec->event_type)) {
00477       return NULL;
00478    }
00479 
00480    encode_timestamp(&str, &tv);
00481 
00482    severity_str = S_OR(
00483       ast_security_event_severity_get_name(sec_events[sec->event_type].severity),
00484       "Unknown"
00485    );
00486 
00487    return ast_event_new(AST_EVENT_SECURITY,
00488       AST_EVENT_IE_SECURITY_EVENT, AST_EVENT_IE_PLTYPE_UINT, sec->event_type,
00489       AST_EVENT_IE_EVENT_VERSION, AST_EVENT_IE_PLTYPE_UINT, sec->version,
00490       AST_EVENT_IE_EVENT_TV, AST_EVENT_IE_PLTYPE_STR, str->str,
00491       AST_EVENT_IE_SERVICE, AST_EVENT_IE_PLTYPE_STR, sec->service,
00492       AST_EVENT_IE_SEVERITY, AST_EVENT_IE_PLTYPE_STR, severity_str,
00493       AST_EVENT_IE_END);
00494 }
00495 
00496 static int add_timeval_ie(struct ast_event **event, enum ast_event_ie_type ie_type,
00497       const struct timeval *tv)
00498 {
00499    struct ast_str *str = ast_str_alloca(TIMESTAMP_STR_LEN);
00500 
00501    encode_timestamp(&str, tv);
00502 
00503    return ast_event_append_ie_str(event, ie_type, ast_str_buffer(str));
00504 }
00505 
00506 static int add_ip_ie(struct ast_event **event, enum ast_event_ie_type ie_type,
00507       const struct ast_security_event_ip_addr *addr)
00508 {
00509    struct ast_str *str = ast_str_alloca(64);
00510 
00511    ast_str_set(&str, 0, (ast_sockaddr_is_ipv4(addr->addr) || ast_sockaddr_is_ipv4_mapped(addr->addr)) ? "IPV4/" : "IPV6/");
00512 
00513    switch (addr->transport) {
00514    case AST_SECURITY_EVENT_TRANSPORT_UDP:
00515       ast_str_append(&str, 0, "UDP/");
00516       break;
00517    case AST_SECURITY_EVENT_TRANSPORT_TCP:
00518       ast_str_append(&str, 0, "TCP/");
00519       break;
00520    case AST_SECURITY_EVENT_TRANSPORT_TLS:
00521       ast_str_append(&str, 0, "TLS/");
00522       break;
00523    }
00524 
00525    ast_str_append(&str, 0, "%s", ast_sockaddr_stringify_addr(addr->addr));
00526    ast_str_append(&str, 0, "/%s", ast_sockaddr_stringify_port(addr->addr));
00527 
00528    return ast_event_append_ie_str(event, ie_type, ast_str_buffer(str));
00529 }
00530 
00531 enum ie_required {
00532    NOT_REQUIRED,
00533    REQUIRED
00534 };
00535 
00536 static int add_ie(struct ast_event **event, const struct ast_security_event_common *sec,
00537       const struct ast_security_event_ie_type *ie_type, enum ie_required req)
00538 {
00539    int res = 0;
00540 
00541    switch (ie_type->ie_type) {
00542    case AST_EVENT_IE_SERVICE:
00543    case AST_EVENT_IE_ACCOUNT_ID:
00544    case AST_EVENT_IE_SESSION_ID:
00545    case AST_EVENT_IE_MODULE:
00546    case AST_EVENT_IE_ACL_NAME:
00547    case AST_EVENT_IE_REQUEST_TYPE:
00548    case AST_EVENT_IE_REQUEST_PARAMS:
00549    case AST_EVENT_IE_AUTH_METHOD:
00550    case AST_EVENT_IE_CHALLENGE:
00551    case AST_EVENT_IE_RESPONSE:
00552    case AST_EVENT_IE_EXPECTED_RESPONSE:
00553    case AST_EVENT_IE_RECEIVED_CHALLENGE:
00554    case AST_EVENT_IE_RECEIVED_HASH:
00555    case AST_EVENT_IE_ATTEMPTED_TRANSPORT:
00556    {
00557       const char *str;
00558 
00559       str = *((const char **)(((const char *) sec) + ie_type->offset));
00560 
00561       if (req && !str) {
00562          ast_log(LOG_WARNING, "Required IE '%d' for security event "
00563                "type '%d' not present\n", ie_type->ie_type,
00564                sec->event_type);
00565          res = -1;
00566       }
00567 
00568       if (str) {
00569          res = ast_event_append_ie_str(event, ie_type->ie_type, str);
00570       }
00571 
00572       break;
00573    }
00574    case AST_EVENT_IE_EVENT_VERSION:
00575    case AST_EVENT_IE_USING_PASSWORD:
00576    {
00577       uint32_t val;
00578       val = *((const uint32_t *)(((const char *) sec) + ie_type->offset));
00579       res = ast_event_append_ie_uint(event, ie_type->ie_type, val);
00580       break;
00581    }
00582    case AST_EVENT_IE_LOCAL_ADDR:
00583    case AST_EVENT_IE_REMOTE_ADDR:
00584    case AST_EVENT_IE_EXPECTED_ADDR:
00585    {
00586       const struct ast_security_event_ip_addr *addr;
00587 
00588       addr = (const struct ast_security_event_ip_addr *)(((const char *) sec) + ie_type->offset);
00589 
00590       if (req && !addr->addr) {
00591          ast_log(LOG_WARNING, "Required IE '%d' for security event "
00592                "type '%d' not present\n", ie_type->ie_type,
00593                sec->event_type);
00594          res = -1;
00595       }
00596 
00597       if (addr->addr) {
00598          res = add_ip_ie(event, ie_type->ie_type, addr);
00599       }
00600       break;
00601    }
00602    case AST_EVENT_IE_SESSION_TV:
00603    {
00604       const struct timeval *tval;
00605 
00606       tval = *((const struct timeval **)(((const char *) sec) + ie_type->offset));
00607 
00608       if (req && !tval) {
00609          ast_log(LOG_WARNING, "Required IE '%d' for security event "
00610                "type '%d' not present\n", ie_type->ie_type,
00611                sec->event_type);
00612          res = -1;
00613       }
00614 
00615       if (tval) {
00616          add_timeval_ie(event, ie_type->ie_type, tval);
00617       }
00618 
00619       break;
00620    }
00621    case AST_EVENT_IE_EVENT_TV:
00622    case AST_EVENT_IE_SEVERITY:
00623       /* Added automatically, nothing to do here. */
00624       break;
00625    default:
00626       ast_log(LOG_WARNING, "Unhandled IE type '%d', this security event "
00627             "will be missing data.\n", ie_type->ie_type);
00628       break;
00629    }
00630 
00631    return res;
00632 }
00633 
00634 static int handle_security_event(const struct ast_security_event_common *sec)
00635 {
00636    struct ast_event *event;
00637    const struct ast_security_event_ie_type *ies;
00638    unsigned int i;
00639 
00640    if (!(event = alloc_event(sec))) {
00641       return -1;
00642    }
00643 
00644    for (ies = ast_security_event_get_required_ies(sec->event_type), i = 0;
00645          ies[i].ie_type != AST_EVENT_IE_END;
00646          i++) {
00647       if (add_ie(&event, sec, ies + i, REQUIRED)) {
00648          goto return_error;
00649       }
00650    }
00651 
00652    for (ies = ast_security_event_get_optional_ies(sec->event_type), i = 0;
00653          ies[i].ie_type != AST_EVENT_IE_END;
00654          i++) {
00655       if (add_ie(&event, sec, ies + i, NOT_REQUIRED)) {
00656          goto return_error;
00657       }
00658    }
00659 
00660 
00661    if (ast_event_queue(event)) {
00662       goto return_error;
00663    }
00664 
00665    return 0;
00666 
00667 return_error:
00668    if (event) {
00669       ast_event_destroy(event);
00670    }
00671 
00672    return -1;
00673 }
00674 
00675 int ast_security_event_report(const struct ast_security_event_common *sec)
00676 {
00677    int res;
00678 
00679    if (sec->event_type < 0 || sec->event_type >= AST_SECURITY_EVENT_NUM_TYPES) {
00680       ast_log(LOG_ERROR, "Invalid security event type\n");
00681       return -1;
00682    }
00683 
00684    if (!sec_events[sec->event_type].name) {
00685       ast_log(LOG_WARNING, "Security event type %u not handled\n",
00686             sec->event_type);
00687       return -1;
00688    }
00689 
00690    if (sec->version != sec_events[sec->event_type].version) {
00691       ast_log(LOG_WARNING, "Security event %u version mismatch\n",
00692             sec->event_type);
00693       return -1;
00694    }
00695 
00696    res = handle_security_event(sec);
00697 
00698    return res;
00699 }
00700 
00701
Generated on Sun May 20 06:34:00 2012 for Asterisk - The Open Source Telephony Project by  doxygen 1.5.6