Mon Oct 8 12:39:29 2012

Asterisk developer's documentation


security_events.c File Reference

Security Event Reporting Helpers. More...

#include "asterisk.h"
#include "asterisk/utils.h"
#include "asterisk/strings.h"
#include "asterisk/network.h"
#include "asterisk/security_events.h"

Go to the source code of this file.

Defines

#define MAX_SECURITY_IES   12
#define SEC_EVT_FIELD(e, field)   (offsetof(struct ast_security_event_##e, field))

Enumerations

enum  ie_required { NOT_REQUIRED, REQUIRED }

Functions

static int add_ie (struct ast_event **event, const struct ast_security_event_common *sec, const struct ast_security_event_ie_type *ie_type, enum ie_required req)
static int add_ipv4_ie (struct ast_event **event, enum ast_event_ie_type ie_type, const struct ast_security_event_ipv4_addr *addr)
static int add_timeval_ie (struct ast_event **event, enum ast_event_ie_type ie_type, const struct timeval *tv)
static struct ast_eventalloc_event (const struct ast_security_event_common *sec)
const char * ast_security_event_get_name (const enum ast_security_event_type event_type)
 Get the name of a security event sub-type.
ast_security_event_ie_typeast_security_event_get_optional_ies (const enum ast_security_event_type event_type)
 Get the list of optional IEs for a given security event sub-type.
ast_security_event_ie_typeast_security_event_get_required_ies (const enum ast_security_event_type event_type)
 Get the list of required IEs for a given security event sub-type.
int ast_security_event_report (const struct ast_security_event_common *sec)
 Report a security event.
const char * ast_security_event_severity_get_name (const enum ast_security_event_severity severity)
 Get the name of a security event severity.
static int check_event_type (const enum ast_security_event_type event_type)
static void encode_timestamp (struct ast_str **str, const struct timeval *tv)
static int handle_security_event (const struct ast_security_event_common *sec)

Variables

struct {
   const char *   name
   ast_security_event_ie_type   optional_ies [MAX_SECURITY_IES]
   ast_security_event_ie_type   required_ies [MAX_SECURITY_IES]
   enum ast_security_event_severity   severity
   uint32_t   version
sec_events [AST_SECURITY_EVENT_NUM_TYPES]
struct {
   enum ast_security_event_severity   severity
   const char *   str
severities []
static const size_t TIMESTAMP_STR_LEN = 32


Detailed Description

Security Event Reporting Helpers.

Author:
Russell Bryant <russell@digium.com>

Definition in file security_events.c.


Define Documentation

#define MAX_SECURITY_IES   12

Definition at line 46 of file security_events.c.

#define SEC_EVT_FIELD ( e,
field   )     (offsetof(struct ast_security_event_##e, field))


Enumeration Type Documentation

enum ie_required

Enumerator:
NOT_REQUIRED 
REQUIRED 

Definition at line 485 of file security_events.c.

00485                  {
00486    NOT_REQUIRED,
00487    REQUIRED
00488 };


Function Documentation

static int add_ie ( struct ast_event **  event,
const struct ast_security_event_common sec,
const struct ast_security_event_ie_type ie_type,
enum ie_required  req 
) [static]

Definition at line 490 of file security_events.c.

References add_ipv4_ie(), add_timeval_ie(), ast_event_append_ie_str(), ast_event_append_ie_uint(), AST_EVENT_IE_ACCOUNT_ID, AST_EVENT_IE_ACL_NAME, AST_EVENT_IE_AUTH_METHOD, AST_EVENT_IE_CHALLENGE, AST_EVENT_IE_EVENT_TV, AST_EVENT_IE_EVENT_VERSION, AST_EVENT_IE_EXPECTED_ADDR, AST_EVENT_IE_EXPECTED_RESPONSE, AST_EVENT_IE_LOCAL_ADDR, AST_EVENT_IE_MODULE, AST_EVENT_IE_REMOTE_ADDR, AST_EVENT_IE_REQUEST_PARAMS, AST_EVENT_IE_REQUEST_TYPE, AST_EVENT_IE_RESPONSE, AST_EVENT_IE_SERVICE, AST_EVENT_IE_SESSION_ID, AST_EVENT_IE_SESSION_TV, AST_EVENT_IE_SEVERITY, ast_log(), ast_security_event_ie_type::ie_type, LOG_WARNING, ast_security_event_ie_type::offset, ast_security_event_ipv4_addr::sin, and str.

Referenced by handle_security_event().

00492 {
00493    int res = 0;
00494 
00495    switch (ie_type->ie_type) {
00496    case AST_EVENT_IE_SERVICE:
00497    case AST_EVENT_IE_ACCOUNT_ID:
00498    case AST_EVENT_IE_SESSION_ID:
00499    case AST_EVENT_IE_MODULE:
00500    case AST_EVENT_IE_ACL_NAME:
00501    case AST_EVENT_IE_REQUEST_TYPE:
00502    case AST_EVENT_IE_REQUEST_PARAMS:
00503    case AST_EVENT_IE_AUTH_METHOD:
00504    case AST_EVENT_IE_CHALLENGE:
00505    case AST_EVENT_IE_RESPONSE:
00506    case AST_EVENT_IE_EXPECTED_RESPONSE:
00507    {
00508       const char *str;
00509 
00510       str = *((const char **)(((const char *) sec) + ie_type->offset));
00511 
00512       if (req && !str) {
00513          ast_log(LOG_WARNING, "Required IE '%d' for security event "
00514                "type '%d' not present\n", ie_type->ie_type,
00515                sec->event_type);
00516          res = -1;
00517       }
00518 
00519       if (str) {
00520          res = ast_event_append_ie_str(event, ie_type->ie_type, str);
00521       }
00522 
00523       break;
00524    }
00525    case AST_EVENT_IE_EVENT_VERSION:
00526    {
00527       uint32_t val;
00528       val = *((const uint32_t *)(((const char *) sec) + ie_type->offset));
00529       res = ast_event_append_ie_uint(event, ie_type->ie_type, val);
00530       break;
00531    }
00532    case AST_EVENT_IE_LOCAL_ADDR:
00533    case AST_EVENT_IE_REMOTE_ADDR:
00534    case AST_EVENT_IE_EXPECTED_ADDR:
00535    {
00536       const struct ast_security_event_ipv4_addr *addr;
00537 
00538       addr = (const struct ast_security_event_ipv4_addr *)(((const char *) sec) + ie_type->offset);
00539 
00540       if (req && !addr->sin) {
00541          ast_log(LOG_WARNING, "Required IE '%d' for security event "
00542                "type '%d' not present\n", ie_type->ie_type,
00543                sec->event_type);
00544          res = -1;
00545       }
00546 
00547       if (addr->sin) {
00548          res = add_ipv4_ie(event, ie_type->ie_type, addr);
00549       }
00550       break;
00551    }
00552    case AST_EVENT_IE_SESSION_TV:
00553    {
00554       const struct timeval *tval;
00555 
00556       tval = *((const struct timeval **)(((const char *) sec) + ie_type->offset));
00557 
00558       if (req && !tval) {
00559          ast_log(LOG_WARNING, "Required IE '%d' for security event "
00560                "type '%d' not present\n", ie_type->ie_type,
00561                sec->event_type);
00562          res = -1;
00563       }
00564 
00565       if (tval) {
00566          add_timeval_ie(event, ie_type->ie_type, tval);
00567       }
00568 
00569       break;
00570    }
00571    case AST_EVENT_IE_EVENT_TV:
00572    case AST_EVENT_IE_SEVERITY:
00573       /* Added automatically, nothing to do here. */
00574       break;
00575    default:
00576       ast_log(LOG_WARNING, "Unhandled IE type '%d', this security event "
00577             "will be missing data.\n", ie_type->ie_type);
00578       break;
00579    }
00580 
00581    return res;
00582 }

static int add_ipv4_ie ( struct ast_event **  event,
enum ast_event_ie_type  ie_type,
const struct ast_security_event_ipv4_addr addr 
) [static]

Definition at line 459 of file security_events.c.

References ast_event_append_ie_str(), ast_inet_ntoa(), AST_SECURITY_EVENT_TRANSPORT_TCP, AST_SECURITY_EVENT_TRANSPORT_TLS, AST_SECURITY_EVENT_TRANSPORT_UDP, ast_str_alloca, ast_str_append(), ast_str_buffer(), ast_str_set(), ast_security_event_ipv4_addr::sin, str, and ast_security_event_ipv4_addr::transport.

Referenced by add_ie().

00461 {
00462    struct ast_str *str = ast_str_alloca(64);
00463 
00464    ast_str_set(&str, 0, "IPV4/");
00465 
00466    switch (addr->transport) {
00467    case AST_SECURITY_EVENT_TRANSPORT_UDP:
00468       ast_str_append(&str, 0, "UDP/");
00469       break;
00470    case AST_SECURITY_EVENT_TRANSPORT_TCP:
00471       ast_str_append(&str, 0, "TCP/");
00472       break;
00473    case AST_SECURITY_EVENT_TRANSPORT_TLS:
00474       ast_str_append(&str, 0, "TLS/");
00475       break;
00476    }
00477 
00478    ast_str_append(&str, 0, "%s/%hu",
00479          ast_inet_ntoa(addr->sin->sin_addr),
00480          ntohs(addr->sin->sin_port));
00481 
00482    return ast_event_append_ie_str(event, ie_type, ast_str_buffer(str));
00483 }

static int add_timeval_ie ( struct ast_event **  event,
enum ast_event_ie_type  ie_type,
const struct timeval *  tv 
) [static]

Definition at line 449 of file security_events.c.

References ast_event_append_ie_str(), ast_str_alloca, ast_str_buffer(), encode_timestamp(), and str.

Referenced by add_ie().

00451 {
00452    struct ast_str *str = ast_str_alloca(TIMESTAMP_STR_LEN);
00453 
00454    encode_timestamp(&str, tv);
00455 
00456    return ast_event_append_ie_str(event, ie_type, ast_str_buffer(str));
00457 }

static struct ast_event* alloc_event ( const struct ast_security_event_common sec  )  [static]

Definition at line 423 of file security_events.c.

References AST_EVENT_IE_END, AST_EVENT_IE_EVENT_TV, AST_EVENT_IE_EVENT_VERSION, AST_EVENT_IE_PLTYPE_STR, AST_EVENT_IE_PLTYPE_UINT, AST_EVENT_IE_SECURITY_EVENT, AST_EVENT_IE_SERVICE, AST_EVENT_IE_SEVERITY, ast_event_new(), AST_EVENT_SECURITY, ast_security_event_severity_get_name(), ast_str_alloca, ast_tvnow(), check_event_type(), encode_timestamp(), ast_security_event_common::event_type, S_OR, ast_security_event_common::service, str, and ast_security_event_common::version.

Referenced by handle_security_event().

00424 {
00425    struct ast_str *str = ast_str_alloca(TIMESTAMP_STR_LEN);
00426    struct timeval tv = ast_tvnow();
00427    const char *severity_str;
00428 
00429    if (check_event_type(sec->event_type)) {
00430       return NULL;
00431    }
00432 
00433    encode_timestamp(&str, &tv);
00434 
00435    severity_str = S_OR(
00436       ast_security_event_severity_get_name(sec_events[sec->event_type].severity),
00437       "Unknown"
00438    );
00439 
00440    return ast_event_new(AST_EVENT_SECURITY,
00441       AST_EVENT_IE_SECURITY_EVENT, AST_EVENT_IE_PLTYPE_UINT, sec->event_type,
00442       AST_EVENT_IE_EVENT_VERSION, AST_EVENT_IE_PLTYPE_UINT, sec->version,
00443       AST_EVENT_IE_EVENT_TV, AST_EVENT_IE_PLTYPE_STR, str->str,
00444       AST_EVENT_IE_SERVICE, AST_EVENT_IE_PLTYPE_STR, sec->service,
00445       AST_EVENT_IE_SEVERITY, AST_EVENT_IE_PLTYPE_STR, severity_str,
00446       AST_EVENT_IE_END);
00447 }

const char* ast_security_event_get_name ( const enum ast_security_event_type  event_type  ) 

Get the name of a security event sub-type.

Parameters:
[in] event_type security event sub-type
Return values:
NULL if event_type is invalid
non-NULL the name of the security event type
Since:
1.8

Definition at line 387 of file security_events.c.

References check_event_type().

Referenced by security_event_cb().

00388 {
00389    if (check_event_type(event_type)) {
00390       return NULL;
00391    }
00392 
00393    return sec_events[event_type].name;
00394 }

struct ast_security_event_ie_type* ast_security_event_get_optional_ies ( const enum ast_security_event_type  event_type  ) 

Get the list of optional IEs for a given security event sub-type.

Parameters:
[in] event_type security event sub-type
Return values:
NULL invalid event_type
non-NULL An array terminated with the value AST_EVENT_IE_END
Since:
1.8

Definition at line 406 of file security_events.c.

References check_event_type().

Referenced by handle_security_event(), and security_event_cb().

00408 {
00409    if (check_event_type(event_type)) {
00410       return NULL;
00411    }
00412 
00413    return sec_events[event_type].optional_ies;
00414 }

struct ast_security_event_ie_type* ast_security_event_get_required_ies ( const enum ast_security_event_type  event_type  ) 

Get the list of required IEs for a given security event sub-type.

Parameters:
[in] event_type security event sub-type
Return values:
NULL invalid event_type
non-NULL An array terminated with the value AST_EVENT_IE_END
Since:
1.8

Definition at line 396 of file security_events.c.

References check_event_type().

Referenced by handle_security_event(), and security_event_cb().

00398 {
00399    if (check_event_type(event_type)) {
00400       return NULL;
00401    }
00402 
00403    return sec_events[event_type].required_ies;
00404 }

int ast_security_event_report ( const struct ast_security_event_common sec  ) 

Report a security event.

Parameters:
[in] sec security event data. Callers of this function should never declare an instance of ast_security_event_common directly. The argument should be an instance of a specific security event descriptor which has ast_security_event_common at the very beginning.
Return values:
0 success
non-zero failure

Definition at line 625 of file security_events.c.

References ast_log(), AST_SECURITY_EVENT_NUM_TYPES, ast_security_event_common::event_type, handle_security_event(), LOG_ERROR, LOG_WARNING, and ast_security_event_common::version.

Referenced by report_auth_success(), report_failed_acl(), report_failed_challenge_response(), report_inval_password(), report_invalid_user(), report_req_bad_format(), report_req_not_allowed(), and report_session_limit().

00626 {
00627    int res;
00628 
00629    if (sec->event_type < 0 || sec->event_type >= AST_SECURITY_EVENT_NUM_TYPES) {
00630       ast_log(LOG_ERROR, "Invalid security event type\n");
00631       return -1;
00632    }
00633 
00634    if (!sec_events[sec->event_type].name) {
00635       ast_log(LOG_WARNING, "Security event type %u not handled\n",
00636             sec->event_type);
00637       return -1;
00638    }
00639 
00640    if (sec->version != sec_events[sec->event_type].version) {
00641       ast_log(LOG_WARNING, "Security event %u version mismatch\n",
00642             sec->event_type);
00643       return -1;
00644    }
00645 
00646    res = handle_security_event(sec);
00647 
00648    return res;
00649 }

const char* ast_security_event_severity_get_name ( const enum ast_security_event_severity  severity  ) 

Get the name of a security event severity.

Parameters:
[in] severity security event severity
Return values:
NULL if severity is invalid
non-NULL the name of the security event severity
Since:
1.8

Definition at line 363 of file security_events.c.

References ARRAY_LEN, and severities.

Referenced by alloc_event().

00365 {
00366    unsigned int i;
00367 
00368    for (i = 0; i < ARRAY_LEN(severities); i++) {
00369       if (severities[i].severity == severity) {
00370          return severities[i].str;
00371       }
00372    }
00373 
00374    return NULL;
00375 }

static int check_event_type ( const enum ast_security_event_type  event_type  )  [static]

Definition at line 377 of file security_events.c.

References ast_log(), AST_SECURITY_EVENT_NUM_TYPES, and LOG_ERROR.

Referenced by alloc_event(), ast_security_event_get_name(), ast_security_event_get_optional_ies(), and ast_security_event_get_required_ies().

00378 {
00379    if (event_type < 0 || event_type >= AST_SECURITY_EVENT_NUM_TYPES) {
00380       ast_log(LOG_ERROR, "Invalid security event type %u\n", event_type);
00381       return -1;
00382    }
00383 
00384    return 0;
00385 }

static void encode_timestamp ( struct ast_str **  str,
const struct timeval *  tv 
) [static]

Definition at line 416 of file security_events.c.

References ast_str_set(), and str.

Referenced by add_timeval_ie(), and alloc_event().

00417 {
00418    ast_str_set(str, 0, "%u-%u",
00419          (unsigned int) tv->tv_sec,
00420          (unsigned int) tv->tv_usec);
00421 }

static int handle_security_event ( const struct ast_security_event_common sec  )  [static]

Definition at line 584 of file security_events.c.

References add_ie(), alloc_event(), ast_event_destroy(), AST_EVENT_IE_END, ast_event_queue(), ast_security_event_get_optional_ies(), ast_security_event_get_required_ies(), ast_security_event_common::event_type, ast_security_event_ie_type::ie_type, and NOT_REQUIRED.

Referenced by ast_security_event_report().

00585 {
00586    struct ast_event *event;
00587    const struct ast_security_event_ie_type *ies;
00588    unsigned int i;
00589 
00590    if (!(event = alloc_event(sec))) {
00591       return -1;
00592    }
00593 
00594    for (ies = ast_security_event_get_required_ies(sec->event_type), i = 0;
00595          ies[i].ie_type != AST_EVENT_IE_END;
00596          i++) {
00597       if (add_ie(&event, sec, ies + i, REQUIRED)) {
00598          goto return_error;
00599       }
00600    }
00601 
00602    for (ies = ast_security_event_get_optional_ies(sec->event_type), i = 0;
00603          ies[i].ie_type != AST_EVENT_IE_END;
00604          i++) {
00605       if (add_ie(&event, sec, ies + i, NOT_REQUIRED)) {
00606          goto return_error;
00607       }
00608    }
00609 
00610 
00611    if (ast_event_queue(event)) {
00612       goto return_error;
00613    }
00614 
00615    return 0;
00616 
00617 return_error:
00618    if (event) {
00619       ast_event_destroy(event);
00620    }
00621 
00622    return -1;
00623 }


Variable Documentation

const char* name

Definition at line 43 of file security_events.c.

struct ast_security_event_ie_type optional_ies[MAX_SECURITY_IES]

Definition at line 48 of file security_events.c.

struct ast_security_event_ie_type required_ies[MAX_SECURITY_IES]

Definition at line 47 of file security_events.c.

struct { ... } sec_events[AST_SECURITY_EVENT_NUM_TYPES] [static]

struct { ... } severities[] [static]

Referenced by ast_security_event_severity_get_name().

enum ast_security_event_severity severity

Definition at line 356 of file security_events.c.

enum ast_security_event_severity severity

Definition at line 45 of file security_events.c.

const char* str

Definition at line 357 of file security_events.c.

const size_t TIMESTAMP_STR_LEN = 32 [static]

Definition at line 40 of file security_events.c.

uint32_t version

Definition at line 44 of file security_events.c.

Referenced by add_sdp(), aji_dinfo_handler(), ast_remotecontrol(), ast_rtp_read(), ast_var_Version(), check_access(), config_module(), dump_versioned_codec(), iax_parse_ies(), ldap_reconnect(), manager_modulecheck(), parse_config(), and update_registry().


Generated on Mon Oct 8 12:39:29 2012 for Asterisk - The Open Source Telephony Project by  doxygen 1.4.7