Wed Jan 8 2020 09:49:51

Asterisk developer's documentation


security_events.c
Go to the documentation of this file.
1 /*
2  * Asterisk -- An open source telephony toolkit.
3  *
4  * Copyright (C) 2009, Digium, Inc.
5  *
6  * Russell Bryant <russell@digium.com>
7  *
8  * See http://www.asterisk.org for more information about
9  * the Asterisk project. Please do not directly contact
10  * any of the maintainers of this project for assistance;
11  * the project provides a web site, mailing lists and IRC
12  * channels for your use.
13  *
14  * This program is free software, distributed under the terms of
15  * the GNU General Public License Version 2. See the LICENSE file
16  * at the top of the source tree.
17  */
18 
19 /*!
20  * \file
21  *
22  * \brief Security Event Reporting Helpers
23  *
24  * \author Russell Bryant <russell@digium.com>
25  */
26 
27 /*** MODULEINFO
28  <support_level>core</support_level>
29  ***/
30 
31 #include "asterisk.h"
32 
33 ASTERISK_FILE_VERSION(__FILE__, "$Revision: 413586 $")
34 
35 #include "asterisk/utils.h"
36 #include "asterisk/strings.h"
37 #include "asterisk/network.h"
39 
40 static const size_t TIMESTAMP_STR_LEN = 32;
41 
42 static const struct {
43  const char *name;
44  uint32_t version;
46 #define MAX_SECURITY_IES 12
49 #undef MAX_SECURITY_IES
51 
52 #define SEC_EVT_FIELD(e, field) (offsetof(struct ast_security_event_##e, field))
53 
55  .name = "FailedACL",
58  .required_ies = {
59  { AST_EVENT_IE_EVENT_TV, 0 },
60  { AST_EVENT_IE_SEVERITY, 0 },
63  { AST_EVENT_IE_ACCOUNT_ID, SEC_EVT_FIELD(common, account_id) },
64  { AST_EVENT_IE_SESSION_ID, SEC_EVT_FIELD(common, session_id) },
65  { AST_EVENT_IE_LOCAL_ADDR, SEC_EVT_FIELD(common, local_addr) },
66  { AST_EVENT_IE_REMOTE_ADDR, SEC_EVT_FIELD(common, remote_addr) },
67  { AST_EVENT_IE_END, 0 }
68  },
69  .optional_ies = {
70  { AST_EVENT_IE_MODULE, SEC_EVT_FIELD(common, module) },
71  { AST_EVENT_IE_ACL_NAME, SEC_EVT_FIELD(failed_acl, acl_name) },
72  { AST_EVENT_IE_SESSION_TV, SEC_EVT_FIELD(common, session_tv) },
73  { AST_EVENT_IE_END, 0 }
74  },
75 },
76 
78  .name = "InvalidAccountID",
81  .required_ies = {
82  { AST_EVENT_IE_EVENT_TV, 0 },
83  { AST_EVENT_IE_SEVERITY, 0 },
86  { AST_EVENT_IE_ACCOUNT_ID, SEC_EVT_FIELD(common, account_id) },
87  { AST_EVENT_IE_SESSION_ID, SEC_EVT_FIELD(common, session_id) },
88  { AST_EVENT_IE_LOCAL_ADDR, SEC_EVT_FIELD(common, local_addr) },
89  { AST_EVENT_IE_REMOTE_ADDR, SEC_EVT_FIELD(common, remote_addr) },
90  { AST_EVENT_IE_END, 0 }
91  },
92  .optional_ies = {
93  { AST_EVENT_IE_MODULE, SEC_EVT_FIELD(common, module) },
94  { AST_EVENT_IE_SESSION_TV, SEC_EVT_FIELD(common, session_tv) },
95  { AST_EVENT_IE_END, 0 }
96  },
97 },
98 
100  .name = "SessionLimit",
103  .required_ies = {
104  { AST_EVENT_IE_EVENT_TV, 0 },
105  { AST_EVENT_IE_SEVERITY, 0 },
108  { AST_EVENT_IE_ACCOUNT_ID, SEC_EVT_FIELD(common, account_id) },
109  { AST_EVENT_IE_SESSION_ID, SEC_EVT_FIELD(common, session_id) },
110  { AST_EVENT_IE_LOCAL_ADDR, SEC_EVT_FIELD(common, local_addr) },
111  { AST_EVENT_IE_REMOTE_ADDR, SEC_EVT_FIELD(common, remote_addr) },
112  { AST_EVENT_IE_END, 0 }
113  },
114  .optional_ies = {
115  { AST_EVENT_IE_MODULE, SEC_EVT_FIELD(common, module) },
116  { AST_EVENT_IE_SESSION_TV, SEC_EVT_FIELD(common, session_tv) },
117  { AST_EVENT_IE_END, 0 }
118  },
119 },
120 
122  .name = "MemoryLimit",
125  .required_ies = {
126  { AST_EVENT_IE_EVENT_TV, 0 },
127  { AST_EVENT_IE_SEVERITY, 0 },
130  { AST_EVENT_IE_ACCOUNT_ID, SEC_EVT_FIELD(common, account_id) },
131  { AST_EVENT_IE_SESSION_ID, SEC_EVT_FIELD(common, session_id) },
132  { AST_EVENT_IE_LOCAL_ADDR, SEC_EVT_FIELD(common, local_addr) },
133  { AST_EVENT_IE_REMOTE_ADDR, SEC_EVT_FIELD(common, remote_addr) },
134  { AST_EVENT_IE_END, 0 }
135  },
136  .optional_ies = {
137  { AST_EVENT_IE_MODULE, SEC_EVT_FIELD(common, module) },
138  { AST_EVENT_IE_SESSION_TV, SEC_EVT_FIELD(common, session_tv) },
139  { AST_EVENT_IE_END, 0 }
140  },
141 },
142 
144  .name = "LoadAverageLimit",
147  .required_ies = {
148  { AST_EVENT_IE_EVENT_TV, 0 },
149  { AST_EVENT_IE_SEVERITY, 0 },
152  { AST_EVENT_IE_ACCOUNT_ID, SEC_EVT_FIELD(common, account_id) },
153  { AST_EVENT_IE_SESSION_ID, SEC_EVT_FIELD(common, session_id) },
154  { AST_EVENT_IE_LOCAL_ADDR, SEC_EVT_FIELD(common, local_addr) },
155  { AST_EVENT_IE_REMOTE_ADDR, SEC_EVT_FIELD(common, remote_addr) },
156  { AST_EVENT_IE_END, 0 }
157  },
158  .optional_ies = {
159  { AST_EVENT_IE_MODULE, SEC_EVT_FIELD(common, module) },
160  { AST_EVENT_IE_SESSION_TV, SEC_EVT_FIELD(common, session_tv) },
161  { AST_EVENT_IE_END, 0 }
162  },
163 },
164 
166  .name = "RequestNotSupported",
169  .required_ies = {
170  { AST_EVENT_IE_EVENT_TV, 0 },
171  { AST_EVENT_IE_SEVERITY, 0 },
174  { AST_EVENT_IE_ACCOUNT_ID, SEC_EVT_FIELD(common, account_id) },
175  { AST_EVENT_IE_SESSION_ID, SEC_EVT_FIELD(common, session_id) },
176  { AST_EVENT_IE_LOCAL_ADDR, SEC_EVT_FIELD(common, local_addr) },
177  { AST_EVENT_IE_REMOTE_ADDR, SEC_EVT_FIELD(common, remote_addr) },
178  { AST_EVENT_IE_REQUEST_TYPE, SEC_EVT_FIELD(req_no_support, request_type) },
179  { AST_EVENT_IE_END, 0 }
180  },
181  .optional_ies = {
182  { AST_EVENT_IE_MODULE, SEC_EVT_FIELD(common, module) },
183  { AST_EVENT_IE_SESSION_TV, SEC_EVT_FIELD(common, session_tv) },
184  { AST_EVENT_IE_END, 0 }
185  },
186 },
187 
189  .name = "RequestNotAllowed",
192  .required_ies = {
193  { AST_EVENT_IE_EVENT_TV, 0 },
194  { AST_EVENT_IE_SEVERITY, 0 },
197  { AST_EVENT_IE_ACCOUNT_ID, SEC_EVT_FIELD(common, account_id) },
198  { AST_EVENT_IE_SESSION_ID, SEC_EVT_FIELD(common, session_id) },
199  { AST_EVENT_IE_LOCAL_ADDR, SEC_EVT_FIELD(common, local_addr) },
200  { AST_EVENT_IE_REMOTE_ADDR, SEC_EVT_FIELD(common, remote_addr) },
201  { AST_EVENT_IE_REQUEST_TYPE, SEC_EVT_FIELD(req_not_allowed, request_type) },
202  { AST_EVENT_IE_END, 0 }
203  },
204  .optional_ies = {
205  { AST_EVENT_IE_MODULE, SEC_EVT_FIELD(common, module) },
206  { AST_EVENT_IE_SESSION_TV, SEC_EVT_FIELD(common, session_tv) },
207  { AST_EVENT_IE_REQUEST_PARAMS, SEC_EVT_FIELD(req_not_allowed, request_params) },
208  { AST_EVENT_IE_END, 0 }
209  },
210 },
211 
213  .name = "AuthMethodNotAllowed",
216  .required_ies = {
217  { AST_EVENT_IE_EVENT_TV, 0 },
218  { AST_EVENT_IE_SEVERITY, 0 },
221  { AST_EVENT_IE_ACCOUNT_ID, SEC_EVT_FIELD(common, account_id) },
222  { AST_EVENT_IE_SESSION_ID, SEC_EVT_FIELD(common, session_id) },
223  { AST_EVENT_IE_LOCAL_ADDR, SEC_EVT_FIELD(common, local_addr) },
224  { AST_EVENT_IE_REMOTE_ADDR, SEC_EVT_FIELD(common, remote_addr) },
225  { AST_EVENT_IE_AUTH_METHOD, SEC_EVT_FIELD(auth_method_not_allowed, auth_method) },
226  { AST_EVENT_IE_END, 0 }
227  },
228  .optional_ies = {
229  { AST_EVENT_IE_MODULE, SEC_EVT_FIELD(common, module) },
230  { AST_EVENT_IE_SESSION_TV, SEC_EVT_FIELD(common, session_tv) },
231  { AST_EVENT_IE_END, 0 }
232  },
233 },
234 
236  .name = "RequestBadFormat",
239  .required_ies = {
240  { AST_EVENT_IE_EVENT_TV, 0 },
241  { AST_EVENT_IE_SEVERITY, 0 },
244  { AST_EVENT_IE_SESSION_ID, SEC_EVT_FIELD(common, session_id) },
245  { AST_EVENT_IE_LOCAL_ADDR, SEC_EVT_FIELD(common, local_addr) },
246  { AST_EVENT_IE_REMOTE_ADDR, SEC_EVT_FIELD(common, remote_addr) },
247  { AST_EVENT_IE_REQUEST_TYPE, SEC_EVT_FIELD(req_bad_format, request_type) },
248  { AST_EVENT_IE_END, 0 }
249  },
250  .optional_ies = {
251  { AST_EVENT_IE_MODULE, SEC_EVT_FIELD(common, module) },
252  { AST_EVENT_IE_SESSION_TV, SEC_EVT_FIELD(common, session_tv) },
253  { AST_EVENT_IE_ACCOUNT_ID, SEC_EVT_FIELD(common, account_id) },
254  { AST_EVENT_IE_REQUEST_PARAMS, SEC_EVT_FIELD(req_bad_format, request_params) },
255  { AST_EVENT_IE_END, 0 }
256  },
257 },
258 
260  .name = "SuccessfulAuth",
263  .required_ies = {
264  { AST_EVENT_IE_EVENT_TV, 0 },
265  { AST_EVENT_IE_SEVERITY, 0 },
268  { AST_EVENT_IE_ACCOUNT_ID, SEC_EVT_FIELD(common, account_id) },
269  { AST_EVENT_IE_SESSION_ID, SEC_EVT_FIELD(common, session_id) },
270  { AST_EVENT_IE_LOCAL_ADDR, SEC_EVT_FIELD(common, local_addr) },
271  { AST_EVENT_IE_REMOTE_ADDR, SEC_EVT_FIELD(common, remote_addr) },
272  { AST_EVENT_IE_END, 0 }
273  },
274  .optional_ies = {
275  { AST_EVENT_IE_MODULE, SEC_EVT_FIELD(common, module) },
276  { AST_EVENT_IE_SESSION_TV, SEC_EVT_FIELD(common, session_tv) },
277  { AST_EVENT_IE_END, 0 }
278  },
279 },
280 
282  .name = "UnexpectedAddress",
285  .required_ies = {
286  { AST_EVENT_IE_EVENT_TV, 0 },
287  { AST_EVENT_IE_SEVERITY, 0 },
290  { AST_EVENT_IE_ACCOUNT_ID, SEC_EVT_FIELD(common, account_id) },
291  { AST_EVENT_IE_SESSION_ID, SEC_EVT_FIELD(common, session_id) },
292  { AST_EVENT_IE_LOCAL_ADDR, SEC_EVT_FIELD(common, local_addr) },
293  { AST_EVENT_IE_REMOTE_ADDR, SEC_EVT_FIELD(common, remote_addr) },
294  { AST_EVENT_IE_EXPECTED_ADDR, SEC_EVT_FIELD(unexpected_addr, expected_addr) },
295  { AST_EVENT_IE_END, 0 }
296  },
297  .optional_ies = {
298  { AST_EVENT_IE_MODULE, SEC_EVT_FIELD(common, module) },
299  { AST_EVENT_IE_SESSION_TV, SEC_EVT_FIELD(common, session_tv) },
300  { AST_EVENT_IE_END, 0 }
301  },
302 },
303 
305  .name = "ChallengeResponseFailed",
308  .required_ies = {
309  { AST_EVENT_IE_EVENT_TV, 0 },
310  { AST_EVENT_IE_SEVERITY, 0 },
313  { AST_EVENT_IE_ACCOUNT_ID, SEC_EVT_FIELD(common, account_id) },
314  { AST_EVENT_IE_SESSION_ID, SEC_EVT_FIELD(common, session_id) },
315  { AST_EVENT_IE_LOCAL_ADDR, SEC_EVT_FIELD(common, local_addr) },
316  { AST_EVENT_IE_REMOTE_ADDR, SEC_EVT_FIELD(common, remote_addr) },
317  { AST_EVENT_IE_CHALLENGE, SEC_EVT_FIELD(chal_resp_failed, challenge) },
318  { AST_EVENT_IE_RESPONSE, SEC_EVT_FIELD(chal_resp_failed, response) },
319  { AST_EVENT_IE_EXPECTED_RESPONSE, SEC_EVT_FIELD(chal_resp_failed, expected_response) },
320  { AST_EVENT_IE_END, 0 }
321  },
322  .optional_ies = {
323  { AST_EVENT_IE_MODULE, SEC_EVT_FIELD(common, module) },
324  { AST_EVENT_IE_SESSION_TV, SEC_EVT_FIELD(common, session_tv) },
325  { AST_EVENT_IE_END, 0 }
326  },
327 },
328 
330  .name = "InvalidPassword",
333  .required_ies = {
334  { AST_EVENT_IE_EVENT_TV, 0 },
335  { AST_EVENT_IE_SEVERITY, 0 },
338  { AST_EVENT_IE_ACCOUNT_ID, SEC_EVT_FIELD(common, account_id) },
339  { AST_EVENT_IE_SESSION_ID, SEC_EVT_FIELD(common, session_id) },
340  { AST_EVENT_IE_LOCAL_ADDR, SEC_EVT_FIELD(common, local_addr) },
341  { AST_EVENT_IE_REMOTE_ADDR, SEC_EVT_FIELD(common, remote_addr) },
342  { AST_EVENT_IE_END, 0 }
343  },
344  .optional_ies = {
345  { AST_EVENT_IE_MODULE, SEC_EVT_FIELD(common, module) },
346  { AST_EVENT_IE_SESSION_TV, SEC_EVT_FIELD(common, session_tv) },
347  { AST_EVENT_IE_END, 0 }
348  },
349 },
350 
351 #undef SEC_EVT_FIELD
352 
353 };
354 
355 static const struct {
357  const char *str;
358 } severities[] = {
359  { AST_SECURITY_EVENT_SEVERITY_INFO, "Informational" },
361 };
362 
365 {
366  unsigned int i;
367 
368  for (i = 0; i < ARRAY_LEN(severities); i++) {
369  if (severities[i].severity == severity) {
370  return severities[i].str;
371  }
372  }
373 
374  return NULL;
375 }
376 
377 static int check_event_type(const enum ast_security_event_type event_type)
378 {
379  if (event_type < 0 || event_type >= AST_SECURITY_EVENT_NUM_TYPES) {
380  ast_log(LOG_ERROR, "Invalid security event type %u\n", event_type);
381  return -1;
382  }
383 
384  return 0;
385 }
386 
387 const char *ast_security_event_get_name(const enum ast_security_event_type event_type)
388 {
389  if (check_event_type(event_type)) {
390  return NULL;
391  }
392 
393  return sec_events[event_type].name;
394 }
395 
397  const enum ast_security_event_type event_type)
398 {
399  if (check_event_type(event_type)) {
400  return NULL;
401  }
402 
403  return sec_events[event_type].required_ies;
404 }
405 
407  const enum ast_security_event_type event_type)
408 {
409  if (check_event_type(event_type)) {
410  return NULL;
411  }
412 
413  return sec_events[event_type].optional_ies;
414 }
415 
416 static void encode_timestamp(struct ast_str **str, const struct timeval *tv)
417 {
418  ast_str_set(str, 0, "%u-%u",
419  (unsigned int) tv->tv_sec,
420  (unsigned int) tv->tv_usec);
421 }
422 
423 static struct ast_event *alloc_event(const struct ast_security_event_common *sec)
424 {
425  struct ast_str *str = ast_str_alloca(TIMESTAMP_STR_LEN);
426  struct timeval tv = ast_tvnow();
427  const char *severity_str;
428 
429  if (check_event_type(sec->event_type)) {
430  return NULL;
431  }
432 
433  encode_timestamp(&str, &tv);
434 
435  severity_str = S_OR(
437  "Unknown"
438  );
439 
447 }
448 
449 static int add_timeval_ie(struct ast_event **event, enum ast_event_ie_type ie_type,
450  const struct timeval *tv)
451 {
452  struct ast_str *str = ast_str_alloca(TIMESTAMP_STR_LEN);
453 
454  encode_timestamp(&str, tv);
455 
456  return ast_event_append_ie_str(event, ie_type, ast_str_buffer(str));
457 }
458 
459 static int add_ipv4_ie(struct ast_event **event, enum ast_event_ie_type ie_type,
460  const struct ast_security_event_ipv4_addr *addr)
461 {
462  struct ast_str *str = ast_str_alloca(64);
463 
464  ast_str_set(&str, 0, "IPV4/");
465 
466  switch (addr->transport) {
468  ast_str_append(&str, 0, "UDP/");
469  break;
471  ast_str_append(&str, 0, "TCP/");
472  break;
474  ast_str_append(&str, 0, "TLS/");
475  break;
476  }
477 
478  ast_str_append(&str, 0, "%s/%hu",
479  ast_inet_ntoa(addr->sin->sin_addr),
480  ntohs(addr->sin->sin_port));
481 
482  return ast_event_append_ie_str(event, ie_type, ast_str_buffer(str));
483 }
484 
488 };
489 
490 static int add_ie(struct ast_event **event, const struct ast_security_event_common *sec,
491  const struct ast_security_event_ie_type *ie_type, enum ie_required req)
492 {
493  int res = 0;
494 
495  switch (ie_type->ie_type) {
499  case AST_EVENT_IE_MODULE:
507  {
508  const char *str;
509 
510  str = *((const char **)(((const char *) sec) + ie_type->offset));
511 
512  if (req && !str) {
513  ast_log(LOG_WARNING, "Required IE '%d' for security event "
514  "type '%u' not present\n", ie_type->ie_type,
515  sec->event_type);
516  res = -1;
517  }
518 
519  if (str) {
520  res = ast_event_append_ie_str(event, ie_type->ie_type, str);
521  }
522 
523  break;
524  }
526  {
527  uint32_t val;
528  val = *((const uint32_t *)(((const char *) sec) + ie_type->offset));
529  res = ast_event_append_ie_uint(event, ie_type->ie_type, val);
530  break;
531  }
535  {
536  const struct ast_security_event_ipv4_addr *addr;
537 
538  addr = (const struct ast_security_event_ipv4_addr *)(((const char *) sec) + ie_type->offset);
539 
540  if (req && !addr->sin) {
541  ast_log(LOG_WARNING, "Required IE '%d' for security event "
542  "type '%u' not present\n", ie_type->ie_type,
543  sec->event_type);
544  res = -1;
545  }
546 
547  if (addr->sin) {
548  res = add_ipv4_ie(event, ie_type->ie_type, addr);
549  }
550  break;
551  }
553  {
554  const struct timeval *tval;
555 
556  tval = *((const struct timeval **)(((const char *) sec) + ie_type->offset));
557 
558  if (req && !tval) {
559  ast_log(LOG_WARNING, "Required IE '%d' for security event "
560  "type '%u' not present\n", ie_type->ie_type,
561  sec->event_type);
562  res = -1;
563  }
564 
565  if (tval) {
566  add_timeval_ie(event, ie_type->ie_type, tval);
567  }
568 
569  break;
570  }
573  /* Added automatically, nothing to do here. */
574  break;
575  default:
576  ast_log(LOG_WARNING, "Unhandled IE type '%d', this security event "
577  "will be missing data.\n", ie_type->ie_type);
578  break;
579  }
580 
581  return res;
582 }
583 
585 {
586  struct ast_event *event;
587  const struct ast_security_event_ie_type *ies;
588  unsigned int i;
589 
590  if (!(event = alloc_event(sec))) {
591  return -1;
592  }
593 
594  for (ies = ast_security_event_get_required_ies(sec->event_type), i = 0;
595  ies[i].ie_type != AST_EVENT_IE_END;
596  i++) {
597  if (add_ie(&event, sec, ies + i, REQUIRED)) {
598  goto return_error;
599  }
600  }
601 
602  for (ies = ast_security_event_get_optional_ies(sec->event_type), i = 0;
603  ies[i].ie_type != AST_EVENT_IE_END;
604  i++) {
605  if (add_ie(&event, sec, ies + i, NOT_REQUIRED)) {
606  goto return_error;
607  }
608  }
609 
610 
611  if (ast_event_queue(event)) {
612  goto return_error;
613  }
614 
615  return 0;
616 
617 return_error:
618  if (event) {
619  ast_event_destroy(event);
620  }
621 
622  return -1;
623 }
624 
626 {
627  int res;
628 
629  if (sec->event_type < 0 || sec->event_type >= AST_SECURITY_EVENT_NUM_TYPES) {
630  ast_log(LOG_ERROR, "Invalid security event type\n");
631  return -1;
632  }
633 
634  if (!sec_events[sec->event_type].name) {
635  ast_log(LOG_WARNING, "Security event type %u not handled\n",
636  sec->event_type);
637  return -1;
638  }
639 
640  if (sec->version != sec_events[sec->event_type].version) {
641  ast_log(LOG_WARNING, "Security event %u version mismatch\n",
642  sec->event_type);
643  return -1;
644  }
645 
646  res = handle_security_event(sec);
647 
648  return res;
649 }
650 
651 
ast_security_event_severity
the severity of a security event
int ast_security_event_report(const struct ast_security_event_common *sec)
Report a security event.
An attempt at basic password authentication failed.
An event.
Definition: event.c:85
enum ast_security_event_type event_type
The security event sub-type.
Security Event Reporting API.
uint32_t version
Asterisk main include file. File version handling, generic pbx functions.
ast_security_event_type
Security event types.
#define ARRAY_LEN(a)
Definition: isdn_lib.c:42
FYI FWIW, Successful authentication has occurred.
String manipulation functions.
Definition: ast_expr2.c:325
struct ast_security_event_ie_type * ast_security_event_get_optional_ies(const enum ast_security_event_type event_type)
Get the list of optional IEs for a given security event sub-type.
#define AST_SECURITY_EVENT_REQ_NO_SUPPORT_VERSION
Event descriptor version.
static void encode_timestamp(struct ast_str **str, const struct timeval *tv)
const char * service
Service that generated the event.
#define LOG_WARNING
Definition: logger.h:144
char * ast_str_buffer(const struct ast_str *buf)
Returns the string buffer within the ast_str buf.
Definition: strings.h:497
enum ast_cc_service_type service
Definition: chan_sip.c:821
const char * ast_security_event_severity_get_name(const enum ast_security_event_severity severity)
Get the name of a security event severity.
size_t offset
For internal usage.
The attempted authentication method is not allowed.
int ast_str_append(struct ast_str **buf, ssize_t max_len, const char *fmt,...)
Append to a thread local dynamic string.
Definition: strings.h:900
struct ast_security_event_ie_type optional_ies[MAX_SECURITY_IES]
struct timeval ast_tvnow(void)
Returns current timeval. Meant to replace calls to gettimeofday().
Definition: time.h:142
Common structure elements.
#define ast_str_alloca(init_len)
Definition: strings.h:608
A request was made that is not allowed.
const char * str
Definition: app_jack.c:144
#define AST_SECURITY_EVENT_SUCCESSFUL_AUTH_VERSION
Event descriptor version.
An unexpected source address was seen for a session in progress.
uint32_t version
security event version
#define AST_SECURITY_EVENT_UNEXPECTED_ADDR_VERSION
Event descriptor version.
Informational event, not something that has gone wrong.
struct ast_security_event_ie_type * ast_security_event_get_required_ies(const enum ast_security_event_type event_type)
Get the list of required IEs for a given security event sub-type.
static struct @298 sec_events[AST_SECURITY_EVENT_NUM_TYPES]
static const size_t TIMESTAMP_STR_LEN
enum ast_security_event_transport_type transport
int ast_str_set(struct ast_str **buf, ssize_t max_len, const char *fmt,...)
Set a dynamic string using variable arguments.
Definition: strings.h:874
static int add_ie(struct ast_event **event, const struct ast_security_event_common *sec, const struct ast_security_event_ie_type *ie_type, enum ie_required req)
int ast_event_queue(struct ast_event *event)
Queue an event.
Definition: event.c:1517
ast_event_ie_type
Event Information Element types.
Definition: event_defs.h:62
Request received with bad formatting.
#define AST_SECURITY_EVENT_FAILED_ACL_VERSION
Event descriptor version.
#define AST_SECURITY_EVENT_AUTH_METHOD_NOT_ALLOWED_VERSION
Event descriptor version.
#define AST_SECURITY_EVENT_MEM_LIMIT_VERSION
Event descriptor version.
Wrapper for network related headers, masking differences between various operating systems...
#define AST_SECURITY_EVENT_INVAL_ACCT_ID_VERSION
Event descriptor version.
static struct @299 severities[]
#define LOG_ERROR
Definition: logger.h:155
The descriptor of a dynamic string XXX storage will be optimized later if needed We use the ts field ...
Definition: strings.h:364
#define MAX_SECURITY_IES
static int add_ipv4_ie(struct ast_event **event, enum ast_event_ie_type ie_type, const struct ast_security_event_ipv4_addr *addr)
enum ast_event_ie_type ie_type
Load Average limit reached.
static int add_timeval_ie(struct ast_event **event, enum ast_event_ie_type ie_type, const struct timeval *tv)
An attempt at challenge/response authentication failed.
int ast_event_append_ie_str(struct ast_event **event, enum ast_event_ie_type ie_type, const char *str)
Append an information element that has a string payload.
Definition: event.c:1139
void ast_log(int level, const char *file, int line, const char *function, const char *fmt,...)
Used for sending a log message This is the standard logger function. Probably the only way you will i...
Definition: logger.c:1207
static struct ast_event * alloc_event(const struct ast_security_event_common *sec)
static const char name[]
const char * ast_inet_ntoa(struct in_addr ia)
thread-safe replacement for inet_ntoa().
Definition: utils.c:564
static int handle_security_event(const struct ast_security_event_common *sec)
#define SEC_EVT_FIELD(e, field)
#define AST_SECURITY_EVENT_LOAD_AVG_VERSION
Event descriptor version.
#define AST_SECURITY_EVENT_INVAL_PASSWORD_VERSION
Event descriptor version.
void ast_event_destroy(struct ast_event *event)
Destroy an event.
Definition: event.c:1314
enum ast_security_event_severity severity
struct ast_event * ast_event_new(enum ast_event_type event_type,...)
Create a new event.
Definition: event.c:1202
#define S_OR(a, b)
returns the equivalent of logic or for strings: first one if not empty, otherwise second one...
Definition: strings.h:77
ie_required
#define AST_SECURITY_EVENT_REQ_BAD_FORMAT_VERSION
Event descriptor version.
struct timeval tv
#define AST_SECURITY_EVENT_CHAL_RESP_FAILED_VERSION
Event descriptor version.
static int check_event_type(const enum ast_security_event_type event_type)
struct ast_security_event_ie_type required_ies[MAX_SECURITY_IES]
const char * ast_security_event_get_name(const enum ast_security_event_type event_type)
Get the name of a security event sub-type.
#define AST_SECURITY_EVENT_SESSION_LIMIT_VERSION
Event descriptor version.
int ast_event_append_ie_uint(struct ast_event **event, enum ast_event_ie_type ie_type, uint32_t data)
Append an information element that has an integer payload.
Definition: event.c:1160
#define ASTERISK_FILE_VERSION(file, version)
Register/unregister a source code file with the core.
Definition: asterisk.h:180
#define AST_SECURITY_EVENT_REQ_NOT_ALLOWED_VERSION
Event descriptor version.
A request was made that we understand, but do not support.