Asterisk
/
asterisk
mirror of https://github.com/asterisk/asterisk
1
0
Fork 0
Code Issues Releases Wiki Activity

Merged revisions 337595,337597 via svnmerge from

Browse Source 
https://origsvn.digium.com/svn/asterisk/branches/10

........
  r337595 | jrose | 2011-09-22 10:35:50 -0500 (Thu, 22 Sep 2011) | 12 lines
  
  Generate Security events in chan_sip using new Security Events Framework
  
  Security Events Framework was added in 1.8 and support was added for AMI to generate
  events at that time. This patch adds support for chan_sip to generate security events.
  
  (closes issue ASTERISK-18264)
  Reported by: Michael L. Young
  Patches:
       security_events_chan_sip_v4.patch (license #5026) by Michael L. Young
  Review: https://reviewboard.asterisk.org/r/1362/
........
  r337597 | jrose | 2011-09-22 10:47:05 -0500 (Thu, 22 Sep 2011) | 10 lines
  
  Forgot to svn add new files to r337595
  
  Part of Generating security events for chan_sip
  
  (issue ASTERISK-18264)
  Reported by: Michael L. Young
  Patches:
      security_events_chan_sip_v4.patch (License #5026) by Michael L. Young
  Reviewboard: https://reviewboard.asterisk.org/r/1362/
........


git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@337600 65c4cc65-6c06-0410-ace0-fbb531ad65f3
certified/11.2
Jonathan Rose 14 years ago
parent 8a74aa9ef9
commit 5982bdcb7c
10 changed files with 999 additions and 349 deletions
Show Stats Download Patch File Download Diff File

1
CHANGES
Unescape View File

@ -214,6 +214,7 @@ SIP Changes
-----------
* Add T38 support for REJECTED state where T.38 Negotiation is explicitly rejected.
* Add option encryption_taglen to set auth taglen only 32 and 80 are supported currently.
* SIP now generates security events using the Security Events Framework for REGISTER and INVITE.
Queue changes
-------------

717
channels/chan_sip.c
View File

File diff suppressed because it is too large Load Diff

43
channels/sip/include/security_events.h
Unescape View File

@ -0,0 +1,43 @@
/*
* Asterisk -- An open source telephony toolkit.
*
* Copyright (C) 2011, Digium, Inc.
*
* Michael L. Young <elgueromexicano@gmail.com>
*
* See http://www.asterisk.org for more information about
* the Asterisk project. Please do not directly contact
* any of the maintainers of this project for assistance;
* the project provides a web site, mailing lists and IRC
* channels for your use.
*
* This program is free software, distributed under the terms of
* the GNU General Public License Version 2. See the LICENSE file
* at the top of the source tree.
*/
/*!
* \file
*
* \brief Generate security events in the SIP channel
*
* \author Michael L. Young <elgueromexicano@gmail.com>
*/
#include "sip.h"
#ifndef _SIP_SECURITY_EVENTS_H
#define _SIP_SECURITY_EVENTS_H
void sip_report_invalid_peer(const struct sip_pvt *p);
void sip_report_failed_acl(const struct sip_pvt *p, const char *aclname);
void sip_report_inval_password(const struct sip_pvt *p, const char *responsechallenge, const char *responsehash);
void sip_report_auth_success(const struct sip_pvt *p, uint32_t *using_password);
void sip_report_session_limit(const struct sip_pvt *p);
void sip_report_failed_challenge_response(const struct sip_pvt *p, const char *response, const char *expected_response);
void sip_report_chal_sent(const struct sip_pvt *p);
void sip_report_inval_transport(const struct sip_pvt *p, const char *transport);
void sip_digest_parser(char *c, struct digestkeys *keys);
int sip_report_security_event(const struct sip_pvt *p, const struct sip_request *req, const int res);
#endif

46
channels/sip/include/sip.h
Unescape View File

@ -33,6 +33,7 @@
#include "asterisk/app.h"
#include "asterisk/astobj.h"
#include "asterisk/indications.h"
#include "asterisk/security_events.h"
#ifndef FALSE
#define FALSE 0
@ -42,7 +43,7 @@
#define TRUE 1
#endif
/* Arguments for find_peer */
/* Arguments for sip_find_peer */
#define FINDUSERS (1 << 0)
#define FINDPEERS (1 << 1)
#define FINDALLDEVICES (FINDUSERS | FINDPEERS)
@ -359,6 +360,8 @@
#define SIP_PAGE3_FLAGS_TO_COPY \
(SIP_PAGE3_SNOM_AOC | SIP_PAGE3_SRTP_TAG_32)
#define CHECK_AUTH_BUF_INITLEN 256
/*@}*/
/*----------------------------------------------------------*/
@ -381,6 +384,19 @@ enum sip_result {
AST_FAILURE = -1, /*!< Failure code */
};
/*! \brief The results from handling an invite request
*
* \note Start at these values so we do not conflict with
* check_auth_results values when returning from
* handle_request_invite. check_auth_results only returned during
* authentication routines
* */
enum inv_req_result {
INV_REQ_SUCCESS = 11, /*!< Success code */
INV_REQ_FAILED = 10, /*!< Failure code */
INV_REQ_ERROR = 9, /*!< Error code */
};
/*! \brief States for the INVITE transaction, not the dialog
* \note this is for the INVITE that sets up the dialog
*/
@ -472,7 +488,8 @@ enum check_auth_result {
AUTH_PEER_NOT_DYNAMIC = -6,
AUTH_ACL_FAILED = -7,
AUTH_BAD_TRANSPORT = -8,
AUTH_RTP_FAILED = 9,
AUTH_RTP_FAILED = -9,
AUTH_SESSION_LIMIT = -10,
};
/*! \brief States for outbound registrations (with register= lines in sip.conf */
@ -633,6 +650,13 @@ enum sip_tcptls_alert {
TCPTLS_ALERT_STOP, /*!< \brief A request to stop the tcp_handler thread */
};
enum digest_keys {
K_RESP,
K_URI,
K_USER,
K_NONCE,
K_LAST
};
/*----------------------------------------------------------*/
/*---- STRUCTS ----*/
@ -1797,4 +1821,22 @@ static const struct cfsip_options {
{ SIP_OPT_TARGET_DIALOG,NOT_SUPPORTED, "tdialog" },
};
struct digestkeys {
const char *key;
const char *s;
};
AST_THREADSTORAGE(check_auth_buf);
/*----------------------------------------------------------*/
/*---- FUNCTIONS ----*/
/*----------------------------------------------------------*/
struct sip_peer *sip_find_peer(const char *peer, struct ast_sockaddr *addr, int realtime, int which_objects, int devstate_only, int transport);
void sip_auth_headers(enum sip_auth_type code, char **header, char **respheader);
const char *sip_get_header(const struct sip_request *req, const char *name);
const char *sip_get_transport(enum sip_transport t);
void *sip_unref_peer(struct sip_peer *peer, char *tag);
struct sip_peer *sip_ref_peer(struct sip_peer *peer, char *tag);
#endif

398
channels/sip/security_events.c
Unescape View File

@ -0,0 +1,398 @@
/*
* Asterisk -- An open source telephony toolkit.
*
* Copyright (C) 2011, Digium, Inc.
*
* Michael L. Young <elgueromexicano@gmail.com>
*
* See http://www.asterisk.org for more information about
* the Asterisk project. Please do not directly contact
* any of the maintainers of this project for assistance;
* the project provides a web site, mailing lists and IRC
* channels for your use.
*
* This program is free software, distributed under the terms of
* the GNU General Public License Version 2. See the LICENSE file
* at the top of the source tree.
*/
/*!
* \file
*
* \brief Generate security events in the SIP channel
*
* \author Michael L. Young <elgueromexicano@gmail.com>
*/
#include "asterisk.h"
ASTERISK_FILE_VERSION(__FILE__, "$Revision$")
#include "include/sip.h"
#include "include/security_events.h"
/*! \brief Determine transport type used to receive request*/
static enum ast_security_event_transport_type security_event_get_transport(const struct sip_pvt *p)
{
int res = 0;
switch (p->socket.type) {
case SIP_TRANSPORT_UDP:
return AST_SECURITY_EVENT_TRANSPORT_UDP;
case SIP_TRANSPORT_TCP:
return AST_SECURITY_EVENT_TRANSPORT_TCP;
case SIP_TRANSPORT_TLS:
return AST_SECURITY_EVENT_TRANSPORT_TLS;
}
return res;
}
static struct sockaddr_in *security_event_encode_sin_local(const struct sip_pvt *p, struct sockaddr_in *sin_local)
{
ast_sockaddr_to_sin(&p->ourip, sin_local);
return sin_local;
}
static struct sockaddr_in *security_event_encode_sin_remote(const struct sip_pvt *p, struct sockaddr_in *sin_remote)
{
ast_sockaddr_to_sin(&p->sa, sin_remote);
return sin_remote;
}
void sip_report_invalid_peer(const struct sip_pvt *p)
{
char session_id[32];
struct sockaddr_in sin_local;
struct sockaddr_in sin_remote;
struct ast_security_event_inval_acct_id inval_acct_id = {
.common.event_type = AST_SECURITY_EVENT_INVAL_ACCT_ID,
.common.version = AST_SECURITY_EVENT_INVAL_ACCT_ID_VERSION,
.common.service = "SIP",
.common.account_id = p->exten,
.common.local_addr = {
.sin = security_event_encode_sin_local(p, &sin_local),
.transport = security_event_get_transport(p)
},
.common.remote_addr = {
.sin = security_event_encode_sin_remote(p, &sin_remote),
.transport = security_event_get_transport(p)
},
.common.session_id = session_id,
};
snprintf(session_id, sizeof(session_id), "%p", p);
ast_security_event_report(AST_SEC_EVT(&inval_acct_id));
}
void sip_report_failed_acl(const struct sip_pvt *p, const char *aclname)
{
char session_id[32];
struct sockaddr_in sin_local;
struct sockaddr_in sin_remote;
struct ast_security_event_failed_acl failed_acl_event = {
.common.event_type = AST_SECURITY_EVENT_FAILED_ACL,
.common.version = AST_SECURITY_EVENT_FAILED_ACL_VERSION,
.common.service = "SIP",
.common.account_id = p->exten,
.common.local_addr = {
.sin = security_event_encode_sin_local(p, &sin_local),
.transport = security_event_get_transport(p)
},
.common.remote_addr = {
.sin = security_event_encode_sin_remote(p, &sin_remote),
.transport = security_event_get_transport(p)
},
.common.session_id = session_id,
.acl_name = aclname,
};
snprintf(session_id, sizeof(session_id), "%p", p);
ast_security_event_report(AST_SEC_EVT(&failed_acl_event));
}
void sip_report_inval_password(const struct sip_pvt *p, const char *response_challenge, const char *response_hash)
{
char session_id[32];
struct sockaddr_in sin_local;
struct sockaddr_in sin_remote;
struct ast_security_event_inval_password inval_password = {
.common.event_type = AST_SECURITY_EVENT_INVAL_PASSWORD,
.common.version = AST_SECURITY_EVENT_INVAL_PASSWORD_VERSION,
.common.service = "SIP",
.common.account_id = p->exten,
.common.local_addr = {
.sin = security_event_encode_sin_local(p, &sin_local),
.transport = security_event_get_transport(p)
},
.common.remote_addr = {
.sin = security_event_encode_sin_remote(p, &sin_remote),
.transport = security_event_get_transport(p)
},
.common.session_id = session_id,
.challenge = p->randdata,
.received_challenge = response_challenge,
.received_hash = response_hash,
};
snprintf(session_id, sizeof(session_id), "%p", p);
ast_security_event_report(AST_SEC_EVT(&inval_password));
}
void sip_report_auth_success(const struct sip_pvt *p, uint32_t *using_password)
{
char session_id[32];
struct sockaddr_in sin_local;
struct sockaddr_in sin_remote;
struct ast_security_event_successful_auth successful_auth = {
.common.event_type = AST_SECURITY_EVENT_SUCCESSFUL_AUTH,
.common.version = AST_SECURITY_EVENT_SUCCESSFUL_AUTH_VERSION,
.common.service = "SIP",
.common.account_id = p->exten,
.common.local_addr = {
.sin = security_event_encode_sin_local(p, &sin_local),
.transport = security_event_get_transport(p)
},
.common.remote_addr = {
.sin = security_event_encode_sin_remote(p, &sin_remote),
.transport = security_event_get_transport(p)
},
.common.session_id = session_id,
.using_password = using_password,
};
snprintf(session_id, sizeof(session_id), "%p", p);
ast_security_event_report(AST_SEC_EVT(&successful_auth));
}
void sip_report_session_limit(const struct sip_pvt *p)
{
char session_id[32];
struct sockaddr_in sin_local;
struct sockaddr_in sin_remote;
struct ast_security_event_session_limit session_limit = {
.common.event_type = AST_SECURITY_EVENT_SESSION_LIMIT,
.common.version = AST_SECURITY_EVENT_SESSION_LIMIT_VERSION,
.common.service = "SIP",
.common.account_id = p->exten,
.common.local_addr = {
.sin = security_event_encode_sin_local(p, &sin_local),
.transport = security_event_get_transport(p)
},
.common.remote_addr = {
.sin = security_event_encode_sin_remote(p, &sin_remote),
.transport = security_event_get_transport(p)
},
.common.session_id = session_id,
};
snprintf(session_id, sizeof(session_id), "%p", p);
ast_security_event_report(AST_SEC_EVT(&session_limit));
}
void sip_report_failed_challenge_response(const struct sip_pvt *p, const char *response, const char *expected_response)
{
char session_id[32];
struct sockaddr_in sin_local;
struct sockaddr_in sin_remote;
char account_id[256];
struct ast_security_event_chal_resp_failed chal_resp_failed = {
.common.event_type = AST_SECURITY_EVENT_CHAL_RESP_FAILED,
.common.version = AST_SECURITY_EVENT_CHAL_RESP_FAILED_VERSION,
.common.service = "SIP",
.common.account_id = account_id,
.common.local_addr = {
.sin = security_event_encode_sin_local(p, &sin_local),
.transport = security_event_get_transport(p)
},
.common.remote_addr = {
.sin = security_event_encode_sin_remote(p, &sin_remote),
.transport = security_event_get_transport(p)
},
.common.session_id = session_id,
.challenge = p->randdata,
.response = response,
.expected_response = expected_response,
};
if (!ast_strlen_zero(p->from)) { /* When dialing, show account making call */
ast_copy_string(account_id, p->from, sizeof(account_id));
} else {
ast_copy_string(account_id, p->exten, sizeof(account_id));
}
snprintf(session_id, sizeof(session_id), "%p", p);
ast_security_event_report(AST_SEC_EVT(&chal_resp_failed));
}
void sip_report_chal_sent(const struct sip_pvt *p)
{
char session_id[32];
struct sockaddr_in sin_local;
struct sockaddr_in sin_remote;
char account_id[256];
struct ast_security_event_chal_sent chal_sent = {
.common.event_type = AST_SECURITY_EVENT_CHAL_SENT,
.common.version = AST_SECURITY_EVENT_CHAL_SENT_VERSION,
.common.service = "SIP",
.common.account_id = account_id,
.common.local_addr = {
.sin = security_event_encode_sin_local(p, &sin_local),
.transport = security_event_get_transport(p)
},
.common.remote_addr = {
.sin = security_event_encode_sin_remote(p, &sin_remote),
.transport = security_event_get_transport(p)
},
.common.session_id = session_id,
.challenge = p->randdata,
};
if (!ast_strlen_zero(p->from)) { /* When dialing, show account making call */
ast_copy_string(account_id, p->from, sizeof(account_id));
} else {
ast_copy_string(account_id, p->exten, sizeof(account_id));
}
snprintf(session_id, sizeof(session_id), "%p", p);
ast_security_event_report(AST_SEC_EVT(&chal_sent));
}
void sip_report_inval_transport(const struct sip_pvt *p, const char *transport)
{
char session_id[32];
struct sockaddr_in sin_local;
struct sockaddr_in sin_remote;
struct ast_security_event_inval_transport inval_transport = {
.common.event_type = AST_SECURITY_EVENT_INVAL_TRANSPORT,
.common.version = AST_SECURITY_EVENT_INVAL_TRANSPORT_VERSION,
.common.service = "SIP",
.common.account_id = p->exten,
.common.local_addr = {
.sin = security_event_encode_sin_local(p, &sin_local),
.transport = security_event_get_transport(p)
},
.common.remote_addr = {
.sin = security_event_encode_sin_remote(p, &sin_remote),
.transport = security_event_get_transport(p)
},
.common.session_id = session_id,
.transport = transport,
};
snprintf(session_id, sizeof(session_id), "%p", p);
ast_security_event_report(AST_SEC_EVT(&inval_transport));
}
int sip_report_security_event(const struct sip_pvt *p, const struct sip_request *req, const int res) {
struct sip_peer *peer_report;
enum check_auth_result res_report = res;
struct ast_str *buf;
char *c;
const char *authtoken;
char *reqheader, *respheader;
int result = 0;
char aclname[256];
struct digestkeys keys[] = {
[K_RESP] = { "response=", "" },
[K_URI] = { "uri=", "" },
[K_USER] = { "username=", "" },
[K_NONCE] = { "nonce=", "" },
[K_LAST] = { NULL, NULL}
};
peer_report = sip_find_peer(p->exten, NULL, TRUE, FINDPEERS, FALSE, 0);
switch(res_report) {
case AUTH_DONT_KNOW:
break;
case AUTH_SUCCESSFUL:
if (peer_report) {
if (ast_strlen_zero(peer_report->secret) && ast_strlen_zero(peer_report->md5secret)) {
sip_report_auth_success(p, (uint32_t *) 0);
} else {
sip_report_auth_success(p, (uint32_t *) 1);
}
}
break;
case AUTH_CHALLENGE_SENT:
sip_report_chal_sent(p);
break;
case AUTH_SECRET_FAILED:
case AUTH_USERNAME_MISMATCH:
sip_auth_headers(WWW_AUTH, &respheader, &reqheader);
authtoken = sip_get_header(req, reqheader);
buf = ast_str_thread_get(&check_auth_buf, CHECK_AUTH_BUF_INITLEN);
ast_str_set(&buf, 0, "%s", authtoken);
c = buf->str;
sip_digest_parser(c, keys);
if (res_report == AUTH_SECRET_FAILED) {
sip_report_inval_password(p, keys[K_NONCE].s, keys[K_RESP].s);
} else {
if (peer_report) {
sip_report_failed_challenge_response(p, keys[K_USER].s, peer_report->username);
}
}
break;
case AUTH_NOT_FOUND:
/* with sip_cfg.alwaysauthreject on, generates 2 events */
sip_report_invalid_peer(p);
break;
case AUTH_FAKE_AUTH:
break;
case AUTH_UNKNOWN_DOMAIN:
snprintf(aclname, sizeof(aclname), "domain_must_match");
sip_report_failed_acl(p, aclname);
break;
case AUTH_PEER_NOT_DYNAMIC:
snprintf(aclname, sizeof(aclname), "peer_not_dynamic");
sip_report_failed_acl(p, aclname);
break;
case AUTH_ACL_FAILED:
/* with sip_cfg.alwaysauthreject on, generates 2 events */
snprintf(aclname, sizeof(aclname), "device_must_match_acl");
sip_report_failed_acl(p, aclname);
break;
case AUTH_BAD_TRANSPORT:
sip_report_inval_transport(p, sip_get_transport(req->socket.type));
break;
case AUTH_RTP_FAILED:
break;
case AUTH_SESSION_LIMIT:
sip_report_session_limit(p);
break;
}
if (peer_report) {
sip_unref_peer(peer_report, "sip_report_security_event: sip_unref_peer: from handle_incoming");
}
return result;
}

2
configs/logger.conf.sample
Unescape View File

@ -76,6 +76,7 @@
; verbose
; dtmf
; fax
; security
;
; Special filename "console" represents the system console
;
@ -104,6 +105,7 @@
; you are in the process of debugging a specific issue.
;
;debug => debug
;security => security
console => notice,warning,error
;console => notice,warning,error,debug
messages => notice,warning,error

7
include/asterisk/event_defs.h
Unescape View File

@ -283,8 +283,13 @@ enum ast_event_ie_type {
AST_EVENT_IE_CHALLENGE = 0x0032,
AST_EVENT_IE_RESPONSE = 0x0033,
AST_EVENT_IE_EXPECTED_RESPONSE = 0x0034,
AST_EVENT_IE_RECEIVED_CHALLENGE = 0x0035,
AST_EVENT_IE_RECEIVED_HASH = 0x0036,
AST_EVENT_IE_USING_PASSWORD = 0x0037,
AST_EVENT_IE_ATTEMPTED_TRANSPORT = 0x0038,
/*! \brief Must be the last IE value +1 */
AST_EVENT_IE_TOTAL = 0x0035,
AST_EVENT_IE_TOTAL = 0x0039,
};
/*!

76
include/asterisk/security_events_defs.h
Unescape View File

@ -111,7 +111,17 @@ enum ast_security_event_type {
* \brief An attempt at basic password authentication failed
*/
AST_SECURITY_EVENT_INVAL_PASSWORD,
/* \brief This _must_ stay at the end. */
/*!
* \brief Challenge was sent out, informational
*/
AST_SECURITY_EVENT_CHAL_SENT,
/*!
* \brief An attempt to contact a peer on an invalid transport.
*/
AST_SECURITY_EVENT_INVAL_TRANSPORT,
/*!
* \brief This _must_ stay at the end.
*/
AST_SECURITY_EVENT_NUM_TYPES
};
@ -393,6 +403,11 @@ struct ast_security_event_successful_auth {
* \note Account ID required
*/
struct ast_security_event_common common;
/*!
* \brief Using password - if a password was used or not
* \note required, 0 = no, 1 = yes
*/
uint32_t *using_password;
};
/*!
@ -455,12 +470,69 @@ struct ast_security_event_inval_password {
* \brief Event descriptor version
* \note This _must_ be changed if this event descriptor is changed.
*/
#define AST_SECURITY_EVENT_INVAL_PASSWORD_VERSION 1
#define AST_SECURITY_EVENT_INVAL_PASSWORD_VERSION 2
/*!
* \brief Common security event descriptor elements
* \note Account ID required
*/
struct ast_security_event_common common;
/*!
* \brief Challenge provided
* \note required
*/
const char *challenge;
/*!
* \brief Challenge received
* \note required
*/
const char *received_challenge;
/*!
* \brief Hash received
* \note required
*/
const char *received_hash;
};
/*!
* \brief A challenge was sent out
*/
struct ast_security_event_chal_sent {
/*!
* \brief Event descriptor version
* \note This _must_ be changed if this event descriptor is changed.
*/
#define AST_SECURITY_EVENT_CHAL_SENT_VERSION 1
/*!
* \brief Common security event descriptor elements
* \note Account ID required
*/
struct ast_security_event_common common;
/*!
* \brief Challenge sent
* \note required
*/
const char *challenge;
};
/*!
* \brief Attempt to contact peer on invalid transport
*/
struct ast_security_event_inval_transport {
/*!
* \brief Event descriptor version
* \note This _must_ be changed if this event descriptor is changed.
*/
#define AST_SECURITY_EVENT_INVAL_TRANSPORT_VERSION 1
/*!
* \brief Common security event descriptor elements
* \note Account ID required
*/
struct ast_security_event_common common;
/*!
* \brief Attempted transport
* \note required
*/
const char *transport;
};
#if defined(__cplusplus) || defined(c_plusplus)

4
main/event.c
Unescape View File

@ -264,6 +264,10 @@ static const struct ie_map {
[AST_EVENT_IE_CHALLENGE] = { AST_EVENT_IE_PLTYPE_STR, "Challenge" },
[AST_EVENT_IE_RESPONSE] = { AST_EVENT_IE_PLTYPE_STR, "Response" },
[AST_EVENT_IE_EXPECTED_RESPONSE] = { AST_EVENT_IE_PLTYPE_STR, "ExpectedResponse" },
[AST_EVENT_IE_RECEIVED_CHALLENGE] = { AST_EVENT_IE_PLTYPE_STR, "ReceivedChallenge" },
[AST_EVENT_IE_RECEIVED_HASH] = { AST_EVENT_IE_PLTYPE_STR, "ReceivedHash" },
[AST_EVENT_IE_USING_PASSWORD] = { AST_EVENT_IE_PLTYPE_UINT, "UsingPassword" },
};
const char *ast_event_get_type_name(const struct ast_event *event)

54
main/security_events.c
Unescape View File

@ -265,6 +265,7 @@ static const struct {
{ AST_EVENT_IE_SESSION_ID, SEC_EVT_FIELD(common, session_id) },
{ AST_EVENT_IE_LOCAL_ADDR, SEC_EVT_FIELD(common, local_addr) },
{ AST_EVENT_IE_REMOTE_ADDR, SEC_EVT_FIELD(common, remote_addr) },
{ AST_EVENT_IE_USING_PASSWORD, SEC_EVT_FIELD(successful_auth, using_password) },
{ AST_EVENT_IE_END, 0 }
},
.optional_ies = {
@ -335,6 +336,55 @@ static const struct {
{ AST_EVENT_IE_SESSION_ID, SEC_EVT_FIELD(common, session_id) },
{ AST_EVENT_IE_LOCAL_ADDR, SEC_EVT_FIELD(common, local_addr) },
{ AST_EVENT_IE_REMOTE_ADDR, SEC_EVT_FIELD(common, remote_addr) },
{ AST_EVENT_IE_CHALLENGE, SEC_EVT_FIELD(inval_password, challenge) },
{ AST_EVENT_IE_RECEIVED_CHALLENGE, SEC_EVT_FIELD(inval_password, received_challenge) },
{ AST_EVENT_IE_RECEIVED_HASH, SEC_EVT_FIELD(inval_password, received_hash) },
{ AST_EVENT_IE_END, 0 }
},
.optional_ies = {
{ AST_EVENT_IE_MODULE, SEC_EVT_FIELD(common, module) },
{ AST_EVENT_IE_SESSION_TV, SEC_EVT_FIELD(common, session_tv) },
{ AST_EVENT_IE_END, 0 }
},
},
[AST_SECURITY_EVENT_CHAL_SENT] = {
.name = "ChallengeSent",
.version = AST_SECURITY_EVENT_CHAL_SENT_VERSION,
.severity = AST_SECURITY_EVENT_SEVERITY_INFO,
.required_ies = {
{ AST_EVENT_IE_EVENT_TV, 0 },
{ AST_EVENT_IE_SEVERITY, 0 },
{ AST_EVENT_IE_SERVICE, SEC_EVT_FIELD(common, service) },
{ AST_EVENT_IE_EVENT_VERSION, SEC_EVT_FIELD(common, version) },
{ AST_EVENT_IE_ACCOUNT_ID, SEC_EVT_FIELD(common, account_id) },
{ AST_EVENT_IE_SESSION_ID, SEC_EVT_FIELD(common, session_id) },
{ AST_EVENT_IE_LOCAL_ADDR, SEC_EVT_FIELD(common, local_addr) },
{ AST_EVENT_IE_REMOTE_ADDR, SEC_EVT_FIELD(common, remote_addr) },
{ AST_EVENT_IE_CHALLENGE, SEC_EVT_FIELD(chal_sent, challenge) },
{ AST_EVENT_IE_END, 0 }
},
.optional_ies = {
{ AST_EVENT_IE_MODULE, SEC_EVT_FIELD(common, module) },
{ AST_EVENT_IE_SESSION_TV, SEC_EVT_FIELD(common, session_tv) },
{ AST_EVENT_IE_END, 0 }
},
},
[AST_SECURITY_EVENT_INVAL_TRANSPORT] = {
.name = "InvalidTransport",
.version = AST_SECURITY_EVENT_INVAL_TRANSPORT_VERSION,
.severity = AST_SECURITY_EVENT_SEVERITY_ERROR,
.required_ies = {
{ AST_EVENT_IE_EVENT_TV, 0 },
{ AST_EVENT_IE_SEVERITY, 0 },
{ AST_EVENT_IE_SERVICE, SEC_EVT_FIELD(common, service) },
{ AST_EVENT_IE_EVENT_VERSION, SEC_EVT_FIELD(common, version) },
{ AST_EVENT_IE_ACCOUNT_ID, SEC_EVT_FIELD(common, account_id) },
{ AST_EVENT_IE_SESSION_ID, SEC_EVT_FIELD(common, session_id) },
{ AST_EVENT_IE_LOCAL_ADDR, SEC_EVT_FIELD(common, local_addr) },
{ AST_EVENT_IE_REMOTE_ADDR, SEC_EVT_FIELD(common, remote_addr) },
{ AST_EVENT_IE_ATTEMPTED_TRANSPORT, SEC_EVT_FIELD(inval_transport, transport) },
{ AST_EVENT_IE_END, 0 }
},
.optional_ies = {
@ -500,6 +550,9 @@ static int add_ie(struct ast_event **event, const struct ast_security_event_comm
case AST_EVENT_IE_CHALLENGE:
case AST_EVENT_IE_RESPONSE:
case AST_EVENT_IE_EXPECTED_RESPONSE:
case AST_EVENT_IE_RECEIVED_CHALLENGE:
case AST_EVENT_IE_RECEIVED_HASH:
case AST_EVENT_IE_ATTEMPTED_TRANSPORT:
{
const char *str;
@ -519,6 +572,7 @@ static int add_ie(struct ast_event **event, const struct ast_security_event_comm
break;
}
case AST_EVENT_IE_EVENT_VERSION:
case AST_EVENT_IE_USING_PASSWORD:
{
uint32_t val;
val = *((const uint32_t *)(((const char *) sec) + ie_type->offset));

Write Preview
Loading…
Cancel
Save