Asterisk - The Open Source Telephony Project GIT-master-754dea3
All Data Structures Namespaces Files Functions Variables Typedefs Enumerations Enumerator Properties Macros Modules Pages
main/security_events.c
Go to the documentation of this file.
1/*
2 * Asterisk -- An open source telephony toolkit.
3 *
4 * Copyright (C) 2012, Digium, Inc.
5 *
6 * Russell Bryant <russell@digium.com>
7 *
8 * See http://www.asterisk.org for more information about
9 * the Asterisk project. Please do not directly contact
10 * any of the maintainers of this project for assistance;
11 * the project provides a web site, mailing lists and IRC
12 * channels for your use.
13 *
14 * This program is free software, distributed under the terms of
15 * the GNU General Public License Version 2. See the LICENSE file
16 * at the top of the source tree.
17 */
18
19/*!
20 * \file
21 *
22 * \brief Security Event Reporting Helpers
23 *
24 * \author Russell Bryant <russell@digium.com>
25 */
26
27/*** MODULEINFO
28 <support_level>core</support_level>
29 ***/
30
31/*** DOCUMENTATION
32 <managerEvent language="en_US" name="FailedACL">
33 <managerEventInstance class="EVENT_FLAG_SECURITY">
34 <since>
35 <version>12.1.0</version>
36 </since>
37 <synopsis>Raised when a request violates an ACL check.</synopsis>
38 <syntax>
39 <parameter name="EventTV">
40 <para>The time the event was detected.</para>
41 </parameter>
42 <parameter name="Severity">
43 <para>A relative severity of the security event.</para>
44 <enumlist>
45 <enum name="Informational"/>
46 <enum name="Error"/>
47 </enumlist>
48 </parameter>
49 <parameter name="Service">
50 <para>The Asterisk service that raised the security event.</para>
51 </parameter>
52 <parameter name="EventVersion">
53 <para>The version of this event.</para>
54 </parameter>
55 <parameter name="AccountID">
56 <para>The Service account associated with the security event
57 notification.</para>
58 </parameter>
59 <parameter name="SessionID">
60 <para>A unique identifier for the session in the service
61 that raised the event.</para>
62 </parameter>
63 <parameter name="LocalAddress">
64 <para>The address of the Asterisk service that raised the
65 security event.</para>
66 </parameter>
67 <parameter name="RemoteAddress">
68 <para>The remote address of the entity that caused the
69 security event to be raised.</para>
70 </parameter>
71 <parameter name="Module" required="false">
72 <para>If available, the name of the module that raised the event.</para>
73 </parameter>
74 <parameter name="ACLName" required="false">
75 <para>If available, the name of the ACL that failed.</para>
76 </parameter>
77 <parameter name="SessionTV" required="false">
78 <para>The timestamp reported by the session.</para>
79 </parameter>
80 </syntax>
81 </managerEventInstance>
82 </managerEvent>
83 <managerEvent language="en_US" name="InvalidAccountID">
84 <managerEventInstance class="EVENT_FLAG_SECURITY">
85 <since>
86 <version>12.1.0</version>
87 </since>
88 <synopsis>Raised when a request fails an authentication check due to an invalid account ID.</synopsis>
89 <syntax>
90 <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='EventTV'])" />
91 <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='Severity'])" />
92 <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='Service'])" />
93 <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='EventVersion'])" />
94 <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='AccountID'])" />
95 <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='SessionID'])" />
96 <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='LocalAddress'])" />
97 <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='RemoteAddress'])" />
98 <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='Module'])" />
99 <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='SessionTV'])" />
100 </syntax>
101 </managerEventInstance>
102 </managerEvent>
103 <managerEvent language="en_US" name="SessionLimit">
104 <managerEventInstance class="EVENT_FLAG_SECURITY">
105 <since>
106 <version>12.1.0</version>
107 </since>
108 <synopsis>Raised when a request fails due to exceeding the number of allowed concurrent sessions for that service.</synopsis>
109 <syntax>
110 <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='EventTV'])" />
111 <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='Severity'])" />
112 <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='Service'])" />
113 <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='EventVersion'])" />
114 <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='AccountID'])" />
115 <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='SessionID'])" />
116 <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='LocalAddress'])" />
117 <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='RemoteAddress'])" />
118 <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='Module'])" />
119 <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='SessionTV'])" />
120 </syntax>
121 </managerEventInstance>
122 </managerEvent>
123 <managerEvent language="en_US" name="MemoryLimit">
124 <managerEventInstance class="EVENT_FLAG_SECURITY">
125 <since>
126 <version>12.1.0</version>
127 </since>
128 <synopsis>Raised when a request fails due to an internal memory allocation failure.</synopsis>
129 <syntax>
130 <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='EventTV'])" />
131 <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='Severity'])" />
132 <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='Service'])" />
133 <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='EventVersion'])" />
134 <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='AccountID'])" />
135 <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='SessionID'])" />
136 <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='LocalAddress'])" />
137 <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='RemoteAddress'])" />
138 <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='Module'])" />
139 <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='SessionTV'])" />
140 </syntax>
141 </managerEventInstance>
142 </managerEvent>
143 <managerEvent language="en_US" name="LoadAverageLimit">
144 <managerEventInstance class="EVENT_FLAG_SECURITY">
145 <since>
146 <version>12.1.0</version>
147 </since>
148 <synopsis>Raised when a request fails because a configured load average limit has been reached.</synopsis>
149 <syntax>
150 <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='EventTV'])" />
151 <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='Severity'])" />
152 <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='Service'])" />
153 <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='EventVersion'])" />
154 <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='AccountID'])" />
155 <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='SessionID'])" />
156 <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='LocalAddress'])" />
157 <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='RemoteAddress'])" />
158 <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='Module'])" />
159 <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='SessionTV'])" />
160 </syntax>
161 </managerEventInstance>
162 </managerEvent>
163 <managerEvent language="en_US" name="RequestNotSupported">
164 <managerEventInstance class="EVENT_FLAG_SECURITY">
165 <since>
166 <version>12.1.0</version>
167 </since>
168 <synopsis>Raised when a request fails due to some aspect of the requested item not being supported by the service.</synopsis>
169 <syntax>
170 <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='EventTV'])" />
171 <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='Severity'])" />
172 <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='Service'])" />
173 <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='EventVersion'])" />
174 <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='AccountID'])" />
175 <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='SessionID'])" />
176 <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='LocalAddress'])" />
177 <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='RemoteAddress'])" />
178 <parameter name="RequestType">
179 <para>The type of request attempted.</para>
180 </parameter>
181 <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='Module'])" />
182 <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='SessionTV'])" />
183 </syntax>
184 </managerEventInstance>
185 </managerEvent>
186 <managerEvent language="en_US" name="RequestNotAllowed">
187 <managerEventInstance class="EVENT_FLAG_SECURITY">
188 <since>
189 <version>12.1.0</version>
190 </since>
191 <synopsis>Raised when a request is not allowed by the service.</synopsis>
192 <syntax>
193 <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='EventTV'])" />
194 <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='Severity'])" />
195 <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='Service'])" />
196 <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='EventVersion'])" />
197 <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='AccountID'])" />
198 <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='SessionID'])" />
199 <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='LocalAddress'])" />
200 <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='RemoteAddress'])" />
201 <xi:include xpointer="xpointer(/docs/managerEvent[@name='RequestNotSupported']/managerEventInstance/syntax/parameter[@name='RequestType'])" />
202 <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='Module'])" />
203 <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='SessionTV'])" />
204 <parameter name="RequestParams" required="false">
205 <para>Parameters provided to the rejected request.</para>
206 </parameter>
207 </syntax>
208 </managerEventInstance>
209 </managerEvent>
210 <managerEvent language="en_US" name="AuthMethodNotAllowed">
211 <managerEventInstance class="EVENT_FLAG_SECURITY">
212 <since>
213 <version>12.1.0</version>
214 </since>
215 <synopsis>Raised when a request used an authentication method not allowed by the service.</synopsis>
216 <syntax>
217 <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='EventTV'])" />
218 <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='Severity'])" />
219 <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='Service'])" />
220 <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='EventVersion'])" />
221 <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='AccountID'])" />
222 <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='SessionID'])" />
223 <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='LocalAddress'])" />
224 <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='RemoteAddress'])" />
225 <parameter name="AuthMethod">
226 <para>The authentication method attempted.</para>
227 </parameter>
228 <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='Module'])" />
229 <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='SessionTV'])" />
230 </syntax>
231 </managerEventInstance>
232 </managerEvent>
233 <managerEvent language="en_US" name="RequestBadFormat">
234 <managerEventInstance class="EVENT_FLAG_SECURITY">
235 <since>
236 <version>12.1.0</version>
237 </since>
238 <synopsis>Raised when a request is received with bad formatting.</synopsis>
239 <syntax>
240 <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='EventTV'])" />
241 <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='Severity'])" />
242 <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='Service'])" />
243 <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='EventVersion'])" />
244 <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='AccountID'])" />
245 <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='SessionID'])" />
246 <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='LocalAddress'])" />
247 <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='RemoteAddress'])" />
248 <xi:include xpointer="xpointer(/docs/managerEvent[@name='RequestNotSupported']/managerEventInstance/syntax/parameter[@name='RequestType'])" />
249 <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='Module'])" />
250 <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='SessionTV'])" />
251 <parameter name="AccountID" required="false">
252 <para>The account ID associated with the rejected request.</para>
253 </parameter>
254 <xi:include xpointer="xpointer(/docs/managerEvent[@name='RequestNotAllowed']/managerEventInstance/syntax/parameter[@name='RequestParams'])" />
255 </syntax>
256 </managerEventInstance>
257 </managerEvent>
258 <managerEvent language="en_US" name="SuccessfulAuth">
259 <managerEventInstance class="EVENT_FLAG_SECURITY">
260 <since>
261 <version>12.1.0</version>
262 </since>
263 <synopsis>Raised when a request successfully authenticates with a service.</synopsis>
264 <syntax>
265 <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='EventTV'])" />
266 <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='Severity'])" />
267 <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='Service'])" />
268 <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='EventVersion'])" />
269 <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='AccountID'])" />
270 <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='SessionID'])" />
271 <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='LocalAddress'])" />
272 <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='RemoteAddress'])" />
273 <parameter name="UsingPassword">
274 <para>Whether or not the authentication attempt included a password.</para>
275 </parameter>
276 <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='Module'])" />
277 <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='SessionTV'])" />
278 </syntax>
279 </managerEventInstance>
280 </managerEvent>
281 <managerEvent language="en_US" name="UnexpectedAddress">
282 <managerEventInstance class="EVENT_FLAG_SECURITY">
283 <since>
284 <version>12.1.0</version>
285 </since>
286 <synopsis>Raised when a request has a different source address then what is expected for a session already in progress with a service.</synopsis>
287 <syntax>
288 <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='EventTV'])" />
289 <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='Severity'])" />
290 <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='Service'])" />
291 <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='EventVersion'])" />
292 <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='AccountID'])" />
293 <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='SessionID'])" />
294 <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='LocalAddress'])" />
295 <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='RemoteAddress'])" />
296 <parameter name="ExpectedAddress">
297 <para>The address that the request was expected to use.</para>
298 </parameter>
299 <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='Module'])" />
300 <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='SessionTV'])" />
301 </syntax>
302 </managerEventInstance>
303 </managerEvent>
304 <managerEvent language="en_US" name="ChallengeResponseFailed">
305 <managerEventInstance class="EVENT_FLAG_SECURITY">
306 <since>
307 <version>12.1.0</version>
308 </since>
309 <synopsis>Raised when a request's attempt to authenticate has been challenged, and the request failed the authentication challenge.</synopsis>
310 <syntax>
311 <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='EventTV'])" />
312 <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='Severity'])" />
313 <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='Service'])" />
314 <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='EventVersion'])" />
315 <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='AccountID'])" />
316 <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='SessionID'])" />
317 <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='LocalAddress'])" />
318 <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='RemoteAddress'])" />
319 <parameter name="Challenge">
320 <para>The challenge that was sent.</para>
321 </parameter>
322 <parameter name="Response">
323 <para>The response that was received.</para>
324 </parameter>
325 <parameter name="ExpectedResponse">
326 <para>The expected response to the challenge.</para>
327 </parameter>
328 <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='Module'])" />
329 <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='SessionTV'])" />
330 </syntax>
331 </managerEventInstance>
332 </managerEvent>
333 <managerEvent language="en_US" name="InvalidPassword">
334 <managerEventInstance class="EVENT_FLAG_SECURITY">
335 <since>
336 <version>12.1.0</version>
337 </since>
338 <synopsis>Raised when a request provides an invalid password during an authentication attempt.</synopsis>
339 <syntax>
340 <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='EventTV'])" />
341 <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='Severity'])" />
342 <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='Service'])" />
343 <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='EventVersion'])" />
344 <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='AccountID'])" />
345 <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='SessionID'])" />
346 <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='LocalAddress'])" />
347 <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='RemoteAddress'])" />
348 <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='Module'])" />
349 <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='SessionTV'])" />
350 <parameter name="Challenge" required="false">
351 <para>The challenge that was sent.</para>
352 </parameter>
353 <parameter name="ReceivedChallenge" required="false">
354 <para>The challenge that was received.</para>
355 </parameter>
356 <parameter name="ReceivedHash" required="false">
357 <para>The hash that was received.</para>
358 </parameter>
359 </syntax>
360 </managerEventInstance>
361 </managerEvent>
362 <managerEvent language="en_US" name="ChallengeSent">
363 <managerEventInstance class="EVENT_FLAG_SECURITY">
364 <since>
365 <version>12.1.0</version>
366 </since>
367 <synopsis>Raised when an Asterisk service sends an authentication challenge to a request.</synopsis>
368 <syntax>
369 <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='EventTV'])" />
370 <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='Severity'])" />
371 <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='Service'])" />
372 <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='EventVersion'])" />
373 <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='AccountID'])" />
374 <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='SessionID'])" />
375 <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='LocalAddress'])" />
376 <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='RemoteAddress'])" />
377 <xi:include xpointer="xpointer(/docs/managerEvent[@name='ChallengeResponseFailed']/managerEventInstance/syntax/parameter[@name='Challenge'])" />
378 <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='Module'])" />
379 <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='SessionTV'])" />
380 </syntax>
381 </managerEventInstance>
382 </managerEvent>
383 <managerEvent language="en_US" name="InvalidTransport">
384 <managerEventInstance class="EVENT_FLAG_SECURITY">
385 <since>
386 <version>12.1.0</version>
387 </since>
388 <synopsis>Raised when a request attempts to use a transport not allowed by the Asterisk service.</synopsis>
389 <syntax>
390 <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='EventTV'])" />
391 <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='Severity'])" />
392 <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='Service'])" />
393 <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='EventVersion'])" />
394 <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='AccountID'])" />
395 <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='SessionID'])" />
396 <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='LocalAddress'])" />
397 <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='RemoteAddress'])" />
398 <parameter name="AttemptedTransport">
399 <para>The transport type that the request attempted to use.</para>
400 </parameter>
401 <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='Module'])" />
402 <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='SessionTV'])" />
403 </syntax>
404 </managerEventInstance>
405 </managerEvent>
406 ***/
407
408#include "asterisk.h"
409
410#include "asterisk/utils.h"
411#include "asterisk/strings.h"
412#include "asterisk/network.h"
413#include "asterisk/event.h"
414#include "asterisk/security_events.h"
415#include "asterisk/netsock2.h"
416#include "asterisk/stasis.h"
417#include "asterisk/json.h"
418#include "asterisk/astobj2.h"
419
420static const size_t SECURITY_EVENT_BUF_INIT_LEN = 256;
421
422/*! \brief Security Topic */
423static struct stasis_topic *security_topic;
424
425struct stasis_topic *ast_security_topic(void)
426{
427 return security_topic;
428}
429
430static int append_event_str_single(struct ast_str **str, struct ast_json *json,
431 const enum ast_event_ie_type ie_type)
432{
433 const char *ie_type_key = ast_event_get_ie_type_name(ie_type);
434 struct ast_json *json_string = ast_json_object_get(json, ie_type_key);
435
436 if (!json_string) {
437 return 0;
438 }
439
440 if (ast_str_append(str, 0, "%s: %s\r\n", ie_type_key, S_OR(ast_json_string_get(json_string), "")) == -1) {
441 return -1;
442 }
443
444 return 0;
445}
446
447static int append_event_str_from_json(struct ast_str **str, struct ast_json *json,
448 const struct ast_security_event_ie_type *ies)
449{
450 unsigned int i;
451
452 if (!ies) {
453 return 0;
454 }
455
456 for (i = 0; ies[i].ie_type != AST_EVENT_IE_END; i++) {
457 if (append_event_str_single(str, json, ies[i].ie_type)) {
458 return -1;
459 }
460 }
461
462 return 0;
463}
464
465static struct ast_manager_event_blob *security_event_to_ami_blob(struct ast_json *json)
466{
467 RAII_VAR(struct ast_str *, str, NULL, ast_free);
468 struct ast_json *event_type_json;
469 enum ast_security_event_type event_type;
470
471 event_type_json = ast_json_object_get(json, "SecurityEvent");
472 event_type = ast_json_integer_get(event_type_json);
473
474 ast_assert((unsigned int)event_type < AST_SECURITY_EVENT_NUM_TYPES);
475
476 if (!(str = ast_str_create(SECURITY_EVENT_BUF_INIT_LEN))) {
477 return NULL;
478 }
479
480 if (append_event_str_from_json(&str, json,
481 ast_security_event_get_required_ies(event_type))) {
482 ast_log(AST_LOG_ERROR, "Failed to issue a security event to AMI: "
483 "error occurred when adding required event fields.\n");
484 return NULL;
485 }
486
487 if (append_event_str_from_json(&str, json,
488 ast_security_event_get_optional_ies(event_type))) {
489 ast_log(AST_LOG_ERROR, "Failed to issue a security event to AMI: "
490 "error occurred when adding optional event fields.\n");
491 return NULL;
492 }
493
494 return ast_manager_event_blob_create(EVENT_FLAG_SECURITY,
495 ast_security_event_get_name(event_type),
496 "%s",
497 ast_str_buffer(str));
498}
499
500static struct ast_manager_event_blob *security_event_to_ami(struct stasis_message *message)
501{
502 struct ast_json_payload *payload = stasis_message_data(message);
503
504 if (stasis_message_type(message) != ast_security_event_type()) {
505 return NULL;
506 }
507
508 if (!payload) {
509 return NULL;
510 }
511
512 return security_event_to_ami_blob(payload->json);
513}
514
515/*! \brief Message type for security events */
516STASIS_MESSAGE_TYPE_DEFN(ast_security_event_type,
517 .to_ami = security_event_to_ami,
518 );
519
520static void security_stasis_cleanup(void)
521{
522 ao2_cleanup(security_topic);
523 security_topic = NULL;
524
525 STASIS_MESSAGE_TYPE_CLEANUP(ast_security_event_type);
526}
527
528int ast_security_stasis_init(void)
529{
530 ast_register_cleanup(security_stasis_cleanup);
531
532 security_topic = stasis_topic_create("security:all");
533 if (!security_topic) {
534 return -1;
535 }
536
537 if (STASIS_MESSAGE_TYPE_INIT(ast_security_event_type)) {
538 return -1;
539 }
540
541
542 return 0;
543}
544
545static const struct {
546 const char *name;
547 uint32_t version;
548 enum ast_security_event_severity severity;
549#define MAX_SECURITY_IES 12
550 struct ast_security_event_ie_type required_ies[MAX_SECURITY_IES];
551 struct ast_security_event_ie_type optional_ies[MAX_SECURITY_IES];
552#undef MAX_SECURITY_IES
553} sec_events[AST_SECURITY_EVENT_NUM_TYPES] = {
554
555#define SEC_EVT_FIELD(e, field) (offsetof(struct ast_security_event_##e, field))
556
557[AST_SECURITY_EVENT_FAILED_ACL] = {
558 .name = "FailedACL",
559 .version = AST_SECURITY_EVENT_FAILED_ACL_VERSION,
560 .severity = AST_SECURITY_EVENT_SEVERITY_ERROR,
561 .required_ies = {
562 { AST_EVENT_IE_EVENT_TV, 0 },
563 { AST_EVENT_IE_SEVERITY, 0 },
564 { AST_EVENT_IE_SERVICE, SEC_EVT_FIELD(common, service) },
565 { AST_EVENT_IE_EVENT_VERSION, SEC_EVT_FIELD(common, version) },
566 { AST_EVENT_IE_ACCOUNT_ID, SEC_EVT_FIELD(common, account_id) },
567 { AST_EVENT_IE_SESSION_ID, SEC_EVT_FIELD(common, session_id) },
568 { AST_EVENT_IE_LOCAL_ADDR, SEC_EVT_FIELD(common, local_addr) },
569 { AST_EVENT_IE_REMOTE_ADDR, SEC_EVT_FIELD(common, remote_addr) },
570 { AST_EVENT_IE_END, 0 }
571 },
572 .optional_ies = {
573 { AST_EVENT_IE_MODULE, SEC_EVT_FIELD(common, module) },
574 { AST_EVENT_IE_ACL_NAME, SEC_EVT_FIELD(failed_acl, acl_name) },
575 { AST_EVENT_IE_SESSION_TV, SEC_EVT_FIELD(common, session_tv) },
576 { AST_EVENT_IE_END, 0 }
577 },
578},
579
580[AST_SECURITY_EVENT_INVAL_ACCT_ID] = {
581 .name = "InvalidAccountID",
582 .version = AST_SECURITY_EVENT_INVAL_ACCT_ID_VERSION,
583 .severity = AST_SECURITY_EVENT_SEVERITY_ERROR,
584 .required_ies = {
585 { AST_EVENT_IE_EVENT_TV, 0 },
586 { AST_EVENT_IE_SEVERITY, 0 },
587 { AST_EVENT_IE_SERVICE, SEC_EVT_FIELD(common, service) },
588 { AST_EVENT_IE_EVENT_VERSION, SEC_EVT_FIELD(common, version) },
589 { AST_EVENT_IE_ACCOUNT_ID, SEC_EVT_FIELD(common, account_id) },
590 { AST_EVENT_IE_SESSION_ID, SEC_EVT_FIELD(common, session_id) },
591 { AST_EVENT_IE_LOCAL_ADDR, SEC_EVT_FIELD(common, local_addr) },
592 { AST_EVENT_IE_REMOTE_ADDR, SEC_EVT_FIELD(common, remote_addr) },
593 { AST_EVENT_IE_END, 0 }
594 },
595 .optional_ies = {
596 { AST_EVENT_IE_MODULE, SEC_EVT_FIELD(common, module) },
597 { AST_EVENT_IE_SESSION_TV, SEC_EVT_FIELD(common, session_tv) },
598 { AST_EVENT_IE_END, 0 }
599 },
600},
601
602[AST_SECURITY_EVENT_SESSION_LIMIT] = {
603 .name = "SessionLimit",
604 .version = AST_SECURITY_EVENT_SESSION_LIMIT_VERSION,
605 .severity = AST_SECURITY_EVENT_SEVERITY_ERROR,
606 .required_ies = {
607 { AST_EVENT_IE_EVENT_TV, 0 },
608 { AST_EVENT_IE_SEVERITY, 0 },
609 { AST_EVENT_IE_SERVICE, SEC_EVT_FIELD(common, service) },
610 { AST_EVENT_IE_EVENT_VERSION, SEC_EVT_FIELD(common, version) },
611 { AST_EVENT_IE_ACCOUNT_ID, SEC_EVT_FIELD(common, account_id) },
612 { AST_EVENT_IE_SESSION_ID, SEC_EVT_FIELD(common, session_id) },
613 { AST_EVENT_IE_LOCAL_ADDR, SEC_EVT_FIELD(common, local_addr) },
614 { AST_EVENT_IE_REMOTE_ADDR, SEC_EVT_FIELD(common, remote_addr) },
615 { AST_EVENT_IE_END, 0 }
616 },
617 .optional_ies = {
618 { AST_EVENT_IE_MODULE, SEC_EVT_FIELD(common, module) },
619 { AST_EVENT_IE_SESSION_TV, SEC_EVT_FIELD(common, session_tv) },
620 { AST_EVENT_IE_END, 0 }
621 },
622},
623
624[AST_SECURITY_EVENT_MEM_LIMIT] = {
625 .name = "MemoryLimit",
626 .version = AST_SECURITY_EVENT_MEM_LIMIT_VERSION,
627 .severity = AST_SECURITY_EVENT_SEVERITY_ERROR,
628 .required_ies = {
629 { AST_EVENT_IE_EVENT_TV, 0 },
630 { AST_EVENT_IE_SEVERITY, 0 },
631 { AST_EVENT_IE_SERVICE, SEC_EVT_FIELD(common, service) },
632 { AST_EVENT_IE_EVENT_VERSION, SEC_EVT_FIELD(common, version) },
633 { AST_EVENT_IE_ACCOUNT_ID, SEC_EVT_FIELD(common, account_id) },
634 { AST_EVENT_IE_SESSION_ID, SEC_EVT_FIELD(common, session_id) },
635 { AST_EVENT_IE_LOCAL_ADDR, SEC_EVT_FIELD(common, local_addr) },
636 { AST_EVENT_IE_REMOTE_ADDR, SEC_EVT_FIELD(common, remote_addr) },
637 { AST_EVENT_IE_END, 0 }
638 },
639 .optional_ies = {
640 { AST_EVENT_IE_MODULE, SEC_EVT_FIELD(common, module) },
641 { AST_EVENT_IE_SESSION_TV, SEC_EVT_FIELD(common, session_tv) },
642 { AST_EVENT_IE_END, 0 }
643 },
644},
645
646[AST_SECURITY_EVENT_LOAD_AVG] = {
647 .name = "LoadAverageLimit",
648 .version = AST_SECURITY_EVENT_LOAD_AVG_VERSION,
649 .severity = AST_SECURITY_EVENT_SEVERITY_ERROR,
650 .required_ies = {
651 { AST_EVENT_IE_EVENT_TV, 0 },
652 { AST_EVENT_IE_SEVERITY, 0 },
653 { AST_EVENT_IE_SERVICE, SEC_EVT_FIELD(common, service) },
654 { AST_EVENT_IE_EVENT_VERSION, SEC_EVT_FIELD(common, version) },
655 { AST_EVENT_IE_ACCOUNT_ID, SEC_EVT_FIELD(common, account_id) },
656 { AST_EVENT_IE_SESSION_ID, SEC_EVT_FIELD(common, session_id) },
657 { AST_EVENT_IE_LOCAL_ADDR, SEC_EVT_FIELD(common, local_addr) },
658 { AST_EVENT_IE_REMOTE_ADDR, SEC_EVT_FIELD(common, remote_addr) },
659 { AST_EVENT_IE_END, 0 }
660 },
661 .optional_ies = {
662 { AST_EVENT_IE_MODULE, SEC_EVT_FIELD(common, module) },
663 { AST_EVENT_IE_SESSION_TV, SEC_EVT_FIELD(common, session_tv) },
664 { AST_EVENT_IE_END, 0 }
665 },
666},
667
668[AST_SECURITY_EVENT_REQ_NO_SUPPORT] = {
669 .name = "RequestNotSupported",
670 .version = AST_SECURITY_EVENT_REQ_NO_SUPPORT_VERSION,
671 .severity = AST_SECURITY_EVENT_SEVERITY_ERROR,
672 .required_ies = {
673 { AST_EVENT_IE_EVENT_TV, 0 },
674 { AST_EVENT_IE_SEVERITY, 0 },
675 { AST_EVENT_IE_SERVICE, SEC_EVT_FIELD(common, service) },
676 { AST_EVENT_IE_EVENT_VERSION, SEC_EVT_FIELD(common, version) },
677 { AST_EVENT_IE_ACCOUNT_ID, SEC_EVT_FIELD(common, account_id) },
678 { AST_EVENT_IE_SESSION_ID, SEC_EVT_FIELD(common, session_id) },
679 { AST_EVENT_IE_LOCAL_ADDR, SEC_EVT_FIELD(common, local_addr) },
680 { AST_EVENT_IE_REMOTE_ADDR, SEC_EVT_FIELD(common, remote_addr) },
681 { AST_EVENT_IE_REQUEST_TYPE, SEC_EVT_FIELD(req_no_support, request_type) },
682 { AST_EVENT_IE_END, 0 }
683 },
684 .optional_ies = {
685 { AST_EVENT_IE_MODULE, SEC_EVT_FIELD(common, module) },
686 { AST_EVENT_IE_SESSION_TV, SEC_EVT_FIELD(common, session_tv) },
687 { AST_EVENT_IE_END, 0 }
688 },
689},
690
691[AST_SECURITY_EVENT_REQ_NOT_ALLOWED] = {
692 .name = "RequestNotAllowed",
693 .version = AST_SECURITY_EVENT_REQ_NOT_ALLOWED_VERSION,
694 .severity = AST_SECURITY_EVENT_SEVERITY_ERROR,
695 .required_ies = {
696 { AST_EVENT_IE_EVENT_TV, 0 },
697 { AST_EVENT_IE_SEVERITY, 0 },
698 { AST_EVENT_IE_SERVICE, SEC_EVT_FIELD(common, service) },
699 { AST_EVENT_IE_EVENT_VERSION, SEC_EVT_FIELD(common, version) },
700 { AST_EVENT_IE_ACCOUNT_ID, SEC_EVT_FIELD(common, account_id) },
701 { AST_EVENT_IE_SESSION_ID, SEC_EVT_FIELD(common, session_id) },
702 { AST_EVENT_IE_LOCAL_ADDR, SEC_EVT_FIELD(common, local_addr) },
703 { AST_EVENT_IE_REMOTE_ADDR, SEC_EVT_FIELD(common, remote_addr) },
704 { AST_EVENT_IE_REQUEST_TYPE, SEC_EVT_FIELD(req_not_allowed, request_type) },
705 { AST_EVENT_IE_END, 0 }
706 },
707 .optional_ies = {
708 { AST_EVENT_IE_MODULE, SEC_EVT_FIELD(common, module) },
709 { AST_EVENT_IE_SESSION_TV, SEC_EVT_FIELD(common, session_tv) },
710 { AST_EVENT_IE_REQUEST_PARAMS, SEC_EVT_FIELD(req_not_allowed, request_params) },
711 { AST_EVENT_IE_END, 0 }
712 },
713},
714
715[AST_SECURITY_EVENT_AUTH_METHOD_NOT_ALLOWED] = {
716 .name = "AuthMethodNotAllowed",
717 .version = AST_SECURITY_EVENT_AUTH_METHOD_NOT_ALLOWED_VERSION,
718 .severity = AST_SECURITY_EVENT_SEVERITY_ERROR,
719 .required_ies = {
720 { AST_EVENT_IE_EVENT_TV, 0 },
721 { AST_EVENT_IE_SEVERITY, 0 },
722 { AST_EVENT_IE_SERVICE, SEC_EVT_FIELD(common, service) },
723 { AST_EVENT_IE_EVENT_VERSION, SEC_EVT_FIELD(common, version) },
724 { AST_EVENT_IE_ACCOUNT_ID, SEC_EVT_FIELD(common, account_id) },
725 { AST_EVENT_IE_SESSION_ID, SEC_EVT_FIELD(common, session_id) },
726 { AST_EVENT_IE_LOCAL_ADDR, SEC_EVT_FIELD(common, local_addr) },
727 { AST_EVENT_IE_REMOTE_ADDR, SEC_EVT_FIELD(common, remote_addr) },
728 { AST_EVENT_IE_AUTH_METHOD, SEC_EVT_FIELD(auth_method_not_allowed, auth_method) },
729 { AST_EVENT_IE_END, 0 }
730 },
731 .optional_ies = {
732 { AST_EVENT_IE_MODULE, SEC_EVT_FIELD(common, module) },
733 { AST_EVENT_IE_SESSION_TV, SEC_EVT_FIELD(common, session_tv) },
734 { AST_EVENT_IE_END, 0 }
735 },
736},
737
738[AST_SECURITY_EVENT_REQ_BAD_FORMAT] = {
739 .name = "RequestBadFormat",
740 .version = AST_SECURITY_EVENT_REQ_BAD_FORMAT_VERSION,
741 .severity = AST_SECURITY_EVENT_SEVERITY_ERROR,
742 .required_ies = {
743 { AST_EVENT_IE_EVENT_TV, 0 },
744 { AST_EVENT_IE_SEVERITY, 0 },
745 { AST_EVENT_IE_SERVICE, SEC_EVT_FIELD(common, service) },
746 { AST_EVENT_IE_EVENT_VERSION, SEC_EVT_FIELD(common, version) },
747 { AST_EVENT_IE_SESSION_ID, SEC_EVT_FIELD(common, session_id) },
748 { AST_EVENT_IE_LOCAL_ADDR, SEC_EVT_FIELD(common, local_addr) },
749 { AST_EVENT_IE_REMOTE_ADDR, SEC_EVT_FIELD(common, remote_addr) },
750 { AST_EVENT_IE_REQUEST_TYPE, SEC_EVT_FIELD(req_bad_format, request_type) },
751 { AST_EVENT_IE_END, 0 }
752 },
753 .optional_ies = {
754 { AST_EVENT_IE_MODULE, SEC_EVT_FIELD(common, module) },
755 { AST_EVENT_IE_SESSION_TV, SEC_EVT_FIELD(common, session_tv) },
756 { AST_EVENT_IE_ACCOUNT_ID, SEC_EVT_FIELD(common, account_id) },
757 { AST_EVENT_IE_REQUEST_PARAMS, SEC_EVT_FIELD(req_bad_format, request_params) },
758 { AST_EVENT_IE_END, 0 }
759 },
760},
761
762[AST_SECURITY_EVENT_SUCCESSFUL_AUTH] = {
763 .name = "SuccessfulAuth",
764 .version = AST_SECURITY_EVENT_SUCCESSFUL_AUTH_VERSION,
765 .severity = AST_SECURITY_EVENT_SEVERITY_INFO,
766 .required_ies = {
767 { AST_EVENT_IE_EVENT_TV, 0 },
768 { AST_EVENT_IE_SEVERITY, 0 },
769 { AST_EVENT_IE_SERVICE, SEC_EVT_FIELD(common, service) },
770 { AST_EVENT_IE_EVENT_VERSION, SEC_EVT_FIELD(common, version) },
771 { AST_EVENT_IE_ACCOUNT_ID, SEC_EVT_FIELD(common, account_id) },
772 { AST_EVENT_IE_SESSION_ID, SEC_EVT_FIELD(common, session_id) },
773 { AST_EVENT_IE_LOCAL_ADDR, SEC_EVT_FIELD(common, local_addr) },
774 { AST_EVENT_IE_REMOTE_ADDR, SEC_EVT_FIELD(common, remote_addr) },
775 { AST_EVENT_IE_USING_PASSWORD, SEC_EVT_FIELD(successful_auth, using_password) },
776 { AST_EVENT_IE_END, 0 }
777 },
778 .optional_ies = {
779 { AST_EVENT_IE_MODULE, SEC_EVT_FIELD(common, module) },
780 { AST_EVENT_IE_SESSION_TV, SEC_EVT_FIELD(common, session_tv) },
781 { AST_EVENT_IE_END, 0 }
782 },
783},
784
785[AST_SECURITY_EVENT_UNEXPECTED_ADDR] = {
786 .name = "UnexpectedAddress",
787 .version = AST_SECURITY_EVENT_UNEXPECTED_ADDR_VERSION,
788 .severity = AST_SECURITY_EVENT_SEVERITY_ERROR,
789 .required_ies = {
790 { AST_EVENT_IE_EVENT_TV, 0 },
791 { AST_EVENT_IE_SEVERITY, 0 },
792 { AST_EVENT_IE_SERVICE, SEC_EVT_FIELD(common, service) },
793 { AST_EVENT_IE_EVENT_VERSION, SEC_EVT_FIELD(common, version) },
794 { AST_EVENT_IE_ACCOUNT_ID, SEC_EVT_FIELD(common, account_id) },
795 { AST_EVENT_IE_SESSION_ID, SEC_EVT_FIELD(common, session_id) },
796 { AST_EVENT_IE_LOCAL_ADDR, SEC_EVT_FIELD(common, local_addr) },
797 { AST_EVENT_IE_REMOTE_ADDR, SEC_EVT_FIELD(common, remote_addr) },
798 { AST_EVENT_IE_EXPECTED_ADDR, SEC_EVT_FIELD(unexpected_addr, expected_addr) },
799 { AST_EVENT_IE_END, 0 }
800 },
801 .optional_ies = {
802 { AST_EVENT_IE_MODULE, SEC_EVT_FIELD(common, module) },
803 { AST_EVENT_IE_SESSION_TV, SEC_EVT_FIELD(common, session_tv) },
804 { AST_EVENT_IE_END, 0 }
805 },
806},
807
808[AST_SECURITY_EVENT_CHAL_RESP_FAILED] = {
809 .name = "ChallengeResponseFailed",
810 .version = AST_SECURITY_EVENT_CHAL_RESP_FAILED_VERSION,
811 .severity = AST_SECURITY_EVENT_SEVERITY_ERROR,
812 .required_ies = {
813 { AST_EVENT_IE_EVENT_TV, 0 },
814 { AST_EVENT_IE_SEVERITY, 0 },
815 { AST_EVENT_IE_SERVICE, SEC_EVT_FIELD(common, service) },
816 { AST_EVENT_IE_EVENT_VERSION, SEC_EVT_FIELD(common, version) },
817 { AST_EVENT_IE_ACCOUNT_ID, SEC_EVT_FIELD(common, account_id) },
818 { AST_EVENT_IE_SESSION_ID, SEC_EVT_FIELD(common, session_id) },
819 { AST_EVENT_IE_LOCAL_ADDR, SEC_EVT_FIELD(common, local_addr) },
820 { AST_EVENT_IE_REMOTE_ADDR, SEC_EVT_FIELD(common, remote_addr) },
821 { AST_EVENT_IE_CHALLENGE, SEC_EVT_FIELD(chal_resp_failed, challenge) },
822 { AST_EVENT_IE_RESPONSE, SEC_EVT_FIELD(chal_resp_failed, response) },
823 { AST_EVENT_IE_EXPECTED_RESPONSE, SEC_EVT_FIELD(chal_resp_failed, expected_response) },
824 { AST_EVENT_IE_END, 0 }
825 },
826 .optional_ies = {
827 { AST_EVENT_IE_MODULE, SEC_EVT_FIELD(common, module) },
828 { AST_EVENT_IE_SESSION_TV, SEC_EVT_FIELD(common, session_tv) },
829 { AST_EVENT_IE_END, 0 }
830 },
831},
832
833[AST_SECURITY_EVENT_INVAL_PASSWORD] = {
834 .name = "InvalidPassword",
835 .version = AST_SECURITY_EVENT_INVAL_PASSWORD_VERSION,
836 .severity = AST_SECURITY_EVENT_SEVERITY_ERROR,
837 .required_ies = {
838 { AST_EVENT_IE_EVENT_TV, 0 },
839 { AST_EVENT_IE_SEVERITY, 0 },
840 { AST_EVENT_IE_SERVICE, SEC_EVT_FIELD(common, service) },
841 { AST_EVENT_IE_EVENT_VERSION, SEC_EVT_FIELD(common, version) },
842 { AST_EVENT_IE_ACCOUNT_ID, SEC_EVT_FIELD(common, account_id) },
843 { AST_EVENT_IE_SESSION_ID, SEC_EVT_FIELD(common, session_id) },
844 { AST_EVENT_IE_LOCAL_ADDR, SEC_EVT_FIELD(common, local_addr) },
845 { AST_EVENT_IE_REMOTE_ADDR, SEC_EVT_FIELD(common, remote_addr) },
846 { AST_EVENT_IE_END, 0 }
847 },
848 .optional_ies = {
849 { AST_EVENT_IE_MODULE, SEC_EVT_FIELD(common, module) },
850 { AST_EVENT_IE_SESSION_TV, SEC_EVT_FIELD(common, session_tv) },
851 { AST_EVENT_IE_CHALLENGE, SEC_EVT_FIELD(inval_password, challenge) },
852 { AST_EVENT_IE_RECEIVED_CHALLENGE, SEC_EVT_FIELD(inval_password, received_challenge) },
853 { AST_EVENT_IE_RECEIVED_HASH, SEC_EVT_FIELD(inval_password, received_hash) },
854 { AST_EVENT_IE_END, 0 }
855 },
856},
857
858[AST_SECURITY_EVENT_CHAL_SENT] = {
859 .name = "ChallengeSent",
860 .version = AST_SECURITY_EVENT_CHAL_SENT_VERSION,
861 .severity = AST_SECURITY_EVENT_SEVERITY_INFO,
862 .required_ies = {
863 { AST_EVENT_IE_EVENT_TV, 0 },
864 { AST_EVENT_IE_SEVERITY, 0 },
865 { AST_EVENT_IE_SERVICE, SEC_EVT_FIELD(common, service) },
866 { AST_EVENT_IE_EVENT_VERSION, SEC_EVT_FIELD(common, version) },
867 { AST_EVENT_IE_ACCOUNT_ID, SEC_EVT_FIELD(common, account_id) },
868 { AST_EVENT_IE_SESSION_ID, SEC_EVT_FIELD(common, session_id) },
869 { AST_EVENT_IE_LOCAL_ADDR, SEC_EVT_FIELD(common, local_addr) },
870 { AST_EVENT_IE_REMOTE_ADDR, SEC_EVT_FIELD(common, remote_addr) },
871 { AST_EVENT_IE_CHALLENGE, SEC_EVT_FIELD(chal_sent, challenge) },
872 { AST_EVENT_IE_END, 0 }
873 },
874 .optional_ies = {
875 { AST_EVENT_IE_MODULE, SEC_EVT_FIELD(common, module) },
876 { AST_EVENT_IE_SESSION_TV, SEC_EVT_FIELD(common, session_tv) },
877 { AST_EVENT_IE_END, 0 }
878 },
879},
880
881[AST_SECURITY_EVENT_INVAL_TRANSPORT] = {
882 .name = "InvalidTransport",
883 .version = AST_SECURITY_EVENT_INVAL_TRANSPORT_VERSION,
884 .severity = AST_SECURITY_EVENT_SEVERITY_ERROR,
885 .required_ies = {
886 { AST_EVENT_IE_EVENT_TV, 0 },
887 { AST_EVENT_IE_SEVERITY, 0 },
888 { AST_EVENT_IE_SERVICE, SEC_EVT_FIELD(common, service) },
889 { AST_EVENT_IE_EVENT_VERSION, SEC_EVT_FIELD(common, version) },
890 { AST_EVENT_IE_ACCOUNT_ID, SEC_EVT_FIELD(common, account_id) },
891 { AST_EVENT_IE_SESSION_ID, SEC_EVT_FIELD(common, session_id) },
892 { AST_EVENT_IE_LOCAL_ADDR, SEC_EVT_FIELD(common, local_addr) },
893 { AST_EVENT_IE_REMOTE_ADDR, SEC_EVT_FIELD(common, remote_addr) },
894 { AST_EVENT_IE_ATTEMPTED_TRANSPORT, SEC_EVT_FIELD(inval_transport, transport) },
895 { AST_EVENT_IE_END, 0 }
896 },
897 .optional_ies = {
898 { AST_EVENT_IE_MODULE, SEC_EVT_FIELD(common, module) },
899 { AST_EVENT_IE_SESSION_TV, SEC_EVT_FIELD(common, session_tv) },
900 { AST_EVENT_IE_END, 0 }
901 },
902},
903
904#undef SEC_EVT_FIELD
905
906};
907
908static const struct {
909 enum ast_security_event_severity severity;
910 const char *str;
911} severities[] = {
912 { AST_SECURITY_EVENT_SEVERITY_INFO, "Informational" },
913 { AST_SECURITY_EVENT_SEVERITY_ERROR, "Error" },
914};
915
916const char *ast_security_event_severity_get_name(
917 const enum ast_security_event_severity severity)
918{
919 unsigned int i;
920
921 for (i = 0; i < ARRAY_LEN(severities); i++) {
922 if (severities[i].severity == severity) {
923 return severities[i].str;
924 }
925 }
926
927 return NULL;
928}
929
930static int check_event_type(const enum ast_security_event_type event_type)
931{
932 if ((unsigned int)event_type >= AST_SECURITY_EVENT_NUM_TYPES) {
933 ast_log(LOG_ERROR, "Invalid security event type %u\n", event_type);
934 return -1;
935 }
936
937 return 0;
938}
939
940const char *ast_security_event_get_name(const enum ast_security_event_type event_type)
941{
942 if (check_event_type(event_type)) {
943 return NULL;
944 }
945
946 return sec_events[event_type].name;
947}
948
949const struct ast_security_event_ie_type *ast_security_event_get_required_ies(
950 const enum ast_security_event_type event_type)
951{
952 if (check_event_type(event_type)) {
953 return NULL;
954 }
955
956 return sec_events[event_type].required_ies;
957}
958
959const struct ast_security_event_ie_type *ast_security_event_get_optional_ies(
960 const enum ast_security_event_type event_type)
961{
962 if (check_event_type(event_type)) {
963 return NULL;
964 }
965
966 return sec_events[event_type].optional_ies;
967}
968
969static int add_ip_json_object(struct ast_json *json, enum ast_event_ie_type ie_type,
970 const struct ast_security_event_ip_addr *addr)
971{
972 struct ast_json *json_ip;
973
974 json_ip = ast_json_ipaddr(addr->addr, addr->transport);
975 if (!json_ip) {
976 return -1;
977 }
978
979 return ast_json_object_set(json, ast_event_get_ie_type_name(ie_type), json_ip);
980}
981
982enum ie_required {
983 NOT_REQUIRED,
984 REQUIRED
985};
986
987static int add_json_object(struct ast_json *json, const struct ast_security_event_common *sec,
988 const struct ast_security_event_ie_type *ie_type, enum ie_required req)
989{
990 int res = 0;
991
992 switch (ie_type->ie_type) {
993 case AST_EVENT_IE_SERVICE:
994 case AST_EVENT_IE_ACCOUNT_ID:
995 case AST_EVENT_IE_SESSION_ID:
996 case AST_EVENT_IE_MODULE:
997 case AST_EVENT_IE_ACL_NAME:
998 case AST_EVENT_IE_REQUEST_TYPE:
999 case AST_EVENT_IE_REQUEST_PARAMS:
1000 case AST_EVENT_IE_AUTH_METHOD:
1001 case AST_EVENT_IE_CHALLENGE:
1002 case AST_EVENT_IE_RESPONSE:
1003 case AST_EVENT_IE_EXPECTED_RESPONSE:
1004 case AST_EVENT_IE_RECEIVED_CHALLENGE:
1005 case AST_EVENT_IE_RECEIVED_HASH:
1006 case AST_EVENT_IE_ATTEMPTED_TRANSPORT:
1007 {
1008 const char *str;
1009 struct ast_json *json_string;
1010
1011 str = *((const char **)(((const char *) sec) + ie_type->offset));
1012
1013 if (req && !str) {
1014 ast_log(LOG_WARNING, "Required IE '%d' (%s) for security event "
1015 "type '%u' (%s) not present\n", ie_type->ie_type,
1016 ast_event_get_ie_type_name(ie_type->ie_type),
1017 sec->event_type, ast_security_event_get_name(sec->event_type));
1018 res = -1;
1019 break;
1020 }
1021
1022 if (!str) {
1023 break;
1024 }
1025
1026 json_string = ast_json_string_create(str);
1027 if (!json_string) {
1028 res = -1;
1029 break;
1030 }
1031
1032 res = ast_json_object_set(json, ast_event_get_ie_type_name(ie_type->ie_type), json_string);
1033 break;
1034 }
1035 case AST_EVENT_IE_EVENT_VERSION:
1036 case AST_EVENT_IE_USING_PASSWORD:
1037 {
1038 struct ast_json *json_string;
1039 uint32_t val;
1040 val = *((const uint32_t *)(((const char *) sec) + ie_type->offset));
1041
1042 json_string = ast_json_stringf("%u", val);
1043 if (!json_string) {
1044 res = -1;
1045 break;
1046 }
1047
1048 res = ast_json_object_set(json, ast_event_get_ie_type_name(ie_type->ie_type), json_string);
1049 break;
1050 }
1051 case AST_EVENT_IE_LOCAL_ADDR:
1052 case AST_EVENT_IE_REMOTE_ADDR:
1053 case AST_EVENT_IE_EXPECTED_ADDR:
1054 {
1055 const struct ast_security_event_ip_addr *addr;
1056
1057 addr = (const struct ast_security_event_ip_addr *)(((const char *) sec) + ie_type->offset);
1058
1059 if (req && !addr->addr) {
1060 ast_log(LOG_WARNING, "Required IE '%d' (%s) for security event "
1061 "type '%u' (%s) not present\n", ie_type->ie_type,
1062 ast_event_get_ie_type_name(ie_type->ie_type),
1063 sec->event_type, ast_security_event_get_name(sec->event_type));
1064 res = -1;
1065 }
1066
1067 if (addr->addr) {
1068 res = add_ip_json_object(json, ie_type->ie_type, addr);
1069 }
1070
1071 break;
1072 }
1073 case AST_EVENT_IE_SESSION_TV:
1074 {
1075 const struct timeval *tval;
1076
1077 tval = *((const struct timeval **)(((const char *) sec) + ie_type->offset));
1078
1079 if (req && !tval) {
1080 ast_log(LOG_WARNING, "Required IE '%d' (%s) for security event "
1081 "type '%u' (%s) not present\n", ie_type->ie_type,
1082 ast_event_get_ie_type_name(ie_type->ie_type),
1083 sec->event_type, ast_security_event_get_name(sec->event_type));
1084 res = -1;
1085 }
1086
1087 if (tval) {
1088 struct ast_json *json_tval = ast_json_timeval(*tval, NULL);
1089 if (!json_tval) {
1090 res = -1;
1091 break;
1092 }
1093 res = ast_json_object_set(json, ast_event_get_ie_type_name(ie_type->ie_type), json_tval);
1094 }
1095
1096 break;
1097 }
1098 case AST_EVENT_IE_EVENT_TV:
1099 case AST_EVENT_IE_SEVERITY:
1100 /* Added automatically, nothing to do here. */
1101 break;
1102 default:
1103 ast_log(LOG_WARNING, "Unhandled IE type '%d' (%s), this security event "
1104 "will be missing data.\n", ie_type->ie_type,
1105 ast_event_get_ie_type_name(ie_type->ie_type));
1106 break;
1107 }
1108
1109 return res;
1110}
1111
1112static struct ast_json *alloc_security_event_json_object(const struct ast_security_event_common *sec)
1113{
1114 struct timeval tv = ast_tvnow();
1115 const char *severity_str;
1116 struct ast_json *json_temp;
1117 RAII_VAR(struct ast_json *, json_object, ast_json_object_create(), ast_json_unref);
1118
1119 if (!json_object) {
1120 return NULL;
1121 }
1122
1123 /* NOTE: Every time ast_json_object_set is used, json_temp becomes a stale pointer since the reference is taken.
1124 * This is true even if ast_json_object_set fails.
1125 */
1126
1127 json_temp = ast_json_integer_create(sec->event_type);
1128 if (!json_temp || ast_json_object_set(json_object, "SecurityEvent", json_temp)) {
1129 return NULL;
1130 }
1131
1132 json_temp = ast_json_stringf("%u", sec->version);
1133 if (!json_temp || ast_json_object_set(json_object, ast_event_get_ie_type_name(AST_EVENT_IE_EVENT_VERSION), json_temp)) {
1134 return NULL;
1135 }
1136
1137 /* AST_EVENT_IE_EVENT_TV */
1138 json_temp = ast_json_timeval(tv, NULL);
1139 if (!json_temp || ast_json_object_set(json_object, ast_event_get_ie_type_name(AST_EVENT_IE_EVENT_TV), json_temp)) {
1140 return NULL;
1141 }
1142
1143 /* AST_EVENT_IE_SERVICE */
1144 json_temp = ast_json_string_create(sec->service);
1145 if (!json_temp || ast_json_object_set(json_object, ast_event_get_ie_type_name(AST_EVENT_IE_SERVICE), json_temp)) {
1146 return NULL;
1147 }
1148
1149 /* AST_EVENT_IE_SEVERITY */
1150 severity_str = S_OR(
1151 ast_security_event_severity_get_name(sec_events[sec->event_type].severity),
1152 "Unknown"
1153 );
1154
1155 json_temp = ast_json_string_create(severity_str);
1156 if (!json_temp || ast_json_object_set(json_object, ast_event_get_ie_type_name(AST_EVENT_IE_SEVERITY), json_temp)) {
1157 return NULL;
1158 }
1159
1160 return ast_json_ref(json_object);
1161}
1162
1163static int handle_security_event(const struct ast_security_event_common *sec)
1164{
1165 RAII_VAR(struct stasis_message *, msg, NULL, ao2_cleanup);
1166 RAII_VAR(struct ast_json_payload *, json_payload, NULL, ao2_cleanup);
1167 RAII_VAR(struct ast_json *, json_object, NULL, ast_json_unref);
1168
1169 const struct ast_security_event_ie_type *ies;
1170 unsigned int i;
1171
1172 if (!ast_security_event_type()) {
1173 return -1;
1174 }
1175
1176 json_object = alloc_security_event_json_object(sec);
1177 if (!json_object) {
1178 return -1;
1179 }
1180
1181 for (ies = ast_security_event_get_required_ies(sec->event_type), i = 0;
1182 ies[i].ie_type != AST_EVENT_IE_END;
1183 i++) {
1184 if (add_json_object(json_object, sec, ies + i, REQUIRED)) {
1185 goto return_error;
1186 }
1187 }
1188
1189 for (ies = ast_security_event_get_optional_ies(sec->event_type), i = 0;
1190 ies[i].ie_type != AST_EVENT_IE_END;
1191 i++) {
1192 if (add_json_object(json_object, sec, ies + i, NOT_REQUIRED)) {
1193 goto return_error;
1194 }
1195 }
1196
1197 /* The json blob is ready. Throw it in the payload and send it out over stasis. */
1198 if (!(json_payload = ast_json_payload_create(json_object))) {
1199 goto return_error;
1200 }
1201
1202 msg = stasis_message_create(ast_security_event_type(), json_payload);
1203
1204 if (!msg) {
1205 goto return_error;
1206 }
1207
1208 stasis_publish(ast_security_topic(), msg);
1209
1210 return 0;
1211
1212return_error:
1213 return -1;
1214}
1215
1216int ast_security_event_report(const struct ast_security_event_common *sec)
1217{
1218 if ((unsigned int)sec->event_type >= AST_SECURITY_EVENT_NUM_TYPES) {
1219 ast_log(LOG_ERROR, "Invalid security event type\n");
1220 return -1;
1221 }
1222
1223 if (!sec_events[sec->event_type].name) {
1224 ast_log(LOG_WARNING, "Security event type %u not handled\n",
1225 sec->event_type);
1226 return -1;
1227 }
1228
1229 if (sec->version != sec_events[sec->event_type].version) {
1230 ast_log(LOG_WARNING, "Security event %u version mismatch\n",
1231 sec->event_type);
1232 return -1;
1233 }
1234
1235 if (handle_security_event(sec)) {
1236 ast_log(LOG_ERROR, "Failed to issue security event of type %s.\n",
1237 ast_security_event_get_name(sec->event_type));
1238 }
1239
1240 return 0;
1241}
asterisk.h
Asterisk main include file. File version handling, generic pbx functions.
ast_register_cleanup
int ast_register_cleanup(void(*func)(void))
Register a function to be executed before Asterisk gracefully exits.
Definition: clicompat.c:19
ast_free
#define ast_free(a)
Definition: astmm.h:180
ast_log
#define ast_log
Definition: astobj2.c:42
ao2_cleanup
#define ao2_cleanup(obj)
Definition: astobj2.h:1934
service
enum ast_cc_service_type service
Definition: ccss.c:389
ast_event_get_ie_type_name
const char * ast_event_get_ie_type_name(enum ast_event_ie_type ie_type)
Get the string representation of an information element type.
Definition: event.c:209
ast_event_ie_type
ast_event_ie_type
Event Information Element types.
Definition: event_defs.h:68
AST_EVENT_IE_EVENT_VERSION
@ AST_EVENT_IE_EVENT_VERSION
Definition: event_defs.h:274
AST_EVENT_IE_END
@ AST_EVENT_IE_END
Definition: event_defs.h:70
AST_EVENT_IE_REMOTE_ADDR
@ AST_EVENT_IE_REMOTE_ADDR
Definition: event_defs.h:282
AST_EVENT_IE_ATTEMPTED_TRANSPORT
@ AST_EVENT_IE_ATTEMPTED_TRANSPORT
Definition: event_defs.h:295
AST_EVENT_IE_MODULE
@ AST_EVENT_IE_MODULE
Definition: event_defs.h:276
AST_EVENT_IE_EVENT_TV
@ AST_EVENT_IE_EVENT_TV
Definition: event_defs.h:283
AST_EVENT_IE_ACCOUNT_ID
@ AST_EVENT_IE_ACCOUNT_ID
Definition: event_defs.h:277
AST_EVENT_IE_SESSION_ID
@ AST_EVENT_IE_SESSION_ID
Definition: event_defs.h:278
AST_EVENT_IE_CHALLENGE
@ AST_EVENT_IE_CHALLENGE
Definition: event_defs.h:289
AST_EVENT_IE_LOCAL_ADDR
@ AST_EVENT_IE_LOCAL_ADDR
Definition: event_defs.h:281
AST_EVENT_IE_RECEIVED_HASH
@ AST_EVENT_IE_RECEIVED_HASH
Definition: event_defs.h:293
AST_EVENT_IE_ACL_NAME
@ AST_EVENT_IE_ACL_NAME
Definition: event_defs.h:280
AST_EVENT_IE_AUTH_METHOD
@ AST_EVENT_IE_AUTH_METHOD
Definition: event_defs.h:286
AST_EVENT_IE_SEVERITY
@ AST_EVENT_IE_SEVERITY
Definition: event_defs.h:287
AST_EVENT_IE_RECEIVED_CHALLENGE
@ AST_EVENT_IE_RECEIVED_CHALLENGE
Definition: event_defs.h:292
AST_EVENT_IE_REQUEST_TYPE
@ AST_EVENT_IE_REQUEST_TYPE
Definition: event_defs.h:284
AST_EVENT_IE_EXPECTED_RESPONSE
@ AST_EVENT_IE_EXPECTED_RESPONSE
Definition: event_defs.h:291
AST_EVENT_IE_EXPECTED_ADDR
@ AST_EVENT_IE_EXPECTED_ADDR
Definition: event_defs.h:288
AST_EVENT_IE_USING_PASSWORD
@ AST_EVENT_IE_USING_PASSWORD
Definition: event_defs.h:294
AST_EVENT_IE_RESPONSE
@ AST_EVENT_IE_RESPONSE
Definition: event_defs.h:290
AST_EVENT_IE_SESSION_TV
@ AST_EVENT_IE_SESSION_TV
Definition: event_defs.h:279
AST_EVENT_IE_REQUEST_PARAMS
@ AST_EVENT_IE_REQUEST_PARAMS
Definition: event_defs.h:285
AST_EVENT_IE_SERVICE
@ AST_EVENT_IE_SERVICE
Definition: event_defs.h:275
AST_LOG_ERROR
#define AST_LOG_ERROR
Definition: include/asterisk/logger.h:294
LOG_ERROR
#define LOG_ERROR
Definition: include/asterisk/logger.h:289
LOG_WARNING
#define LOG_WARNING
Definition: include/asterisk/logger.h:278
json.h
Asterisk JSON abstraction layer.
ast_json_ipaddr
struct ast_json * ast_json_ipaddr(const struct ast_sockaddr *addr, enum ast_transport transport_type)
Construct an IP address as JSON.
Definition: json.c:682
ast_json_string_create
struct ast_json * ast_json_string_create(const char *value)
Construct a JSON string from value.
Definition: json.c:278
ast_json_unref
void ast_json_unref(struct ast_json *value)
Decrease refcount on value. If refcount reaches zero, value is freed.
Definition: json.c:73
ast_json_object_create
struct ast_json * ast_json_object_create(void)
Create a new JSON object.
Definition: json.c:399
ast_json_payload_create
struct ast_json_payload * ast_json_payload_create(struct ast_json *json)
Create an ao2 object to pass json blobs as data payloads for stasis.
Definition: json.c:756
ast_json_timeval
struct ast_json * ast_json_timeval(const struct timeval tv, const char *zone)
Construct a timeval as JSON.
Definition: json.c:670
ast_json_integer_create
struct ast_json * ast_json_integer_create(intmax_t value)
Create a JSON integer.
Definition: json.c:327
ast_json_stringf
struct ast_json * ast_json_stringf(const char *format,...)
Create a JSON string, printf style.
Definition: json.c:293
ast_json_ref
struct ast_json * ast_json_ref(struct ast_json *value)
Increase refcount on value.
Definition: json.c:67
ast_json_object_set
int ast_json_object_set(struct ast_json *object, const char *key, struct ast_json *value)
Set a field in a JSON object.
Definition: json.c:414
ast_json_string_get
const char * ast_json_string_get(const struct ast_json *string)
Get the value of a JSON string.
Definition: json.c:283
ast_json_object_get
struct ast_json * ast_json_object_get(struct ast_json *object, const char *key)
Get a field from a JSON object.
Definition: json.c:407
ast_json_integer_get
intmax_t ast_json_integer_get(const struct ast_json *integer)
Get the value from a JSON integer.
Definition: json.c:332
ast_security_event_get_required_ies
const struct ast_security_event_ie_type * ast_security_event_get_required_ies(const enum ast_security_event_type event_type)
Get the list of required IEs for a given security event sub-type.
Definition: main/security_events.c:949
security_topic
static struct stasis_topic * security_topic
Security Topic.
Definition: main/security_events.c:423
SEC_EVT_FIELD
#define SEC_EVT_FIELD(e, field)
ast_security_event_get_name
const char * ast_security_event_get_name(const enum ast_security_event_type event_type)
Get the name of a security event sub-type.
Definition: main/security_events.c:940
STASIS_MESSAGE_TYPE_DEFN
STASIS_MESSAGE_TYPE_DEFN(ast_security_event_type,.to_ami=security_event_to_ami,)
Message type for security events.
ast_security_stasis_init
int ast_security_stasis_init(void)
initializes stasis topic/event types for ast_security_topic and ast_security_event_type
Definition: main/security_events.c:528
optional_ies
struct ast_security_event_ie_type optional_ies[MAX_SECURITY_IES]
Definition: main/security_events.c:551
ast_security_event_severity_get_name
const char * ast_security_event_severity_get_name(const enum ast_security_event_severity severity)
Get the name of a security event severity.
Definition: main/security_events.c:916
required_ies
struct ast_security_event_ie_type required_ies[MAX_SECURITY_IES]
Definition: main/security_events.c:550
ie_required
ie_required
Definition: main/security_events.c:982
REQUIRED
@ REQUIRED
Definition: main/security_events.c:984
NOT_REQUIRED
@ NOT_REQUIRED
Definition: main/security_events.c:983
check_event_type
static int check_event_type(const enum ast_security_event_type event_type)
Definition: main/security_events.c:930
severities
static const struct @393 severities[]
alloc_security_event_json_object
static struct ast_json * alloc_security_event_json_object(const struct ast_security_event_common *sec)
Definition: main/security_events.c:1112
name
const char * name
Definition: main/security_events.c:546
security_stasis_cleanup
static void security_stasis_cleanup(void)
Definition: main/security_events.c:520
security_event_to_ami
static struct ast_manager_event_blob * security_event_to_ami(struct stasis_message *message)
Definition: main/security_events.c:500
ast_security_event_get_optional_ies
const struct ast_security_event_ie_type * ast_security_event_get_optional_ies(const enum ast_security_event_type event_type)
Get the list of optional IEs for a given security event sub-type.
Definition: main/security_events.c:959
append_event_str_from_json
static int append_event_str_from_json(struct ast_str **str, struct ast_json *json, const struct ast_security_event_ie_type *ies)
Definition: main/security_events.c:447
append_event_str_single
static int append_event_str_single(struct ast_str **str, struct ast_json *json, const enum ast_event_ie_type ie_type)
Definition: main/security_events.c:430
SECURITY_EVENT_BUF_INIT_LEN
static const size_t SECURITY_EVENT_BUF_INIT_LEN
Definition: main/security_events.c:420
MAX_SECURITY_IES
#define MAX_SECURITY_IES
Definition: main/security_events.c:549
version
uint32_t version
Definition: main/security_events.c:547
security_event_to_ami_blob
static struct ast_manager_event_blob * security_event_to_ami_blob(struct ast_json *json)
Definition: main/security_events.c:465
add_json_object
static int add_json_object(struct ast_json *json, const struct ast_security_event_common *sec, const struct ast_security_event_ie_type *ie_type, enum ie_required req)
Definition: main/security_events.c:987
severity
enum ast_security_event_severity severity
Definition: main/security_events.c:548
ast_security_event_report
int ast_security_event_report(const struct ast_security_event_common *sec)
Report a security event.
Definition: main/security_events.c:1216
sec_events
static const struct @392 sec_events[AST_SECURITY_EVENT_NUM_TYPES]
add_ip_json_object
static int add_ip_json_object(struct ast_json *json, enum ast_event_ie_type ie_type, const struct ast_security_event_ip_addr *addr)
Definition: main/security_events.c:969
str
const char * str
Definition: main/security_events.c:910
handle_security_event
static int handle_security_event(const struct ast_security_event_common *sec)
Definition: main/security_events.c:1163
ast_security_topic
struct stasis_topic * ast_security_topic(void)
A stasis_topic which publishes messages for security related issues.
Definition: main/security_events.c:425
EVENT_FLAG_SECURITY
#define EVENT_FLAG_SECURITY
Definition: manager.h:93
ast_manager_event_blob_create
struct ast_manager_event_blob * ast_manager_event_blob_create(int event_flags, const char *manager_event, const char *extra_fields_fmt,...)
Construct a ast_manager_event_blob.
Definition: manager.c:10237
netsock2.h
Network socket handling.
network.h
Wrapper for network related headers, masking differences between various operating systems....
challenge
static void challenge(const char *endpoint_id, struct ast_sip_auth *auth, pjsip_tx_data *tdata, const pjsip_rx_data *rdata, int is_stale, const pjsip_auth_algorithm *algorithm)
Send a WWW-Authenticate challenge.
Definition: res_pjsip_authenticator_digest.c:507
to_ami
static void to_ami(struct ast_sip_subscription *sub, struct ast_str **buf)
Definition: res_pjsip_exten_state.c:574
NULL
#define NULL
Definition: resample.c:96
security_events.h
Security Event Reporting API.
AST_SECURITY_EVENT_CHAL_RESP_FAILED_VERSION
#define AST_SECURITY_EVENT_CHAL_RESP_FAILED_VERSION
Event descriptor version.
Definition: security_events_defs.h:429
AST_SECURITY_EVENT_UNEXPECTED_ADDR_VERSION
#define AST_SECURITY_EVENT_UNEXPECTED_ADDR_VERSION
Event descriptor version.
Definition: security_events_defs.h:408
AST_SECURITY_EVENT_MEM_LIMIT_VERSION
#define AST_SECURITY_EVENT_MEM_LIMIT_VERSION
Event descriptor version.
Definition: security_events_defs.h:261
AST_SECURITY_EVENT_SESSION_LIMIT_VERSION
#define AST_SECURITY_EVENT_SESSION_LIMIT_VERSION
Event descriptor version.
Definition: security_events_defs.h:245
AST_SECURITY_EVENT_REQ_NO_SUPPORT_VERSION
#define AST_SECURITY_EVENT_REQ_NO_SUPPORT_VERSION
Event descriptor version.
Definition: security_events_defs.h:293
AST_SECURITY_EVENT_INVAL_TRANSPORT_VERSION
#define AST_SECURITY_EVENT_INVAL_TRANSPORT_VERSION
Event descriptor version.
Definition: security_events_defs.h:512
AST_SECURITY_EVENT_AUTH_METHOD_NOT_ALLOWED_VERSION
#define AST_SECURITY_EVENT_AUTH_METHOD_NOT_ALLOWED_VERSION
Event descriptor version.
Definition: security_events_defs.h:340
AST_SECURITY_EVENT_REQ_NOT_ALLOWED_VERSION
#define AST_SECURITY_EVENT_REQ_NOT_ALLOWED_VERSION
Event descriptor version.
Definition: security_events_defs.h:314
AST_SECURITY_EVENT_REQ_BAD_FORMAT_VERSION
#define AST_SECURITY_EVENT_REQ_BAD_FORMAT_VERSION
Event descriptor version.
Definition: security_events_defs.h:361
AST_SECURITY_EVENT_FAILED_ACL_VERSION
#define AST_SECURITY_EVENT_FAILED_ACL_VERSION
Event descriptor version.
Definition: security_events_defs.h:208
AST_SECURITY_EVENT_INVAL_PASSWORD_VERSION
#define AST_SECURITY_EVENT_INVAL_PASSWORD_VERSION
Event descriptor version.
Definition: security_events_defs.h:460
AST_SECURITY_EVENT_INVAL_ACCT_ID_VERSION
#define AST_SECURITY_EVENT_INVAL_ACCT_ID_VERSION
Event descriptor version.
Definition: security_events_defs.h:229
ast_security_event_severity
ast_security_event_severity
the severity of a security event
Definition: security_events_defs.h:132
AST_SECURITY_EVENT_SEVERITY_ERROR
@ AST_SECURITY_EVENT_SEVERITY_ERROR
Something has gone wrong.
Definition: security_events_defs.h:136
AST_SECURITY_EVENT_SEVERITY_INFO
@ AST_SECURITY_EVENT_SEVERITY_INFO
Informational event, not something that has gone wrong.
Definition: security_events_defs.h:134
ast_security_event_type
ast_security_event_type
Security event types.
Definition: security_events_defs.h:40
AST_SECURITY_EVENT_INVAL_TRANSPORT
@ AST_SECURITY_EVENT_INVAL_TRANSPORT
An attempt to contact a peer on an invalid transport.
Definition: security_events_defs.h:117
AST_SECURITY_EVENT_LOAD_AVG
@ AST_SECURITY_EVENT_LOAD_AVG
Load Average limit reached.
Definition: security_events_defs.h:77
AST_SECURITY_EVENT_INVAL_PASSWORD
@ AST_SECURITY_EVENT_INVAL_PASSWORD
An attempt at basic password authentication failed.
Definition: security_events_defs.h:109
AST_SECURITY_EVENT_SESSION_LIMIT
@ AST_SECURITY_EVENT_SESSION_LIMIT
Session limit reached.
Definition: security_events_defs.h:63
AST_SECURITY_EVENT_REQ_NO_SUPPORT
@ AST_SECURITY_EVENT_REQ_NO_SUPPORT
A request was made that we understand, but do not support.
Definition: security_events_defs.h:81
AST_SECURITY_EVENT_FAILED_ACL
@ AST_SECURITY_EVENT_FAILED_ACL
Failed ACL.
Definition: security_events_defs.h:48
AST_SECURITY_EVENT_NUM_TYPES
@ AST_SECURITY_EVENT_NUM_TYPES
This must stay at the end.
Definition: security_events_defs.h:121
AST_SECURITY_EVENT_UNEXPECTED_ADDR
@ AST_SECURITY_EVENT_UNEXPECTED_ADDR
An unexpected source address was seen for a session in progress.
Definition: security_events_defs.h:101
AST_SECURITY_EVENT_MEM_LIMIT
@ AST_SECURITY_EVENT_MEM_LIMIT
Memory limit reached.
Definition: security_events_defs.h:70
AST_SECURITY_EVENT_REQ_NOT_ALLOWED
@ AST_SECURITY_EVENT_REQ_NOT_ALLOWED
A request was made that is not allowed.
Definition: security_events_defs.h:85
AST_SECURITY_EVENT_CHAL_SENT
@ AST_SECURITY_EVENT_CHAL_SENT
Challenge was sent out, informational.
Definition: security_events_defs.h:113
AST_SECURITY_EVENT_CHAL_RESP_FAILED
@ AST_SECURITY_EVENT_CHAL_RESP_FAILED
An attempt at challenge/response authentication failed.
Definition: security_events_defs.h:105
AST_SECURITY_EVENT_REQ_BAD_FORMAT
@ AST_SECURITY_EVENT_REQ_BAD_FORMAT
Request received with bad formatting.
Definition: security_events_defs.h:93
AST_SECURITY_EVENT_SUCCESSFUL_AUTH
@ AST_SECURITY_EVENT_SUCCESSFUL_AUTH
FYI FWIW, Successful authentication has occurred.
Definition: security_events_defs.h:97
AST_SECURITY_EVENT_INVAL_ACCT_ID
@ AST_SECURITY_EVENT_INVAL_ACCT_ID
Invalid Account ID.
Definition: security_events_defs.h:56
AST_SECURITY_EVENT_AUTH_METHOD_NOT_ALLOWED
@ AST_SECURITY_EVENT_AUTH_METHOD_NOT_ALLOWED
The attempted authentication method is not allowed.
Definition: security_events_defs.h:89
AST_SECURITY_EVENT_LOAD_AVG_VERSION
#define AST_SECURITY_EVENT_LOAD_AVG_VERSION
Event descriptor version.
Definition: security_events_defs.h:277
AST_SECURITY_EVENT_SUCCESSFUL_AUTH_VERSION
#define AST_SECURITY_EVENT_SUCCESSFUL_AUTH_VERSION
Event descriptor version.
Definition: security_events_defs.h:387
AST_SECURITY_EVENT_CHAL_SENT_VERSION
#define AST_SECURITY_EVENT_CHAL_SENT_VERSION
Event descriptor version.
Definition: security_events_defs.h:491
stasis.h
Stasis Message Bus API. See Stasis Message Bus API for detailed documentation.
stasis_message_type
struct stasis_message_type * stasis_message_type(const struct stasis_message *msg)
Get the message type for a stasis_message.
Definition: stasis_message.c:187
STASIS_MESSAGE_TYPE_CLEANUP
#define STASIS_MESSAGE_TYPE_CLEANUP(name)
Boiler-plate messaging macro for cleaning up message types.
Definition: stasis.h:1515
stasis_topic_create
struct stasis_topic * stasis_topic_create(const char *name)
Create a new topic.
Definition: stasis.c:644
STASIS_MESSAGE_TYPE_INIT
#define STASIS_MESSAGE_TYPE_INIT(name)
Boiler-plate messaging macro for initializing message types.
Definition: stasis.h:1493
stasis_message_data
void * stasis_message_data(const struct stasis_message *msg)
Get the data contained in a message.
Definition: stasis_message.c:195
stasis_message_create
struct stasis_message * stasis_message_create(struct stasis_message_type *type, void *data)
Create a new message.
Definition: stasis_message.c:174
stasis_publish
void stasis_publish(struct stasis_topic *topic, struct stasis_message *message)
Publish a message to a topic's subscribers.
Definition: stasis.c:1538
strings.h
String manipulation functions.
ast_str_append
int ast_str_append(struct ast_str **buf, ssize_t max_len, const char *fmt,...)
Append to a thread local dynamic string.
Definition: strings.h:1139
ast_str_buffer
char * ast_str_buffer(const struct ast_str *buf)
Returns the string buffer within the ast_str buf.
Definition: strings.h:761
S_OR
#define S_OR(a, b)
returns the equivalent of logic or for strings: first one if not empty, otherwise second one.
Definition: strings.h:80
ast_str_create
#define ast_str_create(init_len)
Create a malloc'ed dynamic length string.
Definition: strings.h:659
ast_json_payload
Definition: json.h:1082
ast_json_payload::json
struct ast_json * json
Definition: json.h:1083
ast_json
Abstract JSON element (object, array, string, int, ...).
ast_manager_event_blob
Struct containing info for an AMI event to send out.
Definition: manager.h:503
ast_security_event_common
Common structure elements.
Definition: security_events_defs.h:156
ast_security_event_common::event_type
enum ast_security_event_type event_type
The security event sub-type.
Definition: security_events_defs.h:158
ast_security_event_common::version
uint32_t version
security event version
Definition: security_events_defs.h:160
ast_security_event_common::service
const char * service
Service that generated the event.
Definition: security_events_defs.h:167
ast_security_event_ie_type
Definition: security_events.h:53
ast_security_event_ie_type::offset
size_t offset
For internal usage.
Definition: security_events.h:56
ast_security_event_ie_type::ie_type
enum ast_event_ie_type ie_type
Definition: security_events.h:54
ast_security_event_ip_addr
Definition: security_events_defs.h:141
ast_security_event_ip_addr::addr
const struct ast_sockaddr * addr
Definition: security_events_defs.h:142
ast_security_event_ip_addr::transport
enum ast_transport transport
Definition: security_events_defs.h:143
ast_str
Support for dynamic strings.
Definition: strings.h:623
stasis_message
Definition: stasis_message.c:121
stasis_topic
Definition: stasis.c:398
val
Definition: ast_expr2.c:325
ast_tvnow
struct timeval ast_tvnow(void)
Returns current timeval. Meant to replace calls to gettimeofday().
Definition: time.h:159
utils.h
Utility functions.
RAII_VAR
#define RAII_VAR(vartype, varname, initval, dtor)
Declare a variable that will call a destructor function when it goes out of scope.
Definition: utils.h:941
ast_assert
#define ast_assert(a)
Definition: utils.h:739
ARRAY_LEN
#define ARRAY_LEN(a)
Definition: utils.h:666
Generated on Wed Apr 30 2025 20:04:22 for Asterisk - The Open Source Telephony Project by doxygen 1.9.4