Security Event Logging. More...

#include "asterisk.h"
#include "asterisk/module.h"
#include "asterisk/logger.h"
#include "asterisk/threadstorage.h"
#include "asterisk/strings.h"
#include "asterisk/security_events.h"
#include "asterisk/stasis.h"
#include "asterisk/json.h"

Include dependency graph for res_security_log.c:

Go to the source code of this file.

Enumerations
enum	ie_required { NOT_REQUIRED , REQUIRED }

Functions
static void	__reg_module (void)

static void	__unreg_module (void)

static void	append_json (struct ast_str *str, struct ast_json json, const struct ast_security_event_ie_type *ies, enum ie_required required)

static void	append_json_single (struct ast_str *str, struct ast_json json, const enum ast_event_ie_type ie_type, enum ie_required required)

struct ast_module *	AST_MODULE_SELF_SYM (void)

	AST_THREADSTORAGE_CUSTOM_SCOPE (security_event_buf, NULL, ast_free_ptr, static)

static int	load_module (void)

static void	security_event_stasis_cb (struct ast_json *json)

static void	security_stasis_cb (void data, struct stasis_subscription sub, struct stasis_message *message)

static int	unload_module (void)

Variables
static struct ast_module_info	__mod_info = { .name = AST_MODULE, .flags = AST_MODFLAG_LOAD_ORDER , .description = "Security Event Logging" , .key = ASTERISK_GPL_KEY , .buildopt_sum = AST_BUILDOPT_SUM, .load = load_module, .unload = unload_module, .load_pri = AST_MODPRI_DEFAULT, .support_level = AST_MODULE_SUPPORT_CORE, }

static const struct ast_module_info *	ast_module_info = &__mod_info

static int	LOG_SECURITY

static const char	LOG_SECURITY_NAME [] = "SECURITY"

static const size_t	SECURITY_EVENT_BUF_INIT_LEN = 256

static struct stasis_subscription *	security_stasis_sub

Detailed Description

Security Event Logging.

Author: Russell Bryant russe.nosp@m.ll@d.nosp@m.igium.nosp@m..com

Todo:

Make informational security events optional

Escape quotes in string payload IE contents

Definition in file res_security_log.c.

Enumeration Type Documentation

◆ ie_required

enum ie_required

Enumerator
NOT_REQUIRED
REQUIRED

Definition at line 53 of file res_security_log.c.

                 {
    NOT_REQUIRED,
    REQUIRED
};

Function Documentation

◆ __reg_module()

static void __reg_module ( void )

static

Definition at line 165 of file res_security_log.c.

◆ __unreg_module()

static void __unreg_module ( void )

static

Definition at line 165 of file res_security_log.c.

◆ append_json()

static void append_json	(	struct ast_str **	str,
		struct ast_json *	json,
		const struct ast_security_event_ie_type *	ies,
		enum ie_required	required
	)

static

Definition at line 80 of file res_security_log.c.

{
    unsigned int i;
 
    for (i = 0; ies[i].ie_type != AST_EVENT_IE_END; i++) {
        append_json_single(str, json, ies[i].ie_type, required);
    }
}

References append_json_single(), AST_EVENT_IE_END, ast_security_event_ie_type::ie_type, and str.

Referenced by security_event_stasis_cb().

◆ append_json_single()

static void append_json_single	(	struct ast_str **	str,
		struct ast_json *	json,
		const enum ast_event_ie_type	ie_type,
		enum ie_required	required
	)

static

Definition at line 58 of file res_security_log.c.

{
    const char *ie_type_key = ast_event_get_ie_type_name(ie_type);
 
    struct ast_json *json_string;
 
    json_string = ast_json_object_get(json, ie_type_key);
 
    if (!required && !json_string) {
        /* Optional IE isn't present. Ignore. */
        return;
    }
 
    /* At this point, it _better_ be there! */
    ast_assert(json_string != NULL);
 
    ast_str_append(str, 0, ",%s=\"%s\"",
            ie_type_key,
            ast_json_string_get(json_string));
}

References ast_assert, ast_event_get_ie_type_name(), ast_json_object_get(), ast_json_string_get(), ast_str_append(), NULL, and str.

Referenced by append_json().

◆ AST_MODULE_SELF_SYM()

struct ast_module * AST_MODULE_SELF_SYM ( void )

Definition at line 165 of file res_security_log.c.

◆ AST_THREADSTORAGE_CUSTOM_SCOPE()

AST_THREADSTORAGE_CUSTOM_SCOPE	(	security_event_buf	,
		NULL	,
		ast_free_ptr	,
		static
	)

◆ load_module()

static int load_module ( void )

static

Definition at line 133 of file res_security_log.c.

{
    if ((LOG_SECURITY = ast_logger_register_level(LOG_SECURITY_NAME)) == -1) {
        return AST_MODULE_LOAD_DECLINE;
    }
 
    if (!(security_stasis_sub = stasis_subscribe(ast_security_topic(), security_stasis_cb, NULL))) {
        ast_logger_unregister_level(LOG_SECURITY_NAME);
        LOG_SECURITY = -1;
        return AST_MODULE_LOAD_DECLINE;
    }
    stasis_subscription_accept_message_type(security_stasis_sub, ast_security_event_type());
    stasis_subscription_set_filter(security_stasis_sub, STASIS_SUBSCRIPTION_FILTER_SELECTIVE);
 
    ast_verb(3, "Security Logging Enabled\n");
 
    return AST_MODULE_LOAD_SUCCESS;
}

References ast_logger_register_level(), ast_logger_unregister_level(), AST_MODULE_LOAD_DECLINE, AST_MODULE_LOAD_SUCCESS, ast_security_topic(), ast_verb, LOG_SECURITY, LOG_SECURITY_NAME, NULL, security_stasis_cb(), security_stasis_sub, stasis_subscribe, stasis_subscription_accept_message_type(), STASIS_SUBSCRIPTION_FILTER_SELECTIVE, and stasis_subscription_set_filter().

◆ security_event_stasis_cb()

static void security_event_stasis_cb ( struct ast_json * json )

static

Definition at line 90 of file res_security_log.c.

{
    struct ast_str *str;
    struct ast_json *event_type_json;
    enum ast_security_event_type event_type;
 
    event_type_json = ast_json_object_get(json, "SecurityEvent");
    event_type = ast_json_integer_get(event_type_json);
 
    ast_assert((unsigned int)event_type < AST_SECURITY_EVENT_NUM_TYPES);
 
    if (!(str = ast_str_thread_get(&security_event_buf,
            SECURITY_EVENT_BUF_INIT_LEN))) {
        return;
    }
 
    ast_str_set(&str, 0, "SecurityEvent=\"%s\"",
            ast_security_event_get_name(event_type));
 
    append_json(&str, json,
            ast_security_event_get_required_ies(event_type), REQUIRED);
    append_json(&str, json,
            ast_security_event_get_optional_ies(event_type), NOT_REQUIRED);
 
    ast_log_dynamic_level(LOG_SECURITY, "%s\n", ast_str_buffer(str));
}

References append_json(), ast_assert, ast_json_integer_get(), ast_json_object_get(), ast_log_dynamic_level, ast_security_event_get_name(), ast_security_event_get_optional_ies(), ast_security_event_get_required_ies(), AST_SECURITY_EVENT_NUM_TYPES, ast_str_buffer(), ast_str_set(), ast_str_thread_get(), LOG_SECURITY, NOT_REQUIRED, REQUIRED, SECURITY_EVENT_BUF_INIT_LEN, and str.

Referenced by security_stasis_cb().

◆ security_stasis_cb()

static void security_stasis_cb	(	void *	data,
		struct stasis_subscription *	sub,
		struct stasis_message *	message
	)

static

Definition at line 117 of file res_security_log.c.

{
    struct ast_json_payload *payload = stasis_message_data(message);
 
    if (stasis_message_type(message) != ast_security_event_type()) {
        return;
    }
 
    if (!payload) {
        return;
    }
 
    security_event_stasis_cb(payload->json);
}

References ast_json_payload::json, security_event_stasis_cb(), and stasis_message_data().

Referenced by load_module().

◆ unload_module()

static int unload_module ( void )

static

Definition at line 152 of file res_security_log.c.

{
    if (security_stasis_sub) {
        security_stasis_sub = stasis_unsubscribe_and_join(security_stasis_sub);
    }
 
    ast_logger_unregister_level(LOG_SECURITY_NAME);
 
    ast_verb(3, "Security Logging Disabled\n");
 
    return 0;
}

References ast_logger_unregister_level(), ast_verb, LOG_SECURITY_NAME, security_stasis_sub, and stasis_unsubscribe_and_join().

Variable Documentation

◆ __mod_info

struct ast_module_info __mod_info = { .name = AST_MODULE, .flags = AST_MODFLAG_LOAD_ORDER , .description = "Security Event Logging" , .key = ASTERISK_GPL_KEY , .buildopt_sum = AST_BUILDOPT_SUM, .load = load_module, .unload = unload_module, .load_pri = AST_MODPRI_DEFAULT, .support_level = AST_MODULE_SUPPORT_CORE, }

static

Definition at line 165 of file res_security_log.c.

◆ ast_module_info

const struct ast_module_info* ast_module_info = &__mod_info

static

Definition at line 165 of file res_security_log.c.

◆ LOG_SECURITY

int LOG_SECURITY

static

Definition at line 46 of file res_security_log.c.

Referenced by load_module(), and security_event_stasis_cb().

◆ LOG_SECURITY_NAME

const char LOG_SECURITY_NAME[] = "SECURITY"

static

Definition at line 44 of file res_security_log.c.

Referenced by load_module(), and unload_module().

◆ SECURITY_EVENT_BUF_INIT_LEN

const size_t SECURITY_EVENT_BUF_INIT_LEN = 256

static

Definition at line 51 of file res_security_log.c.

Referenced by security_event_stasis_cb().

◆ security_stasis_sub

struct stasis_subscription* security_stasis_sub

static

Definition at line 48 of file res_security_log.c.

Referenced by load_module(), and unload_module().

Enumerations

Functions

Variables

Detailed Description

Enumeration Type Documentation

◆ ie_required

Function Documentation

◆ __reg_module()

◆ __unreg_module()

◆ append_json()

◆ append_json_single()

◆ AST_MODULE_SELF_SYM()

◆ AST_THREADSTORAGE_CUSTOM_SCOPE()

◆ load_module()

◆ security_event_stasis_cb()

◆ security_stasis_cb()

◆ unload_module()

Variable Documentation

◆ __mod_info

◆ ast_module_info

◆ LOG_SECURITY

◆ LOG_SECURITY_NAME

◆ SECURITY_EVENT_BUF_INIT_LEN

◆ security_stasis_sub