dd/d1e/res__security__log_8c_source.html

/*

 * Asterisk -- An open source telephony toolkit.

 *

 * Copyright (C) 2009, Digium, Inc.

 *

 * Russell Bryant <russell@digium.com>

 *

 * See http://www.asterisk.org for more information about

 * the Asterisk project. Please do not directly contact

 * any of the maintainers of this project for assistance;

 * the project provides a web site, mailing lists and IRC

 * channels for your use.

 *

 * This program is free software, distributed under the terms of

 * the GNU General Public License Version 2. See the LICENSE file

 * at the top of the source tree.

 */


/*!

 * \file

 *

 * \author Russell Bryant <russell@digium.com>

 *

 * \brief Security Event Logging

 *

 * \todo Make informational security events optional

 * \todo Escape quotes in string payload IE contents

 */


/*** MODULEINFO

    <support_level>core</support_level>

 ***/


#include "asterisk.h"


#include "asterisk/module.h"

#include "asterisk/logger.h"

#include "asterisk/threadstorage.h"

#include "asterisk/strings.h"

#include "asterisk/security_events.h"

#include "asterisk/stasis.h"

#include "asterisk/json.h"


static const char LOG_SECURITY_NAME[] = "SECURITY";


static int LOG_SECURITY;


static struct stasis_subscription *security_stasis_sub;


AST_THREADSTORAGE(security_event_buf);

static const size_t SECURITY_EVENT_BUF_INIT_LEN = 256;


enum ie_required {

    NOT_REQUIRED,

    REQUIRED

};


static void append_json_single(struct ast_str **str, struct ast_json *json,

        const enum ast_event_ie_type ie_type, enum ie_required required)

{

    const char *ie_type_key = ast_event_get_ie_type_name(ie_type);


    struct ast_json *json_string;


    json_string = ast_json_object_get(json, ie_type_key);


    if (!required && !json_string) {

        /* Optional IE isn't present. Ignore. */

        return;

    }


    /* At this point, it _better_ be there! */

    ast_assert(json_string != NULL);


    ast_str_append(str, 0, ",%s=\"%s\"",

            ie_type_key,

            ast_json_string_get(json_string));

}


static void append_json(struct ast_str **str, struct ast_json *json,

        const struct ast_security_event_ie_type *ies, enum ie_required required)

{

    unsigned int i;


    for (i = 0; ies[i].ie_type != AST_EVENT_IE_END; i++) {

        append_json_single(str, json, ies[i].ie_type, required);

    }

}


static void security_event_stasis_cb(struct ast_json *json)

{

    struct ast_str *str;

    struct ast_json *event_type_json;

    enum ast_security_event_type event_type;


    event_type_json = ast_json_object_get(json, "SecurityEvent");

    event_type = ast_json_integer_get(event_type_json);


    ast_assert((unsigned int)event_type < AST_SECURITY_EVENT_NUM_TYPES);


    if (!(str = ast_str_thread_get(&security_event_buf,

            SECURITY_EVENT_BUF_INIT_LEN))) {

        return;

    }


    ast_str_set(&str, 0, "SecurityEvent=\"%s\"",

            ast_security_event_get_name(event_type));


    append_json(&str, json,

            ast_security_event_get_required_ies(event_type), REQUIRED);

    append_json(&str, json,

            ast_security_event_get_optional_ies(event_type), NOT_REQUIRED);


    ast_log_dynamic_level(LOG_SECURITY, "%s\n", ast_str_buffer(str));

}


static void security_stasis_cb(void *data, struct stasis_subscription *sub,

    struct stasis_message *message)

{

    struct ast_json_payload *payload = stasis_message_data(message);


    if (stasis_message_type(message) != ast_security_event_type()) {

        return;

    }


    if (!payload) {

        return;

    }


    security_event_stasis_cb(payload->json);

}


static int load_module(void)

{

    if ((LOG_SECURITY = ast_logger_register_level(LOG_SECURITY_NAME)) == -1) {

        return AST_MODULE_LOAD_DECLINE;

    }


    if (!(security_stasis_sub = stasis_subscribe(ast_security_topic(), security_stasis_cb, NULL))) {

        ast_logger_unregister_level(LOG_SECURITY_NAME);

        LOG_SECURITY = -1;

        return AST_MODULE_LOAD_DECLINE;

    }

    stasis_subscription_accept_message_type(security_stasis_sub, ast_security_event_type());

    stasis_subscription_set_filter(security_stasis_sub, STASIS_SUBSCRIPTION_FILTER_SELECTIVE);


    ast_verb(3, "Security Logging Enabled\n");


    return AST_MODULE_LOAD_SUCCESS;

}


static int unload_module(void)

{

    if (security_stasis_sub) {

        security_stasis_sub = stasis_unsubscribe_and_join(security_stasis_sub);

    }


    ast_logger_unregister_level(LOG_SECURITY_NAME);


    ast_verb(3, "Security Logging Disabled\n");


    return 0;

}


AST_MODULE_INFO_STANDARD(ASTERISK_GPL_KEY, "Security Event Logging");

str
const char * str
Definition: app_jack.c:147

asterisk.h
Asterisk main include file. File version handling, generic pbx functions.

ast_event_get_ie_type_name
const char * ast_event_get_ie_type_name(enum ast_event_ie_type ie_type)
Get the string representation of an information element type.
Definition: event.c:208

ast_event_ie_type
ast_event_ie_type
Event Information Element types.
Definition: event_defs.h:68

AST_EVENT_IE_END
@ AST_EVENT_IE_END
Definition: event_defs.h:70

logger.h
Support for logging to various files, console and syslog Configuration in file logger....

ast_log_dynamic_level
#define ast_log_dynamic_level(level,...)
Send a log message to a dynamically registered log level.
Definition: include/asterisk/logger.h:438

ast_logger_register_level
int ast_logger_register_level(const char *name)
Register a new logger level.
Definition: logger.c:2839

ast_verb
#define ast_verb(level,...)
Definition: include/asterisk/logger.h:462

ast_logger_unregister_level
void ast_logger_unregister_level(const char *name)
Unregister a previously registered logger level.
Definition: logger.c:2897

json.h
Asterisk JSON abstraction layer.

ast_json_string_get
const char * ast_json_string_get(const struct ast_json *string)
Get the value of a JSON string.
Definition: json.c:283

ast_json_object_get
struct ast_json * ast_json_object_get(struct ast_json *object, const char *key)
Get a field from a JSON object.
Definition: json.c:407

ast_json_integer_get
intmax_t ast_json_integer_get(const struct ast_json *integer)
Get the value from a JSON integer.
Definition: json.c:332

ie_required
ie_required
Definition: main/security_events.c:937

module.h
Asterisk module definitions.

AST_MODULE_INFO_STANDARD
#define AST_MODULE_INFO_STANDARD(keystr, desc)
Definition: module.h:567

ASTERISK_GPL_KEY
#define ASTERISK_GPL_KEY
The text the key() function should return.
Definition: module.h:46

AST_MODULE_LOAD_SUCCESS
@ AST_MODULE_LOAD_SUCCESS
Definition: module.h:70

AST_MODULE_LOAD_DECLINE
@ AST_MODULE_LOAD_DECLINE
Module has failed to load, may be in an inconsistent state.
Definition: module.h:78

sub
struct stasis_forward * sub
Definition: res_corosync.c:240

LOG_SECURITY
static int LOG_SECURITY
Definition: res_security_log.c:46

security_stasis_sub
static struct stasis_subscription * security_stasis_sub
Definition: res_security_log.c:48

REQUIRED
@ REQUIRED
Definition: res_security_log.c:55

NOT_REQUIRED
@ NOT_REQUIRED
Definition: res_security_log.c:54

security_event_buf
static struct ast_threadstorage security_event_buf
Definition: res_security_log.c:50

LOG_SECURITY_NAME
static const char LOG_SECURITY_NAME[]
Definition: res_security_log.c:44

SECURITY_EVENT_BUF_INIT_LEN
static const size_t SECURITY_EVENT_BUF_INIT_LEN
Definition: res_security_log.c:51

security_event_stasis_cb
static void security_event_stasis_cb(struct ast_json *json)
Definition: res_security_log.c:90

load_module
static int load_module(void)
Definition: res_security_log.c:133

append_json
static void append_json(struct ast_str **str, struct ast_json *json, const struct ast_security_event_ie_type *ies, enum ie_required required)
Definition: res_security_log.c:80

unload_module
static int unload_module(void)
Definition: res_security_log.c:152

append_json_single
static void append_json_single(struct ast_str **str, struct ast_json *json, const enum ast_event_ie_type ie_type, enum ie_required required)
Definition: res_security_log.c:58

security_stasis_cb
static void security_stasis_cb(void *data, struct stasis_subscription *sub, struct stasis_message *message)
Definition: res_security_log.c:117

NULL
#define NULL
Definition: resample.c:96

security_events.h
Security Event Reporting API.

ast_security_event_get_required_ies
const struct ast_security_event_ie_type * ast_security_event_get_required_ies(const enum ast_security_event_type event_type)
Get the list of required IEs for a given security event sub-type.
Definition: main/security_events.c:904

ast_security_event_get_name
const char * ast_security_event_get_name(const enum ast_security_event_type event_type)
Get the name of a security event sub-type.
Definition: main/security_events.c:895

ast_security_event_get_optional_ies
const struct ast_security_event_ie_type * ast_security_event_get_optional_ies(const enum ast_security_event_type event_type)
Get the list of optional IEs for a given security event sub-type.
Definition: main/security_events.c:914

ast_security_topic
struct stasis_topic * ast_security_topic(void)
A stasis_topic which publishes messages for security related issues.
Definition: main/security_events.c:380

ast_security_event_type
ast_security_event_type
Security event types.
Definition: security_events_defs.h:40

AST_SECURITY_EVENT_NUM_TYPES
@ AST_SECURITY_EVENT_NUM_TYPES
This must stay at the end.
Definition: security_events_defs.h:121

stasis.h
Stasis Message Bus API. See Stasis Message Bus API for detailed documentation.

stasis_message_type
struct stasis_message_type * stasis_message_type(const struct stasis_message *msg)
Get the message type for a stasis_message.
Definition: stasis_message.c:187

STASIS_SUBSCRIPTION_FILTER_SELECTIVE
@ STASIS_SUBSCRIPTION_FILTER_SELECTIVE
Definition: stasis.h:297

stasis_subscription_accept_message_type
int stasis_subscription_accept_message_type(struct stasis_subscription *subscription, const struct stasis_message_type *type)
Indicate to a subscription that we are interested in a message type.
Definition: stasis.c:1023

stasis_subscription_set_filter
int stasis_subscription_set_filter(struct stasis_subscription *subscription, enum stasis_subscription_message_filter filter)
Set the message type filtering level on a subscription.
Definition: stasis.c:1077

stasis_message_data
void * stasis_message_data(const struct stasis_message *msg)
Get the data contained in a message.
Definition: stasis_message.c:195

stasis_unsubscribe_and_join
struct stasis_subscription * stasis_unsubscribe_and_join(struct stasis_subscription *subscription)
Cancel a subscription, blocking until the last message is processed.
Definition: stasis.c:1134

stasis_subscribe
#define stasis_subscribe(topic, callback, data)
Definition: stasis.h:649

strings.h
String manipulation functions.

ast_str_append
int ast_str_append(struct ast_str **buf, ssize_t max_len, const char *fmt,...)
Append to a thread local dynamic string.
Definition: strings.h:1139

ast_str_buffer
char * ast_str_buffer(const struct ast_str *buf)
Returns the string buffer within the ast_str buf.
Definition: strings.h:761

ast_str_set
int ast_str_set(struct ast_str **buf, ssize_t max_len, const char *fmt,...)
Set a dynamic string using variable arguments.
Definition: strings.h:1113

ast_str_thread_get
struct ast_str * ast_str_thread_get(struct ast_threadstorage *ts, size_t init_len)
Retrieve a thread locally stored dynamic string.
Definition: strings.h:909

ast_json_payload
Definition: json.h:1082

ast_json_payload::json
struct ast_json * json
Definition: json.h:1083

ast_json
Abstract JSON element (object, array, string, int, ...).

ast_security_event_ie_type
Definition: security_events.h:53

ast_security_event_ie_type::ie_type
enum ast_event_ie_type ie_type
Definition: security_events.h:54

ast_str
Support for dynamic strings.
Definition: strings.h:623

message
Definition: manager.h:149

stasis_message
Definition: stasis_message.c:121

stasis_subscription
Definition: stasis.c:680

threadstorage.h
Definitions to aid in the use of thread local storage.

AST_THREADSTORAGE
#define AST_THREADSTORAGE(name)
Define a thread storage variable.
Definition: threadstorage.h:86

ast_assert
#define ast_assert(a)
Definition: utils.h:739