Asterisk - The Open Source Telephony Project  18.5.0
Functions
channels/sip/include/security_events.h File Reference

Generate security events in the SIP channel. More...

#include "sip.h"
Include dependency graph for channels/sip/include/security_events.h:
This graph shows which files directly or indirectly include this file:

Go to the source code of this file.

Functions

void sip_digest_parser (char *c, struct digestkeys *keys)
 Takes the digest response and parses it. More...
 
void sip_report_auth_success (const struct sip_pvt *p, uint32_t using_password)
 
void sip_report_chal_sent (const struct sip_pvt *p)
 
void sip_report_failed_acl (const struct sip_pvt *p, const char *aclname)
 
void sip_report_failed_challenge_response (const struct sip_pvt *p, const char *response, const char *expected_response)
 
void sip_report_inval_password (const struct sip_pvt *p, const char *responsechallenge, const char *responsehash)
 
void sip_report_inval_transport (const struct sip_pvt *p, const char *transport)
 
void sip_report_invalid_peer (const struct sip_pvt *p)
 
int sip_report_security_event (const char *peer, struct ast_sockaddr *addr, const struct sip_pvt *p, const struct sip_request *req, const int res)
 
void sip_report_session_limit (const struct sip_pvt *p)
 

Detailed Description

Generate security events in the SIP channel.

Author
Michael L. Young elgue.nosp@m.rome.nosp@m.xican.nosp@m.o@gm.nosp@m.ail.c.nosp@m.om

Definition in file channels/sip/include/security_events.h.

Function Documentation

◆ sip_digest_parser()

void sip_digest_parser ( char *  c,
struct digestkeys keys 
)

Takes the digest response and parses it.

Definition at line 17309 of file chan_sip.c.

References ast_skip_blanks(), c, digestkeys::key, NULL, digestkeys::s, and strsep().

Referenced by check_auth(), and sip_report_security_event().

17310 {
17311  struct digestkeys *i = i;
17312 
17313  while(c && *(c = ast_skip_blanks(c)) ) { /* lookup for keys */
17314  for (i = keys; i->key != NULL; i++) {
17315  const char *separator = ","; /* default */
17316 
17317  if (strncasecmp(c, i->key, strlen(i->key)) != 0) {
17318  continue;
17319  }
17320  /* Found. Skip keyword, take text in quotes or up to the separator. */
17321  c += strlen(i->key);
17322  if (*c == '"') { /* in quotes. Skip first and look for last */
17323  c++;
17324  separator = "\"";
17325  }
17326  i->s = c;
17327  strsep(&c, separator);
17328  break;
17329  }
17330  if (i->key == NULL) { /* not found, jump after space or comma */
17331  strsep(&c, " ,");
17332  }
17333  }
17334 }
digestkeys::key
const char * key
Definition: sip.h:1879
c
static struct test_val c
Definition: test_linkedlists.c:48
NULL
#define NULL
Definition: resample.c:96
ast_skip_blanks
char * ast_skip_blanks(const char *str)
Gets a pointer to the first non-whitespace character in a string.
Definition: strings.h:157
digestkeys::s
const char * s
Definition: sip.h:1880
strsep
char * strsep(char **str, const char *delims)

◆ sip_report_auth_success()

void sip_report_auth_success ( const struct sip_pvt p,
uint32_t  using_password 
)

Definition at line 123 of file channels/sip/security_events.c.

References AST_SEC_EVT, ast_security_event_report(), AST_SECURITY_EVENT_SUCCESSFUL_AUTH, AST_SECURITY_EVENT_SUCCESSFUL_AUTH_VERSION, ast_security_event_successful_auth::common, ast_security_event_common::event_type, sip_pvt::exten, sip_pvt::ourip, sip_pvt::sa, security_event_get_transport(), and ast_security_event_successful_auth::using_password.

Referenced by sip_report_security_event().

124 {
125  char session_id[32];
126 
127  struct ast_security_event_successful_auth successful_auth = {
128  .common.event_type = AST_SECURITY_EVENT_SUCCESSFUL_AUTH,
129  .common.version = AST_SECURITY_EVENT_SUCCESSFUL_AUTH_VERSION,
130  .common.service = "SIP",
131  .common.account_id = p->exten,
132  .common.local_addr = {
133  .addr = &p->ourip,
134  .transport = security_event_get_transport(p)
135  },
136  .common.remote_addr = {
137  .addr = &p->sa,
138  .transport = security_event_get_transport(p)
139  },
140  .common.session_id = session_id,
141  .using_password = using_password,
142  };
143 
144  snprintf(session_id, sizeof(session_id), "%p", p);
145 
146  ast_security_event_report(AST_SEC_EVT(&successful_auth));
147 }
ast_security_event_successful_auth::using_password
uint32_t using_password
Using password - if a password was used or not.
Definition: security_events_defs.h:397
ast_security_event_common::event_type
enum ast_security_event_type event_type
The security event sub-type.
Definition: security_events_defs.h:158
AST_SECURITY_EVENT_SUCCESSFUL_AUTH
FYI FWIW, Successful authentication has occurred.
Definition: security_events_defs.h:97
sip_pvt::ourip
struct ast_sockaddr ourip
Definition: sip.h:1136
security_event_get_transport
static enum ast_transport security_event_get_transport(const struct sip_pvt *p)
Determine transport type used to receive request.
Definition: channels/sip/security_events.c:38
AST_SECURITY_EVENT_SUCCESSFUL_AUTH_VERSION
#define AST_SECURITY_EVENT_SUCCESSFUL_AUTH_VERSION
Event descriptor version.
Definition: security_events_defs.h:387
AST_SEC_EVT
#define AST_SEC_EVT(e)
Definition: security_events_defs.h:139
sip_pvt::sa
struct ast_sockaddr sa
Definition: sip.h:1125
ast_security_event_successful_auth
Successful authentication.
Definition: security_events_defs.h:382
sip_pvt::exten
const ast_string_field exten
Definition: sip.h:1063
ast_security_event_successful_auth::common
struct ast_security_event_common common
Common security event descriptor elements.
Definition: security_events_defs.h:392
ast_security_event_report
int ast_security_event_report(const struct ast_security_event_common *sec)
Report a security event.
Definition: main/security_events.c:1171

◆ sip_report_chal_sent()

void sip_report_chal_sent ( const struct sip_pvt p)

Definition at line 210 of file channels/sip/security_events.c.

References ast_copy_string(), AST_SEC_EVT, AST_SECURITY_EVENT_CHAL_SENT, AST_SECURITY_EVENT_CHAL_SENT_VERSION, ast_security_event_report(), ast_strlen_zero, ast_security_event_chal_sent::common, ast_security_event_common::event_type, sip_pvt::exten, sip_pvt::from, sip_pvt::nonce, sip_pvt::ourip, sip_pvt::sa, and security_event_get_transport().

Referenced by sip_report_security_event().

211 {
212  char session_id[32];
213  char account_id[256];
214 
215  struct ast_security_event_chal_sent chal_sent = {
216  .common.event_type = AST_SECURITY_EVENT_CHAL_SENT,
217  .common.version = AST_SECURITY_EVENT_CHAL_SENT_VERSION,
218  .common.service = "SIP",
219  .common.account_id = account_id,
220  .common.local_addr = {
221  .addr = &p->ourip,
222  .transport = security_event_get_transport(p)
223  },
224  .common.remote_addr = {
225  .addr = &p->sa,
226  .transport = security_event_get_transport(p)
227  },
228  .common.session_id = session_id,
229 
230  .challenge = p->nonce,
231  };
232 
233  if (!ast_strlen_zero(p->from)) { /* When dialing, show account making call */
234  ast_copy_string(account_id, p->from, sizeof(account_id));
235  } else {
236  ast_copy_string(account_id, p->exten, sizeof(account_id));
237  }
238 
239  snprintf(session_id, sizeof(session_id), "%p", p);
240 
241  ast_security_event_report(AST_SEC_EVT(&chal_sent));
242 }
ast_security_event_common::event_type
enum ast_security_event_type event_type
The security event sub-type.
Definition: security_events_defs.h:158
AST_SECURITY_EVENT_CHAL_SENT_VERSION
#define AST_SECURITY_EVENT_CHAL_SENT_VERSION
Event descriptor version.
Definition: security_events_defs.h:491
sip_pvt::ourip
struct ast_sockaddr ourip
Definition: sip.h:1136
ast_security_event_chal_sent
A challenge was sent out.
Definition: security_events_defs.h:486
sip_pvt::from
const ast_string_field from
Definition: sip.h:1063
security_event_get_transport
static enum ast_transport security_event_get_transport(const struct sip_pvt *p)
Determine transport type used to receive request.
Definition: channels/sip/security_events.c:38
AST_SEC_EVT
#define AST_SEC_EVT(e)
Definition: security_events_defs.h:139
sip_pvt::nonce
const ast_string_field nonce
Definition: sip.h:1063
ast_strlen_zero
#define ast_strlen_zero(foo)
Definition: strings.h:52
sip_pvt::sa
struct ast_sockaddr sa
Definition: sip.h:1125
sip_pvt::exten
const ast_string_field exten
Definition: sip.h:1063
AST_SECURITY_EVENT_CHAL_SENT
Challenge was sent out, informational.
Definition: security_events_defs.h:113
ast_security_event_chal_sent::common
struct ast_security_event_common common
Common security event descriptor elements.
Definition: security_events_defs.h:496
ast_copy_string
void ast_copy_string(char *dst, const char *src, size_t size)
Size-limited null-terminating string copy.
Definition: strings.h:401
ast_security_event_report
int ast_security_event_report(const struct ast_security_event_common *sec)
Report a security event.
Definition: main/security_events.c:1171

◆ sip_report_failed_acl()

void sip_report_failed_acl ( const struct sip_pvt p,
const char *  aclname 
)

Definition at line 68 of file channels/sip/security_events.c.

References AST_SEC_EVT, AST_SECURITY_EVENT_FAILED_ACL, AST_SECURITY_EVENT_FAILED_ACL_VERSION, ast_security_event_report(), ast_security_event_failed_acl::common, ast_security_event_common::event_type, sip_pvt::exten, sip_pvt::ourip, sip_pvt::sa, and security_event_get_transport().

Referenced by handle_request_invite(), and sip_report_security_event().

69 {
70  char session_id[32];
71 
72  struct ast_security_event_failed_acl failed_acl_event = {
73  .common.event_type = AST_SECURITY_EVENT_FAILED_ACL,
74  .common.version = AST_SECURITY_EVENT_FAILED_ACL_VERSION,
75  .common.service = "SIP",
76  .common.account_id = p->exten,
77  .common.local_addr = {
78  .addr = &p->ourip,
79  .transport = security_event_get_transport(p)
80  },
81  .common.remote_addr = {
82  .addr = &p->sa,
83  .transport = security_event_get_transport(p)
84  },
85  .common.session_id = session_id,
86  .acl_name = aclname,
87  };
88 
89  snprintf(session_id, sizeof(session_id), "%p", p);
90 
91  ast_security_event_report(AST_SEC_EVT(&failed_acl_event));
92 }
ast_security_event_common::event_type
enum ast_security_event_type event_type
The security event sub-type.
Definition: security_events_defs.h:158
ast_security_event_failed_acl
Checking against an IP access control list failed.
Definition: security_events_defs.h:203
sip_pvt::ourip
struct ast_sockaddr ourip
Definition: sip.h:1136
security_event_get_transport
static enum ast_transport security_event_get_transport(const struct sip_pvt *p)
Determine transport type used to receive request.
Definition: channels/sip/security_events.c:38
AST_SEC_EVT
#define AST_SEC_EVT(e)
Definition: security_events_defs.h:139
sip_pvt::sa
struct ast_sockaddr sa
Definition: sip.h:1125
sip_pvt::exten
const ast_string_field exten
Definition: sip.h:1063
AST_SECURITY_EVENT_FAILED_ACL_VERSION
#define AST_SECURITY_EVENT_FAILED_ACL_VERSION
Event descriptor version.
Definition: security_events_defs.h:208
ast_security_event_failed_acl::common
struct ast_security_event_common common
Common security event descriptor elements.
Definition: security_events_defs.h:213
AST_SECURITY_EVENT_FAILED_ACL
Failed ACL.
Definition: security_events_defs.h:48
ast_security_event_report
int ast_security_event_report(const struct ast_security_event_common *sec)
Report a security event.
Definition: main/security_events.c:1171

◆ sip_report_failed_challenge_response()

void sip_report_failed_challenge_response ( const struct sip_pvt p,
const char *  response,
const char *  expected_response 
)

Definition at line 174 of file channels/sip/security_events.c.

References ast_copy_string(), AST_SEC_EVT, AST_SECURITY_EVENT_CHAL_RESP_FAILED, AST_SECURITY_EVENT_CHAL_RESP_FAILED_VERSION, ast_security_event_report(), ast_strlen_zero, ast_security_event_chal_resp_failed::common, ast_security_event_common::event_type, ast_security_event_chal_resp_failed::expected_response, sip_pvt::exten, sip_pvt::from, sip_pvt::nonce, sip_pvt::ourip, ast_security_event_chal_resp_failed::response, sip_pvt::sa, and security_event_get_transport().

Referenced by sip_report_security_event().

175 {
176  char session_id[32];
177  char account_id[256];
178 
179  struct ast_security_event_chal_resp_failed chal_resp_failed = {
180  .common.event_type = AST_SECURITY_EVENT_CHAL_RESP_FAILED,
181  .common.version = AST_SECURITY_EVENT_CHAL_RESP_FAILED_VERSION,
182  .common.service = "SIP",
183  .common.account_id = account_id,
184  .common.local_addr = {
185  .addr = &p->ourip,
186  .transport = security_event_get_transport(p)
187  },
188  .common.remote_addr = {
189  .addr = &p->sa,
190  .transport = security_event_get_transport(p)
191  },
192  .common.session_id = session_id,
193 
194  .challenge = p->nonce,
195  .response = response,
196  .expected_response = expected_response,
197  };
198 
199  if (!ast_strlen_zero(p->from)) { /* When dialing, show account making call */
200  ast_copy_string(account_id, p->from, sizeof(account_id));
201  } else {
202  ast_copy_string(account_id, p->exten, sizeof(account_id));
203  }
204 
205  snprintf(session_id, sizeof(session_id), "%p", p);
206 
207  ast_security_event_report(AST_SEC_EVT(&chal_resp_failed));
208 }
ast_security_event_common::event_type
enum ast_security_event_type event_type
The security event sub-type.
Definition: security_events_defs.h:158
ast_security_event_chal_resp_failed::expected_response
const char * expected_response
Response expected to be received.
Definition: security_events_defs.h:449
ast_security_event_chal_resp_failed
An attempt at challenge/response auth failed.
Definition: security_events_defs.h:424
sip_pvt::ourip
struct ast_sockaddr ourip
Definition: sip.h:1136
ast_security_event_chal_resp_failed::response
const char * response
Response received.
Definition: security_events_defs.h:444
sip_pvt::from
const ast_string_field from
Definition: sip.h:1063
ast_security_event_chal_resp_failed::common
struct ast_security_event_common common
Common security event descriptor elements.
Definition: security_events_defs.h:434
security_event_get_transport
static enum ast_transport security_event_get_transport(const struct sip_pvt *p)
Determine transport type used to receive request.
Definition: channels/sip/security_events.c:38
AST_SEC_EVT
#define AST_SEC_EVT(e)
Definition: security_events_defs.h:139
sip_pvt::nonce
const ast_string_field nonce
Definition: sip.h:1063
ast_strlen_zero
#define ast_strlen_zero(foo)
Definition: strings.h:52
sip_pvt::sa
struct ast_sockaddr sa
Definition: sip.h:1125
sip_pvt::exten
const ast_string_field exten
Definition: sip.h:1063
AST_SECURITY_EVENT_CHAL_RESP_FAILED
An attempt at challenge/response authentication failed.
Definition: security_events_defs.h:105
ast_copy_string
void ast_copy_string(char *dst, const char *src, size_t size)
Size-limited null-terminating string copy.
Definition: strings.h:401
AST_SECURITY_EVENT_CHAL_RESP_FAILED_VERSION
#define AST_SECURITY_EVENT_CHAL_RESP_FAILED_VERSION
Event descriptor version.
Definition: security_events_defs.h:429
ast_security_event_report
int ast_security_event_report(const struct ast_security_event_common *sec)
Report a security event.
Definition: main/security_events.c:1171

◆ sip_report_inval_password()

void sip_report_inval_password ( const struct sip_pvt p,
const char *  responsechallenge,
const char *  responsehash 
)

Definition at line 94 of file channels/sip/security_events.c.

References AST_SEC_EVT, AST_SECURITY_EVENT_INVAL_PASSWORD, AST_SECURITY_EVENT_INVAL_PASSWORD_VERSION, ast_security_event_report(), ast_security_event_inval_password::common, ast_security_event_common::event_type, sip_pvt::exten, sip_pvt::nonce, sip_pvt::ourip, sip_pvt::sa, and security_event_get_transport().

Referenced by sip_report_security_event().

95 {
96  char session_id[32];
97 
98  struct ast_security_event_inval_password inval_password = {
99  .common.event_type = AST_SECURITY_EVENT_INVAL_PASSWORD,
100  .common.version = AST_SECURITY_EVENT_INVAL_PASSWORD_VERSION,
101  .common.service = "SIP",
102  .common.account_id = p->exten,
103  .common.local_addr = {
104  .addr = &p->ourip,
105  .transport = security_event_get_transport(p)
106  },
107  .common.remote_addr = {
108  .addr = &p->sa,
109  .transport = security_event_get_transport(p)
110  },
111  .common.session_id = session_id,
112 
113  .challenge = p->nonce,
114  .received_challenge = response_challenge,
115  .received_hash = response_hash,
116  };
117 
118  snprintf(session_id, sizeof(session_id), "%p", p);
119 
120  ast_security_event_report(AST_SEC_EVT(&inval_password));
121 }
AST_SECURITY_EVENT_INVAL_PASSWORD
An attempt at basic password authentication failed.
Definition: security_events_defs.h:109
ast_security_event_common::event_type
enum ast_security_event_type event_type
The security event sub-type.
Definition: security_events_defs.h:158
sip_pvt::ourip
struct ast_sockaddr ourip
Definition: sip.h:1136
security_event_get_transport
static enum ast_transport security_event_get_transport(const struct sip_pvt *p)
Determine transport type used to receive request.
Definition: channels/sip/security_events.c:38
AST_SEC_EVT
#define AST_SEC_EVT(e)
Definition: security_events_defs.h:139
sip_pvt::nonce
const ast_string_field nonce
Definition: sip.h:1063
ast_security_event_inval_password
An attempt at basic password auth failed.
Definition: security_events_defs.h:455
sip_pvt::sa
struct ast_sockaddr sa
Definition: sip.h:1125
sip_pvt::exten
const ast_string_field exten
Definition: sip.h:1063
ast_security_event_inval_password::common
struct ast_security_event_common common
Common security event descriptor elements.
Definition: security_events_defs.h:465
AST_SECURITY_EVENT_INVAL_PASSWORD_VERSION
#define AST_SECURITY_EVENT_INVAL_PASSWORD_VERSION
Event descriptor version.
Definition: security_events_defs.h:460
ast_security_event_report
int ast_security_event_report(const struct ast_security_event_common *sec)
Report a security event.
Definition: main/security_events.c:1171

◆ sip_report_inval_transport()

void sip_report_inval_transport ( const struct sip_pvt p,
const char *  transport 
)

Definition at line 244 of file channels/sip/security_events.c.

References AST_SEC_EVT, AST_SECURITY_EVENT_INVAL_TRANSPORT, AST_SECURITY_EVENT_INVAL_TRANSPORT_VERSION, ast_security_event_report(), ast_security_event_inval_transport::common, ast_security_event_common::event_type, sip_pvt::exten, sip_pvt::ourip, sip_pvt::sa, security_event_get_transport(), and ast_security_event_inval_transport::transport.

Referenced by sip_report_security_event().

245 {
246  char session_id[32];
247 
248  struct ast_security_event_inval_transport inval_transport = {
249  .common.event_type = AST_SECURITY_EVENT_INVAL_TRANSPORT,
250  .common.version = AST_SECURITY_EVENT_INVAL_TRANSPORT_VERSION,
251  .common.service = "SIP",
252  .common.account_id = p->exten,
253  .common.local_addr = {
254  .addr = &p->ourip,
255  .transport = security_event_get_transport(p)
256  },
257  .common.remote_addr = {
258  .addr = &p->sa,
259  .transport = security_event_get_transport(p)
260  },
261  .common.session_id = session_id,
262 
263  .transport = transport,
264  };
265 
266  snprintf(session_id, sizeof(session_id), "%p", p);
267 
268  ast_security_event_report(AST_SEC_EVT(&inval_transport));
269 }
ast_security_event_common::event_type
enum ast_security_event_type event_type
The security event sub-type.
Definition: security_events_defs.h:158
ast_security_event_inval_transport::common
struct ast_security_event_common common
Common security event descriptor elements.
Definition: security_events_defs.h:517
ast_security_event_inval_transport::transport
const char * transport
Attempted transport.
Definition: security_events_defs.h:522
sip_pvt::ourip
struct ast_sockaddr ourip
Definition: sip.h:1136
security_event_get_transport
static enum ast_transport security_event_get_transport(const struct sip_pvt *p)
Determine transport type used to receive request.
Definition: channels/sip/security_events.c:38
AST_SEC_EVT
#define AST_SEC_EVT(e)
Definition: security_events_defs.h:139
sip_pvt::sa
struct ast_sockaddr sa
Definition: sip.h:1125
sip_pvt::exten
const ast_string_field exten
Definition: sip.h:1063
ast_security_event_inval_transport
Attempt to contact peer on invalid transport.
Definition: security_events_defs.h:507
AST_SECURITY_EVENT_INVAL_TRANSPORT_VERSION
#define AST_SECURITY_EVENT_INVAL_TRANSPORT_VERSION
Event descriptor version.
Definition: security_events_defs.h:512
ast_security_event_report
int ast_security_event_report(const struct ast_security_event_common *sec)
Report a security event.
Definition: main/security_events.c:1171
AST_SECURITY_EVENT_INVAL_TRANSPORT
An attempt to contact a peer on an invalid transport.
Definition: security_events_defs.h:117

◆ sip_report_invalid_peer()

void sip_report_invalid_peer ( const struct sip_pvt p)

Definition at line 43 of file channels/sip/security_events.c.

References AST_SEC_EVT, AST_SECURITY_EVENT_INVAL_ACCT_ID, AST_SECURITY_EVENT_INVAL_ACCT_ID_VERSION, ast_security_event_report(), ast_security_event_inval_acct_id::common, ast_security_event_common::event_type, sip_pvt::exten, sip_pvt::ourip, sip_pvt::sa, and security_event_get_transport().

Referenced by sip_report_security_event().

44 {
45  char session_id[32];
46 
47  struct ast_security_event_inval_acct_id inval_acct_id = {
48  .common.event_type = AST_SECURITY_EVENT_INVAL_ACCT_ID,
49  .common.version = AST_SECURITY_EVENT_INVAL_ACCT_ID_VERSION,
50  .common.service = "SIP",
51  .common.account_id = p->exten,
52  .common.local_addr = {
53  .addr = &p->ourip,
54  .transport = security_event_get_transport(p)
55  },
56  .common.remote_addr = {
57  .addr = &p->sa,
58  .transport = security_event_get_transport(p)
59  },
60  .common.session_id = session_id,
61  };
62 
63  snprintf(session_id, sizeof(session_id), "%p", p);
64 
65  ast_security_event_report(AST_SEC_EVT(&inval_acct_id));
66 }
ast_security_event_common::event_type
enum ast_security_event_type event_type
The security event sub-type.
Definition: security_events_defs.h:158
sip_pvt::ourip
struct ast_sockaddr ourip
Definition: sip.h:1136
ast_security_event_inval_acct_id::common
struct ast_security_event_common common
Common security event descriptor elements.
Definition: security_events_defs.h:234
security_event_get_transport
static enum ast_transport security_event_get_transport(const struct sip_pvt *p)
Determine transport type used to receive request.
Definition: channels/sip/security_events.c:38
AST_SEC_EVT
#define AST_SEC_EVT(e)
Definition: security_events_defs.h:139
sip_pvt::sa
struct ast_sockaddr sa
Definition: sip.h:1125
sip_pvt::exten
const ast_string_field exten
Definition: sip.h:1063
AST_SECURITY_EVENT_INVAL_ACCT_ID_VERSION
#define AST_SECURITY_EVENT_INVAL_ACCT_ID_VERSION
Event descriptor version.
Definition: security_events_defs.h:229
ast_security_event_inval_acct_id
Invalid account ID specified (invalid username, for example)
Definition: security_events_defs.h:224
AST_SECURITY_EVENT_INVAL_ACCT_ID
Invalid Account ID.
Definition: security_events_defs.h:56
ast_security_event_report
int ast_security_event_report(const struct ast_security_event_common *sec)
Report a security event.
Definition: main/security_events.c:1171

◆ sip_report_security_event()

int sip_report_security_event ( const char *  peer,
struct ast_sockaddr addr,
const struct sip_pvt p,
const struct sip_request req,
const int  res 
)

Definition at line 271 of file channels/sip/security_events.c.

References ast_str_buffer(), ast_str_set(), ast_str_thread_get(), ast_strlen_zero, AUTH_ACL_FAILED, AUTH_BAD_TRANSPORT, AUTH_CHALLENGE_SENT, AUTH_DONT_KNOW, AUTH_NOT_FOUND, AUTH_PEER_NOT_DYNAMIC, AUTH_RTP_FAILED, AUTH_SECRET_FAILED, AUTH_SESSION_LIMIT, AUTH_SUCCESSFUL, AUTH_UNKNOWN_DOMAIN, AUTH_USERNAME_MISMATCH, buf, c, check_auth_buf, CHECK_AUTH_BUF_INITLEN, FALSE, FINDPEERS, K_LAST, K_NONCE, K_RESP, K_URI, K_USER, sip_peer::md5secret, NULL, result, digestkeys::s, sip_peer::secret, sip_auth_headers(), sip_digest_parser(), sip_find_peer(), sip_get_header(), sip_get_transport(), sip_report_auth_success(), sip_report_chal_sent(), sip_report_failed_acl(), sip_report_failed_challenge_response(), sip_report_inval_password(), sip_report_inval_transport(), sip_report_invalid_peer(), sip_report_session_limit(), sip_unref_peer, sip_request::socket, sip_pvt::socket, TRUE, sip_socket::type, sip_peer::username, and WWW_AUTH.

Referenced by handle_incoming().

273 {
274 
275  struct sip_peer *peer_report;
276  enum check_auth_result res_report = res;
277  struct ast_str *buf;
278  char *c;
279  const char *authtoken;
280  char *reqheader, *respheader;
281  int result = 0;
282  char aclname[256];
283  struct digestkeys keys[] = {
284  [K_RESP] = { "response=", "" },
285  [K_URI] = { "uri=", "" },
286  [K_USER] = { "username=", "" },
287  [K_NONCE] = { "nonce=", "" },
288  [K_LAST] = { NULL, NULL}
289  };
290 
291  peer_report = sip_find_peer(peer, addr, TRUE, FINDPEERS, FALSE, p->socket.type);
292 
293  switch(res_report) {
294  case AUTH_DONT_KNOW:
295  break;
296  case AUTH_SUCCESSFUL:
297  if (peer_report) {
298  if (ast_strlen_zero(peer_report->secret) && ast_strlen_zero(peer_report->md5secret)) {
299  sip_report_auth_success(p, 0);
300  } else {
301  sip_report_auth_success(p, 1);
302  }
303  }
304  break;
305  case AUTH_CHALLENGE_SENT:
306  sip_report_chal_sent(p);
307  break;
308  case AUTH_SECRET_FAILED:
309  case AUTH_USERNAME_MISMATCH:
310  sip_auth_headers(WWW_AUTH, &respheader, &reqheader);
311  authtoken = sip_get_header(req, reqheader);
312  buf = ast_str_thread_get(&check_auth_buf, CHECK_AUTH_BUF_INITLEN);
313  ast_str_set(&buf, 0, "%s", authtoken);
314  c = ast_str_buffer(buf);
315 
316  sip_digest_parser(c, keys);
317 
318  if (res_report == AUTH_SECRET_FAILED) {
319  sip_report_inval_password(p, keys[K_NONCE].s, keys[K_RESP].s);
320  } else {
321  if (peer_report) {
322  sip_report_failed_challenge_response(p, keys[K_USER].s, peer_report->username);
323  }
324  }
325  break;
326  case AUTH_NOT_FOUND:
327  /* with sip_cfg.alwaysauthreject on, generates 2 events */
328  sip_report_invalid_peer(p);
329  break;
330  case AUTH_UNKNOWN_DOMAIN:
331  snprintf(aclname, sizeof(aclname), "domain_must_match");
332  sip_report_failed_acl(p, aclname);
333  break;
334  case AUTH_PEER_NOT_DYNAMIC:
335  snprintf(aclname, sizeof(aclname), "peer_not_dynamic");
336  sip_report_failed_acl(p, aclname);
337  break;
338  case AUTH_ACL_FAILED:
339  /* with sip_cfg.alwaysauthreject on, generates 2 events */
340  snprintf(aclname, sizeof(aclname), "device_must_match_acl");
341  sip_report_failed_acl(p, aclname);
342  break;
343  case AUTH_BAD_TRANSPORT:
344  sip_report_inval_transport(p, sip_get_transport(req->socket.type));
345  break;
346  case AUTH_RTP_FAILED:
347  break;
348  case AUTH_SESSION_LIMIT:
349  sip_report_session_limit(p);
350  break;
351  }
352 
353  if (peer_report) {
354  sip_unref_peer(peer_report, "sip_report_security_event: sip_unref_peer: from handle_incoming");
355  }
356 
357  return result;
358 }
sip_get_header
const char * sip_get_header(const struct sip_request *req, const char *name)
Get header from SIP request.
Definition: chan_sip.c:8600
K_RESP
Definition: sip.h:703
FALSE
#define FALSE
Definition: app_minivm.c:521
sip_find_peer
struct sip_peer * sip_find_peer(const char *peer, struct ast_sockaddr *addr, int realtime, int which_objects, int devstate_only, int transport)
Locate device by name or ip address.
Definition: chan_sip.c:5851
sip_auth_headers
void sip_auth_headers(enum sip_auth_type code, char **header, char **respheader)
return the request and response header for a 401 or 407 code
Definition: chan_sip.c:16549
check_auth_buf
static struct ast_threadstorage check_auth_buf
Definition: sip.h:1883
buf
char buf[BUFSIZE]
Definition: eagi_proxy.c:66
sip_report_auth_success
void sip_report_auth_success(const struct sip_pvt *p, uint32_t using_password)
Definition: channels/sip/security_events.c:123
ast_str_buffer
char * ast_str_buffer(const struct ast_str *buf)
Returns the string buffer within the ast_str buf.
Definition: strings.h:714
sip_pvt::socket
struct sip_socket socket
Definition: sip.h:1066
sip_report_inval_transport
void sip_report_inval_transport(const struct sip_pvt *p, const char *transport)
Definition: channels/sip/security_events.c:244
sip_report_invalid_peer
void sip_report_invalid_peer(const struct sip_pvt *p)
Definition: channels/sip/security_events.c:43
sip_get_transport
const char * sip_get_transport(enum ast_transport t)
Return transport as string.
Definition: chan_sip.c:3725
check_auth_result
check_auth_result
Authentication result from check_auth* functions.
Definition: sip.h:517
sip_report_failed_challenge_response
void sip_report_failed_challenge_response(const struct sip_pvt *p, const char *response, const char *expected_response)
Definition: channels/sip/security_events.c:174
c
static struct test_val c
Definition: test_linkedlists.c:48
NULL
#define NULL
Definition: resample.c:96
ast_strlen_zero
#define ast_strlen_zero(foo)
Definition: strings.h:52
sip_digest_parser
void sip_digest_parser(char *c, struct digestkeys *keys)
Takes the digest response and parses it.
Definition: chan_sip.c:17309
ast_str_set
int ast_str_set(struct ast_str **buf, ssize_t max_len, const char *fmt,...)
Set a dynamic string using variable arguments.
Definition: strings.h:1065
sip_peer::username
const ast_string_field username
Definition: sip.h:1306
sip_peer::md5secret
const ast_string_field md5secret
Definition: sip.h:1306
sip_report_session_limit
void sip_report_session_limit(const struct sip_pvt *p)
Definition: channels/sip/security_events.c:149
ast_str
The descriptor of a dynamic string XXX storage will be optimized later if needed We use the ts field ...
Definition: strings.h:584
K_LAST
Definition: sip.h:707
sip_unref_peer
#define sip_unref_peer(peer, tag)
Definition: sip.h:1895
K_USER
Definition: sip.h:705
FINDPEERS
#define FINDPEERS
Definition: sip.h:53
sip_peer
Structure for SIP peer data, we place calls to peers if registered or fixed IP address (host) ...
Definition: sip.h:1273
WWW_AUTH
Definition: sip.h:504
sip_report_chal_sent
void sip_report_chal_sent(const struct sip_pvt *p)
Definition: channels/sip/security_events.c:210
digestkeys::s
const char * s
Definition: sip.h:1880
sip_socket::type
enum ast_transport type
Definition: sip.h:798
TRUE
#define TRUE
Definition: app_minivm.c:518
sip_peer::secret
const ast_string_field secret
Definition: sip.h:1306
result
static PGresult * result
Definition: cel_pgsql.c:88
sip_report_inval_password
void sip_report_inval_password(const struct sip_pvt *p, const char *response_challenge, const char *response_hash)
Definition: channels/sip/security_events.c:94
K_URI
Definition: sip.h:704
sip_report_failed_acl
void sip_report_failed_acl(const struct sip_pvt *p, const char *aclname)
Definition: channels/sip/security_events.c:68
sip_request::socket
struct sip_socket socket
Definition: sip.h:846
ast_str_thread_get
struct ast_str * ast_str_thread_get(struct ast_threadstorage *ts, size_t init_len)
Retrieve a thread locally stored dynamic string.
Definition: strings.h:861
CHECK_AUTH_BUF_INITLEN
#define CHECK_AUTH_BUF_INITLEN
Definition: sip.h:401
K_NONCE
Definition: sip.h:706

◆ sip_report_session_limit()

void sip_report_session_limit ( const struct sip_pvt p)

Definition at line 149 of file channels/sip/security_events.c.

References AST_SEC_EVT, ast_security_event_report(), AST_SECURITY_EVENT_SESSION_LIMIT, AST_SECURITY_EVENT_SESSION_LIMIT_VERSION, ast_security_event_session_limit::common, ast_security_event_common::event_type, sip_pvt::exten, sip_pvt::ourip, sip_pvt::sa, and security_event_get_transport().

Referenced by sip_report_security_event().

150 {
151  char session_id[32];
152 
153  struct ast_security_event_session_limit session_limit = {
154  .common.event_type = AST_SECURITY_EVENT_SESSION_LIMIT,
155  .common.version = AST_SECURITY_EVENT_SESSION_LIMIT_VERSION,
156  .common.service = "SIP",
157  .common.account_id = p->exten,
158  .common.local_addr = {
159  .addr = &p->ourip,
160  .transport = security_event_get_transport(p)
161  },
162  .common.remote_addr = {
163  .addr = &p->sa,
164  .transport = security_event_get_transport(p)
165  },
166  .common.session_id = session_id,
167  };
168 
169  snprintf(session_id, sizeof(session_id), "%p", p);
170 
171  ast_security_event_report(AST_SEC_EVT(&session_limit));
172 }
sip_pvt::ourip
struct ast_sockaddr ourip
Definition: sip.h:1136
security_event_get_transport
static enum ast_transport security_event_get_transport(const struct sip_pvt *p)
Determine transport type used to receive request.
Definition: channels/sip/security_events.c:38
AST_SEC_EVT
#define AST_SEC_EVT(e)
Definition: security_events_defs.h:139
sip_pvt::sa
struct ast_sockaddr sa
Definition: sip.h:1125
ast_security_event_session_limit
Request denied because of a session limit.
Definition: security_events_defs.h:240
sip_pvt::exten
const ast_string_field exten
Definition: sip.h:1063
session_limit
static int session_limit
Definition: http.c:106
AST_SECURITY_EVENT_SESSION_LIMIT
Session limit reached.
Definition: security_events_defs.h:63
ast_security_event_report
int ast_security_event_report(const struct ast_security_event_common *sec)
Report a security event.
Definition: main/security_events.c:1171
AST_SECURITY_EVENT_SESSION_LIMIT_VERSION
#define AST_SECURITY_EVENT_SESSION_LIMIT_VERSION
Event descriptor version.
Definition: security_events_defs.h:245
Generated on Sun Aug 8 2021 19:46:46 for Asterisk - The Open Source Telephony Project by   doxygen 1.8.13