Generate security events in the PJSIP channel. More...

#include "asterisk.h"
#include <pjsip.h>
#include "asterisk/res_pjsip.h"
#include "asterisk/security_events.h"

Include dependency graph for res/res_pjsip/security_events.c:

Functions
void	ast_sip_report_auth_challenge_sent (struct ast_sip_endpoint endpoint, pjsip_rx_data rdata, pjsip_tx_data *tdata)
	Send a security event notification for when an authentication challenge is sent. More...

void	ast_sip_report_auth_failed_challenge_response (struct ast_sip_endpoint endpoint, pjsip_rx_data rdata)
	Send a security event notification for when a challenge response has failed. More...

void	ast_sip_report_auth_success (struct ast_sip_endpoint endpoint, pjsip_rx_data rdata)
	Send a security event notification for when authentication succeeds. More...

void	ast_sip_report_failed_acl (struct ast_sip_endpoint endpoint, pjsip_rx_data rdata, const char *name)
	Send a security event notification for when an ACL check fails. More...

void	ast_sip_report_invalid_endpoint (const char name, pjsip_rx_data rdata)
	Send a security event notification for when an invalid endpoint is requested. More...

void	ast_sip_report_mem_limit (struct ast_sip_endpoint endpoint, pjsip_rx_data rdata)
	Send a security event notification for when a memory limit is hit. More...

void	ast_sip_report_req_no_support (struct ast_sip_endpoint endpoint, pjsip_rx_data rdata, const char *req_type)
	Send a security event notification for when a request is not supported. More...

static const char *	get_account_id (struct ast_sip_endpoint *endpoint)

static enum ast_transport	security_event_get_transport (pjsip_rx_data *rdata)

static void	security_event_populate (pjsip_rx_data rdata, char call_id, size_t call_id_size, struct ast_sockaddr local, struct ast_sockaddr remote)

Detailed Description

Generate security events in the PJSIP channel.

Author: Joshua Colp jcolp.nosp@m.@dig.nosp@m.ium.c.nosp@m.om

Definition in file res/res_pjsip/security_events.c.

Function Documentation

◆ ast_sip_report_auth_challenge_sent()

void ast_sip_report_auth_challenge_sent	(	struct ast_sip_endpoint *	endpoint,
		pjsip_rx_data *	rdata,
		pjsip_tx_data *	tdata
	)

Send a security event notification for when an authentication challenge is sent.

Parameters

endpoint	Pointer to the endpoint in use
rdata	Received message
tdata	Sent message

Definition at line 197 of file res/res_pjsip/security_events.c.

References ast_copy_pj_str(), AST_SEC_EVT, AST_SECURITY_EVENT_CHAL_SENT, AST_SECURITY_EVENT_CHAL_SENT_VERSION, ast_security_event_report(), ast_security_event_chal_sent::common, ast_security_event_common::event_type, get_account_id(), NULL, security_event_get_transport(), and security_event_populate().

Referenced by authenticate().

 {
    pjsip_www_authenticate_hdr *auth = pjsip_msg_find_hdr(tdata->msg, PJSIP_H_WWW_AUTHENTICATE, NULL);
    enum ast_transport transport = security_event_get_transport(rdata);
    char nonce[64] = "", call_id[pj_strlen(&rdata->msg_info.cid->id) + 1];
    struct ast_sockaddr local, remote;
 
    struct ast_security_event_chal_sent chal_sent = {
          .common.event_type = AST_SECURITY_EVENT_CHAL_SENT,
          .common.version    = AST_SECURITY_EVENT_CHAL_SENT_VERSION,
          .common.service    = "PJSIP",
          .common.account_id = get_account_id(endpoint),
          .common.local_addr = {
                .addr      = &local,
                .transport = transport,
          },
          .common.remote_addr = {
                .addr      = &remote,
                .transport = transport,
          },
          .common.session_id = call_id,
          .challenge         = nonce,
    };
 
    if (auth && !pj_strcmp2(&auth->scheme, "digest")) {
       ast_copy_pj_str(nonce, &auth->challenge.digest.nonce, sizeof(nonce));
    }
 
    security_event_populate(rdata, call_id, sizeof(call_id), &local, &remote);
 
    ast_security_event_report(AST_SEC_EVT(&chal_sent));
 }

◆ ast_sip_report_auth_failed_challenge_response()

void ast_sip_report_auth_failed_challenge_response	(	struct ast_sip_endpoint *	endpoint,
		pjsip_rx_data *	rdata
	)

Send a security event notification for when a challenge response has failed.

Parameters

endpoint	Pointer to the endpoint in use
rdata	Received message

Definition at line 130 of file res/res_pjsip/security_events.c.

References ast_copy_pj_str(), AST_SEC_EVT, AST_SECURITY_EVENT_CHAL_RESP_FAILED, AST_SECURITY_EVENT_CHAL_RESP_FAILED_VERSION, ast_security_event_report(), ast_security_event_chal_resp_failed::common, ast_security_event_common::event_type, get_account_id(), NULL, ast_security_event_chal_resp_failed::response, security_event_get_transport(), and security_event_populate().

Referenced by authenticate().

 {
    pjsip_authorization_hdr *auth = pjsip_msg_find_hdr(rdata->msg_info.msg, PJSIP_H_AUTHORIZATION, NULL);
    enum ast_transport transport = security_event_get_transport(rdata);
    char call_id[pj_strlen(&rdata->msg_info.cid->id) + 1];
    char nonce[64] = "", response[256] = "";
    struct ast_sockaddr local, remote;
 
    struct ast_security_event_chal_resp_failed chal_resp_failed = {
             .common.event_type = AST_SECURITY_EVENT_CHAL_RESP_FAILED,
             .common.version    = AST_SECURITY_EVENT_CHAL_RESP_FAILED_VERSION,
             .common.service    = "PJSIP",
             .common.account_id = get_account_id(endpoint),
             .common.local_addr = {
                   .addr      = &local,
                   .transport = transport,
             },
             .common.remote_addr = {
                   .addr      = &remote,
                   .transport = transport,
             },
             .common.session_id = call_id,
 
             .challenge         = nonce,
             .response          = response,
             .expected_response = "",
    };
 
    if (auth && !pj_strcmp2(&auth->scheme, "Digest")) {
       ast_copy_pj_str(nonce, &auth->credential.digest.nonce, sizeof(nonce));
       ast_copy_pj_str(response, &auth->credential.digest.response, sizeof(response));
    }
 
    security_event_populate(rdata, call_id, sizeof(call_id), &local, &remote);
 
    ast_security_event_report(AST_SEC_EVT(&chal_resp_failed));
 }

◆ ast_sip_report_auth_success()

void ast_sip_report_auth_success	(	struct ast_sip_endpoint *	endpoint,
		pjsip_rx_data *	rdata
	)

Send a security event notification for when authentication succeeds.

Parameters

endpoint	Pointer to the endpoint in use
rdata	Received message

Definition at line 168 of file res/res_pjsip/security_events.c.

References AST_SEC_EVT, ast_security_event_report(), AST_SECURITY_EVENT_SUCCESSFUL_AUTH, AST_SECURITY_EVENT_SUCCESSFUL_AUTH_VERSION, ast_security_event_successful_auth::common, ast_security_event_common::event_type, get_account_id(), NULL, security_event_get_transport(), and security_event_populate().

Referenced by authenticate().

 {
    pjsip_authorization_hdr *auth = pjsip_msg_find_hdr(rdata->msg_info.msg, PJSIP_H_AUTHORIZATION, NULL);
    enum ast_transport transport = security_event_get_transport(rdata);
    char call_id[pj_strlen(&rdata->msg_info.cid->id) + 1];
    struct ast_sockaddr local, remote;
 
    struct ast_security_event_successful_auth successful_auth = {
          .common.event_type  = AST_SECURITY_EVENT_SUCCESSFUL_AUTH,
          .common.version     = AST_SECURITY_EVENT_SUCCESSFUL_AUTH_VERSION,
          .common.service     = "PJSIP",
          .common.account_id  = get_account_id(endpoint),
          .common.local_addr  = {
                .addr       = &local,
                .transport  = transport,
          },
          .common.remote_addr = {
                .addr       = &remote,
                .transport  = transport,
          },
          .common.session_id  = call_id,
          .using_password     = auth ? 1 : 0,
    };
 
    security_event_populate(rdata, call_id, sizeof(call_id), &local, &remote);
 
    ast_security_event_report(AST_SEC_EVT(&successful_auth));
 }

◆ ast_sip_report_failed_acl()

void ast_sip_report_failed_acl	(	struct ast_sip_endpoint *	endpoint,
		pjsip_rx_data *	rdata,
		const char *	name
	)

Send a security event notification for when an ACL check fails.

Parameters

endpoint	Pointer to the endpoint in use
rdata	Received message
name	Name of the ACL

Definition at line 102 of file res/res_pjsip/security_events.c.

References AST_SEC_EVT, AST_SECURITY_EVENT_FAILED_ACL, AST_SECURITY_EVENT_FAILED_ACL_VERSION, ast_security_event_report(), ast_security_event_failed_acl::common, ast_security_event_common::event_type, get_account_id(), name, security_event_get_transport(), and security_event_populate().

Referenced by apply_endpoint_acl(), apply_endpoint_contact_acl(), register_aor_core(), and registrar_on_rx_request().

 {
    enum ast_transport transport = security_event_get_transport(rdata);
    char call_id[pj_strlen(&rdata->msg_info.cid->id) + 1];
    struct ast_sockaddr local, remote;
 
    struct ast_security_event_failed_acl failed_acl_event = {
          .common.event_type  = AST_SECURITY_EVENT_FAILED_ACL,
          .common.version     = AST_SECURITY_EVENT_FAILED_ACL_VERSION,
          .common.service     = "PJSIP",
          .common.account_id  = get_account_id(endpoint),
          .common.local_addr  = {
                .addr       = &local,
                .transport  = transport,
          },
          .common.remote_addr = {
                .addr       = &remote,
                .transport  = transport,
          },
          .common.session_id  = call_id,
          .acl_name           = name,
    };
 
    security_event_populate(rdata, call_id, sizeof(call_id), &local, &remote);
 
    ast_security_event_report(AST_SEC_EVT(&failed_acl_event));
 }

◆ ast_sip_report_invalid_endpoint()

void ast_sip_report_invalid_endpoint	(	const char *	name,
		pjsip_rx_data *	rdata
	)

Send a security event notification for when an invalid endpoint is requested.

Parameters

name	Name of the endpoint requested
rdata	Received message

Definition at line 75 of file res/res_pjsip/security_events.c.

References AST_SEC_EVT, AST_SECURITY_EVENT_INVAL_ACCT_ID, AST_SECURITY_EVENT_INVAL_ACCT_ID_VERSION, ast_security_event_report(), ast_security_event_inval_acct_id::common, ast_security_event_common::event_type, name, security_event_get_transport(), and security_event_populate().

Referenced by check_endpoint(), and endpoint_lookup().

 {
    enum ast_transport transport = security_event_get_transport(rdata);
    char call_id[pj_strlen(&rdata->msg_info.cid->id) + 1];
    struct ast_sockaddr local, remote;
 
    struct ast_security_event_inval_acct_id inval_acct_id = {
       .common.event_type = AST_SECURITY_EVENT_INVAL_ACCT_ID,
       .common.version    = AST_SECURITY_EVENT_INVAL_ACCT_ID_VERSION,
       .common.service    = "PJSIP",
       .common.account_id = name,
       .common.local_addr = {
          .addr      = &local,
          .transport = transport,
       },
       .common.remote_addr = {
          .addr       = &remote,
          .transport = transport,
       },
       .common.session_id = call_id,
    };
 
    security_event_populate(rdata, call_id, sizeof(call_id), &local, &remote);
 
    ast_security_event_report(AST_SEC_EVT(&inval_acct_id));
 }

◆ ast_sip_report_mem_limit()

void ast_sip_report_mem_limit	(	struct ast_sip_endpoint *	endpoint,
		pjsip_rx_data *	rdata
	)

Send a security event notification for when a memory limit is hit.

Parameters

endpoint	Pointer to the endpoint in use
rdata	Received message

Definition at line 259 of file res/res_pjsip/security_events.c.

References AST_SEC_EVT, AST_SECURITY_EVENT_MEM_LIMIT, AST_SECURITY_EVENT_MEM_LIMIT_VERSION, ast_security_event_report(), ast_security_event_mem_limit::common, ast_security_event_common::event_type, get_account_id(), security_event_get_transport(), and security_event_populate().

 {
    enum ast_transport transport = security_event_get_transport(rdata);
    char call_id[pj_strlen(&rdata->msg_info.cid->id) + 1];
    struct ast_sockaddr local, remote;
 
    struct ast_security_event_mem_limit mem_limit_event = {
       .common.event_type  = AST_SECURITY_EVENT_MEM_LIMIT,
       .common.version     = AST_SECURITY_EVENT_MEM_LIMIT_VERSION,
       .common.service     = "PJSIP",
       .common.account_id  = get_account_id(endpoint),
       .common.local_addr  = {
          .addr       = &local,
          .transport  = transport,
       },
       .common.remote_addr = {
          .addr       = &remote,
          .transport  = transport,
       },
       .common.session_id  = call_id
    };
 
    security_event_populate(rdata, call_id, sizeof(call_id), &local, &remote);
 
    ast_security_event_report(AST_SEC_EVT(&mem_limit_event));
 }

◆ ast_sip_report_req_no_support()

void ast_sip_report_req_no_support	(	struct ast_sip_endpoint *	endpoint,
		pjsip_rx_data *	rdata,
		const char *	req_type
	)

Send a security event notification for when a request is not supported.

Parameters

endpoint	Pointer to the endpoint in use
rdata	Received message
req_type	the type of request

Definition at line 230 of file res/res_pjsip/security_events.c.

References AST_SEC_EVT, ast_security_event_report(), AST_SECURITY_EVENT_REQ_NO_SUPPORT, AST_SECURITY_EVENT_REQ_NO_SUPPORT_VERSION, ast_security_event_req_no_support::common, ast_security_event_common::event_type, get_account_id(), security_event_get_transport(), and security_event_populate().

Referenced by find_registrar_aor(), and registrar_on_rx_request().

 {
    enum ast_transport transport = security_event_get_transport(rdata);
    char call_id[pj_strlen(&rdata->msg_info.cid->id) + 1];
    struct ast_sockaddr local, remote;
 
    struct ast_security_event_req_no_support req_no_support_event = {
       .common.event_type  = AST_SECURITY_EVENT_REQ_NO_SUPPORT,
       .common.version     = AST_SECURITY_EVENT_REQ_NO_SUPPORT_VERSION,
       .common.service     = "PJSIP",
       .common.account_id  = get_account_id(endpoint),
       .common.local_addr  = {
          .addr       = &local,
          .transport  = transport,
       },
       .common.remote_addr = {
          .addr       = &remote,
          .transport  = transport,
       },
       .common.session_id  = call_id,
       .request_type       = req_type
    };
 
    security_event_populate(rdata, call_id, sizeof(call_id), &local, &remote);
 
    ast_security_event_report(AST_SEC_EVT(&req_no_support_event));
 }

◆ get_account_id()

static const char* get_account_id ( struct ast_sip_endpoint * endpoint )

static

Definition at line 68 of file res/res_pjsip/security_events.c.

References ao2_cleanup, ast_sip_get_artificial_endpoint(), ast_sorcery_object_get_id(), and RAII_VAR.

Referenced by ast_sip_report_auth_challenge_sent(), ast_sip_report_auth_failed_challenge_response(), ast_sip_report_auth_success(), ast_sip_report_failed_acl(), ast_sip_report_mem_limit(), and ast_sip_report_req_no_support().

 {
    RAII_VAR(struct ast_sip_endpoint *, artificial, ast_sip_get_artificial_endpoint(), ao2_cleanup);
 
    return endpoint == artificial ? "<unknown>" : ast_sorcery_object_get_id(endpoint);
 }

◆ security_event_get_transport()

static enum ast_transport security_event_get_transport ( pjsip_rx_data * rdata )

static

Definition at line 34 of file res/res_pjsip/security_events.c.

References AST_TRANSPORT_TCP, AST_TRANSPORT_TLS, AST_TRANSPORT_UDP, AST_TRANSPORT_WS, and AST_TRANSPORT_WSS.

Referenced by ast_sip_report_auth_challenge_sent(), ast_sip_report_auth_failed_challenge_response(), ast_sip_report_auth_success(), ast_sip_report_failed_acl(), ast_sip_report_invalid_endpoint(), ast_sip_report_mem_limit(), and ast_sip_report_req_no_support().

 {
    if (rdata->tp_info.transport->key.type == PJSIP_TRANSPORT_UDP ||
       rdata->tp_info.transport->key.type == PJSIP_TRANSPORT_UDP6) {
       return AST_TRANSPORT_UDP;
    } else if (rdata->tp_info.transport->key.type == PJSIP_TRANSPORT_TCP ||
       rdata->tp_info.transport->key.type == PJSIP_TRANSPORT_TCP6) {
       return AST_TRANSPORT_TCP;
    } else if (rdata->tp_info.transport->key.type == PJSIP_TRANSPORT_TLS ||
       rdata->tp_info.transport->key.type == PJSIP_TRANSPORT_TLS6) {
       return AST_TRANSPORT_TLS;
    } else if (!strcasecmp(rdata->tp_info.transport->type_name, "WS")) {
       return AST_TRANSPORT_WS;
    } else if (!strcasecmp(rdata->tp_info.transport->type_name, "WSS")) {
       return AST_TRANSPORT_WSS;
    } else {
       return 0;
    }
 }

◆ security_event_populate()

static void security_event_populate	(	pjsip_rx_data *	rdata,
		char *	call_id,
		size_t	call_id_size,
		struct ast_sockaddr *	local,
		struct ast_sockaddr *	remote
	)

static

Definition at line 54 of file res/res_pjsip/security_events.c.

References ast_copy_pj_str(), ast_sockaddr_parse(), ast_sockaddr_set_port, host, and PARSE_PORT_FORBID.

Referenced by ast_sip_report_auth_challenge_sent(), ast_sip_report_auth_failed_challenge_response(), ast_sip_report_auth_success(), ast_sip_report_failed_acl(), ast_sip_report_invalid_endpoint(), ast_sip_report_mem_limit(), and ast_sip_report_req_no_support().

 {
    char host[NI_MAXHOST];
 
    ast_copy_pj_str(call_id, &rdata->msg_info.cid->id, call_id_size);
 
    ast_copy_pj_str(host, &rdata->tp_info.transport->local_name.host, sizeof(host));
    ast_sockaddr_parse(local, host, PARSE_PORT_FORBID);
    ast_sockaddr_set_port(local, rdata->tp_info.transport->local_name.port);
 
    ast_sockaddr_parse(remote, rdata->pkt_info.src_name, PARSE_PORT_FORBID);
    ast_sockaddr_set_port(remote, rdata->pkt_info.src_port);
 }

Functions

Detailed Description

Function Documentation

◆ ast_sip_report_auth_challenge_sent()

◆ ast_sip_report_auth_failed_challenge_response()

◆ ast_sip_report_auth_success()

◆ ast_sip_report_failed_acl()

◆ ast_sip_report_invalid_endpoint()

◆ ast_sip_report_mem_limit()

◆ ast_sip_report_req_no_support()

◆ get_account_id()

◆ security_event_get_transport()

◆ security_event_populate()