d2/d63/res_2res__pjsip_2security__events_8c_source.html

 /*
  * Asterisk -- An open source telephony toolkit.
  *
  * Copyright (C) 2013, Digium, Inc.
  *
  * Joshua Colp <[email protected]>
  *
  * See http://www.asterisk.org for more information about
  * the Asterisk project. Please do not directly contact
  * any of the maintainers of this project for assistance;
  * the project provides a web site, mailing lists and IRC
  * channels for your use.
  *
  * This program is free software, distributed under the terms of
  * the GNU General Public License Version 2. See the LICENSE file
  * at the top of the source tree.
  */

 /*!
  * \file
  *
  * \brief Generate security events in the PJSIP channel
  *
  * \author Joshua Colp <[email protected]>
  */

 #include "asterisk.h"

 #include <pjsip.h>

 #include "asterisk/res_pjsip.h"
 #include "asterisk/security_events.h"

 static enum ast_transport security_event_get_transport(pjsip_rx_data *rdata)
 {
  if (rdata->tp_info.transport->key.type == PJSIP_TRANSPORT_UDP ||
  rdata->tp_info.transport->key.type == PJSIP_TRANSPORT_UDP6) {
  return AST_TRANSPORT_UDP;
  } else if (rdata->tp_info.transport->key.type == PJSIP_TRANSPORT_TCP ||
  rdata->tp_info.transport->key.type == PJSIP_TRANSPORT_TCP6) {
  return AST_TRANSPORT_TCP;
  } else if (rdata->tp_info.transport->key.type == PJSIP_TRANSPORT_TLS ||
  rdata->tp_info.transport->key.type == PJSIP_TRANSPORT_TLS6) {
  return AST_TRANSPORT_TLS;
  } else if (!strcasecmp(rdata->tp_info.transport->type_name, "WS")) {
  return AST_TRANSPORT_WS;
  } else if (!strcasecmp(rdata->tp_info.transport->type_name, "WSS")) {
  return AST_TRANSPORT_WSS;
  } else {
  return 0;
  }
 }

 static void security_event_populate(pjsip_rx_data *rdata, char *call_id, size_t call_id_size, struct ast_sockaddr *local, struct ast_sockaddr *remote)
 {
  char host[NI_MAXHOST];

  ast_copy_pj_str(call_id, &rdata->msg_info.cid->id, call_id_size);

  ast_copy_pj_str(host, &rdata->tp_info.transport->local_name.host, sizeof(host));
  ast_sockaddr_parse(local, host, PARSE_PORT_FORBID);
  ast_sockaddr_set_port(local, rdata->tp_info.transport->local_name.port);

  ast_sockaddr_parse(remote, rdata->pkt_info.src_name, PARSE_PORT_FORBID);
  ast_sockaddr_set_port(remote, rdata->pkt_info.src_port);
 }

 static const char *get_account_id(struct ast_sip_endpoint *endpoint)
 {
  RAII_VAR(struct ast_sip_endpoint *, artificial, ast_sip_get_artificial_endpoint(), ao2_cleanup);

  return endpoint == artificial ? "<unknown>" : ast_sorcery_object_get_id(endpoint);
 }

 void ast_sip_report_invalid_endpoint(const char *name, pjsip_rx_data *rdata)
 {
  enum ast_transport transport = security_event_get_transport(rdata);
  char call_id[pj_strlen(&rdata->msg_info.cid->id) + 1];
  struct ast_sockaddr local, remote;

  struct ast_security_event_inval_acct_id inval_acct_id = {
  .common.event_type = AST_SECURITY_EVENT_INVAL_ACCT_ID,
  .common.version = AST_SECURITY_EVENT_INVAL_ACCT_ID_VERSION,
  .common.service = "PJSIP",
  .common.account_id = name,
  .common.local_addr = {
  .addr = &local,
  .transport = transport,
  },
  .common.remote_addr = {
  .addr = &remote,
  .transport = transport,
  },
  .common.session_id = call_id,
  };

  security_event_populate(rdata, call_id, sizeof(call_id), &local, &remote);

  ast_security_event_report(AST_SEC_EVT(&inval_acct_id));
 }

 void ast_sip_report_failed_acl(struct ast_sip_endpoint *endpoint, pjsip_rx_data *rdata, const char *name)
 {
  enum ast_transport transport = security_event_get_transport(rdata);
  char call_id[pj_strlen(&rdata->msg_info.cid->id) + 1];
  struct ast_sockaddr local, remote;

  struct ast_security_event_failed_acl failed_acl_event = {
  .common.event_type = AST_SECURITY_EVENT_FAILED_ACL,
  .common.version = AST_SECURITY_EVENT_FAILED_ACL_VERSION,
  .common.service = "PJSIP",
  .common.account_id = get_account_id(endpoint),
  .common.local_addr = {
  .addr = &local,
  .transport = transport,
  },
  .common.remote_addr = {
  .addr = &remote,
  .transport = transport,
  },
  .common.session_id = call_id,
  .acl_name = name,
  };

  security_event_populate(rdata, call_id, sizeof(call_id), &local, &remote);

  ast_security_event_report(AST_SEC_EVT(&failed_acl_event));
 }

 void ast_sip_report_auth_failed_challenge_response(struct ast_sip_endpoint *endpoint, pjsip_rx_data *rdata)
 {
  pjsip_authorization_hdr *auth = pjsip_msg_find_hdr(rdata->msg_info.msg, PJSIP_H_AUTHORIZATION, NULL);
  enum ast_transport transport = security_event_get_transport(rdata);
  char call_id[pj_strlen(&rdata->msg_info.cid->id) + 1];
  char nonce[64] = "", response[256] = "";
  struct ast_sockaddr local, remote;

  struct ast_security_event_chal_resp_failed chal_resp_failed = {
  .common.event_type = AST_SECURITY_EVENT_CHAL_RESP_FAILED,
  .common.version = AST_SECURITY_EVENT_CHAL_RESP_FAILED_VERSION,
  .common.service = "PJSIP",
  .common.account_id = get_account_id(endpoint),
  .common.local_addr = {
  .addr = &local,
  .transport = transport,
  },
  .common.remote_addr = {
  .addr = &remote,
  .transport = transport,
  },
  .common.session_id = call_id,

  .challenge = nonce,
  .response = response,
  .expected_response = "",
  };

  if (auth && !pj_strcmp2(&auth->scheme, "Digest")) {
  ast_copy_pj_str(nonce, &auth->credential.digest.nonce, sizeof(nonce));
  ast_copy_pj_str(response, &auth->credential.digest.response, sizeof(response));
  }

  security_event_populate(rdata, call_id, sizeof(call_id), &local, &remote);

  ast_security_event_report(AST_SEC_EVT(&chal_resp_failed));
 }

 void ast_sip_report_auth_success(struct ast_sip_endpoint *endpoint, pjsip_rx_data *rdata)
 {
  pjsip_authorization_hdr *auth = pjsip_msg_find_hdr(rdata->msg_info.msg, PJSIP_H_AUTHORIZATION, NULL);
  enum ast_transport transport = security_event_get_transport(rdata);
  char call_id[pj_strlen(&rdata->msg_info.cid->id) + 1];
  struct ast_sockaddr local, remote;

  struct ast_security_event_successful_auth successful_auth = {
  .common.event_type = AST_SECURITY_EVENT_SUCCESSFUL_AUTH,
  .common.version = AST_SECURITY_EVENT_SUCCESSFUL_AUTH_VERSION,
  .common.service = "PJSIP",
  .common.account_id = get_account_id(endpoint),
  .common.local_addr = {
  .addr = &local,
  .transport = transport,
  },
  .common.remote_addr = {
  .addr = &remote,
  .transport = transport,
  },
  .common.session_id = call_id,
  .using_password = auth ? 1 : 0,
  };

  security_event_populate(rdata, call_id, sizeof(call_id), &local, &remote);

  ast_security_event_report(AST_SEC_EVT(&successful_auth));
 }

 void ast_sip_report_auth_challenge_sent(struct ast_sip_endpoint *endpoint, pjsip_rx_data *rdata, pjsip_tx_data *tdata)
 {
  pjsip_www_authenticate_hdr *auth = pjsip_msg_find_hdr(tdata->msg, PJSIP_H_WWW_AUTHENTICATE, NULL);
  enum ast_transport transport = security_event_get_transport(rdata);
  char nonce[64] = "", call_id[pj_strlen(&rdata->msg_info.cid->id) + 1];
  struct ast_sockaddr local, remote;

  struct ast_security_event_chal_sent chal_sent = {
  .common.event_type = AST_SECURITY_EVENT_CHAL_SENT,
  .common.version = AST_SECURITY_EVENT_CHAL_SENT_VERSION,
  .common.service = "PJSIP",
  .common.account_id = get_account_id(endpoint),
  .common.local_addr = {
  .addr = &local,
  .transport = transport,
  },
  .common.remote_addr = {
  .addr = &remote,
  .transport = transport,
  },
  .common.session_id = call_id,
  .challenge = nonce,
  };

  if (auth && !pj_strcmp2(&auth->scheme, "digest")) {
  ast_copy_pj_str(nonce, &auth->challenge.digest.nonce, sizeof(nonce));
  }

  security_event_populate(rdata, call_id, sizeof(call_id), &local, &remote);

  ast_security_event_report(AST_SEC_EVT(&chal_sent));
 }

 void ast_sip_report_req_no_support(struct ast_sip_endpoint *endpoint, pjsip_rx_data *rdata,
  const char* req_type)
 {
  enum ast_transport transport = security_event_get_transport(rdata);
  char call_id[pj_strlen(&rdata->msg_info.cid->id) + 1];
  struct ast_sockaddr local, remote;

  struct ast_security_event_req_no_support req_no_support_event = {
  .common.event_type = AST_SECURITY_EVENT_REQ_NO_SUPPORT,
  .common.version = AST_SECURITY_EVENT_REQ_NO_SUPPORT_VERSION,
  .common.service = "PJSIP",
  .common.account_id = get_account_id(endpoint),
  .common.local_addr = {
  .addr = &local,
  .transport = transport,
  },
  .common.remote_addr = {
  .addr = &remote,
  .transport = transport,
  },
  .common.session_id = call_id,
  .request_type = req_type
  };

  security_event_populate(rdata, call_id, sizeof(call_id), &local, &remote);

  ast_security_event_report(AST_SEC_EVT(&req_no_support_event));
 }

 void ast_sip_report_mem_limit(struct ast_sip_endpoint *endpoint, pjsip_rx_data *rdata)
 {
  enum ast_transport transport = security_event_get_transport(rdata);
  char call_id[pj_strlen(&rdata->msg_info.cid->id) + 1];
  struct ast_sockaddr local, remote;

  struct ast_security_event_mem_limit mem_limit_event = {
  .common.event_type = AST_SECURITY_EVENT_MEM_LIMIT,
  .common.version = AST_SECURITY_EVENT_MEM_LIMIT_VERSION,
  .common.service = "PJSIP",
  .common.account_id = get_account_id(endpoint),
  .common.local_addr = {
  .addr = &local,
  .transport = transport,
  },
  .common.remote_addr = {
  .addr = &remote,
  .transport = transport,
  },
  .common.session_id = call_id
  };

  security_event_populate(rdata, call_id, sizeof(call_id), &local, &remote);

  ast_security_event_report(AST_SEC_EVT(&mem_limit_event));
 }
ast_sip_report_auth_failed_challenge_response
void ast_sip_report_auth_failed_challenge_response(struct ast_sip_endpoint *endpoint, pjsip_rx_data *rdata)
Send a security event notification for when a challenge response has failed.
Definition: res/res_pjsip/security_events.c:130

AST_TRANSPORT_WSS
Definition: netsock2.h:64

ast_security_event_mem_limit::common
struct ast_security_event_common common
Common security event descriptor elements.
Definition: security_events_defs.h:266

ast_security_event_common::event_type
enum ast_security_event_type event_type
The security event sub-type.
Definition: security_events_defs.h:158

asterisk.h
Asterisk main include file. File version handling, generic pbx functions.

AST_SECURITY_EVENT_SUCCESSFUL_AUTH
FYI FWIW, Successful authentication has occurred.
Definition: security_events_defs.h:97

security_events.h
Security Event Reporting API.

ast_sockaddr_parse
int ast_sockaddr_parse(struct ast_sockaddr *addr, const char *str, int flags)
Parse an IPv4 or IPv6 address string.
Definition: netsock2.c:230

AST_SECURITY_EVENT_REQ_NO_SUPPORT_VERSION
#define AST_SECURITY_EVENT_REQ_NO_SUPPORT_VERSION
Event descriptor version.
Definition: security_events_defs.h:293

ast_sip_report_auth_success
void ast_sip_report_auth_success(struct ast_sip_endpoint *endpoint, pjsip_rx_data *rdata)
Send a security event notification for when authentication succeeds.
Definition: res/res_pjsip/security_events.c:168

ast_security_event_chal_resp_failed
An attempt at challenge/response auth failed.
Definition: security_events_defs.h:424

ast_transport
ast_transport
Definition: netsock2.h:59

AST_SECURITY_EVENT_CHAL_SENT_VERSION
#define AST_SECURITY_EVENT_CHAL_SENT_VERSION
Event descriptor version.
Definition: security_events_defs.h:491

ast_security_event_req_no_support
Request denied because we don&#39;t support it.
Definition: security_events_defs.h:288

ast_security_event_failed_acl
Checking against an IP access control list failed.
Definition: security_events_defs.h:203

ast_security_event_inval_acct_id::common
struct ast_security_event_common common
Common security event descriptor elements.
Definition: security_events_defs.h:234

ast_security_event_chal_sent
A challenge was sent out.
Definition: security_events_defs.h:486

ast_security_event_chal_resp_failed::response
const char * response
Response received.
Definition: security_events_defs.h:444

ast_sip_report_req_no_support
void ast_sip_report_req_no_support(struct ast_sip_endpoint *endpoint, pjsip_rx_data *rdata, const char *req_type)
Send a security event notification for when a request is not supported.
Definition: res/res_pjsip/security_events.c:230

PARSE_PORT_FORBID
Definition: include/asterisk/config.h:1135

ast_security_event_chal_resp_failed::common
struct ast_security_event_common common
Common security event descriptor elements.
Definition: security_events_defs.h:434

ast_copy_pj_str
void ast_copy_pj_str(char *dest, const pj_str_t *src, size_t size)
Copy a pj_str_t into a standard character buffer.
Definition: res_pjsip.c:5240

NULL
#define NULL
Definition: resample.c:96

AST_SECURITY_EVENT_SUCCESSFUL_AUTH_VERSION
#define AST_SECURITY_EVENT_SUCCESSFUL_AUTH_VERSION
Event descriptor version.
Definition: security_events_defs.h:387

ast_sockaddr
Socket address structure.
Definition: netsock2.h:97

AST_SEC_EVT
#define AST_SEC_EVT(e)
Definition: security_events_defs.h:139

ast_sip_report_auth_challenge_sent
void ast_sip_report_auth_challenge_sent(struct ast_sip_endpoint *endpoint, pjsip_rx_data *rdata, pjsip_tx_data *tdata)
Send a security event notification for when an authentication challenge is sent.
Definition: res/res_pjsip/security_events.c:197

AST_SECURITY_EVENT_MEM_LIMIT
Memory limit reached.
Definition: security_events_defs.h:70

host
static char host[256]
Definition: muted.c:77

RAII_VAR
#define RAII_VAR(vartype, varname, initval, dtor)
Declare a variable that will call a destructor function when it goes out of scope.
Definition: utils.h:911

ast_security_event_successful_auth
Successful authentication.
Definition: security_events_defs.h:382

AST_SECURITY_EVENT_FAILED_ACL_VERSION
#define AST_SECURITY_EVENT_FAILED_ACL_VERSION
Event descriptor version.
Definition: security_events_defs.h:208

ast_sorcery_object_get_id
const char * ast_sorcery_object_get_id(const void *object)
Get the unique identifier of a sorcery object.
Definition: sorcery.c:2312

AST_SECURITY_EVENT_CHAL_SENT
Challenge was sent out, informational.
Definition: security_events_defs.h:113

security_event_get_transport
static enum ast_transport security_event_get_transport(pjsip_rx_data *rdata)
Definition: res/res_pjsip/security_events.c:34

ast_security_event_failed_acl::common
struct ast_security_event_common common
Common security event descriptor elements.
Definition: security_events_defs.h:213

ast_sip_endpoint
An entity with which Asterisk communicates.
Definition: res_pjsip.h:812

AST_SECURITY_EVENT_MEM_LIMIT_VERSION
#define AST_SECURITY_EVENT_MEM_LIMIT_VERSION
Event descriptor version.
Definition: security_events_defs.h:261

AST_SECURITY_EVENT_INVAL_ACCT_ID_VERSION
#define AST_SECURITY_EVENT_INVAL_ACCT_ID_VERSION
Event descriptor version.
Definition: security_events_defs.h:229

ast_security_event_mem_limit
Request denied because of a memory limit.
Definition: security_events_defs.h:256

ast_sockaddr_set_port
#define ast_sockaddr_set_port(addr, port)
Sets the port number of a socket address.
Definition: netsock2.h:537

ast_security_event_req_no_support::common
struct ast_security_event_common common
Common security event descriptor elements.
Definition: security_events_defs.h:298

AST_SECURITY_EVENT_CHAL_RESP_FAILED
An attempt at challenge/response authentication failed.
Definition: security_events_defs.h:105

ast_sip_get_artificial_endpoint
struct ast_sip_endpoint * ast_sip_get_artificial_endpoint(void)
Retrieves a reference to the artificial endpoint.
Definition: pjsip_distributor.c:654

AST_SECURITY_EVENT_FAILED_ACL
Failed ACL.
Definition: security_events_defs.h:48

ast_sip_report_failed_acl
void ast_sip_report_failed_acl(struct ast_sip_endpoint *endpoint, pjsip_rx_data *rdata, const char *name)
Send a security event notification for when an ACL check fails.
Definition: res/res_pjsip/security_events.c:102

name
static const char name[]
Definition: cdr_mysql.c:74

ast_security_event_successful_auth::common
struct ast_security_event_common common
Common security event descriptor elements.
Definition: security_events_defs.h:392

AST_TRANSPORT_TCP
Definition: netsock2.h:61

ast_security_event_inval_acct_id
Invalid account ID specified (invalid username, for example)
Definition: security_events_defs.h:224

AST_SECURITY_EVENT_INVAL_ACCT_ID
Invalid Account ID.
Definition: security_events_defs.h:56

ao2_cleanup
#define ao2_cleanup(obj)
Definition: astobj2.h:1958

ast_security_event_chal_sent::common
struct ast_security_event_common common
Common security event descriptor elements.
Definition: security_events_defs.h:496

ast_sip_report_mem_limit
void ast_sip_report_mem_limit(struct ast_sip_endpoint *endpoint, pjsip_rx_data *rdata)
Send a security event notification for when a memory limit is hit.
Definition: res/res_pjsip/security_events.c:259

AST_TRANSPORT_UDP
Definition: netsock2.h:60

ast_sip_report_invalid_endpoint
void ast_sip_report_invalid_endpoint(const char *name, pjsip_rx_data *rdata)
Send a security event notification for when an invalid endpoint is requested.
Definition: res/res_pjsip/security_events.c:75

AST_SECURITY_EVENT_CHAL_RESP_FAILED_VERSION
#define AST_SECURITY_EVENT_CHAL_RESP_FAILED_VERSION
Event descriptor version.
Definition: security_events_defs.h:429

AST_TRANSPORT_TLS
Definition: netsock2.h:62

security_event_populate
static void security_event_populate(pjsip_rx_data *rdata, char *call_id, size_t call_id_size, struct ast_sockaddr *local, struct ast_sockaddr *remote)
Definition: res/res_pjsip/security_events.c:54

ast_security_event_report
int ast_security_event_report(const struct ast_security_event_common *sec)
Report a security event.
Definition: main/security_events.c:1171

res_pjsip.h

get_account_id
static const char * get_account_id(struct ast_sip_endpoint *endpoint)
Definition: res/res_pjsip/security_events.c:68

AST_TRANSPORT_WS
Definition: netsock2.h:63

AST_SECURITY_EVENT_REQ_NO_SUPPORT
A request was made that we understand, but do not support.
Definition: security_events_defs.h:81