Asterisk - The Open Source Telephony Project  18.5.0
Enumerations | Functions | Variables
res_security_log.c File Reference

Security Event Logging. More...

#include "asterisk.h"
#include "asterisk/module.h"
#include "asterisk/logger.h"
#include "asterisk/threadstorage.h"
#include "asterisk/strings.h"
#include "asterisk/security_events.h"
#include "asterisk/stasis.h"
#include "asterisk/json.h"
Include dependency graph for res_security_log.c:

Go to the source code of this file.

Enumerations

enum  ie_required { NOT_REQUIRED, REQUIRED, NOT_REQUIRED, REQUIRED }
 

Functions

static void __init_security_event_buf (void)
 
static void __reg_module (void)
 
static void __unreg_module (void)
 
static void append_json (struct ast_str **str, struct ast_json *json, const struct ast_security_event_ie_type *ies, enum ie_required required)
 
static void append_json_single (struct ast_str **str, struct ast_json *json, const enum ast_event_ie_type ie_type, enum ie_required required)
 
struct ast_moduleAST_MODULE_SELF_SYM (void)
 
static int load_module (void)
 
static void security_event_stasis_cb (struct ast_json *json)
 
static void security_stasis_cb (void *data, struct stasis_subscription *sub, struct stasis_message *message)
 
static int unload_module (void)
 

Variables

static struct ast_module_info __mod_info = { .name = AST_MODULE, .flags = AST_MODFLAG_LOAD_ORDER , .description = "Security Event Logging" , .key = "This paragraph is copyright (c) 2006 by Digium, Inc. \In order for your module to load, it must return this \key via a function called \"key\". Any code which \includes this paragraph must be licensed under the GNU \General Public License version 2 or later (at your \option). In addition to Digium's general reservations \of rights, Digium expressly reserves the right to \allow other parties to license this paragraph under \different terms. Any use of Digium, Inc. trademarks or \logos (including \"Asterisk\" or \"Digium\") without \express written permission of Digium, Inc. is prohibited.\n" , .buildopt_sum = AST_BUILDOPT_SUM, .load = load_module, .unload = unload_module, .load_pri = AST_MODPRI_DEFAULT, .support_level = AST_MODULE_SUPPORT_CORE, }
 
static const struct ast_module_infoast_module_info = &__mod_info
 
static int LOG_SECURITY
 
static const char LOG_SECURITY_NAME [] = "SECURITY"
 
static struct ast_threadstorage security_event_buf = { .once = PTHREAD_ONCE_INIT , .key_init = __init_security_event_buf , .custom_init = NULL , }
 
static const size_t SECURITY_EVENT_BUF_INIT_LEN = 256
 
static struct stasis_subscriptionsecurity_stasis_sub
 

Detailed Description

Security Event Logging.

Author
Russell Bryant russe.nosp@m.ll@d.nosp@m.igium.nosp@m..com
Todo:

Make informational security events optional

Escape quotes in string payload IE contents

Definition in file res_security_log.c.

Enumeration Type Documentation

◆ ie_required

enum ie_required
Enumerator
NOT_REQUIRED 
REQUIRED 
NOT_REQUIRED 
REQUIRED 

Definition at line 53 of file res_security_log.c.

53  {
54  NOT_REQUIRED,
55  REQUIRED
56 };
REQUIRED
Definition: res_security_log.c:55
NOT_REQUIRED
Definition: res_security_log.c:54

Function Documentation

◆ __init_security_event_buf()

static void __init_security_event_buf ( void  )
static

Definition at line 50 of file res_security_log.c.

53 {

◆ __reg_module()

static void __reg_module ( void  )
static

Definition at line 165 of file res_security_log.c.

◆ __unreg_module()

static void __unreg_module ( void  )
static

Definition at line 165 of file res_security_log.c.

◆ append_json()

static void append_json ( struct ast_str **  str,
struct ast_json json,
const struct ast_security_event_ie_type ies,
enum ie_required  required 
)
static

Definition at line 80 of file res_security_log.c.

References append_json_single(), AST_EVENT_IE_END, and ast_security_event_ie_type::ie_type.

Referenced by security_event_stasis_cb().

82 {
83  unsigned int i;
84 
85  for (i = 0; ies[i].ie_type != AST_EVENT_IE_END; i++) {
86  append_json_single(str, json, ies[i].ie_type, required);
87  }
88 }
append_json_single
static void append_json_single(struct ast_str **str, struct ast_json *json, const enum ast_event_ie_type ie_type, enum ie_required required)
Definition: res_security_log.c:58
ast_security_event_ie_type::ie_type
enum ast_event_ie_type ie_type
Definition: include/asterisk/security_events.h:54
AST_EVENT_IE_END
Definition: event_defs.h:70

◆ append_json_single()

static void append_json_single ( struct ast_str **  str,
struct ast_json json,
const enum ast_event_ie_type  ie_type,
enum ie_required  required 
)
static

Definition at line 58 of file res_security_log.c.

References ast_assert, ast_event_get_ie_type_name(), ast_json_object_get(), ast_json_string_get(), ast_str_append(), and NULL.

Referenced by append_json().

60 {
61  const char *ie_type_key = ast_event_get_ie_type_name(ie_type);
62 
63  struct ast_json *json_string;
64 
65  json_string = ast_json_object_get(json, ie_type_key);
66 
67  if (!required && !json_string) {
68  /* Optional IE isn't present. Ignore. */
69  return;
70  }
71 
72  /* At this point, it _better_ be there! */
73  ast_assert(json_string != NULL);
74 
75  ast_str_append(str, 0, ",%s=\"%s\"",
76  ie_type_key,
77  ast_json_string_get(json_string));
78 }
ast_str_append
int ast_str_append(struct ast_str **buf, ssize_t max_len, const char *fmt,...)
Append to a thread local dynamic string.
Definition: strings.h:1091
ast_assert
#define ast_assert(a)
Definition: utils.h:695
NULL
#define NULL
Definition: resample.c:96
ast_json_string_get
const char * ast_json_string_get(const struct ast_json *string)
Get the value of a JSON string.
Definition: json.c:273
ast_json_object_get
struct ast_json * ast_json_object_get(struct ast_json *object, const char *key)
Get a field from a JSON object.
Definition: json.c:397
ast_event_get_ie_type_name
const char * ast_event_get_ie_type_name(enum ast_event_ie_type ie_type)
Get the string representation of an information element type.
Definition: event.c:208
ast_json
Abstract JSON element (object, array, string, int, ...).

◆ AST_MODULE_SELF_SYM()

struct ast_module* AST_MODULE_SELF_SYM ( void  )

Definition at line 165 of file res_security_log.c.

◆ load_module()

static int load_module ( void  )
static

Definition at line 133 of file res_security_log.c.

References ast_logger_register_level(), ast_logger_unregister_level(), AST_MODULE_LOAD_DECLINE, AST_MODULE_LOAD_SUCCESS, ast_security_topic(), ast_verb, LOG_SECURITY, LOG_SECURITY_NAME, NULL, security_stasis_cb(), stasis_subscribe, stasis_subscription_accept_message_type(), STASIS_SUBSCRIPTION_FILTER_SELECTIVE, and stasis_subscription_set_filter().

134 {
135  if ((LOG_SECURITY = ast_logger_register_level(LOG_SECURITY_NAME)) == -1) {
136  return AST_MODULE_LOAD_DECLINE;
137  }
138 
139  if (!(security_stasis_sub = stasis_subscribe(ast_security_topic(), security_stasis_cb, NULL))) {
140  ast_logger_unregister_level(LOG_SECURITY_NAME);
141  LOG_SECURITY = -1;
142  return AST_MODULE_LOAD_DECLINE;
143  }
144  stasis_subscription_accept_message_type(security_stasis_sub, ast_security_event_type());
145  stasis_subscription_set_filter(security_stasis_sub, STASIS_SUBSCRIPTION_FILTER_SELECTIVE);
146 
147  ast_verb(3, "Security Logging Enabled\n");
148 
149  return AST_MODULE_LOAD_SUCCESS;
150 }
ast_security_event_type
ast_security_event_type
Security event types.
Definition: security_events_defs.h:40
ast_security_topic
struct stasis_topic * ast_security_topic(void)
A stasis_topic which publishes messages for security related issues.
Definition: main/security_events.c:380
stasis_subscription_set_filter
int stasis_subscription_set_filter(struct stasis_subscription *subscription, enum stasis_subscription_message_filter filter)
Set the message type filtering level on a subscription.
Definition: stasis.c:1079
NULL
#define NULL
Definition: resample.c:96
ast_verb
#define ast_verb(level,...)
Definition: logger.h:463
ast_logger_unregister_level
void ast_logger_unregister_level(const char *name)
Unregister a previously registered logger level.
Definition: logger.c:2536
LOG_SECURITY_NAME
static const char LOG_SECURITY_NAME[]
Definition: res_security_log.c:44
security_stasis_sub
static struct stasis_subscription * security_stasis_sub
Definition: res_security_log.c:48
ast_logger_register_level
int ast_logger_register_level(const char *name)
Register a new logger level.
Definition: logger.c:2503
stasis_subscribe
#define stasis_subscribe(topic, callback, data)
Definition: stasis.h:652
AST_MODULE_LOAD_DECLINE
Module has failed to load, may be in an inconsistent state.
Definition: module.h:78
security_stasis_cb
static void security_stasis_cb(void *data, struct stasis_subscription *sub, struct stasis_message *message)
Definition: res_security_log.c:117
stasis_subscription_accept_message_type
int stasis_subscription_accept_message_type(struct stasis_subscription *subscription, const struct stasis_message_type *type)
Indicate to a subscription that we are interested in a message type.
Definition: stasis.c:1025
LOG_SECURITY
static int LOG_SECURITY
Definition: res_security_log.c:46

◆ security_event_stasis_cb()

static void security_event_stasis_cb ( struct ast_json json)
static

Definition at line 90 of file res_security_log.c.

References append_json(), ast_assert, ast_json_integer_get(), ast_json_object_get(), ast_log_dynamic_level, ast_security_event_get_name(), ast_security_event_get_optional_ies(), ast_security_event_get_required_ies(), AST_SECURITY_EVENT_NUM_TYPES, ast_str_buffer(), ast_str_set(), ast_str_thread_get(), LOG_SECURITY, NOT_REQUIRED, REQUIRED, security_event_buf, SECURITY_EVENT_BUF_INIT_LEN, and str.

Referenced by security_stasis_cb().

91 {
92  struct ast_str *str;
93  struct ast_json *event_type_json;
94  enum ast_security_event_type event_type;
95 
96  event_type_json = ast_json_object_get(json, "SecurityEvent");
97  event_type = ast_json_integer_get(event_type_json);
98 
99  ast_assert((unsigned int)event_type < AST_SECURITY_EVENT_NUM_TYPES);
100 
101  if (!(str = ast_str_thread_get(&security_event_buf,
102  SECURITY_EVENT_BUF_INIT_LEN))) {
103  return;
104  }
105 
106  ast_str_set(&str, 0, "SecurityEvent=\"%s\"",
107  ast_security_event_get_name(event_type));
108 
109  append_json(&str, json,
110  ast_security_event_get_required_ies(event_type), REQUIRED);
111  append_json(&str, json,
112  ast_security_event_get_optional_ies(event_type), NOT_REQUIRED);
113 
114  ast_log_dynamic_level(LOG_SECURITY, "%s\n", ast_str_buffer(str));
115 }
append_json
static void append_json(struct ast_str **str, struct ast_json *json, const struct ast_security_event_ie_type *ies, enum ie_required required)
Definition: res_security_log.c:80
ast_security_event_type
ast_security_event_type
Security event types.
Definition: security_events_defs.h:40
ast_security_event_get_name
const char * ast_security_event_get_name(const enum ast_security_event_type event_type)
Get the name of a security event sub-type.
Definition: main/security_events.c:895
ast_str_buffer
char * ast_str_buffer(const struct ast_str *buf)
Returns the string buffer within the ast_str buf.
Definition: strings.h:714
ast_log_dynamic_level
#define ast_log_dynamic_level(level,...)
Send a log message to a dynamically registered log level.
Definition: logger.h:439
REQUIRED
Definition: res_security_log.c:55
ast_assert
#define ast_assert(a)
Definition: utils.h:695
str
const char * str
Definition: app_jack.c:147
ast_security_event_get_required_ies
const struct ast_security_event_ie_type * ast_security_event_get_required_ies(const enum ast_security_event_type event_type)
Get the list of required IEs for a given security event sub-type.
Definition: main/security_events.c:904
ast_str_set
int ast_str_set(struct ast_str **buf, ssize_t max_len, const char *fmt,...)
Set a dynamic string using variable arguments.
Definition: strings.h:1065
ast_str
The descriptor of a dynamic string XXX storage will be optimized later if needed We use the ts field ...
Definition: strings.h:584
NOT_REQUIRED
Definition: res_security_log.c:54
SECURITY_EVENT_BUF_INIT_LEN
static const size_t SECURITY_EVENT_BUF_INIT_LEN
Definition: res_security_log.c:51
AST_SECURITY_EVENT_NUM_TYPES
This must stay at the end.
Definition: security_events_defs.h:121
ast_security_event_get_optional_ies
const struct ast_security_event_ie_type * ast_security_event_get_optional_ies(const enum ast_security_event_type event_type)
Get the list of optional IEs for a given security event sub-type.
Definition: main/security_events.c:914
ast_json_object_get
struct ast_json * ast_json_object_get(struct ast_json *object, const char *key)
Get a field from a JSON object.
Definition: json.c:397
ast_json
Abstract JSON element (object, array, string, int, ...).
ast_str_thread_get
struct ast_str * ast_str_thread_get(struct ast_threadstorage *ts, size_t init_len)
Retrieve a thread locally stored dynamic string.
Definition: strings.h:861
ast_json_integer_get
intmax_t ast_json_integer_get(const struct ast_json *integer)
Get the value from a JSON integer.
Definition: json.c:322
security_event_buf
static struct ast_threadstorage security_event_buf
Definition: res_security_log.c:50
LOG_SECURITY
static int LOG_SECURITY
Definition: res_security_log.c:46

◆ security_stasis_cb()

static void security_stasis_cb ( void *  data,
struct stasis_subscription sub,
struct stasis_message message 
)
static

Definition at line 117 of file res_security_log.c.

References ast_json_payload::json, security_event_stasis_cb(), stasis_message_data(), and stasis_message_type().

Referenced by load_module().

119 {
120  struct ast_json_payload *payload = stasis_message_data(message);
121 
122  if (stasis_message_type(message) != ast_security_event_type()) {
123  return;
124  }
125 
126  if (!payload) {
127  return;
128  }
129 
130  security_event_stasis_cb(payload->json);
131 }
ast_security_event_type
ast_security_event_type
Security event types.
Definition: security_events_defs.h:40
ast_json_payload
Definition: json.h:1024
ast_json_payload::json
struct ast_json * json
Definition: json.h:1025
stasis_message_type
struct stasis_message_type * stasis_message_type(const struct stasis_message *msg)
Get the message type for a stasis_message.
Definition: stasis_message.c:187
security_event_stasis_cb
static void security_event_stasis_cb(struct ast_json *json)
Definition: res_security_log.c:90
stasis_message_data
void * stasis_message_data(const struct stasis_message *msg)
Get the data contained in a message.
Definition: stasis_message.c:195

◆ unload_module()

static int unload_module ( void  )
static

Definition at line 152 of file res_security_log.c.

References ast_logger_unregister_level(), ast_verb, LOG_SECURITY_NAME, and stasis_unsubscribe_and_join().

153 {
154  if (security_stasis_sub) {
155  security_stasis_sub = stasis_unsubscribe_and_join(security_stasis_sub);
156  }
157 
158  ast_logger_unregister_level(LOG_SECURITY_NAME);
159 
160  ast_verb(3, "Security Logging Disabled\n");
161 
162  return 0;
163 }
ast_verb
#define ast_verb(level,...)
Definition: logger.h:463
ast_logger_unregister_level
void ast_logger_unregister_level(const char *name)
Unregister a previously registered logger level.
Definition: logger.c:2536
LOG_SECURITY_NAME
static const char LOG_SECURITY_NAME[]
Definition: res_security_log.c:44
security_stasis_sub
static struct stasis_subscription * security_stasis_sub
Definition: res_security_log.c:48
stasis_unsubscribe_and_join
struct stasis_subscription * stasis_unsubscribe_and_join(struct stasis_subscription *subscription)
Cancel a subscription, blocking until the last message is processed.
Definition: stasis.c:1136

Variable Documentation

◆ __mod_info

struct ast_module_info __mod_info = { .name = AST_MODULE, .flags = AST_MODFLAG_LOAD_ORDER , .description = "Security Event Logging" , .key = "This paragraph is copyright (c) 2006 by Digium, Inc. \In order for your module to load, it must return this \key via a function called \"key\". Any code which \includes this paragraph must be licensed under the GNU \General Public License version 2 or later (at your \option). In addition to Digium's general reservations \of rights, Digium expressly reserves the right to \allow other parties to license this paragraph under \different terms. Any use of Digium, Inc. trademarks or \logos (including \"Asterisk\" or \"Digium\") without \express written permission of Digium, Inc. is prohibited.\n" , .buildopt_sum = AST_BUILDOPT_SUM, .load = load_module, .unload = unload_module, .load_pri = AST_MODPRI_DEFAULT, .support_level = AST_MODULE_SUPPORT_CORE, }
static

Definition at line 165 of file res_security_log.c.

◆ ast_module_info

const struct ast_module_info* ast_module_info = &__mod_info
static

Definition at line 165 of file res_security_log.c.

◆ LOG_SECURITY

int LOG_SECURITY
static

Definition at line 46 of file res_security_log.c.

Referenced by load_module(), and security_event_stasis_cb().

◆ LOG_SECURITY_NAME

const char LOG_SECURITY_NAME[] = "SECURITY"
static

Definition at line 44 of file res_security_log.c.

Referenced by load_module(), and unload_module().

◆ security_event_buf

struct ast_threadstorage security_event_buf = { .once = PTHREAD_ONCE_INIT , .key_init = __init_security_event_buf , .custom_init = NULL , }
static

Definition at line 50 of file res_security_log.c.

Referenced by security_event_stasis_cb().

◆ SECURITY_EVENT_BUF_INIT_LEN

const size_t SECURITY_EVENT_BUF_INIT_LEN = 256
static

Definition at line 51 of file res_security_log.c.

Referenced by security_event_stasis_cb().

◆ security_stasis_sub

struct stasis_subscription* security_stasis_sub
static

Definition at line 48 of file res_security_log.c.

Generated on Sun Aug 8 2021 19:46:38 for Asterisk - The Open Source Telephony Project by   doxygen 1.8.13