Asterisk - The Open Source Telephony Project  21.4.1
Functions
res/res_pjsip/security_events.c File Reference

Generate security events in the PJSIP channel. More...

#include "asterisk.h"
#include <pjsip.h>
#include "asterisk/res_pjsip.h"
#include "asterisk/security_events.h"

Go to the source code of this file.

Functions

void ast_sip_report_auth_challenge_sent (struct ast_sip_endpoint *endpoint, pjsip_rx_data *rdata, pjsip_tx_data *tdata)
 Send a security event notification for when an authentication challenge is sent. More...
 
void ast_sip_report_auth_failed_challenge_response (struct ast_sip_endpoint *endpoint, pjsip_rx_data *rdata)
 Send a security event notification for when a challenge response has failed. More...
 
void ast_sip_report_auth_success (struct ast_sip_endpoint *endpoint, pjsip_rx_data *rdata)
 Send a security event notification for when authentication succeeds. More...
 
void ast_sip_report_failed_acl (struct ast_sip_endpoint *endpoint, pjsip_rx_data *rdata, const char *name)
 Send a security event notification for when an ACL check fails. More...
 
void ast_sip_report_invalid_endpoint (const char *name, pjsip_rx_data *rdata)
 Send a security event notification for when an invalid endpoint is requested. More...
 
void ast_sip_report_mem_limit (struct ast_sip_endpoint *endpoint, pjsip_rx_data *rdata)
 Send a security event notification for when a memory limit is hit. More...
 
void ast_sip_report_req_no_support (struct ast_sip_endpoint *endpoint, pjsip_rx_data *rdata, const char *req_type)
 Send a security event notification for when a request is not supported. More...
 
static const char * get_account_id (struct ast_sip_endpoint *endpoint)
 
static enum ast_transport security_event_get_transport (pjsip_rx_data *rdata)
 
static void security_event_populate (pjsip_rx_data *rdata, char *call_id, size_t call_id_size, struct ast_sockaddr *local, struct ast_sockaddr *remote)
 

Detailed Description

Generate security events in the PJSIP channel.

Author
Joshua Colp jcolp.nosp@m.@dig.nosp@m.ium.c.nosp@m.om

Definition in file res/res_pjsip/security_events.c.

Function Documentation

void ast_sip_report_auth_challenge_sent ( struct ast_sip_endpoint endpoint,
pjsip_rx_data *  rdata,
pjsip_tx_data *  tdata 
)

Send a security event notification for when an authentication challenge is sent.

Parameters
endpointPointer to the endpoint in use
rdataReceived message
tdataSent message

Definition at line 197 of file res/res_pjsip/security_events.c.

References AST_SECURITY_EVENT_CHAL_SENT, AST_SECURITY_EVENT_CHAL_SENT_VERSION, ast_security_event_report(), ast_security_event_chal_sent::common, and ast_security_event_common::event_type.

198 {
199  pjsip_www_authenticate_hdr *auth = pjsip_msg_find_hdr(tdata->msg, PJSIP_H_WWW_AUTHENTICATE, NULL);
200  enum ast_transport transport = security_event_get_transport(rdata);
201  char nonce[64] = "", call_id[pj_strlen(&rdata->msg_info.cid->id) + 1];
202  struct ast_sockaddr local, remote;
203 
204  struct ast_security_event_chal_sent chal_sent = {
206  .common.version = AST_SECURITY_EVENT_CHAL_SENT_VERSION,
207  .common.service = "PJSIP",
208  .common.account_id = get_account_id(endpoint),
209  .common.local_addr = {
210  .addr = &local,
211  .transport = transport,
212  },
213  .common.remote_addr = {
214  .addr = &remote,
215  .transport = transport,
216  },
217  .common.session_id = call_id,
218  .challenge = nonce,
219  };
220 
221  if (auth && !pj_strcmp2(&auth->scheme, "digest")) {
222  ast_copy_pj_str(nonce, &auth->challenge.digest.nonce, sizeof(nonce));
223  }
224 
225  security_event_populate(rdata, call_id, sizeof(call_id), &local, &remote);
226 
227  ast_security_event_report(AST_SEC_EVT(&chal_sent));
228 }
int ast_security_event_report(const struct ast_security_event_common *sec)
Report a security event.
enum ast_security_event_type event_type
The security event sub-type.
#define AST_SECURITY_EVENT_CHAL_SENT_VERSION
Event descriptor version.
A challenge was sent out.
Socket address structure.
Definition: netsock2.h:97
Challenge was sent out, informational.
struct ast_security_event_common common
Common security event descriptor elements.
void ast_sip_report_auth_failed_challenge_response ( struct ast_sip_endpoint endpoint,
pjsip_rx_data *  rdata 
)

Send a security event notification for when a challenge response has failed.

Parameters
endpointPointer to the endpoint in use
rdataReceived message

Definition at line 130 of file res/res_pjsip/security_events.c.

References AST_SECURITY_EVENT_CHAL_RESP_FAILED, AST_SECURITY_EVENT_CHAL_RESP_FAILED_VERSION, ast_security_event_report(), ast_security_event_chal_resp_failed::common, ast_security_event_common::event_type, and ast_security_event_chal_resp_failed::response.

131 {
132  pjsip_authorization_hdr *auth = pjsip_msg_find_hdr(rdata->msg_info.msg, PJSIP_H_AUTHORIZATION, NULL);
133  enum ast_transport transport = security_event_get_transport(rdata);
134  char call_id[pj_strlen(&rdata->msg_info.cid->id) + 1];
135  char nonce[64] = "", response[256] = "";
136  struct ast_sockaddr local, remote;
137 
138  struct ast_security_event_chal_resp_failed chal_resp_failed = {
141  .common.service = "PJSIP",
142  .common.account_id = get_account_id(endpoint),
143  .common.local_addr = {
144  .addr = &local,
145  .transport = transport,
146  },
147  .common.remote_addr = {
148  .addr = &remote,
149  .transport = transport,
150  },
151  .common.session_id = call_id,
152 
153  .challenge = nonce,
154  .response = response,
155  .expected_response = "",
156  };
157 
158  if (auth && !pj_strcmp2(&auth->scheme, "Digest")) {
159  ast_copy_pj_str(nonce, &auth->credential.digest.nonce, sizeof(nonce));
160  ast_copy_pj_str(response, &auth->credential.digest.response, sizeof(response));
161  }
162 
163  security_event_populate(rdata, call_id, sizeof(call_id), &local, &remote);
164 
165  ast_security_event_report(AST_SEC_EVT(&chal_resp_failed));
166 }
int ast_security_event_report(const struct ast_security_event_common *sec)
Report a security event.
enum ast_security_event_type event_type
The security event sub-type.
An attempt at challenge/response auth failed.
const char * response
Response received.
struct ast_security_event_common common
Common security event descriptor elements.
Socket address structure.
Definition: netsock2.h:97
An attempt at challenge/response authentication failed.
#define AST_SECURITY_EVENT_CHAL_RESP_FAILED_VERSION
Event descriptor version.
void ast_sip_report_auth_success ( struct ast_sip_endpoint endpoint,
pjsip_rx_data *  rdata 
)

Send a security event notification for when authentication succeeds.

Parameters
endpointPointer to the endpoint in use
rdataReceived message

Definition at line 168 of file res/res_pjsip/security_events.c.

References ast_security_event_report(), AST_SECURITY_EVENT_SUCCESSFUL_AUTH, AST_SECURITY_EVENT_SUCCESSFUL_AUTH_VERSION, ast_security_event_successful_auth::common, and ast_security_event_common::event_type.

169 {
170  pjsip_authorization_hdr *auth = pjsip_msg_find_hdr(rdata->msg_info.msg, PJSIP_H_AUTHORIZATION, NULL);
171  enum ast_transport transport = security_event_get_transport(rdata);
172  char call_id[pj_strlen(&rdata->msg_info.cid->id) + 1];
173  struct ast_sockaddr local, remote;
174 
175  struct ast_security_event_successful_auth successful_auth = {
178  .common.service = "PJSIP",
179  .common.account_id = get_account_id(endpoint),
180  .common.local_addr = {
181  .addr = &local,
182  .transport = transport,
183  },
184  .common.remote_addr = {
185  .addr = &remote,
186  .transport = transport,
187  },
188  .common.session_id = call_id,
189  .using_password = auth ? 1 : 0,
190  };
191 
192  security_event_populate(rdata, call_id, sizeof(call_id), &local, &remote);
193 
194  ast_security_event_report(AST_SEC_EVT(&successful_auth));
195 }
int ast_security_event_report(const struct ast_security_event_common *sec)
Report a security event.
enum ast_security_event_type event_type
The security event sub-type.
FYI FWIW, Successful authentication has occurred.
#define AST_SECURITY_EVENT_SUCCESSFUL_AUTH_VERSION
Event descriptor version.
Socket address structure.
Definition: netsock2.h:97
struct ast_security_event_common common
Common security event descriptor elements.
void ast_sip_report_failed_acl ( struct ast_sip_endpoint endpoint,
pjsip_rx_data *  rdata,
const char *  name 
)

Send a security event notification for when an ACL check fails.

Parameters
endpointPointer to the endpoint in use
rdataReceived message
nameName of the ACL

Definition at line 102 of file res/res_pjsip/security_events.c.

References AST_SECURITY_EVENT_FAILED_ACL, AST_SECURITY_EVENT_FAILED_ACL_VERSION, ast_security_event_report(), ast_security_event_failed_acl::common, and ast_security_event_common::event_type.

103 {
104  enum ast_transport transport = security_event_get_transport(rdata);
105  char call_id[pj_strlen(&rdata->msg_info.cid->id) + 1];
106  struct ast_sockaddr local, remote;
107 
108  struct ast_security_event_failed_acl failed_acl_event = {
110  .common.version = AST_SECURITY_EVENT_FAILED_ACL_VERSION,
111  .common.service = "PJSIP",
112  .common.account_id = get_account_id(endpoint),
113  .common.local_addr = {
114  .addr = &local,
115  .transport = transport,
116  },
117  .common.remote_addr = {
118  .addr = &remote,
119  .transport = transport,
120  },
121  .common.session_id = call_id,
122  .acl_name = name,
123  };
124 
125  security_event_populate(rdata, call_id, sizeof(call_id), &local, &remote);
126 
127  ast_security_event_report(AST_SEC_EVT(&failed_acl_event));
128 }
int ast_security_event_report(const struct ast_security_event_common *sec)
Report a security event.
enum ast_security_event_type event_type
The security event sub-type.
Checking against an IP access control list failed.
Socket address structure.
Definition: netsock2.h:97
#define AST_SECURITY_EVENT_FAILED_ACL_VERSION
Event descriptor version.
struct ast_security_event_common common
Common security event descriptor elements.
void ast_sip_report_invalid_endpoint ( const char *  name,
pjsip_rx_data *  rdata 
)

Send a security event notification for when an invalid endpoint is requested.

Parameters
nameName of the endpoint requested
rdataReceived message

Definition at line 75 of file res/res_pjsip/security_events.c.

References AST_SECURITY_EVENT_INVAL_ACCT_ID, AST_SECURITY_EVENT_INVAL_ACCT_ID_VERSION, ast_security_event_report(), ast_security_event_inval_acct_id::common, and ast_security_event_common::event_type.

76 {
77  enum ast_transport transport = security_event_get_transport(rdata);
78  char call_id[pj_strlen(&rdata->msg_info.cid->id) + 1];
79  struct ast_sockaddr local, remote;
80 
81  struct ast_security_event_inval_acct_id inval_acct_id = {
84  .common.service = "PJSIP",
85  .common.account_id = name,
86  .common.local_addr = {
87  .addr = &local,
88  .transport = transport,
89  },
90  .common.remote_addr = {
91  .addr = &remote,
92  .transport = transport,
93  },
94  .common.session_id = call_id,
95  };
96 
97  security_event_populate(rdata, call_id, sizeof(call_id), &local, &remote);
98 
99  ast_security_event_report(AST_SEC_EVT(&inval_acct_id));
100 }
int ast_security_event_report(const struct ast_security_event_common *sec)
Report a security event.
enum ast_security_event_type event_type
The security event sub-type.
struct ast_security_event_common common
Common security event descriptor elements.
Socket address structure.
Definition: netsock2.h:97
#define AST_SECURITY_EVENT_INVAL_ACCT_ID_VERSION
Event descriptor version.
Invalid account ID specified (invalid username, for example)
void ast_sip_report_mem_limit ( struct ast_sip_endpoint endpoint,
pjsip_rx_data *  rdata 
)

Send a security event notification for when a memory limit is hit.

Parameters
endpointPointer to the endpoint in use
rdataReceived message

Definition at line 259 of file res/res_pjsip/security_events.c.

References AST_SECURITY_EVENT_MEM_LIMIT, AST_SECURITY_EVENT_MEM_LIMIT_VERSION, ast_security_event_report(), ast_security_event_mem_limit::common, and ast_security_event_common::event_type.

260 {
261  enum ast_transport transport = security_event_get_transport(rdata);
262  char call_id[pj_strlen(&rdata->msg_info.cid->id) + 1];
263  struct ast_sockaddr local, remote;
264 
265  struct ast_security_event_mem_limit mem_limit_event = {
267  .common.version = AST_SECURITY_EVENT_MEM_LIMIT_VERSION,
268  .common.service = "PJSIP",
269  .common.account_id = get_account_id(endpoint),
270  .common.local_addr = {
271  .addr = &local,
272  .transport = transport,
273  },
274  .common.remote_addr = {
275  .addr = &remote,
276  .transport = transport,
277  },
278  .common.session_id = call_id
279  };
280 
281  security_event_populate(rdata, call_id, sizeof(call_id), &local, &remote);
282 
283  ast_security_event_report(AST_SEC_EVT(&mem_limit_event));
284 }
int ast_security_event_report(const struct ast_security_event_common *sec)
Report a security event.
struct ast_security_event_common common
Common security event descriptor elements.
enum ast_security_event_type event_type
The security event sub-type.
Socket address structure.
Definition: netsock2.h:97
#define AST_SECURITY_EVENT_MEM_LIMIT_VERSION
Event descriptor version.
Request denied because of a memory limit.
void ast_sip_report_req_no_support ( struct ast_sip_endpoint endpoint,
pjsip_rx_data *  rdata,
const char *  req_type 
)

Send a security event notification for when a request is not supported.

Parameters
endpointPointer to the endpoint in use
rdataReceived message
req_typethe type of request

Definition at line 230 of file res/res_pjsip/security_events.c.

References ast_security_event_report(), AST_SECURITY_EVENT_REQ_NO_SUPPORT, AST_SECURITY_EVENT_REQ_NO_SUPPORT_VERSION, ast_security_event_req_no_support::common, and ast_security_event_common::event_type.

232 {
233  enum ast_transport transport = security_event_get_transport(rdata);
234  char call_id[pj_strlen(&rdata->msg_info.cid->id) + 1];
235  struct ast_sockaddr local, remote;
236 
237  struct ast_security_event_req_no_support req_no_support_event = {
240  .common.service = "PJSIP",
241  .common.account_id = get_account_id(endpoint),
242  .common.local_addr = {
243  .addr = &local,
244  .transport = transport,
245  },
246  .common.remote_addr = {
247  .addr = &remote,
248  .transport = transport,
249  },
250  .common.session_id = call_id,
251  .request_type = req_type
252  };
253 
254  security_event_populate(rdata, call_id, sizeof(call_id), &local, &remote);
255 
256  ast_security_event_report(AST_SEC_EVT(&req_no_support_event));
257 }
int ast_security_event_report(const struct ast_security_event_common *sec)
Report a security event.
enum ast_security_event_type event_type
The security event sub-type.
#define AST_SECURITY_EVENT_REQ_NO_SUPPORT_VERSION
Event descriptor version.
Request denied because we don't support it.
Socket address structure.
Definition: netsock2.h:97
struct ast_security_event_common common
Common security event descriptor elements.
A request was made that we understand, but do not support.