39 static void evt_gen_failed_acl(
void);
40 static void evt_gen_inval_acct_id(
void);
41 static void evt_gen_session_limit(
void);
42 static void evt_gen_mem_limit(
void);
43 static void evt_gen_load_avg(
void);
44 static void evt_gen_req_no_support(
void);
45 static void evt_gen_req_not_allowed(
void);
46 static void evt_gen_auth_method_not_allowed(
void);
47 static void evt_gen_req_bad_format(
void);
48 static void evt_gen_successful_auth(
void);
49 static void evt_gen_unexpected_addr(
void);
50 static void evt_gen_chal_resp_failed(
void);
51 static void evt_gen_inval_password(
void);
52 static void evt_gen_chal_sent(
void);
53 static void evt_gen_inval_transport(
void);
55 typedef void (*evt_generator)(void);
74 static void evt_gen_failed_acl(
void)
83 .common.service =
"TEST",
84 .common.module = AST_MODULE,
85 .common.account_id =
"Username",
86 .common.session_id =
"Session123",
87 .common.session_tv = &session_tv,
88 .common.local_addr = {
90 .transport = AST_TRANSPORT_UDP,
92 .common.remote_addr = {
94 .transport = AST_TRANSPORT_UDP,
97 .acl_name =
"TEST_ACL",
112 static void evt_gen_inval_acct_id(
void)
121 .common.service =
"TEST",
122 .common.module = AST_MODULE,
123 .common.account_id =
"FakeUser",
124 .common.session_id =
"Session456",
125 .common.session_tv = &session_tv,
126 .common.local_addr = {
128 .transport = AST_TRANSPORT_TCP,
130 .common.remote_addr = {
131 .addr = &addr_remote,
132 .transport = AST_TRANSPORT_TCP,
148 static void evt_gen_session_limit(
void)
157 .common.service =
"TEST",
158 .common.module = AST_MODULE,
159 .common.account_id =
"Jenny",
160 .common.session_id =
"8675309",
161 .common.session_tv = &session_tv,
162 .common.local_addr = {
164 .transport = AST_TRANSPORT_TLS,
166 .common.remote_addr = {
167 .addr = &addr_remote,
168 .transport = AST_TRANSPORT_TLS,
184 static void evt_gen_mem_limit(
void)
193 .common.service =
"TEST",
194 .common.module = AST_MODULE,
195 .common.account_id =
"Felix",
196 .common.session_id =
"Session2604",
197 .common.session_tv = &session_tv,
198 .common.local_addr = {
200 .transport = AST_TRANSPORT_UDP,
202 .common.remote_addr = {
203 .addr = &addr_remote,
204 .transport = AST_TRANSPORT_UDP,
220 static void evt_gen_load_avg(
void)
229 .common.service =
"TEST",
230 .common.module = AST_MODULE,
231 .common.account_id =
"GuestAccount",
232 .common.session_id =
"XYZ123",
233 .common.session_tv = &session_tv,
234 .common.local_addr = {
236 .transport = AST_TRANSPORT_UDP,
238 .common.remote_addr = {
239 .addr = &addr_remote,
240 .transport = AST_TRANSPORT_UDP,
256 static void evt_gen_req_no_support(
void)
265 .common.service =
"TEST",
266 .common.module = AST_MODULE,
267 .common.account_id =
"George",
268 .common.session_id =
"asdkl23478289lasdkf",
269 .common.session_tv = &session_tv,
270 .common.local_addr = {
272 .transport = AST_TRANSPORT_UDP,
274 .common.remote_addr = {
275 .addr = &addr_remote,
276 .transport = AST_TRANSPORT_UDP,
279 .request_type =
"MakeMeDinner",
286 ast_copy_string(remoteaddr,
"10.120.110.100:9777",
sizeof(remoteaddr));
294 static void evt_gen_req_not_allowed(
void)
303 .common.service =
"TEST",
304 .common.module = AST_MODULE,
305 .common.account_id =
"George",
306 .common.session_id =
"alksdjf023423h4lka0df",
307 .common.session_tv = &session_tv,
308 .common.local_addr = {
310 .transport = AST_TRANSPORT_UDP,
312 .common.remote_addr = {
313 .addr = &addr_remote,
314 .transport = AST_TRANSPORT_UDP,
317 .request_type =
"MakeMeBreakfast",
318 .request_params =
"BACONNNN!",
325 ast_copy_string(remoteaddr,
"10.120.110.100:9777",
sizeof(remoteaddr));
333 static void evt_gen_auth_method_not_allowed(
void)
342 .common.service =
"TEST",
343 .common.module = AST_MODULE,
344 .common.account_id =
"Bob",
345 .common.session_id =
"010101010101",
346 .common.session_tv = &session_tv,
347 .common.local_addr = {
349 .transport = AST_TRANSPORT_TCP,
351 .common.remote_addr = {
352 .addr = &addr_remote,
353 .transport = AST_TRANSPORT_TCP,
356 .auth_method =
"PlainText"
363 ast_copy_string(remoteaddr,
"10.120.110.105:8745",
sizeof(remoteaddr));
371 static void evt_gen_req_bad_format(
void)
380 .common.service =
"TEST",
381 .common.module = AST_MODULE,
382 .common.account_id =
"Larry",
383 .common.session_id =
"838383fhfhf83hf8h3f8h",
384 .common.session_tv = &session_tv,
385 .common.local_addr = {
387 .transport = AST_TRANSPORT_TCP,
389 .common.remote_addr = {
390 .addr = &addr_remote,
391 .transport = AST_TRANSPORT_TCP,
394 .request_type =
"CheeseBurger",
395 .request_params =
"Onions,Swiss,MotorOil",
402 ast_copy_string(remoteaddr,
"10.120.210.200:2121",
sizeof(remoteaddr));
410 static void evt_gen_successful_auth(
void)
419 .common.service =
"TEST",
420 .common.module = AST_MODULE,
421 .common.account_id =
"ValidUser",
422 .common.session_id =
"Session456",
423 .common.session_tv = &session_tv,
424 .common.local_addr = {
426 .transport = AST_TRANSPORT_TCP,
428 .common.remote_addr = {
429 .addr = &addr_remote,
430 .transport = AST_TRANSPORT_TCP,
446 static void evt_gen_unexpected_addr(
void)
456 .common.service =
"TEST",
457 .common.module = AST_MODULE,
458 .common.account_id =
"CoolUser",
459 .common.session_id =
"Session789",
460 .common.session_tv = &session_tv,
461 .common.local_addr = {
463 .transport = AST_TRANSPORT_UDP,
465 .common.remote_addr = {
466 .addr = &addr_remote,
467 .transport = AST_TRANSPORT_UDP,
471 .addr = &addr_expected,
472 .transport = AST_TRANSPORT_UDP,
478 char expectedaddr[53];
491 static void evt_gen_chal_resp_failed(
void)
500 .common.service =
"TEST",
501 .common.module = AST_MODULE,
502 .common.account_id =
"SuperDuperUser",
503 .common.session_id =
"Session1231231231",
504 .common.session_tv = &session_tv,
505 .common.local_addr = {
507 .transport = AST_TRANSPORT_TCP,
509 .common.remote_addr = {
510 .addr = &addr_remote,
511 .transport = AST_TRANSPORT_TCP,
514 .challenge =
"8adf8a9sd8fas9df23ljk4",
515 .response =
"9u3jlaksdjflakjsdfoi23",
516 .expected_response =
"oiafaljhadf9834luahk3k",
531 static void evt_gen_inval_password(
void)
540 .common.service =
"TEST",
541 .common.module = AST_MODULE,
542 .common.account_id =
"AccountIDGoesHere",
543 .common.session_id =
"SessionIDGoesHere",
544 .common.session_tv = &session_tv,
545 .common.local_addr = {
547 .transport = AST_TRANSPORT_TCP,
549 .common.remote_addr = {
550 .addr = &addr_remote,
551 .transport = AST_TRANSPORT_TCP,
553 .challenge =
"GoOdChAlLeNgE",
554 .received_challenge =
"BaDcHaLlEnGe",
555 .received_hash =
"3ad9023adf309",
570 static void evt_gen_chal_sent(
void)
579 .common.service =
"TEST",
580 .common.module = AST_MODULE,
581 .common.account_id =
"AccountIDGoesHere",
582 .common.session_id =
"SessionIDGoesHere",
583 .common.session_tv = &session_tv,
584 .common.local_addr = {
586 .transport = AST_TRANSPORT_TCP,
588 .common.remote_addr = {
589 .addr = &addr_remote,
590 .transport = AST_TRANSPORT_TCP,
592 .challenge =
"IcHaLlEnGeYoU",
607 static void evt_gen_inval_transport(
void)
616 .common.service =
"TEST",
617 .common.module = AST_MODULE,
618 .common.account_id =
"AccountIDGoesHere",
619 .common.session_id =
"SessionIDGoesHere",
620 .common.session_tv = &session_tv,
621 .common.local_addr = {
623 .transport = AST_TRANSPORT_TCP,
625 .common.remote_addr = {
626 .addr = &addr_remote,
627 .transport = AST_TRANSPORT_TCP,
648 ast_cli(a->fd,
"Generating some security events ...\n");
650 for (i = 0; i < ARRAY_LEN(evt_generators); i++) {
653 if (!evt_generators[i]) {
654 ast_cli(a->fd,
"*** No event generator for event type '%s' ***\n",
659 ast_cli(a->fd,
"Generating a '%s' security event ...\n", event_type);
664 ast_cli(a->fd,
"Security event generation complete.\n");
671 e->
command =
"securityevents test generation";
673 "Usage: securityevents test generation"
687 AST_CLI_DEFINE(handle_cli_sec_evt_test,
"Test security event generation"),
690 static int unload_module(
void)
695 static int load_module(
void)
704 AST_MODULE_INFO_STANDARD(
ASTERISK_GPL_KEY,
"Test Security Event Generation");
int ast_security_event_report(const struct ast_security_event_common *sec)
Report a security event.
An attempt at basic password authentication failed.
struct ast_security_event_common common
Common security event descriptor elements.
enum ast_security_event_type event_type
The security event sub-type.
struct ast_security_event_common common
Common security event descriptor elements.
Security Event Reporting API.
Asterisk main include file. File version handling, generic pbx functions.
FYI FWIW, Successful authentication has occurred.
int ast_sockaddr_parse(struct ast_sockaddr *addr, const char *str, int flags)
Parse an IPv4 or IPv6 address string.
int ast_cli_unregister_multiple(struct ast_cli_entry *e, int len)
Unregister multiple commands.
#define AST_SECURITY_EVENT_REQ_NO_SUPPORT_VERSION
Event descriptor version.
An attempt at challenge/response auth failed.
descriptor for a cli entry.
#define AST_SECURITY_EVENT_CHAL_SENT_VERSION
Event descriptor version.
Request denied because we don't support it.
Checking against an IP access control list failed.
struct ast_security_event_common common
Common security event descriptor elements.
The attempted authentication method is not allowed.
A challenge was sent out.
#define ast_cli_register_multiple(e, len)
Register multiple commands.
struct timeval ast_tvnow(void)
Returns current timeval. Meant to replace calls to gettimeofday().
Unexpected source address for a session in progress.
struct ast_security_event_common common
Common security event descriptor elements.
A request was made that is not allowed.
#define AST_SECURITY_EVENT_SUCCESSFUL_AUTH_VERSION
Event descriptor version.
An unexpected source address was seen for a session in progress.
struct ast_security_event_common common
Common security event descriptor elements.
Socket address structure.
#define AST_SECURITY_EVENT_UNEXPECTED_ADDR_VERSION
Event descriptor version.
An attempt at basic password auth failed.
Request received with bad formatting.
Request denied because of a session limit.
Successful authentication.
#define AST_SECURITY_EVENT_FAILED_ACL_VERSION
Event descriptor version.
Challenge was sent out, informational.
struct ast_security_event_common common
Common security event descriptor elements.
struct ast_security_event_common common
Common security event descriptor elements.
#define AST_SECURITY_EVENT_AUTH_METHOD_NOT_ALLOWED_VERSION
Event descriptor version.
#define AST_SECURITY_EVENT_MEM_LIMIT_VERSION
Event descriptor version.
Auth method used not allowed.
Attempt to contact peer on invalid transport.
#define AST_SECURITY_EVENT_INVAL_ACCT_ID_VERSION
Event descriptor version.
struct ast_security_event_common common
Common security event descriptor elements.
Request denied because of a memory limit.
struct ast_security_event_common common
Common security event descriptor elements.
Load Average limit reached.
Request denied because of a load average limit.
An attempt at challenge/response authentication failed.
struct ast_security_event_common common
Common security event descriptor elements.
Module has failed to load, may be in an inconsistent state.
struct ast_security_event_common common
Common security event descriptor elements.
This must stay at the end.
#define AST_SECURITY_EVENT_LOAD_AVG_VERSION
Event descriptor version.
Invalid account ID specified (invalid username, for example)
struct ast_security_event_common common
Common security event descriptor elements.
struct ast_security_event_common common
Common security event descriptor elements.
#define AST_SECURITY_EVENT_INVAL_PASSWORD_VERSION
Event descriptor version.
#define AST_SECURITY_EVENT_INVAL_TRANSPORT_VERSION
Event descriptor version.
Standard Command Line Interface.
struct ast_security_event_common common
Common security event descriptor elements.
void ast_copy_string(char *dst, const char *src, size_t size)
Size-limited null-terminating string copy.
#define AST_SECURITY_EVENT_REQ_BAD_FORMAT_VERSION
Event descriptor version.
#define AST_SECURITY_EVENT_CHAL_RESP_FAILED_VERSION
Event descriptor version.
#define ASTERISK_GPL_KEY
The text the key() function should return.
Asterisk module definitions.
const char * ast_security_event_get_name(const enum ast_security_event_type event_type)
Get the name of a security event sub-type.
#define AST_SECURITY_EVENT_SESSION_LIMIT_VERSION
Event descriptor version.
Request denied because it's not allowed.
An attempt to contact a peer on an invalid transport.
#define AST_SECURITY_EVENT_REQ_NOT_ALLOWED_VERSION
Event descriptor version.
A request was made that we understand, but do not support.