[asterisk-commits] russell: branch group/security_events r199221 - in /team/group/security_event...

SVN commits to the Asterisk project asterisk-commits at lists.digium.com
Thu Jun 4 21:21:26 CDT 2009 

Author: russell
Date: Thu Jun  4 21:21:23 2009
New Revision: 199221

URL: http://svn.asterisk.org/svn-view/asterisk?view=rev&rev=199221
Log:
Add handling for the invalid account ID event.

Modified:
    team/group/security_events/include/asterisk/security_events_defs.h
    team/group/security_events/main/security_events.c
    team/group/security_events/tests/test_security_events.c

Modified: team/group/security_events/include/asterisk/security_events_defs.h
URL: http://svn.asterisk.org/svn-view/asterisk/team/group/security_events/include/asterisk/security_events_defs.h?view=diff&rev=199221&r1=199220&r2=199221
==============================================================================
--- team/group/security_events/include/asterisk/security_events_defs.h (original)
+++ team/group/security_events/include/asterisk/security_events_defs.h Thu Jun  4 21:21:23 2009
@@ -50,6 +50,14 @@
 	 * lists.
 	 */
 	AST_SECURITY_EVENT_FAILED_ACL,
+	/*!
+	 * \brief Invalid Account ID
+	 *
+	 * This event is used when an invalid account identifier is supplied
+	 * during authentication.  For example, if an invalid username is given,
+	 * this event should be used.
+	 */
+	AST_SECURITY_EVENT_INVALID_ACCOUNT_ID,
 	/* \brief This _must_ stay at the end. */
 	AST_SECURITY_EVENT_NUM_TYPES
 };
@@ -141,6 +149,55 @@
 	enum ast_security_event_transport_type transport;
 };
 
+/*!
+ * \brief Invalid account ID specified (invalid username, for example)
+ */
+struct ast_security_event_invalid_account_id {
+	/*!
+	 * \brief Event descriptor version
+	 * \note This _must_ be changed if this event descriptor is changed.
+	 */
+	#define AST_SECURITY_EVENT_INVALID_ACCOUNT_ID_VERSION 1
+	/*! \brief Common security event descriptor elements */
+	struct ast_security_event_common common;
+	/*!
+	 * \brief Module, Normally the AST_MODULE define
+	 * \note optional
+	 */
+	const char *module;
+	/*!
+	 * \brief Account ID, specific to the service type
+	 * \note required
+	 */
+	const char *account_id;
+	/*!
+	 * \brief Session ID, specific to the service type
+	 * \note required
+	 */
+	const char *session_id;
+	/*!
+	 * \brief Session timeval, when the session started
+	 * \note optional
+	 */
+	const struct timeval *session_tv;
+	/*!
+	 * \brief Local address the request came in on
+	 * \note required
+	 */
+	const struct sockaddr_in *sin_local;
+	/*!
+	 * \brief Remote address the request came from
+	 * \note required
+	 */
+	const struct sockaddr_in *sin_remote;
+	/*!
+	 * \brief Transport type in use
+	 * \note required
+	 */
+	enum ast_security_event_transport_type transport;
+};
+
+
 #if defined(__cplusplus) || defined(c_plusplus)
 }
 #endif

Modified: team/group/security_events/main/security_events.c
URL: http://svn.asterisk.org/svn-view/asterisk/team/group/security_events/main/security_events.c?view=diff&rev=199221&r1=199220&r2=199221
==============================================================================
--- team/group/security_events/main/security_events.c (original)
+++ team/group/security_events/main/security_events.c Thu Jun  4 21:21:23 2009
@@ -36,6 +36,7 @@
 static const size_t TIMESTAMP_STR_LEN = 32;
 
 static int handle_failed_acl(const struct ast_security_event_common *sec);
+static int handle_invalid_account_id(const struct ast_security_event_common *sec);
 
 static const struct {
 	const char *name;
@@ -65,7 +66,25 @@
 			AST_EVENT_IE_SESSION_TV,
 			AST_EVENT_IE_END
 		},
-
+	},
+	[AST_SECURITY_EVENT_INVALID_ACCOUNT_ID] = {
+		.name    = "InvalidAccountID",
+		.version = AST_SECURITY_EVENT_INVALID_ACCOUNT_ID_VERSION,
+		.handler = handle_invalid_account_id,
+		.required_ies = {
+			AST_EVENT_IE_SERVICE,
+			AST_EVENT_IE_EVENT_VERSION,
+			AST_EVENT_IE_ACCOUNT_ID,
+			AST_EVENT_IE_SESSION_ID,
+			AST_EVENT_IE_LOCAL_ADDR,
+			AST_EVENT_IE_REMOTE_ADDR,
+			AST_EVENT_IE_END
+		},
+		.optional_ies = {
+			AST_EVENT_IE_MODULE,
+			AST_EVENT_IE_SESSION_TV,
+			AST_EVENT_IE_END
+		},
 	},
 };
 
@@ -232,3 +251,40 @@
 
 	return event ? 0 : -1;
 }
+
+static int handle_invalid_account_id(const struct ast_security_event_common *sec)
+{
+	const struct ast_security_event_invalid_account_id *inval_acct_id;
+	struct ast_event *event;
+
+	inval_acct_id = (const struct ast_security_event_invalid_account_id *) sec;
+
+	if (!(event = alloc_event(sec))) {
+		return -1;
+	}
+
+	if (!ast_strlen_zero(inval_acct_id->module)) {
+		ast_event_append_ie_str(&event, AST_EVENT_IE_MODULE, inval_acct_id->module);
+	}
+
+	ast_event_append_ie_str(&event, AST_EVENT_IE_ACCOUNT_ID, inval_acct_id->account_id);
+	ast_event_append_ie_str(&event, AST_EVENT_IE_SESSION_ID, inval_acct_id->session_id);
+
+	if (inval_acct_id->session_tv) {
+		add_timeval_ie(&event, AST_EVENT_IE_SESSION_TV, inval_acct_id->session_tv);
+	}
+
+	add_ipv4_ie(&event, AST_EVENT_IE_LOCAL_ADDR,
+			inval_acct_id->sin_local, inval_acct_id->transport);
+	add_ipv4_ie(&event, AST_EVENT_IE_REMOTE_ADDR,
+			inval_acct_id->sin_remote, inval_acct_id->transport);
+
+	if (event && ast_event_queue(event)) {
+		ast_event_destroy(event);
+		event = NULL;
+	}
+
+	return event ? 0 : -1;
+
+}
+

Modified: team/group/security_events/tests/test_security_events.c
URL: http://svn.asterisk.org/svn-view/asterisk/team/group/security_events/tests/test_security_events.c?view=diff&rev=199221&r1=199220&r2=199221
==============================================================================
--- team/group/security_events/tests/test_security_events.c (original)
+++ team/group/security_events/tests/test_security_events.c Thu Jun  4 21:21:23 2009
@@ -37,10 +37,12 @@
 #include "asterisk/security_events.h"
 
 static void evt_gen_failed_acl(void);
+static void evt_gen_invalid_account_id(void);
 
 typedef void (*evt_generator)(void);
 evt_generator evt_generators[AST_SECURITY_EVENT_NUM_TYPES] = {
-	[AST_SECURITY_EVENT_FAILED_ACL] = evt_gen_failed_acl,
+	[AST_SECURITY_EVENT_FAILED_ACL]         = evt_gen_failed_acl,
+	[AST_SECURITY_EVENT_INVALID_ACCOUNT_ID] = evt_gen_invalid_account_id,
 };
 
 static void evt_gen_failed_acl(void)
@@ -74,6 +76,38 @@
 	sin_remote.sin_port = htons(12345);
 
 	ast_security_event_report(AST_SEC_EVT(&failed_acl_event));
+}
+
+static void evt_gen_invalid_account_id(void)
+{
+	struct sockaddr_in sin_local = {
+		.sin_family = AF_INET
+	};
+	struct sockaddr_in sin_remote = {
+		.sin_family = AF_INET
+	};
+	struct timeval session_tv = ast_tvnow();
+	struct ast_security_event_invalid_account_id inval_acct_id = {
+		.common.event_type = AST_SECURITY_EVENT_INVALID_ACCOUNT_ID,
+		.common.version    = AST_SECURITY_EVENT_INVALID_ACCOUNT_ID_VERSION,
+		.common.service    = "TEST",
+
+		.module     = AST_MODULE,
+		.account_id = "FakeUser",
+		.session_id = "Session456",
+		.session_tv = &session_tv,
+		.sin_local  = &sin_local,
+		.sin_remote = &sin_remote,
+		.transport  = AST_SECURITY_EVENT_TRANSPORT_TCP,
+	};
+
+	inet_aton("10.1.2.3", &sin_local.sin_addr);
+	sin_local.sin_port = htons(4321);
+
+	inet_aton("10.1.2.4", &sin_remote.sin_addr);
+	sin_remote.sin_port = htons(1234);
+
+	ast_security_event_report(AST_SEC_EVT(&inval_acct_id));
 }
 
 static void gen_events(struct ast_cli_args *a)

More information about the asterisk-commits mailing list