[asterisk-commits] russell: branch group/security_events r199294 - in /team/group/security_event...

SVN commits to the Asterisk project asterisk-commits at lists.digium.com
Fri Jun 5 15:56:25 CDT 2009


Author: russell
Date: Fri Jun  5 15:56:22 2009
New Revision: 199294

URL: http://svn.asterisk.org/svn-view/asterisk?view=rev&rev=199294
Log:
Add support and test code for request not allowed security event

Modified:
    team/group/security_events/include/asterisk/security_events_defs.h
    team/group/security_events/main/security_events.c
    team/group/security_events/security_events.txt
    team/group/security_events/tests/test_security_events.c

Modified: team/group/security_events/include/asterisk/security_events_defs.h
URL: http://svn.asterisk.org/svn-view/asterisk/team/group/security_events/include/asterisk/security_events_defs.h?view=diff&rev=199294&r1=199293&r2=199294
==============================================================================
--- team/group/security_events/include/asterisk/security_events_defs.h (original)
+++ team/group/security_events/include/asterisk/security_events_defs.h Fri Jun  5 15:56:22 2009
@@ -83,6 +83,10 @@
 	 * \brief A request was made that we understand, but do not support
 	 */
 	AST_SECURITY_EVENT_REQ_NO_SUPPORT,
+	/*!
+	 * \brief A request was made that is not allowed
+	 */
+	AST_SECURITY_EVENT_REQ_NOT_ALLOWED,
 	/* \brief This _must_ stay at the end. */
 	AST_SECURITY_EVENT_NUM_TYPES
 };
@@ -394,6 +398,59 @@
 	const char *request_type;
 };
 
+/*!
+ * \brief Request denied because it's not allowed
+ */
+struct ast_security_event_req_not_allowed {
+	/*!
+	 * \brief Event descriptor version
+	 * \note This _must_ be changed if this event descriptor is changed.
+	 */
+	#define AST_SECURITY_EVENT_REQ_NOT_ALLOWED_VERSION 1
+	/*! \brief Common security event descriptor elements */
+	struct ast_security_event_common common;
+	/*!
+	 * \brief Module, Normally the AST_MODULE define
+	 * \note optional
+	 */
+	const char *module;
+	/*!
+	 * \brief Account ID, specific to the service type
+	 * \note required
+	 */
+	const char *account_id;
+	/*!
+	 * \brief Session ID, specific to the service type
+	 * \note required
+	 */
+	const char *session_id;
+	/*!
+	 * \brief Session timeval, when the session started
+	 * \note optional
+	 */
+	const struct timeval *session_tv;
+	/*!
+	 * \brief Local address the request came in on
+	 * \note required
+	 */
+	struct ast_security_event_ipv4_addr local_addr;
+	/*!
+	 * \brief Remote address the request came from
+	 * \note required
+	 */
+	struct ast_security_event_ipv4_addr remote_addr;
+	/*!
+	 * \brief Request type that was made
+	 * \note required
+	 */
+	const char *request_type;
+	/*!
+	 * \brief Request type that was made
+	 * \note optional
+	 */
+	const char *request_params;
+};
+
 #if defined(__cplusplus) || defined(c_plusplus)
 }
 #endif

Modified: team/group/security_events/main/security_events.c
URL: http://svn.asterisk.org/svn-view/asterisk/team/group/security_events/main/security_events.c?view=diff&rev=199294&r1=199293&r2=199294
==============================================================================
--- team/group/security_events/main/security_events.c (original)
+++ team/group/security_events/main/security_events.c Fri Jun  5 15:56:22 2009
@@ -164,6 +164,28 @@
 	.optional_ies = {
 		{ AST_EVENT_IE_MODULE, SEC_EVT_FIELD(req_no_support, module) },
 		{ AST_EVENT_IE_SESSION_TV, SEC_EVT_FIELD(req_no_support, session_tv) },
+		{ AST_EVENT_IE_END, 0 }
+	},
+},
+
+[AST_SECURITY_EVENT_REQ_NOT_ALLOWED] = {
+	.name    = "RequestNotAllowed",
+	.version = AST_SECURITY_EVENT_REQ_NOT_ALLOWED_VERSION,
+	.required_ies = {
+		{ AST_EVENT_IE_EVENT_TV, 0 },
+		{ AST_EVENT_IE_SERVICE, SEC_EVT_FIELD(common, service) },
+		{ AST_EVENT_IE_EVENT_VERSION, SEC_EVT_FIELD(common, version) },
+		{ AST_EVENT_IE_ACCOUNT_ID, SEC_EVT_FIELD(req_not_allowed, account_id) },
+		{ AST_EVENT_IE_SESSION_ID, SEC_EVT_FIELD(req_not_allowed, session_id) },
+		{ AST_EVENT_IE_LOCAL_ADDR, SEC_EVT_FIELD(req_not_allowed, local_addr) },
+		{ AST_EVENT_IE_REMOTE_ADDR, SEC_EVT_FIELD(req_not_allowed, remote_addr) },
+		{ AST_EVENT_IE_REQUEST_TYPE, SEC_EVT_FIELD(req_not_allowed, request_type) },
+		{ AST_EVENT_IE_END, 0 }
+	},
+	.optional_ies = {
+		{ AST_EVENT_IE_MODULE, SEC_EVT_FIELD(req_not_allowed, module) },
+		{ AST_EVENT_IE_SESSION_TV, SEC_EVT_FIELD(req_not_allowed, session_tv) },
+		{ AST_EVENT_IE_REQUEST_PARAMS, SEC_EVT_FIELD(req_not_allowed, request_params) },
 		{ AST_EVENT_IE_END, 0 }
 	},
 },

Modified: team/group/security_events/security_events.txt
URL: http://svn.asterisk.org/svn-view/asterisk/team/group/security_events/security_events.txt?view=diff&rev=199294&r1=199293&r2=199294
==============================================================================
--- team/group/security_events/security_events.txt (original)
+++ team/group/security_events/security_events.txt Fri Jun  5 15:56:22 2009
@@ -158,7 +158,7 @@
  -> everything from inval account ID
  (-) Request Type
  (+) Request parameters
- DevNotes:
+ DevNotes: defined, has test code
 
 Request Not Supported
  -> everything from inval account ID
@@ -206,7 +206,7 @@
 IE: SecurityEvent
 Content: This is the security event sub-type.  
 Values: FailedACL, InvalidAccountID, CallLimit, MemoryLimit, LoadAverageLimit,
-        RequestNotSupported
+        RequestNotSupported, RequestNotAllowed
 
 IE: EventVersion
 Content: This is a numeric value that indicates when updates are made to the

Modified: team/group/security_events/tests/test_security_events.c
URL: http://svn.asterisk.org/svn-view/asterisk/team/group/security_events/tests/test_security_events.c?view=diff&rev=199294&r1=199293&r2=199294
==============================================================================
--- team/group/security_events/tests/test_security_events.c (original)
+++ team/group/security_events/tests/test_security_events.c Fri Jun  5 15:56:22 2009
@@ -42,15 +42,17 @@
 static void evt_gen_mem_limit(void);
 static void evt_gen_load_avg(void);
 static void evt_gen_req_no_support(void);
+static void evt_gen_req_not_allowed(void);
 
 typedef void (*evt_generator)(void);
 evt_generator evt_generators[AST_SECURITY_EVENT_NUM_TYPES] = {
-	[AST_SECURITY_EVENT_FAILED_ACL]     = evt_gen_failed_acl,
-	[AST_SECURITY_EVENT_INVAL_ACCT_ID]  = evt_gen_inval_acct_id,
-	[AST_SECURITY_EVENT_CALL_LIMIT]     = evt_gen_call_limit,
-	[AST_SECURITY_EVENT_MEM_LIMIT]      = evt_gen_mem_limit,
-	[AST_SECURITY_EVENT_LOAD_AVG]       = evt_gen_load_avg,
-	[AST_SECURITY_EVENT_REQ_NO_SUPPORT] = evt_gen_req_no_support,
+	[AST_SECURITY_EVENT_FAILED_ACL]      = evt_gen_failed_acl,
+	[AST_SECURITY_EVENT_INVAL_ACCT_ID]   = evt_gen_inval_acct_id,
+	[AST_SECURITY_EVENT_CALL_LIMIT]      = evt_gen_call_limit,
+	[AST_SECURITY_EVENT_MEM_LIMIT]       = evt_gen_mem_limit,
+	[AST_SECURITY_EVENT_LOAD_AVG]        = evt_gen_load_avg,
+	[AST_SECURITY_EVENT_REQ_NO_SUPPORT]  = evt_gen_req_no_support,
+	[AST_SECURITY_EVENT_REQ_NOT_ALLOWED] = evt_gen_req_not_allowed,
 };
 
 static void evt_gen_failed_acl(void)
@@ -276,6 +278,45 @@
 	sin_remote.sin_port = htons(9777);
 
 	ast_security_event_report(AST_SEC_EVT(&req_no_support));
+}
+
+static void evt_gen_req_not_allowed(void)
+{
+	struct sockaddr_in sin_local = {
+		.sin_family = AF_INET
+	};
+	struct sockaddr_in sin_remote = {
+		.sin_family = AF_INET
+	};
+	struct timeval session_tv = ast_tvnow();
+	struct ast_security_event_req_not_allowed req_not_allowed = {
+		.common.event_type = AST_SECURITY_EVENT_REQ_NOT_ALLOWED,
+		.common.version    = AST_SECURITY_EVENT_REQ_NOT_ALLOWED_VERSION,
+		.common.service    = "TEST",
+
+		.module     = AST_MODULE,
+		.account_id = "George",
+		.session_id = "alksdjf023423h4lka0df",
+		.session_tv = &session_tv,
+		.local_addr = {
+			.sin  = &sin_local,
+			.transport  = AST_SECURITY_EVENT_TRANSPORT_UDP,
+		},
+		.remote_addr = {
+			.sin = &sin_remote,
+			.transport  = AST_SECURITY_EVENT_TRANSPORT_UDP,
+		},
+		.request_type = "MakeMeBreakfast",
+		.request_params = "BACONNNN!",
+	};
+
+	inet_aton("10.110.120.130", &sin_local.sin_addr);
+	sin_local.sin_port = htons(9888);
+
+	inet_aton("10.120.110.100", &sin_remote.sin_addr);
+	sin_remote.sin_port = htons(9777);
+
+	ast_security_event_report(AST_SEC_EVT(&req_not_allowed));
 }
 
 static void gen_events(struct ast_cli_args *a)




More information about the asterisk-commits mailing list