[asterisk-commits] russell: branch group/security_events r199512 - in /team/group/security_event...

SVN commits to the Asterisk project asterisk-commits at lists.digium.com
Sun Jun 7 10:36:58 CDT 2009


Author: russell
Date: Sun Jun  7 10:36:40 2009
New Revision: 199512

URL: http://svn.asterisk.org/svn-view/asterisk?view=rev&rev=199512
Log:
Associate a severity with security events in preparation for adding "auth successful" event

Modified:
    team/group/security_events/include/asterisk/event_defs.h
    team/group/security_events/include/asterisk/security_events.h
    team/group/security_events/include/asterisk/security_events_defs.h
    team/group/security_events/main/event.c
    team/group/security_events/main/security_events.c
    team/group/security_events/security_events.txt

Modified: team/group/security_events/include/asterisk/event_defs.h
URL: http://svn.asterisk.org/svn-view/asterisk/team/group/security_events/include/asterisk/event_defs.h?view=diff&rev=199512&r1=199511&r2=199512
==============================================================================
--- team/group/security_events/include/asterisk/event_defs.h (original)
+++ team/group/security_events/include/asterisk/event_defs.h Sun Jun  7 10:36:40 2009
@@ -136,8 +136,9 @@
 	AST_EVENT_IE_REQUEST_TYPE   = 0x0016,
 	AST_EVENT_IE_REQUEST_PARAMS = 0x0017,
 	AST_EVENT_IE_AUTH_METHOD    = 0x0018,
+	AST_EVENT_IE_SEVERITY       = 0x0019,
 	/*! \brief Must be the last IE value +1 */
-	AST_EVENT_IE_TOTAL          = 0x0019,
+	AST_EVENT_IE_TOTAL          = 0x001A,
 };
 
 /*!

Modified: team/group/security_events/include/asterisk/security_events.h
URL: http://svn.asterisk.org/svn-view/asterisk/team/group/security_events/include/asterisk/security_events.h?view=diff&rev=199512&r1=199511&r2=199512
==============================================================================
--- team/group/security_events/include/asterisk/security_events.h (original)
+++ team/group/security_events/include/asterisk/security_events.h Sun Jun  7 10:36:40 2009
@@ -97,6 +97,19 @@
  */
 const char *ast_security_event_get_name(const enum ast_security_event_type event_type);
 
+/*!
+ * \brief Get the name of a security event severity
+ *
+ * \param[in] severity security event severity
+ *
+ * \retval NULL if severity is invalid
+ * \retval non-NULL the name of the security event severity
+ *
+ * \since 1.6.3
+ */
+const char *ast_security_event_severity_get_name(
+		const enum ast_security_event_severity severity);
+
 #if defined(__cplusplus) || defined(c_plusplus)
 }
 #endif

Modified: team/group/security_events/include/asterisk/security_events_defs.h
URL: http://svn.asterisk.org/svn-view/asterisk/team/group/security_events/include/asterisk/security_events_defs.h?view=diff&rev=199512&r1=199511&r2=199512
==============================================================================
--- team/group/security_events/include/asterisk/security_events_defs.h (original)
+++ team/group/security_events/include/asterisk/security_events_defs.h Sun Jun  7 10:36:40 2009
@@ -97,6 +97,21 @@
 	AST_SECURITY_EVENT_REQ_BAD_FORMAT,
 	/* \brief This _must_ stay at the end. */
 	AST_SECURITY_EVENT_NUM_TYPES
+};
+
+/*!
+ * \brief the severity of a security event
+ *
+ * This is defined as a bit field to make it easy for consumers of the API to
+ * subscribe to any combination of the defined severity levels.
+ *
+ * XXX \todo Do we need any more levels here?
+ */
+enum ast_security_event_severity {
+	/*! \brief Informational event, not something that has gone wrong */
+	AST_SECURITY_EVENT_SEVERITY_INFO  = 0,
+	/*! \brief Something has gone wrong */
+	AST_SECURITY_EVENT_SEVERITY_ERROR = (1 << 0),
 };
 
 /*!

Modified: team/group/security_events/main/event.c
URL: http://svn.asterisk.org/svn-view/asterisk/team/group/security_events/main/event.c?view=diff&rev=199512&r1=199511&r2=199512
==============================================================================
--- team/group/security_events/main/event.c (original)
+++ team/group/security_events/main/event.c Sun Jun  7 10:36:40 2009
@@ -225,6 +225,7 @@
 	[AST_EVENT_IE_REQUEST_TYPE]   = { AST_EVENT_IE_PLTYPE_STR,  "RequestType" },
 	[AST_EVENT_IE_REQUEST_PARAMS] = { AST_EVENT_IE_PLTYPE_STR,  "RequestParams" },
 	[AST_EVENT_IE_AUTH_METHOD]    = { AST_EVENT_IE_PLTYPE_STR,  "AuthMethod" },
+	[AST_EVENT_IE_SEVERITY]       = { AST_EVENT_IE_PLTYPE_STR,  "Severity" },
 };
 
 const char *ast_event_get_type_name(const struct ast_event *event)

Modified: team/group/security_events/main/security_events.c
URL: http://svn.asterisk.org/svn-view/asterisk/team/group/security_events/main/security_events.c?view=diff&rev=199512&r1=199511&r2=199512
==============================================================================
--- team/group/security_events/main/security_events.c (original)
+++ team/group/security_events/main/security_events.c Sun Jun  7 10:36:40 2009
@@ -38,7 +38,8 @@
 static const struct {
 	const char *name;
 	uint32_t version;
-#define MAX_SECURITY_IES 9
+	enum ast_security_event_severity severity;
+#define MAX_SECURITY_IES 10
 	struct ast_security_event_ie_type required_ies[MAX_SECURITY_IES];
 	struct ast_security_event_ie_type optional_ies[MAX_SECURITY_IES];
 #undef MAX_SECURITY_IES
@@ -47,10 +48,12 @@
 #define SEC_EVT_FIELD(e, field) (offsetof(struct ast_security_event_##e, field))
 
 [AST_SECURITY_EVENT_FAILED_ACL] = {
-	.name    = "FailedACL",
-	.version = AST_SECURITY_EVENT_FAILED_ACL_VERSION,
-	.required_ies = {
-		{ AST_EVENT_IE_EVENT_TV, 0 },
+	.name     = "FailedACL",
+	.version  = AST_SECURITY_EVENT_FAILED_ACL_VERSION,
+	.severity = AST_SECURITY_EVENT_SEVERITY_ERROR,
+	.required_ies = {
+		{ AST_EVENT_IE_EVENT_TV, 0 },
+		{ AST_EVENT_IE_SEVERITY, 0 },
 		{ AST_EVENT_IE_SERVICE, SEC_EVT_FIELD(common, service) },
 		{ AST_EVENT_IE_EVENT_VERSION, SEC_EVT_FIELD(common, version) },
 		{ AST_EVENT_IE_ACCOUNT_ID, SEC_EVT_FIELD(failed_acl, account_id) },
@@ -68,10 +71,12 @@
 },
 
 [AST_SECURITY_EVENT_INVAL_ACCT_ID] = {
-	.name    = "InvalidAccountID",
-	.version = AST_SECURITY_EVENT_INVAL_ACCT_ID_VERSION,
-	.required_ies = {
-		{ AST_EVENT_IE_EVENT_TV, 0 },
+	.name     = "InvalidAccountID",
+	.version  = AST_SECURITY_EVENT_INVAL_ACCT_ID_VERSION,
+	.severity = AST_SECURITY_EVENT_SEVERITY_ERROR,
+	.required_ies = {
+		{ AST_EVENT_IE_EVENT_TV, 0 },
+		{ AST_EVENT_IE_SEVERITY, 0 },
 		{ AST_EVENT_IE_SERVICE, SEC_EVT_FIELD(common, service) },
 		{ AST_EVENT_IE_EVENT_VERSION, SEC_EVT_FIELD(common, version) },
 		{ AST_EVENT_IE_ACCOUNT_ID, SEC_EVT_FIELD(inval_acct_id, account_id) },
@@ -88,10 +93,12 @@
 },
 
 [AST_SECURITY_EVENT_CALL_LIMIT] = {
-	.name    = "CallLimit",
-	.version = AST_SECURITY_EVENT_CALL_LIMIT_VERSION,
-	.required_ies = {
-		{ AST_EVENT_IE_EVENT_TV, 0 },
+	.name     = "CallLimit",
+	.version  = AST_SECURITY_EVENT_CALL_LIMIT_VERSION,
+	.severity = AST_SECURITY_EVENT_SEVERITY_ERROR,
+	.required_ies = {
+		{ AST_EVENT_IE_EVENT_TV, 0 },
+		{ AST_EVENT_IE_SEVERITY, 0 },
 		{ AST_EVENT_IE_SERVICE, SEC_EVT_FIELD(common, service) },
 		{ AST_EVENT_IE_EVENT_VERSION, SEC_EVT_FIELD(common, version) },
 		{ AST_EVENT_IE_ACCOUNT_ID, SEC_EVT_FIELD(call_limit, account_id) },
@@ -108,10 +115,12 @@
 },
 
 [AST_SECURITY_EVENT_MEM_LIMIT] = {
-	.name    = "MemoryLimit",
-	.version = AST_SECURITY_EVENT_MEM_LIMIT_VERSION,
-	.required_ies = {
-		{ AST_EVENT_IE_EVENT_TV, 0 },
+	.name     = "MemoryLimit",
+	.version  = AST_SECURITY_EVENT_MEM_LIMIT_VERSION,
+	.severity = AST_SECURITY_EVENT_SEVERITY_ERROR,
+	.required_ies = {
+		{ AST_EVENT_IE_EVENT_TV, 0 },
+		{ AST_EVENT_IE_SEVERITY, 0 },
 		{ AST_EVENT_IE_SERVICE, SEC_EVT_FIELD(common, service) },
 		{ AST_EVENT_IE_EVENT_VERSION, SEC_EVT_FIELD(common, version) },
 		{ AST_EVENT_IE_ACCOUNT_ID, SEC_EVT_FIELD(mem_limit, account_id) },
@@ -128,10 +137,12 @@
 },
 
 [AST_SECURITY_EVENT_LOAD_AVG] = {
-	.name    = "LoadAverageLimit",
-	.version = AST_SECURITY_EVENT_LOAD_AVG_VERSION,
-	.required_ies = {
-		{ AST_EVENT_IE_EVENT_TV, 0 },
+	.name     = "LoadAverageLimit",
+	.version  = AST_SECURITY_EVENT_LOAD_AVG_VERSION,
+	.severity = AST_SECURITY_EVENT_SEVERITY_ERROR,
+	.required_ies = {
+		{ AST_EVENT_IE_EVENT_TV, 0 },
+		{ AST_EVENT_IE_SEVERITY, 0 },
 		{ AST_EVENT_IE_SERVICE, SEC_EVT_FIELD(common, service) },
 		{ AST_EVENT_IE_EVENT_VERSION, SEC_EVT_FIELD(common, version) },
 		{ AST_EVENT_IE_ACCOUNT_ID, SEC_EVT_FIELD(load_avg, account_id) },
@@ -148,10 +159,12 @@
 },
 
 [AST_SECURITY_EVENT_REQ_NO_SUPPORT] = {
-	.name    = "RequestNotSupported",
-	.version = AST_SECURITY_EVENT_REQ_NO_SUPPORT_VERSION,
-	.required_ies = {
-		{ AST_EVENT_IE_EVENT_TV, 0 },
+	.name     = "RequestNotSupported",
+	.version  = AST_SECURITY_EVENT_REQ_NO_SUPPORT_VERSION,
+	.severity = AST_SECURITY_EVENT_SEVERITY_ERROR,
+	.required_ies = {
+		{ AST_EVENT_IE_EVENT_TV, 0 },
+		{ AST_EVENT_IE_SEVERITY, 0 },
 		{ AST_EVENT_IE_SERVICE, SEC_EVT_FIELD(common, service) },
 		{ AST_EVENT_IE_EVENT_VERSION, SEC_EVT_FIELD(common, version) },
 		{ AST_EVENT_IE_ACCOUNT_ID, SEC_EVT_FIELD(req_no_support, account_id) },
@@ -169,10 +182,12 @@
 },
 
 [AST_SECURITY_EVENT_REQ_NOT_ALLOWED] = {
-	.name    = "RequestNotAllowed",
-	.version = AST_SECURITY_EVENT_REQ_NOT_ALLOWED_VERSION,
-	.required_ies = {
-		{ AST_EVENT_IE_EVENT_TV, 0 },
+	.name     = "RequestNotAllowed",
+	.version  = AST_SECURITY_EVENT_REQ_NOT_ALLOWED_VERSION,
+	.severity = AST_SECURITY_EVENT_SEVERITY_ERROR,
+	.required_ies = {
+		{ AST_EVENT_IE_EVENT_TV, 0 },
+		{ AST_EVENT_IE_SEVERITY, 0 },
 		{ AST_EVENT_IE_SERVICE, SEC_EVT_FIELD(common, service) },
 		{ AST_EVENT_IE_EVENT_VERSION, SEC_EVT_FIELD(common, version) },
 		{ AST_EVENT_IE_ACCOUNT_ID, SEC_EVT_FIELD(req_not_allowed, account_id) },
@@ -191,10 +206,12 @@
 },
 
 [AST_SECURITY_EVENT_AUTH_METHOD_NOT_ALLOWED] = {
-	.name    = "AuthMethodNotAllowed",
-	.version = AST_SECURITY_EVENT_AUTH_METHOD_NOT_ALLOWED_VERSION,
-	.required_ies = {
-		{ AST_EVENT_IE_EVENT_TV, 0 },
+	.name     = "AuthMethodNotAllowed",
+	.version  = AST_SECURITY_EVENT_AUTH_METHOD_NOT_ALLOWED_VERSION,
+	.severity = AST_SECURITY_EVENT_SEVERITY_ERROR,
+	.required_ies = {
+		{ AST_EVENT_IE_EVENT_TV, 0 },
+		{ AST_EVENT_IE_SEVERITY, 0 },
 		{ AST_EVENT_IE_SERVICE, SEC_EVT_FIELD(common, service) },
 		{ AST_EVENT_IE_EVENT_VERSION, SEC_EVT_FIELD(common, version) },
 		{ AST_EVENT_IE_ACCOUNT_ID, SEC_EVT_FIELD(auth_method_not_allowed, account_id) },
@@ -212,10 +229,12 @@
 },
 
 [AST_SECURITY_EVENT_REQ_BAD_FORMAT] = {
-	.name    = "RequestBadFormat",
-	.version = AST_SECURITY_EVENT_REQ_BAD_FORMAT_VERSION,
-	.required_ies = {
-		{ AST_EVENT_IE_EVENT_TV, 0 },
+	.name     = "RequestBadFormat",
+	.version  = AST_SECURITY_EVENT_REQ_BAD_FORMAT_VERSION,
+	.severity = AST_SECURITY_EVENT_SEVERITY_ERROR,
+	.required_ies = {
+		{ AST_EVENT_IE_EVENT_TV, 0 },
+		{ AST_EVENT_IE_SEVERITY, 0 },
 		{ AST_EVENT_IE_SERVICE, SEC_EVT_FIELD(common, service) },
 		{ AST_EVENT_IE_EVENT_VERSION, SEC_EVT_FIELD(common, version) },
 		{ AST_EVENT_IE_SESSION_ID, SEC_EVT_FIELD(req_bad_format, session_id) },
@@ -237,6 +256,28 @@
 
 };
 
+static const struct {
+	enum ast_security_event_severity severity;
+	const char *str;
+} severities[] = {
+	{ AST_SECURITY_EVENT_SEVERITY_INFO,  "Informational" },
+	{ AST_SECURITY_EVENT_SEVERITY_ERROR, "Error" },
+};
+
+const char *ast_security_event_severity_get_name(
+		const enum ast_security_event_severity severity)
+{
+	unsigned int i;
+
+	for (i = 0; i < ARRAY_LEN(severities); i++) {
+		if (severities[i].severity == severity) {
+			return severities[i].str;
+		}
+	}
+
+	return NULL;
+}
+
 static int check_event_type(const enum ast_security_event_type event_type)
 {
 	if (event_type < 0 || event_type >= AST_SECURITY_EVENT_NUM_TYPES) {
@@ -287,14 +328,25 @@
 {
 	struct ast_str *str = ast_str_alloca(TIMESTAMP_STR_LEN);
 	struct timeval tv = ast_tvnow();
+	const char *severity_str;
+
+	if (check_event_type(sec->event_type)) {
+		return NULL;
+	}
 
 	encode_timestamp(&str, &tv);
+
+	severity_str = S_OR(
+		ast_security_event_severity_get_name(sec_events[sec->event_type].severity),
+		"Unknown"
+	);
 
 	return ast_event_new(AST_EVENT_SECURITY,
 		AST_EVENT_IE_SECURITY_EVENT, AST_EVENT_IE_PLTYPE_UINT, sec->event_type,
 		AST_EVENT_IE_EVENT_VERSION, AST_EVENT_IE_PLTYPE_UINT, sec->version,
 		AST_EVENT_IE_EVENT_TV, AST_EVENT_IE_PLTYPE_STR, str->str,
 		AST_EVENT_IE_SERVICE, AST_EVENT_IE_PLTYPE_STR, sec->service,
+		AST_EVENT_IE_SEVERITY, AST_EVENT_IE_PLTYPE_STR, severity_str,
 		AST_EVENT_IE_END);
 }
 
@@ -417,6 +469,7 @@
 		break;
 	}
 	case AST_EVENT_IE_EVENT_TV:
+	case AST_EVENT_IE_SEVERITY:
 		/* Added automatically, nothing to do here. */
 		break;
 	default:

Modified: team/group/security_events/security_events.txt
URL: http://svn.asterisk.org/svn-view/asterisk/team/group/security_events/security_events.txt?view=diff&rev=199512&r1=199511&r2=199512
==============================================================================
--- team/group/security_events/security_events.txt (original)
+++ team/group/security_events/security_events.txt Sun Jun  7 10:36:40 2009
@@ -108,77 +108,77 @@
   -> Add events to chan_sip as appropriate
 
 Invalid Account ID
- (-) Local address family/IP/addr/port/transport
- (-) Remote address family/IP/addr/port/transport
- (-) Service (SIP, AMI, IAX2, ...)
- (-) System Name
- (+) Module
- (+) Account ID (username, etc)
- (+) Session ID (CallID, etc)
- (+) Session timestamp (required if Session ID present)
- (-) Event timestamp (sub-second precision)
- DevNotes: defined, has test code
+  (-) Local address family/IP/addr/port/transport
+  (-) Remote address family/IP/addr/port/transport
+  (-) Service (SIP, AMI, IAX2, ...)
+  (-) System Name
+  (+) Module
+  (+) Account ID (username, etc)
+  (+) Session ID (CallID, etc)
+  (+) Session timestamp (required if Session ID present)
+  (-) Event timestamp (sub-second precision)
+  DevNotes: defined, has test code
 
 Failed ACL match
- -> everything from invalid account ID
- (+) Name of ACL (when we have named ACLs)
- DevNotes: defined, has test code, implemented in chan_sip
+  -> everything from invalid account ID
+  (+) Name of ACL (when we have named ACLs)
+  DevNotes: defined, has test code, implemented in chan_sip
 
 Invalid Challenge/Response
- -> everything from invalid account ID
- (-) Challenge
- (-) Response
- (-) Expected Response
- DevNotes:
+  -> everything from invalid account ID
+  (-) Challenge
+  (-) Response
+  (-) Expected Response
+  DevNotes:
 
 Successful Auth
- -> informational event
- -> everything from inval account ID
- DevNotes:
+  -> informational event
+  -> everything from inval account ID
+  DevNotes:
 
 Invalid formatting of Request
- -> everything from inval account ID
- -> account ID optional
- (-) Request Type
- (+) Request parameters
- DevNotes: defined, has test code
+  -> everything from inval account ID
+  -> account ID optional
+  (-) Request Type
+  (+) Request parameters
+  DevNotes: defined, has test code
 
 Call Limit Reached
- -> everything from inval account ID
- DevNotes: defined, has test code
+  -> everything from inval account ID
+  DevNotes: defined, has test code
 
 Mem Limit Reached
- -> everything from inval account ID
- DevNotes: defined, has test code
+  -> everything from inval account ID
+  DevNotes: defined, has test code
 
 Max Load Avg Reached
- -> everything from inval account ID
- DevNotes: defined, has test code
+  -> everything from inval account ID
+  DevNotes: defined, has test code
 
 Request Not Allowed
- -> everything from inval account ID
- (-) Request Type
- (+) Request parameters
- DevNotes: defined, has test code
+  -> everything from inval account ID
+  (-) Request Type
+  (+) Request parameters
+  DevNotes: defined, has test code
 
 Request Not Supported
- -> everything from inval account ID
- (-) Request Type
- DevNotes: defined, has test code
+  -> everything from inval account ID
+  (-) Request Type
+  DevNotes: defined, has test code
 
 Auth Method Not Allowed
- -> everything from inval account ID
- (-) Auth Method attempted
- DevNotes: defined, has test code
+  -> everything from inval account ID
+  (-) Auth Method attempted
+  DevNotes: defined, has test code
 
 Custom Events (from dialplan)
- -> driven by config file?
- DevNotes:
+  -> driven by config file?
+  DevNotes:
 
 In dialog message from unexpected host
- -> everything from inval account ID
- (-) expected host
- DevNotes:
+  -> everything from inval account ID
+  (-) expected host
+  DevNotes:
 
 --------------------------------------------------------------------------------
 --------------------------------------------------------------------------------




More information about the asterisk-commits mailing list