[asterisk-commits] russell: branch group/security_events r246101 - /team/group/security_events/c...

Wed Feb 10 11:24:00 CST 2010

Author: russell
Date: Wed Feb 10 11:23:56 2010
New Revision: 246101

URL: http://svnview.digium.com/svn/asterisk?view=rev&rev=246101
Log:
Save off some stuff that was in my working copy so I can resolve a conflict in the branch

Modified:
    team/group/security_events/channels/chan_sip.c

Modified: team/group/security_events/channels/chan_sip.c
URL: http://svnview.digium.com/svn/asterisk/team/group/security_events/channels/chan_sip.c?view=diff&rev=246101&r1=246100&r2=246101
==============================================================================

--- team/group/security_events/channels/chan_sip.c (original)
+++ team/group/security_events/channels/chan_sip.c Wed Feb 10 11:23:56 2010
@@ -205,6 +205,67 @@
 
 */
 
+/*!
+ * \page SIPsecurityevents SIP Security Events
+ *
+ * \section intro Introduction
+ *
+ * This page covers the status of the development of security events support in
+ * chan_sip.  Prototypes for functions that have been added can be found by
+ * searching for the "Security Event Handling" heading.
+ *
+ * \section events Security Events (TODO)
+ *
+ * - FAILED_ACL
+ *   - added report_failed_acl() function
+ *   - almost done
+ *   - Make sure it is used everywhere ACLs are checked
+ *
+ * - INVAL_ACCT_ID
+ *   - added report_invalid_peer() function
+ *   - not yet used anywhere
+ *   - needs to be called everywhere where we do a lookup by name and no
+ *     peer (user, really) is found.
+ *
+ * - SESSION_LIMIT
+ *   - should report this when a request is denied due to a call limit setting
+ *
+ * - REQ_NO_SUPPORT
+ *   - should report this if we receive a request we do not support
+ *
+ * - REQ_NOT_ALLOWED
+ *   - should report this if we receive a request that we understand, but
+ *     do not allow (example?)
+ *
+ * - REQ_BAD_FORMAT
+ *   - report this on a request parse error
+ *
+ * - SUCCESSFUL_AUTH
+ *   - report this after successful authentication, but only after the
+ *     security events infrastructure fully supports non-error events
+ *
+ * - UNEXPECED_ADDR
+ *   - report this if we get a request from an unexpected address.  Examples
+ *     would be if we try do a peer lookup by IP and get no result, or if we
+ *     get a request for an active Call-ID from an unexpected source IP/port.
+ *
+ * - CHAL_RESP_FAILED
+ *   - report this if authentication fails
+ *
+ * \section events2 Security Events (Done)
+ *
+ * - MEM_LIMIT
+ *   - nothing needed
+ *
+ * - LOAD_AVG
+ *   - nothing needed
+ *
+ * - AUTH_METHOD_NOT_ALLOWED
+ *   - nothing needed
+ *
+ * - INVAL_PASSWORD
+ *   - nothing needed (we use INVAL_CHAL_RESP here)
+ */
 #include "asterisk.h"
 
 ASTERISK_FILE_VERSION(__FILE__, "$Revision$")
@@ -2562,7 +2623,6 @@
 		const enum sip_transport sip_transport);
 static void report_failed_acl(const struct sip_peer *peer, const struct sip_pvt *pvt,
 		const struct sockaddr_in *sin_remote, const char *acl_name);
-/*! XXX \todo Use this in the proper places in chan_sip */
 static void attribute_unused report_invalid_peer(const char *peer_name, const struct sip_pvt *pvt,
 		const struct sockaddr_in *sin_remote);
 
@@ -5260,6 +5320,12 @@
 	if (!p && (realtime || devstate_only)) {
 		p = realtime_peer(peer, sin, devstate_only);
 	}
+
+#if 0
+	if (!p && (which_obects & FINDUSERS)) {
+		report_invalid_peer(...);
+	}
+#endif
 
 	return p;
 }


