[asterisk-commits] file: branch file/pimp_sip_security r390829 - in /team/file/pimp_sip_security...

SVN commits to the Asterisk project asterisk-commits at lists.digium.com
Fri Jun 7 07:52:53 CDT 2013


Author: file
Date: Fri Jun  7 07:52:50 2013
New Revision: 390829

URL: http://svnview.digium.com/svn/asterisk?view=rev&rev=390829
Log:
Incorporate review feedback.

Modified:
    team/file/pimp_sip_security/include/asterisk/res_sip.h
    team/file/pimp_sip_security/res/res_sip/security_events.c
    team/file/pimp_sip_security/res/res_sip/sip_distributor.c

Modified: team/file/pimp_sip_security/include/asterisk/res_sip.h
URL: http://svnview.digium.com/svn/asterisk/team/file/pimp_sip_security/include/asterisk/res_sip.h?view=diff&rev=390829&r1=390828&r2=390829
==============================================================================
--- team/file/pimp_sip_security/include/asterisk/res_sip.h (original)
+++ team/file/pimp_sip_security/include/asterisk/res_sip.h Fri Jun  7 07:52:50 2013
@@ -1175,12 +1175,12 @@
 void ast_sip_report_failed_acl(struct ast_sip_endpoint *endpoint, pjsip_rx_data *rdata, const char *name);
 
 /*!
- * \brief Send a security event notification for when an invalid password is used
+ * \brief Send a security event notification for when a challenge response has failed
  *
  * \param endpoint Pointer to the endpoint in use
  * \param rdata Received message
  */
-void ast_sip_report_auth_invalid_password(struct ast_sip_endpoint *endpoint, pjsip_rx_data *rdata);
+void ast_sip_report_auth_failed_challenge_response(struct ast_sip_endpoint *endpoint, pjsip_rx_data *rdata);
 
 /*!
  * \brief Send a security event notification for when authentication succeeds

Modified: team/file/pimp_sip_security/res/res_sip/security_events.c
URL: http://svnview.digium.com/svn/asterisk/team/file/pimp_sip_security/res/res_sip/security_events.c?view=diff&rev=390829&r1=390828&r2=390829
==============================================================================
--- team/file/pimp_sip_security/res/res_sip/security_events.c (original)
+++ team/file/pimp_sip_security/res/res_sip/security_events.c Fri Jun  7 07:52:50 2013
@@ -54,7 +54,12 @@
 
 	/* It should be impossible for these to fail as the transport has to exist for the message to exist */
 	transports = ast_sorcery_retrieve_by_fields(ast_sip_get_sorcery(), "transport", AST_RETRIEVE_FLAG_MULTIPLE | AST_RETRIEVE_FLAG_ALL, NULL);
+
+	ast_assert(transports != NULL);
+
 	transport = ao2_callback(transports, 0, find_transport_in_use, rdata);
+
+	ast_assert(transport != NULL);
 
 	return transport->type;
 }
@@ -128,7 +133,7 @@
 	ast_security_event_report(AST_SEC_EVT(&failed_acl_event));
 }
 
-void ast_sip_report_auth_invalid_password(struct ast_sip_endpoint *endpoint, pjsip_rx_data *rdata)
+void ast_sip_report_auth_failed_challenge_response(struct ast_sip_endpoint *endpoint, pjsip_rx_data *rdata)
 {
 	pjsip_authorization_hdr *auth = pjsip_msg_find_hdr(rdata->msg_info.msg, PJSIP_H_AUTHORIZATION, NULL);
 	enum ast_transport transport = security_event_get_transport(rdata);
@@ -136,24 +141,25 @@
 	char nonce[64] = "", response[256] = "";
 	struct ast_sockaddr local, remote;
 
-	struct ast_security_event_inval_password inval_password = {
-		.common.event_type  = AST_SECURITY_EVENT_INVAL_PASSWORD,
-		.common.version     = AST_SECURITY_EVENT_INVAL_PASSWORD_VERSION,
-		.common.service     = "PJSIP",
-		.common.account_id  = ast_sorcery_object_get_id(endpoint),
-		.common.local_addr  = {
-				.addr       = &local,
-				.transport  = transport,
-		},
-		.common.remote_addr = {
-				.addr       = &remote,
-				.transport  = transport,
-		},
-		.common.session_id  = call_id,
-		.challenge	    	= "",
-		.received_challenge = nonce,
-		.received_hash	    = response,
-	};
+	struct ast_security_event_chal_resp_failed chal_resp_failed = {
+				.common.event_type = AST_SECURITY_EVENT_CHAL_RESP_FAILED,
+				.common.version    = AST_SECURITY_EVENT_CHAL_RESP_FAILED_VERSION,
+				.common.service    = "PJSIP",
+				.common.account_id = ast_sorcery_object_get_id(endpoint),
+				.common.local_addr = {
+						.addr      = &local,
+						.transport = transport,
+				},
+				.common.remote_addr = {
+						.addr      = &remote,
+						.transport = transport,
+				},
+				.common.session_id = call_id,
+
+				.challenge         = nonce,
+				.response          = response,
+				.expected_response = "",
+		};
 
 	if (auth && !pj_strcmp2(&auth->scheme, "digest")) {
 		ast_copy_pj_str(nonce, &auth->credential.digest.nonce, sizeof(nonce));
@@ -162,7 +168,7 @@
 
 	security_event_populate(rdata, call_id, sizeof(call_id), &local, &remote);
 
-	ast_security_event_report(AST_SEC_EVT(&inval_password));
+	ast_security_event_report(AST_SEC_EVT(&chal_resp_failed));
 }
 
 void ast_sip_report_auth_success(struct ast_sip_endpoint *endpoint, pjsip_rx_data *rdata)
@@ -225,4 +231,4 @@
 	security_event_populate(rdata, call_id, sizeof(call_id), &local, &remote);
 
 	ast_security_event_report(AST_SEC_EVT(&chal_sent));
-}
+}

Modified: team/file/pimp_sip_security/res/res_sip/sip_distributor.c
URL: http://svnview.digium.com/svn/asterisk/team/file/pimp_sip_security/res/res_sip/sip_distributor.c?view=diff&rev=390829&r1=390828&r2=390829
==============================================================================
--- team/file/pimp_sip_security/res/res_sip/sip_distributor.c (original)
+++ team/file/pimp_sip_security/res/res_sip/sip_distributor.c Fri Jun  7 07:52:50 2013
@@ -182,12 +182,12 @@
 			pjsip_tx_data_dec_ref(tdata);
 			return PJ_FALSE;
 		case AST_SIP_AUTHENTICATION_FAILED:
-			ast_sip_report_auth_invalid_password(endpoint, rdata);
+			ast_sip_report_auth_failed_challenge_response(endpoint, rdata);
 			pjsip_tx_data_dec_ref(tdata);
 			pjsip_endpt_respond_stateless(ast_sip_get_pjsip_endpoint(), rdata, 403, NULL, NULL, NULL);
 			return PJ_TRUE;
 		case AST_SIP_AUTHENTICATION_ERROR:
-			ast_sip_report_auth_invalid_password(endpoint, rdata);
+			ast_sip_report_auth_failed_challenge_response(endpoint, rdata);
 			pjsip_tx_data_dec_ref(tdata);
 			pjsip_endpt_respond_stateless(ast_sip_get_pjsip_endpoint(), rdata, 500, NULL, NULL, NULL);
 			return PJ_TRUE;




More information about the asterisk-commits mailing list