[svn-commits] russell: branch group/security_events r199364 - in /team/group/security_event...
SVN commits to the Digium repositories
svn-commits at lists.digium.com
Fri Jun 5 18:10:23 CDT 2009
Author: russell
Date: Fri Jun 5 18:10:20 2009
New Revision: 199364
URL: http://svn.asterisk.org/svn-view/asterisk?view=rev&rev=199364
Log:
Add support and test code for "auth method not allowed" security event
Modified:
team/group/security_events/include/asterisk/security_events_defs.h
team/group/security_events/main/security_events.c
team/group/security_events/security_events.txt
team/group/security_events/tests/test_security_events.c
Modified: team/group/security_events/include/asterisk/security_events_defs.h
URL: http://svn.asterisk.org/svn-view/asterisk/team/group/security_events/include/asterisk/security_events_defs.h?view=diff&rev=199364&r1=199363&r2=199364
==============================================================================
--- team/group/security_events/include/asterisk/security_events_defs.h (original)
+++ team/group/security_events/include/asterisk/security_events_defs.h Fri Jun 5 18:10:20 2009
@@ -87,6 +87,10 @@
* \brief A request was made that is not allowed
*/
AST_SECURITY_EVENT_REQ_NOT_ALLOWED,
+ /*!
+ * \brief The attempted authentication method is not allowed
+ */
+ AST_SECURITY_EVENT_AUTH_METHOD_NOT_ALLOWED,
/* \brief This _must_ stay at the end. */
AST_SECURITY_EVENT_NUM_TYPES
};
@@ -451,6 +455,54 @@
const char *request_params;
};
+/*!
+ * \brief Auth method used not allowed
+ */
+struct ast_security_event_auth_method_not_allowed {
+ /*!
+ * \brief Event descriptor version
+ * \note This _must_ be changed if this event descriptor is changed.
+ */
+ #define AST_SECURITY_EVENT_AUTH_METHOD_NOT_ALLOWED_VERSION 1
+ /*! \brief Common security event descriptor elements */
+ struct ast_security_event_common common;
+ /*!
+ * \brief Module, Normally the AST_MODULE define
+ * \note optional
+ */
+ const char *module;
+ /*!
+ * \brief Account ID, specific to the service type
+ * \note required
+ */
+ const char *account_id;
+ /*!
+ * \brief Session ID, specific to the service type
+ * \note required
+ */
+ const char *session_id;
+ /*!
+ * \brief Session timeval, when the session started
+ * \note optional
+ */
+ const struct timeval *session_tv;
+ /*!
+ * \brief Local address the request came in on
+ * \note required
+ */
+ struct ast_security_event_ipv4_addr local_addr;
+ /*!
+ * \brief Remote address the request came from
+ * \note required
+ */
+ struct ast_security_event_ipv4_addr remote_addr;
+ /*!
+ * \brief Auth method attempted
+ * \note required
+ */
+ const char *auth_method;
+};
+
#if defined(__cplusplus) || defined(c_plusplus)
}
#endif
Modified: team/group/security_events/main/security_events.c
URL: http://svn.asterisk.org/svn-view/asterisk/team/group/security_events/main/security_events.c?view=diff&rev=199364&r1=199363&r2=199364
==============================================================================
--- team/group/security_events/main/security_events.c (original)
+++ team/group/security_events/main/security_events.c Fri Jun 5 18:10:20 2009
@@ -186,6 +186,27 @@
{ AST_EVENT_IE_MODULE, SEC_EVT_FIELD(req_not_allowed, module) },
{ AST_EVENT_IE_SESSION_TV, SEC_EVT_FIELD(req_not_allowed, session_tv) },
{ AST_EVENT_IE_REQUEST_PARAMS, SEC_EVT_FIELD(req_not_allowed, request_params) },
+ { AST_EVENT_IE_END, 0 }
+ },
+},
+
+[AST_SECURITY_EVENT_AUTH_METHOD_NOT_ALLOWED] = {
+ .name = "AuthMethodNotAllowed",
+ .version = AST_SECURITY_EVENT_AUTH_METHOD_NOT_ALLOWED_VERSION,
+ .required_ies = {
+ { AST_EVENT_IE_EVENT_TV, 0 },
+ { AST_EVENT_IE_SERVICE, SEC_EVT_FIELD(common, service) },
+ { AST_EVENT_IE_EVENT_VERSION, SEC_EVT_FIELD(common, version) },
+ { AST_EVENT_IE_ACCOUNT_ID, SEC_EVT_FIELD(auth_method_not_allowed, account_id) },
+ { AST_EVENT_IE_SESSION_ID, SEC_EVT_FIELD(auth_method_not_allowed, session_id) },
+ { AST_EVENT_IE_LOCAL_ADDR, SEC_EVT_FIELD(auth_method_not_allowed, local_addr) },
+ { AST_EVENT_IE_REMOTE_ADDR, SEC_EVT_FIELD(auth_method_not_allowed, remote_addr) },
+ { AST_EVENT_IE_AUTH_METHOD, SEC_EVT_FIELD(auth_method_not_allowed, auth_method) },
+ { AST_EVENT_IE_END, 0 }
+ },
+ .optional_ies = {
+ { AST_EVENT_IE_MODULE, SEC_EVT_FIELD(auth_method_not_allowed, module) },
+ { AST_EVENT_IE_SESSION_TV, SEC_EVT_FIELD(auth_method_not_allowed, session_tv) },
{ AST_EVENT_IE_END, 0 }
},
},
Modified: team/group/security_events/security_events.txt
URL: http://svn.asterisk.org/svn-view/asterisk/team/group/security_events/security_events.txt?view=diff&rev=199364&r1=199363&r2=199364
==============================================================================
--- team/group/security_events/security_events.txt (original)
+++ team/group/security_events/security_events.txt Fri Jun 5 18:10:20 2009
@@ -206,7 +206,7 @@
IE: SecurityEvent
Content: This is the security event sub-type.
Values: FailedACL, InvalidAccountID, CallLimit, MemoryLimit, LoadAverageLimit,
- RequestNotSupported, RequestNotAllowed
+ RequestNotSupported, RequestNotAllowed, AuthMethodNotAllowed
IE: EventVersion
Content: This is a numeric value that indicates when updates are made to the
Modified: team/group/security_events/tests/test_security_events.c
URL: http://svn.asterisk.org/svn-view/asterisk/team/group/security_events/tests/test_security_events.c?view=diff&rev=199364&r1=199363&r2=199364
==============================================================================
--- team/group/security_events/tests/test_security_events.c (original)
+++ team/group/security_events/tests/test_security_events.c Fri Jun 5 18:10:20 2009
@@ -43,16 +43,18 @@
static void evt_gen_load_avg(void);
static void evt_gen_req_no_support(void);
static void evt_gen_req_not_allowed(void);
+static void evt_gen_auth_method_not_allowed(void);
typedef void (*evt_generator)(void);
evt_generator evt_generators[AST_SECURITY_EVENT_NUM_TYPES] = {
- [AST_SECURITY_EVENT_FAILED_ACL] = evt_gen_failed_acl,
- [AST_SECURITY_EVENT_INVAL_ACCT_ID] = evt_gen_inval_acct_id,
- [AST_SECURITY_EVENT_CALL_LIMIT] = evt_gen_call_limit,
- [AST_SECURITY_EVENT_MEM_LIMIT] = evt_gen_mem_limit,
- [AST_SECURITY_EVENT_LOAD_AVG] = evt_gen_load_avg,
- [AST_SECURITY_EVENT_REQ_NO_SUPPORT] = evt_gen_req_no_support,
- [AST_SECURITY_EVENT_REQ_NOT_ALLOWED] = evt_gen_req_not_allowed,
+ [AST_SECURITY_EVENT_FAILED_ACL] = evt_gen_failed_acl,
+ [AST_SECURITY_EVENT_INVAL_ACCT_ID] = evt_gen_inval_acct_id,
+ [AST_SECURITY_EVENT_CALL_LIMIT] = evt_gen_call_limit,
+ [AST_SECURITY_EVENT_MEM_LIMIT] = evt_gen_mem_limit,
+ [AST_SECURITY_EVENT_LOAD_AVG] = evt_gen_load_avg,
+ [AST_SECURITY_EVENT_REQ_NO_SUPPORT] = evt_gen_req_no_support,
+ [AST_SECURITY_EVENT_REQ_NOT_ALLOWED] = evt_gen_req_not_allowed,
+ [AST_SECURITY_EVENT_AUTH_METHOD_NOT_ALLOWED] = evt_gen_auth_method_not_allowed,
};
static void evt_gen_failed_acl(void)
@@ -317,6 +319,44 @@
sin_remote.sin_port = htons(9777);
ast_security_event_report(AST_SEC_EVT(&req_not_allowed));
+}
+
+static void evt_gen_auth_method_not_allowed(void)
+{
+ struct sockaddr_in sin_local = {
+ .sin_family = AF_INET
+ };
+ struct sockaddr_in sin_remote = {
+ .sin_family = AF_INET
+ };
+ struct timeval session_tv = ast_tvnow();
+ struct ast_security_event_auth_method_not_allowed auth_method_not_allowed = {
+ .common.event_type = AST_SECURITY_EVENT_AUTH_METHOD_NOT_ALLOWED,
+ .common.version = AST_SECURITY_EVENT_AUTH_METHOD_NOT_ALLOWED_VERSION,
+ .common.service = "TEST",
+
+ .module = AST_MODULE,
+ .account_id = "Bob",
+ .session_id = "010101010101",
+ .session_tv = &session_tv,
+ .local_addr = {
+ .sin = &sin_local,
+ .transport = AST_SECURITY_EVENT_TRANSPORT_TCP,
+ },
+ .remote_addr = {
+ .sin = &sin_remote,
+ .transport = AST_SECURITY_EVENT_TRANSPORT_TCP,
+ },
+ .auth_method = "PlainText"
+ };
+
+ inet_aton("10.110.120.135", &sin_local.sin_addr);
+ sin_local.sin_port = htons(8754);
+
+ inet_aton("10.120.110.105", &sin_remote.sin_addr);
+ sin_remote.sin_port = htons(8745);
+
+ ast_security_event_report(AST_SEC_EVT(&auth_method_not_allowed));
}
static void gen_events(struct ast_cli_args *a)
More information about the svn-commits
mailing list