[svn-commits] russell: branch group/security_events r199512 - in /team/group/security_event...
SVN commits to the Digium repositories
svn-commits at lists.digium.com
Sun Jun 7 10:36:58 CDT 2009
Author: russell
Date: Sun Jun 7 10:36:40 2009
New Revision: 199512
URL: http://svn.asterisk.org/svn-view/asterisk?view=rev&rev=199512
Log:
Associate a severity with security events in preparation for adding "auth successful" event
Modified:
team/group/security_events/include/asterisk/event_defs.h
team/group/security_events/include/asterisk/security_events.h
team/group/security_events/include/asterisk/security_events_defs.h
team/group/security_events/main/event.c
team/group/security_events/main/security_events.c
team/group/security_events/security_events.txt
Modified: team/group/security_events/include/asterisk/event_defs.h
URL: http://svn.asterisk.org/svn-view/asterisk/team/group/security_events/include/asterisk/event_defs.h?view=diff&rev=199512&r1=199511&r2=199512
==============================================================================
--- team/group/security_events/include/asterisk/event_defs.h (original)
+++ team/group/security_events/include/asterisk/event_defs.h Sun Jun 7 10:36:40 2009
@@ -136,8 +136,9 @@
AST_EVENT_IE_REQUEST_TYPE = 0x0016,
AST_EVENT_IE_REQUEST_PARAMS = 0x0017,
AST_EVENT_IE_AUTH_METHOD = 0x0018,
+ AST_EVENT_IE_SEVERITY = 0x0019,
/*! \brief Must be the last IE value +1 */
- AST_EVENT_IE_TOTAL = 0x0019,
+ AST_EVENT_IE_TOTAL = 0x001A,
};
/*!
Modified: team/group/security_events/include/asterisk/security_events.h
URL: http://svn.asterisk.org/svn-view/asterisk/team/group/security_events/include/asterisk/security_events.h?view=diff&rev=199512&r1=199511&r2=199512
==============================================================================
--- team/group/security_events/include/asterisk/security_events.h (original)
+++ team/group/security_events/include/asterisk/security_events.h Sun Jun 7 10:36:40 2009
@@ -97,6 +97,19 @@
*/
const char *ast_security_event_get_name(const enum ast_security_event_type event_type);
+/*!
+ * \brief Get the name of a security event severity
+ *
+ * \param[in] severity security event severity
+ *
+ * \retval NULL if severity is invalid
+ * \retval non-NULL the name of the security event severity
+ *
+ * \since 1.6.3
+ */
+const char *ast_security_event_severity_get_name(
+ const enum ast_security_event_severity severity);
+
#if defined(__cplusplus) || defined(c_plusplus)
}
#endif
Modified: team/group/security_events/include/asterisk/security_events_defs.h
URL: http://svn.asterisk.org/svn-view/asterisk/team/group/security_events/include/asterisk/security_events_defs.h?view=diff&rev=199512&r1=199511&r2=199512
==============================================================================
--- team/group/security_events/include/asterisk/security_events_defs.h (original)
+++ team/group/security_events/include/asterisk/security_events_defs.h Sun Jun 7 10:36:40 2009
@@ -97,6 +97,21 @@
AST_SECURITY_EVENT_REQ_BAD_FORMAT,
/* \brief This _must_ stay at the end. */
AST_SECURITY_EVENT_NUM_TYPES
+};
+
+/*!
+ * \brief the severity of a security event
+ *
+ * This is defined as a bit field to make it easy for consumers of the API to
+ * subscribe to any combination of the defined severity levels.
+ *
+ * XXX \todo Do we need any more levels here?
+ */
+enum ast_security_event_severity {
+ /*! \brief Informational event, not something that has gone wrong */
+ AST_SECURITY_EVENT_SEVERITY_INFO = 0,
+ /*! \brief Something has gone wrong */
+ AST_SECURITY_EVENT_SEVERITY_ERROR = (1 << 0),
};
/*!
Modified: team/group/security_events/main/event.c
URL: http://svn.asterisk.org/svn-view/asterisk/team/group/security_events/main/event.c?view=diff&rev=199512&r1=199511&r2=199512
==============================================================================
--- team/group/security_events/main/event.c (original)
+++ team/group/security_events/main/event.c Sun Jun 7 10:36:40 2009
@@ -225,6 +225,7 @@
[AST_EVENT_IE_REQUEST_TYPE] = { AST_EVENT_IE_PLTYPE_STR, "RequestType" },
[AST_EVENT_IE_REQUEST_PARAMS] = { AST_EVENT_IE_PLTYPE_STR, "RequestParams" },
[AST_EVENT_IE_AUTH_METHOD] = { AST_EVENT_IE_PLTYPE_STR, "AuthMethod" },
+ [AST_EVENT_IE_SEVERITY] = { AST_EVENT_IE_PLTYPE_STR, "Severity" },
};
const char *ast_event_get_type_name(const struct ast_event *event)
Modified: team/group/security_events/main/security_events.c
URL: http://svn.asterisk.org/svn-view/asterisk/team/group/security_events/main/security_events.c?view=diff&rev=199512&r1=199511&r2=199512
==============================================================================
--- team/group/security_events/main/security_events.c (original)
+++ team/group/security_events/main/security_events.c Sun Jun 7 10:36:40 2009
@@ -38,7 +38,8 @@
static const struct {
const char *name;
uint32_t version;
-#define MAX_SECURITY_IES 9
+ enum ast_security_event_severity severity;
+#define MAX_SECURITY_IES 10
struct ast_security_event_ie_type required_ies[MAX_SECURITY_IES];
struct ast_security_event_ie_type optional_ies[MAX_SECURITY_IES];
#undef MAX_SECURITY_IES
@@ -47,10 +48,12 @@
#define SEC_EVT_FIELD(e, field) (offsetof(struct ast_security_event_##e, field))
[AST_SECURITY_EVENT_FAILED_ACL] = {
- .name = "FailedACL",
- .version = AST_SECURITY_EVENT_FAILED_ACL_VERSION,
- .required_ies = {
- { AST_EVENT_IE_EVENT_TV, 0 },
+ .name = "FailedACL",
+ .version = AST_SECURITY_EVENT_FAILED_ACL_VERSION,
+ .severity = AST_SECURITY_EVENT_SEVERITY_ERROR,
+ .required_ies = {
+ { AST_EVENT_IE_EVENT_TV, 0 },
+ { AST_EVENT_IE_SEVERITY, 0 },
{ AST_EVENT_IE_SERVICE, SEC_EVT_FIELD(common, service) },
{ AST_EVENT_IE_EVENT_VERSION, SEC_EVT_FIELD(common, version) },
{ AST_EVENT_IE_ACCOUNT_ID, SEC_EVT_FIELD(failed_acl, account_id) },
@@ -68,10 +71,12 @@
},
[AST_SECURITY_EVENT_INVAL_ACCT_ID] = {
- .name = "InvalidAccountID",
- .version = AST_SECURITY_EVENT_INVAL_ACCT_ID_VERSION,
- .required_ies = {
- { AST_EVENT_IE_EVENT_TV, 0 },
+ .name = "InvalidAccountID",
+ .version = AST_SECURITY_EVENT_INVAL_ACCT_ID_VERSION,
+ .severity = AST_SECURITY_EVENT_SEVERITY_ERROR,
+ .required_ies = {
+ { AST_EVENT_IE_EVENT_TV, 0 },
+ { AST_EVENT_IE_SEVERITY, 0 },
{ AST_EVENT_IE_SERVICE, SEC_EVT_FIELD(common, service) },
{ AST_EVENT_IE_EVENT_VERSION, SEC_EVT_FIELD(common, version) },
{ AST_EVENT_IE_ACCOUNT_ID, SEC_EVT_FIELD(inval_acct_id, account_id) },
@@ -88,10 +93,12 @@
},
[AST_SECURITY_EVENT_CALL_LIMIT] = {
- .name = "CallLimit",
- .version = AST_SECURITY_EVENT_CALL_LIMIT_VERSION,
- .required_ies = {
- { AST_EVENT_IE_EVENT_TV, 0 },
+ .name = "CallLimit",
+ .version = AST_SECURITY_EVENT_CALL_LIMIT_VERSION,
+ .severity = AST_SECURITY_EVENT_SEVERITY_ERROR,
+ .required_ies = {
+ { AST_EVENT_IE_EVENT_TV, 0 },
+ { AST_EVENT_IE_SEVERITY, 0 },
{ AST_EVENT_IE_SERVICE, SEC_EVT_FIELD(common, service) },
{ AST_EVENT_IE_EVENT_VERSION, SEC_EVT_FIELD(common, version) },
{ AST_EVENT_IE_ACCOUNT_ID, SEC_EVT_FIELD(call_limit, account_id) },
@@ -108,10 +115,12 @@
},
[AST_SECURITY_EVENT_MEM_LIMIT] = {
- .name = "MemoryLimit",
- .version = AST_SECURITY_EVENT_MEM_LIMIT_VERSION,
- .required_ies = {
- { AST_EVENT_IE_EVENT_TV, 0 },
+ .name = "MemoryLimit",
+ .version = AST_SECURITY_EVENT_MEM_LIMIT_VERSION,
+ .severity = AST_SECURITY_EVENT_SEVERITY_ERROR,
+ .required_ies = {
+ { AST_EVENT_IE_EVENT_TV, 0 },
+ { AST_EVENT_IE_SEVERITY, 0 },
{ AST_EVENT_IE_SERVICE, SEC_EVT_FIELD(common, service) },
{ AST_EVENT_IE_EVENT_VERSION, SEC_EVT_FIELD(common, version) },
{ AST_EVENT_IE_ACCOUNT_ID, SEC_EVT_FIELD(mem_limit, account_id) },
@@ -128,10 +137,12 @@
},
[AST_SECURITY_EVENT_LOAD_AVG] = {
- .name = "LoadAverageLimit",
- .version = AST_SECURITY_EVENT_LOAD_AVG_VERSION,
- .required_ies = {
- { AST_EVENT_IE_EVENT_TV, 0 },
+ .name = "LoadAverageLimit",
+ .version = AST_SECURITY_EVENT_LOAD_AVG_VERSION,
+ .severity = AST_SECURITY_EVENT_SEVERITY_ERROR,
+ .required_ies = {
+ { AST_EVENT_IE_EVENT_TV, 0 },
+ { AST_EVENT_IE_SEVERITY, 0 },
{ AST_EVENT_IE_SERVICE, SEC_EVT_FIELD(common, service) },
{ AST_EVENT_IE_EVENT_VERSION, SEC_EVT_FIELD(common, version) },
{ AST_EVENT_IE_ACCOUNT_ID, SEC_EVT_FIELD(load_avg, account_id) },
@@ -148,10 +159,12 @@
},
[AST_SECURITY_EVENT_REQ_NO_SUPPORT] = {
- .name = "RequestNotSupported",
- .version = AST_SECURITY_EVENT_REQ_NO_SUPPORT_VERSION,
- .required_ies = {
- { AST_EVENT_IE_EVENT_TV, 0 },
+ .name = "RequestNotSupported",
+ .version = AST_SECURITY_EVENT_REQ_NO_SUPPORT_VERSION,
+ .severity = AST_SECURITY_EVENT_SEVERITY_ERROR,
+ .required_ies = {
+ { AST_EVENT_IE_EVENT_TV, 0 },
+ { AST_EVENT_IE_SEVERITY, 0 },
{ AST_EVENT_IE_SERVICE, SEC_EVT_FIELD(common, service) },
{ AST_EVENT_IE_EVENT_VERSION, SEC_EVT_FIELD(common, version) },
{ AST_EVENT_IE_ACCOUNT_ID, SEC_EVT_FIELD(req_no_support, account_id) },
@@ -169,10 +182,12 @@
},
[AST_SECURITY_EVENT_REQ_NOT_ALLOWED] = {
- .name = "RequestNotAllowed",
- .version = AST_SECURITY_EVENT_REQ_NOT_ALLOWED_VERSION,
- .required_ies = {
- { AST_EVENT_IE_EVENT_TV, 0 },
+ .name = "RequestNotAllowed",
+ .version = AST_SECURITY_EVENT_REQ_NOT_ALLOWED_VERSION,
+ .severity = AST_SECURITY_EVENT_SEVERITY_ERROR,
+ .required_ies = {
+ { AST_EVENT_IE_EVENT_TV, 0 },
+ { AST_EVENT_IE_SEVERITY, 0 },
{ AST_EVENT_IE_SERVICE, SEC_EVT_FIELD(common, service) },
{ AST_EVENT_IE_EVENT_VERSION, SEC_EVT_FIELD(common, version) },
{ AST_EVENT_IE_ACCOUNT_ID, SEC_EVT_FIELD(req_not_allowed, account_id) },
@@ -191,10 +206,12 @@
},
[AST_SECURITY_EVENT_AUTH_METHOD_NOT_ALLOWED] = {
- .name = "AuthMethodNotAllowed",
- .version = AST_SECURITY_EVENT_AUTH_METHOD_NOT_ALLOWED_VERSION,
- .required_ies = {
- { AST_EVENT_IE_EVENT_TV, 0 },
+ .name = "AuthMethodNotAllowed",
+ .version = AST_SECURITY_EVENT_AUTH_METHOD_NOT_ALLOWED_VERSION,
+ .severity = AST_SECURITY_EVENT_SEVERITY_ERROR,
+ .required_ies = {
+ { AST_EVENT_IE_EVENT_TV, 0 },
+ { AST_EVENT_IE_SEVERITY, 0 },
{ AST_EVENT_IE_SERVICE, SEC_EVT_FIELD(common, service) },
{ AST_EVENT_IE_EVENT_VERSION, SEC_EVT_FIELD(common, version) },
{ AST_EVENT_IE_ACCOUNT_ID, SEC_EVT_FIELD(auth_method_not_allowed, account_id) },
@@ -212,10 +229,12 @@
},
[AST_SECURITY_EVENT_REQ_BAD_FORMAT] = {
- .name = "RequestBadFormat",
- .version = AST_SECURITY_EVENT_REQ_BAD_FORMAT_VERSION,
- .required_ies = {
- { AST_EVENT_IE_EVENT_TV, 0 },
+ .name = "RequestBadFormat",
+ .version = AST_SECURITY_EVENT_REQ_BAD_FORMAT_VERSION,
+ .severity = AST_SECURITY_EVENT_SEVERITY_ERROR,
+ .required_ies = {
+ { AST_EVENT_IE_EVENT_TV, 0 },
+ { AST_EVENT_IE_SEVERITY, 0 },
{ AST_EVENT_IE_SERVICE, SEC_EVT_FIELD(common, service) },
{ AST_EVENT_IE_EVENT_VERSION, SEC_EVT_FIELD(common, version) },
{ AST_EVENT_IE_SESSION_ID, SEC_EVT_FIELD(req_bad_format, session_id) },
@@ -237,6 +256,28 @@
};
+static const struct {
+ enum ast_security_event_severity severity;
+ const char *str;
+} severities[] = {
+ { AST_SECURITY_EVENT_SEVERITY_INFO, "Informational" },
+ { AST_SECURITY_EVENT_SEVERITY_ERROR, "Error" },
+};
+
+const char *ast_security_event_severity_get_name(
+ const enum ast_security_event_severity severity)
+{
+ unsigned int i;
+
+ for (i = 0; i < ARRAY_LEN(severities); i++) {
+ if (severities[i].severity == severity) {
+ return severities[i].str;
+ }
+ }
+
+ return NULL;
+}
+
static int check_event_type(const enum ast_security_event_type event_type)
{
if (event_type < 0 || event_type >= AST_SECURITY_EVENT_NUM_TYPES) {
@@ -287,14 +328,25 @@
{
struct ast_str *str = ast_str_alloca(TIMESTAMP_STR_LEN);
struct timeval tv = ast_tvnow();
+ const char *severity_str;
+
+ if (check_event_type(sec->event_type)) {
+ return NULL;
+ }
encode_timestamp(&str, &tv);
+
+ severity_str = S_OR(
+ ast_security_event_severity_get_name(sec_events[sec->event_type].severity),
+ "Unknown"
+ );
return ast_event_new(AST_EVENT_SECURITY,
AST_EVENT_IE_SECURITY_EVENT, AST_EVENT_IE_PLTYPE_UINT, sec->event_type,
AST_EVENT_IE_EVENT_VERSION, AST_EVENT_IE_PLTYPE_UINT, sec->version,
AST_EVENT_IE_EVENT_TV, AST_EVENT_IE_PLTYPE_STR, str->str,
AST_EVENT_IE_SERVICE, AST_EVENT_IE_PLTYPE_STR, sec->service,
+ AST_EVENT_IE_SEVERITY, AST_EVENT_IE_PLTYPE_STR, severity_str,
AST_EVENT_IE_END);
}
@@ -417,6 +469,7 @@
break;
}
case AST_EVENT_IE_EVENT_TV:
+ case AST_EVENT_IE_SEVERITY:
/* Added automatically, nothing to do here. */
break;
default:
Modified: team/group/security_events/security_events.txt
URL: http://svn.asterisk.org/svn-view/asterisk/team/group/security_events/security_events.txt?view=diff&rev=199512&r1=199511&r2=199512
==============================================================================
--- team/group/security_events/security_events.txt (original)
+++ team/group/security_events/security_events.txt Sun Jun 7 10:36:40 2009
@@ -108,77 +108,77 @@
-> Add events to chan_sip as appropriate
Invalid Account ID
- (-) Local address family/IP/addr/port/transport
- (-) Remote address family/IP/addr/port/transport
- (-) Service (SIP, AMI, IAX2, ...)
- (-) System Name
- (+) Module
- (+) Account ID (username, etc)
- (+) Session ID (CallID, etc)
- (+) Session timestamp (required if Session ID present)
- (-) Event timestamp (sub-second precision)
- DevNotes: defined, has test code
+ (-) Local address family/IP/addr/port/transport
+ (-) Remote address family/IP/addr/port/transport
+ (-) Service (SIP, AMI, IAX2, ...)
+ (-) System Name
+ (+) Module
+ (+) Account ID (username, etc)
+ (+) Session ID (CallID, etc)
+ (+) Session timestamp (required if Session ID present)
+ (-) Event timestamp (sub-second precision)
+ DevNotes: defined, has test code
Failed ACL match
- -> everything from invalid account ID
- (+) Name of ACL (when we have named ACLs)
- DevNotes: defined, has test code, implemented in chan_sip
+ -> everything from invalid account ID
+ (+) Name of ACL (when we have named ACLs)
+ DevNotes: defined, has test code, implemented in chan_sip
Invalid Challenge/Response
- -> everything from invalid account ID
- (-) Challenge
- (-) Response
- (-) Expected Response
- DevNotes:
+ -> everything from invalid account ID
+ (-) Challenge
+ (-) Response
+ (-) Expected Response
+ DevNotes:
Successful Auth
- -> informational event
- -> everything from inval account ID
- DevNotes:
+ -> informational event
+ -> everything from inval account ID
+ DevNotes:
Invalid formatting of Request
- -> everything from inval account ID
- -> account ID optional
- (-) Request Type
- (+) Request parameters
- DevNotes: defined, has test code
+ -> everything from inval account ID
+ -> account ID optional
+ (-) Request Type
+ (+) Request parameters
+ DevNotes: defined, has test code
Call Limit Reached
- -> everything from inval account ID
- DevNotes: defined, has test code
+ -> everything from inval account ID
+ DevNotes: defined, has test code
Mem Limit Reached
- -> everything from inval account ID
- DevNotes: defined, has test code
+ -> everything from inval account ID
+ DevNotes: defined, has test code
Max Load Avg Reached
- -> everything from inval account ID
- DevNotes: defined, has test code
+ -> everything from inval account ID
+ DevNotes: defined, has test code
Request Not Allowed
- -> everything from inval account ID
- (-) Request Type
- (+) Request parameters
- DevNotes: defined, has test code
+ -> everything from inval account ID
+ (-) Request Type
+ (+) Request parameters
+ DevNotes: defined, has test code
Request Not Supported
- -> everything from inval account ID
- (-) Request Type
- DevNotes: defined, has test code
+ -> everything from inval account ID
+ (-) Request Type
+ DevNotes: defined, has test code
Auth Method Not Allowed
- -> everything from inval account ID
- (-) Auth Method attempted
- DevNotes: defined, has test code
+ -> everything from inval account ID
+ (-) Auth Method attempted
+ DevNotes: defined, has test code
Custom Events (from dialplan)
- -> driven by config file?
- DevNotes:
+ -> driven by config file?
+ DevNotes:
In dialog message from unexpected host
- -> everything from inval account ID
- (-) expected host
- DevNotes:
+ -> everything from inval account ID
+ (-) expected host
+ DevNotes:
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
More information about the svn-commits
mailing list