[svn-commits] mjordan: branch 12 r407589 - in /branches/12: ./ main/
SVN commits to the Digium repositories
svn-commits at lists.digium.com
Thu Feb 6 14:07:00 CST 2014
Author: mjordan
Date: Thu Feb 6 14:06:57 2014
New Revision: 407589
URL: http://svnview.digium.com/svn/asterisk?view=rev&rev=407589
Log:
security_events: Add AMI documentation; output optional fields
This patch adds documentation for the Security Events that are emited over
AMI. It also notes these events in the UPGRADE/CHANGES file.
Modified:
branches/12/CHANGES
branches/12/UPGRADE.txt
branches/12/main/security_events.c
Modified: branches/12/CHANGES
URL: http://svnview.digium.com/svn/asterisk/branches/12/CHANGES?view=diff&rev=407589&r1=407588&r2=407589
==============================================================================
--- branches/12/CHANGES (original)
+++ branches/12/CHANGES Thu Feb 6 14:06:57 2014
@@ -24,6 +24,35 @@
statuses that convey how the dial operation terminated. This includes
ABORT, CONTINUE, and GOTO.
+ * AMI will now emit security events. A new class authorization has been
+ added in manager.conf for the security events, 'security'. The new events
+ are:
+ - FailedACL - raised when a request violates an ACL check
+ - InvalidAccountID - raised when a request fails an authentication
+ check due to an invalid account ID
+ - SessionLimit - raised when a request fails due to exceeding the
+ number of allowed concurrent sessions for a service
+ - MemoryLimit - raised when a request fails due to an internal memory
+ allocation failure
+ - LoadAverageLimit - raised when a request fails because a configured
+ load average limit has been reached
+ - RequestNotAllowed - raised when a request is not allowed by
+ the service
+ - AuthMethodNotAllowed - raised when a request used an authentication
+ method not allowed by the service
+ - RequestBadFormat - raised when a request is received with bad formatting
+ - SuccessfulAuth - raised when a request successfully authenticates
+ - UnexpectedAddress - raised when a request has a different source address
+ then what is expected for a session already in progress with a service
+ - ChallengeResponseFailed - raised when a request's attempt to authenticate
+ has been challenged, and the request failed the authentication challenge
+ - InvalidPassword - raised when a request provides an invalid password
+ during an authentication attempt
+ - ChallengeSent - raised when an Asterisk service send an authentication
+ challenge to a request
+ - InvalidTransport - raised when a request attempts to use a transport not
+ allowed by the Asterisk service
+
* Bridge related events now have two additional fields: BridgeName and
BridgeCreator. BridgeName is a descriptive name for the bridge;
BridgeCreator is the name of the entity that created the bridge. This
@@ -59,6 +88,12 @@
as a sequence of key/value pairs that will be added to the created channel
as channel variables. Other parameters in the JSON body are treated as
query parameters of the same name.
+
+HTTP
+------------------
+ * Asterisk's HTTP server now supports chunked Transfer-Encoding. This will be
+ automatically handled by the HTTP server if a request is received with a
+ Transfer-Encoding type of "chunked".
res_pjsip
------------------
Modified: branches/12/UPGRADE.txt
URL: http://svnview.digium.com/svn/asterisk/branches/12/UPGRADE.txt?view=diff&rev=407589&r1=407588&r2=407589
==============================================================================
--- branches/12/UPGRADE.txt (original)
+++ branches/12/UPGRADE.txt Thu Feb 6 14:06:57 2014
@@ -20,7 +20,7 @@
=== UPGRADE-11.txt -- Upgrade info for 10 to 11
===
===========================================================
-From 12.0 to 12.1:
+From 12.0.0 to 12.1.0:
- The per console verbose level feature as previously implemented caused a
large performance penalty. The fix required some minor incompatibilities
@@ -66,6 +66,20 @@
actions and events that convey MWI state within Asterisk. This includes
the MWIGet, MWIUpdate, and MWIDelete actions, as well as the MWIGet and
MWIGetComplete events that occur in response to an MWIGet action.
+
+ - AMI now contains a new class authorization, 'security'. This is used with
+ the following new events: FailedACL, InvalidAccountID, SessionLimit,
+ MemoryLimit, LoadAverageLimit, RequestNotAllowed, AuthMethodNotAllowed,
+ RequestBadFormat, SuccessfulAuth, UnexpectedAddress, ChallengeResponseFailed,
+ InvalidPassword, ChallengeSent, and InvalidTransport.
+
+ - Bridge related events now have two additional fields: BridgeName and
+ BridgeCreator. BridgeName is a descriptive name for the bridge;
+ BridgeCreator is the name of the entity that created the bridge. This
+ affects the following events: ConfbridgeStart, ConfbridgeEnd,
+ ConfbridgeJoin, ConfbridgeLeave, ConfbridgeRecord, ConfbridgeStopRecord,
+ ConfbridgeMute, ConfbridgeUnmute, ConfbridgeTalking, BlindTransfer,
+ AttendedTransfer, BridgeCreate, BridgeDestroy, BridgeEnter, BridgeLeave
CDRs:
- The "endbeforehexten" setting now defaults to "yes", instead of "no".
Modified: branches/12/main/security_events.c
URL: http://svnview.digium.com/svn/asterisk/branches/12/main/security_events.c?view=diff&rev=407589&r1=407588&r2=407589
==============================================================================
--- branches/12/main/security_events.c (original)
+++ branches/12/main/security_events.c Thu Feb 6 14:06:57 2014
@@ -28,6 +28,338 @@
<support_level>core</support_level>
***/
+/*** DOCUMENTATION
+ <managerEvent language="en_US" name="FailedACL">
+ <managerEventInstance class="EVENT_FLAG_SECURITY">
+ <synopsis>Raised when a request violates an ACL check.</synopsis>
+ <syntax>
+ <parameter name="EventTV">
+ <para>The time the event was detected.</para>
+ </parameter>
+ <parameter name="Severity">
+ <para>A relative severity of the security event.</para>
+ <enumlist>
+ <enum name="Informational"/>
+ <enum name="Error"/>
+ </enumlist>
+ </parameter>
+ <parameter name="Service">
+ <para>The Asterisk service that raised the security event.</para>
+ </parameter>
+ <parameter name="EventVersion">
+ <para>The version of this event.</para>
+ </parameter>
+ <parameter name="AccountID">
+ <para>The Service account associated with the security event
+ notification.</para>
+ </parameter>
+ <parameter name="SessionID">
+ <para>A unique identifier for the session in the service
+ that raised the event.</para>
+ </parameter>
+ <parameter name="LocalAddress">
+ <para>The address of the Asterisk service that raised the
+ security event.</para>
+ </parameter>
+ <parameter name="RemoteAddress">
+ <para>The remote address of the entity that caused the
+ security event to be raised.</para>
+ </parameter>
+ <parameter name="Module" required="False">
+ <para>If available, the name of the module that raised the event.</para>
+ </parameter>
+ <parameter name="ACLName" required="False">
+ <para>If available, the name of the ACL that failed.</para>
+ </parameter>
+ <parameter name="SessionTV" required="False">
+ <para>The timestamp reported by the session.</para>
+ </parameter>
+ </syntax>
+ </managerEventInstance>
+ </managerEvent>
+ <managerEvent language="en_US" name="InvalidAccountID">
+ <managerEventInstance class="EVENT_FLAG_SECURITY">
+ <synopsis>Raised when a request fails an authentication check due to an invalid account ID.</synopsis>
+ <syntax>
+ <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='EventTV'])" />
+ <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='Severity'])" />
+ <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='Service'])" />
+ <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='EventVersion'])" />
+ <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='AccountID'])" />
+ <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='SessionID'])" />
+ <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='LocalAddress'])" />
+ <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='RemoteAddress'])" />
+ <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='Module'])" />
+ <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='SessionTV'])" />
+ </syntax>
+ </managerEventInstance>
+ </managerEvent>
+ <managerEvent language="en_US" name="SessionLimit">
+ <managerEventInstance class="EVENT_FLAG_SECURITY">
+ <synopsis>Raised when a request fails due to exceeding the number of allowed concurrent sessions for that service.</synopsis>
+ <syntax>
+ <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='EventTV'])" />
+ <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='Severity'])" />
+ <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='Service'])" />
+ <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='EventVersion'])" />
+ <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='AccountID'])" />
+ <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='SessionID'])" />
+ <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='LocalAddress'])" />
+ <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='RemoteAddress'])" />
+ <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='Module'])" />
+ <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='SessionTV'])" />
+ </syntax>
+ </managerEventInstance>
+ </managerEvent>
+ <managerEvent language="en_US" name="MemoryLimit">
+ <managerEventInstance class="EVENT_FLAG_SECURITY">
+ <synopsis>Raised when a request fails due to an internal memory allocation failure.</synopsis>
+ <syntax>
+ <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='EventTV'])" />
+ <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='Severity'])" />
+ <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='Service'])" />
+ <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='EventVersion'])" />
+ <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='AccountID'])" />
+ <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='SessionID'])" />
+ <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='LocalAddress'])" />
+ <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='RemoteAddress'])" />
+ <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='Module'])" />
+ <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='SessionTV'])" />
+ </syntax>
+ </managerEventInstance>
+ </managerEvent>
+ <managerEvent language="en_US" name="LoadAverageLimit">
+ <managerEventInstance class="EVENT_FLAG_SECURITY">
+ <synopsis>Raised when a request fails because a configured load average limit has been reached.</synopsis>
+ <syntax>
+ <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='EventTV'])" />
+ <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='Severity'])" />
+ <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='Service'])" />
+ <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='EventVersion'])" />
+ <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='AccountID'])" />
+ <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='SessionID'])" />
+ <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='LocalAddress'])" />
+ <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='RemoteAddress'])" />
+ <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='Module'])" />
+ <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='SessionTV'])" />
+ </syntax>
+ </managerEventInstance>
+ </managerEvent>
+ <managerEvent language="en_US" name="RequestNotSupported">
+ <managerEventInstance class="EVENT_FLAG_SECURITY">
+ <synopsis>Raised when a request fails due to some aspect of the requested item not being supported by the service.</synopsis>
+ <syntax>
+ <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='EventTV'])" />
+ <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='Severity'])" />
+ <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='Service'])" />
+ <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='EventVersion'])" />
+ <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='AccountID'])" />
+ <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='SessionID'])" />
+ <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='LocalAddress'])" />
+ <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='RemoteAddress'])" />
+ <parameter name="RequestType">
+ <para>The type of request attempted.</para>
+ </parameter>
+ <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='Module'])" />
+ <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='SessionTV'])" />
+ </syntax>
+ </managerEventInstance>
+ </managerEvent>
+ <managerEvent language="en_US" name="RequestNotAllowed">
+ <managerEventInstance class="EVENT_FLAG_SECURITY">
+ <synopsis>Raised when a request is not allowed by the service.</synopsis>
+ <syntax>
+ <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='EventTV'])" />
+ <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='Severity'])" />
+ <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='Service'])" />
+ <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='EventVersion'])" />
+ <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='AccountID'])" />
+ <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='SessionID'])" />
+ <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='LocalAddress'])" />
+ <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='RemoteAddress'])" />
+ <xi:include xpointer="xpointer(/docs/managerEvent[@name='RequestNotSupported']/managerEventInstance/syntax/parameter[@name='RequestType'])" />
+ <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='Module'])" />
+ <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='SessionTV'])" />
+ <parameter name="RequestParams" required="False">
+ <para>Parameters provided to the rejected request.</para>
+ </parameter>
+ </syntax>
+ </managerEventInstance>
+ </managerEvent>
+ <managerEvent language="en_US" name="AuthMethodNotAllowed">
+ <managerEventInstance class="EVENT_FLAG_SECURITY">
+ <synopsis>Raised when a request used an authentication method not allowed by the service.</synopsis>
+ <syntax>
+ <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='EventTV'])" />
+ <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='Severity'])" />
+ <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='Service'])" />
+ <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='EventVersion'])" />
+ <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='AccountID'])" />
+ <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='SessionID'])" />
+ <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='LocalAddress'])" />
+ <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='RemoteAddress'])" />
+ <parameter name="AuthMethod">
+ <para>The authentication method attempted.</para>
+ </parameter>
+ <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='Module'])" />
+ <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='SessionTV'])" />
+ </syntax>
+ </managerEventInstance>
+ </managerEvent>
+ <managerEvent language="en_US" name="RequestBadFormat">
+ <managerEventInstance class="EVENT_FLAG_SECURITY">
+ <synopsis>Raised when a request is received with bad formatting.</synopsis>
+ <syntax>
+ <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='EventTV'])" />
+ <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='Severity'])" />
+ <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='Service'])" />
+ <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='EventVersion'])" />
+ <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='AccountID'])" />
+ <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='SessionID'])" />
+ <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='LocalAddress'])" />
+ <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='RemoteAddress'])" />
+ <xi:include xpointer="xpointer(/docs/managerEvent[@name='RequestNotSupported']/managerEventInstance/syntax/parameter[@name='RequestType'])" />
+ <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='Module'])" />
+ <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='SessionTV'])" />
+ <parameter name="AccountID" required="False">
+ <para>The account ID associated with the rejected request.</para>
+ </parameter>
+ <xi:include xpointer="xpointer(/docs/managerEvent[@name='RequestNotAllowed']/managerEventInstance/syntax/parameter[@name='RequestParams'])" />
+ </syntax>
+ </managerEventInstance>
+ </managerEvent>
+ <managerEvent language="en_US" name="SuccessfulAuth">
+ <managerEventInstance class="EVENT_FLAG_SECURITY">
+ <synopsis>Raised when a request successfully authenticates with a service.</synopsis>
+ <syntax>
+ <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='EventTV'])" />
+ <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='Severity'])" />
+ <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='Service'])" />
+ <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='EventVersion'])" />
+ <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='AccountID'])" />
+ <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='SessionID'])" />
+ <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='LocalAddress'])" />
+ <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='RemoteAddress'])" />
+ <parameter name="UsingPassword">
+ <para>Whether or not the authentication attempt included a password.</para>
+ </parameter>
+ <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='Module'])" />
+ <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='SessionTV'])" />
+ </syntax>
+ </managerEventInstance>
+ </managerEvent>
+ <managerEvent language="en_US" name="UnexpectedAddress">
+ <managerEventInstance class="EVENT_FLAG_SECURITY">
+ <synopsis>Raised when a request has a different source address then what is expected for a session already in progress with a service.</synopsis>
+ <syntax>
+ <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='EventTV'])" />
+ <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='Severity'])" />
+ <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='Service'])" />
+ <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='EventVersion'])" />
+ <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='AccountID'])" />
+ <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='SessionID'])" />
+ <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='LocalAddress'])" />
+ <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='RemoteAddress'])" />
+ <parameter name="ExpectedAddress">
+ <para>The address that the request was expected to use.</para>
+ </parameter>
+ <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='Module'])" />
+ <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='SessionTV'])" />
+ </syntax>
+ </managerEventInstance>
+ </managerEvent>
+ <managerEvent language="en_US" name="ChallengeResponseFailed">
+ <managerEventInstance class="EVENT_FLAG_SECURITY">
+ <synopsis>Raised when a request's attempt to authenticate has been challenged, and the request failed the authentication challenge.</synopsis>
+ <syntax>
+ <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='EventTV'])" />
+ <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='Severity'])" />
+ <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='Service'])" />
+ <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='EventVersion'])" />
+ <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='AccountID'])" />
+ <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='SessionID'])" />
+ <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='LocalAddress'])" />
+ <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='RemoteAddress'])" />
+ <parameter name="Challenge">
+ <para>The challenge that was sent.</para>
+ </parameter>
+ <parameter name="Response">
+ <para>The response that was received.</para>
+ </parameter>
+ <parameter name="ExpectedResponse">
+ <para>The expected response to the challenge.</para>
+ </parameter>
+ <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='Module'])" />
+ <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='SessionTV'])" />
+ </syntax>
+ </managerEventInstance>
+ </managerEvent>
+ <managerEvent language="en_US" name="InvalidPassword">
+ <managerEventInstance class="EVENT_FLAG_SECURITY">
+ <synopsis>Raised when a request provides an invalid password during an authentication attempt.</synopsis>
+ <syntax>
+ <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='EventTV'])" />
+ <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='Severity'])" />
+ <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='Service'])" />
+ <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='EventVersion'])" />
+ <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='AccountID'])" />
+ <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='SessionID'])" />
+ <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='LocalAddress'])" />
+ <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='RemoteAddress'])" />
+ <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='Module'])" />
+ <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='SessionTV'])" />
+ <parameter name="Challenge" required="False">
+ <para>The challenge that was sent.</para>
+ </parameter>
+ <parameter name="ReceivedChallenge" required="False">
+ <para>The challenge that was received.</para>
+ </parameter>
+ <parameter name="RecievedHash" required="False">
+ <para>The hash that was received.</para>
+ </parameter>
+ </syntax>
+ </managerEventInstance>
+ </managerEvent>
+ <managerEvent language="en_US" name="ChallengeSent">
+ <managerEventInstance class="EVENT_FLAG_SECURITY">
+ <synopsis>Raised when an Asterisk service sends an authentication challenge to a request.</synopsis>
+ <syntax>
+ <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='EventTV'])" />
+ <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='Severity'])" />
+ <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='Service'])" />
+ <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='EventVersion'])" />
+ <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='AccountID'])" />
+ <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='SessionID'])" />
+ <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='LocalAddress'])" />
+ <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='RemoteAddress'])" />
+ <xi:include xpointer="xpointer(/docs/managerEvent[@name='ChallengeResponseFailed']/managerEventInstance/syntax/parameter[@name='Challenge'])" />
+ <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='Module'])" />
+ <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='SessionTV'])" />
+ </syntax>
+ </managerEventInstance>
+ </managerEvent>
+ <managerEvent language="en_US" name="InvalidTransport">
+ <managerEventInstance class="EVENT_FLAG_SECURITY">
+ <synopsis>Raised when a request attempts to use a transport not allowed by the Asterisk service.</synopsis>
+ <syntax>
+ <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='EventTV'])" />
+ <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='Severity'])" />
+ <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='Service'])" />
+ <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='EventVersion'])" />
+ <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='AccountID'])" />
+ <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='SessionID'])" />
+ <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='LocalAddress'])" />
+ <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='RemoteAddress'])" />
+ <parameter name="AttemptedTransport">
+ <para>The transport type that the request attempted to use.</para>
+ </parameter>
+ <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='Module'])" />
+ <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='SessionTV'])" />
+ </syntax>
+ </managerEventInstance>
+ </managerEvent>
+ ***/
+
#include "asterisk.h"
ASTERISK_FILE_VERSION(__FILE__, "$Revision$")
@@ -60,7 +392,7 @@
ast_assert(json_string != NULL);
- if (ast_str_append(str, 0, "%s: %s\r\n", ie_type_key, ast_json_string_get(json_string)) == -1) {
+ if (ast_str_append(str, 0, "%s: %s\r\n", ie_type_key, S_OR(ast_json_string_get(json_string), "")) == -1) {
return -1;
}
@@ -71,6 +403,10 @@
const struct ast_security_event_ie_type *ies)
{
unsigned int i;
+
+ if (!ies) {
+ return 0;
+ }
for (i = 0; ies[i].ie_type != AST_EVENT_IE_END; i++) {
if (append_event_str_single(str, json, ies[i].ie_type)) {
@@ -98,7 +434,15 @@
if (append_event_str_from_json(&str, json,
ast_security_event_get_required_ies(event_type))) {
- ast_log(LOG_ERROR, "Failed to issue a security event to AMI.\n");
+ ast_log(AST_LOG_ERROR, "Failed to issue a security event to AMI: "
+ "error occurred when adding required event fields.\n");
+ return NULL;
+ }
+
+ if (append_event_str_from_json(&str, json,
+ ast_security_event_get_optional_ies(event_type))) {
+ ast_log(AST_LOG_ERROR, "Failed to issue a security event to AMI: "
+ "error occurred when adding optional event fields.\n");
return NULL;
}
More information about the svn-commits
mailing list