Add an API for reporting security events, and a security event logging module.

This commit introduces the security events API.  This API is to be used by
Asterisk components to report events that have security implications.
A simple example is when a connection is made but fails authentication.  These
events can be used by external tools manipulate firewall rules or something
similar after detecting unusual activity based on security events.

Inside of Asterisk, the events go through the ast_event API.  This means that
they have a binary encoding, and it is easy to write code to subscribe to these
events and do something with them.

One module is provided that is a subscriber to these events - res_security_log.
This module turns security events into a parseable text format and sends them
to the "security" logger level.  Using logger.conf, these log entries may be
sent to a file, or to syslog.

One service, AMI, has been fully updated for reporting security events.
AMI was chosen as it was a fairly straight forward service to convert.
The next target will be chan_sip.  That will be more complicated and will
be done as its own project as the next phase of security events work.

For more information on the security events framework, see the documentation
generated from doc/tex/.  "make asterisk.pdf"

Review: https://reviewboard.asterisk.org/r/273/


git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@206021 65c4cc65-6c06-0410-ace0-fbb531ad65f3

1 files changed, 59 insertions, 38 deletions

diff --git a/include/asterisk/event_defs.h b/include/asterisk/event_defs.h
index 99edb6f55..3779dac73 100644
--- a/include/asterisk/event_defs.h
+++ b/include/asterisk/event_defs.h
@@ -49,58 +49,60 @@ enum ast_event_type {
 	 *  directly, in general.  Use AST_EVENT_DEVICE_STATE instead. */
 	AST_EVENT_DEVICE_STATE_CHANGE = 0x06,
 	/*! Channel Event Logging events */
-	AST_EVENT_CEL = 0x07,
+	AST_EVENT_CEL                 = 0x07,
+	/*! A report of a security related event (see security_events.h) */
+	AST_EVENT_SECURITY            = 0x08,
 	/*! Number of event types.  This should be the last event type + 1 */
-	AST_EVENT_TOTAL        = 0x08,
+	AST_EVENT_TOTAL               = 0x09,
 };
 
 /*! \brief Event Information Element types */
 enum ast_event_ie_type {
 	/*! Used to terminate the arguments to event functions */
-	AST_EVENT_IE_END       = -1,
+	AST_EVENT_IE_END                 = -1,
 
 	/*! 
 	 * \brief Number of new messages
 	 * Used by: AST_EVENT_MWI 
 	 * Payload type: UINT
 	 */
-	AST_EVENT_IE_NEWMSGS   = 0x01,
+	AST_EVENT_IE_NEWMSGS             = 0x0001,
 	/*! 
 	 * \brief Number of
 	 * Used by: AST_EVENT_MWI 
 	 * Payload type: UINT
 	 */
-	AST_EVENT_IE_OLDMSGS   = 0x02,
+	AST_EVENT_IE_OLDMSGS             = 0x0002,
 	/*! 
 	 * \brief Mailbox name \verbatim (mailbox[@context]) \endverbatim
 	 * Used by: AST_EVENT_MWI 
 	 * Payload type: STR
 	 */
-	AST_EVENT_IE_MAILBOX   = 0x03,
+	AST_EVENT_IE_MAILBOX             = 0x0003,
 	/*! 
 	 * \brief Unique ID
 	 * Used by: AST_EVENT_SUB, AST_EVENT_UNSUB
 	 * Payload type: UINT
 	 */
-	AST_EVENT_IE_UNIQUEID  = 0x04,
+	AST_EVENT_IE_UNIQUEID            = 0x0004,
 	/*! 
 	 * \brief Event type 
 	 * Used by: AST_EVENT_SUB, AST_EVENT_UNSUB
 	 * Payload type: UINT
 	 */
-	AST_EVENT_IE_EVENTTYPE = 0x05,
+	AST_EVENT_IE_EVENTTYPE           = 0x0005,
 	/*!
 	 * \brief Hint that someone cares that an IE exists
 	 * Used by: AST_EVENT_SUB
 	 * Payload type: UINT (ast_event_ie_type)
 	 */
-	AST_EVENT_IE_EXISTS    = 0x6,
+	AST_EVENT_IE_EXISTS              = 0x0006,
 	/*!
 	 * \brief Device Name
 	 * Used by AST_EVENT_DEVICE_STATE_CHANGE
 	 * Payload type: STR
 	 */
-	AST_EVENT_IE_DEVICE    = 0x07,
+	AST_EVENT_IE_DEVICE              = 0x0007,
 	/*!
 	 * \brief Generic State IE
 	 * Used by AST_EVENT_DEVICE_STATE_CHANGE
@@ -108,162 +110,181 @@ enum ast_event_ie_type {
 	 * The actual state values depend on the event which
 	 * this IE is a part of.
 	 */
-	 AST_EVENT_IE_STATE    = 0x08,
+	 AST_EVENT_IE_STATE              = 0x0008,
 	 /*!
 	  * \brief Context IE
 	  * Used by AST_EVENT_MWI
 	  * Payload type: str
 	  */
-	 AST_EVENT_IE_CONTEXT  = 0x09,
+	 AST_EVENT_IE_CONTEXT            = 0x0009,
 	/*! 
 	 * \brief Channel Event Type
 	 * Used by: AST_EVENT_CEL
 	 * Payload type: UINT
 	 */
-	AST_EVENT_IE_CEL_EVENT_TYPE = 0x0a,
+	AST_EVENT_IE_CEL_EVENT_TYPE      = 0x000a,
 	/*! 
 	 * \brief Channel Event Time (seconds)
 	 * Used by: AST_EVENT_CEL
 	 * Payload type: UINT
 	 */
-	AST_EVENT_IE_CEL_EVENT_TIME = 0x0b,
+	AST_EVENT_IE_CEL_EVENT_TIME      = 0x000b,
 	/*! 
 	 * \brief Channel Event Time (micro-seconds)
 	 * Used by: AST_EVENT_CEL
 	 * Payload type: UINT
 	 */
-	AST_EVENT_IE_CEL_EVENT_TIME_USEC = 0x0c,
+	AST_EVENT_IE_CEL_EVENT_TIME_USEC = 0x000c,
 	/*! 
 	 * \brief Channel Event User Event Name
 	 * Used by: AST_EVENT_CEL
 	 * Payload type: STR
 	 */
-	AST_EVENT_IE_CEL_USEREVENT_NAME = 0x0d,
+	AST_EVENT_IE_CEL_USEREVENT_NAME  = 0x000d,
 	/*! 
 	 * \brief Channel Event CID name
 	 * Used by: AST_EVENT_CEL
 	 * Payload type: STR
 	 */
-	AST_EVENT_IE_CEL_CIDNAME = 0x0e,
+	AST_EVENT_IE_CEL_CIDNAME         = 0x000e,
 	/*! 
 	 * \brief Channel Event CID num
 	 * Used by: AST_EVENT_CEL
 	 * Payload type: STR
 	 */
-	AST_EVENT_IE_CEL_CIDNUM = 0x0f,
+	AST_EVENT_IE_CEL_CIDNUM          = 0x000f,
 	/*! 
 	 * \brief Channel Event extension name
 	 * Used by: AST_EVENT_CEL
 	 * Payload type: STR
 	 */
-	AST_EVENT_IE_CEL_EXTEN = 0x10,
+	AST_EVENT_IE_CEL_EXTEN           = 0x0010,
 	/*! 
 	 * \brief Channel Event context name
 	 * Used by: AST_EVENT_CEL
 	 * Payload type: STR
 	 */
-	AST_EVENT_IE_CEL_CONTEXT = 0x11,
+	AST_EVENT_IE_CEL_CONTEXT         = 0x0011,
 	/*! 
 	 * \brief Channel Event channel name
 	 * Used by: AST_EVENT_CEL
 	 * Payload type: STR
 	 */
-	AST_EVENT_IE_CEL_CHANNAME = 0x12,
+	AST_EVENT_IE_CEL_CHANNAME        = 0x0012,
 	/*! 
 	 * \brief Channel Event app name
 	 * Used by: AST_EVENT_CEL
 	 * Payload type: STR
 	 */
-	AST_EVENT_IE_CEL_APPNAME = 0x13,
+	AST_EVENT_IE_CEL_APPNAME         = 0x0013,
 	/*! 
 	 * \brief Channel Event app args/data
 	 * Used by: AST_EVENT_CEL
 	 * Payload type: STR
 	 */
-	AST_EVENT_IE_CEL_APPDATA = 0x14,
+	AST_EVENT_IE_CEL_APPDATA         = 0x0014,
 	/*! 
 	 * \brief Channel Event AMA flags
 	 * Used by: AST_EVENT_CEL
 	 * Payload type: UINT
 	 */
-	AST_EVENT_IE_CEL_AMAFLAGS = 0x15,
+	AST_EVENT_IE_CEL_AMAFLAGS        = 0x0015,
 	/*! 
 	 * \brief Channel Event AccountCode
 	 * Used by: AST_EVENT_CEL
 	 * Payload type: STR
 	 */
-	AST_EVENT_IE_CEL_ACCTCODE = 0x16,
+	AST_EVENT_IE_CEL_ACCTCODE        = 0x0016,
 	/*! 
 	 * \brief Channel Event UniqueID
 	 * Used by: AST_EVENT_CEL
 	 * Payload type: STR
 	 */
-	AST_EVENT_IE_CEL_UNIQUEID = 0x17,
+	AST_EVENT_IE_CEL_UNIQUEID        = 0x0017,
 	/*! 
 	 * \brief Channel Event Userfield
 	 * Used by: AST_EVENT_CEL
 	 * Payload type: STR
 	 */
-	AST_EVENT_IE_CEL_USERFIELD = 0x18,
+	AST_EVENT_IE_CEL_USERFIELD       = 0x0018,
 	/*! 
 	 * \brief Channel Event CID ANI field
 	 * Used by: AST_EVENT_CEL
 	 * Payload type: STR
 	 */
-	AST_EVENT_IE_CEL_CIDANI = 0x19,
+	AST_EVENT_IE_CEL_CIDANI          = 0x0019,
 	/*! 
 	 * \brief Channel Event CID RDNIS field
 	 * Used by: AST_EVENT_CEL
 	 * Payload type: STR
 	 */
-	AST_EVENT_IE_CEL_CIDRDNIS = 0x1a,
+	AST_EVENT_IE_CEL_CIDRDNIS        = 0x001a,
 	/*! 
 	 * \brief Channel Event CID dnid
 	 * Used by: AST_EVENT_CEL
 	 * Payload type: STR
 	 */
-	AST_EVENT_IE_CEL_CIDDNID = 0x1b,
+	AST_EVENT_IE_CEL_CIDDNID         = 0x001b,
 	/*! 
 	 * \brief Channel Event Peer -- for Things involving multiple channels, like BRIDGE
 	 * Used by: AST_EVENT_CEL
 	 * Payload type: STR
 	 */
-	AST_EVENT_IE_CEL_PEER = 0x1c,
+	AST_EVENT_IE_CEL_PEER            = 0x001c,
 	/*! 
 	 * \brief Channel Event LinkedID
 	 * Used by: AST_EVENT_CEL
 	 * Payload type: STR
 	 */
-	AST_EVENT_IE_CEL_LINKEDID = 0x1d,
+	AST_EVENT_IE_CEL_LINKEDID        = 0x001d,
 	/*! 
 	 * \brief Channel Event peeraccount
 	 * Used by: AST_EVENT_CEL
 	 * Payload type: STR
 	 */
-	AST_EVENT_IE_CEL_PEERACCT = 0x1e,
+	AST_EVENT_IE_CEL_PEERACCT        = 0x001e,
 	/*! 
 	 * \brief Channel Event extra data
 	 * Used by: AST_EVENT_CEL
 	 * Payload type: STR
 	 */
-	AST_EVENT_IE_CEL_EXTRA = 0x1f,
+	AST_EVENT_IE_CEL_EXTRA           = 0x001f,
 	/*!
 	 * \brief Description
 	 * Used by: AST_EVENT_SUB, AST_EVENT_UNSUB
 	 * Payload type: STR
 	 */
-	AST_EVENT_IE_DESCRIPTION = 0x20,
+	AST_EVENT_IE_DESCRIPTION         = 0x0020,
 	/*!
 	 * \brief Entity ID
 	 * Used by All events
 	 * Payload type: RAW
 	 * This IE indicates which server the event originated from
 	 */
-	AST_EVENT_IE_EID      = 0x21,
+	AST_EVENT_IE_EID                 = 0x0021,
+	AST_EVENT_IE_SECURITY_EVENT      = 0x0022,
+	AST_EVENT_IE_EVENT_VERSION       = 0x0023,
+	AST_EVENT_IE_SERVICE             = 0x0024,
+	AST_EVENT_IE_MODULE              = 0x0025,
+	AST_EVENT_IE_ACCOUNT_ID          = 0x0026,
+	AST_EVENT_IE_SESSION_ID          = 0x0027,
+	AST_EVENT_IE_SESSION_TV          = 0x0028,
+	AST_EVENT_IE_ACL_NAME            = 0x0029,
+	AST_EVENT_IE_LOCAL_ADDR          = 0x002a,
+	AST_EVENT_IE_REMOTE_ADDR         = 0x002b,
+	AST_EVENT_IE_EVENT_TV            = 0x002c,
+	AST_EVENT_IE_REQUEST_TYPE        = 0x002d,
+	AST_EVENT_IE_REQUEST_PARAMS      = 0x002e,
+	AST_EVENT_IE_AUTH_METHOD         = 0x002f,
+	AST_EVENT_IE_SEVERITY            = 0x0030,
+	AST_EVENT_IE_EXPECTED_ADDR       = 0x0031,
+	AST_EVENT_IE_CHALLENGE           = 0x0032,
+	AST_EVENT_IE_RESPONSE            = 0x0033,
+	AST_EVENT_IE_EXPECTED_RESPONSE   = 0x0034,
+	/*! \brief Must be the last IE value +1 */
+	AST_EVENT_IE_TOTAL               = 0x0035,
 };
 
-#define AST_EVENT_IE_MAX AST_EVENT_IE_EID
-
 /*!
  * \brief Payload types for event information elements
  */