Merged revisions 337595,337597 via svnmerge from

https://origsvn.digium.com/svn/asterisk/branches/10 ........ r337595 | jrose | 2011-09-22 10:35:50 -0500 (Thu, 22 Sep 2011) | 12 lines Generate Security events in chan_sip using new Security Events Framework Security Events Framework was added in 1.8 and support was added for AMI to generate events at that time. This patch adds support for chan_sip to generate security events. (closes issue ASTERISK-18264) Reported by: Michael L. Young Patches: security_events_chan_sip_v4.patch (license #5026) by Michael L. Young Review: https://reviewboard.asterisk.org/r/1362/ ........ r337597 | jrose | 2011-09-22 10:47:05 -0500 (Thu, 22 Sep 2011) | 10 lines Forgot to svn add new files to r337595 Part of Generating security events for chan_sip (issue ASTERISK-18264) Reported by: Michael L. Young Patches: security_events_chan_sip_v4.patch (License #5026) by Michael L. Young Reviewboard: https://reviewboard.asterisk.org/r/1362/ ........ git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@337600 65c4cc65-6c06-0410-ace0-fbb531ad65f3
author: Jonathan Rose <jrose@digium.com> 2011-09-22 16:35:20 +0000
committer: Jonathan Rose <jrose@digium.com> 2011-09-22 16:35:20 +0000
commit: 5982bdcb7c45d286ac7a84ab53fb4a74207d2467 (patch)
tree: f11f01927951a0d59f5808497d59cdfd5e2cdb66 /main/security_events.c
parent: 8a74aa9ef991ca21d31bc8278f771fa9e0dbdc6d (diff)
1 files changed, 54 insertions, 0 deletions
diff --git a/main/security_events.c b/main/security_events.c
index d1e2ac0cc..ed05ebfa0 100644
--- a/main/security_events.c
+++ b/main/security_events.c
@@ -265,6 +265,7 @@ static const struct {
 		{ AST_EVENT_IE_SESSION_ID, SEC_EVT_FIELD(common, session_id) },
 		{ AST_EVENT_IE_LOCAL_ADDR, SEC_EVT_FIELD(common, local_addr) },
 		{ AST_EVENT_IE_REMOTE_ADDR, SEC_EVT_FIELD(common, remote_addr) },
+		{ AST_EVENT_IE_USING_PASSWORD, SEC_EVT_FIELD(successful_auth, using_password) },
 		{ AST_EVENT_IE_END, 0 }
 	},
 	.optional_ies = {
@@ -335,6 +336,55 @@ static const struct {
 		{ AST_EVENT_IE_SESSION_ID, SEC_EVT_FIELD(common, session_id) },
 		{ AST_EVENT_IE_LOCAL_ADDR, SEC_EVT_FIELD(common, local_addr) },
 		{ AST_EVENT_IE_REMOTE_ADDR, SEC_EVT_FIELD(common, remote_addr) },
+		{ AST_EVENT_IE_CHALLENGE, SEC_EVT_FIELD(inval_password, challenge) },
+		{ AST_EVENT_IE_RECEIVED_CHALLENGE, SEC_EVT_FIELD(inval_password, received_challenge) },
+		{ AST_EVENT_IE_RECEIVED_HASH, SEC_EVT_FIELD(inval_password, received_hash) },
+		{ AST_EVENT_IE_END, 0 }
+	},
+	.optional_ies = {
+		{ AST_EVENT_IE_MODULE, SEC_EVT_FIELD(common, module) },
+		{ AST_EVENT_IE_SESSION_TV, SEC_EVT_FIELD(common, session_tv) },
+		{ AST_EVENT_IE_END, 0 }
+	},
+},
+
+[AST_SECURITY_EVENT_CHAL_SENT] = {
+	.name     = "ChallengeSent",
+	.version  = AST_SECURITY_EVENT_CHAL_SENT_VERSION,
+	.severity = AST_SECURITY_EVENT_SEVERITY_INFO,
+	.required_ies = {
+		{ AST_EVENT_IE_EVENT_TV, 0 },
+		{ AST_EVENT_IE_SEVERITY, 0 },
+		{ AST_EVENT_IE_SERVICE, SEC_EVT_FIELD(common, service) },
+		{ AST_EVENT_IE_EVENT_VERSION, SEC_EVT_FIELD(common, version) },
+		{ AST_EVENT_IE_ACCOUNT_ID, SEC_EVT_FIELD(common, account_id) },
+		{ AST_EVENT_IE_SESSION_ID, SEC_EVT_FIELD(common, session_id) },
+		{ AST_EVENT_IE_LOCAL_ADDR, SEC_EVT_FIELD(common, local_addr) },
+		{ AST_EVENT_IE_REMOTE_ADDR, SEC_EVT_FIELD(common, remote_addr) },
+		{ AST_EVENT_IE_CHALLENGE, SEC_EVT_FIELD(chal_sent, challenge) },
+		{ AST_EVENT_IE_END, 0 }
+	},
+	.optional_ies = {
+		{ AST_EVENT_IE_MODULE, SEC_EVT_FIELD(common, module) },
+		{ AST_EVENT_IE_SESSION_TV, SEC_EVT_FIELD(common, session_tv) },
+		{ AST_EVENT_IE_END, 0 }
+	},
+},
+
+[AST_SECURITY_EVENT_INVAL_TRANSPORT] = {
+	.name     = "InvalidTransport",
+	.version  = AST_SECURITY_EVENT_INVAL_TRANSPORT_VERSION,
+	.severity = AST_SECURITY_EVENT_SEVERITY_ERROR,
+	.required_ies = {
+		{ AST_EVENT_IE_EVENT_TV, 0 },
+		{ AST_EVENT_IE_SEVERITY, 0 },
+		{ AST_EVENT_IE_SERVICE, SEC_EVT_FIELD(common, service) },
+		{ AST_EVENT_IE_EVENT_VERSION, SEC_EVT_FIELD(common, version) },
+		{ AST_EVENT_IE_ACCOUNT_ID, SEC_EVT_FIELD(common, account_id) },
+		{ AST_EVENT_IE_SESSION_ID, SEC_EVT_FIELD(common, session_id) },
+		{ AST_EVENT_IE_LOCAL_ADDR, SEC_EVT_FIELD(common, local_addr) },
+		{ AST_EVENT_IE_REMOTE_ADDR, SEC_EVT_FIELD(common, remote_addr) },
+		{ AST_EVENT_IE_ATTEMPTED_TRANSPORT, SEC_EVT_FIELD(inval_transport, transport) },
 		{ AST_EVENT_IE_END, 0 }
 	},
 	.optional_ies = {
@@ -500,6 +550,9 @@ static int add_ie(struct ast_event **event, const struct ast_security_event_comm
 	case AST_EVENT_IE_CHALLENGE:
 	case AST_EVENT_IE_RESPONSE:
 	case AST_EVENT_IE_EXPECTED_RESPONSE:
+	case AST_EVENT_IE_RECEIVED_CHALLENGE:
+	case AST_EVENT_IE_RECEIVED_HASH:
+	case AST_EVENT_IE_ATTEMPTED_TRANSPORT:
 	{
 		const char *str;
 
@@ -519,6 +572,7 @@ static int add_ie(struct ast_event **event, const struct ast_security_event_comm
 		break;
 	}
 	case AST_EVENT_IE_EVENT_VERSION:
+	case AST_EVENT_IE_USING_PASSWORD:
 	{
 		uint32_t val;
 		val = *((const uint32_t *)(((const char *) sec) + ie_type->offset));
author	Jonathan Rose <jrose@digium.com>	2011-09-22 16:35:20 +0000
committer	Jonathan Rose <jrose@digium.com>	2011-09-22 16:35:20 +0000
commit	5982bdcb7c45d286ac7a84ab53fb4a74207d2467 (patch)
tree	f11f01927951a0d59f5808497d59cdfd5e2cdb66 /main/security_events.c
parent	8a74aa9ef991ca21d31bc8278f771fa9e0dbdc6d (diff)