summaryrefslogtreecommitdiff
path: root/main
diff options
context:
space:
mode:
Diffstat (limited to 'main')
-rw-r--r--main/manager.c73
-rw-r--r--main/security_events.c24
2 files changed, 52 insertions, 45 deletions
diff --git a/main/manager.c b/main/manager.c
index 413adf29c..597498c15 100644
--- a/main/manager.c
+++ b/main/manager.c
@@ -2178,18 +2178,9 @@ static enum ast_security_event_transport_type mansession_get_transport(const str
AST_SECURITY_EVENT_TRANSPORT_TCP;
}
-static struct sockaddr_in *mansession_encode_sin_local(const struct mansession *s,
- struct sockaddr_in *sin_local)
-{
- ast_sockaddr_to_sin(&s->tcptls_session->parent->local_address,
- sin_local);
-
- return sin_local;
-}
-
static void report_invalid_user(const struct mansession *s, const char *username)
{
- struct sockaddr_in sin_local;
+ struct ast_sockaddr addr_remote;
char session_id[32];
struct ast_security_event_inval_acct_id inval_acct_id = {
.common.event_type = AST_SECURITY_EVENT_INVAL_ACCT_ID,
@@ -2198,16 +2189,18 @@ static void report_invalid_user(const struct mansession *s, const char *username
.common.account_id = username,
.common.session_tv = &s->session->sessionstart_tv,
.common.local_addr = {
- .sin = mansession_encode_sin_local(s, &sin_local),
+ .addr = &s->tcptls_session->parent->local_address,
.transport = mansession_get_transport(s),
},
.common.remote_addr = {
- .sin = &s->session->sin,
+ .addr = &addr_remote,
.transport = mansession_get_transport(s),
},
.common.session_id = session_id,
};
+ ast_sockaddr_from_sin(&addr_remote, &s->session->sin);
+
snprintf(session_id, sizeof(session_id), "%p", s);
ast_security_event_report(AST_SEC_EVT(&inval_acct_id));
@@ -2215,7 +2208,7 @@ static void report_invalid_user(const struct mansession *s, const char *username
static void report_failed_acl(const struct mansession *s, const char *username)
{
- struct sockaddr_in sin_local;
+ struct ast_sockaddr addr_remote;
char session_id[32];
struct ast_security_event_failed_acl failed_acl_event = {
.common.event_type = AST_SECURITY_EVENT_FAILED_ACL,
@@ -2224,16 +2217,18 @@ static void report_failed_acl(const struct mansession *s, const char *username)
.common.account_id = username,
.common.session_tv = &s->session->sessionstart_tv,
.common.local_addr = {
- .sin = mansession_encode_sin_local(s, &sin_local),
+ .addr = &s->tcptls_session->parent->local_address,
.transport = mansession_get_transport(s),
},
.common.remote_addr = {
- .sin = &s->session->sin,
+ .addr = &addr_remote,
.transport = mansession_get_transport(s),
},
.common.session_id = session_id,
};
+ ast_sockaddr_from_sin(&addr_remote, &s->session->sin);
+
snprintf(session_id, sizeof(session_id), "%p", s->session);
ast_security_event_report(AST_SEC_EVT(&failed_acl_event));
@@ -2241,7 +2236,7 @@ static void report_failed_acl(const struct mansession *s, const char *username)
static void report_inval_password(const struct mansession *s, const char *username)
{
- struct sockaddr_in sin_local;
+ struct ast_sockaddr addr_remote;
char session_id[32];
struct ast_security_event_inval_password inval_password = {
.common.event_type = AST_SECURITY_EVENT_INVAL_PASSWORD,
@@ -2250,16 +2245,18 @@ static void report_inval_password(const struct mansession *s, const char *userna
.common.account_id = username,
.common.session_tv = &s->session->sessionstart_tv,
.common.local_addr = {
- .sin = mansession_encode_sin_local(s, &sin_local),
+ .addr = &s->tcptls_session->parent->local_address,
.transport = mansession_get_transport(s),
},
.common.remote_addr = {
- .sin = &s->session->sin,
+ .addr = &addr_remote,
.transport = mansession_get_transport(s),
},
.common.session_id = session_id,
};
+ ast_sockaddr_from_sin(&addr_remote, &s->session->sin);
+
snprintf(session_id, sizeof(session_id), "%p", s->session);
ast_security_event_report(AST_SEC_EVT(&inval_password));
@@ -2267,7 +2264,7 @@ static void report_inval_password(const struct mansession *s, const char *userna
static void report_auth_success(const struct mansession *s)
{
- struct sockaddr_in sin_local;
+ struct ast_sockaddr addr_remote;
char session_id[32];
struct ast_security_event_successful_auth successful_auth = {
.common.event_type = AST_SECURITY_EVENT_SUCCESSFUL_AUTH,
@@ -2276,16 +2273,18 @@ static void report_auth_success(const struct mansession *s)
.common.account_id = s->session->username,
.common.session_tv = &s->session->sessionstart_tv,
.common.local_addr = {
- .sin = mansession_encode_sin_local(s, &sin_local),
+ .addr = &s->tcptls_session->parent->local_address,
.transport = mansession_get_transport(s),
},
.common.remote_addr = {
- .sin = &s->session->sin,
+ .addr = &addr_remote,
.transport = mansession_get_transport(s),
},
.common.session_id = session_id,
};
+ ast_sockaddr_from_sin(&addr_remote, &s->session->sin);
+
snprintf(session_id, sizeof(session_id), "%p", s->session);
ast_security_event_report(AST_SEC_EVT(&successful_auth));
@@ -2293,7 +2292,7 @@ static void report_auth_success(const struct mansession *s)
static void report_req_not_allowed(const struct mansession *s, const char *action)
{
- struct sockaddr_in sin_local;
+ struct ast_sockaddr addr_remote;
char session_id[32];
char request_type[64];
struct ast_security_event_req_not_allowed req_not_allowed = {
@@ -2303,11 +2302,11 @@ static void report_req_not_allowed(const struct mansession *s, const char *actio
.common.account_id = s->session->username,
.common.session_tv = &s->session->sessionstart_tv,
.common.local_addr = {
- .sin = mansession_encode_sin_local(s, &sin_local),
+ .addr = &s->tcptls_session->parent->local_address,
.transport = mansession_get_transport(s),
},
.common.remote_addr = {
- .sin = &s->session->sin,
+ .addr = &addr_remote,
.transport = mansession_get_transport(s),
},
.common.session_id = session_id,
@@ -2315,6 +2314,8 @@ static void report_req_not_allowed(const struct mansession *s, const char *actio
.request_type = request_type,
};
+ ast_sockaddr_from_sin(&addr_remote, &s->session->sin);
+
snprintf(session_id, sizeof(session_id), "%p", s->session);
snprintf(request_type, sizeof(request_type), "Action: %s", action);
@@ -2323,7 +2324,7 @@ static void report_req_not_allowed(const struct mansession *s, const char *actio
static void report_req_bad_format(const struct mansession *s, const char *action)
{
- struct sockaddr_in sin_local;
+ struct ast_sockaddr addr_remote;
char session_id[32];
char request_type[64];
struct ast_security_event_req_bad_format req_bad_format = {
@@ -2333,11 +2334,11 @@ static void report_req_bad_format(const struct mansession *s, const char *action
.common.account_id = s->session->username,
.common.session_tv = &s->session->sessionstart_tv,
.common.local_addr = {
- .sin = mansession_encode_sin_local(s, &sin_local),
+ .addr = &s->tcptls_session->parent->local_address,
.transport = mansession_get_transport(s),
},
.common.remote_addr = {
- .sin = &s->session->sin,
+ .addr = &addr_remote,
.transport = mansession_get_transport(s),
},
.common.session_id = session_id,
@@ -2345,6 +2346,8 @@ static void report_req_bad_format(const struct mansession *s, const char *action
.request_type = request_type,
};
+ ast_sockaddr_from_sin(&addr_remote, &s->session->sin);
+
snprintf(session_id, sizeof(session_id), "%p", s->session);
snprintf(request_type, sizeof(request_type), "Action: %s", action);
@@ -2354,7 +2357,7 @@ static void report_req_bad_format(const struct mansession *s, const char *action
static void report_failed_challenge_response(const struct mansession *s,
const char *response, const char *expected_response)
{
- struct sockaddr_in sin_local;
+ struct ast_sockaddr addr_remote;
char session_id[32];
struct ast_security_event_chal_resp_failed chal_resp_failed = {
.common.event_type = AST_SECURITY_EVENT_CHAL_RESP_FAILED,
@@ -2363,11 +2366,11 @@ static void report_failed_challenge_response(const struct mansession *s,
.common.account_id = s->session->username,
.common.session_tv = &s->session->sessionstart_tv,
.common.local_addr = {
- .sin = mansession_encode_sin_local(s, &sin_local),
+ .addr = &s->tcptls_session->parent->local_address,
.transport = mansession_get_transport(s),
},
.common.remote_addr = {
- .sin = &s->session->sin,
+ .addr = &addr_remote,
.transport = mansession_get_transport(s),
},
.common.session_id = session_id,
@@ -2377,6 +2380,8 @@ static void report_failed_challenge_response(const struct mansession *s,
.expected_response = expected_response,
};
+ ast_sockaddr_from_sin(&addr_remote, &s->session->sin);
+
snprintf(session_id, sizeof(session_id), "%p", s->session);
ast_security_event_report(AST_SEC_EVT(&chal_resp_failed));
@@ -2384,7 +2389,7 @@ static void report_failed_challenge_response(const struct mansession *s,
static void report_session_limit(const struct mansession *s)
{
- struct sockaddr_in sin_local;
+ struct ast_sockaddr addr_remote;
char session_id[32];
struct ast_security_event_session_limit session_limit = {
.common.event_type = AST_SECURITY_EVENT_SESSION_LIMIT,
@@ -2393,16 +2398,18 @@ static void report_session_limit(const struct mansession *s)
.common.account_id = s->session->username,
.common.session_tv = &s->session->sessionstart_tv,
.common.local_addr = {
- .sin = mansession_encode_sin_local(s, &sin_local),
+ .addr = &s->tcptls_session->parent->local_address,
.transport = mansession_get_transport(s),
},
.common.remote_addr = {
- .sin = &s->session->sin,
+ .addr = &addr_remote,
.transport = mansession_get_transport(s),
},
.common.session_id = session_id,
};
+ ast_sockaddr_from_sin(&addr_remote, &s->session->sin);
+
snprintf(session_id, sizeof(session_id), "%p", s->session);
ast_security_event_report(AST_SEC_EVT(&session_limit));
diff --git a/main/security_events.c b/main/security_events.c
index ed05ebfa0..6b419237c 100644
--- a/main/security_events.c
+++ b/main/security_events.c
@@ -1,7 +1,7 @@
/*
* Asterisk -- An open source telephony toolkit.
*
- * Copyright (C) 2009, Digium, Inc.
+ * Copyright (C) 2012, Digium, Inc.
*
* Russell Bryant <russell@digium.com>
*
@@ -32,6 +32,7 @@ ASTERISK_FILE_VERSION(__FILE__, "$Revision$")
#include "asterisk/strings.h"
#include "asterisk/network.h"
#include "asterisk/security_events.h"
+#include "asterisk/netsock2.h"
static const size_t TIMESTAMP_STR_LEN = 32;
@@ -502,12 +503,12 @@ static int add_timeval_ie(struct ast_event **event, enum ast_event_ie_type ie_ty
return ast_event_append_ie_str(event, ie_type, ast_str_buffer(str));
}
-static int add_ipv4_ie(struct ast_event **event, enum ast_event_ie_type ie_type,
- const struct ast_security_event_ipv4_addr *addr)
+static int add_ip_ie(struct ast_event **event, enum ast_event_ie_type ie_type,
+ const struct ast_security_event_ip_addr *addr)
{
struct ast_str *str = ast_str_alloca(64);
- ast_str_set(&str, 0, "IPV4/");
+ ast_str_set(&str, 0, (ast_sockaddr_is_ipv4(addr->addr) || ast_sockaddr_is_ipv4_mapped(addr->addr)) ? "IPV4/" : "IPV6/");
switch (addr->transport) {
case AST_SECURITY_EVENT_TRANSPORT_UDP:
@@ -521,9 +522,8 @@ static int add_ipv4_ie(struct ast_event **event, enum ast_event_ie_type ie_type,
break;
}
- ast_str_append(&str, 0, "%s/%hu",
- ast_inet_ntoa(addr->sin->sin_addr),
- ntohs(addr->sin->sin_port));
+ ast_str_append(&str, 0, "%s", ast_sockaddr_stringify_addr(addr->addr));
+ ast_str_append(&str, 0, "/%s", ast_sockaddr_stringify_port(addr->addr));
return ast_event_append_ie_str(event, ie_type, ast_str_buffer(str));
}
@@ -583,19 +583,19 @@ static int add_ie(struct ast_event **event, const struct ast_security_event_comm
case AST_EVENT_IE_REMOTE_ADDR:
case AST_EVENT_IE_EXPECTED_ADDR:
{
- const struct ast_security_event_ipv4_addr *addr;
+ const struct ast_security_event_ip_addr *addr;
- addr = (const struct ast_security_event_ipv4_addr *)(((const char *) sec) + ie_type->offset);
+ addr = (const struct ast_security_event_ip_addr *)(((const char *) sec) + ie_type->offset);
- if (req && !addr->sin) {
+ if (req && !addr->addr) {
ast_log(LOG_WARNING, "Required IE '%d' for security event "
"type '%d' not present\n", ie_type->ie_type,
sec->event_type);
res = -1;
}
- if (addr->sin) {
- res = add_ipv4_ie(event, ie_type->ie_type, addr);
+ if (addr->addr) {
+ res = add_ip_ie(event, ie_type->ie_type, addr);
}
break;
}
generated by cgit v1.2.3 (git 2.39.1) at 2024-07-05 11:33:56 +0000