diff options
Diffstat (limited to 'tests/test_security_events.c')
-rw-r--r-- | tests/test_security_events.c | 625 |
1 files changed, 625 insertions, 0 deletions
diff --git a/tests/test_security_events.c b/tests/test_security_events.c new file mode 100644 index 000000000..33b40e877 --- /dev/null +++ b/tests/test_security_events.c @@ -0,0 +1,625 @@ +/* + * Asterisk -- An open source telephony toolkit. + * + * Copyright (C) 2009, Digium, Inc. + * + * Russell Bryant <russell@digium.com> + * + * See http://www.asterisk.org for more information about + * the Asterisk project. Please do not directly contact + * any of the maintainers of this project for assistance; + * the project provides a web site, mailing lists and IRC + * channels for your use. + * + * This program is free software, distributed under the terms of + * the GNU General Public License Version 2. See the LICENSE file + * at the top of the source tree. + */ + +/*! \file + * + * \brief Test security event generation + * + * \author Russell Bryant <russell@digium.com> + */ + +/*** MODULEINFO + <defaultenabled>no</defaultenabled> + ***/ + +#include "asterisk.h" + +ASTERISK_FILE_VERSION(__FILE__, "$Revision$") + +#include "asterisk/module.h" +#include "asterisk/cli.h" +#include "asterisk/utils.h" +#include "asterisk/security_events.h" + +static void evt_gen_failed_acl(void); +static void evt_gen_inval_acct_id(void); +static void evt_gen_session_limit(void); +static void evt_gen_mem_limit(void); +static void evt_gen_load_avg(void); +static void evt_gen_req_no_support(void); +static void evt_gen_req_not_allowed(void); +static void evt_gen_auth_method_not_allowed(void); +static void evt_gen_req_bad_format(void); +static void evt_gen_successful_auth(void); +static void evt_gen_unexpected_addr(void); +static void evt_gen_chal_resp_failed(void); +static void evt_gen_inval_password(void); + +typedef void (*evt_generator)(void); +static const evt_generator evt_generators[AST_SECURITY_EVENT_NUM_TYPES] = { + [AST_SECURITY_EVENT_FAILED_ACL] = evt_gen_failed_acl, + [AST_SECURITY_EVENT_INVAL_ACCT_ID] = evt_gen_inval_acct_id, + [AST_SECURITY_EVENT_SESSION_LIMIT] = evt_gen_session_limit, + [AST_SECURITY_EVENT_MEM_LIMIT] = evt_gen_mem_limit, + [AST_SECURITY_EVENT_LOAD_AVG] = evt_gen_load_avg, + [AST_SECURITY_EVENT_REQ_NO_SUPPORT] = evt_gen_req_no_support, + [AST_SECURITY_EVENT_REQ_NOT_ALLOWED] = evt_gen_req_not_allowed, + [AST_SECURITY_EVENT_AUTH_METHOD_NOT_ALLOWED] = evt_gen_auth_method_not_allowed, + [AST_SECURITY_EVENT_REQ_BAD_FORMAT] = evt_gen_req_bad_format, + [AST_SECURITY_EVENT_SUCCESSFUL_AUTH] = evt_gen_successful_auth, + [AST_SECURITY_EVENT_UNEXPECTED_ADDR] = evt_gen_unexpected_addr, + [AST_SECURITY_EVENT_CHAL_RESP_FAILED] = evt_gen_chal_resp_failed, + [AST_SECURITY_EVENT_INVAL_PASSWORD] = evt_gen_inval_password, +}; + +static void evt_gen_failed_acl(void) +{ + struct sockaddr_in sin_local = { + .sin_family = AF_INET + }; + struct sockaddr_in sin_remote = { + .sin_family = AF_INET + }; + struct timeval session_tv = ast_tvnow(); + struct ast_security_event_failed_acl failed_acl_event = { + .common.event_type = AST_SECURITY_EVENT_FAILED_ACL, + .common.version = AST_SECURITY_EVENT_FAILED_ACL_VERSION, + .common.service = "TEST", + .common.module = AST_MODULE, + .common.account_id = "Username", + .common.session_id = "Session123", + .common.session_tv = &session_tv, + .common.local_addr = { + .sin = &sin_local, + .transport = AST_SECURITY_EVENT_TRANSPORT_UDP, + }, + .common.remote_addr = { + .sin = &sin_remote, + .transport = AST_SECURITY_EVENT_TRANSPORT_UDP, + }, + + .acl_name = "TEST_ACL", + }; + + inet_aton("192.168.1.1", &sin_local.sin_addr); + sin_local.sin_port = htons(12121); + + inet_aton("192.168.1.2", &sin_remote.sin_addr); + sin_remote.sin_port = htons(12345); + + ast_security_event_report(AST_SEC_EVT(&failed_acl_event)); +} + +static void evt_gen_inval_acct_id(void) +{ + struct sockaddr_in sin_local = { + .sin_family = AF_INET + }; + struct sockaddr_in sin_remote = { + .sin_family = AF_INET + }; + struct timeval session_tv = ast_tvnow(); + struct ast_security_event_inval_acct_id inval_acct_id = { + .common.event_type = AST_SECURITY_EVENT_INVAL_ACCT_ID, + .common.version = AST_SECURITY_EVENT_INVAL_ACCT_ID_VERSION, + .common.service = "TEST", + .common.module = AST_MODULE, + .common.account_id = "FakeUser", + .common.session_id = "Session456", + .common.session_tv = &session_tv, + .common.local_addr = { + .sin = &sin_local, + .transport = AST_SECURITY_EVENT_TRANSPORT_TCP, + }, + .common.remote_addr = { + .sin = &sin_remote, + .transport = AST_SECURITY_EVENT_TRANSPORT_TCP, + }, + }; + + inet_aton("10.1.2.3", &sin_local.sin_addr); + sin_local.sin_port = htons(4321); + + inet_aton("10.1.2.4", &sin_remote.sin_addr); + sin_remote.sin_port = htons(1234); + + ast_security_event_report(AST_SEC_EVT(&inval_acct_id)); +} + +static void evt_gen_session_limit(void) +{ + struct sockaddr_in sin_local = { + .sin_family = AF_INET + }; + struct sockaddr_in sin_remote = { + .sin_family = AF_INET + }; + struct timeval session_tv = ast_tvnow(); + struct ast_security_event_session_limit session_limit = { + .common.event_type = AST_SECURITY_EVENT_SESSION_LIMIT, + .common.version = AST_SECURITY_EVENT_SESSION_LIMIT_VERSION, + .common.service = "TEST", + .common.module = AST_MODULE, + .common.account_id = "Jenny", + .common.session_id = "8675309", + .common.session_tv = &session_tv, + .common.local_addr = { + .sin = &sin_local, + .transport = AST_SECURITY_EVENT_TRANSPORT_TLS, + }, + .common.remote_addr = { + .sin = &sin_remote, + .transport = AST_SECURITY_EVENT_TRANSPORT_TLS, + }, + }; + + inet_aton("10.5.4.3", &sin_local.sin_addr); + sin_local.sin_port = htons(4444); + + inet_aton("10.5.4.2", &sin_remote.sin_addr); + sin_remote.sin_port = htons(3333); + + ast_security_event_report(AST_SEC_EVT(&session_limit)); +} + +static void evt_gen_mem_limit(void) +{ + struct sockaddr_in sin_local = { + .sin_family = AF_INET + }; + struct sockaddr_in sin_remote = { + .sin_family = AF_INET + }; + struct timeval session_tv = ast_tvnow(); + struct ast_security_event_mem_limit mem_limit = { + .common.event_type = AST_SECURITY_EVENT_MEM_LIMIT, + .common.version = AST_SECURITY_EVENT_MEM_LIMIT_VERSION, + .common.service = "TEST", + .common.module = AST_MODULE, + .common.account_id = "Felix", + .common.session_id = "Session2604", + .common.session_tv = &session_tv, + .common.local_addr = { + .sin = &sin_local, + .transport = AST_SECURITY_EVENT_TRANSPORT_UDP, + }, + .common.remote_addr = { + .sin = &sin_remote, + .transport = AST_SECURITY_EVENT_TRANSPORT_UDP, + }, + }; + + inet_aton("10.10.10.10", &sin_local.sin_addr); + sin_local.sin_port = htons(555); + + inet_aton("10.10.10.12", &sin_remote.sin_addr); + sin_remote.sin_port = htons(5656); + + ast_security_event_report(AST_SEC_EVT(&mem_limit)); +} + +static void evt_gen_load_avg(void) +{ + struct sockaddr_in sin_local = { + .sin_family = AF_INET + }; + struct sockaddr_in sin_remote = { + .sin_family = AF_INET + }; + struct timeval session_tv = ast_tvnow(); + struct ast_security_event_load_avg load_avg = { + .common.event_type = AST_SECURITY_EVENT_LOAD_AVG, + .common.version = AST_SECURITY_EVENT_LOAD_AVG_VERSION, + .common.service = "TEST", + .common.module = AST_MODULE, + .common.account_id = "GuestAccount", + .common.session_id = "XYZ123", + .common.session_tv = &session_tv, + .common.local_addr = { + .sin = &sin_local, + .transport = AST_SECURITY_EVENT_TRANSPORT_UDP, + }, + .common.remote_addr = { + .sin = &sin_remote, + .transport = AST_SECURITY_EVENT_TRANSPORT_UDP, + }, + }; + + inet_aton("10.11.12.13", &sin_local.sin_addr); + sin_local.sin_port = htons(9876); + + inet_aton("10.12.11.10", &sin_remote.sin_addr); + sin_remote.sin_port = htons(9825); + + ast_security_event_report(AST_SEC_EVT(&load_avg)); +} + +static void evt_gen_req_no_support(void) +{ + struct sockaddr_in sin_local = { + .sin_family = AF_INET + }; + struct sockaddr_in sin_remote = { + .sin_family = AF_INET + }; + struct timeval session_tv = ast_tvnow(); + struct ast_security_event_req_no_support req_no_support = { + .common.event_type = AST_SECURITY_EVENT_REQ_NO_SUPPORT, + .common.version = AST_SECURITY_EVENT_REQ_NO_SUPPORT_VERSION, + .common.service = "TEST", + .common.module = AST_MODULE, + .common.account_id = "George", + .common.session_id = "asdkl23478289lasdkf", + .common.session_tv = &session_tv, + .common.local_addr = { + .sin = &sin_local, + .transport = AST_SECURITY_EVENT_TRANSPORT_UDP, + }, + .common.remote_addr = { + .sin = &sin_remote, + .transport = AST_SECURITY_EVENT_TRANSPORT_UDP, + }, + + .request_type = "MakeMeDinner", + }; + + inet_aton("10.110.120.130", &sin_local.sin_addr); + sin_local.sin_port = htons(9888); + + inet_aton("10.120.110.100", &sin_remote.sin_addr); + sin_remote.sin_port = htons(9777); + + ast_security_event_report(AST_SEC_EVT(&req_no_support)); +} + +static void evt_gen_req_not_allowed(void) +{ + struct sockaddr_in sin_local = { + .sin_family = AF_INET + }; + struct sockaddr_in sin_remote = { + .sin_family = AF_INET + }; + struct timeval session_tv = ast_tvnow(); + struct ast_security_event_req_not_allowed req_not_allowed = { + .common.event_type = AST_SECURITY_EVENT_REQ_NOT_ALLOWED, + .common.version = AST_SECURITY_EVENT_REQ_NOT_ALLOWED_VERSION, + .common.service = "TEST", + .common.module = AST_MODULE, + .common.account_id = "George", + .common.session_id = "alksdjf023423h4lka0df", + .common.session_tv = &session_tv, + .common.local_addr = { + .sin = &sin_local, + .transport = AST_SECURITY_EVENT_TRANSPORT_UDP, + }, + .common.remote_addr = { + .sin = &sin_remote, + .transport = AST_SECURITY_EVENT_TRANSPORT_UDP, + }, + + .request_type = "MakeMeBreakfast", + .request_params = "BACONNNN!", + }; + + inet_aton("10.110.120.130", &sin_local.sin_addr); + sin_local.sin_port = htons(9888); + + inet_aton("10.120.110.100", &sin_remote.sin_addr); + sin_remote.sin_port = htons(9777); + + ast_security_event_report(AST_SEC_EVT(&req_not_allowed)); +} + +static void evt_gen_auth_method_not_allowed(void) +{ + struct sockaddr_in sin_local = { + .sin_family = AF_INET + }; + struct sockaddr_in sin_remote = { + .sin_family = AF_INET + }; + struct timeval session_tv = ast_tvnow(); + struct ast_security_event_auth_method_not_allowed auth_method_not_allowed = { + .common.event_type = AST_SECURITY_EVENT_AUTH_METHOD_NOT_ALLOWED, + .common.version = AST_SECURITY_EVENT_AUTH_METHOD_NOT_ALLOWED_VERSION, + .common.service = "TEST", + .common.module = AST_MODULE, + .common.account_id = "Bob", + .common.session_id = "010101010101", + .common.session_tv = &session_tv, + .common.local_addr = { + .sin = &sin_local, + .transport = AST_SECURITY_EVENT_TRANSPORT_TCP, + }, + .common.remote_addr = { + .sin = &sin_remote, + .transport = AST_SECURITY_EVENT_TRANSPORT_TCP, + }, + + .auth_method = "PlainText" + }; + + inet_aton("10.110.120.135", &sin_local.sin_addr); + sin_local.sin_port = htons(8754); + + inet_aton("10.120.110.105", &sin_remote.sin_addr); + sin_remote.sin_port = htons(8745); + + ast_security_event_report(AST_SEC_EVT(&auth_method_not_allowed)); +} + +static void evt_gen_req_bad_format(void) +{ + struct sockaddr_in sin_local = { + .sin_family = AF_INET + }; + struct sockaddr_in sin_remote = { + .sin_family = AF_INET + }; + struct timeval session_tv = ast_tvnow(); + struct ast_security_event_req_bad_format req_bad_format = { + .common.event_type = AST_SECURITY_EVENT_REQ_BAD_FORMAT, + .common.version = AST_SECURITY_EVENT_REQ_BAD_FORMAT_VERSION, + .common.service = "TEST", + .common.module = AST_MODULE, + .common.account_id = "Larry", + .common.session_id = "838383fhfhf83hf8h3f8h", + .common.session_tv = &session_tv, + .common.local_addr = { + .sin = &sin_local, + .transport = AST_SECURITY_EVENT_TRANSPORT_TCP, + }, + .common.remote_addr = { + .sin = &sin_remote, + .transport = AST_SECURITY_EVENT_TRANSPORT_TCP, + }, + + .request_type = "CheeseBurger", + .request_params = "Onions,Swiss,MotorOil", + }; + + inet_aton("10.110.220.230", &sin_local.sin_addr); + sin_local.sin_port = htons(1212); + + inet_aton("10.120.210.200", &sin_remote.sin_addr); + sin_remote.sin_port = htons(2121); + + ast_security_event_report(AST_SEC_EVT(&req_bad_format)); +} + +static void evt_gen_successful_auth(void) +{ + struct sockaddr_in sin_local = { + .sin_family = AF_INET + }; + struct sockaddr_in sin_remote = { + .sin_family = AF_INET + }; + struct timeval session_tv = ast_tvnow(); + struct ast_security_event_successful_auth successful_auth = { + .common.event_type = AST_SECURITY_EVENT_SUCCESSFUL_AUTH, + .common.version = AST_SECURITY_EVENT_SUCCESSFUL_AUTH_VERSION, + .common.service = "TEST", + .common.module = AST_MODULE, + .common.account_id = "ValidUser", + .common.session_id = "Session456", + .common.session_tv = &session_tv, + .common.local_addr = { + .sin = &sin_local, + .transport = AST_SECURITY_EVENT_TRANSPORT_TCP, + }, + .common.remote_addr = { + .sin = &sin_remote, + .transport = AST_SECURITY_EVENT_TRANSPORT_TCP, + }, + }; + + inet_aton("10.1.2.3", &sin_local.sin_addr); + sin_local.sin_port = htons(4321); + + inet_aton("10.1.2.4", &sin_remote.sin_addr); + sin_remote.sin_port = htons(1234); + + ast_security_event_report(AST_SEC_EVT(&successful_auth)); +} + +static void evt_gen_unexpected_addr(void) +{ + struct sockaddr_in sin_local = { + .sin_family = AF_INET + }; + struct sockaddr_in sin_remote = { + .sin_family = AF_INET + }; + struct sockaddr_in sin_expected = { + .sin_family = AF_INET + }; + struct timeval session_tv = ast_tvnow(); + struct ast_security_event_unexpected_addr unexpected_addr = { + .common.event_type = AST_SECURITY_EVENT_UNEXPECTED_ADDR, + .common.version = AST_SECURITY_EVENT_UNEXPECTED_ADDR_VERSION, + .common.service = "TEST", + .common.module = AST_MODULE, + .common.account_id = "CoolUser", + .common.session_id = "Session789", + .common.session_tv = &session_tv, + .common.local_addr = { + .sin = &sin_local, + .transport = AST_SECURITY_EVENT_TRANSPORT_UDP, + }, + .common.remote_addr = { + .sin = &sin_remote, + .transport = AST_SECURITY_EVENT_TRANSPORT_UDP, + }, + + .expected_addr = { + .sin = &sin_expected, + .transport = AST_SECURITY_EVENT_TRANSPORT_UDP, + }, + }; + + inet_aton("10.1.2.3", &sin_local.sin_addr); + sin_local.sin_port = htons(4321); + + inet_aton("10.1.2.4", &sin_remote.sin_addr); + sin_remote.sin_port = htons(1234); + + inet_aton("10.1.2.5", &sin_expected.sin_addr); + sin_expected.sin_port = htons(2343); + + ast_security_event_report(AST_SEC_EVT(&unexpected_addr)); +} + +static void evt_gen_chal_resp_failed(void) +{ + struct sockaddr_in sin_local = { + .sin_family = AF_INET + }; + struct sockaddr_in sin_remote = { + .sin_family = AF_INET + }; + struct timeval session_tv = ast_tvnow(); + struct ast_security_event_chal_resp_failed chal_resp_failed = { + .common.event_type = AST_SECURITY_EVENT_CHAL_RESP_FAILED, + .common.version = AST_SECURITY_EVENT_CHAL_RESP_FAILED_VERSION, + .common.service = "TEST", + .common.module = AST_MODULE, + .common.account_id = "SuperDuperUser", + .common.session_id = "Session1231231231", + .common.session_tv = &session_tv, + .common.local_addr = { + .sin = &sin_local, + .transport = AST_SECURITY_EVENT_TRANSPORT_TCP, + }, + .common.remote_addr = { + .sin = &sin_remote, + .transport = AST_SECURITY_EVENT_TRANSPORT_TCP, + }, + + .challenge = "8adf8a9sd8fas9df23ljk4", + .response = "9u3jlaksdjflakjsdfoi23", + .expected_response = "oiafaljhadf9834luahk3k", + }; + + inet_aton("10.1.2.3", &sin_local.sin_addr); + sin_local.sin_port = htons(4321); + + inet_aton("10.1.2.4", &sin_remote.sin_addr); + sin_remote.sin_port = htons(1234); + + ast_security_event_report(AST_SEC_EVT(&chal_resp_failed)); +} + +static void evt_gen_inval_password(void) +{ + struct sockaddr_in sin_local = { + .sin_family = AF_INET + }; + struct sockaddr_in sin_remote = { + .sin_family = AF_INET + }; + struct timeval session_tv = ast_tvnow(); + struct ast_security_event_inval_password inval_password = { + .common.event_type = AST_SECURITY_EVENT_INVAL_PASSWORD, + .common.version = AST_SECURITY_EVENT_INVAL_PASSWORD_VERSION, + .common.service = "TEST", + .common.module = AST_MODULE, + .common.account_id = "AccountIDGoesHere", + .common.session_id = "SessionIDGoesHere", + .common.session_tv = &session_tv, + .common.local_addr = { + .sin = &sin_local, + .transport = AST_SECURITY_EVENT_TRANSPORT_TCP, + }, + .common.remote_addr = { + .sin = &sin_remote, + .transport = AST_SECURITY_EVENT_TRANSPORT_TCP, + }, + }; + + inet_aton("10.200.100.30", &sin_local.sin_addr); + sin_local.sin_port = htons(4321); + + inet_aton("10.200.100.40", &sin_remote.sin_addr); + sin_remote.sin_port = htons(1234); + + ast_security_event_report(AST_SEC_EVT(&inval_password)); +} + +static void gen_events(struct ast_cli_args *a) +{ + unsigned int i; + + ast_cli(a->fd, "Generating some security events ...\n"); + + for (i = 0; i < ARRAY_LEN(evt_generators); i++) { + const char *event_type = ast_security_event_get_name(i); + + if (!evt_generators[i]) { + ast_cli(a->fd, "*** No event generator for event type '%s' ***\n", + event_type); + continue; + } + + ast_cli(a->fd, "Generating a '%s' security event ...\n", event_type); + + evt_generators[i](); + } + + ast_cli(a->fd, "Security event generation complete.\n"); +} + +static char *handle_cli_sec_evt_test(struct ast_cli_entry *e, int cmd, struct ast_cli_args *a) +{ + switch (cmd) { + case CLI_INIT: + e->command = "securityevents test generation"; + e->usage = "" + "Usage: securityevents test generation" + ""; + return NULL; + case CLI_GENERATE: + return NULL; + case CLI_HANDLER: + gen_events(a); + return CLI_SUCCESS; + } + + return CLI_FAILURE; +} + +static struct ast_cli_entry cli_sec_evt[] = { + AST_CLI_DEFINE(handle_cli_sec_evt_test, "Test security event generation"), +}; + +static int unload_module(void) +{ + return ast_cli_unregister_multiple(cli_sec_evt, ARRAY_LEN(cli_sec_evt)); +} + +static int load_module(void) +{ + int res; + + res = ast_cli_register_multiple(cli_sec_evt, ARRAY_LEN(cli_sec_evt)); + + return res ? AST_MODULE_LOAD_DECLINE : AST_MODULE_LOAD_SUCCESS; +} + +AST_MODULE_INFO_STANDARD(ASTERISK_GPL_KEY, "Test Security Event Generation"); |