Print "<unknown>" for artificial endpoint in PJSIP security events.
[asterisk/asterisk.git] / res / res_pjsip / security_events.c
1 /*
2  * Asterisk -- An open source telephony toolkit.
3  *
4  * Copyright (C) 2013, Digium, Inc.
5  *
6  * Joshua Colp <jcolp@digium.com>
7  *
8  * See http://www.asterisk.org for more information about
9  * the Asterisk project. Please do not directly contact
10  * any of the maintainers of this project for assistance;
11  * the project provides a web site, mailing lists and IRC
12  * channels for your use.
13  *
14  * This program is free software, distributed under the terms of
15  * the GNU General Public License Version 2. See the LICENSE file
16  * at the top of the source tree.
17  */
18
19 /*!
20  * \file
21  *
22  * \brief Generate security events in the PJSIP channel
23  *
24  * \author Joshua Colp <jcolp@digium.com>
25  */
26
27 #include "asterisk.h"
28
29 ASTERISK_FILE_VERSION(__FILE__, "$Revision$")
30
31 #include <pjsip.h>
32
33 #include "asterisk/res_pjsip.h"
34 #include "asterisk/security_events.h"
35
36 static enum ast_transport security_event_get_transport(pjsip_rx_data *rdata)
37 {
38         if (rdata->tp_info.transport->key.type == PJSIP_TRANSPORT_UDP ||
39                 rdata->tp_info.transport->key.type == PJSIP_TRANSPORT_UDP6) {
40                 return AST_TRANSPORT_UDP;
41         } else if (rdata->tp_info.transport->key.type == PJSIP_TRANSPORT_TCP ||
42                 rdata->tp_info.transport->key.type == PJSIP_TRANSPORT_TCP6) {
43                 return AST_TRANSPORT_TCP;
44         } else if (rdata->tp_info.transport->key.type == PJSIP_TRANSPORT_TLS ||
45                 rdata->tp_info.transport->key.type == PJSIP_TRANSPORT_TLS6) {
46                 return AST_TRANSPORT_TLS;
47         } else if (!strcmp(rdata->tp_info.transport->type_name, "WS")) {
48                 return AST_TRANSPORT_WS;
49         } else if (!strcmp(rdata->tp_info.transport->type_name, "WSS")) {
50                 return AST_TRANSPORT_WSS;
51         } else {
52                 return 0;
53         }
54 }
55
56 static void security_event_populate(pjsip_rx_data *rdata, char *call_id, size_t call_id_size, struct ast_sockaddr *local, struct ast_sockaddr *remote)
57 {
58         char host[NI_MAXHOST];
59
60         ast_copy_pj_str(call_id, &rdata->msg_info.cid->id, call_id_size);
61
62         ast_copy_pj_str(host, &rdata->tp_info.transport->local_name.host, sizeof(host));
63         ast_sockaddr_parse(local, host, PARSE_PORT_FORBID);
64         ast_sockaddr_set_port(local, rdata->tp_info.transport->local_name.port);
65
66         ast_sockaddr_parse(remote, rdata->pkt_info.src_name, PARSE_PORT_FORBID);
67         ast_sockaddr_set_port(remote, rdata->pkt_info.src_port);
68 }
69
70 static const char *get_account_id(struct ast_sip_endpoint *endpoint)
71 {
72         RAII_VAR(struct ast_sip_endpoint *, artificial, ast_sip_get_artificial_endpoint(), ao2_cleanup);
73
74         return endpoint == artificial ? "<unknown>" : ast_sorcery_object_get_id(endpoint);
75 }
76
77 void ast_sip_report_invalid_endpoint(const char *name, pjsip_rx_data *rdata)
78 {
79         enum ast_transport transport = security_event_get_transport(rdata);
80         char call_id[pj_strlen(&rdata->msg_info.cid->id) + 1];
81         struct ast_sockaddr local, remote;
82
83         struct ast_security_event_inval_acct_id inval_acct_id = {
84                 .common.event_type = AST_SECURITY_EVENT_INVAL_ACCT_ID,
85                 .common.version    = AST_SECURITY_EVENT_INVAL_ACCT_ID_VERSION,
86                 .common.service    = "PJSIP",
87                 .common.account_id = name,
88                 .common.local_addr = {
89                         .addr      = &local,
90                         .transport = transport,
91                 },
92                 .common.remote_addr = {
93                         .addr       = &remote,
94                         .transport = transport,
95                 },
96                 .common.session_id = call_id,
97         };
98
99         security_event_populate(rdata, call_id, sizeof(call_id), &local, &remote);
100
101         ast_security_event_report(AST_SEC_EVT(&inval_acct_id));
102 }
103
104 void ast_sip_report_failed_acl(struct ast_sip_endpoint *endpoint, pjsip_rx_data *rdata, const char *name)
105 {
106         enum ast_transport transport = security_event_get_transport(rdata);
107         char call_id[pj_strlen(&rdata->msg_info.cid->id) + 1];
108         struct ast_sockaddr local, remote;
109
110         struct ast_security_event_failed_acl failed_acl_event = {
111                         .common.event_type  = AST_SECURITY_EVENT_FAILED_ACL,
112                         .common.version     = AST_SECURITY_EVENT_FAILED_ACL_VERSION,
113                         .common.service     = "PJSIP",
114                         .common.account_id  = get_account_id(endpoint),
115                         .common.local_addr  = {
116                                         .addr       = &local,
117                                         .transport  = transport,
118                         },
119                         .common.remote_addr = {
120                                         .addr       = &remote,
121                                         .transport  = transport,
122                         },
123                         .common.session_id  = call_id,
124                         .acl_name           = name,
125         };
126
127         security_event_populate(rdata, call_id, sizeof(call_id), &local, &remote);
128
129         ast_security_event_report(AST_SEC_EVT(&failed_acl_event));
130 }
131
132 void ast_sip_report_auth_failed_challenge_response(struct ast_sip_endpoint *endpoint, pjsip_rx_data *rdata)
133 {
134         pjsip_authorization_hdr *auth = pjsip_msg_find_hdr(rdata->msg_info.msg, PJSIP_H_AUTHORIZATION, NULL);
135         enum ast_transport transport = security_event_get_transport(rdata);
136         char call_id[pj_strlen(&rdata->msg_info.cid->id) + 1];
137         char nonce[64] = "", response[256] = "";
138         struct ast_sockaddr local, remote;
139         RAII_VAR(struct ast_sip_endpoint *, artificial, ast_sip_get_artificial_endpoint(), ao2_cleanup);
140
141         struct ast_security_event_chal_resp_failed chal_resp_failed = {
142                                 .common.event_type = AST_SECURITY_EVENT_CHAL_RESP_FAILED,
143                                 .common.version    = AST_SECURITY_EVENT_CHAL_RESP_FAILED_VERSION,
144                                 .common.service    = "PJSIP",
145                                 .common.account_id = get_account_id(endpoint),
146                                 .common.local_addr = {
147                                                 .addr      = &local,
148                                                 .transport = transport,
149                                 },
150                                 .common.remote_addr = {
151                                                 .addr      = &remote,
152                                                 .transport = transport,
153                                 },
154                                 .common.session_id = call_id,
155
156                                 .challenge         = nonce,
157                                 .response          = response,
158                                 .expected_response = "",
159         };
160
161         if (auth && !pj_strcmp2(&auth->scheme, "Digest")) {
162                 ast_copy_pj_str(nonce, &auth->credential.digest.nonce, sizeof(nonce));
163                 ast_copy_pj_str(response, &auth->credential.digest.response, sizeof(response));
164         }
165
166         security_event_populate(rdata, call_id, sizeof(call_id), &local, &remote);
167
168         ast_security_event_report(AST_SEC_EVT(&chal_resp_failed));
169 }
170
171 void ast_sip_report_auth_success(struct ast_sip_endpoint *endpoint, pjsip_rx_data *rdata)
172 {
173         pjsip_authorization_hdr *auth = pjsip_msg_find_hdr(rdata->msg_info.msg, PJSIP_H_AUTHORIZATION, NULL);
174         enum ast_transport transport = security_event_get_transport(rdata);
175         char call_id[pj_strlen(&rdata->msg_info.cid->id) + 1];
176         struct ast_sockaddr local, remote;
177
178         struct ast_security_event_successful_auth successful_auth = {
179                         .common.event_type  = AST_SECURITY_EVENT_SUCCESSFUL_AUTH,
180                         .common.version     = AST_SECURITY_EVENT_SUCCESSFUL_AUTH_VERSION,
181                         .common.service     = "PJSIP",
182                         .common.account_id  = get_account_id(endpoint),
183                         .common.local_addr  = {
184                                         .addr       = &local,
185                                         .transport  = transport,
186                         },
187                         .common.remote_addr = {
188                                         .addr       = &remote,
189                                         .transport  = transport,
190                         },
191                         .common.session_id  = call_id,
192                         .using_password     = auth ? (uint32_t *)1 : (uint32_t *)0,
193         };
194
195         security_event_populate(rdata, call_id, sizeof(call_id), &local, &remote);
196
197         ast_security_event_report(AST_SEC_EVT(&successful_auth));
198 }
199
200 void ast_sip_report_auth_challenge_sent(struct ast_sip_endpoint *endpoint, pjsip_rx_data *rdata, pjsip_tx_data *tdata)
201 {
202         pjsip_www_authenticate_hdr *auth = pjsip_msg_find_hdr(tdata->msg, PJSIP_H_WWW_AUTHENTICATE, NULL);
203         enum ast_transport transport = security_event_get_transport(rdata);
204         char nonce[64] = "", call_id[pj_strlen(&rdata->msg_info.cid->id) + 1];
205         struct ast_sockaddr local, remote;
206
207         struct ast_security_event_chal_sent chal_sent = {
208                         .common.event_type = AST_SECURITY_EVENT_CHAL_SENT,
209                         .common.version    = AST_SECURITY_EVENT_CHAL_SENT_VERSION,
210                         .common.service    = "PJSIP",
211                         .common.account_id = get_account_id(endpoint),
212                         .common.local_addr = {
213                                         .addr      = &local,
214                                         .transport = transport,
215                         },
216                         .common.remote_addr = {
217                                         .addr      = &remote,
218                                         .transport = transport,
219                         },
220                         .common.session_id = call_id,
221                         .challenge         = nonce,
222         };
223
224         if (auth && !pj_strcmp2(&auth->scheme, "digest")) {
225                 ast_copy_pj_str(nonce, &auth->challenge.digest.nonce, sizeof(nonce));
226         }
227
228         security_event_populate(rdata, call_id, sizeof(call_id), &local, &remote);
229
230         ast_security_event_report(AST_SEC_EVT(&chal_sent));
231 }
232
233 void ast_sip_report_req_no_support(struct ast_sip_endpoint *endpoint, pjsip_rx_data *rdata,
234                                    const char* req_type)
235 {
236         enum ast_transport transport = security_event_get_transport(rdata);
237         char call_id[pj_strlen(&rdata->msg_info.cid->id) + 1];
238         struct ast_sockaddr local, remote;
239
240         struct ast_security_event_req_no_support req_no_support_event = {
241                 .common.event_type  = AST_SECURITY_EVENT_REQ_NO_SUPPORT,
242                 .common.version     = AST_SECURITY_EVENT_REQ_NO_SUPPORT_VERSION,
243                 .common.service     = "PJSIP",
244                 .common.account_id  = get_account_id(endpoint),
245                 .common.local_addr  = {
246                         .addr       = &local,
247                         .transport  = transport,
248                 },
249                 .common.remote_addr = {
250                         .addr       = &remote,
251                         .transport  = transport,
252                 },
253                 .common.session_id  = call_id,
254                 .request_type       = req_type
255         };
256
257         security_event_populate(rdata, call_id, sizeof(call_id), &local, &remote);
258
259         ast_security_event_report(AST_SEC_EVT(&req_no_support_event));
260 }
261
262 void ast_sip_report_mem_limit(struct ast_sip_endpoint *endpoint, pjsip_rx_data *rdata)
263 {
264         enum ast_transport transport = security_event_get_transport(rdata);
265         char call_id[pj_strlen(&rdata->msg_info.cid->id) + 1];
266         struct ast_sockaddr local, remote;
267
268         struct ast_security_event_mem_limit mem_limit_event = {
269                 .common.event_type  = AST_SECURITY_EVENT_MEM_LIMIT,
270                 .common.version     = AST_SECURITY_EVENT_MEM_LIMIT_VERSION,
271                 .common.service     = "PJSIP",
272                 .common.account_id  = get_account_id(endpoint),
273                 .common.local_addr  = {
274                         .addr       = &local,
275                         .transport  = transport,
276                 },
277                 .common.remote_addr = {
278                         .addr       = &remote,
279                         .transport  = transport,
280                 },
281                 .common.session_id  = call_id
282         };
283
284         security_event_populate(rdata, call_id, sizeof(call_id), &local, &remote);
285
286         ast_security_event_report(AST_SEC_EVT(&mem_limit_event));
287 }