2 * Asterisk -- An open source telephony toolkit.
4 * Copyright (C) 2012, Digium, Inc.
6 * Russell Bryant <russell@digium.com>
8 * See http://www.asterisk.org for more information about
9 * the Asterisk project. Please do not directly contact
10 * any of the maintainers of this project for assistance;
11 * the project provides a web site, mailing lists and IRC
12 * channels for your use.
14 * This program is free software, distributed under the terms of
15 * the GNU General Public License Version 2. See the LICENSE file
16 * at the top of the source tree.
22 * \brief Security Event Reporting Helpers
24 * \author Russell Bryant <russell@digium.com>
28 <support_level>core</support_level>
32 <managerEvent language="en_US" name="FailedACL">
33 <managerEventInstance class="EVENT_FLAG_SECURITY">
34 <synopsis>Raised when a request violates an ACL check.</synopsis>
36 <parameter name="EventTV">
37 <para>The time the event was detected.</para>
39 <parameter name="Severity">
40 <para>A relative severity of the security event.</para>
42 <enum name="Informational"/>
46 <parameter name="Service">
47 <para>The Asterisk service that raised the security event.</para>
49 <parameter name="EventVersion">
50 <para>The version of this event.</para>
52 <parameter name="AccountID">
53 <para>The Service account associated with the security event
56 <parameter name="SessionID">
57 <para>A unique identifier for the session in the service
58 that raised the event.</para>
60 <parameter name="LocalAddress">
61 <para>The address of the Asterisk service that raised the
62 security event.</para>
64 <parameter name="RemoteAddress">
65 <para>The remote address of the entity that caused the
66 security event to be raised.</para>
68 <parameter name="Module" required="False">
69 <para>If available, the name of the module that raised the event.</para>
71 <parameter name="ACLName" required="False">
72 <para>If available, the name of the ACL that failed.</para>
74 <parameter name="SessionTV" required="False">
75 <para>The timestamp reported by the session.</para>
78 </managerEventInstance>
80 <managerEvent language="en_US" name="InvalidAccountID">
81 <managerEventInstance class="EVENT_FLAG_SECURITY">
82 <synopsis>Raised when a request fails an authentication check due to an invalid account ID.</synopsis>
84 <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='EventTV'])" />
85 <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='Severity'])" />
86 <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='Service'])" />
87 <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='EventVersion'])" />
88 <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='AccountID'])" />
89 <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='SessionID'])" />
90 <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='LocalAddress'])" />
91 <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='RemoteAddress'])" />
92 <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='Module'])" />
93 <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='SessionTV'])" />
95 </managerEventInstance>
97 <managerEvent language="en_US" name="SessionLimit">
98 <managerEventInstance class="EVENT_FLAG_SECURITY">
99 <synopsis>Raised when a request fails due to exceeding the number of allowed concurrent sessions for that service.</synopsis>
101 <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='EventTV'])" />
102 <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='Severity'])" />
103 <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='Service'])" />
104 <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='EventVersion'])" />
105 <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='AccountID'])" />
106 <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='SessionID'])" />
107 <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='LocalAddress'])" />
108 <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='RemoteAddress'])" />
109 <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='Module'])" />
110 <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='SessionTV'])" />
112 </managerEventInstance>
114 <managerEvent language="en_US" name="MemoryLimit">
115 <managerEventInstance class="EVENT_FLAG_SECURITY">
116 <synopsis>Raised when a request fails due to an internal memory allocation failure.</synopsis>
118 <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='EventTV'])" />
119 <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='Severity'])" />
120 <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='Service'])" />
121 <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='EventVersion'])" />
122 <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='AccountID'])" />
123 <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='SessionID'])" />
124 <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='LocalAddress'])" />
125 <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='RemoteAddress'])" />
126 <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='Module'])" />
127 <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='SessionTV'])" />
129 </managerEventInstance>
131 <managerEvent language="en_US" name="LoadAverageLimit">
132 <managerEventInstance class="EVENT_FLAG_SECURITY">
133 <synopsis>Raised when a request fails because a configured load average limit has been reached.</synopsis>
135 <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='EventTV'])" />
136 <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='Severity'])" />
137 <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='Service'])" />
138 <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='EventVersion'])" />
139 <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='AccountID'])" />
140 <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='SessionID'])" />
141 <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='LocalAddress'])" />
142 <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='RemoteAddress'])" />
143 <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='Module'])" />
144 <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='SessionTV'])" />
146 </managerEventInstance>
148 <managerEvent language="en_US" name="RequestNotSupported">
149 <managerEventInstance class="EVENT_FLAG_SECURITY">
150 <synopsis>Raised when a request fails due to some aspect of the requested item not being supported by the service.</synopsis>
152 <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='EventTV'])" />
153 <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='Severity'])" />
154 <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='Service'])" />
155 <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='EventVersion'])" />
156 <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='AccountID'])" />
157 <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='SessionID'])" />
158 <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='LocalAddress'])" />
159 <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='RemoteAddress'])" />
160 <parameter name="RequestType">
161 <para>The type of request attempted.</para>
163 <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='Module'])" />
164 <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='SessionTV'])" />
166 </managerEventInstance>
168 <managerEvent language="en_US" name="RequestNotAllowed">
169 <managerEventInstance class="EVENT_FLAG_SECURITY">
170 <synopsis>Raised when a request is not allowed by the service.</synopsis>
172 <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='EventTV'])" />
173 <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='Severity'])" />
174 <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='Service'])" />
175 <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='EventVersion'])" />
176 <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='AccountID'])" />
177 <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='SessionID'])" />
178 <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='LocalAddress'])" />
179 <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='RemoteAddress'])" />
180 <xi:include xpointer="xpointer(/docs/managerEvent[@name='RequestNotSupported']/managerEventInstance/syntax/parameter[@name='RequestType'])" />
181 <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='Module'])" />
182 <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='SessionTV'])" />
183 <parameter name="RequestParams" required="False">
184 <para>Parameters provided to the rejected request.</para>
187 </managerEventInstance>
189 <managerEvent language="en_US" name="AuthMethodNotAllowed">
190 <managerEventInstance class="EVENT_FLAG_SECURITY">
191 <synopsis>Raised when a request used an authentication method not allowed by the service.</synopsis>
193 <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='EventTV'])" />
194 <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='Severity'])" />
195 <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='Service'])" />
196 <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='EventVersion'])" />
197 <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='AccountID'])" />
198 <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='SessionID'])" />
199 <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='LocalAddress'])" />
200 <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='RemoteAddress'])" />
201 <parameter name="AuthMethod">
202 <para>The authentication method attempted.</para>
204 <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='Module'])" />
205 <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='SessionTV'])" />
207 </managerEventInstance>
209 <managerEvent language="en_US" name="RequestBadFormat">
210 <managerEventInstance class="EVENT_FLAG_SECURITY">
211 <synopsis>Raised when a request is received with bad formatting.</synopsis>
213 <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='EventTV'])" />
214 <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='Severity'])" />
215 <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='Service'])" />
216 <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='EventVersion'])" />
217 <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='AccountID'])" />
218 <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='SessionID'])" />
219 <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='LocalAddress'])" />
220 <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='RemoteAddress'])" />
221 <xi:include xpointer="xpointer(/docs/managerEvent[@name='RequestNotSupported']/managerEventInstance/syntax/parameter[@name='RequestType'])" />
222 <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='Module'])" />
223 <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='SessionTV'])" />
224 <parameter name="AccountID" required="False">
225 <para>The account ID associated with the rejected request.</para>
227 <xi:include xpointer="xpointer(/docs/managerEvent[@name='RequestNotAllowed']/managerEventInstance/syntax/parameter[@name='RequestParams'])" />
229 </managerEventInstance>
231 <managerEvent language="en_US" name="SuccessfulAuth">
232 <managerEventInstance class="EVENT_FLAG_SECURITY">
233 <synopsis>Raised when a request successfully authenticates with a service.</synopsis>
235 <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='EventTV'])" />
236 <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='Severity'])" />
237 <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='Service'])" />
238 <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='EventVersion'])" />
239 <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='AccountID'])" />
240 <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='SessionID'])" />
241 <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='LocalAddress'])" />
242 <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='RemoteAddress'])" />
243 <parameter name="UsingPassword">
244 <para>Whether or not the authentication attempt included a password.</para>
246 <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='Module'])" />
247 <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='SessionTV'])" />
249 </managerEventInstance>
251 <managerEvent language="en_US" name="UnexpectedAddress">
252 <managerEventInstance class="EVENT_FLAG_SECURITY">
253 <synopsis>Raised when a request has a different source address then what is expected for a session already in progress with a service.</synopsis>
255 <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='EventTV'])" />
256 <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='Severity'])" />
257 <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='Service'])" />
258 <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='EventVersion'])" />
259 <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='AccountID'])" />
260 <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='SessionID'])" />
261 <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='LocalAddress'])" />
262 <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='RemoteAddress'])" />
263 <parameter name="ExpectedAddress">
264 <para>The address that the request was expected to use.</para>
266 <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='Module'])" />
267 <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='SessionTV'])" />
269 </managerEventInstance>
271 <managerEvent language="en_US" name="ChallengeResponseFailed">
272 <managerEventInstance class="EVENT_FLAG_SECURITY">
273 <synopsis>Raised when a request's attempt to authenticate has been challenged, and the request failed the authentication challenge.</synopsis>
275 <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='EventTV'])" />
276 <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='Severity'])" />
277 <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='Service'])" />
278 <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='EventVersion'])" />
279 <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='AccountID'])" />
280 <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='SessionID'])" />
281 <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='LocalAddress'])" />
282 <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='RemoteAddress'])" />
283 <parameter name="Challenge">
284 <para>The challenge that was sent.</para>
286 <parameter name="Response">
287 <para>The response that was received.</para>
289 <parameter name="ExpectedResponse">
290 <para>The expected response to the challenge.</para>
292 <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='Module'])" />
293 <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='SessionTV'])" />
295 </managerEventInstance>
297 <managerEvent language="en_US" name="InvalidPassword">
298 <managerEventInstance class="EVENT_FLAG_SECURITY">
299 <synopsis>Raised when a request provides an invalid password during an authentication attempt.</synopsis>
301 <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='EventTV'])" />
302 <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='Severity'])" />
303 <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='Service'])" />
304 <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='EventVersion'])" />
305 <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='AccountID'])" />
306 <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='SessionID'])" />
307 <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='LocalAddress'])" />
308 <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='RemoteAddress'])" />
309 <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='Module'])" />
310 <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='SessionTV'])" />
311 <parameter name="Challenge" required="False">
312 <para>The challenge that was sent.</para>
314 <parameter name="ReceivedChallenge" required="False">
315 <para>The challenge that was received.</para>
317 <parameter name="RecievedHash" required="False">
318 <para>The hash that was received.</para>
321 </managerEventInstance>
323 <managerEvent language="en_US" name="ChallengeSent">
324 <managerEventInstance class="EVENT_FLAG_SECURITY">
325 <synopsis>Raised when an Asterisk service sends an authentication challenge to a request.</synopsis>
327 <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='EventTV'])" />
328 <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='Severity'])" />
329 <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='Service'])" />
330 <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='EventVersion'])" />
331 <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='AccountID'])" />
332 <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='SessionID'])" />
333 <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='LocalAddress'])" />
334 <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='RemoteAddress'])" />
335 <xi:include xpointer="xpointer(/docs/managerEvent[@name='ChallengeResponseFailed']/managerEventInstance/syntax/parameter[@name='Challenge'])" />
336 <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='Module'])" />
337 <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='SessionTV'])" />
339 </managerEventInstance>
341 <managerEvent language="en_US" name="InvalidTransport">
342 <managerEventInstance class="EVENT_FLAG_SECURITY">
343 <synopsis>Raised when a request attempts to use a transport not allowed by the Asterisk service.</synopsis>
345 <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='EventTV'])" />
346 <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='Severity'])" />
347 <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='Service'])" />
348 <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='EventVersion'])" />
349 <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='AccountID'])" />
350 <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='SessionID'])" />
351 <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='LocalAddress'])" />
352 <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='RemoteAddress'])" />
353 <parameter name="AttemptedTransport">
354 <para>The transport type that the request attempted to use.</para>
356 <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='Module'])" />
357 <xi:include xpointer="xpointer(/docs/managerEvent[@name='FailedACL']/managerEventInstance/syntax/parameter[@name='SessionTV'])" />
359 </managerEventInstance>
363 #include "asterisk.h"
365 ASTERISK_FILE_VERSION(__FILE__, "$Revision$")
367 #include "asterisk/utils.h"
368 #include "asterisk/strings.h"
369 #include "asterisk/network.h"
370 #include "asterisk/event.h"
371 #include "asterisk/security_events.h"
372 #include "asterisk/netsock2.h"
373 #include "asterisk/stasis.h"
374 #include "asterisk/json.h"
375 #include "asterisk/astobj2.h"
377 static const size_t TIMESTAMP_STR_LEN = 32;
378 static const size_t SECURITY_EVENT_BUF_INIT_LEN = 256;
380 /*! \brief Security Topic */
381 static struct stasis_topic *security_topic;
383 struct stasis_topic *ast_security_topic(void)
385 return security_topic;
388 static int append_event_str_single(struct ast_str **str, struct ast_json *json,
389 const enum ast_event_ie_type ie_type)
391 const char *ie_type_key = ast_event_get_ie_type_name(ie_type);
392 struct ast_json *json_string = ast_json_object_get(json, ie_type_key);
394 ast_assert(json_string != NULL);
396 if (ast_str_append(str, 0, "%s: %s\r\n", ie_type_key, S_OR(ast_json_string_get(json_string), "")) == -1) {
403 static int append_event_str_from_json(struct ast_str **str, struct ast_json *json,
404 const struct ast_security_event_ie_type *ies)
412 for (i = 0; ies[i].ie_type != AST_EVENT_IE_END; i++) {
413 if (append_event_str_single(str, json, ies[i].ie_type)) {
421 static struct ast_manager_event_blob *security_event_to_ami_blob(struct ast_json *json)
423 RAII_VAR(struct ast_str *, str, NULL, ast_free);
424 struct ast_json *event_type_json;
425 enum ast_security_event_type event_type;
427 event_type_json = ast_json_object_get(json, "SecurityEvent");
428 event_type = ast_json_integer_get(event_type_json);
430 ast_assert(event_type >= 0 && event_type < AST_SECURITY_EVENT_NUM_TYPES);
432 if (!(str = ast_str_create(SECURITY_EVENT_BUF_INIT_LEN))) {
436 if (append_event_str_from_json(&str, json,
437 ast_security_event_get_required_ies(event_type))) {
438 ast_log(AST_LOG_ERROR, "Failed to issue a security event to AMI: "
439 "error occurred when adding required event fields.\n");
443 if (append_event_str_from_json(&str, json,
444 ast_security_event_get_optional_ies(event_type))) {
445 ast_log(AST_LOG_ERROR, "Failed to issue a security event to AMI: "
446 "error occurred when adding optional event fields.\n");
450 return ast_manager_event_blob_create(EVENT_FLAG_SECURITY,
451 ast_security_event_get_name(event_type),
453 ast_str_buffer(str));
456 static struct ast_manager_event_blob *security_event_to_ami(struct stasis_message *message)
458 struct ast_json_payload *payload = stasis_message_data(message);
460 if (stasis_message_type(message) != ast_security_event_type()) {
468 return security_event_to_ami_blob(payload->json);
471 /*! \brief Message type for security events */
472 STASIS_MESSAGE_TYPE_DEFN(ast_security_event_type,
473 .to_ami = security_event_to_ami,
476 static void security_stasis_cleanup(void)
478 ao2_cleanup(security_topic);
479 security_topic = NULL;
481 STASIS_MESSAGE_TYPE_CLEANUP(ast_security_event_type);
484 int ast_security_stasis_init(void)
486 ast_register_cleanup(security_stasis_cleanup);
488 security_topic = stasis_topic_create("ast_security");
489 if (!security_topic) {
493 if (STASIS_MESSAGE_TYPE_INIT(ast_security_event_type)) {
501 static const struct {
504 enum ast_security_event_severity severity;
505 #define MAX_SECURITY_IES 12
506 struct ast_security_event_ie_type required_ies[MAX_SECURITY_IES];
507 struct ast_security_event_ie_type optional_ies[MAX_SECURITY_IES];
508 #undef MAX_SECURITY_IES
509 } sec_events[AST_SECURITY_EVENT_NUM_TYPES] = {
511 #define SEC_EVT_FIELD(e, field) (offsetof(struct ast_security_event_##e, field))
513 [AST_SECURITY_EVENT_FAILED_ACL] = {
515 .version = AST_SECURITY_EVENT_FAILED_ACL_VERSION,
516 .severity = AST_SECURITY_EVENT_SEVERITY_ERROR,
518 { AST_EVENT_IE_EVENT_TV, 0 },
519 { AST_EVENT_IE_SEVERITY, 0 },
520 { AST_EVENT_IE_SERVICE, SEC_EVT_FIELD(common, service) },
521 { AST_EVENT_IE_EVENT_VERSION, SEC_EVT_FIELD(common, version) },
522 { AST_EVENT_IE_ACCOUNT_ID, SEC_EVT_FIELD(common, account_id) },
523 { AST_EVENT_IE_SESSION_ID, SEC_EVT_FIELD(common, session_id) },
524 { AST_EVENT_IE_LOCAL_ADDR, SEC_EVT_FIELD(common, local_addr) },
525 { AST_EVENT_IE_REMOTE_ADDR, SEC_EVT_FIELD(common, remote_addr) },
526 { AST_EVENT_IE_END, 0 }
529 { AST_EVENT_IE_MODULE, SEC_EVT_FIELD(common, module) },
530 { AST_EVENT_IE_ACL_NAME, SEC_EVT_FIELD(failed_acl, acl_name) },
531 { AST_EVENT_IE_SESSION_TV, SEC_EVT_FIELD(common, session_tv) },
532 { AST_EVENT_IE_END, 0 }
536 [AST_SECURITY_EVENT_INVAL_ACCT_ID] = {
537 .name = "InvalidAccountID",
538 .version = AST_SECURITY_EVENT_INVAL_ACCT_ID_VERSION,
539 .severity = AST_SECURITY_EVENT_SEVERITY_ERROR,
541 { AST_EVENT_IE_EVENT_TV, 0 },
542 { AST_EVENT_IE_SEVERITY, 0 },
543 { AST_EVENT_IE_SERVICE, SEC_EVT_FIELD(common, service) },
544 { AST_EVENT_IE_EVENT_VERSION, SEC_EVT_FIELD(common, version) },
545 { AST_EVENT_IE_ACCOUNT_ID, SEC_EVT_FIELD(common, account_id) },
546 { AST_EVENT_IE_SESSION_ID, SEC_EVT_FIELD(common, session_id) },
547 { AST_EVENT_IE_LOCAL_ADDR, SEC_EVT_FIELD(common, local_addr) },
548 { AST_EVENT_IE_REMOTE_ADDR, SEC_EVT_FIELD(common, remote_addr) },
549 { AST_EVENT_IE_END, 0 }
552 { AST_EVENT_IE_MODULE, SEC_EVT_FIELD(common, module) },
553 { AST_EVENT_IE_SESSION_TV, SEC_EVT_FIELD(common, session_tv) },
554 { AST_EVENT_IE_END, 0 }
558 [AST_SECURITY_EVENT_SESSION_LIMIT] = {
559 .name = "SessionLimit",
560 .version = AST_SECURITY_EVENT_SESSION_LIMIT_VERSION,
561 .severity = AST_SECURITY_EVENT_SEVERITY_ERROR,
563 { AST_EVENT_IE_EVENT_TV, 0 },
564 { AST_EVENT_IE_SEVERITY, 0 },
565 { AST_EVENT_IE_SERVICE, SEC_EVT_FIELD(common, service) },
566 { AST_EVENT_IE_EVENT_VERSION, SEC_EVT_FIELD(common, version) },
567 { AST_EVENT_IE_ACCOUNT_ID, SEC_EVT_FIELD(common, account_id) },
568 { AST_EVENT_IE_SESSION_ID, SEC_EVT_FIELD(common, session_id) },
569 { AST_EVENT_IE_LOCAL_ADDR, SEC_EVT_FIELD(common, local_addr) },
570 { AST_EVENT_IE_REMOTE_ADDR, SEC_EVT_FIELD(common, remote_addr) },
571 { AST_EVENT_IE_END, 0 }
574 { AST_EVENT_IE_MODULE, SEC_EVT_FIELD(common, module) },
575 { AST_EVENT_IE_SESSION_TV, SEC_EVT_FIELD(common, session_tv) },
576 { AST_EVENT_IE_END, 0 }
580 [AST_SECURITY_EVENT_MEM_LIMIT] = {
581 .name = "MemoryLimit",
582 .version = AST_SECURITY_EVENT_MEM_LIMIT_VERSION,
583 .severity = AST_SECURITY_EVENT_SEVERITY_ERROR,
585 { AST_EVENT_IE_EVENT_TV, 0 },
586 { AST_EVENT_IE_SEVERITY, 0 },
587 { AST_EVENT_IE_SERVICE, SEC_EVT_FIELD(common, service) },
588 { AST_EVENT_IE_EVENT_VERSION, SEC_EVT_FIELD(common, version) },
589 { AST_EVENT_IE_ACCOUNT_ID, SEC_EVT_FIELD(common, account_id) },
590 { AST_EVENT_IE_SESSION_ID, SEC_EVT_FIELD(common, session_id) },
591 { AST_EVENT_IE_LOCAL_ADDR, SEC_EVT_FIELD(common, local_addr) },
592 { AST_EVENT_IE_REMOTE_ADDR, SEC_EVT_FIELD(common, remote_addr) },
593 { AST_EVENT_IE_END, 0 }
596 { AST_EVENT_IE_MODULE, SEC_EVT_FIELD(common, module) },
597 { AST_EVENT_IE_SESSION_TV, SEC_EVT_FIELD(common, session_tv) },
598 { AST_EVENT_IE_END, 0 }
602 [AST_SECURITY_EVENT_LOAD_AVG] = {
603 .name = "LoadAverageLimit",
604 .version = AST_SECURITY_EVENT_LOAD_AVG_VERSION,
605 .severity = AST_SECURITY_EVENT_SEVERITY_ERROR,
607 { AST_EVENT_IE_EVENT_TV, 0 },
608 { AST_EVENT_IE_SEVERITY, 0 },
609 { AST_EVENT_IE_SERVICE, SEC_EVT_FIELD(common, service) },
610 { AST_EVENT_IE_EVENT_VERSION, SEC_EVT_FIELD(common, version) },
611 { AST_EVENT_IE_ACCOUNT_ID, SEC_EVT_FIELD(common, account_id) },
612 { AST_EVENT_IE_SESSION_ID, SEC_EVT_FIELD(common, session_id) },
613 { AST_EVENT_IE_LOCAL_ADDR, SEC_EVT_FIELD(common, local_addr) },
614 { AST_EVENT_IE_REMOTE_ADDR, SEC_EVT_FIELD(common, remote_addr) },
615 { AST_EVENT_IE_END, 0 }
618 { AST_EVENT_IE_MODULE, SEC_EVT_FIELD(common, module) },
619 { AST_EVENT_IE_SESSION_TV, SEC_EVT_FIELD(common, session_tv) },
620 { AST_EVENT_IE_END, 0 }
624 [AST_SECURITY_EVENT_REQ_NO_SUPPORT] = {
625 .name = "RequestNotSupported",
626 .version = AST_SECURITY_EVENT_REQ_NO_SUPPORT_VERSION,
627 .severity = AST_SECURITY_EVENT_SEVERITY_ERROR,
629 { AST_EVENT_IE_EVENT_TV, 0 },
630 { AST_EVENT_IE_SEVERITY, 0 },
631 { AST_EVENT_IE_SERVICE, SEC_EVT_FIELD(common, service) },
632 { AST_EVENT_IE_EVENT_VERSION, SEC_EVT_FIELD(common, version) },
633 { AST_EVENT_IE_ACCOUNT_ID, SEC_EVT_FIELD(common, account_id) },
634 { AST_EVENT_IE_SESSION_ID, SEC_EVT_FIELD(common, session_id) },
635 { AST_EVENT_IE_LOCAL_ADDR, SEC_EVT_FIELD(common, local_addr) },
636 { AST_EVENT_IE_REMOTE_ADDR, SEC_EVT_FIELD(common, remote_addr) },
637 { AST_EVENT_IE_REQUEST_TYPE, SEC_EVT_FIELD(req_no_support, request_type) },
638 { AST_EVENT_IE_END, 0 }
641 { AST_EVENT_IE_MODULE, SEC_EVT_FIELD(common, module) },
642 { AST_EVENT_IE_SESSION_TV, SEC_EVT_FIELD(common, session_tv) },
643 { AST_EVENT_IE_END, 0 }
647 [AST_SECURITY_EVENT_REQ_NOT_ALLOWED] = {
648 .name = "RequestNotAllowed",
649 .version = AST_SECURITY_EVENT_REQ_NOT_ALLOWED_VERSION,
650 .severity = AST_SECURITY_EVENT_SEVERITY_ERROR,
652 { AST_EVENT_IE_EVENT_TV, 0 },
653 { AST_EVENT_IE_SEVERITY, 0 },
654 { AST_EVENT_IE_SERVICE, SEC_EVT_FIELD(common, service) },
655 { AST_EVENT_IE_EVENT_VERSION, SEC_EVT_FIELD(common, version) },
656 { AST_EVENT_IE_ACCOUNT_ID, SEC_EVT_FIELD(common, account_id) },
657 { AST_EVENT_IE_SESSION_ID, SEC_EVT_FIELD(common, session_id) },
658 { AST_EVENT_IE_LOCAL_ADDR, SEC_EVT_FIELD(common, local_addr) },
659 { AST_EVENT_IE_REMOTE_ADDR, SEC_EVT_FIELD(common, remote_addr) },
660 { AST_EVENT_IE_REQUEST_TYPE, SEC_EVT_FIELD(req_not_allowed, request_type) },
661 { AST_EVENT_IE_END, 0 }
664 { AST_EVENT_IE_MODULE, SEC_EVT_FIELD(common, module) },
665 { AST_EVENT_IE_SESSION_TV, SEC_EVT_FIELD(common, session_tv) },
666 { AST_EVENT_IE_REQUEST_PARAMS, SEC_EVT_FIELD(req_not_allowed, request_params) },
667 { AST_EVENT_IE_END, 0 }
671 [AST_SECURITY_EVENT_AUTH_METHOD_NOT_ALLOWED] = {
672 .name = "AuthMethodNotAllowed",
673 .version = AST_SECURITY_EVENT_AUTH_METHOD_NOT_ALLOWED_VERSION,
674 .severity = AST_SECURITY_EVENT_SEVERITY_ERROR,
676 { AST_EVENT_IE_EVENT_TV, 0 },
677 { AST_EVENT_IE_SEVERITY, 0 },
678 { AST_EVENT_IE_SERVICE, SEC_EVT_FIELD(common, service) },
679 { AST_EVENT_IE_EVENT_VERSION, SEC_EVT_FIELD(common, version) },
680 { AST_EVENT_IE_ACCOUNT_ID, SEC_EVT_FIELD(common, account_id) },
681 { AST_EVENT_IE_SESSION_ID, SEC_EVT_FIELD(common, session_id) },
682 { AST_EVENT_IE_LOCAL_ADDR, SEC_EVT_FIELD(common, local_addr) },
683 { AST_EVENT_IE_REMOTE_ADDR, SEC_EVT_FIELD(common, remote_addr) },
684 { AST_EVENT_IE_AUTH_METHOD, SEC_EVT_FIELD(auth_method_not_allowed, auth_method) },
685 { AST_EVENT_IE_END, 0 }
688 { AST_EVENT_IE_MODULE, SEC_EVT_FIELD(common, module) },
689 { AST_EVENT_IE_SESSION_TV, SEC_EVT_FIELD(common, session_tv) },
690 { AST_EVENT_IE_END, 0 }
694 [AST_SECURITY_EVENT_REQ_BAD_FORMAT] = {
695 .name = "RequestBadFormat",
696 .version = AST_SECURITY_EVENT_REQ_BAD_FORMAT_VERSION,
697 .severity = AST_SECURITY_EVENT_SEVERITY_ERROR,
699 { AST_EVENT_IE_EVENT_TV, 0 },
700 { AST_EVENT_IE_SEVERITY, 0 },
701 { AST_EVENT_IE_SERVICE, SEC_EVT_FIELD(common, service) },
702 { AST_EVENT_IE_EVENT_VERSION, SEC_EVT_FIELD(common, version) },
703 { AST_EVENT_IE_SESSION_ID, SEC_EVT_FIELD(common, session_id) },
704 { AST_EVENT_IE_LOCAL_ADDR, SEC_EVT_FIELD(common, local_addr) },
705 { AST_EVENT_IE_REMOTE_ADDR, SEC_EVT_FIELD(common, remote_addr) },
706 { AST_EVENT_IE_REQUEST_TYPE, SEC_EVT_FIELD(req_bad_format, request_type) },
707 { AST_EVENT_IE_END, 0 }
710 { AST_EVENT_IE_MODULE, SEC_EVT_FIELD(common, module) },
711 { AST_EVENT_IE_SESSION_TV, SEC_EVT_FIELD(common, session_tv) },
712 { AST_EVENT_IE_ACCOUNT_ID, SEC_EVT_FIELD(common, account_id) },
713 { AST_EVENT_IE_REQUEST_PARAMS, SEC_EVT_FIELD(req_bad_format, request_params) },
714 { AST_EVENT_IE_END, 0 }
718 [AST_SECURITY_EVENT_SUCCESSFUL_AUTH] = {
719 .name = "SuccessfulAuth",
720 .version = AST_SECURITY_EVENT_SUCCESSFUL_AUTH_VERSION,
721 .severity = AST_SECURITY_EVENT_SEVERITY_INFO,
723 { AST_EVENT_IE_EVENT_TV, 0 },
724 { AST_EVENT_IE_SEVERITY, 0 },
725 { AST_EVENT_IE_SERVICE, SEC_EVT_FIELD(common, service) },
726 { AST_EVENT_IE_EVENT_VERSION, SEC_EVT_FIELD(common, version) },
727 { AST_EVENT_IE_ACCOUNT_ID, SEC_EVT_FIELD(common, account_id) },
728 { AST_EVENT_IE_SESSION_ID, SEC_EVT_FIELD(common, session_id) },
729 { AST_EVENT_IE_LOCAL_ADDR, SEC_EVT_FIELD(common, local_addr) },
730 { AST_EVENT_IE_REMOTE_ADDR, SEC_EVT_FIELD(common, remote_addr) },
731 { AST_EVENT_IE_USING_PASSWORD, SEC_EVT_FIELD(successful_auth, using_password) },
732 { AST_EVENT_IE_END, 0 }
735 { AST_EVENT_IE_MODULE, SEC_EVT_FIELD(common, module) },
736 { AST_EVENT_IE_SESSION_TV, SEC_EVT_FIELD(common, session_tv) },
737 { AST_EVENT_IE_END, 0 }
741 [AST_SECURITY_EVENT_UNEXPECTED_ADDR] = {
742 .name = "UnexpectedAddress",
743 .version = AST_SECURITY_EVENT_UNEXPECTED_ADDR_VERSION,
744 .severity = AST_SECURITY_EVENT_SEVERITY_ERROR,
746 { AST_EVENT_IE_EVENT_TV, 0 },
747 { AST_EVENT_IE_SEVERITY, 0 },
748 { AST_EVENT_IE_SERVICE, SEC_EVT_FIELD(common, service) },
749 { AST_EVENT_IE_EVENT_VERSION, SEC_EVT_FIELD(common, version) },
750 { AST_EVENT_IE_ACCOUNT_ID, SEC_EVT_FIELD(common, account_id) },
751 { AST_EVENT_IE_SESSION_ID, SEC_EVT_FIELD(common, session_id) },
752 { AST_EVENT_IE_LOCAL_ADDR, SEC_EVT_FIELD(common, local_addr) },
753 { AST_EVENT_IE_REMOTE_ADDR, SEC_EVT_FIELD(common, remote_addr) },
754 { AST_EVENT_IE_EXPECTED_ADDR, SEC_EVT_FIELD(unexpected_addr, expected_addr) },
755 { AST_EVENT_IE_END, 0 }
758 { AST_EVENT_IE_MODULE, SEC_EVT_FIELD(common, module) },
759 { AST_EVENT_IE_SESSION_TV, SEC_EVT_FIELD(common, session_tv) },
760 { AST_EVENT_IE_END, 0 }
764 [AST_SECURITY_EVENT_CHAL_RESP_FAILED] = {
765 .name = "ChallengeResponseFailed",
766 .version = AST_SECURITY_EVENT_CHAL_RESP_FAILED_VERSION,
767 .severity = AST_SECURITY_EVENT_SEVERITY_ERROR,
769 { AST_EVENT_IE_EVENT_TV, 0 },
770 { AST_EVENT_IE_SEVERITY, 0 },
771 { AST_EVENT_IE_SERVICE, SEC_EVT_FIELD(common, service) },
772 { AST_EVENT_IE_EVENT_VERSION, SEC_EVT_FIELD(common, version) },
773 { AST_EVENT_IE_ACCOUNT_ID, SEC_EVT_FIELD(common, account_id) },
774 { AST_EVENT_IE_SESSION_ID, SEC_EVT_FIELD(common, session_id) },
775 { AST_EVENT_IE_LOCAL_ADDR, SEC_EVT_FIELD(common, local_addr) },
776 { AST_EVENT_IE_REMOTE_ADDR, SEC_EVT_FIELD(common, remote_addr) },
777 { AST_EVENT_IE_CHALLENGE, SEC_EVT_FIELD(chal_resp_failed, challenge) },
778 { AST_EVENT_IE_RESPONSE, SEC_EVT_FIELD(chal_resp_failed, response) },
779 { AST_EVENT_IE_EXPECTED_RESPONSE, SEC_EVT_FIELD(chal_resp_failed, expected_response) },
780 { AST_EVENT_IE_END, 0 }
783 { AST_EVENT_IE_MODULE, SEC_EVT_FIELD(common, module) },
784 { AST_EVENT_IE_SESSION_TV, SEC_EVT_FIELD(common, session_tv) },
785 { AST_EVENT_IE_END, 0 }
789 [AST_SECURITY_EVENT_INVAL_PASSWORD] = {
790 .name = "InvalidPassword",
791 .version = AST_SECURITY_EVENT_INVAL_PASSWORD_VERSION,
792 .severity = AST_SECURITY_EVENT_SEVERITY_ERROR,
794 { AST_EVENT_IE_EVENT_TV, 0 },
795 { AST_EVENT_IE_SEVERITY, 0 },
796 { AST_EVENT_IE_SERVICE, SEC_EVT_FIELD(common, service) },
797 { AST_EVENT_IE_EVENT_VERSION, SEC_EVT_FIELD(common, version) },
798 { AST_EVENT_IE_ACCOUNT_ID, SEC_EVT_FIELD(common, account_id) },
799 { AST_EVENT_IE_SESSION_ID, SEC_EVT_FIELD(common, session_id) },
800 { AST_EVENT_IE_LOCAL_ADDR, SEC_EVT_FIELD(common, local_addr) },
801 { AST_EVENT_IE_REMOTE_ADDR, SEC_EVT_FIELD(common, remote_addr) },
802 { AST_EVENT_IE_END, 0 }
805 { AST_EVENT_IE_MODULE, SEC_EVT_FIELD(common, module) },
806 { AST_EVENT_IE_SESSION_TV, SEC_EVT_FIELD(common, session_tv) },
807 { AST_EVENT_IE_CHALLENGE, SEC_EVT_FIELD(inval_password, challenge) },
808 { AST_EVENT_IE_RECEIVED_CHALLENGE, SEC_EVT_FIELD(inval_password, received_challenge) },
809 { AST_EVENT_IE_RECEIVED_HASH, SEC_EVT_FIELD(inval_password, received_hash) },
810 { AST_EVENT_IE_END, 0 }
814 [AST_SECURITY_EVENT_CHAL_SENT] = {
815 .name = "ChallengeSent",
816 .version = AST_SECURITY_EVENT_CHAL_SENT_VERSION,
817 .severity = AST_SECURITY_EVENT_SEVERITY_INFO,
819 { AST_EVENT_IE_EVENT_TV, 0 },
820 { AST_EVENT_IE_SEVERITY, 0 },
821 { AST_EVENT_IE_SERVICE, SEC_EVT_FIELD(common, service) },
822 { AST_EVENT_IE_EVENT_VERSION, SEC_EVT_FIELD(common, version) },
823 { AST_EVENT_IE_ACCOUNT_ID, SEC_EVT_FIELD(common, account_id) },
824 { AST_EVENT_IE_SESSION_ID, SEC_EVT_FIELD(common, session_id) },
825 { AST_EVENT_IE_LOCAL_ADDR, SEC_EVT_FIELD(common, local_addr) },
826 { AST_EVENT_IE_REMOTE_ADDR, SEC_EVT_FIELD(common, remote_addr) },
827 { AST_EVENT_IE_CHALLENGE, SEC_EVT_FIELD(chal_sent, challenge) },
828 { AST_EVENT_IE_END, 0 }
831 { AST_EVENT_IE_MODULE, SEC_EVT_FIELD(common, module) },
832 { AST_EVENT_IE_SESSION_TV, SEC_EVT_FIELD(common, session_tv) },
833 { AST_EVENT_IE_END, 0 }
837 [AST_SECURITY_EVENT_INVAL_TRANSPORT] = {
838 .name = "InvalidTransport",
839 .version = AST_SECURITY_EVENT_INVAL_TRANSPORT_VERSION,
840 .severity = AST_SECURITY_EVENT_SEVERITY_ERROR,
842 { AST_EVENT_IE_EVENT_TV, 0 },
843 { AST_EVENT_IE_SEVERITY, 0 },
844 { AST_EVENT_IE_SERVICE, SEC_EVT_FIELD(common, service) },
845 { AST_EVENT_IE_EVENT_VERSION, SEC_EVT_FIELD(common, version) },
846 { AST_EVENT_IE_ACCOUNT_ID, SEC_EVT_FIELD(common, account_id) },
847 { AST_EVENT_IE_SESSION_ID, SEC_EVT_FIELD(common, session_id) },
848 { AST_EVENT_IE_LOCAL_ADDR, SEC_EVT_FIELD(common, local_addr) },
849 { AST_EVENT_IE_REMOTE_ADDR, SEC_EVT_FIELD(common, remote_addr) },
850 { AST_EVENT_IE_ATTEMPTED_TRANSPORT, SEC_EVT_FIELD(inval_transport, transport) },
851 { AST_EVENT_IE_END, 0 }
854 { AST_EVENT_IE_MODULE, SEC_EVT_FIELD(common, module) },
855 { AST_EVENT_IE_SESSION_TV, SEC_EVT_FIELD(common, session_tv) },
856 { AST_EVENT_IE_END, 0 }
864 static const struct {
865 enum ast_security_event_severity severity;
868 { AST_SECURITY_EVENT_SEVERITY_INFO, "Informational" },
869 { AST_SECURITY_EVENT_SEVERITY_ERROR, "Error" },
872 const char *ast_security_event_severity_get_name(
873 const enum ast_security_event_severity severity)
877 for (i = 0; i < ARRAY_LEN(severities); i++) {
878 if (severities[i].severity == severity) {
879 return severities[i].str;
886 static int check_event_type(const enum ast_security_event_type event_type)
888 if (event_type < 0 || event_type >= AST_SECURITY_EVENT_NUM_TYPES) {
889 ast_log(LOG_ERROR, "Invalid security event type %u\n", event_type);
896 const char *ast_security_event_get_name(const enum ast_security_event_type event_type)
898 if (check_event_type(event_type)) {
902 return sec_events[event_type].name;
905 const struct ast_security_event_ie_type *ast_security_event_get_required_ies(
906 const enum ast_security_event_type event_type)
908 if (check_event_type(event_type)) {
912 return sec_events[event_type].required_ies;
915 const struct ast_security_event_ie_type *ast_security_event_get_optional_ies(
916 const enum ast_security_event_type event_type)
918 if (check_event_type(event_type)) {
922 return sec_events[event_type].optional_ies;
925 static int add_ip_json_object(struct ast_json *json, enum ast_event_ie_type ie_type,
926 const struct ast_security_event_ip_addr *addr)
928 struct ast_json *json_ip;
930 json_ip = ast_json_ipaddr(addr->addr, addr->transport);
935 return ast_json_object_set(json, ast_event_get_ie_type_name(ie_type), json_ip);
943 static int add_json_object(struct ast_json *json, const struct ast_security_event_common *sec,
944 const struct ast_security_event_ie_type *ie_type, enum ie_required req)
948 switch (ie_type->ie_type) {
949 case AST_EVENT_IE_SERVICE:
950 case AST_EVENT_IE_ACCOUNT_ID:
951 case AST_EVENT_IE_SESSION_ID:
952 case AST_EVENT_IE_MODULE:
953 case AST_EVENT_IE_ACL_NAME:
954 case AST_EVENT_IE_REQUEST_TYPE:
955 case AST_EVENT_IE_REQUEST_PARAMS:
956 case AST_EVENT_IE_AUTH_METHOD:
957 case AST_EVENT_IE_CHALLENGE:
958 case AST_EVENT_IE_RESPONSE:
959 case AST_EVENT_IE_EXPECTED_RESPONSE:
960 case AST_EVENT_IE_RECEIVED_CHALLENGE:
961 case AST_EVENT_IE_RECEIVED_HASH:
962 case AST_EVENT_IE_ATTEMPTED_TRANSPORT:
965 struct ast_json *json_string;
967 str = *((const char **)(((const char *) sec) + ie_type->offset));
970 ast_log(LOG_WARNING, "Required IE '%d' (%s) for security event "
971 "type '%d' (%s) not present\n", ie_type->ie_type,
972 ast_event_get_ie_type_name(ie_type->ie_type),
973 sec->event_type, ast_security_event_get_name(sec->event_type));
982 json_string = ast_json_string_create(str);
988 res = ast_json_object_set(json, ast_event_get_ie_type_name(ie_type->ie_type), json_string);
991 case AST_EVENT_IE_EVENT_VERSION:
992 case AST_EVENT_IE_USING_PASSWORD:
994 struct ast_json *json_string;
996 val = *((const uint32_t *)(((const char *) sec) + ie_type->offset));
998 json_string = ast_json_stringf("%d", val);
1004 res = ast_json_object_set(json, ast_event_get_ie_type_name(ie_type->ie_type), json_string);
1007 case AST_EVENT_IE_LOCAL_ADDR:
1008 case AST_EVENT_IE_REMOTE_ADDR:
1009 case AST_EVENT_IE_EXPECTED_ADDR:
1011 const struct ast_security_event_ip_addr *addr;
1013 addr = (const struct ast_security_event_ip_addr *)(((const char *) sec) + ie_type->offset);
1015 if (req && !addr->addr) {
1016 ast_log(LOG_WARNING, "Required IE '%d' (%s) for security event "
1017 "type '%d' (%s) not present\n", ie_type->ie_type,
1018 ast_event_get_ie_type_name(ie_type->ie_type),
1019 sec->event_type, ast_security_event_get_name(sec->event_type));
1024 res = add_ip_json_object(json, ie_type->ie_type, addr);
1029 case AST_EVENT_IE_SESSION_TV:
1031 const struct timeval *tval;
1033 tval = *((const struct timeval **)(((const char *) sec) + ie_type->offset));
1036 ast_log(LOG_WARNING, "Required IE '%d' (%s) for security event "
1037 "type '%d' (%s) not present\n", ie_type->ie_type,
1038 ast_event_get_ie_type_name(ie_type->ie_type),
1039 sec->event_type, ast_security_event_get_name(sec->event_type));
1044 struct ast_json *json_tval = ast_json_timeval(*tval, NULL);
1049 res = ast_json_object_set(json, ast_event_get_ie_type_name(ie_type->ie_type), json_tval);
1054 case AST_EVENT_IE_EVENT_TV:
1055 case AST_EVENT_IE_SEVERITY:
1056 /* Added automatically, nothing to do here. */
1059 ast_log(LOG_WARNING, "Unhandled IE type '%d' (%s), this security event "
1060 "will be missing data.\n", ie_type->ie_type,
1061 ast_event_get_ie_type_name(ie_type->ie_type));
1068 static struct ast_json *alloc_security_event_json_object(const struct ast_security_event_common *sec)
1070 struct timeval tv = ast_tvnow();
1071 const char *severity_str;
1072 struct ast_json *json_temp;
1073 RAII_VAR(struct ast_json *, json_object, ast_json_object_create(), ast_json_unref);
1079 /* NOTE: Every time ast_json_object_set is used, json_temp becomes a stale pointer since the reference is taken.
1080 * This is true even if ast_json_object_set fails.
1083 json_temp = ast_json_integer_create(sec->event_type);
1084 if (!json_temp || ast_json_object_set(json_object, "SecurityEvent", json_temp)) {
1088 json_temp = ast_json_stringf("%d", sec->version);
1089 if (!json_temp || ast_json_object_set(json_object, ast_event_get_ie_type_name(AST_EVENT_IE_EVENT_VERSION), json_temp)) {
1093 /* AST_EVENT_IE_EVENT_TV */
1094 json_temp = ast_json_timeval(tv, NULL);
1095 if (!json_temp || ast_json_object_set(json_object, ast_event_get_ie_type_name(AST_EVENT_IE_EVENT_TV), json_temp)) {
1099 /* AST_EVENT_IE_SERVICE */
1100 json_temp = ast_json_string_create(sec->service);
1101 if (!json_temp || ast_json_object_set(json_object, ast_event_get_ie_type_name(AST_EVENT_IE_SERVICE), json_temp)) {
1105 /* AST_EVENT_IE_SEVERITY */
1106 severity_str = S_OR(
1107 ast_security_event_severity_get_name(sec_events[sec->event_type].severity),
1111 json_temp = ast_json_string_create(severity_str);
1112 if (!json_temp || ast_json_object_set(json_object, ast_event_get_ie_type_name(AST_EVENT_IE_SEVERITY), json_temp)) {
1116 return ast_json_ref(json_object);
1119 static int handle_security_event(const struct ast_security_event_common *sec)
1121 RAII_VAR(struct stasis_message *, msg, NULL, ao2_cleanup);
1122 RAII_VAR(struct ast_json_payload *, json_payload, NULL, ao2_cleanup);
1123 RAII_VAR(struct ast_json *, json_object, NULL, ast_json_unref);
1125 const struct ast_security_event_ie_type *ies;
1128 json_object = alloc_security_event_json_object(sec);
1134 for (ies = ast_security_event_get_required_ies(sec->event_type), i = 0;
1135 ies[i].ie_type != AST_EVENT_IE_END;
1137 if (add_json_object(json_object, sec, ies + i, REQUIRED)) {
1142 for (ies = ast_security_event_get_optional_ies(sec->event_type), i = 0;
1143 ies[i].ie_type != AST_EVENT_IE_END;
1145 if (add_json_object(json_object, sec, ies + i, NOT_REQUIRED)) {
1150 /* The json blob is ready. Throw it in the payload and send it out over stasis. */
1151 if (!(json_payload = ast_json_payload_create(json_object))) {
1155 msg = stasis_message_create(ast_security_event_type(), json_payload);
1161 stasis_publish(ast_security_topic(), msg);
1169 int ast_security_event_report(const struct ast_security_event_common *sec)
1171 if (sec->event_type < 0 || sec->event_type >= AST_SECURITY_EVENT_NUM_TYPES) {
1172 ast_log(LOG_ERROR, "Invalid security event type\n");
1176 if (!sec_events[sec->event_type].name) {
1177 ast_log(LOG_WARNING, "Security event type %u not handled\n",
1182 if (sec->version != sec_events[sec->event_type].version) {
1183 ast_log(LOG_WARNING, "Security event %u version mismatch\n",
1188 if (handle_security_event(sec)) {
1189 ast_log(LOG_ERROR, "Failed to issue security event of type %s.\n",
1190 ast_security_event_get_name(sec->event_type));
projects / asterisk/asterisk.git / blob