2 * Asterisk -- An open source telephony toolkit.
4 * Copyright (C) 2013, Digium, Inc.
6 * Joshua Colp <jcolp@digium.com>
8 * See http://www.asterisk.org for more information about
9 * the Asterisk project. Please do not directly contact
10 * any of the maintainers of this project for assistance;
11 * the project provides a web site, mailing lists and IRC
12 * channels for your use.
14 * This program is free software, distributed under the terms of
15 * the GNU General Public License Version 2. See the LICENSE file
16 * at the top of the source tree.
22 * \brief Generate security events in the PJSIP channel
24 * \author Joshua Colp <jcolp@digium.com>
29 ASTERISK_FILE_VERSION(__FILE__, "$Revision$")
33 #include "asterisk/res_pjsip.h"
34 #include "asterisk/security_events.h"
36 static int find_transport_in_use(void *obj, void *arg, int flags)
38 struct ast_sip_transport *transport = obj;
39 pjsip_rx_data *rdata = arg;
41 if ((transport->state->transport == rdata->tp_info.transport) ||
42 (transport->state->factory && !pj_strcmp(&transport->state->factory->addr_name.host, &rdata->tp_info.transport->local_name.host) &&
43 transport->state->factory->addr_name.port == rdata->tp_info.transport->local_name.port)) {
44 return CMP_MATCH | CMP_STOP;
50 static enum ast_transport security_event_get_transport(pjsip_rx_data *rdata)
52 RAII_VAR(struct ao2_container *, transports, NULL, ao2_cleanup);
53 RAII_VAR(struct ast_sip_transport *, transport, NULL, ao2_cleanup);
55 /* It should be impossible for these to fail as the transport has to exist for the message to exist */
56 transports = ast_sorcery_retrieve_by_fields(ast_sip_get_sorcery(), "transport", AST_RETRIEVE_FLAG_MULTIPLE | AST_RETRIEVE_FLAG_ALL, NULL);
58 ast_assert(transports != NULL);
60 transport = ao2_callback(transports, 0, find_transport_in_use, rdata);
62 ast_assert(transport != NULL);
64 return transport->type;
67 static void security_event_populate(pjsip_rx_data *rdata, char *call_id, size_t call_id_size, struct ast_sockaddr *local, struct ast_sockaddr *remote)
69 char host[NI_MAXHOST];
71 ast_copy_pj_str(call_id, &rdata->msg_info.cid->id, call_id_size);
73 ast_copy_pj_str(host, &rdata->tp_info.transport->local_name.host, sizeof(host));
74 ast_sockaddr_parse(local, host, PARSE_PORT_FORBID);
75 ast_sockaddr_set_port(local, rdata->tp_info.transport->local_name.port);
77 ast_sockaddr_parse(remote, rdata->pkt_info.src_name, PARSE_PORT_FORBID);
78 ast_sockaddr_set_port(remote, rdata->pkt_info.src_port);
81 void ast_sip_report_invalid_endpoint(const char *name, pjsip_rx_data *rdata)
83 enum ast_transport transport = security_event_get_transport(rdata);
84 char call_id[pj_strlen(&rdata->msg_info.cid->id) + 1];
85 struct ast_sockaddr local, remote;
87 struct ast_security_event_inval_acct_id inval_acct_id = {
88 .common.event_type = AST_SECURITY_EVENT_INVAL_ACCT_ID,
89 .common.version = AST_SECURITY_EVENT_INVAL_ACCT_ID_VERSION,
90 .common.service = "PJSIP",
91 .common.account_id = name,
92 .common.local_addr = {
94 .transport = transport,
96 .common.remote_addr = {
98 .transport = transport,
100 .common.session_id = call_id,
103 security_event_populate(rdata, call_id, sizeof(call_id), &local, &remote);
105 ast_security_event_report(AST_SEC_EVT(&inval_acct_id));
108 void ast_sip_report_failed_acl(struct ast_sip_endpoint *endpoint, pjsip_rx_data *rdata, const char *name)
110 enum ast_transport transport = security_event_get_transport(rdata);
111 char call_id[pj_strlen(&rdata->msg_info.cid->id) + 1];
112 struct ast_sockaddr local, remote;
114 struct ast_security_event_failed_acl failed_acl_event = {
115 .common.event_type = AST_SECURITY_EVENT_FAILED_ACL,
116 .common.version = AST_SECURITY_EVENT_FAILED_ACL_VERSION,
117 .common.service = "PJSIP",
118 .common.account_id = ast_sorcery_object_get_id(endpoint),
119 .common.local_addr = {
121 .transport = transport,
123 .common.remote_addr = {
125 .transport = transport,
127 .common.session_id = call_id,
131 security_event_populate(rdata, call_id, sizeof(call_id), &local, &remote);
133 ast_security_event_report(AST_SEC_EVT(&failed_acl_event));
136 void ast_sip_report_auth_failed_challenge_response(struct ast_sip_endpoint *endpoint, pjsip_rx_data *rdata)
138 pjsip_authorization_hdr *auth = pjsip_msg_find_hdr(rdata->msg_info.msg, PJSIP_H_AUTHORIZATION, NULL);
139 enum ast_transport transport = security_event_get_transport(rdata);
140 char call_id[pj_strlen(&rdata->msg_info.cid->id) + 1];
141 char nonce[64] = "", response[256] = "";
142 struct ast_sockaddr local, remote;
144 struct ast_security_event_chal_resp_failed chal_resp_failed = {
145 .common.event_type = AST_SECURITY_EVENT_CHAL_RESP_FAILED,
146 .common.version = AST_SECURITY_EVENT_CHAL_RESP_FAILED_VERSION,
147 .common.service = "PJSIP",
148 .common.account_id = ast_sorcery_object_get_id(endpoint),
149 .common.local_addr = {
151 .transport = transport,
153 .common.remote_addr = {
155 .transport = transport,
157 .common.session_id = call_id,
160 .response = response,
161 .expected_response = "",
164 if (auth && !pj_strcmp2(&auth->scheme, "digest")) {
165 ast_copy_pj_str(nonce, &auth->credential.digest.nonce, sizeof(nonce));
166 ast_copy_pj_str(response, &auth->credential.digest.response, sizeof(response));
169 security_event_populate(rdata, call_id, sizeof(call_id), &local, &remote);
171 ast_security_event_report(AST_SEC_EVT(&chal_resp_failed));
174 void ast_sip_report_auth_success(struct ast_sip_endpoint *endpoint, pjsip_rx_data *rdata)
176 pjsip_authorization_hdr *auth = pjsip_msg_find_hdr(rdata->msg_info.msg, PJSIP_H_AUTHORIZATION, NULL);
177 enum ast_transport transport = security_event_get_transport(rdata);
178 char call_id[pj_strlen(&rdata->msg_info.cid->id) + 1];
179 struct ast_sockaddr local, remote;
181 struct ast_security_event_successful_auth successful_auth = {
182 .common.event_type = AST_SECURITY_EVENT_SUCCESSFUL_AUTH,
183 .common.version = AST_SECURITY_EVENT_SUCCESSFUL_AUTH_VERSION,
184 .common.service = "PJSIP",
185 .common.account_id = ast_sorcery_object_get_id(endpoint),
186 .common.local_addr = {
188 .transport = transport,
190 .common.remote_addr = {
192 .transport = transport,
194 .common.session_id = call_id,
195 .using_password = auth ? (uint32_t *)1 : (uint32_t *)0,
198 security_event_populate(rdata, call_id, sizeof(call_id), &local, &remote);
200 ast_security_event_report(AST_SEC_EVT(&successful_auth));
203 void ast_sip_report_auth_challenge_sent(struct ast_sip_endpoint *endpoint, pjsip_rx_data *rdata, pjsip_tx_data *tdata)
205 pjsip_www_authenticate_hdr *auth = pjsip_msg_find_hdr(tdata->msg, PJSIP_H_WWW_AUTHENTICATE, NULL);
206 enum ast_transport transport = security_event_get_transport(rdata);
207 char nonce[64] = "", call_id[pj_strlen(&rdata->msg_info.cid->id) + 1];
208 struct ast_sockaddr local, remote;
210 struct ast_security_event_chal_sent chal_sent = {
211 .common.event_type = AST_SECURITY_EVENT_CHAL_SENT,
212 .common.version = AST_SECURITY_EVENT_CHAL_SENT_VERSION,
213 .common.service = "PJSIP",
214 .common.account_id = ast_sorcery_object_get_id(endpoint),
215 .common.local_addr = {
217 .transport = transport,
219 .common.remote_addr = {
221 .transport = transport,
223 .common.session_id = call_id,
227 if (auth && !pj_strcmp2(&auth->scheme, "digest")) {
228 ast_copy_pj_str(nonce, &auth->challenge.digest.nonce, sizeof(nonce));
231 security_event_populate(rdata, call_id, sizeof(call_id), &local, &remote);
233 ast_security_event_report(AST_SEC_EVT(&chal_sent));
236 void ast_sip_report_req_no_support(struct ast_sip_endpoint *endpoint, pjsip_rx_data *rdata,
237 const char* req_type)
239 enum ast_transport transport = security_event_get_transport(rdata);
240 char call_id[pj_strlen(&rdata->msg_info.cid->id) + 1];
241 struct ast_sockaddr local, remote;
243 struct ast_security_event_req_no_support req_no_support_event = {
244 .common.event_type = AST_SECURITY_EVENT_REQ_NO_SUPPORT,
245 .common.version = AST_SECURITY_EVENT_REQ_NO_SUPPORT_VERSION,
246 .common.service = "PJSIP",
247 .common.account_id = ast_sorcery_object_get_id(endpoint),
248 .common.local_addr = {
250 .transport = transport,
252 .common.remote_addr = {
254 .transport = transport,
256 .common.session_id = call_id,
257 .request_type = req_type
260 security_event_populate(rdata, call_id, sizeof(call_id), &local, &remote);
262 ast_security_event_report(AST_SEC_EVT(&req_no_support_event));
265 void ast_sip_report_mem_limit(struct ast_sip_endpoint *endpoint, pjsip_rx_data *rdata)
267 enum ast_transport transport = security_event_get_transport(rdata);
268 char call_id[pj_strlen(&rdata->msg_info.cid->id) + 1];
269 struct ast_sockaddr local, remote;
271 struct ast_security_event_mem_limit mem_limit_event = {
272 .common.event_type = AST_SECURITY_EVENT_MEM_LIMIT,
273 .common.version = AST_SECURITY_EVENT_MEM_LIMIT_VERSION,
274 .common.service = "PJSIP",
275 .common.account_id = ast_sorcery_object_get_id(endpoint),
276 .common.local_addr = {
278 .transport = transport,
280 .common.remote_addr = {
282 .transport = transport,
284 .common.session_id = call_id
287 security_event_populate(rdata, call_id, sizeof(call_id), &local, &remote);
289 ast_security_event_report(AST_SEC_EVT(&mem_limit_event));
projects / asterisk/asterisk.git / blob