kenmirrors/asterisk
1
0
Fork 0
mirror of https://github.com/asterisk/asterisk.git synced 2025-11-21 09:10:36 +00:00
Code Issues Packages Projects Releases Wiki Activity

Add IPv6 address support to security events framework.

Browse Source 
The current Security Events Framework API only supports IPv4 when it comes to
generating security events.  This patch does the following:

* Changes the Security Events Framework API to support IPV6 and updates
  the components that use this API.

* Eliminates an error message that was being generated since the current
  implementation was treating an IPv6 socket address as if it was IPv4.

* Some copyright dates were updated on files touched by this patch.

(closes issue ASTERISK-19447) 
Reported by: Michael L. Young 
Tested by: Michael L. Young 
Patches: 
  security_events_ipv6v3.diff uploaded by Michael L. Young (license 5026)

Review: https://reviewboard.asterisk.org/r/1777/


git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@362200 65c4cc65-6c06-0410-ace0-fbb531ad65f3
This commit is contained in:
Michael L. Young
2012-04-16 21:20:50 +00:00
parent ba7032be5f
commit abf40d9b28
5 changed files with 81 additions and 102 deletions
Download Patch File Download Diff File Expand all files Collapse all files

73
main/manager.c
View File

@@ -2178,18 +2178,9 @@ static enum ast_security_event_transport_type mansession_get_transport(const str
AST_SECURITY_EVENT_TRANSPORT_TCP;
}
static struct sockaddr_in *mansession_encode_sin_local(const struct mansession *s,
struct sockaddr_in *sin_local)
{
ast_sockaddr_to_sin(&s->tcptls_session->parent->local_address,
sin_local);
return sin_local;
}
static void report_invalid_user(const struct mansession *s, const char *username)
{
struct sockaddr_in sin_local;
struct ast_sockaddr addr_remote;
char session_id[32];
struct ast_security_event_inval_acct_id inval_acct_id = {
.common.event_type = AST_SECURITY_EVENT_INVAL_ACCT_ID,
@@ -2198,16 +2189,18 @@ static void report_invalid_user(const struct mansession *s, const char *username
.common.account_id = username,
.common.session_tv = &s->session->sessionstart_tv,
.common.local_addr = {
.sin = mansession_encode_sin_local(s, &sin_local),
.addr = &s->tcptls_session->parent->local_address,
.transport = mansession_get_transport(s),
},
.common.remote_addr = {
.sin = &s->session->sin,
.addr = &addr_remote,
.transport = mansession_get_transport(s),
},
.common.session_id = session_id,
};
ast_sockaddr_from_sin(&addr_remote, &s->session->sin);
snprintf(session_id, sizeof(session_id), "%p", s);
ast_security_event_report(AST_SEC_EVT(&inval_acct_id));
@@ -2215,7 +2208,7 @@ static void report_invalid_user(const struct mansession *s, const char *username
static void report_failed_acl(const struct mansession *s, const char *username)
{
struct sockaddr_in sin_local;
struct ast_sockaddr addr_remote;
char session_id[32];
struct ast_security_event_failed_acl failed_acl_event = {
.common.event_type = AST_SECURITY_EVENT_FAILED_ACL,
@@ -2224,16 +2217,18 @@ static void report_failed_acl(const struct mansession *s, const char *username)
.common.account_id = username,
.common.session_tv = &s->session->sessionstart_tv,
.common.local_addr = {
.sin = mansession_encode_sin_local(s, &sin_local),
.addr = &s->tcptls_session->parent->local_address,
.transport = mansession_get_transport(s),
},
.common.remote_addr = {
.sin = &s->session->sin,
.addr = &addr_remote,
.transport = mansession_get_transport(s),
},
.common.session_id = session_id,
};
ast_sockaddr_from_sin(&addr_remote, &s->session->sin);
snprintf(session_id, sizeof(session_id), "%p", s->session);
ast_security_event_report(AST_SEC_EVT(&failed_acl_event));
@@ -2241,7 +2236,7 @@ static void report_failed_acl(const struct mansession *s, const char *username)
static void report_inval_password(const struct mansession *s, const char *username)
{
struct sockaddr_in sin_local;
struct ast_sockaddr addr_remote;
char session_id[32];
struct ast_security_event_inval_password inval_password = {
.common.event_type = AST_SECURITY_EVENT_INVAL_PASSWORD,
@@ -2250,16 +2245,18 @@ static void report_inval_password(const struct mansession *s, const char *userna
.common.account_id = username,
.common.session_tv = &s->session->sessionstart_tv,
.common.local_addr = {
.sin = mansession_encode_sin_local(s, &sin_local),
.addr = &s->tcptls_session->parent->local_address,
.transport = mansession_get_transport(s),
},
.common.remote_addr = {
.sin = &s->session->sin,
.addr = &addr_remote,
.transport = mansession_get_transport(s),
},
.common.session_id = session_id,
};
ast_sockaddr_from_sin(&addr_remote, &s->session->sin);
snprintf(session_id, sizeof(session_id), "%p", s->session);
ast_security_event_report(AST_SEC_EVT(&inval_password));
@@ -2267,7 +2264,7 @@ static void report_inval_password(const struct mansession *s, const char *userna
static void report_auth_success(const struct mansession *s)
{
struct sockaddr_in sin_local;
struct ast_sockaddr addr_remote;
char session_id[32];
struct ast_security_event_successful_auth successful_auth = {
.common.event_type = AST_SECURITY_EVENT_SUCCESSFUL_AUTH,
@@ -2276,16 +2273,18 @@ static void report_auth_success(const struct mansession *s)
.common.account_id = s->session->username,
.common.session_tv = &s->session->sessionstart_tv,
.common.local_addr = {
.sin = mansession_encode_sin_local(s, &sin_local),
.addr = &s->tcptls_session->parent->local_address,
.transport = mansession_get_transport(s),
},
.common.remote_addr = {
.sin = &s->session->sin,
.addr = &addr_remote,
.transport = mansession_get_transport(s),
},
.common.session_id = session_id,
};
ast_sockaddr_from_sin(&addr_remote, &s->session->sin);
snprintf(session_id, sizeof(session_id), "%p", s->session);
ast_security_event_report(AST_SEC_EVT(&successful_auth));
@@ -2293,7 +2292,7 @@ static void report_auth_success(const struct mansession *s)
static void report_req_not_allowed(const struct mansession *s, const char *action)
{
struct sockaddr_in sin_local;
struct ast_sockaddr addr_remote;
char session_id[32];
char request_type[64];
struct ast_security_event_req_not_allowed req_not_allowed = {
@@ -2303,11 +2302,11 @@ static void report_req_not_allowed(const struct mansession *s, const char *actio
.common.account_id = s->session->username,
.common.session_tv = &s->session->sessionstart_tv,
.common.local_addr = {
.sin = mansession_encode_sin_local(s, &sin_local),
.addr = &s->tcptls_session->parent->local_address,
.transport = mansession_get_transport(s),
},
.common.remote_addr = {
.sin = &s->session->sin,
.addr = &addr_remote,
.transport = mansession_get_transport(s),
},
.common.session_id = session_id,
@@ -2315,6 +2314,8 @@ static void report_req_not_allowed(const struct mansession *s, const char *actio
.request_type = request_type,
};
ast_sockaddr_from_sin(&addr_remote, &s->session->sin);
snprintf(session_id, sizeof(session_id), "%p", s->session);
snprintf(request_type, sizeof(request_type), "Action: %s", action);
@@ -2323,7 +2324,7 @@ static void report_req_not_allowed(const struct mansession *s, const char *actio
static void report_req_bad_format(const struct mansession *s, const char *action)
{
struct sockaddr_in sin_local;
struct ast_sockaddr addr_remote;
char session_id[32];
char request_type[64];
struct ast_security_event_req_bad_format req_bad_format = {
@@ -2333,11 +2334,11 @@ static void report_req_bad_format(const struct mansession *s, const char *action
.common.account_id = s->session->username,
.common.session_tv = &s->session->sessionstart_tv,
.common.local_addr = {
.sin = mansession_encode_sin_local(s, &sin_local),
.addr = &s->tcptls_session->parent->local_address,
.transport = mansession_get_transport(s),
},
.common.remote_addr = {
.sin = &s->session->sin,
.addr = &addr_remote,
.transport = mansession_get_transport(s),
},
.common.session_id = session_id,
@@ -2345,6 +2346,8 @@ static void report_req_bad_format(const struct mansession *s, const char *action
.request_type = request_type,
};
ast_sockaddr_from_sin(&addr_remote, &s->session->sin);
snprintf(session_id, sizeof(session_id), "%p", s->session);
snprintf(request_type, sizeof(request_type), "Action: %s", action);
@@ -2354,7 +2357,7 @@ static void report_req_bad_format(const struct mansession *s, const char *action
static void report_failed_challenge_response(const struct mansession *s,
const char *response, const char *expected_response)
{
struct sockaddr_in sin_local;
struct ast_sockaddr addr_remote;
char session_id[32];
struct ast_security_event_chal_resp_failed chal_resp_failed = {
.common.event_type = AST_SECURITY_EVENT_CHAL_RESP_FAILED,
@@ -2363,11 +2366,11 @@ static void report_failed_challenge_response(const struct mansession *s,
.common.account_id = s->session->username,
.common.session_tv = &s->session->sessionstart_tv,
.common.local_addr = {
.sin = mansession_encode_sin_local(s, &sin_local),
.addr = &s->tcptls_session->parent->local_address,
.transport = mansession_get_transport(s),
},
.common.remote_addr = {
.sin = &s->session->sin,
.addr = &addr_remote,
.transport = mansession_get_transport(s),
},
.common.session_id = session_id,
@@ -2377,6 +2380,8 @@ static void report_failed_challenge_response(const struct mansession *s,
.expected_response = expected_response,
};
ast_sockaddr_from_sin(&addr_remote, &s->session->sin);
snprintf(session_id, sizeof(session_id), "%p", s->session);
ast_security_event_report(AST_SEC_EVT(&chal_resp_failed));
@@ -2384,7 +2389,7 @@ static void report_failed_challenge_response(const struct mansession *s,
static void report_session_limit(const struct mansession *s)
{
struct sockaddr_in sin_local;
struct ast_sockaddr addr_remote;
char session_id[32];
struct ast_security_event_session_limit session_limit = {
.common.event_type = AST_SECURITY_EVENT_SESSION_LIMIT,
@@ -2393,16 +2398,18 @@ static void report_session_limit(const struct mansession *s)
.common.account_id = s->session->username,
.common.session_tv = &s->session->sessionstart_tv,
.common.local_addr = {
.sin = mansession_encode_sin_local(s, &sin_local),
.addr = &s->tcptls_session->parent->local_address,
.transport = mansession_get_transport(s),
},
.common.remote_addr = {
.sin = &s->session->sin,
.addr = &addr_remote,
.transport = mansession_get_transport(s),
},
.common.session_id = session_id,
};
ast_sockaddr_from_sin(&addr_remote, &s->session->sin);
snprintf(session_id, sizeof(session_id), "%p", s->session);
ast_security_event_report(AST_SEC_EVT(&session_limit));