| 
									
										
										
										
											2011-09-22 16:35:20 +00:00
										 |  |  | /*
 | 
					
						
							|  |  |  |  * Asterisk -- An open source telephony toolkit. | 
					
						
							|  |  |  |  * | 
					
						
							| 
									
										
										
										
											2012-04-16 21:20:50 +00:00
										 |  |  |  * Copyright (C) 2012, Digium, Inc. | 
					
						
							| 
									
										
										
										
											2011-09-22 16:35:20 +00:00
										 |  |  |  * | 
					
						
							|  |  |  |  * Michael L. Young <elgueromexicano@gmail.com> | 
					
						
							|  |  |  |  * | 
					
						
							|  |  |  |  * See http://www.asterisk.org for more information about
 | 
					
						
							|  |  |  |  * the Asterisk project. Please do not directly contact | 
					
						
							|  |  |  |  * any of the maintainers of this project for assistance; | 
					
						
							|  |  |  |  * the project provides a web site, mailing lists and IRC | 
					
						
							|  |  |  |  * channels for your use. | 
					
						
							|  |  |  |  * | 
					
						
							|  |  |  |  * This program is free software, distributed under the terms of | 
					
						
							|  |  |  |  * the GNU General Public License Version 2. See the LICENSE file | 
					
						
							|  |  |  |  * at the top of the source tree. | 
					
						
							|  |  |  |  */ | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | /*!
 | 
					
						
							|  |  |  |  * \file | 
					
						
							|  |  |  |  * | 
					
						
							|  |  |  |  * \brief Generate security events in the SIP channel | 
					
						
							|  |  |  |  * | 
					
						
							|  |  |  |  * \author Michael L. Young <elgueromexicano@gmail.com> | 
					
						
							|  |  |  |  */ | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2012-06-15 16:20:16 +00:00
										 |  |  | /*** MODULEINFO
 | 
					
						
							| 
									
										
										
										
											2014-08-08 17:53:39 +00:00
										 |  |  | 	<support_level>extended</support_level> | 
					
						
							| 
									
										
										
										
											2012-06-15 16:20:16 +00:00
										 |  |  |  ***/ | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2011-09-22 16:35:20 +00:00
										 |  |  | #include "asterisk.h"
 | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | #include "include/sip.h"
 | 
					
						
							|  |  |  | #include "include/security_events.h"
 | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | /*! \brief Determine transport type used to receive request*/ | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2013-05-17 17:36:10 +00:00
										 |  |  | static enum ast_transport security_event_get_transport(const struct sip_pvt *p) | 
					
						
							| 
									
										
										
										
											2011-09-22 16:35:20 +00:00
										 |  |  | { | 
					
						
							| 
									
										
										
										
											2013-05-17 17:36:10 +00:00
										 |  |  | 	return p->socket.type; | 
					
						
							| 
									
										
										
										
											2011-09-22 16:35:20 +00:00
										 |  |  | } | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | void sip_report_invalid_peer(const struct sip_pvt *p) | 
					
						
							|  |  |  | { | 
					
						
							|  |  |  | 	char session_id[32]; | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | 	struct ast_security_event_inval_acct_id inval_acct_id = { | 
					
						
							|  |  |  | 		.common.event_type = AST_SECURITY_EVENT_INVAL_ACCT_ID, | 
					
						
							|  |  |  | 		.common.version    = AST_SECURITY_EVENT_INVAL_ACCT_ID_VERSION, | 
					
						
							|  |  |  | 		.common.service    = "SIP", | 
					
						
							|  |  |  | 		.common.account_id = p->exten, | 
					
						
							|  |  |  | 		.common.local_addr = { | 
					
						
							| 
									
										
										
										
											2012-04-16 21:20:50 +00:00
										 |  |  | 			.addr      = &p->ourip, | 
					
						
							| 
									
										
										
										
											2011-09-22 16:35:20 +00:00
										 |  |  | 			.transport = security_event_get_transport(p) | 
					
						
							|  |  |  | 		}, | 
					
						
							|  |  |  | 		.common.remote_addr = { | 
					
						
							| 
									
										
										
										
											2012-04-16 21:20:50 +00:00
										 |  |  | 			.addr       = &p->sa, | 
					
						
							| 
									
										
										
										
											2011-09-22 16:35:20 +00:00
										 |  |  | 			.transport = security_event_get_transport(p) | 
					
						
							|  |  |  | 		}, | 
					
						
							|  |  |  | 		.common.session_id = session_id, | 
					
						
							|  |  |  | 	}; | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | 	snprintf(session_id, sizeof(session_id), "%p", p); | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | 	ast_security_event_report(AST_SEC_EVT(&inval_acct_id)); | 
					
						
							|  |  |  | } | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | void sip_report_failed_acl(const struct sip_pvt *p, const char *aclname) | 
					
						
							|  |  |  | { | 
					
						
							|  |  |  |         char session_id[32]; | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         struct ast_security_event_failed_acl failed_acl_event = { | 
					
						
							|  |  |  |                 .common.event_type  = AST_SECURITY_EVENT_FAILED_ACL, | 
					
						
							|  |  |  |                 .common.version     = AST_SECURITY_EVENT_FAILED_ACL_VERSION, | 
					
						
							|  |  |  |                 .common.service     = "SIP", | 
					
						
							|  |  |  |                 .common.account_id  = p->exten, | 
					
						
							|  |  |  |                 .common.local_addr  = { | 
					
						
							| 
									
										
										
										
											2012-04-16 21:20:50 +00:00
										 |  |  |                         .addr       = &p->ourip, | 
					
						
							| 
									
										
										
										
											2011-09-22 16:35:20 +00:00
										 |  |  |                         .transport  = security_event_get_transport(p) | 
					
						
							|  |  |  |                 }, | 
					
						
							|  |  |  |                 .common.remote_addr = { | 
					
						
							| 
									
										
										
										
											2012-04-16 21:20:50 +00:00
										 |  |  |                         .addr       = &p->sa, | 
					
						
							| 
									
										
										
										
											2011-09-22 16:35:20 +00:00
										 |  |  |                         .transport  = security_event_get_transport(p) | 
					
						
							|  |  |  |                 }, | 
					
						
							|  |  |  |                 .common.session_id  = session_id, | 
					
						
							|  |  |  |                 .acl_name           = aclname, | 
					
						
							|  |  |  |         }; | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         snprintf(session_id, sizeof(session_id), "%p", p); | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         ast_security_event_report(AST_SEC_EVT(&failed_acl_event)); | 
					
						
							|  |  |  | } | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | void sip_report_inval_password(const struct sip_pvt *p, const char *response_challenge, const char *response_hash) | 
					
						
							|  |  |  | { | 
					
						
							|  |  |  |         char session_id[32]; | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         struct ast_security_event_inval_password inval_password = { | 
					
						
							|  |  |  |                 .common.event_type  = AST_SECURITY_EVENT_INVAL_PASSWORD, | 
					
						
							|  |  |  |                 .common.version     = AST_SECURITY_EVENT_INVAL_PASSWORD_VERSION, | 
					
						
							|  |  |  |                 .common.service     = "SIP", | 
					
						
							|  |  |  |                 .common.account_id  = p->exten, | 
					
						
							|  |  |  |                 .common.local_addr  = { | 
					
						
							| 
									
										
										
										
											2012-04-16 21:20:50 +00:00
										 |  |  |                         .addr       = &p->ourip, | 
					
						
							| 
									
										
										
										
											2011-09-22 16:35:20 +00:00
										 |  |  |                         .transport  = security_event_get_transport(p) | 
					
						
							|  |  |  |                 }, | 
					
						
							|  |  |  |                 .common.remote_addr = { | 
					
						
							| 
									
										
										
										
											2012-04-16 21:20:50 +00:00
										 |  |  |                         .addr       = &p->sa, | 
					
						
							| 
									
										
										
										
											2011-09-22 16:35:20 +00:00
										 |  |  |                         .transport  = security_event_get_transport(p) | 
					
						
							|  |  |  |                 }, | 
					
						
							|  |  |  |                 .common.session_id  = session_id, | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
											  
											
												Clean up chan_sip
This clean up was broken out from
https://reviewboard.asterisk.org/r/1976/ and addresses the following:
 - struct sip_refer converted to use the stringfields API.
 - sip_{refer|notify}_allocate -> sip_{notify|refer}_alloc to match
   other *alloc functions.
 - Replace get_msg_text, get_msg_text2 and get_pidf_body -> No, not
   get_pidf_msg_text_body3 but get_content, to match add_content.
 - get_body doesn't get the request body, renamed to get_content_line.
 - get_body_by_line doesn't get the body line, and is just a simple if
   test. Moved code inline and removed function.
 - Remove camelCase in struct sip_peer peer state variables,
   onHold -> onhold, inUse -> inuse, inRinging -> ringing.
 - Remove camelCase in struct sip_request rlPart1 -> rlpart1,
   rlPart2 -> rlpart2.
 - Rename instances of pvt->randdata to pvt->nonce because that is what
   it is, no need to update struct sip_pvt because _it already has a
   nonce field_.
 - Removed struct sip_pvt randdata stringfield.
 - Remove useless (and inconsistent) 'header' suffix on variables in
   handle_request_subscribe.
 - Use ast_strdupa on Event header in handle_request_subscribe to avoid
   overly complicated strncmp calls to find the event package.
 - Move get_destination check in handle_request_subscribe to avoid
   duplicate checking for packages that don't need it.
 - Move extension state callback management in handle_request_subscribe
   to avoid duplicate checking for packages that don't need it.
 - Remove duplicate append_date prototype.
 - Rename append_date -> add_date to match other add_xxx functions.
 - Added add_expires helper function, removed code that manually added
   expires header.
 - Remove _header suffix on add_diversion_header (no other header adding
   functions have this).
 - Don't pass req->debug to request handle_request_XXXXX handlers if req
   is also being passed.
 - Don't pass req->ignore to check_auth as req is already being passed.
 - Don't create a subscription in handle_request_subscribe if
   p->expiry == 0.
 - Don't walk of the back of referred_by_name when splitting string in
   get_refer_info
 - Remove duplicate check for no dialog in handle_incoming when
   sipmethod == SIP_REFER, handle_request_refer checks for that.
Review: https://reviewboard.asterisk.org/r/1993/
Patch-by: gareth
git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@370636 65c4cc65-6c06-0410-ace0-fbb531ad65f3
											
										 
											2012-07-31 19:10:41 +00:00
										 |  |  | 		.challenge	    = p->nonce, | 
					
						
							| 
									
										
										
										
											2011-09-22 16:35:20 +00:00
										 |  |  | 		.received_challenge = response_challenge, | 
					
						
							|  |  |  | 		.received_hash	    = response_hash, | 
					
						
							|  |  |  |         }; | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         snprintf(session_id, sizeof(session_id), "%p", p); | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         ast_security_event_report(AST_SEC_EVT(&inval_password)); | 
					
						
							|  |  |  | } | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2017-12-01 13:54:26 -06:00
										 |  |  | void sip_report_auth_success(const struct sip_pvt *p, uint32_t using_password) | 
					
						
							| 
									
										
										
										
											2011-09-22 16:35:20 +00:00
										 |  |  | { | 
					
						
							|  |  |  |         char session_id[32]; | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         struct ast_security_event_successful_auth successful_auth = { | 
					
						
							|  |  |  |                 .common.event_type  = AST_SECURITY_EVENT_SUCCESSFUL_AUTH, | 
					
						
							|  |  |  |                 .common.version     = AST_SECURITY_EVENT_SUCCESSFUL_AUTH_VERSION, | 
					
						
							|  |  |  |                 .common.service     = "SIP", | 
					
						
							|  |  |  |                 .common.account_id  = p->exten, | 
					
						
							|  |  |  |                 .common.local_addr  = { | 
					
						
							| 
									
										
										
										
											2012-04-16 21:20:50 +00:00
										 |  |  |                         .addr       = &p->ourip, | 
					
						
							| 
									
										
										
										
											2011-09-22 16:35:20 +00:00
										 |  |  |                         .transport  = security_event_get_transport(p) | 
					
						
							|  |  |  |                 }, | 
					
						
							|  |  |  |                 .common.remote_addr = { | 
					
						
							| 
									
										
										
										
											2012-04-16 21:20:50 +00:00
										 |  |  |                         .addr       = &p->sa, | 
					
						
							| 
									
										
										
										
											2011-09-22 16:35:20 +00:00
										 |  |  |                         .transport  = security_event_get_transport(p) | 
					
						
							|  |  |  |                 }, | 
					
						
							|  |  |  |                 .common.session_id  = session_id, | 
					
						
							|  |  |  |                 .using_password     = using_password, | 
					
						
							|  |  |  |         }; | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         snprintf(session_id, sizeof(session_id), "%p", p); | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         ast_security_event_report(AST_SEC_EVT(&successful_auth)); | 
					
						
							|  |  |  | } | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | void sip_report_session_limit(const struct sip_pvt *p) | 
					
						
							|  |  |  | { | 
					
						
							|  |  |  |         char session_id[32]; | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         struct ast_security_event_session_limit session_limit = { | 
					
						
							|  |  |  |                 .common.event_type = AST_SECURITY_EVENT_SESSION_LIMIT, | 
					
						
							|  |  |  |                 .common.version    = AST_SECURITY_EVENT_SESSION_LIMIT_VERSION, | 
					
						
							|  |  |  |                 .common.service    = "SIP", | 
					
						
							|  |  |  |                 .common.account_id = p->exten, | 
					
						
							|  |  |  |                 .common.local_addr = { | 
					
						
							| 
									
										
										
										
											2012-04-16 21:20:50 +00:00
										 |  |  |                         .addr      = &p->ourip, | 
					
						
							| 
									
										
										
										
											2011-09-22 16:35:20 +00:00
										 |  |  |                         .transport = security_event_get_transport(p) | 
					
						
							|  |  |  |                 }, | 
					
						
							|  |  |  |                 .common.remote_addr = { | 
					
						
							| 
									
										
										
										
											2012-04-16 21:20:50 +00:00
										 |  |  |                         .addr      = &p->sa, | 
					
						
							| 
									
										
										
										
											2011-09-22 16:35:20 +00:00
										 |  |  |                         .transport = security_event_get_transport(p) | 
					
						
							|  |  |  |                 }, | 
					
						
							|  |  |  |                 .common.session_id = session_id, | 
					
						
							|  |  |  |         }; | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         snprintf(session_id, sizeof(session_id), "%p", p); | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         ast_security_event_report(AST_SEC_EVT(&session_limit)); | 
					
						
							|  |  |  | } | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | void sip_report_failed_challenge_response(const struct sip_pvt *p, const char *response, const char *expected_response) | 
					
						
							|  |  |  | { | 
					
						
							| 
									
										
										
										
											2012-04-16 21:20:50 +00:00
										 |  |  | 	char session_id[32]; | 
					
						
							| 
									
										
										
										
											2011-09-22 16:35:20 +00:00
										 |  |  | 	char account_id[256]; | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | 	struct ast_security_event_chal_resp_failed chal_resp_failed = { | 
					
						
							|  |  |  |                 .common.event_type = AST_SECURITY_EVENT_CHAL_RESP_FAILED, | 
					
						
							|  |  |  |                 .common.version    = AST_SECURITY_EVENT_CHAL_RESP_FAILED_VERSION, | 
					
						
							|  |  |  |                 .common.service    = "SIP", | 
					
						
							|  |  |  |                 .common.account_id = account_id, | 
					
						
							|  |  |  |                 .common.local_addr = { | 
					
						
							| 
									
										
										
										
											2012-04-16 21:20:50 +00:00
										 |  |  |                         .addr      = &p->ourip, | 
					
						
							| 
									
										
										
										
											2011-09-22 16:35:20 +00:00
										 |  |  |                         .transport = security_event_get_transport(p) | 
					
						
							|  |  |  |                 }, | 
					
						
							|  |  |  |                 .common.remote_addr = { | 
					
						
							| 
									
										
										
										
											2012-04-16 21:20:50 +00:00
										 |  |  |                         .addr      = &p->sa, | 
					
						
							| 
									
										
										
										
											2011-09-22 16:35:20 +00:00
										 |  |  |                         .transport = security_event_get_transport(p) | 
					
						
							|  |  |  |                 }, | 
					
						
							|  |  |  |                 .common.session_id = session_id, | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
											  
											
												Clean up chan_sip
This clean up was broken out from
https://reviewboard.asterisk.org/r/1976/ and addresses the following:
 - struct sip_refer converted to use the stringfields API.
 - sip_{refer|notify}_allocate -> sip_{notify|refer}_alloc to match
   other *alloc functions.
 - Replace get_msg_text, get_msg_text2 and get_pidf_body -> No, not
   get_pidf_msg_text_body3 but get_content, to match add_content.
 - get_body doesn't get the request body, renamed to get_content_line.
 - get_body_by_line doesn't get the body line, and is just a simple if
   test. Moved code inline and removed function.
 - Remove camelCase in struct sip_peer peer state variables,
   onHold -> onhold, inUse -> inuse, inRinging -> ringing.
 - Remove camelCase in struct sip_request rlPart1 -> rlpart1,
   rlPart2 -> rlpart2.
 - Rename instances of pvt->randdata to pvt->nonce because that is what
   it is, no need to update struct sip_pvt because _it already has a
   nonce field_.
 - Removed struct sip_pvt randdata stringfield.
 - Remove useless (and inconsistent) 'header' suffix on variables in
   handle_request_subscribe.
 - Use ast_strdupa on Event header in handle_request_subscribe to avoid
   overly complicated strncmp calls to find the event package.
 - Move get_destination check in handle_request_subscribe to avoid
   duplicate checking for packages that don't need it.
 - Move extension state callback management in handle_request_subscribe
   to avoid duplicate checking for packages that don't need it.
 - Remove duplicate append_date prototype.
 - Rename append_date -> add_date to match other add_xxx functions.
 - Added add_expires helper function, removed code that manually added
   expires header.
 - Remove _header suffix on add_diversion_header (no other header adding
   functions have this).
 - Don't pass req->debug to request handle_request_XXXXX handlers if req
   is also being passed.
 - Don't pass req->ignore to check_auth as req is already being passed.
 - Don't create a subscription in handle_request_subscribe if
   p->expiry == 0.
 - Don't walk of the back of referred_by_name when splitting string in
   get_refer_info
 - Remove duplicate check for no dialog in handle_incoming when
   sipmethod == SIP_REFER, handle_request_refer checks for that.
Review: https://reviewboard.asterisk.org/r/1993/
Patch-by: gareth
git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@370636 65c4cc65-6c06-0410-ace0-fbb531ad65f3
											
										 
											2012-07-31 19:10:41 +00:00
										 |  |  |                 .challenge         = p->nonce, | 
					
						
							| 
									
										
										
										
											2011-09-22 16:35:20 +00:00
										 |  |  |                 .response          = response, | 
					
						
							|  |  |  |                 .expected_response = expected_response, | 
					
						
							|  |  |  |         }; | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | 	if (!ast_strlen_zero(p->from)) { /* When dialing, show account making call */ | 
					
						
							|  |  |  |                 ast_copy_string(account_id, p->from, sizeof(account_id)); | 
					
						
							|  |  |  |         } else { | 
					
						
							|  |  |  |                 ast_copy_string(account_id, p->exten, sizeof(account_id)); | 
					
						
							|  |  |  |         } | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         snprintf(session_id, sizeof(session_id), "%p", p); | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         ast_security_event_report(AST_SEC_EVT(&chal_resp_failed)); | 
					
						
							|  |  |  | } | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | void sip_report_chal_sent(const struct sip_pvt *p) | 
					
						
							|  |  |  | { | 
					
						
							| 
									
										
										
										
											2012-04-16 21:20:50 +00:00
										 |  |  | 	char session_id[32]; | 
					
						
							| 
									
										
										
										
											2011-09-22 16:35:20 +00:00
										 |  |  | 	char account_id[256]; | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2012-04-16 21:20:50 +00:00
										 |  |  | 	struct ast_security_event_chal_sent chal_sent = { | 
					
						
							| 
									
										
										
										
											2011-09-22 16:35:20 +00:00
										 |  |  |                 .common.event_type = AST_SECURITY_EVENT_CHAL_SENT, | 
					
						
							|  |  |  |                 .common.version    = AST_SECURITY_EVENT_CHAL_SENT_VERSION, | 
					
						
							|  |  |  |                 .common.service    = "SIP", | 
					
						
							|  |  |  |                 .common.account_id = account_id, | 
					
						
							|  |  |  |                 .common.local_addr = { | 
					
						
							| 
									
										
										
										
											2012-04-16 21:20:50 +00:00
										 |  |  |                         .addr      = &p->ourip, | 
					
						
							| 
									
										
										
										
											2011-09-22 16:35:20 +00:00
										 |  |  |                         .transport = security_event_get_transport(p) | 
					
						
							|  |  |  |                 }, | 
					
						
							|  |  |  |                 .common.remote_addr = { | 
					
						
							| 
									
										
										
										
											2012-04-16 21:20:50 +00:00
										 |  |  |                         .addr      = &p->sa, | 
					
						
							| 
									
										
										
										
											2011-09-22 16:35:20 +00:00
										 |  |  |                         .transport = security_event_get_transport(p) | 
					
						
							|  |  |  |                 }, | 
					
						
							|  |  |  |                 .common.session_id = session_id, | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
											  
											
												Clean up chan_sip
This clean up was broken out from
https://reviewboard.asterisk.org/r/1976/ and addresses the following:
 - struct sip_refer converted to use the stringfields API.
 - sip_{refer|notify}_allocate -> sip_{notify|refer}_alloc to match
   other *alloc functions.
 - Replace get_msg_text, get_msg_text2 and get_pidf_body -> No, not
   get_pidf_msg_text_body3 but get_content, to match add_content.
 - get_body doesn't get the request body, renamed to get_content_line.
 - get_body_by_line doesn't get the body line, and is just a simple if
   test. Moved code inline and removed function.
 - Remove camelCase in struct sip_peer peer state variables,
   onHold -> onhold, inUse -> inuse, inRinging -> ringing.
 - Remove camelCase in struct sip_request rlPart1 -> rlpart1,
   rlPart2 -> rlpart2.
 - Rename instances of pvt->randdata to pvt->nonce because that is what
   it is, no need to update struct sip_pvt because _it already has a
   nonce field_.
 - Removed struct sip_pvt randdata stringfield.
 - Remove useless (and inconsistent) 'header' suffix on variables in
   handle_request_subscribe.
 - Use ast_strdupa on Event header in handle_request_subscribe to avoid
   overly complicated strncmp calls to find the event package.
 - Move get_destination check in handle_request_subscribe to avoid
   duplicate checking for packages that don't need it.
 - Move extension state callback management in handle_request_subscribe
   to avoid duplicate checking for packages that don't need it.
 - Remove duplicate append_date prototype.
 - Rename append_date -> add_date to match other add_xxx functions.
 - Added add_expires helper function, removed code that manually added
   expires header.
 - Remove _header suffix on add_diversion_header (no other header adding
   functions have this).
 - Don't pass req->debug to request handle_request_XXXXX handlers if req
   is also being passed.
 - Don't pass req->ignore to check_auth as req is already being passed.
 - Don't create a subscription in handle_request_subscribe if
   p->expiry == 0.
 - Don't walk of the back of referred_by_name when splitting string in
   get_refer_info
 - Remove duplicate check for no dialog in handle_incoming when
   sipmethod == SIP_REFER, handle_request_refer checks for that.
Review: https://reviewboard.asterisk.org/r/1993/
Patch-by: gareth
git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@370636 65c4cc65-6c06-0410-ace0-fbb531ad65f3
											
										 
											2012-07-31 19:10:41 +00:00
										 |  |  |                 .challenge         = p->nonce, | 
					
						
							| 
									
										
										
										
											2011-09-22 16:35:20 +00:00
										 |  |  |         }; | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | 	if (!ast_strlen_zero(p->from)) { /* When dialing, show account making call */ | 
					
						
							|  |  |  | 		ast_copy_string(account_id, p->from, sizeof(account_id)); | 
					
						
							|  |  |  | 	} else { | 
					
						
							|  |  |  | 		ast_copy_string(account_id, p->exten, sizeof(account_id)); | 
					
						
							|  |  |  | 	} | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         snprintf(session_id, sizeof(session_id), "%p", p); | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         ast_security_event_report(AST_SEC_EVT(&chal_sent)); | 
					
						
							|  |  |  | } | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | void sip_report_inval_transport(const struct sip_pvt *p, const char *transport) | 
					
						
							|  |  |  | { | 
					
						
							|  |  |  |         char session_id[32]; | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         struct ast_security_event_inval_transport inval_transport = { | 
					
						
							|  |  |  |                 .common.event_type = AST_SECURITY_EVENT_INVAL_TRANSPORT, | 
					
						
							|  |  |  |                 .common.version    = AST_SECURITY_EVENT_INVAL_TRANSPORT_VERSION, | 
					
						
							|  |  |  |                 .common.service    = "SIP", | 
					
						
							|  |  |  |                 .common.account_id = p->exten, | 
					
						
							|  |  |  |                 .common.local_addr = { | 
					
						
							| 
									
										
										
										
											2012-04-16 21:20:50 +00:00
										 |  |  |                         .addr      = &p->ourip, | 
					
						
							| 
									
										
										
										
											2011-09-22 16:35:20 +00:00
										 |  |  |                         .transport = security_event_get_transport(p) | 
					
						
							|  |  |  |                 }, | 
					
						
							|  |  |  |                 .common.remote_addr = { | 
					
						
							| 
									
										
										
										
											2012-04-16 21:20:50 +00:00
										 |  |  |                         .addr      = &p->sa, | 
					
						
							| 
									
										
										
										
											2011-09-22 16:35:20 +00:00
										 |  |  |                         .transport = security_event_get_transport(p) | 
					
						
							|  |  |  |                 }, | 
					
						
							|  |  |  |                 .common.session_id = session_id, | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |                 .transport         = transport, | 
					
						
							|  |  |  |         }; | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         snprintf(session_id, sizeof(session_id), "%p", p); | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         ast_security_event_report(AST_SEC_EVT(&inval_transport)); | 
					
						
							|  |  |  | } | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2015-08-12 12:59:53 -05:00
										 |  |  | int sip_report_security_event(const char *peer, struct ast_sockaddr *addr, const struct sip_pvt *p, | 
					
						
							| 
									
										
										
										
											2017-12-01 13:54:26 -06:00
										 |  |  |     const struct sip_request *req, const int res) | 
					
						
							|  |  |  | { | 
					
						
							| 
									
										
										
										
											2011-09-22 16:35:20 +00:00
										 |  |  | 
 | 
					
						
							|  |  |  | 	struct sip_peer *peer_report; | 
					
						
							|  |  |  | 	enum check_auth_result res_report = res; | 
					
						
							|  |  |  | 	struct ast_str *buf; | 
					
						
							|  |  |  | 	char *c; | 
					
						
							|  |  |  | 	const char *authtoken; | 
					
						
							|  |  |  | 	char *reqheader, *respheader; | 
					
						
							|  |  |  | 	int result = 0; | 
					
						
							|  |  |  | 	char aclname[256]; | 
					
						
							|  |  |  | 	struct digestkeys keys[] = { | 
					
						
							|  |  |  | 		[K_RESP]  = { "response=", "" }, | 
					
						
							|  |  |  | 		[K_URI]   = { "uri=", "" }, | 
					
						
							|  |  |  | 		[K_USER]  = { "username=", "" }, | 
					
						
							|  |  |  | 		[K_NONCE] = { "nonce=", "" }, | 
					
						
							|  |  |  | 		[K_LAST]  = { NULL, NULL} | 
					
						
							|  |  |  | 	}; | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2015-08-12 12:59:53 -05:00
										 |  |  | 	peer_report = sip_find_peer(peer, addr, TRUE, FINDPEERS, FALSE, p->socket.type); | 
					
						
							| 
									
										
										
										
											2011-09-22 16:35:20 +00:00
										 |  |  | 
 | 
					
						
							|  |  |  | 	switch(res_report) { | 
					
						
							|  |  |  | 	case AUTH_DONT_KNOW: | 
					
						
							|  |  |  | 		break; | 
					
						
							|  |  |  | 	case AUTH_SUCCESSFUL: | 
					
						
							|  |  |  | 		if (peer_report) { | 
					
						
							|  |  |  | 			if (ast_strlen_zero(peer_report->secret) && ast_strlen_zero(peer_report->md5secret)) { | 
					
						
							| 
									
										
										
										
											2017-12-01 13:54:26 -06:00
										 |  |  | 				sip_report_auth_success(p, 0); | 
					
						
							| 
									
										
										
										
											2011-09-22 16:35:20 +00:00
										 |  |  | 			} else { | 
					
						
							| 
									
										
										
										
											2017-12-01 13:54:26 -06:00
										 |  |  | 				sip_report_auth_success(p, 1); | 
					
						
							| 
									
										
										
										
											2011-09-22 16:35:20 +00:00
										 |  |  | 			} | 
					
						
							|  |  |  | 		} | 
					
						
							|  |  |  | 		break; | 
					
						
							|  |  |  | 	case AUTH_CHALLENGE_SENT: | 
					
						
							|  |  |  | 		sip_report_chal_sent(p); | 
					
						
							|  |  |  | 		break; | 
					
						
							|  |  |  | 	case AUTH_SECRET_FAILED: | 
					
						
							|  |  |  | 	case AUTH_USERNAME_MISMATCH: | 
					
						
							|  |  |  | 		sip_auth_headers(WWW_AUTH, &respheader, &reqheader); | 
					
						
							|  |  |  | 		authtoken = sip_get_header(req, reqheader); | 
					
						
							|  |  |  | 		buf = ast_str_thread_get(&check_auth_buf, CHECK_AUTH_BUF_INITLEN); | 
					
						
							|  |  |  | 		ast_str_set(&buf, 0, "%s", authtoken); | 
					
						
							| 
									
										
										
										
											2014-11-19 17:22:29 +00:00
										 |  |  | 		c = ast_str_buffer(buf); | 
					
						
							| 
									
										
										
										
											2011-09-22 16:35:20 +00:00
										 |  |  | 
 | 
					
						
							|  |  |  | 		sip_digest_parser(c, keys); | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | 		if (res_report == AUTH_SECRET_FAILED) { | 
					
						
							|  |  |  | 			sip_report_inval_password(p, keys[K_NONCE].s, keys[K_RESP].s); | 
					
						
							|  |  |  | 		} else { | 
					
						
							|  |  |  | 			if (peer_report) { | 
					
						
							|  |  |  | 				sip_report_failed_challenge_response(p, keys[K_USER].s, peer_report->username); | 
					
						
							|  |  |  | 			} | 
					
						
							|  |  |  | 		} | 
					
						
							|  |  |  | 		break; | 
					
						
							|  |  |  | 	case AUTH_NOT_FOUND: | 
					
						
							|  |  |  | 		/* with sip_cfg.alwaysauthreject on, generates 2 events */ | 
					
						
							|  |  |  | 		sip_report_invalid_peer(p); | 
					
						
							|  |  |  | 		break; | 
					
						
							|  |  |  | 	case AUTH_UNKNOWN_DOMAIN: | 
					
						
							|  |  |  | 		snprintf(aclname, sizeof(aclname), "domain_must_match"); | 
					
						
							|  |  |  | 		sip_report_failed_acl(p, aclname); | 
					
						
							|  |  |  | 		break; | 
					
						
							|  |  |  | 	case AUTH_PEER_NOT_DYNAMIC: | 
					
						
							|  |  |  | 		snprintf(aclname, sizeof(aclname), "peer_not_dynamic"); | 
					
						
							|  |  |  | 		sip_report_failed_acl(p, aclname); | 
					
						
							|  |  |  | 		break; | 
					
						
							|  |  |  | 	case AUTH_ACL_FAILED: | 
					
						
							|  |  |  | 		/* with sip_cfg.alwaysauthreject on, generates 2 events */ | 
					
						
							|  |  |  | 		snprintf(aclname, sizeof(aclname), "device_must_match_acl"); | 
					
						
							|  |  |  | 		sip_report_failed_acl(p, aclname); | 
					
						
							|  |  |  | 		break; | 
					
						
							|  |  |  | 	case AUTH_BAD_TRANSPORT: | 
					
						
							|  |  |  | 		sip_report_inval_transport(p, sip_get_transport(req->socket.type)); | 
					
						
							|  |  |  | 		break; | 
					
						
							|  |  |  | 	case AUTH_RTP_FAILED: | 
					
						
							|  |  |  | 		break; | 
					
						
							|  |  |  | 	case AUTH_SESSION_LIMIT: | 
					
						
							|  |  |  | 		sip_report_session_limit(p); | 
					
						
							|  |  |  | 		break; | 
					
						
							|  |  |  | 	} | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | 	if (peer_report) { | 
					
						
							|  |  |  | 		sip_unref_peer(peer_report, "sip_report_security_event: sip_unref_peer: from handle_incoming"); | 
					
						
							|  |  |  | 	} | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | 	return result; | 
					
						
							|  |  |  | } |