| 
									
										
										
										
											2009-07-11 19:15:03 +00:00
										 |  |  | /*
 | 
					
						
							|  |  |  |  * Asterisk -- An open source telephony toolkit. | 
					
						
							|  |  |  |  * | 
					
						
							|  |  |  |  * Copyright (C) 2009, Digium, Inc. | 
					
						
							|  |  |  |  * | 
					
						
							|  |  |  |  * Russell Bryant <russell@digium.com> | 
					
						
							|  |  |  |  * | 
					
						
							|  |  |  |  * See http://www.asterisk.org for more information about
 | 
					
						
							|  |  |  |  * the Asterisk project. Please do not directly contact | 
					
						
							|  |  |  |  * any of the maintainers of this project for assistance; | 
					
						
							|  |  |  |  * the project provides a web site, mailing lists and IRC | 
					
						
							|  |  |  |  * channels for your use. | 
					
						
							|  |  |  |  * | 
					
						
							|  |  |  |  * This program is free software, distributed under the terms of | 
					
						
							|  |  |  |  * the GNU General Public License Version 2. See the LICENSE file | 
					
						
							|  |  |  |  * at the top of the source tree. | 
					
						
							|  |  |  |  */ | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | /*!
 | 
					
						
							|  |  |  |  * \file | 
					
						
							|  |  |  |  * | 
					
						
							|  |  |  |  * \author Russell Bryant <russell@digium.com> | 
					
						
							|  |  |  |  * | 
					
						
							|  |  |  |  * \brief Security Event Logging | 
					
						
							|  |  |  |  * | 
					
						
							|  |  |  |  * \todo Make informational security events optional | 
					
						
							|  |  |  |  * \todo Escape quotes in string payload IE contents | 
					
						
							|  |  |  |  */ | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2011-07-14 20:28:54 +00:00
										 |  |  | /*** MODULEINFO
 | 
					
						
							|  |  |  | 	<support_level>core</support_level> | 
					
						
							|  |  |  |  ***/ | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2009-07-11 19:15:03 +00:00
										 |  |  | #include "asterisk.h"
 | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | ASTERISK_FILE_VERSION(__FILE__, "$Revision$"); | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | #include "asterisk/module.h"
 | 
					
						
							|  |  |  | #include "asterisk/logger.h"
 | 
					
						
							|  |  |  | #include "asterisk/threadstorage.h"
 | 
					
						
							|  |  |  | #include "asterisk/strings.h"
 | 
					
						
							|  |  |  | #include "asterisk/security_events.h"
 | 
					
						
							| 
									
										
										
										
											2013-05-17 17:36:10 +00:00
										 |  |  | #include "asterisk/stasis.h"
 | 
					
						
							|  |  |  | #include "asterisk/json.h"
 | 
					
						
							| 
									
										
										
										
											2009-07-11 19:15:03 +00:00
										 |  |  | 
 | 
					
						
							|  |  |  | static const char LOG_SECURITY_NAME[] = "SECURITY"; | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | static int LOG_SECURITY; | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2013-05-17 17:36:10 +00:00
										 |  |  | static struct stasis_subscription *security_stasis_sub; | 
					
						
							| 
									
										
										
										
											2009-07-11 19:15:03 +00:00
										 |  |  | 
 | 
					
						
							|  |  |  | AST_THREADSTORAGE(security_event_buf); | 
					
						
							|  |  |  | static const size_t SECURITY_EVENT_BUF_INIT_LEN = 256; | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | enum ie_required { | 
					
						
							|  |  |  | 	NOT_REQUIRED, | 
					
						
							|  |  |  | 	REQUIRED | 
					
						
							|  |  |  | }; | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2013-05-17 17:36:10 +00:00
										 |  |  | static void append_json_single(struct ast_str **str, struct ast_json *json, | 
					
						
							| 
									
										
										
										
											2009-07-11 19:15:03 +00:00
										 |  |  | 		const enum ast_event_ie_type ie_type, enum ie_required required) | 
					
						
							|  |  |  | { | 
					
						
							| 
									
										
										
										
											2013-05-17 17:36:10 +00:00
										 |  |  | 	const char *ie_type_key = ast_event_get_ie_type_name(ie_type); | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | 	struct ast_json *json_string; | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | 	json_string = ast_json_object_get(json, ie_type_key); | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | 	if (!required && !json_string) { | 
					
						
							|  |  |  | 		/* Optional IE isn't present. Ignore. */ | 
					
						
							| 
									
										
										
										
											2009-07-11 19:15:03 +00:00
										 |  |  | 		return; | 
					
						
							|  |  |  | 	} | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | 	/* At this point, it _better_ be there! */ | 
					
						
							| 
									
										
										
										
											2013-05-17 17:36:10 +00:00
										 |  |  | 	ast_assert(json_string != NULL); | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | 	ast_str_append(str, 0, ",%s=\"%s\"", | 
					
						
							|  |  |  | 			ie_type_key, | 
					
						
							|  |  |  | 			ast_json_string_get(json_string)); | 
					
						
							| 
									
										
										
										
											2009-07-11 19:15:03 +00:00
										 |  |  | } | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2013-05-17 17:36:10 +00:00
										 |  |  | static void append_json(struct ast_str **str, struct ast_json *json, | 
					
						
							| 
									
										
										
										
											2009-07-11 19:15:03 +00:00
										 |  |  | 		const struct ast_security_event_ie_type *ies, enum ie_required required) | 
					
						
							|  |  |  | { | 
					
						
							|  |  |  | 	unsigned int i; | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | 	for (i = 0; ies[i].ie_type != AST_EVENT_IE_END; i++) { | 
					
						
							| 
									
										
										
										
											2013-05-17 17:36:10 +00:00
										 |  |  | 		append_json_single(str, json, ies[i].ie_type, required); | 
					
						
							| 
									
										
										
										
											2009-07-11 19:15:03 +00:00
										 |  |  | 	} | 
					
						
							|  |  |  | } | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2013-05-17 17:36:10 +00:00
										 |  |  | static void security_event_stasis_cb(struct ast_json *json) | 
					
						
							| 
									
										
										
										
											2009-07-11 19:15:03 +00:00
										 |  |  | { | 
					
						
							|  |  |  | 	struct ast_str *str; | 
					
						
							| 
									
										
										
										
											2013-05-17 17:36:10 +00:00
										 |  |  | 	struct ast_json *event_type_json; | 
					
						
							| 
									
										
										
										
											2009-07-11 19:15:03 +00:00
										 |  |  | 	enum ast_security_event_type event_type; | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2013-05-17 17:36:10 +00:00
										 |  |  | 	event_type_json = ast_json_object_get(json, "SecurityEvent"); | 
					
						
							|  |  |  | 	event_type = ast_json_integer_get(event_type_json); | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | 	ast_assert(event_type >= 0 && event_type < AST_SECURITY_EVENT_NUM_TYPES); | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2009-07-11 19:15:03 +00:00
										 |  |  | 	if (!(str = ast_str_thread_get(&security_event_buf, | 
					
						
							|  |  |  | 			SECURITY_EVENT_BUF_INIT_LEN))) { | 
					
						
							|  |  |  | 		return; | 
					
						
							|  |  |  | 	} | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2013-08-17 14:39:27 +00:00
										 |  |  | 	ast_str_set(&str, 0, "SecurityEvent=\"%s\"", | 
					
						
							| 
									
										
										
										
											2009-07-11 19:15:03 +00:00
										 |  |  | 			ast_security_event_get_name(event_type)); | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2013-05-17 17:36:10 +00:00
										 |  |  | 	append_json(&str, json, | 
					
						
							| 
									
										
										
										
											2009-07-11 19:15:03 +00:00
										 |  |  | 			ast_security_event_get_required_ies(event_type), REQUIRED); | 
					
						
							| 
									
										
										
										
											2013-05-17 17:36:10 +00:00
										 |  |  | 	append_json(&str, json, | 
					
						
							| 
									
										
										
										
											2009-07-11 19:15:03 +00:00
										 |  |  | 			ast_security_event_get_optional_ies(event_type), NOT_REQUIRED); | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | 	ast_log_dynamic_level(LOG_SECURITY, "%s\n", ast_str_buffer(str)); | 
					
						
							|  |  |  | } | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2013-05-17 17:36:10 +00:00
										 |  |  | static void security_stasis_cb(void *data, struct stasis_subscription *sub, | 
					
						
							| 
									
										
											  
											
												Multiple revisions 399887,400138,400178,400180-400181
........
  r399887 | dlee | 2013-09-26 10:41:47 -0500 (Thu, 26 Sep 2013) | 1 line
  
  Minor performance bump by not allocate manager variable struct if we don't need it
........
  r400138 | dlee | 2013-09-30 10:24:00 -0500 (Mon, 30 Sep 2013) | 23 lines
  
  Stasis performance improvements
  
  This patch addresses several performance problems that were found in
  the initial performance testing of Asterisk 12.
  
  The Stasis dispatch object was allocated as an AO2 object, even though
  it has a very confined lifecycle. This was replaced with a straight
  ast_malloc().
  
  The Stasis message router was spending an inordinate amount of time
  searching hash tables. In this case, most of our routers had 6 or
  fewer routes in them to begin with. This was replaced with an array
  that's searched linearly for the route.
  
  We more heavily rely on AO2 objects in Asterisk 12, and the memset()
  in ao2_ref() actually became noticeable on the profile. This was
  #ifdef'ed to only run when AO2_DEBUG was enabled.
  
  After being misled by an erroneous comment in taskprocessor.c during
  profiling, the wrong comment was removed.
  
  Review: https://reviewboard.asterisk.org/r/2873/
........
  r400178 | dlee | 2013-09-30 13:26:27 -0500 (Mon, 30 Sep 2013) | 24 lines
  
  Taskprocessor optimization; switch Stasis to use taskprocessors
  
  This patch optimizes taskprocessor to use a semaphore for signaling,
  which the OS can do a better job at managing contention and waiting
  that we can with a mutex and condition.
  
  The taskprocessor execution was also slightly optimized to reduce the
  number of locks taken.
  
  The only observable difference in the taskprocessor implementation is
  that when the final reference to the taskprocessor goes away, it will
  execute all tasks to completion instead of discarding the unexecuted
  tasks.
  
  For systems where unnamed semaphores are not supported, a really
  simple semaphore implementation is provided. (Which gives identical
  performance as the original taskprocessor implementation).
  
  The way we ended up implementing Stasis caused the threadpool to be a
  burden instead of a boost to performance. This was switched to just
  use taskprocessors directly for subscriptions.
  
  Review: https://reviewboard.asterisk.org/r/2881/
........
  r400180 | dlee | 2013-09-30 13:39:34 -0500 (Mon, 30 Sep 2013) | 28 lines
  
  Optimize how Stasis forwards are dispatched
  
  This patch optimizes how forwards are dispatched in Stasis.
  
  Originally, forwards were dispatched as subscriptions that are invoked
  on the publishing thread. This did not account for the vast number of
  forwards we would end up having in the system, and the amount of work it
  would take to walk though the forward subscriptions.
  
  This patch modifies Stasis so that rather than walking the tree of
  forwards on every dispatch, when forwards and subscriptions are changed,
  the subscriber list for every topic in the tree is changed.
  
  This has a couple of benefits. First, this reduces the workload of
  dispatching messages. It also reduces contention when dispatching to
  different topics that happen to forward to the same aggregation topic
  (as happens with all of the channel, bridge and endpoint topics).
  
  Since forwards are no longer subscriptions, the bulk of this patch is
  simply changing stasis_subscription objects to stasis_forward objects
  (which, admittedly, I should have done in the first place.)
  
  Since this required me to yet again put in a growing array, I finally
  abstracted that out into a set of ast_vector macros in
  asterisk/vector.h.
  
  Review: https://reviewboard.asterisk.org/r/2883/
........
  r400181 | dlee | 2013-09-30 13:48:57 -0500 (Mon, 30 Sep 2013) | 28 lines
  
  Remove dispatch object allocation from Stasis publishing
  
  While looking for areas for performance improvement, I realized that an
  unused feature in Stasis was negatively impacting performance.
  
  When a message is sent to a subscriber, a dispatch object is allocated
  for the dispatch, containing the topic the message was published to, the
  subscriber the message is being sent to, and the message itself.
  
  The topic is actually unused by any subscriber in Asterisk today. And
  the subscriber is associated with the taskprocessor the message is being
  dispatched to.
  
  First, this patch removes the unused topic parameter from Stasis
  subscription callbacks.
  
  Second, this patch introduces the concept of taskprocessor local data,
  data that may be set on a taskprocessor and provided along with the data
  pointer when a task is pushed using the ast_taskprocessor_push_local()
  call. This allows the task to have both data specific to that
  taskprocessor, in addition to data specific to that invocation.
  
  With those two changes, the dispatch object can be removed completely,
  and the message is simply refcounted and sent directly to the
  taskprocessor.
  
  Review: https://reviewboard.asterisk.org/r/2884/
........
Merged revisions 399887,400138,400178,400180-400181 from http://svn.asterisk.org/svn/asterisk/branches/12
git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@400186 65c4cc65-6c06-0410-ace0-fbb531ad65f3
											
										 
											2013-09-30 18:55:27 +00:00
										 |  |  | 	struct stasis_message *message) | 
					
						
							| 
									
										
										
										
											2013-05-17 17:36:10 +00:00
										 |  |  | { | 
					
						
							|  |  |  | 	struct ast_json_payload *payload = stasis_message_data(message); | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | 	if (stasis_message_type(message) != ast_security_event_type()) { | 
					
						
							|  |  |  | 		return; | 
					
						
							|  |  |  | 	} | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | 	if (!payload) { | 
					
						
							|  |  |  | 		return; | 
					
						
							|  |  |  | 	} | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | 	security_event_stasis_cb(payload->json); | 
					
						
							|  |  |  | } | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2009-07-11 19:15:03 +00:00
										 |  |  | static int load_module(void) | 
					
						
							|  |  |  | { | 
					
						
							|  |  |  | 	if ((LOG_SECURITY = ast_logger_register_level(LOG_SECURITY_NAME)) == -1) { | 
					
						
							|  |  |  | 		return AST_MODULE_LOAD_DECLINE; | 
					
						
							|  |  |  | 	} | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2013-05-17 17:36:10 +00:00
										 |  |  | 	if (!(security_stasis_sub = stasis_subscribe(ast_security_topic(), security_stasis_cb, NULL))) { | 
					
						
							| 
									
										
										
										
											2009-07-11 19:15:03 +00:00
										 |  |  | 		ast_logger_unregister_level(LOG_SECURITY_NAME); | 
					
						
							|  |  |  | 		LOG_SECURITY = -1; | 
					
						
							|  |  |  | 		return AST_MODULE_LOAD_DECLINE; | 
					
						
							|  |  |  | 	} | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | 	ast_verb(3, "Security Logging Enabled\n"); | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | 	return AST_MODULE_LOAD_SUCCESS; | 
					
						
							|  |  |  | } | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | static int unload_module(void) | 
					
						
							|  |  |  | { | 
					
						
							| 
									
										
										
										
											2013-05-17 17:36:10 +00:00
										 |  |  | 	if (security_stasis_sub) { | 
					
						
							|  |  |  | 		security_stasis_sub = stasis_unsubscribe(security_stasis_sub); | 
					
						
							| 
									
										
										
										
											2009-07-11 19:15:03 +00:00
										 |  |  | 	} | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2013-08-30 19:22:59 +00:00
										 |  |  | 	ast_logger_unregister_level(LOG_SECURITY_NAME); | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2009-07-11 19:15:03 +00:00
										 |  |  | 	ast_verb(3, "Security Logging Disabled\n"); | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | 	return 0; | 
					
						
							|  |  |  | } | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | AST_MODULE_INFO_STANDARD(ASTERISK_GPL_KEY, "Security Event Logging"); |