mirror of
https://github.com/asterisk/asterisk.git
synced 2025-09-05 04:11:08 +00:00
735b30ad71
The general gist is to have a clear boundary between old SIP stuff and new SIP stuff by having the word "SIP" for old stuff and "PJSIP" for new stuff. Here's a brief rundown of the changes: * The word "Gulp" in dialstrings, functions, and CLI commands is now "PJSIP" * chan_gulp.c is now chan_pjsip.c * Function names in chan_gulp.c that were "gulp_*" are now "chan_pjsip_*" * All files that were "res_sip*" are now "res_pjsip*" * The "res_sip" directory is now "res_pjsip" * Files in the "res_pjsip" directory that began with "sip_*" are now "pjsip_*" * The configuration file is now "pjsip.conf" instead of "res_sip.conf" * The module info for all PJSIP-related files now uses "PJSIP" instead of "SIP" * CLI and AMI commands created by Asterisk's PJSIP modules now have "pjsip" as the starting word instead of "sip" git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@395764 65c4cc65-6c06-0410-ace0-fbb531ad65f3
235 lines
7.7 KiB
C
235 lines
7.7 KiB
C
/*
|
|
* Asterisk -- An open source telephony toolkit.
|
|
*
|
|
* Copyright (C) 2013, Digium, Inc.
|
|
*
|
|
* Joshua Colp <jcolp@digium.com>
|
|
*
|
|
* See http://www.asterisk.org for more information about
|
|
* the Asterisk project. Please do not directly contact
|
|
* any of the maintainers of this project for assistance;
|
|
* the project provides a web site, mailing lists and IRC
|
|
* channels for your use.
|
|
*
|
|
* This program is free software, distributed under the terms of
|
|
* the GNU General Public License Version 2. See the LICENSE file
|
|
* at the top of the source tree.
|
|
*/
|
|
|
|
/*!
|
|
* \file
|
|
*
|
|
* \brief Generate security events in the PJSIP channel
|
|
*
|
|
* \author Joshua Colp <jcolp@digium.com>
|
|
*/
|
|
|
|
#include "asterisk.h"
|
|
|
|
ASTERISK_FILE_VERSION(__FILE__, "$Revision$")
|
|
|
|
#include <pjsip.h>
|
|
|
|
#include "asterisk/res_pjsip.h"
|
|
#include "asterisk/security_events.h"
|
|
|
|
static int find_transport_in_use(void *obj, void *arg, int flags)
|
|
{
|
|
struct ast_sip_transport *transport = obj;
|
|
pjsip_rx_data *rdata = arg;
|
|
|
|
if ((transport->state->transport == rdata->tp_info.transport) ||
|
|
(transport->state->factory && !pj_strcmp(&transport->state->factory->addr_name.host, &rdata->tp_info.transport->local_name.host) &&
|
|
transport->state->factory->addr_name.port == rdata->tp_info.transport->local_name.port)) {
|
|
return CMP_MATCH | CMP_STOP;
|
|
}
|
|
|
|
return 0;
|
|
}
|
|
|
|
static enum ast_transport security_event_get_transport(pjsip_rx_data *rdata)
|
|
{
|
|
RAII_VAR(struct ao2_container *, transports, NULL, ao2_cleanup);
|
|
RAII_VAR(struct ast_sip_transport *, transport, NULL, ao2_cleanup);
|
|
|
|
/* It should be impossible for these to fail as the transport has to exist for the message to exist */
|
|
transports = ast_sorcery_retrieve_by_fields(ast_sip_get_sorcery(), "transport", AST_RETRIEVE_FLAG_MULTIPLE | AST_RETRIEVE_FLAG_ALL, NULL);
|
|
|
|
ast_assert(transports != NULL);
|
|
|
|
transport = ao2_callback(transports, 0, find_transport_in_use, rdata);
|
|
|
|
ast_assert(transport != NULL);
|
|
|
|
return transport->type;
|
|
}
|
|
|
|
static void security_event_populate(pjsip_rx_data *rdata, char *call_id, size_t call_id_size, struct ast_sockaddr *local, struct ast_sockaddr *remote)
|
|
{
|
|
char host[NI_MAXHOST];
|
|
|
|
ast_copy_pj_str(call_id, &rdata->msg_info.cid->id, call_id_size);
|
|
|
|
ast_copy_pj_str(host, &rdata->tp_info.transport->local_name.host, sizeof(host));
|
|
ast_sockaddr_parse(local, host, PARSE_PORT_FORBID);
|
|
ast_sockaddr_set_port(local, rdata->tp_info.transport->local_name.port);
|
|
|
|
ast_sockaddr_parse(remote, rdata->pkt_info.src_name, PARSE_PORT_FORBID);
|
|
ast_sockaddr_set_port(remote, rdata->pkt_info.src_port);
|
|
}
|
|
|
|
void ast_sip_report_invalid_endpoint(const char *name, pjsip_rx_data *rdata)
|
|
{
|
|
enum ast_transport transport = security_event_get_transport(rdata);
|
|
char call_id[pj_strlen(&rdata->msg_info.cid->id) + 1];
|
|
struct ast_sockaddr local, remote;
|
|
|
|
struct ast_security_event_inval_acct_id inval_acct_id = {
|
|
.common.event_type = AST_SECURITY_EVENT_INVAL_ACCT_ID,
|
|
.common.version = AST_SECURITY_EVENT_INVAL_ACCT_ID_VERSION,
|
|
.common.service = "PJSIP",
|
|
.common.account_id = name,
|
|
.common.local_addr = {
|
|
.addr = &local,
|
|
.transport = transport,
|
|
},
|
|
.common.remote_addr = {
|
|
.addr = &remote,
|
|
.transport = transport,
|
|
},
|
|
.common.session_id = call_id,
|
|
};
|
|
|
|
security_event_populate(rdata, call_id, sizeof(call_id), &local, &remote);
|
|
|
|
ast_security_event_report(AST_SEC_EVT(&inval_acct_id));
|
|
}
|
|
|
|
void ast_sip_report_failed_acl(struct ast_sip_endpoint *endpoint, pjsip_rx_data *rdata, const char *name)
|
|
{
|
|
enum ast_transport transport = security_event_get_transport(rdata);
|
|
char call_id[pj_strlen(&rdata->msg_info.cid->id) + 1];
|
|
struct ast_sockaddr local, remote;
|
|
|
|
struct ast_security_event_failed_acl failed_acl_event = {
|
|
.common.event_type = AST_SECURITY_EVENT_FAILED_ACL,
|
|
.common.version = AST_SECURITY_EVENT_FAILED_ACL_VERSION,
|
|
.common.service = "PJSIP",
|
|
.common.account_id = ast_sorcery_object_get_id(endpoint),
|
|
.common.local_addr = {
|
|
.addr = &local,
|
|
.transport = transport,
|
|
},
|
|
.common.remote_addr = {
|
|
.addr = &remote,
|
|
.transport = transport,
|
|
},
|
|
.common.session_id = call_id,
|
|
.acl_name = name,
|
|
};
|
|
|
|
security_event_populate(rdata, call_id, sizeof(call_id), &local, &remote);
|
|
|
|
ast_security_event_report(AST_SEC_EVT(&failed_acl_event));
|
|
}
|
|
|
|
void ast_sip_report_auth_failed_challenge_response(struct ast_sip_endpoint *endpoint, pjsip_rx_data *rdata)
|
|
{
|
|
pjsip_authorization_hdr *auth = pjsip_msg_find_hdr(rdata->msg_info.msg, PJSIP_H_AUTHORIZATION, NULL);
|
|
enum ast_transport transport = security_event_get_transport(rdata);
|
|
char call_id[pj_strlen(&rdata->msg_info.cid->id) + 1];
|
|
char nonce[64] = "", response[256] = "";
|
|
struct ast_sockaddr local, remote;
|
|
|
|
struct ast_security_event_chal_resp_failed chal_resp_failed = {
|
|
.common.event_type = AST_SECURITY_EVENT_CHAL_RESP_FAILED,
|
|
.common.version = AST_SECURITY_EVENT_CHAL_RESP_FAILED_VERSION,
|
|
.common.service = "PJSIP",
|
|
.common.account_id = ast_sorcery_object_get_id(endpoint),
|
|
.common.local_addr = {
|
|
.addr = &local,
|
|
.transport = transport,
|
|
},
|
|
.common.remote_addr = {
|
|
.addr = &remote,
|
|
.transport = transport,
|
|
},
|
|
.common.session_id = call_id,
|
|
|
|
.challenge = nonce,
|
|
.response = response,
|
|
.expected_response = "",
|
|
};
|
|
|
|
if (auth && !pj_strcmp2(&auth->scheme, "digest")) {
|
|
ast_copy_pj_str(nonce, &auth->credential.digest.nonce, sizeof(nonce));
|
|
ast_copy_pj_str(response, &auth->credential.digest.response, sizeof(response));
|
|
}
|
|
|
|
security_event_populate(rdata, call_id, sizeof(call_id), &local, &remote);
|
|
|
|
ast_security_event_report(AST_SEC_EVT(&chal_resp_failed));
|
|
}
|
|
|
|
void ast_sip_report_auth_success(struct ast_sip_endpoint *endpoint, pjsip_rx_data *rdata)
|
|
{
|
|
pjsip_authorization_hdr *auth = pjsip_msg_find_hdr(rdata->msg_info.msg, PJSIP_H_AUTHORIZATION, NULL);
|
|
enum ast_transport transport = security_event_get_transport(rdata);
|
|
char call_id[pj_strlen(&rdata->msg_info.cid->id) + 1];
|
|
struct ast_sockaddr local, remote;
|
|
|
|
struct ast_security_event_successful_auth successful_auth = {
|
|
.common.event_type = AST_SECURITY_EVENT_SUCCESSFUL_AUTH,
|
|
.common.version = AST_SECURITY_EVENT_SUCCESSFUL_AUTH_VERSION,
|
|
.common.service = "PJSIP",
|
|
.common.account_id = ast_sorcery_object_get_id(endpoint),
|
|
.common.local_addr = {
|
|
.addr = &local,
|
|
.transport = transport,
|
|
},
|
|
.common.remote_addr = {
|
|
.addr = &remote,
|
|
.transport = transport,
|
|
},
|
|
.common.session_id = call_id,
|
|
.using_password = auth ? (uint32_t *)1 : (uint32_t *)0,
|
|
};
|
|
|
|
security_event_populate(rdata, call_id, sizeof(call_id), &local, &remote);
|
|
|
|
ast_security_event_report(AST_SEC_EVT(&successful_auth));
|
|
}
|
|
|
|
void ast_sip_report_auth_challenge_sent(struct ast_sip_endpoint *endpoint, pjsip_rx_data *rdata, pjsip_tx_data *tdata)
|
|
{
|
|
pjsip_www_authenticate_hdr *auth = pjsip_msg_find_hdr(tdata->msg, PJSIP_H_WWW_AUTHENTICATE, NULL);
|
|
enum ast_transport transport = security_event_get_transport(rdata);
|
|
char nonce[64] = "", call_id[pj_strlen(&rdata->msg_info.cid->id) + 1];
|
|
struct ast_sockaddr local, remote;
|
|
|
|
struct ast_security_event_chal_sent chal_sent = {
|
|
.common.event_type = AST_SECURITY_EVENT_CHAL_SENT,
|
|
.common.version = AST_SECURITY_EVENT_CHAL_SENT_VERSION,
|
|
.common.service = "PJSIP",
|
|
.common.account_id = ast_sorcery_object_get_id(endpoint),
|
|
.common.local_addr = {
|
|
.addr = &local,
|
|
.transport = transport,
|
|
},
|
|
.common.remote_addr = {
|
|
.addr = &remote,
|
|
.transport = transport,
|
|
},
|
|
.common.session_id = call_id,
|
|
.challenge = nonce,
|
|
};
|
|
|
|
if (auth && !pj_strcmp2(&auth->scheme, "digest")) {
|
|
ast_copy_pj_str(nonce, &auth->challenge.digest.nonce, sizeof(nonce));
|
|
}
|
|
|
|
security_event_populate(rdata, call_id, sizeof(call_id), &local, &remote);
|
|
|
|
ast_security_event_report(AST_SEC_EVT(&chal_sent));
|
|
}
|