Thu Oct 11 06:37:23 2012

Asterisk developer's documentation


security_events_defs.h File Reference

Security Event Reporting Data Structures. More...

#include "asterisk/network.h"

Include dependency graph for security_events_defs.h:

This graph shows which files directly or indirectly include this file:

Go to the source code of this file.

Data Structures

struct  ast_security_event_auth_method_not_allowed
 Auth method used not allowed. More...
struct  ast_security_event_chal_resp_failed
 An attempt at challenge/response auth failed. More...
struct  ast_security_event_chal_sent
 A challenge was sent out. More...
struct  ast_security_event_common
 Common structure elements. More...
struct  ast_security_event_failed_acl
 Checking against an IP access control list failed. More...
struct  ast_security_event_inval_acct_id
 Invalid account ID specified (invalid username, for example). More...
struct  ast_security_event_inval_password
 An attempt at basic password auth failed. More...
struct  ast_security_event_inval_transport
 Attempt to contact peer on invalid transport. More...
struct  ast_security_event_ip_addr
struct  ast_security_event_load_avg
 Request denied because of a load average limit. More...
struct  ast_security_event_mem_limit
 Request denied because of a memory limit. More...
struct  ast_security_event_req_bad_format
 Invalid formatting of request. More...
struct  ast_security_event_req_no_support
 Request denied because we don't support it. More...
struct  ast_security_event_req_not_allowed
 Request denied because it's not allowed. More...
struct  ast_security_event_session_limit
 Request denied because of a session limit. More...
struct  ast_security_event_successful_auth
 Successful authentication. More...
struct  ast_security_event_unexpected_addr
 Unexpected source address for a session in progress. More...

Defines

#define AST_SEC_EVT(e)   ((struct ast_security_event_common *) e)
#define AST_SECURITY_EVENT_AUTH_METHOD_NOT_ALLOWED_VERSION   1
 Event descriptor version.
#define AST_SECURITY_EVENT_CHAL_RESP_FAILED_VERSION   1
 Event descriptor version.
#define AST_SECURITY_EVENT_CHAL_SENT_VERSION   1
 Event descriptor version.
#define AST_SECURITY_EVENT_FAILED_ACL_VERSION   1
 Event descriptor version.
#define AST_SECURITY_EVENT_INVAL_ACCT_ID_VERSION   1
 Event descriptor version.
#define AST_SECURITY_EVENT_INVAL_PASSWORD_VERSION   2
 Event descriptor version.
#define AST_SECURITY_EVENT_INVAL_TRANSPORT_VERSION   1
 Event descriptor version.
#define AST_SECURITY_EVENT_LOAD_AVG_VERSION   1
 Event descriptor version.
#define AST_SECURITY_EVENT_MEM_LIMIT_VERSION   1
 Event descriptor version.
#define AST_SECURITY_EVENT_REQ_BAD_FORMAT_VERSION   1
 Event descriptor version.
#define AST_SECURITY_EVENT_REQ_NO_SUPPORT_VERSION   1
 Event descriptor version.
#define AST_SECURITY_EVENT_REQ_NOT_ALLOWED_VERSION   1
 Event descriptor version.
#define AST_SECURITY_EVENT_SESSION_LIMIT_VERSION   1
 Event descriptor version.
#define AST_SECURITY_EVENT_SUCCESSFUL_AUTH_VERSION   1
 Event descriptor version.
#define AST_SECURITY_EVENT_UNEXPECTED_ADDR_VERSION   2
 Event descriptor version.

Enumerations

enum  ast_security_event_severity { AST_SECURITY_EVENT_SEVERITY_INFO = (1 << 0), AST_SECURITY_EVENT_SEVERITY_ERROR = (1 << 1) }
 the severity of a security event More...
enum  ast_security_event_transport_type { AST_SECURITY_EVENT_TRANSPORT_UDP, AST_SECURITY_EVENT_TRANSPORT_TCP, AST_SECURITY_EVENT_TRANSPORT_TLS }
 Transport types. More...
enum  ast_security_event_type {
  AST_SECURITY_EVENT_FAILED_ACL, AST_SECURITY_EVENT_INVAL_ACCT_ID, AST_SECURITY_EVENT_SESSION_LIMIT, AST_SECURITY_EVENT_MEM_LIMIT,
  AST_SECURITY_EVENT_LOAD_AVG, AST_SECURITY_EVENT_REQ_NO_SUPPORT, AST_SECURITY_EVENT_REQ_NOT_ALLOWED, AST_SECURITY_EVENT_AUTH_METHOD_NOT_ALLOWED,
  AST_SECURITY_EVENT_REQ_BAD_FORMAT, AST_SECURITY_EVENT_SUCCESSFUL_AUTH, AST_SECURITY_EVENT_UNEXPECTED_ADDR, AST_SECURITY_EVENT_CHAL_RESP_FAILED,
  AST_SECURITY_EVENT_INVAL_PASSWORD, AST_SECURITY_EVENT_CHAL_SENT, AST_SECURITY_EVENT_INVAL_TRANSPORT, AST_SECURITY_EVENT_NUM_TYPES
}
 Security event types. More...


Detailed Description

Security Event Reporting Data Structures.

Author:
Russell Bryant <russell@digium.com>

Definition in file security_events_defs.h.


Define Documentation

#define AST_SEC_EVT (  )     ((struct ast_security_event_common *) e)

#define AST_SECURITY_EVENT_AUTH_METHOD_NOT_ALLOWED_VERSION   1

Event descriptor version.

Note:
This _must_ be changed if this event descriptor is changed.

Definition at line 353 of file security_events_defs.h.

#define AST_SECURITY_EVENT_CHAL_RESP_FAILED_VERSION   1

Event descriptor version.

Note:
This _must_ be changed if this event descriptor is changed.

Definition at line 442 of file security_events_defs.h.

Referenced by report_failed_challenge_response(), and sip_report_failed_challenge_response().

#define AST_SECURITY_EVENT_CHAL_SENT_VERSION   1

Event descriptor version.

Note:
This _must_ be changed if this event descriptor is changed.

Definition at line 504 of file security_events_defs.h.

Referenced by sip_report_chal_sent().

#define AST_SECURITY_EVENT_FAILED_ACL_VERSION   1

Event descriptor version.

Note:
This _must_ be changed if this event descriptor is changed.

Definition at line 221 of file security_events_defs.h.

Referenced by report_failed_acl(), and sip_report_failed_acl().

#define AST_SECURITY_EVENT_INVAL_ACCT_ID_VERSION   1

Event descriptor version.

Note:
This _must_ be changed if this event descriptor is changed.

Definition at line 242 of file security_events_defs.h.

Referenced by report_invalid_user(), and sip_report_invalid_peer().

#define AST_SECURITY_EVENT_INVAL_PASSWORD_VERSION   2

Event descriptor version.

Note:
This _must_ be changed if this event descriptor is changed.

Definition at line 473 of file security_events_defs.h.

Referenced by report_inval_password(), and sip_report_inval_password().

#define AST_SECURITY_EVENT_INVAL_TRANSPORT_VERSION   1

Event descriptor version.

Note:
This _must_ be changed if this event descriptor is changed.

Definition at line 525 of file security_events_defs.h.

Referenced by sip_report_inval_transport().

#define AST_SECURITY_EVENT_LOAD_AVG_VERSION   1

Event descriptor version.

Note:
This _must_ be changed if this event descriptor is changed.

Definition at line 290 of file security_events_defs.h.

#define AST_SECURITY_EVENT_MEM_LIMIT_VERSION   1

Event descriptor version.

Note:
This _must_ be changed if this event descriptor is changed.

Definition at line 274 of file security_events_defs.h.

#define AST_SECURITY_EVENT_REQ_BAD_FORMAT_VERSION   1

Event descriptor version.

Note:
This _must_ be changed if this event descriptor is changed.

Definition at line 374 of file security_events_defs.h.

Referenced by report_req_bad_format().

#define AST_SECURITY_EVENT_REQ_NO_SUPPORT_VERSION   1

Event descriptor version.

Note:
This _must_ be changed if this event descriptor is changed.

Definition at line 306 of file security_events_defs.h.

#define AST_SECURITY_EVENT_REQ_NOT_ALLOWED_VERSION   1

Event descriptor version.

Note:
This _must_ be changed if this event descriptor is changed.

Definition at line 327 of file security_events_defs.h.

Referenced by report_req_not_allowed().

#define AST_SECURITY_EVENT_SESSION_LIMIT_VERSION   1

Event descriptor version.

Note:
This _must_ be changed if this event descriptor is changed.

Definition at line 258 of file security_events_defs.h.

Referenced by report_session_limit(), and sip_report_session_limit().

#define AST_SECURITY_EVENT_SUCCESSFUL_AUTH_VERSION   1

Event descriptor version.

Note:
This _must_ be changed if this event descriptor is changed.

Definition at line 400 of file security_events_defs.h.

Referenced by report_auth_success(), and sip_report_auth_success().

#define AST_SECURITY_EVENT_UNEXPECTED_ADDR_VERSION   2

Event descriptor version.

Note:
This _must_ be changed if this event descriptor is changed.

Definition at line 421 of file security_events_defs.h.


Enumeration Type Documentation

the severity of a security event

This is defined as a bit field to make it easy for consumers of the API to subscribe to any combination of the defined severity levels.

XXX

Todo:
Do we need any more levels here?
Enumerator:
AST_SECURITY_EVENT_SEVERITY_INFO  Informational event, not something that has gone wrong.
AST_SECURITY_EVENT_SEVERITY_ERROR  Something has gone wrong.

Definition at line 136 of file security_events_defs.h.

00136                                  {
00137    /*! \brief Informational event, not something that has gone wrong */
00138    AST_SECURITY_EVENT_SEVERITY_INFO  = (1 << 0),
00139    /*! \brief Something has gone wrong */
00140    AST_SECURITY_EVENT_SEVERITY_ERROR = (1 << 1),
00141 };

Transport types.

Enumerator:
AST_SECURITY_EVENT_TRANSPORT_UDP 
AST_SECURITY_EVENT_TRANSPORT_TCP 
AST_SECURITY_EVENT_TRANSPORT_TLS 

Definition at line 146 of file security_events_defs.h.

Security event types.

AST_EVENT_SECURITY is the event type of an ast_event generated as a security event. The event will have an information element of type AST_EVENT_IE_SECURITY_EVENT which identifies the security event sub-type. This enum defines the possible values for this sub-type.

Enumerator:
AST_SECURITY_EVENT_FAILED_ACL  Failed ACL.

This security event should be generated when an incoming request was made, but was denied due to configured IP address access control lists.

AST_SECURITY_EVENT_INVAL_ACCT_ID  Invalid Account ID.

This event is used when an invalid account identifier is supplied during authentication. For example, if an invalid username is given, this event should be used.

AST_SECURITY_EVENT_SESSION_LIMIT  Session limit reached.

A request has been denied because a configured session limit has been reached, such as a call limit.

AST_SECURITY_EVENT_MEM_LIMIT  Memory limit reached.

A request has been denied because a configured memory limit has been reached.

AST_SECURITY_EVENT_LOAD_AVG  Load Average limit reached.

A request has been denied because a configured load average limit has been reached.

AST_SECURITY_EVENT_REQ_NO_SUPPORT  A request was made that we understand, but do not support.
AST_SECURITY_EVENT_REQ_NOT_ALLOWED  A request was made that is not allowed.
AST_SECURITY_EVENT_AUTH_METHOD_NOT_ALLOWED  The attempted authentication method is not allowed.
AST_SECURITY_EVENT_REQ_BAD_FORMAT  Request received with bad formatting.
AST_SECURITY_EVENT_SUCCESSFUL_AUTH  FYI FWIW, Successful authentication has occurred.
AST_SECURITY_EVENT_UNEXPECTED_ADDR  An unexpected source address was seen for a session in progress.
AST_SECURITY_EVENT_CHAL_RESP_FAILED  An attempt at challenge/response authentication failed.
AST_SECURITY_EVENT_INVAL_PASSWORD  An attempt at basic password authentication failed.
AST_SECURITY_EVENT_CHAL_SENT  Challenge was sent out, informational.
AST_SECURITY_EVENT_INVAL_TRANSPORT  An attempt to contact a peer on an invalid transport.
AST_SECURITY_EVENT_NUM_TYPES  This _must_ stay at the end.

Definition at line 44 of file security_events_defs.h.

00044                              {
00045    /*!
00046     * \brief Failed ACL
00047     *
00048     * This security event should be generated when an incoming request
00049     * was made, but was denied due to configured IP address access control
00050     * lists.
00051     */
00052    AST_SECURITY_EVENT_FAILED_ACL,
00053    /*!
00054     * \brief Invalid Account ID
00055     *
00056     * This event is used when an invalid account identifier is supplied
00057     * during authentication.  For example, if an invalid username is given,
00058     * this event should be used.
00059     */
00060    AST_SECURITY_EVENT_INVAL_ACCT_ID,
00061    /*!
00062     * \brief Session limit reached
00063     *
00064     * A request has been denied because a configured session limit has been
00065     * reached, such as a call limit.
00066     */
00067    AST_SECURITY_EVENT_SESSION_LIMIT,
00068    /*!
00069     * \brief Memory limit reached
00070     *
00071     * A request has been denied because a configured memory limit has been
00072     * reached.
00073     */
00074    AST_SECURITY_EVENT_MEM_LIMIT,
00075    /*!
00076     * \brief Load Average limit reached
00077     *
00078     * A request has been denied because a configured load average limit has been
00079     * reached.
00080     */
00081    AST_SECURITY_EVENT_LOAD_AVG,
00082    /*!
00083     * \brief A request was made that we understand, but do not support
00084     */
00085    AST_SECURITY_EVENT_REQ_NO_SUPPORT,
00086    /*!
00087     * \brief A request was made that is not allowed
00088     */
00089    AST_SECURITY_EVENT_REQ_NOT_ALLOWED,
00090    /*!
00091     * \brief The attempted authentication method is not allowed
00092     */
00093    AST_SECURITY_EVENT_AUTH_METHOD_NOT_ALLOWED,
00094    /*!
00095     * \brief Request received with bad formatting
00096     */
00097    AST_SECURITY_EVENT_REQ_BAD_FORMAT,
00098    /*!
00099     * \brief FYI FWIW, Successful authentication has occurred
00100     */
00101    AST_SECURITY_EVENT_SUCCESSFUL_AUTH,
00102    /*!
00103     * \brief An unexpected source address was seen for a session in progress
00104     */
00105    AST_SECURITY_EVENT_UNEXPECTED_ADDR,
00106    /*!
00107     * \brief An attempt at challenge/response authentication failed
00108     */
00109    AST_SECURITY_EVENT_CHAL_RESP_FAILED,
00110    /*!
00111     * \brief An attempt at basic password authentication failed
00112     */
00113    AST_SECURITY_EVENT_INVAL_PASSWORD,
00114    /*!
00115     * \brief Challenge was sent out, informational
00116     */
00117    AST_SECURITY_EVENT_CHAL_SENT,
00118    /*!
00119     * \brief An attempt to contact a peer on an invalid transport.
00120     */
00121    AST_SECURITY_EVENT_INVAL_TRANSPORT,
00122    /*!
00123     * \brief This _must_ stay at the end.
00124     */
00125    AST_SECURITY_EVENT_NUM_TYPES
00126 };


Generated on Thu Oct 11 06:37:24 2012 for Asterisk - The Open Source Telephony Project by  doxygen 1.5.6