From b90bba7a303bf57c3c874a1c8f506d39d4e78a9c Mon Sep 17 00:00:00 2001 From: Jonathan Rose Date: Fri, 17 May 2013 17:36:10 +0000 Subject: [PATCH] Stasis: Update security events to use Stasis Also moves ACL messages to the security topic and gets rid of the ACL topic (closes issue ASTERISK-21103) Reported by: Matt Jordan Review: https://reviewboard.asterisk.org/r/2496/ git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@388975 65c4cc65-6c06-0410-ace0-fbb531ad65f3 --- CHANGES | 5 + channels/chan_iax2.c | 3 +- channels/chan_sip.c | 238 ++++++++++++------------ channels/sip/config_parser.c | 58 +++--- channels/sip/dialplan_functions.c | 2 +- channels/sip/include/config_parser.h | 2 +- channels/sip/include/sip.h | 28 +-- channels/sip/security_events.c | 17 +- include/asterisk/acl.h | 16 +- include/asterisk/json.h | 14 ++ include/asterisk/netsock2.h | 8 + include/asterisk/res_sip.h | 12 +- include/asterisk/security_events.h | 36 ++++ include/asterisk/security_events_defs.h | 12 +- main/asterisk.c | 7 + main/json.c | 44 +++++ main/manager.c | 8 +- main/named_acl.c | 20 +- main/security_events.c | 233 +++++++++++++++-------- res/res_security_log.c | 95 +++++----- res/res_sip.c | 4 +- res/res_sip/config_transport.c | 14 +- res/res_sip_nat.c | 10 +- res/res_sip_outbound_registration.c | 4 +- tests/test_security_events.c | 62 +++--- 25 files changed, 539 insertions(+), 413 deletions(-) diff --git a/CHANGES b/CHANGES index cac560b06a..f5c705ed7f 100644 --- a/CHANGES +++ b/CHANGES @@ -147,6 +147,11 @@ XMPP If no resources exist or all are unavailable the device state is considered to be unavailable. +Security Events Framework +------------------------- + * Security Event timestamps now use ISO 8601 formatted date/time instead of the + "seconds-microseconds" format that it was using previously. + Sorcery ------------------ * All future modules which utilize Sorcery for object persistence must have a diff --git a/channels/chan_iax2.c b/channels/chan_iax2.c index 852e4598bf..9cf7465ff8 100644 --- a/channels/chan_iax2.c +++ b/channels/chan_iax2.c @@ -101,6 +101,7 @@ ASTERISK_FILE_VERSION(__FILE__, "$Revision$") #include "asterisk/test.h" #include "asterisk/data.h" #include "asterisk/netsock2.h" +#include "asterisk/security_events.h" #include "iax2/include/iax2.h" #include "iax2/include/firmware.h" @@ -1341,7 +1342,7 @@ static void network_change_stasis_unsubscribe(void) static void acl_change_stasis_subscribe(void) { if (!acl_change_sub) { - acl_change_sub = stasis_subscribe(ast_acl_topic(), + acl_change_sub = stasis_subscribe(ast_security_topic(), acl_change_stasis_cb, NULL); } } diff --git a/channels/chan_sip.c b/channels/chan_sip.c index 7c49f88413..937acb94eb 100644 --- a/channels/chan_sip.c +++ b/channels/chan_sip.c @@ -763,8 +763,8 @@ static char default_engine[256]; /*!< Default RTP engine */ static int default_maxcallbitrate; /*!< Maximum bitrate for call */ static struct ast_codec_pref default_prefs; /*!< Default codec prefs */ static char default_zone[MAX_TONEZONE_COUNTRY]; /*!< Default tone zone for channels created from the SIP driver */ -static unsigned int default_transports; /*!< Default Transports (enum sip_transport) that are acceptable */ -static unsigned int default_primary_transport; /*!< Default primary Transport (enum sip_transport) for outbound connections to devices */ +static unsigned int default_transports; /*!< Default Transports (enum ast_transport) that are acceptable */ +static unsigned int default_primary_transport; /*!< Default primary Transport (enum ast_transport) for outbound connections to devices */ static struct sip_settings sip_cfg; /*!< SIP configuration data. \note in the future we could have multiple of these (per domain, per device group etc) */ @@ -1145,7 +1145,7 @@ static int sip_queryoption(struct ast_channel *chan, int option, void *data, int static const char *sip_get_callid(struct ast_channel *chan); static int handle_request_do(struct sip_request *req, struct ast_sockaddr *addr); -static int sip_standard_port(enum sip_transport type, int port); +static int sip_standard_port(enum ast_transport type, int port); static int sip_prepare_socket(struct sip_pvt *p); static int get_address_family_filter(unsigned int transport); @@ -2473,7 +2473,7 @@ static const char *sip_reason_code_to_str(struct ast_party_redirecting_reason *r sip_get_transport(tmpl->socket.type), peer->name, get_transport_list(peer->transports) \ ); \ ret = 1; \ - } else if (peer->socket.type & SIP_TRANSPORT_TLS) { \ + } else if (peer->socket.type & AST_TRANSPORT_TLS) { \ ast_log(LOG_WARNING, \ "peer '%s' HAS NOT USED (OR SWITCHED TO) TLS in favor of '%s' (but this was allowed in sip.conf)!\n", \ peer->name, sip_get_transport(tmpl->socket.type) \ @@ -2566,7 +2566,7 @@ static struct sip_threadinfo *sip_threadinfo_create(struct ast_tcptls_session_in } ao2_t_ref(tcptls_session, +1, "tcptls_session ref for sip_threadinfo object"); th->tcptls_session = tcptls_session; - th->type = transport ? transport : (tcptls_session->ssl ? SIP_TRANSPORT_TLS: SIP_TRANSPORT_TCP); + th->type = transport ? transport : (tcptls_session->ssl ? AST_TRANSPORT_TLS: AST_TRANSPORT_TCP); ao2_t_link(threadt, th, "Adding new tcptls helper thread"); ao2_t_ref(th, -1, "Decrementing threadinfo ref from alloc, only table ref remains"); return th; @@ -2671,7 +2671,7 @@ static void sip_websocket_callback(struct ast_websocket *session, struct ast_var } req.socket.fd = ast_websocket_fd(session); - set_socket_transport(&req.socket, ast_websocket_is_secure(session) ? SIP_TRANSPORT_WSS : SIP_TRANSPORT_WS); + set_socket_transport(&req.socket, ast_websocket_is_secure(session) ? AST_TRANSPORT_WSS : AST_TRANSPORT_WS); req.socket.ws_session = session; handle_request_do(&req, ast_websocket_remote_address(session)); @@ -3123,7 +3123,7 @@ static void *_sip_tcp_helper_thread(struct ast_tcptls_session_instance *tcptls_s goto cleanup; } - if (!(me = sip_threadinfo_create(tcptls_session, tcptls_session->ssl ? SIP_TRANSPORT_TLS : SIP_TRANSPORT_TCP))) { + if (!(me = sip_threadinfo_create(tcptls_session, tcptls_session->ssl ? AST_TRANSPORT_TLS : AST_TRANSPORT_TCP))) { goto cleanup; } ao2_t_ref(me, +1, "Adding threadinfo ref for tcp_helper_thread"); @@ -3220,10 +3220,10 @@ static void *_sip_tcp_helper_thread(struct ast_tcptls_session_instance *tcptls_s memset(buf, 0, sizeof(buf)); if (tcptls_session->ssl) { - set_socket_transport(&req.socket, SIP_TRANSPORT_TLS); + set_socket_transport(&req.socket, AST_TRANSPORT_TLS); req.socket.port = htons(ourport_tls); } else { - set_socket_transport(&req.socket, SIP_TRANSPORT_TCP); + set_socket_transport(&req.socket, AST_TRANSPORT_TCP); req.socket.port = htons(ourport_tcp); } req.socket.fd = tcptls_session->fd; @@ -3595,7 +3595,7 @@ static int proxy_update(struct sip_proxy *proxy) if (!ast_sockaddr_parse(&proxy->ip, proxy->name, 0)) { /* Ok, not an IP address, then let's check if it's a domain or host */ /* XXX Todo - if we have proxy port, don't do SRV */ - proxy->ip.ss.ss_family = get_address_family_filter(SIP_TRANSPORT_UDP); /* Filter address family */ + proxy->ip.ss.ss_family = get_address_family_filter(AST_TRANSPORT_UDP); /* Filter address family */ if (ast_get_ip_or_srv(&proxy->ip, proxy->name, sip_cfg.srvlookup ? "_sip._udp" : NULL) < 0) { ast_log(LOG_WARNING, "Unable to locate host '%s'\n", proxy->name); return FALSE; @@ -3788,19 +3788,19 @@ static int get_transport_str2enum(const char *transport) } if (!strcasecmp(transport, "udp")) { - res |= SIP_TRANSPORT_UDP; + res |= AST_TRANSPORT_UDP; } if (!strcasecmp(transport, "tcp")) { - res |= SIP_TRANSPORT_TCP; + res |= AST_TRANSPORT_TCP; } if (!strcasecmp(transport, "tls")) { - res |= SIP_TRANSPORT_TLS; + res |= AST_TRANSPORT_TLS; } if (!strcasecmp(transport, "ws")) { - res |= SIP_TRANSPORT_WS; + res |= AST_TRANSPORT_WS; } if (!strcasecmp(transport, "wss")) { - res |= SIP_TRANSPORT_WSS; + res |= AST_TRANSPORT_WSS; } return res; @@ -3821,19 +3821,19 @@ static inline const char *get_transport_list(unsigned int transports) memset(buf, 0, SIP_TRANSPORT_STR_BUFSIZE); - if (transports & SIP_TRANSPORT_UDP) { + if (transports & AST_TRANSPORT_UDP) { strncat(buf, "UDP,", SIP_TRANSPORT_STR_BUFSIZE - strlen(buf)); } - if (transports & SIP_TRANSPORT_TCP) { + if (transports & AST_TRANSPORT_TCP) { strncat(buf, "TCP,", SIP_TRANSPORT_STR_BUFSIZE - strlen(buf)); } - if (transports & SIP_TRANSPORT_TLS) { + if (transports & AST_TRANSPORT_TLS) { strncat(buf, "TLS,", SIP_TRANSPORT_STR_BUFSIZE - strlen(buf)); } - if (transports & SIP_TRANSPORT_WS) { + if (transports & AST_TRANSPORT_WS) { strncat(buf, "WS,", SIP_TRANSPORT_STR_BUFSIZE - strlen(buf)); } - if (transports & SIP_TRANSPORT_WSS) { + if (transports & AST_TRANSPORT_WSS) { strncat(buf, "WSS,", SIP_TRANSPORT_STR_BUFSIZE - strlen(buf)); } @@ -3846,17 +3846,17 @@ static inline const char *get_transport_list(unsigned int transports) } /*! \brief Return transport as string */ -const char *sip_get_transport(enum sip_transport t) +const char *sip_get_transport(enum ast_transport t) { switch (t) { - case SIP_TRANSPORT_UDP: + case AST_TRANSPORT_UDP: return "UDP"; - case SIP_TRANSPORT_TCP: + case AST_TRANSPORT_TCP: return "TCP"; - case SIP_TRANSPORT_TLS: + case AST_TRANSPORT_TLS: return "TLS"; - case SIP_TRANSPORT_WS: - case SIP_TRANSPORT_WSS: + case AST_TRANSPORT_WS: + case AST_TRANSPORT_WSS: return "WS"; } @@ -3864,17 +3864,17 @@ const char *sip_get_transport(enum sip_transport t) } /*! \brief Return protocol string for srv dns query */ -static inline const char *get_srv_protocol(enum sip_transport t) +static inline const char *get_srv_protocol(enum ast_transport t) { switch (t) { - case SIP_TRANSPORT_UDP: + case AST_TRANSPORT_UDP: return "udp"; - case SIP_TRANSPORT_WS: + case AST_TRANSPORT_WS: return "ws"; - case SIP_TRANSPORT_TLS: - case SIP_TRANSPORT_TCP: + case AST_TRANSPORT_TLS: + case AST_TRANSPORT_TCP: return "tcp"; - case SIP_TRANSPORT_WSS: + case AST_TRANSPORT_WSS: return "wss"; } @@ -3882,15 +3882,15 @@ static inline const char *get_srv_protocol(enum sip_transport t) } /*! \brief Return service string for srv dns query */ -static inline const char *get_srv_service(enum sip_transport t) +static inline const char *get_srv_service(enum ast_transport t) { switch (t) { - case SIP_TRANSPORT_TCP: - case SIP_TRANSPORT_UDP: - case SIP_TRANSPORT_WS: + case AST_TRANSPORT_TCP: + case AST_TRANSPORT_UDP: + case AST_TRANSPORT_WS: return "sip"; - case SIP_TRANSPORT_TLS: - case SIP_TRANSPORT_WSS: + case AST_TRANSPORT_TLS: + case AST_TRANSPORT_WSS: return "sips"; } return "sip"; @@ -3933,7 +3933,7 @@ static int __sip_xmit(struct sip_pvt *p, struct ast_str *data) return XMIT_ERROR; } - if (p->socket.type == SIP_TRANSPORT_UDP) { + if (p->socket.type == AST_TRANSPORT_UDP) { res = ast_sendto(p->socket.fd, ast_str_buffer(data), ast_str_strlen(data), 0, dst); } else if (p->socket.tcptls_session) { res = sip_tcptls_write(p->socket.tcptls_session, ast_str_buffer(data), ast_str_strlen(data)); @@ -4031,17 +4031,17 @@ static void ast_sip_ouraddrfor(const struct ast_sockaddr *them, struct ast_socka if (!ast_sockaddr_isnull(&externaddr)) { ast_sockaddr_copy(us, &externaddr); switch (p->socket.type) { - case SIP_TRANSPORT_TCP: + case AST_TRANSPORT_TCP: if (!externtcpport && ast_sockaddr_port(&externaddr)) { /* for consistency, default to the externaddr port */ externtcpport = ast_sockaddr_port(&externaddr); } ast_sockaddr_set_port(us, externtcpport); break; - case SIP_TRANSPORT_TLS: + case AST_TRANSPORT_TLS: ast_sockaddr_set_port(us, externtlsport); break; - case SIP_TRANSPORT_UDP: + case AST_TRANSPORT_UDP: if (!ast_sockaddr_port(&externaddr)) { ast_sockaddr_set_port(us, ast_sockaddr_port(&bindaddr)); } @@ -4055,7 +4055,7 @@ static void ast_sip_ouraddrfor(const struct ast_sockaddr *them, struct ast_socka } else { /* no remapping, but we bind to a specific address, so use it. */ switch (p->socket.type) { - case SIP_TRANSPORT_TCP: + case AST_TRANSPORT_TCP: if (!ast_sockaddr_is_any(&sip_tcp_desc.local_address)) { ast_sockaddr_copy(us, &sip_tcp_desc.local_address); @@ -4064,7 +4064,7 @@ static void ast_sip_ouraddrfor(const struct ast_sockaddr *them, struct ast_socka ast_sockaddr_port(&sip_tcp_desc.local_address)); } break; - case SIP_TRANSPORT_TLS: + case AST_TRANSPORT_TLS: if (!ast_sockaddr_is_any(&sip_tls_desc.local_address)) { ast_sockaddr_copy(us, &sip_tls_desc.local_address); @@ -4073,7 +4073,7 @@ static void ast_sip_ouraddrfor(const struct ast_sockaddr *them, struct ast_socka ast_sockaddr_port(&sip_tls_desc.local_address)); } break; - case SIP_TRANSPORT_UDP: + case AST_TRANSPORT_UDP: /* fall through on purpose */ default: if (!ast_sockaddr_is_any(&bindaddr)) { @@ -4084,7 +4084,7 @@ static void ast_sip_ouraddrfor(const struct ast_sockaddr *them, struct ast_socka } } } - ast_debug(3, "Setting SIP_TRANSPORT_%s with address %s\n", sip_get_transport(p->socket.type), ast_sockaddr_stringify(us)); + ast_debug(3, "Setting AST_TRANSPORT_%s with address %s\n", sip_get_transport(p->socket.type), ast_sockaddr_stringify(us)); } /*! \brief Append to SIP dialog history with arg list */ @@ -4342,7 +4342,7 @@ static enum sip_result __sip_reliable_xmit(struct sip_pvt *p, uint32_t seqno, in /* If the transport is something reliable (TCP or TLS) then don't really send this reliably */ /* I removed the code from retrans_pkt that does the same thing so it doesn't get loaded into the scheduler */ /*! \todo According to the RFC some packets need to be retransmitted even if its TCP, so this needs to get revisited */ - if (!(p->socket.type & SIP_TRANSPORT_UDP)) { + if (!(p->socket.type & AST_TRANSPORT_UDP)) { xmitres = __sip_xmit(p, data); /* Send packet */ if (xmitres == XMIT_ERROR) { /* Serious network trouble, no need to try again */ append_history(p, "XmitErr", "%s", fatal ? "(Critical)" : "(Non-critical)"); @@ -5482,7 +5482,7 @@ static int realtime_peer_by_name(const char *const *name, struct ast_sockaddr *a if (ast_sockaddr_resolve(&addrs, tmp->value, PARSE_PORT_FORBID, - get_address_family_filter(SIP_TRANSPORT_UDP)) <= 0 || + get_address_family_filter(AST_TRANSPORT_UDP)) <= 0 || ast_sockaddr_cmp(&addrs[0], addr)) { /* No match */ ast_variables_destroy(*var); @@ -6080,7 +6080,7 @@ static int create_addr_from_peer(struct sip_pvt *dialog, struct sip_peer *peer) copy_route(&dialog->route, peer->path); if (dialog->route) { /* Parse SIP URI of first route-set hop and use it as target address */ - __set_address_from_contact(dialog->route->hop, &dialog->sa, dialog->socket.type == SIP_TRANSPORT_TLS ? 1 : 0); + __set_address_from_contact(dialog->route->hop, &dialog->sa, dialog->socket.type == AST_TRANSPORT_TLS ? 1 : 0); } if (dialog_initialize_rtp(dialog)) { @@ -6213,9 +6213,9 @@ static int create_addr_from_peer(struct sip_pvt *dialog, struct sip_peer *peer) } /*! \brief The default sip port for the given transport */ -static inline int default_sip_port(enum sip_transport type) +static inline int default_sip_port(enum ast_transport type) { - return type == SIP_TRANSPORT_TLS ? STANDARD_TLS_PORT : STANDARD_SIP_PORT; + return type == AST_TRANSPORT_TLS ? STANDARD_TLS_PORT : STANDARD_SIP_PORT; } /*! \brief create address structure from device name @@ -6300,7 +6300,7 @@ static int create_addr(struct sip_pvt *dialog, const char *opeer, struct ast_soc } } - if (ast_sockaddr_resolve_first_transport(&dialog->sa, hostn, 0, dialog->socket.type ? dialog->socket.type : SIP_TRANSPORT_UDP)) { + if (ast_sockaddr_resolve_first_transport(&dialog->sa, hostn, 0, dialog->socket.type ? dialog->socket.type : AST_TRANSPORT_UDP)) { ast_log(LOG_WARNING, "No such host: %s\n", peername); return -1; } @@ -6311,7 +6311,7 @@ static int create_addr(struct sip_pvt *dialog, const char *opeer, struct ast_soc } if (!dialog->socket.type) - set_socket_transport(&dialog->socket, SIP_TRANSPORT_UDP); + set_socket_transport(&dialog->socket, AST_TRANSPORT_UDP); if (!dialog->socket.port) { dialog->socket.port = htons(ast_sockaddr_port(&bindaddr)); } @@ -6408,7 +6408,7 @@ static int sip_call(struct ast_channel *ast, const char *dest, int timeout) } /* Check to see if we should try to force encryption */ - if (p->req_secure_signaling && p->socket.type != SIP_TRANSPORT_TLS) { + if (p->req_secure_signaling && p->socket.type != AST_TRANSPORT_TLS) { ast_log(LOG_WARNING, "Encrypted signaling is required\n"); ast_channel_hangupcause_set(ast, AST_CAUSE_BEARERCAPABILITY_NOTAVAIL); return -1; @@ -8592,7 +8592,7 @@ static char *generate_random_string(char *buf, size_t size) static char *generate_uri(struct sip_pvt *pvt, char *buf, size_t size) { struct ast_str *uri = ast_str_alloca(size); - ast_str_set(&uri, 0, "%s", pvt->socket.type == SIP_TRANSPORT_TLS ? "sips:" : "sip:"); + ast_str_set(&uri, 0, "%s", pvt->socket.type == AST_TRANSPORT_TLS ? "sips:" : "sip:"); /* Here would be a great place to generate a UUID, but for now we'll * use the handy random string generation function we already have */ @@ -8786,7 +8786,7 @@ struct sip_pvt *sip_alloc(ast_string_field callid, struct ast_sockaddr *addr, /* Later in ast_sip_ouraddrfor we need this to choose the right ip and port for the specific transport */ set_socket_transport(&p->socket, req->socket.type); } else { - set_socket_transport(&p->socket, SIP_TRANSPORT_UDP); + set_socket_transport(&p->socket, AST_TRANSPORT_UDP); } p->socket.fd = -1; @@ -9474,7 +9474,7 @@ static int sip_subscribe_mwi(const char *value, int lineno) { struct sip_subscription_mwi *mwi; int portnum = 0; - enum sip_transport transport = SIP_TRANSPORT_UDP; + enum ast_transport transport = AST_TRANSPORT_UDP; char buf[256] = ""; char *username = NULL, *hostname = NULL, *secret = NULL, *authuser = NULL, *porta = NULL, *mailbox = NULL; @@ -11969,7 +11969,7 @@ static int reqprep(struct sip_request *req, struct sip_pvt *p, int sipmethod, ui if (p->route && !(sipmethod == SIP_CANCEL || (sipmethod == SIP_ACK && (p->invitestate == INV_COMPLETED || p->invitestate == INV_CANCELLED)))) { - if (p->socket.type != SIP_TRANSPORT_UDP && p->socket.tcptls_session) { + if (p->socket.type != AST_TRANSPORT_UDP && p->socket.tcptls_session) { /* For TCP/TLS sockets that are connected we won't need * to do any hostname/IP lookups */ } else if (ast_test_flag(&p->flags[0], SIP_NAT_FORCE_RPORT)) { @@ -13794,7 +13794,7 @@ static void build_contact(struct sip_pvt *p) char tmp[SIPBUFSIZE]; char *user = ast_uri_encode(p->exten, tmp, sizeof(tmp), ast_uri_sip_user); - if (p->socket.type == SIP_TRANSPORT_UDP) { + if (p->socket.type == AST_TRANSPORT_UDP) { ast_string_field_build(p, our_contact, "", user, ast_strlen_zero(user) ? "" : "@", ast_sockaddr_stringify_remote(&p->ourip)); } else { @@ -14856,13 +14856,13 @@ static int transmit_notify_with_mwi(struct sip_pvt *p, int newmsgs, int oldmsgs, domain = S_OR(p->fromdomain, ast_sockaddr_stringify_host_remote(&p->ourip)); if (!sip_standard_port(p->socket.type, ourport)) { - if (p->socket.type == SIP_TRANSPORT_UDP) { + if (p->socket.type == AST_TRANSPORT_UDP) { ast_str_append(&out, 0, "Message-Account: sip:%s@%s:%d\r\n", exten, domain, ourport); } else { ast_str_append(&out, 0, "Message-Account: sip:%s@%s:%d;transport=%s\r\n", exten, domain, ourport, sip_get_transport(p->socket.type)); } } else { - if (p->socket.type == SIP_TRANSPORT_UDP) { + if (p->socket.type == AST_TRANSPORT_UDP) { ast_str_append(&out, 0, "Message-Account: sip:%s@%s\r\n", exten, domain); } else { ast_str_append(&out, 0, "Message-Account: sip:%s@%s;transport=%s\r\n", exten, domain, sip_get_transport(p->socket.type)); @@ -15342,7 +15342,7 @@ static int transmit_register(struct sip_registry *r, int sipmethod, const char * /* Set transport and port so the correct contact is built */ set_socket_transport(&p->socket, r->transport); - if (r->transport == SIP_TRANSPORT_TLS || r->transport == SIP_TRANSPORT_TCP) { + if (r->transport == AST_TRANSPORT_TLS || r->transport == AST_TRANSPORT_TCP) { p->socket.port = htons(ast_sockaddr_port(&sip_tcp_desc.local_address)); } @@ -15965,7 +15965,7 @@ static int __set_address_from_contact(const char *fullcontact, struct ast_sockad if (!ast_sockaddr_port(addr)) { ast_sockaddr_set_port(addr, (get_transport_str2enum(transport) == - SIP_TRANSPORT_TLS || + AST_TRANSPORT_TLS || !strncasecmp(fullcontact, "sips", 4)) ? STANDARD_TLS_PORT : STANDARD_SIP_PORT); } @@ -15984,7 +15984,7 @@ static int set_address_from_contact(struct sip_pvt *pvt) return 0; } - return __set_address_from_contact(pvt->fullcontact, &pvt->sa, pvt->socket.type == SIP_TRANSPORT_TLS ? 1 : 0); + return __set_address_from_contact(pvt->fullcontact, &pvt->sa, pvt->socket.type == AST_TRANSPORT_TLS ? 1 : 0); } /*! \brief Parse contact header and save registration (peer registration) */ @@ -16095,7 +16095,7 @@ static enum parse_register_result parse_register_contact(struct sip_pvt *pvt, st ao2_t_unlink(peers_by_ip, peer, "ao2_unlink of peer from peers_by_ip table"); } - if ((transport_type != SIP_TRANSPORT_WS) && (transport_type != SIP_TRANSPORT_WSS) && + if ((transport_type != AST_TRANSPORT_WS) && (transport_type != AST_TRANSPORT_WSS) && (!ast_test_flag(&peer->flags[0], SIP_NAT_FORCE_RPORT) && !ast_test_flag(&peer->flags[0], SIP_NAT_RPORT_PRESENT))) { /* use the data provided in the Contact header for call routing */ ast_debug(1, "Store REGISTER's Contact header for call routing.\n"); @@ -16750,7 +16750,7 @@ static void network_change_stasis_unsubscribe(void) static void acl_change_stasis_subscribe(void) { if (!acl_change_sub) { - acl_change_sub = stasis_subscribe(ast_acl_topic(), + acl_change_sub = stasis_subscribe(ast_security_topic(), acl_change_stasis_cb, NULL); } @@ -22110,11 +22110,11 @@ static int build_reply_digest(struct sip_pvt *p, int method, char* digest, int d struct sip_auth_container *credentials; if (!ast_strlen_zero(p->domain)) - snprintf(uri, sizeof(uri), "%s:%s", p->socket.type == SIP_TRANSPORT_TLS ? "sips" : "sip", p->domain); + snprintf(uri, sizeof(uri), "%s:%s", p->socket.type == AST_TRANSPORT_TLS ? "sips" : "sip", p->domain); else if (!ast_strlen_zero(p->uri)) ast_copy_string(uri, p->uri, sizeof(uri)); else - snprintf(uri, sizeof(uri), "%s:%s@%s", p->socket.type == SIP_TRANSPORT_TLS ? "sips" : "sip", p->username, ast_sockaddr_stringify_host_remote(&p->sa)); + snprintf(uri, sizeof(uri), "%s:%s@%s", p->socket.type == AST_TRANSPORT_TLS ? "sips" : "sip", p->username, ast_sockaddr_stringify_host_remote(&p->sa)); snprintf(cnonce, sizeof(cnonce), "%08lx", ast_random()); @@ -22543,7 +22543,7 @@ static void parse_moved_contact(struct sip_pvt *p, struct sip_request *req, char char *contact_number = NULL; char *separator, *trans; char *domain; - enum sip_transport transport = SIP_TRANSPORT_UDP; + enum ast_transport transport = AST_TRANSPORT_UDP; ast_copy_string(contact, sip_get_header(req, "Contact"), sizeof(contact)); if ((separator = strchr(contact, ','))) @@ -22557,14 +22557,14 @@ static void parse_moved_contact(struct sip_pvt *p, struct sip_request *req, char *separator = '\0'; if (!strncasecmp(trans, "tcp", 3)) - transport = SIP_TRANSPORT_TCP; + transport = AST_TRANSPORT_TCP; else if (!strncasecmp(trans, "tls", 3)) - transport = SIP_TRANSPORT_TLS; + transport = AST_TRANSPORT_TLS; else { if (strncasecmp(trans, "udp", 3)) ast_debug(1, "received contact with an invalid transport, '%s'\n", contact_number); /* This will assume UDP for all unknown transports */ - transport = SIP_TRANSPORT_UDP; + transport = AST_TRANSPORT_UDP; } } contact_number = remove_uri_parameters(contact_number); @@ -24017,7 +24017,7 @@ static void handle_response(struct sip_pvt *p, int resp, const char *rest, struc ast_channel_hangupcause_set(owner, hangup_sip2cause(resp)); } - if (p->socket.type == SIP_TRANSPORT_UDP) { + if (p->socket.type == AST_TRANSPORT_UDP) { int ack_res = FALSE; /* Acknowledge whatever it is destined for */ @@ -28636,7 +28636,7 @@ static int sipsock_read(int *id, int fd, short events, void *ignore) } req.socket.fd = sipsock; - set_socket_transport(&req.socket, SIP_TRANSPORT_UDP); + set_socket_transport(&req.socket, AST_TRANSPORT_UDP); req.socket.tcptls_session = NULL; req.socket.port = htons(ast_sockaddr_port(&bindaddr)); @@ -28743,9 +28743,9 @@ static int handle_request_do(struct sip_request *req, struct ast_sockaddr *addr) * \param port Port we are checking to see if it's the standard port. * \note port is expected in host byte order */ -static int sip_standard_port(enum sip_transport type, int port) +static int sip_standard_port(enum ast_transport type, int port) { - if (type & SIP_TRANSPORT_TLS) + if (type & AST_TRANSPORT_TLS) return port == STANDARD_TLS_PORT; else return port == STANDARD_SIP_PORT; @@ -28790,11 +28790,11 @@ int get_address_family_filter(unsigned int transport) { const struct ast_sockaddr *addr = NULL; - if ((transport == SIP_TRANSPORT_UDP) || !transport) { + if ((transport == AST_TRANSPORT_UDP) || !transport) { addr = &bindaddr; - } else if (transport == SIP_TRANSPORT_TCP || transport == SIP_TRANSPORT_WS) { + } else if (transport == AST_TRANSPORT_TCP || transport == AST_TRANSPORT_WS) { addr = &sip_tcp_desc.local_address; - } else if (transport == SIP_TRANSPORT_TLS || transport == SIP_TRANSPORT_WSS) { + } else if (transport == AST_TRANSPORT_TLS || transport == AST_TRANSPORT_WSS) { addr = &sip_tls_desc.local_address; } @@ -28817,15 +28817,15 @@ static int sip_prepare_socket(struct sip_pvt *p) pthread_t launched; /* check to see if a socket is already active */ - if ((s->fd != -1) && (s->type == SIP_TRANSPORT_UDP)) { + if ((s->fd != -1) && (s->type == AST_TRANSPORT_UDP)) { return s->fd; } - if ((s->type & (SIP_TRANSPORT_TCP | SIP_TRANSPORT_TLS)) && + if ((s->type & (AST_TRANSPORT_TCP | AST_TRANSPORT_TLS)) && (s->tcptls_session) && (s->tcptls_session->fd != -1)) { return s->tcptls_session->fd; } - if ((s->type & (SIP_TRANSPORT_WS | SIP_TRANSPORT_WSS))) { + if ((s->type & (AST_TRANSPORT_WS | AST_TRANSPORT_WSS))) { return s->ws_session ? ast_websocket_fd(s->ws_session) : -1; } @@ -28836,7 +28836,7 @@ static int sip_prepare_socket(struct sip_pvt *p) s->type = p->outboundproxy->transport; } - if (s->type == SIP_TRANSPORT_UDP) { + if (s->type == AST_TRANSPORT_UDP) { s->fd = sipsock; return s->fd; } @@ -28874,7 +28874,7 @@ static int sip_prepare_socket(struct sip_pvt *p) ca->accept_fd = -1; ast_sockaddr_copy(&ca->remote_address,sip_real_dst(p)); /* if type is TLS, we need to create a tls cfg for this session arg */ - if (s->type == SIP_TRANSPORT_TLS) { + if (s->type == AST_TRANSPORT_TLS) { if (!(ca->tls_cfg = ast_calloc(1, sizeof(*ca->tls_cfg)))) { goto create_tcptls_session_fail; } @@ -29657,13 +29657,13 @@ static int sip_send_keepalive(const void *data) } /* Send the packet out using the proper method for this peer */ - if ((peer->socket.fd != -1) && (peer->socket.type == SIP_TRANSPORT_UDP)) { + if ((peer->socket.fd != -1) && (peer->socket.type == AST_TRANSPORT_UDP)) { res = ast_sendto(peer->socket.fd, keepalive, sizeof(keepalive), 0, &peer->addr); - } else if ((peer->socket.type & (SIP_TRANSPORT_TCP | SIP_TRANSPORT_TLS)) && + } else if ((peer->socket.type & (AST_TRANSPORT_TCP | AST_TRANSPORT_TLS)) && (peer->socket.tcptls_session) && (peer->socket.tcptls_session->fd != -1)) { res = sip_tcptls_write(peer->socket.tcptls_session, keepalive, sizeof(keepalive)); - } else if (peer->socket.type == SIP_TRANSPORT_UDP) { + } else if (peer->socket.type == AST_TRANSPORT_UDP) { res = ast_sendto(sipsock, keepalive, sizeof(keepalive), 0, &peer->addr); } @@ -29783,7 +29783,7 @@ static int sip_poke_peer(struct sip_peer *peer, int force) copy_route(&p->route, peer->path); if (p->route) { /* Parse SIP URI of first route-set hop and use it as target address */ - __set_address_from_contact(p->route->hop, &p->sa, p->socket.type == SIP_TRANSPORT_TLS ? 1 : 0); + __set_address_from_contact(p->route->hop, &p->sa, p->socket.type == AST_TRANSPORT_TLS ? 1 : 0); } /* Send OPTIONs to peer's fullcontact */ @@ -29964,7 +29964,7 @@ static struct ast_channel *sip_request_call(const char *type, struct ast_format_ char *trans = NULL; char dialstring[256]; char *remote_address; - enum sip_transport transport = 0; + enum ast_transport transport = 0; struct ast_callid *callid; AST_DECLARE_APP_ARGS(args, AST_APP_ARG(peerorhost); @@ -30056,16 +30056,16 @@ static struct ast_channel *sip_request_call(const char *type, struct ast_format_ if (trans) { *trans++ = '\0'; if (!strcasecmp(trans, "tcp")) - transport = SIP_TRANSPORT_TCP; + transport = AST_TRANSPORT_TCP; else if (!strcasecmp(trans, "tls")) - transport = SIP_TRANSPORT_TLS; + transport = AST_TRANSPORT_TLS; else { if (strcasecmp(trans, "udp")) ast_log(LOG_WARNING, "'%s' is not a valid transport option to Dial() for SIP calls, using udp by default.\n", trans); - transport = SIP_TRANSPORT_UDP; + transport = AST_TRANSPORT_UDP; } } else { /* use default */ - transport = SIP_TRANSPORT_UDP; + transport = AST_TRANSPORT_UDP; } if (!host) { @@ -30608,7 +30608,7 @@ static void set_peer_defaults(struct sip_peer *peer) peer->expire = -1; peer->pokeexpire = -1; peer->keepalivesend = -1; - set_socket_transport(&peer->socket, SIP_TRANSPORT_UDP); + set_socket_transport(&peer->socket, AST_TRANSPORT_UDP); } peer->type = SIP_TYPE_PEER; ast_copy_flags(&peer->flags[0], &global_flags[0], SIP_FLAGS_TO_COPY); @@ -30876,15 +30876,15 @@ static struct sip_peer *build_peer(const char *name, struct ast_variable *v, str trans = ast_skip_blanks(trans); if (!strncasecmp(trans, "udp", 3)) { - peer->transports |= SIP_TRANSPORT_UDP; + peer->transports |= AST_TRANSPORT_UDP; } else if (!strncasecmp(trans, "wss", 3)) { - peer->transports |= SIP_TRANSPORT_WSS; + peer->transports |= AST_TRANSPORT_WSS; } else if (!strncasecmp(trans, "ws", 2)) { - peer->transports |= SIP_TRANSPORT_WS; + peer->transports |= AST_TRANSPORT_WS; } else if (sip_cfg.tcp_enabled && !strncasecmp(trans, "tcp", 3)) { - peer->transports |= SIP_TRANSPORT_TCP; + peer->transports |= AST_TRANSPORT_TCP; } else if (default_tls_cfg.enabled && !strncasecmp(trans, "tls", 3)) { - peer->transports |= SIP_TRANSPORT_TLS; + peer->transports |= AST_TRANSPORT_TLS; } else if (!strncasecmp(trans, "tcp", 3) || !strncasecmp(trans, "tls", 3)) { ast_log(LOG_WARNING, "'%.3s' is not a valid transport type when %.3senable=no. If no other is specified, the defaults from general will be used.\n", trans, trans); } else { @@ -31401,16 +31401,16 @@ static struct sip_peer *build_peer(const char *name, struct ast_variable *v, str if (ast_sockaddr_port(&peer->addr) == 0) { ast_sockaddr_set_port(&peer->addr, - (peer->socket.type & SIP_TRANSPORT_TLS) ? + (peer->socket.type & AST_TRANSPORT_TLS) ? STANDARD_TLS_PORT : STANDARD_SIP_PORT); } if (ast_sockaddr_port(&peer->defaddr) == 0) { ast_sockaddr_set_port(&peer->defaddr, - (peer->socket.type & SIP_TRANSPORT_TLS) ? + (peer->socket.type & AST_TRANSPORT_TLS) ? STANDARD_TLS_PORT : STANDARD_SIP_PORT); } if (!peer->socket.port) { - peer->socket.port = htons(((peer->socket.type & SIP_TRANSPORT_TLS) ? STANDARD_TLS_PORT : STANDARD_SIP_PORT)); + peer->socket.port = htons(((peer->socket.type & AST_TRANSPORT_TLS) ? STANDARD_TLS_PORT : STANDARD_SIP_PORT)); } if (!sip_cfg.ignore_regexpire && peer->host_dynamic && realtime) { @@ -31668,8 +31668,8 @@ static int reload_config(enum channelreloadreason reason) memset(&default_prefs, 0 , sizeof(default_prefs)); memset(&sip_cfg.outboundproxy, 0, sizeof(struct sip_proxy)); sip_cfg.outboundproxy.force = FALSE; /*!< Don't force proxy usage, use route: headers */ - default_transports = SIP_TRANSPORT_UDP; - default_primary_transport = SIP_TRANSPORT_UDP; + default_transports = AST_TRANSPORT_UDP; + default_primary_transport = AST_TRANSPORT_UDP; ourport_tcp = STANDARD_SIP_PORT; ourport_tls = STANDARD_TLS_PORT; externtcpport = STANDARD_SIP_PORT; @@ -31885,15 +31885,15 @@ static int reload_config(enum channelreloadreason reason) trans = ast_skip_blanks(trans); if (!strncasecmp(trans, "udp", 3)) { - default_transports |= SIP_TRANSPORT_UDP; + default_transports |= AST_TRANSPORT_UDP; } else if (!strncasecmp(trans, "tcp", 3)) { - default_transports |= SIP_TRANSPORT_TCP; + default_transports |= AST_TRANSPORT_TCP; } else if (!strncasecmp(trans, "tls", 3)) { - default_transports |= SIP_TRANSPORT_TLS; + default_transports |= AST_TRANSPORT_TLS; } else if (!strncasecmp(trans, "wss", 3)) { - default_transports |= SIP_TRANSPORT_WSS; + default_transports |= AST_TRANSPORT_WSS; } else if (!strncasecmp(trans, "ws", 2)) { - default_transports |= SIP_TRANSPORT_WS; + default_transports |= AST_TRANSPORT_WS; } else { ast_log(LOG_NOTICE, "'%s' is not a valid transport type. if no other is specified, udp will be used.\n", trans); } @@ -32398,22 +32398,22 @@ static int reload_config(enum channelreloadreason reason) sip_cfg.allow_external_domains = 1; } /* If not or badly configured, set default transports */ - if (!sip_cfg.tcp_enabled && (default_transports & SIP_TRANSPORT_TCP)) { + if (!sip_cfg.tcp_enabled && (default_transports & AST_TRANSPORT_TCP)) { ast_log(LOG_WARNING, "Cannot use 'tcp' transport with tcpenable=no. Removing from available transports.\n"); - default_primary_transport &= ~SIP_TRANSPORT_TCP; - default_transports &= ~SIP_TRANSPORT_TCP; + default_primary_transport &= ~AST_TRANSPORT_TCP; + default_transports &= ~AST_TRANSPORT_TCP; } - if (!default_tls_cfg.enabled && (default_transports & SIP_TRANSPORT_TLS)) { + if (!default_tls_cfg.enabled && (default_transports & AST_TRANSPORT_TLS)) { ast_log(LOG_WARNING, "Cannot use 'tls' transport with tlsenable=no. Removing from available transports.\n"); - default_primary_transport &= ~SIP_TRANSPORT_TLS; - default_transports &= ~SIP_TRANSPORT_TLS; + default_primary_transport &= ~AST_TRANSPORT_TLS; + default_transports &= ~AST_TRANSPORT_TLS; } if (!default_transports) { ast_log(LOG_WARNING, "No valid transports available, falling back to 'udp'.\n"); - default_transports = default_primary_transport = SIP_TRANSPORT_UDP; + default_transports = default_primary_transport = AST_TRANSPORT_UDP; } else if (!default_primary_transport) { ast_log(LOG_WARNING, "No valid default transport. Selecting 'udp' as default.\n"); - default_primary_transport = SIP_TRANSPORT_UDP; + default_primary_transport = AST_TRANSPORT_UDP; } /* Build list of authentication to various SIP realms, i.e. service providers */ @@ -33552,7 +33552,7 @@ static int ast_sockaddr_resolve_first_af(struct ast_sockaddr *addr, static int ast_sockaddr_resolve_first(struct ast_sockaddr *addr, const char* name, int flag) { - return ast_sockaddr_resolve_first_af(addr, name, flag, get_address_family_filter(SIP_TRANSPORT_UDP)); + return ast_sockaddr_resolve_first_af(addr, name, flag, get_address_family_filter(AST_TRANSPORT_UDP)); } /*! \brief Return the first entry from ast_sockaddr_resolve filtered by family of binddaddr @@ -33644,7 +33644,7 @@ static int peer_ipcmp_cb_full(void *obj, void *arg, void *data, int flags) } /* We matched the IP, check to see if we need to match by port as well. */ - if ((peer->transports & peer2->transports) & (SIP_TRANSPORT_TLS | SIP_TRANSPORT_TCP)) { + if ((peer->transports & peer2->transports) & (AST_TRANSPORT_TLS | AST_TRANSPORT_TCP)) { /* peer matching on port is not possible with TCP/TLS */ return CMP_MATCH | CMP_STOP; } else if (ast_test_flag(&peer2->flags[0], SIP_INSECURE_PORT)) { diff --git a/channels/sip/config_parser.c b/channels/sip/config_parser.c index fe34283afb..6fc83248dd 100644 --- a/channels/sip/config_parser.c +++ b/channels/sip/config_parser.c @@ -40,7 +40,7 @@ int sip_parse_register_line(struct sip_registry *reg, int default_expiry, const { int portnum = 0; int domainport = 0; - enum sip_transport transport = SIP_TRANSPORT_UDP; + enum ast_transport transport = AST_TRANSPORT_UDP; char buf[256] = ""; char *userpart = NULL, *hostpart = NULL; /* register => [peer?][transport://]user[@domain][:secret[:authuser]]@host[:port][/extension][~expiry] */ @@ -230,21 +230,21 @@ int sip_parse_register_line(struct sip_registry *reg, int default_expiry, const /* set transport type */ if (!pre2.transport) { - transport = SIP_TRANSPORT_UDP; + transport = AST_TRANSPORT_UDP; } else if (!strncasecmp(pre2.transport, "tcp", 3)) { - transport = SIP_TRANSPORT_TCP; + transport = AST_TRANSPORT_TCP; } else if (!strncasecmp(pre2.transport, "tls", 3)) { - transport = SIP_TRANSPORT_TLS; + transport = AST_TRANSPORT_TLS; } else if (!strncasecmp(pre2.transport, "udp", 3)) { - transport = SIP_TRANSPORT_UDP; + transport = AST_TRANSPORT_UDP; } else { - transport = SIP_TRANSPORT_UDP; + transport = AST_TRANSPORT_UDP; ast_log(LOG_NOTICE, "'%.3s' is not a valid transport type on line %d of sip.conf. defaulting to udp.\n", pre2.transport, lineno); } /* if no portnum specified, set default for transport */ if (!portnum) { - if (transport == SIP_TRANSPORT_TLS) { + if (transport == AST_TRANSPORT_TLS) { portnum = STANDARD_TLS_PORT; } else { portnum = STANDARD_SIP_PORT; @@ -314,7 +314,7 @@ AST_TEST_DEFINE(sip_parse_register_line_test) strcmp(reg->authuser, "") || strcmp(reg->secret, "") || strcmp(reg->peername, "") || - reg->transport != SIP_TRANSPORT_UDP || + reg->transport != AST_TRANSPORT_UDP || reg->timeout != -1 || reg->expire != -1 || reg->refresh != default_expiry || @@ -343,7 +343,7 @@ AST_TEST_DEFINE(sip_parse_register_line_test) strcmp(reg->authuser, "") || strcmp(reg->secret, "pass") || strcmp(reg->peername, "") || - reg->transport != SIP_TRANSPORT_UDP || + reg->transport != AST_TRANSPORT_UDP || reg->timeout != -1 || reg->expire != -1 || reg->refresh != default_expiry || @@ -372,7 +372,7 @@ AST_TEST_DEFINE(sip_parse_register_line_test) strcmp(reg->authuser, "authuser") || strcmp(reg->secret, "pass") || strcmp(reg->peername, "") || - reg->transport != SIP_TRANSPORT_UDP || + reg->transport != AST_TRANSPORT_UDP || reg->timeout != -1 || reg->expire != -1 || reg->refresh != default_expiry || @@ -401,7 +401,7 @@ AST_TEST_DEFINE(sip_parse_register_line_test) strcmp(reg->authuser, "authuser") || strcmp(reg->secret, "pass") || strcmp(reg->peername, "") || - reg->transport != SIP_TRANSPORT_UDP || + reg->transport != AST_TRANSPORT_UDP || reg->timeout != -1 || reg->expire != -1 || reg->refresh != default_expiry || @@ -430,7 +430,7 @@ AST_TEST_DEFINE(sip_parse_register_line_test) strcmp(reg->authuser, "authuser") || strcmp(reg->secret, "pass") || strcmp(reg->peername, "") || - reg->transport != SIP_TRANSPORT_TCP || + reg->transport != AST_TRANSPORT_TCP || reg->timeout != -1 || reg->expire != -1 || reg->refresh != default_expiry || @@ -459,7 +459,7 @@ AST_TEST_DEFINE(sip_parse_register_line_test) strcmp(reg->authuser, "authuser") || strcmp(reg->secret, "pass") || strcmp(reg->peername, "") || - reg->transport != SIP_TRANSPORT_TLS || + reg->transport != AST_TRANSPORT_TLS || reg->timeout != -1 || reg->expire != -1 || reg->refresh != 111 || @@ -488,7 +488,7 @@ AST_TEST_DEFINE(sip_parse_register_line_test) strcmp(reg->authuser, "authuser") || strcmp(reg->secret, "pass") || strcmp(reg->peername, "peer") || - reg->transport != SIP_TRANSPORT_TCP || + reg->transport != AST_TRANSPORT_TCP || reg->timeout != -1 || reg->expire != -1 || reg->refresh != 111 || @@ -517,7 +517,7 @@ AST_TEST_DEFINE(sip_parse_register_line_test) strcmp(reg->authuser, "authuser") || strcmp(reg->secret, "pass") || strcmp(reg->peername, "peer") || - reg->transport != SIP_TRANSPORT_UDP || + reg->transport != AST_TRANSPORT_UDP || reg->timeout != -1 || reg->expire != -1 || reg->refresh != 111 || @@ -587,7 +587,7 @@ AST_TEST_DEFINE(sip_parse_register_line_test) strcmp(reg->authuser, "authuser") || strcmp(reg->secret, "pass") || strcmp(reg->peername, "") || - reg->transport != SIP_TRANSPORT_UDP || + reg->transport != AST_TRANSPORT_UDP || reg->timeout != -1 || reg->expire != -1 || reg->refresh != default_expiry || @@ -616,7 +616,7 @@ AST_TEST_DEFINE(sip_parse_register_line_test) strcmp(reg->authuser, "") || strcmp(reg->secret, "") || strcmp(reg->peername, "") || - reg->transport != SIP_TRANSPORT_UDP || + reg->transport != AST_TRANSPORT_UDP || reg->timeout != -1 || reg->expire != -1 || reg->refresh != default_expiry || @@ -641,7 +641,7 @@ alloc_fail: return res; } -int sip_parse_host(char *line, int lineno, char **hostname, int *portnum, enum sip_transport *transport) +int sip_parse_host(char *line, int lineno, char **hostname, int *portnum, enum ast_transport *transport) { char *port; @@ -653,11 +653,11 @@ int sip_parse_host(char *line, int lineno, char **hostname, int *portnum, enum s *hostname += 3; if (!strncasecmp(line, "tcp", 3)) { - *transport = SIP_TRANSPORT_TCP; + *transport = AST_TRANSPORT_TCP; } else if (!strncasecmp(line, "tls", 3)) { - *transport = SIP_TRANSPORT_TLS; + *transport = AST_TRANSPORT_TLS; } else if (!strncasecmp(line, "udp", 3)) { - *transport = SIP_TRANSPORT_UDP; + *transport = AST_TRANSPORT_UDP; } else if (lineno) { ast_log(LOG_NOTICE, "'%.3s' is not a valid transport type on line %d of sip.conf. defaulting to udp.\n", line, lineno); } else { @@ -665,7 +665,7 @@ int sip_parse_host(char *line, int lineno, char **hostname, int *portnum, enum s } } else { *hostname = line; - *transport = SIP_TRANSPORT_UDP; + *transport = AST_TRANSPORT_UDP; } if ((line = strrchr(*hostname, '@'))) @@ -695,7 +695,7 @@ int sip_parse_host(char *line, int lineno, char **hostname, int *portnum, enum s } if (!port) { - if (*transport & SIP_TRANSPORT_TLS) { + if (*transport & AST_TRANSPORT_TLS) { *portnum = STANDARD_TLS_PORT; } else { *portnum = STANDARD_SIP_PORT; @@ -710,7 +710,7 @@ AST_TEST_DEFINE(sip_parse_host_line_test) int res = AST_TEST_PASS; char *host; int port; - enum sip_transport transport; + enum ast_transport transport; char host1[] = "www.blah.com"; char host2[] = "tcp://www.blah.com"; char host3[] = "tls://10.10.10.10"; @@ -734,7 +734,7 @@ AST_TEST_DEFINE(sip_parse_host_line_test) sip_parse_host(host1, 1, &host, &port, &transport); if (port != STANDARD_SIP_PORT || ast_strlen_zero(host) || strcmp(host, "www.blah.com") || - transport != SIP_TRANSPORT_UDP) { + transport != AST_TRANSPORT_UDP) { ast_test_status_update(test, "Test 1: simple host failed.\n"); res = AST_TEST_FAIL; } @@ -743,7 +743,7 @@ AST_TEST_DEFINE(sip_parse_host_line_test) sip_parse_host(host2, 1, &host, &port, &transport); if (port != STANDARD_SIP_PORT || ast_strlen_zero(host) || strcmp(host, "www.blah.com") || - transport != SIP_TRANSPORT_TCP) { + transport != AST_TRANSPORT_TCP) { ast_test_status_update(test, "Test 2: tcp host failed.\n"); res = AST_TEST_FAIL; } @@ -752,7 +752,7 @@ AST_TEST_DEFINE(sip_parse_host_line_test) sip_parse_host(host3, 1, &host, &port, &transport); if (port != STANDARD_TLS_PORT || ast_strlen_zero(host) || strcmp(host, "10.10.10.10") || - transport != SIP_TRANSPORT_TLS) { + transport != AST_TRANSPORT_TLS) { ast_test_status_update(test, "Test 3: tls host failed. \n"); res = AST_TEST_FAIL; } @@ -761,7 +761,7 @@ AST_TEST_DEFINE(sip_parse_host_line_test) sip_parse_host(host4, 1, &host, &port, &transport); if (port != 1234 || ast_strlen_zero(host) || strcmp(host, "10.10.10.10") || - transport != SIP_TRANSPORT_TLS) { + transport != AST_TRANSPORT_TLS) { ast_test_status_update(test, "Test 4: tls host with custom port failed.\n"); res = AST_TEST_FAIL; } @@ -770,7 +770,7 @@ AST_TEST_DEFINE(sip_parse_host_line_test) sip_parse_host(host5, 1, &host, &port, &transport); if (port != 1234 || ast_strlen_zero(host) || strcmp(host, "10.10.10.10") || - transport != SIP_TRANSPORT_UDP) { + transport != AST_TRANSPORT_UDP) { ast_test_status_update(test, "Test 5: simple host with custom port failed.\n"); res = AST_TEST_FAIL; } diff --git a/channels/sip/dialplan_functions.c b/channels/sip/dialplan_functions.c index 2f6b160f43..0f43685ffa 100644 --- a/channels/sip/dialplan_functions.c +++ b/channels/sip/dialplan_functions.c @@ -226,7 +226,7 @@ int sip_acf_channel_read(struct ast_channel *chan, const char *funcname, char *p return -1; } } else if (!strcasecmp(args.param, "secure_signaling")) { - snprintf(buf, buflen, "%s", p->socket.type == SIP_TRANSPORT_TLS ? "1" : ""); + snprintf(buf, buflen, "%s", p->socket.type == AST_TRANSPORT_TLS ? "1" : ""); } else if (!strcasecmp(args.param, "secure_media")) { snprintf(buf, buflen, "%s", p->srtp ? "1" : ""); } else { diff --git a/channels/sip/include/config_parser.h b/channels/sip/include/config_parser.h index 2737016e6e..fd055b145b 100644 --- a/channels/sip/include/config_parser.h +++ b/channels/sip/include/config_parser.h @@ -41,7 +41,7 @@ int sip_parse_register_line(struct sip_registry *reg, int default_expiry, const * \retval 0 on success * \retval -1 on failure */ -int sip_parse_host(char *line, int lineno, char **hostname, int *portnum, enum sip_transport *transport); +int sip_parse_host(char *line, int lineno, char **hostname, int *portnum, enum ast_transport *transport); /*! \brief Parse the comma-separated nat= option values * \param value The comma-separated value diff --git a/channels/sip/include/sip.h b/channels/sip/include/sip.h index d852ee945a..07f233f44b 100644 --- a/channels/sip/include/sip.h +++ b/channels/sip/include/sip.h @@ -37,6 +37,7 @@ #include "asterisk/features.h" #include "asterisk/http_websocket.h" #include "asterisk/rtp_engine.h" +#include "asterisk/netsock2.h" #ifndef FALSE #define FALSE 0 @@ -571,17 +572,6 @@ enum st_refresher_param { SESSION_TIMER_REFRESHER_PARAM_UAS, }; -/*! \brief Define some implemented SIP transports - \note Asterisk does not support SCTP or UDP/DTLS -*/ -enum sip_transport { - SIP_TRANSPORT_UDP = 1, /*!< Unreliable transport for SIP, needs retransmissions */ - SIP_TRANSPORT_TCP = 1 << 1, /*!< Reliable, but unsecure */ - SIP_TRANSPORT_TLS = 1 << 2, /*!< TCP/TLS - reliable and secure transport for signalling */ - SIP_TRANSPORT_WS = 1 << 3, /*!< WebSocket, unsecure */ - SIP_TRANSPORT_WSS = 1 << 4, /*!< WebSocket, secure */ -}; - /*! \brief Automatic peer registration behavior */ enum autocreatepeer_mode { @@ -713,7 +703,7 @@ struct sip_proxy { struct ast_sockaddr ip; /*!< Currently used IP address and port */ int port; time_t last_dnsupdate; /*!< When this was resolved */ - enum sip_transport transport; + enum ast_transport transport; int force; /*!< If it's an outbound proxy, Force use of this outbound proxy for all outbound requests */ /* Room for a SRV record chain based on the name */ }; @@ -782,7 +772,7 @@ struct sip_settings { /*! \brief The SIP socket definition */ struct sip_socket { - enum sip_transport type; /*!< UDP, TCP or TLS */ + enum ast_transport type; /*!< UDP, TCP or TLS */ int fd; /*!< Filed descriptor, the actual socket */ uint16_t port; struct ast_tcptls_session_instance *tcptls_session; /* If tcp or tls, a socket manager */ @@ -1305,10 +1295,10 @@ struct sip_peer { AST_STRING_FIELD(callback); /*!< Callback extension */ ); struct sip_socket socket; /*!< Socket used for this peer */ - enum sip_transport default_outbound_transport; /*!< Peer Registration may change the default outbound transport. + enum ast_transport default_outbound_transport; /*!< Peer Registration may change the default outbound transport. If register expires, default should be reset. to this value */ /* things that don't belong in flags */ - unsigned short transports:5; /*!< Transports (enum sip_transport) that are acceptable for this peer */ + unsigned short transports:5; /*!< Transports (enum ast_transport) that are acceptable for this peer */ unsigned short is_realtime:1; /*!< this is a 'realtime' peer */ unsigned short rt_fromcontact:1;/*!< copy fromcontact from realtime */ unsigned short host_dynamic:1; /*!< Dynamic Peers register with Asterisk */ @@ -1414,7 +1404,7 @@ struct sip_registry { AST_STRING_FIELD(callback); /*!< Contact extension */ AST_STRING_FIELD(peername); /*!< Peer registering to */ ); - enum sip_transport transport; /*!< Transport for this registration UDP, TCP or TLS */ + enum ast_transport transport; /*!< Transport for this registration UDP, TCP or TLS */ int portno; /*!< Optional port override */ int regdomainport; /*!< Port override for domainport */ int expire; /*!< Sched ID of expiration */ @@ -1446,7 +1436,7 @@ struct sip_threadinfo { int alert_pipe[2]; /*! Used to alert tcptls thread when packet is ready to be written */ pthread_t threadid; struct ast_tcptls_session_instance *tcptls_session; - enum sip_transport type; /*!< We keep a copy of the type here so we can display it in the connection list */ + enum ast_transport type; /*!< We keep a copy of the type here so we can display it in the connection list */ AST_LIST_HEAD_NOLOCK(, tcptls_packet) packet_q; }; @@ -1464,7 +1454,7 @@ struct sip_subscription_mwi { AST_STRING_FIELD(secret); /*!< Password in clear text */ AST_STRING_FIELD(mailbox); /*!< Mailbox store to put MWI into */ ); - enum sip_transport transport; /*!< Transport to use */ + enum ast_transport transport; /*!< Transport to use */ int portno; /*!< Optional port override */ int resub; /*!< Sched ID of resubscription */ unsigned int subscribed:1; /*!< Whether we are currently subscribed or not */ @@ -1922,7 +1912,7 @@ AST_THREADSTORAGE(check_auth_buf); struct sip_peer *sip_find_peer(const char *peer, struct ast_sockaddr *addr, int realtime, int which_objects, int devstate_only, int transport); void sip_auth_headers(enum sip_auth_type code, char **header, char **respheader); const char *sip_get_header(const struct sip_request *req, const char *name); -const char *sip_get_transport(enum sip_transport t); +const char *sip_get_transport(enum ast_transport t); #ifdef REF_DEBUG #define sip_ref_peer(arg1,arg2) _ref_peer((arg1),(arg2), __FILE__, __LINE__, __PRETTY_FUNCTION__) diff --git a/channels/sip/security_events.c b/channels/sip/security_events.c index 77dfa2e17c..41a860debe 100644 --- a/channels/sip/security_events.c +++ b/channels/sip/security_events.c @@ -39,22 +39,9 @@ ASTERISK_FILE_VERSION(__FILE__, "$Revision$") /*! \brief Determine transport type used to receive request*/ -static enum ast_security_event_transport_type security_event_get_transport(const struct sip_pvt *p) +static enum ast_transport security_event_get_transport(const struct sip_pvt *p) { - int res = 0; - - switch (p->socket.type) { - case SIP_TRANSPORT_UDP: - return AST_SECURITY_EVENT_TRANSPORT_UDP; - case SIP_TRANSPORT_TCP: - case SIP_TRANSPORT_WS: - return AST_SECURITY_EVENT_TRANSPORT_TCP; - case SIP_TRANSPORT_TLS: - case SIP_TRANSPORT_WSS: - return AST_SECURITY_EVENT_TRANSPORT_TLS; - } - - return res; + return p->socket.type; } void sip_report_invalid_peer(const struct sip_pvt *p) diff --git a/include/asterisk/acl.h b/include/asterisk/acl.h index 537a30d32f..89eff78570 100644 --- a/include/asterisk/acl.h +++ b/include/asterisk/acl.h @@ -386,20 +386,14 @@ int ast_named_acl_init(void); int ast_named_acl_reload(void); /*! - * \brief accessor for the ACL stasis topic + * \brief a \ref stasis_message_type for changes against a named ACL or the set of all named ACLs * \since 12 * - * \retval NULL if the stasis topic hasn't been created or has been disabled - * \retval a pointer to the ACL stasis topic - */ -struct stasis_topic *ast_acl_topic(void); - -/*! - * \brief accessor for the named ACL change stasis message type - * \since 12 + * \retval NULL on error + * \retval \ref stasis_message_type for named ACL changes * - * \retval NULL if the ACL change message type hasn't been created or has been canceled - * \retval a pointer to the ACL change message type + * \note Messages of this type should always be issued on and expected from the + * \ref ast_security_topic \ref stasis_topic */ struct stasis_message_type *ast_named_acl_change_type(void); diff --git a/include/asterisk/json.h b/include/asterisk/json.h index 8e646584df..978d6396a1 100644 --- a/include/asterisk/json.h +++ b/include/asterisk/json.h @@ -19,6 +19,8 @@ #ifndef _ASTERISK_JSON_H #define _ASTERISK_JSON_H +#include "asterisk/netsock2.h" + /*! \file * * \brief Asterisk JSON abstraction layer. @@ -862,6 +864,18 @@ struct ast_json *ast_json_name_number(const char *name, const char *number); */ struct ast_json *ast_json_timeval(const struct timeval tv, const char *zone); +/*! + * \brief Construct an IP address as JSON + * + * XXX some comments describing the need for this here + * + * \param addr ast_sockaddr to encode + * \param transport_type ast_transport to include in the address string if any. Should just be one. + * \return JSON string containing the IP address with optional transport information + * \return \c NULL on error. + */ +struct ast_json *ast_json_ipaddr(const struct ast_sockaddr *addr, enum ast_transport transport_type); + /*! * \brief Construct a context/exten/priority as JSON. * diff --git a/include/asterisk/netsock2.h b/include/asterisk/netsock2.h index 435eda53db..a039d1bc67 100644 --- a/include/asterisk/netsock2.h +++ b/include/asterisk/netsock2.h @@ -42,6 +42,14 @@ enum { AST_AF_INET6 = 10, }; +enum ast_transport { + AST_TRANSPORT_UDP = 1, + AST_TRANSPORT_TCP = 1 << 1, + AST_TRANSPORT_TLS = 1 << 2, + AST_TRANSPORT_WS = 1 << 3, + AST_TRANSPORT_WSS = 1 << 4, +}; + /*! * \brief Socket address structure. * diff --git a/include/asterisk/res_sip.h b/include/asterisk/res_sip.h index 7cfc382601..aee27aa9e9 100644 --- a/include/asterisk/res_sip.h +++ b/include/asterisk/res_sip.h @@ -68,16 +68,6 @@ struct ast_sip_domain_alias { ); }; -/*! - * \brief Types of supported transports - */ -enum ast_sip_transport_type { - AST_SIP_TRANSPORT_UDP, - AST_SIP_TRANSPORT_TCP, - AST_SIP_TRANSPORT_TLS, - /* XXX Websocket ? */ -}; - /*! \brief Maximum number of ciphers supported for a TLS transport */ #define SIP_TLS_MAX_CIPHERS 64 @@ -104,7 +94,7 @@ struct ast_sip_transport { AST_STRING_FIELD(domain); ); /*! Type of transport */ - enum ast_sip_transport_type type; + enum ast_transport type; /*! Address and port to bind to */ pj_sockaddr host; /*! Number of simultaneous asynchronous operations */ diff --git a/include/asterisk/security_events.h b/include/asterisk/security_events.h index 461b671a49..a971444a4e 100644 --- a/include/asterisk/security_events.h +++ b/include/asterisk/security_events.h @@ -56,6 +56,42 @@ struct ast_security_event_ie_type { size_t offset; }; +/*! + * \brief A \ref stasis_topic which publishes messages for security related issues. + * \since 12 + * + * \retval \ref stasis_topic for security related issues. + * \retval NULL on error + */ +struct stasis_topic *ast_security_topic(void); + +/*! + * \brief A \ref stasis_message_type for security events + * \since 12 + * + * \retval NULL on error + * \retval \ref stasis_message_type for security events + * + * \note Messages of this type should always be issued on and expected from + * the \ref ast_security_topic \ref stasis_topic + */ +struct stasis_message_type *ast_security_event_type(void); + +/*! + * \brief initializes stasis topic/event types for \ref ast_security_topic and \ref ast_security_event_type + * \since 12 + * + * \retval 0 on success + * \retval -1 on failure + */ +int ast_security_stasis_init(void); + +/*! + * \brief removes stasis topic/event types for \ref ast_security_topic and \ref ast_security_event_type + * \since 12 + */ +void ast_security_stasis_cleanup(void); + /*! * \brief Get the list of required IEs for a given security event sub-type * diff --git a/include/asterisk/security_events_defs.h b/include/asterisk/security_events_defs.h index c73eb29878..6f32dae31b 100644 --- a/include/asterisk/security_events_defs.h +++ b/include/asterisk/security_events_defs.h @@ -28,6 +28,7 @@ #define __AST_SECURITY_EVENTS_DEFS_H__ #include "asterisk/network.h" +#include "asterisk/netsock2.h" #if defined(__cplusplus) || defined(c_plusplus) extern "C" { @@ -140,20 +141,11 @@ enum ast_security_event_severity { AST_SECURITY_EVENT_SEVERITY_ERROR = (1 << 1), }; -/*! - * \brief Transport types - */ -enum ast_security_event_transport_type { - AST_SECURITY_EVENT_TRANSPORT_UDP, - AST_SECURITY_EVENT_TRANSPORT_TCP, - AST_SECURITY_EVENT_TRANSPORT_TLS, -}; - #define AST_SEC_EVT(e) ((struct ast_security_event_common *) e) struct ast_security_event_ip_addr { const struct ast_sockaddr *addr; - enum ast_security_event_transport_type transport; + enum ast_transport transport; }; /*! diff --git a/main/asterisk.c b/main/asterisk.c index 9308230fb7..933aae63d3 100644 --- a/main/asterisk.c +++ b/main/asterisk.c @@ -242,6 +242,7 @@ int daemon(int, int); /* defined in libresolv of all places */ #include "asterisk/sorcery.h" #include "asterisk/stasis.h" #include "asterisk/json.h" +#include "asterisk/security_events.h" #include "asterisk/stasis_endpoints.h" #include "../defaults.h" @@ -4263,6 +4264,12 @@ int main(int argc, char *argv[]) exit(1); } + if (ast_security_stasis_init()) { /* Initialize Security Stasis Topic and Events */ + ast_security_stasis_cleanup(); + printf("%s", term_quit()); + exit(1); + } + if (ast_named_acl_init()) { /* Initialize the Named ACL system */ printf("%s", term_quit()); exit(1); diff --git a/main/json.c b/main/json.c index 87971f04a6..5b69ccbaa2 100644 --- a/main/json.c +++ b/main/json.c @@ -527,6 +527,50 @@ struct ast_json *ast_json_timeval(const struct timeval tv, const char *zone) return ast_json_string_create(buf); } +struct ast_json *ast_json_ipaddr(const struct ast_sockaddr *addr, enum ast_transport transport_type) +{ + struct ast_str *string = ast_str_alloca(64); + + if (!string) { + return NULL; + } + + ast_str_set(&string, 0, (ast_sockaddr_is_ipv4(addr) || + ast_sockaddr_is_ipv4_mapped(addr)) ? "IPV4/" : "IPV6/"); + + if (transport_type) { + char *transport_string = NULL; + + /* NOTE: None will be applied if multiple transport types are specified in transport_type */ + switch(transport_type) { + case AST_TRANSPORT_UDP: + transport_string = "UDP"; + break; + case AST_TRANSPORT_TCP: + transport_string = "TCP"; + break; + case AST_TRANSPORT_TLS: + transport_string = "TLS"; + break; + case AST_TRANSPORT_WS: + transport_string = "WS"; + break; + case AST_TRANSPORT_WSS: + transport_string = "WSS"; + break; + } + + if (transport_string) { + ast_str_append(&string, 0, "%s/", transport_string); + } + } + + ast_str_append(&string, 0, "%s", ast_sockaddr_stringify_addr(addr)); + ast_str_append(&string, 0, "/%s", ast_sockaddr_stringify_port(addr)); + + return ast_json_string_create(ast_str_buffer(string)); +} + void ast_json_init(void) { /* Setup to use Asterisk custom allocators */ diff --git a/main/manager.c b/main/manager.c index 6e7ea1e208..4d2923eb5d 100644 --- a/main/manager.c +++ b/main/manager.c @@ -1070,7 +1070,7 @@ static void acl_change_stasis_cb(void *data, struct stasis_subscription *sub, st static void acl_change_stasis_subscribe(void) { if (!acl_change_sub) { - acl_change_sub = stasis_subscribe(ast_acl_topic(), + acl_change_sub = stasis_subscribe(ast_security_topic(), acl_change_stasis_cb, NULL); } } @@ -2361,10 +2361,10 @@ static int set_eventmask(struct mansession *s, const char *eventmask) return maskint; } -static enum ast_security_event_transport_type mansession_get_transport(const struct mansession *s) +static enum ast_transport mansession_get_transport(const struct mansession *s) { - return s->tcptls_session->parent->tls_cfg ? AST_SECURITY_EVENT_TRANSPORT_TLS : - AST_SECURITY_EVENT_TRANSPORT_TCP; + return s->tcptls_session->parent->tls_cfg ? AST_TRANSPORT_TLS : + AST_TRANSPORT_TCP; } static void report_invalid_user(const struct mansession *s, const char *username) diff --git a/main/named_acl.c b/main/named_acl.c index afcd0692f5..092aa94a62 100644 --- a/main/named_acl.c +++ b/main/named_acl.c @@ -41,6 +41,7 @@ ASTERISK_FILE_VERSION(__FILE__, "$Revision$") #include "asterisk/paths.h" #include "asterisk/stasis.h" #include "asterisk/json.h" +#include "asterisk/security_events.h" #define NACL_CONFIG "acl.conf" #define ACL_FAMILY "acls" @@ -356,16 +357,11 @@ struct ast_ha *ast_named_acl_find(const char *name, int *is_realtime, int *is_un return ha; } -/*! \brief Topic for ACLs */ -static struct stasis_topic *acl_topic; - /*! \brief Message type for named ACL changes */ STASIS_MESSAGE_TYPE_DEFN(ast_named_acl_change_type); static void acl_stasis_shutdown(void) { - ao2_cleanup(acl_topic); - acl_topic = NULL; STASIS_MESSAGE_TYPE_CLEANUP(ast_named_acl_change_type); } @@ -376,22 +372,16 @@ static void acl_stasis_shutdown(void) static void ast_acl_stasis_init(void) { ast_register_atexit(acl_stasis_shutdown); - acl_topic = stasis_topic_create("ast_acl"); STASIS_MESSAGE_TYPE_INIT(ast_named_acl_change_type); } -struct stasis_topic *ast_acl_topic(void) -{ - return acl_topic; -} - /*! * \internal * \brief Sends a stasis message corresponding to a given named ACL that has changed or * that all ACLs have been updated and old copies must be refreshed. Consumers of - * named ACLs should subscribe to the ast_acl_topic and respond to messages of the - * ast_named_acl_change_type stasis message type in order to be able to accomodate - * changes to named ACLs. + * named ACLs should subscribe to the ast_security_topic and respond to messages + * of the ast_named_acl_change_type stasis message type in order to be able to + * accommodate changes to named ACLs. * * \param name Name of the ACL that has changed. May be an empty string (but not NULL) * If name is an empty string, then all ACLs must be refreshed. @@ -423,7 +413,7 @@ static int publish_acl_change(const char *name) goto publish_failure; } - stasis_publish(ast_acl_topic(), msg); + stasis_publish(ast_security_topic(), msg); return 0; diff --git a/main/security_events.c b/main/security_events.c index bdb9b21c88..d42bea64ab 100644 --- a/main/security_events.c +++ b/main/security_events.c @@ -37,9 +37,49 @@ ASTERISK_FILE_VERSION(__FILE__, "$Revision$") #include "asterisk/network.h" #include "asterisk/security_events.h" #include "asterisk/netsock2.h" +#include "asterisk/stasis.h" +#include "asterisk/json.h" +#include "asterisk/astobj2.h" static const size_t TIMESTAMP_STR_LEN = 32; +/*! \brief Security Topic */ +static struct stasis_topic *security_topic; + +struct stasis_topic *ast_security_topic(void) +{ + return security_topic; +} + +/*! \brief Message type for security events */ +STASIS_MESSAGE_TYPE_DEFN(ast_security_event_type); + +int ast_security_stasis_init(void) +{ + security_topic = stasis_topic_create("ast_security"); + if (!security_topic) { + return -1; + } + + if (STASIS_MESSAGE_TYPE_INIT(ast_security_event_type)) { + return -1; + } + + if (ast_register_atexit(ast_security_stasis_cleanup)) { + return -1; + } + + return 0; +} + +void ast_security_stasis_cleanup(void) +{ + STASIS_MESSAGE_TYPE_CLEANUP(ast_security_event_type); + + ao2_cleanup(security_topic); + security_topic = NULL; +} + static const struct { const char *name; uint32_t version; @@ -464,72 +504,17 @@ const struct ast_security_event_ie_type *ast_security_event_get_optional_ies( return sec_events[event_type].optional_ies; } -static void encode_timestamp(struct ast_str **str, const struct timeval *tv) -{ - ast_str_set(str, 0, "%u-%u", - (unsigned int) tv->tv_sec, - (unsigned int) tv->tv_usec); -} - -static struct ast_event *alloc_event(const struct ast_security_event_common *sec) -{ - struct ast_str *str = ast_str_alloca(TIMESTAMP_STR_LEN); - struct timeval tv = ast_tvnow(); - const char *severity_str; - - if (check_event_type(sec->event_type)) { - return NULL; - } - - encode_timestamp(&str, &tv); - - severity_str = S_OR( - ast_security_event_severity_get_name(sec_events[sec->event_type].severity), - "Unknown" - ); - - return ast_event_new(AST_EVENT_SECURITY, - AST_EVENT_IE_SECURITY_EVENT, AST_EVENT_IE_PLTYPE_UINT, sec->event_type, - AST_EVENT_IE_EVENT_VERSION, AST_EVENT_IE_PLTYPE_UINT, sec->version, - AST_EVENT_IE_EVENT_TV, AST_EVENT_IE_PLTYPE_STR, ast_str_buffer(str), - AST_EVENT_IE_SERVICE, AST_EVENT_IE_PLTYPE_STR, sec->service, - AST_EVENT_IE_SEVERITY, AST_EVENT_IE_PLTYPE_STR, severity_str, - AST_EVENT_IE_END); -} - -static int add_timeval_ie(struct ast_event **event, enum ast_event_ie_type ie_type, - const struct timeval *tv) -{ - struct ast_str *str = ast_str_alloca(TIMESTAMP_STR_LEN); - - encode_timestamp(&str, tv); - - return ast_event_append_ie_str(event, ie_type, ast_str_buffer(str)); -} - -static int add_ip_ie(struct ast_event **event, enum ast_event_ie_type ie_type, +static int add_ip_json_object(struct ast_json *json, enum ast_event_ie_type ie_type, const struct ast_security_event_ip_addr *addr) { - struct ast_str *str = ast_str_alloca(64); + struct ast_json *json_ip; - ast_str_set(&str, 0, (ast_sockaddr_is_ipv4(addr->addr) || ast_sockaddr_is_ipv4_mapped(addr->addr)) ? "IPV4/" : "IPV6/"); - - switch (addr->transport) { - case AST_SECURITY_EVENT_TRANSPORT_UDP: - ast_str_append(&str, 0, "UDP/"); - break; - case AST_SECURITY_EVENT_TRANSPORT_TCP: - ast_str_append(&str, 0, "TCP/"); - break; - case AST_SECURITY_EVENT_TRANSPORT_TLS: - ast_str_append(&str, 0, "TLS/"); - break; + json_ip = ast_json_ipaddr(addr->addr, addr->transport); + if (!json_ip) { + return -1; } - ast_str_append(&str, 0, "%s", ast_sockaddr_stringify_addr(addr->addr)); - ast_str_append(&str, 0, "/%s", ast_sockaddr_stringify_port(addr->addr)); - - return ast_event_append_ie_str(event, ie_type, ast_str_buffer(str)); + return ast_json_object_set(json, ast_event_get_ie_type_name(ie_type), json_ip); } enum ie_required { @@ -537,7 +522,7 @@ enum ie_required { REQUIRED }; -static int add_ie(struct ast_event **event, const struct ast_security_event_common *sec, +static int add_json_object(struct ast_json *json, const struct ast_security_event_common *sec, const struct ast_security_event_ie_type *ie_type, enum ie_required req) { int res = 0; @@ -559,6 +544,7 @@ static int add_ie(struct ast_event **event, const struct ast_security_event_comm case AST_EVENT_IE_ATTEMPTED_TRANSPORT: { const char *str; + struct ast_json *json_string; str = *((const char **)(((const char *) sec) + ie_type->offset)); @@ -567,20 +553,36 @@ static int add_ie(struct ast_event **event, const struct ast_security_event_comm "type '%d' not present\n", ie_type->ie_type, sec->event_type); res = -1; + break; } - if (str) { - res = ast_event_append_ie_str(event, ie_type->ie_type, str); + if (!str) { + break; } + json_string = ast_json_string_create(str); + if (!json_string) { + res = -1; + break; + } + + res = ast_json_object_set(json, ast_event_get_ie_type_name(ie_type->ie_type), json_string); break; } case AST_EVENT_IE_EVENT_VERSION: case AST_EVENT_IE_USING_PASSWORD: { + struct ast_json *json_string; uint32_t val; val = *((const uint32_t *)(((const char *) sec) + ie_type->offset)); - res = ast_event_append_ie_uint(event, ie_type->ie_type, val); + + json_string = ast_json_stringf("%d", val); + if (!json_string) { + res = -1; + break; + } + + res = ast_json_object_set(json, ast_event_get_ie_type_name(ie_type->ie_type), json_string); break; } case AST_EVENT_IE_LOCAL_ADDR: @@ -599,8 +601,9 @@ static int add_ie(struct ast_event **event, const struct ast_security_event_comm } if (addr->addr) { - res = add_ip_ie(event, ie_type->ie_type, addr); + res = add_ip_json_object(json, ie_type->ie_type, addr); } + break; } case AST_EVENT_IE_SESSION_TV: @@ -617,7 +620,12 @@ static int add_ie(struct ast_event **event, const struct ast_security_event_comm } if (tval) { - add_timeval_ie(event, ie_type->ie_type, tval); + struct ast_json *json_tval = ast_json_timeval(*tval, NULL); + if (!json_tval) { + res = -1; + break; + } + res = ast_json_object_set(json, ast_event_get_ie_type_name(ie_type->ie_type), json_tval); } break; @@ -635,20 +643,78 @@ static int add_ie(struct ast_event **event, const struct ast_security_event_comm return res; } +static struct ast_json *alloc_security_event_json_object(const struct ast_security_event_common *sec) +{ + struct timeval tv = ast_tvnow(); + const char *severity_str; + struct ast_json *json_temp; + RAII_VAR(struct ast_json *, json_object, ast_json_object_create(), ast_json_unref); + + if (!json_object) { + return NULL; + } + + /* NOTE: Every time ast_json_object_set is used, json_temp becomes a stale pointer since the reference is taken. + * This is true even if ast_json_object_set fails. + */ + + /* AST_EVENT_IE_SECURITY_EVENT */ + json_temp = ast_json_integer_create(sec->event_type); + if (!json_temp || ast_json_object_set(json_object, ast_event_get_ie_type_name(AST_EVENT_IE_SECURITY_EVENT), json_temp)) { + return NULL; + } + + /* AST_EVENT_IE_EVENT_VERSION */ + json_temp = ast_json_stringf("%d", sec->version); + if (!json_temp || ast_json_object_set(json_object, ast_event_get_ie_type_name(AST_EVENT_IE_EVENT_VERSION), json_temp)) { + return NULL; + } + + /* AST_EVENT_IE_EVENT_TV */ + json_temp = ast_json_timeval(tv, NULL); + if (!json_temp || ast_json_object_set(json_object, ast_event_get_ie_type_name(AST_EVENT_IE_EVENT_TV), json_temp)) { + return NULL; + } + + /* AST_EVENT_IE_SERVICE */ + json_temp = ast_json_string_create(sec->service); + if (!json_temp || ast_json_object_set(json_object, ast_event_get_ie_type_name(AST_EVENT_IE_SERVICE), json_temp)) { + return NULL; + } + + /* AST_EVENT_IE_SEVERITY */ + severity_str = S_OR( + ast_security_event_severity_get_name(sec_events[sec->event_type].severity), + "Unknown" + ); + + json_temp = ast_json_string_create(severity_str); + if (!json_temp || ast_json_object_set(json_object, ast_event_get_ie_type_name(AST_EVENT_IE_SEVERITY), json_temp)) { + return NULL; + } + + return ast_json_ref(json_object); +} + static int handle_security_event(const struct ast_security_event_common *sec) { - struct ast_event *event; + RAII_VAR(struct stasis_message *, msg, NULL, ao2_cleanup); + RAII_VAR(struct ast_json_payload *, json_payload, NULL, ao2_cleanup); + RAII_VAR(struct ast_json *, json_object, NULL, ast_json_unref); + const struct ast_security_event_ie_type *ies; unsigned int i; - if (!(event = alloc_event(sec))) { + json_object = alloc_security_event_json_object(sec); + + if (!json_object) { return -1; } for (ies = ast_security_event_get_required_ies(sec->event_type), i = 0; ies[i].ie_type != AST_EVENT_IE_END; i++) { - if (add_ie(&event, sec, ies + i, REQUIRED)) { + if (add_json_object(json_object, sec, ies + i, REQUIRED)) { goto return_error; } } @@ -656,30 +722,32 @@ static int handle_security_event(const struct ast_security_event_common *sec) for (ies = ast_security_event_get_optional_ies(sec->event_type), i = 0; ies[i].ie_type != AST_EVENT_IE_END; i++) { - if (add_ie(&event, sec, ies + i, NOT_REQUIRED)) { + if (add_json_object(json_object, sec, ies + i, NOT_REQUIRED)) { goto return_error; } } - - if (ast_event_queue(event)) { + /* The json blob is ready. Throw it in the payload and send it out over stasis. */ + if (!(json_payload = ast_json_payload_create(json_object))) { goto return_error; } + msg = stasis_message_create(ast_security_event_type(), json_payload); + + if (!msg) { + goto return_error; + } + + stasis_publish(ast_security_topic(), msg); + return 0; return_error: - if (event) { - ast_event_destroy(event); - } - return -1; } int ast_security_event_report(const struct ast_security_event_common *sec) { - int res; - if (sec->event_type < 0 || sec->event_type >= AST_SECURITY_EVENT_NUM_TYPES) { ast_log(LOG_ERROR, "Invalid security event type\n"); return -1; @@ -697,9 +765,12 @@ int ast_security_event_report(const struct ast_security_event_common *sec) return -1; } - res = handle_security_event(sec); + if (handle_security_event(sec)) { + ast_log(LOG_ERROR, "Failed to issue security event of type %s.\n", + ast_security_event_get_name(sec->event_type)); + } - return res; + return 0; } diff --git a/res/res_security_log.c b/res/res_security_log.c index 3e8c48a24e..1a4f379a10 100644 --- a/res/res_security_log.c +++ b/res/res_security_log.c @@ -37,16 +37,17 @@ ASTERISK_FILE_VERSION(__FILE__, "$Revision$"); #include "asterisk/module.h" #include "asterisk/logger.h" -#include "asterisk/event.h" #include "asterisk/threadstorage.h" #include "asterisk/strings.h" #include "asterisk/security_events.h" +#include "asterisk/stasis.h" +#include "asterisk/json.h" static const char LOG_SECURITY_NAME[] = "SECURITY"; static int LOG_SECURITY; -static struct ast_event_sub *security_event_sub; +static struct stasis_subscription *security_stasis_sub; AST_THREADSTORAGE(security_event_buf); static const size_t SECURITY_EVENT_BUF_INIT_LEN = 256; @@ -56,93 +57,89 @@ enum ie_required { REQUIRED }; -static int ie_is_present(const struct ast_event *event, - const enum ast_event_ie_type ie_type) -{ - return (ast_event_get_ie_raw(event, ie_type) != NULL); -} - -static void append_ie(struct ast_str **str, const struct ast_event *event, +static void append_json_single(struct ast_str **str, struct ast_json *json, const enum ast_event_ie_type ie_type, enum ie_required required) { - if (!required && !ie_is_present(event, ie_type)) { - /* Optional IE isn't present. Ignore. */ + const char *ie_type_key = ast_event_get_ie_type_name(ie_type); + + struct ast_json *json_string; + + json_string = ast_json_object_get(json, ie_type_key); + + if (!required && !json_string) { + /* Optional IE isn't present. Ignore. */ return; } /* At this point, it _better_ be there! */ - ast_assert(ie_is_present(event, ie_type)); + ast_assert(json_string != NULL); - switch (ast_event_get_ie_pltype(ie_type)) { - case AST_EVENT_IE_PLTYPE_UINT: - ast_str_append(str, 0, ",%s=\"%u\"", - ast_event_get_ie_type_name(ie_type), - ast_event_get_ie_uint(event, ie_type)); - break; - case AST_EVENT_IE_PLTYPE_STR: - ast_str_append(str, 0, ",%s=\"%s\"", - ast_event_get_ie_type_name(ie_type), - ast_event_get_ie_str(event, ie_type)); - break; - case AST_EVENT_IE_PLTYPE_BITFLAGS: - ast_str_append(str, 0, ",%s=\"%u\"", - ast_event_get_ie_type_name(ie_type), - ast_event_get_ie_bitflags(event, ie_type)); - break; - case AST_EVENT_IE_PLTYPE_UNKNOWN: - case AST_EVENT_IE_PLTYPE_EXISTS: - case AST_EVENT_IE_PLTYPE_RAW: - ast_log(LOG_WARNING, "Unexpected payload type for IE '%s'\n", - ast_event_get_ie_type_name(ie_type)); - break; - } + ast_str_append(str, 0, ",%s=\"%s\"", + ie_type_key, + ast_json_string_get(json_string)); } -static void append_ies(struct ast_str **str, const struct ast_event *event, +static void append_json(struct ast_str **str, struct ast_json *json, const struct ast_security_event_ie_type *ies, enum ie_required required) { unsigned int i; for (i = 0; ies[i].ie_type != AST_EVENT_IE_END; i++) { - append_ie(str, event, ies[i].ie_type, required); + append_json_single(str, json, ies[i].ie_type, required); } } -static void security_event_cb(const struct ast_event *event, void *data) +static void security_event_stasis_cb(struct ast_json *json) { struct ast_str *str; + struct ast_json *event_type_json; enum ast_security_event_type event_type; + event_type_json = ast_json_object_get(json, "SecurityEvent"); + event_type = ast_json_integer_get(event_type_json); + + ast_assert(event_type >= 0 && event_type < AST_SECURITY_EVENT_NUM_TYPES); + if (!(str = ast_str_thread_get(&security_event_buf, SECURITY_EVENT_BUF_INIT_LEN))) { return; } - /* Note that the event type is guaranteed to be valid here. */ - event_type = ast_event_get_ie_uint(event, AST_EVENT_IE_SECURITY_EVENT); - ast_assert(event_type >= 0 && event_type < AST_SECURITY_EVENT_NUM_TYPES); - ast_str_set(&str, 0, "%s=\"%s\"", ast_event_get_ie_type_name(AST_EVENT_IE_SECURITY_EVENT), ast_security_event_get_name(event_type)); - append_ies(&str, event, + append_json(&str, json, ast_security_event_get_required_ies(event_type), REQUIRED); - append_ies(&str, event, + append_json(&str, json, ast_security_event_get_optional_ies(event_type), NOT_REQUIRED); ast_log_dynamic_level(LOG_SECURITY, "%s\n", ast_str_buffer(str)); } +static void security_stasis_cb(void *data, struct stasis_subscription *sub, + struct stasis_topic *topic, struct stasis_message *message) +{ + struct ast_json_payload *payload = stasis_message_data(message); + + if (stasis_message_type(message) != ast_security_event_type()) { + return; + } + + if (!payload) { + return; + } + + security_event_stasis_cb(payload->json); +} + static int load_module(void) { if ((LOG_SECURITY = ast_logger_register_level(LOG_SECURITY_NAME)) == -1) { return AST_MODULE_LOAD_DECLINE; } - if (!(security_event_sub = ast_event_subscribe(AST_EVENT_SECURITY, - security_event_cb, "Security Event Logger", - NULL, AST_EVENT_IE_END))) { + if (!(security_stasis_sub = stasis_subscribe(ast_security_topic(), security_stasis_cb, NULL))) { ast_logger_unregister_level(LOG_SECURITY_NAME); LOG_SECURITY = -1; return AST_MODULE_LOAD_DECLINE; @@ -155,8 +152,8 @@ static int load_module(void) static int unload_module(void) { - if (security_event_sub) { - security_event_sub = ast_event_unsubscribe(security_event_sub); + if (security_stasis_sub) { + security_stasis_sub = stasis_unsubscribe(security_stasis_sub); } ast_verb(3, "Security Logging Disabled\n"); diff --git a/res/res_sip.c b/res/res_sip.c index 0aa1671359..ac2e9279b5 100644 --- a/res/res_sip.c +++ b/res/res_sip.c @@ -315,10 +315,10 @@ static int sip_get_tpselector_from_endpoint(const struct ast_sip_endpoint *endpo return -1; } - if (transport->type == AST_SIP_TRANSPORT_UDP) { + if (transport->type == AST_TRANSPORT_UDP) { selector->type = PJSIP_TPSELECTOR_TRANSPORT; selector->u.transport = transport->state->transport; - } else if (transport->type == AST_SIP_TRANSPORT_TCP || transport->type == AST_SIP_TRANSPORT_TLS) { + } else if (transport->type == AST_TRANSPORT_TCP || transport->type == AST_TRANSPORT_TLS) { selector->type = PJSIP_TPSELECTOR_LISTENER; selector->u.listener = transport->state->factory; } else { diff --git a/res/res_sip/config_transport.c b/res/res_sip/config_transport.c index eb89ee44ee..0df8c66adf 100644 --- a/res/res_sip/config_transport.c +++ b/res/res_sip/config_transport.c @@ -103,7 +103,7 @@ static int transport_apply(const struct ast_sorcery *sorcery, void *obj) /* Set default port if not present */ if (!pj_sockaddr_get_port(&transport->host)) { - pj_sockaddr_set_port(&transport->host, (transport->type == AST_SIP_TRANSPORT_TLS) ? 5061 : 5060); + pj_sockaddr_set_port(&transport->host, (transport->type == AST_TRANSPORT_TLS) ? 5061 : 5060); } /* Now that we know what address family we can set up a dnsmgr refresh for the external media address if present */ @@ -124,13 +124,13 @@ static int transport_apply(const struct ast_sorcery *sorcery, void *obj) } } - if (transport->type == AST_SIP_TRANSPORT_UDP) { + if (transport->type == AST_TRANSPORT_UDP) { if (transport->host.addr.sa_family == pj_AF_INET()) { res = pjsip_udp_transport_start(ast_sip_get_pjsip_endpoint(), &transport->host.ipv4, NULL, transport->async_operations, &transport->state->transport); } else if (transport->host.addr.sa_family == pj_AF_INET6()) { res = pjsip_udp_transport_start6(ast_sip_get_pjsip_endpoint(), &transport->host.ipv6, NULL, transport->async_operations, &transport->state->transport); } - } else if (transport->type == AST_SIP_TRANSPORT_TCP) { + } else if (transport->type == AST_TRANSPORT_TCP) { pjsip_tcp_transport_cfg cfg; pjsip_tcp_transport_cfg_default(&cfg, transport->host.addr.sa_family); @@ -138,7 +138,7 @@ static int transport_apply(const struct ast_sorcery *sorcery, void *obj) cfg.async_cnt = transport->async_operations; res = pjsip_tcp_transport_start3(ast_sip_get_pjsip_endpoint(), &cfg, &transport->state->factory); - } else if (transport->type == AST_SIP_TRANSPORT_TLS) { + } else if (transport->type == AST_TRANSPORT_TLS) { transport->tls.ca_list_file = pj_str((char*)transport->ca_list_file); transport->tls.cert_file = pj_str((char*)transport->cert_file); transport->tls.privkey_file = pj_str((char*)transport->privkey_file); @@ -163,11 +163,11 @@ static int transport_protocol_handler(const struct aco_option *opt, struct ast_v struct ast_sip_transport *transport = obj; if (!strcasecmp(var->value, "udp")) { - transport->type = AST_SIP_TRANSPORT_UDP; + transport->type = AST_TRANSPORT_UDP; } else if (!strcasecmp(var->value, "tcp")) { - transport->type = AST_SIP_TRANSPORT_TCP; + transport->type = AST_TRANSPORT_TCP; } else if (!strcasecmp(var->value, "tls")) { - transport->type = AST_SIP_TRANSPORT_TLS; + transport->type = AST_TRANSPORT_TLS; } else { /* TODO: Implement websockets */ return -1; diff --git a/res/res_sip_nat.c b/res/res_sip_nat.c index 02c60a14e4..c18cac36ac 100644 --- a/res/res_sip_nat.c +++ b/res/res_sip_nat.c @@ -58,7 +58,7 @@ static pj_bool_t nat_on_rx_request(pjsip_rx_data *rdata) /*! \brief Structure which contains information about a transport */ struct request_transport_details { /*! \brief Type of transport */ - enum ast_sip_transport_type type; + enum ast_transport type; /*! \brief Potential pointer to the transport itself, if UDP */ pjsip_transport *transport; /*! \brief Potential pointer to the transport factory itself, if TCP/TLS */ @@ -139,13 +139,13 @@ static pj_status_t nat_on_tx_message(pjsip_tx_data *tdata) details.factory = tdata->tp_sel.u.listener; } else if (tdata->tp_info.transport->key.type == PJSIP_TRANSPORT_UDP || tdata->tp_info.transport->key.type == PJSIP_TRANSPORT_UDP6) { /* Connectionless uses the same transport for all requests */ - details.type = AST_SIP_TRANSPORT_UDP; + details.type = AST_TRANSPORT_UDP; details.transport = tdata->tp_info.transport; } else { if (tdata->tp_info.transport->key.type == PJSIP_TRANSPORT_TCP) { - details.type = AST_SIP_TRANSPORT_TCP; + details.type = AST_TRANSPORT_TCP; } else if (tdata->tp_info.transport->key.type == PJSIP_TRANSPORT_TLS) { - details.type = AST_SIP_TRANSPORT_TLS; + details.type = AST_TRANSPORT_TLS; } else { /* Unknown transport type, we can't map and thus can't apply NAT changes */ return PJ_SUCCESS; @@ -163,7 +163,7 @@ static pj_status_t nat_on_tx_message(pjsip_tx_data *tdata) } if (!details.local_port) { - details.local_port = (details.type == AST_SIP_TRANSPORT_TLS) ? 5061 : 5060; + details.local_port = (details.type == AST_TRANSPORT_TLS) ? 5061 : 5060; } } diff --git a/res/res_sip_outbound_registration.c b/res/res_sip_outbound_registration.c index 2ef92cdc09..f33370146e 100644 --- a/res/res_sip_outbound_registration.c +++ b/res/res_sip_outbound_registration.c @@ -539,10 +539,10 @@ static int sip_outbound_registration_apply(const struct ast_sorcery *sorcery, vo return -1; } - if (transport->type == AST_SIP_TRANSPORT_UDP) { + if (transport->type == AST_TRANSPORT_UDP) { selector.type = PJSIP_TPSELECTOR_TRANSPORT; selector.u.transport = transport->state->transport; - } else if (transport->type == AST_SIP_TRANSPORT_TCP || transport->type == AST_SIP_TRANSPORT_TLS) { + } else if (transport->type == AST_TRANSPORT_TCP || transport->type == AST_TRANSPORT_TLS) { selector.type = PJSIP_TPSELECTOR_LISTENER; selector.u.listener = transport->state->factory; } else { diff --git a/tests/test_security_events.c b/tests/test_security_events.c index 4f2510f142..72d6fb5d8b 100644 --- a/tests/test_security_events.c +++ b/tests/test_security_events.c @@ -89,11 +89,11 @@ static void evt_gen_failed_acl(void) .common.session_tv = &session_tv, .common.local_addr = { .addr = &addr_local, - .transport = AST_SECURITY_EVENT_TRANSPORT_UDP, + .transport = AST_TRANSPORT_UDP, }, .common.remote_addr = { .addr = &addr_remote, - .transport = AST_SECURITY_EVENT_TRANSPORT_UDP, + .transport = AST_TRANSPORT_UDP, }, .acl_name = "TEST_ACL", @@ -127,11 +127,11 @@ static void evt_gen_inval_acct_id(void) .common.session_tv = &session_tv, .common.local_addr = { .addr = &addr_local, - .transport = AST_SECURITY_EVENT_TRANSPORT_TCP, + .transport = AST_TRANSPORT_TCP, }, .common.remote_addr = { .addr = &addr_remote, - .transport = AST_SECURITY_EVENT_TRANSPORT_TCP, + .transport = AST_TRANSPORT_TCP, }, }; @@ -163,11 +163,11 @@ static void evt_gen_session_limit(void) .common.session_tv = &session_tv, .common.local_addr = { .addr = &addr_local, - .transport = AST_SECURITY_EVENT_TRANSPORT_TLS, + .transport = AST_TRANSPORT_TLS, }, .common.remote_addr = { .addr = &addr_remote, - .transport = AST_SECURITY_EVENT_TRANSPORT_TLS, + .transport = AST_TRANSPORT_TLS, }, }; @@ -199,11 +199,11 @@ static void evt_gen_mem_limit(void) .common.session_tv = &session_tv, .common.local_addr = { .addr = &addr_local, - .transport = AST_SECURITY_EVENT_TRANSPORT_UDP, + .transport = AST_TRANSPORT_UDP, }, .common.remote_addr = { .addr = &addr_remote, - .transport = AST_SECURITY_EVENT_TRANSPORT_UDP, + .transport = AST_TRANSPORT_UDP, }, }; @@ -235,11 +235,11 @@ static void evt_gen_load_avg(void) .common.session_tv = &session_tv, .common.local_addr = { .addr = &addr_local, - .transport = AST_SECURITY_EVENT_TRANSPORT_UDP, + .transport = AST_TRANSPORT_UDP, }, .common.remote_addr = { .addr = &addr_remote, - .transport = AST_SECURITY_EVENT_TRANSPORT_UDP, + .transport = AST_TRANSPORT_UDP, }, }; @@ -271,11 +271,11 @@ static void evt_gen_req_no_support(void) .common.session_tv = &session_tv, .common.local_addr = { .addr = &addr_local, - .transport = AST_SECURITY_EVENT_TRANSPORT_UDP, + .transport = AST_TRANSPORT_UDP, }, .common.remote_addr = { .addr = &addr_remote, - .transport = AST_SECURITY_EVENT_TRANSPORT_UDP, + .transport = AST_TRANSPORT_UDP, }, .request_type = "MakeMeDinner", @@ -309,11 +309,11 @@ static void evt_gen_req_not_allowed(void) .common.session_tv = &session_tv, .common.local_addr = { .addr = &addr_local, - .transport = AST_SECURITY_EVENT_TRANSPORT_UDP, + .transport = AST_TRANSPORT_UDP, }, .common.remote_addr = { .addr = &addr_remote, - .transport = AST_SECURITY_EVENT_TRANSPORT_UDP, + .transport = AST_TRANSPORT_UDP, }, .request_type = "MakeMeBreakfast", @@ -348,11 +348,11 @@ static void evt_gen_auth_method_not_allowed(void) .common.session_tv = &session_tv, .common.local_addr = { .addr = &addr_local, - .transport = AST_SECURITY_EVENT_TRANSPORT_TCP, + .transport = AST_TRANSPORT_TCP, }, .common.remote_addr = { .addr = &addr_remote, - .transport = AST_SECURITY_EVENT_TRANSPORT_TCP, + .transport = AST_TRANSPORT_TCP, }, .auth_method = "PlainText" @@ -386,11 +386,11 @@ static void evt_gen_req_bad_format(void) .common.session_tv = &session_tv, .common.local_addr = { .addr = &addr_local, - .transport = AST_SECURITY_EVENT_TRANSPORT_TCP, + .transport = AST_TRANSPORT_TCP, }, .common.remote_addr = { .addr = &addr_remote, - .transport = AST_SECURITY_EVENT_TRANSPORT_TCP, + .transport = AST_TRANSPORT_TCP, }, .request_type = "CheeseBurger", @@ -425,11 +425,11 @@ static void evt_gen_successful_auth(void) .common.session_tv = &session_tv, .common.local_addr = { .addr = &addr_local, - .transport = AST_SECURITY_EVENT_TRANSPORT_TCP, + .transport = AST_TRANSPORT_TCP, }, .common.remote_addr = { .addr = &addr_remote, - .transport = AST_SECURITY_EVENT_TRANSPORT_TCP, + .transport = AST_TRANSPORT_TCP, }, }; @@ -462,16 +462,16 @@ static void evt_gen_unexpected_addr(void) .common.session_tv = &session_tv, .common.local_addr = { .addr = &addr_local, - .transport = AST_SECURITY_EVENT_TRANSPORT_UDP, + .transport = AST_TRANSPORT_UDP, }, .common.remote_addr = { .addr = &addr_remote, - .transport = AST_SECURITY_EVENT_TRANSPORT_UDP, + .transport = AST_TRANSPORT_UDP, }, .expected_addr = { .addr = &addr_expected, - .transport = AST_SECURITY_EVENT_TRANSPORT_UDP, + .transport = AST_TRANSPORT_UDP, }, }; @@ -506,11 +506,11 @@ static void evt_gen_chal_resp_failed(void) .common.session_tv = &session_tv, .common.local_addr = { .addr = &addr_local, - .transport = AST_SECURITY_EVENT_TRANSPORT_TCP, + .transport = AST_TRANSPORT_TCP, }, .common.remote_addr = { .addr = &addr_remote, - .transport = AST_SECURITY_EVENT_TRANSPORT_TCP, + .transport = AST_TRANSPORT_TCP, }, .challenge = "8adf8a9sd8fas9df23ljk4", @@ -546,11 +546,11 @@ static void evt_gen_inval_password(void) .common.session_tv = &session_tv, .common.local_addr = { .addr = &addr_local, - .transport = AST_SECURITY_EVENT_TRANSPORT_TCP, + .transport = AST_TRANSPORT_TCP, }, .common.remote_addr = { .addr = &addr_remote, - .transport = AST_SECURITY_EVENT_TRANSPORT_TCP, + .transport = AST_TRANSPORT_TCP, }, .challenge = "GoOdChAlLeNgE", .received_challenge = "BaDcHaLlEnGe", @@ -585,11 +585,11 @@ static void evt_gen_chal_sent(void) .common.session_tv = &session_tv, .common.local_addr = { .addr = &addr_local, - .transport = AST_SECURITY_EVENT_TRANSPORT_TCP, + .transport = AST_TRANSPORT_TCP, }, .common.remote_addr = { .addr = &addr_remote, - .transport = AST_SECURITY_EVENT_TRANSPORT_TCP, + .transport = AST_TRANSPORT_TCP, }, .challenge = "IcHaLlEnGeYoU", }; @@ -622,11 +622,11 @@ static void evt_gen_inval_transport(void) .common.session_tv = &session_tv, .common.local_addr = { .addr = &addr_local, - .transport = AST_SECURITY_EVENT_TRANSPORT_TCP, + .transport = AST_TRANSPORT_TCP, }, .common.remote_addr = { .addr = &addr_remote, - .transport = AST_SECURITY_EVENT_TRANSPORT_TCP, + .transport = AST_TRANSPORT_TCP, }, .transport = "UDP", };