Commit 5e2db332 authored by Matthieu Tanon's avatar Matthieu Tanon
Browse files

Add faulty device in security events and clean code

parent 867203e2
......@@ -140,6 +140,17 @@ LINPHONE_PUBLIC const LinphoneAddress *linphone_event_log_get_participant_addres
*/
LINPHONE_PUBLIC const LinphoneAddress *linphone_event_log_get_device_address (const LinphoneEventLog *event_log);
// -----------------------------------------------------------------------------
// ConferenceSecurityEvent.
// -----------------------------------------------------------------------------
/**
* Returns the faulty device address of a conference security event.
* @param[in] event_log A #LinphoneEventLog object.
* @return The address of the faulty device.
*/
LINPHONE_PUBLIC LinphoneAddress *linphone_event_log_get_security_alert_faulty_device (const LinphoneEventLog *event_log);
// -----------------------------------------------------------------------------
// ConferenceSubjectEvent.
// -----------------------------------------------------------------------------
......
......@@ -167,6 +167,18 @@ static bool isConferenceSubjectType (LinphoneEventLogType type) {
return false;
}
static bool isConferenceSecurityType (LinphoneEventLogType type) {
switch (type) {
case LinphoneEventLogTypeConferenceSecurityAlert:
return true;
default:
break;
}
return false;
}
// -----------------------------------------------------------------------------
// EventLog.
// -----------------------------------------------------------------------------
......@@ -305,6 +317,21 @@ const LinphoneAddress *linphone_event_log_get_device_address (const LinphoneEven
return event_log->deviceAddressCache;
}
// -----------------------------------------------------------------------------
// ConferenceSecurityEvent.
// -----------------------------------------------------------------------------
LINPHONE_PUBLIC LinphoneAddress *linphone_event_log_get_security_alert_faulty_device (const LinphoneEventLog *event_log) {
if (!isConferenceSecurityType(linphone_event_log_get_type(event_log)))
return nullptr;
return linphone_address_new(
static_pointer_cast<const LinphonePrivate::ConferenceSecurityEvent>(
L_GET_CPP_PTR_FROM_C_OBJECT(event_log)
)->getFaultyDevice().asString().c_str()
);
}
// -----------------------------------------------------------------------------
// ConferenceSubjectEvent.
// -----------------------------------------------------------------------------
......
......@@ -718,10 +718,8 @@ void ClientGroupChatRoom::onParticipantSetAdmin (const shared_ptr<ConferencePart
void ClientGroupChatRoom::onSecurityAlert (const shared_ptr<ConferenceSecurityEvent> &event) {
L_D();
cout << "onSecurityAlert() securityAlert = " << event->getSecurityAlert() << endl;
d->addEvent(event);
// notify the application for UI alert
LinphoneChatRoom *cr = d->getCChatRoom();
_linphone_chat_room_notify_security_alert(cr, L_GET_C_BACK_PTR(event));
}
......@@ -762,6 +760,21 @@ void ClientGroupChatRoom::onParticipantDeviceAdded (const shared_ptr<ConferenceP
d->addEvent(event);
// If LIMEv2 enabled and if too many devices for a participant, throw a local security alert event
int nbDevice = int(participant->getPrivate()->getDevices().size());
int maxNbDevicesPerParticipant = linphone_config_get_int(linphone_core_get_config(L_GET_C_BACK_PTR(getCore())), "encryption", "max_nb_device_per_participant", 1);
if (getCore()->limeV2Enabled() && nbDevice > maxNbDevicesPerParticipant) {
lWarning() << "LIMEv2 maximum number of devices exceeded for " << participant->getAddress();
const shared_ptr<ConferenceSecurityEvent> securityEvent = make_shared<ConferenceSecurityEvent>(
time(nullptr),
d->conferenceId,
ConferenceSecurityEvent::SecurityAlertType::MultideviceParticipant,
event->getDeviceAddress()
);
onSecurityAlert(securityEvent);
}
LinphoneChatRoom *cr = d->getCChatRoom();
_linphone_chat_room_notify_participant_device_added(cr, L_GET_C_BACK_PTR(event));
}
......
......@@ -159,21 +159,19 @@ ChatMessageModifier::Result LimeV2::processOutgoingMessage (const shared_ptr<Cha
}
}
// TODO warning when multiple devices for the same participant
// TODO the PeerDeviceStatus of recipients could be tested here and the unsafe ones removed
// TODO add policies to adapt behaviour when multiple devices
if (tooManyDevices) {
// get multidevice participants and set all their devices to untrusted ?
// or override its participant security level somehow
// If too many devices for a participant, throw a local security alert event
lWarning() << "Sending encrypted message to multidevice participant";
// TODO if multidevice is forbidden send a ConferenceSecurityEvent
time_t securityAlertTime = time(nullptr);
ConferenceSecurityEvent::SecurityAlertType securityAlertType = ConferenceSecurityEvent::SecurityAlertType::MultideviceParticipant;
shared_ptr<ConferenceSecurityEvent> securityEvent = make_shared<ConferenceSecurityEvent>(securityAlertTime, chatRoom->getConferenceId(), securityAlertType);
IdentityAddress noFaultyDevice;
shared_ptr<ConferenceSecurityEvent> securityEvent = make_shared<ConferenceSecurityEvent>(time(nullptr), chatRoom->getConferenceId(), securityAlertType, noFaultyDevice);
shared_ptr<ClientGroupChatRoom> confListener = static_pointer_cast<ClientGroupChatRoom>(chatRoom);
confListener->onSecurityAlert(securityEvent);
// TODO add policies to adapt behaviour when multiple devices
lError() << "Sending encrypted message to multidevice participant";
cout << "[ALERT] Sending encrypted message to multidevice participant (message rejected)" << endl;
return ChatMessageModifier::Result::Error;
}
......
......@@ -94,7 +94,7 @@ namespace Statements {
)",
/* SelectConferenceEvents */ R"(
SELECT conference_event_view.id AS event_id, type, creation_time, from_sip_address.value, to_sip_address.value, time, imdn_message_id, state, direction, is_secured, notify_id, device_sip_address.value, participant_sip_address.value, subject, delivery_notification_required, display_notification_required, security_alert
SELECT conference_event_view.id AS event_id, type, creation_time, from_sip_address.value, to_sip_address.value, time, imdn_message_id, state, direction, is_secured, notify_id, device_sip_address.value, participant_sip_address.value, subject, delivery_notification_required, display_notification_required, security_alert, faulty_device
FROM conference_event_view
LEFT JOIN sip_address AS from_sip_address ON from_sip_address.id = from_sip_address_id
LEFT JOIN sip_address AS to_sip_address ON to_sip_address.id = to_sip_address_id
......
......@@ -699,7 +699,8 @@ shared_ptr<EventLog> MainDbPrivate::selectConferenceSecurityEvent (
return make_shared<ConferenceSecurityEvent>(
getConferenceEventCreationTimeFromRow(row),
conferenceId,
static_cast<ConferenceSecurityEvent::SecurityAlertType>(row.get<int>(16))
static_cast<ConferenceSecurityEvent::SecurityAlertType>(row.get<int>(16)),
IdentityAddress(row.get<string>(17))
);
}
......@@ -943,11 +944,12 @@ long long MainDbPrivate::insertConferenceSecurityEvent (const shared_ptr<EventLo
return -1;
const int &securityAlertType = int(static_pointer_cast<ConferenceSecurityEvent>(eventLog)->getSecurityAlertType());
const string &faultyDevice = static_pointer_cast<ConferenceSecurityEvent>(eventLog)->getFaultyDevice().asString();
// insert security event into new table "conference_security_event"
soci::session *session = dbSession.getBackendSession();
*session << "INSERT INTO conference_security_event (event_id, security_alert)"
" VALUES (:eventId, :securityAlertType)", soci::use(eventId), soci::use(securityAlertType);
*session << "INSERT INTO conference_security_event (event_id, security_alert, faulty_device)"
" VALUES (:eventId, :securityAlertType, :faultyDevice)", soci::use(eventId), soci::use(securityAlertType), soci::use(faultyDevice);
return eventId;
}
......@@ -1110,7 +1112,7 @@ void MainDbPrivate::updateSchema () {
else
query = "CREATE VIEW conference_event_view AS";
*session << query +
" SELECT id, type, creation_time, chat_room_id, from_sip_address_id, to_sip_address_id, time, imdn_message_id, state, direction, is_secured, notify_id, device_sip_address_id, participant_sip_address_id, subject, delivery_notification_required, display_notification_required, security_alert" // TEST
" SELECT id, type, creation_time, chat_room_id, from_sip_address_id, to_sip_address_id, time, imdn_message_id, state, direction, is_secured, notify_id, device_sip_address_id, participant_sip_address_id, subject, delivery_notification_required, display_notification_required, security_alert, faulty_device"
" FROM event"
" LEFT JOIN conference_event ON conference_event.event_id = event.id"
" LEFT JOIN conference_chat_message_event ON conference_chat_message_event.event_id = event.id"
......@@ -1118,7 +1120,7 @@ void MainDbPrivate::updateSchema () {
" LEFT JOIN conference_participant_device_event ON conference_participant_device_event.event_id = event.id"
" LEFT JOIN conference_participant_event ON conference_participant_event.event_id = event.id"
" LEFT JOIN conference_subject_event ON conference_subject_event.event_id = event.id"
" LEFT JOIN conference_security_event ON conference_security_event.event_id = event.id"; // TEST
" LEFT JOIN conference_security_event ON conference_security_event.event_id = event.id";
}
}
......@@ -1558,6 +1560,7 @@ void MainDb::init () {
" event_id" + primaryKeyStr("BIGINT UNSIGNED") + ","
" security_alert TINYINT UNSIGNED NOT NULL,"
" faulty_device VARCHAR(255) NOT NULL,"
" FOREIGN KEY (event_id)"
" REFERENCES conference_event(event_id)"
......@@ -1776,7 +1779,6 @@ bool MainDb::addEvent (const shared_ptr<EventLog> &eventLog) {
break;
case EventLog::Type::ConferenceSecurityAlert:
cout << "adding security event to db" << endl;
eventId = d->insertConferenceSecurityEvent(eventLog);
break;
......
......@@ -31,6 +31,7 @@ LINPHONE_BEGIN_NAMESPACE
class ConferenceSecurityEventPrivate : public ConferenceEventPrivate {
public:
ConferenceSecurityEvent::SecurityAlertType securityAlertType;
IdentityAddress faultyDevice;
};
// -----------------------------------------------------------------------------
......@@ -38,7 +39,8 @@ public:
ConferenceSecurityEvent::ConferenceSecurityEvent (
time_t creationTime,
const ConferenceId &conferenceId,
SecurityAlertType securityAlertType
SecurityAlertType securityAlertType,
IdentityAddress faultyDevice
) : ConferenceEvent(
*new ConferenceSecurityEventPrivate,
Type::ConferenceSecurityAlert,
......@@ -47,6 +49,7 @@ ConferenceSecurityEvent::ConferenceSecurityEvent (
) {
L_D();
d->securityAlertType = securityAlertType;
d->faultyDevice = faultyDevice;
}
ConferenceSecurityEvent::SecurityAlertType ConferenceSecurityEvent::getSecurityAlertType () const {
......@@ -54,4 +57,9 @@ ConferenceSecurityEvent::SecurityAlertType ConferenceSecurityEvent::getSecurityA
return d->securityAlertType;
}
const IdentityAddress ConferenceSecurityEvent::getFaultyDevice () const {
L_D();
return d->faultyDevice;
}
LINPHONE_END_NAMESPACE
......@@ -47,10 +47,12 @@ public:
ConferenceSecurityEvent (
time_t creationTime,
const ConferenceId &conferenceId,
SecurityAlertType securityAlertType
SecurityAlertType securityAlertType,
IdentityAddress faultyDevice
);
SecurityAlertType getSecurityAlertType () const;
const IdentityAddress getFaultyDevice () const;
private:
L_DECLARE_PRIVATE(ConferenceSecurityEvent);
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment