[asterisk-bugs] [Asterisk 0011123]: [patch] Implement asterisk CLI permissions.

noreply at bugs.digium.com noreply at bugs.digium.com
Wed Nov 28 11:41:24 CST 2007


A NOTE has been added to this issue. 
====================================================================== 
http://bugs.digium.com/view.php?id=11123 
====================================================================== 
Reported By:                eliel
Assigned To:                
====================================================================== 
Project:                    Asterisk
Issue ID:                   11123
Category:                   Core-General
Reproducibility:            always
Severity:                   feature
Priority:                   normal
Status:                     ready for testing
Asterisk Version:            SVN 
SVN Branch (only for SVN checkouts, not tarball releases):  trunk 
SVN Revision (number only!): 87627 
Disclaimer on File?:        N/A 
Request Review:              
====================================================================== 
Date Submitted:             10-30-2007 13:50 CDT
Last Modified:              11-28-2007 11:41 CST
====================================================================== 
Summary:                    [patch] Implement asterisk CLI permissions.
Description: 
Restrict users to run only a subset of commands allow (configured by an
administrator).
You need write access to the asterisk.ctl socket file.
This is useful when you need to allow run commands on the asterisk CLI to
some users for support purposes also is a secure manner to prevent commands
like 'restart now' or 'stop now' being executed by mistake. 
====================================================================== 

---------------------------------------------------------------------- 
 eliel - 11-28-07 11:41  
---------------------------------------------------------------------- 
IgorG: Thanks for your feedback.

- That command is being run automatically while connecting with rasterisk,
I didn't want to hardcode any value, I think allowing it on every user is
better done harcoding this command to be allowed. But this is my idea, I
think other asterisk-devs could tell me if it is better to hardcode that
command to be allowed or leave it like it is now.

- I already though about limiting the autocompletion, the problem with
that is that in many CLI commands autocompletion is handled inside the CLI
command handler not in the ->command = "sip show peer" so to implement this
we will need to pass the uid to the CLI command handler and check the
permissions in the CLI command handler that is not very clean, and could
bring many "security" bugs if it not well checked/done.

- I have already done a patch to cleanup the help command with the allowed
command only, but is the same problem as the autocompletion, the 'help'
command is another CLI command, so to check security I will need to pass
the uid to the CLI handler and is a design change.

But what I have done to resolve what you tell me was, pass the uid of the
user that is running the command in the ast_cli_args structure and the we
have the uid in a->uid, so we can check security in autocompletion and in
the help command, but I think this is a big design change and should be
approved by the comunity, I think it is very difficult to start checking
the security in every CLI command without adding new bugs to the core.

Thanks again for the feedback, and if you have an idea of how we could
implement in a clean way those changes please let me know!

Eliel 

Issue History 
Date Modified   Username       Field                    Change               
====================================================================== 
11-28-07 11:41  eliel          Note Added: 0074493                          
======================================================================




More information about the asterisk-bugs mailing list