[asterisk-bugs] [Asterisk 0010072]: [patch]: Added control over the spying party and ability to spy on calls both ways, including incoming on queue.
noreply at bugs.digium.com
noreply at bugs.digium.com
Fri Feb 1 16:46:20 CST 2008
A NOTE has been added to this issue.
======================================================================
http://bugs.digium.com/view.php?id=10072
======================================================================
Reported By: xmarksthespot
Assigned To:
======================================================================
Project: Asterisk
Issue ID: 10072
Category: Applications/app_chanspy
Reproducibility: N/A
Severity: feature
Priority: normal
Status: new
Asterisk Version: 1.4.5
SVN Branch (only for SVN checkouts, not tarball releases): N/A
SVN Revision (number only!):
Disclaimer on File?: Yes
Request Review:
======================================================================
Date Submitted: 06-27-2007 11:19 CDT
Last Modified: 02-01-2008 16:46 CST
======================================================================
Summary: [patch]: Added control over the spying party and
ability to spy on calls both ways, including incoming on queue.
Description:
Recap: app_chanspy had a couple of things that made it more or less
functional.
1. The spying party could spy on whoever he wanted once he was in chanspy,
by
pressing the "*" key to change channels at will. If it was the CEO on the
phone
he could spy on him. Aside from some manager stuff, or by using a clever
extension numbering scheme (i.e. all spyable extensions begin by the number
two), it was impossible to control the spy. This is undeniably a problem.
This is rectified by this patch.
2. Spying could not be made to happen on incoming calls! It would be
impossible
to monitor calls incoming on a queue, so whispering to your employees was
not
possible, aside from some manager hacking. This was also undeniably a
problem.
This is also rectified by this patch.
3. If you somehow managed to hack your way into the possibility of spying
on
incoming calls, you could not be sure to who you attached! For all you
know you
could have been whispering to the client! This is a huge problem. This is
also
fixed by this patch.
So this is a sort of 3 for 1 deal.
======================================================================
----------------------------------------------------------------------
putnopvut - 02-01-08 16:46
----------------------------------------------------------------------
I noticed this issue was in need of some attention. I've looked over the
description as well as the code, and I see the benefits of the patch. That
being said, there are a couple of problems.
1. ext = alloca(strlen(peer->name)); is unnecessary since you later use
ast_strdupa to allocate space for ext. You can just remove this line.
2. The e option for chanspy takes a list of numbers separated by :. Since
you pull the number out of the channel name of the peer channel, this can
lead to ambiguity if more than one channel technology is being used on the
system. For instance, if SIP and Skinny channels are used and SIP/1000 is a
different entity from Skinny/1000, both channels are in use, and "1000" is
specified in the list of extensions for the e option's arguments, then you
will be able to spy on both of the channels. I think the option should be
changed to take an interface instead of an extension, like
e(SIP/5000:Sip/2000:Skinny/2000:Zap/1). Best of all, this will actually
make the parsing easier.
3. If you change 2 like I stated, then you should also change strstr to
strcasestr in case people use funky capitalization for channel technologies
(like I did with the two SIP interfaces above).
Issue History
Date Modified Username Field Change
======================================================================
02-01-08 16:46 putnopvut Note Added: 0081598
======================================================================
More information about the asterisk-bugs
mailing list