[asterisk-dev] AstriDevCon - PineMango

Brian Degenhardt bmd at digium.com
Thu Oct 9 13:15:53 CDT 2008


Tzafrir Cohen wrote:
> On Thu, Oct 09, 2008 at 09:20:40AM -0700, Brian Degenhardt wrote:
> 
>> To clarify, we're talking about fine-grained auth here, not the yes/no
>> type in a password to use the API socket.  We currently don't
>> authenticate AGI scripts, cli commands, dialplan scripts, and manager's
>> security model is a joke.
> 
> And a reminder of what happens because of that:
> 
> If you want to write a nice little dialer and do it the right way,
> you have to write your own daemon that runs on a dedicated server.
> Little hacks like SnapDialer are indeed security holes (if you allow
> them to be used). If there were proper authorization through the manager
> interface, such dialers could have been safe.
> 
> I suspect that the same would apply to any interface you want to expose.

You're absolutely right here.  I'm not arguing with any of this.

Now that we agree that you have to write a little daemon that connects
to Asterisk, let's explore how that's done.  For Switchvox, we've
written just that for our Switchboard:

http://www.switchvox.com/sv?cmd=screenshots&pic=23

Currently this daemon uses the manager interface, which it turns out is
bordering on unusable to do this sort of thing.  Don't take my word for
it, ask anyone who's ever tried to track detailed call status over
manager.  One of our engineers likened it to digging through your trash
to figure out what you had for dinner, because there isn't a proper way
to just ask.

This problem needs to be fixed first.  I'm not saying fine-grained auth
isn't a good project, I'm just saying that having a usable API is more
important from my perspective.

Doing the API correctly is a huge undertaking.  Fine-grained auth is
also a massive undertaking.  We (not just Digium, the whole Asterisk
community of developers) do not have enough engineering bandwidth to do
both at the same time.  Therefore, I'm saying that we have to put the
auth issue on hold so that we can at least accomplish one of these two
huge projects.

Hell, I even think the API project is ambitious to the point of being
impractical.  I'm still going to fight to keep it practical, and part of
that means expelling this need for auth as a dependency.

cheers
-bmd



More information about the asterisk-dev mailing list