[asterisk-dev] AstriDevCon - PineMango
tzafrir.cohen at xorcom.com
Thu Oct 9 14:16:52 CDT 2008
On Thu, Oct 09, 2008 at 11:15:53AM -0700, Brian Degenhardt wrote:
> Tzafrir Cohen wrote:
> > On Thu, Oct 09, 2008 at 09:20:40AM -0700, Brian Degenhardt wrote:
> >> To clarify, we're talking about fine-grained auth here, not the yes/no
> >> type in a password to use the API socket. We currently don't
> >> authenticate AGI scripts, cli commands, dialplan scripts, and manager's
> >> security model is a joke.
> > And a reminder of what happens because of that:
> > If you want to write a nice little dialer and do it the right way,
> > you have to write your own daemon that runs on a dedicated server.
> > Little hacks like SnapDialer are indeed security holes (if you allow
> > them to be used). If there were proper authorization through the manager
> > interface, such dialers could have been safe.
> > I suspect that the same would apply to any interface you want to expose.
> You're absolutely right here. I'm not arguing with any of this.
> Now that we agree that you have to write a little daemon that connects
> to Asterisk, let's explore how that's done. For Switchvox, we've
> written just that for our Switchboard:
> Currently this daemon uses the manager interface, which it turns out is
> bordering on unusable to do this sort of thing. Don't take my word for
> it, ask anyone who's ever tried to track detailed call status over
> manager. One of our engineers likened it to digging through your trash
> to figure out what you had for dinner, because there isn't a proper way
> to just ask.
Well, your daemon does much much more than originating calls.
Originating calls using the manager interface is simple.
> This problem needs to be fixed first. I'm not saying fine-grained auth
> isn't a good project, I'm just saying that having a usable API is more
> important from my perspective.
That is indeed a different problem. So now thing of a similar problem.
Your siwtchboard is connected to an Asterisk box (maybe several of
those) and serves several users. You want to allow different users to
control a different subset of extensions.
Is it possible to easily tell that an even is related to one of the
devices in the group "company_a"?
Or do we end up again without you getting the information you need for
> Doing the API correctly is a huge undertaking. Fine-grained auth is
> also a massive undertaking. We (not just Digium, the whole Asterisk
> community of developers) do not have enough engineering bandwidth to do
> both at the same time. Therefore, I'm saying that we have to put the
> auth issue on hold so that we can at least accomplish one of these two
> huge projects.
> Hell, I even think the API project is ambitious to the point of being
> impractical. I'm still going to fight to keep it practical, and part of
> that means expelling this need for auth as a dependency.
icq#16849755 jabber:tzafrir.cohen at xorcom.com
+972-50-7952406 mailto:tzafrir.cohen at xorcom.com
http://www.xorcom.com iax:guest at local.xorcom.com/tzafrir
More information about the asterisk-dev