Ticket #3884 (closed Bugs: fixed)

Opened 4 years ago

Last modified 3 years ago

Asterisk Manager has no "originate" rights

Reported by: digitalus Assigned to: _xo_
Priority: minor Milestone: 2.7
Component: Asterisk API Version: 2.6-branch
Keywords: Asterisk Manager originate Cc:
Confirmation: Need Feedback Distro:
Backend Engine: Asterisk 1.6 Distro Ver:
Backend Ver: SVN Revision (if applicable):

Description

When you are trying to use "originate" functions for example in a webclick-2-dial (for example the well known c2c.php script) function it will fail. Saying: "Permission denied".

The current rights line in /etc/asterisk/manager.conf: read = system,call,log,verbose,command,agent,user write = system,call,log,verbose,command,agent,user

and should be: read = system,call,log,verbose,command,agent,user,originate write = system,call,log,verbose,command,agent,user,originate

This behavor is added in asterisk +1.6, so it is not required on Asterisk 1.4!

Change History

09/10/09 11:05:32 changed by p_lindheimer

  • owner set to _xo_.
  • confirmation changed from Unreviewed to Need Feedback.
  • component changed from Asterisk Configuration to Asterisk API.

this is only a bug for the manager.conf configuration if FreePBX needs originate which I do not thing it does. Please clarify that.

It is probably a big (or feature request) for the Asterisk API (manager) module which lets you create new manager.conf sections which is what you should be using for a third part tool. I will change the module to that, please clarify on the first point if this is needed elsewhere in FreePBX in the predefined manager section that is created (default admin).

09/12/09 07:30:27 changed by digitalus

Sorry for being unclear. But actually I don't understand what you mean. You say the manager.conf is not touched nor created by FreePBX?

(follow-up: ↓ 7 ) 09/12/09 13:20:35 changed by p_lindheimer

no, I am saying that manager.conf had a section configured for FreePBX and then included sections like manager_additional.conf that is used by the manager (Asterisk API Module) to create new sections. I don't believe there is any FreePBX functionality in FreePBX that requires the originate option. However, I also believe that the manager module needs to be update to have this option configured like the other options (so you don't have to click all to get it and even there it's not clear if 'all' will cut it until having a look.

09/12/09 13:37:52 changed by digitalus

Ah oke that way. I didn't know that, but I think it should be a default setting.

09/16/09 19:27:09 changed by mbrevda

see also #3894

09/17/09 05:34:42 changed by drmessano

I can confirm that #3894 is fixed by adding the originate permission for the [admin] user. This should be fixed, and we need the originate option to the API module.

(in reply to: ↑ 3 ) 09/17/09 06:13:46 changed by mbrevda

Replying to p_lindheimer: Any objections to adding originate? (remember deny=0.0.0.0 permit=127.0.0.1, so no real security risks involved here)

09/17/09 10:09:54 changed by p_lindheimer

drmessano, mbrevda,

I haven't looked at this closely enough to determine if it should be in the admin section. The real issue (why the ticket is open) is that this need to be added to the manager module. If it needs to be in the main manager.conf section, then that is going to require updating that file which is more of a pain.

But ... come to think about it, the ARI originates calls doesn't it? So it may be needed in both places and we may need to have to update it in place. If one of you wants to check that it would be good. But just adding it to the stock managers.conf won't be adequate, we'll need a script which edits that file to add it in or something of the sort, as part of a migration process, I think.

01/01/10 07:50:19 changed by mbrevda

partly resolved in #3990, r8458

02/09/10 21:33:31 changed by p_lindheimer

  • status changed from new to closed.
  • resolution set to fixed.

(In [8803]) closes #3884 adds new manager permissions