forked from SimplesIP/pabx-app
You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
219 lines
5.9 KiB
219 lines
5.9 KiB
2 years ago
|
phpagi-asmanager: an Asterisk Manager class written in PHP
|
||
|
|
||
|
Matthew Asham <matthewa@bcwireless.net>
|
||
|
http://phpagi.sourceforge.net
|
||
|
------------------------------------------------------------------------------
|
||
|
|
||
|
------------------------------------------------------------------------------
|
||
|
SECURITY
|
||
|
------------------------------------------------------------------------------
|
||
|
|
||
|
Validation:
|
||
|
|
||
|
******If asterisk is running as root, the manager interface may allow the
|
||
|
execution of arbitrary shell commands as root. If the user can update any
|
||
|
configuration file that can execute arbitrary command (like the dialplan),
|
||
|
the system may be compromised.
|
||
|
|
||
|
Also, look out for command injection. Consider the following example:
|
||
|
|
||
|
$as->Events($_POST['events_status']);
|
||
|
|
||
|
We expect either 'on' or 'off', but the attacker uses:
|
||
|
|
||
|
"\r\n\r\nAction: Command\r\nCommand: database put forward 54321 19005551212";
|
||
|
|
||
|
|
||
|
Validation is a *must* for all user data.
|
||
|
|
||
|
|
||
|
Username and Secret:
|
||
|
|
||
|
Storing the username and secret in the config file will isolate them from your
|
||
|
code.
|
||
|
|
||
|
Isolation of username and secret in the config file does not mean that the
|
||
|
script cannot simple read the config file. The config file must be readable
|
||
|
by the script.
|
||
|
|
||
|
|
||
|
CREATING A NEW INSTANCE OF THE CLASS
|
||
|
------------------------------------------------------------------------------
|
||
|
|
||
|
The class can be created standalone of phpagi.php, or through phpagi.
|
||
|
|
||
|
STANDALONE:
|
||
|
|
||
|
require "phpagi-asmanager.php";
|
||
|
|
||
|
$as = new AGI_AsteriskManager();
|
||
|
|
||
|
FROM PHPAGI:
|
||
|
|
||
|
require "phpagi.php";
|
||
|
|
||
|
$agi = new AGI();
|
||
|
$as = $agi->new_AsteriskManager();
|
||
|
|
||
|
Notes:
|
||
|
|
||
|
* If the class is created using $agi->new_AsteriskManager(),
|
||
|
AGI_AsteriskManager will use the parent phpagi for logging to the Asterisk
|
||
|
console.
|
||
|
|
||
|
* phpagi.php will include phpagi-asmanager.php by itself.
|
||
|
* If phpagi-asmanager.php is included _before_ phpagi.php, phpagi.php will
|
||
|
not attempt to re-include it.
|
||
|
* If phpagi.php tries to include phpagi-asmanager.php but is unable to do
|
||
|
so, an error will be echoed to the asterisk console and the script will
|
||
|
continue running normally. in this case the return value of
|
||
|
new_AsteriskManager() will be FALSE.
|
||
|
|
||
|
------------------------------------------------------------------------------
|
||
|
CONFIGURATION
|
||
|
------------------------------------------------------------------------------
|
||
|
|
||
|
phpagi-asmanager uses the same configuration file as phpagi.conf (usually
|
||
|
/etc/asterisk/phpagi.conf). All configuration information specific to
|
||
|
phpagi-asmanager is contained in the [asmanager] section of the .conf file.
|
||
|
|
||
|
supported directives:
|
||
|
|
||
|
[asmanager]
|
||
|
# server to connect to
|
||
|
server=localhost
|
||
|
|
||
|
# default manager port
|
||
|
port=5038
|
||
|
|
||
|
#username for login
|
||
|
username=me_and_only_me
|
||
|
|
||
|
#password for login
|
||
|
secret=i_am_not_telling
|
||
|
|
||
|
|
||
|
|
||
|
------------------------------------------------------------------------------
|
||
|
CONNECTING
|
||
|
------------------------------------------------------------------------------
|
||
|
|
||
|
$res = $as->connect("localhost", "username", "password");
|
||
|
if($res == FALSE) {
|
||
|
echo "Connection failed.\n";
|
||
|
}
|
||
|
elseif($res == TRUE){
|
||
|
echo "Connection established.\n";
|
||
|
}
|
||
|
|
||
|
A port can also be specified for the hostname. eg:
|
||
|
|
||
|
$res = $as->connect("my.asterisk.server:1234", "username", "port");
|
||
|
|
||
|
If the no parameters are specified, the defaults from the config will be used.
|
||
|
|
||
|
|
||
|
------------------------------------------------------------------------------
|
||
|
DISCONNECTING
|
||
|
------------------------------------------------------------------------------
|
||
|
|
||
|
$as->disconnect();
|
||
|
|
||
|
------------------------------------------------------------------------------
|
||
|
SENDING REQUESTS
|
||
|
------------------------------------------------------------------------------
|
||
|
|
||
|
$as->send_request($eventname, $arrayofparameterstopass);
|
||
|
|
||
|
send_request() calls wait_request and returns an array of returned data from
|
||
|
the manager. If something went wrong, it returns false.
|
||
|
|
||
|
wait_request() shouldn't need to be called from a script directly unless you
|
||
|
are implementing merely an event listener.
|
||
|
|
||
|
wait_request() will also detect events and dispatch any registered event
|
||
|
handlers for the event.
|
||
|
|
||
|
examples:
|
||
|
|
||
|
$res = $as->send_request('EventName',
|
||
|
array('Channel'=>'Zap/1/16045551212',
|
||
|
'SomeParameter'=>'data'));
|
||
|
echo "Dump of returned data:\n";
|
||
|
foreach($res as $var=>$val)
|
||
|
echo "$var = $val\n";
|
||
|
|
||
|
|
||
|
$res['Response'] will generally be 'Success' on success and 'Error' on
|
||
|
failure. But this is not always true. If $res['Response'] == 'Follows', a
|
||
|
multi-line response will be stored in $res['data'].
|
||
|
|
||
|
Several manager commands have been aliased for convenience. See below.
|
||
|
|
||
|
------------------------------------------------------------------------------
|
||
|
EVENTS
|
||
|
------------------------------------------------------------------------------
|
||
|
|
||
|
TODO: non-blocking socket i/o.
|
||
|
|
||
|
The class uses event callbacks to process events received from the manager.
|
||
|
|
||
|
The event callback prototype looks like:
|
||
|
|
||
|
function dump_event($ecode, $data, $server, $port)
|
||
|
{
|
||
|
echo "received event '$ecode' from $server:$port\n";
|
||
|
print_r($data);
|
||
|
}
|
||
|
|
||
|
To register an event call back:
|
||
|
|
||
|
$as->add_event_handler('eventname', 'eventfunction');
|
||
|
|
||
|
eg:
|
||
|
|
||
|
$as->add_event_handler('registry', 'dump_event');
|
||
|
|
||
|
|
||
|
The special eventname "*" can also be registered. any eventname not
|
||
|
specifically registered will be handled by the "*" handler. If no "*" handler
|
||
|
is defined, the event will be silently ignored.
|
||
|
|
||
|
|
||
|
------------------------------------------------------------------------------
|
||
|
PRECANNED FUNCTIONS
|
||
|
------------------------------------------------------------------------------
|
||
|
|
||
|
The following Manager functions have been aliased for convenience:
|
||
|
|
||
|
AbsoluteTimeout
|
||
|
ChangeMonitor
|
||
|
Command
|
||
|
Events
|
||
|
ExtensionState
|
||
|
GetVar
|
||
|
Hangup
|
||
|
IAXPeers
|
||
|
ListCommands
|
||
|
Logoff
|
||
|
MailboxCount
|
||
|
MailboxStatus
|
||
|
Monitor
|
||
|
Originate
|
||
|
ParkedCalls
|
||
|
Ping
|
||
|
Queues
|
||
|
QueueStatus
|
||
|
Redirect
|
||
|
SetCDRUserField
|
||
|
SetVar
|
||
|
SIPpeers
|
||
|
Status
|
||
|
StopMontor
|
||
|
ZapDialOffhook
|
||
|
ZapDNDoff
|
||
|
ZapDNDon
|
||
|
ZapHangup
|
||
|
ZapTransfer
|
||
|
|