Pickupgroup and callgroup being ignored
Submitted by joshpatten on Wed, 04/23/2008 - 9:04am.
No matter what I try, I can't get the call pickup function (**XXXX) to obey what is set in each extensions callgroup and pickupgroup settings. I can put any numbers I want for callgroup and pickupgroup, within the permissible range, and it will be ignored and the call will be picked up by whoever decides to dial **XXXX while that extension is ringing.
Has anyone else experienced this?
This is a bit of a show stopper for security reasons.
look at this thread
Wed, 04/23/2008 - 12:00pm
I read through it and I
Wed, 04/23/2008 - 5:00pm
I read through it and I didn't see any mention of my problem. They were having an issue getting it working. I have it working, but ANYONE can pick up ANY RINGING EXTENSION no matter what I set callgroup or pickupgroup to (this is not a good thing for multiple departments).
From my understanding, this is the way it is supposed to work: SCENARIO 1: if extension a is in callgroup 1 pickupgroup 1 and extension b is in callgroup 2 pickupgroup 2, then neither of them are supposed to be able to pick up each others ringing calls by dialing **EXT
SCENARIO 2: if both extensions are set to callgroup 1 pickupgroup 1 then they should be able to pick up each others calls by dialing **EXT
This is not how it is currently functioning. The way it is currently working is SCENARIO 1 is allowing both extensions to pick up each others calls no matter what callgroup or pickupgroup they are in.
It's as if there is nothing checking what callgroup/pickupgroup the extensions are set to.
Am I not understanding the proper way to do this or is there some dialplan magic I need to put in for **EXT to work with callgroup / pickupgroup permissions?
http://lists.digium.com/piper
Thu, 04/24/2008 - 7:31am
http://lists.digium.com/pipermail/asterisk-users/2003-July/008141...
Quote:
"callgroup" is a group of incoming "calls".
"pickupgroup" is for membership purposes.
A channel that belongs to a pickupgroup, can pickup all incoming calls on the same callgroup by hitting *8#.
A channel can belong to multiple pickupgroup's, ie: pickupgroup=1,2,3
This channel would then be able to pickup calls on callgroup 1, 2 or 3 by hitting *8#.
-wade
Am I the only one noticing this isn't working as intended?
Should I take this up with FreePBX?
Josh,
This is core Asterisk
Thu, 04/24/2008 - 7:31pm
Josh,
This is core Asterisk functionality. There should not be a problem. However I do not thing you dial the ringing extension.
All this was gleamed from the Asterisk documentation.
Callgroup has nothing to do with pickup group. All the phones in a pickup group should be able to pickup any phone ringing in that group.
To see that a phone is registered to the right pickupgroup take a look in the CLI at the output of a sip show per If you would like me to test tomorrow on a test system let me know.
Scott
--
Scott
aka "Skyking"
skykingoh:
This may seem
Thu, 04/24/2008 - 8:05pm
skykingoh:
This may seem confusing, but I will try:
The callgroup attribute defines what "call pickup group" an extension is in.
The pickupgroup attribute defines what "call pickup groups" that an extension is allowed to pick up while in a ringing state.
So if an extension has the following set:
callgroup = 1
pickupgroup = 1
then that extension belongs to "call pickup group" number 1 (callgroup = 1) and can pickup any ringing extension in "call pickup group" number 1 (pickupgroup=1), but not any other group
if an extension has the following set:
callgroup = 2
pickupgroup = 1,2
then that extension belongs to "call pickup group" number 2 (callgroup = 2) and can pickup any ringing extension in "call pickup groups" number 1 AND 2 (pickupgroup=1,2), but not any other groups.
I am almost 100% certain this is how this is supposed to work. The whole reason behind this post is to point out that it is not working for me, the **EXT option is ignoring these values and letting ANYONE pick up ANY ringing extension no matter who they are. This is a BIG social networking and security risk and I can't move forward until I resolve this.
Also, sip show peer XXXX is properly showing the callgroup and pickupgroup attributes.
I think I see the issue
Thu, 04/24/2008 - 8:36pm
I understand now. I always
Fri, 04/25/2008 - 9:16am
I understand now. I always thought you dialed *8EXT instead of just *8.
Maybe I'll see if I can write some dial-plan magic that will (I don't know how) check which callgroup a ringing extension is in that way **EXT will obey callgroup and and pickupgroup definitions.
It amazes me that no one has been concerned with the security aspects of **EXT.
Also, if anyone knows if there is an easy way to check this info within the dial plan, please post here. It would make it much easier to write the dialplan for it.
Look in
Fri, 04/25/2008 - 9:26am
Look in extensions_additional. It just uses the Asterisk pickup command.
[app-pickup]
include => app-pickup-custom
exten => _**.,1,Noop(Attempt to Pickup ${EXTEN:2} by ${CALLERID(num)})
exten => _**.,n,Pickup(${EXTEN:2})
; end of [app-pickup]
Now that you have pointed out the security flaw I am going to remove this functionality from any system I think is insecure.
To mitigate security issues with *8 just make sure to put the groups in the right pickupgroup.
Scott
--
Scott
aka "Skyking"
If you think about it...
Fri, 04/25/2008 - 11:57am
If you think about it, you DON'T want to have to dial [ACCESS Code/EXTENSION] to pick up a ringing extension (IMO) in your group/department.
First of all, you would have to know specifically who's phone is ringing (they often all sound alike), and then you would have to either know that particular extension number, or quickly look it up. If there were 8 or 10 phones in various nearby locations, some behind partitions or in cubicles, say, then this could be a challenge to even know for sure which phone was even ringing.
It makes much more sense, and is easier to implement, to have a generic 'pickup code' for your group, and your group only. No extensions numbers required, just 'answer the dang phone' with one common code, which you can now even assign to a programmable button, and label it 'Group Pickup'.
YMMV
That's all well and good if
Sun, 04/27/2008 - 2:28pm
That's all well and good if you don't use BLF buttons, however modern day Aastra and Grandstream phones (haven't tested others) handle call pickup on BLF buttons by inserting a dial string in front of the extension number to pick up a ringing extension (grandstream: **+ext, aastra: customizable string+ext) when you press the button of that extension.
If someone knows how to access the callgroup and pickupgroup parameters for an extension within the dialplan, please post that information here so I can begin writing a custom dialplan, or so I can customize FreePBX and post the submission.
solution found
Tue, 04/29/2008 - 9:46am
I have spent a day and a half crunching through FreePBX code and I finally have a working solution. the bad thing is that I had to modify the core module, so I will see if you guys think it would be worth it to submit this to FreePBX or not.
PLEASE backup your original files before messing with this. I have tested it on my box and while it didn't do anything harmful to me, there is no telling what it might do to you.
This was done on version 2.4.0.1 of the core FreePBX module.
The first file I modified was /var/www/html/admin/modules/core/functions.inc.php
on line 675 of the original file
change the following code:
// Call pickup using app_pickup - Note that '**xtn' is hard-coded into the GXPs and SNOMs as a number to dial
// when a user pushes a flashing BLF.
if ($fc_pickup != '') {
$ext->addInclude('from-internal-additional', 'app-pickup');
$fclen = strlen($fc_pickup);
$ext->add('app-pickup', "_$fc_pickup.", '', new ext_NoOp('Attempt to Pickup ${EXTEN:'.$fclen.'} by ${CALLERID(num)}'));
if (strstr($version, 'BRI'))
$ext->add('app-pickup', "_$fc_pickup.", '', new ext_dpickup('${EXTEN:'.$fclen.'}'));
else
$ext->add('app-pickup', "_$fc_pickup.", '', new ext_pickup('${EXTEN:'.$fclen.'}'));
}
to
// Call pickup using app_pickup - Note that '**xtn' is hard-coded into the GXPs and SNOMs as a number to dial
// when a user pushes a flashing BLF.
if ($fc_pickup != '') {
$ext->addInclude('from-internal-additional', 'app-pickup');
$fclen = strlen($fc_pickup);
$ext->add('app-pickup', "_$fc_pickup.", '', new ext_NoOp('Attempt to Pickup ${EXTEN:'.$fclen.'} by ${CALLERID(num)}'));
//new code to do permission checking
$ext->add('app-pickup', "_$fc_pickup.", '', new ext_setvar('CALLG','${DB(AMPUSER/${EXTEN:'.$fclen.'}/callgroup)}'));
$ext->add('app-pickup', "_$fc_pickup.", '', new ext_setvar('PICKUPG','${DB(AMPUSER/${CALLERID(number)}/pickupgroup)}'));
$ext->add('app-pickup', "_$fc_pickup.", '', new ext_system('${ASTAGIDIR}/parse.py ${CALLG} ${PICKUPG}'));
$ext->add('app-pickup', "_$fc_pickup.", '', new ext_gotoif('$[${SYSTEMSTATUS} = APPERROR]','permden','permok'));
$ext->add('app-pickup', "_$fc_pickup.", 'permden', new ext_playback('sorry-cant-let-you-do-that2'));
$ext->add('app-pickup', "_$fc_pickup.", '', new ext_hangup(''));
//end new code
if (strstr($version, 'BRI')) {
//added from-did-direct and from-internal
$ext->add('app-pickup', "_$fc_pickup.", 'permok', new ext_dpickup('${EXTEN:'.$fclen.'}'));
$ext->add('app-pickup', "_$fc_pickup.", '', new ext_dpickup('${EXTEN:'.$fclen.'}@from-did-direct'));
$ext->add('app-pickup', "_$fc_pickup.", '', new ext_dpickup('${EXTEN:'.$fclen.'}@from-internal'));
}
else {
//added from-did-direct and from-internal
$ext->add('app-pickup', "_$fc_pickup.", 'permok', new ext_pickup('${EXTEN:'.$fclen.'}'));
$ext->add('app-pickup', "_$fc_pickup.", '', new ext_pickup('${EXTEN:'.$fclen.'}@from-did-direct'));
$ext->add('app-pickup', "_$fc_pickup.", '', new ext_pickup('${EXTEN:'.$fclen.'}@from-internal'));
}
}
Also, starting at line 2439 of the original file,
change:
//write to astdb
if ($astman) {
$cid_masquerade = (isset($cid_masquerade) && trim($cid_masquerade) != "")?trim($cid_masquerade):$extension;
$astman->database_put("AMPUSER",$extension."/password",isset($password)?$password:'');
$astman->database_put("AMPUSER",$extension."/ringtimer",isset($ringtimer)?$ringtimer:'');
$astman->database_put("AMPUSER",$extension."/noanswer",isset($noanswer)?$noanswer:'');
$astman->database_put("AMPUSER",$extension."/recording",isset($recording)?$recording:'');
$astman->database_put("AMPUSER",$extension."/outboundcid",isset($outboundcid)?"\"".$outboundcid."\"":'');
$astman->database_put("AMPUSER",$extension."/cidname",isset($name)?"\"".$name."\"":'');
$astman->database_put("AMPUSER",$extension."/cidnum",$cid_masquerade);
$astman->database_put("AMPUSER",$extension."/voicemail","\"".isset($voicemail)?$voicemail:''."\"");
to:
//write to astdb
if ($astman) {
$cid_masquerade = (isset($cid_masquerade) && trim($cid_masquerade) != "")?trim($cid_masquerade):$extension;
$astman->database_put("AMPUSER",$extension."/password",isset($password)?$password:'');
$astman->database_put("AMPUSER",$extension."/ringtimer",isset($ringtimer)?$ringtimer:'');
$astman->database_put("AMPUSER",$extension."/noanswer",isset($noanswer)?$noanswer:'');
$astman->database_put("AMPUSER",$extension."/recording",isset($recording)?$recording:'');
$astman->database_put("AMPUSER",$extension."/outboundcid",isset($outboundcid)?"\"".$outboundcid."\"":'');
$astman->database_put("AMPUSER",$extension."/cidname",isset($name)?"\"".$name."\"":'');
$astman->database_put("AMPUSER",$extension."/cidnum",$cid_masquerade);
$astman->database_put("AMPUSER",$extension."/voicemail","\"".isset($voicemail)?$voicemail:''."\"");
//added code to insert callgroup and pickupgroup info to the built in DB
if (isset($devinfo_callgroup)) {
$astman->database_put("AMPUSER",$extension."/callgroup",$devinfo_callgroup);
}
else {
$astman->database_put("AMPUSER",$extension."/callgroup",'');
}
if (isset($devinfo_pickupgroup)) {
$astman->database_put("AMPUSER",$extension."/pickupgroup",$devinfo_pickupgroup);
}
else {
$astman->database_put("AMPUSER",$extension."/pickupgroup",'');
}
//end added code
You will also need to put the following code into /var/lib/asterisk/agi-bin/parse.py
#!/usr/bin/python
import string
import sys
# Get the values from asterisk
callgroup = sys.argv[1]
pickupgroup = sys.argv[2]
group_array = []
# split the string by commas
pgsplit = pickupgroup.split(',')
#hacky
j=0
i=0
while j < len(pgsplit):
#If the value has a dash in it, the first statement will reject it sending it to the except: statement.
try:
group_array.append(int(pgsplit[j]))
except:
split_range = pgsplit[j].split('-')
split_range[1] = int(split_range[1]) + 1
range_count = range(int(split_range[0]), split_range[1])
for num in range_count:
group_array.append(num)
j = j + 1
while i < len(group_array):
if int(callgroup) == group_array[i]:
sys.exit(0)
i = i + 1
sys.exit(1)
NOTE: with python, you must make sure the code is tabbed right, otherwise it will freak out on you. also, run the following command to make the script executable:
chmod +x /var/lib/asterisk/agi-bin/parse.py
after you click submit on an extension and apply your configuration, the code will modify extensions_additional.conf with the following:
[app-pickup]
include => app-pickup-custom
exten => _**.,1,Noop(Attempt to Pickup ${EXTEN:2} by ${CALLERID(num)})
exten => _**.,n,Set(CALLG=${DB(AMPUSER/${EXTEN:2}/callgroup)})
exten => _**.,n,Set(PICKUPG=${DB(AMPUSER/${CALLERID(number)}/pickupgroup)})
exten => _**.,n,System(${ASTAGIDIR}/parse.py ${CALLG} ${PICKUPG})
exten => _**.,n,GotoIf($[${SYSTEMSTATUS} = APPERROR]?permden:permok)
exten => _**.,n(permden),Playback(sorry-cant-let-you-do-that2)
exten => _**.,n,Hangup
exten => _**.,n(permok),Pickup(${EXTEN:2})
exten => _**.,n,Pickup(${EXTEN:2}@from-did-direct)
exten => _**.,n,Pickup(${EXTEN:2}@from-internal)
; end of [app-pickup]
Now, just make sure to input the callgroup and pickupgroup parameters into each of your extension and the call pickup command **EXT will obey your callgroup and pickupgroup parameters.
If anyone has any suggestions or wants more info, please post here.
Member Since:
2007-01-20