Skip to content

Commit

Permalink
Check special extenXXXX id to get users without endpoint hash
Browse files Browse the repository at this point in the history
  • Loading branch information
Nicolás committed Oct 25, 2023
1 parent 1c5427e commit c15e915
Show file tree
Hide file tree
Showing 2 changed files with 39 additions and 31 deletions.
33 changes: 19 additions & 14 deletions modules/endpoint_configurator/phonesrv/vendor/BaseVendorResource.class.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -55,13 +55,18 @@ function BaseVendorResource($db, $baseurl)
*/
protected function obtenerUsuarioIssabel($id_endpoint)
{
// Lista de cuentas del endpoint, por orden de prioridad
$recordset = $this->_db->fetchTable(
'SELECT account FROM endpoint_account WHERE id_endpoint = ? ORDER BY priority',
TRUE, array($id_endpoint));
if (!is_array($recordset)) return NULL;
$accounts = array();
foreach ($recordset as $tupla) $accounts[] = $tupla['account'];
if(substr($id_endpoint,0,5)=='exten') {
// for passing exten/pass credentials outside provisioned phones
$accounts=array(substr($id_endpoint,5));
} else {
// Lista de cuentas del endpoint, por orden de prioridad
$recordset = $this->_db->fetchTable(
'SELECT account FROM endpoint_account WHERE id_endpoint = ? ORDER BY priority',
TRUE, array($id_endpoint));
if (!is_array($recordset)) return NULL;
$accounts = array();
foreach ($recordset as $tupla) $accounts[] = $tupla['account'];
}

global $arrConf;
$pdbACL = new paloDB($arrConf['issabel_dsn']['acl']);
Expand Down Expand Up @@ -94,7 +99,7 @@ protected function listarAgendaIssabel($id_user, $addressBookType,
$sBuscarNombre = NULL)
{
global $arrConf;
$result = array(
$result = array(
'contacts' => NULL,
'fc' => NULL,
'fm' => NULL,
Expand All @@ -107,21 +112,21 @@ protected function listarAgendaIssabel($id_user, $addressBookType,
case 'internal':
$astDSN = generarDSNSistema('asteriskuser', 'asterisk', ISSABEL_BASE.'/');
if (!is_null($sBuscarNombre)) {
$field_name = 'name';
$field_name = 'name';
$field_pattern = "%{$sBuscarNombre}%";
}
$result['contacts'] = $addressBook->getDeviceFreePBX_Completed($astDSN, NULL, NULL, $field_name, $field_pattern);
break;
case 'external':
$result['contacts'] = $addressBook->getAddressBook(NULL, NULL, $field_name, $field_pattern, FALSE, $id_user);
if (is_array($result['contacts']) && !is_null($sBuscarNombre)) {
$t = array();
$t = array();
foreach ($result['contacts'] as $contact) {
$fullname = $contact['name'];
if (isset($contact['last_name'])) {
$fullname .= ' '.$contact['last_name'];
}
if ((stripos($fullname, $sBuscarNombre) !== FALSE)) $t[] = $contact;
if ((stripos($fullname, $sBuscarNombre) !== FALSE)) $t[] = $contact;
}
$result['contacts'] = $t;
}
Expand Down Expand Up @@ -150,15 +155,15 @@ protected function listarAgendaIssabel($id_user, $addressBookType,
*/
protected function listarCodigosFuncionalidades()
{
$recordset = $this->_db->fetchTable(
$recordset = $this->_db->fetchTable(
'SELECT IFNULL(customcode, defaultcode) AS code, description '.
'FROM asterisk.featurecodes WHERE enabled = 1 ORDER BY code', TRUE);
if (!is_array($recordset)) {
return NULL;
return NULL;
}
$r = array();
foreach ($recordset as $tupla) {
if (preg_match('/\d/', $tupla['code'])) $r[] = $tupla;
if (preg_match('/\d/', $tupla['code'])) $r[] = $tupla;
}
return $r;
}
Expand Down
37 changes: 20 additions & 17 deletions setup/usr/share/issabel/endpoint-classes/class/issabel/vendor/Atcom.py
100755 → 100644
View file
Original file line number Diff line number Diff line change
Expand Up @@ -26,7 +26,7 @@
# +----------------------------------------------------------------------+
# $Id: dialerd,v 1.2 2008/09/08 18:29:36 alex Exp $
import logging
import md5
import hashlib
import re
import requests
from issabel.BaseEndpoint import BaseEndpoint
Expand Down Expand Up @@ -108,7 +108,7 @@ def probeModel(self):
http = http.client.HTTPConnection(self._ip)
http.request('GET', '/index.asp')
resp = http.getresponse()
htmlbody = resp.read()
htmlbody = resp.read().decode('utf-8')
http.close()
m = re.search(r'Product Name : .+?>(\w+)<', htmlbody)
if m != None: sModel = m.group(1)
Expand Down Expand Up @@ -383,21 +383,21 @@ def _fetchOldConfigVersion(self, customList = None):
return m.group(2)

def _setupAtcomAuthentication(self):
http = http.client.HTTPConnection(self._ip)
myhttp = http.client.HTTPConnection(self._ip)

noncesources = ('/', '/', '/right.htm')
for noncesource in noncesources:
http.request('GET', noncesource, None, {'Connection' : 'keep-alive'})
resp = http.getresponse()
htmlbody = resp.read()
myhttp.request('GET', noncesource, None, {'Connection' : 'keep-alive'})
resp = myhttp.getresponse()
htmlbody = resp.read().decode('utf-8')
session = requests.Session()
mcookie = session.cookies.get_dict()
response = session.get('http://' + self._ip)
mcookie = session.cookies.get_dict()
if not resp.status in (200, 404):
logging.error('Endpoint %s@%s failed to fetch nonce for HTTP configuration - got response code %s' %
(self._vendorname, self._ip, resp.status))
http.close()
myhttp.close()
return (None, None)
elif resp.status == 200:
m = re.search(r'<input type="hidden" name="nonce" value="([0-9a-zA-Z]+)">', htmlbody)
Expand All @@ -412,7 +412,7 @@ def _setupAtcomAuthentication(self):
if m == None:
logging.error('Endpoint %s@%s failed to locate nonce in HTTP response' %
(self._vendorname, self._ip))
http.close()
myhttp.close()
return (None, None)
nonce = m.group(1)
# Identify firmware
Expand All @@ -424,24 +424,27 @@ def _setupAtcomAuthentication(self):
'Cookie' : 'auth=' + nonce,
'Content-Type' : 'application/x-www-form-urlencoded'
}

hashed_string = ':'.join((self._http_username, self._http_password, nonce)).encode('utf-8')

postvars = {
'encoded' : self._http_username + ':' +
md5.new(':'.join((self._http_username, self._http_password, nonce))).hexdigest(),
hashlib.md5(hashed_string).hexdigest(),
'nonce' : nonce,
'goto' : 'Logon',
'URL' : '/'
}
postdata = urlencode(postvars)
http.request('POST', noncesource, postdata, extraheaders)
myhttp.request('POST', noncesource, postdata, extraheaders)

resp = http.getresponse()
resp = myhttp.getresponse()
if resp.status != 200:
logging.error('Endpoint %s@%s failed to fetch login result - got response code %s' %
(self._vendorname, self._ip, resp.status))
http.close()
myhttp.close()
return (None, None)
htmlbody = resp.read()
return (http, nonce)
htmlbody = resp.read().decode('utf-8')
return (myhttp, nonce)

def _cleanupAtcomAuthentication(self, http, nonce):
# Got page, log out of HTTP interface
Expand All @@ -452,7 +455,7 @@ def _cleanupAtcomAuthentication(self, http, nonce):
}
http.request('POST', '/LogOut.htm', 'DefaultLogout=Logout', extraheaders)
resp = http.getresponse()
htmlbody = resp.read()
htmlbody = resp.read().decode('utf-8')
if resp.status != 200:
logging.error('Endpoint %s@%s failed to logout from phone - got response code %s' %
(self._vendorname, self._ip, resp.status))
Expand All @@ -478,7 +481,7 @@ def _fetchAtcomAuthenticatedPage(self, urlsProbe):
for resource in urlsProbe:
http.request('GET', resource, None, {'Connection' : 'keep-alive', 'Cookie' : 'auth=' + nonce})
resp = http.getresponse()
htmlbody = resp.read()
htmlbody = resp.read().decode('utf-8')
if resp.status == 200:
htmlres = (resource, htmlbody)
break
Expand Down Expand Up @@ -540,7 +543,7 @@ def _updateLocalConfig_AT800(self):
http.request('POST', '/goform/submit_upload_configfile', postdata,
{ 'Content-Type' : ' multipart/form-data; boundary=' + boundary })
resp = http.getresponse()
htmlbody = resp.read()
htmlbody = resp.read().decode('utf-8')
if resp.status != 200:
logging.error('Endpoint %s@%s failed to post configuration - got response code %s' %
(self._vendorname, self._ip, resp.status))
Expand Down

0 comments on commit c15e915

Please sign in to comment.