Call forward authorization

i_kuliev · April 28, 2009, 7:10am

I have Call Forward 2.5.0.2 and it generally works (all I need is unconditional forward), but there’s one thing I’m not happy about.
I’ve found that I can forward any call anywhere, not only manage my own phone extension.

For example, my extension is 444. I can dial *72, and enter any local extension as origin and any local extension as destination. Isn’t this a bad thing? It means anyone can mess up the whole system!
(Forward all boss’s incoming phone calls to a local janitor, for instance)

Wouldn’t it be more secure if when someone dials *72, he doesn’t get a prompt for his extension, and gets only a prompt for destination where he wants his incoming call forwarded?

How can I achieve it? What did I miss?

Thank you in advance for your time!

UPD:
Found a solution here
http://www.trixbox.org/forums/trixbox-forums/open-discussion/preventing-naughty-user-call-forwarding-other-extensions

wiseoldowl · April 28, 2009, 12:41pm

I THINK the following would be a proper fix… just put the following three contexts in /etc/asterisk/extensions_custom.conf :

[app-cf-on-custom]
exten => *72,1,Answer
exten => *72,n,Wait(1)
exten => *72,n,Macro(user-callerid,)
exten => *72,n,Playback(call-fwd-unconditional)
exten => *72,n(startread),Playback(ent-target-attendant)
exten => *72,n,Read(toext,then-press-pound,,,,)
exten => *72,n,GotoIf($["foo${toext}"="foo"]?startread)
exten => *72,n,Wait(1)
exten => *72,n,Set(DB(CF/${AMPUSER})=${toext})
exten => *72,n,Playback(call-fwd-unconditional&for&extension)
exten => *72,n,SayDigits(${AMPUSER})
exten => *72,n,Playback(is-set-to)
exten => *72,n,SayDigits(${toext})
exten => *72,n,Macro(hangupcall,)
exten => _*72.,1,Answer
exten => _*72.,n,Wait(1)
exten => _*72.,n,Macro(user-callerid,)
exten => _*72.,n,Set(DB(CF/${AMPUSER})=${EXTEN:3})
exten => _*72.,n,Playback(call-fwd-unconditional&for&extension)
exten => _*72.,n,SayDigits(${AMPUSER})
exten => _*72.,n,Playback(is-set-to)
exten => _*72.,n,SayDigits(${EXTEN:3})
exten => _*72.,n,Macro(hangupcall,)
exten => h,1,Hangup()

[app-cf-busy-on-custom]
exten => *90,1,Answer
exten => *90,n,Wait(1)
exten => *90,n,Macro(user-callerid,)
exten => *90,n,Playback(call-fwd-on-busy)
exten => *90,n(startread),Playback(ent-target-attendant)
exten => *90,n,Read(toext,then-press-pound,,,,)
exten => *90,n,GotoIf($["foo${toext}"="foo"]?startread)
exten => *90,n,Wait(1)
exten => *90,n,Set(DB(CFB/${AMPUSER})=${toext})
exten => *90,n,Playback(call-fwd-on-busy&for&extension)
exten => *90,n,SayDigits(${AMPUSER})
exten => *90,n,Playback(is-set-to)
exten => *90,n,SayDigits(${toext})
exten => *90,n,Macro(hangupcall,)
exten => _*90.,1,Answer
exten => _*90.,n,Wait(1)
exten => _*90.,n,Macro(user-callerid,)
exten => _*90.,n,Set(DB(CFB/${AMPUSER})=${EXTEN:3})
exten => _*90.,n,Playback(call-fwd-on-busy&for&extension)
exten => _*90.,n,SayDigits(${AMPUSER})
exten => _*90.,n,Playback(is-set-to)
exten => _*90.,n,SayDigits(${EXTEN:3})
exten => _*90.,n,Macro(hangupcall,)
exten => h,1,Hangup()

[app-cf-unavailable-on-custom]
exten => *52,1,Answer
exten => *52,n,Wait(1)
exten => *52,n,Macro(user-callerid,)
exten => *52,n,Playback(call-fwd-no-ans)
exten => *52,n(startread),Playback(ent-target-attendant)
exten => *52,n,Read(toext,then-press-pound,,,,)
exten => *52,n,GotoIf($["foo${toext}"="foo"]?startread)
exten => *52,n,Wait(1)
exten => *52,n,Set(DB(CFU/${AMPUSER})=${toext})
exten => *52,n,Playback(call-fwd-no-ans&for&extension)
exten => *52,n,SayDigits(${AMPUSER})
exten => *52,n,Playback(is-set-to)
exten => *52,n,SayDigits(${toext})
exten => *52,n,Macro(hangupcall,)
exten => _*52.,1,Answer
exten => _*52.,n,Wait(1)
exten => _*52.,n,Macro(user-callerid,)
exten => _*52.,n,Set(DB(CFU/${AMPUSER})=${EXTEN:3})
exten => _*52.,n,Playback(call-fwd-no-ans&for&extension)
exten => _*52.,n,SayDigits(${AMPUSER})
exten => _*52.,n,Playback(is-set-to)
exten => _*52.,n,SayDigits(${EXTEN:3})
exten => _*52.,n,Macro(hangupcall,)
exten => h,1,Hangup()

There ought to be a toggle for the preferred behavior in the General Settings, or better yet, in each extension’s configuration - see http://www.freepbx.org/trac/ticket/3637 for a proposal to that effect.

i_kuliev · April 28, 2009, 12:48pm

Good stuff, thanks a lot!
We don’t use *90 and *52 here, but maybe we will in the future

2life · August 3, 2011, 6:21pm

I tried this solution on FreePBX 2.9.0.7 and Asterisk 1.8.5.0. This context ([app-cf-on-custom] ) why it is not used.