Limiting extensions on ChanSpy

Hello,

First time poster, so please excuse anything incorrectly setup in this topic.

I’m using the targeted ChanSpy code as written by @lgaetz, which this forum won’t let me post a link to, but is available on githhub. EDIT: Linked text goes to Lorne’s code on github

The code works very well and as expected. I’ve limited who can access the feature by adding
exten => 556,n,Authenticate(1234)
What I’m looking to do in addition is limit which extensions can be monitored using ChanSpy. For example, extension 100 may be the HR department and you should not be able to listen to any active channels on that extension. Any information would be helpful.

Thank you, and thanks again @lgaetz for the useful code.

1 Like

This could get complex if you had an array of extensions that may or may not have access to an array of other extensions, but if your use case is as simple as always block spying to 100 or a small number of extensions, then you could do with something like this:

exten => _.,1,Noop(Entering user defined context targeted-chanspy in extensions_custom.conf)
exten => _.,n,ExecIF($["${EXTEN}"="100"]?Hangup)  ; if the target extension matches 100 just hangup
etc...

Add additional lines for each extension you want to block. If you have complex needs you can match on regex or define an array of extensions to block, and check EXTEN against the array.

1 Like

Hi @lgaetz,

Thanks for the response. I added that and changed the extension to 515 for my testing. It didn’t change the behavior of the whisper, and allowed me to whisper that extension number. Here are the asterisk logs surrounding that part of the call:

-- Executing [[email protected]:1] NoOp("SIP/507-0001a050", "Entering user defined context from-internal-custom in extensions_custom.conf") in new stack
-- Executing [[email protected]:2] Authenticate("SIP/507-0001a050", "2345") in new stack
-- <SIP/507-0001a050> Playing 'agent-pass.ulaw' (language 'en')
-- <SIP/507-0001a050> Playing 'auth-thankyou.ulaw' (language 'en')
-- Executing [[email protected]:3] Read("SIP/507-0001a050", "spyee,please-enter-the&extension&number&followed_pound") in new stack
-- <SIP/507-0001a050> Playing 'please-enter-the.ulaw' (language 'en')
-- User entered '515'
-- Executing [[email protected]:4] Goto("SIP/507-0001a050", "targeted-chanspy,515,1") in new stack
-- Goto (targeted-chanspy,515,1)
-- Executing [[email protected]:1] NoOp("SIP/507-0001a050", "Entering user defined context targeted-chanspy in extensions_custom.conf") in new stack
-- Executing [[email protected]:2] Set("SIP/507-0001a050", "TIMEOUT(absolute)=3600") in new stack
-- Channel will hangup at 2021-03-04 10:40:45.150 PST.

I tried whispering from extension 507 both extensions 512 and 515 that were on a call with each other.

The proposed dialplan does not appear in the snippet you provided. Did you reload asterisk?

Yes I run fwconsole reload each time I make a change. Here’s what I have in [from-internal-custom]

[from-internal-custom]
exten => 556,1,Noop(Entering user defined context from-internal-custom in extensions_custom.conf)
exten => 556,n,Authenticate(2345)
exten => 556,n,Read(spyee,please-enter-the&extension&number&followed_pound)
exten => 556,n,GoTo(targeted-chanspy,${spyee},1)
exten => _556.,1,Noop(Entering user defined context from-internal-custom in extensions_custom.conf)
exten => _556.,n,ExecIf($["${EXTEN}"="515"]?Hangup)  ; if the target extension matches 515 just hangup
exten => _556.,n,GoTo(targeted-chanspy,${EXTEN:3},1)      ;strip off prefix

I was proposing that the ExecIF goes in the targeted-chanspy context, not in from-internal-custom.

Gotcha, I see my mistake. That works perfectly, thank you so much @lgaetz !

1 Like

For anyone with the opposite requirement, where you want to restrict the feature code being dialed to a select group of users, you can do so by using the Class of Service module and @hgaibor’s modifications here: https://gist.github.com/hgaibor/82433116540f15ab345b2914500abb0d

1 Like

I knew I made up something for this. After all these years I have done most things at least once… Anyway this was something I put together to allow managers to monitor members of queues they managed…

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.