vxml_pin modification v2009061701 Function: Require a PIN to argusvxml to keep bad guys away Author: Jeremy Kister http://jeremy.kister.net./ ######################################################################## diff -ruBN argus-dev-20090222.orig/src/MonEl.pm argus-dev-20090222/src/MonEl.pm --- argus-dev-20090222.orig/src/MonEl.pm 2008-10-25 12:34:53.000000000 -0400 +++ argus-dev-20090222/src/MonEl.pm 2009-06-17 22:25:58.246796000 -0400 @@ -586,6 +586,12 @@ # AAA if more vxml params are added, these may be moved and renamed. # these are passed to vxml tts. ssml may be used if the tts engine suppports it. + vxml_pin => { + descr => 'authorization pin to keep bad guys away from argusvxml', + exmpl => '12345', + attrs => ['config'], + versn => '3.5', + }, vxml_short_name => { descr => 'short name for this object to be used in VXML TTS, may contain SSML', exmpl => 'gee double you seven three', diff -ruBN argus-dev-20090222.orig/src/vxml argus-dev-20090222/src/vxml --- argus-dev-20090222.orig/src/vxml 2008-07-28 19:19:28.000000000 -0400 +++ argus-dev-20090222/src/vxml 2009-06-18 00:25:17.578623000 -0400 @@ -64,6 +64,7 @@ my $argusd = argus_connect(); vxml_top(); +auth( $cgi->param('pin') ) if $func eq 'auth'; browse($obj) if $func eq 'browse'; notifs() if $func eq 'notifs'; # list all unacked notify( $cgi->param('idno') ) if $func eq 'notify'; # data on specific @@ -134,6 +135,7 @@ EOV ; + vxml_authmenu() unless( $func eq 'notify' ); } } @@ -145,6 +147,41 @@ ; } +sub auth { + my $pin = shift; + + if( my $req_pin = getparam('Top', 'vxml_pin') ){ + if($pin eq $req_pin){ + $func='browse'; + }else{ + vxml_denymenu('auth', $pin); # no specific hints about invalid pin + } + }else{ + vxml_errormenu( "no vxml pin set in config" ); + } +} + +sub vxml_authmenu { + + print < +