Meta ġejt biex naħdem għal din il-kumpanija, diġà kelli xi database ta 'apparati IP, diversi servers b'asterisk u garża fil-forma ta' FreeBPX. Barra minn hekk, PBX analogu Samsung IDCS500 ħadem b'mod parallel u, b'mod ġenerali, kien is-sistema ta 'komunikazzjoni ewlenija fil-kumpanija; It-telefonija IP kienet taħdem biss għad-dipartiment tal-bejgħ. U kollox kien ikompli jsajjar hekk, iżda ġurnata tajba ingħata digriet biex kulħadd jittrasferixxi għat-telefonija IP, ġew miftiehma skadenzi, inxtara tagħmir, u beda jiġi implimentat il-pjan biex tittrasferixxi l-intrapriża fis-seklu 21.
L-ewwel ħaġa li tibda tinkwieta f'sitwazzjoni bħal din hija n-numru li qed jikber malajr ta 'settijiet tat-telefon li jeħtieġ li jiġu ġestiti b'xi mod, it-tieni ħaġa li kienet inkwetanti ħafna kienet il-ktieb tat-telefon. Jekk Endpoint Manager jista 'jgħinna bl-ewwel waħda (li, bil-mod, inqatgħet mill-aħħar verżjonijiet ta' FreePBX), allura qamu xi mistoqsijiet mal-ktieb:
- L-ewwelnett, kif tiżgura l-eżattezza tagħha meta l-post/fluwidità tal-utenti qed tinbidel kontinwament?
- It-tieni, kif tiddepersonalizza kompletament it-telefowns. U mhux timla l-isem tal-kuntatt kull darba?
Il-problema kienet interessanti, is-soluzzjoni ma dametx ħafna biex tasal. Issa se nagħti l-elenkar sħiħ, u mbagħad inħarsu lejha fl-ordni.
from scapy.all import sniff
from scapy.layers.inet import IP
import mysql.connector
import ldap
import getpass
import tftpy
import requests
import os
import time
from string import replace
def conn_ldap(login):
ad = ldap.initialize('ldap://***.local')
ad.simple_bind_s('voip@***.local', 'password')
basedn = 'OU=IT,DC=***,DC=LOCAL'
basedn_user = 'OU=***,OU=***,DC=***,DC=LOCAL'
scope = ldap.SCOPE_SUBTREE
filterexp = "(&(sAMAccountName=" + login + ")(ObjectClass=person))"
filterexp2 = "(&(ObjectClass=organizationUnit))"
attrlist = ['cn']
attrlist2 = ['OU']
search = ad.search_s(basedn, scope, filterexp, attrlist)
adname = search[0][1]['cn'][0].decode('utf-8')
if adname == ' ':
search = ad.search_s(basedn_user, scope, filterexp2, attrlist2)
for i in range(1, len(search)+1):
group = search[i][1]['ou'][0]
basedn_user2 = 'OU='+group+','+basedn_user
search = ad.search_s(basedn_user2, scope, filterexp, attrlist)
adname = search[0][1]['cn'][0].decode('utf-8')
if adname != ' ':
return adname
adname = search[0][1]['cn'][0].decode('utf-8')
ad.unbind_s()
return adname
def tftp_file_change(config,place,adname,current_account,current_account_password):
client = tftpy.TftpClient("192.168.0.3", 69)
client.download('template.cfg', place)
fileread = open(place, 'r')
line = fileread.readlines()
fileread.close()
line[5] = (('account.1.label = ').encode('utf-8') + adname.encode('utf-8') + 'n')
line[2] = (('account.1.auth_name = ').encode('utf-8') + current_account.encode('utf-8') + 'n')
line[3] = (('account.1.display_name = ').encode('utf-8') + current_account.encode('utf-8') + 'n')
line[6] = (('account.1.password = ').encode('utf-8') + current_account_password[0][0] + 'n')
filewrite = open(place, 'w')
for i in line:
filewrite.write(i)
filewrite.close()
print place
print config
client.upload(config,place)
def get_phone_inform(ipaddr):
fileconf = requests.get('http://admin:admin@'+ipaddr+'/servlet?phonecfg=get[&accounts=1]')
conf = fileconf.text.split('|')
current_account = conf[2]
return current_account
def sniff_frame():
pcapf = sniff(count=1, timeout=70, filter="dst host 192.168.0.3 and port 5060")
if len(pcapf) == 0:
exit()
frame = pcapf[0]
macaddr = frame.src
print macaddr[:8]
if macaddr[:8] != '80:5e:c0':
exit()
ipaddr = frame[0][IP].src
return macaddr, ipaddr
def conn_mysql(query,fquery,macaddr,qwery2):
connect = mysql.connector.connect(host='192.168.0.3', database='voip', user='voip_wr', password='***')
cursor = connect.cursor()
cursor.execute(fquery)
state = cursor.fetchall()
state = bool(state[0][0])
if state == True:
cursor.execute(qwery2)
connect.commit()
connect.close()
else:
cursor.execute(query)
connect.commit()
connect.close()
def check_account(current_account):
connect = mysql.connector.connect(host='192.168.0.3', database='asterisk', user='voip_wr', password='***')
cursor = connect.cursor()
qwery = 'select data from sip where id=' + current_account + ' and keyword="secret";'
cursor.execute(qwery)
password = cursor.fetchall()
if password == ' ':
exit()
else:
return password
if __name__ == '__main__':
macaddr, ipaddr = sniff_frame()
current_account = get_phone_inform(ipaddr)
current_account_password = check_account(current_account)
macaddr = macaddr.replace(':', '')
ipaddr = ipaddr.decode('utf-8')
adname = conn_ldap(getpass.getuser())
query = 'INSERT INTO station (mac, ip, name, number) VALUES (' + '"' + macaddr + '",' + '"' + ipaddr + '",' + '"' + adname + '",' + '"' + get_phone_inform(ipaddr) + '"' + ')'
qwery2 = 'UPDATE station SET ip=' + '"' + ipaddr + '"' + ', name=' + '"' + adname + '"' + ', number=' + '"' + get_phone_inform(ipaddr) + '"' + ' WHERE mac=' + '"' + macaddr + '"'
fquery = 'SELECT EXISTS(SELECT mac FROM voip.station WHERE mac=' + '"' + macaddr + '")'
query = query.encode('utf-8')
fquery = fquery.encode('utf-8')
config = macaddr + '.cfg'
place = os.path.expanduser("~") + "" + "AppDataLocal" + config
conn_mysql(query,fquery,macaddr,qwery2)
tftp_file_change(config,place,adname,current_account,current_account_password)
requests.get('http://admin:admin@'+ipaddr+'/cgi-bin/ConfigManApp.com?key=AutoP')
requests.get('http://admin:admin@'+ipaddr+'/cgi-bin/ConfigManApp.com?key=Reboot')Il-programm jaħdem fuq il-kompjuter tal-utent u jaħdem sakemm il-kompjuter ikun imqabbad man-netwerk permezz ta' telefon, peress li Yealink T19 ma jistax jaħdem bħala gateway.
L-ewwel, irridu nifhmu jekk huwiex konness? u x'mac u ip għandu t-telefon tagħna.
def sniff_frame():
pcapf = sniff(count=1, timeout=70, filter="dst host 192.168.0.3 and port 5060")
if len(pcapf) == 0:
exit()
frame = pcapf[0]
macaddr = frame.src
print macaddr[:8]
if macaddr[:8] != '80:5e:c0':
exit()
ipaddr = frame[0][IP].src
return macaddr, ipaddr
Hawnhekk nużaw il-funzjoni sniff mill-qafas scapy, bl-għajnuna tagħha nirċievu pakkett udp predeterminat, nistennew 70 sekonda u jekk ma naqbdu xejn, noħorġu.
count=1, timeout=70, filter="dst host 192.168.0.3 and port 5060"Sussegwentement, niżguraw li l-apparat huwa tabilħaqq Yealink u jirritorna l-valuri meħtieġa (ip u mac).
Bl-użu ta 'talba speċjali, insibu l-kont kurrenti fuq it-telefon. Biex tagħmel dan, il-konfigurazzjoni attwali hija mniżżla mit-telefon u parsed.
def get_phone_inform(ipaddr):
fileconf = requests.get('http://admin:admin@'+ipaddr+'/servlet?phonecfg=get[&accounts=1]')
conf = fileconf.text.split('|')
current_account = conf[2]
return current_accountSib il-password għal dan il-kont. Biex tagħmel dan, aħna nduru għat-tabella asterisk.sip u l-qasam tad-dejta fiha.
def check_account(current_account):
connect = mysql.connector.connect(host='192.168.0.3', database='asterisk', user='voip_wr', password='***')
cursor = connect.cursor()
qwery = 'select data from sip where id=' + current_account + ' and keyword="secret";'
cursor.execute(qwery)
password = cursor.fetchall()
if password == ' ':
exit()
else:
return passwordUkoll, għall-istadju finali aħna nikkonnettjaw ma 'ldap AD u nużaw sAMAccountName miksuba permezz tal-funzjoni getpass.getuser() ħu s-cn tal-utent attwali (li normalment ikun fih l-isem sħiħ tal-utent).
def conn_ldap(login):
ad = ldap.initialize('ldap://***.local')
ad.simple_bind_s('voip@***.local', 'password')
basedn = 'OU=***,DC=***,DC=LOCAL'
basedn_user = 'OU=***,OU=***,DC=***,DC=LOCAL'
scope = ldap.SCOPE_SUBTREE
filterexp = "(&(sAMAccountName=" + login + ")(ObjectClass=person))"
filterexp2 = "(&(ObjectClass=organizationUnit))"
attrlist = ['cn']
attrlist2 = ['OU']
search = ad.search_s(basedn, scope, filterexp, attrlist)
adname = search[0][1]['cn'][0].decode('utf-8')
if adname == ' ':
search = ad.search_s(basedn_user, scope, filterexp2, attrlist2)
for i in range(1, len(search)+1):
group = search[i][1]['ou'][0]
basedn_user2 = 'OU='+group+','+basedn_user
search = ad.search_s(basedn_user2, scope, filterexp, attrlist)
adname = search[0][1]['cn'][0].decode('utf-8')
if adname != ' ':
return adname
adname = search[0][1]['cn'][0].decode('utf-8')
ad.unbind_s()
return adnameAħna nikkonnettjaw ma 'tabella maħluqa minn qabel fid-database (ħloqnieha hemmhekk) u daħħal dak kollu li tgħallimna, jiġifieri: ip, mac, username.
def conn_mysql(query,fquery,macaddr,qwery2):
connect = mysql.connector.connect(host='192.168.0.3', database='voip', user='voip_wr', password='***')
cursor = connect.cursor()
cursor.execute(fquery)
state = cursor.fetchall()
state = bool(state[0][0])
if state == True:
cursor.execute(qwery2)
connect.commit()
connect.close()
else:
cursor.execute(query)
connect.commit()
connect.close()Nistgħu nieqfu hawn, minħabba li diġà ħloqna ktieb tal-indirizzi dinamiku, tista 'titlob, imma jien mort aktar u żidt l-għoti awtomatiku ta' apparati hawn.
Biex tagħmel dan, titniżżel konfigurazzjoni tal-mudell minn server tftp konfigurat minn qabel, li fih nagħmlu l-bidliet tagħna u nissejvjah bħala mac.cfg. Jiġifieri, għal Yealink hemm żewġ tipi ta 'konfigurazzjoni, waħda hija globali, u t-tieni tapplika għal telefon speċifiku u għandha tkun tal-forma mac_phone.cfg
Wara l-bidliet kollha fil-fajl u ssalvah lura fis-server tftp, aħna nagħtu l-kmand lit-telefon biex jipprovdi u reboot l-apparat.
def tftp_file_change(config,place,adname,current_account,current_account_password):
client = tftpy.TftpClient("192.168.0.3", 69)
client.download('template.cfg', place)
fileread = open(place, 'r')
line = fileread.readlines()
fileread.close()
line[5] = (('account.1.label = ').encode('utf-8') + adname.encode('utf-8') + 'n')
line[2] = (('account.1.auth_name = ').encode('utf-8') + current_account.encode('utf-8') + 'n')
line[3] = (('account.1.display_name = ').encode('utf-8') + current_account.encode('utf-8') + 'n')
line[6] = (('account.1.password = ').encode('utf-8') + current_account_password[0][0] + 'n')
filewrite = open(place, 'w')
for i in line:
filewrite.write(i)
filewrite.close()
print place
print config
client.upload(config,place)requests.get('http://admin:admin@'+ipaddr+'/cgi-bin/ConfigManApp.com?key=AutoP')
requests.get('http://admin:admin@'+ipaddr+'/cgi-bin/ConfigManApp.com?key=Reboot')Wara li terġa 'tibda l-apparat, inġibu l-isem sħiħ tagħna fuq l-iskrin tat-telefon + ktieb tal-indirizzi mimli dejjem b'mod korrett fil-forma ta' database, allura dak kollu li jibqa 'huwa li żżid XML u ftit PHP biex turi l-kontenut b'mod dinamiku. Hemm ħafna eżempji bħal dawn, anke YEALINK innifsu għandu minnhom.
PS: Għal skalabbiltà akbar, tista 'timxi s-settings prinċipali (varjabbli) f'fajl separat.
Sors: www.habr.com