AMI Permissions issue

redwolf890 · October 25, 2011, 3:55pm

In my manager.conf I have the permissions for a given user set to:
read = system,call,log,verbose,agent,user,config,dtmf,reporting,cdr,dialplan
write = originate

However, when I am using the AMI, and do “Action: ListCommands”, the list I get is:
WaitEvent: (Priv: )
MixMonitorMute: (Priv: )
ParkedCalls: (Priv: )
ListCommands: (Priv: )
Originate: (Priv: originate,all)
Ping: (Priv: )
Challenge: (Priv: )
Login: (Priv: )
Logoff: (Priv: )
Events: (Priv: )
DataGet: (Priv: )

I do not get access to any other commands, so I cannot do things like hangup calls, get channel information, etc. It seems like a command like “sip show channels” would be a “read” permission, and since I have all read permissions I should get a longer list than AMI returns to me for ListCommands.

How can I use other commands?

EDIT: I was also just trying to do a simple “Action: Originate” but this was also failing. My call looked like:
Action: Originate
Channel: SIP/@
Context: default
Exten:
Priority: 1
Timeout: 30000
Callerid: 10

I’m very new to AMI and asterisk/SIP in general. However, I am watching the events happen via the CLI and am also sniffing all the SIP packets. Within the CLI I see the following warning:
WARNING[17320]: chan_sip.c:19568 handle_response_invite: Received response: “Forbidden” from '“10” sip:10@wrong_sip_domain;tage=asdasdfa
And then after the timeout specified in the call:
WARNING[17320]: chan_sip.c:retrans_pkt: Retransmission timeout reached on transmission

The domain that Asterisk shows in the first error is the wrong domain. I don’t reference it in my originate script, so I have no idea how it is getting there. Thanks.

david55 · October 25, 2011, 4:17pm

sip show channels is a CLI command. I think you will find the permission is set on the ability to do CLI commands, which can certainly write, not for each specific CLI command.

redwolf890 · October 25, 2011, 5:21pm

Thanks david55. So I built my manager.conf off a template. I included in the read line every permission that was listed in the template. What else would I need to add to my manager.conf permissions to be able to get channel information (which seems like it would be a “read” permission)?

david55 · October 25, 2011, 5:27pm

centos*CLI> manager show command command
Action: Command
Synopsis: Execute Asterisk CLI Command
Privilege: command,all

You are not getting channel information, you are running a CLI command, and may well require write for command, not just read for it. If you wanted non-SIP channel information, you would use:

Action: CoreShowChannels
Synopsis: List currently active channels
Privilege: system,reporting,all

which is internal to AMI and would ony need read permission.

redwolf890 · October 25, 2011, 6:10pm

Thanks again david55. I’m using this to try to to Conference, Transfer and Hangup. Using the command you suggested I can parse out the channel id, do a hangup. To create a transfer I’m going to just hang up the first leg, then do an “originate” to create the transfer leg of the call. What, though, does a conference call look like as done through AMI? Thanks in advance…hopefully soon I can versed enough to be a contributor as well.