Skip to main content

Automate way to revoke/reissue licenses via web site or auto-email

Posted by cbbs70a on Sun, 02/15/2009

In the event a server dies after hours, we should be able to revoke the old license and reissue it with the new MAC address in some sort of automated way. This can be done either via a webpage or an automated e-mail responder. The potential for abuse is zero as it requires the original MAC address and license file.
FSD


Submitted by eeman on Tue, 02/17/2009 Permalink

your MTE doesn't phone home checking its license. So there would be no revoke mechanism. One of the biggest conceptual drawbacks of the official fonality phone system (aside from that it sucks) is that all PBX's require a VPN tunnel back to fonality to verify license etc. If the VPN goes down you can't place calls. This is terribly inconvenient for a mom&pop wanting a simple, low cost, PBX in some small town grocery store that see's no need for a big internet pipe or perhaps none available.

Submitted by olekaas on Wed, 02/18/2009 Permalink

24x7 Service Level Agreement with in field replacement - HP, 3Com, Cisco, Juniper, etc - they all have it. It costs big $$$ and my opinion is that it only makes sense in really large installations. For small(er) customers/deployments it makes more sense to have a spare for critical parts. Can they *really* help you when that nasty brown stuff hits the fan? "Oops - here's your money back" guarantee doesn't really help me or my customers.

For TL it just a matter of having a NIC and a valid license tied to that NIC (no need to have an entire server - unless you insist on using the onboard NICs). If your installation is limited to a single server you could even have that spare license installed on an extra server running as a hot spare - maybe even with heartbeat. Then only those talking on the phone will notice the failure.

Consider this: Your server just blew up, the revokation page is down and Alex is hit by a truck.

NB: We offer an extended SLA that includes after hours. Only our largest customers finds it interesting - the rest are interested when they have experienced what it means NOT to have an SLA.

Submitted by eeman on Wed, 02/18/2009 Permalink

Well before everyone panics, the license only affects the ability to access the portal. It has absolutely no impact of the processing of calls. So If its 2am and your box dies and you roll in another and restore from backups, the worst case scenario is that everything works again but you cant go into the web portal until you address the license issue. Your calls will continue to work, everything will work exactly the way it was configured at the last backup cycle.

The web portal is a tool, but not vital to the actual operation of asterisk, only to make changes. It might sound the same but there is a huge difference in how upset someone gets when their phones are down versus they cant get into a management portal to view a report or make a change. they can always call their provider if the change is critical enough and that provider can alter a config manually or make an astdb entry manually until the license issue gets resolved.

olekaas brings up a good point.. I am going to go on a limb and suspect that $$$ played some part in the decision to use an Asterisk / TL MTE solution as opposed to a more restricted, more expensive, and 24x7 SLA costly solution like the BroadSoft platform and the TCO required to go from soup to nuts. Considering the $250,000 and thousands more annually in SLAs you're saving, you could buy an entire other MTE license on identical hardware in the off chance your primary died.

Submitted by cbbs70a on Wed, 02/25/2009 Permalink

Does anybody know what phonehome.pl does? It gets put into the crontab file during install.

FSD

Submitted by mattdarnell on Fri, 02/27/2009 Permalink

Hmmmmmmm phonehome.pl

Interesting that it is compiled. I wonder if it is like the trixobx phone home.

Alex certainly needs to protect his software.

-Matt

Submitted by secTester on Mon, 10/28/2013 Permalink

From a security perpective I was also curious. It's mostly harmless, and the new version of the website doesn't even contain the required files to drive this older version of phonehome.pl. I'm posting the script (with some debugging modifications) and a sanitized version of the output which should give some peace of mind.

no warnings;
( ++$no_acl_check );
# require("\x2e\x2f\x61\x73\x74\x2d\x6c\x69\x62\x2e\x70\x6c");
require("./ast-lib.pl");
( ( $host, $port, $page, $ssl ) = &parse_http_url($z6d0de5221b) );
( ( $user, $zdf23f38d21 ) = &zca5b9af49e() );
$| = 1;
print "Host is: ", $host;
print "\nPort is: ", $port;
print "\nPage is: ", $page;
print "\nSSL is: ", $ssl;
print "\nUser is: ", $user; #MAC ADDRESS
print "\nzdf23f38d21 is: ", $zdf23f38d21;
&http_download(
$host, $port, $page, ( \$out ), ( \$error ), undef,
$ssl, $user, $zdf23f38d21
);
if ( ( ( not($out) ) and ( not($error) ) ) ) {
( $error = "Unknown error" );
}
( $z902d2397ee = &z0056279fcd() );
print "\nz902d2397ee is: ", $z902d2397ee;

( $$z902d2397ee{"lastcheck"} = time );
if ($error) {
if ( ( $error =~ /401/ ) ) {
( $$z902d2397ee{"error"} =
"Licence key or serial number is not valid"
);
( $$z902d2397ee{"errortype"} =
( 0x0282 + 5713 - 0x18d1 ) );
}
else {
( $$z902d2397ee{"error"} = $error );
( $$z902d2397ee{"errortype"} =
( 0x0387 + 8941 - 0x2673 ) );
}
}
else {
delete( $$z902d2397ee{"error"} );
( $$z902d2397ee{"lastok"} = time );
delete( $$z902d2397ee{"\x65\x72\x72\x6f\x72\x74\x79\x70\x65"} );
}
while ( my ($key, $value) = each(%$z902d2397ee) ) {
print "$key => $value\n";
}

&zfd632ef6a9($z902d2397ee);

--------- Sanitized Output Follows-------------

Host is:https://www.thirdlane.com
Port is: 80
Page is: /pbxman_files/version
SSL is:
User is: 0123456789AB
zdf23f38d21 is: 19d0622fc214057265b7feaf88bc1a48
z902d2397ee is: HASH(0xb51790)
lastcheck => 1382xxxxxx
error => HTTP/1.1 404 Not Found
lastok => 1370xxxxxx
errortype => 1