Skip to main content

Snom auto provisioning

Posted by diffen on Fri, 04/01/2011

Hello

We are using a lot of SNOM phones and we are also using the SNOM auto-provisioning tool.

The tool is a perl script that authenticates against a provisioning server at SNOM. All the phones are default configured to go to the SNOM auto-provisioning server.

What we add to the SNOM auto-provisioning server is the MAC address of the phone and a new provision address. So when a new phone is configured you just need to plug it in and it will go to the SNOM server then to ours and then get the config file from our server and firmware. Really neat.

What I wish is that this script and a delete script will be implemented into Thirdlane. I wonder if its not possible to add the login and password for the SNOM auto-provisioning site on a tenant level and then when a SNOM phone are provisioned in Thirdlane the registration.pl script with the phones macaddress are sent to SNOM.

Br

Jörgen Andersson


Submitted by eeman on Fri, 04/01/2011 Permalink

you'll need to do that via custom programming, by using the event hooks and your own custom scripting. I cannot see any situation where thirdlane would take on the liability of transmitting working usernames and passwords to third party entities. If your credit card info isn't safe (as evident by the countless recurring theft of hundreds of thousands of numbers at a time) do you not realize what a cash-cow breaking into this SNOM database would be? A single Thirdlane customer got hit with $11,000 (yes eleven thousand) in damages from illegally made international calls in a very short time by a compromised account. He had to eat that cost. If thirdlane were to build this code and SNOM got compromised, they could face real lawsuits on damages for not better securing the process. Many variables are passed along as enviroment variables to the event hook allowing you to program just about anything you want.

Submitted by diffen on Fri, 04/01/2011 Permalink

Hello Erik,

Hmm the service is completely free from SNOM so no credit cards are involved.

Here is what the python script looks like:

from xmlrpclib import ServerProxy, Error

server = ServerProxy("username:password@provisioning.snom.com:8083/xmlrpc", verbose=False, allow_none=True)
server.network.echo("ping")
server.redirect.registerPhoneList(["mac-address"], "thirdlane provisioning address.")

You receive the login and password from SNOM by filling out a form from them. You can read more here: http://wiki.snom.com/Features/Auto_Provisioning/Redirection

Is it possible that Thirdlane can be held responsible for anything? I mean there are just empty fields where the PBX owner or the Tenant enter the username and password.

Submitted by eeman on Fri, 04/01/2011 Permalink

you missed the credit card point entirely. If banking institutions cant keep credit cards safe, what hope does SNOM have keeping your sip passwords safe. If those get compromised then its a cash cow to the same people who setup these international profit sharing numbers. Some jerk in Palestine is making $11k worth of international calls to a specific number in palestine of which he probably gets 50%. If he can do that on a single compromised account, how many billions can he cause in damages if he gets access to that entire database by using SQL injection hacks that are used to get credit card info?

Submitted by diffen on Fri, 04/01/2011 Permalink

Hello Erik,

I think you missed out here. The only thing that are changed in the phone are the following.

http://wiki.snom.com/Web_Interface/V8/Advanced#Update

The setting URL that are default set to http://provisioning.snom.com/snomXXX/snomXXX.php?mac={mac} will be changed to your provisioning server.

So no SIP account settings or anything are stored up on SNOMs servers. Just a link to your provisioning site. So when a customer buys a new phone you just add the mac address and send it up to SNOM using the above python script and then SNOM redirect the phone automatic. If you do a factory reset the SNOM phone will go to http://provisioning.snom.com/snomXXX/snomXXX.php?mac={mac} and try to provisioning. The SNOM server will then change the http://provisioning.snom.com/snomXXX/snomXXX.php?mac={mac} to provisioning.bluegrassnet.com for example.

So there are no SIP involved or anything like that :)

Sorry, but im not that good in trying explaining stuff.

Submitted by eeman on Fri, 04/01/2011 Permalink

oh, well in that case all you really need is event hooks for devices then, to execute your perl script that can be easily modified to pull the mac from the environment variables. The extension event hook might already have the mac address in the data when you create it. What happens if a customer leave you and goes to a new ITSP? how does SNOM deal with 2 different entities claiming the same MAC address?

Submitted by diffen on Fri, 04/01/2011 Permalink

Hello Erik,

There are a deregister script that can be ran too so what i figure is that when you remove a device from the provisioning, Thirdlane runs the deregister script so the device will be removed from SNOM.

I tried to add two of the same MAC address in the script now but it didn´t return any error. My guess is that the latest entry in their database are the one that are working.

Hmmm im not that good with python scripting and so on. Where am I supposed to find the eventhooks? I can only find when a tenant and user extension have been made.

I would really love to help out implementing this but I guess I need some help on the way.

Submitted by eeman on Fri, 04/01/2011 Permalink

right now user/extension is the only one available to do what you're working on. But if the mac is in the environment thats all you'll need.

here is how to dump the list of environment variables..

make a test script /usr/local/sbin/printenv.sh

#!/bin/bash
rm /tmp/environment
echo $1 $2 $3 $4 > /tmp/environment
printenv >> /tmp/environment

then add this full path to your create user event hook and go add a test user with a test mac address

then go view the /tmp/environment file to get a list of all the variables available to you via the hooks. Look to see if one includes the mac you just put in when you created the user.

Submitted by eeman on Sat, 04/02/2011 Permalink

I almost forgot that there are hooks built into models.txt, the linksys phones used them.

example:
command_1=/usr/local/sbin/linksys_reload.pl ${mac}

I need some credentials to tinker with this script a bit

Submitted by eeman on Sun, 04/03/2011 Permalink

first grap this file

http://downloads.snom.net/documentation/rpc-env.tgz

put the PyLib/httplib.py in /usr/local/lib/python/

then create this file xmlrpcredirection.py file in /usr/local/sbin/ (this forum wordwraps so watch out for that). Make sure to replace the placeholder entries like your user/pass and provisioning url with your own.

#!/usr/bin/python
import sys
sys.path.insert(0, "/usr/local/lib/python")
from xmlrpclib import ServerProxy, Error
server = ServerProxy("https://username:password@provisioning.snom.com:8083/xmlrpc", verbose=False, allow_none=True)
server.network.echo("ping")
print server.redirect.deregisterPhone(sys.argv[1])
print server.redirect.registerPhone(sys.argv[1], "http://your.host.com/provisioning/snom3xx.cfg")

make sure to set the file executable
chmod +x /usr/local/lib/python/xmlrpcredirection.py

then add the command_1 option to your customized models.txt , example:

[snom-320]
label=Snom 320
lines=12
phone_template=snom3xx_phone.cfg
line_template=snom3xx_line.cfg
blf_template=snom3xx_blf.cfg
speeddial_template=snom3xx_speeddial.cfg
output=snom3xx-${MAC}.cfg
input_1=snom3xx_settings.cfg
output_1=snom3xx.cfg
command_1=/usr/local/lib/python/xmlrpcredirection.py ${MAC}

Submitted by diffen on Mon, 04/04/2011 Permalink

Hello Erik,

Thank you very much. It works perfectly. Hope that this will be a permanent add to the Thirdlane platform in the future.