B.30. DISA()

Direct Inward System Access lets outside callers enter the system and provides them with an internal dial tone.
DISA(password[,context[,callerid[,mailbox[@voicemail-context]]]])
DISA(password-file[,callerid[,mailbox[@voicemail-context]]])
Provides an internal dial tone to outside callers such that they can make calls as though calling from an internal extension. Upon hearing the dial tone, an access code must be entered followed by the "#" key. If it is correct, the caller hears another dial tone; this is the system dial tone and the caller can now dial and initiate calls.

Caution

This type of access represents a serious and real security risk and should be planned and considered carefully before use, if it must be used at all!
The password option is a numeric access code that must be entered in order for the caller to be able to make calls out. Following this particular syntax, all the users that call in will use the same access code. If you want to allow unsecured access, enter the string "no-password" instead of an actual password.
The context option specifies the context in which the initiated call will be placed. If it is not provided, DISA() assumes the context named disa.
The callerid option sets the mailbox number (and the optional voicemail-context) of a mailbox. If the mailbox contains new messages the caller will hear a stuttered dial tone to indicate this.
Alternatively, you may use password-file to define multiple access passwords. Each line of this file can contain either an access code or a combination of an access code and a context, separated by the "|" (pipe) character. If no context is specified, disa is assumed.
If the caller successfully authenticates with a valid access code, DISA() will start the call in the specified context.
; Allow outside callers to dial 800 numbers, provided they know the
; password (1234). Set the caller ID so that the call appears to be
; coming from inside the company:
[incoming]
exten => 123,1,DISA(1234,disa,Widgets Inc <212-555-3412>)
[disa]
exten => _0800XXXXXXXX,1,Dial(Zap/4/${EXTEN})

Note

Internal help for this application in Asterisk 1.4:
  -= Info about application 'DISA' =- 

[Synopsis]
DISA (Direct Inward System Access)

[Description]
DISA(<numeric passcode>[|<context>]) or DISA(<filename>)
The DISA, Direct Inward System Access, application allows someone from 
outside the telephone switch (PBX) to obtain an "internal" system 
dialtone and to place calls from it as if they were placing a call from 
within the switch.
DISA plays a dialtone. The user enters their numeric passcode, followed by
the pound sign (#). If the passcode is correct, the user is then given
system dialtone on which a call may be placed. Obviously, this type
of access has SERIOUS security implications, and GREAT care must be
taken NOT to compromise your security.

There is a possibility of accessing DISA without password. Simply
exchange your password with "no-password".

    Example: exten => s,1,DISA(no-password|local)

Be aware that using this compromises the security of your PBX.

The arguments to this application (in extensions.conf) allow either
specification of a single global passcode (that everyone uses), or
individual passcodes contained in a file. It also allows specification
of the context on which the user will be dialing. If no context is
specified, the DISA application defaults the context to "disa".
Presumably a normal system will have a special context set up
for DISA use with some or a lot of restrictions. 

The file that contains the passcodes (if used) allows specification
of either just a passcode (defaulting to the "disa" context, or
passcode|context on each line of the file. The file may contain blank
lines, or comments starting with "#" or ";". In addition, the
above arguments may have |new-callerid-string appended to them, to
specify a new (different) callerid to be used for this call, for
example: numeric-passcode|context|"My Phone" <(234) 123-4567> or 
full-pathname-of-passcode-file|"My Phone" <(234) 123-4567>.  Last
but not least, |mailbox[@context] may be appended, which will cause
a stutter-dialtone (indication "dialrecall") to be used, if the
specified mailbox contains any new messages, for example:
numeric-passcode|context||1234 (w/a changing callerid).  Note that
in the case of specifying the numeric-passcode, the context must be
specified if the callerid is specified also.

If login is successful, the application looks up the dialed number in
the specified (or default) context, and executes it if found.
If the user enters an invalid extension and extension "i" (invalid) 
exists in the context, it will be used. Also, if you set the 5th argument
to 'NOANSWER', the DISA application will not answer initially.
diff output to internal help in Asterisk 1.2:
8c8
< DISA(<numeric passcode>[|<context>]) or DISA(<filename>)
---
> DISA(<numeric passcode>[|<context>]) or disa(<filename>)
28c28
< individual passcodes contained in a file. It also allows specification
---
> individual passcodes contained in a file. It also allow specification
52,53c52
< exists in the context, it will be used. Also, if you set the 5th argument
< to 'NOANSWER', the DISA application will not answer initially.
---
> exists in the context, it will be used.