Merged revisions 316663 via svnmerge from

https://origsvn.digium.com/svn/asterisk/branches/1.8 ........ r316663 | seanbright | 2011-05-04 10:35:05 -0400 (Wed, 04 May 2011) | 8 lines Only return a single error via AMI when requesting a forbidden action. (closes issue #19216) Reported by: oej Patches: issue19216-1.8-r316204.patch uploaded by seanbright (license 71) Tested by: seanbright ........ git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@316664 65c4cc65-6c06-0410-ace0-fbb531ad65f3
14 years ago · 34734f727f
parent a3fd2b77b6
commit 34734f727f
1 changed files with 14 additions and 7 deletions
--- a/main/manager.c
+++ b/main/manager.c
@ -4497,18 +4497,25 @@ static int process_message(struct mansession *s, const struct message *m)
 		}
 		if (s->session->writeperm & tmp->authority || tmp->authority == 0) {
 			call_func = tmp->func;
-		} else {
-			astman_send_error(s, m, "Permission denied");
-			report_req_not_allowed(s, action);
 		}
 		break;
 	}
 	AST_RWLIST_UNLOCK(&actions);

-	if (tmp && call_func) {
-		/* call AMI function after actions list are unlocked */
-		ast_debug(1, "Running action '%s'\n", tmp->action);
-		ret = call_func(s, m);
+	if (tmp) {
+		if (call_func) {
+			/* Call our AMI function after we unlock our actions lists */
+			ast_debug(1, "Running action '%s'\n", tmp->action);
+			ret = call_func(s, m);
+		} else {
+			/* If we found our action but don't have a function pointer, access
+			 * was denied, so bail out.
+			 */
+			report_req_not_allowed(s, action);
+			mansession_lock(s);
+			astman_send_error(s, m, "Permission denied");
+			mansession_unlock(s);
+		}
 	} else {
 		char buf[512];
 		if (!tmp) {