Only return a single error via AMI when requesting a forbidden action.

(closes issue #19216) Reported by: oej Patches: issue19216-1.8-r316204.patch uploaded by seanbright (license 71) Tested by: seanbright git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.8@316663 65c4cc65-6c06-0410-ace0-fbb531ad65f3
2025-10-26 14:27:14 +00:00 · 2011-05-04 14:35:05 +00:00
parent eaf8673a16
commit 1f160df9fe
1 changed files with 14 additions and 7 deletions
--- a/main/manager.c
+++ b/main/manager.c
@@ -4484,18 +4484,25 @@ static int process_message(struct mansession *s, const struct message *m)
 		}
 		if (s->session->writeperm & tmp->authority || tmp->authority == 0) {
 			call_func = tmp->func;
-		} else {
-			astman_send_error(s, m, "Permission denied");
-			report_req_not_allowed(s, action);
 		}
 		break;
 	}
 	AST_RWLIST_UNLOCK(&actions);

-	if (tmp && call_func) {
-		/* call AMI function after actions list are unlocked */
-		ast_debug(1, "Running action '%s'\n", tmp->action);
-		ret = call_func(s, m);
+	if (tmp) {
+		if (call_func) {
+			/* Call our AMI function after we unlock our actions lists */
+			ast_debug(1, "Running action '%s'\n", tmp->action);
+			ret = call_func(s, m);
+		} else {
+			/* If we found our action but don't have a function pointer, access
+			 * was denied, so bail out.
+			 */
+			report_req_not_allowed(s, action);
+			mansession_lock(s);
+			astman_send_error(s, m, "Permission denied");
+			mansession_unlock(s);
+		}
 	} else {
 		char buf[512];
 		if (!tmp) {