From 1f160df9fe8e0f1809497936999391bab64e584e Mon Sep 17 00:00:00 2001
From: Sean Bright <sean@malleable.com>
Date: Wed, 4 May 2011 14:35:05 +0000
Subject: [PATCH] Only return a single error via AMI when requesting a
 forbidden action.

(closes issue #19216)
Reported by: oej
Patches:
      issue19216-1.8-r316204.patch uploaded by seanbright (license 71)
Tested by: seanbright


git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.8@316663 65c4cc65-6c06-0410-ace0-fbb531ad65f3
---
 main/manager.c | 21 ++++++++++++++-------
 1 file changed, 14 insertions(+), 7 deletions(-)

diff --git a/main/manager.c b/main/manager.c
index 542e4bbac8..d17d3ed028 100644
--- a/main/manager.c
+++ b/main/manager.c
@@ -4484,18 +4484,25 @@ static int process_message(struct mansession *s, const struct message *m)
 		}
 		if (s->session->writeperm & tmp->authority || tmp->authority == 0) {
 			call_func = tmp->func;
-		} else {
-			astman_send_error(s, m, "Permission denied");
-			report_req_not_allowed(s, action);
 		}
 		break;
 	}
 	AST_RWLIST_UNLOCK(&actions);
 
-	if (tmp && call_func) {
-		/* call AMI function after actions list are unlocked */
-		ast_debug(1, "Running action '%s'\n", tmp->action);
-		ret = call_func(s, m);
+	if (tmp) {
+		if (call_func) {
+			/* Call our AMI function after we unlock our actions lists */
+			ast_debug(1, "Running action '%s'\n", tmp->action);
+			ret = call_func(s, m);
+		} else {
+			/* If we found our action but don't have a function pointer, access
+			 * was denied, so bail out.
+			 */
+			report_req_not_allowed(s, action);
+			mansession_lock(s);
+			astman_send_error(s, m, "Permission denied");
+			mansession_unlock(s);
+		}
 	} else {
 		char buf[512];
 		if (!tmp) {