Only return a single error via AMI when requesting a forbidden action.

(closes issue #19216)
Reported by: oej
Patches:
      issue19216-1.8-r316204.patch uploaded by seanbright (license 71)
Tested by: seanbright


git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.8@316663 65c4cc65-6c06-0410-ace0-fbb531ad65f3

main/manager.c

@@ -4484,18 +4484,25 @@ static int process_message(struct mansession *s, const struct message *m)
 		}
 		if (s->session->writeperm & tmp->authority || tmp->authority == 0) {
 			call_func = tmp->func;
-		} else {
-			astman_send_error(s, m, "Permission denied");
-			report_req_not_allowed(s, action);
 		}
 		break;
 	}
 	AST_RWLIST_UNLOCK(&actions);
 
-	if (tmp && call_func) {
+	if (tmp) {
-		/* call AMI function after actions list are unlocked */
+		if (call_func) {
+			/* Call our AMI function after we unlock our actions lists */
 			ast_debug(1, "Running action '%s'\n", tmp->action);
 			ret = call_func(s, m);
+		} else {
+			/* If we found our action but don't have a function pointer, access
+			 * was denied, so bail out.
+			 */
+			report_req_not_allowed(s, action);
+			mansession_lock(s);
+			astman_send_error(s, m, "Permission denied");
+			mansession_unlock(s);
+		}
 	} else {
 		char buf[512];
 		if (!tmp) {