Only return a single error via AMI when requesting a forbidden action.

(closes issue #19216)
Reported by: oej
Patches:
      issue19216-1.8-r316204.patch uploaded by seanbright (license 71)
Tested by: seanbright

git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.8@316663 65c4cc65-6c06-0410-ace0-fbb531ad65f3

diff --git a/main/manager.c b/main/manager.c
index 542e4bbac835daa6d487f431db3061fb1493e9e3..d17d3ed02858596f53dd69185120b2d6e1338cdb 100644 (file)
--- a/main/manager.c
+++ b/main/manager.c
@@ -4484,18 +4484,25 @@ static int process_message(struct mansession *s, const struct message *m)
                }
                if (s->session->writeperm & tmp->authority || tmp->authority == 0) {
                        call_func = tmp->func;
-               } else {
-                       astman_send_error(s, m, "Permission denied");
-                       report_req_not_allowed(s, action);
                }
                break;
        }
        AST_RWLIST_UNLOCK(&actions);
 
-       if (tmp && call_func) {
-               /* call AMI function after actions list are unlocked */
-               ast_debug(1, "Running action '%s'\n", tmp->action);
-               ret = call_func(s, m);
+       if (tmp) {
+               if (call_func) {
+                       /* Call our AMI function after we unlock our actions lists */
+                       ast_debug(1, "Running action '%s'\n", tmp->action);
+                       ret = call_func(s, m);
+               } else {
+                       /* If we found our action but don't have a function pointer, access
+                        * was denied, so bail out.
+                        */
+                       report_req_not_allowed(s, action);
+                       mansession_lock(s);
+                       astman_send_error(s, m, "Permission denied");
+                       mansession_unlock(s);
+               }
        } else {
                char buf[512];
                if (!tmp) {