MixMontior: Add class authorization requirements to MixMonitor AMI commands

MixMonitor AMI commands StartMixMonitor and StopMixMonitor lacked class
authorization. StopMixMonitor now requires that the manager user either have
the call or system class authorization. StartMixMonitor is a slightly larger
issue since it can execute shell commands if the right arguments are passed
into it, and we consider this a permission escalation. A security release
will be issued for problem this shortly.

ASTERISK-23609 #close
Reported by: Corey Farrell

........

Merged revisions 415825 from http://svn.asterisk.org/svn/asterisk/branches/11

git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/12@415832 65c4cc65-6c06-0410-ace0-fbb531ad65f3

diff --git a/UPGRADE.txt b/UPGRADE.txt
index fd8a516d110a047cd983f3a20653d312e39ed806..d57dc0a8444046185de331e064579294b80661e2 100644 (file)
--- a/UPGRADE.txt
+++ b/UPGRADE.txt
@@ -28,12 +28,18 @@ From 12.3.0 to 12.4.0:
    safe_asterisk script is customized, be sure to keep your changes. Custom
    values for variables should be created in *.sh file(s) inside
    ASTETCDIR/startup.d/. See ASTERISK-21965.
+
  - Changed a log message in safe_asterisk and the $NOTIFY mail subject. If
    you use tools to parse either of them, update your parse functions
    accordingly. The changed strings are:
    - "Exited on signal $EXITSIGNAL" => "Asterisk exited on signal $EXITSIGNAL."
    - "Asterisk Died" => "Asterisk on $MACHINE died (sig $EXITSIGNAL)"
 
+ - MixMonitor AMI actions now require users to have authorization classes.
+   * MixMonitor - system
+   * MixMonitorMute - call or system
+   * StopMixMonitor - call or system
+
 From 12.2.0 to 12.3.0:
 
  - The asterisk command line -I option and the asterisk.conf internal_timing

diff --git a/apps/app_mixmonitor.c b/apps/app_mixmonitor.c
index 098a632e38e6d9ddf764b4744d3d4cf84081554e..c9e09301814b1a2ce8b5ca07e1276f7aceb8c626 100644 (file)
--- a/apps/app_mixmonitor.c
+++ b/apps/app_mixmonitor.c
@@ -1415,9 +1415,9 @@ static int load_module(void)
        ast_cli_register_multiple(cli_mixmonitor, ARRAY_LEN(cli_mixmonitor));
        res = ast_register_application_xml(app, mixmonitor_exec);
        res |= ast_register_application_xml(stop_app, stop_mixmonitor_exec);
-       res |= ast_manager_register_xml("MixMonitorMute", 0, manager_mute_mixmonitor);
-       res |= ast_manager_register_xml("MixMonitor", 0, manager_mixmonitor);
-       res |= ast_manager_register_xml("StopMixMonitor", 0, manager_stop_mixmonitor);
+       res |= ast_manager_register_xml("MixMonitorMute", EVENT_FLAG_SYSTEM | EVENT_FLAG_CALL, manager_mute_mixmonitor);
+       res |= ast_manager_register_xml("MixMonitor", EVENT_FLAG_SYSTEM, manager_mixmonitor);
+       res |= ast_manager_register_xml("StopMixMonitor", EVENT_FLAG_SYSTEM | EVENT_FLAG_CALL, manager_stop_mixmonitor);
        res |= set_mixmonitor_methods();
 
        return res;