From: Mark Spencer <markster@digium.com>
Date: Wed, 22 Nov 2006 05:49:06 +0000 (+0000)
Subject: Restore some sense of security to manager
X-Git-Tag: 1.6.0-beta1~3^2~3891
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=cc0c154f0e6407753a061098b306434db9e96eca;p=thirdparty%2Fasterisk.git

Restore some sense of security to manager


git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@47912 65c4cc65-6c06-0410-ace0-fbb531ad65f3
---

diff --git a/main/manager.c b/main/manager.c
index e65317edd8..61b72c9cfe 100644
--- a/main/manager.c
+++ b/main/manager.c
@@ -1981,6 +1981,10 @@ static int process_message(struct mansession *s, struct message *m)
 		return 0;
 	}
 
+	if (!s->authenticated && strcasecmp(action, "Login") && strcasecmp(action, "Logoff") && strcasecmp(action, "Challenge")) {
+		astman_send_error(s, m, "Permission denied");
+		return 0;
+	}
 	/* XXX should we protect the list navigation ? */
 	for (tmp = first_action ; tmp; tmp = tmp->next) {
 		if (!strcasecmp(action, tmp->action)) {