Restore some sense of security to manager
authorMark Spencer <markster@digium.com>
Wed, 22 Nov 2006 05:49:06 +0000 (05:49 +0000)
committerMark Spencer <markster@digium.com>
Wed, 22 Nov 2006 05:49:06 +0000 (05:49 +0000)
git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@47912 65c4cc65-6c06-0410-ace0-fbb531ad65f3

main/manager.c

index e65317e..61b72c9 100644 (file)
@@ -1981,6 +1981,10 @@ static int process_message(struct mansession *s, struct message *m)
                return 0;
        }
 
+       if (!s->authenticated && strcasecmp(action, "Login") && strcasecmp(action, "Logoff") && strcasecmp(action, "Challenge")) {
+               astman_send_error(s, m, "Permission denied");
+               return 0;
+       }
        /* XXX should we protect the list navigation ? */
        for (tmp = first_action ; tmp; tmp = tmp->next) {
                if (!strcasecmp(action, tmp->action)) {