Add access control to management interface
authorMark Spencer <markster@digium.com>
Mon, 5 May 2003 06:14:25 +0000 (06:14 +0000)
committerMark Spencer <markster@digium.com>
Mon, 5 May 2003 06:14:25 +0000 (06:14 +0000)
git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@961 65c4cc65-6c06-0410-ace0-fbb531ad65f3

acl.c
configs/manager.conf.sample
manager.c

diff --git a/acl.c b/acl.c
index ae81cc9..9f876c9 100755 (executable)
--- a/acl.c
+++ b/acl.c
@@ -98,7 +98,7 @@ struct ast_ha *ast_append_ha(char *sense, char *stuff, struct ast_ha *path)
                else
                        ret = ha;
        }
-       return NULL;
+       return ret;
 }
 
 int ast_apply_ha(struct ast_ha *ha, struct sockaddr_in *sin)
index a55b998..4560904 100755 (executable)
@@ -8,5 +8,7 @@ bindaddr = 0.0.0.0
 
 ;[mark]
 ;secret = mysecret
+;deny=0.0.0.0/0.0.0.0
+;permit=209.16.236.73/255.255.255.0
 ;read = system,call,log,verbose,command,agent,user
 ;write = system,call,log,verbose,command,agent,user
index 3a2754d..15b5168 100755 (executable)
--- a/manager.c
+++ b/manager.c
@@ -36,6 +36,7 @@
 #include <asterisk/app.h>
 #include <asterisk/pbx.h>
 #include <asterisk/md5.h>
+#include <asterisk/acl.h>
 
 static int enabled = 0;
 static int portno = DEFAULT_MANAGER_PORT;
@@ -207,7 +208,26 @@ static int authenticate(struct mansession *s, struct message *m)
                if (strcasecmp(cat, "general")) {
                        /* This is a user */
                        if (!strcasecmp(cat, user)) {
-                               char *password = ast_variable_retrieve(cfg, cat, "secret");
+                               struct ast_variable *v;
+                               struct ast_ha *ha = NULL;
+                               char *password = NULL;
+                               v = ast_variable_browse(cfg, cat);
+                               while (v) {
+                                       if (!strcasecmp(v->name, "secret")) {
+                                               password = v->value;
+                                       } else if (!strcasecmp(v->name, "permit") ||
+                                                  !strcasecmp(v->name, "deny")) {
+                                                       ha = ast_append_ha(v->name, v->value, ha);
+                                       }                                               
+                                       v = v->next;
+                               }
+                               if (ha && !ast_apply_ha(ha, &(s->sin))) {
+                                       ast_log(LOG_NOTICE, "%s failed to pass IP ACL as '%s'\n", inet_ntoa(s->sin.sin_addr), user);
+                                       ast_free_ha(ha);
+                                       ast_destroy(cfg);
+                                       return -1;
+                               } else if (ha)
+                                       ast_free_ha(ha);
                                if (!strcasecmp(authtype, "MD5")) {
                                        if (key && strlen(key) && s->challenge) {
                                                int x;