[asterisk-commits] file: trunk r65905 - in /trunk: ./ main/manager.c

asterisk-commits at lists.digium.com asterisk-commits at lists.digium.com
Thu May 24 08:30:06 MST 2007 

Author: file
Date: Thu May 24 10:30:06 2007
New Revision: 65905

URL: http://svn.digium.com/view/asterisk?view=rev&rev=65905
Log:
Merged revisions 65902 via svnmerge from 
https://origsvn.digium.com/svn/asterisk/branches/1.4

........
r65902 | file | 2007-05-24 11:27:23 -0400 (Thu, 24 May 2007) | 2 lines

Add the ability to blacklist certain commands from being executed using the Command AMI action. (issue #9240 reported by junky)

........

Modified:
    trunk/   (props changed)
    trunk/main/manager.c

Propchange: trunk/
------------------------------------------------------------------------------
Binary property 'branch-1.4-merged' - no diff available.

Modified: trunk/main/manager.c
URL: http://svn.digium.com/view/asterisk/trunk/main/manager.c?view=diff&rev=65905&r1=65904&r2=65905
==============================================================================
--- trunk/main/manager.c (original)
+++ trunk/main/manager.c Thu May 24 10:30:06 2007
@@ -131,6 +131,11 @@
  * HTTP sessions have managerid != 0, the value is used as a search key
  * to lookup sessions (using the mansession_id cookie).
  */
+static const char *command_blacklist[] = {
+	"module load",
+	"module unload",
+};
+
 struct mansession {
 	pthread_t ms_t;		/*!< Execution thread, basically useless */
 	ast_mutex_t __lock;	/*!< Thread lock -- don't use in action callbacks, it's already taken care of  */
@@ -1795,8 +1800,15 @@
 	const char *id = astman_get_header(m, "ActionID");
 	char *buf, *final_buf;
 	char template[] = "/tmp/ast-ami-XXXXXX";	/* template for temporary file */
-	int fd = mkstemp(template);
+	int fd = mkstemp(template), i = 0;
 	off_t l;
+
+	for (i = 0; i < sizeof(command_blacklist) / sizeof(command_blacklist[0]); i++) {
+		if (!strncmp(cmd, command_blacklist[i], strlen(command_blacklist[i]))) {
+			astman_send_error(s, m, "Command blacklisted");
+			return 0;
+		}
+	}
 
 	astman_append(s, "Response: Follows\r\nPrivilege: Command\r\n");
 	if (!ast_strlen_zero(id))

More information about the asterisk-commits mailing list