diff --git a/acl.c b/acl.c
index ae81cc9130c1133cfd7351243b5f0de6f6d7f000..9f876c90aab8b29ef935b3e09cebc109bf97516c 100755
--- a/acl.c
+++ b/acl.c
@@ -98,7 +98,7 @@ struct ast_ha *ast_append_ha(char *sense, char *stuff, struct ast_ha *path)
else
ret = ha;
}
- return NULL;
+ return ret;
}
int ast_apply_ha(struct ast_ha *ha, struct sockaddr_in *sin)
diff --git a/configs/manager.conf.sample b/configs/manager.conf.sample
index a55b9986f0a67d01c325da070888f985a9b8b8e3..4560904e2534ce9c8c66b658cfe7356d171369f8 100755
--- a/configs/manager.conf.sample
+++ b/configs/manager.conf.sample
@@ -8,5 +8,7 @@ bindaddr = 0.0.0.0
;[mark]
;secret = mysecret
+;deny=0.0.0.0/0.0.0.0
+;permit=209.16.236.73/255.255.255.0
;read = system,call,log,verbose,command,agent,user
;write = system,call,log,verbose,command,agent,user
diff --git a/manager.c b/manager.c
index 3a2754d3825ed378e4b0494799dcca033c6ea573..15b51681df649b5e265df21d6081b7701d7d60de 100755
--- a/manager.c
+++ b/manager.c
@@ -36,6 +36,7 @@
#include <asterisk/app.h>
#include <asterisk/pbx.h>
#include <asterisk/md5.h>
+#include <asterisk/acl.h>
static int enabled = 0;
static int portno = DEFAULT_MANAGER_PORT;
@@ -207,7 +208,26 @@ static int authenticate(struct mansession *s, struct message *m)
if (strcasecmp(cat, "general")) {
/* This is a user */
if (!strcasecmp(cat, user)) {
- char *password = ast_variable_retrieve(cfg, cat, "secret");
+ struct ast_variable *v;
+ struct ast_ha *ha = NULL;
+ char *password = NULL;
+ v = ast_variable_browse(cfg, cat);
+ while (v) {
+ if (!strcasecmp(v->name, "secret")) {
+ password = v->value;
+ } else if (!strcasecmp(v->name, "permit") ||
+ !strcasecmp(v->name, "deny")) {
+ ha = ast_append_ha(v->name, v->value, ha);
+ }
+ v = v->next;
+ }
+ if (ha && !ast_apply_ha(ha, &(s->sin))) {
+ ast_log(LOG_NOTICE, "%s failed to pass IP ACL as '%s'\n", inet_ntoa(s->sin.sin_addr), user);
+ ast_free_ha(ha);
+ ast_destroy(cfg);
+ return -1;
+ } else if (ha)
+ ast_free_ha(ha);
if (!strcasecmp(authtype, "MD5")) {
if (key && strlen(key) && s->challenge) {
int x;